From df9955b62d71d896198364465b5f5871c69ba93e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 1 Jun 2023 12:11:44 -0400 Subject: [PATCH 01/42] Handle ChaCha20 counter overflow consistently The assembly functions from OpenSSL vary in how the counter overflow works. The aarch64 implementation uses a mix of 32-bit and 64-bit counters. This is because, when packing a block into 64-bit general-purpose registers, it is easier to implement a 64-bit counter than a 32-bit one. Whereas, on 32-bit general-purpose registers, or when using vector registers with 32-bit lanes, it is easier to implement a 32-bit counter. Counters will never overflow with the AEAD, which sets the length limit so it never happens. (Failing to do so will reuse a key/nonce/counter triple.) RFC 8439 is silent on what happens on overflow, so at best one can say it is implicitly undefined behavior. This came about because pyca/cryptography reportedly exposed a ChaCha20 API which encouraged callers to randomize the starting counter. Wrapping with a randomized starting counter isn't inherently wrong, though it is pointless and goes against how the spec recommends using the initial counter value. Nonetheless, we would prefer our functions behave consistently across platforms, rather than silently give ill-defined output given some inputs. So, normalize the behavior to the wrapping version in CRYPTO_chacha_20 by dividing up into multiple ChaCha20_ctr32 calls as needed. Fixed: 614 Change-Id: I191461f25753b9f6b59064c6c08cd4299085e172 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60387 Commit-Queue: Adam Langley Auto-Submit: David Benjamin Reviewed-by: Adam Langley --- crypto/chacha/chacha.c | 20 ++++++- crypto/chacha/chacha_test.cc | 110 +++++++++++++++++++++++++++++++++++ crypto/chacha/internal.h | 9 ++- include/openssl/chacha.h | 6 ++ 4 files changed, 143 insertions(+), 2 deletions(-) diff --git a/crypto/chacha/chacha.c b/crypto/chacha/chacha.c index 1092b7aa28..a4d88c0a40 100644 --- a/crypto/chacha/chacha.c +++ b/crypto/chacha/chacha.c @@ -91,7 +91,25 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len, } #endif - ChaCha20_ctr32(out, in, in_len, key_ptr, counter_nonce); + while (in_len > 0) { + // The assembly functions do not have defined overflow behavior. While + // overflow is almost always a bug in the caller, we prefer our functions to + // behave the same across platforms, so divide into multiple calls to avoid + // this case. + uint64_t todo = 64 * ((UINT64_C(1) << 32) - counter_nonce[0]); + if (todo > in_len) { + todo = in_len; + } + + ChaCha20_ctr32(out, in, (size_t)todo, key_ptr, counter_nonce); + in += todo; + out += todo; + in_len -= todo; + + // We're either done and will next break out of the loop, or we stopped at + // the wraparound point and the counter should continue at zero. + counter_nonce[0] = 0; + } } #else diff --git a/crypto/chacha/chacha_test.cc b/crypto/chacha/chacha_test.cc index 25313cad6d..00683ce51e 100644 --- a/crypto/chacha/chacha_test.cc +++ b/crypto/chacha/chacha_test.cc @@ -218,8 +218,102 @@ static const uint8_t kOutput[] = { 0x8f, 0x40, 0xcf, 0x4a, }; +static uint32_t kOverflowCounter = 0xffffffff; + +static const uint8_t kOverflowOutput[] = { + 0x37, 0x64, 0x38, 0xcb, 0x25, 0x69, 0x2c, 0xf5, 0x88, 0x8a, 0xfe, 0x6d, + 0x3b, 0x10, 0x07, 0x3c, 0x77, 0xac, 0xcd, 0x1c, 0x0c, 0xa7, 0x17, 0x31, + 0x1d, 0xc3, 0x81, 0xd1, 0xa5, 0x20, 0x55, 0xea, 0xd3, 0x00, 0xc9, 0x84, + 0xde, 0xe2, 0xe5, 0x5e, 0x7b, 0x28, 0x28, 0x59, 0x73, 0x3a, 0x8e, 0x57, + 0x62, 0x18, 0x50, 0x55, 0x97, 0xca, 0x50, 0x3e, 0x8a, 0x84, 0x61, 0x28, + 0x4c, 0x22, 0x93, 0x50, 0x48, 0x7e, 0x65, 0x78, 0x06, 0x5a, 0xcd, 0x2b, + 0x11, 0xf7, 0x10, 0xfd, 0x6f, 0x41, 0x92, 0x82, 0x7c, 0x3a, 0x71, 0x07, + 0x67, 0xd0, 0x7e, 0xb7, 0xdf, 0xdc, 0xfc, 0xee, 0xe6, 0x55, 0xdd, 0x6f, + 0x79, 0x23, 0xf3, 0xae, 0xb1, 0x21, 0x96, 0xbe, 0xea, 0x0e, 0x1b, 0x58, + 0x0b, 0x3f, 0x63, 0x51, 0xd4, 0xce, 0x98, 0xfe, 0x1a, 0xc7, 0xa7, 0x43, + 0x7f, 0x0c, 0xe8, 0x62, 0xcf, 0x78, 0x3f, 0x4e, 0x31, 0xbf, 0x2b, 0x76, + 0x91, 0xcd, 0x19, 0x80, 0x0d, 0x7f, 0x11, 0x8b, 0x76, 0xef, 0x43, 0x3c, + 0x4f, 0x61, 0x86, 0xc5, 0x64, 0xa8, 0xc2, 0x73, 0xc2, 0x64, 0x39, 0xa0, + 0x8b, 0xe6, 0x7f, 0xf6, 0x26, 0xd4, 0x47, 0x4f, 0xe4, 0x46, 0xe2, 0xf5, + 0x9e, 0xe6, 0xc7, 0x76, 0x6c, 0xa9, 0x0f, 0x1d, 0x1b, 0x22, 0xa5, 0x62, + 0x0a, 0x88, 0x3e, 0x8c, 0xf0, 0xbc, 0x4c, 0x11, 0x3f, 0x0d, 0xf7, 0x85, + 0x67, 0x0b, 0x4c, 0xa3, 0x3f, 0xa8, 0xf1, 0x2a, 0x65, 0x2e, 0x00, 0x03, + 0xc9, 0x49, 0x91, 0x48, 0xb7, 0xc8, 0x29, 0x28, 0x2f, 0x46, 0x8e, 0x8b, + 0xd6, 0x73, 0x19, 0x06, 0x3e, 0x6f, 0x92, 0xc8, 0x3d, 0x3f, 0x4d, 0x68, + 0xbc, 0x02, 0xc0, 0x8f, 0x71, 0x46, 0x0d, 0x28, 0x63, 0xfe, 0xad, 0x14, + 0x81, 0x04, 0xb7, 0x23, 0xfd, 0x21, 0x0a, 0xf0, 0x6f, 0xcd, 0x47, 0x0b, + 0x0e, 0x93, 0xa3, 0xa8, 0x44, 0x15, 0xd6, 0xae, 0x06, 0x44, 0x6b, 0xbc, + 0xff, 0x8a, 0x56, 0x60, 0x3c, 0x38, 0xd6, 0xed, 0x03, 0x2d, 0x79, 0x2a, + 0xe9, 0x15, 0xef, 0xfc, 0x92, 0x1f, 0x83, 0xa4, 0x60, 0x8f, 0xc9, 0x29, + 0xb2, 0xb4, 0x9e, 0x3f, 0xa9, 0xe8, 0xfb, 0xa2, 0x62, 0x20, 0x2e, 0xc9, + 0x43, 0xb2, 0xd1, 0x36, 0x85, 0x1e, 0xa4, 0xb3, 0x4f, 0x8c, 0x9e, 0x81, + 0x75, 0x68, 0xbc, 0xf1, 0x52, 0xd5, 0x03, 0x22, 0xcf, 0xdf, 0x64, 0xb0, + 0x28, 0xd2, 0x45, 0x18, 0x38, 0x8c, 0xd0, 0xf6, 0x30, 0x3c, 0x04, 0xd9, + 0x8d, 0xb6, 0xb2, 0x57, 0x2a, 0xee, 0x28, 0xeb, 0x5f, 0x1a, 0x10, 0x6e, + 0x88, 0x79, 0x08, 0x23, 0x19, 0x84, 0xf8, 0x80, 0x1a, 0x7d, 0x6f, 0x8b, + 0xc1, 0x8e, 0x5f, 0x5f, 0x54, 0x14, 0x2a, 0xdc, 0x41, 0x5d, 0xeb, 0x00, + 0xf2, 0x50, 0xae, 0xd3, 0x55, 0x32, 0xf6, 0xd9, 0x34, 0xf4, 0xb2, 0xf2, + 0xf5, 0x90, 0x05, 0x8a, 0x9c, 0xc7, 0x94, 0x5d, 0x2d, 0x5a, 0x0f, 0xdd, + 0x03, 0xde, 0xbe, 0x18, 0xb3, 0xe3, 0x07, 0x6b, 0x57, 0xfa, 0x1b, 0x7b, + 0x75, 0xcb, 0xc2, 0x4d, 0xf7, 0x88, 0xfe, 0xf9, 0xc0, 0x6c, 0xdb, 0x5f, + 0xf6, 0x48, 0x00, 0x4a, 0x5d, 0x75, 0xfa, 0x6b, 0x45, 0x43, 0xc4, 0x7f, + 0x97, 0x31, 0x22, 0xb4, 0x9c, 0xa3, 0xee, 0x2f, 0x27, 0xa9, 0x9f, 0x0e, + 0xdc, 0x40, 0x67, 0x17, 0x2e, 0xcb, 0xfd, 0x9e, 0xe7, 0xb2, 0x85, 0xcd, + 0x49, 0x24, 0xc8, 0x8a, 0x59, 0x6b, 0x1f, 0xec, 0x72, 0x89, 0xf8, 0x30, + 0xdf, 0x82, 0x61, 0x3b, 0x8b, 0xc9, 0x80, 0xe4, 0x27, 0x0d, 0xfe, 0x42, + 0x27, 0x6c, 0xaf, 0x62, 0x3e, 0x2f, 0x1d, 0x38, 0xb6, 0x88, 0x8f, 0x71, + 0x5a, 0x54, 0x6c, 0x68, 0x57, 0x40, 0x49, 0x7a, 0xb2, 0xe8, 0xb6, 0x97, + 0xab, 0xd6, 0x3c, 0x35, 0xf3, 0x95, 0x12, 0xde, 0xa2, 0x39, 0x54, 0x52, + 0x8c, 0x38, 0x2a, 0x2b, 0xe7, 0x21, 0x38, 0x63, 0xb0, 0xd6, 0xad, 0x94, + 0x44, 0xaf, 0x49, 0x5d, 0xfc, 0x49, 0x6b, 0x30, 0xdf, 0xe9, 0x19, 0x1e, + 0xed, 0x98, 0x0d, 0x4a, 0x3d, 0x56, 0x5e, 0x74, 0xad, 0x13, 0x8b, 0x68, + 0x45, 0x08, 0xbe, 0x0e, 0x6c, 0xb4, 0x62, 0x93, 0x27, 0x8b, 0x4f, 0xab, + 0x3e, 0xba, 0xe1, 0xe5, 0xff, 0xa8, 0x5d, 0x33, 0x32, 0xff, 0x34, 0xf9, + 0x8d, 0x67, 0x24, 0x4a, 0xbb, 0x2c, 0x60, 0xb5, 0x88, 0x96, 0x1b, 0xcc, + 0x53, 0xfb, 0x2e, 0x05, 0x1d, 0x8b, 0xc2, 0xa0, 0xde, 0x21, 0x41, 0x5e, + 0x11, 0x1b, 0x96, 0xd9, 0xa6, 0xae, 0xbd, 0xf0, 0x91, 0xad, 0x69, 0x2b, + 0xd2, 0x3f, 0xe4, 0x3d, 0x16, 0x69, 0xa6, 0xb2, 0x9c, 0xbe, 0x59, 0x7b, + 0x87, 0x79, 0xf5, 0xc2, 0x5a, 0xcc, 0xdf, 0xfe, 0x7f, 0xf9, 0xa6, 0x52, + 0xde, 0x5f, 0x46, 0x91, 0x21, 0x2c, 0x2c, 0x49, 0x25, 0x00, 0xd5, 0xe4, + 0x81, 0x6b, 0x85, 0xad, 0x98, 0xaf, 0x06, 0x4a, 0x83, 0xb2, 0xe3, 0x42, + 0x39, 0x31, 0x50, 0xe1, 0x2d, 0x22, 0xe6, 0x07, 0x24, 0x65, 0x29, 0x3f, + 0x4c, 0xbd, 0x14, 0x8d, 0xfa, 0x31, 0xfa, 0xa4, 0xb5, 0x99, 0x04, 0xa2, + 0xa5, 0xcc, 0x3b, 0x12, 0xb1, 0xaa, 0x6a, 0x17, 0x78, 0x8b, 0xb3, 0xe4, + 0x3c, 0x4c, 0xc5, 0xaa, 0x79, 0x12, 0x17, 0xe0, 0x22, 0x4d, 0xf4, 0xa9, + 0xd5, 0xd0, 0xed, 0xf8, 0xfe, 0x0a, 0x45, 0x80, 0x9f, 0x3b, 0x74, 0xa0, + 0xb1, 0xda, 0x18, 0xfa, 0xc2, 0x7d, 0xf6, 0x18, 0x2e, 0xa9, 0x2b, 0x7e, + 0x69, 0x06, 0x43, 0x2d, 0x62, 0x09, 0x42, 0x10, 0x9f, 0x83, 0xad, 0xd9, + 0xdd, 0xcd, 0xcb, 0x1b, 0x33, 0x32, 0x3e, 0x1f, 0xf6, 0xac, 0x3b, 0xa3, + 0x29, 0xd7, 0xc0, 0x88, 0xf9, 0xb7, 0x4c, 0xcd, 0x0a, 0x1f, 0xb8, 0x0f, + 0xe6, 0xf7, 0xd7, 0x4d, 0x5f, 0x06, 0x12, 0x8a, 0x12, 0xa6, 0x2d, 0xbe, + 0x5c, 0x57, 0xf8, 0x7f, 0x54, 0x3f, 0x90, 0x83, 0x2c, 0x0a, 0xc5, 0x3d, + 0x03, 0x78, 0x8a, 0x68, 0xf0, 0xbd, 0xa5, 0x3e, 0xe7, 0x07, 0xab, 0xc8, + 0x58, 0x2f, 0x5c, 0xfd, 0xb5, 0x39, 0xe3, 0xc6, 0x1c, 0x27, 0xf9, 0x0b, + 0xc7, 0x4c, 0xcc, 0x67, 0x62, 0xe6, 0x79, 0xe8, 0xc1, 0x0a, 0x86, 0x8a, + 0xb2, 0x32, 0x7b, 0x90, 0x36, 0x50, 0x92, 0x1f, 0x3e, 0x68, 0x39, 0x1c, + 0x4d, 0x5d, 0xf8, 0x2b, 0xe8, 0x7d, 0xe2, 0x34, 0x61, 0x9e, 0xc3, 0x77, + 0xb9, 0x4c, 0x34, 0x08, 0xda, 0x31, 0xc9, 0x1d, 0xbd, 0x3b, 0x7b, 0xf1, + 0x14, 0xba, 0x3a, 0x34, 0x13, 0xaa, 0x5e, 0xa8, 0x36, 0xf6, 0xfe, 0xed, + 0x5b, 0xef, 0xaf, 0x24, 0x42, 0xba, 0xfc, 0xc9, 0x30, 0x84, 0xec, 0x49, + 0x14, 0xab, 0x58, 0x71, 0xfe, 0x4b, 0x6d, 0x7b, 0x9f, 0xbb, 0x3c, 0x83, + 0xdf, 0x3a, 0xfb, 0x54, 0xff, 0x36, 0xaa, 0x6c, 0x47, 0x94, 0xc0, 0xde, + 0x89, 0x2e, 0xac, 0x68, 0xee, 0xe8, 0xf4, 0xae, 0xa3, 0xe0, 0x91, 0x55, + 0x0b, 0x0c, 0xd7, 0xf4, 0x33, 0xb5, 0xf9, 0xf2, 0x9e, 0xda, 0x78, 0xe5, + 0x75, 0xec, 0xdb, 0xf6, 0xed, 0x27, 0x9f, 0x44, 0x19, 0x9f, 0xb7, 0xf0, + 0xac, 0x1b, 0x3a, 0xf5, 0x77, 0xc7, 0x76, 0x1e, 0x3f, 0x78, 0x12, 0x48, + 0x1d, 0xb8, 0xe0, 0x30, 0x29, 0x9a, 0x8c, 0x8f, 0x21, 0x44, 0x9c, 0x89, + 0xec, 0x8e, 0xd0, 0x81, 0xf5, 0x6a, 0xd0, 0xac, 0x5e, 0xf0, 0x0f, 0x88, + 0x86, 0x31, 0x2e, 0x15, 0x1e, 0x0d, 0x2d, 0xeb, 0x56, 0x30, 0x27, 0x02, + 0x93, 0xf4, 0x07, 0x07, 0xba, 0xf7, 0xbd, 0xe8, 0x27, 0x4f, 0xc6, 0xd9, + 0x57, 0x10, 0x3b, 0xf0, 0xff, 0x2f, 0x2d, 0x6b, 0xd0, 0x17, 0xb3, 0x49, + 0xeb, 0xc2, 0x49, 0xdb, +}; + + static_assert(sizeof(kInput) == sizeof(kOutput), "Input and output lengths don't match."); +static_assert(sizeof(kInput) == sizeof(kOverflowOutput), + "Input and output lengths don't match."); TEST(ChaChaTest, TestVector) { // Run the test with the test vector at all lengths. @@ -237,6 +331,22 @@ TEST(ChaChaTest, TestVector) { } } +TEST(ChaChaTest, CounterOverflow) { + // Run the test with the test vector at all lengths. + for (size_t len = 0; len <= sizeof(kInput); len++) { + SCOPED_TRACE(len); + + std::unique_ptr buf(new uint8_t[len]); + CRYPTO_chacha_20(buf.get(), kInput, len, kKey, kNonce, kOverflowCounter); + EXPECT_EQ(Bytes(kOverflowOutput, len), Bytes(buf.get(), len)); + + // Test the in-place version. + OPENSSL_memcpy(buf.get(), kInput, len); + CRYPTO_chacha_20(buf.get(), buf.get(), len, kKey, kNonce, kOverflowCounter); + EXPECT_EQ(Bytes(kOverflowOutput, len), Bytes(buf.get(), len)); + } +} + #if defined(CHACHA20_ASM) && defined(SUPPORTS_ABI_TEST) TEST(ChaChaTest, ABI) { uint32_t key[8]; diff --git a/crypto/chacha/internal.h b/crypto/chacha/internal.h index 1435e3b01e..5f442ec461 100644 --- a/crypto/chacha/internal.h +++ b/crypto/chacha/internal.h @@ -32,7 +32,14 @@ void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32], defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) #define CHACHA20_ASM -// ChaCha20_ctr32 is defined in asm/chacha-*.pl. +// ChaCha20_ctr32 encrypts |in_len| bytes from |in| and writes the result to +// |out|. If |in| and |out| alias, they must be equal. +// +// |counter[0]| is the initial 32-bit block counter, and the remainder is the +// 96-bit nonce. If the counter overflows, the output is undefined. The function +// will produce output, but the output may vary by machine and may not be +// self-consistent. (On some architectures, the assembly implements a mix of +// 64-bit and 32-bit counters.) void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len, const uint32_t key[8], const uint32_t counter[4]); #endif diff --git a/include/openssl/chacha.h b/include/openssl/chacha.h index cfbaa75680..2868c29062 100644 --- a/include/openssl/chacha.h +++ b/include/openssl/chacha.h @@ -29,6 +29,12 @@ extern "C" { // CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and // nonce and writes the result to |out|. If |in| and |out| alias, they must be // equal. The initial block counter is specified by |counter|. +// +// This function implements a 32-bit block counter as in RFC 8439. On overflow, +// the counter wraps. Reusing a key, nonce, and block counter combination is not +// secure, so wrapping is usually a bug in the caller. While it is possible to +// wrap without reuse with a large initial block counter, this is not +// recommended and may not be portable to other ChaCha20 implementations. OPENSSL_EXPORT void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len, const uint8_t key[32], const uint8_t nonce[12], uint32_t counter); From 43f88915f97d1f7df489b4b706afdfa556ba2050 Mon Sep 17 00:00:00 2001 From: Andres Erbsen Date: Mon, 22 May 2023 20:51:15 +0000 Subject: [PATCH 02/42] Add saturated X25519 for x86_64+ADX running Linux Did 29000 Curve25519 arbitrary point multiplication operations in 1026074us (28263.1 ops/sec) [+31.2%] Change-Id: I9c7d47a047dc68d37202b6cf40d7d12b5b4936f8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60385 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/CMakeLists.txt | 2 + crypto/curve25519/asm/fiat_curve25519_adx.S | 11 + crypto/curve25519/curve25519.c | 9 +- crypto/curve25519/curve25519_64_adx.c | 18 + crypto/curve25519/internal.h | 29 +- crypto/curve25519/x25519_test.cc | 25 + .../fiat/asm/fiat_curve25519_adx_mul.S | 155 +++++ .../fiat/asm/fiat_curve25519_adx_square.S | 123 ++++ third_party/fiat/curve25519_64_adx.h | 528 ++++++++++++++++++ 9 files changed, 892 insertions(+), 8 deletions(-) create mode 100644 crypto/curve25519/asm/fiat_curve25519_adx.S create mode 100644 crypto/curve25519/curve25519_64_adx.c create mode 100644 third_party/fiat/asm/fiat_curve25519_adx_mul.S create mode 100644 third_party/fiat/asm/fiat_curve25519_adx_square.S create mode 100644 third_party/fiat/curve25519_64_adx.h diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index ef47623cc6..5f0c160aa0 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -15,6 +15,7 @@ endif() set( CRYPTO_SOURCES_ASM curve25519/asm/x25519-asm-arm.S + curve25519/asm/fiat_curve25519_adx.S hrss/asm/poly_rq_mul.S poly1305/poly1305_arm_asm.S ) @@ -137,6 +138,7 @@ add_library( cpu_intel.c crypto.c curve25519/curve25519.c + curve25519/curve25519_64_adx.c curve25519/spake25519.c des/des.c dh_extra/params.c diff --git a/crypto/curve25519/asm/fiat_curve25519_adx.S b/crypto/curve25519/asm/fiat_curve25519_adx.S new file mode 100644 index 0000000000..0c4218117c --- /dev/null +++ b/crypto/curve25519/asm/fiat_curve25519_adx.S @@ -0,0 +1,11 @@ +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && defined(__x86_64__) + +#if defined(BORINGSSL_PREFIX) +#include +#endif + +.intel_syntax noprefix +#include "../../../third_party/fiat/asm/fiat_curve25519_adx_mul.S" +#include "../../../third_party/fiat/asm/fiat_curve25519_adx_square.S" + +#endif diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index d4a3f21d67..ec3067b24a 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -19,8 +19,6 @@ // // The field functions are shared by Ed25519 and X25519 where possible. -#include - #include #include @@ -31,7 +29,6 @@ #include "internal.h" #include "../internal.h" - // Various pre-computed constants. #include "./curve25519_tables.h" @@ -2069,6 +2066,12 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], x25519_NEON(out, scalar, point); return; } +#elif defined(BORINGSSL_FE25519_ADX) + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + x25519_scalar_mult_adx(out, scalar, point); + return; + } #endif x25519_scalar_mult_generic(out, scalar, point); diff --git a/crypto/curve25519/curve25519_64_adx.c b/crypto/curve25519/curve25519_64_adx.c new file mode 100644 index 0000000000..2768989643 --- /dev/null +++ b/crypto/curve25519/curve25519_64_adx.c @@ -0,0 +1,18 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" +#if defined(BORINGSSL_FE25519_ADX) +#include "../../third_party/fiat/curve25519_64_adx.h" +#endif diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h index 1420601bb7..4de134419f 100644 --- a/crypto/curve25519/internal.h +++ b/crypto/curve25519/internal.h @@ -15,14 +15,13 @@ #ifndef OPENSSL_HEADER_CURVE25519_INTERNAL_H #define OPENSSL_HEADER_CURVE25519_INTERNAL_H -#if defined(__cplusplus) -extern "C" { -#endif - -#include +#include #include "../internal.h" +#if defined(__cplusplus) +extern "C" { +#endif #if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE) #define BORINGSSL_X25519_NEON @@ -32,6 +31,26 @@ void x25519_NEON(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]); #endif +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \ + defined(__GNUC__) && defined(__x86_64__) +#define BORINGSSL_FE25519_ADX + +// fiat_curve25519_adx_mul is defined in +// third_party/fiat/asm/fiat_curve25519_adx_mul.S +void __attribute__((sysv_abi)) +fiat_curve25519_adx_mul(uint64_t out[4], const uint64_t in1[4], + const uint64_t in2[4]); + +// fiat_curve25519_adx_square is defined in +// third_party/fiat/asm/fiat_curve25519_adx_square.S +void __attribute__((sysv_abi)) +fiat_curve25519_adx_square(uint64_t out[4], const uint64_t in[4]); + +// x25519_scalar_mult_adx is defined in third_party/fiat/curve25519_64_adx.h +void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]); +#endif + #if defined(OPENSSL_64_BIT) // fe means field element. Here the field is \Z/(2^255-19). An element t, // entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153 diff --git a/crypto/curve25519/x25519_test.cc b/crypto/curve25519/x25519_test.cc index f512d01ab1..8c08ee22c9 100644 --- a/crypto/curve25519/x25519_test.cc +++ b/crypto/curve25519/x25519_test.cc @@ -20,6 +20,7 @@ #include +#include "internal.h" #include "../internal.h" #include "../test/abi_test.h" #include "../test/file_test.h" @@ -231,3 +232,27 @@ TEST(X25519Test, NeonABI) { CHECK_ABI(x25519_NEON, secret, kScalar, kPoint); } #endif // BORINGSSL_X25519_NEON && SUPPORTS_ABI_TEST + +#if defined(BORINGSSL_FE25519_ADX) && defined(SUPPORTS_ABI_TEST) +TEST(X25519Test, AdxMulABI) { + static const uint64_t in1[4] = {0}, in2[4] = {0}; + uint64_t out[4]; + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + CHECK_ABI(fiat_curve25519_adx_mul, out, in1, in2); + } else { + GTEST_SKIP() << "Can't test ABI of ADX code without ADX"; + } +} + +TEST(X25519Test, AdxSquareABI) { + static const uint64_t in[4] = {0}; + uint64_t out[4]; + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + CHECK_ABI(fiat_curve25519_adx_square, out, in); + } else { + GTEST_SKIP() << "Can't test ABI of ADX code without ADX"; + } +} +#endif // BORINGSSL_FE25519_ADX && SUPPORTS_ABI_TEST diff --git a/third_party/fiat/asm/fiat_curve25519_adx_mul.S b/third_party/fiat/asm/fiat_curve25519_adx_mul.S new file mode 100644 index 0000000000..acbac97b89 --- /dev/null +++ b/third_party/fiat/asm/fiat_curve25519_adx_mul.S @@ -0,0 +1,155 @@ +.text +#if defined(__APPLE__) +.global _fiat_curve25519_adx_mul +_fiat_curve25519_adx_mul: +#else +.global fiat_curve25519_adx_mul +fiat_curve25519_adx_mul: +#endif + +.cfi_startproc +mov [rsp - 0x08], rbp +.cfi_offset rbp, -8-0x08 +mov rbp, rsp + +mov rax, rdx +mov rdx, [ rsi + 0x18 ] +mulx r11, r10, [ rax + 0x8 ] +mov rdx, [ rax + 0x0 ] +mov [ rsp - 0x58 ], r15 +.cfi_offset r15, -8-0x58 +mulx r8, rcx, [ rsi + 0x18 ] +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x80 ], rbx +.cfi_offset rbx, -8-0x80 +mulx rbx, r9, [ rax + 0x18 ] +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x70 ], r12 +.cfi_offset r12, -8-0x70 +mulx r15, r12, [ rax + 0x8 ] +mov rdx, [ rsi + 0x0 ] +mov [ rsp - 0x68 ], r13 +.cfi_offset r13, -8-0x68 +mov [ rsp - 0x60 ], r14 +.cfi_offset r14, -8-0x60 +mulx r14, r13, [ rax + 0x0 ] +mov rdx, [ rax + 0x10 ] +mov [ rsp - 0x18 ], r15 +mov [ rsp - 0x50 ], rdi +mulx rdi, r15, [ rsi + 0x0 ] +mov rdx, [ rax + 0x18 ] +mov [ rsp - 0x48 ], r13 +mov [ rsp - 0x40 ], r9 +mulx r9, r13, [ rsi + 0x0 ] +test al, al +adox rcx, rdi +mov rdx, [ rsi + 0x10 ] +mov [ rsp - 0x38 ], r13 +mulx r13, rdi, [ rax + 0x8 ] +adox r10, r9 +mov rdx, 0x0 +adox rbx, rdx +adcx rdi, rcx +adcx r8, r10 +mov r9, rdx +adcx r9, rbx +mov rdx, [ rsi + 0x10 ] +mulx r10, rcx, [ rax + 0x0 ] +mov rdx, [ rsi + 0x0 ] +mov [ rsp - 0x30 ], r15 +mulx r15, rbx, [ rax + 0x8 ] +mov rdx, -0x2 +inc rdx +adox rcx, r15 +setc r15b +clc +adcx rcx, r12 +adox r10, rdi +mov rdx, [ rax + 0x10 ] +mov [ rsp - 0x78 ], rcx +mulx rcx, rdi, [ rsi + 0x10 ] +adox rdi, r8 +mov rdx, [ rax + 0x18 ] +mov [ rsp - 0x28 ], rcx +mulx rcx, r8, [ rsi + 0x10 ] +mov rdx, [ rax + 0x10 ] +mov [ rsp - 0x20 ], r8 +mulx r12, r8, [ rsi + 0x18 ] +adox r8, r9 +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x10 ], r12 +mulx r12, r9, [ rax + 0x10 ] +movzx rdx, r15b +lea rdx, [ rdx + rcx ] +adcx r9, r10 +adcx r13, rdi +mov r15, 0x0 +mov r10, r15 +adox r10, rdx +mov rdx, [ rax + 0x18 ] +mulx rcx, rdi, [ rsi + 0x18 ] +adox rcx, r15 +adcx r11, r8 +mov rdx, r15 +adcx rdx, r10 +adcx rcx, r15 +mov r8, rdx +mov rdx, [ rax + 0x0 ] +mulx r15, r10, [ rsi + 0x8 ] +test al, al +adox r10, r14 +adcx rbx, r10 +adox r15, [ rsp - 0x78 ] +adcx r15, [ rsp - 0x30 ] +adox r9, [ rsp - 0x18 ] +adcx r9, [ rsp - 0x38 ] +adox r13, [ rsp - 0x40 ] +adcx r12, r13 +adox r11, [ rsp - 0x20 ] +adcx r11, [ rsp - 0x28 ] +mov rdx, 0x26 +mulx rsi, r14, r12 +adox rdi, r8 +adcx rdi, [ rsp - 0x10 ] +mulx r10, r8, r11 +mov r13, 0x0 +adox rcx, r13 +adcx rcx, r13 +mulx r11, r12, rdi +xor rdi, rdi +adox r8, rbx +adox r12, r15 +mulx rbx, r13, rcx +adcx r14, [ rsp - 0x48 ] +adox r13, r9 +adox rbx, rdi +adcx rsi, r8 +adcx r10, r12 +adcx r11, r13 +adc rbx, 0x0 +mulx r9, r15, rbx +xor r9, r9 +adox r15, r14 +mov rdi, r9 +adox rdi, rsi +mov rcx, r9 +adox rcx, r10 +mov r8, [ rsp - 0x50 ] +mov [ r8 + 0x8 ], rdi +mov r12, r9 +adox r12, r11 +mov r14, r9 +cmovo r14, rdx +mov [ r8 + 0x18 ], r12 +adcx r15, r14 +mov [ r8 + 0x0 ], r15 +mov [ r8 + 0x10 ], rcx +mov rbx, [ rsp - 0x80 ] +mov r12, [ rsp - 0x70 ] +mov r13, [ rsp - 0x68 ] +mov r14, [ rsp - 0x60 ] +mov r15, [ rsp - 0x58 ] + +mov rbp, [rsp - 0x08] +ret +.cfi_endproc diff --git a/third_party/fiat/asm/fiat_curve25519_adx_square.S b/third_party/fiat/asm/fiat_curve25519_adx_square.S new file mode 100644 index 0000000000..2ba3fd413a --- /dev/null +++ b/third_party/fiat/asm/fiat_curve25519_adx_square.S @@ -0,0 +1,123 @@ +.text +#if defined(__APPLE__) +.global _fiat_curve25519_adx_square +_fiat_curve25519_adx_square: +#else +.global fiat_curve25519_adx_square +fiat_curve25519_adx_square: +#endif + +.cfi_startproc +mov [rsp - 0x08], rbp +.cfi_offset rbp, -8-0x08 +mov rbp, rsp + +mov rdx, [ rsi + 0x0 ] +mulx r10, rax, [ rsi + 0x8 ] +mov rdx, [ rsi + 0x0 ] +mulx rcx, r11, [ rsi + 0x10 ] +xor rdx, rdx +adox r11, r10 +mov rdx, [ rsi + 0x0 ] +mulx r9, r8, [ rsi + 0x18 ] +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x80 ], rbx +.cfi_offset rbx, -8-0x80 +mulx rbx, r10, [ rsi + 0x18 ] +adox r8, rcx +mov [rsp - 0x48 ], rdi +adox r10, r9 +adcx rax, rax +mov rdx, [ rsi + 0x10 ] +mulx r9, rcx, [ rsi + 0x18 ] +adox rcx, rbx +mov rdx, [ rsi + 0x10 ] +mulx rdi, rbx, [ rsi + 0x8 ] +mov rdx, 0x0 +adox r9, rdx +mov [ rsp - 0x70 ], r12 +.cfi_offset r12, -8-0x70 +mov r12, -0x3 +inc r12 +adox rbx, r8 +adox rdi, r10 +adcx r11, r11 +mov r8, rdx +adox r8, rcx +mov r10, rdx +adox r10, r9 +adcx rbx, rbx +mov rdx, [ rsi + 0x0 ] +mulx r9, rcx, rdx +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x68 ], r13 +.cfi_offset r13, -8-0x68 +mov [ rsp - 0x60 ], r14 +.cfi_offset r14, -8-0x60 +mulx r14, r13, rdx +seto dl +inc r12 +adox r9, rax +adox r13, r11 +adox r14, rbx +adcx rdi, rdi +mov al, dl +mov rdx, [ rsi + 0x10 ] +mulx rbx, r11, rdx +adox r11, rdi +adcx r8, r8 +adox rbx, r8 +adcx r10, r10 +movzx rdx, al +mov rdi, 0x0 +adcx rdx, rdi +movzx r8, al +lea r8, [ r8 + rdx ] +mov rdx, [ rsi + 0x18 ] +mulx rdi, rax, rdx +adox rax, r10 +mov rdx, 0x26 +mov [ rsp - 0x58 ], r15 +.cfi_offset r15, -8-0x58 +mulx r15, r10, r11 +clc +adcx r10, rcx +mulx r11, rcx, rbx +adox r8, rdi +mulx rdi, rbx, r8 +inc r12 +adox rcx, r9 +mulx r8, r9, rax +adcx r15, rcx +adox r9, r13 +adcx r11, r9 +adox rbx, r14 +adox rdi, r12 +adcx r8, rbx +adc rdi, 0x0 +mulx r14, r13, rdi +test al, al +mov rdi, [ rsp - 0x48 ] +adox r13, r10 +mov r14, r12 +adox r14, r15 +mov [ rdi + 0x8 ], r14 +mov rax, r12 +adox rax, r11 +mov r10, r12 +adox r10, r8 +mov [ rdi + 0x10 ], rax +mov rcx, r12 +cmovo rcx, rdx +adcx r13, rcx +mov [ rdi + 0x0 ], r13 +mov [ rdi + 0x18 ], r10 +mov rbx, [ rsp - 0x80 ] +mov r12, [ rsp - 0x70 ] +mov r13, [ rsp - 0x68 ] +mov r14, [ rsp - 0x60 ] +mov r15, [ rsp - 0x58 ] + +mov rbp, [rsp - 0x08] +ret +.cfi_endproc diff --git a/third_party/fiat/curve25519_64_adx.h b/third_party/fiat/curve25519_64_adx.h new file mode 100644 index 0000000000..af9a9f8c0a --- /dev/null +++ b/third_party/fiat/curve25519_64_adx.h @@ -0,0 +1,528 @@ +#include +#include +#include + +typedef uint64_t fe4[4]; +typedef uint8_t fiat_uint1; +typedef int8_t fiat_int1; + +static __inline__ uint64_t fiat_value_barrier_u64(uint64_t a) { + __asm__("" : "+r"(a) : /* no inputs */); + return a; +} +static inline void fe4_mul(fe4 out, const fe4 x, const fe4 y) { fiat_curve25519_adx_mul(out, x, y); } +static inline void fe4_sq(fe4 out, const fe4 x) { fiat_curve25519_adx_square(out, x); } + +/* + * The function fiat_mulx_u64 is a multiplication, returning the full double-width result. + * + * Postconditions: + * out1 = (arg1 * arg2) mod 2^64 + * out2 = ⌊arg1 * arg2 / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0xffffffffffffffff] + */ +static inline void fiat_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { +// NOTE: edited after generation +#if defined(_M_X64) + unsigned long long t; + *out1 = _umul128(arg1, arg2, &t); + *out2 = t; +#elif defined(_M_ARM64) + *out1 = arg1 * arg2; + *out2 = __umulh(arg1, arg2); +#else + unsigned __int128 t = (unsigned __int128)arg1 * arg2; + *out1 = t; + *out2 = (t >> 64); +#endif +} + +/* + * The function fiat_addcarryx_u64 is an addition with carry. + * + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^64 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static inline void fiat_addcarryx_u64(uint64_t* out1, fiat_uint1* out2, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { +// NOTE: edited after generation +#if defined(__has_builtin) +# if __has_builtin(__builtin_ia32_addcarryx_u64) +# define addcarry64 __builtin_ia32_addcarryx_u64 +# endif +#endif +#if defined(addcarry64) + long long unsigned int t; + *out2 = addcarry64(arg1, arg2, arg3, &t); + *out1 = t; +#elif defined(_M_X64) + long long unsigned int t; + *out2 = _addcarry_u64(arg1, arg2, arg3, out1); + *out1 = t; +#else + arg2 += arg1; + arg1 = arg2 < arg1; + uint64_t ret = arg2 + arg3; + arg1 += ret < arg2; + *out1 = ret; + *out2 = arg1; +#endif +#undef addcarry64 +} + +/* + * The function fiat_subborrowx_u64 is a subtraction with borrow. + * + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^64 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static inline void fiat_subborrowx_u64(uint64_t* out1, fiat_uint1* out2, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { +#if defined(__has_builtin) +# if __has_builtin(__builtin_ia32_subborrow_u64) +# define subborrow64 __builtin_ia32_subborrow_u64 +# endif +#endif +#if defined(subborrow64) + long long unsigned int t; + *out2 = subborrow64(arg1, arg2, arg3, &t); + *out1 = t; +#elif defined(_M_X64) + long long unsigned int t; + *out2 = _subborrow_u64(arg1, arg2, arg3, &t); // NOTE: edited after generation + *out1 = t; +#else + *out1 = arg2 - arg3 - arg1; + *out2 = (arg2 < arg3) | ((arg2 == arg3) & arg1); +#endif +#undef subborrow64 +} + +/* + * The function fiat_cmovznz_u64 is a single-word conditional move. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static inline void fiat_cmovznz_u64(uint64_t* out1, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_uint1 x1; + uint64_t x2; + uint64_t x3; + x1 = (!(!arg1)); + x2 = ((fiat_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + x3 = ((fiat_value_barrier_u64(x2) & arg3) | (fiat_value_barrier_u64((~x2)) & arg2)); + *out1 = x3; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fe4_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + fiat_uint1 x2; + uint64_t x3; + fiat_uint1 x4; + uint64_t x5; + fiat_uint1 x6; + uint64_t x7; + fiat_uint1 x8; + uint64_t x9; + uint64_t x10; + fiat_uint1 x11; + uint64_t x12; + fiat_uint1 x13; + uint64_t x14; + fiat_uint1 x15; + uint64_t x16; + fiat_uint1 x17; + uint64_t x18; + uint64_t x19; + fiat_uint1 x20; + fiat_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_cmovznz_u64(&x9, x8, 0x0, UINT8_C(0x26)); // NOTE: clang 14 for Zen 2 uses sbb, and + fiat_addcarryx_u64(&x10, &x11, 0x0, x1, x9); + fiat_addcarryx_u64(&x12, &x13, x11, x3, 0x0); + fiat_addcarryx_u64(&x14, &x15, x13, x5, 0x0); + fiat_addcarryx_u64(&x16, &x17, x15, x7, 0x0); + fiat_cmovznz_u64(&x18, x17, 0x0, UINT8_C(0x26)); // NOTE: clang 14 for Zen 2 uses sbb, and + fiat_addcarryx_u64(&x19, &x20, 0x0, x10, x18); + out1[0] = x19; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fe4_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + uint64_t x2; + fiat_uint1 x3; + uint64_t x4; + uint64_t x5; + fiat_uint1 x6; + uint64_t x7; + uint64_t x8; + fiat_uint1 x9; + uint64_t x10; + uint64_t x11; + fiat_uint1 x12; + uint64_t x13; + uint64_t x14; + fiat_uint1 x15; + uint64_t x16; + fiat_uint1 x17; + uint64_t x18; + fiat_uint1 x19; + uint64_t x20; + fiat_uint1 x21; + uint64_t x22; + uint64_t x23; + fiat_uint1 x24; + x1 = (arg2[0]); + fiat_subborrowx_u64(&x2, &x3, 0x0, (arg1[0]), x1); + x4 = (arg2[1]); + fiat_subborrowx_u64(&x5, &x6, x3, (arg1[1]), x4); + x7 = (arg2[2]); + fiat_subborrowx_u64(&x8, &x9, x6, (arg1[2]), x7); + x10 = (arg2[3]); + fiat_subborrowx_u64(&x11, &x12, x9, (arg1[3]), x10); + fiat_cmovznz_u64(&x13, x12, 0x0, UINT8_C(0x26)); // NOTE: clang 14 for Zen 2 uses sbb, and + fiat_subborrowx_u64(&x14, &x15, 0x0, x2, x13); + fiat_subborrowx_u64(&x16, &x17, x15, x5, 0x0); + fiat_subborrowx_u64(&x18, &x19, x17, x8, 0x0); + fiat_subborrowx_u64(&x20, &x21, x19, x11, 0x0); + fiat_cmovznz_u64(&x22, x21, 0x0, UINT8_C(0x26)); // NOTE: clang 14 for Zen 2 uses sbb, and + fiat_subborrowx_u64(&x23, &x24, 0x0, x14, x22); + out1[0] = x23; + out1[1] = x16; + out1[2] = x18; + out1[3] = x20; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [0x0 ~> 0x3ffffffffffffff] // NOTE: this is not any uint64! + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fe4_scmul(uint64_t out1[4], const uint64_t arg1[4], uint64_t arg2) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + fiat_uint1 x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + fiat_uint1 x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_uint1 x14; + uint64_t x15; + uint64_t x16; + uint64_t x17; + fiat_uint1 x18; + uint64_t x19; + fiat_uint1 x20; + uint64_t x21; + fiat_uint1 x22; + uint64_t x23; + fiat_uint1 x24; + uint64_t x25; + uint64_t x26; + fiat_uint1 x27; + fiat_mulx_u64(&x1, &x2, (arg1[0]), arg2); + fiat_mulx_u64(&x3, &x4, (arg1[1]), arg2); + fiat_addcarryx_u64(&x5, &x6, 0x0, x2, x3); + fiat_mulx_u64(&x7, &x8, (arg1[2]), arg2); + fiat_addcarryx_u64(&x9, &x10, x6, x4, x7); + fiat_mulx_u64(&x11, &x12, (arg1[3]), arg2); + fiat_addcarryx_u64(&x13, &x14, x10, x8, x11); + fiat_mulx_u64(&x15, &x16, (x12 + (uint64_t)x14), UINT8_C(0x26)); + fiat_addcarryx_u64(&x17, &x18, 0x0, x1, x15); + fiat_addcarryx_u64(&x19, &x20, x18, x5, 0x0); + fiat_addcarryx_u64(&x21, &x22, x20, x9, 0x0); + fiat_addcarryx_u64(&x23, &x24, x22, x13, 0x0); + fiat_cmovznz_u64(&x25, x24, 0x0, UINT8_C(0x26)); // NOTE: clang 14 for Zen 2 uses sbb, and + fiat_addcarryx_u64(&x26, &x27, 0x0, x17, x25); + out1[0] = x26; + out1[1] = x19; + out1[2] = x21; + out1[3] = x23; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fe4_canon(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1; + fiat_uint1 x2; + uint64_t x3; + fiat_uint1 x4; + uint64_t x5; + fiat_uint1 x6; + uint64_t x7; + fiat_uint1 x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_uint1 x14; + uint64_t x15; + fiat_uint1 x16; + uint64_t x17; + fiat_uint1 x18; + uint64_t x19; + fiat_uint1 x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + fiat_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0xffffffffffffffed)); + fiat_subborrowx_u64(&x3, &x4, x2, (arg1[1]), UINT64_C(0xffffffffffffffff)); + fiat_subborrowx_u64(&x5, &x6, x4, (arg1[2]), UINT64_C(0xffffffffffffffff)); + fiat_subborrowx_u64(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7fffffffffffffff)); + fiat_cmovznz_u64(&x9, x8, x1, (arg1[0])); + fiat_cmovznz_u64(&x10, x8, x3, (arg1[1])); + fiat_cmovznz_u64(&x11, x8, x5, (arg1[2])); + fiat_cmovznz_u64(&x12, x8, x7, (arg1[3])); + fiat_subborrowx_u64(&x13, &x14, 0x0, x9, UINT64_C(0xffffffffffffffed)); + fiat_subborrowx_u64(&x15, &x16, x14, x10, UINT64_C(0xffffffffffffffff)); + fiat_subborrowx_u64(&x17, &x18, x16, x11, UINT64_C(0xffffffffffffffff)); + fiat_subborrowx_u64(&x19, &x20, x18, x12, UINT64_C(0x7fffffffffffffff)); + fiat_cmovznz_u64(&x21, x20, x13, x9); + fiat_cmovznz_u64(&x22, x20, x15, x10); + fiat_cmovznz_u64(&x23, x20, x17, x11); + fiat_cmovznz_u64(&x24, x20, x19, x12); + out1[0] = x21; + out1[1] = x22; + out1[2] = x23; + out1[3] = x24; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fe4_cswap(uint64_t out1[4], uint64_t out2[4], fiat_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + // NOTE: clang 14 for Zen 2 uses YMM registers + fiat_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + fiat_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + fiat_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_cmovznz_u64(&x5, arg1, (arg3[0]), (arg2[0])); + fiat_cmovznz_u64(&x6, arg1, (arg3[1]), (arg2[1])); + fiat_cmovznz_u64(&x7, arg1, (arg3[2]), (arg2[2])); + fiat_cmovznz_u64(&x8, arg1, (arg3[3]), (arg2[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out2[0] = x5; + out2[1] = x6; + out2[2] = x7; + out2[3] = x8; +} + +// The following functions are adaped from crypto/curve25519/curve25519.c +// It would be desirable to share the code, but with the current field +// implementations both 4-limb and 5-limb versions of the curve-level code need +// to be included in builds targetting an unknown variant of x86_64. + +static void fe4_invert(fe4 out, const fe4 z) { + fe4 t0; + fe4 t1; + fe4 t2; + fe4 t3; + int i; + + fe4_sq(t0, z); + fe4_sq(t1, t0); + for (i = 1; i < 2; ++i) { + fe4_sq(t1, t1); + } + fe4_mul(t1, z, t1); + fe4_mul(t0, t0, t1); + fe4_sq(t2, t0); + fe4_mul(t1, t1, t2); + fe4_sq(t2, t1); + for (i = 1; i < 5; ++i) { + fe4_sq(t2, t2); + } + fe4_mul(t1, t2, t1); + fe4_sq(t2, t1); + for (i = 1; i < 10; ++i) { + fe4_sq(t2, t2); + } + fe4_mul(t2, t2, t1); + fe4_sq(t3, t2); + for (i = 1; i < 20; ++i) { + fe4_sq(t3, t3); + } + fe4_mul(t2, t3, t2); + fe4_sq(t2, t2); + for (i = 1; i < 10; ++i) { + fe4_sq(t2, t2); + } + fe4_mul(t1, t2, t1); + fe4_sq(t2, t1); + for (i = 1; i < 50; ++i) { + fe4_sq(t2, t2); + } + fe4_mul(t2, t2, t1); + fe4_sq(t3, t2); + for (i = 1; i < 100; ++i) { + fe4_sq(t3, t3); + } + fe4_mul(t2, t3, t2); + fe4_sq(t2, t2); + for (i = 1; i < 50; ++i) { + fe4_sq(t2, t2); + } + fe4_mul(t1, t2, t1); + fe4_sq(t1, t1); + for (i = 1; i < 5; ++i) { + fe4_sq(t1, t1); + } + fe4_mul(out, t1, t0); +} + +void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]) { + uint8_t e[32]; + memcpy(e, scalar, 32); + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + + // The following implementation was transcribed to Coq and proven to + // correspond to unary scalar multiplication in affine coordinates given that + // x1 != 0 is the x coordinate of some point on the curve. It was also checked + // in Coq that doing a ladderstep with x1 = x3 = 0 gives z2' = z3' = 0, and z2 + // = z3 = 0 gives z2' = z3' = 0. The statement was quantified over the + // underlying field, so it applies to Curve25519 itself and the quadratic + // twist of Curve25519. It was not proven in Coq that prime-field arithmetic + // correctly simulates extension-field arithmetic on prime-field values. + // The decoding of the byte array representation of e was not considered. + // Specification of Montgomery curves in affine coordinates: + // + // Proof that these form a group that is isomorphic to a Weierstrass curve: + // + // Coq transcription and correctness proof of the loop (where scalarbits=255): + // + // + // preconditions: 0 <= e < 2^255 (not necessarily e < order), fe_invert(0) = 0 + fe4 x1, x2 = {1}, z2 = {0}, x3, z3 = {1}, tmp0, tmp1; + OPENSSL_memcpy(x1, point, sizeof(fe4)); + x1[3] &= (uint64_t)(-1)>>1; + OPENSSL_memcpy(x3, x1, sizeof(fe4)); + + unsigned swap = 0; + int pos; + for (pos = 254; pos >= 0; --pos) { + // loop invariant as of right before the test, for the case where x1 != 0: + // pos >= -1; if z2 = 0 then x2 is nonzero; if z3 = 0 then x3 is nonzero + // let r := e >> (pos+1) in the following equalities of projective points: + // to_xz (r*P) === if swap then (x3, z3) else (x2, z2) + // to_xz ((r+1)*P) === if swap then (x2, z2) else (x3, z3) + // x1 is the nonzero x coordinate of the nonzero point (r*P-(r+1)*P) + unsigned b = 1 & (e[pos / 8] >> (pos & 7)); + swap ^= b; + fe4_cswap(x2, x3, swap, x2, x3); + fe4_cswap(z2, z3, swap, z2, z3); + swap = b; + // Coq transcription of ladderstep formula (called from transcribed loop): + // + // + // x1 != 0 + // x1 = 0 + fe4_sub(tmp0, x3, z3); + fe4_sub(tmp1, x2, z2); + fe4_add(x2, x2, z2); + fe4_add(z2, x3, z3); + fe4_mul(z3, tmp0, x2); + fe4_mul(z2, z2, tmp1); + fe4_sq(tmp0, tmp1); + fe4_sq(tmp1, x2); + fe4_add(x3, z3, z2); + fe4_sub(z2, z3, z2); + fe4_mul(x2, tmp1, tmp0); + fe4_sub(tmp1, tmp1, tmp0); + fe4_sq(z2, z2); + fe4_scmul(z3, tmp1, 121666); + fe4_sq(x3, x3); + fe4_add(tmp0, tmp0, z3); + fe4_mul(z3, x1, z2); + fe4_mul(z2, tmp1, tmp0); + } + // here pos=-1, so r=e, so to_xz (e*P) === if swap then (x3, z3) else (x2, z2) + fe4_cswap(x2, x3, swap, x2, x3); + fe4_cswap(z2, z3, swap, z2, z3); + + fe4_invert(z2, z2); + fe4_mul(x2, x2, z2); + fe4_canon(x2, x2); + OPENSSL_memcpy(out, x2, sizeof(fe4)); +} From f4a4e2771542b90b01b15a9fe19d3fafe0fda0d0 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 2 Jun 2023 23:40:50 -0400 Subject: [PATCH 03/42] Make DSA opaque Update-Note: Accessing the DSA struct directly is no longer supported. Use accessors instead. Bug: 325 Change-Id: I73dc20f2e275d48648ca84d2db7806fe155c567d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60425 Reviewed-by: Adam Langley Auto-Submit: David Benjamin Commit-Queue: David Benjamin --- crypto/dsa/dsa_test.cc | 10 ++++++++-- crypto/dsa/internal.h | 18 ++++++++++++++++++ crypto/evp/print.c | 13 +++++++------ include/openssl/dsa.h | 21 --------------------- 4 files changed, 33 insertions(+), 29 deletions(-) diff --git a/crypto/dsa/dsa_test.cc b/crypto/dsa/dsa_test.cc index 611b003470..22e9e13bbf 100644 --- a/crypto/dsa/dsa_test.cc +++ b/crypto/dsa/dsa_test.cc @@ -257,7 +257,10 @@ TEST(DSATest, Verify) { TEST(DSATest, InvalidGroup) { bssl::UniquePtr dsa = GetFIPSDSA(); ASSERT_TRUE(dsa); - BN_zero(dsa->g); + bssl::UniquePtr zero(BN_new()); + ASSERT_TRUE(zero); + ASSERT_TRUE(DSA_set0_pqg(dsa.get(), /*p=*/nullptr, /*q=*/nullptr, + /*g=*/zero.release())); std::vector sig(DSA_size(dsa.get())); unsigned sig_len; @@ -305,7 +308,10 @@ TEST(DSATest, MissingPrivate) { TEST(DSATest, ZeroPrivateKey) { bssl::UniquePtr dsa = GetFIPSDSA(); ASSERT_TRUE(dsa); - BN_zero(dsa->priv_key); + bssl::UniquePtr zero(BN_new()); + ASSERT_TRUE(zero); + ASSERT_TRUE(DSA_set0_key(dsa.get(), /*pub_key=*/nullptr, + /*priv_key=*/zero.release())); static const uint8_t kZeroDigest[32] = {0}; std::vector sig(DSA_size(dsa.get())); diff --git a/crypto/dsa/internal.h b/crypto/dsa/internal.h index 560ae7f333..aae32637c2 100644 --- a/crypto/dsa/internal.h +++ b/crypto/dsa/internal.h @@ -17,11 +17,29 @@ #include +#include + #if defined(__cplusplus) extern "C" { #endif +struct dsa_st { + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + + BIGNUM *pub_key; + BIGNUM *priv_key; + + // Normally used to cache montgomery values + CRYPTO_MUTEX method_mont_lock; + BN_MONT_CTX *method_mont_p; + BN_MONT_CTX *method_mont_q; + CRYPTO_refcount_t references; + CRYPTO_EX_DATA ex_data; +}; + // dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within // DoS bounds. It returns one on success and zero on error. int dsa_check_key(const DSA *dsa); diff --git a/crypto/evp/print.c b/crypto/evp/print.c index 925074e5ae..05383b72bb 100644 --- a/crypto/evp/print.c +++ b/crypto/evp/print.c @@ -194,12 +194,12 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) { static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) { const BIGNUM *priv_key = NULL; if (ptype == 2) { - priv_key = x->priv_key; + priv_key = DSA_get0_priv_key(x); } const BIGNUM *pub_key = NULL; if (ptype > 0) { - pub_key = x->pub_key; + pub_key = DSA_get0_pub_key(x); } const char *ktype = "DSA-Parameters"; @@ -210,14 +210,15 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) { } if (!BIO_indent(bp, off, 128) || - BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(x->p)) <= 0 || + BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(DSA_get0_p(x))) <= + 0 || // |priv_key| and |pub_key| may be NULL, in which case |bn_print| will // silently skip them. !bn_print(bp, "priv:", priv_key, off) || !bn_print(bp, "pub:", pub_key, off) || - !bn_print(bp, "P:", x->p, off) || - !bn_print(bp, "Q:", x->q, off) || - !bn_print(bp, "G:", x->g, off)) { + !bn_print(bp, "P:", DSA_get0_p(x), off) || + !bn_print(bp, "Q:", DSA_get0_q(x), off) || + !bn_print(bp, "G:", DSA_get0_g(x), off)) { return 0; } diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 30afd43834..4075001af2 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -62,9 +62,7 @@ #include -#include #include -#include #if defined(__cplusplus) extern "C" { @@ -398,25 +396,6 @@ OPENSSL_EXPORT DSA *DSA_generate_parameters(int bits, unsigned char *seed, void *cb_arg); -struct dsa_st { - long version; - BIGNUM *p; - BIGNUM *q; // == 20 - BIGNUM *g; - - BIGNUM *pub_key; // y public key - BIGNUM *priv_key; // x private key - - int flags; - // Normally used to cache montgomery values - CRYPTO_MUTEX method_mont_lock; - BN_MONT_CTX *method_mont_p; - BN_MONT_CTX *method_mont_q; - CRYPTO_refcount_t references; - CRYPTO_EX_DATA ex_data; -}; - - #if defined(__cplusplus) } // extern C From 9d4f833eec8205e7ad257fb7e7cb321270d3e3cb Mon Sep 17 00:00:00 2001 From: Andres Erbsen Date: Tue, 30 May 2023 01:38:35 +0000 Subject: [PATCH 04/42] Use ADX asm for Curve25519 base-point multiplication Did 75000 Ed25519 key generation operations in 1007110us (74470.5 ops/sec) [+26.9%] Did 72000 Ed25519 signing operations in 1011133us (71207.2 ops/sec) [+25.5%] Did 78000 Curve25519 base-point multiplication operations in 1006737us (77478.0 ops/sec) [+27.5%] Change-Id: I32ca2056f42f9b92af315d8381e1b72be69dd331 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60386 Commit-Queue: Andres Erbsen Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/curve25519/curve25519.c | 12 +++ crypto/curve25519/curve25519_tables.h | 2 +- crypto/curve25519/internal.h | 3 + third_party/fiat/curve25519_64_adx.h | 145 ++++++++++++++++++++++++++ 4 files changed, 161 insertions(+), 1 deletion(-) diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index ec3067b24a..d1677a69fb 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -797,6 +797,18 @@ static void table_select(ge_precomp *t, const int pos, const signed char b) { // Preconditions: // a[31] <= 127 void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { +#if defined(BORINGSSL_FE25519_ADX) + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + uint8_t t[4][32]; + x25519_ge_scalarmult_base_adx(t, a); + fiat_25519_from_bytes(h->X.v, t[0]); + fiat_25519_from_bytes(h->Y.v, t[1]); + fiat_25519_from_bytes(h->Z.v, t[2]); + fiat_25519_from_bytes(h->T.v, t[3]); + return; + } +#endif signed char e[64]; signed char carry; ge_p1p1 r; diff --git a/crypto/curve25519/curve25519_tables.h b/crypto/curve25519/curve25519_tables.h index 54b346e98e..6636a36a2d 100644 --- a/crypto/curve25519/curve25519_tables.h +++ b/crypto/curve25519/curve25519_tables.h @@ -142,7 +142,7 @@ static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = { #else // k25519Precomp[i][j] = (j+1)*256^i*B -static const uint8_t k25519Precomp[32][8][3][32] = { +const uint8_t k25519Precomp[32][8][3][32] = { { { {0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0xe, 0x8c, diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h index 4de134419f..0cd1a12aa5 100644 --- a/crypto/curve25519/internal.h +++ b/crypto/curve25519/internal.h @@ -49,6 +49,7 @@ fiat_curve25519_adx_square(uint64_t out[4], const uint64_t in[4]); // x25519_scalar_mult_adx is defined in third_party/fiat/curve25519_64_adx.h void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]); +void x25519_ge_scalarmult_base_adx(uint8_t h[4][32], const uint8_t a[32]); #endif #if defined(OPENSSL_64_BIT) @@ -154,6 +155,8 @@ struct spake2_ctx_st { }; +extern const uint8_t k25519Precomp[32][8][3][32]; + #if defined(__cplusplus) } // extern C #endif diff --git a/third_party/fiat/curve25519_64_adx.h b/third_party/fiat/curve25519_64_adx.h index af9a9f8c0a..33b697b937 100644 --- a/third_party/fiat/curve25519_64_adx.h +++ b/third_party/fiat/curve25519_64_adx.h @@ -1,3 +1,4 @@ +#include #include #include #include @@ -526,3 +527,147 @@ void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], fe4_canon(x2, x2); OPENSSL_memcpy(out, x2, sizeof(fe4)); } + +typedef struct { + fe4 X; + fe4 Y; + fe4 Z; + fe4 T; +} ge_p3_4; + +typedef struct { + fe4 yplusx; + fe4 yminusx; + fe4 xy2d; +} ge_precomp_4; + +static void inline_x25519_ge_dbl_4(ge_p3_4 *r, const ge_p3_4 *p, bool skip_t) { + // Transcribed from a Coq function proven against affine coordinates. + // https://github.com/mit-plv/fiat-crypto/blob/9943ba9e7d8f3e1c0054b2c94a5edca46ea73ef8/src/Curves/Edwards/XYZT/Basic.v#L136-L165 + fe4 trX, trZ, trT, t0, cX, cY, cZ, cT; + fe4_sq(trX, p->X); + fe4_sq(trZ, p->Y); + fe4_sq(trT, p->Z); + fe4_add(trT, trT, trT); + fe4_add(cY, p->X, p->Y); + fe4_sq(t0, cY); + fe4_add(cY, trZ, trX); + fe4_sub(cZ, trZ, trX); + fe4_sub(cX, t0, cY); + fe4_sub(cT, trT, cZ); + fe4_mul(r->X, cX, cT); + fe4_mul(r->Y, cY, cZ); + fe4_mul(r->Z, cZ, cT); + if (!skip_t) { + fe4_mul(r->T, cX, cY); + } +} + +__attribute__((always_inline)) // 4% speedup with clang14 and zen2 +static inline void +ge_p3_add_p3_precomp_4(ge_p3_4 *r, const ge_p3_4 *p, const ge_precomp_4 *q) { + fe4 A, B, C, YplusX, YminusX, D, X3, Y3, Z3, T3; + // Transcribed from a Coq function proven against affine coordinates. + // https://github.com/mit-plv/fiat-crypto/blob/a36568d1d73aff5d7accc79fd28be672882f9c17/src/Curves/Edwards/XYZT/Precomputed.v#L38-L56 + fe4_add(YplusX, p->Y, p->X); + fe4_sub(YminusX, p->Y, p->X); + fe4_mul(A, YplusX, q->yplusx); + fe4_mul(B, YminusX, q->yminusx); + fe4_mul(C, q->xy2d, p->T); + fe4_add(D, p->Z, p->Z); + fe4_sub(X3, A, B); + fe4_add(Y3, A, B); + fe4_add(Z3, D, C); + fe4_sub(T3, D, C); + fe4_mul(r->X, X3, T3); + fe4_mul(r->Y, Y3, Z3); + fe4_mul(r->Z, Z3, T3); + fe4_mul(r->T, X3, Y3); +} + +__attribute__((always_inline)) // 25% speedup with clang14 and zen2 +static inline void table_select_4(ge_precomp_4 *t, const int pos, + const signed char b) { + uint8_t bnegative = constant_time_msb_w(b); + uint8_t babs = b - ((bnegative & b) << 1); + + uint8_t t_bytes[3][32] = { + {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}}; +#if defined(__clang__) + __asm__("" : "+m" (t_bytes) : /*no inputs*/); +#endif + static_assert(sizeof(t_bytes) == sizeof(k25519Precomp[pos][0]), ""); + for (int i = 0; i < 8; i++) { + constant_time_conditional_memxor(t_bytes, k25519Precomp[pos][i], + sizeof(t_bytes), + constant_time_eq_w(babs, 1 + i)); + } + + static_assert(sizeof(t_bytes) == sizeof(ge_precomp_4), ""); + + // fe4 uses saturated 64-bit limbs, so converting from bytes is just a copy. + OPENSSL_memcpy(t, t_bytes, sizeof(ge_precomp_4)); + + fe4 xy2d_neg = {0}; + fe4_sub(xy2d_neg, xy2d_neg, t->xy2d); + constant_time_conditional_memcpy(t->yplusx, t_bytes[1], sizeof(fe4), + bnegative); + constant_time_conditional_memcpy(t->yminusx, t_bytes[0], sizeof(fe4), + bnegative); + constant_time_conditional_memcpy(t->xy2d, xy2d_neg, sizeof(fe4), bnegative); +} + +// h = a * B +// where a = a[0]+256*a[1]+...+256^31 a[31] +// B is the Ed25519 base point (x,4/5) with x positive. +// +// Preconditions: +// a[31] <= 127 +void x25519_ge_scalarmult_base_adx(uint8_t h[4][32], const uint8_t a[32]) { + signed char e[64]; + signed char carry; + + for (unsigned i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + // each e[i] is between 0 and 15 + // e[63] is between 0 and 7 + + carry = 0; + for (unsigned i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry << 4; + } + e[63] += carry; + // each e[i] is between -8 and 8 + + ge_p3_4 r = {{0}, {1}, {1}, {0}}; + for (unsigned i = 1; i < 64; i += 2) { + ge_precomp_4 t; + table_select_4(&t, i / 2, e[i]); + ge_p3_add_p3_precomp_4(&r, &r, &t); + } + + inline_x25519_ge_dbl_4(&r, &r, /*skip_t=*/true); + inline_x25519_ge_dbl_4(&r, &r, /*skip_t=*/true); + inline_x25519_ge_dbl_4(&r, &r, /*skip_t=*/true); + inline_x25519_ge_dbl_4(&r, &r, /*skip_t=*/false); + + for (unsigned i = 0; i < 64; i += 2) { + ge_precomp_4 t; + table_select_4(&t, i / 2, e[i]); + ge_p3_add_p3_precomp_4(&r, &r, &t); + } + + // fe4 uses saturated 64-bit limbs, so converting to bytes is just a copy. + // Satisfy stated precondition of fiat_25519_from_bytes; tests pass either way + fe4_canon(r.X, r.X); + fe4_canon(r.Y, r.Y); + fe4_canon(r.Z, r.Z); + fe4_canon(r.T, r.T); + static_assert(sizeof(ge_p3_4) == sizeof(uint8_t[4][32]), ""); + OPENSSL_memcpy(h, &r, sizeof(ge_p3_4)); +} From d995d82ad53133017e34b009e9c6912b2ef6aeb7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 6 Jun 2023 14:23:52 -0400 Subject: [PATCH 05/42] Add .type, .hidden, and .size to the new fiat ADX assembly .type seems to be needed for the unwind tester to report symbols correctly. I assume it does other useful things. .hidden (.private_extern on macOS) keeps it from being exported out of shared libraries. I'm not positive what .size does, but if ELF wants to know the size of the function, we should probably tell it that. Change-Id: Iaa2e4f8a72e81092ec1d81ee2177504c7dc89c76 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60465 Commit-Queue: Adam Langley Reviewed-by: Andres Erbsen Reviewed-by: Adam Langley Auto-Submit: David Benjamin --- third_party/fiat/asm/fiat_curve25519_adx_mul.S | 6 ++++++ third_party/fiat/asm/fiat_curve25519_adx_square.S | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/third_party/fiat/asm/fiat_curve25519_adx_mul.S b/third_party/fiat/asm/fiat_curve25519_adx_mul.S index acbac97b89..1d23f3f25f 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_mul.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_mul.S @@ -1,8 +1,11 @@ .text #if defined(__APPLE__) +.private_extern fiat_curve25519_adx_mul .global _fiat_curve25519_adx_mul _fiat_curve25519_adx_mul: #else +.type fiat_curve25519_adx_mul, @function +.hidden fiat_curve25519_adx_mul .global fiat_curve25519_adx_mul fiat_curve25519_adx_mul: #endif @@ -153,3 +156,6 @@ mov r15, [ rsp - 0x58 ] mov rbp, [rsp - 0x08] ret .cfi_endproc +#if defined(__ELF__) +.size fiat_curve25519_adx_mul, .-fiat_curve25519_adx_mul +#endif diff --git a/third_party/fiat/asm/fiat_curve25519_adx_square.S b/third_party/fiat/asm/fiat_curve25519_adx_square.S index 2ba3fd413a..71f9108bc0 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_square.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_square.S @@ -1,8 +1,11 @@ .text #if defined(__APPLE__) +.private_extern fiat_curve25519_adx_square .global _fiat_curve25519_adx_square _fiat_curve25519_adx_square: #else +.type fiat_curve25519_adx_square, @function +.hidden fiat_curve25519_adx_square .global fiat_curve25519_adx_square fiat_curve25519_adx_square: #endif @@ -121,3 +124,6 @@ mov r15, [ rsp - 0x58 ] mov rbp, [rsp - 0x08] ret .cfi_endproc +#if defined(__ELF__) +.size fiat_curve25519_adx_square, .-fiat_curve25519_adx_square +#endif From 99d3c228344ccad4aa29e9ecc2d0f618c9a2b384 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 3 Jun 2023 23:00:40 -0400 Subject: [PATCH 06/42] Prefix the private stack functions OpenSSL 1.1.x renamed these functions with an OPENSSL_ prefix. Unfortunately, rust-openssl uses these, losing type-safety, rather than the type-safe macros. It currently expects the old, unprefixed names due to a different bug (https://github.com/sfackler/rust-openssl/issues/1944), but to fix that, we'll need to align with the OpenSSL names. To keep the current version of rust-openssl working, I've preserved the old names that rust-openssl uses, but we should clear these out. Bug: 499 Change-Id: I3be56a54ef503620b92ce8154fafd46b2906ae63 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60505 Reviewed-by: Bob Beck Auto-Submit: David Benjamin Commit-Queue: David Benjamin Commit-Queue: Bob Beck --- crypto/stack/stack.c | 103 ++++++---- include/openssl/stack.h | 437 +++++++++++++++++++++------------------- 2 files changed, 294 insertions(+), 246 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index c81afcbb79..4f4f1dfc23 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -65,16 +65,30 @@ #include "../internal.h" +struct stack_st { + // num contains the number of valid pointers in |data|. + size_t num; + void **data; + // sorted is non-zero if the values pointed to by |data| are in ascending + // order, based on |comp|. + int sorted; + // num_alloc contains the number of pointers allocated in the buffer pointed + // to by |data|, which may be larger than |num|. + size_t num_alloc; + // comp is an optional comparison function. + OPENSSL_sk_cmp_func comp; +}; + // kMinSize is the number of pointers that will be initially allocated in a new // stack. static const size_t kMinSize = 4; -_STACK *sk_new(OPENSSL_sk_cmp_func comp) { - _STACK *ret = OPENSSL_malloc(sizeof(_STACK)); +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) { + OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(_STACK)); + OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); ret->data = OPENSSL_malloc(sizeof(void *) * kMinSize); if (ret->data == NULL) { @@ -93,16 +107,16 @@ _STACK *sk_new(OPENSSL_sk_cmp_func comp) { return NULL; } -_STACK *sk_new_null(void) { return sk_new(NULL); } +OPENSSL_STACK *OPENSSL_sk_new_null(void) { return OPENSSL_sk_new(NULL); } -size_t sk_num(const _STACK *sk) { +size_t OPENSSL_sk_num(const OPENSSL_STACK *sk) { if (sk == NULL) { return 0; } return sk->num; } -void sk_zero(_STACK *sk) { +void OPENSSL_sk_zero(OPENSSL_STACK *sk) { if (sk == NULL || sk->num == 0) { return; } @@ -111,21 +125,21 @@ void sk_zero(_STACK *sk) { sk->sorted = 0; } -void *sk_value(const _STACK *sk, size_t i) { +void *OPENSSL_sk_value(const OPENSSL_STACK *sk, size_t i) { if (!sk || i >= sk->num) { return NULL; } return sk->data[i]; } -void *sk_set(_STACK *sk, size_t i, void *value) { +void *OPENSSL_sk_set(OPENSSL_STACK *sk, size_t i, void *value) { if (!sk || i >= sk->num) { return NULL; } return sk->data[i] = value; } -void sk_free(_STACK *sk) { +void OPENSSL_sk_free(OPENSSL_STACK *sk) { if (sk == NULL) { return; } @@ -133,8 +147,9 @@ void sk_free(_STACK *sk) { OPENSSL_free(sk); } -void sk_pop_free_ex(_STACK *sk, OPENSSL_sk_call_free_func call_free_func, - OPENSSL_sk_free_func free_func) { +void OPENSSL_sk_pop_free_ex(OPENSSL_STACK *sk, + OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func) { if (sk == NULL) { return; } @@ -144,7 +159,7 @@ void sk_pop_free_ex(_STACK *sk, OPENSSL_sk_call_free_func call_free_func, call_free_func(free_func, sk->data[i]); } } - sk_free(sk); + OPENSSL_sk_free(sk); } // Historically, |sk_pop_free| called the function as |OPENSSL_sk_free_func| @@ -154,11 +169,11 @@ static void call_free_func_legacy(OPENSSL_sk_free_func func, void *ptr) { func(ptr); } -void sk_pop_free(_STACK *sk, OPENSSL_sk_free_func free_func) { - sk_pop_free_ex(sk, call_free_func_legacy, free_func); +void sk_pop_free(OPENSSL_STACK *sk, OPENSSL_sk_free_func free_func) { + OPENSSL_sk_pop_free_ex(sk, call_free_func_legacy, free_func); } -size_t sk_insert(_STACK *sk, void *p, size_t where) { +size_t OPENSSL_sk_insert(OPENSSL_STACK *sk, void *p, size_t where) { if (sk == NULL) { return 0; } @@ -208,7 +223,7 @@ size_t sk_insert(_STACK *sk, void *p, size_t where) { return sk->num; } -void *sk_delete(_STACK *sk, size_t where) { +void *OPENSSL_sk_delete(OPENSSL_STACK *sk, size_t where) { void *ret; if (!sk || where >= sk->num) { @@ -226,22 +241,23 @@ void *sk_delete(_STACK *sk, size_t where) { return ret; } -void *sk_delete_ptr(_STACK *sk, const void *p) { +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *sk, const void *p) { if (sk == NULL) { return NULL; } for (size_t i = 0; i < sk->num; i++) { if (sk->data[i] == p) { - return sk_delete(sk, i); + return OPENSSL_sk_delete(sk, i); } } return NULL; } -void sk_delete_if(_STACK *sk, OPENSSL_sk_call_delete_if_func call_func, - OPENSSL_sk_delete_if_func func, void *data) { +void OPENSSL_sk_delete_if(OPENSSL_STACK *sk, + OPENSSL_sk_call_delete_if_func call_func, + OPENSSL_sk_delete_if_func func, void *data) { if (sk == NULL) { return; } @@ -256,8 +272,8 @@ void sk_delete_if(_STACK *sk, OPENSSL_sk_call_delete_if_func call_func, sk->num = new_num; } -int sk_find(const _STACK *sk, size_t *out_index, const void *p, - OPENSSL_sk_call_cmp_func call_cmp_func) { +int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index, const void *p, + OPENSSL_sk_call_cmp_func call_cmp_func) { if (sk == NULL) { return 0; } @@ -279,7 +295,7 @@ int sk_find(const _STACK *sk, size_t *out_index, const void *p, return 0; } - if (!sk_is_sorted(sk)) { + if (!OPENSSL_sk_is_sorted(sk)) { for (size_t i = 0; i < sk->num; i++) { const void *elem = sk->data[i]; if (call_cmp_func(sk->comp, &p, &elem) == 0) { @@ -327,38 +343,40 @@ int sk_find(const _STACK *sk, size_t *out_index, const void *p, return 0; // Not found. } -void *sk_shift(_STACK *sk) { +void *OPENSSL_sk_shift(OPENSSL_STACK *sk) { if (sk == NULL) { return NULL; } if (sk->num == 0) { return NULL; } - return sk_delete(sk, 0); + return OPENSSL_sk_delete(sk, 0); } -size_t sk_push(_STACK *sk, void *p) { return (sk_insert(sk, p, sk->num)); } +size_t OPENSSL_sk_push(OPENSSL_STACK *sk, void *p) { + return OPENSSL_sk_insert(sk, p, sk->num); +} -void *sk_pop(_STACK *sk) { +void *OPENSSL_sk_pop(OPENSSL_STACK *sk) { if (sk == NULL) { return NULL; } if (sk->num == 0) { return NULL; } - return sk_delete(sk, sk->num - 1); + return OPENSSL_sk_delete(sk, sk->num - 1); } -_STACK *sk_dup(const _STACK *sk) { +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { if (sk == NULL) { return NULL; } - _STACK *ret = OPENSSL_malloc(sizeof(_STACK)); + OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(_STACK)); + OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); ret->data = OPENSSL_malloc(sizeof(void *) * sk->num_alloc); if (ret->data == NULL) { @@ -373,7 +391,7 @@ _STACK *sk_dup(const _STACK *sk) { return ret; err: - sk_free(ret); + OPENSSL_sk_free(ret); return NULL; } @@ -389,7 +407,8 @@ static int sort_compare(void *ctx_v, const void *a, const void *b) { } #endif -void sk_sort(_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func) { +void OPENSSL_sk_sort(OPENSSL_STACK *sk, + OPENSSL_sk_call_cmp_func call_cmp_func) { if (sk == NULL || sk->comp == NULL || sk->sorted) { return; } @@ -418,7 +437,7 @@ void sk_sort(_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func) { sk->sorted = 1; } -int sk_is_sorted(const _STACK *sk) { +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *sk) { if (!sk) { return 1; } @@ -426,7 +445,8 @@ int sk_is_sorted(const _STACK *sk) { return sk->sorted || (sk->comp != NULL && sk->num < 2); } -OPENSSL_sk_cmp_func sk_set_cmp_func(_STACK *sk, OPENSSL_sk_cmp_func comp) { +OPENSSL_sk_cmp_func OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_cmp_func comp) { OPENSSL_sk_cmp_func old = sk->comp; if (sk->comp != comp) { @@ -437,11 +457,12 @@ OPENSSL_sk_cmp_func sk_set_cmp_func(_STACK *sk, OPENSSL_sk_cmp_func comp) { return old; } -_STACK *sk_deep_copy(const _STACK *sk, OPENSSL_sk_call_copy_func call_copy_func, - OPENSSL_sk_copy_func copy_func, - OPENSSL_sk_call_free_func call_free_func, - OPENSSL_sk_free_func free_func) { - _STACK *ret = sk_dup(sk); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, + OPENSSL_sk_call_copy_func call_copy_func, + OPENSSL_sk_copy_func copy_func, + OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func) { + OPENSSL_STACK *ret = OPENSSL_sk_dup(sk); if (ret == NULL) { return NULL; } @@ -457,7 +478,7 @@ _STACK *sk_deep_copy(const _STACK *sk, OPENSSL_sk_call_copy_func call_copy_func, call_free_func(free_func, ret->data[j]); } } - sk_free(ret); + OPENSSL_sk_free(ret); return NULL; } } diff --git a/include/openssl/stack.h b/include/openssl/stack.h index 2774e86830..ce92be67e8 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -245,8 +245,11 @@ STACK_OF(SAMPLE) *sk_SAMPLE_deep_copy(const STACK_OF(SAMPLE) *sk, // Private functions. // -// TODO(https://crbug.com/boringssl/499): Rename to |OPENSSL_sk_foo|, after -// external code that calls them is fixed. +// The |sk_*| functions generated above are implemented internally using the +// type-erased functions below. Callers should use the typed wrappers instead. +// When using the type-erased functions, callers are responsible for ensuring +// the underlying types are correct. Casting pointers to the wrong types will +// result in memory errors. // OPENSSL_sk_free_func is a function that frees an element in a stack. Note its // actual type is void (*)(T *) for some T. Low-level |sk_*| functions will be @@ -282,63 +285,83 @@ typedef int (*OPENSSL_sk_call_cmp_func)(OPENSSL_sk_cmp_func, typedef int (*OPENSSL_sk_call_delete_if_func)(OPENSSL_sk_delete_if_func, void *, void *); -// stack_st contains an array of pointers. It is not designed to be used +// An OPENSSL_STACK contains an array of pointers. It is not designed to be used // directly, rather the wrapper macros should be used. -typedef struct stack_st { - // num contains the number of valid pointers in |data|. - size_t num; - void **data; - // sorted is non-zero if the values pointed to by |data| are in ascending - // order, based on |comp|. - int sorted; - // num_alloc contains the number of pointers allocated in the buffer pointed - // to by |data|, which may be larger than |num|. - size_t num_alloc; - // comp is an optional comparison function. - OPENSSL_sk_cmp_func comp; -} _STACK; +typedef struct stack_st OPENSSL_STACK; // The following are raw stack functions. They implement the corresponding typed // |sk_SAMPLE_*| functions generated by |DEFINE_STACK_OF|. Callers shouldn't be // using them. Rather, callers should use the typed functions. -OPENSSL_EXPORT _STACK *sk_new(OPENSSL_sk_cmp_func comp); -OPENSSL_EXPORT _STACK *sk_new_null(void); -OPENSSL_EXPORT size_t sk_num(const _STACK *sk); -OPENSSL_EXPORT void sk_zero(_STACK *sk); -OPENSSL_EXPORT void *sk_value(const _STACK *sk, size_t i); -OPENSSL_EXPORT void *sk_set(_STACK *sk, size_t i, void *p); -OPENSSL_EXPORT void sk_free(_STACK *sk); -OPENSSL_EXPORT void sk_pop_free_ex(_STACK *sk, - OPENSSL_sk_call_free_func call_free_func, - OPENSSL_sk_free_func free_func); -OPENSSL_EXPORT size_t sk_insert(_STACK *sk, void *p, size_t where); -OPENSSL_EXPORT void *sk_delete(_STACK *sk, size_t where); -OPENSSL_EXPORT void *sk_delete_ptr(_STACK *sk, const void *p); -OPENSSL_EXPORT void sk_delete_if(_STACK *sk, - OPENSSL_sk_call_delete_if_func call_func, - OPENSSL_sk_delete_if_func func, void *data); -OPENSSL_EXPORT int sk_find(const _STACK *sk, size_t *out_index, const void *p, - OPENSSL_sk_call_cmp_func call_cmp_func); -OPENSSL_EXPORT void *sk_shift(_STACK *sk); -OPENSSL_EXPORT size_t sk_push(_STACK *sk, void *p); -OPENSSL_EXPORT void *sk_pop(_STACK *sk); -OPENSSL_EXPORT _STACK *sk_dup(const _STACK *sk); -OPENSSL_EXPORT void sk_sort(_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func); -OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk); -OPENSSL_EXPORT OPENSSL_sk_cmp_func sk_set_cmp_func(_STACK *sk, - OPENSSL_sk_cmp_func comp); -OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, - OPENSSL_sk_call_copy_func call_copy_func, - OPENSSL_sk_copy_func copy_func, - OPENSSL_sk_call_free_func call_free_func, - OPENSSL_sk_free_func free_func); +OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp); +OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_EXPORT size_t OPENSSL_sk_num(const OPENSSL_STACK *sk); +OPENSSL_EXPORT void OPENSSL_sk_zero(OPENSSL_STACK *sk); +OPENSSL_EXPORT void *OPENSSL_sk_value(const OPENSSL_STACK *sk, size_t i); +OPENSSL_EXPORT void *OPENSSL_sk_set(OPENSSL_STACK *sk, size_t i, void *p); +OPENSSL_EXPORT void OPENSSL_sk_free(OPENSSL_STACK *sk); +OPENSSL_EXPORT void OPENSSL_sk_pop_free_ex( + OPENSSL_STACK *sk, OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func); +OPENSSL_EXPORT size_t OPENSSL_sk_insert(OPENSSL_STACK *sk, void *p, + size_t where); +OPENSSL_EXPORT void *OPENSSL_sk_delete(OPENSSL_STACK *sk, size_t where); +OPENSSL_EXPORT void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *sk, const void *p); +OPENSSL_EXPORT void OPENSSL_sk_delete_if( + OPENSSL_STACK *sk, OPENSSL_sk_call_delete_if_func call_func, + OPENSSL_sk_delete_if_func func, void *data); +OPENSSL_EXPORT int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index, + const void *p, + OPENSSL_sk_call_cmp_func call_cmp_func); +OPENSSL_EXPORT void *OPENSSL_sk_shift(OPENSSL_STACK *sk); +OPENSSL_EXPORT size_t OPENSSL_sk_push(OPENSSL_STACK *sk, void *p); +OPENSSL_EXPORT void *OPENSSL_sk_pop(OPENSSL_STACK *sk); +OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk); +OPENSSL_EXPORT void OPENSSL_sk_sort(OPENSSL_STACK *sk, + OPENSSL_sk_call_cmp_func call_cmp_func); +OPENSSL_EXPORT int OPENSSL_sk_is_sorted(const OPENSSL_STACK *sk); +OPENSSL_EXPORT OPENSSL_sk_cmp_func +OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_cmp_func comp); +OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_deep_copy( + const OPENSSL_STACK *sk, OPENSSL_sk_call_copy_func call_copy_func, + OPENSSL_sk_copy_func copy_func, OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func); + + +// Deprecated private functions (hidden). +// +// TODO(crbug.com/boringssl/499): Migrate callers to the typed wrappers, or at +// least the new names and remove the old ones. + +typedef OPENSSL_STACK _STACK; + +OPENSSL_INLINE OPENSSL_STACK *sk_new_null(void) { + return OPENSSL_sk_new_null(); +} + +OPENSSL_INLINE size_t sk_num(const OPENSSL_STACK *sk) { + return OPENSSL_sk_num(sk); +} + +OPENSSL_INLINE void *sk_value(const OPENSSL_STACK *sk, size_t i) { + return OPENSSL_sk_value(sk, i); +} + +OPENSSL_INLINE void sk_free(OPENSSL_STACK *sk) { OPENSSL_sk_free(sk); } + +OPENSSL_INLINE size_t sk_push(OPENSSL_STACK *sk, void *p) { + return OPENSSL_sk_push(sk, p); +} + +OPENSSL_INLINE void *sk_pop(OPENSSL_STACK *sk) { return OPENSSL_sk_pop(sk); } // sk_pop_free behaves like |sk_pop_free_ex| but performs an invalid function // pointer cast. It exists because some existing callers called |sk_pop_free| // directly. // // TODO(davidben): Migrate callers to bssl::UniquePtr and remove this. -OPENSSL_EXPORT void sk_pop_free(_STACK *sk, OPENSSL_sk_free_func free_func); +OPENSSL_EXPORT void sk_pop_free(OPENSSL_STACK *sk, + OPENSSL_sk_free_func free_func); + #if !defined(BORINGSSL_NO_CXX) extern "C++" { @@ -368,153 +391,154 @@ BSSL_NAMESPACE_END #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) #endif -#define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \ - /* We disable MSVC C4191 in this macro, which warns when pointers are cast \ - * to the wrong type. While the cast itself is valid, it is often a bug \ - * because calling it through the cast is UB. However, we never actually \ - * call functions as |OPENSSL_sk_cmp_func|. The type is just a type-erased \ - * function pointer. (C does not guarantee function pointers fit in \ - * |void*|, and GCC will warn on this.) Thus we just disable the false \ - * positive warning. */ \ - OPENSSL_MSVC_PRAGMA(warning(push)) \ - OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \ - \ - DECLARE_STACK_OF(name) \ - \ - typedef void (*sk_##name##_free_func)(ptrtype); \ - typedef ptrtype (*sk_##name##_copy_func)(constptrtype); \ - typedef int (*sk_##name##_cmp_func)(constptrtype const *, \ - constptrtype const *); \ - typedef int (*sk_##name##_delete_if_func)(ptrtype, void *); \ - \ - OPENSSL_INLINE void sk_##name##_call_free_func( \ - OPENSSL_sk_free_func free_func, void *ptr) { \ - ((sk_##name##_free_func)free_func)((ptrtype)ptr); \ - } \ - \ - OPENSSL_INLINE void *sk_##name##_call_copy_func( \ - OPENSSL_sk_copy_func copy_func, const void *ptr) { \ - return (void *)((sk_##name##_copy_func)copy_func)((constptrtype)ptr); \ - } \ - \ - OPENSSL_INLINE int sk_##name##_call_cmp_func(OPENSSL_sk_cmp_func cmp_func, \ - const void *const *a, \ - const void *const *b) { \ - /* The data is actually stored as |void*| pointers, so read the pointer \ - * as |void*| and then pass the corrected type into the caller-supplied \ - * function, which expects |constptrtype*|. */ \ - constptrtype a_ptr = (constptrtype)*a; \ - constptrtype b_ptr = (constptrtype)*b; \ - return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ - } \ - \ - OPENSSL_INLINE int sk_##name##_call_delete_if_func( \ - OPENSSL_sk_delete_if_func func, void *obj, void *data) { \ - return ((sk_##name##_delete_if_func)func)((ptrtype)obj, data); \ - } \ - \ - OPENSSL_INLINE STACK_OF(name) *sk_##name##_new(sk_##name##_cmp_func comp) { \ - return (STACK_OF(name) *)sk_new((OPENSSL_sk_cmp_func)comp); \ - } \ - \ - OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \ - return (STACK_OF(name) *)sk_new_null(); \ - } \ - \ - OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \ - return sk_num((const _STACK *)sk); \ - } \ - \ - OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \ - sk_zero((_STACK *)sk); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \ - size_t i) { \ - return (ptrtype)sk_value((const _STACK *)sk, i); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \ - ptrtype p) { \ - return (ptrtype)sk_set((_STACK *)sk, i, (void *)p); \ - } \ - \ - OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \ - sk_free((_STACK *)sk); \ - } \ - \ - OPENSSL_INLINE void sk_##name##_pop_free(STACK_OF(name) *sk, \ - sk_##name##_free_func free_func) { \ - sk_pop_free_ex((_STACK *)sk, sk_##name##_call_free_func, \ - (OPENSSL_sk_free_func)free_func); \ - } \ - \ - OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \ - size_t where) { \ - return sk_insert((_STACK *)sk, (void *)p, where); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \ - size_t where) { \ - return (ptrtype)sk_delete((_STACK *)sk, where); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \ - constptrtype p) { \ - return (ptrtype)sk_delete_ptr((_STACK *)sk, (const void *)p); \ - } \ - \ - OPENSSL_INLINE void sk_##name##_delete_if( \ - STACK_OF(name) *sk, sk_##name##_delete_if_func func, void *data) { \ - sk_delete_if((_STACK *)sk, sk_##name##_call_delete_if_func, \ - (OPENSSL_sk_delete_if_func)func, data); \ - } \ - \ - OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \ - size_t *out_index, constptrtype p) { \ - return sk_find((const _STACK *)sk, out_index, (const void *)p, \ - sk_##name##_call_cmp_func); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \ - return (ptrtype)sk_shift((_STACK *)sk); \ - } \ - \ - OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \ - return sk_push((_STACK *)sk, (void *)p); \ - } \ - \ - OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \ - return (ptrtype)sk_pop((_STACK *)sk); \ - } \ - \ - OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \ - return (STACK_OF(name) *)sk_dup((const _STACK *)sk); \ - } \ - \ - OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \ - sk_sort((_STACK *)sk, sk_##name##_call_cmp_func); \ - } \ - \ - OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \ - return sk_is_sorted((const _STACK *)sk); \ - } \ - \ - OPENSSL_INLINE sk_##name##_cmp_func sk_##name##_set_cmp_func( \ - STACK_OF(name) *sk, sk_##name##_cmp_func comp) { \ - return (sk_##name##_cmp_func)sk_set_cmp_func((_STACK *)sk, \ - (OPENSSL_sk_cmp_func)comp); \ - } \ - \ - OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \ - const STACK_OF(name) *sk, sk_##name##_copy_func copy_func, \ - sk_##name##_free_func free_func) { \ - return (STACK_OF(name) *)sk_deep_copy( \ - (const _STACK *)sk, sk_##name##_call_copy_func, \ - (OPENSSL_sk_copy_func)copy_func, sk_##name##_call_free_func, \ - (OPENSSL_sk_free_func)free_func); \ - } \ - \ +#define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \ + /* We disable MSVC C4191 in this macro, which warns when pointers are cast \ + * to the wrong type. While the cast itself is valid, it is often a bug \ + * because calling it through the cast is UB. However, we never actually \ + * call functions as |OPENSSL_sk_cmp_func|. The type is just a type-erased \ + * function pointer. (C does not guarantee function pointers fit in \ + * |void*|, and GCC will warn on this.) Thus we just disable the false \ + * positive warning. */ \ + OPENSSL_MSVC_PRAGMA(warning(push)) \ + OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \ + \ + DECLARE_STACK_OF(name) \ + \ + typedef void (*sk_##name##_free_func)(ptrtype); \ + typedef ptrtype (*sk_##name##_copy_func)(constptrtype); \ + typedef int (*sk_##name##_cmp_func)(constptrtype const *, \ + constptrtype const *); \ + typedef int (*sk_##name##_delete_if_func)(ptrtype, void *); \ + \ + OPENSSL_INLINE void sk_##name##_call_free_func( \ + OPENSSL_sk_free_func free_func, void *ptr) { \ + ((sk_##name##_free_func)free_func)((ptrtype)ptr); \ + } \ + \ + OPENSSL_INLINE void *sk_##name##_call_copy_func( \ + OPENSSL_sk_copy_func copy_func, const void *ptr) { \ + return (void *)((sk_##name##_copy_func)copy_func)((constptrtype)ptr); \ + } \ + \ + OPENSSL_INLINE int sk_##name##_call_cmp_func(OPENSSL_sk_cmp_func cmp_func, \ + const void *const *a, \ + const void *const *b) { \ + /* The data is actually stored as |void*| pointers, so read the pointer \ + * as |void*| and then pass the corrected type into the caller-supplied \ + * function, which expects |constptrtype*|. */ \ + constptrtype a_ptr = (constptrtype)*a; \ + constptrtype b_ptr = (constptrtype)*b; \ + return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ + } \ + \ + OPENSSL_INLINE int sk_##name##_call_delete_if_func( \ + OPENSSL_sk_delete_if_func func, void *obj, void *data) { \ + return ((sk_##name##_delete_if_func)func)((ptrtype)obj, data); \ + } \ + \ + OPENSSL_INLINE STACK_OF(name) *sk_##name##_new(sk_##name##_cmp_func comp) { \ + return (STACK_OF(name) *)OPENSSL_sk_new((OPENSSL_sk_cmp_func)comp); \ + } \ + \ + OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \ + return (STACK_OF(name) *)OPENSSL_sk_new_null(); \ + } \ + \ + OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \ + size_t i) { \ + return (ptrtype)OPENSSL_sk_value((const OPENSSL_STACK *)sk, i); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \ + ptrtype p) { \ + return (ptrtype)OPENSSL_sk_set((OPENSSL_STACK *)sk, i, (void *)p); \ + } \ + \ + OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE void sk_##name##_pop_free(STACK_OF(name) *sk, \ + sk_##name##_free_func free_func) { \ + OPENSSL_sk_pop_free_ex((OPENSSL_STACK *)sk, sk_##name##_call_free_func, \ + (OPENSSL_sk_free_func)free_func); \ + } \ + \ + OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \ + size_t where) { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (void *)p, where); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \ + size_t where) { \ + return (ptrtype)OPENSSL_sk_delete((OPENSSL_STACK *)sk, where); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \ + constptrtype p) { \ + return (ptrtype)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)p); \ + } \ + \ + OPENSSL_INLINE void sk_##name##_delete_if( \ + STACK_OF(name) *sk, sk_##name##_delete_if_func func, void *data) { \ + OPENSSL_sk_delete_if((OPENSSL_STACK *)sk, sk_##name##_call_delete_if_func, \ + (OPENSSL_sk_delete_if_func)func, data); \ + } \ + \ + OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \ + size_t *out_index, constptrtype p) { \ + return OPENSSL_sk_find((const OPENSSL_STACK *)sk, out_index, \ + (const void *)p, sk_##name##_call_cmp_func); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \ + return (ptrtype)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (void *)p); \ + } \ + \ + OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \ + return (ptrtype)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \ + return (STACK_OF(name) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk, sk_##name##_call_cmp_func); \ + } \ + \ + OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + \ + OPENSSL_INLINE sk_##name##_cmp_func sk_##name##_set_cmp_func( \ + STACK_OF(name) *sk, sk_##name##_cmp_func comp) { \ + return (sk_##name##_cmp_func)OPENSSL_sk_set_cmp_func( \ + (OPENSSL_STACK *)sk, (OPENSSL_sk_cmp_func)comp); \ + } \ + \ + OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \ + const STACK_OF(name) *sk, sk_##name##_copy_func copy_func, \ + sk_##name##_free_func free_func) { \ + return (STACK_OF(name) *)OPENSSL_sk_deep_copy( \ + (const OPENSSL_STACK *)sk, sk_##name##_call_copy_func, \ + (OPENSSL_sk_copy_func)copy_func, sk_##name##_call_free_func, \ + (OPENSSL_sk_free_func)free_func); \ + } \ + \ OPENSSL_MSVC_PRAGMA(warning(pop)) @@ -542,7 +566,9 @@ namespace internal { // Stacks defined with |DEFINE_CONST_STACK_OF| are freed with |sk_free|. template struct DeleterImpl::kIsConst>> { - static void Free(Stack *sk) { sk_free(reinterpret_cast<_STACK *>(sk)); } + static void Free(Stack *sk) { + OPENSSL_sk_free(reinterpret_cast(sk)); + } }; // Stacks defined with |DEFINE_STACK_OF| are freed with |sk_pop_free| and the @@ -553,11 +579,12 @@ struct DeleterImpl::kIsConst>> { // sk_FOO_pop_free is defined by macros and bound by name, so we cannot // access it from C++ here. using Type = typename StackTraits::Type; - sk_pop_free_ex(reinterpret_cast<_STACK *>(sk), - [](OPENSSL_sk_free_func /* unused */, void *ptr) { - DeleterImpl::Free(reinterpret_cast(ptr)); - }, - nullptr); + OPENSSL_sk_pop_free_ex( + reinterpret_cast(sk), + [](OPENSSL_sk_free_func /* unused */, void *ptr) { + DeleterImpl::Free(reinterpret_cast(ptr)); + }, + nullptr); } }; @@ -578,7 +605,7 @@ class StackIteratorImpl { Type *operator*() const { return reinterpret_cast( - sk_value(reinterpret_cast(sk_), idx_)); + OPENSSL_sk_value(reinterpret_cast(sk_), idx_)); } StackIteratorImpl &operator++(/* prefix */) { @@ -609,10 +636,10 @@ template inline std::enable_if_t::kIsConst, bool> PushToStack(Stack *sk, UniquePtr::Type> elem) { - if (!sk_push(reinterpret_cast<_STACK *>(sk), elem.get())) { + if (!OPENSSL_sk_push(reinterpret_cast(sk), elem.get())) { return false; } - // sk_push takes ownership on success. + // OPENSSL_sk_push takes ownership on success. elem.release(); return true; } @@ -628,7 +655,7 @@ inline bssl::internal::StackIterator begin(const Stack *sk) { template inline bssl::internal::StackIterator end(const Stack *sk) { return bssl::internal::StackIterator( - sk, sk_num(reinterpret_cast(sk))); + sk, OPENSSL_sk_num(reinterpret_cast(sk))); } } // extern C++ From 9dcc97dcdaa29dbe7698d76749954d0635e63234 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 7 Jun 2023 12:24:10 -0400 Subject: [PATCH 07/42] Add fiat_curve25519_adx.S to generate_build_files.py We have too many build systems and need to unify the source of truth between them. Change-Id: If8a71f400dd478f8890ff56062210295d5e6785e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60545 Commit-Queue: Adam Langley Auto-Submit: David Benjamin Reviewed-by: Adam Langley --- util/generate_build_files.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 386910b15b..2dae9cdaac 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -45,12 +45,16 @@ # NON_PERL_FILES enumerates assembly files that are not processed by the # perlasm system. NON_PERL_FILES = { + ('apple', 'x86_64'): [ + 'src/crypto/curve25519/asm/fiat_curve25519_adx.S', + ], ('linux', 'arm'): [ 'src/crypto/curve25519/asm/x25519-asm-arm.S', 'src/crypto/poly1305/poly1305_arm_asm.S', ], ('linux', 'x86_64'): [ 'src/crypto/hrss/asm/poly_rq_mul.S', + 'src/crypto/curve25519/asm/fiat_curve25519_adx.S', ], } From 9d48902108d2ed0b04ea862d7d3aa8bf14e17f47 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 6 Jun 2023 19:34:39 -0400 Subject: [PATCH 08/42] Remove a pointer indirection in STACK_OF(T) comparisons At the public API, the comparison functions are a double pointer to match qsort. qsort comparators are passed pointers to the list elements, and our list elements are T*. qsort needs this indirection because it can sort values of arbitrary size. However, our type-erased versions have no such constraints. Since we know our all elements are pointers, we can skip the indirection. Change-Id: Ibb102b51a5aaf0a68a7318bf14ec8f4f9c7a3daf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60506 Reviewed-by: Bob Beck Commit-Queue: David Benjamin --- crypto/stack/stack.c | 11 ++++++----- include/openssl/stack.h | 16 ++++++---------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 4f4f1dfc23..a11533ed51 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -297,8 +297,7 @@ int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index, const void *p, if (!OPENSSL_sk_is_sorted(sk)) { for (size_t i = 0; i < sk->num; i++) { - const void *elem = sk->data[i]; - if (call_cmp_func(sk->comp, &p, &elem) == 0) { + if (call_cmp_func(sk->comp, p, sk->data[i]) == 0) { if (out_index) { *out_index = i; } @@ -317,8 +316,7 @@ int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index, const void *p, // Bias |mid| towards |lo|. See the |r == 0| case below. size_t mid = lo + (hi - lo - 1) / 2; assert(lo <= mid && mid < hi); - const void *elem = sk->data[mid]; - int r = call_cmp_func(sk->comp, &p, &elem); + int r = call_cmp_func(sk->comp, p, sk->data[mid]); if (r > 0) { lo = mid + 1; // |mid| is too low. } else if (r < 0) { @@ -403,7 +401,10 @@ struct sort_compare_ctx { static int sort_compare(void *ctx_v, const void *a, const void *b) { struct sort_compare_ctx *ctx = ctx_v; - return ctx->call_cmp_func(ctx->cmp_func, a, b); + // |a| and |b| point to |void*| pointers which contain the actual values. + const void *const *a_ptr = a; + const void *const *b_ptr = b; + return ctx->call_cmp_func(ctx->cmp_func, *a_ptr, *b_ptr); } #endif diff --git a/include/openssl/stack.h b/include/openssl/stack.h index ce92be67e8..7d5d4d7e33 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -279,9 +279,8 @@ typedef int (*OPENSSL_sk_delete_if_func)(void *obj, void *data); // true types. typedef void (*OPENSSL_sk_call_free_func)(OPENSSL_sk_free_func, void *); typedef void *(*OPENSSL_sk_call_copy_func)(OPENSSL_sk_copy_func, const void *); -typedef int (*OPENSSL_sk_call_cmp_func)(OPENSSL_sk_cmp_func, - const void *const *, - const void *const *); +typedef int (*OPENSSL_sk_call_cmp_func)(OPENSSL_sk_cmp_func, const void *, + const void *); typedef int (*OPENSSL_sk_call_delete_if_func)(OPENSSL_sk_delete_if_func, void *, void *); @@ -421,13 +420,10 @@ BSSL_NAMESPACE_END } \ \ OPENSSL_INLINE int sk_##name##_call_cmp_func(OPENSSL_sk_cmp_func cmp_func, \ - const void *const *a, \ - const void *const *b) { \ - /* The data is actually stored as |void*| pointers, so read the pointer \ - * as |void*| and then pass the corrected type into the caller-supplied \ - * function, which expects |constptrtype*|. */ \ - constptrtype a_ptr = (constptrtype)*a; \ - constptrtype b_ptr = (constptrtype)*b; \ + const void *a, const void *b) { \ + constptrtype a_ptr = (constptrtype)a; \ + constptrtype b_ptr = (constptrtype)b; \ + /* |cmp_func| expects an extra layer of pointers to match qsort. */ \ return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ } \ \ From 1340a5b2dd886e07509d26a85e569cdfc30d790a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 6 Jun 2023 20:16:58 -0400 Subject: [PATCH 09/42] Give up on qsort for sk_FOO_sort OpenSSL's API constraints are such that sk_FOO_sort must take a comparison function of type int (*cmp)(const FOO *const *a, const FOO *const *b) However qsort expects a comparison function of type int (*cmp)(const void *a, const void *b) In C, it is UB to cast a function pointer to a different type and call it, even if the underlying calling conventions are the same. Moreover, as qsort doesn't take a context parameter on its comparisons, we cannot do the usual convention with closures in C. qsort_r and qsort_s would avoid this, but they are unusable. Too many libcs don't have them, and those that do define them inconsistently. See https://stackoverflow.com/a/39561369 It seems this UB has finally hit a sanitizer in fxbug.dev/128274. Irritating as it is to not even have a working sort function, I think the easiest option is to just give up on qsort. As we did with bsearch in https://boringssl-review.googlesource.com/c/boringssl/+/35304, just implement an in-place heap sort ourselves. Bug: fxbug.dev/128274 Change-Id: I9de6b4018bf635da0d0c5a680bd7811d297b0bb3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60507 Commit-Queue: David Benjamin Reviewed-by: Bob Beck --- crypto/stack/stack.c | 92 +++++++++++++++++++++++++------------- crypto/stack/stack_test.cc | 36 +++++++++++++++ 2 files changed, 98 insertions(+), 30 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index a11533ed51..6b4f8bc739 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -393,20 +393,52 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { return NULL; } -#if defined(_MSC_VER) -struct sort_compare_ctx { - OPENSSL_sk_call_cmp_func call_cmp_func; - OPENSSL_sk_cmp_func cmp_func; -}; +static size_t parent_idx(size_t idx) { + assert(idx > 0); + return (idx - 1) / 2; +} -static int sort_compare(void *ctx_v, const void *a, const void *b) { - struct sort_compare_ctx *ctx = ctx_v; - // |a| and |b| point to |void*| pointers which contain the actual values. - const void *const *a_ptr = a; - const void *const *b_ptr = b; - return ctx->call_cmp_func(ctx->cmp_func, *a_ptr, *b_ptr); +static size_t left_idx(size_t idx) { + // The largest possible index is |PTRDIFF_MAX|, not |SIZE_MAX|. If + // |ptrdiff_t|, a signed type, is the same size as |size_t|, this cannot + // overflow. + assert(idx <= PTRDIFF_MAX); + static_assert(PTRDIFF_MAX <= (SIZE_MAX - 1) / 2, "2 * idx + 1 may oveflow"); + return 2 * idx + 1; +} + +// down_heap fixes the subtree rooted at |i|. |i|'s children must each satisfy +// the heap property. Only the first |num| elements of |sk| are considered. +static void down_heap(OPENSSL_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func, + size_t i, size_t num) { + assert(i < num && num <= sk->num); + for (;;) { + size_t left = left_idx(i); + if (left >= num) { + break; // No left child. + } + + // Swap |i| with the largest of its children. + size_t next = i; + if (call_cmp_func(sk->comp, sk->data[next], sk->data[left]) < 0) { + next = left; + } + size_t right = left + 1; // Cannot overflow because |left < num|. + if (right < num && + call_cmp_func(sk->comp, sk->data[next], sk->data[right]) < 0) { + next = right; + } + + if (i == next) { + break; // |i| is already larger than its children. + } + + void *tmp = sk->data[i]; + sk->data[i] = sk->data[next]; + sk->data[next] = tmp; + i = next; + } } -#endif void OPENSSL_sk_sort(OPENSSL_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func) { @@ -415,25 +447,25 @@ void OPENSSL_sk_sort(OPENSSL_STACK *sk, } if (sk->num >= 2) { -#if defined(_MSC_VER) - // MSVC's |qsort_s| is different from the C11 one. - // https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/qsort-s?view=msvc-170 - struct sort_compare_ctx ctx = {call_cmp_func, sk->comp}; - qsort_s(sk->data, sk->num, sizeof(void *), sort_compare, &ctx); -#else - // sk->comp is a function that takes pointers to pointers to elements, but - // qsort take a comparison function that just takes pointers to elements. - // However, since we're passing an array of pointers to qsort, we can just - // cast the comparison function and everything works. - // - // TODO(davidben): This is undefined behavior, but the call is in libc so, - // e.g., CFI does not notice. |qsort| is missing a void* parameter in its - // callback, while no one defines |qsort_r| or |qsort_s| consistently. See + // |qsort| lacks a context parameter in the comparison function for us to + // pass in |call_cmp_func| and |sk->comp|. While we could cast |sk->comp| to + // the expected type, it is undefined behavior in C can trip sanitizers. + // |qsort_r| and |qsort_s| avoid this, but using them is impractical. See // https://stackoverflow.com/a/39561369 - int (*comp_func)(const void *, const void *) = - (int (*)(const void *, const void *))(sk->comp); - qsort(sk->data, sk->num, sizeof(void *), comp_func); -#endif + // + // Use our own heap sort instead. This is not performance-sensitive, so we + // optimize for simplicity and size. First, build a max-heap in place. + for (size_t i = parent_idx(sk->num - 1); i < sk->num; i--) { + down_heap(sk, call_cmp_func, i, sk->num); + } + + // Iteratively remove the maximum element to populate the result in reverse. + for (size_t i = sk->num - 1; i > 0; i--) { + void *tmp = sk->data[0]; + sk->data[0] = sk->data[i]; + sk->data[i] = tmp; + down_heap(sk, call_cmp_func, 0, i); + } } sk->sorted = 1; } diff --git a/crypto/stack/stack_test.cc b/crypto/stack/stack_test.cc index 7900fc9094..228182b623 100644 --- a/crypto/stack/stack_test.cc +++ b/crypto/stack/stack_test.cc @@ -24,6 +24,7 @@ #include #include +#include // Define a custom stack type for testing. @@ -481,3 +482,38 @@ TEST(StackTest, IsSorted) { sk_TEST_INT_set_cmp_func(sk.get(), nullptr); EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); } + +TEST(StackTest, Sort) { + constexpr size_t kMaxLength = 100; + constexpr int kIterations = 500; + for (size_t len = 0; len < kMaxLength; len++) { + SCOPED_TRACE(len); + for (int iter = 0; iter < kIterations; iter++) { + // Make a random input list. + std::vector vec(len); + RAND_bytes(reinterpret_cast(vec.data()), + sizeof(int) * vec.size()); + SCOPED_TRACE(testing::PrintToString(vec)); + + // Convert it to a |STACK_OF(TEST_INT)|. + bssl::UniquePtr sk(sk_TEST_INT_new(compare)); + ASSERT_TRUE(sk); + for (int v : vec) { + auto value = TEST_INT_new(v); + ASSERT_TRUE(value); + ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); + } + + // Sort it with our sort implementation. + sk_TEST_INT_sort(sk.get()); + std::vector result; + for (const TEST_INT *v : sk.get()) { + result.push_back(*v); + } + + // The result must match the STL's version. + std::sort(vec.begin(), vec.end()); + EXPECT_EQ(vec, result); + } + } +} From d86e2fdd798bd7e2283e4d6d112049bdc5cdb10e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 7 Jun 2023 14:12:18 -0400 Subject: [PATCH 10/42] Update build tools Also teach update_clang.py how to download Chromium's Clang on macOS. We don't currently use it in CI, but I've patched this in enough times for local testing, that having it seems convenient. This picks up -fsanitize=function, though it wouldn't have caught the qsort issue anyway. I'm guessing the libc must be built with UBSan too. Change-Id: I8c396a10b32e69fe7013283b1bb4320bc35756b6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60547 Reviewed-by: Bob Beck Commit-Queue: Bob Beck Auto-Submit: David Benjamin --- util/bot/DEPS | 8 ++++---- util/bot/update_clang.py | 10 ++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/util/bot/DEPS b/util/bot/DEPS index 2fe6d2cb13..8f5a412df8 100644 --- a/util/bot/DEPS +++ b/util/bot/DEPS @@ -25,19 +25,19 @@ vars = { # cipd describe PACKAGE_NAME -version latest # infra/3pp/tools/cmake/linux-amd64 - 'cmake_version': 'version:2@3.26.3.chromium.7', + 'cmake_version': 'version:2@3.26.4.chromium.7', # infra/3pp/tools/go/linux-amd64 - 'go_version': 'version:2@1.20.4', + 'go_version': 'version:2@1.20.5', # infra/3pp/tools/perl/windows-amd64 'perl_version': 'version:2@5.32.1.1', # Update the following from # https://chromium.googlesource.com/chromium/src/+/main/DEPS 'android_sdk_platform-tools_version': 'RSI3iwryh7URLGRgJHsCvUxj092woTPnKt4pwFcJ6L8C', - 'android_ndk_revision': '8388a2be5421311dc75c5f937aae13d821a27f3d', + 'android_ndk_revision': '310956bd122ec2b96049f8d7398de6b717f3452e', 'libfuzzer_revision': 'debe7d2d1982e540fbd6bd78604bf001753f9e74', 'libcxx_revision': 'f8279b01085b800724f5c5629dc365b9f040dc53', - 'libcxxabi_revision': 'd5e79e117ce9adfdcfdc5dde56ee8cddd7742854', + 'libcxxabi_revision': '899caea3814eeb45c689fc206052968943fd5cb8', 'ninja_version': 'version:2@1.11.1.chromium.6', } diff --git a/util/bot/update_clang.py b/util/bot/update_clang.py index 185e975fb5..d0b188adbd 100644 --- a/util/bot/update_clang.py +++ b/util/bot/update_clang.py @@ -9,6 +9,7 @@ from __future__ import print_function import os +import platform import shutil import subprocess import stat @@ -28,8 +29,8 @@ # CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang # to use. These should be synced with tools/clang/scripts/update.py in # Chromium. -CLANG_REVISION = 'llvmorg-17-init-10134-g3da83fba' -CLANG_SUB_REVISION = 1 +CLANG_REVISION = 'llvmorg-17-init-12166-g7586aeab' +CLANG_SUB_REVISION = 3 PACKAGE_VERSION = '%s-%s' % (CLANG_REVISION, CLANG_SUB_REVISION) @@ -138,6 +139,11 @@ def UpdateClang(): cds_full_url = CDS_URL + '/Win/' + cds_file elif sys.platform.startswith('linux'): cds_full_url = CDS_URL + '/Linux_x64/' + cds_file + elif sys.platform == 'darwin': + if platform.machine() == 'arm64': + cds_full_url = CDS_URL + '/Mac_arm64/' + cds_file + else: + cds_full_url = CDS_URL + '/Mac/' + cds_file else: return 0 From aaf771e493af8d23cc50aaa036b22195cd888090 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 7 Jun 2023 17:27:24 -0400 Subject: [PATCH 11/42] Fix the combined asm source lists in generate_build_files.py This fixes one of the two build issues triggered by the curve25519 assembly. The new curve25519 assembly is one file that works for both ELF and Apple targets. This is handy, but breaks the naive concatenation logic for making the generated file lists. Fix the generation to deduplicate first. Convincing Starlark in Bazel to deduplicate is annoyingly difficult, so we'll just generate both lists. This results in some duplication in the generated files, but they're generated so this is fine. Hopefully we can, in time, just remove the per-platform lists when everyone is migrated over. To that end, this CL adds the combined output to GN so I can migrate Chromium. This CL is not sufficient to unbreak the Bazel build. The next change is also needed. Bug: 542 Change-Id: Ibe76ff557fc43f7b4d984ccdf298f13c20f3b50c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60565 Commit-Queue: Adam Langley Reviewed-by: Adam Langley Auto-Submit: David Benjamin --- util/generate_build_files.py | 54 +++++++++++++++++------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 2dae9cdaac..160f91179b 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -255,30 +255,17 @@ def WriteFiles(self, files, asm_outputs): self.PrintVariableSection( out, 'crypto_internal_headers', files['crypto_internal_headers']) self.PrintVariableSection(out, 'crypto_sources', files['crypto']) + self.PrintVariableSection(out, 'crypto_sources_asm', files['crypto_asm']) + self.PrintVariableSection(out, 'crypto_sources_nasm', files['crypto_nasm']) self.PrintVariableSection(out, 'tool_sources', files['tool']) self.PrintVariableSection(out, 'tool_headers', files['tool_headers']) + # TODO(crbug.com/boringssl/542): Migrate everyone to the combined asm + # source lists, so we don't need to generate both sets. for ((osname, arch), asm_files) in asm_outputs: self.PrintVariableSection( out, 'crypto_sources_%s_%s' % (osname, arch), asm_files) - # Generate combined source lists for gas and nasm. Consumers have a choice - # of using the per-platform ones or the combined ones. In the combined - # mode, Windows x86 and Windows x86_64 must still be special-cased, but - # otherwise all assembly files can be linked together. - out.write('\n') - out.write('crypto_sources_asm = []\n') - for (osname, arch, _, _, asm_ext) in OS_ARCH_COMBOS: - if asm_ext == 'S': - out.write('crypto_sources_asm.extend(crypto_sources_%s_%s)\n' % - (osname, arch)) - out.write('\n') - out.write('crypto_sources_nasm = []\n') - for (osname, arch, _, _, asm_ext) in OS_ARCH_COMBOS: - if asm_ext == 'asm': - out.write('crypto_sources_nasm.extend(crypto_sources_%s_%s)\n' % - (osname, arch)) - with open('BUILD.generated_tests.bzl', 'w+') as out: out.write(self.header) @@ -358,6 +345,9 @@ def WriteFiles(self, files, asm_outputs): self.PrintVariableSection(out, 'crypto_sources', files['crypto'] + files['crypto_internal_headers']) + self.PrintVariableSection(out, 'crypto_sources_asm', files['crypto_asm']) + self.PrintVariableSection(out, 'crypto_sources_nasm', + files['crypto_nasm']) self.PrintVariableSection(out, 'crypto_headers', files['crypto_headers']) self.PrintVariableSection(out, 'ssl_sources', @@ -525,15 +515,8 @@ def WriteFiles(self, files, asm_outputs): with open('CMakeLists.txt', 'w+') as cmake: cmake.write(self.header) - asm_sources = [] - nasm_sources = [] - for ((osname, arch), asm_files) in asm_outputs: - if (osname, arch) in (('win', 'x86'), ('win', 'x86_64')): - nasm_sources.extend(asm_files) - else: - asm_sources.extend(asm_files) - self.PrintVariable(cmake, 'CRYPTO_SOURCES_ASM', sorted(asm_sources)) - self.PrintVariable(cmake, 'CRYPTO_SOURCES_NASM', sorted(nasm_sources)) + self.PrintVariable(cmake, 'CRYPTO_SOURCES_ASM', files['crypto_asm']) + self.PrintVariable(cmake, 'CRYPTO_SOURCES_NASM', files['crypto_nasm']) cmake.write( R'''if(OPENSSL_ASM) @@ -854,9 +837,26 @@ def NotSSLHeaderFiles(path, filename, is_dir): FindHeaderFiles(os.path.join('src', 'crypto'), NoTests) + FindHeaderFiles(os.path.join('src', 'third_party', 'fiat'), NoTests)) + asm_outputs = sorted(WriteAsmFiles(ReadPerlAsmOperations()).items()) + + # Generate combined source lists for gas and nasm. Build files have a choice + # of using the per-platform ones or the combined ones. In the combined mode, + # Windows x86 and Windows x86_64 must still be special-cased, but otherwise + # all assembly files can be linked together. Some files appear in multiple + # per-platform lists, so we duplicate. + asm_sources = set() + nasm_sources = set() + for ((osname, arch), asm_files) in asm_outputs: + if (osname, arch) in (('win', 'x86'), ('win', 'x86_64')): + nasm_sources.update(asm_files) + else: + asm_sources.update(asm_files) + files = { 'bcm_crypto': bcm_crypto_c_files, 'crypto': crypto_c_files, + 'crypto_asm': sorted(list(asm_sources)), + 'crypto_nasm': sorted(list(nasm_sources)), 'crypto_headers': crypto_h_files, 'crypto_internal_headers': crypto_internal_h_files, 'crypto_test': crypto_test_files, @@ -874,8 +874,6 @@ def NotSSLHeaderFiles(path, filename, is_dir): 'urandom_test': urandom_test_files, } - asm_outputs = sorted(WriteAsmFiles(ReadPerlAsmOperations()).items()) - for platform in platforms: platform.WriteFiles(files, asm_outputs) From 3f680b0eff18ddd6c878b92bffbc1b53fe6bd797 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 7 Jun 2023 17:43:52 -0400 Subject: [PATCH 12/42] Remove a layer of indirection from fiat curve25519 assembly This fixes the generated Bazel build. Bazel is strict about having all dependencies declared, which includes files that are #included into other files. (It also is not particularly pleased about textual headers and wants them declared in a separate place.) The new fiat curve25519 assembly is currently split into a BoringSSL half, and a more generic fiat half. For now, just move the BoringSSL customizations directly into the fiat half. This isn't ideal, as we'd, long term, like something where the fiat code can be made standalone. But, to fix the build, just patch in the changes now and we can ponder how to do this better later. (Build tools and conventions for assembly are much less clear than C, sadly.) Also add the .note.GNU-stack bit at the end. Change-Id: I04aa733eabf8562dba42dee63a8fd25c86a59db9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60566 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/CMakeLists.txt | 3 ++- crypto/curve25519/asm/fiat_curve25519_adx.S | 11 ----------- third_party/fiat/asm/fiat_curve25519_adx_mul.S | 14 ++++++++++++++ third_party/fiat/asm/fiat_curve25519_adx_square.S | 14 ++++++++++++++ util/generate_build_files.py | 6 ++++-- 5 files changed, 34 insertions(+), 14 deletions(-) delete mode 100644 crypto/curve25519/asm/fiat_curve25519_adx.S diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 5f0c160aa0..80fd919e81 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -15,9 +15,10 @@ endif() set( CRYPTO_SOURCES_ASM curve25519/asm/x25519-asm-arm.S - curve25519/asm/fiat_curve25519_adx.S hrss/asm/poly_rq_mul.S poly1305/poly1305_arm_asm.S + ../third_party/fiat/asm/fiat_curve25519_adx_mul.S + ../third_party/fiat/asm/fiat_curve25519_adx_square.S ) perlasm(CRYPTO_SOURCES aarch64 chacha/chacha-armv8 chacha/asm/chacha-armv8.pl) perlasm(CRYPTO_SOURCES aarch64 cipher_extra/chacha20_poly1305_armv8 cipher_extra/asm/chacha20_poly1305_armv8.pl) diff --git a/crypto/curve25519/asm/fiat_curve25519_adx.S b/crypto/curve25519/asm/fiat_curve25519_adx.S deleted file mode 100644 index 0c4218117c..0000000000 --- a/crypto/curve25519/asm/fiat_curve25519_adx.S +++ /dev/null @@ -1,11 +0,0 @@ -#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && defined(__x86_64__) - -#if defined(BORINGSSL_PREFIX) -#include -#endif - -.intel_syntax noprefix -#include "../../../third_party/fiat/asm/fiat_curve25519_adx_mul.S" -#include "../../../third_party/fiat/asm/fiat_curve25519_adx_square.S" - -#endif diff --git a/third_party/fiat/asm/fiat_curve25519_adx_mul.S b/third_party/fiat/asm/fiat_curve25519_adx_mul.S index 1d23f3f25f..f91e67d2fb 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_mul.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_mul.S @@ -1,3 +1,11 @@ +#if !defined(OPENSSL_NO_ASM) && defined(__x86_64__) && \ + (defined(__APPLE__) || defined(__ELF__)) + +#if defined(BORINGSSL_PREFIX) +#include +#endif + +.intel_syntax noprefix .text #if defined(__APPLE__) .private_extern fiat_curve25519_adx_mul @@ -159,3 +167,9 @@ ret #if defined(__ELF__) .size fiat_curve25519_adx_mul, .-fiat_curve25519_adx_mul #endif + +#endif + +#if defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif diff --git a/third_party/fiat/asm/fiat_curve25519_adx_square.S b/third_party/fiat/asm/fiat_curve25519_adx_square.S index 71f9108bc0..027dcf1bd0 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_square.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_square.S @@ -1,3 +1,11 @@ +#if !defined(OPENSSL_NO_ASM) && defined(__x86_64__) && \ + (defined(__APPLE__) || defined(__ELF__)) + +#if defined(BORINGSSL_PREFIX) +#include +#endif + +.intel_syntax noprefix .text #if defined(__APPLE__) .private_extern fiat_curve25519_adx_square @@ -127,3 +135,9 @@ ret #if defined(__ELF__) .size fiat_curve25519_adx_square, .-fiat_curve25519_adx_square #endif + +#endif + +#if defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 160f91179b..059caed82f 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -46,7 +46,8 @@ # perlasm system. NON_PERL_FILES = { ('apple', 'x86_64'): [ - 'src/crypto/curve25519/asm/fiat_curve25519_adx.S', + 'src/third_party/fiat/asm/fiat_curve25519_adx_mul.S', + 'src/third_party/fiat/asm/fiat_curve25519_adx_square.S', ], ('linux', 'arm'): [ 'src/crypto/curve25519/asm/x25519-asm-arm.S', @@ -54,7 +55,8 @@ ], ('linux', 'x86_64'): [ 'src/crypto/hrss/asm/poly_rq_mul.S', - 'src/crypto/curve25519/asm/fiat_curve25519_adx.S', + 'src/third_party/fiat/asm/fiat_curve25519_adx_mul.S', + 'src/third_party/fiat/asm/fiat_curve25519_adx_square.S', ], } From 8e16c046b138e4806e69f22810b4d33e925ec58f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 8 Jun 2023 11:03:59 -0400 Subject: [PATCH 13/42] Avoid another NULL+0 in BIO_s_mem That NULL+0 is forbidden is still an awful language bug in C (fixed in C++), but this particular instance could have been written without pointer arithmetic. While I'm here, tidy pointers a bit: - No need to cast pointers to char* when we're writing to void* anyway - BIO_C_GET_BUF_MEM_PTR is technically a strict aliasing violation. The pointer points to a BUF_MEM*, not a char*, so we should not write to it as a char**. - C casts from void* freely and we've usually omitted the cast in that case. (Though if we ever move libcrypto to C++, that'll all have to change.) Bug: b:286384999 Change-Id: I16d7da675d61f726f259fc9a3cc4a6fce2d6d1fd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60605 Reviewed-by: Bob Beck Commit-Queue: Bob Beck Auto-Submit: David Benjamin --- crypto/bio/bio_mem.c | 15 +++++++-------- crypto/bio/bio_test.cc | 39 +++++++++++++++++++++++---------------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.c index 1ee148b074..5d7534c249 100644 --- a/crypto/bio/bio_mem.c +++ b/crypto/bio/bio_mem.c @@ -206,7 +206,6 @@ static int mem_gets(BIO *bio, char *buf, int size) { static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { long ret = 1; - char **pptr; BUF_MEM *b = (BUF_MEM *)bio->ptr; @@ -232,8 +231,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { case BIO_CTRL_INFO: ret = (long)b->length; if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)&b->data[0]; + char **pptr = ptr; + *pptr = b->data; } break; case BIO_C_SET_BUF_MEM: @@ -243,8 +242,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)b; + BUF_MEM **pptr = ptr; + *pptr = b; } break; case BIO_CTRL_GET_CLOSE: @@ -294,15 +293,15 @@ int BIO_mem_contents(const BIO *bio, const uint8_t **out_contents, } long BIO_get_mem_data(BIO *bio, char **contents) { - return BIO_ctrl(bio, BIO_CTRL_INFO, 0, (char *) contents); + return BIO_ctrl(bio, BIO_CTRL_INFO, 0, contents); } int BIO_get_mem_ptr(BIO *bio, BUF_MEM **out) { - return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, (char *) out); + return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, out); } int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) { - return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, (char *) b); + return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, b); } int BIO_set_mem_eof_return(BIO *bio, int eof_value) { diff --git a/crypto/bio/bio_test.cc b/crypto/bio/bio_test.cc index 6610be9a28..8827ce6141 100644 --- a/crypto/bio/bio_test.cc +++ b/crypto/bio/bio_test.cc @@ -287,11 +287,24 @@ TEST(BIOTest, MemWritable) { bssl::UniquePtr bio(BIO_new(BIO_s_mem())); ASSERT_TRUE(bio); + auto check_bio_contents = [&](Bytes b) { + const uint8_t *contents; + size_t len; + ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); + EXPECT_EQ(Bytes(contents, len), b); + + char *contents_c; + long len_l = BIO_get_mem_data(bio.get(), &contents_c); + ASSERT_GE(len_l, 0); + EXPECT_EQ(Bytes(contents_c, len_l), b); + + BUF_MEM *buf; + ASSERT_EQ(BIO_get_mem_ptr(bio.get(), &buf), 1); + EXPECT_EQ(Bytes(buf->data, buf->length), b); + }; + // It is initially empty. - const uint8_t *contents; - size_t len; - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("")); + check_bio_contents(Bytes("")); EXPECT_EQ(BIO_eof(bio.get()), 1); // Reading from it should default to returning a retryable error. @@ -310,44 +323,38 @@ TEST(BIOTest, MemWritable) { // Writes append to the buffer. ASSERT_EQ(BIO_write(bio.get(), "abcdef", 6), 6); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("abcdef")); + check_bio_contents(Bytes("abcdef")); EXPECT_EQ(BIO_eof(bio.get()), 0); // Writes can include embedded NULs. ASSERT_EQ(BIO_write(bio.get(), "\0ghijk", 6), 6); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("abcdef\0ghijk", 12)); + check_bio_contents(Bytes("abcdef\0ghijk", 12)); EXPECT_EQ(BIO_eof(bio.get()), 0); // Do a partial read. int ret = BIO_read(bio.get(), buf, 4); ASSERT_GT(ret, 0); EXPECT_EQ(Bytes(buf, ret), Bytes("abcd")); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("ef\0ghijk", 8)); + check_bio_contents(Bytes("ef\0ghijk", 8)); EXPECT_EQ(BIO_eof(bio.get()), 0); // Reads and writes may alternate. ASSERT_EQ(BIO_write(bio.get(), "lmnopq", 6), 6); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("ef\0ghijklmnopq", 14)); + check_bio_contents(Bytes("ef\0ghijklmnopq", 14)); EXPECT_EQ(BIO_eof(bio.get()), 0); // Reads may consume embedded NULs. ret = BIO_read(bio.get(), buf, 4); ASSERT_GT(ret, 0); EXPECT_EQ(Bytes(buf, ret), Bytes("ef\0g", 4)); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("hijklmnopq")); + check_bio_contents(Bytes("hijklmnopq")); EXPECT_EQ(BIO_eof(bio.get()), 0); // The read buffer exceeds the |BIO|, so we consume everything. ret = BIO_read(bio.get(), buf, sizeof(buf)); ASSERT_GT(ret, 0); EXPECT_EQ(Bytes(buf, ret), Bytes("hijklmnopq")); - ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); - EXPECT_EQ(Bytes(contents, len), Bytes("")); + check_bio_contents(Bytes("")); EXPECT_EQ(BIO_eof(bio.get()), 1); // The |BIO| is now empty. From 2a72f9770fdad399a605a6c8b45dffafe35870fd Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 7 Jun 2023 12:21:18 -0400 Subject: [PATCH 14/42] Tidy bssl-crypto documentation This probably needs a few iterations, but fix the stuff I noticed on a first pass: - I don't think it's useful to say this is the BoringSSL implementation of something. That's all implicit from this crate anyway. - Rust seems to prefer "Returns ..." rather than "Return ..." - Algorithm names like "hkdf" or "hmac" should be written "HKDF" or "HMAC" when referring to the algorithms. Also BoringSSL is styled "BoringSSL" rather than "boringssl". - Given Rust overall doesn't try to handle allocation failure, let's just write that we don't believe in allocation failure once in the README rather than marking which functions do and don't panic. Change-Id: I48501717dd0b063a2fa4106c4c140d76a7ef69a9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60546 Reviewed-by: Nabil Wadih Commit-Queue: Bob Beck Reviewed-by: Bob Beck --- rust/bssl-crypto/README.md | 2 + rust/bssl-crypto/src/aes.rs | 4 +- rust/bssl-crypto/src/digest.rs | 18 +++---- rust/bssl-crypto/src/ed25519.rs | 2 +- rust/bssl-crypto/src/hkdf.rs | 13 +++-- rust/bssl-crypto/src/hmac.rs | 84 ++++++++++++++++++++------------- rust/bssl-crypto/src/lib.rs | 14 +++--- 7 files changed, 78 insertions(+), 59 deletions(-) diff --git a/rust/bssl-crypto/README.md b/rust/bssl-crypto/README.md index dff669bcd8..bc7371a2fa 100644 --- a/rust/bssl-crypto/README.md +++ b/rust/bssl-crypto/README.md @@ -7,3 +7,5 @@ Then to run all tests: ``` cd rust/bssl-crypto && cargo clippy && cargo deny check && cargo test ``` + +Unlike BoringSSL itself, this crate does not attempt to handle allocation failures. If an allocation fails, functions in this crate will panic. diff --git a/rust/bssl-crypto/src/aes.rs b/rust/bssl-crypto/src/aes.rs index e3ec5bdaf5..e5a16078c8 100644 --- a/rust/bssl-crypto/src/aes.rs +++ b/rust/bssl-crypto/src/aes.rs @@ -23,7 +23,7 @@ pub type AesBlock = [u8; BLOCK_SIZE]; pub struct Aes; impl Aes { - /// Encrypt `block` in place. + /// Encrypts `block` in place. pub fn encrypt(key: &AesEncryptKey, block: &mut AesBlock) { let input = *block; // Safety: @@ -31,7 +31,7 @@ impl Aes { unsafe { bssl_sys::AES_encrypt(input.as_ptr(), block.as_mut_ptr(), &key.0) } } - /// Decrypt `block` in place. + /// Decrypts `block` in place. pub fn decrypt(key: &AesDecryptKey, block: &mut AesBlock) { let input = *block; // Safety: diff --git a/rust/bssl-crypto/src/digest.rs b/rust/bssl-crypto/src/digest.rs index ee26f3e57a..35b653452f 100644 --- a/rust/bssl-crypto/src/digest.rs +++ b/rust/bssl-crypto/src/digest.rs @@ -17,11 +17,11 @@ use core::marker::PhantomData; use crate::ForeignTypeRef; -/// The BoringSSL implemented SHA-256 digest algorithm. +/// The SHA-256 digest algorithm. #[derive(Clone)] pub struct Sha256 {} -/// The BoringSSL implemented SHA-512 digest algorithm. +/// The SHA-512 digest algorithm. #[derive(Clone)] pub struct Sha512 {} @@ -40,7 +40,7 @@ pub trait Md { /// The output size of the hash operation. const OUTPUT_SIZE: usize; - /// Gets a reference to a message digest algorithm to be used by the hkdf implementation. + /// Gets a reference to a message digest algorithm to be used by the HKDF implementation. fn get_md() -> &'static MdRef; } @@ -55,7 +55,7 @@ impl Md for Sha256 { } impl Sha256 { - /// Create a new [digest] to compute the SHA256 hash. + /// Creates a new [Digest] to compute a SHA-256 hash. pub fn new_digest() -> Digest { // Note: This cannot be in the trait because using associated constants exprs there // requires nightly. @@ -74,7 +74,7 @@ impl Md for Sha512 { } impl Sha512 { - /// Create a new [digest] to compute the SHA512 hash. + /// Create a new [Digest] to compute a SHA-512 hash. pub fn new_digest() -> Digest { // Note: This cannot be in the trait because using associated constants exprs there // requires nightly. @@ -82,12 +82,12 @@ impl Sha512 { } } -/// A struct for computing the digest +/// A pending digest operation. pub struct Digest(bssl_sys::EVP_MD_CTX, PhantomData); impl Digest { - /// Create a new Digest from the given `Md` type parameter. + /// Creates a new Digest from the given `Md` type parameter. /// /// Panics: /// - If `Md::OUTPUT_SIZE` is not the same as `OUTPUT_SIZE`. @@ -108,7 +108,7 @@ impl Digest { Self(md_ctx, PhantomData) } - /// Updates this digest computation using the given `data`. + /// Hashes the provided input into the current digest operation. pub fn update(&mut self, data: &[u8]) { // Safety: // - `data` is a slice from safe Rust. @@ -118,7 +118,7 @@ impl Digest { assert_eq!(result, 1, "bssl_sys::EVP_DigestUpdate failed"); } - /// Consumes this digest and returns the output digest value. + /// Computes the final digest value, consuming the object. #[allow(clippy::expect_used)] pub fn finalize(mut self) -> [u8; OUTPUT_SIZE] { let mut digest_uninit = diff --git a/rust/bssl-crypto/src/ed25519.rs b/rust/bssl-crypto/src/ed25519.rs index 1fa5b051e2..df3650797a 100644 --- a/rust/bssl-crypto/src/ed25519.rs +++ b/rust/bssl-crypto/src/ed25519.rs @@ -26,7 +26,7 @@ pub const SEED_LENGTH: usize = /// The length in bytes of an Ed25519 signature. pub const SIGNATURE_LENGTH: usize = bssl_sys::ED25519_SIGNATURE_LEN as usize; -// The length in bytes of an Ed25519 keypair. In boringssl the private key is suffixed with the +// The length in bytes of an Ed25519 keypair. In BoringSSL, the private key is suffixed with the // public key, so the keypair length is the same as the private key length. const KEYPAIR_LENGTH: usize = bssl_sys::ED25519_PRIVATE_KEY_LEN as usize; diff --git a/rust/bssl-crypto/src/hkdf.rs b/rust/bssl-crypto/src/hkdf.rs index 66b8d60e30..d3144951e7 100644 --- a/rust/bssl-crypto/src/hkdf.rs +++ b/rust/bssl-crypto/src/hkdf.rs @@ -23,12 +23,12 @@ pub type HkdfSha256 = Hkdf; /// Implementation of HKDF-SHA-512 pub type HkdfSha512 = Hkdf; -/// Error type returned from the hkdf expand operations when the output key material has +/// Error type returned from the HKDF-Expand operations when the output key material has /// an invalid length #[derive(Debug)] pub struct InvalidLength; -/// Implementation of hkdf operations which are generic over a provided hashing functions. Type +/// Implementation of HKDF operations which are generic over a provided hashing functions. Type /// aliases are provided above for convenience of commonly used hashes pub struct Hkdf { salt: Option>, @@ -40,7 +40,7 @@ impl Hkdf { /// The max length of the output key material used for expanding pub const MAX_OUTPUT_LENGTH: usize = M::OUTPUT_SIZE * 255; - /// Creates a new instance of an hkdf from a salt and key material + /// Creates a new instance of HKDF from a salt and key material pub fn new(salt: Option<&[u8]>, ikm: &[u8]) -> Self { Self { salt: salt.map(Vec::from), @@ -49,9 +49,9 @@ impl Hkdf { } } - /// The RFC5869 HKDF-Expand operation. The info argument for the expand is set to + /// Computes HKDF-Expand operation from RFC 5869. The info argument for the expand is set to /// the concatenation of all the elements of info_components. Returns InvalidLength if the - /// output is too large or panics if there is an allocation failure. + /// output is too large. pub fn expand_multi_info( &self, info_components: &[&[u8]], @@ -60,8 +60,7 @@ impl Hkdf { self.expand(&info_components.concat(), okm) } - /// The RFC5869 HKDF-Expand operation. Returns InvalidLength if the output is too large, or - /// panics if there is an allocation failure + /// Computes HKDF-Expand operation from RFC 5869. Returns InvalidLength if the output is too large. pub fn expand(&self, info: &[u8], okm: &mut [u8]) -> Result<(), InvalidLength> { // extract the salt bytes from the option, or empty slice if option is None let salt = self.salt.as_deref().unwrap_or_default(); diff --git a/rust/bssl-crypto/src/hmac.rs b/rust/bssl-crypto/src/hmac.rs index 7dbf39ba5b..167e92e59b 100644 --- a/rust/bssl-crypto/src/hmac.rs +++ b/rust/bssl-crypto/src/hmac.rs @@ -25,8 +25,7 @@ use core::{ /// Computes the HMAC-SHA256 of `data` as a one-shot operation. /// /// Calculates the HMAC of data, using the given `key` and returns the result. -/// It returns the computed hmac. -/// Can panic if memory allocation fails in the underlying BoringSSL code. +/// It returns the computed HMAC. pub fn hmac_sha256(key: &[u8], data: &[u8]) -> [u8; 32] { hmac::<32, Sha256>(key, data) } @@ -34,100 +33,117 @@ pub fn hmac_sha256(key: &[u8], data: &[u8]) -> [u8; 32] { /// Computes the HMAC-SHA512 of `data` as a one-shot operation. /// /// Calculates the HMAC of data, using the given `key` and returns the result. -/// It returns the computed hmac. -/// Can panic if memory allocation fails in the underlying BoringSSL code. +/// It returns the computed HMAC. pub fn hmac_sha512(key: &[u8], data: &[u8]) -> [u8; 64] { hmac::<64, Sha512>(key, data) } -/// The BoringSSL HMAC-SHA256 implementation. The operations may panic if memory allocation fails -/// in BoringSSL. +/// An HMAC-SHA256 operation in progress. pub struct HmacSha256(Hmac<32, Sha256>); impl HmacSha256 { - /// Create a new hmac from a fixed size key. + /// Creates a new HMAC operation from a fixed-length key. pub fn new(key: [u8; 32]) -> Self { Self(Hmac::new(key)) } - /// Create new hmac value from variable size key. + /// Creates a new HMAC operation from a variable-length key. pub fn new_from_slice(key: &[u8]) -> Self { Self(Hmac::new_from_slice(key)) } - /// Update state using the provided data. + /// Hashes the provided input into the HMAC operation. pub fn update(&mut self, data: &[u8]) { self.0.update(data) } - /// Obtain the hmac computation consuming the hmac instance. + /// Computes the final HMAC value, consuming the object. pub fn finalize(self) -> [u8; 32] { self.0.finalize() } - /// Check that the tag value is correct for the processed input. + /// Checks that the provided tag value matches the computed HMAC value. pub fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> { self.0.verify_slice(tag) } - /// Check that the tag value is correct for the processed input. + /// Checks that the provided tag value matches the computed HMAC value. pub fn verify(self, tag: [u8; 32]) -> Result<(), MacError> { self.0.verify(tag) } - /// Check truncated tag correctness using left side bytes of the calculated tag. + /// Checks that the provided tag value matches the computed HMAC, truncated to the input tag's + /// length. + /// + /// Truncating an HMAC reduces the security of the construction. Callers must ensure `tag`'s + /// length matches the desired HMAC length and security level. pub fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> { self.0.verify_truncated_left(tag) } - /// Resets the hmac instance to its initial state + /// Resets the object to its initial state. The key is retained, but input is discarded. pub fn reset(&mut self) { + // TODO(davidben): This method is a little odd. The main use case I can imagine is + // computing multiple HMACs with the same key, while reusing the input-independent key + // setup. However, finalize consumes the object, so you cannot actually reuse the + // context afterwards. Moreover, even if you could, that mutates the context, so a + // better pattern would be to copy the initial context, or to have an HmacKey type + // that one could create contexts out of. self.0.reset() } } -/// The BoringSSL HMAC-SHA512 implementation. The operations may panic if memory allocation fails -/// in BoringSSL. +/// An HMAC-SHA512 operation in progress. pub struct HmacSha512(Hmac<64, Sha512>); impl HmacSha512 { - /// Create a new hmac from a fixed size key. + /// Creates a new HMAC operation from a fixed-size key. pub fn new(key: [u8; 64]) -> Self { Self(Hmac::new(key)) } - /// Create new hmac value from variable size key. + /// Creates a new HMAC operation from a variable-length key. pub fn new_from_slice(key: &[u8]) -> Self { Self(Hmac::new_from_slice(key)) } - /// Update state using the provided data. + /// Hashes the provided input into the HMAC operation. pub fn update(&mut self, data: &[u8]) { self.0.update(data) } - /// Obtain the hmac computation consuming the hmac instance. + /// Computes the final HMAC value, consuming the object. pub fn finalize(self) -> [u8; 64] { self.0.finalize() } - /// Check that the tag value is correct for the processed input. + /// Checks that the provided tag value matches the computed HMAC value. pub fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> { self.0.verify_slice(tag) } - /// Check that the tag value is correct for the processed input. + /// Checks that the provided tag value matches the computed HMAC value. pub fn verify(self, tag: [u8; 64]) -> Result<(), MacError> { self.0.verify(tag) } - /// Check truncated tag correctness using left side bytes of the calculated tag. + /// Checks that the provided tag value matches the computed HMAC, truncated to the input tag's + /// length. + /// + /// Truncating an HMAC reduces the security of the construction. Callers must ensure `tag`'s + /// length matches the desired HMAC length and security level. pub fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> { self.0.verify_truncated_left(tag) } - /// Resets the hmac instance to its initial state + /// Resets the object to its initial state. The key is retained, but input is discarded. pub fn reset(&mut self) { + // TODO(davidben): This method is a little odd. The main use case I can imagine is + // computing multiple HMACs with the same key, while reusing the input-independent key + // setup. However, finalize consumes the object, so you cannot actually reuse the + // context afterwards. Moreover, even if you could, that mutates the context, so a + // better pattern would be to copy the initial context, or to have an HmacKey type + // that one could create contexts out of. self.0.reset() } } @@ -177,12 +193,12 @@ struct Hmac { } impl Hmac { - /// Infallible HMAC creation from a fixed length key. + /// Creates a new HMAC operation from a fixed-length key. fn new(key: [u8; N]) -> Self { Self::new_from_slice(&key) } - /// Create new hmac value from variable size key. Panics on allocation failure + /// Creates a new HMAC operation from a variable-length key. fn new_from_slice(key: &[u8]) -> Self { // Safety: // - HMAC_CTX_new panics if allocation fails @@ -215,7 +231,7 @@ impl Hmac { } } - /// Update state using the provided data, can be called repeatedly. + /// Hashes the provided input into the HMAC operation. fn update(&mut self, data: &[u8]) { let result = unsafe { // Safety: HMAC_Update will always return 1, in case it doesnt we panic @@ -224,7 +240,7 @@ impl Hmac { assert_eq!(result, 1, "failure in bssl_sys::HMAC_Update"); } - /// Obtain the hmac computation consuming the hmac instance. + /// Computes the final HMAC value, consuming the object. fn finalize(self) -> [u8; N] { let mut buf = [0_u8; N]; let mut size: c_uint = 0; @@ -238,13 +254,12 @@ impl Hmac { buf } - /// Check that the tag value is correct for the processed input. + /// Checks that the provided tag value matches the computed HMAC value. fn verify(self, tag: [u8; N]) -> Result<(), MacError> { self.verify_slice(&tag) } - /// Check truncated tag correctness using all bytes - /// of calculated tag. + /// Checks that the provided tag value matches the computed HMAC value. /// /// Returns `Error` if `tag` is not valid or not equal in length /// to MAC's output. @@ -253,10 +268,13 @@ impl Hmac { self.verify_truncated_left(tag) } - /// Check truncated tag correctness using left side bytes - /// (i.e. `tag[..n]`) of calculated tag. + /// Checks that the provided tag value matches the computed HMAC, truncated to the input tag's + /// length. /// /// Returns `Error` if `tag` is not valid or empty. + /// + /// Truncating an HMAC reduces the security of the construction. Callers must ensure `tag`'s + /// length matches the desired HMAC length and security level. fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> { let len = tag.len(); if len == 0 || len > N { diff --git a/rust/bssl-crypto/src/lib.rs b/rust/bssl-crypto/src/lib.rs index 2c80ae8e14..ce9500bf95 100644 --- a/rust/bssl-crypto/src/lib.rs +++ b/rust/bssl-crypto/src/lib.rs @@ -22,26 +22,26 @@ clippy::expect_used )] -//! Rust boringssl binding +//! Rust BoringSSL bindings extern crate core; -/// BoringSSL implemented plain aes operations. +/// AES block operations. pub mod aes; -/// BoringSSL implemented hash functions. +/// Hash functions. pub mod digest; -/// BoringSSL implemented Ed25519 operations. +/// Ed25519, a signature scheme. pub mod ed25519; -/// BoringSSL implemented hkdf operations. +/// HKDF, a hash-based key derivation function. pub mod hkdf; -/// BoringSSL implemented hmac operations. +/// HMAC, a hash-based message authentication code. pub mod hmac; -/// BoringSSL implemented cryptographically secure pseudo-random number generation. +/// Random number generation. pub mod rand; #[cfg(test)] From cbb96b4ffd29b7fd280b04f59790cf9b060bc7bc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 4 Jun 2023 12:50:39 -0400 Subject: [PATCH 15/42] Const-correct a few X509_PURPOSE and X509_TRUST functions These bits need more work (and possibly some removal) as they're very, very far from thread-safe, but rust-openssl relies on them being const-correct when targetting OpenSSL 1.1.x. Change-Id: I60531c7e90dbdbcb79c09fc440bd7c6b474172df Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60607 Auto-Submit: David Benjamin Commit-Queue: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- crypto/x509/x509_trs.c | 2 +- crypto/x509v3/v3_purp.c | 10 ++++------ include/openssl/x509.h | 2 +- include/openssl/x509v3.h | 5 +++-- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 13e5eca0e0..71cf71dccb 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -168,7 +168,7 @@ int X509_TRUST_set(int *t, int trust) { } int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2) { + const char *name, int arg1, void *arg2) { int idx; X509_TRUST *trtmp; char *name_dup; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 34ce33e27d..1f5a88cdf8 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -177,10 +177,9 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) { return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(char *sname) { - int i; +int X509_PURPOSE_get_by_sname(const char *sname) { X509_PURPOSE *xptmp; - for (i = 0; i < X509_PURPOSE_get_count(); i++) { + for (int i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); if (!strcmp(xptmp->sname, sname)) { return i; @@ -209,8 +208,7 @@ int X509_PURPOSE_get_by_id(int purpose) { int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg) { - int idx; + const char *name, const char *sname, void *arg) { X509_PURPOSE *ptmp; char *name_dup, *sname_dup; @@ -219,7 +217,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, // This will always be set for application modified trust entries flags |= X509_PURPOSE_DYNAMIC_NAME; // Get existing entry if any - idx = X509_PURPOSE_get_by_id(id); + int idx = X509_PURPOSE_get_by_id(id); // Need a new entry if (idx == -1) { if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index b2ac3db8c4..c41b3a5c37 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2529,7 +2529,7 @@ OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx); OPENSSL_EXPORT int X509_TRUST_get_by_id(int id); OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2); + const char *name, int arg1, void *arg2); OPENSSL_EXPORT void X509_TRUST_cleanup(void); OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp); OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index f5ea41354e..2a2e02c2e4 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -906,12 +906,13 @@ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509); OPENSSL_EXPORT int X509_PURPOSE_get_count(void); OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx); -OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname); +OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname); OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id); OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg); + const char *name, const char *sname, + void *arg); OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); From 556a973f9b10ea11f1ce7751721f2f7a64e09632 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 3 Jun 2023 23:32:27 -0400 Subject: [PATCH 16/42] Add SSL_CIPHER_get_handshake_digest We added SSL_CIPHER_get_prf_nid to match the other SSL_CIPHER_get_*_nid functions, but OpenSSL went with returning the EVP_MD instead. rust-openssl uses this function, and all the callers of SSL_CIPHER_get_prf_nid then call EVP_get_digestbynid anyway, so this version is preferable. Update-Note: This change is backwards-compatible, but we should update the QUIC code to use this new function when OPENSSL_API_VERSION is high enough. It has the benefit of not pulling in random other hash functions like MD4. Change-Id: Ied66a6f0adbd5d7d86257d9349c40a2830e3c7e8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60606 Commit-Queue: David Benjamin Reviewed-by: Bob Beck Auto-Submit: David Benjamin Commit-Queue: Bob Beck --- include/openssl/base.h | 2 +- include/openssl/ssl.h | 9 +++++++-- ssl/ssl_cipher.cc | 18 +++++++++++++----- ssl/ssl_test.cc | 1 + 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/include/openssl/base.h b/include/openssl/base.h index aa5c63d088..2249aea6fa 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -197,7 +197,7 @@ extern "C" { // A consumer may use this symbol in the preprocessor to temporarily build // against multiple revisions of BoringSSL at the same time. It is not // recommended to do so for longer than is necessary. -#define BORINGSSL_API_VERSION 22 +#define BORINGSSL_API_VERSION 23 #if defined(BORINGSSL_SHARED_LIBRARY) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1de31e898f..f8f696b8d0 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1375,10 +1375,15 @@ OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher); // function returns |NID_auth_any|. OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher); -// SSL_CIPHER_get_prf_nid retuns the NID for |cipher|'s PRF hash. If |cipher| is -// a pre-TLS-1.2 cipher, it returns |NID_md5_sha1| but note these ciphers use +// SSL_CIPHER_get_handshake_digest returns |cipher|'s PRF hash. If |cipher| +// is a pre-TLS-1.2 cipher, it returns |EVP_md5_sha1| but note these ciphers use // SHA-256 in TLS 1.2. Other return values may be treated uniformly in all // applicable versions. +OPENSSL_EXPORT const EVP_MD *SSL_CIPHER_get_handshake_digest( + const SSL_CIPHER *cipher); + +// SSL_CIPHER_get_prf_nid behaves like |SSL_CIPHER_get_handshake_digest| but +// returns the NID constant. Use |SSL_CIPHER_get_handshake_digest| instead. OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher); // SSL_CIPHER_get_min_version returns the minimum protocol version required diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc index f705ee0c50..6f2098981e 100644 --- a/ssl/ssl_cipher.cc +++ b/ssl/ssl_cipher.cc @@ -1436,17 +1436,25 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher) { return NID_undef; } -int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) { +const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *cipher) { switch (cipher->algorithm_prf) { case SSL_HANDSHAKE_MAC_DEFAULT: - return NID_md5_sha1; + return EVP_md5_sha1(); case SSL_HANDSHAKE_MAC_SHA256: - return NID_sha256; + return EVP_sha256(); case SSL_HANDSHAKE_MAC_SHA384: - return NID_sha384; + return EVP_sha384(); } assert(0); - return NID_undef; + return NULL; +} + +int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) { + const EVP_MD *md = SSL_CIPHER_get_handshake_digest(cipher); + if (md == NULL) { + return NID_undef; + } + return EVP_MD_nid(md); } int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) { diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 455b996e77..b791fc30be 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -1141,6 +1141,7 @@ TEST(SSLTest, CipherProperties) { EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher)); EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher)); EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher)); + EXPECT_EQ(t.prf_nid, EVP_MD_nid(SSL_CIPHER_get_handshake_digest(cipher))); EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher)); } } From 1ca572304a8e3c7da7e7d20a36f81d4337e8f8a6 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 8 Jun 2023 13:06:20 -0400 Subject: [PATCH 17/42] Don't allow timezone offsets in ASN1_UTCTIME_set_string We had to allow this when parsing certs to remain compatible with some misissued certificates, but there's no reason to allow it when making new values. Update-Note: ASN1_UTCTIME_set_string and ASN1_TIME_set_string will no longer accept times with timezone offsets, which is forbidden by RFC 5280. These functions are used when minting new certificates, rather than parsing them. The parsing behavior is unchanged by this CL. Change-Id: I0860deb44a49e99ce477f8cde847d20edfd29ed9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60608 Auto-Submit: David Benjamin Commit-Queue: Bob Beck Reviewed-by: Bob Beck --- crypto/asn1/a_utctm.c | 5 ++++- crypto/asn1/asn1_test.cc | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 45c4081ec5..82f2df6311 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -83,11 +83,14 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) { } int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { + // Although elsewhere we allow timezone offsets with UTCTime, to be compatible + // with some existing misissued certificates, this function is used to + // construct new certificates and can be stricter. size_t len = strlen(str); CBS cbs; CBS_init(&cbs, (const uint8_t *)str, len); if (!CBS_parse_utc_time(&cbs, /*out_tm=*/NULL, - /*allow_timezone_offset=*/1)) { + /*allow_timezone_offset=*/0)) { return 0; } if (s != NULL) { diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index 849cfe90c4..c7e0bf0591 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -1116,6 +1116,12 @@ TEST(ASN1Test, TimeSetString) { EXPECT_FALSE(ASN1_UTCTIME_set_string(nullptr, "nope")); EXPECT_FALSE(ASN1_GENERALIZEDTIME_set_string(nullptr, "nope")); EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "nope")); + + // Timezone offsets are not allowed by DER. + EXPECT_FALSE(ASN1_UTCTIME_set_string(nullptr, "700101000000-0400")); + EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "700101000000-0400")); + EXPECT_FALSE(ASN1_GENERALIZEDTIME_set_string(nullptr, "19700101000000-0400")); + EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "19700101000000-0400")); } TEST(ASN1Test, AdjTime) { From 761c3ed03c80e1dd8806bc114c26226fa5aeec62 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 4 Jun 2023 12:21:29 -0400 Subject: [PATCH 18/42] Add ASN1_TIME_set_string_X509 rust-openssl uses this function when targetting OpenSSL 1.1.x. Change-Id: Ifeb1b65be9976358f9ee636ed23c1a931e03b275 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60609 Auto-Submit: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- crypto/asn1/a_time.c | 35 ++++++++++++++++++++++++++++++++++- crypto/asn1/asn1_test.cc | 35 +++++++++++++++++++++++++++++++++++ include/openssl/asn1.h | 5 +++++ 3 files changed, 74 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 87bf092138..d8ec85f7c2 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -61,6 +61,7 @@ #include #include +#include #include #include @@ -82,6 +83,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time) { return ASN1_TIME_adj(s, time, 0, 0); } +static int fits_in_utc_time(const struct tm *tm) { + return 50 <= tm->tm_year && tm->tm_year < 150; +} + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day, long offset_sec) { struct tm tm; @@ -95,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day, return NULL; } } - if ((tm.tm_year >= 50) && (tm.tm_year < 150)) { + if (fits_in_utc_time(&tm)) { return ASN1_UTCTIME_adj(s, posix_time, offset_day, offset_sec); } return ASN1_GENERALIZEDTIME_adj(s, posix_time, offset_day, offset_sec); @@ -171,6 +176,34 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_GENERALIZEDTIME_set_string(s, str); } +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) { + CBS cbs; + CBS_init(&cbs, (const uint8_t*)str, strlen(str)); + int type; + struct tm tm; + if (CBS_parse_utc_time(&cbs, /*out_tm=*/NULL, + /*allow_timezone_offset=*/0)) { + type = V_ASN1_UTCTIME; + } else if (CBS_parse_generalized_time(&cbs, &tm, + /*allow_timezone_offset=*/0)) { + type = V_ASN1_GENERALIZEDTIME; + if (fits_in_utc_time(&tm)) { + type = V_ASN1_UTCTIME; + CBS_skip(&cbs, 2); + } + } else { + return 0; + } + + if (s != NULL) { + if (!ASN1_STRING_set(s, CBS_data(&cbs), CBS_len(&cbs))) { + return 0; + } + s->type = type; + } + return 1; +} + static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t, int allow_timezone_offset) { if (t == NULL) { diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index c7e0bf0591..94f2272871 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -1100,6 +1100,32 @@ TEST(ASN1Test, TimeSetString) { EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(s.get())); EXPECT_EQ("19700101000000Z", ASN1StringToStdString(s.get())); + // |ASN1_TIME_set_string_X509| behaves similarly except it additionally + // converts GeneralizedTime to UTCTime if it fits. + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "700101000000Z")); + EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("700101000000Z", ASN1StringToStdString(s.get())); + + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "19700101000000Z")); + EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("700101000000Z", ASN1StringToStdString(s.get())); + + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "19500101000000Z")); + EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("500101000000Z", ASN1StringToStdString(s.get())); + + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "19491231235959Z")); + EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("19491231235959Z", ASN1StringToStdString(s.get())); + + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "20491231235959Z")); + EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("491231235959Z", ASN1StringToStdString(s.get())); + + ASSERT_TRUE(ASN1_TIME_set_string_X509(s.get(), "20500101000000Z")); + EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(s.get())); + EXPECT_EQ("20500101000000Z", ASN1StringToStdString(s.get())); + // Invalid inputs are rejected. EXPECT_FALSE(ASN1_UTCTIME_set_string(s.get(), "nope")); EXPECT_FALSE(ASN1_UTCTIME_set_string(s.get(), "19700101000000Z")); @@ -1111,17 +1137,26 @@ TEST(ASN1Test, TimeSetString) { // to anything. EXPECT_TRUE(ASN1_UTCTIME_set_string(nullptr, "700101000000Z")); EXPECT_TRUE(ASN1_TIME_set_string(nullptr, "700101000000Z")); + EXPECT_TRUE(ASN1_TIME_set_string_X509(nullptr, "700101000000Z")); EXPECT_TRUE(ASN1_GENERALIZEDTIME_set_string(nullptr, "19700101000000Z")); EXPECT_TRUE(ASN1_TIME_set_string(nullptr, "19700101000000Z")); + EXPECT_TRUE(ASN1_TIME_set_string_X509(nullptr, "19700101000000Z")); + // Test an input |ASN1_TIME_set_string_X509| won't convert to UTCTime. + EXPECT_TRUE(ASN1_GENERALIZEDTIME_set_string(nullptr, "20500101000000Z")); + EXPECT_TRUE(ASN1_TIME_set_string(nullptr, "20500101000000Z")); + EXPECT_TRUE(ASN1_TIME_set_string_X509(nullptr, "20500101000000Z")); EXPECT_FALSE(ASN1_UTCTIME_set_string(nullptr, "nope")); EXPECT_FALSE(ASN1_GENERALIZEDTIME_set_string(nullptr, "nope")); EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "nope")); + EXPECT_FALSE(ASN1_TIME_set_string_X509(nullptr, "nope")); // Timezone offsets are not allowed by DER. EXPECT_FALSE(ASN1_UTCTIME_set_string(nullptr, "700101000000-0400")); EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "700101000000-0400")); + EXPECT_FALSE(ASN1_TIME_set_string_X509(nullptr, "700101000000-0400")); EXPECT_FALSE(ASN1_GENERALIZEDTIME_set_string(nullptr, "19700101000000-0400")); EXPECT_FALSE(ASN1_TIME_set_string(nullptr, "19700101000000-0400")); + EXPECT_FALSE(ASN1_TIME_set_string_X509(nullptr, "19700101000000-0400")); } TEST(ASN1Test, AdjTime) { diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index d128c8dfe0..c9f265a288 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1355,6 +1355,11 @@ OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime( // GeneralizedTime. If |str| is neither, it returns zero. OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +// ASN1_TIME_set_string_X509 behaves like |ASN1_TIME_set_string| except it +// additionally converts GeneralizedTime to UTCTime if it is in the range where +// UTCTime is used. See RFC 5280, section 4.1.2.5. +OPENSSL_EXPORT int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); + // ASN1_TIME_to_time_t converts |t| to a time_t value in |out|. On // success, one is returned. On failure zero is returned. This function // will fail if the time can not be represented in a time_t. From 23ed9d3852bbc738bebeaa0fe4a0782f91d7873c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 8 Jun 2023 16:00:32 -0400 Subject: [PATCH 19/42] Add target attributes to curve25519_64_adx.h __builtin_ia32_addcarryx_u64 is, strictly speaking, an ADX intrinsic. GCC and newer Clang seem to actually implement it without ADX, but Clang 7 and older will actually try to generate ADX code with it. But since the caller is not marked target("adx"), this fails to build. Manually add ADX and BMI2 target attributes to all these functions. The compiler should be free to use those instructions as these functions all call into an ADX+BMI2 assembly function anyway. (Though it doesn't do much with this.) Note we cannot just annotate fiat_addcarryx_u64. Clang and GCC won't inline across incompatible targets, so if we tag fiat_addcarryx_u64, we need to tag the callers up the chain until we're willing to stop inlining. Change-Id: I855bb88fea666d92997984836e664292d90df5be Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60612 Reviewed-by: Adam Langley Commit-Queue: Adam Langley Auto-Submit: David Benjamin --- third_party/fiat/curve25519_64_adx.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/third_party/fiat/curve25519_64_adx.h b/third_party/fiat/curve25519_64_adx.h index 33b697b937..f50f5b8377 100644 --- a/third_party/fiat/curve25519_64_adx.h +++ b/third_party/fiat/curve25519_64_adx.h @@ -11,7 +11,11 @@ static __inline__ uint64_t fiat_value_barrier_u64(uint64_t a) { __asm__("" : "+r"(a) : /* no inputs */); return a; } + +__attribute__((target("adx,bmi2"))) static inline void fe4_mul(fe4 out, const fe4 x, const fe4 y) { fiat_curve25519_adx_mul(out, x, y); } + +__attribute__((target("adx,bmi2"))) static inline void fe4_sq(fe4 out, const fe4 x) { fiat_curve25519_adx_square(out, x); } /* @@ -28,6 +32,7 @@ static inline void fe4_sq(fe4 out, const fe4 x) { fiat_curve25519_adx_square(out * out1: [0x0 ~> 0xffffffffffffffff] * out2: [0x0 ~> 0xffffffffffffffff] */ +__attribute__((target("adx,bmi2"))) static inline void fiat_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { // NOTE: edited after generation #if defined(_M_X64) @@ -59,6 +64,7 @@ static inline void fiat_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, * out1: [0x0 ~> 0xffffffffffffffff] * out2: [0x0 ~> 0x1] */ +__attribute__((target("adx,bmi2"))) static inline void fiat_addcarryx_u64(uint64_t* out1, fiat_uint1* out2, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { // NOTE: edited after generation #if defined(__has_builtin) @@ -100,6 +106,7 @@ static inline void fiat_addcarryx_u64(uint64_t* out1, fiat_uint1* out2, fiat_uin * out1: [0x0 ~> 0xffffffffffffffff] * out2: [0x0 ~> 0x1] */ +__attribute__((target("adx,bmi2"))) static inline void fiat_subborrowx_u64(uint64_t* out1, fiat_uint1* out2, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { #if defined(__has_builtin) # if __has_builtin(__builtin_ia32_subborrow_u64) @@ -134,6 +141,7 @@ static inline void fiat_subborrowx_u64(uint64_t* out1, fiat_uint1* out2, fiat_ui * Output Bounds: * out1: [0x0 ~> 0xffffffffffffffff] */ +__attribute__((target("adx,bmi2"))) static inline void fiat_cmovznz_u64(uint64_t* out1, fiat_uint1 arg1, uint64_t arg2, uint64_t arg3) { fiat_uint1 x1; uint64_t x2; @@ -151,6 +159,7 @@ static inline void fiat_cmovznz_u64(uint64_t* out1, fiat_uint1 arg1, uint64_t ar * Output Bounds: * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +__attribute__((target("adx,bmi2"))) static void fe4_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { uint64_t x1; fiat_uint1 x2; @@ -196,6 +205,7 @@ static void fe4_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg * Output Bounds: * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +__attribute__((target("adx,bmi2"))) static void fe4_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { uint64_t x1; uint64_t x2; @@ -249,6 +259,7 @@ static void fe4_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg * Output Bounds: * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +__attribute__((target("adx,bmi2"))) static void fe4_scmul(uint64_t out1[4], const uint64_t arg1[4], uint64_t arg2) { uint64_t x1; uint64_t x2; @@ -303,6 +314,7 @@ static void fe4_scmul(uint64_t out1[4], const uint64_t arg1[4], uint64_t arg2) { * Output Bounds: * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +__attribute__((target("adx,bmi2"))) static void fe4_canon(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x1; fiat_uint1 x2; @@ -359,6 +371,7 @@ static void fe4_canon(uint64_t out1[4], const uint64_t arg1[4]) { * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] * out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +__attribute__((target("adx,bmi2"))) static void fe4_cswap(uint64_t out1[4], uint64_t out2[4], fiat_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { uint64_t x1; uint64_t x2; @@ -392,6 +405,7 @@ static void fe4_cswap(uint64_t out1[4], uint64_t out2[4], fiat_uint1 arg1, const // implementations both 4-limb and 5-limb versions of the curve-level code need // to be included in builds targetting an unknown variant of x86_64. +__attribute__((target("adx,bmi2"))) static void fe4_invert(fe4 out, const fe4 z) { fe4 t0; fe4 t1; @@ -450,6 +464,7 @@ static void fe4_invert(fe4 out, const fe4 z) { fe4_mul(out, t1, t0); } +__attribute__((target("adx,bmi2"))) void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { uint8_t e[32]; @@ -541,6 +556,7 @@ typedef struct { fe4 xy2d; } ge_precomp_4; +__attribute__((target("adx,bmi2"))) static void inline_x25519_ge_dbl_4(ge_p3_4 *r, const ge_p3_4 *p, bool skip_t) { // Transcribed from a Coq function proven against affine coordinates. // https://github.com/mit-plv/fiat-crypto/blob/9943ba9e7d8f3e1c0054b2c94a5edca46ea73ef8/src/Curves/Edwards/XYZT/Basic.v#L136-L165 @@ -563,6 +579,7 @@ static void inline_x25519_ge_dbl_4(ge_p3_4 *r, const ge_p3_4 *p, bool skip_t) { } } +__attribute__((target("adx,bmi2"))) __attribute__((always_inline)) // 4% speedup with clang14 and zen2 static inline void ge_p3_add_p3_precomp_4(ge_p3_4 *r, const ge_p3_4 *p, const ge_precomp_4 *q) { @@ -623,6 +640,7 @@ static inline void table_select_4(ge_precomp_4 *t, const int pos, // // Preconditions: // a[31] <= 127 +__attribute__((target("adx,bmi2"))) void x25519_ge_scalarmult_base_adx(uint8_t h[4][32], const uint8_t a[32]) { signed char e[64]; signed char carry; From d4553e0538509b673137900db28413706a2be792 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 3 Jun 2023 01:11:16 -0400 Subject: [PATCH 20/42] Make RSA opaque Three years of updating calling code are finally complete! Update-Note: Accessing the RSA struct directly is no longer supported. Use accessors instead. Bug: 316, 325 Change-Id: I27b4c9899cb96f5807075b8fe351eaf72a9a9d44 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60610 Reviewed-by: Adam Langley Reviewed-by: Bob Beck Auto-Submit: David Benjamin Commit-Queue: Adam Langley --- crypto/fipsmodule/rsa/internal.h | 56 +++++++++++++++++ .../service_indicator_test.cc | 2 +- include/openssl/rsa.h | 61 ------------------- tool/speed.cc | 8 +-- 4 files changed, 59 insertions(+), 68 deletions(-) diff --git a/crypto/fipsmodule/rsa/internal.h b/crypto/fipsmodule/rsa/internal.h index b940f6801f..7a8b21919f 100644 --- a/crypto/fipsmodule/rsa/internal.h +++ b/crypto/fipsmodule/rsa/internal.h @@ -68,6 +68,62 @@ extern "C" { #endif +typedef struct bn_blinding_st BN_BLINDING; + +struct rsa_st { + RSA_METHOD *meth; + + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + // be careful using this if the RSA structure is shared + CRYPTO_EX_DATA ex_data; + CRYPTO_refcount_t references; + int flags; + + CRYPTO_MUTEX lock; + + // Used to cache montgomery values. The creation of these values is protected + // by |lock|. + BN_MONT_CTX *mont_n; + BN_MONT_CTX *mont_p; + BN_MONT_CTX *mont_q; + + // The following fields are copies of |d|, |dmp1|, and |dmq1|, respectively, + // but with the correct widths to prevent side channels. These must use + // separate copies due to threading concerns caused by OpenSSL's API + // mistakes. See https://github.com/openssl/openssl/issues/5158 and + // the |freeze_private_key| implementation. + BIGNUM *d_fixed, *dmp1_fixed, *dmq1_fixed; + + // inv_small_mod_large_mont is q^-1 mod p in Montgomery form, using |mont_p|, + // if |p| >= |q|. Otherwise, it is p^-1 mod q in Montgomery form, using + // |mont_q|. + BIGNUM *inv_small_mod_large_mont; + + // num_blindings contains the size of the |blindings| and |blindings_inuse| + // arrays. This member and the |blindings_inuse| array are protected by + // |lock|. + size_t num_blindings; + // blindings is an array of BN_BLINDING structures that can be reserved by a + // thread by locking |lock| and changing the corresponding element in + // |blindings_inuse| from 0 to 1. + BN_BLINDING **blindings; + unsigned char *blindings_inuse; + uint64_t blinding_fork_generation; + + // private_key_frozen is one if the key has been used for a private key + // operation and may no longer be mutated. + unsigned private_key_frozen:1; +}; + + #define RSA_PKCS1_PADDING_SIZE 11 // Default implementations of RSA operations. diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 4389b98149..8ae52dedf9 100644 --- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -1065,7 +1065,7 @@ TEST(ServiceIndicatorTest, RSAKeyGen) { EXPECT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( approved, RSA_generate_key_fips(rsa.get(), bits, nullptr))); EXPECT_EQ(approved, FIPSStatus::APPROVED); - EXPECT_EQ(bits, BN_num_bits(rsa->n)); + EXPECT_EQ(bits, RSA_bits(rsa.get())); } // Test running the EVP_PKEY_keygen interfaces one by one directly, and check diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 9b21d83172..fd183f7912 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -818,67 +818,6 @@ struct rsa_meth_st { }; -// Private functions. - -typedef struct bn_blinding_st BN_BLINDING; - -struct rsa_st { - RSA_METHOD *meth; - - // Access to the following fields was historically allowed, but - // deprecated. Use |RSA_get0_*| and |RSA_set0_*| instead. Access to all other - // fields is forbidden and will cause threading errors. - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - - // be careful using this if the RSA structure is shared - CRYPTO_EX_DATA ex_data; - CRYPTO_refcount_t references; - int flags; - - CRYPTO_MUTEX lock; - - // Used to cache montgomery values. The creation of these values is protected - // by |lock|. - BN_MONT_CTX *mont_n; - BN_MONT_CTX *mont_p; - BN_MONT_CTX *mont_q; - - // The following fields are copies of |d|, |dmp1|, and |dmq1|, respectively, - // but with the correct widths to prevent side channels. These must use - // separate copies due to threading concerns caused by OpenSSL's API - // mistakes. See https://github.com/openssl/openssl/issues/5158 and - // the |freeze_private_key| implementation. - BIGNUM *d_fixed, *dmp1_fixed, *dmq1_fixed; - - // inv_small_mod_large_mont is q^-1 mod p in Montgomery form, using |mont_p|, - // if |p| >= |q|. Otherwise, it is p^-1 mod q in Montgomery form, using - // |mont_q|. - BIGNUM *inv_small_mod_large_mont; - - // num_blindings contains the size of the |blindings| and |blindings_inuse| - // arrays. This member and the |blindings_inuse| array are protected by - // |lock|. - size_t num_blindings; - // blindings is an array of BN_BLINDING structures that can be reserved by a - // thread by locking |lock| and changing the corresponding element in - // |blindings_inuse| from 0 to 1. - BN_BLINDING **blindings; - unsigned char *blindings_inuse; - uint64_t blinding_fork_generation; - - // private_key_frozen is one if the key has been used for a private key - // operation and may no longer be mutated. - unsigned private_key_frozen:1; -}; - - #if defined(__cplusplus) } // extern C diff --git a/tool/speed.cc b/tool/speed.cc index e2594db6ed..8b4b13c6b9 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -367,15 +367,11 @@ static bool SpeedRSA(const std::string &selected) { // construct a new RSA key, with a new |BN_MONT_CTX| for the // public modulus. If we were to use |key| directly instead, then // these costs wouldn't be accounted for. - bssl::UniquePtr verify_key(RSA_new()); + bssl::UniquePtr verify_key(RSA_new_public_key( + RSA_get0_n(key.get()), RSA_get0_e(key.get()))); if (!verify_key) { return false; } - verify_key->n = BN_dup(key->n); - verify_key->e = BN_dup(key->e); - if (!verify_key->n || !verify_key->e) { - return false; - } return RSA_verify(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash), sig, sig_len, verify_key.get()); From 04c3d40f0695b07b9795e8a69a3babeab52b861f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 3 Jun 2023 01:26:29 -0400 Subject: [PATCH 21/42] Remove CRYPTO_MUTEX from public headers We no longer need to define CRYPTO_MUTEX in public headers. This simplifies a pile of things. First, we can now use pthread_rwlock_t without any fuss, rather than trying to guess the size on glibc. As a result, CRYPTO_MUTEX and CRYPTO_STATIC_MUTEX can be merged into one type. We can almost do this to CRYPTO_refcount_t too. BIO is the one straggler remaining. Fixed: 325 Change-Id: Ie93c9f553c0f02ce594b959c041b00fc15ba51d2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60611 Commit-Queue: David Benjamin Reviewed-by: Bob Beck --- crypto/asn1/a_strnid.c | 10 ++--- crypto/bio/bio.c | 6 +-- crypto/dsa/internal.h | 2 + crypto/err/err.c | 7 ++-- crypto/ex_data.c | 6 +-- crypto/fipsmodule/delocate.h | 11 +++--- crypto/fipsmodule/dh/internal.h | 2 + crypto/fipsmodule/ec/ec.c | 8 ++-- crypto/fipsmodule/rand/fork_detect.c | 6 +-- crypto/fipsmodule/rand/rand.c | 22 +++++------ crypto/fipsmodule/rsa/internal.h | 1 + crypto/internal.h | 57 ++++++---------------------- crypto/mem.c | 15 ++++---- crypto/obj/obj.c | 42 ++++++++++---------- crypto/pool/internal.h | 1 + crypto/rand_extra/deterministic.c | 6 +-- crypto/thread_none.c | 8 ---- crypto/thread_pthread.c | 41 +++----------------- crypto/thread_test.cc | 8 ++-- crypto/thread_win.c | 31 +++------------ crypto/x509/by_dir.c | 14 +++---- crypto/x509/internal.h | 1 + crypto/x509/x_crl.c | 10 ++--- crypto/x509/x_pubkey.c | 14 +++---- include/openssl/thread.h | 28 -------------- 25 files changed, 118 insertions(+), 239 deletions(-) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 48c223d6ad..db25b2a69a 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -72,7 +72,7 @@ DEFINE_LHASH_OF(ASN1_STRING_TABLE) static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL; -static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX string_tables_lock = CRYPTO_MUTEX_INIT; void ASN1_STRING_set_default_mask(unsigned long mask) {} @@ -176,11 +176,11 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) { return tbl; } - CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock); + CRYPTO_MUTEX_lock_read(&string_tables_lock); if (string_tables != NULL) { tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key); } - CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock); + CRYPTO_MUTEX_unlock_read(&string_tables_lock); // Note returning |tbl| without the lock is only safe because // |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we // wish to support that, this function must copy the result under a lock. @@ -196,7 +196,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, } int ret = 0; - CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock); + CRYPTO_MUTEX_lock_write(&string_tables_lock); if (string_tables == NULL) { string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp); @@ -232,7 +232,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, ret = 1; err: - CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock); + CRYPTO_MUTEX_unlock_write(&string_tables_lock); return ret; } diff --git a/crypto/bio/bio.c b/crypto/bio/bio.c index ca5cbff36d..b2d9563873 100644 --- a/crypto/bio/bio.c +++ b/crypto/bio/bio.c @@ -628,14 +628,14 @@ void BIO_set_retry_special(BIO *bio) { int BIO_set_write_buffer_size(BIO *bio, int buffer_size) { return 0; } -static struct CRYPTO_STATIC_MUTEX g_index_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX g_index_lock = CRYPTO_MUTEX_INIT; static int g_index = BIO_TYPE_START; int BIO_get_new_index(void) { - CRYPTO_STATIC_MUTEX_lock_write(&g_index_lock); + CRYPTO_MUTEX_lock_write(&g_index_lock); // If |g_index| exceeds 255, it will collide with the flags bits. int ret = g_index > 255 ? -1 : g_index++; - CRYPTO_STATIC_MUTEX_unlock_write(&g_index_lock); + CRYPTO_MUTEX_unlock_write(&g_index_lock); return ret; } diff --git a/crypto/dsa/internal.h b/crypto/dsa/internal.h index aae32637c2..61cf9a65bd 100644 --- a/crypto/dsa/internal.h +++ b/crypto/dsa/internal.h @@ -19,6 +19,8 @@ #include +#include "../internal.h" + #if defined(__cplusplus) extern "C" { #endif diff --git a/crypto/err/err.c b/crypto/err/err.c index 133a831588..eff2dc9e01 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -192,8 +192,7 @@ static int global_next_library = ERR_NUM_LIBS; // global_next_library_mutex protects |global_next_library| from concurrent // updates. -static struct CRYPTO_STATIC_MUTEX global_next_library_mutex = - CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX global_next_library_mutex = CRYPTO_MUTEX_INIT; static void err_state_free(void *statep) { ERR_STATE *state = statep; @@ -367,9 +366,9 @@ void ERR_remove_thread_state(const CRYPTO_THREADID *tid) { int ERR_get_next_error_library(void) { int ret; - CRYPTO_STATIC_MUTEX_lock_write(&global_next_library_mutex); + CRYPTO_MUTEX_lock_write(&global_next_library_mutex); ret = global_next_library++; - CRYPTO_STATIC_MUTEX_unlock_write(&global_next_library_mutex); + CRYPTO_MUTEX_unlock_write(&global_next_library_mutex); return ret; } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index d34769f95a..7dc3272ba4 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -144,13 +144,13 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index, funcs->free_func = free_func; funcs->next = NULL; - CRYPTO_STATIC_MUTEX_lock_write(&ex_data_class->lock); + CRYPTO_MUTEX_lock_write(&ex_data_class->lock); uint32_t num_funcs = CRYPTO_atomic_load_u32(&ex_data_class->num_funcs); // The index must fit in |int|. if (num_funcs > (size_t)(INT_MAX - ex_data_class->num_reserved)) { OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); - CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock); + CRYPTO_MUTEX_unlock_write(&ex_data_class->lock); return 0; } @@ -165,7 +165,7 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index, } CRYPTO_atomic_store_u32(&ex_data_class->num_funcs, num_funcs + 1); - CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock); + CRYPTO_MUTEX_unlock_write(&ex_data_class->lock); *out_index = (int)num_funcs + ex_data_class->num_reserved; return 1; } diff --git a/crypto/fipsmodule/delocate.h b/crypto/fipsmodule/delocate.h index d6564e487e..5890ea8877 100644 --- a/crypto/fipsmodule/delocate.h +++ b/crypto/fipsmodule/delocate.h @@ -27,9 +27,8 @@ type *name##_bss_get(void) __attribute__((const)); // For FIPS builds we require that CRYPTO_ONCE_INIT be zero. #define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name) -// For FIPS builds we require that CRYPTO_STATIC_MUTEX_INIT be zero. -#define DEFINE_STATIC_MUTEX(name) \ - DEFINE_BSS_GET(struct CRYPTO_STATIC_MUTEX, name) +// For FIPS builds we require that CRYPTO_MUTEX_INIT be zero. +#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name) // For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero. #define DEFINE_STATIC_EX_DATA_CLASS(name) \ DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name) @@ -40,9 +39,9 @@ #define DEFINE_STATIC_ONCE(name) \ static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \ static CRYPTO_once_t *name##_bss_get(void) { return &name; } -#define DEFINE_STATIC_MUTEX(name) \ - static struct CRYPTO_STATIC_MUTEX name = CRYPTO_STATIC_MUTEX_INIT; \ - static struct CRYPTO_STATIC_MUTEX *name##_bss_get(void) { return &name; } +#define DEFINE_STATIC_MUTEX(name) \ + static CRYPTO_MUTEX name = CRYPTO_MUTEX_INIT; \ + static CRYPTO_MUTEX *name##_bss_get(void) { return &name; } #define DEFINE_STATIC_EX_DATA_CLASS(name) \ static CRYPTO_EX_DATA_CLASS name = CRYPTO_EX_DATA_CLASS_INIT; \ static CRYPTO_EX_DATA_CLASS *name##_bss_get(void) { return &name; } diff --git a/crypto/fipsmodule/dh/internal.h b/crypto/fipsmodule/dh/internal.h index fb525d4bbd..fe7fda4e9d 100644 --- a/crypto/fipsmodule/dh/internal.h +++ b/crypto/fipsmodule/dh/internal.h @@ -19,6 +19,8 @@ #include +#include "../../internal.h" + #if defined(__cplusplus) extern "C" { #endif diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c index 04f2a983d9..ac14f2e058 100644 --- a/crypto/fipsmodule/ec/ec.c +++ b/crypto/fipsmodule/ec/ec.c @@ -520,9 +520,9 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { return NULL; } - CRYPTO_STATIC_MUTEX_lock_read(built_in_groups_lock_bss_get()); + CRYPTO_MUTEX_lock_read(built_in_groups_lock_bss_get()); EC_GROUP *ret = *group_ptr; - CRYPTO_STATIC_MUTEX_unlock_read(built_in_groups_lock_bss_get()); + CRYPTO_MUTEX_unlock_read(built_in_groups_lock_bss_get()); if (ret != NULL) { return ret; } @@ -533,7 +533,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { } EC_GROUP *to_free = NULL; - CRYPTO_STATIC_MUTEX_lock_write(built_in_groups_lock_bss_get()); + CRYPTO_MUTEX_lock_write(built_in_groups_lock_bss_get()); if (*group_ptr == NULL) { *group_ptr = ret; // Filling in |ret->curve_name| makes |EC_GROUP_free| and |EC_GROUP_dup| @@ -543,7 +543,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { to_free = ret; ret = *group_ptr; } - CRYPTO_STATIC_MUTEX_unlock_write(built_in_groups_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(built_in_groups_lock_bss_get()); EC_GROUP_free(to_free); return ret; diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c index 9e46223c4e..5ae154457f 100644 --- a/crypto/fipsmodule/rand/fork_detect.c +++ b/crypto/fipsmodule/rand/fork_detect.c @@ -114,8 +114,8 @@ uint64_t CRYPTO_get_fork_generation(void) { // The flag was zero. The generation number must be incremented, but other // threads may have concurrently observed the zero, so take a lock before // incrementing. - struct CRYPTO_STATIC_MUTEX *const lock = g_fork_detect_lock_bss_get(); - CRYPTO_STATIC_MUTEX_lock_write(lock); + CRYPTO_MUTEX *const lock = g_fork_detect_lock_bss_get(); + CRYPTO_MUTEX_lock_write(lock); uint64_t current_generation = *generation_ptr; if (CRYPTO_atomic_load_u32(flag_ptr) == 0) { // A fork has occurred. @@ -130,7 +130,7 @@ uint64_t CRYPTO_get_fork_generation(void) { *generation_ptr = current_generation; CRYPTO_atomic_store_u32(flag_ptr, 1); } - CRYPTO_STATIC_MUTEX_unlock_write(lock); + CRYPTO_MUTEX_unlock_write(lock); return current_generation; } diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c index a3fc6880d3..04ea8a3ba6 100644 --- a/crypto/fipsmodule/rand/rand.c +++ b/crypto/fipsmodule/rand/rand.c @@ -92,7 +92,7 @@ DEFINE_STATIC_MUTEX(thread_states_list_lock); static void rand_thread_state_clear_all(void) __attribute__((destructor)); static void rand_thread_state_clear_all(void) { - CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + CRYPTO_MUTEX_lock_write(thread_states_list_lock_bss_get()); for (struct rand_thread_state *cur = *thread_states_list_bss_get(); cur != NULL; cur = cur->next) { CRYPTO_MUTEX_lock_write(&cur->clear_drbg_lock); @@ -115,7 +115,7 @@ static void rand_thread_state_free(void *state_in) { } #if defined(BORINGSSL_FIPS) - CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + CRYPTO_MUTEX_lock_write(thread_states_list_lock_bss_get()); if (state->prev != NULL) { state->prev->next = state->next; @@ -127,7 +127,7 @@ static void rand_thread_state_free(void *state_in) { state->next->prev = state->prev; } - CRYPTO_STATIC_MUTEX_unlock_write(thread_states_list_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(thread_states_list_lock_bss_get()); CTR_DRBG_clear(&state->drbg); #endif @@ -203,7 +203,7 @@ void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len, int want_additional_input) { struct entropy_buffer *const buffer = entropy_buffer_bss_get(); - CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get()); const size_t space = sizeof(buffer->bytes) - buffer->bytes_valid; if (entropy_len > space) { entropy_len = space; @@ -213,7 +213,7 @@ void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len, buffer->bytes_valid += entropy_len; buffer->want_additional_input |= want_additional_input && (entropy_len != 0); - CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); } // get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the @@ -225,11 +225,11 @@ static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, abort(); } - CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get()); while (buffer->bytes_valid < out_entropy_len) { - CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); RAND_need_entropy(out_entropy_len - buffer->bytes_valid); - CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get()); } *out_want_additional_input = buffer->want_additional_input; @@ -241,7 +241,7 @@ static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, buffer->want_additional_input = 0; } - CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); } // rand_get_seed fills |seed| with entropy. In some cases, it will additionally @@ -397,7 +397,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, #if defined(BORINGSSL_FIPS) CRYPTO_MUTEX_init(&state->clear_drbg_lock); if (state != &stack_state) { - CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + CRYPTO_MUTEX_lock_write(thread_states_list_lock_bss_get()); struct rand_thread_state **states_list = thread_states_list_bss_get(); state->next = *states_list; if (state->next != NULL) { @@ -405,7 +405,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, } state->prev = NULL; *states_list = state; - CRYPTO_STATIC_MUTEX_unlock_write(thread_states_list_lock_bss_get()); + CRYPTO_MUTEX_unlock_write(thread_states_list_lock_bss_get()); } #endif } diff --git a/crypto/fipsmodule/rsa/internal.h b/crypto/fipsmodule/rsa/internal.h index 7a8b21919f..c6bf60a441 100644 --- a/crypto/fipsmodule/rsa/internal.h +++ b/crypto/fipsmodule/rsa/internal.h @@ -62,6 +62,7 @@ #include #include +#include "../../internal.h" #if defined(__cplusplus) extern "C" { diff --git a/crypto/internal.h b/crypto/internal.h index ddf79b6797..98e2178140 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -735,37 +735,24 @@ OPENSSL_EXPORT int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count); // Locks. -// -// Two types of locks are defined: |CRYPTO_MUTEX|, which can be used in -// structures as normal, and |struct CRYPTO_STATIC_MUTEX|, which can be used as -// a global lock. A global lock must be initialised to the value -// |CRYPTO_STATIC_MUTEX_INIT|. -// -// |CRYPTO_MUTEX| can appear in public structures and so is defined in -// thread.h as a structure large enough to fit the real type. The global lock is -// a different type so it may be initialized with platform initializer macros. #if !defined(OPENSSL_THREADS) -struct CRYPTO_STATIC_MUTEX { +typedef struct crypto_mutex_st { char padding; // Empty structs have different sizes in C and C++. -}; -#define CRYPTO_STATIC_MUTEX_INIT { 0 } +} CRYPTO_MUTEX; +#define CRYPTO_MUTEX_INIT { 0 } #elif defined(OPENSSL_WINDOWS_THREADS) -struct CRYPTO_STATIC_MUTEX { - SRWLOCK lock; -}; -#define CRYPTO_STATIC_MUTEX_INIT { SRWLOCK_INIT } +typedef SRWLOCK CRYPTO_MUTEX; +#define CRYPTO_MUTEX_INIT SRWLOCK_INIT #elif defined(OPENSSL_PTHREADS) -struct CRYPTO_STATIC_MUTEX { - pthread_rwlock_t lock; -}; -#define CRYPTO_STATIC_MUTEX_INIT { PTHREAD_RWLOCK_INITIALIZER } +typedef pthread_rwlock_t CRYPTO_MUTEX; +#define CRYPTO_MUTEX_INIT PTHREAD_RWLOCK_INITIALIZER #else #error "Unknown threading library" #endif // CRYPTO_MUTEX_init initialises |lock|. If |lock| is a static variable, use a -// |CRYPTO_STATIC_MUTEX|. +// |CRYPTO_MUTEX_INIT|. OPENSSL_EXPORT void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock); // CRYPTO_MUTEX_lock_read locks |lock| such that other threads may also have a @@ -785,28 +772,6 @@ OPENSSL_EXPORT void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock); // CRYPTO_MUTEX_cleanup releases all resources held by |lock|. OPENSSL_EXPORT void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock); -// CRYPTO_STATIC_MUTEX_lock_read locks |lock| such that other threads may also -// have a read lock, but none may have a write lock. The |lock| variable does -// not need to be initialised by any function, but must have been statically -// initialised with |CRYPTO_STATIC_MUTEX_INIT|. -OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_lock_read( - struct CRYPTO_STATIC_MUTEX *lock); - -// CRYPTO_STATIC_MUTEX_lock_write locks |lock| such that no other thread has -// any type of lock on it. The |lock| variable does not need to be initialised -// by any function, but must have been statically initialised with -// |CRYPTO_STATIC_MUTEX_INIT|. -OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_lock_write( - struct CRYPTO_STATIC_MUTEX *lock); - -// CRYPTO_STATIC_MUTEX_unlock_read unlocks |lock| for reading. -OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock_read( - struct CRYPTO_STATIC_MUTEX *lock); - -// CRYPTO_STATIC_MUTEX_unlock_write unlocks |lock| for writing. -OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock_write( - struct CRYPTO_STATIC_MUTEX *lock); - #if defined(__cplusplus) extern "C++" { @@ -892,7 +857,7 @@ typedef struct crypto_ex_data_func_st CRYPTO_EX_DATA_FUNCS; // supports ex_data. It should defined as a static global within the module // which defines that type. typedef struct { - struct CRYPTO_STATIC_MUTEX lock; + CRYPTO_MUTEX lock; // funcs is a linked list of |CRYPTO_EX_DATA_FUNCS| structures. It may be // traversed without serialization only up to |num_funcs|. last points to the // final entry of |funcs|, or NULL if empty. @@ -904,9 +869,9 @@ typedef struct { uint8_t num_reserved; } CRYPTO_EX_DATA_CLASS; -#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_STATIC_MUTEX_INIT, NULL, NULL, 0, 0} +#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 0} #define CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA \ - {CRYPTO_STATIC_MUTEX_INIT, NULL, NULL, 0, 1} + {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 1} // CRYPTO_get_ex_new_index allocates a new index for |ex_data_class| and writes // it to |*out_index|. Each class of object should provide a wrapper function diff --git a/crypto/mem.c b/crypto/mem.c index 4905caf7f4..89832fce50 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -159,21 +159,20 @@ static const uint8_t kBoringSSLBinaryTag[18] = { }; #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) -static struct CRYPTO_STATIC_MUTEX malloc_failure_lock = - CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT; static uint64_t current_malloc_count = 0; static uint64_t malloc_number_to_fail = 0; static int malloc_failure_enabled = 0, break_on_malloc_fail = 0, any_malloc_failed = 0; static void malloc_exit_handler(void) { - CRYPTO_STATIC_MUTEX_lock_read(&malloc_failure_lock); + CRYPTO_MUTEX_lock_read(&malloc_failure_lock); if (any_malloc_failed) { // Signal to the test driver that some allocation failed, so it knows to // increment the counter and continue. _exit(88); } - CRYPTO_STATIC_MUTEX_unlock_read(&malloc_failure_lock); + CRYPTO_MUTEX_unlock_read(&malloc_failure_lock); } static void init_malloc_failure(void) { @@ -200,11 +199,11 @@ static int should_fail_allocation() { // We lock just so multi-threaded tests are still correct, but we won't test // every malloc exhaustively. - CRYPTO_STATIC_MUTEX_lock_write(&malloc_failure_lock); + CRYPTO_MUTEX_lock_write(&malloc_failure_lock); int should_fail = current_malloc_count == malloc_number_to_fail; current_malloc_count++; any_malloc_failed = any_malloc_failed || should_fail; - CRYPTO_STATIC_MUTEX_unlock_write(&malloc_failure_lock); + CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); if (should_fail && break_on_malloc_fail) { raise(SIGTRAP); @@ -216,9 +215,9 @@ static int should_fail_allocation() { } void OPENSSL_reset_malloc_counter_for_testing(void) { - CRYPTO_STATIC_MUTEX_lock_write(&malloc_failure_lock); + CRYPTO_MUTEX_lock_write(&malloc_failure_lock); current_malloc_count = 0; - CRYPTO_STATIC_MUTEX_unlock_write(&malloc_failure_lock); + CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); } #else diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c index 1ce9d5479e..67c73d4f35 100644 --- a/crypto/obj/obj.c +++ b/crypto/obj/obj.c @@ -77,24 +77,20 @@ DEFINE_LHASH_OF(ASN1_OBJECT) -static struct CRYPTO_STATIC_MUTEX global_added_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX global_added_lock = CRYPTO_MUTEX_INIT; // These globals are protected by |global_added_lock|. static LHASH_OF(ASN1_OBJECT) *global_added_by_data = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_nid = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_short_name = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_long_name = NULL; -static struct CRYPTO_STATIC_MUTEX global_next_nid_lock = - CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX global_next_nid_lock = CRYPTO_MUTEX_INIT; static unsigned global_next_nid = NUM_NID; static int obj_next_nid(void) { - int ret; - - CRYPTO_STATIC_MUTEX_lock_write(&global_next_nid_lock); - ret = global_next_nid++; - CRYPTO_STATIC_MUTEX_unlock_write(&global_next_nid_lock); - + CRYPTO_MUTEX_lock_write(&global_next_nid_lock); + int ret = global_next_nid++; + CRYPTO_MUTEX_unlock_write(&global_next_nid_lock); return ret; } @@ -213,17 +209,17 @@ int OBJ_obj2nid(const ASN1_OBJECT *obj) { return obj->nid; } - CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); + CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_data != NULL) { ASN1_OBJECT *match; match = lh_ASN1_OBJECT_retrieve(global_added_by_data, obj); if (match != NULL) { - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; } } - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); const uint16_t *nid_ptr = bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder), @@ -259,18 +255,18 @@ static int short_name_cmp(const void *key, const void *element) { } int OBJ_sn2nid(const char *short_name) { - CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); + CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_short_name != NULL) { ASN1_OBJECT *match, template; template.sn = short_name; match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template); if (match != NULL) { - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; } } - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); const uint16_t *nid_ptr = bsearch(short_name, kNIDsInShortNameOrder, @@ -294,18 +290,18 @@ static int long_name_cmp(const void *key, const void *element) { } int OBJ_ln2nid(const char *long_name) { - CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); + CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_long_name != NULL) { ASN1_OBJECT *match, template; template.ln = long_name; match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template); if (match != NULL) { - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; } } - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); const uint16_t *nid_ptr = bsearch( long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder), @@ -349,18 +345,18 @@ ASN1_OBJECT *OBJ_nid2obj(int nid) { return (ASN1_OBJECT *)&kObjects[nid]; } - CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); + CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_nid != NULL) { ASN1_OBJECT *match, template; template.nid = nid; match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template); if (match != NULL) { - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); return match; } } - CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); + CRYPTO_MUTEX_unlock_read(&global_added_lock); err: OPENSSL_PUT_ERROR(OBJ, OBJ_R_UNKNOWN_NID); @@ -508,7 +504,7 @@ static int obj_add_object(ASN1_OBJECT *obj) { obj->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); - CRYPTO_STATIC_MUTEX_lock_write(&global_added_lock); + CRYPTO_MUTEX_lock_write(&global_added_lock); if (global_added_by_nid == NULL) { global_added_by_nid = lh_ASN1_OBJECT_new(hash_nid, cmp_nid); } @@ -548,7 +544,7 @@ static int obj_add_object(ASN1_OBJECT *obj) { } err: - CRYPTO_STATIC_MUTEX_unlock_write(&global_added_lock); + CRYPTO_MUTEX_unlock_write(&global_added_lock); return ok; } diff --git a/crypto/pool/internal.h b/crypto/pool/internal.h index f9f4838b84..d8c560bc97 100644 --- a/crypto/pool/internal.h +++ b/crypto/pool/internal.h @@ -18,6 +18,7 @@ #include #include +#include "../internal.h" #include "../lhash/internal.h" diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.c index 435f063382..ecdf84d6d5 100644 --- a/crypto/rand_extra/deterministic.c +++ b/crypto/rand_extra/deterministic.c @@ -30,16 +30,16 @@ // multi-threaded program, replace this with a thread-local. (A mutex would not // be deterministic.) static uint64_t g_num_calls = 0; -static struct CRYPTO_STATIC_MUTEX g_num_calls_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX g_num_calls_lock = CRYPTO_MUTEX_INIT; void RAND_reset_for_fuzzing(void) { g_num_calls = 0; } void CRYPTO_sysrand(uint8_t *out, size_t requested) { static const uint8_t kZeroKey[32]; - CRYPTO_STATIC_MUTEX_lock_write(&g_num_calls_lock); + CRYPTO_MUTEX_lock_write(&g_num_calls_lock); uint64_t num_calls = g_num_calls++; - CRYPTO_STATIC_MUTEX_unlock_write(&g_num_calls_lock); + CRYPTO_MUTEX_unlock_write(&g_num_calls_lock); uint8_t nonce[12]; OPENSSL_memset(nonce, 0, sizeof(nonce)); diff --git a/crypto/thread_none.c b/crypto/thread_none.c index 4f07b9d9c8..e6f7d427e8 100644 --- a/crypto/thread_none.c +++ b/crypto/thread_none.c @@ -28,14 +28,6 @@ void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) {} void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) {} -void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) {} - -void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) {} - -void CRYPTO_STATIC_MUTEX_unlock_read(struct CRYPTO_STATIC_MUTEX *lock) {} - -void CRYPTO_STATIC_MUTEX_unlock_write(struct CRYPTO_STATIC_MUTEX *lock) {} - void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { if (*once) { return; diff --git a/crypto/thread_pthread.c b/crypto/thread_pthread.c index 82cbbfe574..a40fbc0058 100644 --- a/crypto/thread_pthread.c +++ b/crypto/thread_pthread.c @@ -23,67 +23,38 @@ #include #include -static_assert(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t), - "CRYPTO_MUTEX is too small"); -static_assert(alignof(CRYPTO_MUTEX) >= alignof(pthread_rwlock_t), - "CRYPTO_MUTEX has insufficient alignment"); - void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { - if (pthread_rwlock_init((pthread_rwlock_t *) lock, NULL) != 0) { + if (pthread_rwlock_init(lock, NULL) != 0) { abort(); } } void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { - if (pthread_rwlock_rdlock((pthread_rwlock_t *) lock) != 0) { + if (pthread_rwlock_rdlock(lock) != 0) { abort(); } } void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { - if (pthread_rwlock_wrlock((pthread_rwlock_t *) lock) != 0) { + if (pthread_rwlock_wrlock(lock) != 0) { abort(); } } void CRYPTO_MUTEX_unlock_read(CRYPTO_MUTEX *lock) { - if (pthread_rwlock_unlock((pthread_rwlock_t *) lock) != 0) { + if (pthread_rwlock_unlock(lock) != 0) { abort(); } } void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) { - if (pthread_rwlock_unlock((pthread_rwlock_t *) lock) != 0) { + if (pthread_rwlock_unlock(lock) != 0) { abort(); } } void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { - pthread_rwlock_destroy((pthread_rwlock_t *) lock); -} - -void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) { - if (pthread_rwlock_rdlock(&lock->lock) != 0) { - abort(); - } -} - -void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) { - if (pthread_rwlock_wrlock(&lock->lock) != 0) { - abort(); - } -} - -void CRYPTO_STATIC_MUTEX_unlock_read(struct CRYPTO_STATIC_MUTEX *lock) { - if (pthread_rwlock_unlock(&lock->lock) != 0) { - abort(); - } -} - -void CRYPTO_STATIC_MUTEX_unlock_write(struct CRYPTO_STATIC_MUTEX *lock) { - if (pthread_rwlock_unlock(&lock->lock) != 0) { - abort(); - } + pthread_rwlock_destroy(lock); } void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { diff --git a/crypto/thread_test.cc b/crypto/thread_test.cc index aa17e35691..161c063d98 100644 --- a/crypto/thread_test.cc +++ b/crypto/thread_test.cc @@ -57,8 +57,8 @@ TEST(ThreadTest, Once) { static CRYPTO_once_t once_init_value = CRYPTO_ONCE_INIT; static CRYPTO_once_t once_bss; -static struct CRYPTO_STATIC_MUTEX mutex_init_value = CRYPTO_STATIC_MUTEX_INIT; -static struct CRYPTO_STATIC_MUTEX mutex_bss; +static CRYPTO_MUTEX mutex_init_value = CRYPTO_MUTEX_INIT; +static CRYPTO_MUTEX mutex_bss; static CRYPTO_EX_DATA_CLASS ex_data_class_value = CRYPTO_EX_DATA_CLASS_INIT; static CRYPTO_EX_DATA_CLASS ex_data_class_bss; @@ -66,8 +66,8 @@ static CRYPTO_EX_DATA_CLASS ex_data_class_bss; TEST(ThreadTest, InitZeros) { if (FIPS_mode()) { // Our FIPS tooling currently requires that |CRYPTO_ONCE_INIT|, - // |CRYPTO_STATIC_MUTEX_INIT| and |CRYPTO_EX_DATA_CLASS| are all zeros and - // so can be placed in the BSS section. + // |CRYPTO_MUTEX_INIT| and |CRYPTO_EX_DATA_CLASS| are all zeros and so can + // be placed in the BSS section. EXPECT_EQ(Bytes((uint8_t *)&once_bss, sizeof(once_bss)), Bytes((uint8_t *)&once_init_value, sizeof(once_init_value))); EXPECT_EQ(Bytes((uint8_t *)&mutex_bss, sizeof(mutex_bss)), diff --git a/crypto/thread_win.c b/crypto/thread_win.c index 57e4f9be60..6daa8144dc 100644 --- a/crypto/thread_win.c +++ b/crypto/thread_win.c @@ -26,11 +26,6 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include #include -static_assert(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK), - "CRYPTO_MUTEX is too small"); -static_assert(alignof(CRYPTO_MUTEX) >= alignof(SRWLOCK), - "CRYPTO_MUTEX has insufficient alignment"); - static BOOL CALLBACK call_once_init(INIT_ONCE *once, void *arg, void **out) { void (**init)(void) = (void (**)(void))arg; (**init)(); @@ -44,45 +39,29 @@ void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { } void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { - InitializeSRWLock((SRWLOCK *) lock); + InitializeSRWLock(lock); } void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { - AcquireSRWLockShared((SRWLOCK *) lock); + AcquireSRWLockShared(lock); } void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { - AcquireSRWLockExclusive((SRWLOCK *) lock); + AcquireSRWLockExclusive(lock); } void CRYPTO_MUTEX_unlock_read(CRYPTO_MUTEX *lock) { - ReleaseSRWLockShared((SRWLOCK *) lock); + ReleaseSRWLockShared(lock); } void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) { - ReleaseSRWLockExclusive((SRWLOCK *) lock); + ReleaseSRWLockExclusive(lock); } void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { // SRWLOCKs require no cleanup. } -void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) { - AcquireSRWLockShared(&lock->lock); -} - -void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) { - AcquireSRWLockExclusive(&lock->lock); -} - -void CRYPTO_STATIC_MUTEX_unlock_read(struct CRYPTO_STATIC_MUTEX *lock) { - ReleaseSRWLockShared(&lock->lock); -} - -void CRYPTO_STATIC_MUTEX_unlock_write(struct CRYPTO_STATIC_MUTEX *lock) { - ReleaseSRWLockExclusive(&lock->lock); -} - static SRWLOCK g_destructors_lock = SRWLOCK_INIT; static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS]; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index a9236fe3c8..ff9a9bdd02 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -238,7 +238,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { // g_ent_hashes_lock protects the |hashes| member of all |BY_DIR_ENTRY| // objects. -static struct CRYPTO_STATIC_MUTEX g_ent_hashes_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX g_ent_hashes_lock = CRYPTO_MUTEX_INIT; static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret) { @@ -304,7 +304,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } if (type == X509_LU_CRL && ent->hashes) { htmp.hash = h; - CRYPTO_STATIC_MUTEX_lock_read(&g_ent_hashes_lock); + CRYPTO_MUTEX_lock_read(&g_ent_hashes_lock); if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp)) { hent = sk_BY_DIR_HASH_value(ent->hashes, idx); k = hent->suffix; @@ -312,7 +312,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = NULL; k = 0; } - CRYPTO_STATIC_MUTEX_unlock_read(&g_ent_hashes_lock); + CRYPTO_MUTEX_unlock_read(&g_ent_hashes_lock); } else { k = 0; hent = NULL; @@ -357,7 +357,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, // If a CRL, update the last file suffix added for this if (type == X509_LU_CRL) { - CRYPTO_STATIC_MUTEX_lock_write(&g_ent_hashes_lock); + CRYPTO_MUTEX_lock_write(&g_ent_hashes_lock); // Look for entry again in case another thread added an entry // first. if (!hent) { @@ -370,14 +370,14 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (!hent) { hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); if (hent == NULL) { - CRYPTO_STATIC_MUTEX_unlock_write(&g_ent_hashes_lock); + CRYPTO_MUTEX_unlock_write(&g_ent_hashes_lock); ok = 0; goto finish; } hent->hash = h; hent->suffix = k; if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { - CRYPTO_STATIC_MUTEX_unlock_write(&g_ent_hashes_lock); + CRYPTO_MUTEX_unlock_write(&g_ent_hashes_lock); OPENSSL_free(hent); ok = 0; goto finish; @@ -387,7 +387,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent->suffix = k; } - CRYPTO_STATIC_MUTEX_unlock_write(&g_ent_hashes_lock); + CRYPTO_MUTEX_unlock_write(&g_ent_hashes_lock); } if (tmp != NULL) { diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h index 1937aa19c9..47b285aed5 100644 --- a/crypto/x509/internal.h +++ b/crypto/x509/internal.h @@ -64,6 +64,7 @@ #include #include "../asn1/internal.h" +#include "../internal.h" #if defined(__cplusplus) extern "C" { diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 4a645bad05..e140748cef 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -430,7 +430,7 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, return 0; } -static struct CRYPTO_STATIC_MUTEX g_crl_sort_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX g_crl_sort_lock = CRYPTO_MUTEX_INIT; static int crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) { @@ -443,16 +443,16 @@ static int crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, // Sort revoked into serial number order if not already sorted. Do this // under a lock to avoid race condition. - CRYPTO_STATIC_MUTEX_lock_read(&g_crl_sort_lock); + CRYPTO_MUTEX_lock_read(&g_crl_sort_lock); const int is_sorted = sk_X509_REVOKED_is_sorted(crl->crl->revoked); - CRYPTO_STATIC_MUTEX_unlock_read(&g_crl_sort_lock); + CRYPTO_MUTEX_unlock_read(&g_crl_sort_lock); if (!is_sorted) { - CRYPTO_STATIC_MUTEX_lock_write(&g_crl_sort_lock); + CRYPTO_MUTEX_lock_write(&g_crl_sort_lock); if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { sk_X509_REVOKED_sort(crl->crl->revoked); } - CRYPTO_STATIC_MUTEX_unlock_write(&g_crl_sort_lock); + CRYPTO_MUTEX_unlock_write(&g_crl_sort_lock); } if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp)) { diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 6a6a9750cf..cd0cfefa03 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -128,7 +128,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { // |X509_PUBKEY| objects. Really |X509_PUBKEY| should have a |CRYPTO_once_t| // inside it for this, but |CRYPTO_once_t| is private and |X509_PUBKEY| is // not. -static struct CRYPTO_STATIC_MUTEX g_pubkey_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_MUTEX g_pubkey_lock = CRYPTO_MUTEX_INIT; EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = NULL; @@ -138,13 +138,13 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { goto error; } - CRYPTO_STATIC_MUTEX_lock_read(&g_pubkey_lock); + CRYPTO_MUTEX_lock_read(&g_pubkey_lock); if (key->pkey != NULL) { - CRYPTO_STATIC_MUTEX_unlock_read(&g_pubkey_lock); + CRYPTO_MUTEX_unlock_read(&g_pubkey_lock); EVP_PKEY_up_ref(key->pkey); return key->pkey; } - CRYPTO_STATIC_MUTEX_unlock_read(&g_pubkey_lock); + CRYPTO_MUTEX_unlock_read(&g_pubkey_lock); // Re-encode the |X509_PUBKEY| to DER and parse it. int spki_len = i2d_X509_PUBKEY(key, &spki); @@ -160,14 +160,14 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { } // Check to see if another thread set key->pkey first - CRYPTO_STATIC_MUTEX_lock_write(&g_pubkey_lock); + CRYPTO_MUTEX_lock_write(&g_pubkey_lock); if (key->pkey) { - CRYPTO_STATIC_MUTEX_unlock_write(&g_pubkey_lock); + CRYPTO_MUTEX_unlock_write(&g_pubkey_lock); EVP_PKEY_free(ret); ret = key->pkey; } else { key->pkey = ret; - CRYPTO_STATIC_MUTEX_unlock_write(&g_pubkey_lock); + CRYPTO_MUTEX_unlock_write(&g_pubkey_lock); } OPENSSL_free(spki); diff --git a/include/openssl/thread.h b/include/openssl/thread.h index 695182b8b2..366ad618c5 100644 --- a/include/openssl/thread.h +++ b/include/openssl/thread.h @@ -66,34 +66,6 @@ extern "C" { #endif -#if !defined(OPENSSL_THREADS) -typedef struct crypto_mutex_st { - char padding; // Empty structs have different sizes in C and C++. -} CRYPTO_MUTEX; -#elif defined(OPENSSL_WINDOWS) -// CRYPTO_MUTEX can appear in public header files so we really don't want to -// pull in windows.h. It's statically asserted that this structure is large -// enough to contain a Windows SRWLOCK by thread_win.c. -typedef union crypto_mutex_st { - void *handle; -} CRYPTO_MUTEX; -#elif !defined(__GLIBC__) -#if defined(OPENSSL_OPENBSD) -// OpenBSD does not guarantee pthread_rwlock_t in sys/types.h yet. -#include -#endif -typedef pthread_rwlock_t CRYPTO_MUTEX; -#else -// On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't -// ensure that we'll be able to get it from a public header. It's statically -// asserted that this structure is large enough to contain a |pthread_rwlock_t| -// by thread_pthread.c. -typedef union crypto_mutex_st { - double alignment; - uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8]; -} CRYPTO_MUTEX; -#endif - // CRYPTO_refcount_t is the type of a reference count. // // Since some platforms use C11 atomics to access this, it should have the From 5159ae6ff56fcfb1dbd7b1ebec11b6eff1296b5e Mon Sep 17 00:00:00 2001 From: Maurice Lam Date: Thu, 1 Jun 2023 02:06:33 +0000 Subject: [PATCH 22/42] Add memcmp binding to bssl-crypto Bug: 285222580 Change-Id: I14715c50c3b5b0425443c191f4bf2e3ef7d665ae Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60266 Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- rust/bssl-crypto/src/lib.rs | 3 ++ rust/bssl-crypto/src/mem.rs | 62 +++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 rust/bssl-crypto/src/mem.rs diff --git a/rust/bssl-crypto/src/lib.rs b/rust/bssl-crypto/src/lib.rs index ce9500bf95..f4d1291c56 100644 --- a/rust/bssl-crypto/src/lib.rs +++ b/rust/bssl-crypto/src/lib.rs @@ -44,6 +44,9 @@ pub mod hmac; /// Random number generation. pub mod rand; +/// BoringSSL implemented memory-manipulation operations. +pub mod mem; + #[cfg(test)] mod test_helpers; diff --git a/rust/bssl-crypto/src/mem.rs b/rust/bssl-crypto/src/mem.rs new file mode 100644 index 0000000000..a9031c4e15 --- /dev/null +++ b/rust/bssl-crypto/src/mem.rs @@ -0,0 +1,62 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/// Returns true iff `a` and `b` contain the same bytes. It takes an amount of time dependent on the +/// lengths, but independent of the contents of the slices `a` and `b`. The return type is a `bool`, +/// since unlike `memcmp` in C this function cannot be used to put elements into a defined order. +pub fn crypto_memcmp(a: &[u8], b: &[u8]) -> bool { + if a.len() != b.len() { + return false; + } + if a.is_empty() && b.is_empty() { + // Avoid FFI issues with empty slices that may potentially cause UB + return true; + } + // Safety: + // - The lengths of a and b are checked above. + let result = + unsafe { bssl_sys::CRYPTO_memcmp(a.as_ptr() as *const _, b.as_ptr() as *const _, a.len()) }; + result == 0 +} + +#[cfg(test)] +mod test { + use super::*; + + #[test] + fn test_different_length() { + assert!(!crypto_memcmp(&[0, 1, 2], &[0])) + } + + #[test] + fn test_same_length_different_content() { + assert!(!crypto_memcmp(&[0, 1, 2], &[1, 2, 3])) + } + + #[test] + fn test_same_content() { + assert!(crypto_memcmp(&[0, 1, 2], &[0, 1, 2])) + } + + #[test] + fn test_empty_slices() { + assert!(crypto_memcmp(&[], &[])) + } + + #[test] + fn test_empty_slices_different() { + assert!(!crypto_memcmp(&[], &[0, 1, 2])) + } +} From 754bcf6dcb94c03cb8832be8a40b6ec9e4611e85 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 9 Jun 2023 13:14:51 -0400 Subject: [PATCH 23/42] Don't expose EVP_PKEY internal representation through EVP_PKEY_assign While EVP_PKEY_RSA, EVP_PKEY_DSA, and EVP_PKEY_EC have publicly-exposed internaly representations, other EVP_PKEY types to not. EVP_PKEY_assign should not allow callers to manipulate those representations. As part of this, teach EVP_PKEY_assign_RSA, etc. to find their method tables directly, rather than indirecting through an integer. This makes those EVP APIs static-linker-friendly. Bug: 618, 497 Change-Id: Ic45a7514e9a3adc505759f2327129f13faf03a65 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60645 Auto-Submit: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- crypto/evp/evp.c | 47 ++++++++++++++++++++++++++++++++----------- include/openssl/evp.h | 14 ++++++++----- 2 files changed, 44 insertions(+), 17 deletions(-) diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c index 8383d2e0a9..37b3631db1 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.c @@ -229,6 +229,13 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) { } } +static void evp_pkey_set_method(EVP_PKEY *pkey, + const EVP_PKEY_ASN1_METHOD *method) { + free_it(pkey); + pkey->ameth = method; + pkey->type = pkey->ameth->pkey_id; +} + int EVP_PKEY_type(int nid) { const EVP_PKEY_ASN1_METHOD *meth = evp_pkey_asn1_find(nid); if (meth == NULL) { @@ -246,7 +253,9 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { } int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) { - return EVP_PKEY_assign(pkey, EVP_PKEY_RSA, key); + evp_pkey_set_method(pkey, &rsa_asn1_meth); + pkey->pkey = key; + return key != NULL; } RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) { @@ -274,7 +283,9 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) { } int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) { - return EVP_PKEY_assign(pkey, EVP_PKEY_DSA, key); + evp_pkey_set_method(pkey, &dsa_asn1_meth); + pkey->pkey = key; + return key != NULL; } DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) { @@ -302,7 +313,9 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) { } int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) { - return EVP_PKEY_assign(pkey, EVP_PKEY_EC, key); + evp_pkey_set_method(pkey, &ec_asn1_meth); + pkey->pkey = key; + return key != NULL; } EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) { @@ -325,21 +338,32 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { return NULL; } DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { return NULL; } int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - if (!EVP_PKEY_set_type(pkey, type)) { - return 0; + // This function can only be used to assign RSA, DSA, and EC keys. Other key + // types have internal representations which are not exposed through the + // public API. + switch (type) { + case EVP_PKEY_RSA: + return EVP_PKEY_assign_RSA(pkey, key); + case EVP_PKEY_DSA: + return EVP_PKEY_assign_DSA(pkey, key); + case EVP_PKEY_EC: + return EVP_PKEY_assign_EC_KEY(pkey, key); } - pkey->pkey = key; - return key != NULL; + + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); + ERR_add_error_dataf("algorithm %d", type); + return 0; } int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { - const EVP_PKEY_ASN1_METHOD *ameth; - if (pkey && pkey->pkey) { + // This isn't strictly necessary, but historically |EVP_PKEY_set_type| would + // clear |pkey| even if |evp_pkey_asn1_find| failed, so we preserve that + // behavior. free_it(pkey); } - ameth = evp_pkey_asn1_find(type); + const EVP_PKEY_ASN1_METHOD *ameth = evp_pkey_asn1_find(type); if (ameth == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); ERR_add_error_dataf("algorithm %d", type); @@ -347,8 +371,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { } if (pkey) { - pkey->ameth = ameth; - pkey->type = pkey->ameth->pkey_id; + evp_pkey_set_method(pkey, ameth); } return 1; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f69cf752e4..1cdaca273b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -180,11 +180,6 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); #define EVP_PKEY_X25519 NID_X25519 #define EVP_PKEY_HKDF NID_hkdf -// EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of -// the given type. It returns one if successful or zero if the |type| argument -// is not one of the |EVP_PKEY_*| values or if |key| is NULL. -OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); - // EVP_PKEY_set_type sets the type of |pkey| to |type|. It returns one if // successful or zero if the |type| argument is not one of the |EVP_PKEY_*| // values. If |pkey| is NULL, it simply reports whether the type is known. @@ -1032,6 +1027,15 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +// EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of +// the given type. If successful, it returns one. If the |type| argument +// is not one of |EVP_PKEY_RSA|, |EVP_PKEY_DSA|, or |EVP_PKEY_EC| values or if +// |key| is NULL, it returns zero. This function may not be used with other +// |EVP_PKEY_*| types. +// +// Use the |EVP_PKEY_assign_*| functions instead. +OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); + // Preprocessor compatibility section (hidden). // From ae88f198a49d77993e9c44b017d0e69c810dc668 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 10 Jun 2023 14:41:49 -0400 Subject: [PATCH 24/42] Fix fiat asm .private_extern declaration on Apple platforms Chromium actually has a checker for unexpected exported symbols, which caught this. Change-Id: If1af4c26a3326eea185725f9e84c17f5d9f0f58e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60665 Reviewed-by: Adam Langley Commit-Queue: Adam Langley Auto-Submit: David Benjamin --- third_party/fiat/asm/fiat_curve25519_adx_mul.S | 2 +- third_party/fiat/asm/fiat_curve25519_adx_square.S | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/third_party/fiat/asm/fiat_curve25519_adx_mul.S b/third_party/fiat/asm/fiat_curve25519_adx_mul.S index f91e67d2fb..28b1745602 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_mul.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_mul.S @@ -8,7 +8,7 @@ .intel_syntax noprefix .text #if defined(__APPLE__) -.private_extern fiat_curve25519_adx_mul +.private_extern _fiat_curve25519_adx_mul .global _fiat_curve25519_adx_mul _fiat_curve25519_adx_mul: #else diff --git a/third_party/fiat/asm/fiat_curve25519_adx_square.S b/third_party/fiat/asm/fiat_curve25519_adx_square.S index 027dcf1bd0..88818217bb 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_square.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_square.S @@ -8,7 +8,7 @@ .intel_syntax noprefix .text #if defined(__APPLE__) -.private_extern fiat_curve25519_adx_square +.private_extern _fiat_curve25519_adx_square .global _fiat_curve25519_adx_square _fiat_curve25519_adx_square: #else From acfb1062f4c3f08cdfeb7fef496121d4f5edfc3f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 13 Jun 2023 00:11:46 -0400 Subject: [PATCH 25/42] Fix tests on Arm when NEON is unavailable I forgot a CPU capability check in X25519Test.NeonABI. Change-Id: Ie2fa4a7b04a7eb152aa3b720687ec529e5dd5b0f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60745 Reviewed-by: Adam Langley Auto-Submit: David Benjamin Commit-Queue: Adam Langley --- crypto/curve25519/x25519_test.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/curve25519/x25519_test.cc b/crypto/curve25519/x25519_test.cc index 8c08ee22c9..c1b9e40ab2 100644 --- a/crypto/curve25519/x25519_test.cc +++ b/crypto/curve25519/x25519_test.cc @@ -218,6 +218,10 @@ TEST(X25519Test, Wycheproof) { #if defined(BORINGSSL_X25519_NEON) && defined(SUPPORTS_ABI_TEST) TEST(X25519Test, NeonABI) { + if (!CRYPTO_is_NEON_capable()) { + GTEST_SKIP() << "Can't test ABI of NEON code without NEON"; + } + static const uint8_t kScalar[32] = { 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, From 98e1227cb7bfe4b845c7fc5136e83f8d368065b2 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 10 Jun 2023 00:29:28 -0400 Subject: [PATCH 26/42] Make bn_mod_lshift_consttime faster bn_mod_lshift_consttime currently calls bn_mod_lshift1_consttime in a loop, but between needing a temporary value and having to guard against some complications in our fixed-width BIGNUM convention, it's actually picking up a lot of overhead. This function is currently called to setup Montgomery contexts with secret moduli (RSA primes). The setup operation is not performance-sensitive in our benchmarks, because it is amortized away in RSA private key signing. However, as part of reducing thread contention with the RSA object, I'm planning to make RSA creation, which we do benchmark, eagerly fill in the Montgomery context. We do benchmark RSA parsing, so adding a slow Montgomery setup would show up in benchmarks. This distinction is mostly artificial. Work done on creation and work done on first use is still work done once per RSA key. However, work done on key creation may slow server startup, while work deferred to first use is amortized but less predictable. Either way, from this CL, and especially the one to follow it, we have plenty of low-hanging fruit in this function. As a bonus, this should help single-use RSA private keys, but that's not something we currently benchmark. Modulus sizes below chosen based on: - Common curve sizes (moot because we use a variable-time setup anyway) - Common RSA modulus sizes (also variable-time setup) - Half of common RSA modulus sizes (the secret primes involved) Of these, only the third category matters. The others can use the division-based path where it's faster anyway. However, by the end of this patch series, they'll get a bit closer, so I benchmarked them all to compare. (Though division still wins in the end.) Benchmarks on an M1 Max: Before: Did 528000 256-bit mont (constime) operations in 2000993us (263869.0 ops/sec) Did 312000 384-bit mont (constime) operations in 2001281us (155900.1 ops/sec) Did 246000 512-bit mont (constime) operations in 2001521us (122906.5 ops/sec) Did 191000 521-bit mont (constime) operations in 2006336us (95198.4 ops/sec) Did 98000 1024-bit mont (constime) operations in 2001438us (48964.8 ops/sec) Did 55000 1536-bit mont (constime) operations in 2025306us (27156.4 ops/sec) Did 35000 2048-bit mont (constime) operations in 2022714us (17303.5 ops/sec) Did 17640 3072-bit mont (constime) operations in 2028352us (8696.7 ops/sec) Did 10290 4096-bit mont (constime) operations in 2065529us (4981.8 ops/sec) After: Did 712000 256-bit mont (constime) operations in 2000454us (355919.2 ops/sec) [+34.9%] Did 440000 384-bit mont (constime) operations in 2001121us (219876.8 ops/sec) [+41.0%] Did 259000 512-bit mont (constime) operations in 2003709us (129260.3 ops/sec) [+5.2%] Did 212000 521-bit mont (constime) operations in 2007033us (105628.6 ops/sec) [+11.0%] Did 107000 1024-bit mont (constime) operations in 2018551us (53008.3 ops/sec) [+8.3%] Did 57000 1536-bit mont (constime) operations in 2001027us (28485.4 ops/sec) [+4.9%] Did 37000 2048-bit mont (constime) operations in 2039631us (18140.5 ops/sec) [+4.8%] Did 20000 3072-bit mont (constime) operations in 2041163us (9798.3 ops/sec) [+12.7%] Did 11760 4096-bit mont (constime) operations in 2007195us (5858.9 ops/sec) [+17.6%] Bug: 316 Change-Id: I06f4a065fdecc1aec3160fe32a41e200538d1ee3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60685 Auto-Submit: David Benjamin Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- crypto/fipsmodule/bn/div.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/crypto/fipsmodule/bn/div.c b/crypto/fipsmodule/bn/div.c index 6de5a4303a..6c13716920 100644 --- a/crypto/fipsmodule/bn/div.c +++ b/crypto/fipsmodule/bn/div.c @@ -711,15 +711,22 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) { - if (!BN_copy(r, a)) { + if (!BN_copy(r, a) || + !bn_resize_words(r, m->width)) { return 0; } - for (int i = 0; i < n; i++) { - if (!bn_mod_lshift1_consttime(r, r, m, ctx)) { - return 0; + + BN_CTX_start(ctx); + BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx); + int ok = tmp != NULL; + if (ok) { + for (int i = 0; i < n; i++) { + bn_mod_add_words(r->d, r->d, r->d, m->d, tmp->d, m->width); } + r->neg = 0; } - return 1; + BN_CTX_end(ctx); + return ok; } int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) { From 02d2715bcc95d0f03ae394310d32739f4fcfa1ac Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 6 Jan 2022 19:18:45 -0500 Subject: [PATCH 27/42] Implement BN_MONT_CTX_new_consttime with Montgomery reduction Setting up Montgomery reduction requires computing RR, a larger power of 2 mod N. When N is secret (RSA primes), we currently start at 2^(n_bits-1), then iteratively double and reduce. Instead, once we reach 2R = 2^(r_bits+1) or higher, we can switch to a Montgomery square-and-multiply. (Montgomery reduction only needs n0. RR is just for conversion.) This takes some tuning because, at low powers of 2 (in Montgomery form), it is still more efficient to square by doubling. I ran benchmarks for 32-bit and 64-bit, x86 and Arm, on the machines I had available and picked a threshold that works decently well. (On the hardware I tested, it's the right threshold on all but the Pixel 5A. The 5A would ideally want a slightly higher threshold---it seems to be worse at multiplying or better at addition, but the gap isn't that large, and this operation isn't perf-sensitive anyway.) The result is dramatically faster than the old shift-based approach. That said, see I06f4a065fdecc1aec3160fe32a41e200538d1ee3 for discussion on this operation. These speedups are not expected to translate to increased RSA throughput. They just clear up some initialization work. This speedup is not quite enough to match the division-based variable-time one (perf-sensitive for RSA verification), so we'll keep both codepaths around. M1 Max Before: Did 712000 256-bit mont (constime) operations in 2000454us (355919.2 ops/sec) Did 440000 384-bit mont (constime) operations in 2001121us (219876.8 ops/sec) Did 259000 512-bit mont (constime) operations in 2003709us (129260.3 ops/sec) Did 212000 521-bit mont (constime) operations in 2007033us (105628.6 ops/sec) Did 107000 1024-bit mont (constime) operations in 2018551us (53008.3 ops/sec) Did 57000 1536-bit mont (constime) operations in 2001027us (28485.4 ops/sec) Did 37000 2048-bit mont (constime) operations in 2039631us (18140.5 ops/sec) Did 20000 3072-bit mont (constime) operations in 2041163us (9798.3 ops/sec) Did 11760 4096-bit mont (constime) operations in 2007195us (5858.9 ops/sec) After: Did 3996000 256-bit mont (constime) operations in 2000366us (1997634.4 ops/sec) [+461.3%] Did 2687000 384-bit mont (constime) operations in 2000464us (1343188.4 ops/sec) [+510.9%] Did 2615000 512-bit mont (constime) operations in 2000146us (1307404.6 ops/sec) [+911.5%] Did 1029000 521-bit mont (constime) operations in 2000944us (514257.3 ops/sec) [+386.9%] Did 1246000 1024-bit mont (constime) operations in 2000899us (622720.1 ops/sec) [+1074.8%] Did 688000 1536-bit mont (constime) operations in 2000579us (343900.4 ops/sec) [+1107.3%] Did 425000 2048-bit mont (constime) operations in 2003622us (212115.9 ops/sec) [+1069.3%] Did 212000 3072-bit mont (constime) operations in 2004430us (105765.7 ops/sec) [+979.4%] Did 125000 4096-bit mont (constime) operations in 2009677us (62199.0 ops/sec) [+961.6%] Intel(R) Xeon(R) Gold 6154 CPU @ 3.00GHz Before: Did 781000 256-bit mont (constime) operations in 2000740us (390355.6 ops/sec) Did 414000 384-bit mont (constime) operations in 2000180us (206981.4 ops/sec) Did 258000 512-bit mont (constime) operations in 2001729us (128888.6 ops/sec) Did 194000 521-bit mont (constime) operations in 2008814us (96574.4 ops/sec) Did 79000 1024-bit mont (constime) operations in 2009309us (39317.0 ops/sec) Did 36000 1536-bit mont (constime) operations in 2003945us (17964.6 ops/sec) Did 21000 2048-bit mont (constime) operations in 2074987us (10120.5 ops/sec) Did 9040 3072-bit mont (constime) operations in 2003869us (4511.3 ops/sec) Did 5250 4096-bit mont (constime) operations in 2067796us (2538.9 ops/sec) After: Did 3496000 256-bit mont (constime) operations in 2000542us (1747526.4 ops/sec) [+347.7%] Did 2466000 384-bit mont (constime) operations in 2000327us (1232798.4 ops/sec) [+495.6%] Did 2392000 512-bit mont (constime) operations in 2000732us (1195562.4 ops/sec) [+827.6%] Did 908000 521-bit mont (constime) operations in 2001181us (453732.1 ops/sec) [+369.8%] Did 1054000 1024-bit mont (constime) operations in 2001429us (526623.7 ops/sec) [+1239.4%] Did 548000 1536-bit mont (constime) operations in 2002417us (273669.3 ops/sec) [+1423.4%] Did 339000 2048-bit mont (constime) operations in 2004127us (169151.0 ops/sec) [+1571.4%] Did 162000 3072-bit mont (constime) operations in 2008221us (80668.4 ops/sec) [+1688.2%] Did 94000 4096-bit mont (constime) operations in 2013848us (46676.8 ops/sec) [+1738.4%] Intel(R) Xeon(R) Gold 6154 CPU @ 3.00GHz, 32-bit mode Before: Did 335000 256-bit mont (constime) operations in 2000006us (167499.5 ops/sec) Did 170000 384-bit mont (constime) operations in 2010398us (84560.4 ops/sec) Did 102000 512-bit mont (constime) operations in 2013510us (50657.8 ops/sec) Did 88000 521-bit mont (constime) operations in 2022909us (43501.7 ops/sec) Did 27000 1024-bit mont (constime) operations in 2063490us (13084.6 ops/sec) Did 11760 1536-bit mont (constime) operations in 2000600us (5878.2 ops/sec) Did 6825 2048-bit mont (constime) operations in 2069343us (3298.1 ops/sec) Did 2982 3072-bit mont (constime) operations in 2090651us (1426.3 ops/sec) Did 1680 4096-bit mont (constime) operations in 2074824us (809.7 ops/sec) After: Did 1559000 256-bit mont (constime) operations in 2000884us (779155.6 ops/sec) [+365.2%] Did 940000 384-bit mont (constime) operations in 2001511us (469645.2 ops/sec) [+455.4%] Did 608000 512-bit mont (constime) operations in 2000380us (303942.3 ops/sec) [+500.0%] Did 439000 521-bit mont (constime) operations in 2004282us (219031.1 ops/sec) [+403.5%] Did 180000 1024-bit mont (constime) operations in 2005427us (89756.4 ops/sec) [+586.0%] Did 85000 1536-bit mont (constime) operations in 2017009us (42141.6 ops/sec) [+616.9%] Did 49000 2048-bit mont (constime) operations in 2035401us (24073.9 ops/sec) [+629.9%] Did 22000 3072-bit mont (constime) operations in 2047404us (10745.3 ops/sec) [+653.3%] Did 12642 4096-bit mont (constime) operations in 2094210us (6036.6 ops/sec) [+645.5%] Pixel 5A: Before: Did 483000 256-bit mont (constime) operations in 2001460us (241323.8 ops/sec) Did 279000 384-bit mont (constime) operations in 2004682us (139174.2 ops/sec) Did 198000 512-bit mont (constime) operations in 2003995us (98802.6 ops/sec) Did 141000 521-bit mont (constime) operations in 2006305us (70278.4 ops/sec) Did 62000 1024-bit mont (constime) operations in 2022138us (30660.6 ops/sec) Did 29000 1536-bit mont (constime) operations in 2007150us (14448.3 ops/sec) Did 17376 2048-bit mont (constime) operations in 2044894us (8497.3 ops/sec) Did 7686 3072-bit mont (constime) operations in 2011537us (3821.0 ops/sec) Did 4620 4096-bit mont (constime) operations in 2048780us (2255.0 ops/sec) After: Did 1187000 256-bit mont (constime) operations in 2000099us (593470.6 ops/sec) [+145.9%] Did 794000 384-bit mont (constime) operations in 2002162us (396571.3 ops/sec) [+184.9%] Did 658000 512-bit mont (constime) operations in 2002808us (328538.7 ops/sec) [+232.5%] Did 373000 521-bit mont (constime) operations in 2005135us (186022.4 ops/sec) [+164.7%] Did 231000 1024-bit mont (constime) operations in 2008117us (115033.1 ops/sec) [+275.2%] Did 112000 1536-bit mont (constime) operations in 2003151us (55911.9 ops/sec) [+287.0%] Did 66000 2048-bit mont (constime) operations in 2022295us (32636.2 ops/sec) [+284.1%] Did 30000 3072-bit mont (constime) operations in 2006199us (14953.7 ops/sec) [+291.4%] Did 17182 4096-bit mont (constime) operations in 2017938us (8514.6 ops/sec) [+277.6%] Pixel 5A, 32-bit mode: Before: Did 124000 256-bit mont (constime) operations in 2013082us (61597.1 ops/sec) Did 66000 384-bit mont (constime) operations in 2024604us (32599.0 ops/sec) Did 40000 512-bit mont (constime) operations in 2018560us (19816.1 ops/sec) Did 38000 521-bit mont (constime) operations in 2043776us (18593.0 ops/sec) Did 11466 1024-bit mont (constime) operations in 2010767us (5702.3 ops/sec) Did 5481 1536-bit mont (constime) operations in 2061892us (2658.2 ops/sec) Did 3171 2048-bit mont (constime) operations in 2075359us (1527.9 ops/sec) Did 1407 3072-bit mont (constime) operations in 2032032us (692.4 ops/sec) Did 819 4096-bit mont (constime) operations in 2070367us (395.6 ops/sec) After: Did 718000 256-bit mont (constime) operations in 2000496us (358911.0 ops/sec) [+482.7%] Did 424000 384-bit mont (constime) operations in 2000523us (211944.6 ops/sec) [+550.2%] Did 401000 512-bit mont (constime) operations in 2000933us (200406.5 ops/sec) [+911.3%] Did 205000 521-bit mont (constime) operations in 2004212us (102284.6 ops/sec) [+450.1%] Did 153000 1024-bit mont (constime) operations in 2004644us (76322.8 ops/sec) [+1238.5%] Did 78000 1536-bit mont (constime) operations in 2007510us (38854.1 ops/sec) [+1361.6%] Did 47000 2048-bit mont (constime) operations in 2018015us (23290.2 ops/sec) [+1424.3%] Did 22848 3072-bit mont (constime) operations in 2079082us (10989.5 ops/sec) [+1487.1%] Did 13156 4096-bit mont (constime) operations in 2067424us (6363.5 ops/sec) [+1508.6%] Bug: 316 Change-Id: I402df85170cae780442225eaa879884e707ffa86 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60686 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/fipsmodule/bn/internal.h | 11 ++--- crypto/fipsmodule/bn/montgomery.c | 15 ++---- crypto/fipsmodule/bn/montgomery_inv.c | 66 +++++++++++++++++++++------ 3 files changed, 60 insertions(+), 32 deletions(-) diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h index ca3e3e7905..7b939de5e7 100644 --- a/crypto/fipsmodule/bn/internal.h +++ b/crypto/fipsmodule/bn/internal.h @@ -431,12 +431,11 @@ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, uint64_t bn_mont_n0(const BIGNUM *n); -// bn_mod_exp_base_2_consttime calculates r = 2**p (mod n). |p| must be larger -// than log_2(n); i.e. 2**p must be larger than |n|. |n| must be positive and -// odd. |p| and the bit width of |n| are assumed public, but |n| is otherwise -// treated as secret. -int bn_mod_exp_base_2_consttime(BIGNUM *r, unsigned p, const BIGNUM *n, - BN_CTX *ctx); +// bn_mont_ctx_set_RR_consttime initializes |mont->RR|. It returns one on +// success and zero on error. |mont->N| and |mont->n0| must have been +// initialized already. The bit width of |mont->N| is assumed public, but +// |mont->N| is otherwise treated as secret. +int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx); #if defined(_MSC_VER) #if defined(OPENSSL_X86_64) diff --git a/crypto/fipsmodule/bn/montgomery.c b/crypto/fipsmodule/bn/montgomery.c index 92bfa5e327..a5df5ff4b0 100644 --- a/crypto/fipsmodule/bn/montgomery.c +++ b/crypto/fipsmodule/bn/montgomery.c @@ -248,19 +248,12 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *mont = BN_MONT_CTX_new(); if (mont == NULL || - !bn_mont_ctx_set_N_and_n0(mont, mod)) { - goto err; - } - unsigned lgBigR = mont->N.width * BN_BITS2; - if (!bn_mod_exp_base_2_consttime(&mont->RR, lgBigR * 2, &mont->N, ctx) || - !bn_resize_words(&mont->RR, mont->N.width)) { - goto err; + !bn_mont_ctx_set_N_and_n0(mont, mod) || + !bn_mont_ctx_set_RR_consttime(mont, ctx)) { + BN_MONT_CTX_free(mont); + return NULL; } return mont; - -err: - BN_MONT_CTX_free(mont); - return NULL; } int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, diff --git a/crypto/fipsmodule/bn/montgomery_inv.c b/crypto/fipsmodule/bn/montgomery_inv.c index 137af1dd65..f496fe9a7d 100644 --- a/crypto/fipsmodule/bn/montgomery_inv.c +++ b/crypto/fipsmodule/bn/montgomery_inv.c @@ -159,27 +159,63 @@ static uint64_t bn_neg_inv_mod_r_u64(uint64_t n) { return v; } -int bn_mod_exp_base_2_consttime(BIGNUM *r, unsigned p, const BIGNUM *n, - BN_CTX *ctx) { - assert(!BN_is_zero(n)); - assert(!BN_is_negative(n)); - assert(BN_is_odd(n)); +int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx) { + assert(!BN_is_zero(&mont->N)); + assert(!BN_is_negative(&mont->N)); + assert(BN_is_odd(&mont->N)); + assert(bn_minimal_width(&mont->N) == mont->N.width); - BN_zero(r); - - unsigned n_bits = BN_num_bits(n); + unsigned n_bits = BN_num_bits(&mont->N); assert(n_bits != 0); - assert(p > n_bits); if (n_bits == 1) { - return 1; + BN_zero(&mont->RR); + return bn_resize_words(&mont->RR, mont->N.width); } - // Set |r| to the larger power of two smaller than |n|, then shift with - // reductions the rest of the way. - if (!BN_set_bit(r, n_bits - 1) || - !bn_mod_lshift_consttime(r, r, p - (n_bits - 1), n, ctx)) { + unsigned lgBigR = mont->N.width * BN_BITS2; + assert(lgBigR >= n_bits); + + // RR is R, or 2^lgBigR, in the Montgomery domain. We can compute 2 in the + // Montgomery domain, 2R or 2^(lgBigR+1), and then use Montgomery + // square-and-multiply to exponentiate. + // + // The multiply steps take 2^n R to 2^(n+1) R. It is faster to double + // the value instead. The square steps take 2^n R to 2^(2n) R. This is + // equivalent to doubling n times. When n is below some threshold, doubling is + // faster. When above, squaring is faster. + // + // We double to this threshold, then switch to Montgomery squaring. From + // benchmarking various 32-bit and 64-bit architectures, the word count seems + // to work well as a threshold. (Doubling scales linearly and Montgomery + // reduction scales quadratically, so the threshold should scale roughly + // linearly.) + unsigned threshold = mont->N.width; + unsigned iters; + for (iters = 0; iters < sizeof(lgBigR) * 8; iters++) { + if ((lgBigR >> iters) <= threshold) { + break; + } + } + + // Compute 2^(lgBigR >> iters) R, or 2^((lgBigR >> iters) + lgBigR), by + // doubling. The first n_bits - 1 doubles can be skipped because we don't need + // to reduce. + if (!BN_set_bit(&mont->RR, n_bits - 1) || + !bn_mod_lshift_consttime(&mont->RR, &mont->RR, + (lgBigR >> iters) + lgBigR - (n_bits - 1), + &mont->N, ctx)) { return 0; } - return 1; + for (unsigned i = iters - 1; i < iters; i--) { + if (!BN_mod_mul_montgomery(&mont->RR, &mont->RR, &mont->RR, mont, ctx)) { + return 0; + } + if ((lgBigR & (1u << i)) != 0 && + !bn_mod_lshift1_consttime(&mont->RR, &mont->RR, &mont->N, ctx)) { + return 0; + } + } + + return bn_resize_words(&mont->RR, mont->N.width); } From 6a7d8b54725d6e762f758726464da2dc2e112435 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 11 Jun 2023 16:05:05 -0400 Subject: [PATCH 28/42] Remove p > q normalization in RSA keys RSA CRT is tiny bit messier when p < q. https://boringssl-review.googlesource.com/25263 solved this by normalizing to p > q. The cost was we sometimes had to compute a new iqmp. Modular inversion is expensive. We did it only once per key, but it's still a performance cliff in per-key costs. When later work moves freeze_private_key into RSA private key parsing, it will be a performance cliff in the private key parser. Instead, just handle p < q in the CRT function. The only difference is needing one extra reduction before the modular subtraction. Even using the fully general mod_montgomery function (as opposed to checking p < q, or using bn_reduce_once when num_bits(p) == num_bits(q)) was not measurable. In doing so, I noticed we didn't actually have tests that exercise the reduction step. I added one to evp_tests.txt, but it is only meaningful when blinding is disabled. (Another cost of blinding.) When blinding is enabled, the answers mod p and q are randomized and we hit this case with about 1.8% probability. See comment in evp_test.txt. I kept the optimization where we store iqmp in Montgomery form, not because the optimization matters, but because we need to store a corrected, fixed-width version of the value anyway, so we may as well store it in a more convenient form. M1 Max Before: Did 9048 RSA 2048 signing operations in 5033403us (1797.6 ops/sec) Did 1500 RSA 4096 signing operations in 5009288us (299.4 ops/sec) After: Did 9116 RSA 2048 signing operations in 5053802us (1803.8 ops/sec) [+0.3%] Did 1500 RSA 4096 signing operations in 5008283us (299.5 ops/sec) [+0.0%] Intel(R) Xeon(R) Gold 6154 CPU @ 3.00GHz Before: Did 9282 RSA 2048 signing operations in 5019395us (1849.2 ops/sec) Did 1302 RSA 4096 signing operations in 5055011us (257.6 ops/sec) After: Did 9240 RSA 2048 signing operations in 5024845us (1838.9 ops/sec) [-0.6%] Did 1302 RSA 4096 signing operations in 5046157us (258.0 ops/sec) [+0.2%] Bug: 316 Change-Id: Icb90c7d5f5188f9b69a6d7bcc63db13d92ec26d5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60705 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/evp/evp_test.cc | 6 ++- crypto/evp/evp_tests.txt | 10 ++++ crypto/fipsmodule/rsa/internal.h | 6 +-- crypto/fipsmodule/rsa/rsa_impl.c | 85 +++++++++++++------------------- crypto/rsa_extra/rsa_test.cc | 2 +- 5 files changed, 51 insertions(+), 58 deletions(-) diff --git a/crypto/evp/evp_test.cc b/crypto/evp/evp_test.cc index 9c4f14d745..fafd50bb53 100644 --- a/crypto/evp/evp_test.cc +++ b/crypto/evp/evp_test.cc @@ -125,7 +125,7 @@ static int GetKeyType(FileTest *t, const std::string &name) { return EVP_PKEY_NONE; } -static int GetRSAPadding(FileTest *t, int *out, const std::string &name) { +static bool GetRSAPadding(FileTest *t, int *out, const std::string &name) { if (name == "PKCS1") { *out = RSA_PKCS1_PADDING; return true; @@ -138,6 +138,10 @@ static int GetRSAPadding(FileTest *t, int *out, const std::string &name) { *out = RSA_PKCS1_OAEP_PADDING; return true; } + if (name == "None") { + *out = RSA_NO_PADDING; + return true; + } ADD_FAILURE() << "Unknown RSA padding mode: " << name; return false; } diff --git a/crypto/evp/evp_tests.txt b/crypto/evp/evp_tests.txt index 238a602eb1..cbce1b08ae 100644 --- a/crypto/evp/evp_tests.txt +++ b/crypto/evp/evp_tests.txt @@ -655,6 +655,16 @@ Digest = SHA256 Input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" Output = 07fa4e3de9c002c41c952dc292ef5a814c4c17dc1a6cf958c4c971e8089676d6661b442270ef9295c41e5385c9628aa1bdee2cc2558b8473ba212f2ba04b9ff2264c19187b9506b1d0a1cc2751844cc8dedf555d62ce81bc0e70bfe83d0184ee964593af91b9b327c0fb272c799148cd8737d412cbf36c2ad25fd66977bf805f +# The input is 1 (mod p) and q - 1 (mod q). If the CRT implementation does not +# account for p < q, the subtraction step will break. However, this test only +# works when RSA blinding is disabled. When blinding is enabled, these values +# are randomized and, instead, either this or the above test will hit this case +# if repeated enough. (It hits it with probability (q-p)^2 / 2pq, or 1.8% here.) +Encrypt = RSA-Swapped +RSAPadding = None +Input = 7ab490e1f5e718ff23a9e738f9867559e3a6ea72332e3bcc1b6f58585218ed815a865dab75e3f44ea550bdef815101d6039251a513fd99188c1916abb94b15ef72de793f6472a342b33a125cfc96a4fc89d140e337f5fe6ff937ed3f34b6b09f5227f598e12faddf4423254acbee748197bed26954502c7484c65e279fed7fed +CheckDecrypt + # Though we will never generate such a key, test that RSA keys where p and q are # different sizes work properly. PrivateKey = RSA-PrimeMismatch diff --git a/crypto/fipsmodule/rsa/internal.h b/crypto/fipsmodule/rsa/internal.h index c6bf60a441..5a993a2780 100644 --- a/crypto/fipsmodule/rsa/internal.h +++ b/crypto/fipsmodule/rsa/internal.h @@ -103,10 +103,8 @@ struct rsa_st { // the |freeze_private_key| implementation. BIGNUM *d_fixed, *dmp1_fixed, *dmq1_fixed; - // inv_small_mod_large_mont is q^-1 mod p in Montgomery form, using |mont_p|, - // if |p| >= |q|. Otherwise, it is p^-1 mod q in Montgomery form, using - // |mont_q|. - BIGNUM *inv_small_mod_large_mont; + // iqmp_mont is q^-1 mod p in Montgomery form, using |mont_p|. + BIGNUM *iqmp_mont; // num_blindings contains the size of the |blindings| and |blindings_inuse| // arrays. This member and the |blindings_inuse| array are protected by diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 120639703c..6cdc290903 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -243,37 +243,24 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { } // CRT components are only publicly bounded by their corresponding - // moduli's bit lengths. |rsa->iqmp| is unused outside of this one-time - // setup, so we do not compute a fixed-width version of it. + // moduli's bit lengths. if (!ensure_fixed_copy(&rsa->dmp1_fixed, rsa->dmp1, p_fixed->width) || !ensure_fixed_copy(&rsa->dmq1_fixed, rsa->dmq1, q_fixed->width)) { goto err; } - // Compute |inv_small_mod_large_mont|. Note that it is always modulo the - // larger prime, independent of what is stored in |rsa->iqmp|. - if (rsa->inv_small_mod_large_mont == NULL) { - BIGNUM *inv_small_mod_large_mont = BN_new(); - int ok; - if (BN_cmp(rsa->p, rsa->q) < 0) { - ok = inv_small_mod_large_mont != NULL && - bn_mod_inverse_secret_prime(inv_small_mod_large_mont, rsa->p, - rsa->q, ctx, rsa->mont_q) && - BN_to_montgomery(inv_small_mod_large_mont, - inv_small_mod_large_mont, rsa->mont_q, ctx); - } else { - ok = inv_small_mod_large_mont != NULL && - BN_to_montgomery(inv_small_mod_large_mont, rsa->iqmp, - rsa->mont_p, ctx); - } - if (!ok) { - BN_free(inv_small_mod_large_mont); + // Compute |iqmp_mont|, which is |iqmp| in Montgomery form and with the + // correct bit width. + if (rsa->iqmp_mont == NULL) { + BIGNUM *iqmp_mont = BN_new(); + if (iqmp_mont == NULL || + !BN_to_montgomery(iqmp_mont, rsa->iqmp, rsa->mont_p, ctx)) { + BN_free(iqmp_mont); goto err; } - rsa->inv_small_mod_large_mont = inv_small_mod_large_mont; - CONSTTIME_SECRET( - rsa->inv_small_mod_large_mont->d, - sizeof(BN_ULONG) * rsa->inv_small_mod_large_mont->width); + rsa->iqmp_mont = iqmp_mont; + CONSTTIME_SECRET(rsa->iqmp_mont->d, + sizeof(BN_ULONG) * rsa->iqmp_mont->width); } } } @@ -302,8 +289,8 @@ void rsa_invalidate_key(RSA *rsa) { rsa->dmp1_fixed = NULL; BN_free(rsa->dmq1_fixed); rsa->dmq1_fixed = NULL; - BN_free(rsa->inv_small_mod_large_mont); - rsa->inv_small_mod_large_mont = NULL; + BN_free(rsa->iqmp_mont); + rsa->iqmp_mont = NULL; for (size_t i = 0; i < rsa->num_blindings; i++) { BN_BLINDING_free(rsa->blindings[i]); @@ -798,42 +785,37 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { goto err; } - // Implementing RSA with CRT in constant-time is sensitive to which prime is - // larger. Canonicalize fields so that |p| is the larger prime. - const BIGNUM *dmp1 = rsa->dmp1_fixed, *dmq1 = rsa->dmq1_fixed; - const BN_MONT_CTX *mont_p = rsa->mont_p, *mont_q = rsa->mont_q; - if (BN_cmp(rsa->p, rsa->q) < 0) { - mont_p = rsa->mont_q; - mont_q = rsa->mont_p; - dmp1 = rsa->dmq1_fixed; - dmq1 = rsa->dmp1_fixed; - } - // Use the minimal-width versions of |n|, |p|, and |q|. Either works, but if // someone gives us non-minimal values, these will be slightly more efficient // on the non-Montgomery operations. const BIGNUM *n = &rsa->mont_n->N; - const BIGNUM *p = &mont_p->N; - const BIGNUM *q = &mont_q->N; + const BIGNUM *p = &rsa->mont_p->N; + const BIGNUM *q = &rsa->mont_q->N; // This is a pre-condition for |mod_montgomery|. It was already checked by the // caller. assert(BN_ucmp(I, n) < 0); if (// |m1| is the result modulo |q|. - !mod_montgomery(r1, I, q, mont_q, p, ctx) || - !BN_mod_exp_mont_consttime(m1, r1, dmq1, q, ctx, mont_q) || + !mod_montgomery(r1, I, q, rsa->mont_q, p, ctx) || + !BN_mod_exp_mont_consttime(m1, r1, rsa->dmq1_fixed, q, ctx, + rsa->mont_q) || // |r0| is the result modulo |p|. - !mod_montgomery(r1, I, p, mont_p, q, ctx) || - !BN_mod_exp_mont_consttime(r0, r1, dmp1, p, ctx, mont_p) || - // Compute r0 = r0 - m1 mod p. |p| is the larger prime, so |m1| is already - // fully reduced mod |p|. - !bn_mod_sub_consttime(r0, r0, m1, p, ctx) || + !mod_montgomery(r1, I, p, rsa->mont_p, q, ctx) || + !BN_mod_exp_mont_consttime(r0, r1, rsa->dmp1_fixed, p, ctx, + rsa->mont_p) || + // Compute r0 = r0 - m1 mod p. |m1| is reduced mod |q|, not |p|, so we + // just run |mod_montgomery| again for simplicity. This could be more + // efficient with more cases: if |p > q|, |m1| is already reduced. If + // |p < q| but they have the same bit width, |bn_reduce_once| suffices. + // However, compared to over 2048 Montgomery multiplications above, this + // difference is not measurable. + !mod_montgomery(r1, m1, p, rsa->mont_p, q, ctx) || + !bn_mod_sub_consttime(r0, r0, r1, p, ctx) || // r0 = r0 * iqmp mod p. We use Montgomery multiplication to compute this - // in constant time. |inv_small_mod_large_mont| is in Montgomery form and - // r0 is not, so the result is taken out of Montgomery form. - !BN_mod_mul_montgomery(r0, r0, rsa->inv_small_mod_large_mont, mont_p, - ctx) || + // in constant time. |iqmp_mont| is in Montgomery form and r0 is not, so + // the result is taken out of Montgomery form. + !BN_mod_mul_montgomery(r0, r0, rsa->iqmp_mont, rsa->mont_p, ctx) || // r0 = r0 * q + m1 gives the final result. Reducing modulo q gives m1, so // it is correct mod p. Reducing modulo p gives (r0-m1)*iqmp*q + m1 = r0, // so it is correct mod q. Finally, the result is bounded by [m1, n + m1), @@ -1308,8 +1290,7 @@ static int RSA_generate_key_ex_maybe_fips(RSA *rsa, int bits, replace_bignum(&rsa->d_fixed, &tmp->d_fixed); replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed); replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed); - replace_bignum(&rsa->inv_small_mod_large_mont, - &tmp->inv_small_mod_large_mont); + replace_bignum(&rsa->iqmp_mont, &tmp->iqmp_mont); rsa->private_key_frozen = tmp->private_key_frozen; ret = 1; diff --git a/crypto/rsa_extra/rsa_test.cc b/crypto/rsa_extra/rsa_test.cc index 87e0396d1f..e332cdf736 100644 --- a/crypto/rsa_extra/rsa_test.cc +++ b/crypto/rsa_extra/rsa_test.cc @@ -983,7 +983,7 @@ TEST(RSATest, KeygenFail) { EXPECT_FALSE(rsa->d_fixed); EXPECT_FALSE(rsa->dmp1_fixed); EXPECT_FALSE(rsa->dmq1_fixed); - EXPECT_FALSE(rsa->inv_small_mod_large_mont); + EXPECT_FALSE(rsa->iqmp_mont); EXPECT_FALSE(rsa->private_key_frozen); // Failed key generations leave the previous contents alone. From d28237e273b2a2d02358e7de422fb4f23adf3ee5 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 13 Jun 2023 17:02:17 -0400 Subject: [PATCH 29/42] Remove -D__ASSEMBLER__=1 when shelling out to the preprocessor The compiler already knows that .S means assembler and should define __ASSEMBLER__ for us. At least on the CQ, it seems this is not necessary, and some builds are showing a warning about redefining __ASSEMBLER__, which may be caused by this. Change-Id: I390bfcb50cefef42df72cd61ead55159b1838771 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60785 Reviewed-by: Bob Beck Auto-Submit: David Benjamin Commit-Queue: Bob Beck --- util/fipstools/delocate/delocate.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index c28be558c2..b801d6dfad 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go @@ -1637,9 +1637,6 @@ func main() { // preprocessor, but we don't want the compiler complaining that // "argument unused during compilation". cppCommand = append(cppCommand, "-Wno-unused-command-line-argument") - // We are preprocessing for assembly output and need to simulate that - // environment for arm_arch.h. - cppCommand = append(cppCommand, "-D__ASSEMBLER__=1") for includePath := range includePaths { cppCommand = append(cppCommand, "-I"+includePath) From e1b8685770d0e82e5a4a3c5d24ad1602e05f2e83 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 14 Jun 2023 14:09:29 -0400 Subject: [PATCH 30/42] Log failure to create SSL objects in handshakers This would have made debugging some cross-version test easier. Change-Id: I7b1bc160b5acf40ec02b9ed5ac2d836e3203cf9a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60805 Commit-Queue: Bob Beck Reviewed-by: Bob Beck Auto-Submit: David Benjamin --- ssl/test/handshaker.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ssl/test/handshaker.cc b/ssl/test/handshaker.cc index ac890633d9..72aaaa8002 100644 --- a/ssl/test/handshaker.cc +++ b/ssl/test/handshaker.cc @@ -61,6 +61,8 @@ bool Handshaker(const TestConfig *config, int rfd, int wfd, UniquePtr ssl = config->NewSSL(ctx.get(), /*session=*/nullptr, /*test_state=*/nullptr); if (!ssl) { + fprintf(stderr, "Error creating SSL object in handshaker.\n"); + ERR_print_errors_fp(stderr); return false; } @@ -155,6 +157,8 @@ bool GenerateHandshakeHint(const TestConfig *config, config->NewSSL(ctx.get(), /*session=*/nullptr, std::unique_ptr(new TestState)); if (!ssl) { + fprintf(stderr, "Error creating SSL object in handshaker.\n"); + ERR_print_errors_fp(stderr); return false; } From 8ead3f531445004f1122d11fa7083e8d1bcc5200 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 12 Feb 2023 16:49:45 -0500 Subject: [PATCH 31/42] Add more tests for recognizing explicit forms of built-in curves We really should remove these (we only support them in private keys) but, in the meantime, add some tests for all the curves, not just P-256. Change-Id: I9c4c0660f082fa1701afe11f51bb157b06befd3c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60925 Reviewed-by: Adam Langley Auto-Submit: David Benjamin Commit-Queue: Adam Langley --- crypto/evp/evp_tests.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/crypto/evp/evp_tests.txt b/crypto/evp/evp_tests.txt index cbce1b08ae..b9c8f9e0b8 100644 --- a/crypto/evp/evp_tests.txt +++ b/crypto/evp/evp_tests.txt @@ -131,6 +131,21 @@ PublicKey = P-256-SPKI Input = 305b301506072a8648ce3d020106082a8648ce3d0301070500034200042c150f429ce70f216c252cf5e062ce1f639cd5d165c7f89424072c27197d78b33b920e95cdb664e990dcf0cfea0d94e2a8e6af9d0e58056e653104925b9fe6c9 Error = DECODE_ERROR +PrivateKey = P-224-ExplicitParameters +Input = 308201540201003081eb06072a8648ce3d02013081df020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff0000000000000000000000013053041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4031500bd71344799d5c7fcdc45b59fa3b9ab8f6a948bc5043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d0201010461305f020101041caa17cf0a0c8064bf6b509c212e48293d61e0d97acc85f8dea5c99166a13c033a00041a95d8c8d08635ad7fa0facd3a9fe56f8f42451b58ea8a29f7d28b0fb214690b1149a69f016f644cdb3320b78a381027835d6091903f0513 +Type = EC +Output = 3078020100301006072a8648ce3d020106052b810400210461305f020101041caa17cf0a0c8064bf6b509c212e48293d61e0d97acc85f8dea5c99166a13c033a00041a95d8c8d08635ad7fa0facd3a9fe56f8f42451b58ea8a29f7d28b0fb214690b1149a69f016f644cdb3320b78a381027835d6091903f0513 + +PrivateKey = P-384-ExplicitParameters +Input = 3082020c0201003082016406072a8648ce3d020130820157020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff307b0430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef031500a335926aa319a27a1d00896a6773a4827acdac73046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5297302010104819e30819b0201010430a29991b86091401328e62ec8caadd0482f887ff0936910e42a56c19f48cbe87331037a4e2b36f1091dd4a26ee2d2b01fa16403620004826b3df548ad2e0b96436cb13508e88745a33b4b06cf485ad8350824b4dfe01ee66a5e1d1aaebfebcaa6337a1f33c338afc0d59b7ce7e389f73f66c9c4a44bbfcf570aec5cc52e7b6608c9061ab4d72de933448c39dd9238177917d398c22c5e +Type = EC +Output = 3081b6020100301006072a8648ce3d020106052b8104002204819e30819b0201010430a29991b86091401328e62ec8caadd0482f887ff0936910e42a56c19f48cbe87331037a4e2b36f1091dd4a26ee2d2b01fa16403620004826b3df548ad2e0b96436cb13508e88745a33b4b06cf485ad8350824b4dfe01ee66a5e1d1aaebfebcaa6337a1f33c338afc0d59b7ce7e389f73f66c9c4a44bbfcf570aec5cc52e7b6608c9061ab4d72de933448c39dd9238177917d398c22c5e + +PrivateKey = P-521-ExplicitParameters +Input = 308202b0020100308201d006072a8648ce3d0201308201c3020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30819f044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc04420051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00031500d09e8800291cb85396cc6717393284aaa0da64ba0481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913864090201010481d63081d30201010442002eeee9c16b9b4d2dee606f443cf3b41d2899a4734ff7555b54c735afb34a6912f81c68a89ea9b427c69a1026d98ef1d7f9c683aec5c5103d9a4c21e403c638412fa18189038186000400f58adcbe5c07f6b500fadd3209487e38f9567f97c2204435a4eb140739905c201407e2530a6667216aad01fb849bcbefa3862b2f187f13c9a87923d378a0a184df017b4bb93f4766531785878458da6aaa525724e10dfb1f35cfbe55c56fc705714295ea74b6c3e714152ad78e929f5415683aed9bc7c68f0329934177829d715f03f2 +Type = EC +Output = 3081ee020100301006072a8648ce3d020106052b810400230481d63081d30201010442002eeee9c16b9b4d2dee606f443cf3b41d2899a4734ff7555b54c735afb34a6912f81c68a89ea9b427c69a1026d98ef1d7f9c683aec5c5103d9a4c21e403c638412fa18189038186000400f58adcbe5c07f6b500fadd3209487e38f9567f97c2204435a4eb140739905c201407e2530a6667216aad01fb849bcbefa3862b2f187f13c9a87923d378a0a184df017b4bb93f4766531785878458da6aaa525724e10dfb1f35cfbe55c56fc705714295ea74b6c3e714152ad78e929f5415683aed9bc7c68f0329934177829d715f03f2 + # A DSA private key. PrivateKey = DSA-1024 Type = DSA From e33257fa6702d3a4c539c7666cb7678e05ab68ee Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 15 Jun 2023 13:12:42 -0400 Subject: [PATCH 32/42] Pass IPv6 vs IPv4 down to the shim The runner currently tries to listen on IPv6 and then falls back to IPv4 on error. The shim does the same. If they pick different ones, this breaks down. Normally, fallback happens because the system doesn't have IPv6, and both sides will make the same decision. But if binding to IPv6 fails for other reasons, they may mismatch. We're observing them fail due to what seems to port exhaustion. When this happens, shim and runner don't agree on the same address family. Instead, just tell the shim which address to connect to. This doesn't fix the underlying port exhaustion problem, but it does seem to fix the flakes. Although given we are still exhausting ports and falling back to IPv4, it doesn't truly fix it. Later CLs will address port exhaustion by using a single server port. This changes the runner <-> shim protocol, but hopefully in a fairly obvious way that others using BoGo can easily follow. It shouldn't break our cross-version tests because we keep runner and shim at the same versio there. To avoid needing to make an incompatible change to the shim <-> handshaker protocol, which would impact our cross-version tests, this introduces a mechanism for the shim omit flags when talking to the handshaker. The handshaker doesn't need to know how to connect to the runner. Also print the error string on Windows. Sadly this is a bit tedious. Change-Id: Ic8bda9a854a115c206c05a659a2e34f544b844a6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60885 Auto-Submit: David Benjamin Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- ssl/test/PORTING.md | 16 ++++--- ssl/test/bssl_shim.cc | 98 +++++++++++++++++++++----------------- ssl/test/handshake_util.cc | 6 +-- ssl/test/runner/runner.go | 19 +++++--- ssl/test/test_config.cc | 69 +++++++++++++++++++-------- ssl/test/test_config.h | 4 +- 6 files changed, 131 insertions(+), 81 deletions(-) diff --git a/ssl/test/PORTING.md b/ssl/test/PORTING.md index 86ad24d0d5..5819b49f70 100644 --- a/ssl/test/PORTING.md +++ b/ssl/test/PORTING.md @@ -20,15 +20,17 @@ The test runner integrates with the TLS stack under test through a “shim”: a command line program which encapsulates the stack. By default, the shim points to the BoringSSL shim in the same source tree, but any program can be supplied via the `-shim-path` flag. The -runner opens up a server socket and provides the shim with a `-port` -argument that points to that socket. The shim always connects to the -runner as a TCP client even when acting as a TLS server. For DTLS, -there is a small framing layer that gives packet boundaries over -TCP. The shim can also pass a variety of command line arguments which -are used to configure the stack under test. These can be found at +runner opens up a server socket and provides the shim with `-port` and +optional `-ipv6` arguments. + +The shim should connect to loopback as a TCP client on the specified +port, using IPv6 if `-ipv6` is specified and IPv4 otherwise. This is +true even when the shim is speaking DTLS or acting as a TLS server. +For DTLS, there is a small framing layer that gives packet boundaries +over TCP. The shim can also pass a variety of command line arguments +which are used to configure the stack under test. These can be found at `test_config.cc`. - The shim reports success by exiting with a `0` error code and failure by reporting a non-zero error code and generally sending a textual error value to stderr. Many of the tests expect specific error string (such diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index e2f79d3008..c14d7c0601 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -77,7 +77,20 @@ static void PrintSocketError(const char *func) { } #else static void PrintSocketError(const char *func) { - fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); + int error = WSAGetLastError(); + char *buffer; + DWORD len = FormatMessageA( + FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, 0, error, 0, + reinterpret_cast(&buffer), 0, nullptr); + std::string msg = "unknown error"; + if (len > 0) { + msg.assign(buffer, len); + while (!msg.empty() && (msg.back() == '\r' || msg.back() == '\n')) { + msg.resize(msg.size() - 1); + } + } + LocalFree(buffer); + fprintf(stderr, "%s: %s (%d)\n", func, msg.c_str(), error); } #endif @@ -93,56 +106,55 @@ struct Free { } }; -// Connect returns a new socket connected to localhost on |port| or -1 on -// error. -static int Connect(uint16_t port) { - for (int af : { AF_INET6, AF_INET }) { - int sock = socket(af, SOCK_STREAM, 0); - if (sock == -1) { - PrintSocketError("socket"); +// Connect returns a new socket connected to the runner, or -1 on error. +static int Connect(const TestConfig *config) { + sockaddr_storage addr; + socklen_t addr_len = 0; + if (config->ipv6) { + sockaddr_in6 sin6; + OPENSSL_memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(config->port); + if (!inet_pton(AF_INET6, "::1", &sin6.sin6_addr)) { + PrintSocketError("inet_pton"); return -1; } - int nodelay = 1; - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { - PrintSocketError("setsockopt"); - closesocket(sock); + addr_len = sizeof(sin6); + memcpy(&addr, &sin6, addr_len); + } else { + sockaddr_in sin; + OPENSSL_memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(config->port); + if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { + PrintSocketError("inet_pton"); return -1; } + addr_len = sizeof(sin); + memcpy(&addr, &sin, addr_len); + } - sockaddr_storage ss; - OPENSSL_memset(&ss, 0, sizeof(ss)); - ss.ss_family = af; - socklen_t len = 0; - - if (af == AF_INET6) { - sockaddr_in6 *sin6 = (sockaddr_in6 *) &ss; - len = sizeof(*sin6); - sin6->sin6_port = htons(port); - if (!inet_pton(AF_INET6, "::1", &sin6->sin6_addr)) { - PrintSocketError("inet_pton"); - closesocket(sock); - return -1; - } - } else if (af == AF_INET) { - sockaddr_in *sin = (sockaddr_in *) &ss; - len = sizeof(*sin); - sin->sin_port = htons(port); - if (!inet_pton(AF_INET, "127.0.0.1", &sin->sin_addr)) { - PrintSocketError("inet_pton"); - closesocket(sock); - return -1; - } - } + int sock = socket(addr.ss_family, SOCK_STREAM, 0); + if (sock == -1) { + PrintSocketError("socket"); + return -1; + } + int nodelay = 1; + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + reinterpret_cast(&nodelay), + sizeof(nodelay)) != 0) { + PrintSocketError("setsockopt"); + closesocket(sock); + return -1; + } - if (connect(sock, reinterpret_cast(&ss), len) == 0) { - return sock; - } + if (connect(sock, reinterpret_cast(&addr), addr_len) != 0) { + PrintSocketError("connect"); closesocket(sock); + return -1; } - PrintSocketError("connect"); - return -1; + return sock; } class SocketCloser { @@ -775,7 +787,7 @@ static bool DoConnection(bssl::UniquePtr *out_session, #endif } - int sock = Connect(config->port); + int sock = Connect(config); if (sock == -1) { return false; } diff --git a/ssl/test/handshake_util.cc b/ssl/test/handshake_util.cc index 6516547fa8..b6d8280d6c 100644 --- a/ssl/test/handshake_util.cc +++ b/ssl/test/handshake_util.cc @@ -398,9 +398,9 @@ static bool StartHandshaker(ScopedProcess *out, ScopedFD *out_control, if (is_resume) { args.push_back(kResumeFlag); } - // config->argv omits argv[0]. - for (int j = 0; j < config->argc; ++j) { - args.push_back(config->argv[j]); + // config->handshaker_args omits argv[0]. + for (const char *arg : config->handshaker_args) { + args.push_back(arg); } args.push_back(nullptr); diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index da0795bbb9..e7ee194193 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1260,25 +1260,32 @@ type shimProcess struct { func newShimProcess(shimPath string, flags []string, env []string) (*shimProcess, error) { shim := new(shimProcess) var err error + useIPv6 := true shim.listener, err = net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback}) if err != nil { + useIPv6 = false shim.listener, err = net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}}) } if err != nil { return nil, err } - flags = append([]string{"-port", strconv.Itoa(shim.listener.Addr().(*net.TCPAddr).Port)}, flags...) + cmdFlags := []string{"-port", strconv.Itoa(shim.listener.Addr().(*net.TCPAddr).Port)} + if useIPv6 { + cmdFlags = append(cmdFlags, "-ipv6") + } + cmdFlags = append(cmdFlags, flags...) + if *useValgrind { - shim.cmd = valgrindOf(false, shimPath, flags...) + shim.cmd = valgrindOf(false, shimPath, cmdFlags...) } else if *useGDB { - shim.cmd = gdbOf(shimPath, flags...) + shim.cmd = gdbOf(shimPath, cmdFlags...) } else if *useLLDB { - shim.cmd = lldbOf(shimPath, flags...) + shim.cmd = lldbOf(shimPath, cmdFlags...) } else if *useRR { - shim.cmd = rrOf(shimPath, flags...) + shim.cmd = rrOf(shimPath, cmdFlags...) } else { - shim.cmd = exec.Command(shimPath, flags...) + shim.cmd = exec.Command(shimPath, cmdFlags...) } shim.cmd.Stdin = os.Stdin shim.cmd.Stdout = &shim.stdout diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 485a560b28..980bef1352 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -46,12 +46,18 @@ namespace { struct Flag { const char *name; bool has_param; + // skip_handshaker, if true, causes this flag to be skipped when + // forwarding flags to the handshaker. This should be used with flags + // that only impact connecting to the runner. + bool skip_handshaker; // If |has_param| is false, |param| will be nullptr. std::function set_param; }; -Flag BoolFlag(const char *name, bool TestConfig::*field) { - return Flag{name, false, [=](TestConfig *config, const char *) -> bool { +Flag BoolFlag(const char *name, bool TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, false, skip_handshaker, + [=](TestConfig *config, const char *) -> bool { config->*field = true; return true; }}; @@ -91,15 +97,19 @@ bool StringToInt(T *out, const char *str) { } template -Flag IntFlag(const char *name, T TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { +Flag IntFlag(const char *name, T TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { return StringToInt(&(config->*field), param); }}; } template -Flag IntVectorFlag(const char *name, std::vector TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { +Flag IntVectorFlag(const char *name, std::vector TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { T value; if (!StringToInt(&value, param)) { return false; @@ -109,8 +119,10 @@ Flag IntVectorFlag(const char *name, std::vector TestConfig::*field) { }}; } -Flag StringFlag(const char *name, std::string TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { +Flag StringFlag(const char *name, std::string TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { config->*field = param; return true; }}; @@ -119,8 +131,10 @@ Flag StringFlag(const char *name, std::string TestConfig::*field) { // TODO(davidben): When we can depend on C++17 or Abseil, switch this to // std::optional or absl::optional. Flag OptionalStringFlag(const char *name, - std::unique_ptr TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { + std::unique_ptr TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { (config->*field).reset(new std::string(param)); return true; }}; @@ -143,15 +157,19 @@ bool DecodeBase64(std::string *out, const std::string &in) { return true; } -Flag Base64Flag(const char *name, std::string TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { +Flag Base64Flag(const char *name, std::string TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { return DecodeBase64(&(config->*field), param); }}; } Flag Base64VectorFlag(const char *name, - std::vector TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { + std::vector TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { std::string value; if (!DecodeBase64(&value, param)) { return false; @@ -163,8 +181,10 @@ Flag Base64VectorFlag(const char *name, Flag StringPairVectorFlag( const char *name, - std::vector> TestConfig::*field) { - return Flag{name, true, [=](TestConfig *config, const char *param) -> bool { + std::vector> TestConfig::*field, + bool skip_handshaker = false) { + return Flag{name, true, skip_handshaker, + [=](TestConfig *config, const char *param) -> bool { const char *comma = strchr(param, ','); if (!comma) { return false; @@ -178,7 +198,8 @@ Flag StringPairVectorFlag( std::vector SortedFlags() { std::vector flags = { - IntFlag("-port", &TestConfig::port), + IntFlag("-port", &TestConfig::port, /*skip_handshaker=*/true), + BoolFlag("-ipv6", &TestConfig::ipv6, /*skip_handshaker=*/true), BoolFlag("-server", &TestConfig::is_server), BoolFlag("-dtls", &TestConfig::is_dtls), BoolFlag("-quic", &TestConfig::is_quic), @@ -428,11 +449,10 @@ bool ParseConfig(int argc, char **argv, bool is_shim, TestConfig *out_initial, TestConfig *out_resume, TestConfig *out_retry) { - out_initial->argc = out_resume->argc = out_retry->argc = argc; - out_initial->argv = out_resume->argv = out_retry->argv = argv; for (int i = 0; i < argc; i++) { bool skip = false; - const char *name = argv[i]; + const char *arg = argv[i]; + const char *name = arg; // -on-shim and -on-handshaker prefixes enable flags only on the shim or // handshaker. @@ -473,6 +493,13 @@ bool ParseConfig(int argc, char **argv, bool is_shim, param = argv[i]; } + if (!flag->skip_handshaker) { + out_initial->handshaker_args.push_back(arg); + if (flag->has_param) { + out_initial->handshaker_args.push_back(param); + } + } + if (!skip) { if (out != nullptr) { if (!flag->set_param(out, param)) { @@ -491,6 +518,8 @@ bool ParseConfig(int argc, char **argv, bool is_shim, } } + out_resume->handshaker_args = out_initial->handshaker_args; + out_retry->handshaker_args = out_initial->handshaker_args; return true; } diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index e5c605799d..4e84800056 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -26,6 +26,7 @@ struct TestConfig { int port = 0; + bool ipv6 = false; bool is_server = false; bool is_dtls = false; bool is_quic = false; @@ -197,8 +198,7 @@ struct TestConfig { bool fips_202205 = false; bool wpa_202304 = false; - int argc; - char **argv; + std::vector handshaker_args; bssl::UniquePtr SetupCtx(SSL_CTX *old_ctx) const; From 73dcd474b5bd2dbf21b3cf84dac7c10826e175e7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 15 Jun 2023 15:03:42 -0400 Subject: [PATCH 33/42] Turn SocketCloser in bssl_shim into a proper owning type It's a bit more verbose to set up, but makes the error paths in Connect() tidier. While I'm here, stick to Windows' actual SOCKET type until we have to cross into BIO. It doesn't really matter (Windows cannot use the upper half of that type without badly breaking backwards compatibility), but it silences some 64/32 truncation warnings. Change-Id: I7be7c2b543373a7a9fc50711131e5345d84ebb8b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60886 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- ssl/test/bssl_shim.cc | 126 ++++++++++++++++++++++++++---------------- 1 file changed, 79 insertions(+), 47 deletions(-) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index c14d7c0601..6afbcc050d 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -68,14 +68,14 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) #if !defined(OPENSSL_WINDOWS) -static int closesocket(int sock) { - return close(sock); -} +using Socket = int; +#define INVALID_SOCKET (-1) -static void PrintSocketError(const char *func) { - perror(func); -} +static int closesocket(int sock) { return close(sock); } +static void PrintSocketError(const char *func) { perror(func); } #else +using Socket = SOCKET; + static void PrintSocketError(const char *func) { int error = WSAGetLastError(); char *buffer; @@ -94,6 +94,57 @@ static void PrintSocketError(const char *func) { } #endif +class OwnedSocket { + public: + OwnedSocket() = default; + explicit OwnedSocket(Socket sock) : sock_(sock) {} + OwnedSocket(OwnedSocket &&other) { *this = std::move(other); } + ~OwnedSocket() { reset(); } + OwnedSocket &operator=(OwnedSocket &&other) { + drain_on_close_ = other.drain_on_close_; + reset(other.release()); + return *this; + } + + bool is_valid() const { return sock_ != INVALID_SOCKET; } + void set_drain_on_close(bool drain) { drain_on_close_ = drain; } + + void reset(Socket sock = INVALID_SOCKET) { + if (is_valid()) { + if (drain_on_close_) { +#if defined(OPENSSL_WINDOWS) + shutdown(sock_, SD_SEND); +#else + shutdown(sock_, SHUT_WR); +#endif + while (true) { + char buf[1024]; + if (recv(sock_, buf, sizeof(buf), 0) <= 0) { + break; + } + } + closesocket(sock_); + } + } + + drain_on_close_ = false; + sock_ = sock; + } + + Socket get() const { return sock_; } + + Socket release() { + Socket sock = sock_; + sock_ = INVALID_SOCKET; + drain_on_close_ = false; + return sock; + } + + private: + Socket sock_ = INVALID_SOCKET; + bool drain_on_close_ = false; +}; + static int Usage(const char *program) { fprintf(stderr, "Usage: %s [flags...]\n", program); return 1; @@ -107,7 +158,7 @@ struct Free { }; // Connect returns a new socket connected to the runner, or -1 on error. -static int Connect(const TestConfig *config) { +static OwnedSocket Connect(const TestConfig *config) { sockaddr_storage addr; socklen_t addr_len = 0; if (config->ipv6) { @@ -117,7 +168,7 @@ static int Connect(const TestConfig *config) { sin6.sin6_port = htons(config->port); if (!inet_pton(AF_INET6, "::1", &sin6.sin6_addr)) { PrintSocketError("inet_pton"); - return -1; + return OwnedSocket(); } addr_len = sizeof(sin6); memcpy(&addr, &sin6, addr_len); @@ -128,60 +179,34 @@ static int Connect(const TestConfig *config) { sin.sin_port = htons(config->port); if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { PrintSocketError("inet_pton"); - return -1; + return OwnedSocket(); } addr_len = sizeof(sin); memcpy(&addr, &sin, addr_len); } - int sock = socket(addr.ss_family, SOCK_STREAM, 0); - if (sock == -1) { + OwnedSocket sock(socket(addr.ss_family, SOCK_STREAM, 0)); + if (!sock.is_valid()) { PrintSocketError("socket"); - return -1; + return OwnedSocket(); } int nodelay = 1; - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + if (setsockopt(sock.get(), IPPROTO_TCP, TCP_NODELAY, reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { PrintSocketError("setsockopt"); - closesocket(sock); - return -1; + return OwnedSocket(); } - if (connect(sock, reinterpret_cast(&addr), addr_len) != 0) { + if (connect(sock.get(), reinterpret_cast(&addr), + addr_len) != 0) { PrintSocketError("connect"); - closesocket(sock); - return -1; + return OwnedSocket(); } return sock; } -class SocketCloser { - public: - explicit SocketCloser(int sock) : sock_(sock) {} - ~SocketCloser() { - // Half-close and drain the socket before releasing it. This seems to be - // necessary for graceful shutdown on Windows. It will also avoid write - // failures in the test runner. -#if defined(OPENSSL_WINDOWS) - shutdown(sock_, SD_SEND); -#else - shutdown(sock_, SHUT_WR); -#endif - while (true) { - char buf[1024]; - if (recv(sock_, buf, sizeof(buf), 0) <= 0) { - break; - } - } - closesocket(sock_); - } - - private: - const int sock_; -}; - // DoRead reads from |ssl|, resolving any asynchronous operations. It returns // the result value of the final |SSL_read| call. static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { @@ -787,13 +812,20 @@ static bool DoConnection(bssl::UniquePtr *out_session, #endif } - int sock = Connect(config); - if (sock == -1) { + OwnedSocket sock = Connect(config); + if (!sock.is_valid()) { return false; } - SocketCloser closer(sock); - bssl::UniquePtr bio(BIO_new_socket(sock, BIO_NOCLOSE)); + // Half-close and drain the socket before releasing it. This seems to be + // necessary for graceful shutdown on Windows. It will also avoid write + // failures in the test runner. + sock.set_drain_on_close(true); + + // Windows uses |SOCKET| for socket types, but OpenSSL's API requires casting + // them to |int|. + bssl::UniquePtr bio( + BIO_new_socket(static_cast(sock.get()), BIO_NOCLOSE)); if (!bio) { return false; } From f4d1d79eeeda22c40be51551f04a2d631a6512dc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 15 Jun 2023 18:13:32 -0400 Subject: [PATCH 34/42] Simplify shimProcess accept and wait That we pull a value out of a channel and put it back is pretty weird. Also we don't need a select in accept(). It's enough to just close the listener when we learn the child is gone. (That will cancel the Accept call.) Change-Id: If520d9f405fa0b1ad6e3cd23e9ba8a35ff39ba75 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60887 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- ssl/test/runner/runner.go | 45 ++++++++++++++------------------------- 1 file changed, 16 insertions(+), 29 deletions(-) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index e7ee194193..954f2a2a3a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1248,8 +1248,11 @@ var ( ) type shimProcess struct { - cmd *exec.Cmd - waitChan chan error + cmd *exec.Cmd + // done is closed when the process has exited. At that point, childErr may be + // read for the result. + done chan struct{} + childErr error listener *net.TCPListener stdout, stderr bytes.Buffer } @@ -1297,37 +1300,22 @@ func newShimProcess(shimPath string, flags []string, env []string) (*shimProcess return nil, err } - shim.waitChan = make(chan error, 1) - go func() { shim.waitChan <- shim.cmd.Wait() }() + shim.done = make(chan struct{}) + go func() { + shim.childErr = shim.cmd.Wait() + shim.listener.Close() + close(shim.done) + }() return shim, nil } // accept returns a new TCP connection with the shim process, or returns an // error on timeout or shim exit. func (s *shimProcess) accept() (net.Conn, error) { - type connOrError struct { - conn net.Conn - err error - } - connChan := make(chan connOrError, 1) - go func() { - if !useDebugger() { - s.listener.SetDeadline(time.Now().Add(*idleTimeout)) - } - conn, err := s.listener.Accept() - connChan <- connOrError{conn, err} - close(connChan) - }() - select { - case result := <-connChan: - return result.conn, result.err - case childErr := <-s.waitChan: - s.waitChan <- childErr - if childErr == nil { - return nil, fmt.Errorf("child exited early with no error") - } - return nil, fmt.Errorf("child exited early: %s", childErr) + if !useDebugger() { + s.listener.SetDeadline(time.Now().Add(*idleTimeout)) } + return s.listener.Accept() } // wait finishes the test and waits for the shim process to exit. @@ -1343,9 +1331,8 @@ func (s *shimProcess) wait() error { defer waitTimeout.Stop() } - err := <-s.waitChan - s.waitChan <- err - return err + <-s.done + return s.childErr } // close releases resources associated with the shimProcess. This is safe to From 50ee09552cde1c2019bef24520848d041920cfd4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 15 Jun 2023 15:13:53 -0400 Subject: [PATCH 35/42] Use a single TCP server port in runner The shim is now passed a shim ID which allows us to dispatch. Previously, we dispatched with a distinct TCP server port per test, but this seems to exhaust local ports. As with https://boringssl-review.googlesource.com/c/boringssl/+/60885, this changes the runner/shim protocol, but not the shim/handshaker protocol. See that CL for discussion. Change-Id: Ia22d1bc0bcda1b1869bce4630138538c30f02668 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60888 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- ssl/test/PORTING.md | 15 +-- ssl/test/bssl_shim.cc | 7 ++ ssl/test/runner/runner.go | 47 ++++---- ssl/test/runner/shim_dispatcher.go | 188 +++++++++++++++++++++++++++++ ssl/test/test_config.cc | 13 +- ssl/test/test_config.h | 1 + 6 files changed, 239 insertions(+), 32 deletions(-) create mode 100644 ssl/test/runner/shim_dispatcher.go diff --git a/ssl/test/PORTING.md b/ssl/test/PORTING.md index 5819b49f70..74280b2d2d 100644 --- a/ssl/test/PORTING.md +++ b/ssl/test/PORTING.md @@ -20,13 +20,14 @@ The test runner integrates with the TLS stack under test through a “shim”: a command line program which encapsulates the stack. By default, the shim points to the BoringSSL shim in the same source tree, but any program can be supplied via the `-shim-path` flag. The -runner opens up a server socket and provides the shim with `-port` and -optional `-ipv6` arguments. - -The shim should connect to loopback as a TCP client on the specified -port, using IPv6 if `-ipv6` is specified and IPv4 otherwise. This is -true even when the shim is speaking DTLS or acting as a TLS server. -For DTLS, there is a small framing layer that gives packet boundaries +runner opens up a server socket and provides the shim with `-port`, `-shim-id` +and optional `-ipv6` arguments. + +For each connection, the shim should connect to loopback as a TCP client on +the specified port, using IPv6 if `-ipv6` is specified and IPv4 otherwise. +It then sends the shim ID as a 64-bit, little-endian integer and proceeds with +the test. The shim is a TCP client even when testing DTLS or TLS server +behavior. For DTLS, there is a small framing layer that gives packet boundaries over TCP. The shim can also pass a variety of command line arguments which are used to configure the stack under test. These can be found at `test_config.cc`. diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 6afbcc050d..73aa5c62e3 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -829,6 +829,13 @@ static bool DoConnection(bssl::UniquePtr *out_session, if (!bio) { return false; } + + uint8_t shim_id[8]; + CRYPTO_store_u64_le(shim_id, config->shim_id); + if (!BIO_write_all(bio.get(), shim_id, sizeof(shim_id))) { + return false; + } + if (config->is_dtls) { bssl::UniquePtr packeted = PacketedBioCreate(GetClock()); if (!packeted) { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 954f2a2a3a..e01e1d541a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1253,28 +1253,25 @@ type shimProcess struct { // read for the result. done chan struct{} childErr error - listener *net.TCPListener + listener *shimListener stdout, stderr bytes.Buffer } // newShimProcess starts a new shim with the specified executable, flags, and // environment. It internally creates a TCP listener and adds the the -port // flag. -func newShimProcess(shimPath string, flags []string, env []string) (*shimProcess, error) { - shim := new(shimProcess) - var err error - useIPv6 := true - shim.listener, err = net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback}) - if err != nil { - useIPv6 = false - shim.listener, err = net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}}) - } +func newShimProcess(dispatcher *shimDispatcher, shimPath string, flags []string, env []string) (*shimProcess, error) { + listener, err := dispatcher.NewShim() if err != nil { return nil, err } - cmdFlags := []string{"-port", strconv.Itoa(shim.listener.Addr().(*net.TCPAddr).Port)} - if useIPv6 { + shim := &shimProcess{listener: listener} + cmdFlags := []string{ + "-port", strconv.Itoa(listener.Port()), + "-shim-id", strconv.FormatUint(listener.ShimID(), 10), + } + if listener.IsIPv6() { cmdFlags = append(cmdFlags, "-ipv6") } cmdFlags = append(cmdFlags, flags...) @@ -1312,10 +1309,11 @@ func newShimProcess(shimPath string, flags []string, env []string) (*shimProcess // accept returns a new TCP connection with the shim process, or returns an // error on timeout or shim exit. func (s *shimProcess) accept() (net.Conn, error) { + var deadline time.Time if !useDebugger() { - s.listener.SetDeadline(time.Now().Add(*idleTimeout)) + deadline = time.Now().Add(*idleTimeout) } - return s.listener.Accept() + return s.listener.Accept(deadline) } // wait finishes the test and waits for the shim process to exit. @@ -1418,7 +1416,7 @@ func translateExpectedError(errorStr string) string { // -shim-writes-first flag is used. const shimInitialWrite = "hello" -func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocNumToFail int64) error { +func runTest(dispatcher *shimDispatcher, statusChan chan statusMsg, test *testCase, shimPath string, mallocNumToFail int64) error { // Help debugging panics on the Go side. defer func() { if r := recover(); r != nil { @@ -1629,7 +1627,7 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN env = append(env, "_MALLOC_CHECK=1") } - shim, err := newShimProcess(shimPath, flags, env) + shim, err := newShimProcess(dispatcher, shimPath, flags, env) if err != nil { return err } @@ -19428,7 +19426,7 @@ func addCompliancePolicyTests() { } } -func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { +func worker(dispatcher *shimDispatcher, statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { defer wg.Done() for test := range c { @@ -19437,7 +19435,7 @@ func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sy if *mallocTest >= 0 { for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ { statusChan <- statusMsg{test: test, statusType: statusStarted} - if err = runTest(statusChan, test, shimPath, mallocNumToFail); err != errMoreMallocs { + if err = runTest(dispatcher, statusChan, test, shimPath, mallocNumToFail); err != errMoreMallocs { if err != nil { fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err) } @@ -19447,11 +19445,11 @@ func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sy } else if *repeatUntilFailure { for err == nil { statusChan <- statusMsg{test: test, statusType: statusStarted} - err = runTest(statusChan, test, shimPath, -1) + err = runTest(dispatcher, statusChan, test, shimPath, -1) } } else { statusChan <- statusMsg{test: test, statusType: statusStarted} - err = runTest(statusChan, test, shimPath, -1) + err = runTest(dispatcher, statusChan, test, shimPath, -1) } statusChan <- statusMsg{test: test, statusType: statusDone, err: err} } @@ -19681,6 +19679,13 @@ func main() { checkTests() + dispatcher, err := newShimDispatcher() + if err != nil { + fmt.Fprintf(os.Stderr, "Error opening socket: %s", err) + os.Exit(1) + } + defer dispatcher.Close() + numWorkers := *numWorkersFlag if useDebugger() { numWorkers = 1 @@ -19695,7 +19700,7 @@ func main() { var wg sync.WaitGroup for i := 0; i < numWorkers; i++ { wg.Add(1) - go worker(statusChan, testChan, *shimPath, &wg) + go worker(dispatcher, statusChan, testChan, *shimPath, &wg) } var oneOfPatternIfAny, noneOfPattern []string diff --git a/ssl/test/runner/shim_dispatcher.go b/ssl/test/runner/shim_dispatcher.go new file mode 100644 index 0000000000..0499d89f50 --- /dev/null +++ b/ssl/test/runner/shim_dispatcher.go @@ -0,0 +1,188 @@ +// Copyright (c) 2023, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package runner + +import ( + "context" + "encoding/binary" + "fmt" + "io" + "net" + "os" + "sync" + "time" +) + +type shimDispatcher struct { + lock sync.Mutex + nextShimID uint64 + listener *net.TCPListener + shims map[uint64]*shimListener + err error +} + +func newShimDispatcher() (*shimDispatcher, error) { + listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback}) + if err != nil { + listener, err = net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}}) + } + + if err != nil { + return nil, err + } + d := &shimDispatcher{listener: listener, shims: make(map[uint64]*shimListener)} + go d.acceptLoop() + return d, nil +} + +func (d *shimDispatcher) NewShim() (*shimListener, error) { + d.lock.Lock() + defer d.lock.Unlock() + if d.err != nil { + return nil, d.err + } + + l := &shimListener{dispatcher: d, shimID: d.nextShimID, connChan: make(chan net.Conn, 1)} + d.shims[l.shimID] = l + d.nextShimID++ + return l, nil +} + +func (d *shimDispatcher) unregisterShim(l *shimListener) { + d.lock.Lock() + delete(d.shims, l.shimID) + d.lock.Unlock() +} + +func (d *shimDispatcher) acceptLoop() { + for { + conn, err := d.listener.Accept() + if err != nil { + // Something went wrong. Shut down the listener. + d.closeWithError(err) + return + } + + go func() { + if err := d.dispatch(conn); err != nil { + // To be robust against port scanners, etc., we log a warning + // but otherwise treat undispatchable connections as non-fatal. + fmt.Fprintf(os.Stderr, "Error dispatching connection: %s\n", err) + conn.Close() + } + }() + } +} + +func (d *shimDispatcher) dispatch(conn net.Conn) error { + conn.SetReadDeadline(time.Now().Add(*idleTimeout)) + var buf [8]byte + if _, err := io.ReadFull(conn, buf[:]); err != nil { + return err + } + conn.SetReadDeadline(time.Time{}) + + shimID := binary.LittleEndian.Uint64(buf[:]) + d.lock.Lock() + shim, ok := d.shims[shimID] + d.lock.Unlock() + if !ok { + return fmt.Errorf("shim ID %d not found", shimID) + } + + shim.connChan <- conn + return nil +} + +func (d *shimDispatcher) Close() error { + return d.closeWithError(net.ErrClosed) +} + +func (d *shimDispatcher) closeWithError(err error) error { + closeErr := d.listener.Close() + + d.lock.Lock() + shims := d.shims + d.shims = make(map[uint64]*shimListener) + d.err = err + d.lock.Unlock() + + for _, shim := range shims { + shim.closeWithError(err) + } + return closeErr +} + +type shimListener struct { + dispatcher *shimDispatcher + shimID uint64 + // connChan contains connections from the dispatcher. On fatal error, it is + // closed, with the error available in err. + connChan chan net.Conn + err error + lock sync.Mutex +} + +func (l *shimListener) Port() int { + return l.dispatcher.listener.Addr().(*net.TCPAddr).Port +} + +func (l *shimListener) IsIPv6() bool { + return len(l.dispatcher.listener.Addr().(*net.TCPAddr).IP) == net.IPv6len +} + +func (l *shimListener) ShimID() uint64 { + return l.shimID +} + +func (l *shimListener) Close() error { + l.dispatcher.unregisterShim(l) + l.closeWithError(net.ErrClosed) + return nil +} + +func (l *shimListener) closeWithError(err error) { + // Multiple threads may close the listener at once, so protect closing with + // a lock. + l.lock.Lock() + if l.err == nil { + l.err = err + close(l.connChan) + } + l.lock.Unlock() +} + +func (l *shimListener) Accept(deadline time.Time) (net.Conn, error) { + var timerChan <-chan time.Time + if !deadline.IsZero() { + remaining := time.Until(deadline) + if remaining < 0 { + return nil, context.DeadlineExceeded + } + timer := time.NewTimer(remaining) + defer timer.Stop() + timerChan = timer.C + } + + select { + case <-timerChan: + return nil, context.DeadlineExceeded + case conn, ok := <-l.connChan: + if !ok { + return nil, l.err + } + return conn, nil + } +} diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 980bef1352..baff66b3be 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -66,7 +66,6 @@ Flag BoolFlag(const char *name, bool TestConfig::*field, template bool StringToInt(T *out, const char *str) { static_assert(std::is_integral::value, "not an integral type"); - static_assert(sizeof(T) <= sizeof(long long), "type too large for long long"); // |strtoull| allows leading '-' with wraparound. Additionally, both // functions accept empty strings and leading whitespace. @@ -78,15 +77,20 @@ bool StringToInt(T *out, const char *str) { errno = 0; char *end; if (std::is_signed::value) { + static_assert(sizeof(T) <= sizeof(long long), + "type too large for long long"); long long value = strtoll(str, &end, 10); - if (value < std::numeric_limits::min() || - value > std::numeric_limits::max()) { + if (value < static_cast(std::numeric_limits::min()) || + value > static_cast(std::numeric_limits::max())) { return false; } *out = static_cast(value); } else { + static_assert(sizeof(T) <= sizeof(unsigned long long), + "type too large for unsigned long long"); unsigned long long value = strtoull(str, &end, 10); - if (value > std::numeric_limits::max()) { + if (value > + static_cast(std::numeric_limits::max())) { return false; } *out = static_cast(value); @@ -200,6 +204,7 @@ std::vector SortedFlags() { std::vector flags = { IntFlag("-port", &TestConfig::port, /*skip_handshaker=*/true), BoolFlag("-ipv6", &TestConfig::ipv6, /*skip_handshaker=*/true), + IntFlag("-shim-id", &TestConfig::shim_id, /*skip_handshaker=*/true), BoolFlag("-server", &TestConfig::is_server), BoolFlag("-dtls", &TestConfig::is_dtls), BoolFlag("-quic", &TestConfig::is_quic), diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 4e84800056..1181a73065 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -27,6 +27,7 @@ struct TestConfig { int port = 0; bool ipv6 = false; + uint64_t shim_id = 0; bool is_server = false; bool is_dtls = false; bool is_quic = false; From 9fcaec6435a42cda37f3e8d4c5b8eed480c0e917 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 6 Jun 2023 19:30:32 -0400 Subject: [PATCH 36/42] Start recognizing the OPENSSL_NANOLIBC define nanolibc is an embedded platform with no threads. To start unforking that build, generalize some of the OPENSSL_TRUSTY defines. OpenSSL has OPENSSL_NO_SOCK if you don't have sockets and OPENSSL_NO_POSIX_IO if you don't have file descriptors. Those names are fine enough, so I've borrowed them here too. There's more to be done here, but this will clear out some of it. Change-Id: Iaba1fafdebb46ebb8f68b7956535dd0ccaaa832f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60890 Auto-Submit: David Benjamin Commit-Queue: Bob Beck Reviewed-by: Bob Beck --- crypto/bio/connect.c | 4 ++-- crypto/bio/fd.c | 4 ++-- crypto/bio/socket.c | 4 ++-- crypto/bio/socket_helper.c | 4 ++-- crypto/internal.h | 9 ++++++--- include/openssl/base.h | 8 ++++++++ 6 files changed, 22 insertions(+), 11 deletions(-) diff --git a/crypto/bio/connect.c b/crypto/bio/connect.c index c19f1c4e65..fda8f8522d 100644 --- a/crypto/bio/connect.c +++ b/crypto/bio/connect.c @@ -56,7 +56,7 @@ #include -#if !defined(OPENSSL_TRUSTY) +#if !defined(OPENSSL_NO_SOCK) #include #include @@ -544,4 +544,4 @@ int BIO_do_connect(BIO *bio) { return (int)BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NULL); } -#endif // OPENSSL_TRUSTY +#endif // OPENSSL_NO_SOCK diff --git a/crypto/bio/fd.c b/crypto/bio/fd.c index 7775d7a75a..aac8bcb3c0 100644 --- a/crypto/bio/fd.c +++ b/crypto/bio/fd.c @@ -56,7 +56,7 @@ #include -#if !defined(OPENSSL_TRUSTY) +#if !defined(OPENSSL_NO_POSIX_IO) #include #include @@ -276,4 +276,4 @@ int BIO_get_fd(BIO *bio, int *out_fd) { return (int)BIO_ctrl(bio, BIO_C_GET_FD, 0, (char *) out_fd); } -#endif // OPENSSL_TRUSTY +#endif // OPENSSL_NO_POSIX_IO diff --git a/crypto/bio/socket.c b/crypto/bio/socket.c index c5bf60941b..6084e96cfa 100644 --- a/crypto/bio/socket.c +++ b/crypto/bio/socket.c @@ -56,7 +56,7 @@ #include -#if !defined(OPENSSL_TRUSTY) +#if !defined(OPENSSL_NO_SOCK) #include #include @@ -186,4 +186,4 @@ BIO *BIO_new_socket(int fd, int close_flag) { return ret; } -#endif // OPENSSL_TRUSTY +#endif // OPENSSL_NO_SOCK diff --git a/crypto/bio/socket_helper.c b/crypto/bio/socket_helper.c index 4cd7825a65..366996c8f9 100644 --- a/crypto/bio/socket_helper.c +++ b/crypto/bio/socket_helper.c @@ -20,7 +20,7 @@ #include #include -#if !defined(OPENSSL_TRUSTY) +#if !defined(OPENSSL_NO_SOCK) #include #include @@ -121,4 +121,4 @@ int bio_sock_error(int sock) { return error; } -#endif // OPENSSL_TRUSTY +#endif // OPENSSL_NO_SOCK diff --git a/crypto/internal.h b/crypto/internal.h index 98e2178140..274a0a828b 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -206,14 +206,17 @@ OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void); #endif +// On non-MSVC 64-bit targets, we expect __uint128_t support. This includes +// clang-cl, which defines both __clang__ and _MSC_VER. #if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT) #define BORINGSSL_HAS_UINT128 typedef __int128_t int128_t; typedef __uint128_t uint128_t; -// clang-cl supports __uint128_t but modulus and division don't work. -// https://crbug.com/787617. -#if !defined(_MSC_VER) || !defined(__clang__) +// __uint128_t division depends on intrinsics in the compiler runtime. Those +// intrinsics are missing in clang-cl (https://crbug.com/787617) and nanolibc. +// These may be bugs in the toolchain definition, but just disable it for now. +#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) #define BORINGSSL_CAN_DIVIDE_UINT128 #endif #endif diff --git a/include/openssl/base.h b/include/openssl/base.h index 2249aea6fa..cd7b75fbf4 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -153,6 +153,14 @@ extern "C" { #if defined(__TRUSTY__) #define OPENSSL_TRUSTY +#define OPENSSL_NO_POSIX_IO +#define OPENSSL_NO_SOCK +#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED +#endif + +#if defined(OPENSSL_NANOLIBC) +#define OPENSSL_NO_POSIX_IO +#define OPENSSL_NO_SOCK #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED #endif From 9c30e5389c6878fc95d21e754df935a1d71f333d Mon Sep 17 00:00:00 2001 From: Andres Erbsen Date: Tue, 20 Jun 2023 19:05:23 +0000 Subject: [PATCH 37/42] Credit CryptOpt in third_party/fiat/README.md Change-Id: I824560a5bddb9183e61c663ca4cbdc4530177e66 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60945 Reviewed-by: Adam Langley Auto-Submit: Andres Erbsen Commit-Queue: Adam Langley Reviewed-by: Bob Beck --- third_party/fiat/README.md | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/third_party/fiat/README.md b/third_party/fiat/README.md index 56accd45fa..9c1fc870bb 100644 --- a/third_party/fiat/README.md +++ b/third_party/fiat/README.md @@ -1,8 +1,23 @@ -# Fiat +# Fiat Cryptography -This directory contains code generated by -[Fiat](https://github.com/mit-plv/fiat-crypto) and thus these files are -licensed under the MIT license. (See LICENSE file.) +The files in this directory are generated using [Fiat +Cryptography](https://github.com/mit-plv/fiat-crypto) from the associated +library of arithmetic-implementation templates. These files are included under +the MIT license. (See LICENSE file.) -The files are imported from the `fiat-c/src` directory of the Fiat repository. -Their contents are `#include`d into source files, so we rename them to `.h`. +Some files are included directly from the `fiat-c/src` directory of the Fiat +Cryptography repository. Their contents are `#include`d into source files, so +we rename them to `.h`. Implementations that use saturated arithmetic on 64-bit +words are further manually edited to use platform-appropriate incantations for +operations such as addition with carry; these changes are marked with "`NOTE: +edited after generation`". + +# CryptOpt + +Files in the `asm` directory are compiled from Fiat-Cryptography templates +using [CryptOpt](https://github.com/0xADE1A1DE/CryptOpt). These generated +assembly files have been edited to support call-stack unwinding. The modified +files have been checked for functional correctness using the CryptOpt +translation validator that is included in the Fiat-Cryptography repository. +Correct unwinding and manual assembler-directive changes related to object-file +conventions are validated using unit tests. From ee194c75a65ca813fc78eb2cb7eca65ce344ec7b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 22 Jun 2023 12:43:14 -0400 Subject: [PATCH 38/42] Slightly tidy BIO_C_SET_FILENAME logic We could just use the string literal as-is. Change-Id: I2efe01fd9b020db1bb086001407bcf7fa8487551 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61045 Auto-Submit: David Benjamin Commit-Queue: David Benjamin Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- crypto/bio/file.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/bio/file.c b/crypto/bio/file.c index 8ba9c544c2..d0281c8548 100644 --- a/crypto/bio/file.c +++ b/crypto/bio/file.c @@ -172,7 +172,6 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret = 1; FILE *fp = (FILE *)b->ptr; FILE **fpp; - char p[4]; switch (cmd) { case BIO_CTRL_RESET: @@ -197,27 +196,28 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_C_SET_FILENAME: file_free(b); b->shutdown = (int)num & BIO_CLOSE; + const char *mode; if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) { - OPENSSL_strlcpy(p, "a+", sizeof(p)); + mode = "a+"; } else { - OPENSSL_strlcpy(p, "a", sizeof(p)); + mode = "a"; } } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) { - OPENSSL_strlcpy(p, "r+", sizeof(p)); + mode = "r+"; } else if (num & BIO_FP_WRITE) { - OPENSSL_strlcpy(p, "w", sizeof(p)); + mode = "w"; } else if (num & BIO_FP_READ) { - OPENSSL_strlcpy(p, "r", sizeof(p)); + mode = "r"; } else { OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE); ret = 0; break; } - fp = fopen(ptr, p); + fp = fopen(ptr, mode); if (fp == NULL) { OPENSSL_PUT_SYSTEM_ERROR(); - ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); + ERR_add_error_data(5, "fopen('", ptr, "','", mode, "')"); OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB); ret = 0; break; From bc97b7a8e1952bab69fea961301a90e5ad3344e9 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Tue, 18 Apr 2023 08:35:15 -0600 Subject: [PATCH 39/42] Bring in the core of chromium certificate verifier as libpki Initially this leaves the canonical source in chrome, Additions and fillins are committed directly, the chrome files are coverted using the IMPORT script run from the pki directory for the moment. The intention here is to continue frequent automatic conversion (and avoid wholesale cosmetic changes in here for now) until chrome converts to use these files in place of it's versions. At that point these will become the definiative files, and the IMPORT script can be tossed out. A middle step along the way will be to change google3's verify.cc in third_party/chromium_certificate_verifier to use this instead of it's own extracted copy. Status (and what is not done yet) being roughly tracked in README.md Bug: chromium:1322914 Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285 Commit-Queue: Bob Beck Reviewed-by: Adam Langley --- CMakeLists.txt | 4 +- pki/CMakeLists.txt | 103 + pki/IMPORT | 23 + pki/README.md | 32 + pki/asn1_util.cc | 331 + pki/asn1_util.h | 75 + pki/cert_error_id.cc | 14 + pki/cert_error_id.h | 38 + pki/cert_error_params.cc | 145 + pki/cert_error_params.h | 68 + pki/cert_errors.cc | 201 + pki/cert_errors.h | 168 + pki/cert_issuer_source.h | 70 + pki/cert_issuer_source_static.cc | 37 + pki/cert_issuer_source_static.h | 51 + pki/cert_issuer_source_static_unittest.cc | 40 + pki/cert_issuer_source_sync_unittest.h | 216 + pki/cert_net_fetcher.h | 97 + pki/cert_status_flags.h | 49 + pki/cert_status_flags_list.h | 47 + pki/cert_verify_proc_blocklist.inc | 427 + pki/certificate_policies.cc | 372 + pki/certificate_policies.h | 136 + pki/certificate_policies_unittest.cc | 313 + pki/common_cert_errors.cc | 85 + pki/common_cert_errors.h | 164 + pki/crl.cc | 626 + pki/crl.h | 225 + pki/encode_values.cc | 103 + pki/encode_values.h | 48 + pki/encode_values_unittest.cc | 169 + pki/extended_key_usage.cc | 40 + pki/extended_key_usage.h | 89 + pki/extended_key_usage_unittest.cc | 166 + pki/fillins/base64.cc | 48 + pki/fillins/base64.h | 27 + pki/fillins/check.h | 53 + pki/fillins/file_util.cc | 35 + pki/fillins/file_util.h | 24 + pki/fillins/inet.h | 16 + pki/fillins/ip_address.cc | 171 + pki/fillins/ip_address.h | 62 + pki/fillins/net_errors.h | 18 + pki/fillins/openssl_util.cc | 19 + pki/fillins/openssl_util.h | 28 + pki/fillins/path_service.cc | 44 + pki/fillins/path_service.h | 43 + pki/fillins/string_util.cc | 89 + pki/fillins/string_util.h | 41 + pki/fillins/utf_string_conversions.cc | 47 + pki/fillins/utf_string_conversions.h | 34 + pki/general_names.cc | 242 + pki/general_names.h | 124 + pki/import_spec.json | 359 + pki/import_tool.go | 187 + pki/input.cc | 71 + pki/input.h | 156 + pki/input_unittest.cc | 107 + pki/mock_signature_verify_cache.cc | 32 + pki/mock_signature_verify_cache.h | 48 + pki/name_constraints.cc | 674 + pki/name_constraints.h | 106 + pki/name_constraints_unittest.cc | 1824 + pki/nist_pkits_unittest.cc | 100 + pki/nist_pkits_unittest.h | 149 + pki/ocsp.cc | 1050 + pki/ocsp.h | 324 + pki/ocsp_parse_ocsp_cert_id_fuzzer.cc | 17 + pki/ocsp_parse_ocsp_response_data_fuzzer.cc | 17 + pki/ocsp_parse_ocsp_response_fuzzer.cc | 17 + pki/ocsp_parse_ocsp_single_response_fuzzer.cc | 17 + pki/ocsp_revocation_status.h | 21 + pki/ocsp_unittest.cc | 245 + pki/ocsp_verify_result.cc | 24 + pki/ocsp_verify_result.h | 76 + pki/parse_certificate.cc | 956 + pki/parse_certificate.h | 629 + pki/parse_certificate_fuzzer.cc | 25 + pki/parse_certificate_unittest.cc | 1176 + pki/parse_name.cc | 226 + pki/parse_name.h | 158 + pki/parse_name_unittest.cc | 361 + pki/parse_values.cc | 446 + pki/parse_values.h | 152 + pki/parse_values_unittest.cc | 465 + pki/parsed_certificate.cc | 295 + pki/parsed_certificate.h | 337 + pki/parsed_certificate_unittest.cc | 593 + pki/parser.cc | 156 + pki/parser.h | 212 + pki/parser_unittest.cc | 365 + ...e-constraint-limit-to-resemble-Borin.patch | 41109 ++++++++++++++++ ...he-use-of-DVLOG-LOG-in-path-builder-.patch | 221 + ...lder-tests-with-unsupported-dependen.patch | 112 + pki/path_builder.cc | 914 + pki/path_builder.h | 240 + pki/path_builder_pkits_unittest.cc | 306 + pki/path_builder_unittest.cc | 2524 + ...ilder_verify_certificate_chain_unittest.cc | 55 + pki/pem.cc | 143 + pki/pem.h | 88 + pki/revocation_util.cc | 59 + pki/revocation_util.h | 33 + pki/signature_algorithm.cc | 420 + pki/signature_algorithm.h | 87 + pki/signature_algorithm_unittest.cc | 1455 + pki/signature_verify_cache.h | 41 + pki/simple_path_builder_delegate.cc | 126 + pki/simple_path_builder_delegate.h | 73 + pki/simple_path_builder_delegate_unittest.cc | 108 + pki/string_util.cc | 117 + pki/string_util.h | 65 + pki/string_util_unittest.cc | 155 + pki/tag.cc | 25 + pki/tag.h | 78 + pki/test_helpers.cc | 489 + pki/test_helpers.h | 168 + .../cert_issuer_source_static_unittest/c1.pem | 91 + .../cert_issuer_source_static_unittest/c2.pem | 91 + .../cert_issuer_source_static_unittest/d.pem | 91 + .../cert_issuer_source_static_unittest/e1.pem | 91 + .../cert_issuer_source_static_unittest/e2.pem | 91 + .../generate-certs.py | 88 + .../i1_1.pem | 91 + .../i1_2.pem | 91 + .../cert_issuer_source_static_unittest/i2.pem | 91 + .../i3_1.pem | 91 + .../i3_2.pem | 91 + .../keys/C1.key | 28 + .../keys/C2.key | 28 + .../keys/D.key | 28 + .../keys/E1.key | 28 + .../keys/E2.key | 28 + .../keys/I1.key | 28 + .../keys/I2.key | 28 + .../keys/I3.key | 28 + .../keys/I3_1.key | 28 + .../keys/Root.key | 28 + .../keys/i1_1.key | 28 + .../root.pem | 91 + .../anypolicy.pem | 6 + .../anypolicy_with_qualifier.pem | 10 + .../generate_policies.py | 176 + ...nvalid-anypolicy_with_custom_qualifier.pem | 10 + .../invalid-empty.pem | 4 + .../invalid-policy_1_2_3_dupe.pem | 12 + ..._2_3_policyinformation_unconsumed_data.pem | 7 + ..._3_policyqualifierinfo_unconsumed_data.pem | 12 + ...y_1_2_3_with_empty_qualifiers_sequence.pem | 7 + .../invalid-policy_identifier_not_oid.pem | 6 + .../policy_1_2_3.pem | 6 + .../policy_1_2_3_and_1_2_4.pem | 8 + ...policy_1_2_3_and_1_2_4_with_qualifiers.pem | 17 + .../policy_1_2_3_with_custom_qualifier.pem | 10 + .../policy_1_2_3_with_qualifier.pem | 10 + .../directoryname-excludeall.pem | 27 + .../directoryname-excluded.pem | 27 + .../directoryname.pem | 105 + .../directoryname_and_dnsname.pem | 130 + ...irectoryname_and_dnsname_and_ipaddress.pem | 164 + .../dnsname-exclude_dot.pem | 15 + .../dnsname-excludeall.pem | 15 + .../dnsname-excluded.pem | 10 + .../dnsname-excluded_with_leading_dot.pem | 10 + .../dnsname-permitted_two_dot.pem | 10 + .../dnsname-permitted_with_leading_dot.pem | 10 + .../dnsname-with_max.pem | 11 + .../dnsname-with_min_0.pem | 11 + .../dnsname-with_min_0_and_max.pem | 12 + .../dnsname-with_min_1.pem | 11 + .../dnsname-with_min_1_and_max.pem | 12 + .../name_constraints_unittest/dnsname.pem | 34 + .../name_constraints_unittest/dnsname2.pem | 15 + .../edipartyname-excluded.pem | 12 + .../edipartyname-permitted.pem | 12 + .../generate_name_constraints.py | 677 + .../invalid-empty_excluded_subtree.pem | 6 + .../invalid-empty_permitted_subtree.pem | 6 + .../invalid-no_subtrees.pem | 4 + .../ipaddress-excludeall.pem | 22 + .../ipaddress-excluded.pem | 10 + .../ipaddress-invalid_addr.pem | 13 + ...paddress-invalid_mask_not_contiguous_1.pem | 10 + ...paddress-invalid_mask_not_contiguous_2.pem | 10 + ...paddress-invalid_mask_not_contiguous_3.pem | 10 + ...paddress-invalid_mask_not_contiguous_4.pem | 10 + .../ipaddress-permit_all.pem | 10 + .../ipaddress-permit_prefix1.pem | 10 + .../ipaddress-permit_prefix31.pem | 10 + .../ipaddress-permit_singlehost.pem | 10 + .../name_constraints_unittest/ipaddress.pem | 43 + .../name_constraints_unittest/name-ca.pem | 12 + .../name_constraints_unittest/name-de.pem | 12 + .../name_constraints_unittest/name-empty.pem | 4 + .../name-jp-tokyo.pem | 19 + .../name_constraints_unittest/name-jp.pem | 12 + .../name-us-arizona-1.1.1.1.pem | 26 + .../name-us-arizona-192.168.1.1.pem | 26 + .../name-us-arizona-email-invalidstring.pem | 27 + .../name-us-arizona-email-localpartcase.pem | 27 + .../name-us-arizona-email-multiple.pem | 34 + .../name-us-arizona-email.pem | 27 + .../name-us-arizona-foo.com.pem | 26 + .../name-us-arizona-ipv6.pem | 27 + .../name-us-arizona-permitted.example.com.pem | 27 + .../name-us-arizona.pem | 19 + .../name-us-california-192.168.1.1.pem | 27 + .../name-us-california-mountain_view.pem | 27 + ...me-us-california-permitted.example.com.pem | 27 + .../name-us-california.pem | 19 + .../name_constraints_unittest/name-us.pem | 12 + .../othername-excluded.pem | 13 + .../othername-permitted.pem | 13 + .../registeredid-excluded.pem | 10 + .../registeredid-permitted.pem | 10 + .../rfc822name-excluded-empty.pem | 10 + .../rfc822name-excluded-hostname.pem | 10 + .../rfc822name-excluded-hostnamewithat.pem | 10 + .../rfc822name-excluded-ipv4.pem | 10 + .../rfc822name-excluded-quoted.pem | 10 + .../rfc822name-excluded-subdomains.pem | 10 + .../rfc822name-excluded.pem | 10 + .../rfc822name-permitted-empty.pem | 10 + .../rfc822name-permitted-hostname.pem | 10 + .../rfc822name-permitted-hostnamewithat.pem | 10 + .../rfc822name-permitted-ipv4.pem | 10 + .../rfc822name-permitted-quoted.pem | 10 + .../rfc822name-permitted-subdomains.pem | 10 + .../rfc822name-permitted.pem | 10 + .../san-directoryname.pem | 16 + .../name_constraints_unittest/san-dnsname.pem | 6 + .../san-edipartyname.pem | 6 + .../san-excluded-directoryname.pem | 52 + .../san-excluded-dnsname.pem | 28 + .../san-excluded-ipaddress.pem | 27 + .../san-invalid-empty.pem | 4 + .../san-invalid-ipaddress.pem | 6 + .../san-ipaddress4.pem | 6 + .../san-ipaddress6.pem | 6 + .../san-othername.pem | 9 + .../san-permitted.pem | 26 + .../san-registeredid.pem | 6 + .../san-rfc822name-domaincase.pem | 6 + .../san-rfc822name-empty-localpart.pem | 6 + .../san-rfc822name-empty.pem | 6 + .../san-rfc822name-ipv4.pem | 6 + .../san-rfc822name-localpartcase.pem | 6 + .../san-rfc822name-multiple.pem | 7 + .../san-rfc822name-no-at.pem | 6 + .../san-rfc822name-quoted.pem | 6 + .../san-rfc822name-subdomain-no-at.pem | 6 + .../san-rfc822name-subdomain-two-ats.pem | 6 + .../san-rfc822name-subdomain.pem | 6 + .../san-rfc822name-subdomaincase.pem | 6 + .../san-rfc822name-two-ats.pem | 6 + .../san-rfc822name.pem | 6 + .../name_constraints_unittest/san-uri.pem | 6 + .../san-x400address.pem | 12 + .../uri-excluded.pem | 10 + .../uri-permitted.pem | 10 + .../x400address-excluded.pem | 16 + .../x400address-permitted.pem | 16 + pki/testdata/nist-pkits/BUILD.gn | 21 + pki/testdata/nist-pkits/README.chromium | 19 + .../AllCertificatesNoPoliciesTest2EE.crt | Bin 0 -> 898 bytes .../AllCertificatesSamePoliciesTest10EE.crt | Bin 0 -> 941 bytes .../AllCertificatesSamePoliciesTest13EE.crt | Bin 0 -> 958 bytes .../AllCertificatesanyPolicyTest11EE.crt | Bin 0 -> 914 bytes .../nist-pkits/certs/AnyPolicyTest14EE.crt | Bin 0 -> 903 bytes .../certs/BadCRLIssuerNameCACert.crt | Bin 0 -> 911 bytes .../certs/BadCRLSignatureCACert.crt | Bin 0 -> 909 bytes .../nist-pkits/certs/BadSignedCACert.crt | Bin 0 -> 902 bytes .../certs/BadnotAfterDateCACert.crt | Bin 0 -> 909 bytes .../certs/BadnotBeforeDateCACert.crt | Bin 0 -> 910 bytes .../BasicSelfIssuedCRLSigningKeyCACert.crt | Bin 0 -> 925 bytes .../BasicSelfIssuedCRLSigningKeyCRLCert.crt | Bin 0 -> 1074 bytes .../certs/BasicSelfIssuedNewKeyCACert.crt | Bin 0 -> 917 bytes .../BasicSelfIssuedNewKeyOldWithNewCACert.crt | Bin 0 -> 933 bytes .../certs/BasicSelfIssuedOldKeyCACert.crt | Bin 0 -> 917 bytes .../BasicSelfIssuedOldKeyNewWithOldCACert.crt | Bin 0 -> 1067 bytes .../certs/CPSPointerQualifierTest20EE.crt | Bin 0 -> 1011 bytes pki/testdata/nist-pkits/certs/DSACACert.crt | Bin 0 -> 1045 bytes .../certs/DSAParametersInheritedCACert.crt | Bin 0 -> 546 bytes .../certs/DifferentPoliciesTest12EE.crt | Bin 0 -> 914 bytes .../certs/DifferentPoliciesTest3EE.crt | Bin 0 -> 916 bytes .../certs/DifferentPoliciesTest4EE.crt | Bin 0 -> 909 bytes .../certs/DifferentPoliciesTest5EE.crt | Bin 0 -> 917 bytes .../certs/DifferentPoliciesTest7EE.crt | Bin 0 -> 943 bytes .../certs/DifferentPoliciesTest8EE.crt | Bin 0 -> 941 bytes .../certs/DifferentPoliciesTest9EE.crt | Bin 0 -> 931 bytes .../GeneralizedTimeCRLnextUpdateCACert.crt | Bin 0 -> 920 bytes pki/testdata/nist-pkits/certs/GoodCACert.crt | Bin 0 -> 896 bytes .../nist-pkits/certs/GoodsubCACert.crt | Bin 0 -> 910 bytes .../GoodsubCAPanyPolicyMapping1to2CACert.crt | Bin 0 -> 968 bytes .../certs/InvalidBadCRLIssuerNameTest5EE.crt | Bin 0 -> 930 bytes .../certs/InvalidBadCRLSignatureTest4EE.crt | Bin 0 -> 926 bytes ...lidBasicSelfIssuedCRLSigningKeyTest7EE.crt | Bin 0 -> 958 bytes ...lidBasicSelfIssuedCRLSigningKeyTest8EE.crt | Bin 0 -> 958 bytes ...nvalidBasicSelfIssuedNewWithOldTest5EE.crt | Bin 0 -> 947 bytes ...nvalidBasicSelfIssuedOldWithNewTest2EE.crt | Bin 0 -> 947 bytes .../certs/InvalidCASignatureTest2EE.crt | Bin 0 -> 899 bytes .../certs/InvalidCAnotAfterDateTest5EE.crt | Bin 0 -> 925 bytes .../certs/InvalidCAnotBeforeDateTest1EE.crt | Bin 0 -> 927 bytes .../InvalidDNSnameConstraintsTest31EE.crt | Bin 0 -> 981 bytes .../InvalidDNSnameConstraintsTest33EE.crt | Bin 0 -> 970 bytes .../InvalidDNSnameConstraintsTest38EE.crt | Bin 0 -> 969 bytes ...alidDNandRFC822nameConstraintsTest28EE.crt | Bin 0 -> 1049 bytes ...alidDNandRFC822nameConstraintsTest29EE.crt | Bin 0 -> 1051 bytes .../InvalidDNnameConstraintsTest10EE.crt | Bin 0 -> 986 bytes .../InvalidDNnameConstraintsTest12EE.crt | Bin 0 -> 991 bytes .../InvalidDNnameConstraintsTest13EE.crt | Bin 0 -> 991 bytes .../InvalidDNnameConstraintsTest15EE.crt | Bin 0 -> 962 bytes .../InvalidDNnameConstraintsTest16EE.crt | Bin 0 -> 962 bytes .../InvalidDNnameConstraintsTest17EE.crt | Bin 0 -> 962 bytes .../InvalidDNnameConstraintsTest20EE.crt | Bin 0 -> 904 bytes .../certs/InvalidDNnameConstraintsTest2EE.crt | Bin 0 -> 957 bytes .../certs/InvalidDNnameConstraintsTest3EE.crt | Bin 0 -> 1113 bytes .../certs/InvalidDNnameConstraintsTest7EE.crt | Bin 0 -> 957 bytes .../certs/InvalidDNnameConstraintsTest8EE.crt | Bin 0 -> 957 bytes .../certs/InvalidDNnameConstraintsTest9EE.crt | Bin 0 -> 957 bytes .../certs/InvalidDSASignatureTest6EE.crt | Bin 0 -> 851 bytes .../certs/InvalidEESignatureTest3EE.crt | Bin 0 -> 893 bytes .../certs/InvalidEEnotAfterDateTest6EE.crt | Bin 0 -> 912 bytes .../certs/InvalidEEnotBeforeDateTest2EE.crt | Bin 0 -> 913 bytes .../InvalidIDPwithindirectCRLTest23EE.crt | Bin 0 -> 925 bytes .../InvalidIDPwithindirectCRLTest26EE.crt | Bin 0 -> 1019 bytes .../certs/InvalidLongSerialNumberTest18EE.crt | Bin 0 -> 948 bytes .../InvalidMappingFromanyPolicyTest7EE.crt | Bin 0 -> 936 bytes .../InvalidMappingToanyPolicyTest8EE.crt | Bin 0 -> 926 bytes .../certs/InvalidMissingCRLTest1EE.crt | Bin 0 -> 909 bytes .../InvalidMissingbasicConstraintsTest1EE.crt | Bin 0 -> 940 bytes .../certs/InvalidNameChainingOrderTest2EE.crt | Bin 0 -> 999 bytes .../certs/InvalidNameChainingTest1EE.crt | Bin 0 -> 914 bytes .../InvalidNegativeSerialNumberTest15EE.crt | Bin 0 -> 937 bytes .../certs/InvalidOldCRLnextUpdateTest11EE.crt | Bin 0 -> 929 bytes .../certs/InvalidPolicyMappingTest10EE.crt | Bin 0 -> 938 bytes .../certs/InvalidPolicyMappingTest2EE.crt | Bin 0 -> 918 bytes .../certs/InvalidPolicyMappingTest4EE.crt | Bin 0 -> 928 bytes .../InvalidRFC822nameConstraintsTest22EE.crt | Bin 0 -> 982 bytes .../InvalidRFC822nameConstraintsTest24EE.crt | Bin 0 -> 993 bytes .../InvalidRFC822nameConstraintsTest26EE.crt | Bin 0 -> 982 bytes .../certs/InvalidRevokedCATest2EE.crt | Bin 0 -> 909 bytes .../certs/InvalidRevokedEETest3EE.crt | Bin 0 -> 903 bytes ...alidSelfIssuedinhibitAnyPolicyTest10EE.crt | Bin 0 -> 919 bytes ...validSelfIssuedinhibitAnyPolicyTest8EE.crt | Bin 0 -> 944 bytes ...SelfIssuedinhibitPolicyMappingTest10EE.crt | Bin 0 -> 952 bytes ...SelfIssuedinhibitPolicyMappingTest11EE.crt | Bin 0 -> 952 bytes ...dSelfIssuedinhibitPolicyMappingTest8EE.crt | Bin 0 -> 954 bytes ...dSelfIssuedinhibitPolicyMappingTest9EE.crt | Bin 0 -> 954 bytes ...lidSelfIssuedpathLenConstraintTest16EE.crt | Bin 0 -> 944 bytes ...SelfIssuedrequireExplicitPolicyTest7EE.crt | Bin 0 -> 925 bytes ...SelfIssuedrequireExplicitPolicyTest8EE.crt | Bin 0 -> 925 bytes ...dSeparateCertificateandCRLKeysTest20EE.crt | Bin 0 -> 960 bytes ...dSeparateCertificateandCRLKeysTest21EE.crt | Bin 0 -> 960 bytes .../InvalidURInameConstraintsTest35EE.crt | Bin 0 -> 987 bytes .../InvalidURInameConstraintsTest37EE.crt | Bin 0 -> 987 bytes ...InvalidUnknownCRLEntryExtensionTest8EE.crt | Bin 0 -> 946 bytes .../InvalidUnknownCRLExtensionTest10EE.crt | Bin 0 -> 935 bytes .../InvalidUnknownCRLExtensionTest9EE.crt | Bin 0 -> 934 bytes ...ownCriticalCertificateExtensionTest2EE.crt | Bin 0 -> 954 bytes .../certs/InvalidWrongCRLTest6EE.crt | Bin 0 -> 910 bytes .../certs/InvalidcAFalseTest2EE.crt | Bin 0 -> 934 bytes .../certs/InvalidcAFalseTest3EE.crt | Bin 0 -> 938 bytes .../certs/InvalidcRLIssuerTest27EE.crt | Bin 0 -> 999 bytes .../certs/InvalidcRLIssuerTest31EE.crt | Bin 0 -> 1136 bytes .../certs/InvalidcRLIssuerTest32EE.crt | Bin 0 -> 1136 bytes .../certs/InvalidcRLIssuerTest34EE.crt | Bin 0 -> 1044 bytes .../certs/InvalidcRLIssuerTest35EE.crt | Bin 0 -> 1128 bytes .../InvaliddeltaCRLIndicatorNoBaseTest1EE.crt | Bin 0 -> 942 bytes .../certs/InvaliddeltaCRLTest10EE.crt | Bin 0 -> 1094 bytes .../certs/InvaliddeltaCRLTest3EE.crt | Bin 0 -> 1093 bytes .../certs/InvaliddeltaCRLTest4EE.crt | Bin 0 -> 1093 bytes .../certs/InvaliddeltaCRLTest6EE.crt | Bin 0 -> 1093 bytes .../certs/InvaliddeltaCRLTest9EE.crt | Bin 0 -> 1093 bytes .../certs/InvaliddistributionPointTest2EE.crt | Bin 0 -> 1071 bytes .../certs/InvaliddistributionPointTest3EE.crt | Bin 0 -> 1071 bytes .../certs/InvaliddistributionPointTest6EE.crt | Bin 0 -> 984 bytes .../certs/InvaliddistributionPointTest8EE.crt | Bin 0 -> 1028 bytes .../certs/InvaliddistributionPointTest9EE.crt | Bin 0 -> 927 bytes .../certs/InvalidinhibitAnyPolicyTest1EE.crt | Bin 0 -> 919 bytes .../certs/InvalidinhibitAnyPolicyTest4EE.crt | Bin 0 -> 923 bytes .../certs/InvalidinhibitAnyPolicyTest5EE.crt | Bin 0 -> 925 bytes .../certs/InvalidinhibitAnyPolicyTest6EE.crt | Bin 0 -> 926 bytes .../InvalidinhibitPolicyMappingTest1EE.crt | Bin 0 -> 950 bytes .../InvalidinhibitPolicyMappingTest3EE.crt | Bin 0 -> 943 bytes .../InvalidinhibitPolicyMappingTest5EE.crt | Bin 0 -> 942 bytes .../InvalidinhibitPolicyMappingTest6EE.crt | Bin 0 -> 947 bytes ...lidkeyUsageCriticalcRLSignFalseTest4EE.crt | Bin 0 -> 954 bytes ...eyUsageCriticalkeyCertSignFalseTest1EE.crt | Bin 0 -> 962 bytes ...keyUsageNotCriticalcRLSignFalseTest5EE.crt | Bin 0 -> 962 bytes ...sageNotCriticalkeyCertSignFalseTest2EE.crt | Bin 0 -> 963 bytes ...alidonlyContainsAttributeCertsTest14EE.crt | Bin 0 -> 945 bytes .../InvalidonlyContainsCACertsTest12EE.crt | Bin 0 -> 931 bytes .../InvalidonlyContainsUserCertsTest11EE.crt | Bin 0 -> 952 bytes .../certs/InvalidonlySomeReasonsTest15EE.crt | Bin 0 -> 924 bytes .../certs/InvalidonlySomeReasonsTest16EE.crt | Bin 0 -> 924 bytes .../certs/InvalidonlySomeReasonsTest17EE.crt | Bin 0 -> 924 bytes .../certs/InvalidonlySomeReasonsTest20EE.crt | Bin 0 -> 1153 bytes .../certs/InvalidonlySomeReasonsTest21EE.crt | Bin 0 -> 1153 bytes .../InvalidpathLenConstraintTest10EE.crt | Bin 0 -> 953 bytes .../InvalidpathLenConstraintTest11EE.crt | Bin 0 -> 940 bytes .../InvalidpathLenConstraintTest12EE.crt | Bin 0 -> 957 bytes .../certs/InvalidpathLenConstraintTest5EE.crt | Bin 0 -> 930 bytes .../certs/InvalidpathLenConstraintTest6EE.crt | Bin 0 -> 947 bytes .../certs/InvalidpathLenConstraintTest9EE.crt | Bin 0 -> 935 bytes .../Invalidpre2000CRLnextUpdateTest12EE.crt | Bin 0 -> 937 bytes ...Invalidpre2000UTCEEnotAfterDateTest7EE.crt | Bin 0 -> 926 bytes .../InvalidrequireExplicitPolicyTest3EE.crt | Bin 0 -> 919 bytes .../InvalidrequireExplicitPolicyTest5EE.crt | Bin 0 -> 925 bytes .../certs/LongSerialNumberCACert.crt | Bin 0 -> 910 bytes .../nist-pkits/certs/Mapping1to2CACert.crt | Bin 0 -> 960 bytes .../certs/MappingFromanyPolicyCACert.crt | Bin 0 -> 961 bytes .../certs/MappingToanyPolicyCACert.crt | Bin 0 -> 965 bytes .../certs/MissingbasicConstraintsCACert.crt | Bin 0 -> 899 bytes .../nist-pkits/certs/NameOrderingCACert.crt | Bin 0 -> 980 bytes .../certs/NegativeSerialNumberCACert.crt | Bin 0 -> 914 bytes pki/testdata/nist-pkits/certs/NoCRLCACert.crt | Bin 0 -> 898 bytes .../nist-pkits/certs/NoPoliciesCACert.crt | Bin 0 -> 878 bytes .../NoissuingDistributionPointCACert.crt | Bin 0 -> 919 bytes .../certs/OldCRLnextUpdateCACert.crt | Bin 0 -> 910 bytes .../certs/OverlappingPoliciesTest6EE.crt | Bin 0 -> 948 bytes .../nist-pkits/certs/P12Mapping1to3CACert.crt | Bin 0 -> 978 bytes .../certs/P12Mapping1to3subCACert.crt | Bin 0 -> 1000 bytes .../certs/P12Mapping1to3subsubCACert.crt | Bin 0 -> 980 bytes .../certs/P1Mapping1to234CACert.crt | Bin 0 -> 1017 bytes .../certs/P1Mapping1to234subCACert.crt | Bin 0 -> 1002 bytes .../certs/P1anyPolicyMapping1to2CACert.crt | Bin 0 -> 1329 bytes .../certs/PanyPolicyMapping1to2CACert.crt | Bin 0 -> 965 bytes .../nist-pkits/certs/PoliciesP1234CACert.crt | Bin 0 -> 964 bytes .../certs/PoliciesP1234subCAP123Cert.crt | Bin 0 -> 948 bytes .../PoliciesP1234subsubCAP123P12Cert.crt | Bin 0 -> 947 bytes .../nist-pkits/certs/PoliciesP123CACert.crt | Bin 0 -> 949 bytes .../certs/PoliciesP123subCAP12Cert.crt | Bin 0 -> 931 bytes .../certs/PoliciesP123subsubCAP12P1Cert.crt | Bin 0 -> 926 bytes .../certs/PoliciesP123subsubCAP12P2Cert.crt | Bin 0 -> 926 bytes .../PoliciesP123subsubsubCAP12P2P1Cert.crt | Bin 0 -> 936 bytes .../nist-pkits/certs/PoliciesP12CACert.crt | Bin 0 -> 934 bytes .../certs/PoliciesP12subCAP1Cert.crt | Bin 0 -> 912 bytes .../certs/PoliciesP12subsubCAP1P2Cert.crt | Bin 0 -> 922 bytes .../nist-pkits/certs/PoliciesP2subCA2Cert.crt | Bin 0 -> 918 bytes .../nist-pkits/certs/PoliciesP2subCACert.crt | Bin 0 -> 901 bytes .../nist-pkits/certs/PoliciesP3CACert.crt | Bin 0 -> 919 bytes .../RFC3280MandatoryAttributeTypesCACert.crt | Bin 0 -> 980 bytes .../RFC3280OptionalAttributeTypesCACert.crt | Bin 0 -> 992 bytes .../nist-pkits/certs/RevokedsubCACert.crt | Bin 0 -> 897 bytes ...rfromPrintableStringtoUTF8StringCACert.crt | Bin 0 -> 935 bytes ...CertificateandCRLKeysCA2CRLSigningCert.crt | Bin 0 -> 909 bytes ...eandCRLKeysCA2CertificateSigningCACert.crt | Bin 0 -> 926 bytes ...ateCertificateandCRLKeysCRLSigningCert.crt | Bin 0 -> 909 bytes ...cateandCRLKeysCertificateSigningCACert.crt | Bin 0 -> 926 bytes .../certs/TrustAnchorRootCertificate.crt | Bin 0 -> 843 bytes .../nist-pkits/certs/TwoCRLsCACert.crt | Bin 0 -> 900 bytes pki/testdata/nist-pkits/certs/UIDCACert.crt | Bin 0 -> 900 bytes .../UTF8StringCaseInsensitiveMatchCACert.crt | Bin 0 -> 925 bytes .../certs/UTF8StringEncodedNamesCACert.crt | Bin 0 -> 902 bytes .../certs/UnknownCRLEntryExtensionCACert.crt | Bin 0 -> 919 bytes .../certs/UnknownCRLExtensionCACert.crt | Bin 0 -> 913 bytes .../certs/UserNoticeQualifierTest15EE.crt | Bin 0 -> 1026 bytes .../certs/UserNoticeQualifierTest16EE.crt | Bin 0 -> 1145 bytes .../certs/UserNoticeQualifierTest17EE.crt | Bin 0 -> 1014 bytes .../certs/UserNoticeQualifierTest18EE.crt | Bin 0 -> 1240 bytes .../certs/UserNoticeQualifierTest19EE.crt | Bin 0 -> 1263 bytes ...lidBasicSelfIssuedCRLSigningKeyTest6EE.crt | Bin 0 -> 956 bytes .../ValidBasicSelfIssuedNewWithOldTest3EE.crt | Bin 0 -> 945 bytes .../ValidBasicSelfIssuedNewWithOldTest4EE.crt | Bin 0 -> 945 bytes .../ValidBasicSelfIssuedOldWithNewTest1EE.crt | Bin 0 -> 945 bytes .../certs/ValidCertificatePathTest1EE.crt | Bin 0 -> 893 bytes .../certs/ValidDNSnameConstraintsTest30EE.crt | Bin 0 -> 976 bytes .../certs/ValidDNSnameConstraintsTest32EE.crt | Bin 0 -> 976 bytes ...alidDNandRFC822nameConstraintsTest27EE.crt | Bin 0 -> 1044 bytes .../certs/ValidDNnameConstraintsTest11EE.crt | Bin 0 -> 985 bytes .../certs/ValidDNnameConstraintsTest14EE.crt | Bin 0 -> 926 bytes .../certs/ValidDNnameConstraintsTest18EE.crt | Bin 0 -> 932 bytes .../certs/ValidDNnameConstraintsTest19EE.crt | Bin 0 -> 957 bytes .../certs/ValidDNnameConstraintsTest1EE.crt | Bin 0 -> 956 bytes .../certs/ValidDNnameConstraintsTest4EE.crt | Bin 0 -> 1016 bytes .../certs/ValidDNnameConstraintsTest5EE.crt | Bin 0 -> 1109 bytes .../certs/ValidDNnameConstraintsTest6EE.crt | Bin 0 -> 956 bytes .../ValidDSAParameterInheritanceTest5EE.crt | Bin 0 -> 574 bytes .../certs/ValidDSASignaturesTest4EE.crt | Bin 0 -> 835 bytes ...idGeneralizedTimeCRLnextUpdateTest13EE.crt | Bin 0 -> 949 bytes ...alidGeneralizedTimenotAfterDateTest8EE.crt | Bin 0 -> 925 bytes ...lidGeneralizedTimenotBeforeDateTest4EE.crt | Bin 0 -> 926 bytes .../certs/ValidIDPwithindirectCRLTest22EE.crt | Bin 0 -> 923 bytes .../certs/ValidIDPwithindirectCRLTest24EE.crt | Bin 0 -> 1016 bytes .../certs/ValidIDPwithindirectCRLTest25EE.crt | Bin 0 -> 1016 bytes .../certs/ValidLongSerialNumberTest16EE.crt | Bin 0 -> 946 bytes .../certs/ValidLongSerialNumberTest17EE.crt | Bin 0 -> 946 bytes ...ValidNameChainingCapitalizationTest5EE.crt | Bin 0 -> 922 bytes .../ValidNameChainingWhitespaceTest3EE.crt | Bin 0 -> 923 bytes .../ValidNameChainingWhitespaceTest4EE.crt | Bin 0 -> 924 bytes .../nist-pkits/certs/ValidNameUIDsTest6EE.crt | Bin 0 -> 901 bytes .../ValidNegativeSerialNumberTest14EE.crt | Bin 0 -> 936 bytes ...alidNoissuingDistributionPointTest10EE.crt | Bin 0 -> 1069 bytes .../certs/ValidPolicyMappingTest11EE.crt | Bin 0 -> 936 bytes .../certs/ValidPolicyMappingTest12EE.crt | Bin 0 -> 1339 bytes .../certs/ValidPolicyMappingTest13EE.crt | Bin 0 -> 929 bytes .../certs/ValidPolicyMappingTest14EE.crt | Bin 0 -> 929 bytes .../certs/ValidPolicyMappingTest1EE.crt | Bin 0 -> 916 bytes .../certs/ValidPolicyMappingTest3EE.crt | Bin 0 -> 926 bytes .../certs/ValidPolicyMappingTest5EE.crt | Bin 0 -> 924 bytes .../certs/ValidPolicyMappingTest6EE.crt | Bin 0 -> 924 bytes .../certs/ValidPolicyMappingTest9EE.crt | Bin 0 -> 927 bytes ...dRFC3280MandatoryAttributeTypesTest7EE.crt | Bin 0 -> 1011 bytes ...idRFC3280OptionalAttributeTypesTest8EE.crt | Bin 0 -> 1022 bytes .../ValidRFC822nameConstraintsTest21EE.crt | Bin 0 -> 991 bytes .../ValidRFC822nameConstraintsTest23EE.crt | Bin 0 -> 980 bytes .../ValidRFC822nameConstraintsTest25EE.crt | Bin 0 -> 991 bytes ...romPrintableStringtoUTF8StringTest10EE.crt | Bin 0 -> 965 bytes ...ValidSelfIssuedinhibitAnyPolicyTest7EE.crt | Bin 0 -> 939 bytes ...ValidSelfIssuedinhibitAnyPolicyTest9EE.crt | Bin 0 -> 939 bytes ...dSelfIssuedinhibitPolicyMappingTest7EE.crt | Bin 0 -> 949 bytes ...lidSelfIssuedpathLenConstraintTest15EE.crt | Bin 0 -> 938 bytes ...lidSelfIssuedpathLenConstraintTest17EE.crt | Bin 0 -> 941 bytes ...SelfIssuedrequireExplicitPolicyTest6EE.crt | Bin 0 -> 920 bytes ...dSeparateCertificateandCRLKeysTest19EE.crt | Bin 0 -> 958 bytes .../nist-pkits/certs/ValidTwoCRLsTest7EE.crt | Bin 0 -> 906 bytes .../certs/ValidURInameConstraintsTest34EE.crt | Bin 0 -> 994 bytes .../certs/ValidURInameConstraintsTest36EE.crt | Bin 0 -> 997 bytes ...UTF8StringCaseInsensitiveMatchTest11EE.crt | Bin 0 -> 962 bytes .../ValidUTF8StringEncodedNamesTest9EE.crt | Bin 0 -> 924 bytes ...NotCriticalCertificateExtensionTest1EE.crt | Bin 0 -> 952 bytes ...alidbasicConstraintsNotCriticalTest4EE.crt | Bin 0 -> 948 bytes .../certs/ValidcRLIssuerTest28EE.crt | Bin 0 -> 1156 bytes .../certs/ValidcRLIssuerTest29EE.crt | Bin 0 -> 1065 bytes .../certs/ValidcRLIssuerTest30EE.crt | Bin 0 -> 1156 bytes .../certs/ValidcRLIssuerTest33EE.crt | Bin 0 -> 1134 bytes .../nist-pkits/certs/ValiddeltaCRLTest2EE.crt | Bin 0 -> 1091 bytes .../nist-pkits/certs/ValiddeltaCRLTest5EE.crt | Bin 0 -> 1091 bytes .../nist-pkits/certs/ValiddeltaCRLTest7EE.crt | Bin 0 -> 1091 bytes .../nist-pkits/certs/ValiddeltaCRLTest8EE.crt | Bin 0 -> 1091 bytes .../certs/ValiddistributionPointTest1EE.crt | Bin 0 -> 1069 bytes .../certs/ValiddistributionPointTest4EE.crt | Bin 0 -> 982 bytes .../certs/ValiddistributionPointTest5EE.crt | Bin 0 -> 982 bytes .../certs/ValiddistributionPointTest7EE.crt | Bin 0 -> 1069 bytes .../certs/ValidinhibitAnyPolicyTest2EE.crt | Bin 0 -> 931 bytes .../ValidinhibitPolicyMappingTest2EE.crt | Bin 0 -> 938 bytes .../ValidinhibitPolicyMappingTest4EE.crt | Bin 0 -> 941 bytes .../certs/ValidkeyUsageNotCriticalTest3EE.crt | Bin 0 -> 932 bytes .../ValidonlyContainsCACertsTest13EE.crt | Bin 0 -> 946 bytes .../certs/ValidonlySomeReasonsTest18EE.crt | Bin 0 -> 1035 bytes .../certs/ValidonlySomeReasonsTest19EE.crt | Bin 0 -> 1151 bytes .../certs/ValidpathLenConstraintTest13EE.crt | Bin 0 -> 938 bytes .../certs/ValidpathLenConstraintTest14EE.crt | Bin 0 -> 955 bytes .../certs/ValidpathLenConstraintTest7EE.crt | Bin 0 -> 925 bytes .../certs/ValidpathLenConstraintTest8EE.crt | Bin 0 -> 942 bytes .../Validpre2000UTCnotBeforeDateTest3EE.crt | Bin 0 -> 920 bytes .../ValidrequireExplicitPolicyTest1EE.crt | Bin 0 -> 918 bytes .../ValidrequireExplicitPolicyTest2EE.crt | Bin 0 -> 917 bytes .../ValidrequireExplicitPolicyTest4EE.crt | Bin 0 -> 942 bytes .../nist-pkits/certs/WrongCRLCACert.crt | Bin 0 -> 901 bytes .../nist-pkits/certs/anyPolicyCACert.crt | Bin 0 -> 911 bytes .../basicConstraintsCriticalcAFalseCACert.crt | Bin 0 -> 923 bytes .../basicConstraintsNotCriticalCACert.crt | Bin 0 -> 918 bytes ...sicConstraintsNotCriticalcAFalseCACert.crt | Bin 0 -> 924 bytes .../nist-pkits/certs/deltaCRLCA1Cert.crt | Bin 0 -> 901 bytes .../nist-pkits/certs/deltaCRLCA2Cert.crt | Bin 0 -> 901 bytes .../nist-pkits/certs/deltaCRLCA3Cert.crt | Bin 0 -> 901 bytes .../certs/deltaCRLIndicatorNoBaseCACert.crt | Bin 0 -> 917 bytes .../certs/distributionPoint1CACert.crt | Bin 0 -> 910 bytes .../certs/distributionPoint2CACert.crt | Bin 0 -> 910 bytes .../nist-pkits/certs/indirectCRLCA1Cert.crt | Bin 0 -> 904 bytes .../nist-pkits/certs/indirectCRLCA2Cert.crt | Bin 0 -> 904 bytes .../nist-pkits/certs/indirectCRLCA3Cert.crt | Bin 0 -> 904 bytes .../certs/indirectCRLCA3cRLIssuerCert.crt | Bin 0 -> 1010 bytes .../nist-pkits/certs/indirectCRLCA4Cert.crt | Bin 0 -> 904 bytes .../certs/indirectCRLCA4cRLIssuerCert.crt | Bin 0 -> 1144 bytes .../nist-pkits/certs/indirectCRLCA5Cert.crt | Bin 0 -> 904 bytes .../nist-pkits/certs/indirectCRLCA6Cert.crt | Bin 0 -> 904 bytes .../certs/inhibitAnyPolicy0CACert.crt | Bin 0 -> 940 bytes .../certs/inhibitAnyPolicy1CACert.crt | Bin 0 -> 940 bytes .../inhibitAnyPolicy1SelfIssuedCACert.crt | Bin 0 -> 917 bytes .../inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt | Bin 0 -> 919 bytes .../certs/inhibitAnyPolicy1subCA1Cert.crt | Bin 0 -> 915 bytes .../certs/inhibitAnyPolicy1subCA2Cert.crt | Bin 0 -> 915 bytes .../certs/inhibitAnyPolicy1subCAIAP5Cert.crt | Bin 0 -> 941 bytes .../certs/inhibitAnyPolicy1subsubCA2Cert.crt | Bin 0 -> 922 bytes .../certs/inhibitAnyPolicy5CACert.crt | Bin 0 -> 940 bytes .../certs/inhibitAnyPolicy5subCACert.crt | Bin 0 -> 937 bytes .../certs/inhibitAnyPolicy5subsubCACert.crt | Bin 0 -> 926 bytes .../certs/inhibitAnyPolicyTest3EE.crt | Bin 0 -> 921 bytes .../certs/inhibitPolicyMapping0CACert.crt | Bin 0 -> 935 bytes .../certs/inhibitPolicyMapping0subCACert.crt | Bin 0 -> 970 bytes .../certs/inhibitPolicyMapping1P12CACert.crt | Bin 0 -> 953 bytes .../inhibitPolicyMapping1P12subCACert.crt | Bin 0 -> 1018 bytes .../inhibitPolicyMapping1P12subCAIPM5Cert.crt | Bin 0 -> 973 bytes .../inhibitPolicyMapping1P12subsubCACert.crt | Bin 0 -> 998 bytes ...hibitPolicyMapping1P12subsubCAIPM5Cert.crt | Bin 0 -> 1006 bytes .../certs/inhibitPolicyMapping1P1CACert.crt | Bin 0 -> 938 bytes ...nhibitPolicyMapping1P1SelfIssuedCACert.crt | Bin 0 -> 931 bytes ...bitPolicyMapping1P1SelfIssuedsubCACert.crt | Bin 0 -> 979 bytes .../inhibitPolicyMapping1P1subCACert.crt | Bin 0 -> 976 bytes .../inhibitPolicyMapping1P1subsubCACert.crt | Bin 0 -> 982 bytes .../certs/inhibitPolicyMapping5CACert.crt | Bin 0 -> 935 bytes .../certs/inhibitPolicyMapping5subCACert.crt | Bin 0 -> 947 bytes .../inhibitPolicyMapping5subsubCACert.crt | Bin 0 -> 934 bytes .../inhibitPolicyMapping5subsubsubCACert.crt | Bin 0 -> 982 bytes .../keyUsageCriticalcRLSignFalseCACert.crt | Bin 0 -> 923 bytes ...keyUsageCriticalkeyCertSignFalseCACert.crt | Bin 0 -> 927 bytes .../certs/keyUsageNotCriticalCACert.crt | Bin 0 -> 910 bytes .../keyUsageNotCriticalcRLSignFalseCACert.crt | Bin 0 -> 924 bytes ...UsageNotCriticalkeyCertSignFalseCACert.crt | Bin 0 -> 928 bytes .../certs/nameConstraintsDN1CACert.crt | Bin 0 -> 1009 bytes .../nameConstraintsDN1SelfIssuedCACert.crt | Bin 0 -> 921 bytes .../certs/nameConstraintsDN1subCA1Cert.crt | Bin 0 -> 1079 bytes .../certs/nameConstraintsDN1subCA2Cert.crt | Bin 0 -> 1051 bytes .../certs/nameConstraintsDN1subCA3Cert.crt | Bin 0 -> 995 bytes .../certs/nameConstraintsDN2CACert.crt | Bin 0 -> 1095 bytes .../certs/nameConstraintsDN3CACert.crt | Bin 0 -> 1008 bytes .../certs/nameConstraintsDN3subCA1Cert.crt | Bin 0 -> 1022 bytes .../certs/nameConstraintsDN3subCA2Cert.crt | Bin 0 -> 995 bytes .../certs/nameConstraintsDN4CACert.crt | Bin 0 -> 1093 bytes .../certs/nameConstraintsDN5CACert.crt | Bin 0 -> 1123 bytes .../certs/nameConstraintsDNS1CACert.crt | Bin 0 -> 954 bytes .../certs/nameConstraintsDNS2CACert.crt | Bin 0 -> 957 bytes .../certs/nameConstraintsRFC822CA1Cert.crt | Bin 0 -> 958 bytes .../certs/nameConstraintsRFC822CA2Cert.crt | Bin 0 -> 957 bytes .../certs/nameConstraintsRFC822CA3Cert.crt | Bin 0 -> 957 bytes .../certs/nameConstraintsURI1CACert.crt | Bin 0 -> 955 bytes .../certs/nameConstraintsURI2CACert.crt | Bin 0 -> 957 bytes .../onlyContainsAttributeCertsCACert.crt | Bin 0 -> 918 bytes .../certs/onlyContainsCACertsCACert.crt | Bin 0 -> 911 bytes .../certs/onlyContainsUserCertsCACert.crt | Bin 0 -> 913 bytes .../certs/onlySomeReasonsCA1Cert.crt | Bin 0 -> 908 bytes .../certs/onlySomeReasonsCA2Cert.crt | Bin 0 -> 908 bytes .../certs/onlySomeReasonsCA3Cert.crt | Bin 0 -> 908 bytes .../certs/onlySomeReasonsCA4Cert.crt | Bin 0 -> 908 bytes .../certs/pathLenConstraint0CACert.crt | Bin 0 -> 913 bytes .../pathLenConstraint0SelfIssuedCACert.crt | Bin 0 -> 919 bytes .../certs/pathLenConstraint0subCA2Cert.crt | Bin 0 -> 923 bytes .../certs/pathLenConstraint0subCACert.crt | Bin 0 -> 922 bytes .../certs/pathLenConstraint1CACert.crt | Bin 0 -> 913 bytes .../pathLenConstraint1SelfIssuedCACert.crt | Bin 0 -> 919 bytes .../pathLenConstraint1SelfIssuedsubCACert.crt | Bin 0 -> 925 bytes .../certs/pathLenConstraint1subCACert.crt | Bin 0 -> 922 bytes .../certs/pathLenConstraint6CACert.crt | Bin 0 -> 913 bytes .../certs/pathLenConstraint6subCA0Cert.crt | Bin 0 -> 926 bytes .../certs/pathLenConstraint6subCA1Cert.crt | Bin 0 -> 926 bytes .../certs/pathLenConstraint6subCA4Cert.crt | Bin 0 -> 926 bytes .../pathLenConstraint6subsubCA00Cert.crt | Bin 0 -> 934 bytes .../pathLenConstraint6subsubCA11Cert.crt | Bin 0 -> 934 bytes .../pathLenConstraint6subsubCA41Cert.crt | Bin 0 -> 934 bytes .../pathLenConstraint6subsubsubCA11XCert.crt | Bin 0 -> 939 bytes .../pathLenConstraint6subsubsubCA41XCert.crt | Bin 0 -> 939 bytes .../certs/pre2000CRLnextUpdateCACert.crt | Bin 0 -> 914 bytes .../certs/requireExplicitPolicy0CACert.crt | Bin 0 -> 933 bytes .../certs/requireExplicitPolicy0subCACert.crt | Bin 0 -> 930 bytes .../requireExplicitPolicy0subsubCACert.crt | Bin 0 -> 936 bytes .../requireExplicitPolicy0subsubsubCACert.crt | Bin 0 -> 942 bytes .../certs/requireExplicitPolicy10CACert.crt | Bin 0 -> 934 bytes .../requireExplicitPolicy10subCACert.crt | Bin 0 -> 932 bytes .../requireExplicitPolicy10subsubCACert.crt | Bin 0 -> 938 bytes ...requireExplicitPolicy10subsubsubCACert.crt | Bin 0 -> 944 bytes .../certs/requireExplicitPolicy2CACert.crt | Bin 0 -> 933 bytes ...requireExplicitPolicy2SelfIssuedCACert.crt | Bin 0 -> 927 bytes ...uireExplicitPolicy2SelfIssuedsubCACert.crt | Bin 0 -> 933 bytes .../certs/requireExplicitPolicy2subCACert.crt | Bin 0 -> 930 bytes .../certs/requireExplicitPolicy4CACert.crt | Bin 0 -> 933 bytes .../certs/requireExplicitPolicy4subCACert.crt | Bin 0 -> 930 bytes .../requireExplicitPolicy4subsubCACert.crt | Bin 0 -> 936 bytes .../requireExplicitPolicy4subsubsubCACert.crt | Bin 0 -> 942 bytes .../certs/requireExplicitPolicy5CACert.crt | Bin 0 -> 933 bytes .../certs/requireExplicitPolicy5subCACert.crt | Bin 0 -> 930 bytes .../requireExplicitPolicy5subsubCACert.crt | Bin 0 -> 936 bytes .../requireExplicitPolicy5subsubsubCACert.crt | Bin 0 -> 942 bytes .../certs/requireExplicitPolicy7CACert.crt | Bin 0 -> 933 bytes .../requireExplicitPolicy7subCARE2Cert.crt | Bin 0 -> 952 bytes ...quireExplicitPolicy7subsubCARE2RE4Cert.crt | Bin 0 -> 964 bytes ...reExplicitPolicy7subsubsubCARE2RE4Cert.crt | Bin 0 -> 954 bytes .../nist-pkits/crls/BadCRLIssuerNameCACRL.crl | Bin 0 -> 464 bytes .../nist-pkits/crls/BadCRLSignatureCACRL.crl | Bin 0 -> 459 bytes .../nist-pkits/crls/BadSignedCACRL.crl | Bin 0 -> 452 bytes .../nist-pkits/crls/BadnotAfterDateCACRL.crl | Bin 0 -> 459 bytes .../nist-pkits/crls/BadnotBeforeDateCACRL.crl | Bin 0 -> 460 bytes .../BasicSelfIssuedCRLSigningKeyCACRL.crl | Bin 0 -> 511 bytes ...BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl | Bin 0 -> 618 bytes .../crls/BasicSelfIssuedNewKeyCACRL.crl | Bin 0 -> 503 bytes .../crls/BasicSelfIssuedOldKeyCACRL.crl | Bin 0 -> 503 bytes ...BasicSelfIssuedOldKeySelfIssuedCertCRL.crl | Bin 0 -> 602 bytes pki/testdata/nist-pkits/crls/DSACACRL.crl | Bin 0 -> 225 bytes .../crls/DSAParametersInheritedCACRL.crl | Bin 0 -> 245 bytes .../GeneralizedTimeCRLnextUpdateCACRL.crl | Bin 0 -> 472 bytes pki/testdata/nist-pkits/crls/GoodCACRL.crl | Bin 0 -> 516 bytes pki/testdata/nist-pkits/crls/GoodsubCACRL.crl | Bin 0 -> 449 bytes .../GoodsubCAPanyPolicyMapping1to2CACRL.crl | Bin 0 -> 473 bytes .../nist-pkits/crls/LongSerialNumberCACRL.crl | Bin 0 -> 515 bytes .../nist-pkits/crls/Mapping1to2CACRL.crl | Bin 0 -> 454 bytes .../crls/MappingFromanyPolicyCACRL.crl | Bin 0 -> 464 bytes .../crls/MappingToanyPolicyCACRL.crl | Bin 0 -> 462 bytes .../crls/MissingbasicConstraintsCACRL.crl | Bin 0 -> 466 bytes .../nist-pkits/crls/NameOrderCACRL.crl | Bin 0 -> 530 bytes .../crls/NegativeSerialNumberCACRL.crl | Bin 0 -> 500 bytes .../nist-pkits/crls/NoPoliciesCACRL.crl | Bin 0 -> 453 bytes .../crls/NoissuingDistributionPointCACRL.crl | Bin 0 -> 469 bytes .../nist-pkits/crls/OldCRLnextUpdateCACRL.crl | Bin 0 -> 460 bytes .../nist-pkits/crls/P12Mapping1to3CACRL.crl | Bin 0 -> 458 bytes .../crls/P12Mapping1to3subCACRL.crl | Bin 0 -> 461 bytes .../crls/P12Mapping1to3subsubCACRL.crl | Bin 0 -> 464 bytes .../nist-pkits/crls/P1Mapping1to234CACRL.crl | Bin 0 -> 459 bytes .../crls/P1Mapping1to234subCACRL.crl | Bin 0 -> 462 bytes .../crls/P1anyPolicyMapping1to2CACRL.crl | Bin 0 -> 466 bytes .../crls/PanyPolicyMapping1to2CACRL.crl | Bin 0 -> 465 bytes .../nist-pkits/crls/PoliciesP1234CACRL.crl | Bin 0 -> 456 bytes .../crls/PoliciesP1234subCAP123CRL.crl | Bin 0 -> 463 bytes .../crls/PoliciesP1234subsubCAP123P12CRL.crl | Bin 0 -> 469 bytes .../nist-pkits/crls/PoliciesP123CACRL.crl | Bin 0 -> 455 bytes .../crls/PoliciesP123subCAP12CRL.crl | Bin 0 -> 461 bytes .../crls/PoliciesP123subsubCAP12P1CRL.crl | Bin 0 -> 466 bytes .../crls/PoliciesP123subsubCAP2P2CRL.crl | Bin 0 -> 466 bytes .../PoliciesP123subsubsubCAP12P2P1CRL.crl | Bin 0 -> 471 bytes .../nist-pkits/crls/PoliciesP12CACRL.crl | Bin 0 -> 454 bytes .../nist-pkits/crls/PoliciesP12subCAP1CRL.crl | Bin 0 -> 459 bytes .../crls/PoliciesP12subsubCAP1P2CRL.crl | Bin 0 -> 464 bytes .../nist-pkits/crls/PoliciesP2subCA2CRL.crl | Bin 0 -> 457 bytes .../nist-pkits/crls/PoliciesP2subCACRL.crl | Bin 0 -> 456 bytes .../nist-pkits/crls/PoliciesP3CACRL.crl | Bin 0 -> 453 bytes .../RFC3280MandatoryAttributeTypesCACRL.crl | Bin 0 -> 530 bytes .../RFC3280OptionalAttributeTypesCACRL.crl | Bin 0 -> 543 bytes .../nist-pkits/crls/RevokedsubCACRL.crl | Bin 0 -> 452 bytes ...erfromPrintableStringtoUTF8StringCACRL.crl | Bin 0 -> 485 bytes .../SeparateCertificateandCRLKeysCA2CRL.crl | Bin 0 -> 476 bytes .../crls/SeparateCertificateandCRLKeysCRL.crl | Bin 0 -> 512 bytes .../nist-pkits/crls/TrustAnchorRootCRL.crl | Bin 0 -> 487 bytes .../nist-pkits/crls/TwoCRLsCABadCRL.crl | Bin 0 -> 498 bytes .../nist-pkits/crls/TwoCRLsCAGoodCRL.crl | Bin 0 -> 450 bytes pki/testdata/nist-pkits/crls/UIDCACRL.crl | Bin 0 -> 445 bytes .../UTF8StringCaseInsensitiveMatchCACRL.crl | Bin 0 -> 475 bytes .../crls/UTF8StringEncodedNamesCACRL.crl | Bin 0 -> 452 bytes .../crls/UnknownCRLEntryExtensionCACRL.crl | Bin 0 -> 526 bytes .../crls/UnknownCRLExtensionCACRL.crl | Bin 0 -> 520 bytes .../nist-pkits/crls/WrongCRLCACRL.crl | Bin 0 -> 487 bytes .../nist-pkits/crls/anyPolicyCACRL.crl | Bin 0 -> 451 bytes .../basicConstraintsCriticalcAFalseCACRL.crl | Bin 0 -> 476 bytes .../crls/basicConstraintsNotCriticalCACRL.crl | Bin 0 -> 471 bytes ...asicConstraintsNotCriticalcAFalseCACRL.crl | Bin 0 -> 480 bytes .../nist-pkits/crls/deltaCRLCA1CRL.crl | Bin 0 -> 648 bytes .../nist-pkits/crls/deltaCRLCA1deltaCRL.crl | Bin 0 -> 606 bytes .../nist-pkits/crls/deltaCRLCA2CRL.crl | Bin 0 -> 580 bytes .../nist-pkits/crls/deltaCRLCA2deltaCRL.crl | Bin 0 -> 502 bytes .../nist-pkits/crls/deltaCRLCA3CRL.crl | Bin 0 -> 544 bytes .../nist-pkits/crls/deltaCRLCA3deltaCRL.crl | Bin 0 -> 466 bytes .../crls/deltaCRLIndicatorNoBaseCACRL.crl | Bin 0 -> 482 bytes .../crls/distributionPoint1CACRL.crl | Bin 0 -> 641 bytes .../crls/distributionPoint2CACRL.crl | Bin 0 -> 553 bytes .../nist-pkits/crls/indirectCRLCA1CRL.crl | Bin 0 -> 507 bytes .../nist-pkits/crls/indirectCRLCA3CRL.crl | Bin 0 -> 566 bytes .../crls/indirectCRLCA3cRLIssuerCRL.crl | Bin 0 -> 622 bytes .../crls/indirectCRLCA4cRLIssuerCRL.crl | Bin 0 -> 622 bytes .../nist-pkits/crls/indirectCRLCA5CRL.crl | Bin 0 -> 1577 bytes .../crls/inhibitAnyPolicy0CACRL.crl | Bin 0 -> 459 bytes .../crls/inhibitAnyPolicy1CACRL.crl | Bin 0 -> 459 bytes .../crls/inhibitAnyPolicy1subCA1CRL.crl | Bin 0 -> 463 bytes .../crls/inhibitAnyPolicy1subCA2CRL.crl | Bin 0 -> 463 bytes .../crls/inhibitAnyPolicy1subCAIAP5CRL.crl | Bin 0 -> 466 bytes .../crls/inhibitAnyPolicy1subsubCA2CRL.crl | Bin 0 -> 466 bytes .../crls/inhibitAnyPolicy5CACRL.crl | Bin 0 -> 459 bytes .../crls/inhibitAnyPolicy5subCACRL.crl | Bin 0 -> 462 bytes .../crls/inhibitAnyPolicy5subsubCACRL.crl | Bin 0 -> 465 bytes .../crls/inhibitPolicyMapping0CACRL.crl | Bin 0 -> 463 bytes .../crls/inhibitPolicyMapping0subCACRL.crl | Bin 0 -> 466 bytes .../crls/inhibitPolicyMapping1P12CACRL.crl | Bin 0 -> 467 bytes .../crls/inhibitPolicyMapping1P12subCACRL.crl | Bin 0 -> 470 bytes .../inhibitPolicyMapping1P12subCAIPM5CRL.crl | Bin 0 -> 474 bytes .../inhibitPolicyMapping1P12subsubCACRL.crl | Bin 0 -> 473 bytes ...nhibitPolicyMapping1P12subsubCAIPM5CRL.crl | Bin 0 -> 477 bytes .../crls/inhibitPolicyMapping1P1CACRL.crl | Bin 0 -> 466 bytes .../crls/inhibitPolicyMapping1P1subCACRL.crl | Bin 0 -> 469 bytes .../inhibitPolicyMapping1P1subsubCACRL.crl | Bin 0 -> 472 bytes .../crls/inhibitPolicyMapping5CACRL.crl | Bin 0 -> 463 bytes .../crls/inhibitPolicyMapping5subCACRL.crl | Bin 0 -> 466 bytes .../crls/inhibitPolicyMapping5subsubCACRL.crl | Bin 0 -> 469 bytes .../inhibitPolicyMapping5subsubsubCACRL.crl | Bin 0 -> 472 bytes .../keyUsageCriticalcRLSignFalseCACRL.crl | Bin 0 -> 473 bytes .../keyUsageCriticalkeyCertSignFalseCACRL.crl | Bin 0 -> 477 bytes .../crls/keyUsageNotCriticalCACRL.crl | Bin 0 -> 463 bytes .../keyUsageNotCriticalcRLSignFalseCACRL.crl | Bin 0 -> 477 bytes ...yUsageNotCriticalkeyCertSignFalseCACRL.crl | Bin 0 -> 481 bytes .../crls/nameConstraintsDN1CACRL.crl | Bin 0 -> 461 bytes .../crls/nameConstraintsDN1subCA1CRL.crl | Bin 0 -> 493 bytes .../crls/nameConstraintsDN1subCA2CRL.crl | Bin 0 -> 493 bytes .../crls/nameConstraintsDN1subCA3CRL.crl | Bin 0 -> 493 bytes .../crls/nameConstraintsDN2CACRL.crl | Bin 0 -> 461 bytes .../crls/nameConstraintsDN3CACRL.crl | Bin 0 -> 461 bytes .../crls/nameConstraintsDN3subCA1CRL.crl | Bin 0 -> 465 bytes .../crls/nameConstraintsDN3subCA2CRL.crl | Bin 0 -> 465 bytes .../crls/nameConstraintsDN4CACRL.crl | Bin 0 -> 461 bytes .../crls/nameConstraintsDN5CACRL.crl | Bin 0 -> 461 bytes .../crls/nameConstraintsDNS1CACRL.crl | Bin 0 -> 462 bytes .../crls/nameConstraintsDNS2CACRL.crl | Bin 0 -> 462 bytes .../crls/nameConstraintsRFC822CA1CRL.crl | Bin 0 -> 465 bytes .../crls/nameConstraintsRFC822CA2CRL.crl | Bin 0 -> 465 bytes .../crls/nameConstraintsRFC822CA3CRL.crl | Bin 0 -> 465 bytes .../crls/nameConstraintsURI1CACRL.crl | Bin 0 -> 462 bytes .../crls/nameConstraintsURI2CACRL.crl | Bin 0 -> 462 bytes .../crls/onlyContainsAttributeCertsCACRL.crl | Bin 0 -> 485 bytes .../crls/onlyContainsCACertsCACRL.crl | Bin 0 -> 478 bytes .../crls/onlyContainsUserCertsCACRL.crl | Bin 0 -> 480 bytes .../crls/onlySomeReasonsCA1compromiseCRL.crl | Bin 0 -> 512 bytes .../onlySomeReasonsCA1otherreasonsCRL.crl | Bin 0 -> 513 bytes .../crls/onlySomeReasonsCA2CRL1.crl | Bin 0 -> 476 bytes .../crls/onlySomeReasonsCA2CRL2.crl | Bin 0 -> 476 bytes .../crls/onlySomeReasonsCA3compromiseCRL.crl | Bin 0 -> 577 bytes .../onlySomeReasonsCA3otherreasonsCRL.crl | Bin 0 -> 578 bytes .../crls/onlySomeReasonsCA4compromiseCRL.crl | Bin 0 -> 614 bytes .../onlySomeReasonsCA4otherreasonsCRL.crl | Bin 0 -> 615 bytes .../crls/pathLenConstraint0CACRL.crl | Bin 0 -> 460 bytes .../crls/pathLenConstraint0subCA2CRL.crl | Bin 0 -> 464 bytes .../crls/pathLenConstraint0subCACRL.crl | Bin 0 -> 463 bytes .../crls/pathLenConstraint1CACRL.crl | Bin 0 -> 460 bytes .../crls/pathLenConstraint1subCACRL.crl | Bin 0 -> 463 bytes .../crls/pathLenConstraint6CACRL.crl | Bin 0 -> 460 bytes .../crls/pathLenConstraint6subCA0CRL.crl | Bin 0 -> 464 bytes .../crls/pathLenConstraint6subCA1CRL.crl | Bin 0 -> 464 bytes .../crls/pathLenConstraint6subCA4CRL.crl | Bin 0 -> 464 bytes .../crls/pathLenConstraint6subsubCA00CRL.crl | Bin 0 -> 468 bytes .../crls/pathLenConstraint6subsubCA11CRL.crl | Bin 0 -> 468 bytes .../crls/pathLenConstraint6subsubCA41CRL.crl | Bin 0 -> 468 bytes .../pathLenConstraint6subsubsubCA11XCRL.crl | Bin 0 -> 472 bytes .../pathLenConstraint6subsubsubCA41XCRL.crl | Bin 0 -> 472 bytes .../crls/pre2000CRLnextUpdateCACRL.crl | Bin 0 -> 464 bytes .../crls/requireExplicitPolicy0CACRL.crl | Bin 0 -> 464 bytes .../crls/requireExplicitPolicy0subCACRL.crl | Bin 0 -> 467 bytes .../requireExplicitPolicy0subsubCACRL.crl | Bin 0 -> 470 bytes .../requireExplicitPolicy0subsubsubCACRL.crl | Bin 0 -> 473 bytes .../crls/requireExplicitPolicy10CACRL.crl | Bin 0 -> 465 bytes .../crls/requireExplicitPolicy10subCACRL.crl | Bin 0 -> 468 bytes .../requireExplicitPolicy10subsubCACRL.crl | Bin 0 -> 471 bytes .../requireExplicitPolicy10subsubsubCACRL.crl | Bin 0 -> 474 bytes .../crls/requireExplicitPolicy2CACRL.crl | Bin 0 -> 464 bytes .../crls/requireExplicitPolicy2subCACRL.crl | Bin 0 -> 467 bytes .../crls/requireExplicitPolicy4CACRL.crl | Bin 0 -> 464 bytes .../crls/requireExplicitPolicy4subCACRL.crl | Bin 0 -> 467 bytes .../requireExplicitPolicy4subsubCACRL.crl | Bin 0 -> 470 bytes .../requireExplicitPolicy4subsubsubCACRL.crl | Bin 0 -> 473 bytes .../crls/requireExplicitPolicy5CACRL.crl | Bin 0 -> 464 bytes .../crls/requireExplicitPolicy5subCACRL.crl | Bin 0 -> 467 bytes .../requireExplicitPolicy5subsubCACRL.crl | Bin 0 -> 470 bytes .../requireExplicitPolicy5subsubsubCACRL.crl | Bin 0 -> 473 bytes .../crls/requireExplicitPolicy7CACRL.crl | Bin 0 -> 464 bytes .../requireExplicitPolicy7subCARE2CRL.crl | Bin 0 -> 470 bytes ...equireExplicitPolicy7subsubCARE2RE4CRL.crl | Bin 0 -> 476 bytes ...ireExplicitPolicy7subsubsubCARE2RE4CRL.crl | Bin 0 -> 479 bytes pki/testdata/nist-pkits/generate_tests.py | 1259 + pki/testdata/nist-pkits/pkits_testcases-inl.h | 4201 ++ .../nist-pkits/test_bundle_data.filelist | 584 + .../nist-pkits/test_bundle_data.globlist | 9 + .../ocsp_unittest/annotate_test_data.py | 217 + pki/testdata/ocsp_unittest/bad_ocsp_type.pem | 146 + pki/testdata/ocsp_unittest/bad_signature.pem | 133 + pki/testdata/ocsp_unittest/bad_status.pem | 115 + pki/testdata/ocsp_unittest/good_response.pem | 142 + .../good_response_next_update.pem | 143 + .../ocsp_unittest/good_response_sha256.pem | 142 + .../has_critical_ct_extension.pem | 146 + .../has_critical_response_extension.pem | 146 + .../has_critical_single_extension.pem | 146 + pki/testdata/ocsp_unittest/has_extension.pem | 145 + .../ocsp_unittest/has_single_extension.pem | 145 + pki/testdata/ocsp_unittest/has_version.pem | 142 + pki/testdata/ocsp_unittest/make_ocsp.py | 446 + .../ocsp_unittest/malformed_request.pem | 115 + .../ocsp_unittest/missing_response.pem | 133 + .../ocsp_unittest/multiple_response.pem | 152 + pki/testdata/ocsp_unittest/no_response.pem | 133 + .../ocsp_unittest/ocsp_extra_certs.pem | 250 + .../ocsp_unittest/ocsp_sign_bad_indirect.pem | 195 + .../ocsp_unittest/ocsp_sign_direct.pem | 142 + .../ocsp_unittest/ocsp_sign_indirect.pem | 198 + .../ocsp_sign_indirect_missing.pem | 142 + pki/testdata/ocsp_unittest/other_response.pem | 153 + pki/testdata/ocsp_unittest/responder_id.pem | 142 + pki/testdata/ocsp_unittest/responder_name.pem | 142 + .../ocsp_unittest/revoke_response.pem | 143 + .../ocsp_unittest/revoke_response_reason.pem | 145 + .../ocsp_unittest/unknown_response.pem | 142 + .../empty_sequence.pem | 6 + ...xtra_contents_after_extension_sequence.pem | 11 + ...extra_contents_after_issuer_and_serial.pem | 24 + .../authority_key_identifier/generate.py | 180 + .../invalid_contents.pem | 10 + .../invalid_issuer.pem | 12 + .../invalid_key_identifier.pem | 11 + .../invalid_serial.pem | 13 + .../issuer_and_serial.pem | 23 + .../authority_key_identifier/issuer_only.pem | 22 + .../key_identifier.pem | 10 + .../key_identifier_and_issuer_and_serial.pem | 24 + .../authority_key_identifier/serial_only.pem | 10 + .../url_issuer_and_serial.pem | 13 + .../authority_key_identifier_not_sequence.pem | 20 + .../bad_key_usage.pem | 33 + .../bad_policy_qualifiers.pem | 30 + .../bad_signature_algorithm_oid.pem | 29 + .../bad_validity.pem | 35 + .../basic_constraints_ca_false.pem | 10 + .../basic_constraints_ca_no_path.pem | 10 + .../basic_constraints_ca_path_9.pem | 11 + .../basic_constraints_negative_path.pem | 17 + .../basic_constraints_not_ca.pem | 8 + .../basic_constraints_path_too_large.pem | 17 + .../basic_constraints_pathlen_255.pem | 11 + .../basic_constraints_pathlen_256.pem | 17 + .../basic_constraints_pathlen_not_ca.pem | 10 + .../basic_constraints_unconsumed_data.pem | 16 + .../cert_algorithm_not_sequence.pem | 19 + .../cert_data_after_signature.pem | 21 + .../cert_empty_sequence.pem | 15 + .../cert_missing_signature.pem | 19 + .../cert_not_sequence.pem | 15 + .../cert_signature_not_bit_string.pem | 20 + .../cert_skeleton.pem | 35 + .../cert_version3.pem | 252 + .../crldp_1uri_noissuer.pem | 28 + .../crldp_3uri_noissuer.pem | 32 + .../crldp_full_name_as_dirname.pem | 52 + .../crldp_issuer_as_dirname.pem | 90 + .../extended_key_usage.pem | 21 + .../extension_critical.pem | 17 + .../extension_critical_0.pem | 26 + .../extension_critical_3.pem | 26 + .../extension_not_critical.pem | 17 + .../extensions_data_after_sequence.pem | 24 + .../extensions_duplicate_key_usage.pem | 31 + .../extensions_empty_sequence.pem | 14 + .../extensions_not_sequence.pem | 15 + .../extensions_real.pem | 85 + .../failed_signature_algorithm.pem | 27 + .../inhibit_any_policy.pem | 14 + .../issuer_bad_printable_string.pem | 35 + .../parse_certificate_unittest/key_usage.pem | 15 + .../name_constraints_bad_ip.pem | 50 + .../parse_certificate_unittest/policies.pem | 27 + .../policy_constraints_empty.pem | 21 + .../policy_constraints_inhibit.pem | 16 + .../policy_constraints_inhibit_require.pem | 17 + .../policy_constraints_require.pem | 16 + .../policy_qualifiers_empty_sequence.pem | 33 + .../rebase-errors.py | 149 + .../regenerate_pem_from_ascii.py | 104 + .../serial_37_bytes.pem | 21 + .../serial_negative.pem | 18 + .../serial_not_minimal.pem | 19 + .../serial_not_number.pem | 19 + .../serial_zero.pem | 19 + .../serial_zero_padded.pem | 13 + .../serial_zero_padded_21_bytes.pem | 22 + .../signature_algorithm_null.pem | 16 + .../subject_alt_name.pem | 16 + ...ject_blank_subjectaltname_not_critical.pem | 38 + ...ubject_key_identifier_not_octet_string.pem | 19 + .../subject_not_ascii.pem | 26 + .../subject_not_printable_string.pem | 41 + ...ble_string_containing_utf8_client_cert.pem | 71 + .../subject_t61string.pem | 35 + .../subject_t61string_1-32.pem | 35 + .../subject_t61string_126-160.pem | 36 + .../subject_t61string_actual.pem | 44 + .../subjectaltname_bad_ip.pem | 38 + .../subjectaltname_dns_not_ascii.pem | 34 + ...ctaltname_general_names_empty_sequence.pem | 39 + .../subjectaltname_trailing_data.pem | 38 + .../tbs_explicit_v1.pem | 30 + .../parse_certificate_unittest/tbs_v1.pem | 65 + .../tbs_v1_extensions.pem | 31 + .../tbs_v2_extensions.pem | 33 + .../tbs_v2_issuer_and_subject_unique_id.pem | 78 + .../tbs_v2_issuer_unique_id.pem | 72 + .../tbs_v2_no_optionals.pem | 67 + .../tbs_v3_all_optionals.pem | 87 + .../tbs_v3_data_after_extensions.pem | 34 + .../tbs_v3_extensions.pem | 79 + .../tbs_v3_extensions_not_sequence.pem | 26 + .../tbs_v3_no_optionals.pem | 70 + .../tbs_v3_real.pem | 251 + .../parse_certificate_unittest/tbs_v4.pem | 30 + .../tbs_validity_both_generalized_time.pem | 69 + .../tbs_validity_both_utc_time.pem | 69 + ...validity_generalized_time_and_utc_time.pem | 69 + .../tbs_validity_relaxed.pem | 147 + ...validity_utc_time_and_generalized_time.pem | 69 + .../v1_explicit_version.pem | 23 + .../v3_certificate_template.pk8 | Bin 0 -> 636 bytes .../v3_certificate_template.txt | 141 + .../generate-certs.py | 63 + .../int_match_name_only.pem | 93 + .../int_matching.pem | 93 + .../int_mismatch.pem | 93 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Root2.key | 28 + .../keys/Target.key | 28 + .../root.pem | 93 + .../root2.pem | 93 + .../target.pem | 95 + .../key_id_prioritization/generate-certs.py | 122 + .../int_different_ski_a.pem | 93 + .../int_different_ski_b.pem | 93 + .../int_different_ski_c.pem | 93 + .../int_matching_ski_a.pem | 93 + .../int_matching_ski_b.pem | 93 + .../int_matching_ski_c.pem | 93 + .../key_id_prioritization/int_no_ski_a.pem | 87 + .../key_id_prioritization/int_no_ski_b.pem | 87 + .../key_id_prioritization/int_no_ski_c.pem | 87 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../key_id_prioritization/keys/Root.key | 28 + .../key_id_prioritization/keys/Target.key | 28 + .../key_id_prioritization/root.pem | 93 + .../key_id_prioritization/target.pem | 94 + .../generate-certs.py | 38 + .../self_issued_prioritization/keys/Root1.key | 28 + .../self_issued_prioritization/keys/Root2.key | 28 + .../keys/Target.key | 28 + .../self_issued_prioritization/root1.pem | 93 + .../root1_cross.pem | 93 + .../self_issued_prioritization/root2.pem | 93 + .../self_issued_prioritization/target.pem | 93 + .../generate-certs.py | 54 + .../validity_date_prioritization/int_ac.pem | 93 + .../validity_date_prioritization/int_ad.pem | 93 + .../validity_date_prioritization/int_bc.pem | 93 + .../validity_date_prioritization/int_bd.pem | 93 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../validity_date_prioritization/root.pem | 93 + .../validity_date_prioritization/target.pem | 94 + .../1024-rsa-ee-by-1024-rsa-intermediate.pem | 61 + .../1024-rsa-ee-by-2048-rsa-intermediate.pem | 71 + .../1024-rsa-ee-by-768-rsa-intermediate.pem | 58 + ...sa-ee-by-prime256v1-ecdsa-intermediate.pem | 56 + .../certificates/1024-rsa-intermediate.pem | 63 + .../ssl/certificates/10_year_validity.pem | 85 + .../ssl/certificates/11_year_validity.pem | 85 + .../certificates/2029_globalsign_com_cert.pem | 31 + .../2048-rsa-ee-by-1024-rsa-intermediate.pem | 73 + .../2048-rsa-ee-by-2048-rsa-intermediate.pem | 82 + .../2048-rsa-ee-by-768-rsa-intermediate.pem | 70 + ...sa-ee-by-prime256v1-ecdsa-intermediate.pem | 67 + .../certificates/2048-rsa-intermediate.pem | 75 + .../ssl/certificates/2048-rsa-root.pem | 75 + .../398_days_1_second_after_2020_09_01.pem | 85 + .../398_days_after_2020_09_01.pem | 85 + .../399_days_after_2020_09_01.pem | 85 + .../certificates/39_months_after_2015_04.pem | 85 + .../39_months_based_on_last_day.pem | 85 + .../certificates/40_months_after_2015_04.pem | 85 + .../certificates/60_months_after_2012_07.pem | 85 + .../certificates/61_months_after_2012_07.pem | 85 + .../768-rsa-ee-by-1024-rsa-intermediate.pem | 58 + .../768-rsa-ee-by-2048-rsa-intermediate.pem | 68 + .../768-rsa-ee-by-768-rsa-intermediate.pem | 55 + ...sa-ee-by-prime256v1-ecdsa-intermediate.pem | 53 + .../ssl/certificates/768-rsa-intermediate.pem | 60 + .../825_days_1_second_after_2018_03_01.pem | 85 + .../825_days_after_2018_03_01.pem | 85 + .../826_days_after_2018_03_01.pem | 85 + .../900_days_after_2019_07_01.pem | 85 + pki/testdata/ssl/certificates/BUILD.gn | 13 + pki/testdata/ssl/certificates/README | 325 + .../ssl/certificates/bad_validity.pem | 112 + ...an_sign_http_exchanges_draft_extension.pem | 22 + ...http_exchanges_draft_extension_invalid.pem | 22 + .../certificates/client-empty-password.p12 | Bin 0 -> 2367 bytes .../ssl/certificates/client-nokey.p12 | Bin 0 -> 895 bytes .../ssl/certificates/client-null-password.p12 | Bin 0 -> 2364 bytes pki/testdata/ssl/certificates/client.p12 | Bin 0 -> 1701 bytes pki/testdata/ssl/certificates/client_1.key | 28 + pki/testdata/ssl/certificates/client_1.pem | 78 + pki/testdata/ssl/certificates/client_1.pk8 | Bin 0 -> 1218 bytes pki/testdata/ssl/certificates/client_1_ca.pem | 78 + pki/testdata/ssl/certificates/client_2.key | 28 + pki/testdata/ssl/certificates/client_2.pem | 78 + pki/testdata/ssl/certificates/client_2.pk8 | Bin 0 -> 1216 bytes pki/testdata/ssl/certificates/client_2_ca.pem | 78 + pki/testdata/ssl/certificates/client_3.key | 28 + pki/testdata/ssl/certificates/client_3.pem | 77 + pki/testdata/ssl/certificates/client_3.pk8 | Bin 0 -> 1218 bytes pki/testdata/ssl/certificates/client_3_ca.pem | 78 + pki/testdata/ssl/certificates/client_4.key | 5 + pki/testdata/ssl/certificates/client_4.pem | 62 + pki/testdata/ssl/certificates/client_4.pk8 | Bin 0 -> 138 bytes pki/testdata/ssl/certificates/client_4_ca.pem | 78 + pki/testdata/ssl/certificates/client_5.key | 6 + pki/testdata/ssl/certificates/client_5.pem | 64 + pki/testdata/ssl/certificates/client_5.pk8 | Bin 0 -> 185 bytes pki/testdata/ssl/certificates/client_5_ca.pem | 78 + pki/testdata/ssl/certificates/client_6.key | 7 + pki/testdata/ssl/certificates/client_6.pem | 67 + pki/testdata/ssl/certificates/client_6.pk8 | Bin 0 -> 241 bytes pki/testdata/ssl/certificates/client_6_ca.pem | 78 + pki/testdata/ssl/certificates/client_7.key | 16 + pki/testdata/ssl/certificates/client_7.pem | 66 + pki/testdata/ssl/certificates/client_7.pk8 | Bin 0 -> 636 bytes pki/testdata/ssl/certificates/client_7_ca.pem | 78 + .../ssl/certificates/client_root_ca.pem | 18 + .../ssl/certificates/common_name_only.pem | 111 + .../certificates/crit-codeSigning-chain.pem | 110 + ...t_blocked_interception_by_intermediate.raw | Bin 0 -> 224 bytes .../crlset_blocked_interception_by_root.raw | Bin 0 -> 224 bytes .../crlset_by_intermediate_serial.raw | Bin 0 -> 231 bytes .../ssl/certificates/crlset_by_leaf_spki.raw | Bin 0 -> 224 bytes .../crlset_by_leaf_subject_no_spki.raw | Bin 0 -> 228 bytes .../certificates/crlset_by_root_serial.raw | Bin 0 -> 231 bytes .../ssl/certificates/crlset_by_root_spki.raw | Bin 0 -> 224 bytes .../certificates/crlset_by_root_subject.raw | 1 + .../crlset_by_root_subject_no_spki.raw | Bin 0 -> 228 bytes .../crlset_known_interception_by_root.raw | Bin 0 -> 224 bytes .../ssl/certificates/cross-signed-leaf.pem | 82 + .../certificates/cross-signed-root-md5.pem | 75 + .../certificates/cross-signed-root-sha256.pem | 75 + .../certificates/ct-test-embedded-cert.pem | 126 + ...-test-embedded-with-intermediate-chain.pem | 188 + ...embedded-with-intermediate-preca-chain.pem | 188 + .../ct-test-embedded-with-preca-chain.pem | 126 + .../ct-test-embedded-with-uids.pem | 81 + pki/testdata/ssl/certificates/dec_2017.pem | 85 + .../ssl/certificates/diginotar_cyber_ca.pem | 32 + .../certificates/diginotar_pkioverheid.pem | 28 + .../certificates/diginotar_pkioverheid_g2.pem | 38 + .../certificates/diginotar_public_ca_2025.pem | 35 + .../ssl/certificates/diginotar_root_ca.pem | 32 + .../diginotar_services_1024_ca.pem | 23 + .../ssl/certificates/duplicate_cn_1.p12 | Bin 0 -> 2405 bytes .../ssl/certificates/duplicate_cn_1.pem | 78 + .../ssl/certificates/duplicate_cn_2.p12 | Bin 0 -> 2405 bytes .../ssl/certificates/duplicate_cn_2.pem | 78 + .../ssl/certificates/eku-test-root.pem | 77 + pki/testdata/ssl/certificates/ev_test.pem | 70 + .../ssl/certificates/ev_test_state_only.pem | 69 + .../ssl/certificates/expired_cert.pem | 113 + .../foaf.me.chromium-test-cert.der | Bin 0 -> 990 bytes .../ssl/certificates/google.binary.p7b | Bin 0 -> 1661 bytes .../ssl/certificates/google.chain.pem | 38 + .../ssl/certificates/google.pem_cert.p7b | 37 + .../ssl/certificates/google.pem_pkcs7.p7b | 37 + .../ssl/certificates/google.single.der | Bin 0 -> 805 bytes .../ssl/certificates/google.single.pem | 19 + .../ssl/certificates/google_diginotar.pem | 30 + .../ssl/certificates/intermediate_ca_cert.pem | 110 + .../certificates/invalid_key_usage_cert.der | Bin 0 -> 940 bytes .../ssl/certificates/key_usage_p256.key | 5 + .../ssl/certificates/key_usage_p256_both.pem | 45 + .../key_usage_p256_digitalsignature.pem | 45 + .../key_usage_p256_keyagreement.pem | 45 + .../key_usage_p256_no_extension.pem | 41 + .../ssl/certificates/key_usage_rsa.key | 28 + .../ssl/certificates/key_usage_rsa_both.pem | 100 + .../key_usage_rsa_digitalsignature.pem | 99 + .../key_usage_rsa_keyencipherment.pem | 99 + .../key_usage_rsa_no_extension.pem | 96 + pki/testdata/ssl/certificates/large_key.pem | 196 + .../ssl/certificates/leaf_from_known_root.pem | 274 + .../certificates/lets-encrypt-dst-x3-root.pem | 464 + .../lets-encrypt-isrg-x1-root.pem | 380 + .../ssl/certificates/localhost_cert.pem | 113 + pki/testdata/ssl/certificates/may_2018.pem | 85 + .../ssl/certificates/mit.davidben.der | Bin 0 -> 965 bytes .../ssl/certificates/multi-root-A-by-B.pem | 109 + .../ssl/certificates/multi-root-B-by-C.pem | 74 + .../ssl/certificates/multi-root-B-by-F.pem | 74 + .../ssl/certificates/multi-root-C-by-D.pem | 74 + .../ssl/certificates/multi-root-C-by-E.pem | 74 + .../ssl/certificates/multi-root-D-by-D.pem | 75 + .../ssl/certificates/multi-root-E-by-E.pem | 75 + .../ssl/certificates/multi-root-F-by-E.pem | 74 + .../ssl/certificates/multi-root-chain1.pem | 305 + .../ssl/certificates/multi-root-chain2.pem | 305 + .../ssl/certificates/multi-root-crlset-C.raw | Bin 0 -> 155 bytes .../multi-root-crlset-CD-and-FE.raw | Bin 0 -> 187 bytes .../multi-root-crlset-D-and-E.raw | Bin 0 -> 203 bytes .../ssl/certificates/multi-root-crlset-E.raw | Bin 0 -> 155 bytes .../multi-root-crlset-unrelated.raw | Bin 0 -> 148 bytes .../ssl/certificates/multi-root.keychain | Bin 0 -> 33112 bytes .../ssl/certificates/multivalue_rdn.pem | 59 + .../ssl/certificates/name_constrained_key.pem | 28 + pki/testdata/ssl/certificates/ndn.ca.crt | 35 + pki/testdata/ssl/certificates/nist.der | Bin 0 -> 1322 bytes .../no_subject_common_name_cert.pem | 109 + .../non-crit-codeSigning-chain.pem | 110 + pki/testdata/ssl/certificates/ok_cert.pem | 113 + .../certificates/ok_cert_by_intermediate.pem | 195 + .../certificates/policies_sanity_check.pem | 93 + .../ssl/certificates/post_june_2016.pem | 85 + .../certificates/pre_br_validity_bad_121.pem | 85 + .../certificates/pre_br_validity_bad_2020.pem | 85 + .../ssl/certificates/pre_br_validity_ok.pem | 85 + .../ssl/certificates/pre_june_2016.pem | 85 + ...56v1-ecdsa-ee-by-1024-rsa-intermediate.pem | 55 + ...56v1-ecdsa-ee-by-2048-rsa-intermediate.pem | 65 + ...256v1-ecdsa-ee-by-768-rsa-intermediate.pem | 53 + ...sa-ee-by-prime256v1-ecdsa-intermediate.pem | 50 + .../prime256v1-ecdsa-intermediate.pem | 58 + .../ssl/certificates/punycodetest.pem | 78 + pki/testdata/ssl/certificates/quic-chain.pem | 147 + .../ssl/certificates/quic-ecdsa-leaf.key | Bin 0 -> 138 bytes .../ssl/certificates/quic-leaf-cert.key | Bin 0 -> 1219 bytes .../certificates/quic-leaf-cert.key.pkcs8.pem | 28 + .../ssl/certificates/quic-leaf-cert.key.sct | Bin 0 -> 33 bytes pki/testdata/ssl/certificates/quic-root.pem | 18 + .../ssl/certificates/quic-short-lived.pem | 42 + .../certificates/redundant-server-chain.pem | 333 + .../redundant-validated-chain-root.pem | 75 + .../redundant-validated-chain.pem | 259 + .../ssl/certificates/root_ca_cert.pem | 108 + .../ssl/certificates/salesforce_com_test.pem | 81 + .../certificates/self-signed-invalid-name.pem | 69 + .../certificates/self-signed-invalid-sig.pem | 69 + pki/testdata/ssl/certificates/sha1_2016.pem | 85 + pki/testdata/ssl/certificates/sha1_leaf.pem | 113 + .../ssl/certificates/spdy_pooling.pem | 79 + .../ssl/certificates/start_after_expiry.pem | 85 + .../subjectAltName_sanity_check.pem | 82 + .../subjectAltName_www_example_com.pem | 80 + pki/testdata/ssl/certificates/test_names.pem | 114 + .../ssl/certificates/treadclimber.pem | 227 + .../ssl/certificates/treadclimber.sctlist | Bin 0 -> 484 bytes pki/testdata/ssl/certificates/unescaped.pem | 62 + .../ssl/certificates/unittest.key.bin | Bin 0 -> 635 bytes .../ssl/certificates/unittest.selfsigned.der | Bin 0 -> 414 bytes .../verisign_intermediate_ca_2011.pem | 71 + .../verisign_intermediate_ca_2016.pem | 71 + .../ssl/certificates/weak_digest_md2_ee.pem | 61 + .../weak_digest_md2_intermediate.pem | 57 + .../ssl/certificates/weak_digest_md2_root.pem | 14 + .../ssl/certificates/weak_digest_md4_ee.pem | 61 + .../weak_digest_md4_intermediate.pem | 57 + .../ssl/certificates/weak_digest_md4_root.pem | 14 + .../ssl/certificates/weak_digest_md5_ee.pem | 61 + .../weak_digest_md5_intermediate.pem | 57 + .../ssl/certificates/weak_digest_md5_root.pem | 14 + .../ssl/certificates/weak_digest_sha1_ee.pem | 61 + .../weak_digest_sha1_intermediate.pem | 57 + .../certificates/weak_digest_sha1_root.pem | 14 + .../ssl/certificates/websocket_cacert.pem | 61 + .../certificates/websocket_client_cert.p12 | Bin 0 -> 2550 bytes pki/testdata/ssl/certificates/wildcard.pem | 113 + .../x509_verify_results.chain.pem | 247 + pki/testdata/test_certificate_data.h | 619 + .../verify_certificate_chain_unittest/README | 87 + .../chain.pem | 366 + .../generate-chains.py | 33 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 5 + .../expired-intermediate/chain.pem | 280 + .../expired-intermediate/generate-chains.py | 35 + .../keys/Intermediate.key | 28 + .../expired-intermediate/keys/Root.key | 28 + .../expired-intermediate/keys/Target.key | 28 + .../expired-intermediate/not-after.test | 8 + .../expired-intermediate/not-before.test | 8 + .../expired-root/chain.pem | 280 + .../expired-root/generate-chains.py | 36 + .../expired-root/keys/Intermediate.key | 28 + .../expired-root/keys/Root.key | 28 + .../expired-root/keys/Target.key | 28 + .../keys/expired-unconstrained-root_Root.key | 28 + .../expired-unconstrained-root_Target.key | 28 + .../not-after-ta-with-constraints.test | 5 + ...er-ta-with-expiration-and-constraints.test | 8 + .../not-after-ta-with-expiration.test | 8 + .../expired-root/not-after.test | 5 + .../not-before-ta-with-expiration.test | 8 + .../expired-root/not-before.test | 5 + .../expired-target/chain.pem | 280 + .../expired-target/generate-chains.py | 35 + .../expired-target/keys/Intermediate.key | 28 + .../expired-target/keys/Root.key | 28 + .../expired-target/keys/Target.key | 28 + .../expired-target/not-after.test | 8 + .../expired-target/not-before.test | 8 + .../generate-all.sh | 21 + .../incorrect-trust-anchor/chain.pem | 278 + .../incorrect-trust-anchor/generate-chains.py | 31 + .../incorrect-trust-anchor/keys/BogusRoot.key | 28 + .../keys/Intermediate.key | 28 + .../incorrect-trust-anchor/keys/Root.key | 28 + .../incorrect-trust-anchor/keys/Target.key | 28 + .../incorrect-trust-anchor/main.test | 8 + .../chain.pem | 275 + .../generate-chains.py | 36 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../keys/Root.key | 28 + .../keys/Root_1.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../chain.pem | 275 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../chain.pem | 275 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 5 + .../any.test | 5 + .../chain.pem | 278 + .../clientauth-strict.test | 5 + .../clientauth-strict.test~ | 5 + .../clientauth.test | 5 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../serverauth-strict.test | 9 + .../serverauth-strict.test~ | 10 + .../serverauth.test | 8 + .../intermediate-eku-clientauth/any.test | 5 + .../intermediate-eku-clientauth/chain.pem | 278 + .../clientauth-strict.test | 5 + .../clientauth.test | 5 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 28 + .../intermediate-eku-clientauth/keys/Root.key | 28 + .../keys/Target.key | 28 + .../serverauth-strict.test | 8 + .../serverauth.test | 8 + .../generate-chains.py | 39 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../keys/Root.key | 28 + .../keys/Root_1.key | 28 + .../keys/Target.key | 28 + .../keys/Target_1.key | 28 + .../sha1-chain.pem | 280 + .../sha1-eku-any.test | 5 + .../sha1-eku-clientAuth-strict.test | 8 + .../sha1-eku-clientAuth-strict.test~ | 9 + .../sha1-eku-clientAuth.test | 8 + .../sha1-eku-serverAuth-strict.test | 9 + .../sha1-eku-serverAuth-strict.test~ | 9 + .../sha1-eku-serverAuth.test | 8 + .../sha256-chain.pem | 280 + .../sha256-eku-any.test | 5 + .../sha256-eku-clientAuth-strict.test | 8 + .../sha256-eku-clientAuth-strict.test~ | 9 + .../sha256-eku-clientAuth.test | 9 + .../sha256-eku-serverAuth-strict.test | 9 + .../sha256-eku-serverAuth-strict.test~ | 10 + .../sha256-eku-serverAuth.test | 9 + .../chain.pem | 273 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../chain.pem | 274 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../intermediate-signed-with-sha1/chain.pem | 266 + .../generate-chains.py | 24 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../intermediate-signed-with-sha1/main.test | 9 + .../chain.pem | 278 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 10 + .../chain.pem | 278 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 5 + .../chain.pem | 278 + .../generate-chains.py | 40 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Root_1.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../anchor.pem | 274 + .../anchor.test | 5 + .../target.pem | 454 + .../target.test | 6 + .../key-rollover/generate-chains.py | 87 + .../key-rollover/keys/Intermediate.key | 28 + .../key-rollover/keys/Root.key | 28 + .../key-rollover/keys/Root_1.key | 28 + .../key-rollover/keys/Target.key | 28 + .../key-rollover/longrolloverchain.pem | 486 + .../key-rollover/longrolloverchain.test | 5 + .../key-rollover/newchain.pem | 306 + .../key-rollover/newchain.test | 5 + .../key-rollover/oldchain.pem | 306 + .../key-rollover/oldchain.test | 5 + .../key-rollover/rolloverchain.pem | 396 + .../key-rollover/rolloverchain.test | 5 + .../many-names/generate-chains.py | 157 + .../many-names/keys/Intermediate.key | 28 + .../many-names/keys/Root.key | 28 + .../many-names/keys/t0.key | 28 + .../many-names/ok-all-types.pem | 5095 ++ .../many-names/ok-all-types.test | 5 + ...2FABB43DDCC077802A0309AD437402BF98D8D4.pem | 705 + ...2FABB43DDCC077802A0309AD437402BF98D8D5.pem | 344 + ...2FABB43DDCC077802A0309AD437402BF98D8D6.pem | 325 + ...2FABB43DDCC077802A0309AD437402BF98D8D7.pem | 220 + ...2FABB43DDCC077802A0309AD437402BF98D8D8.pem | 496 + ...2FABB43DDCC077802A0309AD437402BF98D8D9.pem | 325 + ...2FABB43DDCC077802A0309AD437402BF98D8DA.pem | 220 + ...2FABB43DDCC077802A0309AD437402BF98D8DB.pem | 496 + ...E5FC818859A85016C17FD7E52AE5967FC2F6F5.pem | 89 + ...E5FC818859A85016C17FD7E52AE5967FC2F6F6.pem | 4294 ++ ...E5FC818859A85016C17FD7E52AE5967FC2F6F7.pem | 1437 + ...E5FC818859A85016C17FD7E52AE5967FC2F6F8.pem | 1394 + ...E5FC818859A85016C17FD7E52AE5967FC2F6F9.pem | 1374 + ...E5FC818859A85016C17FD7E52AE5967FC2F6FA.pem | 1564 + ...E5FC818859A85016C17FD7E52AE5967FC2F6FB.pem | 1394 + ...E5FC818859A85016C17FD7E52AE5967FC2F6FC.pem | 1374 + ...E5FC818859A85016C17FD7E52AE5967FC2F6FD.pem | 1564 + .../many-names/out/Intermediate.cnf | 4167 ++ .../many-names/out/Intermediate.csr | 1144 + .../many-names/out/Intermediate.db | 8 + .../many-names/out/Intermediate.db.attr | 1 + .../many-names/out/Intermediate.db.attr.old | 1 + .../many-names/out/Intermediate.db.old | 7 + .../many-names/out/Intermediate.pem | 4294 ++ .../many-names/out/Intermediate.serial | 1 + .../many-names/out/Intermediate.serial.old | 1 + .../many-names/out/Intermediate_1.cnf | 2118 + .../many-names/out/Intermediate_1.csr | 336 + .../many-names/out/Intermediate_1.pem | 1437 + .../many-names/out/Intermediate_2.cnf | 1092 + .../many-names/out/Intermediate_2.csr | 293 + .../many-names/out/Intermediate_2.pem | 1394 + .../many-names/out/Intermediate_3.cnf | 1092 + .../many-names/out/Intermediate_3.csr | 274 + .../many-names/out/Intermediate_3.pem | 1374 + .../many-names/out/Intermediate_4.cnf | 4167 ++ .../many-names/out/Intermediate_4.csr | 464 + .../many-names/out/Intermediate_4.pem | 1564 + .../many-names/out/Intermediate_5.cnf | 1092 + .../many-names/out/Intermediate_5.csr | 293 + .../many-names/out/Intermediate_5.pem | 1394 + .../many-names/out/Intermediate_6.cnf | 1092 + .../many-names/out/Intermediate_6.csr | 274 + .../many-names/out/Intermediate_6.pem | 1374 + .../many-names/out/Intermediate_7.cnf | 4167 ++ .../many-names/out/Intermediate_7.csr | 464 + .../many-names/out/Intermediate_7.pem | 1564 + .../many-names/out/Root.cnf | 64 + .../many-names/out/Root.csr | 17 + .../many-names/out/Root.db | 9 + .../many-names/out/Root.db.attr | 1 + .../many-names/out/Root.db.attr.old | 1 + .../many-names/out/Root.db.old | 8 + .../many-names/out/Root.pem | 89 + .../many-names/out/Root.serial | 1 + .../many-names/out/Root.serial.old | 1 + .../many-names/out/t0.cnf | 3142 ++ .../many-names/out/t0.csr | 630 + .../many-names/out/t0.db | 0 .../many-names/out/t0.pem | 705 + .../many-names/out/t0.serial | 1 + .../many-names/out/t0_1.cnf | 2114 + .../many-names/out/t0_1.csr | 269 + .../many-names/out/t0_1.pem | 344 + .../many-names/out/t0_2.cnf | 1091 + .../many-names/out/t0_2.csr | 250 + .../many-names/out/t0_2.pem | 325 + .../many-names/out/t0_3.cnf | 1091 + .../many-names/out/t0_3.csr | 145 + .../many-names/out/t0_3.pem | 220 + .../many-names/out/t0_4.cnf | 4163 ++ .../many-names/out/t0_4.csr | 421 + .../many-names/out/t0_4.pem | 496 + .../many-names/out/t0_5.cnf | 1091 + .../many-names/out/t0_5.csr | 250 + .../many-names/out/t0_5.pem | 325 + .../many-names/out/t0_6.cnf | 1091 + .../many-names/out/t0_6.csr | 145 + .../many-names/out/t0_6.pem | 220 + .../many-names/out/t0_7.cnf | 4163 ++ .../many-names/out/t0_7.csr | 421 + .../many-names/out/t0_7.pem | 496 + .../many-names/toomany-all-types.pem | 1877 + .../many-names/toomany-all-types.test | 8 + .../many-names/toomany-dirnames-excluded.pem | 2156 + .../many-names/toomany-dirnames-excluded.test | 8 + .../many-names/toomany-dirnames-permitted.pem | 2156 + .../toomany-dirnames-permitted.test | 8 + .../many-names/toomany-dns-excluded.pem | 1815 + .../many-names/toomany-dns-excluded.test | 8 + .../many-names/toomany-dns-permitted.pem | 1815 + .../many-names/toomany-dns-permitted.test | 8 + .../many-names/toomany-ips-excluded.pem | 1690 + .../many-names/toomany-ips-excluded.test | 8 + .../many-names/toomany-ips-permitted.pem | 1690 + .../many-names/toomany-ips-permitted.test | 8 + .../non-self-signed-root/chain.pem | 275 + .../non-self-signed-root/generate-chains.py | 26 + .../keys/Intermediate.key | 28 + .../non-self-signed-root/keys/Root.key | 28 + .../non-self-signed-root/keys/ShadowRoot.key | 28 + .../non-self-signed-root/keys/Target.key | 28 + .../non-self-signed-root/main.test | 5 + .../ta-with-constraints.test | 5 + .../pkits_errors/4.1.2.txt | 3 + .../pkits_errors/4.1.3.txt | 3 + .../pkits_errors/4.1.4.txt | 6 + .../pkits_errors/4.1.5.txt | 6 + .../pkits_errors/4.1.6.txt | 6 + .../pkits_errors/4.10.1.2.txt | 3 + .../pkits_errors/4.10.1.3.txt | 4 + .../pkits_errors/4.10.10.txt | 4 + .../pkits_errors/4.10.13.txt | 3 + .../pkits_errors/4.10.2.txt | 4 + .../pkits_errors/4.10.3.txt | 3 + .../pkits_errors/4.10.4.txt | 4 + .../pkits_errors/4.10.5.txt | 3 + .../pkits_errors/4.10.6.txt | 3 + .../pkits_errors/4.10.7.txt | 7 + .../pkits_errors/4.10.8.txt | 7 + .../pkits_errors/4.11.1.txt | 4 + .../pkits_errors/4.11.10.txt | 4 + .../pkits_errors/4.11.11.txt | 4 + .../pkits_errors/4.11.3.txt | 4 + .../pkits_errors/4.11.5.txt | 4 + .../pkits_errors/4.11.6.txt | 4 + .../pkits_errors/4.11.8.txt | 4 + .../pkits_errors/4.11.9.txt | 4 + .../pkits_errors/4.12.1.txt | 4 + .../pkits_errors/4.12.10.txt | 4 + .../pkits_errors/4.12.3.txt | 7 + .../pkits_errors/4.12.4.txt | 4 + .../pkits_errors/4.12.5.txt | 4 + .../pkits_errors/4.12.6.txt | 4 + .../pkits_errors/4.12.8.txt | 7 + .../pkits_errors/4.13.10.txt | 3 + .../pkits_errors/4.13.12.txt | 3 + .../pkits_errors/4.13.13.txt | 3 + .../pkits_errors/4.13.15.txt | 3 + .../pkits_errors/4.13.16.txt | 3 + .../pkits_errors/4.13.17.txt | 3 + .../pkits_errors/4.13.2.txt | 3 + .../pkits_errors/4.13.20.txt | 3 + .../pkits_errors/4.13.21.txt | 3 + .../pkits_errors/4.13.22.txt | 3 + .../pkits_errors/4.13.23.txt | 3 + .../pkits_errors/4.13.24.txt | 3 + .../pkits_errors/4.13.25.txt | 3 + .../pkits_errors/4.13.26.txt | 3 + .../pkits_errors/4.13.27.txt | 3 + .../pkits_errors/4.13.28.txt | 3 + .../pkits_errors/4.13.29.txt | 3 + .../pkits_errors/4.13.3.txt | 3 + .../pkits_errors/4.13.31.txt | 3 + .../pkits_errors/4.13.33.txt | 3 + .../pkits_errors/4.13.34.txt | 3 + .../pkits_errors/4.13.35.txt | 3 + .../pkits_errors/4.13.36.txt | 3 + .../pkits_errors/4.13.37.txt | 3 + .../pkits_errors/4.13.38.txt | 3 + .../pkits_errors/4.13.7.txt | 3 + .../pkits_errors/4.13.8.txt | 3 + .../pkits_errors/4.13.9.txt | 3 + .../pkits_errors/4.16.2.txt | 5 + .../pkits_errors/4.2.1.txt | 3 + .../pkits_errors/4.2.2.txt | 3 + .../pkits_errors/4.2.5.txt | 3 + .../pkits_errors/4.2.6.txt | 3 + .../pkits_errors/4.2.7.txt | 3 + .../pkits_errors/4.3.1.txt | 3 + .../pkits_errors/4.3.2.txt | 3 + .../pkits_errors/4.6.1.txt | 3 + .../pkits_errors/4.6.10.txt | 3 + .../pkits_errors/4.6.11.txt | 3 + .../pkits_errors/4.6.12.txt | 3 + .../pkits_errors/4.6.16.txt | 3 + .../pkits_errors/4.6.2.txt | 3 + .../pkits_errors/4.6.3.txt | 3 + .../pkits_errors/4.6.5.txt | 3 + .../pkits_errors/4.6.6.txt | 3 + .../pkits_errors/4.6.9.txt | 3 + .../pkits_errors/4.7.1.txt | 3 + .../pkits_errors/4.7.2.txt | 3 + .../pkits_errors/4.8.1.txt | 3 + .../pkits_errors/4.8.12.txt | 4 + .../pkits_errors/4.8.14.txt | 3 + .../pkits_errors/4.8.2.txt | 7 + .../pkits_errors/4.8.3.txt | 7 + .../pkits_errors/4.8.4.txt | 4 + .../pkits_errors/4.8.5.txt | 4 + .../pkits_errors/4.8.6.txt | 3 + .../pkits_errors/4.8.7.txt | 4 + .../pkits_errors/4.8.8.txt | 7 + .../pkits_errors/4.8.9.txt | 7 + .../pkits_errors/4.9.3.txt | 3 + .../pkits_errors/4.9.5.txt | 4 + .../pkits_errors/4.9.7.txt | 3 + .../pkits_errors/4.9.8.txt | 3 + .../chain.pem | 276 + .../generate-chains.py | 31 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 6 + .../ta-with-constraints.test | 9 + .../chain.pem | 276 + .../generate-chains.py | 31 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 6 + .../ta-with-constraints.test | 6 + .../chain.pem | 279 + .../generate-chains.py | 37 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 6 + .../ta-with-constraints.test | 9 + .../chain.pem | 279 + .../generate-chains.py | 37 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 6 + .../ta-with-constraints.test | 6 + .../policies-ok/chain.pem | 272 + .../policies-ok/generate-chains.py | 27 + .../policies-ok/keys/Intermediate.key | 29 + .../policies-ok/keys/Root.key | 29 + .../policies-ok/keys/Target.key | 29 + .../policies-ok/main.test | 6 + .../policies-ok/ta-with-constraints.test | 6 + .../policies-on-root-ok/chain.pem | 280 + .../policies-on-root-ok/generate-chains.py | 33 + .../policies-on-root-ok/keys/Intermediate.key | 29 + .../policies-on-root-ok/keys/Root.key | 29 + .../policies-on-root-ok/keys/Target.key | 29 + .../policies-on-root-ok/main.test | 6 + .../ta-with-constraints.test | 6 + .../policies-on-root-wrong/chain.pem | 277 + .../policies-on-root-wrong/generate-chains.py | 30 + .../keys/Intermediate.key | 29 + .../policies-on-root-wrong/keys/Root.key | 29 + .../policies-on-root-wrong/keys/Target.key | 29 + .../policies-on-root-wrong/main.test | 6 + .../ta-with-constraints.test | 9 + .../policies-required-by-root-fail/chain.pem | 269 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../policies-required-by-root-fail/main.test | 5 + .../ta-with-constraints.test | 8 + .../policies-required-by-root-ok/chain.pem | 269 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../policies-required-by-root-ok/main.test | 5 + .../ta-with-constraints.test | 5 + .../policy-mappings-on-root-fail/chain.pem | 279 + .../generate-chains.py | 34 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../policy-mappings-on-root-fail/main.test | 6 + .../ta-with-constraints.test | 9 + .../policy-mappings-on-root-ok/chain.pem | 278 + .../generate-chains.py | 33 + .../keys/Intermediate.key | 29 + .../policy-mappings-on-root-ok/keys/Root.key | 29 + .../keys/Target.key | 29 + .../policy-mappings-on-root-ok/main.test | 6 + .../ta-with-constraints.test | 6 + .../rebase-errors.py | 127 + .../root-basic-constraints-ca-false/chain.pem | 275 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../root-basic-constraints-ca-false/main.test | 5 + .../ta-with-constraints.test | 8 + .../root-eku-clientauth/chain.pem | 278 + .../root-eku-clientauth/generate-chains.py | 25 + .../root-eku-clientauth/keys/Intermediate.key | 28 + .../root-eku-clientauth/keys/Root.key | 28 + .../root-eku-clientauth/keys/Target.key | 28 + .../serverauth-strict.test | 5 + ...serverauth-ta-with-constraints-strict.test | 8 + .../serverauth-ta-with-constraints.test | 8 + ...th-ta-with-expiration-and-constraints.test | 8 + .../serverauth-ta-with-expiration.test | 5 + .../root-eku-clientauth/serverauth.test | 5 + .../root-lacks-basic-constraints/chain.pem | 273 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../root-lacks-basic-constraints/main.test | 5 + ...constraints-require-basic-constraints.test | 8 + .../ta-with-constraints.test | 5 + .../ta-with-require-basic-constraints.test | 5 + .../chain.pem | 266 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 5 + .../ta-with-constraints.test | 8 + .../target-and-intermediate/chain.pem | 275 + .../distrusted-root-expired.test | 8 + .../distrusted-root.test | 8 + .../generate-chains.py | 24 + .../keys/Intermediate.key | 28 + .../target-and-intermediate/keys/Root.key | 28 + .../target-and-intermediate/keys/Target.key | 28 + .../target-and-intermediate/main.test | 5 + .../ta-with-constraints.test | 5 + .../ta-with-expiration.test | 5 + .../trusted_leaf-and-trust_anchor.test | 5 + .../trusted_leaf-root.test | 8 + .../unspecified-trust-root.test | 8 + .../target-eku-any/any.test | 5 + .../target-eku-any/chain.pem | 275 + .../target-eku-any/clientauth-strict.test | 12 + .../target-eku-any/clientauth.test | 8 + .../target-eku-any/generate-chains.py | 24 + .../target-eku-any/keys/Intermediate.key | 28 + .../target-eku-any/keys/Root.key | 28 + .../target-eku-any/keys/Target.key | 28 + .../target-eku-any/serverauth-strict.test | 9 + .../target-eku-any/serverauth.test | 8 + .../target-eku-clientauth/any.test | 5 + .../target-eku-clientauth/chain.pem | 275 + .../clientauth-strict.test | 8 + .../target-eku-clientauth/clientauth.test | 5 + .../target-eku-clientauth/generate-chains.py | 25 + .../keys/Intermediate.key | 28 + .../target-eku-clientauth/keys/Root.key | 28 + .../target-eku-clientauth/keys/Target.key | 28 + .../serverauth-strict.test | 8 + .../target-eku-clientauth/serverauth.test | 8 + .../target-eku-many/any.test | 5 + .../target-eku-many/chain.pem | 276 + .../target-eku-many/clientauth-strict.test | 13 + .../target-eku-many/clientauth.test | 10 + .../target-eku-many/generate-chains.py | 25 + .../target-eku-many/keys/Intermediate.key | 28 + .../target-eku-many/keys/Root.key | 28 + .../target-eku-many/keys/Target.key | 28 + ...1D2B1D127E34B62B61B278F274669ADC66ADCC.pem | 91 + ...F49EE7B5F73630C9845EA5B8398B58F3237B18.pem | 89 + ...F49EE7B5F73630C9845EA5B8398B58F3237B19.pem | 89 + .../target-eku-many/out/Intermediate.cnf | 64 + .../target-eku-many/out/Intermediate.csr | 17 + .../target-eku-many/out/Intermediate.db | 1 + .../target-eku-many/out/Intermediate.db.attr | 1 + .../target-eku-many/out/Intermediate.db.old | 0 .../target-eku-many/out/Intermediate.pem | 89 + .../target-eku-many/out/Intermediate.serial | 1 + .../out/Intermediate.serial.old | 1 + .../target-eku-many/out/Issuer.db | 0 .../target-eku-many/out/Issuer.serial | 1 + .../target-eku-many/out/Root.cnf | 64 + .../target-eku-many/out/Root.csr | 17 + .../target-eku-many/out/Root.db | 2 + .../target-eku-many/out/Root.db.attr | 1 + .../target-eku-many/out/Root.db.attr.old | 1 + .../target-eku-many/out/Root.db.old | 1 + .../target-eku-many/out/Root.pem | 89 + .../target-eku-many/out/Root.serial | 1 + .../target-eku-many/out/Root.serial.old | 1 + .../target-eku-many/out/Target.cnf | 64 + .../target-eku-many/out/Target.csr | 18 + .../target-eku-many/out/Target.db | 0 .../target-eku-many/out/Target.pem | 91 + .../target-eku-many/out/Target.serial | 1 + .../target-eku-many/serverauth-strict.test | 10 + .../target-eku-many/serverauth.test | 10 + .../target-eku-none/any.test | 5 + .../target-eku-none/chain.pem | 272 + .../target-eku-none/clientauth-strict.test | 12 + .../target-eku-none/clientauth-strict.test~ | 9 + .../target-eku-none/clientauth.test | 8 + .../target-eku-none/generate-chains.py | 25 + .../target-eku-none/keys/Intermediate.key | 28 + .../target-eku-none/keys/Root.key | 28 + .../target-eku-none/keys/Target.key | 28 + .../target-eku-none/serverauth-strict.test | 9 + .../target-eku-none/serverauth-strict.test~ | 9 + .../target-eku-none/serverauth.test | 8 + .../target-has-512bit-rsa-key/chain.pem | 258 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 28 + .../target-has-512bit-rsa-key/keys/Root.key | 28 + .../target-has-512bit-rsa-key/keys/Target.key | 10 + .../target-has-512bit-rsa-key/main.test | 11 + .../target-has-ca-basic-constraints/chain.pem | 268 + .../generate-chains.py | 25 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../target-has-ca-basic-constraints/main.test | 8 + .../strict.test | 8 + .../target_only-trusted_leaf-strict.test | 5 + .../target_only-trusted_leaf.test | 5 + .../target_only.pem | 94 + .../chain.pem | 276 + .../generate-chains.py | 27 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 5 + .../target-has-pathlen-but-not-ca/chain.pem | 277 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../target-has-pathlen-but-not-ca/main.test | 5 + .../chain.pem | 269 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 5 + .../chain.pem | 267 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 29 + .../keys/Root.key | 29 + .../keys/Target.key | 29 + .../main.test | 11 + .../target-not-end-entity/chain.pem | 275 + .../target-not-end-entity/generate-chains.py | 24 + .../keys/Intermediate.key | 28 + .../target-not-end-entity/keys/Root.key | 28 + .../target-not-end-entity/keys/Target.key | 28 + .../target-not-end-entity/main.test | 9 + .../target-not-end-entity/strict.test | 10 + .../target-only/chain.pem | 91 + .../target-only/generate-chains.py | 21 + .../target-only/keys/Root.key | 29 + .../target-only/keys/Target.key | 29 + .../target-only/trusted_anchor.test | 8 + .../trusted_leaf-and-trust_anchor.test | 5 + .../target-only/trusted_leaf-not_after.test | 8 + .../target-only/trusted_leaf-wrong_eku.test | 8 + .../target-only/trusted_leaf.test | 5 + .../trusted_leaf_require_self_signed.test | 8 + .../target-selfissued/chain.pem | 91 + .../target-selfissued/generate-chains.py | 21 + .../target-selfissued/keys/Target.key | 29 + .../target-selfissued/keys/Target_1.key | 29 + .../target-selfissued/trusted_anchor.test | 8 + .../trusted_leaf-and-trust_anchor.test | 5 + .../target-selfissued/trusted_leaf.test | 5 + .../trusted_leaf_require_self_signed.test | 8 + .../target-selfsigned/chain.pem | 90 + .../target-selfsigned/generate-chains.py | 17 + .../target-selfsigned/keys/Target.key | 29 + .../trusted_leaf-and-trust_anchor.test | 5 + .../trusted_leaf-not_after.test | 8 + .../trusted_leaf-wrong_eku.test | 8 + .../target-selfsigned/trusted_leaf.test | 5 + .../trusted_leaf_require_self_signed.test | 5 + .../ec-decipherOnly.pem | 260 + .../ec-decipherOnly.test | 5 + .../ec-digitalSignature.pem | 260 + .../ec-digitalSignature.test | 5 + .../ec-keyAgreement.pem | 260 + .../ec-keyAgreement.test | 5 + .../ec-keyEncipherment.pem | 260 + .../ec-keyEncipherment.test | 5 + .../generate-chains.py | 54 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target-ec.key | 10 + .../keys/Target-rsa.key | 28 + .../rsa-decipherOnly.pem | 274 + .../rsa-decipherOnly.test | 5 + .../rsa-digitalSignature.pem | 274 + .../rsa-digitalSignature.test | 5 + .../rsa-keyAgreement.pem | 274 + .../rsa-keyAgreement.test | 5 + .../rsa-keyEncipherment.pem | 274 + .../rsa-keyEncipherment.test | 5 + .../target-signed-by-512bit-rsa/chain.pem | 243 + .../generate-chains.py | 26 + .../keys/Intermediate.key | 10 + .../target-signed-by-512bit-rsa/keys/Root.key | 28 + .../keys/Target.key | 28 + .../target-signed-by-512bit-rsa/main.test | 11 + .../target-signed-using-ecdsa/chain.pem | 251 + .../generate-chains.py | 27 + .../keys/Intermediate.key | 10 + .../target-signed-using-ecdsa/keys/Root.key | 28 + .../target-signed-using-ecdsa/keys/Target.key | 28 + .../target-signed-using-ecdsa/main.test | 5 + .../target-signed-with-sha1/chain.pem | 266 + .../generate-chains.py | 24 + .../keys/Intermediate.key | 28 + .../target-signed-with-sha1/keys/Root.key | 28 + .../target-signed-with-sha1/keys/Target.key | 28 + .../target-signed-with-sha1/main.test | 9 + .../chain.pem | 268 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 10 + .../target_only-trusted_leaf.test | 10 + .../target_only.pem | 94 + .../chain.pem | 278 + .../generate-chains.py | 40 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../target-wrong-signature/chain.pem | 274 + .../target-wrong-signature/generate-chains.py | 29 + .../keys/Intermediate.key | 28 + .../keys/Intermediate_1.key | 28 + .../target-wrong-signature/keys/Root.key | 28 + .../target-wrong-signature/keys/Target.key | 28 + .../target-wrong-signature/main.test | 8 + .../chain.pem | 280 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 10 + .../chain.pem | 280 + .../generate-chains.py | 28 + .../keys/Intermediate.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 5 + .../chain.pem | 366 + .../generate-chains.py | 32 + .../keys/Intermediate1.key | 28 + .../keys/Intermediate2.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../main.test | 8 + .../violates-pathlen-1-from-root/chain.pem | 367 + .../generate-chains.py | 31 + .../keys/Intermediate1.key | 28 + .../keys/Intermediate2.key | 28 + .../keys/Root.key | 28 + .../keys/Target.key | 28 + .../violates-pathlen-1-from-root/main.test | 5 + .../ta-with-constraints.test | 8 + .../ascii-BMPSTRING-case_swap-dupe_attr.pem | 37 + .../ascii-BMPSTRING-case_swap-extra_attr.pem | 35 + .../ascii-BMPSTRING-case_swap-extra_rdn.pem | 37 + .../names/ascii-BMPSTRING-case_swap.pem | 29 + ...i-BMPSTRING-extra_whitespace-dupe_attr.pem | 38 + ...-BMPSTRING-extra_whitespace-extra_attr.pem | 36 + ...i-BMPSTRING-extra_whitespace-extra_rdn.pem | 38 + .../ascii-BMPSTRING-extra_whitespace.pem | 30 + .../ascii-BMPSTRING-unmangled-dupe_attr.pem | 37 + .../ascii-BMPSTRING-unmangled-extra_attr.pem | 35 + .../ascii-BMPSTRING-unmangled-extra_rdn.pem | 37 + .../names/ascii-BMPSTRING-unmangled.pem | 29 + ...ii-PRINTABLESTRING-case_swap-dupe_attr.pem | 34 + ...i-PRINTABLESTRING-case_swap-extra_attr.pem | 33 + ...ii-PRINTABLESTRING-case_swap-extra_rdn.pem | 35 + .../names/ascii-PRINTABLESTRING-case_swap.pem | 28 + ...TABLESTRING-extra_whitespace-dupe_attr.pem | 35 + ...ABLESTRING-extra_whitespace-extra_attr.pem | 33 + ...TABLESTRING-extra_whitespace-extra_rdn.pem | 36 + ...ascii-PRINTABLESTRING-extra_whitespace.pem | 28 + .../ascii-PRINTABLESTRING-rdn_sorting_1.pem | 17 + .../ascii-PRINTABLESTRING-rdn_sorting_2.pem | 17 + ...ii-PRINTABLESTRING-unmangled-dupe_attr.pem | 34 + ...i-PRINTABLESTRING-unmangled-extra_attr.pem | 33 + ...ii-PRINTABLESTRING-unmangled-extra_rdn.pem | 35 + .../names/ascii-PRINTABLESTRING-unmangled.pem | 28 + .../ascii-T61STRING-case_swap-dupe_attr.pem | 34 + .../ascii-T61STRING-case_swap-extra_attr.pem | 33 + .../ascii-T61STRING-case_swap-extra_rdn.pem | 35 + .../names/ascii-T61STRING-case_swap.pem | 28 + ...i-T61STRING-extra_whitespace-dupe_attr.pem | 35 + ...-T61STRING-extra_whitespace-extra_attr.pem | 33 + ...i-T61STRING-extra_whitespace-extra_rdn.pem | 36 + .../ascii-T61STRING-extra_whitespace.pem | 28 + .../ascii-T61STRING-unmangled-dupe_attr.pem | 34 + .../ascii-T61STRING-unmangled-extra_attr.pem | 33 + .../ascii-T61STRING-unmangled-extra_rdn.pem | 35 + .../names/ascii-T61STRING-unmangled.pem | 28 + ...ii-UNIVERSALSTRING-case_swap-dupe_attr.pem | 43 + ...i-UNIVERSALSTRING-case_swap-extra_attr.pem | 38 + ...ii-UNIVERSALSTRING-case_swap-extra_rdn.pem | 40 + .../names/ascii-UNIVERSALSTRING-case_swap.pem | 32 + ...ERSALSTRING-extra_whitespace-dupe_attr.pem | 45 + ...RSALSTRING-extra_whitespace-extra_attr.pem | 40 + ...ERSALSTRING-extra_whitespace-extra_rdn.pem | 42 + ...ascii-UNIVERSALSTRING-extra_whitespace.pem | 33 + ...ii-UNIVERSALSTRING-unmangled-dupe_attr.pem | 43 + ...i-UNIVERSALSTRING-unmangled-extra_attr.pem | 38 + ...ii-UNIVERSALSTRING-unmangled-extra_rdn.pem | 40 + .../names/ascii-UNIVERSALSTRING-unmangled.pem | 32 + .../names/ascii-UTF8-case_swap-dupe_attr.pem | 34 + .../names/ascii-UTF8-case_swap-extra_attr.pem | 33 + .../names/ascii-UTF8-case_swap-extra_rdn.pem | 35 + .../names/ascii-UTF8-case_swap.pem | 28 + .../ascii-UTF8-extra_whitespace-dupe_attr.pem | 35 + ...ascii-UTF8-extra_whitespace-extra_attr.pem | 33 + .../ascii-UTF8-extra_whitespace-extra_rdn.pem | 36 + .../names/ascii-UTF8-extra_whitespace.pem | 28 + .../names/ascii-UTF8-unmangled-dupe_attr.pem | 34 + .../names/ascii-UTF8-unmangled-extra_attr.pem | 33 + .../names/ascii-UTF8-unmangled-extra_rdn.pem | 35 + .../names/ascii-UTF8-unmangled.pem | 28 + .../ascii-mixed-rdn_dupetype_sorting_1.pem | 30 + .../ascii-mixed-rdn_dupetype_sorting_2.pem | 30 + .../names/custom-custom-normalized.pem | 10 + ...AttributeTypeAndValue-badAttributeType.pem | 11 + .../invalid-AttributeTypeAndValue-empty.pem | 8 + ...nvalid-AttributeTypeAndValue-extradata.pem | 13 + ...d-AttributeTypeAndValue-onlyOneElement.pem | 11 + ...d-AttributeTypeAndValue-setNotSequence.pem | 12 + .../invalid-Name-setInsteadOfSequence.pem | 12 + .../names/invalid-RDN-empty.pem | 6 + .../invalid-RDN-sequenceInsteadOfSet.pem | 12 + .../names/unicode-mixed-normalized.pem | 57 + .../names/unicode-mixed-unnormalized.pem | 58 + .../names/unicode_bmp-BMPSTRING-unmangled.pem | 19 + .../unicode_bmp-UNIVERSALSTRING-unmangled.pem | 19 + .../names/unicode_bmp-UTF8-unmangled.pem | 19 + ...upplementary-UNIVERSALSTRING-unmangled.pem | 19 + .../unicode_supplementary-UTF8-unmangled.pem | 19 + .../names/valid-Name-empty.pem | 4 + .../names/valid-minimal.pem | 12 + .../scripts/generate_names.py | 372 + .../verify_signed_data_unittest/README | 35 + .../annotate_test_data.py | 164 + ...dsa-prime256v1-sha512-spki-params-null.pem | 35 + ...rime256v1-sha512-unused-bits-signature.pem | 43 + ...ecdsa-prime256v1-sha512-using-ecdh-key.pem | 38 + ...cdsa-prime256v1-sha512-using-ecmqv-key.pem | 38 + ...-prime256v1-sha512-using-rsa-algorithm.pem | 38 + ...ime256v1-sha512-wrong-signature-format.pem | 37 + .../ecdsa-prime256v1-sha512.pem | 39 + .../ecdsa-secp384r1-sha256-corrupted-data.pem | 43 + .../ecdsa-secp384r1-sha256.pem | 74 + .../ecdsa-using-rsa-key.pem | 41 + .../rsa-pkcs1-sha1-bad-key-der-length.pem | 34 + .../rsa-pkcs1-sha1-bad-key-der-null.pem | 42 + .../rsa-pkcs1-sha1-key-params-absent.pem | 39 + ...rsa-pkcs1-sha1-using-pss-key-no-params.pem | 41 + .../rsa-pkcs1-sha1-wrong-algorithm.pem | 38 + .../rsa-pkcs1-sha1.pem | 43 + .../rsa-pkcs1-sha256-key-encoded-ber.pem | 52 + .../rsa-pkcs1-sha256-spki-non-null-params.pem | 49 + ...rsa-pkcs1-sha256-using-ecdsa-algorithm.pem | 45 + .../rsa-pkcs1-sha256-using-id-ea-rsa.pem | 44 + .../rsa-pkcs1-sha256.pem | 76 + ...a-pss-sha256-using-pss-key-with-params.pem | 71 + .../rsa-pss-sha256-wrong-salt.pem | 61 + .../rsa-pss-sha256.pem | 92 + .../rsa-using-ec-key.pem | 42 + .../rsa2048-pkcs1-sha512.pem | 83 + pki/trust_store.cc | 175 + pki/trust_store.h | 152 + pki/trust_store_collection.cc | 46 + pki/trust_store_collection.h | 44 + pki/trust_store_collection_unittest.cc | 192 + pki/trust_store_in_memory.cc | 95 + pki/trust_store_in_memory.h | 92 + pki/verify_certificate_chain.cc | 1658 + pki/verify_certificate_chain.h | 266 + ...verify_certificate_chain_pkits_unittest.cc | 129 + pki/verify_certificate_chain_typed_unittest.h | 347 + pki/verify_certificate_chain_unittest.cc | 128 + pki/verify_name_match.cc | 419 + pki/verify_name_match.h | 62 + pki/verify_name_match_fuzzer.cc | 34 + pki/verify_name_match_normalizename_fuzzer.cc | 26 + pki/verify_name_match_unittest.cc | 613 + ...y_name_match_verifynameinsubtree_fuzzer.cc | 35 + pki/verify_signed_data.cc | 290 + pki/verify_signed_data.h | 53 + pki/verify_signed_data_unittest.cc | 242 + pki/x509_cert_types.h | 63 + pki/x509_certificate.cc | 784 + pki/x509_certificate.h | 343 + util/all_tests.json | 3 + 2097 files changed, 242273 insertions(+), 1 deletion(-) create mode 100644 pki/CMakeLists.txt create mode 100755 pki/IMPORT create mode 100644 pki/README.md create mode 100644 pki/asn1_util.cc create mode 100644 pki/asn1_util.h create mode 100644 pki/cert_error_id.cc create mode 100644 pki/cert_error_id.h create mode 100644 pki/cert_error_params.cc create mode 100644 pki/cert_error_params.h create mode 100644 pki/cert_errors.cc create mode 100644 pki/cert_errors.h create mode 100644 pki/cert_issuer_source.h create mode 100644 pki/cert_issuer_source_static.cc create mode 100644 pki/cert_issuer_source_static.h create mode 100644 pki/cert_issuer_source_static_unittest.cc create mode 100644 pki/cert_issuer_source_sync_unittest.h create mode 100644 pki/cert_net_fetcher.h create mode 100644 pki/cert_status_flags.h create mode 100644 pki/cert_status_flags_list.h create mode 100644 pki/cert_verify_proc_blocklist.inc create mode 100644 pki/certificate_policies.cc create mode 100644 pki/certificate_policies.h create mode 100644 pki/certificate_policies_unittest.cc create mode 100644 pki/common_cert_errors.cc create mode 100644 pki/common_cert_errors.h create mode 100644 pki/crl.cc create mode 100644 pki/crl.h create mode 100644 pki/encode_values.cc create mode 100644 pki/encode_values.h create mode 100644 pki/encode_values_unittest.cc create mode 100644 pki/extended_key_usage.cc create mode 100644 pki/extended_key_usage.h create mode 100644 pki/extended_key_usage_unittest.cc create mode 100644 pki/fillins/base64.cc create mode 100644 pki/fillins/base64.h create mode 100644 pki/fillins/check.h create mode 100644 pki/fillins/file_util.cc create mode 100644 pki/fillins/file_util.h create mode 100644 pki/fillins/inet.h create mode 100644 pki/fillins/ip_address.cc create mode 100644 pki/fillins/ip_address.h create mode 100644 pki/fillins/net_errors.h create mode 100644 pki/fillins/openssl_util.cc create mode 100644 pki/fillins/openssl_util.h create mode 100644 pki/fillins/path_service.cc create mode 100644 pki/fillins/path_service.h create mode 100644 pki/fillins/string_util.cc create mode 100644 pki/fillins/string_util.h create mode 100644 pki/fillins/utf_string_conversions.cc create mode 100644 pki/fillins/utf_string_conversions.h create mode 100644 pki/general_names.cc create mode 100644 pki/general_names.h create mode 100644 pki/import_spec.json create mode 100644 pki/import_tool.go create mode 100644 pki/input.cc create mode 100644 pki/input.h create mode 100644 pki/input_unittest.cc create mode 100644 pki/mock_signature_verify_cache.cc create mode 100644 pki/mock_signature_verify_cache.h create mode 100644 pki/name_constraints.cc create mode 100644 pki/name_constraints.h create mode 100644 pki/name_constraints_unittest.cc create mode 100644 pki/nist_pkits_unittest.cc create mode 100644 pki/nist_pkits_unittest.h create mode 100644 pki/ocsp.cc create mode 100644 pki/ocsp.h create mode 100644 pki/ocsp_parse_ocsp_cert_id_fuzzer.cc create mode 100644 pki/ocsp_parse_ocsp_response_data_fuzzer.cc create mode 100644 pki/ocsp_parse_ocsp_response_fuzzer.cc create mode 100644 pki/ocsp_parse_ocsp_single_response_fuzzer.cc create mode 100644 pki/ocsp_revocation_status.h create mode 100644 pki/ocsp_unittest.cc create mode 100644 pki/ocsp_verify_result.cc create mode 100644 pki/ocsp_verify_result.h create mode 100644 pki/parse_certificate.cc create mode 100644 pki/parse_certificate.h create mode 100644 pki/parse_certificate_fuzzer.cc create mode 100644 pki/parse_certificate_unittest.cc create mode 100644 pki/parse_name.cc create mode 100644 pki/parse_name.h create mode 100644 pki/parse_name_unittest.cc create mode 100644 pki/parse_values.cc create mode 100644 pki/parse_values.h create mode 100644 pki/parse_values_unittest.cc create mode 100644 pki/parsed_certificate.cc create mode 100644 pki/parsed_certificate.h create mode 100644 pki/parsed_certificate_unittest.cc create mode 100644 pki/parser.cc create mode 100644 pki/parser.h create mode 100644 pki/parser_unittest.cc create mode 100644 pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch create mode 100644 pki/patches/0002-Conditionalize-the-use-of-DVLOG-LOG-in-path-builder-.patch create mode 100644 pki/patches/0003-disable-path-builder-tests-with-unsupported-dependen.patch create mode 100644 pki/path_builder.cc create mode 100644 pki/path_builder.h create mode 100644 pki/path_builder_pkits_unittest.cc create mode 100644 pki/path_builder_unittest.cc create mode 100644 pki/path_builder_verify_certificate_chain_unittest.cc create mode 100644 pki/pem.cc create mode 100644 pki/pem.h create mode 100644 pki/revocation_util.cc create mode 100644 pki/revocation_util.h create mode 100644 pki/signature_algorithm.cc create mode 100644 pki/signature_algorithm.h create mode 100644 pki/signature_algorithm_unittest.cc create mode 100644 pki/signature_verify_cache.h create mode 100644 pki/simple_path_builder_delegate.cc create mode 100644 pki/simple_path_builder_delegate.h create mode 100644 pki/simple_path_builder_delegate_unittest.cc create mode 100644 pki/string_util.cc create mode 100644 pki/string_util.h create mode 100644 pki/string_util_unittest.cc create mode 100644 pki/tag.cc create mode 100644 pki/tag.h create mode 100644 pki/test_helpers.cc create mode 100644 pki/test_helpers.h create mode 100644 pki/testdata/cert_issuer_source_static_unittest/c1.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/c2.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/d.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/e1.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/e2.pem create mode 100755 pki/testdata/cert_issuer_source_static_unittest/generate-certs.py create mode 100644 pki/testdata/cert_issuer_source_static_unittest/i1_1.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/i1_2.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/i2.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/i3_1.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/i3_2.pem create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/C1.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/C2.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/D.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/E1.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/E2.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/I1.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/I2.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/I3.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/I3_1.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/Root.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/keys/i1_1.key create mode 100644 pki/testdata/cert_issuer_source_static_unittest/root.pem create mode 100644 pki/testdata/certificate_policies_unittest/anypolicy.pem create mode 100644 pki/testdata/certificate_policies_unittest/anypolicy_with_qualifier.pem create mode 100755 pki/testdata/certificate_policies_unittest/generate_policies.py create mode 100644 pki/testdata/certificate_policies_unittest/invalid-anypolicy_with_custom_qualifier.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-empty.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_dupe.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyinformation_unconsumed_data.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem create mode 100644 pki/testdata/certificate_policies_unittest/invalid-policy_identifier_not_oid.pem create mode 100644 pki/testdata/certificate_policies_unittest/policy_1_2_3.pem create mode 100644 pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4.pem create mode 100644 pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem create mode 100644 pki/testdata/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem create mode 100644 pki/testdata/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem create mode 100644 pki/testdata/name_constraints_unittest/directoryname-excludeall.pem create mode 100644 pki/testdata/name_constraints_unittest/directoryname-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/directoryname.pem create mode 100644 pki/testdata/name_constraints_unittest/directoryname_and_dnsname.pem create mode 100644 pki/testdata/name_constraints_unittest/directoryname_and_dnsname_and_ipaddress.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-exclude_dot.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-excludeall.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-excluded_with_leading_dot.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-permitted_two_dot.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-permitted_with_leading_dot.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-with_max.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-with_min_0.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-with_min_0_and_max.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-with_min_1.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname-with_min_1_and_max.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname.pem create mode 100644 pki/testdata/name_constraints_unittest/dnsname2.pem create mode 100644 pki/testdata/name_constraints_unittest/edipartyname-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/edipartyname-permitted.pem create mode 100755 pki/testdata/name_constraints_unittest/generate_name_constraints.py create mode 100644 pki/testdata/name_constraints_unittest/invalid-empty_excluded_subtree.pem create mode 100644 pki/testdata/name_constraints_unittest/invalid-empty_permitted_subtree.pem create mode 100644 pki/testdata/name_constraints_unittest/invalid-no_subtrees.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-excludeall.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-invalid_addr.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_1.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_2.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_3.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_4.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-permit_all.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-permit_prefix1.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-permit_prefix31.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress-permit_singlehost.pem create mode 100644 pki/testdata/name_constraints_unittest/ipaddress.pem create mode 100644 pki/testdata/name_constraints_unittest/name-ca.pem create mode 100644 pki/testdata/name_constraints_unittest/name-de.pem create mode 100644 pki/testdata/name_constraints_unittest/name-empty.pem create mode 100644 pki/testdata/name_constraints_unittest/name-jp-tokyo.pem create mode 100644 pki/testdata/name_constraints_unittest/name-jp.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-1.1.1.1.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-192.168.1.1.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-email-invalidstring.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-email-localpartcase.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-email-multiple.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-email.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-foo.com.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-ipv6.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona-permitted.example.com.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-arizona.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-california-192.168.1.1.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-california-mountain_view.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-california-permitted.example.com.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us-california.pem create mode 100644 pki/testdata/name_constraints_unittest/name-us.pem create mode 100644 pki/testdata/name_constraints_unittest/othername-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/othername-permitted.pem create mode 100644 pki/testdata/name_constraints_unittest/registeredid-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/registeredid-permitted.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-empty.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-hostname.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-hostnamewithat.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-ipv4.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-quoted.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded-subdomains.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-empty.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-hostname.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-hostnamewithat.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-ipv4.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-quoted.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted-subdomains.pem create mode 100644 pki/testdata/name_constraints_unittest/rfc822name-permitted.pem create mode 100644 pki/testdata/name_constraints_unittest/san-directoryname.pem create mode 100644 pki/testdata/name_constraints_unittest/san-dnsname.pem create mode 100644 pki/testdata/name_constraints_unittest/san-edipartyname.pem create mode 100644 pki/testdata/name_constraints_unittest/san-excluded-directoryname.pem create mode 100644 pki/testdata/name_constraints_unittest/san-excluded-dnsname.pem create mode 100644 pki/testdata/name_constraints_unittest/san-excluded-ipaddress.pem create mode 100644 pki/testdata/name_constraints_unittest/san-invalid-empty.pem create mode 100644 pki/testdata/name_constraints_unittest/san-invalid-ipaddress.pem create mode 100644 pki/testdata/name_constraints_unittest/san-ipaddress4.pem create mode 100644 pki/testdata/name_constraints_unittest/san-ipaddress6.pem create mode 100644 pki/testdata/name_constraints_unittest/san-othername.pem create mode 100644 pki/testdata/name_constraints_unittest/san-permitted.pem create mode 100644 pki/testdata/name_constraints_unittest/san-registeredid.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-domaincase.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-empty-localpart.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-empty.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-ipv4.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-localpartcase.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-multiple.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-no-at.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-quoted.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-no-at.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-two-ats.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-subdomain.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-subdomaincase.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name-two-ats.pem create mode 100644 pki/testdata/name_constraints_unittest/san-rfc822name.pem create mode 100644 pki/testdata/name_constraints_unittest/san-uri.pem create mode 100644 pki/testdata/name_constraints_unittest/san-x400address.pem create mode 100644 pki/testdata/name_constraints_unittest/uri-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/uri-permitted.pem create mode 100644 pki/testdata/name_constraints_unittest/x400address-excluded.pem create mode 100644 pki/testdata/name_constraints_unittest/x400address-permitted.pem create mode 100644 pki/testdata/nist-pkits/BUILD.gn create mode 100644 pki/testdata/nist-pkits/README.chromium create mode 100644 pki/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BadSignedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DSACACert.crt create mode 100644 pki/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/GoodCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/GoodsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/LongSerialNumberCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/Mapping1to2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/NameOrderingCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/NoCRLCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/NoPoliciesCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP1234CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP123CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP12CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP2subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/PoliciesP3CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/RevokedsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt create mode 100644 pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt create mode 100644 pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt create mode 100644 pki/testdata/nist-pkits/certs/TwoCRLsCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UIDCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt create mode 100644 pki/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt create mode 100644 pki/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt create mode 100644 pki/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt create mode 100644 pki/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt create mode 100644 pki/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt create mode 100644 pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt create mode 100644 pki/testdata/nist-pkits/certs/WrongCRLCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/anyPolicyCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/distributionPoint1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/distributionPoint2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt create mode 100644 pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt create mode 100644 pki/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt create mode 100644 pki/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt create mode 100644 pki/testdata/nist-pkits/crls/BadCRLIssuerNameCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BadCRLSignatureCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BadSignedCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BadnotAfterDateCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BadnotBeforeDateCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/DSACACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/DSAParametersInheritedCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/GoodCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/GoodsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/LongSerialNumberCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/Mapping1to2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/MappingFromanyPolicyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/MappingToanyPolicyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/MissingbasicConstraintsCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/NameOrderCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/NegativeSerialNumberCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/NoPoliciesCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/NoissuingDistributionPointCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/OldCRLnextUpdateCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P12Mapping1to3CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P12Mapping1to3subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P12Mapping1to3subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P1Mapping1to234CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P1Mapping1to234subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/P1anyPolicyMapping1to2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PanyPolicyMapping1to2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP1234CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP1234subCAP123CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP1234subsubCAP123P12CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP123CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP123subCAP12CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP12P1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP2P2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP123subsubsubCAP12P2P1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP12CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP12subCAP1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP12subsubCAP1P2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP2subCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP2subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/PoliciesP3CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/RevokedsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/SeparateCertificateandCRLKeysCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/TrustAnchorRootCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/TwoCRLsCABadCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/TwoCRLsCAGoodCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/UIDCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/UnknownCRLExtensionCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/WrongCRLCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/anyPolicyCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA1deltaCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA2deltaCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA3CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLCA3deltaCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/distributionPoint1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/distributionPoint2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/indirectCRLCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/indirectCRLCA3CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/indirectCRLCA3cRLIssuerCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/indirectCRLCA5CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy0CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subCAIAP5CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subsubCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy5CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy5subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitAnyPolicy5subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping0CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping0subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subCAIPM5CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCAIPM5CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping5CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subsubsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/keyUsageNotCriticalCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN3CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN3subCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN4CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDN5CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDNS1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsDNS2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsRFC822CA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsRFC822CA3CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsURI1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/nameConstraintsURI2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlyContainsAttributeCertsCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlyContainsCACertsCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlyContainsUserCertsCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA3compromiseCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA3otherreasonsCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/onlySomeReasonsCA4otherreasonsCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint0CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint0subCA2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint0subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint1CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint1subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl create mode 100644 pki/testdata/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy0CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy0subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy10CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy10subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy10subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy10subsubsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy2CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy2subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy4CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy4subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy5CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy5subCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy5subsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy5subsubsubCACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy7CACRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy7subCARE2CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy7subsubCARE2RE4CRL.crl create mode 100644 pki/testdata/nist-pkits/crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl create mode 100644 pki/testdata/nist-pkits/generate_tests.py create mode 100644 pki/testdata/nist-pkits/pkits_testcases-inl.h create mode 100644 pki/testdata/nist-pkits/test_bundle_data.filelist create mode 100644 pki/testdata/nist-pkits/test_bundle_data.globlist create mode 100755 pki/testdata/ocsp_unittest/annotate_test_data.py create mode 100644 pki/testdata/ocsp_unittest/bad_ocsp_type.pem create mode 100644 pki/testdata/ocsp_unittest/bad_signature.pem create mode 100644 pki/testdata/ocsp_unittest/bad_status.pem create mode 100644 pki/testdata/ocsp_unittest/good_response.pem create mode 100644 pki/testdata/ocsp_unittest/good_response_next_update.pem create mode 100644 pki/testdata/ocsp_unittest/good_response_sha256.pem create mode 100644 pki/testdata/ocsp_unittest/has_critical_ct_extension.pem create mode 100644 pki/testdata/ocsp_unittest/has_critical_response_extension.pem create mode 100644 pki/testdata/ocsp_unittest/has_critical_single_extension.pem create mode 100644 pki/testdata/ocsp_unittest/has_extension.pem create mode 100644 pki/testdata/ocsp_unittest/has_single_extension.pem create mode 100644 pki/testdata/ocsp_unittest/has_version.pem create mode 100755 pki/testdata/ocsp_unittest/make_ocsp.py create mode 100644 pki/testdata/ocsp_unittest/malformed_request.pem create mode 100644 pki/testdata/ocsp_unittest/missing_response.pem create mode 100644 pki/testdata/ocsp_unittest/multiple_response.pem create mode 100644 pki/testdata/ocsp_unittest/no_response.pem create mode 100644 pki/testdata/ocsp_unittest/ocsp_extra_certs.pem create mode 100644 pki/testdata/ocsp_unittest/ocsp_sign_bad_indirect.pem create mode 100644 pki/testdata/ocsp_unittest/ocsp_sign_direct.pem create mode 100644 pki/testdata/ocsp_unittest/ocsp_sign_indirect.pem create mode 100644 pki/testdata/ocsp_unittest/ocsp_sign_indirect_missing.pem create mode 100644 pki/testdata/ocsp_unittest/other_response.pem create mode 100644 pki/testdata/ocsp_unittest/responder_id.pem create mode 100644 pki/testdata/ocsp_unittest/responder_name.pem create mode 100644 pki/testdata/ocsp_unittest/revoke_response.pem create mode 100644 pki/testdata/ocsp_unittest/revoke_response_reason.pem create mode 100644 pki/testdata/ocsp_unittest/unknown_response.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/empty_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_extension_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_issuer_and_serial.pem create mode 100755 pki/testdata/parse_certificate_unittest/authority_key_identifier/generate.py create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_contents.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_issuer.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_key_identifier.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_serial.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_and_serial.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_only.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier_and_issuer_and_serial.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/serial_only.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier/url_issuer_and_serial.pem create mode 100644 pki/testdata/parse_certificate_unittest/authority_key_identifier_not_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/bad_key_usage.pem create mode 100644 pki/testdata/parse_certificate_unittest/bad_policy_qualifiers.pem create mode 100644 pki/testdata/parse_certificate_unittest/bad_signature_algorithm_oid.pem create mode 100644 pki/testdata/parse_certificate_unittest/bad_validity.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_ca_false.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_ca_no_path.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_ca_path_9.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_negative_path.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_not_ca.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_path_too_large.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_255.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_256.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem create mode 100644 pki/testdata/parse_certificate_unittest/basic_constraints_unconsumed_data.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_algorithm_not_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_data_after_signature.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_empty_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_missing_signature.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_not_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_signature_not_bit_string.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_skeleton.pem create mode 100644 pki/testdata/parse_certificate_unittest/cert_version3.pem create mode 100644 pki/testdata/parse_certificate_unittest/crldp_1uri_noissuer.pem create mode 100644 pki/testdata/parse_certificate_unittest/crldp_3uri_noissuer.pem create mode 100644 pki/testdata/parse_certificate_unittest/crldp_full_name_as_dirname.pem create mode 100644 pki/testdata/parse_certificate_unittest/crldp_issuer_as_dirname.pem create mode 100644 pki/testdata/parse_certificate_unittest/extended_key_usage.pem create mode 100644 pki/testdata/parse_certificate_unittest/extension_critical.pem create mode 100644 pki/testdata/parse_certificate_unittest/extension_critical_0.pem create mode 100644 pki/testdata/parse_certificate_unittest/extension_critical_3.pem create mode 100644 pki/testdata/parse_certificate_unittest/extension_not_critical.pem create mode 100644 pki/testdata/parse_certificate_unittest/extensions_data_after_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/extensions_duplicate_key_usage.pem create mode 100644 pki/testdata/parse_certificate_unittest/extensions_empty_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/extensions_not_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/extensions_real.pem create mode 100644 pki/testdata/parse_certificate_unittest/failed_signature_algorithm.pem create mode 100644 pki/testdata/parse_certificate_unittest/inhibit_any_policy.pem create mode 100644 pki/testdata/parse_certificate_unittest/issuer_bad_printable_string.pem create mode 100644 pki/testdata/parse_certificate_unittest/key_usage.pem create mode 100644 pki/testdata/parse_certificate_unittest/name_constraints_bad_ip.pem create mode 100644 pki/testdata/parse_certificate_unittest/policies.pem create mode 100644 pki/testdata/parse_certificate_unittest/policy_constraints_empty.pem create mode 100644 pki/testdata/parse_certificate_unittest/policy_constraints_inhibit.pem create mode 100644 pki/testdata/parse_certificate_unittest/policy_constraints_inhibit_require.pem create mode 100644 pki/testdata/parse_certificate_unittest/policy_constraints_require.pem create mode 100644 pki/testdata/parse_certificate_unittest/policy_qualifiers_empty_sequence.pem create mode 100755 pki/testdata/parse_certificate_unittest/rebase-errors.py create mode 100755 pki/testdata/parse_certificate_unittest/regenerate_pem_from_ascii.py create mode 100644 pki/testdata/parse_certificate_unittest/serial_37_bytes.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_negative.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_not_minimal.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_not_number.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_zero.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_zero_padded.pem create mode 100644 pki/testdata/parse_certificate_unittest/serial_zero_padded_21_bytes.pem create mode 100644 pki/testdata/parse_certificate_unittest/signature_algorithm_null.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_alt_name.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_blank_subjectaltname_not_critical.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_key_identifier_not_octet_string.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_not_ascii.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_not_printable_string.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_t61string.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_t61string_1-32.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_t61string_126-160.pem create mode 100644 pki/testdata/parse_certificate_unittest/subject_t61string_actual.pem create mode 100644 pki/testdata/parse_certificate_unittest/subjectaltname_bad_ip.pem create mode 100644 pki/testdata/parse_certificate_unittest/subjectaltname_dns_not_ascii.pem create mode 100644 pki/testdata/parse_certificate_unittest/subjectaltname_general_names_empty_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/subjectaltname_trailing_data.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_explicit_v1.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v1.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v1_extensions.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v2_extensions.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v2_issuer_and_subject_unique_id.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v2_issuer_unique_id.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v2_no_optionals.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_all_optionals.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_data_after_extensions.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_extensions.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_extensions_not_sequence.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_no_optionals.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v3_real.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_v4.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_validity_both_generalized_time.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_validity_both_utc_time.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_validity_generalized_time_and_utc_time.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_validity_relaxed.pem create mode 100644 pki/testdata/parse_certificate_unittest/tbs_validity_utc_time_and_generalized_time.pem create mode 100644 pki/testdata/parse_certificate_unittest/v1_explicit_version.pem create mode 100644 pki/testdata/parse_certificate_unittest/v3_certificate_template.pk8 create mode 100644 pki/testdata/parse_certificate_unittest/v3_certificate_template.txt create mode 100755 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/generate-certs.py create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_match_name_only.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_matching.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_mismatch.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Intermediate.key create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root.key create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root2.key create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Target.key create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root2.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/target.pem create mode 100755 pki/testdata/path_builder_unittest/key_id_prioritization/generate-certs.py create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_a.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_b.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_c.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_a.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_b.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_c.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_a.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_b.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_c.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate.key create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate_1.key create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/keys/Root.key create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/keys/Target.key create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/root.pem create mode 100644 pki/testdata/path_builder_unittest/key_id_prioritization/target.pem create mode 100755 pki/testdata/path_builder_unittest/self_issued_prioritization/generate-certs.py create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root1.key create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root2.key create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Target.key create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/root1.pem create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/root1_cross.pem create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/root2.pem create mode 100644 pki/testdata/path_builder_unittest/self_issued_prioritization/target.pem create mode 100755 pki/testdata/path_builder_unittest/validity_date_prioritization/generate-certs.py create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/int_ac.pem create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/int_ad.pem create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/int_bc.pem create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/int_bd.pem create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Intermediate.key create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Root.key create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Target.key create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/root.pem create mode 100644 pki/testdata/path_builder_unittest/validity_date_prioritization/target.pem create mode 100644 pki/testdata/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/1024-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/10_year_validity.pem create mode 100644 pki/testdata/ssl/certificates/11_year_validity.pem create mode 100644 pki/testdata/ssl/certificates/2029_globalsign_com_cert.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/2048-rsa-root.pem create mode 100644 pki/testdata/ssl/certificates/398_days_1_second_after_2020_09_01.pem create mode 100644 pki/testdata/ssl/certificates/398_days_after_2020_09_01.pem create mode 100644 pki/testdata/ssl/certificates/399_days_after_2020_09_01.pem create mode 100644 pki/testdata/ssl/certificates/39_months_after_2015_04.pem create mode 100644 pki/testdata/ssl/certificates/39_months_based_on_last_day.pem create mode 100644 pki/testdata/ssl/certificates/40_months_after_2015_04.pem create mode 100644 pki/testdata/ssl/certificates/60_months_after_2012_07.pem create mode 100644 pki/testdata/ssl/certificates/61_months_after_2012_07.pem create mode 100644 pki/testdata/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/768-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/825_days_1_second_after_2018_03_01.pem create mode 100644 pki/testdata/ssl/certificates/825_days_after_2018_03_01.pem create mode 100644 pki/testdata/ssl/certificates/826_days_after_2018_03_01.pem create mode 100644 pki/testdata/ssl/certificates/900_days_after_2019_07_01.pem create mode 100644 pki/testdata/ssl/certificates/BUILD.gn create mode 100644 pki/testdata/ssl/certificates/README create mode 100644 pki/testdata/ssl/certificates/bad_validity.pem create mode 100644 pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension.pem create mode 100644 pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension_invalid.pem create mode 100644 pki/testdata/ssl/certificates/client-empty-password.p12 create mode 100644 pki/testdata/ssl/certificates/client-nokey.p12 create mode 100644 pki/testdata/ssl/certificates/client-null-password.p12 create mode 100644 pki/testdata/ssl/certificates/client.p12 create mode 100644 pki/testdata/ssl/certificates/client_1.key create mode 100644 pki/testdata/ssl/certificates/client_1.pem create mode 100644 pki/testdata/ssl/certificates/client_1.pk8 create mode 100644 pki/testdata/ssl/certificates/client_1_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_2.key create mode 100644 pki/testdata/ssl/certificates/client_2.pem create mode 100644 pki/testdata/ssl/certificates/client_2.pk8 create mode 100644 pki/testdata/ssl/certificates/client_2_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_3.key create mode 100644 pki/testdata/ssl/certificates/client_3.pem create mode 100644 pki/testdata/ssl/certificates/client_3.pk8 create mode 100644 pki/testdata/ssl/certificates/client_3_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_4.key create mode 100644 pki/testdata/ssl/certificates/client_4.pem create mode 100644 pki/testdata/ssl/certificates/client_4.pk8 create mode 100644 pki/testdata/ssl/certificates/client_4_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_5.key create mode 100644 pki/testdata/ssl/certificates/client_5.pem create mode 100644 pki/testdata/ssl/certificates/client_5.pk8 create mode 100644 pki/testdata/ssl/certificates/client_5_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_6.key create mode 100644 pki/testdata/ssl/certificates/client_6.pem create mode 100644 pki/testdata/ssl/certificates/client_6.pk8 create mode 100644 pki/testdata/ssl/certificates/client_6_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_7.key create mode 100644 pki/testdata/ssl/certificates/client_7.pem create mode 100644 pki/testdata/ssl/certificates/client_7.pk8 create mode 100644 pki/testdata/ssl/certificates/client_7_ca.pem create mode 100644 pki/testdata/ssl/certificates/client_root_ca.pem create mode 100644 pki/testdata/ssl/certificates/common_name_only.pem create mode 100644 pki/testdata/ssl/certificates/crit-codeSigning-chain.pem create mode 100644 pki/testdata/ssl/certificates/crlset_blocked_interception_by_intermediate.raw create mode 100644 pki/testdata/ssl/certificates/crlset_blocked_interception_by_root.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_intermediate_serial.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_leaf_spki.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_leaf_subject_no_spki.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_root_serial.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_root_spki.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_root_subject.raw create mode 100644 pki/testdata/ssl/certificates/crlset_by_root_subject_no_spki.raw create mode 100644 pki/testdata/ssl/certificates/crlset_known_interception_by_root.raw create mode 100644 pki/testdata/ssl/certificates/cross-signed-leaf.pem create mode 100644 pki/testdata/ssl/certificates/cross-signed-root-md5.pem create mode 100644 pki/testdata/ssl/certificates/cross-signed-root-sha256.pem create mode 100644 pki/testdata/ssl/certificates/ct-test-embedded-cert.pem create mode 100644 pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-chain.pem create mode 100644 pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-preca-chain.pem create mode 100644 pki/testdata/ssl/certificates/ct-test-embedded-with-preca-chain.pem create mode 100644 pki/testdata/ssl/certificates/ct-test-embedded-with-uids.pem create mode 100644 pki/testdata/ssl/certificates/dec_2017.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_cyber_ca.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_pkioverheid.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_pkioverheid_g2.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_public_ca_2025.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_root_ca.pem create mode 100644 pki/testdata/ssl/certificates/diginotar_services_1024_ca.pem create mode 100644 pki/testdata/ssl/certificates/duplicate_cn_1.p12 create mode 100644 pki/testdata/ssl/certificates/duplicate_cn_1.pem create mode 100644 pki/testdata/ssl/certificates/duplicate_cn_2.p12 create mode 100644 pki/testdata/ssl/certificates/duplicate_cn_2.pem create mode 100644 pki/testdata/ssl/certificates/eku-test-root.pem create mode 100644 pki/testdata/ssl/certificates/ev_test.pem create mode 100644 pki/testdata/ssl/certificates/ev_test_state_only.pem create mode 100644 pki/testdata/ssl/certificates/expired_cert.pem create mode 100644 pki/testdata/ssl/certificates/foaf.me.chromium-test-cert.der create mode 100644 pki/testdata/ssl/certificates/google.binary.p7b create mode 100644 pki/testdata/ssl/certificates/google.chain.pem create mode 100644 pki/testdata/ssl/certificates/google.pem_cert.p7b create mode 100644 pki/testdata/ssl/certificates/google.pem_pkcs7.p7b create mode 100644 pki/testdata/ssl/certificates/google.single.der create mode 100644 pki/testdata/ssl/certificates/google.single.pem create mode 100644 pki/testdata/ssl/certificates/google_diginotar.pem create mode 100644 pki/testdata/ssl/certificates/intermediate_ca_cert.pem create mode 100644 pki/testdata/ssl/certificates/invalid_key_usage_cert.der create mode 100644 pki/testdata/ssl/certificates/key_usage_p256.key create mode 100644 pki/testdata/ssl/certificates/key_usage_p256_both.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_p256_digitalsignature.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_p256_keyagreement.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_p256_no_extension.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_rsa.key create mode 100644 pki/testdata/ssl/certificates/key_usage_rsa_both.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_rsa_digitalsignature.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_rsa_keyencipherment.pem create mode 100644 pki/testdata/ssl/certificates/key_usage_rsa_no_extension.pem create mode 100644 pki/testdata/ssl/certificates/large_key.pem create mode 100644 pki/testdata/ssl/certificates/leaf_from_known_root.pem create mode 100644 pki/testdata/ssl/certificates/lets-encrypt-dst-x3-root.pem create mode 100644 pki/testdata/ssl/certificates/lets-encrypt-isrg-x1-root.pem create mode 100644 pki/testdata/ssl/certificates/localhost_cert.pem create mode 100644 pki/testdata/ssl/certificates/may_2018.pem create mode 100644 pki/testdata/ssl/certificates/mit.davidben.der create mode 100644 pki/testdata/ssl/certificates/multi-root-A-by-B.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-B-by-C.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-B-by-F.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-C-by-D.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-C-by-E.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-D-by-D.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-E-by-E.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-F-by-E.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-chain1.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-chain2.pem create mode 100644 pki/testdata/ssl/certificates/multi-root-crlset-C.raw create mode 100644 pki/testdata/ssl/certificates/multi-root-crlset-CD-and-FE.raw create mode 100644 pki/testdata/ssl/certificates/multi-root-crlset-D-and-E.raw create mode 100644 pki/testdata/ssl/certificates/multi-root-crlset-E.raw create mode 100644 pki/testdata/ssl/certificates/multi-root-crlset-unrelated.raw create mode 100644 pki/testdata/ssl/certificates/multi-root.keychain create mode 100644 pki/testdata/ssl/certificates/multivalue_rdn.pem create mode 100644 pki/testdata/ssl/certificates/name_constrained_key.pem create mode 100644 pki/testdata/ssl/certificates/ndn.ca.crt create mode 100644 pki/testdata/ssl/certificates/nist.der create mode 100644 pki/testdata/ssl/certificates/no_subject_common_name_cert.pem create mode 100644 pki/testdata/ssl/certificates/non-crit-codeSigning-chain.pem create mode 100644 pki/testdata/ssl/certificates/ok_cert.pem create mode 100644 pki/testdata/ssl/certificates/ok_cert_by_intermediate.pem create mode 100644 pki/testdata/ssl/certificates/policies_sanity_check.pem create mode 100644 pki/testdata/ssl/certificates/post_june_2016.pem create mode 100644 pki/testdata/ssl/certificates/pre_br_validity_bad_121.pem create mode 100644 pki/testdata/ssl/certificates/pre_br_validity_bad_2020.pem create mode 100644 pki/testdata/ssl/certificates/pre_br_validity_ok.pem create mode 100644 pki/testdata/ssl/certificates/pre_june_2016.pem create mode 100644 pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/prime256v1-ecdsa-intermediate.pem create mode 100644 pki/testdata/ssl/certificates/punycodetest.pem create mode 100644 pki/testdata/ssl/certificates/quic-chain.pem create mode 100644 pki/testdata/ssl/certificates/quic-ecdsa-leaf.key create mode 100644 pki/testdata/ssl/certificates/quic-leaf-cert.key create mode 100644 pki/testdata/ssl/certificates/quic-leaf-cert.key.pkcs8.pem create mode 100644 pki/testdata/ssl/certificates/quic-leaf-cert.key.sct create mode 100644 pki/testdata/ssl/certificates/quic-root.pem create mode 100644 pki/testdata/ssl/certificates/quic-short-lived.pem create mode 100644 pki/testdata/ssl/certificates/redundant-server-chain.pem create mode 100644 pki/testdata/ssl/certificates/redundant-validated-chain-root.pem create mode 100644 pki/testdata/ssl/certificates/redundant-validated-chain.pem create mode 100644 pki/testdata/ssl/certificates/root_ca_cert.pem create mode 100644 pki/testdata/ssl/certificates/salesforce_com_test.pem create mode 100644 pki/testdata/ssl/certificates/self-signed-invalid-name.pem create mode 100644 pki/testdata/ssl/certificates/self-signed-invalid-sig.pem create mode 100644 pki/testdata/ssl/certificates/sha1_2016.pem create mode 100644 pki/testdata/ssl/certificates/sha1_leaf.pem create mode 100644 pki/testdata/ssl/certificates/spdy_pooling.pem create mode 100644 pki/testdata/ssl/certificates/start_after_expiry.pem create mode 100644 pki/testdata/ssl/certificates/subjectAltName_sanity_check.pem create mode 100644 pki/testdata/ssl/certificates/subjectAltName_www_example_com.pem create mode 100644 pki/testdata/ssl/certificates/test_names.pem create mode 100644 pki/testdata/ssl/certificates/treadclimber.pem create mode 100644 pki/testdata/ssl/certificates/treadclimber.sctlist create mode 100644 pki/testdata/ssl/certificates/unescaped.pem create mode 100644 pki/testdata/ssl/certificates/unittest.key.bin create mode 100644 pki/testdata/ssl/certificates/unittest.selfsigned.der create mode 100644 pki/testdata/ssl/certificates/verisign_intermediate_ca_2011.pem create mode 100644 pki/testdata/ssl/certificates/verisign_intermediate_ca_2016.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md2_ee.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md2_intermediate.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md2_root.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md4_ee.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md4_intermediate.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md4_root.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md5_ee.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md5_intermediate.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_md5_root.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_sha1_ee.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_sha1_intermediate.pem create mode 100644 pki/testdata/ssl/certificates/weak_digest_sha1_root.pem create mode 100644 pki/testdata/ssl/certificates/websocket_cacert.pem create mode 100644 pki/testdata/ssl/certificates/websocket_client_cert.p12 create mode 100644 pki/testdata/ssl/certificates/wildcard.pem create mode 100644 pki/testdata/ssl/certificates/x509_verify_results.chain.pem create mode 100644 pki/testdata/test_certificate_data.h create mode 100644 pki/testdata/verify_certificate_chain_unittest/README create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-after.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-before.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/expired-root/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration-and-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-after.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-before-ta-with-expiration.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-root/not-before.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/expired-target/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/not-after.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/expired-target/not-before.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/generate-all.sh create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/BogusRoot.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/key-rollover/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/many-names/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/keys/t0.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D4.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D5.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D6.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D7.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D8.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D9.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DA.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DB.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F5.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F6.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F7.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F8.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F9.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FA.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FB.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FC.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FD.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/ShadowRoot.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.4.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.10.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.13.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.4.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.7.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.10.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.11.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.9.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.10.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.4.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.10.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.12.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.13.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.15.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.16.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.17.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.20.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.21.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.22.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.23.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.24.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.25.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.26.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.27.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.28.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.29.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.31.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.33.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.34.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.35.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.36.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.37.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.38.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.7.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.9.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.16.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.7.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.10.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.11.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.12.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.16.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.9.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.1.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.12.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.14.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.2.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.4.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.6.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.7.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.9.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.3.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.5.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.7.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.8.txt create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-ok/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/ta-with-constraints.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/rebase-errors.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration-and-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints-require-basic-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-require-basic-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root-expired.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-constraints.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-expiration.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-and-trust_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-root.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/unspecified-trust-root.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-eku-any/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-eku-many/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/3F1D2B1D127E34B62B61B278F274669ADC66ADCC.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B18.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B19.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.attr create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial.old create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.cnf create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.csr create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.db create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.serial create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/any.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/chain.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-eku-none/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test~ create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf-strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/strict.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-only/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-and-trust_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-not_after.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-wrong_eku.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf_require_self_signed.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-selfissued/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf-and-trust_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf_require_self_signed.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-and-trust_anchor.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-not_after.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-wrong_eku.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf_require_self_signed.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.test create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-ec.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-rsa.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only-trusted_leaf.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only.pem create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate_1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Intermediate.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate2.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/chain.pem create mode 100755 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/generate-chains.py create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate1.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate2.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Root.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Target.key create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/main.test create mode 100644 pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/ta-with-constraints.test create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_1.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_2.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-dupe_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_attr.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_rdn.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_1.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_2.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/custom-custom-normalized.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-badAttributeType.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-empty.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-extradata.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-onlyOneElement.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-setNotSequence.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-Name-setInsteadOfSequence.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-RDN-empty.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/invalid-RDN-sequenceInsteadOfSet.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode-mixed-normalized.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode_bmp-BMPSTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode_bmp-UNIVERSALSTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode_bmp-UTF8-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UNIVERSALSTRING-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UTF8-unmangled.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/valid-Name-empty.pem create mode 100644 pki/testdata/verify_name_match_unittest/names/valid-minimal.pem create mode 100755 pki/testdata/verify_name_match_unittest/scripts/generate_names.py create mode 100644 pki/testdata/verify_signed_data_unittest/README create mode 100755 pki/testdata/verify_signed_data_unittest/annotate_test_data.py create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-unused-bits-signature.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem create mode 100644 pki/testdata/verify_signed_data_unittest/ecdsa-using-rsa-key.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-using-pss-key-with-params.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-pss-sha256.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa-using-ec-key.pem create mode 100644 pki/testdata/verify_signed_data_unittest/rsa2048-pkcs1-sha512.pem create mode 100644 pki/trust_store.cc create mode 100644 pki/trust_store.h create mode 100644 pki/trust_store_collection.cc create mode 100644 pki/trust_store_collection.h create mode 100644 pki/trust_store_collection_unittest.cc create mode 100644 pki/trust_store_in_memory.cc create mode 100644 pki/trust_store_in_memory.h create mode 100644 pki/verify_certificate_chain.cc create mode 100644 pki/verify_certificate_chain.h create mode 100644 pki/verify_certificate_chain_pkits_unittest.cc create mode 100644 pki/verify_certificate_chain_typed_unittest.h create mode 100644 pki/verify_certificate_chain_unittest.cc create mode 100644 pki/verify_name_match.cc create mode 100644 pki/verify_name_match.h create mode 100644 pki/verify_name_match_fuzzer.cc create mode 100644 pki/verify_name_match_normalizename_fuzzer.cc create mode 100644 pki/verify_name_match_unittest.cc create mode 100644 pki/verify_name_match_verifynameinsubtree_fuzzer.cc create mode 100644 pki/verify_signed_data.cc create mode 100644 pki/verify_signed_data.h create mode 100644 pki/verify_signed_data_unittest.cc create mode 100644 pki/x509_cert_types.h create mode 100644 pki/x509_certificate.cc create mode 100644 pki/x509_certificate.h diff --git a/CMakeLists.txt b/CMakeLists.txt index c939e4246e..be065577f1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -139,7 +139,8 @@ set(CMAKE_C_STANDARD_REQUIRED ON) if(CMAKE_COMPILER_IS_GNUCXX OR CLANG) # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration # primarily on our normal Clang one. - set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings -Wvla -Wshadow -Wtype-limits") + # TODO(bbe) took out -Wmissing-field-initializers for pki - fix and put back or disable only for pki + set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wwrite-strings -Wvla -Wshadow -Wtype-limits") if(MSVC) # clang-cl sets different default warnings than clang. It also treats -Wall # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall. @@ -518,6 +519,7 @@ add_subdirectory(tool) add_subdirectory(util/fipstools) add_subdirectory(util/fipstools/acvp/modulewrapper) add_subdirectory(decrepit) +add_subdirectory(pki) if(FUZZ) if(LIBFUZZER_FROM_DEPS) diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt new file mode 100644 index 0000000000..e1444c491e --- /dev/null +++ b/pki/CMakeLists.txt @@ -0,0 +1,103 @@ +project(pki) +cmake_minimum_required(VERSION 3.25) +set(CMAKE_CXX_STANDARD 17) + +add_library( + pki + + fillins/ip_address.cc + fillins/utf_string_conversions.cc + fillins/string_util.cc + fillins/base64.cc + fillins/openssl_util.cc + string_util.cc + trust_store.cc + trust_store_collection.cc + parse_certificate.cc + parsed_certificate.cc + parser.cc + parse_values.cc + parse_name.cc + parsed_certificate.cc + name_constraints.cc + input.cc + tag.cc + cert_errors.cc + general_names.cc + pem.cc + crl.cc + revocation_util.cc + encode_values.cc + verify_name_match.cc + cert_errors.cc + common_cert_errors.cc + parse_certificate.cc + parsed_certificate.cc + extended_key_usage.cc + certificate_policies.cc + verify_certificate_chain.cc + verify_signed_data.cc + signature_algorithm.cc + cert_error_id.cc + cert_error_params.cc + trust_store.cc + trust_store_collection.cc + trust_store_in_memory.cc + simple_path_builder_delegate.cc + cert_issuer_source_static.cc + path_builder.cc +) +# Although libpki also provides headers that require an include directory, the +# flag is already specified by libcrypto, so we omit target_include_directories +# here. +install_if_enabled(TARGETS pki EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAULT}) +set_property(TARGET pki PROPERTY EXPORT_NAME PKI) +set_property(TARGET pki PROPERTY CXX_STANDARD 17) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_BORINGSSL_LIBPKI_") +if (APPLE) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-aligned-new") +endif() +target_link_libraries(pki ssl crypto) + +add_executable( + pki_test + + fillins/path_service.cc + fillins/file_util.cc + test_helpers.cc + string_util_unittest.cc + parser_unittest.cc + parse_values_unittest.cc + input_unittest.cc + signature_algorithm_unittest.cc + extended_key_usage_unittest.cc + parse_name_unittest.cc + verify_name_match_unittest.cc + verify_signed_data_unittest.cc + parse_certificate_unittest.cc + parsed_certificate_unittest.cc + simple_path_builder_delegate_unittest.cc + trust_store_collection_unittest.cc + certificate_policies_unittest.cc + verify_certificate_chain_unittest.cc + nist_pkits_unittest.cc + path_builder_pkits_unittest.cc + name_constraints_unittest.cc + cert_issuer_source_static_unittest.cc + path_builder_unittest.cc + mock_signature_verify_cache.cc + path_builder_verify_certificate_chain_unittest.cc + verify_certificate_chain_pkits_unittest.cc +# encode_values_unittest.cc # Currently does a bunch of time goo.. +# ocsp_unittest.cc # Not sure we will keep this here.. +) +target_link_libraries(pki_test test_support_lib boringssl_gtest_main pki ssl crypto) +set_property(TARGET pki_test PROPERTY CXX_STANDARD 17) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_BORINGSSL_LIBPKI_") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_BORINGSSL_PKI_SRCDIR_=${CMAKE_CURRENT_SOURCE_DIR}") +if (APPLE) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-aligned-new") +endif() +add_dependencies(all_tests pki_test) + + diff --git a/pki/IMPORT b/pki/IMPORT new file mode 100755 index 0000000000..0a0b84fba8 --- /dev/null +++ b/pki/IMPORT @@ -0,0 +1,23 @@ +#!/bin/sh + +# Set this to be the location of a chromium checkout, and +# apply the patches in ./patches with "git am" first +# before running this script. +CHROMIUM_SRC=~/chromium/src + +mkdir -p ./testdata +cp $CHROMIUM_SRC/net/test/test_certificate_data.h ./testdata + +tar -C $CHROMIUM_SRC/net/third_party -cf - nist-pkits | tar -C ./testdata -xf - +tar -C $CHROMIUM_SRC/net/data -cf - cert_issuer_source_static_unittest \ + ssl/certificates \ + certificate_policies_unittest \ + name_constraints_unittest \ + ocsp_unittest \ + parse_certificate_unittest \ + path_builder_unittest \ + verify_certificate_chain_unittest \ + verify_name_match_unittest \ + verify_signed_data_unittest | tar -C ./testdata -xf - + +go run ./import_tool.go -spec import_spec.json --source-base $CHROMIUM_SRC -dest-base . diff --git a/pki/README.md b/pki/README.md new file mode 100644 index 0000000000..e7eaec4ffa --- /dev/null +++ b/pki/README.md @@ -0,0 +1,32 @@ +# BoringSSL pki - Web PKI Certificate path building and verification library + +This directory and library should be considered experimental and should not be +depended upon not to change without notice. You should not use this. + +It contains an extracted and modified copy of chrome's certificate +verifier core logic. + +It is for the moment, intended to be synchronized from a checkout of chrome's +head with the IMPORT script run in this directory. The eventual goal is to +make both chrome and google3 consume this. + +## Current status: + * Some of the Path Builder tests depending on chrome testing classes and + SavedUserData are disabled. These probably need either a mimicing + SaveUserData class here, or be pulled out into chrome only. + * This contains a copy of der as bssl:der - a consideration for + re-integrating with chromium. the encode_values part of der does not include + the base::time or absl::time based stuff as they are not used within the + library, this should probably be split out for chrome, or chrome's der could + be modified (along with this one and eventually merged together) to not use + base::time for encoding GeneralizedTimes, but rather use boringssl posix + times as does the rest of this library. + * The Name Constraint limitation code is modified to remove clamped_math + and mimic BoringSSL's overall limits - Some of the tests that test + for specific edge cases for chrome's limits have been disabled. The + tests need to be changed to reflect the overall limit, or ignored + and we make name constraints subquadratic and stop caring about this. + * Fuzzer targets are not yet hooked up. + + + diff --git a/pki/asn1_util.cc b/pki/asn1_util.cc new file mode 100644 index 0000000000..8479470c4a --- /dev/null +++ b/pki/asn1_util.cc @@ -0,0 +1,331 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "asn1_util.h" + +#include "parse_certificate.h" +#include "input.h" +#include "parser.h" +#include + +namespace bssl::asn1 { + +namespace { + +// Parses input |in| which should point to the beginning of a Certificate, and +// sets |*tbs_certificate| ready to parse the Subject. If parsing +// fails, this function returns false and |*tbs_certificate| is left in an +// undefined state. +bool SeekToSubject(der::Input in, der::Parser* tbs_certificate) { + // From RFC 5280, section 4.1 + // Certificate ::= SEQUENCE { + // tbsCertificate TBSCertificate, + // signatureAlgorithm AlgorithmIdentifier, + // signatureValue BIT STRING } + + // TBSCertificate ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // serialNumber CertificateSerialNumber, + // signature AlgorithmIdentifier, + // issuer Name, + // validity Validity, + // subject Name, + // subjectPublicKeyInfo SubjectPublicKeyInfo, + // ... } + + der::Parser parser(in); + der::Parser certificate; + if (!parser.ReadSequence(&certificate)) + return false; + + // We don't allow junk after the certificate. + if (parser.HasMore()) + return false; + + if (!certificate.ReadSequence(tbs_certificate)) + return false; + + bool unused; + if (!tbs_certificate->SkipOptionalTag( + der::kTagConstructed | der::kTagContextSpecific | 0, &unused)) { + return false; + } + + // serialNumber + if (!tbs_certificate->SkipTag(der::kInteger)) + return false; + // signature + if (!tbs_certificate->SkipTag(der::kSequence)) + return false; + // issuer + if (!tbs_certificate->SkipTag(der::kSequence)) + return false; + // validity + if (!tbs_certificate->SkipTag(der::kSequence)) + return false; + return true; +} + +// Parses input |in| which should point to the beginning of a Certificate, and +// sets |*tbs_certificate| ready to parse the SubjectPublicKeyInfo. If parsing +// fails, this function returns false and |*tbs_certificate| is left in an +// undefined state. +bool SeekToSPKI(der::Input in, der::Parser* tbs_certificate) { + return SeekToSubject(in, tbs_certificate) && + // Skip over Subject. + tbs_certificate->SkipTag(der::kSequence); +} + +// Parses input |in| which should point to the beginning of a +// Certificate. If parsing fails, this function returns false, with +// |*extensions_present| and |*extensions_parser| left in an undefined +// state. If parsing succeeds and extensions are present, this function +// sets |*extensions_present| to true and sets |*extensions_parser| +// ready to parse the Extensions. If extensions are not present, it sets +// |*extensions_present| to false and |*extensions_parser| is left in an +// undefined state. +bool SeekToExtensions(der::Input in, + bool* extensions_present, + der::Parser* extensions_parser) { + bool present; + der::Parser tbs_cert_parser; + if (!SeekToSPKI(in, &tbs_cert_parser)) + return false; + + // From RFC 5280, section 4.1 + // TBSCertificate ::= SEQUENCE { + // ... + // subjectPublicKeyInfo SubjectPublicKeyInfo, + // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + // extensions [3] EXPLICIT Extensions OPTIONAL } + + // subjectPublicKeyInfo + if (!tbs_cert_parser.SkipTag(der::kSequence)) + return false; + // issuerUniqueID + if (!tbs_cert_parser.SkipOptionalTag(der::kTagContextSpecific | 1, + &present)) { + return false; + } + // subjectUniqueID + if (!tbs_cert_parser.SkipOptionalTag(der::kTagContextSpecific | 2, + &present)) { + return false; + } + + std::optional extensions; + if (!tbs_cert_parser.ReadOptionalTag( + der::kTagConstructed | der::kTagContextSpecific | 3, &extensions)) { + return false; + } + + if (!extensions) { + *extensions_present = false; + return true; + } + + // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + // Extension ::= SEQUENCE { + // extnID OBJECT IDENTIFIER, + // critical BOOLEAN DEFAULT FALSE, + // extnValue OCTET STRING } + + // |extensions| was EXPLICITly tagged, so we still need to remove the + // ASN.1 SEQUENCE header. + der::Parser explicit_extensions_parser(extensions.value()); + if (!explicit_extensions_parser.ReadSequence(extensions_parser)) + return false; + + if (explicit_extensions_parser.HasMore()) + return false; + + *extensions_present = true; + return true; +} + +// Parse a DER-encoded, X.509 certificate in |cert| and find an extension with +// the given OID. Returns false on parse error or true if the parse was +// successful. |*out_extension_present| will be true iff the extension was +// found. In the case where it was found, |*out_extension| will describe the +// extension, or is undefined on parse error or if the extension is missing. +bool ExtractExtensionWithOID(std::string_view cert, + der::Input extension_oid, + bool* out_extension_present, + ParsedExtension* out_extension) { + der::Parser extensions; + bool extensions_present; + if (!SeekToExtensions(der::Input(cert), &extensions_present, &extensions)) + return false; + if (!extensions_present) { + *out_extension_present = false; + return true; + } + + while (extensions.HasMore()) { + der::Input extension_tlv; + if (!extensions.ReadRawTLV(&extension_tlv) || + !ParseExtension(extension_tlv, out_extension)) { + return false; + } + + if (out_extension->oid == extension_oid) { + *out_extension_present = true; + return true; + } + } + + *out_extension_present = false; + return true; +} + +} // namespace + +bool ExtractSubjectFromDERCert(std::string_view cert, + std::string_view* subject_out) { + der::Parser parser; + if (!SeekToSubject(der::Input(cert), &parser)) + return false; + der::Input subject; + if (!parser.ReadRawTLV(&subject)) + return false; + *subject_out = subject.AsStringView(); + return true; +} + +bool ExtractSPKIFromDERCert(std::string_view cert, + std::string_view* spki_out) { + der::Parser parser; + if (!SeekToSPKI(der::Input(cert), &parser)) + return false; + der::Input spki; + if (!parser.ReadRawTLV(&spki)) + return false; + *spki_out = spki.AsStringView(); + return true; +} + +bool ExtractSubjectPublicKeyFromSPKI(std::string_view spki, + std::string_view* spk_out) { + // From RFC 5280, Section 4.1 + // SubjectPublicKeyInfo ::= SEQUENCE { + // algorithm AlgorithmIdentifier, + // subjectPublicKey BIT STRING } + // + // AlgorithmIdentifier ::= SEQUENCE { + // algorithm OBJECT IDENTIFIER, + // parameters ANY DEFINED BY algorithm OPTIONAL } + + // Step into SubjectPublicKeyInfo sequence. + der::Parser parser((der::Input(spki))); + der::Parser spki_parser; + if (!parser.ReadSequence(&spki_parser)) + return false; + + // Step over algorithm field (a SEQUENCE). + if (!spki_parser.SkipTag(der::kSequence)) + return false; + + // Extract the subjectPublicKey field. + der::Input spk; + if (!spki_parser.ReadTag(der::kBitString, &spk)) + return false; + *spk_out = spk.AsStringView(); + return true; +} + +bool HasCanSignHttpExchangesDraftExtension(std::string_view cert) { + // kCanSignHttpExchangesDraftOid is the DER encoding of the OID for + // canSignHttpExchangesDraft defined in: + // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html + static const uint8_t kCanSignHttpExchangesDraftOid[] = { + 0x2B, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x16}; + + bool extension_present; + ParsedExtension extension; + if (!ExtractExtensionWithOID(cert, der::Input(kCanSignHttpExchangesDraftOid), + &extension_present, &extension) || + !extension_present) { + return false; + } + + // The extension should have contents NULL. + static const uint8_t kNull[] = {0x05, 0x00}; + return extension.value == der::Input(kNull); +} + +bool ExtractSignatureAlgorithmsFromDERCert( + std::string_view cert, + std::string_view* cert_signature_algorithm_sequence, + std::string_view* tbs_signature_algorithm_sequence) { + // From RFC 5280, section 4.1 + // Certificate ::= SEQUENCE { + // tbsCertificate TBSCertificate, + // signatureAlgorithm AlgorithmIdentifier, + // signatureValue BIT STRING } + + // TBSCertificate ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // serialNumber CertificateSerialNumber, + // signature AlgorithmIdentifier, + // issuer Name, + // validity Validity, + // subject Name, + // subjectPublicKeyInfo SubjectPublicKeyInfo, + // ... } + + der::Parser parser((der::Input(cert))); + der::Parser certificate; + if (!parser.ReadSequence(&certificate)) + return false; + + der::Parser tbs_certificate; + if (!certificate.ReadSequence(&tbs_certificate)) + return false; + + bool unused; + if (!tbs_certificate.SkipOptionalTag( + der::kTagConstructed | der::kTagContextSpecific | 0, &unused)) { + return false; + } + + // serialNumber + if (!tbs_certificate.SkipTag(der::kInteger)) + return false; + // signature + der::Input tbs_algorithm; + if (!tbs_certificate.ReadRawTLV(&tbs_algorithm)) + return false; + + der::Input cert_algorithm; + if (!certificate.ReadRawTLV(&cert_algorithm)) + return false; + + *cert_signature_algorithm_sequence = cert_algorithm.AsStringView(); + *tbs_signature_algorithm_sequence = tbs_algorithm.AsStringView(); + return true; +} + +bool ExtractExtensionFromDERCert(std::string_view cert, + std::string_view extension_oid, + bool* out_extension_present, + bool* out_extension_critical, + std::string_view* out_contents) { + *out_extension_present = false; + *out_extension_critical = false; + *out_contents = std::string_view(); + + ParsedExtension extension; + if (!ExtractExtensionWithOID(cert, der::Input(extension_oid), + out_extension_present, &extension)) + return false; + if (!*out_extension_present) + return true; + + *out_extension_critical = extension.critical; + *out_contents = extension.value.AsStringView(); + return true; +} + +} // namespace net::asn1 diff --git a/pki/asn1_util.h b/pki/asn1_util.h new file mode 100644 index 0000000000..758c7879d7 --- /dev/null +++ b/pki/asn1_util.h @@ -0,0 +1,75 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_ASN1_UTIL_H_ +#define BSSL_PKI_ASN1_UTIL_H_ + +#include "fillins/openssl_util.h" +#include + + + +namespace bssl::asn1 { + +// ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and +// extracts the bytes of the X.501 Subject. On successful return, |subject_out| +// is set to contain the Subject, pointing into |cert|. +OPENSSL_EXPORT bool ExtractSubjectFromDERCert( + std::string_view cert, + std::string_view* subject_out); + +// ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and +// extracts the bytes of the SubjectPublicKeyInfo. On successful return, +// |spki_out| is set to contain the SPKI, pointing into |cert|. +OPENSSL_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert, + std::string_view* spki_out); + +// ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo +// in |spki| and extracts the bytes of the SubjectPublicKey. On successful +// return, |spk_out| is set to contain the public key, pointing into |spki|. +OPENSSL_EXPORT bool ExtractSubjectPublicKeyFromSPKI( + std::string_view spki, + std::string_view* spk_out); + +// HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate +// in |cert| and extracts the canSignHttpExchangesDraft extension +// (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html) +// if present. Returns true if the extension was present, and false if +// the extension was not present or if there was a parsing failure. +OPENSSL_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert); + +// Extracts the two (SEQUENCE) tag-length-values for the signature +// AlgorithmIdentifiers in a DER encoded certificate. Does not use strict +// parsing or validate the resulting AlgorithmIdentifiers. +// +// On success returns true, and assigns |cert_signature_algorithm_sequence| and +// |tbs_signature_algorithm_sequence| to point into |cert|: +// +// * |cert_signature_algorithm_sequence| points at the TLV for +// Certificate.signatureAlgorithm. +// +// * |tbs_signature_algorithm_sequence| points at the TLV for +// TBSCertificate.algorithm. +OPENSSL_EXPORT bool ExtractSignatureAlgorithmsFromDERCert( + std::string_view cert, + std::string_view* cert_signature_algorithm_sequence, + std::string_view* tbs_signature_algorithm_sequence); + +// Extracts the contents of the extension (if any) with OID |extension_oid| from +// the DER-encoded, X.509 certificate in |cert|. +// +// Returns false on parse error or true if the parse was successful. Sets +// |*out_extension_present| to whether or not the extension was found. If found, +// sets |*out_extension_critical| to match the extension's "critical" flag, and +// sets |*out_contents| to the contents of the extension (after unwrapping the +// OCTET STRING). +OPENSSL_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert, + std::string_view extension_oid, + bool* out_extension_present, + bool* out_extension_critical, + std::string_view* out_contents); + +} // namespace net::asn1 + +#endif // BSSL_PKI_ASN1_UTIL_H_ diff --git a/pki/cert_error_id.cc b/pki/cert_error_id.cc new file mode 100644 index 0000000000..9d83ed2ec1 --- /dev/null +++ b/pki/cert_error_id.cc @@ -0,0 +1,14 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "cert_error_id.h" + +namespace bssl { + +const char* CertErrorIdToDebugString(CertErrorId id) { + // The CertErrorId is simply a pointer for a C-string literal. + return reinterpret_cast(id); +} + +} // namespace net diff --git a/pki/cert_error_id.h b/pki/cert_error_id.h new file mode 100644 index 0000000000..e77154b45f --- /dev/null +++ b/pki/cert_error_id.h @@ -0,0 +1,38 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_ERROR_ID_H_ +#define BSSL_PKI_CERT_ERROR_ID_H_ + +#include "fillins/openssl_util.h" + + +namespace bssl { + +// Each "class" of certificate error/warning has its own unique ID. This is +// essentially like an error code, however the value is not stable. Under the +// hood these IDs are pointers and use the process's address space to ensure +// uniqueness. +// +// Equality of CertErrorId can be done using the == operator. +// +// To define new error IDs use the macro DEFINE_CERT_ERROR_ID(). +using CertErrorId = const void*; + +// DEFINE_CERT_ERROR_ID() creates a CertErrorId given a non-null C-string +// literal. The string should be a textual name for the error which will appear +// when pretty-printing errors for debugging. It should be ASCII. +// +// TODO(crbug.com/634443): Implement this -- add magic to ensure that storage +// of identical strings isn't pool. +#define DEFINE_CERT_ERROR_ID(name, c_str_literal) \ + const CertErrorId name = c_str_literal + +// Returns a debug string for a CertErrorId. In practice this returns the +// string literal given to DEFINE_CERT_ERROR_ID(), which is human-readable. +OPENSSL_EXPORT const char* CertErrorIdToDebugString(CertErrorId id); + +} // namespace net + +#endif // BSSL_PKI_CERT_ERROR_ID_H_ diff --git a/pki/cert_error_params.cc b/pki/cert_error_params.cc new file mode 100644 index 0000000000..c9c22bb7e4 --- /dev/null +++ b/pki/cert_error_params.cc @@ -0,0 +1,145 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "fillins/openssl_util.h" +#include "cert_error_params.h" + +#include + +#include "fillins/check.h" +#include "string_util.h" +#include "input.h" + +namespace bssl { + +namespace { + +// Parameters subclass for describing (and pretty-printing) 1 or 2 DER +// blobs. It makes a copy of the der::Inputs. +class CertErrorParams2Der : public CertErrorParams { + public: + CertErrorParams2Der(const char* name1, + const der::Input& der1, + const char* name2, + const der::Input& der2) + : name1_(name1), + der1_(der1.AsString()), + name2_(name2), + der2_(der2.AsString()) {} + + CertErrorParams2Der(const CertErrorParams2Der&) = delete; + CertErrorParams2Der& operator=(const CertErrorParams2Der&) = delete; + + std::string ToDebugString() const override { + std::string result; + AppendDer(name1_, der1_, &result); + if (name2_) { + result += "\n"; + AppendDer(name2_, der2_, &result); + } + return result; + } + + private: + static void AppendDer(const char* name, + const std::string& der, + std::string* out) { + *out += name; + *out += + ": " + bssl::string_util::HexEncode( + reinterpret_cast(der.data()), der.size()); + } + + const char* name1_; + std::string der1_; + + const char* name2_; + std::string der2_; +}; + +// Parameters subclass for describing (and pretty-printing) a single size_t. +class CertErrorParams1SizeT : public CertErrorParams { + public: + CertErrorParams1SizeT(const char* name, size_t value) + : name_(name), value_(value) {} + + CertErrorParams1SizeT(const CertErrorParams1SizeT&) = delete; + CertErrorParams1SizeT& operator=(const CertErrorParams1SizeT&) = delete; + + std::string ToDebugString() const override { + return name_ + std::string(": ") + + bssl::string_util::NumberToDecimalString(value_); + } + + private: + const char* name_; + size_t value_; +}; + +// Parameters subclass for describing (and pretty-printing) two size_t +// values. +class CertErrorParams2SizeT : public CertErrorParams { + public: + CertErrorParams2SizeT(const char* name1, + size_t value1, + const char* name2, + size_t value2) + : name1_(name1), value1_(value1), name2_(name2), value2_(value2) {} + + CertErrorParams2SizeT(const CertErrorParams2SizeT&) = delete; + CertErrorParams2SizeT& operator=(const CertErrorParams2SizeT&) = delete; + + std::string ToDebugString() const override { + return name1_ + std::string(": ") + + bssl::string_util::NumberToDecimalString(value1_) + "\n" + name2_ + + std::string(": ") + bssl::string_util::NumberToDecimalString(value2_); + } + + private: + const char* name1_; + size_t value1_; + const char* name2_; + size_t value2_; +}; + +} // namespace + +CertErrorParams::CertErrorParams() = default; +CertErrorParams::~CertErrorParams() = default; + +std::unique_ptr CreateCertErrorParams1Der( + const char* name, + const der::Input& der) { + DCHECK(name); + return std::make_unique(name, der, nullptr, + der::Input()); +} + +std::unique_ptr CreateCertErrorParams2Der( + const char* name1, + const der::Input& der1, + const char* name2, + const der::Input& der2) { + DCHECK(name1); + DCHECK(name2); + return std::make_unique(name1, der1, name2, der2); +} + +std::unique_ptr CreateCertErrorParams1SizeT(const char* name, + size_t value) { + DCHECK(name); + return std::make_unique(name, value); +} + +OPENSSL_EXPORT std::unique_ptr CreateCertErrorParams2SizeT( + const char* name1, + size_t value1, + const char* name2, + size_t value2) { + DCHECK(name1); + DCHECK(name2); + return std::make_unique(name1, value1, name2, value2); +} + +} // namespace net diff --git a/pki/cert_error_params.h b/pki/cert_error_params.h new file mode 100644 index 0000000000..f13c943a4c --- /dev/null +++ b/pki/cert_error_params.h @@ -0,0 +1,68 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_ERROR_PARAMS_H_ +#define BSSL_PKI_CERT_ERROR_PARAMS_H_ + +#include "fillins/openssl_util.h" +#include +#include + + + +namespace bssl { + +namespace der { +class Input; +} + +// CertErrorParams is a base class for describing extra parameters attached to +// a CertErrorNode. +// +// An example use for parameters is to identify the OID for an unconsumed +// critical extension. This parameter could then be pretty printed when +// diagnosing the error. +class OPENSSL_EXPORT CertErrorParams { + public: + CertErrorParams(); + + CertErrorParams(const CertErrorParams&) = delete; + CertErrorParams& operator=(const CertErrorParams&) = delete; + + virtual ~CertErrorParams(); + + // Creates a representation of this parameter as a string, which may be + // used for pretty printing the error. + virtual std::string ToDebugString() const = 0; +}; + +// Creates a parameter object that holds a copy of |der|, and names it |name| +// in debug string outputs. +OPENSSL_EXPORT std::unique_ptr CreateCertErrorParams1Der( + const char* name, + const der::Input& der); + +// Same as CreateCertErrorParams1Der() but has a second DER blob. +OPENSSL_EXPORT std::unique_ptr CreateCertErrorParams2Der( + const char* name1, + const der::Input& der1, + const char* name2, + const der::Input& der2); + +// Creates a parameter object that holds a single size_t value. |name| is used +// when pretty-printing the parameters. +OPENSSL_EXPORT std::unique_ptr CreateCertErrorParams1SizeT( + const char* name, + size_t value); + +// Same as CreateCertErrorParams1SizeT() but has a second size_t. +OPENSSL_EXPORT std::unique_ptr CreateCertErrorParams2SizeT( + const char* name1, + size_t value1, + const char* name2, + size_t value2); + +} // namespace net + +#endif // BSSL_PKI_CERT_ERROR_PARAMS_H_ diff --git a/pki/cert_errors.cc b/pki/cert_errors.cc new file mode 100644 index 0000000000..12376b9c55 --- /dev/null +++ b/pki/cert_errors.cc @@ -0,0 +1,201 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "cert_errors.h" + +#include "cert_error_params.h" +#include "parse_name.h" +#include "parsed_certificate.h" + +#include + +namespace bssl { + +namespace { + +void AppendLinesWithIndentation(const std::string& text, + const std::string& indentation, + std::string* out) { + std::istringstream stream(text); + for (std::string line; std::getline(stream, line, '\n');) { + out->append(indentation); + out->append(line); + out->append("\n"); + } +} + +} // namespace + +CertError::CertError() = default; + +CertError::CertError(Severity in_severity, + CertErrorId in_id, + std::unique_ptr in_params) + : severity(in_severity), id(in_id), params(std::move(in_params)) {} + +CertError::CertError(CertError&& other) = default; + +CertError& CertError::operator=(CertError&&) = default; + +CertError::~CertError() = default; + +std::string CertError::ToDebugString() const { + std::string result; + switch (severity) { + case SEVERITY_WARNING: + result += "WARNING: "; + break; + case SEVERITY_HIGH: + result += "ERROR: "; + break; + } + result += CertErrorIdToDebugString(id); + result += +"\n"; + + if (params) + AppendLinesWithIndentation(params->ToDebugString(), " ", &result); + + return result; +} + +CertErrors::CertErrors() = default; +CertErrors::CertErrors(CertErrors&& other) = default; +CertErrors& CertErrors::operator=(CertErrors&&) = default; +CertErrors::~CertErrors() = default; + +void CertErrors::Add(CertError::Severity severity, + CertErrorId id, + std::unique_ptr params) { + nodes_.emplace_back(severity, id, std::move(params)); +} + +void CertErrors::AddError(CertErrorId id, + std::unique_ptr params) { + Add(CertError::SEVERITY_HIGH, id, std::move(params)); +} + +void CertErrors::AddError(CertErrorId id) { + AddError(id, nullptr); +} + +void CertErrors::AddWarning(CertErrorId id, + std::unique_ptr params) { + Add(CertError::SEVERITY_WARNING, id, std::move(params)); +} + +void CertErrors::AddWarning(CertErrorId id) { + AddWarning(id, nullptr); +} + +std::string CertErrors::ToDebugString() const { + std::string result; + for (const CertError& node : nodes_) + result += node.ToDebugString(); + + return result; +} + +bool CertErrors::ContainsError(CertErrorId id) const { + for (const CertError& node : nodes_) { + if (node.id == id) + return true; + } + return false; +} + +bool CertErrors::ContainsAnyErrorWithSeverity( + CertError::Severity severity) const { + for (const CertError& node : nodes_) { + if (node.severity == severity) + return true; + } + return false; +} + +CertPathErrors::CertPathErrors() = default; + +CertPathErrors::CertPathErrors(CertPathErrors&& other) = default; +CertPathErrors& CertPathErrors::operator=(CertPathErrors&&) = default; + +CertPathErrors::~CertPathErrors() = default; + +CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) { + if (cert_index >= cert_errors_.size()) + cert_errors_.resize(cert_index + 1); + return &cert_errors_[cert_index]; +} + +const CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) const { + if (cert_index >= cert_errors_.size()) + return nullptr; + return &cert_errors_[cert_index]; +} + +CertErrors* CertPathErrors::GetOtherErrors() { + return &other_errors_; +} + +bool CertPathErrors::ContainsError(CertErrorId id) const { + for (const CertErrors& errors : cert_errors_) { + if (errors.ContainsError(id)) + return true; + } + + if (other_errors_.ContainsError(id)) + return true; + + return false; +} + +bool CertPathErrors::ContainsAnyErrorWithSeverity( + CertError::Severity severity) const { + for (const CertErrors& errors : cert_errors_) { + if (errors.ContainsAnyErrorWithSeverity(severity)) + return true; + } + + if (other_errors_.ContainsAnyErrorWithSeverity(severity)) + return true; + + return false; +} + +std::string CertPathErrors::ToDebugString( + const ParsedCertificateList& certs) const { + std::ostringstream result; + + for (size_t i = 0; i < cert_errors_.size(); ++i) { + // Pretty print the current CertErrors. If there were no errors/warnings, + // then continue. + const CertErrors& errors = cert_errors_[i]; + std::string cert_errors_string = errors.ToDebugString(); + if (cert_errors_string.empty()) + continue; + + // Add a header that identifies which certificate this CertErrors pertains + // to. + std::string cert_name_debug_str; + if (i < certs.size() && certs[i]) { + RDNSequence subject; + if (ParseName(certs[i]->tbs().subject_tlv, &subject) && + ConvertToRFC2253(subject, &cert_name_debug_str)) { + cert_name_debug_str = " (" + cert_name_debug_str + ")"; + } + } + result << "----- Certificate i=" << i << cert_name_debug_str << " -----\n"; + result << cert_errors_string << "\n"; + } + + // Print any other errors that aren't associated with a particular certificate + // in the chain. + std::string other_errors = other_errors_.ToDebugString(); + if (!other_errors.empty()) { + result << "----- Other errors (not certificate specific) -----\n"; + result << other_errors << "\n"; + } + + return result.str(); +} + +} // namespace net diff --git a/pki/cert_errors.h b/pki/cert_errors.h new file mode 100644 index 0000000000..68977f80bb --- /dev/null +++ b/pki/cert_errors.h @@ -0,0 +1,168 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// ---------------------------- +// Overview of error design +// ---------------------------- +#include "fillins/openssl_util.h" +// +// Certificate path building/validation/parsing may emit a sequence of errors +// and warnings. +// +// Each individual error/warning entry (CertError) is comprised of: +// +// * A unique identifier. +// +// This serves similarly to an error code, and is used to query if a +// particular error/warning occurred. +// +// * [optional] A parameters object. +// +// Nodes may attach a heap-allocated subclass of CertErrorParams to carry +// extra information that is used when reporting the error. For instance +// a parsing error may describe where in the DER the failure happened, or +// what the unexpected value was. +// +// A collection of errors is represented by the CertErrors object. This may be +// used to group errors that have a common context, such as all the +// errors/warnings that apply to a specific certificate. +// +// Lastly, CertPathErrors composes multiple CertErrors -- one for each +// certificate in the verified chain. +// +// ---------------------------- +// Defining new errors +// ---------------------------- +// +// The error IDs are extensible and do not need to be centrally defined. +// +// To define a new error use the macro DEFINE_CERT_ERROR_ID() in a .cc file. +// If consumers are to be able to query for this error then the symbol should +// also be exposed in a header file. +// +// Error IDs are in truth string literals, whose pointer value will be unique +// per process. + +#ifndef BSSL_PKI_CERT_ERRORS_H_ +#define BSSL_PKI_CERT_ERRORS_H_ + +#include +#include + + +#include "cert_error_id.h" +#include "parsed_certificate.h" + +namespace bssl { + +class CertErrorParams; + +// CertError represents either an error or a warning. +struct OPENSSL_EXPORT CertError { + enum Severity { + SEVERITY_HIGH, + SEVERITY_WARNING, + }; + + CertError(); + CertError(Severity severity, + CertErrorId id, + std::unique_ptr params); + CertError(CertError&& other); + CertError& operator=(CertError&&); + ~CertError(); + + // Pretty-prints the error and its parameters. + std::string ToDebugString() const; + + Severity severity; + CertErrorId id; + std::unique_ptr params; +}; + +// CertErrors is a collection of CertError, along with convenience methods to +// add and inspect errors. +class OPENSSL_EXPORT CertErrors { + public: + CertErrors(); + CertErrors(CertErrors&& other); + CertErrors& operator=(CertErrors&&); + ~CertErrors(); + + // Adds an error/warning. |params| may be null. + void Add(CertError::Severity severity, + CertErrorId id, + std::unique_ptr params); + + // Adds a high severity error. + void AddError(CertErrorId id, std::unique_ptr params); + void AddError(CertErrorId id); + + // Adds a low severity error. + void AddWarning(CertErrorId id, std::unique_ptr params); + void AddWarning(CertErrorId id); + + // Dumps a textual representation of the errors for debugging purposes. + std::string ToDebugString() const; + + // Returns true if the error |id| was added to this CertErrors (of any + // severity). + bool ContainsError(CertErrorId id) const; + + // Returns true if this contains any errors of the given severity level. + bool ContainsAnyErrorWithSeverity(CertError::Severity severity) const; + + private: + std::vector nodes_; +}; + +// CertPathErrors is a collection of CertErrors, to group errors into different +// buckets for different certificates. The "index" should correspond with that +// of the certificate relative to its chain. +class OPENSSL_EXPORT CertPathErrors { + public: + CertPathErrors(); + CertPathErrors(CertPathErrors&& other); + CertPathErrors& operator=(CertPathErrors&&); + ~CertPathErrors(); + + // Gets a bucket to put errors in for |cert_index|. This will lookup and + // return the existing error bucket if one exists, or create a new one for the + // specified index. It is expected that |cert_index| is the corresponding + // index in a certificate chain (with 0 being the target). + CertErrors* GetErrorsForCert(size_t cert_index); + + // Const version of the above, with the difference that if there is no + // existing bucket for |cert_index| returns nullptr rather than lazyily + // creating one. + const CertErrors* GetErrorsForCert(size_t cert_index) const; + + // Returns a bucket to put errors that are not associated with a particular + // certificate. + CertErrors* GetOtherErrors(); + + // Returns true if CertPathErrors contains the specified error (of any + // severity). + bool ContainsError(CertErrorId id) const; + + // Returns true if this contains any errors of the given severity level. + bool ContainsAnyErrorWithSeverity(CertError::Severity severity) const; + + // Shortcut for ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH). + bool ContainsHighSeverityErrors() const { + return ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH); + } + + // Pretty-prints all the errors in the CertPathErrors. If there were no + // errors/warnings, returns an empty string. + std::string ToDebugString(const ParsedCertificateList& certs) const; + + private: + std::vector cert_errors_; + CertErrors other_errors_; +}; + +} // namespace net + +#endif // BSSL_PKI_CERT_ERRORS_H_ diff --git a/pki/cert_issuer_source.h b/pki/cert_issuer_source.h new file mode 100644 index 0000000000..53687d7cfd --- /dev/null +++ b/pki/cert_issuer_source.h @@ -0,0 +1,70 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_ +#define BSSL_PKI_CERT_ISSUER_SOURCE_H_ + +#include "fillins/openssl_util.h" +#include +#include + + + +#include "parsed_certificate.h" + +namespace bssl { + +// Interface for looking up issuers of a certificate during path building. +// Provides a synchronous and asynchronous method for retrieving issuers, so the +// path builder can try to complete synchronously first. The caller is expected +// to call SyncGetIssuersOf first, see if it can make progress with those +// results, and if not, then fall back to calling AsyncGetIssuersOf. +// An implementations may choose to return results from either one of the Get +// methods, or from both. +class OPENSSL_EXPORT CertIssuerSource { + public: + class OPENSSL_EXPORT Request { + public: + Request() = default; + + Request(const Request&) = delete; + Request& operator=(const Request&) = delete; + + // Destruction of the Request cancels it. + virtual ~Request() = default; + + // Retrieves issuers and appends them to |issuers|. + // + // GetNext should be called again to retrieve any remaining issuers. + // + // If no issuers are left then |issuers| will not be modified. This + // indicates that the issuers have been exhausted and GetNext() should + // not be called again. + virtual void GetNext(ParsedCertificateList* issuers, + void* debug_data) = 0; + }; + + virtual ~CertIssuerSource() = default; + + // Finds certificates whose Subject matches |cert|'s Issuer. + // Matches are appended to |issuers|. Any existing contents of |issuers| will + // not be modified. If the implementation does not support synchronous + // lookups, or if there are no matches, |issuers| is not modified. + virtual void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) = 0; + + // Finds certificates whose Subject matches |cert|'s Issuer. + // If the implementation does not support asynchronous lookups or can + // determine synchronously that it would return no results, |*out_req| + // will be set to nullptr. + // + // Otherwise a request is started and saved to |out_req|. The results can be + // read through the Request interface. + virtual void AsyncGetIssuersOf(const ParsedCertificate* cert, + std::unique_ptr* out_req) = 0; +}; + +} // namespace net + +#endif // BSSL_PKI_CERT_ISSUER_SOURCE_H_ diff --git a/pki/cert_issuer_source_static.cc b/pki/cert_issuer_source_static.cc new file mode 100644 index 0000000000..ea4be674c3 --- /dev/null +++ b/pki/cert_issuer_source_static.cc @@ -0,0 +1,37 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "cert_issuer_source_static.h" + +namespace bssl { + +CertIssuerSourceStatic::CertIssuerSourceStatic() = default; +CertIssuerSourceStatic::~CertIssuerSourceStatic() = default; + +void CertIssuerSourceStatic::AddCert( + std::shared_ptr cert) { + intermediates_.insert(std::make_pair( + cert->normalized_subject().AsStringView(), std::move(cert))); +} + +void CertIssuerSourceStatic::Clear() { + intermediates_.clear(); +} + +void CertIssuerSourceStatic::SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) { + auto range = + intermediates_.equal_range(cert->normalized_issuer().AsStringView()); + for (auto it = range.first; it != range.second; ++it) + issuers->push_back(it->second); +} + +void CertIssuerSourceStatic::AsyncGetIssuersOf( + const ParsedCertificate* cert, + std::unique_ptr* out_req) { + // CertIssuerSourceStatic never returns asynchronous results. + out_req->reset(); +} + +} // namespace net diff --git a/pki/cert_issuer_source_static.h b/pki/cert_issuer_source_static.h new file mode 100644 index 0000000000..11be846c07 --- /dev/null +++ b/pki/cert_issuer_source_static.h @@ -0,0 +1,51 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_ +#define BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "cert_issuer_source.h" + +namespace bssl { + +// Synchronously returns issuers from a pre-supplied set. +class OPENSSL_EXPORT CertIssuerSourceStatic : public CertIssuerSource { + public: + CertIssuerSourceStatic(); + + CertIssuerSourceStatic(const CertIssuerSourceStatic&) = delete; + CertIssuerSourceStatic& operator=(const CertIssuerSourceStatic&) = delete; + + ~CertIssuerSourceStatic() override; + + // Adds |cert| to the set of certificates that this CertIssuerSource will + // provide. + void AddCert(std::shared_ptr cert); + + // Clears the set of certificates. + void Clear(); + + size_t size() const { return intermediates_.size(); } + + // CertIssuerSource implementation: + void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) override; + void AsyncGetIssuersOf(const ParsedCertificate* cert, + std::unique_ptr* out_req) override; + + private: + // The certificates that the CertIssuerSourceStatic can return, keyed on the + // normalized subject value. + std::unordered_multimap> + intermediates_; +}; + +} // namespace net + +#endif // BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_ diff --git a/pki/cert_issuer_source_static_unittest.cc b/pki/cert_issuer_source_static_unittest.cc new file mode 100644 index 0000000000..b745968e29 --- /dev/null +++ b/pki/cert_issuer_source_static_unittest.cc @@ -0,0 +1,40 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "cert_issuer_source_static.h" + +#include "cert_issuer_source_sync_unittest.h" +#include "parsed_certificate.h" +#include + +namespace bssl { + +namespace { + +class CertIssuerSourceStaticTestDelegate { + public: + void AddCert(std::shared_ptr cert) { + source_.AddCert(std::move(cert)); + } + + CertIssuerSource& source() { return source_; } + + protected: + CertIssuerSourceStatic source_; +}; + +INSTANTIATE_TYPED_TEST_SUITE_P(CertIssuerSourceStaticTest, + CertIssuerSourceSyncTest, + CertIssuerSourceStaticTestDelegate); + +INSTANTIATE_TYPED_TEST_SUITE_P(CertIssuerSourceStaticNormalizationTest, + CertIssuerSourceSyncNormalizationTest, + CertIssuerSourceStaticTestDelegate); + +GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST( + CertIssuerSourceSyncNotNormalizedTest); + +} // namespace + +} // namespace net diff --git a/pki/cert_issuer_source_sync_unittest.h b/pki/cert_issuer_source_sync_unittest.h new file mode 100644 index 0000000000..ef5ef0b3a3 --- /dev/null +++ b/pki/cert_issuer_source_sync_unittest.h @@ -0,0 +1,216 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ +#define BSSL_PKI_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ + +#include + +#include "cert_errors.h" +#include "cert_issuer_source.h" +#include "test_helpers.h" +#include +#include + +namespace bssl { + +namespace { + +::testing::AssertionResult ReadTestPem(const std::string& file_name, + const std::string& block_name, + std::string* result) { + const PemBlockMapping mappings[] = { + {block_name.c_str(), result}, + }; + + return ReadTestDataFromPemFile(file_name, mappings); +} + +::testing::AssertionResult ReadTestCert( + const std::string& file_name, + std::shared_ptr* result) { + std::string der; + ::testing::AssertionResult r = + ReadTestPem("testdata/cert_issuer_source_static_unittest/" + file_name, + "CERTIFICATE", &der); + if (!r) + return r; + CertErrors errors; + *result = ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(der.data()), der.size(), nullptr)), + {}, &errors); + if (!*result) { + return ::testing::AssertionFailure() + << "ParsedCertificate::Create() failed:\n" + << errors.ToDebugString(); + } + return ::testing::AssertionSuccess(); +} + +} // namespace + +template +class CertIssuerSourceSyncTest : public ::testing::Test { + public: + void SetUp() override { + ASSERT_TRUE(ReadTestCert("root.pem", &root_)); + ASSERT_TRUE(ReadTestCert("i1_1.pem", &i1_1_)); + ASSERT_TRUE(ReadTestCert("i1_2.pem", &i1_2_)); + ASSERT_TRUE(ReadTestCert("i2.pem", &i2_)); + ASSERT_TRUE(ReadTestCert("i3_1.pem", &i3_1_)); + ASSERT_TRUE(ReadTestCert("i3_2.pem", &i3_2_)); + ASSERT_TRUE(ReadTestCert("c1.pem", &c1_)); + ASSERT_TRUE(ReadTestCert("c2.pem", &c2_)); + ASSERT_TRUE(ReadTestCert("d.pem", &d_)); + ASSERT_TRUE(ReadTestCert("e1.pem", &e1_)); + ASSERT_TRUE(ReadTestCert("e2.pem", &e2_)); + } + + void AddCert(std::shared_ptr cert) { + delegate_.AddCert(std::move(cert)); + } + + void AddAllCerts() { + AddCert(root_); + AddCert(i1_1_); + AddCert(i1_2_); + AddCert(i2_); + AddCert(i3_1_); + AddCert(i3_2_); + AddCert(c1_); + AddCert(c2_); + AddCert(d_); + AddCert(e1_); + AddCert(e2_); + } + + CertIssuerSource& source() { return delegate_.source(); } + + protected: + bool IssuersMatch(std::shared_ptr cert, + ParsedCertificateList expected_matches) { + ParsedCertificateList matches; + source().SyncGetIssuersOf(cert.get(), &matches); + + std::vector der_result_matches; + for (const auto& it : matches) + der_result_matches.push_back(it->der_cert()); + std::sort(der_result_matches.begin(), der_result_matches.end()); + + std::vector der_expected_matches; + for (const auto& it : expected_matches) + der_expected_matches.push_back(it->der_cert()); + std::sort(der_expected_matches.begin(), der_expected_matches.end()); + + if (der_expected_matches == der_result_matches) + return true; + + // Print some extra information for debugging. + EXPECT_EQ(der_expected_matches, der_result_matches); + return false; + } + + TestDelegate delegate_; + std::shared_ptr root_; + std::shared_ptr i1_1_; + std::shared_ptr i1_2_; + std::shared_ptr i2_; + std::shared_ptr i3_1_; + std::shared_ptr i3_2_; + std::shared_ptr c1_; + std::shared_ptr c2_; + std::shared_ptr d_; + std::shared_ptr e1_; + std::shared_ptr e2_; +}; + +TYPED_TEST_SUITE_P(CertIssuerSourceSyncTest); + +TYPED_TEST_P(CertIssuerSourceSyncTest, NoMatch) { + this->AddCert(this->root_); + + EXPECT_TRUE(this->IssuersMatch(this->c1_, ParsedCertificateList())); +} + +TYPED_TEST_P(CertIssuerSourceSyncTest, OneMatch) { + this->AddAllCerts(); + + EXPECT_TRUE(this->IssuersMatch(this->i1_1_, {this->root_})); + EXPECT_TRUE(this->IssuersMatch(this->d_, {this->i2_})); +} + +TYPED_TEST_P(CertIssuerSourceSyncTest, MultipleMatches) { + this->AddAllCerts(); + + EXPECT_TRUE(this->IssuersMatch(this->e1_, {this->i3_1_, this->i3_2_})); + EXPECT_TRUE(this->IssuersMatch(this->e2_, {this->i3_1_, this->i3_2_})); +} + +// Searching for the issuer of a self-issued cert returns the same cert if it +// happens to be in the CertIssuerSourceStatic. +// Conceptually this makes sense, though probably not very useful in practice. +// Doesn't hurt anything though. +TYPED_TEST_P(CertIssuerSourceSyncTest, SelfIssued) { + this->AddAllCerts(); + + EXPECT_TRUE(this->IssuersMatch(this->root_, {this->root_})); +} + +// CertIssuerSourceStatic never returns results asynchronously. +TYPED_TEST_P(CertIssuerSourceSyncTest, IsNotAsync) { + this->AddCert(this->i1_1_); + std::unique_ptr request; + this->source().AsyncGetIssuersOf(this->c1_.get(), &request); + EXPECT_EQ(nullptr, request); +} + +// These are all the tests that should have the same result with or without +// normalization. +REGISTER_TYPED_TEST_SUITE_P(CertIssuerSourceSyncTest, + NoMatch, + OneMatch, + MultipleMatches, + SelfIssued, + IsNotAsync); + +template +class CertIssuerSourceSyncNormalizationTest + : public CertIssuerSourceSyncTest {}; +TYPED_TEST_SUITE_P(CertIssuerSourceSyncNormalizationTest); + +TYPED_TEST_P(CertIssuerSourceSyncNormalizationTest, + MultipleMatchesAfterNormalization) { + this->AddAllCerts(); + + EXPECT_TRUE(this->IssuersMatch(this->c1_, {this->i1_1_, this->i1_2_})); + EXPECT_TRUE(this->IssuersMatch(this->c2_, {this->i1_1_, this->i1_2_})); +} + +// These tests require (utf8) normalization. +REGISTER_TYPED_TEST_SUITE_P(CertIssuerSourceSyncNormalizationTest, + MultipleMatchesAfterNormalization); + +template +class CertIssuerSourceSyncNotNormalizedTest + : public CertIssuerSourceSyncTest {}; +TYPED_TEST_SUITE_P(CertIssuerSourceSyncNotNormalizedTest); + +TYPED_TEST_P(CertIssuerSourceSyncNotNormalizedTest, + OneMatchWithoutNormalization) { + this->AddAllCerts(); + + // Without normalization c1 and c2 should at least be able to find their + // exact matching issuer. (c1 should match i1_1, and c2 should match i1_2.) + EXPECT_TRUE(this->IssuersMatch(this->c1_, {this->i1_1_})); + EXPECT_TRUE(this->IssuersMatch(this->c2_, {this->i1_2_})); +} + +// These tests are for implementations which do not do utf8 normalization. +REGISTER_TYPED_TEST_SUITE_P(CertIssuerSourceSyncNotNormalizedTest, + OneMatchWithoutNormalization); + +} // namespace net + +#endif // BSSL_PKI_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ diff --git a/pki/cert_net_fetcher.h b/pki/cert_net_fetcher.h new file mode 100644 index 0000000000..d91297be69 --- /dev/null +++ b/pki/cert_net_fetcher.h @@ -0,0 +1,97 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_NET_FETCHER_H_ +#define BSSL_PKI_CERT_NET_FETCHER_H_ + +#include "webutil/url/url.h" +#include "fillins/openssl_util.h" +#include + +#include +#include + +#include +#include "fillins/net_errors.h" + + + +class URL; + +namespace bssl { + +// CertNetFetcher is a synchronous interface for fetching AIA URLs and CRL +// URLs. It is shared between a caller thread (which starts and waits for +// fetches), and a network thread (which does the actual fetches). It can be +// shutdown from the network thread to cancel outstanding requests. +// +// A Request object is returned when starting a fetch. The consumer can +// use this as a handle for aborting the request (by freeing it), or reading +// the result of the request (WaitForResult) +class OPENSSL_EXPORT CertNetFetcher + { + public: + class Request { + public: + virtual ~Request() = default; + + // WaitForResult() can be called at most once. + // + // It will block and wait for the (network) request to complete, and + // then write the result into the provided out-parameters. + virtual void WaitForResult(Error* error, std::vector* bytes) = 0; + }; + + // This value can be used in place of timeout or max size limits. + enum { DEFAULT = -1 }; + + CertNetFetcher() = default; + + CertNetFetcher(const CertNetFetcher&) = delete; + CertNetFetcher& operator=(const CertNetFetcher&) = delete; + + // Shuts down the CertNetFetcher and cancels outstanding network requests. It + // is not guaranteed that any outstanding or subsequent + // Request::WaitForResult() calls will be completed. Shutdown() must be called + // from the network thread. It can be called more than once, but must be + // called before the CertNetFetcher is destroyed. + virtual void Shutdown() = 0; + + // The Fetch*() methods start a request which can be cancelled by + // deleting the returned Request. Here is the meaning of the common + // parameters: + // + // * url -- The http:// URL to fetch. + // * timeout_seconds -- The maximum allowed duration for the fetch job. If + // this delay is exceeded then the request will fail. To use a default + // timeout pass DEFAULT. + // * max_response_bytes -- The maximum size of the response body. If this + // size is exceeded then the request will fail. To use a default timeout + // pass DEFAULT. + + [[nodiscard]] virtual std::unique_ptr FetchCaIssuers( + const URL& url, + int timeout_milliseconds, + int max_response_bytes) = 0; + + [[nodiscard]] virtual std::unique_ptr FetchCrl( + const URL& url, + int timeout_milliseconds, + int max_response_bytes) = 0; + + [[nodiscard]] virtual std::unique_ptr FetchOcsp( + const URL& url, + int timeout_milliseconds, + int max_response_bytes) = 0; + + protected: + virtual ~CertNetFetcher() = default; + + private: + +}; + +} // namespace net + +#endif // BSSL_PKI_CERT_NET_FETCHER_H_ diff --git a/pki/cert_status_flags.h b/pki/cert_status_flags.h new file mode 100644 index 0000000000..69ae818fce --- /dev/null +++ b/pki/cert_status_flags.h @@ -0,0 +1,49 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERT_STATUS_FLAGS_H_ +#define BSSL_PKI_CERT_STATUS_FLAGS_H_ + +#include "fillins/openssl_util.h" +#include + + + +namespace bssl { + +// Bitmask of status flags of a certificate, representing any errors, as well as +// other non-error status information such as whether the certificate is EV. +typedef uint32_t CertStatus; + +// NOTE: Because these names have appeared in bug reports, we preserve them as +// MACRO_STYLE for continuity, instead of renaming them to kConstantStyle as +// befits most static consts. +#define CERT_STATUS_FLAG(label, value) \ + CertStatus static const CERT_STATUS_##label = value; +#include "cert_status_flags_list.h" +#undef CERT_STATUS_FLAG + +static const CertStatus CERT_STATUS_ALL_ERRORS = 0xFF00FFFF; + +// Returns true if the specified cert status has an error set. +inline bool IsCertStatusError(CertStatus status) { + return (CERT_STATUS_ALL_ERRORS & status) != 0; +} + +// Maps a network error code to the equivalent certificate status flag. If +// the error code is not a certificate error, it is mapped to 0. +// Note: It is not safe to go net::CertStatus -> net::Error -> net::CertStatus, +// as the CertStatus contains more information. Conversely, going from +// net::Error -> net::CertStatus -> net::Error is not a lossy function, for the +// same reason. +// To avoid incorrect use, this is only exported for unittest helpers. +OPENSSL_EXPORT CertStatus MapNetErrorToCertStatus(int error); + +// Maps the most serious certificate error in the certificate status flags +// to the equivalent network error code. +OPENSSL_EXPORT int MapCertStatusToNetError(CertStatus cert_status); + +} // namespace net + +#endif // BSSL_PKI_CERT_STATUS_FLAGS_H_ diff --git a/pki/cert_status_flags_list.h b/pki/cert_status_flags_list.h new file mode 100644 index 0000000000..d5ab73cf40 --- /dev/null +++ b/pki/cert_status_flags_list.h @@ -0,0 +1,47 @@ +// Copyright 2014 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This file intentionally does not have header guards, it's included +// inside a macro to generate enum values. The following line silences a +// presubmit warning that would otherwise be triggered by this: +// no-include-guard-because-multiply-included +// NOLINT(build/header_guard) + +// This is the list of CertStatus flags and their values. +// +// Defines the values using a macro CERT_STATUS_FLAG, +// so it can be expanded differently in some places + +// The possible status bits for CertStatus. +// Bits 0 to 15 are for errors. +CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0) +CERT_STATUS_FLAG(DATE_INVALID, 1 << 1) +CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2) +// 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). +CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4) +CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5) +CERT_STATUS_FLAG(REVOKED, 1 << 6) +CERT_STATUS_FLAG(INVALID, 1 << 7) +CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8) +// 1 << 9 was used for CERT_STATUS_NOT_IN_DNS +CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10) +CERT_STATUS_FLAG(WEAK_KEY, 1 << 11) +// 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY +CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13) +CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14) +CERT_STATUS_FLAG(VALIDITY_TOO_LONG, 1 << 15) + +// Bits 16 to 23 are for non-error statuses. +CERT_STATUS_FLAG(IS_EV, 1 << 16) +CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17) +// Bit 18 was CERT_STATUS_IS_DNSSEC +CERT_STATUS_FLAG(SHA1_SIGNATURE_PRESENT, 1 << 19) +CERT_STATUS_FLAG(CT_COMPLIANCE_FAILED, 1 << 20) +CERT_STATUS_FLAG(KNOWN_INTERCEPTION_DETECTED, 1 << 21) + +// Bits 24 - 31 are for errors. +CERT_STATUS_FLAG(CERTIFICATE_TRANSPARENCY_REQUIRED, 1 << 24) +CERT_STATUS_FLAG(SYMANTEC_LEGACY, 1 << 25) +CERT_STATUS_FLAG(KNOWN_INTERCEPTION_BLOCKED, 1 << 26) +// Bit 27 was CERT_STATUS_LEGACY_TLS. diff --git a/pki/cert_verify_proc_blocklist.inc b/pki/cert_verify_proc_blocklist.inc new file mode 100644 index 0000000000..dfc238abda --- /dev/null +++ b/pki/cert_verify_proc_blocklist.inc @@ -0,0 +1,427 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// The certificate(s) that were misissued, and which represent these SPKIs, +// are stored within net/data/ssl/blocklist. Further details about the +// rationale is documented in net/data/ssl/blocklist/README.md +static constexpr uint8_t + kSPKIBlockList[][SHA256_DIGEST_LENGTH] = { + // 2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem + {0x04, 0xdd, 0xe9, 0xaa, 0x9a, 0x79, 0xf6, 0x14, 0x98, 0x68, 0x23, + 0x25, 0xfa, 0x08, 0x70, 0x27, 0x67, 0x07, 0xfb, 0x9c, 0xa9, 0x53, + 0x84, 0x12, 0x0b, 0x46, 0x89, 0x32, 0x68, 0x49, 0x4f, 0xc9}, + // 91e5cc32910686c5cac25c18cc805696c7b33868c280caf0c72844a2a8eb91e2.pem + {0x0c, 0x43, 0xea, 0x8b, 0xcd, 0xe9, 0xfc, 0x3b, 0xca, 0x16, 0x56, + 0x64, 0xac, 0x82, 0x15, 0x56, 0x7e, 0x34, 0x89, 0xd5, 0x39, 0x3a, + 0x0c, 0x81, 0xe1, 0xa7, 0x91, 0x41, 0x99, 0x2e, 0x19, 0x53}, + // ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem + {0x12, 0x13, 0x23, 0x60, 0xa3, 0x3b, 0xfd, 0xc6, 0xc3, 0xbf, 0x7b, + 0x7f, 0xab, 0x26, 0xa1, 0x68, 0x48, 0x74, 0xe7, 0x2c, 0x12, 0x63, + 0xc1, 0xf5, 0xde, 0x56, 0x5b, 0xb4, 0x9e, 0xf0, 0x37, 0x53}, + // 4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem + {0x12, 0x7d, 0xa2, 0x7a, 0x9e, 0x45, 0xf0, 0x82, 0x28, 0x0b, 0x31, + 0xbf, 0x1e, 0x56, 0x15, 0x20, 0x38, 0x9f, 0x96, 0x65, 0x90, 0x93, + 0xb2, 0x69, 0x7c, 0x40, 0xfe, 0x86, 0x00, 0x23, 0x6c, 0x8c}, + // 0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem + {0x13, 0x0a, 0xd4, 0xe0, 0x63, 0x35, 0x21, 0x29, 0x05, 0x31, 0xb6, + 0x65, 0x1f, 0x57, 0x59, 0xb0, 0xbc, 0x7b, 0xc6, 0x56, 0x70, 0x9f, + 0xf8, 0xf3, 0x65, 0xc2, 0x14, 0x3b, 0x03, 0x89, 0xb6, 0xf6}, + // 91018fcd3e0dc73f48d011a123f604d846d66821c58304474f949d7449dd600a.pem + {0x15, 0xe7, 0xae, 0x40, 0xcc, 0x4b, 0x3f, 0x72, 0x22, 0xa5, 0xa6, + 0xfe, 0x3e, 0x7d, 0xc4, 0x7f, 0x6e, 0x46, 0xee, 0x9a, 0x22, 0x51, + 0x83, 0x9d, 0xb2, 0x96, 0xd6, 0x2a, 0xda, 0x2a, 0x0d, 0xf7}, + // c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem + {0x15, 0x28, 0x39, 0x7d, 0xa2, 0x12, 0x89, 0x0a, 0x83, 0x0b, 0x0b, + 0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf, + 0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}, + // 1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key + {0x1a, 0xf5, 0x6c, 0x98, 0xff, 0x04, 0x3e, 0xf9, 0x2b, 0xeb, 0xff, + 0x54, 0xce, 0xbb, 0x4d, 0xd6, 0x7a, 0x25, 0xba, 0x95, 0x6c, 0x81, + 0x7f, 0x3e, 0x6d, 0xd3, 0xc1, 0xe5, 0x2e, 0xb5, 0x84, 0xc1}, + // e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem + {0x1f, 0x42, 0x24, 0xce, 0xc8, 0x4f, 0xc9, 0x9c, 0xed, 0x88, 0x1f, + 0xf6, 0xfc, 0xfd, 0x3e, 0x21, 0xf8, 0xc5, 0x19, 0xc5, 0x47, 0xaa, + 0x6a, 0x5d, 0xd3, 0xde, 0x24, 0x73, 0x02, 0xce, 0x50, 0xd1}, + // e54e9fc27e7350ff63a77764a40267b7e95ae5df3ed7df5336e8f8541356c845.pem + {0x25, 0xda, 0x1a, 0xd5, 0x8b, 0xbf, 0xcf, 0xb2, 0x27, 0xd8, 0x72, + 0x3b, 0x18, 0x57, 0xd4, 0xc1, 0x8e, 0x7b, 0xaa, 0x74, 0x17, 0xb4, + 0xf9, 0xef, 0xf9, 0x36, 0x6b, 0x5e, 0x86, 0x9f, 0x8b, 0x39}, + // 159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem + {0x2c, 0x99, 0x8e, 0x76, 0x11, 0x60, 0xc3, 0xb0, 0x6d, 0x82, 0xfa, + 0xa9, 0xfd, 0xc7, 0x54, 0x5d, 0x9b, 0xda, 0x9e, 0xb6, 0x03, 0x10, + 0xf9, 0x92, 0xaa, 0x51, 0x0a, 0x62, 0x80, 0xb7, 0x42, 0x45}, + // 82a4cedbc7f61ce5cb04482aa27ea3145bb0cea58ab63ba1931a1654bfbdbb4f.pem + {0x2d, 0xc4, 0xcb, 0x59, 0x1f, 0x7e, 0xf0, 0x66, 0x34, 0x41, 0x64, + 0x6b, 0xcf, 0x5c, 0x0e, 0x9d, 0xbc, 0xde, 0xd7, 0x7c, 0xa0, 0x29, + 0x45, 0x19, 0x3c, 0xef, 0xc6, 0xed, 0xb1, 0x74, 0x06, 0x14}, + // d0d672c2547d574ae055d9e78a993ddbcc74044c4253fbfaca573a67d368e1db.pem + {0x30, 0xef, 0xe4, 0x13, 0x82, 0x47, 0x6c, 0x33, 0x80, 0xf0, 0x2f, + 0x7e, 0x23, 0xe6, 0x6b, 0xa2, 0xf8, 0x67, 0xb0, 0x59, 0xee, 0x1e, + 0xa6, 0x87, 0x96, 0xb4, 0x41, 0xb8, 0x5b, 0x5d, 0x12, 0x56}, + // 32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key + {0x32, 0xec, 0xc9, 0x6f, 0x91, 0x2f, 0x96, 0xd8, 0x89, 0xe7, 0x30, + 0x88, 0xcd, 0x03, 0x1c, 0x7d, 0xed, 0x2c, 0x65, 0x1c, 0x80, 0x50, + 0x16, 0x15, 0x7a, 0x23, 0xb6, 0xf3, 0x2f, 0x79, 0x8a, 0x3b}, + // 4aefc3d39ef59e4d4b0304b20f53a8af2efb69edece66def74494abfc10a2d66.pem + {0x36, 0xea, 0x96, 0x12, 0x8c, 0x89, 0x83, 0x9f, 0xb6, 0x21, 0xf8, + 0xad, 0x0e, 0x1e, 0xe0, 0xb9, 0xc2, 0x20, 0x6f, 0x62, 0xab, 0x7b, + 0x4d, 0xa2, 0xc6, 0x76, 0x58, 0x93, 0xc9, 0xb7, 0xce, 0xd2}, + // d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem + {0x38, 0x1a, 0x3f, 0xc7, 0xa8, 0xb0, 0x82, 0xfa, 0x28, 0x61, 0x3a, + 0x4d, 0x07, 0xf2, 0xc7, 0x55, 0x3f, 0x4e, 0x19, 0x18, 0xee, 0x07, + 0xca, 0xa9, 0xe8, 0xb7, 0xce, 0xde, 0x5a, 0x9c, 0xa0, 0x6a}, + // 0ef7c54a3af101a2cfedb0c9f36fe8214d51a504fdc2ad1e243019cefd7d03c2.pem + {0x38, 0x3e, 0x0e, 0x13, 0x7c, 0x37, 0xbf, 0xb9, 0xdb, 0x29, 0xf9, + 0xa8, 0xe4, 0x5e, 0x9f, 0xf8, 0xdd, 0x4c, 0x30, 0xe4, 0x40, 0xfe, + 0xc2, 0xac, 0xd3, 0xdb, 0xa7, 0xb6, 0xc7, 0x20, 0xb9, 0x93}, + // cb954e9d80a3e520ac71f1a84511657f2f309d172d0bb55e0ec2c236e74ff4b4.pem + {0x39, 0x4c, 0xff, 0x58, 0x9e, 0x68, 0x93, 0x12, 0xcf, 0xc0, 0x71, + 0xee, 0x0b, 0xc1, 0x9f, 0xe4, 0xc6, 0x06, 0x21, 0x6c, 0xe5, 0x43, + 0x42, 0x9d, 0xe6, 0xdb, 0x62, 0xe4, 0x2d, 0xbb, 0x3b, 0xc1}, + // 42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem + {0x3e, 0xdb, 0xd9, 0xac, 0xe6, 0x39, 0xba, 0x1a, 0x2d, 0x4a, 0xd0, + 0x47, 0x18, 0x71, 0x1f, 0xda, 0x23, 0xe8, 0x59, 0xb2, 0xfb, 0xf5, + 0xd1, 0x37, 0xd4, 0x24, 0x04, 0x5e, 0x79, 0x19, 0xdf, 0xb9}, + // 294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem + {0x45, 0x5b, 0x87, 0xe9, 0x6f, 0x1c, 0xea, 0x2f, 0x8b, 0x6d, 0xae, + 0x08, 0x08, 0xec, 0x24, 0x73, 0x8f, 0xd9, 0x2b, 0x7f, 0xd3, 0x06, + 0x75, 0x71, 0x98, 0xbf, 0x38, 0x9d, 0x75, 0x5c, 0x0b, 0x6c}, + // 3ab0fcc7287454c405863e3aa204fea8eb0c50a524d2a7e15524a830cd4ab0fe.pem + {0x49, 0x0b, 0x6e, 0xc6, 0xbe, 0xb2, 0xd6, 0x03, 0x47, 0x20, 0xb5, + 0x14, 0x9b, 0x6b, 0x29, 0xcd, 0x35, 0x51, 0x59, 0x88, 0xcc, 0x16, + 0xaf, 0x85, 0x41, 0x48, 0xb0, 0x7b, 0x9b, 0x1f, 0x8a, 0x11}, + // b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem + {0x4b, 0xb8, 0xf3, 0x5b, 0xa1, 0xe1, 0x26, 0xf8, 0xdd, 0xe1, 0xb0, + 0xc4, 0x20, 0x62, 0x5e, 0xd8, 0x6d, 0xce, 0x61, 0xa7, 0xbd, 0xda, + 0xdb, 0xde, 0xa9, 0xab, 0xa5, 0x78, 0xff, 0x13, 0x14, 0x5e}, + // fa5a828c9a7e732692682e60b14c634309cbb2bb79eb12aef44318d853ee97e3.pem + {0x4c, 0xdb, 0x06, 0x0f, 0x3c, 0xfe, 0x4c, 0x3d, 0x3f, 0x5e, 0x31, + 0xc3, 0x00, 0xfd, 0x68, 0xa9, 0x1e, 0x0d, 0x1e, 0x5f, 0x46, 0xb6, + 0x4e, 0x48, 0x95, 0xf2, 0x0e, 0x1b, 0x5c, 0xf8, 0x26, 0x9f}, + // ef3cb417fc8ebf6f97876c9e4ece39de1ea5fe649141d1028b7d11c0b2298ced.pem + {0x4e, 0xad, 0xa9, 0xb5, 0x31, 0x1e, 0x71, 0x81, 0x99, 0xd9, 0x8e, + 0xa8, 0x2b, 0x95, 0x00, 0x5c, 0xba, 0x93, 0x19, 0x8a, 0xb1, 0xf9, + 0x7e, 0xfc, 0xbe, 0x8d, 0xc6, 0x20, 0x16, 0x28, 0xf8, 0xaf}, + // c1d80ce474a51128b77e794a98aa2d62a0225da3f419e5c7ed73dfbf660e7109.pem + {0x4f, 0x71, 0x62, 0xb9, 0x74, 0x49, 0x1c, 0x98, 0x58, 0x5e, 0xc2, + 0x8f, 0xe7, 0x59, 0xaa, 0x00, 0xc3, 0x30, 0xd0, 0xb4, 0x65, 0x19, + 0x0a, 0x89, 0x6c, 0xc4, 0xb6, 0x16, 0x23, 0x18, 0x31, 0xfc}, + // 7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem + {0x57, 0x80, 0x94, 0x46, 0xea, 0xf1, 0x14, 0x84, 0x38, 0x54, 0xfe, + 0x63, 0x6e, 0xd9, 0xbc, 0xb5, 0x52, 0xe3, 0xc6, 0x16, 0x66, 0x3b, + 0xc4, 0x4c, 0xc9, 0x5a, 0xcf, 0x56, 0x50, 0x01, 0x6d, 0x3e}, + // 817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem + {0x5c, 0x72, 0x2c, 0xb7, 0x0f, 0xb3, 0x11, 0xf2, 0x1e, 0x0d, 0xa0, + 0xe7, 0xd1, 0x2e, 0xbc, 0x8e, 0x05, 0xf6, 0x07, 0x96, 0xbc, 0x49, + 0xcf, 0x51, 0x18, 0x49, 0xd5, 0xbc, 0x62, 0x03, 0x03, 0x82}, + // 79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem + // 933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem + // f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem + {0x5e, 0x53, 0xf2, 0x64, 0x67, 0xf8, 0x94, 0xfd, 0xe5, 0x3b, 0x3f, + 0xa4, 0x06, 0xa4, 0x40, 0xcb, 0xb3, 0xb0, 0x76, 0xbb, 0x5b, 0x75, + 0x8f, 0xe4, 0x83, 0x4a, 0xd6, 0x65, 0x00, 0x20, 0x89, 0x07}, + // 2d11e736f0427fd6ba4b372755d34a0edd8d83f7e9e7f6c01b388c9b7afa850d.pem + {0x6a, 0xdb, 0x8e, 0x3e, 0x05, 0x54, 0x60, 0x92, 0x2d, 0x15, 0x01, + 0xcb, 0x97, 0xf9, 0x4c, 0x6a, 0x02, 0xe3, 0x9c, 0x8f, 0x27, 0x74, + 0xca, 0x40, 0x88, 0x25, 0xb7, 0xb5, 0x83, 0x79, 0xdc, 0x14}, + // 2a33f5b48176523fd3c0d854f20093417175bfd498ef354cc7f38b54adabaf1a.pem + {0x70, 0x7d, 0x36, 0x4e, 0x72, 0xae, 0x52, 0x14, 0x31, 0xdd, 0x95, + 0x38, 0x97, 0xf9, 0xc4, 0x84, 0x6d, 0x5b, 0x8c, 0x32, 0x42, 0x98, + 0xfe, 0x53, 0xfb, 0xd4, 0xad, 0xa1, 0xf2, 0xd1, 0x15, 0x7f}, + // f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem + {0x71, 0x65, 0xe9, 0x91, 0xad, 0xe7, 0x91, 0x6d, 0x86, 0xb4, 0x66, + 0xab, 0xeb, 0xb6, 0xe4, 0x57, 0xca, 0x93, 0x1c, 0x80, 0x4e, 0x58, + 0xce, 0x1f, 0xba, 0xba, 0xe5, 0x09, 0x15, 0x6f, 0xfb, 0x43}, + // 3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem + {0x78, 0x1a, 0x4c, 0xf2, 0xe9, 0x24, 0x52, 0xf3, 0xee, 0x01, 0xd0, + 0xc3, 0x81, 0xa4, 0x21, 0x4f, 0x39, 0x04, 0x16, 0x5c, 0x39, 0x0a, + 0xdb, 0xd6, 0x1f, 0xcd, 0x11, 0x24, 0x4e, 0x09, 0xb2, 0xdc}, + // 8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem + {0x7a, 0xed, 0xdd, 0xf3, 0x6b, 0x18, 0xf8, 0xac, 0xb7, 0x37, 0x9f, + 0xe1, 0xce, 0x18, 0x32, 0x12, 0xb2, 0x35, 0x0d, 0x07, 0x88, 0xab, + 0xe0, 0xe8, 0x24, 0x57, 0xbe, 0x9b, 0xad, 0xad, 0x6d, 0x54}, + // 5a885db19c01d912c5759388938cafbbdf031ab2d48e91ee15589b42971d039c.pem + {0x7a, 0xfe, 0x4b, 0x07, 0x1a, 0x2f, 0x1f, 0x46, 0xf8, 0xba, 0x94, + 0x4a, 0x26, 0xd5, 0x84, 0xd5, 0x96, 0x0b, 0x92, 0xfb, 0x48, 0xc3, + 0xba, 0x1b, 0x7c, 0xab, 0x84, 0x90, 0x5f, 0x32, 0xaa, 0xcd}, + // c43807a64c51a3fbde5421011698013d8b46f4e315c46186dc23aea2670cd34f.pem + {0x7c, 0xd2, 0x95, 0xb7, 0x55, 0x44, 0x80, 0x8a, 0xbd, 0x94, 0x09, + 0x46, 0x6f, 0x08, 0x37, 0xc5, 0xaa, 0xdc, 0x02, 0xe3, 0x3b, 0x61, + 0x50, 0xc6, 0x64, 0x4d, 0xe0, 0xa0, 0x96, 0x59, 0xf2, 0x3c}, + // f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem + {0x7d, 0x5e, 0x3f, 0x50, 0x50, 0x81, 0x97, 0xb9, 0xa4, 0x78, 0xb1, + 0x13, 0x40, 0xb7, 0xdc, 0xe2, 0x0a, 0x3c, 0x4d, 0xe4, 0x9c, 0x48, + 0xc9, 0xa2, 0x94, 0x15, 0x8a, 0x89, 0x5c, 0x44, 0xa2, 0x1b}, + // b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem + {0x7e, 0x70, 0x58, 0xea, 0x35, 0xad, 0x43, 0x59, 0x65, 0x41, 0x59, + 0x97, 0x3f, 0x56, 0x01, 0x87, 0xf1, 0x6d, 0x19, 0xc5, 0x14, 0xb9, + 0x39, 0xc5, 0x05, 0x56, 0x72, 0xd1, 0xd2, 0xa5, 0x18, 0xac}, + // 5e8e77aafdda2ba5ce442f27d8246650bbd6508befbeda35966a4dc7e6174edc.pem + {0x87, 0xbf, 0xd8, 0xaf, 0xa3, 0xaf, 0x5b, 0x42, 0x9d, 0x09, 0xa9, + 0xaa, 0x54, 0xee, 0x61, 0x36, 0x4f, 0x5a, 0xe1, 0x11, 0x31, 0xe4, + 0x38, 0xfc, 0x41, 0x09, 0x53, 0x43, 0xcd, 0x16, 0xb1, 0x35}, + // 0c258a12a5674aef25f28ba7dcfaeceea348e541e6f5cc4ee63b71b361606ac3.pem + {0x8a, 0x2a, 0xff, 0xbd, 0x1a, 0x1c, 0x5d, 0x1b, 0xdc, 0xcb, 0xb7, + 0xf5, 0x48, 0xba, 0x99, 0x5f, 0x96, 0x68, 0x06, 0xb3, 0xfd, 0x0c, + 0x3a, 0x00, 0xfa, 0xe2, 0xe5, 0x2f, 0x3c, 0x85, 0x39, 0x89}, + // 61c0fc2e38b5b6f9071b42cee54a9013d858b6697c68b460948551b3249576a1.pem + {0x8e, 0x12, 0xd0, 0xcb, 0x3b, 0x7d, 0xf3, 0xea, 0x22, 0x57, 0x57, + 0x94, 0x89, 0xfd, 0x86, 0x58, 0xc9, 0x56, 0x03, 0xea, 0x6c, 0xf4, + 0xb7, 0x31, 0x63, 0xa4, 0x1e, 0xb7, 0xb7, 0xe9, 0x3f, 0xee}, + // ddd8ab9178c99cbd9685ea4ae66dc28bfdc9a5a8a166f7f69ad0b5042ad6eb28.pem + {0x8f, 0x59, 0x1f, 0x7a, 0xa4, 0xdc, 0x3e, 0xfe, 0x94, 0x90, 0xc3, + 0x8a, 0x46, 0x92, 0xc9, 0x01, 0x1e, 0xd1, 0x28, 0xf1, 0xde, 0x59, + 0x55, 0x69, 0x40, 0x6d, 0x77, 0xb6, 0xfa, 0x1f, 0x6b, 0x4c}, + // 136335439334a7698016a0d324de72284e079d7b5220bb8fbd747816eebebaca.pem + {0x92, 0x7a, 0x1b, 0x85, 0x62, 0x28, 0x05, 0x76, 0xd0, 0x48, 0xc5, + 0x03, 0x21, 0xad, 0xa4, 0x3d, 0x87, 0x03, 0xd2, 0xd9, 0x52, 0x1a, + 0x18, 0xc2, 0x8b, 0x8c, 0x46, 0xcc, 0x6a, 0xae, 0x4e, 0xfd}, + // 450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem + {0x93, 0xca, 0x2d, 0x43, 0x6c, 0xae, 0x7f, 0x68, 0xd2, 0xb4, 0x25, + 0x6c, 0xa1, 0x75, 0xc9, 0x85, 0xce, 0x39, 0x92, 0x6d, 0xc9, 0xf7, + 0xee, 0xae, 0xec, 0xf2, 0xf8, 0x97, 0x0f, 0xb9, 0x78, 0x02}, + // e757fd60d8dd4c26f77aca6a87f63ea4d38d0b736c7f79b56cad932d4c400fb5.pem + {0x96, 0x2e, 0x4b, 0x54, 0xbb, 0x98, 0xa7, 0xee, 0x5d, 0x5f, 0xeb, + 0x96, 0x33, 0xf9, 0x91, 0xd3, 0xc3, 0x30, 0x0e, 0x95, 0x14, 0xda, + 0xde, 0x7b, 0x0d, 0x4f, 0x82, 0x8c, 0x79, 0x4f, 0x8e, 0x87}, + // 3d3d823fad13dfeef32da580166d4a4992bed5a22d695d12c8b08cc3463c67a2.pem + {0x96, 0x8d, 0xba, 0x69, 0xfb, 0xff, 0x15, 0xbf, 0x37, 0x62, 0x08, + 0x94, 0x31, 0xad, 0xe5, 0xa7, 0xea, 0xd4, 0xb7, 0xea, 0xf1, 0xbe, + 0x70, 0x02, 0x68, 0x10, 0xbc, 0x57, 0xd1, 0xc6, 0x4f, 0x6e}, + // 1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem + {0x99, 0xba, 0x47, 0x84, 0xf9, 0xb0, 0x85, 0x12, 0x90, 0x2e, 0xb0, + 0xc3, 0xc8, 0x6d, 0xf0, 0xec, 0x04, 0x9e, 0xac, 0x9b, 0x65, 0xf7, + 0x7a, 0x9b, 0xa4, 0x2b, 0xe9, 0xd6, 0xeb, 0xce, 0x32, 0x0f}, + // a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem + {0x9b, 0x8a, 0x93, 0xde, 0xcc, 0xcf, 0xba, 0xfc, 0xf4, 0xd0, 0x4d, + 0x34, 0x42, 0x12, 0x8f, 0xb3, 0x52, 0x18, 0xcf, 0xe4, 0x37, 0xa3, + 0xd8, 0xd0, 0x32, 0x8c, 0x99, 0xf8, 0x90, 0x89, 0xe4, 0x50}, + // 8253da6738b60c5c0bb139c78e045428a0c841272abdcb952f95ff05ed1ab476.pem + {0x9c, 0x59, 0xa3, 0xcc, 0xae, 0xa4, 0x69, 0x98, 0x42, 0xb0, 0x68, + 0xcf, 0xc5, 0x2c, 0xf9, 0x45, 0xdb, 0x51, 0x98, 0x69, 0x57, 0xc8, + 0x32, 0xcd, 0xb1, 0x8c, 0xa7, 0x38, 0x49, 0xfb, 0xb9, 0xee}, + // 7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem + {0x9d, 0x98, 0xa1, 0xfb, 0x60, 0x53, 0x8c, 0x4c, 0xc4, 0x85, 0x7f, + 0xf1, 0xa8, 0xc8, 0x03, 0x4f, 0xaf, 0x6f, 0xc5, 0x92, 0x09, 0x3f, + 0x61, 0x99, 0x94, 0xb2, 0xc8, 0x13, 0xd2, 0x50, 0xb8, 0x64}, + // 1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem + {0x9d, 0xd5, 0x5f, 0xc5, 0x73, 0xf5, 0x46, 0xcb, 0x6a, 0x38, 0x31, + 0xd1, 0x11, 0x2d, 0x87, 0x10, 0xa6, 0xf4, 0xf8, 0x2d, 0xc8, 0x7f, + 0x5f, 0xae, 0x9d, 0x3a, 0x1a, 0x02, 0x8d, 0xd3, 0x6e, 0x4b}, + // 487afc8d0d411b2a05561a2a6f35918f4040e5570c4c73ee323cc50583bcfbb7.pem + {0xa0, 0xcf, 0x53, 0xf4, 0x22, 0x65, 0x1e, 0x39, 0x31, 0x7a, 0xe3, + 0x1a, 0xf6, 0x45, 0x77, 0xbe, 0x45, 0x0f, 0xa3, 0x76, 0xe2, 0x89, + 0xed, 0x83, 0x42, 0xb7, 0xfc, 0x13, 0x3c, 0x69, 0x74, 0x19}, + // 0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem + // 4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem + // 8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem + {0xa9, 0x03, 0xaf, 0x8c, 0x07, 0xbb, 0x91, 0xb0, 0xd9, 0xe3, 0xf3, + 0xa3, 0x0c, 0x6d, 0x53, 0x33, 0x9f, 0xc5, 0xbd, 0x47, 0xe5, 0xd6, + 0xbd, 0xb4, 0x76, 0x59, 0x88, 0x60, 0xc0, 0x68, 0xa0, 0x24}, + // a2e3bdaacaaf2d2e8204b3bc7eddc805d54d3ab8bdfe7bf102c035f67d8f898a.pem + {0xa9, 0xb5, 0x5a, 0x9b, 0x55, 0x31, 0xbb, 0xf7, 0xc7, 0x1a, 0x1e, + 0x49, 0x20, 0xef, 0xe7, 0x96, 0xc2, 0xb6, 0x79, 0x68, 0xf5, 0x5a, + 0x6c, 0xe5, 0xcb, 0x62, 0x17, 0x2e, 0xd9, 0x94, 0x5b, 0xca}, + // 5472692abe5d02cd22eae3e0a0077f17802721d6576cde1cba2263ee803410c5.pem + {0xaf, 0x59, 0x15, 0x18, 0xe2, 0xe6, 0xc6, 0x0e, 0xbb, 0xfc, 0x09, + 0x07, 0xaf, 0xaa, 0x49, 0xbc, 0x40, 0x51, 0xd4, 0x5e, 0x7f, 0x21, + 0x4a, 0xbf, 0xee, 0x75, 0x12, 0xee, 0x00, 0xf6, 0x61, 0xed}, + // 1df696f021ab1c3ace9a376b07ed7256a40214cd3396d7934087614924e2d7ef.pem + {0xb1, 0x3f, 0xa2, 0xe6, 0x13, 0x1a, 0x88, 0x8a, 0x01, 0xf3, 0xd6, + 0x20, 0x56, 0xfb, 0x0e, 0xfb, 0xe9, 0x99, 0xeb, 0x6b, 0x6e, 0x14, + 0x92, 0x76, 0x13, 0xe0, 0x2b, 0xa8, 0xb8, 0xfb, 0x04, 0x6e}, + // b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem + {0xb3, 0x18, 0x2e, 0x28, 0x9a, 0xe3, 0x4d, 0xdf, 0x2b, 0xe6, 0x43, + 0xab, 0x79, 0xc2, 0x44, 0x30, 0x16, 0x05, 0xfa, 0x0f, 0x1e, 0xaa, + 0xe6, 0xd1, 0x0f, 0xb9, 0x29, 0x60, 0x0a, 0xf8, 0x4d, 0xf0}, + // be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem + {0xb4, 0xd5, 0xc9, 0x20, 0x41, 0x5e, 0xd0, 0xcc, 0x4f, 0x5d, 0xbc, + 0x7f, 0x54, 0x26, 0x36, 0x76, 0x2e, 0x80, 0xda, 0x66, 0x25, 0xf3, + 0x3f, 0x2b, 0x6a, 0xd6, 0xdb, 0x68, 0xbd, 0xba, 0xb2, 0x9a}, + // 00309c736dd661da6f1eb24173aa849944c168a43a15bffd192eecfdb6f8dbd2.pem + {0xb5, 0xba, 0x8d, 0xd7, 0xf8, 0x95, 0x64, 0xc2, 0x88, 0x9d, 0x3d, + 0x64, 0x53, 0xc8, 0x49, 0x98, 0xc7, 0x78, 0x24, 0x91, 0x9b, 0x64, + 0xea, 0x08, 0x35, 0xaa, 0x62, 0x98, 0x65, 0x91, 0xbe, 0x50}, + // 04f1bec36951bc1454a904ce32890c5da3cde1356b7900f6e62dfa2041ebad51.pem + {0xb8, 0x9b, 0xcb, 0xb8, 0xac, 0xd4, 0x74, 0xc1, 0xbe, 0xa7, 0xda, + 0xd6, 0x50, 0x37, 0xf4, 0x8d, 0xce, 0xcc, 0x9d, 0xfa, 0xa0, 0x61, + 0x2c, 0x3c, 0x24, 0x45, 0x95, 0x64, 0x19, 0xdf, 0x32, 0xfe}, + // d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem + {0xc0, 0xed, 0x20, 0x53, 0x46, 0xbb, 0xbd, 0xe0, 0x6e, 0xb5, 0x60, + 0xf5, 0xce, 0xe0, 0x2a, 0x36, 0x34, 0xe2, 0x47, 0x4a, 0x7e, 0x76, + 0xcf, 0x8f, 0xbe, 0xf5, 0x63, 0xbb, 0x11, 0x7d, 0xd0, 0xe3}, + // 372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem + {0xc1, 0x73, 0xf0, 0x62, 0x64, 0x56, 0xca, 0x85, 0x4f, 0xf2, 0xa7, + 0xf0, 0xb1, 0x33, 0xa7, 0xcf, 0x4d, 0x02, 0x11, 0xe5, 0x52, 0xf2, + 0x4b, 0x3e, 0x33, 0xad, 0xe8, 0xc5, 0x9f, 0x0a, 0x42, 0x4c}, + // c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key + {0xc4, 0x38, 0x7d, 0x45, 0x36, 0x4a, 0x31, 0x3f, 0xbf, 0xe7, 0x98, + 0x12, 0xb3, 0x5b, 0x81, 0x5d, 0x42, 0x85, 0x2a, 0xb0, 0x3b, 0x06, + 0xf1, 0x15, 0x89, 0x63, 0x80, 0x21, 0xc8, 0xf2, 0xcb, 0x44}, + // 8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem + // 9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem + {0xc6, 0x01, 0x23, 0x4e, 0x2b, 0x93, 0x25, 0xdc, 0x92, 0xe3, 0xea, + 0xba, 0xc1, 0x96, 0x00, 0xb0, 0xb4, 0x99, 0x47, 0xd4, 0xd0, 0x4d, + 0x8c, 0x99, 0xd3, 0x21, 0x27, 0x49, 0x3e, 0xa0, 0x28, 0xf8}, + // 0753e940378c1bd5e3836e395daea5cb839e5046f1bd0eae1951cf10fec7c965.pem + {0xc6, 0x3d, 0x68, 0xc6, 0x48, 0xa1, 0x8b, 0x77, 0x64, 0x1c, 0x42, + 0x7a, 0x66, 0x9d, 0x61, 0xc9, 0x76, 0x8a, 0x55, 0xf4, 0xfc, 0xd0, + 0x32, 0x2e, 0xac, 0x96, 0xc5, 0x77, 0x00, 0x29, 0x9c, 0xf1}, + // 53d48e7b8869a3314f213fd2e0178219ca09022dbe50053bf6f76fccd61e8112.pem + {0xc8, 0xfd, 0xdc, 0x75, 0xcb, 0x1b, 0xdb, 0xb5, 0x8c, 0x07, 0xb4, + 0xea, 0x84, 0x72, 0x87, 0xf6, 0x26, 0x65, 0x9d, 0xd6, 0x6b, 0xc1, + 0x0a, 0x26, 0xad, 0xd9, 0xb5, 0x75, 0xb3, 0xa0, 0xa3, 0x8d}, + // ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem + {0xcd, 0xee, 0x9f, 0x33, 0x05, 0x57, 0x2a, 0x67, 0x7e, 0x1a, 0x6c, + 0x82, 0xdc, 0x1e, 0x02, 0xa3, 0x5b, 0x11, 0xca, 0xe6, 0xa6, 0x84, + 0x33, 0x8c, 0x9f, 0x37, 0xfe, 0x1a, 0xc8, 0xda, 0xec, 0x23}, + // 063e4afac491dfd332f3089b8542e94617d893d7fe944e10a7937ee29d9693c0.pem + {0xce, 0xd4, 0x39, 0x02, 0xab, 0x5f, 0xb5, 0x7b, 0x44, 0x23, 0x22, + 0xdc, 0x0e, 0x17, 0x2a, 0x4f, 0xb5, 0x5f, 0x71, 0x78, 0xb8, 0x08, + 0xf9, 0x4e, 0x78, 0x0a, 0x6f, 0xd6, 0xcc, 0x6b, 0xd8, 0x18}, + // c71f33c36d8efeefbed9d44e85e21cfe96b36fb0e132c52dca2415868492bf8a.pem + {0xd3, 0x1e, 0xc3, 0x92, 0x85, 0xb7, 0xa5, 0x31, 0x9d, 0x01, 0x57, + 0xdb, 0x42, 0x0e, 0xd8, 0x7c, 0x74, 0x3e, 0x33, 0x3b, 0xbc, 0x77, + 0xf8, 0x77, 0x1f, 0x70, 0x46, 0x4f, 0x43, 0x6a, 0x60, 0x49}, + // 9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem + // a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem + // fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem + {0xd3, 0x4b, 0x25, 0x5b, 0x2f, 0xe7, 0xd1, 0xa0, 0x96, 0x56, 0xcb, + 0xab, 0x64, 0x09, 0xf7, 0x3c, 0x79, 0x6e, 0xc7, 0xd6, 0x6a, 0xf7, + 0x36, 0x53, 0xec, 0xc3, 0x9a, 0xf9, 0x78, 0x29, 0x73, 0x10}, + // 4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem + {0xd6, 0xa1, 0x84, 0x43, 0xd3, 0x48, 0xdb, 0x99, 0x4f, 0x93, 0x4c, + 0xcd, 0x8e, 0x63, 0x5d, 0x83, 0x3a, 0x27, 0xac, 0x1e, 0x56, 0xf8, + 0xaf, 0xaf, 0x7c, 0x97, 0xcb, 0x4f, 0x43, 0xea, 0xb6, 0x8b}, + // d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem + {0xdb, 0x15, 0xc0, 0x06, 0x2b, 0x52, 0x0f, 0x31, 0x8a, 0x19, 0xda, + 0xcf, 0xec, 0xd6, 0x4f, 0x9e, 0x7a, 0x3f, 0xbe, 0x60, 0x9f, 0xd5, + 0x86, 0x79, 0x6f, 0x20, 0xae, 0x02, 0x8e, 0x8e, 0x30, 0x58}, + // 2a4397aafa6227fa11f9f9d76ecbb022b0a4494852c2b93fb2085c8afb19b62a.pem + {0xdb, 0x1d, 0x13, 0xec, 0x42, 0xa2, 0xcb, 0xa3, 0x67, 0x3b, 0xa6, + 0x7a, 0xf2, 0xde, 0xf8, 0x12, 0xe9, 0xc3, 0x55, 0x66, 0x61, 0x75, + 0x76, 0xd9, 0x5b, 0x4d, 0x6f, 0xac, 0xe3, 0xef, 0x0a, 0xe8}, + // 3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem + {0xdd, 0x3e, 0xeb, 0x77, 0x9b, 0xee, 0x07, 0xf9, 0xef, 0xda, 0xc3, + 0x82, 0x40, 0x8b, 0x28, 0xd1, 0x42, 0xfa, 0x84, 0x2c, 0x78, 0xe8, + 0xbc, 0x0e, 0x33, 0x34, 0x8d, 0x57, 0xb9, 0x2f, 0x05, 0x83}, + // c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem + {0xde, 0x8f, 0x05, 0x07, 0x4e, 0xc0, 0x31, 0x8e, 0x7e, 0x7e, 0x8d, + 0x31, 0x90, 0xda, 0xe8, 0xb0, 0x08, 0x94, 0xf0, 0xe8, 0xdd, 0xdf, + 0xd3, 0x91, 0x3d, 0x01, 0x75, 0x9b, 0x4f, 0x79, 0xb0, 0x5d}, + // c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem + // e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem + {0xe4, 0x2f, 0x24, 0xbd, 0x4d, 0x37, 0xf4, 0xaa, 0x2e, 0x56, 0xb9, + 0x79, 0xd8, 0x3d, 0x1e, 0x65, 0x21, 0x9f, 0xe0, 0xe9, 0xe3, 0xa3, + 0x82, 0xa1, 0xb3, 0xcb, 0x66, 0xc9, 0x39, 0x55, 0xde, 0x75}, + // e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem + {0xe6, 0xe1, 0x36, 0xc8, 0x61, 0x54, 0xf3, 0x2c, 0x3e, 0x49, 0xf4, + 0x7c, 0xfc, 0x6b, 0x33, 0x8f, 0xf2, 0xdc, 0x61, 0xce, 0x14, 0xfc, + 0x75, 0x89, 0xb3, 0xb5, 0x6a, 0x14, 0x50, 0x13, 0x27, 0x01}, + // 3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem + {0xe7, 0xb9, 0x32, 0xae, 0x7e, 0x9b, 0xdc, 0x70, 0x1d, 0x77, 0x1d, + 0x6f, 0x39, 0xe8, 0xa6, 0x53, 0x44, 0x9e, 0xea, 0x43, 0xbd, 0xb4, + 0x7b, 0xd9, 0x10, 0x22, 0x95, 0x0d, 0x91, 0x79, 0xd8, 0x7e}, + // 5ccaf9f8f2bb3a0d215922eca383354b6ee3c62407ed32e30f6fb2618edeea10.pem + {0xe8, 0x49, 0xc7, 0x17, 0x6c, 0x93, 0xdf, 0x65, 0xf6, 0x4b, 0x61, + 0x69, 0x82, 0x36, 0x6e, 0x56, 0x63, 0x11, 0x78, 0x12, 0xb6, 0xfa, + 0x2b, 0xc0, 0xc8, 0xfa, 0x8a, 0xea, 0xee, 0x41, 0x81, 0xcc}, + // ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key + {0xea, 0x08, 0xc8, 0xd4, 0x5d, 0x52, 0xca, 0x59, 0x3d, 0xe5, 0x24, + 0xf0, 0x51, 0x3c, 0xa6, 0x41, 0x8d, 0xa9, 0x85, 0x9f, 0x7b, 0x08, + 0xef, 0x13, 0xff, 0x9d, 0xd7, 0xbf, 0x61, 0x2d, 0x6a, 0x37}, + // d40e9c86cd8fe468c1776959f49ea774fa548684b6c406f3909261f4dce2575c.pem + {0xea, 0x87, 0xf4, 0x62, 0xde, 0xef, 0xff, 0xbd, 0x77, 0x75, 0xaa, + 0x2a, 0x4b, 0x7e, 0x0f, 0xcb, 0x91, 0xc2, 0x2e, 0xee, 0x6d, 0xf6, + 0x9e, 0xd9, 0x01, 0x00, 0xcc, 0xc7, 0x3b, 0x31, 0x14, 0x76}, + // 60911c79835c3739432d08c45df64311e06985c5889dc5420ce3d142c8c7ef58.pem + {0xef, 0x55, 0x12, 0x84, 0x71, 0x52, 0x32, 0xde, 0x92, 0xe2, 0x46, + 0xc3, 0x23, 0x32, 0x93, 0x62, 0xb1, 0x32, 0x49, 0x3b, 0xb1, 0x6b, + 0x58, 0x9e, 0x47, 0x75, 0x52, 0x0b, 0xeb, 0x87, 0x1a, 0x56}, + // 31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem + {0xf0, 0x34, 0xf6, 0x42, 0xca, 0x1d, 0x9e, 0x88, 0xe9, 0xef, 0xea, + 0xfc, 0xb1, 0x5c, 0x7c, 0x93, 0x7a, 0xa1, 0x9e, 0x04, 0xb0, 0x80, + 0xf2, 0x73, 0x35, 0xe1, 0xda, 0x70, 0xd1, 0xca, 0x12, 0x01}, + // 83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem + {0xf2, 0xbb, 0xe0, 0x4c, 0x5d, 0xc7, 0x0d, 0x76, 0x3e, 0x89, 0xc5, + 0xa0, 0x52, 0x70, 0x48, 0xcd, 0x9e, 0xcd, 0x39, 0xeb, 0x62, 0x1e, + 0x20, 0x72, 0xff, 0x9a, 0x5f, 0x84, 0x32, 0x57, 0x1a, 0xa0}, + // 2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem + {0xf3, 0x0e, 0x8f, 0x61, 0x01, 0x1d, 0x65, 0x87, 0x3c, 0xcb, 0x81, + 0xb4, 0x0f, 0xa6, 0x21, 0x97, 0x49, 0xb9, 0x94, 0xf0, 0x1f, 0xa2, + 0x4d, 0x02, 0x01, 0xd5, 0x21, 0xc2, 0x43, 0x56, 0x03, 0xca}, + // 0d90cd8e35209b4cefebdd62b644bed8eb55c74dddff26e75caf8ae70491f0bd.pem + {0xf5, 0x29, 0x3d, 0x47, 0xed, 0x38, 0xd4, 0xc3, 0x1b, 0x2d, 0x42, + 0xde, 0xe3, 0xb5, 0xb3, 0xac, 0xe9, 0x7c, 0xa2, 0x6c, 0xa2, 0xac, + 0x03, 0x65, 0xe3, 0x62, 0x2e, 0xe8, 0x02, 0x13, 0x1f, 0xbb}, + // 67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem + {0xfa, 0x00, 0xbe, 0xc7, 0x3d, 0xd9, 0x97, 0x95, 0xdf, 0x11, 0x62, + 0xc7, 0x89, 0x98, 0x70, 0x04, 0xc2, 0x6c, 0xbf, 0x90, 0xaf, 0x4d, + 0xb4, 0x42, 0xf6, 0x62, 0x20, 0xde, 0x41, 0x35, 0x4a, 0xc9}, + // a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem + {0xfc, 0xd7, 0x6c, 0xca, 0x23, 0x47, 0xe5, 0xcd, 0x5b, 0x39, 0x34, + 0x7f, 0x51, 0xcf, 0x43, 0x65, 0x4b, 0x69, 0xa2, 0xbf, 0xc9, 0x07, + 0x36, 0x70, 0xa6, 0xbe, 0x47, 0xd8, 0x70, 0x1e, 0x6e, 0x0e}, + // 44a244105569a730791f509b24c3d7838a462216bb0f560ef87fbe76c2e6005a.pem + {0xb0, 0xfc, 0xce, 0x78, 0xc1, 0x66, 0x4e, 0x29, 0x35, 0x44, 0xc1, + 0x43, 0xe3, 0xd2, 0x68, 0x9f, 0x72, 0x3f, 0x5b, 0x6e, 0x63, 0x17, + 0x10, 0x7e, 0x16, 0x3d, 0x22, 0xba, 0x80, 0x69, 0x79, 0x4a}, + // 0230a604d99220e5612ee7862ab9f7a6e18e4f1ac4c9e27075788cc5220169ab.pem + {0xc5, 0x62, 0x17, 0xb7, 0xa8, 0x28, 0xc7, 0x34, 0x1c, 0x0a, 0xe7, + 0xa5, 0x90, 0xd8, 0x79, 0x0d, 0x4d, 0xef, 0x53, 0x66, 0x52, 0xe6, + 0x0a, 0xe5, 0xb8, 0xbd, 0xfa, 0x26, 0x97, 0x8f, 0xe0, 0x9c}, + // 06fd20629c143b9eab28d2799caefc5d23fde267d16c631e3f5b8b4bab3f68e6.pem + {0xe4, 0x7c, 0x5c, 0xd2, 0xdc, 0x8b, 0xab, 0xb4, 0xe5, 0x3f, 0x8a, + 0x49, 0x83, 0x92, 0x02, 0x75, 0xef, 0x6f, 0xfa, 0xac, 0xb0, 0x89, + 0xe8, 0x7a, 0x2c, 0x1f, 0xbe, 0x5a, 0x58, 0x5f, 0x05, 0xed}, + // 0bd39de4793cdc117138f47708aa4d583acf67adb059a0d91f668d1803bf6489.pem + {0x39, 0x73, 0x65, 0x88, 0xb9, 0x4a, 0x4c, 0xe7, 0x67, 0xf7, 0x31, + 0xca, 0xd5, 0x3f, 0x4c, 0xbe, 0x44, 0x13, 0x7e, 0x32, 0x1e, 0xad, + 0xca, 0xef, 0x8c, 0xe7, 0x9a, 0x22, 0x9b, 0xbc, 0xa9, 0x89}, + // c95c133b68319ee516b5f41e377f589878af1556567cc2834ef03b1d10830fd3.pem + {0xea, 0x12, 0x70, 0x5d, 0xe7, 0xc4, 0x8f, 0x6f, 0xcc, 0xe2, 0xcb, + 0x8d, 0xbc, 0x54, 0x2e, 0x0f, 0xc3, 0x8a, 0xc3, 0x8e, 0x08, 0x88, + 0x0d, 0xd0, 0x4a, 0x02, 0xef, 0x67, 0xc9, 0x3a, 0xe1, 0x35}, + // 29abf614b2870ed70df11225e9ae2068e3074eb9845ae252c2064e31ce9fe8a1.pem + {0xa6, 0xac, 0xa1, 0xec, 0x98, 0x09, 0xcc, 0x5b, 0x48, 0x21, 0xff, + 0x9d, 0x29, 0xc5, 0xeb, 0xe6, 0x51, 0x96, 0x0b, 0x91, 0xb1, 0xf1, + 0x9c, 0xc8, 0x9b, 0x55, 0xef, 0x87, 0x81, 0x8a, 0x95, 0x09}, +}; + +// Hashes of SubjectPublicKeyInfos known to be used for interception by a +// party other than the device or machine owner. +static constexpr uint8_t kKnownInterceptionList[][SHA256_DIGEST_LENGTH] = { + // 1df696f021ab1c3ace9a376b07ed7256a40214cd3396d7934087614924e2d7ef.pem + {0xb1, 0x3f, 0xa2, 0xe6, 0x13, 0x1a, 0x88, 0x8a, 0x01, 0xf3, 0xd6, 0x20, + 0x56, 0xfb, 0x0e, 0xfb, 0xe9, 0x99, 0xeb, 0x6b, 0x6e, 0x14, 0x92, 0x76, + 0x13, 0xe0, 0x2b, 0xa8, 0xb8, 0xfb, 0x04, 0x6e}, + // 61c0fc2e38b5b6f9071b42cee54a9013d858b6697c68b460948551b3249576a1.pem + {0x8e, 0x12, 0xd0, 0xcb, 0x3b, 0x7d, 0xf3, 0xea, 0x22, 0x57, 0x57, 0x94, + 0x89, 0xfd, 0x86, 0x58, 0xc9, 0x56, 0x03, 0xea, 0x6c, 0xf4, 0xb7, 0x31, + 0x63, 0xa4, 0x1e, 0xb7, 0xb7, 0xe9, 0x3f, 0xee}, + // 143315c857a9386973ed16840899c3f96b894a7a612c444efb691f14b0dedd87.pem + {0xa4, 0xe9, 0xaf, 0x01, 0x41, 0x6e, 0x3a, 0x02, 0x9b, 0x5d, 0x35, 0xe5, + 0xb1, 0x19, 0xde, 0x00, 0xcf, 0xe1, 0x56, 0xc5, 0xcf, 0x95, 0xfc, 0x82, + 0x3c, 0xf6, 0xd0, 0x5e, 0x3c, 0x1a, 0x82, 0x37}, + // 44a244105569a730791f509b24c3d7838a462216bb0f560ef87fbe76c2e6005a.pem + {0xb0, 0xfc, 0xce, 0x78, 0xc1, 0x66, 0x4e, 0x29, 0x35, 0x44, 0xc1, 0x43, + 0xe3, 0xd2, 0x68, 0x9f, 0x72, 0x3f, 0x5b, 0x6e, 0x63, 0x17, 0x10, 0x7e, + 0x16, 0x3d, 0x22, 0xba, 0x80, 0x69, 0x79, 0x4a}, + // 0230a604d99220e5612ee7862ab9f7a6e18e4f1ac4c9e27075788cc5220169ab.pem + {0xc5, 0x62, 0x17, 0xb7, 0xa8, 0x28, 0xc7, 0x34, 0x1c, 0x0a, 0xe7, 0xa5, + 0x90, 0xd8, 0x79, 0x0d, 0x4d, 0xef, 0x53, 0x66, 0x52, 0xe6, 0x0a, 0xe5, + 0xb8, 0xbd, 0xfa, 0x26, 0x97, 0x8f, 0xe0, 0x9c}, + // 06fd20629c143b9eab28d2799caefc5d23fde267d16c631e3f5b8b4bab3f68e6.pem + {0xe4, 0x7c, 0x5c, 0xd2, 0xdc, 0x8b, 0xab, 0xb4, 0xe5, 0x3f, 0x8a, 0x49, + 0x83, 0x92, 0x02, 0x75, 0xef, 0x6f, 0xfa, 0xac, 0xb0, 0x89, 0xe8, 0x7a, + 0x2c, 0x1f, 0xbe, 0x5a, 0x58, 0x5f, 0x05, 0xed}, + // 0bd39de4793cdc117138f47708aa4d583acf67adb059a0d91f668d1803bf6489.pem + {0x39, 0x73, 0x65, 0x88, 0xb9, 0x4a, 0x4c, 0xe7, 0x67, 0xf7, 0x31, + 0xca, 0xd5, 0x3f, 0x4c, 0xbe, 0x44, 0x13, 0x7e, 0x32, 0x1e, 0xad, + 0xca, 0xef, 0x8c, 0xe7, 0x9a, 0x22, 0x9b, 0xbc, 0xa9, 0x89}, + // c95c133b68319ee516b5f41e377f589878af1556567cc2834ef03b1d10830fd3.pem + {0xea, 0x12, 0x70, 0x5d, 0xe7, 0xc4, 0x8f, 0x6f, 0xcc, 0xe2, 0xcb, 0x8d, + 0xbc, 0x54, 0x2e, 0x0f, 0xc3, 0x8a, 0xc3, 0x8e, 0x08, 0x88, 0x0d, 0xd0, + 0x4a, 0x02, 0xef, 0x67, 0xc9, 0x3a, 0xe1, 0x35}, +}; diff --git a/pki/certificate_policies.cc b/pki/certificate_policies.cc new file mode 100644 index 0000000000..5e25cd9527 --- /dev/null +++ b/pki/certificate_policies.cc @@ -0,0 +1,372 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include + +#include "certificate_policies.h" + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include "tag.h" + +namespace bssl { + +namespace { + +// --------------------------------------------------------------- +// Errors +// --------------------------------------------------------------- + +DEFINE_CERT_ERROR_ID(kPolicyQualifiersEmptySequence, + "The policy qualifiers SEQUENCE is empty"); +DEFINE_CERT_ERROR_ID(kUnknownPolicyQualifierOid, + "Unknown policy qualifier OID (not CPS or User Notice)"); +DEFINE_CERT_ERROR_ID(kPoliciesEmptySequence, "Policies is an empty SEQUENCE"); +DEFINE_CERT_ERROR_ID(kPoliciesDuplicateOid, "Policies contains duplicate OIDs"); +DEFINE_CERT_ERROR_ID(kPolicyInformationTrailingData, + "PolicyInformation has trailing data"); +DEFINE_CERT_ERROR_ID(kFailedParsingPolicyQualifiers, + "Failed parsing policy qualifiers"); +DEFINE_CERT_ERROR_ID(kMissingQualifier, + "PolicyQualifierInfo is missing qualifier"); +DEFINE_CERT_ERROR_ID(kPolicyQualifierInfoTrailingData, + "PolicyQualifierInfo has trailing data"); + +// Minimally parse policyQualifiers, storing in |policy_qualifiers| if non-null. +// If a policy qualifier other than User Notice/CPS is present, parsing +// will fail if |restrict_to_known_qualifiers| was set to true. +bool ParsePolicyQualifiers(bool restrict_to_known_qualifiers, + der::Parser* policy_qualifiers_sequence_parser, + std::vector* policy_qualifiers, + CertErrors* errors) { + DCHECK(errors); + + // If it is present, the policyQualifiers sequence should have at least 1 + // element. + // + // policyQualifiers SEQUENCE SIZE (1..MAX) OF + // PolicyQualifierInfo OPTIONAL } + if (!policy_qualifiers_sequence_parser->HasMore()) { + errors->AddError(kPolicyQualifiersEmptySequence); + return false; + } + while (policy_qualifiers_sequence_parser->HasMore()) { + // PolicyQualifierInfo ::= SEQUENCE { + der::Parser policy_information_parser; + if (!policy_qualifiers_sequence_parser->ReadSequence( + &policy_information_parser)) { + return false; + } + // policyQualifierId PolicyQualifierId, + der::Input qualifier_oid; + if (!policy_information_parser.ReadTag(der::kOid, &qualifier_oid)) + return false; + if (restrict_to_known_qualifiers && + qualifier_oid != der::Input(kCpsPointerId) && + qualifier_oid != der::Input(kUserNoticeId)) { + errors->AddError(kUnknownPolicyQualifierOid, + CreateCertErrorParams1Der("oid", qualifier_oid)); + return false; + } + // qualifier ANY DEFINED BY policyQualifierId } + der::Input qualifier_tlv; + if (!policy_information_parser.ReadRawTLV(&qualifier_tlv)) { + errors->AddError(kMissingQualifier); + return false; + } + // Should not have trailing data after qualifier. + if (policy_information_parser.HasMore()) { + errors->AddError(kPolicyQualifierInfoTrailingData); + return false; + } + + if (policy_qualifiers) + policy_qualifiers->push_back({qualifier_oid, qualifier_tlv}); + } + return true; +} + +// RFC 5280 section 4.2.1.4. Certificate Policies: +// +// certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation +// +// PolicyInformation ::= SEQUENCE { +// policyIdentifier CertPolicyId, +// policyQualifiers SEQUENCE SIZE (1..MAX) OF +// PolicyQualifierInfo OPTIONAL } +// +// CertPolicyId ::= OBJECT IDENTIFIER +// +// PolicyQualifierInfo ::= SEQUENCE { +// policyQualifierId PolicyQualifierId, +// qualifier ANY DEFINED BY policyQualifierId } +// +// PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) +// +// Qualifier ::= CHOICE { +// cPSuri CPSuri, +// userNotice UserNotice } +// +// CPSuri ::= IA5String +// +// UserNotice ::= SEQUENCE { +// noticeRef NoticeReference OPTIONAL, +// explicitText DisplayText OPTIONAL } +// +// NoticeReference ::= SEQUENCE { +// organization DisplayText, +// noticeNumbers SEQUENCE OF INTEGER } +// +// DisplayText ::= CHOICE { +// ia5String IA5String (SIZE (1..200)), +// visibleString VisibleString (SIZE (1..200)), +// bmpString BMPString (SIZE (1..200)), +// utf8String UTF8String (SIZE (1..200)) } +bool ParseCertificatePoliciesExtensionImpl( + const der::Input& extension_value, + bool fail_parsing_unknown_qualifier_oids, + std::vector* policy_oids, + std::vector* policy_informations, + CertErrors* errors) { + DCHECK(policy_oids); + DCHECK(errors); + // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + der::Parser extension_parser(extension_value); + der::Parser policies_sequence_parser; + if (!extension_parser.ReadSequence(&policies_sequence_parser)) + return false; + // Should not have trailing data after certificatePolicies sequence. + if (extension_parser.HasMore()) + return false; + // The certificatePolicies sequence should have at least 1 element. + if (!policies_sequence_parser.HasMore()) { + errors->AddError(kPoliciesEmptySequence); + return false; + } + + policy_oids->clear(); + if (policy_informations) + policy_informations->clear(); + + while (policies_sequence_parser.HasMore()) { + // PolicyInformation ::= SEQUENCE { + der::Parser policy_information_parser; + if (!policies_sequence_parser.ReadSequence(&policy_information_parser)) + return false; + // policyIdentifier CertPolicyId, + der::Input policy_oid; + if (!policy_information_parser.ReadTag(der::kOid, &policy_oid)) + return false; + + policy_oids->push_back(policy_oid); + + std::vector* policy_qualifiers = nullptr; + if (policy_informations) { + policy_informations->emplace_back(); + policy_informations->back().policy_oid = policy_oid; + policy_qualifiers = &policy_informations->back().policy_qualifiers; + } + + if (!policy_information_parser.HasMore()) + continue; + + // policyQualifiers SEQUENCE SIZE (1..MAX) OF + // PolicyQualifierInfo OPTIONAL } + der::Parser policy_qualifiers_sequence_parser; + if (!policy_information_parser.ReadSequence( + &policy_qualifiers_sequence_parser)) { + return false; + } + // Should not have trailing data after policyQualifiers sequence. + if (policy_information_parser.HasMore()) { + errors->AddError(kPolicyInformationTrailingData); + return false; + } + + // RFC 5280 section 4.2.1.4: When qualifiers are used with the special + // policy anyPolicy, they MUST be limited to the qualifiers identified in + // this section. + if (!ParsePolicyQualifiers(fail_parsing_unknown_qualifier_oids || + policy_oid == der::Input(kAnyPolicyOid), + &policy_qualifiers_sequence_parser, + policy_qualifiers, errors)) { + errors->AddError(kFailedParsingPolicyQualifiers); + return false; + } + } + + // RFC 5280 section 4.2.1.4: A certificate policy OID MUST NOT appear more + // than once in a certificate policies extension. + std::sort(policy_oids->begin(), policy_oids->end()); + auto dupe_policy_iter = + std::adjacent_find(policy_oids->begin(), policy_oids->end()); + if (dupe_policy_iter != policy_oids->end()) { + errors->AddError(kPoliciesDuplicateOid, + CreateCertErrorParams1Der("oid", *dupe_policy_iter)); + return false; + } + + return true; +} + +} // namespace + +PolicyInformation::PolicyInformation() = default; +PolicyInformation::~PolicyInformation() = default; +PolicyInformation::PolicyInformation(const PolicyInformation&) = default; +PolicyInformation::PolicyInformation(PolicyInformation&&) = default; + +bool ParseCertificatePoliciesExtension(const der::Input& extension_value, + std::vector* policies, + CertErrors* errors) { + std::vector unused_policy_oids; + return ParseCertificatePoliciesExtensionImpl( + extension_value, /*fail_parsing_unknown_qualifier_oids=*/false, + &unused_policy_oids, policies, errors); +} + +bool ParseCertificatePoliciesExtensionOids( + const der::Input& extension_value, + bool fail_parsing_unknown_qualifier_oids, + std::vector* policy_oids, + CertErrors* errors) { + return ParseCertificatePoliciesExtensionImpl( + extension_value, fail_parsing_unknown_qualifier_oids, policy_oids, + nullptr, errors); +} + +// From RFC 5280: +// +// PolicyConstraints ::= SEQUENCE { +// requireExplicitPolicy [0] SkipCerts OPTIONAL, +// inhibitPolicyMapping [1] SkipCerts OPTIONAL } +// +// SkipCerts ::= INTEGER (0..MAX) +bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, + ParsedPolicyConstraints* out) { + der::Parser parser(policy_constraints_tlv); + + // PolicyConstraints ::= SEQUENCE { + der::Parser sequence_parser; + if (!parser.ReadSequence(&sequence_parser)) + return false; + + // RFC 5280 prohibits CAs from issuing PolicyConstraints as an empty sequence: + // + // Conforming CAs MUST NOT issue certificates where policy constraints + // is an empty sequence. That is, either the inhibitPolicyMapping field + // or the requireExplicitPolicy field MUST be present. The behavior of + // clients that encounter an empty policy constraints field is not + // addressed in this profile. + if (!sequence_parser.HasMore()) + return false; + + std::optional require_value; + if (!sequence_parser.ReadOptionalTag(der::ContextSpecificPrimitive(0), + &require_value)) { + return false; + } + + if (require_value) { + uint8_t require_explicit_policy; + if (!ParseUint8(require_value.value(), &require_explicit_policy)) { + // TODO(eroman): Surface reason for failure if length was longer than + // uint8. + return false; + } + out->require_explicit_policy = require_explicit_policy; + } + + std::optional inhibit_value; + if (!sequence_parser.ReadOptionalTag(der::ContextSpecificPrimitive(1), + &inhibit_value)) { + return false; + } + + if (inhibit_value) { + uint8_t inhibit_policy_mapping; + if (!ParseUint8(inhibit_value.value(), &inhibit_policy_mapping)) { + // TODO(eroman): Surface reason for failure if length was longer than + // uint8. + return false; + } + out->inhibit_policy_mapping = inhibit_policy_mapping; + } + + // There should be no remaining data. + if (sequence_parser.HasMore() || parser.HasMore()) + return false; + + return true; +} + +// From RFC 5280: +// +// InhibitAnyPolicy ::= SkipCerts +// +// SkipCerts ::= INTEGER (0..MAX) +bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, + uint8_t* num_certs) { + der::Parser parser(inhibit_any_policy_tlv); + + // TODO(eroman): Surface reason for failure if length was longer than uint8. + if (!parser.ReadUint8(num_certs)) + return false; + + // There should be no remaining data. + if (parser.HasMore()) + return false; + + return true; +} + +// From RFC 5280: +// +// PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { +// issuerDomainPolicy CertPolicyId, +// subjectDomainPolicy CertPolicyId } +bool ParsePolicyMappings(const der::Input& policy_mappings_tlv, + std::vector* mappings) { + mappings->clear(); + + der::Parser parser(policy_mappings_tlv); + + // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { + der::Parser sequence_parser; + if (!parser.ReadSequence(&sequence_parser)) + return false; + + // Must be at least 1 mapping. + if (!sequence_parser.HasMore()) + return false; + + while (sequence_parser.HasMore()) { + der::Parser mapping_parser; + if (!sequence_parser.ReadSequence(&mapping_parser)) + return false; + + ParsedPolicyMapping mapping; + if (!mapping_parser.ReadTag(der::kOid, &mapping.issuer_domain_policy)) + return false; + if (!mapping_parser.ReadTag(der::kOid, &mapping.subject_domain_policy)) + return false; + + // There shouldn't be extra unconsumed data. + if (mapping_parser.HasMore()) + return false; + + mappings->push_back(mapping); + } + + // There shouldn't be extra unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +} // namespace net diff --git a/pki/certificate_policies.h b/pki/certificate_policies.h new file mode 100644 index 0000000000..60767c6bbf --- /dev/null +++ b/pki/certificate_policies.h @@ -0,0 +1,136 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CERTIFICATE_POLICIES_H_ +#define BSSL_PKI_CERTIFICATE_POLICIES_H_ + +#include "fillins/openssl_util.h" +#include + +#include + + +#include "input.h" +#include + +namespace bssl { + +class CertErrors; + +// Returns the DER-encoded OID, without tag or length, of the anyPolicy +// certificate policy defined in RFC 5280 section 4.2.1.4. +inline constexpr uint8_t kAnyPolicyOid[] = {0x55, 0x1D, 0x20, 0x00}; + +// From RFC 5280: +// +// id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } +// +// In dotted notation: 2.5.29.54 +inline constexpr uint8_t kInhibitAnyPolicyOid[] = {0x55, 0x1d, 0x36}; + +// From RFC 5280: +// +// id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } +// +// In dotted notation: 2.5.29.33 +inline constexpr uint8_t kPolicyMappingsOid[] = {0x55, 0x1d, 0x21}; + +// -- policyQualifierIds for Internet policy qualifiers +// +// id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } +// id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } +// +// In dotted decimal form: 1.3.6.1.5.5.7.2.1 +inline constexpr uint8_t kCpsPointerId[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x02, 0x01}; + +// id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } +// +// In dotted decimal form: 1.3.6.1.5.5.7.2.2 +inline constexpr uint8_t kUserNoticeId[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x02, 0x02}; + +struct PolicyQualifierInfo { + der::Input qualifier_oid; + der::Input qualifier; +}; + +struct OPENSSL_EXPORT PolicyInformation { + PolicyInformation(); + ~PolicyInformation(); + PolicyInformation(const PolicyInformation&); + PolicyInformation(PolicyInformation&&); + + der::Input policy_oid; + std::vector policy_qualifiers; +}; + +// Parses a certificatePolicies extension and stores the policy information +// |*policies|, in the order presented in |extension_value|. +// +// Returns true on success. On failure returns false and may add errors to +// |errors|, which must be non-null. +// +// The values in |policies| are only valid as long as |extension_value| is (as +// it references data). +OPENSSL_EXPORT bool ParseCertificatePoliciesExtension( + const der::Input& extension_value, + std::vector* policies, + CertErrors* errors); + +// Parses a certificatePolicies extension and stores the policy OIDs in +// |*policy_oids|, in sorted order. +// +// If policyQualifiers for User Notice or CPS are present then they are +// ignored (RFC 5280 section 4.2.1.4 says "optional qualifiers, which MAY +// be present, are not expected to change the definition of the policy." +// +// If a policy qualifier other than User Notice/CPS is present, parsing +// will fail if |fail_parsing_unknown_qualifier_oids| was set to true, +// otherwise the unrecognized qualifiers wil be skipped and not parsed +// any further. +// +// Returns true on success. On failure returns false and may add errors to +// |errors|, which must be non-null. +// +// The values in |policy_oids| are only valid as long as |extension_value| is +// (as it references data). +OPENSSL_EXPORT bool ParseCertificatePoliciesExtensionOids( + const der::Input& extension_value, + bool fail_parsing_unknown_qualifier_oids, + std::vector* policy_oids, + CertErrors* errors); + +struct ParsedPolicyConstraints { + std::optional require_explicit_policy; + + std::optional inhibit_policy_mapping; +}; + +// Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on +// success, and sets |out|. +[[nodiscard]] OPENSSL_EXPORT bool ParsePolicyConstraints( + const der::Input& policy_constraints_tlv, + ParsedPolicyConstraints* out); + +// Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, +// and sets |num_certs|. +[[nodiscard]] OPENSSL_EXPORT bool ParseInhibitAnyPolicy( + const der::Input& inhibit_any_policy_tlv, + uint8_t* num_certs); + +struct ParsedPolicyMapping { + der::Input issuer_domain_policy; + der::Input subject_domain_policy; +}; + +// Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on +// success, and sets |mappings|. +[[nodiscard]] OPENSSL_EXPORT bool ParsePolicyMappings( + const der::Input& policy_mappings_tlv, + std::vector* mappings); + +} // namespace net + +#endif // BSSL_PKI_CERTIFICATE_POLICIES_H_ diff --git a/pki/certificate_policies_unittest.cc b/pki/certificate_policies_unittest.cc new file mode 100644 index 0000000000..af9332c698 --- /dev/null +++ b/pki/certificate_policies_unittest.cc @@ -0,0 +1,313 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "certificate_policies.h" + +#include "test_helpers.h" +#include "input.h" +#include "parser.h" +#include + +namespace bssl { +namespace { + +::testing::AssertionResult LoadTestData(const std::string& name, + std::string* result) { + std::string path = "testdata/certificate_policies_unittest/" + name; + + const PemBlockMapping mappings[] = { + {"CERTIFICATE POLICIES", result}, + }; + + return ReadTestDataFromPemFile(path, mappings); +} + +const uint8_t policy_1_2_3_der[] = {0x2A, 0x03}; +const uint8_t policy_1_2_4_der[] = {0x2A, 0x04}; + +class ParseCertificatePoliciesExtensionOidsTest + : public testing::TestWithParam { + protected: + bool fail_parsing_unknown_qualifier_oids() const { return GetParam(); } +}; + +// Run the tests with all possible values for +// |fail_parsing_unknown_qualifier_oids|. +INSTANTIATE_TEST_SUITE_P(All, + ParseCertificatePoliciesExtensionOidsTest, + testing::Bool()); + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidEmpty) { + std::string der; + ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidIdentifierNotOid) { + std::string der; + ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicy) { + std::string der; + ASSERT_TRUE(LoadTestData("anypolicy.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(1U, policies.size()); + EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicyWithQualifier) { + std::string der; + ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(1U, policies.size()); + EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + InvalidAnyPolicyWithCustomQualifier) { + std::string der; + ASSERT_TRUE( + LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicy) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(1U, policies.size()); + EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicyWithQualifier) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(1U, policies.size()); + EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + OnePolicyWithCustomQualifier) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der)); + std::vector policies; + CertErrors errors; + bool result = ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors); + + if (fail_parsing_unknown_qualifier_oids()) { + EXPECT_FALSE(result); + } else { + EXPECT_TRUE(result); + ASSERT_EQ(1U, policies.size()); + EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); + } +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + InvalidPolicyWithDuplicatePolicyOid) { + std::string der; + ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + InvalidPolicyWithEmptyQualifiersSequence) { + std::string der; + ASSERT_TRUE(LoadTestData( + "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + InvalidPolicyInformationHasUnconsumedData) { + std::string der; + ASSERT_TRUE(LoadTestData( + "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, + InvalidPolicyQualifierInfoHasUnconsumedData) { + std::string der; + ASSERT_TRUE(LoadTestData( + "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPolicies) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(2U, policies.size()); + EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); + EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); +} + +TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPoliciesWithQualifiers) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE(ParseCertificatePoliciesExtensionOids( + der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies, + &errors)); + ASSERT_EQ(2U, policies.size()); + EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); + EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); +} + +TEST(ParseCertificatePoliciesExtensionTest, InvalidEmpty) { + std::string der; + ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE( + ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors)); +} + +TEST(ParseCertificatePoliciesExtensionTest, + InvalidPolicyWithDuplicatePolicyOid) { + std::string der; + ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_FALSE( + ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors)); +} + +TEST(ParseCertificatePoliciesExtensionTest, OnePolicyWithCustomQualifier) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE( + ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors)); + ASSERT_EQ(1U, policies.size()); + PolicyInformation& policy = policies[0]; + EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid); + + ASSERT_EQ(1U, policy.policy_qualifiers.size()); + PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0]; + // 1.2.3.4 + const uint8_t kExpectedQualifierOid[] = {0x2a, 0x03, 0x04}; + EXPECT_EQ(der::Input(kExpectedQualifierOid), qualifier.qualifier_oid); + // UTF8String { "hi" } + const uint8_t kExpectedQualifier[] = {0x0c, 0x02, 0x68, 0x69}; + EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier); +} + +TEST(ParseCertificatePoliciesExtensionTest, TwoPolicies) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE( + ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors)); + ASSERT_EQ(2U, policies.size()); + { + PolicyInformation& policy = policies[0]; + EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid); + EXPECT_EQ(0U, policy.policy_qualifiers.size()); + } + { + PolicyInformation& policy = policies[1]; + EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid); + EXPECT_EQ(0U, policy.policy_qualifiers.size()); + } +} + +TEST(ParseCertificatePoliciesExtensionTest, TwoPoliciesWithQualifiers) { + std::string der; + ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der)); + std::vector policies; + CertErrors errors; + EXPECT_TRUE( + ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors)); + ASSERT_EQ(2U, policies.size()); + { + PolicyInformation& policy = policies[0]; + EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid); + ASSERT_EQ(1U, policy.policy_qualifiers.size()); + PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0]; + EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid); + // IA5String { "https://example.com/1_2_3" } + const uint8_t kExpectedQualifier[] = { + 0x16, 0x19, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, + 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x33}; + EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier); + } + { + PolicyInformation& policy = policies[1]; + EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid); + ASSERT_EQ(1U, policy.policy_qualifiers.size()); + PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0]; + EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid); + // IA5String { "http://example.com/1_2_4" } + const uint8_t kExpectedQualifier[] = { + 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x34}; + EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier); + } +} + +// NOTE: The tests for ParseInhibitAnyPolicy() are part of +// parsed_certificate_unittest.cc + +} // namespace +} // namespace net diff --git a/pki/common_cert_errors.cc b/pki/common_cert_errors.cc new file mode 100644 index 0000000000..4807ae0fbc --- /dev/null +++ b/pki/common_cert_errors.cc @@ -0,0 +1,85 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "common_cert_errors.h" + +namespace bssl::cert_errors { + +DEFINE_CERT_ERROR_ID(kInternalError, "Internal error"); +DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter"); +DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore"); +DEFINE_CERT_ERROR_ID(kDistrustedByTrustStore, "Distrusted by trust store"); + +DEFINE_CERT_ERROR_ID( + kSignatureAlgorithmMismatch, + "Certificate.signatureAlgorithm != TBSCertificate.signature"); + +DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty"); +DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension, + "Unconsumed critical extension"); +DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set"); +DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached"); +DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa, + "Basic Constraints indicates not a CA"); +DEFINE_CERT_ERROR_ID(kTargetCertShouldNotBeCa, + "Certificate has Basic Constraints indicating it is a CA " + "when it should not be a CA"); +DEFINE_CERT_ERROR_ID(kMissingBasicConstraints, + "Does not have Basic Constraints"); +DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints, + "Not permitted by name constraints"); +DEFINE_CERT_ERROR_ID(kTooManyNameConstraintChecks, + "Too many name constraints checks"); +DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer, + "subject does not match issuer"); +DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed"); +DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding, + "Certificate.signatureAlgorithm is encoded differently " + "than TBSCertificate.signature"); +DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth, + "The extended key usage does not include server auth"); +DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasGatedCrypto, + "The extended key usage does not include server auth but " + "instead includes Netscape Server Gated Crypto"); +DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasAnyEKU, + "The extended key usage does not include server auth but " + "instead includes anyExtendeKeyUsage"); +DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth, + "The extended key usage does not include client auth"); +DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthButHasAnyEKU, + "The extended key usage does not include client auth but " + "instead includes anyExtendedKeyUsage"); +DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthOrServerAuth, + "The extended key usage does not include client auth " + "or server auth"); +DEFINE_CERT_ERROR_ID(kEkuHasProhibitedOCSPSigning, + "The extended key usage includes OCSP signing which " + "is not permitted for this use"); +DEFINE_CERT_ERROR_ID(kEkuHasProhibitedTimeStamping, + "The extended key usage includes time stamping which " + "is not permitted for this use"); +DEFINE_CERT_ERROR_ID(kEkuHasProhibitedCodeSigning, + "The extended key usage includes code signing which " + "is not permitted for this use"); +DEFINE_CERT_ERROR_ID(kEkuNotPresent, + "Certificate does not have extended key usage"); +DEFINE_CERT_ERROR_ID(kCertIsNotTrustAnchor, + "Certificate is not a trust anchor"); +DEFINE_CERT_ERROR_ID(kNoValidPolicy, "No valid policy"); +DEFINE_CERT_ERROR_ID(kPolicyMappingAnyPolicy, + "PolicyMappings must not map anyPolicy"); +DEFINE_CERT_ERROR_ID(kFailedParsingSpki, "Couldn't parse SubjectPublicKeyInfo"); +DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm, + "Unacceptable signature algorithm"); +DEFINE_CERT_ERROR_ID(kUnacceptablePublicKey, "Unacceptable public key"); +DEFINE_CERT_ERROR_ID(kCertificateRevoked, "Certificate is revoked"); +DEFINE_CERT_ERROR_ID(kNoRevocationMechanism, + "Certificate lacks a revocation mechanism"); +DEFINE_CERT_ERROR_ID(kUnableToCheckRevocation, "Unable to check revocation"); +DEFINE_CERT_ERROR_ID(kNoIssuersFound, "No matching issuer found"); +DEFINE_CERT_ERROR_ID(kDeadlineExceeded, "Deadline exceeded"); +DEFINE_CERT_ERROR_ID(kIterationLimitExceeded, "Iteration limit exceeded"); +DEFINE_CERT_ERROR_ID(kDepthLimitExceeded, "Depth limit exceeded"); + +} // namespace net::cert_errors diff --git a/pki/common_cert_errors.h b/pki/common_cert_errors.h new file mode 100644 index 0000000000..c6cb33734b --- /dev/null +++ b/pki/common_cert_errors.h @@ -0,0 +1,164 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_COMMON_CERT_ERRORS_H_ +#define BSSL_PKI_COMMON_CERT_ERRORS_H_ + +#include "fillins/openssl_util.h" + +#include "cert_errors.h" + +// This file contains the set of "default" certificate errors (those +// defined by the core verification/path building code). +// +// Errors may be defined for other domains. +namespace bssl::cert_errors { + +// An internal error occurred which prevented path building or verification +// from finishing. +OPENSSL_EXPORT extern const CertErrorId kInternalError; + +// The verification time is after the certificate's notAfter time. +OPENSSL_EXPORT extern const CertErrorId kValidityFailedNotAfter; + +// The verification time is before the certificate's notBefore time. +OPENSSL_EXPORT extern const CertErrorId kValidityFailedNotBefore; + +// The certificate is actively distrusted by the trust store (this is separate +// from other revocation mechanisms). +OPENSSL_EXPORT extern const CertErrorId kDistrustedByTrustStore; + +// The certificate disagrees on what the signature algorithm was +// (Certificate.signatureAlgorithm != TBSCertificate.signature). +OPENSSL_EXPORT extern const CertErrorId kSignatureAlgorithmMismatch; + +// Certificate verification was called with an empty chain. +OPENSSL_EXPORT extern const CertErrorId kChainIsEmpty; + +// The certificate contains an unknown extension which is marked as critical. +OPENSSL_EXPORT extern const CertErrorId kUnconsumedCriticalExtension; + +// The target certificate appears to be a CA (has Basic Constraints CA=true) +// but is being used for TLS client or server authentication. +OPENSSL_EXPORT extern const CertErrorId kTargetCertShouldNotBeCa; + +// The certificate is being used to sign other certificates, however the +// keyCertSign KeyUsage was not set. +OPENSSL_EXPORT extern const CertErrorId kKeyCertSignBitNotSet; + +// The chain violates the max_path_length from BasicConstraints. +OPENSSL_EXPORT extern const CertErrorId kMaxPathLengthViolated; + +// The certificate being used to sign other certificates has a +// BasicConstraints extension, however it sets CA=false +OPENSSL_EXPORT extern const CertErrorId kBasicConstraintsIndicatesNotCa; + +// The certificate being used to sign other certificates does not include a +// BasicConstraints extension. +OPENSSL_EXPORT extern const CertErrorId kMissingBasicConstraints; + +// The certificate has a subject or subjectAltName that violates an issuer's +// name constraints. +OPENSSL_EXPORT extern const CertErrorId kNotPermittedByNameConstraints; + +// The chain has an excessive number of names and/or name constraints. +OPENSSL_EXPORT extern const CertErrorId kTooManyNameConstraintChecks; + +// The certificate's issuer field does not match the subject of its alleged +// issuer. +OPENSSL_EXPORT extern const CertErrorId kSubjectDoesNotMatchIssuer; + +// Failed to verify the certificate's signature using its issuer's public key. +OPENSSL_EXPORT extern const CertErrorId kVerifySignedDataFailed; + +// The certificate encodes its signature differently between +// Certificate.algorithm and TBSCertificate.signature, but it appears +// to be the same algorithm. +OPENSSL_EXPORT extern const CertErrorId kSignatureAlgorithmsDifferentEncoding; + +// The certificate verification is being done for serverAuth, however the +// certificate lacks serverAuth in its ExtendedKeyUsages. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksServerAuth; + +// The certificate verification is being done for clientAuth, however the +// certificate lacks clientAuth in its ExtendedKeyUsages. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksClientAuth; + +// The root certificate in a chain is not trusted. +OPENSSL_EXPORT extern const CertErrorId kCertIsNotTrustAnchor; + +// The chain is not valid for any policy, and an explicit policy was required. +// (Either because the relying party requested it during verificaiton, or it was +// requrested by a PolicyConstraints extension). +OPENSSL_EXPORT extern const CertErrorId kNoValidPolicy; + +// The certificate is trying to map to, or from, anyPolicy. +OPENSSL_EXPORT extern const CertErrorId kPolicyMappingAnyPolicy; + +// The public key in this certificate could not be parsed. +OPENSSL_EXPORT extern const CertErrorId kFailedParsingSpki; + +// The certificate's signature algorithm (used to verify its +// signature) is not acceptable by the consumer. What constitutes as +// "acceptable" is determined by the verification delegate. +OPENSSL_EXPORT extern const CertErrorId kUnacceptableSignatureAlgorithm; + +// The certificate's public key is not acceptable by the consumer. +// What constitutes as "acceptable" is determined by the verification delegate. +OPENSSL_EXPORT extern const CertErrorId kUnacceptablePublicKey; + +// The certificate's EKU is missing serverAuth. However Netscape Server Gated +// Crypto is present instead. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksServerAuthButHasGatedCrypto; + +// The certificate's EKU is missing serverAuth. However EKU ANY is present +// instead. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksServerAuthButHasAnyEKU; + +// The certificate's EKU is missing clientAuth. However EKU ANY is present +// instead. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksClientAuthButHasAnyEKU; + +// The certificate's EKU is missing both clientAuth and serverAuth. +OPENSSL_EXPORT extern const CertErrorId kEkuLacksClientAuthOrServerAuth; + +// The certificate's EKU has OSCP Signing when it should not. +OPENSSL_EXPORT extern const CertErrorId kEkuHasProhibitedOCSPSigning; + +// The certificate's EKU has Time Stamping when it should not. +OPENSSL_EXPORT extern const CertErrorId kEkuHasProhibitedTimeStamping; + +// The certificate's EKU has Code Signing when it should not. +OPENSSL_EXPORT extern const CertErrorId kEkuHasProhibitedCodeSigning; + +// The certificate does not have EKU. +OPENSSL_EXPORT extern const CertErrorId kEkuNotPresent; + +// The certificate has been revoked. +OPENSSL_EXPORT extern const CertErrorId kCertificateRevoked; + +// The certificate lacks a recognized revocation mechanism (i.e. OCSP/CRL). +// Emitted as an error when revocation checking expects certificates to have +// such info. +OPENSSL_EXPORT extern const CertErrorId kNoRevocationMechanism; + +// The certificate had a revocation mechanism, but when used it was unable to +// affirmatively say whether the certificate was unrevoked. +OPENSSL_EXPORT extern const CertErrorId kUnableToCheckRevocation; + +// Path building was unable to find any issuers for the certificate. +OPENSSL_EXPORT extern const CertErrorId kNoIssuersFound; + +// Deadline was reached during path building. +OPENSSL_EXPORT extern const CertErrorId kDeadlineExceeded; + +// Iteration limit was reached during path building. +OPENSSL_EXPORT extern const CertErrorId kIterationLimitExceeded; + +// Depth limit was reached during path building. +OPENSSL_EXPORT extern const CertErrorId kDepthLimitExceeded; + +} // namespace net::cert_errors + +#endif // BSSL_PKI_COMMON_CERT_ERRORS_H_ diff --git a/pki/crl.cc b/pki/crl.cc new file mode 100644 index 0000000000..ff3e7040b2 --- /dev/null +++ b/pki/crl.cc @@ -0,0 +1,626 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "cert_errors.h" +#include "crl.h" +#include "revocation_util.h" +#include "signature_algorithm.h" +#include "verify_name_match.h" +#include "verify_signed_data.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include "tag.h" + +namespace bssl { + +namespace { + +// id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } +// In dotted notation: 2.5.29.28 +inline constexpr uint8_t kIssuingDistributionPointOid[] = {0x55, 0x1d, 0x1c}; + +[[nodiscard]] bool NormalizeNameTLV(const der::Input& name_tlv, + std::string* out_normalized_name) { + der::Parser parser(name_tlv); + der::Input name_rdn; + bssl::CertErrors unused_errors; + return parser.ReadTag(der::kSequence, &name_rdn) && + NormalizeName(name_rdn, out_normalized_name, &unused_errors) && + !parser.HasMore(); +} + +bool ContainsExactMatchingName(std::vector a, + std::vector b) { + std::sort(a.begin(), a.end()); + std::sort(b.begin(), b.end()); + std::vector names_in_common; + std::set_intersection(a.begin(), a.end(), b.begin(), b.end(), + std::back_inserter(names_in_common)); + return !names_in_common.empty(); +} + +} // namespace + +bool ParseCrlCertificateList(const der::Input& crl_tlv, + der::Input* out_tbs_cert_list_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value) { + der::Parser parser(crl_tlv); + + // CertificateList ::= SEQUENCE { + der::Parser certificate_list_parser; + if (!parser.ReadSequence(&certificate_list_parser)) + return false; + + // tbsCertList TBSCertList + if (!certificate_list_parser.ReadRawTLV(out_tbs_cert_list_tlv)) + return false; + + // signatureAlgorithm AlgorithmIdentifier, + if (!certificate_list_parser.ReadRawTLV(out_signature_algorithm_tlv)) + return false; + + // signatureValue BIT STRING } + std::optional signature_value = + certificate_list_parser.ReadBitString(); + if (!signature_value) + return false; + *out_signature_value = signature_value.value(); + + // There isn't an extension point at the end of CertificateList. + if (certificate_list_parser.HasMore()) + return false; + + // By definition the input was a single CertificateList, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +bool ParseCrlTbsCertList(const der::Input& tbs_tlv, ParsedCrlTbsCertList* out) { + der::Parser parser(tbs_tlv); + + // TBSCertList ::= SEQUENCE { + der::Parser tbs_parser; + if (!parser.ReadSequence(&tbs_parser)) + return false; + + // version Version OPTIONAL, + // -- if present, MUST be v2 + std::optional version_der; + if (!tbs_parser.ReadOptionalTag(der::kInteger, &version_der)) + return false; + if (version_der.has_value()) { + uint64_t version64; + if (!der::ParseUint64(*version_der, &version64)) + return false; + // If version is present, it MUST be v2(1). + if (version64 != 1) + return false; + out->version = CrlVersion::V2; + } else { + // Uh, RFC 5280 doesn't actually say it anywhere, but presumably if version + // is not specified, it is V1. + out->version = CrlVersion::V1; + } + + // signature AlgorithmIdentifier, + if (!tbs_parser.ReadRawTLV(&out->signature_algorithm_tlv)) + return false; + + // issuer Name, + if (!tbs_parser.ReadRawTLV(&out->issuer_tlv)) + return false; + + // thisUpdate Time, + if (!ReadUTCOrGeneralizedTime(&tbs_parser, &out->this_update)) + return false; + + // nextUpdate Time OPTIONAL, + der::Tag maybe_next_update_tag; + der::Input unused_next_update_input; + if (tbs_parser.PeekTagAndValue(&maybe_next_update_tag, + &unused_next_update_input) && + (maybe_next_update_tag == der::kUtcTime || + maybe_next_update_tag == der::kGeneralizedTime)) { + der::GeneralizedTime next_update_time; + if (!ReadUTCOrGeneralizedTime(&tbs_parser, &next_update_time)) + return false; + out->next_update = next_update_time; + } else { + out->next_update = std::nullopt; + } + + // revokedCertificates SEQUENCE OF SEQUENCE { ... } OPTIONAL, + der::Input unused_revoked_certificates; + der::Tag maybe_revoked_certifigates_tag; + if (tbs_parser.PeekTagAndValue(&maybe_revoked_certifigates_tag, + &unused_revoked_certificates) && + maybe_revoked_certifigates_tag == der::kSequence) { + der::Input revoked_certificates_tlv; + if (!tbs_parser.ReadRawTLV(&revoked_certificates_tlv)) + return false; + out->revoked_certificates_tlv = revoked_certificates_tlv; + } else { + out->revoked_certificates_tlv = std::nullopt; + } + + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &out->crl_extensions_tlv)) { + return false; + } + if (out->crl_extensions_tlv.has_value()) { + if (out->version != CrlVersion::V2) + return false; + } + + if (tbs_parser.HasMore()) { + // Invalid or extraneous elements. + return false; + } + + // By definition the input was a single sequence, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +bool ParseIssuingDistributionPoint( + const der::Input& extension_value, + std::unique_ptr* out_distribution_point_names, + ContainedCertsType* out_only_contains_cert_type) { + der::Parser idp_extension_value_parser(extension_value); + // IssuingDistributionPoint ::= SEQUENCE { + der::Parser idp_parser; + if (!idp_extension_value_parser.ReadSequence(&idp_parser)) + return false; + + // 5.2.5. Conforming CRLs issuers MUST NOT issue CRLs where the DER + // encoding of the issuing distribution point extension is an empty + // sequence. + if (!idp_parser.HasMore()) + return false; + + // distributionPoint [0] DistributionPointName OPTIONAL, + std::optional distribution_point; + if (!idp_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &distribution_point)) { + return false; + } + + if (distribution_point.has_value()) { + // DistributionPointName ::= CHOICE { + der::Parser dp_name_parser(*distribution_point); + // fullName [0] GeneralNames, + // nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + std::optional der_full_name; + if (!dp_name_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &der_full_name)) { + return false; + } + if (!der_full_name) { + // Only fullName is supported. + return false; + } + CertErrors errors; + *out_distribution_point_names = + GeneralNames::CreateFromValue(*der_full_name, &errors); + if (!*out_distribution_point_names) + return false; + + if (dp_name_parser.HasMore()) { + // CHOICE represents a single value. + return false; + } + } + + *out_only_contains_cert_type = ContainedCertsType::ANY_CERTS; + + // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + std::optional only_contains_user_certs; + if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 1, + &only_contains_user_certs)) { + return false; + } + if (only_contains_user_certs.has_value()) { + bool bool_value; + if (!der::ParseBool(*only_contains_user_certs, &bool_value)) + return false; + if (!bool_value) + return false; // DER-encoding requires DEFAULT values be omitted. + *out_only_contains_cert_type = ContainedCertsType::USER_CERTS; + } + + // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + std::optional only_contains_ca_certs; + if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 2, + &only_contains_ca_certs)) { + return false; + } + if (only_contains_ca_certs.has_value()) { + bool bool_value; + if (!der::ParseBool(*only_contains_ca_certs, &bool_value)) + return false; + if (!bool_value) + return false; // DER-encoding requires DEFAULT values be omitted. + if (*out_only_contains_cert_type != ContainedCertsType::ANY_CERTS) { + // 5.2.5. at most one of onlyContainsUserCerts, onlyContainsCACerts, + // and onlyContainsAttributeCerts may be set to TRUE. + return false; + } + *out_only_contains_cert_type = ContainedCertsType::CA_CERTS; + } + + // onlySomeReasons [3] ReasonFlags OPTIONAL, + // indirectCRL [4] BOOLEAN DEFAULT FALSE, + // onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + // onlySomeReasons, indirectCRL, and onlyContainsAttributeCerts are not + // supported, fail parsing if they are present. + if (idp_parser.HasMore()) + return false; + + return true; +} + +CRLRevocationStatus GetCRLStatusForCert( + const der::Input& cert_serial, + CrlVersion crl_version, + const std::optional& revoked_certificates_tlv) { + if (!revoked_certificates_tlv.has_value()) { + // RFC 5280 Section 5.1.2.6: "When there are no revoked certificates, the + // revoked certificates list MUST be absent." + // No covered certificates are revoked, therefore the cert is good. + return CRLRevocationStatus::GOOD; + } + + der::Parser parser(*revoked_certificates_tlv); + + // revokedCertificates SEQUENCE OF SEQUENCE { + der::Parser revoked_certificates_parser; + if (!parser.ReadSequence(&revoked_certificates_parser)) + return CRLRevocationStatus::UNKNOWN; + + // RFC 5280 Section 5.1.2.6: "When there are no revoked certificates, the + // revoked certificates list MUST be absent." + if (!revoked_certificates_parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + // By definition the input was a single Extensions sequence, so there + // shouldn't be unconsumed data. + if (parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + bool found_matching_serial = false; + + while (revoked_certificates_parser.HasMore()) { + // revokedCertificates SEQUENCE OF SEQUENCE { + der::Parser crl_entry_parser; + if (!revoked_certificates_parser.ReadSequence(&crl_entry_parser)) + return CRLRevocationStatus::UNKNOWN; + + der::Input revoked_cert_serial_number; + // userCertificate CertificateSerialNumber, + if (!crl_entry_parser.ReadTag(der::kInteger, &revoked_cert_serial_number)) + return CRLRevocationStatus::UNKNOWN; + + // revocationDate Time, + der::GeneralizedTime unused_revocation_date; + if (!ReadUTCOrGeneralizedTime(&crl_entry_parser, &unused_revocation_date)) + return CRLRevocationStatus::UNKNOWN; + + // crlEntryExtensions Extensions OPTIONAL + if (crl_entry_parser.HasMore()) { + // -- if present, version MUST be v2 + if (crl_version != CrlVersion::V2) + return CRLRevocationStatus::UNKNOWN; + + der::Input crl_entry_extensions_tlv; + if (!crl_entry_parser.ReadRawTLV(&crl_entry_extensions_tlv)) + return CRLRevocationStatus::UNKNOWN; + + std::map extensions; + if (!ParseExtensions(crl_entry_extensions_tlv, &extensions)) + return CRLRevocationStatus::UNKNOWN; + + // RFC 5280 Section 5.3: "If a CRL contains a critical CRL entry + // extension that the application cannot process, then the application + // MUST NOT use that CRL to determine the status of any certificates." + for (const auto& ext : extensions) { + if (ext.second.critical) + return CRLRevocationStatus::UNKNOWN; + } + } + + if (crl_entry_parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + if (revoked_cert_serial_number == cert_serial) { + // Cert is revoked, but can't return yet since there might be critical + // extensions on later entries that would prevent use of this CRL. + found_matching_serial = true; + } + } + + if (found_matching_serial) + return CRLRevocationStatus::REVOKED; + + // |cert| is not present in the revokedCertificates list. + return CRLRevocationStatus::GOOD; +} + +ParsedCrlTbsCertList::ParsedCrlTbsCertList() = default; +ParsedCrlTbsCertList::~ParsedCrlTbsCertList() = default; + +CRLRevocationStatus CheckCRL(std::string_view raw_crl, + const ParsedCertificateList& valid_chain, + size_t target_cert_index, + const ParsedDistributionPoint& cert_dp, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds) { + DCHECK_LT(target_cert_index, valid_chain.size()); + + if (cert_dp.reasons) { + // Reason codes are not supported. If the distribution point contains a + // subset of reasons then skip it. We aren't interested in subsets of CRLs + // and the RFC states that there MUST be a CRL that covers all reasons. + return CRLRevocationStatus::UNKNOWN; + } + if (cert_dp.crl_issuer) { + // Indirect CRLs are not supported. + return CRLRevocationStatus::UNKNOWN; + } + + const ParsedCertificate* target_cert = valid_chain[target_cert_index].get(); + + // 6.3.3 (a) Update the local CRL cache by obtaining a complete CRL, a + // delta CRL, or both, as required. + // + // This implementation only supports complete CRLs and takes the CRL as + // input, it is up to the caller to provide an up to date CRL. + + der::Input tbs_cert_list_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCrlCertificateList(der::Input(raw_crl), &tbs_cert_list_tlv, + &signature_algorithm_tlv, &signature_value)) { + return CRLRevocationStatus::UNKNOWN; + } + + ParsedCrlTbsCertList tbs_cert_list; + if (!ParseCrlTbsCertList(tbs_cert_list_tlv, &tbs_cert_list)) + return CRLRevocationStatus::UNKNOWN; + + // 5.1.1.2 signatureAlgorithm + // + // TODO(https://crbug.com/749276): Check the signature algorithm against + // policy. + std::optional signature_algorithm = + ParseSignatureAlgorithm(signature_algorithm_tlv); + if (!signature_algorithm) { + return CRLRevocationStatus::UNKNOWN; + } + + // This field MUST contain the same algorithm identifier as the + // signature field in the sequence tbsCertList (Section 5.1.2.2). + std::optional tbs_alg = + ParseSignatureAlgorithm(tbs_cert_list.signature_algorithm_tlv); + if (!tbs_alg || *signature_algorithm != *tbs_alg) { + return CRLRevocationStatus::UNKNOWN; + } + + // Check CRL dates. Roughly corresponds to 6.3.3 (a) (1) but does not attempt + // to update the CRL if it is out of date. + if (!CheckRevocationDateValid(tbs_cert_list.this_update, + tbs_cert_list.next_update.has_value() + ? &tbs_cert_list.next_update.value() + : nullptr, + verify_time_epoch_seconds, max_age_seconds)) { + return CRLRevocationStatus::UNKNOWN; + } + + // 6.3.3 (a) (2) is skipped: This implementation does not support delta CRLs. + + // 6.3.3 (b) Verify the issuer and scope of the complete CRL as follows: + // 6.3.3 (b) (1) If the DP includes cRLIssuer, then verify that the issuer + // field in the complete CRL matches cRLIssuer in the DP and + // that the complete CRL contains an issuing distribution + // point extension with the indirectCRL boolean asserted. + // + // Nothing is done here since distribution points with crlIssuer were skipped + // above. + + // 6.3.3 (b) (1) Otherwise, verify that the CRL issuer matches the + // certificate issuer. + // + // Normalization for the name comparison is used although the RFC is not + // clear on this. There are several places that explicitly are called out as + // requiring identical encodings: + // + // 4.2.1.13. CRL Distribution Points (cert extension) says the DP cRLIssuer + // field MUST be exactly the same as the encoding in issuer field of the + // CRL. + // + // 5.2.5. Issuing Distribution Point (crl extension) + // The identical encoding MUST be used in the distributionPoint fields + // of the certificate and the CRL. + // + // 5.3.3. Certificate Issuer (crl entry extension) also says "The encoding of + // the DN MUST be identical to the encoding used in the certificate" + // + // But 6.3.3 (b) (1) just says "matches". Also NIST PKITS includes at least + // one test that requires normalization here. + // TODO(https://crbug.com/749276): could do exact comparison first and only + // fall back to normalizing if that fails. + std::string normalized_crl_issuer; + if (!NormalizeNameTLV(tbs_cert_list.issuer_tlv, &normalized_crl_issuer)) + return CRLRevocationStatus::UNKNOWN; + if (der::Input(&normalized_crl_issuer) != target_cert->normalized_issuer()) + return CRLRevocationStatus::UNKNOWN; + + if (tbs_cert_list.crl_extensions_tlv.has_value()) { + std::map extensions; + if (!ParseExtensions(*tbs_cert_list.crl_extensions_tlv, &extensions)) + return CRLRevocationStatus::UNKNOWN; + + // 6.3.3 (b) (2) If the complete CRL includes an issuing distribution point + // (IDP) CRL extension, check the following: + ParsedExtension idp_extension; + if (ConsumeExtension(der::Input(kIssuingDistributionPointOid), &extensions, + &idp_extension)) { + std::unique_ptr distribution_point_names; + ContainedCertsType only_contains_cert_type; + if (!ParseIssuingDistributionPoint(idp_extension.value, + &distribution_point_names, + &only_contains_cert_type)) { + return CRLRevocationStatus::UNKNOWN; + } + + if (distribution_point_names) { + // 6.3.3. (b) (2) (i) If the distribution point name is present in the + // IDP CRL extension and the distribution field is + // present in the DP, then verify that one of the + // names in the IDP matches one of the names in the + // DP. + // 5.2.5. The identical encoding MUST be used in the distributionPoint + // fields of the certificate and the CRL. + // TODO(https://crbug.com/749276): Check other name types? + if (!cert_dp.distribution_point_fullname || + !ContainsExactMatchingName( + cert_dp.distribution_point_fullname + ->uniform_resource_identifiers, + distribution_point_names->uniform_resource_identifiers)) { + return CRLRevocationStatus::UNKNOWN; + } + + // 6.3.3. (b) (2) (i) If the distribution point name is present in the + // IDP CRL extension and the distribution field is + // omitted from the DP, then verify that one of the + // names in the IDP matches one of the names in the + // cRLIssuer field of the DP. + // Indirect CRLs are not supported, if indirectCRL was specified, + // ParseIssuingDistributionPoint would already have failed. + } + + switch (only_contains_cert_type) { + case ContainedCertsType::USER_CERTS: + // 6.3.3. (b) (2) (ii) If the onlyContainsUserCerts boolean is + // asserted in the IDP CRL extension, verify + // that the certificate does not include the + // basic constraints extension with the cA + // boolean asserted. + // 5.2.5. If either onlyContainsUserCerts or onlyContainsCACerts is + // set to TRUE, then the scope of the CRL MUST NOT include any + // version 1 or version 2 certificates. + if ((target_cert->has_basic_constraints() && + target_cert->basic_constraints().is_ca) || + target_cert->tbs().version == CertificateVersion::V1 || + target_cert->tbs().version == CertificateVersion::V2) { + return CRLRevocationStatus::UNKNOWN; + } + break; + + case ContainedCertsType::CA_CERTS: + // 6.3.3. (b) (2) (iii) If the onlyContainsCACerts boolean is asserted + // in the IDP CRL extension, verify that the + // certificate includes the basic constraints + // extension with the cA boolean asserted. + // The version check is not done here, as the basicConstraints + // extension is required, and could not be present unless it is a V3 + // certificate. + if (!target_cert->has_basic_constraints() || + !target_cert->basic_constraints().is_ca) { + return CRLRevocationStatus::UNKNOWN; + } + break; + + case ContainedCertsType::ANY_CERTS: + // (iv) Verify that the onlyContainsAttributeCerts + // boolean is not asserted. + // If onlyContainsAttributeCerts was present, + // ParseIssuingDistributionPoint would already have failed. + break; + } + } + + for (const auto& ext : extensions) { + // Fail if any unhandled critical CRL extensions are present. + if (ext.second.critical) + return CRLRevocationStatus::UNKNOWN; + } + } + + // 6.3.3 (c-e) skipped: delta CRLs and reason codes are not supported. + + // This implementation only supports direct CRLs where the CRL was signed by + // one of the certs in its validated issuer chain. This allows handling some + // cases of key rollover without requiring additional CRL issuer cert + // discovery & path building. + // TODO(https://crbug.com/749276): should this loop start at + // |target_cert_index|? There doesn't seem to be anything in the specs that + // precludes a CRL signed by a self-issued cert from covering itself. On the + // other hand it seems like a pretty weird thing to allow and causes NIST + // PKITS 4.5.3 to pass when it seems like it would not be intended to (since + // issuingDistributionPoint CRL extension is not handled). + for (size_t i = target_cert_index + 1; i < valid_chain.size(); ++i) { + const ParsedCertificate* issuer_cert = valid_chain[i].get(); + + // 6.3.3 (f) Obtain and validate the certification path for the issuer of + // the complete CRL. The trust anchor for the certification + // path MUST be the same as the trust anchor used to validate + // the target certificate. + // + // As the |issuer_cert| is from the already validated chain, it is already + // known to chain to the same trust anchor as the target certificate. + if (der::Input(&normalized_crl_issuer) != issuer_cert->normalized_subject()) + continue; + + // 6.3.3 (f) If a key usage extension is present in the CRL issuer's + // certificate, verify that the cRLSign bit is set. + if (issuer_cert->has_key_usage() && + !issuer_cert->key_usage().AssertsBit(KEY_USAGE_BIT_CRL_SIGN)) { + continue; + } + + // 6.3.3 (g) Validate the signature on the complete CRL using the public + // key validated in step (f). + if (!VerifySignedData(*signature_algorithm, tbs_cert_list_tlv, + signature_value, issuer_cert->tbs().spki_tlv, + /*cache=*/nullptr)) { + continue; + } + + // 6.3.3 (h,i) skipped. This implementation does not support delta CRLs. + + // 6.3.3 (j) If (cert_status is UNREVOKED), then search for the + // certificate on the complete CRL. If an entry is found that + // matches the certificate issuer and serial number as described + // in Section 5.3.3, then set the cert_status variable to the + // indicated reason as described in step (i). + // + // CRL is valid and covers |target_cert|, check if |target_cert| is present + // in the revokedCertificates sequence. + return GetCRLStatusForCert(target_cert->tbs().serial_number, + tbs_cert_list.version, + tbs_cert_list.revoked_certificates_tlv); + + // 6.3.3 (k,l) skipped. This implementation does not support reason codes. + } + + // Did not find the issuer & signer of |raw_crl| in |valid_chain|. + return CRLRevocationStatus::UNKNOWN; +} + +} // namespace net diff --git a/pki/crl.h b/pki/crl.h new file mode 100644 index 0000000000..f58eeae8cb --- /dev/null +++ b/pki/crl.h @@ -0,0 +1,225 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_CRL_H_ +#define BSSL_PKI_CRL_H_ + +#include "fillins/openssl_util.h" + +#include "general_names.h" +#include "parsed_certificate.h" +#include "input.h" +#include "parse_values.h" +#include + +namespace bssl { + +struct ParsedCrlTbsCertList; +struct ParsedDistributionPoint; + +// TODO(https://crbug.com/749276): This is the same enum with the same meaning +// as OCSPRevocationStatus, maybe they should be merged? +enum class CRLRevocationStatus { + GOOD = 0, + REVOKED = 1, + UNKNOWN = 2, + MAX_VALUE = UNKNOWN +}; + +// Parses a DER-encoded CRL "CertificateList" as specified by RFC 5280 Section +// 5.1. Returns true on success and sets the results in the |out_*| parameters. +// The contents of the output data is not validated. +// +// Note that on success the out parameters alias data from the input |crl_tlv|. +// Hence the output values are only valid as long as |crl_tlv| remains valid. +// +// On failure the out parameters have an undefined state. Some of them may have +// been updated during parsing, whereas others may not have been changed. +// +// CertificateList ::= SEQUENCE { +// tbsCertList TBSCertList, +// signatureAlgorithm AlgorithmIdentifier, +// signatureValue BIT STRING } +[[nodiscard]] OPENSSL_EXPORT bool ParseCrlCertificateList( + const der::Input& crl_tlv, + der::Input* out_tbs_cert_list_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value); + +// Parses a DER-encoded "TBSCertList" as specified by RFC 5280 Section 5.1. +// Returns true on success and sets the results in |out|. +// +// Note that on success |out| aliases data from the input |tbs_tlv|. +// Hence the fields of the ParsedCrlTbsCertList are only valid as long as +// |tbs_tlv| remains valid. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +// +// Refer to the per-field documentation of ParsedCrlTbsCertList for details on +// what validity checks parsing performs. +// +// TBSCertList ::= SEQUENCE { +// version Version OPTIONAL, +// -- if present, MUST be v2 +// signature AlgorithmIdentifier, +// issuer Name, +// thisUpdate Time, +// nextUpdate Time OPTIONAL, +// revokedCertificates SEQUENCE OF SEQUENCE { +// userCertificate CertificateSerialNumber, +// revocationDate Time, +// crlEntryExtensions Extensions OPTIONAL +// -- if present, version MUST be v2 +// } OPTIONAL, +// crlExtensions [0] EXPLICIT Extensions OPTIONAL +// -- if present, version MUST be v2 +// } +[[nodiscard]] OPENSSL_EXPORT bool ParseCrlTbsCertList( + const der::Input& tbs_tlv, + ParsedCrlTbsCertList* out); + +// Represents a CRL "Version" from RFC 5280. TBSCertList reuses the same +// Version definition from TBSCertificate, however only v1(not present) and +// v2(1) are valid values, so a unique enum is used to avoid confusion. +enum class CrlVersion { + V1, + V2, +}; + +// Corresponds with "TBSCertList" from RFC 5280 Section 5.1: +struct OPENSSL_EXPORT ParsedCrlTbsCertList { + ParsedCrlTbsCertList(); + ~ParsedCrlTbsCertList(); + + // version Version OPTIONAL, + // -- if present, MUST be v2 + // + // Parsing guarantees that the version is one of v1 or v2. + CrlVersion version = CrlVersion::V1; + + // signature AlgorithmIdentifier, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + // + // This can be further parsed using SignatureValue::Create(). + der::Input signature_algorithm_tlv; + + // issuer Name, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + der::Input issuer_tlv; + + // thisUpdate Time, + // nextUpdate Time OPTIONAL, + // + // Parsing guarantees that thisUpdate and nextUpdate(if present) are valid + // DER-encoded dates, however it DOES NOT guarantee anything about their + // values. For instance notAfter could be before notBefore, or the dates + // could indicate an expired CRL. + der::GeneralizedTime this_update; + std::optional next_update; + + // revokedCertificates SEQUENCE OF SEQUENCE { + // userCertificate CertificateSerialNumber, + // revocationDate Time, + // crlEntryExtensions Extensions OPTIONAL + // -- if present, version MUST be v2 + // } OPTIONAL, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + std::optional revoked_certificates_tlv; + + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. (Note that the + // EXPLICIT outer tag is stripped.) + // + // Parsing guarantees that if extensions is present the version is v2. + std::optional crl_extensions_tlv; +}; + +// Represents the IssuingDistributionPoint certificate type constraints: +enum class ContainedCertsType { + // Neither onlyContainsUserCerts or onlyContainsCACerts was present. + ANY_CERTS, + // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + USER_CERTS, + // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + CA_CERTS, +}; + +// Parses a DER-encoded IssuingDistributionPoint extension value. +// Returns true on success and sets the results in the |out_*| parameters. +// +// If the IssuingDistributionPoint contains a distributionPoint fullName field, +// |out_distribution_point_names| will contain the parsed representation. +// If the distributionPoint type is nameRelativeToCRLIssuer, parsing will fail. +// +// |out_only_contains_cert_type| will contain the logical representation of the +// onlyContainsUserCerts and onlyContainsCACerts fields (or their absence). +// +// indirectCRL and onlyContainsAttributeCerts are not supported and parsing will +// fail if they are present. +// +// Note that on success |out_distribution_point_names| aliases data from the +// input |extension_value|. +// +// On failure the |out_*| parameters have undefined state. +// +// IssuingDistributionPoint ::= SEQUENCE { +// distributionPoint [0] DistributionPointName OPTIONAL, +// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, +// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, +// onlySomeReasons [3] ReasonFlags OPTIONAL, +// indirectCRL [4] BOOLEAN DEFAULT FALSE, +// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } +[[nodiscard]] OPENSSL_EXPORT bool ParseIssuingDistributionPoint( + const der::Input& extension_value, + std::unique_ptr* out_distribution_point_names, + ContainedCertsType* out_only_contains_cert_type); + +OPENSSL_EXPORT CRLRevocationStatus +GetCRLStatusForCert(const der::Input& cert_serial, + CrlVersion crl_version, + const std::optional& revoked_certificates_tlv); + +// Checks the revocation status of the certificate |cert| by using the +// DER-encoded |raw_crl|. |cert| must already have passed certificate path +// validation. +// +// Returns GOOD if the CRL indicates the certificate is not revoked, +// REVOKED if it indicates it is revoked, or UNKNOWN for all other cases. +// +// * |raw_crl|: A DER encoded CRL CertificateList. +// * |valid_chain|: The validated certificate chain containing the target cert. +// * |target_cert_index|: The index into |valid_chain| of the certificate being +// checked for revocation. +// * |cert_dp|: The distribution point from the target certificate's CRL +// distribution points extension that |raw_crl| corresponds to. If +// |raw_crl| was not specified in a distribution point, the caller must +// synthesize a ParsedDistributionPoint object as specified by RFC 5280 +// 6.3.3. +// * |verify_time_epoch_seconds|: The time as the difference in seconds from +// the POSIX epoch to use when checking revocation status. +// * |max_age_seconds|: If present, the maximum age in seconds for a CRL, +// implemented as time since the |thisUpdate| field in the CRL +// TBSCertList. Responses older than |max_age_seconds| will be +// considered invalid. +[[nodiscard]] OPENSSL_EXPORT CRLRevocationStatus +CheckCRL(std::string_view raw_crl, + const ParsedCertificateList& valid_chain, + size_t target_cert_index, + const ParsedDistributionPoint& cert_dp, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds); + +} // namespace net + +#endif // BSSL_PKI_CRL_H_ diff --git a/pki/encode_values.cc b/pki/encode_values.cc new file mode 100644 index 0000000000..ac2003946d --- /dev/null +++ b/pki/encode_values.cc @@ -0,0 +1,103 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "encode_values.h" + +#include "parse_values.h" + +#include + +namespace bssl::der { + +namespace { + +bool WriteFourDigit(uint16_t value, uint8_t out[4]) { + if (value >= 10000) + return false; + out[3] = '0' + (value % 10); + value /= 10; + out[2] = '0' + (value % 10); + value /= 10; + out[1] = '0' + (value % 10); + value /= 10; + out[0] = '0' + value; + return true; +} + +bool WriteTwoDigit(uint8_t value, uint8_t out[2]) { + if (value >= 100) + return false; + out[0] = '0' + (value / 10); + out[1] = '0' + (value % 10); + return true; +} + +} // namespace + +bool EncodePosixTimeAsGeneralizedTime(int64_t posix_time, + GeneralizedTime* generalized_time) { + struct tm tmp_tm; + if (!OPENSSL_posix_to_tm(posix_time, &tmp_tm)) { + return false; + } + + generalized_time->year = tmp_tm.tm_year + 1900; + generalized_time->month = tmp_tm.tm_mon + 1; + generalized_time->day = tmp_tm.tm_mday; + generalized_time->hours = tmp_tm.tm_hour; + generalized_time->minutes = tmp_tm.tm_min; + generalized_time->seconds = tmp_tm.tm_sec; + return true; +} + +bool GeneralizedTimeToPosixTime(const der::GeneralizedTime& generalized, + int64_t* result) { + struct tm tmp_tm; + tmp_tm.tm_year = generalized.year - 1900; + tmp_tm.tm_mon = generalized.month - 1; + tmp_tm.tm_mday = generalized.day; + tmp_tm.tm_hour = generalized.hours; + tmp_tm.tm_min = generalized.minutes; + tmp_tm.tm_sec = generalized.seconds; + // BoringSSL POSIX time, like POSIX itself, does not support leap seconds. + // Collapse to previous second. + if (tmp_tm.tm_sec == 60) { + tmp_tm.tm_sec = 59; + } + return OPENSSL_tm_to_posix(&tmp_tm, result); +} + +bool EncodeGeneralizedTime(const GeneralizedTime& time, + uint8_t out[kGeneralizedTimeLength]) { + if (!WriteFourDigit(time.year, out) || !WriteTwoDigit(time.month, out + 4) || + !WriteTwoDigit(time.day, out + 6) || + !WriteTwoDigit(time.hours, out + 8) || + !WriteTwoDigit(time.minutes, out + 10) || + !WriteTwoDigit(time.seconds, out + 12)) { + return false; + } + out[14] = 'Z'; + return true; +} + +bool EncodeUTCTime(const GeneralizedTime& time, uint8_t out[kUTCTimeLength]) { + if (!time.InUTCTimeRange()) + return false; + + uint16_t year = time.year - 1900; + if (year >= 100) + year -= 100; + + if (!WriteTwoDigit(year, out) || !WriteTwoDigit(time.month, out + 2) || + !WriteTwoDigit(time.day, out + 4) || + !WriteTwoDigit(time.hours, out + 6) || + !WriteTwoDigit(time.minutes, out + 8) || + !WriteTwoDigit(time.seconds, out + 10)) { + return false; + } + out[12] = 'Z'; + return true; +} + +} // namespace bssl::der diff --git a/pki/encode_values.h b/pki/encode_values.h new file mode 100644 index 0000000000..79216cca19 --- /dev/null +++ b/pki/encode_values.h @@ -0,0 +1,48 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_DER_ENCODE_VALUES_H_ +#define BSSL_DER_ENCODE_VALUES_H_ + +#include "fillins/openssl_util.h" +#include +#include + + + +namespace bssl::der { + +struct GeneralizedTime; + +// Encodes |posix_time|, a posix time in seconds, to DER |generalized_time|, for +// comparing against other GeneralizedTime objects, returning true on success or +// false if |posix_time| is outside of the range from year 0000 to 9999. +OPENSSL_EXPORT bool EncodePosixTimeAsGeneralizedTime( + int64_t posix_time, + GeneralizedTime* generalized_time); + +// Converts a GeneralizedTime struct to a posix time in seconds in |result|, +// returning true on success or false if |generalized| was invalid or cannot be +// represented as a posix time in the range from the year 0000 to 9999. +OPENSSL_EXPORT bool GeneralizedTimeToPosixTime( + const der::GeneralizedTime& generalized, + int64_t* result); + +static const size_t kGeneralizedTimeLength = 15; + +// Encodes |time| to |out| as a DER GeneralizedTime value. Returns true on +// success and false on error. +OPENSSL_EXPORT bool EncodeGeneralizedTime(const GeneralizedTime& time, + uint8_t out[kGeneralizedTimeLength]); + +static const size_t kUTCTimeLength = 13; + +// Encodes |time| to |out| as a DER UTCTime value. Returns true on success and +// false on error. +OPENSSL_EXPORT bool EncodeUTCTime(const GeneralizedTime& time, + uint8_t out[kUTCTimeLength]); + +} // namespace bssl::der + +#endif // BSSL_DER_ENCODE_VALUES_H_ diff --git a/pki/encode_values_unittest.cc b/pki/encode_values_unittest.cc new file mode 100644 index 0000000000..f3009c14a5 --- /dev/null +++ b/pki/encode_values_unittest.cc @@ -0,0 +1,169 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "encode_values.h" + +#include + +#include "parse_values.h" +#include + +namespace bssl::der::test { + +namespace { + +template +std::string_view ToStringPiece(const uint8_t (&data)[N]) { + return std::string_view(reinterpret_cast(data), N); +} + +} // namespace + +TEST(EncodeValuesTest, EncodePosixTimeAsGeneralizedTime) { + // Fri, 24 Jun 2016 17:04:54 GMT + int64_t time = 1466787894; + GeneralizedTime generalized_time; + ASSERT_TRUE(EncodePosixTimeAsGeneralizedTime(time, &generalized_time)); + EXPECT_EQ(2016, generalized_time.year); + EXPECT_EQ(6, generalized_time.month); + EXPECT_EQ(24, generalized_time.day); + EXPECT_EQ(17, generalized_time.hours); + EXPECT_EQ(4, generalized_time.minutes); + EXPECT_EQ(54, generalized_time.seconds); +} + +TEST(EncodeValuesTest, GeneralizedTimeToPosixTime) { + GeneralizedTime generalized_time; + generalized_time.year = 2016; + generalized_time.month = 6; + generalized_time.day = 24; + generalized_time.hours = 17; + generalized_time.minutes = 4; + generalized_time.seconds = 54; + int64_t time; + ASSERT_TRUE(GeneralizedTimeToPosixTime(generalized_time, &time)); + EXPECT_EQ(1466787894, time); +} + +// As Posix times use BoringSSL's POSIX time routines underneath the covers +// these should not have any issues on 32 bit platforms. +TEST(EncodeValuesTest, GeneralizedTimeToPosixTimeAfter32BitPosixMaxYear) { + GeneralizedTime generalized_time; + generalized_time.year = 2039; + generalized_time.month = 1; + generalized_time.day = 1; + generalized_time.hours = 0; + generalized_time.minutes = 0; + generalized_time.seconds = 0; + int64_t time; + ASSERT_TRUE(GeneralizedTimeToPosixTime(generalized_time, &time)); + + generalized_time.day = 0; // Invalid day of month should fail. + EXPECT_FALSE(GeneralizedTimeToPosixTime(generalized_time, &time)); +} + +TEST(EncodeValuesTest, EncodeGeneralizedTime) { + GeneralizedTime time; + time.year = 2014; + time.month = 12; + time.day = 18; + time.hours = 16; + time.minutes = 12; + time.seconds = 59; + + // Encode a time where no components have leading zeros. + uint8_t out[kGeneralizedTimeLength]; + ASSERT_TRUE(EncodeGeneralizedTime(time, out)); + EXPECT_EQ("20141218161259Z", ToStringPiece(out)); + + // Test bounds on all components. Note the encoding function does not validate + // the input is a valid time, only that it is encodable. + time.year = 0; + time.month = 0; + time.day = 0; + time.hours = 0; + time.minutes = 0; + time.seconds = 0; + ASSERT_TRUE(EncodeGeneralizedTime(time, out)); + EXPECT_EQ("00000000000000Z", ToStringPiece(out)); + + time.year = 9999; + time.month = 99; + time.day = 99; + time.hours = 99; + time.minutes = 99; + time.seconds = 99; + ASSERT_TRUE(EncodeGeneralizedTime(time, out)); + EXPECT_EQ("99999999999999Z", ToStringPiece(out)); + + time.year = 10000; + EXPECT_FALSE(EncodeGeneralizedTime(time, out)); + + time.year = 2000; + time.month = 100; + EXPECT_FALSE(EncodeGeneralizedTime(time, out)); +} + +TEST(EncodeValuesTest, EncodeUTCTime) { + GeneralizedTime time; + time.year = 2014; + time.month = 12; + time.day = 18; + time.hours = 16; + time.minutes = 12; + time.seconds = 59; + + // Encode a time where no components have leading zeros. + uint8_t out[kUTCTimeLength]; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("141218161259Z", ToStringPiece(out)); + + time.year = 2049; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("491218161259Z", ToStringPiece(out)); + + time.year = 2000; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("001218161259Z", ToStringPiece(out)); + + time.year = 1999; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("991218161259Z", ToStringPiece(out)); + + time.year = 1950; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("501218161259Z", ToStringPiece(out)); + + time.year = 2050; + EXPECT_FALSE(EncodeUTCTime(time, out)); + + time.year = 1949; + EXPECT_FALSE(EncodeUTCTime(time, out)); + + // Test bounds on all components. Note the encoding function does not validate + // the input is a valid time, only that it is encodable. + time.year = 2000; + time.month = 0; + time.day = 0; + time.hours = 0; + time.minutes = 0; + time.seconds = 0; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("000000000000Z", ToStringPiece(out)); + + time.year = 1999; + time.month = 99; + time.day = 99; + time.hours = 99; + time.minutes = 99; + time.seconds = 99; + ASSERT_TRUE(EncodeUTCTime(time, out)); + EXPECT_EQ("999999999999Z", ToStringPiece(out)); + + time.year = 2000; + time.month = 100; + EXPECT_FALSE(EncodeUTCTime(time, out)); +} + +} // namespace bssl::der::test diff --git a/pki/extended_key_usage.cc b/pki/extended_key_usage.cc new file mode 100644 index 0000000000..34345f1879 --- /dev/null +++ b/pki/extended_key_usage.cc @@ -0,0 +1,40 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "extended_key_usage.h" + +#include "input.h" +#include "parser.h" +#include "tag.h" + +namespace bssl { + +bool ParseEKUExtension(const der::Input& extension_value, + std::vector* eku_oids) { + der::Parser extension_parser(extension_value); + der::Parser sequence_parser; + if (!extension_parser.ReadSequence(&sequence_parser)) + return false; + + // Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as: + // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + // + // Therefore, the sequence must contain at least one KeyPurposeId. + if (!sequence_parser.HasMore()) + return false; + while (sequence_parser.HasMore()) { + der::Input eku_oid; + if (!sequence_parser.ReadTag(der::kOid, &eku_oid)) + // The SEQUENCE OF must contain only KeyPurposeIds (OIDs). + return false; + eku_oids->push_back(eku_oid); + } + if (extension_parser.HasMore()) + // The extension value must follow ExtKeyUsageSyntax - there is no way that + // it could be extended to allow for something after the SEQUENCE OF. + return false; + return true; +} + +} // namespace net diff --git a/pki/extended_key_usage.h b/pki/extended_key_usage.h new file mode 100644 index 0000000000..89b503039b --- /dev/null +++ b/pki/extended_key_usage.h @@ -0,0 +1,89 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_EXTENDED_KEY_USAGE_H_ +#define BSSL_PKI_EXTENDED_KEY_USAGE_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "input.h" + +namespace bssl { + +// The arc for the anyExtendedKeyUsage OID is found under the id-ce arc, +// defined in section 4.2.1 of RFC 5280: +// id-ce OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 29 } +// +// From RFC 5280 section 4.2.1.12: +// id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } +// anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } +// In dotted notation: 2.5.29.37.0 +inline constexpr uint8_t kAnyEKU[] = {0x55, 0x1d, 0x25, 0x00}; + +// All other key usage purposes defined in RFC 5280 are found in the id-kp +// arc, defined in section 4.2.1.12 as: +// id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } +// +// With id-pkix defined in RFC 5280 section 4.2.2 as: +// id-pkix OBJECT IDENTIFIER ::= +// { iso(1) identified-organization(3) dod(6) internet(1) +// security(5) mechanisms(5) pkix(7) } +// +// From RFC 5280 section 4.2.1.12: +// id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +// In dotted notation: 1.3.6.1.5.5.7.3.1 +inline constexpr uint8_t kServerAuth[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01}; + +// From RFC 5280 section 4.2.1.12: +// id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +// In dotted notation: 1.3.6.1.5.5.7.3.2 +inline constexpr uint8_t kClientAuth[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x02}; + +// From RFC 5280 section 4.2.1.12: +// id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +// In dotted notation: 1.3.6.1.5.5.7.3.3 +inline constexpr uint8_t kCodeSigning[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x03}; + +// From RFC 5280 section 4.2.1.12: +// id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +// In dotted notation: 1.3.6.1.5.5.7.3.4 +inline constexpr uint8_t kEmailProtection[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x04}; + +// From RFC 5280 section 4.2.1.12: +// id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +// In dotted notation: 1.3.6.1.5.5.7.3.8 +inline constexpr uint8_t kTimeStamping[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x08}; + +// From RFC 5280 section 4.2.1.12: +// id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } +// In dotted notation: 1.3.6.1.5.5.7.3.9 +inline constexpr uint8_t kOCSPSigning[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x09}; + +// Netscape Server Gated Crypto (2.16.840.1.113730.4.1) is a deprecated OID +// which in some situations is considered equivalent to the serverAuth key +// purpose. +inline constexpr uint8_t kNetscapeServerGatedCrypto[] = { + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01}; + +// Parses |extension_value|, which contains the extnValue field of an X.509v3 +// Extended Key Usage extension, and populates |eku_oids| with the list of +// DER-encoded OID values (that is, without tag and length). Returns false if +// |extension_value| is improperly encoded. +// +// Note: The returned OIDs are only as valid as long as the data pointed to by +// |extension_value| is valid. +OPENSSL_EXPORT bool ParseEKUExtension(const der::Input& extension_value, + std::vector* eku_oids); + +} // namespace net + +#endif // BSSL_PKI_EXTENDED_KEY_USAGE_H_ diff --git a/pki/extended_key_usage_unittest.cc b/pki/extended_key_usage_unittest.cc new file mode 100644 index 0000000000..2f190cff70 --- /dev/null +++ b/pki/extended_key_usage_unittest.cc @@ -0,0 +1,166 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include + +#include "extended_key_usage.h" +#include "input.h" +#include + +namespace bssl { + +namespace { + +// Helper method to check if an EKU is present in a std::vector of EKUs. +bool HasEKU(const std::vector& list, const der::Input& eku) { + for (const auto& oid : list) { + if (oid == eku) + return true; + } + return false; +} + +// Check that we can read multiple EKUs from an extension. +TEST(ExtendedKeyUsageTest, ParseEKUExtension) { + // clang-format off + const uint8_t raw_extension_value[] = { + 0x30, 0x14, // SEQUENCE (20 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.1 + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 // 1.3.6.1.5.5.7.3.2 + // end of SEQUENCE + }; + // clang-format on + der::Input extension_value(raw_extension_value); + + std::vector ekus; + EXPECT_TRUE(ParseEKUExtension(extension_value, &ekus)); + + EXPECT_EQ(2u, ekus.size()); + EXPECT_TRUE(HasEKU(ekus, der::Input(kServerAuth))); + EXPECT_TRUE(HasEKU(ekus, der::Input(kClientAuth))); +} + +// Check that an extension with the same OID present multiple times doesn't +// cause an error. +TEST(ExtendedKeyUsageTest, RepeatedOid) { + // clang-format off + const uint8_t extension_bytes[] = { + 0x30, 0x14, // SEQUENCE (20 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.1 + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 // 1.3.6.1.5.5.7.3.1 + }; + // clang-format on + der::Input extension(extension_bytes); + + std::vector ekus; + EXPECT_TRUE(ParseEKUExtension(extension, &ekus)); + EXPECT_EQ(2u, ekus.size()); + for (const auto& eku : ekus) { + EXPECT_EQ(der::Input(kServerAuth), eku); + } +} + +// Check that parsing an EKU extension which contains a private OID doesn't +// cause an error. +TEST(ExtendedKeyUsageTest, ParseEKUExtensionGracefullyHandlesPrivateOids) { + // clang-format off + const uint8_t extension_bytes[] = { + 0x30, 0x13, // SEQUENCE (19 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.1 + 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes) + 0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79 // 1.3.6.1.4.1.11129 + }; + // clang-format on + der::Input extension(extension_bytes); + + std::vector ekus; + EXPECT_TRUE(ParseEKUExtension(extension, &ekus)); + EXPECT_EQ(2u, ekus.size()); + EXPECT_TRUE(HasEKU(ekus, der::Input(kServerAuth))); + + const uint8_t google_oid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79}; + der::Input google(google_oid); + EXPECT_TRUE(HasEKU(ekus, google)); +} + +// Test a variety of bad inputs. + +// If the extension value has data following the sequence of oids, parsing it +// should fail. +TEST(ExtendedKeyUsageTest, ExtraData) { + // clang-format off + const uint8_t extra_data[] = { + 0x30, 0x14, // SEQUENCE (20 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.1 + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, // 1.3.6.1.5.5.7.3.2 + // end of SEQUENCE + 0x02, 0x01, // INTEGER (1 byte) + 0x01 // 1 + }; + // clang-format on + + std::vector ekus; + EXPECT_FALSE(ParseEKUExtension(der::Input(extra_data), &ekus)); +} + +// Check that ParseEKUExtension only accepts a sequence containing only oids. +// This test case has an integer in the sequence (which should fail). A key +// difference between this test case and ExtendedKeyUsageTest.ExtraData is where +// the sequence ends - in this test case the integer is still part of the +// sequence, while in ExtendedKeyUsageTest.ExtraData the integer is after the +// sequence. +TEST(ExtendedKeyUsageTest, NotAnOid) { + // clang-format off + const uint8_t not_an_oid[] = { + 0x30, 0x0d, // SEQUENCE (13 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.1 + 0x02, 0x01, // INTEGER (1 byte) + 0x01 // 1 + // end of SEQUENCE + }; + // clang-format on + + std::vector ekus; + EXPECT_FALSE(ParseEKUExtension(der::Input(not_an_oid), &ekus)); +} + +// Checks that the list of oids passed to ParseEKUExtension are in a sequence, +// instead of one or more oid tag-length-values concatenated together. +TEST(ExtendedKeyUsageTest, NotASequence) { + // clang-format off + const uint8_t not_a_sequence[] = { + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 // 1.3.6.1.5.5.7.3.1 + }; + // clang-format on + + std::vector ekus; + EXPECT_FALSE(ParseEKUExtension(der::Input(not_a_sequence), &ekus)); +} + +// A sequence passed into ParseEKUExtension must have at least one oid in it. +TEST(ExtendedKeyUsageTest, EmptySequence) { + const uint8_t empty_sequence[] = {0x30, 0x00}; // SEQUENCE (0 bytes) + + std::vector ekus; + EXPECT_FALSE(ParseEKUExtension(der::Input(empty_sequence), &ekus)); +} + +// The extension value must not be empty. +TEST(ExtendedKeyUsageTest, EmptyExtension) { + std::vector ekus; + EXPECT_FALSE(ParseEKUExtension(der::Input(), &ekus)); +} + +} // namespace + +} // namespace net diff --git a/pki/fillins/base64.cc b/pki/fillins/base64.cc new file mode 100644 index 0000000000..bbaddd7eba --- /dev/null +++ b/pki/fillins/base64.cc @@ -0,0 +1,48 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include + +#include "base64.h" + +#include + +namespace bssl { + +namespace fillins { + +bool Base64Encode(const std::string_view &input, std::string *output) { + size_t len; + if (!EVP_EncodedLength(&len, input.size())) { + return false; + } + std::vector encoded(len); + len = EVP_EncodeBlock(reinterpret_cast(encoded.data()), + reinterpret_cast(input.data()), + input.size()); + if (!len) { + return false; + } + output->assign(encoded.data(), len); + return true; +} + +bool Base64Decode(const std::string_view &input, std::string *output) { + size_t len; + if (!EVP_DecodedLength(&len, input.size())) { + return false; + } + std::vector decoded(len); + if (!EVP_DecodeBase64(reinterpret_cast(decoded.data()), &len, len, + reinterpret_cast(input.data()), + input.size())) { + return false; + } + output->assign(decoded.data(), len); + return true; +} + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/base64.h b/pki/fillins/base64.h new file mode 100644 index 0000000000..440138fc7f --- /dev/null +++ b/pki/fillins/base64.h @@ -0,0 +1,27 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_BASE64_H +#define BSSL_FILLINS_BASE64_H + +#include + +#include +#include + +namespace bssl { + +namespace fillins { + +OPENSSL_EXPORT bool Base64Encode(const std::string_view &input, + std::string *output); + +OPENSSL_EXPORT bool Base64Decode(const std::string_view &input, + std::string *output); + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_BASE64_H diff --git a/pki/fillins/check.h b/pki/fillins/check.h new file mode 100644 index 0000000000..9ae8c84921 --- /dev/null +++ b/pki/fillins/check.h @@ -0,0 +1,53 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef PKI_CHECK_H_ +#define PKI_CHECK_H_ + +// This header defines the CHECK, DCHECK, macros, inherited from chrome. + +// This file is not used in chrome, so check here to make sure we are +// only compiling inside boringssl. +#if !defined(_BORINGSSL_LIBPKI_) +#error "_BORINGSSL_LIBPKI_ is not defined when compiling BoringSSL libpki" +#endif + +#include + +// This is not used in this include file, but is here temporarily to avoid +// an intrusive change in chrome's files until we are fully extracted. +// TODO(bbe) move this include to the relevant .cc files once we are no +// longer using chrome as the canonical source. +#include + +// In chrome DCHECK is used like assert() but often erroneously. to be +// safe we make DCHECK the same as CHECK, and if we truly wish to have +// this be an assert, we convert to assert() as in the rest of boringssl. +// TODO(bbe) scan all DCHECK's in here once we are no longer using chrome +// as the canonical source and convert to CHECK unless certain they +// can be an assert(). +#define DCHECK CHECK + +// CHECK aborts if a condition is not true. +#define CHECK(A) \ + do { \ + if (!(A)) \ + abort(); \ + } while (0); + +#define DCHECK_EQ CHECK_EQ +#define DCHECK_NE CHECK_NE +#define DCHECK_LE CHECK_LE +#define DCHECK_LT CHECK_LT +#define DCHECK_GE CHECK_GE +#define DCHECK_GT CHECK_GT + +#define CHECK_EQ(val1, val2) CHECK((val1) == (val2)) +#define CHECK_NE(val1, val2) CHECK((val1) != (val2)) +#define CHECK_LE(val1, val2) CHECK((val1) <= (val2)) +#define CHECK_LT(val1, val2) CHECK((val1) < (val2)) +#define CHECK_GE(val1, val2) CHECK((val1) >= (val2)) +#define CHECK_GT(val1, val2) CHECK((val1) > (val2)) + +#endif // PKI_CHECK_H_ diff --git a/pki/fillins/file_util.cc b/pki/fillins/file_util.cc new file mode 100644 index 0000000000..e2d28fd504 --- /dev/null +++ b/pki/fillins/file_util.cc @@ -0,0 +1,35 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "file_util.h" + +#include +#include +#include +#include + +namespace bssl { + +namespace fillins { + +bool ReadFileToString(const FilePath &path, std::string *out) { + std::ifstream file(path.value(), std::ios::binary); + file.unsetf(std::ios::skipws); + + file.seekg(0, std::ios::end); + if (file.tellg() <= 0) { + return false; + } + out->reserve(file.tellg()); + file.seekg(0, std::ios::beg); + + out->assign(std::istreambuf_iterator(file), + std::istreambuf_iterator()); + + return true; +} + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/file_util.h b/pki/fillins/file_util.h new file mode 100644 index 0000000000..81efa8c862 --- /dev/null +++ b/pki/fillins/file_util.h @@ -0,0 +1,24 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_FILE_UTIL_H +#define BSSL_FILLINS_FILE_UTIL_H + +#include + +#include "path_service.h" + +#include + +namespace bssl { + +namespace fillins { + +OPENSSL_EXPORT bool ReadFileToString(const FilePath &path, std::string *out); + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_FILE_UTIL_H diff --git a/pki/fillins/inet.h b/pki/fillins/inet.h new file mode 100644 index 0000000000..905e95828c --- /dev/null +++ b/pki/fillins/inet.h @@ -0,0 +1,16 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef PKI_FILLINS_INET_H_ +#define PKI_FILLINS_INET_H_ + +#include + +#if defined(OPENSSL_WINDOWS) +#include +#else +#include +#endif // OPENSSL_WINDOWS + +#endif // PKI_FILLINS_INET_H_ diff --git a/pki/fillins/ip_address.cc b/pki/fillins/ip_address.cc new file mode 100644 index 0000000000..f8d8e044c5 --- /dev/null +++ b/pki/fillins/ip_address.cc @@ -0,0 +1,171 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "ip_address.h" + +#include +#include +#include + +#include "check.h" + +namespace bssl { + +namespace fillins { + +IPAddress::IPAddress() {} + +IPAddress::IPAddress(const uint8_t *address, size_t address_len) + : addr_(reinterpret_cast(address), address_len) {} + +IPAddress::IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3) { + addr_.reserve(4); + addr_.push_back(b0); + addr_.push_back(b1); + addr_.push_back(b2); + addr_.push_back(b3); +} + +IPAddress::IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, + uint8_t b5, uint8_t b6, uint8_t b7, uint8_t b8, uint8_t b9, + uint8_t b10, uint8_t b11, uint8_t b12, uint8_t b13, + uint8_t b14, uint8_t b15) { + addr_.reserve(16); + addr_.push_back(b0); + addr_.push_back(b1); + addr_.push_back(b2); + addr_.push_back(b3); + addr_.push_back(b4); + addr_.push_back(b5); + addr_.push_back(b6); + addr_.push_back(b7); + addr_.push_back(b8); + addr_.push_back(b9); + addr_.push_back(b10); + addr_.push_back(b11); + addr_.push_back(b12); + addr_.push_back(b13); + addr_.push_back(b14); + addr_.push_back(b15); +} + +// static +IPAddress IPAddress::AllZeros(size_t num_zero_bytes) { + CHECK_LE(num_zero_bytes, 16u); + IPAddress result; + result.addr_.reserve(num_zero_bytes); + for (size_t i = 0; i < num_zero_bytes; ++i) { + result.addr_.push_back(0u); + } + return result; +} + +// static +IPAddress IPAddress::IPv4AllZeros() { return AllZeros(kIPv4AddressSize); } + +bool IPAddress::IsIPv4() const { return addr_.size() == kIPv4AddressSize; } + +bool IPAddress::IsIPv6() const { return addr_.size() == kIPv6AddressSize; } + +bool IPAddress::IsValid() const { return IsIPv4() || IsIPv6(); } + +const uint8_t *IPAddress::data() const { + return reinterpret_cast(addr_.data()); +} + +size_t IPAddress::size() const { return addr_.size(); } + +const IPAddressBytes &IPAddress::bytes() const { return addr_; } + +static IPAddress ConvertIPv4ToIPv4MappedIPv6(const IPAddress &address) { + CHECK(address.IsIPv4()); + // IPv4-mapped addresses are formed by: + // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>. + uint8_t bytes[16]; + memset(bytes, 0, 10); + memset(bytes + 10, 0xff, 2); + memcpy(bytes + 12, address.data(), address.size()); + return IPAddress(bytes, sizeof(bytes)); +} + +// Note that this function assumes: +// * |ip_address| is at least |prefix_length_in_bits| (bits) long; +// * |ip_prefix| is at least |prefix_length_in_bits| (bits) long. +static bool IPAddressPrefixCheck(const uint8_t *ip_address, + const uint8_t *ip_prefix, + size_t prefix_length_in_bits) { + // Compare all the bytes that fall entirely within the prefix. + size_t num_entire_bytes_in_prefix = prefix_length_in_bits / 8; + for (size_t i = 0; i < num_entire_bytes_in_prefix; ++i) { + if (ip_address[i] != ip_prefix[i]) { + return false; + } + } + + // In case the prefix was not a multiple of 8, there will be 1 byte + // which is only partially masked. + size_t remaining_bits = prefix_length_in_bits % 8; + if (remaining_bits != 0) { + uint8_t mask = 0xFF << (8 - remaining_bits); + size_t i = num_entire_bytes_in_prefix; + if ((ip_address[i] & mask) != (ip_prefix[i] & mask)) { + return false; + } + } + + return true; +} + +bool IPAddressMatchesPrefix(const IPAddress &ip_address, + const IPAddress &ip_prefix, + size_t prefix_length_in_bits) { + // Both the input IP address and the prefix IP address should be either IPv4 + // or IPv6. + DCHECK(ip_address.IsValid()); + DCHECK(ip_prefix.IsValid()); + + DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8); + + // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to + // IPv6 addresses in order to do the comparison. + if (ip_address.size() != ip_prefix.size()) { + if (ip_address.IsIPv4()) { + return IPAddressMatchesPrefix(ConvertIPv4ToIPv4MappedIPv6(ip_address), + ip_prefix, prefix_length_in_bits); + } + return IPAddressMatchesPrefix(ip_address, + ConvertIPv4ToIPv4MappedIPv6(ip_prefix), + 96 + prefix_length_in_bits); + } + + return IPAddressPrefixCheck(ip_address.data(), ip_prefix.data(), + prefix_length_in_bits); +} + +static unsigned CommonPrefixLength(const IPAddress &a1, const IPAddress &a2) { + DCHECK_EQ(a1.size(), a2.size()); + for (size_t i = 0; i < a1.size(); ++i) { + uint8_t diff = a1.bytes()[i] ^ a2.bytes()[i]; + if (!diff) + continue; + for (unsigned j = 0; j < CHAR_BIT; ++j) { + if (diff & (1 << (CHAR_BIT - 1))) + return i * CHAR_BIT + j; + diff <<= 1; + } + abort(); + } + return a1.size() * CHAR_BIT; +} + +unsigned MaskPrefixLength(const IPAddress &mask) { + uint8_t all_ones[16]; + const size_t mask_len = std::min(mask.size(), sizeof(all_ones)); + memset(all_ones, 0xff, mask_len); + return CommonPrefixLength(mask, IPAddress(all_ones, mask_len)); +} + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/ip_address.h b/pki/fillins/ip_address.h new file mode 100644 index 0000000000..cc8030c701 --- /dev/null +++ b/pki/fillins/ip_address.h @@ -0,0 +1,62 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_IP_ADDRESS +#define BSSL_FILLINS_IP_ADDRESS + +#include + +#include +#include + +#include + +namespace bssl { + +namespace fillins { + +typedef std::string IPAddressBytes; + +class OPENSSL_EXPORT IPAddress { + public: + enum : size_t { kIPv4AddressSize = 4, kIPv6AddressSize = 16 }; + + OPENSSL_EXPORT IPAddress(); + OPENSSL_EXPORT IPAddress(const uint8_t *address, size_t address_len); + OPENSSL_EXPORT IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3); + OPENSSL_EXPORT IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, + uint8_t b4, uint8_t b5, uint8_t b6, uint8_t b7, + uint8_t b8, uint8_t b9, uint8_t b10, uint8_t b11, + uint8_t b12, uint8_t b13, uint8_t b14, uint8_t b15); + + static IPAddress IPv4AllZeros(); + + OPENSSL_EXPORT bool IsIPv4() const; + OPENSSL_EXPORT bool IsIPv6() const; + OPENSSL_EXPORT bool IsValid() const; + + OPENSSL_EXPORT const uint8_t *data() const; + OPENSSL_EXPORT size_t size() const; + OPENSSL_EXPORT const IPAddressBytes &bytes() const; + + OPENSSL_EXPORT bool operator==(const IPAddress &other) const { + return addr_ == other.addr_; + } + + private: + static IPAddress AllZeros(size_t num_zero_bytes); + std::string addr_; +}; + +OPENSSL_EXPORT bool IPAddressMatchesPrefix(const IPAddress &ip_address, + const IPAddress &ip_prefix, + size_t prefix_length_in_bits); + +OPENSSL_EXPORT unsigned MaskPrefixLength(const IPAddress &mask); + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_IP_ADDRESS diff --git a/pki/fillins/net_errors.h b/pki/fillins/net_errors.h new file mode 100644 index 0000000000..e3c6e38822 --- /dev/null +++ b/pki/fillins/net_errors.h @@ -0,0 +1,18 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_NET_ERRORS_H +#define BSSL_FILLINS_NET_ERRORS_H + +#include + +namespace bssl { + +enum OPENSSL_EXPORT Error { + OK = 0, +}; + +} // namespace bssl + +#endif // BSSL_FILLINS_NET_ERRORS_H diff --git a/pki/fillins/openssl_util.cc b/pki/fillins/openssl_util.cc new file mode 100644 index 0000000000..6c58169b69 --- /dev/null +++ b/pki/fillins/openssl_util.cc @@ -0,0 +1,19 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "openssl_util.h" + +#include + +namespace bssl { + +namespace fillins { + +OpenSSLErrStackTracer::OpenSSLErrStackTracer() {} + +OpenSSLErrStackTracer::~OpenSSLErrStackTracer() { ERR_clear_error(); } + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/openssl_util.h b/pki/fillins/openssl_util.h new file mode 100644 index 0000000000..3ee173af90 --- /dev/null +++ b/pki/fillins/openssl_util.h @@ -0,0 +1,28 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_OPENSSL_UTIL_H +#define BSSL_FILLINS_OPENSSL_UTIL_H + +#include + +#include + +namespace bssl { + +namespace fillins { + +// Place an instance of this class on the call stack to automatically clear +// the OpenSSL error stack on function exit. +class OPENSSL_EXPORT OpenSSLErrStackTracer { + public: + OPENSSL_EXPORT OpenSSLErrStackTracer(); + OPENSSL_EXPORT ~OpenSSLErrStackTracer(); +}; + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_OPENSSL_UTIL_H diff --git a/pki/fillins/path_service.cc b/pki/fillins/path_service.cc new file mode 100644 index 0000000000..3eda2327a5 --- /dev/null +++ b/pki/fillins/path_service.cc @@ -0,0 +1,44 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "path_service.h" + +#include +#include + +namespace bssl { + +namespace fillins { + +FilePath::FilePath() {} + +FilePath::FilePath(const std::string &path) : path_(path) {} + +const std::string &FilePath::value() const { return path_; } + +FilePath FilePath::AppendASCII(const std::string &ascii_path_element) const { + // Append a path element to a path. Use the \ separator if this appears to + // be a Windows path, otherwise the Unix one. + if (path_.find(":\\") != std::string::npos) { + return FilePath(path_ + "\\" + ascii_path_element); + } + return FilePath(path_ + "/" + ascii_path_element); +} + +// static +void PathService::Get(PathKey key, FilePath *out) { +#if defined(_BORINGSSL_PKI_SRCDIR_) + // We stringify the compile parameter because cmake. sigh. +#define _boringssl_xstr(s) _boringssl_str(s) +#define _boringssl_str(s) #s + const char pki_srcdir[] = _boringssl_xstr(_BORINGSSL_PKI_SRCDIR_); +#else +#error "No _BORINGSSL_PKI_SRCDIR" +#endif // defined(BORINGSSL_PKI_SRCDIR + *out = FilePath(pki_srcdir); +} + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/path_service.h b/pki/fillins/path_service.h new file mode 100644 index 0000000000..aa79e53dd6 --- /dev/null +++ b/pki/fillins/path_service.h @@ -0,0 +1,43 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_PATH_SERVICE_H +#define BSSL_FILLINS_PATH_SERVICE_H + +#include + +#include + +namespace bssl { + +namespace fillins { + +class OPENSSL_EXPORT FilePath { + public: + OPENSSL_EXPORT FilePath(); + OPENSSL_EXPORT FilePath(const std::string &path); + + OPENSSL_EXPORT const std::string &value() const; + + OPENSSL_EXPORT FilePath + AppendASCII(const std::string &ascii_path_element) const; + + private: + std::string path_; +}; + +enum OPENSSL_EXPORT PathKey { + DIR_SOURCE_ROOT = 0, +}; + +class OPENSSL_EXPORT PathService { + public: + static void Get(PathKey key, FilePath *out); +}; + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_PATH_SERVICE_H diff --git a/pki/fillins/string_util.cc b/pki/fillins/string_util.cc new file mode 100644 index 0000000000..aa2986d090 --- /dev/null +++ b/pki/fillins/string_util.cc @@ -0,0 +1,89 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "../string_util.h" +#include +#include +#include "string_util.h" + + +namespace bssl { + +namespace fillins { + + +// TODO(bbe): get rid of this +std::string HexEncode(const void *bytes, size_t size) { + return bssl::string_util::HexEncode((const uint8_t *)bytes, size); +} + +static bool IsUnicodeWhitespace(char c) { + return c == 9 || c == 10 || c == 11 || c == 12 || c == 13 || c == ' '; +} + +std::string CollapseWhitespaceASCII(std::string_view text, + bool trim_sequences_with_line_breaks) { + std::string result; + result.resize(text.size()); + + // Set flags to pretend we're already in a trimmed whitespace sequence, so we + // will trim any leading whitespace. + bool in_whitespace = true; + bool already_trimmed = true; + + int chars_written = 0; + for (auto i = text.begin(); i != text.end(); ++i) { + if (IsUnicodeWhitespace(*i)) { + if (!in_whitespace) { + // Reduce all whitespace sequences to a single space. + in_whitespace = true; + result[chars_written++] = L' '; + } + if (trim_sequences_with_line_breaks && !already_trimmed && + ((*i == '\n') || (*i == '\r'))) { + // Whitespace sequences containing CR or LF are eliminated entirely. + already_trimmed = true; + --chars_written; + } + } else { + // Non-whitespace chracters are copied straight across. + in_whitespace = false; + already_trimmed = false; + result[chars_written++] = *i; + } + } + + if (in_whitespace && !already_trimmed) { + // Any trailing whitespace is eliminated. + --chars_written; + } + + result.resize(chars_written); + return result; +} + +// TODO(bbe): get rid of this (used to be strcasecmp in google3, which +// causes windows pain because msvc and strings.h) +bool EqualsCaseInsensitiveASCII(std::string_view a, std::string_view b) { + return bssl::string_util::IsEqualNoCase(a, b); +} + +bool IsAsciiAlpha(char c) { + return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); +} + +bool IsAsciiDigit(char c) { return c >= '0' && c <= '9'; } + +void ReplaceSubstringsAfterOffset(std::string *s, size_t offset, + std::string_view find, + std::string_view replace) { + std::string_view prefix(s->data(), offset); + std::string suffix = + bssl::string_util::FindAndReplace(s->substr(offset), find, replace); + *s = std::string(prefix) + suffix; +}; + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/string_util.h b/pki/fillins/string_util.h new file mode 100644 index 0000000000..bf1f2e09cb --- /dev/null +++ b/pki/fillins/string_util.h @@ -0,0 +1,41 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_STRING_UTIL_H +#define BSSL_FILLINS_STRING_UTIL_H + +#include + +#include +#include +#include +#include + +namespace bssl { + +namespace fillins { + +OPENSSL_EXPORT std::string HexEncode(const void *bytes, size_t size); + +OPENSSL_EXPORT std::string CollapseWhitespaceASCII( + std::string_view text, bool trim_sequences_with_line_breaks); + +OPENSSL_EXPORT bool EqualsCaseInsensitiveASCII(std::string_view a, + std::string_view b); + +OPENSSL_EXPORT bool IsAsciiAlpha(char c); + +OPENSSL_EXPORT bool IsAsciiDigit(char c); + +OPENSSL_EXPORT void ReplaceSubstringsAfterOffset(std::string *s, size_t offset, + std::string_view find, + std::string_view replace); + +OPENSSL_EXPORT std::string HexDecode(std::string_view hex); + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_STRING_UTIL_H diff --git a/pki/fillins/utf_string_conversions.cc b/pki/fillins/utf_string_conversions.cc new file mode 100644 index 0000000000..9341964238 --- /dev/null +++ b/pki/fillins/utf_string_conversions.cc @@ -0,0 +1,47 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "utf_string_conversions.h" + +namespace bssl { + +namespace fillins { + +static const size_t kMaxUTF8Bytes = 4; + +static size_t EncodeUTF8(uint32_t codepoint, char *out_buf) { + if (codepoint < 0x7f) { + out_buf[0] = codepoint; + return 1; + } + + if (codepoint <= 0x7ff) { + out_buf[0] = 0xc0 | (codepoint >> 6); + out_buf[1] = 0x80 | (codepoint & 0x3f); + return 2; + } + + if (codepoint <= 0xffff) { + out_buf[0] = 0xe0 | (codepoint >> 12); + out_buf[1] = 0x80 | ((codepoint >> 6) & 0x3f); + out_buf[2] = 0x80 | (codepoint & 0x3f); + return 3; + } + + out_buf[0] = 0xf0 | (codepoint >> 18); + out_buf[1] = 0x80 | ((codepoint >> 12) & 0x3f); + out_buf[2] = 0x80 | ((codepoint >> 6) & 0x3f); + out_buf[3] = 0x80 | (codepoint & 0x3f); + return 4; +} + +void WriteUnicodeCharacter(uint32_t codepoint, std::string *append_to) { + char buf[kMaxUTF8Bytes]; + const size_t num_bytes = EncodeUTF8(codepoint, buf); + append_to->append(buf, num_bytes); +} + +} // namespace fillins + +} // namespace bssl diff --git a/pki/fillins/utf_string_conversions.h b/pki/fillins/utf_string_conversions.h new file mode 100644 index 0000000000..c8cdbc1d5e --- /dev/null +++ b/pki/fillins/utf_string_conversions.h @@ -0,0 +1,34 @@ +// Copyright 2023 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_FILLINS_UTF_STRING_CONVERSIONS +#define BSSL_FILLINS_UTF_STRING_CONVERSIONS + +#include + +#include + +#define CBU_IS_SURROGATE(c) (((c)&0xfffff800) == 0xd800) + +#define CBU_IS_UNICODE_NONCHAR(c) \ + ((c) >= 0xfdd0 && ((uint32_t)(c) <= 0xfdef || ((c)&0xfffe) == 0xfffe) && \ + (uint32_t)(c) <= 0x10ffff) + +#define CBU_IS_UNICODE_CHAR(c) \ + ((uint32_t)(c) < 0xd800 || \ + ((uint32_t)(c) > 0xdfff && (uint32_t)(c) <= 0x10ffff && \ + !CBU_IS_UNICODE_NONCHAR(c))) + +namespace bssl { + +namespace fillins { + +OPENSSL_EXPORT void WriteUnicodeCharacter(uint32_t codepoint, + std::string *append_to); + +} // namespace fillins + +} // namespace bssl + +#endif // BSSL_FILLINS_UTF_STRING_CONVERSIONS diff --git a/pki/general_names.cc b/pki/general_names.cc new file mode 100644 index 0000000000..eef60d0cf3 --- /dev/null +++ b/pki/general_names.cc @@ -0,0 +1,242 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "general_names.h" + +#include +#include + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "string_util.h" +#include "input.h" +#include "parser.h" +#include "tag.h" + +namespace bssl { + +DEFINE_CERT_ERROR_ID(kFailedParsingGeneralName, "Failed parsing GeneralName"); + +namespace { + +DEFINE_CERT_ERROR_ID(kRFC822NameNotAscii, "rfc822Name is not ASCII"); +DEFINE_CERT_ERROR_ID(kDnsNameNotAscii, "dNSName is not ASCII"); +DEFINE_CERT_ERROR_ID(kURINotAscii, "uniformResourceIdentifier is not ASCII"); +DEFINE_CERT_ERROR_ID(kFailedParsingIp, "Failed parsing iPAddress"); +DEFINE_CERT_ERROR_ID(kUnknownGeneralNameType, "Unknown GeneralName type"); +DEFINE_CERT_ERROR_ID(kFailedReadingGeneralNames, + "Failed reading GeneralNames SEQUENCE"); +DEFINE_CERT_ERROR_ID(kGeneralNamesTrailingData, + "GeneralNames contains trailing data after the sequence"); +DEFINE_CERT_ERROR_ID(kGeneralNamesEmpty, + "GeneralNames is a sequence of 0 elements"); +DEFINE_CERT_ERROR_ID(kFailedReadingGeneralName, + "Failed reading GeneralName TLV"); + +// Return true if the bitmask |mask| contains only zeros after the first +// |prefix_length| bits. +bool IsSuffixZero(const fillins::IPAddressBytes& mask, unsigned prefix_length) { + size_t zero_bits = mask.size() * CHAR_BIT - prefix_length; + size_t zero_bytes = zero_bits / CHAR_BIT; + // We allocate the vector one byte bigger than needed to ensure there is a + // valid pointer to pass to memcmp for a zero length comparison. + std::vector zeros(zero_bytes + 1, 0); + if (memcmp(zeros.data(), mask.data() + mask.size() - zero_bytes, + zero_bytes)) { + return false; + } + size_t leftover_bits = zero_bits % CHAR_BIT; + if (leftover_bits) { + uint8_t b = mask[mask.size() - zero_bytes - 1]; + for (size_t i = 0; i < leftover_bits; ++i) { + if (b & (1 << i)) + return false; + } + } + return true; +} + +} // namespace + +GeneralNames::GeneralNames() = default; + +GeneralNames::~GeneralNames() = default; + +// static +std::unique_ptr GeneralNames::Create( + const der::Input& general_names_tlv, + CertErrors* errors) { + DCHECK(errors); + + // RFC 5280 section 4.2.1.6: + // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + der::Parser parser(general_names_tlv); + der::Input sequence_value; + if (!parser.ReadTag(der::kSequence, &sequence_value)) { + errors->AddError(kFailedReadingGeneralNames); + return nullptr; + } + // Should not have trailing data after GeneralNames sequence. + if (parser.HasMore()) { + errors->AddError(kGeneralNamesTrailingData); + return nullptr; + } + return CreateFromValue(sequence_value, errors); +} + +// static +std::unique_ptr GeneralNames::CreateFromValue( + const der::Input& general_names_value, + CertErrors* errors) { + DCHECK(errors); + + auto general_names = std::make_unique(); + + der::Parser sequence_parser(general_names_value); + // The GeneralNames sequence should have at least 1 element. + if (!sequence_parser.HasMore()) { + errors->AddError(kGeneralNamesEmpty); + return nullptr; + } + + while (sequence_parser.HasMore()) { + der::Input raw_general_name; + if (!sequence_parser.ReadRawTLV(&raw_general_name)) { + errors->AddError(kFailedReadingGeneralName); + return nullptr; + } + + if (!ParseGeneralName(raw_general_name, IP_ADDRESS_ONLY, + general_names.get(), errors)) { + errors->AddError(kFailedParsingGeneralName); + return nullptr; + } + } + + return general_names; +} + +[[nodiscard]] bool ParseGeneralName( + const der::Input& input, + GeneralNames::ParseGeneralNameIPAddressType ip_address_type, + GeneralNames* subtrees, + CertErrors* errors) { + DCHECK(errors); + der::Parser parser(input); + der::Tag tag; + der::Input value; + if (!parser.ReadTagAndValue(&tag, &value)) + return false; + GeneralNameTypes name_type = GENERAL_NAME_NONE; + if (tag == der::ContextSpecificConstructed(0)) { + // otherName [0] OtherName, + name_type = GENERAL_NAME_OTHER_NAME; + subtrees->other_names.push_back(value); + } else if (tag == der::ContextSpecificPrimitive(1)) { + // rfc822Name [1] IA5String, + name_type = GENERAL_NAME_RFC822_NAME; + const std::string_view s = value.AsStringView(); + if (!bssl::string_util::IsAscii(s)) { + errors->AddError(kRFC822NameNotAscii); + return false; + } + subtrees->rfc822_names.push_back(s); + } else if (tag == der::ContextSpecificPrimitive(2)) { + // dNSName [2] IA5String, + name_type = GENERAL_NAME_DNS_NAME; + const std::string_view s = value.AsStringView(); + if (!bssl::string_util::IsAscii(s)) { + errors->AddError(kDnsNameNotAscii); + return false; + } + subtrees->dns_names.push_back(s); + } else if (tag == der::ContextSpecificConstructed(3)) { + // x400Address [3] ORAddress, + name_type = GENERAL_NAME_X400_ADDRESS; + subtrees->x400_addresses.push_back(value); + } else if (tag == der::ContextSpecificConstructed(4)) { + // directoryName [4] Name, + name_type = GENERAL_NAME_DIRECTORY_NAME; + // Name is a CHOICE { rdnSequence RDNSequence }, therefore the SEQUENCE + // tag is explicit. Remove it, since the name matching functions expect + // only the value portion. + der::Parser name_parser(value); + der::Input name_value; + if (!name_parser.ReadTag(der::kSequence, &name_value) || parser.HasMore()) + return false; + subtrees->directory_names.push_back(name_value); + } else if (tag == der::ContextSpecificConstructed(5)) { + // ediPartyName [5] EDIPartyName, + name_type = GENERAL_NAME_EDI_PARTY_NAME; + subtrees->edi_party_names.push_back(value); + } else if (tag == der::ContextSpecificPrimitive(6)) { + // uniformResourceIdentifier [6] IA5String, + name_type = GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER; + const std::string_view s = value.AsStringView(); + if (!bssl::string_util::IsAscii(s)) { + errors->AddError(kURINotAscii); + return false; + } + subtrees->uniform_resource_identifiers.push_back(s); + } else if (tag == der::ContextSpecificPrimitive(7)) { + // iPAddress [7] OCTET STRING, + name_type = GENERAL_NAME_IP_ADDRESS; + if (ip_address_type == GeneralNames::IP_ADDRESS_ONLY) { + // RFC 5280 section 4.2.1.6: + // When the subjectAltName extension contains an iPAddress, the address + // MUST be stored in the octet string in "network byte order", as + // specified in [RFC791]. The least significant bit (LSB) of each octet + // is the LSB of the corresponding byte in the network address. For IP + // version 4, as specified in [RFC791], the octet string MUST contain + // exactly four octets. For IP version 6, as specified in [RFC2460], + // the octet string MUST contain exactly sixteen octets. + if ((value.Length() != fillins::IPAddress::kIPv4AddressSize && + value.Length() != fillins::IPAddress::kIPv6AddressSize)) { + errors->AddError(kFailedParsingIp); + return false; + } + subtrees->ip_addresses.emplace_back(value.UnsafeData(), value.Length()); + } else { + DCHECK_EQ(ip_address_type, GeneralNames::IP_ADDRESS_AND_NETMASK); + // RFC 5280 section 4.2.1.10: + // The syntax of iPAddress MUST be as described in Section 4.2.1.6 with + // the following additions specifically for name constraints. For IPv4 + // addresses, the iPAddress field of GeneralName MUST contain eight (8) + // octets, encoded in the style of RFC 4632 (CIDR) to represent an + // address range [RFC4632]. For IPv6 addresses, the iPAddress field + // MUST contain 32 octets similarly encoded. For example, a name + // constraint for "class C" subnet 192.0.2.0 is represented as the + // octets C0 00 02 00 FF FF FF 00, representing the CIDR notation + // 192.0.2.0/24 (mask 255.255.255.0). + if (value.Length() != fillins::IPAddress::kIPv4AddressSize * 2 && + value.Length() != fillins::IPAddress::kIPv6AddressSize * 2) { + errors->AddError(kFailedParsingIp); + return false; + } + const fillins::IPAddress mask(value.UnsafeData() + value.Length() / 2, + value.Length() / 2); + const unsigned mask_prefix_length = MaskPrefixLength(mask); + if (!IsSuffixZero(mask.bytes(), mask_prefix_length)) { + errors->AddError(kFailedParsingIp); + return false; + } + subtrees->ip_address_ranges.emplace_back( + fillins::IPAddress(value.UnsafeData(), value.Length() / 2), + mask_prefix_length); + } + } else if (tag == der::ContextSpecificPrimitive(8)) { + // registeredID [8] OBJECT IDENTIFIER } + name_type = GENERAL_NAME_REGISTERED_ID; + subtrees->registered_ids.push_back(value); + } else { + errors->AddError(kUnknownGeneralNameType, + CreateCertErrorParams1SizeT("tag", tag)); + return false; + } + DCHECK_NE(GENERAL_NAME_NONE, name_type); + subtrees->present_name_types |= name_type; + return true; +} + +} // namespace net diff --git a/pki/general_names.h b/pki/general_names.h new file mode 100644 index 0000000000..b9aa0ce591 --- /dev/null +++ b/pki/general_names.h @@ -0,0 +1,124 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_GENERAL_NAMES_H_ +#define BSSL_PKI_GENERAL_NAMES_H_ + +#include "fillins/openssl_util.h" +#include +#include + +#include "fillins/ip_address.h" + +#include "cert_error_id.h" + +namespace bssl { + +class CertErrors; + +OPENSSL_EXPORT extern const CertErrorId kFailedParsingGeneralName; + +namespace der { +class Input; +} // namespace der + +// Bitfield values for the GeneralName types defined in RFC 5280. The ordering +// and exact values are not important, but match the order from the RFC for +// convenience. +enum GeneralNameTypes { + GENERAL_NAME_NONE = 0, + GENERAL_NAME_OTHER_NAME = 1 << 0, + GENERAL_NAME_RFC822_NAME = 1 << 1, + GENERAL_NAME_DNS_NAME = 1 << 2, + GENERAL_NAME_X400_ADDRESS = 1 << 3, + GENERAL_NAME_DIRECTORY_NAME = 1 << 4, + GENERAL_NAME_EDI_PARTY_NAME = 1 << 5, + GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER = 1 << 6, + GENERAL_NAME_IP_ADDRESS = 1 << 7, + GENERAL_NAME_REGISTERED_ID = 1 << 8, + GENERAL_NAME_ALL_TYPES = (1 << 9) - 1, +}; + +// Represents a GeneralNames structure. When processing GeneralNames, it is +// often necessary to know which types of names were present, and to check +// all the names of a certain type. Therefore, a bitfield of all the name +// types is kept, and the names are split into members for each type. +struct OPENSSL_EXPORT GeneralNames { + // Controls parsing of iPAddress names in ParseGeneralName. + // IP_ADDRESS_ONLY parses the iPAddress names as a 4 or 16 byte IP address. + // IP_ADDRESS_AND_NETMASK parses the iPAddress names as 8 or 32 bytes + // containing an IP address followed by a netmask. + enum ParseGeneralNameIPAddressType { + IP_ADDRESS_ONLY, + IP_ADDRESS_AND_NETMASK, + }; + + GeneralNames(); + ~GeneralNames(); + + // Create a GeneralNames object representing the DER-encoded + // |general_names_tlv|. The returned object may reference data from + // |general_names_tlv|, so is only valid as long as |general_names_tlv| is. + // Returns nullptr on failure, and may fill |errors| with + // additional information. |errors| must be non-null. + static std::unique_ptr Create( + const der::Input& general_names_tlv, + CertErrors* errors); + + // As above, but takes the GeneralNames sequence value, without the tag and + // length. + static std::unique_ptr CreateFromValue( + const der::Input& general_names_value, + CertErrors* errors); + + // DER-encoded OtherName values. + std::vector other_names; + + // ASCII rfc822names. + std::vector rfc822_names; + + // ASCII hostnames. + std::vector dns_names; + + // DER-encoded ORAddress values. + std::vector x400_addresses; + + // DER-encoded Name values (not including the Sequence tag). + std::vector directory_names; + + // DER-encoded EDIPartyName values. + std::vector edi_party_names; + + // ASCII URIs. + std::vector uniform_resource_identifiers; + + // iPAddresses as sequences of octets in network byte order. This will be + // populated if the GeneralNames represents a Subject Alternative Name. + std::vector ip_addresses; + + // iPAddress ranges, as pairs. This will be populated + // if the GeneralNames represents a Name Constraints. + std::vector> ip_address_ranges; + + // DER-encoded OBJECT IDENTIFIERs. + std::vector registered_ids; + + // Which name types were present, as a bitfield of GeneralNameTypes. + int present_name_types = GENERAL_NAME_NONE; +}; + +// Parses a GeneralName value and adds it to |subtrees|. +// |ip_address_type| specifies how to parse iPAddress names. +// Returns false on failure, and may fill |errors| with additional information. +// |errors| must be non-null. +// TODO(mattm): should this be a method on GeneralNames? +[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralName( + const der::Input& input, + GeneralNames::ParseGeneralNameIPAddressType ip_address_type, + GeneralNames* subtrees, + CertErrors* errors); + +} // namespace net + +#endif // BSSL_PKI_GENERAL_NAMES_H_ diff --git a/pki/import_spec.json b/pki/import_spec.json new file mode 100644 index 0000000000..09578fc351 --- /dev/null +++ b/pki/import_spec.json @@ -0,0 +1,359 @@ +{ + "replacements": [ + {"match": "^#include \"base/supports_user_data.h\"", + "replace": ""}, + {"match": ": public base::SupportsUserData", + "replace": ""}, + {"match": "~Result\\(\\) override;", + "replace": "~Result();"}, + {"match": "base::SupportsUserData", + "replace": "void"}, + {"match": "^#include \"net/dns/dns_util.h\"", + "replace": ""}, + {"match": "^#include \"base/gtest_prod_util.h\"", + "replace": ""}, + {"match": "^#include \"base/pickle.h\"", + "replace": ""}, + {"match": "^#include \"base/check.h\"", + "replace": "#include \"fillins/check.h\""}, + {"match": "^#include \"base/notreached.h\"", + "replace": ""}, + {"match": "^#include \"base/check_op.h\"", + "replace": "#include \"fillins/check.h\""}, + {"match": "^#include \"net/base/hash_value.h\"", + "replace": "#include \"fillins/hash_value.h\""}, + {"match": "^#include \"net/cert/x509_util.h\"", + "replace": "#include \"fillins/x509_util.h\""}, + {"match": "^#include \"url/gurl.h\"", + "replace": "#include \"webutil/url/url.h\""}, + {"match": "^#include \"build/build_config.h\"", + "replace": ""}, + {"match": "^#include \"base/numerics/clamped_math.h\"", + "replace": "#include \"fillins/clamped_math.h\""}, + {"match": "^#include \"base/numerics/safe_conversions.h\"", + "replace": ""}, + {"match": "^#include \"net/base/net_export.h\"", + "replace": ""}, + {"match": "^#include \"base/strings/string_util.h\"", + "replace": "#include \"fillins/string_util.h\""}, + {"match": "^#include \"base/base_paths.h\"", + "replace": "#include \"fillins/path_service.h\"", + "using": ["bssl::fillins::PathService"]}, + {"match": "base::PathService", + "replace": "bssl::fillins::PathService"}, + {"match": "base::ClampAdd", + "replace": "bssl::fillins::ClampAdd"}, + {"match": "base::ClampMul", + "replace": "bssl::fillins::ClampAdd"}, + {"match": "^#include \"base/files/file_util.h\"", + "replace": "#include \"fillins/file_util.h\""}, + {"match": "^#include \"base/path_service.h\"", + "replace": ""}, + {"match": "^#include \"crypto/openssl_util.h\"", + "replace": "#include \"fillins/openssl_util.h\""}, + {"match": "^#include \"net/base/ip_address.h\"", + "replace": "#include \"fillins/ip_address.h\"", + "using": ["bssl::fillins::IPAddress", + "bssl::fillins::IPAddressBytes"]}, + {"match": " IPAddress", + "replace": " fillins::IPAddress"}, + {"match": ""}, + {"match": "^#include \"base/base64.h\"", + "replace": "#include \"fillins/base64.h\""}, + {"match": "^#include \"base/strings/stringprintf.h\"", + "replace": ""}, + {"match": "^#include \"third_party/boringssl/src/include/openssl/(.*).h\"", + "replace": "#include "}, + {"match": "^#include \"net/cert/pki/", + "replace": "#include \""}, + {"match": "^#include \"net/cert/", + "replace": "#include \""}, + {"match": "^#include \"net/der/", + "replace": "#include \""}, + {"match": "^#include \"net/", + "replace": "#include \""}, + {"match": "^#include \"net_buildflags.h\"", + "replace": ""}, + {"match": "^#include \"base/time/time.h\"", + "replace": ""}, + {"match": "^#include \"base/strings/string_piece.h\"", + "replace": "#include \n"}, + {"match": "^#include \"testing/gtest/include/gtest/gtest.h\"", + "replace": "#include "}, + {"match": "^#include \"testing/gmock/include/gmock/gmock.h\"", + "replace": "#include "}, + {"match": "^#include \"base/containers/span.h\"", + "replace": "#include "}, + {"match": "^#include \"third_party/abseil-cpp/absl/types/optional.h\"", + "replace": "#include "}, + {"match": "^#include \"base/containers/contains.h\"", + "replace": ""}, + {"match": "GURL", + "replace": "URL", + "include": "webutil/url/url.h"}, + {"match": "absl::nullopt", + "replace": "std::nullopt" }, + {"match": "absl::optional", + "replace": "std::optional" }, + {"match": "absl::make_optional", + "replace": "std::make_optional" }, + {"match": "base::span", + "replace": "bssl::Span" }, + {"match": "base::make_span", + "replace": "bssl::MakeSpan" }, + {"match": "base::as_bytes", + "replace": "fillins::as_bytes", + "include": "fillins/bits.h"}, + {"match": "^namespace net {", + "replace": "namespace bssl {"}, + {"match": "namespace net::([^ ]+) {", + "replace": "namespace bssl::$1 {"}, + {"match": "NET_EXPORT_PRIVATE ", + "replace": "OPENSSL_EXPORT ", + "include": "fillins/openssl_util.h"}, + {"match": "NET_EXPORT ", + "replace": "OPENSSL_EXPORT ", + "include": "fillins/openssl_util.h"}, + {"match": "NOTREACHED\\(\\)", + "replace": "abort(); //NOTREACHED" }, + {"match": "NOTREACHED_NORETURN\\(\\)", + "replace": "abort(); //NOTREACHED_NORETURN" }, + {"match": "FRIEND_TEST_ALL_PREFIXES\\(.+;", + "replace": ""}, + {"match": " NET_DER", + "replace": " BSSL_DER"}, + {"match": " NET_CERT_PKI", + "replace": " BSSL_PKI"}, + {"match": " NET_CERT", + "replace": " BSSL_PKI"}, + {"match": "^using base::StringPiece;", + "replace": ""}, + {"match": "base::StringPiece", + "replace": "std::string_view"}, + {"match": "base::StartsWith\\(", + "replace": "bssl::string_util::StartsWith(", + "include": "string_util.h"}, + {"match": "base::StringPrintf", + "replace": "absl::StrFormat", + "include": "third_party/absl/strings/str_format.h"}, + {"match": "base::Base64Encode", + "replace": "fillins::Base64Encode"}, + {"match": "base::Base64Decode", + "replace": "fillins::Base64Decode"}, + {"match": "base::ReadFileToString", + "replace": "fillins::ReadFileToString"}, + {"match": "base::CollapseWhitespaceASCII", + "replace": "fillins::CollapseWhitespaceASCII"}, + {"match": "base::FilePath", + "replace": "fillins::FilePath"}, + {"match": "base::DIR_SOURCE_ROOT", + "replace": "fillins::DIR_SOURCE_ROOT"}, + {"match": "base::NetToHost16\\(", + "replace": "ntohs("}, + {"match": "base::NetToHost32\\(", + "replace": "ntohl("}, + { "match": "base_icu::UChar32", + "replace": "uint32_t"}, + {"match": "base::WriteUnicodeCharacter\\(", + "replace": "fillins::WriteUnicodeCharacter("}, + {"match": "base::IsAsciiAlpha\\(", + "replace": "fillins::IsAsciiAlpha("}, + {"match": "scoped_refptr<", + "replace": "std::shared_ptr<"}, + {"match": ": public base::RefCountedThreadSafe<.+>", + "replace": ""}, + {"match": "friend class base::RefCountedThreadSafe<.+>;", + "replace": ""}, + {"match": "net::string_util::", + "replace": "bssl::string_util::"}, + {"match": "net::x509_util::", + "replace": "x509_util::"}, + {"match": " net::der", + "replace": " bssl::der"}, + {"match": "net::ParsedCertificate", + "replace": "ParsedCertificate"}, + {"match": "net::CertPathBuilderResultPath", + "replace": "CertPathBuilderResultPath"}, + {"match": "net::CertErrors", + "replace": "bssl::CertErrors"}, + {"match": "base::Time::Exploded", + "replace": "fillins::Exploded", + "include": "fillins/time.h"}, + {"match": "([a-zA-Z_0-9]+)\\.UTCExplode\\(&([^)]*)\\)", + "replace": "fillins::UTCExplode($1, &$2)"}, + {"match": "net::ReadTestFileToString\\(", + "replace": "ReadTestFileToString("}, + {"match": "base::Seconds\\(", + "replace": "absl::Seconds("}, + {"match": "base::Time::UnixEpoch\\(", + "replace": "absl::UnixEpoch("}, + {"match": "base::Time::FromUTCExploded\\(", + "replace": "fillins::FromUTCExploded(", + "include": "fillins/time.h"}, + {"match": "base::Time::Now\\(\\)", + "replace": "absl::Now()"}, + {"match": "base::Time::Min\\(\\)", + "replace": "absl::InfinitePast()"}, + {"match": "base::Time::Max\\(\\)", + "replace": "absl::InfiniteFuture()"}, + {"match": "base::Time", + "replace": "absl::Time", + "include": "fillins/time.h"}, + {"match": "constexpr absl::Time", + "replace": "const absl::Time"}, + {"match": "^ // Map from OID to ParsedExtension.$", + "replace": "~ParsedCertificate();\n$0"}, + {"match": "^ ~ParsedCertificate\\(\\);$", + "replace": " "}, + {"match": "crypto::OpenSSLErrStackTracer", + "replace": "fillins::OpenSSLErrStackTracer"}, + {"match": "\\(FROM_HERE\\)", + "replace": ""}, + {"match": "([^a-zA-Z])StringPiece([^a-zA-Z])", + "replace": "${1}std::string_view$2"}, + {"match": "crypto::kSHA256Length", + "replace": "SHA256_DIGEST_LENGTH"}, + {"match": "raw_ptr<([^>]*)>", + "replace": "$1 *"} + ], + "files": [ + "net/cert/asn1_util.h", + "net/cert/asn1_util.cc", + "net/cert/cert_net_fetcher.h", + "net/cert/cert_status_flags.h", + "net/cert/cert_status_flags_list.h", + "net/cert/cert_verify_proc_blocklist.inc", + "net/cert/pki/cert_error_id.cc", + "net/cert/pki/cert_error_id.h", + "net/cert/pki/cert_error_params.cc", + "net/cert/pki/cert_error_params.h", + "net/cert/pki/cert_errors.cc", + "net/cert/pki/cert_errors.h", + "net/cert/pki/certificate_policies.cc", + "net/cert/pki/certificate_policies.h", + "net/cert/pki/certificate_policies_unittest.cc", + "net/cert/pki/cert_issuer_source.h", + "net/cert/pki/cert_issuer_source_static.cc", + "net/cert/pki/cert_issuer_source_static.h", + "net/cert/pki/cert_issuer_source_static_unittest.cc", + "net/cert/pki/cert_issuer_source_sync_unittest.h", + "net/cert/pki/common_cert_errors.cc", + "net/cert/pki/common_cert_errors.h", + "net/cert/pki/crl.h", + "net/cert/pki/crl.cc", + "net/cert/pki/extended_key_usage.cc", + "net/cert/pki/extended_key_usage.h", + "net/cert/pki/extended_key_usage_unittest.cc", + "net/cert/pki/general_names.h", + "net/cert/pki/general_names.cc", + "net/cert/pki/mock_signature_verify_cache.h", + "net/cert/pki/mock_signature_verify_cache.cc", + "net/cert/pki/name_constraints.cc", + "net/cert/pki/name_constraints.h", + "net/cert/pki/name_constraints_unittest.cc", + "net/cert/pki/nist_pkits_unittest.cc", + "net/cert/pki/nist_pkits_unittest.h", + "net/cert/pki/ocsp.cc", + "net/cert/pki/ocsp.h", + "net/cert/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc", + "net/cert/pki/ocsp_parse_ocsp_response_data_fuzzer.cc", + "net/cert/pki/ocsp_parse_ocsp_response_fuzzer.cc", + "net/cert/pki/ocsp_parse_ocsp_single_response_fuzzer.cc", + "net/cert/pki/ocsp_unittest.cc", + "net/cert/pki/parse_certificate.cc", + "net/cert/pki/parse_certificate.h", + "net/cert/pki/parse_certificate_unittest.cc", + "net/cert/pki/parsed_certificate.cc", + "net/cert/pki/parsed_certificate.h", + "net/cert/pki/parse_certificate_fuzzer.cc", + "net/cert/pki/parsed_certificate_unittest.cc", + "net/cert/pki/parse_name.cc", + "net/cert/pki/parse_name.h", + "net/cert/pki/parse_name_unittest.cc", + "net/cert/pki/path_builder.cc", + "net/cert/pki/path_builder.h", + "net/cert/pki/path_builder_pkits_unittest.cc", + "net/cert/pki/path_builder_unittest.cc", + "net/cert/pki/path_builder_verify_certificate_chain_unittest.cc", + "net/cert/pki/revocation_util.h", + "net/cert/pki/revocation_util.cc", + "net/cert/pki/signature_algorithm.cc", + "net/cert/pki/signature_algorithm.h", + "net/cert/pki/signature_algorithm_unittest.cc", + "net/cert/pki/simple_path_builder_delegate.cc", + "net/cert/pki/simple_path_builder_delegate.h", + "net/cert/pki/simple_path_builder_delegate_unittest.cc", + "net/cert/pki/string_util.cc", + "net/cert/pki/string_util_unittest.cc", + "net/cert/pki/string_util.h", + "net/cert/pki/signature_verify_cache.h", + "net/cert/pki/test_helpers.cc", + "net/cert/pki/test_helpers.h", + "net/cert/pki/trust_store.cc", + "net/cert/pki/trust_store_collection.cc", + "net/cert/pki/trust_store_collection.h", + "net/cert/pki/trust_store_collection_unittest.cc", + "net/cert/pki/trust_store.h", + "net/cert/pki/trust_store_in_memory.cc", + "net/cert/pki/trust_store_in_memory.h", + "net/cert/pki/verify_certificate_chain.cc", + "net/cert/pki/verify_certificate_chain.h", + "net/cert/pki/verify_certificate_chain_pkits_unittest.cc", + "net/cert/pki/verify_certificate_chain_typed_unittest.h", + "net/cert/pki/verify_certificate_chain_unittest.cc", + "net/cert/pki/verify_name_match.cc", + "net/cert/pki/verify_name_match.h", + "net/cert/pki/verify_name_match_unittest.cc", + "net/cert/pki/verify_name_match_fuzzer.cc", + "net/cert/pki/verify_name_match_normalizename_fuzzer.cc", + "net/cert/pki/verify_name_match_verifynameinsubtree_fuzzer.cc", + "net/cert/pki/verify_signed_data.cc", + "net/cert/pki/verify_signed_data.h", + "net/cert/pki/verify_signed_data_unittest.cc", + "net/cert/ocsp_revocation_status.h", + "net/cert/ocsp_verify_result.h", + "net/cert/ocsp_verify_result.cc", + "net/cert/pem.cc", + "net/cert/pem.h", + "net/cert/x509_certificate.cc", + "net/cert/x509_certificate.h", + "net/cert/x509_cert_types.h", + "net/der/encode_values.cc", + "net/der/encode_values.h", + "net/der/encode_values_unittest.cc", + "net/der/input.cc", + "net/der/input.h", + "net/der/input_unittest.cc", + "net/der/parser.cc", + "net/der/parser.h", + "net/der/parser_unittest.cc", + "net/der/parse_values.cc", + "net/der/parse_values.h", + "net/der/parse_values_unittest.cc", + "net/der/tag.cc", + "net/der/tag.h" + ] +} diff --git a/pki/import_tool.go b/pki/import_tool.go new file mode 100644 index 0000000000..b1915f62c5 --- /dev/null +++ b/pki/import_tool.go @@ -0,0 +1,187 @@ +// import_tool is a quick tool for importing Chromium's certificate verifier +// code into google3. In time it might be replaced by Copybara, but this is a +// lighter-weight solution while we're quickly iterating and only going in one +// direction. +// +// Usage: ./import_tool -spec import_spec.json\ +// -source-base ~/src/chromium/src/net\ +// -dest-base . +package main + +import ( + "bufio" + "encoding/json" + "errors" + "flag" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "regexp" + "strings" + "sync" + "sync/atomic" +) + +type specification struct { + Replacements []replacement `json:"replacements"` + Files []string `json:"files"` +} + +type replacement struct { + Match string `json:"match"` + matchRE *regexp.Regexp `json:"-"` + Replace string `json:"replace"` + Include string `json:"include"` + Using []string `json:"using"` + used uint32 +} + +var ( + specFile *string = flag.String("spec", "", "Location of spec JSON") + sourceBase *string = flag.String("source-base", "", "Path of the source files") + destBase *string = flag.String("dest-base", "", "Path of the destination files") +) + +func transformFile(spec *specification, filename string) error { + const newLine = "\n" + + sourcePath := filepath.Join(*sourceBase, filename) + destPath := filename + destPath = strings.TrimPrefix(destPath, "net/") + destPath = strings.TrimPrefix(destPath, "cert/") + destPath = strings.TrimPrefix(destPath, "der/") + destPath = strings.TrimPrefix(destPath, "pki/") + destPath = filepath.Join(*destBase, destPath) + destDir := filepath.Dir(destPath) + if err := os.MkdirAll(destDir, 0755); err != nil { + return err + } + + source, err := os.Open(sourcePath) + if err != nil { + return err + } + defer source.Close() + + dest, err := os.OpenFile(destPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644) + if err != nil { + return err + } + defer dest.Close() + + var using []string + var includeInsertionPoint int + includes := make(map[string]struct{}) + scanner := bufio.NewScanner(source) + out := "" + for scanner.Scan() { + line := scanner.Text() + + if includeInsertionPoint == 0 && len(line) > 0 && + !strings.HasPrefix(line, "// ") && + !strings.HasPrefix(line, "#if") && + !strings.HasPrefix(line, "#define ") { + includeInsertionPoint = len(out) + } + + for i, repl := range spec.Replacements { + if !repl.matchRE.MatchString(line) { + continue + } + line = repl.matchRE.ReplaceAllString(line, repl.Replace) + atomic.StoreUint32(&spec.Replacements[i].used, 1) + using = append(using, repl.Using...) + if repl.Include != "" { + includes[repl.Include] = struct{}{} + } + } + + for _, u := range using { + line = strings.Replace( + line, "namespace chromium_certificate_verifier {", + "namespace chromium_certificate_verifier {\nusing "+u+";", 1) + } + + out += line + out += newLine + } + + if len(includes) > 0 { + if includeInsertionPoint == 0 { + panic("failed to find include insertion point for " + filename) + } + + var s string + for include := range includes { + s = s + "#include \"" + include + "\"\n" + } + + out = out[:includeInsertionPoint] + s + out[includeInsertionPoint:] + } + + dest.WriteString(out) + fmt.Printf("%s\n", filename) + + return nil +} + +func do() error { + flag.Parse() + + specBytes, err := ioutil.ReadFile(*specFile) + if err != nil { + return err + } + + var spec specification + if err := json.Unmarshal(specBytes, &spec); err != nil { + if jsonError, ok := err.(*json.SyntaxError); ok { + return fmt.Errorf("JSON parse error at offset %v: %v", jsonError.Offset, err.Error()) + } + return errors.New("JSON parse error: " + err.Error()) + } + + for i, repl := range spec.Replacements { + var err error + spec.Replacements[i].matchRE, err = regexp.Compile(repl.Match) + if err != nil { + return fmt.Errorf("Failed to parse %q: %s", repl.Match, err) + } + } + + errors := make(chan error, len(spec.Files)) + var wg sync.WaitGroup + + for _, filename := range spec.Files { + wg.Add(1) + + go func(filename string) { + if err := transformFile(&spec, filename); err != nil { + errors <- err + } + wg.Done() + }(filename) + } + + wg.Wait() + select { + case err := <-errors: + return err + default: + break + } + for _, repl := range spec.Replacements { + if repl.used == 0 { + fmt.Fprintf(os.Stderr, "replacement for \"%s\" not used\n", repl.Match) + } + } + return nil +} + +func main() { + if err := do(); err != nil { + fmt.Fprintf(os.Stderr, "%s\n", err) + os.Exit(1) + } +} diff --git a/pki/input.cc b/pki/input.cc new file mode 100644 index 0000000000..cf83201218 --- /dev/null +++ b/pki/input.cc @@ -0,0 +1,71 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "input.h" + +#include + +#include "fillins/check.h" + +namespace bssl::der { + +Input::Input(std::string_view in) + : data_(reinterpret_cast(in.data())), len_(in.length()) {} + +Input::Input(const std::string* s) : Input(std::string_view(*s)) {} + +std::string Input::AsString() const { + return std::string(reinterpret_cast(data_), len_); +} + +std::string_view Input::AsStringView() const { + return std::string_view(reinterpret_cast(data_), len_); +} + +bssl::Span Input::AsSpan() const { + return bssl::MakeSpan(data_, len_); +} + +bool operator==(const Input& lhs, const Input& rhs) { + return lhs.Length() == rhs.Length() && + std::equal(lhs.UnsafeData(), lhs.UnsafeData() + lhs.Length(), + rhs.UnsafeData()); +} + +bool operator!=(const Input& lhs, const Input& rhs) { + return !(lhs == rhs); +} + +ByteReader::ByteReader(const Input& in) + : data_(in.UnsafeData()), len_(in.Length()) { +} + +bool ByteReader::ReadByte(uint8_t* byte_p) { + if (!HasMore()) + return false; + *byte_p = *data_; + Advance(1); + return true; +} + +bool ByteReader::ReadBytes(size_t len, Input* out) { + if (len > len_) + return false; + *out = Input(data_, len); + Advance(len); + return true; +} + +// Returns whether there is any more data to be read. +bool ByteReader::HasMore() { + return len_ > 0; +} + +void ByteReader::Advance(size_t len) { + CHECK_LE(len, len_); + data_ += len; + len_ -= len; +} + +} // namespace bssl::der diff --git a/pki/input.h b/pki/input.h new file mode 100644 index 0000000000..14a1feff29 --- /dev/null +++ b/pki/input.h @@ -0,0 +1,156 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_DER_INPUT_H_ +#define BSSL_DER_INPUT_H_ + +#include "fillins/openssl_util.h" +#include +#include + +#include + +#include + + +namespace bssl::der { + +// An opaque class that represents a fixed buffer of data of a fixed length, +// to be used as an input to other operations. An Input object does not own +// the data it references, so callers are responsible for making sure that +// the data outlives the Input object and any other associated objects. +// +// All data access for an Input should be done through the ByteReader class. +// This class and associated classes are designed with safety in mind to make it +// difficult to read memory outside of an Input. ByteReader provides a simple +// API for reading through the Input sequentially. For more complicated uses, +// multiple instances of a ByteReader for a particular Input can be created. +class OPENSSL_EXPORT Input { + public: + // Creates an empty Input, one from which no data can be read. + constexpr Input() = default; + + // Creates an Input from a constant array |data|. + template + constexpr explicit Input(const uint8_t (&data)[N]) : data_(data), len_(N) {} + + // Creates an Input from the given |data| and |len|. + constexpr explicit Input(const uint8_t* data, size_t len) + : data_(data), len_(len) {} + + // Creates an Input from a std::string_view + explicit Input(std::string_view sp); + + // Creates an Input from a std::string. The lifetimes are a bit subtle when + // using this function: The constructed Input is only valid so long as |s| is + // still alive and not mutated. + explicit Input(const std::string* s); + + // Returns the length in bytes of an Input's data. + constexpr size_t Length() const { return len_; } + + // Returns a pointer to the Input's data. This method is marked as "unsafe" + // because access to the Input's data should be done through ByteReader + // instead. This method should only be used where using a ByteReader truly + // is not an option. + constexpr const uint8_t* UnsafeData() const { return data_; } + + // Returns a copy of the data represented by this object as a std::string. + std::string AsString() const; + + // Returns a std::string_view pointing to the same data as the Input. The + // resulting string_view must not outlive the data that was used to construct + // this Input. + std::string_view AsStringView() const; + + // Returns a bssl::Span pointing to the same data as the Input. The resulting + // bssl::Span must not outlive the data that was used to construct this + // Input. + bssl::Span AsSpan() const; + + private: + // This constructor is deleted to prevent constructing an Input from a + // std::string r-value. Since the Input points to memory owned by another + // object, such an Input would point to invalid memory. Without this deleted + // constructor, a std::string could be passed in to the std::string_view + // constructor because of std::string_view's implicit constructor. + Input(std::string) = delete; + + const uint8_t* data_ = nullptr; + size_t len_ = 0; +}; + +// Return true if |lhs|'s data and |rhs|'s data are byte-wise equal. +OPENSSL_EXPORT bool operator==(const Input& lhs, const Input& rhs); + +// Return true if |lhs|'s data and |rhs|'s data are not byte-wise equal. +OPENSSL_EXPORT bool operator!=(const Input& lhs, const Input& rhs); + +// Returns true if |lhs|'s data is lexicographically less than |rhs|'s data. +OPENSSL_EXPORT constexpr bool operator<(const Input& lhs, + const Input& rhs) { + // This is `std::lexicographical_compare`, but that's not `constexpr` until + // C++-20. + auto* it1 = lhs.UnsafeData(); + auto* it2 = rhs.UnsafeData(); + const auto* end1 = lhs.UnsafeData() + lhs.Length(); + const auto* end2 = rhs.UnsafeData() + rhs.Length(); + for (; it1 != end1 && it2 != end2; ++it1, ++it2) { + if (*it1 < *it2) { + return true; + } else if (*it2 < *it1) { + return false; + } + } + + return it2 != end2; +} + +// This class provides ways to read data from an Input in a bounds-checked way. +// The ByteReader is designed to read through the input sequentially. Once a +// byte has been read with a ByteReader, the caller can't go back and re-read +// that byte with the same reader. Of course, the caller can create multiple +// ByteReaders for the same input (or copy an existing ByteReader). +// +// For something simple like a single byte lookahead, the easiest way to do +// that is to copy the ByteReader and call ReadByte() on the copy - the original +// ByteReader will be unaffected and the peeked byte will be read through +// ReadByte(). For other read patterns, it can be useful to mark where one is +// in a ByteReader to be able to return to that spot. +// +// Some operations using Mark can also be done by creating a copy of the +// ByteReader. By using a Mark instead, you use less memory, but more +// importantly, you end up with an immutable object that matches the semantics +// of what is intended. +class OPENSSL_EXPORT ByteReader { + public: + // Creates a ByteReader to read the data represented by an Input. + explicit ByteReader(const Input& in); + + // Reads a single byte from the input source, putting the byte read in + // |*byte_p|. If a byte cannot be read from the input (because there is + // no input left), then this method returns false. + [[nodiscard]] bool ReadByte(uint8_t* out); + + // Reads |len| bytes from the input source, and initializes an Input to + // point to that data. If there aren't enough bytes left in the input source, + // then this method returns false. + [[nodiscard]] bool ReadBytes(size_t len, Input* out); + + // Returns how many bytes are left to read. + size_t BytesLeft() const { return len_; } + + // Returns whether there is any more data to be read. + bool HasMore(); + + private: + void Advance(size_t len); + + const uint8_t* data_; + size_t len_; +}; + +} // namespace bssl::der + +#endif // BSSL_DER_INPUT_H_ diff --git a/pki/input_unittest.cc b/pki/input_unittest.cc new file mode 100644 index 0000000000..6c3f75733a --- /dev/null +++ b/pki/input_unittest.cc @@ -0,0 +1,107 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "input.h" + +#include + +namespace bssl::der::test { + +constexpr uint8_t kInput[] = {'t', 'e', 's', 't'}; +const uint8_t kInput2[] = {'t', 'e', 'a', 'l'}; + +TEST(InputTest, Equals) { + Input test(kInput); + Input test2(kInput); + EXPECT_EQ(test, test2); + + uint8_t input_copy[std::size(kInput)] = {0}; + memcpy(input_copy, kInput, std::size(kInput)); + Input test_copy(input_copy); + EXPECT_EQ(test, test_copy); + + Input test_truncated(kInput, std::size(kInput) - 1); + EXPECT_NE(test, test_truncated); + EXPECT_NE(test_truncated, test); +} + +TEST(InputTest, LessThan) { + Input test(kInput); + EXPECT_FALSE(test < test); + + Input test2(kInput2); + EXPECT_FALSE(test < test2); + EXPECT_TRUE(test2 < test); + + Input test_truncated(kInput, std::size(kInput) - 1); + EXPECT_FALSE(test < test_truncated); + EXPECT_TRUE(test_truncated < test); +} + +TEST(InputTest, AsString) { + Input input(kInput); + std::string expected_string(reinterpret_cast(kInput), + std::size(kInput)); + EXPECT_EQ(expected_string, input.AsString()); +} + +TEST(InputTest, StaticArray) { + Input input(kInput); + EXPECT_EQ(std::size(kInput), input.Length()); + + Input input2(kInput); + EXPECT_EQ(input, input2); +} + +TEST(InputTest, ConstExpr) { + constexpr Input default_input; + static_assert(default_input.Length() == 0); + static_assert(default_input.UnsafeData() == nullptr); + + constexpr Input const_array_input(kInput); + static_assert(const_array_input.Length() == 4); + static_assert(const_array_input.UnsafeData() == kInput); + static_assert(default_input < const_array_input); + + constexpr Input ptr_len_input(kInput, 2); + static_assert(ptr_len_input.Length() == 2); + static_assert(ptr_len_input.UnsafeData() == kInput); + static_assert(ptr_len_input < const_array_input); + + Input runtime_input(kInput2, 2); + EXPECT_EQ(runtime_input, ptr_len_input); +} + +TEST(ByteReaderTest, NoReadPastEnd) { + ByteReader reader(Input(nullptr, 0)); + uint8_t data; + EXPECT_FALSE(reader.ReadByte(&data)); +} + +TEST(ByteReaderTest, ReadToEnd) { + uint8_t out; + ByteReader reader((Input(kInput))); + for (uint8_t input : kInput) { + ASSERT_TRUE(reader.ReadByte(&out)); + ASSERT_EQ(input, out); + } + EXPECT_FALSE(reader.ReadByte(&out)); +} + +TEST(ByteReaderTest, PartialReadFails) { + Input out; + ByteReader reader((Input(kInput))); + EXPECT_FALSE(reader.ReadBytes(5, &out)); +} + +TEST(ByteReaderTest, HasMore) { + Input out; + ByteReader reader((Input(kInput))); + + ASSERT_TRUE(reader.HasMore()); + ASSERT_TRUE(reader.ReadBytes(std::size(kInput), &out)); + ASSERT_FALSE(reader.HasMore()); +} + +} // namespace bssl::der::test diff --git a/pki/mock_signature_verify_cache.cc b/pki/mock_signature_verify_cache.cc new file mode 100644 index 0000000000..786fd441fc --- /dev/null +++ b/pki/mock_signature_verify_cache.cc @@ -0,0 +1,32 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "mock_signature_verify_cache.h" + +#include + +namespace bssl { + +MockSignatureVerifyCache::MockSignatureVerifyCache() = default; + +MockSignatureVerifyCache::~MockSignatureVerifyCache() = default; + +void MockSignatureVerifyCache::Store(const std::string& key, + SignatureVerifyCache::Value value) { + cache_.insert_or_assign(key, value); + stores_++; +} + +SignatureVerifyCache::Value MockSignatureVerifyCache::Check( + const std::string& key) { + auto iter = cache_.find(key); + if (iter == cache_.end()) { + misses_++; + return SignatureVerifyCache::Value::kUnknown; + } + hits_++; + return iter->second; +} + +} // namespace net diff --git a/pki/mock_signature_verify_cache.h b/pki/mock_signature_verify_cache.h new file mode 100644 index 0000000000..ed7f1b1f3d --- /dev/null +++ b/pki/mock_signature_verify_cache.h @@ -0,0 +1,48 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_MOCK_SIGNATURE_VERIFY_CACHE_H_ +#define BSSL_PKI_MOCK_SIGNATURE_VERIFY_CACHE_H_ + +#include + +#include +#include +#include + + +#include "signature_verify_cache.h" + +namespace bssl { + +// MockSignatureVerifyCache is an implementation of SignatureVerifyCache. It is +// intended only for testing of cache functionality. + +class MockSignatureVerifyCache : public SignatureVerifyCache { + public: + MockSignatureVerifyCache(); + + ~MockSignatureVerifyCache() override; + + void Store(const std::string& key, + SignatureVerifyCache::Value value) override; + + SignatureVerifyCache::Value Check(const std::string& key) override; + + size_t CacheHits() { return hits_; } + + size_t CacheMisses() { return misses_; } + + size_t CacheStores() { return stores_; } + + private: + std::unordered_map cache_; + size_t hits_ = 0; + size_t misses_ = 0; + size_t stores_ = 0; +}; + +} // namespace net + +#endif // BSSL_PKI_MOCK_PATH_BUILDER_DELEGATE_H_ diff --git a/pki/name_constraints.cc b/pki/name_constraints.cc new file mode 100644 index 0000000000..6dbe2fb071 --- /dev/null +++ b/pki/name_constraints.cc @@ -0,0 +1,674 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "name_constraints.h" + +#include + +#include + +#include "cert_errors.h" +#include "common_cert_errors.h" +#include "general_names.h" +#include "string_util.h" +#include "verify_name_match.h" +#include "input.h" +#include "parser.h" +#include "tag.h" +#include + +namespace bssl { + +namespace { + +// The name types of GeneralName that are fully supported in name constraints. +// +// (The other types will have the minimal checking described by RFC 5280 +// section 4.2.1.10: If a name constraints extension that is marked as critical +// imposes constraints on a particular name form, and an instance of +// that name form appears in the subject field or subjectAltName +// extension of a subsequent certificate, then the application MUST +// either process the constraint or reject the certificate.) +const int kSupportedNameTypes = + GENERAL_NAME_RFC822_NAME | GENERAL_NAME_DNS_NAME | + GENERAL_NAME_DIRECTORY_NAME | GENERAL_NAME_IP_ADDRESS; + +// Controls wildcard handling of DNSNameMatches. +// If WildcardMatchType is WILDCARD_PARTIAL_MATCH "*.bar.com" is considered to +// match the constraint "foo.bar.com". If it is WILDCARD_FULL_MATCH, "*.bar.com" +// will match "bar.com" but not "foo.bar.com". +enum WildcardMatchType { WILDCARD_PARTIAL_MATCH, WILDCARD_FULL_MATCH }; + +// Returns true if |name| falls in the subtree defined by |dns_constraint|. +// RFC 5280 section 4.2.1.10: +// DNS name restrictions are expressed as host.example.com. Any DNS +// name that can be constructed by simply adding zero or more labels +// to the left-hand side of the name satisfies the name constraint. For +// example, www.host.example.com would satisfy the constraint but +// host1.example.com would not. +// +// |wildcard_matching| controls handling of wildcard names (|name| starts with +// "*."). Wildcard handling is not specified by RFC 5280, but certificate +// verification allows it, name constraints must check it similarly. +bool DNSNameMatches(std::string_view name, + std::string_view dns_constraint, + WildcardMatchType wildcard_matching) { + // Everything matches the empty DNS name constraint. + if (dns_constraint.empty()) + return true; + + // Normalize absolute DNS names by removing the trailing dot, if any. + if (!name.empty() && *name.rbegin() == '.') + name.remove_suffix(1); + if (!dns_constraint.empty() && *dns_constraint.rbegin() == '.') + dns_constraint.remove_suffix(1); + + // Wildcard partial-match handling ("*.bar.com" matching name constraint + // "foo.bar.com"). This only handles the case where the the dnsname and the + // constraint match after removing the leftmost label, otherwise it is handled + // by falling through to the check of whether the dnsname is fully within or + // fully outside of the constraint. + if (wildcard_matching == WILDCARD_PARTIAL_MATCH && name.size() > 2 && + name[0] == '*' && name[1] == '.') { + size_t dns_constraint_dot_pos = dns_constraint.find('.'); + if (dns_constraint_dot_pos != std::string::npos) { + std::string_view dns_constraint_domain = + dns_constraint.substr(dns_constraint_dot_pos + 1); + std::string_view wildcard_domain = name.substr(2); + if (bssl::string_util::IsEqualNoCase(wildcard_domain, + dns_constraint_domain)) { + return true; + } + } + } + + if (!bssl::string_util::EndsWithNoCase(name, dns_constraint)) { + return false; + } + + // Exact match. + if (name.size() == dns_constraint.size()) + return true; + // If dNSName constraint starts with a dot, only subdomains should match. + // (e.g., "foo.bar.com" matches constraint ".bar.com", but "bar.com" doesn't.) + // RFC 5280 is ambiguous, but this matches the behavior of other platforms. + if (!dns_constraint.empty() && dns_constraint[0] == '.') + dns_constraint.remove_prefix(1); + // Subtree match. + if (name.size() > dns_constraint.size() && + name[name.size() - dns_constraint.size() - 1] == '.') { + return true; + } + // Trailing text matches, but not in a subtree (e.g., "foobar.com" is not a + // match for "bar.com"). + return false; +} + +// Parses a GeneralSubtrees |value| and store the contents in |subtrees|. +// The individual values stored into |subtrees| are not validated by this +// function. +// NOTE: |subtrees| is not pre-initialized by the function(it is expected to be +// a default initialized object), and it will be modified regardless of the +// return value. +[[nodiscard]] bool ParseGeneralSubtrees(const der::Input& value, + GeneralNames* subtrees, + CertErrors* errors) { + DCHECK(errors); + + // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + // + // GeneralSubtree ::= SEQUENCE { + // base GeneralName, + // minimum [0] BaseDistance DEFAULT 0, + // maximum [1] BaseDistance OPTIONAL } + // + // BaseDistance ::= INTEGER (0..MAX) + der::Parser sequence_parser(value); + // The GeneralSubtrees sequence should have at least 1 element. + if (!sequence_parser.HasMore()) + return false; + while (sequence_parser.HasMore()) { + der::Parser subtree_sequence; + if (!sequence_parser.ReadSequence(&subtree_sequence)) + return false; + + der::Input raw_general_name; + if (!subtree_sequence.ReadRawTLV(&raw_general_name)) + return false; + + if (!ParseGeneralName(raw_general_name, + GeneralNames::IP_ADDRESS_AND_NETMASK, subtrees, + errors)) { + errors->AddError(kFailedParsingGeneralName); + return false; + } + + // RFC 5280 section 4.2.1.10: + // Within this profile, the minimum and maximum fields are not used with any + // name forms, thus, the minimum MUST be zero, and maximum MUST be absent. + // However, if an application encounters a critical name constraints + // extension that specifies other values for minimum or maximum for a name + // form that appears in a subsequent certificate, the application MUST + // either process these fields or reject the certificate. + + // Note that technically failing here isn't required: rather only need to + // fail if a name of this type actually appears in a subsequent cert and + // this extension was marked critical. However the minimum and maximum + // fields appear uncommon enough that implementing that isn't useful. + if (subtree_sequence.HasMore()) + return false; + } + return true; +} + +bool IsAlphaDigit(char c) { + return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'z') || + (c >= 'A' && c <= 'Z'); +} + +// Returns true if 'local_part' contains only characters that are valid in a +// non-quoted mailbox local-part. Does not check any other part of the syntax +// requirements. Does not allow whitespace. +bool IsAllowedRfc822LocalPart(std::string_view local_part) { + if (local_part.empty()) { + return false; + } + for (char c : local_part) { + if (!(IsAlphaDigit(c) || c == '!' || c == '#' || c == '$' || c == '%' || + c == '&' || c == '\'' || c == '*' || c == '+' || c == '-' || + c == '/' || c == '=' || c == '?' || c == '^' || c == '_' || + c == '`' || c == '{' || c == '|' || c == '}' || c == '~' || + c == '.')) { + return false; + } + } + return true; +} + +// Returns true if 'domain' contains only characters that are valid in a +// mailbox domain. Does not check any other part of the syntax +// requirements. Does not allow IPv6-address-literal as text IPv6 addresses are +// non-unique. Does not allow other address literals either as how to handle +// them with domain/subdomain matching isn't specified/possible. +bool IsAllowedRfc822Domain(std::string_view domain) { + if (domain.empty()) { + return false; + } + for (char c : domain) { + if (!(IsAlphaDigit(c) || c == '-' || c == '.')) { + return false; + } + } + return true; +} + +enum class Rfc822NameMatchType { kPermitted, kExcluded }; +bool Rfc822NameMatches(std::string_view local_part, + std::string_view domain, + std::string_view rfc822_constraint, + Rfc822NameMatchType match_type, + bool case_insensitive_local_part) { + // In case of parsing errors, return a value that will cause the name to not + // be permitted. + const bool error_value = + match_type == Rfc822NameMatchType::kPermitted ? false : true; + + std::vector constraint_components = + bssl::string_util::SplitString(rfc822_constraint, '@'); + std::string_view constraint_local_part; + std::string_view constraint_domain; + if (constraint_components.size() == 1) { + constraint_domain = constraint_components[0]; + } else if (constraint_components.size() == 2) { + constraint_local_part = constraint_components[0]; + if (!IsAllowedRfc822LocalPart(constraint_local_part)) { + return error_value; + } + constraint_domain = constraint_components[1]; + } else { + // If we did the full parsing then it is possible for a @ to be in a quoted + // local-part of the name, but we don't do that, so just error if @ appears + // more than once. + return error_value; + } + if (!IsAllowedRfc822Domain(constraint_domain)) { + return error_value; + } + + // RFC 5280 section 4.2.1.10: + // To indicate a particular mailbox, the constraint is the complete mail + // address. For example, "root@example.com" indicates the root mailbox on + // the host "example.com". + if (!constraint_local_part.empty()) { + return (case_insensitive_local_part + ? string_util::IsEqualNoCase(local_part, constraint_local_part) + : local_part == constraint_local_part) && + string_util::IsEqualNoCase(domain, constraint_domain); + } + + // RFC 5280 section 4.2.1.10: + // To specify any address within a domain, the constraint is specified with a + // leading period (as with URIs). For example, ".example.com" indicates all + // the Internet mail addresses in the domain "example.com", but not Internet + // mail addresses on the host "example.com". + if (!constraint_domain.empty() && constraint_domain[0] == '.') { + return string_util::EndsWithNoCase(domain, constraint_domain); + } + + // RFC 5280 section 4.2.1.10: + // To indicate all Internet mail addresses on a particular host, the + // constraint is specified as the host name. For example, the constraint + // "example.com" is satisfied by any mail address at the host "example.com". + return string_util::IsEqualNoCase(domain, constraint_domain); +} + +} // namespace + +NameConstraints::~NameConstraints() = default; + +// static +std::unique_ptr NameConstraints::Create( + const der::Input& extension_value, + bool is_critical, + CertErrors* errors) { + DCHECK(errors); + + auto name_constraints = std::make_unique(); + if (!name_constraints->Parse(extension_value, is_critical, errors)) + return nullptr; + return name_constraints; +} + +bool NameConstraints::Parse(const der::Input& extension_value, + bool is_critical, + CertErrors* errors) { + DCHECK(errors); + + der::Parser extension_parser(extension_value); + der::Parser sequence_parser; + + // NameConstraints ::= SEQUENCE { + // permittedSubtrees [0] GeneralSubtrees OPTIONAL, + // excludedSubtrees [1] GeneralSubtrees OPTIONAL } + if (!extension_parser.ReadSequence(&sequence_parser)) + return false; + if (extension_parser.HasMore()) + return false; + + std::optional permitted_subtrees_value; + if (!sequence_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &permitted_subtrees_value)) { + return false; + } + if (permitted_subtrees_value && + !ParseGeneralSubtrees(permitted_subtrees_value.value(), + &permitted_subtrees_, errors)) { + return false; + } + constrained_name_types_ |= + permitted_subtrees_.present_name_types & + (is_critical ? GENERAL_NAME_ALL_TYPES : kSupportedNameTypes); + + std::optional excluded_subtrees_value; + if (!sequence_parser.ReadOptionalTag(der::ContextSpecificConstructed(1), + &excluded_subtrees_value)) { + return false; + } + if (excluded_subtrees_value && + !ParseGeneralSubtrees(excluded_subtrees_value.value(), + &excluded_subtrees_, errors)) { + return false; + } + constrained_name_types_ |= + excluded_subtrees_.present_name_types & + (is_critical ? GENERAL_NAME_ALL_TYPES : kSupportedNameTypes); + + // RFC 5280 section 4.2.1.10: + // Conforming CAs MUST NOT issue certificates where name constraints is an + // empty sequence. That is, either the permittedSubtrees field or the + // excludedSubtrees MUST be present. + if (!permitted_subtrees_value && !excluded_subtrees_value) + return false; + + if (sequence_parser.HasMore()) + return false; + + return true; +} + +void NameConstraints::IsPermittedCert(const der::Input& subject_rdn_sequence, + const GeneralNames* subject_alt_names, + CertErrors* errors) const { + // Checking NameConstraints is O(number_of_names * number_of_constraints). + // Impose a hard limit to mitigate the use of name constraints as a DoS + // mechanism. This mimics the similar check in BoringSSL x509/v_ncons.c + // TODO(bbe): make both name constraint mechanisms subquadratic and remove + // this check. + + const size_t kMaxChecks = 1048576; // 1 << 20 + + // Names all come from a certificate, which is bound by size_t, so adding them + // up can not overflow a size_t. + size_t name_count = 0; + // Constraints all come from a certificate, which is bound by a size_t, so + // adding them up can not overflow a size_t. + size_t constraint_count = 0; + if (subject_alt_names) { + name_count = subject_alt_names->rfc822_names.size() + + subject_alt_names->dns_names.size() + + subject_alt_names->directory_names.size() + + subject_alt_names->ip_addresses.size(); + constraint_count = excluded_subtrees_.rfc822_names.size() + + permitted_subtrees_.rfc822_names.size() + + excluded_subtrees_.dns_names.size() + + permitted_subtrees_.dns_names.size() + + excluded_subtrees_.directory_names.size() + + permitted_subtrees_.directory_names.size() + + excluded_subtrees_.ip_address_ranges.size() + + permitted_subtrees_.ip_address_ranges.size(); + } else { + constraint_count += excluded_subtrees_.directory_names.size() + + permitted_subtrees_.directory_names.size(); + name_count = subject_rdn_sequence.Length(); + } + // Upper bound the number of possible checks, checking for overflow. + size_t check_count = constraint_count * name_count; + if ((constraint_count > 0 && check_count / constraint_count != name_count) || + check_count > kMaxChecks) { + errors->AddError(cert_errors::kTooManyNameConstraintChecks); + return; + } + + std::vector subject_email_addresses_to_check; + if (!subject_alt_names && + (constrained_name_types() & GENERAL_NAME_RFC822_NAME)) { + if (!FindEmailAddressesInName(subject_rdn_sequence, + &subject_email_addresses_to_check)) { + // Error parsing |subject_rdn_sequence|. + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + + // Subject Alternative Name handling: + // + // RFC 5280 section 4.2.1.6: + // id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } + // + // SubjectAltName ::= GeneralNames + // + // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + + if (subject_alt_names) { + // Check unsupported name types: + // constrained_name_types() for the unsupported types will only be true if + // that type of name was present in a name constraint that was marked + // critical. + // + // RFC 5280 section 4.2.1.10: + // If a name constraints extension that is marked as critical + // imposes constraints on a particular name form, and an instance of + // that name form appears in the subject field or subjectAltName + // extension of a subsequent certificate, then the application MUST + // either process the constraint or reject the certificate. + if (constrained_name_types() & subject_alt_names->present_name_types & + ~kSupportedNameTypes) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + + // Check supported name types: + + // Only check rfc822 SANs if any rfc822 constraints are present, since we + // might fail if there are email addresses we don't know how to parse but + // are technically correct. + if (constrained_name_types() & GENERAL_NAME_RFC822_NAME) { + for (const auto& rfc822_name : subject_alt_names->rfc822_names) { + if (!IsPermittedRfc822Name( + rfc822_name, /*case_insensitive_exclude_localpart=*/false)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + } + + for (const auto& dns_name : subject_alt_names->dns_names) { + if (!IsPermittedDNSName(dns_name)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + + for (const auto& directory_name : subject_alt_names->directory_names) { + if (!IsPermittedDirectoryName(directory_name)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + + for (const auto& ip_address : subject_alt_names->ip_addresses) { + if (!IsPermittedIP(ip_address)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + } + + // Subject handling: + + // RFC 5280 section 4.2.1.10: + // Legacy implementations exist where an electronic mail address is embedded + // in the subject distinguished name in an attribute of type emailAddress + // (Section 4.1.2.6). When constraints are imposed on the rfc822Name name + // form, but the certificate does not include a subject alternative name, the + // rfc822Name constraint MUST be applied to the attribute of type emailAddress + // in the subject distinguished name. + for (const auto& rfc822_name : subject_email_addresses_to_check) { + // Whether local_part should be matched case-sensitive or not is somewhat + // unclear. RFC 2821 says that it should be case-sensitive. RFC 2985 says + // that emailAddress attributes in a Name are fully case-insensitive. + // Some other verifier implementations always do local-part comparison + // case-sensitive, while some always do it case-insensitive. Many but not + // all SMTP servers interpret addresses as case-insensitive. + // + // Give how poorly specified this is, and the conflicting implementations + // in the wild, this implementation will do case-insensitive match for + // excluded names from the subject to avoid potentially allowing + // something that wasn't expected. + if (!IsPermittedRfc822Name(rfc822_name, + /*case_insensitive_exclude_localpart=*/true)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } + } + + // RFC 5280 4.1.2.6: + // If subject naming information is present only in the subjectAltName + // extension (e.g., a key bound only to an email address or URI), then the + // subject name MUST be an empty sequence and the subjectAltName extension + // MUST be critical. + // This code assumes that criticality condition is checked by the caller, and + // therefore only needs to avoid the IsPermittedDirectoryName check against an + // empty subject in such a case. + if (subject_alt_names && subject_rdn_sequence.Length() == 0) + return; + + if (!IsPermittedDirectoryName(subject_rdn_sequence)) { + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } +} + +bool NameConstraints::IsPermittedRfc822Name( + std::string_view name, + bool case_insensitive_exclude_localpart) const { + // RFC 5280 4.2.1.6. Subject Alternative Name + // + // When the subjectAltName extension contains an Internet mail address, + // the address MUST be stored in the rfc822Name. The format of an + // rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821]. + // A Mailbox has the form "Local-part@Domain". Note that a Mailbox has + // no phrase (such as a common name) before it, has no comment (text + // surrounded in parentheses) after it, and is not surrounded by "<" and + // ">". Rules for encoding Internet mail addresses that include + // internationalized domain names are specified in Section 7.5. + + // Relevant parts from RFC 2821 & RFC 2822 + // + // Mailbox = Local-part "@" Domain + // Local-part = Dot-string / Quoted-string + // ; MAY be case-sensitive + // + // Dot-string = Atom *("." Atom) + // Atom = 1*atext + // Quoted-string = DQUOTE *qcontent DQUOTE + // + // + // atext = ALPHA / DIGIT / ; Any character except controls, + // "!" / "#" / ; SP, and specials. + // "$" / "%" / ; Used for atoms + // "&" / "'" / + // "*" / "+" / + // "-" / "/" / + // "=" / "?" / + // "^" / "_" / + // "`" / "{" / + // "|" / "}" / + // "~" + // + // atom = [CFWS] 1*atext [CFWS] + // + // + // qtext = NO-WS-CTL / ; Non white space controls + // %d33 / ; The rest of the US-ASCII + // %d35-91 / ; characters not including "\" + // %d93-126 ; or the quote character + // + // quoted-pair = ("\" text) / obs-qp + // qcontent = qtext / quoted-pair + // + // + // Domain = (sub-domain 1*("." sub-domain)) / address-literal + // sub-domain = Let-dig [Ldh-str] + // + // Let-dig = ALPHA / DIGIT + // Ldh-str = *( ALPHA / DIGIT / "-" ) Let-dig + // + // address-literal = "[" IPv4-address-literal / + // IPv6-address-literal / + // General-address-literal "]" + // ; See section 4.1.3 + + // However, no one actually implements all that. Known implementations just + // do string comparisons, but that is technically incorrect. (Ex: a + // constraint excluding |foo@example.com| should exclude a SAN of + // |"foo"@example.com|, while a naive direct comparison will allow it.) + // + // We don't implement all that either, but do something a bit more fail-safe + // by rejecting any addresses that contain characters that are not allowed in + // the non-quoted formats. + + std::vector name_components = + bssl::string_util::SplitString(name, '@'); + if (name_components.size() != 2) { + // If we did the full parsing then it is possible for a @ to be in a quoted + // local-part of the name, but we don't do that, so just fail if @ appears + // more than once. + return false; + } + if (!IsAllowedRfc822LocalPart(name_components[0]) || + !IsAllowedRfc822Domain(name_components[1])) { + return false; + } + + for (const auto& excluded_name : excluded_subtrees_.rfc822_names) { + if (Rfc822NameMatches(name_components[0], name_components[1], excluded_name, + Rfc822NameMatchType::kExcluded, + case_insensitive_exclude_localpart)) { + return false; + } + } + + // If permitted subtrees are not constrained, any name that is not excluded is + // allowed. + if (!(permitted_subtrees_.present_name_types & GENERAL_NAME_RFC822_NAME)) { + return true; + } + + for (const auto& permitted_name : permitted_subtrees_.rfc822_names) { + if (Rfc822NameMatches(name_components[0], name_components[1], + permitted_name, Rfc822NameMatchType::kPermitted, + /*case_insenitive_local_part=*/false)) { + return true; + } + } + + return false; +} + +bool NameConstraints::IsPermittedDNSName(std::string_view name) const { + for (const auto& excluded_name : excluded_subtrees_.dns_names) { + // When matching wildcard hosts against excluded subtrees, consider it a + // match if the constraint would match any expansion of the wildcard. Eg, + // *.bar.com should match a constraint of foo.bar.com. + if (DNSNameMatches(name, excluded_name, WILDCARD_PARTIAL_MATCH)) + return false; + } + + // If permitted subtrees are not constrained, any name that is not excluded is + // allowed. + if (!(permitted_subtrees_.present_name_types & GENERAL_NAME_DNS_NAME)) + return true; + + for (const auto& permitted_name : permitted_subtrees_.dns_names) { + // When matching wildcard hosts against permitted subtrees, consider it a + // match only if the constraint would match all expansions of the wildcard. + // Eg, *.bar.com should match a constraint of bar.com, but not foo.bar.com. + if (DNSNameMatches(name, permitted_name, WILDCARD_FULL_MATCH)) + return true; + } + + return false; +} + +bool NameConstraints::IsPermittedDirectoryName( + const der::Input& name_rdn_sequence) const { + for (const auto& excluded_name : excluded_subtrees_.directory_names) { + if (VerifyNameInSubtree(name_rdn_sequence, excluded_name)) + return false; + } + + // If permitted subtrees are not constrained, any name that is not excluded is + // allowed. + if (!(permitted_subtrees_.present_name_types & GENERAL_NAME_DIRECTORY_NAME)) + return true; + + for (const auto& permitted_name : permitted_subtrees_.directory_names) { + if (VerifyNameInSubtree(name_rdn_sequence, permitted_name)) + return true; + } + + return false; +} + +bool NameConstraints::IsPermittedIP(const fillins::IPAddress& ip) const { + for (const auto& excluded_ip : excluded_subtrees_.ip_address_ranges) { + if (fillins::IPAddressMatchesPrefix(ip, excluded_ip.first, excluded_ip.second)) + return false; + } + + // If permitted subtrees are not constrained, any name that is not excluded is + // allowed. + if (!(permitted_subtrees_.present_name_types & GENERAL_NAME_IP_ADDRESS)) + return true; + + for (const auto& permitted_ip : permitted_subtrees_.ip_address_ranges) { + if (fillins::IPAddressMatchesPrefix(ip, permitted_ip.first, permitted_ip.second)) + return true; + } + + return false; +} + +} // namespace net diff --git a/pki/name_constraints.h b/pki/name_constraints.h new file mode 100644 index 0000000000..6de9c41c0b --- /dev/null +++ b/pki/name_constraints.h @@ -0,0 +1,106 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_NAME_CONSTRAINTS_H_ +#define BSSL_PKI_NAME_CONSTRAINTS_H_ + +#include "fillins/openssl_util.h" +#include + +#include + +#include "fillins/ip_address.h" + +#include "general_names.h" + +namespace bssl { + +class CertErrors; + +namespace der { +class Input; +} // namespace der + +// Parses a NameConstraints extension value and allows testing whether names are +// allowed under those constraints as defined by RFC 5280 section 4.2.1.10. +class OPENSSL_EXPORT NameConstraints { + public: + ~NameConstraints(); + + // Parses a DER-encoded NameConstraints extension and initializes this object. + // |extension_value| should be the extnValue from the extension (not including + // the OCTET STRING tag). |is_critical| should be true if the extension was + // marked critical. Returns nullptr if parsing the the extension failed. + // The object may reference data from |extension_value|, so is only valid as + // long as |extension_value| is. + static std::unique_ptr Create( + const der::Input& extension_value, + bool is_critical, + CertErrors* errors); + + // Tests if a certificate is allowed by the name constraints. + // |subject_rdn_sequence| should be the DER-encoded value of the subject's + // RDNSequence (not including Sequence tag), and may be an empty ASN.1 + // sequence. |subject_alt_names| should be the parsed representation of the + // subjectAltName extension or nullptr if the extension was not present. + // If the certificate is not allowed, an error will be added to |errors|. + // Note that this method does not check hostname or IP address in commonName, + // which is deprecated (crbug.com/308330). + void IsPermittedCert(const der::Input& subject_rdn_sequence, + const GeneralNames* subject_alt_names, + CertErrors* errors) const; + + // Returns true if the ASCII email address |name| is permitted. |name| should + // be a "mailbox" as specified by RFC 2821, with the additional restriction + // that quoted names and whitespace are not allowed by this implementation. + bool IsPermittedRfc822Name(std::string_view name, + bool case_insensitive_exclude_localpart) const; + + // Returns true if the ASCII hostname |name| is permitted. + // |name| may be a wildcard hostname (starts with "*."). Eg, "*.bar.com" + // would not be permitted if "bar.com" is permitted and "foo.bar.com" is + // excluded, while "*.baz.com" would only be permitted if "baz.com" is + // permitted. + bool IsPermittedDNSName(std::string_view name) const; + + // Returns true if the directoryName |name_rdn_sequence| is permitted. + // |name_rdn_sequence| should be the DER-encoded RDNSequence value (not + // including the Sequence tag.) + bool IsPermittedDirectoryName(const der::Input& name_rdn_sequence) const; + + // Returns true if the iPAddress |ip| is permitted. + bool IsPermittedIP(const fillins::IPAddress& ip) const; + + // Returns a bitfield of GeneralNameTypes of all the types constrained by this + // NameConstraints. Name types that aren't supported will only be present if + // the name constraint they appeared in was marked critical. + // + // RFC 5280 section 4.2.1.10 says: + // Applications conforming to this profile MUST be able to process name + // constraints that are imposed on the directoryName name form and SHOULD be + // able to process name constraints that are imposed on the rfc822Name, + // uniformResourceIdentifier, dNSName, and iPAddress name forms. + // If a name constraints extension that is marked as critical + // imposes constraints on a particular name form, and an instance of + // that name form appears in the subject field or subjectAltName + // extension of a subsequent certificate, then the application MUST + // either process the constraint or reject the certificate. + int constrained_name_types() const { return constrained_name_types_; } + + const GeneralNames& permitted_subtrees() const { return permitted_subtrees_; } + const GeneralNames& excluded_subtrees() const { return excluded_subtrees_; } + + private: + [[nodiscard]] bool Parse(const der::Input& extension_value, + bool is_critical, + CertErrors* errors); + + GeneralNames permitted_subtrees_; + GeneralNames excluded_subtrees_; + int constrained_name_types_ = GENERAL_NAME_NONE; +}; + +} // namespace net + +#endif // BSSL_PKI_NAME_CONSTRAINTS_H_ diff --git a/pki/name_constraints_unittest.cc b/pki/name_constraints_unittest.cc new file mode 100644 index 0000000000..6d6a12121a --- /dev/null +++ b/pki/name_constraints_unittest.cc @@ -0,0 +1,1824 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "name_constraints.h" + +#include + +#include "fillins/ip_address.h" +#include "common_cert_errors.h" +#include "test_helpers.h" +#include +#include + +namespace bssl { +namespace { + +::testing::AssertionResult LoadTestData(const char* token, + const std::string& basename, + std::string* result) { + std::string path = "testdata/name_constraints_unittest/" + basename; + + const PemBlockMapping mappings[] = { + {token, result}, + }; + + return ReadTestDataFromPemFile(path, mappings); +} + +::testing::AssertionResult LoadTestName(const std::string& basename, + std::string* result) { + return LoadTestData("NAME", basename, result); +} + +::testing::AssertionResult LoadTestNameConstraint(const std::string& basename, + std::string* result) { + return LoadTestData("NAME CONSTRAINTS", basename, result); +} + +::testing::AssertionResult LoadTestSubjectAltNameData( + const std::string& basename, + std::string* result) { + return LoadTestData("SUBJECT ALTERNATIVE NAME", basename, result); +} + +::testing::AssertionResult LoadTestSubjectAltName( + const std::string& basename, + std::unique_ptr* result, + std::string* result_der) { + ::testing::AssertionResult load_result = + LoadTestSubjectAltNameData(basename, result_der); + if (!load_result) + return load_result; + CertErrors errors; + *result = GeneralNames::Create(der::Input(result_der), &errors); + if (!*result) + return ::testing::AssertionFailure() << "Create failed"; + return ::testing::AssertionSuccess(); +} + +::testing::AssertionResult IsPermittedCert( + const NameConstraints* name_constraints, + const der::Input& subject_rdn_sequence, + const GeneralNames* subject_alt_names) { + CertErrors errors; + name_constraints->IsPermittedCert(subject_rdn_sequence, subject_alt_names, + &errors); + if (!errors.ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH)) + return ::testing::AssertionSuccess(); + if (!errors.ContainsError(cert_errors::kNotPermittedByNameConstraints)) + ADD_FAILURE() << "unexpected error " << errors.ToDebugString(); + return ::testing::AssertionFailure(); +} + +} // namespace + +class ParseNameConstraints + : public ::testing::TestWithParam<::testing::tuple> { + public: + bool is_critical() const { return ::testing::get<0>(GetParam()); } +}; + +// Run the tests with the name constraints marked critical and non-critical. For +// supported name types, the results should be the same for both. +INSTANTIATE_TEST_SUITE_P(InstantiationName, + ParseNameConstraints, + ::testing::Values(true, false)); + +TEST_P(ParseNameConstraints, DNSNames) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example.com.")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("a.permitted.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("apermitted.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("apermitted.example.com.")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("alsopermitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("excluded.permitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("a.excluded.permitted.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName( + "stillnotpermitted.excluded.permitted.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName( + "a.stillnotpermitted.excluded.permitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("extraneousexclusion.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName( + "a.extraneousexclusion.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("other.example.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("other.com")); + + // Wildcard names: + // Pattern could match excluded.permitted.example.com, thus should not be + // allowed. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.permitted.example.com")); + // Entirely within excluded name, obviously not allowed. + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("*.excluded.permitted.example.com")); + // Within permitted.example.com and cannot match any exclusion, thus these are + // allowed. + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("*.foo.permitted.example.com")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("*.alsopermitted.example.com")); + // Matches permitted.example2.com, but also matches other .example2.com names + // which are not in either permitted or excluded, so not allowed. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.example2.com")); + // Partial wildcards are not supported, so these name are permitted even if + // it seems like they shouldn't be. It's fine, since certificate verification + // won't treat them as wildcard names either. + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("*xcluded.permitted.example.com")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("exclude*.permitted.example.com")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("excl*ded.permitted.example.com")); + // Garbage wildcard data. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.*")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName(".*")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*")); + // Matches SAN with trailing dot. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example3.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example3.com.")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("a.permitted.example3.com")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("a.permitted.example3.com.")); + + EXPECT_EQ(GENERAL_NAME_DNS_NAME, name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-dnsname.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-directoryname.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-ipaddress.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, + DNSNamesWithMultipleLevelsBetweenExcludedAndPermitted) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname2.pem", &a)); + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // Matches permitted exactly. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("com")); + // Contained within permitted and doesn't match excluded (foo.bar.com). + EXPECT_TRUE(name_constraints->IsPermittedDNSName("bar.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("baz.bar.com")); + // Matches excluded exactly. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foo.bar.com")); + // Contained within excluded. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("baz.foo.bar.com")); + + // Cannot match anything within excluded. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("*.baz.bar.com")); + // Wildcard hostnames only match a single label, so cannot match excluded + // which has two labels before .com. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("*.com")); + + // Partial match of foo.bar.com. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.bar.com")); + // All expansions of wildcard are within excluded. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.foo.bar.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesPermittedWithLeadingDot) { + std::string a; + ASSERT_TRUE( + LoadTestNameConstraint("dnsname-permitted_with_leading_dot.pem", &a)); + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // A permitted dNSName constraint of ".bar.com" should only match subdomains + // of .bar.com, but not bar.com itself. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("bar.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foobar.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("foo.bar.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("*.bar.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesExcludedWithLeadingDot) { + std::string a; + ASSERT_TRUE( + LoadTestNameConstraint("dnsname-excluded_with_leading_dot.pem", &a)); + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // An excluded dNSName constraint of ".bar.com" should only match subdomains + // of .bar.com, but not bar.com itself. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("bar.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("foobar.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foo.bar.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.bar.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesPermittedTwoDot) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-permitted_two_dot.pem", &a)); + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // A dNSName constraint of ".." isn't meaningful. Shouldn't match anything. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("com.")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foo.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("*.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesExcludeOnly) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-excluded.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // Only "excluded.permitted.example.com" is excluded, and since permitted is + // empty, any dNSName outside that is allowed. + EXPECT_TRUE(name_constraints->IsPermittedDNSName("")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("foo.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("excluded.permitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("a.excluded.permitted.example.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesExcludeAll) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-excludeall.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // "permitted.example.com" is in the permitted section, but since "" is + // excluded, nothing is permitted. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foo.com")); + EXPECT_FALSE(name_constraints->IsPermittedDNSName("permitted.example.com")); + EXPECT_FALSE( + name_constraints->IsPermittedDNSName("foo.permitted.example.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesExcludeDot) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-exclude_dot.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // "." is excluded, which should match nothing. + EXPECT_FALSE(name_constraints->IsPermittedDNSName("foo.com")); + EXPECT_TRUE(name_constraints->IsPermittedDNSName("permitted.example.com")); + EXPECT_TRUE( + name_constraints->IsPermittedDNSName("foo.permitted.example.com")); +} + +TEST_P(ParseNameConstraints, DNSNamesFailOnInvalidIA5String) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("dnsname.pem", &a)); + + size_t replace_location = a.find("permitted.example2.com"); + ASSERT_NE(std::string::npos, replace_location); + a.replace(replace_location, 1, 1, -1); + + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, DirectoryNames) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("directoryname.pem", &constraints_der)); + + std::string name_us; + ASSERT_TRUE(LoadTestName("name-us.pem", &name_us)); + std::string name_us_ca; + ASSERT_TRUE(LoadTestName("name-us-california.pem", &name_us_ca)); + std::string name_us_ca_mountain_view; + ASSERT_TRUE(LoadTestName("name-us-california-mountain_view.pem", + &name_us_ca_mountain_view)); + std::string name_us_az; + ASSERT_TRUE(LoadTestName("name-us-arizona.pem", &name_us_az)); + std::string name_jp; + ASSERT_TRUE(LoadTestName("name-jp.pem", &name_jp)); + std::string name_jp_tokyo; + ASSERT_TRUE(LoadTestName("name-jp-tokyo.pem", &name_jp_tokyo)); + std::string name_de; + ASSERT_TRUE(LoadTestName("name-de.pem", &name_de)); + std::string name_ca; + ASSERT_TRUE(LoadTestName("name-ca.pem", &name_ca)); + + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // Not in any permitted subtree. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_ca))); + // Within the permitted C=US subtree. + EXPECT_TRUE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us))); + // Within the permitted C=US subtree. + EXPECT_TRUE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_az))); + // Within the permitted C=US subtree, however the excluded C=US,ST=California + // subtree takes priority. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_ca))); + // Within the permitted C=US subtree as well as the permitted + // C=US,ST=California,L=Mountain View subtree, however the excluded + // C=US,ST=California subtree still takes priority. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_ca_mountain_view))); + // Not in any permitted subtree, and also inside the extraneous excluded C=DE + // subtree. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_de))); + // Not in any permitted subtree. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_jp))); + // Within the permitted C=JP,ST=Tokyo subtree. + EXPECT_TRUE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_jp_tokyo))); + + EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, + name_constraints->constrained_name_types()); + + // Within the permitted C=US subtree. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us), + nullptr /* subject_alt_names */)); + // Within the permitted C=US subtree, however the excluded C=US,ST=California + // subtree takes priority. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_ca), + nullptr /* subject_alt_names */)); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-dnsname.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-directoryname.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-ipaddress.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, DirectoryNamesExcludeOnly) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("directoryname-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name_empty; + ASSERT_TRUE(LoadTestName("name-empty.pem", &name_empty)); + std::string name_us; + ASSERT_TRUE(LoadTestName("name-us.pem", &name_us)); + std::string name_us_ca; + ASSERT_TRUE(LoadTestName("name-us-california.pem", &name_us_ca)); + std::string name_us_ca_mountain_view; + ASSERT_TRUE(LoadTestName("name-us-california-mountain_view.pem", + &name_us_ca_mountain_view)); + + // Only "C=US,ST=California" is excluded, and since permitted is empty, + // any directoryName outside that is allowed. + EXPECT_TRUE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_empty))); + EXPECT_TRUE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us))); + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_ca))); + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_ca_mountain_view))); +} + +TEST_P(ParseNameConstraints, DirectoryNamesExcludeAll) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("directoryname-excludeall.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name_empty; + ASSERT_TRUE(LoadTestName("name-empty.pem", &name_empty)); + std::string name_us; + ASSERT_TRUE(LoadTestName("name-us.pem", &name_us)); + std::string name_us_ca; + ASSERT_TRUE(LoadTestName("name-us-california.pem", &name_us_ca)); + std::string name_us_ca_mountain_view; + ASSERT_TRUE(LoadTestName("name-us-california-mountain_view.pem", + &name_us_ca_mountain_view)); + std::string name_jp; + ASSERT_TRUE(LoadTestName("name-jp.pem", &name_jp)); + + // "C=US" is in the permitted section, but since an empty + // directoryName is excluded, nothing is permitted. + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_empty))); + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us))); + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_us_ca))); + EXPECT_FALSE(name_constraints->IsPermittedDirectoryName( + SequenceValueFromString(&name_jp))); +} + +TEST_P(ParseNameConstraints, IPAdresses) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // IPv4 tests: + + // Not in any permitted range. + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 169, 0, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 0, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range, however the + // excluded 192.168.5.0/255.255.255.0 takes priority. + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 5, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range as well as the + // permitted 192.168.5.32/255.255.255.224 range, however the excluded + // 192.168.5.0/255.255.255.0 still takes priority. + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 5, 33))); + + // Not in any permitted range. (Just outside the + // 192.167.5.32/255.255.255.224 range.) + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 167, 5, 31))); + + // Within the permitted 192.167.5.32/255.255.255.224 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 167, 5, 32))); + + // Within the permitted 192.167.5.32/255.255.255.224 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 167, 5, 63))); + + // Not in any permitted range. (Just outside the + // 192.167.5.32/255.255.255.224 range.) + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 167, 5, 64))); + + // Not in any permitted range, and also inside the extraneous excluded + // 192.166.5.32/255.255.255.224 range. + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 166, 5, 32))); + + // IPv6 tests: + + // Not in any permitted range. + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 0, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range, however + // the excluded + // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes + // priority. + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range as well + // as the permitted + // 102:304:506:708:90a:b0c:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0, + // however the excluded + // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes + // priority. + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 33, 0, 1))); + + // Not in any permitted range. (Just outside the + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 + // range.) + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 31, 255, 255))); + + // Within the permitted + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 32, 0, 0))); + + // Within the permitted + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 63, 255, 255))); + + // Not in any permitted range. (Just outside the + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 + // range.) + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 64, 0, 0))); + + // Not in any permitted range, and also inside the extraneous excluded + // 102:304:506:708:90a:b0a:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 10, 5, 33, 0, 1))); + + EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-dnsname.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-directoryname.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-excluded-ipaddress.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, IPAdressesExcludeOnly) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-excluded.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // Only 192.168.5.0/255.255.255.0 is excluded, and since permitted is empty, + // any iPAddress outside that is allowed. + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 0, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 5, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); +} + +TEST_P(ParseNameConstraints, IPAdressesExcludeAll) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-excludeall.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + // 192.168.0.0/255.255.0.0 and + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: are permitted, + // but since 0.0.0.0/0 and ::/0 are excluded nothing is permitted. + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 0, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(1, 1, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP( + fillins::IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); +} + +TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_singlehost.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress::IPv4AllZeros())); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 2))); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 3))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 4))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(255, 255, 255, 255))); +} + +TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_prefix31.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress::IPv4AllZeros())); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 2))); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 3))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 4))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 5))); + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress(255, 255, 255, 255))); +} + +TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_prefix1.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_FALSE(name_constraints->IsPermittedIP(fillins::IPAddress::IPv4AllZeros())); + EXPECT_FALSE( + name_constraints->IsPermittedIP(fillins::IPAddress(0x7F, 0xFF, 0xFF, 0xFF))); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(0x80, 0, 0, 0))); + EXPECT_TRUE( + name_constraints->IsPermittedIP(fillins::IPAddress(0xFF, 0xFF, 0xFF, 0xFF))); +} + +TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_all.pem", &a)); + + CertErrors errors; + std::unique_ptr name_constraints( + NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress::IPv4AllZeros())); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(192, 168, 1, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP(fillins::IPAddress(255, 255, 255, 255))); +} + +TEST_P(ParseNameConstraints, IPAdressesFailOnInvalidAddr) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint("ipaddress-invalid_addr.pem", &a)); + + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, IPAdressesFailOnInvalidMaskNotContiguous) { + std::string a; + ASSERT_TRUE(LoadTestNameConstraint( + "ipaddress-invalid_mask_not_contiguous_1.pem", &a)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + + ASSERT_TRUE(LoadTestNameConstraint( + "ipaddress-invalid_mask_not_contiguous_2.pem", &a)); + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + + ASSERT_TRUE(LoadTestNameConstraint( + "ipaddress-invalid_mask_not_contiguous_3.pem", &a)); + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); + + ASSERT_TRUE(LoadTestNameConstraint( + "ipaddress-invalid_mask_not_contiguous_4.pem", &a)); + EXPECT_FALSE(NameConstraints::Create(der::Input(&a), is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, OtherNamesInPermitted) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("othername-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_OTHER_NAME, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-othername.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, OtherNamesInExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("othername-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_OTHER_NAME, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-othername.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NamesInPermitted) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("rfc822name-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-quoted.pem", &san, &san_der)); + // `"foo"@example.com` and `foo@example.com` are the same address, but we + // don't support quoted address at all. + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-ipv4.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-multiple.pem", &san, &san_der)); + // SAN contains multiple email addresses, only the first matches the + // permitted constraint. + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NamesInExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("rfc822name-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + // Excluded names are matched case-sensitive in the local-part for addresses + // from subjectAlternativeName, so this is allowed. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-ipv4.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameHostnameInPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-hostname.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-empty-localpart.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-quoted.pem", &san, &san_der)); + // `"foo"@example.com` would match `example.com` hostname, but we don't + // support quoted address at all. + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-multiple.pem", &san, &san_der)); + // SAN contains multiple email addresses, all match the permitted hostname. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameHostnameInExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-excluded-hostname.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-empty-localpart.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameHostnameWithAtInPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-hostnamewithat.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-empty-localpart.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameHostnameWithAtInExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-excluded-hostnamewithat.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-empty-localpart.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-domaincase.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-localpartcase.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-no-at.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-two-ats.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameSubdomainInPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-subdomains.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomaincase.pem", &san, + &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomain-no-at.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomain-two-ats.pem", + &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameSubdomainInExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-excluded-subdomains.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomaincase.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomain-no-at.pem", &san, + &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name-subdomain-two-ats.pem", + &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameEmptyPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-empty.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-empty.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameEmptyExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-excluded-empty.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-empty.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameIPv4Permitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-ipv4.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-empty.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-ipv4.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, Rfc822NameIPv4Excluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("rfc822name-excluded-ipv4.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + EXPECT_EQ(GENERAL_NAME_RFC822_NAME, + name_constraints->constrained_name_types()); + + std::string san_der; + std::unique_ptr san; + + ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-empty.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); + + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-ipv4.pem", &san, &san_der)); + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, QuotedRfc822SanWithNoRfc822Constraints) { + // Load an unrelated (non-rfc822) constraint. + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("othername-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-quoted.pem", &san, &san_der)); + // A rfc822 in SAN with quotes should be allowed since we only try to parse + // the name if we are enforcing a constraint against it. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, QuotedRfc822SanMatchesQuotedPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-quoted.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-quoted.pem", &san, &san_der)); + // Both SAN and constraint are `"foo"@example.com`, but we don't support + // quoted address at all. + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, UnquotedRfc822SanNotMatchingQuotedExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-excluded-quoted.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE( + LoadTestSubjectAltName("san-rfc822name-subdomain.pem", &san, &san_der)); + // The name `foo@subdomain.example.com` should be allowed since it doesn't + // match an exclude of `"foo"@example.com`, but we don't support quoted + // address at all so this is not allowed. + EXPECT_FALSE( + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, X400AddresssInPermitted) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("x400address-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_X400_ADDRESS, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-x400address.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, X400AddresssInExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("x400address-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_X400_ADDRESS, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-x400address.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, EdiPartyNamesInPermitted) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("edipartyname-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_EDI_PARTY_NAME, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-edipartyname.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, EdiPartyNamesInExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("edipartyname-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_EDI_PARTY_NAME, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-edipartyname.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, URIsInPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("uri-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-uri.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, URIsInExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("uri-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-uri.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, RegisteredIDsInPermitted) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("registeredid-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_REGISTERED_ID, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-registeredid.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, RegisteredIDsInExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("registeredid-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + if (is_critical()) { + EXPECT_EQ(GENERAL_NAME_REGISTERED_ID, + name_constraints->constrained_name_types()); + } else { + EXPECT_EQ(0, name_constraints->constrained_name_types()); + } + + std::string san_der; + std::unique_ptr san; + ASSERT_TRUE(LoadTestSubjectAltName("san-registeredid.pem", &san, &san_der)); + EXPECT_EQ(!is_critical(), + IsPermittedCert(name_constraints.get(), der::Input(), san.get())); +} + +TEST_P(ParseNameConstraints, + failsOnGeneralSubtreeWithMinimumZeroEncodedUnnecessarily) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("dnsname-with_min_0.pem", &constraints_der)); + // The value should not be in the DER encoding if it is the default. But this + // could be changed to allowed if there are buggy encoders out there that + // include it anyway. + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMinimum) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("dnsname-with_min_1.pem", &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, + failsOnGeneralSubtreeWithMinimumZeroEncodedUnnecessarilyAndMaximum) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-with_min_0_and_max.pem", + &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMinimumAndMaximum) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-with_min_1_and_max.pem", + &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMaximum) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("dnsname-with_max.pem", &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnEmptyExtensionValue) { + std::string constraints_der = ""; + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnNoPermittedAndExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("invalid-no_subtrees.pem", &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnEmptyPermitted) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("invalid-empty_permitted_subtree.pem", + &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, FailsOnEmptyExcluded) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("invalid-empty_excluded_subtree.pem", + &constraints_der)); + CertErrors errors; + EXPECT_FALSE(NameConstraints::Create(der::Input(&constraints_der), + is_critical(), &errors)); +} + +TEST_P(ParseNameConstraints, + IsPermittedCertSubjectEmailAddressNoEmailConstraint) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("directoryname.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name; + ASSERT_TRUE(LoadTestName("name-us-arizona-email.pem", &name)); + // Name constraints don't contain rfc822Name, so emailAddress in subject is + // allowed regardless. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + ASSERT_TRUE(LoadTestName("name-us-arizona-email-invalidstring.pem", &name)); + // Name constraints don't contain rfc822Name, so emailAddress in subject is + // allowed regardless. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); +} + +TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsOk) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("rfc822name-permitted-hostname.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name; + ASSERT_TRUE(LoadTestName("name-us-arizona-email.pem", &name)); + + // Name constraints contain rfc822Name, and the address matches the + // constraint (which is all addresses on the hostname.) + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + ASSERT_TRUE(LoadTestName("name-us-arizona-email-invalidstring.pem", &name)); + // The bytes of the name string match, but the string type is VISIBLESTRING + // which is not supported, so this should fail. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + ASSERT_TRUE(LoadTestName("name-us-arizona-email-multiple.pem", &name)); + // Subject contains multiple rfc822Names, and they all match the constraint + // (which is all addresses on the hostname.) + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); +} + +TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsNotOk) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("rfc822name-permitted.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name; + ASSERT_TRUE(LoadTestName("name-us-arizona-email.pem", &name)); + + // Name constraints contain rfc822Name, and the address does not match the + // constraint. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + // Address is a case-insensitive match, but name constraints (permitted) are + // case-sensitive, so this fails. + ASSERT_TRUE(LoadTestName("name-us-arizona-email-localpartcase.pem", &name)); + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + ASSERT_TRUE(LoadTestName("name-us-arizona-email-multiple.pem", &name)); + // Subject contains multiple rfc822Names, and only the first one matches the + // constraint. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); +} + +TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressExcluded) { + std::string constraints_der; + ASSERT_TRUE( + LoadTestNameConstraint("rfc822name-excluded.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name; + ASSERT_TRUE(LoadTestName("name-us-arizona-email.pem", &name)); + + // Name constraints contain excluded rfc822Name, and the address does not + // match the constraint. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + // Name constraints for excluded are done case-insensitive in the local part, + // so this is not allowed. + ASSERT_TRUE(LoadTestName("name-us-arizona-email-localpartcase.pem", &name)); + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); + + ASSERT_TRUE(LoadTestName("name-us-arizona-email-multiple.pem", &name)); + // Subject contains multiple rfc822Names, and one of them is excluded by the + // constraint. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name), + /*subject_alt_names=*/nullptr)); +} + +// Hostname in commonName is not allowed (crbug.com/308330), so these are tests +// are not particularly interesting, just verifying that the commonName is +// ignored for dNSName constraints. +TEST_P(ParseNameConstraints, IsPermittedCertSubjectDnsNames) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint("directoryname_and_dnsname.pem", + &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name_us_az_foocom; + ASSERT_TRUE(LoadTestName("name-us-arizona-foo.com.pem", &name_us_az_foocom)); + // The subject is within permitted directoryName constraints, so permitted. + // (The commonName hostname is not within permitted dNSName constraints, so + // this would not be permitted if hostnames in commonName were checked.) + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_az_foocom), + nullptr /* subject_alt_names */)); + + std::string name_us_az_permitted; + ASSERT_TRUE(LoadTestName("name-us-arizona-permitted.example.com.pem", + &name_us_az_permitted)); + // The subject is in permitted directoryName and the commonName is within + // permitted dNSName constraints, so this should be permitted regardless if + // hostnames in commonName are checked or not. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_az_permitted), + nullptr /* subject_alt_names */)); + + std::string name_us_ca_permitted; + ASSERT_TRUE(LoadTestName("name-us-california-permitted.example.com.pem", + &name_us_ca_permitted)); + // The subject is within the excluded C=US,ST=California directoryName, so + // this should not be allowed, regardless of checking the + // permitted.example.com in commonName. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_ca_permitted), + nullptr /* subject_alt_names */)); +} + +// IP addresses in commonName are not allowed (crbug.com/308330), so these are +// tests are not particularly interesting, just verifying that the commonName is +// ignored for iPAddress constraints. +TEST_P(ParseNameConstraints, IsPermittedCertSubjectIpAddresses) { + std::string constraints_der; + ASSERT_TRUE(LoadTestNameConstraint( + "directoryname_and_dnsname_and_ipaddress.pem", &constraints_der)); + CertErrors errors; + std::unique_ptr name_constraints(NameConstraints::Create( + der::Input(&constraints_der), is_critical(), &errors)); + ASSERT_TRUE(name_constraints); + + std::string name_us_az_1_1_1_1; + ASSERT_TRUE(LoadTestName("name-us-arizona-1.1.1.1.pem", &name_us_az_1_1_1_1)); + // The subject is within permitted directoryName constraints, so permitted. + // (The commonName IP address is not within permitted iPAddresses constraints, + // so this would not be permitted if IP addresses in commonName were checked.) + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_az_1_1_1_1), + nullptr /* subject_alt_names */)); + + std::string name_us_az_192_168_1_1; + ASSERT_TRUE( + LoadTestName("name-us-arizona-192.168.1.1.pem", &name_us_az_192_168_1_1)); + // The subject is in permitted directoryName and the commonName is within + // permitted iPAddress constraints, so this should be permitted regardless if + // IP addresses in commonName are checked or not. + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_az_192_168_1_1), + nullptr /* subject_alt_names */)); + + std::string name_us_ca_192_168_1_1; + ASSERT_TRUE(LoadTestName("name-us-california-192.168.1.1.pem", + &name_us_ca_192_168_1_1)); + // The subject is within the excluded C=US,ST=California directoryName, so + // this should not be allowed, regardless of checking the + // IP address in commonName. + EXPECT_FALSE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_ca_192_168_1_1), + nullptr /* subject_alt_names */)); + + std::string name_us_az_ipv6; + ASSERT_TRUE(LoadTestName("name-us-arizona-ipv6.pem", &name_us_az_ipv6)); + // The subject is within permitted directoryName constraints, so permitted. + // (The commonName is an ipv6 address which wasn't supported in the past, but + // since commonName checking is ignored entirely, this is permitted.) + EXPECT_TRUE(IsPermittedCert(name_constraints.get(), + SequenceValueFromString(&name_us_az_ipv6), + nullptr /* subject_alt_names */)); +} + +} // namespace net diff --git a/pki/nist_pkits_unittest.cc b/pki/nist_pkits_unittest.cc new file mode 100644 index 0000000000..d062de8f90 --- /dev/null +++ b/pki/nist_pkits_unittest.cc @@ -0,0 +1,100 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "nist_pkits_unittest.h" + +#include "certificate_policies.h" + +#include + +namespace bssl { + +namespace { + +// 2.16.840.1.101.3.2.1.48.1 +const uint8_t kTestPolicy1[] = {0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x02, 0x01, 0x30, 0x01}; + +// 2.16.840.1.101.3.2.1.48.2 +const uint8_t kTestPolicy2[] = {0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x02, 0x01, 0x30, 0x02}; + +// 2.16.840.1.101.3.2.1.48.3 +const uint8_t kTestPolicy3[] = {0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x02, 0x01, 0x30, 0x03}; + +// 2.16.840.1.101.3.2.1.48.6 +const uint8_t kTestPolicy6[] = {0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x02, 0x01, 0x30, 0x06}; + +void SetPolicySetFromString(const char* const policy_names, + std::set* out) { + out->clear(); + std::istringstream stream(policy_names); + for (std::string line; std::getline(stream, line, ',');) { + size_t start = line.find_first_not_of(" \n\t\r\f\v"); + if (start == std::string::npos) { + continue; + } + size_t end = line.find_last_not_of(" \n\t\r\f\v"); + if (end == std::string::npos) { + continue; + } + std::string policy_name = line.substr(start, end + 1); + if (policy_name.empty()) { + continue; + } + + if (policy_name == "anyPolicy") { + out->insert(der::Input(kAnyPolicyOid)); + } else if (policy_name == "NIST-test-policy-1") { + out->insert(der::Input(kTestPolicy1)); + } else if (policy_name == "NIST-test-policy-2") { + out->insert(der::Input(kTestPolicy2)); + } else if (policy_name == "NIST-test-policy-3") { + out->insert(der::Input(kTestPolicy3)); + } else if (policy_name == "NIST-test-policy-6") { + out->insert(der::Input(kTestPolicy6)); + } else { + ADD_FAILURE() << "Unknown policy name: " << policy_name; + } + } +} + +} // namespace + +PkitsTestInfo::PkitsTestInfo() { + SetInitialPolicySet("anyPolicy"); + SetUserConstrainedPolicySet("NIST-test-policy-1"); +} + +PkitsTestInfo::PkitsTestInfo(const PkitsTestInfo& other) = default; + +PkitsTestInfo::~PkitsTestInfo() = default; + +void PkitsTestInfo::SetInitialExplicitPolicy(bool b) { + initial_explicit_policy = + b ? InitialExplicitPolicy::kTrue : InitialExplicitPolicy::kFalse; +} + +void PkitsTestInfo::SetInitialPolicyMappingInhibit(bool b) { + initial_policy_mapping_inhibit = b ? InitialPolicyMappingInhibit::kTrue + : InitialPolicyMappingInhibit::kFalse; +} + +void PkitsTestInfo::SetInitialInhibitAnyPolicy(bool b) { + initial_inhibit_any_policy = + b ? InitialAnyPolicyInhibit::kTrue : InitialAnyPolicyInhibit::kFalse; +} + +void PkitsTestInfo::SetInitialPolicySet(const char* const policy_names) { + SetPolicySetFromString(policy_names, &initial_policy_set); +} + +void PkitsTestInfo::SetUserConstrainedPolicySet( + const char* const policy_names) { + SetPolicySetFromString(policy_names, &user_constrained_policy_set); +} + +} // namespace net diff --git a/pki/nist_pkits_unittest.h b/pki/nist_pkits_unittest.h new file mode 100644 index 0000000000..c6b91d62aa --- /dev/null +++ b/pki/nist_pkits_unittest.h @@ -0,0 +1,149 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_NIST_PKITS_UNITTEST_H_ +#define BSSL_PKI_NIST_PKITS_UNITTEST_H_ + +#include + +#include "test_helpers.h" +#include "parse_values.h" +#include + +namespace bssl { + +// Describes the inputs and outputs (other than the certificates) for +// the PKITS tests. +struct PkitsTestInfo { + // Default construction results in the "default settings". + PkitsTestInfo(); + PkitsTestInfo(const PkitsTestInfo& other); + ~PkitsTestInfo(); + + // Sets |initial_policy_set| to the specified policies. The + // policies are described as comma-separated symbolic strings like + // "anyPolicy" and "NIST-test-policy-1". + // + // If this isn't called, the default is "anyPolicy". + void SetInitialPolicySet(const char* const policy_names); + + // Sets |user_constrained_policy_set| to the specified policies. The + // policies are described as comma-separated symbolic strings like + // "anyPolicy" and "NIST-test-policy-1". + // + // If this isn't called, the default is "NIST-test-policy-1". + void SetUserConstrainedPolicySet(const char* const policy_names); + + void SetInitialExplicitPolicy(bool b); + void SetInitialPolicyMappingInhibit(bool b); + void SetInitialInhibitAnyPolicy(bool b); + + // ---------------- + // Info + // ---------------- + + // The PKITS test number. For example, "4.1.1". + const char* test_number = nullptr; + + // ---------------- + // Inputs + // ---------------- + + // A set of policy OIDs to use for "initial-policy-set". + std::set initial_policy_set; + + // The value of "initial-explicit-policy". + InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; + + // The value of "initial-policy-mapping-inhibit". + InitialPolicyMappingInhibit initial_policy_mapping_inhibit = + InitialPolicyMappingInhibit::kFalse; + + // The value of "initial-inhibit-any-policy". + InitialAnyPolicyInhibit initial_inhibit_any_policy = + InitialAnyPolicyInhibit::kFalse; + + // This is the time when PKITS was published. + der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; + + // ---------------- + // Expected outputs + // ---------------- + + // Whether path validation should succeed. + bool should_validate = false; + + std::set user_constrained_policy_set; +}; + +// Parameterized test class for PKITS tests. +// The instantiating code should define a PkitsTestDelegate with an appropriate +// static RunTest method, and then INSTANTIATE_TYPED_TEST_SUITE_P for each +// testcase (each TYPED_TEST_SUITE_P in pkits_testcases-inl.h). +template +class PkitsTest : public ::testing::Test { + public: + template + void RunTest(const char* const (&cert_names)[num_certs], + const char* const (&crl_names)[num_crls], + const PkitsTestInfo& info) { + std::vector cert_ders; + for (const std::string s : cert_names) { + cert_ders.push_back(ReadTestFileToString( + "testdata/nist-pkits/certs/" + s + ".crt")); + } + std::vector crl_ders; + for (const std::string s : crl_names) { + crl_ders.push_back(ReadTestFileToString( + "testdata/nist-pkits/crls/" + s + ".crl")); + } + + std::string_view test_number = info.test_number; + + // Some of the PKITS tests are intentionally given different expectations + // from PKITS.pdf. + // + // Empty user_constrained_policy_set due to short-circuit on invalid + // signatures: + // + // 4.1.2 - Invalid CA Signature Test2 + // 4.1.3 - Invalid EE Signature Test3 + // 4.1.6 - Invalid DSA Signature Test6 + // + // Expected to fail because DSA signatures are not supported: + // + // 4.1.4 - Valid DSA Signatures Test4 + // 4.1.5 - Valid DSA Parameter Inheritance Test5 + // + // Expected to fail because Name constraints on + // uniformResourceIdentifiers are not supported: + // + // 4.13.34 - Valid URI nameConstraints Test34 + // 4.13.36 - Valid URI nameConstraints Test36 + if (test_number == "4.1.2" || test_number == "4.1.3" || + test_number == "4.1.6") { + PkitsTestInfo modified_info = info; + modified_info.user_constrained_policy_set = {}; + PkitsTestDelegate::RunTest(cert_ders, crl_ders, modified_info); + } else if (test_number == "4.1.4" || test_number == "4.1.5") { + PkitsTestInfo modified_info = info; + modified_info.user_constrained_policy_set = {}; + modified_info.should_validate = false; + PkitsTestDelegate::RunTest(cert_ders, crl_ders, modified_info); + } else if (test_number == "4.13.34" || test_number == "4.13.36") { + PkitsTestInfo modified_info = info; + modified_info.should_validate = false; + PkitsTestDelegate::RunTest(cert_ders, crl_ders, modified_info); + } else { + PkitsTestDelegate::RunTest(cert_ders, crl_ders, info); + } + } +}; + +// Inline the generated test code: +#include "testdata/nist-pkits/pkits_testcases-inl.h" + +} // namespace net + +#endif // BSSL_PKI_NIST_PKITS_UNITTEST_H_ diff --git a/pki/ocsp.cc b/pki/ocsp.cc new file mode 100644 index 0000000000..f02b27440c --- /dev/null +++ b/pki/ocsp.cc @@ -0,0 +1,1050 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "webutil/url/url.h" +#include "ocsp.h" + +#include "asn1_util.h" +#include "cert_errors.h" +#include "extended_key_usage.h" +#include "parsed_certificate.h" +#include "revocation_util.h" +#include "string_util.h" +#include "verify_name_match.h" +#include "verify_signed_data.h" +#include "fillins/x509_util.h" +#include +#include +#include +#include +#include "webutil/url/url.h" + +namespace bssl { + +OCSPCertID::OCSPCertID() = default; +OCSPCertID::~OCSPCertID() = default; + +OCSPSingleResponse::OCSPSingleResponse() = default; +OCSPSingleResponse::~OCSPSingleResponse() = default; + +OCSPResponseData::OCSPResponseData() = default; +OCSPResponseData::~OCSPResponseData() = default; + +OCSPResponse::OCSPResponse() = default; +OCSPResponse::~OCSPResponse() = default; + +// CertID ::= SEQUENCE { +// hashAlgorithm AlgorithmIdentifier, +// issuerNameHash OCTET STRING, -- Hash of issuer's DN +// issuerKeyHash OCTET STRING, -- Hash of issuer's public key +// serialNumber CertificateSerialNumber +// } +bool ParseOCSPCertID(const der::Input& raw_tlv, OCSPCertID* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input sigalg_tlv; + if (!parser.ReadRawTLV(&sigalg_tlv)) + return false; + if (!ParseHashAlgorithm(sigalg_tlv, &(out->hash_algorithm))) + return false; + if (!parser.ReadTag(der::kOctetString, &(out->issuer_name_hash))) + return false; + if (!parser.ReadTag(der::kOctetString, &(out->issuer_key_hash))) + return false; + if (!parser.ReadTag(der::kInteger, &(out->serial_number))) + return false; + CertErrors errors; + if (!VerifySerialNumber(out->serial_number, false /*warnings_only*/, &errors)) + return false; + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract an OCSP RevokedInfo (RFC 6960) and stores the +// result in the OCSPCertStatus |out|. Returns whether the parsing was +// successful. +// +// RevokedInfo ::= SEQUENCE { +// revocationTime GeneralizedTime, +// revocationReason [0] EXPLICIT CRLReason OPTIONAL +// } +bool ParseRevokedInfo(const der::Input& raw_tlv, OCSPCertStatus* out) { + der::Parser parser(raw_tlv); + if (!parser.ReadGeneralizedTime(&(out->revocation_time))) + return false; + + der::Input reason_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &reason_input, + &(out->has_reason))) { + return false; + } + if (out->has_reason) { + der::Parser reason_parser(reason_input); + der::Input reason_value_input; + uint8_t reason_value; + if (!reason_parser.ReadTag(der::kEnumerated, &reason_value_input)) + return false; + if (!der::ParseUint8(reason_value_input, &reason_value)) + return false; + if (reason_value > + static_cast(OCSPCertStatus::RevocationReason::LAST)) { + return false; + } + out->revocation_reason = + static_cast(reason_value); + if (out->revocation_reason == OCSPCertStatus::RevocationReason::UNUSED) + return false; + if (reason_parser.HasMore()) + return false; + } + return !parser.HasMore(); +} + +// Parses |raw_tlv| to extract an OCSP CertStatus (RFC 6960) and stores the +// result in the OCSPCertStatus |out|. Returns whether the parsing was +// successful. +// +// CertStatus ::= CHOICE { +// good [0] IMPLICIT NULL, +// revoked [1] IMPLICIT RevokedInfo, +// unknown [2] IMPLICIT UnknownInfo +// } +// +// UnknownInfo ::= NULL +bool ParseCertStatus(const der::Input& raw_tlv, OCSPCertStatus* out) { + der::Parser parser(raw_tlv); + der::Tag status_tag; + der::Input status; + if (!parser.ReadTagAndValue(&status_tag, &status)) + return false; + + out->has_reason = false; + if (status_tag == der::ContextSpecificPrimitive(0)) { + out->status = OCSPRevocationStatus::GOOD; + } else if (status_tag == der::ContextSpecificConstructed(1)) { + out->status = OCSPRevocationStatus::REVOKED; + if (!ParseRevokedInfo(status, out)) + return false; + } else if (status_tag == der::ContextSpecificPrimitive(2)) { + out->status = OCSPRevocationStatus::UNKNOWN; + } else { + return false; + } + + return !parser.HasMore(); +} + +// Writes the hash of |value| as an OCTET STRING to |cbb|, using |hash_type| as +// the algorithm. Returns true on success. +bool AppendHashAsOctetString(const EVP_MD* hash_type, + CBB* cbb, + const der::Input& value) { + CBB octet_string; + unsigned hash_len; + uint8_t hash_buffer[EVP_MAX_MD_SIZE]; + + return CBB_add_asn1(cbb, &octet_string, CBS_ASN1_OCTETSTRING) && + EVP_Digest(value.UnsafeData(), value.Length(), hash_buffer, &hash_len, + hash_type, nullptr) && + CBB_add_bytes(&octet_string, hash_buffer, hash_len) && CBB_flush(cbb); +} + +} // namespace + +// SingleResponse ::= SEQUENCE { +// certID CertID, +// certStatus CertStatus, +// thisUpdate GeneralizedTime, +// nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, +// singleExtensions [1] EXPLICIT Extensions OPTIONAL +// } +bool ParseOCSPSingleResponse(const der::Input& raw_tlv, + OCSPSingleResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + if (!parser.ReadRawTLV(&(out->cert_id_tlv))) + return false; + der::Input status_tlv; + if (!parser.ReadRawTLV(&status_tlv)) + return false; + if (!ParseCertStatus(status_tlv, &(out->cert_status))) + return false; + if (!parser.ReadGeneralizedTime(&(out->this_update))) + return false; + + der::Input next_update_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &next_update_input, &(out->has_next_update))) { + return false; + } + if (out->has_next_update) { + der::Parser next_update_parser(next_update_input); + if (!next_update_parser.ReadGeneralizedTime(&(out->next_update))) + return false; + if (next_update_parser.HasMore()) + return false; + } + + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(1), + &(out->extensions), &(out->has_extensions))) { + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract a ResponderID (RFC 6960) and stores the +// result in the ResponderID |out|. Returns whether the parsing was successful. +// +// ResponderID ::= CHOICE { +// byName [1] Name, +// byKey [2] KeyHash +// } +bool ParseResponderID(const der::Input& raw_tlv, + OCSPResponseData::ResponderID* out) { + der::Parser parser(raw_tlv); + der::Tag id_tag; + der::Input id_input; + if (!parser.ReadTagAndValue(&id_tag, &id_input)) + return false; + + if (id_tag == der::ContextSpecificConstructed(1)) { + out->type = OCSPResponseData::ResponderType::NAME; + out->name = id_input; + } else if (id_tag == der::ContextSpecificConstructed(2)) { + der::Parser key_parser(id_input); + der::Input key_hash; + if (!key_parser.ReadTag(der::kOctetString, &key_hash)) + return false; + if (key_parser.HasMore()) + return false; + if (key_hash.Length() != SHA_DIGEST_LENGTH) + return false; + + out->type = OCSPResponseData::ResponderType::KEY_HASH; + out->key_hash = key_hash; + } else { + return false; + } + return !parser.HasMore(); +} + +} // namespace + +// ResponseData ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// responderID ResponderID, +// producedAt GeneralizedTime, +// responses SEQUENCE OF SingleResponse, +// responseExtensions [1] EXPLICIT Extensions OPTIONAL +// } +bool ParseOCSPResponseData(const der::Input& raw_tlv, OCSPResponseData* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input version_input; + bool version_present; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &version_input, &version_present)) { + return false; + } + + // For compatibilty, we ignore the restriction from X.690 Section 11.5 that + // DEFAULT values should be omitted for values equal to the default value. + // TODO: Add warning about non-strict parsing. + if (version_present) { + der::Parser version_parser(version_input); + if (!version_parser.ReadUint8(&(out->version))) + return false; + if (version_parser.HasMore()) + return false; + } else { + out->version = 0; + } + + if (out->version != 0) + return false; + + der::Input responder_input; + if (!parser.ReadRawTLV(&responder_input)) + return false; + if (!ParseResponderID(responder_input, &(out->responder_id))) + return false; + if (!parser.ReadGeneralizedTime(&(out->produced_at))) + return false; + + der::Parser responses_parser; + if (!parser.ReadSequence(&responses_parser)) + return false; + out->responses.clear(); + while (responses_parser.HasMore()) { + der::Input single_response; + if (!responses_parser.ReadRawTLV(&single_response)) + return false; + out->responses.push_back(single_response); + } + + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(1), + &(out->extensions), &(out->has_extensions))) { + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract a BasicOCSPResponse (RFC 6960) and stores the +// result in the OCSPResponse |out|. Returns whether the parsing was +// successful. +// +// BasicOCSPResponse ::= SEQUENCE { +// tbsResponseData ResponseData, +// signatureAlgorithm AlgorithmIdentifier, +// signature BIT STRING, +// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL +// } +bool ParseBasicOCSPResponse(const der::Input& raw_tlv, OCSPResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + if (!parser.ReadRawTLV(&(out->data))) + return false; + der::Input sigalg_tlv; + if (!parser.ReadRawTLV(&sigalg_tlv)) + return false; + // TODO(crbug.com/634443): Propagate the errors. + std::optional sigalg = + ParseSignatureAlgorithm(sigalg_tlv); + if (!sigalg) + return false; + out->signature_algorithm = sigalg.value(); + std::optional signature = parser.ReadBitString(); + if (!signature) + return false; + out->signature = signature.value(); + der::Input certs_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &certs_input, + &(out->has_certs))) { + return false; + } + + out->certs.clear(); + if (out->has_certs) { + der::Parser certs_seq_parser(certs_input); + der::Parser certs_parser; + if (!certs_seq_parser.ReadSequence(&certs_parser)) + return false; + if (certs_seq_parser.HasMore()) + return false; + while (certs_parser.HasMore()) { + der::Input cert_tlv; + if (!certs_parser.ReadRawTLV(&cert_tlv)) + return false; + out->certs.push_back(cert_tlv); + } + } + + return !parser.HasMore(); +} + +} // namespace + +// OCSPResponse ::= SEQUENCE { +// responseStatus OCSPResponseStatus, +// responseBytes [0] EXPLICIT ResponseBytes OPTIONAL +// } +// +// ResponseBytes ::= SEQUENCE { +// responseType OBJECT IDENTIFIER, +// response OCTET STRING +// } +bool ParseOCSPResponse(const der::Input& raw_tlv, OCSPResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input response_status_input; + uint8_t response_status; + if (!parser.ReadTag(der::kEnumerated, &response_status_input)) + return false; + if (!der::ParseUint8(response_status_input, &response_status)) + return false; + if (response_status > + static_cast(OCSPResponse::ResponseStatus::LAST)) { + return false; + } + out->status = static_cast(response_status); + if (out->status == OCSPResponse::ResponseStatus::UNUSED) + return false; + + if (out->status == OCSPResponse::ResponseStatus::SUCCESSFUL) { + der::Parser outer_bytes_parser; + der::Parser bytes_parser; + if (!parser.ReadConstructed(der::ContextSpecificConstructed(0), + &outer_bytes_parser)) { + return false; + } + if (!outer_bytes_parser.ReadSequence(&bytes_parser)) + return false; + if (outer_bytes_parser.HasMore()) + return false; + + der::Input type_oid; + if (!bytes_parser.ReadTag(der::kOid, &type_oid)) + return false; + if (type_oid != der::Input(kBasicOCSPResponseOid)) + return false; + + // As per RFC 6960 Section 4.2.1, the value of |response| SHALL be the DER + // encoding of BasicOCSPResponse. + der::Input response; + if (!bytes_parser.ReadTag(der::kOctetString, &response)) + return false; + if (!ParseBasicOCSPResponse(response, out)) + return false; + if (bytes_parser.HasMore()) + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Checks that the |type| hash of |value| is equal to |hash| +bool VerifyHash(const EVP_MD* type, + const der::Input& hash, + const der::Input& value) { + unsigned value_hash_len; + uint8_t value_hash[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(value.UnsafeData(), value.Length(), value_hash, + &value_hash_len, type, nullptr)) { + return false; + } + + return hash == der::Input(value_hash, value_hash_len); +} + +// Extracts the bytes of the SubjectPublicKey bit string given an SPKI. That is +// to say, the value of subjectPublicKey without the leading unused bit +// count octet. +// +// Returns true on success and fills |*spk_tlv| with the result. +// +// From RFC 5280, Section 4.1 +// SubjectPublicKeyInfo ::= SEQUENCE { +// algorithm AlgorithmIdentifier, +// subjectPublicKey BIT STRING } +// +// AlgorithmIdentifier ::= SEQUENCE { +// algorithm OBJECT IDENTIFIER, +// parameters ANY DEFINED BY algorithm OPTIONAL } +// +bool GetSubjectPublicKeyBytes(const der::Input& spki_tlv, der::Input* spk_tlv) { + CBS outer, inner, alg, spk; + uint8_t unused_bit_count; + CBS_init(&outer, spki_tlv.UnsafeData(), spki_tlv.Length()); + // The subjectPublicKey field includes the unused bit count. For this + // application, the unused bit count must be zero, and is not included in + // the result. We extract the subjectPubicKey bit string, verify the first + // byte is 0, and if so set |spk_tlv| to the remaining bytes. + if (!CBS_get_asn1(&outer, &inner, CBS_ASN1_SEQUENCE) || + !CBS_get_asn1(&inner, &alg, CBS_ASN1_SEQUENCE) || + !CBS_get_asn1(&inner, &spk, CBS_ASN1_BITSTRING) || + !CBS_get_u8(&spk, &unused_bit_count) || unused_bit_count != 0) { + return false; + } + *spk_tlv = der::Input(CBS_data(&spk), CBS_len(&spk)); + return true; +} + +// Checks the OCSPCertID |id| identifies |certificate|. +bool CheckCertIDMatchesCertificate( + const OCSPCertID& id, + const ParsedCertificate* certificate, + const ParsedCertificate* issuer_certificate) { + const EVP_MD* type = nullptr; + switch (id.hash_algorithm) { + case DigestAlgorithm::Md2: + case DigestAlgorithm::Md4: + case DigestAlgorithm::Md5: + // Unsupported. + return false; + case DigestAlgorithm::Sha1: + type = EVP_sha1(); + break; + case DigestAlgorithm::Sha256: + type = EVP_sha256(); + break; + case DigestAlgorithm::Sha384: + type = EVP_sha384(); + break; + case DigestAlgorithm::Sha512: + type = EVP_sha512(); + break; + } + + if (!VerifyHash(type, id.issuer_name_hash, certificate->tbs().issuer_tlv)) + return false; + + der::Input key_tlv; + if (!GetSubjectPublicKeyBytes(issuer_certificate->tbs().spki_tlv, &key_tlv)) + return false; + + if (!VerifyHash(type, id.issuer_key_hash, key_tlv)) + return false; + + return id.serial_number == certificate->tbs().serial_number; +} + +// TODO(eroman): Revisit how certificate parsing is used by this file. Ideally +// would either pass in the parsed bits, or have a better abstraction for lazily +// parsing. +std::shared_ptr OCSPParseCertificate( + std::string_view der) { + ParseCertificateOptions parse_options; + parse_options.allow_invalid_serial_numbers = true; + + // TODO(eroman): Swallows the parsing errors. However uses a permissive + // parsing model. + CertErrors errors; + return ParsedCertificate::Create( + bssl::UniquePtr( + CRYPTO_BUFFER_new(reinterpret_cast(der.data()), + der.size(), x509_util::GetBufferPool())), + {}, &errors); +} + +// Checks that the ResponderID |id| matches the certificate |cert| either +// by verifying the name matches that of the certificate or that the hash +// matches the certificate's public key hash (RFC 6960, 4.2.2.3). +[[nodiscard]] bool CheckResponderIDMatchesCertificate( + const OCSPResponseData::ResponderID& id, + const ParsedCertificate* cert) { + switch (id.type) { + case OCSPResponseData::ResponderType::NAME: { + der::Input name_rdn; + der::Input cert_rdn; + if (!der::Parser(id.name).ReadTag(der::kSequence, &name_rdn) || + !der::Parser(cert->tbs().subject_tlv) + .ReadTag(der::kSequence, &cert_rdn)) + return false; + return VerifyNameMatch(name_rdn, cert_rdn); + } + case OCSPResponseData::ResponderType::KEY_HASH: { + der::Input key; + if (!GetSubjectPublicKeyBytes(cert->tbs().spki_tlv, &key)) + return false; + return VerifyHash(EVP_sha1(), id.key_hash, key); + } + } + + return false; +} + +// Verifies that |responder_certificate| has been authority for OCSP signing, +// delegated to it by |issuer_certificate|. +// +// TODO(eroman): No revocation checks are done (see id-pkix-ocsp-nocheck in the +// spec). extension). +// +// TODO(eroman): Not all properties of the certificate are verified, only the +// signature and EKU. Can full RFC 5280 validation be used, or are there +// compatibility concerns? +[[nodiscard]] bool VerifyAuthorizedResponderCert( + const ParsedCertificate* responder_certificate, + const ParsedCertificate* issuer_certificate) { + // The Authorized Responder must be directly signed by the issuer of the + // certificate being checked. + // TODO(eroman): Must check the signature algorithm against policy. + if (!responder_certificate->signature_algorithm().has_value() || + !VerifySignedData(*responder_certificate->signature_algorithm(), + responder_certificate->tbs_certificate_tlv(), + responder_certificate->signature_value(), + issuer_certificate->tbs().spki_tlv, + /*cache=*/nullptr)) { + return false; + } + + // The Authorized Responder must include the value id-kp-OCSPSigning as + // part of the extended key usage extension. + if (!responder_certificate->has_extended_key_usage()) + return false; + + for (const auto& key_purpose_oid : + responder_certificate->extended_key_usage()) { + if (key_purpose_oid == der::Input(kOCSPSigning)) + return true; + } + return false; +} + +[[nodiscard]] bool VerifyOCSPResponseSignatureGivenCert( + const OCSPResponse& response, + const ParsedCertificate* cert) { + // TODO(eroman): Must check the signature algorithm against policy. + return VerifySignedData(response.signature_algorithm, response.data, + response.signature, cert->tbs().spki_tlv, + /*cache=*/nullptr); +} + +// Verifies that the OCSP response has a valid signature using +// |issuer_certificate|, or an authorized responder issued by +// |issuer_certificate| for OCSP signing. +[[nodiscard]] bool VerifyOCSPResponseSignature( + const OCSPResponse& response, + const OCSPResponseData& response_data, + const ParsedCertificate* issuer_certificate) { + // In order to verify the OCSP signature, a valid responder matching the OCSP + // Responder ID must be located (RFC 6960, 4.2.2.2). The responder is allowed + // to be either the certificate issuer or a delegated authority directly + // signed by the issuer. + if (CheckResponderIDMatchesCertificate(response_data.responder_id, + issuer_certificate) && + VerifyOCSPResponseSignatureGivenCert(response, issuer_certificate)) { + return true; + } + + // Otherwise search through the provided certificates for the Authorized + // Responder. Want a certificate that: + // (1) Matches the OCSP Responder ID. + // (2) Has been given authority for OCSP signing by |issuer_certificate|. + // (3) Has signed the OCSP response using its public key. + for (const auto& responder_cert_tlv : response.certs) { + std::shared_ptr cur_responder_certificate = + OCSPParseCertificate(responder_cert_tlv.AsStringView()); + + // If failed parsing the certificate, keep looking. + if (!cur_responder_certificate) + continue; + + // If the certificate doesn't match the OCSP's responder ID, keep looking. + if (!CheckResponderIDMatchesCertificate(response_data.responder_id, + cur_responder_certificate.get())) { + continue; + } + + // If the certificate isn't a valid Authorized Responder certificate, keep + // looking. + if (!VerifyAuthorizedResponderCert(cur_responder_certificate.get(), + issuer_certificate)) { + continue; + } + + // If the certificate signed this OCSP response, have found a match. + // Otherwise keep looking. + if (VerifyOCSPResponseSignatureGivenCert(response, + cur_responder_certificate.get())) { + return true; + } + } + + // Failed to confirm the validity of the OCSP signature using any of the + // candidate certificates. + return false; +} + +// Parse ResponseData and return false if any unhandled critical extensions are +// found. No known critical ResponseData extensions exist. +bool ParseOCSPResponseDataExtensions( + const der::Input& response_extensions, + OCSPVerifyResult::ResponseStatus* response_details) { + std::map extensions; + if (!ParseExtensions(response_extensions, &extensions)) { + *response_details = OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR; + return false; + } + + for (const auto& ext : extensions) { + // TODO: handle ResponseData extensions + + if (ext.second.critical) { + *response_details = OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION; + return false; + } + } + + return true; +} + +// Parse SingleResponse and return false if any unhandled critical extensions +// (other than the CT extension) are found. The CT-SCT extension is not required +// to be marked critical, but since it is handled by Chrome, we will overlook +// the flag setting. +bool ParseOCSPSingleResponseExtensions( + const der::Input& single_extensions, + OCSPVerifyResult::ResponseStatus* response_details) { + std::map extensions; + if (!ParseExtensions(single_extensions, &extensions)) { + *response_details = OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR; + return false; + } + + // The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for + // X.509v3 Certificate Transparency Signed Certificate Timestamp List, see + // Section 3.3 of RFC6962. + const uint8_t ct_ocsp_ext_oid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, + 0xD6, 0x79, 0x02, 0x04, 0x05}; + der::Input ct_ext_oid(ct_ocsp_ext_oid); + + for (const auto& ext : extensions) { + // The CT OCSP extension is handled in ct::ExtractSCTListFromOCSPResponse + if (ext.second.oid == ct_ext_oid) + continue; + + // TODO: handle SingleResponse extensions + + if (ext.second.critical) { + *response_details = OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION; + return false; + } + } + + return true; +} + +// Loops through the OCSPSingleResponses to find the best match for |cert|. +OCSPRevocationStatus GetRevocationStatusForCert( + const OCSPResponseData& response_data, + const ParsedCertificate* cert, + const ParsedCertificate* issuer_certificate, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details) { + OCSPRevocationStatus result = OCSPRevocationStatus::UNKNOWN; + *response_details = OCSPVerifyResult::NO_MATCHING_RESPONSE; + + for (const auto& single_response_der : response_data.responses) { + // In the common case, there should only be one SingleResponse in the + // ResponseData (matching the certificate requested and used on this + // connection). However, it is possible for the OCSP responder to provide + // multiple responses for multiple certificates. Look through all the + // provided SingleResponses, and check to see if any match the + // certificate. A SingleResponse matches a certificate if it has the same + // serial number, issuer name (hash), and issuer public key (hash). + OCSPSingleResponse single_response; + if (!ParseOCSPSingleResponse(single_response_der, &single_response)) + return OCSPRevocationStatus::UNKNOWN; + + // Reject unhandled critical extensions in SingleResponse + if (single_response.has_extensions && + !ParseOCSPSingleResponseExtensions(single_response.extensions, + response_details)) { + return OCSPRevocationStatus::UNKNOWN; + } + + OCSPCertID cert_id; + if (!ParseOCSPCertID(single_response.cert_id_tlv, &cert_id)) + return OCSPRevocationStatus::UNKNOWN; + if (!CheckCertIDMatchesCertificate(cert_id, cert, issuer_certificate)) + continue; + + // The SingleResponse matches the certificate, but may be out of date. Out + // of date responses are noted seperate from responses with mismatched + // serial numbers. If an OCSP responder provides both an up to date + // response and an expired response, the up to date response takes + // precedence (PROVIDED > INVALID_DATE). + if (!CheckRevocationDateValid(single_response.this_update, + single_response.has_next_update + ? &single_response.next_update + : nullptr, + verify_time_epoch_seconds, max_age_seconds)) { + if (*response_details != OCSPVerifyResult::PROVIDED) + *response_details = OCSPVerifyResult::INVALID_DATE; + continue; + } + + // In the case with multiple matching and up to date responses, keep only + // the strictest status (REVOKED > UNKNOWN > GOOD). + if (*response_details != OCSPVerifyResult::PROVIDED || + result == OCSPRevocationStatus::GOOD || + single_response.cert_status.status == OCSPRevocationStatus::REVOKED) { + result = single_response.cert_status.status; + } + *response_details = OCSPVerifyResult::PROVIDED; + } + + return result; +} + +OCSPRevocationStatus CheckOCSP( + std::string_view raw_response, + std::string_view certificate_der, + const ParsedCertificate* certificate, + std::string_view issuer_certificate_der, + const ParsedCertificate* issuer_certificate, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details) { + *response_details = OCSPVerifyResult::NOT_CHECKED; + + if (raw_response.empty()) { + *response_details = OCSPVerifyResult::MISSING; + return OCSPRevocationStatus::UNKNOWN; + } + + der::Input response_der(raw_response); + OCSPResponse response; + if (!ParseOCSPResponse(response_der, &response)) { + *response_details = OCSPVerifyResult::PARSE_RESPONSE_ERROR; + return OCSPRevocationStatus::UNKNOWN; + } + + // RFC 6960 defines all responses |response_status| != SUCCESSFUL as error + // responses. No revocation information is provided on error responses, and + // the OCSPResponseData structure is not set. + if (response.status != OCSPResponse::ResponseStatus::SUCCESSFUL) { + *response_details = OCSPVerifyResult::ERROR_RESPONSE; + return OCSPRevocationStatus::UNKNOWN; + } + + // Actual revocation information is contained within the BasicOCSPResponse as + // a ResponseData structure. The BasicOCSPResponse was parsed above, and + // contains an unparsed ResponseData. From RFC 6960: + // + // BasicOCSPResponse ::= SEQUENCE { + // tbsResponseData ResponseData, + // signatureAlgorithm AlgorithmIdentifier, + // signature BIT STRING, + // certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + // + // ResponseData ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // responderID ResponderID, + // producedAt GeneralizedTime, + // responses SEQUENCE OF SingleResponse, + // responseExtensions [1] EXPLICIT Extensions OPTIONAL } + OCSPResponseData response_data; + if (!ParseOCSPResponseData(response.data, &response_data)) { + *response_details = OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR; + return OCSPRevocationStatus::UNKNOWN; + } + + // Process the OCSP ResponseData extensions. In particular, must reject if + // there are any critical extensions that are not understood. + if (response_data.has_extensions && + !ParseOCSPResponseDataExtensions(response_data.extensions, + response_details)) { + return OCSPRevocationStatus::UNKNOWN; + } + + std::shared_ptr parsed_certificate; + std::shared_ptr parsed_issuer_certificate; + if (!certificate) { + parsed_certificate = OCSPParseCertificate(certificate_der); + certificate = parsed_certificate.get(); + } + if (!issuer_certificate) { + parsed_issuer_certificate = OCSPParseCertificate(issuer_certificate_der); + issuer_certificate = parsed_issuer_certificate.get(); + } + + if (!certificate || !issuer_certificate) { + *response_details = OCSPVerifyResult::NOT_CHECKED; + return OCSPRevocationStatus::UNKNOWN; + } + + // If producedAt is outside of the certificate validity period, reject the + // response. + if (response_data.produced_at < certificate->tbs().validity_not_before || + response_data.produced_at > certificate->tbs().validity_not_after) { + *response_details = OCSPVerifyResult::BAD_PRODUCED_AT; + return OCSPRevocationStatus::UNKNOWN; + } + + // Look through all of the OCSPSingleResponses for a match (based on CertID + // and time). + OCSPRevocationStatus status = GetRevocationStatusForCert( + response_data, certificate, issuer_certificate, verify_time_epoch_seconds, + max_age_seconds, response_details); + + // Check that the OCSP response has a valid signature. It must either be + // signed directly by the issuing certificate, or a valid authorized + // responder. + if (!VerifyOCSPResponseSignature(response, response_data, + issuer_certificate)) { + return OCSPRevocationStatus::UNKNOWN; + } + + return status; +} + +} // namespace + +OCSPRevocationStatus CheckOCSP( + std::string_view raw_response, + std::string_view certificate_der, + std::string_view issuer_certificate_der, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details) { + return CheckOCSP(raw_response, certificate_der, nullptr, + issuer_certificate_der, nullptr, verify_time_epoch_seconds, + max_age_seconds, response_details); +} + +OCSPRevocationStatus CheckOCSP( + std::string_view raw_response, + const ParsedCertificate* certificate, + const ParsedCertificate* issuer_certificate, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details) { + return CheckOCSP(raw_response, std::string_view(), certificate, + std::string_view(), issuer_certificate, + verify_time_epoch_seconds, max_age_seconds, + response_details); +} + +bool CreateOCSPRequest(const ParsedCertificate* cert, + const ParsedCertificate* issuer, + std::vector* request_der) { + request_der->clear(); + + bssl::ScopedCBB cbb; + + // This initial buffer size is big enough for 20 octet long serial numbers + // (upper bound from RFC 5280) and then a handful of extra bytes. This + // number doesn't matter for correctness. + const size_t kInitialBufferSize = 100; + + if (!CBB_init(cbb.get(), kInitialBufferSize)) + return false; + + // OCSPRequest ::= SEQUENCE { + // tbsRequest TBSRequest, + // optionalSignature [0] EXPLICIT Signature OPTIONAL } + // + // TBSRequest ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // requestorName [1] EXPLICIT GeneralName OPTIONAL, + // requestList SEQUENCE OF Request, + // requestExtensions [2] EXPLICIT Extensions OPTIONAL } + CBB ocsp_request; + if (!CBB_add_asn1(cbb.get(), &ocsp_request, CBS_ASN1_SEQUENCE)) + return false; + + CBB tbs_request; + if (!CBB_add_asn1(&ocsp_request, &tbs_request, CBS_ASN1_SEQUENCE)) + return false; + + // "version", "requestorName", and "requestExtensions" are omitted. + + CBB request_list; + if (!CBB_add_asn1(&tbs_request, &request_list, CBS_ASN1_SEQUENCE)) + return false; + + CBB request; + if (!CBB_add_asn1(&request_list, &request, CBS_ASN1_SEQUENCE)) + return false; + + // Request ::= SEQUENCE { + // reqCert CertID, + // singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + CBB req_cert; + if (!CBB_add_asn1(&request, &req_cert, CBS_ASN1_SEQUENCE)) + return false; + + // CertID ::= SEQUENCE { + // hashAlgorithm AlgorithmIdentifier, + // issuerNameHash OCTET STRING, -- Hash of issuer's DN + // issuerKeyHash OCTET STRING, -- Hash of issuer's public key + // serialNumber CertificateSerialNumber } + + // TODO(eroman): Don't use SHA1. + const EVP_MD* md = EVP_sha1(); + if (!EVP_marshal_digest_algorithm(&req_cert, md)) + return false; + + AppendHashAsOctetString(md, &req_cert, issuer->tbs().subject_tlv); + + der::Input key_tlv; + if (!GetSubjectPublicKeyBytes(issuer->tbs().spki_tlv, &key_tlv)) + return false; + AppendHashAsOctetString(md, &req_cert, key_tlv); + + CBB serial_number; + if (!CBB_add_asn1(&req_cert, &serial_number, CBS_ASN1_INTEGER)) + return false; + if (!CBB_add_bytes(&serial_number, cert->tbs().serial_number.UnsafeData(), + cert->tbs().serial_number.Length())) { + return false; + } + + uint8_t* result_bytes; + size_t result_bytes_length; + if (!CBB_finish(cbb.get(), &result_bytes, &result_bytes_length)) + return false; + bssl::UniquePtr delete_tbs_cert_bytes(result_bytes); + + request_der->assign(result_bytes, result_bytes + result_bytes_length); + return true; +} + +// From RFC 2560 section A.1.1: +// +// An OCSP request using the GET method is constructed as follows: +// +// GET {url}/{url-encoding of base-64 encoding of the DER encoding of +// the OCSPRequest} +URL CreateOCSPGetURL(const ParsedCertificate* cert, + const ParsedCertificate* issuer, + std::string_view ocsp_responder_url) { + std::vector ocsp_request_der; + if (!CreateOCSPRequest(cert, issuer, &ocsp_request_der)) { + // Unexpected (means BoringSSL failed an operation). + return URL(); + } + + // Base64 encode the request data. + size_t len; + if (!EVP_EncodedLength(&len, ocsp_request_der.size())) { + return URL(); + } + std::vector encoded(len); + len = EVP_EncodeBlock(encoded.data(), ocsp_request_der.data(), + ocsp_request_der.size()); + + std::string b64_encoded(encoded.begin(), encoded.begin() + len); + + // In theory +, /, and = are valid in paths and don't need to be escaped. + // However from the example in RFC 5019 section 5 it is clear that the intent + // is to escape non-alphanumeric characters (the example conclusively escapes + // '/' and '=', but doesn't clarify '+'). + b64_encoded = bssl::string_util::FindAndReplace(b64_encoded, "+", "%2B"); + b64_encoded = bssl::string_util::FindAndReplace(b64_encoded, "/", "%2F"); + b64_encoded = bssl::string_util::FindAndReplace(b64_encoded, "=", "%3D"); + + // No attempt is made to collapse double slashes for URLs that end in slash, + // since the spec doesn't do that. + return URL(std::string(ocsp_responder_url) + "/" + b64_encoded); +} + +} // namespace net diff --git a/pki/ocsp.h b/pki/ocsp.h new file mode 100644 index 0000000000..c5bbd89b44 --- /dev/null +++ b/pki/ocsp.h @@ -0,0 +1,324 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_OCSP_H_ +#define BSSL_PKI_OCSP_H_ + +#include "webutil/url/url.h" +#include "fillins/openssl_util.h" +#include +#include + + +#include "ocsp_revocation_status.h" +#include "ocsp_verify_result.h" +#include "parse_certificate.h" +#include "signature_algorithm.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include "tag.h" + +class URL; + +namespace bssl { + +class ParsedCertificate; + +// OCSPCertID contains a representation of a DER-encoded RFC 6960 "CertID". +// +// CertID ::= SEQUENCE { +// hashAlgorithm AlgorithmIdentifier, +// issuerNameHash OCTET STRING, -- Hash of issuer's DN +// issuerKeyHash OCTET STRING, -- Hash of issuer's public key +// serialNumber CertificateSerialNumber +// } +struct OPENSSL_EXPORT OCSPCertID { + OCSPCertID(); + ~OCSPCertID(); + + DigestAlgorithm hash_algorithm; + der::Input issuer_name_hash; + der::Input issuer_key_hash; + der::Input serial_number; +}; + +// OCSPCertStatus contains a representation of a DER-encoded RFC 6960 +// "CertStatus". |revocation_time| and |has_reason| are only valid when +// |status| is REVOKED. |revocation_reason| is only valid when |has_reason| is +// true. +// +// CertStatus ::= CHOICE { +// good [0] IMPLICIT NULL, +// revoked [1] IMPLICIT RevokedInfo, +// unknown [2] IMPLICIT UnknownInfo +// } +// +// RevokedInfo ::= SEQUENCE { +// revocationTime GeneralizedTime, +// revocationReason [0] EXPLICIT CRLReason OPTIONAL +// } +// +// UnknownInfo ::= NULL +// +// CRLReason ::= ENUMERATED { +// unspecified (0), +// keyCompromise (1), +// cACompromise (2), +// affiliationChanged (3), +// superseded (4), +// cessationOfOperation (5), +// certificateHold (6), +// -- value 7 is not used +// removeFromCRL (8), +// privilegeWithdrawn (9), +// aACompromise (10) +// } +// (from RFC 5280) +struct OCSPCertStatus { + // Correspond to the values of CRLReason + enum class RevocationReason { + UNSPECIFIED = 0, + KEY_COMPROMISE = 1, + CA_COMPROMISE = 2, + AFFILIATION_CHANGED = 3, + SUPERSEDED = 4, + CESSATION_OF_OPERATION = 5, + CERTIFICATE_HOLD = 6, + UNUSED = 7, + REMOVE_FROM_CRL = 8, + PRIVILEGE_WITHDRAWN = 9, + AA_COMPROMISE = 10, + + LAST = AA_COMPROMISE, + }; + + OCSPRevocationStatus status; + der::GeneralizedTime revocation_time; + bool has_reason; + RevocationReason revocation_reason; +}; + +// OCSPSingleResponse contains a representation of a DER-encoded RFC 6960 +// "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to +// the original object and are only valid as long as it is alive. They also +// aren't verified until they are parsed. |next_update| is only valid if +// |has_next_update| is true and |extensions| is only valid if |has_extensions| +// is true. +// +// SingleResponse ::= SEQUENCE { +// certID CertID, +// certStatus CertStatus, +// thisUpdate GeneralizedTime, +// nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, +// singleExtensions [1] EXPLICIT Extensions OPTIONAL +// } +struct OPENSSL_EXPORT OCSPSingleResponse { + OCSPSingleResponse(); + ~OCSPSingleResponse(); + + der::Input cert_id_tlv; + OCSPCertStatus cert_status; + der::GeneralizedTime this_update; + bool has_next_update; + der::GeneralizedTime next_update; + bool has_extensions; + der::Input extensions; +}; + +// OCSPResponseData contains a representation of a DER-encoded RFC 6960 +// "ResponseData". The |responses| and |extensions| fields are pointers to the +// original object and are only valid as long as it is alive. They also aren't +// verified until they are parsed into OCSPSingleResponse and ParsedExtensions. +// |extensions| is only valid if |has_extensions| is true. +// +// ResponseData ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// responderID ResponderID, +// producedAt GeneralizedTime, +// responses SEQUENCE OF SingleResponse, +// responseExtensions [1] EXPLICIT Extensions OPTIONAL +// } +struct OPENSSL_EXPORT OCSPResponseData { + enum class ResponderType { NAME, KEY_HASH }; + + struct ResponderID { + ResponderType type; + der::Input name; + der::Input key_hash; + }; + + OCSPResponseData(); + ~OCSPResponseData(); + + uint8_t version; + OCSPResponseData::ResponderID responder_id; + der::GeneralizedTime produced_at; + std::vector responses; + bool has_extensions; + der::Input extensions; +}; + +// OCSPResponse contains a representation of a DER-encoded RFC 6960 +// "OCSPResponse" and the corresponding "BasicOCSPResponse". The |data| field +// is a pointer to the original object and are only valid as long is it is +// alive. The |data| field isn't verified until it is parsed into an +// OCSPResponseData. |data|, |signature_algorithm|, |signature|, and +// |has_certs| is only valid if |status| is SUCCESSFUL. |certs| is only valid +// if |has_certs| is true. +// +// OCSPResponse ::= SEQUENCE { +// responseStatus OCSPResponseStatus, +// responseBytes [0] EXPLICIT ResponseBytes OPTIONAL +// } +// +// ResponseBytes ::= SEQUENCE { +// responseType OBJECT IDENTIFIER, +// response OCTET STRING +// } +// +// BasicOCSPResponse ::= SEQUENCE { +// tbsResponseData ResponseData, +// signatureAlgorithm AlgorithmIdentifier, +// signature BIT STRING, +// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL +// } +// +// OCSPResponseStatus ::= ENUMERATED { +// successful (0), -- Response has valid confirmations +// malformedRequest (1), -- Illegal confirmation request +// internalError (2), -- Internal error in issuer +// tryLater (3), -- Try again later +// -- (4) is not used +// sigRequired (5), -- Must sign the request +// unauthorized (6) -- Request unauthorized +// } +struct OPENSSL_EXPORT OCSPResponse { + // Correspond to the values of OCSPResponseStatus + enum class ResponseStatus { + SUCCESSFUL = 0, + MALFORMED_REQUEST = 1, + INTERNAL_ERROR = 2, + TRY_LATER = 3, + UNUSED = 4, + SIG_REQUIRED = 5, + UNAUTHORIZED = 6, + + LAST = UNAUTHORIZED, + }; + + OCSPResponse(); + ~OCSPResponse(); + + ResponseStatus status; + der::Input data; + SignatureAlgorithm signature_algorithm; + der::BitString signature; + bool has_certs; + std::vector certs; +}; + +// From RFC 6960: +// +// id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } +// id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } +// +// In dotted notation: 1.3.6.1.5.5.7.48.1.1 +inline constexpr uint8_t kBasicOCSPResponseOid[] = { + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01}; + +// Parses a DER-encoded OCSP "CertID" as specified by RFC 6960. Returns true on +// success and sets the results in |out|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +OPENSSL_EXPORT bool ParseOCSPCertID(const der::Input& raw_tlv, + OCSPCertID* out); + +// Parses a DER-encoded OCSP "SingleResponse" as specified by RFC 6960. Returns +// true on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +OPENSSL_EXPORT bool ParseOCSPSingleResponse(const der::Input& raw_tlv, + OCSPSingleResponse* out); + +// Parses a DER-encoded OCSP "ResponseData" as specified by RFC 6960. Returns +// true on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +OPENSSL_EXPORT bool ParseOCSPResponseData(const der::Input& raw_tlv, + OCSPResponseData* out); + +// Parses a DER-encoded "OCSPResponse" as specified by RFC 6960. Returns true +// on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +OPENSSL_EXPORT bool ParseOCSPResponse(const der::Input& raw_tlv, + OCSPResponse* out); + +// Checks the revocation status of the certificate |certificate_der| by using +// the DER-encoded |raw_response|. +// +// Returns GOOD if the OCSP response indicates the certificate is not revoked, +// REVOKED if it indicates it is revoked, or UNKNOWN for all other cases. +// +// * |raw_response|: A DER encoded OCSPResponse. +// * |certificate_der|: The certificate being checked for revocation. +// * |issuer_certificate_der|: The certificate that signed |certificate_der|. +// The caller must have already performed path verification. +// * |verify_time_epoch_seconds|: The time as the difference in seconds from +// the POSIX epoch to use when checking revocation status. +// * |max_age_seconds|: The maximum age in seconds for a CRL, implemented as +// time since the |thisUpdate| field in the CRL TBSCertList. Responses +// older than |max_age_seconds| will be considered invalid. +// * |response_details|: Additional details about failures. +[[nodiscard]] OPENSSL_EXPORT OCSPRevocationStatus +CheckOCSP(std::string_view raw_response, + std::string_view certificate_der, + std::string_view issuer_certificate_der, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details); + +// Checks the revocation status of |certificate| by using the DER-encoded +// |raw_response|. +// +// Arguments are the same as above, except that it takes already parsed +// instances of the certificate and issuer certificate. +[[nodiscard]] OPENSSL_EXPORT OCSPRevocationStatus +CheckOCSP(std::string_view raw_response, + const ParsedCertificate* certificate, + const ParsedCertificate* issuer_certificate, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds, + OCSPVerifyResult::ResponseStatus* response_details); + +// Creates a DER-encoded OCSPRequest for |cert|. The request is fairly basic: +// * No signature +// * No requestorName +// * No extensions +// * Uses SHA1 for all hashes. +// +// Returns true on success and fills |request_der| with the resulting bytes. +OPENSSL_EXPORT bool CreateOCSPRequest(const ParsedCertificate* cert, + const ParsedCertificate* issuer, + std::vector* request_der); + +// Creates a URL to issue a GET request for OCSP information for |cert|. +OPENSSL_EXPORT URL CreateOCSPGetURL(const ParsedCertificate* cert, + const ParsedCertificate* issuer, + std::string_view ocsp_responder_url); + +} // namespace net + +#endif // BSSL_PKI_OCSP_H_ diff --git a/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc b/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc new file mode 100644 index 0000000000..49f7c905d0 --- /dev/null +++ b/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc @@ -0,0 +1,17 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "ocsp.h" +#include "input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::der::Input cert_id_der(data, size); + net::OCSPCertID cert_id; + net::ParseOCSPCertID(cert_id_der, &cert_id); + + return 0; +} diff --git a/pki/ocsp_parse_ocsp_response_data_fuzzer.cc b/pki/ocsp_parse_ocsp_response_data_fuzzer.cc new file mode 100644 index 0000000000..884a8a7620 --- /dev/null +++ b/pki/ocsp_parse_ocsp_response_data_fuzzer.cc @@ -0,0 +1,17 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "ocsp.h" +#include "input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::der::Input response_data_der(data, size); + net::OCSPResponseData response_data; + net::ParseOCSPResponseData(response_data_der, &response_data); + + return 0; +} diff --git a/pki/ocsp_parse_ocsp_response_fuzzer.cc b/pki/ocsp_parse_ocsp_response_fuzzer.cc new file mode 100644 index 0000000000..df6c8803d8 --- /dev/null +++ b/pki/ocsp_parse_ocsp_response_fuzzer.cc @@ -0,0 +1,17 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "ocsp.h" +#include "input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::der::Input response_der(data, size); + net::OCSPResponse response; + net::ParseOCSPResponse(response_der, &response); + + return 0; +} diff --git a/pki/ocsp_parse_ocsp_single_response_fuzzer.cc b/pki/ocsp_parse_ocsp_single_response_fuzzer.cc new file mode 100644 index 0000000000..9c079187c3 --- /dev/null +++ b/pki/ocsp_parse_ocsp_single_response_fuzzer.cc @@ -0,0 +1,17 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "ocsp.h" +#include "input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::der::Input single_response_der(data, size); + net::OCSPSingleResponse single_response; + net::ParseOCSPSingleResponse(single_response_der, &single_response); + + return 0; +} diff --git a/pki/ocsp_revocation_status.h b/pki/ocsp_revocation_status.h new file mode 100644 index 0000000000..b4d30cae3f --- /dev/null +++ b/pki/ocsp_revocation_status.h @@ -0,0 +1,21 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_OCSP_REVOCATION_STATUS_H_ +#define BSSL_PKI_OCSP_REVOCATION_STATUS_H_ + +namespace bssl { + +// This value is histogrammed, so do not re-order or change values, and add +// new values at the end. +enum class OCSPRevocationStatus { + GOOD = 0, + REVOKED = 1, + UNKNOWN = 2, + MAX_VALUE = UNKNOWN +}; + +} // namespace net + +#endif // BSSL_PKI_OCSP_REVOCATION_STATUS_H_ diff --git a/pki/ocsp_unittest.cc b/pki/ocsp_unittest.cc new file mode 100644 index 0000000000..80137ffd66 --- /dev/null +++ b/pki/ocsp_unittest.cc @@ -0,0 +1,245 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "webutil/url/url.h" +#include "ocsp.h" + +#include "string_util.h" +#include "test_helpers.h" +#include "encode_values.h" +#include +#include +#include +#include "webutil/url/url.h" + +namespace bssl { + +namespace { + +constexpr int64_t kOCSPAgeOneWeek = 7 * 24 * 60 * 60; + +std::string GetFilePath(const std::string& file_name) { + return std::string("testdata/ocsp_unittest/") + file_name; +} + +std::shared_ptr ParseCertificate( + std::string_view data) { + CertErrors errors; + return ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(data.data()), data.size(), nullptr)), + {}, &errors); +} + +struct TestParams { + const char* file_name; + OCSPRevocationStatus expected_revocation_status; + OCSPVerifyResult::ResponseStatus expected_response_status; +}; + +class CheckOCSPTest : public ::testing::TestWithParam {}; + +const TestParams kTestParams[] = { + {"good_response.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"good_response_sha256.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"no_response.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::NO_MATCHING_RESPONSE}, + + {"malformed_request.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::ERROR_RESPONSE}, + + {"bad_status.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PARSE_RESPONSE_ERROR}, + + {"bad_ocsp_type.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PARSE_RESPONSE_ERROR}, + + {"bad_signature.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PROVIDED}, + + {"ocsp_sign_direct.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"ocsp_sign_indirect.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"ocsp_sign_indirect_missing.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PROVIDED}, + + {"ocsp_sign_bad_indirect.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PROVIDED}, + + {"ocsp_extra_certs.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"has_version.pem", OCSPRevocationStatus::GOOD, OCSPVerifyResult::PROVIDED}, + + {"responder_name.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"responder_id.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"has_extension.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"good_response_next_update.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"revoke_response.pem", OCSPRevocationStatus::REVOKED, + OCSPVerifyResult::PROVIDED}, + + {"revoke_response_reason.pem", OCSPRevocationStatus::REVOKED, + OCSPVerifyResult::PROVIDED}, + + {"unknown_response.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PROVIDED}, + + {"multiple_response.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::PROVIDED}, + + {"other_response.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::NO_MATCHING_RESPONSE}, + + {"has_single_extension.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"has_critical_single_extension.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION}, + + {"has_critical_response_extension.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION}, + + {"has_critical_ct_extension.pem", OCSPRevocationStatus::GOOD, + OCSPVerifyResult::PROVIDED}, + + {"missing_response.pem", OCSPRevocationStatus::UNKNOWN, + OCSPVerifyResult::NO_MATCHING_RESPONSE}, +}; + +// Parameterised test name generator for tests depending on RenderTextBackend. +struct PrintTestName { + std::string operator()(const testing::TestParamInfo& info) const { + std::string_view name(info.param.file_name); + // Strip ".pem" from the end as GTest names cannot contain period. + name.remove_suffix(4); + return std::string(name); + } +}; + +INSTANTIATE_TEST_SUITE_P(All, + CheckOCSPTest, + ::testing::ValuesIn(kTestParams), + PrintTestName()); + +TEST_P(CheckOCSPTest, FromFile) { + const TestParams& params = GetParam(); + + std::string ocsp_data; + std::string ca_data; + std::string cert_data; + std::string request_data; + const PemBlockMapping mappings[] = { + {"OCSP RESPONSE", &ocsp_data}, + {"CA CERTIFICATE", &ca_data}, + {"CERTIFICATE", &cert_data}, + {"OCSP REQUEST", &request_data}, + }; + + ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(params.file_name), mappings)); + + // Mar 5 00:00:00 2017 GMT + int64_t kVerifyTime = 1488672000; + + // Test that CheckOCSP() works. + OCSPVerifyResult::ResponseStatus response_status; + OCSPRevocationStatus revocation_status = + CheckOCSP(ocsp_data, cert_data, ca_data, kVerifyTime, kOCSPAgeOneWeek, + &response_status); + + EXPECT_EQ(params.expected_revocation_status, revocation_status); + EXPECT_EQ(params.expected_response_status, response_status); + + // Check that CreateOCSPRequest() works. + std::shared_ptr cert = ParseCertificate(cert_data); + ASSERT_TRUE(cert); + + std::shared_ptr issuer = ParseCertificate(ca_data); + ASSERT_TRUE(issuer); + + std::vector encoded_request; + ASSERT_TRUE(CreateOCSPRequest(cert.get(), issuer.get(), &encoded_request)); + + EXPECT_EQ(der::Input(encoded_request.data(), encoded_request.size()), + der::Input(&request_data)); +} + +std::string_view kGetURLTestParams[] = { + "http://www.example.com/", + "http://www.example.com/path/", + "http://www.example.com/path", + "http://www.example.com/path?query" + "http://user:pass@www.example.com/path?query", +}; + +class CreateOCSPGetURLTest : public ::testing::TestWithParam { +}; + +INSTANTIATE_TEST_SUITE_P(All, + CreateOCSPGetURLTest, + ::testing::ValuesIn(kGetURLTestParams)); + +TEST_P(CreateOCSPGetURLTest, Basic) { + std::string ca_data; + std::string cert_data; + std::string request_data; + const PemBlockMapping mappings[] = { + {"CA CERTIFICATE", &ca_data}, + {"CERTIFICATE", &cert_data}, + {"OCSP REQUEST", &request_data}, + }; + + // Load one of the test files. (Doesn't really matter which one as + // constructing the DER is tested elsewhere). + ASSERT_TRUE( + ReadTestDataFromPemFile(GetFilePath("good_response.pem"), mappings)); + + std::shared_ptr cert = ParseCertificate(cert_data); + ASSERT_TRUE(cert); + + std::shared_ptr issuer = ParseCertificate(ca_data); + ASSERT_TRUE(issuer); + + URL url = CreateOCSPGetURL(cert.get(), issuer.get(), GetParam()); + + // Try to extract the encoded data and compare against |request_data|. + // + // A known answer output test would be better as this just reverses the logic + // from the implementation file. + std::string b64 = url.spec().substr(GetParam().size() + 1); + + // Hex un-escape the data. + b64 = bssl::string_util::FindAndReplace(b64, "%2B", "+"); + b64 = bssl::string_util::FindAndReplace(b64, "%2F", "/"); + b64 = bssl::string_util::FindAndReplace(b64, "%3D", "="); + + // Base64 decode the data. + size_t len; + EXPECT_TRUE(EVP_DecodedLength(&len, b64.size())); + std::vector decoded(len); + EXPECT_TRUE(EVP_DecodeBase64(decoded.data(), &len, len, + reinterpret_cast(b64.data()), + b64.size())); + std::string decoded_string(decoded.begin(), decoded.begin() + len); + + EXPECT_EQ(request_data, decoded_string); +} + +} // namespace + +} // namespace net diff --git a/pki/ocsp_verify_result.cc b/pki/ocsp_verify_result.cc new file mode 100644 index 0000000000..b68bfdccf3 --- /dev/null +++ b/pki/ocsp_verify_result.cc @@ -0,0 +1,24 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "ocsp_verify_result.h" + +namespace bssl { + +OCSPVerifyResult::OCSPVerifyResult() = default; +OCSPVerifyResult::OCSPVerifyResult(const OCSPVerifyResult&) = default; +OCSPVerifyResult::~OCSPVerifyResult() = default; + +bool OCSPVerifyResult::operator==(const OCSPVerifyResult& other) const { + if (response_status != other.response_status) + return false; + + if (response_status == PROVIDED) { + // |revocation_status| is only defined when |response_status| is PROVIDED. + return revocation_status == other.revocation_status; + } + return true; +} + +} // namespace net diff --git a/pki/ocsp_verify_result.h b/pki/ocsp_verify_result.h new file mode 100644 index 0000000000..32998fa740 --- /dev/null +++ b/pki/ocsp_verify_result.h @@ -0,0 +1,76 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_OCSP_VERIFY_RESULT_H_ +#define BSSL_PKI_OCSP_VERIFY_RESULT_H_ + +#include "fillins/openssl_util.h" + +#include "ocsp_revocation_status.h" + +namespace bssl { + +// The result of OCSP verification. This always contains a ResponseStatus, which +// describes whether or not an OCSP response was provided, and response level +// errors. It optionally contains an OCSPRevocationStatus when |response_status +// = PROVIDED|. For example, a stapled OCSP response matching the certificate, +// and indicating a non-revoked status, will have |response_status = PROVIDED| +// and |revocation_status = GOOD|. This is populated as part of the certificate +// verification process, and should not be modified at other layers. +struct OPENSSL_EXPORT OCSPVerifyResult { + OCSPVerifyResult(); + OCSPVerifyResult(const OCSPVerifyResult&); + ~OCSPVerifyResult(); + + bool operator==(const OCSPVerifyResult& other) const; + + // This value is histogrammed, so do not re-order or change values, and add + // new values at the end. + enum ResponseStatus { + // OCSP verification was not checked on this connection. + NOT_CHECKED = 0, + + // No OCSPResponse was stapled. + MISSING = 1, + + // An up-to-date OCSP response was stapled and matched the certificate. + PROVIDED = 2, + + // The stapled OCSP response did not have a SUCCESSFUL status. + ERROR_RESPONSE = 3, + + // The OCSPResponseData field producedAt was outside the certificate + // validity period. + BAD_PRODUCED_AT = 4, + + // At least one OCSPSingleResponse was stapled, but none matched the + // certificate. + NO_MATCHING_RESPONSE = 5, + + // A matching OCSPSingleResponse was stapled, but was either expired or not + // yet valid. + INVALID_DATE = 6, + + // The OCSPResponse structure could not be parsed. + PARSE_RESPONSE_ERROR = 7, + + // The OCSPResponseData structure could not be parsed. + PARSE_RESPONSE_DATA_ERROR = 8, + + // Unhandled critical extension in either OCSPResponseData or + // OCSPSingleResponse + UNHANDLED_CRITICAL_EXTENSION = 9, + RESPONSE_STATUS_MAX = UNHANDLED_CRITICAL_EXTENSION + }; + + ResponseStatus response_status = NOT_CHECKED; + + // The strictest CertStatus matching the certificate (REVOKED > UNKNOWN > + // GOOD). Only valid if |response_status| = PROVIDED. + OCSPRevocationStatus revocation_status = OCSPRevocationStatus::UNKNOWN; +}; + +} // namespace net + +#endif // BSSL_PKI_OCSP_VERIFY_RESULT_H_ diff --git a/pki/parse_certificate.cc b/pki/parse_certificate.cc new file mode 100644 index 0000000000..b8163d5e7c --- /dev/null +++ b/pki/parse_certificate.cc @@ -0,0 +1,956 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "fillins/openssl_util.h" +#include "parse_certificate.h" + +#include + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "general_names.h" +#include "string_util.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include + +namespace bssl { + +namespace { + +DEFINE_CERT_ERROR_ID(kCertificateNotSequence, + "Failed parsing Certificate SEQUENCE"); +DEFINE_CERT_ERROR_ID(kUnconsumedDataInsideCertificateSequence, + "Unconsumed data inside Certificate SEQUENCE"); +DEFINE_CERT_ERROR_ID(kUnconsumedDataAfterCertificateSequence, + "Unconsumed data after Certificate SEQUENCE"); +DEFINE_CERT_ERROR_ID(kTbsCertificateNotSequence, + "Couldn't read tbsCertificate as SEQUENCE"); +DEFINE_CERT_ERROR_ID( + kSignatureAlgorithmNotSequence, + "Couldn't read Certificate.signatureAlgorithm as SEQUENCE"); +DEFINE_CERT_ERROR_ID(kSignatureValueNotBitString, + "Couldn't read Certificate.signatureValue as BIT STRING"); +DEFINE_CERT_ERROR_ID(kUnconsumedDataInsideTbsCertificateSequence, + "Unconsumed data inside TBSCertificate"); +DEFINE_CERT_ERROR_ID(kTbsNotSequence, "Failed parsing TBSCertificate SEQUENCE"); +DEFINE_CERT_ERROR_ID(kFailedReadingVersion, "Failed reading version"); +DEFINE_CERT_ERROR_ID(kFailedParsingVersion, "Failed parsing version"); +DEFINE_CERT_ERROR_ID(kVersionExplicitlyV1, + "Version explicitly V1 (should be omitted)"); +DEFINE_CERT_ERROR_ID(kFailedReadingSerialNumber, "Failed reading serialNumber"); +DEFINE_CERT_ERROR_ID(kFailedReadingSignatureValue, "Failed reading signature"); +DEFINE_CERT_ERROR_ID(kFailedReadingIssuer, "Failed reading issuer"); +DEFINE_CERT_ERROR_ID(kFailedReadingValidity, "Failed reading validity"); +DEFINE_CERT_ERROR_ID(kFailedParsingValidity, "Failed parsing validity"); +DEFINE_CERT_ERROR_ID(kFailedReadingSubject, "Failed reading subject"); +DEFINE_CERT_ERROR_ID(kFailedReadingSpki, "Failed reading subjectPublicKeyInfo"); +DEFINE_CERT_ERROR_ID(kFailedReadingIssuerUniqueId, + "Failed reading issuerUniqueId"); +DEFINE_CERT_ERROR_ID(kFailedParsingIssuerUniqueId, + "Failed parsing issuerUniqueId"); +DEFINE_CERT_ERROR_ID( + kIssuerUniqueIdNotExpected, + "Unexpected issuerUniqueId (must be V2 or V3 certificate)"); +DEFINE_CERT_ERROR_ID(kFailedReadingSubjectUniqueId, + "Failed reading subjectUniqueId"); +DEFINE_CERT_ERROR_ID(kFailedParsingSubjectUniqueId, + "Failed parsing subjectUniqueId"); +DEFINE_CERT_ERROR_ID( + kSubjectUniqueIdNotExpected, + "Unexpected subjectUniqueId (must be V2 or V3 certificate)"); +DEFINE_CERT_ERROR_ID(kFailedReadingExtensions, + "Failed reading extensions SEQUENCE"); +DEFINE_CERT_ERROR_ID(kUnexpectedExtensions, + "Unexpected extensions (must be V3 certificate)"); +DEFINE_CERT_ERROR_ID(kSerialNumberIsNegative, "Serial number is negative"); +DEFINE_CERT_ERROR_ID(kSerialNumberIsZero, "Serial number is zero"); +DEFINE_CERT_ERROR_ID(kSerialNumberLengthOver20, + "Serial number is longer than 20 octets"); +DEFINE_CERT_ERROR_ID(kSerialNumberNotValidInteger, + "Serial number is not a valid INTEGER"); + +// Returns true if |input| is a SEQUENCE and nothing else. +[[nodiscard]] bool IsSequenceTLV(const der::Input& input) { + der::Parser parser(input); + der::Parser unused_sequence_parser; + if (!parser.ReadSequence(&unused_sequence_parser)) + return false; + // Should by a single SEQUENCE by definition of the function. + return !parser.HasMore(); +} + +// Reads a SEQUENCE from |parser| and writes the full tag-length-value into +// |out|. On failure |parser| may or may not have been advanced. +[[nodiscard]] bool ReadSequenceTLV(der::Parser* parser, der::Input* out) { + return parser->ReadRawTLV(out) && IsSequenceTLV(*out); +} + +// Parses a Version according to RFC 5280: +// +// Version ::= INTEGER { v1(0), v2(1), v3(2) } +// +// No value other that v1, v2, or v3 is allowed (and if given will fail). RFC +// 5280 minimally requires the handling of v3 (and overwhelmingly these are the +// certificate versions in use today): +// +// Implementations SHOULD be prepared to accept any version certificate. +// At a minimum, conforming implementations MUST recognize version 3 +// certificates. +[[nodiscard]] bool ParseVersion(const der::Input& in, + CertificateVersion* version) { + der::Parser parser(in); + uint64_t version64; + if (!parser.ReadUint64(&version64)) + return false; + + switch (version64) { + case 0: + *version = CertificateVersion::V1; + break; + case 1: + *version = CertificateVersion::V2; + break; + case 2: + *version = CertificateVersion::V3; + break; + default: + // Don't allow any other version identifier. + return false; + } + + // By definition the input to this function was a single INTEGER, so there + // shouldn't be anything else after it. + return !parser.HasMore(); +} + +// Returns true if every bit in |bits| is zero (including empty). +[[nodiscard]] bool BitStringIsAllZeros(const der::BitString& bits) { + // Note that it is OK to read from the unused bits, since BitString parsing + // guarantees they are all zero. + for (size_t i = 0; i < bits.bytes().Length(); ++i) { + if (bits.bytes().UnsafeData()[i] != 0) + return false; + } + return true; +} + +// Parses a DistributionPointName. +// +// From RFC 5280: +// +// DistributionPointName ::= CHOICE { +// fullName [0] GeneralNames, +// nameRelativeToCRLIssuer [1] RelativeDistinguishedName } +bool ParseDistributionPointName(const der::Input& dp_name, + ParsedDistributionPoint* distribution_point) { + der::Parser parser(dp_name); + std::optional der_full_name; + if (!parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &der_full_name)) { + return false; + } + if (der_full_name) { + // TODO(mattm): surface the CertErrors. + CertErrors errors; + distribution_point->distribution_point_fullname = + GeneralNames::CreateFromValue(*der_full_name, &errors); + if (!distribution_point->distribution_point_fullname) + return false; + return !parser.HasMore(); + } + + if (!parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 1, + &distribution_point + ->distribution_point_name_relative_to_crl_issuer)) { + return false; + } + if (distribution_point->distribution_point_name_relative_to_crl_issuer) { + return !parser.HasMore(); + } + + // The CHOICE must contain either fullName or nameRelativeToCRLIssuer. + return false; +} + +// RFC 5280, section 4.2.1.13. +// +// DistributionPoint ::= SEQUENCE { +// distributionPoint [0] DistributionPointName OPTIONAL, +// reasons [1] ReasonFlags OPTIONAL, +// cRLIssuer [2] GeneralNames OPTIONAL } +bool ParseAndAddDistributionPoint( + der::Parser* parser, + std::vector* distribution_points) { + ParsedDistributionPoint distribution_point; + + // DistributionPoint ::= SEQUENCE { + der::Parser distrib_point_parser; + if (!parser->ReadSequence(&distrib_point_parser)) + return false; + + // distributionPoint [0] DistributionPointName OPTIONAL, + std::optional distribution_point_name; + if (!distrib_point_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &distribution_point_name)) { + return false; + } + + if (distribution_point_name && + !ParseDistributionPointName(*distribution_point_name, + &distribution_point)) { + return false; + } + + // reasons [1] ReasonFlags OPTIONAL, + if (!distrib_point_parser.ReadOptionalTag(der::kTagContextSpecific | 1, + &distribution_point.reasons)) { + return false; + } + + // cRLIssuer [2] GeneralNames OPTIONAL } + if (!distrib_point_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 2, + &distribution_point.crl_issuer)) { + return false; + } + // TODO(eroman): Parse "cRLIssuer"? + + // RFC 5280, section 4.2.1.13: + // either distributionPoint or cRLIssuer MUST be present. + if (!distribution_point_name && !distribution_point.crl_issuer) + return false; + + if (distrib_point_parser.HasMore()) + return false; + + distribution_points->push_back(std::move(distribution_point)); + return true; +} + +} // namespace + +ParsedTbsCertificate::ParsedTbsCertificate() = default; + +ParsedTbsCertificate::ParsedTbsCertificate(ParsedTbsCertificate&& other) = + default; + +ParsedTbsCertificate::~ParsedTbsCertificate() = default; + +bool VerifySerialNumber(const der::Input& value, + bool warnings_only, + CertErrors* errors) { + // If |warnings_only| was set to true, the exact same errors will be logged, + // only they will be logged with a lower severity (warning rather than error). + CertError::Severity error_severity = + warnings_only ? CertError::SEVERITY_WARNING : CertError::SEVERITY_HIGH; + + bool negative; + if (!der::IsValidInteger(value, &negative)) { + errors->Add(error_severity, kSerialNumberNotValidInteger, nullptr); + return false; + } + + // RFC 5280 section 4.1.2.2: + // + // Note: Non-conforming CAs may issue certificates with serial numbers + // that are negative or zero. Certificate users SHOULD be prepared to + // gracefully handle such certificates. + if (negative) + errors->AddWarning(kSerialNumberIsNegative); + if (value.Length() == 1 && value.UnsafeData()[0] == 0) + errors->AddWarning(kSerialNumberIsZero); + + // RFC 5280 section 4.1.2.2: + // + // Certificate users MUST be able to handle serialNumber values up to 20 + // octets. Conforming CAs MUST NOT use serialNumber values longer than 20 + // octets. + if (value.Length() > 20) { + errors->Add(error_severity, kSerialNumberLengthOver20, + CreateCertErrorParams1SizeT("length", value.Length())); + return false; + } + + return true; +} + +bool ReadUTCOrGeneralizedTime(der::Parser* parser, der::GeneralizedTime* out) { + der::Input value; + der::Tag tag; + + if (!parser->ReadTagAndValue(&tag, &value)) + return false; + + if (tag == der::kUtcTime) + return der::ParseUTCTime(value, out); + + if (tag == der::kGeneralizedTime) + return der::ParseGeneralizedTime(value, out); + + // Unrecognized tag. + return false; +} + +bool ParseValidity(const der::Input& validity_tlv, + der::GeneralizedTime* not_before, + der::GeneralizedTime* not_after) { + der::Parser parser(validity_tlv); + + // Validity ::= SEQUENCE { + der::Parser validity_parser; + if (!parser.ReadSequence(&validity_parser)) + return false; + + // notBefore Time, + if (!ReadUTCOrGeneralizedTime(&validity_parser, not_before)) + return false; + + // notAfter Time } + if (!ReadUTCOrGeneralizedTime(&validity_parser, not_after)) + return false; + + // By definition the input was a single Validity sequence, so there shouldn't + // be unconsumed data. + if (parser.HasMore()) + return false; + + // The Validity type does not have an extension point. + if (validity_parser.HasMore()) + return false; + + // Note that RFC 5280 doesn't require notBefore to be <= + // notAfter, so that will not be considered a "parsing" error here. Instead it + // will be considered an expired certificate later when testing against the + // current timestamp. + return true; +} + +bool ParseCertificate(const der::Input& certificate_tlv, + der::Input* out_tbs_certificate_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value, + CertErrors* out_errors) { + // |out_errors| is optional. But ensure it is non-null for the remainder of + // this function. + CertErrors unused_errors; + if (!out_errors) + out_errors = &unused_errors; + + der::Parser parser(certificate_tlv); + + // Certificate ::= SEQUENCE { + der::Parser certificate_parser; + if (!parser.ReadSequence(&certificate_parser)) { + out_errors->AddError(kCertificateNotSequence); + return false; + } + + // tbsCertificate TBSCertificate, + if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv)) { + out_errors->AddError(kTbsCertificateNotSequence); + return false; + } + + // signatureAlgorithm AlgorithmIdentifier, + if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv)) { + out_errors->AddError(kSignatureAlgorithmNotSequence); + return false; + } + + // signatureValue BIT STRING } + std::optional signature_value = + certificate_parser.ReadBitString(); + if (!signature_value) { + out_errors->AddError(kSignatureValueNotBitString); + return false; + } + *out_signature_value = signature_value.value(); + + // There isn't an extension point at the end of Certificate. + if (certificate_parser.HasMore()) { + out_errors->AddError(kUnconsumedDataInsideCertificateSequence); + return false; + } + + // By definition the input was a single Certificate, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) { + out_errors->AddError(kUnconsumedDataAfterCertificateSequence); + return false; + } + + return true; +} + +// From RFC 5280 section 4.1: +// +// TBSCertificate ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// serialNumber CertificateSerialNumber, +// signature AlgorithmIdentifier, +// issuer Name, +// validity Validity, +// subject Name, +// subjectPublicKeyInfo SubjectPublicKeyInfo, +// issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// extensions [3] EXPLICIT Extensions OPTIONAL +// -- If present, version MUST be v3 +// } +bool ParseTbsCertificate(const der::Input& tbs_tlv, + const ParseCertificateOptions& options, + ParsedTbsCertificate* out, + CertErrors* errors) { + // The rest of this function assumes that |errors| is non-null. + CertErrors unused_errors; + if (!errors) + errors = &unused_errors; + + // TODO(crbug.com/634443): Add useful error information to |errors|. + + der::Parser parser(tbs_tlv); + + // TBSCertificate ::= SEQUENCE { + der::Parser tbs_parser; + if (!parser.ReadSequence(&tbs_parser)) { + errors->AddError(kTbsNotSequence); + return false; + } + + // version [0] EXPLICIT Version DEFAULT v1, + std::optional version; + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &version)) { + errors->AddError(kFailedReadingVersion); + return false; + } + if (version) { + if (!ParseVersion(version.value(), &out->version)) { + errors->AddError(kFailedParsingVersion); + return false; + } + if (out->version == CertificateVersion::V1) { + errors->AddError(kVersionExplicitlyV1); + // The correct way to specify v1 is to omit the version field since v1 is + // the DEFAULT. + return false; + } + } else { + out->version = CertificateVersion::V1; + } + + // serialNumber CertificateSerialNumber, + if (!tbs_parser.ReadTag(der::kInteger, &out->serial_number)) { + errors->AddError(kFailedReadingSerialNumber); + return false; + } + if (!VerifySerialNumber(out->serial_number, + options.allow_invalid_serial_numbers, errors)) { + // Invalid serial numbers are only considered fatal failures if + // |!allow_invalid_serial_numbers|. + if (!options.allow_invalid_serial_numbers) + return false; + } + + // signature AlgorithmIdentifier, + if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv)) { + errors->AddError(kFailedReadingSignatureValue); + return false; + } + + // issuer Name, + if (!ReadSequenceTLV(&tbs_parser, &out->issuer_tlv)) { + errors->AddError(kFailedReadingIssuer); + return false; + } + + // validity Validity, + der::Input validity_tlv; + if (!tbs_parser.ReadRawTLV(&validity_tlv)) { + errors->AddError(kFailedReadingValidity); + return false; + } + if (!ParseValidity(validity_tlv, &out->validity_not_before, + &out->validity_not_after)) { + errors->AddError(kFailedParsingValidity); + return false; + } + + // subject Name, + if (!ReadSequenceTLV(&tbs_parser, &out->subject_tlv)) { + errors->AddError(kFailedReadingSubject); + return false; + } + + // subjectPublicKeyInfo SubjectPublicKeyInfo, + if (!ReadSequenceTLV(&tbs_parser, &out->spki_tlv)) { + errors->AddError(kFailedReadingSpki); + return false; + } + + // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version MUST be v2 or v3 + std::optional issuer_unique_id; + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificPrimitive(1), + &issuer_unique_id)) { + errors->AddError(kFailedReadingIssuerUniqueId); + return false; + } + if (issuer_unique_id) { + out->issuer_unique_id = der::ParseBitString(issuer_unique_id.value()); + if (!out->issuer_unique_id) { + errors->AddError(kFailedParsingIssuerUniqueId); + return false; + } + if (out->version != CertificateVersion::V2 && + out->version != CertificateVersion::V3) { + errors->AddError(kIssuerUniqueIdNotExpected); + return false; + } + } + + // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version MUST be v2 or v3 + std::optional subject_unique_id; + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificPrimitive(2), + &subject_unique_id)) { + errors->AddError(kFailedReadingSubjectUniqueId); + return false; + } + if (subject_unique_id) { + out->subject_unique_id = der::ParseBitString(subject_unique_id.value()); + if (!out->subject_unique_id) { + errors->AddError(kFailedParsingSubjectUniqueId); + return false; + } + if (out->version != CertificateVersion::V2 && + out->version != CertificateVersion::V3) { + errors->AddError(kSubjectUniqueIdNotExpected); + return false; + } + } + + // extensions [3] EXPLICIT Extensions OPTIONAL + // -- If present, version MUST be v3 + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(3), + &out->extensions_tlv)) { + errors->AddError(kFailedReadingExtensions); + return false; + } + if (out->extensions_tlv) { + // extensions_tlv must be a single element. Also check that it is a + // SEQUENCE. + if (!IsSequenceTLV(out->extensions_tlv.value())) { + errors->AddError(kFailedReadingExtensions); + return false; + } + if (out->version != CertificateVersion::V3) { + errors->AddError(kUnexpectedExtensions); + return false; + } + } + + // Note that there IS an extension point at the end of TBSCertificate + // (according to RFC 5912), so from that interpretation, unconsumed data would + // be allowed in |tbs_parser|. + // + // However because only v1, v2, and v3 certificates are supported by the + // parsing, there shouldn't be any subsequent data in those versions, so + // reject. + if (tbs_parser.HasMore()) { + errors->AddError(kUnconsumedDataInsideTbsCertificateSequence); + return false; + } + + // By definition the input was a single TBSCertificate, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +// From RFC 5280: +// +// Extension ::= SEQUENCE { +// extnID OBJECT IDENTIFIER, +// critical BOOLEAN DEFAULT FALSE, +// extnValue OCTET STRING +// -- contains the DER encoding of an ASN.1 value +// -- corresponding to the extension type identified +// -- by extnID +// } +bool ParseExtension(const der::Input& extension_tlv, ParsedExtension* out) { + der::Parser parser(extension_tlv); + + // Extension ::= SEQUENCE { + der::Parser extension_parser; + if (!parser.ReadSequence(&extension_parser)) + return false; + + // extnID OBJECT IDENTIFIER, + if (!extension_parser.ReadTag(der::kOid, &out->oid)) + return false; + + // critical BOOLEAN DEFAULT FALSE, + out->critical = false; + bool has_critical; + der::Input critical; + if (!extension_parser.ReadOptionalTag(der::kBool, &critical, &has_critical)) + return false; + if (has_critical) { + if (!der::ParseBool(critical, &out->critical)) + return false; + if (!out->critical) + return false; // DER-encoding requires DEFAULT values be omitted. + } + + // extnValue OCTET STRING + if (!extension_parser.ReadTag(der::kOctetString, &out->value)) + return false; + + // The Extension type does not have an extension point (everything goes in + // extnValue). + if (extension_parser.HasMore()) + return false; + + // By definition the input was a single Extension sequence, so there shouldn't + // be unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +OPENSSL_EXPORT bool ParseExtensions( + const der::Input& extensions_tlv, + std::map* extensions) { + der::Parser parser(extensions_tlv); + + // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + der::Parser extensions_parser; + if (!parser.ReadSequence(&extensions_parser)) + return false; + + // The Extensions SEQUENCE must contains at least 1 element (otherwise it + // should have been omitted). + if (!extensions_parser.HasMore()) + return false; + + extensions->clear(); + + while (extensions_parser.HasMore()) { + ParsedExtension extension; + + der::Input extension_tlv; + if (!extensions_parser.ReadRawTLV(&extension_tlv)) + return false; + + if (!ParseExtension(extension_tlv, &extension)) + return false; + + bool is_duplicate = + !extensions->insert(std::make_pair(extension.oid, extension)).second; + + // RFC 5280 says that an extension should not appear more than once. + if (is_duplicate) + return false; + } + + // By definition the input was a single Extensions sequence, so there + // shouldn't be unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +OPENSSL_EXPORT bool ConsumeExtension( + const der::Input& oid, + std::map* unconsumed_extensions, + ParsedExtension* extension) { + auto it = unconsumed_extensions->find(oid); + if (it == unconsumed_extensions->end()) + return false; + + *extension = it->second; + unconsumed_extensions->erase(it); + return true; +} + +bool ParseBasicConstraints(const der::Input& basic_constraints_tlv, + ParsedBasicConstraints* out) { + der::Parser parser(basic_constraints_tlv); + + // BasicConstraints ::= SEQUENCE { + der::Parser sequence_parser; + if (!parser.ReadSequence(&sequence_parser)) + return false; + + // cA BOOLEAN DEFAULT FALSE, + out->is_ca = false; + bool has_ca; + der::Input ca; + if (!sequence_parser.ReadOptionalTag(der::kBool, &ca, &has_ca)) + return false; + if (has_ca) { + if (!der::ParseBool(ca, &out->is_ca)) + return false; + // TODO(eroman): Should reject if CA was set to false, since + // DER-encoding requires DEFAULT values be omitted. In + // practice however there are a lot of certificates that use + // the broken encoding. + } + + // pathLenConstraint INTEGER (0..MAX) OPTIONAL } + der::Input encoded_path_len; + if (!sequence_parser.ReadOptionalTag(der::kInteger, &encoded_path_len, + &out->has_path_len)) { + return false; + } + if (out->has_path_len) { + // TODO(eroman): Surface reason for failure if length was longer than uint8. + if (!der::ParseUint8(encoded_path_len, &out->path_len)) + return false; + } else { + // Default initialize to 0 as a precaution. + out->path_len = 0; + } + + // There shouldn't be any unconsumed data in the extension. + if (sequence_parser.HasMore()) + return false; + + // By definition the input was a single BasicConstraints sequence, so there + // shouldn't be unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +// TODO(crbug.com/1314019): return std::optional when converting +// has_key_usage_ and key_usage_ into single std::optional field. +bool ParseKeyUsage(const der::Input& key_usage_tlv, der::BitString* key_usage) { + der::Parser parser(key_usage_tlv); + std::optional key_usage_internal = parser.ReadBitString(); + if (!key_usage_internal) + return false; + + // By definition the input was a single BIT STRING. + if (parser.HasMore()) + return false; + + // RFC 5280 section 4.2.1.3: + // + // When the keyUsage extension appears in a certificate, at least + // one of the bits MUST be set to 1. + if (BitStringIsAllZeros(key_usage_internal.value())) + return false; + + *key_usage = key_usage_internal.value(); + return true; +} + +bool ParseAuthorityInfoAccess( + const der::Input& authority_info_access_tlv, + std::vector* out_access_descriptions) { + der::Parser parser(authority_info_access_tlv); + + out_access_descriptions->clear(); + + // AuthorityInfoAccessSyntax ::= + // SEQUENCE SIZE (1..MAX) OF AccessDescription + der::Parser sequence_parser; + if (!parser.ReadSequence(&sequence_parser)) + return false; + if (!sequence_parser.HasMore()) + return false; + + while (sequence_parser.HasMore()) { + AuthorityInfoAccessDescription access_description; + + // AccessDescription ::= SEQUENCE { + der::Parser access_description_sequence_parser; + if (!sequence_parser.ReadSequence(&access_description_sequence_parser)) + return false; + + // accessMethod OBJECT IDENTIFIER, + if (!access_description_sequence_parser.ReadTag( + der::kOid, &access_description.access_method_oid)) { + return false; + } + + // accessLocation GeneralName } + if (!access_description_sequence_parser.ReadRawTLV( + &access_description.access_location)) { + return false; + } + + if (access_description_sequence_parser.HasMore()) + return false; + + out_access_descriptions->push_back(access_description); + } + + return true; +} + +bool ParseAuthorityInfoAccessURIs( + const der::Input& authority_info_access_tlv, + std::vector* out_ca_issuers_uris, + std::vector* out_ocsp_uris) { + std::vector access_descriptions; + if (!ParseAuthorityInfoAccess(authority_info_access_tlv, + &access_descriptions)) { + return false; + } + + for (const auto& access_description : access_descriptions) { + der::Parser access_location_parser(access_description.access_location); + der::Tag access_location_tag; + der::Input access_location_value; + if (!access_location_parser.ReadTagAndValue(&access_location_tag, + &access_location_value)) { + return false; + } + + // GeneralName ::= CHOICE { + if (access_location_tag == der::ContextSpecificPrimitive(6)) { + // uniformResourceIdentifier [6] IA5String, + std::string_view uri = access_location_value.AsStringView(); + if (!bssl::string_util::IsAscii(uri)) + return false; + + if (access_description.access_method_oid == der::Input(kAdCaIssuersOid)) + out_ca_issuers_uris->push_back(uri); + else if (access_description.access_method_oid == der::Input(kAdOcspOid)) + out_ocsp_uris->push_back(uri); + } + } + return true; +} + +ParsedDistributionPoint::ParsedDistributionPoint() = default; +ParsedDistributionPoint::ParsedDistributionPoint( + ParsedDistributionPoint&& other) = default; +ParsedDistributionPoint::~ParsedDistributionPoint() = default; + +bool ParseCrlDistributionPoints( + const der::Input& extension_value, + std::vector* distribution_points) { + distribution_points->clear(); + + // RFC 5280, section 4.2.1.13. + // + // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + der::Parser extension_value_parser(extension_value); + der::Parser distribution_points_parser; + if (!extension_value_parser.ReadSequence(&distribution_points_parser)) + return false; + if (extension_value_parser.HasMore()) + return false; + + // Sequence must have a minimum of 1 item. + if (!distribution_points_parser.HasMore()) + return false; + + while (distribution_points_parser.HasMore()) { + if (!ParseAndAddDistributionPoint(&distribution_points_parser, + distribution_points)) + return false; + } + + return true; +} + +ParsedAuthorityKeyIdentifier::ParsedAuthorityKeyIdentifier() = default; +ParsedAuthorityKeyIdentifier::~ParsedAuthorityKeyIdentifier() = default; +ParsedAuthorityKeyIdentifier::ParsedAuthorityKeyIdentifier( + ParsedAuthorityKeyIdentifier&& other) = default; +ParsedAuthorityKeyIdentifier& ParsedAuthorityKeyIdentifier::operator=( + ParsedAuthorityKeyIdentifier&& other) = default; + +bool ParseAuthorityKeyIdentifier( + const der::Input& extension_value, + ParsedAuthorityKeyIdentifier* authority_key_identifier) { + // RFC 5280, section 4.2.1.1. + // AuthorityKeyIdentifier ::= SEQUENCE { + // keyIdentifier [0] KeyIdentifier OPTIONAL, + // authorityCertIssuer [1] GeneralNames OPTIONAL, + // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + // + // KeyIdentifier ::= OCTET STRING + + der::Parser extension_value_parser(extension_value); + der::Parser aki_parser; + if (!extension_value_parser.ReadSequence(&aki_parser)) + return false; + if (extension_value_parser.HasMore()) + return false; + + // TODO(mattm): Should having an empty AuthorityKeyIdentifier SEQUENCE be an + // error? RFC 5280 doesn't explicitly say it. + + // keyIdentifier [0] KeyIdentifier OPTIONAL, + if (!aki_parser.ReadOptionalTag(der::ContextSpecificPrimitive(0), + &authority_key_identifier->key_identifier)) { + return false; + } + + // authorityCertIssuer [1] GeneralNames OPTIONAL, + if (!aki_parser.ReadOptionalTag( + der::ContextSpecificConstructed(1), + &authority_key_identifier->authority_cert_issuer)) { + return false; + } + + // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + if (!aki_parser.ReadOptionalTag( + der::ContextSpecificPrimitive(2), + &authority_key_identifier->authority_cert_serial_number)) { + return false; + } + + // -- authorityCertIssuer and authorityCertSerialNumber MUST both + // -- be present or both be absent + if (authority_key_identifier->authority_cert_issuer.has_value() != + authority_key_identifier->authority_cert_serial_number.has_value()) { + return false; + } + + // There shouldn't be any unconsumed data in the AuthorityKeyIdentifier + // SEQUENCE. + if (aki_parser.HasMore()) + return false; + + return true; +} + +bool ParseSubjectKeyIdentifier(const der::Input& extension_value, + der::Input* subject_key_identifier) { + // SubjectKeyIdentifier ::= KeyIdentifier + // + // KeyIdentifier ::= OCTET STRING + der::Parser extension_value_parser(extension_value); + if (!extension_value_parser.ReadTag(der::kOctetString, + subject_key_identifier)) { + return false; + } + + // There shouldn't be any unconsumed data in the extension SEQUENCE. + if (extension_value_parser.HasMore()) + return false; + + return true; +} + +} // namespace net diff --git a/pki/parse_certificate.h b/pki/parse_certificate.h new file mode 100644 index 0000000000..956c44e49d --- /dev/null +++ b/pki/parse_certificate.h @@ -0,0 +1,629 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_PARSE_CERTIFICATE_H_ +#define BSSL_PKI_PARSE_CERTIFICATE_H_ + +#include "fillins/openssl_util.h" +#include + +#include +#include +#include + + +#include "general_names.h" +#include "input.h" +#include "parse_values.h" +#include + +namespace bssl { + +namespace der { +class Parser; +} + +class CertErrors; +struct ParsedTbsCertificate; + +// Returns true if the given serial number (CertificateSerialNumber in RFC 5280) +// is valid: +// +// CertificateSerialNumber ::= INTEGER +// +// The input to this function is the (unverified) value octets of the INTEGER. +// This function will verify that: +// +// * The octets are a valid DER-encoding of an INTEGER (for instance, minimal +// encoding length). +// +// * No more than 20 octets are used. +// +// Note that it DOES NOT reject non-positive values (zero or negative). +// +// For reference, here is what RFC 5280 section 4.1.2.2 says: +// +// Given the uniqueness requirements above, serial numbers can be +// expected to contain long integers. Certificate users MUST be able to +// handle serialNumber values up to 20 octets. Conforming CAs MUST NOT +// use serialNumber values longer than 20 octets. +// +// Note: Non-conforming CAs may issue certificates with serial numbers +// that are negative or zero. Certificate users SHOULD be prepared to +// gracefully handle such certificates. +// +// |errors| must be a non-null destination for any errors/warnings. If +// |warnings_only| is set to true, then what would ordinarily be errors are +// instead added as warnings. +[[nodiscard]] OPENSSL_EXPORT bool VerifySerialNumber(const der::Input& value, + bool warnings_only, + CertErrors* errors); + +// Consumes a "Time" value (as defined by RFC 5280) from |parser|. On success +// writes the result to |*out| and returns true. On failure no guarantees are +// made about the state of |parser|. +// +// From RFC 5280: +// +// Time ::= CHOICE { +// utcTime UTCTime, +// generalTime GeneralizedTime } +[[nodiscard]] OPENSSL_EXPORT bool ReadUTCOrGeneralizedTime( + der::Parser* parser, + der::GeneralizedTime* out); + +// Parses a DER-encoded "Validity" as specified by RFC 5280. Returns true on +// success and sets the results in |not_before| and |not_after|: +// +// Validity ::= SEQUENCE { +// notBefore Time, +// notAfter Time } +// +// Note that upon success it is NOT guaranteed that |*not_before <= *not_after|. +[[nodiscard]] OPENSSL_EXPORT bool ParseValidity(const der::Input& validity_tlv, + der::GeneralizedTime* not_before, + der::GeneralizedTime* not_after); + +struct OPENSSL_EXPORT ParseCertificateOptions { + // If set to true, then parsing will skip checks on the certificate's serial + // number. The only requirement will be that the serial number is an INTEGER, + // however it is not required to be a valid DER-encoding (i.e. minimal + // encoding), nor is it required to be constrained to any particular length. + bool allow_invalid_serial_numbers = false; +}; + +// Parses a DER-encoded "Certificate" as specified by RFC 5280. Returns true on +// success and sets the results in the |out_*| parameters. On both the failure +// and success case, if |out_errors| was non-null it may contain extra error +// information. +// +// Note that on success the out parameters alias data from the input +// |certificate_tlv|. Hence the output values are only valid as long as +// |certificate_tlv| remains valid. +// +// On failure the out parameters have an undefined state, except for +// out_errors. Some of them may have been updated during parsing, whereas +// others may not have been changed. +// +// The out parameters represent each field of the Certificate SEQUENCE: +// Certificate ::= SEQUENCE { +// +// The |out_tbs_certificate_tlv| parameter corresponds with "tbsCertificate" +// from RFC 5280: +// tbsCertificate TBSCertificate, +// +// This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No +// guarantees are made regarding the value of this SEQUENCE. +// This can be further parsed using ParseTbsCertificate(). +// +// The |out_signature_algorithm_tlv| parameter corresponds with +// "signatureAlgorithm" from RFC 5280: +// signatureAlgorithm AlgorithmIdentifier, +// +// This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No +// guarantees are made regarding the value of this SEQUENCE. +// This can be further parsed using SignatureValue::Create(). +// +// The |out_signature_value| parameter corresponds with "signatureValue" from +// RFC 5280: +// signatureValue BIT STRING } +// +// Parsing guarantees that this is a valid BIT STRING. +[[nodiscard]] OPENSSL_EXPORT bool ParseCertificate( + const der::Input& certificate_tlv, + der::Input* out_tbs_certificate_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value, + CertErrors* out_errors); + +// Parses a DER-encoded "TBSCertificate" as specified by RFC 5280. Returns true +// on success and sets the results in |out|. Certain invalid inputs may +// be accepted based on the provided |options|. +// +// If |errors| was non-null then any warnings/errors that occur during parsing +// are added to it. +// +// Note that on success |out| aliases data from the input |tbs_tlv|. +// Hence the fields of the ParsedTbsCertificate are only valid as long as +// |tbs_tlv| remains valid. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +// +// Refer to the per-field documentation of ParsedTbsCertificate for details on +// what validity checks parsing performs. +// +// TBSCertificate ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// serialNumber CertificateSerialNumber, +// signature AlgorithmIdentifier, +// issuer Name, +// validity Validity, +// subject Name, +// subjectPublicKeyInfo SubjectPublicKeyInfo, +// issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// extensions [3] EXPLICIT Extensions OPTIONAL +// -- If present, version MUST be v3 +// } +[[nodiscard]] OPENSSL_EXPORT bool ParseTbsCertificate( + const der::Input& tbs_tlv, + const ParseCertificateOptions& options, + ParsedTbsCertificate* out, + CertErrors* errors); + +// Represents a "Version" from RFC 5280: +// Version ::= INTEGER { v1(0), v2(1), v3(2) } +enum class CertificateVersion { + V1, + V2, + V3, +}; + +// ParsedTbsCertificate contains pointers to the main fields of a DER-encoded +// RFC 5280 "TBSCertificate". +// +// ParsedTbsCertificate is expected to be filled by ParseTbsCertificate(), so +// subsequent field descriptions are in terms of what ParseTbsCertificate() +// sets. +struct OPENSSL_EXPORT ParsedTbsCertificate { + ParsedTbsCertificate(); + ParsedTbsCertificate(ParsedTbsCertificate&& other); + ParsedTbsCertificate& operator=(ParsedTbsCertificate&& other) = default; + ~ParsedTbsCertificate(); + + // Corresponds with "version" from RFC 5280: + // version [0] EXPLICIT Version DEFAULT v1, + // + // Parsing guarantees that the version is one of v1, v2, or v3. + CertificateVersion version = CertificateVersion::V1; + + // Corresponds with "serialNumber" from RFC 5280: + // serialNumber CertificateSerialNumber, + // + // This field specifically contains the content bytes of the INTEGER. So for + // instance if the serial number was 1000 then this would contain bytes + // {0x03, 0xE8}. + // + // The serial number may or may not be a valid DER-encoded INTEGER: + // + // If the option |allow_invalid_serial_numbers=true| was used during + // parsing, then nothing further can be assumed about these bytes. + // + // Otherwise if |allow_invalid_serial_numbers=false| then in addition + // to being a valid DER-encoded INTEGER, parsing guarantees that + // the serial number is at most 20 bytes long. Parsing does NOT guarantee + // that the integer is positive (might be zero or negative). + der::Input serial_number; + + // Corresponds with "signatureAlgorithm" from RFC 5280: + // signatureAlgorithm AlgorithmIdentifier, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + // + // This can be further parsed using SignatureValue::Create(). + der::Input signature_algorithm_tlv; + + // Corresponds with "issuer" from RFC 5280: + // issuer Name, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + der::Input issuer_tlv; + + // Corresponds with "validity" from RFC 5280: + // validity Validity, + // + // Where Validity is defined as: + // + // Validity ::= SEQUENCE { + // notBefore Time, + // notAfter Time } + // + // Parsing guarantees that notBefore (validity_not_before) and notAfter + // (validity_not_after) are valid DER-encoded dates, however it DOES NOT + // gurantee anything about their values. For instance notAfter could be + // before notBefore, or the dates could indicate an expired certificate. + // Consumers are responsible for testing expiration. + der::GeneralizedTime validity_not_before; + der::GeneralizedTime validity_not_after; + + // Corresponds with "subject" from RFC 5280: + // subject Name, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + der::Input subject_tlv; + + // Corresponds with "subjectPublicKeyInfo" from RFC 5280: + // subjectPublicKeyInfo SubjectPublicKeyInfo, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + der::Input spki_tlv; + + // Corresponds with "issuerUniqueID" from RFC 5280: + // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version MUST be v2 or v3 + // + // Parsing guarantees that if issuer_unique_id is present it is a valid BIT + // STRING, and that the version is either v2 or v3 + std::optional issuer_unique_id; + + // Corresponds with "subjectUniqueID" from RFC 5280: + // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version MUST be v2 or v3 + // + // Parsing guarantees that if subject_unique_id is present it is a valid BIT + // STRING, and that the version is either v2 or v3 + std::optional subject_unique_id; + + // Corresponds with "extensions" from RFC 5280: + // extensions [3] EXPLICIT Extensions OPTIONAL + // -- If present, version MUST be v3 + // + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. (Note that the + // EXPLICIT outer tag is stripped.) + // + // Parsing guarantees that if extensions is present the version is v3. + std::optional extensions_tlv; +}; + +// ParsedExtension represents a parsed "Extension" from RFC 5280. It contains +// der:Inputs which are not owned so the associated data must be kept alive. +// +// Extension ::= SEQUENCE { +// extnID OBJECT IDENTIFIER, +// critical BOOLEAN DEFAULT FALSE, +// extnValue OCTET STRING +// -- contains the DER encoding of an ASN.1 value +// -- corresponding to the extension type identified +// -- by extnID +// } +struct OPENSSL_EXPORT ParsedExtension { + der::Input oid; + // |value| will contain the contents of the OCTET STRING. For instance for + // basicConstraints it will be the TLV for a SEQUENCE. + der::Input value; + bool critical = false; +}; + +// Parses a DER-encoded "Extension" as specified by RFC 5280. Returns true on +// success and sets the results in |out|. +// +// Note that on success |out| aliases data from the input |extension_tlv|. +// Hence the fields of the ParsedExtension are only valid as long as +// |extension_tlv| remains valid. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +[[nodiscard]] OPENSSL_EXPORT bool ParseExtension(const der::Input& extension_tlv, + ParsedExtension* out); + +// From RFC 5280: +// +// id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } +// +// In dotted notation: 2.5.29.14 +inline constexpr uint8_t kSubjectKeyIdentifierOid[] = {0x55, 0x1d, 0x0e}; + +// From RFC 5280: +// +// id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } +// +// In dotted notation: 2.5.29.15 +inline constexpr uint8_t kKeyUsageOid[] = {0x55, 0x1d, 0x0f}; + +// From RFC 5280: +// +// id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } +// +// In dotted notation: 2.5.29.17 +inline constexpr uint8_t kSubjectAltNameOid[] = {0x55, 0x1d, 0x11}; + +// From RFC 5280: +// +// id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } +// +// In dotted notation: 2.5.29.19 +inline constexpr uint8_t kBasicConstraintsOid[] = {0x55, 0x1d, 0x13}; + +// From RFC 5280: +// +// id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } +// +// In dotted notation: 2.5.29.30 +inline constexpr uint8_t kNameConstraintsOid[] = {0x55, 0x1d, 0x1e}; + +// From RFC 5280: +// +// id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } +// +// In dotted notation: 2.5.29.32 +inline constexpr uint8_t kCertificatePoliciesOid[] = {0x55, 0x1d, 0x20}; + +// From RFC 5280: +// +// id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } +// +// In dotted notation: 2.5.29.35 +inline constexpr uint8_t kAuthorityKeyIdentifierOid[] = {0x55, 0x1d, 0x23}; + +// From RFC 5280: +// +// id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } +// +// In dotted notation: 2.5.29.36 +inline constexpr uint8_t kPolicyConstraintsOid[] = {0x55, 0x1d, 0x24}; + +// From RFC 5280: +// +// id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } +// +// In dotted notation: 2.5.29.37 +inline constexpr uint8_t kExtKeyUsageOid[] = {0x55, 0x1d, 0x25}; + +// From RFC 5280: +// +// id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } +// +// In dotted notation: 1.3.6.1.5.5.7.1.1 +inline constexpr uint8_t kAuthorityInfoAccessOid[] = {0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01}; + +// From RFC 5280: +// +// id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +// +// In dotted notation: 1.3.6.1.5.5.7.48.2 +inline constexpr uint8_t kAdCaIssuersOid[] = {0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x02}; + +// From RFC 5280: +// +// id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +// +// In dotted notation: 1.3.6.1.5.5.7.48.1 +inline constexpr uint8_t kAdOcspOid[] = {0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x01}; + +// From RFC 5280: +// +// id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } +// +// In dotted notation: 2.5.29.31 +inline constexpr uint8_t kCrlDistributionPointsOid[] = {0x55, 0x1d, 0x1f}; + +// From +// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/supported-extensions#msapplicationpolicies +// +// OID: XCN_OID_APPLICATION_CERT_POLICIES (1.3.6.1.4.1.311.21.10) +inline constexpr uint8_t kMSApplicationPoliciesOid[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x0a}; + +// Parses the Extensions sequence as defined by RFC 5280. Extensions are added +// to the map |extensions| keyed by the OID. Parsing guarantees that each OID +// is unique. Note that certificate verification must consume each extension +// marked as critical. +// +// Returns true on success and fills |extensions|. The output will reference +// bytes in |extensions_tlv|, so that data must be kept alive. +// On failure |extensions| may be partially written to and should not be used. +[[nodiscard]] OPENSSL_EXPORT bool ParseExtensions( + const der::Input& extensions_tlv, + std::map* extensions); + +// Removes the extension with OID |oid| from |unconsumed_extensions| and fills +// |extension| with the matching extension value. If there was no extension +// matching |oid| then returns |false|. +[[nodiscard]] OPENSSL_EXPORT bool ConsumeExtension( + const der::Input& oid, + std::map* unconsumed_extensions, + ParsedExtension* extension); + +struct ParsedBasicConstraints { + bool is_ca = false; + bool has_path_len = false; + uint8_t path_len = 0; +}; + +// Parses the BasicConstraints extension as defined by RFC 5280: +// +// BasicConstraints ::= SEQUENCE { +// cA BOOLEAN DEFAULT FALSE, +// pathLenConstraint INTEGER (0..MAX) OPTIONAL } +// +// The maximum allowed value of pathLenConstraints will be whatever can fit +// into a uint8_t. +[[nodiscard]] OPENSSL_EXPORT bool ParseBasicConstraints( + const der::Input& basic_constraints_tlv, + ParsedBasicConstraints* out); + +// KeyUsageBit contains the index for a particular key usage. The index is +// measured from the most significant bit of a bit string. +// +// From RFC 5280 section 4.2.1.3: +// +// KeyUsage ::= BIT STRING { +// digitalSignature (0), +// nonRepudiation (1), -- recent editions of X.509 have +// -- renamed this bit to contentCommitment +// keyEncipherment (2), +// dataEncipherment (3), +// keyAgreement (4), +// keyCertSign (5), +// cRLSign (6), +// encipherOnly (7), +// decipherOnly (8) } +enum KeyUsageBit { + KEY_USAGE_BIT_DIGITAL_SIGNATURE = 0, + KEY_USAGE_BIT_NON_REPUDIATION = 1, + KEY_USAGE_BIT_KEY_ENCIPHERMENT = 2, + KEY_USAGE_BIT_DATA_ENCIPHERMENT = 3, + KEY_USAGE_BIT_KEY_AGREEMENT = 4, + KEY_USAGE_BIT_KEY_CERT_SIGN = 5, + KEY_USAGE_BIT_CRL_SIGN = 6, + KEY_USAGE_BIT_ENCIPHER_ONLY = 7, + KEY_USAGE_BIT_DECIPHER_ONLY = 8, +}; + +// Parses the KeyUsage extension as defined by RFC 5280. Returns true on +// success, and |key_usage| will alias data in |key_usage_tlv|. On failure +// returns false, and |key_usage| may have been modified. +// +// In addition to validating that key_usage_tlv is a BIT STRING, this does +// additional KeyUsage specific validations such as requiring at least 1 bit to +// be set. +// +// To test if a particular key usage is set, call, e.g.: +// key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); +[[nodiscard]] OPENSSL_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, + der::BitString* key_usage); + +struct AuthorityInfoAccessDescription { + // The accessMethod DER OID value. + der::Input access_method_oid; + // The accessLocation DER TLV. + der::Input access_location; +}; +// Parses the Authority Information Access extension defined by RFC 5280. +// Returns true on success, and |out_access_descriptions| will alias data +// in |authority_info_access_tlv|.On failure returns false, and +// out_access_descriptions may have been partially filled. +// +// No validation is performed on the contents of the +// AuthorityInfoAccessDescription fields. +[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityInfoAccess( + const der::Input& authority_info_access_tlv, + std::vector* out_access_descriptions); + +// Parses the Authority Information Access extension defined by RFC 5280, +// extracting the caIssuers URIs and OCSP URIs. +// +// Returns true on success, and |out_ca_issuers_uris| and |out_ocsp_uris| will +// alias data in |authority_info_access_tlv|. On failure returns false, and +// |out_ca_issuers_uris| and |out_ocsp_uris| may have been partially filled. +// +// |out_ca_issuers_uris| is filled with the accessLocations of type +// uniformResourceIdentifier for the accessMethod id-ad-caIssuers. +// |out_ocsp_uris| is filled with the accessLocations of type +// uniformResourceIdentifier for the accessMethod id-ad-ocsp. +// +// The values in |out_ca_issuers_uris| and |out_ocsp_uris| are checked to be +// IA5String (ASCII strings), but no other validation is performed on them. +// +// accessMethods other than id-ad-caIssuers and id-ad-ocsp are silently ignored. +// accessLocation types other than uniformResourceIdentifier are silently +// ignored. +[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityInfoAccessURIs( + const der::Input& authority_info_access_tlv, + std::vector* out_ca_issuers_uris, + std::vector* out_ocsp_uris); + +// ParsedDistributionPoint represents a parsed DistributionPoint from RFC 5280. +// +// DistributionPoint ::= SEQUENCE { +// distributionPoint [0] DistributionPointName OPTIONAL, +// reasons [1] ReasonFlags OPTIONAL, +// cRLIssuer [2] GeneralNames OPTIONAL } +struct OPENSSL_EXPORT ParsedDistributionPoint { + ParsedDistributionPoint(); + ParsedDistributionPoint(ParsedDistributionPoint&& other); + ~ParsedDistributionPoint(); + + // The parsed fullName, if distributionPoint was present and was a fullName. + std::unique_ptr distribution_point_fullname; + + // If present, the DER encoded value of the nameRelativeToCRLIssuer field. + // This should be a RelativeDistinguishedName, but the parser does not + // validate it. + std::optional distribution_point_name_relative_to_crl_issuer; + + // If present, the DER encoded value of the reasons field. This should be a + // ReasonFlags bitString, but the parser does not validate it. + std::optional reasons; + + // If present, the DER encoded value of the cRLIssuer field. This should be a + // GeneralNames, but the parser does not validate it. + std::optional crl_issuer; +}; + +// Parses the value of a CRL Distribution Points extension (sequence of +// DistributionPoint). Return true on success, and fills |distribution_points| +// with values that reference data in |distribution_points_tlv|. +[[nodiscard]] OPENSSL_EXPORT bool ParseCrlDistributionPoints( + const der::Input& distribution_points_tlv, + std::vector* distribution_points); + +// Represents the AuthorityKeyIdentifier extension defined by RFC 5280 section +// 4.2.1.1. +// +// AuthorityKeyIdentifier ::= SEQUENCE { +// keyIdentifier [0] KeyIdentifier OPTIONAL, +// authorityCertIssuer [1] GeneralNames OPTIONAL, +// authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } +// +// KeyIdentifier ::= OCTET STRING +struct OPENSSL_EXPORT ParsedAuthorityKeyIdentifier { + ParsedAuthorityKeyIdentifier(); + ~ParsedAuthorityKeyIdentifier(); + ParsedAuthorityKeyIdentifier(ParsedAuthorityKeyIdentifier&& other); + ParsedAuthorityKeyIdentifier& operator=(ParsedAuthorityKeyIdentifier&& other); + + // The keyIdentifier, which is an OCTET STRING. + std::optional key_identifier; + + // The authorityCertIssuer, which should be a GeneralNames, but this is not + // enforced by ParseAuthorityKeyIdentifier. + std::optional authority_cert_issuer; + + // The DER authorityCertSerialNumber, which should be a + // CertificateSerialNumber (an INTEGER) but this is not enforced by + // ParseAuthorityKeyIdentifier. + std::optional authority_cert_serial_number; +}; + +// Parses the value of an authorityKeyIdentifier extension. Returns true on +// success and fills |authority_key_identifier| with values that reference data +// in |extension_value|. On failure the state of |authority_key_identifier| is +// not guaranteed. +[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityKeyIdentifier( + const der::Input& extension_value, + ParsedAuthorityKeyIdentifier* authority_key_identifier); + +// Parses the value of a subjectKeyIdentifier extension. Returns true on +// success and |subject_key_identifier| references data in |extension_value|. +// On failure the state of |subject_key_identifier| is not guaranteed. +[[nodiscard]] OPENSSL_EXPORT bool ParseSubjectKeyIdentifier( + const der::Input& extension_value, + der::Input* subject_key_identifier); + +} // namespace net + +#endif // BSSL_PKI_PARSE_CERTIFICATE_H_ diff --git a/pki/parse_certificate_fuzzer.cc b/pki/parse_certificate_fuzzer.cc new file mode 100644 index 0000000000..6a26d25903 --- /dev/null +++ b/pki/parse_certificate_fuzzer.cc @@ -0,0 +1,25 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "cert_errors.h" +#include "parsed_certificate.h" +#include "fillins/x509_util.h" +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::CertErrors errors; + std::shared_ptr cert = + ParsedCertificate::Create( + x509_util::CreateCryptoBuffer(bssl::MakeSpan(data, size)), {}, + &errors); + + // Severe errors must be provided iff the parsing failed. + CHECK_EQ(errors.ContainsAnyErrorWithSeverity(net::CertError::SEVERITY_HIGH), + cert == nullptr); + + return 0; +} diff --git a/pki/parse_certificate_unittest.cc b/pki/parse_certificate_unittest.cc new file mode 100644 index 0000000000..196d401dab --- /dev/null +++ b/pki/parse_certificate_unittest.cc @@ -0,0 +1,1176 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parse_certificate.h" + +#include "cert_errors.h" +#include "general_names.h" +#include "parsed_certificate.h" +#include "test_helpers.h" +#include "input.h" +#include +#include + +namespace bssl { + +namespace { + +// Pretty-prints a GeneralizedTime as a human-readable string for use in test +// expectations (it is more readable to specify the expected results as a +// string). +std::string ToString(const der::GeneralizedTime& time) { + std::ostringstream pretty_time; + pretty_time << "year=" << int{time.year} << ", month=" << int{time.month} + << ", day=" << int{time.day} << ", hours=" << int{time.hours} + << ", minutes=" << int{time.minutes} + << ", seconds=" << int{time.seconds}; + return pretty_time.str(); +} + +std::string GetFilePath(const std::string& file_name) { + return std::string("testdata/parse_certificate_unittest/") + file_name; +} + +// Loads certificate data and expectations from the PEM file |file_name|. +// Verifies that parsing the Certificate matches expectations: +// * If expected to fail, emits the expected errors +// * If expected to succeeds, the parsed fields match expectations +void RunCertificateTest(const std::string& file_name) { + std::string data; + std::string expected_errors; + std::string expected_tbs_certificate; + std::string expected_signature_algorithm; + std::string expected_signature; + + // Read the certificate data and test expectations from a single PEM file. + const PemBlockMapping mappings[] = { + {"CERTIFICATE", &data}, + {"ERRORS", &expected_errors, true /*optional*/}, + {"SIGNATURE", &expected_signature, true /*optional*/}, + {"SIGNATURE ALGORITHM", &expected_signature_algorithm, true /*optional*/}, + {"TBS CERTIFICATE", &expected_tbs_certificate, true /*optional*/}, + }; + std::string test_file_path = GetFilePath(file_name); + ASSERT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); + + // Note that empty expected_errors doesn't necessarily mean success. + bool expected_result = !expected_tbs_certificate.empty(); + + // Parsing the certificate. + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + CertErrors errors; + bool actual_result = + ParseCertificate(der::Input(&data), &tbs_certificate_tlv, + &signature_algorithm_tlv, &signature_value, &errors); + + EXPECT_EQ(expected_result, actual_result); + VerifyCertErrors(expected_errors, errors, test_file_path); + + // Ensure that the parsed certificate matches expectations. + if (expected_result && actual_result) { + EXPECT_EQ(0, signature_value.unused_bits()); + EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes()); + EXPECT_EQ(der::Input(&expected_signature_algorithm), + signature_algorithm_tlv); + EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv); + } +} + +// Tests parsing a Certificate. +TEST(ParseCertificateTest, Version3) { + RunCertificateTest("cert_version3.pem"); +} + +// Tests parsing a simplified Certificate-like structure (the sub-fields for +// algorithm and tbsCertificate are not actually valid, but ParseCertificate() +// doesn't check them) +TEST(ParseCertificateTest, Skeleton) { + RunCertificateTest("cert_skeleton.pem"); +} + +// Tests parsing a Certificate that is not a sequence fails. +TEST(ParseCertificateTest, NotSequence) { + RunCertificateTest("cert_not_sequence.pem"); +} + +// Tests that uncomsumed data is not allowed after the main SEQUENCE. +TEST(ParseCertificateTest, DataAfterSignature) { + RunCertificateTest("cert_data_after_signature.pem"); +} + +// Tests that parsing fails if the signature BIT STRING is missing. +TEST(ParseCertificateTest, MissingSignature) { + RunCertificateTest("cert_missing_signature.pem"); +} + +// Tests that parsing fails if the signature is present but not a BIT STRING. +TEST(ParseCertificateTest, SignatureNotBitString) { + RunCertificateTest("cert_signature_not_bit_string.pem"); +} + +// Tests that parsing fails if the main SEQUENCE is empty (missing all the +// fields). +TEST(ParseCertificateTest, EmptySequence) { + RunCertificateTest("cert_empty_sequence.pem"); +} + +// Tests what happens when the signature algorithm is present, but has the wrong +// tag. +TEST(ParseCertificateTest, AlgorithmNotSequence) { + RunCertificateTest("cert_algorithm_not_sequence.pem"); +} + +// Loads tbsCertificate data and expectations from the PEM file |file_name|. +// Verifies that parsing the TBSCertificate succeeds, and each parsed field +// matches the expectations. +// +// TODO(eroman): Get rid of the |expected_version| parameter -- this should be +// encoded in the test expectations file. +void RunTbsCertificateTestGivenVersion(const std::string& file_name, + CertificateVersion expected_version) { + std::string data; + std::string expected_serial_number; + std::string expected_signature_algorithm; + std::string expected_issuer; + std::string expected_validity_not_before; + std::string expected_validity_not_after; + std::string expected_subject; + std::string expected_spki; + std::string expected_issuer_unique_id; + std::string expected_subject_unique_id; + std::string expected_extensions; + std::string expected_errors; + + // Read the certificate data and test expectations from a single PEM file. + const PemBlockMapping mappings[] = { + {"TBS CERTIFICATE", &data}, + {"SIGNATURE ALGORITHM", &expected_signature_algorithm, true}, + {"SERIAL NUMBER", &expected_serial_number, true}, + {"ISSUER", &expected_issuer, true}, + {"VALIDITY NOTBEFORE", &expected_validity_not_before, true}, + {"VALIDITY NOTAFTER", &expected_validity_not_after, true}, + {"SUBJECT", &expected_subject, true}, + {"SPKI", &expected_spki, true}, + {"ISSUER UNIQUE ID", &expected_issuer_unique_id, true}, + {"SUBJECT UNIQUE ID", &expected_subject_unique_id, true}, + {"EXTENSIONS", &expected_extensions, true}, + {"ERRORS", &expected_errors, true}, + }; + std::string test_file_path = GetFilePath(file_name); + ASSERT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); + + bool expected_result = !expected_spki.empty(); + + ParsedTbsCertificate parsed; + CertErrors errors; + bool actual_result = + ParseTbsCertificate(der::Input(&data), {}, &parsed, &errors); + + EXPECT_EQ(expected_result, actual_result); + VerifyCertErrors(expected_errors, errors, test_file_path); + + if (!expected_result || !actual_result) + return; + + // Ensure that the ParsedTbsCertificate matches expectations. + EXPECT_EQ(expected_version, parsed.version); + + EXPECT_EQ(der::Input(&expected_serial_number), parsed.serial_number); + EXPECT_EQ(der::Input(&expected_signature_algorithm), + parsed.signature_algorithm_tlv); + + EXPECT_EQ(der::Input(&expected_issuer), parsed.issuer_tlv); + + // In the test expectations PEM file, validity is described as a + // textual string of the parsed value (rather than as DER). + EXPECT_EQ(expected_validity_not_before, ToString(parsed.validity_not_before)); + EXPECT_EQ(expected_validity_not_after, ToString(parsed.validity_not_after)); + + EXPECT_EQ(der::Input(&expected_subject), parsed.subject_tlv); + EXPECT_EQ(der::Input(&expected_spki), parsed.spki_tlv); + + EXPECT_EQ(!expected_issuer_unique_id.empty(), + parsed.issuer_unique_id.has_value()); + if (parsed.issuer_unique_id.has_value()) { + EXPECT_EQ(der::Input(&expected_issuer_unique_id), + parsed.issuer_unique_id->bytes()); + } + EXPECT_EQ(!expected_subject_unique_id.empty(), + parsed.subject_unique_id.has_value()); + if (parsed.subject_unique_id.has_value()) { + EXPECT_EQ(der::Input(&expected_subject_unique_id), + parsed.subject_unique_id->bytes()); + } + + EXPECT_EQ(!expected_extensions.empty(), parsed.extensions_tlv.has_value()); + if (parsed.extensions_tlv) { + EXPECT_EQ(der::Input(&expected_extensions), parsed.extensions_tlv.value()); + } +} + +void RunTbsCertificateTest(const std::string& file_name) { + RunTbsCertificateTestGivenVersion(file_name, CertificateVersion::V3); +} + +// Tests parsing a TBSCertificate for v3 that contains no optional fields. +TEST(ParseTbsCertificateTest, Version3NoOptionals) { + RunTbsCertificateTest("tbs_v3_no_optionals.pem"); +} + +// Tests parsing a TBSCertificate for v3 that contains extensions. +TEST(ParseTbsCertificateTest, Version3WithExtensions) { + RunTbsCertificateTest("tbs_v3_extensions.pem"); +} + +// Tests parsing a TBSCertificate which lacks a version number (causing it to +// default to v1). +TEST(ParseTbsCertificateTest, Version1) { + RunTbsCertificateTestGivenVersion("tbs_v1.pem", CertificateVersion::V1); +} + +// The version was set to v1 explicitly rather than omitting the version field. +TEST(ParseTbsCertificateTest, ExplicitVersion1) { + RunTbsCertificateTest("tbs_explicit_v1.pem"); +} + +// Extensions are not defined in version 1. +TEST(ParseTbsCertificateTest, Version1WithExtensions) { + RunTbsCertificateTest("tbs_v1_extensions.pem"); +} + +// Extensions are not defined in version 2. +TEST(ParseTbsCertificateTest, Version2WithExtensions) { + RunTbsCertificateTest("tbs_v2_extensions.pem"); +} + +// A boring version 2 certificate with none of the optional fields. +TEST(ParseTbsCertificateTest, Version2NoOptionals) { + RunTbsCertificateTestGivenVersion("tbs_v2_no_optionals.pem", + CertificateVersion::V2); +} + +// A version 2 certificate with an issuer unique ID field. +TEST(ParseTbsCertificateTest, Version2IssuerUniqueId) { + RunTbsCertificateTestGivenVersion("tbs_v2_issuer_unique_id.pem", + CertificateVersion::V2); +} + +// A version 2 certificate with both a issuer and subject unique ID field. +TEST(ParseTbsCertificateTest, Version2IssuerAndSubjectUniqueId) { + RunTbsCertificateTestGivenVersion("tbs_v2_issuer_and_subject_unique_id.pem", + CertificateVersion::V2); +} + +// A version 3 certificate with all of the optional fields (issuer unique id, +// subject unique id, and extensions). +TEST(ParseTbsCertificateTest, Version3AllOptionals) { + RunTbsCertificateTest("tbs_v3_all_optionals.pem"); +} + +// The version was set to v4, which is unrecognized. +TEST(ParseTbsCertificateTest, Version4) { + RunTbsCertificateTest("tbs_v4.pem"); +} + +// Tests that extraneous data after extensions in a v3 is rejected. +TEST(ParseTbsCertificateTest, Version3DataAfterExtensions) { + RunTbsCertificateTest("tbs_v3_data_after_extensions.pem"); +} + +// Tests using a real-world certificate (whereas the other tests are fabricated +// (and in fact invalid) data. +TEST(ParseTbsCertificateTest, Version3Real) { + RunTbsCertificateTest("tbs_v3_real.pem"); +} + +// Parses a TBSCertificate whose "validity" field expresses both notBefore +// and notAfter using UTCTime. +TEST(ParseTbsCertificateTest, ValidityBothUtcTime) { + RunTbsCertificateTest("tbs_validity_both_utc_time.pem"); +} + +// Parses a TBSCertificate whose "validity" field expresses both notBefore +// and notAfter using GeneralizedTime. +TEST(ParseTbsCertificateTest, ValidityBothGeneralizedTime) { + RunTbsCertificateTest("tbs_validity_both_generalized_time.pem"); +} + +// Parses a TBSCertificate whose "validity" field expresses notBefore using +// UTCTime and notAfter using GeneralizedTime. +TEST(ParseTbsCertificateTest, ValidityUTCTimeAndGeneralizedTime) { + RunTbsCertificateTest("tbs_validity_utc_time_and_generalized_time.pem"); +} + +// Parses a TBSCertificate whose validity" field expresses notBefore using +// GeneralizedTime and notAfter using UTCTime. Also of interest, notBefore > +// notAfter. Parsing will succeed, however no time can satisfy this constraint. +TEST(ParseTbsCertificateTest, ValidityGeneralizedTimeAndUTCTime) { + RunTbsCertificateTest("tbs_validity_generalized_time_and_utc_time.pem"); +} + +// Parses a TBSCertificate whose "validity" field does not strictly follow +// the DER rules (and fails to be parsed). +TEST(ParseTbsCertificateTest, ValidityRelaxed) { + RunTbsCertificateTest("tbs_validity_relaxed.pem"); +} + +// Parses a KeyUsage with a single 0 bit. +TEST(ParseKeyUsageTest, OneBitAllZeros) { + const uint8_t der[] = { + 0x03, 0x02, // BIT STRING + 0x07, // Number of unused bits + 0x00, // bits + }; + + der::BitString key_usage; + ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); +} + +// Parses a KeyUsage with 32 bits that are all 0. +TEST(ParseKeyUsageTest, 32BitsAllZeros) { + const uint8_t der[] = { + 0x03, 0x05, // BIT STRING + 0x00, // Number of unused bits + 0x00, 0x00, 0x00, 0x00, + }; + + der::BitString key_usage; + ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); +} + +// Parses a KeyUsage with 32 bits, one of which is 1 (but not in recognized +// set). +TEST(ParseKeyUsageTest, 32BitsOneSet) { + const uint8_t der[] = { + 0x03, 0x05, // BIT STRING + 0x00, // Number of unused bits + 0x00, 0x00, 0x00, 0x02, + }; + + der::BitString key_usage; + ASSERT_TRUE(ParseKeyUsage(der::Input(der), &key_usage)); + + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_NON_REPUDIATION)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DATA_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_AGREEMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_CRL_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_ENCIPHER_ONLY)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DECIPHER_ONLY)); +} + +// Parses a KeyUsage containing bit string 101. +TEST(ParseKeyUsageTest, ThreeBits) { + const uint8_t der[] = { + 0x03, 0x02, // BIT STRING + 0x05, // Number of unused bits + 0xA0, // bits + }; + + der::BitString key_usage; + ASSERT_TRUE(ParseKeyUsage(der::Input(der), &key_usage)); + + EXPECT_TRUE(key_usage.AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_NON_REPUDIATION)); + EXPECT_TRUE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DATA_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_AGREEMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_CRL_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_ENCIPHER_ONLY)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DECIPHER_ONLY)); +} + +// Parses a KeyUsage containing DECIPHER_ONLY, which is the +// only bit that doesn't fit in the first byte. +TEST(ParseKeyUsageTest, DecipherOnly) { + const uint8_t der[] = { + 0x03, 0x03, // BIT STRING + 0x07, // Number of unused bits + 0x00, 0x80, // bits + }; + + der::BitString key_usage; + ASSERT_TRUE(ParseKeyUsage(der::Input(der), &key_usage)); + + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_NON_REPUDIATION)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_DATA_ENCIPHERMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_AGREEMENT)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_CRL_SIGN)); + EXPECT_FALSE(key_usage.AssertsBit(KEY_USAGE_BIT_ENCIPHER_ONLY)); + EXPECT_TRUE(key_usage.AssertsBit(KEY_USAGE_BIT_DECIPHER_ONLY)); +} + +// Parses an empty KeyUsage. +TEST(ParseKeyUsageTest, Empty) { + const uint8_t der[] = { + 0x03, 0x01, // BIT STRING + 0x00, // Number of unused bits + }; + + der::BitString key_usage; + ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); +} + +TEST(ParseAuthorityInfoAccess, BasicTests) { + // SEQUENCE { + // SEQUENCE { + // # ocsp with directoryName + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.1 } + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "ocsp" } + // } + // } + // } + // } + // } + // SEQUENCE { + // # caIssuers with directoryName + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.2 } + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "ca issuer" } + // } + // } + // } + // } + // } + // SEQUENCE { + // # non-standard method with URI + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.3 } + // [6 PRIMITIVE] { "http://nonstandard.example.com" } + // } + // SEQUENCE { + // # ocsp with URI + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.1 } + // [6 PRIMITIVE] { "http://ocsp.example.com" } + // } + // SEQUENCE { + // # caIssuers with URI + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.2 } + // [6 PRIMITIVE] { "http://www.example.com/issuer.crt" } + // } + // } + const uint8_t der[] = { + 0x30, 0x81, 0xc3, 0x30, 0x1d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x30, 0x01, 0xa4, 0x11, 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x30, 0x22, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0xa4, 0x16, + 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x09, 0x63, 0x61, 0x20, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x30, 0x2a, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x03, 0x86, 0x1e, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6e, 0x6f, 0x6e, 0x73, 0x74, + 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x2d, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x21, 0x68, 0x74, 0x74, + 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x73, 0x73, 0x75, + 0x65, 0x72, 0x2e, 0x63, 0x72, 0x74}; + + std::vector access_descriptions; + ASSERT_TRUE(ParseAuthorityInfoAccess(der::Input(der), &access_descriptions)); + ASSERT_EQ(5u, access_descriptions.size()); + { + const auto& desc = access_descriptions[0]; + EXPECT_EQ(der::Input(kAdOcspOid), desc.access_method_oid); + const uint8_t location_der[] = {0xa4, 0x11, 0x30, 0x0f, 0x31, 0x0d, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x04, 0x6f, 0x63, 0x73, 0x70}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + } + { + const auto& desc = access_descriptions[1]; + EXPECT_EQ(der::Input(kAdCaIssuersOid), desc.access_method_oid); + const uint8_t location_der[] = { + 0xa4, 0x16, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x09, 0x63, 0x61, 0x20, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + } + { + const auto& desc = access_descriptions[2]; + const uint8_t method_oid[] = {0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x03}; + EXPECT_EQ(der::Input(method_oid), desc.access_method_oid); + const uint8_t location_der[] = { + 0x86, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6e, 0x6f, + 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + } + { + const auto& desc = access_descriptions[3]; + EXPECT_EQ(der::Input(kAdOcspOid), desc.access_method_oid); + const uint8_t location_der[] = {0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, + 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x2e, 0x63, 0x6f, 0x6d}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + } + { + const auto& desc = access_descriptions[4]; + EXPECT_EQ(der::Input(kAdCaIssuersOid), desc.access_method_oid); + const uint8_t location_der[] = { + 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x2e, 0x63, 0x72, 0x74}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + } + + std::vector ca_issuers_uris, ocsp_uris; + ASSERT_TRUE(ParseAuthorityInfoAccessURIs(der::Input(der), &ca_issuers_uris, + &ocsp_uris)); + ASSERT_EQ(1u, ca_issuers_uris.size()); + EXPECT_EQ("http://www.example.com/issuer.crt", ca_issuers_uris.front()); + ASSERT_EQ(1u, ocsp_uris.size()); + EXPECT_EQ("http://ocsp.example.com", ocsp_uris.front()); +} + +TEST(ParseAuthorityInfoAccess, NoOcspOrCaIssuersURIs) { + // SEQUENCE { + // SEQUENCE { + // # non-standard method with directoryName + // OBJECT_IDENTIFIER { 1.2.3 } + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "foo" } + // } + // } + // } + // } + // } + // } + const uint8_t der[] = {0x30, 0x18, 0x30, 0x16, 0x06, 0x02, 0x2a, 0x03, 0xa4, + 0x10, 0x30, 0x0e, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x03, 0x66, 0x6f, 0x6f}; + + std::vector access_descriptions; + ASSERT_TRUE(ParseAuthorityInfoAccess(der::Input(der), &access_descriptions)); + ASSERT_EQ(1u, access_descriptions.size()); + const auto& desc = access_descriptions[0]; + const uint8_t method_oid[] = {0x2a, 0x03}; + EXPECT_EQ(der::Input(method_oid), desc.access_method_oid); + const uint8_t location_der[] = {0xa4, 0x10, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x03, 0x66, 0x6f, 0x6f}; + EXPECT_EQ(der::Input(location_der), desc.access_location); + + std::vector ca_issuers_uris, ocsp_uris; + // ParseAuthorityInfoAccessURIs should still return success since it was a + // valid AuthorityInfoAccess extension, even though it did not contain any + // elements we care about, and both output vectors should be empty. + ASSERT_TRUE(ParseAuthorityInfoAccessURIs(der::Input(der), &ca_issuers_uris, + &ocsp_uris)); + EXPECT_EQ(0u, ca_issuers_uris.size()); + EXPECT_EQ(0u, ocsp_uris.size()); +} + +TEST(ParseAuthorityInfoAccess, IncompleteAccessDescription) { + // SEQUENCE { + // # first entry is ok + // SEQUENCE { + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.1 } + // [6 PRIMITIVE] { "http://ocsp.example.com" } + // } + // # second is missing accessLocation field + // SEQUENCE { + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.2 } + // } + // } + const uint8_t der[] = {0x30, 0x31, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x30, 0x02}; + + std::vector access_descriptions; + EXPECT_FALSE(ParseAuthorityInfoAccess(der::Input(der), &access_descriptions)); + + std::vector ca_issuers_uris, ocsp_uris; + EXPECT_FALSE(ParseAuthorityInfoAccessURIs(der::Input(der), &ca_issuers_uris, + &ocsp_uris)); +} + +TEST(ParseAuthorityInfoAccess, ExtraDataInAccessDescription) { + // SEQUENCE { + // SEQUENCE { + // OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.1 } + // [6 PRIMITIVE] { "http://ocsp.example.com" } + // # invalid, AccessDescription only has 2 fields + // PrintableString { "henlo" } + // } + // } + const uint8_t der[] = { + 0x30, 0x2c, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, + 0x63, 0x73, 0x70, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x13, 0x05, 0x68, 0x65, 0x6e, 0x6c, 0x6f}; + + std::vector access_descriptions; + EXPECT_FALSE(ParseAuthorityInfoAccess(der::Input(der), &access_descriptions)); + + std::vector ca_issuers_uris, ocsp_uris; + EXPECT_FALSE(ParseAuthorityInfoAccessURIs(der::Input(der), &ca_issuers_uris, + &ocsp_uris)); +} + +TEST(ParseAuthorityInfoAccess, EmptySequence) { + // SEQUENCE { } + const uint8_t der[] = {0x30, 0x00}; + + std::vector access_descriptions; + EXPECT_FALSE(ParseAuthorityInfoAccess(der::Input(der), &access_descriptions)); + + std::vector ca_issuers_uris, ocsp_uris; + EXPECT_FALSE(ParseAuthorityInfoAccessURIs(der::Input(der), &ca_issuers_uris, + &ocsp_uris)); +} + +// Test fixture for testing ParseCrlDistributionPoints. +// +// Test data is encoded in certificate files. This fixture is responsible for +// reading and parsing the certificates to get at the extension under test. +class ParseCrlDistributionPointsTest : public ::testing::Test { + public: + protected: + bool GetCrlDps(const char* file_name, + std::vector* dps) { + std::string cert_bytes; + // Read the test certificate file. + const PemBlockMapping mappings[] = { + {"CERTIFICATE", &cert_bytes}, + }; + std::string test_file_path = GetFilePath(file_name); + EXPECT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); + + // Extract the CRLDP from the test Certificate. + CertErrors errors; + std::shared_ptr cert = ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(cert_bytes.data()), + cert_bytes.size(), nullptr)), + {}, &errors); + + if (!cert) + return false; + + auto it = cert->extensions().find(der::Input(kCrlDistributionPointsOid)); + if (it == cert->extensions().end()) + return false; + + der::Input crl_dp_tlv = it->second.value; + + // Keep the certificate data alive, since this function will return + // der::Inputs that reference it. Run the function under test (for parsing + // + // TODO(eroman): The use of ParsedCertificate in this test should be removed + // in lieu of lazy parsing. + keep_alive_certs_.push_back(cert); + + return ParseCrlDistributionPoints(crl_dp_tlv, dps); + } + + private: + ParsedCertificateList keep_alive_certs_; +}; + +TEST_F(ParseCrlDistributionPointsTest, OneUriNoIssuer) { + std::vector dps; + ASSERT_TRUE(GetCrlDps("crldp_1uri_noissuer.pem", &dps)); + + ASSERT_EQ(1u, dps.size()); + const ParsedDistributionPoint& dp1 = dps.front(); + + ASSERT_TRUE(dp1.distribution_point_fullname); + const GeneralNames& fullname = *dp1.distribution_point_fullname; + EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER, + fullname.present_name_types); + ASSERT_EQ(1u, fullname.uniform_resource_identifiers.size()); + EXPECT_EQ(fullname.uniform_resource_identifiers.front(), + std::string("http://www.example.com/foo.crl")); + + EXPECT_FALSE(dp1.distribution_point_name_relative_to_crl_issuer); + EXPECT_FALSE(dp1.reasons); + EXPECT_FALSE(dp1.crl_issuer); +} + +TEST_F(ParseCrlDistributionPointsTest, ThreeUrisNoIssuer) { + std::vector dps; + ASSERT_TRUE(GetCrlDps("crldp_3uri_noissuer.pem", &dps)); + + ASSERT_EQ(1u, dps.size()); + const ParsedDistributionPoint& dp1 = dps.front(); + + ASSERT_TRUE(dp1.distribution_point_fullname); + const GeneralNames& fullname = *dp1.distribution_point_fullname; + EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER, + fullname.present_name_types); + ASSERT_EQ(3u, fullname.uniform_resource_identifiers.size()); + EXPECT_EQ(fullname.uniform_resource_identifiers[0], + std::string("http://www.example.com/foo1.crl")); + EXPECT_EQ(fullname.uniform_resource_identifiers[1], + std::string("http://www.example.com/blah.crl")); + EXPECT_EQ(fullname.uniform_resource_identifiers[2], + std::string("not-even-a-url")); + + EXPECT_FALSE(dp1.distribution_point_name_relative_to_crl_issuer); + EXPECT_FALSE(dp1.reasons); + EXPECT_FALSE(dp1.crl_issuer); +} + +TEST_F(ParseCrlDistributionPointsTest, CrlIssuerAsDirname) { + std::vector dps; + ASSERT_TRUE(GetCrlDps("crldp_issuer_as_dirname.pem", &dps)); + + ASSERT_EQ(1u, dps.size()); + const ParsedDistributionPoint& dp1 = dps.front(); + ASSERT_TRUE(dp1.distribution_point_fullname); + const GeneralNames& fullname = *dp1.distribution_point_fullname; + EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, fullname.present_name_types); + // Generated by `ascii2der | xxd -i` from the Name value in + // crldp_issuer_as_dirname.pem. + const uint8_t kExpectedName[] = { + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x16, + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x73, 0x20, 0x32, 0x30, 0x31, 0x31, 0x31, 0x22, + 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x19, 0x69, 0x6e, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, 0x52, 0x4c, 0x20, 0x43, 0x41, 0x33, + 0x20, 0x63, 0x52, 0x4c, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x31, 0x29, + 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x69, 0x6e, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x20, 0x43, 0x52, 0x4c, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x69, 0x6e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, 0x52, + 0x4c, 0x20, 0x43, 0x41, 0x33}; + ASSERT_EQ(1u, fullname.directory_names.size()); + EXPECT_EQ(der::Input(kExpectedName), fullname.directory_names[0]); + + EXPECT_FALSE(dp1.distribution_point_name_relative_to_crl_issuer); + EXPECT_FALSE(dp1.reasons); + + ASSERT_TRUE(dp1.crl_issuer); + // Generated by `ascii2der | xxd -i` from the cRLIssuer value in + // crldp_issuer_as_dirname.pem. + const uint8_t kExpectedCrlIssuer[] = { + 0xa4, 0x54, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1f, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x16, 0x54, 0x65, 0x73, 0x74, 0x20, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x73, 0x20, 0x32, 0x30, 0x31, 0x31, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x19, 0x69, 0x6e, 0x64, 0x69, 0x72, + 0x65, 0x63, 0x74, 0x43, 0x52, 0x4c, 0x20, 0x43, 0x41, 0x33, 0x20, + 0x63, 0x52, 0x4c, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72}; + EXPECT_EQ(der::Input(kExpectedCrlIssuer), dp1.crl_issuer); +} + +TEST_F(ParseCrlDistributionPointsTest, FullnameAsDirname) { + std::vector dps; + ASSERT_TRUE(GetCrlDps("crldp_full_name_as_dirname.pem", &dps)); + + ASSERT_EQ(1u, dps.size()); + const ParsedDistributionPoint& dp1 = dps.front(); + + ASSERT_TRUE(dp1.distribution_point_fullname); + const GeneralNames& fullname = *dp1.distribution_point_fullname; + EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, fullname.present_name_types); + // Generated by `ascii2der | xxd -i` from the Name value in + // crldp_full_name_as_dirname.pem. + const uint8_t kExpectedName[] = { + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x16, + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x73, 0x20, 0x32, 0x30, 0x31, 0x31, 0x31, 0x45, + 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x53, 0x65, 0x6c, + 0x66, 0x2d, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, + 0x74, 0x20, 0x44, 0x50, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x42, 0x61, 0x73, + 0x69, 0x63, 0x20, 0x53, 0x65, 0x6c, 0x66, 0x2d, 0x49, 0x73, 0x73, 0x75, + 0x65, 0x64, 0x20, 0x43, 0x52, 0x4c, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x41}; + ASSERT_EQ(1u, fullname.directory_names.size()); + EXPECT_EQ(der::Input(kExpectedName), fullname.directory_names[0]); + + EXPECT_FALSE(dp1.distribution_point_name_relative_to_crl_issuer); + EXPECT_FALSE(dp1.reasons); + EXPECT_FALSE(dp1.crl_issuer); +} + +TEST_F(ParseCrlDistributionPointsTest, RelativeNameAndReasonsAndMultipleDPs) { + // SEQUENCE { + // SEQUENCE { + // # distributionPoint + // [0] { + // # nameRelativeToCRLIssuer + // [1] { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "CRL1" } + // } + // } + // } + // } + // # reasons + // [1 PRIMITIVE] { b`011` } + // } + // SEQUENCE { + // # distributionPoint + // [0] { + // # fullName + // [0] { + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "CRL2" } + // } + // } + // } + // } + // } + // } + // # reasons + // [1 PRIMITIVE] { b`100111111` } + // } + // } + const uint8_t kInputDer[] = { + 0x30, 0x37, 0x30, 0x17, 0xa0, 0x11, 0xa1, 0x0f, 0x31, 0x0d, 0x30, 0x0b, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x43, 0x52, 0x4c, 0x31, 0x81, + 0x02, 0x05, 0x60, 0x30, 0x1c, 0xa0, 0x15, 0xa0, 0x13, 0xa4, 0x11, 0x30, + 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, + 0x43, 0x52, 0x4c, 0x32, 0x81, 0x03, 0x07, 0x9f, 0x80}; + + std::vector dps; + ASSERT_TRUE(ParseCrlDistributionPoints(der::Input(kInputDer), &dps)); + ASSERT_EQ(2u, dps.size()); + { + const ParsedDistributionPoint& dp = dps[0]; + EXPECT_FALSE(dp.distribution_point_fullname); + + ASSERT_TRUE(dp.distribution_point_name_relative_to_crl_issuer); + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "CRL1" } + // } + // } + const uint8_t kExpectedRDN[] = {0x31, 0x0d, 0x30, 0x0b, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, + 0x04, 0x43, 0x52, 0x4c, 0x31}; + EXPECT_EQ(der::Input(kExpectedRDN), + *dp.distribution_point_name_relative_to_crl_issuer); + + ASSERT_TRUE(dp.reasons); + const uint8_t kExpectedReasons[] = {0x05, 0x60}; + EXPECT_EQ(der::Input(kExpectedReasons), *dp.reasons); + + EXPECT_FALSE(dp.crl_issuer); + } + { + const ParsedDistributionPoint& dp = dps[1]; + ASSERT_TRUE(dp.distribution_point_fullname); + const GeneralNames& fullname = *dp.distribution_point_fullname; + EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, fullname.present_name_types); + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // PrintableString { "CRL2" } + // } + // } + const uint8_t kExpectedName[] = {0x31, 0x0d, 0x30, 0x0b, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, + 0x04, 0x43, 0x52, 0x4c, 0x32}; + ASSERT_EQ(1u, fullname.directory_names.size()); + EXPECT_EQ(der::Input(kExpectedName), fullname.directory_names[0]); + + EXPECT_FALSE(dp.distribution_point_name_relative_to_crl_issuer); + + ASSERT_TRUE(dp.reasons); + const uint8_t kExpectedReasons[] = {0x07, 0x9f, 0x80}; + EXPECT_EQ(der::Input(kExpectedReasons), *dp.reasons); + + EXPECT_FALSE(dp.crl_issuer); + } +} + +TEST_F(ParseCrlDistributionPointsTest, NoDistributionPointName) { + // SEQUENCE { + // SEQUENCE { + // # cRLIssuer + // [2] { + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # organizationUnitName + // OBJECT_IDENTIFIER { 2.5.4.11 } + // PrintableString { "crl issuer" } + // } + // } + // } + // } + // } + // } + // } + const uint8_t kInputDer[] = {0x30, 0x1d, 0x30, 0x1b, 0xa2, 0x19, 0xa4, 0x17, + 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x63, 0x72, 0x6c, + 0x20, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72}; + + std::vector dps; + ASSERT_TRUE(ParseCrlDistributionPoints(der::Input(kInputDer), &dps)); + ASSERT_EQ(1u, dps.size()); + const ParsedDistributionPoint& dp = dps[0]; + EXPECT_FALSE(dp.distribution_point_fullname); + + EXPECT_FALSE(dp.distribution_point_name_relative_to_crl_issuer); + + EXPECT_FALSE(dp.reasons); + + ASSERT_TRUE(dp.crl_issuer); + const uint8_t kExpectedDer[] = {0xa4, 0x17, 0x30, 0x15, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x0a, 0x63, 0x72, 0x6c, 0x20, 0x69, 0x73, + 0x73, 0x75, 0x65, 0x72}; + EXPECT_EQ(der::Input(kExpectedDer), *dp.crl_issuer); +} + +TEST_F(ParseCrlDistributionPointsTest, OnlyReasons) { + // SEQUENCE { + // SEQUENCE { + // # reasons + // [1 PRIMITIVE] { b`011` } + // } + // } + const uint8_t kInputDer[] = {0x30, 0x06, 0x30, 0x04, 0x81, 0x02, 0x05, 0x60}; + + std::vector dps; + EXPECT_FALSE(ParseCrlDistributionPoints(der::Input(kInputDer), &dps)); +} + +TEST_F(ParseCrlDistributionPointsTest, EmptyDistributionPoint) { + // SEQUENCE { + // SEQUENCE { + // } + // } + const uint8_t kInputDer[] = {0x30, 0x02, 0x30, 0x00}; + + std::vector dps; + EXPECT_FALSE(ParseCrlDistributionPoints(der::Input(kInputDer), &dps)); +} + +TEST_F(ParseCrlDistributionPointsTest, EmptyDistributionPoints) { + // SEQUENCE { } + const uint8_t kInputDer[] = {0x30, 0x00}; + + std::vector dps; + EXPECT_FALSE(ParseCrlDistributionPoints(der::Input(kInputDer), &dps)); +} + +bool ParseAuthorityKeyIdentifierTestData( + const char* file_name, + std::string* backing_bytes, + ParsedAuthorityKeyIdentifier* authority_key_identifier) { + // Read the test file. + const PemBlockMapping mappings[] = { + {"AUTHORITY_KEY_IDENTIFIER", backing_bytes}, + }; + std::string test_file_path = + std::string( + "testdata/parse_certificate_unittest/authority_key_identifier/") + + file_name; + EXPECT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); + + return ParseAuthorityKeyIdentifier(der::Input(backing_bytes), + authority_key_identifier); +} + +TEST(ParseAuthorityKeyIdentifierTest, EmptyInput) { + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE( + ParseAuthorityKeyIdentifier(der::Input(), &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, EmptySequence) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + // TODO(mattm): should this be an error? RFC 5280 doesn't explicitly say it. + ASSERT_TRUE(ParseAuthorityKeyIdentifierTestData( + "empty_sequence.pem", &backing_bytes, &authority_key_identifier)); + + EXPECT_FALSE(authority_key_identifier.key_identifier); + EXPECT_FALSE(authority_key_identifier.authority_cert_issuer); + EXPECT_FALSE(authority_key_identifier.authority_cert_serial_number); +} + +TEST(ParseAuthorityKeyIdentifierTest, KeyIdentifier) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + ASSERT_TRUE(ParseAuthorityKeyIdentifierTestData( + "key_identifier.pem", &backing_bytes, &authority_key_identifier)); + + ASSERT_TRUE(authority_key_identifier.key_identifier); + const uint8_t kExpectedValue[] = {0xDE, 0xAD, 0xB0, 0x0F}; + EXPECT_EQ(der::Input(kExpectedValue), + authority_key_identifier.key_identifier); +} + +TEST(ParseAuthorityKeyIdentifierTest, IssuerAndSerial) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + ASSERT_TRUE(ParseAuthorityKeyIdentifierTestData( + "issuer_and_serial.pem", &backing_bytes, &authority_key_identifier)); + + EXPECT_FALSE(authority_key_identifier.key_identifier); + + ASSERT_TRUE(authority_key_identifier.authority_cert_issuer); + const uint8_t kExpectedIssuer[] = {0xa4, 0x11, 0x30, 0x0f, 0x31, 0x0d, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x04, 0x52, 0x6f, 0x6f, 0x74}; + EXPECT_EQ(der::Input(kExpectedIssuer), + authority_key_identifier.authority_cert_issuer); + + ASSERT_TRUE(authority_key_identifier.authority_cert_serial_number); + const uint8_t kExpectedSerial[] = {0x27, 0x4F}; + EXPECT_EQ(der::Input(kExpectedSerial), + authority_key_identifier.authority_cert_serial_number); +} + +TEST(ParseAuthorityKeyIdentifierTest, KeyIdentifierAndIssuerAndSerial) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + ASSERT_TRUE(ParseAuthorityKeyIdentifierTestData( + "key_identifier_and_issuer_and_serial.pem", &backing_bytes, + &authority_key_identifier)); + + ASSERT_TRUE(authority_key_identifier.key_identifier); + const uint8_t kExpectedValue[] = {0xDE, 0xAD, 0xB0, 0x0F}; + EXPECT_EQ(der::Input(kExpectedValue), + authority_key_identifier.key_identifier); + + ASSERT_TRUE(authority_key_identifier.authority_cert_issuer); + const uint8_t kExpectedIssuer[] = {0xa4, 0x11, 0x30, 0x0f, 0x31, 0x0d, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x04, 0x52, 0x6f, 0x6f, 0x74}; + EXPECT_EQ(der::Input(kExpectedIssuer), + authority_key_identifier.authority_cert_issuer); + + ASSERT_TRUE(authority_key_identifier.authority_cert_serial_number); + const uint8_t kExpectedSerial[] = {0x27, 0x4F}; + EXPECT_EQ(der::Input(kExpectedSerial), + authority_key_identifier.authority_cert_serial_number); +} + +TEST(ParseAuthorityKeyIdentifierTest, IssuerOnly) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "issuer_only.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, SerialOnly) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "serial_only.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, InvalidContents) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "invalid_contents.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, InvalidKeyIdentifier) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "invalid_key_identifier.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, InvalidIssuer) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "invalid_issuer.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, InvalidSerial) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "invalid_serial.pem", &backing_bytes, &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, ExtraContentsAfterIssuerAndSerial) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "extra_contents_after_issuer_and_serial.pem", &backing_bytes, + &authority_key_identifier)); +} + +TEST(ParseAuthorityKeyIdentifierTest, ExtraContentsAfterExtensionSequence) { + std::string backing_bytes; + ParsedAuthorityKeyIdentifier authority_key_identifier; + EXPECT_FALSE(ParseAuthorityKeyIdentifierTestData( + "extra_contents_after_extension_sequence.pem", &backing_bytes, + &authority_key_identifier)); +} + +TEST(ParseSubjectKeyIdentifierTest, EmptyInput) { + der::Input subject_key_identifier; + EXPECT_FALSE( + ParseSubjectKeyIdentifier(der::Input(), &subject_key_identifier)); +} + +TEST(ParseSubjectKeyIdentifierTest, Valid) { + // OCTET_STRING {`abcd`} + const uint8_t kInput[] = {0x04, 0x02, 0xab, 0xcd}; + const uint8_t kExpected[] = {0xab, 0xcd}; + der::Input subject_key_identifier; + EXPECT_TRUE( + ParseSubjectKeyIdentifier(der::Input(kInput), &subject_key_identifier)); + EXPECT_EQ(der::Input(kExpected), subject_key_identifier); +} + +TEST(ParseSubjectKeyIdentifierTest, ExtraData) { + // OCTET_STRING {`abcd`} + // NULL + const uint8_t kInput[] = {0x04, 0x02, 0xab, 0xcd, 0x05}; + der::Input subject_key_identifier; + EXPECT_FALSE( + ParseSubjectKeyIdentifier(der::Input(kInput), &subject_key_identifier)); +} + +} // namespace + +} // namespace net diff --git a/pki/parse_name.cc b/pki/parse_name.cc new file mode 100644 index 0000000000..db116f85aa --- /dev/null +++ b/pki/parse_name.cc @@ -0,0 +1,226 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parse_name.h" + +#include + +#include "string_util.h" +#include "parse_values.h" +#include +#include + +namespace bssl { + +namespace { + +// Returns a string containing the dotted numeric form of |oid|, or an empty +// string on error. +std::string OidToString(der::Input oid) { + CBS cbs; + CBS_init(&cbs, oid.UnsafeData(), oid.Length()); + bssl::UniquePtr text(CBS_asn1_oid_to_text(&cbs)); + if (!text) + return std::string(); + return text.get(); +} + +} // namespace + +bool X509NameAttribute::ValueAsString(std::string* out) const { + switch (value_tag) { + case der::kTeletexString: + return der::ParseTeletexStringAsLatin1(value, out); + case der::kIA5String: + return der::ParseIA5String(value, out); + case der::kPrintableString: + return der::ParsePrintableString(value, out); + case der::kUtf8String: + *out = value.AsString(); + return true; + case der::kUniversalString: + return der::ParseUniversalString(value, out); + case der::kBmpString: + return der::ParseBmpString(value, out); + default: + return false; + } +} + +bool X509NameAttribute::ValueAsStringWithUnsafeOptions( + PrintableStringHandling printable_string_handling, + std::string* out) const { + if (printable_string_handling == PrintableStringHandling::kAsUTF8Hack && + value_tag == der::kPrintableString) { + *out = value.AsString(); + return true; + } + return ValueAsString(out); +} + +bool X509NameAttribute::ValueAsStringUnsafe(std::string* out) const { + switch (value_tag) { + case der::kIA5String: + case der::kPrintableString: + case der::kTeletexString: + case der::kUtf8String: + *out = value.AsString(); + return true; + case der::kUniversalString: + return der::ParseUniversalString(value, out); + case der::kBmpString: + return der::ParseBmpString(value, out); + default: + assert(0); // NOTREACHED + return false; + } +} + +bool X509NameAttribute::AsRFC2253String(std::string* out) const { + std::string type_string; + std::string value_string; + // TODO(mattm): Add streetAddress and domainComponent here? + if (type == der::Input(kTypeCommonNameOid)) { + type_string = "CN"; + } else if (type == der::Input(kTypeSurnameOid)) { + type_string = "SN"; + } else if (type == der::Input(kTypeCountryNameOid)) { + type_string = "C"; + } else if (type == der::Input(kTypeLocalityNameOid)) { + type_string = "L"; + } else if (type == der::Input(kTypeStateOrProvinceNameOid)) { + type_string = "ST"; + } else if (type == der::Input(kTypeOrganizationNameOid)) { + type_string = "O"; + } else if (type == der::Input(kTypeOrganizationUnitNameOid)) { + type_string = "OU"; + } else if (type == der::Input(kTypeGivenNameOid)) { + type_string = "givenName"; + } else if (type == der::Input(kTypeEmailAddressOid)) { + type_string = "emailAddress"; + } else { + type_string = OidToString(type); + if (type_string.empty()) + return false; + value_string = + "#" + bssl::string_util::HexEncode(value.UnsafeData(), value.Length()); + } + + if (value_string.empty()) { + std::string unescaped; + if (!ValueAsStringUnsafe(&unescaped)) + return false; + + bool nonprintable = false; + for (unsigned int i = 0; i < unescaped.length(); ++i) { + unsigned char c = static_cast(unescaped[i]); + if (i == 0 && c == '#') { + value_string += "\\#"; + } else if (i == 0 && c == ' ') { + value_string += "\\ "; + } else if (i == unescaped.length() - 1 && c == ' ') { + value_string += "\\ "; + } else if (c == ',' || c == '+' || c == '"' || c == '\\' || c == '<' || + c == '>' || c == ';') { + value_string += "\\"; + value_string += c; + } else if (c < 32 || c > 126) { + nonprintable = true; + std::string h; + h += c; + value_string += + "\\" + bssl::string_util::HexEncode( + reinterpret_cast(h.data()), h.length()); + } else { + value_string += c; + } + } + + // If we have non-printable characters in a TeletexString, we hex encode + // since we don't handle Teletex control codes. + if (nonprintable && value_tag == der::kTeletexString) + value_string = + "#" + bssl::string_util::HexEncode(value.UnsafeData(), value.Length()); + } + + *out = type_string + "=" + value_string; + return true; +} + +bool ReadRdn(der::Parser* parser, RelativeDistinguishedName* out) { + while (parser->HasMore()) { + der::Parser attr_type_and_value; + if (!parser->ReadSequence(&attr_type_and_value)) + return false; + // Read the attribute type, which must be an OBJECT IDENTIFIER. + der::Input type; + if (!attr_type_and_value.ReadTag(der::kOid, &type)) + return false; + + // Read the attribute value. + der::Tag tag; + der::Input value; + if (!attr_type_and_value.ReadTagAndValue(&tag, &value)) + return false; + + // There should be no more elements in the sequence after reading the + // attribute type and value. + if (attr_type_and_value.HasMore()) + return false; + + out->push_back(X509NameAttribute(type, tag, value)); + } + + // RFC 5280 section 4.1.2.4 + // RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue + return out->size() != 0; +} + +bool ParseName(const der::Input& name_tlv, RDNSequence* out) { + der::Parser name_parser(name_tlv); + der::Input name_value; + if (!name_parser.ReadTag(der::kSequence, &name_value)) + return false; + return ParseNameValue(name_value, out); +} + +bool ParseNameValue(const der::Input& name_value, RDNSequence* out) { + der::Parser rdn_sequence_parser(name_value); + while (rdn_sequence_parser.HasMore()) { + der::Parser rdn_parser; + if (!rdn_sequence_parser.ReadConstructed(der::kSet, &rdn_parser)) + return false; + RelativeDistinguishedName type_and_values; + if (!ReadRdn(&rdn_parser, &type_and_values)) + return false; + out->push_back(type_and_values); + } + + return true; +} + +bool ConvertToRFC2253(const RDNSequence& rdn_sequence, std::string* out) { + std::string rdns_string; + size_t size = rdn_sequence.size(); + for (size_t i = 0; i < size; ++i) { + RelativeDistinguishedName rdn = rdn_sequence[size - i - 1]; + std::string rdn_string; + for (const auto& atv : rdn) { + if (!rdn_string.empty()) + rdn_string += "+"; + std::string atv_string; + if (!atv.AsRFC2253String(&atv_string)) + return false; + rdn_string += atv_string; + } + if (!rdns_string.empty()) + rdns_string += ","; + rdns_string += rdn_string; + } + + *out = rdns_string; + return true; +} + +} // namespace net diff --git a/pki/parse_name.h b/pki/parse_name.h new file mode 100644 index 0000000000..2a37c058f6 --- /dev/null +++ b/pki/parse_name.h @@ -0,0 +1,158 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_PARSE_NAME_H_ +#define BSSL_PKI_PARSE_NAME_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "input.h" +#include "parser.h" +#include "tag.h" + +namespace bssl { + +// id-at-commonName: 2.5.4.3 (RFC 5280) +inline constexpr uint8_t kTypeCommonNameOid[] = {0x55, 0x04, 0x03}; +// id-at-surname: 2.5.4.4 (RFC 5280) +inline constexpr uint8_t kTypeSurnameOid[] = {0x55, 0x04, 0x04}; +// id-at-serialNumber: 2.5.4.5 (RFC 5280) +inline constexpr uint8_t kTypeSerialNumberOid[] = {0x55, 0x04, 0x05}; +// id-at-countryName: 2.5.4.6 (RFC 5280) +inline constexpr uint8_t kTypeCountryNameOid[] = {0x55, 0x04, 0x06}; +// id-at-localityName: 2.5.4.7 (RFC 5280) +inline constexpr uint8_t kTypeLocalityNameOid[] = {0x55, 0x04, 0x07}; +// id-at-stateOrProvinceName: 2.5.4.8 (RFC 5280) +inline constexpr uint8_t kTypeStateOrProvinceNameOid[] = {0x55, 0x04, 0x08}; +// street (streetAddress): 2.5.4.9 (RFC 4519) +inline constexpr uint8_t kTypeStreetAddressOid[] = {0x55, 0x04, 0x09}; +// id-at-organizationName: 2.5.4.10 (RFC 5280) +inline constexpr uint8_t kTypeOrganizationNameOid[] = {0x55, 0x04, 0x0a}; +// id-at-organizationalUnitName: 2.5.4.11 (RFC 5280) +inline constexpr uint8_t kTypeOrganizationUnitNameOid[] = {0x55, 0x04, 0x0b}; +// id-at-title: 2.5.4.12 (RFC 5280) +inline constexpr uint8_t kTypeTitleOid[] = {0x55, 0x04, 0x0c}; +// id-at-name: 2.5.4.41 (RFC 5280) +inline constexpr uint8_t kTypeNameOid[] = {0x55, 0x04, 0x29}; +// id-at-givenName: 2.5.4.42 (RFC 5280) +inline constexpr uint8_t kTypeGivenNameOid[] = {0x55, 0x04, 0x2a}; +// id-at-initials: 2.5.4.43 (RFC 5280) +inline constexpr uint8_t kTypeInitialsOid[] = {0x55, 0x04, 0x2b}; +// id-at-generationQualifier: 2.5.4.44 (RFC 5280) +inline constexpr uint8_t kTypeGenerationQualifierOid[] = {0x55, 0x04, 0x2c}; +// dc (domainComponent): 0.9.2342.19200300.100.1.25 (RFC 4519) +inline constexpr uint8_t kTypeDomainComponentOid[] = { + 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19}; +// RFC 5280 section A.1: +// +// pkcs-9 OBJECT IDENTIFIER ::= +// { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } +// +// id-emailAddress AttributeType ::= { pkcs-9 1 } +// +// In dotted form: 1.2.840.113549.1.9.1 +inline constexpr uint8_t kTypeEmailAddressOid[] = {0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01}; + +// X509NameAttribute contains a representation of a DER-encoded RFC 2253 +// "AttributeTypeAndValue". +// +// AttributeTypeAndValue ::= SEQUENCE { +// type AttributeType, +// value AttributeValue +// } +struct OPENSSL_EXPORT X509NameAttribute { + X509NameAttribute(der::Input in_type, + der::Tag in_value_tag, + der::Input in_value) + : type(in_type), value_tag(in_value_tag), value(in_value) {} + + // Configures handling of PrintableString in the attribute value. Do + // not use non-default handling without consulting //net owners. With + // kAsUTF8Hack, PrintableStrings are interpreted as UTF-8 strings. + enum class PrintableStringHandling { kDefault, kAsUTF8Hack }; + + // Attempts to convert the value represented by this struct into a + // UTF-8 string and store it in |out|, returning whether the conversion + // was successful. + [[nodiscard]] bool ValueAsString(std::string* out) const; + + // Attempts to convert the value represented by this struct into a + // UTF-8 string and store it in |out|, returning whether the conversion + // was successful. Allows configuring some non-standard string handling + // options. + // + // Do not use without consulting //net owners. + [[nodiscard]] bool ValueAsStringWithUnsafeOptions( + PrintableStringHandling printable_string_handling, + std::string* out) const; + + // Attempts to convert the value represented by this struct into a + // std::string and store it in |out|, returning whether the conversion was + // successful. Due to some encodings being incompatible, the caller must + // verify the attribute |value_tag|. + // + // Note: Don't use this function unless you know what you're doing. Use + // ValueAsString instead. + // + // Note: The conversion doesn't verify that the value corresponds to the + // ASN.1 definition of the value type. + [[nodiscard]] bool ValueAsStringUnsafe(std::string* out) const; + + // Formats the NameAttribute per RFC2253 into an ASCII string and stores + // the result in |out|, returning whether the conversion was successful. + [[nodiscard]] bool AsRFC2253String(std::string* out) const; + + der::Input type; + der::Tag value_tag; + der::Input value; +}; + +typedef std::vector RelativeDistinguishedName; +typedef std::vector RDNSequence; + +// Parses all the ASN.1 AttributeTypeAndValue elements in |parser| and stores +// each as an AttributeTypeAndValue object in |out|. +// +// AttributeTypeAndValue is defined in RFC 5280 section 4.1.2.4: +// +// AttributeTypeAndValue ::= SEQUENCE { +// type AttributeType, +// value AttributeValue } +// +// AttributeType ::= OBJECT IDENTIFIER +// +// AttributeValue ::= ANY -- DEFINED BY AttributeType +// +// DirectoryString ::= CHOICE { +// teletexString TeletexString (SIZE (1..MAX)), +// printableString PrintableString (SIZE (1..MAX)), +// universalString UniversalString (SIZE (1..MAX)), +// utf8String UTF8String (SIZE (1..MAX)), +// bmpString BMPString (SIZE (1..MAX)) } +// +// The type of the component AttributeValue is determined by the AttributeType; +// in general it will be a DirectoryString. +[[nodiscard]] OPENSSL_EXPORT bool ReadRdn(der::Parser* parser, + RelativeDistinguishedName* out); + +// Parses a DER-encoded "Name" as specified by 5280. Returns true on success +// and sets the results in |out|. +[[nodiscard]] OPENSSL_EXPORT bool ParseName(const der::Input& name_tlv, + RDNSequence* out); +// Parses a DER-encoded "Name" value (without the sequence tag & length) as +// specified by 5280. Returns true on success and sets the results in |out|. +[[nodiscard]] OPENSSL_EXPORT bool ParseNameValue(const der::Input& name_value, + RDNSequence* out); + +// Formats a RDNSequence |rdn_sequence| per RFC2253 as an ASCII string and +// stores the result into |out|, and returns whether the conversion was +// successful. +[[nodiscard]] OPENSSL_EXPORT bool ConvertToRFC2253(const RDNSequence& rdn_sequence, + std::string* out); +} // namespace net + +#endif // BSSL_PKI_PARSE_NAME_H_ diff --git a/pki/parse_name_unittest.cc b/pki/parse_name_unittest.cc new file mode 100644 index 0000000000..a3585bbb58 --- /dev/null +++ b/pki/parse_name_unittest.cc @@ -0,0 +1,361 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parse_name.h" + +#include "test_helpers.h" +#include + +namespace bssl { + +namespace { +// Loads test data from file. The filename is constructed from the parameters: +// |prefix| describes the type of data being tested, e.g. "ascii", +// "unicode_bmp", "unicode_supplementary", and "invalid". +// |value_type| indicates what ASN.1 type is used to encode the data. +// |suffix| indicates any additional modifications, such as caseswapping, +// whitespace adding, etc. +::testing::AssertionResult LoadTestData(const std::string& prefix, + const std::string& value_type, + const std::string& suffix, + std::string* result) { + std::string path = "testdata/verify_name_match_unittest/names/" + prefix + + "-" + value_type + "-" + suffix + ".pem"; + + const PemBlockMapping mappings[] = { + {"NAME", result}, + }; + + return ReadTestDataFromPemFile(path, mappings); +} + +} // anonymous namespace + +TEST(ParseNameTest, IA5SafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kIA5String, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, IA5UnsafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0xFF, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kIA5String, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo\377 bar", result_unsafe); + std::string result; + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, PrintableSafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kPrintableString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, PrintableUnsafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x5f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kPrintableString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo_ bar", result_unsafe); + std::string result; + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, PrintableStringUnsafeOptions) { + const uint8_t der[] = { + 0x46, 0x6f, 0x5f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kPrintableString, der::Input(der)); + std::string result; + ASSERT_FALSE(value.ValueAsStringWithUnsafeOptions( + X509NameAttribute::PrintableStringHandling::kDefault, &result)); + ASSERT_TRUE(value.ValueAsStringWithUnsafeOptions( + X509NameAttribute::PrintableStringHandling::kAsUTF8Hack, &result)); + ASSERT_EQ("Fo_ bar", result); +} + +TEST(ParseNameTest, TeletexSafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kTeletexString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, TeletexLatin1StringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0xd6, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kTeletexString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo\xd6 bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("FoÖ bar", result); +} + +TEST(ParseNameTest, ConvertBmpString) { + const uint8_t der[] = { + 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x62, 0x00, 0x61, 0x00, 0x72, + }; + X509NameAttribute value(der::Input(), der::kBmpString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("foobar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("foobar", result); +} + +// BmpString must encode characters in pairs of 2 bytes. +TEST(ParseNameTest, ConvertInvalidBmpString) { + const uint8_t der[] = {0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72, 0x72}; + X509NameAttribute value(der::Input(), der::kBmpString, der::Input(der)); + std::string result; + ASSERT_FALSE(value.ValueAsStringUnsafe(&result)); + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, ConvertUniversalString) { + const uint8_t der[] = {0x00, 0x00, 0x00, 0x66, 0x00, 0x00, 0x00, 0x6f, + 0x00, 0x00, 0x00, 0x6f, 0x00, 0x00, 0x00, 0x62, + 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x72}; + X509NameAttribute value(der::Input(), der::kUniversalString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("foobar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("foobar", result); +} + +// UniversalString must encode characters in pairs of 4 bytes. +TEST(ParseNameTest, ConvertInvalidUniversalString) { + const uint8_t der[] = {0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}; + X509NameAttribute value(der::Input(), der::kUniversalString, der::Input(der)); + std::string result; + ASSERT_FALSE(value.ValueAsStringUnsafe(&result)); + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, EmptyName) { + const uint8_t der[] = {0x30, 0x00}; + der::Input rdn(der); + RDNSequence atv; + ASSERT_TRUE(ParseName(rdn, &atv)); + ASSERT_EQ(0u, atv.size()); +} + +TEST(ParseNameTest, ValidName) { + const uint8_t der[] = {0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x47, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x0e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41}; + der::Input rdn(der); + RDNSequence atv; + ASSERT_TRUE(ParseName(rdn, &atv)); + ASSERT_EQ(3u, atv.size()); + ASSERT_EQ(1u, atv[0].size()); + ASSERT_EQ(der::Input(kTypeCountryNameOid), atv[0][0].type); + ASSERT_EQ("US", atv[0][0].value.AsString()); + ASSERT_EQ(1u, atv[1].size()); + ASSERT_EQ(der::Input(kTypeOrganizationNameOid), atv[1][0].type); + ASSERT_EQ("Google Inc.", atv[1][0].value.AsString()); + ASSERT_EQ(1u, atv[2].size()); + ASSERT_EQ(der::Input(kTypeCommonNameOid), atv[2][0].type); + ASSERT_EQ("Google Test CA", atv[2][0].value.AsString()); +} + +TEST(ParseNameTest, InvalidNameExtraData) { + std::string invalid; + ASSERT_TRUE( + LoadTestData("invalid", "AttributeTypeAndValue", "extradata", &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, InvalidNameEmpty) { + std::string invalid; + ASSERT_TRUE( + LoadTestData("invalid", "AttributeTypeAndValue", "empty", &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, InvalidNameBadType) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "AttributeTypeAndValue", + "badAttributeType", &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, InvalidNameNotSequence) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "AttributeTypeAndValue", "setNotSequence", + &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, InvalidNameNotSet) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "RDN", "sequenceInsteadOfSet", &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, InvalidNameEmptyRdn) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "RDN", "empty", &invalid)); + RDNSequence atv; + ASSERT_FALSE(ParseName(SequenceValueFromString(&invalid), &atv)); +} + +TEST(ParseNameTest, RFC2253FormatBasic) { + const uint8_t der[] = {0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x49, + 0x73, 0x6f, 0x64, 0x65, 0x20, 0x4c, 0x69, 0x6d, 0x69, + 0x74, 0x65, 0x64, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x0b, 0x53, 0x74, 0x65, 0x76, + 0x65, 0x20, 0x4b, 0x69, 0x6c, 0x6c, 0x65}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("CN=Steve Kille,O=Isode Limited,C=GB", output); +} + +TEST(ParseNameTest, RFC2253FormatMultiRDN) { + const uint8_t der[] = { + 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0b, 0x57, 0x69, 0x64, 0x67, 0x65, 0x74, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x1f, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x05, + 0x53, 0x61, 0x6c, 0x65, 0x73, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x08, 0x4a, 0x2e, 0x20, 0x53, 0x6d, 0x69, 0x74, 0x68}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("OU=Sales+CN=J. Smith,O=Widget Inc.,C=US", output); +} + +TEST(ParseNameTest, RFC2253FormatQuoted) { + const uint8_t der[] = { + 0x30, 0x40, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x47, 0x42, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x15, 0x53, 0x75, 0x65, 0x2c, 0x20, 0x47, 0x72, + 0x61, 0x62, 0x62, 0x69, 0x74, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, + 0x75, 0x6e, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x08, 0x4c, 0x2e, 0x20, 0x45, 0x61, 0x67, 0x6c, 0x65}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("CN=L. Eagle,O=Sue\\, Grabbit and Runn,C=GB", output); +} + +TEST(ParseNameTest, RFC2253FormatNonPrintable) { + const uint8_t der[] = {0x30, 0x33, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x0d, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x04, 0x54, + 0x65, 0x73, 0x74, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x0c, 0x42, 0x65, 0x66, 0x6f, + 0x72, 0x65, 0x0d, 0x41, 0x66, 0x74, 0x65, 0x72}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("CN=Before\\0DAfter,O=Test,C=GB", output); +} + +TEST(ParseNameTest, RFC2253FormatUnknownOid) { + const uint8_t der[] = {0x30, 0x30, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x0d, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x04, 0x54, + 0x65, 0x73, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x00, 0x13, + 0x04, 0x04, 0x02, 0x48, 0x69}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB", output); +} + +TEST(ParseNameTest, RFC2253FormatLargeOid) { + const uint8_t der[] = {0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, + 0x81, 0x0d, 0x06, 0x01, 0x99, 0x21, 0x01, 0x8b, + 0x3a, 0x00, 0x13, 0x04, 0x74, 0x65, 0x73, 0x74}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("2.61.6.1.3233.1.1466.0=#74657374", output); +} + +TEST(ParseNameTest, RFC2253FormatInvalidOid) { + // Same DER as RFC2253FormatLargeOid but with the last byte of the OID + // replaced with 0x80, which ends the OID with a truncated multi-byte + // component. + const uint8_t der[] = {0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, + 0x81, 0x0d, 0x06, 0x01, 0x99, 0x21, 0x01, 0x8b, + 0x3a, 0x80, 0x13, 0x04, 0x74, 0x65, 0x73, 0x74}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + EXPECT_FALSE(ConvertToRFC2253(rdn, &output)); +} + +TEST(ParseNameTest, RFC2253FormatUTF8) { + const uint8_t der[] = {0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x04, 0x13, 0x07, 0x4c, + 0x75, 0xc4, 0x8d, 0x69, 0xc4, 0x87}; + der::Input rdn_input(der); + RDNSequence rdn; + ASSERT_TRUE(ParseName(rdn_input, &rdn)); + std::string output; + ASSERT_TRUE(ConvertToRFC2253(rdn, &output)); + ASSERT_EQ("SN=Lu\\C4\\8Di\\C4\\87", output); +} + +} // namespace net diff --git a/pki/parse_values.cc b/pki/parse_values.cc new file mode 100644 index 0000000000..cb7277dc20 --- /dev/null +++ b/pki/parse_values.cc @@ -0,0 +1,446 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parse_values.h" + +#include +#include + +#include "fillins/check.h" + +#include "fillins/string_util.h" + +#include "fillins/utf_string_conversions.h" +#include "fillins/inet.h" +#include "fillins/utf_string_conversions.h" +#include + +namespace bssl::der { + +namespace { + +bool ParseBoolInternal(const Input& in, bool* out, bool relaxed) { + // According to ITU-T X.690 section 8.2, a bool is encoded as a single octet + // where the octet of all zeroes is FALSE and a non-zero value for the octet + // is TRUE. + if (in.Length() != 1) + return false; + ByteReader data(in); + uint8_t byte; + if (!data.ReadByte(&byte)) + return false; + if (byte == 0) { + *out = false; + return true; + } + // ITU-T X.690 section 11.1 specifies that for DER, the TRUE value must be + // encoded as an octet of all ones. + if (byte == 0xff || relaxed) { + *out = true; + return true; + } + return false; +} + +// Reads a positive decimal number with |digits| digits and stores it in +// |*out|. This function does not check that the type of |*out| is large +// enough to hold 10^digits - 1; the caller must choose an appropriate type +// based on the number of digits they wish to parse. +template +bool DecimalStringToUint(ByteReader& in, size_t digits, UINT* out) { + UINT value = 0; + for (size_t i = 0; i < digits; ++i) { + uint8_t digit; + if (!in.ReadByte(&digit)) { + return false; + } + if (digit < '0' || digit > '9') { + return false; + } + value = (value * 10) + (digit - '0'); + } + *out = value; + return true; +} + +// Checks that the values in a GeneralizedTime struct are valid. This involves +// checking that the year is 4 digits, the month is between 1 and 12, the day +// is a day that exists in that month (following current leap year rules), +// hours are between 0 and 23, minutes between 0 and 59, and seconds between +// 0 and 60 (to allow for leap seconds; no validation is done that a leap +// second is on a day that could be a leap second). +bool ValidateGeneralizedTime(const GeneralizedTime& time) { + if (time.month < 1 || time.month > 12) + return false; + if (time.day < 1) + return false; + if (time.hours > 23) { + return false; + } + if (time.minutes > 59) { + return false; + } + // Leap seconds are allowed. + if (time.seconds > 60) { + return false; + } + + // validate upper bound for day of month + switch (time.month) { + case 4: + case 6: + case 9: + case 11: + if (time.day > 30) + return false; + break; + case 1: + case 3: + case 5: + case 7: + case 8: + case 10: + case 12: + if (time.day > 31) + return false; + break; + case 2: + if (time.year % 4 == 0 && + (time.year % 100 != 0 || time.year % 400 == 0)) { + if (time.day > 29) + return false; + } else { + if (time.day > 28) + return false; + } + break; + default: + abort(); //NOTREACHED_NORETURN; + } + return true; +} + +// Returns the number of bytes of numeric precision in a DER encoded INTEGER +// value. |in| must be a valid DER encoding of an INTEGER for this to work. +// +// Normally the precision of the number is exactly in.Length(). However when +// encoding positive numbers using DER it is possible to have a leading zero +// (to prevent number from being interpreted as negative). +// +// For instance a 160-bit positive number might take 21 bytes to encode. This +// function will return 20 in such a case. +size_t GetUnsignedIntegerLength(const Input& in) { + der::ByteReader reader(in); + uint8_t first_byte; + if (!reader.ReadByte(&first_byte)) + return 0; // Not valid DER as |in| was empty. + + if (first_byte == 0 && in.Length() > 1) + return in.Length() - 1; + return in.Length(); +} + +} // namespace + +bool ParseBool(const Input& in, bool* out) { + return ParseBoolInternal(in, out, false /* relaxed */); +} + +// BER interprets any non-zero value as true, while DER requires a bool to +// have either all bits zero (false) or all bits one (true). To support +// malformed certs, we recognized the BER encoding instead of failing to +// parse. +bool ParseBoolRelaxed(const Input& in, bool* out) { + return ParseBoolInternal(in, out, true /* relaxed */); +} + +// ITU-T X.690 section 8.3.2 specifies that an integer value must be encoded +// in the smallest number of octets. If the encoding consists of more than +// one octet, then the bits of the first octet and the most significant bit +// of the second octet must not be all zeroes or all ones. +bool IsValidInteger(const Input& in, bool* negative) { + CBS cbs; + CBS_init(&cbs, in.UnsafeData(), in.Length()); + int negative_int; + if (!CBS_is_valid_asn1_integer(&cbs, &negative_int)) { + return false; + } + + *negative = !!negative_int; + return true; +} + +bool ParseUint64(const Input& in, uint64_t* out) { + // Reject non-minimally encoded numbers and negative numbers. + bool negative; + if (!IsValidInteger(in, &negative) || negative) + return false; + + // Reject (non-negative) integers whose value would overflow the output type. + if (GetUnsignedIntegerLength(in) > sizeof(*out)) + return false; + + ByteReader reader(in); + uint8_t data; + uint64_t value = 0; + + while (reader.ReadByte(&data)) { + value <<= 8; + value |= data; + } + *out = value; + return true; +} + +bool ParseUint8(const Input& in, uint8_t* out) { + // TODO(eroman): Implement this more directly. + uint64_t value; + if (!ParseUint64(in, &value)) + return false; + + if (value > 0xFF) + return false; + + *out = static_cast(value); + return true; +} + +BitString::BitString(const Input& bytes, uint8_t unused_bits) + : bytes_(bytes), unused_bits_(unused_bits) { + DCHECK_LT(unused_bits, 8); + DCHECK(unused_bits == 0 || bytes.Length() != 0); + // The unused bits must be zero. + DCHECK(bytes.Length() == 0 || + (bytes.UnsafeData()[bytes.Length() - 1] & ((1u << unused_bits) - 1)) == + 0); +} + +bool BitString::AssertsBit(size_t bit_index) const { + // Index of the byte that contains the bit. + size_t byte_index = bit_index / 8; + + // If the bit is outside of the bitstring, by definition it is not + // asserted. + if (byte_index >= bytes_.Length()) + return false; + + // Within a byte, bits are ordered from most significant to least significant. + // Convert |bit_index| to an index within the |byte_index| byte, measured from + // its least significant bit. + uint8_t bit_index_in_byte = 7 - (bit_index - byte_index * 8); + + // BIT STRING parsing already guarantees that unused bits in a byte are zero + // (otherwise it wouldn't be valid DER). Therefore it isn't necessary to check + // |unused_bits_| + uint8_t byte = bytes_.UnsafeData()[byte_index]; + return 0 != (byte & (1 << bit_index_in_byte)); +} + +std::optional ParseBitString(const Input& in) { + ByteReader reader(in); + + // From ITU-T X.690, section 8.6.2.2 (applies to BER, CER, DER): + // + // The initial octet shall encode, as an unsigned binary integer with + // bit 1 as the least significant bit, the number of unused bits in the final + // subsequent octet. The number shall be in the range zero to seven. + uint8_t unused_bits; + if (!reader.ReadByte(&unused_bits)) + return std::nullopt; + if (unused_bits > 7) + return std::nullopt; + + Input bytes; + if (!reader.ReadBytes(reader.BytesLeft(), &bytes)) + return std::nullopt; // Not reachable. + + // Ensure that unused bits in the last byte are set to 0. + if (unused_bits > 0) { + // From ITU-T X.690, section 8.6.2.3 (applies to BER, CER, DER): + // + // If the bitstring is empty, there shall be no subsequent octets, + // and the initial octet shall be zero. + if (bytes.Length() == 0) + return std::nullopt; + uint8_t last_byte = bytes.UnsafeData()[bytes.Length() - 1]; + + // From ITU-T X.690, section 11.2.1 (applies to CER and DER, but not BER): + // + // Each unused bit in the final octet of the encoding of a bit string value + // shall be set to zero. + uint8_t mask = 0xFF >> (8 - unused_bits); + if ((mask & last_byte) != 0) + return std::nullopt; + } + + return BitString(bytes, unused_bits); +} + +bool GeneralizedTime::InUTCTimeRange() const { + return 1950 <= year && year < 2050; +} + +bool operator<(const GeneralizedTime& lhs, const GeneralizedTime& rhs) { + return std::tie(lhs.year, lhs.month, lhs.day, lhs.hours, lhs.minutes, + lhs.seconds) < std::tie(rhs.year, rhs.month, rhs.day, + rhs.hours, rhs.minutes, rhs.seconds); +} + +bool operator>(const GeneralizedTime& lhs, const GeneralizedTime& rhs) { + return rhs < lhs; +} + +bool operator<=(const GeneralizedTime& lhs, const GeneralizedTime& rhs) { + return !(lhs > rhs); +} + +bool operator>=(const GeneralizedTime& lhs, const GeneralizedTime& rhs) { + return !(lhs < rhs); +} + +bool ParseUTCTime(const Input& in, GeneralizedTime* value) { + ByteReader reader(in); + GeneralizedTime time; + if (!DecimalStringToUint(reader, 2, &time.year) || + !DecimalStringToUint(reader, 2, &time.month) || + !DecimalStringToUint(reader, 2, &time.day) || + !DecimalStringToUint(reader, 2, &time.hours) || + !DecimalStringToUint(reader, 2, &time.minutes) || + !DecimalStringToUint(reader, 2, &time.seconds)) { + return false; + } + uint8_t zulu; + if (!reader.ReadByte(&zulu) || zulu != 'Z' || reader.HasMore()) + return false; + if (time.year < 50) { + time.year += 2000; + } else { + time.year += 1900; + } + if (!ValidateGeneralizedTime(time)) + return false; + *value = time; + return true; +} + +bool ParseGeneralizedTime(const Input& in, GeneralizedTime* value) { + ByteReader reader(in); + GeneralizedTime time; + if (!DecimalStringToUint(reader, 4, &time.year) || + !DecimalStringToUint(reader, 2, &time.month) || + !DecimalStringToUint(reader, 2, &time.day) || + !DecimalStringToUint(reader, 2, &time.hours) || + !DecimalStringToUint(reader, 2, &time.minutes) || + !DecimalStringToUint(reader, 2, &time.seconds)) { + return false; + } + uint8_t zulu; + if (!reader.ReadByte(&zulu) || zulu != 'Z' || reader.HasMore()) + return false; + if (!ValidateGeneralizedTime(time)) + return false; + *value = time; + return true; +} + +bool ParseIA5String(Input in, std::string* out) { + for (char c : in.AsStringView()) { + if (static_cast(c) > 127) + return false; + } + *out = in.AsString(); + return true; +} + +bool ParseVisibleString(Input in, std::string* out) { + // ITU-T X.680: + // VisibleString : "Defining registration number 6" + SPACE + // 6 includes all the characters from '!' .. '~' (33 .. 126), space is 32. + // Also ITU-T X.691 says it much more clearly: + // "for VisibleString [the range] is 32 to 126 ... For VisibleString .. all + // the values in the range are present." + for (char c : in.AsStringView()) { + if (static_cast(c) < 32 || static_cast(c) > 126) + return false; + } + *out = in.AsString(); + return true; +} + +bool ParsePrintableString(Input in, std::string* out) { + for (char c : in.AsStringView()) { + if (!(fillins::IsAsciiAlpha(c) || c == ' ' || (c >= '\'' && c <= ':') || + c == '=' || c == '?')) { + return false; + } + } + *out = in.AsString(); + return true; +} + +bool ParseTeletexStringAsLatin1(Input in, std::string* out) { + out->clear(); + // Convert from Latin-1 to UTF-8. + size_t utf8_length = in.Length(); + for (size_t i = 0; i < in.Length(); i++) { + if (in.UnsafeData()[i] > 0x7f) + utf8_length++; + } + out->reserve(utf8_length); + for (size_t i = 0; i < in.Length(); i++) { + uint8_t u = in.UnsafeData()[i]; + if (u <= 0x7f) { + out->push_back(u); + } else { + out->push_back(0xc0 | (u >> 6)); + out->push_back(0x80 | (u & 0x3f)); + } + } + DCHECK_EQ(utf8_length, out->size()); + return true; +} + +bool ParseUniversalString(Input in, std::string* out) { + if (in.Length() % 4 != 0) + return false; + + out->clear(); + std::vector in_32bit(in.Length() / 4); + if (in.Length()) + memcpy(in_32bit.data(), in.UnsafeData(), in.Length()); + for (const uint32_t c : in_32bit) { + // UniversalString is UCS-4 in big-endian order. + auto codepoint = static_cast(ntohl(c)); + if (!CBU_IS_UNICODE_CHAR(codepoint)) + return false; + + fillins::WriteUnicodeCharacter(codepoint, out); + } + return true; +} + +bool ParseBmpString(Input in, std::string* out) { + if (in.Length() % 2 != 0) + return false; + + out->clear(); + std::vector in_16bit(in.Length() / 2); + if (in.Length()) + memcpy(in_16bit.data(), in.UnsafeData(), in.Length()); + for (const uint16_t c : in_16bit) { + // BMPString is UCS-2 in big-endian order. + uint32_t codepoint = ntohs(c); + + // BMPString only supports codepoints in the Basic Multilingual Plane; + // surrogates are not allowed. CBU_IS_UNICODE_CHAR excludes the surrogate + // code points, among other invalid values. + if (!CBU_IS_UNICODE_CHAR(codepoint)) + return false; + + fillins::WriteUnicodeCharacter(codepoint, out); + } + return true; +} + +} // namespace bssl::der diff --git a/pki/parse_values.h b/pki/parse_values.h new file mode 100644 index 0000000000..ca65873199 --- /dev/null +++ b/pki/parse_values.h @@ -0,0 +1,152 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_DER_PARSE_VALUES_H_ +#define BSSL_DER_PARSE_VALUES_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "input.h" +#include + +namespace bssl::der { + +// Reads a DER-encoded ASN.1 BOOLEAN value from |in| and puts the resulting +// value in |out|. Returns whether the encoded value could successfully be +// read. +[[nodiscard]] OPENSSL_EXPORT bool ParseBool(const Input& in, bool* out); + +// Like ParseBool, except it is more relaxed in what inputs it accepts: Any +// value that is a valid BER encoding will be parsed successfully. +[[nodiscard]] OPENSSL_EXPORT bool ParseBoolRelaxed(const Input& in, bool* out); + +// Checks the validity of a DER-encoded ASN.1 INTEGER value from |in|, and +// determines the sign of the number. Returns true on success and +// fills |negative|. Otherwise returns false and does not modify the out +// parameter. +// +// in: The value portion of an INTEGER. +// negative: Out parameter that is set to true if the number is negative +// and false otherwise (zero is non-negative). +[[nodiscard]] OPENSSL_EXPORT bool IsValidInteger(const Input& in, bool* negative); + +// Reads a DER-encoded ASN.1 INTEGER value from |in| and puts the resulting +// value in |out|. ASN.1 INTEGERs are arbitrary precision; this function is +// provided as a convenience when the caller knows that the value is unsigned +// and is between 0 and 2^64-1. This function returns false if the value is too +// big to fit in a uint64_t, is negative, or if there is an error reading the +// integer. +[[nodiscard]] OPENSSL_EXPORT bool ParseUint64(const Input& in, uint64_t* out); + +// Same as ParseUint64() but for a uint8_t. +[[nodiscard]] OPENSSL_EXPORT bool ParseUint8(const Input& in, uint8_t* out); + +// The BitString class is a helper for representing a valid parsed BIT STRING. +// +// * The bits are ordered within each octet of bytes() from most to least +// significant, as in the DER encoding. +// +// * There may be at most 7 unused bits. +class OPENSSL_EXPORT BitString { + public: + BitString() = default; + + // |unused_bits| represents the number of bits in the last octet of |bytes|, + // starting from the least significant bit, that are unused. It MUST be < 8. + // And if bytes is empty, then it MUST be 0. + BitString(const Input& bytes, uint8_t unused_bits); + + const Input& bytes() const { return bytes_; } + uint8_t unused_bits() const { return unused_bits_; } + + // Returns true if the bit string contains 1 at the specified position. + // Otherwise returns false. + // + // A return value of false can mean either: + // * The bit value at |bit_index| is 0. + // * There is no bit at |bit_index| (index is beyond the end). + [[nodiscard]] bool AssertsBit(size_t bit_index) const; + + private: + Input bytes_; + uint8_t unused_bits_ = 0; + + // Default assignment and copy constructor are OK. +}; + +// Reads a DER-encoded ASN.1 BIT STRING value from |in| and returns the +// resulting octet string and number of unused bits. +// +// On failure, returns std::nullopt. +[[nodiscard]] OPENSSL_EXPORT std::optional ParseBitString( + const Input& in); + +struct OPENSSL_EXPORT GeneralizedTime { + uint16_t year; + uint8_t month; + uint8_t day; + uint8_t hours; + uint8_t minutes; + uint8_t seconds; + + // Returns true if the value is in UTCTime's range. + bool InUTCTimeRange() const; +}; + +OPENSSL_EXPORT bool operator<(const GeneralizedTime& lhs, + const GeneralizedTime& rhs); +OPENSSL_EXPORT bool operator<=(const GeneralizedTime& lhs, + const GeneralizedTime& rhs); +OPENSSL_EXPORT bool operator>(const GeneralizedTime& lhs, + const GeneralizedTime& rhs); +OPENSSL_EXPORT bool operator>=(const GeneralizedTime& lhs, + const GeneralizedTime& rhs); + +// Reads a DER-encoded ASN.1 UTCTime value from |in| and puts the resulting +// value in |out|, returning true if the UTCTime could be parsed successfully. +[[nodiscard]] OPENSSL_EXPORT bool ParseUTCTime(const Input& in, + GeneralizedTime* out); + +// Reads a DER-encoded ASN.1 GeneralizedTime value from |in| and puts the +// resulting value in |out|, returning true if the GeneralizedTime could +// be parsed successfully. This function is even more restrictive than the +// DER rules - it follows the rules from RFC5280, which does not allow for +// fractional seconds. +[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralizedTime(const Input& in, + GeneralizedTime* out); + +// Reads a DER-encoded ASN.1 IA5String value from |in| and stores the result in +// |out| as ASCII, returning true if successful. +[[nodiscard]] OPENSSL_EXPORT bool ParseIA5String(Input in, std::string* out); + +// Reads a DER-encoded ASN.1 VisibleString value from |in| and stores the result +// in |out| as ASCII, returning true if successful. +[[nodiscard]] OPENSSL_EXPORT bool ParseVisibleString(Input in, std::string* out); + +// Reads a DER-encoded ASN.1 PrintableString value from |in| and stores the +// result in |out| as ASCII, returning true if successful. +[[nodiscard]] OPENSSL_EXPORT bool ParsePrintableString(Input in, std::string* out); + +// Reads a DER-encoded ASN.1 TeletexString value from |in|, treating it as +// Latin-1, and stores the result in |out| as UTF-8, returning true if +// successful. +// +// This is for compatibility with legacy implementations that would use Latin-1 +// encoding but tag it as TeletexString. +[[nodiscard]] OPENSSL_EXPORT bool ParseTeletexStringAsLatin1(Input in, + std::string* out); + +// Reads a DER-encoded ASN.1 UniversalString value from |in| and stores the +// result in |out| as UTF-8, returning true if successful. +[[nodiscard]] OPENSSL_EXPORT bool ParseUniversalString(Input in, std::string* out); + +// Reads a DER-encoded ASN.1 BMPString value from |in| and stores the +// result in |out| as UTF-8, returning true if successful. +[[nodiscard]] OPENSSL_EXPORT bool ParseBmpString(Input in, std::string* out); + +} // namespace bssl::der + +#endif // BSSL_DER_PARSE_VALUES_H_ diff --git a/pki/parse_values_unittest.cc b/pki/parse_values_unittest.cc new file mode 100644 index 0000000000..6431c728cc --- /dev/null +++ b/pki/parse_values_unittest.cc @@ -0,0 +1,465 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parse_values.h" + +#include + +#include + +namespace bssl::der::test { + +namespace { + +template +Input FromStringLiteral(const char(&data)[N]) { + // Strings are null-terminated. The null terminating byte shouldn't be + // included in the Input, so the size is N - 1 instead of N. + return Input(reinterpret_cast(data), N - 1); +} + +} // namespace + +TEST(ParseValuesTest, ParseBool) { + uint8_t buf[] = {0xFF, 0x00}; + Input value(buf, 1); + bool out; + EXPECT_TRUE(ParseBool(value, &out)); + EXPECT_TRUE(out); + + buf[0] = 0; + EXPECT_TRUE(ParseBool(value, &out)); + EXPECT_FALSE(out); + + buf[0] = 1; + EXPECT_FALSE(ParseBool(value, &out)); + EXPECT_TRUE(ParseBoolRelaxed(value, &out)); + EXPECT_TRUE(out); + + buf[0] = 0xFF; + value = Input(buf, 2); + EXPECT_FALSE(ParseBool(value, &out)); + value = Input(buf, 0); + EXPECT_FALSE(ParseBool(value, &out)); +} + +TEST(ParseValuesTest, ParseTimes) { + GeneralizedTime out; + + EXPECT_TRUE(ParseUTCTime(FromStringLiteral("140218161200Z"), &out)); + + // DER-encoded UTCTime must end with 'Z'. + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200X"), &out)); + + // Check that a negative number (-4 in this case) doesn't get parsed as + // a 2-digit number. + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("-40218161200Z"), &out)); + + // Check that numbers with a leading 0 don't get parsed in octal by making + // the second digit an invalid octal digit (e.g. 09). + EXPECT_TRUE(ParseUTCTime(FromStringLiteral("090218161200Z"), &out)); + + // Check that the length is validated. + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200Z0"), &out)); + + // Check strictness of UTCTime parsers. + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("1402181612Z"), &out)); + + // Check format of GeneralizedTime. + + // Years 0 and 9999 are allowed. + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("00000101000000Z"), &out)); + EXPECT_EQ(0, out.year); + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("99991231235960Z"), &out)); + EXPECT_EQ(9999, out.year); + + // Leap seconds are allowed. + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20140218161260Z"), &out)); + + // But nothing larger than a leap second. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218161261Z"), &out)); + + // Minutes only go up to 59. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218166000Z"), &out)); + + // Hours only go up to 23. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218240000Z"), &out)); + // The 0th day of a month is invalid. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140200161200Z"), &out)); + // The 0th month is invalid. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140018161200Z"), &out)); + // Months greater than 12 are invalid. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20141318161200Z"), &out)); + + // Some months have 31 days. + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20140131000000Z"), &out)); + + // September has only 30 days. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140931000000Z"), &out)); + + // February has only 28 days... + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140229000000Z"), &out)); + + // ... unless it's a leap year. + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20160229000000Z"), &out)); + + // There aren't any leap days in years divisible by 100... + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("21000229000000Z"), &out)); + + // ...unless it's also divisible by 400. + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20000229000000Z"), &out)); + + // Check more perverse invalid inputs. + + // Check that trailing null bytes are not ignored. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20001231010203Z\0"), &out)); + + // Check what happens when a null byte is in the middle of the input. + EXPECT_FALSE(ParseGeneralizedTime(FromStringLiteral( + "200\0" + "1231010203Z"), + &out)); + + // The year can't be in hex. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("0x201231000000Z"), &out)); + + // The last byte must be 'Z'. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20001231000000X"), &out)); + + // Check that the length is validated. + EXPECT_FALSE(ParseGeneralizedTime(FromStringLiteral("20140218161200"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218161200Z0"), &out)); +} + +TEST(ParseValuesTest, TimesCompare) { + GeneralizedTime time1; + GeneralizedTime time2; + GeneralizedTime time3; + + ASSERT_TRUE( + ParseGeneralizedTime(FromStringLiteral("20140218161200Z"), &time1)); + // Test that ParseUTCTime correctly normalizes the year. + ASSERT_TRUE(ParseUTCTime(FromStringLiteral("150218161200Z"), &time2)); + ASSERT_TRUE( + ParseGeneralizedTime(FromStringLiteral("20160218161200Z"), &time3)); + EXPECT_TRUE(time1 < time2); + EXPECT_TRUE(time2 < time3); + + EXPECT_TRUE(time2 > time1); + EXPECT_TRUE(time2 >= time1); + EXPECT_TRUE(time2 <= time3); + EXPECT_TRUE(time1 <= time1); + EXPECT_TRUE(time1 >= time1); +} + +TEST(ParseValuesTest, UTCTimeRange) { + GeneralizedTime time; + ASSERT_TRUE( + ParseGeneralizedTime(FromStringLiteral("20140218161200Z"), &time)); + EXPECT_TRUE(time.InUTCTimeRange()); + + time.year = 1950; + EXPECT_TRUE(time.InUTCTimeRange()); + + time.year = 1949; + EXPECT_FALSE(time.InUTCTimeRange()); + + time.year = 2049; + EXPECT_TRUE(time.InUTCTimeRange()); + + time.year = 2050; + EXPECT_FALSE(time.InUTCTimeRange()); +} + +struct Uint64TestData { + bool should_pass; + const uint8_t input[9]; + size_t length; + uint64_t expected_value; +}; + +const Uint64TestData kUint64TestData[] = { + {true, {0x00}, 1, 0}, + // This number fails because it is not a minimal representation. + {false, {0x00, 0x00}, 2}, + {true, {0x01}, 1, 1}, + {false, {0xFF}, 1}, + {true, {0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 8, INT64_MAX}, + {true, + {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + 9, + UINT64_MAX}, + // This number fails because it is negative. + {false, {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 8}, + {false, {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 8}, + {false, {0x00, 0x01}, 2}, + {false, {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09}, 9}, + {false, {0}, 0}, +}; + +TEST(ParseValuesTest, ParseUint64) { + for (size_t i = 0; i < std::size(kUint64TestData); i++) { + const Uint64TestData& test_case = kUint64TestData[i]; + SCOPED_TRACE(i); + + uint64_t result; + EXPECT_EQ(test_case.should_pass, + ParseUint64(Input(test_case.input, test_case.length), &result)); + if (test_case.should_pass) { + EXPECT_EQ(test_case.expected_value, result); + } + } +} + +struct Uint8TestData { + bool should_pass; + const uint8_t input[9]; + size_t length; + uint8_t expected_value; +}; + +const Uint8TestData kUint8TestData[] = { + {true, {0x00}, 1, 0}, + // This number fails because it is not a minimal representation. + {false, {0x00, 0x00}, 2}, + {true, {0x01}, 1, 1}, + {false, {0x01, 0xFF}, 2}, + {false, {0x03, 0x83}, 2}, + {true, {0x7F}, 1, 0x7F}, + {true, {0x00, 0xFF}, 2, 0xFF}, + // This number fails because it is negative. + {false, {0xFF}, 1}, + {false, {0x80}, 1}, + {false, {0x00, 0x01}, 2}, + {false, {0}, 0}, +}; + +TEST(ParseValuesTest, ParseUint8) { + for (size_t i = 0; i < std::size(kUint8TestData); i++) { + const Uint8TestData& test_case = kUint8TestData[i]; + SCOPED_TRACE(i); + + uint8_t result; + EXPECT_EQ(test_case.should_pass, + ParseUint8(Input(test_case.input, test_case.length), &result)); + if (test_case.should_pass) { + EXPECT_EQ(test_case.expected_value, result); + } + } +} + +struct IsValidIntegerTestData { + bool should_pass; + const uint8_t input[2]; + size_t length; + bool negative; +}; + +const IsValidIntegerTestData kIsValidIntegerTestData[] = { + // Empty input (invalid DER). + {false, {0x00}, 0}, + + // The correct encoding for zero. + {true, {0x00}, 1, false}, + + // Invalid representation of zero (not minimal) + {false, {0x00, 0x00}, 2}, + + // Valid single byte negative numbers. + {true, {0x80}, 1, true}, + {true, {0xFF}, 1, true}, + + // Non-minimal negative number. + {false, {0xFF, 0x80}, 2}, + + // Positive number with a legitimate leading zero. + {true, {0x00, 0x80}, 2, false}, + + // A legitimate negative number that starts with FF (MSB of second byte is + // 0 so OK). + {true, {0xFF, 0x7F}, 2, true}, +}; + +TEST(ParseValuesTest, IsValidInteger) { + for (size_t i = 0; i < std::size(kIsValidIntegerTestData); i++) { + const auto& test_case = kIsValidIntegerTestData[i]; + SCOPED_TRACE(i); + + bool negative; + EXPECT_EQ( + test_case.should_pass, + IsValidInteger(Input(test_case.input, test_case.length), &negative)); + if (test_case.should_pass) { + EXPECT_EQ(test_case.negative, negative); + } + } +} + +// Tests parsing an empty BIT STRING. +TEST(ParseValuesTest, ParseBitStringEmptyNoUnusedBits) { + const uint8_t kData[] = {0x00}; + + std::optional bit_string = ParseBitString(Input(kData)); + ASSERT_TRUE(bit_string.has_value()); + + EXPECT_EQ(0u, bit_string->unused_bits()); + EXPECT_EQ(0u, bit_string->bytes().Length()); + + EXPECT_FALSE(bit_string->AssertsBit(0)); + EXPECT_FALSE(bit_string->AssertsBit(1)); + EXPECT_FALSE(bit_string->AssertsBit(3)); +} + +// Tests parsing an empty BIT STRING that incorrectly claims one unused bit. +TEST(ParseValuesTest, ParseBitStringEmptyOneUnusedBit) { + const uint8_t kData[] = {0x01}; + + std::optional bit_string = ParseBitString(Input(kData)); + EXPECT_FALSE(bit_string.has_value()); +} + +// Tests parsing an empty BIT STRING that is not minmally encoded (the entire +// last byte is comprised of unused bits). +TEST(ParseValuesTest, ParseBitStringNonEmptyTooManyUnusedBits) { + const uint8_t kData[] = {0x08, 0x00}; + + std::optional bit_string = ParseBitString(Input(kData)); + EXPECT_FALSE(bit_string.has_value()); +} + +// Tests parsing a BIT STRING of 7 bits each of which are 1. +TEST(ParseValuesTest, ParseBitStringSevenOneBits) { + const uint8_t kData[] = {0x01, 0xFE}; + + std::optional bit_string = ParseBitString(Input(kData)); + ASSERT_TRUE(bit_string.has_value()); + + EXPECT_EQ(1u, bit_string->unused_bits()); + EXPECT_EQ(1u, bit_string->bytes().Length()); + EXPECT_EQ(0xFE, bit_string->bytes().UnsafeData()[0]); + + EXPECT_TRUE(bit_string->AssertsBit(0)); + EXPECT_TRUE(bit_string->AssertsBit(1)); + EXPECT_TRUE(bit_string->AssertsBit(2)); + EXPECT_TRUE(bit_string->AssertsBit(3)); + EXPECT_TRUE(bit_string->AssertsBit(4)); + EXPECT_TRUE(bit_string->AssertsBit(5)); + EXPECT_TRUE(bit_string->AssertsBit(6)); + EXPECT_FALSE(bit_string->AssertsBit(7)); + EXPECT_FALSE(bit_string->AssertsBit(8)); +} + +// Tests parsing a BIT STRING of 7 bits each of which are 1. The unused bit +// however is set to 1, which is an invalid encoding. +TEST(ParseValuesTest, ParseBitStringSevenOneBitsUnusedBitIsOne) { + const uint8_t kData[] = {0x01, 0xFF}; + + std::optional bit_string = ParseBitString(Input(kData)); + EXPECT_FALSE(bit_string.has_value()); +} + +TEST(ParseValuesTest, ParseIA5String) { + const uint8_t valid_der[] = {0x46, 0x6f, 0x6f, 0x20, 0x62, + 0x61, 0x72, 0x01, 0x7f}; + std::string s; + EXPECT_TRUE(ParseIA5String(der::Input(valid_der), &s)); + EXPECT_EQ("Foo bar\x01\x7f", s); + + // 0x80 is not a valid character in IA5String. + const uint8_t invalid_der[] = {0x46, 0x6f, 0x80, 0x20, 0x62, 0x61, 0x72}; + EXPECT_FALSE(ParseIA5String(der::Input(invalid_der), &s)); +} + +TEST(ParseValuesTest, ParseVisibleString) { + const uint8_t valid_der[] = {0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, 0x7e}; + std::string s; + EXPECT_TRUE(ParseVisibleString(der::Input(valid_der), &s)); + EXPECT_EQ("Foo bar\x7e", s); + + // 0x7f is not a valid character in VisibleString + const uint8_t invalid_der[] = {0x46, 0x6f, 0x7f, 0x20, 0x62, 0x61, 0x72}; + EXPECT_FALSE(ParseVisibleString(der::Input(invalid_der), &s)); + + // 0x1f is not a valid character in VisibleString + const uint8_t invalid_der2[] = {0x46, 0x6f, 0x1f, 0x20, 0x62, 0x61, 0x72}; + EXPECT_FALSE(ParseVisibleString(der::Input(invalid_der2), &s)); +} + +TEST(ParseValuesTest, ParsePrintableString) { + const uint8_t valid_der[] = {0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72}; + std::string s; + EXPECT_TRUE(ParsePrintableString(der::Input(valid_der), &s)); + EXPECT_EQ("Foo bar", s); + + // 0x5f '_' is not a valid character in PrintableString. + const uint8_t invalid_der[] = {0x46, 0x6f, 0x5f, 0x20, 0x62, 0x61, 0x72}; + EXPECT_FALSE(ParsePrintableString(der::Input(invalid_der), &s)); +} + +TEST(ParseValuesTest, ParseTeletexStringAsLatin1) { + const uint8_t valid_der[] = {0x46, 0x6f, 0xd6, 0x20, 0x62, 0x61, 0x72}; + std::string s; + EXPECT_TRUE(ParseTeletexStringAsLatin1(der::Input(valid_der), &s)); + EXPECT_EQ("FoÖ bar", s); +} + +TEST(ParseValuesTest, ParseBmpString) { + const uint8_t valid_der[] = {0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, + 0x00, 0x62, 0x00, 0x61, 0x00, 0x72}; + std::string s; + EXPECT_TRUE(ParseBmpString(der::Input(valid_der), &s)); + EXPECT_EQ("foobar", s); + + const uint8_t valid_nonascii_der[] = {0x27, 0x28, 0x26, 0xa1, 0x2b, 0x50}; + EXPECT_TRUE(ParseBmpString(der::Input(valid_nonascii_der), &s)); + EXPECT_EQ("✨⚡⭐", s); + + // BmpString must encode characters in pairs of 2 bytes. + const uint8_t invalid_odd_der[] = {0x00, 0x66, 0x00, 0x6f, 0x00}; + EXPECT_FALSE(ParseBmpString(der::Input(invalid_odd_der), &s)); + + // UTF-16BE encoding of U+1D11E, MUSICAL SYMBOL G CLEF, which is not valid in + // UCS-2. + const uint8_t invalid_bmp_valid_utf16_with_surrogate[] = {0xd8, 0x34, 0xdd, + 0x1e}; + EXPECT_FALSE( + ParseBmpString(der::Input(invalid_bmp_valid_utf16_with_surrogate), &s)); +} + +TEST(ParseValuesTest, ParseUniversalString) { + const uint8_t valid_der[] = {0x00, 0x00, 0x00, 0x66, 0x00, 0x00, 0x00, 0x6f, + 0x00, 0x00, 0x00, 0x6f, 0x00, 0x00, 0x00, 0x62, + 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x72}; + std::string s; + EXPECT_TRUE(ParseUniversalString(der::Input(valid_der), &s)); + EXPECT_EQ("foobar", s); + + const uint8_t valid_non_ascii_der[] = {0x0, 0x1, 0xf4, 0xe, 0x0, 0x0, 0x0, + 0x20, 0x0, 0x1, 0xd1, 0x1e, 0x0, 0x0, + 0x26, 0x69, 0x0, 0x0, 0x26, 0x6b}; + EXPECT_TRUE(ParseUniversalString(der::Input(valid_non_ascii_der), &s)); + EXPECT_EQ("🐎 𝄞♩♫", s); + + // UniversalString must encode characters in groups of 4 bytes. + const uint8_t invalid_non_4_multiple_der[] = {0x00, 0x00, 0x00, + 0x66, 0x00, 0x00}; + EXPECT_FALSE( + ParseUniversalString(der::Input(invalid_non_4_multiple_der), &s)); +} + +} // namespace bssl::der::test diff --git a/pki/parsed_certificate.cc b/pki/parsed_certificate.cc new file mode 100644 index 0000000000..5a5039c55c --- /dev/null +++ b/pki/parsed_certificate.cc @@ -0,0 +1,295 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parsed_certificate.h" + +#include "cert_errors.h" +#include "certificate_policies.h" +#include "extended_key_usage.h" +#include "name_constraints.h" +#include "signature_algorithm.h" +#include "verify_name_match.h" +#include "parser.h" +#include + +namespace bssl { + +namespace { + +DEFINE_CERT_ERROR_ID(kFailedParsingCertificate, "Failed parsing Certificate"); +DEFINE_CERT_ERROR_ID(kFailedParsingTbsCertificate, + "Failed parsing TBSCertificate"); +DEFINE_CERT_ERROR_ID(kFailedReadingIssuerOrSubject, + "Failed reading issuer or subject"); +DEFINE_CERT_ERROR_ID(kFailedNormalizingSubject, "Failed normalizing subject"); +DEFINE_CERT_ERROR_ID(kFailedNormalizingIssuer, "Failed normalizing issuer"); +DEFINE_CERT_ERROR_ID(kFailedParsingExtensions, "Failed parsing extensions"); +DEFINE_CERT_ERROR_ID(kFailedParsingBasicConstraints, + "Failed parsing basic constraints"); +DEFINE_CERT_ERROR_ID(kFailedParsingKeyUsage, "Failed parsing key usage"); +DEFINE_CERT_ERROR_ID(kFailedParsingEku, "Failed parsing extended key usage"); +DEFINE_CERT_ERROR_ID(kFailedParsingSubjectAltName, + "Failed parsing subjectAltName"); +DEFINE_CERT_ERROR_ID(kSubjectAltNameNotCritical, + "Empty subject and subjectAltName is not critical"); +DEFINE_CERT_ERROR_ID(kFailedParsingNameConstraints, + "Failed parsing name constraints"); +DEFINE_CERT_ERROR_ID(kFailedParsingAia, "Failed parsing authority info access"); +DEFINE_CERT_ERROR_ID(kFailedParsingPolicies, + "Failed parsing certificate policies"); +DEFINE_CERT_ERROR_ID(kFailedParsingPolicyConstraints, + "Failed parsing policy constraints"); +DEFINE_CERT_ERROR_ID(kFailedParsingPolicyMappings, + "Failed parsing policy mappings"); +DEFINE_CERT_ERROR_ID(kFailedParsingInhibitAnyPolicy, + "Failed parsing inhibit any policy"); +DEFINE_CERT_ERROR_ID(kFailedParsingAuthorityKeyIdentifier, + "Failed parsing authority key identifier"); +DEFINE_CERT_ERROR_ID(kFailedParsingSubjectKeyIdentifier, + "Failed parsing subject key identifier"); + +[[nodiscard]] bool GetSequenceValue(const der::Input& tlv, der::Input* value) { + der::Parser parser(tlv); + return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); +} + +} // namespace + +bool ParsedCertificate::GetExtension(const der::Input& extension_oid, + ParsedExtension* parsed_extension) const { + if (!tbs_.extensions_tlv) + return false; + + auto it = extensions_.find(extension_oid); + if (it == extensions_.end()) { + *parsed_extension = ParsedExtension(); + return false; + } + + *parsed_extension = it->second; + return true; +} + +ParsedCertificate::ParsedCertificate(PrivateConstructor) {} +ParsedCertificate::~ParsedCertificate() = default; + +// static +std::shared_ptr ParsedCertificate::Create( + bssl::UniquePtr backing_data, + const ParseCertificateOptions& options, + CertErrors* errors) { + // |errors| is an optional parameter, but to keep the code simpler, use a + // dummy object when one wasn't provided. + CertErrors unused_errors; + if (!errors) + errors = &unused_errors; + + auto result = std::make_shared(PrivateConstructor{}); + result->cert_data_ = std::move(backing_data); + result->cert_ = der::Input(CRYPTO_BUFFER_data(result->cert_data_.get()), + CRYPTO_BUFFER_len(result->cert_data_.get())); + + if (!ParseCertificate(result->cert_, &result->tbs_certificate_tlv_, + &result->signature_algorithm_tlv_, + &result->signature_value_, errors)) { + errors->AddError(kFailedParsingCertificate); + return nullptr; + } + + if (!ParseTbsCertificate(result->tbs_certificate_tlv_, options, &result->tbs_, + errors)) { + errors->AddError(kFailedParsingTbsCertificate); + return nullptr; + } + + // Attempt to parse the signature algorithm contained in the Certificate. + result->signature_algorithm_ = + ParseSignatureAlgorithm(result->signature_algorithm_tlv_); + + der::Input subject_value; + if (!GetSequenceValue(result->tbs_.subject_tlv, &subject_value)) { + errors->AddError(kFailedReadingIssuerOrSubject); + return nullptr; + } + if (!NormalizeName(subject_value, &result->normalized_subject_, errors)) { + errors->AddError(kFailedNormalizingSubject); + return nullptr; + } + der::Input issuer_value; + if (!GetSequenceValue(result->tbs_.issuer_tlv, &issuer_value)) { + errors->AddError(kFailedReadingIssuerOrSubject); + return nullptr; + } + if (!NormalizeName(issuer_value, &result->normalized_issuer_, errors)) { + errors->AddError(kFailedNormalizingIssuer); + return nullptr; + } + + // Parse the standard X.509 extensions. + if (result->tbs_.extensions_tlv) { + // ParseExtensions() ensures there are no duplicates, and maps the (unique) + // OID to the extension value. + if (!ParseExtensions(result->tbs_.extensions_tlv.value(), + &result->extensions_)) { + errors->AddError(kFailedParsingExtensions); + return nullptr; + } + + ParsedExtension extension; + + // Basic constraints. + if (result->GetExtension(der::Input(kBasicConstraintsOid), &extension)) { + result->has_basic_constraints_ = true; + if (!ParseBasicConstraints(extension.value, + &result->basic_constraints_)) { + errors->AddError(kFailedParsingBasicConstraints); + return nullptr; + } + } + + // Key Usage. + if (result->GetExtension(der::Input(kKeyUsageOid), &extension)) { + result->has_key_usage_ = true; + if (!ParseKeyUsage(extension.value, &result->key_usage_)) { + errors->AddError(kFailedParsingKeyUsage); + return nullptr; + } + } + + // Extended Key Usage. + if (result->GetExtension(der::Input(kExtKeyUsageOid), &extension)) { + result->has_extended_key_usage_ = true; + if (!ParseEKUExtension(extension.value, &result->extended_key_usage_)) { + errors->AddError(kFailedParsingEku); + return nullptr; + } + } + + // Subject alternative name. + if (result->GetExtension(der::Input(kSubjectAltNameOid), + &result->subject_alt_names_extension_)) { + // RFC 5280 section 4.2.1.6: + // SubjectAltName ::= GeneralNames + result->subject_alt_names_ = GeneralNames::Create( + result->subject_alt_names_extension_.value, errors); + if (!result->subject_alt_names_) { + errors->AddError(kFailedParsingSubjectAltName); + return nullptr; + } + // RFC 5280 section 4.1.2.6: + // If subject naming information is present only in the subjectAltName + // extension (e.g., a key bound only to an email address or URI), then the + // subject name MUST be an empty sequence and the subjectAltName extension + // MUST be critical. + if (subject_value.Length() == 0 && + !result->subject_alt_names_extension_.critical) { + errors->AddError(kSubjectAltNameNotCritical); + return nullptr; + } + } + + // Name constraints. + if (result->GetExtension(der::Input(kNameConstraintsOid), &extension)) { + result->name_constraints_ = + NameConstraints::Create(extension.value, extension.critical, errors); + if (!result->name_constraints_) { + errors->AddError(kFailedParsingNameConstraints); + return nullptr; + } + } + + // Authority information access. + if (result->GetExtension(der::Input(kAuthorityInfoAccessOid), + &result->authority_info_access_extension_)) { + result->has_authority_info_access_ = true; + if (!ParseAuthorityInfoAccessURIs( + result->authority_info_access_extension_.value, + &result->ca_issuers_uris_, &result->ocsp_uris_)) { + errors->AddError(kFailedParsingAia); + return nullptr; + } + } + + // Policies. + if (result->GetExtension(der::Input(kCertificatePoliciesOid), &extension)) { + result->has_policy_oids_ = true; + if (!ParseCertificatePoliciesExtensionOids( + extension.value, false /*fail_parsing_unknown_qualifier_oids*/, + &result->policy_oids_, errors)) { + errors->AddError(kFailedParsingPolicies); + return nullptr; + } + } + + // Policy constraints. + if (result->GetExtension(der::Input(kPolicyConstraintsOid), &extension)) { + result->has_policy_constraints_ = true; + if (!ParsePolicyConstraints(extension.value, + &result->policy_constraints_)) { + errors->AddError(kFailedParsingPolicyConstraints); + return nullptr; + } + } + + // Policy mappings. + if (result->GetExtension(der::Input(kPolicyMappingsOid), &extension)) { + result->has_policy_mappings_ = true; + if (!ParsePolicyMappings(extension.value, &result->policy_mappings_)) { + errors->AddError(kFailedParsingPolicyMappings); + return nullptr; + } + } + + // Inhibit Any Policy. + if (result->GetExtension(der::Input(kInhibitAnyPolicyOid), &extension)) { + result->has_inhibit_any_policy_ = true; + if (!ParseInhibitAnyPolicy(extension.value, + &result->inhibit_any_policy_)) { + errors->AddError(kFailedParsingInhibitAnyPolicy); + return nullptr; + } + } + + // Subject Key Identifier. + if (result->GetExtension(der::Input(kSubjectKeyIdentifierOid), + &extension)) { + result->subject_key_identifier_ = std::make_optional(); + if (!ParseSubjectKeyIdentifier( + extension.value, &result->subject_key_identifier_.value())) { + errors->AddError(kFailedParsingSubjectKeyIdentifier); + return nullptr; + } + } + + // Authority Key Identifier. + if (result->GetExtension(der::Input(kAuthorityKeyIdentifierOid), + &extension)) { + result->authority_key_identifier_ = + std::make_optional(); + if (!ParseAuthorityKeyIdentifier( + extension.value, &result->authority_key_identifier_.value())) { + errors->AddError(kFailedParsingAuthorityKeyIdentifier); + return nullptr; + } + } + } + + return result; +} + +// static +bool ParsedCertificate::CreateAndAddToVector( + bssl::UniquePtr cert_data, + const ParseCertificateOptions& options, + std::vector>* chain, + CertErrors* errors) { + std::shared_ptr cert( + Create(std::move(cert_data), options, errors)); + if (!cert) + return false; + chain->push_back(std::move(cert)); + return true; +} + +} // namespace net diff --git a/pki/parsed_certificate.h b/pki/parsed_certificate.h new file mode 100644 index 0000000000..20fd895947 --- /dev/null +++ b/pki/parsed_certificate.h @@ -0,0 +1,337 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_PARSED_CERTIFICATE_H_ +#define BSSL_PKI_PARSED_CERTIFICATE_H_ + +#include "fillins/openssl_util.h" +#include +#include +#include + +#include "fillins/check.h" + +#include "certificate_policies.h" +#include "parse_certificate.h" +#include "signature_algorithm.h" +#include "input.h" +#include +#include + +namespace bssl { + +struct GeneralNames; +class NameConstraints; +class ParsedCertificate; +class CertErrors; + +using ParsedCertificateList = + std::vector>; + +// Represents an X.509 certificate, including Certificate, TBSCertificate, and +// standard extensions. +// Creating a ParsedCertificate does not completely parse and validate the +// certificate data. Presence of a member in this class implies the DER was +// parsed successfully to that level, but does not imply the contents of that +// member are valid, unless otherwise specified. See the documentation for each +// member or the documentation of the type it returns. +class OPENSSL_EXPORT ParsedCertificate { + private: + // Used to make constructors private while still being compatible with + // |std::make_shared|. + class PrivateConstructor { + private: + friend ParsedCertificate; + PrivateConstructor() = default; + }; + + public: +~ParsedCertificate(); + // Map from OID to ParsedExtension. + using ExtensionsMap = std::map; + + // Creates a ParsedCertificate given a DER-encoded Certificate. Returns + // nullptr on failure. Failure will occur if the standard certificate fields + // and supported extensions cannot be parsed. + // On either success or failure, if |errors| is non-null it may have error + // information added to it. + static std::shared_ptr Create( + bssl::UniquePtr cert_data, + const ParseCertificateOptions& options, + CertErrors* errors); + + // Creates a ParsedCertificate by copying the provided |data|, and appends it + // to |chain|. Returns true if the certificate was successfully parsed and + // added. If false is return, |chain| is unmodified. + // + // On either success or failure, if |errors| is non-null it may have error + // information added to it. + static bool CreateAndAddToVector( + bssl::UniquePtr cert_data, + const ParseCertificateOptions& options, + std::vector>* chain, + CertErrors* errors); + + explicit ParsedCertificate(PrivateConstructor); + + ParsedCertificate(const ParsedCertificate&) = delete; + ParsedCertificate& operator=(const ParsedCertificate&) = delete; + + // Returns the DER-encoded certificate data for this cert. + const der::Input& der_cert() const { return cert_; } + + // Returns the CRYPTO_BUFFER backing this object. + CRYPTO_BUFFER* cert_buffer() const { return cert_data_.get(); } + + // Accessors for raw fields of the Certificate. + const der::Input& tbs_certificate_tlv() const { return tbs_certificate_tlv_; } + + const der::Input& signature_algorithm_tlv() const { + return signature_algorithm_tlv_; + } + + const der::BitString& signature_value() const { return signature_value_; } + + // Accessor for struct containing raw fields of the TbsCertificate. + const ParsedTbsCertificate& tbs() const { return tbs_; } + + // Returns the signatureAlgorithm of the Certificate (not the tbsCertificate). + // If the signature algorithm is unknown/unsupported, this returns nullopt. + std::optional signature_algorithm() const { + return signature_algorithm_; + } + + // Returns the DER-encoded raw subject value (including the outer sequence + // tag). This is guaranteed to be valid DER, though the contents of unhandled + // string types are treated as raw bytes. + der::Input subject_tlv() const { return tbs_.subject_tlv; } + // Returns the DER-encoded normalized subject value (not including outer + // Sequence tag). This is guaranteed to be valid DER, though the contents of + // unhandled string types are treated as raw bytes. + der::Input normalized_subject() const { + return der::Input(&normalized_subject_); + } + // Returns the DER-encoded raw issuer value (including the outer sequence + // tag). This is guaranteed to be valid DER, though the contents of unhandled + // string types are treated as raw bytes. + der::Input issuer_tlv() const { return tbs_.issuer_tlv; } + // Returns the DER-encoded normalized issuer value (not including outer + // Sequence tag). This is guaranteed to be valid DER, though the contents of + // unhandled string types are treated as raw bytes. + der::Input normalized_issuer() const { + return der::Input(&normalized_issuer_); + } + + // Returns true if the certificate has a BasicConstraints extension. + bool has_basic_constraints() const { return has_basic_constraints_; } + + // Returns the ParsedBasicConstraints struct. Caller must check + // has_basic_constraints() before accessing this. + const ParsedBasicConstraints& basic_constraints() const { + DCHECK(has_basic_constraints_); + return basic_constraints_; + } + + // Returns true if the certificate has a KeyUsage extension. + bool has_key_usage() const { return has_key_usage_; } + + // Returns the KeyUsage BitString. Caller must check + // has_key_usage() before accessing this. + const der::BitString& key_usage() const { + DCHECK(has_key_usage_); + return key_usage_; + } + + // Returns true if the certificate has a ExtendedKeyUsage extension. + bool has_extended_key_usage() const { return has_extended_key_usage_; } + + // Returns the ExtendedKeyUsage key purpose OIDs. Caller must check + // has_extended_key_usage() before accessing this. + const std::vector& extended_key_usage() const { + DCHECK(has_extended_key_usage_); + return extended_key_usage_; + } + + // Returns true if the certificate has a SubjectAltName extension. + bool has_subject_alt_names() const { return subject_alt_names_ != nullptr; } + + // Returns the ParsedExtension struct for the SubjectAltName extension. + // If the cert did not have a SubjectAltName extension, this will be a + // default-initialized ParsedExtension struct. + const ParsedExtension& subject_alt_names_extension() const { + return subject_alt_names_extension_; + } + + // Returns the GeneralNames class parsed from SubjectAltName extension, or + // nullptr if no SubjectAltName extension was present. + const GeneralNames* subject_alt_names() const { + return subject_alt_names_.get(); + } + + // Returns true if the certificate has a NameConstraints extension. + bool has_name_constraints() const { return name_constraints_ != nullptr; } + + // Returns the parsed NameConstraints extension. Must not be called if + // has_name_constraints() is false. + const NameConstraints& name_constraints() const { + DCHECK(name_constraints_); + return *name_constraints_; + } + + // Returns true if the certificate has an AuthorityInfoAccess extension. + bool has_authority_info_access() const { return has_authority_info_access_; } + + // Returns the ParsedExtension struct for the AuthorityInfoAccess extension. + const ParsedExtension& authority_info_access_extension() const { + return authority_info_access_extension_; + } + + // Returns any caIssuers URIs from the AuthorityInfoAccess extension. + const std::vector& ca_issuers_uris() const { + return ca_issuers_uris_; + } + + // Returns any OCSP URIs from the AuthorityInfoAccess extension. + const std::vector& ocsp_uris() const { return ocsp_uris_; } + + // Returns true if the certificate has a Policies extension. + bool has_policy_oids() const { return has_policy_oids_; } + + // Returns the policy OIDs. Caller must check has_policy_oids() before + // accessing this. + const std::vector& policy_oids() const { + DCHECK(has_policy_oids()); + return policy_oids_; + } + + // Returns true if the certificate has a PolicyConstraints extension. + bool has_policy_constraints() const { return has_policy_constraints_; } + + // Returns the ParsedPolicyConstraints struct. Caller must check + // has_policy_constraints() before accessing this. + const ParsedPolicyConstraints& policy_constraints() const { + DCHECK(has_policy_constraints_); + return policy_constraints_; + } + + // Returns true if the certificate has a PolicyMappings extension. + bool has_policy_mappings() const { return has_policy_mappings_; } + + // Returns the PolicyMappings extension. Caller must check + // has_policy_mappings() before accessing this. + const std::vector& policy_mappings() const { + DCHECK(has_policy_mappings_); + return policy_mappings_; + } + + // Returns true if the certificate has a InhibitAnyPolicy extension. + bool has_inhibit_any_policy() const { return has_inhibit_any_policy_; } + + // Returns the Inhibit Any Policy extension. Caller must check + // has_inhibit_any_policy() before accessing this. + uint8_t inhibit_any_policy() const { + DCHECK(has_inhibit_any_policy_); + return inhibit_any_policy_; + } + + // Returns the AuthorityKeyIdentifier extension, or nullopt if there wasn't + // one. + const std::optional& authority_key_identifier() + const { + return authority_key_identifier_; + } + + // Returns the SubjectKeyIdentifier extension, or nullopt if there wasn't + // one. + const std::optional& subject_key_identifier() const { + return subject_key_identifier_; + } + + // Returns a map of all the extensions in the certificate. + const ExtensionsMap& extensions() const { return extensions_; } + + // Gets the value for extension matching |extension_oid|. Returns false if the + // extension is not present. + bool GetExtension(const der::Input& extension_oid, + ParsedExtension* parsed_extension) const; + + private: + // The backing store for the certificate data. + bssl::UniquePtr cert_data_; + + // Points to the raw certificate DER. + der::Input cert_; + + der::Input tbs_certificate_tlv_; + der::Input signature_algorithm_tlv_; + der::BitString signature_value_; + ParsedTbsCertificate tbs_; + + // The signatureAlgorithm from the Certificate. + std::optional signature_algorithm_; + + // Normalized DER-encoded Subject (not including outer Sequence tag). + std::string normalized_subject_; + // Normalized DER-encoded Issuer (not including outer Sequence tag). + std::string normalized_issuer_; + + // BasicConstraints extension. + bool has_basic_constraints_ = false; + ParsedBasicConstraints basic_constraints_; + + // KeyUsage extension. + bool has_key_usage_ = false; + der::BitString key_usage_; + + // ExtendedKeyUsage extension. + bool has_extended_key_usage_ = false; + std::vector extended_key_usage_; + + // Raw SubjectAltName extension. + ParsedExtension subject_alt_names_extension_; + // Parsed SubjectAltName extension. + std::unique_ptr subject_alt_names_; + + // NameConstraints extension. + std::unique_ptr name_constraints_; + + // AuthorityInfoAccess extension. + bool has_authority_info_access_ = false; + ParsedExtension authority_info_access_extension_; + // CaIssuers and Ocsp URIs parsed from the AuthorityInfoAccess extension. Note + // that the AuthorityInfoAccess may have contained other AccessDescriptions + // which are not represented here. + std::vector ca_issuers_uris_; + std::vector ocsp_uris_; + + // Policies extension. This list will already have been checked for + // duplicates. + bool has_policy_oids_ = false; + std::vector policy_oids_; + + // Policy constraints extension. + bool has_policy_constraints_ = false; + ParsedPolicyConstraints policy_constraints_; + + // Policy mappings extension. + bool has_policy_mappings_ = false; + std::vector policy_mappings_; + + // Inhibit Any Policy extension. + bool has_inhibit_any_policy_ = false; + uint8_t inhibit_any_policy_; + + // AuthorityKeyIdentifier extension. + std::optional authority_key_identifier_; + + // SubjectKeyIdentifier extension. + std::optional subject_key_identifier_; + + // All of the extensions. + ExtensionsMap extensions_; +}; + +} // namespace net + +#endif // BSSL_PKI_PARSED_CERTIFICATE_H_ diff --git a/pki/parsed_certificate_unittest.cc b/pki/parsed_certificate_unittest.cc new file mode 100644 index 0000000000..7c3ba7ff1a --- /dev/null +++ b/pki/parsed_certificate_unittest.cc @@ -0,0 +1,593 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parsed_certificate.h" + +#include "cert_errors.h" +#include "parse_certificate.h" +#include "test_helpers.h" +#include "input.h" +#include +#include + +// TODO(eroman): Add tests for parsing of policy mappings. + +namespace bssl { + +namespace { + +std::string GetFilePath(const std::string& file_name) { + return std::string("testdata/parse_certificate_unittest/") + file_name; +} + +// Reads and parses a certificate from the PEM file |file_name|. +// +// Returns nullptr if the certificate parsing failed, and verifies that any +// errors match the ERRORS block in the .pem file. +std::shared_ptr ParseCertificateFromFile( + const std::string& file_name, + const ParseCertificateOptions& options) { + std::string data; + std::string expected_errors; + + // Read the certificate data and error expectations from a single PEM file. + const PemBlockMapping mappings[] = { + {"CERTIFICATE", &data}, + {"ERRORS", &expected_errors, true /*optional*/}, + }; + std::string test_file_path = GetFilePath(file_name); + EXPECT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); + + CertErrors errors; + std::shared_ptr cert = ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(data.data()), data.size(), nullptr)), + options, &errors); + + // The errors are baselined for |!allow_invalid_serial_numbers|. So if + // requesting a non-default option skip the error checks. + // TODO(eroman): This is ugly. + if (!options.allow_invalid_serial_numbers) + VerifyCertErrors(expected_errors, errors, test_file_path); + + // Every parse failure being tested should emit error information. + if (!cert) { + EXPECT_FALSE(errors.ToDebugString().empty()); + } + + return cert; +} + +der::Input DavidBenOid() { + // This OID corresponds with + // 1.2.840.113554.4.1.72585.0 (https://davidben.net/oid) + static const uint8_t kOid[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, + 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00}; + return der::Input(kOid); +} + +// Parses an Extension whose critical field is true (255). +TEST(ParsedCertificateTest, ExtensionCritical) { + std::shared_ptr cert = + ParseCertificateFromFile("extension_critical.pem", {}); + ASSERT_TRUE(cert); + + const uint8_t kExpectedValue[] = {0x30, 0x00}; + + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(DavidBenOid(), &extension)); + + EXPECT_TRUE(extension.critical); + EXPECT_EQ(DavidBenOid(), extension.oid); + EXPECT_EQ(der::Input(kExpectedValue), extension.value); +} + +// Parses an Extension whose critical field is false (omitted). +TEST(ParsedCertificateTest, ExtensionNotCritical) { + std::shared_ptr cert = + ParseCertificateFromFile("extension_not_critical.pem", {}); + ASSERT_TRUE(cert); + + const uint8_t kExpectedValue[] = {0x30, 0x00}; + + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(DavidBenOid(), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(DavidBenOid(), extension.oid); + EXPECT_EQ(der::Input(kExpectedValue), extension.value); +} + +// Parses an Extension whose critical field is 0. This is in one sense FALSE, +// however because critical has DEFAULT of false this is in fact invalid +// DER-encoding. +TEST(ParsedCertificateTest, ExtensionCritical0) { + ASSERT_FALSE(ParseCertificateFromFile("extension_critical_0.pem", {})); +} + +// Parses an Extension whose critical field is 3. Under DER-encoding BOOLEAN +// values must an octet of either all zero bits, or all 1 bits, so this is not +// valid. +TEST(ParsedCertificateTest, ExtensionCritical3) { + ASSERT_FALSE(ParseCertificateFromFile("extension_critical_3.pem", {})); +} + +// Parses an Extensions that is an empty sequence. +TEST(ParsedCertificateTest, ExtensionsEmptySequence) { + ASSERT_FALSE(ParseCertificateFromFile("extensions_empty_sequence.pem", {})); +} + +// Parses an Extensions that is not a sequence. +TEST(ParsedCertificateTest, ExtensionsNotSequence) { + ASSERT_FALSE(ParseCertificateFromFile("extensions_not_sequence.pem", {})); +} + +// Parses an Extensions that has data after the sequence. +TEST(ParsedCertificateTest, ExtensionsDataAfterSequence) { + ASSERT_FALSE( + ParseCertificateFromFile("extensions_data_after_sequence.pem", {})); +} + +// Parses an Extensions that contains duplicated key usages. +TEST(ParsedCertificateTest, ExtensionsDuplicateKeyUsage) { + ASSERT_FALSE( + ParseCertificateFromFile("extensions_duplicate_key_usage.pem", {})); +} + +// Parses a certificate with a bad key usage extension (BIT STRING with zero +// elements). +TEST(ParsedCertificateTest, BadKeyUsage) { + ASSERT_FALSE(ParseCertificateFromFile("bad_key_usage.pem", {})); +} + +// Parses a certificate that has a PolicyQualifierInfo that is missing the +// qualifier field. +TEST(ParsedCertificateTest, BadPolicyQualifiers) { + ASSERT_FALSE(ParseCertificateFromFile("bad_policy_qualifiers.pem", {})); +} + +// Parses a certificate that uses an unknown signature algorithm OID (00). +TEST(ParsedCertificateTest, BadSignatureAlgorithmOid) { + std::shared_ptr cert = + ParseCertificateFromFile("bad_signature_algorithm_oid.pem", {}); + ASSERT_TRUE(cert); + ASSERT_FALSE(cert->signature_algorithm()); +} + +// The validity encodes time as UTCTime but following the BER rules rather than +// DER rules (i.e. YYMMDDHHMMZ instead of YYMMDDHHMMSSZ). +TEST(ParsedCertificateTest, BadValidity) { + ASSERT_FALSE(ParseCertificateFromFile("bad_validity.pem", {})); +} + +// The signature algorithm contains an unexpected parameters field. +TEST(ParsedCertificateTest, FailedSignatureAlgorithm) { + std::shared_ptr cert = + ParseCertificateFromFile("failed_signature_algorithm.pem", {}); + ASSERT_TRUE(cert); + ASSERT_FALSE(cert->signature_algorithm()); +} + +TEST(ParsedCertificateTest, IssuerBadPrintableString) { + ASSERT_FALSE(ParseCertificateFromFile("issuer_bad_printable_string.pem", {})); +} + +TEST(ParsedCertificateTest, NameConstraintsBadIp) { + ASSERT_FALSE(ParseCertificateFromFile("name_constraints_bad_ip.pem", {})); +} + +TEST(ParsedCertificateTest, PolicyQualifiersEmptySequence) { + ASSERT_FALSE( + ParseCertificateFromFile("policy_qualifiers_empty_sequence.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectBlankSubjectAltNameNotCritical) { + ASSERT_FALSE(ParseCertificateFromFile( + "subject_blank_subjectaltname_not_critical.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectNotAscii) { + ASSERT_FALSE(ParseCertificateFromFile("subject_not_ascii.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectNotPrintableString) { + ASSERT_FALSE( + ParseCertificateFromFile("subject_not_printable_string.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectAltNameBadIp) { + ASSERT_FALSE(ParseCertificateFromFile("subjectaltname_bad_ip.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectAltNameDnsNotAscii) { + ASSERT_FALSE( + ParseCertificateFromFile("subjectaltname_dns_not_ascii.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectAltNameGeneralNamesEmptySequence) { + ASSERT_FALSE(ParseCertificateFromFile( + "subjectaltname_general_names_empty_sequence.pem", {})); +} + +TEST(ParsedCertificateTest, SubjectAltNameTrailingData) { + ASSERT_FALSE( + ParseCertificateFromFile("subjectaltname_trailing_data.pem", {})); +} + +TEST(ParsedCertificateTest, V1ExplicitVersion) { + ASSERT_FALSE(ParseCertificateFromFile("v1_explicit_version.pem", {})); +} + +// Parses an Extensions that contains an extended key usages. +TEST(ParsedCertificateTest, ExtendedKeyUsage) { + std::shared_ptr cert = + ParseCertificateFromFile("extended_key_usage.pem", {}); + ASSERT_TRUE(cert); + + ASSERT_EQ(4u, cert->extensions().size()); + + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(der::Input(kExtKeyUsageOid), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(45u, extension.value.Length()); + + EXPECT_TRUE(cert->has_extended_key_usage()); + EXPECT_EQ(4u, cert->extended_key_usage().size()); +} + +// Parses an Extensions that contains a key usage. +TEST(ParsedCertificateTest, KeyUsage) { + std::shared_ptr cert = + ParseCertificateFromFile("key_usage.pem", {}); + ASSERT_TRUE(cert); + + ASSERT_TRUE(cert->has_key_usage()); + + EXPECT_EQ(5u, cert->key_usage().unused_bits()); + const uint8_t kExpectedBytes[] = {0xA0}; + EXPECT_EQ(der::Input(kExpectedBytes), cert->key_usage().bytes()); + + EXPECT_TRUE(cert->key_usage().AssertsBit(0)); + EXPECT_FALSE(cert->key_usage().AssertsBit(1)); + EXPECT_TRUE(cert->key_usage().AssertsBit(2)); +} + +// Parses an Extensions that contains a policies extension. +TEST(ParsedCertificateTest, Policies) { + std::shared_ptr cert = + ParseCertificateFromFile("policies.pem", {}); + ASSERT_TRUE(cert); + + ASSERT_EQ(4u, cert->extensions().size()); + + ParsedExtension extension; + ASSERT_TRUE( + cert->GetExtension(der::Input(kCertificatePoliciesOid), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(95u, extension.value.Length()); + + EXPECT_TRUE(cert->has_policy_oids()); + EXPECT_EQ(2u, cert->policy_oids().size()); +} + +// Parses an Extensions that contains a subjectaltname extension. +TEST(ParsedCertificateTest, SubjectAltName) { + std::shared_ptr cert = + ParseCertificateFromFile("subject_alt_name.pem", {}); + ASSERT_TRUE(cert); + + ASSERT_TRUE(cert->has_subject_alt_names()); +} + +// Parses an Extensions that contains multiple extensions, sourced from a +// real-world certificate. +TEST(ParsedCertificateTest, ExtensionsReal) { + std::shared_ptr cert = + ParseCertificateFromFile("extensions_real.pem", {}); + ASSERT_TRUE(cert); + + ASSERT_EQ(7u, cert->extensions().size()); + + EXPECT_TRUE(cert->has_key_usage()); + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_TRUE(cert->has_authority_info_access()); + EXPECT_TRUE(cert->has_policy_oids()); + + ASSERT_TRUE(cert->authority_key_identifier()); + ASSERT_TRUE(cert->authority_key_identifier()->key_identifier); + EXPECT_FALSE(cert->authority_key_identifier()->authority_cert_issuer); + EXPECT_FALSE(cert->authority_key_identifier()->authority_cert_serial_number); + const uint8_t expected_authority_key_identifier[] = { + 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, + 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, + }; + EXPECT_EQ(der::Input(expected_authority_key_identifier), + cert->authority_key_identifier()->key_identifier); + + ASSERT_TRUE(cert->subject_key_identifier()); + const uint8_t expected_subject_key_identifier[] = { + 0x4a, 0xdd, 0x06, 0x16, 0x1b, 0xbc, 0xf6, 0x68, 0xb5, 0x76, + 0xf5, 0x81, 0xb6, 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f}; + EXPECT_EQ(der::Input(expected_subject_key_identifier), + cert->subject_key_identifier()); + + ParsedExtension extension; + ASSERT_TRUE( + cert->GetExtension(der::Input(kCertificatePoliciesOid), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(16u, extension.value.Length()); + + // TODO(eroman): Verify the other extensions' values. +} + +// Parses a BasicConstraints with no CA or pathlen. +TEST(ParsedCertificateTest, BasicConstraintsNotCa) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_not_ca.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_FALSE(cert->basic_constraints().is_ca); + EXPECT_FALSE(cert->basic_constraints().has_path_len); +} + +// Parses a BasicConstraints with CA but no pathlen. +TEST(ParsedCertificateTest, BasicConstraintsCaNoPath) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_ca_no_path.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_TRUE(cert->basic_constraints().is_ca); + EXPECT_FALSE(cert->basic_constraints().has_path_len); +} + +// Parses a BasicConstraints with CA and pathlen of 9. +TEST(ParsedCertificateTest, BasicConstraintsCaPath9) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_ca_path_9.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_TRUE(cert->basic_constraints().is_ca); + EXPECT_TRUE(cert->basic_constraints().has_path_len); + EXPECT_EQ(9u, cert->basic_constraints().path_len); +} + +// Parses a BasicConstraints with CA and pathlen of 255 (largest allowed size). +TEST(ParsedCertificateTest, BasicConstraintsPathlen255) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_pathlen_255.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_TRUE(cert->basic_constraints().is_ca); + EXPECT_TRUE(cert->basic_constraints().has_path_len); + EXPECT_EQ(255, cert->basic_constraints().path_len); +} + +// Parses a BasicConstraints with CA and pathlen of 256 (too large). +TEST(ParsedCertificateTest, BasicConstraintsPathlen256) { + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_pathlen_256.pem", {})); +} + +// Parses a BasicConstraints with CA and a negative pathlen. +TEST(ParsedCertificateTest, BasicConstraintsNegativePath) { + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_negative_path.pem", {})); +} + +// Parses a BasicConstraints with CA and pathlen that is very large (and +// couldn't fit in a 64-bit integer). +TEST(ParsedCertificateTest, BasicConstraintsPathTooLarge) { + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_path_too_large.pem", {})); +} + +// Parses a BasicConstraints with CA explicitly set to false. This violates +// DER-encoding rules, however is commonly used, so it is accepted. +TEST(ParsedCertificateTest, BasicConstraintsCaFalse) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_ca_false.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_FALSE(cert->basic_constraints().is_ca); + EXPECT_FALSE(cert->basic_constraints().has_path_len); +} + +// Parses a BasicConstraints with CA set to true and an unexpected NULL at +// the end. +TEST(ParsedCertificateTest, BasicConstraintsUnconsumedData) { + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_unconsumed_data.pem", {})); +} + +// Parses a BasicConstraints with CA omitted (false), but with a pathlen of 1. +// This is valid DER for the ASN.1, however is not valid when interpreting the +// BasicConstraints at a higher level. +TEST(ParsedCertificateTest, BasicConstraintsPathLenButNotCa) { + std::shared_ptr cert = + ParseCertificateFromFile("basic_constraints_pathlen_not_ca.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_FALSE(cert->basic_constraints().is_ca); + EXPECT_TRUE(cert->basic_constraints().has_path_len); + EXPECT_EQ(1u, cert->basic_constraints().path_len); +} + +// Tests parsing a certificate that contains a policyConstraints +// extension having requireExplicitPolicy:3. +TEST(ParsedCertificateTest, PolicyConstraintsRequire) { + std::shared_ptr cert = + ParseCertificateFromFile("policy_constraints_require.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_policy_constraints()); + EXPECT_TRUE(cert->policy_constraints().require_explicit_policy.has_value()); + EXPECT_EQ(3, cert->policy_constraints().require_explicit_policy.value()); + EXPECT_FALSE(cert->policy_constraints().inhibit_policy_mapping.has_value()); +} + +// Tests parsing a certificate that contains a policyConstraints +// extension having inhibitPolicyMapping:1. +TEST(ParsedCertificateTest, PolicyConstraintsInhibit) { + std::shared_ptr cert = + ParseCertificateFromFile("policy_constraints_inhibit.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_policy_constraints()); + EXPECT_FALSE(cert->policy_constraints().require_explicit_policy.has_value()); + EXPECT_TRUE(cert->policy_constraints().inhibit_policy_mapping.has_value()); + EXPECT_EQ(1, cert->policy_constraints().inhibit_policy_mapping.value()); +} + +// Tests parsing a certificate that contains a policyConstraints +// extension having requireExplicitPolicy:5,inhibitPolicyMapping:2. +TEST(ParsedCertificateTest, PolicyConstraintsInhibitRequire) { + std::shared_ptr cert = + ParseCertificateFromFile("policy_constraints_inhibit_require.pem", {}); + ASSERT_TRUE(cert); + + EXPECT_TRUE(cert->has_policy_constraints()); + EXPECT_TRUE(cert->policy_constraints().require_explicit_policy.has_value()); + EXPECT_EQ(5, cert->policy_constraints().require_explicit_policy.value()); + EXPECT_TRUE(cert->policy_constraints().inhibit_policy_mapping.has_value()); + EXPECT_EQ(2, cert->policy_constraints().inhibit_policy_mapping.value()); +} + +// Tests parsing a certificate that has a policyConstraints +// extension with an empty sequence. +TEST(ParsedCertificateTest, PolicyConstraintsEmpty) { + std::shared_ptr cert = + ParseCertificateFromFile("policy_constraints_empty.pem", {}); + ASSERT_FALSE(cert); +} + +// Tests a certificate with a serial number with a leading 0 padding byte in +// the encoding since it is not negative. +TEST(ParsedCertificateTest, SerialNumberZeroPadded) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_zero_padded.pem", {}); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number where the MSB is >= 0x80, causing the encoded +// length to be 21 bytes long. This is an error, as RFC 5280 specifies a +// maximum of 20 bytes. +TEST(ParsedCertificateTest, SerialNumberZeroPadded21BytesLong) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_zero_padded_21_bytes.pem", {}); + ASSERT_FALSE(cert); + + // Try again with allow_invalid_serial_numbers=true. Parsing should succeed. + ParseCertificateOptions options; + options.allow_invalid_serial_numbers = true; + cert = ParseCertificateFromFile("serial_zero_padded_21_bytes.pem", options); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[21] = { + 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which is negative. CAs are not supposed to include +// negative serial numbers, however RFC 5280 expects consumers to deal with it +// anyway. +TEST(ParsedCertificateTest, SerialNumberNegative) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_negative.pem", {}); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[2] = {0x80, 0x01}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which is very long. RFC 5280 specifies a maximum of 20 +// bytes. +TEST(ParsedCertificateTest, SerialNumber37BytesLong) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_37_bytes.pem", {}); + ASSERT_FALSE(cert); + + // Try again with allow_invalid_serial_numbers=true. Parsing should succeed. + ParseCertificateOptions options; + options.allow_invalid_serial_numbers = true; + cert = ParseCertificateFromFile("serial_37_bytes.pem", options); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[37] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, + 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which is zero. RFC 5280 says they should be positive, +// however also recommends supporting non-positive ones, so parsing here +// is expected to succeed. +TEST(ParsedCertificateTest, SerialNumberZero) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_zero.pem", {}); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[] = {0x00}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which not a number (NULL). +TEST(ParsedCertificateTest, SerialNotNumber) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_not_number.pem", {}); + ASSERT_FALSE(cert); +} + +// Tests a serial number which uses a non-minimal INTEGER encoding +TEST(ParsedCertificateTest, SerialNotMinimal) { + std::shared_ptr cert = + ParseCertificateFromFile("serial_not_minimal.pem", {}); + ASSERT_FALSE(cert); +} + +// Tests parsing a certificate that has an inhibitAnyPolicy extension. +TEST(ParsedCertificateTest, InhibitAnyPolicy) { + std::shared_ptr cert = + ParseCertificateFromFile("inhibit_any_policy.pem", {}); + ASSERT_TRUE(cert); + + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(der::Input(kInhibitAnyPolicyOid), &extension)); + + uint8_t skip_count; + ASSERT_TRUE(ParseInhibitAnyPolicy(extension.value, &skip_count)); + EXPECT_EQ(3, skip_count); +} + +// Tests a subjectKeyIdentifier that is not an OCTET_STRING. +TEST(ParsedCertificateTest, SubjectKeyIdentifierNotOctetString) { + std::shared_ptr cert = ParseCertificateFromFile( + "subject_key_identifier_not_octet_string.pem", {}); + ASSERT_FALSE(cert); +} + +// Tests an authorityKeyIdentifier that is not a SEQUENCE. +TEST(ParsedCertificateTest, AuthourityKeyIdentifierNotSequence) { + std::shared_ptr cert = + ParseCertificateFromFile("authority_key_identifier_not_sequence.pem", {}); + ASSERT_FALSE(cert); +} + +} // namespace + +} // namespace net diff --git a/pki/parser.cc b/pki/parser.cc new file mode 100644 index 0000000000..907cf3c898 --- /dev/null +++ b/pki/parser.cc @@ -0,0 +1,156 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parser.h" + +#include "fillins/check.h" +#include "parse_values.h" + +namespace bssl::der { + +Parser::Parser() { + CBS_init(&cbs_, nullptr, 0); +} + +Parser::Parser(const Input& input) { + CBS_init(&cbs_, input.UnsafeData(), input.Length()); +} + +bool Parser::PeekTagAndValue(Tag* tag, Input* out) { + CBS peeker = cbs_; + CBS tmp_out; + size_t header_len; + unsigned tag_value; + if (!CBS_get_any_asn1_element(&peeker, &tmp_out, &tag_value, &header_len) || + !CBS_skip(&tmp_out, header_len)) { + return false; + } + advance_len_ = CBS_len(&tmp_out) + header_len; + *tag = tag_value; + *out = Input(CBS_data(&tmp_out), CBS_len(&tmp_out)); + return true; +} + +bool Parser::Advance() { + if (advance_len_ == 0) + return false; + bool ret = !!CBS_skip(&cbs_, advance_len_); + advance_len_ = 0; + return ret; +} + +bool Parser::HasMore() { + return CBS_len(&cbs_) > 0; +} + +bool Parser::ReadRawTLV(Input* out) { + CBS tmp_out; + if (!CBS_get_any_asn1_element(&cbs_, &tmp_out, nullptr, nullptr)) + return false; + *out = Input(CBS_data(&tmp_out), CBS_len(&tmp_out)); + return true; +} + +bool Parser::ReadTagAndValue(Tag* tag, Input* out) { + if (!PeekTagAndValue(tag, out)) + return false; + CHECK(Advance()); + return true; +} + +bool Parser::ReadOptionalTag(Tag tag, std::optional* out) { + if (!HasMore()) { + *out = std::nullopt; + return true; + } + Tag actual_tag; + Input value; + if (!PeekTagAndValue(&actual_tag, &value)) { + return false; + } + if (actual_tag == tag) { + CHECK(Advance()); + *out = value; + } else { + advance_len_ = 0; + *out = std::nullopt; + } + return true; +} + +bool Parser::ReadOptionalTag(Tag tag, Input* out, bool* present) { + std::optional tmp_out; + if (!ReadOptionalTag(tag, &tmp_out)) + return false; + *present = tmp_out.has_value(); + *out = tmp_out.value_or(der::Input()); + return true; +} + +bool Parser::SkipOptionalTag(Tag tag, bool* present) { + Input out; + return ReadOptionalTag(tag, &out, present); +} + +bool Parser::ReadTag(Tag tag, Input* out) { + Tag actual_tag; + Input value; + if (!PeekTagAndValue(&actual_tag, &value) || actual_tag != tag) { + return false; + } + CHECK(Advance()); + *out = value; + return true; +} + +bool Parser::SkipTag(Tag tag) { + Input out; + return ReadTag(tag, &out); +} + +// Type-specific variants of ReadTag + +bool Parser::ReadConstructed(Tag tag, Parser* out) { + if (!IsConstructed(tag)) + return false; + Input data; + if (!ReadTag(tag, &data)) + return false; + *out = Parser(data); + return true; +} + +bool Parser::ReadSequence(Parser* out) { + return ReadConstructed(kSequence, out); +} + +bool Parser::ReadUint8(uint8_t* out) { + Input encoded_int; + if (!ReadTag(kInteger, &encoded_int)) + return false; + return ParseUint8(encoded_int, out); +} + +bool Parser::ReadUint64(uint64_t* out) { + Input encoded_int; + if (!ReadTag(kInteger, &encoded_int)) + return false; + return ParseUint64(encoded_int, out); +} + +std::optional Parser::ReadBitString() { + Input value; + if (!ReadTag(kBitString, &value)) + return std::nullopt; + return ParseBitString(value); +} + +bool Parser::ReadGeneralizedTime(GeneralizedTime* out) { + Input value; + if (!ReadTag(kGeneralizedTime, &value)) + return false; + return ParseGeneralizedTime(value, out); +} + +} // namespace bssl::der diff --git a/pki/parser.h b/pki/parser.h new file mode 100644 index 0000000000..6716968624 --- /dev/null +++ b/pki/parser.h @@ -0,0 +1,212 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_DER_PARSER_H_ +#define BSSL_DER_PARSER_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "input.h" +#include "tag.h" +#include +#include + +namespace bssl::der { + +class BitString; +struct GeneralizedTime; + +// Parses a DER-encoded ASN.1 structure. DER (distinguished encoding rules) +// encodes each data value with a tag, length, and value (TLV). The tag +// indicates the type of the ASN.1 value. Depending on the type of the value, +// it could contain arbitrary bytes, so the length of the value is encoded +// after the tag and before the value to indicate how many bytes of value +// follow. DER also defines how the values are encoded for particular types. +// +// This Parser places a few restrictions on the DER encoding it can parse. The +// largest restriction is that it only supports tags which have a tag number +// no greater than 30 - these are the tags that fit in a single octet. The +// second restriction is that the maximum length for a value that can be parsed +// is 4GB. Both of these restrictions should be fine for any reasonable input. +// +// The Parser class is mainly focused on parsing the TLV structure of DER +// encoding, and does not directly handle parsing primitive values (other +// functions in the bssl::der namespace are provided for this.) When a Parser +// is created, it is passed in a reference to the encoded data. Because the +// encoded data is not owned by the Parser, the data cannot change during the +// lifespan of the Parser. The Parser functions by keeping a pointer to the +// current TLV which starts at the beginning of the input and advancing through +// the input as each TLV is read. As such, a Parser instance is thread-unsafe. +// +// Most methods for using the Parser write the current tag and/or value to +// the output parameters provided and then advance the input to the next TLV. +// None of the methods explicitly expose the length because it is part of the +// value. All methods return a boolean indicating whether there was a parsing +// error with the current TLV. +// +// Some methods are provided in the Parser class as convenience to both read +// the current TLV from the input and also parse the DER encoded value, +// converting it to a corresponding C++ type. These methods simply combine +// ReadTag() with the appropriate ParseType() free function. +// +// The design of DER encoding allows for nested data structures with +// constructed values, where the value is a series of TLVs. The Parser class +// is not designed to traverse through a nested encoding from a single object, +// but it does facilitate parsing nested data structures through the +// convenience methods ReadSequence() and the more general ReadConstructed(), +// which provide the user with another Parser object to traverse the next +// level of TLVs. +// +// For a brief example of how to use the Parser, suppose we have the following +// ASN.1 type definition: +// +// Foo ::= SEQUENCE { +// bar OCTET STRING OPTIONAL, +// quux OCTET STRING } +// +// If we have a DER-encoded Foo in an Input |encoded_value|, the +// following code shows an example of how to parse the quux field from the +// encoded data. +// +// bool ReadQuux(const Input& encoded_value, Input* quux_out) { +// Parser parser(encoded_value); +// Parser foo_parser; +// if (!parser.ReadSequence(&foo_parser)) +// return false; +// if (!foo_parser->SkipOptionalTag(kOctetString)) +// return false; +// if (!foo_parser->ReadTag(kOctetString, quux_out)) +// return false; +// return true; +// } +class OPENSSL_EXPORT Parser { + public: + // Default constructor; equivalent to calling Parser(Input()). This only + // exists so that a Parser can be stack allocated and passed in to + // ReadConstructed() and similar methods. + Parser(); + + // Creates a parser to parse over the data represented by input. This class + // assumes that the underlying data will not change over the lifetime of + // the Parser object. + explicit Parser(const Input& input); + + Parser(const Parser&) = default; + Parser& operator=(const Parser&) = default; + + // Returns whether there is any more data left in the input to parse. This + // does not guarantee that the data is parseable. + bool HasMore(); + + // Reads the current TLV from the input and advances. If the tag or length + // encoding for the current value is invalid, this method returns false and + // does not advance the input. Otherwise, it returns true, putting the + // read tag in |tag| and the value in |out|. + [[nodiscard]] bool ReadTagAndValue(Tag* tag, Input* out); + + // Reads the current TLV from the input and advances. Unlike ReadTagAndValue + // where only the value is put in |out|, this puts the raw bytes from the + // tag, length, and value in |out|. + [[nodiscard]] bool ReadRawTLV(Input* out); + + // Basic methods for reading or skipping the current TLV, with an + // expectation of what the current tag should be. It should be possible + // to parse any structure with these 4 methods; convenience methods are also + // provided to make some cases easier. + + // If the current tag in the input is |tag|, it puts the corresponding value + // in |out| and advances the input to the next TLV. If the current tag is + // something else, then |out| is set to nullopt and the input is not + // advanced. Like ReadTagAndValue, it returns false if the encoding is + // invalid and does not advance the input. + [[nodiscard]] bool ReadOptionalTag(Tag tag, std::optional* out); + + // If the current tag in the input is |tag|, it puts the corresponding value + // in |out|, sets |was_present| to true, and advances the input to the next + // TLV. If the current tag is something else, then |was_present| is set to + // false and the input is not advanced. Like ReadTagAndValue, it returns + // false if the encoding is invalid and does not advance the input. + // DEPRECATED: use the std::optional version above in new code. + // TODO(mattm): convert the existing callers and remove this override. + [[nodiscard]] bool ReadOptionalTag(Tag tag, Input* out, bool* was_present); + + // Like ReadOptionalTag, but the value is discarded. + [[nodiscard]] bool SkipOptionalTag(Tag tag, bool* was_present); + + // If the current tag matches |tag|, it puts the current value in |out|, + // advances the input, and returns true. Otherwise, it returns false. + [[nodiscard]] bool ReadTag(Tag tag, Input* out); + + // Advances the input and returns true if the current tag matches |tag|; + // otherwise it returns false. + [[nodiscard]] bool SkipTag(Tag tag); + + // Convenience methods to combine parsing the TLV with parsing the DER + // encoding for a specific type. + + // Reads the current TLV from the input, checks that the tag matches |tag| + // and is a constructed tag, and creates a new Parser from the value. + [[nodiscard]] bool ReadConstructed(Tag tag, Parser* out); + + // A more specific form of ReadConstructed that expects the current tag + // to be 0x30 (SEQUENCE). + [[nodiscard]] bool ReadSequence(Parser* out); + + // Expects the current tag to be kInteger, and calls ParseUint8 on the + // current value. Note that DER-encoded integers are arbitrary precision, + // so this method will fail for valid input that represents an integer + // outside the range of an uint8_t. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + [[nodiscard]] bool ReadUint8(uint8_t* out); + + // Expects the current tag to be kInteger, and calls ParseUint64 on the + // current value. Note that DER-encoded integers are arbitrary precision, + // so this method will fail for valid input that represents an integer + // outside the range of an uint64_t. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + [[nodiscard]] bool ReadUint64(uint64_t* out); + + // Reads a BIT STRING. On success returns BitString. On failure, returns + // std::nullopt. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + [[nodiscard]] std::optional ReadBitString(); + + // Reads a GeneralizeTime. On success fills |out| and returns true. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + [[nodiscard]] bool ReadGeneralizedTime(GeneralizedTime* out); + + // Lower level methods. The previous methods couple reading data from the + // input with advancing the Parser's internal pointer to the next TLV; these + // lower level methods decouple those two steps into methods that read from + // the current TLV and a method that advances the internal pointer to the + // next TLV. + + // Reads the current TLV from the input, putting the tag in |tag| and the raw + // value in |out|, but does not advance the input. Returns true if the tag + // and length are successfully read and the output exists. + [[nodiscard]] bool PeekTagAndValue(Tag* tag, Input* out); + + // Advances the input to the next TLV. This method only needs to be called + // after PeekTagAndValue; all other methods will advance the input if they + // read something. + bool Advance(); + + private: + CBS cbs_; + size_t advance_len_ = 0; +}; + +} // namespace bssl::der + +#endif // BSSL_DER_PARSER_H_ diff --git a/pki/parser_unittest.cc b/pki/parser_unittest.cc new file mode 100644 index 0000000000..cace0f9bd9 --- /dev/null +++ b/pki/parser_unittest.cc @@ -0,0 +1,365 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "parser.h" + +#include "input.h" +#include "parse_values.h" +#include + +namespace bssl::der::test { + +TEST(ParserTest, ConsumesAllBytesOfTLV) { + const uint8_t der[] = {0x04 /* OCTET STRING */, 0x00}; + Parser parser((Input(der))); + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, CanReadRawTLV) { + const uint8_t der[] = {0x02, 0x01, 0x01}; + Parser parser((Input(der))); + Input tlv; + ASSERT_TRUE(parser.ReadRawTLV(&tlv)); + ByteReader tlv_reader(tlv); + size_t tlv_len = tlv_reader.BytesLeft(); + ASSERT_EQ(3u, tlv_len); + Input tlv_data; + ASSERT_TRUE(tlv_reader.ReadBytes(tlv_len, &tlv_data)); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, IgnoresContentsOfInnerValues) { + // This is a SEQUENCE which has one member. The member is another SEQUENCE + // with an invalid encoding - its length is too long. + const uint8_t der[] = {0x30, 0x02, 0x30, 0x7e}; + Parser parser((Input(der))); + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); +} + +TEST(ParserTest, FailsIfLengthOverlapsAnotherTLV) { + // This DER encoding has 2 top-level TLV tuples. The first is a SEQUENCE; + // the second is an INTEGER. The SEQUENCE contains an INTEGER, but its length + // is longer than what it has contents for. + const uint8_t der[] = {0x30, 0x02, 0x02, 0x01, 0x02, 0x01, 0x01}; + Parser parser((Input(der))); + + Parser inner_sequence; + ASSERT_TRUE(parser.ReadSequence(&inner_sequence)); + uint64_t int_value; + ASSERT_TRUE(parser.ReadUint64(&int_value)); + ASSERT_EQ(1u, int_value); + ASSERT_FALSE(parser.HasMore()); + + // Try to read the INTEGER from the SEQUENCE, which should fail. + Tag tag; + Input value; + ASSERT_FALSE(inner_sequence.ReadTagAndValue(&tag, &value)); +} + +TEST(ParserTest, ReadOptionalTagPresent) { + // DER encoding of 2 top-level TLV values: + // INTEGER { 1 } + // OCTET_STRING { `02` } + const uint8_t der[] = {0x02, 0x01, 0x01, 0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + Input value; + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &value, &present)); + ASSERT_TRUE(present); + const uint8_t expected_int_value[] = {0x01}; + ASSERT_EQ(Input(expected_int_value), value); + + Tag tag; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTag2Present) { + // DER encoding of 2 top-level TLV values: + // INTEGER { 1 } + // OCTET_STRING { `02` } + const uint8_t der[] = {0x02, 0x01, 0x01, 0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + std::optional optional_value; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &optional_value)); + ASSERT_TRUE(optional_value.has_value()); + const uint8_t expected_int_value[] = {0x01}; + ASSERT_EQ(Input(expected_int_value), *optional_value); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTagNotPresent) { + // DER encoding of 1 top-level TLV value: + // OCTET_STRING { `02` } + const uint8_t der[] = {0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + Input value; + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &value, &present)); + ASSERT_FALSE(present); + + Tag tag; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTag2NotPresent) { + // DER encoding of 1 top-level TLV value: + // OCTET_STRING { `02` } + const uint8_t der[] = {0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + std::optional optional_value; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &optional_value)); + ASSERT_FALSE(optional_value.has_value()); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, CanSkipOptionalTagAtEndOfInput) { + const uint8_t der[] = {0x02 /* INTEGER */, 0x01, 0x01}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &value, &present)); + ASSERT_FALSE(present); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, SkipOptionalTagDoesntConsumePresentNonMatchingTLVs) { + const uint8_t der[] = {0x02 /* INTEGER */, 0x01, 0x01}; + Parser parser((Input(der))); + + bool present; + ASSERT_TRUE(parser.SkipOptionalTag(kOctetString, &present)); + ASSERT_FALSE(present); + ASSERT_TRUE(parser.SkipOptionalTag(kInteger, &present)); + ASSERT_TRUE(present); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, TagNumbersAboveThirtySupported) { + // Context-specific class, tag number 31, length 0. + const uint8_t der[] = {0x9f, 0x1f, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kTagContextSpecific | 31u, tag); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ParseTags) { + { + // Universal primitive tag, tag number 4. + const uint8_t der[] = {0x04, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kOctetString, tag); + } + + { + // Universal constructed tag, tag number 16. + const uint8_t der[] = {0x30, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kSequence, tag); + } + + { + // Application primitive tag, tag number 1. + const uint8_t der[] = {0x41, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kTagApplication | 1, tag); + } + + { + // Context-specific constructed tag, tag number 30. + const uint8_t der[] = {0xbe, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kTagContextSpecific | kTagConstructed | 30, tag); + } + + { + // Private primitive tag, tag number 15. + const uint8_t der[] = {0xcf, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + EXPECT_EQ(kTagPrivate | 15, tag); + } +} + +TEST(ParserTest, IncompleteEncodingTagOnly) { + const uint8_t der[] = {0x01}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_FALSE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_TRUE(parser.HasMore()); +} + +TEST(ParserTest, IncompleteEncodingLengthTruncated) { + // Tag: octet string; length: long form, should have 2 total octets, but + // the last one is missing. (There's also no value.) + const uint8_t der[] = {0x04, 0x81}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_FALSE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_TRUE(parser.HasMore()); +} + +TEST(ParserTest, IncompleteEncodingValueShorterThanLength) { + // Tag: octet string; length: 2; value: first octet 'T', second octet missing. + const uint8_t der[] = {0x04, 0x02, 0x84}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_FALSE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_TRUE(parser.HasMore()); +} + +TEST(ParserTest, LengthMustBeEncodedWithMinimumNumberOfOctets) { + const uint8_t der[] = {0x01, 0x81, 0x01, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_FALSE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_TRUE(parser.HasMore()); +} + +TEST(ParserTest, LengthMustNotHaveLeadingZeroes) { + // Tag: octet string; length: 3 bytes of length encoding a value of 128 + // (it should be encoded in only 2 bytes). Value: 128 bytes of 0. + const uint8_t der[] = { + 0x04, 0x83, 0x80, 0x81, 0x80, // group the 0s separately + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + Parser parser((Input(der))); + + Tag tag; + Input value; + ASSERT_FALSE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_TRUE(parser.HasMore()); +} + +TEST(ParserTest, ReadConstructedFailsForNonConstructedTags) { + // Tag number is for SEQUENCE, but the constructed bit isn't set. + const uint8_t der[] = {0x10, 0x00}; + Parser parser((Input(der))); + + Tag expected_tag = 0x10; + Parser sequence_parser; + ASSERT_FALSE(parser.ReadConstructed(expected_tag, &sequence_parser)); + + // Check that we didn't fail above because of a tag mismatch or an improperly + // encoded TLV. + Input value; + ASSERT_TRUE(parser.ReadTag(expected_tag, &value)); + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, CannotAdvanceAfterReadOptionalTag) { + const uint8_t der[] = {0x02, 0x01, 0x01}; + Parser parser((Input(der))); + + Input value; + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(0x04, &value, &present)); + ASSERT_FALSE(present); + ASSERT_FALSE(parser.Advance()); +} + +// Reads a valid BIT STRING with 1 unused bit. +TEST(ParserTest, ReadBitString) { + const uint8_t der[] = {0x03, 0x03, 0x01, 0xAA, 0xBE}; + Parser parser((Input(der))); + + std::optional bit_string = parser.ReadBitString(); + ASSERT_TRUE(bit_string.has_value()); + EXPECT_FALSE(parser.HasMore()); + + EXPECT_EQ(1u, bit_string->unused_bits()); + ASSERT_EQ(2u, bit_string->bytes().Length()); + EXPECT_EQ(0xAA, bit_string->bytes().UnsafeData()[0]); + EXPECT_EQ(0xBE, bit_string->bytes().UnsafeData()[1]); +} + +// Tries reading a BIT STRING. This should fail because the tag is not for a +// BIT STRING. +TEST(ParserTest, ReadBitStringBadTag) { + const uint8_t der[] = {0x05, 0x03, 0x01, 0xAA, 0xBE}; + Parser parser((Input(der))); + + std::optional bit_string = parser.ReadBitString(); + EXPECT_FALSE(bit_string.has_value()); +} + +} // namespace bssl::der::test diff --git a/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch b/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch new file mode 100644 index 0000000000..8dd3fdcc4c --- /dev/null +++ b/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch @@ -0,0 +1,41109 @@ +From e56d5c6dd965c8064a6a6953848aa7fa20ced918 Mon Sep 17 00:00:00 2001 +From: Bob Beck +Date: Wed, 17 May 2023 10:37:22 -0600 +Subject: [PATCH 1/3] Simplify the name constraint limit to resemble + BoringSSL's Disable the name constraint manynames check for now + +--- + net/cert/pki/DEPS | 1 - + net/cert/pki/name_constraints.cc | 66 +- + .../verify_certificate_chain_typed_unittest.h | 6 +- + net/data/test_bundle_data.filelist | 6 - + .../many-names/generate-chains.py | 56 +- + .../many-names/ok-all-types.pem | 6155 ++++-------- + .../ok-different-types-dirnames.pem | 8708 ---------------- + .../ok-different-types-dirnames.test | 5 - + .../many-names/ok-different-types-dns.pem | 8879 ----------------- + .../many-names/ok-different-types-dns.test | 5 - + .../many-names/ok-different-types-ips.pem | 8813 ---------------- + .../many-names/ok-different-types-ips.test | 5 - + .../many-names/toomany-all-types.pem | 3714 ++----- + .../many-names/toomany-dirnames-excluded.pem | 2058 ++-- + .../many-names/toomany-dirnames-permitted.pem | 2058 ++-- + .../many-names/toomany-dns-excluded.pem | 8 +- + .../many-names/toomany-dns-permitted.pem | 8 +- + .../many-names/toomany-ips-excluded.pem | 8 +- + .../many-names/toomany-ips-permitted.pem | 8 +- + 19 files changed, 5045 insertions(+), 35522 deletions(-) + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.pem + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.test + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.pem + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.test + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.pem + delete mode 100644 net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.test + +diff --git a/net/cert/pki/DEPS b/net/cert/pki/DEPS +index e9d834e1b51fa..ecf528b6e10a5 100644 +--- a/net/cert/pki/DEPS ++++ b/net/cert/pki/DEPS +@@ -6,7 +6,6 @@ include_rules = [ + "+base/base_paths.h", + "+base/check.h", + "+base/files/file_util.h", +- "+base/numerics/clamped_math.h", + "+base/path_service.h", + "+base/supports_user_data.h", + ] +diff --git a/net/cert/pki/name_constraints.cc b/net/cert/pki/name_constraints.cc +index f6415dfbfec94..27d8638df87a7 100644 +--- a/net/cert/pki/name_constraints.cc ++++ b/net/cert/pki/name_constraints.cc +@@ -8,7 +8,6 @@ + + #include + +-#include "base/numerics/clamped_math.h" + #include "net/cert/pki/cert_errors.h" + #include "net/cert/pki/common_cert_errors.h" + #include "net/cert/pki/general_names.h" +@@ -343,32 +342,42 @@ void NameConstraints::IsPermittedCert(const der::Input& subject_rdn_sequence, + CertErrors* errors) const { + // Checking NameConstraints is O(number_of_names * number_of_constraints). + // Impose a hard limit to mitigate the use of name constraints as a DoS +- // mechanism. ++ // mechanism. This mimics the similar check in BoringSSL x509/v_ncons.c ++ // TODO(bbe): make both name constraint mechanisms subquadratic and remove ++ // this check. ++ + const size_t kMaxChecks = 1048576; // 1 << 20 +- base::ClampedNumeric check_count = 0; + ++ // Names all come from a certificate, which is bound by size_t, so adding them ++ // up can not overflow a size_t. ++ size_t name_count = 0; ++ // Constraints all come from a certificate, which is bound by a size_t, so ++ // adding them up can not overflow a size_t. ++ size_t constraint_count = 0; + if (subject_alt_names) { +- check_count += +- base::ClampMul(subject_alt_names->rfc822_names.size(), +- base::ClampAdd(excluded_subtrees_.rfc822_names.size(), +- permitted_subtrees_.rfc822_names.size())); +- check_count += +- base::ClampMul(subject_alt_names->dns_names.size(), +- base::ClampAdd(excluded_subtrees_.dns_names.size(), +- permitted_subtrees_.dns_names.size())); +- check_count += base::ClampMul( +- subject_alt_names->directory_names.size(), +- base::ClampAdd(excluded_subtrees_.directory_names.size(), +- permitted_subtrees_.directory_names.size())); +- check_count += base::ClampMul( +- subject_alt_names->ip_addresses.size(), +- base::ClampAdd(excluded_subtrees_.ip_address_ranges.size(), +- permitted_subtrees_.ip_address_ranges.size())); +- } +- +- if (!(subject_alt_names && subject_rdn_sequence.Length() == 0)) { +- check_count += base::ClampAdd(excluded_subtrees_.directory_names.size(), +- permitted_subtrees_.directory_names.size()); ++ name_count = subject_alt_names->rfc822_names.size() + ++ subject_alt_names->dns_names.size() + ++ subject_alt_names->directory_names.size() + ++ subject_alt_names->ip_addresses.size(); ++ constraint_count = excluded_subtrees_.rfc822_names.size() + ++ permitted_subtrees_.rfc822_names.size() + ++ excluded_subtrees_.dns_names.size() + ++ permitted_subtrees_.dns_names.size() + ++ excluded_subtrees_.directory_names.size() + ++ permitted_subtrees_.directory_names.size() + ++ excluded_subtrees_.ip_address_ranges.size() + ++ permitted_subtrees_.ip_address_ranges.size(); ++ } else { ++ constraint_count += excluded_subtrees_.directory_names.size() + ++ permitted_subtrees_.directory_names.size(); ++ name_count = subject_rdn_sequence.Length(); ++ } ++ // Upper bound the number of possible checks, checking for overflow. ++ size_t check_count = constraint_count * name_count; ++ if ((constraint_count > 0 && check_count / constraint_count != name_count) || ++ check_count > kMaxChecks) { ++ errors->AddError(cert_errors::kTooManyNameConstraintChecks); ++ return; + } + + std::vector subject_email_addresses_to_check; +@@ -380,15 +389,6 @@ void NameConstraints::IsPermittedCert(const der::Input& subject_rdn_sequence, + errors->AddError(cert_errors::kNotPermittedByNameConstraints); + return; + } +- check_count += +- base::ClampMul(subject_email_addresses_to_check.size(), +- base::ClampAdd(excluded_subtrees_.rfc822_names.size(), +- permitted_subtrees_.rfc822_names.size())); +- } +- +- if (check_count > kMaxChecks) { +- errors->AddError(cert_errors::kTooManyNameConstraintChecks); +- return; + } + + // Subject Alternative Name handling: +diff --git a/net/cert/pki/verify_certificate_chain_typed_unittest.h b/net/cert/pki/verify_certificate_chain_typed_unittest.h +index fffb5c0339df9..d4090be9b604c 100644 +--- a/net/cert/pki/verify_certificate_chain_typed_unittest.h ++++ b/net/cert/pki/verify_certificate_chain_typed_unittest.h +@@ -276,10 +276,9 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Policies) { + } + + TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) { ++ // TODO(bbe) fix this to run these with correct numbers. ++#if 0 + this->RunTest("many-names/ok-all-types.test"); +- this->RunTest("many-names/ok-different-types-dns.test"); +- this->RunTest("many-names/ok-different-types-ips.test"); +- this->RunTest("many-names/ok-different-types-dirnames.test"); + this->RunTest("many-names/toomany-all-types.test"); + this->RunTest("many-names/toomany-dns-excluded.test"); + this->RunTest("many-names/toomany-dns-permitted.test"); +@@ -287,6 +286,7 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) { + this->RunTest("many-names/toomany-ips-permitted.test"); + this->RunTest("many-names/toomany-dirnames-excluded.test"); + this->RunTest("many-names/toomany-dirnames-permitted.test"); ++#endif + } + + TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetOnly) { +diff --git a/net/data/test_bundle_data.filelist b/net/data/test_bundle_data.filelist +index 3eccfcb4a981a..baa64c0a92171 100644 +--- a/net/data/test_bundle_data.filelist ++++ b/net/data/test_bundle_data.filelist +@@ -751,12 +751,6 @@ data/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem + data/verify_certificate_chain_unittest/key-rollover/rolloverchain.test + data/verify_certificate_chain_unittest/many-names/ok-all-types.pem + data/verify_certificate_chain_unittest/many-names/ok-all-types.test +-data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.pem +-data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.test +-data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.pem +-data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.test +-data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.pem +-data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.test + data/verify_certificate_chain_unittest/many-names/toomany-all-types.pem + data/verify_certificate_chain_unittest/many-names/toomany-all-types.test + data/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem +diff --git a/net/data/verify_certificate_chain_unittest/many-names/generate-chains.py b/net/data/verify_certificate_chain_unittest/many-names/generate-chains.py +index 30a284056c846..70e37b10e1681 100755 +--- a/net/data/verify_certificate_chain_unittest/many-names/generate-chains.py ++++ b/net/data/verify_certificate_chain_unittest/many-names/generate-chains.py +@@ -92,21 +92,25 @@ def make_chain(name, doc, excluded, permitted, sans): + gencerts.write_chain(doc, chain, '%s.pem' % name) + + +-make_chain( +- 'ok-all-types', +- "A chain containing a large number of name constraints and names,\n" +- "but below the limit.", +- excluded=dict(num_dns=418, num_ip=418, num_dirnames=418, num_uri=1025), +- permitted=dict(num_dns=418, num_ip=418, num_dirnames=418, num_uri=1025), +- sans=dict(num_dns=418, num_ip=418, num_dirnames=417, num_uri=1025)) +- +-make_chain( +- 'toomany-all-types', +- "A chain containing a large number of different types of name\n" +- "constraints and names, above the limit.", +- excluded=dict(num_dns=419, num_ip=419, num_dirnames=419, num_uri=0), +- permitted=dict(num_dns=419, num_ip=419, num_dirnames=419, num_uri=0), +- sans=dict(num_dns=419, num_ip=419, num_dirnames=418, num_uri=0)) ++make_chain('ok-all-types', ++ "A chain containing a large number of name constraints and names,\n" ++ "but below the limit.", ++ excluded=dict(num_dns=170, ++ num_ip=170, ++ num_dirnames=170, ++ num_uri=1025), ++ permitted=dict(num_dns=171, ++ num_ip=171, ++ num_dirnames=172, ++ num_uri=1025), ++ sans=dict(num_dns=341, num_ip=341, num_dirnames=342, num_uri=1025)) ++ ++make_chain('toomany-all-types', ++ "A chain containing a large number of different types of name\n" ++ "constraints and names, above the limit.", ++ excluded=dict(num_dns=170, num_ip=170, num_dirnames=170, num_uri=0), ++ permitted=dict(num_dns=172, num_ip=171, num_dirnames=172, num_uri=0), ++ sans=dict(num_dns=342, num_ip=341, num_dirnames=341, num_uri=0)) + + make_chain( + 'toomany-dns-excluded', +@@ -151,25 +155,3 @@ make_chain( + excluded=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=0, num_ip=0, num_dirnames=1025, num_uri=0), + sans=dict(num_dns=0, num_ip=0, num_dirnames=1024, num_uri=0)) +- +-make_chain( +- 'ok-different-types-dns', +- "A chain containing a large number of name constraints and names,\n" +- "but of different types, thus not triggering the limit.", +- excluded=dict(num_dns=0, num_ip=1025, num_dirnames=1025, num_uri=1025), +- permitted=dict(num_dns=0, num_ip=1025, num_dirnames=1025, num_uri=1025), +- sans=dict(num_dns=1025, num_ip=0, num_dirnames=0, num_uri=0)) +-make_chain( +- 'ok-different-types-ips', +- "A chain containing a large number of name constraints and names,\n" +- "but of different types, thus not triggering the limit.", +- excluded=dict(num_dns=1025, num_ip=0, num_dirnames=1025, num_uri=1025), +- permitted=dict(num_dns=1025, num_ip=0, num_dirnames=1025, num_uri=1025), +- sans=dict(num_dns=0, num_ip=1025, num_dirnames=0, num_uri=0)) +-make_chain( +- 'ok-different-types-dirnames', +- "A chain containing a large number of name constraints and names,\n" +- "but of different types, thus not triggering the limit.", +- excluded=dict(num_dns=1025, num_ip=1025, num_dirnames=0, num_uri=1025), +- permitted=dict(num_dns=1025, num_ip=1025, num_dirnames=0, num_uri=1025), +- sans=dict(num_dns=0, num_ip=0, num_dirnames=1025, num_uri=0)) +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-all-types.pem b/net/data/verify_certificate_chain_unittest/many-names/ok-all-types.pem +index 1f8810a31f6cf..e97cc1162cb16 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-all-types.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/ok-all-types.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of name constraints and names, + but below the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d4 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -56,25 +56,25 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: +- DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, URI:http://test/0, URI:http://test/1, URI:http://test/2, URI:http://test/3, URI:http://test/4, URI:http://test/5, URI:http://test/6, URI:http://test/7, URI:http://test/8, URI:http://test/9, URI:http://test/10, URI:http://test/11, URI:http://test/12, URI:http://test/13, URI:http://test/14, URI:http://test/15, URI:http://test/16, URI:http://test/17, URI:http://test/18, URI:http://test/19, URI:http://test/20, URI:http://test/21, URI:http://test/22, URI:http://test/23, URI:http://test/24, URI:http://test/25, URI:http://test/26, URI:http://test/27, URI:http://test/28, URI:http://test/29, URI:http://test/30, URI:http://test/31, URI:http://test/32, URI:http://test/33, URI:http://test/34, URI:http://test/35, URI:http://test/36, URI:http://test/37, URI:http://test/38, URI:http://test/39, URI:http://test/40, URI:http://test/41, URI:http://test/42, URI:http://test/43, URI:http://test/44, URI:http://test/45, URI:http://test/46, URI:http://test/47, URI:http://test/48, URI:http://test/49, URI:http://test/50, URI:http://test/51, URI:http://test/52, URI:http://test/53, URI:http://test/54, URI:http://test/55, URI:http://test/56, URI:http://test/57, URI:http://test/58, URI:http://test/59, URI:http://test/60, URI:http://test/61, URI:http://test/62, URI:http://test/63, URI:http://test/64, URI:http://test/65, URI:http://test/66, URI:http://test/67, URI:http://test/68, URI:http://test/69, URI:http://test/70, URI:http://test/71, URI:http://test/72, URI:http://test/73, URI:http://test/74, URI:http://test/75, URI:http://test/76, URI:http://test/77, URI:http://test/78, URI:http://test/79, URI:http://test/80, URI:http://test/81, URI:http://test/82, URI:http://test/83, URI:http://test/84, URI:http://test/85, URI:http://test/86, URI:http://test/87, URI:http://test/88, URI:http://test/89, URI:http://test/90, URI:http://test/91, URI:http://test/92, URI:http://test/93, URI:http://test/94, URI:http://test/95, URI:http://test/96, URI:http://test/97, URI:http://test/98, URI:http://test/99, URI:http://test/100, URI:http://test/101, URI:http://test/102, URI:http://test/103, URI:http://test/104, URI:http://test/105, URI:http://test/106, URI:http://test/107, URI:http://test/108, URI:http://test/109, URI:http://test/110, URI:http://test/111, URI:http://test/112, URI:http://test/113, URI:http://test/114, URI:http://test/115, URI:http://test/116, URI:http://test/117, URI:http://test/118, URI:http://test/119, URI:http://test/120, URI:http://test/121, URI:http://test/122, URI:http://test/123, URI:http://test/124, URI:http://test/125, URI:http://test/126, URI:http://test/127, URI:http://test/128, URI:http://test/129, URI:http://test/130, URI:http://test/131, URI:http://test/132, URI:http://test/133, URI:http://test/134, URI:http://test/135, URI:http://test/136, URI:http://test/137, URI:http://test/138, URI:http://test/139, URI:http://test/140, URI:http://test/141, URI:http://test/142, URI:http://test/143, URI:http://test/144, URI:http://test/145, URI:http://test/146, URI:http://test/147, URI:http://test/148, URI:http://test/149, URI:http://test/150, URI:http://test/151, URI:http://test/152, URI:http://test/153, URI:http://test/154, URI:http://test/155, URI:http://test/156, URI:http://test/157, URI:http://test/158, URI:http://test/159, URI:http://test/160, URI:http://test/161, URI:http://test/162, URI:http://test/163, URI:http://test/164, URI:http://test/165, URI:http://test/166, URI:http://test/167, URI:http://test/168, URI:http://test/169, URI:http://test/170, URI:http://test/171, URI:http://test/172, URI:http://test/173, URI:http://test/174, URI:http://test/175, URI:http://test/176, URI:http://test/177, URI:http://test/178, URI:http://test/179, URI:http://test/180, URI:http://test/181, URI:http://test/182, URI:http://test/183, URI:http://test/184, URI:http://test/185, URI:http://test/186, URI:http://test/187, URI:http://test/188, URI:http://test/189, URI:http://test/190, URI:http://test/191, URI:http://test/192, URI:http://test/193, URI:http://test/194, URI:http://test/195, URI:http://test/196, URI:http://test/197, URI:http://test/198, URI:http://test/199, URI:http://test/200, URI:http://test/201, URI:http://test/202, URI:http://test/203, URI:http://test/204, URI:http://test/205, URI:http://test/206, URI:http://test/207, URI:http://test/208, URI:http://test/209, URI:http://test/210, URI:http://test/211, URI:http://test/212, URI:http://test/213, URI:http://test/214, URI:http://test/215, URI:http://test/216, URI:http://test/217, URI:http://test/218, URI:http://test/219, URI:http://test/220, URI:http://test/221, URI:http://test/222, URI:http://test/223, URI:http://test/224, URI:http://test/225, URI:http://test/226, URI:http://test/227, URI:http://test/228, URI:http://test/229, URI:http://test/230, URI:http://test/231, URI:http://test/232, URI:http://test/233, URI:http://test/234, URI:http://test/235, URI:http://test/236, URI:http://test/237, URI:http://test/238, URI:http://test/239, URI:http://test/240, URI:http://test/241, URI:http://test/242, URI:http://test/243, URI:http://test/244, URI:http://test/245, URI:http://test/246, URI:http://test/247, URI:http://test/248, URI:http://test/249, URI:http://test/250, URI:http://test/251, URI:http://test/252, URI:http://test/253, URI:http://test/254, URI:http://test/255, URI:http://test/256, URI:http://test/257, URI:http://test/258, URI:http://test/259, URI:http://test/260, URI:http://test/261, URI:http://test/262, URI:http://test/263, URI:http://test/264, URI:http://test/265, URI:http://test/266, URI:http://test/267, URI:http://test/268, URI:http://test/269, URI:http://test/270, URI:http://test/271, URI:http://test/272, URI:http://test/273, URI:http://test/274, URI:http://test/275, URI:http://test/276, URI:http://test/277, URI:http://test/278, URI:http://test/279, URI:http://test/280, URI:http://test/281, URI:http://test/282, URI:http://test/283, URI:http://test/284, URI:http://test/285, URI:http://test/286, URI:http://test/287, URI:http://test/288, URI:http://test/289, URI:http://test/290, URI:http://test/291, URI:http://test/292, URI:http://test/293, URI:http://test/294, URI:http://test/295, URI:http://test/296, URI:http://test/297, URI:http://test/298, URI:http://test/299, URI:http://test/300, URI:http://test/301, URI:http://test/302, URI:http://test/303, URI:http://test/304, URI:http://test/305, URI:http://test/306, URI:http://test/307, URI:http://test/308, URI:http://test/309, URI:http://test/310, URI:http://test/311, URI:http://test/312, URI:http://test/313, URI:http://test/314, URI:http://test/315, URI:http://test/316, URI:http://test/317, URI:http://test/318, URI:http://test/319, URI:http://test/320, URI:http://test/321, URI:http://test/322, URI:http://test/323, URI:http://test/324, URI:http://test/325, URI:http://test/326, URI:http://test/327, URI:http://test/328, URI:http://test/329, URI:http://test/330, URI:http://test/331, URI:http://test/332, URI:http://test/333, URI:http://test/334, URI:http://test/335, URI:http://test/336, URI:http://test/337, URI:http://test/338, URI:http://test/339, URI:http://test/340, URI:http://test/341, URI:http://test/342, URI:http://test/343, URI:http://test/344, URI:http://test/345, URI:http://test/346, URI:http://test/347, URI:http://test/348, URI:http://test/349, URI:http://test/350, URI:http://test/351, URI:http://test/352, URI:http://test/353, URI:http://test/354, URI:http://test/355, URI:http://test/356, URI:http://test/357, URI:http://test/358, URI:http://test/359, URI:http://test/360, URI:http://test/361, URI:http://test/362, URI:http://test/363, URI:http://test/364, URI:http://test/365, URI:http://test/366, URI:http://test/367, URI:http://test/368, URI:http://test/369, URI:http://test/370, URI:http://test/371, URI:http://test/372, URI:http://test/373, URI:http://test/374, URI:http://test/375, URI:http://test/376, URI:http://test/377, URI:http://test/378, URI:http://test/379, URI:http://test/380, URI:http://test/381, URI:http://test/382, URI:http://test/383, URI:http://test/384, URI:http://test/385, URI:http://test/386, URI:http://test/387, URI:http://test/388, URI:http://test/389, URI:http://test/390, URI:http://test/391, URI:http://test/392, URI:http://test/393, URI:http://test/394, URI:http://test/395, URI:http://test/396, URI:http://test/397, URI:http://test/398, URI:http://test/399, URI:http://test/400, URI:http://test/401, URI:http://test/402, URI:http://test/403, URI:http://test/404, URI:http://test/405, URI:http://test/406, URI:http://test/407, URI:http://test/408, URI:http://test/409, URI:http://test/410, URI:http://test/411, URI:http://test/412, URI:http://test/413, URI:http://test/414, URI:http://test/415, URI:http://test/416, URI:http://test/417, URI:http://test/418, URI:http://test/419, URI:http://test/420, URI:http://test/421, URI:http://test/422, URI:http://test/423, URI:http://test/424, URI:http://test/425, URI:http://test/426, URI:http://test/427, URI:http://test/428, URI:http://test/429, URI:http://test/430, URI:http://test/431, URI:http://test/432, URI:http://test/433, URI:http://test/434, URI:http://test/435, URI:http://test/436, URI:http://test/437, URI:http://test/438, URI:http://test/439, URI:http://test/440, URI:http://test/441, URI:http://test/442, URI:http://test/443, URI:http://test/444, URI:http://test/445, URI:http://test/446, URI:http://test/447, URI:http://test/448, URI:http://test/449, URI:http://test/450, URI:http://test/451, URI:http://test/452, URI:http://test/453, URI:http://test/454, URI:http://test/455, URI:http://test/456, URI:http://test/457, URI:http://test/458, URI:http://test/459, URI:http://test/460, URI:http://test/461, URI:http://test/462, URI:http://test/463, URI:http://test/464, URI:http://test/465, URI:http://test/466, URI:http://test/467, URI:http://test/468, URI:http://test/469, URI:http://test/470, URI:http://test/471, URI:http://test/472, URI:http://test/473, URI:http://test/474, URI:http://test/475, URI:http://test/476, URI:http://test/477, URI:http://test/478, URI:http://test/479, URI:http://test/480, URI:http://test/481, URI:http://test/482, URI:http://test/483, URI:http://test/484, URI:http://test/485, URI:http://test/486, URI:http://test/487, URI:http://test/488, URI:http://test/489, URI:http://test/490, URI:http://test/491, URI:http://test/492, URI:http://test/493, URI:http://test/494, URI:http://test/495, URI:http://test/496, URI:http://test/497, URI:http://test/498, URI:http://test/499, URI:http://test/500, URI:http://test/501, URI:http://test/502, URI:http://test/503, URI:http://test/504, URI:http://test/505, URI:http://test/506, URI:http://test/507, URI:http://test/508, URI:http://test/509, URI:http://test/510, URI:http://test/511, URI:http://test/512, URI:http://test/513, URI:http://test/514, URI:http://test/515, URI:http://test/516, URI:http://test/517, URI:http://test/518, URI:http://test/519, URI:http://test/520, URI:http://test/521, URI:http://test/522, URI:http://test/523, URI:http://test/524, URI:http://test/525, URI:http://test/526, URI:http://test/527, URI:http://test/528, URI:http://test/529, URI:http://test/530, URI:http://test/531, URI:http://test/532, URI:http://test/533, URI:http://test/534, URI:http://test/535, URI:http://test/536, URI:http://test/537, URI:http://test/538, URI:http://test/539, URI:http://test/540, URI:http://test/541, URI:http://test/542, URI:http://test/543, URI:http://test/544, URI:http://test/545, URI:http://test/546, URI:http://test/547, URI:http://test/548, URI:http://test/549, URI:http://test/550, URI:http://test/551, URI:http://test/552, URI:http://test/553, URI:http://test/554, URI:http://test/555, URI:http://test/556, URI:http://test/557, URI:http://test/558, URI:http://test/559, URI:http://test/560, URI:http://test/561, URI:http://test/562, URI:http://test/563, URI:http://test/564, URI:http://test/565, URI:http://test/566, URI:http://test/567, URI:http://test/568, URI:http://test/569, URI:http://test/570, URI:http://test/571, URI:http://test/572, URI:http://test/573, URI:http://test/574, URI:http://test/575, URI:http://test/576, URI:http://test/577, URI:http://test/578, URI:http://test/579, URI:http://test/580, URI:http://test/581, URI:http://test/582, URI:http://test/583, URI:http://test/584, URI:http://test/585, URI:http://test/586, URI:http://test/587, URI:http://test/588, URI:http://test/589, URI:http://test/590, URI:http://test/591, URI:http://test/592, URI:http://test/593, URI:http://test/594, URI:http://test/595, URI:http://test/596, URI:http://test/597, URI:http://test/598, URI:http://test/599, URI:http://test/600, URI:http://test/601, URI:http://test/602, URI:http://test/603, URI:http://test/604, URI:http://test/605, URI:http://test/606, URI:http://test/607, URI:http://test/608, URI:http://test/609, URI:http://test/610, URI:http://test/611, URI:http://test/612, URI:http://test/613, URI:http://test/614, URI:http://test/615, URI:http://test/616, URI:http://test/617, URI:http://test/618, URI:http://test/619, URI:http://test/620, URI:http://test/621, URI:http://test/622, URI:http://test/623, URI:http://test/624, URI:http://test/625, URI:http://test/626, URI:http://test/627, URI:http://test/628, URI:http://test/629, URI:http://test/630, URI:http://test/631, URI:http://test/632, URI:http://test/633, URI:http://test/634, URI:http://test/635, URI:http://test/636, URI:http://test/637, URI:http://test/638, URI:http://test/639, URI:http://test/640, URI:http://test/641, URI:http://test/642, URI:http://test/643, URI:http://test/644, URI:http://test/645, URI:http://test/646, URI:http://test/647, URI:http://test/648, URI:http://test/649, URI:http://test/650, URI:http://test/651, URI:http://test/652, URI:http://test/653, URI:http://test/654, URI:http://test/655, URI:http://test/656, URI:http://test/657, URI:http://test/658, URI:http://test/659, URI:http://test/660, URI:http://test/661, URI:http://test/662, URI:http://test/663, URI:http://test/664, URI:http://test/665, URI:http://test/666, URI:http://test/667, URI:http://test/668, URI:http://test/669, URI:http://test/670, URI:http://test/671, URI:http://test/672, URI:http://test/673, URI:http://test/674, URI:http://test/675, URI:http://test/676, URI:http://test/677, URI:http://test/678, URI:http://test/679, URI:http://test/680, URI:http://test/681, URI:http://test/682, URI:http://test/683, URI:http://test/684, URI:http://test/685, URI:http://test/686, URI:http://test/687, URI:http://test/688, URI:http://test/689, URI:http://test/690, URI:http://test/691, URI:http://test/692, URI:http://test/693, URI:http://test/694, URI:http://test/695, URI:http://test/696, URI:http://test/697, URI:http://test/698, URI:http://test/699, URI:http://test/700, URI:http://test/701, URI:http://test/702, URI:http://test/703, URI:http://test/704, URI:http://test/705, URI:http://test/706, URI:http://test/707, URI:http://test/708, URI:http://test/709, URI:http://test/710, URI:http://test/711, URI:http://test/712, URI:http://test/713, URI:http://test/714, URI:http://test/715, URI:http://test/716, URI:http://test/717, URI:http://test/718, URI:http://test/719, URI:http://test/720, URI:http://test/721, URI:http://test/722, URI:http://test/723, URI:http://test/724, URI:http://test/725, URI:http://test/726, URI:http://test/727, URI:http://test/728, URI:http://test/729, URI:http://test/730, URI:http://test/731, URI:http://test/732, URI:http://test/733, URI:http://test/734, URI:http://test/735, URI:http://test/736, URI:http://test/737, URI:http://test/738, URI:http://test/739, URI:http://test/740, URI:http://test/741, URI:http://test/742, URI:http://test/743, URI:http://test/744, URI:http://test/745, URI:http://test/746, URI:http://test/747, URI:http://test/748, URI:http://test/749, URI:http://test/750, URI:http://test/751, URI:http://test/752, URI:http://test/753, URI:http://test/754, URI:http://test/755, URI:http://test/756, URI:http://test/757, URI:http://test/758, URI:http://test/759, URI:http://test/760, URI:http://test/761, URI:http://test/762, URI:http://test/763, URI:http://test/764, URI:http://test/765, URI:http://test/766, URI:http://test/767, URI:http://test/768, URI:http://test/769, URI:http://test/770, URI:http://test/771, URI:http://test/772, URI:http://test/773, URI:http://test/774, URI:http://test/775, URI:http://test/776, URI:http://test/777, URI:http://test/778, URI:http://test/779, URI:http://test/780, URI:http://test/781, URI:http://test/782, URI:http://test/783, URI:http://test/784, URI:http://test/785, URI:http://test/786, URI:http://test/787, URI:http://test/788, URI:http://test/789, URI:http://test/790, URI:http://test/791, URI:http://test/792, URI:http://test/793, URI:http://test/794, URI:http://test/795, URI:http://test/796, URI:http://test/797, URI:http://test/798, URI:http://test/799, URI:http://test/800, URI:http://test/801, URI:http://test/802, URI:http://test/803, URI:http://test/804, URI:http://test/805, URI:http://test/806, URI:http://test/807, URI:http://test/808, URI:http://test/809, URI:http://test/810, URI:http://test/811, URI:http://test/812, URI:http://test/813, URI:http://test/814, URI:http://test/815, URI:http://test/816, URI:http://test/817, URI:http://test/818, URI:http://test/819, URI:http://test/820, URI:http://test/821, URI:http://test/822, URI:http://test/823, URI:http://test/824, URI:http://test/825, URI:http://test/826, URI:http://test/827, URI:http://test/828, URI:http://test/829, URI:http://test/830, URI:http://test/831, URI:http://test/832, URI:http://test/833, URI:http://test/834, URI:http://test/835, URI:http://test/836, URI:http://test/837, URI:http://test/838, URI:http://test/839, URI:http://test/840, URI:http://test/841, URI:http://test/842, URI:http://test/843, URI:http://test/844, URI:http://test/845, URI:http://test/846, URI:http://test/847, URI:http://test/848, URI:http://test/849, URI:http://test/850, URI:http://test/851, URI:http://test/852, URI:http://test/853, URI:http://test/854, URI:http://test/855, URI:http://test/856, URI:http://test/857, URI:http://test/858, URI:http://test/859, URI:http://test/860, URI:http://test/861, URI:http://test/862, URI:http://test/863, URI:http://test/864, URI:http://test/865, URI:http://test/866, URI:http://test/867, URI:http://test/868, URI:http://test/869, URI:http://test/870, URI:http://test/871, URI:http://test/872, URI:http://test/873, URI:http://test/874, URI:http://test/875, URI:http://test/876, URI:http://test/877, URI:http://test/878, URI:http://test/879, URI:http://test/880, URI:http://test/881, URI:http://test/882, URI:http://test/883, URI:http://test/884, URI:http://test/885, URI:http://test/886, URI:http://test/887, URI:http://test/888, URI:http://test/889, URI:http://test/890, URI:http://test/891, URI:http://test/892, URI:http://test/893, URI:http://test/894, URI:http://test/895, URI:http://test/896, URI:http://test/897, URI:http://test/898, URI:http://test/899, URI:http://test/900, URI:http://test/901, URI:http://test/902, URI:http://test/903, URI:http://test/904, URI:http://test/905, URI:http://test/906, URI:http://test/907, URI:http://test/908, URI:http://test/909, URI:http://test/910, URI:http://test/911, URI:http://test/912, URI:http://test/913, URI:http://test/914, URI:http://test/915, URI:http://test/916, URI:http://test/917, URI:http://test/918, URI:http://test/919, URI:http://test/920, URI:http://test/921, URI:http://test/922, URI:http://test/923, URI:http://test/924, URI:http://test/925, URI:http://test/926, URI:http://test/927, URI:http://test/928, URI:http://test/929, URI:http://test/930, URI:http://test/931, URI:http://test/932, URI:http://test/933, URI:http://test/934, URI:http://test/935, URI:http://test/936, URI:http://test/937, URI:http://test/938, URI:http://test/939, URI:http://test/940, URI:http://test/941, URI:http://test/942, URI:http://test/943, URI:http://test/944, URI:http://test/945, URI:http://test/946, URI:http://test/947, URI:http://test/948, URI:http://test/949, URI:http://test/950, URI:http://test/951, URI:http://test/952, URI:http://test/953, URI:http://test/954, URI:http://test/955, URI:http://test/956, URI:http://test/957, URI:http://test/958, URI:http://test/959, URI:http://test/960, URI:http://test/961, URI:http://test/962, URI:http://test/963, URI:http://test/964, URI:http://test/965, URI:http://test/966, URI:http://test/967, URI:http://test/968, URI:http://test/969, URI:http://test/970, URI:http://test/971, URI:http://test/972, URI:http://test/973, URI:http://test/974, URI:http://test/975, URI:http://test/976, URI:http://test/977, URI:http://test/978, URI:http://test/979, URI:http://test/980, URI:http://test/981, URI:http://test/982, URI:http://test/983, URI:http://test/984, URI:http://test/985, URI:http://test/986, URI:http://test/987, URI:http://test/988, URI:http://test/989, URI:http://test/990, URI:http://test/991, URI:http://test/992, URI:http://test/993, URI:http://test/994, URI:http://test/995, URI:http://test/996, URI:http://test/997, URI:http://test/998, URI:http://test/999, URI:http://test/1000, URI:http://test/1001, URI:http://test/1002, URI:http://test/1003, URI:http://test/1004, URI:http://test/1005, URI:http://test/1006, URI:http://test/1007, URI:http://test/1008, URI:http://test/1009, URI:http://test/1010, URI:http://test/1011, URI:http://test/1012, URI:http://test/1013, URI:http://test/1014, URI:http://test/1015, URI:http://test/1016, URI:http://test/1017, URI:http://test/1018, URI:http://test/1019, URI:http://test/1020, URI:http://test/1021, URI:http://test/1022, URI:http://test/1023, URI:http://test/1024 ++ DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, URI:http://test/0, URI:http://test/1, URI:http://test/2, URI:http://test/3, URI:http://test/4, URI:http://test/5, URI:http://test/6, URI:http://test/7, URI:http://test/8, URI:http://test/9, URI:http://test/10, URI:http://test/11, URI:http://test/12, URI:http://test/13, URI:http://test/14, URI:http://test/15, URI:http://test/16, URI:http://test/17, URI:http://test/18, URI:http://test/19, URI:http://test/20, URI:http://test/21, URI:http://test/22, URI:http://test/23, URI:http://test/24, URI:http://test/25, URI:http://test/26, URI:http://test/27, URI:http://test/28, URI:http://test/29, URI:http://test/30, URI:http://test/31, URI:http://test/32, URI:http://test/33, URI:http://test/34, URI:http://test/35, URI:http://test/36, URI:http://test/37, URI:http://test/38, URI:http://test/39, URI:http://test/40, URI:http://test/41, URI:http://test/42, URI:http://test/43, URI:http://test/44, URI:http://test/45, URI:http://test/46, URI:http://test/47, URI:http://test/48, URI:http://test/49, URI:http://test/50, URI:http://test/51, URI:http://test/52, URI:http://test/53, URI:http://test/54, URI:http://test/55, URI:http://test/56, URI:http://test/57, URI:http://test/58, URI:http://test/59, URI:http://test/60, URI:http://test/61, URI:http://test/62, URI:http://test/63, URI:http://test/64, URI:http://test/65, URI:http://test/66, URI:http://test/67, URI:http://test/68, URI:http://test/69, URI:http://test/70, URI:http://test/71, URI:http://test/72, URI:http://test/73, URI:http://test/74, URI:http://test/75, URI:http://test/76, URI:http://test/77, URI:http://test/78, URI:http://test/79, URI:http://test/80, URI:http://test/81, URI:http://test/82, URI:http://test/83, URI:http://test/84, URI:http://test/85, URI:http://test/86, URI:http://test/87, URI:http://test/88, URI:http://test/89, URI:http://test/90, URI:http://test/91, URI:http://test/92, URI:http://test/93, URI:http://test/94, URI:http://test/95, URI:http://test/96, URI:http://test/97, URI:http://test/98, URI:http://test/99, URI:http://test/100, URI:http://test/101, URI:http://test/102, URI:http://test/103, URI:http://test/104, URI:http://test/105, URI:http://test/106, URI:http://test/107, URI:http://test/108, URI:http://test/109, URI:http://test/110, URI:http://test/111, URI:http://test/112, URI:http://test/113, URI:http://test/114, URI:http://test/115, URI:http://test/116, URI:http://test/117, URI:http://test/118, URI:http://test/119, URI:http://test/120, URI:http://test/121, URI:http://test/122, URI:http://test/123, URI:http://test/124, URI:http://test/125, URI:http://test/126, URI:http://test/127, URI:http://test/128, URI:http://test/129, URI:http://test/130, URI:http://test/131, URI:http://test/132, URI:http://test/133, URI:http://test/134, URI:http://test/135, URI:http://test/136, URI:http://test/137, URI:http://test/138, URI:http://test/139, URI:http://test/140, URI:http://test/141, URI:http://test/142, URI:http://test/143, URI:http://test/144, URI:http://test/145, URI:http://test/146, URI:http://test/147, URI:http://test/148, URI:http://test/149, URI:http://test/150, URI:http://test/151, URI:http://test/152, URI:http://test/153, URI:http://test/154, URI:http://test/155, URI:http://test/156, URI:http://test/157, URI:http://test/158, URI:http://test/159, URI:http://test/160, URI:http://test/161, URI:http://test/162, URI:http://test/163, URI:http://test/164, URI:http://test/165, URI:http://test/166, URI:http://test/167, URI:http://test/168, URI:http://test/169, URI:http://test/170, URI:http://test/171, URI:http://test/172, URI:http://test/173, URI:http://test/174, URI:http://test/175, URI:http://test/176, URI:http://test/177, URI:http://test/178, URI:http://test/179, URI:http://test/180, URI:http://test/181, URI:http://test/182, URI:http://test/183, URI:http://test/184, URI:http://test/185, URI:http://test/186, URI:http://test/187, URI:http://test/188, URI:http://test/189, URI:http://test/190, URI:http://test/191, URI:http://test/192, URI:http://test/193, URI:http://test/194, URI:http://test/195, URI:http://test/196, URI:http://test/197, URI:http://test/198, URI:http://test/199, URI:http://test/200, URI:http://test/201, URI:http://test/202, URI:http://test/203, URI:http://test/204, URI:http://test/205, URI:http://test/206, URI:http://test/207, URI:http://test/208, URI:http://test/209, URI:http://test/210, URI:http://test/211, URI:http://test/212, URI:http://test/213, URI:http://test/214, URI:http://test/215, URI:http://test/216, URI:http://test/217, URI:http://test/218, URI:http://test/219, URI:http://test/220, URI:http://test/221, URI:http://test/222, URI:http://test/223, URI:http://test/224, URI:http://test/225, URI:http://test/226, URI:http://test/227, URI:http://test/228, URI:http://test/229, URI:http://test/230, URI:http://test/231, URI:http://test/232, URI:http://test/233, URI:http://test/234, URI:http://test/235, URI:http://test/236, URI:http://test/237, URI:http://test/238, URI:http://test/239, URI:http://test/240, URI:http://test/241, URI:http://test/242, URI:http://test/243, URI:http://test/244, URI:http://test/245, URI:http://test/246, URI:http://test/247, URI:http://test/248, URI:http://test/249, URI:http://test/250, URI:http://test/251, URI:http://test/252, URI:http://test/253, URI:http://test/254, URI:http://test/255, URI:http://test/256, URI:http://test/257, URI:http://test/258, URI:http://test/259, URI:http://test/260, URI:http://test/261, URI:http://test/262, URI:http://test/263, URI:http://test/264, URI:http://test/265, URI:http://test/266, URI:http://test/267, URI:http://test/268, URI:http://test/269, URI:http://test/270, URI:http://test/271, URI:http://test/272, URI:http://test/273, URI:http://test/274, URI:http://test/275, URI:http://test/276, URI:http://test/277, URI:http://test/278, URI:http://test/279, URI:http://test/280, URI:http://test/281, URI:http://test/282, URI:http://test/283, URI:http://test/284, URI:http://test/285, URI:http://test/286, URI:http://test/287, URI:http://test/288, URI:http://test/289, URI:http://test/290, URI:http://test/291, URI:http://test/292, URI:http://test/293, URI:http://test/294, URI:http://test/295, URI:http://test/296, URI:http://test/297, URI:http://test/298, URI:http://test/299, URI:http://test/300, URI:http://test/301, URI:http://test/302, URI:http://test/303, URI:http://test/304, URI:http://test/305, URI:http://test/306, URI:http://test/307, URI:http://test/308, URI:http://test/309, URI:http://test/310, URI:http://test/311, URI:http://test/312, URI:http://test/313, URI:http://test/314, URI:http://test/315, URI:http://test/316, URI:http://test/317, URI:http://test/318, URI:http://test/319, URI:http://test/320, URI:http://test/321, URI:http://test/322, URI:http://test/323, URI:http://test/324, URI:http://test/325, URI:http://test/326, URI:http://test/327, URI:http://test/328, URI:http://test/329, URI:http://test/330, URI:http://test/331, URI:http://test/332, URI:http://test/333, URI:http://test/334, URI:http://test/335, URI:http://test/336, URI:http://test/337, URI:http://test/338, URI:http://test/339, URI:http://test/340, URI:http://test/341, URI:http://test/342, URI:http://test/343, URI:http://test/344, URI:http://test/345, URI:http://test/346, URI:http://test/347, URI:http://test/348, URI:http://test/349, URI:http://test/350, URI:http://test/351, URI:http://test/352, URI:http://test/353, URI:http://test/354, URI:http://test/355, URI:http://test/356, URI:http://test/357, URI:http://test/358, URI:http://test/359, URI:http://test/360, URI:http://test/361, URI:http://test/362, URI:http://test/363, URI:http://test/364, URI:http://test/365, URI:http://test/366, URI:http://test/367, URI:http://test/368, URI:http://test/369, URI:http://test/370, URI:http://test/371, URI:http://test/372, URI:http://test/373, URI:http://test/374, URI:http://test/375, URI:http://test/376, URI:http://test/377, URI:http://test/378, URI:http://test/379, URI:http://test/380, URI:http://test/381, URI:http://test/382, URI:http://test/383, URI:http://test/384, URI:http://test/385, URI:http://test/386, URI:http://test/387, URI:http://test/388, URI:http://test/389, URI:http://test/390, URI:http://test/391, URI:http://test/392, URI:http://test/393, URI:http://test/394, URI:http://test/395, URI:http://test/396, URI:http://test/397, URI:http://test/398, URI:http://test/399, URI:http://test/400, URI:http://test/401, URI:http://test/402, URI:http://test/403, URI:http://test/404, URI:http://test/405, URI:http://test/406, URI:http://test/407, URI:http://test/408, URI:http://test/409, URI:http://test/410, URI:http://test/411, URI:http://test/412, URI:http://test/413, URI:http://test/414, URI:http://test/415, URI:http://test/416, URI:http://test/417, URI:http://test/418, URI:http://test/419, URI:http://test/420, URI:http://test/421, URI:http://test/422, URI:http://test/423, URI:http://test/424, URI:http://test/425, URI:http://test/426, URI:http://test/427, URI:http://test/428, URI:http://test/429, URI:http://test/430, URI:http://test/431, URI:http://test/432, URI:http://test/433, URI:http://test/434, URI:http://test/435, URI:http://test/436, URI:http://test/437, URI:http://test/438, URI:http://test/439, URI:http://test/440, URI:http://test/441, URI:http://test/442, URI:http://test/443, URI:http://test/444, URI:http://test/445, URI:http://test/446, URI:http://test/447, URI:http://test/448, URI:http://test/449, URI:http://test/450, URI:http://test/451, URI:http://test/452, URI:http://test/453, URI:http://test/454, URI:http://test/455, URI:http://test/456, URI:http://test/457, URI:http://test/458, URI:http://test/459, URI:http://test/460, URI:http://test/461, URI:http://test/462, URI:http://test/463, URI:http://test/464, URI:http://test/465, URI:http://test/466, URI:http://test/467, URI:http://test/468, URI:http://test/469, URI:http://test/470, URI:http://test/471, URI:http://test/472, URI:http://test/473, URI:http://test/474, URI:http://test/475, URI:http://test/476, URI:http://test/477, URI:http://test/478, URI:http://test/479, URI:http://test/480, URI:http://test/481, URI:http://test/482, URI:http://test/483, URI:http://test/484, URI:http://test/485, URI:http://test/486, URI:http://test/487, URI:http://test/488, URI:http://test/489, URI:http://test/490, URI:http://test/491, URI:http://test/492, URI:http://test/493, URI:http://test/494, URI:http://test/495, URI:http://test/496, URI:http://test/497, URI:http://test/498, URI:http://test/499, URI:http://test/500, URI:http://test/501, URI:http://test/502, URI:http://test/503, URI:http://test/504, URI:http://test/505, URI:http://test/506, URI:http://test/507, URI:http://test/508, URI:http://test/509, URI:http://test/510, URI:http://test/511, URI:http://test/512, URI:http://test/513, URI:http://test/514, URI:http://test/515, URI:http://test/516, URI:http://test/517, URI:http://test/518, URI:http://test/519, URI:http://test/520, URI:http://test/521, URI:http://test/522, URI:http://test/523, URI:http://test/524, URI:http://test/525, URI:http://test/526, URI:http://test/527, URI:http://test/528, URI:http://test/529, URI:http://test/530, URI:http://test/531, URI:http://test/532, URI:http://test/533, URI:http://test/534, URI:http://test/535, URI:http://test/536, URI:http://test/537, URI:http://test/538, URI:http://test/539, URI:http://test/540, URI:http://test/541, URI:http://test/542, URI:http://test/543, URI:http://test/544, URI:http://test/545, URI:http://test/546, URI:http://test/547, URI:http://test/548, URI:http://test/549, URI:http://test/550, URI:http://test/551, URI:http://test/552, URI:http://test/553, URI:http://test/554, URI:http://test/555, URI:http://test/556, URI:http://test/557, URI:http://test/558, URI:http://test/559, URI:http://test/560, URI:http://test/561, URI:http://test/562, URI:http://test/563, URI:http://test/564, URI:http://test/565, URI:http://test/566, URI:http://test/567, URI:http://test/568, URI:http://test/569, URI:http://test/570, URI:http://test/571, URI:http://test/572, URI:http://test/573, URI:http://test/574, URI:http://test/575, URI:http://test/576, URI:http://test/577, URI:http://test/578, URI:http://test/579, URI:http://test/580, URI:http://test/581, URI:http://test/582, URI:http://test/583, URI:http://test/584, URI:http://test/585, URI:http://test/586, URI:http://test/587, URI:http://test/588, URI:http://test/589, URI:http://test/590, URI:http://test/591, URI:http://test/592, URI:http://test/593, URI:http://test/594, URI:http://test/595, URI:http://test/596, URI:http://test/597, URI:http://test/598, URI:http://test/599, URI:http://test/600, URI:http://test/601, URI:http://test/602, URI:http://test/603, URI:http://test/604, URI:http://test/605, URI:http://test/606, URI:http://test/607, URI:http://test/608, URI:http://test/609, URI:http://test/610, URI:http://test/611, URI:http://test/612, URI:http://test/613, URI:http://test/614, URI:http://test/615, URI:http://test/616, URI:http://test/617, URI:http://test/618, URI:http://test/619, URI:http://test/620, URI:http://test/621, URI:http://test/622, URI:http://test/623, URI:http://test/624, URI:http://test/625, URI:http://test/626, URI:http://test/627, URI:http://test/628, URI:http://test/629, URI:http://test/630, URI:http://test/631, URI:http://test/632, URI:http://test/633, URI:http://test/634, URI:http://test/635, URI:http://test/636, URI:http://test/637, URI:http://test/638, URI:http://test/639, URI:http://test/640, URI:http://test/641, URI:http://test/642, URI:http://test/643, URI:http://test/644, URI:http://test/645, URI:http://test/646, URI:http://test/647, URI:http://test/648, URI:http://test/649, URI:http://test/650, URI:http://test/651, URI:http://test/652, URI:http://test/653, URI:http://test/654, URI:http://test/655, URI:http://test/656, URI:http://test/657, URI:http://test/658, URI:http://test/659, URI:http://test/660, URI:http://test/661, URI:http://test/662, URI:http://test/663, URI:http://test/664, URI:http://test/665, URI:http://test/666, URI:http://test/667, URI:http://test/668, URI:http://test/669, URI:http://test/670, URI:http://test/671, URI:http://test/672, URI:http://test/673, URI:http://test/674, URI:http://test/675, URI:http://test/676, URI:http://test/677, URI:http://test/678, URI:http://test/679, URI:http://test/680, URI:http://test/681, URI:http://test/682, URI:http://test/683, URI:http://test/684, URI:http://test/685, URI:http://test/686, URI:http://test/687, URI:http://test/688, URI:http://test/689, URI:http://test/690, URI:http://test/691, URI:http://test/692, URI:http://test/693, URI:http://test/694, URI:http://test/695, URI:http://test/696, URI:http://test/697, URI:http://test/698, URI:http://test/699, URI:http://test/700, URI:http://test/701, URI:http://test/702, URI:http://test/703, URI:http://test/704, URI:http://test/705, URI:http://test/706, URI:http://test/707, URI:http://test/708, URI:http://test/709, URI:http://test/710, URI:http://test/711, URI:http://test/712, URI:http://test/713, URI:http://test/714, URI:http://test/715, URI:http://test/716, URI:http://test/717, URI:http://test/718, URI:http://test/719, URI:http://test/720, URI:http://test/721, URI:http://test/722, URI:http://test/723, URI:http://test/724, URI:http://test/725, URI:http://test/726, URI:http://test/727, URI:http://test/728, URI:http://test/729, URI:http://test/730, URI:http://test/731, URI:http://test/732, URI:http://test/733, URI:http://test/734, URI:http://test/735, URI:http://test/736, URI:http://test/737, URI:http://test/738, URI:http://test/739, URI:http://test/740, URI:http://test/741, URI:http://test/742, URI:http://test/743, URI:http://test/744, URI:http://test/745, URI:http://test/746, URI:http://test/747, URI:http://test/748, URI:http://test/749, URI:http://test/750, URI:http://test/751, URI:http://test/752, URI:http://test/753, URI:http://test/754, URI:http://test/755, URI:http://test/756, URI:http://test/757, URI:http://test/758, URI:http://test/759, URI:http://test/760, URI:http://test/761, URI:http://test/762, URI:http://test/763, URI:http://test/764, URI:http://test/765, URI:http://test/766, URI:http://test/767, URI:http://test/768, URI:http://test/769, URI:http://test/770, URI:http://test/771, URI:http://test/772, URI:http://test/773, URI:http://test/774, URI:http://test/775, URI:http://test/776, URI:http://test/777, URI:http://test/778, URI:http://test/779, URI:http://test/780, URI:http://test/781, URI:http://test/782, URI:http://test/783, URI:http://test/784, URI:http://test/785, URI:http://test/786, URI:http://test/787, URI:http://test/788, URI:http://test/789, URI:http://test/790, URI:http://test/791, URI:http://test/792, URI:http://test/793, URI:http://test/794, URI:http://test/795, URI:http://test/796, URI:http://test/797, URI:http://test/798, URI:http://test/799, URI:http://test/800, URI:http://test/801, URI:http://test/802, URI:http://test/803, URI:http://test/804, URI:http://test/805, URI:http://test/806, URI:http://test/807, URI:http://test/808, URI:http://test/809, URI:http://test/810, URI:http://test/811, URI:http://test/812, URI:http://test/813, URI:http://test/814, URI:http://test/815, URI:http://test/816, URI:http://test/817, URI:http://test/818, URI:http://test/819, URI:http://test/820, URI:http://test/821, URI:http://test/822, URI:http://test/823, URI:http://test/824, URI:http://test/825, URI:http://test/826, URI:http://test/827, URI:http://test/828, URI:http://test/829, URI:http://test/830, URI:http://test/831, URI:http://test/832, URI:http://test/833, URI:http://test/834, URI:http://test/835, URI:http://test/836, URI:http://test/837, URI:http://test/838, URI:http://test/839, URI:http://test/840, URI:http://test/841, URI:http://test/842, URI:http://test/843, URI:http://test/844, URI:http://test/845, URI:http://test/846, URI:http://test/847, URI:http://test/848, URI:http://test/849, URI:http://test/850, URI:http://test/851, URI:http://test/852, URI:http://test/853, URI:http://test/854, URI:http://test/855, URI:http://test/856, URI:http://test/857, URI:http://test/858, URI:http://test/859, URI:http://test/860, URI:http://test/861, URI:http://test/862, URI:http://test/863, URI:http://test/864, URI:http://test/865, URI:http://test/866, URI:http://test/867, URI:http://test/868, URI:http://test/869, URI:http://test/870, URI:http://test/871, URI:http://test/872, URI:http://test/873, URI:http://test/874, URI:http://test/875, URI:http://test/876, URI:http://test/877, URI:http://test/878, URI:http://test/879, URI:http://test/880, URI:http://test/881, URI:http://test/882, URI:http://test/883, URI:http://test/884, URI:http://test/885, URI:http://test/886, URI:http://test/887, URI:http://test/888, URI:http://test/889, URI:http://test/890, URI:http://test/891, URI:http://test/892, URI:http://test/893, URI:http://test/894, URI:http://test/895, URI:http://test/896, URI:http://test/897, URI:http://test/898, URI:http://test/899, URI:http://test/900, URI:http://test/901, URI:http://test/902, URI:http://test/903, URI:http://test/904, URI:http://test/905, URI:http://test/906, URI:http://test/907, URI:http://test/908, URI:http://test/909, URI:http://test/910, URI:http://test/911, URI:http://test/912, URI:http://test/913, URI:http://test/914, URI:http://test/915, URI:http://test/916, URI:http://test/917, URI:http://test/918, URI:http://test/919, URI:http://test/920, URI:http://test/921, URI:http://test/922, URI:http://test/923, URI:http://test/924, URI:http://test/925, URI:http://test/926, URI:http://test/927, URI:http://test/928, URI:http://test/929, URI:http://test/930, URI:http://test/931, URI:http://test/932, URI:http://test/933, URI:http://test/934, URI:http://test/935, URI:http://test/936, URI:http://test/937, URI:http://test/938, URI:http://test/939, URI:http://test/940, URI:http://test/941, URI:http://test/942, URI:http://test/943, URI:http://test/944, URI:http://test/945, URI:http://test/946, URI:http://test/947, URI:http://test/948, URI:http://test/949, URI:http://test/950, URI:http://test/951, URI:http://test/952, URI:http://test/953, URI:http://test/954, URI:http://test/955, URI:http://test/956, URI:http://test/957, URI:http://test/958, URI:http://test/959, URI:http://test/960, URI:http://test/961, URI:http://test/962, URI:http://test/963, URI:http://test/964, URI:http://test/965, URI:http://test/966, URI:http://test/967, URI:http://test/968, URI:http://test/969, URI:http://test/970, URI:http://test/971, URI:http://test/972, URI:http://test/973, URI:http://test/974, URI:http://test/975, URI:http://test/976, URI:http://test/977, URI:http://test/978, URI:http://test/979, URI:http://test/980, URI:http://test/981, URI:http://test/982, URI:http://test/983, URI:http://test/984, URI:http://test/985, URI:http://test/986, URI:http://test/987, URI:http://test/988, URI:http://test/989, URI:http://test/990, URI:http://test/991, URI:http://test/992, URI:http://test/993, URI:http://test/994, URI:http://test/995, URI:http://test/996, URI:http://test/997, URI:http://test/998, URI:http://test/999, URI:http://test/1000, URI:http://test/1001, URI:http://test/1002, URI:http://test/1003, URI:http://test/1004, URI:http://test/1005, URI:http://test/1006, URI:http://test/1007, URI:http://test/1008, URI:http://test/1009, URI:http://test/1010, URI:http://test/1011, URI:http://test/1012, URI:http://test/1013, URI:http://test/1014, URI:http://test/1015, URI:http://test/1016, URI:http://test/1017, URI:http://test/1018, URI:http://test/1019, URI:http://test/1020, URI:http://test/1021, URI:http://test/1022, URI:http://test/1023, URI:http://test/1024 + Signature Algorithm: sha256WithRSAEncryption +- 1e:90:d6:4a:8f:24:06:8a:de:41:4f:3b:39:1c:5d:81:24:48: +- 2f:66:9e:6c:fe:c0:b3:cf:a3:8a:a0:4a:02:e2:d3:04:7e:87: +- 42:87:31:5e:75:25:b9:7c:93:ac:0e:3d:a7:0e:09:ef:0f:6c: +- 67:3d:96:fe:4d:7b:86:cd:94:5e:1c:74:d4:b9:fe:da:7a:07: +- 3e:14:ac:e6:8e:4c:de:47:bc:9a:fd:8c:8d:33:31:23:72:f3: +- 6b:b9:45:d4:9b:0e:87:d9:2f:38:9d:fb:67:f4:10:53:a6:58: +- 47:a3:c3:66:38:90:96:e7:23:5f:5e:41:0b:85:42:80:29:1b: +- 83:d3:00:e0:37:d1:66:3a:1e:5b:a0:d9:91:b1:96:70:2d:9f: +- 6c:82:84:9d:b5:21:90:b9:64:2b:70:87:f3:dd:06:9f:71:22: +- e9:66:35:32:04:23:c5:08:9b:f3:e6:82:65:6d:f4:0c:19:74: +- 8d:eb:56:9b:41:77:56:1e:53:13:de:57:15:e5:76:e2:de:d4: +- 51:7c:24:49:33:6d:5d:c7:50:bc:55:18:35:3e:b5:3f:0e:46: +- 58:2c:55:7d:fa:ff:91:fa:ea:94:91:e6:bf:af:06:2d:51:ad: +- e5:2a:3d:06:ec:7e:17:8c:f6:2c:ab:05:ef:91:f1:cd:21:cb: +- 01:23:80:e0 ++ 08:00:7f:e0:40:75:d2:43:36:3f:e3:6c:cf:c1:4a:69:b2:0c: ++ 1b:a8:a8:6b:7a:ee:ed:d0:2d:ee:e2:52:d9:2a:1f:5d:ac:29: ++ f5:12:e2:af:3b:db:a0:6d:3a:b4:09:ef:76:fa:52:68:5f:07: ++ 5f:9f:a4:52:8f:1d:da:da:b6:93:54:87:47:d0:3c:66:7e:ff: ++ 1b:e3:1e:da:52:4c:00:46:5b:0c:eb:9e:b8:5e:1e:db:f7:ce: ++ dd:2c:0f:4e:23:1d:63:98:ed:e5:18:e8:04:9c:a1:1e:cd:58: ++ de:09:43:4d:bf:8d:4b:6d:8e:32:e9:a6:53:40:17:0c:e2:59: ++ 43:55:2d:3f:ab:af:aa:13:48:ac:00:ac:5b:df:16:c7:20:2a: ++ ea:50:ef:79:78:c9:34:d5:c5:7f:8f:27:d0:5a:42:3a:e8:13: ++ 01:51:bc:a3:b9:53:6f:1d:e4:73:52:8d:f0:c7:9c:d1:46:19: ++ aa:28:63:3e:cc:4a:5f:63:0d:1d:28:4b:e0:b4:37:83:db:85: ++ 8c:84:86:7e:37:15:a8:ed:a8:00:da:14:97:fd:f1:c8:ea:6e: ++ 3a:b7:19:c1:6f:53:6b:0b:ff:29:60:30:7d:b6:35:d6:b8:58: ++ 6f:55:32:18:c6:44:c3:08:d8:c4:95:25:7b:ba:13:04:26:34: ++ 7c:d4:0e:a1 + -----BEGIN CERTIFICATE----- +-MIKBQzCCgCugAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1DANBgkqhkiG9w0BAQsF ++MIJ2lTCCdX2gAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1DANBgkqhkiG9w0BAQsF + ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx + MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +@@ -82,12 +82,12 @@ P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ + B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O + Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g + QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +-4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCfpAwgn6MMB0GA1UdDgQW ++4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCc+IwgnPeMB0GA1UdDgQW + BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok + 8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt + Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 + Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgn2iBgNVHREEgn2ZMIJ9lYIH ++BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgnL0BgNVHREEgnLrMIJy54IH + dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu + dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl + c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +@@ -163,607 +163,550 @@ ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz + MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 + ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC + CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +-Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +-c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +-dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +-LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +-dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +-MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +-dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +-ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +-NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +-ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +-CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +-NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +-c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +-dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +-LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +-dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +-NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +-dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +-ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIcECgAAAIcECgAAAYcECgAAAocECgAAA4cE +-CgAABIcECgAABYcECgAABocECgAAB4cECgAACIcECgAACYcECgAACocECgAAC4cE +-CgAADIcECgAADYcECgAADocECgAAD4cECgAAEIcECgAAEYcECgAAEocECgAAE4cE +-CgAAFIcECgAAFYcECgAAFocECgAAF4cECgAAGIcECgAAGYcECgAAGocECgAAG4cE +-CgAAHIcECgAAHYcECgAAHocECgAAH4cECgAAIIcECgAAIYcECgAAIocECgAAI4cE +-CgAAJIcECgAAJYcECgAAJocECgAAJ4cECgAAKIcECgAAKYcECgAAKocECgAAK4cE +-CgAALIcECgAALYcECgAALocECgAAL4cECgAAMIcECgAAMYcECgAAMocECgAAM4cE +-CgAANIcECgAANYcECgAANocECgAAN4cECgAAOIcECgAAOYcECgAAOocECgAAO4cE +-CgAAPIcECgAAPYcECgAAPocECgAAP4cECgAAQIcECgAAQYcECgAAQocECgAAQ4cE +-CgAARIcECgAARYcECgAARocECgAAR4cECgAASIcECgAASYcECgAASocECgAAS4cE +-CgAATIcECgAATYcECgAATocECgAAT4cECgAAUIcECgAAUYcECgAAUocECgAAU4cE +-CgAAVIcECgAAVYcECgAAVocECgAAV4cECgAAWIcECgAAWYcECgAAWocECgAAW4cE +-CgAAXIcECgAAXYcECgAAXocECgAAX4cECgAAYIcECgAAYYcECgAAYocECgAAY4cE +-CgAAZIcECgAAZYcECgAAZocECgAAZ4cECgAAaIcECgAAaYcECgAAaocECgAAa4cE +-CgAAbIcECgAAbYcECgAAbocECgAAb4cECgAAcIcECgAAcYcECgAAcocECgAAc4cE +-CgAAdIcECgAAdYcECgAAdocECgAAd4cECgAAeIcECgAAeYcECgAAeocECgAAe4cE +-CgAAfIcECgAAfYcECgAAfocECgAAf4cECgAAgIcECgAAgYcECgAAgocECgAAg4cE +-CgAAhIcECgAAhYcECgAAhocECgAAh4cECgAAiIcECgAAiYcECgAAiocECgAAi4cE +-CgAAjIcECgAAjYcECgAAjocECgAAj4cECgAAkIcECgAAkYcECgAAkocECgAAk4cE +-CgAAlIcECgAAlYcECgAAlocECgAAl4cECgAAmIcECgAAmYcECgAAmocECgAAm4cE +-CgAAnIcECgAAnYcECgAAnocECgAAn4cECgAAoIcECgAAoYcECgAAoocECgAAo4cE +-CgAApIcECgAApYcECgAApocECgAAp4cECgAAqIcECgAAqYcECgAAqocECgAAq4cE +-CgAArIcECgAArYcECgAArocECgAAr4cECgAAsIcECgAAsYcECgAAsocECgAAs4cE +-CgAAtIcECgAAtYcECgAAtocECgAAt4cECgAAuIcECgAAuYcECgAAuocECgAAu4cE +-CgAAvIcECgAAvYcECgAAvocECgAAv4cECgAAwIcECgAAwYcECgAAwocECgAAw4cE +-CgAAxIcECgAAxYcECgAAxocECgAAx4cECgAAyIcECgAAyYcECgAAyocECgAAy4cE +-CgAAzIcECgAAzYcECgAAzocECgAAz4cECgAA0IcECgAA0YcECgAA0ocECgAA04cE +-CgAA1IcECgAA1YcECgAA1ocECgAA14cECgAA2IcECgAA2YcECgAA2ocECgAA24cE +-CgAA3IcECgAA3YcECgAA3ocECgAA34cECgAA4IcECgAA4YcECgAA4ocECgAA44cE +-CgAA5IcECgAA5YcECgAA5ocECgAA54cECgAA6IcECgAA6YcECgAA6ocECgAA64cE +-CgAA7IcECgAA7YcECgAA7ocECgAA74cECgAA8IcECgAA8YcECgAA8ocECgAA84cE +-CgAA9IcECgAA9YcECgAA9ocECgAA94cECgAA+IcECgAA+YcECgAA+ocECgAA+4cE +-CgAA/IcECgAA/YcECgAA/ocECgAA/4cECgABAIcECgABAYcECgABAocECgABA4cE +-CgABBIcECgABBYcECgABBocECgABB4cECgABCIcECgABCYcECgABCocECgABC4cE +-CgABDIcECgABDYcECgABDocECgABD4cECgABEIcECgABEYcECgABEocECgABE4cE +-CgABFIcECgABFYcECgABFocECgABF4cECgABGIcECgABGYcECgABGocECgABG4cE +-CgABHIcECgABHYcECgABHocECgABH4cECgABIIcECgABIYcECgABIocECgABI4cE +-CgABJIcECgABJYcECgABJocECgABJ4cECgABKIcECgABKYcECgABKocECgABK4cE +-CgABLIcECgABLYcECgABLocECgABL4cECgABMIcECgABMYcECgABMocECgABM4cE +-CgABNIcECgABNYcECgABNocECgABN4cECgABOIcECgABOYcECgABOocECgABO4cE +-CgABPIcECgABPYcECgABPocECgABP4cECgABQIcECgABQYcECgABQocECgABQ4cE +-CgABRIcECgABRYcECgABRocECgABR4cECgABSIcECgABSYcECgABSocECgABS4cE +-CgABTIcECgABTYcECgABTocECgABT4cECgABUIcECgABUYcECgABUocECgABU4cE +-CgABVIcECgABVYcECgABVocECgABV4cECgABWIcECgABWYcECgABWocECgABW4cE +-CgABXIcECgABXYcECgABXocECgABX4cECgABYIcECgABYYcECgABYocECgABY4cE +-CgABZIcECgABZYcECgABZocECgABZ4cECgABaIcECgABaYcECgABaocECgABa4cE +-CgABbIcECgABbYcECgABbocECgABb4cECgABcIcECgABcYcECgABcocECgABc4cE +-CgABdIcECgABdYcECgABdocECgABd4cECgABeIcECgABeYcECgABeocECgABe4cE +-CgABfIcECgABfYcECgABfocECgABf4cECgABgIcECgABgYcECgABgocECgABg4cE +-CgABhIcECgABhYcECgABhocECgABh4cECgABiIcECgABiYcECgABiocECgABi4cE +-CgABjIcECgABjYcECgABjocECgABj4cECgABkIcECgABkYcECgABkocECgABk4cE +-CgABlIcECgABlYcECgABlocECgABl4cECgABmIcECgABmYcECgABmocECgABm4cE +-CgABnIcECgABnYcECgABnocECgABn4cECgABoIcECgABoaQPMA0xCzAJBgNVBAMM +-AnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0MqQPMA0xCzAJBgNV +-BAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQDDAJ0NaQPMA0xCzAJ +-BgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYDVQQDDAJ0OKQPMA0x +-CzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEMMAoGA1UEAwwDdDEx +-pBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEzpBAwDjEMMAoGA1UE +-AwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UEAwwDdDE2pBAwDjEM +-MAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEMMAoGA1UEAwwDdDE5 +-pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIxpBAwDjEMMAoGA1UE +-AwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UEAwwDdDI0pBAwDjEM +-MAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEMMAoGA1UEAwwDdDI3 +-pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5pBAwDjEMMAoGA1UE +-AwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UEAwwDdDMypBAwDjEM +-MAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEMMAoGA1UEAwwDdDM1 +-pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3pBAwDjEMMAoGA1UE +-AwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UEAwwDdDQwpBAwDjEM +-MAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEMMAoGA1UEAwwDdDQz +-pBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1pBAwDjEMMAoGA1UE +-AwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UEAwwDdDQ4pBAwDjEM +-MAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEMMAoGA1UEAwwDdDUx +-pBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUzpBAwDjEMMAoGA1UE +-AwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UEAwwDdDU2pBAwDjEM +-MAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEMMAoGA1UEAwwDdDU5 +-pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYxpBAwDjEMMAoGA1UE +-AwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UEAwwDdDY0pBAwDjEM +-MAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEMMAoGA1UEAwwDdDY3 +-pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5pBAwDjEMMAoGA1UE +-AwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UEAwwDdDcypBAwDjEM +-MAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEMMAoGA1UEAwwDdDc1 +-pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3pBAwDjEMMAoGA1UE +-AwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UEAwwDdDgwpBAwDjEM +-MAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEMMAoGA1UEAwwDdDgz +-pBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1pBAwDjEMMAoGA1UE +-AwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UEAwwDdDg4pBAwDjEM +-MAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEMMAoGA1UEAwwDdDkx +-pBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkzpBAwDjEMMAoGA1UE +-AwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UEAwwDdDk2pBAwDjEM +-MAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEMMAoGA1UEAwwDdDk5 +-pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQxMDGkETAPMQ0wCwYD +-VQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTALBgNVBAMMBHQxMDSk +-ETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEwNqQRMA8xDTALBgNV +-BAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsGA1UEAwwEdDEwOaQR +-MA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTExpBEwDzENMAsGA1UE +-AwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYDVQQDDAR0MTE0pBEw +-DzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTakETAPMQ0wCwYDVQQD +-DAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNVBAMMBHQxMTmkETAP +-MQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQRMA8xDTALBgNVBAMM +-BHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UEAwwEdDEyNKQRMA8x +-DTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEwDzENMAsGA1UEAwwE +-dDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQDDAR0MTI5pBEwDzEN +-MAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAPMQ0wCwYDVQQDDAR0 +-MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMMBHQxMzSkETAPMQ0w +-CwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8xDTALBgNVBAMMBHQx +-MzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwEdDEzOaQRMA8xDTAL +-BgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzENMAsGA1UEAwwEdDE0 +-MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0MTQ0pBEwDzENMAsG +-A1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0wCwYDVQQDDAR0MTQ3 +-pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQxNDmkETAPMQ0wCwYD +-VQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTALBgNVBAMMBHQxNTKk +-ETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1NKQRMA8xDTALBgNV +-BAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsGA1UEAwwEdDE1N6QR +-MA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5pBEwDzENMAsGA1UE +-AwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYDVQQDDAR0MTYypBEw +-DzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSkETAPMQ0wCwYDVQQD +-DAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNVBAMMBHQxNjekETAP +-MQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQRMA8xDTALBgNVBAMM +-BHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UEAwwEdDE3MqQRMA8x +-DTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEwDzENMAsGA1UEAwwE +-dDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQDDAR0MTc3pBEwDzEN +-MAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAPMQ0wCwYDVQQDDAR0 +-MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMMBHQxODKkETAPMQ0w +-CwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8xDTALBgNVBAMMBHQx +-ODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwEdDE4N6QRMA8xDTAL +-BgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzENMAsGA1UEAwwEdDE5 +-MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0MTkypBEwDzENMAsG +-A1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0wCwYDVQQDDAR0MTk1 +-pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQxOTekETAPMQ0wCwYD +-VQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTALBgNVBAMMBHQyMDCk +-ETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIwMqQRMA8xDTALBgNV +-BAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsGA1UEAwwEdDIwNaQR +-MA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3pBEwDzENMAsGA1UE +-AwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYDVQQDDAR0MjEwpBEw +-DzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKkETAPMQ0wCwYDVQQD +-DAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNVBAMMBHQyMTWkETAP +-MQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QRMA8xDTALBgNVBAMM +-BHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UEAwwEdDIyMKQRMA8x +-DTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEwDzENMAsGA1UEAwwE +-dDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQDDAR0MjI1pBEwDzEN +-MAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAPMQ0wCwYDVQQDDAR0 +-MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMMBHQyMzCkETAPMQ0w +-CwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8xDTALBgNVBAMMBHQy +-MzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwEdDIzNaQRMA8xDTAL +-BgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzENMAsGA1UEAwwEdDIz +-OKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0MjQwpBEwDzENMAsG +-A1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0wCwYDVQQDDAR0MjQz +-pBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQyNDWkETAPMQ0wCwYD +-VQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTALBgNVBAMMBHQyNDik +-ETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1MKQRMA8xDTALBgNV +-BAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsGA1UEAwwEdDI1M6QR +-MA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1pBEwDzENMAsGA1UE +-AwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYDVQQDDAR0MjU4pBEw +-DzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCkETAPMQ0wCwYDVQQD +-DAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNVBAMMBHQyNjOkETAP +-MQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQRMA8xDTALBgNVBAMM +-BHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UEAwwEdDI2OKQRMA8x +-DTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEwDzENMAsGA1UEAwwE +-dDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQDDAR0MjczpBEwDzEN +-MAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAPMQ0wCwYDVQQDDAR0 +-Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMMBHQyNzikETAPMQ0w +-CwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8xDTALBgNVBAMMBHQy +-ODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwEdDI4M6QRMA8xDTAL +-BgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzENMAsGA1UEAwwEdDI4 +-NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0Mjg4pBEwDzENMAsG +-A1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0wCwYDVQQDDAR0Mjkx +-pBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQyOTOkETAPMQ0wCwYD +-VQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTALBgNVBAMMBHQyOTak +-ETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5OKQRMA8xDTALBgNV +-BAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsGA1UEAwwEdDMwMaQR +-MA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAzpBEwDzENMAsGA1UE +-AwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYDVQQDDAR0MzA2pBEw +-DzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDikETAPMQ0wCwYDVQQD +-DAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNVBAMMBHQzMTGkETAP +-MQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QRMA8xDTALBgNVBAMM +-BHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UEAwwEdDMxNqQRMA8x +-DTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEwDzENMAsGA1UEAwwE +-dDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQDDAR0MzIxpBEwDzEN +-MAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAPMQ0wCwYDVQQDDAR0 +-MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMMBHQzMjakETAPMQ0w +-CwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8xDTALBgNVBAMMBHQz +-MjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwEdDMzMaQRMA8xDTAL +-BgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzENMAsGA1UEAwwEdDMz +-NKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0MzM2pBEwDzENMAsG +-A1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0wCwYDVQQDDAR0MzM5 +-pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQzNDGkETAPMQ0wCwYD +-VQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTALBgNVBAMMBHQzNDSk +-ETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0NqQRMA8xDTALBgNV +-BAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsGA1UEAwwEdDM0OaQR +-MA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUxpBEwDzENMAsGA1UE +-AwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYDVQQDDAR0MzU0pBEw +-DzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTakETAPMQ0wCwYDVQQD +-DAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNVBAMMBHQzNTmkETAP +-MQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQRMA8xDTALBgNVBAMM +-BHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UEAwwEdDM2NKQRMA8x +-DTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEwDzENMAsGA1UEAwwE +-dDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQDDAR0MzY5pBEwDzEN +-MAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAPMQ0wCwYDVQQDDAR0 +-MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMMBHQzNzSkETAPMQ0w +-CwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8xDTALBgNVBAMMBHQz +-NzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwEdDM3OaQRMA8xDTAL +-BgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzENMAsGA1UEAwwEdDM4 +-MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0Mzg0pBEwDzENMAsG +-A1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0wCwYDVQQDDAR0Mzg3 +-pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQzODmkETAPMQ0wCwYD +-VQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTALBgNVBAMMBHQzOTKk +-ETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5NKQRMA8xDTALBgNV +-BAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsGA1UEAwwEdDM5N6QR +-MA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5pBEwDzENMAsGA1UE +-AwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYDVQQDDAR0NDAypBEw +-DzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSkETAPMQ0wCwYDVQQD +-DAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNVBAMMBHQ0MDekETAP +-MQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQRMA8xDTALBgNVBAMM +-BHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UEAwwEdDQxMqQRMA8x +-DTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEwDzENMAsGA1UEAwwE +-dDQxNaQRMA8xDTALBgNVBAMMBHQ0MTaGDWh0dHA6Ly90ZXN0LzCGDWh0dHA6Ly90 +-ZXN0LzGGDWh0dHA6Ly90ZXN0LzKGDWh0dHA6Ly90ZXN0LzOGDWh0dHA6Ly90ZXN0 +-LzSGDWh0dHA6Ly90ZXN0LzWGDWh0dHA6Ly90ZXN0LzaGDWh0dHA6Ly90ZXN0LzeG +-DWh0dHA6Ly90ZXN0LziGDWh0dHA6Ly90ZXN0LzmGDmh0dHA6Ly90ZXN0LzEwhg5o +-dHRwOi8vdGVzdC8xMYYOaHR0cDovL3Rlc3QvMTKGDmh0dHA6Ly90ZXN0LzEzhg5o +-dHRwOi8vdGVzdC8xNIYOaHR0cDovL3Rlc3QvMTWGDmh0dHA6Ly90ZXN0LzE2hg5o +-dHRwOi8vdGVzdC8xN4YOaHR0cDovL3Rlc3QvMTiGDmh0dHA6Ly90ZXN0LzE5hg5o +-dHRwOi8vdGVzdC8yMIYOaHR0cDovL3Rlc3QvMjGGDmh0dHA6Ly90ZXN0LzIyhg5o +-dHRwOi8vdGVzdC8yM4YOaHR0cDovL3Rlc3QvMjSGDmh0dHA6Ly90ZXN0LzI1hg5o +-dHRwOi8vdGVzdC8yNoYOaHR0cDovL3Rlc3QvMjeGDmh0dHA6Ly90ZXN0LzI4hg5o +-dHRwOi8vdGVzdC8yOYYOaHR0cDovL3Rlc3QvMzCGDmh0dHA6Ly90ZXN0LzMxhg5o +-dHRwOi8vdGVzdC8zMoYOaHR0cDovL3Rlc3QvMzOGDmh0dHA6Ly90ZXN0LzM0hg5o +-dHRwOi8vdGVzdC8zNYYOaHR0cDovL3Rlc3QvMzaGDmh0dHA6Ly90ZXN0LzM3hg5o +-dHRwOi8vdGVzdC8zOIYOaHR0cDovL3Rlc3QvMzmGDmh0dHA6Ly90ZXN0LzQwhg5o +-dHRwOi8vdGVzdC80MYYOaHR0cDovL3Rlc3QvNDKGDmh0dHA6Ly90ZXN0LzQzhg5o +-dHRwOi8vdGVzdC80NIYOaHR0cDovL3Rlc3QvNDWGDmh0dHA6Ly90ZXN0LzQ2hg5o +-dHRwOi8vdGVzdC80N4YOaHR0cDovL3Rlc3QvNDiGDmh0dHA6Ly90ZXN0LzQ5hg5o +-dHRwOi8vdGVzdC81MIYOaHR0cDovL3Rlc3QvNTGGDmh0dHA6Ly90ZXN0LzUyhg5o +-dHRwOi8vdGVzdC81M4YOaHR0cDovL3Rlc3QvNTSGDmh0dHA6Ly90ZXN0LzU1hg5o +-dHRwOi8vdGVzdC81NoYOaHR0cDovL3Rlc3QvNTeGDmh0dHA6Ly90ZXN0LzU4hg5o +-dHRwOi8vdGVzdC81OYYOaHR0cDovL3Rlc3QvNjCGDmh0dHA6Ly90ZXN0LzYxhg5o +-dHRwOi8vdGVzdC82MoYOaHR0cDovL3Rlc3QvNjOGDmh0dHA6Ly90ZXN0LzY0hg5o +-dHRwOi8vdGVzdC82NYYOaHR0cDovL3Rlc3QvNjaGDmh0dHA6Ly90ZXN0LzY3hg5o +-dHRwOi8vdGVzdC82OIYOaHR0cDovL3Rlc3QvNjmGDmh0dHA6Ly90ZXN0Lzcwhg5o +-dHRwOi8vdGVzdC83MYYOaHR0cDovL3Rlc3QvNzKGDmh0dHA6Ly90ZXN0Lzczhg5o +-dHRwOi8vdGVzdC83NIYOaHR0cDovL3Rlc3QvNzWGDmh0dHA6Ly90ZXN0Lzc2hg5o +-dHRwOi8vdGVzdC83N4YOaHR0cDovL3Rlc3QvNziGDmh0dHA6Ly90ZXN0Lzc5hg5o +-dHRwOi8vdGVzdC84MIYOaHR0cDovL3Rlc3QvODGGDmh0dHA6Ly90ZXN0Lzgyhg5o +-dHRwOi8vdGVzdC84M4YOaHR0cDovL3Rlc3QvODSGDmh0dHA6Ly90ZXN0Lzg1hg5o +-dHRwOi8vdGVzdC84NoYOaHR0cDovL3Rlc3QvODeGDmh0dHA6Ly90ZXN0Lzg4hg5o +-dHRwOi8vdGVzdC84OYYOaHR0cDovL3Rlc3QvOTCGDmh0dHA6Ly90ZXN0Lzkxhg5o +-dHRwOi8vdGVzdC85MoYOaHR0cDovL3Rlc3QvOTOGDmh0dHA6Ly90ZXN0Lzk0hg5o +-dHRwOi8vdGVzdC85NYYOaHR0cDovL3Rlc3QvOTaGDmh0dHA6Ly90ZXN0Lzk3hg5o +-dHRwOi8vdGVzdC85OIYOaHR0cDovL3Rlc3QvOTmGD2h0dHA6Ly90ZXN0LzEwMIYP +-aHR0cDovL3Rlc3QvMTAxhg9odHRwOi8vdGVzdC8xMDKGD2h0dHA6Ly90ZXN0LzEw +-M4YPaHR0cDovL3Rlc3QvMTA0hg9odHRwOi8vdGVzdC8xMDWGD2h0dHA6Ly90ZXN0 +-LzEwNoYPaHR0cDovL3Rlc3QvMTA3hg9odHRwOi8vdGVzdC8xMDiGD2h0dHA6Ly90 +-ZXN0LzEwOYYPaHR0cDovL3Rlc3QvMTEwhg9odHRwOi8vdGVzdC8xMTGGD2h0dHA6 +-Ly90ZXN0LzExMoYPaHR0cDovL3Rlc3QvMTEzhg9odHRwOi8vdGVzdC8xMTSGD2h0 +-dHA6Ly90ZXN0LzExNYYPaHR0cDovL3Rlc3QvMTE2hg9odHRwOi8vdGVzdC8xMTeG +-D2h0dHA6Ly90ZXN0LzExOIYPaHR0cDovL3Rlc3QvMTE5hg9odHRwOi8vdGVzdC8x +-MjCGD2h0dHA6Ly90ZXN0LzEyMYYPaHR0cDovL3Rlc3QvMTIyhg9odHRwOi8vdGVz +-dC8xMjOGD2h0dHA6Ly90ZXN0LzEyNIYPaHR0cDovL3Rlc3QvMTI1hg9odHRwOi8v +-dGVzdC8xMjaGD2h0dHA6Ly90ZXN0LzEyN4YPaHR0cDovL3Rlc3QvMTI4hg9odHRw +-Oi8vdGVzdC8xMjmGD2h0dHA6Ly90ZXN0LzEzMIYPaHR0cDovL3Rlc3QvMTMxhg9o +-dHRwOi8vdGVzdC8xMzKGD2h0dHA6Ly90ZXN0LzEzM4YPaHR0cDovL3Rlc3QvMTM0 +-hg9odHRwOi8vdGVzdC8xMzWGD2h0dHA6Ly90ZXN0LzEzNoYPaHR0cDovL3Rlc3Qv +-MTM3hg9odHRwOi8vdGVzdC8xMziGD2h0dHA6Ly90ZXN0LzEzOYYPaHR0cDovL3Rl +-c3QvMTQwhg9odHRwOi8vdGVzdC8xNDGGD2h0dHA6Ly90ZXN0LzE0MoYPaHR0cDov +-L3Rlc3QvMTQzhg9odHRwOi8vdGVzdC8xNDSGD2h0dHA6Ly90ZXN0LzE0NYYPaHR0 +-cDovL3Rlc3QvMTQ2hg9odHRwOi8vdGVzdC8xNDeGD2h0dHA6Ly90ZXN0LzE0OIYP +-aHR0cDovL3Rlc3QvMTQ5hg9odHRwOi8vdGVzdC8xNTCGD2h0dHA6Ly90ZXN0LzE1 +-MYYPaHR0cDovL3Rlc3QvMTUyhg9odHRwOi8vdGVzdC8xNTOGD2h0dHA6Ly90ZXN0 +-LzE1NIYPaHR0cDovL3Rlc3QvMTU1hg9odHRwOi8vdGVzdC8xNTaGD2h0dHA6Ly90 +-ZXN0LzE1N4YPaHR0cDovL3Rlc3QvMTU4hg9odHRwOi8vdGVzdC8xNTmGD2h0dHA6 +-Ly90ZXN0LzE2MIYPaHR0cDovL3Rlc3QvMTYxhg9odHRwOi8vdGVzdC8xNjKGD2h0 +-dHA6Ly90ZXN0LzE2M4YPaHR0cDovL3Rlc3QvMTY0hg9odHRwOi8vdGVzdC8xNjWG +-D2h0dHA6Ly90ZXN0LzE2NoYPaHR0cDovL3Rlc3QvMTY3hg9odHRwOi8vdGVzdC8x +-NjiGD2h0dHA6Ly90ZXN0LzE2OYYPaHR0cDovL3Rlc3QvMTcwhg9odHRwOi8vdGVz +-dC8xNzGGD2h0dHA6Ly90ZXN0LzE3MoYPaHR0cDovL3Rlc3QvMTczhg9odHRwOi8v +-dGVzdC8xNzSGD2h0dHA6Ly90ZXN0LzE3NYYPaHR0cDovL3Rlc3QvMTc2hg9odHRw +-Oi8vdGVzdC8xNzeGD2h0dHA6Ly90ZXN0LzE3OIYPaHR0cDovL3Rlc3QvMTc5hg9o +-dHRwOi8vdGVzdC8xODCGD2h0dHA6Ly90ZXN0LzE4MYYPaHR0cDovL3Rlc3QvMTgy +-hg9odHRwOi8vdGVzdC8xODOGD2h0dHA6Ly90ZXN0LzE4NIYPaHR0cDovL3Rlc3Qv +-MTg1hg9odHRwOi8vdGVzdC8xODaGD2h0dHA6Ly90ZXN0LzE4N4YPaHR0cDovL3Rl +-c3QvMTg4hg9odHRwOi8vdGVzdC8xODmGD2h0dHA6Ly90ZXN0LzE5MIYPaHR0cDov +-L3Rlc3QvMTkxhg9odHRwOi8vdGVzdC8xOTKGD2h0dHA6Ly90ZXN0LzE5M4YPaHR0 +-cDovL3Rlc3QvMTk0hg9odHRwOi8vdGVzdC8xOTWGD2h0dHA6Ly90ZXN0LzE5NoYP +-aHR0cDovL3Rlc3QvMTk3hg9odHRwOi8vdGVzdC8xOTiGD2h0dHA6Ly90ZXN0LzE5 +-OYYPaHR0cDovL3Rlc3QvMjAwhg9odHRwOi8vdGVzdC8yMDGGD2h0dHA6Ly90ZXN0 +-LzIwMoYPaHR0cDovL3Rlc3QvMjAzhg9odHRwOi8vdGVzdC8yMDSGD2h0dHA6Ly90 +-ZXN0LzIwNYYPaHR0cDovL3Rlc3QvMjA2hg9odHRwOi8vdGVzdC8yMDeGD2h0dHA6 +-Ly90ZXN0LzIwOIYPaHR0cDovL3Rlc3QvMjA5hg9odHRwOi8vdGVzdC8yMTCGD2h0 +-dHA6Ly90ZXN0LzIxMYYPaHR0cDovL3Rlc3QvMjEyhg9odHRwOi8vdGVzdC8yMTOG +-D2h0dHA6Ly90ZXN0LzIxNIYPaHR0cDovL3Rlc3QvMjE1hg9odHRwOi8vdGVzdC8y +-MTaGD2h0dHA6Ly90ZXN0LzIxN4YPaHR0cDovL3Rlc3QvMjE4hg9odHRwOi8vdGVz +-dC8yMTmGD2h0dHA6Ly90ZXN0LzIyMIYPaHR0cDovL3Rlc3QvMjIxhg9odHRwOi8v +-dGVzdC8yMjKGD2h0dHA6Ly90ZXN0LzIyM4YPaHR0cDovL3Rlc3QvMjI0hg9odHRw +-Oi8vdGVzdC8yMjWGD2h0dHA6Ly90ZXN0LzIyNoYPaHR0cDovL3Rlc3QvMjI3hg9o +-dHRwOi8vdGVzdC8yMjiGD2h0dHA6Ly90ZXN0LzIyOYYPaHR0cDovL3Rlc3QvMjMw +-hg9odHRwOi8vdGVzdC8yMzGGD2h0dHA6Ly90ZXN0LzIzMoYPaHR0cDovL3Rlc3Qv +-MjMzhg9odHRwOi8vdGVzdC8yMzSGD2h0dHA6Ly90ZXN0LzIzNYYPaHR0cDovL3Rl +-c3QvMjM2hg9odHRwOi8vdGVzdC8yMzeGD2h0dHA6Ly90ZXN0LzIzOIYPaHR0cDov +-L3Rlc3QvMjM5hg9odHRwOi8vdGVzdC8yNDCGD2h0dHA6Ly90ZXN0LzI0MYYPaHR0 +-cDovL3Rlc3QvMjQyhg9odHRwOi8vdGVzdC8yNDOGD2h0dHA6Ly90ZXN0LzI0NIYP +-aHR0cDovL3Rlc3QvMjQ1hg9odHRwOi8vdGVzdC8yNDaGD2h0dHA6Ly90ZXN0LzI0 +-N4YPaHR0cDovL3Rlc3QvMjQ4hg9odHRwOi8vdGVzdC8yNDmGD2h0dHA6Ly90ZXN0 +-LzI1MIYPaHR0cDovL3Rlc3QvMjUxhg9odHRwOi8vdGVzdC8yNTKGD2h0dHA6Ly90 +-ZXN0LzI1M4YPaHR0cDovL3Rlc3QvMjU0hg9odHRwOi8vdGVzdC8yNTWGD2h0dHA6 +-Ly90ZXN0LzI1NoYPaHR0cDovL3Rlc3QvMjU3hg9odHRwOi8vdGVzdC8yNTiGD2h0 +-dHA6Ly90ZXN0LzI1OYYPaHR0cDovL3Rlc3QvMjYwhg9odHRwOi8vdGVzdC8yNjGG +-D2h0dHA6Ly90ZXN0LzI2MoYPaHR0cDovL3Rlc3QvMjYzhg9odHRwOi8vdGVzdC8y +-NjSGD2h0dHA6Ly90ZXN0LzI2NYYPaHR0cDovL3Rlc3QvMjY2hg9odHRwOi8vdGVz +-dC8yNjeGD2h0dHA6Ly90ZXN0LzI2OIYPaHR0cDovL3Rlc3QvMjY5hg9odHRwOi8v +-dGVzdC8yNzCGD2h0dHA6Ly90ZXN0LzI3MYYPaHR0cDovL3Rlc3QvMjcyhg9odHRw +-Oi8vdGVzdC8yNzOGD2h0dHA6Ly90ZXN0LzI3NIYPaHR0cDovL3Rlc3QvMjc1hg9o +-dHRwOi8vdGVzdC8yNzaGD2h0dHA6Ly90ZXN0LzI3N4YPaHR0cDovL3Rlc3QvMjc4 +-hg9odHRwOi8vdGVzdC8yNzmGD2h0dHA6Ly90ZXN0LzI4MIYPaHR0cDovL3Rlc3Qv +-Mjgxhg9odHRwOi8vdGVzdC8yODKGD2h0dHA6Ly90ZXN0LzI4M4YPaHR0cDovL3Rl +-c3QvMjg0hg9odHRwOi8vdGVzdC8yODWGD2h0dHA6Ly90ZXN0LzI4NoYPaHR0cDov +-L3Rlc3QvMjg3hg9odHRwOi8vdGVzdC8yODiGD2h0dHA6Ly90ZXN0LzI4OYYPaHR0 +-cDovL3Rlc3QvMjkwhg9odHRwOi8vdGVzdC8yOTGGD2h0dHA6Ly90ZXN0LzI5MoYP +-aHR0cDovL3Rlc3QvMjkzhg9odHRwOi8vdGVzdC8yOTSGD2h0dHA6Ly90ZXN0LzI5 +-NYYPaHR0cDovL3Rlc3QvMjk2hg9odHRwOi8vdGVzdC8yOTeGD2h0dHA6Ly90ZXN0 +-LzI5OIYPaHR0cDovL3Rlc3QvMjk5hg9odHRwOi8vdGVzdC8zMDCGD2h0dHA6Ly90 +-ZXN0LzMwMYYPaHR0cDovL3Rlc3QvMzAyhg9odHRwOi8vdGVzdC8zMDOGD2h0dHA6 +-Ly90ZXN0LzMwNIYPaHR0cDovL3Rlc3QvMzA1hg9odHRwOi8vdGVzdC8zMDaGD2h0 +-dHA6Ly90ZXN0LzMwN4YPaHR0cDovL3Rlc3QvMzA4hg9odHRwOi8vdGVzdC8zMDmG +-D2h0dHA6Ly90ZXN0LzMxMIYPaHR0cDovL3Rlc3QvMzExhg9odHRwOi8vdGVzdC8z +-MTKGD2h0dHA6Ly90ZXN0LzMxM4YPaHR0cDovL3Rlc3QvMzE0hg9odHRwOi8vdGVz +-dC8zMTWGD2h0dHA6Ly90ZXN0LzMxNoYPaHR0cDovL3Rlc3QvMzE3hg9odHRwOi8v +-dGVzdC8zMTiGD2h0dHA6Ly90ZXN0LzMxOYYPaHR0cDovL3Rlc3QvMzIwhg9odHRw +-Oi8vdGVzdC8zMjGGD2h0dHA6Ly90ZXN0LzMyMoYPaHR0cDovL3Rlc3QvMzIzhg9o +-dHRwOi8vdGVzdC8zMjSGD2h0dHA6Ly90ZXN0LzMyNYYPaHR0cDovL3Rlc3QvMzI2 +-hg9odHRwOi8vdGVzdC8zMjeGD2h0dHA6Ly90ZXN0LzMyOIYPaHR0cDovL3Rlc3Qv +-MzI5hg9odHRwOi8vdGVzdC8zMzCGD2h0dHA6Ly90ZXN0LzMzMYYPaHR0cDovL3Rl +-c3QvMzMyhg9odHRwOi8vdGVzdC8zMzOGD2h0dHA6Ly90ZXN0LzMzNIYPaHR0cDov +-L3Rlc3QvMzM1hg9odHRwOi8vdGVzdC8zMzaGD2h0dHA6Ly90ZXN0LzMzN4YPaHR0 +-cDovL3Rlc3QvMzM4hg9odHRwOi8vdGVzdC8zMzmGD2h0dHA6Ly90ZXN0LzM0MIYP +-aHR0cDovL3Rlc3QvMzQxhg9odHRwOi8vdGVzdC8zNDKGD2h0dHA6Ly90ZXN0LzM0 +-M4YPaHR0cDovL3Rlc3QvMzQ0hg9odHRwOi8vdGVzdC8zNDWGD2h0dHA6Ly90ZXN0 +-LzM0NoYPaHR0cDovL3Rlc3QvMzQ3hg9odHRwOi8vdGVzdC8zNDiGD2h0dHA6Ly90 +-ZXN0LzM0OYYPaHR0cDovL3Rlc3QvMzUwhg9odHRwOi8vdGVzdC8zNTGGD2h0dHA6 +-Ly90ZXN0LzM1MoYPaHR0cDovL3Rlc3QvMzUzhg9odHRwOi8vdGVzdC8zNTSGD2h0 +-dHA6Ly90ZXN0LzM1NYYPaHR0cDovL3Rlc3QvMzU2hg9odHRwOi8vdGVzdC8zNTeG +-D2h0dHA6Ly90ZXN0LzM1OIYPaHR0cDovL3Rlc3QvMzU5hg9odHRwOi8vdGVzdC8z +-NjCGD2h0dHA6Ly90ZXN0LzM2MYYPaHR0cDovL3Rlc3QvMzYyhg9odHRwOi8vdGVz +-dC8zNjOGD2h0dHA6Ly90ZXN0LzM2NIYPaHR0cDovL3Rlc3QvMzY1hg9odHRwOi8v +-dGVzdC8zNjaGD2h0dHA6Ly90ZXN0LzM2N4YPaHR0cDovL3Rlc3QvMzY4hg9odHRw +-Oi8vdGVzdC8zNjmGD2h0dHA6Ly90ZXN0LzM3MIYPaHR0cDovL3Rlc3QvMzcxhg9o +-dHRwOi8vdGVzdC8zNzKGD2h0dHA6Ly90ZXN0LzM3M4YPaHR0cDovL3Rlc3QvMzc0 +-hg9odHRwOi8vdGVzdC8zNzWGD2h0dHA6Ly90ZXN0LzM3NoYPaHR0cDovL3Rlc3Qv +-Mzc3hg9odHRwOi8vdGVzdC8zNziGD2h0dHA6Ly90ZXN0LzM3OYYPaHR0cDovL3Rl +-c3QvMzgwhg9odHRwOi8vdGVzdC8zODGGD2h0dHA6Ly90ZXN0LzM4MoYPaHR0cDov +-L3Rlc3QvMzgzhg9odHRwOi8vdGVzdC8zODSGD2h0dHA6Ly90ZXN0LzM4NYYPaHR0 +-cDovL3Rlc3QvMzg2hg9odHRwOi8vdGVzdC8zODeGD2h0dHA6Ly90ZXN0LzM4OIYP +-aHR0cDovL3Rlc3QvMzg5hg9odHRwOi8vdGVzdC8zOTCGD2h0dHA6Ly90ZXN0LzM5 +-MYYPaHR0cDovL3Rlc3QvMzkyhg9odHRwOi8vdGVzdC8zOTOGD2h0dHA6Ly90ZXN0 +-LzM5NIYPaHR0cDovL3Rlc3QvMzk1hg9odHRwOi8vdGVzdC8zOTaGD2h0dHA6Ly90 +-ZXN0LzM5N4YPaHR0cDovL3Rlc3QvMzk4hg9odHRwOi8vdGVzdC8zOTmGD2h0dHA6 +-Ly90ZXN0LzQwMIYPaHR0cDovL3Rlc3QvNDAxhg9odHRwOi8vdGVzdC80MDKGD2h0 +-dHA6Ly90ZXN0LzQwM4YPaHR0cDovL3Rlc3QvNDA0hg9odHRwOi8vdGVzdC80MDWG +-D2h0dHA6Ly90ZXN0LzQwNoYPaHR0cDovL3Rlc3QvNDA3hg9odHRwOi8vdGVzdC80 +-MDiGD2h0dHA6Ly90ZXN0LzQwOYYPaHR0cDovL3Rlc3QvNDEwhg9odHRwOi8vdGVz +-dC80MTGGD2h0dHA6Ly90ZXN0LzQxMoYPaHR0cDovL3Rlc3QvNDEzhg9odHRwOi8v +-dGVzdC80MTSGD2h0dHA6Ly90ZXN0LzQxNYYPaHR0cDovL3Rlc3QvNDE2hg9odHRw +-Oi8vdGVzdC80MTeGD2h0dHA6Ly90ZXN0LzQxOIYPaHR0cDovL3Rlc3QvNDE5hg9o +-dHRwOi8vdGVzdC80MjCGD2h0dHA6Ly90ZXN0LzQyMYYPaHR0cDovL3Rlc3QvNDIy +-hg9odHRwOi8vdGVzdC80MjOGD2h0dHA6Ly90ZXN0LzQyNIYPaHR0cDovL3Rlc3Qv +-NDI1hg9odHRwOi8vdGVzdC80MjaGD2h0dHA6Ly90ZXN0LzQyN4YPaHR0cDovL3Rl +-c3QvNDI4hg9odHRwOi8vdGVzdC80MjmGD2h0dHA6Ly90ZXN0LzQzMIYPaHR0cDov +-L3Rlc3QvNDMxhg9odHRwOi8vdGVzdC80MzKGD2h0dHA6Ly90ZXN0LzQzM4YPaHR0 +-cDovL3Rlc3QvNDM0hg9odHRwOi8vdGVzdC80MzWGD2h0dHA6Ly90ZXN0LzQzNoYP +-aHR0cDovL3Rlc3QvNDM3hg9odHRwOi8vdGVzdC80MziGD2h0dHA6Ly90ZXN0LzQz +-OYYPaHR0cDovL3Rlc3QvNDQwhg9odHRwOi8vdGVzdC80NDGGD2h0dHA6Ly90ZXN0 +-LzQ0MoYPaHR0cDovL3Rlc3QvNDQzhg9odHRwOi8vdGVzdC80NDSGD2h0dHA6Ly90 +-ZXN0LzQ0NYYPaHR0cDovL3Rlc3QvNDQ2hg9odHRwOi8vdGVzdC80NDeGD2h0dHA6 +-Ly90ZXN0LzQ0OIYPaHR0cDovL3Rlc3QvNDQ5hg9odHRwOi8vdGVzdC80NTCGD2h0 +-dHA6Ly90ZXN0LzQ1MYYPaHR0cDovL3Rlc3QvNDUyhg9odHRwOi8vdGVzdC80NTOG +-D2h0dHA6Ly90ZXN0LzQ1NIYPaHR0cDovL3Rlc3QvNDU1hg9odHRwOi8vdGVzdC80 +-NTaGD2h0dHA6Ly90ZXN0LzQ1N4YPaHR0cDovL3Rlc3QvNDU4hg9odHRwOi8vdGVz +-dC80NTmGD2h0dHA6Ly90ZXN0LzQ2MIYPaHR0cDovL3Rlc3QvNDYxhg9odHRwOi8v +-dGVzdC80NjKGD2h0dHA6Ly90ZXN0LzQ2M4YPaHR0cDovL3Rlc3QvNDY0hg9odHRw +-Oi8vdGVzdC80NjWGD2h0dHA6Ly90ZXN0LzQ2NoYPaHR0cDovL3Rlc3QvNDY3hg9o +-dHRwOi8vdGVzdC80NjiGD2h0dHA6Ly90ZXN0LzQ2OYYPaHR0cDovL3Rlc3QvNDcw +-hg9odHRwOi8vdGVzdC80NzGGD2h0dHA6Ly90ZXN0LzQ3MoYPaHR0cDovL3Rlc3Qv +-NDczhg9odHRwOi8vdGVzdC80NzSGD2h0dHA6Ly90ZXN0LzQ3NYYPaHR0cDovL3Rl +-c3QvNDc2hg9odHRwOi8vdGVzdC80NzeGD2h0dHA6Ly90ZXN0LzQ3OIYPaHR0cDov +-L3Rlc3QvNDc5hg9odHRwOi8vdGVzdC80ODCGD2h0dHA6Ly90ZXN0LzQ4MYYPaHR0 +-cDovL3Rlc3QvNDgyhg9odHRwOi8vdGVzdC80ODOGD2h0dHA6Ly90ZXN0LzQ4NIYP +-aHR0cDovL3Rlc3QvNDg1hg9odHRwOi8vdGVzdC80ODaGD2h0dHA6Ly90ZXN0LzQ4 +-N4YPaHR0cDovL3Rlc3QvNDg4hg9odHRwOi8vdGVzdC80ODmGD2h0dHA6Ly90ZXN0 +-LzQ5MIYPaHR0cDovL3Rlc3QvNDkxhg9odHRwOi8vdGVzdC80OTKGD2h0dHA6Ly90 +-ZXN0LzQ5M4YPaHR0cDovL3Rlc3QvNDk0hg9odHRwOi8vdGVzdC80OTWGD2h0dHA6 +-Ly90ZXN0LzQ5NoYPaHR0cDovL3Rlc3QvNDk3hg9odHRwOi8vdGVzdC80OTiGD2h0 +-dHA6Ly90ZXN0LzQ5OYYPaHR0cDovL3Rlc3QvNTAwhg9odHRwOi8vdGVzdC81MDGG +-D2h0dHA6Ly90ZXN0LzUwMoYPaHR0cDovL3Rlc3QvNTAzhg9odHRwOi8vdGVzdC81 +-MDSGD2h0dHA6Ly90ZXN0LzUwNYYPaHR0cDovL3Rlc3QvNTA2hg9odHRwOi8vdGVz +-dC81MDeGD2h0dHA6Ly90ZXN0LzUwOIYPaHR0cDovL3Rlc3QvNTA5hg9odHRwOi8v +-dGVzdC81MTCGD2h0dHA6Ly90ZXN0LzUxMYYPaHR0cDovL3Rlc3QvNTEyhg9odHRw +-Oi8vdGVzdC81MTOGD2h0dHA6Ly90ZXN0LzUxNIYPaHR0cDovL3Rlc3QvNTE1hg9o +-dHRwOi8vdGVzdC81MTaGD2h0dHA6Ly90ZXN0LzUxN4YPaHR0cDovL3Rlc3QvNTE4 +-hg9odHRwOi8vdGVzdC81MTmGD2h0dHA6Ly90ZXN0LzUyMIYPaHR0cDovL3Rlc3Qv +-NTIxhg9odHRwOi8vdGVzdC81MjKGD2h0dHA6Ly90ZXN0LzUyM4YPaHR0cDovL3Rl +-c3QvNTI0hg9odHRwOi8vdGVzdC81MjWGD2h0dHA6Ly90ZXN0LzUyNoYPaHR0cDov +-L3Rlc3QvNTI3hg9odHRwOi8vdGVzdC81MjiGD2h0dHA6Ly90ZXN0LzUyOYYPaHR0 +-cDovL3Rlc3QvNTMwhg9odHRwOi8vdGVzdC81MzGGD2h0dHA6Ly90ZXN0LzUzMoYP +-aHR0cDovL3Rlc3QvNTMzhg9odHRwOi8vdGVzdC81MzSGD2h0dHA6Ly90ZXN0LzUz +-NYYPaHR0cDovL3Rlc3QvNTM2hg9odHRwOi8vdGVzdC81MzeGD2h0dHA6Ly90ZXN0 +-LzUzOIYPaHR0cDovL3Rlc3QvNTM5hg9odHRwOi8vdGVzdC81NDCGD2h0dHA6Ly90 +-ZXN0LzU0MYYPaHR0cDovL3Rlc3QvNTQyhg9odHRwOi8vdGVzdC81NDOGD2h0dHA6 +-Ly90ZXN0LzU0NIYPaHR0cDovL3Rlc3QvNTQ1hg9odHRwOi8vdGVzdC81NDaGD2h0 +-dHA6Ly90ZXN0LzU0N4YPaHR0cDovL3Rlc3QvNTQ4hg9odHRwOi8vdGVzdC81NDmG +-D2h0dHA6Ly90ZXN0LzU1MIYPaHR0cDovL3Rlc3QvNTUxhg9odHRwOi8vdGVzdC81 +-NTKGD2h0dHA6Ly90ZXN0LzU1M4YPaHR0cDovL3Rlc3QvNTU0hg9odHRwOi8vdGVz +-dC81NTWGD2h0dHA6Ly90ZXN0LzU1NoYPaHR0cDovL3Rlc3QvNTU3hg9odHRwOi8v +-dGVzdC81NTiGD2h0dHA6Ly90ZXN0LzU1OYYPaHR0cDovL3Rlc3QvNTYwhg9odHRw +-Oi8vdGVzdC81NjGGD2h0dHA6Ly90ZXN0LzU2MoYPaHR0cDovL3Rlc3QvNTYzhg9o +-dHRwOi8vdGVzdC81NjSGD2h0dHA6Ly90ZXN0LzU2NYYPaHR0cDovL3Rlc3QvNTY2 +-hg9odHRwOi8vdGVzdC81NjeGD2h0dHA6Ly90ZXN0LzU2OIYPaHR0cDovL3Rlc3Qv +-NTY5hg9odHRwOi8vdGVzdC81NzCGD2h0dHA6Ly90ZXN0LzU3MYYPaHR0cDovL3Rl +-c3QvNTcyhg9odHRwOi8vdGVzdC81NzOGD2h0dHA6Ly90ZXN0LzU3NIYPaHR0cDov +-L3Rlc3QvNTc1hg9odHRwOi8vdGVzdC81NzaGD2h0dHA6Ly90ZXN0LzU3N4YPaHR0 +-cDovL3Rlc3QvNTc4hg9odHRwOi8vdGVzdC81NzmGD2h0dHA6Ly90ZXN0LzU4MIYP +-aHR0cDovL3Rlc3QvNTgxhg9odHRwOi8vdGVzdC81ODKGD2h0dHA6Ly90ZXN0LzU4 +-M4YPaHR0cDovL3Rlc3QvNTg0hg9odHRwOi8vdGVzdC81ODWGD2h0dHA6Ly90ZXN0 +-LzU4NoYPaHR0cDovL3Rlc3QvNTg3hg9odHRwOi8vdGVzdC81ODiGD2h0dHA6Ly90 +-ZXN0LzU4OYYPaHR0cDovL3Rlc3QvNTkwhg9odHRwOi8vdGVzdC81OTGGD2h0dHA6 +-Ly90ZXN0LzU5MoYPaHR0cDovL3Rlc3QvNTkzhg9odHRwOi8vdGVzdC81OTSGD2h0 +-dHA6Ly90ZXN0LzU5NYYPaHR0cDovL3Rlc3QvNTk2hg9odHRwOi8vdGVzdC81OTeG +-D2h0dHA6Ly90ZXN0LzU5OIYPaHR0cDovL3Rlc3QvNTk5hg9odHRwOi8vdGVzdC82 +-MDCGD2h0dHA6Ly90ZXN0LzYwMYYPaHR0cDovL3Rlc3QvNjAyhg9odHRwOi8vdGVz +-dC82MDOGD2h0dHA6Ly90ZXN0LzYwNIYPaHR0cDovL3Rlc3QvNjA1hg9odHRwOi8v +-dGVzdC82MDaGD2h0dHA6Ly90ZXN0LzYwN4YPaHR0cDovL3Rlc3QvNjA4hg9odHRw +-Oi8vdGVzdC82MDmGD2h0dHA6Ly90ZXN0LzYxMIYPaHR0cDovL3Rlc3QvNjExhg9o +-dHRwOi8vdGVzdC82MTKGD2h0dHA6Ly90ZXN0LzYxM4YPaHR0cDovL3Rlc3QvNjE0 +-hg9odHRwOi8vdGVzdC82MTWGD2h0dHA6Ly90ZXN0LzYxNoYPaHR0cDovL3Rlc3Qv +-NjE3hg9odHRwOi8vdGVzdC82MTiGD2h0dHA6Ly90ZXN0LzYxOYYPaHR0cDovL3Rl +-c3QvNjIwhg9odHRwOi8vdGVzdC82MjGGD2h0dHA6Ly90ZXN0LzYyMoYPaHR0cDov +-L3Rlc3QvNjIzhg9odHRwOi8vdGVzdC82MjSGD2h0dHA6Ly90ZXN0LzYyNYYPaHR0 +-cDovL3Rlc3QvNjI2hg9odHRwOi8vdGVzdC82MjeGD2h0dHA6Ly90ZXN0LzYyOIYP +-aHR0cDovL3Rlc3QvNjI5hg9odHRwOi8vdGVzdC82MzCGD2h0dHA6Ly90ZXN0LzYz +-MYYPaHR0cDovL3Rlc3QvNjMyhg9odHRwOi8vdGVzdC82MzOGD2h0dHA6Ly90ZXN0 +-LzYzNIYPaHR0cDovL3Rlc3QvNjM1hg9odHRwOi8vdGVzdC82MzaGD2h0dHA6Ly90 +-ZXN0LzYzN4YPaHR0cDovL3Rlc3QvNjM4hg9odHRwOi8vdGVzdC82MzmGD2h0dHA6 +-Ly90ZXN0LzY0MIYPaHR0cDovL3Rlc3QvNjQxhg9odHRwOi8vdGVzdC82NDKGD2h0 +-dHA6Ly90ZXN0LzY0M4YPaHR0cDovL3Rlc3QvNjQ0hg9odHRwOi8vdGVzdC82NDWG +-D2h0dHA6Ly90ZXN0LzY0NoYPaHR0cDovL3Rlc3QvNjQ3hg9odHRwOi8vdGVzdC82 +-NDiGD2h0dHA6Ly90ZXN0LzY0OYYPaHR0cDovL3Rlc3QvNjUwhg9odHRwOi8vdGVz +-dC82NTGGD2h0dHA6Ly90ZXN0LzY1MoYPaHR0cDovL3Rlc3QvNjUzhg9odHRwOi8v +-dGVzdC82NTSGD2h0dHA6Ly90ZXN0LzY1NYYPaHR0cDovL3Rlc3QvNjU2hg9odHRw +-Oi8vdGVzdC82NTeGD2h0dHA6Ly90ZXN0LzY1OIYPaHR0cDovL3Rlc3QvNjU5hg9o +-dHRwOi8vdGVzdC82NjCGD2h0dHA6Ly90ZXN0LzY2MYYPaHR0cDovL3Rlc3QvNjYy +-hg9odHRwOi8vdGVzdC82NjOGD2h0dHA6Ly90ZXN0LzY2NIYPaHR0cDovL3Rlc3Qv +-NjY1hg9odHRwOi8vdGVzdC82NjaGD2h0dHA6Ly90ZXN0LzY2N4YPaHR0cDovL3Rl +-c3QvNjY4hg9odHRwOi8vdGVzdC82NjmGD2h0dHA6Ly90ZXN0LzY3MIYPaHR0cDov +-L3Rlc3QvNjcxhg9odHRwOi8vdGVzdC82NzKGD2h0dHA6Ly90ZXN0LzY3M4YPaHR0 +-cDovL3Rlc3QvNjc0hg9odHRwOi8vdGVzdC82NzWGD2h0dHA6Ly90ZXN0LzY3NoYP +-aHR0cDovL3Rlc3QvNjc3hg9odHRwOi8vdGVzdC82NziGD2h0dHA6Ly90ZXN0LzY3 +-OYYPaHR0cDovL3Rlc3QvNjgwhg9odHRwOi8vdGVzdC82ODGGD2h0dHA6Ly90ZXN0 +-LzY4MoYPaHR0cDovL3Rlc3QvNjgzhg9odHRwOi8vdGVzdC82ODSGD2h0dHA6Ly90 +-ZXN0LzY4NYYPaHR0cDovL3Rlc3QvNjg2hg9odHRwOi8vdGVzdC82ODeGD2h0dHA6 +-Ly90ZXN0LzY4OIYPaHR0cDovL3Rlc3QvNjg5hg9odHRwOi8vdGVzdC82OTCGD2h0 +-dHA6Ly90ZXN0LzY5MYYPaHR0cDovL3Rlc3QvNjkyhg9odHRwOi8vdGVzdC82OTOG +-D2h0dHA6Ly90ZXN0LzY5NIYPaHR0cDovL3Rlc3QvNjk1hg9odHRwOi8vdGVzdC82 +-OTaGD2h0dHA6Ly90ZXN0LzY5N4YPaHR0cDovL3Rlc3QvNjk4hg9odHRwOi8vdGVz +-dC82OTmGD2h0dHA6Ly90ZXN0LzcwMIYPaHR0cDovL3Rlc3QvNzAxhg9odHRwOi8v +-dGVzdC83MDKGD2h0dHA6Ly90ZXN0LzcwM4YPaHR0cDovL3Rlc3QvNzA0hg9odHRw +-Oi8vdGVzdC83MDWGD2h0dHA6Ly90ZXN0LzcwNoYPaHR0cDovL3Rlc3QvNzA3hg9o +-dHRwOi8vdGVzdC83MDiGD2h0dHA6Ly90ZXN0LzcwOYYPaHR0cDovL3Rlc3QvNzEw +-hg9odHRwOi8vdGVzdC83MTGGD2h0dHA6Ly90ZXN0LzcxMoYPaHR0cDovL3Rlc3Qv +-NzEzhg9odHRwOi8vdGVzdC83MTSGD2h0dHA6Ly90ZXN0LzcxNYYPaHR0cDovL3Rl +-c3QvNzE2hg9odHRwOi8vdGVzdC83MTeGD2h0dHA6Ly90ZXN0LzcxOIYPaHR0cDov +-L3Rlc3QvNzE5hg9odHRwOi8vdGVzdC83MjCGD2h0dHA6Ly90ZXN0LzcyMYYPaHR0 +-cDovL3Rlc3QvNzIyhg9odHRwOi8vdGVzdC83MjOGD2h0dHA6Ly90ZXN0LzcyNIYP +-aHR0cDovL3Rlc3QvNzI1hg9odHRwOi8vdGVzdC83MjaGD2h0dHA6Ly90ZXN0Lzcy +-N4YPaHR0cDovL3Rlc3QvNzI4hg9odHRwOi8vdGVzdC83MjmGD2h0dHA6Ly90ZXN0 +-LzczMIYPaHR0cDovL3Rlc3QvNzMxhg9odHRwOi8vdGVzdC83MzKGD2h0dHA6Ly90 +-ZXN0LzczM4YPaHR0cDovL3Rlc3QvNzM0hg9odHRwOi8vdGVzdC83MzWGD2h0dHA6 +-Ly90ZXN0LzczNoYPaHR0cDovL3Rlc3QvNzM3hg9odHRwOi8vdGVzdC83MziGD2h0 +-dHA6Ly90ZXN0LzczOYYPaHR0cDovL3Rlc3QvNzQwhg9odHRwOi8vdGVzdC83NDGG +-D2h0dHA6Ly90ZXN0Lzc0MoYPaHR0cDovL3Rlc3QvNzQzhg9odHRwOi8vdGVzdC83 +-NDSGD2h0dHA6Ly90ZXN0Lzc0NYYPaHR0cDovL3Rlc3QvNzQ2hg9odHRwOi8vdGVz +-dC83NDeGD2h0dHA6Ly90ZXN0Lzc0OIYPaHR0cDovL3Rlc3QvNzQ5hg9odHRwOi8v +-dGVzdC83NTCGD2h0dHA6Ly90ZXN0Lzc1MYYPaHR0cDovL3Rlc3QvNzUyhg9odHRw +-Oi8vdGVzdC83NTOGD2h0dHA6Ly90ZXN0Lzc1NIYPaHR0cDovL3Rlc3QvNzU1hg9o +-dHRwOi8vdGVzdC83NTaGD2h0dHA6Ly90ZXN0Lzc1N4YPaHR0cDovL3Rlc3QvNzU4 +-hg9odHRwOi8vdGVzdC83NTmGD2h0dHA6Ly90ZXN0Lzc2MIYPaHR0cDovL3Rlc3Qv +-NzYxhg9odHRwOi8vdGVzdC83NjKGD2h0dHA6Ly90ZXN0Lzc2M4YPaHR0cDovL3Rl +-c3QvNzY0hg9odHRwOi8vdGVzdC83NjWGD2h0dHA6Ly90ZXN0Lzc2NoYPaHR0cDov +-L3Rlc3QvNzY3hg9odHRwOi8vdGVzdC83NjiGD2h0dHA6Ly90ZXN0Lzc2OYYPaHR0 +-cDovL3Rlc3QvNzcwhg9odHRwOi8vdGVzdC83NzGGD2h0dHA6Ly90ZXN0Lzc3MoYP +-aHR0cDovL3Rlc3QvNzczhg9odHRwOi8vdGVzdC83NzSGD2h0dHA6Ly90ZXN0Lzc3 +-NYYPaHR0cDovL3Rlc3QvNzc2hg9odHRwOi8vdGVzdC83NzeGD2h0dHA6Ly90ZXN0 +-Lzc3OIYPaHR0cDovL3Rlc3QvNzc5hg9odHRwOi8vdGVzdC83ODCGD2h0dHA6Ly90 +-ZXN0Lzc4MYYPaHR0cDovL3Rlc3QvNzgyhg9odHRwOi8vdGVzdC83ODOGD2h0dHA6 +-Ly90ZXN0Lzc4NIYPaHR0cDovL3Rlc3QvNzg1hg9odHRwOi8vdGVzdC83ODaGD2h0 +-dHA6Ly90ZXN0Lzc4N4YPaHR0cDovL3Rlc3QvNzg4hg9odHRwOi8vdGVzdC83ODmG +-D2h0dHA6Ly90ZXN0Lzc5MIYPaHR0cDovL3Rlc3QvNzkxhg9odHRwOi8vdGVzdC83 +-OTKGD2h0dHA6Ly90ZXN0Lzc5M4YPaHR0cDovL3Rlc3QvNzk0hg9odHRwOi8vdGVz +-dC83OTWGD2h0dHA6Ly90ZXN0Lzc5NoYPaHR0cDovL3Rlc3QvNzk3hg9odHRwOi8v +-dGVzdC83OTiGD2h0dHA6Ly90ZXN0Lzc5OYYPaHR0cDovL3Rlc3QvODAwhg9odHRw +-Oi8vdGVzdC84MDGGD2h0dHA6Ly90ZXN0LzgwMoYPaHR0cDovL3Rlc3QvODAzhg9o +-dHRwOi8vdGVzdC84MDSGD2h0dHA6Ly90ZXN0LzgwNYYPaHR0cDovL3Rlc3QvODA2 +-hg9odHRwOi8vdGVzdC84MDeGD2h0dHA6Ly90ZXN0LzgwOIYPaHR0cDovL3Rlc3Qv +-ODA5hg9odHRwOi8vdGVzdC84MTCGD2h0dHA6Ly90ZXN0LzgxMYYPaHR0cDovL3Rl +-c3QvODEyhg9odHRwOi8vdGVzdC84MTOGD2h0dHA6Ly90ZXN0LzgxNIYPaHR0cDov +-L3Rlc3QvODE1hg9odHRwOi8vdGVzdC84MTaGD2h0dHA6Ly90ZXN0LzgxN4YPaHR0 +-cDovL3Rlc3QvODE4hg9odHRwOi8vdGVzdC84MTmGD2h0dHA6Ly90ZXN0LzgyMIYP +-aHR0cDovL3Rlc3QvODIxhg9odHRwOi8vdGVzdC84MjKGD2h0dHA6Ly90ZXN0Lzgy +-M4YPaHR0cDovL3Rlc3QvODI0hg9odHRwOi8vdGVzdC84MjWGD2h0dHA6Ly90ZXN0 +-LzgyNoYPaHR0cDovL3Rlc3QvODI3hg9odHRwOi8vdGVzdC84MjiGD2h0dHA6Ly90 +-ZXN0LzgyOYYPaHR0cDovL3Rlc3QvODMwhg9odHRwOi8vdGVzdC84MzGGD2h0dHA6 +-Ly90ZXN0LzgzMoYPaHR0cDovL3Rlc3QvODMzhg9odHRwOi8vdGVzdC84MzSGD2h0 +-dHA6Ly90ZXN0LzgzNYYPaHR0cDovL3Rlc3QvODM2hg9odHRwOi8vdGVzdC84MzeG +-D2h0dHA6Ly90ZXN0LzgzOIYPaHR0cDovL3Rlc3QvODM5hg9odHRwOi8vdGVzdC84 +-NDCGD2h0dHA6Ly90ZXN0Lzg0MYYPaHR0cDovL3Rlc3QvODQyhg9odHRwOi8vdGVz +-dC84NDOGD2h0dHA6Ly90ZXN0Lzg0NIYPaHR0cDovL3Rlc3QvODQ1hg9odHRwOi8v +-dGVzdC84NDaGD2h0dHA6Ly90ZXN0Lzg0N4YPaHR0cDovL3Rlc3QvODQ4hg9odHRw +-Oi8vdGVzdC84NDmGD2h0dHA6Ly90ZXN0Lzg1MIYPaHR0cDovL3Rlc3QvODUxhg9o +-dHRwOi8vdGVzdC84NTKGD2h0dHA6Ly90ZXN0Lzg1M4YPaHR0cDovL3Rlc3QvODU0 +-hg9odHRwOi8vdGVzdC84NTWGD2h0dHA6Ly90ZXN0Lzg1NoYPaHR0cDovL3Rlc3Qv +-ODU3hg9odHRwOi8vdGVzdC84NTiGD2h0dHA6Ly90ZXN0Lzg1OYYPaHR0cDovL3Rl +-c3QvODYwhg9odHRwOi8vdGVzdC84NjGGD2h0dHA6Ly90ZXN0Lzg2MoYPaHR0cDov +-L3Rlc3QvODYzhg9odHRwOi8vdGVzdC84NjSGD2h0dHA6Ly90ZXN0Lzg2NYYPaHR0 +-cDovL3Rlc3QvODY2hg9odHRwOi8vdGVzdC84NjeGD2h0dHA6Ly90ZXN0Lzg2OIYP +-aHR0cDovL3Rlc3QvODY5hg9odHRwOi8vdGVzdC84NzCGD2h0dHA6Ly90ZXN0Lzg3 +-MYYPaHR0cDovL3Rlc3QvODcyhg9odHRwOi8vdGVzdC84NzOGD2h0dHA6Ly90ZXN0 +-Lzg3NIYPaHR0cDovL3Rlc3QvODc1hg9odHRwOi8vdGVzdC84NzaGD2h0dHA6Ly90 +-ZXN0Lzg3N4YPaHR0cDovL3Rlc3QvODc4hg9odHRwOi8vdGVzdC84NzmGD2h0dHA6 +-Ly90ZXN0Lzg4MIYPaHR0cDovL3Rlc3QvODgxhg9odHRwOi8vdGVzdC84ODKGD2h0 +-dHA6Ly90ZXN0Lzg4M4YPaHR0cDovL3Rlc3QvODg0hg9odHRwOi8vdGVzdC84ODWG +-D2h0dHA6Ly90ZXN0Lzg4NoYPaHR0cDovL3Rlc3QvODg3hg9odHRwOi8vdGVzdC84 +-ODiGD2h0dHA6Ly90ZXN0Lzg4OYYPaHR0cDovL3Rlc3QvODkwhg9odHRwOi8vdGVz +-dC84OTGGD2h0dHA6Ly90ZXN0Lzg5MoYPaHR0cDovL3Rlc3QvODkzhg9odHRwOi8v +-dGVzdC84OTSGD2h0dHA6Ly90ZXN0Lzg5NYYPaHR0cDovL3Rlc3QvODk2hg9odHRw +-Oi8vdGVzdC84OTeGD2h0dHA6Ly90ZXN0Lzg5OIYPaHR0cDovL3Rlc3QvODk5hg9o +-dHRwOi8vdGVzdC85MDCGD2h0dHA6Ly90ZXN0LzkwMYYPaHR0cDovL3Rlc3QvOTAy +-hg9odHRwOi8vdGVzdC85MDOGD2h0dHA6Ly90ZXN0LzkwNIYPaHR0cDovL3Rlc3Qv +-OTA1hg9odHRwOi8vdGVzdC85MDaGD2h0dHA6Ly90ZXN0LzkwN4YPaHR0cDovL3Rl +-c3QvOTA4hg9odHRwOi8vdGVzdC85MDmGD2h0dHA6Ly90ZXN0LzkxMIYPaHR0cDov +-L3Rlc3QvOTExhg9odHRwOi8vdGVzdC85MTKGD2h0dHA6Ly90ZXN0LzkxM4YPaHR0 +-cDovL3Rlc3QvOTE0hg9odHRwOi8vdGVzdC85MTWGD2h0dHA6Ly90ZXN0LzkxNoYP +-aHR0cDovL3Rlc3QvOTE3hg9odHRwOi8vdGVzdC85MTiGD2h0dHA6Ly90ZXN0Lzkx +-OYYPaHR0cDovL3Rlc3QvOTIwhg9odHRwOi8vdGVzdC85MjGGD2h0dHA6Ly90ZXN0 +-LzkyMoYPaHR0cDovL3Rlc3QvOTIzhg9odHRwOi8vdGVzdC85MjSGD2h0dHA6Ly90 +-ZXN0LzkyNYYPaHR0cDovL3Rlc3QvOTI2hg9odHRwOi8vdGVzdC85MjeGD2h0dHA6 +-Ly90ZXN0LzkyOIYPaHR0cDovL3Rlc3QvOTI5hg9odHRwOi8vdGVzdC85MzCGD2h0 +-dHA6Ly90ZXN0LzkzMYYPaHR0cDovL3Rlc3QvOTMyhg9odHRwOi8vdGVzdC85MzOG +-D2h0dHA6Ly90ZXN0LzkzNIYPaHR0cDovL3Rlc3QvOTM1hg9odHRwOi8vdGVzdC85 +-MzaGD2h0dHA6Ly90ZXN0LzkzN4YPaHR0cDovL3Rlc3QvOTM4hg9odHRwOi8vdGVz +-dC85MzmGD2h0dHA6Ly90ZXN0Lzk0MIYPaHR0cDovL3Rlc3QvOTQxhg9odHRwOi8v +-dGVzdC85NDKGD2h0dHA6Ly90ZXN0Lzk0M4YPaHR0cDovL3Rlc3QvOTQ0hg9odHRw +-Oi8vdGVzdC85NDWGD2h0dHA6Ly90ZXN0Lzk0NoYPaHR0cDovL3Rlc3QvOTQ3hg9o +-dHRwOi8vdGVzdC85NDiGD2h0dHA6Ly90ZXN0Lzk0OYYPaHR0cDovL3Rlc3QvOTUw +-hg9odHRwOi8vdGVzdC85NTGGD2h0dHA6Ly90ZXN0Lzk1MoYPaHR0cDovL3Rlc3Qv +-OTUzhg9odHRwOi8vdGVzdC85NTSGD2h0dHA6Ly90ZXN0Lzk1NYYPaHR0cDovL3Rl +-c3QvOTU2hg9odHRwOi8vdGVzdC85NTeGD2h0dHA6Ly90ZXN0Lzk1OIYPaHR0cDov +-L3Rlc3QvOTU5hg9odHRwOi8vdGVzdC85NjCGD2h0dHA6Ly90ZXN0Lzk2MYYPaHR0 +-cDovL3Rlc3QvOTYyhg9odHRwOi8vdGVzdC85NjOGD2h0dHA6Ly90ZXN0Lzk2NIYP +-aHR0cDovL3Rlc3QvOTY1hg9odHRwOi8vdGVzdC85NjaGD2h0dHA6Ly90ZXN0Lzk2 +-N4YPaHR0cDovL3Rlc3QvOTY4hg9odHRwOi8vdGVzdC85NjmGD2h0dHA6Ly90ZXN0 +-Lzk3MIYPaHR0cDovL3Rlc3QvOTcxhg9odHRwOi8vdGVzdC85NzKGD2h0dHA6Ly90 +-ZXN0Lzk3M4YPaHR0cDovL3Rlc3QvOTc0hg9odHRwOi8vdGVzdC85NzWGD2h0dHA6 +-Ly90ZXN0Lzk3NoYPaHR0cDovL3Rlc3QvOTc3hg9odHRwOi8vdGVzdC85NziGD2h0 +-dHA6Ly90ZXN0Lzk3OYYPaHR0cDovL3Rlc3QvOTgwhg9odHRwOi8vdGVzdC85ODGG +-D2h0dHA6Ly90ZXN0Lzk4MoYPaHR0cDovL3Rlc3QvOTgzhg9odHRwOi8vdGVzdC85 +-ODSGD2h0dHA6Ly90ZXN0Lzk4NYYPaHR0cDovL3Rlc3QvOTg2hg9odHRwOi8vdGVz +-dC85ODeGD2h0dHA6Ly90ZXN0Lzk4OIYPaHR0cDovL3Rlc3QvOTg5hg9odHRwOi8v +-dGVzdC85OTCGD2h0dHA6Ly90ZXN0Lzk5MYYPaHR0cDovL3Rlc3QvOTkyhg9odHRw +-Oi8vdGVzdC85OTOGD2h0dHA6Ly90ZXN0Lzk5NIYPaHR0cDovL3Rlc3QvOTk1hg9o +-dHRwOi8vdGVzdC85OTaGD2h0dHA6Ly90ZXN0Lzk5N4YPaHR0cDovL3Rlc3QvOTk4 +-hg9odHRwOi8vdGVzdC85OTmGEGh0dHA6Ly90ZXN0LzEwMDCGEGh0dHA6Ly90ZXN0 +-LzEwMDGGEGh0dHA6Ly90ZXN0LzEwMDKGEGh0dHA6Ly90ZXN0LzEwMDOGEGh0dHA6 +-Ly90ZXN0LzEwMDSGEGh0dHA6Ly90ZXN0LzEwMDWGEGh0dHA6Ly90ZXN0LzEwMDaG +-EGh0dHA6Ly90ZXN0LzEwMDeGEGh0dHA6Ly90ZXN0LzEwMDiGEGh0dHA6Ly90ZXN0 +-LzEwMDmGEGh0dHA6Ly90ZXN0LzEwMTCGEGh0dHA6Ly90ZXN0LzEwMTGGEGh0dHA6 +-Ly90ZXN0LzEwMTKGEGh0dHA6Ly90ZXN0LzEwMTOGEGh0dHA6Ly90ZXN0LzEwMTSG +-EGh0dHA6Ly90ZXN0LzEwMTWGEGh0dHA6Ly90ZXN0LzEwMTaGEGh0dHA6Ly90ZXN0 +-LzEwMTeGEGh0dHA6Ly90ZXN0LzEwMTiGEGh0dHA6Ly90ZXN0LzEwMTmGEGh0dHA6 +-Ly90ZXN0LzEwMjCGEGh0dHA6Ly90ZXN0LzEwMjGGEGh0dHA6Ly90ZXN0LzEwMjKG +-EGh0dHA6Ly90ZXN0LzEwMjOGEGh0dHA6Ly90ZXN0LzEwMjQwDQYJKoZIhvcNAQEL +-BQADggEBAB6Q1kqPJAaK3kFPOzkcXYEkSC9mnmz+wLPPo4qgSgLi0wR+h0KHMV51 +-Jbl8k6wOPacOCe8PbGc9lv5Ne4bNlF4cdNS5/tp6Bz4UrOaOTN5HvJr9jI0zMSNy +-82u5RdSbDofZLzid+2f0EFOmWEejw2Y4kJbnI19eQQuFQoApG4PTAOA30WY6Hlug +-2ZGxlnAtn2yChJ21IZC5ZCtwh/PdBp9xIulmNTIEI8UIm/PmgmVt9AwZdI3rVptB +-d1YeUxPeVxXlduLe1FF8JEkzbV3HULxVGDU+tT8ORlgsVX36/5H66pSR5r+vBi1R +-reUqPQbsfheM9iyrBe+R8c0hywEjgOA= ++Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0hwQKAAAAhwQK ++AAABhwQKAAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQKAAAHhwQKAAAIhwQK ++AAAJhwQKAAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQKAAAPhwQKAAAQhwQK ++AAARhwQKAAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQKAAAXhwQKAAAYhwQK ++AAAZhwQKAAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQKAAAfhwQKAAAghwQK ++AAAhhwQKAAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQKAAAnhwQKAAAohwQK ++AAAphwQKAAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQKAAAvhwQKAAAwhwQK ++AAAxhwQKAAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQKAAA3hwQKAAA4hwQK ++AAA5hwQKAAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQKAAA/hwQKAABAhwQK ++AABBhwQKAABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQKAABHhwQKAABIhwQK ++AABJhwQKAABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQKAABPhwQKAABQhwQK ++AABRhwQKAABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQKAABXhwQKAABYhwQK ++AABZhwQKAABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQKAABfhwQKAABghwQK ++AABhhwQKAABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQKAABnhwQKAABohwQK ++AABphwQKAABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQKAABvhwQKAABwhwQK ++AABxhwQKAAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQKAAB3hwQKAAB4hwQK ++AAB5hwQKAAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQKAAB/hwQKAACAhwQK ++AACBhwQKAACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQKAACHhwQKAACIhwQK ++AACJhwQKAACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQKAACPhwQKAACQhwQK ++AACRhwQKAACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQKAACXhwQKAACYhwQK ++AACZhwQKAACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQKAACfhwQKAACghwQK ++AAChhwQKAACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQKAACnhwQKAACohwQK ++AACphwQKAACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQKAACvhwQKAACwhwQK ++AACxhwQKAACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQKAAC3hwQKAAC4hwQK ++AAC5hwQKAAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQKAAC/hwQKAADAhwQK ++AADBhwQKAADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQKAADHhwQKAADIhwQK ++AADJhwQKAADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQKAADPhwQKAADQhwQK ++AADRhwQKAADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQKAADXhwQKAADYhwQK ++AADZhwQKAADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQKAADfhwQKAADghwQK ++AADhhwQKAADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQKAADnhwQKAADohwQK ++AADphwQKAADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQKAADvhwQKAADwhwQK ++AADxhwQKAADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQKAAD3hwQKAAD4hwQK ++AAD5hwQKAAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQKAAD/hwQKAAEAhwQK ++AAEBhwQKAAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQKAAEHhwQKAAEIhwQK ++AAEJhwQKAAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQKAAEPhwQKAAEQhwQK ++AAERhwQKAAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQKAAEXhwQKAAEYhwQK ++AAEZhwQKAAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQKAAEfhwQKAAEghwQK ++AAEhhwQKAAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQKAAEnhwQKAAEohwQK ++AAEphwQKAAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQKAAEvhwQKAAEwhwQK ++AAExhwQKAAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQKAAE3hwQKAAE4hwQK ++AAE5hwQKAAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQKAAE/hwQKAAFAhwQK ++AAFBhwQKAAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQKAAFHhwQKAAFIhwQK ++AAFJhwQKAAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQKAAFPhwQKAAFQhwQK ++AAFRhwQKAAFShwQKAAFThwQKAAFUpA8wDTELMAkGA1UEAwwCdDCkDzANMQswCQYD ++VQQDDAJ0MaQPMA0xCzAJBgNVBAMMAnQypA8wDTELMAkGA1UEAwwCdDOkDzANMQsw ++CQYDVQQDDAJ0NKQPMA0xCzAJBgNVBAMMAnQ1pA8wDTELMAkGA1UEAwwCdDakDzAN ++MQswCQYDVQQDDAJ0N6QPMA0xCzAJBgNVBAMMAnQ4pA8wDTELMAkGA1UEAwwCdDmk ++EDAOMQwwCgYDVQQDDAN0MTCkEDAOMQwwCgYDVQQDDAN0MTGkEDAOMQwwCgYDVQQD ++DAN0MTKkEDAOMQwwCgYDVQQDDAN0MTOkEDAOMQwwCgYDVQQDDAN0MTSkEDAOMQww ++CgYDVQQDDAN0MTWkEDAOMQwwCgYDVQQDDAN0MTakEDAOMQwwCgYDVQQDDAN0MTek ++EDAOMQwwCgYDVQQDDAN0MTikEDAOMQwwCgYDVQQDDAN0MTmkEDAOMQwwCgYDVQQD ++DAN0MjCkEDAOMQwwCgYDVQQDDAN0MjGkEDAOMQwwCgYDVQQDDAN0MjKkEDAOMQww ++CgYDVQQDDAN0MjOkEDAOMQwwCgYDVQQDDAN0MjSkEDAOMQwwCgYDVQQDDAN0MjWk ++EDAOMQwwCgYDVQQDDAN0MjakEDAOMQwwCgYDVQQDDAN0MjekEDAOMQwwCgYDVQQD ++DAN0MjikEDAOMQwwCgYDVQQDDAN0MjmkEDAOMQwwCgYDVQQDDAN0MzCkEDAOMQww ++CgYDVQQDDAN0MzGkEDAOMQwwCgYDVQQDDAN0MzKkEDAOMQwwCgYDVQQDDAN0MzOk ++EDAOMQwwCgYDVQQDDAN0MzSkEDAOMQwwCgYDVQQDDAN0MzWkEDAOMQwwCgYDVQQD ++DAN0MzakEDAOMQwwCgYDVQQDDAN0MzekEDAOMQwwCgYDVQQDDAN0MzikEDAOMQww ++CgYDVQQDDAN0MzmkEDAOMQwwCgYDVQQDDAN0NDCkEDAOMQwwCgYDVQQDDAN0NDGk ++EDAOMQwwCgYDVQQDDAN0NDKkEDAOMQwwCgYDVQQDDAN0NDOkEDAOMQwwCgYDVQQD ++DAN0NDSkEDAOMQwwCgYDVQQDDAN0NDWkEDAOMQwwCgYDVQQDDAN0NDakEDAOMQww ++CgYDVQQDDAN0NDekEDAOMQwwCgYDVQQDDAN0NDikEDAOMQwwCgYDVQQDDAN0NDmk ++EDAOMQwwCgYDVQQDDAN0NTCkEDAOMQwwCgYDVQQDDAN0NTGkEDAOMQwwCgYDVQQD ++DAN0NTKkEDAOMQwwCgYDVQQDDAN0NTOkEDAOMQwwCgYDVQQDDAN0NTSkEDAOMQww ++CgYDVQQDDAN0NTWkEDAOMQwwCgYDVQQDDAN0NTakEDAOMQwwCgYDVQQDDAN0NTek ++EDAOMQwwCgYDVQQDDAN0NTikEDAOMQwwCgYDVQQDDAN0NTmkEDAOMQwwCgYDVQQD ++DAN0NjCkEDAOMQwwCgYDVQQDDAN0NjGkEDAOMQwwCgYDVQQDDAN0NjKkEDAOMQww ++CgYDVQQDDAN0NjOkEDAOMQwwCgYDVQQDDAN0NjSkEDAOMQwwCgYDVQQDDAN0NjWk ++EDAOMQwwCgYDVQQDDAN0NjakEDAOMQwwCgYDVQQDDAN0NjekEDAOMQwwCgYDVQQD ++DAN0NjikEDAOMQwwCgYDVQQDDAN0NjmkEDAOMQwwCgYDVQQDDAN0NzCkEDAOMQww ++CgYDVQQDDAN0NzGkEDAOMQwwCgYDVQQDDAN0NzKkEDAOMQwwCgYDVQQDDAN0NzOk ++EDAOMQwwCgYDVQQDDAN0NzSkEDAOMQwwCgYDVQQDDAN0NzWkEDAOMQwwCgYDVQQD ++DAN0NzakEDAOMQwwCgYDVQQDDAN0NzekEDAOMQwwCgYDVQQDDAN0NzikEDAOMQww ++CgYDVQQDDAN0NzmkEDAOMQwwCgYDVQQDDAN0ODCkEDAOMQwwCgYDVQQDDAN0ODGk ++EDAOMQwwCgYDVQQDDAN0ODKkEDAOMQwwCgYDVQQDDAN0ODOkEDAOMQwwCgYDVQQD ++DAN0ODSkEDAOMQwwCgYDVQQDDAN0ODWkEDAOMQwwCgYDVQQDDAN0ODakEDAOMQww ++CgYDVQQDDAN0ODekEDAOMQwwCgYDVQQDDAN0ODikEDAOMQwwCgYDVQQDDAN0ODmk ++EDAOMQwwCgYDVQQDDAN0OTCkEDAOMQwwCgYDVQQDDAN0OTGkEDAOMQwwCgYDVQQD ++DAN0OTKkEDAOMQwwCgYDVQQDDAN0OTOkEDAOMQwwCgYDVQQDDAN0OTSkEDAOMQww ++CgYDVQQDDAN0OTWkEDAOMQwwCgYDVQQDDAN0OTakEDAOMQwwCgYDVQQDDAN0OTek ++EDAOMQwwCgYDVQQDDAN0OTikEDAOMQwwCgYDVQQDDAN0OTmkETAPMQ0wCwYDVQQD ++DAR0MTAwpBEwDzENMAsGA1UEAwwEdDEwMaQRMA8xDTALBgNVBAMMBHQxMDKkETAP ++MQ0wCwYDVQQDDAR0MTAzpBEwDzENMAsGA1UEAwwEdDEwNKQRMA8xDTALBgNVBAMM ++BHQxMDWkETAPMQ0wCwYDVQQDDAR0MTA2pBEwDzENMAsGA1UEAwwEdDEwN6QRMA8x ++DTALBgNVBAMMBHQxMDikETAPMQ0wCwYDVQQDDAR0MTA5pBEwDzENMAsGA1UEAwwE ++dDExMKQRMA8xDTALBgNVBAMMBHQxMTGkETAPMQ0wCwYDVQQDDAR0MTEypBEwDzEN ++MAsGA1UEAwwEdDExM6QRMA8xDTALBgNVBAMMBHQxMTSkETAPMQ0wCwYDVQQDDAR0 ++MTE1pBEwDzENMAsGA1UEAwwEdDExNqQRMA8xDTALBgNVBAMMBHQxMTekETAPMQ0w ++CwYDVQQDDAR0MTE4pBEwDzENMAsGA1UEAwwEdDExOaQRMA8xDTALBgNVBAMMBHQx ++MjCkETAPMQ0wCwYDVQQDDAR0MTIxpBEwDzENMAsGA1UEAwwEdDEyMqQRMA8xDTAL ++BgNVBAMMBHQxMjOkETAPMQ0wCwYDVQQDDAR0MTI0pBEwDzENMAsGA1UEAwwEdDEy ++NaQRMA8xDTALBgNVBAMMBHQxMjakETAPMQ0wCwYDVQQDDAR0MTI3pBEwDzENMAsG ++A1UEAwwEdDEyOKQRMA8xDTALBgNVBAMMBHQxMjmkETAPMQ0wCwYDVQQDDAR0MTMw ++pBEwDzENMAsGA1UEAwwEdDEzMaQRMA8xDTALBgNVBAMMBHQxMzKkETAPMQ0wCwYD ++VQQDDAR0MTMzpBEwDzENMAsGA1UEAwwEdDEzNKQRMA8xDTALBgNVBAMMBHQxMzWk ++ETAPMQ0wCwYDVQQDDAR0MTM2pBEwDzENMAsGA1UEAwwEdDEzN6QRMA8xDTALBgNV ++BAMMBHQxMzikETAPMQ0wCwYDVQQDDAR0MTM5pBEwDzENMAsGA1UEAwwEdDE0MKQR ++MA8xDTALBgNVBAMMBHQxNDGkETAPMQ0wCwYDVQQDDAR0MTQypBEwDzENMAsGA1UE ++AwwEdDE0M6QRMA8xDTALBgNVBAMMBHQxNDSkETAPMQ0wCwYDVQQDDAR0MTQ1pBEw ++DzENMAsGA1UEAwwEdDE0NqQRMA8xDTALBgNVBAMMBHQxNDekETAPMQ0wCwYDVQQD ++DAR0MTQ4pBEwDzENMAsGA1UEAwwEdDE0OaQRMA8xDTALBgNVBAMMBHQxNTCkETAP ++MQ0wCwYDVQQDDAR0MTUxpBEwDzENMAsGA1UEAwwEdDE1MqQRMA8xDTALBgNVBAMM ++BHQxNTOkETAPMQ0wCwYDVQQDDAR0MTU0pBEwDzENMAsGA1UEAwwEdDE1NaQRMA8x ++DTALBgNVBAMMBHQxNTakETAPMQ0wCwYDVQQDDAR0MTU3pBEwDzENMAsGA1UEAwwE ++dDE1OKQRMA8xDTALBgNVBAMMBHQxNTmkETAPMQ0wCwYDVQQDDAR0MTYwpBEwDzEN ++MAsGA1UEAwwEdDE2MaQRMA8xDTALBgNVBAMMBHQxNjKkETAPMQ0wCwYDVQQDDAR0 ++MTYzpBEwDzENMAsGA1UEAwwEdDE2NKQRMA8xDTALBgNVBAMMBHQxNjWkETAPMQ0w ++CwYDVQQDDAR0MTY2pBEwDzENMAsGA1UEAwwEdDE2N6QRMA8xDTALBgNVBAMMBHQx ++NjikETAPMQ0wCwYDVQQDDAR0MTY5pBEwDzENMAsGA1UEAwwEdDE3MKQRMA8xDTAL ++BgNVBAMMBHQxNzGkETAPMQ0wCwYDVQQDDAR0MTcypBEwDzENMAsGA1UEAwwEdDE3 ++M6QRMA8xDTALBgNVBAMMBHQxNzSkETAPMQ0wCwYDVQQDDAR0MTc1pBEwDzENMAsG ++A1UEAwwEdDE3NqQRMA8xDTALBgNVBAMMBHQxNzekETAPMQ0wCwYDVQQDDAR0MTc4 ++pBEwDzENMAsGA1UEAwwEdDE3OaQRMA8xDTALBgNVBAMMBHQxODCkETAPMQ0wCwYD ++VQQDDAR0MTgxpBEwDzENMAsGA1UEAwwEdDE4MqQRMA8xDTALBgNVBAMMBHQxODOk ++ETAPMQ0wCwYDVQQDDAR0MTg0pBEwDzENMAsGA1UEAwwEdDE4NaQRMA8xDTALBgNV ++BAMMBHQxODakETAPMQ0wCwYDVQQDDAR0MTg3pBEwDzENMAsGA1UEAwwEdDE4OKQR ++MA8xDTALBgNVBAMMBHQxODmkETAPMQ0wCwYDVQQDDAR0MTkwpBEwDzENMAsGA1UE ++AwwEdDE5MaQRMA8xDTALBgNVBAMMBHQxOTKkETAPMQ0wCwYDVQQDDAR0MTkzpBEw ++DzENMAsGA1UEAwwEdDE5NKQRMA8xDTALBgNVBAMMBHQxOTWkETAPMQ0wCwYDVQQD ++DAR0MTk2pBEwDzENMAsGA1UEAwwEdDE5N6QRMA8xDTALBgNVBAMMBHQxOTikETAP ++MQ0wCwYDVQQDDAR0MTk5pBEwDzENMAsGA1UEAwwEdDIwMKQRMA8xDTALBgNVBAMM ++BHQyMDGkETAPMQ0wCwYDVQQDDAR0MjAypBEwDzENMAsGA1UEAwwEdDIwM6QRMA8x ++DTALBgNVBAMMBHQyMDSkETAPMQ0wCwYDVQQDDAR0MjA1pBEwDzENMAsGA1UEAwwE ++dDIwNqQRMA8xDTALBgNVBAMMBHQyMDekETAPMQ0wCwYDVQQDDAR0MjA4pBEwDzEN ++MAsGA1UEAwwEdDIwOaQRMA8xDTALBgNVBAMMBHQyMTCkETAPMQ0wCwYDVQQDDAR0 ++MjExpBEwDzENMAsGA1UEAwwEdDIxMqQRMA8xDTALBgNVBAMMBHQyMTOkETAPMQ0w ++CwYDVQQDDAR0MjE0pBEwDzENMAsGA1UEAwwEdDIxNaQRMA8xDTALBgNVBAMMBHQy ++MTakETAPMQ0wCwYDVQQDDAR0MjE3pBEwDzENMAsGA1UEAwwEdDIxOKQRMA8xDTAL ++BgNVBAMMBHQyMTmkETAPMQ0wCwYDVQQDDAR0MjIwpBEwDzENMAsGA1UEAwwEdDIy ++MaQRMA8xDTALBgNVBAMMBHQyMjKkETAPMQ0wCwYDVQQDDAR0MjIzpBEwDzENMAsG ++A1UEAwwEdDIyNKQRMA8xDTALBgNVBAMMBHQyMjWkETAPMQ0wCwYDVQQDDAR0MjI2 ++pBEwDzENMAsGA1UEAwwEdDIyN6QRMA8xDTALBgNVBAMMBHQyMjikETAPMQ0wCwYD ++VQQDDAR0MjI5pBEwDzENMAsGA1UEAwwEdDIzMKQRMA8xDTALBgNVBAMMBHQyMzGk ++ETAPMQ0wCwYDVQQDDAR0MjMypBEwDzENMAsGA1UEAwwEdDIzM6QRMA8xDTALBgNV ++BAMMBHQyMzSkETAPMQ0wCwYDVQQDDAR0MjM1pBEwDzENMAsGA1UEAwwEdDIzNqQR ++MA8xDTALBgNVBAMMBHQyMzekETAPMQ0wCwYDVQQDDAR0MjM4pBEwDzENMAsGA1UE ++AwwEdDIzOaQRMA8xDTALBgNVBAMMBHQyNDCkETAPMQ0wCwYDVQQDDAR0MjQxpBEw ++DzENMAsGA1UEAwwEdDI0MqQRMA8xDTALBgNVBAMMBHQyNDOkETAPMQ0wCwYDVQQD ++DAR0MjQ0pBEwDzENMAsGA1UEAwwEdDI0NaQRMA8xDTALBgNVBAMMBHQyNDakETAP ++MQ0wCwYDVQQDDAR0MjQ3pBEwDzENMAsGA1UEAwwEdDI0OKQRMA8xDTALBgNVBAMM ++BHQyNDmkETAPMQ0wCwYDVQQDDAR0MjUwpBEwDzENMAsGA1UEAwwEdDI1MaQRMA8x ++DTALBgNVBAMMBHQyNTKkETAPMQ0wCwYDVQQDDAR0MjUzpBEwDzENMAsGA1UEAwwE ++dDI1NKQRMA8xDTALBgNVBAMMBHQyNTWkETAPMQ0wCwYDVQQDDAR0MjU2pBEwDzEN ++MAsGA1UEAwwEdDI1N6QRMA8xDTALBgNVBAMMBHQyNTikETAPMQ0wCwYDVQQDDAR0 ++MjU5pBEwDzENMAsGA1UEAwwEdDI2MKQRMA8xDTALBgNVBAMMBHQyNjGkETAPMQ0w ++CwYDVQQDDAR0MjYypBEwDzENMAsGA1UEAwwEdDI2M6QRMA8xDTALBgNVBAMMBHQy ++NjSkETAPMQ0wCwYDVQQDDAR0MjY1pBEwDzENMAsGA1UEAwwEdDI2NqQRMA8xDTAL ++BgNVBAMMBHQyNjekETAPMQ0wCwYDVQQDDAR0MjY4pBEwDzENMAsGA1UEAwwEdDI2 ++OaQRMA8xDTALBgNVBAMMBHQyNzCkETAPMQ0wCwYDVQQDDAR0MjcxpBEwDzENMAsG ++A1UEAwwEdDI3MqQRMA8xDTALBgNVBAMMBHQyNzOkETAPMQ0wCwYDVQQDDAR0Mjc0 ++pBEwDzENMAsGA1UEAwwEdDI3NaQRMA8xDTALBgNVBAMMBHQyNzakETAPMQ0wCwYD ++VQQDDAR0Mjc3pBEwDzENMAsGA1UEAwwEdDI3OKQRMA8xDTALBgNVBAMMBHQyNzmk ++ETAPMQ0wCwYDVQQDDAR0MjgwpBEwDzENMAsGA1UEAwwEdDI4MaQRMA8xDTALBgNV ++BAMMBHQyODKkETAPMQ0wCwYDVQQDDAR0MjgzpBEwDzENMAsGA1UEAwwEdDI4NKQR ++MA8xDTALBgNVBAMMBHQyODWkETAPMQ0wCwYDVQQDDAR0Mjg2pBEwDzENMAsGA1UE ++AwwEdDI4N6QRMA8xDTALBgNVBAMMBHQyODikETAPMQ0wCwYDVQQDDAR0Mjg5pBEw ++DzENMAsGA1UEAwwEdDI5MKQRMA8xDTALBgNVBAMMBHQyOTGkETAPMQ0wCwYDVQQD ++DAR0MjkypBEwDzENMAsGA1UEAwwEdDI5M6QRMA8xDTALBgNVBAMMBHQyOTSkETAP ++MQ0wCwYDVQQDDAR0Mjk1pBEwDzENMAsGA1UEAwwEdDI5NqQRMA8xDTALBgNVBAMM ++BHQyOTekETAPMQ0wCwYDVQQDDAR0Mjk4pBEwDzENMAsGA1UEAwwEdDI5OaQRMA8x ++DTALBgNVBAMMBHQzMDCkETAPMQ0wCwYDVQQDDAR0MzAxpBEwDzENMAsGA1UEAwwE ++dDMwMqQRMA8xDTALBgNVBAMMBHQzMDOkETAPMQ0wCwYDVQQDDAR0MzA0pBEwDzEN ++MAsGA1UEAwwEdDMwNaQRMA8xDTALBgNVBAMMBHQzMDakETAPMQ0wCwYDVQQDDAR0 ++MzA3pBEwDzENMAsGA1UEAwwEdDMwOKQRMA8xDTALBgNVBAMMBHQzMDmkETAPMQ0w ++CwYDVQQDDAR0MzEwpBEwDzENMAsGA1UEAwwEdDMxMaQRMA8xDTALBgNVBAMMBHQz ++MTKkETAPMQ0wCwYDVQQDDAR0MzEzpBEwDzENMAsGA1UEAwwEdDMxNKQRMA8xDTAL ++BgNVBAMMBHQzMTWkETAPMQ0wCwYDVQQDDAR0MzE2pBEwDzENMAsGA1UEAwwEdDMx ++N6QRMA8xDTALBgNVBAMMBHQzMTikETAPMQ0wCwYDVQQDDAR0MzE5pBEwDzENMAsG ++A1UEAwwEdDMyMKQRMA8xDTALBgNVBAMMBHQzMjGkETAPMQ0wCwYDVQQDDAR0MzIy ++pBEwDzENMAsGA1UEAwwEdDMyM6QRMA8xDTALBgNVBAMMBHQzMjSkETAPMQ0wCwYD ++VQQDDAR0MzI1pBEwDzENMAsGA1UEAwwEdDMyNqQRMA8xDTALBgNVBAMMBHQzMjek ++ETAPMQ0wCwYDVQQDDAR0MzI4pBEwDzENMAsGA1UEAwwEdDMyOaQRMA8xDTALBgNV ++BAMMBHQzMzCkETAPMQ0wCwYDVQQDDAR0MzMxpBEwDzENMAsGA1UEAwwEdDMzMqQR ++MA8xDTALBgNVBAMMBHQzMzOkETAPMQ0wCwYDVQQDDAR0MzM0pBEwDzENMAsGA1UE ++AwwEdDMzNaQRMA8xDTALBgNVBAMMBHQzMzakETAPMQ0wCwYDVQQDDAR0MzM3pBEw ++DzENMAsGA1UEAwwEdDMzOKQRMA8xDTALBgNVBAMMBHQzMzmkETAPMQ0wCwYDVQQD ++DAR0MzQwpBEwDzENMAsGA1UEAwwEdDM0MYYNaHR0cDovL3Rlc3QvMIYNaHR0cDov ++L3Rlc3QvMYYNaHR0cDovL3Rlc3QvMoYNaHR0cDovL3Rlc3QvM4YNaHR0cDovL3Rl ++c3QvNIYNaHR0cDovL3Rlc3QvNYYNaHR0cDovL3Rlc3QvNoYNaHR0cDovL3Rlc3Qv ++N4YNaHR0cDovL3Rlc3QvOIYNaHR0cDovL3Rlc3QvOYYOaHR0cDovL3Rlc3QvMTCG ++Dmh0dHA6Ly90ZXN0LzExhg5odHRwOi8vdGVzdC8xMoYOaHR0cDovL3Rlc3QvMTOG ++Dmh0dHA6Ly90ZXN0LzE0hg5odHRwOi8vdGVzdC8xNYYOaHR0cDovL3Rlc3QvMTaG ++Dmh0dHA6Ly90ZXN0LzE3hg5odHRwOi8vdGVzdC8xOIYOaHR0cDovL3Rlc3QvMTmG ++Dmh0dHA6Ly90ZXN0LzIwhg5odHRwOi8vdGVzdC8yMYYOaHR0cDovL3Rlc3QvMjKG ++Dmh0dHA6Ly90ZXN0LzIzhg5odHRwOi8vdGVzdC8yNIYOaHR0cDovL3Rlc3QvMjWG ++Dmh0dHA6Ly90ZXN0LzI2hg5odHRwOi8vdGVzdC8yN4YOaHR0cDovL3Rlc3QvMjiG ++Dmh0dHA6Ly90ZXN0LzI5hg5odHRwOi8vdGVzdC8zMIYOaHR0cDovL3Rlc3QvMzGG ++Dmh0dHA6Ly90ZXN0LzMyhg5odHRwOi8vdGVzdC8zM4YOaHR0cDovL3Rlc3QvMzSG ++Dmh0dHA6Ly90ZXN0LzM1hg5odHRwOi8vdGVzdC8zNoYOaHR0cDovL3Rlc3QvMzeG ++Dmh0dHA6Ly90ZXN0LzM4hg5odHRwOi8vdGVzdC8zOYYOaHR0cDovL3Rlc3QvNDCG ++Dmh0dHA6Ly90ZXN0LzQxhg5odHRwOi8vdGVzdC80MoYOaHR0cDovL3Rlc3QvNDOG ++Dmh0dHA6Ly90ZXN0LzQ0hg5odHRwOi8vdGVzdC80NYYOaHR0cDovL3Rlc3QvNDaG ++Dmh0dHA6Ly90ZXN0LzQ3hg5odHRwOi8vdGVzdC80OIYOaHR0cDovL3Rlc3QvNDmG ++Dmh0dHA6Ly90ZXN0LzUwhg5odHRwOi8vdGVzdC81MYYOaHR0cDovL3Rlc3QvNTKG ++Dmh0dHA6Ly90ZXN0LzUzhg5odHRwOi8vdGVzdC81NIYOaHR0cDovL3Rlc3QvNTWG ++Dmh0dHA6Ly90ZXN0LzU2hg5odHRwOi8vdGVzdC81N4YOaHR0cDovL3Rlc3QvNTiG ++Dmh0dHA6Ly90ZXN0LzU5hg5odHRwOi8vdGVzdC82MIYOaHR0cDovL3Rlc3QvNjGG ++Dmh0dHA6Ly90ZXN0LzYyhg5odHRwOi8vdGVzdC82M4YOaHR0cDovL3Rlc3QvNjSG ++Dmh0dHA6Ly90ZXN0LzY1hg5odHRwOi8vdGVzdC82NoYOaHR0cDovL3Rlc3QvNjeG ++Dmh0dHA6Ly90ZXN0LzY4hg5odHRwOi8vdGVzdC82OYYOaHR0cDovL3Rlc3QvNzCG ++Dmh0dHA6Ly90ZXN0Lzcxhg5odHRwOi8vdGVzdC83MoYOaHR0cDovL3Rlc3QvNzOG ++Dmh0dHA6Ly90ZXN0Lzc0hg5odHRwOi8vdGVzdC83NYYOaHR0cDovL3Rlc3QvNzaG ++Dmh0dHA6Ly90ZXN0Lzc3hg5odHRwOi8vdGVzdC83OIYOaHR0cDovL3Rlc3QvNzmG ++Dmh0dHA6Ly90ZXN0Lzgwhg5odHRwOi8vdGVzdC84MYYOaHR0cDovL3Rlc3QvODKG ++Dmh0dHA6Ly90ZXN0Lzgzhg5odHRwOi8vdGVzdC84NIYOaHR0cDovL3Rlc3QvODWG ++Dmh0dHA6Ly90ZXN0Lzg2hg5odHRwOi8vdGVzdC84N4YOaHR0cDovL3Rlc3QvODiG ++Dmh0dHA6Ly90ZXN0Lzg5hg5odHRwOi8vdGVzdC85MIYOaHR0cDovL3Rlc3QvOTGG ++Dmh0dHA6Ly90ZXN0Lzkyhg5odHRwOi8vdGVzdC85M4YOaHR0cDovL3Rlc3QvOTSG ++Dmh0dHA6Ly90ZXN0Lzk1hg5odHRwOi8vdGVzdC85NoYOaHR0cDovL3Rlc3QvOTeG ++Dmh0dHA6Ly90ZXN0Lzk4hg5odHRwOi8vdGVzdC85OYYPaHR0cDovL3Rlc3QvMTAw ++hg9odHRwOi8vdGVzdC8xMDGGD2h0dHA6Ly90ZXN0LzEwMoYPaHR0cDovL3Rlc3Qv ++MTAzhg9odHRwOi8vdGVzdC8xMDSGD2h0dHA6Ly90ZXN0LzEwNYYPaHR0cDovL3Rl ++c3QvMTA2hg9odHRwOi8vdGVzdC8xMDeGD2h0dHA6Ly90ZXN0LzEwOIYPaHR0cDov ++L3Rlc3QvMTA5hg9odHRwOi8vdGVzdC8xMTCGD2h0dHA6Ly90ZXN0LzExMYYPaHR0 ++cDovL3Rlc3QvMTEyhg9odHRwOi8vdGVzdC8xMTOGD2h0dHA6Ly90ZXN0LzExNIYP ++aHR0cDovL3Rlc3QvMTE1hg9odHRwOi8vdGVzdC8xMTaGD2h0dHA6Ly90ZXN0LzEx ++N4YPaHR0cDovL3Rlc3QvMTE4hg9odHRwOi8vdGVzdC8xMTmGD2h0dHA6Ly90ZXN0 ++LzEyMIYPaHR0cDovL3Rlc3QvMTIxhg9odHRwOi8vdGVzdC8xMjKGD2h0dHA6Ly90 ++ZXN0LzEyM4YPaHR0cDovL3Rlc3QvMTI0hg9odHRwOi8vdGVzdC8xMjWGD2h0dHA6 ++Ly90ZXN0LzEyNoYPaHR0cDovL3Rlc3QvMTI3hg9odHRwOi8vdGVzdC8xMjiGD2h0 ++dHA6Ly90ZXN0LzEyOYYPaHR0cDovL3Rlc3QvMTMwhg9odHRwOi8vdGVzdC8xMzGG ++D2h0dHA6Ly90ZXN0LzEzMoYPaHR0cDovL3Rlc3QvMTMzhg9odHRwOi8vdGVzdC8x ++MzSGD2h0dHA6Ly90ZXN0LzEzNYYPaHR0cDovL3Rlc3QvMTM2hg9odHRwOi8vdGVz ++dC8xMzeGD2h0dHA6Ly90ZXN0LzEzOIYPaHR0cDovL3Rlc3QvMTM5hg9odHRwOi8v ++dGVzdC8xNDCGD2h0dHA6Ly90ZXN0LzE0MYYPaHR0cDovL3Rlc3QvMTQyhg9odHRw ++Oi8vdGVzdC8xNDOGD2h0dHA6Ly90ZXN0LzE0NIYPaHR0cDovL3Rlc3QvMTQ1hg9o ++dHRwOi8vdGVzdC8xNDaGD2h0dHA6Ly90ZXN0LzE0N4YPaHR0cDovL3Rlc3QvMTQ4 ++hg9odHRwOi8vdGVzdC8xNDmGD2h0dHA6Ly90ZXN0LzE1MIYPaHR0cDovL3Rlc3Qv ++MTUxhg9odHRwOi8vdGVzdC8xNTKGD2h0dHA6Ly90ZXN0LzE1M4YPaHR0cDovL3Rl ++c3QvMTU0hg9odHRwOi8vdGVzdC8xNTWGD2h0dHA6Ly90ZXN0LzE1NoYPaHR0cDov ++L3Rlc3QvMTU3hg9odHRwOi8vdGVzdC8xNTiGD2h0dHA6Ly90ZXN0LzE1OYYPaHR0 ++cDovL3Rlc3QvMTYwhg9odHRwOi8vdGVzdC8xNjGGD2h0dHA6Ly90ZXN0LzE2MoYP ++aHR0cDovL3Rlc3QvMTYzhg9odHRwOi8vdGVzdC8xNjSGD2h0dHA6Ly90ZXN0LzE2 ++NYYPaHR0cDovL3Rlc3QvMTY2hg9odHRwOi8vdGVzdC8xNjeGD2h0dHA6Ly90ZXN0 ++LzE2OIYPaHR0cDovL3Rlc3QvMTY5hg9odHRwOi8vdGVzdC8xNzCGD2h0dHA6Ly90 ++ZXN0LzE3MYYPaHR0cDovL3Rlc3QvMTcyhg9odHRwOi8vdGVzdC8xNzOGD2h0dHA6 ++Ly90ZXN0LzE3NIYPaHR0cDovL3Rlc3QvMTc1hg9odHRwOi8vdGVzdC8xNzaGD2h0 ++dHA6Ly90ZXN0LzE3N4YPaHR0cDovL3Rlc3QvMTc4hg9odHRwOi8vdGVzdC8xNzmG ++D2h0dHA6Ly90ZXN0LzE4MIYPaHR0cDovL3Rlc3QvMTgxhg9odHRwOi8vdGVzdC8x ++ODKGD2h0dHA6Ly90ZXN0LzE4M4YPaHR0cDovL3Rlc3QvMTg0hg9odHRwOi8vdGVz ++dC8xODWGD2h0dHA6Ly90ZXN0LzE4NoYPaHR0cDovL3Rlc3QvMTg3hg9odHRwOi8v ++dGVzdC8xODiGD2h0dHA6Ly90ZXN0LzE4OYYPaHR0cDovL3Rlc3QvMTkwhg9odHRw ++Oi8vdGVzdC8xOTGGD2h0dHA6Ly90ZXN0LzE5MoYPaHR0cDovL3Rlc3QvMTkzhg9o ++dHRwOi8vdGVzdC8xOTSGD2h0dHA6Ly90ZXN0LzE5NYYPaHR0cDovL3Rlc3QvMTk2 ++hg9odHRwOi8vdGVzdC8xOTeGD2h0dHA6Ly90ZXN0LzE5OIYPaHR0cDovL3Rlc3Qv ++MTk5hg9odHRwOi8vdGVzdC8yMDCGD2h0dHA6Ly90ZXN0LzIwMYYPaHR0cDovL3Rl ++c3QvMjAyhg9odHRwOi8vdGVzdC8yMDOGD2h0dHA6Ly90ZXN0LzIwNIYPaHR0cDov ++L3Rlc3QvMjA1hg9odHRwOi8vdGVzdC8yMDaGD2h0dHA6Ly90ZXN0LzIwN4YPaHR0 ++cDovL3Rlc3QvMjA4hg9odHRwOi8vdGVzdC8yMDmGD2h0dHA6Ly90ZXN0LzIxMIYP ++aHR0cDovL3Rlc3QvMjExhg9odHRwOi8vdGVzdC8yMTKGD2h0dHA6Ly90ZXN0LzIx ++M4YPaHR0cDovL3Rlc3QvMjE0hg9odHRwOi8vdGVzdC8yMTWGD2h0dHA6Ly90ZXN0 ++LzIxNoYPaHR0cDovL3Rlc3QvMjE3hg9odHRwOi8vdGVzdC8yMTiGD2h0dHA6Ly90 ++ZXN0LzIxOYYPaHR0cDovL3Rlc3QvMjIwhg9odHRwOi8vdGVzdC8yMjGGD2h0dHA6 ++Ly90ZXN0LzIyMoYPaHR0cDovL3Rlc3QvMjIzhg9odHRwOi8vdGVzdC8yMjSGD2h0 ++dHA6Ly90ZXN0LzIyNYYPaHR0cDovL3Rlc3QvMjI2hg9odHRwOi8vdGVzdC8yMjeG ++D2h0dHA6Ly90ZXN0LzIyOIYPaHR0cDovL3Rlc3QvMjI5hg9odHRwOi8vdGVzdC8y ++MzCGD2h0dHA6Ly90ZXN0LzIzMYYPaHR0cDovL3Rlc3QvMjMyhg9odHRwOi8vdGVz ++dC8yMzOGD2h0dHA6Ly90ZXN0LzIzNIYPaHR0cDovL3Rlc3QvMjM1hg9odHRwOi8v ++dGVzdC8yMzaGD2h0dHA6Ly90ZXN0LzIzN4YPaHR0cDovL3Rlc3QvMjM4hg9odHRw ++Oi8vdGVzdC8yMzmGD2h0dHA6Ly90ZXN0LzI0MIYPaHR0cDovL3Rlc3QvMjQxhg9o ++dHRwOi8vdGVzdC8yNDKGD2h0dHA6Ly90ZXN0LzI0M4YPaHR0cDovL3Rlc3QvMjQ0 ++hg9odHRwOi8vdGVzdC8yNDWGD2h0dHA6Ly90ZXN0LzI0NoYPaHR0cDovL3Rlc3Qv ++MjQ3hg9odHRwOi8vdGVzdC8yNDiGD2h0dHA6Ly90ZXN0LzI0OYYPaHR0cDovL3Rl ++c3QvMjUwhg9odHRwOi8vdGVzdC8yNTGGD2h0dHA6Ly90ZXN0LzI1MoYPaHR0cDov ++L3Rlc3QvMjUzhg9odHRwOi8vdGVzdC8yNTSGD2h0dHA6Ly90ZXN0LzI1NYYPaHR0 ++cDovL3Rlc3QvMjU2hg9odHRwOi8vdGVzdC8yNTeGD2h0dHA6Ly90ZXN0LzI1OIYP ++aHR0cDovL3Rlc3QvMjU5hg9odHRwOi8vdGVzdC8yNjCGD2h0dHA6Ly90ZXN0LzI2 ++MYYPaHR0cDovL3Rlc3QvMjYyhg9odHRwOi8vdGVzdC8yNjOGD2h0dHA6Ly90ZXN0 ++LzI2NIYPaHR0cDovL3Rlc3QvMjY1hg9odHRwOi8vdGVzdC8yNjaGD2h0dHA6Ly90 ++ZXN0LzI2N4YPaHR0cDovL3Rlc3QvMjY4hg9odHRwOi8vdGVzdC8yNjmGD2h0dHA6 ++Ly90ZXN0LzI3MIYPaHR0cDovL3Rlc3QvMjcxhg9odHRwOi8vdGVzdC8yNzKGD2h0 ++dHA6Ly90ZXN0LzI3M4YPaHR0cDovL3Rlc3QvMjc0hg9odHRwOi8vdGVzdC8yNzWG ++D2h0dHA6Ly90ZXN0LzI3NoYPaHR0cDovL3Rlc3QvMjc3hg9odHRwOi8vdGVzdC8y ++NziGD2h0dHA6Ly90ZXN0LzI3OYYPaHR0cDovL3Rlc3QvMjgwhg9odHRwOi8vdGVz ++dC8yODGGD2h0dHA6Ly90ZXN0LzI4MoYPaHR0cDovL3Rlc3QvMjgzhg9odHRwOi8v ++dGVzdC8yODSGD2h0dHA6Ly90ZXN0LzI4NYYPaHR0cDovL3Rlc3QvMjg2hg9odHRw ++Oi8vdGVzdC8yODeGD2h0dHA6Ly90ZXN0LzI4OIYPaHR0cDovL3Rlc3QvMjg5hg9o ++dHRwOi8vdGVzdC8yOTCGD2h0dHA6Ly90ZXN0LzI5MYYPaHR0cDovL3Rlc3QvMjky ++hg9odHRwOi8vdGVzdC8yOTOGD2h0dHA6Ly90ZXN0LzI5NIYPaHR0cDovL3Rlc3Qv ++Mjk1hg9odHRwOi8vdGVzdC8yOTaGD2h0dHA6Ly90ZXN0LzI5N4YPaHR0cDovL3Rl ++c3QvMjk4hg9odHRwOi8vdGVzdC8yOTmGD2h0dHA6Ly90ZXN0LzMwMIYPaHR0cDov ++L3Rlc3QvMzAxhg9odHRwOi8vdGVzdC8zMDKGD2h0dHA6Ly90ZXN0LzMwM4YPaHR0 ++cDovL3Rlc3QvMzA0hg9odHRwOi8vdGVzdC8zMDWGD2h0dHA6Ly90ZXN0LzMwNoYP ++aHR0cDovL3Rlc3QvMzA3hg9odHRwOi8vdGVzdC8zMDiGD2h0dHA6Ly90ZXN0LzMw ++OYYPaHR0cDovL3Rlc3QvMzEwhg9odHRwOi8vdGVzdC8zMTGGD2h0dHA6Ly90ZXN0 ++LzMxMoYPaHR0cDovL3Rlc3QvMzEzhg9odHRwOi8vdGVzdC8zMTSGD2h0dHA6Ly90 ++ZXN0LzMxNYYPaHR0cDovL3Rlc3QvMzE2hg9odHRwOi8vdGVzdC8zMTeGD2h0dHA6 ++Ly90ZXN0LzMxOIYPaHR0cDovL3Rlc3QvMzE5hg9odHRwOi8vdGVzdC8zMjCGD2h0 ++dHA6Ly90ZXN0LzMyMYYPaHR0cDovL3Rlc3QvMzIyhg9odHRwOi8vdGVzdC8zMjOG ++D2h0dHA6Ly90ZXN0LzMyNIYPaHR0cDovL3Rlc3QvMzI1hg9odHRwOi8vdGVzdC8z ++MjaGD2h0dHA6Ly90ZXN0LzMyN4YPaHR0cDovL3Rlc3QvMzI4hg9odHRwOi8vdGVz ++dC8zMjmGD2h0dHA6Ly90ZXN0LzMzMIYPaHR0cDovL3Rlc3QvMzMxhg9odHRwOi8v ++dGVzdC8zMzKGD2h0dHA6Ly90ZXN0LzMzM4YPaHR0cDovL3Rlc3QvMzM0hg9odHRw ++Oi8vdGVzdC8zMzWGD2h0dHA6Ly90ZXN0LzMzNoYPaHR0cDovL3Rlc3QvMzM3hg9o ++dHRwOi8vdGVzdC8zMziGD2h0dHA6Ly90ZXN0LzMzOYYPaHR0cDovL3Rlc3QvMzQw ++hg9odHRwOi8vdGVzdC8zNDGGD2h0dHA6Ly90ZXN0LzM0MoYPaHR0cDovL3Rlc3Qv ++MzQzhg9odHRwOi8vdGVzdC8zNDSGD2h0dHA6Ly90ZXN0LzM0NYYPaHR0cDovL3Rl ++c3QvMzQ2hg9odHRwOi8vdGVzdC8zNDeGD2h0dHA6Ly90ZXN0LzM0OIYPaHR0cDov ++L3Rlc3QvMzQ5hg9odHRwOi8vdGVzdC8zNTCGD2h0dHA6Ly90ZXN0LzM1MYYPaHR0 ++cDovL3Rlc3QvMzUyhg9odHRwOi8vdGVzdC8zNTOGD2h0dHA6Ly90ZXN0LzM1NIYP ++aHR0cDovL3Rlc3QvMzU1hg9odHRwOi8vdGVzdC8zNTaGD2h0dHA6Ly90ZXN0LzM1 ++N4YPaHR0cDovL3Rlc3QvMzU4hg9odHRwOi8vdGVzdC8zNTmGD2h0dHA6Ly90ZXN0 ++LzM2MIYPaHR0cDovL3Rlc3QvMzYxhg9odHRwOi8vdGVzdC8zNjKGD2h0dHA6Ly90 ++ZXN0LzM2M4YPaHR0cDovL3Rlc3QvMzY0hg9odHRwOi8vdGVzdC8zNjWGD2h0dHA6 ++Ly90ZXN0LzM2NoYPaHR0cDovL3Rlc3QvMzY3hg9odHRwOi8vdGVzdC8zNjiGD2h0 ++dHA6Ly90ZXN0LzM2OYYPaHR0cDovL3Rlc3QvMzcwhg9odHRwOi8vdGVzdC8zNzGG ++D2h0dHA6Ly90ZXN0LzM3MoYPaHR0cDovL3Rlc3QvMzczhg9odHRwOi8vdGVzdC8z ++NzSGD2h0dHA6Ly90ZXN0LzM3NYYPaHR0cDovL3Rlc3QvMzc2hg9odHRwOi8vdGVz ++dC8zNzeGD2h0dHA6Ly90ZXN0LzM3OIYPaHR0cDovL3Rlc3QvMzc5hg9odHRwOi8v ++dGVzdC8zODCGD2h0dHA6Ly90ZXN0LzM4MYYPaHR0cDovL3Rlc3QvMzgyhg9odHRw ++Oi8vdGVzdC8zODOGD2h0dHA6Ly90ZXN0LzM4NIYPaHR0cDovL3Rlc3QvMzg1hg9o ++dHRwOi8vdGVzdC8zODaGD2h0dHA6Ly90ZXN0LzM4N4YPaHR0cDovL3Rlc3QvMzg4 ++hg9odHRwOi8vdGVzdC8zODmGD2h0dHA6Ly90ZXN0LzM5MIYPaHR0cDovL3Rlc3Qv ++Mzkxhg9odHRwOi8vdGVzdC8zOTKGD2h0dHA6Ly90ZXN0LzM5M4YPaHR0cDovL3Rl ++c3QvMzk0hg9odHRwOi8vdGVzdC8zOTWGD2h0dHA6Ly90ZXN0LzM5NoYPaHR0cDov ++L3Rlc3QvMzk3hg9odHRwOi8vdGVzdC8zOTiGD2h0dHA6Ly90ZXN0LzM5OYYPaHR0 ++cDovL3Rlc3QvNDAwhg9odHRwOi8vdGVzdC80MDGGD2h0dHA6Ly90ZXN0LzQwMoYP ++aHR0cDovL3Rlc3QvNDAzhg9odHRwOi8vdGVzdC80MDSGD2h0dHA6Ly90ZXN0LzQw ++NYYPaHR0cDovL3Rlc3QvNDA2hg9odHRwOi8vdGVzdC80MDeGD2h0dHA6Ly90ZXN0 ++LzQwOIYPaHR0cDovL3Rlc3QvNDA5hg9odHRwOi8vdGVzdC80MTCGD2h0dHA6Ly90 ++ZXN0LzQxMYYPaHR0cDovL3Rlc3QvNDEyhg9odHRwOi8vdGVzdC80MTOGD2h0dHA6 ++Ly90ZXN0LzQxNIYPaHR0cDovL3Rlc3QvNDE1hg9odHRwOi8vdGVzdC80MTaGD2h0 ++dHA6Ly90ZXN0LzQxN4YPaHR0cDovL3Rlc3QvNDE4hg9odHRwOi8vdGVzdC80MTmG ++D2h0dHA6Ly90ZXN0LzQyMIYPaHR0cDovL3Rlc3QvNDIxhg9odHRwOi8vdGVzdC80 ++MjKGD2h0dHA6Ly90ZXN0LzQyM4YPaHR0cDovL3Rlc3QvNDI0hg9odHRwOi8vdGVz ++dC80MjWGD2h0dHA6Ly90ZXN0LzQyNoYPaHR0cDovL3Rlc3QvNDI3hg9odHRwOi8v ++dGVzdC80MjiGD2h0dHA6Ly90ZXN0LzQyOYYPaHR0cDovL3Rlc3QvNDMwhg9odHRw ++Oi8vdGVzdC80MzGGD2h0dHA6Ly90ZXN0LzQzMoYPaHR0cDovL3Rlc3QvNDMzhg9o ++dHRwOi8vdGVzdC80MzSGD2h0dHA6Ly90ZXN0LzQzNYYPaHR0cDovL3Rlc3QvNDM2 ++hg9odHRwOi8vdGVzdC80MzeGD2h0dHA6Ly90ZXN0LzQzOIYPaHR0cDovL3Rlc3Qv ++NDM5hg9odHRwOi8vdGVzdC80NDCGD2h0dHA6Ly90ZXN0LzQ0MYYPaHR0cDovL3Rl ++c3QvNDQyhg9odHRwOi8vdGVzdC80NDOGD2h0dHA6Ly90ZXN0LzQ0NIYPaHR0cDov ++L3Rlc3QvNDQ1hg9odHRwOi8vdGVzdC80NDaGD2h0dHA6Ly90ZXN0LzQ0N4YPaHR0 ++cDovL3Rlc3QvNDQ4hg9odHRwOi8vdGVzdC80NDmGD2h0dHA6Ly90ZXN0LzQ1MIYP ++aHR0cDovL3Rlc3QvNDUxhg9odHRwOi8vdGVzdC80NTKGD2h0dHA6Ly90ZXN0LzQ1 ++M4YPaHR0cDovL3Rlc3QvNDU0hg9odHRwOi8vdGVzdC80NTWGD2h0dHA6Ly90ZXN0 ++LzQ1NoYPaHR0cDovL3Rlc3QvNDU3hg9odHRwOi8vdGVzdC80NTiGD2h0dHA6Ly90 ++ZXN0LzQ1OYYPaHR0cDovL3Rlc3QvNDYwhg9odHRwOi8vdGVzdC80NjGGD2h0dHA6 ++Ly90ZXN0LzQ2MoYPaHR0cDovL3Rlc3QvNDYzhg9odHRwOi8vdGVzdC80NjSGD2h0 ++dHA6Ly90ZXN0LzQ2NYYPaHR0cDovL3Rlc3QvNDY2hg9odHRwOi8vdGVzdC80NjeG ++D2h0dHA6Ly90ZXN0LzQ2OIYPaHR0cDovL3Rlc3QvNDY5hg9odHRwOi8vdGVzdC80 ++NzCGD2h0dHA6Ly90ZXN0LzQ3MYYPaHR0cDovL3Rlc3QvNDcyhg9odHRwOi8vdGVz ++dC80NzOGD2h0dHA6Ly90ZXN0LzQ3NIYPaHR0cDovL3Rlc3QvNDc1hg9odHRwOi8v ++dGVzdC80NzaGD2h0dHA6Ly90ZXN0LzQ3N4YPaHR0cDovL3Rlc3QvNDc4hg9odHRw ++Oi8vdGVzdC80NzmGD2h0dHA6Ly90ZXN0LzQ4MIYPaHR0cDovL3Rlc3QvNDgxhg9o ++dHRwOi8vdGVzdC80ODKGD2h0dHA6Ly90ZXN0LzQ4M4YPaHR0cDovL3Rlc3QvNDg0 ++hg9odHRwOi8vdGVzdC80ODWGD2h0dHA6Ly90ZXN0LzQ4NoYPaHR0cDovL3Rlc3Qv ++NDg3hg9odHRwOi8vdGVzdC80ODiGD2h0dHA6Ly90ZXN0LzQ4OYYPaHR0cDovL3Rl ++c3QvNDkwhg9odHRwOi8vdGVzdC80OTGGD2h0dHA6Ly90ZXN0LzQ5MoYPaHR0cDov ++L3Rlc3QvNDkzhg9odHRwOi8vdGVzdC80OTSGD2h0dHA6Ly90ZXN0LzQ5NYYPaHR0 ++cDovL3Rlc3QvNDk2hg9odHRwOi8vdGVzdC80OTeGD2h0dHA6Ly90ZXN0LzQ5OIYP ++aHR0cDovL3Rlc3QvNDk5hg9odHRwOi8vdGVzdC81MDCGD2h0dHA6Ly90ZXN0LzUw ++MYYPaHR0cDovL3Rlc3QvNTAyhg9odHRwOi8vdGVzdC81MDOGD2h0dHA6Ly90ZXN0 ++LzUwNIYPaHR0cDovL3Rlc3QvNTA1hg9odHRwOi8vdGVzdC81MDaGD2h0dHA6Ly90 ++ZXN0LzUwN4YPaHR0cDovL3Rlc3QvNTA4hg9odHRwOi8vdGVzdC81MDmGD2h0dHA6 ++Ly90ZXN0LzUxMIYPaHR0cDovL3Rlc3QvNTExhg9odHRwOi8vdGVzdC81MTKGD2h0 ++dHA6Ly90ZXN0LzUxM4YPaHR0cDovL3Rlc3QvNTE0hg9odHRwOi8vdGVzdC81MTWG ++D2h0dHA6Ly90ZXN0LzUxNoYPaHR0cDovL3Rlc3QvNTE3hg9odHRwOi8vdGVzdC81 ++MTiGD2h0dHA6Ly90ZXN0LzUxOYYPaHR0cDovL3Rlc3QvNTIwhg9odHRwOi8vdGVz ++dC81MjGGD2h0dHA6Ly90ZXN0LzUyMoYPaHR0cDovL3Rlc3QvNTIzhg9odHRwOi8v ++dGVzdC81MjSGD2h0dHA6Ly90ZXN0LzUyNYYPaHR0cDovL3Rlc3QvNTI2hg9odHRw ++Oi8vdGVzdC81MjeGD2h0dHA6Ly90ZXN0LzUyOIYPaHR0cDovL3Rlc3QvNTI5hg9o ++dHRwOi8vdGVzdC81MzCGD2h0dHA6Ly90ZXN0LzUzMYYPaHR0cDovL3Rlc3QvNTMy ++hg9odHRwOi8vdGVzdC81MzOGD2h0dHA6Ly90ZXN0LzUzNIYPaHR0cDovL3Rlc3Qv ++NTM1hg9odHRwOi8vdGVzdC81MzaGD2h0dHA6Ly90ZXN0LzUzN4YPaHR0cDovL3Rl ++c3QvNTM4hg9odHRwOi8vdGVzdC81MzmGD2h0dHA6Ly90ZXN0LzU0MIYPaHR0cDov ++L3Rlc3QvNTQxhg9odHRwOi8vdGVzdC81NDKGD2h0dHA6Ly90ZXN0LzU0M4YPaHR0 ++cDovL3Rlc3QvNTQ0hg9odHRwOi8vdGVzdC81NDWGD2h0dHA6Ly90ZXN0LzU0NoYP ++aHR0cDovL3Rlc3QvNTQ3hg9odHRwOi8vdGVzdC81NDiGD2h0dHA6Ly90ZXN0LzU0 ++OYYPaHR0cDovL3Rlc3QvNTUwhg9odHRwOi8vdGVzdC81NTGGD2h0dHA6Ly90ZXN0 ++LzU1MoYPaHR0cDovL3Rlc3QvNTUzhg9odHRwOi8vdGVzdC81NTSGD2h0dHA6Ly90 ++ZXN0LzU1NYYPaHR0cDovL3Rlc3QvNTU2hg9odHRwOi8vdGVzdC81NTeGD2h0dHA6 ++Ly90ZXN0LzU1OIYPaHR0cDovL3Rlc3QvNTU5hg9odHRwOi8vdGVzdC81NjCGD2h0 ++dHA6Ly90ZXN0LzU2MYYPaHR0cDovL3Rlc3QvNTYyhg9odHRwOi8vdGVzdC81NjOG ++D2h0dHA6Ly90ZXN0LzU2NIYPaHR0cDovL3Rlc3QvNTY1hg9odHRwOi8vdGVzdC81 ++NjaGD2h0dHA6Ly90ZXN0LzU2N4YPaHR0cDovL3Rlc3QvNTY4hg9odHRwOi8vdGVz ++dC81NjmGD2h0dHA6Ly90ZXN0LzU3MIYPaHR0cDovL3Rlc3QvNTcxhg9odHRwOi8v ++dGVzdC81NzKGD2h0dHA6Ly90ZXN0LzU3M4YPaHR0cDovL3Rlc3QvNTc0hg9odHRw ++Oi8vdGVzdC81NzWGD2h0dHA6Ly90ZXN0LzU3NoYPaHR0cDovL3Rlc3QvNTc3hg9o ++dHRwOi8vdGVzdC81NziGD2h0dHA6Ly90ZXN0LzU3OYYPaHR0cDovL3Rlc3QvNTgw ++hg9odHRwOi8vdGVzdC81ODGGD2h0dHA6Ly90ZXN0LzU4MoYPaHR0cDovL3Rlc3Qv ++NTgzhg9odHRwOi8vdGVzdC81ODSGD2h0dHA6Ly90ZXN0LzU4NYYPaHR0cDovL3Rl ++c3QvNTg2hg9odHRwOi8vdGVzdC81ODeGD2h0dHA6Ly90ZXN0LzU4OIYPaHR0cDov ++L3Rlc3QvNTg5hg9odHRwOi8vdGVzdC81OTCGD2h0dHA6Ly90ZXN0LzU5MYYPaHR0 ++cDovL3Rlc3QvNTkyhg9odHRwOi8vdGVzdC81OTOGD2h0dHA6Ly90ZXN0LzU5NIYP ++aHR0cDovL3Rlc3QvNTk1hg9odHRwOi8vdGVzdC81OTaGD2h0dHA6Ly90ZXN0LzU5 ++N4YPaHR0cDovL3Rlc3QvNTk4hg9odHRwOi8vdGVzdC81OTmGD2h0dHA6Ly90ZXN0 ++LzYwMIYPaHR0cDovL3Rlc3QvNjAxhg9odHRwOi8vdGVzdC82MDKGD2h0dHA6Ly90 ++ZXN0LzYwM4YPaHR0cDovL3Rlc3QvNjA0hg9odHRwOi8vdGVzdC82MDWGD2h0dHA6 ++Ly90ZXN0LzYwNoYPaHR0cDovL3Rlc3QvNjA3hg9odHRwOi8vdGVzdC82MDiGD2h0 ++dHA6Ly90ZXN0LzYwOYYPaHR0cDovL3Rlc3QvNjEwhg9odHRwOi8vdGVzdC82MTGG ++D2h0dHA6Ly90ZXN0LzYxMoYPaHR0cDovL3Rlc3QvNjEzhg9odHRwOi8vdGVzdC82 ++MTSGD2h0dHA6Ly90ZXN0LzYxNYYPaHR0cDovL3Rlc3QvNjE2hg9odHRwOi8vdGVz ++dC82MTeGD2h0dHA6Ly90ZXN0LzYxOIYPaHR0cDovL3Rlc3QvNjE5hg9odHRwOi8v ++dGVzdC82MjCGD2h0dHA6Ly90ZXN0LzYyMYYPaHR0cDovL3Rlc3QvNjIyhg9odHRw ++Oi8vdGVzdC82MjOGD2h0dHA6Ly90ZXN0LzYyNIYPaHR0cDovL3Rlc3QvNjI1hg9o ++dHRwOi8vdGVzdC82MjaGD2h0dHA6Ly90ZXN0LzYyN4YPaHR0cDovL3Rlc3QvNjI4 ++hg9odHRwOi8vdGVzdC82MjmGD2h0dHA6Ly90ZXN0LzYzMIYPaHR0cDovL3Rlc3Qv ++NjMxhg9odHRwOi8vdGVzdC82MzKGD2h0dHA6Ly90ZXN0LzYzM4YPaHR0cDovL3Rl ++c3QvNjM0hg9odHRwOi8vdGVzdC82MzWGD2h0dHA6Ly90ZXN0LzYzNoYPaHR0cDov ++L3Rlc3QvNjM3hg9odHRwOi8vdGVzdC82MziGD2h0dHA6Ly90ZXN0LzYzOYYPaHR0 ++cDovL3Rlc3QvNjQwhg9odHRwOi8vdGVzdC82NDGGD2h0dHA6Ly90ZXN0LzY0MoYP ++aHR0cDovL3Rlc3QvNjQzhg9odHRwOi8vdGVzdC82NDSGD2h0dHA6Ly90ZXN0LzY0 ++NYYPaHR0cDovL3Rlc3QvNjQ2hg9odHRwOi8vdGVzdC82NDeGD2h0dHA6Ly90ZXN0 ++LzY0OIYPaHR0cDovL3Rlc3QvNjQ5hg9odHRwOi8vdGVzdC82NTCGD2h0dHA6Ly90 ++ZXN0LzY1MYYPaHR0cDovL3Rlc3QvNjUyhg9odHRwOi8vdGVzdC82NTOGD2h0dHA6 ++Ly90ZXN0LzY1NIYPaHR0cDovL3Rlc3QvNjU1hg9odHRwOi8vdGVzdC82NTaGD2h0 ++dHA6Ly90ZXN0LzY1N4YPaHR0cDovL3Rlc3QvNjU4hg9odHRwOi8vdGVzdC82NTmG ++D2h0dHA6Ly90ZXN0LzY2MIYPaHR0cDovL3Rlc3QvNjYxhg9odHRwOi8vdGVzdC82 ++NjKGD2h0dHA6Ly90ZXN0LzY2M4YPaHR0cDovL3Rlc3QvNjY0hg9odHRwOi8vdGVz ++dC82NjWGD2h0dHA6Ly90ZXN0LzY2NoYPaHR0cDovL3Rlc3QvNjY3hg9odHRwOi8v ++dGVzdC82NjiGD2h0dHA6Ly90ZXN0LzY2OYYPaHR0cDovL3Rlc3QvNjcwhg9odHRw ++Oi8vdGVzdC82NzGGD2h0dHA6Ly90ZXN0LzY3MoYPaHR0cDovL3Rlc3QvNjczhg9o ++dHRwOi8vdGVzdC82NzSGD2h0dHA6Ly90ZXN0LzY3NYYPaHR0cDovL3Rlc3QvNjc2 ++hg9odHRwOi8vdGVzdC82NzeGD2h0dHA6Ly90ZXN0LzY3OIYPaHR0cDovL3Rlc3Qv ++Njc5hg9odHRwOi8vdGVzdC82ODCGD2h0dHA6Ly90ZXN0LzY4MYYPaHR0cDovL3Rl ++c3QvNjgyhg9odHRwOi8vdGVzdC82ODOGD2h0dHA6Ly90ZXN0LzY4NIYPaHR0cDov ++L3Rlc3QvNjg1hg9odHRwOi8vdGVzdC82ODaGD2h0dHA6Ly90ZXN0LzY4N4YPaHR0 ++cDovL3Rlc3QvNjg4hg9odHRwOi8vdGVzdC82ODmGD2h0dHA6Ly90ZXN0LzY5MIYP ++aHR0cDovL3Rlc3QvNjkxhg9odHRwOi8vdGVzdC82OTKGD2h0dHA6Ly90ZXN0LzY5 ++M4YPaHR0cDovL3Rlc3QvNjk0hg9odHRwOi8vdGVzdC82OTWGD2h0dHA6Ly90ZXN0 ++LzY5NoYPaHR0cDovL3Rlc3QvNjk3hg9odHRwOi8vdGVzdC82OTiGD2h0dHA6Ly90 ++ZXN0LzY5OYYPaHR0cDovL3Rlc3QvNzAwhg9odHRwOi8vdGVzdC83MDGGD2h0dHA6 ++Ly90ZXN0LzcwMoYPaHR0cDovL3Rlc3QvNzAzhg9odHRwOi8vdGVzdC83MDSGD2h0 ++dHA6Ly90ZXN0LzcwNYYPaHR0cDovL3Rlc3QvNzA2hg9odHRwOi8vdGVzdC83MDeG ++D2h0dHA6Ly90ZXN0LzcwOIYPaHR0cDovL3Rlc3QvNzA5hg9odHRwOi8vdGVzdC83 ++MTCGD2h0dHA6Ly90ZXN0LzcxMYYPaHR0cDovL3Rlc3QvNzEyhg9odHRwOi8vdGVz ++dC83MTOGD2h0dHA6Ly90ZXN0LzcxNIYPaHR0cDovL3Rlc3QvNzE1hg9odHRwOi8v ++dGVzdC83MTaGD2h0dHA6Ly90ZXN0LzcxN4YPaHR0cDovL3Rlc3QvNzE4hg9odHRw ++Oi8vdGVzdC83MTmGD2h0dHA6Ly90ZXN0LzcyMIYPaHR0cDovL3Rlc3QvNzIxhg9o ++dHRwOi8vdGVzdC83MjKGD2h0dHA6Ly90ZXN0LzcyM4YPaHR0cDovL3Rlc3QvNzI0 ++hg9odHRwOi8vdGVzdC83MjWGD2h0dHA6Ly90ZXN0LzcyNoYPaHR0cDovL3Rlc3Qv ++NzI3hg9odHRwOi8vdGVzdC83MjiGD2h0dHA6Ly90ZXN0LzcyOYYPaHR0cDovL3Rl ++c3QvNzMwhg9odHRwOi8vdGVzdC83MzGGD2h0dHA6Ly90ZXN0LzczMoYPaHR0cDov ++L3Rlc3QvNzMzhg9odHRwOi8vdGVzdC83MzSGD2h0dHA6Ly90ZXN0LzczNYYPaHR0 ++cDovL3Rlc3QvNzM2hg9odHRwOi8vdGVzdC83MzeGD2h0dHA6Ly90ZXN0LzczOIYP ++aHR0cDovL3Rlc3QvNzM5hg9odHRwOi8vdGVzdC83NDCGD2h0dHA6Ly90ZXN0Lzc0 ++MYYPaHR0cDovL3Rlc3QvNzQyhg9odHRwOi8vdGVzdC83NDOGD2h0dHA6Ly90ZXN0 ++Lzc0NIYPaHR0cDovL3Rlc3QvNzQ1hg9odHRwOi8vdGVzdC83NDaGD2h0dHA6Ly90 ++ZXN0Lzc0N4YPaHR0cDovL3Rlc3QvNzQ4hg9odHRwOi8vdGVzdC83NDmGD2h0dHA6 ++Ly90ZXN0Lzc1MIYPaHR0cDovL3Rlc3QvNzUxhg9odHRwOi8vdGVzdC83NTKGD2h0 ++dHA6Ly90ZXN0Lzc1M4YPaHR0cDovL3Rlc3QvNzU0hg9odHRwOi8vdGVzdC83NTWG ++D2h0dHA6Ly90ZXN0Lzc1NoYPaHR0cDovL3Rlc3QvNzU3hg9odHRwOi8vdGVzdC83 ++NTiGD2h0dHA6Ly90ZXN0Lzc1OYYPaHR0cDovL3Rlc3QvNzYwhg9odHRwOi8vdGVz ++dC83NjGGD2h0dHA6Ly90ZXN0Lzc2MoYPaHR0cDovL3Rlc3QvNzYzhg9odHRwOi8v ++dGVzdC83NjSGD2h0dHA6Ly90ZXN0Lzc2NYYPaHR0cDovL3Rlc3QvNzY2hg9odHRw ++Oi8vdGVzdC83NjeGD2h0dHA6Ly90ZXN0Lzc2OIYPaHR0cDovL3Rlc3QvNzY5hg9o ++dHRwOi8vdGVzdC83NzCGD2h0dHA6Ly90ZXN0Lzc3MYYPaHR0cDovL3Rlc3QvNzcy ++hg9odHRwOi8vdGVzdC83NzOGD2h0dHA6Ly90ZXN0Lzc3NIYPaHR0cDovL3Rlc3Qv ++Nzc1hg9odHRwOi8vdGVzdC83NzaGD2h0dHA6Ly90ZXN0Lzc3N4YPaHR0cDovL3Rl ++c3QvNzc4hg9odHRwOi8vdGVzdC83NzmGD2h0dHA6Ly90ZXN0Lzc4MIYPaHR0cDov ++L3Rlc3QvNzgxhg9odHRwOi8vdGVzdC83ODKGD2h0dHA6Ly90ZXN0Lzc4M4YPaHR0 ++cDovL3Rlc3QvNzg0hg9odHRwOi8vdGVzdC83ODWGD2h0dHA6Ly90ZXN0Lzc4NoYP ++aHR0cDovL3Rlc3QvNzg3hg9odHRwOi8vdGVzdC83ODiGD2h0dHA6Ly90ZXN0Lzc4 ++OYYPaHR0cDovL3Rlc3QvNzkwhg9odHRwOi8vdGVzdC83OTGGD2h0dHA6Ly90ZXN0 ++Lzc5MoYPaHR0cDovL3Rlc3QvNzkzhg9odHRwOi8vdGVzdC83OTSGD2h0dHA6Ly90 ++ZXN0Lzc5NYYPaHR0cDovL3Rlc3QvNzk2hg9odHRwOi8vdGVzdC83OTeGD2h0dHA6 ++Ly90ZXN0Lzc5OIYPaHR0cDovL3Rlc3QvNzk5hg9odHRwOi8vdGVzdC84MDCGD2h0 ++dHA6Ly90ZXN0LzgwMYYPaHR0cDovL3Rlc3QvODAyhg9odHRwOi8vdGVzdC84MDOG ++D2h0dHA6Ly90ZXN0LzgwNIYPaHR0cDovL3Rlc3QvODA1hg9odHRwOi8vdGVzdC84 ++MDaGD2h0dHA6Ly90ZXN0LzgwN4YPaHR0cDovL3Rlc3QvODA4hg9odHRwOi8vdGVz ++dC84MDmGD2h0dHA6Ly90ZXN0LzgxMIYPaHR0cDovL3Rlc3QvODExhg9odHRwOi8v ++dGVzdC84MTKGD2h0dHA6Ly90ZXN0LzgxM4YPaHR0cDovL3Rlc3QvODE0hg9odHRw ++Oi8vdGVzdC84MTWGD2h0dHA6Ly90ZXN0LzgxNoYPaHR0cDovL3Rlc3QvODE3hg9o ++dHRwOi8vdGVzdC84MTiGD2h0dHA6Ly90ZXN0LzgxOYYPaHR0cDovL3Rlc3QvODIw ++hg9odHRwOi8vdGVzdC84MjGGD2h0dHA6Ly90ZXN0LzgyMoYPaHR0cDovL3Rlc3Qv ++ODIzhg9odHRwOi8vdGVzdC84MjSGD2h0dHA6Ly90ZXN0LzgyNYYPaHR0cDovL3Rl ++c3QvODI2hg9odHRwOi8vdGVzdC84MjeGD2h0dHA6Ly90ZXN0LzgyOIYPaHR0cDov ++L3Rlc3QvODI5hg9odHRwOi8vdGVzdC84MzCGD2h0dHA6Ly90ZXN0LzgzMYYPaHR0 ++cDovL3Rlc3QvODMyhg9odHRwOi8vdGVzdC84MzOGD2h0dHA6Ly90ZXN0LzgzNIYP ++aHR0cDovL3Rlc3QvODM1hg9odHRwOi8vdGVzdC84MzaGD2h0dHA6Ly90ZXN0Lzgz ++N4YPaHR0cDovL3Rlc3QvODM4hg9odHRwOi8vdGVzdC84MzmGD2h0dHA6Ly90ZXN0 ++Lzg0MIYPaHR0cDovL3Rlc3QvODQxhg9odHRwOi8vdGVzdC84NDKGD2h0dHA6Ly90 ++ZXN0Lzg0M4YPaHR0cDovL3Rlc3QvODQ0hg9odHRwOi8vdGVzdC84NDWGD2h0dHA6 ++Ly90ZXN0Lzg0NoYPaHR0cDovL3Rlc3QvODQ3hg9odHRwOi8vdGVzdC84NDiGD2h0 ++dHA6Ly90ZXN0Lzg0OYYPaHR0cDovL3Rlc3QvODUwhg9odHRwOi8vdGVzdC84NTGG ++D2h0dHA6Ly90ZXN0Lzg1MoYPaHR0cDovL3Rlc3QvODUzhg9odHRwOi8vdGVzdC84 ++NTSGD2h0dHA6Ly90ZXN0Lzg1NYYPaHR0cDovL3Rlc3QvODU2hg9odHRwOi8vdGVz ++dC84NTeGD2h0dHA6Ly90ZXN0Lzg1OIYPaHR0cDovL3Rlc3QvODU5hg9odHRwOi8v ++dGVzdC84NjCGD2h0dHA6Ly90ZXN0Lzg2MYYPaHR0cDovL3Rlc3QvODYyhg9odHRw ++Oi8vdGVzdC84NjOGD2h0dHA6Ly90ZXN0Lzg2NIYPaHR0cDovL3Rlc3QvODY1hg9o ++dHRwOi8vdGVzdC84NjaGD2h0dHA6Ly90ZXN0Lzg2N4YPaHR0cDovL3Rlc3QvODY4 ++hg9odHRwOi8vdGVzdC84NjmGD2h0dHA6Ly90ZXN0Lzg3MIYPaHR0cDovL3Rlc3Qv ++ODcxhg9odHRwOi8vdGVzdC84NzKGD2h0dHA6Ly90ZXN0Lzg3M4YPaHR0cDovL3Rl ++c3QvODc0hg9odHRwOi8vdGVzdC84NzWGD2h0dHA6Ly90ZXN0Lzg3NoYPaHR0cDov ++L3Rlc3QvODc3hg9odHRwOi8vdGVzdC84NziGD2h0dHA6Ly90ZXN0Lzg3OYYPaHR0 ++cDovL3Rlc3QvODgwhg9odHRwOi8vdGVzdC84ODGGD2h0dHA6Ly90ZXN0Lzg4MoYP ++aHR0cDovL3Rlc3QvODgzhg9odHRwOi8vdGVzdC84ODSGD2h0dHA6Ly90ZXN0Lzg4 ++NYYPaHR0cDovL3Rlc3QvODg2hg9odHRwOi8vdGVzdC84ODeGD2h0dHA6Ly90ZXN0 ++Lzg4OIYPaHR0cDovL3Rlc3QvODg5hg9odHRwOi8vdGVzdC84OTCGD2h0dHA6Ly90 ++ZXN0Lzg5MYYPaHR0cDovL3Rlc3QvODkyhg9odHRwOi8vdGVzdC84OTOGD2h0dHA6 ++Ly90ZXN0Lzg5NIYPaHR0cDovL3Rlc3QvODk1hg9odHRwOi8vdGVzdC84OTaGD2h0 ++dHA6Ly90ZXN0Lzg5N4YPaHR0cDovL3Rlc3QvODk4hg9odHRwOi8vdGVzdC84OTmG ++D2h0dHA6Ly90ZXN0LzkwMIYPaHR0cDovL3Rlc3QvOTAxhg9odHRwOi8vdGVzdC85 ++MDKGD2h0dHA6Ly90ZXN0LzkwM4YPaHR0cDovL3Rlc3QvOTA0hg9odHRwOi8vdGVz ++dC85MDWGD2h0dHA6Ly90ZXN0LzkwNoYPaHR0cDovL3Rlc3QvOTA3hg9odHRwOi8v ++dGVzdC85MDiGD2h0dHA6Ly90ZXN0LzkwOYYPaHR0cDovL3Rlc3QvOTEwhg9odHRw ++Oi8vdGVzdC85MTGGD2h0dHA6Ly90ZXN0LzkxMoYPaHR0cDovL3Rlc3QvOTEzhg9o ++dHRwOi8vdGVzdC85MTSGD2h0dHA6Ly90ZXN0LzkxNYYPaHR0cDovL3Rlc3QvOTE2 ++hg9odHRwOi8vdGVzdC85MTeGD2h0dHA6Ly90ZXN0LzkxOIYPaHR0cDovL3Rlc3Qv ++OTE5hg9odHRwOi8vdGVzdC85MjCGD2h0dHA6Ly90ZXN0LzkyMYYPaHR0cDovL3Rl ++c3QvOTIyhg9odHRwOi8vdGVzdC85MjOGD2h0dHA6Ly90ZXN0LzkyNIYPaHR0cDov ++L3Rlc3QvOTI1hg9odHRwOi8vdGVzdC85MjaGD2h0dHA6Ly90ZXN0LzkyN4YPaHR0 ++cDovL3Rlc3QvOTI4hg9odHRwOi8vdGVzdC85MjmGD2h0dHA6Ly90ZXN0LzkzMIYP ++aHR0cDovL3Rlc3QvOTMxhg9odHRwOi8vdGVzdC85MzKGD2h0dHA6Ly90ZXN0Lzkz ++M4YPaHR0cDovL3Rlc3QvOTM0hg9odHRwOi8vdGVzdC85MzWGD2h0dHA6Ly90ZXN0 ++LzkzNoYPaHR0cDovL3Rlc3QvOTM3hg9odHRwOi8vdGVzdC85MziGD2h0dHA6Ly90 ++ZXN0LzkzOYYPaHR0cDovL3Rlc3QvOTQwhg9odHRwOi8vdGVzdC85NDGGD2h0dHA6 ++Ly90ZXN0Lzk0MoYPaHR0cDovL3Rlc3QvOTQzhg9odHRwOi8vdGVzdC85NDSGD2h0 ++dHA6Ly90ZXN0Lzk0NYYPaHR0cDovL3Rlc3QvOTQ2hg9odHRwOi8vdGVzdC85NDeG ++D2h0dHA6Ly90ZXN0Lzk0OIYPaHR0cDovL3Rlc3QvOTQ5hg9odHRwOi8vdGVzdC85 ++NTCGD2h0dHA6Ly90ZXN0Lzk1MYYPaHR0cDovL3Rlc3QvOTUyhg9odHRwOi8vdGVz ++dC85NTOGD2h0dHA6Ly90ZXN0Lzk1NIYPaHR0cDovL3Rlc3QvOTU1hg9odHRwOi8v ++dGVzdC85NTaGD2h0dHA6Ly90ZXN0Lzk1N4YPaHR0cDovL3Rlc3QvOTU4hg9odHRw ++Oi8vdGVzdC85NTmGD2h0dHA6Ly90ZXN0Lzk2MIYPaHR0cDovL3Rlc3QvOTYxhg9o ++dHRwOi8vdGVzdC85NjKGD2h0dHA6Ly90ZXN0Lzk2M4YPaHR0cDovL3Rlc3QvOTY0 ++hg9odHRwOi8vdGVzdC85NjWGD2h0dHA6Ly90ZXN0Lzk2NoYPaHR0cDovL3Rlc3Qv ++OTY3hg9odHRwOi8vdGVzdC85NjiGD2h0dHA6Ly90ZXN0Lzk2OYYPaHR0cDovL3Rl ++c3QvOTcwhg9odHRwOi8vdGVzdC85NzGGD2h0dHA6Ly90ZXN0Lzk3MoYPaHR0cDov ++L3Rlc3QvOTczhg9odHRwOi8vdGVzdC85NzSGD2h0dHA6Ly90ZXN0Lzk3NYYPaHR0 ++cDovL3Rlc3QvOTc2hg9odHRwOi8vdGVzdC85NzeGD2h0dHA6Ly90ZXN0Lzk3OIYP ++aHR0cDovL3Rlc3QvOTc5hg9odHRwOi8vdGVzdC85ODCGD2h0dHA6Ly90ZXN0Lzk4 ++MYYPaHR0cDovL3Rlc3QvOTgyhg9odHRwOi8vdGVzdC85ODOGD2h0dHA6Ly90ZXN0 ++Lzk4NIYPaHR0cDovL3Rlc3QvOTg1hg9odHRwOi8vdGVzdC85ODaGD2h0dHA6Ly90 ++ZXN0Lzk4N4YPaHR0cDovL3Rlc3QvOTg4hg9odHRwOi8vdGVzdC85ODmGD2h0dHA6 ++Ly90ZXN0Lzk5MIYPaHR0cDovL3Rlc3QvOTkxhg9odHRwOi8vdGVzdC85OTKGD2h0 ++dHA6Ly90ZXN0Lzk5M4YPaHR0cDovL3Rlc3QvOTk0hg9odHRwOi8vdGVzdC85OTWG ++D2h0dHA6Ly90ZXN0Lzk5NoYPaHR0cDovL3Rlc3QvOTk3hg9odHRwOi8vdGVzdC85 ++OTiGD2h0dHA6Ly90ZXN0Lzk5OYYQaHR0cDovL3Rlc3QvMTAwMIYQaHR0cDovL3Rl ++c3QvMTAwMYYQaHR0cDovL3Rlc3QvMTAwMoYQaHR0cDovL3Rlc3QvMTAwM4YQaHR0 ++cDovL3Rlc3QvMTAwNIYQaHR0cDovL3Rlc3QvMTAwNYYQaHR0cDovL3Rlc3QvMTAw ++NoYQaHR0cDovL3Rlc3QvMTAwN4YQaHR0cDovL3Rlc3QvMTAwOIYQaHR0cDovL3Rl ++c3QvMTAwOYYQaHR0cDovL3Rlc3QvMTAxMIYQaHR0cDovL3Rlc3QvMTAxMYYQaHR0 ++cDovL3Rlc3QvMTAxMoYQaHR0cDovL3Rlc3QvMTAxM4YQaHR0cDovL3Rlc3QvMTAx ++NIYQaHR0cDovL3Rlc3QvMTAxNYYQaHR0cDovL3Rlc3QvMTAxNoYQaHR0cDovL3Rl ++c3QvMTAxN4YQaHR0cDovL3Rlc3QvMTAxOIYQaHR0cDovL3Rlc3QvMTAxOYYQaHR0 ++cDovL3Rlc3QvMTAyMIYQaHR0cDovL3Rlc3QvMTAyMYYQaHR0cDovL3Rlc3QvMTAy ++MoYQaHR0cDovL3Rlc3QvMTAyM4YQaHR0cDovL3Rlc3QvMTAyNDANBgkqhkiG9w0B ++AQsFAAOCAQEACAB/4EB10kM2P+Nsz8FKabIMG6ioa3ru7dAt7uJS2SofXawp9RLi ++rzvboG06tAnvdvpSaF8HX5+kUo8d2tq2k1SHR9A8Zn7/G+Me2lJMAEZbDOueuF4e ++2/fO3SwPTiMdY5jt5RjoBJyhHs1Y3glDTb+NS22OMummU0AXDOJZQ1UtP6uvqhNI ++rACsW98WxyAq6lDveXjJNNXFf48n0FpCOugTAVG8o7lTbx3kc1KN8Mec0UYZqihj ++PsxKX2MNHShL4LQ3g9uFjISGfjcVqO2oANoUl/3xyOpuOrcZwW9Tawv/KWAwfbY1 ++1rhYb1UyGMZEwwjYxJUle7oTBCY0fNQOoQ== + -----END CERTIFICATE----- + + Certificate: +@@ -771,7 +714,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f6 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -991,253 +934,6 @@ Certificate: + DNS:t168.test + DNS:t169.test + DNS:t170.test +- DNS:t171.test +- DNS:t172.test +- DNS:t173.test +- DNS:t174.test +- DNS:t175.test +- DNS:t176.test +- DNS:t177.test +- DNS:t178.test +- DNS:t179.test +- DNS:t180.test +- DNS:t181.test +- DNS:t182.test +- DNS:t183.test +- DNS:t184.test +- DNS:t185.test +- DNS:t186.test +- DNS:t187.test +- DNS:t188.test +- DNS:t189.test +- DNS:t190.test +- DNS:t191.test +- DNS:t192.test +- DNS:t193.test +- DNS:t194.test +- DNS:t195.test +- DNS:t196.test +- DNS:t197.test +- DNS:t198.test +- DNS:t199.test +- DNS:t200.test +- DNS:t201.test +- DNS:t202.test +- DNS:t203.test +- DNS:t204.test +- DNS:t205.test +- DNS:t206.test +- DNS:t207.test +- DNS:t208.test +- DNS:t209.test +- DNS:t210.test +- DNS:t211.test +- DNS:t212.test +- DNS:t213.test +- DNS:t214.test +- DNS:t215.test +- DNS:t216.test +- DNS:t217.test +- DNS:t218.test +- DNS:t219.test +- DNS:t220.test +- DNS:t221.test +- DNS:t222.test +- DNS:t223.test +- DNS:t224.test +- DNS:t225.test +- DNS:t226.test +- DNS:t227.test +- DNS:t228.test +- DNS:t229.test +- DNS:t230.test +- DNS:t231.test +- DNS:t232.test +- DNS:t233.test +- DNS:t234.test +- DNS:t235.test +- DNS:t236.test +- DNS:t237.test +- DNS:t238.test +- DNS:t239.test +- DNS:t240.test +- DNS:t241.test +- DNS:t242.test +- DNS:t243.test +- DNS:t244.test +- DNS:t245.test +- DNS:t246.test +- DNS:t247.test +- DNS:t248.test +- DNS:t249.test +- DNS:t250.test +- DNS:t251.test +- DNS:t252.test +- DNS:t253.test +- DNS:t254.test +- DNS:t255.test +- DNS:t256.test +- DNS:t257.test +- DNS:t258.test +- DNS:t259.test +- DNS:t260.test +- DNS:t261.test +- DNS:t262.test +- DNS:t263.test +- DNS:t264.test +- DNS:t265.test +- DNS:t266.test +- DNS:t267.test +- DNS:t268.test +- DNS:t269.test +- DNS:t270.test +- DNS:t271.test +- DNS:t272.test +- DNS:t273.test +- DNS:t274.test +- DNS:t275.test +- DNS:t276.test +- DNS:t277.test +- DNS:t278.test +- DNS:t279.test +- DNS:t280.test +- DNS:t281.test +- DNS:t282.test +- DNS:t283.test +- DNS:t284.test +- DNS:t285.test +- DNS:t286.test +- DNS:t287.test +- DNS:t288.test +- DNS:t289.test +- DNS:t290.test +- DNS:t291.test +- DNS:t292.test +- DNS:t293.test +- DNS:t294.test +- DNS:t295.test +- DNS:t296.test +- DNS:t297.test +- DNS:t298.test +- DNS:t299.test +- DNS:t300.test +- DNS:t301.test +- DNS:t302.test +- DNS:t303.test +- DNS:t304.test +- DNS:t305.test +- DNS:t306.test +- DNS:t307.test +- DNS:t308.test +- DNS:t309.test +- DNS:t310.test +- DNS:t311.test +- DNS:t312.test +- DNS:t313.test +- DNS:t314.test +- DNS:t315.test +- DNS:t316.test +- DNS:t317.test +- DNS:t318.test +- DNS:t319.test +- DNS:t320.test +- DNS:t321.test +- DNS:t322.test +- DNS:t323.test +- DNS:t324.test +- DNS:t325.test +- DNS:t326.test +- DNS:t327.test +- DNS:t328.test +- DNS:t329.test +- DNS:t330.test +- DNS:t331.test +- DNS:t332.test +- DNS:t333.test +- DNS:t334.test +- DNS:t335.test +- DNS:t336.test +- DNS:t337.test +- DNS:t338.test +- DNS:t339.test +- DNS:t340.test +- DNS:t341.test +- DNS:t342.test +- DNS:t343.test +- DNS:t344.test +- DNS:t345.test +- DNS:t346.test +- DNS:t347.test +- DNS:t348.test +- DNS:t349.test +- DNS:t350.test +- DNS:t351.test +- DNS:t352.test +- DNS:t353.test +- DNS:t354.test +- DNS:t355.test +- DNS:t356.test +- DNS:t357.test +- DNS:t358.test +- DNS:t359.test +- DNS:t360.test +- DNS:t361.test +- DNS:t362.test +- DNS:t363.test +- DNS:t364.test +- DNS:t365.test +- DNS:t366.test +- DNS:t367.test +- DNS:t368.test +- DNS:t369.test +- DNS:t370.test +- DNS:t371.test +- DNS:t372.test +- DNS:t373.test +- DNS:t374.test +- DNS:t375.test +- DNS:t376.test +- DNS:t377.test +- DNS:t378.test +- DNS:t379.test +- DNS:t380.test +- DNS:t381.test +- DNS:t382.test +- DNS:t383.test +- DNS:t384.test +- DNS:t385.test +- DNS:t386.test +- DNS:t387.test +- DNS:t388.test +- DNS:t389.test +- DNS:t390.test +- DNS:t391.test +- DNS:t392.test +- DNS:t393.test +- DNS:t394.test +- DNS:t395.test +- DNS:t396.test +- DNS:t397.test +- DNS:t398.test +- DNS:t399.test +- DNS:t400.test +- DNS:t401.test +- DNS:t402.test +- DNS:t403.test +- DNS:t404.test +- DNS:t405.test +- DNS:t406.test +- DNS:t407.test +- DNS:t408.test +- DNS:t409.test +- DNS:t410.test +- DNS:t411.test +- DNS:t412.test +- DNS:t413.test +- DNS:t414.test +- DNS:t415.test +- DNS:t416.test +- DNS:t417.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 +@@ -1409,671 +1105,178 @@ Certificate: + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 +- IP:10.0.0.171/255.255.255.255 +- IP:10.0.0.172/255.255.255.255 +- IP:10.0.0.173/255.255.255.255 +- IP:10.0.0.174/255.255.255.255 +- IP:10.0.0.175/255.255.255.255 +- IP:10.0.0.176/255.255.255.255 +- IP:10.0.0.177/255.255.255.255 +- IP:10.0.0.178/255.255.255.255 +- IP:10.0.0.179/255.255.255.255 +- IP:10.0.0.180/255.255.255.255 +- IP:10.0.0.181/255.255.255.255 +- IP:10.0.0.182/255.255.255.255 +- IP:10.0.0.183/255.255.255.255 +- IP:10.0.0.184/255.255.255.255 +- IP:10.0.0.185/255.255.255.255 +- IP:10.0.0.186/255.255.255.255 +- IP:10.0.0.187/255.255.255.255 +- IP:10.0.0.188/255.255.255.255 +- IP:10.0.0.189/255.255.255.255 +- IP:10.0.0.190/255.255.255.255 +- IP:10.0.0.191/255.255.255.255 +- IP:10.0.0.192/255.255.255.255 +- IP:10.0.0.193/255.255.255.255 +- IP:10.0.0.194/255.255.255.255 +- IP:10.0.0.195/255.255.255.255 +- IP:10.0.0.196/255.255.255.255 +- IP:10.0.0.197/255.255.255.255 +- IP:10.0.0.198/255.255.255.255 +- IP:10.0.0.199/255.255.255.255 +- IP:10.0.0.200/255.255.255.255 +- IP:10.0.0.201/255.255.255.255 +- IP:10.0.0.202/255.255.255.255 +- IP:10.0.0.203/255.255.255.255 +- IP:10.0.0.204/255.255.255.255 +- IP:10.0.0.205/255.255.255.255 +- IP:10.0.0.206/255.255.255.255 +- IP:10.0.0.207/255.255.255.255 +- IP:10.0.0.208/255.255.255.255 +- IP:10.0.0.209/255.255.255.255 +- IP:10.0.0.210/255.255.255.255 +- IP:10.0.0.211/255.255.255.255 +- IP:10.0.0.212/255.255.255.255 +- IP:10.0.0.213/255.255.255.255 +- IP:10.0.0.214/255.255.255.255 +- IP:10.0.0.215/255.255.255.255 +- IP:10.0.0.216/255.255.255.255 +- IP:10.0.0.217/255.255.255.255 +- IP:10.0.0.218/255.255.255.255 +- IP:10.0.0.219/255.255.255.255 +- IP:10.0.0.220/255.255.255.255 +- IP:10.0.0.221/255.255.255.255 +- IP:10.0.0.222/255.255.255.255 +- IP:10.0.0.223/255.255.255.255 +- IP:10.0.0.224/255.255.255.255 +- IP:10.0.0.225/255.255.255.255 +- IP:10.0.0.226/255.255.255.255 +- IP:10.0.0.227/255.255.255.255 +- IP:10.0.0.228/255.255.255.255 +- IP:10.0.0.229/255.255.255.255 +- IP:10.0.0.230/255.255.255.255 +- IP:10.0.0.231/255.255.255.255 +- IP:10.0.0.232/255.255.255.255 +- IP:10.0.0.233/255.255.255.255 +- IP:10.0.0.234/255.255.255.255 +- IP:10.0.0.235/255.255.255.255 +- IP:10.0.0.236/255.255.255.255 +- IP:10.0.0.237/255.255.255.255 +- IP:10.0.0.238/255.255.255.255 +- IP:10.0.0.239/255.255.255.255 +- IP:10.0.0.240/255.255.255.255 +- IP:10.0.0.241/255.255.255.255 +- IP:10.0.0.242/255.255.255.255 +- IP:10.0.0.243/255.255.255.255 +- IP:10.0.0.244/255.255.255.255 +- IP:10.0.0.245/255.255.255.255 +- IP:10.0.0.246/255.255.255.255 +- IP:10.0.0.247/255.255.255.255 +- IP:10.0.0.248/255.255.255.255 +- IP:10.0.0.249/255.255.255.255 +- IP:10.0.0.250/255.255.255.255 +- IP:10.0.0.251/255.255.255.255 +- IP:10.0.0.252/255.255.255.255 +- IP:10.0.0.253/255.255.255.255 +- IP:10.0.0.254/255.255.255.255 +- IP:10.0.0.255/255.255.255.255 +- IP:10.0.1.0/255.255.255.255 +- IP:10.0.1.1/255.255.255.255 +- IP:10.0.1.2/255.255.255.255 +- IP:10.0.1.3/255.255.255.255 +- IP:10.0.1.4/255.255.255.255 +- IP:10.0.1.5/255.255.255.255 +- IP:10.0.1.6/255.255.255.255 +- IP:10.0.1.7/255.255.255.255 +- IP:10.0.1.8/255.255.255.255 +- IP:10.0.1.9/255.255.255.255 +- IP:10.0.1.10/255.255.255.255 +- IP:10.0.1.11/255.255.255.255 +- IP:10.0.1.12/255.255.255.255 +- IP:10.0.1.13/255.255.255.255 +- IP:10.0.1.14/255.255.255.255 +- IP:10.0.1.15/255.255.255.255 +- IP:10.0.1.16/255.255.255.255 +- IP:10.0.1.17/255.255.255.255 +- IP:10.0.1.18/255.255.255.255 +- IP:10.0.1.19/255.255.255.255 +- IP:10.0.1.20/255.255.255.255 +- IP:10.0.1.21/255.255.255.255 +- IP:10.0.1.22/255.255.255.255 +- IP:10.0.1.23/255.255.255.255 +- IP:10.0.1.24/255.255.255.255 +- IP:10.0.1.25/255.255.255.255 +- IP:10.0.1.26/255.255.255.255 +- IP:10.0.1.27/255.255.255.255 +- IP:10.0.1.28/255.255.255.255 +- IP:10.0.1.29/255.255.255.255 +- IP:10.0.1.30/255.255.255.255 +- IP:10.0.1.31/255.255.255.255 +- IP:10.0.1.32/255.255.255.255 +- IP:10.0.1.33/255.255.255.255 +- IP:10.0.1.34/255.255.255.255 +- IP:10.0.1.35/255.255.255.255 +- IP:10.0.1.36/255.255.255.255 +- IP:10.0.1.37/255.255.255.255 +- IP:10.0.1.38/255.255.255.255 +- IP:10.0.1.39/255.255.255.255 +- IP:10.0.1.40/255.255.255.255 +- IP:10.0.1.41/255.255.255.255 +- IP:10.0.1.42/255.255.255.255 +- IP:10.0.1.43/255.255.255.255 +- IP:10.0.1.44/255.255.255.255 +- IP:10.0.1.45/255.255.255.255 +- IP:10.0.1.46/255.255.255.255 +- IP:10.0.1.47/255.255.255.255 +- IP:10.0.1.48/255.255.255.255 +- IP:10.0.1.49/255.255.255.255 +- IP:10.0.1.50/255.255.255.255 +- IP:10.0.1.51/255.255.255.255 +- IP:10.0.1.52/255.255.255.255 +- IP:10.0.1.53/255.255.255.255 +- IP:10.0.1.54/255.255.255.255 +- IP:10.0.1.55/255.255.255.255 +- IP:10.0.1.56/255.255.255.255 +- IP:10.0.1.57/255.255.255.255 +- IP:10.0.1.58/255.255.255.255 +- IP:10.0.1.59/255.255.255.255 +- IP:10.0.1.60/255.255.255.255 +- IP:10.0.1.61/255.255.255.255 +- IP:10.0.1.62/255.255.255.255 +- IP:10.0.1.63/255.255.255.255 +- IP:10.0.1.64/255.255.255.255 +- IP:10.0.1.65/255.255.255.255 +- IP:10.0.1.66/255.255.255.255 +- IP:10.0.1.67/255.255.255.255 +- IP:10.0.1.68/255.255.255.255 +- IP:10.0.1.69/255.255.255.255 +- IP:10.0.1.70/255.255.255.255 +- IP:10.0.1.71/255.255.255.255 +- IP:10.0.1.72/255.255.255.255 +- IP:10.0.1.73/255.255.255.255 +- IP:10.0.1.74/255.255.255.255 +- IP:10.0.1.75/255.255.255.255 +- IP:10.0.1.76/255.255.255.255 +- IP:10.0.1.77/255.255.255.255 +- IP:10.0.1.78/255.255.255.255 +- IP:10.0.1.79/255.255.255.255 +- IP:10.0.1.80/255.255.255.255 +- IP:10.0.1.81/255.255.255.255 +- IP:10.0.1.82/255.255.255.255 +- IP:10.0.1.83/255.255.255.255 +- IP:10.0.1.84/255.255.255.255 +- IP:10.0.1.85/255.255.255.255 +- IP:10.0.1.86/255.255.255.255 +- IP:10.0.1.87/255.255.255.255 +- IP:10.0.1.88/255.255.255.255 +- IP:10.0.1.89/255.255.255.255 +- IP:10.0.1.90/255.255.255.255 +- IP:10.0.1.91/255.255.255.255 +- IP:10.0.1.92/255.255.255.255 +- IP:10.0.1.93/255.255.255.255 +- IP:10.0.1.94/255.255.255.255 +- IP:10.0.1.95/255.255.255.255 +- IP:10.0.1.96/255.255.255.255 +- IP:10.0.1.97/255.255.255.255 +- IP:10.0.1.98/255.255.255.255 +- IP:10.0.1.99/255.255.255.255 +- IP:10.0.1.100/255.255.255.255 +- IP:10.0.1.101/255.255.255.255 +- IP:10.0.1.102/255.255.255.255 +- IP:10.0.1.103/255.255.255.255 +- IP:10.0.1.104/255.255.255.255 +- IP:10.0.1.105/255.255.255.255 +- IP:10.0.1.106/255.255.255.255 +- IP:10.0.1.107/255.255.255.255 +- IP:10.0.1.108/255.255.255.255 +- IP:10.0.1.109/255.255.255.255 +- IP:10.0.1.110/255.255.255.255 +- IP:10.0.1.111/255.255.255.255 +- IP:10.0.1.112/255.255.255.255 +- IP:10.0.1.113/255.255.255.255 +- IP:10.0.1.114/255.255.255.255 +- IP:10.0.1.115/255.255.255.255 +- IP:10.0.1.116/255.255.255.255 +- IP:10.0.1.117/255.255.255.255 +- IP:10.0.1.118/255.255.255.255 +- IP:10.0.1.119/255.255.255.255 +- IP:10.0.1.120/255.255.255.255 +- IP:10.0.1.121/255.255.255.255 +- IP:10.0.1.122/255.255.255.255 +- IP:10.0.1.123/255.255.255.255 +- IP:10.0.1.124/255.255.255.255 +- IP:10.0.1.125/255.255.255.255 +- IP:10.0.1.126/255.255.255.255 +- IP:10.0.1.127/255.255.255.255 +- IP:10.0.1.128/255.255.255.255 +- IP:10.0.1.129/255.255.255.255 +- IP:10.0.1.130/255.255.255.255 +- IP:10.0.1.131/255.255.255.255 +- IP:10.0.1.132/255.255.255.255 +- IP:10.0.1.133/255.255.255.255 +- IP:10.0.1.134/255.255.255.255 +- IP:10.0.1.135/255.255.255.255 +- IP:10.0.1.136/255.255.255.255 +- IP:10.0.1.137/255.255.255.255 +- IP:10.0.1.138/255.255.255.255 +- IP:10.0.1.139/255.255.255.255 +- IP:10.0.1.140/255.255.255.255 +- IP:10.0.1.141/255.255.255.255 +- IP:10.0.1.142/255.255.255.255 +- IP:10.0.1.143/255.255.255.255 +- IP:10.0.1.144/255.255.255.255 +- IP:10.0.1.145/255.255.255.255 +- IP:10.0.1.146/255.255.255.255 +- IP:10.0.1.147/255.255.255.255 +- IP:10.0.1.148/255.255.255.255 +- IP:10.0.1.149/255.255.255.255 +- IP:10.0.1.150/255.255.255.255 +- IP:10.0.1.151/255.255.255.255 +- IP:10.0.1.152/255.255.255.255 +- IP:10.0.1.153/255.255.255.255 +- IP:10.0.1.154/255.255.255.255 +- IP:10.0.1.155/255.255.255.255 +- IP:10.0.1.156/255.255.255.255 +- IP:10.0.1.157/255.255.255.255 +- IP:10.0.1.158/255.255.255.255 +- IP:10.0.1.159/255.255.255.255 +- IP:10.0.1.160/255.255.255.255 +- IP:10.0.1.161/255.255.255.255 +- DirName:CN = t0 +- DirName:CN = t1 +- DirName:CN = t2 +- DirName:CN = t3 +- DirName:CN = t4 +- DirName:CN = t5 +- DirName:CN = t6 +- DirName:CN = t7 +- DirName:CN = t8 +- DirName:CN = t9 +- DirName:CN = t10 +- DirName:CN = t11 +- DirName:CN = t12 +- DirName:CN = t13 +- DirName:CN = t14 +- DirName:CN = t15 +- DirName:CN = t16 +- DirName:CN = t17 +- DirName:CN = t18 +- DirName:CN = t19 +- DirName:CN = t20 +- DirName:CN = t21 +- DirName:CN = t22 +- DirName:CN = t23 +- DirName:CN = t24 +- DirName:CN = t25 +- DirName:CN = t26 +- DirName:CN = t27 +- DirName:CN = t28 +- DirName:CN = t29 +- DirName:CN = t30 +- DirName:CN = t31 +- DirName:CN = t32 +- DirName:CN = t33 +- DirName:CN = t34 +- DirName:CN = t35 +- DirName:CN = t36 +- DirName:CN = t37 +- DirName:CN = t38 +- DirName:CN = t39 +- DirName:CN = t40 +- DirName:CN = t41 +- DirName:CN = t42 +- DirName:CN = t43 +- DirName:CN = t44 +- DirName:CN = t45 +- DirName:CN = t46 +- DirName:CN = t47 +- DirName:CN = t48 +- DirName:CN = t49 +- DirName:CN = t50 +- DirName:CN = t51 +- DirName:CN = t52 +- DirName:CN = t53 +- DirName:CN = t54 +- DirName:CN = t55 +- DirName:CN = t56 +- DirName:CN = t57 +- DirName:CN = t58 +- DirName:CN = t59 +- DirName:CN = t60 +- DirName:CN = t61 +- DirName:CN = t62 +- DirName:CN = t63 +- DirName:CN = t64 +- DirName:CN = t65 +- DirName:CN = t66 +- DirName:CN = t67 +- DirName:CN = t68 +- DirName:CN = t69 +- DirName:CN = t70 +- DirName:CN = t71 +- DirName:CN = t72 +- DirName:CN = t73 +- DirName:CN = t74 +- DirName:CN = t75 +- DirName:CN = t76 +- DirName:CN = t77 +- DirName:CN = t78 +- DirName:CN = t79 +- DirName:CN = t80 +- DirName:CN = t81 +- DirName:CN = t82 +- DirName:CN = t83 +- DirName:CN = t84 +- DirName:CN = t85 +- DirName:CN = t86 +- DirName:CN = t87 +- DirName:CN = t88 +- DirName:CN = t89 +- DirName:CN = t90 +- DirName:CN = t91 +- DirName:CN = t92 +- DirName:CN = t93 +- DirName:CN = t94 +- DirName:CN = t95 +- DirName:CN = t96 +- DirName:CN = t97 +- DirName:CN = t98 +- DirName:CN = t99 +- DirName:CN = t100 +- DirName:CN = t101 +- DirName:CN = t102 +- DirName:CN = t103 +- DirName:CN = t104 +- DirName:CN = t105 +- DirName:CN = t106 +- DirName:CN = t107 +- DirName:CN = t108 +- DirName:CN = t109 +- DirName:CN = t110 +- DirName:CN = t111 +- DirName:CN = t112 +- DirName:CN = t113 +- DirName:CN = t114 +- DirName:CN = t115 +- DirName:CN = t116 +- DirName:CN = t117 +- DirName:CN = t118 +- DirName:CN = t119 +- DirName:CN = t120 +- DirName:CN = t121 +- DirName:CN = t122 +- DirName:CN = t123 +- DirName:CN = t124 +- DirName:CN = t125 +- DirName:CN = t126 +- DirName:CN = t127 +- DirName:CN = t128 +- DirName:CN = t129 +- DirName:CN = t130 +- DirName:CN = t131 +- DirName:CN = t132 +- DirName:CN = t133 +- DirName:CN = t134 +- DirName:CN = t135 +- DirName:CN = t136 +- DirName:CN = t137 +- DirName:CN = t138 +- DirName:CN = t139 +- DirName:CN = t140 +- DirName:CN = t141 +- DirName:CN = t142 +- DirName:CN = t143 +- DirName:CN = t144 +- DirName:CN = t145 +- DirName:CN = t146 +- DirName:CN = t147 +- DirName:CN = t148 +- DirName:CN = t149 +- DirName:CN = t150 +- DirName:CN = t151 +- DirName:CN = t152 +- DirName:CN = t153 +- DirName:CN = t154 +- DirName:CN = t155 +- DirName:CN = t156 +- DirName:CN = t157 +- DirName:CN = t158 +- DirName:CN = t159 +- DirName:CN = t160 +- DirName:CN = t161 +- DirName:CN = t162 +- DirName:CN = t163 +- DirName:CN = t164 +- DirName:CN = t165 +- DirName:CN = t166 +- DirName:CN = t167 +- DirName:CN = t168 +- DirName:CN = t169 +- DirName:CN = t170 +- DirName:CN = t171 +- DirName:CN = t172 +- DirName:CN = t173 +- DirName:CN = t174 +- DirName:CN = t175 +- DirName:CN = t176 +- DirName:CN = t177 +- DirName:CN = t178 +- DirName:CN = t179 +- DirName:CN = t180 +- DirName:CN = t181 +- DirName:CN = t182 +- DirName:CN = t183 +- DirName:CN = t184 +- DirName:CN = t185 +- DirName:CN = t186 +- DirName:CN = t187 +- DirName:CN = t188 +- DirName:CN = t189 +- DirName:CN = t190 +- DirName:CN = t191 +- DirName:CN = t192 +- DirName:CN = t193 +- DirName:CN = t194 +- DirName:CN = t195 +- DirName:CN = t196 +- DirName:CN = t197 +- DirName:CN = t198 +- DirName:CN = t199 +- DirName:CN = t200 +- DirName:CN = t201 +- DirName:CN = t202 +- DirName:CN = t203 +- DirName:CN = t204 +- DirName:CN = t205 +- DirName:CN = t206 +- DirName:CN = t207 +- DirName:CN = t208 +- DirName:CN = t209 +- DirName:CN = t210 +- DirName:CN = t211 +- DirName:CN = t212 +- DirName:CN = t213 +- DirName:CN = t214 +- DirName:CN = t215 +- DirName:CN = t216 +- DirName:CN = t217 +- DirName:CN = t218 +- DirName:CN = t219 +- DirName:CN = t220 +- DirName:CN = t221 +- DirName:CN = t222 +- DirName:CN = t223 +- DirName:CN = t224 +- DirName:CN = t225 +- DirName:CN = t226 +- DirName:CN = t227 +- DirName:CN = t228 +- DirName:CN = t229 +- DirName:CN = t230 +- DirName:CN = t231 +- DirName:CN = t232 +- DirName:CN = t233 +- DirName:CN = t234 +- DirName:CN = t235 +- DirName:CN = t236 +- DirName:CN = t237 +- DirName:CN = t238 +- DirName:CN = t239 +- DirName:CN = t240 +- DirName:CN = t241 +- DirName:CN = t242 +- DirName:CN = t243 +- DirName:CN = t244 +- DirName:CN = t245 +- DirName:CN = t246 +- DirName:CN = t247 +- DirName:CN = t248 +- DirName:CN = t249 +- DirName:CN = t250 +- DirName:CN = t251 +- DirName:CN = t252 +- DirName:CN = t253 +- DirName:CN = t254 +- DirName:CN = t255 +- DirName:CN = t256 +- DirName:CN = t257 +- DirName:CN = t258 +- DirName:CN = t259 +- DirName:CN = t260 +- DirName:CN = t261 +- DirName:CN = t262 +- DirName:CN = t263 +- DirName:CN = t264 +- DirName:CN = t265 +- DirName:CN = t266 +- DirName:CN = t267 +- DirName:CN = t268 +- DirName:CN = t269 +- DirName:CN = t270 +- DirName:CN = t271 +- DirName:CN = t272 +- DirName:CN = t273 +- DirName:CN = t274 +- DirName:CN = t275 +- DirName:CN = t276 +- DirName:CN = t277 +- DirName:CN = t278 +- DirName:CN = t279 +- DirName:CN = t280 +- DirName:CN = t281 +- DirName:CN = t282 +- DirName:CN = t283 +- DirName:CN = t284 +- DirName:CN = t285 +- DirName:CN = t286 +- DirName:CN = t287 +- DirName:CN = t288 +- DirName:CN = t289 +- DirName:CN = t290 +- DirName:CN = t291 +- DirName:CN = t292 +- DirName:CN = t293 +- DirName:CN = t294 +- DirName:CN = t295 +- DirName:CN = t296 +- DirName:CN = t297 +- DirName:CN = t298 +- DirName:CN = t299 +- DirName:CN = t300 +- DirName:CN = t301 +- DirName:CN = t302 +- DirName:CN = t303 +- DirName:CN = t304 +- DirName:CN = t305 +- DirName:CN = t306 +- DirName:CN = t307 +- DirName:CN = t308 +- DirName:CN = t309 +- DirName:CN = t310 +- DirName:CN = t311 +- DirName:CN = t312 +- DirName:CN = t313 +- DirName:CN = t314 +- DirName:CN = t315 +- DirName:CN = t316 +- DirName:CN = t317 +- DirName:CN = t318 +- DirName:CN = t319 +- DirName:CN = t320 +- DirName:CN = t321 +- DirName:CN = t322 +- DirName:CN = t323 +- DirName:CN = t324 +- DirName:CN = t325 +- DirName:CN = t326 +- DirName:CN = t327 +- DirName:CN = t328 +- DirName:CN = t329 +- DirName:CN = t330 +- DirName:CN = t331 +- DirName:CN = t332 +- DirName:CN = t333 +- DirName:CN = t334 +- DirName:CN = t335 +- DirName:CN = t336 +- DirName:CN = t337 +- DirName:CN = t338 +- DirName:CN = t339 +- DirName:CN = t340 +- DirName:CN = t341 +- DirName:CN = t342 +- DirName:CN = t343 +- DirName:CN = t344 +- DirName:CN = t345 +- DirName:CN = t346 +- DirName:CN = t347 +- DirName:CN = t348 +- DirName:CN = t349 +- DirName:CN = t350 +- DirName:CN = t351 +- DirName:CN = t352 +- DirName:CN = t353 +- DirName:CN = t354 +- DirName:CN = t355 +- DirName:CN = t356 +- DirName:CN = t357 +- DirName:CN = t358 +- DirName:CN = t359 +- DirName:CN = t360 +- DirName:CN = t361 +- DirName:CN = t362 +- DirName:CN = t363 +- DirName:CN = t364 +- DirName:CN = t365 +- DirName:CN = t366 +- DirName:CN = t367 +- DirName:CN = t368 +- DirName:CN = t369 +- DirName:CN = t370 +- DirName:CN = t371 +- DirName:CN = t372 +- DirName:CN = t373 +- DirName:CN = t374 +- DirName:CN = t375 +- DirName:CN = t376 +- DirName:CN = t377 +- DirName:CN = t378 +- DirName:CN = t379 +- DirName:CN = t380 +- DirName:CN = t381 +- DirName:CN = t382 +- DirName:CN = t383 +- DirName:CN = t384 +- DirName:CN = t385 +- DirName:CN = t386 +- DirName:CN = t387 +- DirName:CN = t388 +- DirName:CN = t389 +- DirName:CN = t390 +- DirName:CN = t391 +- DirName:CN = t392 +- DirName:CN = t393 +- DirName:CN = t394 +- DirName:CN = t395 +- DirName:CN = t396 +- DirName:CN = t397 +- DirName:CN = t398 +- DirName:CN = t399 +- DirName:CN = t400 +- DirName:CN = t401 +- DirName:CN = t402 +- DirName:CN = t403 +- DirName:CN = t404 +- DirName:CN = t405 +- DirName:CN = t406 +- DirName:CN = t407 +- DirName:CN = t408 +- DirName:CN = t409 +- DirName:CN = t410 +- DirName:CN = t411 +- DirName:CN = t412 +- DirName:CN = t413 +- DirName:CN = t414 +- DirName:CN = t415 +- DirName:CN = t416 +- DirName:CN = t417 ++ DirName: CN = t0 ++ DirName: CN = t1 ++ DirName: CN = t2 ++ DirName: CN = t3 ++ DirName: CN = t4 ++ DirName: CN = t5 ++ DirName: CN = t6 ++ DirName: CN = t7 ++ DirName: CN = t8 ++ DirName: CN = t9 ++ DirName: CN = t10 ++ DirName: CN = t11 ++ DirName: CN = t12 ++ DirName: CN = t13 ++ DirName: CN = t14 ++ DirName: CN = t15 ++ DirName: CN = t16 ++ DirName: CN = t17 ++ DirName: CN = t18 ++ DirName: CN = t19 ++ DirName: CN = t20 ++ DirName: CN = t21 ++ DirName: CN = t22 ++ DirName: CN = t23 ++ DirName: CN = t24 ++ DirName: CN = t25 ++ DirName: CN = t26 ++ DirName: CN = t27 ++ DirName: CN = t28 ++ DirName: CN = t29 ++ DirName: CN = t30 ++ DirName: CN = t31 ++ DirName: CN = t32 ++ DirName: CN = t33 ++ DirName: CN = t34 ++ DirName: CN = t35 ++ DirName: CN = t36 ++ DirName: CN = t37 ++ DirName: CN = t38 ++ DirName: CN = t39 ++ DirName: CN = t40 ++ DirName: CN = t41 ++ DirName: CN = t42 ++ DirName: CN = t43 ++ DirName: CN = t44 ++ DirName: CN = t45 ++ DirName: CN = t46 ++ DirName: CN = t47 ++ DirName: CN = t48 ++ DirName: CN = t49 ++ DirName: CN = t50 ++ DirName: CN = t51 ++ DirName: CN = t52 ++ DirName: CN = t53 ++ DirName: CN = t54 ++ DirName: CN = t55 ++ DirName: CN = t56 ++ DirName: CN = t57 ++ DirName: CN = t58 ++ DirName: CN = t59 ++ DirName: CN = t60 ++ DirName: CN = t61 ++ DirName: CN = t62 ++ DirName: CN = t63 ++ DirName: CN = t64 ++ DirName: CN = t65 ++ DirName: CN = t66 ++ DirName: CN = t67 ++ DirName: CN = t68 ++ DirName: CN = t69 ++ DirName: CN = t70 ++ DirName: CN = t71 ++ DirName: CN = t72 ++ DirName: CN = t73 ++ DirName: CN = t74 ++ DirName: CN = t75 ++ DirName: CN = t76 ++ DirName: CN = t77 ++ DirName: CN = t78 ++ DirName: CN = t79 ++ DirName: CN = t80 ++ DirName: CN = t81 ++ DirName: CN = t82 ++ DirName: CN = t83 ++ DirName: CN = t84 ++ DirName: CN = t85 ++ DirName: CN = t86 ++ DirName: CN = t87 ++ DirName: CN = t88 ++ DirName: CN = t89 ++ DirName: CN = t90 ++ DirName: CN = t91 ++ DirName: CN = t92 ++ DirName: CN = t93 ++ DirName: CN = t94 ++ DirName: CN = t95 ++ DirName: CN = t96 ++ DirName: CN = t97 ++ DirName: CN = t98 ++ DirName: CN = t99 ++ DirName: CN = t100 ++ DirName: CN = t101 ++ DirName: CN = t102 ++ DirName: CN = t103 ++ DirName: CN = t104 ++ DirName: CN = t105 ++ DirName: CN = t106 ++ DirName: CN = t107 ++ DirName: CN = t108 ++ DirName: CN = t109 ++ DirName: CN = t110 ++ DirName: CN = t111 ++ DirName: CN = t112 ++ DirName: CN = t113 ++ DirName: CN = t114 ++ DirName: CN = t115 ++ DirName: CN = t116 ++ DirName: CN = t117 ++ DirName: CN = t118 ++ DirName: CN = t119 ++ DirName: CN = t120 ++ DirName: CN = t121 ++ DirName: CN = t122 ++ DirName: CN = t123 ++ DirName: CN = t124 ++ DirName: CN = t125 ++ DirName: CN = t126 ++ DirName: CN = t127 ++ DirName: CN = t128 ++ DirName: CN = t129 ++ DirName: CN = t130 ++ DirName: CN = t131 ++ DirName: CN = t132 ++ DirName: CN = t133 ++ DirName: CN = t134 ++ DirName: CN = t135 ++ DirName: CN = t136 ++ DirName: CN = t137 ++ DirName: CN = t138 ++ DirName: CN = t139 ++ DirName: CN = t140 ++ DirName: CN = t141 ++ DirName: CN = t142 ++ DirName: CN = t143 ++ DirName: CN = t144 ++ DirName: CN = t145 ++ DirName: CN = t146 ++ DirName: CN = t147 ++ DirName: CN = t148 ++ DirName: CN = t149 ++ DirName: CN = t150 ++ DirName: CN = t151 ++ DirName: CN = t152 ++ DirName: CN = t153 ++ DirName: CN = t154 ++ DirName: CN = t155 ++ DirName: CN = t156 ++ DirName: CN = t157 ++ DirName: CN = t158 ++ DirName: CN = t159 ++ DirName: CN = t160 ++ DirName: CN = t161 ++ DirName: CN = t162 ++ DirName: CN = t163 ++ DirName: CN = t164 ++ DirName: CN = t165 ++ DirName: CN = t166 ++ DirName: CN = t167 ++ DirName: CN = t168 ++ DirName: CN = t169 ++ DirName: CN = t170 ++ DirName: CN = t171 + URI:http://test/0 + URI:http://test/1 + URI:http://test/2 +@@ -3270,254 +2473,6 @@ Certificate: + DNS:x167.test + DNS:x168.test + DNS:x169.test +- DNS:x170.test +- DNS:x171.test +- DNS:x172.test +- DNS:x173.test +- DNS:x174.test +- DNS:x175.test +- DNS:x176.test +- DNS:x177.test +- DNS:x178.test +- DNS:x179.test +- DNS:x180.test +- DNS:x181.test +- DNS:x182.test +- DNS:x183.test +- DNS:x184.test +- DNS:x185.test +- DNS:x186.test +- DNS:x187.test +- DNS:x188.test +- DNS:x189.test +- DNS:x190.test +- DNS:x191.test +- DNS:x192.test +- DNS:x193.test +- DNS:x194.test +- DNS:x195.test +- DNS:x196.test +- DNS:x197.test +- DNS:x198.test +- DNS:x199.test +- DNS:x200.test +- DNS:x201.test +- DNS:x202.test +- DNS:x203.test +- DNS:x204.test +- DNS:x205.test +- DNS:x206.test +- DNS:x207.test +- DNS:x208.test +- DNS:x209.test +- DNS:x210.test +- DNS:x211.test +- DNS:x212.test +- DNS:x213.test +- DNS:x214.test +- DNS:x215.test +- DNS:x216.test +- DNS:x217.test +- DNS:x218.test +- DNS:x219.test +- DNS:x220.test +- DNS:x221.test +- DNS:x222.test +- DNS:x223.test +- DNS:x224.test +- DNS:x225.test +- DNS:x226.test +- DNS:x227.test +- DNS:x228.test +- DNS:x229.test +- DNS:x230.test +- DNS:x231.test +- DNS:x232.test +- DNS:x233.test +- DNS:x234.test +- DNS:x235.test +- DNS:x236.test +- DNS:x237.test +- DNS:x238.test +- DNS:x239.test +- DNS:x240.test +- DNS:x241.test +- DNS:x242.test +- DNS:x243.test +- DNS:x244.test +- DNS:x245.test +- DNS:x246.test +- DNS:x247.test +- DNS:x248.test +- DNS:x249.test +- DNS:x250.test +- DNS:x251.test +- DNS:x252.test +- DNS:x253.test +- DNS:x254.test +- DNS:x255.test +- DNS:x256.test +- DNS:x257.test +- DNS:x258.test +- DNS:x259.test +- DNS:x260.test +- DNS:x261.test +- DNS:x262.test +- DNS:x263.test +- DNS:x264.test +- DNS:x265.test +- DNS:x266.test +- DNS:x267.test +- DNS:x268.test +- DNS:x269.test +- DNS:x270.test +- DNS:x271.test +- DNS:x272.test +- DNS:x273.test +- DNS:x274.test +- DNS:x275.test +- DNS:x276.test +- DNS:x277.test +- DNS:x278.test +- DNS:x279.test +- DNS:x280.test +- DNS:x281.test +- DNS:x282.test +- DNS:x283.test +- DNS:x284.test +- DNS:x285.test +- DNS:x286.test +- DNS:x287.test +- DNS:x288.test +- DNS:x289.test +- DNS:x290.test +- DNS:x291.test +- DNS:x292.test +- DNS:x293.test +- DNS:x294.test +- DNS:x295.test +- DNS:x296.test +- DNS:x297.test +- DNS:x298.test +- DNS:x299.test +- DNS:x300.test +- DNS:x301.test +- DNS:x302.test +- DNS:x303.test +- DNS:x304.test +- DNS:x305.test +- DNS:x306.test +- DNS:x307.test +- DNS:x308.test +- DNS:x309.test +- DNS:x310.test +- DNS:x311.test +- DNS:x312.test +- DNS:x313.test +- DNS:x314.test +- DNS:x315.test +- DNS:x316.test +- DNS:x317.test +- DNS:x318.test +- DNS:x319.test +- DNS:x320.test +- DNS:x321.test +- DNS:x322.test +- DNS:x323.test +- DNS:x324.test +- DNS:x325.test +- DNS:x326.test +- DNS:x327.test +- DNS:x328.test +- DNS:x329.test +- DNS:x330.test +- DNS:x331.test +- DNS:x332.test +- DNS:x333.test +- DNS:x334.test +- DNS:x335.test +- DNS:x336.test +- DNS:x337.test +- DNS:x338.test +- DNS:x339.test +- DNS:x340.test +- DNS:x341.test +- DNS:x342.test +- DNS:x343.test +- DNS:x344.test +- DNS:x345.test +- DNS:x346.test +- DNS:x347.test +- DNS:x348.test +- DNS:x349.test +- DNS:x350.test +- DNS:x351.test +- DNS:x352.test +- DNS:x353.test +- DNS:x354.test +- DNS:x355.test +- DNS:x356.test +- DNS:x357.test +- DNS:x358.test +- DNS:x359.test +- DNS:x360.test +- DNS:x361.test +- DNS:x362.test +- DNS:x363.test +- DNS:x364.test +- DNS:x365.test +- DNS:x366.test +- DNS:x367.test +- DNS:x368.test +- DNS:x369.test +- DNS:x370.test +- DNS:x371.test +- DNS:x372.test +- DNS:x373.test +- DNS:x374.test +- DNS:x375.test +- DNS:x376.test +- DNS:x377.test +- DNS:x378.test +- DNS:x379.test +- DNS:x380.test +- DNS:x381.test +- DNS:x382.test +- DNS:x383.test +- DNS:x384.test +- DNS:x385.test +- DNS:x386.test +- DNS:x387.test +- DNS:x388.test +- DNS:x389.test +- DNS:x390.test +- DNS:x391.test +- DNS:x392.test +- DNS:x393.test +- DNS:x394.test +- DNS:x395.test +- DNS:x396.test +- DNS:x397.test +- DNS:x398.test +- DNS:x399.test +- DNS:x400.test +- DNS:x401.test +- DNS:x402.test +- DNS:x403.test +- DNS:x404.test +- DNS:x405.test +- DNS:x406.test +- DNS:x407.test +- DNS:x408.test +- DNS:x409.test +- DNS:x410.test +- DNS:x411.test +- DNS:x412.test +- DNS:x413.test +- DNS:x414.test +- DNS:x415.test +- DNS:x416.test +- DNS:x417.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 +@@ -3688,672 +2643,176 @@ Certificate: + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 +- IP:11.0.0.170/255.255.255.255 +- IP:11.0.0.171/255.255.255.255 +- IP:11.0.0.172/255.255.255.255 +- IP:11.0.0.173/255.255.255.255 +- IP:11.0.0.174/255.255.255.255 +- IP:11.0.0.175/255.255.255.255 +- IP:11.0.0.176/255.255.255.255 +- IP:11.0.0.177/255.255.255.255 +- IP:11.0.0.178/255.255.255.255 +- IP:11.0.0.179/255.255.255.255 +- IP:11.0.0.180/255.255.255.255 +- IP:11.0.0.181/255.255.255.255 +- IP:11.0.0.182/255.255.255.255 +- IP:11.0.0.183/255.255.255.255 +- IP:11.0.0.184/255.255.255.255 +- IP:11.0.0.185/255.255.255.255 +- IP:11.0.0.186/255.255.255.255 +- IP:11.0.0.187/255.255.255.255 +- IP:11.0.0.188/255.255.255.255 +- IP:11.0.0.189/255.255.255.255 +- IP:11.0.0.190/255.255.255.255 +- IP:11.0.0.191/255.255.255.255 +- IP:11.0.0.192/255.255.255.255 +- IP:11.0.0.193/255.255.255.255 +- IP:11.0.0.194/255.255.255.255 +- IP:11.0.0.195/255.255.255.255 +- IP:11.0.0.196/255.255.255.255 +- IP:11.0.0.197/255.255.255.255 +- IP:11.0.0.198/255.255.255.255 +- IP:11.0.0.199/255.255.255.255 +- IP:11.0.0.200/255.255.255.255 +- IP:11.0.0.201/255.255.255.255 +- IP:11.0.0.202/255.255.255.255 +- IP:11.0.0.203/255.255.255.255 +- IP:11.0.0.204/255.255.255.255 +- IP:11.0.0.205/255.255.255.255 +- IP:11.0.0.206/255.255.255.255 +- IP:11.0.0.207/255.255.255.255 +- IP:11.0.0.208/255.255.255.255 +- IP:11.0.0.209/255.255.255.255 +- IP:11.0.0.210/255.255.255.255 +- IP:11.0.0.211/255.255.255.255 +- IP:11.0.0.212/255.255.255.255 +- IP:11.0.0.213/255.255.255.255 +- IP:11.0.0.214/255.255.255.255 +- IP:11.0.0.215/255.255.255.255 +- IP:11.0.0.216/255.255.255.255 +- IP:11.0.0.217/255.255.255.255 +- IP:11.0.0.218/255.255.255.255 +- IP:11.0.0.219/255.255.255.255 +- IP:11.0.0.220/255.255.255.255 +- IP:11.0.0.221/255.255.255.255 +- IP:11.0.0.222/255.255.255.255 +- IP:11.0.0.223/255.255.255.255 +- IP:11.0.0.224/255.255.255.255 +- IP:11.0.0.225/255.255.255.255 +- IP:11.0.0.226/255.255.255.255 +- IP:11.0.0.227/255.255.255.255 +- IP:11.0.0.228/255.255.255.255 +- IP:11.0.0.229/255.255.255.255 +- IP:11.0.0.230/255.255.255.255 +- IP:11.0.0.231/255.255.255.255 +- IP:11.0.0.232/255.255.255.255 +- IP:11.0.0.233/255.255.255.255 +- IP:11.0.0.234/255.255.255.255 +- IP:11.0.0.235/255.255.255.255 +- IP:11.0.0.236/255.255.255.255 +- IP:11.0.0.237/255.255.255.255 +- IP:11.0.0.238/255.255.255.255 +- IP:11.0.0.239/255.255.255.255 +- IP:11.0.0.240/255.255.255.255 +- IP:11.0.0.241/255.255.255.255 +- IP:11.0.0.242/255.255.255.255 +- IP:11.0.0.243/255.255.255.255 +- IP:11.0.0.244/255.255.255.255 +- IP:11.0.0.245/255.255.255.255 +- IP:11.0.0.246/255.255.255.255 +- IP:11.0.0.247/255.255.255.255 +- IP:11.0.0.248/255.255.255.255 +- IP:11.0.0.249/255.255.255.255 +- IP:11.0.0.250/255.255.255.255 +- IP:11.0.0.251/255.255.255.255 +- IP:11.0.0.252/255.255.255.255 +- IP:11.0.0.253/255.255.255.255 +- IP:11.0.0.254/255.255.255.255 +- IP:11.0.0.255/255.255.255.255 +- IP:11.0.1.0/255.255.255.255 +- IP:11.0.1.1/255.255.255.255 +- IP:11.0.1.2/255.255.255.255 +- IP:11.0.1.3/255.255.255.255 +- IP:11.0.1.4/255.255.255.255 +- IP:11.0.1.5/255.255.255.255 +- IP:11.0.1.6/255.255.255.255 +- IP:11.0.1.7/255.255.255.255 +- IP:11.0.1.8/255.255.255.255 +- IP:11.0.1.9/255.255.255.255 +- IP:11.0.1.10/255.255.255.255 +- IP:11.0.1.11/255.255.255.255 +- IP:11.0.1.12/255.255.255.255 +- IP:11.0.1.13/255.255.255.255 +- IP:11.0.1.14/255.255.255.255 +- IP:11.0.1.15/255.255.255.255 +- IP:11.0.1.16/255.255.255.255 +- IP:11.0.1.17/255.255.255.255 +- IP:11.0.1.18/255.255.255.255 +- IP:11.0.1.19/255.255.255.255 +- IP:11.0.1.20/255.255.255.255 +- IP:11.0.1.21/255.255.255.255 +- IP:11.0.1.22/255.255.255.255 +- IP:11.0.1.23/255.255.255.255 +- IP:11.0.1.24/255.255.255.255 +- IP:11.0.1.25/255.255.255.255 +- IP:11.0.1.26/255.255.255.255 +- IP:11.0.1.27/255.255.255.255 +- IP:11.0.1.28/255.255.255.255 +- IP:11.0.1.29/255.255.255.255 +- IP:11.0.1.30/255.255.255.255 +- IP:11.0.1.31/255.255.255.255 +- IP:11.0.1.32/255.255.255.255 +- IP:11.0.1.33/255.255.255.255 +- IP:11.0.1.34/255.255.255.255 +- IP:11.0.1.35/255.255.255.255 +- IP:11.0.1.36/255.255.255.255 +- IP:11.0.1.37/255.255.255.255 +- IP:11.0.1.38/255.255.255.255 +- IP:11.0.1.39/255.255.255.255 +- IP:11.0.1.40/255.255.255.255 +- IP:11.0.1.41/255.255.255.255 +- IP:11.0.1.42/255.255.255.255 +- IP:11.0.1.43/255.255.255.255 +- IP:11.0.1.44/255.255.255.255 +- IP:11.0.1.45/255.255.255.255 +- IP:11.0.1.46/255.255.255.255 +- IP:11.0.1.47/255.255.255.255 +- IP:11.0.1.48/255.255.255.255 +- IP:11.0.1.49/255.255.255.255 +- IP:11.0.1.50/255.255.255.255 +- IP:11.0.1.51/255.255.255.255 +- IP:11.0.1.52/255.255.255.255 +- IP:11.0.1.53/255.255.255.255 +- IP:11.0.1.54/255.255.255.255 +- IP:11.0.1.55/255.255.255.255 +- IP:11.0.1.56/255.255.255.255 +- IP:11.0.1.57/255.255.255.255 +- IP:11.0.1.58/255.255.255.255 +- IP:11.0.1.59/255.255.255.255 +- IP:11.0.1.60/255.255.255.255 +- IP:11.0.1.61/255.255.255.255 +- IP:11.0.1.62/255.255.255.255 +- IP:11.0.1.63/255.255.255.255 +- IP:11.0.1.64/255.255.255.255 +- IP:11.0.1.65/255.255.255.255 +- IP:11.0.1.66/255.255.255.255 +- IP:11.0.1.67/255.255.255.255 +- IP:11.0.1.68/255.255.255.255 +- IP:11.0.1.69/255.255.255.255 +- IP:11.0.1.70/255.255.255.255 +- IP:11.0.1.71/255.255.255.255 +- IP:11.0.1.72/255.255.255.255 +- IP:11.0.1.73/255.255.255.255 +- IP:11.0.1.74/255.255.255.255 +- IP:11.0.1.75/255.255.255.255 +- IP:11.0.1.76/255.255.255.255 +- IP:11.0.1.77/255.255.255.255 +- IP:11.0.1.78/255.255.255.255 +- IP:11.0.1.79/255.255.255.255 +- IP:11.0.1.80/255.255.255.255 +- IP:11.0.1.81/255.255.255.255 +- IP:11.0.1.82/255.255.255.255 +- IP:11.0.1.83/255.255.255.255 +- IP:11.0.1.84/255.255.255.255 +- IP:11.0.1.85/255.255.255.255 +- IP:11.0.1.86/255.255.255.255 +- IP:11.0.1.87/255.255.255.255 +- IP:11.0.1.88/255.255.255.255 +- IP:11.0.1.89/255.255.255.255 +- IP:11.0.1.90/255.255.255.255 +- IP:11.0.1.91/255.255.255.255 +- IP:11.0.1.92/255.255.255.255 +- IP:11.0.1.93/255.255.255.255 +- IP:11.0.1.94/255.255.255.255 +- IP:11.0.1.95/255.255.255.255 +- IP:11.0.1.96/255.255.255.255 +- IP:11.0.1.97/255.255.255.255 +- IP:11.0.1.98/255.255.255.255 +- IP:11.0.1.99/255.255.255.255 +- IP:11.0.1.100/255.255.255.255 +- IP:11.0.1.101/255.255.255.255 +- IP:11.0.1.102/255.255.255.255 +- IP:11.0.1.103/255.255.255.255 +- IP:11.0.1.104/255.255.255.255 +- IP:11.0.1.105/255.255.255.255 +- IP:11.0.1.106/255.255.255.255 +- IP:11.0.1.107/255.255.255.255 +- IP:11.0.1.108/255.255.255.255 +- IP:11.0.1.109/255.255.255.255 +- IP:11.0.1.110/255.255.255.255 +- IP:11.0.1.111/255.255.255.255 +- IP:11.0.1.112/255.255.255.255 +- IP:11.0.1.113/255.255.255.255 +- IP:11.0.1.114/255.255.255.255 +- IP:11.0.1.115/255.255.255.255 +- IP:11.0.1.116/255.255.255.255 +- IP:11.0.1.117/255.255.255.255 +- IP:11.0.1.118/255.255.255.255 +- IP:11.0.1.119/255.255.255.255 +- IP:11.0.1.120/255.255.255.255 +- IP:11.0.1.121/255.255.255.255 +- IP:11.0.1.122/255.255.255.255 +- IP:11.0.1.123/255.255.255.255 +- IP:11.0.1.124/255.255.255.255 +- IP:11.0.1.125/255.255.255.255 +- IP:11.0.1.126/255.255.255.255 +- IP:11.0.1.127/255.255.255.255 +- IP:11.0.1.128/255.255.255.255 +- IP:11.0.1.129/255.255.255.255 +- IP:11.0.1.130/255.255.255.255 +- IP:11.0.1.131/255.255.255.255 +- IP:11.0.1.132/255.255.255.255 +- IP:11.0.1.133/255.255.255.255 +- IP:11.0.1.134/255.255.255.255 +- IP:11.0.1.135/255.255.255.255 +- IP:11.0.1.136/255.255.255.255 +- IP:11.0.1.137/255.255.255.255 +- IP:11.0.1.138/255.255.255.255 +- IP:11.0.1.139/255.255.255.255 +- IP:11.0.1.140/255.255.255.255 +- IP:11.0.1.141/255.255.255.255 +- IP:11.0.1.142/255.255.255.255 +- IP:11.0.1.143/255.255.255.255 +- IP:11.0.1.144/255.255.255.255 +- IP:11.0.1.145/255.255.255.255 +- IP:11.0.1.146/255.255.255.255 +- IP:11.0.1.147/255.255.255.255 +- IP:11.0.1.148/255.255.255.255 +- IP:11.0.1.149/255.255.255.255 +- IP:11.0.1.150/255.255.255.255 +- IP:11.0.1.151/255.255.255.255 +- IP:11.0.1.152/255.255.255.255 +- IP:11.0.1.153/255.255.255.255 +- IP:11.0.1.154/255.255.255.255 +- IP:11.0.1.155/255.255.255.255 +- IP:11.0.1.156/255.255.255.255 +- IP:11.0.1.157/255.255.255.255 +- IP:11.0.1.158/255.255.255.255 +- IP:11.0.1.159/255.255.255.255 +- IP:11.0.1.160/255.255.255.255 +- IP:11.0.1.161/255.255.255.255 +- DirName:CN = x0 +- DirName:CN = x1 +- DirName:CN = x2 +- DirName:CN = x3 +- DirName:CN = x4 +- DirName:CN = x5 +- DirName:CN = x6 +- DirName:CN = x7 +- DirName:CN = x8 +- DirName:CN = x9 +- DirName:CN = x10 +- DirName:CN = x11 +- DirName:CN = x12 +- DirName:CN = x13 +- DirName:CN = x14 +- DirName:CN = x15 +- DirName:CN = x16 +- DirName:CN = x17 +- DirName:CN = x18 +- DirName:CN = x19 +- DirName:CN = x20 +- DirName:CN = x21 +- DirName:CN = x22 +- DirName:CN = x23 +- DirName:CN = x24 +- DirName:CN = x25 +- DirName:CN = x26 +- DirName:CN = x27 +- DirName:CN = x28 +- DirName:CN = x29 +- DirName:CN = x30 +- DirName:CN = x31 +- DirName:CN = x32 +- DirName:CN = x33 +- DirName:CN = x34 +- DirName:CN = x35 +- DirName:CN = x36 +- DirName:CN = x37 +- DirName:CN = x38 +- DirName:CN = x39 +- DirName:CN = x40 +- DirName:CN = x41 +- DirName:CN = x42 +- DirName:CN = x43 +- DirName:CN = x44 +- DirName:CN = x45 +- DirName:CN = x46 +- DirName:CN = x47 +- DirName:CN = x48 +- DirName:CN = x49 +- DirName:CN = x50 +- DirName:CN = x51 +- DirName:CN = x52 +- DirName:CN = x53 +- DirName:CN = x54 +- DirName:CN = x55 +- DirName:CN = x56 +- DirName:CN = x57 +- DirName:CN = x58 +- DirName:CN = x59 +- DirName:CN = x60 +- DirName:CN = x61 +- DirName:CN = x62 +- DirName:CN = x63 +- DirName:CN = x64 +- DirName:CN = x65 +- DirName:CN = x66 +- DirName:CN = x67 +- DirName:CN = x68 +- DirName:CN = x69 +- DirName:CN = x70 +- DirName:CN = x71 +- DirName:CN = x72 +- DirName:CN = x73 +- DirName:CN = x74 +- DirName:CN = x75 +- DirName:CN = x76 +- DirName:CN = x77 +- DirName:CN = x78 +- DirName:CN = x79 +- DirName:CN = x80 +- DirName:CN = x81 +- DirName:CN = x82 +- DirName:CN = x83 +- DirName:CN = x84 +- DirName:CN = x85 +- DirName:CN = x86 +- DirName:CN = x87 +- DirName:CN = x88 +- DirName:CN = x89 +- DirName:CN = x90 +- DirName:CN = x91 +- DirName:CN = x92 +- DirName:CN = x93 +- DirName:CN = x94 +- DirName:CN = x95 +- DirName:CN = x96 +- DirName:CN = x97 +- DirName:CN = x98 +- DirName:CN = x99 +- DirName:CN = x100 +- DirName:CN = x101 +- DirName:CN = x102 +- DirName:CN = x103 +- DirName:CN = x104 +- DirName:CN = x105 +- DirName:CN = x106 +- DirName:CN = x107 +- DirName:CN = x108 +- DirName:CN = x109 +- DirName:CN = x110 +- DirName:CN = x111 +- DirName:CN = x112 +- DirName:CN = x113 +- DirName:CN = x114 +- DirName:CN = x115 +- DirName:CN = x116 +- DirName:CN = x117 +- DirName:CN = x118 +- DirName:CN = x119 +- DirName:CN = x120 +- DirName:CN = x121 +- DirName:CN = x122 +- DirName:CN = x123 +- DirName:CN = x124 +- DirName:CN = x125 +- DirName:CN = x126 +- DirName:CN = x127 +- DirName:CN = x128 +- DirName:CN = x129 +- DirName:CN = x130 +- DirName:CN = x131 +- DirName:CN = x132 +- DirName:CN = x133 +- DirName:CN = x134 +- DirName:CN = x135 +- DirName:CN = x136 +- DirName:CN = x137 +- DirName:CN = x138 +- DirName:CN = x139 +- DirName:CN = x140 +- DirName:CN = x141 +- DirName:CN = x142 +- DirName:CN = x143 +- DirName:CN = x144 +- DirName:CN = x145 +- DirName:CN = x146 +- DirName:CN = x147 +- DirName:CN = x148 +- DirName:CN = x149 +- DirName:CN = x150 +- DirName:CN = x151 +- DirName:CN = x152 +- DirName:CN = x153 +- DirName:CN = x154 +- DirName:CN = x155 +- DirName:CN = x156 +- DirName:CN = x157 +- DirName:CN = x158 +- DirName:CN = x159 +- DirName:CN = x160 +- DirName:CN = x161 +- DirName:CN = x162 +- DirName:CN = x163 +- DirName:CN = x164 +- DirName:CN = x165 +- DirName:CN = x166 +- DirName:CN = x167 +- DirName:CN = x168 +- DirName:CN = x169 +- DirName:CN = x170 +- DirName:CN = x171 +- DirName:CN = x172 +- DirName:CN = x173 +- DirName:CN = x174 +- DirName:CN = x175 +- DirName:CN = x176 +- DirName:CN = x177 +- DirName:CN = x178 +- DirName:CN = x179 +- DirName:CN = x180 +- DirName:CN = x181 +- DirName:CN = x182 +- DirName:CN = x183 +- DirName:CN = x184 +- DirName:CN = x185 +- DirName:CN = x186 +- DirName:CN = x187 +- DirName:CN = x188 +- DirName:CN = x189 +- DirName:CN = x190 +- DirName:CN = x191 +- DirName:CN = x192 +- DirName:CN = x193 +- DirName:CN = x194 +- DirName:CN = x195 +- DirName:CN = x196 +- DirName:CN = x197 +- DirName:CN = x198 +- DirName:CN = x199 +- DirName:CN = x200 +- DirName:CN = x201 +- DirName:CN = x202 +- DirName:CN = x203 +- DirName:CN = x204 +- DirName:CN = x205 +- DirName:CN = x206 +- DirName:CN = x207 +- DirName:CN = x208 +- DirName:CN = x209 +- DirName:CN = x210 +- DirName:CN = x211 +- DirName:CN = x212 +- DirName:CN = x213 +- DirName:CN = x214 +- DirName:CN = x215 +- DirName:CN = x216 +- DirName:CN = x217 +- DirName:CN = x218 +- DirName:CN = x219 +- DirName:CN = x220 +- DirName:CN = x221 +- DirName:CN = x222 +- DirName:CN = x223 +- DirName:CN = x224 +- DirName:CN = x225 +- DirName:CN = x226 +- DirName:CN = x227 +- DirName:CN = x228 +- DirName:CN = x229 +- DirName:CN = x230 +- DirName:CN = x231 +- DirName:CN = x232 +- DirName:CN = x233 +- DirName:CN = x234 +- DirName:CN = x235 +- DirName:CN = x236 +- DirName:CN = x237 +- DirName:CN = x238 +- DirName:CN = x239 +- DirName:CN = x240 +- DirName:CN = x241 +- DirName:CN = x242 +- DirName:CN = x243 +- DirName:CN = x244 +- DirName:CN = x245 +- DirName:CN = x246 +- DirName:CN = x247 +- DirName:CN = x248 +- DirName:CN = x249 +- DirName:CN = x250 +- DirName:CN = x251 +- DirName:CN = x252 +- DirName:CN = x253 +- DirName:CN = x254 +- DirName:CN = x255 +- DirName:CN = x256 +- DirName:CN = x257 +- DirName:CN = x258 +- DirName:CN = x259 +- DirName:CN = x260 +- DirName:CN = x261 +- DirName:CN = x262 +- DirName:CN = x263 +- DirName:CN = x264 +- DirName:CN = x265 +- DirName:CN = x266 +- DirName:CN = x267 +- DirName:CN = x268 +- DirName:CN = x269 +- DirName:CN = x270 +- DirName:CN = x271 +- DirName:CN = x272 +- DirName:CN = x273 +- DirName:CN = x274 +- DirName:CN = x275 +- DirName:CN = x276 +- DirName:CN = x277 +- DirName:CN = x278 +- DirName:CN = x279 +- DirName:CN = x280 +- DirName:CN = x281 +- DirName:CN = x282 +- DirName:CN = x283 +- DirName:CN = x284 +- DirName:CN = x285 +- DirName:CN = x286 +- DirName:CN = x287 +- DirName:CN = x288 +- DirName:CN = x289 +- DirName:CN = x290 +- DirName:CN = x291 +- DirName:CN = x292 +- DirName:CN = x293 +- DirName:CN = x294 +- DirName:CN = x295 +- DirName:CN = x296 +- DirName:CN = x297 +- DirName:CN = x298 +- DirName:CN = x299 +- DirName:CN = x300 +- DirName:CN = x301 +- DirName:CN = x302 +- DirName:CN = x303 +- DirName:CN = x304 +- DirName:CN = x305 +- DirName:CN = x306 +- DirName:CN = x307 +- DirName:CN = x308 +- DirName:CN = x309 +- DirName:CN = x310 +- DirName:CN = x311 +- DirName:CN = x312 +- DirName:CN = x313 +- DirName:CN = x314 +- DirName:CN = x315 +- DirName:CN = x316 +- DirName:CN = x317 +- DirName:CN = x318 +- DirName:CN = x319 +- DirName:CN = x320 +- DirName:CN = x321 +- DirName:CN = x322 +- DirName:CN = x323 +- DirName:CN = x324 +- DirName:CN = x325 +- DirName:CN = x326 +- DirName:CN = x327 +- DirName:CN = x328 +- DirName:CN = x329 +- DirName:CN = x330 +- DirName:CN = x331 +- DirName:CN = x332 +- DirName:CN = x333 +- DirName:CN = x334 +- DirName:CN = x335 +- DirName:CN = x336 +- DirName:CN = x337 +- DirName:CN = x338 +- DirName:CN = x339 +- DirName:CN = x340 +- DirName:CN = x341 +- DirName:CN = x342 +- DirName:CN = x343 +- DirName:CN = x344 +- DirName:CN = x345 +- DirName:CN = x346 +- DirName:CN = x347 +- DirName:CN = x348 +- DirName:CN = x349 +- DirName:CN = x350 +- DirName:CN = x351 +- DirName:CN = x352 +- DirName:CN = x353 +- DirName:CN = x354 +- DirName:CN = x355 +- DirName:CN = x356 +- DirName:CN = x357 +- DirName:CN = x358 +- DirName:CN = x359 +- DirName:CN = x360 +- DirName:CN = x361 +- DirName:CN = x362 +- DirName:CN = x363 +- DirName:CN = x364 +- DirName:CN = x365 +- DirName:CN = x366 +- DirName:CN = x367 +- DirName:CN = x368 +- DirName:CN = x369 +- DirName:CN = x370 +- DirName:CN = x371 +- DirName:CN = x372 +- DirName:CN = x373 +- DirName:CN = x374 +- DirName:CN = x375 +- DirName:CN = x376 +- DirName:CN = x377 +- DirName:CN = x378 +- DirName:CN = x379 +- DirName:CN = x380 +- DirName:CN = x381 +- DirName:CN = x382 +- DirName:CN = x383 +- DirName:CN = x384 +- DirName:CN = x385 +- DirName:CN = x386 +- DirName:CN = x387 +- DirName:CN = x388 +- DirName:CN = x389 +- DirName:CN = x390 +- DirName:CN = x391 +- DirName:CN = x392 +- DirName:CN = x393 +- DirName:CN = x394 +- DirName:CN = x395 +- DirName:CN = x396 +- DirName:CN = x397 +- DirName:CN = x398 +- DirName:CN = x399 +- DirName:CN = x400 +- DirName:CN = x401 +- DirName:CN = x402 +- DirName:CN = x403 +- DirName:CN = x404 +- DirName:CN = x405 +- DirName:CN = x406 +- DirName:CN = x407 +- DirName:CN = x408 +- DirName:CN = x409 +- DirName:CN = x410 +- DirName:CN = x411 +- DirName:CN = x412 +- DirName:CN = x413 +- DirName:CN = x414 +- DirName:CN = x415 +- DirName:CN = x416 +- DirName:CN = x417 ++ DirName: CN = x0 ++ DirName: CN = x1 ++ DirName: CN = x2 ++ DirName: CN = x3 ++ DirName: CN = x4 ++ DirName: CN = x5 ++ DirName: CN = x6 ++ DirName: CN = x7 ++ DirName: CN = x8 ++ DirName: CN = x9 ++ DirName: CN = x10 ++ DirName: CN = x11 ++ DirName: CN = x12 ++ DirName: CN = x13 ++ DirName: CN = x14 ++ DirName: CN = x15 ++ DirName: CN = x16 ++ DirName: CN = x17 ++ DirName: CN = x18 ++ DirName: CN = x19 ++ DirName: CN = x20 ++ DirName: CN = x21 ++ DirName: CN = x22 ++ DirName: CN = x23 ++ DirName: CN = x24 ++ DirName: CN = x25 ++ DirName: CN = x26 ++ DirName: CN = x27 ++ DirName: CN = x28 ++ DirName: CN = x29 ++ DirName: CN = x30 ++ DirName: CN = x31 ++ DirName: CN = x32 ++ DirName: CN = x33 ++ DirName: CN = x34 ++ DirName: CN = x35 ++ DirName: CN = x36 ++ DirName: CN = x37 ++ DirName: CN = x38 ++ DirName: CN = x39 ++ DirName: CN = x40 ++ DirName: CN = x41 ++ DirName: CN = x42 ++ DirName: CN = x43 ++ DirName: CN = x44 ++ DirName: CN = x45 ++ DirName: CN = x46 ++ DirName: CN = x47 ++ DirName: CN = x48 ++ DirName: CN = x49 ++ DirName: CN = x50 ++ DirName: CN = x51 ++ DirName: CN = x52 ++ DirName: CN = x53 ++ DirName: CN = x54 ++ DirName: CN = x55 ++ DirName: CN = x56 ++ DirName: CN = x57 ++ DirName: CN = x58 ++ DirName: CN = x59 ++ DirName: CN = x60 ++ DirName: CN = x61 ++ DirName: CN = x62 ++ DirName: CN = x63 ++ DirName: CN = x64 ++ DirName: CN = x65 ++ DirName: CN = x66 ++ DirName: CN = x67 ++ DirName: CN = x68 ++ DirName: CN = x69 ++ DirName: CN = x70 ++ DirName: CN = x71 ++ DirName: CN = x72 ++ DirName: CN = x73 ++ DirName: CN = x74 ++ DirName: CN = x75 ++ DirName: CN = x76 ++ DirName: CN = x77 ++ DirName: CN = x78 ++ DirName: CN = x79 ++ DirName: CN = x80 ++ DirName: CN = x81 ++ DirName: CN = x82 ++ DirName: CN = x83 ++ DirName: CN = x84 ++ DirName: CN = x85 ++ DirName: CN = x86 ++ DirName: CN = x87 ++ DirName: CN = x88 ++ DirName: CN = x89 ++ DirName: CN = x90 ++ DirName: CN = x91 ++ DirName: CN = x92 ++ DirName: CN = x93 ++ DirName: CN = x94 ++ DirName: CN = x95 ++ DirName: CN = x96 ++ DirName: CN = x97 ++ DirName: CN = x98 ++ DirName: CN = x99 ++ DirName: CN = x100 ++ DirName: CN = x101 ++ DirName: CN = x102 ++ DirName: CN = x103 ++ DirName: CN = x104 ++ DirName: CN = x105 ++ DirName: CN = x106 ++ DirName: CN = x107 ++ DirName: CN = x108 ++ DirName: CN = x109 ++ DirName: CN = x110 ++ DirName: CN = x111 ++ DirName: CN = x112 ++ DirName: CN = x113 ++ DirName: CN = x114 ++ DirName: CN = x115 ++ DirName: CN = x116 ++ DirName: CN = x117 ++ DirName: CN = x118 ++ DirName: CN = x119 ++ DirName: CN = x120 ++ DirName: CN = x121 ++ DirName: CN = x122 ++ DirName: CN = x123 ++ DirName: CN = x124 ++ DirName: CN = x125 ++ DirName: CN = x126 ++ DirName: CN = x127 ++ DirName: CN = x128 ++ DirName: CN = x129 ++ DirName: CN = x130 ++ DirName: CN = x131 ++ DirName: CN = x132 ++ DirName: CN = x133 ++ DirName: CN = x134 ++ DirName: CN = x135 ++ DirName: CN = x136 ++ DirName: CN = x137 ++ DirName: CN = x138 ++ DirName: CN = x139 ++ DirName: CN = x140 ++ DirName: CN = x141 ++ DirName: CN = x142 ++ DirName: CN = x143 ++ DirName: CN = x144 ++ DirName: CN = x145 ++ DirName: CN = x146 ++ DirName: CN = x147 ++ DirName: CN = x148 ++ DirName: CN = x149 ++ DirName: CN = x150 ++ DirName: CN = x151 ++ DirName: CN = x152 ++ DirName: CN = x153 ++ DirName: CN = x154 ++ DirName: CN = x155 ++ DirName: CN = x156 ++ DirName: CN = x157 ++ DirName: CN = x158 ++ DirName: CN = x159 ++ DirName: CN = x160 ++ DirName: CN = x161 ++ DirName: CN = x162 ++ DirName: CN = x163 ++ DirName: CN = x164 ++ DirName: CN = x165 ++ DirName: CN = x166 ++ DirName: CN = x167 ++ DirName: CN = x168 ++ DirName: CN = x169 + URI:http://xest/0 + URI:http://xest/1 + URI:http://xest/2 +@@ -5381,1642 +3840,1168 @@ Certificate: + URI:http://xest/1024 + + Signature Algorithm: sha256WithRSAEncryption +- 1c:1e:3f:63:2c:1d:06:01:13:12:d5:cf:ba:25:49:c7:fb:36: +- bd:cb:32:ed:b7:35:ab:f8:e5:dc:1a:b8:1b:37:bb:ea:f5:c2: +- 1d:40:96:fb:a9:56:94:e9:42:d9:10:a3:8e:e1:02:9e:95:03: +- b7:3e:64:4c:a7:82:1f:91:15:27:46:0b:1e:b5:49:10:b2:42: +- 8d:c1:a8:bd:ae:94:7e:51:2e:f4:26:1a:f4:0d:8a:03:cd:3b: +- 3a:8a:df:94:c2:f1:58:e8:66:a5:89:f0:90:6c:ca:d4:fd:0e: +- c8:a7:ee:dd:ba:9f:b9:88:0e:c0:b5:06:4b:1c:a1:f9:bb:ba: +- fb:0c:8f:d4:43:b6:d8:95:10:c5:63:c3:cc:a0:81:68:ae:8f: +- 2e:24:48:60:d8:c4:9d:43:4e:25:f4:94:87:5a:ed:b9:ed:8f: +- dd:ef:1e:48:38:3d:13:d6:4b:ef:79:8c:0d:68:f8:3a:51:8c: +- a3:11:9c:86:c0:a6:9b:9e:bf:a5:e8:c9:2e:db:b6:8b:d6:4d: +- 27:ee:b3:5a:1d:61:f6:13:ae:b9:52:bc:ae:70:38:8a:d8:f9: +- a2:ee:e9:32:b0:41:78:9d:96:4c:94:aa:af:f5:de:86:16:04: +- ad:50:d6:a9:13:82:b4:08:9b:d9:67:75:ed:a0:b9:16:b3:97: +- b3:88:9e:5c ++ 37:a8:be:e4:03:62:63:15:b0:fe:be:49:7f:22:5e:7a:f8:b4: ++ 33:0c:fe:3b:41:0c:99:dc:bd:b0:a3:0c:3a:54:42:27:62:18: ++ 15:af:e6:d5:91:63:17:1d:1b:3f:ca:f6:2e:2f:6e:71:5e:66: ++ 86:27:69:91:31:5d:35:85:d4:46:77:69:45:50:05:9c:bc:39: ++ b8:0f:d0:96:a6:65:02:d3:80:53:ac:58:9c:f3:ec:27:27:b2: ++ 33:44:51:17:79:90:ea:b1:57:32:f7:e0:58:a4:99:64:78:55: ++ 61:16:d3:51:62:cf:26:02:8d:7d:df:2d:d8:c3:d2:00:5e:03: ++ 49:78:20:b7:78:9e:9e:b6:56:e9:48:4d:c5:5a:ea:28:e8:16: ++ 70:4a:39:bb:1d:88:40:5a:fd:67:82:73:f3:c6:f2:e9:ed:70: ++ 83:de:72:3f:7d:08:2f:1a:43:4d:c9:b2:e9:ce:e6:43:a9:74: ++ 25:cd:ba:95:cd:51:97:cb:56:d4:e6:e6:d9:69:0a:5f:48:17: ++ 2a:3b:41:ac:a5:ec:1f:30:c9:b2:f1:68:8f:a1:0f:1e:7d:9e: ++ e3:be:bb:8d:cb:6e:41:6a:16:7a:48:f5:ac:14:69:f7:de:63: ++ fc:94:80:e7:62:da:e6:99:12:ad:f1:d2:5d:76:6b:c3:11:6e: ++ 55:5d:7e:ec + -----BEGIN CERTIFICATE----- +-MIMBL50wgwEuhKADAgECAhQ85fyBiFmoUBbBf9flKuWWf8L29jANBgkqhkiG9w0B +-AQsFADAPMQ0wCwYDVQQDDARSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +-MDAwMFowFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEF +-AAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxLHa4GJxiO +-VbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9WyNroD1co +-d26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luvC6DmdaXS +-4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf00YvmLxRm +-VvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9IbjmK6igvwa7 +-QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABo4MBLOUwgwEs4DAd +-BgNVHQ4EFgQUkhE/rBGWx2Y3z4NaJPA6d68zjX8wHwYDVR0jBBgwFoAUtsLvn9Ep +-yw+JjExS1L1AtxG3cd0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRw +-Oi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDov +-L3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +-BTADAQH/MIMBLBMGA1UdHgSDASwJMIMBLASggpX+MAmCB3QwLnRlc3QwCYIHdDEu +-dGVzdDAJggd0Mi50ZXN0MAmCB3QzLnRlc3QwCYIHdDQudGVzdDAJggd0NS50ZXN0 +-MAmCB3Q2LnRlc3QwCYIHdDcudGVzdDAJggd0OC50ZXN0MAmCB3Q5LnRlc3QwCoII +-dDEwLnRlc3QwCoIIdDExLnRlc3QwCoIIdDEyLnRlc3QwCoIIdDEzLnRlc3QwCoII +-dDE0LnRlc3QwCoIIdDE1LnRlc3QwCoIIdDE2LnRlc3QwCoIIdDE3LnRlc3QwCoII +-dDE4LnRlc3QwCoIIdDE5LnRlc3QwCoIIdDIwLnRlc3QwCoIIdDIxLnRlc3QwCoII +-dDIyLnRlc3QwCoIIdDIzLnRlc3QwCoIIdDI0LnRlc3QwCoIIdDI1LnRlc3QwCoII +-dDI2LnRlc3QwCoIIdDI3LnRlc3QwCoIIdDI4LnRlc3QwCoIIdDI5LnRlc3QwCoII +-dDMwLnRlc3QwCoIIdDMxLnRlc3QwCoIIdDMyLnRlc3QwCoIIdDMzLnRlc3QwCoII +-dDM0LnRlc3QwCoIIdDM1LnRlc3QwCoIIdDM2LnRlc3QwCoIIdDM3LnRlc3QwCoII +-dDM4LnRlc3QwCoIIdDM5LnRlc3QwCoIIdDQwLnRlc3QwCoIIdDQxLnRlc3QwCoII +-dDQyLnRlc3QwCoIIdDQzLnRlc3QwCoIIdDQ0LnRlc3QwCoIIdDQ1LnRlc3QwCoII +-dDQ2LnRlc3QwCoIIdDQ3LnRlc3QwCoIIdDQ4LnRlc3QwCoIIdDQ5LnRlc3QwCoII +-dDUwLnRlc3QwCoIIdDUxLnRlc3QwCoIIdDUyLnRlc3QwCoIIdDUzLnRlc3QwCoII +-dDU0LnRlc3QwCoIIdDU1LnRlc3QwCoIIdDU2LnRlc3QwCoIIdDU3LnRlc3QwCoII +-dDU4LnRlc3QwCoIIdDU5LnRlc3QwCoIIdDYwLnRlc3QwCoIIdDYxLnRlc3QwCoII +-dDYyLnRlc3QwCoIIdDYzLnRlc3QwCoIIdDY0LnRlc3QwCoIIdDY1LnRlc3QwCoII +-dDY2LnRlc3QwCoIIdDY3LnRlc3QwCoIIdDY4LnRlc3QwCoIIdDY5LnRlc3QwCoII +-dDcwLnRlc3QwCoIIdDcxLnRlc3QwCoIIdDcyLnRlc3QwCoIIdDczLnRlc3QwCoII +-dDc0LnRlc3QwCoIIdDc1LnRlc3QwCoIIdDc2LnRlc3QwCoIIdDc3LnRlc3QwCoII +-dDc4LnRlc3QwCoIIdDc5LnRlc3QwCoIIdDgwLnRlc3QwCoIIdDgxLnRlc3QwCoII +-dDgyLnRlc3QwCoIIdDgzLnRlc3QwCoIIdDg0LnRlc3QwCoIIdDg1LnRlc3QwCoII +-dDg2LnRlc3QwCoIIdDg3LnRlc3QwCoIIdDg4LnRlc3QwCoIIdDg5LnRlc3QwCoII +-dDkwLnRlc3QwCoIIdDkxLnRlc3QwCoIIdDkyLnRlc3QwCoIIdDkzLnRlc3QwCoII +-dDk0LnRlc3QwCoIIdDk1LnRlc3QwCoIIdDk2LnRlc3QwCoIIdDk3LnRlc3QwCoII +-dDk4LnRlc3QwCoIIdDk5LnRlc3QwC4IJdDEwMC50ZXN0MAuCCXQxMDEudGVzdDAL +-ggl0MTAyLnRlc3QwC4IJdDEwMy50ZXN0MAuCCXQxMDQudGVzdDALggl0MTA1LnRl +-c3QwC4IJdDEwNi50ZXN0MAuCCXQxMDcudGVzdDALggl0MTA4LnRlc3QwC4IJdDEw +-OS50ZXN0MAuCCXQxMTAudGVzdDALggl0MTExLnRlc3QwC4IJdDExMi50ZXN0MAuC +-CXQxMTMudGVzdDALggl0MTE0LnRlc3QwC4IJdDExNS50ZXN0MAuCCXQxMTYudGVz +-dDALggl0MTE3LnRlc3QwC4IJdDExOC50ZXN0MAuCCXQxMTkudGVzdDALggl0MTIw +-LnRlc3QwC4IJdDEyMS50ZXN0MAuCCXQxMjIudGVzdDALggl0MTIzLnRlc3QwC4IJ +-dDEyNC50ZXN0MAuCCXQxMjUudGVzdDALggl0MTI2LnRlc3QwC4IJdDEyNy50ZXN0 +-MAuCCXQxMjgudGVzdDALggl0MTI5LnRlc3QwC4IJdDEzMC50ZXN0MAuCCXQxMzEu +-dGVzdDALggl0MTMyLnRlc3QwC4IJdDEzMy50ZXN0MAuCCXQxMzQudGVzdDALggl0 +-MTM1LnRlc3QwC4IJdDEzNi50ZXN0MAuCCXQxMzcudGVzdDALggl0MTM4LnRlc3Qw +-C4IJdDEzOS50ZXN0MAuCCXQxNDAudGVzdDALggl0MTQxLnRlc3QwC4IJdDE0Mi50 +-ZXN0MAuCCXQxNDMudGVzdDALggl0MTQ0LnRlc3QwC4IJdDE0NS50ZXN0MAuCCXQx +-NDYudGVzdDALggl0MTQ3LnRlc3QwC4IJdDE0OC50ZXN0MAuCCXQxNDkudGVzdDAL +-ggl0MTUwLnRlc3QwC4IJdDE1MS50ZXN0MAuCCXQxNTIudGVzdDALggl0MTUzLnRl +-c3QwC4IJdDE1NC50ZXN0MAuCCXQxNTUudGVzdDALggl0MTU2LnRlc3QwC4IJdDE1 +-Ny50ZXN0MAuCCXQxNTgudGVzdDALggl0MTU5LnRlc3QwC4IJdDE2MC50ZXN0MAuC +-CXQxNjEudGVzdDALggl0MTYyLnRlc3QwC4IJdDE2My50ZXN0MAuCCXQxNjQudGVz +-dDALggl0MTY1LnRlc3QwC4IJdDE2Ni50ZXN0MAuCCXQxNjcudGVzdDALggl0MTY4 +-LnRlc3QwC4IJdDE2OS50ZXN0MAuCCXQxNzAudGVzdDALggl0MTcxLnRlc3QwC4IJ +-dDE3Mi50ZXN0MAuCCXQxNzMudGVzdDALggl0MTc0LnRlc3QwC4IJdDE3NS50ZXN0 +-MAuCCXQxNzYudGVzdDALggl0MTc3LnRlc3QwC4IJdDE3OC50ZXN0MAuCCXQxNzku +-dGVzdDALggl0MTgwLnRlc3QwC4IJdDE4MS50ZXN0MAuCCXQxODIudGVzdDALggl0 +-MTgzLnRlc3QwC4IJdDE4NC50ZXN0MAuCCXQxODUudGVzdDALggl0MTg2LnRlc3Qw +-C4IJdDE4Ny50ZXN0MAuCCXQxODgudGVzdDALggl0MTg5LnRlc3QwC4IJdDE5MC50 +-ZXN0MAuCCXQxOTEudGVzdDALggl0MTkyLnRlc3QwC4IJdDE5My50ZXN0MAuCCXQx +-OTQudGVzdDALggl0MTk1LnRlc3QwC4IJdDE5Ni50ZXN0MAuCCXQxOTcudGVzdDAL +-ggl0MTk4LnRlc3QwC4IJdDE5OS50ZXN0MAuCCXQyMDAudGVzdDALggl0MjAxLnRl +-c3QwC4IJdDIwMi50ZXN0MAuCCXQyMDMudGVzdDALggl0MjA0LnRlc3QwC4IJdDIw +-NS50ZXN0MAuCCXQyMDYudGVzdDALggl0MjA3LnRlc3QwC4IJdDIwOC50ZXN0MAuC +-CXQyMDkudGVzdDALggl0MjEwLnRlc3QwC4IJdDIxMS50ZXN0MAuCCXQyMTIudGVz +-dDALggl0MjEzLnRlc3QwC4IJdDIxNC50ZXN0MAuCCXQyMTUudGVzdDALggl0MjE2 +-LnRlc3QwC4IJdDIxNy50ZXN0MAuCCXQyMTgudGVzdDALggl0MjE5LnRlc3QwC4IJ +-dDIyMC50ZXN0MAuCCXQyMjEudGVzdDALggl0MjIyLnRlc3QwC4IJdDIyMy50ZXN0 +-MAuCCXQyMjQudGVzdDALggl0MjI1LnRlc3QwC4IJdDIyNi50ZXN0MAuCCXQyMjcu +-dGVzdDALggl0MjI4LnRlc3QwC4IJdDIyOS50ZXN0MAuCCXQyMzAudGVzdDALggl0 +-MjMxLnRlc3QwC4IJdDIzMi50ZXN0MAuCCXQyMzMudGVzdDALggl0MjM0LnRlc3Qw +-C4IJdDIzNS50ZXN0MAuCCXQyMzYudGVzdDALggl0MjM3LnRlc3QwC4IJdDIzOC50 +-ZXN0MAuCCXQyMzkudGVzdDALggl0MjQwLnRlc3QwC4IJdDI0MS50ZXN0MAuCCXQy +-NDIudGVzdDALggl0MjQzLnRlc3QwC4IJdDI0NC50ZXN0MAuCCXQyNDUudGVzdDAL +-ggl0MjQ2LnRlc3QwC4IJdDI0Ny50ZXN0MAuCCXQyNDgudGVzdDALggl0MjQ5LnRl +-c3QwC4IJdDI1MC50ZXN0MAuCCXQyNTEudGVzdDALggl0MjUyLnRlc3QwC4IJdDI1 +-My50ZXN0MAuCCXQyNTQudGVzdDALggl0MjU1LnRlc3QwC4IJdDI1Ni50ZXN0MAuC +-CXQyNTcudGVzdDALggl0MjU4LnRlc3QwC4IJdDI1OS50ZXN0MAuCCXQyNjAudGVz +-dDALggl0MjYxLnRlc3QwC4IJdDI2Mi50ZXN0MAuCCXQyNjMudGVzdDALggl0MjY0 +-LnRlc3QwC4IJdDI2NS50ZXN0MAuCCXQyNjYudGVzdDALggl0MjY3LnRlc3QwC4IJ +-dDI2OC50ZXN0MAuCCXQyNjkudGVzdDALggl0MjcwLnRlc3QwC4IJdDI3MS50ZXN0 +-MAuCCXQyNzIudGVzdDALggl0MjczLnRlc3QwC4IJdDI3NC50ZXN0MAuCCXQyNzUu +-dGVzdDALggl0Mjc2LnRlc3QwC4IJdDI3Ny50ZXN0MAuCCXQyNzgudGVzdDALggl0 +-Mjc5LnRlc3QwC4IJdDI4MC50ZXN0MAuCCXQyODEudGVzdDALggl0MjgyLnRlc3Qw +-C4IJdDI4My50ZXN0MAuCCXQyODQudGVzdDALggl0Mjg1LnRlc3QwC4IJdDI4Ni50 +-ZXN0MAuCCXQyODcudGVzdDALggl0Mjg4LnRlc3QwC4IJdDI4OS50ZXN0MAuCCXQy +-OTAudGVzdDALggl0MjkxLnRlc3QwC4IJdDI5Mi50ZXN0MAuCCXQyOTMudGVzdDAL +-ggl0Mjk0LnRlc3QwC4IJdDI5NS50ZXN0MAuCCXQyOTYudGVzdDALggl0Mjk3LnRl +-c3QwC4IJdDI5OC50ZXN0MAuCCXQyOTkudGVzdDALggl0MzAwLnRlc3QwC4IJdDMw +-MS50ZXN0MAuCCXQzMDIudGVzdDALggl0MzAzLnRlc3QwC4IJdDMwNC50ZXN0MAuC +-CXQzMDUudGVzdDALggl0MzA2LnRlc3QwC4IJdDMwNy50ZXN0MAuCCXQzMDgudGVz +-dDALggl0MzA5LnRlc3QwC4IJdDMxMC50ZXN0MAuCCXQzMTEudGVzdDALggl0MzEy +-LnRlc3QwC4IJdDMxMy50ZXN0MAuCCXQzMTQudGVzdDALggl0MzE1LnRlc3QwC4IJ +-dDMxNi50ZXN0MAuCCXQzMTcudGVzdDALggl0MzE4LnRlc3QwC4IJdDMxOS50ZXN0 +-MAuCCXQzMjAudGVzdDALggl0MzIxLnRlc3QwC4IJdDMyMi50ZXN0MAuCCXQzMjMu +-dGVzdDALggl0MzI0LnRlc3QwC4IJdDMyNS50ZXN0MAuCCXQzMjYudGVzdDALggl0 +-MzI3LnRlc3QwC4IJdDMyOC50ZXN0MAuCCXQzMjkudGVzdDALggl0MzMwLnRlc3Qw +-C4IJdDMzMS50ZXN0MAuCCXQzMzIudGVzdDALggl0MzMzLnRlc3QwC4IJdDMzNC50 +-ZXN0MAuCCXQzMzUudGVzdDALggl0MzM2LnRlc3QwC4IJdDMzNy50ZXN0MAuCCXQz +-MzgudGVzdDALggl0MzM5LnRlc3QwC4IJdDM0MC50ZXN0MAuCCXQzNDEudGVzdDAL +-ggl0MzQyLnRlc3QwC4IJdDM0My50ZXN0MAuCCXQzNDQudGVzdDALggl0MzQ1LnRl +-c3QwC4IJdDM0Ni50ZXN0MAuCCXQzNDcudGVzdDALggl0MzQ4LnRlc3QwC4IJdDM0 +-OS50ZXN0MAuCCXQzNTAudGVzdDALggl0MzUxLnRlc3QwC4IJdDM1Mi50ZXN0MAuC +-CXQzNTMudGVzdDALggl0MzU0LnRlc3QwC4IJdDM1NS50ZXN0MAuCCXQzNTYudGVz +-dDALggl0MzU3LnRlc3QwC4IJdDM1OC50ZXN0MAuCCXQzNTkudGVzdDALggl0MzYw +-LnRlc3QwC4IJdDM2MS50ZXN0MAuCCXQzNjIudGVzdDALggl0MzYzLnRlc3QwC4IJ +-dDM2NC50ZXN0MAuCCXQzNjUudGVzdDALggl0MzY2LnRlc3QwC4IJdDM2Ny50ZXN0 +-MAuCCXQzNjgudGVzdDALggl0MzY5LnRlc3QwC4IJdDM3MC50ZXN0MAuCCXQzNzEu +-dGVzdDALggl0MzcyLnRlc3QwC4IJdDM3My50ZXN0MAuCCXQzNzQudGVzdDALggl0 +-Mzc1LnRlc3QwC4IJdDM3Ni50ZXN0MAuCCXQzNzcudGVzdDALggl0Mzc4LnRlc3Qw +-C4IJdDM3OS50ZXN0MAuCCXQzODAudGVzdDALggl0MzgxLnRlc3QwC4IJdDM4Mi50 +-ZXN0MAuCCXQzODMudGVzdDALggl0Mzg0LnRlc3QwC4IJdDM4NS50ZXN0MAuCCXQz +-ODYudGVzdDALggl0Mzg3LnRlc3QwC4IJdDM4OC50ZXN0MAuCCXQzODkudGVzdDAL +-ggl0MzkwLnRlc3QwC4IJdDM5MS50ZXN0MAuCCXQzOTIudGVzdDALggl0MzkzLnRl +-c3QwC4IJdDM5NC50ZXN0MAuCCXQzOTUudGVzdDALggl0Mzk2LnRlc3QwC4IJdDM5 +-Ny50ZXN0MAuCCXQzOTgudGVzdDALggl0Mzk5LnRlc3QwC4IJdDQwMC50ZXN0MAuC +-CXQ0MDEudGVzdDALggl0NDAyLnRlc3QwC4IJdDQwMy50ZXN0MAuCCXQ0MDQudGVz +-dDALggl0NDA1LnRlc3QwC4IJdDQwNi50ZXN0MAuCCXQ0MDcudGVzdDALggl0NDA4 +-LnRlc3QwC4IJdDQwOS50ZXN0MAuCCXQ0MTAudGVzdDALggl0NDExLnRlc3QwC4IJ +-dDQxMi50ZXN0MAuCCXQ0MTMudGVzdDALggl0NDE0LnRlc3QwC4IJdDQxNS50ZXN0 +-MAuCCXQ0MTYudGVzdDALggl0NDE3LnRlc3QwCocICgAAAP////8wCocICgAAAf// +-//8wCocICgAAAv////8wCocICgAAA/////8wCocICgAABP////8wCocICgAABf// +-//8wCocICgAABv////8wCocICgAAB/////8wCocICgAACP////8wCocICgAACf// +-//8wCocICgAACv////8wCocICgAAC/////8wCocICgAADP////8wCocICgAADf// +-//8wCocICgAADv////8wCocICgAAD/////8wCocICgAAEP////8wCocICgAAEf// +-//8wCocICgAAEv////8wCocICgAAE/////8wCocICgAAFP////8wCocICgAAFf// +-//8wCocICgAAFv////8wCocICgAAF/////8wCocICgAAGP////8wCocICgAAGf// +-//8wCocICgAAGv////8wCocICgAAG/////8wCocICgAAHP////8wCocICgAAHf// +-//8wCocICgAAHv////8wCocICgAAH/////8wCocICgAAIP////8wCocICgAAIf// +-//8wCocICgAAIv////8wCocICgAAI/////8wCocICgAAJP////8wCocICgAAJf// +-//8wCocICgAAJv////8wCocICgAAJ/////8wCocICgAAKP////8wCocICgAAKf// +-//8wCocICgAAKv////8wCocICgAAK/////8wCocICgAALP////8wCocICgAALf// +-//8wCocICgAALv////8wCocICgAAL/////8wCocICgAAMP////8wCocICgAAMf// +-//8wCocICgAAMv////8wCocICgAAM/////8wCocICgAANP////8wCocICgAANf// +-//8wCocICgAANv////8wCocICgAAN/////8wCocICgAAOP////8wCocICgAAOf// +-//8wCocICgAAOv////8wCocICgAAO/////8wCocICgAAPP////8wCocICgAAPf// +-//8wCocICgAAPv////8wCocICgAAP/////8wCocICgAAQP////8wCocICgAAQf// +-//8wCocICgAAQv////8wCocICgAAQ/////8wCocICgAARP////8wCocICgAARf// +-//8wCocICgAARv////8wCocICgAAR/////8wCocICgAASP////8wCocICgAASf// +-//8wCocICgAASv////8wCocICgAAS/////8wCocICgAATP////8wCocICgAATf// +-//8wCocICgAATv////8wCocICgAAT/////8wCocICgAAUP////8wCocICgAAUf// +-//8wCocICgAAUv////8wCocICgAAU/////8wCocICgAAVP////8wCocICgAAVf// +-//8wCocICgAAVv////8wCocICgAAV/////8wCocICgAAWP////8wCocICgAAWf// +-//8wCocICgAAWv////8wCocICgAAW/////8wCocICgAAXP////8wCocICgAAXf// +-//8wCocICgAAXv////8wCocICgAAX/////8wCocICgAAYP////8wCocICgAAYf// +-//8wCocICgAAYv////8wCocICgAAY/////8wCocICgAAZP////8wCocICgAAZf// +-//8wCocICgAAZv////8wCocICgAAZ/////8wCocICgAAaP////8wCocICgAAaf// +-//8wCocICgAAav////8wCocICgAAa/////8wCocICgAAbP////8wCocICgAAbf// +-//8wCocICgAAbv////8wCocICgAAb/////8wCocICgAAcP////8wCocICgAAcf// +-//8wCocICgAAcv////8wCocICgAAc/////8wCocICgAAdP////8wCocICgAAdf// +-//8wCocICgAAdv////8wCocICgAAd/////8wCocICgAAeP////8wCocICgAAef// +-//8wCocICgAAev////8wCocICgAAe/////8wCocICgAAfP////8wCocICgAAff// +-//8wCocICgAAfv////8wCocICgAAf/////8wCocICgAAgP////8wCocICgAAgf// +-//8wCocICgAAgv////8wCocICgAAg/////8wCocICgAAhP////8wCocICgAAhf// +-//8wCocICgAAhv////8wCocICgAAh/////8wCocICgAAiP////8wCocICgAAif// +-//8wCocICgAAiv////8wCocICgAAi/////8wCocICgAAjP////8wCocICgAAjf// +-//8wCocICgAAjv////8wCocICgAAj/////8wCocICgAAkP////8wCocICgAAkf// +-//8wCocICgAAkv////8wCocICgAAk/////8wCocICgAAlP////8wCocICgAAlf// +-//8wCocICgAAlv////8wCocICgAAl/////8wCocICgAAmP////8wCocICgAAmf// +-//8wCocICgAAmv////8wCocICgAAm/////8wCocICgAAnP////8wCocICgAAnf// +-//8wCocICgAAnv////8wCocICgAAn/////8wCocICgAAoP////8wCocICgAAof// +-//8wCocICgAAov////8wCocICgAAo/////8wCocICgAApP////8wCocICgAApf// +-//8wCocICgAApv////8wCocICgAAp/////8wCocICgAAqP////8wCocICgAAqf// +-//8wCocICgAAqv////8wCocICgAAq/////8wCocICgAArP////8wCocICgAArf// +-//8wCocICgAArv////8wCocICgAAr/////8wCocICgAAsP////8wCocICgAAsf// +-//8wCocICgAAsv////8wCocICgAAs/////8wCocICgAAtP////8wCocICgAAtf// +-//8wCocICgAAtv////8wCocICgAAt/////8wCocICgAAuP////8wCocICgAAuf// +-//8wCocICgAAuv////8wCocICgAAu/////8wCocICgAAvP////8wCocICgAAvf// +-//8wCocICgAAvv////8wCocICgAAv/////8wCocICgAAwP////8wCocICgAAwf// +-//8wCocICgAAwv////8wCocICgAAw/////8wCocICgAAxP////8wCocICgAAxf// +-//8wCocICgAAxv////8wCocICgAAx/////8wCocICgAAyP////8wCocICgAAyf// +-//8wCocICgAAyv////8wCocICgAAy/////8wCocICgAAzP////8wCocICgAAzf// +-//8wCocICgAAzv////8wCocICgAAz/////8wCocICgAA0P////8wCocICgAA0f// +-//8wCocICgAA0v////8wCocICgAA0/////8wCocICgAA1P////8wCocICgAA1f// +-//8wCocICgAA1v////8wCocICgAA1/////8wCocICgAA2P////8wCocICgAA2f// +-//8wCocICgAA2v////8wCocICgAA2/////8wCocICgAA3P////8wCocICgAA3f// +-//8wCocICgAA3v////8wCocICgAA3/////8wCocICgAA4P////8wCocICgAA4f// +-//8wCocICgAA4v////8wCocICgAA4/////8wCocICgAA5P////8wCocICgAA5f// +-//8wCocICgAA5v////8wCocICgAA5/////8wCocICgAA6P////8wCocICgAA6f// +-//8wCocICgAA6v////8wCocICgAA6/////8wCocICgAA7P////8wCocICgAA7f// +-//8wCocICgAA7v////8wCocICgAA7/////8wCocICgAA8P////8wCocICgAA8f// +-//8wCocICgAA8v////8wCocICgAA8/////8wCocICgAA9P////8wCocICgAA9f// +-//8wCocICgAA9v////8wCocICgAA9/////8wCocICgAA+P////8wCocICgAA+f// +-//8wCocICgAA+v////8wCocICgAA+/////8wCocICgAA/P////8wCocICgAA/f// +-//8wCocICgAA/v////8wCocICgAA//////8wCocICgABAP////8wCocICgABAf// +-//8wCocICgABAv////8wCocICgABA/////8wCocICgABBP////8wCocICgABBf// +-//8wCocICgABBv////8wCocICgABB/////8wCocICgABCP////8wCocICgABCf// +-//8wCocICgABCv////8wCocICgABC/////8wCocICgABDP////8wCocICgABDf// +-//8wCocICgABDv////8wCocICgABD/////8wCocICgABEP////8wCocICgABEf// +-//8wCocICgABEv////8wCocICgABE/////8wCocICgABFP////8wCocICgABFf// +-//8wCocICgABFv////8wCocICgABF/////8wCocICgABGP////8wCocICgABGf// +-//8wCocICgABGv////8wCocICgABG/////8wCocICgABHP////8wCocICgABHf// +-//8wCocICgABHv////8wCocICgABH/////8wCocICgABIP////8wCocICgABIf// +-//8wCocICgABIv////8wCocICgABI/////8wCocICgABJP////8wCocICgABJf// +-//8wCocICgABJv////8wCocICgABJ/////8wCocICgABKP////8wCocICgABKf// +-//8wCocICgABKv////8wCocICgABK/////8wCocICgABLP////8wCocICgABLf// +-//8wCocICgABLv////8wCocICgABL/////8wCocICgABMP////8wCocICgABMf// +-//8wCocICgABMv////8wCocICgABM/////8wCocICgABNP////8wCocICgABNf// +-//8wCocICgABNv////8wCocICgABN/////8wCocICgABOP////8wCocICgABOf// +-//8wCocICgABOv////8wCocICgABO/////8wCocICgABPP////8wCocICgABPf// +-//8wCocICgABPv////8wCocICgABP/////8wCocICgABQP////8wCocICgABQf// +-//8wCocICgABQv////8wCocICgABQ/////8wCocICgABRP////8wCocICgABRf// +-//8wCocICgABRv////8wCocICgABR/////8wCocICgABSP////8wCocICgABSf// +-//8wCocICgABSv////8wCocICgABS/////8wCocICgABTP////8wCocICgABTf// +-//8wCocICgABTv////8wCocICgABT/////8wCocICgABUP////8wCocICgABUf// +-//8wCocICgABUv////8wCocICgABU/////8wCocICgABVP////8wCocICgABVf// +-//8wCocICgABVv////8wCocICgABV/////8wCocICgABWP////8wCocICgABWf// +-//8wCocICgABWv////8wCocICgABW/////8wCocICgABXP////8wCocICgABXf// +-//8wCocICgABXv////8wCocICgABX/////8wCocICgABYP////8wCocICgABYf// +-//8wCocICgABYv////8wCocICgABY/////8wCocICgABZP////8wCocICgABZf// +-//8wCocICgABZv////8wCocICgABZ/////8wCocICgABaP////8wCocICgABaf// +-//8wCocICgABav////8wCocICgABa/////8wCocICgABbP////8wCocICgABbf// +-//8wCocICgABbv////8wCocICgABb/////8wCocICgABcP////8wCocICgABcf// +-//8wCocICgABcv////8wCocICgABc/////8wCocICgABdP////8wCocICgABdf// +-//8wCocICgABdv////8wCocICgABd/////8wCocICgABeP////8wCocICgABef// +-//8wCocICgABev////8wCocICgABe/////8wCocICgABfP////8wCocICgABff// +-//8wCocICgABfv////8wCocICgABf/////8wCocICgABgP////8wCocICgABgf// +-//8wCocICgABgv////8wCocICgABg/////8wCocICgABhP////8wCocICgABhf// +-//8wCocICgABhv////8wCocICgABh/////8wCocICgABiP////8wCocICgABif// +-//8wCocICgABiv////8wCocICgABi/////8wCocICgABjP////8wCocICgABjf// +-//8wCocICgABjv////8wCocICgABj/////8wCocICgABkP////8wCocICgABkf// +-//8wCocICgABkv////8wCocICgABk/////8wCocICgABlP////8wCocICgABlf// +-//8wCocICgABlv////8wCocICgABl/////8wCocICgABmP////8wCocICgABmf// +-//8wCocICgABmv////8wCocICgABm/////8wCocICgABnP////8wCocICgABnf// +-//8wCocICgABnv////8wCocICgABn/////8wCocICgABoP////8wCocICgABof// +-//8wEaQPMA0xCzAJBgNVBAMMAnQwMBGkDzANMQswCQYDVQQDDAJ0MTARpA8wDTEL +-MAkGA1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMMAnQzMBGkDzANMQswCQYDVQQDDAJ0 +-NDARpA8wDTELMAkGA1UEAwwCdDUwEaQPMA0xCzAJBgNVBAMMAnQ2MBGkDzANMQsw +-CQYDVQQDDAJ0NzARpA8wDTELMAkGA1UEAwwCdDgwEaQPMA0xCzAJBgNVBAMMAnQ5 +-MBKkEDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4xDDAKBgNVBAMMA3QxMTASpBAwDjEM +-MAoGA1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQDDAN0MTMwEqQQMA4xDDAKBgNVBAMM +-A3QxNDASpBAwDjEMMAoGA1UEAwwDdDE1MBKkEDAOMQwwCgYDVQQDDAN0MTYwEqQQ +-MA4xDDAKBgNVBAMMA3QxNzASpBAwDjEMMAoGA1UEAwwDdDE4MBKkEDAOMQwwCgYD +-VQQDDAN0MTkwEqQQMA4xDDAKBgNVBAMMA3QyMDASpBAwDjEMMAoGA1UEAwwDdDIx +-MBKkEDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4xDDAKBgNVBAMMA3QyMzASpBAwDjEM +-MAoGA1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQDDAN0MjUwEqQQMA4xDDAKBgNVBAMM +-A3QyNjASpBAwDjEMMAoGA1UEAwwDdDI3MBKkEDAOMQwwCgYDVQQDDAN0MjgwEqQQ +-MA4xDDAKBgNVBAMMA3QyOTASpBAwDjEMMAoGA1UEAwwDdDMwMBKkEDAOMQwwCgYD +-VQQDDAN0MzEwEqQQMA4xDDAKBgNVBAMMA3QzMjASpBAwDjEMMAoGA1UEAwwDdDMz +-MBKkEDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4xDDAKBgNVBAMMA3QzNTASpBAwDjEM +-MAoGA1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQDDAN0MzcwEqQQMA4xDDAKBgNVBAMM +-A3QzODASpBAwDjEMMAoGA1UEAwwDdDM5MBKkEDAOMQwwCgYDVQQDDAN0NDAwEqQQ +-MA4xDDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoGA1UEAwwDdDQyMBKkEDAOMQwwCgYD +-VQQDDAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0NDASpBAwDjEMMAoGA1UEAwwDdDQ1 +-MBKkEDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4xDDAKBgNVBAMMA3Q0NzASpBAwDjEM +-MAoGA1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQDDAN0NDkwEqQQMA4xDDAKBgNVBAMM +-A3Q1MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKkEDAOMQwwCgYDVQQDDAN0NTIwEqQQ +-MA4xDDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoGA1UEAwwDdDU0MBKkEDAOMQwwCgYD +-VQQDDAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1NjASpBAwDjEMMAoGA1UEAwwDdDU3 +-MBKkEDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4xDDAKBgNVBAMMA3Q1OTASpBAwDjEM +-MAoGA1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQDDAN0NjEwEqQQMA4xDDAKBgNVBAMM +-A3Q2MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKkEDAOMQwwCgYDVQQDDAN0NjQwEqQQ +-MA4xDDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoGA1UEAwwDdDY2MBKkEDAOMQwwCgYD +-VQQDDAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2ODASpBAwDjEMMAoGA1UEAwwDdDY5 +-MBKkEDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4xDDAKBgNVBAMMA3Q3MTASpBAwDjEM +-MAoGA1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQDDAN0NzMwEqQQMA4xDDAKBgNVBAMM +-A3Q3NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKkEDAOMQwwCgYDVQQDDAN0NzYwEqQQ +-MA4xDDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoGA1UEAwwDdDc4MBKkEDAOMQwwCgYD +-VQQDDAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4MDASpBAwDjEMMAoGA1UEAwwDdDgx +-MBKkEDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4xDDAKBgNVBAMMA3Q4MzASpBAwDjEM +-MAoGA1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQDDAN0ODUwEqQQMA4xDDAKBgNVBAMM +-A3Q4NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKkEDAOMQwwCgYDVQQDDAN0ODgwEqQQ +-MA4xDDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoGA1UEAwwDdDkwMBKkEDAOMQwwCgYD +-VQQDDAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5MjASpBAwDjEMMAoGA1UEAwwDdDkz +-MBKkEDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4xDDAKBgNVBAMMA3Q5NTASpBAwDjEM +-MAoGA1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQDDAN0OTcwEqQQMA4xDDAKBgNVBAMM +-A3Q5ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOkETAPMQ0wCwYDVQQDDAR0MTAwMBOk +-ETAPMQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0wCwYDVQQDDAR0MTAyMBOkETAPMQ0w +-CwYDVQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQDDAR0MTA0MBOkETAPMQ0wCwYDVQQD +-DAR0MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2MBOkETAPMQ0wCwYDVQQDDAR0MTA3 +-MBOkETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAPMQ0wCwYDVQQDDAR0MTA5MBOkETAP +-MQ0wCwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYDVQQDDAR0MTExMBOkETAPMQ0wCwYD +-VQQDDAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0MTEzMBOkETAPMQ0wCwYDVQQDDAR0 +-MTE0MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOkETAPMQ0wCwYDVQQDDAR0MTE2MBOk +-ETAPMQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0wCwYDVQQDDAR0MTE4MBOkETAPMQ0w +-CwYDVQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQDDAR0MTIwMBOkETAPMQ0wCwYDVQQD +-DAR0MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIyMBOkETAPMQ0wCwYDVQQDDAR0MTIz +-MBOkETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAPMQ0wCwYDVQQDDAR0MTI1MBOkETAP +-MQ0wCwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYDVQQDDAR0MTI3MBOkETAPMQ0wCwYD +-VQQDDAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0MTI5MBOkETAPMQ0wCwYDVQQDDAR0 +-MTMwMBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOkETAPMQ0wCwYDVQQDDAR0MTMyMBOk +-ETAPMQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0wCwYDVQQDDAR0MTM0MBOkETAPMQ0w +-CwYDVQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQDDAR0MTM2MBOkETAPMQ0wCwYDVQQD +-DAR0MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4MBOkETAPMQ0wCwYDVQQDDAR0MTM5 +-MBOkETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAPMQ0wCwYDVQQDDAR0MTQxMBOkETAP +-MQ0wCwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYDVQQDDAR0MTQzMBOkETAPMQ0wCwYD +-VQQDDAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0MTQ1MBOkETAPMQ0wCwYDVQQDDAR0 +-MTQ2MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOkETAPMQ0wCwYDVQQDDAR0MTQ4MBOk +-ETAPMQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0wCwYDVQQDDAR0MTUwMBOkETAPMQ0w +-CwYDVQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQDDAR0MTUyMBOkETAPMQ0wCwYDVQQD +-DAR0MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0MBOkETAPMQ0wCwYDVQQDDAR0MTU1 +-MBOkETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAPMQ0wCwYDVQQDDAR0MTU3MBOkETAP +-MQ0wCwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYDVQQDDAR0MTU5MBOkETAPMQ0wCwYD +-VQQDDAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0MTYxMBOkETAPMQ0wCwYDVQQDDAR0 +-MTYyMBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOkETAPMQ0wCwYDVQQDDAR0MTY0MBOk +-ETAPMQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0wCwYDVQQDDAR0MTY2MBOkETAPMQ0w +-CwYDVQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQDDAR0MTY4MBOkETAPMQ0wCwYDVQQD +-DAR0MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcwMBOkETAPMQ0wCwYDVQQDDAR0MTcx +-MBOkETAPMQ0wCwYDVQQDDAR0MTcyMBOkETAPMQ0wCwYDVQQDDAR0MTczMBOkETAP +-MQ0wCwYDVQQDDAR0MTc0MBOkETAPMQ0wCwYDVQQDDAR0MTc1MBOkETAPMQ0wCwYD +-VQQDDAR0MTc2MBOkETAPMQ0wCwYDVQQDDAR0MTc3MBOkETAPMQ0wCwYDVQQDDAR0 +-MTc4MBOkETAPMQ0wCwYDVQQDDAR0MTc5MBOkETAPMQ0wCwYDVQQDDAR0MTgwMBOk +-ETAPMQ0wCwYDVQQDDAR0MTgxMBOkETAPMQ0wCwYDVQQDDAR0MTgyMBOkETAPMQ0w +-CwYDVQQDDAR0MTgzMBOkETAPMQ0wCwYDVQQDDAR0MTg0MBOkETAPMQ0wCwYDVQQD +-DAR0MTg1MBOkETAPMQ0wCwYDVQQDDAR0MTg2MBOkETAPMQ0wCwYDVQQDDAR0MTg3 +-MBOkETAPMQ0wCwYDVQQDDAR0MTg4MBOkETAPMQ0wCwYDVQQDDAR0MTg5MBOkETAP +-MQ0wCwYDVQQDDAR0MTkwMBOkETAPMQ0wCwYDVQQDDAR0MTkxMBOkETAPMQ0wCwYD +-VQQDDAR0MTkyMBOkETAPMQ0wCwYDVQQDDAR0MTkzMBOkETAPMQ0wCwYDVQQDDAR0 +-MTk0MBOkETAPMQ0wCwYDVQQDDAR0MTk1MBOkETAPMQ0wCwYDVQQDDAR0MTk2MBOk +-ETAPMQ0wCwYDVQQDDAR0MTk3MBOkETAPMQ0wCwYDVQQDDAR0MTk4MBOkETAPMQ0w +-CwYDVQQDDAR0MTk5MBOkETAPMQ0wCwYDVQQDDAR0MjAwMBOkETAPMQ0wCwYDVQQD +-DAR0MjAxMBOkETAPMQ0wCwYDVQQDDAR0MjAyMBOkETAPMQ0wCwYDVQQDDAR0MjAz +-MBOkETAPMQ0wCwYDVQQDDAR0MjA0MBOkETAPMQ0wCwYDVQQDDAR0MjA1MBOkETAP +-MQ0wCwYDVQQDDAR0MjA2MBOkETAPMQ0wCwYDVQQDDAR0MjA3MBOkETAPMQ0wCwYD +-VQQDDAR0MjA4MBOkETAPMQ0wCwYDVQQDDAR0MjA5MBOkETAPMQ0wCwYDVQQDDAR0 +-MjEwMBOkETAPMQ0wCwYDVQQDDAR0MjExMBOkETAPMQ0wCwYDVQQDDAR0MjEyMBOk +-ETAPMQ0wCwYDVQQDDAR0MjEzMBOkETAPMQ0wCwYDVQQDDAR0MjE0MBOkETAPMQ0w +-CwYDVQQDDAR0MjE1MBOkETAPMQ0wCwYDVQQDDAR0MjE2MBOkETAPMQ0wCwYDVQQD +-DAR0MjE3MBOkETAPMQ0wCwYDVQQDDAR0MjE4MBOkETAPMQ0wCwYDVQQDDAR0MjE5 +-MBOkETAPMQ0wCwYDVQQDDAR0MjIwMBOkETAPMQ0wCwYDVQQDDAR0MjIxMBOkETAP +-MQ0wCwYDVQQDDAR0MjIyMBOkETAPMQ0wCwYDVQQDDAR0MjIzMBOkETAPMQ0wCwYD +-VQQDDAR0MjI0MBOkETAPMQ0wCwYDVQQDDAR0MjI1MBOkETAPMQ0wCwYDVQQDDAR0 +-MjI2MBOkETAPMQ0wCwYDVQQDDAR0MjI3MBOkETAPMQ0wCwYDVQQDDAR0MjI4MBOk +-ETAPMQ0wCwYDVQQDDAR0MjI5MBOkETAPMQ0wCwYDVQQDDAR0MjMwMBOkETAPMQ0w +-CwYDVQQDDAR0MjMxMBOkETAPMQ0wCwYDVQQDDAR0MjMyMBOkETAPMQ0wCwYDVQQD +-DAR0MjMzMBOkETAPMQ0wCwYDVQQDDAR0MjM0MBOkETAPMQ0wCwYDVQQDDAR0MjM1 +-MBOkETAPMQ0wCwYDVQQDDAR0MjM2MBOkETAPMQ0wCwYDVQQDDAR0MjM3MBOkETAP +-MQ0wCwYDVQQDDAR0MjM4MBOkETAPMQ0wCwYDVQQDDAR0MjM5MBOkETAPMQ0wCwYD +-VQQDDAR0MjQwMBOkETAPMQ0wCwYDVQQDDAR0MjQxMBOkETAPMQ0wCwYDVQQDDAR0 +-MjQyMBOkETAPMQ0wCwYDVQQDDAR0MjQzMBOkETAPMQ0wCwYDVQQDDAR0MjQ0MBOk +-ETAPMQ0wCwYDVQQDDAR0MjQ1MBOkETAPMQ0wCwYDVQQDDAR0MjQ2MBOkETAPMQ0w +-CwYDVQQDDAR0MjQ3MBOkETAPMQ0wCwYDVQQDDAR0MjQ4MBOkETAPMQ0wCwYDVQQD +-DAR0MjQ5MBOkETAPMQ0wCwYDVQQDDAR0MjUwMBOkETAPMQ0wCwYDVQQDDAR0MjUx +-MBOkETAPMQ0wCwYDVQQDDAR0MjUyMBOkETAPMQ0wCwYDVQQDDAR0MjUzMBOkETAP +-MQ0wCwYDVQQDDAR0MjU0MBOkETAPMQ0wCwYDVQQDDAR0MjU1MBOkETAPMQ0wCwYD +-VQQDDAR0MjU2MBOkETAPMQ0wCwYDVQQDDAR0MjU3MBOkETAPMQ0wCwYDVQQDDAR0 +-MjU4MBOkETAPMQ0wCwYDVQQDDAR0MjU5MBOkETAPMQ0wCwYDVQQDDAR0MjYwMBOk +-ETAPMQ0wCwYDVQQDDAR0MjYxMBOkETAPMQ0wCwYDVQQDDAR0MjYyMBOkETAPMQ0w +-CwYDVQQDDAR0MjYzMBOkETAPMQ0wCwYDVQQDDAR0MjY0MBOkETAPMQ0wCwYDVQQD +-DAR0MjY1MBOkETAPMQ0wCwYDVQQDDAR0MjY2MBOkETAPMQ0wCwYDVQQDDAR0MjY3 +-MBOkETAPMQ0wCwYDVQQDDAR0MjY4MBOkETAPMQ0wCwYDVQQDDAR0MjY5MBOkETAP +-MQ0wCwYDVQQDDAR0MjcwMBOkETAPMQ0wCwYDVQQDDAR0MjcxMBOkETAPMQ0wCwYD +-VQQDDAR0MjcyMBOkETAPMQ0wCwYDVQQDDAR0MjczMBOkETAPMQ0wCwYDVQQDDAR0 +-Mjc0MBOkETAPMQ0wCwYDVQQDDAR0Mjc1MBOkETAPMQ0wCwYDVQQDDAR0Mjc2MBOk +-ETAPMQ0wCwYDVQQDDAR0Mjc3MBOkETAPMQ0wCwYDVQQDDAR0Mjc4MBOkETAPMQ0w +-CwYDVQQDDAR0Mjc5MBOkETAPMQ0wCwYDVQQDDAR0MjgwMBOkETAPMQ0wCwYDVQQD +-DAR0MjgxMBOkETAPMQ0wCwYDVQQDDAR0MjgyMBOkETAPMQ0wCwYDVQQDDAR0Mjgz +-MBOkETAPMQ0wCwYDVQQDDAR0Mjg0MBOkETAPMQ0wCwYDVQQDDAR0Mjg1MBOkETAP +-MQ0wCwYDVQQDDAR0Mjg2MBOkETAPMQ0wCwYDVQQDDAR0Mjg3MBOkETAPMQ0wCwYD +-VQQDDAR0Mjg4MBOkETAPMQ0wCwYDVQQDDAR0Mjg5MBOkETAPMQ0wCwYDVQQDDAR0 +-MjkwMBOkETAPMQ0wCwYDVQQDDAR0MjkxMBOkETAPMQ0wCwYDVQQDDAR0MjkyMBOk +-ETAPMQ0wCwYDVQQDDAR0MjkzMBOkETAPMQ0wCwYDVQQDDAR0Mjk0MBOkETAPMQ0w +-CwYDVQQDDAR0Mjk1MBOkETAPMQ0wCwYDVQQDDAR0Mjk2MBOkETAPMQ0wCwYDVQQD +-DAR0Mjk3MBOkETAPMQ0wCwYDVQQDDAR0Mjk4MBOkETAPMQ0wCwYDVQQDDAR0Mjk5 +-MBOkETAPMQ0wCwYDVQQDDAR0MzAwMBOkETAPMQ0wCwYDVQQDDAR0MzAxMBOkETAP +-MQ0wCwYDVQQDDAR0MzAyMBOkETAPMQ0wCwYDVQQDDAR0MzAzMBOkETAPMQ0wCwYD +-VQQDDAR0MzA0MBOkETAPMQ0wCwYDVQQDDAR0MzA1MBOkETAPMQ0wCwYDVQQDDAR0 +-MzA2MBOkETAPMQ0wCwYDVQQDDAR0MzA3MBOkETAPMQ0wCwYDVQQDDAR0MzA4MBOk +-ETAPMQ0wCwYDVQQDDAR0MzA5MBOkETAPMQ0wCwYDVQQDDAR0MzEwMBOkETAPMQ0w +-CwYDVQQDDAR0MzExMBOkETAPMQ0wCwYDVQQDDAR0MzEyMBOkETAPMQ0wCwYDVQQD +-DAR0MzEzMBOkETAPMQ0wCwYDVQQDDAR0MzE0MBOkETAPMQ0wCwYDVQQDDAR0MzE1 +-MBOkETAPMQ0wCwYDVQQDDAR0MzE2MBOkETAPMQ0wCwYDVQQDDAR0MzE3MBOkETAP +-MQ0wCwYDVQQDDAR0MzE4MBOkETAPMQ0wCwYDVQQDDAR0MzE5MBOkETAPMQ0wCwYD +-VQQDDAR0MzIwMBOkETAPMQ0wCwYDVQQDDAR0MzIxMBOkETAPMQ0wCwYDVQQDDAR0 +-MzIyMBOkETAPMQ0wCwYDVQQDDAR0MzIzMBOkETAPMQ0wCwYDVQQDDAR0MzI0MBOk +-ETAPMQ0wCwYDVQQDDAR0MzI1MBOkETAPMQ0wCwYDVQQDDAR0MzI2MBOkETAPMQ0w +-CwYDVQQDDAR0MzI3MBOkETAPMQ0wCwYDVQQDDAR0MzI4MBOkETAPMQ0wCwYDVQQD +-DAR0MzI5MBOkETAPMQ0wCwYDVQQDDAR0MzMwMBOkETAPMQ0wCwYDVQQDDAR0MzMx +-MBOkETAPMQ0wCwYDVQQDDAR0MzMyMBOkETAPMQ0wCwYDVQQDDAR0MzMzMBOkETAP +-MQ0wCwYDVQQDDAR0MzM0MBOkETAPMQ0wCwYDVQQDDAR0MzM1MBOkETAPMQ0wCwYD +-VQQDDAR0MzM2MBOkETAPMQ0wCwYDVQQDDAR0MzM3MBOkETAPMQ0wCwYDVQQDDAR0 +-MzM4MBOkETAPMQ0wCwYDVQQDDAR0MzM5MBOkETAPMQ0wCwYDVQQDDAR0MzQwMBOk +-ETAPMQ0wCwYDVQQDDAR0MzQxMBOkETAPMQ0wCwYDVQQDDAR0MzQyMBOkETAPMQ0w +-CwYDVQQDDAR0MzQzMBOkETAPMQ0wCwYDVQQDDAR0MzQ0MBOkETAPMQ0wCwYDVQQD +-DAR0MzQ1MBOkETAPMQ0wCwYDVQQDDAR0MzQ2MBOkETAPMQ0wCwYDVQQDDAR0MzQ3 +-MBOkETAPMQ0wCwYDVQQDDAR0MzQ4MBOkETAPMQ0wCwYDVQQDDAR0MzQ5MBOkETAP +-MQ0wCwYDVQQDDAR0MzUwMBOkETAPMQ0wCwYDVQQDDAR0MzUxMBOkETAPMQ0wCwYD +-VQQDDAR0MzUyMBOkETAPMQ0wCwYDVQQDDAR0MzUzMBOkETAPMQ0wCwYDVQQDDAR0 +-MzU0MBOkETAPMQ0wCwYDVQQDDAR0MzU1MBOkETAPMQ0wCwYDVQQDDAR0MzU2MBOk +-ETAPMQ0wCwYDVQQDDAR0MzU3MBOkETAPMQ0wCwYDVQQDDAR0MzU4MBOkETAPMQ0w +-CwYDVQQDDAR0MzU5MBOkETAPMQ0wCwYDVQQDDAR0MzYwMBOkETAPMQ0wCwYDVQQD +-DAR0MzYxMBOkETAPMQ0wCwYDVQQDDAR0MzYyMBOkETAPMQ0wCwYDVQQDDAR0MzYz +-MBOkETAPMQ0wCwYDVQQDDAR0MzY0MBOkETAPMQ0wCwYDVQQDDAR0MzY1MBOkETAP +-MQ0wCwYDVQQDDAR0MzY2MBOkETAPMQ0wCwYDVQQDDAR0MzY3MBOkETAPMQ0wCwYD +-VQQDDAR0MzY4MBOkETAPMQ0wCwYDVQQDDAR0MzY5MBOkETAPMQ0wCwYDVQQDDAR0 +-MzcwMBOkETAPMQ0wCwYDVQQDDAR0MzcxMBOkETAPMQ0wCwYDVQQDDAR0MzcyMBOk +-ETAPMQ0wCwYDVQQDDAR0MzczMBOkETAPMQ0wCwYDVQQDDAR0Mzc0MBOkETAPMQ0w +-CwYDVQQDDAR0Mzc1MBOkETAPMQ0wCwYDVQQDDAR0Mzc2MBOkETAPMQ0wCwYDVQQD +-DAR0Mzc3MBOkETAPMQ0wCwYDVQQDDAR0Mzc4MBOkETAPMQ0wCwYDVQQDDAR0Mzc5 +-MBOkETAPMQ0wCwYDVQQDDAR0MzgwMBOkETAPMQ0wCwYDVQQDDAR0MzgxMBOkETAP +-MQ0wCwYDVQQDDAR0MzgyMBOkETAPMQ0wCwYDVQQDDAR0MzgzMBOkETAPMQ0wCwYD +-VQQDDAR0Mzg0MBOkETAPMQ0wCwYDVQQDDAR0Mzg1MBOkETAPMQ0wCwYDVQQDDAR0 +-Mzg2MBOkETAPMQ0wCwYDVQQDDAR0Mzg3MBOkETAPMQ0wCwYDVQQDDAR0Mzg4MBOk +-ETAPMQ0wCwYDVQQDDAR0Mzg5MBOkETAPMQ0wCwYDVQQDDAR0MzkwMBOkETAPMQ0w +-CwYDVQQDDAR0MzkxMBOkETAPMQ0wCwYDVQQDDAR0MzkyMBOkETAPMQ0wCwYDVQQD +-DAR0MzkzMBOkETAPMQ0wCwYDVQQDDAR0Mzk0MBOkETAPMQ0wCwYDVQQDDAR0Mzk1 +-MBOkETAPMQ0wCwYDVQQDDAR0Mzk2MBOkETAPMQ0wCwYDVQQDDAR0Mzk3MBOkETAP +-MQ0wCwYDVQQDDAR0Mzk4MBOkETAPMQ0wCwYDVQQDDAR0Mzk5MBOkETAPMQ0wCwYD +-VQQDDAR0NDAwMBOkETAPMQ0wCwYDVQQDDAR0NDAxMBOkETAPMQ0wCwYDVQQDDAR0 +-NDAyMBOkETAPMQ0wCwYDVQQDDAR0NDAzMBOkETAPMQ0wCwYDVQQDDAR0NDA0MBOk +-ETAPMQ0wCwYDVQQDDAR0NDA1MBOkETAPMQ0wCwYDVQQDDAR0NDA2MBOkETAPMQ0w +-CwYDVQQDDAR0NDA3MBOkETAPMQ0wCwYDVQQDDAR0NDA4MBOkETAPMQ0wCwYDVQQD +-DAR0NDA5MBOkETAPMQ0wCwYDVQQDDAR0NDEwMBOkETAPMQ0wCwYDVQQDDAR0NDEx +-MBOkETAPMQ0wCwYDVQQDDAR0NDEyMBOkETAPMQ0wCwYDVQQDDAR0NDEzMBOkETAP +-MQ0wCwYDVQQDDAR0NDE0MBOkETAPMQ0wCwYDVQQDDAR0NDE1MBOkETAPMQ0wCwYD +-VQQDDAR0NDE2MBOkETAPMQ0wCwYDVQQDDAR0NDE3MA+GDWh0dHA6Ly90ZXN0LzAw +-D4YNaHR0cDovL3Rlc3QvMTAPhg1odHRwOi8vdGVzdC8yMA+GDWh0dHA6Ly90ZXN0 +-LzMwD4YNaHR0cDovL3Rlc3QvNDAPhg1odHRwOi8vdGVzdC81MA+GDWh0dHA6Ly90 +-ZXN0LzYwD4YNaHR0cDovL3Rlc3QvNzAPhg1odHRwOi8vdGVzdC84MA+GDWh0dHA6 +-Ly90ZXN0LzkwEIYOaHR0cDovL3Rlc3QvMTAwEIYOaHR0cDovL3Rlc3QvMTEwEIYO +-aHR0cDovL3Rlc3QvMTIwEIYOaHR0cDovL3Rlc3QvMTMwEIYOaHR0cDovL3Rlc3Qv +-MTQwEIYOaHR0cDovL3Rlc3QvMTUwEIYOaHR0cDovL3Rlc3QvMTYwEIYOaHR0cDov +-L3Rlc3QvMTcwEIYOaHR0cDovL3Rlc3QvMTgwEIYOaHR0cDovL3Rlc3QvMTkwEIYO +-aHR0cDovL3Rlc3QvMjAwEIYOaHR0cDovL3Rlc3QvMjEwEIYOaHR0cDovL3Rlc3Qv +-MjIwEIYOaHR0cDovL3Rlc3QvMjMwEIYOaHR0cDovL3Rlc3QvMjQwEIYOaHR0cDov +-L3Rlc3QvMjUwEIYOaHR0cDovL3Rlc3QvMjYwEIYOaHR0cDovL3Rlc3QvMjcwEIYO +-aHR0cDovL3Rlc3QvMjgwEIYOaHR0cDovL3Rlc3QvMjkwEIYOaHR0cDovL3Rlc3Qv +-MzAwEIYOaHR0cDovL3Rlc3QvMzEwEIYOaHR0cDovL3Rlc3QvMzIwEIYOaHR0cDov +-L3Rlc3QvMzMwEIYOaHR0cDovL3Rlc3QvMzQwEIYOaHR0cDovL3Rlc3QvMzUwEIYO +-aHR0cDovL3Rlc3QvMzYwEIYOaHR0cDovL3Rlc3QvMzcwEIYOaHR0cDovL3Rlc3Qv +-MzgwEIYOaHR0cDovL3Rlc3QvMzkwEIYOaHR0cDovL3Rlc3QvNDAwEIYOaHR0cDov +-L3Rlc3QvNDEwEIYOaHR0cDovL3Rlc3QvNDIwEIYOaHR0cDovL3Rlc3QvNDMwEIYO +-aHR0cDovL3Rlc3QvNDQwEIYOaHR0cDovL3Rlc3QvNDUwEIYOaHR0cDovL3Rlc3Qv +-NDYwEIYOaHR0cDovL3Rlc3QvNDcwEIYOaHR0cDovL3Rlc3QvNDgwEIYOaHR0cDov +-L3Rlc3QvNDkwEIYOaHR0cDovL3Rlc3QvNTAwEIYOaHR0cDovL3Rlc3QvNTEwEIYO +-aHR0cDovL3Rlc3QvNTIwEIYOaHR0cDovL3Rlc3QvNTMwEIYOaHR0cDovL3Rlc3Qv +-NTQwEIYOaHR0cDovL3Rlc3QvNTUwEIYOaHR0cDovL3Rlc3QvNTYwEIYOaHR0cDov +-L3Rlc3QvNTcwEIYOaHR0cDovL3Rlc3QvNTgwEIYOaHR0cDovL3Rlc3QvNTkwEIYO +-aHR0cDovL3Rlc3QvNjAwEIYOaHR0cDovL3Rlc3QvNjEwEIYOaHR0cDovL3Rlc3Qv +-NjIwEIYOaHR0cDovL3Rlc3QvNjMwEIYOaHR0cDovL3Rlc3QvNjQwEIYOaHR0cDov +-L3Rlc3QvNjUwEIYOaHR0cDovL3Rlc3QvNjYwEIYOaHR0cDovL3Rlc3QvNjcwEIYO +-aHR0cDovL3Rlc3QvNjgwEIYOaHR0cDovL3Rlc3QvNjkwEIYOaHR0cDovL3Rlc3Qv +-NzAwEIYOaHR0cDovL3Rlc3QvNzEwEIYOaHR0cDovL3Rlc3QvNzIwEIYOaHR0cDov +-L3Rlc3QvNzMwEIYOaHR0cDovL3Rlc3QvNzQwEIYOaHR0cDovL3Rlc3QvNzUwEIYO +-aHR0cDovL3Rlc3QvNzYwEIYOaHR0cDovL3Rlc3QvNzcwEIYOaHR0cDovL3Rlc3Qv +-NzgwEIYOaHR0cDovL3Rlc3QvNzkwEIYOaHR0cDovL3Rlc3QvODAwEIYOaHR0cDov +-L3Rlc3QvODEwEIYOaHR0cDovL3Rlc3QvODIwEIYOaHR0cDovL3Rlc3QvODMwEIYO +-aHR0cDovL3Rlc3QvODQwEIYOaHR0cDovL3Rlc3QvODUwEIYOaHR0cDovL3Rlc3Qv +-ODYwEIYOaHR0cDovL3Rlc3QvODcwEIYOaHR0cDovL3Rlc3QvODgwEIYOaHR0cDov +-L3Rlc3QvODkwEIYOaHR0cDovL3Rlc3QvOTAwEIYOaHR0cDovL3Rlc3QvOTEwEIYO +-aHR0cDovL3Rlc3QvOTIwEIYOaHR0cDovL3Rlc3QvOTMwEIYOaHR0cDovL3Rlc3Qv +-OTQwEIYOaHR0cDovL3Rlc3QvOTUwEIYOaHR0cDovL3Rlc3QvOTYwEIYOaHR0cDov +-L3Rlc3QvOTcwEIYOaHR0cDovL3Rlc3QvOTgwEIYOaHR0cDovL3Rlc3QvOTkwEYYP +-aHR0cDovL3Rlc3QvMTAwMBGGD2h0dHA6Ly90ZXN0LzEwMTARhg9odHRwOi8vdGVz +-dC8xMDIwEYYPaHR0cDovL3Rlc3QvMTAzMBGGD2h0dHA6Ly90ZXN0LzEwNDARhg9o +-dHRwOi8vdGVzdC8xMDUwEYYPaHR0cDovL3Rlc3QvMTA2MBGGD2h0dHA6Ly90ZXN0 +-LzEwNzARhg9odHRwOi8vdGVzdC8xMDgwEYYPaHR0cDovL3Rlc3QvMTA5MBGGD2h0 +-dHA6Ly90ZXN0LzExMDARhg9odHRwOi8vdGVzdC8xMTEwEYYPaHR0cDovL3Rlc3Qv +-MTEyMBGGD2h0dHA6Ly90ZXN0LzExMzARhg9odHRwOi8vdGVzdC8xMTQwEYYPaHR0 +-cDovL3Rlc3QvMTE1MBGGD2h0dHA6Ly90ZXN0LzExNjARhg9odHRwOi8vdGVzdC8x +-MTcwEYYPaHR0cDovL3Rlc3QvMTE4MBGGD2h0dHA6Ly90ZXN0LzExOTARhg9odHRw +-Oi8vdGVzdC8xMjAwEYYPaHR0cDovL3Rlc3QvMTIxMBGGD2h0dHA6Ly90ZXN0LzEy +-MjARhg9odHRwOi8vdGVzdC8xMjMwEYYPaHR0cDovL3Rlc3QvMTI0MBGGD2h0dHA6 +-Ly90ZXN0LzEyNTARhg9odHRwOi8vdGVzdC8xMjYwEYYPaHR0cDovL3Rlc3QvMTI3 +-MBGGD2h0dHA6Ly90ZXN0LzEyODARhg9odHRwOi8vdGVzdC8xMjkwEYYPaHR0cDov +-L3Rlc3QvMTMwMBGGD2h0dHA6Ly90ZXN0LzEzMTARhg9odHRwOi8vdGVzdC8xMzIw +-EYYPaHR0cDovL3Rlc3QvMTMzMBGGD2h0dHA6Ly90ZXN0LzEzNDARhg9odHRwOi8v +-dGVzdC8xMzUwEYYPaHR0cDovL3Rlc3QvMTM2MBGGD2h0dHA6Ly90ZXN0LzEzNzAR +-hg9odHRwOi8vdGVzdC8xMzgwEYYPaHR0cDovL3Rlc3QvMTM5MBGGD2h0dHA6Ly90 +-ZXN0LzE0MDARhg9odHRwOi8vdGVzdC8xNDEwEYYPaHR0cDovL3Rlc3QvMTQyMBGG +-D2h0dHA6Ly90ZXN0LzE0MzARhg9odHRwOi8vdGVzdC8xNDQwEYYPaHR0cDovL3Rl +-c3QvMTQ1MBGGD2h0dHA6Ly90ZXN0LzE0NjARhg9odHRwOi8vdGVzdC8xNDcwEYYP +-aHR0cDovL3Rlc3QvMTQ4MBGGD2h0dHA6Ly90ZXN0LzE0OTARhg9odHRwOi8vdGVz +-dC8xNTAwEYYPaHR0cDovL3Rlc3QvMTUxMBGGD2h0dHA6Ly90ZXN0LzE1MjARhg9o +-dHRwOi8vdGVzdC8xNTMwEYYPaHR0cDovL3Rlc3QvMTU0MBGGD2h0dHA6Ly90ZXN0 +-LzE1NTARhg9odHRwOi8vdGVzdC8xNTYwEYYPaHR0cDovL3Rlc3QvMTU3MBGGD2h0 +-dHA6Ly90ZXN0LzE1ODARhg9odHRwOi8vdGVzdC8xNTkwEYYPaHR0cDovL3Rlc3Qv +-MTYwMBGGD2h0dHA6Ly90ZXN0LzE2MTARhg9odHRwOi8vdGVzdC8xNjIwEYYPaHR0 +-cDovL3Rlc3QvMTYzMBGGD2h0dHA6Ly90ZXN0LzE2NDARhg9odHRwOi8vdGVzdC8x +-NjUwEYYPaHR0cDovL3Rlc3QvMTY2MBGGD2h0dHA6Ly90ZXN0LzE2NzARhg9odHRw +-Oi8vdGVzdC8xNjgwEYYPaHR0cDovL3Rlc3QvMTY5MBGGD2h0dHA6Ly90ZXN0LzE3 +-MDARhg9odHRwOi8vdGVzdC8xNzEwEYYPaHR0cDovL3Rlc3QvMTcyMBGGD2h0dHA6 +-Ly90ZXN0LzE3MzARhg9odHRwOi8vdGVzdC8xNzQwEYYPaHR0cDovL3Rlc3QvMTc1 +-MBGGD2h0dHA6Ly90ZXN0LzE3NjARhg9odHRwOi8vdGVzdC8xNzcwEYYPaHR0cDov +-L3Rlc3QvMTc4MBGGD2h0dHA6Ly90ZXN0LzE3OTARhg9odHRwOi8vdGVzdC8xODAw +-EYYPaHR0cDovL3Rlc3QvMTgxMBGGD2h0dHA6Ly90ZXN0LzE4MjARhg9odHRwOi8v +-dGVzdC8xODMwEYYPaHR0cDovL3Rlc3QvMTg0MBGGD2h0dHA6Ly90ZXN0LzE4NTAR +-hg9odHRwOi8vdGVzdC8xODYwEYYPaHR0cDovL3Rlc3QvMTg3MBGGD2h0dHA6Ly90 +-ZXN0LzE4ODARhg9odHRwOi8vdGVzdC8xODkwEYYPaHR0cDovL3Rlc3QvMTkwMBGG +-D2h0dHA6Ly90ZXN0LzE5MTARhg9odHRwOi8vdGVzdC8xOTIwEYYPaHR0cDovL3Rl +-c3QvMTkzMBGGD2h0dHA6Ly90ZXN0LzE5NDARhg9odHRwOi8vdGVzdC8xOTUwEYYP +-aHR0cDovL3Rlc3QvMTk2MBGGD2h0dHA6Ly90ZXN0LzE5NzARhg9odHRwOi8vdGVz +-dC8xOTgwEYYPaHR0cDovL3Rlc3QvMTk5MBGGD2h0dHA6Ly90ZXN0LzIwMDARhg9o +-dHRwOi8vdGVzdC8yMDEwEYYPaHR0cDovL3Rlc3QvMjAyMBGGD2h0dHA6Ly90ZXN0 +-LzIwMzARhg9odHRwOi8vdGVzdC8yMDQwEYYPaHR0cDovL3Rlc3QvMjA1MBGGD2h0 +-dHA6Ly90ZXN0LzIwNjARhg9odHRwOi8vdGVzdC8yMDcwEYYPaHR0cDovL3Rlc3Qv +-MjA4MBGGD2h0dHA6Ly90ZXN0LzIwOTARhg9odHRwOi8vdGVzdC8yMTAwEYYPaHR0 +-cDovL3Rlc3QvMjExMBGGD2h0dHA6Ly90ZXN0LzIxMjARhg9odHRwOi8vdGVzdC8y +-MTMwEYYPaHR0cDovL3Rlc3QvMjE0MBGGD2h0dHA6Ly90ZXN0LzIxNTARhg9odHRw +-Oi8vdGVzdC8yMTYwEYYPaHR0cDovL3Rlc3QvMjE3MBGGD2h0dHA6Ly90ZXN0LzIx +-ODARhg9odHRwOi8vdGVzdC8yMTkwEYYPaHR0cDovL3Rlc3QvMjIwMBGGD2h0dHA6 +-Ly90ZXN0LzIyMTARhg9odHRwOi8vdGVzdC8yMjIwEYYPaHR0cDovL3Rlc3QvMjIz +-MBGGD2h0dHA6Ly90ZXN0LzIyNDARhg9odHRwOi8vdGVzdC8yMjUwEYYPaHR0cDov +-L3Rlc3QvMjI2MBGGD2h0dHA6Ly90ZXN0LzIyNzARhg9odHRwOi8vdGVzdC8yMjgw +-EYYPaHR0cDovL3Rlc3QvMjI5MBGGD2h0dHA6Ly90ZXN0LzIzMDARhg9odHRwOi8v +-dGVzdC8yMzEwEYYPaHR0cDovL3Rlc3QvMjMyMBGGD2h0dHA6Ly90ZXN0LzIzMzAR +-hg9odHRwOi8vdGVzdC8yMzQwEYYPaHR0cDovL3Rlc3QvMjM1MBGGD2h0dHA6Ly90 +-ZXN0LzIzNjARhg9odHRwOi8vdGVzdC8yMzcwEYYPaHR0cDovL3Rlc3QvMjM4MBGG +-D2h0dHA6Ly90ZXN0LzIzOTARhg9odHRwOi8vdGVzdC8yNDAwEYYPaHR0cDovL3Rl +-c3QvMjQxMBGGD2h0dHA6Ly90ZXN0LzI0MjARhg9odHRwOi8vdGVzdC8yNDMwEYYP +-aHR0cDovL3Rlc3QvMjQ0MBGGD2h0dHA6Ly90ZXN0LzI0NTARhg9odHRwOi8vdGVz +-dC8yNDYwEYYPaHR0cDovL3Rlc3QvMjQ3MBGGD2h0dHA6Ly90ZXN0LzI0ODARhg9o +-dHRwOi8vdGVzdC8yNDkwEYYPaHR0cDovL3Rlc3QvMjUwMBGGD2h0dHA6Ly90ZXN0 +-LzI1MTARhg9odHRwOi8vdGVzdC8yNTIwEYYPaHR0cDovL3Rlc3QvMjUzMBGGD2h0 +-dHA6Ly90ZXN0LzI1NDARhg9odHRwOi8vdGVzdC8yNTUwEYYPaHR0cDovL3Rlc3Qv +-MjU2MBGGD2h0dHA6Ly90ZXN0LzI1NzARhg9odHRwOi8vdGVzdC8yNTgwEYYPaHR0 +-cDovL3Rlc3QvMjU5MBGGD2h0dHA6Ly90ZXN0LzI2MDARhg9odHRwOi8vdGVzdC8y +-NjEwEYYPaHR0cDovL3Rlc3QvMjYyMBGGD2h0dHA6Ly90ZXN0LzI2MzARhg9odHRw +-Oi8vdGVzdC8yNjQwEYYPaHR0cDovL3Rlc3QvMjY1MBGGD2h0dHA6Ly90ZXN0LzI2 +-NjARhg9odHRwOi8vdGVzdC8yNjcwEYYPaHR0cDovL3Rlc3QvMjY4MBGGD2h0dHA6 +-Ly90ZXN0LzI2OTARhg9odHRwOi8vdGVzdC8yNzAwEYYPaHR0cDovL3Rlc3QvMjcx +-MBGGD2h0dHA6Ly90ZXN0LzI3MjARhg9odHRwOi8vdGVzdC8yNzMwEYYPaHR0cDov +-L3Rlc3QvMjc0MBGGD2h0dHA6Ly90ZXN0LzI3NTARhg9odHRwOi8vdGVzdC8yNzYw +-EYYPaHR0cDovL3Rlc3QvMjc3MBGGD2h0dHA6Ly90ZXN0LzI3ODARhg9odHRwOi8v +-dGVzdC8yNzkwEYYPaHR0cDovL3Rlc3QvMjgwMBGGD2h0dHA6Ly90ZXN0LzI4MTAR +-hg9odHRwOi8vdGVzdC8yODIwEYYPaHR0cDovL3Rlc3QvMjgzMBGGD2h0dHA6Ly90 +-ZXN0LzI4NDARhg9odHRwOi8vdGVzdC8yODUwEYYPaHR0cDovL3Rlc3QvMjg2MBGG +-D2h0dHA6Ly90ZXN0LzI4NzARhg9odHRwOi8vdGVzdC8yODgwEYYPaHR0cDovL3Rl +-c3QvMjg5MBGGD2h0dHA6Ly90ZXN0LzI5MDARhg9odHRwOi8vdGVzdC8yOTEwEYYP +-aHR0cDovL3Rlc3QvMjkyMBGGD2h0dHA6Ly90ZXN0LzI5MzARhg9odHRwOi8vdGVz +-dC8yOTQwEYYPaHR0cDovL3Rlc3QvMjk1MBGGD2h0dHA6Ly90ZXN0LzI5NjARhg9o +-dHRwOi8vdGVzdC8yOTcwEYYPaHR0cDovL3Rlc3QvMjk4MBGGD2h0dHA6Ly90ZXN0 +-LzI5OTARhg9odHRwOi8vdGVzdC8zMDAwEYYPaHR0cDovL3Rlc3QvMzAxMBGGD2h0 +-dHA6Ly90ZXN0LzMwMjARhg9odHRwOi8vdGVzdC8zMDMwEYYPaHR0cDovL3Rlc3Qv +-MzA0MBGGD2h0dHA6Ly90ZXN0LzMwNTARhg9odHRwOi8vdGVzdC8zMDYwEYYPaHR0 +-cDovL3Rlc3QvMzA3MBGGD2h0dHA6Ly90ZXN0LzMwODARhg9odHRwOi8vdGVzdC8z +-MDkwEYYPaHR0cDovL3Rlc3QvMzEwMBGGD2h0dHA6Ly90ZXN0LzMxMTARhg9odHRw +-Oi8vdGVzdC8zMTIwEYYPaHR0cDovL3Rlc3QvMzEzMBGGD2h0dHA6Ly90ZXN0LzMx +-NDARhg9odHRwOi8vdGVzdC8zMTUwEYYPaHR0cDovL3Rlc3QvMzE2MBGGD2h0dHA6 +-Ly90ZXN0LzMxNzARhg9odHRwOi8vdGVzdC8zMTgwEYYPaHR0cDovL3Rlc3QvMzE5 +-MBGGD2h0dHA6Ly90ZXN0LzMyMDARhg9odHRwOi8vdGVzdC8zMjEwEYYPaHR0cDov +-L3Rlc3QvMzIyMBGGD2h0dHA6Ly90ZXN0LzMyMzARhg9odHRwOi8vdGVzdC8zMjQw +-EYYPaHR0cDovL3Rlc3QvMzI1MBGGD2h0dHA6Ly90ZXN0LzMyNjARhg9odHRwOi8v +-dGVzdC8zMjcwEYYPaHR0cDovL3Rlc3QvMzI4MBGGD2h0dHA6Ly90ZXN0LzMyOTAR +-hg9odHRwOi8vdGVzdC8zMzAwEYYPaHR0cDovL3Rlc3QvMzMxMBGGD2h0dHA6Ly90 +-ZXN0LzMzMjARhg9odHRwOi8vdGVzdC8zMzMwEYYPaHR0cDovL3Rlc3QvMzM0MBGG +-D2h0dHA6Ly90ZXN0LzMzNTARhg9odHRwOi8vdGVzdC8zMzYwEYYPaHR0cDovL3Rl +-c3QvMzM3MBGGD2h0dHA6Ly90ZXN0LzMzODARhg9odHRwOi8vdGVzdC8zMzkwEYYP +-aHR0cDovL3Rlc3QvMzQwMBGGD2h0dHA6Ly90ZXN0LzM0MTARhg9odHRwOi8vdGVz +-dC8zNDIwEYYPaHR0cDovL3Rlc3QvMzQzMBGGD2h0dHA6Ly90ZXN0LzM0NDARhg9o +-dHRwOi8vdGVzdC8zNDUwEYYPaHR0cDovL3Rlc3QvMzQ2MBGGD2h0dHA6Ly90ZXN0 +-LzM0NzARhg9odHRwOi8vdGVzdC8zNDgwEYYPaHR0cDovL3Rlc3QvMzQ5MBGGD2h0 +-dHA6Ly90ZXN0LzM1MDARhg9odHRwOi8vdGVzdC8zNTEwEYYPaHR0cDovL3Rlc3Qv +-MzUyMBGGD2h0dHA6Ly90ZXN0LzM1MzARhg9odHRwOi8vdGVzdC8zNTQwEYYPaHR0 +-cDovL3Rlc3QvMzU1MBGGD2h0dHA6Ly90ZXN0LzM1NjARhg9odHRwOi8vdGVzdC8z +-NTcwEYYPaHR0cDovL3Rlc3QvMzU4MBGGD2h0dHA6Ly90ZXN0LzM1OTARhg9odHRw +-Oi8vdGVzdC8zNjAwEYYPaHR0cDovL3Rlc3QvMzYxMBGGD2h0dHA6Ly90ZXN0LzM2 +-MjARhg9odHRwOi8vdGVzdC8zNjMwEYYPaHR0cDovL3Rlc3QvMzY0MBGGD2h0dHA6 +-Ly90ZXN0LzM2NTARhg9odHRwOi8vdGVzdC8zNjYwEYYPaHR0cDovL3Rlc3QvMzY3 +-MBGGD2h0dHA6Ly90ZXN0LzM2ODARhg9odHRwOi8vdGVzdC8zNjkwEYYPaHR0cDov +-L3Rlc3QvMzcwMBGGD2h0dHA6Ly90ZXN0LzM3MTARhg9odHRwOi8vdGVzdC8zNzIw +-EYYPaHR0cDovL3Rlc3QvMzczMBGGD2h0dHA6Ly90ZXN0LzM3NDARhg9odHRwOi8v +-dGVzdC8zNzUwEYYPaHR0cDovL3Rlc3QvMzc2MBGGD2h0dHA6Ly90ZXN0LzM3NzAR +-hg9odHRwOi8vdGVzdC8zNzgwEYYPaHR0cDovL3Rlc3QvMzc5MBGGD2h0dHA6Ly90 +-ZXN0LzM4MDARhg9odHRwOi8vdGVzdC8zODEwEYYPaHR0cDovL3Rlc3QvMzgyMBGG +-D2h0dHA6Ly90ZXN0LzM4MzARhg9odHRwOi8vdGVzdC8zODQwEYYPaHR0cDovL3Rl +-c3QvMzg1MBGGD2h0dHA6Ly90ZXN0LzM4NjARhg9odHRwOi8vdGVzdC8zODcwEYYP +-aHR0cDovL3Rlc3QvMzg4MBGGD2h0dHA6Ly90ZXN0LzM4OTARhg9odHRwOi8vdGVz +-dC8zOTAwEYYPaHR0cDovL3Rlc3QvMzkxMBGGD2h0dHA6Ly90ZXN0LzM5MjARhg9o +-dHRwOi8vdGVzdC8zOTMwEYYPaHR0cDovL3Rlc3QvMzk0MBGGD2h0dHA6Ly90ZXN0 +-LzM5NTARhg9odHRwOi8vdGVzdC8zOTYwEYYPaHR0cDovL3Rlc3QvMzk3MBGGD2h0 +-dHA6Ly90ZXN0LzM5ODARhg9odHRwOi8vdGVzdC8zOTkwEYYPaHR0cDovL3Rlc3Qv +-NDAwMBGGD2h0dHA6Ly90ZXN0LzQwMTARhg9odHRwOi8vdGVzdC80MDIwEYYPaHR0 +-cDovL3Rlc3QvNDAzMBGGD2h0dHA6Ly90ZXN0LzQwNDARhg9odHRwOi8vdGVzdC80 +-MDUwEYYPaHR0cDovL3Rlc3QvNDA2MBGGD2h0dHA6Ly90ZXN0LzQwNzARhg9odHRw +-Oi8vdGVzdC80MDgwEYYPaHR0cDovL3Rlc3QvNDA5MBGGD2h0dHA6Ly90ZXN0LzQx +-MDARhg9odHRwOi8vdGVzdC80MTEwEYYPaHR0cDovL3Rlc3QvNDEyMBGGD2h0dHA6 +-Ly90ZXN0LzQxMzARhg9odHRwOi8vdGVzdC80MTQwEYYPaHR0cDovL3Rlc3QvNDE1 +-MBGGD2h0dHA6Ly90ZXN0LzQxNjARhg9odHRwOi8vdGVzdC80MTcwEYYPaHR0cDov +-L3Rlc3QvNDE4MBGGD2h0dHA6Ly90ZXN0LzQxOTARhg9odHRwOi8vdGVzdC80MjAw +-EYYPaHR0cDovL3Rlc3QvNDIxMBGGD2h0dHA6Ly90ZXN0LzQyMjARhg9odHRwOi8v +-dGVzdC80MjMwEYYPaHR0cDovL3Rlc3QvNDI0MBGGD2h0dHA6Ly90ZXN0LzQyNTAR +-hg9odHRwOi8vdGVzdC80MjYwEYYPaHR0cDovL3Rlc3QvNDI3MBGGD2h0dHA6Ly90 +-ZXN0LzQyODARhg9odHRwOi8vdGVzdC80MjkwEYYPaHR0cDovL3Rlc3QvNDMwMBGG +-D2h0dHA6Ly90ZXN0LzQzMTARhg9odHRwOi8vdGVzdC80MzIwEYYPaHR0cDovL3Rl +-c3QvNDMzMBGGD2h0dHA6Ly90ZXN0LzQzNDARhg9odHRwOi8vdGVzdC80MzUwEYYP +-aHR0cDovL3Rlc3QvNDM2MBGGD2h0dHA6Ly90ZXN0LzQzNzARhg9odHRwOi8vdGVz +-dC80MzgwEYYPaHR0cDovL3Rlc3QvNDM5MBGGD2h0dHA6Ly90ZXN0LzQ0MDARhg9o +-dHRwOi8vdGVzdC80NDEwEYYPaHR0cDovL3Rlc3QvNDQyMBGGD2h0dHA6Ly90ZXN0 +-LzQ0MzARhg9odHRwOi8vdGVzdC80NDQwEYYPaHR0cDovL3Rlc3QvNDQ1MBGGD2h0 +-dHA6Ly90ZXN0LzQ0NjARhg9odHRwOi8vdGVzdC80NDcwEYYPaHR0cDovL3Rlc3Qv +-NDQ4MBGGD2h0dHA6Ly90ZXN0LzQ0OTARhg9odHRwOi8vdGVzdC80NTAwEYYPaHR0 +-cDovL3Rlc3QvNDUxMBGGD2h0dHA6Ly90ZXN0LzQ1MjARhg9odHRwOi8vdGVzdC80 +-NTMwEYYPaHR0cDovL3Rlc3QvNDU0MBGGD2h0dHA6Ly90ZXN0LzQ1NTARhg9odHRw +-Oi8vdGVzdC80NTYwEYYPaHR0cDovL3Rlc3QvNDU3MBGGD2h0dHA6Ly90ZXN0LzQ1 +-ODARhg9odHRwOi8vdGVzdC80NTkwEYYPaHR0cDovL3Rlc3QvNDYwMBGGD2h0dHA6 +-Ly90ZXN0LzQ2MTARhg9odHRwOi8vdGVzdC80NjIwEYYPaHR0cDovL3Rlc3QvNDYz +-MBGGD2h0dHA6Ly90ZXN0LzQ2NDARhg9odHRwOi8vdGVzdC80NjUwEYYPaHR0cDov +-L3Rlc3QvNDY2MBGGD2h0dHA6Ly90ZXN0LzQ2NzARhg9odHRwOi8vdGVzdC80Njgw +-EYYPaHR0cDovL3Rlc3QvNDY5MBGGD2h0dHA6Ly90ZXN0LzQ3MDARhg9odHRwOi8v +-dGVzdC80NzEwEYYPaHR0cDovL3Rlc3QvNDcyMBGGD2h0dHA6Ly90ZXN0LzQ3MzAR +-hg9odHRwOi8vdGVzdC80NzQwEYYPaHR0cDovL3Rlc3QvNDc1MBGGD2h0dHA6Ly90 +-ZXN0LzQ3NjARhg9odHRwOi8vdGVzdC80NzcwEYYPaHR0cDovL3Rlc3QvNDc4MBGG +-D2h0dHA6Ly90ZXN0LzQ3OTARhg9odHRwOi8vdGVzdC80ODAwEYYPaHR0cDovL3Rl +-c3QvNDgxMBGGD2h0dHA6Ly90ZXN0LzQ4MjARhg9odHRwOi8vdGVzdC80ODMwEYYP +-aHR0cDovL3Rlc3QvNDg0MBGGD2h0dHA6Ly90ZXN0LzQ4NTARhg9odHRwOi8vdGVz +-dC80ODYwEYYPaHR0cDovL3Rlc3QvNDg3MBGGD2h0dHA6Ly90ZXN0LzQ4ODARhg9o +-dHRwOi8vdGVzdC80ODkwEYYPaHR0cDovL3Rlc3QvNDkwMBGGD2h0dHA6Ly90ZXN0 +-LzQ5MTARhg9odHRwOi8vdGVzdC80OTIwEYYPaHR0cDovL3Rlc3QvNDkzMBGGD2h0 +-dHA6Ly90ZXN0LzQ5NDARhg9odHRwOi8vdGVzdC80OTUwEYYPaHR0cDovL3Rlc3Qv +-NDk2MBGGD2h0dHA6Ly90ZXN0LzQ5NzARhg9odHRwOi8vdGVzdC80OTgwEYYPaHR0 +-cDovL3Rlc3QvNDk5MBGGD2h0dHA6Ly90ZXN0LzUwMDARhg9odHRwOi8vdGVzdC81 +-MDEwEYYPaHR0cDovL3Rlc3QvNTAyMBGGD2h0dHA6Ly90ZXN0LzUwMzARhg9odHRw +-Oi8vdGVzdC81MDQwEYYPaHR0cDovL3Rlc3QvNTA1MBGGD2h0dHA6Ly90ZXN0LzUw +-NjARhg9odHRwOi8vdGVzdC81MDcwEYYPaHR0cDovL3Rlc3QvNTA4MBGGD2h0dHA6 +-Ly90ZXN0LzUwOTARhg9odHRwOi8vdGVzdC81MTAwEYYPaHR0cDovL3Rlc3QvNTEx +-MBGGD2h0dHA6Ly90ZXN0LzUxMjARhg9odHRwOi8vdGVzdC81MTMwEYYPaHR0cDov +-L3Rlc3QvNTE0MBGGD2h0dHA6Ly90ZXN0LzUxNTARhg9odHRwOi8vdGVzdC81MTYw +-EYYPaHR0cDovL3Rlc3QvNTE3MBGGD2h0dHA6Ly90ZXN0LzUxODARhg9odHRwOi8v +-dGVzdC81MTkwEYYPaHR0cDovL3Rlc3QvNTIwMBGGD2h0dHA6Ly90ZXN0LzUyMTAR +-hg9odHRwOi8vdGVzdC81MjIwEYYPaHR0cDovL3Rlc3QvNTIzMBGGD2h0dHA6Ly90 +-ZXN0LzUyNDARhg9odHRwOi8vdGVzdC81MjUwEYYPaHR0cDovL3Rlc3QvNTI2MBGG +-D2h0dHA6Ly90ZXN0LzUyNzARhg9odHRwOi8vdGVzdC81MjgwEYYPaHR0cDovL3Rl +-c3QvNTI5MBGGD2h0dHA6Ly90ZXN0LzUzMDARhg9odHRwOi8vdGVzdC81MzEwEYYP +-aHR0cDovL3Rlc3QvNTMyMBGGD2h0dHA6Ly90ZXN0LzUzMzARhg9odHRwOi8vdGVz +-dC81MzQwEYYPaHR0cDovL3Rlc3QvNTM1MBGGD2h0dHA6Ly90ZXN0LzUzNjARhg9o +-dHRwOi8vdGVzdC81MzcwEYYPaHR0cDovL3Rlc3QvNTM4MBGGD2h0dHA6Ly90ZXN0 +-LzUzOTARhg9odHRwOi8vdGVzdC81NDAwEYYPaHR0cDovL3Rlc3QvNTQxMBGGD2h0 +-dHA6Ly90ZXN0LzU0MjARhg9odHRwOi8vdGVzdC81NDMwEYYPaHR0cDovL3Rlc3Qv +-NTQ0MBGGD2h0dHA6Ly90ZXN0LzU0NTARhg9odHRwOi8vdGVzdC81NDYwEYYPaHR0 +-cDovL3Rlc3QvNTQ3MBGGD2h0dHA6Ly90ZXN0LzU0ODARhg9odHRwOi8vdGVzdC81 +-NDkwEYYPaHR0cDovL3Rlc3QvNTUwMBGGD2h0dHA6Ly90ZXN0LzU1MTARhg9odHRw +-Oi8vdGVzdC81NTIwEYYPaHR0cDovL3Rlc3QvNTUzMBGGD2h0dHA6Ly90ZXN0LzU1 +-NDARhg9odHRwOi8vdGVzdC81NTUwEYYPaHR0cDovL3Rlc3QvNTU2MBGGD2h0dHA6 +-Ly90ZXN0LzU1NzARhg9odHRwOi8vdGVzdC81NTgwEYYPaHR0cDovL3Rlc3QvNTU5 +-MBGGD2h0dHA6Ly90ZXN0LzU2MDARhg9odHRwOi8vdGVzdC81NjEwEYYPaHR0cDov +-L3Rlc3QvNTYyMBGGD2h0dHA6Ly90ZXN0LzU2MzARhg9odHRwOi8vdGVzdC81NjQw +-EYYPaHR0cDovL3Rlc3QvNTY1MBGGD2h0dHA6Ly90ZXN0LzU2NjARhg9odHRwOi8v +-dGVzdC81NjcwEYYPaHR0cDovL3Rlc3QvNTY4MBGGD2h0dHA6Ly90ZXN0LzU2OTAR +-hg9odHRwOi8vdGVzdC81NzAwEYYPaHR0cDovL3Rlc3QvNTcxMBGGD2h0dHA6Ly90 +-ZXN0LzU3MjARhg9odHRwOi8vdGVzdC81NzMwEYYPaHR0cDovL3Rlc3QvNTc0MBGG +-D2h0dHA6Ly90ZXN0LzU3NTARhg9odHRwOi8vdGVzdC81NzYwEYYPaHR0cDovL3Rl +-c3QvNTc3MBGGD2h0dHA6Ly90ZXN0LzU3ODARhg9odHRwOi8vdGVzdC81NzkwEYYP +-aHR0cDovL3Rlc3QvNTgwMBGGD2h0dHA6Ly90ZXN0LzU4MTARhg9odHRwOi8vdGVz +-dC81ODIwEYYPaHR0cDovL3Rlc3QvNTgzMBGGD2h0dHA6Ly90ZXN0LzU4NDARhg9o +-dHRwOi8vdGVzdC81ODUwEYYPaHR0cDovL3Rlc3QvNTg2MBGGD2h0dHA6Ly90ZXN0 +-LzU4NzARhg9odHRwOi8vdGVzdC81ODgwEYYPaHR0cDovL3Rlc3QvNTg5MBGGD2h0 +-dHA6Ly90ZXN0LzU5MDARhg9odHRwOi8vdGVzdC81OTEwEYYPaHR0cDovL3Rlc3Qv +-NTkyMBGGD2h0dHA6Ly90ZXN0LzU5MzARhg9odHRwOi8vdGVzdC81OTQwEYYPaHR0 +-cDovL3Rlc3QvNTk1MBGGD2h0dHA6Ly90ZXN0LzU5NjARhg9odHRwOi8vdGVzdC81 +-OTcwEYYPaHR0cDovL3Rlc3QvNTk4MBGGD2h0dHA6Ly90ZXN0LzU5OTARhg9odHRw +-Oi8vdGVzdC82MDAwEYYPaHR0cDovL3Rlc3QvNjAxMBGGD2h0dHA6Ly90ZXN0LzYw +-MjARhg9odHRwOi8vdGVzdC82MDMwEYYPaHR0cDovL3Rlc3QvNjA0MBGGD2h0dHA6 +-Ly90ZXN0LzYwNTARhg9odHRwOi8vdGVzdC82MDYwEYYPaHR0cDovL3Rlc3QvNjA3 +-MBGGD2h0dHA6Ly90ZXN0LzYwODARhg9odHRwOi8vdGVzdC82MDkwEYYPaHR0cDov +-L3Rlc3QvNjEwMBGGD2h0dHA6Ly90ZXN0LzYxMTARhg9odHRwOi8vdGVzdC82MTIw +-EYYPaHR0cDovL3Rlc3QvNjEzMBGGD2h0dHA6Ly90ZXN0LzYxNDARhg9odHRwOi8v +-dGVzdC82MTUwEYYPaHR0cDovL3Rlc3QvNjE2MBGGD2h0dHA6Ly90ZXN0LzYxNzAR +-hg9odHRwOi8vdGVzdC82MTgwEYYPaHR0cDovL3Rlc3QvNjE5MBGGD2h0dHA6Ly90 +-ZXN0LzYyMDARhg9odHRwOi8vdGVzdC82MjEwEYYPaHR0cDovL3Rlc3QvNjIyMBGG +-D2h0dHA6Ly90ZXN0LzYyMzARhg9odHRwOi8vdGVzdC82MjQwEYYPaHR0cDovL3Rl +-c3QvNjI1MBGGD2h0dHA6Ly90ZXN0LzYyNjARhg9odHRwOi8vdGVzdC82MjcwEYYP +-aHR0cDovL3Rlc3QvNjI4MBGGD2h0dHA6Ly90ZXN0LzYyOTARhg9odHRwOi8vdGVz +-dC82MzAwEYYPaHR0cDovL3Rlc3QvNjMxMBGGD2h0dHA6Ly90ZXN0LzYzMjARhg9o +-dHRwOi8vdGVzdC82MzMwEYYPaHR0cDovL3Rlc3QvNjM0MBGGD2h0dHA6Ly90ZXN0 +-LzYzNTARhg9odHRwOi8vdGVzdC82MzYwEYYPaHR0cDovL3Rlc3QvNjM3MBGGD2h0 +-dHA6Ly90ZXN0LzYzODARhg9odHRwOi8vdGVzdC82MzkwEYYPaHR0cDovL3Rlc3Qv +-NjQwMBGGD2h0dHA6Ly90ZXN0LzY0MTARhg9odHRwOi8vdGVzdC82NDIwEYYPaHR0 +-cDovL3Rlc3QvNjQzMBGGD2h0dHA6Ly90ZXN0LzY0NDARhg9odHRwOi8vdGVzdC82 +-NDUwEYYPaHR0cDovL3Rlc3QvNjQ2MBGGD2h0dHA6Ly90ZXN0LzY0NzARhg9odHRw +-Oi8vdGVzdC82NDgwEYYPaHR0cDovL3Rlc3QvNjQ5MBGGD2h0dHA6Ly90ZXN0LzY1 +-MDARhg9odHRwOi8vdGVzdC82NTEwEYYPaHR0cDovL3Rlc3QvNjUyMBGGD2h0dHA6 +-Ly90ZXN0LzY1MzARhg9odHRwOi8vdGVzdC82NTQwEYYPaHR0cDovL3Rlc3QvNjU1 +-MBGGD2h0dHA6Ly90ZXN0LzY1NjARhg9odHRwOi8vdGVzdC82NTcwEYYPaHR0cDov +-L3Rlc3QvNjU4MBGGD2h0dHA6Ly90ZXN0LzY1OTARhg9odHRwOi8vdGVzdC82NjAw +-EYYPaHR0cDovL3Rlc3QvNjYxMBGGD2h0dHA6Ly90ZXN0LzY2MjARhg9odHRwOi8v +-dGVzdC82NjMwEYYPaHR0cDovL3Rlc3QvNjY0MBGGD2h0dHA6Ly90ZXN0LzY2NTAR +-hg9odHRwOi8vdGVzdC82NjYwEYYPaHR0cDovL3Rlc3QvNjY3MBGGD2h0dHA6Ly90 +-ZXN0LzY2ODARhg9odHRwOi8vdGVzdC82NjkwEYYPaHR0cDovL3Rlc3QvNjcwMBGG +-D2h0dHA6Ly90ZXN0LzY3MTARhg9odHRwOi8vdGVzdC82NzIwEYYPaHR0cDovL3Rl +-c3QvNjczMBGGD2h0dHA6Ly90ZXN0LzY3NDARhg9odHRwOi8vdGVzdC82NzUwEYYP +-aHR0cDovL3Rlc3QvNjc2MBGGD2h0dHA6Ly90ZXN0LzY3NzARhg9odHRwOi8vdGVz +-dC82NzgwEYYPaHR0cDovL3Rlc3QvNjc5MBGGD2h0dHA6Ly90ZXN0LzY4MDARhg9o +-dHRwOi8vdGVzdC82ODEwEYYPaHR0cDovL3Rlc3QvNjgyMBGGD2h0dHA6Ly90ZXN0 +-LzY4MzARhg9odHRwOi8vdGVzdC82ODQwEYYPaHR0cDovL3Rlc3QvNjg1MBGGD2h0 +-dHA6Ly90ZXN0LzY4NjARhg9odHRwOi8vdGVzdC82ODcwEYYPaHR0cDovL3Rlc3Qv +-Njg4MBGGD2h0dHA6Ly90ZXN0LzY4OTARhg9odHRwOi8vdGVzdC82OTAwEYYPaHR0 +-cDovL3Rlc3QvNjkxMBGGD2h0dHA6Ly90ZXN0LzY5MjARhg9odHRwOi8vdGVzdC82 +-OTMwEYYPaHR0cDovL3Rlc3QvNjk0MBGGD2h0dHA6Ly90ZXN0LzY5NTARhg9odHRw +-Oi8vdGVzdC82OTYwEYYPaHR0cDovL3Rlc3QvNjk3MBGGD2h0dHA6Ly90ZXN0LzY5 +-ODARhg9odHRwOi8vdGVzdC82OTkwEYYPaHR0cDovL3Rlc3QvNzAwMBGGD2h0dHA6 +-Ly90ZXN0LzcwMTARhg9odHRwOi8vdGVzdC83MDIwEYYPaHR0cDovL3Rlc3QvNzAz +-MBGGD2h0dHA6Ly90ZXN0LzcwNDARhg9odHRwOi8vdGVzdC83MDUwEYYPaHR0cDov +-L3Rlc3QvNzA2MBGGD2h0dHA6Ly90ZXN0LzcwNzARhg9odHRwOi8vdGVzdC83MDgw +-EYYPaHR0cDovL3Rlc3QvNzA5MBGGD2h0dHA6Ly90ZXN0LzcxMDARhg9odHRwOi8v +-dGVzdC83MTEwEYYPaHR0cDovL3Rlc3QvNzEyMBGGD2h0dHA6Ly90ZXN0LzcxMzAR +-hg9odHRwOi8vdGVzdC83MTQwEYYPaHR0cDovL3Rlc3QvNzE1MBGGD2h0dHA6Ly90 +-ZXN0LzcxNjARhg9odHRwOi8vdGVzdC83MTcwEYYPaHR0cDovL3Rlc3QvNzE4MBGG +-D2h0dHA6Ly90ZXN0LzcxOTARhg9odHRwOi8vdGVzdC83MjAwEYYPaHR0cDovL3Rl +-c3QvNzIxMBGGD2h0dHA6Ly90ZXN0LzcyMjARhg9odHRwOi8vdGVzdC83MjMwEYYP +-aHR0cDovL3Rlc3QvNzI0MBGGD2h0dHA6Ly90ZXN0LzcyNTARhg9odHRwOi8vdGVz +-dC83MjYwEYYPaHR0cDovL3Rlc3QvNzI3MBGGD2h0dHA6Ly90ZXN0LzcyODARhg9o +-dHRwOi8vdGVzdC83MjkwEYYPaHR0cDovL3Rlc3QvNzMwMBGGD2h0dHA6Ly90ZXN0 +-LzczMTARhg9odHRwOi8vdGVzdC83MzIwEYYPaHR0cDovL3Rlc3QvNzMzMBGGD2h0 +-dHA6Ly90ZXN0LzczNDARhg9odHRwOi8vdGVzdC83MzUwEYYPaHR0cDovL3Rlc3Qv +-NzM2MBGGD2h0dHA6Ly90ZXN0LzczNzARhg9odHRwOi8vdGVzdC83MzgwEYYPaHR0 +-cDovL3Rlc3QvNzM5MBGGD2h0dHA6Ly90ZXN0Lzc0MDARhg9odHRwOi8vdGVzdC83 +-NDEwEYYPaHR0cDovL3Rlc3QvNzQyMBGGD2h0dHA6Ly90ZXN0Lzc0MzARhg9odHRw +-Oi8vdGVzdC83NDQwEYYPaHR0cDovL3Rlc3QvNzQ1MBGGD2h0dHA6Ly90ZXN0Lzc0 +-NjARhg9odHRwOi8vdGVzdC83NDcwEYYPaHR0cDovL3Rlc3QvNzQ4MBGGD2h0dHA6 +-Ly90ZXN0Lzc0OTARhg9odHRwOi8vdGVzdC83NTAwEYYPaHR0cDovL3Rlc3QvNzUx +-MBGGD2h0dHA6Ly90ZXN0Lzc1MjARhg9odHRwOi8vdGVzdC83NTMwEYYPaHR0cDov +-L3Rlc3QvNzU0MBGGD2h0dHA6Ly90ZXN0Lzc1NTARhg9odHRwOi8vdGVzdC83NTYw +-EYYPaHR0cDovL3Rlc3QvNzU3MBGGD2h0dHA6Ly90ZXN0Lzc1ODARhg9odHRwOi8v +-dGVzdC83NTkwEYYPaHR0cDovL3Rlc3QvNzYwMBGGD2h0dHA6Ly90ZXN0Lzc2MTAR +-hg9odHRwOi8vdGVzdC83NjIwEYYPaHR0cDovL3Rlc3QvNzYzMBGGD2h0dHA6Ly90 +-ZXN0Lzc2NDARhg9odHRwOi8vdGVzdC83NjUwEYYPaHR0cDovL3Rlc3QvNzY2MBGG +-D2h0dHA6Ly90ZXN0Lzc2NzARhg9odHRwOi8vdGVzdC83NjgwEYYPaHR0cDovL3Rl +-c3QvNzY5MBGGD2h0dHA6Ly90ZXN0Lzc3MDARhg9odHRwOi8vdGVzdC83NzEwEYYP +-aHR0cDovL3Rlc3QvNzcyMBGGD2h0dHA6Ly90ZXN0Lzc3MzARhg9odHRwOi8vdGVz +-dC83NzQwEYYPaHR0cDovL3Rlc3QvNzc1MBGGD2h0dHA6Ly90ZXN0Lzc3NjARhg9o +-dHRwOi8vdGVzdC83NzcwEYYPaHR0cDovL3Rlc3QvNzc4MBGGD2h0dHA6Ly90ZXN0 +-Lzc3OTARhg9odHRwOi8vdGVzdC83ODAwEYYPaHR0cDovL3Rlc3QvNzgxMBGGD2h0 +-dHA6Ly90ZXN0Lzc4MjARhg9odHRwOi8vdGVzdC83ODMwEYYPaHR0cDovL3Rlc3Qv +-Nzg0MBGGD2h0dHA6Ly90ZXN0Lzc4NTARhg9odHRwOi8vdGVzdC83ODYwEYYPaHR0 +-cDovL3Rlc3QvNzg3MBGGD2h0dHA6Ly90ZXN0Lzc4ODARhg9odHRwOi8vdGVzdC83 +-ODkwEYYPaHR0cDovL3Rlc3QvNzkwMBGGD2h0dHA6Ly90ZXN0Lzc5MTARhg9odHRw +-Oi8vdGVzdC83OTIwEYYPaHR0cDovL3Rlc3QvNzkzMBGGD2h0dHA6Ly90ZXN0Lzc5 +-NDARhg9odHRwOi8vdGVzdC83OTUwEYYPaHR0cDovL3Rlc3QvNzk2MBGGD2h0dHA6 +-Ly90ZXN0Lzc5NzARhg9odHRwOi8vdGVzdC83OTgwEYYPaHR0cDovL3Rlc3QvNzk5 +-MBGGD2h0dHA6Ly90ZXN0LzgwMDARhg9odHRwOi8vdGVzdC84MDEwEYYPaHR0cDov +-L3Rlc3QvODAyMBGGD2h0dHA6Ly90ZXN0LzgwMzARhg9odHRwOi8vdGVzdC84MDQw +-EYYPaHR0cDovL3Rlc3QvODA1MBGGD2h0dHA6Ly90ZXN0LzgwNjARhg9odHRwOi8v +-dGVzdC84MDcwEYYPaHR0cDovL3Rlc3QvODA4MBGGD2h0dHA6Ly90ZXN0LzgwOTAR +-hg9odHRwOi8vdGVzdC84MTAwEYYPaHR0cDovL3Rlc3QvODExMBGGD2h0dHA6Ly90 +-ZXN0LzgxMjARhg9odHRwOi8vdGVzdC84MTMwEYYPaHR0cDovL3Rlc3QvODE0MBGG +-D2h0dHA6Ly90ZXN0LzgxNTARhg9odHRwOi8vdGVzdC84MTYwEYYPaHR0cDovL3Rl +-c3QvODE3MBGGD2h0dHA6Ly90ZXN0LzgxODARhg9odHRwOi8vdGVzdC84MTkwEYYP +-aHR0cDovL3Rlc3QvODIwMBGGD2h0dHA6Ly90ZXN0LzgyMTARhg9odHRwOi8vdGVz +-dC84MjIwEYYPaHR0cDovL3Rlc3QvODIzMBGGD2h0dHA6Ly90ZXN0LzgyNDARhg9o +-dHRwOi8vdGVzdC84MjUwEYYPaHR0cDovL3Rlc3QvODI2MBGGD2h0dHA6Ly90ZXN0 +-LzgyNzARhg9odHRwOi8vdGVzdC84MjgwEYYPaHR0cDovL3Rlc3QvODI5MBGGD2h0 +-dHA6Ly90ZXN0LzgzMDARhg9odHRwOi8vdGVzdC84MzEwEYYPaHR0cDovL3Rlc3Qv +-ODMyMBGGD2h0dHA6Ly90ZXN0LzgzMzARhg9odHRwOi8vdGVzdC84MzQwEYYPaHR0 +-cDovL3Rlc3QvODM1MBGGD2h0dHA6Ly90ZXN0LzgzNjARhg9odHRwOi8vdGVzdC84 +-MzcwEYYPaHR0cDovL3Rlc3QvODM4MBGGD2h0dHA6Ly90ZXN0LzgzOTARhg9odHRw +-Oi8vdGVzdC84NDAwEYYPaHR0cDovL3Rlc3QvODQxMBGGD2h0dHA6Ly90ZXN0Lzg0 +-MjARhg9odHRwOi8vdGVzdC84NDMwEYYPaHR0cDovL3Rlc3QvODQ0MBGGD2h0dHA6 +-Ly90ZXN0Lzg0NTARhg9odHRwOi8vdGVzdC84NDYwEYYPaHR0cDovL3Rlc3QvODQ3 +-MBGGD2h0dHA6Ly90ZXN0Lzg0ODARhg9odHRwOi8vdGVzdC84NDkwEYYPaHR0cDov +-L3Rlc3QvODUwMBGGD2h0dHA6Ly90ZXN0Lzg1MTARhg9odHRwOi8vdGVzdC84NTIw +-EYYPaHR0cDovL3Rlc3QvODUzMBGGD2h0dHA6Ly90ZXN0Lzg1NDARhg9odHRwOi8v +-dGVzdC84NTUwEYYPaHR0cDovL3Rlc3QvODU2MBGGD2h0dHA6Ly90ZXN0Lzg1NzAR +-hg9odHRwOi8vdGVzdC84NTgwEYYPaHR0cDovL3Rlc3QvODU5MBGGD2h0dHA6Ly90 +-ZXN0Lzg2MDARhg9odHRwOi8vdGVzdC84NjEwEYYPaHR0cDovL3Rlc3QvODYyMBGG +-D2h0dHA6Ly90ZXN0Lzg2MzARhg9odHRwOi8vdGVzdC84NjQwEYYPaHR0cDovL3Rl +-c3QvODY1MBGGD2h0dHA6Ly90ZXN0Lzg2NjARhg9odHRwOi8vdGVzdC84NjcwEYYP +-aHR0cDovL3Rlc3QvODY4MBGGD2h0dHA6Ly90ZXN0Lzg2OTARhg9odHRwOi8vdGVz +-dC84NzAwEYYPaHR0cDovL3Rlc3QvODcxMBGGD2h0dHA6Ly90ZXN0Lzg3MjARhg9o +-dHRwOi8vdGVzdC84NzMwEYYPaHR0cDovL3Rlc3QvODc0MBGGD2h0dHA6Ly90ZXN0 +-Lzg3NTARhg9odHRwOi8vdGVzdC84NzYwEYYPaHR0cDovL3Rlc3QvODc3MBGGD2h0 +-dHA6Ly90ZXN0Lzg3ODARhg9odHRwOi8vdGVzdC84NzkwEYYPaHR0cDovL3Rlc3Qv +-ODgwMBGGD2h0dHA6Ly90ZXN0Lzg4MTARhg9odHRwOi8vdGVzdC84ODIwEYYPaHR0 +-cDovL3Rlc3QvODgzMBGGD2h0dHA6Ly90ZXN0Lzg4NDARhg9odHRwOi8vdGVzdC84 +-ODUwEYYPaHR0cDovL3Rlc3QvODg2MBGGD2h0dHA6Ly90ZXN0Lzg4NzARhg9odHRw +-Oi8vdGVzdC84ODgwEYYPaHR0cDovL3Rlc3QvODg5MBGGD2h0dHA6Ly90ZXN0Lzg5 +-MDARhg9odHRwOi8vdGVzdC84OTEwEYYPaHR0cDovL3Rlc3QvODkyMBGGD2h0dHA6 +-Ly90ZXN0Lzg5MzARhg9odHRwOi8vdGVzdC84OTQwEYYPaHR0cDovL3Rlc3QvODk1 +-MBGGD2h0dHA6Ly90ZXN0Lzg5NjARhg9odHRwOi8vdGVzdC84OTcwEYYPaHR0cDov +-L3Rlc3QvODk4MBGGD2h0dHA6Ly90ZXN0Lzg5OTARhg9odHRwOi8vdGVzdC85MDAw +-EYYPaHR0cDovL3Rlc3QvOTAxMBGGD2h0dHA6Ly90ZXN0LzkwMjARhg9odHRwOi8v +-dGVzdC85MDMwEYYPaHR0cDovL3Rlc3QvOTA0MBGGD2h0dHA6Ly90ZXN0LzkwNTAR +-hg9odHRwOi8vdGVzdC85MDYwEYYPaHR0cDovL3Rlc3QvOTA3MBGGD2h0dHA6Ly90 +-ZXN0LzkwODARhg9odHRwOi8vdGVzdC85MDkwEYYPaHR0cDovL3Rlc3QvOTEwMBGG +-D2h0dHA6Ly90ZXN0LzkxMTARhg9odHRwOi8vdGVzdC85MTIwEYYPaHR0cDovL3Rl +-c3QvOTEzMBGGD2h0dHA6Ly90ZXN0LzkxNDARhg9odHRwOi8vdGVzdC85MTUwEYYP +-aHR0cDovL3Rlc3QvOTE2MBGGD2h0dHA6Ly90ZXN0LzkxNzARhg9odHRwOi8vdGVz +-dC85MTgwEYYPaHR0cDovL3Rlc3QvOTE5MBGGD2h0dHA6Ly90ZXN0LzkyMDARhg9o +-dHRwOi8vdGVzdC85MjEwEYYPaHR0cDovL3Rlc3QvOTIyMBGGD2h0dHA6Ly90ZXN0 +-LzkyMzARhg9odHRwOi8vdGVzdC85MjQwEYYPaHR0cDovL3Rlc3QvOTI1MBGGD2h0 +-dHA6Ly90ZXN0LzkyNjARhg9odHRwOi8vdGVzdC85MjcwEYYPaHR0cDovL3Rlc3Qv +-OTI4MBGGD2h0dHA6Ly90ZXN0LzkyOTARhg9odHRwOi8vdGVzdC85MzAwEYYPaHR0 +-cDovL3Rlc3QvOTMxMBGGD2h0dHA6Ly90ZXN0LzkzMjARhg9odHRwOi8vdGVzdC85 +-MzMwEYYPaHR0cDovL3Rlc3QvOTM0MBGGD2h0dHA6Ly90ZXN0LzkzNTARhg9odHRw +-Oi8vdGVzdC85MzYwEYYPaHR0cDovL3Rlc3QvOTM3MBGGD2h0dHA6Ly90ZXN0Lzkz +-ODARhg9odHRwOi8vdGVzdC85MzkwEYYPaHR0cDovL3Rlc3QvOTQwMBGGD2h0dHA6 +-Ly90ZXN0Lzk0MTARhg9odHRwOi8vdGVzdC85NDIwEYYPaHR0cDovL3Rlc3QvOTQz +-MBGGD2h0dHA6Ly90ZXN0Lzk0NDARhg9odHRwOi8vdGVzdC85NDUwEYYPaHR0cDov +-L3Rlc3QvOTQ2MBGGD2h0dHA6Ly90ZXN0Lzk0NzARhg9odHRwOi8vdGVzdC85NDgw +-EYYPaHR0cDovL3Rlc3QvOTQ5MBGGD2h0dHA6Ly90ZXN0Lzk1MDARhg9odHRwOi8v +-dGVzdC85NTEwEYYPaHR0cDovL3Rlc3QvOTUyMBGGD2h0dHA6Ly90ZXN0Lzk1MzAR +-hg9odHRwOi8vdGVzdC85NTQwEYYPaHR0cDovL3Rlc3QvOTU1MBGGD2h0dHA6Ly90 +-ZXN0Lzk1NjARhg9odHRwOi8vdGVzdC85NTcwEYYPaHR0cDovL3Rlc3QvOTU4MBGG +-D2h0dHA6Ly90ZXN0Lzk1OTARhg9odHRwOi8vdGVzdC85NjAwEYYPaHR0cDovL3Rl +-c3QvOTYxMBGGD2h0dHA6Ly90ZXN0Lzk2MjARhg9odHRwOi8vdGVzdC85NjMwEYYP +-aHR0cDovL3Rlc3QvOTY0MBGGD2h0dHA6Ly90ZXN0Lzk2NTARhg9odHRwOi8vdGVz +-dC85NjYwEYYPaHR0cDovL3Rlc3QvOTY3MBGGD2h0dHA6Ly90ZXN0Lzk2ODARhg9o +-dHRwOi8vdGVzdC85NjkwEYYPaHR0cDovL3Rlc3QvOTcwMBGGD2h0dHA6Ly90ZXN0 +-Lzk3MTARhg9odHRwOi8vdGVzdC85NzIwEYYPaHR0cDovL3Rlc3QvOTczMBGGD2h0 +-dHA6Ly90ZXN0Lzk3NDARhg9odHRwOi8vdGVzdC85NzUwEYYPaHR0cDovL3Rlc3Qv +-OTc2MBGGD2h0dHA6Ly90ZXN0Lzk3NzARhg9odHRwOi8vdGVzdC85NzgwEYYPaHR0 +-cDovL3Rlc3QvOTc5MBGGD2h0dHA6Ly90ZXN0Lzk4MDARhg9odHRwOi8vdGVzdC85 +-ODEwEYYPaHR0cDovL3Rlc3QvOTgyMBGGD2h0dHA6Ly90ZXN0Lzk4MzARhg9odHRw +-Oi8vdGVzdC85ODQwEYYPaHR0cDovL3Rlc3QvOTg1MBGGD2h0dHA6Ly90ZXN0Lzk4 +-NjARhg9odHRwOi8vdGVzdC85ODcwEYYPaHR0cDovL3Rlc3QvOTg4MBGGD2h0dHA6 +-Ly90ZXN0Lzk4OTARhg9odHRwOi8vdGVzdC85OTAwEYYPaHR0cDovL3Rlc3QvOTkx +-MBGGD2h0dHA6Ly90ZXN0Lzk5MjARhg9odHRwOi8vdGVzdC85OTMwEYYPaHR0cDov +-L3Rlc3QvOTk0MBGGD2h0dHA6Ly90ZXN0Lzk5NTARhg9odHRwOi8vdGVzdC85OTYw +-EYYPaHR0cDovL3Rlc3QvOTk3MBGGD2h0dHA6Ly90ZXN0Lzk5ODARhg9odHRwOi8v +-dGVzdC85OTkwEoYQaHR0cDovL3Rlc3QvMTAwMDAShhBodHRwOi8vdGVzdC8xMDAx +-MBKGEGh0dHA6Ly90ZXN0LzEwMDIwEoYQaHR0cDovL3Rlc3QvMTAwMzAShhBodHRw +-Oi8vdGVzdC8xMDA0MBKGEGh0dHA6Ly90ZXN0LzEwMDUwEoYQaHR0cDovL3Rlc3Qv +-MTAwNjAShhBodHRwOi8vdGVzdC8xMDA3MBKGEGh0dHA6Ly90ZXN0LzEwMDgwEoYQ +-aHR0cDovL3Rlc3QvMTAwOTAShhBodHRwOi8vdGVzdC8xMDEwMBKGEGh0dHA6Ly90 +-ZXN0LzEwMTEwEoYQaHR0cDovL3Rlc3QvMTAxMjAShhBodHRwOi8vdGVzdC8xMDEz +-MBKGEGh0dHA6Ly90ZXN0LzEwMTQwEoYQaHR0cDovL3Rlc3QvMTAxNTAShhBodHRw +-Oi8vdGVzdC8xMDE2MBKGEGh0dHA6Ly90ZXN0LzEwMTcwEoYQaHR0cDovL3Rlc3Qv +-MTAxODAShhBodHRwOi8vdGVzdC8xMDE5MBKGEGh0dHA6Ly90ZXN0LzEwMjAwEoYQ +-aHR0cDovL3Rlc3QvMTAyMTAShhBodHRwOi8vdGVzdC8xMDIyMBKGEGh0dHA6Ly90 +-ZXN0LzEwMjMwEoYQaHR0cDovL3Rlc3QvMTAyNKGClf4wCYIHeDAudGVzdDAJggd4 +-MS50ZXN0MAmCB3gyLnRlc3QwCYIHeDMudGVzdDAJggd4NC50ZXN0MAmCB3g1LnRl +-c3QwCYIHeDYudGVzdDAJggd4Ny50ZXN0MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAK +-ggh4MTAudGVzdDAKggh4MTEudGVzdDAKggh4MTIudGVzdDAKggh4MTMudGVzdDAK +-ggh4MTQudGVzdDAKggh4MTUudGVzdDAKggh4MTYudGVzdDAKggh4MTcudGVzdDAK +-ggh4MTgudGVzdDAKggh4MTkudGVzdDAKggh4MjAudGVzdDAKggh4MjEudGVzdDAK +-ggh4MjIudGVzdDAKggh4MjMudGVzdDAKggh4MjQudGVzdDAKggh4MjUudGVzdDAK +-ggh4MjYudGVzdDAKggh4MjcudGVzdDAKggh4MjgudGVzdDAKggh4MjkudGVzdDAK +-ggh4MzAudGVzdDAKggh4MzEudGVzdDAKggh4MzIudGVzdDAKggh4MzMudGVzdDAK +-ggh4MzQudGVzdDAKggh4MzUudGVzdDAKggh4MzYudGVzdDAKggh4MzcudGVzdDAK +-ggh4MzgudGVzdDAKggh4MzkudGVzdDAKggh4NDAudGVzdDAKggh4NDEudGVzdDAK +-ggh4NDIudGVzdDAKggh4NDMudGVzdDAKggh4NDQudGVzdDAKggh4NDUudGVzdDAK +-ggh4NDYudGVzdDAKggh4NDcudGVzdDAKggh4NDgudGVzdDAKggh4NDkudGVzdDAK +-ggh4NTAudGVzdDAKggh4NTEudGVzdDAKggh4NTIudGVzdDAKggh4NTMudGVzdDAK +-ggh4NTQudGVzdDAKggh4NTUudGVzdDAKggh4NTYudGVzdDAKggh4NTcudGVzdDAK +-ggh4NTgudGVzdDAKggh4NTkudGVzdDAKggh4NjAudGVzdDAKggh4NjEudGVzdDAK +-ggh4NjIudGVzdDAKggh4NjMudGVzdDAKggh4NjQudGVzdDAKggh4NjUudGVzdDAK +-ggh4NjYudGVzdDAKggh4NjcudGVzdDAKggh4NjgudGVzdDAKggh4NjkudGVzdDAK +-ggh4NzAudGVzdDAKggh4NzEudGVzdDAKggh4NzIudGVzdDAKggh4NzMudGVzdDAK +-ggh4NzQudGVzdDAKggh4NzUudGVzdDAKggh4NzYudGVzdDAKggh4NzcudGVzdDAK +-ggh4NzgudGVzdDAKggh4NzkudGVzdDAKggh4ODAudGVzdDAKggh4ODEudGVzdDAK +-ggh4ODIudGVzdDAKggh4ODMudGVzdDAKggh4ODQudGVzdDAKggh4ODUudGVzdDAK +-ggh4ODYudGVzdDAKggh4ODcudGVzdDAKggh4ODgudGVzdDAKggh4ODkudGVzdDAK +-ggh4OTAudGVzdDAKggh4OTEudGVzdDAKggh4OTIudGVzdDAKggh4OTMudGVzdDAK +-ggh4OTQudGVzdDAKggh4OTUudGVzdDAKggh4OTYudGVzdDAKggh4OTcudGVzdDAK +-ggh4OTgudGVzdDAKggh4OTkudGVzdDALggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0 +-MAuCCXgxMDIudGVzdDALggl4MTAzLnRlc3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUu +-dGVzdDALggl4MTA2LnRlc3QwC4IJeDEwNy50ZXN0MAuCCXgxMDgudGVzdDALggl4 +-MTA5LnRlc3QwC4IJeDExMC50ZXN0MAuCCXgxMTEudGVzdDALggl4MTEyLnRlc3Qw +-C4IJeDExMy50ZXN0MAuCCXgxMTQudGVzdDALggl4MTE1LnRlc3QwC4IJeDExNi50 +-ZXN0MAuCCXgxMTcudGVzdDALggl4MTE4LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgx +-MjAudGVzdDALggl4MTIxLnRlc3QwC4IJeDEyMi50ZXN0MAuCCXgxMjMudGVzdDAL +-ggl4MTI0LnRlc3QwC4IJeDEyNS50ZXN0MAuCCXgxMjYudGVzdDALggl4MTI3LnRl +-c3QwC4IJeDEyOC50ZXN0MAuCCXgxMjkudGVzdDALggl4MTMwLnRlc3QwC4IJeDEz +-MS50ZXN0MAuCCXgxMzIudGVzdDALggl4MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuC +-CXgxMzUudGVzdDALggl4MTM2LnRlc3QwC4IJeDEzNy50ZXN0MAuCCXgxMzgudGVz +-dDALggl4MTM5LnRlc3QwC4IJeDE0MC50ZXN0MAuCCXgxNDEudGVzdDALggl4MTQy +-LnRlc3QwC4IJeDE0My50ZXN0MAuCCXgxNDQudGVzdDALggl4MTQ1LnRlc3QwC4IJ +-eDE0Ni50ZXN0MAuCCXgxNDcudGVzdDALggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0 +-MAuCCXgxNTAudGVzdDALggl4MTUxLnRlc3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMu +-dGVzdDALggl4MTU0LnRlc3QwC4IJeDE1NS50ZXN0MAuCCXgxNTYudGVzdDALggl4 +-MTU3LnRlc3QwC4IJeDE1OC50ZXN0MAuCCXgxNTkudGVzdDALggl4MTYwLnRlc3Qw +-C4IJeDE2MS50ZXN0MAuCCXgxNjIudGVzdDALggl4MTYzLnRlc3QwC4IJeDE2NC50 +-ZXN0MAuCCXgxNjUudGVzdDALggl4MTY2LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgx +-NjgudGVzdDALggl4MTY5LnRlc3QwC4IJeDE3MC50ZXN0MAuCCXgxNzEudGVzdDAL +-ggl4MTcyLnRlc3QwC4IJeDE3My50ZXN0MAuCCXgxNzQudGVzdDALggl4MTc1LnRl +-c3QwC4IJeDE3Ni50ZXN0MAuCCXgxNzcudGVzdDALggl4MTc4LnRlc3QwC4IJeDE3 +-OS50ZXN0MAuCCXgxODAudGVzdDALggl4MTgxLnRlc3QwC4IJeDE4Mi50ZXN0MAuC +-CXgxODMudGVzdDALggl4MTg0LnRlc3QwC4IJeDE4NS50ZXN0MAuCCXgxODYudGVz +-dDALggl4MTg3LnRlc3QwC4IJeDE4OC50ZXN0MAuCCXgxODkudGVzdDALggl4MTkw +-LnRlc3QwC4IJeDE5MS50ZXN0MAuCCXgxOTIudGVzdDALggl4MTkzLnRlc3QwC4IJ +-eDE5NC50ZXN0MAuCCXgxOTUudGVzdDALggl4MTk2LnRlc3QwC4IJeDE5Ny50ZXN0 +-MAuCCXgxOTgudGVzdDALggl4MTk5LnRlc3QwC4IJeDIwMC50ZXN0MAuCCXgyMDEu +-dGVzdDALggl4MjAyLnRlc3QwC4IJeDIwMy50ZXN0MAuCCXgyMDQudGVzdDALggl4 +-MjA1LnRlc3QwC4IJeDIwNi50ZXN0MAuCCXgyMDcudGVzdDALggl4MjA4LnRlc3Qw +-C4IJeDIwOS50ZXN0MAuCCXgyMTAudGVzdDALggl4MjExLnRlc3QwC4IJeDIxMi50 +-ZXN0MAuCCXgyMTMudGVzdDALggl4MjE0LnRlc3QwC4IJeDIxNS50ZXN0MAuCCXgy +-MTYudGVzdDALggl4MjE3LnRlc3QwC4IJeDIxOC50ZXN0MAuCCXgyMTkudGVzdDAL +-ggl4MjIwLnRlc3QwC4IJeDIyMS50ZXN0MAuCCXgyMjIudGVzdDALggl4MjIzLnRl +-c3QwC4IJeDIyNC50ZXN0MAuCCXgyMjUudGVzdDALggl4MjI2LnRlc3QwC4IJeDIy +-Ny50ZXN0MAuCCXgyMjgudGVzdDALggl4MjI5LnRlc3QwC4IJeDIzMC50ZXN0MAuC +-CXgyMzEudGVzdDALggl4MjMyLnRlc3QwC4IJeDIzMy50ZXN0MAuCCXgyMzQudGVz +-dDALggl4MjM1LnRlc3QwC4IJeDIzNi50ZXN0MAuCCXgyMzcudGVzdDALggl4MjM4 +-LnRlc3QwC4IJeDIzOS50ZXN0MAuCCXgyNDAudGVzdDALggl4MjQxLnRlc3QwC4IJ +-eDI0Mi50ZXN0MAuCCXgyNDMudGVzdDALggl4MjQ0LnRlc3QwC4IJeDI0NS50ZXN0 +-MAuCCXgyNDYudGVzdDALggl4MjQ3LnRlc3QwC4IJeDI0OC50ZXN0MAuCCXgyNDku +-dGVzdDALggl4MjUwLnRlc3QwC4IJeDI1MS50ZXN0MAuCCXgyNTIudGVzdDALggl4 +-MjUzLnRlc3QwC4IJeDI1NC50ZXN0MAuCCXgyNTUudGVzdDALggl4MjU2LnRlc3Qw +-C4IJeDI1Ny50ZXN0MAuCCXgyNTgudGVzdDALggl4MjU5LnRlc3QwC4IJeDI2MC50 +-ZXN0MAuCCXgyNjEudGVzdDALggl4MjYyLnRlc3QwC4IJeDI2My50ZXN0MAuCCXgy +-NjQudGVzdDALggl4MjY1LnRlc3QwC4IJeDI2Ni50ZXN0MAuCCXgyNjcudGVzdDAL +-ggl4MjY4LnRlc3QwC4IJeDI2OS50ZXN0MAuCCXgyNzAudGVzdDALggl4MjcxLnRl +-c3QwC4IJeDI3Mi50ZXN0MAuCCXgyNzMudGVzdDALggl4Mjc0LnRlc3QwC4IJeDI3 +-NS50ZXN0MAuCCXgyNzYudGVzdDALggl4Mjc3LnRlc3QwC4IJeDI3OC50ZXN0MAuC +-CXgyNzkudGVzdDALggl4MjgwLnRlc3QwC4IJeDI4MS50ZXN0MAuCCXgyODIudGVz +-dDALggl4MjgzLnRlc3QwC4IJeDI4NC50ZXN0MAuCCXgyODUudGVzdDALggl4Mjg2 +-LnRlc3QwC4IJeDI4Ny50ZXN0MAuCCXgyODgudGVzdDALggl4Mjg5LnRlc3QwC4IJ +-eDI5MC50ZXN0MAuCCXgyOTEudGVzdDALggl4MjkyLnRlc3QwC4IJeDI5My50ZXN0 +-MAuCCXgyOTQudGVzdDALggl4Mjk1LnRlc3QwC4IJeDI5Ni50ZXN0MAuCCXgyOTcu +-dGVzdDALggl4Mjk4LnRlc3QwC4IJeDI5OS50ZXN0MAuCCXgzMDAudGVzdDALggl4 +-MzAxLnRlc3QwC4IJeDMwMi50ZXN0MAuCCXgzMDMudGVzdDALggl4MzA0LnRlc3Qw +-C4IJeDMwNS50ZXN0MAuCCXgzMDYudGVzdDALggl4MzA3LnRlc3QwC4IJeDMwOC50 +-ZXN0MAuCCXgzMDkudGVzdDALggl4MzEwLnRlc3QwC4IJeDMxMS50ZXN0MAuCCXgz +-MTIudGVzdDALggl4MzEzLnRlc3QwC4IJeDMxNC50ZXN0MAuCCXgzMTUudGVzdDAL +-ggl4MzE2LnRlc3QwC4IJeDMxNy50ZXN0MAuCCXgzMTgudGVzdDALggl4MzE5LnRl +-c3QwC4IJeDMyMC50ZXN0MAuCCXgzMjEudGVzdDALggl4MzIyLnRlc3QwC4IJeDMy +-My50ZXN0MAuCCXgzMjQudGVzdDALggl4MzI1LnRlc3QwC4IJeDMyNi50ZXN0MAuC +-CXgzMjcudGVzdDALggl4MzI4LnRlc3QwC4IJeDMyOS50ZXN0MAuCCXgzMzAudGVz +-dDALggl4MzMxLnRlc3QwC4IJeDMzMi50ZXN0MAuCCXgzMzMudGVzdDALggl4MzM0 +-LnRlc3QwC4IJeDMzNS50ZXN0MAuCCXgzMzYudGVzdDALggl4MzM3LnRlc3QwC4IJ +-eDMzOC50ZXN0MAuCCXgzMzkudGVzdDALggl4MzQwLnRlc3QwC4IJeDM0MS50ZXN0 +-MAuCCXgzNDIudGVzdDALggl4MzQzLnRlc3QwC4IJeDM0NC50ZXN0MAuCCXgzNDUu +-dGVzdDALggl4MzQ2LnRlc3QwC4IJeDM0Ny50ZXN0MAuCCXgzNDgudGVzdDALggl4 +-MzQ5LnRlc3QwC4IJeDM1MC50ZXN0MAuCCXgzNTEudGVzdDALggl4MzUyLnRlc3Qw +-C4IJeDM1My50ZXN0MAuCCXgzNTQudGVzdDALggl4MzU1LnRlc3QwC4IJeDM1Ni50 +-ZXN0MAuCCXgzNTcudGVzdDALggl4MzU4LnRlc3QwC4IJeDM1OS50ZXN0MAuCCXgz +-NjAudGVzdDALggl4MzYxLnRlc3QwC4IJeDM2Mi50ZXN0MAuCCXgzNjMudGVzdDAL +-ggl4MzY0LnRlc3QwC4IJeDM2NS50ZXN0MAuCCXgzNjYudGVzdDALggl4MzY3LnRl +-c3QwC4IJeDM2OC50ZXN0MAuCCXgzNjkudGVzdDALggl4MzcwLnRlc3QwC4IJeDM3 +-MS50ZXN0MAuCCXgzNzIudGVzdDALggl4MzczLnRlc3QwC4IJeDM3NC50ZXN0MAuC +-CXgzNzUudGVzdDALggl4Mzc2LnRlc3QwC4IJeDM3Ny50ZXN0MAuCCXgzNzgudGVz +-dDALggl4Mzc5LnRlc3QwC4IJeDM4MC50ZXN0MAuCCXgzODEudGVzdDALggl4Mzgy +-LnRlc3QwC4IJeDM4My50ZXN0MAuCCXgzODQudGVzdDALggl4Mzg1LnRlc3QwC4IJ +-eDM4Ni50ZXN0MAuCCXgzODcudGVzdDALggl4Mzg4LnRlc3QwC4IJeDM4OS50ZXN0 +-MAuCCXgzOTAudGVzdDALggl4MzkxLnRlc3QwC4IJeDM5Mi50ZXN0MAuCCXgzOTMu +-dGVzdDALggl4Mzk0LnRlc3QwC4IJeDM5NS50ZXN0MAuCCXgzOTYudGVzdDALggl4 +-Mzk3LnRlc3QwC4IJeDM5OC50ZXN0MAuCCXgzOTkudGVzdDALggl4NDAwLnRlc3Qw +-C4IJeDQwMS50ZXN0MAuCCXg0MDIudGVzdDALggl4NDAzLnRlc3QwC4IJeDQwNC50 +-ZXN0MAuCCXg0MDUudGVzdDALggl4NDA2LnRlc3QwC4IJeDQwNy50ZXN0MAuCCXg0 +-MDgudGVzdDALggl4NDA5LnRlc3QwC4IJeDQxMC50ZXN0MAuCCXg0MTEudGVzdDAL +-ggl4NDEyLnRlc3QwC4IJeDQxMy50ZXN0MAuCCXg0MTQudGVzdDALggl4NDE1LnRl +-c3QwC4IJeDQxNi50ZXN0MAuCCXg0MTcudGVzdDAKhwgLAAAA/////zAKhwgLAAAB +-/////zAKhwgLAAAC/////zAKhwgLAAAD/////zAKhwgLAAAE/////zAKhwgLAAAF +-/////zAKhwgLAAAG/////zAKhwgLAAAH/////zAKhwgLAAAI/////zAKhwgLAAAJ +-/////zAKhwgLAAAK/////zAKhwgLAAAL/////zAKhwgLAAAM/////zAKhwgLAAAN +-/////zAKhwgLAAAO/////zAKhwgLAAAP/////zAKhwgLAAAQ/////zAKhwgLAAAR +-/////zAKhwgLAAAS/////zAKhwgLAAAT/////zAKhwgLAAAU/////zAKhwgLAAAV +-/////zAKhwgLAAAW/////zAKhwgLAAAX/////zAKhwgLAAAY/////zAKhwgLAAAZ +-/////zAKhwgLAAAa/////zAKhwgLAAAb/////zAKhwgLAAAc/////zAKhwgLAAAd +-/////zAKhwgLAAAe/////zAKhwgLAAAf/////zAKhwgLAAAg/////zAKhwgLAAAh +-/////zAKhwgLAAAi/////zAKhwgLAAAj/////zAKhwgLAAAk/////zAKhwgLAAAl +-/////zAKhwgLAAAm/////zAKhwgLAAAn/////zAKhwgLAAAo/////zAKhwgLAAAp +-/////zAKhwgLAAAq/////zAKhwgLAAAr/////zAKhwgLAAAs/////zAKhwgLAAAt +-/////zAKhwgLAAAu/////zAKhwgLAAAv/////zAKhwgLAAAw/////zAKhwgLAAAx +-/////zAKhwgLAAAy/////zAKhwgLAAAz/////zAKhwgLAAA0/////zAKhwgLAAA1 +-/////zAKhwgLAAA2/////zAKhwgLAAA3/////zAKhwgLAAA4/////zAKhwgLAAA5 +-/////zAKhwgLAAA6/////zAKhwgLAAA7/////zAKhwgLAAA8/////zAKhwgLAAA9 +-/////zAKhwgLAAA+/////zAKhwgLAAA//////zAKhwgLAABA/////zAKhwgLAABB +-/////zAKhwgLAABC/////zAKhwgLAABD/////zAKhwgLAABE/////zAKhwgLAABF +-/////zAKhwgLAABG/////zAKhwgLAABH/////zAKhwgLAABI/////zAKhwgLAABJ +-/////zAKhwgLAABK/////zAKhwgLAABL/////zAKhwgLAABM/////zAKhwgLAABN +-/////zAKhwgLAABO/////zAKhwgLAABP/////zAKhwgLAABQ/////zAKhwgLAABR +-/////zAKhwgLAABS/////zAKhwgLAABT/////zAKhwgLAABU/////zAKhwgLAABV +-/////zAKhwgLAABW/////zAKhwgLAABX/////zAKhwgLAABY/////zAKhwgLAABZ +-/////zAKhwgLAABa/////zAKhwgLAABb/////zAKhwgLAABc/////zAKhwgLAABd +-/////zAKhwgLAABe/////zAKhwgLAABf/////zAKhwgLAABg/////zAKhwgLAABh +-/////zAKhwgLAABi/////zAKhwgLAABj/////zAKhwgLAABk/////zAKhwgLAABl +-/////zAKhwgLAABm/////zAKhwgLAABn/////zAKhwgLAABo/////zAKhwgLAABp +-/////zAKhwgLAABq/////zAKhwgLAABr/////zAKhwgLAABs/////zAKhwgLAABt +-/////zAKhwgLAABu/////zAKhwgLAABv/////zAKhwgLAABw/////zAKhwgLAABx +-/////zAKhwgLAABy/////zAKhwgLAABz/////zAKhwgLAAB0/////zAKhwgLAAB1 +-/////zAKhwgLAAB2/////zAKhwgLAAB3/////zAKhwgLAAB4/////zAKhwgLAAB5 +-/////zAKhwgLAAB6/////zAKhwgLAAB7/////zAKhwgLAAB8/////zAKhwgLAAB9 +-/////zAKhwgLAAB+/////zAKhwgLAAB//////zAKhwgLAACA/////zAKhwgLAACB +-/////zAKhwgLAACC/////zAKhwgLAACD/////zAKhwgLAACE/////zAKhwgLAACF +-/////zAKhwgLAACG/////zAKhwgLAACH/////zAKhwgLAACI/////zAKhwgLAACJ +-/////zAKhwgLAACK/////zAKhwgLAACL/////zAKhwgLAACM/////zAKhwgLAACN +-/////zAKhwgLAACO/////zAKhwgLAACP/////zAKhwgLAACQ/////zAKhwgLAACR +-/////zAKhwgLAACS/////zAKhwgLAACT/////zAKhwgLAACU/////zAKhwgLAACV +-/////zAKhwgLAACW/////zAKhwgLAACX/////zAKhwgLAACY/////zAKhwgLAACZ +-/////zAKhwgLAACa/////zAKhwgLAACb/////zAKhwgLAACc/////zAKhwgLAACd +-/////zAKhwgLAACe/////zAKhwgLAACf/////zAKhwgLAACg/////zAKhwgLAACh +-/////zAKhwgLAACi/////zAKhwgLAACj/////zAKhwgLAACk/////zAKhwgLAACl +-/////zAKhwgLAACm/////zAKhwgLAACn/////zAKhwgLAACo/////zAKhwgLAACp +-/////zAKhwgLAACq/////zAKhwgLAACr/////zAKhwgLAACs/////zAKhwgLAACt +-/////zAKhwgLAACu/////zAKhwgLAACv/////zAKhwgLAACw/////zAKhwgLAACx +-/////zAKhwgLAACy/////zAKhwgLAACz/////zAKhwgLAAC0/////zAKhwgLAAC1 +-/////zAKhwgLAAC2/////zAKhwgLAAC3/////zAKhwgLAAC4/////zAKhwgLAAC5 +-/////zAKhwgLAAC6/////zAKhwgLAAC7/////zAKhwgLAAC8/////zAKhwgLAAC9 +-/////zAKhwgLAAC+/////zAKhwgLAAC//////zAKhwgLAADA/////zAKhwgLAADB +-/////zAKhwgLAADC/////zAKhwgLAADD/////zAKhwgLAADE/////zAKhwgLAADF +-/////zAKhwgLAADG/////zAKhwgLAADH/////zAKhwgLAADI/////zAKhwgLAADJ +-/////zAKhwgLAADK/////zAKhwgLAADL/////zAKhwgLAADM/////zAKhwgLAADN +-/////zAKhwgLAADO/////zAKhwgLAADP/////zAKhwgLAADQ/////zAKhwgLAADR +-/////zAKhwgLAADS/////zAKhwgLAADT/////zAKhwgLAADU/////zAKhwgLAADV +-/////zAKhwgLAADW/////zAKhwgLAADX/////zAKhwgLAADY/////zAKhwgLAADZ +-/////zAKhwgLAADa/////zAKhwgLAADb/////zAKhwgLAADc/////zAKhwgLAADd +-/////zAKhwgLAADe/////zAKhwgLAADf/////zAKhwgLAADg/////zAKhwgLAADh +-/////zAKhwgLAADi/////zAKhwgLAADj/////zAKhwgLAADk/////zAKhwgLAADl +-/////zAKhwgLAADm/////zAKhwgLAADn/////zAKhwgLAADo/////zAKhwgLAADp +-/////zAKhwgLAADq/////zAKhwgLAADr/////zAKhwgLAADs/////zAKhwgLAADt +-/////zAKhwgLAADu/////zAKhwgLAADv/////zAKhwgLAADw/////zAKhwgLAADx +-/////zAKhwgLAADy/////zAKhwgLAADz/////zAKhwgLAAD0/////zAKhwgLAAD1 +-/////zAKhwgLAAD2/////zAKhwgLAAD3/////zAKhwgLAAD4/////zAKhwgLAAD5 +-/////zAKhwgLAAD6/////zAKhwgLAAD7/////zAKhwgLAAD8/////zAKhwgLAAD9 +-/////zAKhwgLAAD+/////zAKhwgLAAD//////zAKhwgLAAEA/////zAKhwgLAAEB +-/////zAKhwgLAAEC/////zAKhwgLAAED/////zAKhwgLAAEE/////zAKhwgLAAEF +-/////zAKhwgLAAEG/////zAKhwgLAAEH/////zAKhwgLAAEI/////zAKhwgLAAEJ +-/////zAKhwgLAAEK/////zAKhwgLAAEL/////zAKhwgLAAEM/////zAKhwgLAAEN +-/////zAKhwgLAAEO/////zAKhwgLAAEP/////zAKhwgLAAEQ/////zAKhwgLAAER +-/////zAKhwgLAAES/////zAKhwgLAAET/////zAKhwgLAAEU/////zAKhwgLAAEV +-/////zAKhwgLAAEW/////zAKhwgLAAEX/////zAKhwgLAAEY/////zAKhwgLAAEZ +-/////zAKhwgLAAEa/////zAKhwgLAAEb/////zAKhwgLAAEc/////zAKhwgLAAEd +-/////zAKhwgLAAEe/////zAKhwgLAAEf/////zAKhwgLAAEg/////zAKhwgLAAEh +-/////zAKhwgLAAEi/////zAKhwgLAAEj/////zAKhwgLAAEk/////zAKhwgLAAEl +-/////zAKhwgLAAEm/////zAKhwgLAAEn/////zAKhwgLAAEo/////zAKhwgLAAEp +-/////zAKhwgLAAEq/////zAKhwgLAAEr/////zAKhwgLAAEs/////zAKhwgLAAEt +-/////zAKhwgLAAEu/////zAKhwgLAAEv/////zAKhwgLAAEw/////zAKhwgLAAEx +-/////zAKhwgLAAEy/////zAKhwgLAAEz/////zAKhwgLAAE0/////zAKhwgLAAE1 +-/////zAKhwgLAAE2/////zAKhwgLAAE3/////zAKhwgLAAE4/////zAKhwgLAAE5 +-/////zAKhwgLAAE6/////zAKhwgLAAE7/////zAKhwgLAAE8/////zAKhwgLAAE9 +-/////zAKhwgLAAE+/////zAKhwgLAAE//////zAKhwgLAAFA/////zAKhwgLAAFB +-/////zAKhwgLAAFC/////zAKhwgLAAFD/////zAKhwgLAAFE/////zAKhwgLAAFF +-/////zAKhwgLAAFG/////zAKhwgLAAFH/////zAKhwgLAAFI/////zAKhwgLAAFJ +-/////zAKhwgLAAFK/////zAKhwgLAAFL/////zAKhwgLAAFM/////zAKhwgLAAFN +-/////zAKhwgLAAFO/////zAKhwgLAAFP/////zAKhwgLAAFQ/////zAKhwgLAAFR +-/////zAKhwgLAAFS/////zAKhwgLAAFT/////zAKhwgLAAFU/////zAKhwgLAAFV +-/////zAKhwgLAAFW/////zAKhwgLAAFX/////zAKhwgLAAFY/////zAKhwgLAAFZ +-/////zAKhwgLAAFa/////zAKhwgLAAFb/////zAKhwgLAAFc/////zAKhwgLAAFd +-/////zAKhwgLAAFe/////zAKhwgLAAFf/////zAKhwgLAAFg/////zAKhwgLAAFh +-/////zAKhwgLAAFi/////zAKhwgLAAFj/////zAKhwgLAAFk/////zAKhwgLAAFl +-/////zAKhwgLAAFm/////zAKhwgLAAFn/////zAKhwgLAAFo/////zAKhwgLAAFp +-/////zAKhwgLAAFq/////zAKhwgLAAFr/////zAKhwgLAAFs/////zAKhwgLAAFt +-/////zAKhwgLAAFu/////zAKhwgLAAFv/////zAKhwgLAAFw/////zAKhwgLAAFx +-/////zAKhwgLAAFy/////zAKhwgLAAFz/////zAKhwgLAAF0/////zAKhwgLAAF1 +-/////zAKhwgLAAF2/////zAKhwgLAAF3/////zAKhwgLAAF4/////zAKhwgLAAF5 +-/////zAKhwgLAAF6/////zAKhwgLAAF7/////zAKhwgLAAF8/////zAKhwgLAAF9 +-/////zAKhwgLAAF+/////zAKhwgLAAF//////zAKhwgLAAGA/////zAKhwgLAAGB +-/////zAKhwgLAAGC/////zAKhwgLAAGD/////zAKhwgLAAGE/////zAKhwgLAAGF +-/////zAKhwgLAAGG/////zAKhwgLAAGH/////zAKhwgLAAGI/////zAKhwgLAAGJ +-/////zAKhwgLAAGK/////zAKhwgLAAGL/////zAKhwgLAAGM/////zAKhwgLAAGN +-/////zAKhwgLAAGO/////zAKhwgLAAGP/////zAKhwgLAAGQ/////zAKhwgLAAGR +-/////zAKhwgLAAGS/////zAKhwgLAAGT/////zAKhwgLAAGU/////zAKhwgLAAGV +-/////zAKhwgLAAGW/////zAKhwgLAAGX/////zAKhwgLAAGY/////zAKhwgLAAGZ +-/////zAKhwgLAAGa/////zAKhwgLAAGb/////zAKhwgLAAGc/////zAKhwgLAAGd +-/////zAKhwgLAAGe/////zAKhwgLAAGf/////zAKhwgLAAGg/////zAKhwgLAAGh +-/////zARpA8wDTELMAkGA1UEAwwCeDAwEaQPMA0xCzAJBgNVBAMMAngxMBGkDzAN +-MQswCQYDVQQDDAJ4MjARpA8wDTELMAkGA1UEAwwCeDMwEaQPMA0xCzAJBgNVBAMM +-Ang0MBGkDzANMQswCQYDVQQDDAJ4NTARpA8wDTELMAkGA1UEAwwCeDYwEaQPMA0x +-CzAJBgNVBAMMAng3MBGkDzANMQswCQYDVQQDDAJ4ODARpA8wDTELMAkGA1UEAwwC +-eDkwEqQQMA4xDDAKBgNVBAMMA3gxMDASpBAwDjEMMAoGA1UEAwwDeDExMBKkEDAO +-MQwwCgYDVQQDDAN4MTIwEqQQMA4xDDAKBgNVBAMMA3gxMzASpBAwDjEMMAoGA1UE +-AwwDeDE0MBKkEDAOMQwwCgYDVQQDDAN4MTUwEqQQMA4xDDAKBgNVBAMMA3gxNjAS +-pBAwDjEMMAoGA1UEAwwDeDE3MBKkEDAOMQwwCgYDVQQDDAN4MTgwEqQQMA4xDDAK +-BgNVBAMMA3gxOTASpBAwDjEMMAoGA1UEAwwDeDIwMBKkEDAOMQwwCgYDVQQDDAN4 +-MjEwEqQQMA4xDDAKBgNVBAMMA3gyMjASpBAwDjEMMAoGA1UEAwwDeDIzMBKkEDAO +-MQwwCgYDVQQDDAN4MjQwEqQQMA4xDDAKBgNVBAMMA3gyNTASpBAwDjEMMAoGA1UE +-AwwDeDI2MBKkEDAOMQwwCgYDVQQDDAN4MjcwEqQQMA4xDDAKBgNVBAMMA3gyODAS +-pBAwDjEMMAoGA1UEAwwDeDI5MBKkEDAOMQwwCgYDVQQDDAN4MzAwEqQQMA4xDDAK +-BgNVBAMMA3gzMTASpBAwDjEMMAoGA1UEAwwDeDMyMBKkEDAOMQwwCgYDVQQDDAN4 +-MzMwEqQQMA4xDDAKBgNVBAMMA3gzNDASpBAwDjEMMAoGA1UEAwwDeDM1MBKkEDAO +-MQwwCgYDVQQDDAN4MzYwEqQQMA4xDDAKBgNVBAMMA3gzNzASpBAwDjEMMAoGA1UE +-AwwDeDM4MBKkEDAOMQwwCgYDVQQDDAN4MzkwEqQQMA4xDDAKBgNVBAMMA3g0MDAS +-pBAwDjEMMAoGA1UEAwwDeDQxMBKkEDAOMQwwCgYDVQQDDAN4NDIwEqQQMA4xDDAK +-BgNVBAMMA3g0MzASpBAwDjEMMAoGA1UEAwwDeDQ0MBKkEDAOMQwwCgYDVQQDDAN4 +-NDUwEqQQMA4xDDAKBgNVBAMMA3g0NjASpBAwDjEMMAoGA1UEAwwDeDQ3MBKkEDAO +-MQwwCgYDVQQDDAN4NDgwEqQQMA4xDDAKBgNVBAMMA3g0OTASpBAwDjEMMAoGA1UE +-AwwDeDUwMBKkEDAOMQwwCgYDVQQDDAN4NTEwEqQQMA4xDDAKBgNVBAMMA3g1MjAS +-pBAwDjEMMAoGA1UEAwwDeDUzMBKkEDAOMQwwCgYDVQQDDAN4NTQwEqQQMA4xDDAK +-BgNVBAMMA3g1NTASpBAwDjEMMAoGA1UEAwwDeDU2MBKkEDAOMQwwCgYDVQQDDAN4 +-NTcwEqQQMA4xDDAKBgNVBAMMA3g1ODASpBAwDjEMMAoGA1UEAwwDeDU5MBKkEDAO +-MQwwCgYDVQQDDAN4NjAwEqQQMA4xDDAKBgNVBAMMA3g2MTASpBAwDjEMMAoGA1UE +-AwwDeDYyMBKkEDAOMQwwCgYDVQQDDAN4NjMwEqQQMA4xDDAKBgNVBAMMA3g2NDAS +-pBAwDjEMMAoGA1UEAwwDeDY1MBKkEDAOMQwwCgYDVQQDDAN4NjYwEqQQMA4xDDAK +-BgNVBAMMA3g2NzASpBAwDjEMMAoGA1UEAwwDeDY4MBKkEDAOMQwwCgYDVQQDDAN4 +-NjkwEqQQMA4xDDAKBgNVBAMMA3g3MDASpBAwDjEMMAoGA1UEAwwDeDcxMBKkEDAO +-MQwwCgYDVQQDDAN4NzIwEqQQMA4xDDAKBgNVBAMMA3g3MzASpBAwDjEMMAoGA1UE +-AwwDeDc0MBKkEDAOMQwwCgYDVQQDDAN4NzUwEqQQMA4xDDAKBgNVBAMMA3g3NjAS +-pBAwDjEMMAoGA1UEAwwDeDc3MBKkEDAOMQwwCgYDVQQDDAN4NzgwEqQQMA4xDDAK +-BgNVBAMMA3g3OTASpBAwDjEMMAoGA1UEAwwDeDgwMBKkEDAOMQwwCgYDVQQDDAN4 +-ODEwEqQQMA4xDDAKBgNVBAMMA3g4MjASpBAwDjEMMAoGA1UEAwwDeDgzMBKkEDAO +-MQwwCgYDVQQDDAN4ODQwEqQQMA4xDDAKBgNVBAMMA3g4NTASpBAwDjEMMAoGA1UE +-AwwDeDg2MBKkEDAOMQwwCgYDVQQDDAN4ODcwEqQQMA4xDDAKBgNVBAMMA3g4ODAS +-pBAwDjEMMAoGA1UEAwwDeDg5MBKkEDAOMQwwCgYDVQQDDAN4OTAwEqQQMA4xDDAK +-BgNVBAMMA3g5MTASpBAwDjEMMAoGA1UEAwwDeDkyMBKkEDAOMQwwCgYDVQQDDAN4 +-OTMwEqQQMA4xDDAKBgNVBAMMA3g5NDASpBAwDjEMMAoGA1UEAwwDeDk1MBKkEDAO +-MQwwCgYDVQQDDAN4OTYwEqQQMA4xDDAKBgNVBAMMA3g5NzASpBAwDjEMMAoGA1UE +-AwwDeDk4MBKkEDAOMQwwCgYDVQQDDAN4OTkwE6QRMA8xDTALBgNVBAMMBHgxMDAw +-E6QRMA8xDTALBgNVBAMMBHgxMDEwE6QRMA8xDTALBgNVBAMMBHgxMDIwE6QRMA8x +-DTALBgNVBAMMBHgxMDMwE6QRMA8xDTALBgNVBAMMBHgxMDQwE6QRMA8xDTALBgNV +-BAMMBHgxMDUwE6QRMA8xDTALBgNVBAMMBHgxMDYwE6QRMA8xDTALBgNVBAMMBHgx +-MDcwE6QRMA8xDTALBgNVBAMMBHgxMDgwE6QRMA8xDTALBgNVBAMMBHgxMDkwE6QR +-MA8xDTALBgNVBAMMBHgxMTAwE6QRMA8xDTALBgNVBAMMBHgxMTEwE6QRMA8xDTAL +-BgNVBAMMBHgxMTIwE6QRMA8xDTALBgNVBAMMBHgxMTMwE6QRMA8xDTALBgNVBAMM +-BHgxMTQwE6QRMA8xDTALBgNVBAMMBHgxMTUwE6QRMA8xDTALBgNVBAMMBHgxMTYw +-E6QRMA8xDTALBgNVBAMMBHgxMTcwE6QRMA8xDTALBgNVBAMMBHgxMTgwE6QRMA8x +-DTALBgNVBAMMBHgxMTkwE6QRMA8xDTALBgNVBAMMBHgxMjAwE6QRMA8xDTALBgNV +-BAMMBHgxMjEwE6QRMA8xDTALBgNVBAMMBHgxMjIwE6QRMA8xDTALBgNVBAMMBHgx +-MjMwE6QRMA8xDTALBgNVBAMMBHgxMjQwE6QRMA8xDTALBgNVBAMMBHgxMjUwE6QR +-MA8xDTALBgNVBAMMBHgxMjYwE6QRMA8xDTALBgNVBAMMBHgxMjcwE6QRMA8xDTAL +-BgNVBAMMBHgxMjgwE6QRMA8xDTALBgNVBAMMBHgxMjkwE6QRMA8xDTALBgNVBAMM +-BHgxMzAwE6QRMA8xDTALBgNVBAMMBHgxMzEwE6QRMA8xDTALBgNVBAMMBHgxMzIw +-E6QRMA8xDTALBgNVBAMMBHgxMzMwE6QRMA8xDTALBgNVBAMMBHgxMzQwE6QRMA8x +-DTALBgNVBAMMBHgxMzUwE6QRMA8xDTALBgNVBAMMBHgxMzYwE6QRMA8xDTALBgNV +-BAMMBHgxMzcwE6QRMA8xDTALBgNVBAMMBHgxMzgwE6QRMA8xDTALBgNVBAMMBHgx +-MzkwE6QRMA8xDTALBgNVBAMMBHgxNDAwE6QRMA8xDTALBgNVBAMMBHgxNDEwE6QR +-MA8xDTALBgNVBAMMBHgxNDIwE6QRMA8xDTALBgNVBAMMBHgxNDMwE6QRMA8xDTAL +-BgNVBAMMBHgxNDQwE6QRMA8xDTALBgNVBAMMBHgxNDUwE6QRMA8xDTALBgNVBAMM +-BHgxNDYwE6QRMA8xDTALBgNVBAMMBHgxNDcwE6QRMA8xDTALBgNVBAMMBHgxNDgw +-E6QRMA8xDTALBgNVBAMMBHgxNDkwE6QRMA8xDTALBgNVBAMMBHgxNTAwE6QRMA8x +-DTALBgNVBAMMBHgxNTEwE6QRMA8xDTALBgNVBAMMBHgxNTIwE6QRMA8xDTALBgNV +-BAMMBHgxNTMwE6QRMA8xDTALBgNVBAMMBHgxNTQwE6QRMA8xDTALBgNVBAMMBHgx +-NTUwE6QRMA8xDTALBgNVBAMMBHgxNTYwE6QRMA8xDTALBgNVBAMMBHgxNTcwE6QR +-MA8xDTALBgNVBAMMBHgxNTgwE6QRMA8xDTALBgNVBAMMBHgxNTkwE6QRMA8xDTAL +-BgNVBAMMBHgxNjAwE6QRMA8xDTALBgNVBAMMBHgxNjEwE6QRMA8xDTALBgNVBAMM +-BHgxNjIwE6QRMA8xDTALBgNVBAMMBHgxNjMwE6QRMA8xDTALBgNVBAMMBHgxNjQw +-E6QRMA8xDTALBgNVBAMMBHgxNjUwE6QRMA8xDTALBgNVBAMMBHgxNjYwE6QRMA8x +-DTALBgNVBAMMBHgxNjcwE6QRMA8xDTALBgNVBAMMBHgxNjgwE6QRMA8xDTALBgNV +-BAMMBHgxNjkwE6QRMA8xDTALBgNVBAMMBHgxNzAwE6QRMA8xDTALBgNVBAMMBHgx +-NzEwE6QRMA8xDTALBgNVBAMMBHgxNzIwE6QRMA8xDTALBgNVBAMMBHgxNzMwE6QR +-MA8xDTALBgNVBAMMBHgxNzQwE6QRMA8xDTALBgNVBAMMBHgxNzUwE6QRMA8xDTAL +-BgNVBAMMBHgxNzYwE6QRMA8xDTALBgNVBAMMBHgxNzcwE6QRMA8xDTALBgNVBAMM +-BHgxNzgwE6QRMA8xDTALBgNVBAMMBHgxNzkwE6QRMA8xDTALBgNVBAMMBHgxODAw +-E6QRMA8xDTALBgNVBAMMBHgxODEwE6QRMA8xDTALBgNVBAMMBHgxODIwE6QRMA8x +-DTALBgNVBAMMBHgxODMwE6QRMA8xDTALBgNVBAMMBHgxODQwE6QRMA8xDTALBgNV +-BAMMBHgxODUwE6QRMA8xDTALBgNVBAMMBHgxODYwE6QRMA8xDTALBgNVBAMMBHgx +-ODcwE6QRMA8xDTALBgNVBAMMBHgxODgwE6QRMA8xDTALBgNVBAMMBHgxODkwE6QR +-MA8xDTALBgNVBAMMBHgxOTAwE6QRMA8xDTALBgNVBAMMBHgxOTEwE6QRMA8xDTAL +-BgNVBAMMBHgxOTIwE6QRMA8xDTALBgNVBAMMBHgxOTMwE6QRMA8xDTALBgNVBAMM +-BHgxOTQwE6QRMA8xDTALBgNVBAMMBHgxOTUwE6QRMA8xDTALBgNVBAMMBHgxOTYw +-E6QRMA8xDTALBgNVBAMMBHgxOTcwE6QRMA8xDTALBgNVBAMMBHgxOTgwE6QRMA8x +-DTALBgNVBAMMBHgxOTkwE6QRMA8xDTALBgNVBAMMBHgyMDAwE6QRMA8xDTALBgNV +-BAMMBHgyMDEwE6QRMA8xDTALBgNVBAMMBHgyMDIwE6QRMA8xDTALBgNVBAMMBHgy +-MDMwE6QRMA8xDTALBgNVBAMMBHgyMDQwE6QRMA8xDTALBgNVBAMMBHgyMDUwE6QR +-MA8xDTALBgNVBAMMBHgyMDYwE6QRMA8xDTALBgNVBAMMBHgyMDcwE6QRMA8xDTAL +-BgNVBAMMBHgyMDgwE6QRMA8xDTALBgNVBAMMBHgyMDkwE6QRMA8xDTALBgNVBAMM +-BHgyMTAwE6QRMA8xDTALBgNVBAMMBHgyMTEwE6QRMA8xDTALBgNVBAMMBHgyMTIw +-E6QRMA8xDTALBgNVBAMMBHgyMTMwE6QRMA8xDTALBgNVBAMMBHgyMTQwE6QRMA8x +-DTALBgNVBAMMBHgyMTUwE6QRMA8xDTALBgNVBAMMBHgyMTYwE6QRMA8xDTALBgNV +-BAMMBHgyMTcwE6QRMA8xDTALBgNVBAMMBHgyMTgwE6QRMA8xDTALBgNVBAMMBHgy +-MTkwE6QRMA8xDTALBgNVBAMMBHgyMjAwE6QRMA8xDTALBgNVBAMMBHgyMjEwE6QR +-MA8xDTALBgNVBAMMBHgyMjIwE6QRMA8xDTALBgNVBAMMBHgyMjMwE6QRMA8xDTAL +-BgNVBAMMBHgyMjQwE6QRMA8xDTALBgNVBAMMBHgyMjUwE6QRMA8xDTALBgNVBAMM +-BHgyMjYwE6QRMA8xDTALBgNVBAMMBHgyMjcwE6QRMA8xDTALBgNVBAMMBHgyMjgw +-E6QRMA8xDTALBgNVBAMMBHgyMjkwE6QRMA8xDTALBgNVBAMMBHgyMzAwE6QRMA8x +-DTALBgNVBAMMBHgyMzEwE6QRMA8xDTALBgNVBAMMBHgyMzIwE6QRMA8xDTALBgNV +-BAMMBHgyMzMwE6QRMA8xDTALBgNVBAMMBHgyMzQwE6QRMA8xDTALBgNVBAMMBHgy +-MzUwE6QRMA8xDTALBgNVBAMMBHgyMzYwE6QRMA8xDTALBgNVBAMMBHgyMzcwE6QR +-MA8xDTALBgNVBAMMBHgyMzgwE6QRMA8xDTALBgNVBAMMBHgyMzkwE6QRMA8xDTAL +-BgNVBAMMBHgyNDAwE6QRMA8xDTALBgNVBAMMBHgyNDEwE6QRMA8xDTALBgNVBAMM +-BHgyNDIwE6QRMA8xDTALBgNVBAMMBHgyNDMwE6QRMA8xDTALBgNVBAMMBHgyNDQw +-E6QRMA8xDTALBgNVBAMMBHgyNDUwE6QRMA8xDTALBgNVBAMMBHgyNDYwE6QRMA8x +-DTALBgNVBAMMBHgyNDcwE6QRMA8xDTALBgNVBAMMBHgyNDgwE6QRMA8xDTALBgNV +-BAMMBHgyNDkwE6QRMA8xDTALBgNVBAMMBHgyNTAwE6QRMA8xDTALBgNVBAMMBHgy +-NTEwE6QRMA8xDTALBgNVBAMMBHgyNTIwE6QRMA8xDTALBgNVBAMMBHgyNTMwE6QR +-MA8xDTALBgNVBAMMBHgyNTQwE6QRMA8xDTALBgNVBAMMBHgyNTUwE6QRMA8xDTAL +-BgNVBAMMBHgyNTYwE6QRMA8xDTALBgNVBAMMBHgyNTcwE6QRMA8xDTALBgNVBAMM +-BHgyNTgwE6QRMA8xDTALBgNVBAMMBHgyNTkwE6QRMA8xDTALBgNVBAMMBHgyNjAw +-E6QRMA8xDTALBgNVBAMMBHgyNjEwE6QRMA8xDTALBgNVBAMMBHgyNjIwE6QRMA8x +-DTALBgNVBAMMBHgyNjMwE6QRMA8xDTALBgNVBAMMBHgyNjQwE6QRMA8xDTALBgNV +-BAMMBHgyNjUwE6QRMA8xDTALBgNVBAMMBHgyNjYwE6QRMA8xDTALBgNVBAMMBHgy +-NjcwE6QRMA8xDTALBgNVBAMMBHgyNjgwE6QRMA8xDTALBgNVBAMMBHgyNjkwE6QR +-MA8xDTALBgNVBAMMBHgyNzAwE6QRMA8xDTALBgNVBAMMBHgyNzEwE6QRMA8xDTAL +-BgNVBAMMBHgyNzIwE6QRMA8xDTALBgNVBAMMBHgyNzMwE6QRMA8xDTALBgNVBAMM +-BHgyNzQwE6QRMA8xDTALBgNVBAMMBHgyNzUwE6QRMA8xDTALBgNVBAMMBHgyNzYw +-E6QRMA8xDTALBgNVBAMMBHgyNzcwE6QRMA8xDTALBgNVBAMMBHgyNzgwE6QRMA8x +-DTALBgNVBAMMBHgyNzkwE6QRMA8xDTALBgNVBAMMBHgyODAwE6QRMA8xDTALBgNV +-BAMMBHgyODEwE6QRMA8xDTALBgNVBAMMBHgyODIwE6QRMA8xDTALBgNVBAMMBHgy +-ODMwE6QRMA8xDTALBgNVBAMMBHgyODQwE6QRMA8xDTALBgNVBAMMBHgyODUwE6QR +-MA8xDTALBgNVBAMMBHgyODYwE6QRMA8xDTALBgNVBAMMBHgyODcwE6QRMA8xDTAL +-BgNVBAMMBHgyODgwE6QRMA8xDTALBgNVBAMMBHgyODkwE6QRMA8xDTALBgNVBAMM +-BHgyOTAwE6QRMA8xDTALBgNVBAMMBHgyOTEwE6QRMA8xDTALBgNVBAMMBHgyOTIw +-E6QRMA8xDTALBgNVBAMMBHgyOTMwE6QRMA8xDTALBgNVBAMMBHgyOTQwE6QRMA8x +-DTALBgNVBAMMBHgyOTUwE6QRMA8xDTALBgNVBAMMBHgyOTYwE6QRMA8xDTALBgNV +-BAMMBHgyOTcwE6QRMA8xDTALBgNVBAMMBHgyOTgwE6QRMA8xDTALBgNVBAMMBHgy +-OTkwE6QRMA8xDTALBgNVBAMMBHgzMDAwE6QRMA8xDTALBgNVBAMMBHgzMDEwE6QR +-MA8xDTALBgNVBAMMBHgzMDIwE6QRMA8xDTALBgNVBAMMBHgzMDMwE6QRMA8xDTAL +-BgNVBAMMBHgzMDQwE6QRMA8xDTALBgNVBAMMBHgzMDUwE6QRMA8xDTALBgNVBAMM +-BHgzMDYwE6QRMA8xDTALBgNVBAMMBHgzMDcwE6QRMA8xDTALBgNVBAMMBHgzMDgw +-E6QRMA8xDTALBgNVBAMMBHgzMDkwE6QRMA8xDTALBgNVBAMMBHgzMTAwE6QRMA8x +-DTALBgNVBAMMBHgzMTEwE6QRMA8xDTALBgNVBAMMBHgzMTIwE6QRMA8xDTALBgNV +-BAMMBHgzMTMwE6QRMA8xDTALBgNVBAMMBHgzMTQwE6QRMA8xDTALBgNVBAMMBHgz +-MTUwE6QRMA8xDTALBgNVBAMMBHgzMTYwE6QRMA8xDTALBgNVBAMMBHgzMTcwE6QR +-MA8xDTALBgNVBAMMBHgzMTgwE6QRMA8xDTALBgNVBAMMBHgzMTkwE6QRMA8xDTAL +-BgNVBAMMBHgzMjAwE6QRMA8xDTALBgNVBAMMBHgzMjEwE6QRMA8xDTALBgNVBAMM +-BHgzMjIwE6QRMA8xDTALBgNVBAMMBHgzMjMwE6QRMA8xDTALBgNVBAMMBHgzMjQw +-E6QRMA8xDTALBgNVBAMMBHgzMjUwE6QRMA8xDTALBgNVBAMMBHgzMjYwE6QRMA8x +-DTALBgNVBAMMBHgzMjcwE6QRMA8xDTALBgNVBAMMBHgzMjgwE6QRMA8xDTALBgNV +-BAMMBHgzMjkwE6QRMA8xDTALBgNVBAMMBHgzMzAwE6QRMA8xDTALBgNVBAMMBHgz +-MzEwE6QRMA8xDTALBgNVBAMMBHgzMzIwE6QRMA8xDTALBgNVBAMMBHgzMzMwE6QR +-MA8xDTALBgNVBAMMBHgzMzQwE6QRMA8xDTALBgNVBAMMBHgzMzUwE6QRMA8xDTAL +-BgNVBAMMBHgzMzYwE6QRMA8xDTALBgNVBAMMBHgzMzcwE6QRMA8xDTALBgNVBAMM +-BHgzMzgwE6QRMA8xDTALBgNVBAMMBHgzMzkwE6QRMA8xDTALBgNVBAMMBHgzNDAw +-E6QRMA8xDTALBgNVBAMMBHgzNDEwE6QRMA8xDTALBgNVBAMMBHgzNDIwE6QRMA8x +-DTALBgNVBAMMBHgzNDMwE6QRMA8xDTALBgNVBAMMBHgzNDQwE6QRMA8xDTALBgNV +-BAMMBHgzNDUwE6QRMA8xDTALBgNVBAMMBHgzNDYwE6QRMA8xDTALBgNVBAMMBHgz +-NDcwE6QRMA8xDTALBgNVBAMMBHgzNDgwE6QRMA8xDTALBgNVBAMMBHgzNDkwE6QR +-MA8xDTALBgNVBAMMBHgzNTAwE6QRMA8xDTALBgNVBAMMBHgzNTEwE6QRMA8xDTAL +-BgNVBAMMBHgzNTIwE6QRMA8xDTALBgNVBAMMBHgzNTMwE6QRMA8xDTALBgNVBAMM +-BHgzNTQwE6QRMA8xDTALBgNVBAMMBHgzNTUwE6QRMA8xDTALBgNVBAMMBHgzNTYw +-E6QRMA8xDTALBgNVBAMMBHgzNTcwE6QRMA8xDTALBgNVBAMMBHgzNTgwE6QRMA8x +-DTALBgNVBAMMBHgzNTkwE6QRMA8xDTALBgNVBAMMBHgzNjAwE6QRMA8xDTALBgNV +-BAMMBHgzNjEwE6QRMA8xDTALBgNVBAMMBHgzNjIwE6QRMA8xDTALBgNVBAMMBHgz +-NjMwE6QRMA8xDTALBgNVBAMMBHgzNjQwE6QRMA8xDTALBgNVBAMMBHgzNjUwE6QR +-MA8xDTALBgNVBAMMBHgzNjYwE6QRMA8xDTALBgNVBAMMBHgzNjcwE6QRMA8xDTAL +-BgNVBAMMBHgzNjgwE6QRMA8xDTALBgNVBAMMBHgzNjkwE6QRMA8xDTALBgNVBAMM +-BHgzNzAwE6QRMA8xDTALBgNVBAMMBHgzNzEwE6QRMA8xDTALBgNVBAMMBHgzNzIw +-E6QRMA8xDTALBgNVBAMMBHgzNzMwE6QRMA8xDTALBgNVBAMMBHgzNzQwE6QRMA8x +-DTALBgNVBAMMBHgzNzUwE6QRMA8xDTALBgNVBAMMBHgzNzYwE6QRMA8xDTALBgNV +-BAMMBHgzNzcwE6QRMA8xDTALBgNVBAMMBHgzNzgwE6QRMA8xDTALBgNVBAMMBHgz +-NzkwE6QRMA8xDTALBgNVBAMMBHgzODAwE6QRMA8xDTALBgNVBAMMBHgzODEwE6QR +-MA8xDTALBgNVBAMMBHgzODIwE6QRMA8xDTALBgNVBAMMBHgzODMwE6QRMA8xDTAL +-BgNVBAMMBHgzODQwE6QRMA8xDTALBgNVBAMMBHgzODUwE6QRMA8xDTALBgNVBAMM +-BHgzODYwE6QRMA8xDTALBgNVBAMMBHgzODcwE6QRMA8xDTALBgNVBAMMBHgzODgw +-E6QRMA8xDTALBgNVBAMMBHgzODkwE6QRMA8xDTALBgNVBAMMBHgzOTAwE6QRMA8x +-DTALBgNVBAMMBHgzOTEwE6QRMA8xDTALBgNVBAMMBHgzOTIwE6QRMA8xDTALBgNV +-BAMMBHgzOTMwE6QRMA8xDTALBgNVBAMMBHgzOTQwE6QRMA8xDTALBgNVBAMMBHgz +-OTUwE6QRMA8xDTALBgNVBAMMBHgzOTYwE6QRMA8xDTALBgNVBAMMBHgzOTcwE6QR +-MA8xDTALBgNVBAMMBHgzOTgwE6QRMA8xDTALBgNVBAMMBHgzOTkwE6QRMA8xDTAL +-BgNVBAMMBHg0MDAwE6QRMA8xDTALBgNVBAMMBHg0MDEwE6QRMA8xDTALBgNVBAMM +-BHg0MDIwE6QRMA8xDTALBgNVBAMMBHg0MDMwE6QRMA8xDTALBgNVBAMMBHg0MDQw +-E6QRMA8xDTALBgNVBAMMBHg0MDUwE6QRMA8xDTALBgNVBAMMBHg0MDYwE6QRMA8x +-DTALBgNVBAMMBHg0MDcwE6QRMA8xDTALBgNVBAMMBHg0MDgwE6QRMA8xDTALBgNV +-BAMMBHg0MDkwE6QRMA8xDTALBgNVBAMMBHg0MTAwE6QRMA8xDTALBgNVBAMMBHg0 +-MTEwE6QRMA8xDTALBgNVBAMMBHg0MTIwE6QRMA8xDTALBgNVBAMMBHg0MTMwE6QR +-MA8xDTALBgNVBAMMBHg0MTQwE6QRMA8xDTALBgNVBAMMBHg0MTUwE6QRMA8xDTAL +-BgNVBAMMBHg0MTYwE6QRMA8xDTALBgNVBAMMBHg0MTcwD4YNaHR0cDovL3hlc3Qv +-MDAPhg1odHRwOi8veGVzdC8xMA+GDWh0dHA6Ly94ZXN0LzIwD4YNaHR0cDovL3hl +-c3QvMzAPhg1odHRwOi8veGVzdC80MA+GDWh0dHA6Ly94ZXN0LzUwD4YNaHR0cDov +-L3hlc3QvNjAPhg1odHRwOi8veGVzdC83MA+GDWh0dHA6Ly94ZXN0LzgwD4YNaHR0 +-cDovL3hlc3QvOTAQhg5odHRwOi8veGVzdC8xMDAQhg5odHRwOi8veGVzdC8xMTAQ +-hg5odHRwOi8veGVzdC8xMjAQhg5odHRwOi8veGVzdC8xMzAQhg5odHRwOi8veGVz +-dC8xNDAQhg5odHRwOi8veGVzdC8xNTAQhg5odHRwOi8veGVzdC8xNjAQhg5odHRw +-Oi8veGVzdC8xNzAQhg5odHRwOi8veGVzdC8xODAQhg5odHRwOi8veGVzdC8xOTAQ +-hg5odHRwOi8veGVzdC8yMDAQhg5odHRwOi8veGVzdC8yMTAQhg5odHRwOi8veGVz +-dC8yMjAQhg5odHRwOi8veGVzdC8yMzAQhg5odHRwOi8veGVzdC8yNDAQhg5odHRw +-Oi8veGVzdC8yNTAQhg5odHRwOi8veGVzdC8yNjAQhg5odHRwOi8veGVzdC8yNzAQ +-hg5odHRwOi8veGVzdC8yODAQhg5odHRwOi8veGVzdC8yOTAQhg5odHRwOi8veGVz +-dC8zMDAQhg5odHRwOi8veGVzdC8zMTAQhg5odHRwOi8veGVzdC8zMjAQhg5odHRw +-Oi8veGVzdC8zMzAQhg5odHRwOi8veGVzdC8zNDAQhg5odHRwOi8veGVzdC8zNTAQ +-hg5odHRwOi8veGVzdC8zNjAQhg5odHRwOi8veGVzdC8zNzAQhg5odHRwOi8veGVz +-dC8zODAQhg5odHRwOi8veGVzdC8zOTAQhg5odHRwOi8veGVzdC80MDAQhg5odHRw +-Oi8veGVzdC80MTAQhg5odHRwOi8veGVzdC80MjAQhg5odHRwOi8veGVzdC80MzAQ +-hg5odHRwOi8veGVzdC80NDAQhg5odHRwOi8veGVzdC80NTAQhg5odHRwOi8veGVz +-dC80NjAQhg5odHRwOi8veGVzdC80NzAQhg5odHRwOi8veGVzdC80ODAQhg5odHRw +-Oi8veGVzdC80OTAQhg5odHRwOi8veGVzdC81MDAQhg5odHRwOi8veGVzdC81MTAQ +-hg5odHRwOi8veGVzdC81MjAQhg5odHRwOi8veGVzdC81MzAQhg5odHRwOi8veGVz +-dC81NDAQhg5odHRwOi8veGVzdC81NTAQhg5odHRwOi8veGVzdC81NjAQhg5odHRw +-Oi8veGVzdC81NzAQhg5odHRwOi8veGVzdC81ODAQhg5odHRwOi8veGVzdC81OTAQ +-hg5odHRwOi8veGVzdC82MDAQhg5odHRwOi8veGVzdC82MTAQhg5odHRwOi8veGVz +-dC82MjAQhg5odHRwOi8veGVzdC82MzAQhg5odHRwOi8veGVzdC82NDAQhg5odHRw +-Oi8veGVzdC82NTAQhg5odHRwOi8veGVzdC82NjAQhg5odHRwOi8veGVzdC82NzAQ +-hg5odHRwOi8veGVzdC82ODAQhg5odHRwOi8veGVzdC82OTAQhg5odHRwOi8veGVz +-dC83MDAQhg5odHRwOi8veGVzdC83MTAQhg5odHRwOi8veGVzdC83MjAQhg5odHRw +-Oi8veGVzdC83MzAQhg5odHRwOi8veGVzdC83NDAQhg5odHRwOi8veGVzdC83NTAQ +-hg5odHRwOi8veGVzdC83NjAQhg5odHRwOi8veGVzdC83NzAQhg5odHRwOi8veGVz +-dC83ODAQhg5odHRwOi8veGVzdC83OTAQhg5odHRwOi8veGVzdC84MDAQhg5odHRw +-Oi8veGVzdC84MTAQhg5odHRwOi8veGVzdC84MjAQhg5odHRwOi8veGVzdC84MzAQ +-hg5odHRwOi8veGVzdC84NDAQhg5odHRwOi8veGVzdC84NTAQhg5odHRwOi8veGVz +-dC84NjAQhg5odHRwOi8veGVzdC84NzAQhg5odHRwOi8veGVzdC84ODAQhg5odHRw +-Oi8veGVzdC84OTAQhg5odHRwOi8veGVzdC85MDAQhg5odHRwOi8veGVzdC85MTAQ +-hg5odHRwOi8veGVzdC85MjAQhg5odHRwOi8veGVzdC85MzAQhg5odHRwOi8veGVz +-dC85NDAQhg5odHRwOi8veGVzdC85NTAQhg5odHRwOi8veGVzdC85NjAQhg5odHRw +-Oi8veGVzdC85NzAQhg5odHRwOi8veGVzdC85ODAQhg5odHRwOi8veGVzdC85OTAR +-hg9odHRwOi8veGVzdC8xMDAwEYYPaHR0cDovL3hlc3QvMTAxMBGGD2h0dHA6Ly94 +-ZXN0LzEwMjARhg9odHRwOi8veGVzdC8xMDMwEYYPaHR0cDovL3hlc3QvMTA0MBGG +-D2h0dHA6Ly94ZXN0LzEwNTARhg9odHRwOi8veGVzdC8xMDYwEYYPaHR0cDovL3hl +-c3QvMTA3MBGGD2h0dHA6Ly94ZXN0LzEwODARhg9odHRwOi8veGVzdC8xMDkwEYYP +-aHR0cDovL3hlc3QvMTEwMBGGD2h0dHA6Ly94ZXN0LzExMTARhg9odHRwOi8veGVz +-dC8xMTIwEYYPaHR0cDovL3hlc3QvMTEzMBGGD2h0dHA6Ly94ZXN0LzExNDARhg9o +-dHRwOi8veGVzdC8xMTUwEYYPaHR0cDovL3hlc3QvMTE2MBGGD2h0dHA6Ly94ZXN0 +-LzExNzARhg9odHRwOi8veGVzdC8xMTgwEYYPaHR0cDovL3hlc3QvMTE5MBGGD2h0 +-dHA6Ly94ZXN0LzEyMDARhg9odHRwOi8veGVzdC8xMjEwEYYPaHR0cDovL3hlc3Qv +-MTIyMBGGD2h0dHA6Ly94ZXN0LzEyMzARhg9odHRwOi8veGVzdC8xMjQwEYYPaHR0 +-cDovL3hlc3QvMTI1MBGGD2h0dHA6Ly94ZXN0LzEyNjARhg9odHRwOi8veGVzdC8x +-MjcwEYYPaHR0cDovL3hlc3QvMTI4MBGGD2h0dHA6Ly94ZXN0LzEyOTARhg9odHRw +-Oi8veGVzdC8xMzAwEYYPaHR0cDovL3hlc3QvMTMxMBGGD2h0dHA6Ly94ZXN0LzEz +-MjARhg9odHRwOi8veGVzdC8xMzMwEYYPaHR0cDovL3hlc3QvMTM0MBGGD2h0dHA6 +-Ly94ZXN0LzEzNTARhg9odHRwOi8veGVzdC8xMzYwEYYPaHR0cDovL3hlc3QvMTM3 +-MBGGD2h0dHA6Ly94ZXN0LzEzODARhg9odHRwOi8veGVzdC8xMzkwEYYPaHR0cDov +-L3hlc3QvMTQwMBGGD2h0dHA6Ly94ZXN0LzE0MTARhg9odHRwOi8veGVzdC8xNDIw +-EYYPaHR0cDovL3hlc3QvMTQzMBGGD2h0dHA6Ly94ZXN0LzE0NDARhg9odHRwOi8v +-eGVzdC8xNDUwEYYPaHR0cDovL3hlc3QvMTQ2MBGGD2h0dHA6Ly94ZXN0LzE0NzAR +-hg9odHRwOi8veGVzdC8xNDgwEYYPaHR0cDovL3hlc3QvMTQ5MBGGD2h0dHA6Ly94 +-ZXN0LzE1MDARhg9odHRwOi8veGVzdC8xNTEwEYYPaHR0cDovL3hlc3QvMTUyMBGG +-D2h0dHA6Ly94ZXN0LzE1MzARhg9odHRwOi8veGVzdC8xNTQwEYYPaHR0cDovL3hl +-c3QvMTU1MBGGD2h0dHA6Ly94ZXN0LzE1NjARhg9odHRwOi8veGVzdC8xNTcwEYYP +-aHR0cDovL3hlc3QvMTU4MBGGD2h0dHA6Ly94ZXN0LzE1OTARhg9odHRwOi8veGVz +-dC8xNjAwEYYPaHR0cDovL3hlc3QvMTYxMBGGD2h0dHA6Ly94ZXN0LzE2MjARhg9o +-dHRwOi8veGVzdC8xNjMwEYYPaHR0cDovL3hlc3QvMTY0MBGGD2h0dHA6Ly94ZXN0 +-LzE2NTARhg9odHRwOi8veGVzdC8xNjYwEYYPaHR0cDovL3hlc3QvMTY3MBGGD2h0 +-dHA6Ly94ZXN0LzE2ODARhg9odHRwOi8veGVzdC8xNjkwEYYPaHR0cDovL3hlc3Qv +-MTcwMBGGD2h0dHA6Ly94ZXN0LzE3MTARhg9odHRwOi8veGVzdC8xNzIwEYYPaHR0 +-cDovL3hlc3QvMTczMBGGD2h0dHA6Ly94ZXN0LzE3NDARhg9odHRwOi8veGVzdC8x +-NzUwEYYPaHR0cDovL3hlc3QvMTc2MBGGD2h0dHA6Ly94ZXN0LzE3NzARhg9odHRw +-Oi8veGVzdC8xNzgwEYYPaHR0cDovL3hlc3QvMTc5MBGGD2h0dHA6Ly94ZXN0LzE4 +-MDARhg9odHRwOi8veGVzdC8xODEwEYYPaHR0cDovL3hlc3QvMTgyMBGGD2h0dHA6 +-Ly94ZXN0LzE4MzARhg9odHRwOi8veGVzdC8xODQwEYYPaHR0cDovL3hlc3QvMTg1 +-MBGGD2h0dHA6Ly94ZXN0LzE4NjARhg9odHRwOi8veGVzdC8xODcwEYYPaHR0cDov +-L3hlc3QvMTg4MBGGD2h0dHA6Ly94ZXN0LzE4OTARhg9odHRwOi8veGVzdC8xOTAw +-EYYPaHR0cDovL3hlc3QvMTkxMBGGD2h0dHA6Ly94ZXN0LzE5MjARhg9odHRwOi8v +-eGVzdC8xOTMwEYYPaHR0cDovL3hlc3QvMTk0MBGGD2h0dHA6Ly94ZXN0LzE5NTAR +-hg9odHRwOi8veGVzdC8xOTYwEYYPaHR0cDovL3hlc3QvMTk3MBGGD2h0dHA6Ly94 +-ZXN0LzE5ODARhg9odHRwOi8veGVzdC8xOTkwEYYPaHR0cDovL3hlc3QvMjAwMBGG +-D2h0dHA6Ly94ZXN0LzIwMTARhg9odHRwOi8veGVzdC8yMDIwEYYPaHR0cDovL3hl +-c3QvMjAzMBGGD2h0dHA6Ly94ZXN0LzIwNDARhg9odHRwOi8veGVzdC8yMDUwEYYP +-aHR0cDovL3hlc3QvMjA2MBGGD2h0dHA6Ly94ZXN0LzIwNzARhg9odHRwOi8veGVz +-dC8yMDgwEYYPaHR0cDovL3hlc3QvMjA5MBGGD2h0dHA6Ly94ZXN0LzIxMDARhg9o +-dHRwOi8veGVzdC8yMTEwEYYPaHR0cDovL3hlc3QvMjEyMBGGD2h0dHA6Ly94ZXN0 +-LzIxMzARhg9odHRwOi8veGVzdC8yMTQwEYYPaHR0cDovL3hlc3QvMjE1MBGGD2h0 +-dHA6Ly94ZXN0LzIxNjARhg9odHRwOi8veGVzdC8yMTcwEYYPaHR0cDovL3hlc3Qv +-MjE4MBGGD2h0dHA6Ly94ZXN0LzIxOTARhg9odHRwOi8veGVzdC8yMjAwEYYPaHR0 +-cDovL3hlc3QvMjIxMBGGD2h0dHA6Ly94ZXN0LzIyMjARhg9odHRwOi8veGVzdC8y +-MjMwEYYPaHR0cDovL3hlc3QvMjI0MBGGD2h0dHA6Ly94ZXN0LzIyNTARhg9odHRw +-Oi8veGVzdC8yMjYwEYYPaHR0cDovL3hlc3QvMjI3MBGGD2h0dHA6Ly94ZXN0LzIy +-ODARhg9odHRwOi8veGVzdC8yMjkwEYYPaHR0cDovL3hlc3QvMjMwMBGGD2h0dHA6 +-Ly94ZXN0LzIzMTARhg9odHRwOi8veGVzdC8yMzIwEYYPaHR0cDovL3hlc3QvMjMz +-MBGGD2h0dHA6Ly94ZXN0LzIzNDARhg9odHRwOi8veGVzdC8yMzUwEYYPaHR0cDov +-L3hlc3QvMjM2MBGGD2h0dHA6Ly94ZXN0LzIzNzARhg9odHRwOi8veGVzdC8yMzgw +-EYYPaHR0cDovL3hlc3QvMjM5MBGGD2h0dHA6Ly94ZXN0LzI0MDARhg9odHRwOi8v +-eGVzdC8yNDEwEYYPaHR0cDovL3hlc3QvMjQyMBGGD2h0dHA6Ly94ZXN0LzI0MzAR +-hg9odHRwOi8veGVzdC8yNDQwEYYPaHR0cDovL3hlc3QvMjQ1MBGGD2h0dHA6Ly94 +-ZXN0LzI0NjARhg9odHRwOi8veGVzdC8yNDcwEYYPaHR0cDovL3hlc3QvMjQ4MBGG +-D2h0dHA6Ly94ZXN0LzI0OTARhg9odHRwOi8veGVzdC8yNTAwEYYPaHR0cDovL3hl +-c3QvMjUxMBGGD2h0dHA6Ly94ZXN0LzI1MjARhg9odHRwOi8veGVzdC8yNTMwEYYP +-aHR0cDovL3hlc3QvMjU0MBGGD2h0dHA6Ly94ZXN0LzI1NTARhg9odHRwOi8veGVz +-dC8yNTYwEYYPaHR0cDovL3hlc3QvMjU3MBGGD2h0dHA6Ly94ZXN0LzI1ODARhg9o +-dHRwOi8veGVzdC8yNTkwEYYPaHR0cDovL3hlc3QvMjYwMBGGD2h0dHA6Ly94ZXN0 +-LzI2MTARhg9odHRwOi8veGVzdC8yNjIwEYYPaHR0cDovL3hlc3QvMjYzMBGGD2h0 +-dHA6Ly94ZXN0LzI2NDARhg9odHRwOi8veGVzdC8yNjUwEYYPaHR0cDovL3hlc3Qv +-MjY2MBGGD2h0dHA6Ly94ZXN0LzI2NzARhg9odHRwOi8veGVzdC8yNjgwEYYPaHR0 +-cDovL3hlc3QvMjY5MBGGD2h0dHA6Ly94ZXN0LzI3MDARhg9odHRwOi8veGVzdC8y +-NzEwEYYPaHR0cDovL3hlc3QvMjcyMBGGD2h0dHA6Ly94ZXN0LzI3MzARhg9odHRw +-Oi8veGVzdC8yNzQwEYYPaHR0cDovL3hlc3QvMjc1MBGGD2h0dHA6Ly94ZXN0LzI3 +-NjARhg9odHRwOi8veGVzdC8yNzcwEYYPaHR0cDovL3hlc3QvMjc4MBGGD2h0dHA6 +-Ly94ZXN0LzI3OTARhg9odHRwOi8veGVzdC8yODAwEYYPaHR0cDovL3hlc3QvMjgx +-MBGGD2h0dHA6Ly94ZXN0LzI4MjARhg9odHRwOi8veGVzdC8yODMwEYYPaHR0cDov +-L3hlc3QvMjg0MBGGD2h0dHA6Ly94ZXN0LzI4NTARhg9odHRwOi8veGVzdC8yODYw +-EYYPaHR0cDovL3hlc3QvMjg3MBGGD2h0dHA6Ly94ZXN0LzI4ODARhg9odHRwOi8v +-eGVzdC8yODkwEYYPaHR0cDovL3hlc3QvMjkwMBGGD2h0dHA6Ly94ZXN0LzI5MTAR +-hg9odHRwOi8veGVzdC8yOTIwEYYPaHR0cDovL3hlc3QvMjkzMBGGD2h0dHA6Ly94 +-ZXN0LzI5NDARhg9odHRwOi8veGVzdC8yOTUwEYYPaHR0cDovL3hlc3QvMjk2MBGG +-D2h0dHA6Ly94ZXN0LzI5NzARhg9odHRwOi8veGVzdC8yOTgwEYYPaHR0cDovL3hl +-c3QvMjk5MBGGD2h0dHA6Ly94ZXN0LzMwMDARhg9odHRwOi8veGVzdC8zMDEwEYYP +-aHR0cDovL3hlc3QvMzAyMBGGD2h0dHA6Ly94ZXN0LzMwMzARhg9odHRwOi8veGVz +-dC8zMDQwEYYPaHR0cDovL3hlc3QvMzA1MBGGD2h0dHA6Ly94ZXN0LzMwNjARhg9o +-dHRwOi8veGVzdC8zMDcwEYYPaHR0cDovL3hlc3QvMzA4MBGGD2h0dHA6Ly94ZXN0 +-LzMwOTARhg9odHRwOi8veGVzdC8zMTAwEYYPaHR0cDovL3hlc3QvMzExMBGGD2h0 +-dHA6Ly94ZXN0LzMxMjARhg9odHRwOi8veGVzdC8zMTMwEYYPaHR0cDovL3hlc3Qv +-MzE0MBGGD2h0dHA6Ly94ZXN0LzMxNTARhg9odHRwOi8veGVzdC8zMTYwEYYPaHR0 +-cDovL3hlc3QvMzE3MBGGD2h0dHA6Ly94ZXN0LzMxODARhg9odHRwOi8veGVzdC8z +-MTkwEYYPaHR0cDovL3hlc3QvMzIwMBGGD2h0dHA6Ly94ZXN0LzMyMTARhg9odHRw +-Oi8veGVzdC8zMjIwEYYPaHR0cDovL3hlc3QvMzIzMBGGD2h0dHA6Ly94ZXN0LzMy +-NDARhg9odHRwOi8veGVzdC8zMjUwEYYPaHR0cDovL3hlc3QvMzI2MBGGD2h0dHA6 +-Ly94ZXN0LzMyNzARhg9odHRwOi8veGVzdC8zMjgwEYYPaHR0cDovL3hlc3QvMzI5 +-MBGGD2h0dHA6Ly94ZXN0LzMzMDARhg9odHRwOi8veGVzdC8zMzEwEYYPaHR0cDov +-L3hlc3QvMzMyMBGGD2h0dHA6Ly94ZXN0LzMzMzARhg9odHRwOi8veGVzdC8zMzQw +-EYYPaHR0cDovL3hlc3QvMzM1MBGGD2h0dHA6Ly94ZXN0LzMzNjARhg9odHRwOi8v +-eGVzdC8zMzcwEYYPaHR0cDovL3hlc3QvMzM4MBGGD2h0dHA6Ly94ZXN0LzMzOTAR +-hg9odHRwOi8veGVzdC8zNDAwEYYPaHR0cDovL3hlc3QvMzQxMBGGD2h0dHA6Ly94 +-ZXN0LzM0MjARhg9odHRwOi8veGVzdC8zNDMwEYYPaHR0cDovL3hlc3QvMzQ0MBGG +-D2h0dHA6Ly94ZXN0LzM0NTARhg9odHRwOi8veGVzdC8zNDYwEYYPaHR0cDovL3hl +-c3QvMzQ3MBGGD2h0dHA6Ly94ZXN0LzM0ODARhg9odHRwOi8veGVzdC8zNDkwEYYP +-aHR0cDovL3hlc3QvMzUwMBGGD2h0dHA6Ly94ZXN0LzM1MTARhg9odHRwOi8veGVz +-dC8zNTIwEYYPaHR0cDovL3hlc3QvMzUzMBGGD2h0dHA6Ly94ZXN0LzM1NDARhg9o +-dHRwOi8veGVzdC8zNTUwEYYPaHR0cDovL3hlc3QvMzU2MBGGD2h0dHA6Ly94ZXN0 +-LzM1NzARhg9odHRwOi8veGVzdC8zNTgwEYYPaHR0cDovL3hlc3QvMzU5MBGGD2h0 +-dHA6Ly94ZXN0LzM2MDARhg9odHRwOi8veGVzdC8zNjEwEYYPaHR0cDovL3hlc3Qv +-MzYyMBGGD2h0dHA6Ly94ZXN0LzM2MzARhg9odHRwOi8veGVzdC8zNjQwEYYPaHR0 +-cDovL3hlc3QvMzY1MBGGD2h0dHA6Ly94ZXN0LzM2NjARhg9odHRwOi8veGVzdC8z +-NjcwEYYPaHR0cDovL3hlc3QvMzY4MBGGD2h0dHA6Ly94ZXN0LzM2OTARhg9odHRw +-Oi8veGVzdC8zNzAwEYYPaHR0cDovL3hlc3QvMzcxMBGGD2h0dHA6Ly94ZXN0LzM3 +-MjARhg9odHRwOi8veGVzdC8zNzMwEYYPaHR0cDovL3hlc3QvMzc0MBGGD2h0dHA6 +-Ly94ZXN0LzM3NTARhg9odHRwOi8veGVzdC8zNzYwEYYPaHR0cDovL3hlc3QvMzc3 +-MBGGD2h0dHA6Ly94ZXN0LzM3ODARhg9odHRwOi8veGVzdC8zNzkwEYYPaHR0cDov +-L3hlc3QvMzgwMBGGD2h0dHA6Ly94ZXN0LzM4MTARhg9odHRwOi8veGVzdC8zODIw +-EYYPaHR0cDovL3hlc3QvMzgzMBGGD2h0dHA6Ly94ZXN0LzM4NDARhg9odHRwOi8v +-eGVzdC8zODUwEYYPaHR0cDovL3hlc3QvMzg2MBGGD2h0dHA6Ly94ZXN0LzM4NzAR +-hg9odHRwOi8veGVzdC8zODgwEYYPaHR0cDovL3hlc3QvMzg5MBGGD2h0dHA6Ly94 +-ZXN0LzM5MDARhg9odHRwOi8veGVzdC8zOTEwEYYPaHR0cDovL3hlc3QvMzkyMBGG +-D2h0dHA6Ly94ZXN0LzM5MzARhg9odHRwOi8veGVzdC8zOTQwEYYPaHR0cDovL3hl +-c3QvMzk1MBGGD2h0dHA6Ly94ZXN0LzM5NjARhg9odHRwOi8veGVzdC8zOTcwEYYP +-aHR0cDovL3hlc3QvMzk4MBGGD2h0dHA6Ly94ZXN0LzM5OTARhg9odHRwOi8veGVz +-dC80MDAwEYYPaHR0cDovL3hlc3QvNDAxMBGGD2h0dHA6Ly94ZXN0LzQwMjARhg9o +-dHRwOi8veGVzdC80MDMwEYYPaHR0cDovL3hlc3QvNDA0MBGGD2h0dHA6Ly94ZXN0 +-LzQwNTARhg9odHRwOi8veGVzdC80MDYwEYYPaHR0cDovL3hlc3QvNDA3MBGGD2h0 +-dHA6Ly94ZXN0LzQwODARhg9odHRwOi8veGVzdC80MDkwEYYPaHR0cDovL3hlc3Qv +-NDEwMBGGD2h0dHA6Ly94ZXN0LzQxMTARhg9odHRwOi8veGVzdC80MTIwEYYPaHR0 +-cDovL3hlc3QvNDEzMBGGD2h0dHA6Ly94ZXN0LzQxNDARhg9odHRwOi8veGVzdC80 +-MTUwEYYPaHR0cDovL3hlc3QvNDE2MBGGD2h0dHA6Ly94ZXN0LzQxNzARhg9odHRw +-Oi8veGVzdC80MTgwEYYPaHR0cDovL3hlc3QvNDE5MBGGD2h0dHA6Ly94ZXN0LzQy +-MDARhg9odHRwOi8veGVzdC80MjEwEYYPaHR0cDovL3hlc3QvNDIyMBGGD2h0dHA6 +-Ly94ZXN0LzQyMzARhg9odHRwOi8veGVzdC80MjQwEYYPaHR0cDovL3hlc3QvNDI1 +-MBGGD2h0dHA6Ly94ZXN0LzQyNjARhg9odHRwOi8veGVzdC80MjcwEYYPaHR0cDov +-L3hlc3QvNDI4MBGGD2h0dHA6Ly94ZXN0LzQyOTARhg9odHRwOi8veGVzdC80MzAw +-EYYPaHR0cDovL3hlc3QvNDMxMBGGD2h0dHA6Ly94ZXN0LzQzMjARhg9odHRwOi8v +-eGVzdC80MzMwEYYPaHR0cDovL3hlc3QvNDM0MBGGD2h0dHA6Ly94ZXN0LzQzNTAR +-hg9odHRwOi8veGVzdC80MzYwEYYPaHR0cDovL3hlc3QvNDM3MBGGD2h0dHA6Ly94 +-ZXN0LzQzODARhg9odHRwOi8veGVzdC80MzkwEYYPaHR0cDovL3hlc3QvNDQwMBGG +-D2h0dHA6Ly94ZXN0LzQ0MTARhg9odHRwOi8veGVzdC80NDIwEYYPaHR0cDovL3hl +-c3QvNDQzMBGGD2h0dHA6Ly94ZXN0LzQ0NDARhg9odHRwOi8veGVzdC80NDUwEYYP +-aHR0cDovL3hlc3QvNDQ2MBGGD2h0dHA6Ly94ZXN0LzQ0NzARhg9odHRwOi8veGVz +-dC80NDgwEYYPaHR0cDovL3hlc3QvNDQ5MBGGD2h0dHA6Ly94ZXN0LzQ1MDARhg9o +-dHRwOi8veGVzdC80NTEwEYYPaHR0cDovL3hlc3QvNDUyMBGGD2h0dHA6Ly94ZXN0 +-LzQ1MzARhg9odHRwOi8veGVzdC80NTQwEYYPaHR0cDovL3hlc3QvNDU1MBGGD2h0 +-dHA6Ly94ZXN0LzQ1NjARhg9odHRwOi8veGVzdC80NTcwEYYPaHR0cDovL3hlc3Qv +-NDU4MBGGD2h0dHA6Ly94ZXN0LzQ1OTARhg9odHRwOi8veGVzdC80NjAwEYYPaHR0 +-cDovL3hlc3QvNDYxMBGGD2h0dHA6Ly94ZXN0LzQ2MjARhg9odHRwOi8veGVzdC80 +-NjMwEYYPaHR0cDovL3hlc3QvNDY0MBGGD2h0dHA6Ly94ZXN0LzQ2NTARhg9odHRw +-Oi8veGVzdC80NjYwEYYPaHR0cDovL3hlc3QvNDY3MBGGD2h0dHA6Ly94ZXN0LzQ2 +-ODARhg9odHRwOi8veGVzdC80NjkwEYYPaHR0cDovL3hlc3QvNDcwMBGGD2h0dHA6 +-Ly94ZXN0LzQ3MTARhg9odHRwOi8veGVzdC80NzIwEYYPaHR0cDovL3hlc3QvNDcz +-MBGGD2h0dHA6Ly94ZXN0LzQ3NDARhg9odHRwOi8veGVzdC80NzUwEYYPaHR0cDov +-L3hlc3QvNDc2MBGGD2h0dHA6Ly94ZXN0LzQ3NzARhg9odHRwOi8veGVzdC80Nzgw +-EYYPaHR0cDovL3hlc3QvNDc5MBGGD2h0dHA6Ly94ZXN0LzQ4MDARhg9odHRwOi8v +-eGVzdC80ODEwEYYPaHR0cDovL3hlc3QvNDgyMBGGD2h0dHA6Ly94ZXN0LzQ4MzAR +-hg9odHRwOi8veGVzdC80ODQwEYYPaHR0cDovL3hlc3QvNDg1MBGGD2h0dHA6Ly94 +-ZXN0LzQ4NjARhg9odHRwOi8veGVzdC80ODcwEYYPaHR0cDovL3hlc3QvNDg4MBGG +-D2h0dHA6Ly94ZXN0LzQ4OTARhg9odHRwOi8veGVzdC80OTAwEYYPaHR0cDovL3hl +-c3QvNDkxMBGGD2h0dHA6Ly94ZXN0LzQ5MjARhg9odHRwOi8veGVzdC80OTMwEYYP +-aHR0cDovL3hlc3QvNDk0MBGGD2h0dHA6Ly94ZXN0LzQ5NTARhg9odHRwOi8veGVz +-dC80OTYwEYYPaHR0cDovL3hlc3QvNDk3MBGGD2h0dHA6Ly94ZXN0LzQ5ODARhg9o +-dHRwOi8veGVzdC80OTkwEYYPaHR0cDovL3hlc3QvNTAwMBGGD2h0dHA6Ly94ZXN0 +-LzUwMTARhg9odHRwOi8veGVzdC81MDIwEYYPaHR0cDovL3hlc3QvNTAzMBGGD2h0 +-dHA6Ly94ZXN0LzUwNDARhg9odHRwOi8veGVzdC81MDUwEYYPaHR0cDovL3hlc3Qv +-NTA2MBGGD2h0dHA6Ly94ZXN0LzUwNzARhg9odHRwOi8veGVzdC81MDgwEYYPaHR0 +-cDovL3hlc3QvNTA5MBGGD2h0dHA6Ly94ZXN0LzUxMDARhg9odHRwOi8veGVzdC81 +-MTEwEYYPaHR0cDovL3hlc3QvNTEyMBGGD2h0dHA6Ly94ZXN0LzUxMzARhg9odHRw +-Oi8veGVzdC81MTQwEYYPaHR0cDovL3hlc3QvNTE1MBGGD2h0dHA6Ly94ZXN0LzUx +-NjARhg9odHRwOi8veGVzdC81MTcwEYYPaHR0cDovL3hlc3QvNTE4MBGGD2h0dHA6 +-Ly94ZXN0LzUxOTARhg9odHRwOi8veGVzdC81MjAwEYYPaHR0cDovL3hlc3QvNTIx +-MBGGD2h0dHA6Ly94ZXN0LzUyMjARhg9odHRwOi8veGVzdC81MjMwEYYPaHR0cDov +-L3hlc3QvNTI0MBGGD2h0dHA6Ly94ZXN0LzUyNTARhg9odHRwOi8veGVzdC81MjYw +-EYYPaHR0cDovL3hlc3QvNTI3MBGGD2h0dHA6Ly94ZXN0LzUyODARhg9odHRwOi8v +-eGVzdC81MjkwEYYPaHR0cDovL3hlc3QvNTMwMBGGD2h0dHA6Ly94ZXN0LzUzMTAR +-hg9odHRwOi8veGVzdC81MzIwEYYPaHR0cDovL3hlc3QvNTMzMBGGD2h0dHA6Ly94 +-ZXN0LzUzNDARhg9odHRwOi8veGVzdC81MzUwEYYPaHR0cDovL3hlc3QvNTM2MBGG +-D2h0dHA6Ly94ZXN0LzUzNzARhg9odHRwOi8veGVzdC81MzgwEYYPaHR0cDovL3hl +-c3QvNTM5MBGGD2h0dHA6Ly94ZXN0LzU0MDARhg9odHRwOi8veGVzdC81NDEwEYYP +-aHR0cDovL3hlc3QvNTQyMBGGD2h0dHA6Ly94ZXN0LzU0MzARhg9odHRwOi8veGVz +-dC81NDQwEYYPaHR0cDovL3hlc3QvNTQ1MBGGD2h0dHA6Ly94ZXN0LzU0NjARhg9o +-dHRwOi8veGVzdC81NDcwEYYPaHR0cDovL3hlc3QvNTQ4MBGGD2h0dHA6Ly94ZXN0 +-LzU0OTARhg9odHRwOi8veGVzdC81NTAwEYYPaHR0cDovL3hlc3QvNTUxMBGGD2h0 +-dHA6Ly94ZXN0LzU1MjARhg9odHRwOi8veGVzdC81NTMwEYYPaHR0cDovL3hlc3Qv +-NTU0MBGGD2h0dHA6Ly94ZXN0LzU1NTARhg9odHRwOi8veGVzdC81NTYwEYYPaHR0 +-cDovL3hlc3QvNTU3MBGGD2h0dHA6Ly94ZXN0LzU1ODARhg9odHRwOi8veGVzdC81 +-NTkwEYYPaHR0cDovL3hlc3QvNTYwMBGGD2h0dHA6Ly94ZXN0LzU2MTARhg9odHRw +-Oi8veGVzdC81NjIwEYYPaHR0cDovL3hlc3QvNTYzMBGGD2h0dHA6Ly94ZXN0LzU2 +-NDARhg9odHRwOi8veGVzdC81NjUwEYYPaHR0cDovL3hlc3QvNTY2MBGGD2h0dHA6 +-Ly94ZXN0LzU2NzARhg9odHRwOi8veGVzdC81NjgwEYYPaHR0cDovL3hlc3QvNTY5 +-MBGGD2h0dHA6Ly94ZXN0LzU3MDARhg9odHRwOi8veGVzdC81NzEwEYYPaHR0cDov +-L3hlc3QvNTcyMBGGD2h0dHA6Ly94ZXN0LzU3MzARhg9odHRwOi8veGVzdC81NzQw +-EYYPaHR0cDovL3hlc3QvNTc1MBGGD2h0dHA6Ly94ZXN0LzU3NjARhg9odHRwOi8v +-eGVzdC81NzcwEYYPaHR0cDovL3hlc3QvNTc4MBGGD2h0dHA6Ly94ZXN0LzU3OTAR +-hg9odHRwOi8veGVzdC81ODAwEYYPaHR0cDovL3hlc3QvNTgxMBGGD2h0dHA6Ly94 +-ZXN0LzU4MjARhg9odHRwOi8veGVzdC81ODMwEYYPaHR0cDovL3hlc3QvNTg0MBGG +-D2h0dHA6Ly94ZXN0LzU4NTARhg9odHRwOi8veGVzdC81ODYwEYYPaHR0cDovL3hl +-c3QvNTg3MBGGD2h0dHA6Ly94ZXN0LzU4ODARhg9odHRwOi8veGVzdC81ODkwEYYP +-aHR0cDovL3hlc3QvNTkwMBGGD2h0dHA6Ly94ZXN0LzU5MTARhg9odHRwOi8veGVz +-dC81OTIwEYYPaHR0cDovL3hlc3QvNTkzMBGGD2h0dHA6Ly94ZXN0LzU5NDARhg9o +-dHRwOi8veGVzdC81OTUwEYYPaHR0cDovL3hlc3QvNTk2MBGGD2h0dHA6Ly94ZXN0 +-LzU5NzARhg9odHRwOi8veGVzdC81OTgwEYYPaHR0cDovL3hlc3QvNTk5MBGGD2h0 +-dHA6Ly94ZXN0LzYwMDARhg9odHRwOi8veGVzdC82MDEwEYYPaHR0cDovL3hlc3Qv +-NjAyMBGGD2h0dHA6Ly94ZXN0LzYwMzARhg9odHRwOi8veGVzdC82MDQwEYYPaHR0 +-cDovL3hlc3QvNjA1MBGGD2h0dHA6Ly94ZXN0LzYwNjARhg9odHRwOi8veGVzdC82 +-MDcwEYYPaHR0cDovL3hlc3QvNjA4MBGGD2h0dHA6Ly94ZXN0LzYwOTARhg9odHRw +-Oi8veGVzdC82MTAwEYYPaHR0cDovL3hlc3QvNjExMBGGD2h0dHA6Ly94ZXN0LzYx +-MjARhg9odHRwOi8veGVzdC82MTMwEYYPaHR0cDovL3hlc3QvNjE0MBGGD2h0dHA6 +-Ly94ZXN0LzYxNTARhg9odHRwOi8veGVzdC82MTYwEYYPaHR0cDovL3hlc3QvNjE3 +-MBGGD2h0dHA6Ly94ZXN0LzYxODARhg9odHRwOi8veGVzdC82MTkwEYYPaHR0cDov +-L3hlc3QvNjIwMBGGD2h0dHA6Ly94ZXN0LzYyMTARhg9odHRwOi8veGVzdC82MjIw +-EYYPaHR0cDovL3hlc3QvNjIzMBGGD2h0dHA6Ly94ZXN0LzYyNDARhg9odHRwOi8v +-eGVzdC82MjUwEYYPaHR0cDovL3hlc3QvNjI2MBGGD2h0dHA6Ly94ZXN0LzYyNzAR +-hg9odHRwOi8veGVzdC82MjgwEYYPaHR0cDovL3hlc3QvNjI5MBGGD2h0dHA6Ly94 +-ZXN0LzYzMDARhg9odHRwOi8veGVzdC82MzEwEYYPaHR0cDovL3hlc3QvNjMyMBGG +-D2h0dHA6Ly94ZXN0LzYzMzARhg9odHRwOi8veGVzdC82MzQwEYYPaHR0cDovL3hl +-c3QvNjM1MBGGD2h0dHA6Ly94ZXN0LzYzNjARhg9odHRwOi8veGVzdC82MzcwEYYP +-aHR0cDovL3hlc3QvNjM4MBGGD2h0dHA6Ly94ZXN0LzYzOTARhg9odHRwOi8veGVz +-dC82NDAwEYYPaHR0cDovL3hlc3QvNjQxMBGGD2h0dHA6Ly94ZXN0LzY0MjARhg9o +-dHRwOi8veGVzdC82NDMwEYYPaHR0cDovL3hlc3QvNjQ0MBGGD2h0dHA6Ly94ZXN0 +-LzY0NTARhg9odHRwOi8veGVzdC82NDYwEYYPaHR0cDovL3hlc3QvNjQ3MBGGD2h0 +-dHA6Ly94ZXN0LzY0ODARhg9odHRwOi8veGVzdC82NDkwEYYPaHR0cDovL3hlc3Qv +-NjUwMBGGD2h0dHA6Ly94ZXN0LzY1MTARhg9odHRwOi8veGVzdC82NTIwEYYPaHR0 +-cDovL3hlc3QvNjUzMBGGD2h0dHA6Ly94ZXN0LzY1NDARhg9odHRwOi8veGVzdC82 +-NTUwEYYPaHR0cDovL3hlc3QvNjU2MBGGD2h0dHA6Ly94ZXN0LzY1NzARhg9odHRw +-Oi8veGVzdC82NTgwEYYPaHR0cDovL3hlc3QvNjU5MBGGD2h0dHA6Ly94ZXN0LzY2 +-MDARhg9odHRwOi8veGVzdC82NjEwEYYPaHR0cDovL3hlc3QvNjYyMBGGD2h0dHA6 +-Ly94ZXN0LzY2MzARhg9odHRwOi8veGVzdC82NjQwEYYPaHR0cDovL3hlc3QvNjY1 +-MBGGD2h0dHA6Ly94ZXN0LzY2NjARhg9odHRwOi8veGVzdC82NjcwEYYPaHR0cDov +-L3hlc3QvNjY4MBGGD2h0dHA6Ly94ZXN0LzY2OTARhg9odHRwOi8veGVzdC82NzAw +-EYYPaHR0cDovL3hlc3QvNjcxMBGGD2h0dHA6Ly94ZXN0LzY3MjARhg9odHRwOi8v +-eGVzdC82NzMwEYYPaHR0cDovL3hlc3QvNjc0MBGGD2h0dHA6Ly94ZXN0LzY3NTAR +-hg9odHRwOi8veGVzdC82NzYwEYYPaHR0cDovL3hlc3QvNjc3MBGGD2h0dHA6Ly94 +-ZXN0LzY3ODARhg9odHRwOi8veGVzdC82NzkwEYYPaHR0cDovL3hlc3QvNjgwMBGG +-D2h0dHA6Ly94ZXN0LzY4MTARhg9odHRwOi8veGVzdC82ODIwEYYPaHR0cDovL3hl +-c3QvNjgzMBGGD2h0dHA6Ly94ZXN0LzY4NDARhg9odHRwOi8veGVzdC82ODUwEYYP +-aHR0cDovL3hlc3QvNjg2MBGGD2h0dHA6Ly94ZXN0LzY4NzARhg9odHRwOi8veGVz +-dC82ODgwEYYPaHR0cDovL3hlc3QvNjg5MBGGD2h0dHA6Ly94ZXN0LzY5MDARhg9o +-dHRwOi8veGVzdC82OTEwEYYPaHR0cDovL3hlc3QvNjkyMBGGD2h0dHA6Ly94ZXN0 +-LzY5MzARhg9odHRwOi8veGVzdC82OTQwEYYPaHR0cDovL3hlc3QvNjk1MBGGD2h0 +-dHA6Ly94ZXN0LzY5NjARhg9odHRwOi8veGVzdC82OTcwEYYPaHR0cDovL3hlc3Qv +-Njk4MBGGD2h0dHA6Ly94ZXN0LzY5OTARhg9odHRwOi8veGVzdC83MDAwEYYPaHR0 +-cDovL3hlc3QvNzAxMBGGD2h0dHA6Ly94ZXN0LzcwMjARhg9odHRwOi8veGVzdC83 +-MDMwEYYPaHR0cDovL3hlc3QvNzA0MBGGD2h0dHA6Ly94ZXN0LzcwNTARhg9odHRw +-Oi8veGVzdC83MDYwEYYPaHR0cDovL3hlc3QvNzA3MBGGD2h0dHA6Ly94ZXN0Lzcw +-ODARhg9odHRwOi8veGVzdC83MDkwEYYPaHR0cDovL3hlc3QvNzEwMBGGD2h0dHA6 +-Ly94ZXN0LzcxMTARhg9odHRwOi8veGVzdC83MTIwEYYPaHR0cDovL3hlc3QvNzEz +-MBGGD2h0dHA6Ly94ZXN0LzcxNDARhg9odHRwOi8veGVzdC83MTUwEYYPaHR0cDov +-L3hlc3QvNzE2MBGGD2h0dHA6Ly94ZXN0LzcxNzARhg9odHRwOi8veGVzdC83MTgw +-EYYPaHR0cDovL3hlc3QvNzE5MBGGD2h0dHA6Ly94ZXN0LzcyMDARhg9odHRwOi8v +-eGVzdC83MjEwEYYPaHR0cDovL3hlc3QvNzIyMBGGD2h0dHA6Ly94ZXN0LzcyMzAR +-hg9odHRwOi8veGVzdC83MjQwEYYPaHR0cDovL3hlc3QvNzI1MBGGD2h0dHA6Ly94 +-ZXN0LzcyNjARhg9odHRwOi8veGVzdC83MjcwEYYPaHR0cDovL3hlc3QvNzI4MBGG +-D2h0dHA6Ly94ZXN0LzcyOTARhg9odHRwOi8veGVzdC83MzAwEYYPaHR0cDovL3hl +-c3QvNzMxMBGGD2h0dHA6Ly94ZXN0LzczMjARhg9odHRwOi8veGVzdC83MzMwEYYP +-aHR0cDovL3hlc3QvNzM0MBGGD2h0dHA6Ly94ZXN0LzczNTARhg9odHRwOi8veGVz +-dC83MzYwEYYPaHR0cDovL3hlc3QvNzM3MBGGD2h0dHA6Ly94ZXN0LzczODARhg9o +-dHRwOi8veGVzdC83MzkwEYYPaHR0cDovL3hlc3QvNzQwMBGGD2h0dHA6Ly94ZXN0 +-Lzc0MTARhg9odHRwOi8veGVzdC83NDIwEYYPaHR0cDovL3hlc3QvNzQzMBGGD2h0 +-dHA6Ly94ZXN0Lzc0NDARhg9odHRwOi8veGVzdC83NDUwEYYPaHR0cDovL3hlc3Qv +-NzQ2MBGGD2h0dHA6Ly94ZXN0Lzc0NzARhg9odHRwOi8veGVzdC83NDgwEYYPaHR0 +-cDovL3hlc3QvNzQ5MBGGD2h0dHA6Ly94ZXN0Lzc1MDARhg9odHRwOi8veGVzdC83 +-NTEwEYYPaHR0cDovL3hlc3QvNzUyMBGGD2h0dHA6Ly94ZXN0Lzc1MzARhg9odHRw +-Oi8veGVzdC83NTQwEYYPaHR0cDovL3hlc3QvNzU1MBGGD2h0dHA6Ly94ZXN0Lzc1 +-NjARhg9odHRwOi8veGVzdC83NTcwEYYPaHR0cDovL3hlc3QvNzU4MBGGD2h0dHA6 +-Ly94ZXN0Lzc1OTARhg9odHRwOi8veGVzdC83NjAwEYYPaHR0cDovL3hlc3QvNzYx +-MBGGD2h0dHA6Ly94ZXN0Lzc2MjARhg9odHRwOi8veGVzdC83NjMwEYYPaHR0cDov +-L3hlc3QvNzY0MBGGD2h0dHA6Ly94ZXN0Lzc2NTARhg9odHRwOi8veGVzdC83NjYw +-EYYPaHR0cDovL3hlc3QvNzY3MBGGD2h0dHA6Ly94ZXN0Lzc2ODARhg9odHRwOi8v +-eGVzdC83NjkwEYYPaHR0cDovL3hlc3QvNzcwMBGGD2h0dHA6Ly94ZXN0Lzc3MTAR +-hg9odHRwOi8veGVzdC83NzIwEYYPaHR0cDovL3hlc3QvNzczMBGGD2h0dHA6Ly94 +-ZXN0Lzc3NDARhg9odHRwOi8veGVzdC83NzUwEYYPaHR0cDovL3hlc3QvNzc2MBGG +-D2h0dHA6Ly94ZXN0Lzc3NzARhg9odHRwOi8veGVzdC83NzgwEYYPaHR0cDovL3hl +-c3QvNzc5MBGGD2h0dHA6Ly94ZXN0Lzc4MDARhg9odHRwOi8veGVzdC83ODEwEYYP +-aHR0cDovL3hlc3QvNzgyMBGGD2h0dHA6Ly94ZXN0Lzc4MzARhg9odHRwOi8veGVz +-dC83ODQwEYYPaHR0cDovL3hlc3QvNzg1MBGGD2h0dHA6Ly94ZXN0Lzc4NjARhg9o +-dHRwOi8veGVzdC83ODcwEYYPaHR0cDovL3hlc3QvNzg4MBGGD2h0dHA6Ly94ZXN0 +-Lzc4OTARhg9odHRwOi8veGVzdC83OTAwEYYPaHR0cDovL3hlc3QvNzkxMBGGD2h0 +-dHA6Ly94ZXN0Lzc5MjARhg9odHRwOi8veGVzdC83OTMwEYYPaHR0cDovL3hlc3Qv +-Nzk0MBGGD2h0dHA6Ly94ZXN0Lzc5NTARhg9odHRwOi8veGVzdC83OTYwEYYPaHR0 +-cDovL3hlc3QvNzk3MBGGD2h0dHA6Ly94ZXN0Lzc5ODARhg9odHRwOi8veGVzdC83 +-OTkwEYYPaHR0cDovL3hlc3QvODAwMBGGD2h0dHA6Ly94ZXN0LzgwMTARhg9odHRw +-Oi8veGVzdC84MDIwEYYPaHR0cDovL3hlc3QvODAzMBGGD2h0dHA6Ly94ZXN0Lzgw +-NDARhg9odHRwOi8veGVzdC84MDUwEYYPaHR0cDovL3hlc3QvODA2MBGGD2h0dHA6 +-Ly94ZXN0LzgwNzARhg9odHRwOi8veGVzdC84MDgwEYYPaHR0cDovL3hlc3QvODA5 +-MBGGD2h0dHA6Ly94ZXN0LzgxMDARhg9odHRwOi8veGVzdC84MTEwEYYPaHR0cDov +-L3hlc3QvODEyMBGGD2h0dHA6Ly94ZXN0LzgxMzARhg9odHRwOi8veGVzdC84MTQw +-EYYPaHR0cDovL3hlc3QvODE1MBGGD2h0dHA6Ly94ZXN0LzgxNjARhg9odHRwOi8v +-eGVzdC84MTcwEYYPaHR0cDovL3hlc3QvODE4MBGGD2h0dHA6Ly94ZXN0LzgxOTAR +-hg9odHRwOi8veGVzdC84MjAwEYYPaHR0cDovL3hlc3QvODIxMBGGD2h0dHA6Ly94 +-ZXN0LzgyMjARhg9odHRwOi8veGVzdC84MjMwEYYPaHR0cDovL3hlc3QvODI0MBGG +-D2h0dHA6Ly94ZXN0LzgyNTARhg9odHRwOi8veGVzdC84MjYwEYYPaHR0cDovL3hl +-c3QvODI3MBGGD2h0dHA6Ly94ZXN0LzgyODARhg9odHRwOi8veGVzdC84MjkwEYYP +-aHR0cDovL3hlc3QvODMwMBGGD2h0dHA6Ly94ZXN0LzgzMTARhg9odHRwOi8veGVz +-dC84MzIwEYYPaHR0cDovL3hlc3QvODMzMBGGD2h0dHA6Ly94ZXN0LzgzNDARhg9o +-dHRwOi8veGVzdC84MzUwEYYPaHR0cDovL3hlc3QvODM2MBGGD2h0dHA6Ly94ZXN0 +-LzgzNzARhg9odHRwOi8veGVzdC84MzgwEYYPaHR0cDovL3hlc3QvODM5MBGGD2h0 +-dHA6Ly94ZXN0Lzg0MDARhg9odHRwOi8veGVzdC84NDEwEYYPaHR0cDovL3hlc3Qv +-ODQyMBGGD2h0dHA6Ly94ZXN0Lzg0MzARhg9odHRwOi8veGVzdC84NDQwEYYPaHR0 +-cDovL3hlc3QvODQ1MBGGD2h0dHA6Ly94ZXN0Lzg0NjARhg9odHRwOi8veGVzdC84 +-NDcwEYYPaHR0cDovL3hlc3QvODQ4MBGGD2h0dHA6Ly94ZXN0Lzg0OTARhg9odHRw +-Oi8veGVzdC84NTAwEYYPaHR0cDovL3hlc3QvODUxMBGGD2h0dHA6Ly94ZXN0Lzg1 +-MjARhg9odHRwOi8veGVzdC84NTMwEYYPaHR0cDovL3hlc3QvODU0MBGGD2h0dHA6 +-Ly94ZXN0Lzg1NTARhg9odHRwOi8veGVzdC84NTYwEYYPaHR0cDovL3hlc3QvODU3 +-MBGGD2h0dHA6Ly94ZXN0Lzg1ODARhg9odHRwOi8veGVzdC84NTkwEYYPaHR0cDov +-L3hlc3QvODYwMBGGD2h0dHA6Ly94ZXN0Lzg2MTARhg9odHRwOi8veGVzdC84NjIw +-EYYPaHR0cDovL3hlc3QvODYzMBGGD2h0dHA6Ly94ZXN0Lzg2NDARhg9odHRwOi8v +-eGVzdC84NjUwEYYPaHR0cDovL3hlc3QvODY2MBGGD2h0dHA6Ly94ZXN0Lzg2NzAR +-hg9odHRwOi8veGVzdC84NjgwEYYPaHR0cDovL3hlc3QvODY5MBGGD2h0dHA6Ly94 +-ZXN0Lzg3MDARhg9odHRwOi8veGVzdC84NzEwEYYPaHR0cDovL3hlc3QvODcyMBGG +-D2h0dHA6Ly94ZXN0Lzg3MzARhg9odHRwOi8veGVzdC84NzQwEYYPaHR0cDovL3hl +-c3QvODc1MBGGD2h0dHA6Ly94ZXN0Lzg3NjARhg9odHRwOi8veGVzdC84NzcwEYYP +-aHR0cDovL3hlc3QvODc4MBGGD2h0dHA6Ly94ZXN0Lzg3OTARhg9odHRwOi8veGVz +-dC84ODAwEYYPaHR0cDovL3hlc3QvODgxMBGGD2h0dHA6Ly94ZXN0Lzg4MjARhg9o +-dHRwOi8veGVzdC84ODMwEYYPaHR0cDovL3hlc3QvODg0MBGGD2h0dHA6Ly94ZXN0 +-Lzg4NTARhg9odHRwOi8veGVzdC84ODYwEYYPaHR0cDovL3hlc3QvODg3MBGGD2h0 +-dHA6Ly94ZXN0Lzg4ODARhg9odHRwOi8veGVzdC84ODkwEYYPaHR0cDovL3hlc3Qv +-ODkwMBGGD2h0dHA6Ly94ZXN0Lzg5MTARhg9odHRwOi8veGVzdC84OTIwEYYPaHR0 +-cDovL3hlc3QvODkzMBGGD2h0dHA6Ly94ZXN0Lzg5NDARhg9odHRwOi8veGVzdC84 +-OTUwEYYPaHR0cDovL3hlc3QvODk2MBGGD2h0dHA6Ly94ZXN0Lzg5NzARhg9odHRw +-Oi8veGVzdC84OTgwEYYPaHR0cDovL3hlc3QvODk5MBGGD2h0dHA6Ly94ZXN0Lzkw +-MDARhg9odHRwOi8veGVzdC85MDEwEYYPaHR0cDovL3hlc3QvOTAyMBGGD2h0dHA6 +-Ly94ZXN0LzkwMzARhg9odHRwOi8veGVzdC85MDQwEYYPaHR0cDovL3hlc3QvOTA1 +-MBGGD2h0dHA6Ly94ZXN0LzkwNjARhg9odHRwOi8veGVzdC85MDcwEYYPaHR0cDov +-L3hlc3QvOTA4MBGGD2h0dHA6Ly94ZXN0LzkwOTARhg9odHRwOi8veGVzdC85MTAw +-EYYPaHR0cDovL3hlc3QvOTExMBGGD2h0dHA6Ly94ZXN0LzkxMjARhg9odHRwOi8v +-eGVzdC85MTMwEYYPaHR0cDovL3hlc3QvOTE0MBGGD2h0dHA6Ly94ZXN0LzkxNTAR +-hg9odHRwOi8veGVzdC85MTYwEYYPaHR0cDovL3hlc3QvOTE3MBGGD2h0dHA6Ly94 +-ZXN0LzkxODARhg9odHRwOi8veGVzdC85MTkwEYYPaHR0cDovL3hlc3QvOTIwMBGG +-D2h0dHA6Ly94ZXN0LzkyMTARhg9odHRwOi8veGVzdC85MjIwEYYPaHR0cDovL3hl +-c3QvOTIzMBGGD2h0dHA6Ly94ZXN0LzkyNDARhg9odHRwOi8veGVzdC85MjUwEYYP +-aHR0cDovL3hlc3QvOTI2MBGGD2h0dHA6Ly94ZXN0LzkyNzARhg9odHRwOi8veGVz +-dC85MjgwEYYPaHR0cDovL3hlc3QvOTI5MBGGD2h0dHA6Ly94ZXN0LzkzMDARhg9o +-dHRwOi8veGVzdC85MzEwEYYPaHR0cDovL3hlc3QvOTMyMBGGD2h0dHA6Ly94ZXN0 +-LzkzMzARhg9odHRwOi8veGVzdC85MzQwEYYPaHR0cDovL3hlc3QvOTM1MBGGD2h0 +-dHA6Ly94ZXN0LzkzNjARhg9odHRwOi8veGVzdC85MzcwEYYPaHR0cDovL3hlc3Qv +-OTM4MBGGD2h0dHA6Ly94ZXN0LzkzOTARhg9odHRwOi8veGVzdC85NDAwEYYPaHR0 +-cDovL3hlc3QvOTQxMBGGD2h0dHA6Ly94ZXN0Lzk0MjARhg9odHRwOi8veGVzdC85 +-NDMwEYYPaHR0cDovL3hlc3QvOTQ0MBGGD2h0dHA6Ly94ZXN0Lzk0NTARhg9odHRw +-Oi8veGVzdC85NDYwEYYPaHR0cDovL3hlc3QvOTQ3MBGGD2h0dHA6Ly94ZXN0Lzk0 +-ODARhg9odHRwOi8veGVzdC85NDkwEYYPaHR0cDovL3hlc3QvOTUwMBGGD2h0dHA6 +-Ly94ZXN0Lzk1MTARhg9odHRwOi8veGVzdC85NTIwEYYPaHR0cDovL3hlc3QvOTUz +-MBGGD2h0dHA6Ly94ZXN0Lzk1NDARhg9odHRwOi8veGVzdC85NTUwEYYPaHR0cDov +-L3hlc3QvOTU2MBGGD2h0dHA6Ly94ZXN0Lzk1NzARhg9odHRwOi8veGVzdC85NTgw +-EYYPaHR0cDovL3hlc3QvOTU5MBGGD2h0dHA6Ly94ZXN0Lzk2MDARhg9odHRwOi8v +-eGVzdC85NjEwEYYPaHR0cDovL3hlc3QvOTYyMBGGD2h0dHA6Ly94ZXN0Lzk2MzAR +-hg9odHRwOi8veGVzdC85NjQwEYYPaHR0cDovL3hlc3QvOTY1MBGGD2h0dHA6Ly94 +-ZXN0Lzk2NjARhg9odHRwOi8veGVzdC85NjcwEYYPaHR0cDovL3hlc3QvOTY4MBGG +-D2h0dHA6Ly94ZXN0Lzk2OTARhg9odHRwOi8veGVzdC85NzAwEYYPaHR0cDovL3hl +-c3QvOTcxMBGGD2h0dHA6Ly94ZXN0Lzk3MjARhg9odHRwOi8veGVzdC85NzMwEYYP +-aHR0cDovL3hlc3QvOTc0MBGGD2h0dHA6Ly94ZXN0Lzk3NTARhg9odHRwOi8veGVz +-dC85NzYwEYYPaHR0cDovL3hlc3QvOTc3MBGGD2h0dHA6Ly94ZXN0Lzk3ODARhg9o +-dHRwOi8veGVzdC85NzkwEYYPaHR0cDovL3hlc3QvOTgwMBGGD2h0dHA6Ly94ZXN0 +-Lzk4MTARhg9odHRwOi8veGVzdC85ODIwEYYPaHR0cDovL3hlc3QvOTgzMBGGD2h0 +-dHA6Ly94ZXN0Lzk4NDARhg9odHRwOi8veGVzdC85ODUwEYYPaHR0cDovL3hlc3Qv +-OTg2MBGGD2h0dHA6Ly94ZXN0Lzk4NzARhg9odHRwOi8veGVzdC85ODgwEYYPaHR0 +-cDovL3hlc3QvOTg5MBGGD2h0dHA6Ly94ZXN0Lzk5MDARhg9odHRwOi8veGVzdC85 +-OTEwEYYPaHR0cDovL3hlc3QvOTkyMBGGD2h0dHA6Ly94ZXN0Lzk5MzARhg9odHRw +-Oi8veGVzdC85OTQwEYYPaHR0cDovL3hlc3QvOTk1MBGGD2h0dHA6Ly94ZXN0Lzk5 +-NjARhg9odHRwOi8veGVzdC85OTcwEYYPaHR0cDovL3hlc3QvOTk4MBGGD2h0dHA6 +-Ly94ZXN0Lzk5OTAShhBodHRwOi8veGVzdC8xMDAwMBKGEGh0dHA6Ly94ZXN0LzEw +-MDEwEoYQaHR0cDovL3hlc3QvMTAwMjAShhBodHRwOi8veGVzdC8xMDAzMBKGEGh0 +-dHA6Ly94ZXN0LzEwMDQwEoYQaHR0cDovL3hlc3QvMTAwNTAShhBodHRwOi8veGVz +-dC8xMDA2MBKGEGh0dHA6Ly94ZXN0LzEwMDcwEoYQaHR0cDovL3hlc3QvMTAwODAS +-hhBodHRwOi8veGVzdC8xMDA5MBKGEGh0dHA6Ly94ZXN0LzEwMTAwEoYQaHR0cDov +-L3hlc3QvMTAxMTAShhBodHRwOi8veGVzdC8xMDEyMBKGEGh0dHA6Ly94ZXN0LzEw +-MTMwEoYQaHR0cDovL3hlc3QvMTAxNDAShhBodHRwOi8veGVzdC8xMDE1MBKGEGh0 +-dHA6Ly94ZXN0LzEwMTYwEoYQaHR0cDovL3hlc3QvMTAxNzAShhBodHRwOi8veGVz +-dC8xMDE4MBKGEGh0dHA6Ly94ZXN0LzEwMTkwEoYQaHR0cDovL3hlc3QvMTAyMDAS +-hhBodHRwOi8veGVzdC8xMDIxMBKGEGh0dHA6Ly94ZXN0LzEwMjIwEoYQaHR0cDov +-L3hlc3QvMTAyMzAShhBodHRwOi8veGVzdC8xMDI0MA0GCSqGSIb3DQEBCwUAA4IB +-AQAcHj9jLB0GARMS1c+6JUnH+za9yzLttzWr+OXcGrgbN7vq9cIdQJb7qVaU6ULZ +-EKOO4QKelQO3PmRMp4IfkRUnRgsetUkQskKNwai9rpR+US70Jhr0DYoDzTs6it+U +-wvFY6GalifCQbMrU/Q7Ip+7dup+5iA7AtQZLHKH5u7r7DI/UQ7bYlRDFY8PMoIFo +-ro8uJEhg2MSdQ04l9JSHWu257Y/d7x5IOD0T1kvveYwNaPg6UYyjEZyGwKabnr+l +-6Mku27aL1k0n7rNaHWH2E665UryucDiK2Pmi7ukysEF4nZZMlKqv9d6GFgStUNap +-E4K0CJvZZ3XtoLkWs5eziJ5c ++MILWujCC1aKgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vYwDQYJKoZIhvcNAQEL ++BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw ++MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ++ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 ++rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu ++mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy ++TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx ++2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz ++GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOC1AQwgtQAMB0GA1Ud ++DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM ++TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 ++cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs ++LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB ++Af8wgtM0BgNVHR4EgtMrMILTJ6CCabEwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC ++B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu ++dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz ++dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz ++dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz ++dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz ++dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz ++dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz ++dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz ++dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz ++dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz ++dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz ++dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz ++dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz ++dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz ++dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz ++dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz ++dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz ++dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz ++dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz ++dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz ++dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz ++dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz ++dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz ++dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz ++dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu ++dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 ++MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw ++C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 ++ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx ++MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL ++ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl ++c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy ++OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC ++CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz ++dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 ++LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ ++dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 ++MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu ++dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 ++MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw ++C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 ++ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx ++NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL ++ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAqHCAoAAAD/////MAqHCAoAAAH///// ++MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoAAAX///// ++MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoAAAn///// ++MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoAAA3///// ++MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoAABH///// ++MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoAABX///// ++MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoAABn///// ++MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoAAB3///// ++MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoAACH///// ++MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoAACX///// ++MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoAACn///// ++MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoAAC3///// ++MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoAADH///// ++MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoAADX///// ++MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoAADn///// ++MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoAAD3///// ++MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoAAEH///// ++MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoAAEX///// ++MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoAAEn///// ++MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoAAE3///// ++MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoAAFH///// ++MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoAAFX///// ++MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoAAFn///// ++MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoAAF3///// ++MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoAAGH///// ++MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoAAGX///// ++MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoAAGn///// ++MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoAAG3///// ++MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoAAHH///// ++MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoAAHX///// ++MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoAAHn///// ++MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoAAH3///// ++MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoAAIH///// ++MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoAAIX///// ++MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoAAIn///// ++MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoAAI3///// ++MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoAAJH///// ++MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoAAJX///// ++MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoAAJn///// ++MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoAAJ3///// ++MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoAAKH///// ++MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoAAKX///// ++MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoAAKn///// ++MAqHCAoAAKr/////MBGkDzANMQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwC ++dDEwEaQPMA0xCzAJBgNVBAMMAnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTEL ++MAkGA1UEAwwCdDQwEaQPMA0xCzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0 ++NjARpA8wDTELMAkGA1UEAwwCdDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQsw ++CQYDVQQDDAJ0OTASpBAwDjEMMAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0 ++MTEwEqQQMA4xDDAKBgNVBAMMA3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAO ++MQwwCgYDVQQDDAN0MTQwEqQQMA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UE ++AwwDdDE2MBKkEDAOMQwwCgYDVQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODAS ++pBAwDjEMMAoGA1UEAwwDdDE5MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAK ++BgNVBAMMA3QyMTASpBAwDjEMMAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0 ++MjMwEqQQMA4xDDAKBgNVBAMMA3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAO ++MQwwCgYDVQQDDAN0MjYwEqQQMA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UE ++AwwDdDI4MBKkEDAOMQwwCgYDVQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDAS ++pBAwDjEMMAoGA1UEAwwDdDMxMBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAK ++BgNVBAMMA3QzMzASpBAwDjEMMAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0 ++MzUwEqQQMA4xDDAKBgNVBAMMA3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAO ++MQwwCgYDVQQDDAN0MzgwEqQQMA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UE ++AwwDdDQwMBKkEDAOMQwwCgYDVQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjAS ++pBAwDjEMMAoGA1UEAwwDdDQzMBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAK ++BgNVBAMMA3Q0NTASpBAwDjEMMAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0 ++NDcwEqQQMA4xDDAKBgNVBAMMA3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAO ++MQwwCgYDVQQDDAN0NTAwEqQQMA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UE ++AwwDdDUyMBKkEDAOMQwwCgYDVQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDAS ++pBAwDjEMMAoGA1UEAwwDdDU1MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAK ++BgNVBAMMA3Q1NzASpBAwDjEMMAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0 ++NTkwEqQQMA4xDDAKBgNVBAMMA3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAO ++MQwwCgYDVQQDDAN0NjIwEqQQMA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UE ++AwwDdDY0MBKkEDAOMQwwCgYDVQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjAS ++pBAwDjEMMAoGA1UEAwwDdDY3MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAK ++BgNVBAMMA3Q2OTASpBAwDjEMMAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0 ++NzEwEqQQMA4xDDAKBgNVBAMMA3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAO ++MQwwCgYDVQQDDAN0NzQwEqQQMA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UE ++AwwDdDc2MBKkEDAOMQwwCgYDVQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODAS ++pBAwDjEMMAoGA1UEAwwDdDc5MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAK ++BgNVBAMMA3Q4MTASpBAwDjEMMAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0 ++ODMwEqQQMA4xDDAKBgNVBAMMA3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAO ++MQwwCgYDVQQDDAN0ODYwEqQQMA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UE ++AwwDdDg4MBKkEDAOMQwwCgYDVQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDAS ++pBAwDjEMMAoGA1UEAwwDdDkxMBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAK ++BgNVBAMMA3Q5MzASpBAwDjEMMAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0 ++OTUwEqQQMA4xDDAKBgNVBAMMA3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAO ++MQwwCgYDVQQDDAN0OTgwEqQQMA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UE ++AwwEdDEwMDATpBEwDzENMAsGA1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEw ++MjATpBEwDzENMAsGA1UEAwwEdDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEw ++DzENMAsGA1UEAwwEdDEwNTATpBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsG ++A1UEAwwEdDEwNzATpBEwDzENMAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwE ++dDEwOTATpBEwDzENMAsGA1UEAwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTAT ++pBEwDzENMAsGA1UEAwwEdDExMjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzEN ++MAsGA1UEAwwEdDExNDATpBEwDzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UE ++AwwEdDExNjATpBEwDzENMAsGA1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDEx ++ODATpBEwDzENMAsGA1UEAwwEdDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEw ++DzENMAsGA1UEAwwEdDEyMTATpBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsG ++A1UEAwwEdDEyMzATpBEwDzENMAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwE ++dDEyNTATpBEwDzENMAsGA1UEAwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzAT ++pBEwDzENMAsGA1UEAwwEdDEyODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzEN ++MAsGA1UEAwwEdDEzMDATpBEwDzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UE ++AwwEdDEzMjATpBEwDzENMAsGA1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEz ++NDATpBEwDzENMAsGA1UEAwwEdDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEw ++DzENMAsGA1UEAwwEdDEzNzATpBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsG ++A1UEAwwEdDEzOTATpBEwDzENMAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwE ++dDE0MTATpBEwDzENMAsGA1UEAwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzAT ++pBEwDzENMAsGA1UEAwwEdDE0NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzEN ++MAsGA1UEAwwEdDE0NjATpBEwDzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UE ++AwwEdDE0ODATpBEwDzENMAsGA1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1 ++MDATpBEwDzENMAsGA1UEAwwEdDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEw ++DzENMAsGA1UEAwwEdDE1MzATpBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsG ++A1UEAwwEdDE1NTATpBEwDzENMAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwE ++dDE1NzATpBEwDzENMAsGA1UEAwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTAT ++pBEwDzENMAsGA1UEAwwEdDE2MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzEN ++MAsGA1UEAwwEdDE2MjATpBEwDzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UE ++AwwEdDE2NDATpBEwDzENMAsGA1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2 ++NjATpBEwDzENMAsGA1UEAwwEdDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEw ++DzENMAsGA1UEAwwEdDE2OTATpBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsG ++A1UEAwwEdDE3MTAPhg1odHRwOi8vdGVzdC8wMA+GDWh0dHA6Ly90ZXN0LzEwD4YN ++aHR0cDovL3Rlc3QvMjAPhg1odHRwOi8vdGVzdC8zMA+GDWh0dHA6Ly90ZXN0LzQw ++D4YNaHR0cDovL3Rlc3QvNTAPhg1odHRwOi8vdGVzdC82MA+GDWh0dHA6Ly90ZXN0 ++LzcwD4YNaHR0cDovL3Rlc3QvODAPhg1odHRwOi8vdGVzdC85MBCGDmh0dHA6Ly90 ++ZXN0LzEwMBCGDmh0dHA6Ly90ZXN0LzExMBCGDmh0dHA6Ly90ZXN0LzEyMBCGDmh0 ++dHA6Ly90ZXN0LzEzMBCGDmh0dHA6Ly90ZXN0LzE0MBCGDmh0dHA6Ly90ZXN0LzE1 ++MBCGDmh0dHA6Ly90ZXN0LzE2MBCGDmh0dHA6Ly90ZXN0LzE3MBCGDmh0dHA6Ly90 ++ZXN0LzE4MBCGDmh0dHA6Ly90ZXN0LzE5MBCGDmh0dHA6Ly90ZXN0LzIwMBCGDmh0 ++dHA6Ly90ZXN0LzIxMBCGDmh0dHA6Ly90ZXN0LzIyMBCGDmh0dHA6Ly90ZXN0LzIz ++MBCGDmh0dHA6Ly90ZXN0LzI0MBCGDmh0dHA6Ly90ZXN0LzI1MBCGDmh0dHA6Ly90 ++ZXN0LzI2MBCGDmh0dHA6Ly90ZXN0LzI3MBCGDmh0dHA6Ly90ZXN0LzI4MBCGDmh0 ++dHA6Ly90ZXN0LzI5MBCGDmh0dHA6Ly90ZXN0LzMwMBCGDmh0dHA6Ly90ZXN0LzMx ++MBCGDmh0dHA6Ly90ZXN0LzMyMBCGDmh0dHA6Ly90ZXN0LzMzMBCGDmh0dHA6Ly90 ++ZXN0LzM0MBCGDmh0dHA6Ly90ZXN0LzM1MBCGDmh0dHA6Ly90ZXN0LzM2MBCGDmh0 ++dHA6Ly90ZXN0LzM3MBCGDmh0dHA6Ly90ZXN0LzM4MBCGDmh0dHA6Ly90ZXN0LzM5 ++MBCGDmh0dHA6Ly90ZXN0LzQwMBCGDmh0dHA6Ly90ZXN0LzQxMBCGDmh0dHA6Ly90 ++ZXN0LzQyMBCGDmh0dHA6Ly90ZXN0LzQzMBCGDmh0dHA6Ly90ZXN0LzQ0MBCGDmh0 ++dHA6Ly90ZXN0LzQ1MBCGDmh0dHA6Ly90ZXN0LzQ2MBCGDmh0dHA6Ly90ZXN0LzQ3 ++MBCGDmh0dHA6Ly90ZXN0LzQ4MBCGDmh0dHA6Ly90ZXN0LzQ5MBCGDmh0dHA6Ly90 ++ZXN0LzUwMBCGDmh0dHA6Ly90ZXN0LzUxMBCGDmh0dHA6Ly90ZXN0LzUyMBCGDmh0 ++dHA6Ly90ZXN0LzUzMBCGDmh0dHA6Ly90ZXN0LzU0MBCGDmh0dHA6Ly90ZXN0LzU1 ++MBCGDmh0dHA6Ly90ZXN0LzU2MBCGDmh0dHA6Ly90ZXN0LzU3MBCGDmh0dHA6Ly90 ++ZXN0LzU4MBCGDmh0dHA6Ly90ZXN0LzU5MBCGDmh0dHA6Ly90ZXN0LzYwMBCGDmh0 ++dHA6Ly90ZXN0LzYxMBCGDmh0dHA6Ly90ZXN0LzYyMBCGDmh0dHA6Ly90ZXN0LzYz ++MBCGDmh0dHA6Ly90ZXN0LzY0MBCGDmh0dHA6Ly90ZXN0LzY1MBCGDmh0dHA6Ly90 ++ZXN0LzY2MBCGDmh0dHA6Ly90ZXN0LzY3MBCGDmh0dHA6Ly90ZXN0LzY4MBCGDmh0 ++dHA6Ly90ZXN0LzY5MBCGDmh0dHA6Ly90ZXN0LzcwMBCGDmh0dHA6Ly90ZXN0Lzcx ++MBCGDmh0dHA6Ly90ZXN0LzcyMBCGDmh0dHA6Ly90ZXN0LzczMBCGDmh0dHA6Ly90 ++ZXN0Lzc0MBCGDmh0dHA6Ly90ZXN0Lzc1MBCGDmh0dHA6Ly90ZXN0Lzc2MBCGDmh0 ++dHA6Ly90ZXN0Lzc3MBCGDmh0dHA6Ly90ZXN0Lzc4MBCGDmh0dHA6Ly90ZXN0Lzc5 ++MBCGDmh0dHA6Ly90ZXN0LzgwMBCGDmh0dHA6Ly90ZXN0LzgxMBCGDmh0dHA6Ly90 ++ZXN0LzgyMBCGDmh0dHA6Ly90ZXN0LzgzMBCGDmh0dHA6Ly90ZXN0Lzg0MBCGDmh0 ++dHA6Ly90ZXN0Lzg1MBCGDmh0dHA6Ly90ZXN0Lzg2MBCGDmh0dHA6Ly90ZXN0Lzg3 ++MBCGDmh0dHA6Ly90ZXN0Lzg4MBCGDmh0dHA6Ly90ZXN0Lzg5MBCGDmh0dHA6Ly90 ++ZXN0LzkwMBCGDmh0dHA6Ly90ZXN0LzkxMBCGDmh0dHA6Ly90ZXN0LzkyMBCGDmh0 ++dHA6Ly90ZXN0LzkzMBCGDmh0dHA6Ly90ZXN0Lzk0MBCGDmh0dHA6Ly90ZXN0Lzk1 ++MBCGDmh0dHA6Ly90ZXN0Lzk2MBCGDmh0dHA6Ly90ZXN0Lzk3MBCGDmh0dHA6Ly90 ++ZXN0Lzk4MBCGDmh0dHA6Ly90ZXN0Lzk5MBGGD2h0dHA6Ly90ZXN0LzEwMDARhg9o ++dHRwOi8vdGVzdC8xMDEwEYYPaHR0cDovL3Rlc3QvMTAyMBGGD2h0dHA6Ly90ZXN0 ++LzEwMzARhg9odHRwOi8vdGVzdC8xMDQwEYYPaHR0cDovL3Rlc3QvMTA1MBGGD2h0 ++dHA6Ly90ZXN0LzEwNjARhg9odHRwOi8vdGVzdC8xMDcwEYYPaHR0cDovL3Rlc3Qv ++MTA4MBGGD2h0dHA6Ly90ZXN0LzEwOTARhg9odHRwOi8vdGVzdC8xMTAwEYYPaHR0 ++cDovL3Rlc3QvMTExMBGGD2h0dHA6Ly90ZXN0LzExMjARhg9odHRwOi8vdGVzdC8x ++MTMwEYYPaHR0cDovL3Rlc3QvMTE0MBGGD2h0dHA6Ly90ZXN0LzExNTARhg9odHRw ++Oi8vdGVzdC8xMTYwEYYPaHR0cDovL3Rlc3QvMTE3MBGGD2h0dHA6Ly90ZXN0LzEx ++ODARhg9odHRwOi8vdGVzdC8xMTkwEYYPaHR0cDovL3Rlc3QvMTIwMBGGD2h0dHA6 ++Ly90ZXN0LzEyMTARhg9odHRwOi8vdGVzdC8xMjIwEYYPaHR0cDovL3Rlc3QvMTIz ++MBGGD2h0dHA6Ly90ZXN0LzEyNDARhg9odHRwOi8vdGVzdC8xMjUwEYYPaHR0cDov ++L3Rlc3QvMTI2MBGGD2h0dHA6Ly90ZXN0LzEyNzARhg9odHRwOi8vdGVzdC8xMjgw ++EYYPaHR0cDovL3Rlc3QvMTI5MBGGD2h0dHA6Ly90ZXN0LzEzMDARhg9odHRwOi8v ++dGVzdC8xMzEwEYYPaHR0cDovL3Rlc3QvMTMyMBGGD2h0dHA6Ly90ZXN0LzEzMzAR ++hg9odHRwOi8vdGVzdC8xMzQwEYYPaHR0cDovL3Rlc3QvMTM1MBGGD2h0dHA6Ly90 ++ZXN0LzEzNjARhg9odHRwOi8vdGVzdC8xMzcwEYYPaHR0cDovL3Rlc3QvMTM4MBGG ++D2h0dHA6Ly90ZXN0LzEzOTARhg9odHRwOi8vdGVzdC8xNDAwEYYPaHR0cDovL3Rl ++c3QvMTQxMBGGD2h0dHA6Ly90ZXN0LzE0MjARhg9odHRwOi8vdGVzdC8xNDMwEYYP ++aHR0cDovL3Rlc3QvMTQ0MBGGD2h0dHA6Ly90ZXN0LzE0NTARhg9odHRwOi8vdGVz ++dC8xNDYwEYYPaHR0cDovL3Rlc3QvMTQ3MBGGD2h0dHA6Ly90ZXN0LzE0ODARhg9o ++dHRwOi8vdGVzdC8xNDkwEYYPaHR0cDovL3Rlc3QvMTUwMBGGD2h0dHA6Ly90ZXN0 ++LzE1MTARhg9odHRwOi8vdGVzdC8xNTIwEYYPaHR0cDovL3Rlc3QvMTUzMBGGD2h0 ++dHA6Ly90ZXN0LzE1NDARhg9odHRwOi8vdGVzdC8xNTUwEYYPaHR0cDovL3Rlc3Qv ++MTU2MBGGD2h0dHA6Ly90ZXN0LzE1NzARhg9odHRwOi8vdGVzdC8xNTgwEYYPaHR0 ++cDovL3Rlc3QvMTU5MBGGD2h0dHA6Ly90ZXN0LzE2MDARhg9odHRwOi8vdGVzdC8x ++NjEwEYYPaHR0cDovL3Rlc3QvMTYyMBGGD2h0dHA6Ly90ZXN0LzE2MzARhg9odHRw ++Oi8vdGVzdC8xNjQwEYYPaHR0cDovL3Rlc3QvMTY1MBGGD2h0dHA6Ly90ZXN0LzE2 ++NjARhg9odHRwOi8vdGVzdC8xNjcwEYYPaHR0cDovL3Rlc3QvMTY4MBGGD2h0dHA6 ++Ly90ZXN0LzE2OTARhg9odHRwOi8vdGVzdC8xNzAwEYYPaHR0cDovL3Rlc3QvMTcx ++MBGGD2h0dHA6Ly90ZXN0LzE3MjARhg9odHRwOi8vdGVzdC8xNzMwEYYPaHR0cDov ++L3Rlc3QvMTc0MBGGD2h0dHA6Ly90ZXN0LzE3NTARhg9odHRwOi8vdGVzdC8xNzYw ++EYYPaHR0cDovL3Rlc3QvMTc3MBGGD2h0dHA6Ly90ZXN0LzE3ODARhg9odHRwOi8v ++dGVzdC8xNzkwEYYPaHR0cDovL3Rlc3QvMTgwMBGGD2h0dHA6Ly90ZXN0LzE4MTAR ++hg9odHRwOi8vdGVzdC8xODIwEYYPaHR0cDovL3Rlc3QvMTgzMBGGD2h0dHA6Ly90 ++ZXN0LzE4NDARhg9odHRwOi8vdGVzdC8xODUwEYYPaHR0cDovL3Rlc3QvMTg2MBGG ++D2h0dHA6Ly90ZXN0LzE4NzARhg9odHRwOi8vdGVzdC8xODgwEYYPaHR0cDovL3Rl ++c3QvMTg5MBGGD2h0dHA6Ly90ZXN0LzE5MDARhg9odHRwOi8vdGVzdC8xOTEwEYYP ++aHR0cDovL3Rlc3QvMTkyMBGGD2h0dHA6Ly90ZXN0LzE5MzARhg9odHRwOi8vdGVz ++dC8xOTQwEYYPaHR0cDovL3Rlc3QvMTk1MBGGD2h0dHA6Ly90ZXN0LzE5NjARhg9o ++dHRwOi8vdGVzdC8xOTcwEYYPaHR0cDovL3Rlc3QvMTk4MBGGD2h0dHA6Ly90ZXN0 ++LzE5OTARhg9odHRwOi8vdGVzdC8yMDAwEYYPaHR0cDovL3Rlc3QvMjAxMBGGD2h0 ++dHA6Ly90ZXN0LzIwMjARhg9odHRwOi8vdGVzdC8yMDMwEYYPaHR0cDovL3Rlc3Qv ++MjA0MBGGD2h0dHA6Ly90ZXN0LzIwNTARhg9odHRwOi8vdGVzdC8yMDYwEYYPaHR0 ++cDovL3Rlc3QvMjA3MBGGD2h0dHA6Ly90ZXN0LzIwODARhg9odHRwOi8vdGVzdC8y ++MDkwEYYPaHR0cDovL3Rlc3QvMjEwMBGGD2h0dHA6Ly90ZXN0LzIxMTARhg9odHRw ++Oi8vdGVzdC8yMTIwEYYPaHR0cDovL3Rlc3QvMjEzMBGGD2h0dHA6Ly90ZXN0LzIx ++NDARhg9odHRwOi8vdGVzdC8yMTUwEYYPaHR0cDovL3Rlc3QvMjE2MBGGD2h0dHA6 ++Ly90ZXN0LzIxNzARhg9odHRwOi8vdGVzdC8yMTgwEYYPaHR0cDovL3Rlc3QvMjE5 ++MBGGD2h0dHA6Ly90ZXN0LzIyMDARhg9odHRwOi8vdGVzdC8yMjEwEYYPaHR0cDov ++L3Rlc3QvMjIyMBGGD2h0dHA6Ly90ZXN0LzIyMzARhg9odHRwOi8vdGVzdC8yMjQw ++EYYPaHR0cDovL3Rlc3QvMjI1MBGGD2h0dHA6Ly90ZXN0LzIyNjARhg9odHRwOi8v ++dGVzdC8yMjcwEYYPaHR0cDovL3Rlc3QvMjI4MBGGD2h0dHA6Ly90ZXN0LzIyOTAR ++hg9odHRwOi8vdGVzdC8yMzAwEYYPaHR0cDovL3Rlc3QvMjMxMBGGD2h0dHA6Ly90 ++ZXN0LzIzMjARhg9odHRwOi8vdGVzdC8yMzMwEYYPaHR0cDovL3Rlc3QvMjM0MBGG ++D2h0dHA6Ly90ZXN0LzIzNTARhg9odHRwOi8vdGVzdC8yMzYwEYYPaHR0cDovL3Rl ++c3QvMjM3MBGGD2h0dHA6Ly90ZXN0LzIzODARhg9odHRwOi8vdGVzdC8yMzkwEYYP ++aHR0cDovL3Rlc3QvMjQwMBGGD2h0dHA6Ly90ZXN0LzI0MTARhg9odHRwOi8vdGVz ++dC8yNDIwEYYPaHR0cDovL3Rlc3QvMjQzMBGGD2h0dHA6Ly90ZXN0LzI0NDARhg9o ++dHRwOi8vdGVzdC8yNDUwEYYPaHR0cDovL3Rlc3QvMjQ2MBGGD2h0dHA6Ly90ZXN0 ++LzI0NzARhg9odHRwOi8vdGVzdC8yNDgwEYYPaHR0cDovL3Rlc3QvMjQ5MBGGD2h0 ++dHA6Ly90ZXN0LzI1MDARhg9odHRwOi8vdGVzdC8yNTEwEYYPaHR0cDovL3Rlc3Qv ++MjUyMBGGD2h0dHA6Ly90ZXN0LzI1MzARhg9odHRwOi8vdGVzdC8yNTQwEYYPaHR0 ++cDovL3Rlc3QvMjU1MBGGD2h0dHA6Ly90ZXN0LzI1NjARhg9odHRwOi8vdGVzdC8y ++NTcwEYYPaHR0cDovL3Rlc3QvMjU4MBGGD2h0dHA6Ly90ZXN0LzI1OTARhg9odHRw ++Oi8vdGVzdC8yNjAwEYYPaHR0cDovL3Rlc3QvMjYxMBGGD2h0dHA6Ly90ZXN0LzI2 ++MjARhg9odHRwOi8vdGVzdC8yNjMwEYYPaHR0cDovL3Rlc3QvMjY0MBGGD2h0dHA6 ++Ly90ZXN0LzI2NTARhg9odHRwOi8vdGVzdC8yNjYwEYYPaHR0cDovL3Rlc3QvMjY3 ++MBGGD2h0dHA6Ly90ZXN0LzI2ODARhg9odHRwOi8vdGVzdC8yNjkwEYYPaHR0cDov ++L3Rlc3QvMjcwMBGGD2h0dHA6Ly90ZXN0LzI3MTARhg9odHRwOi8vdGVzdC8yNzIw ++EYYPaHR0cDovL3Rlc3QvMjczMBGGD2h0dHA6Ly90ZXN0LzI3NDARhg9odHRwOi8v ++dGVzdC8yNzUwEYYPaHR0cDovL3Rlc3QvMjc2MBGGD2h0dHA6Ly90ZXN0LzI3NzAR ++hg9odHRwOi8vdGVzdC8yNzgwEYYPaHR0cDovL3Rlc3QvMjc5MBGGD2h0dHA6Ly90 ++ZXN0LzI4MDARhg9odHRwOi8vdGVzdC8yODEwEYYPaHR0cDovL3Rlc3QvMjgyMBGG ++D2h0dHA6Ly90ZXN0LzI4MzARhg9odHRwOi8vdGVzdC8yODQwEYYPaHR0cDovL3Rl ++c3QvMjg1MBGGD2h0dHA6Ly90ZXN0LzI4NjARhg9odHRwOi8vdGVzdC8yODcwEYYP ++aHR0cDovL3Rlc3QvMjg4MBGGD2h0dHA6Ly90ZXN0LzI4OTARhg9odHRwOi8vdGVz ++dC8yOTAwEYYPaHR0cDovL3Rlc3QvMjkxMBGGD2h0dHA6Ly90ZXN0LzI5MjARhg9o ++dHRwOi8vdGVzdC8yOTMwEYYPaHR0cDovL3Rlc3QvMjk0MBGGD2h0dHA6Ly90ZXN0 ++LzI5NTARhg9odHRwOi8vdGVzdC8yOTYwEYYPaHR0cDovL3Rlc3QvMjk3MBGGD2h0 ++dHA6Ly90ZXN0LzI5ODARhg9odHRwOi8vdGVzdC8yOTkwEYYPaHR0cDovL3Rlc3Qv ++MzAwMBGGD2h0dHA6Ly90ZXN0LzMwMTARhg9odHRwOi8vdGVzdC8zMDIwEYYPaHR0 ++cDovL3Rlc3QvMzAzMBGGD2h0dHA6Ly90ZXN0LzMwNDARhg9odHRwOi8vdGVzdC8z ++MDUwEYYPaHR0cDovL3Rlc3QvMzA2MBGGD2h0dHA6Ly90ZXN0LzMwNzARhg9odHRw ++Oi8vdGVzdC8zMDgwEYYPaHR0cDovL3Rlc3QvMzA5MBGGD2h0dHA6Ly90ZXN0LzMx ++MDARhg9odHRwOi8vdGVzdC8zMTEwEYYPaHR0cDovL3Rlc3QvMzEyMBGGD2h0dHA6 ++Ly90ZXN0LzMxMzARhg9odHRwOi8vdGVzdC8zMTQwEYYPaHR0cDovL3Rlc3QvMzE1 ++MBGGD2h0dHA6Ly90ZXN0LzMxNjARhg9odHRwOi8vdGVzdC8zMTcwEYYPaHR0cDov ++L3Rlc3QvMzE4MBGGD2h0dHA6Ly90ZXN0LzMxOTARhg9odHRwOi8vdGVzdC8zMjAw ++EYYPaHR0cDovL3Rlc3QvMzIxMBGGD2h0dHA6Ly90ZXN0LzMyMjARhg9odHRwOi8v ++dGVzdC8zMjMwEYYPaHR0cDovL3Rlc3QvMzI0MBGGD2h0dHA6Ly90ZXN0LzMyNTAR ++hg9odHRwOi8vdGVzdC8zMjYwEYYPaHR0cDovL3Rlc3QvMzI3MBGGD2h0dHA6Ly90 ++ZXN0LzMyODARhg9odHRwOi8vdGVzdC8zMjkwEYYPaHR0cDovL3Rlc3QvMzMwMBGG ++D2h0dHA6Ly90ZXN0LzMzMTARhg9odHRwOi8vdGVzdC8zMzIwEYYPaHR0cDovL3Rl ++c3QvMzMzMBGGD2h0dHA6Ly90ZXN0LzMzNDARhg9odHRwOi8vdGVzdC8zMzUwEYYP ++aHR0cDovL3Rlc3QvMzM2MBGGD2h0dHA6Ly90ZXN0LzMzNzARhg9odHRwOi8vdGVz ++dC8zMzgwEYYPaHR0cDovL3Rlc3QvMzM5MBGGD2h0dHA6Ly90ZXN0LzM0MDARhg9o ++dHRwOi8vdGVzdC8zNDEwEYYPaHR0cDovL3Rlc3QvMzQyMBGGD2h0dHA6Ly90ZXN0 ++LzM0MzARhg9odHRwOi8vdGVzdC8zNDQwEYYPaHR0cDovL3Rlc3QvMzQ1MBGGD2h0 ++dHA6Ly90ZXN0LzM0NjARhg9odHRwOi8vdGVzdC8zNDcwEYYPaHR0cDovL3Rlc3Qv ++MzQ4MBGGD2h0dHA6Ly90ZXN0LzM0OTARhg9odHRwOi8vdGVzdC8zNTAwEYYPaHR0 ++cDovL3Rlc3QvMzUxMBGGD2h0dHA6Ly90ZXN0LzM1MjARhg9odHRwOi8vdGVzdC8z ++NTMwEYYPaHR0cDovL3Rlc3QvMzU0MBGGD2h0dHA6Ly90ZXN0LzM1NTARhg9odHRw ++Oi8vdGVzdC8zNTYwEYYPaHR0cDovL3Rlc3QvMzU3MBGGD2h0dHA6Ly90ZXN0LzM1 ++ODARhg9odHRwOi8vdGVzdC8zNTkwEYYPaHR0cDovL3Rlc3QvMzYwMBGGD2h0dHA6 ++Ly90ZXN0LzM2MTARhg9odHRwOi8vdGVzdC8zNjIwEYYPaHR0cDovL3Rlc3QvMzYz ++MBGGD2h0dHA6Ly90ZXN0LzM2NDARhg9odHRwOi8vdGVzdC8zNjUwEYYPaHR0cDov ++L3Rlc3QvMzY2MBGGD2h0dHA6Ly90ZXN0LzM2NzARhg9odHRwOi8vdGVzdC8zNjgw ++EYYPaHR0cDovL3Rlc3QvMzY5MBGGD2h0dHA6Ly90ZXN0LzM3MDARhg9odHRwOi8v ++dGVzdC8zNzEwEYYPaHR0cDovL3Rlc3QvMzcyMBGGD2h0dHA6Ly90ZXN0LzM3MzAR ++hg9odHRwOi8vdGVzdC8zNzQwEYYPaHR0cDovL3Rlc3QvMzc1MBGGD2h0dHA6Ly90 ++ZXN0LzM3NjARhg9odHRwOi8vdGVzdC8zNzcwEYYPaHR0cDovL3Rlc3QvMzc4MBGG ++D2h0dHA6Ly90ZXN0LzM3OTARhg9odHRwOi8vdGVzdC8zODAwEYYPaHR0cDovL3Rl ++c3QvMzgxMBGGD2h0dHA6Ly90ZXN0LzM4MjARhg9odHRwOi8vdGVzdC8zODMwEYYP ++aHR0cDovL3Rlc3QvMzg0MBGGD2h0dHA6Ly90ZXN0LzM4NTARhg9odHRwOi8vdGVz ++dC8zODYwEYYPaHR0cDovL3Rlc3QvMzg3MBGGD2h0dHA6Ly90ZXN0LzM4ODARhg9o ++dHRwOi8vdGVzdC8zODkwEYYPaHR0cDovL3Rlc3QvMzkwMBGGD2h0dHA6Ly90ZXN0 ++LzM5MTARhg9odHRwOi8vdGVzdC8zOTIwEYYPaHR0cDovL3Rlc3QvMzkzMBGGD2h0 ++dHA6Ly90ZXN0LzM5NDARhg9odHRwOi8vdGVzdC8zOTUwEYYPaHR0cDovL3Rlc3Qv ++Mzk2MBGGD2h0dHA6Ly90ZXN0LzM5NzARhg9odHRwOi8vdGVzdC8zOTgwEYYPaHR0 ++cDovL3Rlc3QvMzk5MBGGD2h0dHA6Ly90ZXN0LzQwMDARhg9odHRwOi8vdGVzdC80 ++MDEwEYYPaHR0cDovL3Rlc3QvNDAyMBGGD2h0dHA6Ly90ZXN0LzQwMzARhg9odHRw ++Oi8vdGVzdC80MDQwEYYPaHR0cDovL3Rlc3QvNDA1MBGGD2h0dHA6Ly90ZXN0LzQw ++NjARhg9odHRwOi8vdGVzdC80MDcwEYYPaHR0cDovL3Rlc3QvNDA4MBGGD2h0dHA6 ++Ly90ZXN0LzQwOTARhg9odHRwOi8vdGVzdC80MTAwEYYPaHR0cDovL3Rlc3QvNDEx ++MBGGD2h0dHA6Ly90ZXN0LzQxMjARhg9odHRwOi8vdGVzdC80MTMwEYYPaHR0cDov ++L3Rlc3QvNDE0MBGGD2h0dHA6Ly90ZXN0LzQxNTARhg9odHRwOi8vdGVzdC80MTYw ++EYYPaHR0cDovL3Rlc3QvNDE3MBGGD2h0dHA6Ly90ZXN0LzQxODARhg9odHRwOi8v ++dGVzdC80MTkwEYYPaHR0cDovL3Rlc3QvNDIwMBGGD2h0dHA6Ly90ZXN0LzQyMTAR ++hg9odHRwOi8vdGVzdC80MjIwEYYPaHR0cDovL3Rlc3QvNDIzMBGGD2h0dHA6Ly90 ++ZXN0LzQyNDARhg9odHRwOi8vdGVzdC80MjUwEYYPaHR0cDovL3Rlc3QvNDI2MBGG ++D2h0dHA6Ly90ZXN0LzQyNzARhg9odHRwOi8vdGVzdC80MjgwEYYPaHR0cDovL3Rl ++c3QvNDI5MBGGD2h0dHA6Ly90ZXN0LzQzMDARhg9odHRwOi8vdGVzdC80MzEwEYYP ++aHR0cDovL3Rlc3QvNDMyMBGGD2h0dHA6Ly90ZXN0LzQzMzARhg9odHRwOi8vdGVz ++dC80MzQwEYYPaHR0cDovL3Rlc3QvNDM1MBGGD2h0dHA6Ly90ZXN0LzQzNjARhg9o ++dHRwOi8vdGVzdC80MzcwEYYPaHR0cDovL3Rlc3QvNDM4MBGGD2h0dHA6Ly90ZXN0 ++LzQzOTARhg9odHRwOi8vdGVzdC80NDAwEYYPaHR0cDovL3Rlc3QvNDQxMBGGD2h0 ++dHA6Ly90ZXN0LzQ0MjARhg9odHRwOi8vdGVzdC80NDMwEYYPaHR0cDovL3Rlc3Qv ++NDQ0MBGGD2h0dHA6Ly90ZXN0LzQ0NTARhg9odHRwOi8vdGVzdC80NDYwEYYPaHR0 ++cDovL3Rlc3QvNDQ3MBGGD2h0dHA6Ly90ZXN0LzQ0ODARhg9odHRwOi8vdGVzdC80 ++NDkwEYYPaHR0cDovL3Rlc3QvNDUwMBGGD2h0dHA6Ly90ZXN0LzQ1MTARhg9odHRw ++Oi8vdGVzdC80NTIwEYYPaHR0cDovL3Rlc3QvNDUzMBGGD2h0dHA6Ly90ZXN0LzQ1 ++NDARhg9odHRwOi8vdGVzdC80NTUwEYYPaHR0cDovL3Rlc3QvNDU2MBGGD2h0dHA6 ++Ly90ZXN0LzQ1NzARhg9odHRwOi8vdGVzdC80NTgwEYYPaHR0cDovL3Rlc3QvNDU5 ++MBGGD2h0dHA6Ly90ZXN0LzQ2MDARhg9odHRwOi8vdGVzdC80NjEwEYYPaHR0cDov ++L3Rlc3QvNDYyMBGGD2h0dHA6Ly90ZXN0LzQ2MzARhg9odHRwOi8vdGVzdC80NjQw ++EYYPaHR0cDovL3Rlc3QvNDY1MBGGD2h0dHA6Ly90ZXN0LzQ2NjARhg9odHRwOi8v ++dGVzdC80NjcwEYYPaHR0cDovL3Rlc3QvNDY4MBGGD2h0dHA6Ly90ZXN0LzQ2OTAR ++hg9odHRwOi8vdGVzdC80NzAwEYYPaHR0cDovL3Rlc3QvNDcxMBGGD2h0dHA6Ly90 ++ZXN0LzQ3MjARhg9odHRwOi8vdGVzdC80NzMwEYYPaHR0cDovL3Rlc3QvNDc0MBGG ++D2h0dHA6Ly90ZXN0LzQ3NTARhg9odHRwOi8vdGVzdC80NzYwEYYPaHR0cDovL3Rl ++c3QvNDc3MBGGD2h0dHA6Ly90ZXN0LzQ3ODARhg9odHRwOi8vdGVzdC80NzkwEYYP ++aHR0cDovL3Rlc3QvNDgwMBGGD2h0dHA6Ly90ZXN0LzQ4MTARhg9odHRwOi8vdGVz ++dC80ODIwEYYPaHR0cDovL3Rlc3QvNDgzMBGGD2h0dHA6Ly90ZXN0LzQ4NDARhg9o ++dHRwOi8vdGVzdC80ODUwEYYPaHR0cDovL3Rlc3QvNDg2MBGGD2h0dHA6Ly90ZXN0 ++LzQ4NzARhg9odHRwOi8vdGVzdC80ODgwEYYPaHR0cDovL3Rlc3QvNDg5MBGGD2h0 ++dHA6Ly90ZXN0LzQ5MDARhg9odHRwOi8vdGVzdC80OTEwEYYPaHR0cDovL3Rlc3Qv ++NDkyMBGGD2h0dHA6Ly90ZXN0LzQ5MzARhg9odHRwOi8vdGVzdC80OTQwEYYPaHR0 ++cDovL3Rlc3QvNDk1MBGGD2h0dHA6Ly90ZXN0LzQ5NjARhg9odHRwOi8vdGVzdC80 ++OTcwEYYPaHR0cDovL3Rlc3QvNDk4MBGGD2h0dHA6Ly90ZXN0LzQ5OTARhg9odHRw ++Oi8vdGVzdC81MDAwEYYPaHR0cDovL3Rlc3QvNTAxMBGGD2h0dHA6Ly90ZXN0LzUw ++MjARhg9odHRwOi8vdGVzdC81MDMwEYYPaHR0cDovL3Rlc3QvNTA0MBGGD2h0dHA6 ++Ly90ZXN0LzUwNTARhg9odHRwOi8vdGVzdC81MDYwEYYPaHR0cDovL3Rlc3QvNTA3 ++MBGGD2h0dHA6Ly90ZXN0LzUwODARhg9odHRwOi8vdGVzdC81MDkwEYYPaHR0cDov ++L3Rlc3QvNTEwMBGGD2h0dHA6Ly90ZXN0LzUxMTARhg9odHRwOi8vdGVzdC81MTIw ++EYYPaHR0cDovL3Rlc3QvNTEzMBGGD2h0dHA6Ly90ZXN0LzUxNDARhg9odHRwOi8v ++dGVzdC81MTUwEYYPaHR0cDovL3Rlc3QvNTE2MBGGD2h0dHA6Ly90ZXN0LzUxNzAR ++hg9odHRwOi8vdGVzdC81MTgwEYYPaHR0cDovL3Rlc3QvNTE5MBGGD2h0dHA6Ly90 ++ZXN0LzUyMDARhg9odHRwOi8vdGVzdC81MjEwEYYPaHR0cDovL3Rlc3QvNTIyMBGG ++D2h0dHA6Ly90ZXN0LzUyMzARhg9odHRwOi8vdGVzdC81MjQwEYYPaHR0cDovL3Rl ++c3QvNTI1MBGGD2h0dHA6Ly90ZXN0LzUyNjARhg9odHRwOi8vdGVzdC81MjcwEYYP ++aHR0cDovL3Rlc3QvNTI4MBGGD2h0dHA6Ly90ZXN0LzUyOTARhg9odHRwOi8vdGVz ++dC81MzAwEYYPaHR0cDovL3Rlc3QvNTMxMBGGD2h0dHA6Ly90ZXN0LzUzMjARhg9o ++dHRwOi8vdGVzdC81MzMwEYYPaHR0cDovL3Rlc3QvNTM0MBGGD2h0dHA6Ly90ZXN0 ++LzUzNTARhg9odHRwOi8vdGVzdC81MzYwEYYPaHR0cDovL3Rlc3QvNTM3MBGGD2h0 ++dHA6Ly90ZXN0LzUzODARhg9odHRwOi8vdGVzdC81MzkwEYYPaHR0cDovL3Rlc3Qv ++NTQwMBGGD2h0dHA6Ly90ZXN0LzU0MTARhg9odHRwOi8vdGVzdC81NDIwEYYPaHR0 ++cDovL3Rlc3QvNTQzMBGGD2h0dHA6Ly90ZXN0LzU0NDARhg9odHRwOi8vdGVzdC81 ++NDUwEYYPaHR0cDovL3Rlc3QvNTQ2MBGGD2h0dHA6Ly90ZXN0LzU0NzARhg9odHRw ++Oi8vdGVzdC81NDgwEYYPaHR0cDovL3Rlc3QvNTQ5MBGGD2h0dHA6Ly90ZXN0LzU1 ++MDARhg9odHRwOi8vdGVzdC81NTEwEYYPaHR0cDovL3Rlc3QvNTUyMBGGD2h0dHA6 ++Ly90ZXN0LzU1MzARhg9odHRwOi8vdGVzdC81NTQwEYYPaHR0cDovL3Rlc3QvNTU1 ++MBGGD2h0dHA6Ly90ZXN0LzU1NjARhg9odHRwOi8vdGVzdC81NTcwEYYPaHR0cDov ++L3Rlc3QvNTU4MBGGD2h0dHA6Ly90ZXN0LzU1OTARhg9odHRwOi8vdGVzdC81NjAw ++EYYPaHR0cDovL3Rlc3QvNTYxMBGGD2h0dHA6Ly90ZXN0LzU2MjARhg9odHRwOi8v ++dGVzdC81NjMwEYYPaHR0cDovL3Rlc3QvNTY0MBGGD2h0dHA6Ly90ZXN0LzU2NTAR ++hg9odHRwOi8vdGVzdC81NjYwEYYPaHR0cDovL3Rlc3QvNTY3MBGGD2h0dHA6Ly90 ++ZXN0LzU2ODARhg9odHRwOi8vdGVzdC81NjkwEYYPaHR0cDovL3Rlc3QvNTcwMBGG ++D2h0dHA6Ly90ZXN0LzU3MTARhg9odHRwOi8vdGVzdC81NzIwEYYPaHR0cDovL3Rl ++c3QvNTczMBGGD2h0dHA6Ly90ZXN0LzU3NDARhg9odHRwOi8vdGVzdC81NzUwEYYP ++aHR0cDovL3Rlc3QvNTc2MBGGD2h0dHA6Ly90ZXN0LzU3NzARhg9odHRwOi8vdGVz ++dC81NzgwEYYPaHR0cDovL3Rlc3QvNTc5MBGGD2h0dHA6Ly90ZXN0LzU4MDARhg9o ++dHRwOi8vdGVzdC81ODEwEYYPaHR0cDovL3Rlc3QvNTgyMBGGD2h0dHA6Ly90ZXN0 ++LzU4MzARhg9odHRwOi8vdGVzdC81ODQwEYYPaHR0cDovL3Rlc3QvNTg1MBGGD2h0 ++dHA6Ly90ZXN0LzU4NjARhg9odHRwOi8vdGVzdC81ODcwEYYPaHR0cDovL3Rlc3Qv ++NTg4MBGGD2h0dHA6Ly90ZXN0LzU4OTARhg9odHRwOi8vdGVzdC81OTAwEYYPaHR0 ++cDovL3Rlc3QvNTkxMBGGD2h0dHA6Ly90ZXN0LzU5MjARhg9odHRwOi8vdGVzdC81 ++OTMwEYYPaHR0cDovL3Rlc3QvNTk0MBGGD2h0dHA6Ly90ZXN0LzU5NTARhg9odHRw ++Oi8vdGVzdC81OTYwEYYPaHR0cDovL3Rlc3QvNTk3MBGGD2h0dHA6Ly90ZXN0LzU5 ++ODARhg9odHRwOi8vdGVzdC81OTkwEYYPaHR0cDovL3Rlc3QvNjAwMBGGD2h0dHA6 ++Ly90ZXN0LzYwMTARhg9odHRwOi8vdGVzdC82MDIwEYYPaHR0cDovL3Rlc3QvNjAz ++MBGGD2h0dHA6Ly90ZXN0LzYwNDARhg9odHRwOi8vdGVzdC82MDUwEYYPaHR0cDov ++L3Rlc3QvNjA2MBGGD2h0dHA6Ly90ZXN0LzYwNzARhg9odHRwOi8vdGVzdC82MDgw ++EYYPaHR0cDovL3Rlc3QvNjA5MBGGD2h0dHA6Ly90ZXN0LzYxMDARhg9odHRwOi8v ++dGVzdC82MTEwEYYPaHR0cDovL3Rlc3QvNjEyMBGGD2h0dHA6Ly90ZXN0LzYxMzAR ++hg9odHRwOi8vdGVzdC82MTQwEYYPaHR0cDovL3Rlc3QvNjE1MBGGD2h0dHA6Ly90 ++ZXN0LzYxNjARhg9odHRwOi8vdGVzdC82MTcwEYYPaHR0cDovL3Rlc3QvNjE4MBGG ++D2h0dHA6Ly90ZXN0LzYxOTARhg9odHRwOi8vdGVzdC82MjAwEYYPaHR0cDovL3Rl ++c3QvNjIxMBGGD2h0dHA6Ly90ZXN0LzYyMjARhg9odHRwOi8vdGVzdC82MjMwEYYP ++aHR0cDovL3Rlc3QvNjI0MBGGD2h0dHA6Ly90ZXN0LzYyNTARhg9odHRwOi8vdGVz ++dC82MjYwEYYPaHR0cDovL3Rlc3QvNjI3MBGGD2h0dHA6Ly90ZXN0LzYyODARhg9o ++dHRwOi8vdGVzdC82MjkwEYYPaHR0cDovL3Rlc3QvNjMwMBGGD2h0dHA6Ly90ZXN0 ++LzYzMTARhg9odHRwOi8vdGVzdC82MzIwEYYPaHR0cDovL3Rlc3QvNjMzMBGGD2h0 ++dHA6Ly90ZXN0LzYzNDARhg9odHRwOi8vdGVzdC82MzUwEYYPaHR0cDovL3Rlc3Qv ++NjM2MBGGD2h0dHA6Ly90ZXN0LzYzNzARhg9odHRwOi8vdGVzdC82MzgwEYYPaHR0 ++cDovL3Rlc3QvNjM5MBGGD2h0dHA6Ly90ZXN0LzY0MDARhg9odHRwOi8vdGVzdC82 ++NDEwEYYPaHR0cDovL3Rlc3QvNjQyMBGGD2h0dHA6Ly90ZXN0LzY0MzARhg9odHRw ++Oi8vdGVzdC82NDQwEYYPaHR0cDovL3Rlc3QvNjQ1MBGGD2h0dHA6Ly90ZXN0LzY0 ++NjARhg9odHRwOi8vdGVzdC82NDcwEYYPaHR0cDovL3Rlc3QvNjQ4MBGGD2h0dHA6 ++Ly90ZXN0LzY0OTARhg9odHRwOi8vdGVzdC82NTAwEYYPaHR0cDovL3Rlc3QvNjUx ++MBGGD2h0dHA6Ly90ZXN0LzY1MjARhg9odHRwOi8vdGVzdC82NTMwEYYPaHR0cDov ++L3Rlc3QvNjU0MBGGD2h0dHA6Ly90ZXN0LzY1NTARhg9odHRwOi8vdGVzdC82NTYw ++EYYPaHR0cDovL3Rlc3QvNjU3MBGGD2h0dHA6Ly90ZXN0LzY1ODARhg9odHRwOi8v ++dGVzdC82NTkwEYYPaHR0cDovL3Rlc3QvNjYwMBGGD2h0dHA6Ly90ZXN0LzY2MTAR ++hg9odHRwOi8vdGVzdC82NjIwEYYPaHR0cDovL3Rlc3QvNjYzMBGGD2h0dHA6Ly90 ++ZXN0LzY2NDARhg9odHRwOi8vdGVzdC82NjUwEYYPaHR0cDovL3Rlc3QvNjY2MBGG ++D2h0dHA6Ly90ZXN0LzY2NzARhg9odHRwOi8vdGVzdC82NjgwEYYPaHR0cDovL3Rl ++c3QvNjY5MBGGD2h0dHA6Ly90ZXN0LzY3MDARhg9odHRwOi8vdGVzdC82NzEwEYYP ++aHR0cDovL3Rlc3QvNjcyMBGGD2h0dHA6Ly90ZXN0LzY3MzARhg9odHRwOi8vdGVz ++dC82NzQwEYYPaHR0cDovL3Rlc3QvNjc1MBGGD2h0dHA6Ly90ZXN0LzY3NjARhg9o ++dHRwOi8vdGVzdC82NzcwEYYPaHR0cDovL3Rlc3QvNjc4MBGGD2h0dHA6Ly90ZXN0 ++LzY3OTARhg9odHRwOi8vdGVzdC82ODAwEYYPaHR0cDovL3Rlc3QvNjgxMBGGD2h0 ++dHA6Ly90ZXN0LzY4MjARhg9odHRwOi8vdGVzdC82ODMwEYYPaHR0cDovL3Rlc3Qv ++Njg0MBGGD2h0dHA6Ly90ZXN0LzY4NTARhg9odHRwOi8vdGVzdC82ODYwEYYPaHR0 ++cDovL3Rlc3QvNjg3MBGGD2h0dHA6Ly90ZXN0LzY4ODARhg9odHRwOi8vdGVzdC82 ++ODkwEYYPaHR0cDovL3Rlc3QvNjkwMBGGD2h0dHA6Ly90ZXN0LzY5MTARhg9odHRw ++Oi8vdGVzdC82OTIwEYYPaHR0cDovL3Rlc3QvNjkzMBGGD2h0dHA6Ly90ZXN0LzY5 ++NDARhg9odHRwOi8vdGVzdC82OTUwEYYPaHR0cDovL3Rlc3QvNjk2MBGGD2h0dHA6 ++Ly90ZXN0LzY5NzARhg9odHRwOi8vdGVzdC82OTgwEYYPaHR0cDovL3Rlc3QvNjk5 ++MBGGD2h0dHA6Ly90ZXN0LzcwMDARhg9odHRwOi8vdGVzdC83MDEwEYYPaHR0cDov ++L3Rlc3QvNzAyMBGGD2h0dHA6Ly90ZXN0LzcwMzARhg9odHRwOi8vdGVzdC83MDQw ++EYYPaHR0cDovL3Rlc3QvNzA1MBGGD2h0dHA6Ly90ZXN0LzcwNjARhg9odHRwOi8v ++dGVzdC83MDcwEYYPaHR0cDovL3Rlc3QvNzA4MBGGD2h0dHA6Ly90ZXN0LzcwOTAR ++hg9odHRwOi8vdGVzdC83MTAwEYYPaHR0cDovL3Rlc3QvNzExMBGGD2h0dHA6Ly90 ++ZXN0LzcxMjARhg9odHRwOi8vdGVzdC83MTMwEYYPaHR0cDovL3Rlc3QvNzE0MBGG ++D2h0dHA6Ly90ZXN0LzcxNTARhg9odHRwOi8vdGVzdC83MTYwEYYPaHR0cDovL3Rl ++c3QvNzE3MBGGD2h0dHA6Ly90ZXN0LzcxODARhg9odHRwOi8vdGVzdC83MTkwEYYP ++aHR0cDovL3Rlc3QvNzIwMBGGD2h0dHA6Ly90ZXN0LzcyMTARhg9odHRwOi8vdGVz ++dC83MjIwEYYPaHR0cDovL3Rlc3QvNzIzMBGGD2h0dHA6Ly90ZXN0LzcyNDARhg9o ++dHRwOi8vdGVzdC83MjUwEYYPaHR0cDovL3Rlc3QvNzI2MBGGD2h0dHA6Ly90ZXN0 ++LzcyNzARhg9odHRwOi8vdGVzdC83MjgwEYYPaHR0cDovL3Rlc3QvNzI5MBGGD2h0 ++dHA6Ly90ZXN0LzczMDARhg9odHRwOi8vdGVzdC83MzEwEYYPaHR0cDovL3Rlc3Qv ++NzMyMBGGD2h0dHA6Ly90ZXN0LzczMzARhg9odHRwOi8vdGVzdC83MzQwEYYPaHR0 ++cDovL3Rlc3QvNzM1MBGGD2h0dHA6Ly90ZXN0LzczNjARhg9odHRwOi8vdGVzdC83 ++MzcwEYYPaHR0cDovL3Rlc3QvNzM4MBGGD2h0dHA6Ly90ZXN0LzczOTARhg9odHRw ++Oi8vdGVzdC83NDAwEYYPaHR0cDovL3Rlc3QvNzQxMBGGD2h0dHA6Ly90ZXN0Lzc0 ++MjARhg9odHRwOi8vdGVzdC83NDMwEYYPaHR0cDovL3Rlc3QvNzQ0MBGGD2h0dHA6 ++Ly90ZXN0Lzc0NTARhg9odHRwOi8vdGVzdC83NDYwEYYPaHR0cDovL3Rlc3QvNzQ3 ++MBGGD2h0dHA6Ly90ZXN0Lzc0ODARhg9odHRwOi8vdGVzdC83NDkwEYYPaHR0cDov ++L3Rlc3QvNzUwMBGGD2h0dHA6Ly90ZXN0Lzc1MTARhg9odHRwOi8vdGVzdC83NTIw ++EYYPaHR0cDovL3Rlc3QvNzUzMBGGD2h0dHA6Ly90ZXN0Lzc1NDARhg9odHRwOi8v ++dGVzdC83NTUwEYYPaHR0cDovL3Rlc3QvNzU2MBGGD2h0dHA6Ly90ZXN0Lzc1NzAR ++hg9odHRwOi8vdGVzdC83NTgwEYYPaHR0cDovL3Rlc3QvNzU5MBGGD2h0dHA6Ly90 ++ZXN0Lzc2MDARhg9odHRwOi8vdGVzdC83NjEwEYYPaHR0cDovL3Rlc3QvNzYyMBGG ++D2h0dHA6Ly90ZXN0Lzc2MzARhg9odHRwOi8vdGVzdC83NjQwEYYPaHR0cDovL3Rl ++c3QvNzY1MBGGD2h0dHA6Ly90ZXN0Lzc2NjARhg9odHRwOi8vdGVzdC83NjcwEYYP ++aHR0cDovL3Rlc3QvNzY4MBGGD2h0dHA6Ly90ZXN0Lzc2OTARhg9odHRwOi8vdGVz ++dC83NzAwEYYPaHR0cDovL3Rlc3QvNzcxMBGGD2h0dHA6Ly90ZXN0Lzc3MjARhg9o ++dHRwOi8vdGVzdC83NzMwEYYPaHR0cDovL3Rlc3QvNzc0MBGGD2h0dHA6Ly90ZXN0 ++Lzc3NTARhg9odHRwOi8vdGVzdC83NzYwEYYPaHR0cDovL3Rlc3QvNzc3MBGGD2h0 ++dHA6Ly90ZXN0Lzc3ODARhg9odHRwOi8vdGVzdC83NzkwEYYPaHR0cDovL3Rlc3Qv ++NzgwMBGGD2h0dHA6Ly90ZXN0Lzc4MTARhg9odHRwOi8vdGVzdC83ODIwEYYPaHR0 ++cDovL3Rlc3QvNzgzMBGGD2h0dHA6Ly90ZXN0Lzc4NDARhg9odHRwOi8vdGVzdC83 ++ODUwEYYPaHR0cDovL3Rlc3QvNzg2MBGGD2h0dHA6Ly90ZXN0Lzc4NzARhg9odHRw ++Oi8vdGVzdC83ODgwEYYPaHR0cDovL3Rlc3QvNzg5MBGGD2h0dHA6Ly90ZXN0Lzc5 ++MDARhg9odHRwOi8vdGVzdC83OTEwEYYPaHR0cDovL3Rlc3QvNzkyMBGGD2h0dHA6 ++Ly90ZXN0Lzc5MzARhg9odHRwOi8vdGVzdC83OTQwEYYPaHR0cDovL3Rlc3QvNzk1 ++MBGGD2h0dHA6Ly90ZXN0Lzc5NjARhg9odHRwOi8vdGVzdC83OTcwEYYPaHR0cDov ++L3Rlc3QvNzk4MBGGD2h0dHA6Ly90ZXN0Lzc5OTARhg9odHRwOi8vdGVzdC84MDAw ++EYYPaHR0cDovL3Rlc3QvODAxMBGGD2h0dHA6Ly90ZXN0LzgwMjARhg9odHRwOi8v ++dGVzdC84MDMwEYYPaHR0cDovL3Rlc3QvODA0MBGGD2h0dHA6Ly90ZXN0LzgwNTAR ++hg9odHRwOi8vdGVzdC84MDYwEYYPaHR0cDovL3Rlc3QvODA3MBGGD2h0dHA6Ly90 ++ZXN0LzgwODARhg9odHRwOi8vdGVzdC84MDkwEYYPaHR0cDovL3Rlc3QvODEwMBGG ++D2h0dHA6Ly90ZXN0LzgxMTARhg9odHRwOi8vdGVzdC84MTIwEYYPaHR0cDovL3Rl ++c3QvODEzMBGGD2h0dHA6Ly90ZXN0LzgxNDARhg9odHRwOi8vdGVzdC84MTUwEYYP ++aHR0cDovL3Rlc3QvODE2MBGGD2h0dHA6Ly90ZXN0LzgxNzARhg9odHRwOi8vdGVz ++dC84MTgwEYYPaHR0cDovL3Rlc3QvODE5MBGGD2h0dHA6Ly90ZXN0LzgyMDARhg9o ++dHRwOi8vdGVzdC84MjEwEYYPaHR0cDovL3Rlc3QvODIyMBGGD2h0dHA6Ly90ZXN0 ++LzgyMzARhg9odHRwOi8vdGVzdC84MjQwEYYPaHR0cDovL3Rlc3QvODI1MBGGD2h0 ++dHA6Ly90ZXN0LzgyNjARhg9odHRwOi8vdGVzdC84MjcwEYYPaHR0cDovL3Rlc3Qv ++ODI4MBGGD2h0dHA6Ly90ZXN0LzgyOTARhg9odHRwOi8vdGVzdC84MzAwEYYPaHR0 ++cDovL3Rlc3QvODMxMBGGD2h0dHA6Ly90ZXN0LzgzMjARhg9odHRwOi8vdGVzdC84 ++MzMwEYYPaHR0cDovL3Rlc3QvODM0MBGGD2h0dHA6Ly90ZXN0LzgzNTARhg9odHRw ++Oi8vdGVzdC84MzYwEYYPaHR0cDovL3Rlc3QvODM3MBGGD2h0dHA6Ly90ZXN0Lzgz ++ODARhg9odHRwOi8vdGVzdC84MzkwEYYPaHR0cDovL3Rlc3QvODQwMBGGD2h0dHA6 ++Ly90ZXN0Lzg0MTARhg9odHRwOi8vdGVzdC84NDIwEYYPaHR0cDovL3Rlc3QvODQz ++MBGGD2h0dHA6Ly90ZXN0Lzg0NDARhg9odHRwOi8vdGVzdC84NDUwEYYPaHR0cDov ++L3Rlc3QvODQ2MBGGD2h0dHA6Ly90ZXN0Lzg0NzARhg9odHRwOi8vdGVzdC84NDgw ++EYYPaHR0cDovL3Rlc3QvODQ5MBGGD2h0dHA6Ly90ZXN0Lzg1MDARhg9odHRwOi8v ++dGVzdC84NTEwEYYPaHR0cDovL3Rlc3QvODUyMBGGD2h0dHA6Ly90ZXN0Lzg1MzAR ++hg9odHRwOi8vdGVzdC84NTQwEYYPaHR0cDovL3Rlc3QvODU1MBGGD2h0dHA6Ly90 ++ZXN0Lzg1NjARhg9odHRwOi8vdGVzdC84NTcwEYYPaHR0cDovL3Rlc3QvODU4MBGG ++D2h0dHA6Ly90ZXN0Lzg1OTARhg9odHRwOi8vdGVzdC84NjAwEYYPaHR0cDovL3Rl ++c3QvODYxMBGGD2h0dHA6Ly90ZXN0Lzg2MjARhg9odHRwOi8vdGVzdC84NjMwEYYP ++aHR0cDovL3Rlc3QvODY0MBGGD2h0dHA6Ly90ZXN0Lzg2NTARhg9odHRwOi8vdGVz ++dC84NjYwEYYPaHR0cDovL3Rlc3QvODY3MBGGD2h0dHA6Ly90ZXN0Lzg2ODARhg9o ++dHRwOi8vdGVzdC84NjkwEYYPaHR0cDovL3Rlc3QvODcwMBGGD2h0dHA6Ly90ZXN0 ++Lzg3MTARhg9odHRwOi8vdGVzdC84NzIwEYYPaHR0cDovL3Rlc3QvODczMBGGD2h0 ++dHA6Ly90ZXN0Lzg3NDARhg9odHRwOi8vdGVzdC84NzUwEYYPaHR0cDovL3Rlc3Qv ++ODc2MBGGD2h0dHA6Ly90ZXN0Lzg3NzARhg9odHRwOi8vdGVzdC84NzgwEYYPaHR0 ++cDovL3Rlc3QvODc5MBGGD2h0dHA6Ly90ZXN0Lzg4MDARhg9odHRwOi8vdGVzdC84 ++ODEwEYYPaHR0cDovL3Rlc3QvODgyMBGGD2h0dHA6Ly90ZXN0Lzg4MzARhg9odHRw ++Oi8vdGVzdC84ODQwEYYPaHR0cDovL3Rlc3QvODg1MBGGD2h0dHA6Ly90ZXN0Lzg4 ++NjARhg9odHRwOi8vdGVzdC84ODcwEYYPaHR0cDovL3Rlc3QvODg4MBGGD2h0dHA6 ++Ly90ZXN0Lzg4OTARhg9odHRwOi8vdGVzdC84OTAwEYYPaHR0cDovL3Rlc3QvODkx ++MBGGD2h0dHA6Ly90ZXN0Lzg5MjARhg9odHRwOi8vdGVzdC84OTMwEYYPaHR0cDov ++L3Rlc3QvODk0MBGGD2h0dHA6Ly90ZXN0Lzg5NTARhg9odHRwOi8vdGVzdC84OTYw ++EYYPaHR0cDovL3Rlc3QvODk3MBGGD2h0dHA6Ly90ZXN0Lzg5ODARhg9odHRwOi8v ++dGVzdC84OTkwEYYPaHR0cDovL3Rlc3QvOTAwMBGGD2h0dHA6Ly90ZXN0LzkwMTAR ++hg9odHRwOi8vdGVzdC85MDIwEYYPaHR0cDovL3Rlc3QvOTAzMBGGD2h0dHA6Ly90 ++ZXN0LzkwNDARhg9odHRwOi8vdGVzdC85MDUwEYYPaHR0cDovL3Rlc3QvOTA2MBGG ++D2h0dHA6Ly90ZXN0LzkwNzARhg9odHRwOi8vdGVzdC85MDgwEYYPaHR0cDovL3Rl ++c3QvOTA5MBGGD2h0dHA6Ly90ZXN0LzkxMDARhg9odHRwOi8vdGVzdC85MTEwEYYP ++aHR0cDovL3Rlc3QvOTEyMBGGD2h0dHA6Ly90ZXN0LzkxMzARhg9odHRwOi8vdGVz ++dC85MTQwEYYPaHR0cDovL3Rlc3QvOTE1MBGGD2h0dHA6Ly90ZXN0LzkxNjARhg9o ++dHRwOi8vdGVzdC85MTcwEYYPaHR0cDovL3Rlc3QvOTE4MBGGD2h0dHA6Ly90ZXN0 ++LzkxOTARhg9odHRwOi8vdGVzdC85MjAwEYYPaHR0cDovL3Rlc3QvOTIxMBGGD2h0 ++dHA6Ly90ZXN0LzkyMjARhg9odHRwOi8vdGVzdC85MjMwEYYPaHR0cDovL3Rlc3Qv ++OTI0MBGGD2h0dHA6Ly90ZXN0LzkyNTARhg9odHRwOi8vdGVzdC85MjYwEYYPaHR0 ++cDovL3Rlc3QvOTI3MBGGD2h0dHA6Ly90ZXN0LzkyODARhg9odHRwOi8vdGVzdC85 ++MjkwEYYPaHR0cDovL3Rlc3QvOTMwMBGGD2h0dHA6Ly90ZXN0LzkzMTARhg9odHRw ++Oi8vdGVzdC85MzIwEYYPaHR0cDovL3Rlc3QvOTMzMBGGD2h0dHA6Ly90ZXN0Lzkz ++NDARhg9odHRwOi8vdGVzdC85MzUwEYYPaHR0cDovL3Rlc3QvOTM2MBGGD2h0dHA6 ++Ly90ZXN0LzkzNzARhg9odHRwOi8vdGVzdC85MzgwEYYPaHR0cDovL3Rlc3QvOTM5 ++MBGGD2h0dHA6Ly90ZXN0Lzk0MDARhg9odHRwOi8vdGVzdC85NDEwEYYPaHR0cDov ++L3Rlc3QvOTQyMBGGD2h0dHA6Ly90ZXN0Lzk0MzARhg9odHRwOi8vdGVzdC85NDQw ++EYYPaHR0cDovL3Rlc3QvOTQ1MBGGD2h0dHA6Ly90ZXN0Lzk0NjARhg9odHRwOi8v ++dGVzdC85NDcwEYYPaHR0cDovL3Rlc3QvOTQ4MBGGD2h0dHA6Ly90ZXN0Lzk0OTAR ++hg9odHRwOi8vdGVzdC85NTAwEYYPaHR0cDovL3Rlc3QvOTUxMBGGD2h0dHA6Ly90 ++ZXN0Lzk1MjARhg9odHRwOi8vdGVzdC85NTMwEYYPaHR0cDovL3Rlc3QvOTU0MBGG ++D2h0dHA6Ly90ZXN0Lzk1NTARhg9odHRwOi8vdGVzdC85NTYwEYYPaHR0cDovL3Rl ++c3QvOTU3MBGGD2h0dHA6Ly90ZXN0Lzk1ODARhg9odHRwOi8vdGVzdC85NTkwEYYP ++aHR0cDovL3Rlc3QvOTYwMBGGD2h0dHA6Ly90ZXN0Lzk2MTARhg9odHRwOi8vdGVz ++dC85NjIwEYYPaHR0cDovL3Rlc3QvOTYzMBGGD2h0dHA6Ly90ZXN0Lzk2NDARhg9o ++dHRwOi8vdGVzdC85NjUwEYYPaHR0cDovL3Rlc3QvOTY2MBGGD2h0dHA6Ly90ZXN0 ++Lzk2NzARhg9odHRwOi8vdGVzdC85NjgwEYYPaHR0cDovL3Rlc3QvOTY5MBGGD2h0 ++dHA6Ly90ZXN0Lzk3MDARhg9odHRwOi8vdGVzdC85NzEwEYYPaHR0cDovL3Rlc3Qv ++OTcyMBGGD2h0dHA6Ly90ZXN0Lzk3MzARhg9odHRwOi8vdGVzdC85NzQwEYYPaHR0 ++cDovL3Rlc3QvOTc1MBGGD2h0dHA6Ly90ZXN0Lzk3NjARhg9odHRwOi8vdGVzdC85 ++NzcwEYYPaHR0cDovL3Rlc3QvOTc4MBGGD2h0dHA6Ly90ZXN0Lzk3OTARhg9odHRw ++Oi8vdGVzdC85ODAwEYYPaHR0cDovL3Rlc3QvOTgxMBGGD2h0dHA6Ly90ZXN0Lzk4 ++MjARhg9odHRwOi8vdGVzdC85ODMwEYYPaHR0cDovL3Rlc3QvOTg0MBGGD2h0dHA6 ++Ly90ZXN0Lzk4NTARhg9odHRwOi8vdGVzdC85ODYwEYYPaHR0cDovL3Rlc3QvOTg3 ++MBGGD2h0dHA6Ly90ZXN0Lzk4ODARhg9odHRwOi8vdGVzdC85ODkwEYYPaHR0cDov ++L3Rlc3QvOTkwMBGGD2h0dHA6Ly90ZXN0Lzk5MTARhg9odHRwOi8vdGVzdC85OTIw ++EYYPaHR0cDovL3Rlc3QvOTkzMBGGD2h0dHA6Ly90ZXN0Lzk5NDARhg9odHRwOi8v ++dGVzdC85OTUwEYYPaHR0cDovL3Rlc3QvOTk2MBGGD2h0dHA6Ly90ZXN0Lzk5NzAR ++hg9odHRwOi8vdGVzdC85OTgwEYYPaHR0cDovL3Rlc3QvOTk5MBKGEGh0dHA6Ly90 ++ZXN0LzEwMDAwEoYQaHR0cDovL3Rlc3QvMTAwMTAShhBodHRwOi8vdGVzdC8xMDAy ++MBKGEGh0dHA6Ly90ZXN0LzEwMDMwEoYQaHR0cDovL3Rlc3QvMTAwNDAShhBodHRw ++Oi8vdGVzdC8xMDA1MBKGEGh0dHA6Ly90ZXN0LzEwMDYwEoYQaHR0cDovL3Rlc3Qv ++MTAwNzAShhBodHRwOi8vdGVzdC8xMDA4MBKGEGh0dHA6Ly90ZXN0LzEwMDkwEoYQ ++aHR0cDovL3Rlc3QvMTAxMDAShhBodHRwOi8vdGVzdC8xMDExMBKGEGh0dHA6Ly90 ++ZXN0LzEwMTIwEoYQaHR0cDovL3Rlc3QvMTAxMzAShhBodHRwOi8vdGVzdC8xMDE0 ++MBKGEGh0dHA6Ly90ZXN0LzEwMTUwEoYQaHR0cDovL3Rlc3QvMTAxNjAShhBodHRw ++Oi8vdGVzdC8xMDE3MBKGEGh0dHA6Ly90ZXN0LzEwMTgwEoYQaHR0cDovL3Rlc3Qv ++MTAxOTAShhBodHRwOi8vdGVzdC8xMDIwMBKGEGh0dHA6Ly90ZXN0LzEwMjEwEoYQ ++aHR0cDovL3Rlc3QvMTAyMjAShhBodHRwOi8vdGVzdC8xMDIzMBKGEGh0dHA6Ly90 ++ZXN0LzEwMjShgmluMAmCB3gwLnRlc3QwCYIHeDEudGVzdDAJggd4Mi50ZXN0MAmC ++B3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcu ++dGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEwLnRlc3QwCoIIeDExLnRl ++c3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRl ++c3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRl ++c3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRl ++c3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRl ++c3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRl ++c3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRl ++c3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRl ++c3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRl ++c3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRl ++c3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRl ++c3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRl ++c3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRl ++c3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRl ++c3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRl ++c3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRl ++c3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRl ++c3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRl ++c3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRl ++c3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRl ++c3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRl ++c3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRl ++c3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRl ++c3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4MTAyLnRlc3QwC4IJeDEw ++My50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuC ++CXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50ZXN0MAuCCXgxMTAudGVz ++dDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0 ++LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDALggl4MTE3LnRlc3QwC4IJ ++eDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0 ++MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUu ++dGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuCCXgxMjgudGVzdDALggl4 ++MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVzdDALggl4MTMyLnRlc3Qw ++C4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1LnRlc3QwC4IJeDEzNi50 ++ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgx ++NDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0MAuCCXgxNDMudGVzdDAL ++ggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYudGVzdDALggl4MTQ3LnRl ++c3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4MTUwLnRlc3QwC4IJeDE1 ++MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuC ++CXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVz ++dDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgxNjEudGVzdDALggl4MTYy ++LnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDALggl4MTY1LnRlc3QwC4IJ ++eDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0 ++MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/////MAqHCAsAAAP///// ++MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/////MAqHCAsAAAf///// ++MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/////MAqHCAsAAAv///// ++MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/////MAqHCAsAAA////// ++MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/////MAqHCAsAABP///// ++MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/////MAqHCAsAABf///// ++MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/////MAqHCAsAABv///// ++MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/////MAqHCAsAAB////// ++MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/////MAqHCAsAACP///// ++MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/////MAqHCAsAACf///// ++MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/////MAqHCAsAACv///// ++MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/////MAqHCAsAAC////// ++MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/////MAqHCAsAADP///// ++MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/////MAqHCAsAADf///// ++MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/////MAqHCAsAADv///// ++MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/////MAqHCAsAAD////// ++MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/////MAqHCAsAAEP///// ++MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/////MAqHCAsAAEf///// ++MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/////MAqHCAsAAEv///// ++MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/////MAqHCAsAAE////// ++MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/////MAqHCAsAAFP///// ++MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/////MAqHCAsAAFf///// ++MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/////MAqHCAsAAFv///// ++MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/////MAqHCAsAAF////// ++MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/////MAqHCAsAAGP///// ++MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/////MAqHCAsAAGf///// ++MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/////MAqHCAsAAGv///// ++MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/////MAqHCAsAAG////// ++MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/////MAqHCAsAAHP///// ++MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/////MAqHCAsAAHf///// ++MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/////MAqHCAsAAHv///// ++MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/////MAqHCAsAAH////// ++MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/////MAqHCAsAAIP///// ++MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/////MAqHCAsAAIf///// ++MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/////MAqHCAsAAIv///// ++MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/////MAqHCAsAAI////// ++MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/////MAqHCAsAAJP///// ++MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/////MAqHCAsAAJf///// ++MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/////MAqHCAsAAJv///// ++MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/////MAqHCAsAAJ////// ++MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/////MAqHCAsAAKP///// ++MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/////MAqHCAsAAKf///// ++MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQswCQYDVQQDDAJ4MDARpA8w ++DTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngyMBGkDzANMQswCQYDVQQD ++DAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJBgNVBAMMAng1MBGkDzAN ++MQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcwEaQPMA0xCzAJBgNVBAMM ++Ang4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoGA1UEAwwDeDEwMBKkEDAO ++MQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gxMjASpBAwDjEMMAoGA1UE ++AwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4xDDAKBgNVBAMMA3gxNTAS ++pBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQDDAN4MTcwEqQQMA4xDDAK ++BgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKkEDAOMQwwCgYDVQQDDAN4 ++MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoGA1UEAwwDeDIyMBKkEDAO ++MQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gyNDASpBAwDjEMMAoGA1UE ++AwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4xDDAKBgNVBAMMA3gyNzAS ++pBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQDDAN4MjkwEqQQMA4xDDAK ++BgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKkEDAOMQwwCgYDVQQDDAN4 ++MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoGA1UEAwwDeDM0MBKkEDAO ++MQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gzNjASpBAwDjEMMAoGA1UE ++AwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4xDDAKBgNVBAMMA3gzOTAS ++pBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQDDAN4NDEwEqQQMA4xDDAK ++BgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKkEDAOMQwwCgYDVQQDDAN4 ++NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoGA1UEAwwDeDQ2MBKkEDAO ++MQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0ODASpBAwDjEMMAoGA1UE ++AwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4xDDAKBgNVBAMMA3g1MTAS ++pBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQDDAN4NTMwEqQQMA4xDDAK ++BgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKkEDAOMQwwCgYDVQQDDAN4 ++NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoGA1UEAwwDeDU4MBKkEDAO ++MQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2MDASpBAwDjEMMAoGA1UE ++AwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4xDDAKBgNVBAMMA3g2MzAS ++pBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQDDAN4NjUwEqQQMA4xDDAK ++BgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKkEDAOMQwwCgYDVQQDDAN4 ++NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoGA1UEAwwDeDcwMBKkEDAO ++MQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3MjASpBAwDjEMMAoGA1UE ++AwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4xDDAKBgNVBAMMA3g3NTAS ++pBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQDDAN4NzcwEqQQMA4xDDAK ++BgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKkEDAOMQwwCgYDVQQDDAN4 ++ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoGA1UEAwwDeDgyMBKkEDAO ++MQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4NDASpBAwDjEMMAoGA1UE ++AwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4xDDAKBgNVBAMMA3g4NzAS ++pBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQDDAN4ODkwEqQQMA4xDDAK ++BgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKkEDAOMQwwCgYDVQQDDAN4 ++OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoGA1UEAwwDeDk0MBKkEDAO ++MQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5NjASpBAwDjEMMAoGA1UE ++AwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4xDDAKBgNVBAMMA3g5OTAT ++pBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UEAwwEeDEwMTATpBEwDzEN ++MAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEwMzATpBEwDzENMAsGA1UE ++AwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEwDzENMAsGA1UEAwwEeDEw ++NjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsGA1UEAwwEeDEwODATpBEw ++DzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwEeDExMDATpBEwDzENMAsG ++A1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjATpBEwDzENMAsGA1UEAwwE ++eDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzENMAsGA1UEAwwEeDExNTAT ++pBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UEAwwEeDExNzATpBEwDzEN ++MAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDExOTATpBEwDzENMAsGA1UE ++AwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEwDzENMAsGA1UEAwwEeDEy ++MjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsGA1UEAwwEeDEyNDATpBEw ++DzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwEeDEyNjATpBEwDzENMAsG ++A1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODATpBEwDzENMAsGA1UEAwwE ++eDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzENMAsGA1UEAwwEeDEzMTAT ++pBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UEAwwEeDEzMzATpBEwDzEN ++MAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEzNTATpBEwDzENMAsGA1UE ++AwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEwDzENMAsGA1UEAwwEeDEz ++ODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsGA1UEAwwEeDE0MDATpBEw ++DzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwEeDE0MjATpBEwDzENMAsG ++A1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDATpBEwDzENMAsGA1UEAwwE ++eDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzENMAsGA1UEAwwEeDE0NzAT ++pBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UEAwwEeDE0OTATpBEwDzEN ++MAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1MTATpBEwDzENMAsGA1UE ++AwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEwDzENMAsGA1UEAwwEeDE1 ++NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsGA1UEAwwEeDE1NjATpBEw ++DzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwEeDE1ODATpBEwDzENMAsG ++A1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDATpBEwDzENMAsGA1UEAwwE ++eDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzENMAsGA1UEAwwEeDE2MzAT ++pBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UEAwwEeDE2NTATpBEwDzEN ++MAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2NzATpBEwDzENMAsGA1UE ++AwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTAPhg1odHRwOi8veGVzdC8wMA+G ++DWh0dHA6Ly94ZXN0LzEwD4YNaHR0cDovL3hlc3QvMjAPhg1odHRwOi8veGVzdC8z ++MA+GDWh0dHA6Ly94ZXN0LzQwD4YNaHR0cDovL3hlc3QvNTAPhg1odHRwOi8veGVz ++dC82MA+GDWh0dHA6Ly94ZXN0LzcwD4YNaHR0cDovL3hlc3QvODAPhg1odHRwOi8v ++eGVzdC85MBCGDmh0dHA6Ly94ZXN0LzEwMBCGDmh0dHA6Ly94ZXN0LzExMBCGDmh0 ++dHA6Ly94ZXN0LzEyMBCGDmh0dHA6Ly94ZXN0LzEzMBCGDmh0dHA6Ly94ZXN0LzE0 ++MBCGDmh0dHA6Ly94ZXN0LzE1MBCGDmh0dHA6Ly94ZXN0LzE2MBCGDmh0dHA6Ly94 ++ZXN0LzE3MBCGDmh0dHA6Ly94ZXN0LzE4MBCGDmh0dHA6Ly94ZXN0LzE5MBCGDmh0 ++dHA6Ly94ZXN0LzIwMBCGDmh0dHA6Ly94ZXN0LzIxMBCGDmh0dHA6Ly94ZXN0LzIy ++MBCGDmh0dHA6Ly94ZXN0LzIzMBCGDmh0dHA6Ly94ZXN0LzI0MBCGDmh0dHA6Ly94 ++ZXN0LzI1MBCGDmh0dHA6Ly94ZXN0LzI2MBCGDmh0dHA6Ly94ZXN0LzI3MBCGDmh0 ++dHA6Ly94ZXN0LzI4MBCGDmh0dHA6Ly94ZXN0LzI5MBCGDmh0dHA6Ly94ZXN0LzMw ++MBCGDmh0dHA6Ly94ZXN0LzMxMBCGDmh0dHA6Ly94ZXN0LzMyMBCGDmh0dHA6Ly94 ++ZXN0LzMzMBCGDmh0dHA6Ly94ZXN0LzM0MBCGDmh0dHA6Ly94ZXN0LzM1MBCGDmh0 ++dHA6Ly94ZXN0LzM2MBCGDmh0dHA6Ly94ZXN0LzM3MBCGDmh0dHA6Ly94ZXN0LzM4 ++MBCGDmh0dHA6Ly94ZXN0LzM5MBCGDmh0dHA6Ly94ZXN0LzQwMBCGDmh0dHA6Ly94 ++ZXN0LzQxMBCGDmh0dHA6Ly94ZXN0LzQyMBCGDmh0dHA6Ly94ZXN0LzQzMBCGDmh0 ++dHA6Ly94ZXN0LzQ0MBCGDmh0dHA6Ly94ZXN0LzQ1MBCGDmh0dHA6Ly94ZXN0LzQ2 ++MBCGDmh0dHA6Ly94ZXN0LzQ3MBCGDmh0dHA6Ly94ZXN0LzQ4MBCGDmh0dHA6Ly94 ++ZXN0LzQ5MBCGDmh0dHA6Ly94ZXN0LzUwMBCGDmh0dHA6Ly94ZXN0LzUxMBCGDmh0 ++dHA6Ly94ZXN0LzUyMBCGDmh0dHA6Ly94ZXN0LzUzMBCGDmh0dHA6Ly94ZXN0LzU0 ++MBCGDmh0dHA6Ly94ZXN0LzU1MBCGDmh0dHA6Ly94ZXN0LzU2MBCGDmh0dHA6Ly94 ++ZXN0LzU3MBCGDmh0dHA6Ly94ZXN0LzU4MBCGDmh0dHA6Ly94ZXN0LzU5MBCGDmh0 ++dHA6Ly94ZXN0LzYwMBCGDmh0dHA6Ly94ZXN0LzYxMBCGDmh0dHA6Ly94ZXN0LzYy ++MBCGDmh0dHA6Ly94ZXN0LzYzMBCGDmh0dHA6Ly94ZXN0LzY0MBCGDmh0dHA6Ly94 ++ZXN0LzY1MBCGDmh0dHA6Ly94ZXN0LzY2MBCGDmh0dHA6Ly94ZXN0LzY3MBCGDmh0 ++dHA6Ly94ZXN0LzY4MBCGDmh0dHA6Ly94ZXN0LzY5MBCGDmh0dHA6Ly94ZXN0Lzcw ++MBCGDmh0dHA6Ly94ZXN0LzcxMBCGDmh0dHA6Ly94ZXN0LzcyMBCGDmh0dHA6Ly94 ++ZXN0LzczMBCGDmh0dHA6Ly94ZXN0Lzc0MBCGDmh0dHA6Ly94ZXN0Lzc1MBCGDmh0 ++dHA6Ly94ZXN0Lzc2MBCGDmh0dHA6Ly94ZXN0Lzc3MBCGDmh0dHA6Ly94ZXN0Lzc4 ++MBCGDmh0dHA6Ly94ZXN0Lzc5MBCGDmh0dHA6Ly94ZXN0LzgwMBCGDmh0dHA6Ly94 ++ZXN0LzgxMBCGDmh0dHA6Ly94ZXN0LzgyMBCGDmh0dHA6Ly94ZXN0LzgzMBCGDmh0 ++dHA6Ly94ZXN0Lzg0MBCGDmh0dHA6Ly94ZXN0Lzg1MBCGDmh0dHA6Ly94ZXN0Lzg2 ++MBCGDmh0dHA6Ly94ZXN0Lzg3MBCGDmh0dHA6Ly94ZXN0Lzg4MBCGDmh0dHA6Ly94 ++ZXN0Lzg5MBCGDmh0dHA6Ly94ZXN0LzkwMBCGDmh0dHA6Ly94ZXN0LzkxMBCGDmh0 ++dHA6Ly94ZXN0LzkyMBCGDmh0dHA6Ly94ZXN0LzkzMBCGDmh0dHA6Ly94ZXN0Lzk0 ++MBCGDmh0dHA6Ly94ZXN0Lzk1MBCGDmh0dHA6Ly94ZXN0Lzk2MBCGDmh0dHA6Ly94 ++ZXN0Lzk3MBCGDmh0dHA6Ly94ZXN0Lzk4MBCGDmh0dHA6Ly94ZXN0Lzk5MBGGD2h0 ++dHA6Ly94ZXN0LzEwMDARhg9odHRwOi8veGVzdC8xMDEwEYYPaHR0cDovL3hlc3Qv ++MTAyMBGGD2h0dHA6Ly94ZXN0LzEwMzARhg9odHRwOi8veGVzdC8xMDQwEYYPaHR0 ++cDovL3hlc3QvMTA1MBGGD2h0dHA6Ly94ZXN0LzEwNjARhg9odHRwOi8veGVzdC8x ++MDcwEYYPaHR0cDovL3hlc3QvMTA4MBGGD2h0dHA6Ly94ZXN0LzEwOTARhg9odHRw ++Oi8veGVzdC8xMTAwEYYPaHR0cDovL3hlc3QvMTExMBGGD2h0dHA6Ly94ZXN0LzEx ++MjARhg9odHRwOi8veGVzdC8xMTMwEYYPaHR0cDovL3hlc3QvMTE0MBGGD2h0dHA6 ++Ly94ZXN0LzExNTARhg9odHRwOi8veGVzdC8xMTYwEYYPaHR0cDovL3hlc3QvMTE3 ++MBGGD2h0dHA6Ly94ZXN0LzExODARhg9odHRwOi8veGVzdC8xMTkwEYYPaHR0cDov ++L3hlc3QvMTIwMBGGD2h0dHA6Ly94ZXN0LzEyMTARhg9odHRwOi8veGVzdC8xMjIw ++EYYPaHR0cDovL3hlc3QvMTIzMBGGD2h0dHA6Ly94ZXN0LzEyNDARhg9odHRwOi8v ++eGVzdC8xMjUwEYYPaHR0cDovL3hlc3QvMTI2MBGGD2h0dHA6Ly94ZXN0LzEyNzAR ++hg9odHRwOi8veGVzdC8xMjgwEYYPaHR0cDovL3hlc3QvMTI5MBGGD2h0dHA6Ly94 ++ZXN0LzEzMDARhg9odHRwOi8veGVzdC8xMzEwEYYPaHR0cDovL3hlc3QvMTMyMBGG ++D2h0dHA6Ly94ZXN0LzEzMzARhg9odHRwOi8veGVzdC8xMzQwEYYPaHR0cDovL3hl ++c3QvMTM1MBGGD2h0dHA6Ly94ZXN0LzEzNjARhg9odHRwOi8veGVzdC8xMzcwEYYP ++aHR0cDovL3hlc3QvMTM4MBGGD2h0dHA6Ly94ZXN0LzEzOTARhg9odHRwOi8veGVz ++dC8xNDAwEYYPaHR0cDovL3hlc3QvMTQxMBGGD2h0dHA6Ly94ZXN0LzE0MjARhg9o ++dHRwOi8veGVzdC8xNDMwEYYPaHR0cDovL3hlc3QvMTQ0MBGGD2h0dHA6Ly94ZXN0 ++LzE0NTARhg9odHRwOi8veGVzdC8xNDYwEYYPaHR0cDovL3hlc3QvMTQ3MBGGD2h0 ++dHA6Ly94ZXN0LzE0ODARhg9odHRwOi8veGVzdC8xNDkwEYYPaHR0cDovL3hlc3Qv ++MTUwMBGGD2h0dHA6Ly94ZXN0LzE1MTARhg9odHRwOi8veGVzdC8xNTIwEYYPaHR0 ++cDovL3hlc3QvMTUzMBGGD2h0dHA6Ly94ZXN0LzE1NDARhg9odHRwOi8veGVzdC8x ++NTUwEYYPaHR0cDovL3hlc3QvMTU2MBGGD2h0dHA6Ly94ZXN0LzE1NzARhg9odHRw ++Oi8veGVzdC8xNTgwEYYPaHR0cDovL3hlc3QvMTU5MBGGD2h0dHA6Ly94ZXN0LzE2 ++MDARhg9odHRwOi8veGVzdC8xNjEwEYYPaHR0cDovL3hlc3QvMTYyMBGGD2h0dHA6 ++Ly94ZXN0LzE2MzARhg9odHRwOi8veGVzdC8xNjQwEYYPaHR0cDovL3hlc3QvMTY1 ++MBGGD2h0dHA6Ly94ZXN0LzE2NjARhg9odHRwOi8veGVzdC8xNjcwEYYPaHR0cDov ++L3hlc3QvMTY4MBGGD2h0dHA6Ly94ZXN0LzE2OTARhg9odHRwOi8veGVzdC8xNzAw ++EYYPaHR0cDovL3hlc3QvMTcxMBGGD2h0dHA6Ly94ZXN0LzE3MjARhg9odHRwOi8v ++eGVzdC8xNzMwEYYPaHR0cDovL3hlc3QvMTc0MBGGD2h0dHA6Ly94ZXN0LzE3NTAR ++hg9odHRwOi8veGVzdC8xNzYwEYYPaHR0cDovL3hlc3QvMTc3MBGGD2h0dHA6Ly94 ++ZXN0LzE3ODARhg9odHRwOi8veGVzdC8xNzkwEYYPaHR0cDovL3hlc3QvMTgwMBGG ++D2h0dHA6Ly94ZXN0LzE4MTARhg9odHRwOi8veGVzdC8xODIwEYYPaHR0cDovL3hl ++c3QvMTgzMBGGD2h0dHA6Ly94ZXN0LzE4NDARhg9odHRwOi8veGVzdC8xODUwEYYP ++aHR0cDovL3hlc3QvMTg2MBGGD2h0dHA6Ly94ZXN0LzE4NzARhg9odHRwOi8veGVz ++dC8xODgwEYYPaHR0cDovL3hlc3QvMTg5MBGGD2h0dHA6Ly94ZXN0LzE5MDARhg9o ++dHRwOi8veGVzdC8xOTEwEYYPaHR0cDovL3hlc3QvMTkyMBGGD2h0dHA6Ly94ZXN0 ++LzE5MzARhg9odHRwOi8veGVzdC8xOTQwEYYPaHR0cDovL3hlc3QvMTk1MBGGD2h0 ++dHA6Ly94ZXN0LzE5NjARhg9odHRwOi8veGVzdC8xOTcwEYYPaHR0cDovL3hlc3Qv ++MTk4MBGGD2h0dHA6Ly94ZXN0LzE5OTARhg9odHRwOi8veGVzdC8yMDAwEYYPaHR0 ++cDovL3hlc3QvMjAxMBGGD2h0dHA6Ly94ZXN0LzIwMjARhg9odHRwOi8veGVzdC8y ++MDMwEYYPaHR0cDovL3hlc3QvMjA0MBGGD2h0dHA6Ly94ZXN0LzIwNTARhg9odHRw ++Oi8veGVzdC8yMDYwEYYPaHR0cDovL3hlc3QvMjA3MBGGD2h0dHA6Ly94ZXN0LzIw ++ODARhg9odHRwOi8veGVzdC8yMDkwEYYPaHR0cDovL3hlc3QvMjEwMBGGD2h0dHA6 ++Ly94ZXN0LzIxMTARhg9odHRwOi8veGVzdC8yMTIwEYYPaHR0cDovL3hlc3QvMjEz ++MBGGD2h0dHA6Ly94ZXN0LzIxNDARhg9odHRwOi8veGVzdC8yMTUwEYYPaHR0cDov ++L3hlc3QvMjE2MBGGD2h0dHA6Ly94ZXN0LzIxNzARhg9odHRwOi8veGVzdC8yMTgw ++EYYPaHR0cDovL3hlc3QvMjE5MBGGD2h0dHA6Ly94ZXN0LzIyMDARhg9odHRwOi8v ++eGVzdC8yMjEwEYYPaHR0cDovL3hlc3QvMjIyMBGGD2h0dHA6Ly94ZXN0LzIyMzAR ++hg9odHRwOi8veGVzdC8yMjQwEYYPaHR0cDovL3hlc3QvMjI1MBGGD2h0dHA6Ly94 ++ZXN0LzIyNjARhg9odHRwOi8veGVzdC8yMjcwEYYPaHR0cDovL3hlc3QvMjI4MBGG ++D2h0dHA6Ly94ZXN0LzIyOTARhg9odHRwOi8veGVzdC8yMzAwEYYPaHR0cDovL3hl ++c3QvMjMxMBGGD2h0dHA6Ly94ZXN0LzIzMjARhg9odHRwOi8veGVzdC8yMzMwEYYP ++aHR0cDovL3hlc3QvMjM0MBGGD2h0dHA6Ly94ZXN0LzIzNTARhg9odHRwOi8veGVz ++dC8yMzYwEYYPaHR0cDovL3hlc3QvMjM3MBGGD2h0dHA6Ly94ZXN0LzIzODARhg9o ++dHRwOi8veGVzdC8yMzkwEYYPaHR0cDovL3hlc3QvMjQwMBGGD2h0dHA6Ly94ZXN0 ++LzI0MTARhg9odHRwOi8veGVzdC8yNDIwEYYPaHR0cDovL3hlc3QvMjQzMBGGD2h0 ++dHA6Ly94ZXN0LzI0NDARhg9odHRwOi8veGVzdC8yNDUwEYYPaHR0cDovL3hlc3Qv ++MjQ2MBGGD2h0dHA6Ly94ZXN0LzI0NzARhg9odHRwOi8veGVzdC8yNDgwEYYPaHR0 ++cDovL3hlc3QvMjQ5MBGGD2h0dHA6Ly94ZXN0LzI1MDARhg9odHRwOi8veGVzdC8y ++NTEwEYYPaHR0cDovL3hlc3QvMjUyMBGGD2h0dHA6Ly94ZXN0LzI1MzARhg9odHRw ++Oi8veGVzdC8yNTQwEYYPaHR0cDovL3hlc3QvMjU1MBGGD2h0dHA6Ly94ZXN0LzI1 ++NjARhg9odHRwOi8veGVzdC8yNTcwEYYPaHR0cDovL3hlc3QvMjU4MBGGD2h0dHA6 ++Ly94ZXN0LzI1OTARhg9odHRwOi8veGVzdC8yNjAwEYYPaHR0cDovL3hlc3QvMjYx ++MBGGD2h0dHA6Ly94ZXN0LzI2MjARhg9odHRwOi8veGVzdC8yNjMwEYYPaHR0cDov ++L3hlc3QvMjY0MBGGD2h0dHA6Ly94ZXN0LzI2NTARhg9odHRwOi8veGVzdC8yNjYw ++EYYPaHR0cDovL3hlc3QvMjY3MBGGD2h0dHA6Ly94ZXN0LzI2ODARhg9odHRwOi8v ++eGVzdC8yNjkwEYYPaHR0cDovL3hlc3QvMjcwMBGGD2h0dHA6Ly94ZXN0LzI3MTAR ++hg9odHRwOi8veGVzdC8yNzIwEYYPaHR0cDovL3hlc3QvMjczMBGGD2h0dHA6Ly94 ++ZXN0LzI3NDARhg9odHRwOi8veGVzdC8yNzUwEYYPaHR0cDovL3hlc3QvMjc2MBGG ++D2h0dHA6Ly94ZXN0LzI3NzARhg9odHRwOi8veGVzdC8yNzgwEYYPaHR0cDovL3hl ++c3QvMjc5MBGGD2h0dHA6Ly94ZXN0LzI4MDARhg9odHRwOi8veGVzdC8yODEwEYYP ++aHR0cDovL3hlc3QvMjgyMBGGD2h0dHA6Ly94ZXN0LzI4MzARhg9odHRwOi8veGVz ++dC8yODQwEYYPaHR0cDovL3hlc3QvMjg1MBGGD2h0dHA6Ly94ZXN0LzI4NjARhg9o ++dHRwOi8veGVzdC8yODcwEYYPaHR0cDovL3hlc3QvMjg4MBGGD2h0dHA6Ly94ZXN0 ++LzI4OTARhg9odHRwOi8veGVzdC8yOTAwEYYPaHR0cDovL3hlc3QvMjkxMBGGD2h0 ++dHA6Ly94ZXN0LzI5MjARhg9odHRwOi8veGVzdC8yOTMwEYYPaHR0cDovL3hlc3Qv ++Mjk0MBGGD2h0dHA6Ly94ZXN0LzI5NTARhg9odHRwOi8veGVzdC8yOTYwEYYPaHR0 ++cDovL3hlc3QvMjk3MBGGD2h0dHA6Ly94ZXN0LzI5ODARhg9odHRwOi8veGVzdC8y ++OTkwEYYPaHR0cDovL3hlc3QvMzAwMBGGD2h0dHA6Ly94ZXN0LzMwMTARhg9odHRw ++Oi8veGVzdC8zMDIwEYYPaHR0cDovL3hlc3QvMzAzMBGGD2h0dHA6Ly94ZXN0LzMw ++NDARhg9odHRwOi8veGVzdC8zMDUwEYYPaHR0cDovL3hlc3QvMzA2MBGGD2h0dHA6 ++Ly94ZXN0LzMwNzARhg9odHRwOi8veGVzdC8zMDgwEYYPaHR0cDovL3hlc3QvMzA5 ++MBGGD2h0dHA6Ly94ZXN0LzMxMDARhg9odHRwOi8veGVzdC8zMTEwEYYPaHR0cDov ++L3hlc3QvMzEyMBGGD2h0dHA6Ly94ZXN0LzMxMzARhg9odHRwOi8veGVzdC8zMTQw ++EYYPaHR0cDovL3hlc3QvMzE1MBGGD2h0dHA6Ly94ZXN0LzMxNjARhg9odHRwOi8v ++eGVzdC8zMTcwEYYPaHR0cDovL3hlc3QvMzE4MBGGD2h0dHA6Ly94ZXN0LzMxOTAR ++hg9odHRwOi8veGVzdC8zMjAwEYYPaHR0cDovL3hlc3QvMzIxMBGGD2h0dHA6Ly94 ++ZXN0LzMyMjARhg9odHRwOi8veGVzdC8zMjMwEYYPaHR0cDovL3hlc3QvMzI0MBGG ++D2h0dHA6Ly94ZXN0LzMyNTARhg9odHRwOi8veGVzdC8zMjYwEYYPaHR0cDovL3hl ++c3QvMzI3MBGGD2h0dHA6Ly94ZXN0LzMyODARhg9odHRwOi8veGVzdC8zMjkwEYYP ++aHR0cDovL3hlc3QvMzMwMBGGD2h0dHA6Ly94ZXN0LzMzMTARhg9odHRwOi8veGVz ++dC8zMzIwEYYPaHR0cDovL3hlc3QvMzMzMBGGD2h0dHA6Ly94ZXN0LzMzNDARhg9o ++dHRwOi8veGVzdC8zMzUwEYYPaHR0cDovL3hlc3QvMzM2MBGGD2h0dHA6Ly94ZXN0 ++LzMzNzARhg9odHRwOi8veGVzdC8zMzgwEYYPaHR0cDovL3hlc3QvMzM5MBGGD2h0 ++dHA6Ly94ZXN0LzM0MDARhg9odHRwOi8veGVzdC8zNDEwEYYPaHR0cDovL3hlc3Qv ++MzQyMBGGD2h0dHA6Ly94ZXN0LzM0MzARhg9odHRwOi8veGVzdC8zNDQwEYYPaHR0 ++cDovL3hlc3QvMzQ1MBGGD2h0dHA6Ly94ZXN0LzM0NjARhg9odHRwOi8veGVzdC8z ++NDcwEYYPaHR0cDovL3hlc3QvMzQ4MBGGD2h0dHA6Ly94ZXN0LzM0OTARhg9odHRw ++Oi8veGVzdC8zNTAwEYYPaHR0cDovL3hlc3QvMzUxMBGGD2h0dHA6Ly94ZXN0LzM1 ++MjARhg9odHRwOi8veGVzdC8zNTMwEYYPaHR0cDovL3hlc3QvMzU0MBGGD2h0dHA6 ++Ly94ZXN0LzM1NTARhg9odHRwOi8veGVzdC8zNTYwEYYPaHR0cDovL3hlc3QvMzU3 ++MBGGD2h0dHA6Ly94ZXN0LzM1ODARhg9odHRwOi8veGVzdC8zNTkwEYYPaHR0cDov ++L3hlc3QvMzYwMBGGD2h0dHA6Ly94ZXN0LzM2MTARhg9odHRwOi8veGVzdC8zNjIw ++EYYPaHR0cDovL3hlc3QvMzYzMBGGD2h0dHA6Ly94ZXN0LzM2NDARhg9odHRwOi8v ++eGVzdC8zNjUwEYYPaHR0cDovL3hlc3QvMzY2MBGGD2h0dHA6Ly94ZXN0LzM2NzAR ++hg9odHRwOi8veGVzdC8zNjgwEYYPaHR0cDovL3hlc3QvMzY5MBGGD2h0dHA6Ly94 ++ZXN0LzM3MDARhg9odHRwOi8veGVzdC8zNzEwEYYPaHR0cDovL3hlc3QvMzcyMBGG ++D2h0dHA6Ly94ZXN0LzM3MzARhg9odHRwOi8veGVzdC8zNzQwEYYPaHR0cDovL3hl ++c3QvMzc1MBGGD2h0dHA6Ly94ZXN0LzM3NjARhg9odHRwOi8veGVzdC8zNzcwEYYP ++aHR0cDovL3hlc3QvMzc4MBGGD2h0dHA6Ly94ZXN0LzM3OTARhg9odHRwOi8veGVz ++dC8zODAwEYYPaHR0cDovL3hlc3QvMzgxMBGGD2h0dHA6Ly94ZXN0LzM4MjARhg9o ++dHRwOi8veGVzdC8zODMwEYYPaHR0cDovL3hlc3QvMzg0MBGGD2h0dHA6Ly94ZXN0 ++LzM4NTARhg9odHRwOi8veGVzdC8zODYwEYYPaHR0cDovL3hlc3QvMzg3MBGGD2h0 ++dHA6Ly94ZXN0LzM4ODARhg9odHRwOi8veGVzdC8zODkwEYYPaHR0cDovL3hlc3Qv ++MzkwMBGGD2h0dHA6Ly94ZXN0LzM5MTARhg9odHRwOi8veGVzdC8zOTIwEYYPaHR0 ++cDovL3hlc3QvMzkzMBGGD2h0dHA6Ly94ZXN0LzM5NDARhg9odHRwOi8veGVzdC8z ++OTUwEYYPaHR0cDovL3hlc3QvMzk2MBGGD2h0dHA6Ly94ZXN0LzM5NzARhg9odHRw ++Oi8veGVzdC8zOTgwEYYPaHR0cDovL3hlc3QvMzk5MBGGD2h0dHA6Ly94ZXN0LzQw ++MDARhg9odHRwOi8veGVzdC80MDEwEYYPaHR0cDovL3hlc3QvNDAyMBGGD2h0dHA6 ++Ly94ZXN0LzQwMzARhg9odHRwOi8veGVzdC80MDQwEYYPaHR0cDovL3hlc3QvNDA1 ++MBGGD2h0dHA6Ly94ZXN0LzQwNjARhg9odHRwOi8veGVzdC80MDcwEYYPaHR0cDov ++L3hlc3QvNDA4MBGGD2h0dHA6Ly94ZXN0LzQwOTARhg9odHRwOi8veGVzdC80MTAw ++EYYPaHR0cDovL3hlc3QvNDExMBGGD2h0dHA6Ly94ZXN0LzQxMjARhg9odHRwOi8v ++eGVzdC80MTMwEYYPaHR0cDovL3hlc3QvNDE0MBGGD2h0dHA6Ly94ZXN0LzQxNTAR ++hg9odHRwOi8veGVzdC80MTYwEYYPaHR0cDovL3hlc3QvNDE3MBGGD2h0dHA6Ly94 ++ZXN0LzQxODARhg9odHRwOi8veGVzdC80MTkwEYYPaHR0cDovL3hlc3QvNDIwMBGG ++D2h0dHA6Ly94ZXN0LzQyMTARhg9odHRwOi8veGVzdC80MjIwEYYPaHR0cDovL3hl ++c3QvNDIzMBGGD2h0dHA6Ly94ZXN0LzQyNDARhg9odHRwOi8veGVzdC80MjUwEYYP ++aHR0cDovL3hlc3QvNDI2MBGGD2h0dHA6Ly94ZXN0LzQyNzARhg9odHRwOi8veGVz ++dC80MjgwEYYPaHR0cDovL3hlc3QvNDI5MBGGD2h0dHA6Ly94ZXN0LzQzMDARhg9o ++dHRwOi8veGVzdC80MzEwEYYPaHR0cDovL3hlc3QvNDMyMBGGD2h0dHA6Ly94ZXN0 ++LzQzMzARhg9odHRwOi8veGVzdC80MzQwEYYPaHR0cDovL3hlc3QvNDM1MBGGD2h0 ++dHA6Ly94ZXN0LzQzNjARhg9odHRwOi8veGVzdC80MzcwEYYPaHR0cDovL3hlc3Qv ++NDM4MBGGD2h0dHA6Ly94ZXN0LzQzOTARhg9odHRwOi8veGVzdC80NDAwEYYPaHR0 ++cDovL3hlc3QvNDQxMBGGD2h0dHA6Ly94ZXN0LzQ0MjARhg9odHRwOi8veGVzdC80 ++NDMwEYYPaHR0cDovL3hlc3QvNDQ0MBGGD2h0dHA6Ly94ZXN0LzQ0NTARhg9odHRw ++Oi8veGVzdC80NDYwEYYPaHR0cDovL3hlc3QvNDQ3MBGGD2h0dHA6Ly94ZXN0LzQ0 ++ODARhg9odHRwOi8veGVzdC80NDkwEYYPaHR0cDovL3hlc3QvNDUwMBGGD2h0dHA6 ++Ly94ZXN0LzQ1MTARhg9odHRwOi8veGVzdC80NTIwEYYPaHR0cDovL3hlc3QvNDUz ++MBGGD2h0dHA6Ly94ZXN0LzQ1NDARhg9odHRwOi8veGVzdC80NTUwEYYPaHR0cDov ++L3hlc3QvNDU2MBGGD2h0dHA6Ly94ZXN0LzQ1NzARhg9odHRwOi8veGVzdC80NTgw ++EYYPaHR0cDovL3hlc3QvNDU5MBGGD2h0dHA6Ly94ZXN0LzQ2MDARhg9odHRwOi8v ++eGVzdC80NjEwEYYPaHR0cDovL3hlc3QvNDYyMBGGD2h0dHA6Ly94ZXN0LzQ2MzAR ++hg9odHRwOi8veGVzdC80NjQwEYYPaHR0cDovL3hlc3QvNDY1MBGGD2h0dHA6Ly94 ++ZXN0LzQ2NjARhg9odHRwOi8veGVzdC80NjcwEYYPaHR0cDovL3hlc3QvNDY4MBGG ++D2h0dHA6Ly94ZXN0LzQ2OTARhg9odHRwOi8veGVzdC80NzAwEYYPaHR0cDovL3hl ++c3QvNDcxMBGGD2h0dHA6Ly94ZXN0LzQ3MjARhg9odHRwOi8veGVzdC80NzMwEYYP ++aHR0cDovL3hlc3QvNDc0MBGGD2h0dHA6Ly94ZXN0LzQ3NTARhg9odHRwOi8veGVz ++dC80NzYwEYYPaHR0cDovL3hlc3QvNDc3MBGGD2h0dHA6Ly94ZXN0LzQ3ODARhg9o ++dHRwOi8veGVzdC80NzkwEYYPaHR0cDovL3hlc3QvNDgwMBGGD2h0dHA6Ly94ZXN0 ++LzQ4MTARhg9odHRwOi8veGVzdC80ODIwEYYPaHR0cDovL3hlc3QvNDgzMBGGD2h0 ++dHA6Ly94ZXN0LzQ4NDARhg9odHRwOi8veGVzdC80ODUwEYYPaHR0cDovL3hlc3Qv ++NDg2MBGGD2h0dHA6Ly94ZXN0LzQ4NzARhg9odHRwOi8veGVzdC80ODgwEYYPaHR0 ++cDovL3hlc3QvNDg5MBGGD2h0dHA6Ly94ZXN0LzQ5MDARhg9odHRwOi8veGVzdC80 ++OTEwEYYPaHR0cDovL3hlc3QvNDkyMBGGD2h0dHA6Ly94ZXN0LzQ5MzARhg9odHRw ++Oi8veGVzdC80OTQwEYYPaHR0cDovL3hlc3QvNDk1MBGGD2h0dHA6Ly94ZXN0LzQ5 ++NjARhg9odHRwOi8veGVzdC80OTcwEYYPaHR0cDovL3hlc3QvNDk4MBGGD2h0dHA6 ++Ly94ZXN0LzQ5OTARhg9odHRwOi8veGVzdC81MDAwEYYPaHR0cDovL3hlc3QvNTAx ++MBGGD2h0dHA6Ly94ZXN0LzUwMjARhg9odHRwOi8veGVzdC81MDMwEYYPaHR0cDov ++L3hlc3QvNTA0MBGGD2h0dHA6Ly94ZXN0LzUwNTARhg9odHRwOi8veGVzdC81MDYw ++EYYPaHR0cDovL3hlc3QvNTA3MBGGD2h0dHA6Ly94ZXN0LzUwODARhg9odHRwOi8v ++eGVzdC81MDkwEYYPaHR0cDovL3hlc3QvNTEwMBGGD2h0dHA6Ly94ZXN0LzUxMTAR ++hg9odHRwOi8veGVzdC81MTIwEYYPaHR0cDovL3hlc3QvNTEzMBGGD2h0dHA6Ly94 ++ZXN0LzUxNDARhg9odHRwOi8veGVzdC81MTUwEYYPaHR0cDovL3hlc3QvNTE2MBGG ++D2h0dHA6Ly94ZXN0LzUxNzARhg9odHRwOi8veGVzdC81MTgwEYYPaHR0cDovL3hl ++c3QvNTE5MBGGD2h0dHA6Ly94ZXN0LzUyMDARhg9odHRwOi8veGVzdC81MjEwEYYP ++aHR0cDovL3hlc3QvNTIyMBGGD2h0dHA6Ly94ZXN0LzUyMzARhg9odHRwOi8veGVz ++dC81MjQwEYYPaHR0cDovL3hlc3QvNTI1MBGGD2h0dHA6Ly94ZXN0LzUyNjARhg9o ++dHRwOi8veGVzdC81MjcwEYYPaHR0cDovL3hlc3QvNTI4MBGGD2h0dHA6Ly94ZXN0 ++LzUyOTARhg9odHRwOi8veGVzdC81MzAwEYYPaHR0cDovL3hlc3QvNTMxMBGGD2h0 ++dHA6Ly94ZXN0LzUzMjARhg9odHRwOi8veGVzdC81MzMwEYYPaHR0cDovL3hlc3Qv ++NTM0MBGGD2h0dHA6Ly94ZXN0LzUzNTARhg9odHRwOi8veGVzdC81MzYwEYYPaHR0 ++cDovL3hlc3QvNTM3MBGGD2h0dHA6Ly94ZXN0LzUzODARhg9odHRwOi8veGVzdC81 ++MzkwEYYPaHR0cDovL3hlc3QvNTQwMBGGD2h0dHA6Ly94ZXN0LzU0MTARhg9odHRw ++Oi8veGVzdC81NDIwEYYPaHR0cDovL3hlc3QvNTQzMBGGD2h0dHA6Ly94ZXN0LzU0 ++NDARhg9odHRwOi8veGVzdC81NDUwEYYPaHR0cDovL3hlc3QvNTQ2MBGGD2h0dHA6 ++Ly94ZXN0LzU0NzARhg9odHRwOi8veGVzdC81NDgwEYYPaHR0cDovL3hlc3QvNTQ5 ++MBGGD2h0dHA6Ly94ZXN0LzU1MDARhg9odHRwOi8veGVzdC81NTEwEYYPaHR0cDov ++L3hlc3QvNTUyMBGGD2h0dHA6Ly94ZXN0LzU1MzARhg9odHRwOi8veGVzdC81NTQw ++EYYPaHR0cDovL3hlc3QvNTU1MBGGD2h0dHA6Ly94ZXN0LzU1NjARhg9odHRwOi8v ++eGVzdC81NTcwEYYPaHR0cDovL3hlc3QvNTU4MBGGD2h0dHA6Ly94ZXN0LzU1OTAR ++hg9odHRwOi8veGVzdC81NjAwEYYPaHR0cDovL3hlc3QvNTYxMBGGD2h0dHA6Ly94 ++ZXN0LzU2MjARhg9odHRwOi8veGVzdC81NjMwEYYPaHR0cDovL3hlc3QvNTY0MBGG ++D2h0dHA6Ly94ZXN0LzU2NTARhg9odHRwOi8veGVzdC81NjYwEYYPaHR0cDovL3hl ++c3QvNTY3MBGGD2h0dHA6Ly94ZXN0LzU2ODARhg9odHRwOi8veGVzdC81NjkwEYYP ++aHR0cDovL3hlc3QvNTcwMBGGD2h0dHA6Ly94ZXN0LzU3MTARhg9odHRwOi8veGVz ++dC81NzIwEYYPaHR0cDovL3hlc3QvNTczMBGGD2h0dHA6Ly94ZXN0LzU3NDARhg9o ++dHRwOi8veGVzdC81NzUwEYYPaHR0cDovL3hlc3QvNTc2MBGGD2h0dHA6Ly94ZXN0 ++LzU3NzARhg9odHRwOi8veGVzdC81NzgwEYYPaHR0cDovL3hlc3QvNTc5MBGGD2h0 ++dHA6Ly94ZXN0LzU4MDARhg9odHRwOi8veGVzdC81ODEwEYYPaHR0cDovL3hlc3Qv ++NTgyMBGGD2h0dHA6Ly94ZXN0LzU4MzARhg9odHRwOi8veGVzdC81ODQwEYYPaHR0 ++cDovL3hlc3QvNTg1MBGGD2h0dHA6Ly94ZXN0LzU4NjARhg9odHRwOi8veGVzdC81 ++ODcwEYYPaHR0cDovL3hlc3QvNTg4MBGGD2h0dHA6Ly94ZXN0LzU4OTARhg9odHRw ++Oi8veGVzdC81OTAwEYYPaHR0cDovL3hlc3QvNTkxMBGGD2h0dHA6Ly94ZXN0LzU5 ++MjARhg9odHRwOi8veGVzdC81OTMwEYYPaHR0cDovL3hlc3QvNTk0MBGGD2h0dHA6 ++Ly94ZXN0LzU5NTARhg9odHRwOi8veGVzdC81OTYwEYYPaHR0cDovL3hlc3QvNTk3 ++MBGGD2h0dHA6Ly94ZXN0LzU5ODARhg9odHRwOi8veGVzdC81OTkwEYYPaHR0cDov ++L3hlc3QvNjAwMBGGD2h0dHA6Ly94ZXN0LzYwMTARhg9odHRwOi8veGVzdC82MDIw ++EYYPaHR0cDovL3hlc3QvNjAzMBGGD2h0dHA6Ly94ZXN0LzYwNDARhg9odHRwOi8v ++eGVzdC82MDUwEYYPaHR0cDovL3hlc3QvNjA2MBGGD2h0dHA6Ly94ZXN0LzYwNzAR ++hg9odHRwOi8veGVzdC82MDgwEYYPaHR0cDovL3hlc3QvNjA5MBGGD2h0dHA6Ly94 ++ZXN0LzYxMDARhg9odHRwOi8veGVzdC82MTEwEYYPaHR0cDovL3hlc3QvNjEyMBGG ++D2h0dHA6Ly94ZXN0LzYxMzARhg9odHRwOi8veGVzdC82MTQwEYYPaHR0cDovL3hl ++c3QvNjE1MBGGD2h0dHA6Ly94ZXN0LzYxNjARhg9odHRwOi8veGVzdC82MTcwEYYP ++aHR0cDovL3hlc3QvNjE4MBGGD2h0dHA6Ly94ZXN0LzYxOTARhg9odHRwOi8veGVz ++dC82MjAwEYYPaHR0cDovL3hlc3QvNjIxMBGGD2h0dHA6Ly94ZXN0LzYyMjARhg9o ++dHRwOi8veGVzdC82MjMwEYYPaHR0cDovL3hlc3QvNjI0MBGGD2h0dHA6Ly94ZXN0 ++LzYyNTARhg9odHRwOi8veGVzdC82MjYwEYYPaHR0cDovL3hlc3QvNjI3MBGGD2h0 ++dHA6Ly94ZXN0LzYyODARhg9odHRwOi8veGVzdC82MjkwEYYPaHR0cDovL3hlc3Qv ++NjMwMBGGD2h0dHA6Ly94ZXN0LzYzMTARhg9odHRwOi8veGVzdC82MzIwEYYPaHR0 ++cDovL3hlc3QvNjMzMBGGD2h0dHA6Ly94ZXN0LzYzNDARhg9odHRwOi8veGVzdC82 ++MzUwEYYPaHR0cDovL3hlc3QvNjM2MBGGD2h0dHA6Ly94ZXN0LzYzNzARhg9odHRw ++Oi8veGVzdC82MzgwEYYPaHR0cDovL3hlc3QvNjM5MBGGD2h0dHA6Ly94ZXN0LzY0 ++MDARhg9odHRwOi8veGVzdC82NDEwEYYPaHR0cDovL3hlc3QvNjQyMBGGD2h0dHA6 ++Ly94ZXN0LzY0MzARhg9odHRwOi8veGVzdC82NDQwEYYPaHR0cDovL3hlc3QvNjQ1 ++MBGGD2h0dHA6Ly94ZXN0LzY0NjARhg9odHRwOi8veGVzdC82NDcwEYYPaHR0cDov ++L3hlc3QvNjQ4MBGGD2h0dHA6Ly94ZXN0LzY0OTARhg9odHRwOi8veGVzdC82NTAw ++EYYPaHR0cDovL3hlc3QvNjUxMBGGD2h0dHA6Ly94ZXN0LzY1MjARhg9odHRwOi8v ++eGVzdC82NTMwEYYPaHR0cDovL3hlc3QvNjU0MBGGD2h0dHA6Ly94ZXN0LzY1NTAR ++hg9odHRwOi8veGVzdC82NTYwEYYPaHR0cDovL3hlc3QvNjU3MBGGD2h0dHA6Ly94 ++ZXN0LzY1ODARhg9odHRwOi8veGVzdC82NTkwEYYPaHR0cDovL3hlc3QvNjYwMBGG ++D2h0dHA6Ly94ZXN0LzY2MTARhg9odHRwOi8veGVzdC82NjIwEYYPaHR0cDovL3hl ++c3QvNjYzMBGGD2h0dHA6Ly94ZXN0LzY2NDARhg9odHRwOi8veGVzdC82NjUwEYYP ++aHR0cDovL3hlc3QvNjY2MBGGD2h0dHA6Ly94ZXN0LzY2NzARhg9odHRwOi8veGVz ++dC82NjgwEYYPaHR0cDovL3hlc3QvNjY5MBGGD2h0dHA6Ly94ZXN0LzY3MDARhg9o ++dHRwOi8veGVzdC82NzEwEYYPaHR0cDovL3hlc3QvNjcyMBGGD2h0dHA6Ly94ZXN0 ++LzY3MzARhg9odHRwOi8veGVzdC82NzQwEYYPaHR0cDovL3hlc3QvNjc1MBGGD2h0 ++dHA6Ly94ZXN0LzY3NjARhg9odHRwOi8veGVzdC82NzcwEYYPaHR0cDovL3hlc3Qv ++Njc4MBGGD2h0dHA6Ly94ZXN0LzY3OTARhg9odHRwOi8veGVzdC82ODAwEYYPaHR0 ++cDovL3hlc3QvNjgxMBGGD2h0dHA6Ly94ZXN0LzY4MjARhg9odHRwOi8veGVzdC82 ++ODMwEYYPaHR0cDovL3hlc3QvNjg0MBGGD2h0dHA6Ly94ZXN0LzY4NTARhg9odHRw ++Oi8veGVzdC82ODYwEYYPaHR0cDovL3hlc3QvNjg3MBGGD2h0dHA6Ly94ZXN0LzY4 ++ODARhg9odHRwOi8veGVzdC82ODkwEYYPaHR0cDovL3hlc3QvNjkwMBGGD2h0dHA6 ++Ly94ZXN0LzY5MTARhg9odHRwOi8veGVzdC82OTIwEYYPaHR0cDovL3hlc3QvNjkz ++MBGGD2h0dHA6Ly94ZXN0LzY5NDARhg9odHRwOi8veGVzdC82OTUwEYYPaHR0cDov ++L3hlc3QvNjk2MBGGD2h0dHA6Ly94ZXN0LzY5NzARhg9odHRwOi8veGVzdC82OTgw ++EYYPaHR0cDovL3hlc3QvNjk5MBGGD2h0dHA6Ly94ZXN0LzcwMDARhg9odHRwOi8v ++eGVzdC83MDEwEYYPaHR0cDovL3hlc3QvNzAyMBGGD2h0dHA6Ly94ZXN0LzcwMzAR ++hg9odHRwOi8veGVzdC83MDQwEYYPaHR0cDovL3hlc3QvNzA1MBGGD2h0dHA6Ly94 ++ZXN0LzcwNjARhg9odHRwOi8veGVzdC83MDcwEYYPaHR0cDovL3hlc3QvNzA4MBGG ++D2h0dHA6Ly94ZXN0LzcwOTARhg9odHRwOi8veGVzdC83MTAwEYYPaHR0cDovL3hl ++c3QvNzExMBGGD2h0dHA6Ly94ZXN0LzcxMjARhg9odHRwOi8veGVzdC83MTMwEYYP ++aHR0cDovL3hlc3QvNzE0MBGGD2h0dHA6Ly94ZXN0LzcxNTARhg9odHRwOi8veGVz ++dC83MTYwEYYPaHR0cDovL3hlc3QvNzE3MBGGD2h0dHA6Ly94ZXN0LzcxODARhg9o ++dHRwOi8veGVzdC83MTkwEYYPaHR0cDovL3hlc3QvNzIwMBGGD2h0dHA6Ly94ZXN0 ++LzcyMTARhg9odHRwOi8veGVzdC83MjIwEYYPaHR0cDovL3hlc3QvNzIzMBGGD2h0 ++dHA6Ly94ZXN0LzcyNDARhg9odHRwOi8veGVzdC83MjUwEYYPaHR0cDovL3hlc3Qv ++NzI2MBGGD2h0dHA6Ly94ZXN0LzcyNzARhg9odHRwOi8veGVzdC83MjgwEYYPaHR0 ++cDovL3hlc3QvNzI5MBGGD2h0dHA6Ly94ZXN0LzczMDARhg9odHRwOi8veGVzdC83 ++MzEwEYYPaHR0cDovL3hlc3QvNzMyMBGGD2h0dHA6Ly94ZXN0LzczMzARhg9odHRw ++Oi8veGVzdC83MzQwEYYPaHR0cDovL3hlc3QvNzM1MBGGD2h0dHA6Ly94ZXN0Lzcz ++NjARhg9odHRwOi8veGVzdC83MzcwEYYPaHR0cDovL3hlc3QvNzM4MBGGD2h0dHA6 ++Ly94ZXN0LzczOTARhg9odHRwOi8veGVzdC83NDAwEYYPaHR0cDovL3hlc3QvNzQx ++MBGGD2h0dHA6Ly94ZXN0Lzc0MjARhg9odHRwOi8veGVzdC83NDMwEYYPaHR0cDov ++L3hlc3QvNzQ0MBGGD2h0dHA6Ly94ZXN0Lzc0NTARhg9odHRwOi8veGVzdC83NDYw ++EYYPaHR0cDovL3hlc3QvNzQ3MBGGD2h0dHA6Ly94ZXN0Lzc0ODARhg9odHRwOi8v ++eGVzdC83NDkwEYYPaHR0cDovL3hlc3QvNzUwMBGGD2h0dHA6Ly94ZXN0Lzc1MTAR ++hg9odHRwOi8veGVzdC83NTIwEYYPaHR0cDovL3hlc3QvNzUzMBGGD2h0dHA6Ly94 ++ZXN0Lzc1NDARhg9odHRwOi8veGVzdC83NTUwEYYPaHR0cDovL3hlc3QvNzU2MBGG ++D2h0dHA6Ly94ZXN0Lzc1NzARhg9odHRwOi8veGVzdC83NTgwEYYPaHR0cDovL3hl ++c3QvNzU5MBGGD2h0dHA6Ly94ZXN0Lzc2MDARhg9odHRwOi8veGVzdC83NjEwEYYP ++aHR0cDovL3hlc3QvNzYyMBGGD2h0dHA6Ly94ZXN0Lzc2MzARhg9odHRwOi8veGVz ++dC83NjQwEYYPaHR0cDovL3hlc3QvNzY1MBGGD2h0dHA6Ly94ZXN0Lzc2NjARhg9o ++dHRwOi8veGVzdC83NjcwEYYPaHR0cDovL3hlc3QvNzY4MBGGD2h0dHA6Ly94ZXN0 ++Lzc2OTARhg9odHRwOi8veGVzdC83NzAwEYYPaHR0cDovL3hlc3QvNzcxMBGGD2h0 ++dHA6Ly94ZXN0Lzc3MjARhg9odHRwOi8veGVzdC83NzMwEYYPaHR0cDovL3hlc3Qv ++Nzc0MBGGD2h0dHA6Ly94ZXN0Lzc3NTARhg9odHRwOi8veGVzdC83NzYwEYYPaHR0 ++cDovL3hlc3QvNzc3MBGGD2h0dHA6Ly94ZXN0Lzc3ODARhg9odHRwOi8veGVzdC83 ++NzkwEYYPaHR0cDovL3hlc3QvNzgwMBGGD2h0dHA6Ly94ZXN0Lzc4MTARhg9odHRw ++Oi8veGVzdC83ODIwEYYPaHR0cDovL3hlc3QvNzgzMBGGD2h0dHA6Ly94ZXN0Lzc4 ++NDARhg9odHRwOi8veGVzdC83ODUwEYYPaHR0cDovL3hlc3QvNzg2MBGGD2h0dHA6 ++Ly94ZXN0Lzc4NzARhg9odHRwOi8veGVzdC83ODgwEYYPaHR0cDovL3hlc3QvNzg5 ++MBGGD2h0dHA6Ly94ZXN0Lzc5MDARhg9odHRwOi8veGVzdC83OTEwEYYPaHR0cDov ++L3hlc3QvNzkyMBGGD2h0dHA6Ly94ZXN0Lzc5MzARhg9odHRwOi8veGVzdC83OTQw ++EYYPaHR0cDovL3hlc3QvNzk1MBGGD2h0dHA6Ly94ZXN0Lzc5NjARhg9odHRwOi8v ++eGVzdC83OTcwEYYPaHR0cDovL3hlc3QvNzk4MBGGD2h0dHA6Ly94ZXN0Lzc5OTAR ++hg9odHRwOi8veGVzdC84MDAwEYYPaHR0cDovL3hlc3QvODAxMBGGD2h0dHA6Ly94 ++ZXN0LzgwMjARhg9odHRwOi8veGVzdC84MDMwEYYPaHR0cDovL3hlc3QvODA0MBGG ++D2h0dHA6Ly94ZXN0LzgwNTARhg9odHRwOi8veGVzdC84MDYwEYYPaHR0cDovL3hl ++c3QvODA3MBGGD2h0dHA6Ly94ZXN0LzgwODARhg9odHRwOi8veGVzdC84MDkwEYYP ++aHR0cDovL3hlc3QvODEwMBGGD2h0dHA6Ly94ZXN0LzgxMTARhg9odHRwOi8veGVz ++dC84MTIwEYYPaHR0cDovL3hlc3QvODEzMBGGD2h0dHA6Ly94ZXN0LzgxNDARhg9o ++dHRwOi8veGVzdC84MTUwEYYPaHR0cDovL3hlc3QvODE2MBGGD2h0dHA6Ly94ZXN0 ++LzgxNzARhg9odHRwOi8veGVzdC84MTgwEYYPaHR0cDovL3hlc3QvODE5MBGGD2h0 ++dHA6Ly94ZXN0LzgyMDARhg9odHRwOi8veGVzdC84MjEwEYYPaHR0cDovL3hlc3Qv ++ODIyMBGGD2h0dHA6Ly94ZXN0LzgyMzARhg9odHRwOi8veGVzdC84MjQwEYYPaHR0 ++cDovL3hlc3QvODI1MBGGD2h0dHA6Ly94ZXN0LzgyNjARhg9odHRwOi8veGVzdC84 ++MjcwEYYPaHR0cDovL3hlc3QvODI4MBGGD2h0dHA6Ly94ZXN0LzgyOTARhg9odHRw ++Oi8veGVzdC84MzAwEYYPaHR0cDovL3hlc3QvODMxMBGGD2h0dHA6Ly94ZXN0Lzgz ++MjARhg9odHRwOi8veGVzdC84MzMwEYYPaHR0cDovL3hlc3QvODM0MBGGD2h0dHA6 ++Ly94ZXN0LzgzNTARhg9odHRwOi8veGVzdC84MzYwEYYPaHR0cDovL3hlc3QvODM3 ++MBGGD2h0dHA6Ly94ZXN0LzgzODARhg9odHRwOi8veGVzdC84MzkwEYYPaHR0cDov ++L3hlc3QvODQwMBGGD2h0dHA6Ly94ZXN0Lzg0MTARhg9odHRwOi8veGVzdC84NDIw ++EYYPaHR0cDovL3hlc3QvODQzMBGGD2h0dHA6Ly94ZXN0Lzg0NDARhg9odHRwOi8v ++eGVzdC84NDUwEYYPaHR0cDovL3hlc3QvODQ2MBGGD2h0dHA6Ly94ZXN0Lzg0NzAR ++hg9odHRwOi8veGVzdC84NDgwEYYPaHR0cDovL3hlc3QvODQ5MBGGD2h0dHA6Ly94 ++ZXN0Lzg1MDARhg9odHRwOi8veGVzdC84NTEwEYYPaHR0cDovL3hlc3QvODUyMBGG ++D2h0dHA6Ly94ZXN0Lzg1MzARhg9odHRwOi8veGVzdC84NTQwEYYPaHR0cDovL3hl ++c3QvODU1MBGGD2h0dHA6Ly94ZXN0Lzg1NjARhg9odHRwOi8veGVzdC84NTcwEYYP ++aHR0cDovL3hlc3QvODU4MBGGD2h0dHA6Ly94ZXN0Lzg1OTARhg9odHRwOi8veGVz ++dC84NjAwEYYPaHR0cDovL3hlc3QvODYxMBGGD2h0dHA6Ly94ZXN0Lzg2MjARhg9o ++dHRwOi8veGVzdC84NjMwEYYPaHR0cDovL3hlc3QvODY0MBGGD2h0dHA6Ly94ZXN0 ++Lzg2NTARhg9odHRwOi8veGVzdC84NjYwEYYPaHR0cDovL3hlc3QvODY3MBGGD2h0 ++dHA6Ly94ZXN0Lzg2ODARhg9odHRwOi8veGVzdC84NjkwEYYPaHR0cDovL3hlc3Qv ++ODcwMBGGD2h0dHA6Ly94ZXN0Lzg3MTARhg9odHRwOi8veGVzdC84NzIwEYYPaHR0 ++cDovL3hlc3QvODczMBGGD2h0dHA6Ly94ZXN0Lzg3NDARhg9odHRwOi8veGVzdC84 ++NzUwEYYPaHR0cDovL3hlc3QvODc2MBGGD2h0dHA6Ly94ZXN0Lzg3NzARhg9odHRw ++Oi8veGVzdC84NzgwEYYPaHR0cDovL3hlc3QvODc5MBGGD2h0dHA6Ly94ZXN0Lzg4 ++MDARhg9odHRwOi8veGVzdC84ODEwEYYPaHR0cDovL3hlc3QvODgyMBGGD2h0dHA6 ++Ly94ZXN0Lzg4MzARhg9odHRwOi8veGVzdC84ODQwEYYPaHR0cDovL3hlc3QvODg1 ++MBGGD2h0dHA6Ly94ZXN0Lzg4NjARhg9odHRwOi8veGVzdC84ODcwEYYPaHR0cDov ++L3hlc3QvODg4MBGGD2h0dHA6Ly94ZXN0Lzg4OTARhg9odHRwOi8veGVzdC84OTAw ++EYYPaHR0cDovL3hlc3QvODkxMBGGD2h0dHA6Ly94ZXN0Lzg5MjARhg9odHRwOi8v ++eGVzdC84OTMwEYYPaHR0cDovL3hlc3QvODk0MBGGD2h0dHA6Ly94ZXN0Lzg5NTAR ++hg9odHRwOi8veGVzdC84OTYwEYYPaHR0cDovL3hlc3QvODk3MBGGD2h0dHA6Ly94 ++ZXN0Lzg5ODARhg9odHRwOi8veGVzdC84OTkwEYYPaHR0cDovL3hlc3QvOTAwMBGG ++D2h0dHA6Ly94ZXN0LzkwMTARhg9odHRwOi8veGVzdC85MDIwEYYPaHR0cDovL3hl ++c3QvOTAzMBGGD2h0dHA6Ly94ZXN0LzkwNDARhg9odHRwOi8veGVzdC85MDUwEYYP ++aHR0cDovL3hlc3QvOTA2MBGGD2h0dHA6Ly94ZXN0LzkwNzARhg9odHRwOi8veGVz ++dC85MDgwEYYPaHR0cDovL3hlc3QvOTA5MBGGD2h0dHA6Ly94ZXN0LzkxMDARhg9o ++dHRwOi8veGVzdC85MTEwEYYPaHR0cDovL3hlc3QvOTEyMBGGD2h0dHA6Ly94ZXN0 ++LzkxMzARhg9odHRwOi8veGVzdC85MTQwEYYPaHR0cDovL3hlc3QvOTE1MBGGD2h0 ++dHA6Ly94ZXN0LzkxNjARhg9odHRwOi8veGVzdC85MTcwEYYPaHR0cDovL3hlc3Qv ++OTE4MBGGD2h0dHA6Ly94ZXN0LzkxOTARhg9odHRwOi8veGVzdC85MjAwEYYPaHR0 ++cDovL3hlc3QvOTIxMBGGD2h0dHA6Ly94ZXN0LzkyMjARhg9odHRwOi8veGVzdC85 ++MjMwEYYPaHR0cDovL3hlc3QvOTI0MBGGD2h0dHA6Ly94ZXN0LzkyNTARhg9odHRw ++Oi8veGVzdC85MjYwEYYPaHR0cDovL3hlc3QvOTI3MBGGD2h0dHA6Ly94ZXN0Lzky ++ODARhg9odHRwOi8veGVzdC85MjkwEYYPaHR0cDovL3hlc3QvOTMwMBGGD2h0dHA6 ++Ly94ZXN0LzkzMTARhg9odHRwOi8veGVzdC85MzIwEYYPaHR0cDovL3hlc3QvOTMz ++MBGGD2h0dHA6Ly94ZXN0LzkzNDARhg9odHRwOi8veGVzdC85MzUwEYYPaHR0cDov ++L3hlc3QvOTM2MBGGD2h0dHA6Ly94ZXN0LzkzNzARhg9odHRwOi8veGVzdC85Mzgw ++EYYPaHR0cDovL3hlc3QvOTM5MBGGD2h0dHA6Ly94ZXN0Lzk0MDARhg9odHRwOi8v ++eGVzdC85NDEwEYYPaHR0cDovL3hlc3QvOTQyMBGGD2h0dHA6Ly94ZXN0Lzk0MzAR ++hg9odHRwOi8veGVzdC85NDQwEYYPaHR0cDovL3hlc3QvOTQ1MBGGD2h0dHA6Ly94 ++ZXN0Lzk0NjARhg9odHRwOi8veGVzdC85NDcwEYYPaHR0cDovL3hlc3QvOTQ4MBGG ++D2h0dHA6Ly94ZXN0Lzk0OTARhg9odHRwOi8veGVzdC85NTAwEYYPaHR0cDovL3hl ++c3QvOTUxMBGGD2h0dHA6Ly94ZXN0Lzk1MjARhg9odHRwOi8veGVzdC85NTMwEYYP ++aHR0cDovL3hlc3QvOTU0MBGGD2h0dHA6Ly94ZXN0Lzk1NTARhg9odHRwOi8veGVz ++dC85NTYwEYYPaHR0cDovL3hlc3QvOTU3MBGGD2h0dHA6Ly94ZXN0Lzk1ODARhg9o ++dHRwOi8veGVzdC85NTkwEYYPaHR0cDovL3hlc3QvOTYwMBGGD2h0dHA6Ly94ZXN0 ++Lzk2MTARhg9odHRwOi8veGVzdC85NjIwEYYPaHR0cDovL3hlc3QvOTYzMBGGD2h0 ++dHA6Ly94ZXN0Lzk2NDARhg9odHRwOi8veGVzdC85NjUwEYYPaHR0cDovL3hlc3Qv ++OTY2MBGGD2h0dHA6Ly94ZXN0Lzk2NzARhg9odHRwOi8veGVzdC85NjgwEYYPaHR0 ++cDovL3hlc3QvOTY5MBGGD2h0dHA6Ly94ZXN0Lzk3MDARhg9odHRwOi8veGVzdC85 ++NzEwEYYPaHR0cDovL3hlc3QvOTcyMBGGD2h0dHA6Ly94ZXN0Lzk3MzARhg9odHRw ++Oi8veGVzdC85NzQwEYYPaHR0cDovL3hlc3QvOTc1MBGGD2h0dHA6Ly94ZXN0Lzk3 ++NjARhg9odHRwOi8veGVzdC85NzcwEYYPaHR0cDovL3hlc3QvOTc4MBGGD2h0dHA6 ++Ly94ZXN0Lzk3OTARhg9odHRwOi8veGVzdC85ODAwEYYPaHR0cDovL3hlc3QvOTgx ++MBGGD2h0dHA6Ly94ZXN0Lzk4MjARhg9odHRwOi8veGVzdC85ODMwEYYPaHR0cDov ++L3hlc3QvOTg0MBGGD2h0dHA6Ly94ZXN0Lzk4NTARhg9odHRwOi8veGVzdC85ODYw ++EYYPaHR0cDovL3hlc3QvOTg3MBGGD2h0dHA6Ly94ZXN0Lzk4ODARhg9odHRwOi8v ++eGVzdC85ODkwEYYPaHR0cDovL3hlc3QvOTkwMBGGD2h0dHA6Ly94ZXN0Lzk5MTAR ++hg9odHRwOi8veGVzdC85OTIwEYYPaHR0cDovL3hlc3QvOTkzMBGGD2h0dHA6Ly94 ++ZXN0Lzk5NDARhg9odHRwOi8veGVzdC85OTUwEYYPaHR0cDovL3hlc3QvOTk2MBGG ++D2h0dHA6Ly94ZXN0Lzk5NzARhg9odHRwOi8veGVzdC85OTgwEYYPaHR0cDovL3hl ++c3QvOTk5MBKGEGh0dHA6Ly94ZXN0LzEwMDAwEoYQaHR0cDovL3hlc3QvMTAwMTAS ++hhBodHRwOi8veGVzdC8xMDAyMBKGEGh0dHA6Ly94ZXN0LzEwMDMwEoYQaHR0cDov ++L3hlc3QvMTAwNDAShhBodHRwOi8veGVzdC8xMDA1MBKGEGh0dHA6Ly94ZXN0LzEw ++MDYwEoYQaHR0cDovL3hlc3QvMTAwNzAShhBodHRwOi8veGVzdC8xMDA4MBKGEGh0 ++dHA6Ly94ZXN0LzEwMDkwEoYQaHR0cDovL3hlc3QvMTAxMDAShhBodHRwOi8veGVz ++dC8xMDExMBKGEGh0dHA6Ly94ZXN0LzEwMTIwEoYQaHR0cDovL3hlc3QvMTAxMzAS ++hhBodHRwOi8veGVzdC8xMDE0MBKGEGh0dHA6Ly94ZXN0LzEwMTUwEoYQaHR0cDov ++L3hlc3QvMTAxNjAShhBodHRwOi8veGVzdC8xMDE3MBKGEGh0dHA6Ly94ZXN0LzEw ++MTgwEoYQaHR0cDovL3hlc3QvMTAxOTAShhBodHRwOi8veGVzdC8xMDIwMBKGEGh0 ++dHA6Ly94ZXN0LzEwMjEwEoYQaHR0cDovL3hlc3QvMTAyMjAShhBodHRwOi8veGVz ++dC8xMDIzMBKGEGh0dHA6Ly94ZXN0LzEwMjQwDQYJKoZIhvcNAQELBQADggEBADeo ++vuQDYmMVsP6+SX8iXnr4tDMM/jtBDJncvbCjDDpUQidiGBWv5tWRYxcdGz/K9i4v ++bnFeZoYnaZExXTWF1EZ3aUVQBZy8ObgP0JamZQLTgFOsWJzz7CcnsjNEURd5kOqx ++VzL34FikmWR4VWEW01FizyYCjX3fLdjD0gBeA0l4ILd4np62VulITcVa6ijoFnBK ++ObsdiEBa/WeCc/PG8untcIPecj99CC8aQ03JsunO5kOpdCXNupXNUZfLVtTm5tlp ++Cl9IFyo7Qayl7B8wybLxaI+hDx59nuO+u43LbkFqFnpI9awUaffeY/yUgOdi2uaZ ++Eq3x0l12a8MRblVdfuw= + -----END CERTIFICATE----- + + Certificate: +@@ -7024,7 +5009,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.pem b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.pem +deleted file mode 100644 +index 54901d92e5ce8..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.pem ++++ /dev/null +@@ -1,8708 +0,0 @@ +-[Created by: generate-chains.py] +- +-A chain containing a large number of name constraints and names, +-but of different types, thus not triggering the limit. +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:de +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Intermediate +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=t0 +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: +- 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: +- a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: +- ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: +- e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: +- 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: +- 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: +- 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: +- 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: +- 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: +- 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: +- 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: +- 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: +- 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: +- ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: +- 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: +- 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: +- 52:bd +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF +- X509v3 Authority Key Identifier: +- keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Intermediate.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Intermediate.crl +- +- X509v3 Key Usage: critical +- Digital Signature, Key Encipherment +- X509v3 Extended Key Usage: +- TLS Web Server Authentication, TLS Web Client Authentication +- X509v3 Subject Alternative Name: +- DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023, DirName:/CN=t1024 +- Signature Algorithm: sha256WithRSAEncryption +- 29:33:a7:c0:47:2d:36:80:2a:45:44:f6:f8:5c:57:01:4e:0c: +- 1b:d2:82:ea:77:ad:54:0e:7f:27:71:2a:2b:53:29:8b:a8:50: +- 0a:8d:bb:b5:17:cf:34:4a:c6:2e:12:a4:3d:e5:4a:9a:9b:87: +- d5:18:b8:5e:a3:a6:24:1a:df:fa:54:c3:28:65:7f:17:6b:8e: +- 3a:bc:39:67:28:89:36:8d:13:62:00:76:d1:96:0d:65:1f:6b: +- db:18:01:40:b8:c4:d1:01:d5:16:ae:ff:1c:89:7e:7a:e9:8a: +- c4:52:dd:b4:92:45:a2:5e:3c:85:44:e8:51:39:39:c1:47:fe: +- 07:4e:66:94:40:fa:41:43:25:e0:f1:35:b5:e2:76:fe:eb:48: +- ca:e6:d4:0a:5f:a0:d3:47:9d:67:a5:be:01:df:65:d2:5d:3c: +- 5f:f3:54:f3:95:eb:20:86:ff:8f:b1:d6:36:54:b9:f1:f4:08: +- e6:b5:e8:e2:8d:4b:7b:80:57:ec:87:ef:83:f0:c2:87:cb:2e: +- 8e:0e:16:24:65:51:f1:0c:82:be:d1:99:b1:c6:07:39:2f:81: +- e9:c3:8b:62:41:41:f1:84:84:d7:c8:8b:95:16:77:1b:c0:92: +- f4:35:13:d9:34:4a:b4:b3:1e:1d:d8:69:72:d9:2c:d1:7f:80: +- b0:e5:57:5d +------BEGIN CERTIFICATE----- +-MIJPbDCCTlSgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY3jANBgkqhkiG9w0BAQsF +-ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +-MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +-ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +-P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +-B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +-Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +-QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +-4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTLkwgky1MB0GA1UdDgQW +-BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +-8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +-Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +-Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgkvLBgNVHREEgkvCMIJLvqQP +-MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +-MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +-DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +-VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +-MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +-pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +-AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +-MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +-pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +-AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +-MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +-pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +-AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +-MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +-pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +-AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +-MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +-pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +-AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +-MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +-pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +-AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +-MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +-pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +-AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +-MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +-pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +-AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +-MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +-pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +-AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +-MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +-pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +-AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +-MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +-pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +-AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +-MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +-MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +-BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +-NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +-A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +-pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +-VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +-ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +-BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +-MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +-AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +-DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +-DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +-MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +-BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +-DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +-dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +-MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +-MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +-CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +-NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +-BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +-NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +-A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +-pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +-VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +-ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +-BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +-MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +-AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +-DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +-DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +-MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +-BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +-DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +-dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +-MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +-MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +-CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +-OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +-BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +-MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +-A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +-pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +-VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +-ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +-BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +-MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +-AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +-DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +-DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +-MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +-BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +-DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +-dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +-MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +-MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +-CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +-NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +-BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +-MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +-A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +-pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +-VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +-ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +-BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +-MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +-AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +-DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +-DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +-MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +-BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +-DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +-dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +-MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +-Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +-CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +-OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +-BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +-OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +-A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +-pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +-VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +-ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +-BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +-MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +-AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +-DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +-DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +-MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +-BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +-DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +-dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +-MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +-MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +-CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +-NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +-BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +-NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +-A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +-pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +-VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +-ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +-BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +-MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +-AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +-DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +-DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +-MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +-BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +-DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +-dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +-MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +-Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +-CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +-ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +-BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +-NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +-A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +-pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +-VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +-ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +-BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +-MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +-AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +-DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +-DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +-MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +-BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +-DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +-dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +-MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +-NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +-CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +-MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +-BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +-MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +-A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +-pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +-VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +-ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +-BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +-MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +-AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +-DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +-DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +-MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +-BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +-DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +-dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +-MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +-NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +-CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +-ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +-BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +-MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +-A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +-pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +-VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +-ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +-BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +-MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +-AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +-DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +-DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +-MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +-BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +-DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +-dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +-MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +-NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +-CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +-MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +-BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +-OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +-A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +-pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +-VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +-ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +-BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +-MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +-AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +-DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +-DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +-MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +-BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +-DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +-dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +-MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +-NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +-CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +-ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +-BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +-NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +-A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +-pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +-VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +-ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +-BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +-MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +-AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +-DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +-DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +-MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +-BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +-DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +-dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +-MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +-NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +-CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +-MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +-BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +-NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +-A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +-pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +-VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +-ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +-BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +-MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +-AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +-DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +-DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +-MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +-BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +-DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +-dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +-MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +-NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +-CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +-NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +-BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +-MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +-A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +-pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +-VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +-ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +-BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +-MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +-AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +-DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +-DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +-MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +-BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +-DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +-dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +-MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +-NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +-CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +-MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +-BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +-MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +-A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +-pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +-VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +-ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +-BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +-MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +-AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +-DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +-DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +-MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +-BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +-DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +-dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +-MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +-NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +-CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +-NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +-BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +-OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +-A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +-pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +-VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +-ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +-BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +-MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +-AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +-DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +-DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +-MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +-BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +-DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +-dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +-MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +-ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +-CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +-MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +-BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +-NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +-A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +-pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +-VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +-ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +-BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +-MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +-AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +-DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +-DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +-MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +-BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +-DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +-dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +-MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +-ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +-CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +-NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +-BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +-NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +-A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +-pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +-VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +-ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +-BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +-MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +-AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +-DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +-DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +-MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +-BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +-DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +-dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +-MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +-OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +-CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +-MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +-BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +-MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +-A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +-pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +-VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +-ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +-BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +-MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +-AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +-DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +-DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +-MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +-BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +-DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +-dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +-MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +-OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +-CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +-NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +-BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +-MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +-A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +-pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +-VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +-ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +-BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +-MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +-AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +-DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +-DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +-MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +-BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +-MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +-AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +-pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +-BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +-MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +-MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +-AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +-pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +-BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +-MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzpBIwEDEOMAwGA1UEAwwFdDEwMjQwDQYJ +-KoZIhvcNAQELBQADggEBACkzp8BHLTaAKkVE9vhcVwFODBvSgup3rVQOfydxKitT +-KYuoUAqNu7UXzzRKxi4SpD3lSpqbh9UYuF6jpiQa3/pUwyhlfxdrjjq8OWcoiTaN +-E2IAdtGWDWUfa9sYAUC4xNEB1Rau/xyJfnrpisRS3bSSRaJePIVE6FE5OcFH/gdO +-ZpRA+kFDJeDxNbXidv7rSMrm1ApfoNNHnWelvgHfZdJdPF/zVPOV6yCG/4+x1jZU +-ufH0COa16OKNS3uAV+yH74PwwofLLo4OFiRlUfEMgr7RmbHGBzkvgenDi2JBQfGE +-hNfIi5UWdxvAkvQ1E9k0SrSzHh3YaXLZLNF/gLDlV10= +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f7:00 +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Intermediate +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: +- 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: +- 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: +- 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: +- d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: +- 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: +- 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: +- 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: +- d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: +- 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: +- 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: +- ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: +- da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: +- d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: +- 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: +- bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: +- 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: +- 86:65 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- X509v3 Name Constraints: +- Permitted: +- DNS:t0.test +- DNS:t1.test +- DNS:t2.test +- DNS:t3.test +- DNS:t4.test +- DNS:t5.test +- DNS:t6.test +- DNS:t7.test +- DNS:t8.test +- DNS:t9.test +- DNS:t10.test +- DNS:t11.test +- DNS:t12.test +- DNS:t13.test +- DNS:t14.test +- DNS:t15.test +- DNS:t16.test +- DNS:t17.test +- DNS:t18.test +- DNS:t19.test +- DNS:t20.test +- DNS:t21.test +- DNS:t22.test +- DNS:t23.test +- DNS:t24.test +- DNS:t25.test +- DNS:t26.test +- DNS:t27.test +- DNS:t28.test +- DNS:t29.test +- DNS:t30.test +- DNS:t31.test +- DNS:t32.test +- DNS:t33.test +- DNS:t34.test +- DNS:t35.test +- DNS:t36.test +- DNS:t37.test +- DNS:t38.test +- DNS:t39.test +- DNS:t40.test +- DNS:t41.test +- DNS:t42.test +- DNS:t43.test +- DNS:t44.test +- DNS:t45.test +- DNS:t46.test +- DNS:t47.test +- DNS:t48.test +- DNS:t49.test +- DNS:t50.test +- DNS:t51.test +- DNS:t52.test +- DNS:t53.test +- DNS:t54.test +- DNS:t55.test +- DNS:t56.test +- DNS:t57.test +- DNS:t58.test +- DNS:t59.test +- DNS:t60.test +- DNS:t61.test +- DNS:t62.test +- DNS:t63.test +- DNS:t64.test +- DNS:t65.test +- DNS:t66.test +- DNS:t67.test +- DNS:t68.test +- DNS:t69.test +- DNS:t70.test +- DNS:t71.test +- DNS:t72.test +- DNS:t73.test +- DNS:t74.test +- DNS:t75.test +- DNS:t76.test +- DNS:t77.test +- DNS:t78.test +- DNS:t79.test +- DNS:t80.test +- DNS:t81.test +- DNS:t82.test +- DNS:t83.test +- DNS:t84.test +- DNS:t85.test +- DNS:t86.test +- DNS:t87.test +- DNS:t88.test +- DNS:t89.test +- DNS:t90.test +- DNS:t91.test +- DNS:t92.test +- DNS:t93.test +- DNS:t94.test +- DNS:t95.test +- DNS:t96.test +- DNS:t97.test +- DNS:t98.test +- DNS:t99.test +- DNS:t100.test +- DNS:t101.test +- DNS:t102.test +- DNS:t103.test +- DNS:t104.test +- DNS:t105.test +- DNS:t106.test +- DNS:t107.test +- DNS:t108.test +- DNS:t109.test +- DNS:t110.test +- DNS:t111.test +- DNS:t112.test +- DNS:t113.test +- DNS:t114.test +- DNS:t115.test +- DNS:t116.test +- DNS:t117.test +- DNS:t118.test +- DNS:t119.test +- DNS:t120.test +- DNS:t121.test +- DNS:t122.test +- DNS:t123.test +- DNS:t124.test +- DNS:t125.test +- DNS:t126.test +- DNS:t127.test +- DNS:t128.test +- DNS:t129.test +- DNS:t130.test +- DNS:t131.test +- DNS:t132.test +- DNS:t133.test +- DNS:t134.test +- DNS:t135.test +- DNS:t136.test +- DNS:t137.test +- DNS:t138.test +- DNS:t139.test +- DNS:t140.test +- DNS:t141.test +- DNS:t142.test +- DNS:t143.test +- DNS:t144.test +- DNS:t145.test +- DNS:t146.test +- DNS:t147.test +- DNS:t148.test +- DNS:t149.test +- DNS:t150.test +- DNS:t151.test +- DNS:t152.test +- DNS:t153.test +- DNS:t154.test +- DNS:t155.test +- DNS:t156.test +- DNS:t157.test +- DNS:t158.test +- DNS:t159.test +- DNS:t160.test +- DNS:t161.test +- DNS:t162.test +- DNS:t163.test +- DNS:t164.test +- DNS:t165.test +- DNS:t166.test +- DNS:t167.test +- DNS:t168.test +- DNS:t169.test +- DNS:t170.test +- DNS:t171.test +- DNS:t172.test +- DNS:t173.test +- DNS:t174.test +- DNS:t175.test +- DNS:t176.test +- DNS:t177.test +- DNS:t178.test +- DNS:t179.test +- DNS:t180.test +- DNS:t181.test +- DNS:t182.test +- DNS:t183.test +- DNS:t184.test +- DNS:t185.test +- DNS:t186.test +- DNS:t187.test +- DNS:t188.test +- DNS:t189.test +- DNS:t190.test +- DNS:t191.test +- DNS:t192.test +- DNS:t193.test +- DNS:t194.test +- DNS:t195.test +- DNS:t196.test +- DNS:t197.test +- DNS:t198.test +- DNS:t199.test +- DNS:t200.test +- DNS:t201.test +- DNS:t202.test +- DNS:t203.test +- DNS:t204.test +- DNS:t205.test +- DNS:t206.test +- DNS:t207.test +- DNS:t208.test +- DNS:t209.test +- DNS:t210.test +- DNS:t211.test +- DNS:t212.test +- DNS:t213.test +- DNS:t214.test +- DNS:t215.test +- DNS:t216.test +- DNS:t217.test +- DNS:t218.test +- DNS:t219.test +- DNS:t220.test +- DNS:t221.test +- DNS:t222.test +- DNS:t223.test +- DNS:t224.test +- DNS:t225.test +- DNS:t226.test +- DNS:t227.test +- DNS:t228.test +- DNS:t229.test +- DNS:t230.test +- DNS:t231.test +- DNS:t232.test +- DNS:t233.test +- DNS:t234.test +- DNS:t235.test +- DNS:t236.test +- DNS:t237.test +- DNS:t238.test +- DNS:t239.test +- DNS:t240.test +- DNS:t241.test +- DNS:t242.test +- DNS:t243.test +- DNS:t244.test +- DNS:t245.test +- DNS:t246.test +- DNS:t247.test +- DNS:t248.test +- DNS:t249.test +- DNS:t250.test +- DNS:t251.test +- DNS:t252.test +- DNS:t253.test +- DNS:t254.test +- DNS:t255.test +- DNS:t256.test +- DNS:t257.test +- DNS:t258.test +- DNS:t259.test +- DNS:t260.test +- DNS:t261.test +- DNS:t262.test +- DNS:t263.test +- DNS:t264.test +- DNS:t265.test +- DNS:t266.test +- DNS:t267.test +- DNS:t268.test +- DNS:t269.test +- DNS:t270.test +- DNS:t271.test +- DNS:t272.test +- DNS:t273.test +- DNS:t274.test +- DNS:t275.test +- DNS:t276.test +- DNS:t277.test +- DNS:t278.test +- DNS:t279.test +- DNS:t280.test +- DNS:t281.test +- DNS:t282.test +- DNS:t283.test +- DNS:t284.test +- DNS:t285.test +- DNS:t286.test +- DNS:t287.test +- DNS:t288.test +- DNS:t289.test +- DNS:t290.test +- DNS:t291.test +- DNS:t292.test +- DNS:t293.test +- DNS:t294.test +- DNS:t295.test +- DNS:t296.test +- DNS:t297.test +- DNS:t298.test +- DNS:t299.test +- DNS:t300.test +- DNS:t301.test +- DNS:t302.test +- DNS:t303.test +- DNS:t304.test +- DNS:t305.test +- DNS:t306.test +- DNS:t307.test +- DNS:t308.test +- DNS:t309.test +- DNS:t310.test +- DNS:t311.test +- DNS:t312.test +- DNS:t313.test +- DNS:t314.test +- DNS:t315.test +- DNS:t316.test +- DNS:t317.test +- DNS:t318.test +- DNS:t319.test +- DNS:t320.test +- DNS:t321.test +- DNS:t322.test +- DNS:t323.test +- DNS:t324.test +- DNS:t325.test +- DNS:t326.test +- DNS:t327.test +- DNS:t328.test +- DNS:t329.test +- DNS:t330.test +- DNS:t331.test +- DNS:t332.test +- DNS:t333.test +- DNS:t334.test +- DNS:t335.test +- DNS:t336.test +- DNS:t337.test +- DNS:t338.test +- DNS:t339.test +- DNS:t340.test +- DNS:t341.test +- DNS:t342.test +- DNS:t343.test +- DNS:t344.test +- DNS:t345.test +- DNS:t346.test +- DNS:t347.test +- DNS:t348.test +- DNS:t349.test +- DNS:t350.test +- DNS:t351.test +- DNS:t352.test +- DNS:t353.test +- DNS:t354.test +- DNS:t355.test +- DNS:t356.test +- DNS:t357.test +- DNS:t358.test +- DNS:t359.test +- DNS:t360.test +- DNS:t361.test +- DNS:t362.test +- DNS:t363.test +- DNS:t364.test +- DNS:t365.test +- DNS:t366.test +- DNS:t367.test +- DNS:t368.test +- DNS:t369.test +- DNS:t370.test +- DNS:t371.test +- DNS:t372.test +- DNS:t373.test +- DNS:t374.test +- DNS:t375.test +- DNS:t376.test +- DNS:t377.test +- DNS:t378.test +- DNS:t379.test +- DNS:t380.test +- DNS:t381.test +- DNS:t382.test +- DNS:t383.test +- DNS:t384.test +- DNS:t385.test +- DNS:t386.test +- DNS:t387.test +- DNS:t388.test +- DNS:t389.test +- DNS:t390.test +- DNS:t391.test +- DNS:t392.test +- DNS:t393.test +- DNS:t394.test +- DNS:t395.test +- DNS:t396.test +- DNS:t397.test +- DNS:t398.test +- DNS:t399.test +- DNS:t400.test +- DNS:t401.test +- DNS:t402.test +- DNS:t403.test +- DNS:t404.test +- DNS:t405.test +- DNS:t406.test +- DNS:t407.test +- DNS:t408.test +- DNS:t409.test +- DNS:t410.test +- DNS:t411.test +- DNS:t412.test +- DNS:t413.test +- DNS:t414.test +- DNS:t415.test +- DNS:t416.test +- DNS:t417.test +- DNS:t418.test +- DNS:t419.test +- DNS:t420.test +- DNS:t421.test +- DNS:t422.test +- DNS:t423.test +- DNS:t424.test +- DNS:t425.test +- DNS:t426.test +- DNS:t427.test +- DNS:t428.test +- DNS:t429.test +- DNS:t430.test +- DNS:t431.test +- DNS:t432.test +- DNS:t433.test +- DNS:t434.test +- DNS:t435.test +- DNS:t436.test +- DNS:t437.test +- DNS:t438.test +- DNS:t439.test +- DNS:t440.test +- DNS:t441.test +- DNS:t442.test +- DNS:t443.test +- DNS:t444.test +- DNS:t445.test +- DNS:t446.test +- DNS:t447.test +- DNS:t448.test +- DNS:t449.test +- DNS:t450.test +- DNS:t451.test +- DNS:t452.test +- DNS:t453.test +- DNS:t454.test +- DNS:t455.test +- DNS:t456.test +- DNS:t457.test +- DNS:t458.test +- DNS:t459.test +- DNS:t460.test +- DNS:t461.test +- DNS:t462.test +- DNS:t463.test +- DNS:t464.test +- DNS:t465.test +- DNS:t466.test +- DNS:t467.test +- DNS:t468.test +- DNS:t469.test +- DNS:t470.test +- DNS:t471.test +- DNS:t472.test +- DNS:t473.test +- DNS:t474.test +- DNS:t475.test +- DNS:t476.test +- DNS:t477.test +- DNS:t478.test +- DNS:t479.test +- DNS:t480.test +- DNS:t481.test +- DNS:t482.test +- DNS:t483.test +- DNS:t484.test +- DNS:t485.test +- DNS:t486.test +- DNS:t487.test +- DNS:t488.test +- DNS:t489.test +- DNS:t490.test +- DNS:t491.test +- DNS:t492.test +- DNS:t493.test +- DNS:t494.test +- DNS:t495.test +- DNS:t496.test +- DNS:t497.test +- DNS:t498.test +- DNS:t499.test +- DNS:t500.test +- DNS:t501.test +- DNS:t502.test +- DNS:t503.test +- DNS:t504.test +- DNS:t505.test +- DNS:t506.test +- DNS:t507.test +- DNS:t508.test +- DNS:t509.test +- DNS:t510.test +- DNS:t511.test +- DNS:t512.test +- DNS:t513.test +- DNS:t514.test +- DNS:t515.test +- DNS:t516.test +- DNS:t517.test +- DNS:t518.test +- DNS:t519.test +- DNS:t520.test +- DNS:t521.test +- DNS:t522.test +- DNS:t523.test +- DNS:t524.test +- DNS:t525.test +- DNS:t526.test +- DNS:t527.test +- DNS:t528.test +- DNS:t529.test +- DNS:t530.test +- DNS:t531.test +- DNS:t532.test +- DNS:t533.test +- DNS:t534.test +- DNS:t535.test +- DNS:t536.test +- DNS:t537.test +- DNS:t538.test +- DNS:t539.test +- DNS:t540.test +- DNS:t541.test +- DNS:t542.test +- DNS:t543.test +- DNS:t544.test +- DNS:t545.test +- DNS:t546.test +- DNS:t547.test +- DNS:t548.test +- DNS:t549.test +- DNS:t550.test +- DNS:t551.test +- DNS:t552.test +- DNS:t553.test +- DNS:t554.test +- DNS:t555.test +- DNS:t556.test +- DNS:t557.test +- DNS:t558.test +- DNS:t559.test +- DNS:t560.test +- DNS:t561.test +- DNS:t562.test +- DNS:t563.test +- DNS:t564.test +- DNS:t565.test +- DNS:t566.test +- DNS:t567.test +- DNS:t568.test +- DNS:t569.test +- DNS:t570.test +- DNS:t571.test +- DNS:t572.test +- DNS:t573.test +- DNS:t574.test +- DNS:t575.test +- DNS:t576.test +- DNS:t577.test +- DNS:t578.test +- DNS:t579.test +- DNS:t580.test +- DNS:t581.test +- DNS:t582.test +- DNS:t583.test +- DNS:t584.test +- DNS:t585.test +- DNS:t586.test +- DNS:t587.test +- DNS:t588.test +- DNS:t589.test +- DNS:t590.test +- DNS:t591.test +- DNS:t592.test +- DNS:t593.test +- DNS:t594.test +- DNS:t595.test +- DNS:t596.test +- DNS:t597.test +- DNS:t598.test +- DNS:t599.test +- DNS:t600.test +- DNS:t601.test +- DNS:t602.test +- DNS:t603.test +- DNS:t604.test +- DNS:t605.test +- DNS:t606.test +- DNS:t607.test +- DNS:t608.test +- DNS:t609.test +- DNS:t610.test +- DNS:t611.test +- DNS:t612.test +- DNS:t613.test +- DNS:t614.test +- DNS:t615.test +- DNS:t616.test +- DNS:t617.test +- DNS:t618.test +- DNS:t619.test +- DNS:t620.test +- DNS:t621.test +- DNS:t622.test +- DNS:t623.test +- DNS:t624.test +- DNS:t625.test +- DNS:t626.test +- DNS:t627.test +- DNS:t628.test +- DNS:t629.test +- DNS:t630.test +- DNS:t631.test +- DNS:t632.test +- DNS:t633.test +- DNS:t634.test +- DNS:t635.test +- DNS:t636.test +- DNS:t637.test +- DNS:t638.test +- DNS:t639.test +- DNS:t640.test +- DNS:t641.test +- DNS:t642.test +- DNS:t643.test +- DNS:t644.test +- DNS:t645.test +- DNS:t646.test +- DNS:t647.test +- DNS:t648.test +- DNS:t649.test +- DNS:t650.test +- DNS:t651.test +- DNS:t652.test +- DNS:t653.test +- DNS:t654.test +- DNS:t655.test +- DNS:t656.test +- DNS:t657.test +- DNS:t658.test +- DNS:t659.test +- DNS:t660.test +- DNS:t661.test +- DNS:t662.test +- DNS:t663.test +- DNS:t664.test +- DNS:t665.test +- DNS:t666.test +- DNS:t667.test +- DNS:t668.test +- DNS:t669.test +- DNS:t670.test +- DNS:t671.test +- DNS:t672.test +- DNS:t673.test +- DNS:t674.test +- DNS:t675.test +- DNS:t676.test +- DNS:t677.test +- DNS:t678.test +- DNS:t679.test +- DNS:t680.test +- DNS:t681.test +- DNS:t682.test +- DNS:t683.test +- DNS:t684.test +- DNS:t685.test +- DNS:t686.test +- DNS:t687.test +- DNS:t688.test +- DNS:t689.test +- DNS:t690.test +- DNS:t691.test +- DNS:t692.test +- DNS:t693.test +- DNS:t694.test +- DNS:t695.test +- DNS:t696.test +- DNS:t697.test +- DNS:t698.test +- DNS:t699.test +- DNS:t700.test +- DNS:t701.test +- DNS:t702.test +- DNS:t703.test +- DNS:t704.test +- DNS:t705.test +- DNS:t706.test +- DNS:t707.test +- DNS:t708.test +- DNS:t709.test +- DNS:t710.test +- DNS:t711.test +- DNS:t712.test +- DNS:t713.test +- DNS:t714.test +- DNS:t715.test +- DNS:t716.test +- DNS:t717.test +- DNS:t718.test +- DNS:t719.test +- DNS:t720.test +- DNS:t721.test +- DNS:t722.test +- DNS:t723.test +- DNS:t724.test +- DNS:t725.test +- DNS:t726.test +- DNS:t727.test +- DNS:t728.test +- DNS:t729.test +- DNS:t730.test +- DNS:t731.test +- DNS:t732.test +- DNS:t733.test +- DNS:t734.test +- DNS:t735.test +- DNS:t736.test +- DNS:t737.test +- DNS:t738.test +- DNS:t739.test +- DNS:t740.test +- DNS:t741.test +- DNS:t742.test +- DNS:t743.test +- DNS:t744.test +- DNS:t745.test +- DNS:t746.test +- DNS:t747.test +- DNS:t748.test +- DNS:t749.test +- DNS:t750.test +- DNS:t751.test +- DNS:t752.test +- DNS:t753.test +- DNS:t754.test +- DNS:t755.test +- DNS:t756.test +- DNS:t757.test +- DNS:t758.test +- DNS:t759.test +- DNS:t760.test +- DNS:t761.test +- DNS:t762.test +- DNS:t763.test +- DNS:t764.test +- DNS:t765.test +- DNS:t766.test +- DNS:t767.test +- DNS:t768.test +- DNS:t769.test +- DNS:t770.test +- DNS:t771.test +- DNS:t772.test +- DNS:t773.test +- DNS:t774.test +- DNS:t775.test +- DNS:t776.test +- DNS:t777.test +- DNS:t778.test +- DNS:t779.test +- DNS:t780.test +- DNS:t781.test +- DNS:t782.test +- DNS:t783.test +- DNS:t784.test +- DNS:t785.test +- DNS:t786.test +- DNS:t787.test +- DNS:t788.test +- DNS:t789.test +- DNS:t790.test +- DNS:t791.test +- DNS:t792.test +- DNS:t793.test +- DNS:t794.test +- DNS:t795.test +- DNS:t796.test +- DNS:t797.test +- DNS:t798.test +- DNS:t799.test +- DNS:t800.test +- DNS:t801.test +- DNS:t802.test +- DNS:t803.test +- DNS:t804.test +- DNS:t805.test +- DNS:t806.test +- DNS:t807.test +- DNS:t808.test +- DNS:t809.test +- DNS:t810.test +- DNS:t811.test +- DNS:t812.test +- DNS:t813.test +- DNS:t814.test +- DNS:t815.test +- DNS:t816.test +- DNS:t817.test +- DNS:t818.test +- DNS:t819.test +- DNS:t820.test +- DNS:t821.test +- DNS:t822.test +- DNS:t823.test +- DNS:t824.test +- DNS:t825.test +- DNS:t826.test +- DNS:t827.test +- DNS:t828.test +- DNS:t829.test +- DNS:t830.test +- DNS:t831.test +- DNS:t832.test +- DNS:t833.test +- DNS:t834.test +- DNS:t835.test +- DNS:t836.test +- DNS:t837.test +- DNS:t838.test +- DNS:t839.test +- DNS:t840.test +- DNS:t841.test +- DNS:t842.test +- DNS:t843.test +- DNS:t844.test +- DNS:t845.test +- DNS:t846.test +- DNS:t847.test +- DNS:t848.test +- DNS:t849.test +- DNS:t850.test +- DNS:t851.test +- DNS:t852.test +- DNS:t853.test +- DNS:t854.test +- DNS:t855.test +- DNS:t856.test +- DNS:t857.test +- DNS:t858.test +- DNS:t859.test +- DNS:t860.test +- DNS:t861.test +- DNS:t862.test +- DNS:t863.test +- DNS:t864.test +- DNS:t865.test +- DNS:t866.test +- DNS:t867.test +- DNS:t868.test +- DNS:t869.test +- DNS:t870.test +- DNS:t871.test +- DNS:t872.test +- DNS:t873.test +- DNS:t874.test +- DNS:t875.test +- DNS:t876.test +- DNS:t877.test +- DNS:t878.test +- DNS:t879.test +- DNS:t880.test +- DNS:t881.test +- DNS:t882.test +- DNS:t883.test +- DNS:t884.test +- DNS:t885.test +- DNS:t886.test +- DNS:t887.test +- DNS:t888.test +- DNS:t889.test +- DNS:t890.test +- DNS:t891.test +- DNS:t892.test +- DNS:t893.test +- DNS:t894.test +- DNS:t895.test +- DNS:t896.test +- DNS:t897.test +- DNS:t898.test +- DNS:t899.test +- DNS:t900.test +- DNS:t901.test +- DNS:t902.test +- DNS:t903.test +- DNS:t904.test +- DNS:t905.test +- DNS:t906.test +- DNS:t907.test +- DNS:t908.test +- DNS:t909.test +- DNS:t910.test +- DNS:t911.test +- DNS:t912.test +- DNS:t913.test +- DNS:t914.test +- DNS:t915.test +- DNS:t916.test +- DNS:t917.test +- DNS:t918.test +- DNS:t919.test +- DNS:t920.test +- DNS:t921.test +- DNS:t922.test +- DNS:t923.test +- DNS:t924.test +- DNS:t925.test +- DNS:t926.test +- DNS:t927.test +- DNS:t928.test +- DNS:t929.test +- DNS:t930.test +- DNS:t931.test +- DNS:t932.test +- DNS:t933.test +- DNS:t934.test +- DNS:t935.test +- DNS:t936.test +- DNS:t937.test +- DNS:t938.test +- DNS:t939.test +- DNS:t940.test +- DNS:t941.test +- DNS:t942.test +- DNS:t943.test +- DNS:t944.test +- DNS:t945.test +- DNS:t946.test +- DNS:t947.test +- DNS:t948.test +- DNS:t949.test +- DNS:t950.test +- DNS:t951.test +- DNS:t952.test +- DNS:t953.test +- DNS:t954.test +- DNS:t955.test +- DNS:t956.test +- DNS:t957.test +- DNS:t958.test +- DNS:t959.test +- DNS:t960.test +- DNS:t961.test +- DNS:t962.test +- DNS:t963.test +- DNS:t964.test +- DNS:t965.test +- DNS:t966.test +- DNS:t967.test +- DNS:t968.test +- DNS:t969.test +- DNS:t970.test +- DNS:t971.test +- DNS:t972.test +- DNS:t973.test +- DNS:t974.test +- DNS:t975.test +- DNS:t976.test +- DNS:t977.test +- DNS:t978.test +- DNS:t979.test +- DNS:t980.test +- DNS:t981.test +- DNS:t982.test +- DNS:t983.test +- DNS:t984.test +- DNS:t985.test +- DNS:t986.test +- DNS:t987.test +- DNS:t988.test +- DNS:t989.test +- DNS:t990.test +- DNS:t991.test +- DNS:t992.test +- DNS:t993.test +- DNS:t994.test +- DNS:t995.test +- DNS:t996.test +- DNS:t997.test +- DNS:t998.test +- DNS:t999.test +- DNS:t1000.test +- DNS:t1001.test +- DNS:t1002.test +- DNS:t1003.test +- DNS:t1004.test +- DNS:t1005.test +- DNS:t1006.test +- DNS:t1007.test +- DNS:t1008.test +- DNS:t1009.test +- DNS:t1010.test +- DNS:t1011.test +- DNS:t1012.test +- DNS:t1013.test +- DNS:t1014.test +- DNS:t1015.test +- DNS:t1016.test +- DNS:t1017.test +- DNS:t1018.test +- DNS:t1019.test +- DNS:t1020.test +- DNS:t1021.test +- DNS:t1022.test +- DNS:t1023.test +- DNS:t1024.test +- IP:10.0.0.0/255.255.255.255 +- IP:10.0.0.1/255.255.255.255 +- IP:10.0.0.2/255.255.255.255 +- IP:10.0.0.3/255.255.255.255 +- IP:10.0.0.4/255.255.255.255 +- IP:10.0.0.5/255.255.255.255 +- IP:10.0.0.6/255.255.255.255 +- IP:10.0.0.7/255.255.255.255 +- IP:10.0.0.8/255.255.255.255 +- IP:10.0.0.9/255.255.255.255 +- IP:10.0.0.10/255.255.255.255 +- IP:10.0.0.11/255.255.255.255 +- IP:10.0.0.12/255.255.255.255 +- IP:10.0.0.13/255.255.255.255 +- IP:10.0.0.14/255.255.255.255 +- IP:10.0.0.15/255.255.255.255 +- IP:10.0.0.16/255.255.255.255 +- IP:10.0.0.17/255.255.255.255 +- IP:10.0.0.18/255.255.255.255 +- IP:10.0.0.19/255.255.255.255 +- IP:10.0.0.20/255.255.255.255 +- IP:10.0.0.21/255.255.255.255 +- IP:10.0.0.22/255.255.255.255 +- IP:10.0.0.23/255.255.255.255 +- IP:10.0.0.24/255.255.255.255 +- IP:10.0.0.25/255.255.255.255 +- IP:10.0.0.26/255.255.255.255 +- IP:10.0.0.27/255.255.255.255 +- IP:10.0.0.28/255.255.255.255 +- IP:10.0.0.29/255.255.255.255 +- IP:10.0.0.30/255.255.255.255 +- IP:10.0.0.31/255.255.255.255 +- IP:10.0.0.32/255.255.255.255 +- IP:10.0.0.33/255.255.255.255 +- IP:10.0.0.34/255.255.255.255 +- IP:10.0.0.35/255.255.255.255 +- IP:10.0.0.36/255.255.255.255 +- IP:10.0.0.37/255.255.255.255 +- IP:10.0.0.38/255.255.255.255 +- IP:10.0.0.39/255.255.255.255 +- IP:10.0.0.40/255.255.255.255 +- IP:10.0.0.41/255.255.255.255 +- IP:10.0.0.42/255.255.255.255 +- IP:10.0.0.43/255.255.255.255 +- IP:10.0.0.44/255.255.255.255 +- IP:10.0.0.45/255.255.255.255 +- IP:10.0.0.46/255.255.255.255 +- IP:10.0.0.47/255.255.255.255 +- IP:10.0.0.48/255.255.255.255 +- IP:10.0.0.49/255.255.255.255 +- IP:10.0.0.50/255.255.255.255 +- IP:10.0.0.51/255.255.255.255 +- IP:10.0.0.52/255.255.255.255 +- IP:10.0.0.53/255.255.255.255 +- IP:10.0.0.54/255.255.255.255 +- IP:10.0.0.55/255.255.255.255 +- IP:10.0.0.56/255.255.255.255 +- IP:10.0.0.57/255.255.255.255 +- IP:10.0.0.58/255.255.255.255 +- IP:10.0.0.59/255.255.255.255 +- IP:10.0.0.60/255.255.255.255 +- IP:10.0.0.61/255.255.255.255 +- IP:10.0.0.62/255.255.255.255 +- IP:10.0.0.63/255.255.255.255 +- IP:10.0.0.64/255.255.255.255 +- IP:10.0.0.65/255.255.255.255 +- IP:10.0.0.66/255.255.255.255 +- IP:10.0.0.67/255.255.255.255 +- IP:10.0.0.68/255.255.255.255 +- IP:10.0.0.69/255.255.255.255 +- IP:10.0.0.70/255.255.255.255 +- IP:10.0.0.71/255.255.255.255 +- IP:10.0.0.72/255.255.255.255 +- IP:10.0.0.73/255.255.255.255 +- IP:10.0.0.74/255.255.255.255 +- IP:10.0.0.75/255.255.255.255 +- IP:10.0.0.76/255.255.255.255 +- IP:10.0.0.77/255.255.255.255 +- IP:10.0.0.78/255.255.255.255 +- IP:10.0.0.79/255.255.255.255 +- IP:10.0.0.80/255.255.255.255 +- IP:10.0.0.81/255.255.255.255 +- IP:10.0.0.82/255.255.255.255 +- IP:10.0.0.83/255.255.255.255 +- IP:10.0.0.84/255.255.255.255 +- IP:10.0.0.85/255.255.255.255 +- IP:10.0.0.86/255.255.255.255 +- IP:10.0.0.87/255.255.255.255 +- IP:10.0.0.88/255.255.255.255 +- IP:10.0.0.89/255.255.255.255 +- IP:10.0.0.90/255.255.255.255 +- IP:10.0.0.91/255.255.255.255 +- IP:10.0.0.92/255.255.255.255 +- IP:10.0.0.93/255.255.255.255 +- IP:10.0.0.94/255.255.255.255 +- IP:10.0.0.95/255.255.255.255 +- IP:10.0.0.96/255.255.255.255 +- IP:10.0.0.97/255.255.255.255 +- IP:10.0.0.98/255.255.255.255 +- IP:10.0.0.99/255.255.255.255 +- IP:10.0.0.100/255.255.255.255 +- IP:10.0.0.101/255.255.255.255 +- IP:10.0.0.102/255.255.255.255 +- IP:10.0.0.103/255.255.255.255 +- IP:10.0.0.104/255.255.255.255 +- IP:10.0.0.105/255.255.255.255 +- IP:10.0.0.106/255.255.255.255 +- IP:10.0.0.107/255.255.255.255 +- IP:10.0.0.108/255.255.255.255 +- IP:10.0.0.109/255.255.255.255 +- IP:10.0.0.110/255.255.255.255 +- IP:10.0.0.111/255.255.255.255 +- IP:10.0.0.112/255.255.255.255 +- IP:10.0.0.113/255.255.255.255 +- IP:10.0.0.114/255.255.255.255 +- IP:10.0.0.115/255.255.255.255 +- IP:10.0.0.116/255.255.255.255 +- IP:10.0.0.117/255.255.255.255 +- IP:10.0.0.118/255.255.255.255 +- IP:10.0.0.119/255.255.255.255 +- IP:10.0.0.120/255.255.255.255 +- IP:10.0.0.121/255.255.255.255 +- IP:10.0.0.122/255.255.255.255 +- IP:10.0.0.123/255.255.255.255 +- IP:10.0.0.124/255.255.255.255 +- IP:10.0.0.125/255.255.255.255 +- IP:10.0.0.126/255.255.255.255 +- IP:10.0.0.127/255.255.255.255 +- IP:10.0.0.128/255.255.255.255 +- IP:10.0.0.129/255.255.255.255 +- IP:10.0.0.130/255.255.255.255 +- IP:10.0.0.131/255.255.255.255 +- IP:10.0.0.132/255.255.255.255 +- IP:10.0.0.133/255.255.255.255 +- IP:10.0.0.134/255.255.255.255 +- IP:10.0.0.135/255.255.255.255 +- IP:10.0.0.136/255.255.255.255 +- IP:10.0.0.137/255.255.255.255 +- IP:10.0.0.138/255.255.255.255 +- IP:10.0.0.139/255.255.255.255 +- IP:10.0.0.140/255.255.255.255 +- IP:10.0.0.141/255.255.255.255 +- IP:10.0.0.142/255.255.255.255 +- IP:10.0.0.143/255.255.255.255 +- IP:10.0.0.144/255.255.255.255 +- IP:10.0.0.145/255.255.255.255 +- IP:10.0.0.146/255.255.255.255 +- IP:10.0.0.147/255.255.255.255 +- IP:10.0.0.148/255.255.255.255 +- IP:10.0.0.149/255.255.255.255 +- IP:10.0.0.150/255.255.255.255 +- IP:10.0.0.151/255.255.255.255 +- IP:10.0.0.152/255.255.255.255 +- IP:10.0.0.153/255.255.255.255 +- IP:10.0.0.154/255.255.255.255 +- IP:10.0.0.155/255.255.255.255 +- IP:10.0.0.156/255.255.255.255 +- IP:10.0.0.157/255.255.255.255 +- IP:10.0.0.158/255.255.255.255 +- IP:10.0.0.159/255.255.255.255 +- IP:10.0.0.160/255.255.255.255 +- IP:10.0.0.161/255.255.255.255 +- IP:10.0.0.162/255.255.255.255 +- IP:10.0.0.163/255.255.255.255 +- IP:10.0.0.164/255.255.255.255 +- IP:10.0.0.165/255.255.255.255 +- IP:10.0.0.166/255.255.255.255 +- IP:10.0.0.167/255.255.255.255 +- IP:10.0.0.168/255.255.255.255 +- IP:10.0.0.169/255.255.255.255 +- IP:10.0.0.170/255.255.255.255 +- IP:10.0.0.171/255.255.255.255 +- IP:10.0.0.172/255.255.255.255 +- IP:10.0.0.173/255.255.255.255 +- IP:10.0.0.174/255.255.255.255 +- IP:10.0.0.175/255.255.255.255 +- IP:10.0.0.176/255.255.255.255 +- IP:10.0.0.177/255.255.255.255 +- IP:10.0.0.178/255.255.255.255 +- IP:10.0.0.179/255.255.255.255 +- IP:10.0.0.180/255.255.255.255 +- IP:10.0.0.181/255.255.255.255 +- IP:10.0.0.182/255.255.255.255 +- IP:10.0.0.183/255.255.255.255 +- IP:10.0.0.184/255.255.255.255 +- IP:10.0.0.185/255.255.255.255 +- IP:10.0.0.186/255.255.255.255 +- IP:10.0.0.187/255.255.255.255 +- IP:10.0.0.188/255.255.255.255 +- IP:10.0.0.189/255.255.255.255 +- IP:10.0.0.190/255.255.255.255 +- IP:10.0.0.191/255.255.255.255 +- IP:10.0.0.192/255.255.255.255 +- IP:10.0.0.193/255.255.255.255 +- IP:10.0.0.194/255.255.255.255 +- IP:10.0.0.195/255.255.255.255 +- IP:10.0.0.196/255.255.255.255 +- IP:10.0.0.197/255.255.255.255 +- IP:10.0.0.198/255.255.255.255 +- IP:10.0.0.199/255.255.255.255 +- IP:10.0.0.200/255.255.255.255 +- IP:10.0.0.201/255.255.255.255 +- IP:10.0.0.202/255.255.255.255 +- IP:10.0.0.203/255.255.255.255 +- IP:10.0.0.204/255.255.255.255 +- IP:10.0.0.205/255.255.255.255 +- IP:10.0.0.206/255.255.255.255 +- IP:10.0.0.207/255.255.255.255 +- IP:10.0.0.208/255.255.255.255 +- IP:10.0.0.209/255.255.255.255 +- IP:10.0.0.210/255.255.255.255 +- IP:10.0.0.211/255.255.255.255 +- IP:10.0.0.212/255.255.255.255 +- IP:10.0.0.213/255.255.255.255 +- IP:10.0.0.214/255.255.255.255 +- IP:10.0.0.215/255.255.255.255 +- IP:10.0.0.216/255.255.255.255 +- IP:10.0.0.217/255.255.255.255 +- IP:10.0.0.218/255.255.255.255 +- IP:10.0.0.219/255.255.255.255 +- IP:10.0.0.220/255.255.255.255 +- IP:10.0.0.221/255.255.255.255 +- IP:10.0.0.222/255.255.255.255 +- IP:10.0.0.223/255.255.255.255 +- IP:10.0.0.224/255.255.255.255 +- IP:10.0.0.225/255.255.255.255 +- IP:10.0.0.226/255.255.255.255 +- IP:10.0.0.227/255.255.255.255 +- IP:10.0.0.228/255.255.255.255 +- IP:10.0.0.229/255.255.255.255 +- IP:10.0.0.230/255.255.255.255 +- IP:10.0.0.231/255.255.255.255 +- IP:10.0.0.232/255.255.255.255 +- IP:10.0.0.233/255.255.255.255 +- IP:10.0.0.234/255.255.255.255 +- IP:10.0.0.235/255.255.255.255 +- IP:10.0.0.236/255.255.255.255 +- IP:10.0.0.237/255.255.255.255 +- IP:10.0.0.238/255.255.255.255 +- IP:10.0.0.239/255.255.255.255 +- IP:10.0.0.240/255.255.255.255 +- IP:10.0.0.241/255.255.255.255 +- IP:10.0.0.242/255.255.255.255 +- IP:10.0.0.243/255.255.255.255 +- IP:10.0.0.244/255.255.255.255 +- IP:10.0.0.245/255.255.255.255 +- IP:10.0.0.246/255.255.255.255 +- IP:10.0.0.247/255.255.255.255 +- IP:10.0.0.248/255.255.255.255 +- IP:10.0.0.249/255.255.255.255 +- IP:10.0.0.250/255.255.255.255 +- IP:10.0.0.251/255.255.255.255 +- IP:10.0.0.252/255.255.255.255 +- IP:10.0.0.253/255.255.255.255 +- IP:10.0.0.254/255.255.255.255 +- IP:10.0.0.255/255.255.255.255 +- IP:10.0.1.0/255.255.255.255 +- IP:10.0.1.1/255.255.255.255 +- IP:10.0.1.2/255.255.255.255 +- IP:10.0.1.3/255.255.255.255 +- IP:10.0.1.4/255.255.255.255 +- IP:10.0.1.5/255.255.255.255 +- IP:10.0.1.6/255.255.255.255 +- IP:10.0.1.7/255.255.255.255 +- IP:10.0.1.8/255.255.255.255 +- IP:10.0.1.9/255.255.255.255 +- IP:10.0.1.10/255.255.255.255 +- IP:10.0.1.11/255.255.255.255 +- IP:10.0.1.12/255.255.255.255 +- IP:10.0.1.13/255.255.255.255 +- IP:10.0.1.14/255.255.255.255 +- IP:10.0.1.15/255.255.255.255 +- IP:10.0.1.16/255.255.255.255 +- IP:10.0.1.17/255.255.255.255 +- IP:10.0.1.18/255.255.255.255 +- IP:10.0.1.19/255.255.255.255 +- IP:10.0.1.20/255.255.255.255 +- IP:10.0.1.21/255.255.255.255 +- IP:10.0.1.22/255.255.255.255 +- IP:10.0.1.23/255.255.255.255 +- IP:10.0.1.24/255.255.255.255 +- IP:10.0.1.25/255.255.255.255 +- IP:10.0.1.26/255.255.255.255 +- IP:10.0.1.27/255.255.255.255 +- IP:10.0.1.28/255.255.255.255 +- IP:10.0.1.29/255.255.255.255 +- IP:10.0.1.30/255.255.255.255 +- IP:10.0.1.31/255.255.255.255 +- IP:10.0.1.32/255.255.255.255 +- IP:10.0.1.33/255.255.255.255 +- IP:10.0.1.34/255.255.255.255 +- IP:10.0.1.35/255.255.255.255 +- IP:10.0.1.36/255.255.255.255 +- IP:10.0.1.37/255.255.255.255 +- IP:10.0.1.38/255.255.255.255 +- IP:10.0.1.39/255.255.255.255 +- IP:10.0.1.40/255.255.255.255 +- IP:10.0.1.41/255.255.255.255 +- IP:10.0.1.42/255.255.255.255 +- IP:10.0.1.43/255.255.255.255 +- IP:10.0.1.44/255.255.255.255 +- IP:10.0.1.45/255.255.255.255 +- IP:10.0.1.46/255.255.255.255 +- IP:10.0.1.47/255.255.255.255 +- IP:10.0.1.48/255.255.255.255 +- IP:10.0.1.49/255.255.255.255 +- IP:10.0.1.50/255.255.255.255 +- IP:10.0.1.51/255.255.255.255 +- IP:10.0.1.52/255.255.255.255 +- IP:10.0.1.53/255.255.255.255 +- IP:10.0.1.54/255.255.255.255 +- IP:10.0.1.55/255.255.255.255 +- IP:10.0.1.56/255.255.255.255 +- IP:10.0.1.57/255.255.255.255 +- IP:10.0.1.58/255.255.255.255 +- IP:10.0.1.59/255.255.255.255 +- IP:10.0.1.60/255.255.255.255 +- IP:10.0.1.61/255.255.255.255 +- IP:10.0.1.62/255.255.255.255 +- IP:10.0.1.63/255.255.255.255 +- IP:10.0.1.64/255.255.255.255 +- IP:10.0.1.65/255.255.255.255 +- IP:10.0.1.66/255.255.255.255 +- IP:10.0.1.67/255.255.255.255 +- IP:10.0.1.68/255.255.255.255 +- IP:10.0.1.69/255.255.255.255 +- IP:10.0.1.70/255.255.255.255 +- IP:10.0.1.71/255.255.255.255 +- IP:10.0.1.72/255.255.255.255 +- IP:10.0.1.73/255.255.255.255 +- IP:10.0.1.74/255.255.255.255 +- IP:10.0.1.75/255.255.255.255 +- IP:10.0.1.76/255.255.255.255 +- IP:10.0.1.77/255.255.255.255 +- IP:10.0.1.78/255.255.255.255 +- IP:10.0.1.79/255.255.255.255 +- IP:10.0.1.80/255.255.255.255 +- IP:10.0.1.81/255.255.255.255 +- IP:10.0.1.82/255.255.255.255 +- IP:10.0.1.83/255.255.255.255 +- IP:10.0.1.84/255.255.255.255 +- IP:10.0.1.85/255.255.255.255 +- IP:10.0.1.86/255.255.255.255 +- IP:10.0.1.87/255.255.255.255 +- IP:10.0.1.88/255.255.255.255 +- IP:10.0.1.89/255.255.255.255 +- IP:10.0.1.90/255.255.255.255 +- IP:10.0.1.91/255.255.255.255 +- IP:10.0.1.92/255.255.255.255 +- IP:10.0.1.93/255.255.255.255 +- IP:10.0.1.94/255.255.255.255 +- IP:10.0.1.95/255.255.255.255 +- IP:10.0.1.96/255.255.255.255 +- IP:10.0.1.97/255.255.255.255 +- IP:10.0.1.98/255.255.255.255 +- IP:10.0.1.99/255.255.255.255 +- IP:10.0.1.100/255.255.255.255 +- IP:10.0.1.101/255.255.255.255 +- IP:10.0.1.102/255.255.255.255 +- IP:10.0.1.103/255.255.255.255 +- IP:10.0.1.104/255.255.255.255 +- IP:10.0.1.105/255.255.255.255 +- IP:10.0.1.106/255.255.255.255 +- IP:10.0.1.107/255.255.255.255 +- IP:10.0.1.108/255.255.255.255 +- IP:10.0.1.109/255.255.255.255 +- IP:10.0.1.110/255.255.255.255 +- IP:10.0.1.111/255.255.255.255 +- IP:10.0.1.112/255.255.255.255 +- IP:10.0.1.113/255.255.255.255 +- IP:10.0.1.114/255.255.255.255 +- IP:10.0.1.115/255.255.255.255 +- IP:10.0.1.116/255.255.255.255 +- IP:10.0.1.117/255.255.255.255 +- IP:10.0.1.118/255.255.255.255 +- IP:10.0.1.119/255.255.255.255 +- IP:10.0.1.120/255.255.255.255 +- IP:10.0.1.121/255.255.255.255 +- IP:10.0.1.122/255.255.255.255 +- IP:10.0.1.123/255.255.255.255 +- IP:10.0.1.124/255.255.255.255 +- IP:10.0.1.125/255.255.255.255 +- IP:10.0.1.126/255.255.255.255 +- IP:10.0.1.127/255.255.255.255 +- IP:10.0.1.128/255.255.255.255 +- IP:10.0.1.129/255.255.255.255 +- IP:10.0.1.130/255.255.255.255 +- IP:10.0.1.131/255.255.255.255 +- IP:10.0.1.132/255.255.255.255 +- IP:10.0.1.133/255.255.255.255 +- IP:10.0.1.134/255.255.255.255 +- IP:10.0.1.135/255.255.255.255 +- IP:10.0.1.136/255.255.255.255 +- IP:10.0.1.137/255.255.255.255 +- IP:10.0.1.138/255.255.255.255 +- IP:10.0.1.139/255.255.255.255 +- IP:10.0.1.140/255.255.255.255 +- IP:10.0.1.141/255.255.255.255 +- IP:10.0.1.142/255.255.255.255 +- IP:10.0.1.143/255.255.255.255 +- IP:10.0.1.144/255.255.255.255 +- IP:10.0.1.145/255.255.255.255 +- IP:10.0.1.146/255.255.255.255 +- IP:10.0.1.147/255.255.255.255 +- IP:10.0.1.148/255.255.255.255 +- IP:10.0.1.149/255.255.255.255 +- IP:10.0.1.150/255.255.255.255 +- IP:10.0.1.151/255.255.255.255 +- IP:10.0.1.152/255.255.255.255 +- IP:10.0.1.153/255.255.255.255 +- IP:10.0.1.154/255.255.255.255 +- IP:10.0.1.155/255.255.255.255 +- IP:10.0.1.156/255.255.255.255 +- IP:10.0.1.157/255.255.255.255 +- IP:10.0.1.158/255.255.255.255 +- IP:10.0.1.159/255.255.255.255 +- IP:10.0.1.160/255.255.255.255 +- IP:10.0.1.161/255.255.255.255 +- IP:10.0.1.162/255.255.255.255 +- IP:10.0.1.163/255.255.255.255 +- IP:10.0.1.164/255.255.255.255 +- IP:10.0.1.165/255.255.255.255 +- IP:10.0.1.166/255.255.255.255 +- IP:10.0.1.167/255.255.255.255 +- IP:10.0.1.168/255.255.255.255 +- IP:10.0.1.169/255.255.255.255 +- IP:10.0.1.170/255.255.255.255 +- IP:10.0.1.171/255.255.255.255 +- IP:10.0.1.172/255.255.255.255 +- IP:10.0.1.173/255.255.255.255 +- IP:10.0.1.174/255.255.255.255 +- IP:10.0.1.175/255.255.255.255 +- IP:10.0.1.176/255.255.255.255 +- IP:10.0.1.177/255.255.255.255 +- IP:10.0.1.178/255.255.255.255 +- IP:10.0.1.179/255.255.255.255 +- IP:10.0.1.180/255.255.255.255 +- IP:10.0.1.181/255.255.255.255 +- IP:10.0.1.182/255.255.255.255 +- IP:10.0.1.183/255.255.255.255 +- IP:10.0.1.184/255.255.255.255 +- IP:10.0.1.185/255.255.255.255 +- IP:10.0.1.186/255.255.255.255 +- IP:10.0.1.187/255.255.255.255 +- IP:10.0.1.188/255.255.255.255 +- IP:10.0.1.189/255.255.255.255 +- IP:10.0.1.190/255.255.255.255 +- IP:10.0.1.191/255.255.255.255 +- IP:10.0.1.192/255.255.255.255 +- IP:10.0.1.193/255.255.255.255 +- IP:10.0.1.194/255.255.255.255 +- IP:10.0.1.195/255.255.255.255 +- IP:10.0.1.196/255.255.255.255 +- IP:10.0.1.197/255.255.255.255 +- IP:10.0.1.198/255.255.255.255 +- IP:10.0.1.199/255.255.255.255 +- IP:10.0.1.200/255.255.255.255 +- IP:10.0.1.201/255.255.255.255 +- IP:10.0.1.202/255.255.255.255 +- IP:10.0.1.203/255.255.255.255 +- IP:10.0.1.204/255.255.255.255 +- IP:10.0.1.205/255.255.255.255 +- IP:10.0.1.206/255.255.255.255 +- IP:10.0.1.207/255.255.255.255 +- IP:10.0.1.208/255.255.255.255 +- IP:10.0.1.209/255.255.255.255 +- IP:10.0.1.210/255.255.255.255 +- IP:10.0.1.211/255.255.255.255 +- IP:10.0.1.212/255.255.255.255 +- IP:10.0.1.213/255.255.255.255 +- IP:10.0.1.214/255.255.255.255 +- IP:10.0.1.215/255.255.255.255 +- IP:10.0.1.216/255.255.255.255 +- IP:10.0.1.217/255.255.255.255 +- IP:10.0.1.218/255.255.255.255 +- IP:10.0.1.219/255.255.255.255 +- IP:10.0.1.220/255.255.255.255 +- IP:10.0.1.221/255.255.255.255 +- IP:10.0.1.222/255.255.255.255 +- IP:10.0.1.223/255.255.255.255 +- IP:10.0.1.224/255.255.255.255 +- IP:10.0.1.225/255.255.255.255 +- IP:10.0.1.226/255.255.255.255 +- IP:10.0.1.227/255.255.255.255 +- IP:10.0.1.228/255.255.255.255 +- IP:10.0.1.229/255.255.255.255 +- IP:10.0.1.230/255.255.255.255 +- IP:10.0.1.231/255.255.255.255 +- IP:10.0.1.232/255.255.255.255 +- IP:10.0.1.233/255.255.255.255 +- IP:10.0.1.234/255.255.255.255 +- IP:10.0.1.235/255.255.255.255 +- IP:10.0.1.236/255.255.255.255 +- IP:10.0.1.237/255.255.255.255 +- IP:10.0.1.238/255.255.255.255 +- IP:10.0.1.239/255.255.255.255 +- IP:10.0.1.240/255.255.255.255 +- IP:10.0.1.241/255.255.255.255 +- IP:10.0.1.242/255.255.255.255 +- IP:10.0.1.243/255.255.255.255 +- IP:10.0.1.244/255.255.255.255 +- IP:10.0.1.245/255.255.255.255 +- IP:10.0.1.246/255.255.255.255 +- IP:10.0.1.247/255.255.255.255 +- IP:10.0.1.248/255.255.255.255 +- IP:10.0.1.249/255.255.255.255 +- IP:10.0.1.250/255.255.255.255 +- IP:10.0.1.251/255.255.255.255 +- IP:10.0.1.252/255.255.255.255 +- IP:10.0.1.253/255.255.255.255 +- IP:10.0.1.254/255.255.255.255 +- IP:10.0.1.255/255.255.255.255 +- IP:10.0.2.0/255.255.255.255 +- IP:10.0.2.1/255.255.255.255 +- IP:10.0.2.2/255.255.255.255 +- IP:10.0.2.3/255.255.255.255 +- IP:10.0.2.4/255.255.255.255 +- IP:10.0.2.5/255.255.255.255 +- IP:10.0.2.6/255.255.255.255 +- IP:10.0.2.7/255.255.255.255 +- IP:10.0.2.8/255.255.255.255 +- IP:10.0.2.9/255.255.255.255 +- IP:10.0.2.10/255.255.255.255 +- IP:10.0.2.11/255.255.255.255 +- IP:10.0.2.12/255.255.255.255 +- IP:10.0.2.13/255.255.255.255 +- IP:10.0.2.14/255.255.255.255 +- IP:10.0.2.15/255.255.255.255 +- IP:10.0.2.16/255.255.255.255 +- IP:10.0.2.17/255.255.255.255 +- IP:10.0.2.18/255.255.255.255 +- IP:10.0.2.19/255.255.255.255 +- IP:10.0.2.20/255.255.255.255 +- IP:10.0.2.21/255.255.255.255 +- IP:10.0.2.22/255.255.255.255 +- IP:10.0.2.23/255.255.255.255 +- IP:10.0.2.24/255.255.255.255 +- IP:10.0.2.25/255.255.255.255 +- IP:10.0.2.26/255.255.255.255 +- IP:10.0.2.27/255.255.255.255 +- IP:10.0.2.28/255.255.255.255 +- IP:10.0.2.29/255.255.255.255 +- IP:10.0.2.30/255.255.255.255 +- IP:10.0.2.31/255.255.255.255 +- IP:10.0.2.32/255.255.255.255 +- IP:10.0.2.33/255.255.255.255 +- IP:10.0.2.34/255.255.255.255 +- IP:10.0.2.35/255.255.255.255 +- IP:10.0.2.36/255.255.255.255 +- IP:10.0.2.37/255.255.255.255 +- IP:10.0.2.38/255.255.255.255 +- IP:10.0.2.39/255.255.255.255 +- IP:10.0.2.40/255.255.255.255 +- IP:10.0.2.41/255.255.255.255 +- IP:10.0.2.42/255.255.255.255 +- IP:10.0.2.43/255.255.255.255 +- IP:10.0.2.44/255.255.255.255 +- IP:10.0.2.45/255.255.255.255 +- IP:10.0.2.46/255.255.255.255 +- IP:10.0.2.47/255.255.255.255 +- IP:10.0.2.48/255.255.255.255 +- IP:10.0.2.49/255.255.255.255 +- IP:10.0.2.50/255.255.255.255 +- IP:10.0.2.51/255.255.255.255 +- IP:10.0.2.52/255.255.255.255 +- IP:10.0.2.53/255.255.255.255 +- IP:10.0.2.54/255.255.255.255 +- IP:10.0.2.55/255.255.255.255 +- IP:10.0.2.56/255.255.255.255 +- IP:10.0.2.57/255.255.255.255 +- IP:10.0.2.58/255.255.255.255 +- IP:10.0.2.59/255.255.255.255 +- IP:10.0.2.60/255.255.255.255 +- IP:10.0.2.61/255.255.255.255 +- IP:10.0.2.62/255.255.255.255 +- IP:10.0.2.63/255.255.255.255 +- IP:10.0.2.64/255.255.255.255 +- IP:10.0.2.65/255.255.255.255 +- IP:10.0.2.66/255.255.255.255 +- IP:10.0.2.67/255.255.255.255 +- IP:10.0.2.68/255.255.255.255 +- IP:10.0.2.69/255.255.255.255 +- IP:10.0.2.70/255.255.255.255 +- IP:10.0.2.71/255.255.255.255 +- IP:10.0.2.72/255.255.255.255 +- IP:10.0.2.73/255.255.255.255 +- IP:10.0.2.74/255.255.255.255 +- IP:10.0.2.75/255.255.255.255 +- IP:10.0.2.76/255.255.255.255 +- IP:10.0.2.77/255.255.255.255 +- IP:10.0.2.78/255.255.255.255 +- IP:10.0.2.79/255.255.255.255 +- IP:10.0.2.80/255.255.255.255 +- IP:10.0.2.81/255.255.255.255 +- IP:10.0.2.82/255.255.255.255 +- IP:10.0.2.83/255.255.255.255 +- IP:10.0.2.84/255.255.255.255 +- IP:10.0.2.85/255.255.255.255 +- IP:10.0.2.86/255.255.255.255 +- IP:10.0.2.87/255.255.255.255 +- IP:10.0.2.88/255.255.255.255 +- IP:10.0.2.89/255.255.255.255 +- IP:10.0.2.90/255.255.255.255 +- IP:10.0.2.91/255.255.255.255 +- IP:10.0.2.92/255.255.255.255 +- IP:10.0.2.93/255.255.255.255 +- IP:10.0.2.94/255.255.255.255 +- IP:10.0.2.95/255.255.255.255 +- IP:10.0.2.96/255.255.255.255 +- IP:10.0.2.97/255.255.255.255 +- IP:10.0.2.98/255.255.255.255 +- IP:10.0.2.99/255.255.255.255 +- IP:10.0.2.100/255.255.255.255 +- IP:10.0.2.101/255.255.255.255 +- IP:10.0.2.102/255.255.255.255 +- IP:10.0.2.103/255.255.255.255 +- IP:10.0.2.104/255.255.255.255 +- IP:10.0.2.105/255.255.255.255 +- IP:10.0.2.106/255.255.255.255 +- IP:10.0.2.107/255.255.255.255 +- IP:10.0.2.108/255.255.255.255 +- IP:10.0.2.109/255.255.255.255 +- IP:10.0.2.110/255.255.255.255 +- IP:10.0.2.111/255.255.255.255 +- IP:10.0.2.112/255.255.255.255 +- IP:10.0.2.113/255.255.255.255 +- IP:10.0.2.114/255.255.255.255 +- IP:10.0.2.115/255.255.255.255 +- IP:10.0.2.116/255.255.255.255 +- IP:10.0.2.117/255.255.255.255 +- IP:10.0.2.118/255.255.255.255 +- IP:10.0.2.119/255.255.255.255 +- IP:10.0.2.120/255.255.255.255 +- IP:10.0.2.121/255.255.255.255 +- IP:10.0.2.122/255.255.255.255 +- IP:10.0.2.123/255.255.255.255 +- IP:10.0.2.124/255.255.255.255 +- IP:10.0.2.125/255.255.255.255 +- IP:10.0.2.126/255.255.255.255 +- IP:10.0.2.127/255.255.255.255 +- IP:10.0.2.128/255.255.255.255 +- IP:10.0.2.129/255.255.255.255 +- IP:10.0.2.130/255.255.255.255 +- IP:10.0.2.131/255.255.255.255 +- IP:10.0.2.132/255.255.255.255 +- IP:10.0.2.133/255.255.255.255 +- IP:10.0.2.134/255.255.255.255 +- IP:10.0.2.135/255.255.255.255 +- IP:10.0.2.136/255.255.255.255 +- IP:10.0.2.137/255.255.255.255 +- IP:10.0.2.138/255.255.255.255 +- IP:10.0.2.139/255.255.255.255 +- IP:10.0.2.140/255.255.255.255 +- IP:10.0.2.141/255.255.255.255 +- IP:10.0.2.142/255.255.255.255 +- IP:10.0.2.143/255.255.255.255 +- IP:10.0.2.144/255.255.255.255 +- IP:10.0.2.145/255.255.255.255 +- IP:10.0.2.146/255.255.255.255 +- IP:10.0.2.147/255.255.255.255 +- IP:10.0.2.148/255.255.255.255 +- IP:10.0.2.149/255.255.255.255 +- IP:10.0.2.150/255.255.255.255 +- IP:10.0.2.151/255.255.255.255 +- IP:10.0.2.152/255.255.255.255 +- IP:10.0.2.153/255.255.255.255 +- IP:10.0.2.154/255.255.255.255 +- IP:10.0.2.155/255.255.255.255 +- IP:10.0.2.156/255.255.255.255 +- IP:10.0.2.157/255.255.255.255 +- IP:10.0.2.158/255.255.255.255 +- IP:10.0.2.159/255.255.255.255 +- IP:10.0.2.160/255.255.255.255 +- IP:10.0.2.161/255.255.255.255 +- IP:10.0.2.162/255.255.255.255 +- IP:10.0.2.163/255.255.255.255 +- IP:10.0.2.164/255.255.255.255 +- IP:10.0.2.165/255.255.255.255 +- IP:10.0.2.166/255.255.255.255 +- IP:10.0.2.167/255.255.255.255 +- IP:10.0.2.168/255.255.255.255 +- IP:10.0.2.169/255.255.255.255 +- IP:10.0.2.170/255.255.255.255 +- IP:10.0.2.171/255.255.255.255 +- IP:10.0.2.172/255.255.255.255 +- IP:10.0.2.173/255.255.255.255 +- IP:10.0.2.174/255.255.255.255 +- IP:10.0.2.175/255.255.255.255 +- IP:10.0.2.176/255.255.255.255 +- IP:10.0.2.177/255.255.255.255 +- IP:10.0.2.178/255.255.255.255 +- IP:10.0.2.179/255.255.255.255 +- IP:10.0.2.180/255.255.255.255 +- IP:10.0.2.181/255.255.255.255 +- IP:10.0.2.182/255.255.255.255 +- IP:10.0.2.183/255.255.255.255 +- IP:10.0.2.184/255.255.255.255 +- IP:10.0.2.185/255.255.255.255 +- IP:10.0.2.186/255.255.255.255 +- IP:10.0.2.187/255.255.255.255 +- IP:10.0.2.188/255.255.255.255 +- IP:10.0.2.189/255.255.255.255 +- IP:10.0.2.190/255.255.255.255 +- IP:10.0.2.191/255.255.255.255 +- IP:10.0.2.192/255.255.255.255 +- IP:10.0.2.193/255.255.255.255 +- IP:10.0.2.194/255.255.255.255 +- IP:10.0.2.195/255.255.255.255 +- IP:10.0.2.196/255.255.255.255 +- IP:10.0.2.197/255.255.255.255 +- IP:10.0.2.198/255.255.255.255 +- IP:10.0.2.199/255.255.255.255 +- IP:10.0.2.200/255.255.255.255 +- IP:10.0.2.201/255.255.255.255 +- IP:10.0.2.202/255.255.255.255 +- IP:10.0.2.203/255.255.255.255 +- IP:10.0.2.204/255.255.255.255 +- IP:10.0.2.205/255.255.255.255 +- IP:10.0.2.206/255.255.255.255 +- IP:10.0.2.207/255.255.255.255 +- IP:10.0.2.208/255.255.255.255 +- IP:10.0.2.209/255.255.255.255 +- IP:10.0.2.210/255.255.255.255 +- IP:10.0.2.211/255.255.255.255 +- IP:10.0.2.212/255.255.255.255 +- IP:10.0.2.213/255.255.255.255 +- IP:10.0.2.214/255.255.255.255 +- IP:10.0.2.215/255.255.255.255 +- IP:10.0.2.216/255.255.255.255 +- IP:10.0.2.217/255.255.255.255 +- IP:10.0.2.218/255.255.255.255 +- IP:10.0.2.219/255.255.255.255 +- IP:10.0.2.220/255.255.255.255 +- IP:10.0.2.221/255.255.255.255 +- IP:10.0.2.222/255.255.255.255 +- IP:10.0.2.223/255.255.255.255 +- IP:10.0.2.224/255.255.255.255 +- IP:10.0.2.225/255.255.255.255 +- IP:10.0.2.226/255.255.255.255 +- IP:10.0.2.227/255.255.255.255 +- IP:10.0.2.228/255.255.255.255 +- IP:10.0.2.229/255.255.255.255 +- IP:10.0.2.230/255.255.255.255 +- IP:10.0.2.231/255.255.255.255 +- IP:10.0.2.232/255.255.255.255 +- IP:10.0.2.233/255.255.255.255 +- IP:10.0.2.234/255.255.255.255 +- IP:10.0.2.235/255.255.255.255 +- IP:10.0.2.236/255.255.255.255 +- IP:10.0.2.237/255.255.255.255 +- IP:10.0.2.238/255.255.255.255 +- IP:10.0.2.239/255.255.255.255 +- IP:10.0.2.240/255.255.255.255 +- IP:10.0.2.241/255.255.255.255 +- IP:10.0.2.242/255.255.255.255 +- IP:10.0.2.243/255.255.255.255 +- IP:10.0.2.244/255.255.255.255 +- IP:10.0.2.245/255.255.255.255 +- IP:10.0.2.246/255.255.255.255 +- IP:10.0.2.247/255.255.255.255 +- IP:10.0.2.248/255.255.255.255 +- IP:10.0.2.249/255.255.255.255 +- IP:10.0.2.250/255.255.255.255 +- IP:10.0.2.251/255.255.255.255 +- IP:10.0.2.252/255.255.255.255 +- IP:10.0.2.253/255.255.255.255 +- IP:10.0.2.254/255.255.255.255 +- IP:10.0.2.255/255.255.255.255 +- IP:10.0.3.0/255.255.255.255 +- IP:10.0.3.1/255.255.255.255 +- IP:10.0.3.2/255.255.255.255 +- IP:10.0.3.3/255.255.255.255 +- IP:10.0.3.4/255.255.255.255 +- IP:10.0.3.5/255.255.255.255 +- IP:10.0.3.6/255.255.255.255 +- IP:10.0.3.7/255.255.255.255 +- IP:10.0.3.8/255.255.255.255 +- IP:10.0.3.9/255.255.255.255 +- IP:10.0.3.10/255.255.255.255 +- IP:10.0.3.11/255.255.255.255 +- IP:10.0.3.12/255.255.255.255 +- IP:10.0.3.13/255.255.255.255 +- IP:10.0.3.14/255.255.255.255 +- IP:10.0.3.15/255.255.255.255 +- IP:10.0.3.16/255.255.255.255 +- IP:10.0.3.17/255.255.255.255 +- IP:10.0.3.18/255.255.255.255 +- IP:10.0.3.19/255.255.255.255 +- IP:10.0.3.20/255.255.255.255 +- IP:10.0.3.21/255.255.255.255 +- IP:10.0.3.22/255.255.255.255 +- IP:10.0.3.23/255.255.255.255 +- IP:10.0.3.24/255.255.255.255 +- IP:10.0.3.25/255.255.255.255 +- IP:10.0.3.26/255.255.255.255 +- IP:10.0.3.27/255.255.255.255 +- IP:10.0.3.28/255.255.255.255 +- IP:10.0.3.29/255.255.255.255 +- IP:10.0.3.30/255.255.255.255 +- IP:10.0.3.31/255.255.255.255 +- IP:10.0.3.32/255.255.255.255 +- IP:10.0.3.33/255.255.255.255 +- IP:10.0.3.34/255.255.255.255 +- IP:10.0.3.35/255.255.255.255 +- IP:10.0.3.36/255.255.255.255 +- IP:10.0.3.37/255.255.255.255 +- IP:10.0.3.38/255.255.255.255 +- IP:10.0.3.39/255.255.255.255 +- IP:10.0.3.40/255.255.255.255 +- IP:10.0.3.41/255.255.255.255 +- IP:10.0.3.42/255.255.255.255 +- IP:10.0.3.43/255.255.255.255 +- IP:10.0.3.44/255.255.255.255 +- IP:10.0.3.45/255.255.255.255 +- IP:10.0.3.46/255.255.255.255 +- IP:10.0.3.47/255.255.255.255 +- IP:10.0.3.48/255.255.255.255 +- IP:10.0.3.49/255.255.255.255 +- IP:10.0.3.50/255.255.255.255 +- IP:10.0.3.51/255.255.255.255 +- IP:10.0.3.52/255.255.255.255 +- IP:10.0.3.53/255.255.255.255 +- IP:10.0.3.54/255.255.255.255 +- IP:10.0.3.55/255.255.255.255 +- IP:10.0.3.56/255.255.255.255 +- IP:10.0.3.57/255.255.255.255 +- IP:10.0.3.58/255.255.255.255 +- IP:10.0.3.59/255.255.255.255 +- IP:10.0.3.60/255.255.255.255 +- IP:10.0.3.61/255.255.255.255 +- IP:10.0.3.62/255.255.255.255 +- IP:10.0.3.63/255.255.255.255 +- IP:10.0.3.64/255.255.255.255 +- IP:10.0.3.65/255.255.255.255 +- IP:10.0.3.66/255.255.255.255 +- IP:10.0.3.67/255.255.255.255 +- IP:10.0.3.68/255.255.255.255 +- IP:10.0.3.69/255.255.255.255 +- IP:10.0.3.70/255.255.255.255 +- IP:10.0.3.71/255.255.255.255 +- IP:10.0.3.72/255.255.255.255 +- IP:10.0.3.73/255.255.255.255 +- IP:10.0.3.74/255.255.255.255 +- IP:10.0.3.75/255.255.255.255 +- IP:10.0.3.76/255.255.255.255 +- IP:10.0.3.77/255.255.255.255 +- IP:10.0.3.78/255.255.255.255 +- IP:10.0.3.79/255.255.255.255 +- IP:10.0.3.80/255.255.255.255 +- IP:10.0.3.81/255.255.255.255 +- IP:10.0.3.82/255.255.255.255 +- IP:10.0.3.83/255.255.255.255 +- IP:10.0.3.84/255.255.255.255 +- IP:10.0.3.85/255.255.255.255 +- IP:10.0.3.86/255.255.255.255 +- IP:10.0.3.87/255.255.255.255 +- IP:10.0.3.88/255.255.255.255 +- IP:10.0.3.89/255.255.255.255 +- IP:10.0.3.90/255.255.255.255 +- IP:10.0.3.91/255.255.255.255 +- IP:10.0.3.92/255.255.255.255 +- IP:10.0.3.93/255.255.255.255 +- IP:10.0.3.94/255.255.255.255 +- IP:10.0.3.95/255.255.255.255 +- IP:10.0.3.96/255.255.255.255 +- IP:10.0.3.97/255.255.255.255 +- IP:10.0.3.98/255.255.255.255 +- IP:10.0.3.99/255.255.255.255 +- IP:10.0.3.100/255.255.255.255 +- IP:10.0.3.101/255.255.255.255 +- IP:10.0.3.102/255.255.255.255 +- IP:10.0.3.103/255.255.255.255 +- IP:10.0.3.104/255.255.255.255 +- IP:10.0.3.105/255.255.255.255 +- IP:10.0.3.106/255.255.255.255 +- IP:10.0.3.107/255.255.255.255 +- IP:10.0.3.108/255.255.255.255 +- IP:10.0.3.109/255.255.255.255 +- IP:10.0.3.110/255.255.255.255 +- IP:10.0.3.111/255.255.255.255 +- IP:10.0.3.112/255.255.255.255 +- IP:10.0.3.113/255.255.255.255 +- IP:10.0.3.114/255.255.255.255 +- IP:10.0.3.115/255.255.255.255 +- IP:10.0.3.116/255.255.255.255 +- IP:10.0.3.117/255.255.255.255 +- IP:10.0.3.118/255.255.255.255 +- IP:10.0.3.119/255.255.255.255 +- IP:10.0.3.120/255.255.255.255 +- IP:10.0.3.121/255.255.255.255 +- IP:10.0.3.122/255.255.255.255 +- IP:10.0.3.123/255.255.255.255 +- IP:10.0.3.124/255.255.255.255 +- IP:10.0.3.125/255.255.255.255 +- IP:10.0.3.126/255.255.255.255 +- IP:10.0.3.127/255.255.255.255 +- IP:10.0.3.128/255.255.255.255 +- IP:10.0.3.129/255.255.255.255 +- IP:10.0.3.130/255.255.255.255 +- IP:10.0.3.131/255.255.255.255 +- IP:10.0.3.132/255.255.255.255 +- IP:10.0.3.133/255.255.255.255 +- IP:10.0.3.134/255.255.255.255 +- IP:10.0.3.135/255.255.255.255 +- IP:10.0.3.136/255.255.255.255 +- IP:10.0.3.137/255.255.255.255 +- IP:10.0.3.138/255.255.255.255 +- IP:10.0.3.139/255.255.255.255 +- IP:10.0.3.140/255.255.255.255 +- IP:10.0.3.141/255.255.255.255 +- IP:10.0.3.142/255.255.255.255 +- IP:10.0.3.143/255.255.255.255 +- IP:10.0.3.144/255.255.255.255 +- IP:10.0.3.145/255.255.255.255 +- IP:10.0.3.146/255.255.255.255 +- IP:10.0.3.147/255.255.255.255 +- IP:10.0.3.148/255.255.255.255 +- IP:10.0.3.149/255.255.255.255 +- IP:10.0.3.150/255.255.255.255 +- IP:10.0.3.151/255.255.255.255 +- IP:10.0.3.152/255.255.255.255 +- IP:10.0.3.153/255.255.255.255 +- IP:10.0.3.154/255.255.255.255 +- IP:10.0.3.155/255.255.255.255 +- IP:10.0.3.156/255.255.255.255 +- IP:10.0.3.157/255.255.255.255 +- IP:10.0.3.158/255.255.255.255 +- IP:10.0.3.159/255.255.255.255 +- IP:10.0.3.160/255.255.255.255 +- IP:10.0.3.161/255.255.255.255 +- IP:10.0.3.162/255.255.255.255 +- IP:10.0.3.163/255.255.255.255 +- IP:10.0.3.164/255.255.255.255 +- IP:10.0.3.165/255.255.255.255 +- IP:10.0.3.166/255.255.255.255 +- IP:10.0.3.167/255.255.255.255 +- IP:10.0.3.168/255.255.255.255 +- IP:10.0.3.169/255.255.255.255 +- IP:10.0.3.170/255.255.255.255 +- IP:10.0.3.171/255.255.255.255 +- IP:10.0.3.172/255.255.255.255 +- IP:10.0.3.173/255.255.255.255 +- IP:10.0.3.174/255.255.255.255 +- IP:10.0.3.175/255.255.255.255 +- IP:10.0.3.176/255.255.255.255 +- IP:10.0.3.177/255.255.255.255 +- IP:10.0.3.178/255.255.255.255 +- IP:10.0.3.179/255.255.255.255 +- IP:10.0.3.180/255.255.255.255 +- IP:10.0.3.181/255.255.255.255 +- IP:10.0.3.182/255.255.255.255 +- IP:10.0.3.183/255.255.255.255 +- IP:10.0.3.184/255.255.255.255 +- IP:10.0.3.185/255.255.255.255 +- IP:10.0.3.186/255.255.255.255 +- IP:10.0.3.187/255.255.255.255 +- IP:10.0.3.188/255.255.255.255 +- IP:10.0.3.189/255.255.255.255 +- IP:10.0.3.190/255.255.255.255 +- IP:10.0.3.191/255.255.255.255 +- IP:10.0.3.192/255.255.255.255 +- IP:10.0.3.193/255.255.255.255 +- IP:10.0.3.194/255.255.255.255 +- IP:10.0.3.195/255.255.255.255 +- IP:10.0.3.196/255.255.255.255 +- IP:10.0.3.197/255.255.255.255 +- IP:10.0.3.198/255.255.255.255 +- IP:10.0.3.199/255.255.255.255 +- IP:10.0.3.200/255.255.255.255 +- IP:10.0.3.201/255.255.255.255 +- IP:10.0.3.202/255.255.255.255 +- IP:10.0.3.203/255.255.255.255 +- IP:10.0.3.204/255.255.255.255 +- IP:10.0.3.205/255.255.255.255 +- IP:10.0.3.206/255.255.255.255 +- IP:10.0.3.207/255.255.255.255 +- IP:10.0.3.208/255.255.255.255 +- IP:10.0.3.209/255.255.255.255 +- IP:10.0.3.210/255.255.255.255 +- IP:10.0.3.211/255.255.255.255 +- IP:10.0.3.212/255.255.255.255 +- IP:10.0.3.213/255.255.255.255 +- IP:10.0.3.214/255.255.255.255 +- IP:10.0.3.215/255.255.255.255 +- IP:10.0.3.216/255.255.255.255 +- IP:10.0.3.217/255.255.255.255 +- IP:10.0.3.218/255.255.255.255 +- IP:10.0.3.219/255.255.255.255 +- IP:10.0.3.220/255.255.255.255 +- IP:10.0.3.221/255.255.255.255 +- IP:10.0.3.222/255.255.255.255 +- IP:10.0.3.223/255.255.255.255 +- IP:10.0.3.224/255.255.255.255 +- IP:10.0.3.225/255.255.255.255 +- IP:10.0.3.226/255.255.255.255 +- IP:10.0.3.227/255.255.255.255 +- IP:10.0.3.228/255.255.255.255 +- IP:10.0.3.229/255.255.255.255 +- IP:10.0.3.230/255.255.255.255 +- IP:10.0.3.231/255.255.255.255 +- IP:10.0.3.232/255.255.255.255 +- IP:10.0.3.233/255.255.255.255 +- IP:10.0.3.234/255.255.255.255 +- IP:10.0.3.235/255.255.255.255 +- IP:10.0.3.236/255.255.255.255 +- IP:10.0.3.237/255.255.255.255 +- IP:10.0.3.238/255.255.255.255 +- IP:10.0.3.239/255.255.255.255 +- IP:10.0.3.240/255.255.255.255 +- IP:10.0.3.241/255.255.255.255 +- IP:10.0.3.242/255.255.255.255 +- IP:10.0.3.243/255.255.255.255 +- IP:10.0.3.244/255.255.255.255 +- IP:10.0.3.245/255.255.255.255 +- IP:10.0.3.246/255.255.255.255 +- IP:10.0.3.247/255.255.255.255 +- IP:10.0.3.248/255.255.255.255 +- IP:10.0.3.249/255.255.255.255 +- IP:10.0.3.250/255.255.255.255 +- IP:10.0.3.251/255.255.255.255 +- IP:10.0.3.252/255.255.255.255 +- IP:10.0.3.253/255.255.255.255 +- IP:10.0.3.254/255.255.255.255 +- IP:10.0.3.255/255.255.255.255 +- IP:10.0.4.0/255.255.255.255 +- URI:http://test/0 +- URI:http://test/1 +- URI:http://test/2 +- URI:http://test/3 +- URI:http://test/4 +- URI:http://test/5 +- URI:http://test/6 +- URI:http://test/7 +- URI:http://test/8 +- URI:http://test/9 +- URI:http://test/10 +- URI:http://test/11 +- URI:http://test/12 +- URI:http://test/13 +- URI:http://test/14 +- URI:http://test/15 +- URI:http://test/16 +- URI:http://test/17 +- URI:http://test/18 +- URI:http://test/19 +- URI:http://test/20 +- URI:http://test/21 +- URI:http://test/22 +- URI:http://test/23 +- URI:http://test/24 +- URI:http://test/25 +- URI:http://test/26 +- URI:http://test/27 +- URI:http://test/28 +- URI:http://test/29 +- URI:http://test/30 +- URI:http://test/31 +- URI:http://test/32 +- URI:http://test/33 +- URI:http://test/34 +- URI:http://test/35 +- URI:http://test/36 +- URI:http://test/37 +- URI:http://test/38 +- URI:http://test/39 +- URI:http://test/40 +- URI:http://test/41 +- URI:http://test/42 +- URI:http://test/43 +- URI:http://test/44 +- URI:http://test/45 +- URI:http://test/46 +- URI:http://test/47 +- URI:http://test/48 +- URI:http://test/49 +- URI:http://test/50 +- URI:http://test/51 +- URI:http://test/52 +- URI:http://test/53 +- URI:http://test/54 +- URI:http://test/55 +- URI:http://test/56 +- URI:http://test/57 +- URI:http://test/58 +- URI:http://test/59 +- URI:http://test/60 +- URI:http://test/61 +- URI:http://test/62 +- URI:http://test/63 +- URI:http://test/64 +- URI:http://test/65 +- URI:http://test/66 +- URI:http://test/67 +- URI:http://test/68 +- URI:http://test/69 +- URI:http://test/70 +- URI:http://test/71 +- URI:http://test/72 +- URI:http://test/73 +- URI:http://test/74 +- URI:http://test/75 +- URI:http://test/76 +- URI:http://test/77 +- URI:http://test/78 +- URI:http://test/79 +- URI:http://test/80 +- URI:http://test/81 +- URI:http://test/82 +- URI:http://test/83 +- URI:http://test/84 +- URI:http://test/85 +- URI:http://test/86 +- URI:http://test/87 +- URI:http://test/88 +- URI:http://test/89 +- URI:http://test/90 +- URI:http://test/91 +- URI:http://test/92 +- URI:http://test/93 +- URI:http://test/94 +- URI:http://test/95 +- URI:http://test/96 +- URI:http://test/97 +- URI:http://test/98 +- URI:http://test/99 +- URI:http://test/100 +- URI:http://test/101 +- URI:http://test/102 +- URI:http://test/103 +- URI:http://test/104 +- URI:http://test/105 +- URI:http://test/106 +- URI:http://test/107 +- URI:http://test/108 +- URI:http://test/109 +- URI:http://test/110 +- URI:http://test/111 +- URI:http://test/112 +- URI:http://test/113 +- URI:http://test/114 +- URI:http://test/115 +- URI:http://test/116 +- URI:http://test/117 +- URI:http://test/118 +- URI:http://test/119 +- URI:http://test/120 +- URI:http://test/121 +- URI:http://test/122 +- URI:http://test/123 +- URI:http://test/124 +- URI:http://test/125 +- URI:http://test/126 +- URI:http://test/127 +- URI:http://test/128 +- URI:http://test/129 +- URI:http://test/130 +- URI:http://test/131 +- URI:http://test/132 +- URI:http://test/133 +- URI:http://test/134 +- URI:http://test/135 +- URI:http://test/136 +- URI:http://test/137 +- URI:http://test/138 +- URI:http://test/139 +- URI:http://test/140 +- URI:http://test/141 +- URI:http://test/142 +- URI:http://test/143 +- URI:http://test/144 +- URI:http://test/145 +- URI:http://test/146 +- URI:http://test/147 +- URI:http://test/148 +- URI:http://test/149 +- URI:http://test/150 +- URI:http://test/151 +- URI:http://test/152 +- URI:http://test/153 +- URI:http://test/154 +- URI:http://test/155 +- URI:http://test/156 +- URI:http://test/157 +- URI:http://test/158 +- URI:http://test/159 +- URI:http://test/160 +- URI:http://test/161 +- URI:http://test/162 +- URI:http://test/163 +- URI:http://test/164 +- URI:http://test/165 +- URI:http://test/166 +- URI:http://test/167 +- URI:http://test/168 +- URI:http://test/169 +- URI:http://test/170 +- URI:http://test/171 +- URI:http://test/172 +- URI:http://test/173 +- URI:http://test/174 +- URI:http://test/175 +- URI:http://test/176 +- URI:http://test/177 +- URI:http://test/178 +- URI:http://test/179 +- URI:http://test/180 +- URI:http://test/181 +- URI:http://test/182 +- URI:http://test/183 +- URI:http://test/184 +- URI:http://test/185 +- URI:http://test/186 +- URI:http://test/187 +- URI:http://test/188 +- URI:http://test/189 +- URI:http://test/190 +- URI:http://test/191 +- URI:http://test/192 +- URI:http://test/193 +- URI:http://test/194 +- URI:http://test/195 +- URI:http://test/196 +- URI:http://test/197 +- URI:http://test/198 +- URI:http://test/199 +- URI:http://test/200 +- URI:http://test/201 +- URI:http://test/202 +- URI:http://test/203 +- URI:http://test/204 +- URI:http://test/205 +- URI:http://test/206 +- URI:http://test/207 +- URI:http://test/208 +- URI:http://test/209 +- URI:http://test/210 +- URI:http://test/211 +- URI:http://test/212 +- URI:http://test/213 +- URI:http://test/214 +- URI:http://test/215 +- URI:http://test/216 +- URI:http://test/217 +- URI:http://test/218 +- URI:http://test/219 +- URI:http://test/220 +- URI:http://test/221 +- URI:http://test/222 +- URI:http://test/223 +- URI:http://test/224 +- URI:http://test/225 +- URI:http://test/226 +- URI:http://test/227 +- URI:http://test/228 +- URI:http://test/229 +- URI:http://test/230 +- URI:http://test/231 +- URI:http://test/232 +- URI:http://test/233 +- URI:http://test/234 +- URI:http://test/235 +- URI:http://test/236 +- URI:http://test/237 +- URI:http://test/238 +- URI:http://test/239 +- URI:http://test/240 +- URI:http://test/241 +- URI:http://test/242 +- URI:http://test/243 +- URI:http://test/244 +- URI:http://test/245 +- URI:http://test/246 +- URI:http://test/247 +- URI:http://test/248 +- URI:http://test/249 +- URI:http://test/250 +- URI:http://test/251 +- URI:http://test/252 +- URI:http://test/253 +- URI:http://test/254 +- URI:http://test/255 +- URI:http://test/256 +- URI:http://test/257 +- URI:http://test/258 +- URI:http://test/259 +- URI:http://test/260 +- URI:http://test/261 +- URI:http://test/262 +- URI:http://test/263 +- URI:http://test/264 +- URI:http://test/265 +- URI:http://test/266 +- URI:http://test/267 +- URI:http://test/268 +- URI:http://test/269 +- URI:http://test/270 +- URI:http://test/271 +- URI:http://test/272 +- URI:http://test/273 +- URI:http://test/274 +- URI:http://test/275 +- URI:http://test/276 +- URI:http://test/277 +- URI:http://test/278 +- URI:http://test/279 +- URI:http://test/280 +- URI:http://test/281 +- URI:http://test/282 +- URI:http://test/283 +- URI:http://test/284 +- URI:http://test/285 +- URI:http://test/286 +- URI:http://test/287 +- URI:http://test/288 +- URI:http://test/289 +- URI:http://test/290 +- URI:http://test/291 +- URI:http://test/292 +- URI:http://test/293 +- URI:http://test/294 +- URI:http://test/295 +- URI:http://test/296 +- URI:http://test/297 +- URI:http://test/298 +- URI:http://test/299 +- URI:http://test/300 +- URI:http://test/301 +- URI:http://test/302 +- URI:http://test/303 +- URI:http://test/304 +- URI:http://test/305 +- URI:http://test/306 +- URI:http://test/307 +- URI:http://test/308 +- URI:http://test/309 +- URI:http://test/310 +- URI:http://test/311 +- URI:http://test/312 +- URI:http://test/313 +- URI:http://test/314 +- URI:http://test/315 +- URI:http://test/316 +- URI:http://test/317 +- URI:http://test/318 +- URI:http://test/319 +- URI:http://test/320 +- URI:http://test/321 +- URI:http://test/322 +- URI:http://test/323 +- URI:http://test/324 +- URI:http://test/325 +- URI:http://test/326 +- URI:http://test/327 +- URI:http://test/328 +- URI:http://test/329 +- URI:http://test/330 +- URI:http://test/331 +- URI:http://test/332 +- URI:http://test/333 +- URI:http://test/334 +- URI:http://test/335 +- URI:http://test/336 +- URI:http://test/337 +- URI:http://test/338 +- URI:http://test/339 +- URI:http://test/340 +- URI:http://test/341 +- URI:http://test/342 +- URI:http://test/343 +- URI:http://test/344 +- URI:http://test/345 +- URI:http://test/346 +- URI:http://test/347 +- URI:http://test/348 +- URI:http://test/349 +- URI:http://test/350 +- URI:http://test/351 +- URI:http://test/352 +- URI:http://test/353 +- URI:http://test/354 +- URI:http://test/355 +- URI:http://test/356 +- URI:http://test/357 +- URI:http://test/358 +- URI:http://test/359 +- URI:http://test/360 +- URI:http://test/361 +- URI:http://test/362 +- URI:http://test/363 +- URI:http://test/364 +- URI:http://test/365 +- URI:http://test/366 +- URI:http://test/367 +- URI:http://test/368 +- URI:http://test/369 +- URI:http://test/370 +- URI:http://test/371 +- URI:http://test/372 +- URI:http://test/373 +- URI:http://test/374 +- URI:http://test/375 +- URI:http://test/376 +- URI:http://test/377 +- URI:http://test/378 +- URI:http://test/379 +- URI:http://test/380 +- URI:http://test/381 +- URI:http://test/382 +- URI:http://test/383 +- URI:http://test/384 +- URI:http://test/385 +- URI:http://test/386 +- URI:http://test/387 +- URI:http://test/388 +- URI:http://test/389 +- URI:http://test/390 +- URI:http://test/391 +- URI:http://test/392 +- URI:http://test/393 +- URI:http://test/394 +- URI:http://test/395 +- URI:http://test/396 +- URI:http://test/397 +- URI:http://test/398 +- URI:http://test/399 +- URI:http://test/400 +- URI:http://test/401 +- URI:http://test/402 +- URI:http://test/403 +- URI:http://test/404 +- URI:http://test/405 +- URI:http://test/406 +- URI:http://test/407 +- URI:http://test/408 +- URI:http://test/409 +- URI:http://test/410 +- URI:http://test/411 +- URI:http://test/412 +- URI:http://test/413 +- URI:http://test/414 +- URI:http://test/415 +- URI:http://test/416 +- URI:http://test/417 +- URI:http://test/418 +- URI:http://test/419 +- URI:http://test/420 +- URI:http://test/421 +- URI:http://test/422 +- URI:http://test/423 +- URI:http://test/424 +- URI:http://test/425 +- URI:http://test/426 +- URI:http://test/427 +- URI:http://test/428 +- URI:http://test/429 +- URI:http://test/430 +- URI:http://test/431 +- URI:http://test/432 +- URI:http://test/433 +- URI:http://test/434 +- URI:http://test/435 +- URI:http://test/436 +- URI:http://test/437 +- URI:http://test/438 +- URI:http://test/439 +- URI:http://test/440 +- URI:http://test/441 +- URI:http://test/442 +- URI:http://test/443 +- URI:http://test/444 +- URI:http://test/445 +- URI:http://test/446 +- URI:http://test/447 +- URI:http://test/448 +- URI:http://test/449 +- URI:http://test/450 +- URI:http://test/451 +- URI:http://test/452 +- URI:http://test/453 +- URI:http://test/454 +- URI:http://test/455 +- URI:http://test/456 +- URI:http://test/457 +- URI:http://test/458 +- URI:http://test/459 +- URI:http://test/460 +- URI:http://test/461 +- URI:http://test/462 +- URI:http://test/463 +- URI:http://test/464 +- URI:http://test/465 +- URI:http://test/466 +- URI:http://test/467 +- URI:http://test/468 +- URI:http://test/469 +- URI:http://test/470 +- URI:http://test/471 +- URI:http://test/472 +- URI:http://test/473 +- URI:http://test/474 +- URI:http://test/475 +- URI:http://test/476 +- URI:http://test/477 +- URI:http://test/478 +- URI:http://test/479 +- URI:http://test/480 +- URI:http://test/481 +- URI:http://test/482 +- URI:http://test/483 +- URI:http://test/484 +- URI:http://test/485 +- URI:http://test/486 +- URI:http://test/487 +- URI:http://test/488 +- URI:http://test/489 +- URI:http://test/490 +- URI:http://test/491 +- URI:http://test/492 +- URI:http://test/493 +- URI:http://test/494 +- URI:http://test/495 +- URI:http://test/496 +- URI:http://test/497 +- URI:http://test/498 +- URI:http://test/499 +- URI:http://test/500 +- URI:http://test/501 +- URI:http://test/502 +- URI:http://test/503 +- URI:http://test/504 +- URI:http://test/505 +- URI:http://test/506 +- URI:http://test/507 +- URI:http://test/508 +- URI:http://test/509 +- URI:http://test/510 +- URI:http://test/511 +- URI:http://test/512 +- URI:http://test/513 +- URI:http://test/514 +- URI:http://test/515 +- URI:http://test/516 +- URI:http://test/517 +- URI:http://test/518 +- URI:http://test/519 +- URI:http://test/520 +- URI:http://test/521 +- URI:http://test/522 +- URI:http://test/523 +- URI:http://test/524 +- URI:http://test/525 +- URI:http://test/526 +- URI:http://test/527 +- URI:http://test/528 +- URI:http://test/529 +- URI:http://test/530 +- URI:http://test/531 +- URI:http://test/532 +- URI:http://test/533 +- URI:http://test/534 +- URI:http://test/535 +- URI:http://test/536 +- URI:http://test/537 +- URI:http://test/538 +- URI:http://test/539 +- URI:http://test/540 +- URI:http://test/541 +- URI:http://test/542 +- URI:http://test/543 +- URI:http://test/544 +- URI:http://test/545 +- URI:http://test/546 +- URI:http://test/547 +- URI:http://test/548 +- URI:http://test/549 +- URI:http://test/550 +- URI:http://test/551 +- URI:http://test/552 +- URI:http://test/553 +- URI:http://test/554 +- URI:http://test/555 +- URI:http://test/556 +- URI:http://test/557 +- URI:http://test/558 +- URI:http://test/559 +- URI:http://test/560 +- URI:http://test/561 +- URI:http://test/562 +- URI:http://test/563 +- URI:http://test/564 +- URI:http://test/565 +- URI:http://test/566 +- URI:http://test/567 +- URI:http://test/568 +- URI:http://test/569 +- URI:http://test/570 +- URI:http://test/571 +- URI:http://test/572 +- URI:http://test/573 +- URI:http://test/574 +- URI:http://test/575 +- URI:http://test/576 +- URI:http://test/577 +- URI:http://test/578 +- URI:http://test/579 +- URI:http://test/580 +- URI:http://test/581 +- URI:http://test/582 +- URI:http://test/583 +- URI:http://test/584 +- URI:http://test/585 +- URI:http://test/586 +- URI:http://test/587 +- URI:http://test/588 +- URI:http://test/589 +- URI:http://test/590 +- URI:http://test/591 +- URI:http://test/592 +- URI:http://test/593 +- URI:http://test/594 +- URI:http://test/595 +- URI:http://test/596 +- URI:http://test/597 +- URI:http://test/598 +- URI:http://test/599 +- URI:http://test/600 +- URI:http://test/601 +- URI:http://test/602 +- URI:http://test/603 +- URI:http://test/604 +- URI:http://test/605 +- URI:http://test/606 +- URI:http://test/607 +- URI:http://test/608 +- URI:http://test/609 +- URI:http://test/610 +- URI:http://test/611 +- URI:http://test/612 +- URI:http://test/613 +- URI:http://test/614 +- URI:http://test/615 +- URI:http://test/616 +- URI:http://test/617 +- URI:http://test/618 +- URI:http://test/619 +- URI:http://test/620 +- URI:http://test/621 +- URI:http://test/622 +- URI:http://test/623 +- URI:http://test/624 +- URI:http://test/625 +- URI:http://test/626 +- URI:http://test/627 +- URI:http://test/628 +- URI:http://test/629 +- URI:http://test/630 +- URI:http://test/631 +- URI:http://test/632 +- URI:http://test/633 +- URI:http://test/634 +- URI:http://test/635 +- URI:http://test/636 +- URI:http://test/637 +- URI:http://test/638 +- URI:http://test/639 +- URI:http://test/640 +- URI:http://test/641 +- URI:http://test/642 +- URI:http://test/643 +- URI:http://test/644 +- URI:http://test/645 +- URI:http://test/646 +- URI:http://test/647 +- URI:http://test/648 +- URI:http://test/649 +- URI:http://test/650 +- URI:http://test/651 +- URI:http://test/652 +- URI:http://test/653 +- URI:http://test/654 +- URI:http://test/655 +- URI:http://test/656 +- URI:http://test/657 +- URI:http://test/658 +- URI:http://test/659 +- URI:http://test/660 +- URI:http://test/661 +- URI:http://test/662 +- URI:http://test/663 +- URI:http://test/664 +- URI:http://test/665 +- URI:http://test/666 +- URI:http://test/667 +- URI:http://test/668 +- URI:http://test/669 +- URI:http://test/670 +- URI:http://test/671 +- URI:http://test/672 +- URI:http://test/673 +- URI:http://test/674 +- URI:http://test/675 +- URI:http://test/676 +- URI:http://test/677 +- URI:http://test/678 +- URI:http://test/679 +- URI:http://test/680 +- URI:http://test/681 +- URI:http://test/682 +- URI:http://test/683 +- URI:http://test/684 +- URI:http://test/685 +- URI:http://test/686 +- URI:http://test/687 +- URI:http://test/688 +- URI:http://test/689 +- URI:http://test/690 +- URI:http://test/691 +- URI:http://test/692 +- URI:http://test/693 +- URI:http://test/694 +- URI:http://test/695 +- URI:http://test/696 +- URI:http://test/697 +- URI:http://test/698 +- URI:http://test/699 +- URI:http://test/700 +- URI:http://test/701 +- URI:http://test/702 +- URI:http://test/703 +- URI:http://test/704 +- URI:http://test/705 +- URI:http://test/706 +- URI:http://test/707 +- URI:http://test/708 +- URI:http://test/709 +- URI:http://test/710 +- URI:http://test/711 +- URI:http://test/712 +- URI:http://test/713 +- URI:http://test/714 +- URI:http://test/715 +- URI:http://test/716 +- URI:http://test/717 +- URI:http://test/718 +- URI:http://test/719 +- URI:http://test/720 +- URI:http://test/721 +- URI:http://test/722 +- URI:http://test/723 +- URI:http://test/724 +- URI:http://test/725 +- URI:http://test/726 +- URI:http://test/727 +- URI:http://test/728 +- URI:http://test/729 +- URI:http://test/730 +- URI:http://test/731 +- URI:http://test/732 +- URI:http://test/733 +- URI:http://test/734 +- URI:http://test/735 +- URI:http://test/736 +- URI:http://test/737 +- URI:http://test/738 +- URI:http://test/739 +- URI:http://test/740 +- URI:http://test/741 +- URI:http://test/742 +- URI:http://test/743 +- URI:http://test/744 +- URI:http://test/745 +- URI:http://test/746 +- URI:http://test/747 +- URI:http://test/748 +- URI:http://test/749 +- URI:http://test/750 +- URI:http://test/751 +- URI:http://test/752 +- URI:http://test/753 +- URI:http://test/754 +- URI:http://test/755 +- URI:http://test/756 +- URI:http://test/757 +- URI:http://test/758 +- URI:http://test/759 +- URI:http://test/760 +- URI:http://test/761 +- URI:http://test/762 +- URI:http://test/763 +- URI:http://test/764 +- URI:http://test/765 +- URI:http://test/766 +- URI:http://test/767 +- URI:http://test/768 +- URI:http://test/769 +- URI:http://test/770 +- URI:http://test/771 +- URI:http://test/772 +- URI:http://test/773 +- URI:http://test/774 +- URI:http://test/775 +- URI:http://test/776 +- URI:http://test/777 +- URI:http://test/778 +- URI:http://test/779 +- URI:http://test/780 +- URI:http://test/781 +- URI:http://test/782 +- URI:http://test/783 +- URI:http://test/784 +- URI:http://test/785 +- URI:http://test/786 +- URI:http://test/787 +- URI:http://test/788 +- URI:http://test/789 +- URI:http://test/790 +- URI:http://test/791 +- URI:http://test/792 +- URI:http://test/793 +- URI:http://test/794 +- URI:http://test/795 +- URI:http://test/796 +- URI:http://test/797 +- URI:http://test/798 +- URI:http://test/799 +- URI:http://test/800 +- URI:http://test/801 +- URI:http://test/802 +- URI:http://test/803 +- URI:http://test/804 +- URI:http://test/805 +- URI:http://test/806 +- URI:http://test/807 +- URI:http://test/808 +- URI:http://test/809 +- URI:http://test/810 +- URI:http://test/811 +- URI:http://test/812 +- URI:http://test/813 +- URI:http://test/814 +- URI:http://test/815 +- URI:http://test/816 +- URI:http://test/817 +- URI:http://test/818 +- URI:http://test/819 +- URI:http://test/820 +- URI:http://test/821 +- URI:http://test/822 +- URI:http://test/823 +- URI:http://test/824 +- URI:http://test/825 +- URI:http://test/826 +- URI:http://test/827 +- URI:http://test/828 +- URI:http://test/829 +- URI:http://test/830 +- URI:http://test/831 +- URI:http://test/832 +- URI:http://test/833 +- URI:http://test/834 +- URI:http://test/835 +- URI:http://test/836 +- URI:http://test/837 +- URI:http://test/838 +- URI:http://test/839 +- URI:http://test/840 +- URI:http://test/841 +- URI:http://test/842 +- URI:http://test/843 +- URI:http://test/844 +- URI:http://test/845 +- URI:http://test/846 +- URI:http://test/847 +- URI:http://test/848 +- URI:http://test/849 +- URI:http://test/850 +- URI:http://test/851 +- URI:http://test/852 +- URI:http://test/853 +- URI:http://test/854 +- URI:http://test/855 +- URI:http://test/856 +- URI:http://test/857 +- URI:http://test/858 +- URI:http://test/859 +- URI:http://test/860 +- URI:http://test/861 +- URI:http://test/862 +- URI:http://test/863 +- URI:http://test/864 +- URI:http://test/865 +- URI:http://test/866 +- URI:http://test/867 +- URI:http://test/868 +- URI:http://test/869 +- URI:http://test/870 +- URI:http://test/871 +- URI:http://test/872 +- URI:http://test/873 +- URI:http://test/874 +- URI:http://test/875 +- URI:http://test/876 +- URI:http://test/877 +- URI:http://test/878 +- URI:http://test/879 +- URI:http://test/880 +- URI:http://test/881 +- URI:http://test/882 +- URI:http://test/883 +- URI:http://test/884 +- URI:http://test/885 +- URI:http://test/886 +- URI:http://test/887 +- URI:http://test/888 +- URI:http://test/889 +- URI:http://test/890 +- URI:http://test/891 +- URI:http://test/892 +- URI:http://test/893 +- URI:http://test/894 +- URI:http://test/895 +- URI:http://test/896 +- URI:http://test/897 +- URI:http://test/898 +- URI:http://test/899 +- URI:http://test/900 +- URI:http://test/901 +- URI:http://test/902 +- URI:http://test/903 +- URI:http://test/904 +- URI:http://test/905 +- URI:http://test/906 +- URI:http://test/907 +- URI:http://test/908 +- URI:http://test/909 +- URI:http://test/910 +- URI:http://test/911 +- URI:http://test/912 +- URI:http://test/913 +- URI:http://test/914 +- URI:http://test/915 +- URI:http://test/916 +- URI:http://test/917 +- URI:http://test/918 +- URI:http://test/919 +- URI:http://test/920 +- URI:http://test/921 +- URI:http://test/922 +- URI:http://test/923 +- URI:http://test/924 +- URI:http://test/925 +- URI:http://test/926 +- URI:http://test/927 +- URI:http://test/928 +- URI:http://test/929 +- URI:http://test/930 +- URI:http://test/931 +- URI:http://test/932 +- URI:http://test/933 +- URI:http://test/934 +- URI:http://test/935 +- URI:http://test/936 +- URI:http://test/937 +- URI:http://test/938 +- URI:http://test/939 +- URI:http://test/940 +- URI:http://test/941 +- URI:http://test/942 +- URI:http://test/943 +- URI:http://test/944 +- URI:http://test/945 +- URI:http://test/946 +- URI:http://test/947 +- URI:http://test/948 +- URI:http://test/949 +- URI:http://test/950 +- URI:http://test/951 +- URI:http://test/952 +- URI:http://test/953 +- URI:http://test/954 +- URI:http://test/955 +- URI:http://test/956 +- URI:http://test/957 +- URI:http://test/958 +- URI:http://test/959 +- URI:http://test/960 +- URI:http://test/961 +- URI:http://test/962 +- URI:http://test/963 +- URI:http://test/964 +- URI:http://test/965 +- URI:http://test/966 +- URI:http://test/967 +- URI:http://test/968 +- URI:http://test/969 +- URI:http://test/970 +- URI:http://test/971 +- URI:http://test/972 +- URI:http://test/973 +- URI:http://test/974 +- URI:http://test/975 +- URI:http://test/976 +- URI:http://test/977 +- URI:http://test/978 +- URI:http://test/979 +- URI:http://test/980 +- URI:http://test/981 +- URI:http://test/982 +- URI:http://test/983 +- URI:http://test/984 +- URI:http://test/985 +- URI:http://test/986 +- URI:http://test/987 +- URI:http://test/988 +- URI:http://test/989 +- URI:http://test/990 +- URI:http://test/991 +- URI:http://test/992 +- URI:http://test/993 +- URI:http://test/994 +- URI:http://test/995 +- URI:http://test/996 +- URI:http://test/997 +- URI:http://test/998 +- URI:http://test/999 +- URI:http://test/1000 +- URI:http://test/1001 +- URI:http://test/1002 +- URI:http://test/1003 +- URI:http://test/1004 +- URI:http://test/1005 +- URI:http://test/1006 +- URI:http://test/1007 +- URI:http://test/1008 +- URI:http://test/1009 +- URI:http://test/1010 +- URI:http://test/1011 +- URI:http://test/1012 +- URI:http://test/1013 +- URI:http://test/1014 +- URI:http://test/1015 +- URI:http://test/1016 +- URI:http://test/1017 +- URI:http://test/1018 +- URI:http://test/1019 +- URI:http://test/1020 +- URI:http://test/1021 +- URI:http://test/1022 +- URI:http://test/1023 +- URI:http://test/1024 +- Excluded: +- DNS:x0.test +- DNS:x1.test +- DNS:x2.test +- DNS:x3.test +- DNS:x4.test +- DNS:x5.test +- DNS:x6.test +- DNS:x7.test +- DNS:x8.test +- DNS:x9.test +- DNS:x10.test +- DNS:x11.test +- DNS:x12.test +- DNS:x13.test +- DNS:x14.test +- DNS:x15.test +- DNS:x16.test +- DNS:x17.test +- DNS:x18.test +- DNS:x19.test +- DNS:x20.test +- DNS:x21.test +- DNS:x22.test +- DNS:x23.test +- DNS:x24.test +- DNS:x25.test +- DNS:x26.test +- DNS:x27.test +- DNS:x28.test +- DNS:x29.test +- DNS:x30.test +- DNS:x31.test +- DNS:x32.test +- DNS:x33.test +- DNS:x34.test +- DNS:x35.test +- DNS:x36.test +- DNS:x37.test +- DNS:x38.test +- DNS:x39.test +- DNS:x40.test +- DNS:x41.test +- DNS:x42.test +- DNS:x43.test +- DNS:x44.test +- DNS:x45.test +- DNS:x46.test +- DNS:x47.test +- DNS:x48.test +- DNS:x49.test +- DNS:x50.test +- DNS:x51.test +- DNS:x52.test +- DNS:x53.test +- DNS:x54.test +- DNS:x55.test +- DNS:x56.test +- DNS:x57.test +- DNS:x58.test +- DNS:x59.test +- DNS:x60.test +- DNS:x61.test +- DNS:x62.test +- DNS:x63.test +- DNS:x64.test +- DNS:x65.test +- DNS:x66.test +- DNS:x67.test +- DNS:x68.test +- DNS:x69.test +- DNS:x70.test +- DNS:x71.test +- DNS:x72.test +- DNS:x73.test +- DNS:x74.test +- DNS:x75.test +- DNS:x76.test +- DNS:x77.test +- DNS:x78.test +- DNS:x79.test +- DNS:x80.test +- DNS:x81.test +- DNS:x82.test +- DNS:x83.test +- DNS:x84.test +- DNS:x85.test +- DNS:x86.test +- DNS:x87.test +- DNS:x88.test +- DNS:x89.test +- DNS:x90.test +- DNS:x91.test +- DNS:x92.test +- DNS:x93.test +- DNS:x94.test +- DNS:x95.test +- DNS:x96.test +- DNS:x97.test +- DNS:x98.test +- DNS:x99.test +- DNS:x100.test +- DNS:x101.test +- DNS:x102.test +- DNS:x103.test +- DNS:x104.test +- DNS:x105.test +- DNS:x106.test +- DNS:x107.test +- DNS:x108.test +- DNS:x109.test +- DNS:x110.test +- DNS:x111.test +- DNS:x112.test +- DNS:x113.test +- DNS:x114.test +- DNS:x115.test +- DNS:x116.test +- DNS:x117.test +- DNS:x118.test +- DNS:x119.test +- DNS:x120.test +- DNS:x121.test +- DNS:x122.test +- DNS:x123.test +- DNS:x124.test +- DNS:x125.test +- DNS:x126.test +- DNS:x127.test +- DNS:x128.test +- DNS:x129.test +- DNS:x130.test +- DNS:x131.test +- DNS:x132.test +- DNS:x133.test +- DNS:x134.test +- DNS:x135.test +- DNS:x136.test +- DNS:x137.test +- DNS:x138.test +- DNS:x139.test +- DNS:x140.test +- DNS:x141.test +- DNS:x142.test +- DNS:x143.test +- DNS:x144.test +- DNS:x145.test +- DNS:x146.test +- DNS:x147.test +- DNS:x148.test +- DNS:x149.test +- DNS:x150.test +- DNS:x151.test +- DNS:x152.test +- DNS:x153.test +- DNS:x154.test +- DNS:x155.test +- DNS:x156.test +- DNS:x157.test +- DNS:x158.test +- DNS:x159.test +- DNS:x160.test +- DNS:x161.test +- DNS:x162.test +- DNS:x163.test +- DNS:x164.test +- DNS:x165.test +- DNS:x166.test +- DNS:x167.test +- DNS:x168.test +- DNS:x169.test +- DNS:x170.test +- DNS:x171.test +- DNS:x172.test +- DNS:x173.test +- DNS:x174.test +- DNS:x175.test +- DNS:x176.test +- DNS:x177.test +- DNS:x178.test +- DNS:x179.test +- DNS:x180.test +- DNS:x181.test +- DNS:x182.test +- DNS:x183.test +- DNS:x184.test +- DNS:x185.test +- DNS:x186.test +- DNS:x187.test +- DNS:x188.test +- DNS:x189.test +- DNS:x190.test +- DNS:x191.test +- DNS:x192.test +- DNS:x193.test +- DNS:x194.test +- DNS:x195.test +- DNS:x196.test +- DNS:x197.test +- DNS:x198.test +- DNS:x199.test +- DNS:x200.test +- DNS:x201.test +- DNS:x202.test +- DNS:x203.test +- DNS:x204.test +- DNS:x205.test +- DNS:x206.test +- DNS:x207.test +- DNS:x208.test +- DNS:x209.test +- DNS:x210.test +- DNS:x211.test +- DNS:x212.test +- DNS:x213.test +- DNS:x214.test +- DNS:x215.test +- DNS:x216.test +- DNS:x217.test +- DNS:x218.test +- DNS:x219.test +- DNS:x220.test +- DNS:x221.test +- DNS:x222.test +- DNS:x223.test +- DNS:x224.test +- DNS:x225.test +- DNS:x226.test +- DNS:x227.test +- DNS:x228.test +- DNS:x229.test +- DNS:x230.test +- DNS:x231.test +- DNS:x232.test +- DNS:x233.test +- DNS:x234.test +- DNS:x235.test +- DNS:x236.test +- DNS:x237.test +- DNS:x238.test +- DNS:x239.test +- DNS:x240.test +- DNS:x241.test +- DNS:x242.test +- DNS:x243.test +- DNS:x244.test +- DNS:x245.test +- DNS:x246.test +- DNS:x247.test +- DNS:x248.test +- DNS:x249.test +- DNS:x250.test +- DNS:x251.test +- DNS:x252.test +- DNS:x253.test +- DNS:x254.test +- DNS:x255.test +- DNS:x256.test +- DNS:x257.test +- DNS:x258.test +- DNS:x259.test +- DNS:x260.test +- DNS:x261.test +- DNS:x262.test +- DNS:x263.test +- DNS:x264.test +- DNS:x265.test +- DNS:x266.test +- DNS:x267.test +- DNS:x268.test +- DNS:x269.test +- DNS:x270.test +- DNS:x271.test +- DNS:x272.test +- DNS:x273.test +- DNS:x274.test +- DNS:x275.test +- DNS:x276.test +- DNS:x277.test +- DNS:x278.test +- DNS:x279.test +- DNS:x280.test +- DNS:x281.test +- DNS:x282.test +- DNS:x283.test +- DNS:x284.test +- DNS:x285.test +- DNS:x286.test +- DNS:x287.test +- DNS:x288.test +- DNS:x289.test +- DNS:x290.test +- DNS:x291.test +- DNS:x292.test +- DNS:x293.test +- DNS:x294.test +- DNS:x295.test +- DNS:x296.test +- DNS:x297.test +- DNS:x298.test +- DNS:x299.test +- DNS:x300.test +- DNS:x301.test +- DNS:x302.test +- DNS:x303.test +- DNS:x304.test +- DNS:x305.test +- DNS:x306.test +- DNS:x307.test +- DNS:x308.test +- DNS:x309.test +- DNS:x310.test +- DNS:x311.test +- DNS:x312.test +- DNS:x313.test +- DNS:x314.test +- DNS:x315.test +- DNS:x316.test +- DNS:x317.test +- DNS:x318.test +- DNS:x319.test +- DNS:x320.test +- DNS:x321.test +- DNS:x322.test +- DNS:x323.test +- DNS:x324.test +- DNS:x325.test +- DNS:x326.test +- DNS:x327.test +- DNS:x328.test +- DNS:x329.test +- DNS:x330.test +- DNS:x331.test +- DNS:x332.test +- DNS:x333.test +- DNS:x334.test +- DNS:x335.test +- DNS:x336.test +- DNS:x337.test +- DNS:x338.test +- DNS:x339.test +- DNS:x340.test +- DNS:x341.test +- DNS:x342.test +- DNS:x343.test +- DNS:x344.test +- DNS:x345.test +- DNS:x346.test +- DNS:x347.test +- DNS:x348.test +- DNS:x349.test +- DNS:x350.test +- DNS:x351.test +- DNS:x352.test +- DNS:x353.test +- DNS:x354.test +- DNS:x355.test +- DNS:x356.test +- DNS:x357.test +- DNS:x358.test +- DNS:x359.test +- DNS:x360.test +- DNS:x361.test +- DNS:x362.test +- DNS:x363.test +- DNS:x364.test +- DNS:x365.test +- DNS:x366.test +- DNS:x367.test +- DNS:x368.test +- DNS:x369.test +- DNS:x370.test +- DNS:x371.test +- DNS:x372.test +- DNS:x373.test +- DNS:x374.test +- DNS:x375.test +- DNS:x376.test +- DNS:x377.test +- DNS:x378.test +- DNS:x379.test +- DNS:x380.test +- DNS:x381.test +- DNS:x382.test +- DNS:x383.test +- DNS:x384.test +- DNS:x385.test +- DNS:x386.test +- DNS:x387.test +- DNS:x388.test +- DNS:x389.test +- DNS:x390.test +- DNS:x391.test +- DNS:x392.test +- DNS:x393.test +- DNS:x394.test +- DNS:x395.test +- DNS:x396.test +- DNS:x397.test +- DNS:x398.test +- DNS:x399.test +- DNS:x400.test +- DNS:x401.test +- DNS:x402.test +- DNS:x403.test +- DNS:x404.test +- DNS:x405.test +- DNS:x406.test +- DNS:x407.test +- DNS:x408.test +- DNS:x409.test +- DNS:x410.test +- DNS:x411.test +- DNS:x412.test +- DNS:x413.test +- DNS:x414.test +- DNS:x415.test +- DNS:x416.test +- DNS:x417.test +- DNS:x418.test +- DNS:x419.test +- DNS:x420.test +- DNS:x421.test +- DNS:x422.test +- DNS:x423.test +- DNS:x424.test +- DNS:x425.test +- DNS:x426.test +- DNS:x427.test +- DNS:x428.test +- DNS:x429.test +- DNS:x430.test +- DNS:x431.test +- DNS:x432.test +- DNS:x433.test +- DNS:x434.test +- DNS:x435.test +- DNS:x436.test +- DNS:x437.test +- DNS:x438.test +- DNS:x439.test +- DNS:x440.test +- DNS:x441.test +- DNS:x442.test +- DNS:x443.test +- DNS:x444.test +- DNS:x445.test +- DNS:x446.test +- DNS:x447.test +- DNS:x448.test +- DNS:x449.test +- DNS:x450.test +- DNS:x451.test +- DNS:x452.test +- DNS:x453.test +- DNS:x454.test +- DNS:x455.test +- DNS:x456.test +- DNS:x457.test +- DNS:x458.test +- DNS:x459.test +- DNS:x460.test +- DNS:x461.test +- DNS:x462.test +- DNS:x463.test +- DNS:x464.test +- DNS:x465.test +- DNS:x466.test +- DNS:x467.test +- DNS:x468.test +- DNS:x469.test +- DNS:x470.test +- DNS:x471.test +- DNS:x472.test +- DNS:x473.test +- DNS:x474.test +- DNS:x475.test +- DNS:x476.test +- DNS:x477.test +- DNS:x478.test +- DNS:x479.test +- DNS:x480.test +- DNS:x481.test +- DNS:x482.test +- DNS:x483.test +- DNS:x484.test +- DNS:x485.test +- DNS:x486.test +- DNS:x487.test +- DNS:x488.test +- DNS:x489.test +- DNS:x490.test +- DNS:x491.test +- DNS:x492.test +- DNS:x493.test +- DNS:x494.test +- DNS:x495.test +- DNS:x496.test +- DNS:x497.test +- DNS:x498.test +- DNS:x499.test +- DNS:x500.test +- DNS:x501.test +- DNS:x502.test +- DNS:x503.test +- DNS:x504.test +- DNS:x505.test +- DNS:x506.test +- DNS:x507.test +- DNS:x508.test +- DNS:x509.test +- DNS:x510.test +- DNS:x511.test +- DNS:x512.test +- DNS:x513.test +- DNS:x514.test +- DNS:x515.test +- DNS:x516.test +- DNS:x517.test +- DNS:x518.test +- DNS:x519.test +- DNS:x520.test +- DNS:x521.test +- DNS:x522.test +- DNS:x523.test +- DNS:x524.test +- DNS:x525.test +- DNS:x526.test +- DNS:x527.test +- DNS:x528.test +- DNS:x529.test +- DNS:x530.test +- DNS:x531.test +- DNS:x532.test +- DNS:x533.test +- DNS:x534.test +- DNS:x535.test +- DNS:x536.test +- DNS:x537.test +- DNS:x538.test +- DNS:x539.test +- DNS:x540.test +- DNS:x541.test +- DNS:x542.test +- DNS:x543.test +- DNS:x544.test +- DNS:x545.test +- DNS:x546.test +- DNS:x547.test +- DNS:x548.test +- DNS:x549.test +- DNS:x550.test +- DNS:x551.test +- DNS:x552.test +- DNS:x553.test +- DNS:x554.test +- DNS:x555.test +- DNS:x556.test +- DNS:x557.test +- DNS:x558.test +- DNS:x559.test +- DNS:x560.test +- DNS:x561.test +- DNS:x562.test +- DNS:x563.test +- DNS:x564.test +- DNS:x565.test +- DNS:x566.test +- DNS:x567.test +- DNS:x568.test +- DNS:x569.test +- DNS:x570.test +- DNS:x571.test +- DNS:x572.test +- DNS:x573.test +- DNS:x574.test +- DNS:x575.test +- DNS:x576.test +- DNS:x577.test +- DNS:x578.test +- DNS:x579.test +- DNS:x580.test +- DNS:x581.test +- DNS:x582.test +- DNS:x583.test +- DNS:x584.test +- DNS:x585.test +- DNS:x586.test +- DNS:x587.test +- DNS:x588.test +- DNS:x589.test +- DNS:x590.test +- DNS:x591.test +- DNS:x592.test +- DNS:x593.test +- DNS:x594.test +- DNS:x595.test +- DNS:x596.test +- DNS:x597.test +- DNS:x598.test +- DNS:x599.test +- DNS:x600.test +- DNS:x601.test +- DNS:x602.test +- DNS:x603.test +- DNS:x604.test +- DNS:x605.test +- DNS:x606.test +- DNS:x607.test +- DNS:x608.test +- DNS:x609.test +- DNS:x610.test +- DNS:x611.test +- DNS:x612.test +- DNS:x613.test +- DNS:x614.test +- DNS:x615.test +- DNS:x616.test +- DNS:x617.test +- DNS:x618.test +- DNS:x619.test +- DNS:x620.test +- DNS:x621.test +- DNS:x622.test +- DNS:x623.test +- DNS:x624.test +- DNS:x625.test +- DNS:x626.test +- DNS:x627.test +- DNS:x628.test +- DNS:x629.test +- DNS:x630.test +- DNS:x631.test +- DNS:x632.test +- DNS:x633.test +- DNS:x634.test +- DNS:x635.test +- DNS:x636.test +- DNS:x637.test +- DNS:x638.test +- DNS:x639.test +- DNS:x640.test +- DNS:x641.test +- DNS:x642.test +- DNS:x643.test +- DNS:x644.test +- DNS:x645.test +- DNS:x646.test +- DNS:x647.test +- DNS:x648.test +- DNS:x649.test +- DNS:x650.test +- DNS:x651.test +- DNS:x652.test +- DNS:x653.test +- DNS:x654.test +- DNS:x655.test +- DNS:x656.test +- DNS:x657.test +- DNS:x658.test +- DNS:x659.test +- DNS:x660.test +- DNS:x661.test +- DNS:x662.test +- DNS:x663.test +- DNS:x664.test +- DNS:x665.test +- DNS:x666.test +- DNS:x667.test +- DNS:x668.test +- DNS:x669.test +- DNS:x670.test +- DNS:x671.test +- DNS:x672.test +- DNS:x673.test +- DNS:x674.test +- DNS:x675.test +- DNS:x676.test +- DNS:x677.test +- DNS:x678.test +- DNS:x679.test +- DNS:x680.test +- DNS:x681.test +- DNS:x682.test +- DNS:x683.test +- DNS:x684.test +- DNS:x685.test +- DNS:x686.test +- DNS:x687.test +- DNS:x688.test +- DNS:x689.test +- DNS:x690.test +- DNS:x691.test +- DNS:x692.test +- DNS:x693.test +- DNS:x694.test +- DNS:x695.test +- DNS:x696.test +- DNS:x697.test +- DNS:x698.test +- DNS:x699.test +- DNS:x700.test +- DNS:x701.test +- DNS:x702.test +- DNS:x703.test +- DNS:x704.test +- DNS:x705.test +- DNS:x706.test +- DNS:x707.test +- DNS:x708.test +- DNS:x709.test +- DNS:x710.test +- DNS:x711.test +- DNS:x712.test +- DNS:x713.test +- DNS:x714.test +- DNS:x715.test +- DNS:x716.test +- DNS:x717.test +- DNS:x718.test +- DNS:x719.test +- DNS:x720.test +- DNS:x721.test +- DNS:x722.test +- DNS:x723.test +- DNS:x724.test +- DNS:x725.test +- DNS:x726.test +- DNS:x727.test +- DNS:x728.test +- DNS:x729.test +- DNS:x730.test +- DNS:x731.test +- DNS:x732.test +- DNS:x733.test +- DNS:x734.test +- DNS:x735.test +- DNS:x736.test +- DNS:x737.test +- DNS:x738.test +- DNS:x739.test +- DNS:x740.test +- DNS:x741.test +- DNS:x742.test +- DNS:x743.test +- DNS:x744.test +- DNS:x745.test +- DNS:x746.test +- DNS:x747.test +- DNS:x748.test +- DNS:x749.test +- DNS:x750.test +- DNS:x751.test +- DNS:x752.test +- DNS:x753.test +- DNS:x754.test +- DNS:x755.test +- DNS:x756.test +- DNS:x757.test +- DNS:x758.test +- DNS:x759.test +- DNS:x760.test +- DNS:x761.test +- DNS:x762.test +- DNS:x763.test +- DNS:x764.test +- DNS:x765.test +- DNS:x766.test +- DNS:x767.test +- DNS:x768.test +- DNS:x769.test +- DNS:x770.test +- DNS:x771.test +- DNS:x772.test +- DNS:x773.test +- DNS:x774.test +- DNS:x775.test +- DNS:x776.test +- DNS:x777.test +- DNS:x778.test +- DNS:x779.test +- DNS:x780.test +- DNS:x781.test +- DNS:x782.test +- DNS:x783.test +- DNS:x784.test +- DNS:x785.test +- DNS:x786.test +- DNS:x787.test +- DNS:x788.test +- DNS:x789.test +- DNS:x790.test +- DNS:x791.test +- DNS:x792.test +- DNS:x793.test +- DNS:x794.test +- DNS:x795.test +- DNS:x796.test +- DNS:x797.test +- DNS:x798.test +- DNS:x799.test +- DNS:x800.test +- DNS:x801.test +- DNS:x802.test +- DNS:x803.test +- DNS:x804.test +- DNS:x805.test +- DNS:x806.test +- DNS:x807.test +- DNS:x808.test +- DNS:x809.test +- DNS:x810.test +- DNS:x811.test +- DNS:x812.test +- DNS:x813.test +- DNS:x814.test +- DNS:x815.test +- DNS:x816.test +- DNS:x817.test +- DNS:x818.test +- DNS:x819.test +- DNS:x820.test +- DNS:x821.test +- DNS:x822.test +- DNS:x823.test +- DNS:x824.test +- DNS:x825.test +- DNS:x826.test +- DNS:x827.test +- DNS:x828.test +- DNS:x829.test +- DNS:x830.test +- DNS:x831.test +- DNS:x832.test +- DNS:x833.test +- DNS:x834.test +- DNS:x835.test +- DNS:x836.test +- DNS:x837.test +- DNS:x838.test +- DNS:x839.test +- DNS:x840.test +- DNS:x841.test +- DNS:x842.test +- DNS:x843.test +- DNS:x844.test +- DNS:x845.test +- DNS:x846.test +- DNS:x847.test +- DNS:x848.test +- DNS:x849.test +- DNS:x850.test +- DNS:x851.test +- DNS:x852.test +- DNS:x853.test +- DNS:x854.test +- DNS:x855.test +- DNS:x856.test +- DNS:x857.test +- DNS:x858.test +- DNS:x859.test +- DNS:x860.test +- DNS:x861.test +- DNS:x862.test +- DNS:x863.test +- DNS:x864.test +- DNS:x865.test +- DNS:x866.test +- DNS:x867.test +- DNS:x868.test +- DNS:x869.test +- DNS:x870.test +- DNS:x871.test +- DNS:x872.test +- DNS:x873.test +- DNS:x874.test +- DNS:x875.test +- DNS:x876.test +- DNS:x877.test +- DNS:x878.test +- DNS:x879.test +- DNS:x880.test +- DNS:x881.test +- DNS:x882.test +- DNS:x883.test +- DNS:x884.test +- DNS:x885.test +- DNS:x886.test +- DNS:x887.test +- DNS:x888.test +- DNS:x889.test +- DNS:x890.test +- DNS:x891.test +- DNS:x892.test +- DNS:x893.test +- DNS:x894.test +- DNS:x895.test +- DNS:x896.test +- DNS:x897.test +- DNS:x898.test +- DNS:x899.test +- DNS:x900.test +- DNS:x901.test +- DNS:x902.test +- DNS:x903.test +- DNS:x904.test +- DNS:x905.test +- DNS:x906.test +- DNS:x907.test +- DNS:x908.test +- DNS:x909.test +- DNS:x910.test +- DNS:x911.test +- DNS:x912.test +- DNS:x913.test +- DNS:x914.test +- DNS:x915.test +- DNS:x916.test +- DNS:x917.test +- DNS:x918.test +- DNS:x919.test +- DNS:x920.test +- DNS:x921.test +- DNS:x922.test +- DNS:x923.test +- DNS:x924.test +- DNS:x925.test +- DNS:x926.test +- DNS:x927.test +- DNS:x928.test +- DNS:x929.test +- DNS:x930.test +- DNS:x931.test +- DNS:x932.test +- DNS:x933.test +- DNS:x934.test +- DNS:x935.test +- DNS:x936.test +- DNS:x937.test +- DNS:x938.test +- DNS:x939.test +- DNS:x940.test +- DNS:x941.test +- DNS:x942.test +- DNS:x943.test +- DNS:x944.test +- DNS:x945.test +- DNS:x946.test +- DNS:x947.test +- DNS:x948.test +- DNS:x949.test +- DNS:x950.test +- DNS:x951.test +- DNS:x952.test +- DNS:x953.test +- DNS:x954.test +- DNS:x955.test +- DNS:x956.test +- DNS:x957.test +- DNS:x958.test +- DNS:x959.test +- DNS:x960.test +- DNS:x961.test +- DNS:x962.test +- DNS:x963.test +- DNS:x964.test +- DNS:x965.test +- DNS:x966.test +- DNS:x967.test +- DNS:x968.test +- DNS:x969.test +- DNS:x970.test +- DNS:x971.test +- DNS:x972.test +- DNS:x973.test +- DNS:x974.test +- DNS:x975.test +- DNS:x976.test +- DNS:x977.test +- DNS:x978.test +- DNS:x979.test +- DNS:x980.test +- DNS:x981.test +- DNS:x982.test +- DNS:x983.test +- DNS:x984.test +- DNS:x985.test +- DNS:x986.test +- DNS:x987.test +- DNS:x988.test +- DNS:x989.test +- DNS:x990.test +- DNS:x991.test +- DNS:x992.test +- DNS:x993.test +- DNS:x994.test +- DNS:x995.test +- DNS:x996.test +- DNS:x997.test +- DNS:x998.test +- DNS:x999.test +- DNS:x1000.test +- DNS:x1001.test +- DNS:x1002.test +- DNS:x1003.test +- DNS:x1004.test +- DNS:x1005.test +- DNS:x1006.test +- DNS:x1007.test +- DNS:x1008.test +- DNS:x1009.test +- DNS:x1010.test +- DNS:x1011.test +- DNS:x1012.test +- DNS:x1013.test +- DNS:x1014.test +- DNS:x1015.test +- DNS:x1016.test +- DNS:x1017.test +- DNS:x1018.test +- DNS:x1019.test +- DNS:x1020.test +- DNS:x1021.test +- DNS:x1022.test +- DNS:x1023.test +- DNS:x1024.test +- IP:11.0.0.0/255.255.255.255 +- IP:11.0.0.1/255.255.255.255 +- IP:11.0.0.2/255.255.255.255 +- IP:11.0.0.3/255.255.255.255 +- IP:11.0.0.4/255.255.255.255 +- IP:11.0.0.5/255.255.255.255 +- IP:11.0.0.6/255.255.255.255 +- IP:11.0.0.7/255.255.255.255 +- IP:11.0.0.8/255.255.255.255 +- IP:11.0.0.9/255.255.255.255 +- IP:11.0.0.10/255.255.255.255 +- IP:11.0.0.11/255.255.255.255 +- IP:11.0.0.12/255.255.255.255 +- IP:11.0.0.13/255.255.255.255 +- IP:11.0.0.14/255.255.255.255 +- IP:11.0.0.15/255.255.255.255 +- IP:11.0.0.16/255.255.255.255 +- IP:11.0.0.17/255.255.255.255 +- IP:11.0.0.18/255.255.255.255 +- IP:11.0.0.19/255.255.255.255 +- IP:11.0.0.20/255.255.255.255 +- IP:11.0.0.21/255.255.255.255 +- IP:11.0.0.22/255.255.255.255 +- IP:11.0.0.23/255.255.255.255 +- IP:11.0.0.24/255.255.255.255 +- IP:11.0.0.25/255.255.255.255 +- IP:11.0.0.26/255.255.255.255 +- IP:11.0.0.27/255.255.255.255 +- IP:11.0.0.28/255.255.255.255 +- IP:11.0.0.29/255.255.255.255 +- IP:11.0.0.30/255.255.255.255 +- IP:11.0.0.31/255.255.255.255 +- IP:11.0.0.32/255.255.255.255 +- IP:11.0.0.33/255.255.255.255 +- IP:11.0.0.34/255.255.255.255 +- IP:11.0.0.35/255.255.255.255 +- IP:11.0.0.36/255.255.255.255 +- IP:11.0.0.37/255.255.255.255 +- IP:11.0.0.38/255.255.255.255 +- IP:11.0.0.39/255.255.255.255 +- IP:11.0.0.40/255.255.255.255 +- IP:11.0.0.41/255.255.255.255 +- IP:11.0.0.42/255.255.255.255 +- IP:11.0.0.43/255.255.255.255 +- IP:11.0.0.44/255.255.255.255 +- IP:11.0.0.45/255.255.255.255 +- IP:11.0.0.46/255.255.255.255 +- IP:11.0.0.47/255.255.255.255 +- IP:11.0.0.48/255.255.255.255 +- IP:11.0.0.49/255.255.255.255 +- IP:11.0.0.50/255.255.255.255 +- IP:11.0.0.51/255.255.255.255 +- IP:11.0.0.52/255.255.255.255 +- IP:11.0.0.53/255.255.255.255 +- IP:11.0.0.54/255.255.255.255 +- IP:11.0.0.55/255.255.255.255 +- IP:11.0.0.56/255.255.255.255 +- IP:11.0.0.57/255.255.255.255 +- IP:11.0.0.58/255.255.255.255 +- IP:11.0.0.59/255.255.255.255 +- IP:11.0.0.60/255.255.255.255 +- IP:11.0.0.61/255.255.255.255 +- IP:11.0.0.62/255.255.255.255 +- IP:11.0.0.63/255.255.255.255 +- IP:11.0.0.64/255.255.255.255 +- IP:11.0.0.65/255.255.255.255 +- IP:11.0.0.66/255.255.255.255 +- IP:11.0.0.67/255.255.255.255 +- IP:11.0.0.68/255.255.255.255 +- IP:11.0.0.69/255.255.255.255 +- IP:11.0.0.70/255.255.255.255 +- IP:11.0.0.71/255.255.255.255 +- IP:11.0.0.72/255.255.255.255 +- IP:11.0.0.73/255.255.255.255 +- IP:11.0.0.74/255.255.255.255 +- IP:11.0.0.75/255.255.255.255 +- IP:11.0.0.76/255.255.255.255 +- IP:11.0.0.77/255.255.255.255 +- IP:11.0.0.78/255.255.255.255 +- IP:11.0.0.79/255.255.255.255 +- IP:11.0.0.80/255.255.255.255 +- IP:11.0.0.81/255.255.255.255 +- IP:11.0.0.82/255.255.255.255 +- IP:11.0.0.83/255.255.255.255 +- IP:11.0.0.84/255.255.255.255 +- IP:11.0.0.85/255.255.255.255 +- IP:11.0.0.86/255.255.255.255 +- IP:11.0.0.87/255.255.255.255 +- IP:11.0.0.88/255.255.255.255 +- IP:11.0.0.89/255.255.255.255 +- IP:11.0.0.90/255.255.255.255 +- IP:11.0.0.91/255.255.255.255 +- IP:11.0.0.92/255.255.255.255 +- IP:11.0.0.93/255.255.255.255 +- IP:11.0.0.94/255.255.255.255 +- IP:11.0.0.95/255.255.255.255 +- IP:11.0.0.96/255.255.255.255 +- IP:11.0.0.97/255.255.255.255 +- IP:11.0.0.98/255.255.255.255 +- IP:11.0.0.99/255.255.255.255 +- IP:11.0.0.100/255.255.255.255 +- IP:11.0.0.101/255.255.255.255 +- IP:11.0.0.102/255.255.255.255 +- IP:11.0.0.103/255.255.255.255 +- IP:11.0.0.104/255.255.255.255 +- IP:11.0.0.105/255.255.255.255 +- IP:11.0.0.106/255.255.255.255 +- IP:11.0.0.107/255.255.255.255 +- IP:11.0.0.108/255.255.255.255 +- IP:11.0.0.109/255.255.255.255 +- IP:11.0.0.110/255.255.255.255 +- IP:11.0.0.111/255.255.255.255 +- IP:11.0.0.112/255.255.255.255 +- IP:11.0.0.113/255.255.255.255 +- IP:11.0.0.114/255.255.255.255 +- IP:11.0.0.115/255.255.255.255 +- IP:11.0.0.116/255.255.255.255 +- IP:11.0.0.117/255.255.255.255 +- IP:11.0.0.118/255.255.255.255 +- IP:11.0.0.119/255.255.255.255 +- IP:11.0.0.120/255.255.255.255 +- IP:11.0.0.121/255.255.255.255 +- IP:11.0.0.122/255.255.255.255 +- IP:11.0.0.123/255.255.255.255 +- IP:11.0.0.124/255.255.255.255 +- IP:11.0.0.125/255.255.255.255 +- IP:11.0.0.126/255.255.255.255 +- IP:11.0.0.127/255.255.255.255 +- IP:11.0.0.128/255.255.255.255 +- IP:11.0.0.129/255.255.255.255 +- IP:11.0.0.130/255.255.255.255 +- IP:11.0.0.131/255.255.255.255 +- IP:11.0.0.132/255.255.255.255 +- IP:11.0.0.133/255.255.255.255 +- IP:11.0.0.134/255.255.255.255 +- IP:11.0.0.135/255.255.255.255 +- IP:11.0.0.136/255.255.255.255 +- IP:11.0.0.137/255.255.255.255 +- IP:11.0.0.138/255.255.255.255 +- IP:11.0.0.139/255.255.255.255 +- IP:11.0.0.140/255.255.255.255 +- IP:11.0.0.141/255.255.255.255 +- IP:11.0.0.142/255.255.255.255 +- IP:11.0.0.143/255.255.255.255 +- IP:11.0.0.144/255.255.255.255 +- IP:11.0.0.145/255.255.255.255 +- IP:11.0.0.146/255.255.255.255 +- IP:11.0.0.147/255.255.255.255 +- IP:11.0.0.148/255.255.255.255 +- IP:11.0.0.149/255.255.255.255 +- IP:11.0.0.150/255.255.255.255 +- IP:11.0.0.151/255.255.255.255 +- IP:11.0.0.152/255.255.255.255 +- IP:11.0.0.153/255.255.255.255 +- IP:11.0.0.154/255.255.255.255 +- IP:11.0.0.155/255.255.255.255 +- IP:11.0.0.156/255.255.255.255 +- IP:11.0.0.157/255.255.255.255 +- IP:11.0.0.158/255.255.255.255 +- IP:11.0.0.159/255.255.255.255 +- IP:11.0.0.160/255.255.255.255 +- IP:11.0.0.161/255.255.255.255 +- IP:11.0.0.162/255.255.255.255 +- IP:11.0.0.163/255.255.255.255 +- IP:11.0.0.164/255.255.255.255 +- IP:11.0.0.165/255.255.255.255 +- IP:11.0.0.166/255.255.255.255 +- IP:11.0.0.167/255.255.255.255 +- IP:11.0.0.168/255.255.255.255 +- IP:11.0.0.169/255.255.255.255 +- IP:11.0.0.170/255.255.255.255 +- IP:11.0.0.171/255.255.255.255 +- IP:11.0.0.172/255.255.255.255 +- IP:11.0.0.173/255.255.255.255 +- IP:11.0.0.174/255.255.255.255 +- IP:11.0.0.175/255.255.255.255 +- IP:11.0.0.176/255.255.255.255 +- IP:11.0.0.177/255.255.255.255 +- IP:11.0.0.178/255.255.255.255 +- IP:11.0.0.179/255.255.255.255 +- IP:11.0.0.180/255.255.255.255 +- IP:11.0.0.181/255.255.255.255 +- IP:11.0.0.182/255.255.255.255 +- IP:11.0.0.183/255.255.255.255 +- IP:11.0.0.184/255.255.255.255 +- IP:11.0.0.185/255.255.255.255 +- IP:11.0.0.186/255.255.255.255 +- IP:11.0.0.187/255.255.255.255 +- IP:11.0.0.188/255.255.255.255 +- IP:11.0.0.189/255.255.255.255 +- IP:11.0.0.190/255.255.255.255 +- IP:11.0.0.191/255.255.255.255 +- IP:11.0.0.192/255.255.255.255 +- IP:11.0.0.193/255.255.255.255 +- IP:11.0.0.194/255.255.255.255 +- IP:11.0.0.195/255.255.255.255 +- IP:11.0.0.196/255.255.255.255 +- IP:11.0.0.197/255.255.255.255 +- IP:11.0.0.198/255.255.255.255 +- IP:11.0.0.199/255.255.255.255 +- IP:11.0.0.200/255.255.255.255 +- IP:11.0.0.201/255.255.255.255 +- IP:11.0.0.202/255.255.255.255 +- IP:11.0.0.203/255.255.255.255 +- IP:11.0.0.204/255.255.255.255 +- IP:11.0.0.205/255.255.255.255 +- IP:11.0.0.206/255.255.255.255 +- IP:11.0.0.207/255.255.255.255 +- IP:11.0.0.208/255.255.255.255 +- IP:11.0.0.209/255.255.255.255 +- IP:11.0.0.210/255.255.255.255 +- IP:11.0.0.211/255.255.255.255 +- IP:11.0.0.212/255.255.255.255 +- IP:11.0.0.213/255.255.255.255 +- IP:11.0.0.214/255.255.255.255 +- IP:11.0.0.215/255.255.255.255 +- IP:11.0.0.216/255.255.255.255 +- IP:11.0.0.217/255.255.255.255 +- IP:11.0.0.218/255.255.255.255 +- IP:11.0.0.219/255.255.255.255 +- IP:11.0.0.220/255.255.255.255 +- IP:11.0.0.221/255.255.255.255 +- IP:11.0.0.222/255.255.255.255 +- IP:11.0.0.223/255.255.255.255 +- IP:11.0.0.224/255.255.255.255 +- IP:11.0.0.225/255.255.255.255 +- IP:11.0.0.226/255.255.255.255 +- IP:11.0.0.227/255.255.255.255 +- IP:11.0.0.228/255.255.255.255 +- IP:11.0.0.229/255.255.255.255 +- IP:11.0.0.230/255.255.255.255 +- IP:11.0.0.231/255.255.255.255 +- IP:11.0.0.232/255.255.255.255 +- IP:11.0.0.233/255.255.255.255 +- IP:11.0.0.234/255.255.255.255 +- IP:11.0.0.235/255.255.255.255 +- IP:11.0.0.236/255.255.255.255 +- IP:11.0.0.237/255.255.255.255 +- IP:11.0.0.238/255.255.255.255 +- IP:11.0.0.239/255.255.255.255 +- IP:11.0.0.240/255.255.255.255 +- IP:11.0.0.241/255.255.255.255 +- IP:11.0.0.242/255.255.255.255 +- IP:11.0.0.243/255.255.255.255 +- IP:11.0.0.244/255.255.255.255 +- IP:11.0.0.245/255.255.255.255 +- IP:11.0.0.246/255.255.255.255 +- IP:11.0.0.247/255.255.255.255 +- IP:11.0.0.248/255.255.255.255 +- IP:11.0.0.249/255.255.255.255 +- IP:11.0.0.250/255.255.255.255 +- IP:11.0.0.251/255.255.255.255 +- IP:11.0.0.252/255.255.255.255 +- IP:11.0.0.253/255.255.255.255 +- IP:11.0.0.254/255.255.255.255 +- IP:11.0.0.255/255.255.255.255 +- IP:11.0.1.0/255.255.255.255 +- IP:11.0.1.1/255.255.255.255 +- IP:11.0.1.2/255.255.255.255 +- IP:11.0.1.3/255.255.255.255 +- IP:11.0.1.4/255.255.255.255 +- IP:11.0.1.5/255.255.255.255 +- IP:11.0.1.6/255.255.255.255 +- IP:11.0.1.7/255.255.255.255 +- IP:11.0.1.8/255.255.255.255 +- IP:11.0.1.9/255.255.255.255 +- IP:11.0.1.10/255.255.255.255 +- IP:11.0.1.11/255.255.255.255 +- IP:11.0.1.12/255.255.255.255 +- IP:11.0.1.13/255.255.255.255 +- IP:11.0.1.14/255.255.255.255 +- IP:11.0.1.15/255.255.255.255 +- IP:11.0.1.16/255.255.255.255 +- IP:11.0.1.17/255.255.255.255 +- IP:11.0.1.18/255.255.255.255 +- IP:11.0.1.19/255.255.255.255 +- IP:11.0.1.20/255.255.255.255 +- IP:11.0.1.21/255.255.255.255 +- IP:11.0.1.22/255.255.255.255 +- IP:11.0.1.23/255.255.255.255 +- IP:11.0.1.24/255.255.255.255 +- IP:11.0.1.25/255.255.255.255 +- IP:11.0.1.26/255.255.255.255 +- IP:11.0.1.27/255.255.255.255 +- IP:11.0.1.28/255.255.255.255 +- IP:11.0.1.29/255.255.255.255 +- IP:11.0.1.30/255.255.255.255 +- IP:11.0.1.31/255.255.255.255 +- IP:11.0.1.32/255.255.255.255 +- IP:11.0.1.33/255.255.255.255 +- IP:11.0.1.34/255.255.255.255 +- IP:11.0.1.35/255.255.255.255 +- IP:11.0.1.36/255.255.255.255 +- IP:11.0.1.37/255.255.255.255 +- IP:11.0.1.38/255.255.255.255 +- IP:11.0.1.39/255.255.255.255 +- IP:11.0.1.40/255.255.255.255 +- IP:11.0.1.41/255.255.255.255 +- IP:11.0.1.42/255.255.255.255 +- IP:11.0.1.43/255.255.255.255 +- IP:11.0.1.44/255.255.255.255 +- IP:11.0.1.45/255.255.255.255 +- IP:11.0.1.46/255.255.255.255 +- IP:11.0.1.47/255.255.255.255 +- IP:11.0.1.48/255.255.255.255 +- IP:11.0.1.49/255.255.255.255 +- IP:11.0.1.50/255.255.255.255 +- IP:11.0.1.51/255.255.255.255 +- IP:11.0.1.52/255.255.255.255 +- IP:11.0.1.53/255.255.255.255 +- IP:11.0.1.54/255.255.255.255 +- IP:11.0.1.55/255.255.255.255 +- IP:11.0.1.56/255.255.255.255 +- IP:11.0.1.57/255.255.255.255 +- IP:11.0.1.58/255.255.255.255 +- IP:11.0.1.59/255.255.255.255 +- IP:11.0.1.60/255.255.255.255 +- IP:11.0.1.61/255.255.255.255 +- IP:11.0.1.62/255.255.255.255 +- IP:11.0.1.63/255.255.255.255 +- IP:11.0.1.64/255.255.255.255 +- IP:11.0.1.65/255.255.255.255 +- IP:11.0.1.66/255.255.255.255 +- IP:11.0.1.67/255.255.255.255 +- IP:11.0.1.68/255.255.255.255 +- IP:11.0.1.69/255.255.255.255 +- IP:11.0.1.70/255.255.255.255 +- IP:11.0.1.71/255.255.255.255 +- IP:11.0.1.72/255.255.255.255 +- IP:11.0.1.73/255.255.255.255 +- IP:11.0.1.74/255.255.255.255 +- IP:11.0.1.75/255.255.255.255 +- IP:11.0.1.76/255.255.255.255 +- IP:11.0.1.77/255.255.255.255 +- IP:11.0.1.78/255.255.255.255 +- IP:11.0.1.79/255.255.255.255 +- IP:11.0.1.80/255.255.255.255 +- IP:11.0.1.81/255.255.255.255 +- IP:11.0.1.82/255.255.255.255 +- IP:11.0.1.83/255.255.255.255 +- IP:11.0.1.84/255.255.255.255 +- IP:11.0.1.85/255.255.255.255 +- IP:11.0.1.86/255.255.255.255 +- IP:11.0.1.87/255.255.255.255 +- IP:11.0.1.88/255.255.255.255 +- IP:11.0.1.89/255.255.255.255 +- IP:11.0.1.90/255.255.255.255 +- IP:11.0.1.91/255.255.255.255 +- IP:11.0.1.92/255.255.255.255 +- IP:11.0.1.93/255.255.255.255 +- IP:11.0.1.94/255.255.255.255 +- IP:11.0.1.95/255.255.255.255 +- IP:11.0.1.96/255.255.255.255 +- IP:11.0.1.97/255.255.255.255 +- IP:11.0.1.98/255.255.255.255 +- IP:11.0.1.99/255.255.255.255 +- IP:11.0.1.100/255.255.255.255 +- IP:11.0.1.101/255.255.255.255 +- IP:11.0.1.102/255.255.255.255 +- IP:11.0.1.103/255.255.255.255 +- IP:11.0.1.104/255.255.255.255 +- IP:11.0.1.105/255.255.255.255 +- IP:11.0.1.106/255.255.255.255 +- IP:11.0.1.107/255.255.255.255 +- IP:11.0.1.108/255.255.255.255 +- IP:11.0.1.109/255.255.255.255 +- IP:11.0.1.110/255.255.255.255 +- IP:11.0.1.111/255.255.255.255 +- IP:11.0.1.112/255.255.255.255 +- IP:11.0.1.113/255.255.255.255 +- IP:11.0.1.114/255.255.255.255 +- IP:11.0.1.115/255.255.255.255 +- IP:11.0.1.116/255.255.255.255 +- IP:11.0.1.117/255.255.255.255 +- IP:11.0.1.118/255.255.255.255 +- IP:11.0.1.119/255.255.255.255 +- IP:11.0.1.120/255.255.255.255 +- IP:11.0.1.121/255.255.255.255 +- IP:11.0.1.122/255.255.255.255 +- IP:11.0.1.123/255.255.255.255 +- IP:11.0.1.124/255.255.255.255 +- IP:11.0.1.125/255.255.255.255 +- IP:11.0.1.126/255.255.255.255 +- IP:11.0.1.127/255.255.255.255 +- IP:11.0.1.128/255.255.255.255 +- IP:11.0.1.129/255.255.255.255 +- IP:11.0.1.130/255.255.255.255 +- IP:11.0.1.131/255.255.255.255 +- IP:11.0.1.132/255.255.255.255 +- IP:11.0.1.133/255.255.255.255 +- IP:11.0.1.134/255.255.255.255 +- IP:11.0.1.135/255.255.255.255 +- IP:11.0.1.136/255.255.255.255 +- IP:11.0.1.137/255.255.255.255 +- IP:11.0.1.138/255.255.255.255 +- IP:11.0.1.139/255.255.255.255 +- IP:11.0.1.140/255.255.255.255 +- IP:11.0.1.141/255.255.255.255 +- IP:11.0.1.142/255.255.255.255 +- IP:11.0.1.143/255.255.255.255 +- IP:11.0.1.144/255.255.255.255 +- IP:11.0.1.145/255.255.255.255 +- IP:11.0.1.146/255.255.255.255 +- IP:11.0.1.147/255.255.255.255 +- IP:11.0.1.148/255.255.255.255 +- IP:11.0.1.149/255.255.255.255 +- IP:11.0.1.150/255.255.255.255 +- IP:11.0.1.151/255.255.255.255 +- IP:11.0.1.152/255.255.255.255 +- IP:11.0.1.153/255.255.255.255 +- IP:11.0.1.154/255.255.255.255 +- IP:11.0.1.155/255.255.255.255 +- IP:11.0.1.156/255.255.255.255 +- IP:11.0.1.157/255.255.255.255 +- IP:11.0.1.158/255.255.255.255 +- IP:11.0.1.159/255.255.255.255 +- IP:11.0.1.160/255.255.255.255 +- IP:11.0.1.161/255.255.255.255 +- IP:11.0.1.162/255.255.255.255 +- IP:11.0.1.163/255.255.255.255 +- IP:11.0.1.164/255.255.255.255 +- IP:11.0.1.165/255.255.255.255 +- IP:11.0.1.166/255.255.255.255 +- IP:11.0.1.167/255.255.255.255 +- IP:11.0.1.168/255.255.255.255 +- IP:11.0.1.169/255.255.255.255 +- IP:11.0.1.170/255.255.255.255 +- IP:11.0.1.171/255.255.255.255 +- IP:11.0.1.172/255.255.255.255 +- IP:11.0.1.173/255.255.255.255 +- IP:11.0.1.174/255.255.255.255 +- IP:11.0.1.175/255.255.255.255 +- IP:11.0.1.176/255.255.255.255 +- IP:11.0.1.177/255.255.255.255 +- IP:11.0.1.178/255.255.255.255 +- IP:11.0.1.179/255.255.255.255 +- IP:11.0.1.180/255.255.255.255 +- IP:11.0.1.181/255.255.255.255 +- IP:11.0.1.182/255.255.255.255 +- IP:11.0.1.183/255.255.255.255 +- IP:11.0.1.184/255.255.255.255 +- IP:11.0.1.185/255.255.255.255 +- IP:11.0.1.186/255.255.255.255 +- IP:11.0.1.187/255.255.255.255 +- IP:11.0.1.188/255.255.255.255 +- IP:11.0.1.189/255.255.255.255 +- IP:11.0.1.190/255.255.255.255 +- IP:11.0.1.191/255.255.255.255 +- IP:11.0.1.192/255.255.255.255 +- IP:11.0.1.193/255.255.255.255 +- IP:11.0.1.194/255.255.255.255 +- IP:11.0.1.195/255.255.255.255 +- IP:11.0.1.196/255.255.255.255 +- IP:11.0.1.197/255.255.255.255 +- IP:11.0.1.198/255.255.255.255 +- IP:11.0.1.199/255.255.255.255 +- IP:11.0.1.200/255.255.255.255 +- IP:11.0.1.201/255.255.255.255 +- IP:11.0.1.202/255.255.255.255 +- IP:11.0.1.203/255.255.255.255 +- IP:11.0.1.204/255.255.255.255 +- IP:11.0.1.205/255.255.255.255 +- IP:11.0.1.206/255.255.255.255 +- IP:11.0.1.207/255.255.255.255 +- IP:11.0.1.208/255.255.255.255 +- IP:11.0.1.209/255.255.255.255 +- IP:11.0.1.210/255.255.255.255 +- IP:11.0.1.211/255.255.255.255 +- IP:11.0.1.212/255.255.255.255 +- IP:11.0.1.213/255.255.255.255 +- IP:11.0.1.214/255.255.255.255 +- IP:11.0.1.215/255.255.255.255 +- IP:11.0.1.216/255.255.255.255 +- IP:11.0.1.217/255.255.255.255 +- IP:11.0.1.218/255.255.255.255 +- IP:11.0.1.219/255.255.255.255 +- IP:11.0.1.220/255.255.255.255 +- IP:11.0.1.221/255.255.255.255 +- IP:11.0.1.222/255.255.255.255 +- IP:11.0.1.223/255.255.255.255 +- IP:11.0.1.224/255.255.255.255 +- IP:11.0.1.225/255.255.255.255 +- IP:11.0.1.226/255.255.255.255 +- IP:11.0.1.227/255.255.255.255 +- IP:11.0.1.228/255.255.255.255 +- IP:11.0.1.229/255.255.255.255 +- IP:11.0.1.230/255.255.255.255 +- IP:11.0.1.231/255.255.255.255 +- IP:11.0.1.232/255.255.255.255 +- IP:11.0.1.233/255.255.255.255 +- IP:11.0.1.234/255.255.255.255 +- IP:11.0.1.235/255.255.255.255 +- IP:11.0.1.236/255.255.255.255 +- IP:11.0.1.237/255.255.255.255 +- IP:11.0.1.238/255.255.255.255 +- IP:11.0.1.239/255.255.255.255 +- IP:11.0.1.240/255.255.255.255 +- IP:11.0.1.241/255.255.255.255 +- IP:11.0.1.242/255.255.255.255 +- IP:11.0.1.243/255.255.255.255 +- IP:11.0.1.244/255.255.255.255 +- IP:11.0.1.245/255.255.255.255 +- IP:11.0.1.246/255.255.255.255 +- IP:11.0.1.247/255.255.255.255 +- IP:11.0.1.248/255.255.255.255 +- IP:11.0.1.249/255.255.255.255 +- IP:11.0.1.250/255.255.255.255 +- IP:11.0.1.251/255.255.255.255 +- IP:11.0.1.252/255.255.255.255 +- IP:11.0.1.253/255.255.255.255 +- IP:11.0.1.254/255.255.255.255 +- IP:11.0.1.255/255.255.255.255 +- IP:11.0.2.0/255.255.255.255 +- IP:11.0.2.1/255.255.255.255 +- IP:11.0.2.2/255.255.255.255 +- IP:11.0.2.3/255.255.255.255 +- IP:11.0.2.4/255.255.255.255 +- IP:11.0.2.5/255.255.255.255 +- IP:11.0.2.6/255.255.255.255 +- IP:11.0.2.7/255.255.255.255 +- IP:11.0.2.8/255.255.255.255 +- IP:11.0.2.9/255.255.255.255 +- IP:11.0.2.10/255.255.255.255 +- IP:11.0.2.11/255.255.255.255 +- IP:11.0.2.12/255.255.255.255 +- IP:11.0.2.13/255.255.255.255 +- IP:11.0.2.14/255.255.255.255 +- IP:11.0.2.15/255.255.255.255 +- IP:11.0.2.16/255.255.255.255 +- IP:11.0.2.17/255.255.255.255 +- IP:11.0.2.18/255.255.255.255 +- IP:11.0.2.19/255.255.255.255 +- IP:11.0.2.20/255.255.255.255 +- IP:11.0.2.21/255.255.255.255 +- IP:11.0.2.22/255.255.255.255 +- IP:11.0.2.23/255.255.255.255 +- IP:11.0.2.24/255.255.255.255 +- IP:11.0.2.25/255.255.255.255 +- IP:11.0.2.26/255.255.255.255 +- IP:11.0.2.27/255.255.255.255 +- IP:11.0.2.28/255.255.255.255 +- IP:11.0.2.29/255.255.255.255 +- IP:11.0.2.30/255.255.255.255 +- IP:11.0.2.31/255.255.255.255 +- IP:11.0.2.32/255.255.255.255 +- IP:11.0.2.33/255.255.255.255 +- IP:11.0.2.34/255.255.255.255 +- IP:11.0.2.35/255.255.255.255 +- IP:11.0.2.36/255.255.255.255 +- IP:11.0.2.37/255.255.255.255 +- IP:11.0.2.38/255.255.255.255 +- IP:11.0.2.39/255.255.255.255 +- IP:11.0.2.40/255.255.255.255 +- IP:11.0.2.41/255.255.255.255 +- IP:11.0.2.42/255.255.255.255 +- IP:11.0.2.43/255.255.255.255 +- IP:11.0.2.44/255.255.255.255 +- IP:11.0.2.45/255.255.255.255 +- IP:11.0.2.46/255.255.255.255 +- IP:11.0.2.47/255.255.255.255 +- IP:11.0.2.48/255.255.255.255 +- IP:11.0.2.49/255.255.255.255 +- IP:11.0.2.50/255.255.255.255 +- IP:11.0.2.51/255.255.255.255 +- IP:11.0.2.52/255.255.255.255 +- IP:11.0.2.53/255.255.255.255 +- IP:11.0.2.54/255.255.255.255 +- IP:11.0.2.55/255.255.255.255 +- IP:11.0.2.56/255.255.255.255 +- IP:11.0.2.57/255.255.255.255 +- IP:11.0.2.58/255.255.255.255 +- IP:11.0.2.59/255.255.255.255 +- IP:11.0.2.60/255.255.255.255 +- IP:11.0.2.61/255.255.255.255 +- IP:11.0.2.62/255.255.255.255 +- IP:11.0.2.63/255.255.255.255 +- IP:11.0.2.64/255.255.255.255 +- IP:11.0.2.65/255.255.255.255 +- IP:11.0.2.66/255.255.255.255 +- IP:11.0.2.67/255.255.255.255 +- IP:11.0.2.68/255.255.255.255 +- IP:11.0.2.69/255.255.255.255 +- IP:11.0.2.70/255.255.255.255 +- IP:11.0.2.71/255.255.255.255 +- IP:11.0.2.72/255.255.255.255 +- IP:11.0.2.73/255.255.255.255 +- IP:11.0.2.74/255.255.255.255 +- IP:11.0.2.75/255.255.255.255 +- IP:11.0.2.76/255.255.255.255 +- IP:11.0.2.77/255.255.255.255 +- IP:11.0.2.78/255.255.255.255 +- IP:11.0.2.79/255.255.255.255 +- IP:11.0.2.80/255.255.255.255 +- IP:11.0.2.81/255.255.255.255 +- IP:11.0.2.82/255.255.255.255 +- IP:11.0.2.83/255.255.255.255 +- IP:11.0.2.84/255.255.255.255 +- IP:11.0.2.85/255.255.255.255 +- IP:11.0.2.86/255.255.255.255 +- IP:11.0.2.87/255.255.255.255 +- IP:11.0.2.88/255.255.255.255 +- IP:11.0.2.89/255.255.255.255 +- IP:11.0.2.90/255.255.255.255 +- IP:11.0.2.91/255.255.255.255 +- IP:11.0.2.92/255.255.255.255 +- IP:11.0.2.93/255.255.255.255 +- IP:11.0.2.94/255.255.255.255 +- IP:11.0.2.95/255.255.255.255 +- IP:11.0.2.96/255.255.255.255 +- IP:11.0.2.97/255.255.255.255 +- IP:11.0.2.98/255.255.255.255 +- IP:11.0.2.99/255.255.255.255 +- IP:11.0.2.100/255.255.255.255 +- IP:11.0.2.101/255.255.255.255 +- IP:11.0.2.102/255.255.255.255 +- IP:11.0.2.103/255.255.255.255 +- IP:11.0.2.104/255.255.255.255 +- IP:11.0.2.105/255.255.255.255 +- IP:11.0.2.106/255.255.255.255 +- IP:11.0.2.107/255.255.255.255 +- IP:11.0.2.108/255.255.255.255 +- IP:11.0.2.109/255.255.255.255 +- IP:11.0.2.110/255.255.255.255 +- IP:11.0.2.111/255.255.255.255 +- IP:11.0.2.112/255.255.255.255 +- IP:11.0.2.113/255.255.255.255 +- IP:11.0.2.114/255.255.255.255 +- IP:11.0.2.115/255.255.255.255 +- IP:11.0.2.116/255.255.255.255 +- IP:11.0.2.117/255.255.255.255 +- IP:11.0.2.118/255.255.255.255 +- IP:11.0.2.119/255.255.255.255 +- IP:11.0.2.120/255.255.255.255 +- IP:11.0.2.121/255.255.255.255 +- IP:11.0.2.122/255.255.255.255 +- IP:11.0.2.123/255.255.255.255 +- IP:11.0.2.124/255.255.255.255 +- IP:11.0.2.125/255.255.255.255 +- IP:11.0.2.126/255.255.255.255 +- IP:11.0.2.127/255.255.255.255 +- IP:11.0.2.128/255.255.255.255 +- IP:11.0.2.129/255.255.255.255 +- IP:11.0.2.130/255.255.255.255 +- IP:11.0.2.131/255.255.255.255 +- IP:11.0.2.132/255.255.255.255 +- IP:11.0.2.133/255.255.255.255 +- IP:11.0.2.134/255.255.255.255 +- IP:11.0.2.135/255.255.255.255 +- IP:11.0.2.136/255.255.255.255 +- IP:11.0.2.137/255.255.255.255 +- IP:11.0.2.138/255.255.255.255 +- IP:11.0.2.139/255.255.255.255 +- IP:11.0.2.140/255.255.255.255 +- IP:11.0.2.141/255.255.255.255 +- IP:11.0.2.142/255.255.255.255 +- IP:11.0.2.143/255.255.255.255 +- IP:11.0.2.144/255.255.255.255 +- IP:11.0.2.145/255.255.255.255 +- IP:11.0.2.146/255.255.255.255 +- IP:11.0.2.147/255.255.255.255 +- IP:11.0.2.148/255.255.255.255 +- IP:11.0.2.149/255.255.255.255 +- IP:11.0.2.150/255.255.255.255 +- IP:11.0.2.151/255.255.255.255 +- IP:11.0.2.152/255.255.255.255 +- IP:11.0.2.153/255.255.255.255 +- IP:11.0.2.154/255.255.255.255 +- IP:11.0.2.155/255.255.255.255 +- IP:11.0.2.156/255.255.255.255 +- IP:11.0.2.157/255.255.255.255 +- IP:11.0.2.158/255.255.255.255 +- IP:11.0.2.159/255.255.255.255 +- IP:11.0.2.160/255.255.255.255 +- IP:11.0.2.161/255.255.255.255 +- IP:11.0.2.162/255.255.255.255 +- IP:11.0.2.163/255.255.255.255 +- IP:11.0.2.164/255.255.255.255 +- IP:11.0.2.165/255.255.255.255 +- IP:11.0.2.166/255.255.255.255 +- IP:11.0.2.167/255.255.255.255 +- IP:11.0.2.168/255.255.255.255 +- IP:11.0.2.169/255.255.255.255 +- IP:11.0.2.170/255.255.255.255 +- IP:11.0.2.171/255.255.255.255 +- IP:11.0.2.172/255.255.255.255 +- IP:11.0.2.173/255.255.255.255 +- IP:11.0.2.174/255.255.255.255 +- IP:11.0.2.175/255.255.255.255 +- IP:11.0.2.176/255.255.255.255 +- IP:11.0.2.177/255.255.255.255 +- IP:11.0.2.178/255.255.255.255 +- IP:11.0.2.179/255.255.255.255 +- IP:11.0.2.180/255.255.255.255 +- IP:11.0.2.181/255.255.255.255 +- IP:11.0.2.182/255.255.255.255 +- IP:11.0.2.183/255.255.255.255 +- IP:11.0.2.184/255.255.255.255 +- IP:11.0.2.185/255.255.255.255 +- IP:11.0.2.186/255.255.255.255 +- IP:11.0.2.187/255.255.255.255 +- IP:11.0.2.188/255.255.255.255 +- IP:11.0.2.189/255.255.255.255 +- IP:11.0.2.190/255.255.255.255 +- IP:11.0.2.191/255.255.255.255 +- IP:11.0.2.192/255.255.255.255 +- IP:11.0.2.193/255.255.255.255 +- IP:11.0.2.194/255.255.255.255 +- IP:11.0.2.195/255.255.255.255 +- IP:11.0.2.196/255.255.255.255 +- IP:11.0.2.197/255.255.255.255 +- IP:11.0.2.198/255.255.255.255 +- IP:11.0.2.199/255.255.255.255 +- IP:11.0.2.200/255.255.255.255 +- IP:11.0.2.201/255.255.255.255 +- IP:11.0.2.202/255.255.255.255 +- IP:11.0.2.203/255.255.255.255 +- IP:11.0.2.204/255.255.255.255 +- IP:11.0.2.205/255.255.255.255 +- IP:11.0.2.206/255.255.255.255 +- IP:11.0.2.207/255.255.255.255 +- IP:11.0.2.208/255.255.255.255 +- IP:11.0.2.209/255.255.255.255 +- IP:11.0.2.210/255.255.255.255 +- IP:11.0.2.211/255.255.255.255 +- IP:11.0.2.212/255.255.255.255 +- IP:11.0.2.213/255.255.255.255 +- IP:11.0.2.214/255.255.255.255 +- IP:11.0.2.215/255.255.255.255 +- IP:11.0.2.216/255.255.255.255 +- IP:11.0.2.217/255.255.255.255 +- IP:11.0.2.218/255.255.255.255 +- IP:11.0.2.219/255.255.255.255 +- IP:11.0.2.220/255.255.255.255 +- IP:11.0.2.221/255.255.255.255 +- IP:11.0.2.222/255.255.255.255 +- IP:11.0.2.223/255.255.255.255 +- IP:11.0.2.224/255.255.255.255 +- IP:11.0.2.225/255.255.255.255 +- IP:11.0.2.226/255.255.255.255 +- IP:11.0.2.227/255.255.255.255 +- IP:11.0.2.228/255.255.255.255 +- IP:11.0.2.229/255.255.255.255 +- IP:11.0.2.230/255.255.255.255 +- IP:11.0.2.231/255.255.255.255 +- IP:11.0.2.232/255.255.255.255 +- IP:11.0.2.233/255.255.255.255 +- IP:11.0.2.234/255.255.255.255 +- IP:11.0.2.235/255.255.255.255 +- IP:11.0.2.236/255.255.255.255 +- IP:11.0.2.237/255.255.255.255 +- IP:11.0.2.238/255.255.255.255 +- IP:11.0.2.239/255.255.255.255 +- IP:11.0.2.240/255.255.255.255 +- IP:11.0.2.241/255.255.255.255 +- IP:11.0.2.242/255.255.255.255 +- IP:11.0.2.243/255.255.255.255 +- IP:11.0.2.244/255.255.255.255 +- IP:11.0.2.245/255.255.255.255 +- IP:11.0.2.246/255.255.255.255 +- IP:11.0.2.247/255.255.255.255 +- IP:11.0.2.248/255.255.255.255 +- IP:11.0.2.249/255.255.255.255 +- IP:11.0.2.250/255.255.255.255 +- IP:11.0.2.251/255.255.255.255 +- IP:11.0.2.252/255.255.255.255 +- IP:11.0.2.253/255.255.255.255 +- IP:11.0.2.254/255.255.255.255 +- IP:11.0.2.255/255.255.255.255 +- IP:11.0.3.0/255.255.255.255 +- IP:11.0.3.1/255.255.255.255 +- IP:11.0.3.2/255.255.255.255 +- IP:11.0.3.3/255.255.255.255 +- IP:11.0.3.4/255.255.255.255 +- IP:11.0.3.5/255.255.255.255 +- IP:11.0.3.6/255.255.255.255 +- IP:11.0.3.7/255.255.255.255 +- IP:11.0.3.8/255.255.255.255 +- IP:11.0.3.9/255.255.255.255 +- IP:11.0.3.10/255.255.255.255 +- IP:11.0.3.11/255.255.255.255 +- IP:11.0.3.12/255.255.255.255 +- IP:11.0.3.13/255.255.255.255 +- IP:11.0.3.14/255.255.255.255 +- IP:11.0.3.15/255.255.255.255 +- IP:11.0.3.16/255.255.255.255 +- IP:11.0.3.17/255.255.255.255 +- IP:11.0.3.18/255.255.255.255 +- IP:11.0.3.19/255.255.255.255 +- IP:11.0.3.20/255.255.255.255 +- IP:11.0.3.21/255.255.255.255 +- IP:11.0.3.22/255.255.255.255 +- IP:11.0.3.23/255.255.255.255 +- IP:11.0.3.24/255.255.255.255 +- IP:11.0.3.25/255.255.255.255 +- IP:11.0.3.26/255.255.255.255 +- IP:11.0.3.27/255.255.255.255 +- IP:11.0.3.28/255.255.255.255 +- IP:11.0.3.29/255.255.255.255 +- IP:11.0.3.30/255.255.255.255 +- IP:11.0.3.31/255.255.255.255 +- IP:11.0.3.32/255.255.255.255 +- IP:11.0.3.33/255.255.255.255 +- IP:11.0.3.34/255.255.255.255 +- IP:11.0.3.35/255.255.255.255 +- IP:11.0.3.36/255.255.255.255 +- IP:11.0.3.37/255.255.255.255 +- IP:11.0.3.38/255.255.255.255 +- IP:11.0.3.39/255.255.255.255 +- IP:11.0.3.40/255.255.255.255 +- IP:11.0.3.41/255.255.255.255 +- IP:11.0.3.42/255.255.255.255 +- IP:11.0.3.43/255.255.255.255 +- IP:11.0.3.44/255.255.255.255 +- IP:11.0.3.45/255.255.255.255 +- IP:11.0.3.46/255.255.255.255 +- IP:11.0.3.47/255.255.255.255 +- IP:11.0.3.48/255.255.255.255 +- IP:11.0.3.49/255.255.255.255 +- IP:11.0.3.50/255.255.255.255 +- IP:11.0.3.51/255.255.255.255 +- IP:11.0.3.52/255.255.255.255 +- IP:11.0.3.53/255.255.255.255 +- IP:11.0.3.54/255.255.255.255 +- IP:11.0.3.55/255.255.255.255 +- IP:11.0.3.56/255.255.255.255 +- IP:11.0.3.57/255.255.255.255 +- IP:11.0.3.58/255.255.255.255 +- IP:11.0.3.59/255.255.255.255 +- IP:11.0.3.60/255.255.255.255 +- IP:11.0.3.61/255.255.255.255 +- IP:11.0.3.62/255.255.255.255 +- IP:11.0.3.63/255.255.255.255 +- IP:11.0.3.64/255.255.255.255 +- IP:11.0.3.65/255.255.255.255 +- IP:11.0.3.66/255.255.255.255 +- IP:11.0.3.67/255.255.255.255 +- IP:11.0.3.68/255.255.255.255 +- IP:11.0.3.69/255.255.255.255 +- IP:11.0.3.70/255.255.255.255 +- IP:11.0.3.71/255.255.255.255 +- IP:11.0.3.72/255.255.255.255 +- IP:11.0.3.73/255.255.255.255 +- IP:11.0.3.74/255.255.255.255 +- IP:11.0.3.75/255.255.255.255 +- IP:11.0.3.76/255.255.255.255 +- IP:11.0.3.77/255.255.255.255 +- IP:11.0.3.78/255.255.255.255 +- IP:11.0.3.79/255.255.255.255 +- IP:11.0.3.80/255.255.255.255 +- IP:11.0.3.81/255.255.255.255 +- IP:11.0.3.82/255.255.255.255 +- IP:11.0.3.83/255.255.255.255 +- IP:11.0.3.84/255.255.255.255 +- IP:11.0.3.85/255.255.255.255 +- IP:11.0.3.86/255.255.255.255 +- IP:11.0.3.87/255.255.255.255 +- IP:11.0.3.88/255.255.255.255 +- IP:11.0.3.89/255.255.255.255 +- IP:11.0.3.90/255.255.255.255 +- IP:11.0.3.91/255.255.255.255 +- IP:11.0.3.92/255.255.255.255 +- IP:11.0.3.93/255.255.255.255 +- IP:11.0.3.94/255.255.255.255 +- IP:11.0.3.95/255.255.255.255 +- IP:11.0.3.96/255.255.255.255 +- IP:11.0.3.97/255.255.255.255 +- IP:11.0.3.98/255.255.255.255 +- IP:11.0.3.99/255.255.255.255 +- IP:11.0.3.100/255.255.255.255 +- IP:11.0.3.101/255.255.255.255 +- IP:11.0.3.102/255.255.255.255 +- IP:11.0.3.103/255.255.255.255 +- IP:11.0.3.104/255.255.255.255 +- IP:11.0.3.105/255.255.255.255 +- IP:11.0.3.106/255.255.255.255 +- IP:11.0.3.107/255.255.255.255 +- IP:11.0.3.108/255.255.255.255 +- IP:11.0.3.109/255.255.255.255 +- IP:11.0.3.110/255.255.255.255 +- IP:11.0.3.111/255.255.255.255 +- IP:11.0.3.112/255.255.255.255 +- IP:11.0.3.113/255.255.255.255 +- IP:11.0.3.114/255.255.255.255 +- IP:11.0.3.115/255.255.255.255 +- IP:11.0.3.116/255.255.255.255 +- IP:11.0.3.117/255.255.255.255 +- IP:11.0.3.118/255.255.255.255 +- IP:11.0.3.119/255.255.255.255 +- IP:11.0.3.120/255.255.255.255 +- IP:11.0.3.121/255.255.255.255 +- IP:11.0.3.122/255.255.255.255 +- IP:11.0.3.123/255.255.255.255 +- IP:11.0.3.124/255.255.255.255 +- IP:11.0.3.125/255.255.255.255 +- IP:11.0.3.126/255.255.255.255 +- IP:11.0.3.127/255.255.255.255 +- IP:11.0.3.128/255.255.255.255 +- IP:11.0.3.129/255.255.255.255 +- IP:11.0.3.130/255.255.255.255 +- IP:11.0.3.131/255.255.255.255 +- IP:11.0.3.132/255.255.255.255 +- IP:11.0.3.133/255.255.255.255 +- IP:11.0.3.134/255.255.255.255 +- IP:11.0.3.135/255.255.255.255 +- IP:11.0.3.136/255.255.255.255 +- IP:11.0.3.137/255.255.255.255 +- IP:11.0.3.138/255.255.255.255 +- IP:11.0.3.139/255.255.255.255 +- IP:11.0.3.140/255.255.255.255 +- IP:11.0.3.141/255.255.255.255 +- IP:11.0.3.142/255.255.255.255 +- IP:11.0.3.143/255.255.255.255 +- IP:11.0.3.144/255.255.255.255 +- IP:11.0.3.145/255.255.255.255 +- IP:11.0.3.146/255.255.255.255 +- IP:11.0.3.147/255.255.255.255 +- IP:11.0.3.148/255.255.255.255 +- IP:11.0.3.149/255.255.255.255 +- IP:11.0.3.150/255.255.255.255 +- IP:11.0.3.151/255.255.255.255 +- IP:11.0.3.152/255.255.255.255 +- IP:11.0.3.153/255.255.255.255 +- IP:11.0.3.154/255.255.255.255 +- IP:11.0.3.155/255.255.255.255 +- IP:11.0.3.156/255.255.255.255 +- IP:11.0.3.157/255.255.255.255 +- IP:11.0.3.158/255.255.255.255 +- IP:11.0.3.159/255.255.255.255 +- IP:11.0.3.160/255.255.255.255 +- IP:11.0.3.161/255.255.255.255 +- IP:11.0.3.162/255.255.255.255 +- IP:11.0.3.163/255.255.255.255 +- IP:11.0.3.164/255.255.255.255 +- IP:11.0.3.165/255.255.255.255 +- IP:11.0.3.166/255.255.255.255 +- IP:11.0.3.167/255.255.255.255 +- IP:11.0.3.168/255.255.255.255 +- IP:11.0.3.169/255.255.255.255 +- IP:11.0.3.170/255.255.255.255 +- IP:11.0.3.171/255.255.255.255 +- IP:11.0.3.172/255.255.255.255 +- IP:11.0.3.173/255.255.255.255 +- IP:11.0.3.174/255.255.255.255 +- IP:11.0.3.175/255.255.255.255 +- IP:11.0.3.176/255.255.255.255 +- IP:11.0.3.177/255.255.255.255 +- IP:11.0.3.178/255.255.255.255 +- IP:11.0.3.179/255.255.255.255 +- IP:11.0.3.180/255.255.255.255 +- IP:11.0.3.181/255.255.255.255 +- IP:11.0.3.182/255.255.255.255 +- IP:11.0.3.183/255.255.255.255 +- IP:11.0.3.184/255.255.255.255 +- IP:11.0.3.185/255.255.255.255 +- IP:11.0.3.186/255.255.255.255 +- IP:11.0.3.187/255.255.255.255 +- IP:11.0.3.188/255.255.255.255 +- IP:11.0.3.189/255.255.255.255 +- IP:11.0.3.190/255.255.255.255 +- IP:11.0.3.191/255.255.255.255 +- IP:11.0.3.192/255.255.255.255 +- IP:11.0.3.193/255.255.255.255 +- IP:11.0.3.194/255.255.255.255 +- IP:11.0.3.195/255.255.255.255 +- IP:11.0.3.196/255.255.255.255 +- IP:11.0.3.197/255.255.255.255 +- IP:11.0.3.198/255.255.255.255 +- IP:11.0.3.199/255.255.255.255 +- IP:11.0.3.200/255.255.255.255 +- IP:11.0.3.201/255.255.255.255 +- IP:11.0.3.202/255.255.255.255 +- IP:11.0.3.203/255.255.255.255 +- IP:11.0.3.204/255.255.255.255 +- IP:11.0.3.205/255.255.255.255 +- IP:11.0.3.206/255.255.255.255 +- IP:11.0.3.207/255.255.255.255 +- IP:11.0.3.208/255.255.255.255 +- IP:11.0.3.209/255.255.255.255 +- IP:11.0.3.210/255.255.255.255 +- IP:11.0.3.211/255.255.255.255 +- IP:11.0.3.212/255.255.255.255 +- IP:11.0.3.213/255.255.255.255 +- IP:11.0.3.214/255.255.255.255 +- IP:11.0.3.215/255.255.255.255 +- IP:11.0.3.216/255.255.255.255 +- IP:11.0.3.217/255.255.255.255 +- IP:11.0.3.218/255.255.255.255 +- IP:11.0.3.219/255.255.255.255 +- IP:11.0.3.220/255.255.255.255 +- IP:11.0.3.221/255.255.255.255 +- IP:11.0.3.222/255.255.255.255 +- IP:11.0.3.223/255.255.255.255 +- IP:11.0.3.224/255.255.255.255 +- IP:11.0.3.225/255.255.255.255 +- IP:11.0.3.226/255.255.255.255 +- IP:11.0.3.227/255.255.255.255 +- IP:11.0.3.228/255.255.255.255 +- IP:11.0.3.229/255.255.255.255 +- IP:11.0.3.230/255.255.255.255 +- IP:11.0.3.231/255.255.255.255 +- IP:11.0.3.232/255.255.255.255 +- IP:11.0.3.233/255.255.255.255 +- IP:11.0.3.234/255.255.255.255 +- IP:11.0.3.235/255.255.255.255 +- IP:11.0.3.236/255.255.255.255 +- IP:11.0.3.237/255.255.255.255 +- IP:11.0.3.238/255.255.255.255 +- IP:11.0.3.239/255.255.255.255 +- IP:11.0.3.240/255.255.255.255 +- IP:11.0.3.241/255.255.255.255 +- IP:11.0.3.242/255.255.255.255 +- IP:11.0.3.243/255.255.255.255 +- IP:11.0.3.244/255.255.255.255 +- IP:11.0.3.245/255.255.255.255 +- IP:11.0.3.246/255.255.255.255 +- IP:11.0.3.247/255.255.255.255 +- IP:11.0.3.248/255.255.255.255 +- IP:11.0.3.249/255.255.255.255 +- IP:11.0.3.250/255.255.255.255 +- IP:11.0.3.251/255.255.255.255 +- IP:11.0.3.252/255.255.255.255 +- IP:11.0.3.253/255.255.255.255 +- IP:11.0.3.254/255.255.255.255 +- IP:11.0.3.255/255.255.255.255 +- IP:11.0.4.0/255.255.255.255 +- URI:http://xest/0 +- URI:http://xest/1 +- URI:http://xest/2 +- URI:http://xest/3 +- URI:http://xest/4 +- URI:http://xest/5 +- URI:http://xest/6 +- URI:http://xest/7 +- URI:http://xest/8 +- URI:http://xest/9 +- URI:http://xest/10 +- URI:http://xest/11 +- URI:http://xest/12 +- URI:http://xest/13 +- URI:http://xest/14 +- URI:http://xest/15 +- URI:http://xest/16 +- URI:http://xest/17 +- URI:http://xest/18 +- URI:http://xest/19 +- URI:http://xest/20 +- URI:http://xest/21 +- URI:http://xest/22 +- URI:http://xest/23 +- URI:http://xest/24 +- URI:http://xest/25 +- URI:http://xest/26 +- URI:http://xest/27 +- URI:http://xest/28 +- URI:http://xest/29 +- URI:http://xest/30 +- URI:http://xest/31 +- URI:http://xest/32 +- URI:http://xest/33 +- URI:http://xest/34 +- URI:http://xest/35 +- URI:http://xest/36 +- URI:http://xest/37 +- URI:http://xest/38 +- URI:http://xest/39 +- URI:http://xest/40 +- URI:http://xest/41 +- URI:http://xest/42 +- URI:http://xest/43 +- URI:http://xest/44 +- URI:http://xest/45 +- URI:http://xest/46 +- URI:http://xest/47 +- URI:http://xest/48 +- URI:http://xest/49 +- URI:http://xest/50 +- URI:http://xest/51 +- URI:http://xest/52 +- URI:http://xest/53 +- URI:http://xest/54 +- URI:http://xest/55 +- URI:http://xest/56 +- URI:http://xest/57 +- URI:http://xest/58 +- URI:http://xest/59 +- URI:http://xest/60 +- URI:http://xest/61 +- URI:http://xest/62 +- URI:http://xest/63 +- URI:http://xest/64 +- URI:http://xest/65 +- URI:http://xest/66 +- URI:http://xest/67 +- URI:http://xest/68 +- URI:http://xest/69 +- URI:http://xest/70 +- URI:http://xest/71 +- URI:http://xest/72 +- URI:http://xest/73 +- URI:http://xest/74 +- URI:http://xest/75 +- URI:http://xest/76 +- URI:http://xest/77 +- URI:http://xest/78 +- URI:http://xest/79 +- URI:http://xest/80 +- URI:http://xest/81 +- URI:http://xest/82 +- URI:http://xest/83 +- URI:http://xest/84 +- URI:http://xest/85 +- URI:http://xest/86 +- URI:http://xest/87 +- URI:http://xest/88 +- URI:http://xest/89 +- URI:http://xest/90 +- URI:http://xest/91 +- URI:http://xest/92 +- URI:http://xest/93 +- URI:http://xest/94 +- URI:http://xest/95 +- URI:http://xest/96 +- URI:http://xest/97 +- URI:http://xest/98 +- URI:http://xest/99 +- URI:http://xest/100 +- URI:http://xest/101 +- URI:http://xest/102 +- URI:http://xest/103 +- URI:http://xest/104 +- URI:http://xest/105 +- URI:http://xest/106 +- URI:http://xest/107 +- URI:http://xest/108 +- URI:http://xest/109 +- URI:http://xest/110 +- URI:http://xest/111 +- URI:http://xest/112 +- URI:http://xest/113 +- URI:http://xest/114 +- URI:http://xest/115 +- URI:http://xest/116 +- URI:http://xest/117 +- URI:http://xest/118 +- URI:http://xest/119 +- URI:http://xest/120 +- URI:http://xest/121 +- URI:http://xest/122 +- URI:http://xest/123 +- URI:http://xest/124 +- URI:http://xest/125 +- URI:http://xest/126 +- URI:http://xest/127 +- URI:http://xest/128 +- URI:http://xest/129 +- URI:http://xest/130 +- URI:http://xest/131 +- URI:http://xest/132 +- URI:http://xest/133 +- URI:http://xest/134 +- URI:http://xest/135 +- URI:http://xest/136 +- URI:http://xest/137 +- URI:http://xest/138 +- URI:http://xest/139 +- URI:http://xest/140 +- URI:http://xest/141 +- URI:http://xest/142 +- URI:http://xest/143 +- URI:http://xest/144 +- URI:http://xest/145 +- URI:http://xest/146 +- URI:http://xest/147 +- URI:http://xest/148 +- URI:http://xest/149 +- URI:http://xest/150 +- URI:http://xest/151 +- URI:http://xest/152 +- URI:http://xest/153 +- URI:http://xest/154 +- URI:http://xest/155 +- URI:http://xest/156 +- URI:http://xest/157 +- URI:http://xest/158 +- URI:http://xest/159 +- URI:http://xest/160 +- URI:http://xest/161 +- URI:http://xest/162 +- URI:http://xest/163 +- URI:http://xest/164 +- URI:http://xest/165 +- URI:http://xest/166 +- URI:http://xest/167 +- URI:http://xest/168 +- URI:http://xest/169 +- URI:http://xest/170 +- URI:http://xest/171 +- URI:http://xest/172 +- URI:http://xest/173 +- URI:http://xest/174 +- URI:http://xest/175 +- URI:http://xest/176 +- URI:http://xest/177 +- URI:http://xest/178 +- URI:http://xest/179 +- URI:http://xest/180 +- URI:http://xest/181 +- URI:http://xest/182 +- URI:http://xest/183 +- URI:http://xest/184 +- URI:http://xest/185 +- URI:http://xest/186 +- URI:http://xest/187 +- URI:http://xest/188 +- URI:http://xest/189 +- URI:http://xest/190 +- URI:http://xest/191 +- URI:http://xest/192 +- URI:http://xest/193 +- URI:http://xest/194 +- URI:http://xest/195 +- URI:http://xest/196 +- URI:http://xest/197 +- URI:http://xest/198 +- URI:http://xest/199 +- URI:http://xest/200 +- URI:http://xest/201 +- URI:http://xest/202 +- URI:http://xest/203 +- URI:http://xest/204 +- URI:http://xest/205 +- URI:http://xest/206 +- URI:http://xest/207 +- URI:http://xest/208 +- URI:http://xest/209 +- URI:http://xest/210 +- URI:http://xest/211 +- URI:http://xest/212 +- URI:http://xest/213 +- URI:http://xest/214 +- URI:http://xest/215 +- URI:http://xest/216 +- URI:http://xest/217 +- URI:http://xest/218 +- URI:http://xest/219 +- URI:http://xest/220 +- URI:http://xest/221 +- URI:http://xest/222 +- URI:http://xest/223 +- URI:http://xest/224 +- URI:http://xest/225 +- URI:http://xest/226 +- URI:http://xest/227 +- URI:http://xest/228 +- URI:http://xest/229 +- URI:http://xest/230 +- URI:http://xest/231 +- URI:http://xest/232 +- URI:http://xest/233 +- URI:http://xest/234 +- URI:http://xest/235 +- URI:http://xest/236 +- URI:http://xest/237 +- URI:http://xest/238 +- URI:http://xest/239 +- URI:http://xest/240 +- URI:http://xest/241 +- URI:http://xest/242 +- URI:http://xest/243 +- URI:http://xest/244 +- URI:http://xest/245 +- URI:http://xest/246 +- URI:http://xest/247 +- URI:http://xest/248 +- URI:http://xest/249 +- URI:http://xest/250 +- URI:http://xest/251 +- URI:http://xest/252 +- URI:http://xest/253 +- URI:http://xest/254 +- URI:http://xest/255 +- URI:http://xest/256 +- URI:http://xest/257 +- URI:http://xest/258 +- URI:http://xest/259 +- URI:http://xest/260 +- URI:http://xest/261 +- URI:http://xest/262 +- URI:http://xest/263 +- URI:http://xest/264 +- URI:http://xest/265 +- URI:http://xest/266 +- URI:http://xest/267 +- URI:http://xest/268 +- URI:http://xest/269 +- URI:http://xest/270 +- URI:http://xest/271 +- URI:http://xest/272 +- URI:http://xest/273 +- URI:http://xest/274 +- URI:http://xest/275 +- URI:http://xest/276 +- URI:http://xest/277 +- URI:http://xest/278 +- URI:http://xest/279 +- URI:http://xest/280 +- URI:http://xest/281 +- URI:http://xest/282 +- URI:http://xest/283 +- URI:http://xest/284 +- URI:http://xest/285 +- URI:http://xest/286 +- URI:http://xest/287 +- URI:http://xest/288 +- URI:http://xest/289 +- URI:http://xest/290 +- URI:http://xest/291 +- URI:http://xest/292 +- URI:http://xest/293 +- URI:http://xest/294 +- URI:http://xest/295 +- URI:http://xest/296 +- URI:http://xest/297 +- URI:http://xest/298 +- URI:http://xest/299 +- URI:http://xest/300 +- URI:http://xest/301 +- URI:http://xest/302 +- URI:http://xest/303 +- URI:http://xest/304 +- URI:http://xest/305 +- URI:http://xest/306 +- URI:http://xest/307 +- URI:http://xest/308 +- URI:http://xest/309 +- URI:http://xest/310 +- URI:http://xest/311 +- URI:http://xest/312 +- URI:http://xest/313 +- URI:http://xest/314 +- URI:http://xest/315 +- URI:http://xest/316 +- URI:http://xest/317 +- URI:http://xest/318 +- URI:http://xest/319 +- URI:http://xest/320 +- URI:http://xest/321 +- URI:http://xest/322 +- URI:http://xest/323 +- URI:http://xest/324 +- URI:http://xest/325 +- URI:http://xest/326 +- URI:http://xest/327 +- URI:http://xest/328 +- URI:http://xest/329 +- URI:http://xest/330 +- URI:http://xest/331 +- URI:http://xest/332 +- URI:http://xest/333 +- URI:http://xest/334 +- URI:http://xest/335 +- URI:http://xest/336 +- URI:http://xest/337 +- URI:http://xest/338 +- URI:http://xest/339 +- URI:http://xest/340 +- URI:http://xest/341 +- URI:http://xest/342 +- URI:http://xest/343 +- URI:http://xest/344 +- URI:http://xest/345 +- URI:http://xest/346 +- URI:http://xest/347 +- URI:http://xest/348 +- URI:http://xest/349 +- URI:http://xest/350 +- URI:http://xest/351 +- URI:http://xest/352 +- URI:http://xest/353 +- URI:http://xest/354 +- URI:http://xest/355 +- URI:http://xest/356 +- URI:http://xest/357 +- URI:http://xest/358 +- URI:http://xest/359 +- URI:http://xest/360 +- URI:http://xest/361 +- URI:http://xest/362 +- URI:http://xest/363 +- URI:http://xest/364 +- URI:http://xest/365 +- URI:http://xest/366 +- URI:http://xest/367 +- URI:http://xest/368 +- URI:http://xest/369 +- URI:http://xest/370 +- URI:http://xest/371 +- URI:http://xest/372 +- URI:http://xest/373 +- URI:http://xest/374 +- URI:http://xest/375 +- URI:http://xest/376 +- URI:http://xest/377 +- URI:http://xest/378 +- URI:http://xest/379 +- URI:http://xest/380 +- URI:http://xest/381 +- URI:http://xest/382 +- URI:http://xest/383 +- URI:http://xest/384 +- URI:http://xest/385 +- URI:http://xest/386 +- URI:http://xest/387 +- URI:http://xest/388 +- URI:http://xest/389 +- URI:http://xest/390 +- URI:http://xest/391 +- URI:http://xest/392 +- URI:http://xest/393 +- URI:http://xest/394 +- URI:http://xest/395 +- URI:http://xest/396 +- URI:http://xest/397 +- URI:http://xest/398 +- URI:http://xest/399 +- URI:http://xest/400 +- URI:http://xest/401 +- URI:http://xest/402 +- URI:http://xest/403 +- URI:http://xest/404 +- URI:http://xest/405 +- URI:http://xest/406 +- URI:http://xest/407 +- URI:http://xest/408 +- URI:http://xest/409 +- URI:http://xest/410 +- URI:http://xest/411 +- URI:http://xest/412 +- URI:http://xest/413 +- URI:http://xest/414 +- URI:http://xest/415 +- URI:http://xest/416 +- URI:http://xest/417 +- URI:http://xest/418 +- URI:http://xest/419 +- URI:http://xest/420 +- URI:http://xest/421 +- URI:http://xest/422 +- URI:http://xest/423 +- URI:http://xest/424 +- URI:http://xest/425 +- URI:http://xest/426 +- URI:http://xest/427 +- URI:http://xest/428 +- URI:http://xest/429 +- URI:http://xest/430 +- URI:http://xest/431 +- URI:http://xest/432 +- URI:http://xest/433 +- URI:http://xest/434 +- URI:http://xest/435 +- URI:http://xest/436 +- URI:http://xest/437 +- URI:http://xest/438 +- URI:http://xest/439 +- URI:http://xest/440 +- URI:http://xest/441 +- URI:http://xest/442 +- URI:http://xest/443 +- URI:http://xest/444 +- URI:http://xest/445 +- URI:http://xest/446 +- URI:http://xest/447 +- URI:http://xest/448 +- URI:http://xest/449 +- URI:http://xest/450 +- URI:http://xest/451 +- URI:http://xest/452 +- URI:http://xest/453 +- URI:http://xest/454 +- URI:http://xest/455 +- URI:http://xest/456 +- URI:http://xest/457 +- URI:http://xest/458 +- URI:http://xest/459 +- URI:http://xest/460 +- URI:http://xest/461 +- URI:http://xest/462 +- URI:http://xest/463 +- URI:http://xest/464 +- URI:http://xest/465 +- URI:http://xest/466 +- URI:http://xest/467 +- URI:http://xest/468 +- URI:http://xest/469 +- URI:http://xest/470 +- URI:http://xest/471 +- URI:http://xest/472 +- URI:http://xest/473 +- URI:http://xest/474 +- URI:http://xest/475 +- URI:http://xest/476 +- URI:http://xest/477 +- URI:http://xest/478 +- URI:http://xest/479 +- URI:http://xest/480 +- URI:http://xest/481 +- URI:http://xest/482 +- URI:http://xest/483 +- URI:http://xest/484 +- URI:http://xest/485 +- URI:http://xest/486 +- URI:http://xest/487 +- URI:http://xest/488 +- URI:http://xest/489 +- URI:http://xest/490 +- URI:http://xest/491 +- URI:http://xest/492 +- URI:http://xest/493 +- URI:http://xest/494 +- URI:http://xest/495 +- URI:http://xest/496 +- URI:http://xest/497 +- URI:http://xest/498 +- URI:http://xest/499 +- URI:http://xest/500 +- URI:http://xest/501 +- URI:http://xest/502 +- URI:http://xest/503 +- URI:http://xest/504 +- URI:http://xest/505 +- URI:http://xest/506 +- URI:http://xest/507 +- URI:http://xest/508 +- URI:http://xest/509 +- URI:http://xest/510 +- URI:http://xest/511 +- URI:http://xest/512 +- URI:http://xest/513 +- URI:http://xest/514 +- URI:http://xest/515 +- URI:http://xest/516 +- URI:http://xest/517 +- URI:http://xest/518 +- URI:http://xest/519 +- URI:http://xest/520 +- URI:http://xest/521 +- URI:http://xest/522 +- URI:http://xest/523 +- URI:http://xest/524 +- URI:http://xest/525 +- URI:http://xest/526 +- URI:http://xest/527 +- URI:http://xest/528 +- URI:http://xest/529 +- URI:http://xest/530 +- URI:http://xest/531 +- URI:http://xest/532 +- URI:http://xest/533 +- URI:http://xest/534 +- URI:http://xest/535 +- URI:http://xest/536 +- URI:http://xest/537 +- URI:http://xest/538 +- URI:http://xest/539 +- URI:http://xest/540 +- URI:http://xest/541 +- URI:http://xest/542 +- URI:http://xest/543 +- URI:http://xest/544 +- URI:http://xest/545 +- URI:http://xest/546 +- URI:http://xest/547 +- URI:http://xest/548 +- URI:http://xest/549 +- URI:http://xest/550 +- URI:http://xest/551 +- URI:http://xest/552 +- URI:http://xest/553 +- URI:http://xest/554 +- URI:http://xest/555 +- URI:http://xest/556 +- URI:http://xest/557 +- URI:http://xest/558 +- URI:http://xest/559 +- URI:http://xest/560 +- URI:http://xest/561 +- URI:http://xest/562 +- URI:http://xest/563 +- URI:http://xest/564 +- URI:http://xest/565 +- URI:http://xest/566 +- URI:http://xest/567 +- URI:http://xest/568 +- URI:http://xest/569 +- URI:http://xest/570 +- URI:http://xest/571 +- URI:http://xest/572 +- URI:http://xest/573 +- URI:http://xest/574 +- URI:http://xest/575 +- URI:http://xest/576 +- URI:http://xest/577 +- URI:http://xest/578 +- URI:http://xest/579 +- URI:http://xest/580 +- URI:http://xest/581 +- URI:http://xest/582 +- URI:http://xest/583 +- URI:http://xest/584 +- URI:http://xest/585 +- URI:http://xest/586 +- URI:http://xest/587 +- URI:http://xest/588 +- URI:http://xest/589 +- URI:http://xest/590 +- URI:http://xest/591 +- URI:http://xest/592 +- URI:http://xest/593 +- URI:http://xest/594 +- URI:http://xest/595 +- URI:http://xest/596 +- URI:http://xest/597 +- URI:http://xest/598 +- URI:http://xest/599 +- URI:http://xest/600 +- URI:http://xest/601 +- URI:http://xest/602 +- URI:http://xest/603 +- URI:http://xest/604 +- URI:http://xest/605 +- URI:http://xest/606 +- URI:http://xest/607 +- URI:http://xest/608 +- URI:http://xest/609 +- URI:http://xest/610 +- URI:http://xest/611 +- URI:http://xest/612 +- URI:http://xest/613 +- URI:http://xest/614 +- URI:http://xest/615 +- URI:http://xest/616 +- URI:http://xest/617 +- URI:http://xest/618 +- URI:http://xest/619 +- URI:http://xest/620 +- URI:http://xest/621 +- URI:http://xest/622 +- URI:http://xest/623 +- URI:http://xest/624 +- URI:http://xest/625 +- URI:http://xest/626 +- URI:http://xest/627 +- URI:http://xest/628 +- URI:http://xest/629 +- URI:http://xest/630 +- URI:http://xest/631 +- URI:http://xest/632 +- URI:http://xest/633 +- URI:http://xest/634 +- URI:http://xest/635 +- URI:http://xest/636 +- URI:http://xest/637 +- URI:http://xest/638 +- URI:http://xest/639 +- URI:http://xest/640 +- URI:http://xest/641 +- URI:http://xest/642 +- URI:http://xest/643 +- URI:http://xest/644 +- URI:http://xest/645 +- URI:http://xest/646 +- URI:http://xest/647 +- URI:http://xest/648 +- URI:http://xest/649 +- URI:http://xest/650 +- URI:http://xest/651 +- URI:http://xest/652 +- URI:http://xest/653 +- URI:http://xest/654 +- URI:http://xest/655 +- URI:http://xest/656 +- URI:http://xest/657 +- URI:http://xest/658 +- URI:http://xest/659 +- URI:http://xest/660 +- URI:http://xest/661 +- URI:http://xest/662 +- URI:http://xest/663 +- URI:http://xest/664 +- URI:http://xest/665 +- URI:http://xest/666 +- URI:http://xest/667 +- URI:http://xest/668 +- URI:http://xest/669 +- URI:http://xest/670 +- URI:http://xest/671 +- URI:http://xest/672 +- URI:http://xest/673 +- URI:http://xest/674 +- URI:http://xest/675 +- URI:http://xest/676 +- URI:http://xest/677 +- URI:http://xest/678 +- URI:http://xest/679 +- URI:http://xest/680 +- URI:http://xest/681 +- URI:http://xest/682 +- URI:http://xest/683 +- URI:http://xest/684 +- URI:http://xest/685 +- URI:http://xest/686 +- URI:http://xest/687 +- URI:http://xest/688 +- URI:http://xest/689 +- URI:http://xest/690 +- URI:http://xest/691 +- URI:http://xest/692 +- URI:http://xest/693 +- URI:http://xest/694 +- URI:http://xest/695 +- URI:http://xest/696 +- URI:http://xest/697 +- URI:http://xest/698 +- URI:http://xest/699 +- URI:http://xest/700 +- URI:http://xest/701 +- URI:http://xest/702 +- URI:http://xest/703 +- URI:http://xest/704 +- URI:http://xest/705 +- URI:http://xest/706 +- URI:http://xest/707 +- URI:http://xest/708 +- URI:http://xest/709 +- URI:http://xest/710 +- URI:http://xest/711 +- URI:http://xest/712 +- URI:http://xest/713 +- URI:http://xest/714 +- URI:http://xest/715 +- URI:http://xest/716 +- URI:http://xest/717 +- URI:http://xest/718 +- URI:http://xest/719 +- URI:http://xest/720 +- URI:http://xest/721 +- URI:http://xest/722 +- URI:http://xest/723 +- URI:http://xest/724 +- URI:http://xest/725 +- URI:http://xest/726 +- URI:http://xest/727 +- URI:http://xest/728 +- URI:http://xest/729 +- URI:http://xest/730 +- URI:http://xest/731 +- URI:http://xest/732 +- URI:http://xest/733 +- URI:http://xest/734 +- URI:http://xest/735 +- URI:http://xest/736 +- URI:http://xest/737 +- URI:http://xest/738 +- URI:http://xest/739 +- URI:http://xest/740 +- URI:http://xest/741 +- URI:http://xest/742 +- URI:http://xest/743 +- URI:http://xest/744 +- URI:http://xest/745 +- URI:http://xest/746 +- URI:http://xest/747 +- URI:http://xest/748 +- URI:http://xest/749 +- URI:http://xest/750 +- URI:http://xest/751 +- URI:http://xest/752 +- URI:http://xest/753 +- URI:http://xest/754 +- URI:http://xest/755 +- URI:http://xest/756 +- URI:http://xest/757 +- URI:http://xest/758 +- URI:http://xest/759 +- URI:http://xest/760 +- URI:http://xest/761 +- URI:http://xest/762 +- URI:http://xest/763 +- URI:http://xest/764 +- URI:http://xest/765 +- URI:http://xest/766 +- URI:http://xest/767 +- URI:http://xest/768 +- URI:http://xest/769 +- URI:http://xest/770 +- URI:http://xest/771 +- URI:http://xest/772 +- URI:http://xest/773 +- URI:http://xest/774 +- URI:http://xest/775 +- URI:http://xest/776 +- URI:http://xest/777 +- URI:http://xest/778 +- URI:http://xest/779 +- URI:http://xest/780 +- URI:http://xest/781 +- URI:http://xest/782 +- URI:http://xest/783 +- URI:http://xest/784 +- URI:http://xest/785 +- URI:http://xest/786 +- URI:http://xest/787 +- URI:http://xest/788 +- URI:http://xest/789 +- URI:http://xest/790 +- URI:http://xest/791 +- URI:http://xest/792 +- URI:http://xest/793 +- URI:http://xest/794 +- URI:http://xest/795 +- URI:http://xest/796 +- URI:http://xest/797 +- URI:http://xest/798 +- URI:http://xest/799 +- URI:http://xest/800 +- URI:http://xest/801 +- URI:http://xest/802 +- URI:http://xest/803 +- URI:http://xest/804 +- URI:http://xest/805 +- URI:http://xest/806 +- URI:http://xest/807 +- URI:http://xest/808 +- URI:http://xest/809 +- URI:http://xest/810 +- URI:http://xest/811 +- URI:http://xest/812 +- URI:http://xest/813 +- URI:http://xest/814 +- URI:http://xest/815 +- URI:http://xest/816 +- URI:http://xest/817 +- URI:http://xest/818 +- URI:http://xest/819 +- URI:http://xest/820 +- URI:http://xest/821 +- URI:http://xest/822 +- URI:http://xest/823 +- URI:http://xest/824 +- URI:http://xest/825 +- URI:http://xest/826 +- URI:http://xest/827 +- URI:http://xest/828 +- URI:http://xest/829 +- URI:http://xest/830 +- URI:http://xest/831 +- URI:http://xest/832 +- URI:http://xest/833 +- URI:http://xest/834 +- URI:http://xest/835 +- URI:http://xest/836 +- URI:http://xest/837 +- URI:http://xest/838 +- URI:http://xest/839 +- URI:http://xest/840 +- URI:http://xest/841 +- URI:http://xest/842 +- URI:http://xest/843 +- URI:http://xest/844 +- URI:http://xest/845 +- URI:http://xest/846 +- URI:http://xest/847 +- URI:http://xest/848 +- URI:http://xest/849 +- URI:http://xest/850 +- URI:http://xest/851 +- URI:http://xest/852 +- URI:http://xest/853 +- URI:http://xest/854 +- URI:http://xest/855 +- URI:http://xest/856 +- URI:http://xest/857 +- URI:http://xest/858 +- URI:http://xest/859 +- URI:http://xest/860 +- URI:http://xest/861 +- URI:http://xest/862 +- URI:http://xest/863 +- URI:http://xest/864 +- URI:http://xest/865 +- URI:http://xest/866 +- URI:http://xest/867 +- URI:http://xest/868 +- URI:http://xest/869 +- URI:http://xest/870 +- URI:http://xest/871 +- URI:http://xest/872 +- URI:http://xest/873 +- URI:http://xest/874 +- URI:http://xest/875 +- URI:http://xest/876 +- URI:http://xest/877 +- URI:http://xest/878 +- URI:http://xest/879 +- URI:http://xest/880 +- URI:http://xest/881 +- URI:http://xest/882 +- URI:http://xest/883 +- URI:http://xest/884 +- URI:http://xest/885 +- URI:http://xest/886 +- URI:http://xest/887 +- URI:http://xest/888 +- URI:http://xest/889 +- URI:http://xest/890 +- URI:http://xest/891 +- URI:http://xest/892 +- URI:http://xest/893 +- URI:http://xest/894 +- URI:http://xest/895 +- URI:http://xest/896 +- URI:http://xest/897 +- URI:http://xest/898 +- URI:http://xest/899 +- URI:http://xest/900 +- URI:http://xest/901 +- URI:http://xest/902 +- URI:http://xest/903 +- URI:http://xest/904 +- URI:http://xest/905 +- URI:http://xest/906 +- URI:http://xest/907 +- URI:http://xest/908 +- URI:http://xest/909 +- URI:http://xest/910 +- URI:http://xest/911 +- URI:http://xest/912 +- URI:http://xest/913 +- URI:http://xest/914 +- URI:http://xest/915 +- URI:http://xest/916 +- URI:http://xest/917 +- URI:http://xest/918 +- URI:http://xest/919 +- URI:http://xest/920 +- URI:http://xest/921 +- URI:http://xest/922 +- URI:http://xest/923 +- URI:http://xest/924 +- URI:http://xest/925 +- URI:http://xest/926 +- URI:http://xest/927 +- URI:http://xest/928 +- URI:http://xest/929 +- URI:http://xest/930 +- URI:http://xest/931 +- URI:http://xest/932 +- URI:http://xest/933 +- URI:http://xest/934 +- URI:http://xest/935 +- URI:http://xest/936 +- URI:http://xest/937 +- URI:http://xest/938 +- URI:http://xest/939 +- URI:http://xest/940 +- URI:http://xest/941 +- URI:http://xest/942 +- URI:http://xest/943 +- URI:http://xest/944 +- URI:http://xest/945 +- URI:http://xest/946 +- URI:http://xest/947 +- URI:http://xest/948 +- URI:http://xest/949 +- URI:http://xest/950 +- URI:http://xest/951 +- URI:http://xest/952 +- URI:http://xest/953 +- URI:http://xest/954 +- URI:http://xest/955 +- URI:http://xest/956 +- URI:http://xest/957 +- URI:http://xest/958 +- URI:http://xest/959 +- URI:http://xest/960 +- URI:http://xest/961 +- URI:http://xest/962 +- URI:http://xest/963 +- URI:http://xest/964 +- URI:http://xest/965 +- URI:http://xest/966 +- URI:http://xest/967 +- URI:http://xest/968 +- URI:http://xest/969 +- URI:http://xest/970 +- URI:http://xest/971 +- URI:http://xest/972 +- URI:http://xest/973 +- URI:http://xest/974 +- URI:http://xest/975 +- URI:http://xest/976 +- URI:http://xest/977 +- URI:http://xest/978 +- URI:http://xest/979 +- URI:http://xest/980 +- URI:http://xest/981 +- URI:http://xest/982 +- URI:http://xest/983 +- URI:http://xest/984 +- URI:http://xest/985 +- URI:http://xest/986 +- URI:http://xest/987 +- URI:http://xest/988 +- URI:http://xest/989 +- URI:http://xest/990 +- URI:http://xest/991 +- URI:http://xest/992 +- URI:http://xest/993 +- URI:http://xest/994 +- URI:http://xest/995 +- URI:http://xest/996 +- URI:http://xest/997 +- URI:http://xest/998 +- URI:http://xest/999 +- URI:http://xest/1000 +- URI:http://xest/1001 +- URI:http://xest/1002 +- URI:http://xest/1003 +- URI:http://xest/1004 +- URI:http://xest/1005 +- URI:http://xest/1006 +- URI:http://xest/1007 +- URI:http://xest/1008 +- URI:http://xest/1009 +- URI:http://xest/1010 +- URI:http://xest/1011 +- URI:http://xest/1012 +- URI:http://xest/1013 +- URI:http://xest/1014 +- URI:http://xest/1015 +- URI:http://xest/1016 +- URI:http://xest/1017 +- URI:http://xest/1018 +- URI:http://xest/1019 +- URI:http://xest/1020 +- URI:http://xest/1021 +- URI:http://xest/1022 +- URI:http://xest/1023 +- URI:http://xest/1024 +- +- Signature Algorithm: sha256WithRSAEncryption +- 5d:94:f0:0a:d4:00:79:35:cf:57:0e:3d:24:e9:17:d9:0c:22: +- f2:7e:18:73:4a:bc:89:fa:cf:19:fb:26:b3:93:7b:f6:61:24: +- a0:36:e1:29:1f:3c:a6:db:c2:c3:fc:dd:05:5b:25:f1:21:4f: +- 29:1b:b2:bc:c6:0d:3d:cb:27:a5:16:8d:73:b3:e4:a0:82:ae: +- 43:7b:72:4f:52:aa:cf:c1:0f:6b:13:7d:af:11:cd:ce:8d:a5: +- 78:b2:a8:9d:4e:22:6d:0d:60:59:29:b1:a5:97:01:52:ae:4e: +- 6f:4e:bc:4e:cc:d4:6b:f9:32:04:42:1c:e7:87:74:6c:42:74: +- a6:4c:83:07:b8:54:2e:33:4c:6b:09:38:e1:ce:b1:56:59:82: +- f5:69:90:4f:7d:04:51:45:68:09:14:5b:b2:c9:a4:b0:41:ab: +- 7a:f6:4a:84:0d:88:2f:45:d2:3b:81:bc:e8:91:b9:a8:f1:bb: +- 93:d7:42:7d:c8:ca:24:19:f7:28:a4:c6:67:ac:1a:2e:8d:88: +- 72:ae:47:14:da:1c:38:f7:a6:7e:38:af:c4:47:0a:7d:8e:38: +- 3d:25:3a:48:d7:af:0b:0c:c0:45:42:43:5f:1e:66:1b:64:53: +- 2a:4f:81:a1:e8:21:d0:4b:bc:49:87:b0:5e:37:d5:68:ad:7a: +- f4:aa:f4:ad +------BEGIN CERTIFICATE----- +-MIMBYqUwgwFhjKADAgECAhQ85fyBiFmoUBbBf9flKuWWf8L3ADANBgkqhkiG9w0B +-AQsFADAPMQ0wCwYDVQQDDARSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +-MDAwMFowFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEF +-AAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxLHa4GJxiO +-VbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9WyNroD1co +-d26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luvC6DmdaXS +-4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf00YvmLxRm +-VvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9IbjmK6igvwa7 +-QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABo4MBX+0wgwFf6DAd +-BgNVHQ4EFgQUkhE/rBGWx2Y3z4NaJPA6d68zjX8wHwYDVR0jBBgwFoAUtsLvn9Ep +-yw+JjExS1L1AtxG3cd0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRw +-Oi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDov +-L3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +-BTADAQH/MIMBXxsGA1UdHgSDAV8RMIMBXwyggq+CMAmCB3QwLnRlc3QwCYIHdDEu +-dGVzdDAJggd0Mi50ZXN0MAmCB3QzLnRlc3QwCYIHdDQudGVzdDAJggd0NS50ZXN0 +-MAmCB3Q2LnRlc3QwCYIHdDcudGVzdDAJggd0OC50ZXN0MAmCB3Q5LnRlc3QwCoII +-dDEwLnRlc3QwCoIIdDExLnRlc3QwCoIIdDEyLnRlc3QwCoIIdDEzLnRlc3QwCoII +-dDE0LnRlc3QwCoIIdDE1LnRlc3QwCoIIdDE2LnRlc3QwCoIIdDE3LnRlc3QwCoII +-dDE4LnRlc3QwCoIIdDE5LnRlc3QwCoIIdDIwLnRlc3QwCoIIdDIxLnRlc3QwCoII +-dDIyLnRlc3QwCoIIdDIzLnRlc3QwCoIIdDI0LnRlc3QwCoIIdDI1LnRlc3QwCoII +-dDI2LnRlc3QwCoIIdDI3LnRlc3QwCoIIdDI4LnRlc3QwCoIIdDI5LnRlc3QwCoII +-dDMwLnRlc3QwCoIIdDMxLnRlc3QwCoIIdDMyLnRlc3QwCoIIdDMzLnRlc3QwCoII +-dDM0LnRlc3QwCoIIdDM1LnRlc3QwCoIIdDM2LnRlc3QwCoIIdDM3LnRlc3QwCoII +-dDM4LnRlc3QwCoIIdDM5LnRlc3QwCoIIdDQwLnRlc3QwCoIIdDQxLnRlc3QwCoII +-dDQyLnRlc3QwCoIIdDQzLnRlc3QwCoIIdDQ0LnRlc3QwCoIIdDQ1LnRlc3QwCoII +-dDQ2LnRlc3QwCoIIdDQ3LnRlc3QwCoIIdDQ4LnRlc3QwCoIIdDQ5LnRlc3QwCoII +-dDUwLnRlc3QwCoIIdDUxLnRlc3QwCoIIdDUyLnRlc3QwCoIIdDUzLnRlc3QwCoII +-dDU0LnRlc3QwCoIIdDU1LnRlc3QwCoIIdDU2LnRlc3QwCoIIdDU3LnRlc3QwCoII +-dDU4LnRlc3QwCoIIdDU5LnRlc3QwCoIIdDYwLnRlc3QwCoIIdDYxLnRlc3QwCoII +-dDYyLnRlc3QwCoIIdDYzLnRlc3QwCoIIdDY0LnRlc3QwCoIIdDY1LnRlc3QwCoII +-dDY2LnRlc3QwCoIIdDY3LnRlc3QwCoIIdDY4LnRlc3QwCoIIdDY5LnRlc3QwCoII +-dDcwLnRlc3QwCoIIdDcxLnRlc3QwCoIIdDcyLnRlc3QwCoIIdDczLnRlc3QwCoII +-dDc0LnRlc3QwCoIIdDc1LnRlc3QwCoIIdDc2LnRlc3QwCoIIdDc3LnRlc3QwCoII +-dDc4LnRlc3QwCoIIdDc5LnRlc3QwCoIIdDgwLnRlc3QwCoIIdDgxLnRlc3QwCoII +-dDgyLnRlc3QwCoIIdDgzLnRlc3QwCoIIdDg0LnRlc3QwCoIIdDg1LnRlc3QwCoII +-dDg2LnRlc3QwCoIIdDg3LnRlc3QwCoIIdDg4LnRlc3QwCoIIdDg5LnRlc3QwCoII +-dDkwLnRlc3QwCoIIdDkxLnRlc3QwCoIIdDkyLnRlc3QwCoIIdDkzLnRlc3QwCoII +-dDk0LnRlc3QwCoIIdDk1LnRlc3QwCoIIdDk2LnRlc3QwCoIIdDk3LnRlc3QwCoII +-dDk4LnRlc3QwCoIIdDk5LnRlc3QwC4IJdDEwMC50ZXN0MAuCCXQxMDEudGVzdDAL +-ggl0MTAyLnRlc3QwC4IJdDEwMy50ZXN0MAuCCXQxMDQudGVzdDALggl0MTA1LnRl +-c3QwC4IJdDEwNi50ZXN0MAuCCXQxMDcudGVzdDALggl0MTA4LnRlc3QwC4IJdDEw +-OS50ZXN0MAuCCXQxMTAudGVzdDALggl0MTExLnRlc3QwC4IJdDExMi50ZXN0MAuC +-CXQxMTMudGVzdDALggl0MTE0LnRlc3QwC4IJdDExNS50ZXN0MAuCCXQxMTYudGVz +-dDALggl0MTE3LnRlc3QwC4IJdDExOC50ZXN0MAuCCXQxMTkudGVzdDALggl0MTIw +-LnRlc3QwC4IJdDEyMS50ZXN0MAuCCXQxMjIudGVzdDALggl0MTIzLnRlc3QwC4IJ +-dDEyNC50ZXN0MAuCCXQxMjUudGVzdDALggl0MTI2LnRlc3QwC4IJdDEyNy50ZXN0 +-MAuCCXQxMjgudGVzdDALggl0MTI5LnRlc3QwC4IJdDEzMC50ZXN0MAuCCXQxMzEu +-dGVzdDALggl0MTMyLnRlc3QwC4IJdDEzMy50ZXN0MAuCCXQxMzQudGVzdDALggl0 +-MTM1LnRlc3QwC4IJdDEzNi50ZXN0MAuCCXQxMzcudGVzdDALggl0MTM4LnRlc3Qw +-C4IJdDEzOS50ZXN0MAuCCXQxNDAudGVzdDALggl0MTQxLnRlc3QwC4IJdDE0Mi50 +-ZXN0MAuCCXQxNDMudGVzdDALggl0MTQ0LnRlc3QwC4IJdDE0NS50ZXN0MAuCCXQx +-NDYudGVzdDALggl0MTQ3LnRlc3QwC4IJdDE0OC50ZXN0MAuCCXQxNDkudGVzdDAL +-ggl0MTUwLnRlc3QwC4IJdDE1MS50ZXN0MAuCCXQxNTIudGVzdDALggl0MTUzLnRl +-c3QwC4IJdDE1NC50ZXN0MAuCCXQxNTUudGVzdDALggl0MTU2LnRlc3QwC4IJdDE1 +-Ny50ZXN0MAuCCXQxNTgudGVzdDALggl0MTU5LnRlc3QwC4IJdDE2MC50ZXN0MAuC +-CXQxNjEudGVzdDALggl0MTYyLnRlc3QwC4IJdDE2My50ZXN0MAuCCXQxNjQudGVz +-dDALggl0MTY1LnRlc3QwC4IJdDE2Ni50ZXN0MAuCCXQxNjcudGVzdDALggl0MTY4 +-LnRlc3QwC4IJdDE2OS50ZXN0MAuCCXQxNzAudGVzdDALggl0MTcxLnRlc3QwC4IJ +-dDE3Mi50ZXN0MAuCCXQxNzMudGVzdDALggl0MTc0LnRlc3QwC4IJdDE3NS50ZXN0 +-MAuCCXQxNzYudGVzdDALggl0MTc3LnRlc3QwC4IJdDE3OC50ZXN0MAuCCXQxNzku +-dGVzdDALggl0MTgwLnRlc3QwC4IJdDE4MS50ZXN0MAuCCXQxODIudGVzdDALggl0 +-MTgzLnRlc3QwC4IJdDE4NC50ZXN0MAuCCXQxODUudGVzdDALggl0MTg2LnRlc3Qw +-C4IJdDE4Ny50ZXN0MAuCCXQxODgudGVzdDALggl0MTg5LnRlc3QwC4IJdDE5MC50 +-ZXN0MAuCCXQxOTEudGVzdDALggl0MTkyLnRlc3QwC4IJdDE5My50ZXN0MAuCCXQx +-OTQudGVzdDALggl0MTk1LnRlc3QwC4IJdDE5Ni50ZXN0MAuCCXQxOTcudGVzdDAL +-ggl0MTk4LnRlc3QwC4IJdDE5OS50ZXN0MAuCCXQyMDAudGVzdDALggl0MjAxLnRl +-c3QwC4IJdDIwMi50ZXN0MAuCCXQyMDMudGVzdDALggl0MjA0LnRlc3QwC4IJdDIw +-NS50ZXN0MAuCCXQyMDYudGVzdDALggl0MjA3LnRlc3QwC4IJdDIwOC50ZXN0MAuC +-CXQyMDkudGVzdDALggl0MjEwLnRlc3QwC4IJdDIxMS50ZXN0MAuCCXQyMTIudGVz +-dDALggl0MjEzLnRlc3QwC4IJdDIxNC50ZXN0MAuCCXQyMTUudGVzdDALggl0MjE2 +-LnRlc3QwC4IJdDIxNy50ZXN0MAuCCXQyMTgudGVzdDALggl0MjE5LnRlc3QwC4IJ +-dDIyMC50ZXN0MAuCCXQyMjEudGVzdDALggl0MjIyLnRlc3QwC4IJdDIyMy50ZXN0 +-MAuCCXQyMjQudGVzdDALggl0MjI1LnRlc3QwC4IJdDIyNi50ZXN0MAuCCXQyMjcu +-dGVzdDALggl0MjI4LnRlc3QwC4IJdDIyOS50ZXN0MAuCCXQyMzAudGVzdDALggl0 +-MjMxLnRlc3QwC4IJdDIzMi50ZXN0MAuCCXQyMzMudGVzdDALggl0MjM0LnRlc3Qw +-C4IJdDIzNS50ZXN0MAuCCXQyMzYudGVzdDALggl0MjM3LnRlc3QwC4IJdDIzOC50 +-ZXN0MAuCCXQyMzkudGVzdDALggl0MjQwLnRlc3QwC4IJdDI0MS50ZXN0MAuCCXQy +-NDIudGVzdDALggl0MjQzLnRlc3QwC4IJdDI0NC50ZXN0MAuCCXQyNDUudGVzdDAL +-ggl0MjQ2LnRlc3QwC4IJdDI0Ny50ZXN0MAuCCXQyNDgudGVzdDALggl0MjQ5LnRl +-c3QwC4IJdDI1MC50ZXN0MAuCCXQyNTEudGVzdDALggl0MjUyLnRlc3QwC4IJdDI1 +-My50ZXN0MAuCCXQyNTQudGVzdDALggl0MjU1LnRlc3QwC4IJdDI1Ni50ZXN0MAuC +-CXQyNTcudGVzdDALggl0MjU4LnRlc3QwC4IJdDI1OS50ZXN0MAuCCXQyNjAudGVz +-dDALggl0MjYxLnRlc3QwC4IJdDI2Mi50ZXN0MAuCCXQyNjMudGVzdDALggl0MjY0 +-LnRlc3QwC4IJdDI2NS50ZXN0MAuCCXQyNjYudGVzdDALggl0MjY3LnRlc3QwC4IJ +-dDI2OC50ZXN0MAuCCXQyNjkudGVzdDALggl0MjcwLnRlc3QwC4IJdDI3MS50ZXN0 +-MAuCCXQyNzIudGVzdDALggl0MjczLnRlc3QwC4IJdDI3NC50ZXN0MAuCCXQyNzUu +-dGVzdDALggl0Mjc2LnRlc3QwC4IJdDI3Ny50ZXN0MAuCCXQyNzgudGVzdDALggl0 +-Mjc5LnRlc3QwC4IJdDI4MC50ZXN0MAuCCXQyODEudGVzdDALggl0MjgyLnRlc3Qw +-C4IJdDI4My50ZXN0MAuCCXQyODQudGVzdDALggl0Mjg1LnRlc3QwC4IJdDI4Ni50 +-ZXN0MAuCCXQyODcudGVzdDALggl0Mjg4LnRlc3QwC4IJdDI4OS50ZXN0MAuCCXQy +-OTAudGVzdDALggl0MjkxLnRlc3QwC4IJdDI5Mi50ZXN0MAuCCXQyOTMudGVzdDAL +-ggl0Mjk0LnRlc3QwC4IJdDI5NS50ZXN0MAuCCXQyOTYudGVzdDALggl0Mjk3LnRl +-c3QwC4IJdDI5OC50ZXN0MAuCCXQyOTkudGVzdDALggl0MzAwLnRlc3QwC4IJdDMw +-MS50ZXN0MAuCCXQzMDIudGVzdDALggl0MzAzLnRlc3QwC4IJdDMwNC50ZXN0MAuC +-CXQzMDUudGVzdDALggl0MzA2LnRlc3QwC4IJdDMwNy50ZXN0MAuCCXQzMDgudGVz +-dDALggl0MzA5LnRlc3QwC4IJdDMxMC50ZXN0MAuCCXQzMTEudGVzdDALggl0MzEy +-LnRlc3QwC4IJdDMxMy50ZXN0MAuCCXQzMTQudGVzdDALggl0MzE1LnRlc3QwC4IJ +-dDMxNi50ZXN0MAuCCXQzMTcudGVzdDALggl0MzE4LnRlc3QwC4IJdDMxOS50ZXN0 +-MAuCCXQzMjAudGVzdDALggl0MzIxLnRlc3QwC4IJdDMyMi50ZXN0MAuCCXQzMjMu +-dGVzdDALggl0MzI0LnRlc3QwC4IJdDMyNS50ZXN0MAuCCXQzMjYudGVzdDALggl0 +-MzI3LnRlc3QwC4IJdDMyOC50ZXN0MAuCCXQzMjkudGVzdDALggl0MzMwLnRlc3Qw +-C4IJdDMzMS50ZXN0MAuCCXQzMzIudGVzdDALggl0MzMzLnRlc3QwC4IJdDMzNC50 +-ZXN0MAuCCXQzMzUudGVzdDALggl0MzM2LnRlc3QwC4IJdDMzNy50ZXN0MAuCCXQz +-MzgudGVzdDALggl0MzM5LnRlc3QwC4IJdDM0MC50ZXN0MAuCCXQzNDEudGVzdDAL +-ggl0MzQyLnRlc3QwC4IJdDM0My50ZXN0MAuCCXQzNDQudGVzdDALggl0MzQ1LnRl +-c3QwC4IJdDM0Ni50ZXN0MAuCCXQzNDcudGVzdDALggl0MzQ4LnRlc3QwC4IJdDM0 +-OS50ZXN0MAuCCXQzNTAudGVzdDALggl0MzUxLnRlc3QwC4IJdDM1Mi50ZXN0MAuC +-CXQzNTMudGVzdDALggl0MzU0LnRlc3QwC4IJdDM1NS50ZXN0MAuCCXQzNTYudGVz +-dDALggl0MzU3LnRlc3QwC4IJdDM1OC50ZXN0MAuCCXQzNTkudGVzdDALggl0MzYw +-LnRlc3QwC4IJdDM2MS50ZXN0MAuCCXQzNjIudGVzdDALggl0MzYzLnRlc3QwC4IJ +-dDM2NC50ZXN0MAuCCXQzNjUudGVzdDALggl0MzY2LnRlc3QwC4IJdDM2Ny50ZXN0 +-MAuCCXQzNjgudGVzdDALggl0MzY5LnRlc3QwC4IJdDM3MC50ZXN0MAuCCXQzNzEu +-dGVzdDALggl0MzcyLnRlc3QwC4IJdDM3My50ZXN0MAuCCXQzNzQudGVzdDALggl0 +-Mzc1LnRlc3QwC4IJdDM3Ni50ZXN0MAuCCXQzNzcudGVzdDALggl0Mzc4LnRlc3Qw +-C4IJdDM3OS50ZXN0MAuCCXQzODAudGVzdDALggl0MzgxLnRlc3QwC4IJdDM4Mi50 +-ZXN0MAuCCXQzODMudGVzdDALggl0Mzg0LnRlc3QwC4IJdDM4NS50ZXN0MAuCCXQz +-ODYudGVzdDALggl0Mzg3LnRlc3QwC4IJdDM4OC50ZXN0MAuCCXQzODkudGVzdDAL +-ggl0MzkwLnRlc3QwC4IJdDM5MS50ZXN0MAuCCXQzOTIudGVzdDALggl0MzkzLnRl +-c3QwC4IJdDM5NC50ZXN0MAuCCXQzOTUudGVzdDALggl0Mzk2LnRlc3QwC4IJdDM5 +-Ny50ZXN0MAuCCXQzOTgudGVzdDALggl0Mzk5LnRlc3QwC4IJdDQwMC50ZXN0MAuC +-CXQ0MDEudGVzdDALggl0NDAyLnRlc3QwC4IJdDQwMy50ZXN0MAuCCXQ0MDQudGVz +-dDALggl0NDA1LnRlc3QwC4IJdDQwNi50ZXN0MAuCCXQ0MDcudGVzdDALggl0NDA4 +-LnRlc3QwC4IJdDQwOS50ZXN0MAuCCXQ0MTAudGVzdDALggl0NDExLnRlc3QwC4IJ +-dDQxMi50ZXN0MAuCCXQ0MTMudGVzdDALggl0NDE0LnRlc3QwC4IJdDQxNS50ZXN0 +-MAuCCXQ0MTYudGVzdDALggl0NDE3LnRlc3QwC4IJdDQxOC50ZXN0MAuCCXQ0MTku +-dGVzdDALggl0NDIwLnRlc3QwC4IJdDQyMS50ZXN0MAuCCXQ0MjIudGVzdDALggl0 +-NDIzLnRlc3QwC4IJdDQyNC50ZXN0MAuCCXQ0MjUudGVzdDALggl0NDI2LnRlc3Qw +-C4IJdDQyNy50ZXN0MAuCCXQ0MjgudGVzdDALggl0NDI5LnRlc3QwC4IJdDQzMC50 +-ZXN0MAuCCXQ0MzEudGVzdDALggl0NDMyLnRlc3QwC4IJdDQzMy50ZXN0MAuCCXQ0 +-MzQudGVzdDALggl0NDM1LnRlc3QwC4IJdDQzNi50ZXN0MAuCCXQ0MzcudGVzdDAL +-ggl0NDM4LnRlc3QwC4IJdDQzOS50ZXN0MAuCCXQ0NDAudGVzdDALggl0NDQxLnRl +-c3QwC4IJdDQ0Mi50ZXN0MAuCCXQ0NDMudGVzdDALggl0NDQ0LnRlc3QwC4IJdDQ0 +-NS50ZXN0MAuCCXQ0NDYudGVzdDALggl0NDQ3LnRlc3QwC4IJdDQ0OC50ZXN0MAuC +-CXQ0NDkudGVzdDALggl0NDUwLnRlc3QwC4IJdDQ1MS50ZXN0MAuCCXQ0NTIudGVz +-dDALggl0NDUzLnRlc3QwC4IJdDQ1NC50ZXN0MAuCCXQ0NTUudGVzdDALggl0NDU2 +-LnRlc3QwC4IJdDQ1Ny50ZXN0MAuCCXQ0NTgudGVzdDALggl0NDU5LnRlc3QwC4IJ +-dDQ2MC50ZXN0MAuCCXQ0NjEudGVzdDALggl0NDYyLnRlc3QwC4IJdDQ2My50ZXN0 +-MAuCCXQ0NjQudGVzdDALggl0NDY1LnRlc3QwC4IJdDQ2Ni50ZXN0MAuCCXQ0Njcu +-dGVzdDALggl0NDY4LnRlc3QwC4IJdDQ2OS50ZXN0MAuCCXQ0NzAudGVzdDALggl0 +-NDcxLnRlc3QwC4IJdDQ3Mi50ZXN0MAuCCXQ0NzMudGVzdDALggl0NDc0LnRlc3Qw +-C4IJdDQ3NS50ZXN0MAuCCXQ0NzYudGVzdDALggl0NDc3LnRlc3QwC4IJdDQ3OC50 +-ZXN0MAuCCXQ0NzkudGVzdDALggl0NDgwLnRlc3QwC4IJdDQ4MS50ZXN0MAuCCXQ0 +-ODIudGVzdDALggl0NDgzLnRlc3QwC4IJdDQ4NC50ZXN0MAuCCXQ0ODUudGVzdDAL +-ggl0NDg2LnRlc3QwC4IJdDQ4Ny50ZXN0MAuCCXQ0ODgudGVzdDALggl0NDg5LnRl +-c3QwC4IJdDQ5MC50ZXN0MAuCCXQ0OTEudGVzdDALggl0NDkyLnRlc3QwC4IJdDQ5 +-My50ZXN0MAuCCXQ0OTQudGVzdDALggl0NDk1LnRlc3QwC4IJdDQ5Ni50ZXN0MAuC +-CXQ0OTcudGVzdDALggl0NDk4LnRlc3QwC4IJdDQ5OS50ZXN0MAuCCXQ1MDAudGVz +-dDALggl0NTAxLnRlc3QwC4IJdDUwMi50ZXN0MAuCCXQ1MDMudGVzdDALggl0NTA0 +-LnRlc3QwC4IJdDUwNS50ZXN0MAuCCXQ1MDYudGVzdDALggl0NTA3LnRlc3QwC4IJ +-dDUwOC50ZXN0MAuCCXQ1MDkudGVzdDALggl0NTEwLnRlc3QwC4IJdDUxMS50ZXN0 +-MAuCCXQ1MTIudGVzdDALggl0NTEzLnRlc3QwC4IJdDUxNC50ZXN0MAuCCXQ1MTUu +-dGVzdDALggl0NTE2LnRlc3QwC4IJdDUxNy50ZXN0MAuCCXQ1MTgudGVzdDALggl0 +-NTE5LnRlc3QwC4IJdDUyMC50ZXN0MAuCCXQ1MjEudGVzdDALggl0NTIyLnRlc3Qw +-C4IJdDUyMy50ZXN0MAuCCXQ1MjQudGVzdDALggl0NTI1LnRlc3QwC4IJdDUyNi50 +-ZXN0MAuCCXQ1MjcudGVzdDALggl0NTI4LnRlc3QwC4IJdDUyOS50ZXN0MAuCCXQ1 +-MzAudGVzdDALggl0NTMxLnRlc3QwC4IJdDUzMi50ZXN0MAuCCXQ1MzMudGVzdDAL +-ggl0NTM0LnRlc3QwC4IJdDUzNS50ZXN0MAuCCXQ1MzYudGVzdDALggl0NTM3LnRl +-c3QwC4IJdDUzOC50ZXN0MAuCCXQ1MzkudGVzdDALggl0NTQwLnRlc3QwC4IJdDU0 +-MS50ZXN0MAuCCXQ1NDIudGVzdDALggl0NTQzLnRlc3QwC4IJdDU0NC50ZXN0MAuC +-CXQ1NDUudGVzdDALggl0NTQ2LnRlc3QwC4IJdDU0Ny50ZXN0MAuCCXQ1NDgudGVz +-dDALggl0NTQ5LnRlc3QwC4IJdDU1MC50ZXN0MAuCCXQ1NTEudGVzdDALggl0NTUy +-LnRlc3QwC4IJdDU1My50ZXN0MAuCCXQ1NTQudGVzdDALggl0NTU1LnRlc3QwC4IJ +-dDU1Ni50ZXN0MAuCCXQ1NTcudGVzdDALggl0NTU4LnRlc3QwC4IJdDU1OS50ZXN0 +-MAuCCXQ1NjAudGVzdDALggl0NTYxLnRlc3QwC4IJdDU2Mi50ZXN0MAuCCXQ1NjMu +-dGVzdDALggl0NTY0LnRlc3QwC4IJdDU2NS50ZXN0MAuCCXQ1NjYudGVzdDALggl0 +-NTY3LnRlc3QwC4IJdDU2OC50ZXN0MAuCCXQ1NjkudGVzdDALggl0NTcwLnRlc3Qw +-C4IJdDU3MS50ZXN0MAuCCXQ1NzIudGVzdDALggl0NTczLnRlc3QwC4IJdDU3NC50 +-ZXN0MAuCCXQ1NzUudGVzdDALggl0NTc2LnRlc3QwC4IJdDU3Ny50ZXN0MAuCCXQ1 +-NzgudGVzdDALggl0NTc5LnRlc3QwC4IJdDU4MC50ZXN0MAuCCXQ1ODEudGVzdDAL +-ggl0NTgyLnRlc3QwC4IJdDU4My50ZXN0MAuCCXQ1ODQudGVzdDALggl0NTg1LnRl +-c3QwC4IJdDU4Ni50ZXN0MAuCCXQ1ODcudGVzdDALggl0NTg4LnRlc3QwC4IJdDU4 +-OS50ZXN0MAuCCXQ1OTAudGVzdDALggl0NTkxLnRlc3QwC4IJdDU5Mi50ZXN0MAuC +-CXQ1OTMudGVzdDALggl0NTk0LnRlc3QwC4IJdDU5NS50ZXN0MAuCCXQ1OTYudGVz +-dDALggl0NTk3LnRlc3QwC4IJdDU5OC50ZXN0MAuCCXQ1OTkudGVzdDALggl0NjAw +-LnRlc3QwC4IJdDYwMS50ZXN0MAuCCXQ2MDIudGVzdDALggl0NjAzLnRlc3QwC4IJ +-dDYwNC50ZXN0MAuCCXQ2MDUudGVzdDALggl0NjA2LnRlc3QwC4IJdDYwNy50ZXN0 +-MAuCCXQ2MDgudGVzdDALggl0NjA5LnRlc3QwC4IJdDYxMC50ZXN0MAuCCXQ2MTEu +-dGVzdDALggl0NjEyLnRlc3QwC4IJdDYxMy50ZXN0MAuCCXQ2MTQudGVzdDALggl0 +-NjE1LnRlc3QwC4IJdDYxNi50ZXN0MAuCCXQ2MTcudGVzdDALggl0NjE4LnRlc3Qw +-C4IJdDYxOS50ZXN0MAuCCXQ2MjAudGVzdDALggl0NjIxLnRlc3QwC4IJdDYyMi50 +-ZXN0MAuCCXQ2MjMudGVzdDALggl0NjI0LnRlc3QwC4IJdDYyNS50ZXN0MAuCCXQ2 +-MjYudGVzdDALggl0NjI3LnRlc3QwC4IJdDYyOC50ZXN0MAuCCXQ2MjkudGVzdDAL +-ggl0NjMwLnRlc3QwC4IJdDYzMS50ZXN0MAuCCXQ2MzIudGVzdDALggl0NjMzLnRl +-c3QwC4IJdDYzNC50ZXN0MAuCCXQ2MzUudGVzdDALggl0NjM2LnRlc3QwC4IJdDYz +-Ny50ZXN0MAuCCXQ2MzgudGVzdDALggl0NjM5LnRlc3QwC4IJdDY0MC50ZXN0MAuC +-CXQ2NDEudGVzdDALggl0NjQyLnRlc3QwC4IJdDY0My50ZXN0MAuCCXQ2NDQudGVz +-dDALggl0NjQ1LnRlc3QwC4IJdDY0Ni50ZXN0MAuCCXQ2NDcudGVzdDALggl0NjQ4 +-LnRlc3QwC4IJdDY0OS50ZXN0MAuCCXQ2NTAudGVzdDALggl0NjUxLnRlc3QwC4IJ +-dDY1Mi50ZXN0MAuCCXQ2NTMudGVzdDALggl0NjU0LnRlc3QwC4IJdDY1NS50ZXN0 +-MAuCCXQ2NTYudGVzdDALggl0NjU3LnRlc3QwC4IJdDY1OC50ZXN0MAuCCXQ2NTku +-dGVzdDALggl0NjYwLnRlc3QwC4IJdDY2MS50ZXN0MAuCCXQ2NjIudGVzdDALggl0 +-NjYzLnRlc3QwC4IJdDY2NC50ZXN0MAuCCXQ2NjUudGVzdDALggl0NjY2LnRlc3Qw +-C4IJdDY2Ny50ZXN0MAuCCXQ2NjgudGVzdDALggl0NjY5LnRlc3QwC4IJdDY3MC50 +-ZXN0MAuCCXQ2NzEudGVzdDALggl0NjcyLnRlc3QwC4IJdDY3My50ZXN0MAuCCXQ2 +-NzQudGVzdDALggl0Njc1LnRlc3QwC4IJdDY3Ni50ZXN0MAuCCXQ2NzcudGVzdDAL +-ggl0Njc4LnRlc3QwC4IJdDY3OS50ZXN0MAuCCXQ2ODAudGVzdDALggl0NjgxLnRl +-c3QwC4IJdDY4Mi50ZXN0MAuCCXQ2ODMudGVzdDALggl0Njg0LnRlc3QwC4IJdDY4 +-NS50ZXN0MAuCCXQ2ODYudGVzdDALggl0Njg3LnRlc3QwC4IJdDY4OC50ZXN0MAuC +-CXQ2ODkudGVzdDALggl0NjkwLnRlc3QwC4IJdDY5MS50ZXN0MAuCCXQ2OTIudGVz +-dDALggl0NjkzLnRlc3QwC4IJdDY5NC50ZXN0MAuCCXQ2OTUudGVzdDALggl0Njk2 +-LnRlc3QwC4IJdDY5Ny50ZXN0MAuCCXQ2OTgudGVzdDALggl0Njk5LnRlc3QwC4IJ +-dDcwMC50ZXN0MAuCCXQ3MDEudGVzdDALggl0NzAyLnRlc3QwC4IJdDcwMy50ZXN0 +-MAuCCXQ3MDQudGVzdDALggl0NzA1LnRlc3QwC4IJdDcwNi50ZXN0MAuCCXQ3MDcu +-dGVzdDALggl0NzA4LnRlc3QwC4IJdDcwOS50ZXN0MAuCCXQ3MTAudGVzdDALggl0 +-NzExLnRlc3QwC4IJdDcxMi50ZXN0MAuCCXQ3MTMudGVzdDALggl0NzE0LnRlc3Qw +-C4IJdDcxNS50ZXN0MAuCCXQ3MTYudGVzdDALggl0NzE3LnRlc3QwC4IJdDcxOC50 +-ZXN0MAuCCXQ3MTkudGVzdDALggl0NzIwLnRlc3QwC4IJdDcyMS50ZXN0MAuCCXQ3 +-MjIudGVzdDALggl0NzIzLnRlc3QwC4IJdDcyNC50ZXN0MAuCCXQ3MjUudGVzdDAL +-ggl0NzI2LnRlc3QwC4IJdDcyNy50ZXN0MAuCCXQ3MjgudGVzdDALggl0NzI5LnRl +-c3QwC4IJdDczMC50ZXN0MAuCCXQ3MzEudGVzdDALggl0NzMyLnRlc3QwC4IJdDcz +-My50ZXN0MAuCCXQ3MzQudGVzdDALggl0NzM1LnRlc3QwC4IJdDczNi50ZXN0MAuC +-CXQ3MzcudGVzdDALggl0NzM4LnRlc3QwC4IJdDczOS50ZXN0MAuCCXQ3NDAudGVz +-dDALggl0NzQxLnRlc3QwC4IJdDc0Mi50ZXN0MAuCCXQ3NDMudGVzdDALggl0NzQ0 +-LnRlc3QwC4IJdDc0NS50ZXN0MAuCCXQ3NDYudGVzdDALggl0NzQ3LnRlc3QwC4IJ +-dDc0OC50ZXN0MAuCCXQ3NDkudGVzdDALggl0NzUwLnRlc3QwC4IJdDc1MS50ZXN0 +-MAuCCXQ3NTIudGVzdDALggl0NzUzLnRlc3QwC4IJdDc1NC50ZXN0MAuCCXQ3NTUu +-dGVzdDALggl0NzU2LnRlc3QwC4IJdDc1Ny50ZXN0MAuCCXQ3NTgudGVzdDALggl0 +-NzU5LnRlc3QwC4IJdDc2MC50ZXN0MAuCCXQ3NjEudGVzdDALggl0NzYyLnRlc3Qw +-C4IJdDc2My50ZXN0MAuCCXQ3NjQudGVzdDALggl0NzY1LnRlc3QwC4IJdDc2Ni50 +-ZXN0MAuCCXQ3NjcudGVzdDALggl0NzY4LnRlc3QwC4IJdDc2OS50ZXN0MAuCCXQ3 +-NzAudGVzdDALggl0NzcxLnRlc3QwC4IJdDc3Mi50ZXN0MAuCCXQ3NzMudGVzdDAL +-ggl0Nzc0LnRlc3QwC4IJdDc3NS50ZXN0MAuCCXQ3NzYudGVzdDALggl0Nzc3LnRl +-c3QwC4IJdDc3OC50ZXN0MAuCCXQ3NzkudGVzdDALggl0NzgwLnRlc3QwC4IJdDc4 +-MS50ZXN0MAuCCXQ3ODIudGVzdDALggl0NzgzLnRlc3QwC4IJdDc4NC50ZXN0MAuC +-CXQ3ODUudGVzdDALggl0Nzg2LnRlc3QwC4IJdDc4Ny50ZXN0MAuCCXQ3ODgudGVz +-dDALggl0Nzg5LnRlc3QwC4IJdDc5MC50ZXN0MAuCCXQ3OTEudGVzdDALggl0Nzky +-LnRlc3QwC4IJdDc5My50ZXN0MAuCCXQ3OTQudGVzdDALggl0Nzk1LnRlc3QwC4IJ +-dDc5Ni50ZXN0MAuCCXQ3OTcudGVzdDALggl0Nzk4LnRlc3QwC4IJdDc5OS50ZXN0 +-MAuCCXQ4MDAudGVzdDALggl0ODAxLnRlc3QwC4IJdDgwMi50ZXN0MAuCCXQ4MDMu +-dGVzdDALggl0ODA0LnRlc3QwC4IJdDgwNS50ZXN0MAuCCXQ4MDYudGVzdDALggl0 +-ODA3LnRlc3QwC4IJdDgwOC50ZXN0MAuCCXQ4MDkudGVzdDALggl0ODEwLnRlc3Qw +-C4IJdDgxMS50ZXN0MAuCCXQ4MTIudGVzdDALggl0ODEzLnRlc3QwC4IJdDgxNC50 +-ZXN0MAuCCXQ4MTUudGVzdDALggl0ODE2LnRlc3QwC4IJdDgxNy50ZXN0MAuCCXQ4 +-MTgudGVzdDALggl0ODE5LnRlc3QwC4IJdDgyMC50ZXN0MAuCCXQ4MjEudGVzdDAL +-ggl0ODIyLnRlc3QwC4IJdDgyMy50ZXN0MAuCCXQ4MjQudGVzdDALggl0ODI1LnRl +-c3QwC4IJdDgyNi50ZXN0MAuCCXQ4MjcudGVzdDALggl0ODI4LnRlc3QwC4IJdDgy +-OS50ZXN0MAuCCXQ4MzAudGVzdDALggl0ODMxLnRlc3QwC4IJdDgzMi50ZXN0MAuC +-CXQ4MzMudGVzdDALggl0ODM0LnRlc3QwC4IJdDgzNS50ZXN0MAuCCXQ4MzYudGVz +-dDALggl0ODM3LnRlc3QwC4IJdDgzOC50ZXN0MAuCCXQ4MzkudGVzdDALggl0ODQw +-LnRlc3QwC4IJdDg0MS50ZXN0MAuCCXQ4NDIudGVzdDALggl0ODQzLnRlc3QwC4IJ +-dDg0NC50ZXN0MAuCCXQ4NDUudGVzdDALggl0ODQ2LnRlc3QwC4IJdDg0Ny50ZXN0 +-MAuCCXQ4NDgudGVzdDALggl0ODQ5LnRlc3QwC4IJdDg1MC50ZXN0MAuCCXQ4NTEu +-dGVzdDALggl0ODUyLnRlc3QwC4IJdDg1My50ZXN0MAuCCXQ4NTQudGVzdDALggl0 +-ODU1LnRlc3QwC4IJdDg1Ni50ZXN0MAuCCXQ4NTcudGVzdDALggl0ODU4LnRlc3Qw +-C4IJdDg1OS50ZXN0MAuCCXQ4NjAudGVzdDALggl0ODYxLnRlc3QwC4IJdDg2Mi50 +-ZXN0MAuCCXQ4NjMudGVzdDALggl0ODY0LnRlc3QwC4IJdDg2NS50ZXN0MAuCCXQ4 +-NjYudGVzdDALggl0ODY3LnRlc3QwC4IJdDg2OC50ZXN0MAuCCXQ4NjkudGVzdDAL +-ggl0ODcwLnRlc3QwC4IJdDg3MS50ZXN0MAuCCXQ4NzIudGVzdDALggl0ODczLnRl +-c3QwC4IJdDg3NC50ZXN0MAuCCXQ4NzUudGVzdDALggl0ODc2LnRlc3QwC4IJdDg3 +-Ny50ZXN0MAuCCXQ4NzgudGVzdDALggl0ODc5LnRlc3QwC4IJdDg4MC50ZXN0MAuC +-CXQ4ODEudGVzdDALggl0ODgyLnRlc3QwC4IJdDg4My50ZXN0MAuCCXQ4ODQudGVz +-dDALggl0ODg1LnRlc3QwC4IJdDg4Ni50ZXN0MAuCCXQ4ODcudGVzdDALggl0ODg4 +-LnRlc3QwC4IJdDg4OS50ZXN0MAuCCXQ4OTAudGVzdDALggl0ODkxLnRlc3QwC4IJ +-dDg5Mi50ZXN0MAuCCXQ4OTMudGVzdDALggl0ODk0LnRlc3QwC4IJdDg5NS50ZXN0 +-MAuCCXQ4OTYudGVzdDALggl0ODk3LnRlc3QwC4IJdDg5OC50ZXN0MAuCCXQ4OTku +-dGVzdDALggl0OTAwLnRlc3QwC4IJdDkwMS50ZXN0MAuCCXQ5MDIudGVzdDALggl0 +-OTAzLnRlc3QwC4IJdDkwNC50ZXN0MAuCCXQ5MDUudGVzdDALggl0OTA2LnRlc3Qw +-C4IJdDkwNy50ZXN0MAuCCXQ5MDgudGVzdDALggl0OTA5LnRlc3QwC4IJdDkxMC50 +-ZXN0MAuCCXQ5MTEudGVzdDALggl0OTEyLnRlc3QwC4IJdDkxMy50ZXN0MAuCCXQ5 +-MTQudGVzdDALggl0OTE1LnRlc3QwC4IJdDkxNi50ZXN0MAuCCXQ5MTcudGVzdDAL +-ggl0OTE4LnRlc3QwC4IJdDkxOS50ZXN0MAuCCXQ5MjAudGVzdDALggl0OTIxLnRl +-c3QwC4IJdDkyMi50ZXN0MAuCCXQ5MjMudGVzdDALggl0OTI0LnRlc3QwC4IJdDky +-NS50ZXN0MAuCCXQ5MjYudGVzdDALggl0OTI3LnRlc3QwC4IJdDkyOC50ZXN0MAuC +-CXQ5MjkudGVzdDALggl0OTMwLnRlc3QwC4IJdDkzMS50ZXN0MAuCCXQ5MzIudGVz +-dDALggl0OTMzLnRlc3QwC4IJdDkzNC50ZXN0MAuCCXQ5MzUudGVzdDALggl0OTM2 +-LnRlc3QwC4IJdDkzNy50ZXN0MAuCCXQ5MzgudGVzdDALggl0OTM5LnRlc3QwC4IJ +-dDk0MC50ZXN0MAuCCXQ5NDEudGVzdDALggl0OTQyLnRlc3QwC4IJdDk0My50ZXN0 +-MAuCCXQ5NDQudGVzdDALggl0OTQ1LnRlc3QwC4IJdDk0Ni50ZXN0MAuCCXQ5NDcu +-dGVzdDALggl0OTQ4LnRlc3QwC4IJdDk0OS50ZXN0MAuCCXQ5NTAudGVzdDALggl0 +-OTUxLnRlc3QwC4IJdDk1Mi50ZXN0MAuCCXQ5NTMudGVzdDALggl0OTU0LnRlc3Qw +-C4IJdDk1NS50ZXN0MAuCCXQ5NTYudGVzdDALggl0OTU3LnRlc3QwC4IJdDk1OC50 +-ZXN0MAuCCXQ5NTkudGVzdDALggl0OTYwLnRlc3QwC4IJdDk2MS50ZXN0MAuCCXQ5 +-NjIudGVzdDALggl0OTYzLnRlc3QwC4IJdDk2NC50ZXN0MAuCCXQ5NjUudGVzdDAL +-ggl0OTY2LnRlc3QwC4IJdDk2Ny50ZXN0MAuCCXQ5NjgudGVzdDALggl0OTY5LnRl +-c3QwC4IJdDk3MC50ZXN0MAuCCXQ5NzEudGVzdDALggl0OTcyLnRlc3QwC4IJdDk3 +-My50ZXN0MAuCCXQ5NzQudGVzdDALggl0OTc1LnRlc3QwC4IJdDk3Ni50ZXN0MAuC +-CXQ5NzcudGVzdDALggl0OTc4LnRlc3QwC4IJdDk3OS50ZXN0MAuCCXQ5ODAudGVz +-dDALggl0OTgxLnRlc3QwC4IJdDk4Mi50ZXN0MAuCCXQ5ODMudGVzdDALggl0OTg0 +-LnRlc3QwC4IJdDk4NS50ZXN0MAuCCXQ5ODYudGVzdDALggl0OTg3LnRlc3QwC4IJ +-dDk4OC50ZXN0MAuCCXQ5ODkudGVzdDALggl0OTkwLnRlc3QwC4IJdDk5MS50ZXN0 +-MAuCCXQ5OTIudGVzdDALggl0OTkzLnRlc3QwC4IJdDk5NC50ZXN0MAuCCXQ5OTUu +-dGVzdDALggl0OTk2LnRlc3QwC4IJdDk5Ny50ZXN0MAuCCXQ5OTgudGVzdDALggl0 +-OTk5LnRlc3QwDIIKdDEwMDAudGVzdDAMggp0MTAwMS50ZXN0MAyCCnQxMDAyLnRl +-c3QwDIIKdDEwMDMudGVzdDAMggp0MTAwNC50ZXN0MAyCCnQxMDA1LnRlc3QwDIIK +-dDEwMDYudGVzdDAMggp0MTAwNy50ZXN0MAyCCnQxMDA4LnRlc3QwDIIKdDEwMDku +-dGVzdDAMggp0MTAxMC50ZXN0MAyCCnQxMDExLnRlc3QwDIIKdDEwMTIudGVzdDAM +-ggp0MTAxMy50ZXN0MAyCCnQxMDE0LnRlc3QwDIIKdDEwMTUudGVzdDAMggp0MTAx +-Ni50ZXN0MAyCCnQxMDE3LnRlc3QwDIIKdDEwMTgudGVzdDAMggp0MTAxOS50ZXN0 +-MAyCCnQxMDIwLnRlc3QwDIIKdDEwMjEudGVzdDAMggp0MTAyMi50ZXN0MAyCCnQx +-MDIzLnRlc3QwDIIKdDEwMjQudGVzdDAKhwgKAAAA/////zAKhwgKAAAB/////zAK +-hwgKAAAC/////zAKhwgKAAAD/////zAKhwgKAAAE/////zAKhwgKAAAF/////zAK +-hwgKAAAG/////zAKhwgKAAAH/////zAKhwgKAAAI/////zAKhwgKAAAJ/////zAK +-hwgKAAAK/////zAKhwgKAAAL/////zAKhwgKAAAM/////zAKhwgKAAAN/////zAK +-hwgKAAAO/////zAKhwgKAAAP/////zAKhwgKAAAQ/////zAKhwgKAAAR/////zAK +-hwgKAAAS/////zAKhwgKAAAT/////zAKhwgKAAAU/////zAKhwgKAAAV/////zAK +-hwgKAAAW/////zAKhwgKAAAX/////zAKhwgKAAAY/////zAKhwgKAAAZ/////zAK +-hwgKAAAa/////zAKhwgKAAAb/////zAKhwgKAAAc/////zAKhwgKAAAd/////zAK +-hwgKAAAe/////zAKhwgKAAAf/////zAKhwgKAAAg/////zAKhwgKAAAh/////zAK +-hwgKAAAi/////zAKhwgKAAAj/////zAKhwgKAAAk/////zAKhwgKAAAl/////zAK +-hwgKAAAm/////zAKhwgKAAAn/////zAKhwgKAAAo/////zAKhwgKAAAp/////zAK +-hwgKAAAq/////zAKhwgKAAAr/////zAKhwgKAAAs/////zAKhwgKAAAt/////zAK +-hwgKAAAu/////zAKhwgKAAAv/////zAKhwgKAAAw/////zAKhwgKAAAx/////zAK +-hwgKAAAy/////zAKhwgKAAAz/////zAKhwgKAAA0/////zAKhwgKAAA1/////zAK +-hwgKAAA2/////zAKhwgKAAA3/////zAKhwgKAAA4/////zAKhwgKAAA5/////zAK +-hwgKAAA6/////zAKhwgKAAA7/////zAKhwgKAAA8/////zAKhwgKAAA9/////zAK +-hwgKAAA+/////zAKhwgKAAA//////zAKhwgKAABA/////zAKhwgKAABB/////zAK +-hwgKAABC/////zAKhwgKAABD/////zAKhwgKAABE/////zAKhwgKAABF/////zAK +-hwgKAABG/////zAKhwgKAABH/////zAKhwgKAABI/////zAKhwgKAABJ/////zAK +-hwgKAABK/////zAKhwgKAABL/////zAKhwgKAABM/////zAKhwgKAABN/////zAK +-hwgKAABO/////zAKhwgKAABP/////zAKhwgKAABQ/////zAKhwgKAABR/////zAK +-hwgKAABS/////zAKhwgKAABT/////zAKhwgKAABU/////zAKhwgKAABV/////zAK +-hwgKAABW/////zAKhwgKAABX/////zAKhwgKAABY/////zAKhwgKAABZ/////zAK +-hwgKAABa/////zAKhwgKAABb/////zAKhwgKAABc/////zAKhwgKAABd/////zAK +-hwgKAABe/////zAKhwgKAABf/////zAKhwgKAABg/////zAKhwgKAABh/////zAK +-hwgKAABi/////zAKhwgKAABj/////zAKhwgKAABk/////zAKhwgKAABl/////zAK +-hwgKAABm/////zAKhwgKAABn/////zAKhwgKAABo/////zAKhwgKAABp/////zAK +-hwgKAABq/////zAKhwgKAABr/////zAKhwgKAABs/////zAKhwgKAABt/////zAK +-hwgKAABu/////zAKhwgKAABv/////zAKhwgKAABw/////zAKhwgKAABx/////zAK +-hwgKAABy/////zAKhwgKAABz/////zAKhwgKAAB0/////zAKhwgKAAB1/////zAK +-hwgKAAB2/////zAKhwgKAAB3/////zAKhwgKAAB4/////zAKhwgKAAB5/////zAK +-hwgKAAB6/////zAKhwgKAAB7/////zAKhwgKAAB8/////zAKhwgKAAB9/////zAK +-hwgKAAB+/////zAKhwgKAAB//////zAKhwgKAACA/////zAKhwgKAACB/////zAK +-hwgKAACC/////zAKhwgKAACD/////zAKhwgKAACE/////zAKhwgKAACF/////zAK +-hwgKAACG/////zAKhwgKAACH/////zAKhwgKAACI/////zAKhwgKAACJ/////zAK +-hwgKAACK/////zAKhwgKAACL/////zAKhwgKAACM/////zAKhwgKAACN/////zAK +-hwgKAACO/////zAKhwgKAACP/////zAKhwgKAACQ/////zAKhwgKAACR/////zAK +-hwgKAACS/////zAKhwgKAACT/////zAKhwgKAACU/////zAKhwgKAACV/////zAK +-hwgKAACW/////zAKhwgKAACX/////zAKhwgKAACY/////zAKhwgKAACZ/////zAK +-hwgKAACa/////zAKhwgKAACb/////zAKhwgKAACc/////zAKhwgKAACd/////zAK +-hwgKAACe/////zAKhwgKAACf/////zAKhwgKAACg/////zAKhwgKAACh/////zAK +-hwgKAACi/////zAKhwgKAACj/////zAKhwgKAACk/////zAKhwgKAACl/////zAK +-hwgKAACm/////zAKhwgKAACn/////zAKhwgKAACo/////zAKhwgKAACp/////zAK +-hwgKAACq/////zAKhwgKAACr/////zAKhwgKAACs/////zAKhwgKAACt/////zAK +-hwgKAACu/////zAKhwgKAACv/////zAKhwgKAACw/////zAKhwgKAACx/////zAK +-hwgKAACy/////zAKhwgKAACz/////zAKhwgKAAC0/////zAKhwgKAAC1/////zAK +-hwgKAAC2/////zAKhwgKAAC3/////zAKhwgKAAC4/////zAKhwgKAAC5/////zAK +-hwgKAAC6/////zAKhwgKAAC7/////zAKhwgKAAC8/////zAKhwgKAAC9/////zAK +-hwgKAAC+/////zAKhwgKAAC//////zAKhwgKAADA/////zAKhwgKAADB/////zAK +-hwgKAADC/////zAKhwgKAADD/////zAKhwgKAADE/////zAKhwgKAADF/////zAK +-hwgKAADG/////zAKhwgKAADH/////zAKhwgKAADI/////zAKhwgKAADJ/////zAK +-hwgKAADK/////zAKhwgKAADL/////zAKhwgKAADM/////zAKhwgKAADN/////zAK +-hwgKAADO/////zAKhwgKAADP/////zAKhwgKAADQ/////zAKhwgKAADR/////zAK +-hwgKAADS/////zAKhwgKAADT/////zAKhwgKAADU/////zAKhwgKAADV/////zAK +-hwgKAADW/////zAKhwgKAADX/////zAKhwgKAADY/////zAKhwgKAADZ/////zAK +-hwgKAADa/////zAKhwgKAADb/////zAKhwgKAADc/////zAKhwgKAADd/////zAK +-hwgKAADe/////zAKhwgKAADf/////zAKhwgKAADg/////zAKhwgKAADh/////zAK +-hwgKAADi/////zAKhwgKAADj/////zAKhwgKAADk/////zAKhwgKAADl/////zAK +-hwgKAADm/////zAKhwgKAADn/////zAKhwgKAADo/////zAKhwgKAADp/////zAK +-hwgKAADq/////zAKhwgKAADr/////zAKhwgKAADs/////zAKhwgKAADt/////zAK +-hwgKAADu/////zAKhwgKAADv/////zAKhwgKAADw/////zAKhwgKAADx/////zAK +-hwgKAADy/////zAKhwgKAADz/////zAKhwgKAAD0/////zAKhwgKAAD1/////zAK +-hwgKAAD2/////zAKhwgKAAD3/////zAKhwgKAAD4/////zAKhwgKAAD5/////zAK +-hwgKAAD6/////zAKhwgKAAD7/////zAKhwgKAAD8/////zAKhwgKAAD9/////zAK +-hwgKAAD+/////zAKhwgKAAD//////zAKhwgKAAEA/////zAKhwgKAAEB/////zAK +-hwgKAAEC/////zAKhwgKAAED/////zAKhwgKAAEE/////zAKhwgKAAEF/////zAK +-hwgKAAEG/////zAKhwgKAAEH/////zAKhwgKAAEI/////zAKhwgKAAEJ/////zAK +-hwgKAAEK/////zAKhwgKAAEL/////zAKhwgKAAEM/////zAKhwgKAAEN/////zAK +-hwgKAAEO/////zAKhwgKAAEP/////zAKhwgKAAEQ/////zAKhwgKAAER/////zAK +-hwgKAAES/////zAKhwgKAAET/////zAKhwgKAAEU/////zAKhwgKAAEV/////zAK +-hwgKAAEW/////zAKhwgKAAEX/////zAKhwgKAAEY/////zAKhwgKAAEZ/////zAK +-hwgKAAEa/////zAKhwgKAAEb/////zAKhwgKAAEc/////zAKhwgKAAEd/////zAK +-hwgKAAEe/////zAKhwgKAAEf/////zAKhwgKAAEg/////zAKhwgKAAEh/////zAK +-hwgKAAEi/////zAKhwgKAAEj/////zAKhwgKAAEk/////zAKhwgKAAEl/////zAK +-hwgKAAEm/////zAKhwgKAAEn/////zAKhwgKAAEo/////zAKhwgKAAEp/////zAK +-hwgKAAEq/////zAKhwgKAAEr/////zAKhwgKAAEs/////zAKhwgKAAEt/////zAK +-hwgKAAEu/////zAKhwgKAAEv/////zAKhwgKAAEw/////zAKhwgKAAEx/////zAK +-hwgKAAEy/////zAKhwgKAAEz/////zAKhwgKAAE0/////zAKhwgKAAE1/////zAK +-hwgKAAE2/////zAKhwgKAAE3/////zAKhwgKAAE4/////zAKhwgKAAE5/////zAK +-hwgKAAE6/////zAKhwgKAAE7/////zAKhwgKAAE8/////zAKhwgKAAE9/////zAK +-hwgKAAE+/////zAKhwgKAAE//////zAKhwgKAAFA/////zAKhwgKAAFB/////zAK +-hwgKAAFC/////zAKhwgKAAFD/////zAKhwgKAAFE/////zAKhwgKAAFF/////zAK +-hwgKAAFG/////zAKhwgKAAFH/////zAKhwgKAAFI/////zAKhwgKAAFJ/////zAK +-hwgKAAFK/////zAKhwgKAAFL/////zAKhwgKAAFM/////zAKhwgKAAFN/////zAK +-hwgKAAFO/////zAKhwgKAAFP/////zAKhwgKAAFQ/////zAKhwgKAAFR/////zAK +-hwgKAAFS/////zAKhwgKAAFT/////zAKhwgKAAFU/////zAKhwgKAAFV/////zAK +-hwgKAAFW/////zAKhwgKAAFX/////zAKhwgKAAFY/////zAKhwgKAAFZ/////zAK +-hwgKAAFa/////zAKhwgKAAFb/////zAKhwgKAAFc/////zAKhwgKAAFd/////zAK +-hwgKAAFe/////zAKhwgKAAFf/////zAKhwgKAAFg/////zAKhwgKAAFh/////zAK +-hwgKAAFi/////zAKhwgKAAFj/////zAKhwgKAAFk/////zAKhwgKAAFl/////zAK +-hwgKAAFm/////zAKhwgKAAFn/////zAKhwgKAAFo/////zAKhwgKAAFp/////zAK +-hwgKAAFq/////zAKhwgKAAFr/////zAKhwgKAAFs/////zAKhwgKAAFt/////zAK +-hwgKAAFu/////zAKhwgKAAFv/////zAKhwgKAAFw/////zAKhwgKAAFx/////zAK +-hwgKAAFy/////zAKhwgKAAFz/////zAKhwgKAAF0/////zAKhwgKAAF1/////zAK +-hwgKAAF2/////zAKhwgKAAF3/////zAKhwgKAAF4/////zAKhwgKAAF5/////zAK +-hwgKAAF6/////zAKhwgKAAF7/////zAKhwgKAAF8/////zAKhwgKAAF9/////zAK +-hwgKAAF+/////zAKhwgKAAF//////zAKhwgKAAGA/////zAKhwgKAAGB/////zAK +-hwgKAAGC/////zAKhwgKAAGD/////zAKhwgKAAGE/////zAKhwgKAAGF/////zAK +-hwgKAAGG/////zAKhwgKAAGH/////zAKhwgKAAGI/////zAKhwgKAAGJ/////zAK +-hwgKAAGK/////zAKhwgKAAGL/////zAKhwgKAAGM/////zAKhwgKAAGN/////zAK +-hwgKAAGO/////zAKhwgKAAGP/////zAKhwgKAAGQ/////zAKhwgKAAGR/////zAK +-hwgKAAGS/////zAKhwgKAAGT/////zAKhwgKAAGU/////zAKhwgKAAGV/////zAK +-hwgKAAGW/////zAKhwgKAAGX/////zAKhwgKAAGY/////zAKhwgKAAGZ/////zAK +-hwgKAAGa/////zAKhwgKAAGb/////zAKhwgKAAGc/////zAKhwgKAAGd/////zAK +-hwgKAAGe/////zAKhwgKAAGf/////zAKhwgKAAGg/////zAKhwgKAAGh/////zAK +-hwgKAAGi/////zAKhwgKAAGj/////zAKhwgKAAGk/////zAKhwgKAAGl/////zAK +-hwgKAAGm/////zAKhwgKAAGn/////zAKhwgKAAGo/////zAKhwgKAAGp/////zAK +-hwgKAAGq/////zAKhwgKAAGr/////zAKhwgKAAGs/////zAKhwgKAAGt/////zAK +-hwgKAAGu/////zAKhwgKAAGv/////zAKhwgKAAGw/////zAKhwgKAAGx/////zAK +-hwgKAAGy/////zAKhwgKAAGz/////zAKhwgKAAG0/////zAKhwgKAAG1/////zAK +-hwgKAAG2/////zAKhwgKAAG3/////zAKhwgKAAG4/////zAKhwgKAAG5/////zAK +-hwgKAAG6/////zAKhwgKAAG7/////zAKhwgKAAG8/////zAKhwgKAAG9/////zAK +-hwgKAAG+/////zAKhwgKAAG//////zAKhwgKAAHA/////zAKhwgKAAHB/////zAK +-hwgKAAHC/////zAKhwgKAAHD/////zAKhwgKAAHE/////zAKhwgKAAHF/////zAK +-hwgKAAHG/////zAKhwgKAAHH/////zAKhwgKAAHI/////zAKhwgKAAHJ/////zAK +-hwgKAAHK/////zAKhwgKAAHL/////zAKhwgKAAHM/////zAKhwgKAAHN/////zAK +-hwgKAAHO/////zAKhwgKAAHP/////zAKhwgKAAHQ/////zAKhwgKAAHR/////zAK +-hwgKAAHS/////zAKhwgKAAHT/////zAKhwgKAAHU/////zAKhwgKAAHV/////zAK +-hwgKAAHW/////zAKhwgKAAHX/////zAKhwgKAAHY/////zAKhwgKAAHZ/////zAK +-hwgKAAHa/////zAKhwgKAAHb/////zAKhwgKAAHc/////zAKhwgKAAHd/////zAK +-hwgKAAHe/////zAKhwgKAAHf/////zAKhwgKAAHg/////zAKhwgKAAHh/////zAK +-hwgKAAHi/////zAKhwgKAAHj/////zAKhwgKAAHk/////zAKhwgKAAHl/////zAK +-hwgKAAHm/////zAKhwgKAAHn/////zAKhwgKAAHo/////zAKhwgKAAHp/////zAK +-hwgKAAHq/////zAKhwgKAAHr/////zAKhwgKAAHs/////zAKhwgKAAHt/////zAK +-hwgKAAHu/////zAKhwgKAAHv/////zAKhwgKAAHw/////zAKhwgKAAHx/////zAK +-hwgKAAHy/////zAKhwgKAAHz/////zAKhwgKAAH0/////zAKhwgKAAH1/////zAK +-hwgKAAH2/////zAKhwgKAAH3/////zAKhwgKAAH4/////zAKhwgKAAH5/////zAK +-hwgKAAH6/////zAKhwgKAAH7/////zAKhwgKAAH8/////zAKhwgKAAH9/////zAK +-hwgKAAH+/////zAKhwgKAAH//////zAKhwgKAAIA/////zAKhwgKAAIB/////zAK +-hwgKAAIC/////zAKhwgKAAID/////zAKhwgKAAIE/////zAKhwgKAAIF/////zAK +-hwgKAAIG/////zAKhwgKAAIH/////zAKhwgKAAII/////zAKhwgKAAIJ/////zAK +-hwgKAAIK/////zAKhwgKAAIL/////zAKhwgKAAIM/////zAKhwgKAAIN/////zAK +-hwgKAAIO/////zAKhwgKAAIP/////zAKhwgKAAIQ/////zAKhwgKAAIR/////zAK +-hwgKAAIS/////zAKhwgKAAIT/////zAKhwgKAAIU/////zAKhwgKAAIV/////zAK +-hwgKAAIW/////zAKhwgKAAIX/////zAKhwgKAAIY/////zAKhwgKAAIZ/////zAK +-hwgKAAIa/////zAKhwgKAAIb/////zAKhwgKAAIc/////zAKhwgKAAId/////zAK +-hwgKAAIe/////zAKhwgKAAIf/////zAKhwgKAAIg/////zAKhwgKAAIh/////zAK +-hwgKAAIi/////zAKhwgKAAIj/////zAKhwgKAAIk/////zAKhwgKAAIl/////zAK +-hwgKAAIm/////zAKhwgKAAIn/////zAKhwgKAAIo/////zAKhwgKAAIp/////zAK +-hwgKAAIq/////zAKhwgKAAIr/////zAKhwgKAAIs/////zAKhwgKAAIt/////zAK +-hwgKAAIu/////zAKhwgKAAIv/////zAKhwgKAAIw/////zAKhwgKAAIx/////zAK +-hwgKAAIy/////zAKhwgKAAIz/////zAKhwgKAAI0/////zAKhwgKAAI1/////zAK +-hwgKAAI2/////zAKhwgKAAI3/////zAKhwgKAAI4/////zAKhwgKAAI5/////zAK +-hwgKAAI6/////zAKhwgKAAI7/////zAKhwgKAAI8/////zAKhwgKAAI9/////zAK +-hwgKAAI+/////zAKhwgKAAI//////zAKhwgKAAJA/////zAKhwgKAAJB/////zAK +-hwgKAAJC/////zAKhwgKAAJD/////zAKhwgKAAJE/////zAKhwgKAAJF/////zAK +-hwgKAAJG/////zAKhwgKAAJH/////zAKhwgKAAJI/////zAKhwgKAAJJ/////zAK +-hwgKAAJK/////zAKhwgKAAJL/////zAKhwgKAAJM/////zAKhwgKAAJN/////zAK +-hwgKAAJO/////zAKhwgKAAJP/////zAKhwgKAAJQ/////zAKhwgKAAJR/////zAK +-hwgKAAJS/////zAKhwgKAAJT/////zAKhwgKAAJU/////zAKhwgKAAJV/////zAK +-hwgKAAJW/////zAKhwgKAAJX/////zAKhwgKAAJY/////zAKhwgKAAJZ/////zAK +-hwgKAAJa/////zAKhwgKAAJb/////zAKhwgKAAJc/////zAKhwgKAAJd/////zAK +-hwgKAAJe/////zAKhwgKAAJf/////zAKhwgKAAJg/////zAKhwgKAAJh/////zAK +-hwgKAAJi/////zAKhwgKAAJj/////zAKhwgKAAJk/////zAKhwgKAAJl/////zAK +-hwgKAAJm/////zAKhwgKAAJn/////zAKhwgKAAJo/////zAKhwgKAAJp/////zAK +-hwgKAAJq/////zAKhwgKAAJr/////zAKhwgKAAJs/////zAKhwgKAAJt/////zAK +-hwgKAAJu/////zAKhwgKAAJv/////zAKhwgKAAJw/////zAKhwgKAAJx/////zAK +-hwgKAAJy/////zAKhwgKAAJz/////zAKhwgKAAJ0/////zAKhwgKAAJ1/////zAK +-hwgKAAJ2/////zAKhwgKAAJ3/////zAKhwgKAAJ4/////zAKhwgKAAJ5/////zAK +-hwgKAAJ6/////zAKhwgKAAJ7/////zAKhwgKAAJ8/////zAKhwgKAAJ9/////zAK +-hwgKAAJ+/////zAKhwgKAAJ//////zAKhwgKAAKA/////zAKhwgKAAKB/////zAK +-hwgKAAKC/////zAKhwgKAAKD/////zAKhwgKAAKE/////zAKhwgKAAKF/////zAK +-hwgKAAKG/////zAKhwgKAAKH/////zAKhwgKAAKI/////zAKhwgKAAKJ/////zAK +-hwgKAAKK/////zAKhwgKAAKL/////zAKhwgKAAKM/////zAKhwgKAAKN/////zAK +-hwgKAAKO/////zAKhwgKAAKP/////zAKhwgKAAKQ/////zAKhwgKAAKR/////zAK +-hwgKAAKS/////zAKhwgKAAKT/////zAKhwgKAAKU/////zAKhwgKAAKV/////zAK +-hwgKAAKW/////zAKhwgKAAKX/////zAKhwgKAAKY/////zAKhwgKAAKZ/////zAK +-hwgKAAKa/////zAKhwgKAAKb/////zAKhwgKAAKc/////zAKhwgKAAKd/////zAK +-hwgKAAKe/////zAKhwgKAAKf/////zAKhwgKAAKg/////zAKhwgKAAKh/////zAK +-hwgKAAKi/////zAKhwgKAAKj/////zAKhwgKAAKk/////zAKhwgKAAKl/////zAK +-hwgKAAKm/////zAKhwgKAAKn/////zAKhwgKAAKo/////zAKhwgKAAKp/////zAK +-hwgKAAKq/////zAKhwgKAAKr/////zAKhwgKAAKs/////zAKhwgKAAKt/////zAK +-hwgKAAKu/////zAKhwgKAAKv/////zAKhwgKAAKw/////zAKhwgKAAKx/////zAK +-hwgKAAKy/////zAKhwgKAAKz/////zAKhwgKAAK0/////zAKhwgKAAK1/////zAK +-hwgKAAK2/////zAKhwgKAAK3/////zAKhwgKAAK4/////zAKhwgKAAK5/////zAK +-hwgKAAK6/////zAKhwgKAAK7/////zAKhwgKAAK8/////zAKhwgKAAK9/////zAK +-hwgKAAK+/////zAKhwgKAAK//////zAKhwgKAALA/////zAKhwgKAALB/////zAK +-hwgKAALC/////zAKhwgKAALD/////zAKhwgKAALE/////zAKhwgKAALF/////zAK +-hwgKAALG/////zAKhwgKAALH/////zAKhwgKAALI/////zAKhwgKAALJ/////zAK +-hwgKAALK/////zAKhwgKAALL/////zAKhwgKAALM/////zAKhwgKAALN/////zAK +-hwgKAALO/////zAKhwgKAALP/////zAKhwgKAALQ/////zAKhwgKAALR/////zAK +-hwgKAALS/////zAKhwgKAALT/////zAKhwgKAALU/////zAKhwgKAALV/////zAK +-hwgKAALW/////zAKhwgKAALX/////zAKhwgKAALY/////zAKhwgKAALZ/////zAK +-hwgKAALa/////zAKhwgKAALb/////zAKhwgKAALc/////zAKhwgKAALd/////zAK +-hwgKAALe/////zAKhwgKAALf/////zAKhwgKAALg/////zAKhwgKAALh/////zAK +-hwgKAALi/////zAKhwgKAALj/////zAKhwgKAALk/////zAKhwgKAALl/////zAK +-hwgKAALm/////zAKhwgKAALn/////zAKhwgKAALo/////zAKhwgKAALp/////zAK +-hwgKAALq/////zAKhwgKAALr/////zAKhwgKAALs/////zAKhwgKAALt/////zAK +-hwgKAALu/////zAKhwgKAALv/////zAKhwgKAALw/////zAKhwgKAALx/////zAK +-hwgKAALy/////zAKhwgKAALz/////zAKhwgKAAL0/////zAKhwgKAAL1/////zAK +-hwgKAAL2/////zAKhwgKAAL3/////zAKhwgKAAL4/////zAKhwgKAAL5/////zAK +-hwgKAAL6/////zAKhwgKAAL7/////zAKhwgKAAL8/////zAKhwgKAAL9/////zAK +-hwgKAAL+/////zAKhwgKAAL//////zAKhwgKAAMA/////zAKhwgKAAMB/////zAK +-hwgKAAMC/////zAKhwgKAAMD/////zAKhwgKAAME/////zAKhwgKAAMF/////zAK +-hwgKAAMG/////zAKhwgKAAMH/////zAKhwgKAAMI/////zAKhwgKAAMJ/////zAK +-hwgKAAMK/////zAKhwgKAAML/////zAKhwgKAAMM/////zAKhwgKAAMN/////zAK +-hwgKAAMO/////zAKhwgKAAMP/////zAKhwgKAAMQ/////zAKhwgKAAMR/////zAK +-hwgKAAMS/////zAKhwgKAAMT/////zAKhwgKAAMU/////zAKhwgKAAMV/////zAK +-hwgKAAMW/////zAKhwgKAAMX/////zAKhwgKAAMY/////zAKhwgKAAMZ/////zAK +-hwgKAAMa/////zAKhwgKAAMb/////zAKhwgKAAMc/////zAKhwgKAAMd/////zAK +-hwgKAAMe/////zAKhwgKAAMf/////zAKhwgKAAMg/////zAKhwgKAAMh/////zAK +-hwgKAAMi/////zAKhwgKAAMj/////zAKhwgKAAMk/////zAKhwgKAAMl/////zAK +-hwgKAAMm/////zAKhwgKAAMn/////zAKhwgKAAMo/////zAKhwgKAAMp/////zAK +-hwgKAAMq/////zAKhwgKAAMr/////zAKhwgKAAMs/////zAKhwgKAAMt/////zAK +-hwgKAAMu/////zAKhwgKAAMv/////zAKhwgKAAMw/////zAKhwgKAAMx/////zAK +-hwgKAAMy/////zAKhwgKAAMz/////zAKhwgKAAM0/////zAKhwgKAAM1/////zAK +-hwgKAAM2/////zAKhwgKAAM3/////zAKhwgKAAM4/////zAKhwgKAAM5/////zAK +-hwgKAAM6/////zAKhwgKAAM7/////zAKhwgKAAM8/////zAKhwgKAAM9/////zAK +-hwgKAAM+/////zAKhwgKAAM//////zAKhwgKAANA/////zAKhwgKAANB/////zAK +-hwgKAANC/////zAKhwgKAAND/////zAKhwgKAANE/////zAKhwgKAANF/////zAK +-hwgKAANG/////zAKhwgKAANH/////zAKhwgKAANI/////zAKhwgKAANJ/////zAK +-hwgKAANK/////zAKhwgKAANL/////zAKhwgKAANM/////zAKhwgKAANN/////zAK +-hwgKAANO/////zAKhwgKAANP/////zAKhwgKAANQ/////zAKhwgKAANR/////zAK +-hwgKAANS/////zAKhwgKAANT/////zAKhwgKAANU/////zAKhwgKAANV/////zAK +-hwgKAANW/////zAKhwgKAANX/////zAKhwgKAANY/////zAKhwgKAANZ/////zAK +-hwgKAANa/////zAKhwgKAANb/////zAKhwgKAANc/////zAKhwgKAANd/////zAK +-hwgKAANe/////zAKhwgKAANf/////zAKhwgKAANg/////zAKhwgKAANh/////zAK +-hwgKAANi/////zAKhwgKAANj/////zAKhwgKAANk/////zAKhwgKAANl/////zAK +-hwgKAANm/////zAKhwgKAANn/////zAKhwgKAANo/////zAKhwgKAANp/////zAK +-hwgKAANq/////zAKhwgKAANr/////zAKhwgKAANs/////zAKhwgKAANt/////zAK +-hwgKAANu/////zAKhwgKAANv/////zAKhwgKAANw/////zAKhwgKAANx/////zAK +-hwgKAANy/////zAKhwgKAANz/////zAKhwgKAAN0/////zAKhwgKAAN1/////zAK +-hwgKAAN2/////zAKhwgKAAN3/////zAKhwgKAAN4/////zAKhwgKAAN5/////zAK +-hwgKAAN6/////zAKhwgKAAN7/////zAKhwgKAAN8/////zAKhwgKAAN9/////zAK +-hwgKAAN+/////zAKhwgKAAN//////zAKhwgKAAOA/////zAKhwgKAAOB/////zAK +-hwgKAAOC/////zAKhwgKAAOD/////zAKhwgKAAOE/////zAKhwgKAAOF/////zAK +-hwgKAAOG/////zAKhwgKAAOH/////zAKhwgKAAOI/////zAKhwgKAAOJ/////zAK +-hwgKAAOK/////zAKhwgKAAOL/////zAKhwgKAAOM/////zAKhwgKAAON/////zAK +-hwgKAAOO/////zAKhwgKAAOP/////zAKhwgKAAOQ/////zAKhwgKAAOR/////zAK +-hwgKAAOS/////zAKhwgKAAOT/////zAKhwgKAAOU/////zAKhwgKAAOV/////zAK +-hwgKAAOW/////zAKhwgKAAOX/////zAKhwgKAAOY/////zAKhwgKAAOZ/////zAK +-hwgKAAOa/////zAKhwgKAAOb/////zAKhwgKAAOc/////zAKhwgKAAOd/////zAK +-hwgKAAOe/////zAKhwgKAAOf/////zAKhwgKAAOg/////zAKhwgKAAOh/////zAK +-hwgKAAOi/////zAKhwgKAAOj/////zAKhwgKAAOk/////zAKhwgKAAOl/////zAK +-hwgKAAOm/////zAKhwgKAAOn/////zAKhwgKAAOo/////zAKhwgKAAOp/////zAK +-hwgKAAOq/////zAKhwgKAAOr/////zAKhwgKAAOs/////zAKhwgKAAOt/////zAK +-hwgKAAOu/////zAKhwgKAAOv/////zAKhwgKAAOw/////zAKhwgKAAOx/////zAK +-hwgKAAOy/////zAKhwgKAAOz/////zAKhwgKAAO0/////zAKhwgKAAO1/////zAK +-hwgKAAO2/////zAKhwgKAAO3/////zAKhwgKAAO4/////zAKhwgKAAO5/////zAK +-hwgKAAO6/////zAKhwgKAAO7/////zAKhwgKAAO8/////zAKhwgKAAO9/////zAK +-hwgKAAO+/////zAKhwgKAAO//////zAKhwgKAAPA/////zAKhwgKAAPB/////zAK +-hwgKAAPC/////zAKhwgKAAPD/////zAKhwgKAAPE/////zAKhwgKAAPF/////zAK +-hwgKAAPG/////zAKhwgKAAPH/////zAKhwgKAAPI/////zAKhwgKAAPJ/////zAK +-hwgKAAPK/////zAKhwgKAAPL/////zAKhwgKAAPM/////zAKhwgKAAPN/////zAK +-hwgKAAPO/////zAKhwgKAAPP/////zAKhwgKAAPQ/////zAKhwgKAAPR/////zAK +-hwgKAAPS/////zAKhwgKAAPT/////zAKhwgKAAPU/////zAKhwgKAAPV/////zAK +-hwgKAAPW/////zAKhwgKAAPX/////zAKhwgKAAPY/////zAKhwgKAAPZ/////zAK +-hwgKAAPa/////zAKhwgKAAPb/////zAKhwgKAAPc/////zAKhwgKAAPd/////zAK +-hwgKAAPe/////zAKhwgKAAPf/////zAKhwgKAAPg/////zAKhwgKAAPh/////zAK +-hwgKAAPi/////zAKhwgKAAPj/////zAKhwgKAAPk/////zAKhwgKAAPl/////zAK +-hwgKAAPm/////zAKhwgKAAPn/////zAKhwgKAAPo/////zAKhwgKAAPp/////zAK +-hwgKAAPq/////zAKhwgKAAPr/////zAKhwgKAAPs/////zAKhwgKAAPt/////zAK +-hwgKAAPu/////zAKhwgKAAPv/////zAKhwgKAAPw/////zAKhwgKAAPx/////zAK +-hwgKAAPy/////zAKhwgKAAPz/////zAKhwgKAAP0/////zAKhwgKAAP1/////zAK +-hwgKAAP2/////zAKhwgKAAP3/////zAKhwgKAAP4/////zAKhwgKAAP5/////zAK +-hwgKAAP6/////zAKhwgKAAP7/////zAKhwgKAAP8/////zAKhwgKAAP9/////zAK +-hwgKAAP+/////zAKhwgKAAP//////zAKhwgKAAQA/////zAPhg1odHRwOi8vdGVz +-dC8wMA+GDWh0dHA6Ly90ZXN0LzEwD4YNaHR0cDovL3Rlc3QvMjAPhg1odHRwOi8v +-dGVzdC8zMA+GDWh0dHA6Ly90ZXN0LzQwD4YNaHR0cDovL3Rlc3QvNTAPhg1odHRw +-Oi8vdGVzdC82MA+GDWh0dHA6Ly90ZXN0LzcwD4YNaHR0cDovL3Rlc3QvODAPhg1o +-dHRwOi8vdGVzdC85MBCGDmh0dHA6Ly90ZXN0LzEwMBCGDmh0dHA6Ly90ZXN0LzEx +-MBCGDmh0dHA6Ly90ZXN0LzEyMBCGDmh0dHA6Ly90ZXN0LzEzMBCGDmh0dHA6Ly90 +-ZXN0LzE0MBCGDmh0dHA6Ly90ZXN0LzE1MBCGDmh0dHA6Ly90ZXN0LzE2MBCGDmh0 +-dHA6Ly90ZXN0LzE3MBCGDmh0dHA6Ly90ZXN0LzE4MBCGDmh0dHA6Ly90ZXN0LzE5 +-MBCGDmh0dHA6Ly90ZXN0LzIwMBCGDmh0dHA6Ly90ZXN0LzIxMBCGDmh0dHA6Ly90 +-ZXN0LzIyMBCGDmh0dHA6Ly90ZXN0LzIzMBCGDmh0dHA6Ly90ZXN0LzI0MBCGDmh0 +-dHA6Ly90ZXN0LzI1MBCGDmh0dHA6Ly90ZXN0LzI2MBCGDmh0dHA6Ly90ZXN0LzI3 +-MBCGDmh0dHA6Ly90ZXN0LzI4MBCGDmh0dHA6Ly90ZXN0LzI5MBCGDmh0dHA6Ly90 +-ZXN0LzMwMBCGDmh0dHA6Ly90ZXN0LzMxMBCGDmh0dHA6Ly90ZXN0LzMyMBCGDmh0 +-dHA6Ly90ZXN0LzMzMBCGDmh0dHA6Ly90ZXN0LzM0MBCGDmh0dHA6Ly90ZXN0LzM1 +-MBCGDmh0dHA6Ly90ZXN0LzM2MBCGDmh0dHA6Ly90ZXN0LzM3MBCGDmh0dHA6Ly90 +-ZXN0LzM4MBCGDmh0dHA6Ly90ZXN0LzM5MBCGDmh0dHA6Ly90ZXN0LzQwMBCGDmh0 +-dHA6Ly90ZXN0LzQxMBCGDmh0dHA6Ly90ZXN0LzQyMBCGDmh0dHA6Ly90ZXN0LzQz +-MBCGDmh0dHA6Ly90ZXN0LzQ0MBCGDmh0dHA6Ly90ZXN0LzQ1MBCGDmh0dHA6Ly90 +-ZXN0LzQ2MBCGDmh0dHA6Ly90ZXN0LzQ3MBCGDmh0dHA6Ly90ZXN0LzQ4MBCGDmh0 +-dHA6Ly90ZXN0LzQ5MBCGDmh0dHA6Ly90ZXN0LzUwMBCGDmh0dHA6Ly90ZXN0LzUx +-MBCGDmh0dHA6Ly90ZXN0LzUyMBCGDmh0dHA6Ly90ZXN0LzUzMBCGDmh0dHA6Ly90 +-ZXN0LzU0MBCGDmh0dHA6Ly90ZXN0LzU1MBCGDmh0dHA6Ly90ZXN0LzU2MBCGDmh0 +-dHA6Ly90ZXN0LzU3MBCGDmh0dHA6Ly90ZXN0LzU4MBCGDmh0dHA6Ly90ZXN0LzU5 +-MBCGDmh0dHA6Ly90ZXN0LzYwMBCGDmh0dHA6Ly90ZXN0LzYxMBCGDmh0dHA6Ly90 +-ZXN0LzYyMBCGDmh0dHA6Ly90ZXN0LzYzMBCGDmh0dHA6Ly90ZXN0LzY0MBCGDmh0 +-dHA6Ly90ZXN0LzY1MBCGDmh0dHA6Ly90ZXN0LzY2MBCGDmh0dHA6Ly90ZXN0LzY3 +-MBCGDmh0dHA6Ly90ZXN0LzY4MBCGDmh0dHA6Ly90ZXN0LzY5MBCGDmh0dHA6Ly90 +-ZXN0LzcwMBCGDmh0dHA6Ly90ZXN0LzcxMBCGDmh0dHA6Ly90ZXN0LzcyMBCGDmh0 +-dHA6Ly90ZXN0LzczMBCGDmh0dHA6Ly90ZXN0Lzc0MBCGDmh0dHA6Ly90ZXN0Lzc1 +-MBCGDmh0dHA6Ly90ZXN0Lzc2MBCGDmh0dHA6Ly90ZXN0Lzc3MBCGDmh0dHA6Ly90 +-ZXN0Lzc4MBCGDmh0dHA6Ly90ZXN0Lzc5MBCGDmh0dHA6Ly90ZXN0LzgwMBCGDmh0 +-dHA6Ly90ZXN0LzgxMBCGDmh0dHA6Ly90ZXN0LzgyMBCGDmh0dHA6Ly90ZXN0Lzgz +-MBCGDmh0dHA6Ly90ZXN0Lzg0MBCGDmh0dHA6Ly90ZXN0Lzg1MBCGDmh0dHA6Ly90 +-ZXN0Lzg2MBCGDmh0dHA6Ly90ZXN0Lzg3MBCGDmh0dHA6Ly90ZXN0Lzg4MBCGDmh0 +-dHA6Ly90ZXN0Lzg5MBCGDmh0dHA6Ly90ZXN0LzkwMBCGDmh0dHA6Ly90ZXN0Lzkx +-MBCGDmh0dHA6Ly90ZXN0LzkyMBCGDmh0dHA6Ly90ZXN0LzkzMBCGDmh0dHA6Ly90 +-ZXN0Lzk0MBCGDmh0dHA6Ly90ZXN0Lzk1MBCGDmh0dHA6Ly90ZXN0Lzk2MBCGDmh0 +-dHA6Ly90ZXN0Lzk3MBCGDmh0dHA6Ly90ZXN0Lzk4MBCGDmh0dHA6Ly90ZXN0Lzk5 +-MBGGD2h0dHA6Ly90ZXN0LzEwMDARhg9odHRwOi8vdGVzdC8xMDEwEYYPaHR0cDov +-L3Rlc3QvMTAyMBGGD2h0dHA6Ly90ZXN0LzEwMzARhg9odHRwOi8vdGVzdC8xMDQw +-EYYPaHR0cDovL3Rlc3QvMTA1MBGGD2h0dHA6Ly90ZXN0LzEwNjARhg9odHRwOi8v +-dGVzdC8xMDcwEYYPaHR0cDovL3Rlc3QvMTA4MBGGD2h0dHA6Ly90ZXN0LzEwOTAR +-hg9odHRwOi8vdGVzdC8xMTAwEYYPaHR0cDovL3Rlc3QvMTExMBGGD2h0dHA6Ly90 +-ZXN0LzExMjARhg9odHRwOi8vdGVzdC8xMTMwEYYPaHR0cDovL3Rlc3QvMTE0MBGG +-D2h0dHA6Ly90ZXN0LzExNTARhg9odHRwOi8vdGVzdC8xMTYwEYYPaHR0cDovL3Rl +-c3QvMTE3MBGGD2h0dHA6Ly90ZXN0LzExODARhg9odHRwOi8vdGVzdC8xMTkwEYYP +-aHR0cDovL3Rlc3QvMTIwMBGGD2h0dHA6Ly90ZXN0LzEyMTARhg9odHRwOi8vdGVz +-dC8xMjIwEYYPaHR0cDovL3Rlc3QvMTIzMBGGD2h0dHA6Ly90ZXN0LzEyNDARhg9o +-dHRwOi8vdGVzdC8xMjUwEYYPaHR0cDovL3Rlc3QvMTI2MBGGD2h0dHA6Ly90ZXN0 +-LzEyNzARhg9odHRwOi8vdGVzdC8xMjgwEYYPaHR0cDovL3Rlc3QvMTI5MBGGD2h0 +-dHA6Ly90ZXN0LzEzMDARhg9odHRwOi8vdGVzdC8xMzEwEYYPaHR0cDovL3Rlc3Qv +-MTMyMBGGD2h0dHA6Ly90ZXN0LzEzMzARhg9odHRwOi8vdGVzdC8xMzQwEYYPaHR0 +-cDovL3Rlc3QvMTM1MBGGD2h0dHA6Ly90ZXN0LzEzNjARhg9odHRwOi8vdGVzdC8x +-MzcwEYYPaHR0cDovL3Rlc3QvMTM4MBGGD2h0dHA6Ly90ZXN0LzEzOTARhg9odHRw +-Oi8vdGVzdC8xNDAwEYYPaHR0cDovL3Rlc3QvMTQxMBGGD2h0dHA6Ly90ZXN0LzE0 +-MjARhg9odHRwOi8vdGVzdC8xNDMwEYYPaHR0cDovL3Rlc3QvMTQ0MBGGD2h0dHA6 +-Ly90ZXN0LzE0NTARhg9odHRwOi8vdGVzdC8xNDYwEYYPaHR0cDovL3Rlc3QvMTQ3 +-MBGGD2h0dHA6Ly90ZXN0LzE0ODARhg9odHRwOi8vdGVzdC8xNDkwEYYPaHR0cDov +-L3Rlc3QvMTUwMBGGD2h0dHA6Ly90ZXN0LzE1MTARhg9odHRwOi8vdGVzdC8xNTIw +-EYYPaHR0cDovL3Rlc3QvMTUzMBGGD2h0dHA6Ly90ZXN0LzE1NDARhg9odHRwOi8v +-dGVzdC8xNTUwEYYPaHR0cDovL3Rlc3QvMTU2MBGGD2h0dHA6Ly90ZXN0LzE1NzAR +-hg9odHRwOi8vdGVzdC8xNTgwEYYPaHR0cDovL3Rlc3QvMTU5MBGGD2h0dHA6Ly90 +-ZXN0LzE2MDARhg9odHRwOi8vdGVzdC8xNjEwEYYPaHR0cDovL3Rlc3QvMTYyMBGG +-D2h0dHA6Ly90ZXN0LzE2MzARhg9odHRwOi8vdGVzdC8xNjQwEYYPaHR0cDovL3Rl +-c3QvMTY1MBGGD2h0dHA6Ly90ZXN0LzE2NjARhg9odHRwOi8vdGVzdC8xNjcwEYYP +-aHR0cDovL3Rlc3QvMTY4MBGGD2h0dHA6Ly90ZXN0LzE2OTARhg9odHRwOi8vdGVz +-dC8xNzAwEYYPaHR0cDovL3Rlc3QvMTcxMBGGD2h0dHA6Ly90ZXN0LzE3MjARhg9o +-dHRwOi8vdGVzdC8xNzMwEYYPaHR0cDovL3Rlc3QvMTc0MBGGD2h0dHA6Ly90ZXN0 +-LzE3NTARhg9odHRwOi8vdGVzdC8xNzYwEYYPaHR0cDovL3Rlc3QvMTc3MBGGD2h0 +-dHA6Ly90ZXN0LzE3ODARhg9odHRwOi8vdGVzdC8xNzkwEYYPaHR0cDovL3Rlc3Qv +-MTgwMBGGD2h0dHA6Ly90ZXN0LzE4MTARhg9odHRwOi8vdGVzdC8xODIwEYYPaHR0 +-cDovL3Rlc3QvMTgzMBGGD2h0dHA6Ly90ZXN0LzE4NDARhg9odHRwOi8vdGVzdC8x +-ODUwEYYPaHR0cDovL3Rlc3QvMTg2MBGGD2h0dHA6Ly90ZXN0LzE4NzARhg9odHRw +-Oi8vdGVzdC8xODgwEYYPaHR0cDovL3Rlc3QvMTg5MBGGD2h0dHA6Ly90ZXN0LzE5 +-MDARhg9odHRwOi8vdGVzdC8xOTEwEYYPaHR0cDovL3Rlc3QvMTkyMBGGD2h0dHA6 +-Ly90ZXN0LzE5MzARhg9odHRwOi8vdGVzdC8xOTQwEYYPaHR0cDovL3Rlc3QvMTk1 +-MBGGD2h0dHA6Ly90ZXN0LzE5NjARhg9odHRwOi8vdGVzdC8xOTcwEYYPaHR0cDov +-L3Rlc3QvMTk4MBGGD2h0dHA6Ly90ZXN0LzE5OTARhg9odHRwOi8vdGVzdC8yMDAw +-EYYPaHR0cDovL3Rlc3QvMjAxMBGGD2h0dHA6Ly90ZXN0LzIwMjARhg9odHRwOi8v +-dGVzdC8yMDMwEYYPaHR0cDovL3Rlc3QvMjA0MBGGD2h0dHA6Ly90ZXN0LzIwNTAR +-hg9odHRwOi8vdGVzdC8yMDYwEYYPaHR0cDovL3Rlc3QvMjA3MBGGD2h0dHA6Ly90 +-ZXN0LzIwODARhg9odHRwOi8vdGVzdC8yMDkwEYYPaHR0cDovL3Rlc3QvMjEwMBGG +-D2h0dHA6Ly90ZXN0LzIxMTARhg9odHRwOi8vdGVzdC8yMTIwEYYPaHR0cDovL3Rl +-c3QvMjEzMBGGD2h0dHA6Ly90ZXN0LzIxNDARhg9odHRwOi8vdGVzdC8yMTUwEYYP +-aHR0cDovL3Rlc3QvMjE2MBGGD2h0dHA6Ly90ZXN0LzIxNzARhg9odHRwOi8vdGVz +-dC8yMTgwEYYPaHR0cDovL3Rlc3QvMjE5MBGGD2h0dHA6Ly90ZXN0LzIyMDARhg9o +-dHRwOi8vdGVzdC8yMjEwEYYPaHR0cDovL3Rlc3QvMjIyMBGGD2h0dHA6Ly90ZXN0 +-LzIyMzARhg9odHRwOi8vdGVzdC8yMjQwEYYPaHR0cDovL3Rlc3QvMjI1MBGGD2h0 +-dHA6Ly90ZXN0LzIyNjARhg9odHRwOi8vdGVzdC8yMjcwEYYPaHR0cDovL3Rlc3Qv +-MjI4MBGGD2h0dHA6Ly90ZXN0LzIyOTARhg9odHRwOi8vdGVzdC8yMzAwEYYPaHR0 +-cDovL3Rlc3QvMjMxMBGGD2h0dHA6Ly90ZXN0LzIzMjARhg9odHRwOi8vdGVzdC8y +-MzMwEYYPaHR0cDovL3Rlc3QvMjM0MBGGD2h0dHA6Ly90ZXN0LzIzNTARhg9odHRw +-Oi8vdGVzdC8yMzYwEYYPaHR0cDovL3Rlc3QvMjM3MBGGD2h0dHA6Ly90ZXN0LzIz +-ODARhg9odHRwOi8vdGVzdC8yMzkwEYYPaHR0cDovL3Rlc3QvMjQwMBGGD2h0dHA6 +-Ly90ZXN0LzI0MTARhg9odHRwOi8vdGVzdC8yNDIwEYYPaHR0cDovL3Rlc3QvMjQz +-MBGGD2h0dHA6Ly90ZXN0LzI0NDARhg9odHRwOi8vdGVzdC8yNDUwEYYPaHR0cDov +-L3Rlc3QvMjQ2MBGGD2h0dHA6Ly90ZXN0LzI0NzARhg9odHRwOi8vdGVzdC8yNDgw +-EYYPaHR0cDovL3Rlc3QvMjQ5MBGGD2h0dHA6Ly90ZXN0LzI1MDARhg9odHRwOi8v +-dGVzdC8yNTEwEYYPaHR0cDovL3Rlc3QvMjUyMBGGD2h0dHA6Ly90ZXN0LzI1MzAR +-hg9odHRwOi8vdGVzdC8yNTQwEYYPaHR0cDovL3Rlc3QvMjU1MBGGD2h0dHA6Ly90 +-ZXN0LzI1NjARhg9odHRwOi8vdGVzdC8yNTcwEYYPaHR0cDovL3Rlc3QvMjU4MBGG +-D2h0dHA6Ly90ZXN0LzI1OTARhg9odHRwOi8vdGVzdC8yNjAwEYYPaHR0cDovL3Rl +-c3QvMjYxMBGGD2h0dHA6Ly90ZXN0LzI2MjARhg9odHRwOi8vdGVzdC8yNjMwEYYP +-aHR0cDovL3Rlc3QvMjY0MBGGD2h0dHA6Ly90ZXN0LzI2NTARhg9odHRwOi8vdGVz +-dC8yNjYwEYYPaHR0cDovL3Rlc3QvMjY3MBGGD2h0dHA6Ly90ZXN0LzI2ODARhg9o +-dHRwOi8vdGVzdC8yNjkwEYYPaHR0cDovL3Rlc3QvMjcwMBGGD2h0dHA6Ly90ZXN0 +-LzI3MTARhg9odHRwOi8vdGVzdC8yNzIwEYYPaHR0cDovL3Rlc3QvMjczMBGGD2h0 +-dHA6Ly90ZXN0LzI3NDARhg9odHRwOi8vdGVzdC8yNzUwEYYPaHR0cDovL3Rlc3Qv +-Mjc2MBGGD2h0dHA6Ly90ZXN0LzI3NzARhg9odHRwOi8vdGVzdC8yNzgwEYYPaHR0 +-cDovL3Rlc3QvMjc5MBGGD2h0dHA6Ly90ZXN0LzI4MDARhg9odHRwOi8vdGVzdC8y +-ODEwEYYPaHR0cDovL3Rlc3QvMjgyMBGGD2h0dHA6Ly90ZXN0LzI4MzARhg9odHRw +-Oi8vdGVzdC8yODQwEYYPaHR0cDovL3Rlc3QvMjg1MBGGD2h0dHA6Ly90ZXN0LzI4 +-NjARhg9odHRwOi8vdGVzdC8yODcwEYYPaHR0cDovL3Rlc3QvMjg4MBGGD2h0dHA6 +-Ly90ZXN0LzI4OTARhg9odHRwOi8vdGVzdC8yOTAwEYYPaHR0cDovL3Rlc3QvMjkx +-MBGGD2h0dHA6Ly90ZXN0LzI5MjARhg9odHRwOi8vdGVzdC8yOTMwEYYPaHR0cDov +-L3Rlc3QvMjk0MBGGD2h0dHA6Ly90ZXN0LzI5NTARhg9odHRwOi8vdGVzdC8yOTYw +-EYYPaHR0cDovL3Rlc3QvMjk3MBGGD2h0dHA6Ly90ZXN0LzI5ODARhg9odHRwOi8v +-dGVzdC8yOTkwEYYPaHR0cDovL3Rlc3QvMzAwMBGGD2h0dHA6Ly90ZXN0LzMwMTAR +-hg9odHRwOi8vdGVzdC8zMDIwEYYPaHR0cDovL3Rlc3QvMzAzMBGGD2h0dHA6Ly90 +-ZXN0LzMwNDARhg9odHRwOi8vdGVzdC8zMDUwEYYPaHR0cDovL3Rlc3QvMzA2MBGG +-D2h0dHA6Ly90ZXN0LzMwNzARhg9odHRwOi8vdGVzdC8zMDgwEYYPaHR0cDovL3Rl +-c3QvMzA5MBGGD2h0dHA6Ly90ZXN0LzMxMDARhg9odHRwOi8vdGVzdC8zMTEwEYYP +-aHR0cDovL3Rlc3QvMzEyMBGGD2h0dHA6Ly90ZXN0LzMxMzARhg9odHRwOi8vdGVz +-dC8zMTQwEYYPaHR0cDovL3Rlc3QvMzE1MBGGD2h0dHA6Ly90ZXN0LzMxNjARhg9o +-dHRwOi8vdGVzdC8zMTcwEYYPaHR0cDovL3Rlc3QvMzE4MBGGD2h0dHA6Ly90ZXN0 +-LzMxOTARhg9odHRwOi8vdGVzdC8zMjAwEYYPaHR0cDovL3Rlc3QvMzIxMBGGD2h0 +-dHA6Ly90ZXN0LzMyMjARhg9odHRwOi8vdGVzdC8zMjMwEYYPaHR0cDovL3Rlc3Qv +-MzI0MBGGD2h0dHA6Ly90ZXN0LzMyNTARhg9odHRwOi8vdGVzdC8zMjYwEYYPaHR0 +-cDovL3Rlc3QvMzI3MBGGD2h0dHA6Ly90ZXN0LzMyODARhg9odHRwOi8vdGVzdC8z +-MjkwEYYPaHR0cDovL3Rlc3QvMzMwMBGGD2h0dHA6Ly90ZXN0LzMzMTARhg9odHRw +-Oi8vdGVzdC8zMzIwEYYPaHR0cDovL3Rlc3QvMzMzMBGGD2h0dHA6Ly90ZXN0LzMz +-NDARhg9odHRwOi8vdGVzdC8zMzUwEYYPaHR0cDovL3Rlc3QvMzM2MBGGD2h0dHA6 +-Ly90ZXN0LzMzNzARhg9odHRwOi8vdGVzdC8zMzgwEYYPaHR0cDovL3Rlc3QvMzM5 +-MBGGD2h0dHA6Ly90ZXN0LzM0MDARhg9odHRwOi8vdGVzdC8zNDEwEYYPaHR0cDov +-L3Rlc3QvMzQyMBGGD2h0dHA6Ly90ZXN0LzM0MzARhg9odHRwOi8vdGVzdC8zNDQw +-EYYPaHR0cDovL3Rlc3QvMzQ1MBGGD2h0dHA6Ly90ZXN0LzM0NjARhg9odHRwOi8v +-dGVzdC8zNDcwEYYPaHR0cDovL3Rlc3QvMzQ4MBGGD2h0dHA6Ly90ZXN0LzM0OTAR +-hg9odHRwOi8vdGVzdC8zNTAwEYYPaHR0cDovL3Rlc3QvMzUxMBGGD2h0dHA6Ly90 +-ZXN0LzM1MjARhg9odHRwOi8vdGVzdC8zNTMwEYYPaHR0cDovL3Rlc3QvMzU0MBGG +-D2h0dHA6Ly90ZXN0LzM1NTARhg9odHRwOi8vdGVzdC8zNTYwEYYPaHR0cDovL3Rl +-c3QvMzU3MBGGD2h0dHA6Ly90ZXN0LzM1ODARhg9odHRwOi8vdGVzdC8zNTkwEYYP +-aHR0cDovL3Rlc3QvMzYwMBGGD2h0dHA6Ly90ZXN0LzM2MTARhg9odHRwOi8vdGVz +-dC8zNjIwEYYPaHR0cDovL3Rlc3QvMzYzMBGGD2h0dHA6Ly90ZXN0LzM2NDARhg9o +-dHRwOi8vdGVzdC8zNjUwEYYPaHR0cDovL3Rlc3QvMzY2MBGGD2h0dHA6Ly90ZXN0 +-LzM2NzARhg9odHRwOi8vdGVzdC8zNjgwEYYPaHR0cDovL3Rlc3QvMzY5MBGGD2h0 +-dHA6Ly90ZXN0LzM3MDARhg9odHRwOi8vdGVzdC8zNzEwEYYPaHR0cDovL3Rlc3Qv +-MzcyMBGGD2h0dHA6Ly90ZXN0LzM3MzARhg9odHRwOi8vdGVzdC8zNzQwEYYPaHR0 +-cDovL3Rlc3QvMzc1MBGGD2h0dHA6Ly90ZXN0LzM3NjARhg9odHRwOi8vdGVzdC8z +-NzcwEYYPaHR0cDovL3Rlc3QvMzc4MBGGD2h0dHA6Ly90ZXN0LzM3OTARhg9odHRw +-Oi8vdGVzdC8zODAwEYYPaHR0cDovL3Rlc3QvMzgxMBGGD2h0dHA6Ly90ZXN0LzM4 +-MjARhg9odHRwOi8vdGVzdC8zODMwEYYPaHR0cDovL3Rlc3QvMzg0MBGGD2h0dHA6 +-Ly90ZXN0LzM4NTARhg9odHRwOi8vdGVzdC8zODYwEYYPaHR0cDovL3Rlc3QvMzg3 +-MBGGD2h0dHA6Ly90ZXN0LzM4ODARhg9odHRwOi8vdGVzdC8zODkwEYYPaHR0cDov +-L3Rlc3QvMzkwMBGGD2h0dHA6Ly90ZXN0LzM5MTARhg9odHRwOi8vdGVzdC8zOTIw +-EYYPaHR0cDovL3Rlc3QvMzkzMBGGD2h0dHA6Ly90ZXN0LzM5NDARhg9odHRwOi8v +-dGVzdC8zOTUwEYYPaHR0cDovL3Rlc3QvMzk2MBGGD2h0dHA6Ly90ZXN0LzM5NzAR +-hg9odHRwOi8vdGVzdC8zOTgwEYYPaHR0cDovL3Rlc3QvMzk5MBGGD2h0dHA6Ly90 +-ZXN0LzQwMDARhg9odHRwOi8vdGVzdC80MDEwEYYPaHR0cDovL3Rlc3QvNDAyMBGG +-D2h0dHA6Ly90ZXN0LzQwMzARhg9odHRwOi8vdGVzdC80MDQwEYYPaHR0cDovL3Rl +-c3QvNDA1MBGGD2h0dHA6Ly90ZXN0LzQwNjARhg9odHRwOi8vdGVzdC80MDcwEYYP +-aHR0cDovL3Rlc3QvNDA4MBGGD2h0dHA6Ly90ZXN0LzQwOTARhg9odHRwOi8vdGVz +-dC80MTAwEYYPaHR0cDovL3Rlc3QvNDExMBGGD2h0dHA6Ly90ZXN0LzQxMjARhg9o +-dHRwOi8vdGVzdC80MTMwEYYPaHR0cDovL3Rlc3QvNDE0MBGGD2h0dHA6Ly90ZXN0 +-LzQxNTARhg9odHRwOi8vdGVzdC80MTYwEYYPaHR0cDovL3Rlc3QvNDE3MBGGD2h0 +-dHA6Ly90ZXN0LzQxODARhg9odHRwOi8vdGVzdC80MTkwEYYPaHR0cDovL3Rlc3Qv +-NDIwMBGGD2h0dHA6Ly90ZXN0LzQyMTARhg9odHRwOi8vdGVzdC80MjIwEYYPaHR0 +-cDovL3Rlc3QvNDIzMBGGD2h0dHA6Ly90ZXN0LzQyNDARhg9odHRwOi8vdGVzdC80 +-MjUwEYYPaHR0cDovL3Rlc3QvNDI2MBGGD2h0dHA6Ly90ZXN0LzQyNzARhg9odHRw +-Oi8vdGVzdC80MjgwEYYPaHR0cDovL3Rlc3QvNDI5MBGGD2h0dHA6Ly90ZXN0LzQz +-MDARhg9odHRwOi8vdGVzdC80MzEwEYYPaHR0cDovL3Rlc3QvNDMyMBGGD2h0dHA6 +-Ly90ZXN0LzQzMzARhg9odHRwOi8vdGVzdC80MzQwEYYPaHR0cDovL3Rlc3QvNDM1 +-MBGGD2h0dHA6Ly90ZXN0LzQzNjARhg9odHRwOi8vdGVzdC80MzcwEYYPaHR0cDov +-L3Rlc3QvNDM4MBGGD2h0dHA6Ly90ZXN0LzQzOTARhg9odHRwOi8vdGVzdC80NDAw +-EYYPaHR0cDovL3Rlc3QvNDQxMBGGD2h0dHA6Ly90ZXN0LzQ0MjARhg9odHRwOi8v +-dGVzdC80NDMwEYYPaHR0cDovL3Rlc3QvNDQ0MBGGD2h0dHA6Ly90ZXN0LzQ0NTAR +-hg9odHRwOi8vdGVzdC80NDYwEYYPaHR0cDovL3Rlc3QvNDQ3MBGGD2h0dHA6Ly90 +-ZXN0LzQ0ODARhg9odHRwOi8vdGVzdC80NDkwEYYPaHR0cDovL3Rlc3QvNDUwMBGG +-D2h0dHA6Ly90ZXN0LzQ1MTARhg9odHRwOi8vdGVzdC80NTIwEYYPaHR0cDovL3Rl +-c3QvNDUzMBGGD2h0dHA6Ly90ZXN0LzQ1NDARhg9odHRwOi8vdGVzdC80NTUwEYYP +-aHR0cDovL3Rlc3QvNDU2MBGGD2h0dHA6Ly90ZXN0LzQ1NzARhg9odHRwOi8vdGVz +-dC80NTgwEYYPaHR0cDovL3Rlc3QvNDU5MBGGD2h0dHA6Ly90ZXN0LzQ2MDARhg9o +-dHRwOi8vdGVzdC80NjEwEYYPaHR0cDovL3Rlc3QvNDYyMBGGD2h0dHA6Ly90ZXN0 +-LzQ2MzARhg9odHRwOi8vdGVzdC80NjQwEYYPaHR0cDovL3Rlc3QvNDY1MBGGD2h0 +-dHA6Ly90ZXN0LzQ2NjARhg9odHRwOi8vdGVzdC80NjcwEYYPaHR0cDovL3Rlc3Qv +-NDY4MBGGD2h0dHA6Ly90ZXN0LzQ2OTARhg9odHRwOi8vdGVzdC80NzAwEYYPaHR0 +-cDovL3Rlc3QvNDcxMBGGD2h0dHA6Ly90ZXN0LzQ3MjARhg9odHRwOi8vdGVzdC80 +-NzMwEYYPaHR0cDovL3Rlc3QvNDc0MBGGD2h0dHA6Ly90ZXN0LzQ3NTARhg9odHRw +-Oi8vdGVzdC80NzYwEYYPaHR0cDovL3Rlc3QvNDc3MBGGD2h0dHA6Ly90ZXN0LzQ3 +-ODARhg9odHRwOi8vdGVzdC80NzkwEYYPaHR0cDovL3Rlc3QvNDgwMBGGD2h0dHA6 +-Ly90ZXN0LzQ4MTARhg9odHRwOi8vdGVzdC80ODIwEYYPaHR0cDovL3Rlc3QvNDgz +-MBGGD2h0dHA6Ly90ZXN0LzQ4NDARhg9odHRwOi8vdGVzdC80ODUwEYYPaHR0cDov +-L3Rlc3QvNDg2MBGGD2h0dHA6Ly90ZXN0LzQ4NzARhg9odHRwOi8vdGVzdC80ODgw +-EYYPaHR0cDovL3Rlc3QvNDg5MBGGD2h0dHA6Ly90ZXN0LzQ5MDARhg9odHRwOi8v +-dGVzdC80OTEwEYYPaHR0cDovL3Rlc3QvNDkyMBGGD2h0dHA6Ly90ZXN0LzQ5MzAR +-hg9odHRwOi8vdGVzdC80OTQwEYYPaHR0cDovL3Rlc3QvNDk1MBGGD2h0dHA6Ly90 +-ZXN0LzQ5NjARhg9odHRwOi8vdGVzdC80OTcwEYYPaHR0cDovL3Rlc3QvNDk4MBGG +-D2h0dHA6Ly90ZXN0LzQ5OTARhg9odHRwOi8vdGVzdC81MDAwEYYPaHR0cDovL3Rl +-c3QvNTAxMBGGD2h0dHA6Ly90ZXN0LzUwMjARhg9odHRwOi8vdGVzdC81MDMwEYYP +-aHR0cDovL3Rlc3QvNTA0MBGGD2h0dHA6Ly90ZXN0LzUwNTARhg9odHRwOi8vdGVz +-dC81MDYwEYYPaHR0cDovL3Rlc3QvNTA3MBGGD2h0dHA6Ly90ZXN0LzUwODARhg9o +-dHRwOi8vdGVzdC81MDkwEYYPaHR0cDovL3Rlc3QvNTEwMBGGD2h0dHA6Ly90ZXN0 +-LzUxMTARhg9odHRwOi8vdGVzdC81MTIwEYYPaHR0cDovL3Rlc3QvNTEzMBGGD2h0 +-dHA6Ly90ZXN0LzUxNDARhg9odHRwOi8vdGVzdC81MTUwEYYPaHR0cDovL3Rlc3Qv +-NTE2MBGGD2h0dHA6Ly90ZXN0LzUxNzARhg9odHRwOi8vdGVzdC81MTgwEYYPaHR0 +-cDovL3Rlc3QvNTE5MBGGD2h0dHA6Ly90ZXN0LzUyMDARhg9odHRwOi8vdGVzdC81 +-MjEwEYYPaHR0cDovL3Rlc3QvNTIyMBGGD2h0dHA6Ly90ZXN0LzUyMzARhg9odHRw +-Oi8vdGVzdC81MjQwEYYPaHR0cDovL3Rlc3QvNTI1MBGGD2h0dHA6Ly90ZXN0LzUy +-NjARhg9odHRwOi8vdGVzdC81MjcwEYYPaHR0cDovL3Rlc3QvNTI4MBGGD2h0dHA6 +-Ly90ZXN0LzUyOTARhg9odHRwOi8vdGVzdC81MzAwEYYPaHR0cDovL3Rlc3QvNTMx +-MBGGD2h0dHA6Ly90ZXN0LzUzMjARhg9odHRwOi8vdGVzdC81MzMwEYYPaHR0cDov +-L3Rlc3QvNTM0MBGGD2h0dHA6Ly90ZXN0LzUzNTARhg9odHRwOi8vdGVzdC81MzYw +-EYYPaHR0cDovL3Rlc3QvNTM3MBGGD2h0dHA6Ly90ZXN0LzUzODARhg9odHRwOi8v +-dGVzdC81MzkwEYYPaHR0cDovL3Rlc3QvNTQwMBGGD2h0dHA6Ly90ZXN0LzU0MTAR +-hg9odHRwOi8vdGVzdC81NDIwEYYPaHR0cDovL3Rlc3QvNTQzMBGGD2h0dHA6Ly90 +-ZXN0LzU0NDARhg9odHRwOi8vdGVzdC81NDUwEYYPaHR0cDovL3Rlc3QvNTQ2MBGG +-D2h0dHA6Ly90ZXN0LzU0NzARhg9odHRwOi8vdGVzdC81NDgwEYYPaHR0cDovL3Rl +-c3QvNTQ5MBGGD2h0dHA6Ly90ZXN0LzU1MDARhg9odHRwOi8vdGVzdC81NTEwEYYP +-aHR0cDovL3Rlc3QvNTUyMBGGD2h0dHA6Ly90ZXN0LzU1MzARhg9odHRwOi8vdGVz +-dC81NTQwEYYPaHR0cDovL3Rlc3QvNTU1MBGGD2h0dHA6Ly90ZXN0LzU1NjARhg9o +-dHRwOi8vdGVzdC81NTcwEYYPaHR0cDovL3Rlc3QvNTU4MBGGD2h0dHA6Ly90ZXN0 +-LzU1OTARhg9odHRwOi8vdGVzdC81NjAwEYYPaHR0cDovL3Rlc3QvNTYxMBGGD2h0 +-dHA6Ly90ZXN0LzU2MjARhg9odHRwOi8vdGVzdC81NjMwEYYPaHR0cDovL3Rlc3Qv +-NTY0MBGGD2h0dHA6Ly90ZXN0LzU2NTARhg9odHRwOi8vdGVzdC81NjYwEYYPaHR0 +-cDovL3Rlc3QvNTY3MBGGD2h0dHA6Ly90ZXN0LzU2ODARhg9odHRwOi8vdGVzdC81 +-NjkwEYYPaHR0cDovL3Rlc3QvNTcwMBGGD2h0dHA6Ly90ZXN0LzU3MTARhg9odHRw +-Oi8vdGVzdC81NzIwEYYPaHR0cDovL3Rlc3QvNTczMBGGD2h0dHA6Ly90ZXN0LzU3 +-NDARhg9odHRwOi8vdGVzdC81NzUwEYYPaHR0cDovL3Rlc3QvNTc2MBGGD2h0dHA6 +-Ly90ZXN0LzU3NzARhg9odHRwOi8vdGVzdC81NzgwEYYPaHR0cDovL3Rlc3QvNTc5 +-MBGGD2h0dHA6Ly90ZXN0LzU4MDARhg9odHRwOi8vdGVzdC81ODEwEYYPaHR0cDov +-L3Rlc3QvNTgyMBGGD2h0dHA6Ly90ZXN0LzU4MzARhg9odHRwOi8vdGVzdC81ODQw +-EYYPaHR0cDovL3Rlc3QvNTg1MBGGD2h0dHA6Ly90ZXN0LzU4NjARhg9odHRwOi8v +-dGVzdC81ODcwEYYPaHR0cDovL3Rlc3QvNTg4MBGGD2h0dHA6Ly90ZXN0LzU4OTAR +-hg9odHRwOi8vdGVzdC81OTAwEYYPaHR0cDovL3Rlc3QvNTkxMBGGD2h0dHA6Ly90 +-ZXN0LzU5MjARhg9odHRwOi8vdGVzdC81OTMwEYYPaHR0cDovL3Rlc3QvNTk0MBGG +-D2h0dHA6Ly90ZXN0LzU5NTARhg9odHRwOi8vdGVzdC81OTYwEYYPaHR0cDovL3Rl +-c3QvNTk3MBGGD2h0dHA6Ly90ZXN0LzU5ODARhg9odHRwOi8vdGVzdC81OTkwEYYP +-aHR0cDovL3Rlc3QvNjAwMBGGD2h0dHA6Ly90ZXN0LzYwMTARhg9odHRwOi8vdGVz +-dC82MDIwEYYPaHR0cDovL3Rlc3QvNjAzMBGGD2h0dHA6Ly90ZXN0LzYwNDARhg9o +-dHRwOi8vdGVzdC82MDUwEYYPaHR0cDovL3Rlc3QvNjA2MBGGD2h0dHA6Ly90ZXN0 +-LzYwNzARhg9odHRwOi8vdGVzdC82MDgwEYYPaHR0cDovL3Rlc3QvNjA5MBGGD2h0 +-dHA6Ly90ZXN0LzYxMDARhg9odHRwOi8vdGVzdC82MTEwEYYPaHR0cDovL3Rlc3Qv +-NjEyMBGGD2h0dHA6Ly90ZXN0LzYxMzARhg9odHRwOi8vdGVzdC82MTQwEYYPaHR0 +-cDovL3Rlc3QvNjE1MBGGD2h0dHA6Ly90ZXN0LzYxNjARhg9odHRwOi8vdGVzdC82 +-MTcwEYYPaHR0cDovL3Rlc3QvNjE4MBGGD2h0dHA6Ly90ZXN0LzYxOTARhg9odHRw +-Oi8vdGVzdC82MjAwEYYPaHR0cDovL3Rlc3QvNjIxMBGGD2h0dHA6Ly90ZXN0LzYy +-MjARhg9odHRwOi8vdGVzdC82MjMwEYYPaHR0cDovL3Rlc3QvNjI0MBGGD2h0dHA6 +-Ly90ZXN0LzYyNTARhg9odHRwOi8vdGVzdC82MjYwEYYPaHR0cDovL3Rlc3QvNjI3 +-MBGGD2h0dHA6Ly90ZXN0LzYyODARhg9odHRwOi8vdGVzdC82MjkwEYYPaHR0cDov +-L3Rlc3QvNjMwMBGGD2h0dHA6Ly90ZXN0LzYzMTARhg9odHRwOi8vdGVzdC82MzIw +-EYYPaHR0cDovL3Rlc3QvNjMzMBGGD2h0dHA6Ly90ZXN0LzYzNDARhg9odHRwOi8v +-dGVzdC82MzUwEYYPaHR0cDovL3Rlc3QvNjM2MBGGD2h0dHA6Ly90ZXN0LzYzNzAR +-hg9odHRwOi8vdGVzdC82MzgwEYYPaHR0cDovL3Rlc3QvNjM5MBGGD2h0dHA6Ly90 +-ZXN0LzY0MDARhg9odHRwOi8vdGVzdC82NDEwEYYPaHR0cDovL3Rlc3QvNjQyMBGG +-D2h0dHA6Ly90ZXN0LzY0MzARhg9odHRwOi8vdGVzdC82NDQwEYYPaHR0cDovL3Rl +-c3QvNjQ1MBGGD2h0dHA6Ly90ZXN0LzY0NjARhg9odHRwOi8vdGVzdC82NDcwEYYP +-aHR0cDovL3Rlc3QvNjQ4MBGGD2h0dHA6Ly90ZXN0LzY0OTARhg9odHRwOi8vdGVz +-dC82NTAwEYYPaHR0cDovL3Rlc3QvNjUxMBGGD2h0dHA6Ly90ZXN0LzY1MjARhg9o +-dHRwOi8vdGVzdC82NTMwEYYPaHR0cDovL3Rlc3QvNjU0MBGGD2h0dHA6Ly90ZXN0 +-LzY1NTARhg9odHRwOi8vdGVzdC82NTYwEYYPaHR0cDovL3Rlc3QvNjU3MBGGD2h0 +-dHA6Ly90ZXN0LzY1ODARhg9odHRwOi8vdGVzdC82NTkwEYYPaHR0cDovL3Rlc3Qv +-NjYwMBGGD2h0dHA6Ly90ZXN0LzY2MTARhg9odHRwOi8vdGVzdC82NjIwEYYPaHR0 +-cDovL3Rlc3QvNjYzMBGGD2h0dHA6Ly90ZXN0LzY2NDARhg9odHRwOi8vdGVzdC82 +-NjUwEYYPaHR0cDovL3Rlc3QvNjY2MBGGD2h0dHA6Ly90ZXN0LzY2NzARhg9odHRw +-Oi8vdGVzdC82NjgwEYYPaHR0cDovL3Rlc3QvNjY5MBGGD2h0dHA6Ly90ZXN0LzY3 +-MDARhg9odHRwOi8vdGVzdC82NzEwEYYPaHR0cDovL3Rlc3QvNjcyMBGGD2h0dHA6 +-Ly90ZXN0LzY3MzARhg9odHRwOi8vdGVzdC82NzQwEYYPaHR0cDovL3Rlc3QvNjc1 +-MBGGD2h0dHA6Ly90ZXN0LzY3NjARhg9odHRwOi8vdGVzdC82NzcwEYYPaHR0cDov +-L3Rlc3QvNjc4MBGGD2h0dHA6Ly90ZXN0LzY3OTARhg9odHRwOi8vdGVzdC82ODAw +-EYYPaHR0cDovL3Rlc3QvNjgxMBGGD2h0dHA6Ly90ZXN0LzY4MjARhg9odHRwOi8v +-dGVzdC82ODMwEYYPaHR0cDovL3Rlc3QvNjg0MBGGD2h0dHA6Ly90ZXN0LzY4NTAR +-hg9odHRwOi8vdGVzdC82ODYwEYYPaHR0cDovL3Rlc3QvNjg3MBGGD2h0dHA6Ly90 +-ZXN0LzY4ODARhg9odHRwOi8vdGVzdC82ODkwEYYPaHR0cDovL3Rlc3QvNjkwMBGG +-D2h0dHA6Ly90ZXN0LzY5MTARhg9odHRwOi8vdGVzdC82OTIwEYYPaHR0cDovL3Rl +-c3QvNjkzMBGGD2h0dHA6Ly90ZXN0LzY5NDARhg9odHRwOi8vdGVzdC82OTUwEYYP +-aHR0cDovL3Rlc3QvNjk2MBGGD2h0dHA6Ly90ZXN0LzY5NzARhg9odHRwOi8vdGVz +-dC82OTgwEYYPaHR0cDovL3Rlc3QvNjk5MBGGD2h0dHA6Ly90ZXN0LzcwMDARhg9o +-dHRwOi8vdGVzdC83MDEwEYYPaHR0cDovL3Rlc3QvNzAyMBGGD2h0dHA6Ly90ZXN0 +-LzcwMzARhg9odHRwOi8vdGVzdC83MDQwEYYPaHR0cDovL3Rlc3QvNzA1MBGGD2h0 +-dHA6Ly90ZXN0LzcwNjARhg9odHRwOi8vdGVzdC83MDcwEYYPaHR0cDovL3Rlc3Qv +-NzA4MBGGD2h0dHA6Ly90ZXN0LzcwOTARhg9odHRwOi8vdGVzdC83MTAwEYYPaHR0 +-cDovL3Rlc3QvNzExMBGGD2h0dHA6Ly90ZXN0LzcxMjARhg9odHRwOi8vdGVzdC83 +-MTMwEYYPaHR0cDovL3Rlc3QvNzE0MBGGD2h0dHA6Ly90ZXN0LzcxNTARhg9odHRw +-Oi8vdGVzdC83MTYwEYYPaHR0cDovL3Rlc3QvNzE3MBGGD2h0dHA6Ly90ZXN0Lzcx +-ODARhg9odHRwOi8vdGVzdC83MTkwEYYPaHR0cDovL3Rlc3QvNzIwMBGGD2h0dHA6 +-Ly90ZXN0LzcyMTARhg9odHRwOi8vdGVzdC83MjIwEYYPaHR0cDovL3Rlc3QvNzIz +-MBGGD2h0dHA6Ly90ZXN0LzcyNDARhg9odHRwOi8vdGVzdC83MjUwEYYPaHR0cDov +-L3Rlc3QvNzI2MBGGD2h0dHA6Ly90ZXN0LzcyNzARhg9odHRwOi8vdGVzdC83Mjgw +-EYYPaHR0cDovL3Rlc3QvNzI5MBGGD2h0dHA6Ly90ZXN0LzczMDARhg9odHRwOi8v +-dGVzdC83MzEwEYYPaHR0cDovL3Rlc3QvNzMyMBGGD2h0dHA6Ly90ZXN0LzczMzAR +-hg9odHRwOi8vdGVzdC83MzQwEYYPaHR0cDovL3Rlc3QvNzM1MBGGD2h0dHA6Ly90 +-ZXN0LzczNjARhg9odHRwOi8vdGVzdC83MzcwEYYPaHR0cDovL3Rlc3QvNzM4MBGG +-D2h0dHA6Ly90ZXN0LzczOTARhg9odHRwOi8vdGVzdC83NDAwEYYPaHR0cDovL3Rl +-c3QvNzQxMBGGD2h0dHA6Ly90ZXN0Lzc0MjARhg9odHRwOi8vdGVzdC83NDMwEYYP +-aHR0cDovL3Rlc3QvNzQ0MBGGD2h0dHA6Ly90ZXN0Lzc0NTARhg9odHRwOi8vdGVz +-dC83NDYwEYYPaHR0cDovL3Rlc3QvNzQ3MBGGD2h0dHA6Ly90ZXN0Lzc0ODARhg9o +-dHRwOi8vdGVzdC83NDkwEYYPaHR0cDovL3Rlc3QvNzUwMBGGD2h0dHA6Ly90ZXN0 +-Lzc1MTARhg9odHRwOi8vdGVzdC83NTIwEYYPaHR0cDovL3Rlc3QvNzUzMBGGD2h0 +-dHA6Ly90ZXN0Lzc1NDARhg9odHRwOi8vdGVzdC83NTUwEYYPaHR0cDovL3Rlc3Qv +-NzU2MBGGD2h0dHA6Ly90ZXN0Lzc1NzARhg9odHRwOi8vdGVzdC83NTgwEYYPaHR0 +-cDovL3Rlc3QvNzU5MBGGD2h0dHA6Ly90ZXN0Lzc2MDARhg9odHRwOi8vdGVzdC83 +-NjEwEYYPaHR0cDovL3Rlc3QvNzYyMBGGD2h0dHA6Ly90ZXN0Lzc2MzARhg9odHRw +-Oi8vdGVzdC83NjQwEYYPaHR0cDovL3Rlc3QvNzY1MBGGD2h0dHA6Ly90ZXN0Lzc2 +-NjARhg9odHRwOi8vdGVzdC83NjcwEYYPaHR0cDovL3Rlc3QvNzY4MBGGD2h0dHA6 +-Ly90ZXN0Lzc2OTARhg9odHRwOi8vdGVzdC83NzAwEYYPaHR0cDovL3Rlc3QvNzcx +-MBGGD2h0dHA6Ly90ZXN0Lzc3MjARhg9odHRwOi8vdGVzdC83NzMwEYYPaHR0cDov +-L3Rlc3QvNzc0MBGGD2h0dHA6Ly90ZXN0Lzc3NTARhg9odHRwOi8vdGVzdC83NzYw +-EYYPaHR0cDovL3Rlc3QvNzc3MBGGD2h0dHA6Ly90ZXN0Lzc3ODARhg9odHRwOi8v +-dGVzdC83NzkwEYYPaHR0cDovL3Rlc3QvNzgwMBGGD2h0dHA6Ly90ZXN0Lzc4MTAR +-hg9odHRwOi8vdGVzdC83ODIwEYYPaHR0cDovL3Rlc3QvNzgzMBGGD2h0dHA6Ly90 +-ZXN0Lzc4NDARhg9odHRwOi8vdGVzdC83ODUwEYYPaHR0cDovL3Rlc3QvNzg2MBGG +-D2h0dHA6Ly90ZXN0Lzc4NzARhg9odHRwOi8vdGVzdC83ODgwEYYPaHR0cDovL3Rl +-c3QvNzg5MBGGD2h0dHA6Ly90ZXN0Lzc5MDARhg9odHRwOi8vdGVzdC83OTEwEYYP +-aHR0cDovL3Rlc3QvNzkyMBGGD2h0dHA6Ly90ZXN0Lzc5MzARhg9odHRwOi8vdGVz +-dC83OTQwEYYPaHR0cDovL3Rlc3QvNzk1MBGGD2h0dHA6Ly90ZXN0Lzc5NjARhg9o +-dHRwOi8vdGVzdC83OTcwEYYPaHR0cDovL3Rlc3QvNzk4MBGGD2h0dHA6Ly90ZXN0 +-Lzc5OTARhg9odHRwOi8vdGVzdC84MDAwEYYPaHR0cDovL3Rlc3QvODAxMBGGD2h0 +-dHA6Ly90ZXN0LzgwMjARhg9odHRwOi8vdGVzdC84MDMwEYYPaHR0cDovL3Rlc3Qv +-ODA0MBGGD2h0dHA6Ly90ZXN0LzgwNTARhg9odHRwOi8vdGVzdC84MDYwEYYPaHR0 +-cDovL3Rlc3QvODA3MBGGD2h0dHA6Ly90ZXN0LzgwODARhg9odHRwOi8vdGVzdC84 +-MDkwEYYPaHR0cDovL3Rlc3QvODEwMBGGD2h0dHA6Ly90ZXN0LzgxMTARhg9odHRw +-Oi8vdGVzdC84MTIwEYYPaHR0cDovL3Rlc3QvODEzMBGGD2h0dHA6Ly90ZXN0Lzgx +-NDARhg9odHRwOi8vdGVzdC84MTUwEYYPaHR0cDovL3Rlc3QvODE2MBGGD2h0dHA6 +-Ly90ZXN0LzgxNzARhg9odHRwOi8vdGVzdC84MTgwEYYPaHR0cDovL3Rlc3QvODE5 +-MBGGD2h0dHA6Ly90ZXN0LzgyMDARhg9odHRwOi8vdGVzdC84MjEwEYYPaHR0cDov +-L3Rlc3QvODIyMBGGD2h0dHA6Ly90ZXN0LzgyMzARhg9odHRwOi8vdGVzdC84MjQw +-EYYPaHR0cDovL3Rlc3QvODI1MBGGD2h0dHA6Ly90ZXN0LzgyNjARhg9odHRwOi8v +-dGVzdC84MjcwEYYPaHR0cDovL3Rlc3QvODI4MBGGD2h0dHA6Ly90ZXN0LzgyOTAR +-hg9odHRwOi8vdGVzdC84MzAwEYYPaHR0cDovL3Rlc3QvODMxMBGGD2h0dHA6Ly90 +-ZXN0LzgzMjARhg9odHRwOi8vdGVzdC84MzMwEYYPaHR0cDovL3Rlc3QvODM0MBGG +-D2h0dHA6Ly90ZXN0LzgzNTARhg9odHRwOi8vdGVzdC84MzYwEYYPaHR0cDovL3Rl +-c3QvODM3MBGGD2h0dHA6Ly90ZXN0LzgzODARhg9odHRwOi8vdGVzdC84MzkwEYYP +-aHR0cDovL3Rlc3QvODQwMBGGD2h0dHA6Ly90ZXN0Lzg0MTARhg9odHRwOi8vdGVz +-dC84NDIwEYYPaHR0cDovL3Rlc3QvODQzMBGGD2h0dHA6Ly90ZXN0Lzg0NDARhg9o +-dHRwOi8vdGVzdC84NDUwEYYPaHR0cDovL3Rlc3QvODQ2MBGGD2h0dHA6Ly90ZXN0 +-Lzg0NzARhg9odHRwOi8vdGVzdC84NDgwEYYPaHR0cDovL3Rlc3QvODQ5MBGGD2h0 +-dHA6Ly90ZXN0Lzg1MDARhg9odHRwOi8vdGVzdC84NTEwEYYPaHR0cDovL3Rlc3Qv +-ODUyMBGGD2h0dHA6Ly90ZXN0Lzg1MzARhg9odHRwOi8vdGVzdC84NTQwEYYPaHR0 +-cDovL3Rlc3QvODU1MBGGD2h0dHA6Ly90ZXN0Lzg1NjARhg9odHRwOi8vdGVzdC84 +-NTcwEYYPaHR0cDovL3Rlc3QvODU4MBGGD2h0dHA6Ly90ZXN0Lzg1OTARhg9odHRw +-Oi8vdGVzdC84NjAwEYYPaHR0cDovL3Rlc3QvODYxMBGGD2h0dHA6Ly90ZXN0Lzg2 +-MjARhg9odHRwOi8vdGVzdC84NjMwEYYPaHR0cDovL3Rlc3QvODY0MBGGD2h0dHA6 +-Ly90ZXN0Lzg2NTARhg9odHRwOi8vdGVzdC84NjYwEYYPaHR0cDovL3Rlc3QvODY3 +-MBGGD2h0dHA6Ly90ZXN0Lzg2ODARhg9odHRwOi8vdGVzdC84NjkwEYYPaHR0cDov +-L3Rlc3QvODcwMBGGD2h0dHA6Ly90ZXN0Lzg3MTARhg9odHRwOi8vdGVzdC84NzIw +-EYYPaHR0cDovL3Rlc3QvODczMBGGD2h0dHA6Ly90ZXN0Lzg3NDARhg9odHRwOi8v +-dGVzdC84NzUwEYYPaHR0cDovL3Rlc3QvODc2MBGGD2h0dHA6Ly90ZXN0Lzg3NzAR +-hg9odHRwOi8vdGVzdC84NzgwEYYPaHR0cDovL3Rlc3QvODc5MBGGD2h0dHA6Ly90 +-ZXN0Lzg4MDARhg9odHRwOi8vdGVzdC84ODEwEYYPaHR0cDovL3Rlc3QvODgyMBGG +-D2h0dHA6Ly90ZXN0Lzg4MzARhg9odHRwOi8vdGVzdC84ODQwEYYPaHR0cDovL3Rl +-c3QvODg1MBGGD2h0dHA6Ly90ZXN0Lzg4NjARhg9odHRwOi8vdGVzdC84ODcwEYYP +-aHR0cDovL3Rlc3QvODg4MBGGD2h0dHA6Ly90ZXN0Lzg4OTARhg9odHRwOi8vdGVz +-dC84OTAwEYYPaHR0cDovL3Rlc3QvODkxMBGGD2h0dHA6Ly90ZXN0Lzg5MjARhg9o +-dHRwOi8vdGVzdC84OTMwEYYPaHR0cDovL3Rlc3QvODk0MBGGD2h0dHA6Ly90ZXN0 +-Lzg5NTARhg9odHRwOi8vdGVzdC84OTYwEYYPaHR0cDovL3Rlc3QvODk3MBGGD2h0 +-dHA6Ly90ZXN0Lzg5ODARhg9odHRwOi8vdGVzdC84OTkwEYYPaHR0cDovL3Rlc3Qv +-OTAwMBGGD2h0dHA6Ly90ZXN0LzkwMTARhg9odHRwOi8vdGVzdC85MDIwEYYPaHR0 +-cDovL3Rlc3QvOTAzMBGGD2h0dHA6Ly90ZXN0LzkwNDARhg9odHRwOi8vdGVzdC85 +-MDUwEYYPaHR0cDovL3Rlc3QvOTA2MBGGD2h0dHA6Ly90ZXN0LzkwNzARhg9odHRw +-Oi8vdGVzdC85MDgwEYYPaHR0cDovL3Rlc3QvOTA5MBGGD2h0dHA6Ly90ZXN0Lzkx +-MDARhg9odHRwOi8vdGVzdC85MTEwEYYPaHR0cDovL3Rlc3QvOTEyMBGGD2h0dHA6 +-Ly90ZXN0LzkxMzARhg9odHRwOi8vdGVzdC85MTQwEYYPaHR0cDovL3Rlc3QvOTE1 +-MBGGD2h0dHA6Ly90ZXN0LzkxNjARhg9odHRwOi8vdGVzdC85MTcwEYYPaHR0cDov +-L3Rlc3QvOTE4MBGGD2h0dHA6Ly90ZXN0LzkxOTARhg9odHRwOi8vdGVzdC85MjAw +-EYYPaHR0cDovL3Rlc3QvOTIxMBGGD2h0dHA6Ly90ZXN0LzkyMjARhg9odHRwOi8v +-dGVzdC85MjMwEYYPaHR0cDovL3Rlc3QvOTI0MBGGD2h0dHA6Ly90ZXN0LzkyNTAR +-hg9odHRwOi8vdGVzdC85MjYwEYYPaHR0cDovL3Rlc3QvOTI3MBGGD2h0dHA6Ly90 +-ZXN0LzkyODARhg9odHRwOi8vdGVzdC85MjkwEYYPaHR0cDovL3Rlc3QvOTMwMBGG +-D2h0dHA6Ly90ZXN0LzkzMTARhg9odHRwOi8vdGVzdC85MzIwEYYPaHR0cDovL3Rl +-c3QvOTMzMBGGD2h0dHA6Ly90ZXN0LzkzNDARhg9odHRwOi8vdGVzdC85MzUwEYYP +-aHR0cDovL3Rlc3QvOTM2MBGGD2h0dHA6Ly90ZXN0LzkzNzARhg9odHRwOi8vdGVz +-dC85MzgwEYYPaHR0cDovL3Rlc3QvOTM5MBGGD2h0dHA6Ly90ZXN0Lzk0MDARhg9o +-dHRwOi8vdGVzdC85NDEwEYYPaHR0cDovL3Rlc3QvOTQyMBGGD2h0dHA6Ly90ZXN0 +-Lzk0MzARhg9odHRwOi8vdGVzdC85NDQwEYYPaHR0cDovL3Rlc3QvOTQ1MBGGD2h0 +-dHA6Ly90ZXN0Lzk0NjARhg9odHRwOi8vdGVzdC85NDcwEYYPaHR0cDovL3Rlc3Qv +-OTQ4MBGGD2h0dHA6Ly90ZXN0Lzk0OTARhg9odHRwOi8vdGVzdC85NTAwEYYPaHR0 +-cDovL3Rlc3QvOTUxMBGGD2h0dHA6Ly90ZXN0Lzk1MjARhg9odHRwOi8vdGVzdC85 +-NTMwEYYPaHR0cDovL3Rlc3QvOTU0MBGGD2h0dHA6Ly90ZXN0Lzk1NTARhg9odHRw +-Oi8vdGVzdC85NTYwEYYPaHR0cDovL3Rlc3QvOTU3MBGGD2h0dHA6Ly90ZXN0Lzk1 +-ODARhg9odHRwOi8vdGVzdC85NTkwEYYPaHR0cDovL3Rlc3QvOTYwMBGGD2h0dHA6 +-Ly90ZXN0Lzk2MTARhg9odHRwOi8vdGVzdC85NjIwEYYPaHR0cDovL3Rlc3QvOTYz +-MBGGD2h0dHA6Ly90ZXN0Lzk2NDARhg9odHRwOi8vdGVzdC85NjUwEYYPaHR0cDov +-L3Rlc3QvOTY2MBGGD2h0dHA6Ly90ZXN0Lzk2NzARhg9odHRwOi8vdGVzdC85Njgw +-EYYPaHR0cDovL3Rlc3QvOTY5MBGGD2h0dHA6Ly90ZXN0Lzk3MDARhg9odHRwOi8v +-dGVzdC85NzEwEYYPaHR0cDovL3Rlc3QvOTcyMBGGD2h0dHA6Ly90ZXN0Lzk3MzAR +-hg9odHRwOi8vdGVzdC85NzQwEYYPaHR0cDovL3Rlc3QvOTc1MBGGD2h0dHA6Ly90 +-ZXN0Lzk3NjARhg9odHRwOi8vdGVzdC85NzcwEYYPaHR0cDovL3Rlc3QvOTc4MBGG +-D2h0dHA6Ly90ZXN0Lzk3OTARhg9odHRwOi8vdGVzdC85ODAwEYYPaHR0cDovL3Rl +-c3QvOTgxMBGGD2h0dHA6Ly90ZXN0Lzk4MjARhg9odHRwOi8vdGVzdC85ODMwEYYP +-aHR0cDovL3Rlc3QvOTg0MBGGD2h0dHA6Ly90ZXN0Lzk4NTARhg9odHRwOi8vdGVz +-dC85ODYwEYYPaHR0cDovL3Rlc3QvOTg3MBGGD2h0dHA6Ly90ZXN0Lzk4ODARhg9o +-dHRwOi8vdGVzdC85ODkwEYYPaHR0cDovL3Rlc3QvOTkwMBGGD2h0dHA6Ly90ZXN0 +-Lzk5MTARhg9odHRwOi8vdGVzdC85OTIwEYYPaHR0cDovL3Rlc3QvOTkzMBGGD2h0 +-dHA6Ly90ZXN0Lzk5NDARhg9odHRwOi8vdGVzdC85OTUwEYYPaHR0cDovL3Rlc3Qv +-OTk2MBGGD2h0dHA6Ly90ZXN0Lzk5NzARhg9odHRwOi8vdGVzdC85OTgwEYYPaHR0 +-cDovL3Rlc3QvOTk5MBKGEGh0dHA6Ly90ZXN0LzEwMDAwEoYQaHR0cDovL3Rlc3Qv +-MTAwMTAShhBodHRwOi8vdGVzdC8xMDAyMBKGEGh0dHA6Ly90ZXN0LzEwMDMwEoYQ +-aHR0cDovL3Rlc3QvMTAwNDAShhBodHRwOi8vdGVzdC8xMDA1MBKGEGh0dHA6Ly90 +-ZXN0LzEwMDYwEoYQaHR0cDovL3Rlc3QvMTAwNzAShhBodHRwOi8vdGVzdC8xMDA4 +-MBKGEGh0dHA6Ly90ZXN0LzEwMDkwEoYQaHR0cDovL3Rlc3QvMTAxMDAShhBodHRw +-Oi8vdGVzdC8xMDExMBKGEGh0dHA6Ly90ZXN0LzEwMTIwEoYQaHR0cDovL3Rlc3Qv +-MTAxMzAShhBodHRwOi8vdGVzdC8xMDE0MBKGEGh0dHA6Ly90ZXN0LzEwMTUwEoYQ +-aHR0cDovL3Rlc3QvMTAxNjAShhBodHRwOi8vdGVzdC8xMDE3MBKGEGh0dHA6Ly90 +-ZXN0LzEwMTgwEoYQaHR0cDovL3Rlc3QvMTAxOTAShhBodHRwOi8vdGVzdC8xMDIw +-MBKGEGh0dHA6Ly90ZXN0LzEwMjEwEoYQaHR0cDovL3Rlc3QvMTAyMjAShhBodHRw +-Oi8vdGVzdC8xMDIzMBKGEGh0dHA6Ly90ZXN0LzEwMjShgq+CMAmCB3gwLnRlc3Qw +-CYIHeDEudGVzdDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4 +-NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRl +-c3QwCoIIeDEwLnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRl +-c3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRl +-c3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRl +-c3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRl +-c3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRl +-c3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRl +-c3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRl +-c3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRl +-c3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRl +-c3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRl +-c3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRl +-c3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRl +-c3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRl +-c3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRl +-c3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRl +-c3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRl +-c3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRl +-c3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRl +-c3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRl +-c3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRl +-c3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRl +-c3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRl +-c3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEu +-dGVzdDALggl4MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4 +-MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3Qw +-C4IJeDEwOS50ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50 +-ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgx +-MTYudGVzdDALggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDAL +-ggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRl +-c3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEy +-Ny50ZXN0MAuCCXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuC +-CXgxMzEudGVzdDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVz +-dDALggl4MTM1LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4 +-LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJ +-eDE0Mi50ZXN0MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0 +-MAuCCXgxNDYudGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDku +-dGVzdDALggl4MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4 +-MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3Qw +-C4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50 +-ZXN0MAuCCXgxNjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgx +-NjQudGVzdDALggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDAL +-ggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0MAuCCXgxNzAudGVzdDALggl4MTcxLnRl +-c3QwC4IJeDE3Mi50ZXN0MAuCCXgxNzMudGVzdDALggl4MTc0LnRlc3QwC4IJeDE3 +-NS50ZXN0MAuCCXgxNzYudGVzdDALggl4MTc3LnRlc3QwC4IJeDE3OC50ZXN0MAuC +-CXgxNzkudGVzdDALggl4MTgwLnRlc3QwC4IJeDE4MS50ZXN0MAuCCXgxODIudGVz +-dDALggl4MTgzLnRlc3QwC4IJeDE4NC50ZXN0MAuCCXgxODUudGVzdDALggl4MTg2 +-LnRlc3QwC4IJeDE4Ny50ZXN0MAuCCXgxODgudGVzdDALggl4MTg5LnRlc3QwC4IJ +-eDE5MC50ZXN0MAuCCXgxOTEudGVzdDALggl4MTkyLnRlc3QwC4IJeDE5My50ZXN0 +-MAuCCXgxOTQudGVzdDALggl4MTk1LnRlc3QwC4IJeDE5Ni50ZXN0MAuCCXgxOTcu +-dGVzdDALggl4MTk4LnRlc3QwC4IJeDE5OS50ZXN0MAuCCXgyMDAudGVzdDALggl4 +-MjAxLnRlc3QwC4IJeDIwMi50ZXN0MAuCCXgyMDMudGVzdDALggl4MjA0LnRlc3Qw +-C4IJeDIwNS50ZXN0MAuCCXgyMDYudGVzdDALggl4MjA3LnRlc3QwC4IJeDIwOC50 +-ZXN0MAuCCXgyMDkudGVzdDALggl4MjEwLnRlc3QwC4IJeDIxMS50ZXN0MAuCCXgy +-MTIudGVzdDALggl4MjEzLnRlc3QwC4IJeDIxNC50ZXN0MAuCCXgyMTUudGVzdDAL +-ggl4MjE2LnRlc3QwC4IJeDIxNy50ZXN0MAuCCXgyMTgudGVzdDALggl4MjE5LnRl +-c3QwC4IJeDIyMC50ZXN0MAuCCXgyMjEudGVzdDALggl4MjIyLnRlc3QwC4IJeDIy +-My50ZXN0MAuCCXgyMjQudGVzdDALggl4MjI1LnRlc3QwC4IJeDIyNi50ZXN0MAuC +-CXgyMjcudGVzdDALggl4MjI4LnRlc3QwC4IJeDIyOS50ZXN0MAuCCXgyMzAudGVz +-dDALggl4MjMxLnRlc3QwC4IJeDIzMi50ZXN0MAuCCXgyMzMudGVzdDALggl4MjM0 +-LnRlc3QwC4IJeDIzNS50ZXN0MAuCCXgyMzYudGVzdDALggl4MjM3LnRlc3QwC4IJ +-eDIzOC50ZXN0MAuCCXgyMzkudGVzdDALggl4MjQwLnRlc3QwC4IJeDI0MS50ZXN0 +-MAuCCXgyNDIudGVzdDALggl4MjQzLnRlc3QwC4IJeDI0NC50ZXN0MAuCCXgyNDUu +-dGVzdDALggl4MjQ2LnRlc3QwC4IJeDI0Ny50ZXN0MAuCCXgyNDgudGVzdDALggl4 +-MjQ5LnRlc3QwC4IJeDI1MC50ZXN0MAuCCXgyNTEudGVzdDALggl4MjUyLnRlc3Qw +-C4IJeDI1My50ZXN0MAuCCXgyNTQudGVzdDALggl4MjU1LnRlc3QwC4IJeDI1Ni50 +-ZXN0MAuCCXgyNTcudGVzdDALggl4MjU4LnRlc3QwC4IJeDI1OS50ZXN0MAuCCXgy +-NjAudGVzdDALggl4MjYxLnRlc3QwC4IJeDI2Mi50ZXN0MAuCCXgyNjMudGVzdDAL +-ggl4MjY0LnRlc3QwC4IJeDI2NS50ZXN0MAuCCXgyNjYudGVzdDALggl4MjY3LnRl +-c3QwC4IJeDI2OC50ZXN0MAuCCXgyNjkudGVzdDALggl4MjcwLnRlc3QwC4IJeDI3 +-MS50ZXN0MAuCCXgyNzIudGVzdDALggl4MjczLnRlc3QwC4IJeDI3NC50ZXN0MAuC +-CXgyNzUudGVzdDALggl4Mjc2LnRlc3QwC4IJeDI3Ny50ZXN0MAuCCXgyNzgudGVz +-dDALggl4Mjc5LnRlc3QwC4IJeDI4MC50ZXN0MAuCCXgyODEudGVzdDALggl4Mjgy +-LnRlc3QwC4IJeDI4My50ZXN0MAuCCXgyODQudGVzdDALggl4Mjg1LnRlc3QwC4IJ +-eDI4Ni50ZXN0MAuCCXgyODcudGVzdDALggl4Mjg4LnRlc3QwC4IJeDI4OS50ZXN0 +-MAuCCXgyOTAudGVzdDALggl4MjkxLnRlc3QwC4IJeDI5Mi50ZXN0MAuCCXgyOTMu +-dGVzdDALggl4Mjk0LnRlc3QwC4IJeDI5NS50ZXN0MAuCCXgyOTYudGVzdDALggl4 +-Mjk3LnRlc3QwC4IJeDI5OC50ZXN0MAuCCXgyOTkudGVzdDALggl4MzAwLnRlc3Qw +-C4IJeDMwMS50ZXN0MAuCCXgzMDIudGVzdDALggl4MzAzLnRlc3QwC4IJeDMwNC50 +-ZXN0MAuCCXgzMDUudGVzdDALggl4MzA2LnRlc3QwC4IJeDMwNy50ZXN0MAuCCXgz +-MDgudGVzdDALggl4MzA5LnRlc3QwC4IJeDMxMC50ZXN0MAuCCXgzMTEudGVzdDAL +-ggl4MzEyLnRlc3QwC4IJeDMxMy50ZXN0MAuCCXgzMTQudGVzdDALggl4MzE1LnRl +-c3QwC4IJeDMxNi50ZXN0MAuCCXgzMTcudGVzdDALggl4MzE4LnRlc3QwC4IJeDMx +-OS50ZXN0MAuCCXgzMjAudGVzdDALggl4MzIxLnRlc3QwC4IJeDMyMi50ZXN0MAuC +-CXgzMjMudGVzdDALggl4MzI0LnRlc3QwC4IJeDMyNS50ZXN0MAuCCXgzMjYudGVz +-dDALggl4MzI3LnRlc3QwC4IJeDMyOC50ZXN0MAuCCXgzMjkudGVzdDALggl4MzMw +-LnRlc3QwC4IJeDMzMS50ZXN0MAuCCXgzMzIudGVzdDALggl4MzMzLnRlc3QwC4IJ +-eDMzNC50ZXN0MAuCCXgzMzUudGVzdDALggl4MzM2LnRlc3QwC4IJeDMzNy50ZXN0 +-MAuCCXgzMzgudGVzdDALggl4MzM5LnRlc3QwC4IJeDM0MC50ZXN0MAuCCXgzNDEu +-dGVzdDALggl4MzQyLnRlc3QwC4IJeDM0My50ZXN0MAuCCXgzNDQudGVzdDALggl4 +-MzQ1LnRlc3QwC4IJeDM0Ni50ZXN0MAuCCXgzNDcudGVzdDALggl4MzQ4LnRlc3Qw +-C4IJeDM0OS50ZXN0MAuCCXgzNTAudGVzdDALggl4MzUxLnRlc3QwC4IJeDM1Mi50 +-ZXN0MAuCCXgzNTMudGVzdDALggl4MzU0LnRlc3QwC4IJeDM1NS50ZXN0MAuCCXgz +-NTYudGVzdDALggl4MzU3LnRlc3QwC4IJeDM1OC50ZXN0MAuCCXgzNTkudGVzdDAL +-ggl4MzYwLnRlc3QwC4IJeDM2MS50ZXN0MAuCCXgzNjIudGVzdDALggl4MzYzLnRl +-c3QwC4IJeDM2NC50ZXN0MAuCCXgzNjUudGVzdDALggl4MzY2LnRlc3QwC4IJeDM2 +-Ny50ZXN0MAuCCXgzNjgudGVzdDALggl4MzY5LnRlc3QwC4IJeDM3MC50ZXN0MAuC +-CXgzNzEudGVzdDALggl4MzcyLnRlc3QwC4IJeDM3My50ZXN0MAuCCXgzNzQudGVz +-dDALggl4Mzc1LnRlc3QwC4IJeDM3Ni50ZXN0MAuCCXgzNzcudGVzdDALggl4Mzc4 +-LnRlc3QwC4IJeDM3OS50ZXN0MAuCCXgzODAudGVzdDALggl4MzgxLnRlc3QwC4IJ +-eDM4Mi50ZXN0MAuCCXgzODMudGVzdDALggl4Mzg0LnRlc3QwC4IJeDM4NS50ZXN0 +-MAuCCXgzODYudGVzdDALggl4Mzg3LnRlc3QwC4IJeDM4OC50ZXN0MAuCCXgzODku +-dGVzdDALggl4MzkwLnRlc3QwC4IJeDM5MS50ZXN0MAuCCXgzOTIudGVzdDALggl4 +-MzkzLnRlc3QwC4IJeDM5NC50ZXN0MAuCCXgzOTUudGVzdDALggl4Mzk2LnRlc3Qw +-C4IJeDM5Ny50ZXN0MAuCCXgzOTgudGVzdDALggl4Mzk5LnRlc3QwC4IJeDQwMC50 +-ZXN0MAuCCXg0MDEudGVzdDALggl4NDAyLnRlc3QwC4IJeDQwMy50ZXN0MAuCCXg0 +-MDQudGVzdDALggl4NDA1LnRlc3QwC4IJeDQwNi50ZXN0MAuCCXg0MDcudGVzdDAL +-ggl4NDA4LnRlc3QwC4IJeDQwOS50ZXN0MAuCCXg0MTAudGVzdDALggl4NDExLnRl +-c3QwC4IJeDQxMi50ZXN0MAuCCXg0MTMudGVzdDALggl4NDE0LnRlc3QwC4IJeDQx +-NS50ZXN0MAuCCXg0MTYudGVzdDALggl4NDE3LnRlc3QwC4IJeDQxOC50ZXN0MAuC +-CXg0MTkudGVzdDALggl4NDIwLnRlc3QwC4IJeDQyMS50ZXN0MAuCCXg0MjIudGVz +-dDALggl4NDIzLnRlc3QwC4IJeDQyNC50ZXN0MAuCCXg0MjUudGVzdDALggl4NDI2 +-LnRlc3QwC4IJeDQyNy50ZXN0MAuCCXg0MjgudGVzdDALggl4NDI5LnRlc3QwC4IJ +-eDQzMC50ZXN0MAuCCXg0MzEudGVzdDALggl4NDMyLnRlc3QwC4IJeDQzMy50ZXN0 +-MAuCCXg0MzQudGVzdDALggl4NDM1LnRlc3QwC4IJeDQzNi50ZXN0MAuCCXg0Mzcu +-dGVzdDALggl4NDM4LnRlc3QwC4IJeDQzOS50ZXN0MAuCCXg0NDAudGVzdDALggl4 +-NDQxLnRlc3QwC4IJeDQ0Mi50ZXN0MAuCCXg0NDMudGVzdDALggl4NDQ0LnRlc3Qw +-C4IJeDQ0NS50ZXN0MAuCCXg0NDYudGVzdDALggl4NDQ3LnRlc3QwC4IJeDQ0OC50 +-ZXN0MAuCCXg0NDkudGVzdDALggl4NDUwLnRlc3QwC4IJeDQ1MS50ZXN0MAuCCXg0 +-NTIudGVzdDALggl4NDUzLnRlc3QwC4IJeDQ1NC50ZXN0MAuCCXg0NTUudGVzdDAL +-ggl4NDU2LnRlc3QwC4IJeDQ1Ny50ZXN0MAuCCXg0NTgudGVzdDALggl4NDU5LnRl +-c3QwC4IJeDQ2MC50ZXN0MAuCCXg0NjEudGVzdDALggl4NDYyLnRlc3QwC4IJeDQ2 +-My50ZXN0MAuCCXg0NjQudGVzdDALggl4NDY1LnRlc3QwC4IJeDQ2Ni50ZXN0MAuC +-CXg0NjcudGVzdDALggl4NDY4LnRlc3QwC4IJeDQ2OS50ZXN0MAuCCXg0NzAudGVz +-dDALggl4NDcxLnRlc3QwC4IJeDQ3Mi50ZXN0MAuCCXg0NzMudGVzdDALggl4NDc0 +-LnRlc3QwC4IJeDQ3NS50ZXN0MAuCCXg0NzYudGVzdDALggl4NDc3LnRlc3QwC4IJ +-eDQ3OC50ZXN0MAuCCXg0NzkudGVzdDALggl4NDgwLnRlc3QwC4IJeDQ4MS50ZXN0 +-MAuCCXg0ODIudGVzdDALggl4NDgzLnRlc3QwC4IJeDQ4NC50ZXN0MAuCCXg0ODUu +-dGVzdDALggl4NDg2LnRlc3QwC4IJeDQ4Ny50ZXN0MAuCCXg0ODgudGVzdDALggl4 +-NDg5LnRlc3QwC4IJeDQ5MC50ZXN0MAuCCXg0OTEudGVzdDALggl4NDkyLnRlc3Qw +-C4IJeDQ5My50ZXN0MAuCCXg0OTQudGVzdDALggl4NDk1LnRlc3QwC4IJeDQ5Ni50 +-ZXN0MAuCCXg0OTcudGVzdDALggl4NDk4LnRlc3QwC4IJeDQ5OS50ZXN0MAuCCXg1 +-MDAudGVzdDALggl4NTAxLnRlc3QwC4IJeDUwMi50ZXN0MAuCCXg1MDMudGVzdDAL +-ggl4NTA0LnRlc3QwC4IJeDUwNS50ZXN0MAuCCXg1MDYudGVzdDALggl4NTA3LnRl +-c3QwC4IJeDUwOC50ZXN0MAuCCXg1MDkudGVzdDALggl4NTEwLnRlc3QwC4IJeDUx +-MS50ZXN0MAuCCXg1MTIudGVzdDALggl4NTEzLnRlc3QwC4IJeDUxNC50ZXN0MAuC +-CXg1MTUudGVzdDALggl4NTE2LnRlc3QwC4IJeDUxNy50ZXN0MAuCCXg1MTgudGVz +-dDALggl4NTE5LnRlc3QwC4IJeDUyMC50ZXN0MAuCCXg1MjEudGVzdDALggl4NTIy +-LnRlc3QwC4IJeDUyMy50ZXN0MAuCCXg1MjQudGVzdDALggl4NTI1LnRlc3QwC4IJ +-eDUyNi50ZXN0MAuCCXg1MjcudGVzdDALggl4NTI4LnRlc3QwC4IJeDUyOS50ZXN0 +-MAuCCXg1MzAudGVzdDALggl4NTMxLnRlc3QwC4IJeDUzMi50ZXN0MAuCCXg1MzMu +-dGVzdDALggl4NTM0LnRlc3QwC4IJeDUzNS50ZXN0MAuCCXg1MzYudGVzdDALggl4 +-NTM3LnRlc3QwC4IJeDUzOC50ZXN0MAuCCXg1MzkudGVzdDALggl4NTQwLnRlc3Qw +-C4IJeDU0MS50ZXN0MAuCCXg1NDIudGVzdDALggl4NTQzLnRlc3QwC4IJeDU0NC50 +-ZXN0MAuCCXg1NDUudGVzdDALggl4NTQ2LnRlc3QwC4IJeDU0Ny50ZXN0MAuCCXg1 +-NDgudGVzdDALggl4NTQ5LnRlc3QwC4IJeDU1MC50ZXN0MAuCCXg1NTEudGVzdDAL +-ggl4NTUyLnRlc3QwC4IJeDU1My50ZXN0MAuCCXg1NTQudGVzdDALggl4NTU1LnRl +-c3QwC4IJeDU1Ni50ZXN0MAuCCXg1NTcudGVzdDALggl4NTU4LnRlc3QwC4IJeDU1 +-OS50ZXN0MAuCCXg1NjAudGVzdDALggl4NTYxLnRlc3QwC4IJeDU2Mi50ZXN0MAuC +-CXg1NjMudGVzdDALggl4NTY0LnRlc3QwC4IJeDU2NS50ZXN0MAuCCXg1NjYudGVz +-dDALggl4NTY3LnRlc3QwC4IJeDU2OC50ZXN0MAuCCXg1NjkudGVzdDALggl4NTcw +-LnRlc3QwC4IJeDU3MS50ZXN0MAuCCXg1NzIudGVzdDALggl4NTczLnRlc3QwC4IJ +-eDU3NC50ZXN0MAuCCXg1NzUudGVzdDALggl4NTc2LnRlc3QwC4IJeDU3Ny50ZXN0 +-MAuCCXg1NzgudGVzdDALggl4NTc5LnRlc3QwC4IJeDU4MC50ZXN0MAuCCXg1ODEu +-dGVzdDALggl4NTgyLnRlc3QwC4IJeDU4My50ZXN0MAuCCXg1ODQudGVzdDALggl4 +-NTg1LnRlc3QwC4IJeDU4Ni50ZXN0MAuCCXg1ODcudGVzdDALggl4NTg4LnRlc3Qw +-C4IJeDU4OS50ZXN0MAuCCXg1OTAudGVzdDALggl4NTkxLnRlc3QwC4IJeDU5Mi50 +-ZXN0MAuCCXg1OTMudGVzdDALggl4NTk0LnRlc3QwC4IJeDU5NS50ZXN0MAuCCXg1 +-OTYudGVzdDALggl4NTk3LnRlc3QwC4IJeDU5OC50ZXN0MAuCCXg1OTkudGVzdDAL +-ggl4NjAwLnRlc3QwC4IJeDYwMS50ZXN0MAuCCXg2MDIudGVzdDALggl4NjAzLnRl +-c3QwC4IJeDYwNC50ZXN0MAuCCXg2MDUudGVzdDALggl4NjA2LnRlc3QwC4IJeDYw +-Ny50ZXN0MAuCCXg2MDgudGVzdDALggl4NjA5LnRlc3QwC4IJeDYxMC50ZXN0MAuC +-CXg2MTEudGVzdDALggl4NjEyLnRlc3QwC4IJeDYxMy50ZXN0MAuCCXg2MTQudGVz +-dDALggl4NjE1LnRlc3QwC4IJeDYxNi50ZXN0MAuCCXg2MTcudGVzdDALggl4NjE4 +-LnRlc3QwC4IJeDYxOS50ZXN0MAuCCXg2MjAudGVzdDALggl4NjIxLnRlc3QwC4IJ +-eDYyMi50ZXN0MAuCCXg2MjMudGVzdDALggl4NjI0LnRlc3QwC4IJeDYyNS50ZXN0 +-MAuCCXg2MjYudGVzdDALggl4NjI3LnRlc3QwC4IJeDYyOC50ZXN0MAuCCXg2Mjku +-dGVzdDALggl4NjMwLnRlc3QwC4IJeDYzMS50ZXN0MAuCCXg2MzIudGVzdDALggl4 +-NjMzLnRlc3QwC4IJeDYzNC50ZXN0MAuCCXg2MzUudGVzdDALggl4NjM2LnRlc3Qw +-C4IJeDYzNy50ZXN0MAuCCXg2MzgudGVzdDALggl4NjM5LnRlc3QwC4IJeDY0MC50 +-ZXN0MAuCCXg2NDEudGVzdDALggl4NjQyLnRlc3QwC4IJeDY0My50ZXN0MAuCCXg2 +-NDQudGVzdDALggl4NjQ1LnRlc3QwC4IJeDY0Ni50ZXN0MAuCCXg2NDcudGVzdDAL +-ggl4NjQ4LnRlc3QwC4IJeDY0OS50ZXN0MAuCCXg2NTAudGVzdDALggl4NjUxLnRl +-c3QwC4IJeDY1Mi50ZXN0MAuCCXg2NTMudGVzdDALggl4NjU0LnRlc3QwC4IJeDY1 +-NS50ZXN0MAuCCXg2NTYudGVzdDALggl4NjU3LnRlc3QwC4IJeDY1OC50ZXN0MAuC +-CXg2NTkudGVzdDALggl4NjYwLnRlc3QwC4IJeDY2MS50ZXN0MAuCCXg2NjIudGVz +-dDALggl4NjYzLnRlc3QwC4IJeDY2NC50ZXN0MAuCCXg2NjUudGVzdDALggl4NjY2 +-LnRlc3QwC4IJeDY2Ny50ZXN0MAuCCXg2NjgudGVzdDALggl4NjY5LnRlc3QwC4IJ +-eDY3MC50ZXN0MAuCCXg2NzEudGVzdDALggl4NjcyLnRlc3QwC4IJeDY3My50ZXN0 +-MAuCCXg2NzQudGVzdDALggl4Njc1LnRlc3QwC4IJeDY3Ni50ZXN0MAuCCXg2Nzcu +-dGVzdDALggl4Njc4LnRlc3QwC4IJeDY3OS50ZXN0MAuCCXg2ODAudGVzdDALggl4 +-NjgxLnRlc3QwC4IJeDY4Mi50ZXN0MAuCCXg2ODMudGVzdDALggl4Njg0LnRlc3Qw +-C4IJeDY4NS50ZXN0MAuCCXg2ODYudGVzdDALggl4Njg3LnRlc3QwC4IJeDY4OC50 +-ZXN0MAuCCXg2ODkudGVzdDALggl4NjkwLnRlc3QwC4IJeDY5MS50ZXN0MAuCCXg2 +-OTIudGVzdDALggl4NjkzLnRlc3QwC4IJeDY5NC50ZXN0MAuCCXg2OTUudGVzdDAL +-ggl4Njk2LnRlc3QwC4IJeDY5Ny50ZXN0MAuCCXg2OTgudGVzdDALggl4Njk5LnRl +-c3QwC4IJeDcwMC50ZXN0MAuCCXg3MDEudGVzdDALggl4NzAyLnRlc3QwC4IJeDcw +-My50ZXN0MAuCCXg3MDQudGVzdDALggl4NzA1LnRlc3QwC4IJeDcwNi50ZXN0MAuC +-CXg3MDcudGVzdDALggl4NzA4LnRlc3QwC4IJeDcwOS50ZXN0MAuCCXg3MTAudGVz +-dDALggl4NzExLnRlc3QwC4IJeDcxMi50ZXN0MAuCCXg3MTMudGVzdDALggl4NzE0 +-LnRlc3QwC4IJeDcxNS50ZXN0MAuCCXg3MTYudGVzdDALggl4NzE3LnRlc3QwC4IJ +-eDcxOC50ZXN0MAuCCXg3MTkudGVzdDALggl4NzIwLnRlc3QwC4IJeDcyMS50ZXN0 +-MAuCCXg3MjIudGVzdDALggl4NzIzLnRlc3QwC4IJeDcyNC50ZXN0MAuCCXg3MjUu +-dGVzdDALggl4NzI2LnRlc3QwC4IJeDcyNy50ZXN0MAuCCXg3MjgudGVzdDALggl4 +-NzI5LnRlc3QwC4IJeDczMC50ZXN0MAuCCXg3MzEudGVzdDALggl4NzMyLnRlc3Qw +-C4IJeDczMy50ZXN0MAuCCXg3MzQudGVzdDALggl4NzM1LnRlc3QwC4IJeDczNi50 +-ZXN0MAuCCXg3MzcudGVzdDALggl4NzM4LnRlc3QwC4IJeDczOS50ZXN0MAuCCXg3 +-NDAudGVzdDALggl4NzQxLnRlc3QwC4IJeDc0Mi50ZXN0MAuCCXg3NDMudGVzdDAL +-ggl4NzQ0LnRlc3QwC4IJeDc0NS50ZXN0MAuCCXg3NDYudGVzdDALggl4NzQ3LnRl +-c3QwC4IJeDc0OC50ZXN0MAuCCXg3NDkudGVzdDALggl4NzUwLnRlc3QwC4IJeDc1 +-MS50ZXN0MAuCCXg3NTIudGVzdDALggl4NzUzLnRlc3QwC4IJeDc1NC50ZXN0MAuC +-CXg3NTUudGVzdDALggl4NzU2LnRlc3QwC4IJeDc1Ny50ZXN0MAuCCXg3NTgudGVz +-dDALggl4NzU5LnRlc3QwC4IJeDc2MC50ZXN0MAuCCXg3NjEudGVzdDALggl4NzYy +-LnRlc3QwC4IJeDc2My50ZXN0MAuCCXg3NjQudGVzdDALggl4NzY1LnRlc3QwC4IJ +-eDc2Ni50ZXN0MAuCCXg3NjcudGVzdDALggl4NzY4LnRlc3QwC4IJeDc2OS50ZXN0 +-MAuCCXg3NzAudGVzdDALggl4NzcxLnRlc3QwC4IJeDc3Mi50ZXN0MAuCCXg3NzMu +-dGVzdDALggl4Nzc0LnRlc3QwC4IJeDc3NS50ZXN0MAuCCXg3NzYudGVzdDALggl4 +-Nzc3LnRlc3QwC4IJeDc3OC50ZXN0MAuCCXg3NzkudGVzdDALggl4NzgwLnRlc3Qw +-C4IJeDc4MS50ZXN0MAuCCXg3ODIudGVzdDALggl4NzgzLnRlc3QwC4IJeDc4NC50 +-ZXN0MAuCCXg3ODUudGVzdDALggl4Nzg2LnRlc3QwC4IJeDc4Ny50ZXN0MAuCCXg3 +-ODgudGVzdDALggl4Nzg5LnRlc3QwC4IJeDc5MC50ZXN0MAuCCXg3OTEudGVzdDAL +-ggl4NzkyLnRlc3QwC4IJeDc5My50ZXN0MAuCCXg3OTQudGVzdDALggl4Nzk1LnRl +-c3QwC4IJeDc5Ni50ZXN0MAuCCXg3OTcudGVzdDALggl4Nzk4LnRlc3QwC4IJeDc5 +-OS50ZXN0MAuCCXg4MDAudGVzdDALggl4ODAxLnRlc3QwC4IJeDgwMi50ZXN0MAuC +-CXg4MDMudGVzdDALggl4ODA0LnRlc3QwC4IJeDgwNS50ZXN0MAuCCXg4MDYudGVz +-dDALggl4ODA3LnRlc3QwC4IJeDgwOC50ZXN0MAuCCXg4MDkudGVzdDALggl4ODEw +-LnRlc3QwC4IJeDgxMS50ZXN0MAuCCXg4MTIudGVzdDALggl4ODEzLnRlc3QwC4IJ +-eDgxNC50ZXN0MAuCCXg4MTUudGVzdDALggl4ODE2LnRlc3QwC4IJeDgxNy50ZXN0 +-MAuCCXg4MTgudGVzdDALggl4ODE5LnRlc3QwC4IJeDgyMC50ZXN0MAuCCXg4MjEu +-dGVzdDALggl4ODIyLnRlc3QwC4IJeDgyMy50ZXN0MAuCCXg4MjQudGVzdDALggl4 +-ODI1LnRlc3QwC4IJeDgyNi50ZXN0MAuCCXg4MjcudGVzdDALggl4ODI4LnRlc3Qw +-C4IJeDgyOS50ZXN0MAuCCXg4MzAudGVzdDALggl4ODMxLnRlc3QwC4IJeDgzMi50 +-ZXN0MAuCCXg4MzMudGVzdDALggl4ODM0LnRlc3QwC4IJeDgzNS50ZXN0MAuCCXg4 +-MzYudGVzdDALggl4ODM3LnRlc3QwC4IJeDgzOC50ZXN0MAuCCXg4MzkudGVzdDAL +-ggl4ODQwLnRlc3QwC4IJeDg0MS50ZXN0MAuCCXg4NDIudGVzdDALggl4ODQzLnRl +-c3QwC4IJeDg0NC50ZXN0MAuCCXg4NDUudGVzdDALggl4ODQ2LnRlc3QwC4IJeDg0 +-Ny50ZXN0MAuCCXg4NDgudGVzdDALggl4ODQ5LnRlc3QwC4IJeDg1MC50ZXN0MAuC +-CXg4NTEudGVzdDALggl4ODUyLnRlc3QwC4IJeDg1My50ZXN0MAuCCXg4NTQudGVz +-dDALggl4ODU1LnRlc3QwC4IJeDg1Ni50ZXN0MAuCCXg4NTcudGVzdDALggl4ODU4 +-LnRlc3QwC4IJeDg1OS50ZXN0MAuCCXg4NjAudGVzdDALggl4ODYxLnRlc3QwC4IJ +-eDg2Mi50ZXN0MAuCCXg4NjMudGVzdDALggl4ODY0LnRlc3QwC4IJeDg2NS50ZXN0 +-MAuCCXg4NjYudGVzdDALggl4ODY3LnRlc3QwC4IJeDg2OC50ZXN0MAuCCXg4Njku +-dGVzdDALggl4ODcwLnRlc3QwC4IJeDg3MS50ZXN0MAuCCXg4NzIudGVzdDALggl4 +-ODczLnRlc3QwC4IJeDg3NC50ZXN0MAuCCXg4NzUudGVzdDALggl4ODc2LnRlc3Qw +-C4IJeDg3Ny50ZXN0MAuCCXg4NzgudGVzdDALggl4ODc5LnRlc3QwC4IJeDg4MC50 +-ZXN0MAuCCXg4ODEudGVzdDALggl4ODgyLnRlc3QwC4IJeDg4My50ZXN0MAuCCXg4 +-ODQudGVzdDALggl4ODg1LnRlc3QwC4IJeDg4Ni50ZXN0MAuCCXg4ODcudGVzdDAL +-ggl4ODg4LnRlc3QwC4IJeDg4OS50ZXN0MAuCCXg4OTAudGVzdDALggl4ODkxLnRl +-c3QwC4IJeDg5Mi50ZXN0MAuCCXg4OTMudGVzdDALggl4ODk0LnRlc3QwC4IJeDg5 +-NS50ZXN0MAuCCXg4OTYudGVzdDALggl4ODk3LnRlc3QwC4IJeDg5OC50ZXN0MAuC +-CXg4OTkudGVzdDALggl4OTAwLnRlc3QwC4IJeDkwMS50ZXN0MAuCCXg5MDIudGVz +-dDALggl4OTAzLnRlc3QwC4IJeDkwNC50ZXN0MAuCCXg5MDUudGVzdDALggl4OTA2 +-LnRlc3QwC4IJeDkwNy50ZXN0MAuCCXg5MDgudGVzdDALggl4OTA5LnRlc3QwC4IJ +-eDkxMC50ZXN0MAuCCXg5MTEudGVzdDALggl4OTEyLnRlc3QwC4IJeDkxMy50ZXN0 +-MAuCCXg5MTQudGVzdDALggl4OTE1LnRlc3QwC4IJeDkxNi50ZXN0MAuCCXg5MTcu +-dGVzdDALggl4OTE4LnRlc3QwC4IJeDkxOS50ZXN0MAuCCXg5MjAudGVzdDALggl4 +-OTIxLnRlc3QwC4IJeDkyMi50ZXN0MAuCCXg5MjMudGVzdDALggl4OTI0LnRlc3Qw +-C4IJeDkyNS50ZXN0MAuCCXg5MjYudGVzdDALggl4OTI3LnRlc3QwC4IJeDkyOC50 +-ZXN0MAuCCXg5MjkudGVzdDALggl4OTMwLnRlc3QwC4IJeDkzMS50ZXN0MAuCCXg5 +-MzIudGVzdDALggl4OTMzLnRlc3QwC4IJeDkzNC50ZXN0MAuCCXg5MzUudGVzdDAL +-ggl4OTM2LnRlc3QwC4IJeDkzNy50ZXN0MAuCCXg5MzgudGVzdDALggl4OTM5LnRl +-c3QwC4IJeDk0MC50ZXN0MAuCCXg5NDEudGVzdDALggl4OTQyLnRlc3QwC4IJeDk0 +-My50ZXN0MAuCCXg5NDQudGVzdDALggl4OTQ1LnRlc3QwC4IJeDk0Ni50ZXN0MAuC +-CXg5NDcudGVzdDALggl4OTQ4LnRlc3QwC4IJeDk0OS50ZXN0MAuCCXg5NTAudGVz +-dDALggl4OTUxLnRlc3QwC4IJeDk1Mi50ZXN0MAuCCXg5NTMudGVzdDALggl4OTU0 +-LnRlc3QwC4IJeDk1NS50ZXN0MAuCCXg5NTYudGVzdDALggl4OTU3LnRlc3QwC4IJ +-eDk1OC50ZXN0MAuCCXg5NTkudGVzdDALggl4OTYwLnRlc3QwC4IJeDk2MS50ZXN0 +-MAuCCXg5NjIudGVzdDALggl4OTYzLnRlc3QwC4IJeDk2NC50ZXN0MAuCCXg5NjUu +-dGVzdDALggl4OTY2LnRlc3QwC4IJeDk2Ny50ZXN0MAuCCXg5NjgudGVzdDALggl4 +-OTY5LnRlc3QwC4IJeDk3MC50ZXN0MAuCCXg5NzEudGVzdDALggl4OTcyLnRlc3Qw +-C4IJeDk3My50ZXN0MAuCCXg5NzQudGVzdDALggl4OTc1LnRlc3QwC4IJeDk3Ni50 +-ZXN0MAuCCXg5NzcudGVzdDALggl4OTc4LnRlc3QwC4IJeDk3OS50ZXN0MAuCCXg5 +-ODAudGVzdDALggl4OTgxLnRlc3QwC4IJeDk4Mi50ZXN0MAuCCXg5ODMudGVzdDAL +-ggl4OTg0LnRlc3QwC4IJeDk4NS50ZXN0MAuCCXg5ODYudGVzdDALggl4OTg3LnRl +-c3QwC4IJeDk4OC50ZXN0MAuCCXg5ODkudGVzdDALggl4OTkwLnRlc3QwC4IJeDk5 +-MS50ZXN0MAuCCXg5OTIudGVzdDALggl4OTkzLnRlc3QwC4IJeDk5NC50ZXN0MAuC +-CXg5OTUudGVzdDALggl4OTk2LnRlc3QwC4IJeDk5Ny50ZXN0MAuCCXg5OTgudGVz +-dDALggl4OTk5LnRlc3QwDIIKeDEwMDAudGVzdDAMggp4MTAwMS50ZXN0MAyCCngx +-MDAyLnRlc3QwDIIKeDEwMDMudGVzdDAMggp4MTAwNC50ZXN0MAyCCngxMDA1LnRl +-c3QwDIIKeDEwMDYudGVzdDAMggp4MTAwNy50ZXN0MAyCCngxMDA4LnRlc3QwDIIK +-eDEwMDkudGVzdDAMggp4MTAxMC50ZXN0MAyCCngxMDExLnRlc3QwDIIKeDEwMTIu +-dGVzdDAMggp4MTAxMy50ZXN0MAyCCngxMDE0LnRlc3QwDIIKeDEwMTUudGVzdDAM +-ggp4MTAxNi50ZXN0MAyCCngxMDE3LnRlc3QwDIIKeDEwMTgudGVzdDAMggp4MTAx +-OS50ZXN0MAyCCngxMDIwLnRlc3QwDIIKeDEwMjEudGVzdDAMggp4MTAyMi50ZXN0 +-MAyCCngxMDIzLnRlc3QwDIIKeDEwMjQudGVzdDAKhwgLAAAA/////zAKhwgLAAAB +-/////zAKhwgLAAAC/////zAKhwgLAAAD/////zAKhwgLAAAE/////zAKhwgLAAAF +-/////zAKhwgLAAAG/////zAKhwgLAAAH/////zAKhwgLAAAI/////zAKhwgLAAAJ +-/////zAKhwgLAAAK/////zAKhwgLAAAL/////zAKhwgLAAAM/////zAKhwgLAAAN +-/////zAKhwgLAAAO/////zAKhwgLAAAP/////zAKhwgLAAAQ/////zAKhwgLAAAR +-/////zAKhwgLAAAS/////zAKhwgLAAAT/////zAKhwgLAAAU/////zAKhwgLAAAV +-/////zAKhwgLAAAW/////zAKhwgLAAAX/////zAKhwgLAAAY/////zAKhwgLAAAZ +-/////zAKhwgLAAAa/////zAKhwgLAAAb/////zAKhwgLAAAc/////zAKhwgLAAAd +-/////zAKhwgLAAAe/////zAKhwgLAAAf/////zAKhwgLAAAg/////zAKhwgLAAAh +-/////zAKhwgLAAAi/////zAKhwgLAAAj/////zAKhwgLAAAk/////zAKhwgLAAAl +-/////zAKhwgLAAAm/////zAKhwgLAAAn/////zAKhwgLAAAo/////zAKhwgLAAAp +-/////zAKhwgLAAAq/////zAKhwgLAAAr/////zAKhwgLAAAs/////zAKhwgLAAAt +-/////zAKhwgLAAAu/////zAKhwgLAAAv/////zAKhwgLAAAw/////zAKhwgLAAAx +-/////zAKhwgLAAAy/////zAKhwgLAAAz/////zAKhwgLAAA0/////zAKhwgLAAA1 +-/////zAKhwgLAAA2/////zAKhwgLAAA3/////zAKhwgLAAA4/////zAKhwgLAAA5 +-/////zAKhwgLAAA6/////zAKhwgLAAA7/////zAKhwgLAAA8/////zAKhwgLAAA9 +-/////zAKhwgLAAA+/////zAKhwgLAAA//////zAKhwgLAABA/////zAKhwgLAABB +-/////zAKhwgLAABC/////zAKhwgLAABD/////zAKhwgLAABE/////zAKhwgLAABF +-/////zAKhwgLAABG/////zAKhwgLAABH/////zAKhwgLAABI/////zAKhwgLAABJ +-/////zAKhwgLAABK/////zAKhwgLAABL/////zAKhwgLAABM/////zAKhwgLAABN +-/////zAKhwgLAABO/////zAKhwgLAABP/////zAKhwgLAABQ/////zAKhwgLAABR +-/////zAKhwgLAABS/////zAKhwgLAABT/////zAKhwgLAABU/////zAKhwgLAABV +-/////zAKhwgLAABW/////zAKhwgLAABX/////zAKhwgLAABY/////zAKhwgLAABZ +-/////zAKhwgLAABa/////zAKhwgLAABb/////zAKhwgLAABc/////zAKhwgLAABd +-/////zAKhwgLAABe/////zAKhwgLAABf/////zAKhwgLAABg/////zAKhwgLAABh +-/////zAKhwgLAABi/////zAKhwgLAABj/////zAKhwgLAABk/////zAKhwgLAABl +-/////zAKhwgLAABm/////zAKhwgLAABn/////zAKhwgLAABo/////zAKhwgLAABp +-/////zAKhwgLAABq/////zAKhwgLAABr/////zAKhwgLAABs/////zAKhwgLAABt +-/////zAKhwgLAABu/////zAKhwgLAABv/////zAKhwgLAABw/////zAKhwgLAABx +-/////zAKhwgLAABy/////zAKhwgLAABz/////zAKhwgLAAB0/////zAKhwgLAAB1 +-/////zAKhwgLAAB2/////zAKhwgLAAB3/////zAKhwgLAAB4/////zAKhwgLAAB5 +-/////zAKhwgLAAB6/////zAKhwgLAAB7/////zAKhwgLAAB8/////zAKhwgLAAB9 +-/////zAKhwgLAAB+/////zAKhwgLAAB//////zAKhwgLAACA/////zAKhwgLAACB +-/////zAKhwgLAACC/////zAKhwgLAACD/////zAKhwgLAACE/////zAKhwgLAACF +-/////zAKhwgLAACG/////zAKhwgLAACH/////zAKhwgLAACI/////zAKhwgLAACJ +-/////zAKhwgLAACK/////zAKhwgLAACL/////zAKhwgLAACM/////zAKhwgLAACN +-/////zAKhwgLAACO/////zAKhwgLAACP/////zAKhwgLAACQ/////zAKhwgLAACR +-/////zAKhwgLAACS/////zAKhwgLAACT/////zAKhwgLAACU/////zAKhwgLAACV +-/////zAKhwgLAACW/////zAKhwgLAACX/////zAKhwgLAACY/////zAKhwgLAACZ +-/////zAKhwgLAACa/////zAKhwgLAACb/////zAKhwgLAACc/////zAKhwgLAACd +-/////zAKhwgLAACe/////zAKhwgLAACf/////zAKhwgLAACg/////zAKhwgLAACh +-/////zAKhwgLAACi/////zAKhwgLAACj/////zAKhwgLAACk/////zAKhwgLAACl +-/////zAKhwgLAACm/////zAKhwgLAACn/////zAKhwgLAACo/////zAKhwgLAACp +-/////zAKhwgLAACq/////zAKhwgLAACr/////zAKhwgLAACs/////zAKhwgLAACt +-/////zAKhwgLAACu/////zAKhwgLAACv/////zAKhwgLAACw/////zAKhwgLAACx +-/////zAKhwgLAACy/////zAKhwgLAACz/////zAKhwgLAAC0/////zAKhwgLAAC1 +-/////zAKhwgLAAC2/////zAKhwgLAAC3/////zAKhwgLAAC4/////zAKhwgLAAC5 +-/////zAKhwgLAAC6/////zAKhwgLAAC7/////zAKhwgLAAC8/////zAKhwgLAAC9 +-/////zAKhwgLAAC+/////zAKhwgLAAC//////zAKhwgLAADA/////zAKhwgLAADB +-/////zAKhwgLAADC/////zAKhwgLAADD/////zAKhwgLAADE/////zAKhwgLAADF +-/////zAKhwgLAADG/////zAKhwgLAADH/////zAKhwgLAADI/////zAKhwgLAADJ +-/////zAKhwgLAADK/////zAKhwgLAADL/////zAKhwgLAADM/////zAKhwgLAADN +-/////zAKhwgLAADO/////zAKhwgLAADP/////zAKhwgLAADQ/////zAKhwgLAADR +-/////zAKhwgLAADS/////zAKhwgLAADT/////zAKhwgLAADU/////zAKhwgLAADV +-/////zAKhwgLAADW/////zAKhwgLAADX/////zAKhwgLAADY/////zAKhwgLAADZ +-/////zAKhwgLAADa/////zAKhwgLAADb/////zAKhwgLAADc/////zAKhwgLAADd +-/////zAKhwgLAADe/////zAKhwgLAADf/////zAKhwgLAADg/////zAKhwgLAADh +-/////zAKhwgLAADi/////zAKhwgLAADj/////zAKhwgLAADk/////zAKhwgLAADl +-/////zAKhwgLAADm/////zAKhwgLAADn/////zAKhwgLAADo/////zAKhwgLAADp +-/////zAKhwgLAADq/////zAKhwgLAADr/////zAKhwgLAADs/////zAKhwgLAADt +-/////zAKhwgLAADu/////zAKhwgLAADv/////zAKhwgLAADw/////zAKhwgLAADx +-/////zAKhwgLAADy/////zAKhwgLAADz/////zAKhwgLAAD0/////zAKhwgLAAD1 +-/////zAKhwgLAAD2/////zAKhwgLAAD3/////zAKhwgLAAD4/////zAKhwgLAAD5 +-/////zAKhwgLAAD6/////zAKhwgLAAD7/////zAKhwgLAAD8/////zAKhwgLAAD9 +-/////zAKhwgLAAD+/////zAKhwgLAAD//////zAKhwgLAAEA/////zAKhwgLAAEB +-/////zAKhwgLAAEC/////zAKhwgLAAED/////zAKhwgLAAEE/////zAKhwgLAAEF +-/////zAKhwgLAAEG/////zAKhwgLAAEH/////zAKhwgLAAEI/////zAKhwgLAAEJ +-/////zAKhwgLAAEK/////zAKhwgLAAEL/////zAKhwgLAAEM/////zAKhwgLAAEN +-/////zAKhwgLAAEO/////zAKhwgLAAEP/////zAKhwgLAAEQ/////zAKhwgLAAER +-/////zAKhwgLAAES/////zAKhwgLAAET/////zAKhwgLAAEU/////zAKhwgLAAEV +-/////zAKhwgLAAEW/////zAKhwgLAAEX/////zAKhwgLAAEY/////zAKhwgLAAEZ +-/////zAKhwgLAAEa/////zAKhwgLAAEb/////zAKhwgLAAEc/////zAKhwgLAAEd +-/////zAKhwgLAAEe/////zAKhwgLAAEf/////zAKhwgLAAEg/////zAKhwgLAAEh +-/////zAKhwgLAAEi/////zAKhwgLAAEj/////zAKhwgLAAEk/////zAKhwgLAAEl +-/////zAKhwgLAAEm/////zAKhwgLAAEn/////zAKhwgLAAEo/////zAKhwgLAAEp +-/////zAKhwgLAAEq/////zAKhwgLAAEr/////zAKhwgLAAEs/////zAKhwgLAAEt +-/////zAKhwgLAAEu/////zAKhwgLAAEv/////zAKhwgLAAEw/////zAKhwgLAAEx +-/////zAKhwgLAAEy/////zAKhwgLAAEz/////zAKhwgLAAE0/////zAKhwgLAAE1 +-/////zAKhwgLAAE2/////zAKhwgLAAE3/////zAKhwgLAAE4/////zAKhwgLAAE5 +-/////zAKhwgLAAE6/////zAKhwgLAAE7/////zAKhwgLAAE8/////zAKhwgLAAE9 +-/////zAKhwgLAAE+/////zAKhwgLAAE//////zAKhwgLAAFA/////zAKhwgLAAFB +-/////zAKhwgLAAFC/////zAKhwgLAAFD/////zAKhwgLAAFE/////zAKhwgLAAFF +-/////zAKhwgLAAFG/////zAKhwgLAAFH/////zAKhwgLAAFI/////zAKhwgLAAFJ +-/////zAKhwgLAAFK/////zAKhwgLAAFL/////zAKhwgLAAFM/////zAKhwgLAAFN +-/////zAKhwgLAAFO/////zAKhwgLAAFP/////zAKhwgLAAFQ/////zAKhwgLAAFR +-/////zAKhwgLAAFS/////zAKhwgLAAFT/////zAKhwgLAAFU/////zAKhwgLAAFV +-/////zAKhwgLAAFW/////zAKhwgLAAFX/////zAKhwgLAAFY/////zAKhwgLAAFZ +-/////zAKhwgLAAFa/////zAKhwgLAAFb/////zAKhwgLAAFc/////zAKhwgLAAFd +-/////zAKhwgLAAFe/////zAKhwgLAAFf/////zAKhwgLAAFg/////zAKhwgLAAFh +-/////zAKhwgLAAFi/////zAKhwgLAAFj/////zAKhwgLAAFk/////zAKhwgLAAFl +-/////zAKhwgLAAFm/////zAKhwgLAAFn/////zAKhwgLAAFo/////zAKhwgLAAFp +-/////zAKhwgLAAFq/////zAKhwgLAAFr/////zAKhwgLAAFs/////zAKhwgLAAFt +-/////zAKhwgLAAFu/////zAKhwgLAAFv/////zAKhwgLAAFw/////zAKhwgLAAFx +-/////zAKhwgLAAFy/////zAKhwgLAAFz/////zAKhwgLAAF0/////zAKhwgLAAF1 +-/////zAKhwgLAAF2/////zAKhwgLAAF3/////zAKhwgLAAF4/////zAKhwgLAAF5 +-/////zAKhwgLAAF6/////zAKhwgLAAF7/////zAKhwgLAAF8/////zAKhwgLAAF9 +-/////zAKhwgLAAF+/////zAKhwgLAAF//////zAKhwgLAAGA/////zAKhwgLAAGB +-/////zAKhwgLAAGC/////zAKhwgLAAGD/////zAKhwgLAAGE/////zAKhwgLAAGF +-/////zAKhwgLAAGG/////zAKhwgLAAGH/////zAKhwgLAAGI/////zAKhwgLAAGJ +-/////zAKhwgLAAGK/////zAKhwgLAAGL/////zAKhwgLAAGM/////zAKhwgLAAGN +-/////zAKhwgLAAGO/////zAKhwgLAAGP/////zAKhwgLAAGQ/////zAKhwgLAAGR +-/////zAKhwgLAAGS/////zAKhwgLAAGT/////zAKhwgLAAGU/////zAKhwgLAAGV +-/////zAKhwgLAAGW/////zAKhwgLAAGX/////zAKhwgLAAGY/////zAKhwgLAAGZ +-/////zAKhwgLAAGa/////zAKhwgLAAGb/////zAKhwgLAAGc/////zAKhwgLAAGd +-/////zAKhwgLAAGe/////zAKhwgLAAGf/////zAKhwgLAAGg/////zAKhwgLAAGh +-/////zAKhwgLAAGi/////zAKhwgLAAGj/////zAKhwgLAAGk/////zAKhwgLAAGl +-/////zAKhwgLAAGm/////zAKhwgLAAGn/////zAKhwgLAAGo/////zAKhwgLAAGp +-/////zAKhwgLAAGq/////zAKhwgLAAGr/////zAKhwgLAAGs/////zAKhwgLAAGt +-/////zAKhwgLAAGu/////zAKhwgLAAGv/////zAKhwgLAAGw/////zAKhwgLAAGx +-/////zAKhwgLAAGy/////zAKhwgLAAGz/////zAKhwgLAAG0/////zAKhwgLAAG1 +-/////zAKhwgLAAG2/////zAKhwgLAAG3/////zAKhwgLAAG4/////zAKhwgLAAG5 +-/////zAKhwgLAAG6/////zAKhwgLAAG7/////zAKhwgLAAG8/////zAKhwgLAAG9 +-/////zAKhwgLAAG+/////zAKhwgLAAG//////zAKhwgLAAHA/////zAKhwgLAAHB +-/////zAKhwgLAAHC/////zAKhwgLAAHD/////zAKhwgLAAHE/////zAKhwgLAAHF +-/////zAKhwgLAAHG/////zAKhwgLAAHH/////zAKhwgLAAHI/////zAKhwgLAAHJ +-/////zAKhwgLAAHK/////zAKhwgLAAHL/////zAKhwgLAAHM/////zAKhwgLAAHN +-/////zAKhwgLAAHO/////zAKhwgLAAHP/////zAKhwgLAAHQ/////zAKhwgLAAHR +-/////zAKhwgLAAHS/////zAKhwgLAAHT/////zAKhwgLAAHU/////zAKhwgLAAHV +-/////zAKhwgLAAHW/////zAKhwgLAAHX/////zAKhwgLAAHY/////zAKhwgLAAHZ +-/////zAKhwgLAAHa/////zAKhwgLAAHb/////zAKhwgLAAHc/////zAKhwgLAAHd +-/////zAKhwgLAAHe/////zAKhwgLAAHf/////zAKhwgLAAHg/////zAKhwgLAAHh +-/////zAKhwgLAAHi/////zAKhwgLAAHj/////zAKhwgLAAHk/////zAKhwgLAAHl +-/////zAKhwgLAAHm/////zAKhwgLAAHn/////zAKhwgLAAHo/////zAKhwgLAAHp +-/////zAKhwgLAAHq/////zAKhwgLAAHr/////zAKhwgLAAHs/////zAKhwgLAAHt +-/////zAKhwgLAAHu/////zAKhwgLAAHv/////zAKhwgLAAHw/////zAKhwgLAAHx +-/////zAKhwgLAAHy/////zAKhwgLAAHz/////zAKhwgLAAH0/////zAKhwgLAAH1 +-/////zAKhwgLAAH2/////zAKhwgLAAH3/////zAKhwgLAAH4/////zAKhwgLAAH5 +-/////zAKhwgLAAH6/////zAKhwgLAAH7/////zAKhwgLAAH8/////zAKhwgLAAH9 +-/////zAKhwgLAAH+/////zAKhwgLAAH//////zAKhwgLAAIA/////zAKhwgLAAIB +-/////zAKhwgLAAIC/////zAKhwgLAAID/////zAKhwgLAAIE/////zAKhwgLAAIF +-/////zAKhwgLAAIG/////zAKhwgLAAIH/////zAKhwgLAAII/////zAKhwgLAAIJ +-/////zAKhwgLAAIK/////zAKhwgLAAIL/////zAKhwgLAAIM/////zAKhwgLAAIN +-/////zAKhwgLAAIO/////zAKhwgLAAIP/////zAKhwgLAAIQ/////zAKhwgLAAIR +-/////zAKhwgLAAIS/////zAKhwgLAAIT/////zAKhwgLAAIU/////zAKhwgLAAIV +-/////zAKhwgLAAIW/////zAKhwgLAAIX/////zAKhwgLAAIY/////zAKhwgLAAIZ +-/////zAKhwgLAAIa/////zAKhwgLAAIb/////zAKhwgLAAIc/////zAKhwgLAAId +-/////zAKhwgLAAIe/////zAKhwgLAAIf/////zAKhwgLAAIg/////zAKhwgLAAIh +-/////zAKhwgLAAIi/////zAKhwgLAAIj/////zAKhwgLAAIk/////zAKhwgLAAIl +-/////zAKhwgLAAIm/////zAKhwgLAAIn/////zAKhwgLAAIo/////zAKhwgLAAIp +-/////zAKhwgLAAIq/////zAKhwgLAAIr/////zAKhwgLAAIs/////zAKhwgLAAIt +-/////zAKhwgLAAIu/////zAKhwgLAAIv/////zAKhwgLAAIw/////zAKhwgLAAIx +-/////zAKhwgLAAIy/////zAKhwgLAAIz/////zAKhwgLAAI0/////zAKhwgLAAI1 +-/////zAKhwgLAAI2/////zAKhwgLAAI3/////zAKhwgLAAI4/////zAKhwgLAAI5 +-/////zAKhwgLAAI6/////zAKhwgLAAI7/////zAKhwgLAAI8/////zAKhwgLAAI9 +-/////zAKhwgLAAI+/////zAKhwgLAAI//////zAKhwgLAAJA/////zAKhwgLAAJB +-/////zAKhwgLAAJC/////zAKhwgLAAJD/////zAKhwgLAAJE/////zAKhwgLAAJF +-/////zAKhwgLAAJG/////zAKhwgLAAJH/////zAKhwgLAAJI/////zAKhwgLAAJJ +-/////zAKhwgLAAJK/////zAKhwgLAAJL/////zAKhwgLAAJM/////zAKhwgLAAJN +-/////zAKhwgLAAJO/////zAKhwgLAAJP/////zAKhwgLAAJQ/////zAKhwgLAAJR +-/////zAKhwgLAAJS/////zAKhwgLAAJT/////zAKhwgLAAJU/////zAKhwgLAAJV +-/////zAKhwgLAAJW/////zAKhwgLAAJX/////zAKhwgLAAJY/////zAKhwgLAAJZ +-/////zAKhwgLAAJa/////zAKhwgLAAJb/////zAKhwgLAAJc/////zAKhwgLAAJd +-/////zAKhwgLAAJe/////zAKhwgLAAJf/////zAKhwgLAAJg/////zAKhwgLAAJh +-/////zAKhwgLAAJi/////zAKhwgLAAJj/////zAKhwgLAAJk/////zAKhwgLAAJl +-/////zAKhwgLAAJm/////zAKhwgLAAJn/////zAKhwgLAAJo/////zAKhwgLAAJp +-/////zAKhwgLAAJq/////zAKhwgLAAJr/////zAKhwgLAAJs/////zAKhwgLAAJt +-/////zAKhwgLAAJu/////zAKhwgLAAJv/////zAKhwgLAAJw/////zAKhwgLAAJx +-/////zAKhwgLAAJy/////zAKhwgLAAJz/////zAKhwgLAAJ0/////zAKhwgLAAJ1 +-/////zAKhwgLAAJ2/////zAKhwgLAAJ3/////zAKhwgLAAJ4/////zAKhwgLAAJ5 +-/////zAKhwgLAAJ6/////zAKhwgLAAJ7/////zAKhwgLAAJ8/////zAKhwgLAAJ9 +-/////zAKhwgLAAJ+/////zAKhwgLAAJ//////zAKhwgLAAKA/////zAKhwgLAAKB +-/////zAKhwgLAAKC/////zAKhwgLAAKD/////zAKhwgLAAKE/////zAKhwgLAAKF +-/////zAKhwgLAAKG/////zAKhwgLAAKH/////zAKhwgLAAKI/////zAKhwgLAAKJ +-/////zAKhwgLAAKK/////zAKhwgLAAKL/////zAKhwgLAAKM/////zAKhwgLAAKN +-/////zAKhwgLAAKO/////zAKhwgLAAKP/////zAKhwgLAAKQ/////zAKhwgLAAKR +-/////zAKhwgLAAKS/////zAKhwgLAAKT/////zAKhwgLAAKU/////zAKhwgLAAKV +-/////zAKhwgLAAKW/////zAKhwgLAAKX/////zAKhwgLAAKY/////zAKhwgLAAKZ +-/////zAKhwgLAAKa/////zAKhwgLAAKb/////zAKhwgLAAKc/////zAKhwgLAAKd +-/////zAKhwgLAAKe/////zAKhwgLAAKf/////zAKhwgLAAKg/////zAKhwgLAAKh +-/////zAKhwgLAAKi/////zAKhwgLAAKj/////zAKhwgLAAKk/////zAKhwgLAAKl +-/////zAKhwgLAAKm/////zAKhwgLAAKn/////zAKhwgLAAKo/////zAKhwgLAAKp +-/////zAKhwgLAAKq/////zAKhwgLAAKr/////zAKhwgLAAKs/////zAKhwgLAAKt +-/////zAKhwgLAAKu/////zAKhwgLAAKv/////zAKhwgLAAKw/////zAKhwgLAAKx +-/////zAKhwgLAAKy/////zAKhwgLAAKz/////zAKhwgLAAK0/////zAKhwgLAAK1 +-/////zAKhwgLAAK2/////zAKhwgLAAK3/////zAKhwgLAAK4/////zAKhwgLAAK5 +-/////zAKhwgLAAK6/////zAKhwgLAAK7/////zAKhwgLAAK8/////zAKhwgLAAK9 +-/////zAKhwgLAAK+/////zAKhwgLAAK//////zAKhwgLAALA/////zAKhwgLAALB +-/////zAKhwgLAALC/////zAKhwgLAALD/////zAKhwgLAALE/////zAKhwgLAALF +-/////zAKhwgLAALG/////zAKhwgLAALH/////zAKhwgLAALI/////zAKhwgLAALJ +-/////zAKhwgLAALK/////zAKhwgLAALL/////zAKhwgLAALM/////zAKhwgLAALN +-/////zAKhwgLAALO/////zAKhwgLAALP/////zAKhwgLAALQ/////zAKhwgLAALR +-/////zAKhwgLAALS/////zAKhwgLAALT/////zAKhwgLAALU/////zAKhwgLAALV +-/////zAKhwgLAALW/////zAKhwgLAALX/////zAKhwgLAALY/////zAKhwgLAALZ +-/////zAKhwgLAALa/////zAKhwgLAALb/////zAKhwgLAALc/////zAKhwgLAALd +-/////zAKhwgLAALe/////zAKhwgLAALf/////zAKhwgLAALg/////zAKhwgLAALh +-/////zAKhwgLAALi/////zAKhwgLAALj/////zAKhwgLAALk/////zAKhwgLAALl +-/////zAKhwgLAALm/////zAKhwgLAALn/////zAKhwgLAALo/////zAKhwgLAALp +-/////zAKhwgLAALq/////zAKhwgLAALr/////zAKhwgLAALs/////zAKhwgLAALt +-/////zAKhwgLAALu/////zAKhwgLAALv/////zAKhwgLAALw/////zAKhwgLAALx +-/////zAKhwgLAALy/////zAKhwgLAALz/////zAKhwgLAAL0/////zAKhwgLAAL1 +-/////zAKhwgLAAL2/////zAKhwgLAAL3/////zAKhwgLAAL4/////zAKhwgLAAL5 +-/////zAKhwgLAAL6/////zAKhwgLAAL7/////zAKhwgLAAL8/////zAKhwgLAAL9 +-/////zAKhwgLAAL+/////zAKhwgLAAL//////zAKhwgLAAMA/////zAKhwgLAAMB +-/////zAKhwgLAAMC/////zAKhwgLAAMD/////zAKhwgLAAME/////zAKhwgLAAMF +-/////zAKhwgLAAMG/////zAKhwgLAAMH/////zAKhwgLAAMI/////zAKhwgLAAMJ +-/////zAKhwgLAAMK/////zAKhwgLAAML/////zAKhwgLAAMM/////zAKhwgLAAMN +-/////zAKhwgLAAMO/////zAKhwgLAAMP/////zAKhwgLAAMQ/////zAKhwgLAAMR +-/////zAKhwgLAAMS/////zAKhwgLAAMT/////zAKhwgLAAMU/////zAKhwgLAAMV +-/////zAKhwgLAAMW/////zAKhwgLAAMX/////zAKhwgLAAMY/////zAKhwgLAAMZ +-/////zAKhwgLAAMa/////zAKhwgLAAMb/////zAKhwgLAAMc/////zAKhwgLAAMd +-/////zAKhwgLAAMe/////zAKhwgLAAMf/////zAKhwgLAAMg/////zAKhwgLAAMh +-/////zAKhwgLAAMi/////zAKhwgLAAMj/////zAKhwgLAAMk/////zAKhwgLAAMl +-/////zAKhwgLAAMm/////zAKhwgLAAMn/////zAKhwgLAAMo/////zAKhwgLAAMp +-/////zAKhwgLAAMq/////zAKhwgLAAMr/////zAKhwgLAAMs/////zAKhwgLAAMt +-/////zAKhwgLAAMu/////zAKhwgLAAMv/////zAKhwgLAAMw/////zAKhwgLAAMx +-/////zAKhwgLAAMy/////zAKhwgLAAMz/////zAKhwgLAAM0/////zAKhwgLAAM1 +-/////zAKhwgLAAM2/////zAKhwgLAAM3/////zAKhwgLAAM4/////zAKhwgLAAM5 +-/////zAKhwgLAAM6/////zAKhwgLAAM7/////zAKhwgLAAM8/////zAKhwgLAAM9 +-/////zAKhwgLAAM+/////zAKhwgLAAM//////zAKhwgLAANA/////zAKhwgLAANB +-/////zAKhwgLAANC/////zAKhwgLAAND/////zAKhwgLAANE/////zAKhwgLAANF +-/////zAKhwgLAANG/////zAKhwgLAANH/////zAKhwgLAANI/////zAKhwgLAANJ +-/////zAKhwgLAANK/////zAKhwgLAANL/////zAKhwgLAANM/////zAKhwgLAANN +-/////zAKhwgLAANO/////zAKhwgLAANP/////zAKhwgLAANQ/////zAKhwgLAANR +-/////zAKhwgLAANS/////zAKhwgLAANT/////zAKhwgLAANU/////zAKhwgLAANV +-/////zAKhwgLAANW/////zAKhwgLAANX/////zAKhwgLAANY/////zAKhwgLAANZ +-/////zAKhwgLAANa/////zAKhwgLAANb/////zAKhwgLAANc/////zAKhwgLAANd +-/////zAKhwgLAANe/////zAKhwgLAANf/////zAKhwgLAANg/////zAKhwgLAANh +-/////zAKhwgLAANi/////zAKhwgLAANj/////zAKhwgLAANk/////zAKhwgLAANl +-/////zAKhwgLAANm/////zAKhwgLAANn/////zAKhwgLAANo/////zAKhwgLAANp +-/////zAKhwgLAANq/////zAKhwgLAANr/////zAKhwgLAANs/////zAKhwgLAANt +-/////zAKhwgLAANu/////zAKhwgLAANv/////zAKhwgLAANw/////zAKhwgLAANx +-/////zAKhwgLAANy/////zAKhwgLAANz/////zAKhwgLAAN0/////zAKhwgLAAN1 +-/////zAKhwgLAAN2/////zAKhwgLAAN3/////zAKhwgLAAN4/////zAKhwgLAAN5 +-/////zAKhwgLAAN6/////zAKhwgLAAN7/////zAKhwgLAAN8/////zAKhwgLAAN9 +-/////zAKhwgLAAN+/////zAKhwgLAAN//////zAKhwgLAAOA/////zAKhwgLAAOB +-/////zAKhwgLAAOC/////zAKhwgLAAOD/////zAKhwgLAAOE/////zAKhwgLAAOF +-/////zAKhwgLAAOG/////zAKhwgLAAOH/////zAKhwgLAAOI/////zAKhwgLAAOJ +-/////zAKhwgLAAOK/////zAKhwgLAAOL/////zAKhwgLAAOM/////zAKhwgLAAON +-/////zAKhwgLAAOO/////zAKhwgLAAOP/////zAKhwgLAAOQ/////zAKhwgLAAOR +-/////zAKhwgLAAOS/////zAKhwgLAAOT/////zAKhwgLAAOU/////zAKhwgLAAOV +-/////zAKhwgLAAOW/////zAKhwgLAAOX/////zAKhwgLAAOY/////zAKhwgLAAOZ +-/////zAKhwgLAAOa/////zAKhwgLAAOb/////zAKhwgLAAOc/////zAKhwgLAAOd +-/////zAKhwgLAAOe/////zAKhwgLAAOf/////zAKhwgLAAOg/////zAKhwgLAAOh +-/////zAKhwgLAAOi/////zAKhwgLAAOj/////zAKhwgLAAOk/////zAKhwgLAAOl +-/////zAKhwgLAAOm/////zAKhwgLAAOn/////zAKhwgLAAOo/////zAKhwgLAAOp +-/////zAKhwgLAAOq/////zAKhwgLAAOr/////zAKhwgLAAOs/////zAKhwgLAAOt +-/////zAKhwgLAAOu/////zAKhwgLAAOv/////zAKhwgLAAOw/////zAKhwgLAAOx +-/////zAKhwgLAAOy/////zAKhwgLAAOz/////zAKhwgLAAO0/////zAKhwgLAAO1 +-/////zAKhwgLAAO2/////zAKhwgLAAO3/////zAKhwgLAAO4/////zAKhwgLAAO5 +-/////zAKhwgLAAO6/////zAKhwgLAAO7/////zAKhwgLAAO8/////zAKhwgLAAO9 +-/////zAKhwgLAAO+/////zAKhwgLAAO//////zAKhwgLAAPA/////zAKhwgLAAPB +-/////zAKhwgLAAPC/////zAKhwgLAAPD/////zAKhwgLAAPE/////zAKhwgLAAPF +-/////zAKhwgLAAPG/////zAKhwgLAAPH/////zAKhwgLAAPI/////zAKhwgLAAPJ +-/////zAKhwgLAAPK/////zAKhwgLAAPL/////zAKhwgLAAPM/////zAKhwgLAAPN +-/////zAKhwgLAAPO/////zAKhwgLAAPP/////zAKhwgLAAPQ/////zAKhwgLAAPR +-/////zAKhwgLAAPS/////zAKhwgLAAPT/////zAKhwgLAAPU/////zAKhwgLAAPV +-/////zAKhwgLAAPW/////zAKhwgLAAPX/////zAKhwgLAAPY/////zAKhwgLAAPZ +-/////zAKhwgLAAPa/////zAKhwgLAAPb/////zAKhwgLAAPc/////zAKhwgLAAPd +-/////zAKhwgLAAPe/////zAKhwgLAAPf/////zAKhwgLAAPg/////zAKhwgLAAPh +-/////zAKhwgLAAPi/////zAKhwgLAAPj/////zAKhwgLAAPk/////zAKhwgLAAPl +-/////zAKhwgLAAPm/////zAKhwgLAAPn/////zAKhwgLAAPo/////zAKhwgLAAPp +-/////zAKhwgLAAPq/////zAKhwgLAAPr/////zAKhwgLAAPs/////zAKhwgLAAPt +-/////zAKhwgLAAPu/////zAKhwgLAAPv/////zAKhwgLAAPw/////zAKhwgLAAPx +-/////zAKhwgLAAPy/////zAKhwgLAAPz/////zAKhwgLAAP0/////zAKhwgLAAP1 +-/////zAKhwgLAAP2/////zAKhwgLAAP3/////zAKhwgLAAP4/////zAKhwgLAAP5 +-/////zAKhwgLAAP6/////zAKhwgLAAP7/////zAKhwgLAAP8/////zAKhwgLAAP9 +-/////zAKhwgLAAP+/////zAKhwgLAAP//////zAKhwgLAAQA/////zAPhg1odHRw +-Oi8veGVzdC8wMA+GDWh0dHA6Ly94ZXN0LzEwD4YNaHR0cDovL3hlc3QvMjAPhg1o +-dHRwOi8veGVzdC8zMA+GDWh0dHA6Ly94ZXN0LzQwD4YNaHR0cDovL3hlc3QvNTAP +-hg1odHRwOi8veGVzdC82MA+GDWh0dHA6Ly94ZXN0LzcwD4YNaHR0cDovL3hlc3Qv +-ODAPhg1odHRwOi8veGVzdC85MBCGDmh0dHA6Ly94ZXN0LzEwMBCGDmh0dHA6Ly94 +-ZXN0LzExMBCGDmh0dHA6Ly94ZXN0LzEyMBCGDmh0dHA6Ly94ZXN0LzEzMBCGDmh0 +-dHA6Ly94ZXN0LzE0MBCGDmh0dHA6Ly94ZXN0LzE1MBCGDmh0dHA6Ly94ZXN0LzE2 +-MBCGDmh0dHA6Ly94ZXN0LzE3MBCGDmh0dHA6Ly94ZXN0LzE4MBCGDmh0dHA6Ly94 +-ZXN0LzE5MBCGDmh0dHA6Ly94ZXN0LzIwMBCGDmh0dHA6Ly94ZXN0LzIxMBCGDmh0 +-dHA6Ly94ZXN0LzIyMBCGDmh0dHA6Ly94ZXN0LzIzMBCGDmh0dHA6Ly94ZXN0LzI0 +-MBCGDmh0dHA6Ly94ZXN0LzI1MBCGDmh0dHA6Ly94ZXN0LzI2MBCGDmh0dHA6Ly94 +-ZXN0LzI3MBCGDmh0dHA6Ly94ZXN0LzI4MBCGDmh0dHA6Ly94ZXN0LzI5MBCGDmh0 +-dHA6Ly94ZXN0LzMwMBCGDmh0dHA6Ly94ZXN0LzMxMBCGDmh0dHA6Ly94ZXN0LzMy +-MBCGDmh0dHA6Ly94ZXN0LzMzMBCGDmh0dHA6Ly94ZXN0LzM0MBCGDmh0dHA6Ly94 +-ZXN0LzM1MBCGDmh0dHA6Ly94ZXN0LzM2MBCGDmh0dHA6Ly94ZXN0LzM3MBCGDmh0 +-dHA6Ly94ZXN0LzM4MBCGDmh0dHA6Ly94ZXN0LzM5MBCGDmh0dHA6Ly94ZXN0LzQw +-MBCGDmh0dHA6Ly94ZXN0LzQxMBCGDmh0dHA6Ly94ZXN0LzQyMBCGDmh0dHA6Ly94 +-ZXN0LzQzMBCGDmh0dHA6Ly94ZXN0LzQ0MBCGDmh0dHA6Ly94ZXN0LzQ1MBCGDmh0 +-dHA6Ly94ZXN0LzQ2MBCGDmh0dHA6Ly94ZXN0LzQ3MBCGDmh0dHA6Ly94ZXN0LzQ4 +-MBCGDmh0dHA6Ly94ZXN0LzQ5MBCGDmh0dHA6Ly94ZXN0LzUwMBCGDmh0dHA6Ly94 +-ZXN0LzUxMBCGDmh0dHA6Ly94ZXN0LzUyMBCGDmh0dHA6Ly94ZXN0LzUzMBCGDmh0 +-dHA6Ly94ZXN0LzU0MBCGDmh0dHA6Ly94ZXN0LzU1MBCGDmh0dHA6Ly94ZXN0LzU2 +-MBCGDmh0dHA6Ly94ZXN0LzU3MBCGDmh0dHA6Ly94ZXN0LzU4MBCGDmh0dHA6Ly94 +-ZXN0LzU5MBCGDmh0dHA6Ly94ZXN0LzYwMBCGDmh0dHA6Ly94ZXN0LzYxMBCGDmh0 +-dHA6Ly94ZXN0LzYyMBCGDmh0dHA6Ly94ZXN0LzYzMBCGDmh0dHA6Ly94ZXN0LzY0 +-MBCGDmh0dHA6Ly94ZXN0LzY1MBCGDmh0dHA6Ly94ZXN0LzY2MBCGDmh0dHA6Ly94 +-ZXN0LzY3MBCGDmh0dHA6Ly94ZXN0LzY4MBCGDmh0dHA6Ly94ZXN0LzY5MBCGDmh0 +-dHA6Ly94ZXN0LzcwMBCGDmh0dHA6Ly94ZXN0LzcxMBCGDmh0dHA6Ly94ZXN0Lzcy +-MBCGDmh0dHA6Ly94ZXN0LzczMBCGDmh0dHA6Ly94ZXN0Lzc0MBCGDmh0dHA6Ly94 +-ZXN0Lzc1MBCGDmh0dHA6Ly94ZXN0Lzc2MBCGDmh0dHA6Ly94ZXN0Lzc3MBCGDmh0 +-dHA6Ly94ZXN0Lzc4MBCGDmh0dHA6Ly94ZXN0Lzc5MBCGDmh0dHA6Ly94ZXN0Lzgw +-MBCGDmh0dHA6Ly94ZXN0LzgxMBCGDmh0dHA6Ly94ZXN0LzgyMBCGDmh0dHA6Ly94 +-ZXN0LzgzMBCGDmh0dHA6Ly94ZXN0Lzg0MBCGDmh0dHA6Ly94ZXN0Lzg1MBCGDmh0 +-dHA6Ly94ZXN0Lzg2MBCGDmh0dHA6Ly94ZXN0Lzg3MBCGDmh0dHA6Ly94ZXN0Lzg4 +-MBCGDmh0dHA6Ly94ZXN0Lzg5MBCGDmh0dHA6Ly94ZXN0LzkwMBCGDmh0dHA6Ly94 +-ZXN0LzkxMBCGDmh0dHA6Ly94ZXN0LzkyMBCGDmh0dHA6Ly94ZXN0LzkzMBCGDmh0 +-dHA6Ly94ZXN0Lzk0MBCGDmh0dHA6Ly94ZXN0Lzk1MBCGDmh0dHA6Ly94ZXN0Lzk2 +-MBCGDmh0dHA6Ly94ZXN0Lzk3MBCGDmh0dHA6Ly94ZXN0Lzk4MBCGDmh0dHA6Ly94 +-ZXN0Lzk5MBGGD2h0dHA6Ly94ZXN0LzEwMDARhg9odHRwOi8veGVzdC8xMDEwEYYP +-aHR0cDovL3hlc3QvMTAyMBGGD2h0dHA6Ly94ZXN0LzEwMzARhg9odHRwOi8veGVz +-dC8xMDQwEYYPaHR0cDovL3hlc3QvMTA1MBGGD2h0dHA6Ly94ZXN0LzEwNjARhg9o +-dHRwOi8veGVzdC8xMDcwEYYPaHR0cDovL3hlc3QvMTA4MBGGD2h0dHA6Ly94ZXN0 +-LzEwOTARhg9odHRwOi8veGVzdC8xMTAwEYYPaHR0cDovL3hlc3QvMTExMBGGD2h0 +-dHA6Ly94ZXN0LzExMjARhg9odHRwOi8veGVzdC8xMTMwEYYPaHR0cDovL3hlc3Qv +-MTE0MBGGD2h0dHA6Ly94ZXN0LzExNTARhg9odHRwOi8veGVzdC8xMTYwEYYPaHR0 +-cDovL3hlc3QvMTE3MBGGD2h0dHA6Ly94ZXN0LzExODARhg9odHRwOi8veGVzdC8x +-MTkwEYYPaHR0cDovL3hlc3QvMTIwMBGGD2h0dHA6Ly94ZXN0LzEyMTARhg9odHRw +-Oi8veGVzdC8xMjIwEYYPaHR0cDovL3hlc3QvMTIzMBGGD2h0dHA6Ly94ZXN0LzEy +-NDARhg9odHRwOi8veGVzdC8xMjUwEYYPaHR0cDovL3hlc3QvMTI2MBGGD2h0dHA6 +-Ly94ZXN0LzEyNzARhg9odHRwOi8veGVzdC8xMjgwEYYPaHR0cDovL3hlc3QvMTI5 +-MBGGD2h0dHA6Ly94ZXN0LzEzMDARhg9odHRwOi8veGVzdC8xMzEwEYYPaHR0cDov +-L3hlc3QvMTMyMBGGD2h0dHA6Ly94ZXN0LzEzMzARhg9odHRwOi8veGVzdC8xMzQw +-EYYPaHR0cDovL3hlc3QvMTM1MBGGD2h0dHA6Ly94ZXN0LzEzNjARhg9odHRwOi8v +-eGVzdC8xMzcwEYYPaHR0cDovL3hlc3QvMTM4MBGGD2h0dHA6Ly94ZXN0LzEzOTAR +-hg9odHRwOi8veGVzdC8xNDAwEYYPaHR0cDovL3hlc3QvMTQxMBGGD2h0dHA6Ly94 +-ZXN0LzE0MjARhg9odHRwOi8veGVzdC8xNDMwEYYPaHR0cDovL3hlc3QvMTQ0MBGG +-D2h0dHA6Ly94ZXN0LzE0NTARhg9odHRwOi8veGVzdC8xNDYwEYYPaHR0cDovL3hl +-c3QvMTQ3MBGGD2h0dHA6Ly94ZXN0LzE0ODARhg9odHRwOi8veGVzdC8xNDkwEYYP +-aHR0cDovL3hlc3QvMTUwMBGGD2h0dHA6Ly94ZXN0LzE1MTARhg9odHRwOi8veGVz +-dC8xNTIwEYYPaHR0cDovL3hlc3QvMTUzMBGGD2h0dHA6Ly94ZXN0LzE1NDARhg9o +-dHRwOi8veGVzdC8xNTUwEYYPaHR0cDovL3hlc3QvMTU2MBGGD2h0dHA6Ly94ZXN0 +-LzE1NzARhg9odHRwOi8veGVzdC8xNTgwEYYPaHR0cDovL3hlc3QvMTU5MBGGD2h0 +-dHA6Ly94ZXN0LzE2MDARhg9odHRwOi8veGVzdC8xNjEwEYYPaHR0cDovL3hlc3Qv +-MTYyMBGGD2h0dHA6Ly94ZXN0LzE2MzARhg9odHRwOi8veGVzdC8xNjQwEYYPaHR0 +-cDovL3hlc3QvMTY1MBGGD2h0dHA6Ly94ZXN0LzE2NjARhg9odHRwOi8veGVzdC8x +-NjcwEYYPaHR0cDovL3hlc3QvMTY4MBGGD2h0dHA6Ly94ZXN0LzE2OTARhg9odHRw +-Oi8veGVzdC8xNzAwEYYPaHR0cDovL3hlc3QvMTcxMBGGD2h0dHA6Ly94ZXN0LzE3 +-MjARhg9odHRwOi8veGVzdC8xNzMwEYYPaHR0cDovL3hlc3QvMTc0MBGGD2h0dHA6 +-Ly94ZXN0LzE3NTARhg9odHRwOi8veGVzdC8xNzYwEYYPaHR0cDovL3hlc3QvMTc3 +-MBGGD2h0dHA6Ly94ZXN0LzE3ODARhg9odHRwOi8veGVzdC8xNzkwEYYPaHR0cDov +-L3hlc3QvMTgwMBGGD2h0dHA6Ly94ZXN0LzE4MTARhg9odHRwOi8veGVzdC8xODIw +-EYYPaHR0cDovL3hlc3QvMTgzMBGGD2h0dHA6Ly94ZXN0LzE4NDARhg9odHRwOi8v +-eGVzdC8xODUwEYYPaHR0cDovL3hlc3QvMTg2MBGGD2h0dHA6Ly94ZXN0LzE4NzAR +-hg9odHRwOi8veGVzdC8xODgwEYYPaHR0cDovL3hlc3QvMTg5MBGGD2h0dHA6Ly94 +-ZXN0LzE5MDARhg9odHRwOi8veGVzdC8xOTEwEYYPaHR0cDovL3hlc3QvMTkyMBGG +-D2h0dHA6Ly94ZXN0LzE5MzARhg9odHRwOi8veGVzdC8xOTQwEYYPaHR0cDovL3hl +-c3QvMTk1MBGGD2h0dHA6Ly94ZXN0LzE5NjARhg9odHRwOi8veGVzdC8xOTcwEYYP +-aHR0cDovL3hlc3QvMTk4MBGGD2h0dHA6Ly94ZXN0LzE5OTARhg9odHRwOi8veGVz +-dC8yMDAwEYYPaHR0cDovL3hlc3QvMjAxMBGGD2h0dHA6Ly94ZXN0LzIwMjARhg9o +-dHRwOi8veGVzdC8yMDMwEYYPaHR0cDovL3hlc3QvMjA0MBGGD2h0dHA6Ly94ZXN0 +-LzIwNTARhg9odHRwOi8veGVzdC8yMDYwEYYPaHR0cDovL3hlc3QvMjA3MBGGD2h0 +-dHA6Ly94ZXN0LzIwODARhg9odHRwOi8veGVzdC8yMDkwEYYPaHR0cDovL3hlc3Qv +-MjEwMBGGD2h0dHA6Ly94ZXN0LzIxMTARhg9odHRwOi8veGVzdC8yMTIwEYYPaHR0 +-cDovL3hlc3QvMjEzMBGGD2h0dHA6Ly94ZXN0LzIxNDARhg9odHRwOi8veGVzdC8y +-MTUwEYYPaHR0cDovL3hlc3QvMjE2MBGGD2h0dHA6Ly94ZXN0LzIxNzARhg9odHRw +-Oi8veGVzdC8yMTgwEYYPaHR0cDovL3hlc3QvMjE5MBGGD2h0dHA6Ly94ZXN0LzIy +-MDARhg9odHRwOi8veGVzdC8yMjEwEYYPaHR0cDovL3hlc3QvMjIyMBGGD2h0dHA6 +-Ly94ZXN0LzIyMzARhg9odHRwOi8veGVzdC8yMjQwEYYPaHR0cDovL3hlc3QvMjI1 +-MBGGD2h0dHA6Ly94ZXN0LzIyNjARhg9odHRwOi8veGVzdC8yMjcwEYYPaHR0cDov +-L3hlc3QvMjI4MBGGD2h0dHA6Ly94ZXN0LzIyOTARhg9odHRwOi8veGVzdC8yMzAw +-EYYPaHR0cDovL3hlc3QvMjMxMBGGD2h0dHA6Ly94ZXN0LzIzMjARhg9odHRwOi8v +-eGVzdC8yMzMwEYYPaHR0cDovL3hlc3QvMjM0MBGGD2h0dHA6Ly94ZXN0LzIzNTAR +-hg9odHRwOi8veGVzdC8yMzYwEYYPaHR0cDovL3hlc3QvMjM3MBGGD2h0dHA6Ly94 +-ZXN0LzIzODARhg9odHRwOi8veGVzdC8yMzkwEYYPaHR0cDovL3hlc3QvMjQwMBGG +-D2h0dHA6Ly94ZXN0LzI0MTARhg9odHRwOi8veGVzdC8yNDIwEYYPaHR0cDovL3hl +-c3QvMjQzMBGGD2h0dHA6Ly94ZXN0LzI0NDARhg9odHRwOi8veGVzdC8yNDUwEYYP +-aHR0cDovL3hlc3QvMjQ2MBGGD2h0dHA6Ly94ZXN0LzI0NzARhg9odHRwOi8veGVz +-dC8yNDgwEYYPaHR0cDovL3hlc3QvMjQ5MBGGD2h0dHA6Ly94ZXN0LzI1MDARhg9o +-dHRwOi8veGVzdC8yNTEwEYYPaHR0cDovL3hlc3QvMjUyMBGGD2h0dHA6Ly94ZXN0 +-LzI1MzARhg9odHRwOi8veGVzdC8yNTQwEYYPaHR0cDovL3hlc3QvMjU1MBGGD2h0 +-dHA6Ly94ZXN0LzI1NjARhg9odHRwOi8veGVzdC8yNTcwEYYPaHR0cDovL3hlc3Qv +-MjU4MBGGD2h0dHA6Ly94ZXN0LzI1OTARhg9odHRwOi8veGVzdC8yNjAwEYYPaHR0 +-cDovL3hlc3QvMjYxMBGGD2h0dHA6Ly94ZXN0LzI2MjARhg9odHRwOi8veGVzdC8y +-NjMwEYYPaHR0cDovL3hlc3QvMjY0MBGGD2h0dHA6Ly94ZXN0LzI2NTARhg9odHRw +-Oi8veGVzdC8yNjYwEYYPaHR0cDovL3hlc3QvMjY3MBGGD2h0dHA6Ly94ZXN0LzI2 +-ODARhg9odHRwOi8veGVzdC8yNjkwEYYPaHR0cDovL3hlc3QvMjcwMBGGD2h0dHA6 +-Ly94ZXN0LzI3MTARhg9odHRwOi8veGVzdC8yNzIwEYYPaHR0cDovL3hlc3QvMjcz +-MBGGD2h0dHA6Ly94ZXN0LzI3NDARhg9odHRwOi8veGVzdC8yNzUwEYYPaHR0cDov +-L3hlc3QvMjc2MBGGD2h0dHA6Ly94ZXN0LzI3NzARhg9odHRwOi8veGVzdC8yNzgw +-EYYPaHR0cDovL3hlc3QvMjc5MBGGD2h0dHA6Ly94ZXN0LzI4MDARhg9odHRwOi8v +-eGVzdC8yODEwEYYPaHR0cDovL3hlc3QvMjgyMBGGD2h0dHA6Ly94ZXN0LzI4MzAR +-hg9odHRwOi8veGVzdC8yODQwEYYPaHR0cDovL3hlc3QvMjg1MBGGD2h0dHA6Ly94 +-ZXN0LzI4NjARhg9odHRwOi8veGVzdC8yODcwEYYPaHR0cDovL3hlc3QvMjg4MBGG +-D2h0dHA6Ly94ZXN0LzI4OTARhg9odHRwOi8veGVzdC8yOTAwEYYPaHR0cDovL3hl +-c3QvMjkxMBGGD2h0dHA6Ly94ZXN0LzI5MjARhg9odHRwOi8veGVzdC8yOTMwEYYP +-aHR0cDovL3hlc3QvMjk0MBGGD2h0dHA6Ly94ZXN0LzI5NTARhg9odHRwOi8veGVz +-dC8yOTYwEYYPaHR0cDovL3hlc3QvMjk3MBGGD2h0dHA6Ly94ZXN0LzI5ODARhg9o +-dHRwOi8veGVzdC8yOTkwEYYPaHR0cDovL3hlc3QvMzAwMBGGD2h0dHA6Ly94ZXN0 +-LzMwMTARhg9odHRwOi8veGVzdC8zMDIwEYYPaHR0cDovL3hlc3QvMzAzMBGGD2h0 +-dHA6Ly94ZXN0LzMwNDARhg9odHRwOi8veGVzdC8zMDUwEYYPaHR0cDovL3hlc3Qv +-MzA2MBGGD2h0dHA6Ly94ZXN0LzMwNzARhg9odHRwOi8veGVzdC8zMDgwEYYPaHR0 +-cDovL3hlc3QvMzA5MBGGD2h0dHA6Ly94ZXN0LzMxMDARhg9odHRwOi8veGVzdC8z +-MTEwEYYPaHR0cDovL3hlc3QvMzEyMBGGD2h0dHA6Ly94ZXN0LzMxMzARhg9odHRw +-Oi8veGVzdC8zMTQwEYYPaHR0cDovL3hlc3QvMzE1MBGGD2h0dHA6Ly94ZXN0LzMx +-NjARhg9odHRwOi8veGVzdC8zMTcwEYYPaHR0cDovL3hlc3QvMzE4MBGGD2h0dHA6 +-Ly94ZXN0LzMxOTARhg9odHRwOi8veGVzdC8zMjAwEYYPaHR0cDovL3hlc3QvMzIx +-MBGGD2h0dHA6Ly94ZXN0LzMyMjARhg9odHRwOi8veGVzdC8zMjMwEYYPaHR0cDov +-L3hlc3QvMzI0MBGGD2h0dHA6Ly94ZXN0LzMyNTARhg9odHRwOi8veGVzdC8zMjYw +-EYYPaHR0cDovL3hlc3QvMzI3MBGGD2h0dHA6Ly94ZXN0LzMyODARhg9odHRwOi8v +-eGVzdC8zMjkwEYYPaHR0cDovL3hlc3QvMzMwMBGGD2h0dHA6Ly94ZXN0LzMzMTAR +-hg9odHRwOi8veGVzdC8zMzIwEYYPaHR0cDovL3hlc3QvMzMzMBGGD2h0dHA6Ly94 +-ZXN0LzMzNDARhg9odHRwOi8veGVzdC8zMzUwEYYPaHR0cDovL3hlc3QvMzM2MBGG +-D2h0dHA6Ly94ZXN0LzMzNzARhg9odHRwOi8veGVzdC8zMzgwEYYPaHR0cDovL3hl +-c3QvMzM5MBGGD2h0dHA6Ly94ZXN0LzM0MDARhg9odHRwOi8veGVzdC8zNDEwEYYP +-aHR0cDovL3hlc3QvMzQyMBGGD2h0dHA6Ly94ZXN0LzM0MzARhg9odHRwOi8veGVz +-dC8zNDQwEYYPaHR0cDovL3hlc3QvMzQ1MBGGD2h0dHA6Ly94ZXN0LzM0NjARhg9o +-dHRwOi8veGVzdC8zNDcwEYYPaHR0cDovL3hlc3QvMzQ4MBGGD2h0dHA6Ly94ZXN0 +-LzM0OTARhg9odHRwOi8veGVzdC8zNTAwEYYPaHR0cDovL3hlc3QvMzUxMBGGD2h0 +-dHA6Ly94ZXN0LzM1MjARhg9odHRwOi8veGVzdC8zNTMwEYYPaHR0cDovL3hlc3Qv +-MzU0MBGGD2h0dHA6Ly94ZXN0LzM1NTARhg9odHRwOi8veGVzdC8zNTYwEYYPaHR0 +-cDovL3hlc3QvMzU3MBGGD2h0dHA6Ly94ZXN0LzM1ODARhg9odHRwOi8veGVzdC8z +-NTkwEYYPaHR0cDovL3hlc3QvMzYwMBGGD2h0dHA6Ly94ZXN0LzM2MTARhg9odHRw +-Oi8veGVzdC8zNjIwEYYPaHR0cDovL3hlc3QvMzYzMBGGD2h0dHA6Ly94ZXN0LzM2 +-NDARhg9odHRwOi8veGVzdC8zNjUwEYYPaHR0cDovL3hlc3QvMzY2MBGGD2h0dHA6 +-Ly94ZXN0LzM2NzARhg9odHRwOi8veGVzdC8zNjgwEYYPaHR0cDovL3hlc3QvMzY5 +-MBGGD2h0dHA6Ly94ZXN0LzM3MDARhg9odHRwOi8veGVzdC8zNzEwEYYPaHR0cDov +-L3hlc3QvMzcyMBGGD2h0dHA6Ly94ZXN0LzM3MzARhg9odHRwOi8veGVzdC8zNzQw +-EYYPaHR0cDovL3hlc3QvMzc1MBGGD2h0dHA6Ly94ZXN0LzM3NjARhg9odHRwOi8v +-eGVzdC8zNzcwEYYPaHR0cDovL3hlc3QvMzc4MBGGD2h0dHA6Ly94ZXN0LzM3OTAR +-hg9odHRwOi8veGVzdC8zODAwEYYPaHR0cDovL3hlc3QvMzgxMBGGD2h0dHA6Ly94 +-ZXN0LzM4MjARhg9odHRwOi8veGVzdC8zODMwEYYPaHR0cDovL3hlc3QvMzg0MBGG +-D2h0dHA6Ly94ZXN0LzM4NTARhg9odHRwOi8veGVzdC8zODYwEYYPaHR0cDovL3hl +-c3QvMzg3MBGGD2h0dHA6Ly94ZXN0LzM4ODARhg9odHRwOi8veGVzdC8zODkwEYYP +-aHR0cDovL3hlc3QvMzkwMBGGD2h0dHA6Ly94ZXN0LzM5MTARhg9odHRwOi8veGVz +-dC8zOTIwEYYPaHR0cDovL3hlc3QvMzkzMBGGD2h0dHA6Ly94ZXN0LzM5NDARhg9o +-dHRwOi8veGVzdC8zOTUwEYYPaHR0cDovL3hlc3QvMzk2MBGGD2h0dHA6Ly94ZXN0 +-LzM5NzARhg9odHRwOi8veGVzdC8zOTgwEYYPaHR0cDovL3hlc3QvMzk5MBGGD2h0 +-dHA6Ly94ZXN0LzQwMDARhg9odHRwOi8veGVzdC80MDEwEYYPaHR0cDovL3hlc3Qv +-NDAyMBGGD2h0dHA6Ly94ZXN0LzQwMzARhg9odHRwOi8veGVzdC80MDQwEYYPaHR0 +-cDovL3hlc3QvNDA1MBGGD2h0dHA6Ly94ZXN0LzQwNjARhg9odHRwOi8veGVzdC80 +-MDcwEYYPaHR0cDovL3hlc3QvNDA4MBGGD2h0dHA6Ly94ZXN0LzQwOTARhg9odHRw +-Oi8veGVzdC80MTAwEYYPaHR0cDovL3hlc3QvNDExMBGGD2h0dHA6Ly94ZXN0LzQx +-MjARhg9odHRwOi8veGVzdC80MTMwEYYPaHR0cDovL3hlc3QvNDE0MBGGD2h0dHA6 +-Ly94ZXN0LzQxNTARhg9odHRwOi8veGVzdC80MTYwEYYPaHR0cDovL3hlc3QvNDE3 +-MBGGD2h0dHA6Ly94ZXN0LzQxODARhg9odHRwOi8veGVzdC80MTkwEYYPaHR0cDov +-L3hlc3QvNDIwMBGGD2h0dHA6Ly94ZXN0LzQyMTARhg9odHRwOi8veGVzdC80MjIw +-EYYPaHR0cDovL3hlc3QvNDIzMBGGD2h0dHA6Ly94ZXN0LzQyNDARhg9odHRwOi8v +-eGVzdC80MjUwEYYPaHR0cDovL3hlc3QvNDI2MBGGD2h0dHA6Ly94ZXN0LzQyNzAR +-hg9odHRwOi8veGVzdC80MjgwEYYPaHR0cDovL3hlc3QvNDI5MBGGD2h0dHA6Ly94 +-ZXN0LzQzMDARhg9odHRwOi8veGVzdC80MzEwEYYPaHR0cDovL3hlc3QvNDMyMBGG +-D2h0dHA6Ly94ZXN0LzQzMzARhg9odHRwOi8veGVzdC80MzQwEYYPaHR0cDovL3hl +-c3QvNDM1MBGGD2h0dHA6Ly94ZXN0LzQzNjARhg9odHRwOi8veGVzdC80MzcwEYYP +-aHR0cDovL3hlc3QvNDM4MBGGD2h0dHA6Ly94ZXN0LzQzOTARhg9odHRwOi8veGVz +-dC80NDAwEYYPaHR0cDovL3hlc3QvNDQxMBGGD2h0dHA6Ly94ZXN0LzQ0MjARhg9o +-dHRwOi8veGVzdC80NDMwEYYPaHR0cDovL3hlc3QvNDQ0MBGGD2h0dHA6Ly94ZXN0 +-LzQ0NTARhg9odHRwOi8veGVzdC80NDYwEYYPaHR0cDovL3hlc3QvNDQ3MBGGD2h0 +-dHA6Ly94ZXN0LzQ0ODARhg9odHRwOi8veGVzdC80NDkwEYYPaHR0cDovL3hlc3Qv +-NDUwMBGGD2h0dHA6Ly94ZXN0LzQ1MTARhg9odHRwOi8veGVzdC80NTIwEYYPaHR0 +-cDovL3hlc3QvNDUzMBGGD2h0dHA6Ly94ZXN0LzQ1NDARhg9odHRwOi8veGVzdC80 +-NTUwEYYPaHR0cDovL3hlc3QvNDU2MBGGD2h0dHA6Ly94ZXN0LzQ1NzARhg9odHRw +-Oi8veGVzdC80NTgwEYYPaHR0cDovL3hlc3QvNDU5MBGGD2h0dHA6Ly94ZXN0LzQ2 +-MDARhg9odHRwOi8veGVzdC80NjEwEYYPaHR0cDovL3hlc3QvNDYyMBGGD2h0dHA6 +-Ly94ZXN0LzQ2MzARhg9odHRwOi8veGVzdC80NjQwEYYPaHR0cDovL3hlc3QvNDY1 +-MBGGD2h0dHA6Ly94ZXN0LzQ2NjARhg9odHRwOi8veGVzdC80NjcwEYYPaHR0cDov +-L3hlc3QvNDY4MBGGD2h0dHA6Ly94ZXN0LzQ2OTARhg9odHRwOi8veGVzdC80NzAw +-EYYPaHR0cDovL3hlc3QvNDcxMBGGD2h0dHA6Ly94ZXN0LzQ3MjARhg9odHRwOi8v +-eGVzdC80NzMwEYYPaHR0cDovL3hlc3QvNDc0MBGGD2h0dHA6Ly94ZXN0LzQ3NTAR +-hg9odHRwOi8veGVzdC80NzYwEYYPaHR0cDovL3hlc3QvNDc3MBGGD2h0dHA6Ly94 +-ZXN0LzQ3ODARhg9odHRwOi8veGVzdC80NzkwEYYPaHR0cDovL3hlc3QvNDgwMBGG +-D2h0dHA6Ly94ZXN0LzQ4MTARhg9odHRwOi8veGVzdC80ODIwEYYPaHR0cDovL3hl +-c3QvNDgzMBGGD2h0dHA6Ly94ZXN0LzQ4NDARhg9odHRwOi8veGVzdC80ODUwEYYP +-aHR0cDovL3hlc3QvNDg2MBGGD2h0dHA6Ly94ZXN0LzQ4NzARhg9odHRwOi8veGVz +-dC80ODgwEYYPaHR0cDovL3hlc3QvNDg5MBGGD2h0dHA6Ly94ZXN0LzQ5MDARhg9o +-dHRwOi8veGVzdC80OTEwEYYPaHR0cDovL3hlc3QvNDkyMBGGD2h0dHA6Ly94ZXN0 +-LzQ5MzARhg9odHRwOi8veGVzdC80OTQwEYYPaHR0cDovL3hlc3QvNDk1MBGGD2h0 +-dHA6Ly94ZXN0LzQ5NjARhg9odHRwOi8veGVzdC80OTcwEYYPaHR0cDovL3hlc3Qv +-NDk4MBGGD2h0dHA6Ly94ZXN0LzQ5OTARhg9odHRwOi8veGVzdC81MDAwEYYPaHR0 +-cDovL3hlc3QvNTAxMBGGD2h0dHA6Ly94ZXN0LzUwMjARhg9odHRwOi8veGVzdC81 +-MDMwEYYPaHR0cDovL3hlc3QvNTA0MBGGD2h0dHA6Ly94ZXN0LzUwNTARhg9odHRw +-Oi8veGVzdC81MDYwEYYPaHR0cDovL3hlc3QvNTA3MBGGD2h0dHA6Ly94ZXN0LzUw +-ODARhg9odHRwOi8veGVzdC81MDkwEYYPaHR0cDovL3hlc3QvNTEwMBGGD2h0dHA6 +-Ly94ZXN0LzUxMTARhg9odHRwOi8veGVzdC81MTIwEYYPaHR0cDovL3hlc3QvNTEz +-MBGGD2h0dHA6Ly94ZXN0LzUxNDARhg9odHRwOi8veGVzdC81MTUwEYYPaHR0cDov +-L3hlc3QvNTE2MBGGD2h0dHA6Ly94ZXN0LzUxNzARhg9odHRwOi8veGVzdC81MTgw +-EYYPaHR0cDovL3hlc3QvNTE5MBGGD2h0dHA6Ly94ZXN0LzUyMDARhg9odHRwOi8v +-eGVzdC81MjEwEYYPaHR0cDovL3hlc3QvNTIyMBGGD2h0dHA6Ly94ZXN0LzUyMzAR +-hg9odHRwOi8veGVzdC81MjQwEYYPaHR0cDovL3hlc3QvNTI1MBGGD2h0dHA6Ly94 +-ZXN0LzUyNjARhg9odHRwOi8veGVzdC81MjcwEYYPaHR0cDovL3hlc3QvNTI4MBGG +-D2h0dHA6Ly94ZXN0LzUyOTARhg9odHRwOi8veGVzdC81MzAwEYYPaHR0cDovL3hl +-c3QvNTMxMBGGD2h0dHA6Ly94ZXN0LzUzMjARhg9odHRwOi8veGVzdC81MzMwEYYP +-aHR0cDovL3hlc3QvNTM0MBGGD2h0dHA6Ly94ZXN0LzUzNTARhg9odHRwOi8veGVz +-dC81MzYwEYYPaHR0cDovL3hlc3QvNTM3MBGGD2h0dHA6Ly94ZXN0LzUzODARhg9o +-dHRwOi8veGVzdC81MzkwEYYPaHR0cDovL3hlc3QvNTQwMBGGD2h0dHA6Ly94ZXN0 +-LzU0MTARhg9odHRwOi8veGVzdC81NDIwEYYPaHR0cDovL3hlc3QvNTQzMBGGD2h0 +-dHA6Ly94ZXN0LzU0NDARhg9odHRwOi8veGVzdC81NDUwEYYPaHR0cDovL3hlc3Qv +-NTQ2MBGGD2h0dHA6Ly94ZXN0LzU0NzARhg9odHRwOi8veGVzdC81NDgwEYYPaHR0 +-cDovL3hlc3QvNTQ5MBGGD2h0dHA6Ly94ZXN0LzU1MDARhg9odHRwOi8veGVzdC81 +-NTEwEYYPaHR0cDovL3hlc3QvNTUyMBGGD2h0dHA6Ly94ZXN0LzU1MzARhg9odHRw +-Oi8veGVzdC81NTQwEYYPaHR0cDovL3hlc3QvNTU1MBGGD2h0dHA6Ly94ZXN0LzU1 +-NjARhg9odHRwOi8veGVzdC81NTcwEYYPaHR0cDovL3hlc3QvNTU4MBGGD2h0dHA6 +-Ly94ZXN0LzU1OTARhg9odHRwOi8veGVzdC81NjAwEYYPaHR0cDovL3hlc3QvNTYx +-MBGGD2h0dHA6Ly94ZXN0LzU2MjARhg9odHRwOi8veGVzdC81NjMwEYYPaHR0cDov +-L3hlc3QvNTY0MBGGD2h0dHA6Ly94ZXN0LzU2NTARhg9odHRwOi8veGVzdC81NjYw +-EYYPaHR0cDovL3hlc3QvNTY3MBGGD2h0dHA6Ly94ZXN0LzU2ODARhg9odHRwOi8v +-eGVzdC81NjkwEYYPaHR0cDovL3hlc3QvNTcwMBGGD2h0dHA6Ly94ZXN0LzU3MTAR +-hg9odHRwOi8veGVzdC81NzIwEYYPaHR0cDovL3hlc3QvNTczMBGGD2h0dHA6Ly94 +-ZXN0LzU3NDARhg9odHRwOi8veGVzdC81NzUwEYYPaHR0cDovL3hlc3QvNTc2MBGG +-D2h0dHA6Ly94ZXN0LzU3NzARhg9odHRwOi8veGVzdC81NzgwEYYPaHR0cDovL3hl +-c3QvNTc5MBGGD2h0dHA6Ly94ZXN0LzU4MDARhg9odHRwOi8veGVzdC81ODEwEYYP +-aHR0cDovL3hlc3QvNTgyMBGGD2h0dHA6Ly94ZXN0LzU4MzARhg9odHRwOi8veGVz +-dC81ODQwEYYPaHR0cDovL3hlc3QvNTg1MBGGD2h0dHA6Ly94ZXN0LzU4NjARhg9o +-dHRwOi8veGVzdC81ODcwEYYPaHR0cDovL3hlc3QvNTg4MBGGD2h0dHA6Ly94ZXN0 +-LzU4OTARhg9odHRwOi8veGVzdC81OTAwEYYPaHR0cDovL3hlc3QvNTkxMBGGD2h0 +-dHA6Ly94ZXN0LzU5MjARhg9odHRwOi8veGVzdC81OTMwEYYPaHR0cDovL3hlc3Qv +-NTk0MBGGD2h0dHA6Ly94ZXN0LzU5NTARhg9odHRwOi8veGVzdC81OTYwEYYPaHR0 +-cDovL3hlc3QvNTk3MBGGD2h0dHA6Ly94ZXN0LzU5ODARhg9odHRwOi8veGVzdC81 +-OTkwEYYPaHR0cDovL3hlc3QvNjAwMBGGD2h0dHA6Ly94ZXN0LzYwMTARhg9odHRw +-Oi8veGVzdC82MDIwEYYPaHR0cDovL3hlc3QvNjAzMBGGD2h0dHA6Ly94ZXN0LzYw +-NDARhg9odHRwOi8veGVzdC82MDUwEYYPaHR0cDovL3hlc3QvNjA2MBGGD2h0dHA6 +-Ly94ZXN0LzYwNzARhg9odHRwOi8veGVzdC82MDgwEYYPaHR0cDovL3hlc3QvNjA5 +-MBGGD2h0dHA6Ly94ZXN0LzYxMDARhg9odHRwOi8veGVzdC82MTEwEYYPaHR0cDov +-L3hlc3QvNjEyMBGGD2h0dHA6Ly94ZXN0LzYxMzARhg9odHRwOi8veGVzdC82MTQw +-EYYPaHR0cDovL3hlc3QvNjE1MBGGD2h0dHA6Ly94ZXN0LzYxNjARhg9odHRwOi8v +-eGVzdC82MTcwEYYPaHR0cDovL3hlc3QvNjE4MBGGD2h0dHA6Ly94ZXN0LzYxOTAR +-hg9odHRwOi8veGVzdC82MjAwEYYPaHR0cDovL3hlc3QvNjIxMBGGD2h0dHA6Ly94 +-ZXN0LzYyMjARhg9odHRwOi8veGVzdC82MjMwEYYPaHR0cDovL3hlc3QvNjI0MBGG +-D2h0dHA6Ly94ZXN0LzYyNTARhg9odHRwOi8veGVzdC82MjYwEYYPaHR0cDovL3hl +-c3QvNjI3MBGGD2h0dHA6Ly94ZXN0LzYyODARhg9odHRwOi8veGVzdC82MjkwEYYP +-aHR0cDovL3hlc3QvNjMwMBGGD2h0dHA6Ly94ZXN0LzYzMTARhg9odHRwOi8veGVz +-dC82MzIwEYYPaHR0cDovL3hlc3QvNjMzMBGGD2h0dHA6Ly94ZXN0LzYzNDARhg9o +-dHRwOi8veGVzdC82MzUwEYYPaHR0cDovL3hlc3QvNjM2MBGGD2h0dHA6Ly94ZXN0 +-LzYzNzARhg9odHRwOi8veGVzdC82MzgwEYYPaHR0cDovL3hlc3QvNjM5MBGGD2h0 +-dHA6Ly94ZXN0LzY0MDARhg9odHRwOi8veGVzdC82NDEwEYYPaHR0cDovL3hlc3Qv +-NjQyMBGGD2h0dHA6Ly94ZXN0LzY0MzARhg9odHRwOi8veGVzdC82NDQwEYYPaHR0 +-cDovL3hlc3QvNjQ1MBGGD2h0dHA6Ly94ZXN0LzY0NjARhg9odHRwOi8veGVzdC82 +-NDcwEYYPaHR0cDovL3hlc3QvNjQ4MBGGD2h0dHA6Ly94ZXN0LzY0OTARhg9odHRw +-Oi8veGVzdC82NTAwEYYPaHR0cDovL3hlc3QvNjUxMBGGD2h0dHA6Ly94ZXN0LzY1 +-MjARhg9odHRwOi8veGVzdC82NTMwEYYPaHR0cDovL3hlc3QvNjU0MBGGD2h0dHA6 +-Ly94ZXN0LzY1NTARhg9odHRwOi8veGVzdC82NTYwEYYPaHR0cDovL3hlc3QvNjU3 +-MBGGD2h0dHA6Ly94ZXN0LzY1ODARhg9odHRwOi8veGVzdC82NTkwEYYPaHR0cDov +-L3hlc3QvNjYwMBGGD2h0dHA6Ly94ZXN0LzY2MTARhg9odHRwOi8veGVzdC82NjIw +-EYYPaHR0cDovL3hlc3QvNjYzMBGGD2h0dHA6Ly94ZXN0LzY2NDARhg9odHRwOi8v +-eGVzdC82NjUwEYYPaHR0cDovL3hlc3QvNjY2MBGGD2h0dHA6Ly94ZXN0LzY2NzAR +-hg9odHRwOi8veGVzdC82NjgwEYYPaHR0cDovL3hlc3QvNjY5MBGGD2h0dHA6Ly94 +-ZXN0LzY3MDARhg9odHRwOi8veGVzdC82NzEwEYYPaHR0cDovL3hlc3QvNjcyMBGG +-D2h0dHA6Ly94ZXN0LzY3MzARhg9odHRwOi8veGVzdC82NzQwEYYPaHR0cDovL3hl +-c3QvNjc1MBGGD2h0dHA6Ly94ZXN0LzY3NjARhg9odHRwOi8veGVzdC82NzcwEYYP +-aHR0cDovL3hlc3QvNjc4MBGGD2h0dHA6Ly94ZXN0LzY3OTARhg9odHRwOi8veGVz +-dC82ODAwEYYPaHR0cDovL3hlc3QvNjgxMBGGD2h0dHA6Ly94ZXN0LzY4MjARhg9o +-dHRwOi8veGVzdC82ODMwEYYPaHR0cDovL3hlc3QvNjg0MBGGD2h0dHA6Ly94ZXN0 +-LzY4NTARhg9odHRwOi8veGVzdC82ODYwEYYPaHR0cDovL3hlc3QvNjg3MBGGD2h0 +-dHA6Ly94ZXN0LzY4ODARhg9odHRwOi8veGVzdC82ODkwEYYPaHR0cDovL3hlc3Qv +-NjkwMBGGD2h0dHA6Ly94ZXN0LzY5MTARhg9odHRwOi8veGVzdC82OTIwEYYPaHR0 +-cDovL3hlc3QvNjkzMBGGD2h0dHA6Ly94ZXN0LzY5NDARhg9odHRwOi8veGVzdC82 +-OTUwEYYPaHR0cDovL3hlc3QvNjk2MBGGD2h0dHA6Ly94ZXN0LzY5NzARhg9odHRw +-Oi8veGVzdC82OTgwEYYPaHR0cDovL3hlc3QvNjk5MBGGD2h0dHA6Ly94ZXN0Lzcw +-MDARhg9odHRwOi8veGVzdC83MDEwEYYPaHR0cDovL3hlc3QvNzAyMBGGD2h0dHA6 +-Ly94ZXN0LzcwMzARhg9odHRwOi8veGVzdC83MDQwEYYPaHR0cDovL3hlc3QvNzA1 +-MBGGD2h0dHA6Ly94ZXN0LzcwNjARhg9odHRwOi8veGVzdC83MDcwEYYPaHR0cDov +-L3hlc3QvNzA4MBGGD2h0dHA6Ly94ZXN0LzcwOTARhg9odHRwOi8veGVzdC83MTAw +-EYYPaHR0cDovL3hlc3QvNzExMBGGD2h0dHA6Ly94ZXN0LzcxMjARhg9odHRwOi8v +-eGVzdC83MTMwEYYPaHR0cDovL3hlc3QvNzE0MBGGD2h0dHA6Ly94ZXN0LzcxNTAR +-hg9odHRwOi8veGVzdC83MTYwEYYPaHR0cDovL3hlc3QvNzE3MBGGD2h0dHA6Ly94 +-ZXN0LzcxODARhg9odHRwOi8veGVzdC83MTkwEYYPaHR0cDovL3hlc3QvNzIwMBGG +-D2h0dHA6Ly94ZXN0LzcyMTARhg9odHRwOi8veGVzdC83MjIwEYYPaHR0cDovL3hl +-c3QvNzIzMBGGD2h0dHA6Ly94ZXN0LzcyNDARhg9odHRwOi8veGVzdC83MjUwEYYP +-aHR0cDovL3hlc3QvNzI2MBGGD2h0dHA6Ly94ZXN0LzcyNzARhg9odHRwOi8veGVz +-dC83MjgwEYYPaHR0cDovL3hlc3QvNzI5MBGGD2h0dHA6Ly94ZXN0LzczMDARhg9o +-dHRwOi8veGVzdC83MzEwEYYPaHR0cDovL3hlc3QvNzMyMBGGD2h0dHA6Ly94ZXN0 +-LzczMzARhg9odHRwOi8veGVzdC83MzQwEYYPaHR0cDovL3hlc3QvNzM1MBGGD2h0 +-dHA6Ly94ZXN0LzczNjARhg9odHRwOi8veGVzdC83MzcwEYYPaHR0cDovL3hlc3Qv +-NzM4MBGGD2h0dHA6Ly94ZXN0LzczOTARhg9odHRwOi8veGVzdC83NDAwEYYPaHR0 +-cDovL3hlc3QvNzQxMBGGD2h0dHA6Ly94ZXN0Lzc0MjARhg9odHRwOi8veGVzdC83 +-NDMwEYYPaHR0cDovL3hlc3QvNzQ0MBGGD2h0dHA6Ly94ZXN0Lzc0NTARhg9odHRw +-Oi8veGVzdC83NDYwEYYPaHR0cDovL3hlc3QvNzQ3MBGGD2h0dHA6Ly94ZXN0Lzc0 +-ODARhg9odHRwOi8veGVzdC83NDkwEYYPaHR0cDovL3hlc3QvNzUwMBGGD2h0dHA6 +-Ly94ZXN0Lzc1MTARhg9odHRwOi8veGVzdC83NTIwEYYPaHR0cDovL3hlc3QvNzUz +-MBGGD2h0dHA6Ly94ZXN0Lzc1NDARhg9odHRwOi8veGVzdC83NTUwEYYPaHR0cDov +-L3hlc3QvNzU2MBGGD2h0dHA6Ly94ZXN0Lzc1NzARhg9odHRwOi8veGVzdC83NTgw +-EYYPaHR0cDovL3hlc3QvNzU5MBGGD2h0dHA6Ly94ZXN0Lzc2MDARhg9odHRwOi8v +-eGVzdC83NjEwEYYPaHR0cDovL3hlc3QvNzYyMBGGD2h0dHA6Ly94ZXN0Lzc2MzAR +-hg9odHRwOi8veGVzdC83NjQwEYYPaHR0cDovL3hlc3QvNzY1MBGGD2h0dHA6Ly94 +-ZXN0Lzc2NjARhg9odHRwOi8veGVzdC83NjcwEYYPaHR0cDovL3hlc3QvNzY4MBGG +-D2h0dHA6Ly94ZXN0Lzc2OTARhg9odHRwOi8veGVzdC83NzAwEYYPaHR0cDovL3hl +-c3QvNzcxMBGGD2h0dHA6Ly94ZXN0Lzc3MjARhg9odHRwOi8veGVzdC83NzMwEYYP +-aHR0cDovL3hlc3QvNzc0MBGGD2h0dHA6Ly94ZXN0Lzc3NTARhg9odHRwOi8veGVz +-dC83NzYwEYYPaHR0cDovL3hlc3QvNzc3MBGGD2h0dHA6Ly94ZXN0Lzc3ODARhg9o +-dHRwOi8veGVzdC83NzkwEYYPaHR0cDovL3hlc3QvNzgwMBGGD2h0dHA6Ly94ZXN0 +-Lzc4MTARhg9odHRwOi8veGVzdC83ODIwEYYPaHR0cDovL3hlc3QvNzgzMBGGD2h0 +-dHA6Ly94ZXN0Lzc4NDARhg9odHRwOi8veGVzdC83ODUwEYYPaHR0cDovL3hlc3Qv +-Nzg2MBGGD2h0dHA6Ly94ZXN0Lzc4NzARhg9odHRwOi8veGVzdC83ODgwEYYPaHR0 +-cDovL3hlc3QvNzg5MBGGD2h0dHA6Ly94ZXN0Lzc5MDARhg9odHRwOi8veGVzdC83 +-OTEwEYYPaHR0cDovL3hlc3QvNzkyMBGGD2h0dHA6Ly94ZXN0Lzc5MzARhg9odHRw +-Oi8veGVzdC83OTQwEYYPaHR0cDovL3hlc3QvNzk1MBGGD2h0dHA6Ly94ZXN0Lzc5 +-NjARhg9odHRwOi8veGVzdC83OTcwEYYPaHR0cDovL3hlc3QvNzk4MBGGD2h0dHA6 +-Ly94ZXN0Lzc5OTARhg9odHRwOi8veGVzdC84MDAwEYYPaHR0cDovL3hlc3QvODAx +-MBGGD2h0dHA6Ly94ZXN0LzgwMjARhg9odHRwOi8veGVzdC84MDMwEYYPaHR0cDov +-L3hlc3QvODA0MBGGD2h0dHA6Ly94ZXN0LzgwNTARhg9odHRwOi8veGVzdC84MDYw +-EYYPaHR0cDovL3hlc3QvODA3MBGGD2h0dHA6Ly94ZXN0LzgwODARhg9odHRwOi8v +-eGVzdC84MDkwEYYPaHR0cDovL3hlc3QvODEwMBGGD2h0dHA6Ly94ZXN0LzgxMTAR +-hg9odHRwOi8veGVzdC84MTIwEYYPaHR0cDovL3hlc3QvODEzMBGGD2h0dHA6Ly94 +-ZXN0LzgxNDARhg9odHRwOi8veGVzdC84MTUwEYYPaHR0cDovL3hlc3QvODE2MBGG +-D2h0dHA6Ly94ZXN0LzgxNzARhg9odHRwOi8veGVzdC84MTgwEYYPaHR0cDovL3hl +-c3QvODE5MBGGD2h0dHA6Ly94ZXN0LzgyMDARhg9odHRwOi8veGVzdC84MjEwEYYP +-aHR0cDovL3hlc3QvODIyMBGGD2h0dHA6Ly94ZXN0LzgyMzARhg9odHRwOi8veGVz +-dC84MjQwEYYPaHR0cDovL3hlc3QvODI1MBGGD2h0dHA6Ly94ZXN0LzgyNjARhg9o +-dHRwOi8veGVzdC84MjcwEYYPaHR0cDovL3hlc3QvODI4MBGGD2h0dHA6Ly94ZXN0 +-LzgyOTARhg9odHRwOi8veGVzdC84MzAwEYYPaHR0cDovL3hlc3QvODMxMBGGD2h0 +-dHA6Ly94ZXN0LzgzMjARhg9odHRwOi8veGVzdC84MzMwEYYPaHR0cDovL3hlc3Qv +-ODM0MBGGD2h0dHA6Ly94ZXN0LzgzNTARhg9odHRwOi8veGVzdC84MzYwEYYPaHR0 +-cDovL3hlc3QvODM3MBGGD2h0dHA6Ly94ZXN0LzgzODARhg9odHRwOi8veGVzdC84 +-MzkwEYYPaHR0cDovL3hlc3QvODQwMBGGD2h0dHA6Ly94ZXN0Lzg0MTARhg9odHRw +-Oi8veGVzdC84NDIwEYYPaHR0cDovL3hlc3QvODQzMBGGD2h0dHA6Ly94ZXN0Lzg0 +-NDARhg9odHRwOi8veGVzdC84NDUwEYYPaHR0cDovL3hlc3QvODQ2MBGGD2h0dHA6 +-Ly94ZXN0Lzg0NzARhg9odHRwOi8veGVzdC84NDgwEYYPaHR0cDovL3hlc3QvODQ5 +-MBGGD2h0dHA6Ly94ZXN0Lzg1MDARhg9odHRwOi8veGVzdC84NTEwEYYPaHR0cDov +-L3hlc3QvODUyMBGGD2h0dHA6Ly94ZXN0Lzg1MzARhg9odHRwOi8veGVzdC84NTQw +-EYYPaHR0cDovL3hlc3QvODU1MBGGD2h0dHA6Ly94ZXN0Lzg1NjARhg9odHRwOi8v +-eGVzdC84NTcwEYYPaHR0cDovL3hlc3QvODU4MBGGD2h0dHA6Ly94ZXN0Lzg1OTAR +-hg9odHRwOi8veGVzdC84NjAwEYYPaHR0cDovL3hlc3QvODYxMBGGD2h0dHA6Ly94 +-ZXN0Lzg2MjARhg9odHRwOi8veGVzdC84NjMwEYYPaHR0cDovL3hlc3QvODY0MBGG +-D2h0dHA6Ly94ZXN0Lzg2NTARhg9odHRwOi8veGVzdC84NjYwEYYPaHR0cDovL3hl +-c3QvODY3MBGGD2h0dHA6Ly94ZXN0Lzg2ODARhg9odHRwOi8veGVzdC84NjkwEYYP +-aHR0cDovL3hlc3QvODcwMBGGD2h0dHA6Ly94ZXN0Lzg3MTARhg9odHRwOi8veGVz +-dC84NzIwEYYPaHR0cDovL3hlc3QvODczMBGGD2h0dHA6Ly94ZXN0Lzg3NDARhg9o +-dHRwOi8veGVzdC84NzUwEYYPaHR0cDovL3hlc3QvODc2MBGGD2h0dHA6Ly94ZXN0 +-Lzg3NzARhg9odHRwOi8veGVzdC84NzgwEYYPaHR0cDovL3hlc3QvODc5MBGGD2h0 +-dHA6Ly94ZXN0Lzg4MDARhg9odHRwOi8veGVzdC84ODEwEYYPaHR0cDovL3hlc3Qv +-ODgyMBGGD2h0dHA6Ly94ZXN0Lzg4MzARhg9odHRwOi8veGVzdC84ODQwEYYPaHR0 +-cDovL3hlc3QvODg1MBGGD2h0dHA6Ly94ZXN0Lzg4NjARhg9odHRwOi8veGVzdC84 +-ODcwEYYPaHR0cDovL3hlc3QvODg4MBGGD2h0dHA6Ly94ZXN0Lzg4OTARhg9odHRw +-Oi8veGVzdC84OTAwEYYPaHR0cDovL3hlc3QvODkxMBGGD2h0dHA6Ly94ZXN0Lzg5 +-MjARhg9odHRwOi8veGVzdC84OTMwEYYPaHR0cDovL3hlc3QvODk0MBGGD2h0dHA6 +-Ly94ZXN0Lzg5NTARhg9odHRwOi8veGVzdC84OTYwEYYPaHR0cDovL3hlc3QvODk3 +-MBGGD2h0dHA6Ly94ZXN0Lzg5ODARhg9odHRwOi8veGVzdC84OTkwEYYPaHR0cDov +-L3hlc3QvOTAwMBGGD2h0dHA6Ly94ZXN0LzkwMTARhg9odHRwOi8veGVzdC85MDIw +-EYYPaHR0cDovL3hlc3QvOTAzMBGGD2h0dHA6Ly94ZXN0LzkwNDARhg9odHRwOi8v +-eGVzdC85MDUwEYYPaHR0cDovL3hlc3QvOTA2MBGGD2h0dHA6Ly94ZXN0LzkwNzAR +-hg9odHRwOi8veGVzdC85MDgwEYYPaHR0cDovL3hlc3QvOTA5MBGGD2h0dHA6Ly94 +-ZXN0LzkxMDARhg9odHRwOi8veGVzdC85MTEwEYYPaHR0cDovL3hlc3QvOTEyMBGG +-D2h0dHA6Ly94ZXN0LzkxMzARhg9odHRwOi8veGVzdC85MTQwEYYPaHR0cDovL3hl +-c3QvOTE1MBGGD2h0dHA6Ly94ZXN0LzkxNjARhg9odHRwOi8veGVzdC85MTcwEYYP +-aHR0cDovL3hlc3QvOTE4MBGGD2h0dHA6Ly94ZXN0LzkxOTARhg9odHRwOi8veGVz +-dC85MjAwEYYPaHR0cDovL3hlc3QvOTIxMBGGD2h0dHA6Ly94ZXN0LzkyMjARhg9o +-dHRwOi8veGVzdC85MjMwEYYPaHR0cDovL3hlc3QvOTI0MBGGD2h0dHA6Ly94ZXN0 +-LzkyNTARhg9odHRwOi8veGVzdC85MjYwEYYPaHR0cDovL3hlc3QvOTI3MBGGD2h0 +-dHA6Ly94ZXN0LzkyODARhg9odHRwOi8veGVzdC85MjkwEYYPaHR0cDovL3hlc3Qv +-OTMwMBGGD2h0dHA6Ly94ZXN0LzkzMTARhg9odHRwOi8veGVzdC85MzIwEYYPaHR0 +-cDovL3hlc3QvOTMzMBGGD2h0dHA6Ly94ZXN0LzkzNDARhg9odHRwOi8veGVzdC85 +-MzUwEYYPaHR0cDovL3hlc3QvOTM2MBGGD2h0dHA6Ly94ZXN0LzkzNzARhg9odHRw +-Oi8veGVzdC85MzgwEYYPaHR0cDovL3hlc3QvOTM5MBGGD2h0dHA6Ly94ZXN0Lzk0 +-MDARhg9odHRwOi8veGVzdC85NDEwEYYPaHR0cDovL3hlc3QvOTQyMBGGD2h0dHA6 +-Ly94ZXN0Lzk0MzARhg9odHRwOi8veGVzdC85NDQwEYYPaHR0cDovL3hlc3QvOTQ1 +-MBGGD2h0dHA6Ly94ZXN0Lzk0NjARhg9odHRwOi8veGVzdC85NDcwEYYPaHR0cDov +-L3hlc3QvOTQ4MBGGD2h0dHA6Ly94ZXN0Lzk0OTARhg9odHRwOi8veGVzdC85NTAw +-EYYPaHR0cDovL3hlc3QvOTUxMBGGD2h0dHA6Ly94ZXN0Lzk1MjARhg9odHRwOi8v +-eGVzdC85NTMwEYYPaHR0cDovL3hlc3QvOTU0MBGGD2h0dHA6Ly94ZXN0Lzk1NTAR +-hg9odHRwOi8veGVzdC85NTYwEYYPaHR0cDovL3hlc3QvOTU3MBGGD2h0dHA6Ly94 +-ZXN0Lzk1ODARhg9odHRwOi8veGVzdC85NTkwEYYPaHR0cDovL3hlc3QvOTYwMBGG +-D2h0dHA6Ly94ZXN0Lzk2MTARhg9odHRwOi8veGVzdC85NjIwEYYPaHR0cDovL3hl +-c3QvOTYzMBGGD2h0dHA6Ly94ZXN0Lzk2NDARhg9odHRwOi8veGVzdC85NjUwEYYP +-aHR0cDovL3hlc3QvOTY2MBGGD2h0dHA6Ly94ZXN0Lzk2NzARhg9odHRwOi8veGVz +-dC85NjgwEYYPaHR0cDovL3hlc3QvOTY5MBGGD2h0dHA6Ly94ZXN0Lzk3MDARhg9o +-dHRwOi8veGVzdC85NzEwEYYPaHR0cDovL3hlc3QvOTcyMBGGD2h0dHA6Ly94ZXN0 +-Lzk3MzARhg9odHRwOi8veGVzdC85NzQwEYYPaHR0cDovL3hlc3QvOTc1MBGGD2h0 +-dHA6Ly94ZXN0Lzk3NjARhg9odHRwOi8veGVzdC85NzcwEYYPaHR0cDovL3hlc3Qv +-OTc4MBGGD2h0dHA6Ly94ZXN0Lzk3OTARhg9odHRwOi8veGVzdC85ODAwEYYPaHR0 +-cDovL3hlc3QvOTgxMBGGD2h0dHA6Ly94ZXN0Lzk4MjARhg9odHRwOi8veGVzdC85 +-ODMwEYYPaHR0cDovL3hlc3QvOTg0MBGGD2h0dHA6Ly94ZXN0Lzk4NTARhg9odHRw +-Oi8veGVzdC85ODYwEYYPaHR0cDovL3hlc3QvOTg3MBGGD2h0dHA6Ly94ZXN0Lzk4 +-ODARhg9odHRwOi8veGVzdC85ODkwEYYPaHR0cDovL3hlc3QvOTkwMBGGD2h0dHA6 +-Ly94ZXN0Lzk5MTARhg9odHRwOi8veGVzdC85OTIwEYYPaHR0cDovL3hlc3QvOTkz +-MBGGD2h0dHA6Ly94ZXN0Lzk5NDARhg9odHRwOi8veGVzdC85OTUwEYYPaHR0cDov +-L3hlc3QvOTk2MBGGD2h0dHA6Ly94ZXN0Lzk5NzARhg9odHRwOi8veGVzdC85OTgw +-EYYPaHR0cDovL3hlc3QvOTk5MBKGEGh0dHA6Ly94ZXN0LzEwMDAwEoYQaHR0cDov +-L3hlc3QvMTAwMTAShhBodHRwOi8veGVzdC8xMDAyMBKGEGh0dHA6Ly94ZXN0LzEw +-MDMwEoYQaHR0cDovL3hlc3QvMTAwNDAShhBodHRwOi8veGVzdC8xMDA1MBKGEGh0 +-dHA6Ly94ZXN0LzEwMDYwEoYQaHR0cDovL3hlc3QvMTAwNzAShhBodHRwOi8veGVz +-dC8xMDA4MBKGEGh0dHA6Ly94ZXN0LzEwMDkwEoYQaHR0cDovL3hlc3QvMTAxMDAS +-hhBodHRwOi8veGVzdC8xMDExMBKGEGh0dHA6Ly94ZXN0LzEwMTIwEoYQaHR0cDov +-L3hlc3QvMTAxMzAShhBodHRwOi8veGVzdC8xMDE0MBKGEGh0dHA6Ly94ZXN0LzEw +-MTUwEoYQaHR0cDovL3hlc3QvMTAxNjAShhBodHRwOi8veGVzdC8xMDE3MBKGEGh0 +-dHA6Ly94ZXN0LzEwMTgwEoYQaHR0cDovL3hlc3QvMTAxOTAShhBodHRwOi8veGVz +-dC8xMDIwMBKGEGh0dHA6Ly94ZXN0LzEwMjEwEoYQaHR0cDovL3hlc3QvMTAyMjAS +-hhBodHRwOi8veGVzdC8xMDIzMBKGEGh0dHA6Ly94ZXN0LzEwMjQwDQYJKoZIhvcN +-AQELBQADggEBAF2U8ArUAHk1z1cOPSTpF9kMIvJ+GHNKvIn6zxn7JrOTe/ZhJKA2 +-4SkfPKbbwsP83QVbJfEhTykbsrzGDT3LJ6UWjXOz5KCCrkN7ck9Sqs/BD2sTfa8R +-zc6NpXiyqJ1OIm0NYFkpsaWXAVKuTm9OvE7M1Gv5MgRCHOeHdGxCdKZMgwe4VC4z +-TGsJOOHOsVZZgvVpkE99BFFFaAkUW7LJpLBBq3r2SoQNiC9F0juBvOiRuajxu5PX +-Qn3IyiQZ9yikxmesGi6NiHKuRxTaHDj3pn44r8RHCn2OOD0lOkjXrwsMwEVCQ18e +-ZhtkUypPgaHoIdBLvEmHsF431WitevSq9K0= +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Root +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: +- b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: +- d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: +- 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: +- 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: +- 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: +- 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: +- ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: +- cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: +- 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: +- 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: +- df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: +- 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: +- 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: +- 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: +- 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: +- fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: +- e1:7b +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: +- 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: +- 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: +- 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: +- e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: +- 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: +- 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: +- 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: +- 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: +- 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: +- d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: +- ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: +- cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: +- 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: +- d0:93:0b:59 +------BEGIN CERTIFICATE----- +-MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +-BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +-MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +-CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +-Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +-sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +-cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +-0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +-KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +-MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +-L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +-b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +-9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +-QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +-9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +-l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +-2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +-TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +------END CERTIFICATE----- +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.test b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.test +deleted file mode 100644 +index b3138efc735c0..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dirnames.test ++++ /dev/null +@@ -1,5 +0,0 @@ +-chain: ok-different-types-dirnames.pem +-last_cert_trust: TRUSTED_ANCHOR +-utc_time: DEFAULT +-key_purpose: SERVER_AUTH +-expected_errors: +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.pem b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.pem +deleted file mode 100644 +index 3808f3a0d190b..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.pem ++++ /dev/null +@@ -1,8879 +0,0 @@ +-[Created by: generate-chains.py] +- +-A chain containing a large number of name constraints and names, +-but of different types, thus not triggering the limit. +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:dc +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Intermediate +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=t0 +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: +- 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: +- a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: +- ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: +- e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: +- 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: +- 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: +- 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: +- 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: +- 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: +- 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: +- 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: +- 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: +- 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: +- ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: +- 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: +- 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: +- 52:bd +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF +- X509v3 Authority Key Identifier: +- keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Intermediate.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Intermediate.crl +- +- X509v3 Key Usage: critical +- Digital Signature, Key Encipherment +- X509v3 Extended Key Usage: +- TLS Web Server Authentication, TLS Web Client Authentication +- X509v3 Subject Alternative Name: +- DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test, DNS:t1024.test +- Signature Algorithm: sha256WithRSAEncryption +- af:4e:2f:50:52:13:d9:77:37:22:a3:de:f5:2a:e8:1b:88:a6: +- 80:24:52:0c:e0:51:1f:58:1c:38:e8:17:10:9d:7f:9e:2d:58: +- 4d:0c:5c:f3:7a:33:09:48:5e:2d:77:61:9d:bb:9c:0a:7d:33: +- 4f:bb:00:b2:96:be:2f:5d:ab:40:4a:60:95:a4:d2:5d:96:df: +- 01:3a:95:28:77:4f:7f:5f:8e:32:90:a7:46:fc:d5:6e:80:6f: +- 95:e9:74:50:9e:53:1c:b0:c1:64:2d:6d:70:4b:86:ab:9f:4a: +- 6f:2d:f8:23:05:70:f3:95:72:ce:23:20:50:8b:6c:d4:ea:94: +- ed:cd:20:71:a4:c0:24:12:bc:cf:6d:3d:5a:ba:51:03:64:3e: +- b0:00:85:2a:08:2f:cf:d0:6f:9d:ef:7a:16:f4:42:c5:36:20: +- 52:b6:96:34:5b:65:82:ae:34:cd:3e:e3:59:db:a8:24:8a:e5: +- be:37:9c:66:ff:7c:e3:77:d4:a4:4b:91:ab:c8:98:e0:f3:2c: +- 79:80:61:f3:02:e6:71:69:82:b2:31:61:ca:69:4a:a3:72:b9: +- 57:4c:9a:b5:85:07:40:16:3d:8a:cd:65:4b:17:08:33:44:ba: +- 9d:d3:69:cc:e5:b7:17:7c:d5:21:7c:1a:bb:e8:cf:f3:31:2f: +- 13:4b:2e:eb +------BEGIN CERTIFICATE----- +-MIIvZDCCLkygAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY3DANBgkqhkiG9w0BAQsF +-ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +-MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +-ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +-P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +-B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +-Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +-QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +-4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLLEwgiytMB0GA1UdDgQW +-BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +-8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +-Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +-Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgivDBgNVHREEgiu6MIIrtoIH +-dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +-dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +-c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +-dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +-MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +-dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +-ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +-c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +-dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +-NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +-dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +-ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +-c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +-dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +-OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +-dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +-ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +-c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +-dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +-Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +-dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +-c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +-dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +-LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +-dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +-MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +-dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +-ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +-MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +-ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +-CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +-NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +-c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +-dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +-LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +-dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +-MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +-dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +-ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +-ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +-ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +-CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +-My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +-c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +-dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +-LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +-dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +-MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +-dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +-ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +-MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +-ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +-CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +-MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +-c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +-dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +-LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +-dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +-MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +-dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +-ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +-NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +-ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +-CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +-OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +-c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +-dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +-LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +-dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +-MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +-dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +-ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +-MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +-ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +-CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +-Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +-c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +-dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +-LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +-dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +-MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +-dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +-ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +-NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +-ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +-CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +-NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +-c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +-dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +-LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +-dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +-NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +-dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +-ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +-MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +-ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +-CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +-My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +-c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +-dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +-LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +-dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +-NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +-dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +-ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +-NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +-ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +-CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +-MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +-c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +-dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +-LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +-dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +-NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +-dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +-ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +-MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +-ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +-CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +-OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +-c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +-dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +-LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +-dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +-NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +-dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +-ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +-NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +-ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +-CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +-Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +-c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +-dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +-LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +-dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +-NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +-dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +-ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +-MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +-ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +-CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +-NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +-c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +-dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +-LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +-dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +-NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +-dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +-ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +-NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +-ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +-CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +-My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +-c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +-dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +-LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +-dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +-Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +-dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +-ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +-MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +-ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +-CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +-MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +-c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +-dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +-LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +-dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +-NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +-dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +-ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +-NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +-ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +-CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +-OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +-c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +-dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +-LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +-dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +-NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +-dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +-ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +-MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +-ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +-CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +-Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +-c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +-dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +-LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +-dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +-ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +-dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +-ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +-NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +-ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +-CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +-NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +-c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +-dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +-LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +-dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +-ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +-dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +-ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +-MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +-ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +-CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +-My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +-c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +-dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +-LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +-dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +-OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +-dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +-ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +-NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +-ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +-CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +-MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +-c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +-dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +-LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +-dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +-OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +-dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +-ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +-OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +-dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +-dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +-dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +-dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +-dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +-dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdIIKdDEwMjQu +-dGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAr04vUFIT2Xc3IqPe9SroG4imgCRSDOBR +-H1gcOOgXEJ1/ni1YTQxc83ozCUheLXdhnbucCn0zT7sAspa+L12rQEpglaTSXZbf +-ATqVKHdPf1+OMpCnRvzVboBvlel0UJ5THLDBZC1tcEuGq59Kby34IwVw85VyziMg +-UIts1OqU7c0gcaTAJBK8z209WrpRA2Q+sACFKggvz9Bvne96FvRCxTYgUraWNFtl +-gq40zT7jWduoJIrlvjecZv9843fUpEuRq8iY4PMseYBh8wLmcWmCsjFhymlKo3K5 +-V0yatYUHQBY9is1lSxcIM0S6ndNpzOW3F3zVIXwau+jP8zEvE0su6w== +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fe +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Intermediate +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: +- 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: +- 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: +- 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: +- d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: +- 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: +- 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: +- 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: +- d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: +- 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: +- 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: +- ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: +- da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: +- d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: +- 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: +- bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: +- 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: +- 86:65 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- X509v3 Name Constraints: +- Permitted: +- IP:10.0.0.0/255.255.255.255 +- IP:10.0.0.1/255.255.255.255 +- IP:10.0.0.2/255.255.255.255 +- IP:10.0.0.3/255.255.255.255 +- IP:10.0.0.4/255.255.255.255 +- IP:10.0.0.5/255.255.255.255 +- IP:10.0.0.6/255.255.255.255 +- IP:10.0.0.7/255.255.255.255 +- IP:10.0.0.8/255.255.255.255 +- IP:10.0.0.9/255.255.255.255 +- IP:10.0.0.10/255.255.255.255 +- IP:10.0.0.11/255.255.255.255 +- IP:10.0.0.12/255.255.255.255 +- IP:10.0.0.13/255.255.255.255 +- IP:10.0.0.14/255.255.255.255 +- IP:10.0.0.15/255.255.255.255 +- IP:10.0.0.16/255.255.255.255 +- IP:10.0.0.17/255.255.255.255 +- IP:10.0.0.18/255.255.255.255 +- IP:10.0.0.19/255.255.255.255 +- IP:10.0.0.20/255.255.255.255 +- IP:10.0.0.21/255.255.255.255 +- IP:10.0.0.22/255.255.255.255 +- IP:10.0.0.23/255.255.255.255 +- IP:10.0.0.24/255.255.255.255 +- IP:10.0.0.25/255.255.255.255 +- IP:10.0.0.26/255.255.255.255 +- IP:10.0.0.27/255.255.255.255 +- IP:10.0.0.28/255.255.255.255 +- IP:10.0.0.29/255.255.255.255 +- IP:10.0.0.30/255.255.255.255 +- IP:10.0.0.31/255.255.255.255 +- IP:10.0.0.32/255.255.255.255 +- IP:10.0.0.33/255.255.255.255 +- IP:10.0.0.34/255.255.255.255 +- IP:10.0.0.35/255.255.255.255 +- IP:10.0.0.36/255.255.255.255 +- IP:10.0.0.37/255.255.255.255 +- IP:10.0.0.38/255.255.255.255 +- IP:10.0.0.39/255.255.255.255 +- IP:10.0.0.40/255.255.255.255 +- IP:10.0.0.41/255.255.255.255 +- IP:10.0.0.42/255.255.255.255 +- IP:10.0.0.43/255.255.255.255 +- IP:10.0.0.44/255.255.255.255 +- IP:10.0.0.45/255.255.255.255 +- IP:10.0.0.46/255.255.255.255 +- IP:10.0.0.47/255.255.255.255 +- IP:10.0.0.48/255.255.255.255 +- IP:10.0.0.49/255.255.255.255 +- IP:10.0.0.50/255.255.255.255 +- IP:10.0.0.51/255.255.255.255 +- IP:10.0.0.52/255.255.255.255 +- IP:10.0.0.53/255.255.255.255 +- IP:10.0.0.54/255.255.255.255 +- IP:10.0.0.55/255.255.255.255 +- IP:10.0.0.56/255.255.255.255 +- IP:10.0.0.57/255.255.255.255 +- IP:10.0.0.58/255.255.255.255 +- IP:10.0.0.59/255.255.255.255 +- IP:10.0.0.60/255.255.255.255 +- IP:10.0.0.61/255.255.255.255 +- IP:10.0.0.62/255.255.255.255 +- IP:10.0.0.63/255.255.255.255 +- IP:10.0.0.64/255.255.255.255 +- IP:10.0.0.65/255.255.255.255 +- IP:10.0.0.66/255.255.255.255 +- IP:10.0.0.67/255.255.255.255 +- IP:10.0.0.68/255.255.255.255 +- IP:10.0.0.69/255.255.255.255 +- IP:10.0.0.70/255.255.255.255 +- IP:10.0.0.71/255.255.255.255 +- IP:10.0.0.72/255.255.255.255 +- IP:10.0.0.73/255.255.255.255 +- IP:10.0.0.74/255.255.255.255 +- IP:10.0.0.75/255.255.255.255 +- IP:10.0.0.76/255.255.255.255 +- IP:10.0.0.77/255.255.255.255 +- IP:10.0.0.78/255.255.255.255 +- IP:10.0.0.79/255.255.255.255 +- IP:10.0.0.80/255.255.255.255 +- IP:10.0.0.81/255.255.255.255 +- IP:10.0.0.82/255.255.255.255 +- IP:10.0.0.83/255.255.255.255 +- IP:10.0.0.84/255.255.255.255 +- IP:10.0.0.85/255.255.255.255 +- IP:10.0.0.86/255.255.255.255 +- IP:10.0.0.87/255.255.255.255 +- IP:10.0.0.88/255.255.255.255 +- IP:10.0.0.89/255.255.255.255 +- IP:10.0.0.90/255.255.255.255 +- IP:10.0.0.91/255.255.255.255 +- IP:10.0.0.92/255.255.255.255 +- IP:10.0.0.93/255.255.255.255 +- IP:10.0.0.94/255.255.255.255 +- IP:10.0.0.95/255.255.255.255 +- IP:10.0.0.96/255.255.255.255 +- IP:10.0.0.97/255.255.255.255 +- IP:10.0.0.98/255.255.255.255 +- IP:10.0.0.99/255.255.255.255 +- IP:10.0.0.100/255.255.255.255 +- IP:10.0.0.101/255.255.255.255 +- IP:10.0.0.102/255.255.255.255 +- IP:10.0.0.103/255.255.255.255 +- IP:10.0.0.104/255.255.255.255 +- IP:10.0.0.105/255.255.255.255 +- IP:10.0.0.106/255.255.255.255 +- IP:10.0.0.107/255.255.255.255 +- IP:10.0.0.108/255.255.255.255 +- IP:10.0.0.109/255.255.255.255 +- IP:10.0.0.110/255.255.255.255 +- IP:10.0.0.111/255.255.255.255 +- IP:10.0.0.112/255.255.255.255 +- IP:10.0.0.113/255.255.255.255 +- IP:10.0.0.114/255.255.255.255 +- IP:10.0.0.115/255.255.255.255 +- IP:10.0.0.116/255.255.255.255 +- IP:10.0.0.117/255.255.255.255 +- IP:10.0.0.118/255.255.255.255 +- IP:10.0.0.119/255.255.255.255 +- IP:10.0.0.120/255.255.255.255 +- IP:10.0.0.121/255.255.255.255 +- IP:10.0.0.122/255.255.255.255 +- IP:10.0.0.123/255.255.255.255 +- IP:10.0.0.124/255.255.255.255 +- IP:10.0.0.125/255.255.255.255 +- IP:10.0.0.126/255.255.255.255 +- IP:10.0.0.127/255.255.255.255 +- IP:10.0.0.128/255.255.255.255 +- IP:10.0.0.129/255.255.255.255 +- IP:10.0.0.130/255.255.255.255 +- IP:10.0.0.131/255.255.255.255 +- IP:10.0.0.132/255.255.255.255 +- IP:10.0.0.133/255.255.255.255 +- IP:10.0.0.134/255.255.255.255 +- IP:10.0.0.135/255.255.255.255 +- IP:10.0.0.136/255.255.255.255 +- IP:10.0.0.137/255.255.255.255 +- IP:10.0.0.138/255.255.255.255 +- IP:10.0.0.139/255.255.255.255 +- IP:10.0.0.140/255.255.255.255 +- IP:10.0.0.141/255.255.255.255 +- IP:10.0.0.142/255.255.255.255 +- IP:10.0.0.143/255.255.255.255 +- IP:10.0.0.144/255.255.255.255 +- IP:10.0.0.145/255.255.255.255 +- IP:10.0.0.146/255.255.255.255 +- IP:10.0.0.147/255.255.255.255 +- IP:10.0.0.148/255.255.255.255 +- IP:10.0.0.149/255.255.255.255 +- IP:10.0.0.150/255.255.255.255 +- IP:10.0.0.151/255.255.255.255 +- IP:10.0.0.152/255.255.255.255 +- IP:10.0.0.153/255.255.255.255 +- IP:10.0.0.154/255.255.255.255 +- IP:10.0.0.155/255.255.255.255 +- IP:10.0.0.156/255.255.255.255 +- IP:10.0.0.157/255.255.255.255 +- IP:10.0.0.158/255.255.255.255 +- IP:10.0.0.159/255.255.255.255 +- IP:10.0.0.160/255.255.255.255 +- IP:10.0.0.161/255.255.255.255 +- IP:10.0.0.162/255.255.255.255 +- IP:10.0.0.163/255.255.255.255 +- IP:10.0.0.164/255.255.255.255 +- IP:10.0.0.165/255.255.255.255 +- IP:10.0.0.166/255.255.255.255 +- IP:10.0.0.167/255.255.255.255 +- IP:10.0.0.168/255.255.255.255 +- IP:10.0.0.169/255.255.255.255 +- IP:10.0.0.170/255.255.255.255 +- IP:10.0.0.171/255.255.255.255 +- IP:10.0.0.172/255.255.255.255 +- IP:10.0.0.173/255.255.255.255 +- IP:10.0.0.174/255.255.255.255 +- IP:10.0.0.175/255.255.255.255 +- IP:10.0.0.176/255.255.255.255 +- IP:10.0.0.177/255.255.255.255 +- IP:10.0.0.178/255.255.255.255 +- IP:10.0.0.179/255.255.255.255 +- IP:10.0.0.180/255.255.255.255 +- IP:10.0.0.181/255.255.255.255 +- IP:10.0.0.182/255.255.255.255 +- IP:10.0.0.183/255.255.255.255 +- IP:10.0.0.184/255.255.255.255 +- IP:10.0.0.185/255.255.255.255 +- IP:10.0.0.186/255.255.255.255 +- IP:10.0.0.187/255.255.255.255 +- IP:10.0.0.188/255.255.255.255 +- IP:10.0.0.189/255.255.255.255 +- IP:10.0.0.190/255.255.255.255 +- IP:10.0.0.191/255.255.255.255 +- IP:10.0.0.192/255.255.255.255 +- IP:10.0.0.193/255.255.255.255 +- IP:10.0.0.194/255.255.255.255 +- IP:10.0.0.195/255.255.255.255 +- IP:10.0.0.196/255.255.255.255 +- IP:10.0.0.197/255.255.255.255 +- IP:10.0.0.198/255.255.255.255 +- IP:10.0.0.199/255.255.255.255 +- IP:10.0.0.200/255.255.255.255 +- IP:10.0.0.201/255.255.255.255 +- IP:10.0.0.202/255.255.255.255 +- IP:10.0.0.203/255.255.255.255 +- IP:10.0.0.204/255.255.255.255 +- IP:10.0.0.205/255.255.255.255 +- IP:10.0.0.206/255.255.255.255 +- IP:10.0.0.207/255.255.255.255 +- IP:10.0.0.208/255.255.255.255 +- IP:10.0.0.209/255.255.255.255 +- IP:10.0.0.210/255.255.255.255 +- IP:10.0.0.211/255.255.255.255 +- IP:10.0.0.212/255.255.255.255 +- IP:10.0.0.213/255.255.255.255 +- IP:10.0.0.214/255.255.255.255 +- IP:10.0.0.215/255.255.255.255 +- IP:10.0.0.216/255.255.255.255 +- IP:10.0.0.217/255.255.255.255 +- IP:10.0.0.218/255.255.255.255 +- IP:10.0.0.219/255.255.255.255 +- IP:10.0.0.220/255.255.255.255 +- IP:10.0.0.221/255.255.255.255 +- IP:10.0.0.222/255.255.255.255 +- IP:10.0.0.223/255.255.255.255 +- IP:10.0.0.224/255.255.255.255 +- IP:10.0.0.225/255.255.255.255 +- IP:10.0.0.226/255.255.255.255 +- IP:10.0.0.227/255.255.255.255 +- IP:10.0.0.228/255.255.255.255 +- IP:10.0.0.229/255.255.255.255 +- IP:10.0.0.230/255.255.255.255 +- IP:10.0.0.231/255.255.255.255 +- IP:10.0.0.232/255.255.255.255 +- IP:10.0.0.233/255.255.255.255 +- IP:10.0.0.234/255.255.255.255 +- IP:10.0.0.235/255.255.255.255 +- IP:10.0.0.236/255.255.255.255 +- IP:10.0.0.237/255.255.255.255 +- IP:10.0.0.238/255.255.255.255 +- IP:10.0.0.239/255.255.255.255 +- IP:10.0.0.240/255.255.255.255 +- IP:10.0.0.241/255.255.255.255 +- IP:10.0.0.242/255.255.255.255 +- IP:10.0.0.243/255.255.255.255 +- IP:10.0.0.244/255.255.255.255 +- IP:10.0.0.245/255.255.255.255 +- IP:10.0.0.246/255.255.255.255 +- IP:10.0.0.247/255.255.255.255 +- IP:10.0.0.248/255.255.255.255 +- IP:10.0.0.249/255.255.255.255 +- IP:10.0.0.250/255.255.255.255 +- IP:10.0.0.251/255.255.255.255 +- IP:10.0.0.252/255.255.255.255 +- IP:10.0.0.253/255.255.255.255 +- IP:10.0.0.254/255.255.255.255 +- IP:10.0.0.255/255.255.255.255 +- IP:10.0.1.0/255.255.255.255 +- IP:10.0.1.1/255.255.255.255 +- IP:10.0.1.2/255.255.255.255 +- IP:10.0.1.3/255.255.255.255 +- IP:10.0.1.4/255.255.255.255 +- IP:10.0.1.5/255.255.255.255 +- IP:10.0.1.6/255.255.255.255 +- IP:10.0.1.7/255.255.255.255 +- IP:10.0.1.8/255.255.255.255 +- IP:10.0.1.9/255.255.255.255 +- IP:10.0.1.10/255.255.255.255 +- IP:10.0.1.11/255.255.255.255 +- IP:10.0.1.12/255.255.255.255 +- IP:10.0.1.13/255.255.255.255 +- IP:10.0.1.14/255.255.255.255 +- IP:10.0.1.15/255.255.255.255 +- IP:10.0.1.16/255.255.255.255 +- IP:10.0.1.17/255.255.255.255 +- IP:10.0.1.18/255.255.255.255 +- IP:10.0.1.19/255.255.255.255 +- IP:10.0.1.20/255.255.255.255 +- IP:10.0.1.21/255.255.255.255 +- IP:10.0.1.22/255.255.255.255 +- IP:10.0.1.23/255.255.255.255 +- IP:10.0.1.24/255.255.255.255 +- IP:10.0.1.25/255.255.255.255 +- IP:10.0.1.26/255.255.255.255 +- IP:10.0.1.27/255.255.255.255 +- IP:10.0.1.28/255.255.255.255 +- IP:10.0.1.29/255.255.255.255 +- IP:10.0.1.30/255.255.255.255 +- IP:10.0.1.31/255.255.255.255 +- IP:10.0.1.32/255.255.255.255 +- IP:10.0.1.33/255.255.255.255 +- IP:10.0.1.34/255.255.255.255 +- IP:10.0.1.35/255.255.255.255 +- IP:10.0.1.36/255.255.255.255 +- IP:10.0.1.37/255.255.255.255 +- IP:10.0.1.38/255.255.255.255 +- IP:10.0.1.39/255.255.255.255 +- IP:10.0.1.40/255.255.255.255 +- IP:10.0.1.41/255.255.255.255 +- IP:10.0.1.42/255.255.255.255 +- IP:10.0.1.43/255.255.255.255 +- IP:10.0.1.44/255.255.255.255 +- IP:10.0.1.45/255.255.255.255 +- IP:10.0.1.46/255.255.255.255 +- IP:10.0.1.47/255.255.255.255 +- IP:10.0.1.48/255.255.255.255 +- IP:10.0.1.49/255.255.255.255 +- IP:10.0.1.50/255.255.255.255 +- IP:10.0.1.51/255.255.255.255 +- IP:10.0.1.52/255.255.255.255 +- IP:10.0.1.53/255.255.255.255 +- IP:10.0.1.54/255.255.255.255 +- IP:10.0.1.55/255.255.255.255 +- IP:10.0.1.56/255.255.255.255 +- IP:10.0.1.57/255.255.255.255 +- IP:10.0.1.58/255.255.255.255 +- IP:10.0.1.59/255.255.255.255 +- IP:10.0.1.60/255.255.255.255 +- IP:10.0.1.61/255.255.255.255 +- IP:10.0.1.62/255.255.255.255 +- IP:10.0.1.63/255.255.255.255 +- IP:10.0.1.64/255.255.255.255 +- IP:10.0.1.65/255.255.255.255 +- IP:10.0.1.66/255.255.255.255 +- IP:10.0.1.67/255.255.255.255 +- IP:10.0.1.68/255.255.255.255 +- IP:10.0.1.69/255.255.255.255 +- IP:10.0.1.70/255.255.255.255 +- IP:10.0.1.71/255.255.255.255 +- IP:10.0.1.72/255.255.255.255 +- IP:10.0.1.73/255.255.255.255 +- IP:10.0.1.74/255.255.255.255 +- IP:10.0.1.75/255.255.255.255 +- IP:10.0.1.76/255.255.255.255 +- IP:10.0.1.77/255.255.255.255 +- IP:10.0.1.78/255.255.255.255 +- IP:10.0.1.79/255.255.255.255 +- IP:10.0.1.80/255.255.255.255 +- IP:10.0.1.81/255.255.255.255 +- IP:10.0.1.82/255.255.255.255 +- IP:10.0.1.83/255.255.255.255 +- IP:10.0.1.84/255.255.255.255 +- IP:10.0.1.85/255.255.255.255 +- IP:10.0.1.86/255.255.255.255 +- IP:10.0.1.87/255.255.255.255 +- IP:10.0.1.88/255.255.255.255 +- IP:10.0.1.89/255.255.255.255 +- IP:10.0.1.90/255.255.255.255 +- IP:10.0.1.91/255.255.255.255 +- IP:10.0.1.92/255.255.255.255 +- IP:10.0.1.93/255.255.255.255 +- IP:10.0.1.94/255.255.255.255 +- IP:10.0.1.95/255.255.255.255 +- IP:10.0.1.96/255.255.255.255 +- IP:10.0.1.97/255.255.255.255 +- IP:10.0.1.98/255.255.255.255 +- IP:10.0.1.99/255.255.255.255 +- IP:10.0.1.100/255.255.255.255 +- IP:10.0.1.101/255.255.255.255 +- IP:10.0.1.102/255.255.255.255 +- IP:10.0.1.103/255.255.255.255 +- IP:10.0.1.104/255.255.255.255 +- IP:10.0.1.105/255.255.255.255 +- IP:10.0.1.106/255.255.255.255 +- IP:10.0.1.107/255.255.255.255 +- IP:10.0.1.108/255.255.255.255 +- IP:10.0.1.109/255.255.255.255 +- IP:10.0.1.110/255.255.255.255 +- IP:10.0.1.111/255.255.255.255 +- IP:10.0.1.112/255.255.255.255 +- IP:10.0.1.113/255.255.255.255 +- IP:10.0.1.114/255.255.255.255 +- IP:10.0.1.115/255.255.255.255 +- IP:10.0.1.116/255.255.255.255 +- IP:10.0.1.117/255.255.255.255 +- IP:10.0.1.118/255.255.255.255 +- IP:10.0.1.119/255.255.255.255 +- IP:10.0.1.120/255.255.255.255 +- IP:10.0.1.121/255.255.255.255 +- IP:10.0.1.122/255.255.255.255 +- IP:10.0.1.123/255.255.255.255 +- IP:10.0.1.124/255.255.255.255 +- IP:10.0.1.125/255.255.255.255 +- IP:10.0.1.126/255.255.255.255 +- IP:10.0.1.127/255.255.255.255 +- IP:10.0.1.128/255.255.255.255 +- IP:10.0.1.129/255.255.255.255 +- IP:10.0.1.130/255.255.255.255 +- IP:10.0.1.131/255.255.255.255 +- IP:10.0.1.132/255.255.255.255 +- IP:10.0.1.133/255.255.255.255 +- IP:10.0.1.134/255.255.255.255 +- IP:10.0.1.135/255.255.255.255 +- IP:10.0.1.136/255.255.255.255 +- IP:10.0.1.137/255.255.255.255 +- IP:10.0.1.138/255.255.255.255 +- IP:10.0.1.139/255.255.255.255 +- IP:10.0.1.140/255.255.255.255 +- IP:10.0.1.141/255.255.255.255 +- IP:10.0.1.142/255.255.255.255 +- IP:10.0.1.143/255.255.255.255 +- IP:10.0.1.144/255.255.255.255 +- IP:10.0.1.145/255.255.255.255 +- IP:10.0.1.146/255.255.255.255 +- IP:10.0.1.147/255.255.255.255 +- IP:10.0.1.148/255.255.255.255 +- IP:10.0.1.149/255.255.255.255 +- IP:10.0.1.150/255.255.255.255 +- IP:10.0.1.151/255.255.255.255 +- IP:10.0.1.152/255.255.255.255 +- IP:10.0.1.153/255.255.255.255 +- IP:10.0.1.154/255.255.255.255 +- IP:10.0.1.155/255.255.255.255 +- IP:10.0.1.156/255.255.255.255 +- IP:10.0.1.157/255.255.255.255 +- IP:10.0.1.158/255.255.255.255 +- IP:10.0.1.159/255.255.255.255 +- IP:10.0.1.160/255.255.255.255 +- IP:10.0.1.161/255.255.255.255 +- IP:10.0.1.162/255.255.255.255 +- IP:10.0.1.163/255.255.255.255 +- IP:10.0.1.164/255.255.255.255 +- IP:10.0.1.165/255.255.255.255 +- IP:10.0.1.166/255.255.255.255 +- IP:10.0.1.167/255.255.255.255 +- IP:10.0.1.168/255.255.255.255 +- IP:10.0.1.169/255.255.255.255 +- IP:10.0.1.170/255.255.255.255 +- IP:10.0.1.171/255.255.255.255 +- IP:10.0.1.172/255.255.255.255 +- IP:10.0.1.173/255.255.255.255 +- IP:10.0.1.174/255.255.255.255 +- IP:10.0.1.175/255.255.255.255 +- IP:10.0.1.176/255.255.255.255 +- IP:10.0.1.177/255.255.255.255 +- IP:10.0.1.178/255.255.255.255 +- IP:10.0.1.179/255.255.255.255 +- IP:10.0.1.180/255.255.255.255 +- IP:10.0.1.181/255.255.255.255 +- IP:10.0.1.182/255.255.255.255 +- IP:10.0.1.183/255.255.255.255 +- IP:10.0.1.184/255.255.255.255 +- IP:10.0.1.185/255.255.255.255 +- IP:10.0.1.186/255.255.255.255 +- IP:10.0.1.187/255.255.255.255 +- IP:10.0.1.188/255.255.255.255 +- IP:10.0.1.189/255.255.255.255 +- IP:10.0.1.190/255.255.255.255 +- IP:10.0.1.191/255.255.255.255 +- IP:10.0.1.192/255.255.255.255 +- IP:10.0.1.193/255.255.255.255 +- IP:10.0.1.194/255.255.255.255 +- IP:10.0.1.195/255.255.255.255 +- IP:10.0.1.196/255.255.255.255 +- IP:10.0.1.197/255.255.255.255 +- IP:10.0.1.198/255.255.255.255 +- IP:10.0.1.199/255.255.255.255 +- IP:10.0.1.200/255.255.255.255 +- IP:10.0.1.201/255.255.255.255 +- IP:10.0.1.202/255.255.255.255 +- IP:10.0.1.203/255.255.255.255 +- IP:10.0.1.204/255.255.255.255 +- IP:10.0.1.205/255.255.255.255 +- IP:10.0.1.206/255.255.255.255 +- IP:10.0.1.207/255.255.255.255 +- IP:10.0.1.208/255.255.255.255 +- IP:10.0.1.209/255.255.255.255 +- IP:10.0.1.210/255.255.255.255 +- IP:10.0.1.211/255.255.255.255 +- IP:10.0.1.212/255.255.255.255 +- IP:10.0.1.213/255.255.255.255 +- IP:10.0.1.214/255.255.255.255 +- IP:10.0.1.215/255.255.255.255 +- IP:10.0.1.216/255.255.255.255 +- IP:10.0.1.217/255.255.255.255 +- IP:10.0.1.218/255.255.255.255 +- IP:10.0.1.219/255.255.255.255 +- IP:10.0.1.220/255.255.255.255 +- IP:10.0.1.221/255.255.255.255 +- IP:10.0.1.222/255.255.255.255 +- IP:10.0.1.223/255.255.255.255 +- IP:10.0.1.224/255.255.255.255 +- IP:10.0.1.225/255.255.255.255 +- IP:10.0.1.226/255.255.255.255 +- IP:10.0.1.227/255.255.255.255 +- IP:10.0.1.228/255.255.255.255 +- IP:10.0.1.229/255.255.255.255 +- IP:10.0.1.230/255.255.255.255 +- IP:10.0.1.231/255.255.255.255 +- IP:10.0.1.232/255.255.255.255 +- IP:10.0.1.233/255.255.255.255 +- IP:10.0.1.234/255.255.255.255 +- IP:10.0.1.235/255.255.255.255 +- IP:10.0.1.236/255.255.255.255 +- IP:10.0.1.237/255.255.255.255 +- IP:10.0.1.238/255.255.255.255 +- IP:10.0.1.239/255.255.255.255 +- IP:10.0.1.240/255.255.255.255 +- IP:10.0.1.241/255.255.255.255 +- IP:10.0.1.242/255.255.255.255 +- IP:10.0.1.243/255.255.255.255 +- IP:10.0.1.244/255.255.255.255 +- IP:10.0.1.245/255.255.255.255 +- IP:10.0.1.246/255.255.255.255 +- IP:10.0.1.247/255.255.255.255 +- IP:10.0.1.248/255.255.255.255 +- IP:10.0.1.249/255.255.255.255 +- IP:10.0.1.250/255.255.255.255 +- IP:10.0.1.251/255.255.255.255 +- IP:10.0.1.252/255.255.255.255 +- IP:10.0.1.253/255.255.255.255 +- IP:10.0.1.254/255.255.255.255 +- IP:10.0.1.255/255.255.255.255 +- IP:10.0.2.0/255.255.255.255 +- IP:10.0.2.1/255.255.255.255 +- IP:10.0.2.2/255.255.255.255 +- IP:10.0.2.3/255.255.255.255 +- IP:10.0.2.4/255.255.255.255 +- IP:10.0.2.5/255.255.255.255 +- IP:10.0.2.6/255.255.255.255 +- IP:10.0.2.7/255.255.255.255 +- IP:10.0.2.8/255.255.255.255 +- IP:10.0.2.9/255.255.255.255 +- IP:10.0.2.10/255.255.255.255 +- IP:10.0.2.11/255.255.255.255 +- IP:10.0.2.12/255.255.255.255 +- IP:10.0.2.13/255.255.255.255 +- IP:10.0.2.14/255.255.255.255 +- IP:10.0.2.15/255.255.255.255 +- IP:10.0.2.16/255.255.255.255 +- IP:10.0.2.17/255.255.255.255 +- IP:10.0.2.18/255.255.255.255 +- IP:10.0.2.19/255.255.255.255 +- IP:10.0.2.20/255.255.255.255 +- IP:10.0.2.21/255.255.255.255 +- IP:10.0.2.22/255.255.255.255 +- IP:10.0.2.23/255.255.255.255 +- IP:10.0.2.24/255.255.255.255 +- IP:10.0.2.25/255.255.255.255 +- IP:10.0.2.26/255.255.255.255 +- IP:10.0.2.27/255.255.255.255 +- IP:10.0.2.28/255.255.255.255 +- IP:10.0.2.29/255.255.255.255 +- IP:10.0.2.30/255.255.255.255 +- IP:10.0.2.31/255.255.255.255 +- IP:10.0.2.32/255.255.255.255 +- IP:10.0.2.33/255.255.255.255 +- IP:10.0.2.34/255.255.255.255 +- IP:10.0.2.35/255.255.255.255 +- IP:10.0.2.36/255.255.255.255 +- IP:10.0.2.37/255.255.255.255 +- IP:10.0.2.38/255.255.255.255 +- IP:10.0.2.39/255.255.255.255 +- IP:10.0.2.40/255.255.255.255 +- IP:10.0.2.41/255.255.255.255 +- IP:10.0.2.42/255.255.255.255 +- IP:10.0.2.43/255.255.255.255 +- IP:10.0.2.44/255.255.255.255 +- IP:10.0.2.45/255.255.255.255 +- IP:10.0.2.46/255.255.255.255 +- IP:10.0.2.47/255.255.255.255 +- IP:10.0.2.48/255.255.255.255 +- IP:10.0.2.49/255.255.255.255 +- IP:10.0.2.50/255.255.255.255 +- IP:10.0.2.51/255.255.255.255 +- IP:10.0.2.52/255.255.255.255 +- IP:10.0.2.53/255.255.255.255 +- IP:10.0.2.54/255.255.255.255 +- IP:10.0.2.55/255.255.255.255 +- IP:10.0.2.56/255.255.255.255 +- IP:10.0.2.57/255.255.255.255 +- IP:10.0.2.58/255.255.255.255 +- IP:10.0.2.59/255.255.255.255 +- IP:10.0.2.60/255.255.255.255 +- IP:10.0.2.61/255.255.255.255 +- IP:10.0.2.62/255.255.255.255 +- IP:10.0.2.63/255.255.255.255 +- IP:10.0.2.64/255.255.255.255 +- IP:10.0.2.65/255.255.255.255 +- IP:10.0.2.66/255.255.255.255 +- IP:10.0.2.67/255.255.255.255 +- IP:10.0.2.68/255.255.255.255 +- IP:10.0.2.69/255.255.255.255 +- IP:10.0.2.70/255.255.255.255 +- IP:10.0.2.71/255.255.255.255 +- IP:10.0.2.72/255.255.255.255 +- IP:10.0.2.73/255.255.255.255 +- IP:10.0.2.74/255.255.255.255 +- IP:10.0.2.75/255.255.255.255 +- IP:10.0.2.76/255.255.255.255 +- IP:10.0.2.77/255.255.255.255 +- IP:10.0.2.78/255.255.255.255 +- IP:10.0.2.79/255.255.255.255 +- IP:10.0.2.80/255.255.255.255 +- IP:10.0.2.81/255.255.255.255 +- IP:10.0.2.82/255.255.255.255 +- IP:10.0.2.83/255.255.255.255 +- IP:10.0.2.84/255.255.255.255 +- IP:10.0.2.85/255.255.255.255 +- IP:10.0.2.86/255.255.255.255 +- IP:10.0.2.87/255.255.255.255 +- IP:10.0.2.88/255.255.255.255 +- IP:10.0.2.89/255.255.255.255 +- IP:10.0.2.90/255.255.255.255 +- IP:10.0.2.91/255.255.255.255 +- IP:10.0.2.92/255.255.255.255 +- IP:10.0.2.93/255.255.255.255 +- IP:10.0.2.94/255.255.255.255 +- IP:10.0.2.95/255.255.255.255 +- IP:10.0.2.96/255.255.255.255 +- IP:10.0.2.97/255.255.255.255 +- IP:10.0.2.98/255.255.255.255 +- IP:10.0.2.99/255.255.255.255 +- IP:10.0.2.100/255.255.255.255 +- IP:10.0.2.101/255.255.255.255 +- IP:10.0.2.102/255.255.255.255 +- IP:10.0.2.103/255.255.255.255 +- IP:10.0.2.104/255.255.255.255 +- IP:10.0.2.105/255.255.255.255 +- IP:10.0.2.106/255.255.255.255 +- IP:10.0.2.107/255.255.255.255 +- IP:10.0.2.108/255.255.255.255 +- IP:10.0.2.109/255.255.255.255 +- IP:10.0.2.110/255.255.255.255 +- IP:10.0.2.111/255.255.255.255 +- IP:10.0.2.112/255.255.255.255 +- IP:10.0.2.113/255.255.255.255 +- IP:10.0.2.114/255.255.255.255 +- IP:10.0.2.115/255.255.255.255 +- IP:10.0.2.116/255.255.255.255 +- IP:10.0.2.117/255.255.255.255 +- IP:10.0.2.118/255.255.255.255 +- IP:10.0.2.119/255.255.255.255 +- IP:10.0.2.120/255.255.255.255 +- IP:10.0.2.121/255.255.255.255 +- IP:10.0.2.122/255.255.255.255 +- IP:10.0.2.123/255.255.255.255 +- IP:10.0.2.124/255.255.255.255 +- IP:10.0.2.125/255.255.255.255 +- IP:10.0.2.126/255.255.255.255 +- IP:10.0.2.127/255.255.255.255 +- IP:10.0.2.128/255.255.255.255 +- IP:10.0.2.129/255.255.255.255 +- IP:10.0.2.130/255.255.255.255 +- IP:10.0.2.131/255.255.255.255 +- IP:10.0.2.132/255.255.255.255 +- IP:10.0.2.133/255.255.255.255 +- IP:10.0.2.134/255.255.255.255 +- IP:10.0.2.135/255.255.255.255 +- IP:10.0.2.136/255.255.255.255 +- IP:10.0.2.137/255.255.255.255 +- IP:10.0.2.138/255.255.255.255 +- IP:10.0.2.139/255.255.255.255 +- IP:10.0.2.140/255.255.255.255 +- IP:10.0.2.141/255.255.255.255 +- IP:10.0.2.142/255.255.255.255 +- IP:10.0.2.143/255.255.255.255 +- IP:10.0.2.144/255.255.255.255 +- IP:10.0.2.145/255.255.255.255 +- IP:10.0.2.146/255.255.255.255 +- IP:10.0.2.147/255.255.255.255 +- IP:10.0.2.148/255.255.255.255 +- IP:10.0.2.149/255.255.255.255 +- IP:10.0.2.150/255.255.255.255 +- IP:10.0.2.151/255.255.255.255 +- IP:10.0.2.152/255.255.255.255 +- IP:10.0.2.153/255.255.255.255 +- IP:10.0.2.154/255.255.255.255 +- IP:10.0.2.155/255.255.255.255 +- IP:10.0.2.156/255.255.255.255 +- IP:10.0.2.157/255.255.255.255 +- IP:10.0.2.158/255.255.255.255 +- IP:10.0.2.159/255.255.255.255 +- IP:10.0.2.160/255.255.255.255 +- IP:10.0.2.161/255.255.255.255 +- IP:10.0.2.162/255.255.255.255 +- IP:10.0.2.163/255.255.255.255 +- IP:10.0.2.164/255.255.255.255 +- IP:10.0.2.165/255.255.255.255 +- IP:10.0.2.166/255.255.255.255 +- IP:10.0.2.167/255.255.255.255 +- IP:10.0.2.168/255.255.255.255 +- IP:10.0.2.169/255.255.255.255 +- IP:10.0.2.170/255.255.255.255 +- IP:10.0.2.171/255.255.255.255 +- IP:10.0.2.172/255.255.255.255 +- IP:10.0.2.173/255.255.255.255 +- IP:10.0.2.174/255.255.255.255 +- IP:10.0.2.175/255.255.255.255 +- IP:10.0.2.176/255.255.255.255 +- IP:10.0.2.177/255.255.255.255 +- IP:10.0.2.178/255.255.255.255 +- IP:10.0.2.179/255.255.255.255 +- IP:10.0.2.180/255.255.255.255 +- IP:10.0.2.181/255.255.255.255 +- IP:10.0.2.182/255.255.255.255 +- IP:10.0.2.183/255.255.255.255 +- IP:10.0.2.184/255.255.255.255 +- IP:10.0.2.185/255.255.255.255 +- IP:10.0.2.186/255.255.255.255 +- IP:10.0.2.187/255.255.255.255 +- IP:10.0.2.188/255.255.255.255 +- IP:10.0.2.189/255.255.255.255 +- IP:10.0.2.190/255.255.255.255 +- IP:10.0.2.191/255.255.255.255 +- IP:10.0.2.192/255.255.255.255 +- IP:10.0.2.193/255.255.255.255 +- IP:10.0.2.194/255.255.255.255 +- IP:10.0.2.195/255.255.255.255 +- IP:10.0.2.196/255.255.255.255 +- IP:10.0.2.197/255.255.255.255 +- IP:10.0.2.198/255.255.255.255 +- IP:10.0.2.199/255.255.255.255 +- IP:10.0.2.200/255.255.255.255 +- IP:10.0.2.201/255.255.255.255 +- IP:10.0.2.202/255.255.255.255 +- IP:10.0.2.203/255.255.255.255 +- IP:10.0.2.204/255.255.255.255 +- IP:10.0.2.205/255.255.255.255 +- IP:10.0.2.206/255.255.255.255 +- IP:10.0.2.207/255.255.255.255 +- IP:10.0.2.208/255.255.255.255 +- IP:10.0.2.209/255.255.255.255 +- IP:10.0.2.210/255.255.255.255 +- IP:10.0.2.211/255.255.255.255 +- IP:10.0.2.212/255.255.255.255 +- IP:10.0.2.213/255.255.255.255 +- IP:10.0.2.214/255.255.255.255 +- IP:10.0.2.215/255.255.255.255 +- IP:10.0.2.216/255.255.255.255 +- IP:10.0.2.217/255.255.255.255 +- IP:10.0.2.218/255.255.255.255 +- IP:10.0.2.219/255.255.255.255 +- IP:10.0.2.220/255.255.255.255 +- IP:10.0.2.221/255.255.255.255 +- IP:10.0.2.222/255.255.255.255 +- IP:10.0.2.223/255.255.255.255 +- IP:10.0.2.224/255.255.255.255 +- IP:10.0.2.225/255.255.255.255 +- IP:10.0.2.226/255.255.255.255 +- IP:10.0.2.227/255.255.255.255 +- IP:10.0.2.228/255.255.255.255 +- IP:10.0.2.229/255.255.255.255 +- IP:10.0.2.230/255.255.255.255 +- IP:10.0.2.231/255.255.255.255 +- IP:10.0.2.232/255.255.255.255 +- IP:10.0.2.233/255.255.255.255 +- IP:10.0.2.234/255.255.255.255 +- IP:10.0.2.235/255.255.255.255 +- IP:10.0.2.236/255.255.255.255 +- IP:10.0.2.237/255.255.255.255 +- IP:10.0.2.238/255.255.255.255 +- IP:10.0.2.239/255.255.255.255 +- IP:10.0.2.240/255.255.255.255 +- IP:10.0.2.241/255.255.255.255 +- IP:10.0.2.242/255.255.255.255 +- IP:10.0.2.243/255.255.255.255 +- IP:10.0.2.244/255.255.255.255 +- IP:10.0.2.245/255.255.255.255 +- IP:10.0.2.246/255.255.255.255 +- IP:10.0.2.247/255.255.255.255 +- IP:10.0.2.248/255.255.255.255 +- IP:10.0.2.249/255.255.255.255 +- IP:10.0.2.250/255.255.255.255 +- IP:10.0.2.251/255.255.255.255 +- IP:10.0.2.252/255.255.255.255 +- IP:10.0.2.253/255.255.255.255 +- IP:10.0.2.254/255.255.255.255 +- IP:10.0.2.255/255.255.255.255 +- IP:10.0.3.0/255.255.255.255 +- IP:10.0.3.1/255.255.255.255 +- IP:10.0.3.2/255.255.255.255 +- IP:10.0.3.3/255.255.255.255 +- IP:10.0.3.4/255.255.255.255 +- IP:10.0.3.5/255.255.255.255 +- IP:10.0.3.6/255.255.255.255 +- IP:10.0.3.7/255.255.255.255 +- IP:10.0.3.8/255.255.255.255 +- IP:10.0.3.9/255.255.255.255 +- IP:10.0.3.10/255.255.255.255 +- IP:10.0.3.11/255.255.255.255 +- IP:10.0.3.12/255.255.255.255 +- IP:10.0.3.13/255.255.255.255 +- IP:10.0.3.14/255.255.255.255 +- IP:10.0.3.15/255.255.255.255 +- IP:10.0.3.16/255.255.255.255 +- IP:10.0.3.17/255.255.255.255 +- IP:10.0.3.18/255.255.255.255 +- IP:10.0.3.19/255.255.255.255 +- IP:10.0.3.20/255.255.255.255 +- IP:10.0.3.21/255.255.255.255 +- IP:10.0.3.22/255.255.255.255 +- IP:10.0.3.23/255.255.255.255 +- IP:10.0.3.24/255.255.255.255 +- IP:10.0.3.25/255.255.255.255 +- IP:10.0.3.26/255.255.255.255 +- IP:10.0.3.27/255.255.255.255 +- IP:10.0.3.28/255.255.255.255 +- IP:10.0.3.29/255.255.255.255 +- IP:10.0.3.30/255.255.255.255 +- IP:10.0.3.31/255.255.255.255 +- IP:10.0.3.32/255.255.255.255 +- IP:10.0.3.33/255.255.255.255 +- IP:10.0.3.34/255.255.255.255 +- IP:10.0.3.35/255.255.255.255 +- IP:10.0.3.36/255.255.255.255 +- IP:10.0.3.37/255.255.255.255 +- IP:10.0.3.38/255.255.255.255 +- IP:10.0.3.39/255.255.255.255 +- IP:10.0.3.40/255.255.255.255 +- IP:10.0.3.41/255.255.255.255 +- IP:10.0.3.42/255.255.255.255 +- IP:10.0.3.43/255.255.255.255 +- IP:10.0.3.44/255.255.255.255 +- IP:10.0.3.45/255.255.255.255 +- IP:10.0.3.46/255.255.255.255 +- IP:10.0.3.47/255.255.255.255 +- IP:10.0.3.48/255.255.255.255 +- IP:10.0.3.49/255.255.255.255 +- IP:10.0.3.50/255.255.255.255 +- IP:10.0.3.51/255.255.255.255 +- IP:10.0.3.52/255.255.255.255 +- IP:10.0.3.53/255.255.255.255 +- IP:10.0.3.54/255.255.255.255 +- IP:10.0.3.55/255.255.255.255 +- IP:10.0.3.56/255.255.255.255 +- IP:10.0.3.57/255.255.255.255 +- IP:10.0.3.58/255.255.255.255 +- IP:10.0.3.59/255.255.255.255 +- IP:10.0.3.60/255.255.255.255 +- IP:10.0.3.61/255.255.255.255 +- IP:10.0.3.62/255.255.255.255 +- IP:10.0.3.63/255.255.255.255 +- IP:10.0.3.64/255.255.255.255 +- IP:10.0.3.65/255.255.255.255 +- IP:10.0.3.66/255.255.255.255 +- IP:10.0.3.67/255.255.255.255 +- IP:10.0.3.68/255.255.255.255 +- IP:10.0.3.69/255.255.255.255 +- IP:10.0.3.70/255.255.255.255 +- IP:10.0.3.71/255.255.255.255 +- IP:10.0.3.72/255.255.255.255 +- IP:10.0.3.73/255.255.255.255 +- IP:10.0.3.74/255.255.255.255 +- IP:10.0.3.75/255.255.255.255 +- IP:10.0.3.76/255.255.255.255 +- IP:10.0.3.77/255.255.255.255 +- IP:10.0.3.78/255.255.255.255 +- IP:10.0.3.79/255.255.255.255 +- IP:10.0.3.80/255.255.255.255 +- IP:10.0.3.81/255.255.255.255 +- IP:10.0.3.82/255.255.255.255 +- IP:10.0.3.83/255.255.255.255 +- IP:10.0.3.84/255.255.255.255 +- IP:10.0.3.85/255.255.255.255 +- IP:10.0.3.86/255.255.255.255 +- IP:10.0.3.87/255.255.255.255 +- IP:10.0.3.88/255.255.255.255 +- IP:10.0.3.89/255.255.255.255 +- IP:10.0.3.90/255.255.255.255 +- IP:10.0.3.91/255.255.255.255 +- IP:10.0.3.92/255.255.255.255 +- IP:10.0.3.93/255.255.255.255 +- IP:10.0.3.94/255.255.255.255 +- IP:10.0.3.95/255.255.255.255 +- IP:10.0.3.96/255.255.255.255 +- IP:10.0.3.97/255.255.255.255 +- IP:10.0.3.98/255.255.255.255 +- IP:10.0.3.99/255.255.255.255 +- IP:10.0.3.100/255.255.255.255 +- IP:10.0.3.101/255.255.255.255 +- IP:10.0.3.102/255.255.255.255 +- IP:10.0.3.103/255.255.255.255 +- IP:10.0.3.104/255.255.255.255 +- IP:10.0.3.105/255.255.255.255 +- IP:10.0.3.106/255.255.255.255 +- IP:10.0.3.107/255.255.255.255 +- IP:10.0.3.108/255.255.255.255 +- IP:10.0.3.109/255.255.255.255 +- IP:10.0.3.110/255.255.255.255 +- IP:10.0.3.111/255.255.255.255 +- IP:10.0.3.112/255.255.255.255 +- IP:10.0.3.113/255.255.255.255 +- IP:10.0.3.114/255.255.255.255 +- IP:10.0.3.115/255.255.255.255 +- IP:10.0.3.116/255.255.255.255 +- IP:10.0.3.117/255.255.255.255 +- IP:10.0.3.118/255.255.255.255 +- IP:10.0.3.119/255.255.255.255 +- IP:10.0.3.120/255.255.255.255 +- IP:10.0.3.121/255.255.255.255 +- IP:10.0.3.122/255.255.255.255 +- IP:10.0.3.123/255.255.255.255 +- IP:10.0.3.124/255.255.255.255 +- IP:10.0.3.125/255.255.255.255 +- IP:10.0.3.126/255.255.255.255 +- IP:10.0.3.127/255.255.255.255 +- IP:10.0.3.128/255.255.255.255 +- IP:10.0.3.129/255.255.255.255 +- IP:10.0.3.130/255.255.255.255 +- IP:10.0.3.131/255.255.255.255 +- IP:10.0.3.132/255.255.255.255 +- IP:10.0.3.133/255.255.255.255 +- IP:10.0.3.134/255.255.255.255 +- IP:10.0.3.135/255.255.255.255 +- IP:10.0.3.136/255.255.255.255 +- IP:10.0.3.137/255.255.255.255 +- IP:10.0.3.138/255.255.255.255 +- IP:10.0.3.139/255.255.255.255 +- IP:10.0.3.140/255.255.255.255 +- IP:10.0.3.141/255.255.255.255 +- IP:10.0.3.142/255.255.255.255 +- IP:10.0.3.143/255.255.255.255 +- IP:10.0.3.144/255.255.255.255 +- IP:10.0.3.145/255.255.255.255 +- IP:10.0.3.146/255.255.255.255 +- IP:10.0.3.147/255.255.255.255 +- IP:10.0.3.148/255.255.255.255 +- IP:10.0.3.149/255.255.255.255 +- IP:10.0.3.150/255.255.255.255 +- IP:10.0.3.151/255.255.255.255 +- IP:10.0.3.152/255.255.255.255 +- IP:10.0.3.153/255.255.255.255 +- IP:10.0.3.154/255.255.255.255 +- IP:10.0.3.155/255.255.255.255 +- IP:10.0.3.156/255.255.255.255 +- IP:10.0.3.157/255.255.255.255 +- IP:10.0.3.158/255.255.255.255 +- IP:10.0.3.159/255.255.255.255 +- IP:10.0.3.160/255.255.255.255 +- IP:10.0.3.161/255.255.255.255 +- IP:10.0.3.162/255.255.255.255 +- IP:10.0.3.163/255.255.255.255 +- IP:10.0.3.164/255.255.255.255 +- IP:10.0.3.165/255.255.255.255 +- IP:10.0.3.166/255.255.255.255 +- IP:10.0.3.167/255.255.255.255 +- IP:10.0.3.168/255.255.255.255 +- IP:10.0.3.169/255.255.255.255 +- IP:10.0.3.170/255.255.255.255 +- IP:10.0.3.171/255.255.255.255 +- IP:10.0.3.172/255.255.255.255 +- IP:10.0.3.173/255.255.255.255 +- IP:10.0.3.174/255.255.255.255 +- IP:10.0.3.175/255.255.255.255 +- IP:10.0.3.176/255.255.255.255 +- IP:10.0.3.177/255.255.255.255 +- IP:10.0.3.178/255.255.255.255 +- IP:10.0.3.179/255.255.255.255 +- IP:10.0.3.180/255.255.255.255 +- IP:10.0.3.181/255.255.255.255 +- IP:10.0.3.182/255.255.255.255 +- IP:10.0.3.183/255.255.255.255 +- IP:10.0.3.184/255.255.255.255 +- IP:10.0.3.185/255.255.255.255 +- IP:10.0.3.186/255.255.255.255 +- IP:10.0.3.187/255.255.255.255 +- IP:10.0.3.188/255.255.255.255 +- IP:10.0.3.189/255.255.255.255 +- IP:10.0.3.190/255.255.255.255 +- IP:10.0.3.191/255.255.255.255 +- IP:10.0.3.192/255.255.255.255 +- IP:10.0.3.193/255.255.255.255 +- IP:10.0.3.194/255.255.255.255 +- IP:10.0.3.195/255.255.255.255 +- IP:10.0.3.196/255.255.255.255 +- IP:10.0.3.197/255.255.255.255 +- IP:10.0.3.198/255.255.255.255 +- IP:10.0.3.199/255.255.255.255 +- IP:10.0.3.200/255.255.255.255 +- IP:10.0.3.201/255.255.255.255 +- IP:10.0.3.202/255.255.255.255 +- IP:10.0.3.203/255.255.255.255 +- IP:10.0.3.204/255.255.255.255 +- IP:10.0.3.205/255.255.255.255 +- IP:10.0.3.206/255.255.255.255 +- IP:10.0.3.207/255.255.255.255 +- IP:10.0.3.208/255.255.255.255 +- IP:10.0.3.209/255.255.255.255 +- IP:10.0.3.210/255.255.255.255 +- IP:10.0.3.211/255.255.255.255 +- IP:10.0.3.212/255.255.255.255 +- IP:10.0.3.213/255.255.255.255 +- IP:10.0.3.214/255.255.255.255 +- IP:10.0.3.215/255.255.255.255 +- IP:10.0.3.216/255.255.255.255 +- IP:10.0.3.217/255.255.255.255 +- IP:10.0.3.218/255.255.255.255 +- IP:10.0.3.219/255.255.255.255 +- IP:10.0.3.220/255.255.255.255 +- IP:10.0.3.221/255.255.255.255 +- IP:10.0.3.222/255.255.255.255 +- IP:10.0.3.223/255.255.255.255 +- IP:10.0.3.224/255.255.255.255 +- IP:10.0.3.225/255.255.255.255 +- IP:10.0.3.226/255.255.255.255 +- IP:10.0.3.227/255.255.255.255 +- IP:10.0.3.228/255.255.255.255 +- IP:10.0.3.229/255.255.255.255 +- IP:10.0.3.230/255.255.255.255 +- IP:10.0.3.231/255.255.255.255 +- IP:10.0.3.232/255.255.255.255 +- IP:10.0.3.233/255.255.255.255 +- IP:10.0.3.234/255.255.255.255 +- IP:10.0.3.235/255.255.255.255 +- IP:10.0.3.236/255.255.255.255 +- IP:10.0.3.237/255.255.255.255 +- IP:10.0.3.238/255.255.255.255 +- IP:10.0.3.239/255.255.255.255 +- IP:10.0.3.240/255.255.255.255 +- IP:10.0.3.241/255.255.255.255 +- IP:10.0.3.242/255.255.255.255 +- IP:10.0.3.243/255.255.255.255 +- IP:10.0.3.244/255.255.255.255 +- IP:10.0.3.245/255.255.255.255 +- IP:10.0.3.246/255.255.255.255 +- IP:10.0.3.247/255.255.255.255 +- IP:10.0.3.248/255.255.255.255 +- IP:10.0.3.249/255.255.255.255 +- IP:10.0.3.250/255.255.255.255 +- IP:10.0.3.251/255.255.255.255 +- IP:10.0.3.252/255.255.255.255 +- IP:10.0.3.253/255.255.255.255 +- IP:10.0.3.254/255.255.255.255 +- IP:10.0.3.255/255.255.255.255 +- IP:10.0.4.0/255.255.255.255 +- DirName:CN = t0 +- DirName:CN = t1 +- DirName:CN = t2 +- DirName:CN = t3 +- DirName:CN = t4 +- DirName:CN = t5 +- DirName:CN = t6 +- DirName:CN = t7 +- DirName:CN = t8 +- DirName:CN = t9 +- DirName:CN = t10 +- DirName:CN = t11 +- DirName:CN = t12 +- DirName:CN = t13 +- DirName:CN = t14 +- DirName:CN = t15 +- DirName:CN = t16 +- DirName:CN = t17 +- DirName:CN = t18 +- DirName:CN = t19 +- DirName:CN = t20 +- DirName:CN = t21 +- DirName:CN = t22 +- DirName:CN = t23 +- DirName:CN = t24 +- DirName:CN = t25 +- DirName:CN = t26 +- DirName:CN = t27 +- DirName:CN = t28 +- DirName:CN = t29 +- DirName:CN = t30 +- DirName:CN = t31 +- DirName:CN = t32 +- DirName:CN = t33 +- DirName:CN = t34 +- DirName:CN = t35 +- DirName:CN = t36 +- DirName:CN = t37 +- DirName:CN = t38 +- DirName:CN = t39 +- DirName:CN = t40 +- DirName:CN = t41 +- DirName:CN = t42 +- DirName:CN = t43 +- DirName:CN = t44 +- DirName:CN = t45 +- DirName:CN = t46 +- DirName:CN = t47 +- DirName:CN = t48 +- DirName:CN = t49 +- DirName:CN = t50 +- DirName:CN = t51 +- DirName:CN = t52 +- DirName:CN = t53 +- DirName:CN = t54 +- DirName:CN = t55 +- DirName:CN = t56 +- DirName:CN = t57 +- DirName:CN = t58 +- DirName:CN = t59 +- DirName:CN = t60 +- DirName:CN = t61 +- DirName:CN = t62 +- DirName:CN = t63 +- DirName:CN = t64 +- DirName:CN = t65 +- DirName:CN = t66 +- DirName:CN = t67 +- DirName:CN = t68 +- DirName:CN = t69 +- DirName:CN = t70 +- DirName:CN = t71 +- DirName:CN = t72 +- DirName:CN = t73 +- DirName:CN = t74 +- DirName:CN = t75 +- DirName:CN = t76 +- DirName:CN = t77 +- DirName:CN = t78 +- DirName:CN = t79 +- DirName:CN = t80 +- DirName:CN = t81 +- DirName:CN = t82 +- DirName:CN = t83 +- DirName:CN = t84 +- DirName:CN = t85 +- DirName:CN = t86 +- DirName:CN = t87 +- DirName:CN = t88 +- DirName:CN = t89 +- DirName:CN = t90 +- DirName:CN = t91 +- DirName:CN = t92 +- DirName:CN = t93 +- DirName:CN = t94 +- DirName:CN = t95 +- DirName:CN = t96 +- DirName:CN = t97 +- DirName:CN = t98 +- DirName:CN = t99 +- DirName:CN = t100 +- DirName:CN = t101 +- DirName:CN = t102 +- DirName:CN = t103 +- DirName:CN = t104 +- DirName:CN = t105 +- DirName:CN = t106 +- DirName:CN = t107 +- DirName:CN = t108 +- DirName:CN = t109 +- DirName:CN = t110 +- DirName:CN = t111 +- DirName:CN = t112 +- DirName:CN = t113 +- DirName:CN = t114 +- DirName:CN = t115 +- DirName:CN = t116 +- DirName:CN = t117 +- DirName:CN = t118 +- DirName:CN = t119 +- DirName:CN = t120 +- DirName:CN = t121 +- DirName:CN = t122 +- DirName:CN = t123 +- DirName:CN = t124 +- DirName:CN = t125 +- DirName:CN = t126 +- DirName:CN = t127 +- DirName:CN = t128 +- DirName:CN = t129 +- DirName:CN = t130 +- DirName:CN = t131 +- DirName:CN = t132 +- DirName:CN = t133 +- DirName:CN = t134 +- DirName:CN = t135 +- DirName:CN = t136 +- DirName:CN = t137 +- DirName:CN = t138 +- DirName:CN = t139 +- DirName:CN = t140 +- DirName:CN = t141 +- DirName:CN = t142 +- DirName:CN = t143 +- DirName:CN = t144 +- DirName:CN = t145 +- DirName:CN = t146 +- DirName:CN = t147 +- DirName:CN = t148 +- DirName:CN = t149 +- DirName:CN = t150 +- DirName:CN = t151 +- DirName:CN = t152 +- DirName:CN = t153 +- DirName:CN = t154 +- DirName:CN = t155 +- DirName:CN = t156 +- DirName:CN = t157 +- DirName:CN = t158 +- DirName:CN = t159 +- DirName:CN = t160 +- DirName:CN = t161 +- DirName:CN = t162 +- DirName:CN = t163 +- DirName:CN = t164 +- DirName:CN = t165 +- DirName:CN = t166 +- DirName:CN = t167 +- DirName:CN = t168 +- DirName:CN = t169 +- DirName:CN = t170 +- DirName:CN = t171 +- DirName:CN = t172 +- DirName:CN = t173 +- DirName:CN = t174 +- DirName:CN = t175 +- DirName:CN = t176 +- DirName:CN = t177 +- DirName:CN = t178 +- DirName:CN = t179 +- DirName:CN = t180 +- DirName:CN = t181 +- DirName:CN = t182 +- DirName:CN = t183 +- DirName:CN = t184 +- DirName:CN = t185 +- DirName:CN = t186 +- DirName:CN = t187 +- DirName:CN = t188 +- DirName:CN = t189 +- DirName:CN = t190 +- DirName:CN = t191 +- DirName:CN = t192 +- DirName:CN = t193 +- DirName:CN = t194 +- DirName:CN = t195 +- DirName:CN = t196 +- DirName:CN = t197 +- DirName:CN = t198 +- DirName:CN = t199 +- DirName:CN = t200 +- DirName:CN = t201 +- DirName:CN = t202 +- DirName:CN = t203 +- DirName:CN = t204 +- DirName:CN = t205 +- DirName:CN = t206 +- DirName:CN = t207 +- DirName:CN = t208 +- DirName:CN = t209 +- DirName:CN = t210 +- DirName:CN = t211 +- DirName:CN = t212 +- DirName:CN = t213 +- DirName:CN = t214 +- DirName:CN = t215 +- DirName:CN = t216 +- DirName:CN = t217 +- DirName:CN = t218 +- DirName:CN = t219 +- DirName:CN = t220 +- DirName:CN = t221 +- DirName:CN = t222 +- DirName:CN = t223 +- DirName:CN = t224 +- DirName:CN = t225 +- DirName:CN = t226 +- DirName:CN = t227 +- DirName:CN = t228 +- DirName:CN = t229 +- DirName:CN = t230 +- DirName:CN = t231 +- DirName:CN = t232 +- DirName:CN = t233 +- DirName:CN = t234 +- DirName:CN = t235 +- DirName:CN = t236 +- DirName:CN = t237 +- DirName:CN = t238 +- DirName:CN = t239 +- DirName:CN = t240 +- DirName:CN = t241 +- DirName:CN = t242 +- DirName:CN = t243 +- DirName:CN = t244 +- DirName:CN = t245 +- DirName:CN = t246 +- DirName:CN = t247 +- DirName:CN = t248 +- DirName:CN = t249 +- DirName:CN = t250 +- DirName:CN = t251 +- DirName:CN = t252 +- DirName:CN = t253 +- DirName:CN = t254 +- DirName:CN = t255 +- DirName:CN = t256 +- DirName:CN = t257 +- DirName:CN = t258 +- DirName:CN = t259 +- DirName:CN = t260 +- DirName:CN = t261 +- DirName:CN = t262 +- DirName:CN = t263 +- DirName:CN = t264 +- DirName:CN = t265 +- DirName:CN = t266 +- DirName:CN = t267 +- DirName:CN = t268 +- DirName:CN = t269 +- DirName:CN = t270 +- DirName:CN = t271 +- DirName:CN = t272 +- DirName:CN = t273 +- DirName:CN = t274 +- DirName:CN = t275 +- DirName:CN = t276 +- DirName:CN = t277 +- DirName:CN = t278 +- DirName:CN = t279 +- DirName:CN = t280 +- DirName:CN = t281 +- DirName:CN = t282 +- DirName:CN = t283 +- DirName:CN = t284 +- DirName:CN = t285 +- DirName:CN = t286 +- DirName:CN = t287 +- DirName:CN = t288 +- DirName:CN = t289 +- DirName:CN = t290 +- DirName:CN = t291 +- DirName:CN = t292 +- DirName:CN = t293 +- DirName:CN = t294 +- DirName:CN = t295 +- DirName:CN = t296 +- DirName:CN = t297 +- DirName:CN = t298 +- DirName:CN = t299 +- DirName:CN = t300 +- DirName:CN = t301 +- DirName:CN = t302 +- DirName:CN = t303 +- DirName:CN = t304 +- DirName:CN = t305 +- DirName:CN = t306 +- DirName:CN = t307 +- DirName:CN = t308 +- DirName:CN = t309 +- DirName:CN = t310 +- DirName:CN = t311 +- DirName:CN = t312 +- DirName:CN = t313 +- DirName:CN = t314 +- DirName:CN = t315 +- DirName:CN = t316 +- DirName:CN = t317 +- DirName:CN = t318 +- DirName:CN = t319 +- DirName:CN = t320 +- DirName:CN = t321 +- DirName:CN = t322 +- DirName:CN = t323 +- DirName:CN = t324 +- DirName:CN = t325 +- DirName:CN = t326 +- DirName:CN = t327 +- DirName:CN = t328 +- DirName:CN = t329 +- DirName:CN = t330 +- DirName:CN = t331 +- DirName:CN = t332 +- DirName:CN = t333 +- DirName:CN = t334 +- DirName:CN = t335 +- DirName:CN = t336 +- DirName:CN = t337 +- DirName:CN = t338 +- DirName:CN = t339 +- DirName:CN = t340 +- DirName:CN = t341 +- DirName:CN = t342 +- DirName:CN = t343 +- DirName:CN = t344 +- DirName:CN = t345 +- DirName:CN = t346 +- DirName:CN = t347 +- DirName:CN = t348 +- DirName:CN = t349 +- DirName:CN = t350 +- DirName:CN = t351 +- DirName:CN = t352 +- DirName:CN = t353 +- DirName:CN = t354 +- DirName:CN = t355 +- DirName:CN = t356 +- DirName:CN = t357 +- DirName:CN = t358 +- DirName:CN = t359 +- DirName:CN = t360 +- DirName:CN = t361 +- DirName:CN = t362 +- DirName:CN = t363 +- DirName:CN = t364 +- DirName:CN = t365 +- DirName:CN = t366 +- DirName:CN = t367 +- DirName:CN = t368 +- DirName:CN = t369 +- DirName:CN = t370 +- DirName:CN = t371 +- DirName:CN = t372 +- DirName:CN = t373 +- DirName:CN = t374 +- DirName:CN = t375 +- DirName:CN = t376 +- DirName:CN = t377 +- DirName:CN = t378 +- DirName:CN = t379 +- DirName:CN = t380 +- DirName:CN = t381 +- DirName:CN = t382 +- DirName:CN = t383 +- DirName:CN = t384 +- DirName:CN = t385 +- DirName:CN = t386 +- DirName:CN = t387 +- DirName:CN = t388 +- DirName:CN = t389 +- DirName:CN = t390 +- DirName:CN = t391 +- DirName:CN = t392 +- DirName:CN = t393 +- DirName:CN = t394 +- DirName:CN = t395 +- DirName:CN = t396 +- DirName:CN = t397 +- DirName:CN = t398 +- DirName:CN = t399 +- DirName:CN = t400 +- DirName:CN = t401 +- DirName:CN = t402 +- DirName:CN = t403 +- DirName:CN = t404 +- DirName:CN = t405 +- DirName:CN = t406 +- DirName:CN = t407 +- DirName:CN = t408 +- DirName:CN = t409 +- DirName:CN = t410 +- DirName:CN = t411 +- DirName:CN = t412 +- DirName:CN = t413 +- DirName:CN = t414 +- DirName:CN = t415 +- DirName:CN = t416 +- DirName:CN = t417 +- DirName:CN = t418 +- DirName:CN = t419 +- DirName:CN = t420 +- DirName:CN = t421 +- DirName:CN = t422 +- DirName:CN = t423 +- DirName:CN = t424 +- DirName:CN = t425 +- DirName:CN = t426 +- DirName:CN = t427 +- DirName:CN = t428 +- DirName:CN = t429 +- DirName:CN = t430 +- DirName:CN = t431 +- DirName:CN = t432 +- DirName:CN = t433 +- DirName:CN = t434 +- DirName:CN = t435 +- DirName:CN = t436 +- DirName:CN = t437 +- DirName:CN = t438 +- DirName:CN = t439 +- DirName:CN = t440 +- DirName:CN = t441 +- DirName:CN = t442 +- DirName:CN = t443 +- DirName:CN = t444 +- DirName:CN = t445 +- DirName:CN = t446 +- DirName:CN = t447 +- DirName:CN = t448 +- DirName:CN = t449 +- DirName:CN = t450 +- DirName:CN = t451 +- DirName:CN = t452 +- DirName:CN = t453 +- DirName:CN = t454 +- DirName:CN = t455 +- DirName:CN = t456 +- DirName:CN = t457 +- DirName:CN = t458 +- DirName:CN = t459 +- DirName:CN = t460 +- DirName:CN = t461 +- DirName:CN = t462 +- DirName:CN = t463 +- DirName:CN = t464 +- DirName:CN = t465 +- DirName:CN = t466 +- DirName:CN = t467 +- DirName:CN = t468 +- DirName:CN = t469 +- DirName:CN = t470 +- DirName:CN = t471 +- DirName:CN = t472 +- DirName:CN = t473 +- DirName:CN = t474 +- DirName:CN = t475 +- DirName:CN = t476 +- DirName:CN = t477 +- DirName:CN = t478 +- DirName:CN = t479 +- DirName:CN = t480 +- DirName:CN = t481 +- DirName:CN = t482 +- DirName:CN = t483 +- DirName:CN = t484 +- DirName:CN = t485 +- DirName:CN = t486 +- DirName:CN = t487 +- DirName:CN = t488 +- DirName:CN = t489 +- DirName:CN = t490 +- DirName:CN = t491 +- DirName:CN = t492 +- DirName:CN = t493 +- DirName:CN = t494 +- DirName:CN = t495 +- DirName:CN = t496 +- DirName:CN = t497 +- DirName:CN = t498 +- DirName:CN = t499 +- DirName:CN = t500 +- DirName:CN = t501 +- DirName:CN = t502 +- DirName:CN = t503 +- DirName:CN = t504 +- DirName:CN = t505 +- DirName:CN = t506 +- DirName:CN = t507 +- DirName:CN = t508 +- DirName:CN = t509 +- DirName:CN = t510 +- DirName:CN = t511 +- DirName:CN = t512 +- DirName:CN = t513 +- DirName:CN = t514 +- DirName:CN = t515 +- DirName:CN = t516 +- DirName:CN = t517 +- DirName:CN = t518 +- DirName:CN = t519 +- DirName:CN = t520 +- DirName:CN = t521 +- DirName:CN = t522 +- DirName:CN = t523 +- DirName:CN = t524 +- DirName:CN = t525 +- DirName:CN = t526 +- DirName:CN = t527 +- DirName:CN = t528 +- DirName:CN = t529 +- DirName:CN = t530 +- DirName:CN = t531 +- DirName:CN = t532 +- DirName:CN = t533 +- DirName:CN = t534 +- DirName:CN = t535 +- DirName:CN = t536 +- DirName:CN = t537 +- DirName:CN = t538 +- DirName:CN = t539 +- DirName:CN = t540 +- DirName:CN = t541 +- DirName:CN = t542 +- DirName:CN = t543 +- DirName:CN = t544 +- DirName:CN = t545 +- DirName:CN = t546 +- DirName:CN = t547 +- DirName:CN = t548 +- DirName:CN = t549 +- DirName:CN = t550 +- DirName:CN = t551 +- DirName:CN = t552 +- DirName:CN = t553 +- DirName:CN = t554 +- DirName:CN = t555 +- DirName:CN = t556 +- DirName:CN = t557 +- DirName:CN = t558 +- DirName:CN = t559 +- DirName:CN = t560 +- DirName:CN = t561 +- DirName:CN = t562 +- DirName:CN = t563 +- DirName:CN = t564 +- DirName:CN = t565 +- DirName:CN = t566 +- DirName:CN = t567 +- DirName:CN = t568 +- DirName:CN = t569 +- DirName:CN = t570 +- DirName:CN = t571 +- DirName:CN = t572 +- DirName:CN = t573 +- DirName:CN = t574 +- DirName:CN = t575 +- DirName:CN = t576 +- DirName:CN = t577 +- DirName:CN = t578 +- DirName:CN = t579 +- DirName:CN = t580 +- DirName:CN = t581 +- DirName:CN = t582 +- DirName:CN = t583 +- DirName:CN = t584 +- DirName:CN = t585 +- DirName:CN = t586 +- DirName:CN = t587 +- DirName:CN = t588 +- DirName:CN = t589 +- DirName:CN = t590 +- DirName:CN = t591 +- DirName:CN = t592 +- DirName:CN = t593 +- DirName:CN = t594 +- DirName:CN = t595 +- DirName:CN = t596 +- DirName:CN = t597 +- DirName:CN = t598 +- DirName:CN = t599 +- DirName:CN = t600 +- DirName:CN = t601 +- DirName:CN = t602 +- DirName:CN = t603 +- DirName:CN = t604 +- DirName:CN = t605 +- DirName:CN = t606 +- DirName:CN = t607 +- DirName:CN = t608 +- DirName:CN = t609 +- DirName:CN = t610 +- DirName:CN = t611 +- DirName:CN = t612 +- DirName:CN = t613 +- DirName:CN = t614 +- DirName:CN = t615 +- DirName:CN = t616 +- DirName:CN = t617 +- DirName:CN = t618 +- DirName:CN = t619 +- DirName:CN = t620 +- DirName:CN = t621 +- DirName:CN = t622 +- DirName:CN = t623 +- DirName:CN = t624 +- DirName:CN = t625 +- DirName:CN = t626 +- DirName:CN = t627 +- DirName:CN = t628 +- DirName:CN = t629 +- DirName:CN = t630 +- DirName:CN = t631 +- DirName:CN = t632 +- DirName:CN = t633 +- DirName:CN = t634 +- DirName:CN = t635 +- DirName:CN = t636 +- DirName:CN = t637 +- DirName:CN = t638 +- DirName:CN = t639 +- DirName:CN = t640 +- DirName:CN = t641 +- DirName:CN = t642 +- DirName:CN = t643 +- DirName:CN = t644 +- DirName:CN = t645 +- DirName:CN = t646 +- DirName:CN = t647 +- DirName:CN = t648 +- DirName:CN = t649 +- DirName:CN = t650 +- DirName:CN = t651 +- DirName:CN = t652 +- DirName:CN = t653 +- DirName:CN = t654 +- DirName:CN = t655 +- DirName:CN = t656 +- DirName:CN = t657 +- DirName:CN = t658 +- DirName:CN = t659 +- DirName:CN = t660 +- DirName:CN = t661 +- DirName:CN = t662 +- DirName:CN = t663 +- DirName:CN = t664 +- DirName:CN = t665 +- DirName:CN = t666 +- DirName:CN = t667 +- DirName:CN = t668 +- DirName:CN = t669 +- DirName:CN = t670 +- DirName:CN = t671 +- DirName:CN = t672 +- DirName:CN = t673 +- DirName:CN = t674 +- DirName:CN = t675 +- DirName:CN = t676 +- DirName:CN = t677 +- DirName:CN = t678 +- DirName:CN = t679 +- DirName:CN = t680 +- DirName:CN = t681 +- DirName:CN = t682 +- DirName:CN = t683 +- DirName:CN = t684 +- DirName:CN = t685 +- DirName:CN = t686 +- DirName:CN = t687 +- DirName:CN = t688 +- DirName:CN = t689 +- DirName:CN = t690 +- DirName:CN = t691 +- DirName:CN = t692 +- DirName:CN = t693 +- DirName:CN = t694 +- DirName:CN = t695 +- DirName:CN = t696 +- DirName:CN = t697 +- DirName:CN = t698 +- DirName:CN = t699 +- DirName:CN = t700 +- DirName:CN = t701 +- DirName:CN = t702 +- DirName:CN = t703 +- DirName:CN = t704 +- DirName:CN = t705 +- DirName:CN = t706 +- DirName:CN = t707 +- DirName:CN = t708 +- DirName:CN = t709 +- DirName:CN = t710 +- DirName:CN = t711 +- DirName:CN = t712 +- DirName:CN = t713 +- DirName:CN = t714 +- DirName:CN = t715 +- DirName:CN = t716 +- DirName:CN = t717 +- DirName:CN = t718 +- DirName:CN = t719 +- DirName:CN = t720 +- DirName:CN = t721 +- DirName:CN = t722 +- DirName:CN = t723 +- DirName:CN = t724 +- DirName:CN = t725 +- DirName:CN = t726 +- DirName:CN = t727 +- DirName:CN = t728 +- DirName:CN = t729 +- DirName:CN = t730 +- DirName:CN = t731 +- DirName:CN = t732 +- DirName:CN = t733 +- DirName:CN = t734 +- DirName:CN = t735 +- DirName:CN = t736 +- DirName:CN = t737 +- DirName:CN = t738 +- DirName:CN = t739 +- DirName:CN = t740 +- DirName:CN = t741 +- DirName:CN = t742 +- DirName:CN = t743 +- DirName:CN = t744 +- DirName:CN = t745 +- DirName:CN = t746 +- DirName:CN = t747 +- DirName:CN = t748 +- DirName:CN = t749 +- DirName:CN = t750 +- DirName:CN = t751 +- DirName:CN = t752 +- DirName:CN = t753 +- DirName:CN = t754 +- DirName:CN = t755 +- DirName:CN = t756 +- DirName:CN = t757 +- DirName:CN = t758 +- DirName:CN = t759 +- DirName:CN = t760 +- DirName:CN = t761 +- DirName:CN = t762 +- DirName:CN = t763 +- DirName:CN = t764 +- DirName:CN = t765 +- DirName:CN = t766 +- DirName:CN = t767 +- DirName:CN = t768 +- DirName:CN = t769 +- DirName:CN = t770 +- DirName:CN = t771 +- DirName:CN = t772 +- DirName:CN = t773 +- DirName:CN = t774 +- DirName:CN = t775 +- DirName:CN = t776 +- DirName:CN = t777 +- DirName:CN = t778 +- DirName:CN = t779 +- DirName:CN = t780 +- DirName:CN = t781 +- DirName:CN = t782 +- DirName:CN = t783 +- DirName:CN = t784 +- DirName:CN = t785 +- DirName:CN = t786 +- DirName:CN = t787 +- DirName:CN = t788 +- DirName:CN = t789 +- DirName:CN = t790 +- DirName:CN = t791 +- DirName:CN = t792 +- DirName:CN = t793 +- DirName:CN = t794 +- DirName:CN = t795 +- DirName:CN = t796 +- DirName:CN = t797 +- DirName:CN = t798 +- DirName:CN = t799 +- DirName:CN = t800 +- DirName:CN = t801 +- DirName:CN = t802 +- DirName:CN = t803 +- DirName:CN = t804 +- DirName:CN = t805 +- DirName:CN = t806 +- DirName:CN = t807 +- DirName:CN = t808 +- DirName:CN = t809 +- DirName:CN = t810 +- DirName:CN = t811 +- DirName:CN = t812 +- DirName:CN = t813 +- DirName:CN = t814 +- DirName:CN = t815 +- DirName:CN = t816 +- DirName:CN = t817 +- DirName:CN = t818 +- DirName:CN = t819 +- DirName:CN = t820 +- DirName:CN = t821 +- DirName:CN = t822 +- DirName:CN = t823 +- DirName:CN = t824 +- DirName:CN = t825 +- DirName:CN = t826 +- DirName:CN = t827 +- DirName:CN = t828 +- DirName:CN = t829 +- DirName:CN = t830 +- DirName:CN = t831 +- DirName:CN = t832 +- DirName:CN = t833 +- DirName:CN = t834 +- DirName:CN = t835 +- DirName:CN = t836 +- DirName:CN = t837 +- DirName:CN = t838 +- DirName:CN = t839 +- DirName:CN = t840 +- DirName:CN = t841 +- DirName:CN = t842 +- DirName:CN = t843 +- DirName:CN = t844 +- DirName:CN = t845 +- DirName:CN = t846 +- DirName:CN = t847 +- DirName:CN = t848 +- DirName:CN = t849 +- DirName:CN = t850 +- DirName:CN = t851 +- DirName:CN = t852 +- DirName:CN = t853 +- DirName:CN = t854 +- DirName:CN = t855 +- DirName:CN = t856 +- DirName:CN = t857 +- DirName:CN = t858 +- DirName:CN = t859 +- DirName:CN = t860 +- DirName:CN = t861 +- DirName:CN = t862 +- DirName:CN = t863 +- DirName:CN = t864 +- DirName:CN = t865 +- DirName:CN = t866 +- DirName:CN = t867 +- DirName:CN = t868 +- DirName:CN = t869 +- DirName:CN = t870 +- DirName:CN = t871 +- DirName:CN = t872 +- DirName:CN = t873 +- DirName:CN = t874 +- DirName:CN = t875 +- DirName:CN = t876 +- DirName:CN = t877 +- DirName:CN = t878 +- DirName:CN = t879 +- DirName:CN = t880 +- DirName:CN = t881 +- DirName:CN = t882 +- DirName:CN = t883 +- DirName:CN = t884 +- DirName:CN = t885 +- DirName:CN = t886 +- DirName:CN = t887 +- DirName:CN = t888 +- DirName:CN = t889 +- DirName:CN = t890 +- DirName:CN = t891 +- DirName:CN = t892 +- DirName:CN = t893 +- DirName:CN = t894 +- DirName:CN = t895 +- DirName:CN = t896 +- DirName:CN = t897 +- DirName:CN = t898 +- DirName:CN = t899 +- DirName:CN = t900 +- DirName:CN = t901 +- DirName:CN = t902 +- DirName:CN = t903 +- DirName:CN = t904 +- DirName:CN = t905 +- DirName:CN = t906 +- DirName:CN = t907 +- DirName:CN = t908 +- DirName:CN = t909 +- DirName:CN = t910 +- DirName:CN = t911 +- DirName:CN = t912 +- DirName:CN = t913 +- DirName:CN = t914 +- DirName:CN = t915 +- DirName:CN = t916 +- DirName:CN = t917 +- DirName:CN = t918 +- DirName:CN = t919 +- DirName:CN = t920 +- DirName:CN = t921 +- DirName:CN = t922 +- DirName:CN = t923 +- DirName:CN = t924 +- DirName:CN = t925 +- DirName:CN = t926 +- DirName:CN = t927 +- DirName:CN = t928 +- DirName:CN = t929 +- DirName:CN = t930 +- DirName:CN = t931 +- DirName:CN = t932 +- DirName:CN = t933 +- DirName:CN = t934 +- DirName:CN = t935 +- DirName:CN = t936 +- DirName:CN = t937 +- DirName:CN = t938 +- DirName:CN = t939 +- DirName:CN = t940 +- DirName:CN = t941 +- DirName:CN = t942 +- DirName:CN = t943 +- DirName:CN = t944 +- DirName:CN = t945 +- DirName:CN = t946 +- DirName:CN = t947 +- DirName:CN = t948 +- DirName:CN = t949 +- DirName:CN = t950 +- DirName:CN = t951 +- DirName:CN = t952 +- DirName:CN = t953 +- DirName:CN = t954 +- DirName:CN = t955 +- DirName:CN = t956 +- DirName:CN = t957 +- DirName:CN = t958 +- DirName:CN = t959 +- DirName:CN = t960 +- DirName:CN = t961 +- DirName:CN = t962 +- DirName:CN = t963 +- DirName:CN = t964 +- DirName:CN = t965 +- DirName:CN = t966 +- DirName:CN = t967 +- DirName:CN = t968 +- DirName:CN = t969 +- DirName:CN = t970 +- DirName:CN = t971 +- DirName:CN = t972 +- DirName:CN = t973 +- DirName:CN = t974 +- DirName:CN = t975 +- DirName:CN = t976 +- DirName:CN = t977 +- DirName:CN = t978 +- DirName:CN = t979 +- DirName:CN = t980 +- DirName:CN = t981 +- DirName:CN = t982 +- DirName:CN = t983 +- DirName:CN = t984 +- DirName:CN = t985 +- DirName:CN = t986 +- DirName:CN = t987 +- DirName:CN = t988 +- DirName:CN = t989 +- DirName:CN = t990 +- DirName:CN = t991 +- DirName:CN = t992 +- DirName:CN = t993 +- DirName:CN = t994 +- DirName:CN = t995 +- DirName:CN = t996 +- DirName:CN = t997 +- DirName:CN = t998 +- DirName:CN = t999 +- DirName:CN = t1000 +- DirName:CN = t1001 +- DirName:CN = t1002 +- DirName:CN = t1003 +- DirName:CN = t1004 +- DirName:CN = t1005 +- DirName:CN = t1006 +- DirName:CN = t1007 +- DirName:CN = t1008 +- DirName:CN = t1009 +- DirName:CN = t1010 +- DirName:CN = t1011 +- DirName:CN = t1012 +- DirName:CN = t1013 +- DirName:CN = t1014 +- DirName:CN = t1015 +- DirName:CN = t1016 +- DirName:CN = t1017 +- DirName:CN = t1018 +- DirName:CN = t1019 +- DirName:CN = t1020 +- DirName:CN = t1021 +- DirName:CN = t1022 +- DirName:CN = t1023 +- DirName:CN = t1024 +- URI:http://test/0 +- URI:http://test/1 +- URI:http://test/2 +- URI:http://test/3 +- URI:http://test/4 +- URI:http://test/5 +- URI:http://test/6 +- URI:http://test/7 +- URI:http://test/8 +- URI:http://test/9 +- URI:http://test/10 +- URI:http://test/11 +- URI:http://test/12 +- URI:http://test/13 +- URI:http://test/14 +- URI:http://test/15 +- URI:http://test/16 +- URI:http://test/17 +- URI:http://test/18 +- URI:http://test/19 +- URI:http://test/20 +- URI:http://test/21 +- URI:http://test/22 +- URI:http://test/23 +- URI:http://test/24 +- URI:http://test/25 +- URI:http://test/26 +- URI:http://test/27 +- URI:http://test/28 +- URI:http://test/29 +- URI:http://test/30 +- URI:http://test/31 +- URI:http://test/32 +- URI:http://test/33 +- URI:http://test/34 +- URI:http://test/35 +- URI:http://test/36 +- URI:http://test/37 +- URI:http://test/38 +- URI:http://test/39 +- URI:http://test/40 +- URI:http://test/41 +- URI:http://test/42 +- URI:http://test/43 +- URI:http://test/44 +- URI:http://test/45 +- URI:http://test/46 +- URI:http://test/47 +- URI:http://test/48 +- URI:http://test/49 +- URI:http://test/50 +- URI:http://test/51 +- URI:http://test/52 +- URI:http://test/53 +- URI:http://test/54 +- URI:http://test/55 +- URI:http://test/56 +- URI:http://test/57 +- URI:http://test/58 +- URI:http://test/59 +- URI:http://test/60 +- URI:http://test/61 +- URI:http://test/62 +- URI:http://test/63 +- URI:http://test/64 +- URI:http://test/65 +- URI:http://test/66 +- URI:http://test/67 +- URI:http://test/68 +- URI:http://test/69 +- URI:http://test/70 +- URI:http://test/71 +- URI:http://test/72 +- URI:http://test/73 +- URI:http://test/74 +- URI:http://test/75 +- URI:http://test/76 +- URI:http://test/77 +- URI:http://test/78 +- URI:http://test/79 +- URI:http://test/80 +- URI:http://test/81 +- URI:http://test/82 +- URI:http://test/83 +- URI:http://test/84 +- URI:http://test/85 +- URI:http://test/86 +- URI:http://test/87 +- URI:http://test/88 +- URI:http://test/89 +- URI:http://test/90 +- URI:http://test/91 +- URI:http://test/92 +- URI:http://test/93 +- URI:http://test/94 +- URI:http://test/95 +- URI:http://test/96 +- URI:http://test/97 +- URI:http://test/98 +- URI:http://test/99 +- URI:http://test/100 +- URI:http://test/101 +- URI:http://test/102 +- URI:http://test/103 +- URI:http://test/104 +- URI:http://test/105 +- URI:http://test/106 +- URI:http://test/107 +- URI:http://test/108 +- URI:http://test/109 +- URI:http://test/110 +- URI:http://test/111 +- URI:http://test/112 +- URI:http://test/113 +- URI:http://test/114 +- URI:http://test/115 +- URI:http://test/116 +- URI:http://test/117 +- URI:http://test/118 +- URI:http://test/119 +- URI:http://test/120 +- URI:http://test/121 +- URI:http://test/122 +- URI:http://test/123 +- URI:http://test/124 +- URI:http://test/125 +- URI:http://test/126 +- URI:http://test/127 +- URI:http://test/128 +- URI:http://test/129 +- URI:http://test/130 +- URI:http://test/131 +- URI:http://test/132 +- URI:http://test/133 +- URI:http://test/134 +- URI:http://test/135 +- URI:http://test/136 +- URI:http://test/137 +- URI:http://test/138 +- URI:http://test/139 +- URI:http://test/140 +- URI:http://test/141 +- URI:http://test/142 +- URI:http://test/143 +- URI:http://test/144 +- URI:http://test/145 +- URI:http://test/146 +- URI:http://test/147 +- URI:http://test/148 +- URI:http://test/149 +- URI:http://test/150 +- URI:http://test/151 +- URI:http://test/152 +- URI:http://test/153 +- URI:http://test/154 +- URI:http://test/155 +- URI:http://test/156 +- URI:http://test/157 +- URI:http://test/158 +- URI:http://test/159 +- URI:http://test/160 +- URI:http://test/161 +- URI:http://test/162 +- URI:http://test/163 +- URI:http://test/164 +- URI:http://test/165 +- URI:http://test/166 +- URI:http://test/167 +- URI:http://test/168 +- URI:http://test/169 +- URI:http://test/170 +- URI:http://test/171 +- URI:http://test/172 +- URI:http://test/173 +- URI:http://test/174 +- URI:http://test/175 +- URI:http://test/176 +- URI:http://test/177 +- URI:http://test/178 +- URI:http://test/179 +- URI:http://test/180 +- URI:http://test/181 +- URI:http://test/182 +- URI:http://test/183 +- URI:http://test/184 +- URI:http://test/185 +- URI:http://test/186 +- URI:http://test/187 +- URI:http://test/188 +- URI:http://test/189 +- URI:http://test/190 +- URI:http://test/191 +- URI:http://test/192 +- URI:http://test/193 +- URI:http://test/194 +- URI:http://test/195 +- URI:http://test/196 +- URI:http://test/197 +- URI:http://test/198 +- URI:http://test/199 +- URI:http://test/200 +- URI:http://test/201 +- URI:http://test/202 +- URI:http://test/203 +- URI:http://test/204 +- URI:http://test/205 +- URI:http://test/206 +- URI:http://test/207 +- URI:http://test/208 +- URI:http://test/209 +- URI:http://test/210 +- URI:http://test/211 +- URI:http://test/212 +- URI:http://test/213 +- URI:http://test/214 +- URI:http://test/215 +- URI:http://test/216 +- URI:http://test/217 +- URI:http://test/218 +- URI:http://test/219 +- URI:http://test/220 +- URI:http://test/221 +- URI:http://test/222 +- URI:http://test/223 +- URI:http://test/224 +- URI:http://test/225 +- URI:http://test/226 +- URI:http://test/227 +- URI:http://test/228 +- URI:http://test/229 +- URI:http://test/230 +- URI:http://test/231 +- URI:http://test/232 +- URI:http://test/233 +- URI:http://test/234 +- URI:http://test/235 +- URI:http://test/236 +- URI:http://test/237 +- URI:http://test/238 +- URI:http://test/239 +- URI:http://test/240 +- URI:http://test/241 +- URI:http://test/242 +- URI:http://test/243 +- URI:http://test/244 +- URI:http://test/245 +- URI:http://test/246 +- URI:http://test/247 +- URI:http://test/248 +- URI:http://test/249 +- URI:http://test/250 +- URI:http://test/251 +- URI:http://test/252 +- URI:http://test/253 +- URI:http://test/254 +- URI:http://test/255 +- URI:http://test/256 +- URI:http://test/257 +- URI:http://test/258 +- URI:http://test/259 +- URI:http://test/260 +- URI:http://test/261 +- URI:http://test/262 +- URI:http://test/263 +- URI:http://test/264 +- URI:http://test/265 +- URI:http://test/266 +- URI:http://test/267 +- URI:http://test/268 +- URI:http://test/269 +- URI:http://test/270 +- URI:http://test/271 +- URI:http://test/272 +- URI:http://test/273 +- URI:http://test/274 +- URI:http://test/275 +- URI:http://test/276 +- URI:http://test/277 +- URI:http://test/278 +- URI:http://test/279 +- URI:http://test/280 +- URI:http://test/281 +- URI:http://test/282 +- URI:http://test/283 +- URI:http://test/284 +- URI:http://test/285 +- URI:http://test/286 +- URI:http://test/287 +- URI:http://test/288 +- URI:http://test/289 +- URI:http://test/290 +- URI:http://test/291 +- URI:http://test/292 +- URI:http://test/293 +- URI:http://test/294 +- URI:http://test/295 +- URI:http://test/296 +- URI:http://test/297 +- URI:http://test/298 +- URI:http://test/299 +- URI:http://test/300 +- URI:http://test/301 +- URI:http://test/302 +- URI:http://test/303 +- URI:http://test/304 +- URI:http://test/305 +- URI:http://test/306 +- URI:http://test/307 +- URI:http://test/308 +- URI:http://test/309 +- URI:http://test/310 +- URI:http://test/311 +- URI:http://test/312 +- URI:http://test/313 +- URI:http://test/314 +- URI:http://test/315 +- URI:http://test/316 +- URI:http://test/317 +- URI:http://test/318 +- URI:http://test/319 +- URI:http://test/320 +- URI:http://test/321 +- URI:http://test/322 +- URI:http://test/323 +- URI:http://test/324 +- URI:http://test/325 +- URI:http://test/326 +- URI:http://test/327 +- URI:http://test/328 +- URI:http://test/329 +- URI:http://test/330 +- URI:http://test/331 +- URI:http://test/332 +- URI:http://test/333 +- URI:http://test/334 +- URI:http://test/335 +- URI:http://test/336 +- URI:http://test/337 +- URI:http://test/338 +- URI:http://test/339 +- URI:http://test/340 +- URI:http://test/341 +- URI:http://test/342 +- URI:http://test/343 +- URI:http://test/344 +- URI:http://test/345 +- URI:http://test/346 +- URI:http://test/347 +- URI:http://test/348 +- URI:http://test/349 +- URI:http://test/350 +- URI:http://test/351 +- URI:http://test/352 +- URI:http://test/353 +- URI:http://test/354 +- URI:http://test/355 +- URI:http://test/356 +- URI:http://test/357 +- URI:http://test/358 +- URI:http://test/359 +- URI:http://test/360 +- URI:http://test/361 +- URI:http://test/362 +- URI:http://test/363 +- URI:http://test/364 +- URI:http://test/365 +- URI:http://test/366 +- URI:http://test/367 +- URI:http://test/368 +- URI:http://test/369 +- URI:http://test/370 +- URI:http://test/371 +- URI:http://test/372 +- URI:http://test/373 +- URI:http://test/374 +- URI:http://test/375 +- URI:http://test/376 +- URI:http://test/377 +- URI:http://test/378 +- URI:http://test/379 +- URI:http://test/380 +- URI:http://test/381 +- URI:http://test/382 +- URI:http://test/383 +- URI:http://test/384 +- URI:http://test/385 +- URI:http://test/386 +- URI:http://test/387 +- URI:http://test/388 +- URI:http://test/389 +- URI:http://test/390 +- URI:http://test/391 +- URI:http://test/392 +- URI:http://test/393 +- URI:http://test/394 +- URI:http://test/395 +- URI:http://test/396 +- URI:http://test/397 +- URI:http://test/398 +- URI:http://test/399 +- URI:http://test/400 +- URI:http://test/401 +- URI:http://test/402 +- URI:http://test/403 +- URI:http://test/404 +- URI:http://test/405 +- URI:http://test/406 +- URI:http://test/407 +- URI:http://test/408 +- URI:http://test/409 +- URI:http://test/410 +- URI:http://test/411 +- URI:http://test/412 +- URI:http://test/413 +- URI:http://test/414 +- URI:http://test/415 +- URI:http://test/416 +- URI:http://test/417 +- URI:http://test/418 +- URI:http://test/419 +- URI:http://test/420 +- URI:http://test/421 +- URI:http://test/422 +- URI:http://test/423 +- URI:http://test/424 +- URI:http://test/425 +- URI:http://test/426 +- URI:http://test/427 +- URI:http://test/428 +- URI:http://test/429 +- URI:http://test/430 +- URI:http://test/431 +- URI:http://test/432 +- URI:http://test/433 +- URI:http://test/434 +- URI:http://test/435 +- URI:http://test/436 +- URI:http://test/437 +- URI:http://test/438 +- URI:http://test/439 +- URI:http://test/440 +- URI:http://test/441 +- URI:http://test/442 +- URI:http://test/443 +- URI:http://test/444 +- URI:http://test/445 +- URI:http://test/446 +- URI:http://test/447 +- URI:http://test/448 +- URI:http://test/449 +- URI:http://test/450 +- URI:http://test/451 +- URI:http://test/452 +- URI:http://test/453 +- URI:http://test/454 +- URI:http://test/455 +- URI:http://test/456 +- URI:http://test/457 +- URI:http://test/458 +- URI:http://test/459 +- URI:http://test/460 +- URI:http://test/461 +- URI:http://test/462 +- URI:http://test/463 +- URI:http://test/464 +- URI:http://test/465 +- URI:http://test/466 +- URI:http://test/467 +- URI:http://test/468 +- URI:http://test/469 +- URI:http://test/470 +- URI:http://test/471 +- URI:http://test/472 +- URI:http://test/473 +- URI:http://test/474 +- URI:http://test/475 +- URI:http://test/476 +- URI:http://test/477 +- URI:http://test/478 +- URI:http://test/479 +- URI:http://test/480 +- URI:http://test/481 +- URI:http://test/482 +- URI:http://test/483 +- URI:http://test/484 +- URI:http://test/485 +- URI:http://test/486 +- URI:http://test/487 +- URI:http://test/488 +- URI:http://test/489 +- URI:http://test/490 +- URI:http://test/491 +- URI:http://test/492 +- URI:http://test/493 +- URI:http://test/494 +- URI:http://test/495 +- URI:http://test/496 +- URI:http://test/497 +- URI:http://test/498 +- URI:http://test/499 +- URI:http://test/500 +- URI:http://test/501 +- URI:http://test/502 +- URI:http://test/503 +- URI:http://test/504 +- URI:http://test/505 +- URI:http://test/506 +- URI:http://test/507 +- URI:http://test/508 +- URI:http://test/509 +- URI:http://test/510 +- URI:http://test/511 +- URI:http://test/512 +- URI:http://test/513 +- URI:http://test/514 +- URI:http://test/515 +- URI:http://test/516 +- URI:http://test/517 +- URI:http://test/518 +- URI:http://test/519 +- URI:http://test/520 +- URI:http://test/521 +- URI:http://test/522 +- URI:http://test/523 +- URI:http://test/524 +- URI:http://test/525 +- URI:http://test/526 +- URI:http://test/527 +- URI:http://test/528 +- URI:http://test/529 +- URI:http://test/530 +- URI:http://test/531 +- URI:http://test/532 +- URI:http://test/533 +- URI:http://test/534 +- URI:http://test/535 +- URI:http://test/536 +- URI:http://test/537 +- URI:http://test/538 +- URI:http://test/539 +- URI:http://test/540 +- URI:http://test/541 +- URI:http://test/542 +- URI:http://test/543 +- URI:http://test/544 +- URI:http://test/545 +- URI:http://test/546 +- URI:http://test/547 +- URI:http://test/548 +- URI:http://test/549 +- URI:http://test/550 +- URI:http://test/551 +- URI:http://test/552 +- URI:http://test/553 +- URI:http://test/554 +- URI:http://test/555 +- URI:http://test/556 +- URI:http://test/557 +- URI:http://test/558 +- URI:http://test/559 +- URI:http://test/560 +- URI:http://test/561 +- URI:http://test/562 +- URI:http://test/563 +- URI:http://test/564 +- URI:http://test/565 +- URI:http://test/566 +- URI:http://test/567 +- URI:http://test/568 +- URI:http://test/569 +- URI:http://test/570 +- URI:http://test/571 +- URI:http://test/572 +- URI:http://test/573 +- URI:http://test/574 +- URI:http://test/575 +- URI:http://test/576 +- URI:http://test/577 +- URI:http://test/578 +- URI:http://test/579 +- URI:http://test/580 +- URI:http://test/581 +- URI:http://test/582 +- URI:http://test/583 +- URI:http://test/584 +- URI:http://test/585 +- URI:http://test/586 +- URI:http://test/587 +- URI:http://test/588 +- URI:http://test/589 +- URI:http://test/590 +- URI:http://test/591 +- URI:http://test/592 +- URI:http://test/593 +- URI:http://test/594 +- URI:http://test/595 +- URI:http://test/596 +- URI:http://test/597 +- URI:http://test/598 +- URI:http://test/599 +- URI:http://test/600 +- URI:http://test/601 +- URI:http://test/602 +- URI:http://test/603 +- URI:http://test/604 +- URI:http://test/605 +- URI:http://test/606 +- URI:http://test/607 +- URI:http://test/608 +- URI:http://test/609 +- URI:http://test/610 +- URI:http://test/611 +- URI:http://test/612 +- URI:http://test/613 +- URI:http://test/614 +- URI:http://test/615 +- URI:http://test/616 +- URI:http://test/617 +- URI:http://test/618 +- URI:http://test/619 +- URI:http://test/620 +- URI:http://test/621 +- URI:http://test/622 +- URI:http://test/623 +- URI:http://test/624 +- URI:http://test/625 +- URI:http://test/626 +- URI:http://test/627 +- URI:http://test/628 +- URI:http://test/629 +- URI:http://test/630 +- URI:http://test/631 +- URI:http://test/632 +- URI:http://test/633 +- URI:http://test/634 +- URI:http://test/635 +- URI:http://test/636 +- URI:http://test/637 +- URI:http://test/638 +- URI:http://test/639 +- URI:http://test/640 +- URI:http://test/641 +- URI:http://test/642 +- URI:http://test/643 +- URI:http://test/644 +- URI:http://test/645 +- URI:http://test/646 +- URI:http://test/647 +- URI:http://test/648 +- URI:http://test/649 +- URI:http://test/650 +- URI:http://test/651 +- URI:http://test/652 +- URI:http://test/653 +- URI:http://test/654 +- URI:http://test/655 +- URI:http://test/656 +- URI:http://test/657 +- URI:http://test/658 +- URI:http://test/659 +- URI:http://test/660 +- URI:http://test/661 +- URI:http://test/662 +- URI:http://test/663 +- URI:http://test/664 +- URI:http://test/665 +- URI:http://test/666 +- URI:http://test/667 +- URI:http://test/668 +- URI:http://test/669 +- URI:http://test/670 +- URI:http://test/671 +- URI:http://test/672 +- URI:http://test/673 +- URI:http://test/674 +- URI:http://test/675 +- URI:http://test/676 +- URI:http://test/677 +- URI:http://test/678 +- URI:http://test/679 +- URI:http://test/680 +- URI:http://test/681 +- URI:http://test/682 +- URI:http://test/683 +- URI:http://test/684 +- URI:http://test/685 +- URI:http://test/686 +- URI:http://test/687 +- URI:http://test/688 +- URI:http://test/689 +- URI:http://test/690 +- URI:http://test/691 +- URI:http://test/692 +- URI:http://test/693 +- URI:http://test/694 +- URI:http://test/695 +- URI:http://test/696 +- URI:http://test/697 +- URI:http://test/698 +- URI:http://test/699 +- URI:http://test/700 +- URI:http://test/701 +- URI:http://test/702 +- URI:http://test/703 +- URI:http://test/704 +- URI:http://test/705 +- URI:http://test/706 +- URI:http://test/707 +- URI:http://test/708 +- URI:http://test/709 +- URI:http://test/710 +- URI:http://test/711 +- URI:http://test/712 +- URI:http://test/713 +- URI:http://test/714 +- URI:http://test/715 +- URI:http://test/716 +- URI:http://test/717 +- URI:http://test/718 +- URI:http://test/719 +- URI:http://test/720 +- URI:http://test/721 +- URI:http://test/722 +- URI:http://test/723 +- URI:http://test/724 +- URI:http://test/725 +- URI:http://test/726 +- URI:http://test/727 +- URI:http://test/728 +- URI:http://test/729 +- URI:http://test/730 +- URI:http://test/731 +- URI:http://test/732 +- URI:http://test/733 +- URI:http://test/734 +- URI:http://test/735 +- URI:http://test/736 +- URI:http://test/737 +- URI:http://test/738 +- URI:http://test/739 +- URI:http://test/740 +- URI:http://test/741 +- URI:http://test/742 +- URI:http://test/743 +- URI:http://test/744 +- URI:http://test/745 +- URI:http://test/746 +- URI:http://test/747 +- URI:http://test/748 +- URI:http://test/749 +- URI:http://test/750 +- URI:http://test/751 +- URI:http://test/752 +- URI:http://test/753 +- URI:http://test/754 +- URI:http://test/755 +- URI:http://test/756 +- URI:http://test/757 +- URI:http://test/758 +- URI:http://test/759 +- URI:http://test/760 +- URI:http://test/761 +- URI:http://test/762 +- URI:http://test/763 +- URI:http://test/764 +- URI:http://test/765 +- URI:http://test/766 +- URI:http://test/767 +- URI:http://test/768 +- URI:http://test/769 +- URI:http://test/770 +- URI:http://test/771 +- URI:http://test/772 +- URI:http://test/773 +- URI:http://test/774 +- URI:http://test/775 +- URI:http://test/776 +- URI:http://test/777 +- URI:http://test/778 +- URI:http://test/779 +- URI:http://test/780 +- URI:http://test/781 +- URI:http://test/782 +- URI:http://test/783 +- URI:http://test/784 +- URI:http://test/785 +- URI:http://test/786 +- URI:http://test/787 +- URI:http://test/788 +- URI:http://test/789 +- URI:http://test/790 +- URI:http://test/791 +- URI:http://test/792 +- URI:http://test/793 +- URI:http://test/794 +- URI:http://test/795 +- URI:http://test/796 +- URI:http://test/797 +- URI:http://test/798 +- URI:http://test/799 +- URI:http://test/800 +- URI:http://test/801 +- URI:http://test/802 +- URI:http://test/803 +- URI:http://test/804 +- URI:http://test/805 +- URI:http://test/806 +- URI:http://test/807 +- URI:http://test/808 +- URI:http://test/809 +- URI:http://test/810 +- URI:http://test/811 +- URI:http://test/812 +- URI:http://test/813 +- URI:http://test/814 +- URI:http://test/815 +- URI:http://test/816 +- URI:http://test/817 +- URI:http://test/818 +- URI:http://test/819 +- URI:http://test/820 +- URI:http://test/821 +- URI:http://test/822 +- URI:http://test/823 +- URI:http://test/824 +- URI:http://test/825 +- URI:http://test/826 +- URI:http://test/827 +- URI:http://test/828 +- URI:http://test/829 +- URI:http://test/830 +- URI:http://test/831 +- URI:http://test/832 +- URI:http://test/833 +- URI:http://test/834 +- URI:http://test/835 +- URI:http://test/836 +- URI:http://test/837 +- URI:http://test/838 +- URI:http://test/839 +- URI:http://test/840 +- URI:http://test/841 +- URI:http://test/842 +- URI:http://test/843 +- URI:http://test/844 +- URI:http://test/845 +- URI:http://test/846 +- URI:http://test/847 +- URI:http://test/848 +- URI:http://test/849 +- URI:http://test/850 +- URI:http://test/851 +- URI:http://test/852 +- URI:http://test/853 +- URI:http://test/854 +- URI:http://test/855 +- URI:http://test/856 +- URI:http://test/857 +- URI:http://test/858 +- URI:http://test/859 +- URI:http://test/860 +- URI:http://test/861 +- URI:http://test/862 +- URI:http://test/863 +- URI:http://test/864 +- URI:http://test/865 +- URI:http://test/866 +- URI:http://test/867 +- URI:http://test/868 +- URI:http://test/869 +- URI:http://test/870 +- URI:http://test/871 +- URI:http://test/872 +- URI:http://test/873 +- URI:http://test/874 +- URI:http://test/875 +- URI:http://test/876 +- URI:http://test/877 +- URI:http://test/878 +- URI:http://test/879 +- URI:http://test/880 +- URI:http://test/881 +- URI:http://test/882 +- URI:http://test/883 +- URI:http://test/884 +- URI:http://test/885 +- URI:http://test/886 +- URI:http://test/887 +- URI:http://test/888 +- URI:http://test/889 +- URI:http://test/890 +- URI:http://test/891 +- URI:http://test/892 +- URI:http://test/893 +- URI:http://test/894 +- URI:http://test/895 +- URI:http://test/896 +- URI:http://test/897 +- URI:http://test/898 +- URI:http://test/899 +- URI:http://test/900 +- URI:http://test/901 +- URI:http://test/902 +- URI:http://test/903 +- URI:http://test/904 +- URI:http://test/905 +- URI:http://test/906 +- URI:http://test/907 +- URI:http://test/908 +- URI:http://test/909 +- URI:http://test/910 +- URI:http://test/911 +- URI:http://test/912 +- URI:http://test/913 +- URI:http://test/914 +- URI:http://test/915 +- URI:http://test/916 +- URI:http://test/917 +- URI:http://test/918 +- URI:http://test/919 +- URI:http://test/920 +- URI:http://test/921 +- URI:http://test/922 +- URI:http://test/923 +- URI:http://test/924 +- URI:http://test/925 +- URI:http://test/926 +- URI:http://test/927 +- URI:http://test/928 +- URI:http://test/929 +- URI:http://test/930 +- URI:http://test/931 +- URI:http://test/932 +- URI:http://test/933 +- URI:http://test/934 +- URI:http://test/935 +- URI:http://test/936 +- URI:http://test/937 +- URI:http://test/938 +- URI:http://test/939 +- URI:http://test/940 +- URI:http://test/941 +- URI:http://test/942 +- URI:http://test/943 +- URI:http://test/944 +- URI:http://test/945 +- URI:http://test/946 +- URI:http://test/947 +- URI:http://test/948 +- URI:http://test/949 +- URI:http://test/950 +- URI:http://test/951 +- URI:http://test/952 +- URI:http://test/953 +- URI:http://test/954 +- URI:http://test/955 +- URI:http://test/956 +- URI:http://test/957 +- URI:http://test/958 +- URI:http://test/959 +- URI:http://test/960 +- URI:http://test/961 +- URI:http://test/962 +- URI:http://test/963 +- URI:http://test/964 +- URI:http://test/965 +- URI:http://test/966 +- URI:http://test/967 +- URI:http://test/968 +- URI:http://test/969 +- URI:http://test/970 +- URI:http://test/971 +- URI:http://test/972 +- URI:http://test/973 +- URI:http://test/974 +- URI:http://test/975 +- URI:http://test/976 +- URI:http://test/977 +- URI:http://test/978 +- URI:http://test/979 +- URI:http://test/980 +- URI:http://test/981 +- URI:http://test/982 +- URI:http://test/983 +- URI:http://test/984 +- URI:http://test/985 +- URI:http://test/986 +- URI:http://test/987 +- URI:http://test/988 +- URI:http://test/989 +- URI:http://test/990 +- URI:http://test/991 +- URI:http://test/992 +- URI:http://test/993 +- URI:http://test/994 +- URI:http://test/995 +- URI:http://test/996 +- URI:http://test/997 +- URI:http://test/998 +- URI:http://test/999 +- URI:http://test/1000 +- URI:http://test/1001 +- URI:http://test/1002 +- URI:http://test/1003 +- URI:http://test/1004 +- URI:http://test/1005 +- URI:http://test/1006 +- URI:http://test/1007 +- URI:http://test/1008 +- URI:http://test/1009 +- URI:http://test/1010 +- URI:http://test/1011 +- URI:http://test/1012 +- URI:http://test/1013 +- URI:http://test/1014 +- URI:http://test/1015 +- URI:http://test/1016 +- URI:http://test/1017 +- URI:http://test/1018 +- URI:http://test/1019 +- URI:http://test/1020 +- URI:http://test/1021 +- URI:http://test/1022 +- URI:http://test/1023 +- URI:http://test/1024 +- Excluded: +- IP:11.0.0.0/255.255.255.255 +- IP:11.0.0.1/255.255.255.255 +- IP:11.0.0.2/255.255.255.255 +- IP:11.0.0.3/255.255.255.255 +- IP:11.0.0.4/255.255.255.255 +- IP:11.0.0.5/255.255.255.255 +- IP:11.0.0.6/255.255.255.255 +- IP:11.0.0.7/255.255.255.255 +- IP:11.0.0.8/255.255.255.255 +- IP:11.0.0.9/255.255.255.255 +- IP:11.0.0.10/255.255.255.255 +- IP:11.0.0.11/255.255.255.255 +- IP:11.0.0.12/255.255.255.255 +- IP:11.0.0.13/255.255.255.255 +- IP:11.0.0.14/255.255.255.255 +- IP:11.0.0.15/255.255.255.255 +- IP:11.0.0.16/255.255.255.255 +- IP:11.0.0.17/255.255.255.255 +- IP:11.0.0.18/255.255.255.255 +- IP:11.0.0.19/255.255.255.255 +- IP:11.0.0.20/255.255.255.255 +- IP:11.0.0.21/255.255.255.255 +- IP:11.0.0.22/255.255.255.255 +- IP:11.0.0.23/255.255.255.255 +- IP:11.0.0.24/255.255.255.255 +- IP:11.0.0.25/255.255.255.255 +- IP:11.0.0.26/255.255.255.255 +- IP:11.0.0.27/255.255.255.255 +- IP:11.0.0.28/255.255.255.255 +- IP:11.0.0.29/255.255.255.255 +- IP:11.0.0.30/255.255.255.255 +- IP:11.0.0.31/255.255.255.255 +- IP:11.0.0.32/255.255.255.255 +- IP:11.0.0.33/255.255.255.255 +- IP:11.0.0.34/255.255.255.255 +- IP:11.0.0.35/255.255.255.255 +- IP:11.0.0.36/255.255.255.255 +- IP:11.0.0.37/255.255.255.255 +- IP:11.0.0.38/255.255.255.255 +- IP:11.0.0.39/255.255.255.255 +- IP:11.0.0.40/255.255.255.255 +- IP:11.0.0.41/255.255.255.255 +- IP:11.0.0.42/255.255.255.255 +- IP:11.0.0.43/255.255.255.255 +- IP:11.0.0.44/255.255.255.255 +- IP:11.0.0.45/255.255.255.255 +- IP:11.0.0.46/255.255.255.255 +- IP:11.0.0.47/255.255.255.255 +- IP:11.0.0.48/255.255.255.255 +- IP:11.0.0.49/255.255.255.255 +- IP:11.0.0.50/255.255.255.255 +- IP:11.0.0.51/255.255.255.255 +- IP:11.0.0.52/255.255.255.255 +- IP:11.0.0.53/255.255.255.255 +- IP:11.0.0.54/255.255.255.255 +- IP:11.0.0.55/255.255.255.255 +- IP:11.0.0.56/255.255.255.255 +- IP:11.0.0.57/255.255.255.255 +- IP:11.0.0.58/255.255.255.255 +- IP:11.0.0.59/255.255.255.255 +- IP:11.0.0.60/255.255.255.255 +- IP:11.0.0.61/255.255.255.255 +- IP:11.0.0.62/255.255.255.255 +- IP:11.0.0.63/255.255.255.255 +- IP:11.0.0.64/255.255.255.255 +- IP:11.0.0.65/255.255.255.255 +- IP:11.0.0.66/255.255.255.255 +- IP:11.0.0.67/255.255.255.255 +- IP:11.0.0.68/255.255.255.255 +- IP:11.0.0.69/255.255.255.255 +- IP:11.0.0.70/255.255.255.255 +- IP:11.0.0.71/255.255.255.255 +- IP:11.0.0.72/255.255.255.255 +- IP:11.0.0.73/255.255.255.255 +- IP:11.0.0.74/255.255.255.255 +- IP:11.0.0.75/255.255.255.255 +- IP:11.0.0.76/255.255.255.255 +- IP:11.0.0.77/255.255.255.255 +- IP:11.0.0.78/255.255.255.255 +- IP:11.0.0.79/255.255.255.255 +- IP:11.0.0.80/255.255.255.255 +- IP:11.0.0.81/255.255.255.255 +- IP:11.0.0.82/255.255.255.255 +- IP:11.0.0.83/255.255.255.255 +- IP:11.0.0.84/255.255.255.255 +- IP:11.0.0.85/255.255.255.255 +- IP:11.0.0.86/255.255.255.255 +- IP:11.0.0.87/255.255.255.255 +- IP:11.0.0.88/255.255.255.255 +- IP:11.0.0.89/255.255.255.255 +- IP:11.0.0.90/255.255.255.255 +- IP:11.0.0.91/255.255.255.255 +- IP:11.0.0.92/255.255.255.255 +- IP:11.0.0.93/255.255.255.255 +- IP:11.0.0.94/255.255.255.255 +- IP:11.0.0.95/255.255.255.255 +- IP:11.0.0.96/255.255.255.255 +- IP:11.0.0.97/255.255.255.255 +- IP:11.0.0.98/255.255.255.255 +- IP:11.0.0.99/255.255.255.255 +- IP:11.0.0.100/255.255.255.255 +- IP:11.0.0.101/255.255.255.255 +- IP:11.0.0.102/255.255.255.255 +- IP:11.0.0.103/255.255.255.255 +- IP:11.0.0.104/255.255.255.255 +- IP:11.0.0.105/255.255.255.255 +- IP:11.0.0.106/255.255.255.255 +- IP:11.0.0.107/255.255.255.255 +- IP:11.0.0.108/255.255.255.255 +- IP:11.0.0.109/255.255.255.255 +- IP:11.0.0.110/255.255.255.255 +- IP:11.0.0.111/255.255.255.255 +- IP:11.0.0.112/255.255.255.255 +- IP:11.0.0.113/255.255.255.255 +- IP:11.0.0.114/255.255.255.255 +- IP:11.0.0.115/255.255.255.255 +- IP:11.0.0.116/255.255.255.255 +- IP:11.0.0.117/255.255.255.255 +- IP:11.0.0.118/255.255.255.255 +- IP:11.0.0.119/255.255.255.255 +- IP:11.0.0.120/255.255.255.255 +- IP:11.0.0.121/255.255.255.255 +- IP:11.0.0.122/255.255.255.255 +- IP:11.0.0.123/255.255.255.255 +- IP:11.0.0.124/255.255.255.255 +- IP:11.0.0.125/255.255.255.255 +- IP:11.0.0.126/255.255.255.255 +- IP:11.0.0.127/255.255.255.255 +- IP:11.0.0.128/255.255.255.255 +- IP:11.0.0.129/255.255.255.255 +- IP:11.0.0.130/255.255.255.255 +- IP:11.0.0.131/255.255.255.255 +- IP:11.0.0.132/255.255.255.255 +- IP:11.0.0.133/255.255.255.255 +- IP:11.0.0.134/255.255.255.255 +- IP:11.0.0.135/255.255.255.255 +- IP:11.0.0.136/255.255.255.255 +- IP:11.0.0.137/255.255.255.255 +- IP:11.0.0.138/255.255.255.255 +- IP:11.0.0.139/255.255.255.255 +- IP:11.0.0.140/255.255.255.255 +- IP:11.0.0.141/255.255.255.255 +- IP:11.0.0.142/255.255.255.255 +- IP:11.0.0.143/255.255.255.255 +- IP:11.0.0.144/255.255.255.255 +- IP:11.0.0.145/255.255.255.255 +- IP:11.0.0.146/255.255.255.255 +- IP:11.0.0.147/255.255.255.255 +- IP:11.0.0.148/255.255.255.255 +- IP:11.0.0.149/255.255.255.255 +- IP:11.0.0.150/255.255.255.255 +- IP:11.0.0.151/255.255.255.255 +- IP:11.0.0.152/255.255.255.255 +- IP:11.0.0.153/255.255.255.255 +- IP:11.0.0.154/255.255.255.255 +- IP:11.0.0.155/255.255.255.255 +- IP:11.0.0.156/255.255.255.255 +- IP:11.0.0.157/255.255.255.255 +- IP:11.0.0.158/255.255.255.255 +- IP:11.0.0.159/255.255.255.255 +- IP:11.0.0.160/255.255.255.255 +- IP:11.0.0.161/255.255.255.255 +- IP:11.0.0.162/255.255.255.255 +- IP:11.0.0.163/255.255.255.255 +- IP:11.0.0.164/255.255.255.255 +- IP:11.0.0.165/255.255.255.255 +- IP:11.0.0.166/255.255.255.255 +- IP:11.0.0.167/255.255.255.255 +- IP:11.0.0.168/255.255.255.255 +- IP:11.0.0.169/255.255.255.255 +- IP:11.0.0.170/255.255.255.255 +- IP:11.0.0.171/255.255.255.255 +- IP:11.0.0.172/255.255.255.255 +- IP:11.0.0.173/255.255.255.255 +- IP:11.0.0.174/255.255.255.255 +- IP:11.0.0.175/255.255.255.255 +- IP:11.0.0.176/255.255.255.255 +- IP:11.0.0.177/255.255.255.255 +- IP:11.0.0.178/255.255.255.255 +- IP:11.0.0.179/255.255.255.255 +- IP:11.0.0.180/255.255.255.255 +- IP:11.0.0.181/255.255.255.255 +- IP:11.0.0.182/255.255.255.255 +- IP:11.0.0.183/255.255.255.255 +- IP:11.0.0.184/255.255.255.255 +- IP:11.0.0.185/255.255.255.255 +- IP:11.0.0.186/255.255.255.255 +- IP:11.0.0.187/255.255.255.255 +- IP:11.0.0.188/255.255.255.255 +- IP:11.0.0.189/255.255.255.255 +- IP:11.0.0.190/255.255.255.255 +- IP:11.0.0.191/255.255.255.255 +- IP:11.0.0.192/255.255.255.255 +- IP:11.0.0.193/255.255.255.255 +- IP:11.0.0.194/255.255.255.255 +- IP:11.0.0.195/255.255.255.255 +- IP:11.0.0.196/255.255.255.255 +- IP:11.0.0.197/255.255.255.255 +- IP:11.0.0.198/255.255.255.255 +- IP:11.0.0.199/255.255.255.255 +- IP:11.0.0.200/255.255.255.255 +- IP:11.0.0.201/255.255.255.255 +- IP:11.0.0.202/255.255.255.255 +- IP:11.0.0.203/255.255.255.255 +- IP:11.0.0.204/255.255.255.255 +- IP:11.0.0.205/255.255.255.255 +- IP:11.0.0.206/255.255.255.255 +- IP:11.0.0.207/255.255.255.255 +- IP:11.0.0.208/255.255.255.255 +- IP:11.0.0.209/255.255.255.255 +- IP:11.0.0.210/255.255.255.255 +- IP:11.0.0.211/255.255.255.255 +- IP:11.0.0.212/255.255.255.255 +- IP:11.0.0.213/255.255.255.255 +- IP:11.0.0.214/255.255.255.255 +- IP:11.0.0.215/255.255.255.255 +- IP:11.0.0.216/255.255.255.255 +- IP:11.0.0.217/255.255.255.255 +- IP:11.0.0.218/255.255.255.255 +- IP:11.0.0.219/255.255.255.255 +- IP:11.0.0.220/255.255.255.255 +- IP:11.0.0.221/255.255.255.255 +- IP:11.0.0.222/255.255.255.255 +- IP:11.0.0.223/255.255.255.255 +- IP:11.0.0.224/255.255.255.255 +- IP:11.0.0.225/255.255.255.255 +- IP:11.0.0.226/255.255.255.255 +- IP:11.0.0.227/255.255.255.255 +- IP:11.0.0.228/255.255.255.255 +- IP:11.0.0.229/255.255.255.255 +- IP:11.0.0.230/255.255.255.255 +- IP:11.0.0.231/255.255.255.255 +- IP:11.0.0.232/255.255.255.255 +- IP:11.0.0.233/255.255.255.255 +- IP:11.0.0.234/255.255.255.255 +- IP:11.0.0.235/255.255.255.255 +- IP:11.0.0.236/255.255.255.255 +- IP:11.0.0.237/255.255.255.255 +- IP:11.0.0.238/255.255.255.255 +- IP:11.0.0.239/255.255.255.255 +- IP:11.0.0.240/255.255.255.255 +- IP:11.0.0.241/255.255.255.255 +- IP:11.0.0.242/255.255.255.255 +- IP:11.0.0.243/255.255.255.255 +- IP:11.0.0.244/255.255.255.255 +- IP:11.0.0.245/255.255.255.255 +- IP:11.0.0.246/255.255.255.255 +- IP:11.0.0.247/255.255.255.255 +- IP:11.0.0.248/255.255.255.255 +- IP:11.0.0.249/255.255.255.255 +- IP:11.0.0.250/255.255.255.255 +- IP:11.0.0.251/255.255.255.255 +- IP:11.0.0.252/255.255.255.255 +- IP:11.0.0.253/255.255.255.255 +- IP:11.0.0.254/255.255.255.255 +- IP:11.0.0.255/255.255.255.255 +- IP:11.0.1.0/255.255.255.255 +- IP:11.0.1.1/255.255.255.255 +- IP:11.0.1.2/255.255.255.255 +- IP:11.0.1.3/255.255.255.255 +- IP:11.0.1.4/255.255.255.255 +- IP:11.0.1.5/255.255.255.255 +- IP:11.0.1.6/255.255.255.255 +- IP:11.0.1.7/255.255.255.255 +- IP:11.0.1.8/255.255.255.255 +- IP:11.0.1.9/255.255.255.255 +- IP:11.0.1.10/255.255.255.255 +- IP:11.0.1.11/255.255.255.255 +- IP:11.0.1.12/255.255.255.255 +- IP:11.0.1.13/255.255.255.255 +- IP:11.0.1.14/255.255.255.255 +- IP:11.0.1.15/255.255.255.255 +- IP:11.0.1.16/255.255.255.255 +- IP:11.0.1.17/255.255.255.255 +- IP:11.0.1.18/255.255.255.255 +- IP:11.0.1.19/255.255.255.255 +- IP:11.0.1.20/255.255.255.255 +- IP:11.0.1.21/255.255.255.255 +- IP:11.0.1.22/255.255.255.255 +- IP:11.0.1.23/255.255.255.255 +- IP:11.0.1.24/255.255.255.255 +- IP:11.0.1.25/255.255.255.255 +- IP:11.0.1.26/255.255.255.255 +- IP:11.0.1.27/255.255.255.255 +- IP:11.0.1.28/255.255.255.255 +- IP:11.0.1.29/255.255.255.255 +- IP:11.0.1.30/255.255.255.255 +- IP:11.0.1.31/255.255.255.255 +- IP:11.0.1.32/255.255.255.255 +- IP:11.0.1.33/255.255.255.255 +- IP:11.0.1.34/255.255.255.255 +- IP:11.0.1.35/255.255.255.255 +- IP:11.0.1.36/255.255.255.255 +- IP:11.0.1.37/255.255.255.255 +- IP:11.0.1.38/255.255.255.255 +- IP:11.0.1.39/255.255.255.255 +- IP:11.0.1.40/255.255.255.255 +- IP:11.0.1.41/255.255.255.255 +- IP:11.0.1.42/255.255.255.255 +- IP:11.0.1.43/255.255.255.255 +- IP:11.0.1.44/255.255.255.255 +- IP:11.0.1.45/255.255.255.255 +- IP:11.0.1.46/255.255.255.255 +- IP:11.0.1.47/255.255.255.255 +- IP:11.0.1.48/255.255.255.255 +- IP:11.0.1.49/255.255.255.255 +- IP:11.0.1.50/255.255.255.255 +- IP:11.0.1.51/255.255.255.255 +- IP:11.0.1.52/255.255.255.255 +- IP:11.0.1.53/255.255.255.255 +- IP:11.0.1.54/255.255.255.255 +- IP:11.0.1.55/255.255.255.255 +- IP:11.0.1.56/255.255.255.255 +- IP:11.0.1.57/255.255.255.255 +- IP:11.0.1.58/255.255.255.255 +- IP:11.0.1.59/255.255.255.255 +- IP:11.0.1.60/255.255.255.255 +- IP:11.0.1.61/255.255.255.255 +- IP:11.0.1.62/255.255.255.255 +- IP:11.0.1.63/255.255.255.255 +- IP:11.0.1.64/255.255.255.255 +- IP:11.0.1.65/255.255.255.255 +- IP:11.0.1.66/255.255.255.255 +- IP:11.0.1.67/255.255.255.255 +- IP:11.0.1.68/255.255.255.255 +- IP:11.0.1.69/255.255.255.255 +- IP:11.0.1.70/255.255.255.255 +- IP:11.0.1.71/255.255.255.255 +- IP:11.0.1.72/255.255.255.255 +- IP:11.0.1.73/255.255.255.255 +- IP:11.0.1.74/255.255.255.255 +- IP:11.0.1.75/255.255.255.255 +- IP:11.0.1.76/255.255.255.255 +- IP:11.0.1.77/255.255.255.255 +- IP:11.0.1.78/255.255.255.255 +- IP:11.0.1.79/255.255.255.255 +- IP:11.0.1.80/255.255.255.255 +- IP:11.0.1.81/255.255.255.255 +- IP:11.0.1.82/255.255.255.255 +- IP:11.0.1.83/255.255.255.255 +- IP:11.0.1.84/255.255.255.255 +- IP:11.0.1.85/255.255.255.255 +- IP:11.0.1.86/255.255.255.255 +- IP:11.0.1.87/255.255.255.255 +- IP:11.0.1.88/255.255.255.255 +- IP:11.0.1.89/255.255.255.255 +- IP:11.0.1.90/255.255.255.255 +- IP:11.0.1.91/255.255.255.255 +- IP:11.0.1.92/255.255.255.255 +- IP:11.0.1.93/255.255.255.255 +- IP:11.0.1.94/255.255.255.255 +- IP:11.0.1.95/255.255.255.255 +- IP:11.0.1.96/255.255.255.255 +- IP:11.0.1.97/255.255.255.255 +- IP:11.0.1.98/255.255.255.255 +- IP:11.0.1.99/255.255.255.255 +- IP:11.0.1.100/255.255.255.255 +- IP:11.0.1.101/255.255.255.255 +- IP:11.0.1.102/255.255.255.255 +- IP:11.0.1.103/255.255.255.255 +- IP:11.0.1.104/255.255.255.255 +- IP:11.0.1.105/255.255.255.255 +- IP:11.0.1.106/255.255.255.255 +- IP:11.0.1.107/255.255.255.255 +- IP:11.0.1.108/255.255.255.255 +- IP:11.0.1.109/255.255.255.255 +- IP:11.0.1.110/255.255.255.255 +- IP:11.0.1.111/255.255.255.255 +- IP:11.0.1.112/255.255.255.255 +- IP:11.0.1.113/255.255.255.255 +- IP:11.0.1.114/255.255.255.255 +- IP:11.0.1.115/255.255.255.255 +- IP:11.0.1.116/255.255.255.255 +- IP:11.0.1.117/255.255.255.255 +- IP:11.0.1.118/255.255.255.255 +- IP:11.0.1.119/255.255.255.255 +- IP:11.0.1.120/255.255.255.255 +- IP:11.0.1.121/255.255.255.255 +- IP:11.0.1.122/255.255.255.255 +- IP:11.0.1.123/255.255.255.255 +- IP:11.0.1.124/255.255.255.255 +- IP:11.0.1.125/255.255.255.255 +- IP:11.0.1.126/255.255.255.255 +- IP:11.0.1.127/255.255.255.255 +- IP:11.0.1.128/255.255.255.255 +- IP:11.0.1.129/255.255.255.255 +- IP:11.0.1.130/255.255.255.255 +- IP:11.0.1.131/255.255.255.255 +- IP:11.0.1.132/255.255.255.255 +- IP:11.0.1.133/255.255.255.255 +- IP:11.0.1.134/255.255.255.255 +- IP:11.0.1.135/255.255.255.255 +- IP:11.0.1.136/255.255.255.255 +- IP:11.0.1.137/255.255.255.255 +- IP:11.0.1.138/255.255.255.255 +- IP:11.0.1.139/255.255.255.255 +- IP:11.0.1.140/255.255.255.255 +- IP:11.0.1.141/255.255.255.255 +- IP:11.0.1.142/255.255.255.255 +- IP:11.0.1.143/255.255.255.255 +- IP:11.0.1.144/255.255.255.255 +- IP:11.0.1.145/255.255.255.255 +- IP:11.0.1.146/255.255.255.255 +- IP:11.0.1.147/255.255.255.255 +- IP:11.0.1.148/255.255.255.255 +- IP:11.0.1.149/255.255.255.255 +- IP:11.0.1.150/255.255.255.255 +- IP:11.0.1.151/255.255.255.255 +- IP:11.0.1.152/255.255.255.255 +- IP:11.0.1.153/255.255.255.255 +- IP:11.0.1.154/255.255.255.255 +- IP:11.0.1.155/255.255.255.255 +- IP:11.0.1.156/255.255.255.255 +- IP:11.0.1.157/255.255.255.255 +- IP:11.0.1.158/255.255.255.255 +- IP:11.0.1.159/255.255.255.255 +- IP:11.0.1.160/255.255.255.255 +- IP:11.0.1.161/255.255.255.255 +- IP:11.0.1.162/255.255.255.255 +- IP:11.0.1.163/255.255.255.255 +- IP:11.0.1.164/255.255.255.255 +- IP:11.0.1.165/255.255.255.255 +- IP:11.0.1.166/255.255.255.255 +- IP:11.0.1.167/255.255.255.255 +- IP:11.0.1.168/255.255.255.255 +- IP:11.0.1.169/255.255.255.255 +- IP:11.0.1.170/255.255.255.255 +- IP:11.0.1.171/255.255.255.255 +- IP:11.0.1.172/255.255.255.255 +- IP:11.0.1.173/255.255.255.255 +- IP:11.0.1.174/255.255.255.255 +- IP:11.0.1.175/255.255.255.255 +- IP:11.0.1.176/255.255.255.255 +- IP:11.0.1.177/255.255.255.255 +- IP:11.0.1.178/255.255.255.255 +- IP:11.0.1.179/255.255.255.255 +- IP:11.0.1.180/255.255.255.255 +- IP:11.0.1.181/255.255.255.255 +- IP:11.0.1.182/255.255.255.255 +- IP:11.0.1.183/255.255.255.255 +- IP:11.0.1.184/255.255.255.255 +- IP:11.0.1.185/255.255.255.255 +- IP:11.0.1.186/255.255.255.255 +- IP:11.0.1.187/255.255.255.255 +- IP:11.0.1.188/255.255.255.255 +- IP:11.0.1.189/255.255.255.255 +- IP:11.0.1.190/255.255.255.255 +- IP:11.0.1.191/255.255.255.255 +- IP:11.0.1.192/255.255.255.255 +- IP:11.0.1.193/255.255.255.255 +- IP:11.0.1.194/255.255.255.255 +- IP:11.0.1.195/255.255.255.255 +- IP:11.0.1.196/255.255.255.255 +- IP:11.0.1.197/255.255.255.255 +- IP:11.0.1.198/255.255.255.255 +- IP:11.0.1.199/255.255.255.255 +- IP:11.0.1.200/255.255.255.255 +- IP:11.0.1.201/255.255.255.255 +- IP:11.0.1.202/255.255.255.255 +- IP:11.0.1.203/255.255.255.255 +- IP:11.0.1.204/255.255.255.255 +- IP:11.0.1.205/255.255.255.255 +- IP:11.0.1.206/255.255.255.255 +- IP:11.0.1.207/255.255.255.255 +- IP:11.0.1.208/255.255.255.255 +- IP:11.0.1.209/255.255.255.255 +- IP:11.0.1.210/255.255.255.255 +- IP:11.0.1.211/255.255.255.255 +- IP:11.0.1.212/255.255.255.255 +- IP:11.0.1.213/255.255.255.255 +- IP:11.0.1.214/255.255.255.255 +- IP:11.0.1.215/255.255.255.255 +- IP:11.0.1.216/255.255.255.255 +- IP:11.0.1.217/255.255.255.255 +- IP:11.0.1.218/255.255.255.255 +- IP:11.0.1.219/255.255.255.255 +- IP:11.0.1.220/255.255.255.255 +- IP:11.0.1.221/255.255.255.255 +- IP:11.0.1.222/255.255.255.255 +- IP:11.0.1.223/255.255.255.255 +- IP:11.0.1.224/255.255.255.255 +- IP:11.0.1.225/255.255.255.255 +- IP:11.0.1.226/255.255.255.255 +- IP:11.0.1.227/255.255.255.255 +- IP:11.0.1.228/255.255.255.255 +- IP:11.0.1.229/255.255.255.255 +- IP:11.0.1.230/255.255.255.255 +- IP:11.0.1.231/255.255.255.255 +- IP:11.0.1.232/255.255.255.255 +- IP:11.0.1.233/255.255.255.255 +- IP:11.0.1.234/255.255.255.255 +- IP:11.0.1.235/255.255.255.255 +- IP:11.0.1.236/255.255.255.255 +- IP:11.0.1.237/255.255.255.255 +- IP:11.0.1.238/255.255.255.255 +- IP:11.0.1.239/255.255.255.255 +- IP:11.0.1.240/255.255.255.255 +- IP:11.0.1.241/255.255.255.255 +- IP:11.0.1.242/255.255.255.255 +- IP:11.0.1.243/255.255.255.255 +- IP:11.0.1.244/255.255.255.255 +- IP:11.0.1.245/255.255.255.255 +- IP:11.0.1.246/255.255.255.255 +- IP:11.0.1.247/255.255.255.255 +- IP:11.0.1.248/255.255.255.255 +- IP:11.0.1.249/255.255.255.255 +- IP:11.0.1.250/255.255.255.255 +- IP:11.0.1.251/255.255.255.255 +- IP:11.0.1.252/255.255.255.255 +- IP:11.0.1.253/255.255.255.255 +- IP:11.0.1.254/255.255.255.255 +- IP:11.0.1.255/255.255.255.255 +- IP:11.0.2.0/255.255.255.255 +- IP:11.0.2.1/255.255.255.255 +- IP:11.0.2.2/255.255.255.255 +- IP:11.0.2.3/255.255.255.255 +- IP:11.0.2.4/255.255.255.255 +- IP:11.0.2.5/255.255.255.255 +- IP:11.0.2.6/255.255.255.255 +- IP:11.0.2.7/255.255.255.255 +- IP:11.0.2.8/255.255.255.255 +- IP:11.0.2.9/255.255.255.255 +- IP:11.0.2.10/255.255.255.255 +- IP:11.0.2.11/255.255.255.255 +- IP:11.0.2.12/255.255.255.255 +- IP:11.0.2.13/255.255.255.255 +- IP:11.0.2.14/255.255.255.255 +- IP:11.0.2.15/255.255.255.255 +- IP:11.0.2.16/255.255.255.255 +- IP:11.0.2.17/255.255.255.255 +- IP:11.0.2.18/255.255.255.255 +- IP:11.0.2.19/255.255.255.255 +- IP:11.0.2.20/255.255.255.255 +- IP:11.0.2.21/255.255.255.255 +- IP:11.0.2.22/255.255.255.255 +- IP:11.0.2.23/255.255.255.255 +- IP:11.0.2.24/255.255.255.255 +- IP:11.0.2.25/255.255.255.255 +- IP:11.0.2.26/255.255.255.255 +- IP:11.0.2.27/255.255.255.255 +- IP:11.0.2.28/255.255.255.255 +- IP:11.0.2.29/255.255.255.255 +- IP:11.0.2.30/255.255.255.255 +- IP:11.0.2.31/255.255.255.255 +- IP:11.0.2.32/255.255.255.255 +- IP:11.0.2.33/255.255.255.255 +- IP:11.0.2.34/255.255.255.255 +- IP:11.0.2.35/255.255.255.255 +- IP:11.0.2.36/255.255.255.255 +- IP:11.0.2.37/255.255.255.255 +- IP:11.0.2.38/255.255.255.255 +- IP:11.0.2.39/255.255.255.255 +- IP:11.0.2.40/255.255.255.255 +- IP:11.0.2.41/255.255.255.255 +- IP:11.0.2.42/255.255.255.255 +- IP:11.0.2.43/255.255.255.255 +- IP:11.0.2.44/255.255.255.255 +- IP:11.0.2.45/255.255.255.255 +- IP:11.0.2.46/255.255.255.255 +- IP:11.0.2.47/255.255.255.255 +- IP:11.0.2.48/255.255.255.255 +- IP:11.0.2.49/255.255.255.255 +- IP:11.0.2.50/255.255.255.255 +- IP:11.0.2.51/255.255.255.255 +- IP:11.0.2.52/255.255.255.255 +- IP:11.0.2.53/255.255.255.255 +- IP:11.0.2.54/255.255.255.255 +- IP:11.0.2.55/255.255.255.255 +- IP:11.0.2.56/255.255.255.255 +- IP:11.0.2.57/255.255.255.255 +- IP:11.0.2.58/255.255.255.255 +- IP:11.0.2.59/255.255.255.255 +- IP:11.0.2.60/255.255.255.255 +- IP:11.0.2.61/255.255.255.255 +- IP:11.0.2.62/255.255.255.255 +- IP:11.0.2.63/255.255.255.255 +- IP:11.0.2.64/255.255.255.255 +- IP:11.0.2.65/255.255.255.255 +- IP:11.0.2.66/255.255.255.255 +- IP:11.0.2.67/255.255.255.255 +- IP:11.0.2.68/255.255.255.255 +- IP:11.0.2.69/255.255.255.255 +- IP:11.0.2.70/255.255.255.255 +- IP:11.0.2.71/255.255.255.255 +- IP:11.0.2.72/255.255.255.255 +- IP:11.0.2.73/255.255.255.255 +- IP:11.0.2.74/255.255.255.255 +- IP:11.0.2.75/255.255.255.255 +- IP:11.0.2.76/255.255.255.255 +- IP:11.0.2.77/255.255.255.255 +- IP:11.0.2.78/255.255.255.255 +- IP:11.0.2.79/255.255.255.255 +- IP:11.0.2.80/255.255.255.255 +- IP:11.0.2.81/255.255.255.255 +- IP:11.0.2.82/255.255.255.255 +- IP:11.0.2.83/255.255.255.255 +- IP:11.0.2.84/255.255.255.255 +- IP:11.0.2.85/255.255.255.255 +- IP:11.0.2.86/255.255.255.255 +- IP:11.0.2.87/255.255.255.255 +- IP:11.0.2.88/255.255.255.255 +- IP:11.0.2.89/255.255.255.255 +- IP:11.0.2.90/255.255.255.255 +- IP:11.0.2.91/255.255.255.255 +- IP:11.0.2.92/255.255.255.255 +- IP:11.0.2.93/255.255.255.255 +- IP:11.0.2.94/255.255.255.255 +- IP:11.0.2.95/255.255.255.255 +- IP:11.0.2.96/255.255.255.255 +- IP:11.0.2.97/255.255.255.255 +- IP:11.0.2.98/255.255.255.255 +- IP:11.0.2.99/255.255.255.255 +- IP:11.0.2.100/255.255.255.255 +- IP:11.0.2.101/255.255.255.255 +- IP:11.0.2.102/255.255.255.255 +- IP:11.0.2.103/255.255.255.255 +- IP:11.0.2.104/255.255.255.255 +- IP:11.0.2.105/255.255.255.255 +- IP:11.0.2.106/255.255.255.255 +- IP:11.0.2.107/255.255.255.255 +- IP:11.0.2.108/255.255.255.255 +- IP:11.0.2.109/255.255.255.255 +- IP:11.0.2.110/255.255.255.255 +- IP:11.0.2.111/255.255.255.255 +- IP:11.0.2.112/255.255.255.255 +- IP:11.0.2.113/255.255.255.255 +- IP:11.0.2.114/255.255.255.255 +- IP:11.0.2.115/255.255.255.255 +- IP:11.0.2.116/255.255.255.255 +- IP:11.0.2.117/255.255.255.255 +- IP:11.0.2.118/255.255.255.255 +- IP:11.0.2.119/255.255.255.255 +- IP:11.0.2.120/255.255.255.255 +- IP:11.0.2.121/255.255.255.255 +- IP:11.0.2.122/255.255.255.255 +- IP:11.0.2.123/255.255.255.255 +- IP:11.0.2.124/255.255.255.255 +- IP:11.0.2.125/255.255.255.255 +- IP:11.0.2.126/255.255.255.255 +- IP:11.0.2.127/255.255.255.255 +- IP:11.0.2.128/255.255.255.255 +- IP:11.0.2.129/255.255.255.255 +- IP:11.0.2.130/255.255.255.255 +- IP:11.0.2.131/255.255.255.255 +- IP:11.0.2.132/255.255.255.255 +- IP:11.0.2.133/255.255.255.255 +- IP:11.0.2.134/255.255.255.255 +- IP:11.0.2.135/255.255.255.255 +- IP:11.0.2.136/255.255.255.255 +- IP:11.0.2.137/255.255.255.255 +- IP:11.0.2.138/255.255.255.255 +- IP:11.0.2.139/255.255.255.255 +- IP:11.0.2.140/255.255.255.255 +- IP:11.0.2.141/255.255.255.255 +- IP:11.0.2.142/255.255.255.255 +- IP:11.0.2.143/255.255.255.255 +- IP:11.0.2.144/255.255.255.255 +- IP:11.0.2.145/255.255.255.255 +- IP:11.0.2.146/255.255.255.255 +- IP:11.0.2.147/255.255.255.255 +- IP:11.0.2.148/255.255.255.255 +- IP:11.0.2.149/255.255.255.255 +- IP:11.0.2.150/255.255.255.255 +- IP:11.0.2.151/255.255.255.255 +- IP:11.0.2.152/255.255.255.255 +- IP:11.0.2.153/255.255.255.255 +- IP:11.0.2.154/255.255.255.255 +- IP:11.0.2.155/255.255.255.255 +- IP:11.0.2.156/255.255.255.255 +- IP:11.0.2.157/255.255.255.255 +- IP:11.0.2.158/255.255.255.255 +- IP:11.0.2.159/255.255.255.255 +- IP:11.0.2.160/255.255.255.255 +- IP:11.0.2.161/255.255.255.255 +- IP:11.0.2.162/255.255.255.255 +- IP:11.0.2.163/255.255.255.255 +- IP:11.0.2.164/255.255.255.255 +- IP:11.0.2.165/255.255.255.255 +- IP:11.0.2.166/255.255.255.255 +- IP:11.0.2.167/255.255.255.255 +- IP:11.0.2.168/255.255.255.255 +- IP:11.0.2.169/255.255.255.255 +- IP:11.0.2.170/255.255.255.255 +- IP:11.0.2.171/255.255.255.255 +- IP:11.0.2.172/255.255.255.255 +- IP:11.0.2.173/255.255.255.255 +- IP:11.0.2.174/255.255.255.255 +- IP:11.0.2.175/255.255.255.255 +- IP:11.0.2.176/255.255.255.255 +- IP:11.0.2.177/255.255.255.255 +- IP:11.0.2.178/255.255.255.255 +- IP:11.0.2.179/255.255.255.255 +- IP:11.0.2.180/255.255.255.255 +- IP:11.0.2.181/255.255.255.255 +- IP:11.0.2.182/255.255.255.255 +- IP:11.0.2.183/255.255.255.255 +- IP:11.0.2.184/255.255.255.255 +- IP:11.0.2.185/255.255.255.255 +- IP:11.0.2.186/255.255.255.255 +- IP:11.0.2.187/255.255.255.255 +- IP:11.0.2.188/255.255.255.255 +- IP:11.0.2.189/255.255.255.255 +- IP:11.0.2.190/255.255.255.255 +- IP:11.0.2.191/255.255.255.255 +- IP:11.0.2.192/255.255.255.255 +- IP:11.0.2.193/255.255.255.255 +- IP:11.0.2.194/255.255.255.255 +- IP:11.0.2.195/255.255.255.255 +- IP:11.0.2.196/255.255.255.255 +- IP:11.0.2.197/255.255.255.255 +- IP:11.0.2.198/255.255.255.255 +- IP:11.0.2.199/255.255.255.255 +- IP:11.0.2.200/255.255.255.255 +- IP:11.0.2.201/255.255.255.255 +- IP:11.0.2.202/255.255.255.255 +- IP:11.0.2.203/255.255.255.255 +- IP:11.0.2.204/255.255.255.255 +- IP:11.0.2.205/255.255.255.255 +- IP:11.0.2.206/255.255.255.255 +- IP:11.0.2.207/255.255.255.255 +- IP:11.0.2.208/255.255.255.255 +- IP:11.0.2.209/255.255.255.255 +- IP:11.0.2.210/255.255.255.255 +- IP:11.0.2.211/255.255.255.255 +- IP:11.0.2.212/255.255.255.255 +- IP:11.0.2.213/255.255.255.255 +- IP:11.0.2.214/255.255.255.255 +- IP:11.0.2.215/255.255.255.255 +- IP:11.0.2.216/255.255.255.255 +- IP:11.0.2.217/255.255.255.255 +- IP:11.0.2.218/255.255.255.255 +- IP:11.0.2.219/255.255.255.255 +- IP:11.0.2.220/255.255.255.255 +- IP:11.0.2.221/255.255.255.255 +- IP:11.0.2.222/255.255.255.255 +- IP:11.0.2.223/255.255.255.255 +- IP:11.0.2.224/255.255.255.255 +- IP:11.0.2.225/255.255.255.255 +- IP:11.0.2.226/255.255.255.255 +- IP:11.0.2.227/255.255.255.255 +- IP:11.0.2.228/255.255.255.255 +- IP:11.0.2.229/255.255.255.255 +- IP:11.0.2.230/255.255.255.255 +- IP:11.0.2.231/255.255.255.255 +- IP:11.0.2.232/255.255.255.255 +- IP:11.0.2.233/255.255.255.255 +- IP:11.0.2.234/255.255.255.255 +- IP:11.0.2.235/255.255.255.255 +- IP:11.0.2.236/255.255.255.255 +- IP:11.0.2.237/255.255.255.255 +- IP:11.0.2.238/255.255.255.255 +- IP:11.0.2.239/255.255.255.255 +- IP:11.0.2.240/255.255.255.255 +- IP:11.0.2.241/255.255.255.255 +- IP:11.0.2.242/255.255.255.255 +- IP:11.0.2.243/255.255.255.255 +- IP:11.0.2.244/255.255.255.255 +- IP:11.0.2.245/255.255.255.255 +- IP:11.0.2.246/255.255.255.255 +- IP:11.0.2.247/255.255.255.255 +- IP:11.0.2.248/255.255.255.255 +- IP:11.0.2.249/255.255.255.255 +- IP:11.0.2.250/255.255.255.255 +- IP:11.0.2.251/255.255.255.255 +- IP:11.0.2.252/255.255.255.255 +- IP:11.0.2.253/255.255.255.255 +- IP:11.0.2.254/255.255.255.255 +- IP:11.0.2.255/255.255.255.255 +- IP:11.0.3.0/255.255.255.255 +- IP:11.0.3.1/255.255.255.255 +- IP:11.0.3.2/255.255.255.255 +- IP:11.0.3.3/255.255.255.255 +- IP:11.0.3.4/255.255.255.255 +- IP:11.0.3.5/255.255.255.255 +- IP:11.0.3.6/255.255.255.255 +- IP:11.0.3.7/255.255.255.255 +- IP:11.0.3.8/255.255.255.255 +- IP:11.0.3.9/255.255.255.255 +- IP:11.0.3.10/255.255.255.255 +- IP:11.0.3.11/255.255.255.255 +- IP:11.0.3.12/255.255.255.255 +- IP:11.0.3.13/255.255.255.255 +- IP:11.0.3.14/255.255.255.255 +- IP:11.0.3.15/255.255.255.255 +- IP:11.0.3.16/255.255.255.255 +- IP:11.0.3.17/255.255.255.255 +- IP:11.0.3.18/255.255.255.255 +- IP:11.0.3.19/255.255.255.255 +- IP:11.0.3.20/255.255.255.255 +- IP:11.0.3.21/255.255.255.255 +- IP:11.0.3.22/255.255.255.255 +- IP:11.0.3.23/255.255.255.255 +- IP:11.0.3.24/255.255.255.255 +- IP:11.0.3.25/255.255.255.255 +- IP:11.0.3.26/255.255.255.255 +- IP:11.0.3.27/255.255.255.255 +- IP:11.0.3.28/255.255.255.255 +- IP:11.0.3.29/255.255.255.255 +- IP:11.0.3.30/255.255.255.255 +- IP:11.0.3.31/255.255.255.255 +- IP:11.0.3.32/255.255.255.255 +- IP:11.0.3.33/255.255.255.255 +- IP:11.0.3.34/255.255.255.255 +- IP:11.0.3.35/255.255.255.255 +- IP:11.0.3.36/255.255.255.255 +- IP:11.0.3.37/255.255.255.255 +- IP:11.0.3.38/255.255.255.255 +- IP:11.0.3.39/255.255.255.255 +- IP:11.0.3.40/255.255.255.255 +- IP:11.0.3.41/255.255.255.255 +- IP:11.0.3.42/255.255.255.255 +- IP:11.0.3.43/255.255.255.255 +- IP:11.0.3.44/255.255.255.255 +- IP:11.0.3.45/255.255.255.255 +- IP:11.0.3.46/255.255.255.255 +- IP:11.0.3.47/255.255.255.255 +- IP:11.0.3.48/255.255.255.255 +- IP:11.0.3.49/255.255.255.255 +- IP:11.0.3.50/255.255.255.255 +- IP:11.0.3.51/255.255.255.255 +- IP:11.0.3.52/255.255.255.255 +- IP:11.0.3.53/255.255.255.255 +- IP:11.0.3.54/255.255.255.255 +- IP:11.0.3.55/255.255.255.255 +- IP:11.0.3.56/255.255.255.255 +- IP:11.0.3.57/255.255.255.255 +- IP:11.0.3.58/255.255.255.255 +- IP:11.0.3.59/255.255.255.255 +- IP:11.0.3.60/255.255.255.255 +- IP:11.0.3.61/255.255.255.255 +- IP:11.0.3.62/255.255.255.255 +- IP:11.0.3.63/255.255.255.255 +- IP:11.0.3.64/255.255.255.255 +- IP:11.0.3.65/255.255.255.255 +- IP:11.0.3.66/255.255.255.255 +- IP:11.0.3.67/255.255.255.255 +- IP:11.0.3.68/255.255.255.255 +- IP:11.0.3.69/255.255.255.255 +- IP:11.0.3.70/255.255.255.255 +- IP:11.0.3.71/255.255.255.255 +- IP:11.0.3.72/255.255.255.255 +- IP:11.0.3.73/255.255.255.255 +- IP:11.0.3.74/255.255.255.255 +- IP:11.0.3.75/255.255.255.255 +- IP:11.0.3.76/255.255.255.255 +- IP:11.0.3.77/255.255.255.255 +- IP:11.0.3.78/255.255.255.255 +- IP:11.0.3.79/255.255.255.255 +- IP:11.0.3.80/255.255.255.255 +- IP:11.0.3.81/255.255.255.255 +- IP:11.0.3.82/255.255.255.255 +- IP:11.0.3.83/255.255.255.255 +- IP:11.0.3.84/255.255.255.255 +- IP:11.0.3.85/255.255.255.255 +- IP:11.0.3.86/255.255.255.255 +- IP:11.0.3.87/255.255.255.255 +- IP:11.0.3.88/255.255.255.255 +- IP:11.0.3.89/255.255.255.255 +- IP:11.0.3.90/255.255.255.255 +- IP:11.0.3.91/255.255.255.255 +- IP:11.0.3.92/255.255.255.255 +- IP:11.0.3.93/255.255.255.255 +- IP:11.0.3.94/255.255.255.255 +- IP:11.0.3.95/255.255.255.255 +- IP:11.0.3.96/255.255.255.255 +- IP:11.0.3.97/255.255.255.255 +- IP:11.0.3.98/255.255.255.255 +- IP:11.0.3.99/255.255.255.255 +- IP:11.0.3.100/255.255.255.255 +- IP:11.0.3.101/255.255.255.255 +- IP:11.0.3.102/255.255.255.255 +- IP:11.0.3.103/255.255.255.255 +- IP:11.0.3.104/255.255.255.255 +- IP:11.0.3.105/255.255.255.255 +- IP:11.0.3.106/255.255.255.255 +- IP:11.0.3.107/255.255.255.255 +- IP:11.0.3.108/255.255.255.255 +- IP:11.0.3.109/255.255.255.255 +- IP:11.0.3.110/255.255.255.255 +- IP:11.0.3.111/255.255.255.255 +- IP:11.0.3.112/255.255.255.255 +- IP:11.0.3.113/255.255.255.255 +- IP:11.0.3.114/255.255.255.255 +- IP:11.0.3.115/255.255.255.255 +- IP:11.0.3.116/255.255.255.255 +- IP:11.0.3.117/255.255.255.255 +- IP:11.0.3.118/255.255.255.255 +- IP:11.0.3.119/255.255.255.255 +- IP:11.0.3.120/255.255.255.255 +- IP:11.0.3.121/255.255.255.255 +- IP:11.0.3.122/255.255.255.255 +- IP:11.0.3.123/255.255.255.255 +- IP:11.0.3.124/255.255.255.255 +- IP:11.0.3.125/255.255.255.255 +- IP:11.0.3.126/255.255.255.255 +- IP:11.0.3.127/255.255.255.255 +- IP:11.0.3.128/255.255.255.255 +- IP:11.0.3.129/255.255.255.255 +- IP:11.0.3.130/255.255.255.255 +- IP:11.0.3.131/255.255.255.255 +- IP:11.0.3.132/255.255.255.255 +- IP:11.0.3.133/255.255.255.255 +- IP:11.0.3.134/255.255.255.255 +- IP:11.0.3.135/255.255.255.255 +- IP:11.0.3.136/255.255.255.255 +- IP:11.0.3.137/255.255.255.255 +- IP:11.0.3.138/255.255.255.255 +- IP:11.0.3.139/255.255.255.255 +- IP:11.0.3.140/255.255.255.255 +- IP:11.0.3.141/255.255.255.255 +- IP:11.0.3.142/255.255.255.255 +- IP:11.0.3.143/255.255.255.255 +- IP:11.0.3.144/255.255.255.255 +- IP:11.0.3.145/255.255.255.255 +- IP:11.0.3.146/255.255.255.255 +- IP:11.0.3.147/255.255.255.255 +- IP:11.0.3.148/255.255.255.255 +- IP:11.0.3.149/255.255.255.255 +- IP:11.0.3.150/255.255.255.255 +- IP:11.0.3.151/255.255.255.255 +- IP:11.0.3.152/255.255.255.255 +- IP:11.0.3.153/255.255.255.255 +- IP:11.0.3.154/255.255.255.255 +- IP:11.0.3.155/255.255.255.255 +- IP:11.0.3.156/255.255.255.255 +- IP:11.0.3.157/255.255.255.255 +- IP:11.0.3.158/255.255.255.255 +- IP:11.0.3.159/255.255.255.255 +- IP:11.0.3.160/255.255.255.255 +- IP:11.0.3.161/255.255.255.255 +- IP:11.0.3.162/255.255.255.255 +- IP:11.0.3.163/255.255.255.255 +- IP:11.0.3.164/255.255.255.255 +- IP:11.0.3.165/255.255.255.255 +- IP:11.0.3.166/255.255.255.255 +- IP:11.0.3.167/255.255.255.255 +- IP:11.0.3.168/255.255.255.255 +- IP:11.0.3.169/255.255.255.255 +- IP:11.0.3.170/255.255.255.255 +- IP:11.0.3.171/255.255.255.255 +- IP:11.0.3.172/255.255.255.255 +- IP:11.0.3.173/255.255.255.255 +- IP:11.0.3.174/255.255.255.255 +- IP:11.0.3.175/255.255.255.255 +- IP:11.0.3.176/255.255.255.255 +- IP:11.0.3.177/255.255.255.255 +- IP:11.0.3.178/255.255.255.255 +- IP:11.0.3.179/255.255.255.255 +- IP:11.0.3.180/255.255.255.255 +- IP:11.0.3.181/255.255.255.255 +- IP:11.0.3.182/255.255.255.255 +- IP:11.0.3.183/255.255.255.255 +- IP:11.0.3.184/255.255.255.255 +- IP:11.0.3.185/255.255.255.255 +- IP:11.0.3.186/255.255.255.255 +- IP:11.0.3.187/255.255.255.255 +- IP:11.0.3.188/255.255.255.255 +- IP:11.0.3.189/255.255.255.255 +- IP:11.0.3.190/255.255.255.255 +- IP:11.0.3.191/255.255.255.255 +- IP:11.0.3.192/255.255.255.255 +- IP:11.0.3.193/255.255.255.255 +- IP:11.0.3.194/255.255.255.255 +- IP:11.0.3.195/255.255.255.255 +- IP:11.0.3.196/255.255.255.255 +- IP:11.0.3.197/255.255.255.255 +- IP:11.0.3.198/255.255.255.255 +- IP:11.0.3.199/255.255.255.255 +- IP:11.0.3.200/255.255.255.255 +- IP:11.0.3.201/255.255.255.255 +- IP:11.0.3.202/255.255.255.255 +- IP:11.0.3.203/255.255.255.255 +- IP:11.0.3.204/255.255.255.255 +- IP:11.0.3.205/255.255.255.255 +- IP:11.0.3.206/255.255.255.255 +- IP:11.0.3.207/255.255.255.255 +- IP:11.0.3.208/255.255.255.255 +- IP:11.0.3.209/255.255.255.255 +- IP:11.0.3.210/255.255.255.255 +- IP:11.0.3.211/255.255.255.255 +- IP:11.0.3.212/255.255.255.255 +- IP:11.0.3.213/255.255.255.255 +- IP:11.0.3.214/255.255.255.255 +- IP:11.0.3.215/255.255.255.255 +- IP:11.0.3.216/255.255.255.255 +- IP:11.0.3.217/255.255.255.255 +- IP:11.0.3.218/255.255.255.255 +- IP:11.0.3.219/255.255.255.255 +- IP:11.0.3.220/255.255.255.255 +- IP:11.0.3.221/255.255.255.255 +- IP:11.0.3.222/255.255.255.255 +- IP:11.0.3.223/255.255.255.255 +- IP:11.0.3.224/255.255.255.255 +- IP:11.0.3.225/255.255.255.255 +- IP:11.0.3.226/255.255.255.255 +- IP:11.0.3.227/255.255.255.255 +- IP:11.0.3.228/255.255.255.255 +- IP:11.0.3.229/255.255.255.255 +- IP:11.0.3.230/255.255.255.255 +- IP:11.0.3.231/255.255.255.255 +- IP:11.0.3.232/255.255.255.255 +- IP:11.0.3.233/255.255.255.255 +- IP:11.0.3.234/255.255.255.255 +- IP:11.0.3.235/255.255.255.255 +- IP:11.0.3.236/255.255.255.255 +- IP:11.0.3.237/255.255.255.255 +- IP:11.0.3.238/255.255.255.255 +- IP:11.0.3.239/255.255.255.255 +- IP:11.0.3.240/255.255.255.255 +- IP:11.0.3.241/255.255.255.255 +- IP:11.0.3.242/255.255.255.255 +- IP:11.0.3.243/255.255.255.255 +- IP:11.0.3.244/255.255.255.255 +- IP:11.0.3.245/255.255.255.255 +- IP:11.0.3.246/255.255.255.255 +- IP:11.0.3.247/255.255.255.255 +- IP:11.0.3.248/255.255.255.255 +- IP:11.0.3.249/255.255.255.255 +- IP:11.0.3.250/255.255.255.255 +- IP:11.0.3.251/255.255.255.255 +- IP:11.0.3.252/255.255.255.255 +- IP:11.0.3.253/255.255.255.255 +- IP:11.0.3.254/255.255.255.255 +- IP:11.0.3.255/255.255.255.255 +- IP:11.0.4.0/255.255.255.255 +- DirName:CN = x0 +- DirName:CN = x1 +- DirName:CN = x2 +- DirName:CN = x3 +- DirName:CN = x4 +- DirName:CN = x5 +- DirName:CN = x6 +- DirName:CN = x7 +- DirName:CN = x8 +- DirName:CN = x9 +- DirName:CN = x10 +- DirName:CN = x11 +- DirName:CN = x12 +- DirName:CN = x13 +- DirName:CN = x14 +- DirName:CN = x15 +- DirName:CN = x16 +- DirName:CN = x17 +- DirName:CN = x18 +- DirName:CN = x19 +- DirName:CN = x20 +- DirName:CN = x21 +- DirName:CN = x22 +- DirName:CN = x23 +- DirName:CN = x24 +- DirName:CN = x25 +- DirName:CN = x26 +- DirName:CN = x27 +- DirName:CN = x28 +- DirName:CN = x29 +- DirName:CN = x30 +- DirName:CN = x31 +- DirName:CN = x32 +- DirName:CN = x33 +- DirName:CN = x34 +- DirName:CN = x35 +- DirName:CN = x36 +- DirName:CN = x37 +- DirName:CN = x38 +- DirName:CN = x39 +- DirName:CN = x40 +- DirName:CN = x41 +- DirName:CN = x42 +- DirName:CN = x43 +- DirName:CN = x44 +- DirName:CN = x45 +- DirName:CN = x46 +- DirName:CN = x47 +- DirName:CN = x48 +- DirName:CN = x49 +- DirName:CN = x50 +- DirName:CN = x51 +- DirName:CN = x52 +- DirName:CN = x53 +- DirName:CN = x54 +- DirName:CN = x55 +- DirName:CN = x56 +- DirName:CN = x57 +- DirName:CN = x58 +- DirName:CN = x59 +- DirName:CN = x60 +- DirName:CN = x61 +- DirName:CN = x62 +- DirName:CN = x63 +- DirName:CN = x64 +- DirName:CN = x65 +- DirName:CN = x66 +- DirName:CN = x67 +- DirName:CN = x68 +- DirName:CN = x69 +- DirName:CN = x70 +- DirName:CN = x71 +- DirName:CN = x72 +- DirName:CN = x73 +- DirName:CN = x74 +- DirName:CN = x75 +- DirName:CN = x76 +- DirName:CN = x77 +- DirName:CN = x78 +- DirName:CN = x79 +- DirName:CN = x80 +- DirName:CN = x81 +- DirName:CN = x82 +- DirName:CN = x83 +- DirName:CN = x84 +- DirName:CN = x85 +- DirName:CN = x86 +- DirName:CN = x87 +- DirName:CN = x88 +- DirName:CN = x89 +- DirName:CN = x90 +- DirName:CN = x91 +- DirName:CN = x92 +- DirName:CN = x93 +- DirName:CN = x94 +- DirName:CN = x95 +- DirName:CN = x96 +- DirName:CN = x97 +- DirName:CN = x98 +- DirName:CN = x99 +- DirName:CN = x100 +- DirName:CN = x101 +- DirName:CN = x102 +- DirName:CN = x103 +- DirName:CN = x104 +- DirName:CN = x105 +- DirName:CN = x106 +- DirName:CN = x107 +- DirName:CN = x108 +- DirName:CN = x109 +- DirName:CN = x110 +- DirName:CN = x111 +- DirName:CN = x112 +- DirName:CN = x113 +- DirName:CN = x114 +- DirName:CN = x115 +- DirName:CN = x116 +- DirName:CN = x117 +- DirName:CN = x118 +- DirName:CN = x119 +- DirName:CN = x120 +- DirName:CN = x121 +- DirName:CN = x122 +- DirName:CN = x123 +- DirName:CN = x124 +- DirName:CN = x125 +- DirName:CN = x126 +- DirName:CN = x127 +- DirName:CN = x128 +- DirName:CN = x129 +- DirName:CN = x130 +- DirName:CN = x131 +- DirName:CN = x132 +- DirName:CN = x133 +- DirName:CN = x134 +- DirName:CN = x135 +- DirName:CN = x136 +- DirName:CN = x137 +- DirName:CN = x138 +- DirName:CN = x139 +- DirName:CN = x140 +- DirName:CN = x141 +- DirName:CN = x142 +- DirName:CN = x143 +- DirName:CN = x144 +- DirName:CN = x145 +- DirName:CN = x146 +- DirName:CN = x147 +- DirName:CN = x148 +- DirName:CN = x149 +- DirName:CN = x150 +- DirName:CN = x151 +- DirName:CN = x152 +- DirName:CN = x153 +- DirName:CN = x154 +- DirName:CN = x155 +- DirName:CN = x156 +- DirName:CN = x157 +- DirName:CN = x158 +- DirName:CN = x159 +- DirName:CN = x160 +- DirName:CN = x161 +- DirName:CN = x162 +- DirName:CN = x163 +- DirName:CN = x164 +- DirName:CN = x165 +- DirName:CN = x166 +- DirName:CN = x167 +- DirName:CN = x168 +- DirName:CN = x169 +- DirName:CN = x170 +- DirName:CN = x171 +- DirName:CN = x172 +- DirName:CN = x173 +- DirName:CN = x174 +- DirName:CN = x175 +- DirName:CN = x176 +- DirName:CN = x177 +- DirName:CN = x178 +- DirName:CN = x179 +- DirName:CN = x180 +- DirName:CN = x181 +- DirName:CN = x182 +- DirName:CN = x183 +- DirName:CN = x184 +- DirName:CN = x185 +- DirName:CN = x186 +- DirName:CN = x187 +- DirName:CN = x188 +- DirName:CN = x189 +- DirName:CN = x190 +- DirName:CN = x191 +- DirName:CN = x192 +- DirName:CN = x193 +- DirName:CN = x194 +- DirName:CN = x195 +- DirName:CN = x196 +- DirName:CN = x197 +- DirName:CN = x198 +- DirName:CN = x199 +- DirName:CN = x200 +- DirName:CN = x201 +- DirName:CN = x202 +- DirName:CN = x203 +- DirName:CN = x204 +- DirName:CN = x205 +- DirName:CN = x206 +- DirName:CN = x207 +- DirName:CN = x208 +- DirName:CN = x209 +- DirName:CN = x210 +- DirName:CN = x211 +- DirName:CN = x212 +- DirName:CN = x213 +- DirName:CN = x214 +- DirName:CN = x215 +- DirName:CN = x216 +- DirName:CN = x217 +- DirName:CN = x218 +- DirName:CN = x219 +- DirName:CN = x220 +- DirName:CN = x221 +- DirName:CN = x222 +- DirName:CN = x223 +- DirName:CN = x224 +- DirName:CN = x225 +- DirName:CN = x226 +- DirName:CN = x227 +- DirName:CN = x228 +- DirName:CN = x229 +- DirName:CN = x230 +- DirName:CN = x231 +- DirName:CN = x232 +- DirName:CN = x233 +- DirName:CN = x234 +- DirName:CN = x235 +- DirName:CN = x236 +- DirName:CN = x237 +- DirName:CN = x238 +- DirName:CN = x239 +- DirName:CN = x240 +- DirName:CN = x241 +- DirName:CN = x242 +- DirName:CN = x243 +- DirName:CN = x244 +- DirName:CN = x245 +- DirName:CN = x246 +- DirName:CN = x247 +- DirName:CN = x248 +- DirName:CN = x249 +- DirName:CN = x250 +- DirName:CN = x251 +- DirName:CN = x252 +- DirName:CN = x253 +- DirName:CN = x254 +- DirName:CN = x255 +- DirName:CN = x256 +- DirName:CN = x257 +- DirName:CN = x258 +- DirName:CN = x259 +- DirName:CN = x260 +- DirName:CN = x261 +- DirName:CN = x262 +- DirName:CN = x263 +- DirName:CN = x264 +- DirName:CN = x265 +- DirName:CN = x266 +- DirName:CN = x267 +- DirName:CN = x268 +- DirName:CN = x269 +- DirName:CN = x270 +- DirName:CN = x271 +- DirName:CN = x272 +- DirName:CN = x273 +- DirName:CN = x274 +- DirName:CN = x275 +- DirName:CN = x276 +- DirName:CN = x277 +- DirName:CN = x278 +- DirName:CN = x279 +- DirName:CN = x280 +- DirName:CN = x281 +- DirName:CN = x282 +- DirName:CN = x283 +- DirName:CN = x284 +- DirName:CN = x285 +- DirName:CN = x286 +- DirName:CN = x287 +- DirName:CN = x288 +- DirName:CN = x289 +- DirName:CN = x290 +- DirName:CN = x291 +- DirName:CN = x292 +- DirName:CN = x293 +- DirName:CN = x294 +- DirName:CN = x295 +- DirName:CN = x296 +- DirName:CN = x297 +- DirName:CN = x298 +- DirName:CN = x299 +- DirName:CN = x300 +- DirName:CN = x301 +- DirName:CN = x302 +- DirName:CN = x303 +- DirName:CN = x304 +- DirName:CN = x305 +- DirName:CN = x306 +- DirName:CN = x307 +- DirName:CN = x308 +- DirName:CN = x309 +- DirName:CN = x310 +- DirName:CN = x311 +- DirName:CN = x312 +- DirName:CN = x313 +- DirName:CN = x314 +- DirName:CN = x315 +- DirName:CN = x316 +- DirName:CN = x317 +- DirName:CN = x318 +- DirName:CN = x319 +- DirName:CN = x320 +- DirName:CN = x321 +- DirName:CN = x322 +- DirName:CN = x323 +- DirName:CN = x324 +- DirName:CN = x325 +- DirName:CN = x326 +- DirName:CN = x327 +- DirName:CN = x328 +- DirName:CN = x329 +- DirName:CN = x330 +- DirName:CN = x331 +- DirName:CN = x332 +- DirName:CN = x333 +- DirName:CN = x334 +- DirName:CN = x335 +- DirName:CN = x336 +- DirName:CN = x337 +- DirName:CN = x338 +- DirName:CN = x339 +- DirName:CN = x340 +- DirName:CN = x341 +- DirName:CN = x342 +- DirName:CN = x343 +- DirName:CN = x344 +- DirName:CN = x345 +- DirName:CN = x346 +- DirName:CN = x347 +- DirName:CN = x348 +- DirName:CN = x349 +- DirName:CN = x350 +- DirName:CN = x351 +- DirName:CN = x352 +- DirName:CN = x353 +- DirName:CN = x354 +- DirName:CN = x355 +- DirName:CN = x356 +- DirName:CN = x357 +- DirName:CN = x358 +- DirName:CN = x359 +- DirName:CN = x360 +- DirName:CN = x361 +- DirName:CN = x362 +- DirName:CN = x363 +- DirName:CN = x364 +- DirName:CN = x365 +- DirName:CN = x366 +- DirName:CN = x367 +- DirName:CN = x368 +- DirName:CN = x369 +- DirName:CN = x370 +- DirName:CN = x371 +- DirName:CN = x372 +- DirName:CN = x373 +- DirName:CN = x374 +- DirName:CN = x375 +- DirName:CN = x376 +- DirName:CN = x377 +- DirName:CN = x378 +- DirName:CN = x379 +- DirName:CN = x380 +- DirName:CN = x381 +- DirName:CN = x382 +- DirName:CN = x383 +- DirName:CN = x384 +- DirName:CN = x385 +- DirName:CN = x386 +- DirName:CN = x387 +- DirName:CN = x388 +- DirName:CN = x389 +- DirName:CN = x390 +- DirName:CN = x391 +- DirName:CN = x392 +- DirName:CN = x393 +- DirName:CN = x394 +- DirName:CN = x395 +- DirName:CN = x396 +- DirName:CN = x397 +- DirName:CN = x398 +- DirName:CN = x399 +- DirName:CN = x400 +- DirName:CN = x401 +- DirName:CN = x402 +- DirName:CN = x403 +- DirName:CN = x404 +- DirName:CN = x405 +- DirName:CN = x406 +- DirName:CN = x407 +- DirName:CN = x408 +- DirName:CN = x409 +- DirName:CN = x410 +- DirName:CN = x411 +- DirName:CN = x412 +- DirName:CN = x413 +- DirName:CN = x414 +- DirName:CN = x415 +- DirName:CN = x416 +- DirName:CN = x417 +- DirName:CN = x418 +- DirName:CN = x419 +- DirName:CN = x420 +- DirName:CN = x421 +- DirName:CN = x422 +- DirName:CN = x423 +- DirName:CN = x424 +- DirName:CN = x425 +- DirName:CN = x426 +- DirName:CN = x427 +- DirName:CN = x428 +- DirName:CN = x429 +- DirName:CN = x430 +- DirName:CN = x431 +- DirName:CN = x432 +- DirName:CN = x433 +- DirName:CN = x434 +- DirName:CN = x435 +- DirName:CN = x436 +- DirName:CN = x437 +- DirName:CN = x438 +- DirName:CN = x439 +- DirName:CN = x440 +- DirName:CN = x441 +- DirName:CN = x442 +- DirName:CN = x443 +- DirName:CN = x444 +- DirName:CN = x445 +- DirName:CN = x446 +- DirName:CN = x447 +- DirName:CN = x448 +- DirName:CN = x449 +- DirName:CN = x450 +- DirName:CN = x451 +- DirName:CN = x452 +- DirName:CN = x453 +- DirName:CN = x454 +- DirName:CN = x455 +- DirName:CN = x456 +- DirName:CN = x457 +- DirName:CN = x458 +- DirName:CN = x459 +- DirName:CN = x460 +- DirName:CN = x461 +- DirName:CN = x462 +- DirName:CN = x463 +- DirName:CN = x464 +- DirName:CN = x465 +- DirName:CN = x466 +- DirName:CN = x467 +- DirName:CN = x468 +- DirName:CN = x469 +- DirName:CN = x470 +- DirName:CN = x471 +- DirName:CN = x472 +- DirName:CN = x473 +- DirName:CN = x474 +- DirName:CN = x475 +- DirName:CN = x476 +- DirName:CN = x477 +- DirName:CN = x478 +- DirName:CN = x479 +- DirName:CN = x480 +- DirName:CN = x481 +- DirName:CN = x482 +- DirName:CN = x483 +- DirName:CN = x484 +- DirName:CN = x485 +- DirName:CN = x486 +- DirName:CN = x487 +- DirName:CN = x488 +- DirName:CN = x489 +- DirName:CN = x490 +- DirName:CN = x491 +- DirName:CN = x492 +- DirName:CN = x493 +- DirName:CN = x494 +- DirName:CN = x495 +- DirName:CN = x496 +- DirName:CN = x497 +- DirName:CN = x498 +- DirName:CN = x499 +- DirName:CN = x500 +- DirName:CN = x501 +- DirName:CN = x502 +- DirName:CN = x503 +- DirName:CN = x504 +- DirName:CN = x505 +- DirName:CN = x506 +- DirName:CN = x507 +- DirName:CN = x508 +- DirName:CN = x509 +- DirName:CN = x510 +- DirName:CN = x511 +- DirName:CN = x512 +- DirName:CN = x513 +- DirName:CN = x514 +- DirName:CN = x515 +- DirName:CN = x516 +- DirName:CN = x517 +- DirName:CN = x518 +- DirName:CN = x519 +- DirName:CN = x520 +- DirName:CN = x521 +- DirName:CN = x522 +- DirName:CN = x523 +- DirName:CN = x524 +- DirName:CN = x525 +- DirName:CN = x526 +- DirName:CN = x527 +- DirName:CN = x528 +- DirName:CN = x529 +- DirName:CN = x530 +- DirName:CN = x531 +- DirName:CN = x532 +- DirName:CN = x533 +- DirName:CN = x534 +- DirName:CN = x535 +- DirName:CN = x536 +- DirName:CN = x537 +- DirName:CN = x538 +- DirName:CN = x539 +- DirName:CN = x540 +- DirName:CN = x541 +- DirName:CN = x542 +- DirName:CN = x543 +- DirName:CN = x544 +- DirName:CN = x545 +- DirName:CN = x546 +- DirName:CN = x547 +- DirName:CN = x548 +- DirName:CN = x549 +- DirName:CN = x550 +- DirName:CN = x551 +- DirName:CN = x552 +- DirName:CN = x553 +- DirName:CN = x554 +- DirName:CN = x555 +- DirName:CN = x556 +- DirName:CN = x557 +- DirName:CN = x558 +- DirName:CN = x559 +- DirName:CN = x560 +- DirName:CN = x561 +- DirName:CN = x562 +- DirName:CN = x563 +- DirName:CN = x564 +- DirName:CN = x565 +- DirName:CN = x566 +- DirName:CN = x567 +- DirName:CN = x568 +- DirName:CN = x569 +- DirName:CN = x570 +- DirName:CN = x571 +- DirName:CN = x572 +- DirName:CN = x573 +- DirName:CN = x574 +- DirName:CN = x575 +- DirName:CN = x576 +- DirName:CN = x577 +- DirName:CN = x578 +- DirName:CN = x579 +- DirName:CN = x580 +- DirName:CN = x581 +- DirName:CN = x582 +- DirName:CN = x583 +- DirName:CN = x584 +- DirName:CN = x585 +- DirName:CN = x586 +- DirName:CN = x587 +- DirName:CN = x588 +- DirName:CN = x589 +- DirName:CN = x590 +- DirName:CN = x591 +- DirName:CN = x592 +- DirName:CN = x593 +- DirName:CN = x594 +- DirName:CN = x595 +- DirName:CN = x596 +- DirName:CN = x597 +- DirName:CN = x598 +- DirName:CN = x599 +- DirName:CN = x600 +- DirName:CN = x601 +- DirName:CN = x602 +- DirName:CN = x603 +- DirName:CN = x604 +- DirName:CN = x605 +- DirName:CN = x606 +- DirName:CN = x607 +- DirName:CN = x608 +- DirName:CN = x609 +- DirName:CN = x610 +- DirName:CN = x611 +- DirName:CN = x612 +- DirName:CN = x613 +- DirName:CN = x614 +- DirName:CN = x615 +- DirName:CN = x616 +- DirName:CN = x617 +- DirName:CN = x618 +- DirName:CN = x619 +- DirName:CN = x620 +- DirName:CN = x621 +- DirName:CN = x622 +- DirName:CN = x623 +- DirName:CN = x624 +- DirName:CN = x625 +- DirName:CN = x626 +- DirName:CN = x627 +- DirName:CN = x628 +- DirName:CN = x629 +- DirName:CN = x630 +- DirName:CN = x631 +- DirName:CN = x632 +- DirName:CN = x633 +- DirName:CN = x634 +- DirName:CN = x635 +- DirName:CN = x636 +- DirName:CN = x637 +- DirName:CN = x638 +- DirName:CN = x639 +- DirName:CN = x640 +- DirName:CN = x641 +- DirName:CN = x642 +- DirName:CN = x643 +- DirName:CN = x644 +- DirName:CN = x645 +- DirName:CN = x646 +- DirName:CN = x647 +- DirName:CN = x648 +- DirName:CN = x649 +- DirName:CN = x650 +- DirName:CN = x651 +- DirName:CN = x652 +- DirName:CN = x653 +- DirName:CN = x654 +- DirName:CN = x655 +- DirName:CN = x656 +- DirName:CN = x657 +- DirName:CN = x658 +- DirName:CN = x659 +- DirName:CN = x660 +- DirName:CN = x661 +- DirName:CN = x662 +- DirName:CN = x663 +- DirName:CN = x664 +- DirName:CN = x665 +- DirName:CN = x666 +- DirName:CN = x667 +- DirName:CN = x668 +- DirName:CN = x669 +- DirName:CN = x670 +- DirName:CN = x671 +- DirName:CN = x672 +- DirName:CN = x673 +- DirName:CN = x674 +- DirName:CN = x675 +- DirName:CN = x676 +- DirName:CN = x677 +- DirName:CN = x678 +- DirName:CN = x679 +- DirName:CN = x680 +- DirName:CN = x681 +- DirName:CN = x682 +- DirName:CN = x683 +- DirName:CN = x684 +- DirName:CN = x685 +- DirName:CN = x686 +- DirName:CN = x687 +- DirName:CN = x688 +- DirName:CN = x689 +- DirName:CN = x690 +- DirName:CN = x691 +- DirName:CN = x692 +- DirName:CN = x693 +- DirName:CN = x694 +- DirName:CN = x695 +- DirName:CN = x696 +- DirName:CN = x697 +- DirName:CN = x698 +- DirName:CN = x699 +- DirName:CN = x700 +- DirName:CN = x701 +- DirName:CN = x702 +- DirName:CN = x703 +- DirName:CN = x704 +- DirName:CN = x705 +- DirName:CN = x706 +- DirName:CN = x707 +- DirName:CN = x708 +- DirName:CN = x709 +- DirName:CN = x710 +- DirName:CN = x711 +- DirName:CN = x712 +- DirName:CN = x713 +- DirName:CN = x714 +- DirName:CN = x715 +- DirName:CN = x716 +- DirName:CN = x717 +- DirName:CN = x718 +- DirName:CN = x719 +- DirName:CN = x720 +- DirName:CN = x721 +- DirName:CN = x722 +- DirName:CN = x723 +- DirName:CN = x724 +- DirName:CN = x725 +- DirName:CN = x726 +- DirName:CN = x727 +- DirName:CN = x728 +- DirName:CN = x729 +- DirName:CN = x730 +- DirName:CN = x731 +- DirName:CN = x732 +- DirName:CN = x733 +- DirName:CN = x734 +- DirName:CN = x735 +- DirName:CN = x736 +- DirName:CN = x737 +- DirName:CN = x738 +- DirName:CN = x739 +- DirName:CN = x740 +- DirName:CN = x741 +- DirName:CN = x742 +- DirName:CN = x743 +- DirName:CN = x744 +- DirName:CN = x745 +- DirName:CN = x746 +- DirName:CN = x747 +- DirName:CN = x748 +- DirName:CN = x749 +- DirName:CN = x750 +- DirName:CN = x751 +- DirName:CN = x752 +- DirName:CN = x753 +- DirName:CN = x754 +- DirName:CN = x755 +- DirName:CN = x756 +- DirName:CN = x757 +- DirName:CN = x758 +- DirName:CN = x759 +- DirName:CN = x760 +- DirName:CN = x761 +- DirName:CN = x762 +- DirName:CN = x763 +- DirName:CN = x764 +- DirName:CN = x765 +- DirName:CN = x766 +- DirName:CN = x767 +- DirName:CN = x768 +- DirName:CN = x769 +- DirName:CN = x770 +- DirName:CN = x771 +- DirName:CN = x772 +- DirName:CN = x773 +- DirName:CN = x774 +- DirName:CN = x775 +- DirName:CN = x776 +- DirName:CN = x777 +- DirName:CN = x778 +- DirName:CN = x779 +- DirName:CN = x780 +- DirName:CN = x781 +- DirName:CN = x782 +- DirName:CN = x783 +- DirName:CN = x784 +- DirName:CN = x785 +- DirName:CN = x786 +- DirName:CN = x787 +- DirName:CN = x788 +- DirName:CN = x789 +- DirName:CN = x790 +- DirName:CN = x791 +- DirName:CN = x792 +- DirName:CN = x793 +- DirName:CN = x794 +- DirName:CN = x795 +- DirName:CN = x796 +- DirName:CN = x797 +- DirName:CN = x798 +- DirName:CN = x799 +- DirName:CN = x800 +- DirName:CN = x801 +- DirName:CN = x802 +- DirName:CN = x803 +- DirName:CN = x804 +- DirName:CN = x805 +- DirName:CN = x806 +- DirName:CN = x807 +- DirName:CN = x808 +- DirName:CN = x809 +- DirName:CN = x810 +- DirName:CN = x811 +- DirName:CN = x812 +- DirName:CN = x813 +- DirName:CN = x814 +- DirName:CN = x815 +- DirName:CN = x816 +- DirName:CN = x817 +- DirName:CN = x818 +- DirName:CN = x819 +- DirName:CN = x820 +- DirName:CN = x821 +- DirName:CN = x822 +- DirName:CN = x823 +- DirName:CN = x824 +- DirName:CN = x825 +- DirName:CN = x826 +- DirName:CN = x827 +- DirName:CN = x828 +- DirName:CN = x829 +- DirName:CN = x830 +- DirName:CN = x831 +- DirName:CN = x832 +- DirName:CN = x833 +- DirName:CN = x834 +- DirName:CN = x835 +- DirName:CN = x836 +- DirName:CN = x837 +- DirName:CN = x838 +- DirName:CN = x839 +- DirName:CN = x840 +- DirName:CN = x841 +- DirName:CN = x842 +- DirName:CN = x843 +- DirName:CN = x844 +- DirName:CN = x845 +- DirName:CN = x846 +- DirName:CN = x847 +- DirName:CN = x848 +- DirName:CN = x849 +- DirName:CN = x850 +- DirName:CN = x851 +- DirName:CN = x852 +- DirName:CN = x853 +- DirName:CN = x854 +- DirName:CN = x855 +- DirName:CN = x856 +- DirName:CN = x857 +- DirName:CN = x858 +- DirName:CN = x859 +- DirName:CN = x860 +- DirName:CN = x861 +- DirName:CN = x862 +- DirName:CN = x863 +- DirName:CN = x864 +- DirName:CN = x865 +- DirName:CN = x866 +- DirName:CN = x867 +- DirName:CN = x868 +- DirName:CN = x869 +- DirName:CN = x870 +- DirName:CN = x871 +- DirName:CN = x872 +- DirName:CN = x873 +- DirName:CN = x874 +- DirName:CN = x875 +- DirName:CN = x876 +- DirName:CN = x877 +- DirName:CN = x878 +- DirName:CN = x879 +- DirName:CN = x880 +- DirName:CN = x881 +- DirName:CN = x882 +- DirName:CN = x883 +- DirName:CN = x884 +- DirName:CN = x885 +- DirName:CN = x886 +- DirName:CN = x887 +- DirName:CN = x888 +- DirName:CN = x889 +- DirName:CN = x890 +- DirName:CN = x891 +- DirName:CN = x892 +- DirName:CN = x893 +- DirName:CN = x894 +- DirName:CN = x895 +- DirName:CN = x896 +- DirName:CN = x897 +- DirName:CN = x898 +- DirName:CN = x899 +- DirName:CN = x900 +- DirName:CN = x901 +- DirName:CN = x902 +- DirName:CN = x903 +- DirName:CN = x904 +- DirName:CN = x905 +- DirName:CN = x906 +- DirName:CN = x907 +- DirName:CN = x908 +- DirName:CN = x909 +- DirName:CN = x910 +- DirName:CN = x911 +- DirName:CN = x912 +- DirName:CN = x913 +- DirName:CN = x914 +- DirName:CN = x915 +- DirName:CN = x916 +- DirName:CN = x917 +- DirName:CN = x918 +- DirName:CN = x919 +- DirName:CN = x920 +- DirName:CN = x921 +- DirName:CN = x922 +- DirName:CN = x923 +- DirName:CN = x924 +- DirName:CN = x925 +- DirName:CN = x926 +- DirName:CN = x927 +- DirName:CN = x928 +- DirName:CN = x929 +- DirName:CN = x930 +- DirName:CN = x931 +- DirName:CN = x932 +- DirName:CN = x933 +- DirName:CN = x934 +- DirName:CN = x935 +- DirName:CN = x936 +- DirName:CN = x937 +- DirName:CN = x938 +- DirName:CN = x939 +- DirName:CN = x940 +- DirName:CN = x941 +- DirName:CN = x942 +- DirName:CN = x943 +- DirName:CN = x944 +- DirName:CN = x945 +- DirName:CN = x946 +- DirName:CN = x947 +- DirName:CN = x948 +- DirName:CN = x949 +- DirName:CN = x950 +- DirName:CN = x951 +- DirName:CN = x952 +- DirName:CN = x953 +- DirName:CN = x954 +- DirName:CN = x955 +- DirName:CN = x956 +- DirName:CN = x957 +- DirName:CN = x958 +- DirName:CN = x959 +- DirName:CN = x960 +- DirName:CN = x961 +- DirName:CN = x962 +- DirName:CN = x963 +- DirName:CN = x964 +- DirName:CN = x965 +- DirName:CN = x966 +- DirName:CN = x967 +- DirName:CN = x968 +- DirName:CN = x969 +- DirName:CN = x970 +- DirName:CN = x971 +- DirName:CN = x972 +- DirName:CN = x973 +- DirName:CN = x974 +- DirName:CN = x975 +- DirName:CN = x976 +- DirName:CN = x977 +- DirName:CN = x978 +- DirName:CN = x979 +- DirName:CN = x980 +- DirName:CN = x981 +- DirName:CN = x982 +- DirName:CN = x983 +- DirName:CN = x984 +- DirName:CN = x985 +- DirName:CN = x986 +- DirName:CN = x987 +- DirName:CN = x988 +- DirName:CN = x989 +- DirName:CN = x990 +- DirName:CN = x991 +- DirName:CN = x992 +- DirName:CN = x993 +- DirName:CN = x994 +- DirName:CN = x995 +- DirName:CN = x996 +- DirName:CN = x997 +- DirName:CN = x998 +- DirName:CN = x999 +- DirName:CN = x1000 +- DirName:CN = x1001 +- DirName:CN = x1002 +- DirName:CN = x1003 +- DirName:CN = x1004 +- DirName:CN = x1005 +- DirName:CN = x1006 +- DirName:CN = x1007 +- DirName:CN = x1008 +- DirName:CN = x1009 +- DirName:CN = x1010 +- DirName:CN = x1011 +- DirName:CN = x1012 +- DirName:CN = x1013 +- DirName:CN = x1014 +- DirName:CN = x1015 +- DirName:CN = x1016 +- DirName:CN = x1017 +- DirName:CN = x1018 +- DirName:CN = x1019 +- DirName:CN = x1020 +- DirName:CN = x1021 +- DirName:CN = x1022 +- DirName:CN = x1023 +- DirName:CN = x1024 +- URI:http://xest/0 +- URI:http://xest/1 +- URI:http://xest/2 +- URI:http://xest/3 +- URI:http://xest/4 +- URI:http://xest/5 +- URI:http://xest/6 +- URI:http://xest/7 +- URI:http://xest/8 +- URI:http://xest/9 +- URI:http://xest/10 +- URI:http://xest/11 +- URI:http://xest/12 +- URI:http://xest/13 +- URI:http://xest/14 +- URI:http://xest/15 +- URI:http://xest/16 +- URI:http://xest/17 +- URI:http://xest/18 +- URI:http://xest/19 +- URI:http://xest/20 +- URI:http://xest/21 +- URI:http://xest/22 +- URI:http://xest/23 +- URI:http://xest/24 +- URI:http://xest/25 +- URI:http://xest/26 +- URI:http://xest/27 +- URI:http://xest/28 +- URI:http://xest/29 +- URI:http://xest/30 +- URI:http://xest/31 +- URI:http://xest/32 +- URI:http://xest/33 +- URI:http://xest/34 +- URI:http://xest/35 +- URI:http://xest/36 +- URI:http://xest/37 +- URI:http://xest/38 +- URI:http://xest/39 +- URI:http://xest/40 +- URI:http://xest/41 +- URI:http://xest/42 +- URI:http://xest/43 +- URI:http://xest/44 +- URI:http://xest/45 +- URI:http://xest/46 +- URI:http://xest/47 +- URI:http://xest/48 +- URI:http://xest/49 +- URI:http://xest/50 +- URI:http://xest/51 +- URI:http://xest/52 +- URI:http://xest/53 +- URI:http://xest/54 +- URI:http://xest/55 +- URI:http://xest/56 +- URI:http://xest/57 +- URI:http://xest/58 +- URI:http://xest/59 +- URI:http://xest/60 +- URI:http://xest/61 +- URI:http://xest/62 +- URI:http://xest/63 +- URI:http://xest/64 +- URI:http://xest/65 +- URI:http://xest/66 +- URI:http://xest/67 +- URI:http://xest/68 +- URI:http://xest/69 +- URI:http://xest/70 +- URI:http://xest/71 +- URI:http://xest/72 +- URI:http://xest/73 +- URI:http://xest/74 +- URI:http://xest/75 +- URI:http://xest/76 +- URI:http://xest/77 +- URI:http://xest/78 +- URI:http://xest/79 +- URI:http://xest/80 +- URI:http://xest/81 +- URI:http://xest/82 +- URI:http://xest/83 +- URI:http://xest/84 +- URI:http://xest/85 +- URI:http://xest/86 +- URI:http://xest/87 +- URI:http://xest/88 +- URI:http://xest/89 +- URI:http://xest/90 +- URI:http://xest/91 +- URI:http://xest/92 +- URI:http://xest/93 +- URI:http://xest/94 +- URI:http://xest/95 +- URI:http://xest/96 +- URI:http://xest/97 +- URI:http://xest/98 +- URI:http://xest/99 +- URI:http://xest/100 +- URI:http://xest/101 +- URI:http://xest/102 +- URI:http://xest/103 +- URI:http://xest/104 +- URI:http://xest/105 +- URI:http://xest/106 +- URI:http://xest/107 +- URI:http://xest/108 +- URI:http://xest/109 +- URI:http://xest/110 +- URI:http://xest/111 +- URI:http://xest/112 +- URI:http://xest/113 +- URI:http://xest/114 +- URI:http://xest/115 +- URI:http://xest/116 +- URI:http://xest/117 +- URI:http://xest/118 +- URI:http://xest/119 +- URI:http://xest/120 +- URI:http://xest/121 +- URI:http://xest/122 +- URI:http://xest/123 +- URI:http://xest/124 +- URI:http://xest/125 +- URI:http://xest/126 +- URI:http://xest/127 +- URI:http://xest/128 +- URI:http://xest/129 +- URI:http://xest/130 +- URI:http://xest/131 +- URI:http://xest/132 +- URI:http://xest/133 +- URI:http://xest/134 +- URI:http://xest/135 +- URI:http://xest/136 +- URI:http://xest/137 +- URI:http://xest/138 +- URI:http://xest/139 +- URI:http://xest/140 +- URI:http://xest/141 +- URI:http://xest/142 +- URI:http://xest/143 +- URI:http://xest/144 +- URI:http://xest/145 +- URI:http://xest/146 +- URI:http://xest/147 +- URI:http://xest/148 +- URI:http://xest/149 +- URI:http://xest/150 +- URI:http://xest/151 +- URI:http://xest/152 +- URI:http://xest/153 +- URI:http://xest/154 +- URI:http://xest/155 +- URI:http://xest/156 +- URI:http://xest/157 +- URI:http://xest/158 +- URI:http://xest/159 +- URI:http://xest/160 +- URI:http://xest/161 +- URI:http://xest/162 +- URI:http://xest/163 +- URI:http://xest/164 +- URI:http://xest/165 +- URI:http://xest/166 +- URI:http://xest/167 +- URI:http://xest/168 +- URI:http://xest/169 +- URI:http://xest/170 +- URI:http://xest/171 +- URI:http://xest/172 +- URI:http://xest/173 +- URI:http://xest/174 +- URI:http://xest/175 +- URI:http://xest/176 +- URI:http://xest/177 +- URI:http://xest/178 +- URI:http://xest/179 +- URI:http://xest/180 +- URI:http://xest/181 +- URI:http://xest/182 +- URI:http://xest/183 +- URI:http://xest/184 +- URI:http://xest/185 +- URI:http://xest/186 +- URI:http://xest/187 +- URI:http://xest/188 +- URI:http://xest/189 +- URI:http://xest/190 +- URI:http://xest/191 +- URI:http://xest/192 +- URI:http://xest/193 +- URI:http://xest/194 +- URI:http://xest/195 +- URI:http://xest/196 +- URI:http://xest/197 +- URI:http://xest/198 +- URI:http://xest/199 +- URI:http://xest/200 +- URI:http://xest/201 +- URI:http://xest/202 +- URI:http://xest/203 +- URI:http://xest/204 +- URI:http://xest/205 +- URI:http://xest/206 +- URI:http://xest/207 +- URI:http://xest/208 +- URI:http://xest/209 +- URI:http://xest/210 +- URI:http://xest/211 +- URI:http://xest/212 +- URI:http://xest/213 +- URI:http://xest/214 +- URI:http://xest/215 +- URI:http://xest/216 +- URI:http://xest/217 +- URI:http://xest/218 +- URI:http://xest/219 +- URI:http://xest/220 +- URI:http://xest/221 +- URI:http://xest/222 +- URI:http://xest/223 +- URI:http://xest/224 +- URI:http://xest/225 +- URI:http://xest/226 +- URI:http://xest/227 +- URI:http://xest/228 +- URI:http://xest/229 +- URI:http://xest/230 +- URI:http://xest/231 +- URI:http://xest/232 +- URI:http://xest/233 +- URI:http://xest/234 +- URI:http://xest/235 +- URI:http://xest/236 +- URI:http://xest/237 +- URI:http://xest/238 +- URI:http://xest/239 +- URI:http://xest/240 +- URI:http://xest/241 +- URI:http://xest/242 +- URI:http://xest/243 +- URI:http://xest/244 +- URI:http://xest/245 +- URI:http://xest/246 +- URI:http://xest/247 +- URI:http://xest/248 +- URI:http://xest/249 +- URI:http://xest/250 +- URI:http://xest/251 +- URI:http://xest/252 +- URI:http://xest/253 +- URI:http://xest/254 +- URI:http://xest/255 +- URI:http://xest/256 +- URI:http://xest/257 +- URI:http://xest/258 +- URI:http://xest/259 +- URI:http://xest/260 +- URI:http://xest/261 +- URI:http://xest/262 +- URI:http://xest/263 +- URI:http://xest/264 +- URI:http://xest/265 +- URI:http://xest/266 +- URI:http://xest/267 +- URI:http://xest/268 +- URI:http://xest/269 +- URI:http://xest/270 +- URI:http://xest/271 +- URI:http://xest/272 +- URI:http://xest/273 +- URI:http://xest/274 +- URI:http://xest/275 +- URI:http://xest/276 +- URI:http://xest/277 +- URI:http://xest/278 +- URI:http://xest/279 +- URI:http://xest/280 +- URI:http://xest/281 +- URI:http://xest/282 +- URI:http://xest/283 +- URI:http://xest/284 +- URI:http://xest/285 +- URI:http://xest/286 +- URI:http://xest/287 +- URI:http://xest/288 +- URI:http://xest/289 +- URI:http://xest/290 +- URI:http://xest/291 +- URI:http://xest/292 +- URI:http://xest/293 +- URI:http://xest/294 +- URI:http://xest/295 +- URI:http://xest/296 +- URI:http://xest/297 +- URI:http://xest/298 +- URI:http://xest/299 +- URI:http://xest/300 +- URI:http://xest/301 +- URI:http://xest/302 +- URI:http://xest/303 +- URI:http://xest/304 +- URI:http://xest/305 +- URI:http://xest/306 +- URI:http://xest/307 +- URI:http://xest/308 +- URI:http://xest/309 +- URI:http://xest/310 +- URI:http://xest/311 +- URI:http://xest/312 +- URI:http://xest/313 +- URI:http://xest/314 +- URI:http://xest/315 +- URI:http://xest/316 +- URI:http://xest/317 +- URI:http://xest/318 +- URI:http://xest/319 +- URI:http://xest/320 +- URI:http://xest/321 +- URI:http://xest/322 +- URI:http://xest/323 +- URI:http://xest/324 +- URI:http://xest/325 +- URI:http://xest/326 +- URI:http://xest/327 +- URI:http://xest/328 +- URI:http://xest/329 +- URI:http://xest/330 +- URI:http://xest/331 +- URI:http://xest/332 +- URI:http://xest/333 +- URI:http://xest/334 +- URI:http://xest/335 +- URI:http://xest/336 +- URI:http://xest/337 +- URI:http://xest/338 +- URI:http://xest/339 +- URI:http://xest/340 +- URI:http://xest/341 +- URI:http://xest/342 +- URI:http://xest/343 +- URI:http://xest/344 +- URI:http://xest/345 +- URI:http://xest/346 +- URI:http://xest/347 +- URI:http://xest/348 +- URI:http://xest/349 +- URI:http://xest/350 +- URI:http://xest/351 +- URI:http://xest/352 +- URI:http://xest/353 +- URI:http://xest/354 +- URI:http://xest/355 +- URI:http://xest/356 +- URI:http://xest/357 +- URI:http://xest/358 +- URI:http://xest/359 +- URI:http://xest/360 +- URI:http://xest/361 +- URI:http://xest/362 +- URI:http://xest/363 +- URI:http://xest/364 +- URI:http://xest/365 +- URI:http://xest/366 +- URI:http://xest/367 +- URI:http://xest/368 +- URI:http://xest/369 +- URI:http://xest/370 +- URI:http://xest/371 +- URI:http://xest/372 +- URI:http://xest/373 +- URI:http://xest/374 +- URI:http://xest/375 +- URI:http://xest/376 +- URI:http://xest/377 +- URI:http://xest/378 +- URI:http://xest/379 +- URI:http://xest/380 +- URI:http://xest/381 +- URI:http://xest/382 +- URI:http://xest/383 +- URI:http://xest/384 +- URI:http://xest/385 +- URI:http://xest/386 +- URI:http://xest/387 +- URI:http://xest/388 +- URI:http://xest/389 +- URI:http://xest/390 +- URI:http://xest/391 +- URI:http://xest/392 +- URI:http://xest/393 +- URI:http://xest/394 +- URI:http://xest/395 +- URI:http://xest/396 +- URI:http://xest/397 +- URI:http://xest/398 +- URI:http://xest/399 +- URI:http://xest/400 +- URI:http://xest/401 +- URI:http://xest/402 +- URI:http://xest/403 +- URI:http://xest/404 +- URI:http://xest/405 +- URI:http://xest/406 +- URI:http://xest/407 +- URI:http://xest/408 +- URI:http://xest/409 +- URI:http://xest/410 +- URI:http://xest/411 +- URI:http://xest/412 +- URI:http://xest/413 +- URI:http://xest/414 +- URI:http://xest/415 +- URI:http://xest/416 +- URI:http://xest/417 +- URI:http://xest/418 +- URI:http://xest/419 +- URI:http://xest/420 +- URI:http://xest/421 +- URI:http://xest/422 +- URI:http://xest/423 +- URI:http://xest/424 +- URI:http://xest/425 +- URI:http://xest/426 +- URI:http://xest/427 +- URI:http://xest/428 +- URI:http://xest/429 +- URI:http://xest/430 +- URI:http://xest/431 +- URI:http://xest/432 +- URI:http://xest/433 +- URI:http://xest/434 +- URI:http://xest/435 +- URI:http://xest/436 +- URI:http://xest/437 +- URI:http://xest/438 +- URI:http://xest/439 +- URI:http://xest/440 +- URI:http://xest/441 +- URI:http://xest/442 +- URI:http://xest/443 +- URI:http://xest/444 +- URI:http://xest/445 +- URI:http://xest/446 +- URI:http://xest/447 +- URI:http://xest/448 +- URI:http://xest/449 +- URI:http://xest/450 +- URI:http://xest/451 +- URI:http://xest/452 +- URI:http://xest/453 +- URI:http://xest/454 +- URI:http://xest/455 +- URI:http://xest/456 +- URI:http://xest/457 +- URI:http://xest/458 +- URI:http://xest/459 +- URI:http://xest/460 +- URI:http://xest/461 +- URI:http://xest/462 +- URI:http://xest/463 +- URI:http://xest/464 +- URI:http://xest/465 +- URI:http://xest/466 +- URI:http://xest/467 +- URI:http://xest/468 +- URI:http://xest/469 +- URI:http://xest/470 +- URI:http://xest/471 +- URI:http://xest/472 +- URI:http://xest/473 +- URI:http://xest/474 +- URI:http://xest/475 +- URI:http://xest/476 +- URI:http://xest/477 +- URI:http://xest/478 +- URI:http://xest/479 +- URI:http://xest/480 +- URI:http://xest/481 +- URI:http://xest/482 +- URI:http://xest/483 +- URI:http://xest/484 +- URI:http://xest/485 +- URI:http://xest/486 +- URI:http://xest/487 +- URI:http://xest/488 +- URI:http://xest/489 +- URI:http://xest/490 +- URI:http://xest/491 +- URI:http://xest/492 +- URI:http://xest/493 +- URI:http://xest/494 +- URI:http://xest/495 +- URI:http://xest/496 +- URI:http://xest/497 +- URI:http://xest/498 +- URI:http://xest/499 +- URI:http://xest/500 +- URI:http://xest/501 +- URI:http://xest/502 +- URI:http://xest/503 +- URI:http://xest/504 +- URI:http://xest/505 +- URI:http://xest/506 +- URI:http://xest/507 +- URI:http://xest/508 +- URI:http://xest/509 +- URI:http://xest/510 +- URI:http://xest/511 +- URI:http://xest/512 +- URI:http://xest/513 +- URI:http://xest/514 +- URI:http://xest/515 +- URI:http://xest/516 +- URI:http://xest/517 +- URI:http://xest/518 +- URI:http://xest/519 +- URI:http://xest/520 +- URI:http://xest/521 +- URI:http://xest/522 +- URI:http://xest/523 +- URI:http://xest/524 +- URI:http://xest/525 +- URI:http://xest/526 +- URI:http://xest/527 +- URI:http://xest/528 +- URI:http://xest/529 +- URI:http://xest/530 +- URI:http://xest/531 +- URI:http://xest/532 +- URI:http://xest/533 +- URI:http://xest/534 +- URI:http://xest/535 +- URI:http://xest/536 +- URI:http://xest/537 +- URI:http://xest/538 +- URI:http://xest/539 +- URI:http://xest/540 +- URI:http://xest/541 +- URI:http://xest/542 +- URI:http://xest/543 +- URI:http://xest/544 +- URI:http://xest/545 +- URI:http://xest/546 +- URI:http://xest/547 +- URI:http://xest/548 +- URI:http://xest/549 +- URI:http://xest/550 +- URI:http://xest/551 +- URI:http://xest/552 +- URI:http://xest/553 +- URI:http://xest/554 +- URI:http://xest/555 +- URI:http://xest/556 +- URI:http://xest/557 +- URI:http://xest/558 +- URI:http://xest/559 +- URI:http://xest/560 +- URI:http://xest/561 +- URI:http://xest/562 +- URI:http://xest/563 +- URI:http://xest/564 +- URI:http://xest/565 +- URI:http://xest/566 +- URI:http://xest/567 +- URI:http://xest/568 +- URI:http://xest/569 +- URI:http://xest/570 +- URI:http://xest/571 +- URI:http://xest/572 +- URI:http://xest/573 +- URI:http://xest/574 +- URI:http://xest/575 +- URI:http://xest/576 +- URI:http://xest/577 +- URI:http://xest/578 +- URI:http://xest/579 +- URI:http://xest/580 +- URI:http://xest/581 +- URI:http://xest/582 +- URI:http://xest/583 +- URI:http://xest/584 +- URI:http://xest/585 +- URI:http://xest/586 +- URI:http://xest/587 +- URI:http://xest/588 +- URI:http://xest/589 +- URI:http://xest/590 +- URI:http://xest/591 +- URI:http://xest/592 +- URI:http://xest/593 +- URI:http://xest/594 +- URI:http://xest/595 +- URI:http://xest/596 +- URI:http://xest/597 +- URI:http://xest/598 +- URI:http://xest/599 +- URI:http://xest/600 +- URI:http://xest/601 +- URI:http://xest/602 +- URI:http://xest/603 +- URI:http://xest/604 +- URI:http://xest/605 +- URI:http://xest/606 +- URI:http://xest/607 +- URI:http://xest/608 +- URI:http://xest/609 +- URI:http://xest/610 +- URI:http://xest/611 +- URI:http://xest/612 +- URI:http://xest/613 +- URI:http://xest/614 +- URI:http://xest/615 +- URI:http://xest/616 +- URI:http://xest/617 +- URI:http://xest/618 +- URI:http://xest/619 +- URI:http://xest/620 +- URI:http://xest/621 +- URI:http://xest/622 +- URI:http://xest/623 +- URI:http://xest/624 +- URI:http://xest/625 +- URI:http://xest/626 +- URI:http://xest/627 +- URI:http://xest/628 +- URI:http://xest/629 +- URI:http://xest/630 +- URI:http://xest/631 +- URI:http://xest/632 +- URI:http://xest/633 +- URI:http://xest/634 +- URI:http://xest/635 +- URI:http://xest/636 +- URI:http://xest/637 +- URI:http://xest/638 +- URI:http://xest/639 +- URI:http://xest/640 +- URI:http://xest/641 +- URI:http://xest/642 +- URI:http://xest/643 +- URI:http://xest/644 +- URI:http://xest/645 +- URI:http://xest/646 +- URI:http://xest/647 +- URI:http://xest/648 +- URI:http://xest/649 +- URI:http://xest/650 +- URI:http://xest/651 +- URI:http://xest/652 +- URI:http://xest/653 +- URI:http://xest/654 +- URI:http://xest/655 +- URI:http://xest/656 +- URI:http://xest/657 +- URI:http://xest/658 +- URI:http://xest/659 +- URI:http://xest/660 +- URI:http://xest/661 +- URI:http://xest/662 +- URI:http://xest/663 +- URI:http://xest/664 +- URI:http://xest/665 +- URI:http://xest/666 +- URI:http://xest/667 +- URI:http://xest/668 +- URI:http://xest/669 +- URI:http://xest/670 +- URI:http://xest/671 +- URI:http://xest/672 +- URI:http://xest/673 +- URI:http://xest/674 +- URI:http://xest/675 +- URI:http://xest/676 +- URI:http://xest/677 +- URI:http://xest/678 +- URI:http://xest/679 +- URI:http://xest/680 +- URI:http://xest/681 +- URI:http://xest/682 +- URI:http://xest/683 +- URI:http://xest/684 +- URI:http://xest/685 +- URI:http://xest/686 +- URI:http://xest/687 +- URI:http://xest/688 +- URI:http://xest/689 +- URI:http://xest/690 +- URI:http://xest/691 +- URI:http://xest/692 +- URI:http://xest/693 +- URI:http://xest/694 +- URI:http://xest/695 +- URI:http://xest/696 +- URI:http://xest/697 +- URI:http://xest/698 +- URI:http://xest/699 +- URI:http://xest/700 +- URI:http://xest/701 +- URI:http://xest/702 +- URI:http://xest/703 +- URI:http://xest/704 +- URI:http://xest/705 +- URI:http://xest/706 +- URI:http://xest/707 +- URI:http://xest/708 +- URI:http://xest/709 +- URI:http://xest/710 +- URI:http://xest/711 +- URI:http://xest/712 +- URI:http://xest/713 +- URI:http://xest/714 +- URI:http://xest/715 +- URI:http://xest/716 +- URI:http://xest/717 +- URI:http://xest/718 +- URI:http://xest/719 +- URI:http://xest/720 +- URI:http://xest/721 +- URI:http://xest/722 +- URI:http://xest/723 +- URI:http://xest/724 +- URI:http://xest/725 +- URI:http://xest/726 +- URI:http://xest/727 +- URI:http://xest/728 +- URI:http://xest/729 +- URI:http://xest/730 +- URI:http://xest/731 +- URI:http://xest/732 +- URI:http://xest/733 +- URI:http://xest/734 +- URI:http://xest/735 +- URI:http://xest/736 +- URI:http://xest/737 +- URI:http://xest/738 +- URI:http://xest/739 +- URI:http://xest/740 +- URI:http://xest/741 +- URI:http://xest/742 +- URI:http://xest/743 +- URI:http://xest/744 +- URI:http://xest/745 +- URI:http://xest/746 +- URI:http://xest/747 +- URI:http://xest/748 +- URI:http://xest/749 +- URI:http://xest/750 +- URI:http://xest/751 +- URI:http://xest/752 +- URI:http://xest/753 +- URI:http://xest/754 +- URI:http://xest/755 +- URI:http://xest/756 +- URI:http://xest/757 +- URI:http://xest/758 +- URI:http://xest/759 +- URI:http://xest/760 +- URI:http://xest/761 +- URI:http://xest/762 +- URI:http://xest/763 +- URI:http://xest/764 +- URI:http://xest/765 +- URI:http://xest/766 +- URI:http://xest/767 +- URI:http://xest/768 +- URI:http://xest/769 +- URI:http://xest/770 +- URI:http://xest/771 +- URI:http://xest/772 +- URI:http://xest/773 +- URI:http://xest/774 +- URI:http://xest/775 +- URI:http://xest/776 +- URI:http://xest/777 +- URI:http://xest/778 +- URI:http://xest/779 +- URI:http://xest/780 +- URI:http://xest/781 +- URI:http://xest/782 +- URI:http://xest/783 +- URI:http://xest/784 +- URI:http://xest/785 +- URI:http://xest/786 +- URI:http://xest/787 +- URI:http://xest/788 +- URI:http://xest/789 +- URI:http://xest/790 +- URI:http://xest/791 +- URI:http://xest/792 +- URI:http://xest/793 +- URI:http://xest/794 +- URI:http://xest/795 +- URI:http://xest/796 +- URI:http://xest/797 +- URI:http://xest/798 +- URI:http://xest/799 +- URI:http://xest/800 +- URI:http://xest/801 +- URI:http://xest/802 +- URI:http://xest/803 +- URI:http://xest/804 +- URI:http://xest/805 +- URI:http://xest/806 +- URI:http://xest/807 +- URI:http://xest/808 +- URI:http://xest/809 +- URI:http://xest/810 +- URI:http://xest/811 +- URI:http://xest/812 +- URI:http://xest/813 +- URI:http://xest/814 +- URI:http://xest/815 +- URI:http://xest/816 +- URI:http://xest/817 +- URI:http://xest/818 +- URI:http://xest/819 +- URI:http://xest/820 +- URI:http://xest/821 +- URI:http://xest/822 +- URI:http://xest/823 +- URI:http://xest/824 +- URI:http://xest/825 +- URI:http://xest/826 +- URI:http://xest/827 +- URI:http://xest/828 +- URI:http://xest/829 +- URI:http://xest/830 +- URI:http://xest/831 +- URI:http://xest/832 +- URI:http://xest/833 +- URI:http://xest/834 +- URI:http://xest/835 +- URI:http://xest/836 +- URI:http://xest/837 +- URI:http://xest/838 +- URI:http://xest/839 +- URI:http://xest/840 +- URI:http://xest/841 +- URI:http://xest/842 +- URI:http://xest/843 +- URI:http://xest/844 +- URI:http://xest/845 +- URI:http://xest/846 +- URI:http://xest/847 +- URI:http://xest/848 +- URI:http://xest/849 +- URI:http://xest/850 +- URI:http://xest/851 +- URI:http://xest/852 +- URI:http://xest/853 +- URI:http://xest/854 +- URI:http://xest/855 +- URI:http://xest/856 +- URI:http://xest/857 +- URI:http://xest/858 +- URI:http://xest/859 +- URI:http://xest/860 +- URI:http://xest/861 +- URI:http://xest/862 +- URI:http://xest/863 +- URI:http://xest/864 +- URI:http://xest/865 +- URI:http://xest/866 +- URI:http://xest/867 +- URI:http://xest/868 +- URI:http://xest/869 +- URI:http://xest/870 +- URI:http://xest/871 +- URI:http://xest/872 +- URI:http://xest/873 +- URI:http://xest/874 +- URI:http://xest/875 +- URI:http://xest/876 +- URI:http://xest/877 +- URI:http://xest/878 +- URI:http://xest/879 +- URI:http://xest/880 +- URI:http://xest/881 +- URI:http://xest/882 +- URI:http://xest/883 +- URI:http://xest/884 +- URI:http://xest/885 +- URI:http://xest/886 +- URI:http://xest/887 +- URI:http://xest/888 +- URI:http://xest/889 +- URI:http://xest/890 +- URI:http://xest/891 +- URI:http://xest/892 +- URI:http://xest/893 +- URI:http://xest/894 +- URI:http://xest/895 +- URI:http://xest/896 +- URI:http://xest/897 +- URI:http://xest/898 +- URI:http://xest/899 +- URI:http://xest/900 +- URI:http://xest/901 +- URI:http://xest/902 +- URI:http://xest/903 +- URI:http://xest/904 +- URI:http://xest/905 +- URI:http://xest/906 +- URI:http://xest/907 +- URI:http://xest/908 +- URI:http://xest/909 +- URI:http://xest/910 +- URI:http://xest/911 +- URI:http://xest/912 +- URI:http://xest/913 +- URI:http://xest/914 +- URI:http://xest/915 +- URI:http://xest/916 +- URI:http://xest/917 +- URI:http://xest/918 +- URI:http://xest/919 +- URI:http://xest/920 +- URI:http://xest/921 +- URI:http://xest/922 +- URI:http://xest/923 +- URI:http://xest/924 +- URI:http://xest/925 +- URI:http://xest/926 +- URI:http://xest/927 +- URI:http://xest/928 +- URI:http://xest/929 +- URI:http://xest/930 +- URI:http://xest/931 +- URI:http://xest/932 +- URI:http://xest/933 +- URI:http://xest/934 +- URI:http://xest/935 +- URI:http://xest/936 +- URI:http://xest/937 +- URI:http://xest/938 +- URI:http://xest/939 +- URI:http://xest/940 +- URI:http://xest/941 +- URI:http://xest/942 +- URI:http://xest/943 +- URI:http://xest/944 +- URI:http://xest/945 +- URI:http://xest/946 +- URI:http://xest/947 +- URI:http://xest/948 +- URI:http://xest/949 +- URI:http://xest/950 +- URI:http://xest/951 +- URI:http://xest/952 +- URI:http://xest/953 +- URI:http://xest/954 +- URI:http://xest/955 +- URI:http://xest/956 +- URI:http://xest/957 +- URI:http://xest/958 +- URI:http://xest/959 +- URI:http://xest/960 +- URI:http://xest/961 +- URI:http://xest/962 +- URI:http://xest/963 +- URI:http://xest/964 +- URI:http://xest/965 +- URI:http://xest/966 +- URI:http://xest/967 +- URI:http://xest/968 +- URI:http://xest/969 +- URI:http://xest/970 +- URI:http://xest/971 +- URI:http://xest/972 +- URI:http://xest/973 +- URI:http://xest/974 +- URI:http://xest/975 +- URI:http://xest/976 +- URI:http://xest/977 +- URI:http://xest/978 +- URI:http://xest/979 +- URI:http://xest/980 +- URI:http://xest/981 +- URI:http://xest/982 +- URI:http://xest/983 +- URI:http://xest/984 +- URI:http://xest/985 +- URI:http://xest/986 +- URI:http://xest/987 +- URI:http://xest/988 +- URI:http://xest/989 +- URI:http://xest/990 +- URI:http://xest/991 +- URI:http://xest/992 +- URI:http://xest/993 +- URI:http://xest/994 +- URI:http://xest/995 +- URI:http://xest/996 +- URI:http://xest/997 +- URI:http://xest/998 +- URI:http://xest/999 +- URI:http://xest/1000 +- URI:http://xest/1001 +- URI:http://xest/1002 +- URI:http://xest/1003 +- URI:http://xest/1004 +- URI:http://xest/1005 +- URI:http://xest/1006 +- URI:http://xest/1007 +- URI:http://xest/1008 +- URI:http://xest/1009 +- URI:http://xest/1010 +- URI:http://xest/1011 +- URI:http://xest/1012 +- URI:http://xest/1013 +- URI:http://xest/1014 +- URI:http://xest/1015 +- URI:http://xest/1016 +- URI:http://xest/1017 +- URI:http://xest/1018 +- URI:http://xest/1019 +- URI:http://xest/1020 +- URI:http://xest/1021 +- URI:http://xest/1022 +- URI:http://xest/1023 +- URI:http://xest/1024 +- +- Signature Algorithm: sha256WithRSAEncryption +- 0e:14:4c:09:0c:0b:fa:da:ae:c8:a4:13:9f:7d:9c:53:62:c0: +- 51:7a:7a:88:78:90:81:f9:2f:e6:86:e0:73:31:1d:84:45:7f: +- 79:ba:6a:9c:ed:5c:aa:b0:dd:d0:32:a9:69:78:1a:e4:3c:fa: +- 53:8a:15:33:7d:cc:45:4c:65:4e:d4:01:49:47:c3:02:04:58: +- a8:c2:60:ab:01:8b:35:ad:db:57:9f:68:12:2b:0e:c6:b0:80: +- 15:11:de:e4:5d:6e:a5:b2:80:34:65:33:e9:4c:0d:93:09:6e: +- e5:f4:f9:06:cc:7e:3d:2e:b9:79:80:9c:83:92:ec:15:62:e6: +- af:4e:40:7f:55:a2:75:d1:f2:af:a1:10:28:2b:c3:f6:ef:3a: +- 16:3a:71:9b:28:ac:65:d4:ab:ff:4a:a7:aa:82:a3:8d:18:36: +- e7:c1:4c:7a:87:8b:39:90:a5:e2:23:c3:99:e6:5d:11:4f:66: +- 48:12:69:72:47:3e:e7:bb:33:51:38:c5:e2:20:aa:24:12:ce: +- 44:fe:d4:f3:38:37:69:85:d8:41:32:41:30:f7:b2:f0:76:ce: +- 4b:da:43:95:87:2b:18:9a:fa:40:c1:36:71:ac:d4:8f:68:cc: +- ed:8f:f6:a9:0a:29:94:98:71:69:af:e2:85:62:65:36:a3:77: +- ae:43:af:81 +------BEGIN CERTIFICATE----- +-MIMBorUwgwGhnKADAgECAhQ85fyBiFmoUBbBf9flKuWWf8L2/jANBgkqhkiG9w0B +-AQsFADAPMQ0wCwYDVQQDDARSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +-MDAwMFowFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEF +-AAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxLHa4GJxiO +-VbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9WyNroD1co +-d26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luvC6DmdaXS +-4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf00YvmLxRm +-VvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9IbjmK6igvwa7 +-QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABo4MBn/0wgwGf+DAd +-BgNVHQ4EFgQUkhE/rBGWx2Y3z4NaJPA6d68zjX8wHwYDVR0jBBgwFoAUtsLvn9Ep +-yw+JjExS1L1AtxG3cd0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRw +-Oi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDov +-L3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +-BTADAQH/MIMBnysGA1UdHgSDAZ8hMIMBnxyggs+KMAqHCAoAAAD/////MAqHCAoA +-AAH/////MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoA +-AAX/////MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoA +-AAn/////MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoA +-AA3/////MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoA +-ABH/////MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoA +-ABX/////MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoA +-ABn/////MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoA +-AB3/////MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoA +-ACH/////MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoA +-ACX/////MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoA +-ACn/////MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoA +-AC3/////MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoA +-ADH/////MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoA +-ADX/////MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoA +-ADn/////MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoA +-AD3/////MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoA +-AEH/////MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoA +-AEX/////MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoA +-AEn/////MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoA +-AE3/////MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoA +-AFH/////MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoA +-AFX/////MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoA +-AFn/////MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoA +-AF3/////MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoA +-AGH/////MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoA +-AGX/////MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoA +-AGn/////MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoA +-AG3/////MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoA +-AHH/////MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoA +-AHX/////MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoA +-AHn/////MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoA +-AH3/////MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoA +-AIH/////MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoA +-AIX/////MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoA +-AIn/////MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoA +-AI3/////MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoA +-AJH/////MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoA +-AJX/////MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoA +-AJn/////MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoA +-AJ3/////MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoA +-AKH/////MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoA +-AKX/////MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoA +-AKn/////MAqHCAoAAKr/////MAqHCAoAAKv/////MAqHCAoAAKz/////MAqHCAoA +-AK3/////MAqHCAoAAK7/////MAqHCAoAAK//////MAqHCAoAALD/////MAqHCAoA +-ALH/////MAqHCAoAALL/////MAqHCAoAALP/////MAqHCAoAALT/////MAqHCAoA +-ALX/////MAqHCAoAALb/////MAqHCAoAALf/////MAqHCAoAALj/////MAqHCAoA +-ALn/////MAqHCAoAALr/////MAqHCAoAALv/////MAqHCAoAALz/////MAqHCAoA +-AL3/////MAqHCAoAAL7/////MAqHCAoAAL//////MAqHCAoAAMD/////MAqHCAoA +-AMH/////MAqHCAoAAML/////MAqHCAoAAMP/////MAqHCAoAAMT/////MAqHCAoA +-AMX/////MAqHCAoAAMb/////MAqHCAoAAMf/////MAqHCAoAAMj/////MAqHCAoA +-AMn/////MAqHCAoAAMr/////MAqHCAoAAMv/////MAqHCAoAAMz/////MAqHCAoA +-AM3/////MAqHCAoAAM7/////MAqHCAoAAM//////MAqHCAoAAND/////MAqHCAoA +-ANH/////MAqHCAoAANL/////MAqHCAoAANP/////MAqHCAoAANT/////MAqHCAoA +-ANX/////MAqHCAoAANb/////MAqHCAoAANf/////MAqHCAoAANj/////MAqHCAoA +-ANn/////MAqHCAoAANr/////MAqHCAoAANv/////MAqHCAoAANz/////MAqHCAoA +-AN3/////MAqHCAoAAN7/////MAqHCAoAAN//////MAqHCAoAAOD/////MAqHCAoA +-AOH/////MAqHCAoAAOL/////MAqHCAoAAOP/////MAqHCAoAAOT/////MAqHCAoA +-AOX/////MAqHCAoAAOb/////MAqHCAoAAOf/////MAqHCAoAAOj/////MAqHCAoA +-AOn/////MAqHCAoAAOr/////MAqHCAoAAOv/////MAqHCAoAAOz/////MAqHCAoA +-AO3/////MAqHCAoAAO7/////MAqHCAoAAO//////MAqHCAoAAPD/////MAqHCAoA +-APH/////MAqHCAoAAPL/////MAqHCAoAAPP/////MAqHCAoAAPT/////MAqHCAoA +-APX/////MAqHCAoAAPb/////MAqHCAoAAPf/////MAqHCAoAAPj/////MAqHCAoA +-APn/////MAqHCAoAAPr/////MAqHCAoAAPv/////MAqHCAoAAPz/////MAqHCAoA +-AP3/////MAqHCAoAAP7/////MAqHCAoAAP//////MAqHCAoAAQD/////MAqHCAoA +-AQH/////MAqHCAoAAQL/////MAqHCAoAAQP/////MAqHCAoAAQT/////MAqHCAoA +-AQX/////MAqHCAoAAQb/////MAqHCAoAAQf/////MAqHCAoAAQj/////MAqHCAoA +-AQn/////MAqHCAoAAQr/////MAqHCAoAAQv/////MAqHCAoAAQz/////MAqHCAoA +-AQ3/////MAqHCAoAAQ7/////MAqHCAoAAQ//////MAqHCAoAARD/////MAqHCAoA +-ARH/////MAqHCAoAARL/////MAqHCAoAARP/////MAqHCAoAART/////MAqHCAoA +-ARX/////MAqHCAoAARb/////MAqHCAoAARf/////MAqHCAoAARj/////MAqHCAoA +-ARn/////MAqHCAoAARr/////MAqHCAoAARv/////MAqHCAoAARz/////MAqHCAoA +-AR3/////MAqHCAoAAR7/////MAqHCAoAAR//////MAqHCAoAASD/////MAqHCAoA +-ASH/////MAqHCAoAASL/////MAqHCAoAASP/////MAqHCAoAAST/////MAqHCAoA +-ASX/////MAqHCAoAASb/////MAqHCAoAASf/////MAqHCAoAASj/////MAqHCAoA +-ASn/////MAqHCAoAASr/////MAqHCAoAASv/////MAqHCAoAASz/////MAqHCAoA +-AS3/////MAqHCAoAAS7/////MAqHCAoAAS//////MAqHCAoAATD/////MAqHCAoA +-ATH/////MAqHCAoAATL/////MAqHCAoAATP/////MAqHCAoAATT/////MAqHCAoA +-ATX/////MAqHCAoAATb/////MAqHCAoAATf/////MAqHCAoAATj/////MAqHCAoA +-ATn/////MAqHCAoAATr/////MAqHCAoAATv/////MAqHCAoAATz/////MAqHCAoA +-AT3/////MAqHCAoAAT7/////MAqHCAoAAT//////MAqHCAoAAUD/////MAqHCAoA +-AUH/////MAqHCAoAAUL/////MAqHCAoAAUP/////MAqHCAoAAUT/////MAqHCAoA +-AUX/////MAqHCAoAAUb/////MAqHCAoAAUf/////MAqHCAoAAUj/////MAqHCAoA +-AUn/////MAqHCAoAAUr/////MAqHCAoAAUv/////MAqHCAoAAUz/////MAqHCAoA +-AU3/////MAqHCAoAAU7/////MAqHCAoAAU//////MAqHCAoAAVD/////MAqHCAoA +-AVH/////MAqHCAoAAVL/////MAqHCAoAAVP/////MAqHCAoAAVT/////MAqHCAoA +-AVX/////MAqHCAoAAVb/////MAqHCAoAAVf/////MAqHCAoAAVj/////MAqHCAoA +-AVn/////MAqHCAoAAVr/////MAqHCAoAAVv/////MAqHCAoAAVz/////MAqHCAoA +-AV3/////MAqHCAoAAV7/////MAqHCAoAAV//////MAqHCAoAAWD/////MAqHCAoA +-AWH/////MAqHCAoAAWL/////MAqHCAoAAWP/////MAqHCAoAAWT/////MAqHCAoA +-AWX/////MAqHCAoAAWb/////MAqHCAoAAWf/////MAqHCAoAAWj/////MAqHCAoA +-AWn/////MAqHCAoAAWr/////MAqHCAoAAWv/////MAqHCAoAAWz/////MAqHCAoA +-AW3/////MAqHCAoAAW7/////MAqHCAoAAW//////MAqHCAoAAXD/////MAqHCAoA +-AXH/////MAqHCAoAAXL/////MAqHCAoAAXP/////MAqHCAoAAXT/////MAqHCAoA +-AXX/////MAqHCAoAAXb/////MAqHCAoAAXf/////MAqHCAoAAXj/////MAqHCAoA +-AXn/////MAqHCAoAAXr/////MAqHCAoAAXv/////MAqHCAoAAXz/////MAqHCAoA +-AX3/////MAqHCAoAAX7/////MAqHCAoAAX//////MAqHCAoAAYD/////MAqHCAoA +-AYH/////MAqHCAoAAYL/////MAqHCAoAAYP/////MAqHCAoAAYT/////MAqHCAoA +-AYX/////MAqHCAoAAYb/////MAqHCAoAAYf/////MAqHCAoAAYj/////MAqHCAoA +-AYn/////MAqHCAoAAYr/////MAqHCAoAAYv/////MAqHCAoAAYz/////MAqHCAoA +-AY3/////MAqHCAoAAY7/////MAqHCAoAAY//////MAqHCAoAAZD/////MAqHCAoA +-AZH/////MAqHCAoAAZL/////MAqHCAoAAZP/////MAqHCAoAAZT/////MAqHCAoA +-AZX/////MAqHCAoAAZb/////MAqHCAoAAZf/////MAqHCAoAAZj/////MAqHCAoA +-AZn/////MAqHCAoAAZr/////MAqHCAoAAZv/////MAqHCAoAAZz/////MAqHCAoA +-AZ3/////MAqHCAoAAZ7/////MAqHCAoAAZ//////MAqHCAoAAaD/////MAqHCAoA +-AaH/////MAqHCAoAAaL/////MAqHCAoAAaP/////MAqHCAoAAaT/////MAqHCAoA +-AaX/////MAqHCAoAAab/////MAqHCAoAAaf/////MAqHCAoAAaj/////MAqHCAoA +-Aan/////MAqHCAoAAar/////MAqHCAoAAav/////MAqHCAoAAaz/////MAqHCAoA +-Aa3/////MAqHCAoAAa7/////MAqHCAoAAa//////MAqHCAoAAbD/////MAqHCAoA +-AbH/////MAqHCAoAAbL/////MAqHCAoAAbP/////MAqHCAoAAbT/////MAqHCAoA +-AbX/////MAqHCAoAAbb/////MAqHCAoAAbf/////MAqHCAoAAbj/////MAqHCAoA +-Abn/////MAqHCAoAAbr/////MAqHCAoAAbv/////MAqHCAoAAbz/////MAqHCAoA +-Ab3/////MAqHCAoAAb7/////MAqHCAoAAb//////MAqHCAoAAcD/////MAqHCAoA +-AcH/////MAqHCAoAAcL/////MAqHCAoAAcP/////MAqHCAoAAcT/////MAqHCAoA +-AcX/////MAqHCAoAAcb/////MAqHCAoAAcf/////MAqHCAoAAcj/////MAqHCAoA +-Acn/////MAqHCAoAAcr/////MAqHCAoAAcv/////MAqHCAoAAcz/////MAqHCAoA +-Ac3/////MAqHCAoAAc7/////MAqHCAoAAc//////MAqHCAoAAdD/////MAqHCAoA +-AdH/////MAqHCAoAAdL/////MAqHCAoAAdP/////MAqHCAoAAdT/////MAqHCAoA +-AdX/////MAqHCAoAAdb/////MAqHCAoAAdf/////MAqHCAoAAdj/////MAqHCAoA +-Adn/////MAqHCAoAAdr/////MAqHCAoAAdv/////MAqHCAoAAdz/////MAqHCAoA +-Ad3/////MAqHCAoAAd7/////MAqHCAoAAd//////MAqHCAoAAeD/////MAqHCAoA +-AeH/////MAqHCAoAAeL/////MAqHCAoAAeP/////MAqHCAoAAeT/////MAqHCAoA +-AeX/////MAqHCAoAAeb/////MAqHCAoAAef/////MAqHCAoAAej/////MAqHCAoA +-Aen/////MAqHCAoAAer/////MAqHCAoAAev/////MAqHCAoAAez/////MAqHCAoA +-Ae3/////MAqHCAoAAe7/////MAqHCAoAAe//////MAqHCAoAAfD/////MAqHCAoA +-AfH/////MAqHCAoAAfL/////MAqHCAoAAfP/////MAqHCAoAAfT/////MAqHCAoA +-AfX/////MAqHCAoAAfb/////MAqHCAoAAff/////MAqHCAoAAfj/////MAqHCAoA +-Afn/////MAqHCAoAAfr/////MAqHCAoAAfv/////MAqHCAoAAfz/////MAqHCAoA +-Af3/////MAqHCAoAAf7/////MAqHCAoAAf//////MAqHCAoAAgD/////MAqHCAoA +-AgH/////MAqHCAoAAgL/////MAqHCAoAAgP/////MAqHCAoAAgT/////MAqHCAoA +-AgX/////MAqHCAoAAgb/////MAqHCAoAAgf/////MAqHCAoAAgj/////MAqHCAoA +-Agn/////MAqHCAoAAgr/////MAqHCAoAAgv/////MAqHCAoAAgz/////MAqHCAoA +-Ag3/////MAqHCAoAAg7/////MAqHCAoAAg//////MAqHCAoAAhD/////MAqHCAoA +-AhH/////MAqHCAoAAhL/////MAqHCAoAAhP/////MAqHCAoAAhT/////MAqHCAoA +-AhX/////MAqHCAoAAhb/////MAqHCAoAAhf/////MAqHCAoAAhj/////MAqHCAoA +-Ahn/////MAqHCAoAAhr/////MAqHCAoAAhv/////MAqHCAoAAhz/////MAqHCAoA +-Ah3/////MAqHCAoAAh7/////MAqHCAoAAh//////MAqHCAoAAiD/////MAqHCAoA +-AiH/////MAqHCAoAAiL/////MAqHCAoAAiP/////MAqHCAoAAiT/////MAqHCAoA +-AiX/////MAqHCAoAAib/////MAqHCAoAAif/////MAqHCAoAAij/////MAqHCAoA +-Ain/////MAqHCAoAAir/////MAqHCAoAAiv/////MAqHCAoAAiz/////MAqHCAoA +-Ai3/////MAqHCAoAAi7/////MAqHCAoAAi//////MAqHCAoAAjD/////MAqHCAoA +-AjH/////MAqHCAoAAjL/////MAqHCAoAAjP/////MAqHCAoAAjT/////MAqHCAoA +-AjX/////MAqHCAoAAjb/////MAqHCAoAAjf/////MAqHCAoAAjj/////MAqHCAoA +-Ajn/////MAqHCAoAAjr/////MAqHCAoAAjv/////MAqHCAoAAjz/////MAqHCAoA +-Aj3/////MAqHCAoAAj7/////MAqHCAoAAj//////MAqHCAoAAkD/////MAqHCAoA +-AkH/////MAqHCAoAAkL/////MAqHCAoAAkP/////MAqHCAoAAkT/////MAqHCAoA +-AkX/////MAqHCAoAAkb/////MAqHCAoAAkf/////MAqHCAoAAkj/////MAqHCAoA +-Akn/////MAqHCAoAAkr/////MAqHCAoAAkv/////MAqHCAoAAkz/////MAqHCAoA +-Ak3/////MAqHCAoAAk7/////MAqHCAoAAk//////MAqHCAoAAlD/////MAqHCAoA +-AlH/////MAqHCAoAAlL/////MAqHCAoAAlP/////MAqHCAoAAlT/////MAqHCAoA +-AlX/////MAqHCAoAAlb/////MAqHCAoAAlf/////MAqHCAoAAlj/////MAqHCAoA +-Aln/////MAqHCAoAAlr/////MAqHCAoAAlv/////MAqHCAoAAlz/////MAqHCAoA +-Al3/////MAqHCAoAAl7/////MAqHCAoAAl//////MAqHCAoAAmD/////MAqHCAoA +-AmH/////MAqHCAoAAmL/////MAqHCAoAAmP/////MAqHCAoAAmT/////MAqHCAoA +-AmX/////MAqHCAoAAmb/////MAqHCAoAAmf/////MAqHCAoAAmj/////MAqHCAoA +-Amn/////MAqHCAoAAmr/////MAqHCAoAAmv/////MAqHCAoAAmz/////MAqHCAoA +-Am3/////MAqHCAoAAm7/////MAqHCAoAAm//////MAqHCAoAAnD/////MAqHCAoA +-AnH/////MAqHCAoAAnL/////MAqHCAoAAnP/////MAqHCAoAAnT/////MAqHCAoA +-AnX/////MAqHCAoAAnb/////MAqHCAoAAnf/////MAqHCAoAAnj/////MAqHCAoA +-Ann/////MAqHCAoAAnr/////MAqHCAoAAnv/////MAqHCAoAAnz/////MAqHCAoA +-An3/////MAqHCAoAAn7/////MAqHCAoAAn//////MAqHCAoAAoD/////MAqHCAoA +-AoH/////MAqHCAoAAoL/////MAqHCAoAAoP/////MAqHCAoAAoT/////MAqHCAoA +-AoX/////MAqHCAoAAob/////MAqHCAoAAof/////MAqHCAoAAoj/////MAqHCAoA +-Aon/////MAqHCAoAAor/////MAqHCAoAAov/////MAqHCAoAAoz/////MAqHCAoA +-Ao3/////MAqHCAoAAo7/////MAqHCAoAAo//////MAqHCAoAApD/////MAqHCAoA +-ApH/////MAqHCAoAApL/////MAqHCAoAApP/////MAqHCAoAApT/////MAqHCAoA +-ApX/////MAqHCAoAApb/////MAqHCAoAApf/////MAqHCAoAApj/////MAqHCAoA +-Apn/////MAqHCAoAApr/////MAqHCAoAApv/////MAqHCAoAApz/////MAqHCAoA +-Ap3/////MAqHCAoAAp7/////MAqHCAoAAp//////MAqHCAoAAqD/////MAqHCAoA +-AqH/////MAqHCAoAAqL/////MAqHCAoAAqP/////MAqHCAoAAqT/////MAqHCAoA +-AqX/////MAqHCAoAAqb/////MAqHCAoAAqf/////MAqHCAoAAqj/////MAqHCAoA +-Aqn/////MAqHCAoAAqr/////MAqHCAoAAqv/////MAqHCAoAAqz/////MAqHCAoA +-Aq3/////MAqHCAoAAq7/////MAqHCAoAAq//////MAqHCAoAArD/////MAqHCAoA +-ArH/////MAqHCAoAArL/////MAqHCAoAArP/////MAqHCAoAArT/////MAqHCAoA +-ArX/////MAqHCAoAArb/////MAqHCAoAArf/////MAqHCAoAArj/////MAqHCAoA +-Arn/////MAqHCAoAArr/////MAqHCAoAArv/////MAqHCAoAArz/////MAqHCAoA +-Ar3/////MAqHCAoAAr7/////MAqHCAoAAr//////MAqHCAoAAsD/////MAqHCAoA +-AsH/////MAqHCAoAAsL/////MAqHCAoAAsP/////MAqHCAoAAsT/////MAqHCAoA +-AsX/////MAqHCAoAAsb/////MAqHCAoAAsf/////MAqHCAoAAsj/////MAqHCAoA +-Asn/////MAqHCAoAAsr/////MAqHCAoAAsv/////MAqHCAoAAsz/////MAqHCAoA +-As3/////MAqHCAoAAs7/////MAqHCAoAAs//////MAqHCAoAAtD/////MAqHCAoA +-AtH/////MAqHCAoAAtL/////MAqHCAoAAtP/////MAqHCAoAAtT/////MAqHCAoA +-AtX/////MAqHCAoAAtb/////MAqHCAoAAtf/////MAqHCAoAAtj/////MAqHCAoA +-Atn/////MAqHCAoAAtr/////MAqHCAoAAtv/////MAqHCAoAAtz/////MAqHCAoA +-At3/////MAqHCAoAAt7/////MAqHCAoAAt//////MAqHCAoAAuD/////MAqHCAoA +-AuH/////MAqHCAoAAuL/////MAqHCAoAAuP/////MAqHCAoAAuT/////MAqHCAoA +-AuX/////MAqHCAoAAub/////MAqHCAoAAuf/////MAqHCAoAAuj/////MAqHCAoA +-Aun/////MAqHCAoAAur/////MAqHCAoAAuv/////MAqHCAoAAuz/////MAqHCAoA +-Au3/////MAqHCAoAAu7/////MAqHCAoAAu//////MAqHCAoAAvD/////MAqHCAoA +-AvH/////MAqHCAoAAvL/////MAqHCAoAAvP/////MAqHCAoAAvT/////MAqHCAoA +-AvX/////MAqHCAoAAvb/////MAqHCAoAAvf/////MAqHCAoAAvj/////MAqHCAoA +-Avn/////MAqHCAoAAvr/////MAqHCAoAAvv/////MAqHCAoAAvz/////MAqHCAoA +-Av3/////MAqHCAoAAv7/////MAqHCAoAAv//////MAqHCAoAAwD/////MAqHCAoA +-AwH/////MAqHCAoAAwL/////MAqHCAoAAwP/////MAqHCAoAAwT/////MAqHCAoA +-AwX/////MAqHCAoAAwb/////MAqHCAoAAwf/////MAqHCAoAAwj/////MAqHCAoA +-Awn/////MAqHCAoAAwr/////MAqHCAoAAwv/////MAqHCAoAAwz/////MAqHCAoA +-Aw3/////MAqHCAoAAw7/////MAqHCAoAAw//////MAqHCAoAAxD/////MAqHCAoA +-AxH/////MAqHCAoAAxL/////MAqHCAoAAxP/////MAqHCAoAAxT/////MAqHCAoA +-AxX/////MAqHCAoAAxb/////MAqHCAoAAxf/////MAqHCAoAAxj/////MAqHCAoA +-Axn/////MAqHCAoAAxr/////MAqHCAoAAxv/////MAqHCAoAAxz/////MAqHCAoA +-Ax3/////MAqHCAoAAx7/////MAqHCAoAAx//////MAqHCAoAAyD/////MAqHCAoA +-AyH/////MAqHCAoAAyL/////MAqHCAoAAyP/////MAqHCAoAAyT/////MAqHCAoA +-AyX/////MAqHCAoAAyb/////MAqHCAoAAyf/////MAqHCAoAAyj/////MAqHCAoA +-Ayn/////MAqHCAoAAyr/////MAqHCAoAAyv/////MAqHCAoAAyz/////MAqHCAoA +-Ay3/////MAqHCAoAAy7/////MAqHCAoAAy//////MAqHCAoAAzD/////MAqHCAoA +-AzH/////MAqHCAoAAzL/////MAqHCAoAAzP/////MAqHCAoAAzT/////MAqHCAoA +-AzX/////MAqHCAoAAzb/////MAqHCAoAAzf/////MAqHCAoAAzj/////MAqHCAoA +-Azn/////MAqHCAoAAzr/////MAqHCAoAAzv/////MAqHCAoAAzz/////MAqHCAoA +-Az3/////MAqHCAoAAz7/////MAqHCAoAAz//////MAqHCAoAA0D/////MAqHCAoA +-A0H/////MAqHCAoAA0L/////MAqHCAoAA0P/////MAqHCAoAA0T/////MAqHCAoA +-A0X/////MAqHCAoAA0b/////MAqHCAoAA0f/////MAqHCAoAA0j/////MAqHCAoA +-A0n/////MAqHCAoAA0r/////MAqHCAoAA0v/////MAqHCAoAA0z/////MAqHCAoA +-A03/////MAqHCAoAA07/////MAqHCAoAA0//////MAqHCAoAA1D/////MAqHCAoA +-A1H/////MAqHCAoAA1L/////MAqHCAoAA1P/////MAqHCAoAA1T/////MAqHCAoA +-A1X/////MAqHCAoAA1b/////MAqHCAoAA1f/////MAqHCAoAA1j/////MAqHCAoA +-A1n/////MAqHCAoAA1r/////MAqHCAoAA1v/////MAqHCAoAA1z/////MAqHCAoA +-A13/////MAqHCAoAA17/////MAqHCAoAA1//////MAqHCAoAA2D/////MAqHCAoA +-A2H/////MAqHCAoAA2L/////MAqHCAoAA2P/////MAqHCAoAA2T/////MAqHCAoA +-A2X/////MAqHCAoAA2b/////MAqHCAoAA2f/////MAqHCAoAA2j/////MAqHCAoA +-A2n/////MAqHCAoAA2r/////MAqHCAoAA2v/////MAqHCAoAA2z/////MAqHCAoA +-A23/////MAqHCAoAA27/////MAqHCAoAA2//////MAqHCAoAA3D/////MAqHCAoA +-A3H/////MAqHCAoAA3L/////MAqHCAoAA3P/////MAqHCAoAA3T/////MAqHCAoA +-A3X/////MAqHCAoAA3b/////MAqHCAoAA3f/////MAqHCAoAA3j/////MAqHCAoA +-A3n/////MAqHCAoAA3r/////MAqHCAoAA3v/////MAqHCAoAA3z/////MAqHCAoA +-A33/////MAqHCAoAA37/////MAqHCAoAA3//////MAqHCAoAA4D/////MAqHCAoA +-A4H/////MAqHCAoAA4L/////MAqHCAoAA4P/////MAqHCAoAA4T/////MAqHCAoA +-A4X/////MAqHCAoAA4b/////MAqHCAoAA4f/////MAqHCAoAA4j/////MAqHCAoA +-A4n/////MAqHCAoAA4r/////MAqHCAoAA4v/////MAqHCAoAA4z/////MAqHCAoA +-A43/////MAqHCAoAA47/////MAqHCAoAA4//////MAqHCAoAA5D/////MAqHCAoA +-A5H/////MAqHCAoAA5L/////MAqHCAoAA5P/////MAqHCAoAA5T/////MAqHCAoA +-A5X/////MAqHCAoAA5b/////MAqHCAoAA5f/////MAqHCAoAA5j/////MAqHCAoA +-A5n/////MAqHCAoAA5r/////MAqHCAoAA5v/////MAqHCAoAA5z/////MAqHCAoA +-A53/////MAqHCAoAA57/////MAqHCAoAA5//////MAqHCAoAA6D/////MAqHCAoA +-A6H/////MAqHCAoAA6L/////MAqHCAoAA6P/////MAqHCAoAA6T/////MAqHCAoA +-A6X/////MAqHCAoAA6b/////MAqHCAoAA6f/////MAqHCAoAA6j/////MAqHCAoA +-A6n/////MAqHCAoAA6r/////MAqHCAoAA6v/////MAqHCAoAA6z/////MAqHCAoA +-A63/////MAqHCAoAA67/////MAqHCAoAA6//////MAqHCAoAA7D/////MAqHCAoA +-A7H/////MAqHCAoAA7L/////MAqHCAoAA7P/////MAqHCAoAA7T/////MAqHCAoA +-A7X/////MAqHCAoAA7b/////MAqHCAoAA7f/////MAqHCAoAA7j/////MAqHCAoA +-A7n/////MAqHCAoAA7r/////MAqHCAoAA7v/////MAqHCAoAA7z/////MAqHCAoA +-A73/////MAqHCAoAA77/////MAqHCAoAA7//////MAqHCAoAA8D/////MAqHCAoA +-A8H/////MAqHCAoAA8L/////MAqHCAoAA8P/////MAqHCAoAA8T/////MAqHCAoA +-A8X/////MAqHCAoAA8b/////MAqHCAoAA8f/////MAqHCAoAA8j/////MAqHCAoA +-A8n/////MAqHCAoAA8r/////MAqHCAoAA8v/////MAqHCAoAA8z/////MAqHCAoA +-A83/////MAqHCAoAA87/////MAqHCAoAA8//////MAqHCAoAA9D/////MAqHCAoA +-A9H/////MAqHCAoAA9L/////MAqHCAoAA9P/////MAqHCAoAA9T/////MAqHCAoA +-A9X/////MAqHCAoAA9b/////MAqHCAoAA9f/////MAqHCAoAA9j/////MAqHCAoA +-A9n/////MAqHCAoAA9r/////MAqHCAoAA9v/////MAqHCAoAA9z/////MAqHCAoA +-A93/////MAqHCAoAA97/////MAqHCAoAA9//////MAqHCAoAA+D/////MAqHCAoA +-A+H/////MAqHCAoAA+L/////MAqHCAoAA+P/////MAqHCAoAA+T/////MAqHCAoA +-A+X/////MAqHCAoAA+b/////MAqHCAoAA+f/////MAqHCAoAA+j/////MAqHCAoA +-A+n/////MAqHCAoAA+r/////MAqHCAoAA+v/////MAqHCAoAA+z/////MAqHCAoA +-A+3/////MAqHCAoAA+7/////MAqHCAoAA+//////MAqHCAoAA/D/////MAqHCAoA +-A/H/////MAqHCAoAA/L/////MAqHCAoAA/P/////MAqHCAoAA/T/////MAqHCAoA +-A/X/////MAqHCAoAA/b/////MAqHCAoAA/f/////MAqHCAoAA/j/////MAqHCAoA +-A/n/////MAqHCAoAA/r/////MAqHCAoAA/v/////MAqHCAoAA/z/////MAqHCAoA +-A/3/////MAqHCAoAA/7/////MAqHCAoAA///////MAqHCAoABAD/////MBGkDzAN +-MQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwCdDEwEaQPMA0xCzAJBgNVBAMM +-AnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTELMAkGA1UEAwwCdDQwEaQPMA0x +-CzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0NjARpA8wDTELMAkGA1UEAwwC +-dDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQswCQYDVQQDDAJ0OTASpBAwDjEM +-MAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0MTEwEqQQMA4xDDAKBgNVBAMM +-A3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAOMQwwCgYDVQQDDAN0MTQwEqQQ +-MA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UEAwwDdDE2MBKkEDAOMQwwCgYD +-VQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODASpBAwDjEMMAoGA1UEAwwDdDE5 +-MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAKBgNVBAMMA3QyMTASpBAwDjEM +-MAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0MjMwEqQQMA4xDDAKBgNVBAMM +-A3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAOMQwwCgYDVQQDDAN0MjYwEqQQ +-MA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UEAwwDdDI4MBKkEDAOMQwwCgYD +-VQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDASpBAwDjEMMAoGA1UEAwwDdDMx +-MBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAKBgNVBAMMA3QzMzASpBAwDjEM +-MAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0MzUwEqQQMA4xDDAKBgNVBAMM +-A3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAOMQwwCgYDVQQDDAN0MzgwEqQQ +-MA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UEAwwDdDQwMBKkEDAOMQwwCgYD +-VQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjASpBAwDjEMMAoGA1UEAwwDdDQz +-MBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAKBgNVBAMMA3Q0NTASpBAwDjEM +-MAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0NDcwEqQQMA4xDDAKBgNVBAMM +-A3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAOMQwwCgYDVQQDDAN0NTAwEqQQ +-MA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UEAwwDdDUyMBKkEDAOMQwwCgYD +-VQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDASpBAwDjEMMAoGA1UEAwwDdDU1 +-MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAKBgNVBAMMA3Q1NzASpBAwDjEM +-MAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0NTkwEqQQMA4xDDAKBgNVBAMM +-A3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAOMQwwCgYDVQQDDAN0NjIwEqQQ +-MA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UEAwwDdDY0MBKkEDAOMQwwCgYD +-VQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjASpBAwDjEMMAoGA1UEAwwDdDY3 +-MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAKBgNVBAMMA3Q2OTASpBAwDjEM +-MAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0NzEwEqQQMA4xDDAKBgNVBAMM +-A3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAOMQwwCgYDVQQDDAN0NzQwEqQQ +-MA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UEAwwDdDc2MBKkEDAOMQwwCgYD +-VQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODASpBAwDjEMMAoGA1UEAwwDdDc5 +-MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAKBgNVBAMMA3Q4MTASpBAwDjEM +-MAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0ODMwEqQQMA4xDDAKBgNVBAMM +-A3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAOMQwwCgYDVQQDDAN0ODYwEqQQ +-MA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UEAwwDdDg4MBKkEDAOMQwwCgYD +-VQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDASpBAwDjEMMAoGA1UEAwwDdDkx +-MBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAKBgNVBAMMA3Q5MzASpBAwDjEM +-MAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0OTUwEqQQMA4xDDAKBgNVBAMM +-A3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAOMQwwCgYDVQQDDAN0OTgwEqQQ +-MA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UEAwwEdDEwMDATpBEwDzENMAsG +-A1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEwMjATpBEwDzENMAsGA1UEAwwE +-dDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEwDzENMAsGA1UEAwwEdDEwNTAT +-pBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsGA1UEAwwEdDEwNzATpBEwDzEN +-MAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwEdDEwOTATpBEwDzENMAsGA1UE +-AwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTATpBEwDzENMAsGA1UEAwwEdDEx +-MjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzENMAsGA1UEAwwEdDExNDATpBEw +-DzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UEAwwEdDExNjATpBEwDzENMAsG +-A1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDExODATpBEwDzENMAsGA1UEAwwE +-dDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEwDzENMAsGA1UEAwwEdDEyMTAT +-pBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsGA1UEAwwEdDEyMzATpBEwDzEN +-MAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwEdDEyNTATpBEwDzENMAsGA1UE +-AwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzATpBEwDzENMAsGA1UEAwwEdDEy +-ODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzENMAsGA1UEAwwEdDEzMDATpBEw +-DzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UEAwwEdDEzMjATpBEwDzENMAsG +-A1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEzNDATpBEwDzENMAsGA1UEAwwE +-dDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEwDzENMAsGA1UEAwwEdDEzNzAT +-pBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsGA1UEAwwEdDEzOTATpBEwDzEN +-MAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwEdDE0MTATpBEwDzENMAsGA1UE +-AwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzATpBEwDzENMAsGA1UEAwwEdDE0 +-NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzENMAsGA1UEAwwEdDE0NjATpBEw +-DzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UEAwwEdDE0ODATpBEwDzENMAsG +-A1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1MDATpBEwDzENMAsGA1UEAwwE +-dDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEwDzENMAsGA1UEAwwEdDE1MzAT +-pBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsGA1UEAwwEdDE1NTATpBEwDzEN +-MAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwEdDE1NzATpBEwDzENMAsGA1UE +-AwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTATpBEwDzENMAsGA1UEAwwEdDE2 +-MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzENMAsGA1UEAwwEdDE2MjATpBEw +-DzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UEAwwEdDE2NDATpBEwDzENMAsG +-A1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2NjATpBEwDzENMAsGA1UEAwwE +-dDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEwDzENMAsGA1UEAwwEdDE2OTAT +-pBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsGA1UEAwwEdDE3MTATpBEwDzEN +-MAsGA1UEAwwEdDE3MjATpBEwDzENMAsGA1UEAwwEdDE3MzATpBEwDzENMAsGA1UE +-AwwEdDE3NDATpBEwDzENMAsGA1UEAwwEdDE3NTATpBEwDzENMAsGA1UEAwwEdDE3 +-NjATpBEwDzENMAsGA1UEAwwEdDE3NzATpBEwDzENMAsGA1UEAwwEdDE3ODATpBEw +-DzENMAsGA1UEAwwEdDE3OTATpBEwDzENMAsGA1UEAwwEdDE4MDATpBEwDzENMAsG +-A1UEAwwEdDE4MTATpBEwDzENMAsGA1UEAwwEdDE4MjATpBEwDzENMAsGA1UEAwwE +-dDE4MzATpBEwDzENMAsGA1UEAwwEdDE4NDATpBEwDzENMAsGA1UEAwwEdDE4NTAT +-pBEwDzENMAsGA1UEAwwEdDE4NjATpBEwDzENMAsGA1UEAwwEdDE4NzATpBEwDzEN +-MAsGA1UEAwwEdDE4ODATpBEwDzENMAsGA1UEAwwEdDE4OTATpBEwDzENMAsGA1UE +-AwwEdDE5MDATpBEwDzENMAsGA1UEAwwEdDE5MTATpBEwDzENMAsGA1UEAwwEdDE5 +-MjATpBEwDzENMAsGA1UEAwwEdDE5MzATpBEwDzENMAsGA1UEAwwEdDE5NDATpBEw +-DzENMAsGA1UEAwwEdDE5NTATpBEwDzENMAsGA1UEAwwEdDE5NjATpBEwDzENMAsG +-A1UEAwwEdDE5NzATpBEwDzENMAsGA1UEAwwEdDE5ODATpBEwDzENMAsGA1UEAwwE +-dDE5OTATpBEwDzENMAsGA1UEAwwEdDIwMDATpBEwDzENMAsGA1UEAwwEdDIwMTAT +-pBEwDzENMAsGA1UEAwwEdDIwMjATpBEwDzENMAsGA1UEAwwEdDIwMzATpBEwDzEN +-MAsGA1UEAwwEdDIwNDATpBEwDzENMAsGA1UEAwwEdDIwNTATpBEwDzENMAsGA1UE +-AwwEdDIwNjATpBEwDzENMAsGA1UEAwwEdDIwNzATpBEwDzENMAsGA1UEAwwEdDIw +-ODATpBEwDzENMAsGA1UEAwwEdDIwOTATpBEwDzENMAsGA1UEAwwEdDIxMDATpBEw +-DzENMAsGA1UEAwwEdDIxMTATpBEwDzENMAsGA1UEAwwEdDIxMjATpBEwDzENMAsG +-A1UEAwwEdDIxMzATpBEwDzENMAsGA1UEAwwEdDIxNDATpBEwDzENMAsGA1UEAwwE +-dDIxNTATpBEwDzENMAsGA1UEAwwEdDIxNjATpBEwDzENMAsGA1UEAwwEdDIxNzAT +-pBEwDzENMAsGA1UEAwwEdDIxODATpBEwDzENMAsGA1UEAwwEdDIxOTATpBEwDzEN +-MAsGA1UEAwwEdDIyMDATpBEwDzENMAsGA1UEAwwEdDIyMTATpBEwDzENMAsGA1UE +-AwwEdDIyMjATpBEwDzENMAsGA1UEAwwEdDIyMzATpBEwDzENMAsGA1UEAwwEdDIy +-NDATpBEwDzENMAsGA1UEAwwEdDIyNTATpBEwDzENMAsGA1UEAwwEdDIyNjATpBEw +-DzENMAsGA1UEAwwEdDIyNzATpBEwDzENMAsGA1UEAwwEdDIyODATpBEwDzENMAsG +-A1UEAwwEdDIyOTATpBEwDzENMAsGA1UEAwwEdDIzMDATpBEwDzENMAsGA1UEAwwE +-dDIzMTATpBEwDzENMAsGA1UEAwwEdDIzMjATpBEwDzENMAsGA1UEAwwEdDIzMzAT +-pBEwDzENMAsGA1UEAwwEdDIzNDATpBEwDzENMAsGA1UEAwwEdDIzNTATpBEwDzEN +-MAsGA1UEAwwEdDIzNjATpBEwDzENMAsGA1UEAwwEdDIzNzATpBEwDzENMAsGA1UE +-AwwEdDIzODATpBEwDzENMAsGA1UEAwwEdDIzOTATpBEwDzENMAsGA1UEAwwEdDI0 +-MDATpBEwDzENMAsGA1UEAwwEdDI0MTATpBEwDzENMAsGA1UEAwwEdDI0MjATpBEw +-DzENMAsGA1UEAwwEdDI0MzATpBEwDzENMAsGA1UEAwwEdDI0NDATpBEwDzENMAsG +-A1UEAwwEdDI0NTATpBEwDzENMAsGA1UEAwwEdDI0NjATpBEwDzENMAsGA1UEAwwE +-dDI0NzATpBEwDzENMAsGA1UEAwwEdDI0ODATpBEwDzENMAsGA1UEAwwEdDI0OTAT +-pBEwDzENMAsGA1UEAwwEdDI1MDATpBEwDzENMAsGA1UEAwwEdDI1MTATpBEwDzEN +-MAsGA1UEAwwEdDI1MjATpBEwDzENMAsGA1UEAwwEdDI1MzATpBEwDzENMAsGA1UE +-AwwEdDI1NDATpBEwDzENMAsGA1UEAwwEdDI1NTATpBEwDzENMAsGA1UEAwwEdDI1 +-NjATpBEwDzENMAsGA1UEAwwEdDI1NzATpBEwDzENMAsGA1UEAwwEdDI1ODATpBEw +-DzENMAsGA1UEAwwEdDI1OTATpBEwDzENMAsGA1UEAwwEdDI2MDATpBEwDzENMAsG +-A1UEAwwEdDI2MTATpBEwDzENMAsGA1UEAwwEdDI2MjATpBEwDzENMAsGA1UEAwwE +-dDI2MzATpBEwDzENMAsGA1UEAwwEdDI2NDATpBEwDzENMAsGA1UEAwwEdDI2NTAT +-pBEwDzENMAsGA1UEAwwEdDI2NjATpBEwDzENMAsGA1UEAwwEdDI2NzATpBEwDzEN +-MAsGA1UEAwwEdDI2ODATpBEwDzENMAsGA1UEAwwEdDI2OTATpBEwDzENMAsGA1UE +-AwwEdDI3MDATpBEwDzENMAsGA1UEAwwEdDI3MTATpBEwDzENMAsGA1UEAwwEdDI3 +-MjATpBEwDzENMAsGA1UEAwwEdDI3MzATpBEwDzENMAsGA1UEAwwEdDI3NDATpBEw +-DzENMAsGA1UEAwwEdDI3NTATpBEwDzENMAsGA1UEAwwEdDI3NjATpBEwDzENMAsG +-A1UEAwwEdDI3NzATpBEwDzENMAsGA1UEAwwEdDI3ODATpBEwDzENMAsGA1UEAwwE +-dDI3OTATpBEwDzENMAsGA1UEAwwEdDI4MDATpBEwDzENMAsGA1UEAwwEdDI4MTAT +-pBEwDzENMAsGA1UEAwwEdDI4MjATpBEwDzENMAsGA1UEAwwEdDI4MzATpBEwDzEN +-MAsGA1UEAwwEdDI4NDATpBEwDzENMAsGA1UEAwwEdDI4NTATpBEwDzENMAsGA1UE +-AwwEdDI4NjATpBEwDzENMAsGA1UEAwwEdDI4NzATpBEwDzENMAsGA1UEAwwEdDI4 +-ODATpBEwDzENMAsGA1UEAwwEdDI4OTATpBEwDzENMAsGA1UEAwwEdDI5MDATpBEw +-DzENMAsGA1UEAwwEdDI5MTATpBEwDzENMAsGA1UEAwwEdDI5MjATpBEwDzENMAsG +-A1UEAwwEdDI5MzATpBEwDzENMAsGA1UEAwwEdDI5NDATpBEwDzENMAsGA1UEAwwE +-dDI5NTATpBEwDzENMAsGA1UEAwwEdDI5NjATpBEwDzENMAsGA1UEAwwEdDI5NzAT +-pBEwDzENMAsGA1UEAwwEdDI5ODATpBEwDzENMAsGA1UEAwwEdDI5OTATpBEwDzEN +-MAsGA1UEAwwEdDMwMDATpBEwDzENMAsGA1UEAwwEdDMwMTATpBEwDzENMAsGA1UE +-AwwEdDMwMjATpBEwDzENMAsGA1UEAwwEdDMwMzATpBEwDzENMAsGA1UEAwwEdDMw +-NDATpBEwDzENMAsGA1UEAwwEdDMwNTATpBEwDzENMAsGA1UEAwwEdDMwNjATpBEw +-DzENMAsGA1UEAwwEdDMwNzATpBEwDzENMAsGA1UEAwwEdDMwODATpBEwDzENMAsG +-A1UEAwwEdDMwOTATpBEwDzENMAsGA1UEAwwEdDMxMDATpBEwDzENMAsGA1UEAwwE +-dDMxMTATpBEwDzENMAsGA1UEAwwEdDMxMjATpBEwDzENMAsGA1UEAwwEdDMxMzAT +-pBEwDzENMAsGA1UEAwwEdDMxNDATpBEwDzENMAsGA1UEAwwEdDMxNTATpBEwDzEN +-MAsGA1UEAwwEdDMxNjATpBEwDzENMAsGA1UEAwwEdDMxNzATpBEwDzENMAsGA1UE +-AwwEdDMxODATpBEwDzENMAsGA1UEAwwEdDMxOTATpBEwDzENMAsGA1UEAwwEdDMy +-MDATpBEwDzENMAsGA1UEAwwEdDMyMTATpBEwDzENMAsGA1UEAwwEdDMyMjATpBEw +-DzENMAsGA1UEAwwEdDMyMzATpBEwDzENMAsGA1UEAwwEdDMyNDATpBEwDzENMAsG +-A1UEAwwEdDMyNTATpBEwDzENMAsGA1UEAwwEdDMyNjATpBEwDzENMAsGA1UEAwwE +-dDMyNzATpBEwDzENMAsGA1UEAwwEdDMyODATpBEwDzENMAsGA1UEAwwEdDMyOTAT +-pBEwDzENMAsGA1UEAwwEdDMzMDATpBEwDzENMAsGA1UEAwwEdDMzMTATpBEwDzEN +-MAsGA1UEAwwEdDMzMjATpBEwDzENMAsGA1UEAwwEdDMzMzATpBEwDzENMAsGA1UE +-AwwEdDMzNDATpBEwDzENMAsGA1UEAwwEdDMzNTATpBEwDzENMAsGA1UEAwwEdDMz +-NjATpBEwDzENMAsGA1UEAwwEdDMzNzATpBEwDzENMAsGA1UEAwwEdDMzODATpBEw +-DzENMAsGA1UEAwwEdDMzOTATpBEwDzENMAsGA1UEAwwEdDM0MDATpBEwDzENMAsG +-A1UEAwwEdDM0MTATpBEwDzENMAsGA1UEAwwEdDM0MjATpBEwDzENMAsGA1UEAwwE +-dDM0MzATpBEwDzENMAsGA1UEAwwEdDM0NDATpBEwDzENMAsGA1UEAwwEdDM0NTAT +-pBEwDzENMAsGA1UEAwwEdDM0NjATpBEwDzENMAsGA1UEAwwEdDM0NzATpBEwDzEN +-MAsGA1UEAwwEdDM0ODATpBEwDzENMAsGA1UEAwwEdDM0OTATpBEwDzENMAsGA1UE +-AwwEdDM1MDATpBEwDzENMAsGA1UEAwwEdDM1MTATpBEwDzENMAsGA1UEAwwEdDM1 +-MjATpBEwDzENMAsGA1UEAwwEdDM1MzATpBEwDzENMAsGA1UEAwwEdDM1NDATpBEw +-DzENMAsGA1UEAwwEdDM1NTATpBEwDzENMAsGA1UEAwwEdDM1NjATpBEwDzENMAsG +-A1UEAwwEdDM1NzATpBEwDzENMAsGA1UEAwwEdDM1ODATpBEwDzENMAsGA1UEAwwE +-dDM1OTATpBEwDzENMAsGA1UEAwwEdDM2MDATpBEwDzENMAsGA1UEAwwEdDM2MTAT +-pBEwDzENMAsGA1UEAwwEdDM2MjATpBEwDzENMAsGA1UEAwwEdDM2MzATpBEwDzEN +-MAsGA1UEAwwEdDM2NDATpBEwDzENMAsGA1UEAwwEdDM2NTATpBEwDzENMAsGA1UE +-AwwEdDM2NjATpBEwDzENMAsGA1UEAwwEdDM2NzATpBEwDzENMAsGA1UEAwwEdDM2 +-ODATpBEwDzENMAsGA1UEAwwEdDM2OTATpBEwDzENMAsGA1UEAwwEdDM3MDATpBEw +-DzENMAsGA1UEAwwEdDM3MTATpBEwDzENMAsGA1UEAwwEdDM3MjATpBEwDzENMAsG +-A1UEAwwEdDM3MzATpBEwDzENMAsGA1UEAwwEdDM3NDATpBEwDzENMAsGA1UEAwwE +-dDM3NTATpBEwDzENMAsGA1UEAwwEdDM3NjATpBEwDzENMAsGA1UEAwwEdDM3NzAT +-pBEwDzENMAsGA1UEAwwEdDM3ODATpBEwDzENMAsGA1UEAwwEdDM3OTATpBEwDzEN +-MAsGA1UEAwwEdDM4MDATpBEwDzENMAsGA1UEAwwEdDM4MTATpBEwDzENMAsGA1UE +-AwwEdDM4MjATpBEwDzENMAsGA1UEAwwEdDM4MzATpBEwDzENMAsGA1UEAwwEdDM4 +-NDATpBEwDzENMAsGA1UEAwwEdDM4NTATpBEwDzENMAsGA1UEAwwEdDM4NjATpBEw +-DzENMAsGA1UEAwwEdDM4NzATpBEwDzENMAsGA1UEAwwEdDM4ODATpBEwDzENMAsG +-A1UEAwwEdDM4OTATpBEwDzENMAsGA1UEAwwEdDM5MDATpBEwDzENMAsGA1UEAwwE +-dDM5MTATpBEwDzENMAsGA1UEAwwEdDM5MjATpBEwDzENMAsGA1UEAwwEdDM5MzAT +-pBEwDzENMAsGA1UEAwwEdDM5NDATpBEwDzENMAsGA1UEAwwEdDM5NTATpBEwDzEN +-MAsGA1UEAwwEdDM5NjATpBEwDzENMAsGA1UEAwwEdDM5NzATpBEwDzENMAsGA1UE +-AwwEdDM5ODATpBEwDzENMAsGA1UEAwwEdDM5OTATpBEwDzENMAsGA1UEAwwEdDQw +-MDATpBEwDzENMAsGA1UEAwwEdDQwMTATpBEwDzENMAsGA1UEAwwEdDQwMjATpBEw +-DzENMAsGA1UEAwwEdDQwMzATpBEwDzENMAsGA1UEAwwEdDQwNDATpBEwDzENMAsG +-A1UEAwwEdDQwNTATpBEwDzENMAsGA1UEAwwEdDQwNjATpBEwDzENMAsGA1UEAwwE +-dDQwNzATpBEwDzENMAsGA1UEAwwEdDQwODATpBEwDzENMAsGA1UEAwwEdDQwOTAT +-pBEwDzENMAsGA1UEAwwEdDQxMDATpBEwDzENMAsGA1UEAwwEdDQxMTATpBEwDzEN +-MAsGA1UEAwwEdDQxMjATpBEwDzENMAsGA1UEAwwEdDQxMzATpBEwDzENMAsGA1UE +-AwwEdDQxNDATpBEwDzENMAsGA1UEAwwEdDQxNTATpBEwDzENMAsGA1UEAwwEdDQx +-NjATpBEwDzENMAsGA1UEAwwEdDQxNzATpBEwDzENMAsGA1UEAwwEdDQxODATpBEw +-DzENMAsGA1UEAwwEdDQxOTATpBEwDzENMAsGA1UEAwwEdDQyMDATpBEwDzENMAsG +-A1UEAwwEdDQyMTATpBEwDzENMAsGA1UEAwwEdDQyMjATpBEwDzENMAsGA1UEAwwE +-dDQyMzATpBEwDzENMAsGA1UEAwwEdDQyNDATpBEwDzENMAsGA1UEAwwEdDQyNTAT +-pBEwDzENMAsGA1UEAwwEdDQyNjATpBEwDzENMAsGA1UEAwwEdDQyNzATpBEwDzEN +-MAsGA1UEAwwEdDQyODATpBEwDzENMAsGA1UEAwwEdDQyOTATpBEwDzENMAsGA1UE +-AwwEdDQzMDATpBEwDzENMAsGA1UEAwwEdDQzMTATpBEwDzENMAsGA1UEAwwEdDQz +-MjATpBEwDzENMAsGA1UEAwwEdDQzMzATpBEwDzENMAsGA1UEAwwEdDQzNDATpBEw +-DzENMAsGA1UEAwwEdDQzNTATpBEwDzENMAsGA1UEAwwEdDQzNjATpBEwDzENMAsG +-A1UEAwwEdDQzNzATpBEwDzENMAsGA1UEAwwEdDQzODATpBEwDzENMAsGA1UEAwwE +-dDQzOTATpBEwDzENMAsGA1UEAwwEdDQ0MDATpBEwDzENMAsGA1UEAwwEdDQ0MTAT +-pBEwDzENMAsGA1UEAwwEdDQ0MjATpBEwDzENMAsGA1UEAwwEdDQ0MzATpBEwDzEN +-MAsGA1UEAwwEdDQ0NDATpBEwDzENMAsGA1UEAwwEdDQ0NTATpBEwDzENMAsGA1UE +-AwwEdDQ0NjATpBEwDzENMAsGA1UEAwwEdDQ0NzATpBEwDzENMAsGA1UEAwwEdDQ0 +-ODATpBEwDzENMAsGA1UEAwwEdDQ0OTATpBEwDzENMAsGA1UEAwwEdDQ1MDATpBEw +-DzENMAsGA1UEAwwEdDQ1MTATpBEwDzENMAsGA1UEAwwEdDQ1MjATpBEwDzENMAsG +-A1UEAwwEdDQ1MzATpBEwDzENMAsGA1UEAwwEdDQ1NDATpBEwDzENMAsGA1UEAwwE +-dDQ1NTATpBEwDzENMAsGA1UEAwwEdDQ1NjATpBEwDzENMAsGA1UEAwwEdDQ1NzAT +-pBEwDzENMAsGA1UEAwwEdDQ1ODATpBEwDzENMAsGA1UEAwwEdDQ1OTATpBEwDzEN +-MAsGA1UEAwwEdDQ2MDATpBEwDzENMAsGA1UEAwwEdDQ2MTATpBEwDzENMAsGA1UE +-AwwEdDQ2MjATpBEwDzENMAsGA1UEAwwEdDQ2MzATpBEwDzENMAsGA1UEAwwEdDQ2 +-NDATpBEwDzENMAsGA1UEAwwEdDQ2NTATpBEwDzENMAsGA1UEAwwEdDQ2NjATpBEw +-DzENMAsGA1UEAwwEdDQ2NzATpBEwDzENMAsGA1UEAwwEdDQ2ODATpBEwDzENMAsG +-A1UEAwwEdDQ2OTATpBEwDzENMAsGA1UEAwwEdDQ3MDATpBEwDzENMAsGA1UEAwwE +-dDQ3MTATpBEwDzENMAsGA1UEAwwEdDQ3MjATpBEwDzENMAsGA1UEAwwEdDQ3MzAT +-pBEwDzENMAsGA1UEAwwEdDQ3NDATpBEwDzENMAsGA1UEAwwEdDQ3NTATpBEwDzEN +-MAsGA1UEAwwEdDQ3NjATpBEwDzENMAsGA1UEAwwEdDQ3NzATpBEwDzENMAsGA1UE +-AwwEdDQ3ODATpBEwDzENMAsGA1UEAwwEdDQ3OTATpBEwDzENMAsGA1UEAwwEdDQ4 +-MDATpBEwDzENMAsGA1UEAwwEdDQ4MTATpBEwDzENMAsGA1UEAwwEdDQ4MjATpBEw +-DzENMAsGA1UEAwwEdDQ4MzATpBEwDzENMAsGA1UEAwwEdDQ4NDATpBEwDzENMAsG +-A1UEAwwEdDQ4NTATpBEwDzENMAsGA1UEAwwEdDQ4NjATpBEwDzENMAsGA1UEAwwE +-dDQ4NzATpBEwDzENMAsGA1UEAwwEdDQ4ODATpBEwDzENMAsGA1UEAwwEdDQ4OTAT +-pBEwDzENMAsGA1UEAwwEdDQ5MDATpBEwDzENMAsGA1UEAwwEdDQ5MTATpBEwDzEN +-MAsGA1UEAwwEdDQ5MjATpBEwDzENMAsGA1UEAwwEdDQ5MzATpBEwDzENMAsGA1UE +-AwwEdDQ5NDATpBEwDzENMAsGA1UEAwwEdDQ5NTATpBEwDzENMAsGA1UEAwwEdDQ5 +-NjATpBEwDzENMAsGA1UEAwwEdDQ5NzATpBEwDzENMAsGA1UEAwwEdDQ5ODATpBEw +-DzENMAsGA1UEAwwEdDQ5OTATpBEwDzENMAsGA1UEAwwEdDUwMDATpBEwDzENMAsG +-A1UEAwwEdDUwMTATpBEwDzENMAsGA1UEAwwEdDUwMjATpBEwDzENMAsGA1UEAwwE +-dDUwMzATpBEwDzENMAsGA1UEAwwEdDUwNDATpBEwDzENMAsGA1UEAwwEdDUwNTAT +-pBEwDzENMAsGA1UEAwwEdDUwNjATpBEwDzENMAsGA1UEAwwEdDUwNzATpBEwDzEN +-MAsGA1UEAwwEdDUwODATpBEwDzENMAsGA1UEAwwEdDUwOTATpBEwDzENMAsGA1UE +-AwwEdDUxMDATpBEwDzENMAsGA1UEAwwEdDUxMTATpBEwDzENMAsGA1UEAwwEdDUx +-MjATpBEwDzENMAsGA1UEAwwEdDUxMzATpBEwDzENMAsGA1UEAwwEdDUxNDATpBEw +-DzENMAsGA1UEAwwEdDUxNTATpBEwDzENMAsGA1UEAwwEdDUxNjATpBEwDzENMAsG +-A1UEAwwEdDUxNzATpBEwDzENMAsGA1UEAwwEdDUxODATpBEwDzENMAsGA1UEAwwE +-dDUxOTATpBEwDzENMAsGA1UEAwwEdDUyMDATpBEwDzENMAsGA1UEAwwEdDUyMTAT +-pBEwDzENMAsGA1UEAwwEdDUyMjATpBEwDzENMAsGA1UEAwwEdDUyMzATpBEwDzEN +-MAsGA1UEAwwEdDUyNDATpBEwDzENMAsGA1UEAwwEdDUyNTATpBEwDzENMAsGA1UE +-AwwEdDUyNjATpBEwDzENMAsGA1UEAwwEdDUyNzATpBEwDzENMAsGA1UEAwwEdDUy +-ODATpBEwDzENMAsGA1UEAwwEdDUyOTATpBEwDzENMAsGA1UEAwwEdDUzMDATpBEw +-DzENMAsGA1UEAwwEdDUzMTATpBEwDzENMAsGA1UEAwwEdDUzMjATpBEwDzENMAsG +-A1UEAwwEdDUzMzATpBEwDzENMAsGA1UEAwwEdDUzNDATpBEwDzENMAsGA1UEAwwE +-dDUzNTATpBEwDzENMAsGA1UEAwwEdDUzNjATpBEwDzENMAsGA1UEAwwEdDUzNzAT +-pBEwDzENMAsGA1UEAwwEdDUzODATpBEwDzENMAsGA1UEAwwEdDUzOTATpBEwDzEN +-MAsGA1UEAwwEdDU0MDATpBEwDzENMAsGA1UEAwwEdDU0MTATpBEwDzENMAsGA1UE +-AwwEdDU0MjATpBEwDzENMAsGA1UEAwwEdDU0MzATpBEwDzENMAsGA1UEAwwEdDU0 +-NDATpBEwDzENMAsGA1UEAwwEdDU0NTATpBEwDzENMAsGA1UEAwwEdDU0NjATpBEw +-DzENMAsGA1UEAwwEdDU0NzATpBEwDzENMAsGA1UEAwwEdDU0ODATpBEwDzENMAsG +-A1UEAwwEdDU0OTATpBEwDzENMAsGA1UEAwwEdDU1MDATpBEwDzENMAsGA1UEAwwE +-dDU1MTATpBEwDzENMAsGA1UEAwwEdDU1MjATpBEwDzENMAsGA1UEAwwEdDU1MzAT +-pBEwDzENMAsGA1UEAwwEdDU1NDATpBEwDzENMAsGA1UEAwwEdDU1NTATpBEwDzEN +-MAsGA1UEAwwEdDU1NjATpBEwDzENMAsGA1UEAwwEdDU1NzATpBEwDzENMAsGA1UE +-AwwEdDU1ODATpBEwDzENMAsGA1UEAwwEdDU1OTATpBEwDzENMAsGA1UEAwwEdDU2 +-MDATpBEwDzENMAsGA1UEAwwEdDU2MTATpBEwDzENMAsGA1UEAwwEdDU2MjATpBEw +-DzENMAsGA1UEAwwEdDU2MzATpBEwDzENMAsGA1UEAwwEdDU2NDATpBEwDzENMAsG +-A1UEAwwEdDU2NTATpBEwDzENMAsGA1UEAwwEdDU2NjATpBEwDzENMAsGA1UEAwwE +-dDU2NzATpBEwDzENMAsGA1UEAwwEdDU2ODATpBEwDzENMAsGA1UEAwwEdDU2OTAT +-pBEwDzENMAsGA1UEAwwEdDU3MDATpBEwDzENMAsGA1UEAwwEdDU3MTATpBEwDzEN +-MAsGA1UEAwwEdDU3MjATpBEwDzENMAsGA1UEAwwEdDU3MzATpBEwDzENMAsGA1UE +-AwwEdDU3NDATpBEwDzENMAsGA1UEAwwEdDU3NTATpBEwDzENMAsGA1UEAwwEdDU3 +-NjATpBEwDzENMAsGA1UEAwwEdDU3NzATpBEwDzENMAsGA1UEAwwEdDU3ODATpBEw +-DzENMAsGA1UEAwwEdDU3OTATpBEwDzENMAsGA1UEAwwEdDU4MDATpBEwDzENMAsG +-A1UEAwwEdDU4MTATpBEwDzENMAsGA1UEAwwEdDU4MjATpBEwDzENMAsGA1UEAwwE +-dDU4MzATpBEwDzENMAsGA1UEAwwEdDU4NDATpBEwDzENMAsGA1UEAwwEdDU4NTAT +-pBEwDzENMAsGA1UEAwwEdDU4NjATpBEwDzENMAsGA1UEAwwEdDU4NzATpBEwDzEN +-MAsGA1UEAwwEdDU4ODATpBEwDzENMAsGA1UEAwwEdDU4OTATpBEwDzENMAsGA1UE +-AwwEdDU5MDATpBEwDzENMAsGA1UEAwwEdDU5MTATpBEwDzENMAsGA1UEAwwEdDU5 +-MjATpBEwDzENMAsGA1UEAwwEdDU5MzATpBEwDzENMAsGA1UEAwwEdDU5NDATpBEw +-DzENMAsGA1UEAwwEdDU5NTATpBEwDzENMAsGA1UEAwwEdDU5NjATpBEwDzENMAsG +-A1UEAwwEdDU5NzATpBEwDzENMAsGA1UEAwwEdDU5ODATpBEwDzENMAsGA1UEAwwE +-dDU5OTATpBEwDzENMAsGA1UEAwwEdDYwMDATpBEwDzENMAsGA1UEAwwEdDYwMTAT +-pBEwDzENMAsGA1UEAwwEdDYwMjATpBEwDzENMAsGA1UEAwwEdDYwMzATpBEwDzEN +-MAsGA1UEAwwEdDYwNDATpBEwDzENMAsGA1UEAwwEdDYwNTATpBEwDzENMAsGA1UE +-AwwEdDYwNjATpBEwDzENMAsGA1UEAwwEdDYwNzATpBEwDzENMAsGA1UEAwwEdDYw +-ODATpBEwDzENMAsGA1UEAwwEdDYwOTATpBEwDzENMAsGA1UEAwwEdDYxMDATpBEw +-DzENMAsGA1UEAwwEdDYxMTATpBEwDzENMAsGA1UEAwwEdDYxMjATpBEwDzENMAsG +-A1UEAwwEdDYxMzATpBEwDzENMAsGA1UEAwwEdDYxNDATpBEwDzENMAsGA1UEAwwE +-dDYxNTATpBEwDzENMAsGA1UEAwwEdDYxNjATpBEwDzENMAsGA1UEAwwEdDYxNzAT +-pBEwDzENMAsGA1UEAwwEdDYxODATpBEwDzENMAsGA1UEAwwEdDYxOTATpBEwDzEN +-MAsGA1UEAwwEdDYyMDATpBEwDzENMAsGA1UEAwwEdDYyMTATpBEwDzENMAsGA1UE +-AwwEdDYyMjATpBEwDzENMAsGA1UEAwwEdDYyMzATpBEwDzENMAsGA1UEAwwEdDYy +-NDATpBEwDzENMAsGA1UEAwwEdDYyNTATpBEwDzENMAsGA1UEAwwEdDYyNjATpBEw +-DzENMAsGA1UEAwwEdDYyNzATpBEwDzENMAsGA1UEAwwEdDYyODATpBEwDzENMAsG +-A1UEAwwEdDYyOTATpBEwDzENMAsGA1UEAwwEdDYzMDATpBEwDzENMAsGA1UEAwwE +-dDYzMTATpBEwDzENMAsGA1UEAwwEdDYzMjATpBEwDzENMAsGA1UEAwwEdDYzMzAT +-pBEwDzENMAsGA1UEAwwEdDYzNDATpBEwDzENMAsGA1UEAwwEdDYzNTATpBEwDzEN +-MAsGA1UEAwwEdDYzNjATpBEwDzENMAsGA1UEAwwEdDYzNzATpBEwDzENMAsGA1UE +-AwwEdDYzODATpBEwDzENMAsGA1UEAwwEdDYzOTATpBEwDzENMAsGA1UEAwwEdDY0 +-MDATpBEwDzENMAsGA1UEAwwEdDY0MTATpBEwDzENMAsGA1UEAwwEdDY0MjATpBEw +-DzENMAsGA1UEAwwEdDY0MzATpBEwDzENMAsGA1UEAwwEdDY0NDATpBEwDzENMAsG +-A1UEAwwEdDY0NTATpBEwDzENMAsGA1UEAwwEdDY0NjATpBEwDzENMAsGA1UEAwwE +-dDY0NzATpBEwDzENMAsGA1UEAwwEdDY0ODATpBEwDzENMAsGA1UEAwwEdDY0OTAT +-pBEwDzENMAsGA1UEAwwEdDY1MDATpBEwDzENMAsGA1UEAwwEdDY1MTATpBEwDzEN +-MAsGA1UEAwwEdDY1MjATpBEwDzENMAsGA1UEAwwEdDY1MzATpBEwDzENMAsGA1UE +-AwwEdDY1NDATpBEwDzENMAsGA1UEAwwEdDY1NTATpBEwDzENMAsGA1UEAwwEdDY1 +-NjATpBEwDzENMAsGA1UEAwwEdDY1NzATpBEwDzENMAsGA1UEAwwEdDY1ODATpBEw +-DzENMAsGA1UEAwwEdDY1OTATpBEwDzENMAsGA1UEAwwEdDY2MDATpBEwDzENMAsG +-A1UEAwwEdDY2MTATpBEwDzENMAsGA1UEAwwEdDY2MjATpBEwDzENMAsGA1UEAwwE +-dDY2MzATpBEwDzENMAsGA1UEAwwEdDY2NDATpBEwDzENMAsGA1UEAwwEdDY2NTAT +-pBEwDzENMAsGA1UEAwwEdDY2NjATpBEwDzENMAsGA1UEAwwEdDY2NzATpBEwDzEN +-MAsGA1UEAwwEdDY2ODATpBEwDzENMAsGA1UEAwwEdDY2OTATpBEwDzENMAsGA1UE +-AwwEdDY3MDATpBEwDzENMAsGA1UEAwwEdDY3MTATpBEwDzENMAsGA1UEAwwEdDY3 +-MjATpBEwDzENMAsGA1UEAwwEdDY3MzATpBEwDzENMAsGA1UEAwwEdDY3NDATpBEw +-DzENMAsGA1UEAwwEdDY3NTATpBEwDzENMAsGA1UEAwwEdDY3NjATpBEwDzENMAsG +-A1UEAwwEdDY3NzATpBEwDzENMAsGA1UEAwwEdDY3ODATpBEwDzENMAsGA1UEAwwE +-dDY3OTATpBEwDzENMAsGA1UEAwwEdDY4MDATpBEwDzENMAsGA1UEAwwEdDY4MTAT +-pBEwDzENMAsGA1UEAwwEdDY4MjATpBEwDzENMAsGA1UEAwwEdDY4MzATpBEwDzEN +-MAsGA1UEAwwEdDY4NDATpBEwDzENMAsGA1UEAwwEdDY4NTATpBEwDzENMAsGA1UE +-AwwEdDY4NjATpBEwDzENMAsGA1UEAwwEdDY4NzATpBEwDzENMAsGA1UEAwwEdDY4 +-ODATpBEwDzENMAsGA1UEAwwEdDY4OTATpBEwDzENMAsGA1UEAwwEdDY5MDATpBEw +-DzENMAsGA1UEAwwEdDY5MTATpBEwDzENMAsGA1UEAwwEdDY5MjATpBEwDzENMAsG +-A1UEAwwEdDY5MzATpBEwDzENMAsGA1UEAwwEdDY5NDATpBEwDzENMAsGA1UEAwwE +-dDY5NTATpBEwDzENMAsGA1UEAwwEdDY5NjATpBEwDzENMAsGA1UEAwwEdDY5NzAT +-pBEwDzENMAsGA1UEAwwEdDY5ODATpBEwDzENMAsGA1UEAwwEdDY5OTATpBEwDzEN +-MAsGA1UEAwwEdDcwMDATpBEwDzENMAsGA1UEAwwEdDcwMTATpBEwDzENMAsGA1UE +-AwwEdDcwMjATpBEwDzENMAsGA1UEAwwEdDcwMzATpBEwDzENMAsGA1UEAwwEdDcw +-NDATpBEwDzENMAsGA1UEAwwEdDcwNTATpBEwDzENMAsGA1UEAwwEdDcwNjATpBEw +-DzENMAsGA1UEAwwEdDcwNzATpBEwDzENMAsGA1UEAwwEdDcwODATpBEwDzENMAsG +-A1UEAwwEdDcwOTATpBEwDzENMAsGA1UEAwwEdDcxMDATpBEwDzENMAsGA1UEAwwE +-dDcxMTATpBEwDzENMAsGA1UEAwwEdDcxMjATpBEwDzENMAsGA1UEAwwEdDcxMzAT +-pBEwDzENMAsGA1UEAwwEdDcxNDATpBEwDzENMAsGA1UEAwwEdDcxNTATpBEwDzEN +-MAsGA1UEAwwEdDcxNjATpBEwDzENMAsGA1UEAwwEdDcxNzATpBEwDzENMAsGA1UE +-AwwEdDcxODATpBEwDzENMAsGA1UEAwwEdDcxOTATpBEwDzENMAsGA1UEAwwEdDcy +-MDATpBEwDzENMAsGA1UEAwwEdDcyMTATpBEwDzENMAsGA1UEAwwEdDcyMjATpBEw +-DzENMAsGA1UEAwwEdDcyMzATpBEwDzENMAsGA1UEAwwEdDcyNDATpBEwDzENMAsG +-A1UEAwwEdDcyNTATpBEwDzENMAsGA1UEAwwEdDcyNjATpBEwDzENMAsGA1UEAwwE +-dDcyNzATpBEwDzENMAsGA1UEAwwEdDcyODATpBEwDzENMAsGA1UEAwwEdDcyOTAT +-pBEwDzENMAsGA1UEAwwEdDczMDATpBEwDzENMAsGA1UEAwwEdDczMTATpBEwDzEN +-MAsGA1UEAwwEdDczMjATpBEwDzENMAsGA1UEAwwEdDczMzATpBEwDzENMAsGA1UE +-AwwEdDczNDATpBEwDzENMAsGA1UEAwwEdDczNTATpBEwDzENMAsGA1UEAwwEdDcz +-NjATpBEwDzENMAsGA1UEAwwEdDczNzATpBEwDzENMAsGA1UEAwwEdDczODATpBEw +-DzENMAsGA1UEAwwEdDczOTATpBEwDzENMAsGA1UEAwwEdDc0MDATpBEwDzENMAsG +-A1UEAwwEdDc0MTATpBEwDzENMAsGA1UEAwwEdDc0MjATpBEwDzENMAsGA1UEAwwE +-dDc0MzATpBEwDzENMAsGA1UEAwwEdDc0NDATpBEwDzENMAsGA1UEAwwEdDc0NTAT +-pBEwDzENMAsGA1UEAwwEdDc0NjATpBEwDzENMAsGA1UEAwwEdDc0NzATpBEwDzEN +-MAsGA1UEAwwEdDc0ODATpBEwDzENMAsGA1UEAwwEdDc0OTATpBEwDzENMAsGA1UE +-AwwEdDc1MDATpBEwDzENMAsGA1UEAwwEdDc1MTATpBEwDzENMAsGA1UEAwwEdDc1 +-MjATpBEwDzENMAsGA1UEAwwEdDc1MzATpBEwDzENMAsGA1UEAwwEdDc1NDATpBEw +-DzENMAsGA1UEAwwEdDc1NTATpBEwDzENMAsGA1UEAwwEdDc1NjATpBEwDzENMAsG +-A1UEAwwEdDc1NzATpBEwDzENMAsGA1UEAwwEdDc1ODATpBEwDzENMAsGA1UEAwwE +-dDc1OTATpBEwDzENMAsGA1UEAwwEdDc2MDATpBEwDzENMAsGA1UEAwwEdDc2MTAT +-pBEwDzENMAsGA1UEAwwEdDc2MjATpBEwDzENMAsGA1UEAwwEdDc2MzATpBEwDzEN +-MAsGA1UEAwwEdDc2NDATpBEwDzENMAsGA1UEAwwEdDc2NTATpBEwDzENMAsGA1UE +-AwwEdDc2NjATpBEwDzENMAsGA1UEAwwEdDc2NzATpBEwDzENMAsGA1UEAwwEdDc2 +-ODATpBEwDzENMAsGA1UEAwwEdDc2OTATpBEwDzENMAsGA1UEAwwEdDc3MDATpBEw +-DzENMAsGA1UEAwwEdDc3MTATpBEwDzENMAsGA1UEAwwEdDc3MjATpBEwDzENMAsG +-A1UEAwwEdDc3MzATpBEwDzENMAsGA1UEAwwEdDc3NDATpBEwDzENMAsGA1UEAwwE +-dDc3NTATpBEwDzENMAsGA1UEAwwEdDc3NjATpBEwDzENMAsGA1UEAwwEdDc3NzAT +-pBEwDzENMAsGA1UEAwwEdDc3ODATpBEwDzENMAsGA1UEAwwEdDc3OTATpBEwDzEN +-MAsGA1UEAwwEdDc4MDATpBEwDzENMAsGA1UEAwwEdDc4MTATpBEwDzENMAsGA1UE +-AwwEdDc4MjATpBEwDzENMAsGA1UEAwwEdDc4MzATpBEwDzENMAsGA1UEAwwEdDc4 +-NDATpBEwDzENMAsGA1UEAwwEdDc4NTATpBEwDzENMAsGA1UEAwwEdDc4NjATpBEw +-DzENMAsGA1UEAwwEdDc4NzATpBEwDzENMAsGA1UEAwwEdDc4ODATpBEwDzENMAsG +-A1UEAwwEdDc4OTATpBEwDzENMAsGA1UEAwwEdDc5MDATpBEwDzENMAsGA1UEAwwE +-dDc5MTATpBEwDzENMAsGA1UEAwwEdDc5MjATpBEwDzENMAsGA1UEAwwEdDc5MzAT +-pBEwDzENMAsGA1UEAwwEdDc5NDATpBEwDzENMAsGA1UEAwwEdDc5NTATpBEwDzEN +-MAsGA1UEAwwEdDc5NjATpBEwDzENMAsGA1UEAwwEdDc5NzATpBEwDzENMAsGA1UE +-AwwEdDc5ODATpBEwDzENMAsGA1UEAwwEdDc5OTATpBEwDzENMAsGA1UEAwwEdDgw +-MDATpBEwDzENMAsGA1UEAwwEdDgwMTATpBEwDzENMAsGA1UEAwwEdDgwMjATpBEw +-DzENMAsGA1UEAwwEdDgwMzATpBEwDzENMAsGA1UEAwwEdDgwNDATpBEwDzENMAsG +-A1UEAwwEdDgwNTATpBEwDzENMAsGA1UEAwwEdDgwNjATpBEwDzENMAsGA1UEAwwE +-dDgwNzATpBEwDzENMAsGA1UEAwwEdDgwODATpBEwDzENMAsGA1UEAwwEdDgwOTAT +-pBEwDzENMAsGA1UEAwwEdDgxMDATpBEwDzENMAsGA1UEAwwEdDgxMTATpBEwDzEN +-MAsGA1UEAwwEdDgxMjATpBEwDzENMAsGA1UEAwwEdDgxMzATpBEwDzENMAsGA1UE +-AwwEdDgxNDATpBEwDzENMAsGA1UEAwwEdDgxNTATpBEwDzENMAsGA1UEAwwEdDgx +-NjATpBEwDzENMAsGA1UEAwwEdDgxNzATpBEwDzENMAsGA1UEAwwEdDgxODATpBEw +-DzENMAsGA1UEAwwEdDgxOTATpBEwDzENMAsGA1UEAwwEdDgyMDATpBEwDzENMAsG +-A1UEAwwEdDgyMTATpBEwDzENMAsGA1UEAwwEdDgyMjATpBEwDzENMAsGA1UEAwwE +-dDgyMzATpBEwDzENMAsGA1UEAwwEdDgyNDATpBEwDzENMAsGA1UEAwwEdDgyNTAT +-pBEwDzENMAsGA1UEAwwEdDgyNjATpBEwDzENMAsGA1UEAwwEdDgyNzATpBEwDzEN +-MAsGA1UEAwwEdDgyODATpBEwDzENMAsGA1UEAwwEdDgyOTATpBEwDzENMAsGA1UE +-AwwEdDgzMDATpBEwDzENMAsGA1UEAwwEdDgzMTATpBEwDzENMAsGA1UEAwwEdDgz +-MjATpBEwDzENMAsGA1UEAwwEdDgzMzATpBEwDzENMAsGA1UEAwwEdDgzNDATpBEw +-DzENMAsGA1UEAwwEdDgzNTATpBEwDzENMAsGA1UEAwwEdDgzNjATpBEwDzENMAsG +-A1UEAwwEdDgzNzATpBEwDzENMAsGA1UEAwwEdDgzODATpBEwDzENMAsGA1UEAwwE +-dDgzOTATpBEwDzENMAsGA1UEAwwEdDg0MDATpBEwDzENMAsGA1UEAwwEdDg0MTAT +-pBEwDzENMAsGA1UEAwwEdDg0MjATpBEwDzENMAsGA1UEAwwEdDg0MzATpBEwDzEN +-MAsGA1UEAwwEdDg0NDATpBEwDzENMAsGA1UEAwwEdDg0NTATpBEwDzENMAsGA1UE +-AwwEdDg0NjATpBEwDzENMAsGA1UEAwwEdDg0NzATpBEwDzENMAsGA1UEAwwEdDg0 +-ODATpBEwDzENMAsGA1UEAwwEdDg0OTATpBEwDzENMAsGA1UEAwwEdDg1MDATpBEw +-DzENMAsGA1UEAwwEdDg1MTATpBEwDzENMAsGA1UEAwwEdDg1MjATpBEwDzENMAsG +-A1UEAwwEdDg1MzATpBEwDzENMAsGA1UEAwwEdDg1NDATpBEwDzENMAsGA1UEAwwE +-dDg1NTATpBEwDzENMAsGA1UEAwwEdDg1NjATpBEwDzENMAsGA1UEAwwEdDg1NzAT +-pBEwDzENMAsGA1UEAwwEdDg1ODATpBEwDzENMAsGA1UEAwwEdDg1OTATpBEwDzEN +-MAsGA1UEAwwEdDg2MDATpBEwDzENMAsGA1UEAwwEdDg2MTATpBEwDzENMAsGA1UE +-AwwEdDg2MjATpBEwDzENMAsGA1UEAwwEdDg2MzATpBEwDzENMAsGA1UEAwwEdDg2 +-NDATpBEwDzENMAsGA1UEAwwEdDg2NTATpBEwDzENMAsGA1UEAwwEdDg2NjATpBEw +-DzENMAsGA1UEAwwEdDg2NzATpBEwDzENMAsGA1UEAwwEdDg2ODATpBEwDzENMAsG +-A1UEAwwEdDg2OTATpBEwDzENMAsGA1UEAwwEdDg3MDATpBEwDzENMAsGA1UEAwwE +-dDg3MTATpBEwDzENMAsGA1UEAwwEdDg3MjATpBEwDzENMAsGA1UEAwwEdDg3MzAT +-pBEwDzENMAsGA1UEAwwEdDg3NDATpBEwDzENMAsGA1UEAwwEdDg3NTATpBEwDzEN +-MAsGA1UEAwwEdDg3NjATpBEwDzENMAsGA1UEAwwEdDg3NzATpBEwDzENMAsGA1UE +-AwwEdDg3ODATpBEwDzENMAsGA1UEAwwEdDg3OTATpBEwDzENMAsGA1UEAwwEdDg4 +-MDATpBEwDzENMAsGA1UEAwwEdDg4MTATpBEwDzENMAsGA1UEAwwEdDg4MjATpBEw +-DzENMAsGA1UEAwwEdDg4MzATpBEwDzENMAsGA1UEAwwEdDg4NDATpBEwDzENMAsG +-A1UEAwwEdDg4NTATpBEwDzENMAsGA1UEAwwEdDg4NjATpBEwDzENMAsGA1UEAwwE +-dDg4NzATpBEwDzENMAsGA1UEAwwEdDg4ODATpBEwDzENMAsGA1UEAwwEdDg4OTAT +-pBEwDzENMAsGA1UEAwwEdDg5MDATpBEwDzENMAsGA1UEAwwEdDg5MTATpBEwDzEN +-MAsGA1UEAwwEdDg5MjATpBEwDzENMAsGA1UEAwwEdDg5MzATpBEwDzENMAsGA1UE +-AwwEdDg5NDATpBEwDzENMAsGA1UEAwwEdDg5NTATpBEwDzENMAsGA1UEAwwEdDg5 +-NjATpBEwDzENMAsGA1UEAwwEdDg5NzATpBEwDzENMAsGA1UEAwwEdDg5ODATpBEw +-DzENMAsGA1UEAwwEdDg5OTATpBEwDzENMAsGA1UEAwwEdDkwMDATpBEwDzENMAsG +-A1UEAwwEdDkwMTATpBEwDzENMAsGA1UEAwwEdDkwMjATpBEwDzENMAsGA1UEAwwE +-dDkwMzATpBEwDzENMAsGA1UEAwwEdDkwNDATpBEwDzENMAsGA1UEAwwEdDkwNTAT +-pBEwDzENMAsGA1UEAwwEdDkwNjATpBEwDzENMAsGA1UEAwwEdDkwNzATpBEwDzEN +-MAsGA1UEAwwEdDkwODATpBEwDzENMAsGA1UEAwwEdDkwOTATpBEwDzENMAsGA1UE +-AwwEdDkxMDATpBEwDzENMAsGA1UEAwwEdDkxMTATpBEwDzENMAsGA1UEAwwEdDkx +-MjATpBEwDzENMAsGA1UEAwwEdDkxMzATpBEwDzENMAsGA1UEAwwEdDkxNDATpBEw +-DzENMAsGA1UEAwwEdDkxNTATpBEwDzENMAsGA1UEAwwEdDkxNjATpBEwDzENMAsG +-A1UEAwwEdDkxNzATpBEwDzENMAsGA1UEAwwEdDkxODATpBEwDzENMAsGA1UEAwwE +-dDkxOTATpBEwDzENMAsGA1UEAwwEdDkyMDATpBEwDzENMAsGA1UEAwwEdDkyMTAT +-pBEwDzENMAsGA1UEAwwEdDkyMjATpBEwDzENMAsGA1UEAwwEdDkyMzATpBEwDzEN +-MAsGA1UEAwwEdDkyNDATpBEwDzENMAsGA1UEAwwEdDkyNTATpBEwDzENMAsGA1UE +-AwwEdDkyNjATpBEwDzENMAsGA1UEAwwEdDkyNzATpBEwDzENMAsGA1UEAwwEdDky +-ODATpBEwDzENMAsGA1UEAwwEdDkyOTATpBEwDzENMAsGA1UEAwwEdDkzMDATpBEw +-DzENMAsGA1UEAwwEdDkzMTATpBEwDzENMAsGA1UEAwwEdDkzMjATpBEwDzENMAsG +-A1UEAwwEdDkzMzATpBEwDzENMAsGA1UEAwwEdDkzNDATpBEwDzENMAsGA1UEAwwE +-dDkzNTATpBEwDzENMAsGA1UEAwwEdDkzNjATpBEwDzENMAsGA1UEAwwEdDkzNzAT +-pBEwDzENMAsGA1UEAwwEdDkzODATpBEwDzENMAsGA1UEAwwEdDkzOTATpBEwDzEN +-MAsGA1UEAwwEdDk0MDATpBEwDzENMAsGA1UEAwwEdDk0MTATpBEwDzENMAsGA1UE +-AwwEdDk0MjATpBEwDzENMAsGA1UEAwwEdDk0MzATpBEwDzENMAsGA1UEAwwEdDk0 +-NDATpBEwDzENMAsGA1UEAwwEdDk0NTATpBEwDzENMAsGA1UEAwwEdDk0NjATpBEw +-DzENMAsGA1UEAwwEdDk0NzATpBEwDzENMAsGA1UEAwwEdDk0ODATpBEwDzENMAsG +-A1UEAwwEdDk0OTATpBEwDzENMAsGA1UEAwwEdDk1MDATpBEwDzENMAsGA1UEAwwE +-dDk1MTATpBEwDzENMAsGA1UEAwwEdDk1MjATpBEwDzENMAsGA1UEAwwEdDk1MzAT +-pBEwDzENMAsGA1UEAwwEdDk1NDATpBEwDzENMAsGA1UEAwwEdDk1NTATpBEwDzEN +-MAsGA1UEAwwEdDk1NjATpBEwDzENMAsGA1UEAwwEdDk1NzATpBEwDzENMAsGA1UE +-AwwEdDk1ODATpBEwDzENMAsGA1UEAwwEdDk1OTATpBEwDzENMAsGA1UEAwwEdDk2 +-MDATpBEwDzENMAsGA1UEAwwEdDk2MTATpBEwDzENMAsGA1UEAwwEdDk2MjATpBEw +-DzENMAsGA1UEAwwEdDk2MzATpBEwDzENMAsGA1UEAwwEdDk2NDATpBEwDzENMAsG +-A1UEAwwEdDk2NTATpBEwDzENMAsGA1UEAwwEdDk2NjATpBEwDzENMAsGA1UEAwwE +-dDk2NzATpBEwDzENMAsGA1UEAwwEdDk2ODATpBEwDzENMAsGA1UEAwwEdDk2OTAT +-pBEwDzENMAsGA1UEAwwEdDk3MDATpBEwDzENMAsGA1UEAwwEdDk3MTATpBEwDzEN +-MAsGA1UEAwwEdDk3MjATpBEwDzENMAsGA1UEAwwEdDk3MzATpBEwDzENMAsGA1UE +-AwwEdDk3NDATpBEwDzENMAsGA1UEAwwEdDk3NTATpBEwDzENMAsGA1UEAwwEdDk3 +-NjATpBEwDzENMAsGA1UEAwwEdDk3NzATpBEwDzENMAsGA1UEAwwEdDk3ODATpBEw +-DzENMAsGA1UEAwwEdDk3OTATpBEwDzENMAsGA1UEAwwEdDk4MDATpBEwDzENMAsG +-A1UEAwwEdDk4MTATpBEwDzENMAsGA1UEAwwEdDk4MjATpBEwDzENMAsGA1UEAwwE +-dDk4MzATpBEwDzENMAsGA1UEAwwEdDk4NDATpBEwDzENMAsGA1UEAwwEdDk4NTAT +-pBEwDzENMAsGA1UEAwwEdDk4NjATpBEwDzENMAsGA1UEAwwEdDk4NzATpBEwDzEN +-MAsGA1UEAwwEdDk4ODATpBEwDzENMAsGA1UEAwwEdDk4OTATpBEwDzENMAsGA1UE +-AwwEdDk5MDATpBEwDzENMAsGA1UEAwwEdDk5MTATpBEwDzENMAsGA1UEAwwEdDk5 +-MjATpBEwDzENMAsGA1UEAwwEdDk5MzATpBEwDzENMAsGA1UEAwwEdDk5NDATpBEw +-DzENMAsGA1UEAwwEdDk5NTATpBEwDzENMAsGA1UEAwwEdDk5NjATpBEwDzENMAsG +-A1UEAwwEdDk5NzATpBEwDzENMAsGA1UEAwwEdDk5ODATpBEwDzENMAsGA1UEAwwE +-dDk5OTAUpBIwEDEOMAwGA1UEAwwFdDEwMDAwFKQSMBAxDjAMBgNVBAMMBXQxMDAx +-MBSkEjAQMQ4wDAYDVQQDDAV0MTAwMjAUpBIwEDEOMAwGA1UEAwwFdDEwMDMwFKQS +-MBAxDjAMBgNVBAMMBXQxMDA0MBSkEjAQMQ4wDAYDVQQDDAV0MTAwNTAUpBIwEDEO +-MAwGA1UEAwwFdDEwMDYwFKQSMBAxDjAMBgNVBAMMBXQxMDA3MBSkEjAQMQ4wDAYD +-VQQDDAV0MTAwODAUpBIwEDEOMAwGA1UEAwwFdDEwMDkwFKQSMBAxDjAMBgNVBAMM +-BXQxMDEwMBSkEjAQMQ4wDAYDVQQDDAV0MTAxMTAUpBIwEDEOMAwGA1UEAwwFdDEw +-MTIwFKQSMBAxDjAMBgNVBAMMBXQxMDEzMBSkEjAQMQ4wDAYDVQQDDAV0MTAxNDAU +-pBIwEDEOMAwGA1UEAwwFdDEwMTUwFKQSMBAxDjAMBgNVBAMMBXQxMDE2MBSkEjAQ +-MQ4wDAYDVQQDDAV0MTAxNzAUpBIwEDEOMAwGA1UEAwwFdDEwMTgwFKQSMBAxDjAM +-BgNVBAMMBXQxMDE5MBSkEjAQMQ4wDAYDVQQDDAV0MTAyMDAUpBIwEDEOMAwGA1UE +-AwwFdDEwMjEwFKQSMBAxDjAMBgNVBAMMBXQxMDIyMBSkEjAQMQ4wDAYDVQQDDAV0 +-MTAyMzAUpBIwEDEOMAwGA1UEAwwFdDEwMjQwD4YNaHR0cDovL3Rlc3QvMDAPhg1o +-dHRwOi8vdGVzdC8xMA+GDWh0dHA6Ly90ZXN0LzIwD4YNaHR0cDovL3Rlc3QvMzAP +-hg1odHRwOi8vdGVzdC80MA+GDWh0dHA6Ly90ZXN0LzUwD4YNaHR0cDovL3Rlc3Qv +-NjAPhg1odHRwOi8vdGVzdC83MA+GDWh0dHA6Ly90ZXN0LzgwD4YNaHR0cDovL3Rl +-c3QvOTAQhg5odHRwOi8vdGVzdC8xMDAQhg5odHRwOi8vdGVzdC8xMTAQhg5odHRw +-Oi8vdGVzdC8xMjAQhg5odHRwOi8vdGVzdC8xMzAQhg5odHRwOi8vdGVzdC8xNDAQ +-hg5odHRwOi8vdGVzdC8xNTAQhg5odHRwOi8vdGVzdC8xNjAQhg5odHRwOi8vdGVz +-dC8xNzAQhg5odHRwOi8vdGVzdC8xODAQhg5odHRwOi8vdGVzdC8xOTAQhg5odHRw +-Oi8vdGVzdC8yMDAQhg5odHRwOi8vdGVzdC8yMTAQhg5odHRwOi8vdGVzdC8yMjAQ +-hg5odHRwOi8vdGVzdC8yMzAQhg5odHRwOi8vdGVzdC8yNDAQhg5odHRwOi8vdGVz +-dC8yNTAQhg5odHRwOi8vdGVzdC8yNjAQhg5odHRwOi8vdGVzdC8yNzAQhg5odHRw +-Oi8vdGVzdC8yODAQhg5odHRwOi8vdGVzdC8yOTAQhg5odHRwOi8vdGVzdC8zMDAQ +-hg5odHRwOi8vdGVzdC8zMTAQhg5odHRwOi8vdGVzdC8zMjAQhg5odHRwOi8vdGVz +-dC8zMzAQhg5odHRwOi8vdGVzdC8zNDAQhg5odHRwOi8vdGVzdC8zNTAQhg5odHRw +-Oi8vdGVzdC8zNjAQhg5odHRwOi8vdGVzdC8zNzAQhg5odHRwOi8vdGVzdC8zODAQ +-hg5odHRwOi8vdGVzdC8zOTAQhg5odHRwOi8vdGVzdC80MDAQhg5odHRwOi8vdGVz +-dC80MTAQhg5odHRwOi8vdGVzdC80MjAQhg5odHRwOi8vdGVzdC80MzAQhg5odHRw +-Oi8vdGVzdC80NDAQhg5odHRwOi8vdGVzdC80NTAQhg5odHRwOi8vdGVzdC80NjAQ +-hg5odHRwOi8vdGVzdC80NzAQhg5odHRwOi8vdGVzdC80ODAQhg5odHRwOi8vdGVz +-dC80OTAQhg5odHRwOi8vdGVzdC81MDAQhg5odHRwOi8vdGVzdC81MTAQhg5odHRw +-Oi8vdGVzdC81MjAQhg5odHRwOi8vdGVzdC81MzAQhg5odHRwOi8vdGVzdC81NDAQ +-hg5odHRwOi8vdGVzdC81NTAQhg5odHRwOi8vdGVzdC81NjAQhg5odHRwOi8vdGVz +-dC81NzAQhg5odHRwOi8vdGVzdC81ODAQhg5odHRwOi8vdGVzdC81OTAQhg5odHRw +-Oi8vdGVzdC82MDAQhg5odHRwOi8vdGVzdC82MTAQhg5odHRwOi8vdGVzdC82MjAQ +-hg5odHRwOi8vdGVzdC82MzAQhg5odHRwOi8vdGVzdC82NDAQhg5odHRwOi8vdGVz +-dC82NTAQhg5odHRwOi8vdGVzdC82NjAQhg5odHRwOi8vdGVzdC82NzAQhg5odHRw +-Oi8vdGVzdC82ODAQhg5odHRwOi8vdGVzdC82OTAQhg5odHRwOi8vdGVzdC83MDAQ +-hg5odHRwOi8vdGVzdC83MTAQhg5odHRwOi8vdGVzdC83MjAQhg5odHRwOi8vdGVz +-dC83MzAQhg5odHRwOi8vdGVzdC83NDAQhg5odHRwOi8vdGVzdC83NTAQhg5odHRw +-Oi8vdGVzdC83NjAQhg5odHRwOi8vdGVzdC83NzAQhg5odHRwOi8vdGVzdC83ODAQ +-hg5odHRwOi8vdGVzdC83OTAQhg5odHRwOi8vdGVzdC84MDAQhg5odHRwOi8vdGVz +-dC84MTAQhg5odHRwOi8vdGVzdC84MjAQhg5odHRwOi8vdGVzdC84MzAQhg5odHRw +-Oi8vdGVzdC84NDAQhg5odHRwOi8vdGVzdC84NTAQhg5odHRwOi8vdGVzdC84NjAQ +-hg5odHRwOi8vdGVzdC84NzAQhg5odHRwOi8vdGVzdC84ODAQhg5odHRwOi8vdGVz +-dC84OTAQhg5odHRwOi8vdGVzdC85MDAQhg5odHRwOi8vdGVzdC85MTAQhg5odHRw +-Oi8vdGVzdC85MjAQhg5odHRwOi8vdGVzdC85MzAQhg5odHRwOi8vdGVzdC85NDAQ +-hg5odHRwOi8vdGVzdC85NTAQhg5odHRwOi8vdGVzdC85NjAQhg5odHRwOi8vdGVz +-dC85NzAQhg5odHRwOi8vdGVzdC85ODAQhg5odHRwOi8vdGVzdC85OTARhg9odHRw +-Oi8vdGVzdC8xMDAwEYYPaHR0cDovL3Rlc3QvMTAxMBGGD2h0dHA6Ly90ZXN0LzEw +-MjARhg9odHRwOi8vdGVzdC8xMDMwEYYPaHR0cDovL3Rlc3QvMTA0MBGGD2h0dHA6 +-Ly90ZXN0LzEwNTARhg9odHRwOi8vdGVzdC8xMDYwEYYPaHR0cDovL3Rlc3QvMTA3 +-MBGGD2h0dHA6Ly90ZXN0LzEwODARhg9odHRwOi8vdGVzdC8xMDkwEYYPaHR0cDov +-L3Rlc3QvMTEwMBGGD2h0dHA6Ly90ZXN0LzExMTARhg9odHRwOi8vdGVzdC8xMTIw +-EYYPaHR0cDovL3Rlc3QvMTEzMBGGD2h0dHA6Ly90ZXN0LzExNDARhg9odHRwOi8v +-dGVzdC8xMTUwEYYPaHR0cDovL3Rlc3QvMTE2MBGGD2h0dHA6Ly90ZXN0LzExNzAR +-hg9odHRwOi8vdGVzdC8xMTgwEYYPaHR0cDovL3Rlc3QvMTE5MBGGD2h0dHA6Ly90 +-ZXN0LzEyMDARhg9odHRwOi8vdGVzdC8xMjEwEYYPaHR0cDovL3Rlc3QvMTIyMBGG +-D2h0dHA6Ly90ZXN0LzEyMzARhg9odHRwOi8vdGVzdC8xMjQwEYYPaHR0cDovL3Rl +-c3QvMTI1MBGGD2h0dHA6Ly90ZXN0LzEyNjARhg9odHRwOi8vdGVzdC8xMjcwEYYP +-aHR0cDovL3Rlc3QvMTI4MBGGD2h0dHA6Ly90ZXN0LzEyOTARhg9odHRwOi8vdGVz +-dC8xMzAwEYYPaHR0cDovL3Rlc3QvMTMxMBGGD2h0dHA6Ly90ZXN0LzEzMjARhg9o +-dHRwOi8vdGVzdC8xMzMwEYYPaHR0cDovL3Rlc3QvMTM0MBGGD2h0dHA6Ly90ZXN0 +-LzEzNTARhg9odHRwOi8vdGVzdC8xMzYwEYYPaHR0cDovL3Rlc3QvMTM3MBGGD2h0 +-dHA6Ly90ZXN0LzEzODARhg9odHRwOi8vdGVzdC8xMzkwEYYPaHR0cDovL3Rlc3Qv +-MTQwMBGGD2h0dHA6Ly90ZXN0LzE0MTARhg9odHRwOi8vdGVzdC8xNDIwEYYPaHR0 +-cDovL3Rlc3QvMTQzMBGGD2h0dHA6Ly90ZXN0LzE0NDARhg9odHRwOi8vdGVzdC8x +-NDUwEYYPaHR0cDovL3Rlc3QvMTQ2MBGGD2h0dHA6Ly90ZXN0LzE0NzARhg9odHRw +-Oi8vdGVzdC8xNDgwEYYPaHR0cDovL3Rlc3QvMTQ5MBGGD2h0dHA6Ly90ZXN0LzE1 +-MDARhg9odHRwOi8vdGVzdC8xNTEwEYYPaHR0cDovL3Rlc3QvMTUyMBGGD2h0dHA6 +-Ly90ZXN0LzE1MzARhg9odHRwOi8vdGVzdC8xNTQwEYYPaHR0cDovL3Rlc3QvMTU1 +-MBGGD2h0dHA6Ly90ZXN0LzE1NjARhg9odHRwOi8vdGVzdC8xNTcwEYYPaHR0cDov +-L3Rlc3QvMTU4MBGGD2h0dHA6Ly90ZXN0LzE1OTARhg9odHRwOi8vdGVzdC8xNjAw +-EYYPaHR0cDovL3Rlc3QvMTYxMBGGD2h0dHA6Ly90ZXN0LzE2MjARhg9odHRwOi8v +-dGVzdC8xNjMwEYYPaHR0cDovL3Rlc3QvMTY0MBGGD2h0dHA6Ly90ZXN0LzE2NTAR +-hg9odHRwOi8vdGVzdC8xNjYwEYYPaHR0cDovL3Rlc3QvMTY3MBGGD2h0dHA6Ly90 +-ZXN0LzE2ODARhg9odHRwOi8vdGVzdC8xNjkwEYYPaHR0cDovL3Rlc3QvMTcwMBGG +-D2h0dHA6Ly90ZXN0LzE3MTARhg9odHRwOi8vdGVzdC8xNzIwEYYPaHR0cDovL3Rl +-c3QvMTczMBGGD2h0dHA6Ly90ZXN0LzE3NDARhg9odHRwOi8vdGVzdC8xNzUwEYYP +-aHR0cDovL3Rlc3QvMTc2MBGGD2h0dHA6Ly90ZXN0LzE3NzARhg9odHRwOi8vdGVz +-dC8xNzgwEYYPaHR0cDovL3Rlc3QvMTc5MBGGD2h0dHA6Ly90ZXN0LzE4MDARhg9o +-dHRwOi8vdGVzdC8xODEwEYYPaHR0cDovL3Rlc3QvMTgyMBGGD2h0dHA6Ly90ZXN0 +-LzE4MzARhg9odHRwOi8vdGVzdC8xODQwEYYPaHR0cDovL3Rlc3QvMTg1MBGGD2h0 +-dHA6Ly90ZXN0LzE4NjARhg9odHRwOi8vdGVzdC8xODcwEYYPaHR0cDovL3Rlc3Qv +-MTg4MBGGD2h0dHA6Ly90ZXN0LzE4OTARhg9odHRwOi8vdGVzdC8xOTAwEYYPaHR0 +-cDovL3Rlc3QvMTkxMBGGD2h0dHA6Ly90ZXN0LzE5MjARhg9odHRwOi8vdGVzdC8x +-OTMwEYYPaHR0cDovL3Rlc3QvMTk0MBGGD2h0dHA6Ly90ZXN0LzE5NTARhg9odHRw +-Oi8vdGVzdC8xOTYwEYYPaHR0cDovL3Rlc3QvMTk3MBGGD2h0dHA6Ly90ZXN0LzE5 +-ODARhg9odHRwOi8vdGVzdC8xOTkwEYYPaHR0cDovL3Rlc3QvMjAwMBGGD2h0dHA6 +-Ly90ZXN0LzIwMTARhg9odHRwOi8vdGVzdC8yMDIwEYYPaHR0cDovL3Rlc3QvMjAz +-MBGGD2h0dHA6Ly90ZXN0LzIwNDARhg9odHRwOi8vdGVzdC8yMDUwEYYPaHR0cDov +-L3Rlc3QvMjA2MBGGD2h0dHA6Ly90ZXN0LzIwNzARhg9odHRwOi8vdGVzdC8yMDgw +-EYYPaHR0cDovL3Rlc3QvMjA5MBGGD2h0dHA6Ly90ZXN0LzIxMDARhg9odHRwOi8v +-dGVzdC8yMTEwEYYPaHR0cDovL3Rlc3QvMjEyMBGGD2h0dHA6Ly90ZXN0LzIxMzAR +-hg9odHRwOi8vdGVzdC8yMTQwEYYPaHR0cDovL3Rlc3QvMjE1MBGGD2h0dHA6Ly90 +-ZXN0LzIxNjARhg9odHRwOi8vdGVzdC8yMTcwEYYPaHR0cDovL3Rlc3QvMjE4MBGG +-D2h0dHA6Ly90ZXN0LzIxOTARhg9odHRwOi8vdGVzdC8yMjAwEYYPaHR0cDovL3Rl +-c3QvMjIxMBGGD2h0dHA6Ly90ZXN0LzIyMjARhg9odHRwOi8vdGVzdC8yMjMwEYYP +-aHR0cDovL3Rlc3QvMjI0MBGGD2h0dHA6Ly90ZXN0LzIyNTARhg9odHRwOi8vdGVz +-dC8yMjYwEYYPaHR0cDovL3Rlc3QvMjI3MBGGD2h0dHA6Ly90ZXN0LzIyODARhg9o +-dHRwOi8vdGVzdC8yMjkwEYYPaHR0cDovL3Rlc3QvMjMwMBGGD2h0dHA6Ly90ZXN0 +-LzIzMTARhg9odHRwOi8vdGVzdC8yMzIwEYYPaHR0cDovL3Rlc3QvMjMzMBGGD2h0 +-dHA6Ly90ZXN0LzIzNDARhg9odHRwOi8vdGVzdC8yMzUwEYYPaHR0cDovL3Rlc3Qv +-MjM2MBGGD2h0dHA6Ly90ZXN0LzIzNzARhg9odHRwOi8vdGVzdC8yMzgwEYYPaHR0 +-cDovL3Rlc3QvMjM5MBGGD2h0dHA6Ly90ZXN0LzI0MDARhg9odHRwOi8vdGVzdC8y +-NDEwEYYPaHR0cDovL3Rlc3QvMjQyMBGGD2h0dHA6Ly90ZXN0LzI0MzARhg9odHRw +-Oi8vdGVzdC8yNDQwEYYPaHR0cDovL3Rlc3QvMjQ1MBGGD2h0dHA6Ly90ZXN0LzI0 +-NjARhg9odHRwOi8vdGVzdC8yNDcwEYYPaHR0cDovL3Rlc3QvMjQ4MBGGD2h0dHA6 +-Ly90ZXN0LzI0OTARhg9odHRwOi8vdGVzdC8yNTAwEYYPaHR0cDovL3Rlc3QvMjUx +-MBGGD2h0dHA6Ly90ZXN0LzI1MjARhg9odHRwOi8vdGVzdC8yNTMwEYYPaHR0cDov +-L3Rlc3QvMjU0MBGGD2h0dHA6Ly90ZXN0LzI1NTARhg9odHRwOi8vdGVzdC8yNTYw +-EYYPaHR0cDovL3Rlc3QvMjU3MBGGD2h0dHA6Ly90ZXN0LzI1ODARhg9odHRwOi8v +-dGVzdC8yNTkwEYYPaHR0cDovL3Rlc3QvMjYwMBGGD2h0dHA6Ly90ZXN0LzI2MTAR +-hg9odHRwOi8vdGVzdC8yNjIwEYYPaHR0cDovL3Rlc3QvMjYzMBGGD2h0dHA6Ly90 +-ZXN0LzI2NDARhg9odHRwOi8vdGVzdC8yNjUwEYYPaHR0cDovL3Rlc3QvMjY2MBGG +-D2h0dHA6Ly90ZXN0LzI2NzARhg9odHRwOi8vdGVzdC8yNjgwEYYPaHR0cDovL3Rl +-c3QvMjY5MBGGD2h0dHA6Ly90ZXN0LzI3MDARhg9odHRwOi8vdGVzdC8yNzEwEYYP +-aHR0cDovL3Rlc3QvMjcyMBGGD2h0dHA6Ly90ZXN0LzI3MzARhg9odHRwOi8vdGVz +-dC8yNzQwEYYPaHR0cDovL3Rlc3QvMjc1MBGGD2h0dHA6Ly90ZXN0LzI3NjARhg9o +-dHRwOi8vdGVzdC8yNzcwEYYPaHR0cDovL3Rlc3QvMjc4MBGGD2h0dHA6Ly90ZXN0 +-LzI3OTARhg9odHRwOi8vdGVzdC8yODAwEYYPaHR0cDovL3Rlc3QvMjgxMBGGD2h0 +-dHA6Ly90ZXN0LzI4MjARhg9odHRwOi8vdGVzdC8yODMwEYYPaHR0cDovL3Rlc3Qv +-Mjg0MBGGD2h0dHA6Ly90ZXN0LzI4NTARhg9odHRwOi8vdGVzdC8yODYwEYYPaHR0 +-cDovL3Rlc3QvMjg3MBGGD2h0dHA6Ly90ZXN0LzI4ODARhg9odHRwOi8vdGVzdC8y +-ODkwEYYPaHR0cDovL3Rlc3QvMjkwMBGGD2h0dHA6Ly90ZXN0LzI5MTARhg9odHRw +-Oi8vdGVzdC8yOTIwEYYPaHR0cDovL3Rlc3QvMjkzMBGGD2h0dHA6Ly90ZXN0LzI5 +-NDARhg9odHRwOi8vdGVzdC8yOTUwEYYPaHR0cDovL3Rlc3QvMjk2MBGGD2h0dHA6 +-Ly90ZXN0LzI5NzARhg9odHRwOi8vdGVzdC8yOTgwEYYPaHR0cDovL3Rlc3QvMjk5 +-MBGGD2h0dHA6Ly90ZXN0LzMwMDARhg9odHRwOi8vdGVzdC8zMDEwEYYPaHR0cDov +-L3Rlc3QvMzAyMBGGD2h0dHA6Ly90ZXN0LzMwMzARhg9odHRwOi8vdGVzdC8zMDQw +-EYYPaHR0cDovL3Rlc3QvMzA1MBGGD2h0dHA6Ly90ZXN0LzMwNjARhg9odHRwOi8v +-dGVzdC8zMDcwEYYPaHR0cDovL3Rlc3QvMzA4MBGGD2h0dHA6Ly90ZXN0LzMwOTAR +-hg9odHRwOi8vdGVzdC8zMTAwEYYPaHR0cDovL3Rlc3QvMzExMBGGD2h0dHA6Ly90 +-ZXN0LzMxMjARhg9odHRwOi8vdGVzdC8zMTMwEYYPaHR0cDovL3Rlc3QvMzE0MBGG +-D2h0dHA6Ly90ZXN0LzMxNTARhg9odHRwOi8vdGVzdC8zMTYwEYYPaHR0cDovL3Rl +-c3QvMzE3MBGGD2h0dHA6Ly90ZXN0LzMxODARhg9odHRwOi8vdGVzdC8zMTkwEYYP +-aHR0cDovL3Rlc3QvMzIwMBGGD2h0dHA6Ly90ZXN0LzMyMTARhg9odHRwOi8vdGVz +-dC8zMjIwEYYPaHR0cDovL3Rlc3QvMzIzMBGGD2h0dHA6Ly90ZXN0LzMyNDARhg9o +-dHRwOi8vdGVzdC8zMjUwEYYPaHR0cDovL3Rlc3QvMzI2MBGGD2h0dHA6Ly90ZXN0 +-LzMyNzARhg9odHRwOi8vdGVzdC8zMjgwEYYPaHR0cDovL3Rlc3QvMzI5MBGGD2h0 +-dHA6Ly90ZXN0LzMzMDARhg9odHRwOi8vdGVzdC8zMzEwEYYPaHR0cDovL3Rlc3Qv +-MzMyMBGGD2h0dHA6Ly90ZXN0LzMzMzARhg9odHRwOi8vdGVzdC8zMzQwEYYPaHR0 +-cDovL3Rlc3QvMzM1MBGGD2h0dHA6Ly90ZXN0LzMzNjARhg9odHRwOi8vdGVzdC8z +-MzcwEYYPaHR0cDovL3Rlc3QvMzM4MBGGD2h0dHA6Ly90ZXN0LzMzOTARhg9odHRw +-Oi8vdGVzdC8zNDAwEYYPaHR0cDovL3Rlc3QvMzQxMBGGD2h0dHA6Ly90ZXN0LzM0 +-MjARhg9odHRwOi8vdGVzdC8zNDMwEYYPaHR0cDovL3Rlc3QvMzQ0MBGGD2h0dHA6 +-Ly90ZXN0LzM0NTARhg9odHRwOi8vdGVzdC8zNDYwEYYPaHR0cDovL3Rlc3QvMzQ3 +-MBGGD2h0dHA6Ly90ZXN0LzM0ODARhg9odHRwOi8vdGVzdC8zNDkwEYYPaHR0cDov +-L3Rlc3QvMzUwMBGGD2h0dHA6Ly90ZXN0LzM1MTARhg9odHRwOi8vdGVzdC8zNTIw +-EYYPaHR0cDovL3Rlc3QvMzUzMBGGD2h0dHA6Ly90ZXN0LzM1NDARhg9odHRwOi8v +-dGVzdC8zNTUwEYYPaHR0cDovL3Rlc3QvMzU2MBGGD2h0dHA6Ly90ZXN0LzM1NzAR +-hg9odHRwOi8vdGVzdC8zNTgwEYYPaHR0cDovL3Rlc3QvMzU5MBGGD2h0dHA6Ly90 +-ZXN0LzM2MDARhg9odHRwOi8vdGVzdC8zNjEwEYYPaHR0cDovL3Rlc3QvMzYyMBGG +-D2h0dHA6Ly90ZXN0LzM2MzARhg9odHRwOi8vdGVzdC8zNjQwEYYPaHR0cDovL3Rl +-c3QvMzY1MBGGD2h0dHA6Ly90ZXN0LzM2NjARhg9odHRwOi8vdGVzdC8zNjcwEYYP +-aHR0cDovL3Rlc3QvMzY4MBGGD2h0dHA6Ly90ZXN0LzM2OTARhg9odHRwOi8vdGVz +-dC8zNzAwEYYPaHR0cDovL3Rlc3QvMzcxMBGGD2h0dHA6Ly90ZXN0LzM3MjARhg9o +-dHRwOi8vdGVzdC8zNzMwEYYPaHR0cDovL3Rlc3QvMzc0MBGGD2h0dHA6Ly90ZXN0 +-LzM3NTARhg9odHRwOi8vdGVzdC8zNzYwEYYPaHR0cDovL3Rlc3QvMzc3MBGGD2h0 +-dHA6Ly90ZXN0LzM3ODARhg9odHRwOi8vdGVzdC8zNzkwEYYPaHR0cDovL3Rlc3Qv +-MzgwMBGGD2h0dHA6Ly90ZXN0LzM4MTARhg9odHRwOi8vdGVzdC8zODIwEYYPaHR0 +-cDovL3Rlc3QvMzgzMBGGD2h0dHA6Ly90ZXN0LzM4NDARhg9odHRwOi8vdGVzdC8z +-ODUwEYYPaHR0cDovL3Rlc3QvMzg2MBGGD2h0dHA6Ly90ZXN0LzM4NzARhg9odHRw +-Oi8vdGVzdC8zODgwEYYPaHR0cDovL3Rlc3QvMzg5MBGGD2h0dHA6Ly90ZXN0LzM5 +-MDARhg9odHRwOi8vdGVzdC8zOTEwEYYPaHR0cDovL3Rlc3QvMzkyMBGGD2h0dHA6 +-Ly90ZXN0LzM5MzARhg9odHRwOi8vdGVzdC8zOTQwEYYPaHR0cDovL3Rlc3QvMzk1 +-MBGGD2h0dHA6Ly90ZXN0LzM5NjARhg9odHRwOi8vdGVzdC8zOTcwEYYPaHR0cDov +-L3Rlc3QvMzk4MBGGD2h0dHA6Ly90ZXN0LzM5OTARhg9odHRwOi8vdGVzdC80MDAw +-EYYPaHR0cDovL3Rlc3QvNDAxMBGGD2h0dHA6Ly90ZXN0LzQwMjARhg9odHRwOi8v +-dGVzdC80MDMwEYYPaHR0cDovL3Rlc3QvNDA0MBGGD2h0dHA6Ly90ZXN0LzQwNTAR +-hg9odHRwOi8vdGVzdC80MDYwEYYPaHR0cDovL3Rlc3QvNDA3MBGGD2h0dHA6Ly90 +-ZXN0LzQwODARhg9odHRwOi8vdGVzdC80MDkwEYYPaHR0cDovL3Rlc3QvNDEwMBGG +-D2h0dHA6Ly90ZXN0LzQxMTARhg9odHRwOi8vdGVzdC80MTIwEYYPaHR0cDovL3Rl +-c3QvNDEzMBGGD2h0dHA6Ly90ZXN0LzQxNDARhg9odHRwOi8vdGVzdC80MTUwEYYP +-aHR0cDovL3Rlc3QvNDE2MBGGD2h0dHA6Ly90ZXN0LzQxNzARhg9odHRwOi8vdGVz +-dC80MTgwEYYPaHR0cDovL3Rlc3QvNDE5MBGGD2h0dHA6Ly90ZXN0LzQyMDARhg9o +-dHRwOi8vdGVzdC80MjEwEYYPaHR0cDovL3Rlc3QvNDIyMBGGD2h0dHA6Ly90ZXN0 +-LzQyMzARhg9odHRwOi8vdGVzdC80MjQwEYYPaHR0cDovL3Rlc3QvNDI1MBGGD2h0 +-dHA6Ly90ZXN0LzQyNjARhg9odHRwOi8vdGVzdC80MjcwEYYPaHR0cDovL3Rlc3Qv +-NDI4MBGGD2h0dHA6Ly90ZXN0LzQyOTARhg9odHRwOi8vdGVzdC80MzAwEYYPaHR0 +-cDovL3Rlc3QvNDMxMBGGD2h0dHA6Ly90ZXN0LzQzMjARhg9odHRwOi8vdGVzdC80 +-MzMwEYYPaHR0cDovL3Rlc3QvNDM0MBGGD2h0dHA6Ly90ZXN0LzQzNTARhg9odHRw +-Oi8vdGVzdC80MzYwEYYPaHR0cDovL3Rlc3QvNDM3MBGGD2h0dHA6Ly90ZXN0LzQz +-ODARhg9odHRwOi8vdGVzdC80MzkwEYYPaHR0cDovL3Rlc3QvNDQwMBGGD2h0dHA6 +-Ly90ZXN0LzQ0MTARhg9odHRwOi8vdGVzdC80NDIwEYYPaHR0cDovL3Rlc3QvNDQz +-MBGGD2h0dHA6Ly90ZXN0LzQ0NDARhg9odHRwOi8vdGVzdC80NDUwEYYPaHR0cDov +-L3Rlc3QvNDQ2MBGGD2h0dHA6Ly90ZXN0LzQ0NzARhg9odHRwOi8vdGVzdC80NDgw +-EYYPaHR0cDovL3Rlc3QvNDQ5MBGGD2h0dHA6Ly90ZXN0LzQ1MDARhg9odHRwOi8v +-dGVzdC80NTEwEYYPaHR0cDovL3Rlc3QvNDUyMBGGD2h0dHA6Ly90ZXN0LzQ1MzAR +-hg9odHRwOi8vdGVzdC80NTQwEYYPaHR0cDovL3Rlc3QvNDU1MBGGD2h0dHA6Ly90 +-ZXN0LzQ1NjARhg9odHRwOi8vdGVzdC80NTcwEYYPaHR0cDovL3Rlc3QvNDU4MBGG +-D2h0dHA6Ly90ZXN0LzQ1OTARhg9odHRwOi8vdGVzdC80NjAwEYYPaHR0cDovL3Rl +-c3QvNDYxMBGGD2h0dHA6Ly90ZXN0LzQ2MjARhg9odHRwOi8vdGVzdC80NjMwEYYP +-aHR0cDovL3Rlc3QvNDY0MBGGD2h0dHA6Ly90ZXN0LzQ2NTARhg9odHRwOi8vdGVz +-dC80NjYwEYYPaHR0cDovL3Rlc3QvNDY3MBGGD2h0dHA6Ly90ZXN0LzQ2ODARhg9o +-dHRwOi8vdGVzdC80NjkwEYYPaHR0cDovL3Rlc3QvNDcwMBGGD2h0dHA6Ly90ZXN0 +-LzQ3MTARhg9odHRwOi8vdGVzdC80NzIwEYYPaHR0cDovL3Rlc3QvNDczMBGGD2h0 +-dHA6Ly90ZXN0LzQ3NDARhg9odHRwOi8vdGVzdC80NzUwEYYPaHR0cDovL3Rlc3Qv +-NDc2MBGGD2h0dHA6Ly90ZXN0LzQ3NzARhg9odHRwOi8vdGVzdC80NzgwEYYPaHR0 +-cDovL3Rlc3QvNDc5MBGGD2h0dHA6Ly90ZXN0LzQ4MDARhg9odHRwOi8vdGVzdC80 +-ODEwEYYPaHR0cDovL3Rlc3QvNDgyMBGGD2h0dHA6Ly90ZXN0LzQ4MzARhg9odHRw +-Oi8vdGVzdC80ODQwEYYPaHR0cDovL3Rlc3QvNDg1MBGGD2h0dHA6Ly90ZXN0LzQ4 +-NjARhg9odHRwOi8vdGVzdC80ODcwEYYPaHR0cDovL3Rlc3QvNDg4MBGGD2h0dHA6 +-Ly90ZXN0LzQ4OTARhg9odHRwOi8vdGVzdC80OTAwEYYPaHR0cDovL3Rlc3QvNDkx +-MBGGD2h0dHA6Ly90ZXN0LzQ5MjARhg9odHRwOi8vdGVzdC80OTMwEYYPaHR0cDov +-L3Rlc3QvNDk0MBGGD2h0dHA6Ly90ZXN0LzQ5NTARhg9odHRwOi8vdGVzdC80OTYw +-EYYPaHR0cDovL3Rlc3QvNDk3MBGGD2h0dHA6Ly90ZXN0LzQ5ODARhg9odHRwOi8v +-dGVzdC80OTkwEYYPaHR0cDovL3Rlc3QvNTAwMBGGD2h0dHA6Ly90ZXN0LzUwMTAR +-hg9odHRwOi8vdGVzdC81MDIwEYYPaHR0cDovL3Rlc3QvNTAzMBGGD2h0dHA6Ly90 +-ZXN0LzUwNDARhg9odHRwOi8vdGVzdC81MDUwEYYPaHR0cDovL3Rlc3QvNTA2MBGG +-D2h0dHA6Ly90ZXN0LzUwNzARhg9odHRwOi8vdGVzdC81MDgwEYYPaHR0cDovL3Rl +-c3QvNTA5MBGGD2h0dHA6Ly90ZXN0LzUxMDARhg9odHRwOi8vdGVzdC81MTEwEYYP +-aHR0cDovL3Rlc3QvNTEyMBGGD2h0dHA6Ly90ZXN0LzUxMzARhg9odHRwOi8vdGVz +-dC81MTQwEYYPaHR0cDovL3Rlc3QvNTE1MBGGD2h0dHA6Ly90ZXN0LzUxNjARhg9o +-dHRwOi8vdGVzdC81MTcwEYYPaHR0cDovL3Rlc3QvNTE4MBGGD2h0dHA6Ly90ZXN0 +-LzUxOTARhg9odHRwOi8vdGVzdC81MjAwEYYPaHR0cDovL3Rlc3QvNTIxMBGGD2h0 +-dHA6Ly90ZXN0LzUyMjARhg9odHRwOi8vdGVzdC81MjMwEYYPaHR0cDovL3Rlc3Qv +-NTI0MBGGD2h0dHA6Ly90ZXN0LzUyNTARhg9odHRwOi8vdGVzdC81MjYwEYYPaHR0 +-cDovL3Rlc3QvNTI3MBGGD2h0dHA6Ly90ZXN0LzUyODARhg9odHRwOi8vdGVzdC81 +-MjkwEYYPaHR0cDovL3Rlc3QvNTMwMBGGD2h0dHA6Ly90ZXN0LzUzMTARhg9odHRw +-Oi8vdGVzdC81MzIwEYYPaHR0cDovL3Rlc3QvNTMzMBGGD2h0dHA6Ly90ZXN0LzUz +-NDARhg9odHRwOi8vdGVzdC81MzUwEYYPaHR0cDovL3Rlc3QvNTM2MBGGD2h0dHA6 +-Ly90ZXN0LzUzNzARhg9odHRwOi8vdGVzdC81MzgwEYYPaHR0cDovL3Rlc3QvNTM5 +-MBGGD2h0dHA6Ly90ZXN0LzU0MDARhg9odHRwOi8vdGVzdC81NDEwEYYPaHR0cDov +-L3Rlc3QvNTQyMBGGD2h0dHA6Ly90ZXN0LzU0MzARhg9odHRwOi8vdGVzdC81NDQw +-EYYPaHR0cDovL3Rlc3QvNTQ1MBGGD2h0dHA6Ly90ZXN0LzU0NjARhg9odHRwOi8v +-dGVzdC81NDcwEYYPaHR0cDovL3Rlc3QvNTQ4MBGGD2h0dHA6Ly90ZXN0LzU0OTAR +-hg9odHRwOi8vdGVzdC81NTAwEYYPaHR0cDovL3Rlc3QvNTUxMBGGD2h0dHA6Ly90 +-ZXN0LzU1MjARhg9odHRwOi8vdGVzdC81NTMwEYYPaHR0cDovL3Rlc3QvNTU0MBGG +-D2h0dHA6Ly90ZXN0LzU1NTARhg9odHRwOi8vdGVzdC81NTYwEYYPaHR0cDovL3Rl +-c3QvNTU3MBGGD2h0dHA6Ly90ZXN0LzU1ODARhg9odHRwOi8vdGVzdC81NTkwEYYP +-aHR0cDovL3Rlc3QvNTYwMBGGD2h0dHA6Ly90ZXN0LzU2MTARhg9odHRwOi8vdGVz +-dC81NjIwEYYPaHR0cDovL3Rlc3QvNTYzMBGGD2h0dHA6Ly90ZXN0LzU2NDARhg9o +-dHRwOi8vdGVzdC81NjUwEYYPaHR0cDovL3Rlc3QvNTY2MBGGD2h0dHA6Ly90ZXN0 +-LzU2NzARhg9odHRwOi8vdGVzdC81NjgwEYYPaHR0cDovL3Rlc3QvNTY5MBGGD2h0 +-dHA6Ly90ZXN0LzU3MDARhg9odHRwOi8vdGVzdC81NzEwEYYPaHR0cDovL3Rlc3Qv +-NTcyMBGGD2h0dHA6Ly90ZXN0LzU3MzARhg9odHRwOi8vdGVzdC81NzQwEYYPaHR0 +-cDovL3Rlc3QvNTc1MBGGD2h0dHA6Ly90ZXN0LzU3NjARhg9odHRwOi8vdGVzdC81 +-NzcwEYYPaHR0cDovL3Rlc3QvNTc4MBGGD2h0dHA6Ly90ZXN0LzU3OTARhg9odHRw +-Oi8vdGVzdC81ODAwEYYPaHR0cDovL3Rlc3QvNTgxMBGGD2h0dHA6Ly90ZXN0LzU4 +-MjARhg9odHRwOi8vdGVzdC81ODMwEYYPaHR0cDovL3Rlc3QvNTg0MBGGD2h0dHA6 +-Ly90ZXN0LzU4NTARhg9odHRwOi8vdGVzdC81ODYwEYYPaHR0cDovL3Rlc3QvNTg3 +-MBGGD2h0dHA6Ly90ZXN0LzU4ODARhg9odHRwOi8vdGVzdC81ODkwEYYPaHR0cDov +-L3Rlc3QvNTkwMBGGD2h0dHA6Ly90ZXN0LzU5MTARhg9odHRwOi8vdGVzdC81OTIw +-EYYPaHR0cDovL3Rlc3QvNTkzMBGGD2h0dHA6Ly90ZXN0LzU5NDARhg9odHRwOi8v +-dGVzdC81OTUwEYYPaHR0cDovL3Rlc3QvNTk2MBGGD2h0dHA6Ly90ZXN0LzU5NzAR +-hg9odHRwOi8vdGVzdC81OTgwEYYPaHR0cDovL3Rlc3QvNTk5MBGGD2h0dHA6Ly90 +-ZXN0LzYwMDARhg9odHRwOi8vdGVzdC82MDEwEYYPaHR0cDovL3Rlc3QvNjAyMBGG +-D2h0dHA6Ly90ZXN0LzYwMzARhg9odHRwOi8vdGVzdC82MDQwEYYPaHR0cDovL3Rl +-c3QvNjA1MBGGD2h0dHA6Ly90ZXN0LzYwNjARhg9odHRwOi8vdGVzdC82MDcwEYYP +-aHR0cDovL3Rlc3QvNjA4MBGGD2h0dHA6Ly90ZXN0LzYwOTARhg9odHRwOi8vdGVz +-dC82MTAwEYYPaHR0cDovL3Rlc3QvNjExMBGGD2h0dHA6Ly90ZXN0LzYxMjARhg9o +-dHRwOi8vdGVzdC82MTMwEYYPaHR0cDovL3Rlc3QvNjE0MBGGD2h0dHA6Ly90ZXN0 +-LzYxNTARhg9odHRwOi8vdGVzdC82MTYwEYYPaHR0cDovL3Rlc3QvNjE3MBGGD2h0 +-dHA6Ly90ZXN0LzYxODARhg9odHRwOi8vdGVzdC82MTkwEYYPaHR0cDovL3Rlc3Qv +-NjIwMBGGD2h0dHA6Ly90ZXN0LzYyMTARhg9odHRwOi8vdGVzdC82MjIwEYYPaHR0 +-cDovL3Rlc3QvNjIzMBGGD2h0dHA6Ly90ZXN0LzYyNDARhg9odHRwOi8vdGVzdC82 +-MjUwEYYPaHR0cDovL3Rlc3QvNjI2MBGGD2h0dHA6Ly90ZXN0LzYyNzARhg9odHRw +-Oi8vdGVzdC82MjgwEYYPaHR0cDovL3Rlc3QvNjI5MBGGD2h0dHA6Ly90ZXN0LzYz +-MDARhg9odHRwOi8vdGVzdC82MzEwEYYPaHR0cDovL3Rlc3QvNjMyMBGGD2h0dHA6 +-Ly90ZXN0LzYzMzARhg9odHRwOi8vdGVzdC82MzQwEYYPaHR0cDovL3Rlc3QvNjM1 +-MBGGD2h0dHA6Ly90ZXN0LzYzNjARhg9odHRwOi8vdGVzdC82MzcwEYYPaHR0cDov +-L3Rlc3QvNjM4MBGGD2h0dHA6Ly90ZXN0LzYzOTARhg9odHRwOi8vdGVzdC82NDAw +-EYYPaHR0cDovL3Rlc3QvNjQxMBGGD2h0dHA6Ly90ZXN0LzY0MjARhg9odHRwOi8v +-dGVzdC82NDMwEYYPaHR0cDovL3Rlc3QvNjQ0MBGGD2h0dHA6Ly90ZXN0LzY0NTAR +-hg9odHRwOi8vdGVzdC82NDYwEYYPaHR0cDovL3Rlc3QvNjQ3MBGGD2h0dHA6Ly90 +-ZXN0LzY0ODARhg9odHRwOi8vdGVzdC82NDkwEYYPaHR0cDovL3Rlc3QvNjUwMBGG +-D2h0dHA6Ly90ZXN0LzY1MTARhg9odHRwOi8vdGVzdC82NTIwEYYPaHR0cDovL3Rl +-c3QvNjUzMBGGD2h0dHA6Ly90ZXN0LzY1NDARhg9odHRwOi8vdGVzdC82NTUwEYYP +-aHR0cDovL3Rlc3QvNjU2MBGGD2h0dHA6Ly90ZXN0LzY1NzARhg9odHRwOi8vdGVz +-dC82NTgwEYYPaHR0cDovL3Rlc3QvNjU5MBGGD2h0dHA6Ly90ZXN0LzY2MDARhg9o +-dHRwOi8vdGVzdC82NjEwEYYPaHR0cDovL3Rlc3QvNjYyMBGGD2h0dHA6Ly90ZXN0 +-LzY2MzARhg9odHRwOi8vdGVzdC82NjQwEYYPaHR0cDovL3Rlc3QvNjY1MBGGD2h0 +-dHA6Ly90ZXN0LzY2NjARhg9odHRwOi8vdGVzdC82NjcwEYYPaHR0cDovL3Rlc3Qv +-NjY4MBGGD2h0dHA6Ly90ZXN0LzY2OTARhg9odHRwOi8vdGVzdC82NzAwEYYPaHR0 +-cDovL3Rlc3QvNjcxMBGGD2h0dHA6Ly90ZXN0LzY3MjARhg9odHRwOi8vdGVzdC82 +-NzMwEYYPaHR0cDovL3Rlc3QvNjc0MBGGD2h0dHA6Ly90ZXN0LzY3NTARhg9odHRw +-Oi8vdGVzdC82NzYwEYYPaHR0cDovL3Rlc3QvNjc3MBGGD2h0dHA6Ly90ZXN0LzY3 +-ODARhg9odHRwOi8vdGVzdC82NzkwEYYPaHR0cDovL3Rlc3QvNjgwMBGGD2h0dHA6 +-Ly90ZXN0LzY4MTARhg9odHRwOi8vdGVzdC82ODIwEYYPaHR0cDovL3Rlc3QvNjgz +-MBGGD2h0dHA6Ly90ZXN0LzY4NDARhg9odHRwOi8vdGVzdC82ODUwEYYPaHR0cDov +-L3Rlc3QvNjg2MBGGD2h0dHA6Ly90ZXN0LzY4NzARhg9odHRwOi8vdGVzdC82ODgw +-EYYPaHR0cDovL3Rlc3QvNjg5MBGGD2h0dHA6Ly90ZXN0LzY5MDARhg9odHRwOi8v +-dGVzdC82OTEwEYYPaHR0cDovL3Rlc3QvNjkyMBGGD2h0dHA6Ly90ZXN0LzY5MzAR +-hg9odHRwOi8vdGVzdC82OTQwEYYPaHR0cDovL3Rlc3QvNjk1MBGGD2h0dHA6Ly90 +-ZXN0LzY5NjARhg9odHRwOi8vdGVzdC82OTcwEYYPaHR0cDovL3Rlc3QvNjk4MBGG +-D2h0dHA6Ly90ZXN0LzY5OTARhg9odHRwOi8vdGVzdC83MDAwEYYPaHR0cDovL3Rl +-c3QvNzAxMBGGD2h0dHA6Ly90ZXN0LzcwMjARhg9odHRwOi8vdGVzdC83MDMwEYYP +-aHR0cDovL3Rlc3QvNzA0MBGGD2h0dHA6Ly90ZXN0LzcwNTARhg9odHRwOi8vdGVz +-dC83MDYwEYYPaHR0cDovL3Rlc3QvNzA3MBGGD2h0dHA6Ly90ZXN0LzcwODARhg9o +-dHRwOi8vdGVzdC83MDkwEYYPaHR0cDovL3Rlc3QvNzEwMBGGD2h0dHA6Ly90ZXN0 +-LzcxMTARhg9odHRwOi8vdGVzdC83MTIwEYYPaHR0cDovL3Rlc3QvNzEzMBGGD2h0 +-dHA6Ly90ZXN0LzcxNDARhg9odHRwOi8vdGVzdC83MTUwEYYPaHR0cDovL3Rlc3Qv +-NzE2MBGGD2h0dHA6Ly90ZXN0LzcxNzARhg9odHRwOi8vdGVzdC83MTgwEYYPaHR0 +-cDovL3Rlc3QvNzE5MBGGD2h0dHA6Ly90ZXN0LzcyMDARhg9odHRwOi8vdGVzdC83 +-MjEwEYYPaHR0cDovL3Rlc3QvNzIyMBGGD2h0dHA6Ly90ZXN0LzcyMzARhg9odHRw +-Oi8vdGVzdC83MjQwEYYPaHR0cDovL3Rlc3QvNzI1MBGGD2h0dHA6Ly90ZXN0Lzcy +-NjARhg9odHRwOi8vdGVzdC83MjcwEYYPaHR0cDovL3Rlc3QvNzI4MBGGD2h0dHA6 +-Ly90ZXN0LzcyOTARhg9odHRwOi8vdGVzdC83MzAwEYYPaHR0cDovL3Rlc3QvNzMx +-MBGGD2h0dHA6Ly90ZXN0LzczMjARhg9odHRwOi8vdGVzdC83MzMwEYYPaHR0cDov +-L3Rlc3QvNzM0MBGGD2h0dHA6Ly90ZXN0LzczNTARhg9odHRwOi8vdGVzdC83MzYw +-EYYPaHR0cDovL3Rlc3QvNzM3MBGGD2h0dHA6Ly90ZXN0LzczODARhg9odHRwOi8v +-dGVzdC83MzkwEYYPaHR0cDovL3Rlc3QvNzQwMBGGD2h0dHA6Ly90ZXN0Lzc0MTAR +-hg9odHRwOi8vdGVzdC83NDIwEYYPaHR0cDovL3Rlc3QvNzQzMBGGD2h0dHA6Ly90 +-ZXN0Lzc0NDARhg9odHRwOi8vdGVzdC83NDUwEYYPaHR0cDovL3Rlc3QvNzQ2MBGG +-D2h0dHA6Ly90ZXN0Lzc0NzARhg9odHRwOi8vdGVzdC83NDgwEYYPaHR0cDovL3Rl +-c3QvNzQ5MBGGD2h0dHA6Ly90ZXN0Lzc1MDARhg9odHRwOi8vdGVzdC83NTEwEYYP +-aHR0cDovL3Rlc3QvNzUyMBGGD2h0dHA6Ly90ZXN0Lzc1MzARhg9odHRwOi8vdGVz +-dC83NTQwEYYPaHR0cDovL3Rlc3QvNzU1MBGGD2h0dHA6Ly90ZXN0Lzc1NjARhg9o +-dHRwOi8vdGVzdC83NTcwEYYPaHR0cDovL3Rlc3QvNzU4MBGGD2h0dHA6Ly90ZXN0 +-Lzc1OTARhg9odHRwOi8vdGVzdC83NjAwEYYPaHR0cDovL3Rlc3QvNzYxMBGGD2h0 +-dHA6Ly90ZXN0Lzc2MjARhg9odHRwOi8vdGVzdC83NjMwEYYPaHR0cDovL3Rlc3Qv +-NzY0MBGGD2h0dHA6Ly90ZXN0Lzc2NTARhg9odHRwOi8vdGVzdC83NjYwEYYPaHR0 +-cDovL3Rlc3QvNzY3MBGGD2h0dHA6Ly90ZXN0Lzc2ODARhg9odHRwOi8vdGVzdC83 +-NjkwEYYPaHR0cDovL3Rlc3QvNzcwMBGGD2h0dHA6Ly90ZXN0Lzc3MTARhg9odHRw +-Oi8vdGVzdC83NzIwEYYPaHR0cDovL3Rlc3QvNzczMBGGD2h0dHA6Ly90ZXN0Lzc3 +-NDARhg9odHRwOi8vdGVzdC83NzUwEYYPaHR0cDovL3Rlc3QvNzc2MBGGD2h0dHA6 +-Ly90ZXN0Lzc3NzARhg9odHRwOi8vdGVzdC83NzgwEYYPaHR0cDovL3Rlc3QvNzc5 +-MBGGD2h0dHA6Ly90ZXN0Lzc4MDARhg9odHRwOi8vdGVzdC83ODEwEYYPaHR0cDov +-L3Rlc3QvNzgyMBGGD2h0dHA6Ly90ZXN0Lzc4MzARhg9odHRwOi8vdGVzdC83ODQw +-EYYPaHR0cDovL3Rlc3QvNzg1MBGGD2h0dHA6Ly90ZXN0Lzc4NjARhg9odHRwOi8v +-dGVzdC83ODcwEYYPaHR0cDovL3Rlc3QvNzg4MBGGD2h0dHA6Ly90ZXN0Lzc4OTAR +-hg9odHRwOi8vdGVzdC83OTAwEYYPaHR0cDovL3Rlc3QvNzkxMBGGD2h0dHA6Ly90 +-ZXN0Lzc5MjARhg9odHRwOi8vdGVzdC83OTMwEYYPaHR0cDovL3Rlc3QvNzk0MBGG +-D2h0dHA6Ly90ZXN0Lzc5NTARhg9odHRwOi8vdGVzdC83OTYwEYYPaHR0cDovL3Rl +-c3QvNzk3MBGGD2h0dHA6Ly90ZXN0Lzc5ODARhg9odHRwOi8vdGVzdC83OTkwEYYP +-aHR0cDovL3Rlc3QvODAwMBGGD2h0dHA6Ly90ZXN0LzgwMTARhg9odHRwOi8vdGVz +-dC84MDIwEYYPaHR0cDovL3Rlc3QvODAzMBGGD2h0dHA6Ly90ZXN0LzgwNDARhg9o +-dHRwOi8vdGVzdC84MDUwEYYPaHR0cDovL3Rlc3QvODA2MBGGD2h0dHA6Ly90ZXN0 +-LzgwNzARhg9odHRwOi8vdGVzdC84MDgwEYYPaHR0cDovL3Rlc3QvODA5MBGGD2h0 +-dHA6Ly90ZXN0LzgxMDARhg9odHRwOi8vdGVzdC84MTEwEYYPaHR0cDovL3Rlc3Qv +-ODEyMBGGD2h0dHA6Ly90ZXN0LzgxMzARhg9odHRwOi8vdGVzdC84MTQwEYYPaHR0 +-cDovL3Rlc3QvODE1MBGGD2h0dHA6Ly90ZXN0LzgxNjARhg9odHRwOi8vdGVzdC84 +-MTcwEYYPaHR0cDovL3Rlc3QvODE4MBGGD2h0dHA6Ly90ZXN0LzgxOTARhg9odHRw +-Oi8vdGVzdC84MjAwEYYPaHR0cDovL3Rlc3QvODIxMBGGD2h0dHA6Ly90ZXN0Lzgy +-MjARhg9odHRwOi8vdGVzdC84MjMwEYYPaHR0cDovL3Rlc3QvODI0MBGGD2h0dHA6 +-Ly90ZXN0LzgyNTARhg9odHRwOi8vdGVzdC84MjYwEYYPaHR0cDovL3Rlc3QvODI3 +-MBGGD2h0dHA6Ly90ZXN0LzgyODARhg9odHRwOi8vdGVzdC84MjkwEYYPaHR0cDov +-L3Rlc3QvODMwMBGGD2h0dHA6Ly90ZXN0LzgzMTARhg9odHRwOi8vdGVzdC84MzIw +-EYYPaHR0cDovL3Rlc3QvODMzMBGGD2h0dHA6Ly90ZXN0LzgzNDARhg9odHRwOi8v +-dGVzdC84MzUwEYYPaHR0cDovL3Rlc3QvODM2MBGGD2h0dHA6Ly90ZXN0LzgzNzAR +-hg9odHRwOi8vdGVzdC84MzgwEYYPaHR0cDovL3Rlc3QvODM5MBGGD2h0dHA6Ly90 +-ZXN0Lzg0MDARhg9odHRwOi8vdGVzdC84NDEwEYYPaHR0cDovL3Rlc3QvODQyMBGG +-D2h0dHA6Ly90ZXN0Lzg0MzARhg9odHRwOi8vdGVzdC84NDQwEYYPaHR0cDovL3Rl +-c3QvODQ1MBGGD2h0dHA6Ly90ZXN0Lzg0NjARhg9odHRwOi8vdGVzdC84NDcwEYYP +-aHR0cDovL3Rlc3QvODQ4MBGGD2h0dHA6Ly90ZXN0Lzg0OTARhg9odHRwOi8vdGVz +-dC84NTAwEYYPaHR0cDovL3Rlc3QvODUxMBGGD2h0dHA6Ly90ZXN0Lzg1MjARhg9o +-dHRwOi8vdGVzdC84NTMwEYYPaHR0cDovL3Rlc3QvODU0MBGGD2h0dHA6Ly90ZXN0 +-Lzg1NTARhg9odHRwOi8vdGVzdC84NTYwEYYPaHR0cDovL3Rlc3QvODU3MBGGD2h0 +-dHA6Ly90ZXN0Lzg1ODARhg9odHRwOi8vdGVzdC84NTkwEYYPaHR0cDovL3Rlc3Qv +-ODYwMBGGD2h0dHA6Ly90ZXN0Lzg2MTARhg9odHRwOi8vdGVzdC84NjIwEYYPaHR0 +-cDovL3Rlc3QvODYzMBGGD2h0dHA6Ly90ZXN0Lzg2NDARhg9odHRwOi8vdGVzdC84 +-NjUwEYYPaHR0cDovL3Rlc3QvODY2MBGGD2h0dHA6Ly90ZXN0Lzg2NzARhg9odHRw +-Oi8vdGVzdC84NjgwEYYPaHR0cDovL3Rlc3QvODY5MBGGD2h0dHA6Ly90ZXN0Lzg3 +-MDARhg9odHRwOi8vdGVzdC84NzEwEYYPaHR0cDovL3Rlc3QvODcyMBGGD2h0dHA6 +-Ly90ZXN0Lzg3MzARhg9odHRwOi8vdGVzdC84NzQwEYYPaHR0cDovL3Rlc3QvODc1 +-MBGGD2h0dHA6Ly90ZXN0Lzg3NjARhg9odHRwOi8vdGVzdC84NzcwEYYPaHR0cDov +-L3Rlc3QvODc4MBGGD2h0dHA6Ly90ZXN0Lzg3OTARhg9odHRwOi8vdGVzdC84ODAw +-EYYPaHR0cDovL3Rlc3QvODgxMBGGD2h0dHA6Ly90ZXN0Lzg4MjARhg9odHRwOi8v +-dGVzdC84ODMwEYYPaHR0cDovL3Rlc3QvODg0MBGGD2h0dHA6Ly90ZXN0Lzg4NTAR +-hg9odHRwOi8vdGVzdC84ODYwEYYPaHR0cDovL3Rlc3QvODg3MBGGD2h0dHA6Ly90 +-ZXN0Lzg4ODARhg9odHRwOi8vdGVzdC84ODkwEYYPaHR0cDovL3Rlc3QvODkwMBGG +-D2h0dHA6Ly90ZXN0Lzg5MTARhg9odHRwOi8vdGVzdC84OTIwEYYPaHR0cDovL3Rl +-c3QvODkzMBGGD2h0dHA6Ly90ZXN0Lzg5NDARhg9odHRwOi8vdGVzdC84OTUwEYYP +-aHR0cDovL3Rlc3QvODk2MBGGD2h0dHA6Ly90ZXN0Lzg5NzARhg9odHRwOi8vdGVz +-dC84OTgwEYYPaHR0cDovL3Rlc3QvODk5MBGGD2h0dHA6Ly90ZXN0LzkwMDARhg9o +-dHRwOi8vdGVzdC85MDEwEYYPaHR0cDovL3Rlc3QvOTAyMBGGD2h0dHA6Ly90ZXN0 +-LzkwMzARhg9odHRwOi8vdGVzdC85MDQwEYYPaHR0cDovL3Rlc3QvOTA1MBGGD2h0 +-dHA6Ly90ZXN0LzkwNjARhg9odHRwOi8vdGVzdC85MDcwEYYPaHR0cDovL3Rlc3Qv +-OTA4MBGGD2h0dHA6Ly90ZXN0LzkwOTARhg9odHRwOi8vdGVzdC85MTAwEYYPaHR0 +-cDovL3Rlc3QvOTExMBGGD2h0dHA6Ly90ZXN0LzkxMjARhg9odHRwOi8vdGVzdC85 +-MTMwEYYPaHR0cDovL3Rlc3QvOTE0MBGGD2h0dHA6Ly90ZXN0LzkxNTARhg9odHRw +-Oi8vdGVzdC85MTYwEYYPaHR0cDovL3Rlc3QvOTE3MBGGD2h0dHA6Ly90ZXN0Lzkx +-ODARhg9odHRwOi8vdGVzdC85MTkwEYYPaHR0cDovL3Rlc3QvOTIwMBGGD2h0dHA6 +-Ly90ZXN0LzkyMTARhg9odHRwOi8vdGVzdC85MjIwEYYPaHR0cDovL3Rlc3QvOTIz +-MBGGD2h0dHA6Ly90ZXN0LzkyNDARhg9odHRwOi8vdGVzdC85MjUwEYYPaHR0cDov +-L3Rlc3QvOTI2MBGGD2h0dHA6Ly90ZXN0LzkyNzARhg9odHRwOi8vdGVzdC85Mjgw +-EYYPaHR0cDovL3Rlc3QvOTI5MBGGD2h0dHA6Ly90ZXN0LzkzMDARhg9odHRwOi8v +-dGVzdC85MzEwEYYPaHR0cDovL3Rlc3QvOTMyMBGGD2h0dHA6Ly90ZXN0LzkzMzAR +-hg9odHRwOi8vdGVzdC85MzQwEYYPaHR0cDovL3Rlc3QvOTM1MBGGD2h0dHA6Ly90 +-ZXN0LzkzNjARhg9odHRwOi8vdGVzdC85MzcwEYYPaHR0cDovL3Rlc3QvOTM4MBGG +-D2h0dHA6Ly90ZXN0LzkzOTARhg9odHRwOi8vdGVzdC85NDAwEYYPaHR0cDovL3Rl +-c3QvOTQxMBGGD2h0dHA6Ly90ZXN0Lzk0MjARhg9odHRwOi8vdGVzdC85NDMwEYYP +-aHR0cDovL3Rlc3QvOTQ0MBGGD2h0dHA6Ly90ZXN0Lzk0NTARhg9odHRwOi8vdGVz +-dC85NDYwEYYPaHR0cDovL3Rlc3QvOTQ3MBGGD2h0dHA6Ly90ZXN0Lzk0ODARhg9o +-dHRwOi8vdGVzdC85NDkwEYYPaHR0cDovL3Rlc3QvOTUwMBGGD2h0dHA6Ly90ZXN0 +-Lzk1MTARhg9odHRwOi8vdGVzdC85NTIwEYYPaHR0cDovL3Rlc3QvOTUzMBGGD2h0 +-dHA6Ly90ZXN0Lzk1NDARhg9odHRwOi8vdGVzdC85NTUwEYYPaHR0cDovL3Rlc3Qv +-OTU2MBGGD2h0dHA6Ly90ZXN0Lzk1NzARhg9odHRwOi8vdGVzdC85NTgwEYYPaHR0 +-cDovL3Rlc3QvOTU5MBGGD2h0dHA6Ly90ZXN0Lzk2MDARhg9odHRwOi8vdGVzdC85 +-NjEwEYYPaHR0cDovL3Rlc3QvOTYyMBGGD2h0dHA6Ly90ZXN0Lzk2MzARhg9odHRw +-Oi8vdGVzdC85NjQwEYYPaHR0cDovL3Rlc3QvOTY1MBGGD2h0dHA6Ly90ZXN0Lzk2 +-NjARhg9odHRwOi8vdGVzdC85NjcwEYYPaHR0cDovL3Rlc3QvOTY4MBGGD2h0dHA6 +-Ly90ZXN0Lzk2OTARhg9odHRwOi8vdGVzdC85NzAwEYYPaHR0cDovL3Rlc3QvOTcx +-MBGGD2h0dHA6Ly90ZXN0Lzk3MjARhg9odHRwOi8vdGVzdC85NzMwEYYPaHR0cDov +-L3Rlc3QvOTc0MBGGD2h0dHA6Ly90ZXN0Lzk3NTARhg9odHRwOi8vdGVzdC85NzYw +-EYYPaHR0cDovL3Rlc3QvOTc3MBGGD2h0dHA6Ly90ZXN0Lzk3ODARhg9odHRwOi8v +-dGVzdC85NzkwEYYPaHR0cDovL3Rlc3QvOTgwMBGGD2h0dHA6Ly90ZXN0Lzk4MTAR +-hg9odHRwOi8vdGVzdC85ODIwEYYPaHR0cDovL3Rlc3QvOTgzMBGGD2h0dHA6Ly90 +-ZXN0Lzk4NDARhg9odHRwOi8vdGVzdC85ODUwEYYPaHR0cDovL3Rlc3QvOTg2MBGG +-D2h0dHA6Ly90ZXN0Lzk4NzARhg9odHRwOi8vdGVzdC85ODgwEYYPaHR0cDovL3Rl +-c3QvOTg5MBGGD2h0dHA6Ly90ZXN0Lzk5MDARhg9odHRwOi8vdGVzdC85OTEwEYYP +-aHR0cDovL3Rlc3QvOTkyMBGGD2h0dHA6Ly90ZXN0Lzk5MzARhg9odHRwOi8vdGVz +-dC85OTQwEYYPaHR0cDovL3Rlc3QvOTk1MBGGD2h0dHA6Ly90ZXN0Lzk5NjARhg9o +-dHRwOi8vdGVzdC85OTcwEYYPaHR0cDovL3Rlc3QvOTk4MBGGD2h0dHA6Ly90ZXN0 +-Lzk5OTAShhBodHRwOi8vdGVzdC8xMDAwMBKGEGh0dHA6Ly90ZXN0LzEwMDEwEoYQ +-aHR0cDovL3Rlc3QvMTAwMjAShhBodHRwOi8vdGVzdC8xMDAzMBKGEGh0dHA6Ly90 +-ZXN0LzEwMDQwEoYQaHR0cDovL3Rlc3QvMTAwNTAShhBodHRwOi8vdGVzdC8xMDA2 +-MBKGEGh0dHA6Ly90ZXN0LzEwMDcwEoYQaHR0cDovL3Rlc3QvMTAwODAShhBodHRw +-Oi8vdGVzdC8xMDA5MBKGEGh0dHA6Ly90ZXN0LzEwMTAwEoYQaHR0cDovL3Rlc3Qv +-MTAxMTAShhBodHRwOi8vdGVzdC8xMDEyMBKGEGh0dHA6Ly90ZXN0LzEwMTMwEoYQ +-aHR0cDovL3Rlc3QvMTAxNDAShhBodHRwOi8vdGVzdC8xMDE1MBKGEGh0dHA6Ly90 +-ZXN0LzEwMTYwEoYQaHR0cDovL3Rlc3QvMTAxNzAShhBodHRwOi8vdGVzdC8xMDE4 +-MBKGEGh0dHA6Ly90ZXN0LzEwMTkwEoYQaHR0cDovL3Rlc3QvMTAyMDAShhBodHRw +-Oi8vdGVzdC8xMDIxMBKGEGh0dHA6Ly90ZXN0LzEwMjIwEoYQaHR0cDovL3Rlc3Qv +-MTAyMzAShhBodHRwOi8vdGVzdC8xMDI0oYLPijAKhwgLAAAA/////zAKhwgLAAAB +-/////zAKhwgLAAAC/////zAKhwgLAAAD/////zAKhwgLAAAE/////zAKhwgLAAAF +-/////zAKhwgLAAAG/////zAKhwgLAAAH/////zAKhwgLAAAI/////zAKhwgLAAAJ +-/////zAKhwgLAAAK/////zAKhwgLAAAL/////zAKhwgLAAAM/////zAKhwgLAAAN +-/////zAKhwgLAAAO/////zAKhwgLAAAP/////zAKhwgLAAAQ/////zAKhwgLAAAR +-/////zAKhwgLAAAS/////zAKhwgLAAAT/////zAKhwgLAAAU/////zAKhwgLAAAV +-/////zAKhwgLAAAW/////zAKhwgLAAAX/////zAKhwgLAAAY/////zAKhwgLAAAZ +-/////zAKhwgLAAAa/////zAKhwgLAAAb/////zAKhwgLAAAc/////zAKhwgLAAAd +-/////zAKhwgLAAAe/////zAKhwgLAAAf/////zAKhwgLAAAg/////zAKhwgLAAAh +-/////zAKhwgLAAAi/////zAKhwgLAAAj/////zAKhwgLAAAk/////zAKhwgLAAAl +-/////zAKhwgLAAAm/////zAKhwgLAAAn/////zAKhwgLAAAo/////zAKhwgLAAAp +-/////zAKhwgLAAAq/////zAKhwgLAAAr/////zAKhwgLAAAs/////zAKhwgLAAAt +-/////zAKhwgLAAAu/////zAKhwgLAAAv/////zAKhwgLAAAw/////zAKhwgLAAAx +-/////zAKhwgLAAAy/////zAKhwgLAAAz/////zAKhwgLAAA0/////zAKhwgLAAA1 +-/////zAKhwgLAAA2/////zAKhwgLAAA3/////zAKhwgLAAA4/////zAKhwgLAAA5 +-/////zAKhwgLAAA6/////zAKhwgLAAA7/////zAKhwgLAAA8/////zAKhwgLAAA9 +-/////zAKhwgLAAA+/////zAKhwgLAAA//////zAKhwgLAABA/////zAKhwgLAABB +-/////zAKhwgLAABC/////zAKhwgLAABD/////zAKhwgLAABE/////zAKhwgLAABF +-/////zAKhwgLAABG/////zAKhwgLAABH/////zAKhwgLAABI/////zAKhwgLAABJ +-/////zAKhwgLAABK/////zAKhwgLAABL/////zAKhwgLAABM/////zAKhwgLAABN +-/////zAKhwgLAABO/////zAKhwgLAABP/////zAKhwgLAABQ/////zAKhwgLAABR +-/////zAKhwgLAABS/////zAKhwgLAABT/////zAKhwgLAABU/////zAKhwgLAABV +-/////zAKhwgLAABW/////zAKhwgLAABX/////zAKhwgLAABY/////zAKhwgLAABZ +-/////zAKhwgLAABa/////zAKhwgLAABb/////zAKhwgLAABc/////zAKhwgLAABd +-/////zAKhwgLAABe/////zAKhwgLAABf/////zAKhwgLAABg/////zAKhwgLAABh +-/////zAKhwgLAABi/////zAKhwgLAABj/////zAKhwgLAABk/////zAKhwgLAABl +-/////zAKhwgLAABm/////zAKhwgLAABn/////zAKhwgLAABo/////zAKhwgLAABp +-/////zAKhwgLAABq/////zAKhwgLAABr/////zAKhwgLAABs/////zAKhwgLAABt +-/////zAKhwgLAABu/////zAKhwgLAABv/////zAKhwgLAABw/////zAKhwgLAABx +-/////zAKhwgLAABy/////zAKhwgLAABz/////zAKhwgLAAB0/////zAKhwgLAAB1 +-/////zAKhwgLAAB2/////zAKhwgLAAB3/////zAKhwgLAAB4/////zAKhwgLAAB5 +-/////zAKhwgLAAB6/////zAKhwgLAAB7/////zAKhwgLAAB8/////zAKhwgLAAB9 +-/////zAKhwgLAAB+/////zAKhwgLAAB//////zAKhwgLAACA/////zAKhwgLAACB +-/////zAKhwgLAACC/////zAKhwgLAACD/////zAKhwgLAACE/////zAKhwgLAACF +-/////zAKhwgLAACG/////zAKhwgLAACH/////zAKhwgLAACI/////zAKhwgLAACJ +-/////zAKhwgLAACK/////zAKhwgLAACL/////zAKhwgLAACM/////zAKhwgLAACN +-/////zAKhwgLAACO/////zAKhwgLAACP/////zAKhwgLAACQ/////zAKhwgLAACR +-/////zAKhwgLAACS/////zAKhwgLAACT/////zAKhwgLAACU/////zAKhwgLAACV +-/////zAKhwgLAACW/////zAKhwgLAACX/////zAKhwgLAACY/////zAKhwgLAACZ +-/////zAKhwgLAACa/////zAKhwgLAACb/////zAKhwgLAACc/////zAKhwgLAACd +-/////zAKhwgLAACe/////zAKhwgLAACf/////zAKhwgLAACg/////zAKhwgLAACh +-/////zAKhwgLAACi/////zAKhwgLAACj/////zAKhwgLAACk/////zAKhwgLAACl +-/////zAKhwgLAACm/////zAKhwgLAACn/////zAKhwgLAACo/////zAKhwgLAACp +-/////zAKhwgLAACq/////zAKhwgLAACr/////zAKhwgLAACs/////zAKhwgLAACt +-/////zAKhwgLAACu/////zAKhwgLAACv/////zAKhwgLAACw/////zAKhwgLAACx +-/////zAKhwgLAACy/////zAKhwgLAACz/////zAKhwgLAAC0/////zAKhwgLAAC1 +-/////zAKhwgLAAC2/////zAKhwgLAAC3/////zAKhwgLAAC4/////zAKhwgLAAC5 +-/////zAKhwgLAAC6/////zAKhwgLAAC7/////zAKhwgLAAC8/////zAKhwgLAAC9 +-/////zAKhwgLAAC+/////zAKhwgLAAC//////zAKhwgLAADA/////zAKhwgLAADB +-/////zAKhwgLAADC/////zAKhwgLAADD/////zAKhwgLAADE/////zAKhwgLAADF +-/////zAKhwgLAADG/////zAKhwgLAADH/////zAKhwgLAADI/////zAKhwgLAADJ +-/////zAKhwgLAADK/////zAKhwgLAADL/////zAKhwgLAADM/////zAKhwgLAADN +-/////zAKhwgLAADO/////zAKhwgLAADP/////zAKhwgLAADQ/////zAKhwgLAADR +-/////zAKhwgLAADS/////zAKhwgLAADT/////zAKhwgLAADU/////zAKhwgLAADV +-/////zAKhwgLAADW/////zAKhwgLAADX/////zAKhwgLAADY/////zAKhwgLAADZ +-/////zAKhwgLAADa/////zAKhwgLAADb/////zAKhwgLAADc/////zAKhwgLAADd +-/////zAKhwgLAADe/////zAKhwgLAADf/////zAKhwgLAADg/////zAKhwgLAADh +-/////zAKhwgLAADi/////zAKhwgLAADj/////zAKhwgLAADk/////zAKhwgLAADl +-/////zAKhwgLAADm/////zAKhwgLAADn/////zAKhwgLAADo/////zAKhwgLAADp +-/////zAKhwgLAADq/////zAKhwgLAADr/////zAKhwgLAADs/////zAKhwgLAADt +-/////zAKhwgLAADu/////zAKhwgLAADv/////zAKhwgLAADw/////zAKhwgLAADx +-/////zAKhwgLAADy/////zAKhwgLAADz/////zAKhwgLAAD0/////zAKhwgLAAD1 +-/////zAKhwgLAAD2/////zAKhwgLAAD3/////zAKhwgLAAD4/////zAKhwgLAAD5 +-/////zAKhwgLAAD6/////zAKhwgLAAD7/////zAKhwgLAAD8/////zAKhwgLAAD9 +-/////zAKhwgLAAD+/////zAKhwgLAAD//////zAKhwgLAAEA/////zAKhwgLAAEB +-/////zAKhwgLAAEC/////zAKhwgLAAED/////zAKhwgLAAEE/////zAKhwgLAAEF +-/////zAKhwgLAAEG/////zAKhwgLAAEH/////zAKhwgLAAEI/////zAKhwgLAAEJ +-/////zAKhwgLAAEK/////zAKhwgLAAEL/////zAKhwgLAAEM/////zAKhwgLAAEN +-/////zAKhwgLAAEO/////zAKhwgLAAEP/////zAKhwgLAAEQ/////zAKhwgLAAER +-/////zAKhwgLAAES/////zAKhwgLAAET/////zAKhwgLAAEU/////zAKhwgLAAEV +-/////zAKhwgLAAEW/////zAKhwgLAAEX/////zAKhwgLAAEY/////zAKhwgLAAEZ +-/////zAKhwgLAAEa/////zAKhwgLAAEb/////zAKhwgLAAEc/////zAKhwgLAAEd +-/////zAKhwgLAAEe/////zAKhwgLAAEf/////zAKhwgLAAEg/////zAKhwgLAAEh +-/////zAKhwgLAAEi/////zAKhwgLAAEj/////zAKhwgLAAEk/////zAKhwgLAAEl +-/////zAKhwgLAAEm/////zAKhwgLAAEn/////zAKhwgLAAEo/////zAKhwgLAAEp +-/////zAKhwgLAAEq/////zAKhwgLAAEr/////zAKhwgLAAEs/////zAKhwgLAAEt +-/////zAKhwgLAAEu/////zAKhwgLAAEv/////zAKhwgLAAEw/////zAKhwgLAAEx +-/////zAKhwgLAAEy/////zAKhwgLAAEz/////zAKhwgLAAE0/////zAKhwgLAAE1 +-/////zAKhwgLAAE2/////zAKhwgLAAE3/////zAKhwgLAAE4/////zAKhwgLAAE5 +-/////zAKhwgLAAE6/////zAKhwgLAAE7/////zAKhwgLAAE8/////zAKhwgLAAE9 +-/////zAKhwgLAAE+/////zAKhwgLAAE//////zAKhwgLAAFA/////zAKhwgLAAFB +-/////zAKhwgLAAFC/////zAKhwgLAAFD/////zAKhwgLAAFE/////zAKhwgLAAFF +-/////zAKhwgLAAFG/////zAKhwgLAAFH/////zAKhwgLAAFI/////zAKhwgLAAFJ +-/////zAKhwgLAAFK/////zAKhwgLAAFL/////zAKhwgLAAFM/////zAKhwgLAAFN +-/////zAKhwgLAAFO/////zAKhwgLAAFP/////zAKhwgLAAFQ/////zAKhwgLAAFR +-/////zAKhwgLAAFS/////zAKhwgLAAFT/////zAKhwgLAAFU/////zAKhwgLAAFV +-/////zAKhwgLAAFW/////zAKhwgLAAFX/////zAKhwgLAAFY/////zAKhwgLAAFZ +-/////zAKhwgLAAFa/////zAKhwgLAAFb/////zAKhwgLAAFc/////zAKhwgLAAFd +-/////zAKhwgLAAFe/////zAKhwgLAAFf/////zAKhwgLAAFg/////zAKhwgLAAFh +-/////zAKhwgLAAFi/////zAKhwgLAAFj/////zAKhwgLAAFk/////zAKhwgLAAFl +-/////zAKhwgLAAFm/////zAKhwgLAAFn/////zAKhwgLAAFo/////zAKhwgLAAFp +-/////zAKhwgLAAFq/////zAKhwgLAAFr/////zAKhwgLAAFs/////zAKhwgLAAFt +-/////zAKhwgLAAFu/////zAKhwgLAAFv/////zAKhwgLAAFw/////zAKhwgLAAFx +-/////zAKhwgLAAFy/////zAKhwgLAAFz/////zAKhwgLAAF0/////zAKhwgLAAF1 +-/////zAKhwgLAAF2/////zAKhwgLAAF3/////zAKhwgLAAF4/////zAKhwgLAAF5 +-/////zAKhwgLAAF6/////zAKhwgLAAF7/////zAKhwgLAAF8/////zAKhwgLAAF9 +-/////zAKhwgLAAF+/////zAKhwgLAAF//////zAKhwgLAAGA/////zAKhwgLAAGB +-/////zAKhwgLAAGC/////zAKhwgLAAGD/////zAKhwgLAAGE/////zAKhwgLAAGF +-/////zAKhwgLAAGG/////zAKhwgLAAGH/////zAKhwgLAAGI/////zAKhwgLAAGJ +-/////zAKhwgLAAGK/////zAKhwgLAAGL/////zAKhwgLAAGM/////zAKhwgLAAGN +-/////zAKhwgLAAGO/////zAKhwgLAAGP/////zAKhwgLAAGQ/////zAKhwgLAAGR +-/////zAKhwgLAAGS/////zAKhwgLAAGT/////zAKhwgLAAGU/////zAKhwgLAAGV +-/////zAKhwgLAAGW/////zAKhwgLAAGX/////zAKhwgLAAGY/////zAKhwgLAAGZ +-/////zAKhwgLAAGa/////zAKhwgLAAGb/////zAKhwgLAAGc/////zAKhwgLAAGd +-/////zAKhwgLAAGe/////zAKhwgLAAGf/////zAKhwgLAAGg/////zAKhwgLAAGh +-/////zAKhwgLAAGi/////zAKhwgLAAGj/////zAKhwgLAAGk/////zAKhwgLAAGl +-/////zAKhwgLAAGm/////zAKhwgLAAGn/////zAKhwgLAAGo/////zAKhwgLAAGp +-/////zAKhwgLAAGq/////zAKhwgLAAGr/////zAKhwgLAAGs/////zAKhwgLAAGt +-/////zAKhwgLAAGu/////zAKhwgLAAGv/////zAKhwgLAAGw/////zAKhwgLAAGx +-/////zAKhwgLAAGy/////zAKhwgLAAGz/////zAKhwgLAAG0/////zAKhwgLAAG1 +-/////zAKhwgLAAG2/////zAKhwgLAAG3/////zAKhwgLAAG4/////zAKhwgLAAG5 +-/////zAKhwgLAAG6/////zAKhwgLAAG7/////zAKhwgLAAG8/////zAKhwgLAAG9 +-/////zAKhwgLAAG+/////zAKhwgLAAG//////zAKhwgLAAHA/////zAKhwgLAAHB +-/////zAKhwgLAAHC/////zAKhwgLAAHD/////zAKhwgLAAHE/////zAKhwgLAAHF +-/////zAKhwgLAAHG/////zAKhwgLAAHH/////zAKhwgLAAHI/////zAKhwgLAAHJ +-/////zAKhwgLAAHK/////zAKhwgLAAHL/////zAKhwgLAAHM/////zAKhwgLAAHN +-/////zAKhwgLAAHO/////zAKhwgLAAHP/////zAKhwgLAAHQ/////zAKhwgLAAHR +-/////zAKhwgLAAHS/////zAKhwgLAAHT/////zAKhwgLAAHU/////zAKhwgLAAHV +-/////zAKhwgLAAHW/////zAKhwgLAAHX/////zAKhwgLAAHY/////zAKhwgLAAHZ +-/////zAKhwgLAAHa/////zAKhwgLAAHb/////zAKhwgLAAHc/////zAKhwgLAAHd +-/////zAKhwgLAAHe/////zAKhwgLAAHf/////zAKhwgLAAHg/////zAKhwgLAAHh +-/////zAKhwgLAAHi/////zAKhwgLAAHj/////zAKhwgLAAHk/////zAKhwgLAAHl +-/////zAKhwgLAAHm/////zAKhwgLAAHn/////zAKhwgLAAHo/////zAKhwgLAAHp +-/////zAKhwgLAAHq/////zAKhwgLAAHr/////zAKhwgLAAHs/////zAKhwgLAAHt +-/////zAKhwgLAAHu/////zAKhwgLAAHv/////zAKhwgLAAHw/////zAKhwgLAAHx +-/////zAKhwgLAAHy/////zAKhwgLAAHz/////zAKhwgLAAH0/////zAKhwgLAAH1 +-/////zAKhwgLAAH2/////zAKhwgLAAH3/////zAKhwgLAAH4/////zAKhwgLAAH5 +-/////zAKhwgLAAH6/////zAKhwgLAAH7/////zAKhwgLAAH8/////zAKhwgLAAH9 +-/////zAKhwgLAAH+/////zAKhwgLAAH//////zAKhwgLAAIA/////zAKhwgLAAIB +-/////zAKhwgLAAIC/////zAKhwgLAAID/////zAKhwgLAAIE/////zAKhwgLAAIF +-/////zAKhwgLAAIG/////zAKhwgLAAIH/////zAKhwgLAAII/////zAKhwgLAAIJ +-/////zAKhwgLAAIK/////zAKhwgLAAIL/////zAKhwgLAAIM/////zAKhwgLAAIN +-/////zAKhwgLAAIO/////zAKhwgLAAIP/////zAKhwgLAAIQ/////zAKhwgLAAIR +-/////zAKhwgLAAIS/////zAKhwgLAAIT/////zAKhwgLAAIU/////zAKhwgLAAIV +-/////zAKhwgLAAIW/////zAKhwgLAAIX/////zAKhwgLAAIY/////zAKhwgLAAIZ +-/////zAKhwgLAAIa/////zAKhwgLAAIb/////zAKhwgLAAIc/////zAKhwgLAAId +-/////zAKhwgLAAIe/////zAKhwgLAAIf/////zAKhwgLAAIg/////zAKhwgLAAIh +-/////zAKhwgLAAIi/////zAKhwgLAAIj/////zAKhwgLAAIk/////zAKhwgLAAIl +-/////zAKhwgLAAIm/////zAKhwgLAAIn/////zAKhwgLAAIo/////zAKhwgLAAIp +-/////zAKhwgLAAIq/////zAKhwgLAAIr/////zAKhwgLAAIs/////zAKhwgLAAIt +-/////zAKhwgLAAIu/////zAKhwgLAAIv/////zAKhwgLAAIw/////zAKhwgLAAIx +-/////zAKhwgLAAIy/////zAKhwgLAAIz/////zAKhwgLAAI0/////zAKhwgLAAI1 +-/////zAKhwgLAAI2/////zAKhwgLAAI3/////zAKhwgLAAI4/////zAKhwgLAAI5 +-/////zAKhwgLAAI6/////zAKhwgLAAI7/////zAKhwgLAAI8/////zAKhwgLAAI9 +-/////zAKhwgLAAI+/////zAKhwgLAAI//////zAKhwgLAAJA/////zAKhwgLAAJB +-/////zAKhwgLAAJC/////zAKhwgLAAJD/////zAKhwgLAAJE/////zAKhwgLAAJF +-/////zAKhwgLAAJG/////zAKhwgLAAJH/////zAKhwgLAAJI/////zAKhwgLAAJJ +-/////zAKhwgLAAJK/////zAKhwgLAAJL/////zAKhwgLAAJM/////zAKhwgLAAJN +-/////zAKhwgLAAJO/////zAKhwgLAAJP/////zAKhwgLAAJQ/////zAKhwgLAAJR +-/////zAKhwgLAAJS/////zAKhwgLAAJT/////zAKhwgLAAJU/////zAKhwgLAAJV +-/////zAKhwgLAAJW/////zAKhwgLAAJX/////zAKhwgLAAJY/////zAKhwgLAAJZ +-/////zAKhwgLAAJa/////zAKhwgLAAJb/////zAKhwgLAAJc/////zAKhwgLAAJd +-/////zAKhwgLAAJe/////zAKhwgLAAJf/////zAKhwgLAAJg/////zAKhwgLAAJh +-/////zAKhwgLAAJi/////zAKhwgLAAJj/////zAKhwgLAAJk/////zAKhwgLAAJl +-/////zAKhwgLAAJm/////zAKhwgLAAJn/////zAKhwgLAAJo/////zAKhwgLAAJp +-/////zAKhwgLAAJq/////zAKhwgLAAJr/////zAKhwgLAAJs/////zAKhwgLAAJt +-/////zAKhwgLAAJu/////zAKhwgLAAJv/////zAKhwgLAAJw/////zAKhwgLAAJx +-/////zAKhwgLAAJy/////zAKhwgLAAJz/////zAKhwgLAAJ0/////zAKhwgLAAJ1 +-/////zAKhwgLAAJ2/////zAKhwgLAAJ3/////zAKhwgLAAJ4/////zAKhwgLAAJ5 +-/////zAKhwgLAAJ6/////zAKhwgLAAJ7/////zAKhwgLAAJ8/////zAKhwgLAAJ9 +-/////zAKhwgLAAJ+/////zAKhwgLAAJ//////zAKhwgLAAKA/////zAKhwgLAAKB +-/////zAKhwgLAAKC/////zAKhwgLAAKD/////zAKhwgLAAKE/////zAKhwgLAAKF +-/////zAKhwgLAAKG/////zAKhwgLAAKH/////zAKhwgLAAKI/////zAKhwgLAAKJ +-/////zAKhwgLAAKK/////zAKhwgLAAKL/////zAKhwgLAAKM/////zAKhwgLAAKN +-/////zAKhwgLAAKO/////zAKhwgLAAKP/////zAKhwgLAAKQ/////zAKhwgLAAKR +-/////zAKhwgLAAKS/////zAKhwgLAAKT/////zAKhwgLAAKU/////zAKhwgLAAKV +-/////zAKhwgLAAKW/////zAKhwgLAAKX/////zAKhwgLAAKY/////zAKhwgLAAKZ +-/////zAKhwgLAAKa/////zAKhwgLAAKb/////zAKhwgLAAKc/////zAKhwgLAAKd +-/////zAKhwgLAAKe/////zAKhwgLAAKf/////zAKhwgLAAKg/////zAKhwgLAAKh +-/////zAKhwgLAAKi/////zAKhwgLAAKj/////zAKhwgLAAKk/////zAKhwgLAAKl +-/////zAKhwgLAAKm/////zAKhwgLAAKn/////zAKhwgLAAKo/////zAKhwgLAAKp +-/////zAKhwgLAAKq/////zAKhwgLAAKr/////zAKhwgLAAKs/////zAKhwgLAAKt +-/////zAKhwgLAAKu/////zAKhwgLAAKv/////zAKhwgLAAKw/////zAKhwgLAAKx +-/////zAKhwgLAAKy/////zAKhwgLAAKz/////zAKhwgLAAK0/////zAKhwgLAAK1 +-/////zAKhwgLAAK2/////zAKhwgLAAK3/////zAKhwgLAAK4/////zAKhwgLAAK5 +-/////zAKhwgLAAK6/////zAKhwgLAAK7/////zAKhwgLAAK8/////zAKhwgLAAK9 +-/////zAKhwgLAAK+/////zAKhwgLAAK//////zAKhwgLAALA/////zAKhwgLAALB +-/////zAKhwgLAALC/////zAKhwgLAALD/////zAKhwgLAALE/////zAKhwgLAALF +-/////zAKhwgLAALG/////zAKhwgLAALH/////zAKhwgLAALI/////zAKhwgLAALJ +-/////zAKhwgLAALK/////zAKhwgLAALL/////zAKhwgLAALM/////zAKhwgLAALN +-/////zAKhwgLAALO/////zAKhwgLAALP/////zAKhwgLAALQ/////zAKhwgLAALR +-/////zAKhwgLAALS/////zAKhwgLAALT/////zAKhwgLAALU/////zAKhwgLAALV +-/////zAKhwgLAALW/////zAKhwgLAALX/////zAKhwgLAALY/////zAKhwgLAALZ +-/////zAKhwgLAALa/////zAKhwgLAALb/////zAKhwgLAALc/////zAKhwgLAALd +-/////zAKhwgLAALe/////zAKhwgLAALf/////zAKhwgLAALg/////zAKhwgLAALh +-/////zAKhwgLAALi/////zAKhwgLAALj/////zAKhwgLAALk/////zAKhwgLAALl +-/////zAKhwgLAALm/////zAKhwgLAALn/////zAKhwgLAALo/////zAKhwgLAALp +-/////zAKhwgLAALq/////zAKhwgLAALr/////zAKhwgLAALs/////zAKhwgLAALt +-/////zAKhwgLAALu/////zAKhwgLAALv/////zAKhwgLAALw/////zAKhwgLAALx +-/////zAKhwgLAALy/////zAKhwgLAALz/////zAKhwgLAAL0/////zAKhwgLAAL1 +-/////zAKhwgLAAL2/////zAKhwgLAAL3/////zAKhwgLAAL4/////zAKhwgLAAL5 +-/////zAKhwgLAAL6/////zAKhwgLAAL7/////zAKhwgLAAL8/////zAKhwgLAAL9 +-/////zAKhwgLAAL+/////zAKhwgLAAL//////zAKhwgLAAMA/////zAKhwgLAAMB +-/////zAKhwgLAAMC/////zAKhwgLAAMD/////zAKhwgLAAME/////zAKhwgLAAMF +-/////zAKhwgLAAMG/////zAKhwgLAAMH/////zAKhwgLAAMI/////zAKhwgLAAMJ +-/////zAKhwgLAAMK/////zAKhwgLAAML/////zAKhwgLAAMM/////zAKhwgLAAMN +-/////zAKhwgLAAMO/////zAKhwgLAAMP/////zAKhwgLAAMQ/////zAKhwgLAAMR +-/////zAKhwgLAAMS/////zAKhwgLAAMT/////zAKhwgLAAMU/////zAKhwgLAAMV +-/////zAKhwgLAAMW/////zAKhwgLAAMX/////zAKhwgLAAMY/////zAKhwgLAAMZ +-/////zAKhwgLAAMa/////zAKhwgLAAMb/////zAKhwgLAAMc/////zAKhwgLAAMd +-/////zAKhwgLAAMe/////zAKhwgLAAMf/////zAKhwgLAAMg/////zAKhwgLAAMh +-/////zAKhwgLAAMi/////zAKhwgLAAMj/////zAKhwgLAAMk/////zAKhwgLAAMl +-/////zAKhwgLAAMm/////zAKhwgLAAMn/////zAKhwgLAAMo/////zAKhwgLAAMp +-/////zAKhwgLAAMq/////zAKhwgLAAMr/////zAKhwgLAAMs/////zAKhwgLAAMt +-/////zAKhwgLAAMu/////zAKhwgLAAMv/////zAKhwgLAAMw/////zAKhwgLAAMx +-/////zAKhwgLAAMy/////zAKhwgLAAMz/////zAKhwgLAAM0/////zAKhwgLAAM1 +-/////zAKhwgLAAM2/////zAKhwgLAAM3/////zAKhwgLAAM4/////zAKhwgLAAM5 +-/////zAKhwgLAAM6/////zAKhwgLAAM7/////zAKhwgLAAM8/////zAKhwgLAAM9 +-/////zAKhwgLAAM+/////zAKhwgLAAM//////zAKhwgLAANA/////zAKhwgLAANB +-/////zAKhwgLAANC/////zAKhwgLAAND/////zAKhwgLAANE/////zAKhwgLAANF +-/////zAKhwgLAANG/////zAKhwgLAANH/////zAKhwgLAANI/////zAKhwgLAANJ +-/////zAKhwgLAANK/////zAKhwgLAANL/////zAKhwgLAANM/////zAKhwgLAANN +-/////zAKhwgLAANO/////zAKhwgLAANP/////zAKhwgLAANQ/////zAKhwgLAANR +-/////zAKhwgLAANS/////zAKhwgLAANT/////zAKhwgLAANU/////zAKhwgLAANV +-/////zAKhwgLAANW/////zAKhwgLAANX/////zAKhwgLAANY/////zAKhwgLAANZ +-/////zAKhwgLAANa/////zAKhwgLAANb/////zAKhwgLAANc/////zAKhwgLAANd +-/////zAKhwgLAANe/////zAKhwgLAANf/////zAKhwgLAANg/////zAKhwgLAANh +-/////zAKhwgLAANi/////zAKhwgLAANj/////zAKhwgLAANk/////zAKhwgLAANl +-/////zAKhwgLAANm/////zAKhwgLAANn/////zAKhwgLAANo/////zAKhwgLAANp +-/////zAKhwgLAANq/////zAKhwgLAANr/////zAKhwgLAANs/////zAKhwgLAANt +-/////zAKhwgLAANu/////zAKhwgLAANv/////zAKhwgLAANw/////zAKhwgLAANx +-/////zAKhwgLAANy/////zAKhwgLAANz/////zAKhwgLAAN0/////zAKhwgLAAN1 +-/////zAKhwgLAAN2/////zAKhwgLAAN3/////zAKhwgLAAN4/////zAKhwgLAAN5 +-/////zAKhwgLAAN6/////zAKhwgLAAN7/////zAKhwgLAAN8/////zAKhwgLAAN9 +-/////zAKhwgLAAN+/////zAKhwgLAAN//////zAKhwgLAAOA/////zAKhwgLAAOB +-/////zAKhwgLAAOC/////zAKhwgLAAOD/////zAKhwgLAAOE/////zAKhwgLAAOF +-/////zAKhwgLAAOG/////zAKhwgLAAOH/////zAKhwgLAAOI/////zAKhwgLAAOJ +-/////zAKhwgLAAOK/////zAKhwgLAAOL/////zAKhwgLAAOM/////zAKhwgLAAON +-/////zAKhwgLAAOO/////zAKhwgLAAOP/////zAKhwgLAAOQ/////zAKhwgLAAOR +-/////zAKhwgLAAOS/////zAKhwgLAAOT/////zAKhwgLAAOU/////zAKhwgLAAOV +-/////zAKhwgLAAOW/////zAKhwgLAAOX/////zAKhwgLAAOY/////zAKhwgLAAOZ +-/////zAKhwgLAAOa/////zAKhwgLAAOb/////zAKhwgLAAOc/////zAKhwgLAAOd +-/////zAKhwgLAAOe/////zAKhwgLAAOf/////zAKhwgLAAOg/////zAKhwgLAAOh +-/////zAKhwgLAAOi/////zAKhwgLAAOj/////zAKhwgLAAOk/////zAKhwgLAAOl +-/////zAKhwgLAAOm/////zAKhwgLAAOn/////zAKhwgLAAOo/////zAKhwgLAAOp +-/////zAKhwgLAAOq/////zAKhwgLAAOr/////zAKhwgLAAOs/////zAKhwgLAAOt +-/////zAKhwgLAAOu/////zAKhwgLAAOv/////zAKhwgLAAOw/////zAKhwgLAAOx +-/////zAKhwgLAAOy/////zAKhwgLAAOz/////zAKhwgLAAO0/////zAKhwgLAAO1 +-/////zAKhwgLAAO2/////zAKhwgLAAO3/////zAKhwgLAAO4/////zAKhwgLAAO5 +-/////zAKhwgLAAO6/////zAKhwgLAAO7/////zAKhwgLAAO8/////zAKhwgLAAO9 +-/////zAKhwgLAAO+/////zAKhwgLAAO//////zAKhwgLAAPA/////zAKhwgLAAPB +-/////zAKhwgLAAPC/////zAKhwgLAAPD/////zAKhwgLAAPE/////zAKhwgLAAPF +-/////zAKhwgLAAPG/////zAKhwgLAAPH/////zAKhwgLAAPI/////zAKhwgLAAPJ +-/////zAKhwgLAAPK/////zAKhwgLAAPL/////zAKhwgLAAPM/////zAKhwgLAAPN +-/////zAKhwgLAAPO/////zAKhwgLAAPP/////zAKhwgLAAPQ/////zAKhwgLAAPR +-/////zAKhwgLAAPS/////zAKhwgLAAPT/////zAKhwgLAAPU/////zAKhwgLAAPV +-/////zAKhwgLAAPW/////zAKhwgLAAPX/////zAKhwgLAAPY/////zAKhwgLAAPZ +-/////zAKhwgLAAPa/////zAKhwgLAAPb/////zAKhwgLAAPc/////zAKhwgLAAPd +-/////zAKhwgLAAPe/////zAKhwgLAAPf/////zAKhwgLAAPg/////zAKhwgLAAPh +-/////zAKhwgLAAPi/////zAKhwgLAAPj/////zAKhwgLAAPk/////zAKhwgLAAPl +-/////zAKhwgLAAPm/////zAKhwgLAAPn/////zAKhwgLAAPo/////zAKhwgLAAPp +-/////zAKhwgLAAPq/////zAKhwgLAAPr/////zAKhwgLAAPs/////zAKhwgLAAPt +-/////zAKhwgLAAPu/////zAKhwgLAAPv/////zAKhwgLAAPw/////zAKhwgLAAPx +-/////zAKhwgLAAPy/////zAKhwgLAAPz/////zAKhwgLAAP0/////zAKhwgLAAP1 +-/////zAKhwgLAAP2/////zAKhwgLAAP3/////zAKhwgLAAP4/////zAKhwgLAAP5 +-/////zAKhwgLAAP6/////zAKhwgLAAP7/////zAKhwgLAAP8/////zAKhwgLAAP9 +-/////zAKhwgLAAP+/////zAKhwgLAAP//////zAKhwgLAAQA/////zARpA8wDTEL +-MAkGA1UEAwwCeDAwEaQPMA0xCzAJBgNVBAMMAngxMBGkDzANMQswCQYDVQQDDAJ4 +-MjARpA8wDTELMAkGA1UEAwwCeDMwEaQPMA0xCzAJBgNVBAMMAng0MBGkDzANMQsw +-CQYDVQQDDAJ4NTARpA8wDTELMAkGA1UEAwwCeDYwEaQPMA0xCzAJBgNVBAMMAng3 +-MBGkDzANMQswCQYDVQQDDAJ4ODARpA8wDTELMAkGA1UEAwwCeDkwEqQQMA4xDDAK +-BgNVBAMMA3gxMDASpBAwDjEMMAoGA1UEAwwDeDExMBKkEDAOMQwwCgYDVQQDDAN4 +-MTIwEqQQMA4xDDAKBgNVBAMMA3gxMzASpBAwDjEMMAoGA1UEAwwDeDE0MBKkEDAO +-MQwwCgYDVQQDDAN4MTUwEqQQMA4xDDAKBgNVBAMMA3gxNjASpBAwDjEMMAoGA1UE +-AwwDeDE3MBKkEDAOMQwwCgYDVQQDDAN4MTgwEqQQMA4xDDAKBgNVBAMMA3gxOTAS +-pBAwDjEMMAoGA1UEAwwDeDIwMBKkEDAOMQwwCgYDVQQDDAN4MjEwEqQQMA4xDDAK +-BgNVBAMMA3gyMjASpBAwDjEMMAoGA1UEAwwDeDIzMBKkEDAOMQwwCgYDVQQDDAN4 +-MjQwEqQQMA4xDDAKBgNVBAMMA3gyNTASpBAwDjEMMAoGA1UEAwwDeDI2MBKkEDAO +-MQwwCgYDVQQDDAN4MjcwEqQQMA4xDDAKBgNVBAMMA3gyODASpBAwDjEMMAoGA1UE +-AwwDeDI5MBKkEDAOMQwwCgYDVQQDDAN4MzAwEqQQMA4xDDAKBgNVBAMMA3gzMTAS +-pBAwDjEMMAoGA1UEAwwDeDMyMBKkEDAOMQwwCgYDVQQDDAN4MzMwEqQQMA4xDDAK +-BgNVBAMMA3gzNDASpBAwDjEMMAoGA1UEAwwDeDM1MBKkEDAOMQwwCgYDVQQDDAN4 +-MzYwEqQQMA4xDDAKBgNVBAMMA3gzNzASpBAwDjEMMAoGA1UEAwwDeDM4MBKkEDAO +-MQwwCgYDVQQDDAN4MzkwEqQQMA4xDDAKBgNVBAMMA3g0MDASpBAwDjEMMAoGA1UE +-AwwDeDQxMBKkEDAOMQwwCgYDVQQDDAN4NDIwEqQQMA4xDDAKBgNVBAMMA3g0MzAS +-pBAwDjEMMAoGA1UEAwwDeDQ0MBKkEDAOMQwwCgYDVQQDDAN4NDUwEqQQMA4xDDAK +-BgNVBAMMA3g0NjASpBAwDjEMMAoGA1UEAwwDeDQ3MBKkEDAOMQwwCgYDVQQDDAN4 +-NDgwEqQQMA4xDDAKBgNVBAMMA3g0OTASpBAwDjEMMAoGA1UEAwwDeDUwMBKkEDAO +-MQwwCgYDVQQDDAN4NTEwEqQQMA4xDDAKBgNVBAMMA3g1MjASpBAwDjEMMAoGA1UE +-AwwDeDUzMBKkEDAOMQwwCgYDVQQDDAN4NTQwEqQQMA4xDDAKBgNVBAMMA3g1NTAS +-pBAwDjEMMAoGA1UEAwwDeDU2MBKkEDAOMQwwCgYDVQQDDAN4NTcwEqQQMA4xDDAK +-BgNVBAMMA3g1ODASpBAwDjEMMAoGA1UEAwwDeDU5MBKkEDAOMQwwCgYDVQQDDAN4 +-NjAwEqQQMA4xDDAKBgNVBAMMA3g2MTASpBAwDjEMMAoGA1UEAwwDeDYyMBKkEDAO +-MQwwCgYDVQQDDAN4NjMwEqQQMA4xDDAKBgNVBAMMA3g2NDASpBAwDjEMMAoGA1UE +-AwwDeDY1MBKkEDAOMQwwCgYDVQQDDAN4NjYwEqQQMA4xDDAKBgNVBAMMA3g2NzAS +-pBAwDjEMMAoGA1UEAwwDeDY4MBKkEDAOMQwwCgYDVQQDDAN4NjkwEqQQMA4xDDAK +-BgNVBAMMA3g3MDASpBAwDjEMMAoGA1UEAwwDeDcxMBKkEDAOMQwwCgYDVQQDDAN4 +-NzIwEqQQMA4xDDAKBgNVBAMMA3g3MzASpBAwDjEMMAoGA1UEAwwDeDc0MBKkEDAO +-MQwwCgYDVQQDDAN4NzUwEqQQMA4xDDAKBgNVBAMMA3g3NjASpBAwDjEMMAoGA1UE +-AwwDeDc3MBKkEDAOMQwwCgYDVQQDDAN4NzgwEqQQMA4xDDAKBgNVBAMMA3g3OTAS +-pBAwDjEMMAoGA1UEAwwDeDgwMBKkEDAOMQwwCgYDVQQDDAN4ODEwEqQQMA4xDDAK +-BgNVBAMMA3g4MjASpBAwDjEMMAoGA1UEAwwDeDgzMBKkEDAOMQwwCgYDVQQDDAN4 +-ODQwEqQQMA4xDDAKBgNVBAMMA3g4NTASpBAwDjEMMAoGA1UEAwwDeDg2MBKkEDAO +-MQwwCgYDVQQDDAN4ODcwEqQQMA4xDDAKBgNVBAMMA3g4ODASpBAwDjEMMAoGA1UE +-AwwDeDg5MBKkEDAOMQwwCgYDVQQDDAN4OTAwEqQQMA4xDDAKBgNVBAMMA3g5MTAS +-pBAwDjEMMAoGA1UEAwwDeDkyMBKkEDAOMQwwCgYDVQQDDAN4OTMwEqQQMA4xDDAK +-BgNVBAMMA3g5NDASpBAwDjEMMAoGA1UEAwwDeDk1MBKkEDAOMQwwCgYDVQQDDAN4 +-OTYwEqQQMA4xDDAKBgNVBAMMA3g5NzASpBAwDjEMMAoGA1UEAwwDeDk4MBKkEDAO +-MQwwCgYDVQQDDAN4OTkwE6QRMA8xDTALBgNVBAMMBHgxMDAwE6QRMA8xDTALBgNV +-BAMMBHgxMDEwE6QRMA8xDTALBgNVBAMMBHgxMDIwE6QRMA8xDTALBgNVBAMMBHgx +-MDMwE6QRMA8xDTALBgNVBAMMBHgxMDQwE6QRMA8xDTALBgNVBAMMBHgxMDUwE6QR +-MA8xDTALBgNVBAMMBHgxMDYwE6QRMA8xDTALBgNVBAMMBHgxMDcwE6QRMA8xDTAL +-BgNVBAMMBHgxMDgwE6QRMA8xDTALBgNVBAMMBHgxMDkwE6QRMA8xDTALBgNVBAMM +-BHgxMTAwE6QRMA8xDTALBgNVBAMMBHgxMTEwE6QRMA8xDTALBgNVBAMMBHgxMTIw +-E6QRMA8xDTALBgNVBAMMBHgxMTMwE6QRMA8xDTALBgNVBAMMBHgxMTQwE6QRMA8x +-DTALBgNVBAMMBHgxMTUwE6QRMA8xDTALBgNVBAMMBHgxMTYwE6QRMA8xDTALBgNV +-BAMMBHgxMTcwE6QRMA8xDTALBgNVBAMMBHgxMTgwE6QRMA8xDTALBgNVBAMMBHgx +-MTkwE6QRMA8xDTALBgNVBAMMBHgxMjAwE6QRMA8xDTALBgNVBAMMBHgxMjEwE6QR +-MA8xDTALBgNVBAMMBHgxMjIwE6QRMA8xDTALBgNVBAMMBHgxMjMwE6QRMA8xDTAL +-BgNVBAMMBHgxMjQwE6QRMA8xDTALBgNVBAMMBHgxMjUwE6QRMA8xDTALBgNVBAMM +-BHgxMjYwE6QRMA8xDTALBgNVBAMMBHgxMjcwE6QRMA8xDTALBgNVBAMMBHgxMjgw +-E6QRMA8xDTALBgNVBAMMBHgxMjkwE6QRMA8xDTALBgNVBAMMBHgxMzAwE6QRMA8x +-DTALBgNVBAMMBHgxMzEwE6QRMA8xDTALBgNVBAMMBHgxMzIwE6QRMA8xDTALBgNV +-BAMMBHgxMzMwE6QRMA8xDTALBgNVBAMMBHgxMzQwE6QRMA8xDTALBgNVBAMMBHgx +-MzUwE6QRMA8xDTALBgNVBAMMBHgxMzYwE6QRMA8xDTALBgNVBAMMBHgxMzcwE6QR +-MA8xDTALBgNVBAMMBHgxMzgwE6QRMA8xDTALBgNVBAMMBHgxMzkwE6QRMA8xDTAL +-BgNVBAMMBHgxNDAwE6QRMA8xDTALBgNVBAMMBHgxNDEwE6QRMA8xDTALBgNVBAMM +-BHgxNDIwE6QRMA8xDTALBgNVBAMMBHgxNDMwE6QRMA8xDTALBgNVBAMMBHgxNDQw +-E6QRMA8xDTALBgNVBAMMBHgxNDUwE6QRMA8xDTALBgNVBAMMBHgxNDYwE6QRMA8x +-DTALBgNVBAMMBHgxNDcwE6QRMA8xDTALBgNVBAMMBHgxNDgwE6QRMA8xDTALBgNV +-BAMMBHgxNDkwE6QRMA8xDTALBgNVBAMMBHgxNTAwE6QRMA8xDTALBgNVBAMMBHgx +-NTEwE6QRMA8xDTALBgNVBAMMBHgxNTIwE6QRMA8xDTALBgNVBAMMBHgxNTMwE6QR +-MA8xDTALBgNVBAMMBHgxNTQwE6QRMA8xDTALBgNVBAMMBHgxNTUwE6QRMA8xDTAL +-BgNVBAMMBHgxNTYwE6QRMA8xDTALBgNVBAMMBHgxNTcwE6QRMA8xDTALBgNVBAMM +-BHgxNTgwE6QRMA8xDTALBgNVBAMMBHgxNTkwE6QRMA8xDTALBgNVBAMMBHgxNjAw +-E6QRMA8xDTALBgNVBAMMBHgxNjEwE6QRMA8xDTALBgNVBAMMBHgxNjIwE6QRMA8x +-DTALBgNVBAMMBHgxNjMwE6QRMA8xDTALBgNVBAMMBHgxNjQwE6QRMA8xDTALBgNV +-BAMMBHgxNjUwE6QRMA8xDTALBgNVBAMMBHgxNjYwE6QRMA8xDTALBgNVBAMMBHgx +-NjcwE6QRMA8xDTALBgNVBAMMBHgxNjgwE6QRMA8xDTALBgNVBAMMBHgxNjkwE6QR +-MA8xDTALBgNVBAMMBHgxNzAwE6QRMA8xDTALBgNVBAMMBHgxNzEwE6QRMA8xDTAL +-BgNVBAMMBHgxNzIwE6QRMA8xDTALBgNVBAMMBHgxNzMwE6QRMA8xDTALBgNVBAMM +-BHgxNzQwE6QRMA8xDTALBgNVBAMMBHgxNzUwE6QRMA8xDTALBgNVBAMMBHgxNzYw +-E6QRMA8xDTALBgNVBAMMBHgxNzcwE6QRMA8xDTALBgNVBAMMBHgxNzgwE6QRMA8x +-DTALBgNVBAMMBHgxNzkwE6QRMA8xDTALBgNVBAMMBHgxODAwE6QRMA8xDTALBgNV +-BAMMBHgxODEwE6QRMA8xDTALBgNVBAMMBHgxODIwE6QRMA8xDTALBgNVBAMMBHgx +-ODMwE6QRMA8xDTALBgNVBAMMBHgxODQwE6QRMA8xDTALBgNVBAMMBHgxODUwE6QR +-MA8xDTALBgNVBAMMBHgxODYwE6QRMA8xDTALBgNVBAMMBHgxODcwE6QRMA8xDTAL +-BgNVBAMMBHgxODgwE6QRMA8xDTALBgNVBAMMBHgxODkwE6QRMA8xDTALBgNVBAMM +-BHgxOTAwE6QRMA8xDTALBgNVBAMMBHgxOTEwE6QRMA8xDTALBgNVBAMMBHgxOTIw +-E6QRMA8xDTALBgNVBAMMBHgxOTMwE6QRMA8xDTALBgNVBAMMBHgxOTQwE6QRMA8x +-DTALBgNVBAMMBHgxOTUwE6QRMA8xDTALBgNVBAMMBHgxOTYwE6QRMA8xDTALBgNV +-BAMMBHgxOTcwE6QRMA8xDTALBgNVBAMMBHgxOTgwE6QRMA8xDTALBgNVBAMMBHgx +-OTkwE6QRMA8xDTALBgNVBAMMBHgyMDAwE6QRMA8xDTALBgNVBAMMBHgyMDEwE6QR +-MA8xDTALBgNVBAMMBHgyMDIwE6QRMA8xDTALBgNVBAMMBHgyMDMwE6QRMA8xDTAL +-BgNVBAMMBHgyMDQwE6QRMA8xDTALBgNVBAMMBHgyMDUwE6QRMA8xDTALBgNVBAMM +-BHgyMDYwE6QRMA8xDTALBgNVBAMMBHgyMDcwE6QRMA8xDTALBgNVBAMMBHgyMDgw +-E6QRMA8xDTALBgNVBAMMBHgyMDkwE6QRMA8xDTALBgNVBAMMBHgyMTAwE6QRMA8x +-DTALBgNVBAMMBHgyMTEwE6QRMA8xDTALBgNVBAMMBHgyMTIwE6QRMA8xDTALBgNV +-BAMMBHgyMTMwE6QRMA8xDTALBgNVBAMMBHgyMTQwE6QRMA8xDTALBgNVBAMMBHgy +-MTUwE6QRMA8xDTALBgNVBAMMBHgyMTYwE6QRMA8xDTALBgNVBAMMBHgyMTcwE6QR +-MA8xDTALBgNVBAMMBHgyMTgwE6QRMA8xDTALBgNVBAMMBHgyMTkwE6QRMA8xDTAL +-BgNVBAMMBHgyMjAwE6QRMA8xDTALBgNVBAMMBHgyMjEwE6QRMA8xDTALBgNVBAMM +-BHgyMjIwE6QRMA8xDTALBgNVBAMMBHgyMjMwE6QRMA8xDTALBgNVBAMMBHgyMjQw +-E6QRMA8xDTALBgNVBAMMBHgyMjUwE6QRMA8xDTALBgNVBAMMBHgyMjYwE6QRMA8x +-DTALBgNVBAMMBHgyMjcwE6QRMA8xDTALBgNVBAMMBHgyMjgwE6QRMA8xDTALBgNV +-BAMMBHgyMjkwE6QRMA8xDTALBgNVBAMMBHgyMzAwE6QRMA8xDTALBgNVBAMMBHgy +-MzEwE6QRMA8xDTALBgNVBAMMBHgyMzIwE6QRMA8xDTALBgNVBAMMBHgyMzMwE6QR +-MA8xDTALBgNVBAMMBHgyMzQwE6QRMA8xDTALBgNVBAMMBHgyMzUwE6QRMA8xDTAL +-BgNVBAMMBHgyMzYwE6QRMA8xDTALBgNVBAMMBHgyMzcwE6QRMA8xDTALBgNVBAMM +-BHgyMzgwE6QRMA8xDTALBgNVBAMMBHgyMzkwE6QRMA8xDTALBgNVBAMMBHgyNDAw +-E6QRMA8xDTALBgNVBAMMBHgyNDEwE6QRMA8xDTALBgNVBAMMBHgyNDIwE6QRMA8x +-DTALBgNVBAMMBHgyNDMwE6QRMA8xDTALBgNVBAMMBHgyNDQwE6QRMA8xDTALBgNV +-BAMMBHgyNDUwE6QRMA8xDTALBgNVBAMMBHgyNDYwE6QRMA8xDTALBgNVBAMMBHgy +-NDcwE6QRMA8xDTALBgNVBAMMBHgyNDgwE6QRMA8xDTALBgNVBAMMBHgyNDkwE6QR +-MA8xDTALBgNVBAMMBHgyNTAwE6QRMA8xDTALBgNVBAMMBHgyNTEwE6QRMA8xDTAL +-BgNVBAMMBHgyNTIwE6QRMA8xDTALBgNVBAMMBHgyNTMwE6QRMA8xDTALBgNVBAMM +-BHgyNTQwE6QRMA8xDTALBgNVBAMMBHgyNTUwE6QRMA8xDTALBgNVBAMMBHgyNTYw +-E6QRMA8xDTALBgNVBAMMBHgyNTcwE6QRMA8xDTALBgNVBAMMBHgyNTgwE6QRMA8x +-DTALBgNVBAMMBHgyNTkwE6QRMA8xDTALBgNVBAMMBHgyNjAwE6QRMA8xDTALBgNV +-BAMMBHgyNjEwE6QRMA8xDTALBgNVBAMMBHgyNjIwE6QRMA8xDTALBgNVBAMMBHgy +-NjMwE6QRMA8xDTALBgNVBAMMBHgyNjQwE6QRMA8xDTALBgNVBAMMBHgyNjUwE6QR +-MA8xDTALBgNVBAMMBHgyNjYwE6QRMA8xDTALBgNVBAMMBHgyNjcwE6QRMA8xDTAL +-BgNVBAMMBHgyNjgwE6QRMA8xDTALBgNVBAMMBHgyNjkwE6QRMA8xDTALBgNVBAMM +-BHgyNzAwE6QRMA8xDTALBgNVBAMMBHgyNzEwE6QRMA8xDTALBgNVBAMMBHgyNzIw +-E6QRMA8xDTALBgNVBAMMBHgyNzMwE6QRMA8xDTALBgNVBAMMBHgyNzQwE6QRMA8x +-DTALBgNVBAMMBHgyNzUwE6QRMA8xDTALBgNVBAMMBHgyNzYwE6QRMA8xDTALBgNV +-BAMMBHgyNzcwE6QRMA8xDTALBgNVBAMMBHgyNzgwE6QRMA8xDTALBgNVBAMMBHgy +-NzkwE6QRMA8xDTALBgNVBAMMBHgyODAwE6QRMA8xDTALBgNVBAMMBHgyODEwE6QR +-MA8xDTALBgNVBAMMBHgyODIwE6QRMA8xDTALBgNVBAMMBHgyODMwE6QRMA8xDTAL +-BgNVBAMMBHgyODQwE6QRMA8xDTALBgNVBAMMBHgyODUwE6QRMA8xDTALBgNVBAMM +-BHgyODYwE6QRMA8xDTALBgNVBAMMBHgyODcwE6QRMA8xDTALBgNVBAMMBHgyODgw +-E6QRMA8xDTALBgNVBAMMBHgyODkwE6QRMA8xDTALBgNVBAMMBHgyOTAwE6QRMA8x +-DTALBgNVBAMMBHgyOTEwE6QRMA8xDTALBgNVBAMMBHgyOTIwE6QRMA8xDTALBgNV +-BAMMBHgyOTMwE6QRMA8xDTALBgNVBAMMBHgyOTQwE6QRMA8xDTALBgNVBAMMBHgy +-OTUwE6QRMA8xDTALBgNVBAMMBHgyOTYwE6QRMA8xDTALBgNVBAMMBHgyOTcwE6QR +-MA8xDTALBgNVBAMMBHgyOTgwE6QRMA8xDTALBgNVBAMMBHgyOTkwE6QRMA8xDTAL +-BgNVBAMMBHgzMDAwE6QRMA8xDTALBgNVBAMMBHgzMDEwE6QRMA8xDTALBgNVBAMM +-BHgzMDIwE6QRMA8xDTALBgNVBAMMBHgzMDMwE6QRMA8xDTALBgNVBAMMBHgzMDQw +-E6QRMA8xDTALBgNVBAMMBHgzMDUwE6QRMA8xDTALBgNVBAMMBHgzMDYwE6QRMA8x +-DTALBgNVBAMMBHgzMDcwE6QRMA8xDTALBgNVBAMMBHgzMDgwE6QRMA8xDTALBgNV +-BAMMBHgzMDkwE6QRMA8xDTALBgNVBAMMBHgzMTAwE6QRMA8xDTALBgNVBAMMBHgz +-MTEwE6QRMA8xDTALBgNVBAMMBHgzMTIwE6QRMA8xDTALBgNVBAMMBHgzMTMwE6QR +-MA8xDTALBgNVBAMMBHgzMTQwE6QRMA8xDTALBgNVBAMMBHgzMTUwE6QRMA8xDTAL +-BgNVBAMMBHgzMTYwE6QRMA8xDTALBgNVBAMMBHgzMTcwE6QRMA8xDTALBgNVBAMM +-BHgzMTgwE6QRMA8xDTALBgNVBAMMBHgzMTkwE6QRMA8xDTALBgNVBAMMBHgzMjAw +-E6QRMA8xDTALBgNVBAMMBHgzMjEwE6QRMA8xDTALBgNVBAMMBHgzMjIwE6QRMA8x +-DTALBgNVBAMMBHgzMjMwE6QRMA8xDTALBgNVBAMMBHgzMjQwE6QRMA8xDTALBgNV +-BAMMBHgzMjUwE6QRMA8xDTALBgNVBAMMBHgzMjYwE6QRMA8xDTALBgNVBAMMBHgz +-MjcwE6QRMA8xDTALBgNVBAMMBHgzMjgwE6QRMA8xDTALBgNVBAMMBHgzMjkwE6QR +-MA8xDTALBgNVBAMMBHgzMzAwE6QRMA8xDTALBgNVBAMMBHgzMzEwE6QRMA8xDTAL +-BgNVBAMMBHgzMzIwE6QRMA8xDTALBgNVBAMMBHgzMzMwE6QRMA8xDTALBgNVBAMM +-BHgzMzQwE6QRMA8xDTALBgNVBAMMBHgzMzUwE6QRMA8xDTALBgNVBAMMBHgzMzYw +-E6QRMA8xDTALBgNVBAMMBHgzMzcwE6QRMA8xDTALBgNVBAMMBHgzMzgwE6QRMA8x +-DTALBgNVBAMMBHgzMzkwE6QRMA8xDTALBgNVBAMMBHgzNDAwE6QRMA8xDTALBgNV +-BAMMBHgzNDEwE6QRMA8xDTALBgNVBAMMBHgzNDIwE6QRMA8xDTALBgNVBAMMBHgz +-NDMwE6QRMA8xDTALBgNVBAMMBHgzNDQwE6QRMA8xDTALBgNVBAMMBHgzNDUwE6QR +-MA8xDTALBgNVBAMMBHgzNDYwE6QRMA8xDTALBgNVBAMMBHgzNDcwE6QRMA8xDTAL +-BgNVBAMMBHgzNDgwE6QRMA8xDTALBgNVBAMMBHgzNDkwE6QRMA8xDTALBgNVBAMM +-BHgzNTAwE6QRMA8xDTALBgNVBAMMBHgzNTEwE6QRMA8xDTALBgNVBAMMBHgzNTIw +-E6QRMA8xDTALBgNVBAMMBHgzNTMwE6QRMA8xDTALBgNVBAMMBHgzNTQwE6QRMA8x +-DTALBgNVBAMMBHgzNTUwE6QRMA8xDTALBgNVBAMMBHgzNTYwE6QRMA8xDTALBgNV +-BAMMBHgzNTcwE6QRMA8xDTALBgNVBAMMBHgzNTgwE6QRMA8xDTALBgNVBAMMBHgz +-NTkwE6QRMA8xDTALBgNVBAMMBHgzNjAwE6QRMA8xDTALBgNVBAMMBHgzNjEwE6QR +-MA8xDTALBgNVBAMMBHgzNjIwE6QRMA8xDTALBgNVBAMMBHgzNjMwE6QRMA8xDTAL +-BgNVBAMMBHgzNjQwE6QRMA8xDTALBgNVBAMMBHgzNjUwE6QRMA8xDTALBgNVBAMM +-BHgzNjYwE6QRMA8xDTALBgNVBAMMBHgzNjcwE6QRMA8xDTALBgNVBAMMBHgzNjgw +-E6QRMA8xDTALBgNVBAMMBHgzNjkwE6QRMA8xDTALBgNVBAMMBHgzNzAwE6QRMA8x +-DTALBgNVBAMMBHgzNzEwE6QRMA8xDTALBgNVBAMMBHgzNzIwE6QRMA8xDTALBgNV +-BAMMBHgzNzMwE6QRMA8xDTALBgNVBAMMBHgzNzQwE6QRMA8xDTALBgNVBAMMBHgz +-NzUwE6QRMA8xDTALBgNVBAMMBHgzNzYwE6QRMA8xDTALBgNVBAMMBHgzNzcwE6QR +-MA8xDTALBgNVBAMMBHgzNzgwE6QRMA8xDTALBgNVBAMMBHgzNzkwE6QRMA8xDTAL +-BgNVBAMMBHgzODAwE6QRMA8xDTALBgNVBAMMBHgzODEwE6QRMA8xDTALBgNVBAMM +-BHgzODIwE6QRMA8xDTALBgNVBAMMBHgzODMwE6QRMA8xDTALBgNVBAMMBHgzODQw +-E6QRMA8xDTALBgNVBAMMBHgzODUwE6QRMA8xDTALBgNVBAMMBHgzODYwE6QRMA8x +-DTALBgNVBAMMBHgzODcwE6QRMA8xDTALBgNVBAMMBHgzODgwE6QRMA8xDTALBgNV +-BAMMBHgzODkwE6QRMA8xDTALBgNVBAMMBHgzOTAwE6QRMA8xDTALBgNVBAMMBHgz +-OTEwE6QRMA8xDTALBgNVBAMMBHgzOTIwE6QRMA8xDTALBgNVBAMMBHgzOTMwE6QR +-MA8xDTALBgNVBAMMBHgzOTQwE6QRMA8xDTALBgNVBAMMBHgzOTUwE6QRMA8xDTAL +-BgNVBAMMBHgzOTYwE6QRMA8xDTALBgNVBAMMBHgzOTcwE6QRMA8xDTALBgNVBAMM +-BHgzOTgwE6QRMA8xDTALBgNVBAMMBHgzOTkwE6QRMA8xDTALBgNVBAMMBHg0MDAw +-E6QRMA8xDTALBgNVBAMMBHg0MDEwE6QRMA8xDTALBgNVBAMMBHg0MDIwE6QRMA8x +-DTALBgNVBAMMBHg0MDMwE6QRMA8xDTALBgNVBAMMBHg0MDQwE6QRMA8xDTALBgNV +-BAMMBHg0MDUwE6QRMA8xDTALBgNVBAMMBHg0MDYwE6QRMA8xDTALBgNVBAMMBHg0 +-MDcwE6QRMA8xDTALBgNVBAMMBHg0MDgwE6QRMA8xDTALBgNVBAMMBHg0MDkwE6QR +-MA8xDTALBgNVBAMMBHg0MTAwE6QRMA8xDTALBgNVBAMMBHg0MTEwE6QRMA8xDTAL +-BgNVBAMMBHg0MTIwE6QRMA8xDTALBgNVBAMMBHg0MTMwE6QRMA8xDTALBgNVBAMM +-BHg0MTQwE6QRMA8xDTALBgNVBAMMBHg0MTUwE6QRMA8xDTALBgNVBAMMBHg0MTYw +-E6QRMA8xDTALBgNVBAMMBHg0MTcwE6QRMA8xDTALBgNVBAMMBHg0MTgwE6QRMA8x +-DTALBgNVBAMMBHg0MTkwE6QRMA8xDTALBgNVBAMMBHg0MjAwE6QRMA8xDTALBgNV +-BAMMBHg0MjEwE6QRMA8xDTALBgNVBAMMBHg0MjIwE6QRMA8xDTALBgNVBAMMBHg0 +-MjMwE6QRMA8xDTALBgNVBAMMBHg0MjQwE6QRMA8xDTALBgNVBAMMBHg0MjUwE6QR +-MA8xDTALBgNVBAMMBHg0MjYwE6QRMA8xDTALBgNVBAMMBHg0MjcwE6QRMA8xDTAL +-BgNVBAMMBHg0MjgwE6QRMA8xDTALBgNVBAMMBHg0MjkwE6QRMA8xDTALBgNVBAMM +-BHg0MzAwE6QRMA8xDTALBgNVBAMMBHg0MzEwE6QRMA8xDTALBgNVBAMMBHg0MzIw +-E6QRMA8xDTALBgNVBAMMBHg0MzMwE6QRMA8xDTALBgNVBAMMBHg0MzQwE6QRMA8x +-DTALBgNVBAMMBHg0MzUwE6QRMA8xDTALBgNVBAMMBHg0MzYwE6QRMA8xDTALBgNV +-BAMMBHg0MzcwE6QRMA8xDTALBgNVBAMMBHg0MzgwE6QRMA8xDTALBgNVBAMMBHg0 +-MzkwE6QRMA8xDTALBgNVBAMMBHg0NDAwE6QRMA8xDTALBgNVBAMMBHg0NDEwE6QR +-MA8xDTALBgNVBAMMBHg0NDIwE6QRMA8xDTALBgNVBAMMBHg0NDMwE6QRMA8xDTAL +-BgNVBAMMBHg0NDQwE6QRMA8xDTALBgNVBAMMBHg0NDUwE6QRMA8xDTALBgNVBAMM +-BHg0NDYwE6QRMA8xDTALBgNVBAMMBHg0NDcwE6QRMA8xDTALBgNVBAMMBHg0NDgw +-E6QRMA8xDTALBgNVBAMMBHg0NDkwE6QRMA8xDTALBgNVBAMMBHg0NTAwE6QRMA8x +-DTALBgNVBAMMBHg0NTEwE6QRMA8xDTALBgNVBAMMBHg0NTIwE6QRMA8xDTALBgNV +-BAMMBHg0NTMwE6QRMA8xDTALBgNVBAMMBHg0NTQwE6QRMA8xDTALBgNVBAMMBHg0 +-NTUwE6QRMA8xDTALBgNVBAMMBHg0NTYwE6QRMA8xDTALBgNVBAMMBHg0NTcwE6QR +-MA8xDTALBgNVBAMMBHg0NTgwE6QRMA8xDTALBgNVBAMMBHg0NTkwE6QRMA8xDTAL +-BgNVBAMMBHg0NjAwE6QRMA8xDTALBgNVBAMMBHg0NjEwE6QRMA8xDTALBgNVBAMM +-BHg0NjIwE6QRMA8xDTALBgNVBAMMBHg0NjMwE6QRMA8xDTALBgNVBAMMBHg0NjQw +-E6QRMA8xDTALBgNVBAMMBHg0NjUwE6QRMA8xDTALBgNVBAMMBHg0NjYwE6QRMA8x +-DTALBgNVBAMMBHg0NjcwE6QRMA8xDTALBgNVBAMMBHg0NjgwE6QRMA8xDTALBgNV +-BAMMBHg0NjkwE6QRMA8xDTALBgNVBAMMBHg0NzAwE6QRMA8xDTALBgNVBAMMBHg0 +-NzEwE6QRMA8xDTALBgNVBAMMBHg0NzIwE6QRMA8xDTALBgNVBAMMBHg0NzMwE6QR +-MA8xDTALBgNVBAMMBHg0NzQwE6QRMA8xDTALBgNVBAMMBHg0NzUwE6QRMA8xDTAL +-BgNVBAMMBHg0NzYwE6QRMA8xDTALBgNVBAMMBHg0NzcwE6QRMA8xDTALBgNVBAMM +-BHg0NzgwE6QRMA8xDTALBgNVBAMMBHg0NzkwE6QRMA8xDTALBgNVBAMMBHg0ODAw +-E6QRMA8xDTALBgNVBAMMBHg0ODEwE6QRMA8xDTALBgNVBAMMBHg0ODIwE6QRMA8x +-DTALBgNVBAMMBHg0ODMwE6QRMA8xDTALBgNVBAMMBHg0ODQwE6QRMA8xDTALBgNV +-BAMMBHg0ODUwE6QRMA8xDTALBgNVBAMMBHg0ODYwE6QRMA8xDTALBgNVBAMMBHg0 +-ODcwE6QRMA8xDTALBgNVBAMMBHg0ODgwE6QRMA8xDTALBgNVBAMMBHg0ODkwE6QR +-MA8xDTALBgNVBAMMBHg0OTAwE6QRMA8xDTALBgNVBAMMBHg0OTEwE6QRMA8xDTAL +-BgNVBAMMBHg0OTIwE6QRMA8xDTALBgNVBAMMBHg0OTMwE6QRMA8xDTALBgNVBAMM +-BHg0OTQwE6QRMA8xDTALBgNVBAMMBHg0OTUwE6QRMA8xDTALBgNVBAMMBHg0OTYw +-E6QRMA8xDTALBgNVBAMMBHg0OTcwE6QRMA8xDTALBgNVBAMMBHg0OTgwE6QRMA8x +-DTALBgNVBAMMBHg0OTkwE6QRMA8xDTALBgNVBAMMBHg1MDAwE6QRMA8xDTALBgNV +-BAMMBHg1MDEwE6QRMA8xDTALBgNVBAMMBHg1MDIwE6QRMA8xDTALBgNVBAMMBHg1 +-MDMwE6QRMA8xDTALBgNVBAMMBHg1MDQwE6QRMA8xDTALBgNVBAMMBHg1MDUwE6QR +-MA8xDTALBgNVBAMMBHg1MDYwE6QRMA8xDTALBgNVBAMMBHg1MDcwE6QRMA8xDTAL +-BgNVBAMMBHg1MDgwE6QRMA8xDTALBgNVBAMMBHg1MDkwE6QRMA8xDTALBgNVBAMM +-BHg1MTAwE6QRMA8xDTALBgNVBAMMBHg1MTEwE6QRMA8xDTALBgNVBAMMBHg1MTIw +-E6QRMA8xDTALBgNVBAMMBHg1MTMwE6QRMA8xDTALBgNVBAMMBHg1MTQwE6QRMA8x +-DTALBgNVBAMMBHg1MTUwE6QRMA8xDTALBgNVBAMMBHg1MTYwE6QRMA8xDTALBgNV +-BAMMBHg1MTcwE6QRMA8xDTALBgNVBAMMBHg1MTgwE6QRMA8xDTALBgNVBAMMBHg1 +-MTkwE6QRMA8xDTALBgNVBAMMBHg1MjAwE6QRMA8xDTALBgNVBAMMBHg1MjEwE6QR +-MA8xDTALBgNVBAMMBHg1MjIwE6QRMA8xDTALBgNVBAMMBHg1MjMwE6QRMA8xDTAL +-BgNVBAMMBHg1MjQwE6QRMA8xDTALBgNVBAMMBHg1MjUwE6QRMA8xDTALBgNVBAMM +-BHg1MjYwE6QRMA8xDTALBgNVBAMMBHg1MjcwE6QRMA8xDTALBgNVBAMMBHg1Mjgw +-E6QRMA8xDTALBgNVBAMMBHg1MjkwE6QRMA8xDTALBgNVBAMMBHg1MzAwE6QRMA8x +-DTALBgNVBAMMBHg1MzEwE6QRMA8xDTALBgNVBAMMBHg1MzIwE6QRMA8xDTALBgNV +-BAMMBHg1MzMwE6QRMA8xDTALBgNVBAMMBHg1MzQwE6QRMA8xDTALBgNVBAMMBHg1 +-MzUwE6QRMA8xDTALBgNVBAMMBHg1MzYwE6QRMA8xDTALBgNVBAMMBHg1MzcwE6QR +-MA8xDTALBgNVBAMMBHg1MzgwE6QRMA8xDTALBgNVBAMMBHg1MzkwE6QRMA8xDTAL +-BgNVBAMMBHg1NDAwE6QRMA8xDTALBgNVBAMMBHg1NDEwE6QRMA8xDTALBgNVBAMM +-BHg1NDIwE6QRMA8xDTALBgNVBAMMBHg1NDMwE6QRMA8xDTALBgNVBAMMBHg1NDQw +-E6QRMA8xDTALBgNVBAMMBHg1NDUwE6QRMA8xDTALBgNVBAMMBHg1NDYwE6QRMA8x +-DTALBgNVBAMMBHg1NDcwE6QRMA8xDTALBgNVBAMMBHg1NDgwE6QRMA8xDTALBgNV +-BAMMBHg1NDkwE6QRMA8xDTALBgNVBAMMBHg1NTAwE6QRMA8xDTALBgNVBAMMBHg1 +-NTEwE6QRMA8xDTALBgNVBAMMBHg1NTIwE6QRMA8xDTALBgNVBAMMBHg1NTMwE6QR +-MA8xDTALBgNVBAMMBHg1NTQwE6QRMA8xDTALBgNVBAMMBHg1NTUwE6QRMA8xDTAL +-BgNVBAMMBHg1NTYwE6QRMA8xDTALBgNVBAMMBHg1NTcwE6QRMA8xDTALBgNVBAMM +-BHg1NTgwE6QRMA8xDTALBgNVBAMMBHg1NTkwE6QRMA8xDTALBgNVBAMMBHg1NjAw +-E6QRMA8xDTALBgNVBAMMBHg1NjEwE6QRMA8xDTALBgNVBAMMBHg1NjIwE6QRMA8x +-DTALBgNVBAMMBHg1NjMwE6QRMA8xDTALBgNVBAMMBHg1NjQwE6QRMA8xDTALBgNV +-BAMMBHg1NjUwE6QRMA8xDTALBgNVBAMMBHg1NjYwE6QRMA8xDTALBgNVBAMMBHg1 +-NjcwE6QRMA8xDTALBgNVBAMMBHg1NjgwE6QRMA8xDTALBgNVBAMMBHg1NjkwE6QR +-MA8xDTALBgNVBAMMBHg1NzAwE6QRMA8xDTALBgNVBAMMBHg1NzEwE6QRMA8xDTAL +-BgNVBAMMBHg1NzIwE6QRMA8xDTALBgNVBAMMBHg1NzMwE6QRMA8xDTALBgNVBAMM +-BHg1NzQwE6QRMA8xDTALBgNVBAMMBHg1NzUwE6QRMA8xDTALBgNVBAMMBHg1NzYw +-E6QRMA8xDTALBgNVBAMMBHg1NzcwE6QRMA8xDTALBgNVBAMMBHg1NzgwE6QRMA8x +-DTALBgNVBAMMBHg1NzkwE6QRMA8xDTALBgNVBAMMBHg1ODAwE6QRMA8xDTALBgNV +-BAMMBHg1ODEwE6QRMA8xDTALBgNVBAMMBHg1ODIwE6QRMA8xDTALBgNVBAMMBHg1 +-ODMwE6QRMA8xDTALBgNVBAMMBHg1ODQwE6QRMA8xDTALBgNVBAMMBHg1ODUwE6QR +-MA8xDTALBgNVBAMMBHg1ODYwE6QRMA8xDTALBgNVBAMMBHg1ODcwE6QRMA8xDTAL +-BgNVBAMMBHg1ODgwE6QRMA8xDTALBgNVBAMMBHg1ODkwE6QRMA8xDTALBgNVBAMM +-BHg1OTAwE6QRMA8xDTALBgNVBAMMBHg1OTEwE6QRMA8xDTALBgNVBAMMBHg1OTIw +-E6QRMA8xDTALBgNVBAMMBHg1OTMwE6QRMA8xDTALBgNVBAMMBHg1OTQwE6QRMA8x +-DTALBgNVBAMMBHg1OTUwE6QRMA8xDTALBgNVBAMMBHg1OTYwE6QRMA8xDTALBgNV +-BAMMBHg1OTcwE6QRMA8xDTALBgNVBAMMBHg1OTgwE6QRMA8xDTALBgNVBAMMBHg1 +-OTkwE6QRMA8xDTALBgNVBAMMBHg2MDAwE6QRMA8xDTALBgNVBAMMBHg2MDEwE6QR +-MA8xDTALBgNVBAMMBHg2MDIwE6QRMA8xDTALBgNVBAMMBHg2MDMwE6QRMA8xDTAL +-BgNVBAMMBHg2MDQwE6QRMA8xDTALBgNVBAMMBHg2MDUwE6QRMA8xDTALBgNVBAMM +-BHg2MDYwE6QRMA8xDTALBgNVBAMMBHg2MDcwE6QRMA8xDTALBgNVBAMMBHg2MDgw +-E6QRMA8xDTALBgNVBAMMBHg2MDkwE6QRMA8xDTALBgNVBAMMBHg2MTAwE6QRMA8x +-DTALBgNVBAMMBHg2MTEwE6QRMA8xDTALBgNVBAMMBHg2MTIwE6QRMA8xDTALBgNV +-BAMMBHg2MTMwE6QRMA8xDTALBgNVBAMMBHg2MTQwE6QRMA8xDTALBgNVBAMMBHg2 +-MTUwE6QRMA8xDTALBgNVBAMMBHg2MTYwE6QRMA8xDTALBgNVBAMMBHg2MTcwE6QR +-MA8xDTALBgNVBAMMBHg2MTgwE6QRMA8xDTALBgNVBAMMBHg2MTkwE6QRMA8xDTAL +-BgNVBAMMBHg2MjAwE6QRMA8xDTALBgNVBAMMBHg2MjEwE6QRMA8xDTALBgNVBAMM +-BHg2MjIwE6QRMA8xDTALBgNVBAMMBHg2MjMwE6QRMA8xDTALBgNVBAMMBHg2MjQw +-E6QRMA8xDTALBgNVBAMMBHg2MjUwE6QRMA8xDTALBgNVBAMMBHg2MjYwE6QRMA8x +-DTALBgNVBAMMBHg2MjcwE6QRMA8xDTALBgNVBAMMBHg2MjgwE6QRMA8xDTALBgNV +-BAMMBHg2MjkwE6QRMA8xDTALBgNVBAMMBHg2MzAwE6QRMA8xDTALBgNVBAMMBHg2 +-MzEwE6QRMA8xDTALBgNVBAMMBHg2MzIwE6QRMA8xDTALBgNVBAMMBHg2MzMwE6QR +-MA8xDTALBgNVBAMMBHg2MzQwE6QRMA8xDTALBgNVBAMMBHg2MzUwE6QRMA8xDTAL +-BgNVBAMMBHg2MzYwE6QRMA8xDTALBgNVBAMMBHg2MzcwE6QRMA8xDTALBgNVBAMM +-BHg2MzgwE6QRMA8xDTALBgNVBAMMBHg2MzkwE6QRMA8xDTALBgNVBAMMBHg2NDAw +-E6QRMA8xDTALBgNVBAMMBHg2NDEwE6QRMA8xDTALBgNVBAMMBHg2NDIwE6QRMA8x +-DTALBgNVBAMMBHg2NDMwE6QRMA8xDTALBgNVBAMMBHg2NDQwE6QRMA8xDTALBgNV +-BAMMBHg2NDUwE6QRMA8xDTALBgNVBAMMBHg2NDYwE6QRMA8xDTALBgNVBAMMBHg2 +-NDcwE6QRMA8xDTALBgNVBAMMBHg2NDgwE6QRMA8xDTALBgNVBAMMBHg2NDkwE6QR +-MA8xDTALBgNVBAMMBHg2NTAwE6QRMA8xDTALBgNVBAMMBHg2NTEwE6QRMA8xDTAL +-BgNVBAMMBHg2NTIwE6QRMA8xDTALBgNVBAMMBHg2NTMwE6QRMA8xDTALBgNVBAMM +-BHg2NTQwE6QRMA8xDTALBgNVBAMMBHg2NTUwE6QRMA8xDTALBgNVBAMMBHg2NTYw +-E6QRMA8xDTALBgNVBAMMBHg2NTcwE6QRMA8xDTALBgNVBAMMBHg2NTgwE6QRMA8x +-DTALBgNVBAMMBHg2NTkwE6QRMA8xDTALBgNVBAMMBHg2NjAwE6QRMA8xDTALBgNV +-BAMMBHg2NjEwE6QRMA8xDTALBgNVBAMMBHg2NjIwE6QRMA8xDTALBgNVBAMMBHg2 +-NjMwE6QRMA8xDTALBgNVBAMMBHg2NjQwE6QRMA8xDTALBgNVBAMMBHg2NjUwE6QR +-MA8xDTALBgNVBAMMBHg2NjYwE6QRMA8xDTALBgNVBAMMBHg2NjcwE6QRMA8xDTAL +-BgNVBAMMBHg2NjgwE6QRMA8xDTALBgNVBAMMBHg2NjkwE6QRMA8xDTALBgNVBAMM +-BHg2NzAwE6QRMA8xDTALBgNVBAMMBHg2NzEwE6QRMA8xDTALBgNVBAMMBHg2NzIw +-E6QRMA8xDTALBgNVBAMMBHg2NzMwE6QRMA8xDTALBgNVBAMMBHg2NzQwE6QRMA8x +-DTALBgNVBAMMBHg2NzUwE6QRMA8xDTALBgNVBAMMBHg2NzYwE6QRMA8xDTALBgNV +-BAMMBHg2NzcwE6QRMA8xDTALBgNVBAMMBHg2NzgwE6QRMA8xDTALBgNVBAMMBHg2 +-NzkwE6QRMA8xDTALBgNVBAMMBHg2ODAwE6QRMA8xDTALBgNVBAMMBHg2ODEwE6QR +-MA8xDTALBgNVBAMMBHg2ODIwE6QRMA8xDTALBgNVBAMMBHg2ODMwE6QRMA8xDTAL +-BgNVBAMMBHg2ODQwE6QRMA8xDTALBgNVBAMMBHg2ODUwE6QRMA8xDTALBgNVBAMM +-BHg2ODYwE6QRMA8xDTALBgNVBAMMBHg2ODcwE6QRMA8xDTALBgNVBAMMBHg2ODgw +-E6QRMA8xDTALBgNVBAMMBHg2ODkwE6QRMA8xDTALBgNVBAMMBHg2OTAwE6QRMA8x +-DTALBgNVBAMMBHg2OTEwE6QRMA8xDTALBgNVBAMMBHg2OTIwE6QRMA8xDTALBgNV +-BAMMBHg2OTMwE6QRMA8xDTALBgNVBAMMBHg2OTQwE6QRMA8xDTALBgNVBAMMBHg2 +-OTUwE6QRMA8xDTALBgNVBAMMBHg2OTYwE6QRMA8xDTALBgNVBAMMBHg2OTcwE6QR +-MA8xDTALBgNVBAMMBHg2OTgwE6QRMA8xDTALBgNVBAMMBHg2OTkwE6QRMA8xDTAL +-BgNVBAMMBHg3MDAwE6QRMA8xDTALBgNVBAMMBHg3MDEwE6QRMA8xDTALBgNVBAMM +-BHg3MDIwE6QRMA8xDTALBgNVBAMMBHg3MDMwE6QRMA8xDTALBgNVBAMMBHg3MDQw +-E6QRMA8xDTALBgNVBAMMBHg3MDUwE6QRMA8xDTALBgNVBAMMBHg3MDYwE6QRMA8x +-DTALBgNVBAMMBHg3MDcwE6QRMA8xDTALBgNVBAMMBHg3MDgwE6QRMA8xDTALBgNV +-BAMMBHg3MDkwE6QRMA8xDTALBgNVBAMMBHg3MTAwE6QRMA8xDTALBgNVBAMMBHg3 +-MTEwE6QRMA8xDTALBgNVBAMMBHg3MTIwE6QRMA8xDTALBgNVBAMMBHg3MTMwE6QR +-MA8xDTALBgNVBAMMBHg3MTQwE6QRMA8xDTALBgNVBAMMBHg3MTUwE6QRMA8xDTAL +-BgNVBAMMBHg3MTYwE6QRMA8xDTALBgNVBAMMBHg3MTcwE6QRMA8xDTALBgNVBAMM +-BHg3MTgwE6QRMA8xDTALBgNVBAMMBHg3MTkwE6QRMA8xDTALBgNVBAMMBHg3MjAw +-E6QRMA8xDTALBgNVBAMMBHg3MjEwE6QRMA8xDTALBgNVBAMMBHg3MjIwE6QRMA8x +-DTALBgNVBAMMBHg3MjMwE6QRMA8xDTALBgNVBAMMBHg3MjQwE6QRMA8xDTALBgNV +-BAMMBHg3MjUwE6QRMA8xDTALBgNVBAMMBHg3MjYwE6QRMA8xDTALBgNVBAMMBHg3 +-MjcwE6QRMA8xDTALBgNVBAMMBHg3MjgwE6QRMA8xDTALBgNVBAMMBHg3MjkwE6QR +-MA8xDTALBgNVBAMMBHg3MzAwE6QRMA8xDTALBgNVBAMMBHg3MzEwE6QRMA8xDTAL +-BgNVBAMMBHg3MzIwE6QRMA8xDTALBgNVBAMMBHg3MzMwE6QRMA8xDTALBgNVBAMM +-BHg3MzQwE6QRMA8xDTALBgNVBAMMBHg3MzUwE6QRMA8xDTALBgNVBAMMBHg3MzYw +-E6QRMA8xDTALBgNVBAMMBHg3MzcwE6QRMA8xDTALBgNVBAMMBHg3MzgwE6QRMA8x +-DTALBgNVBAMMBHg3MzkwE6QRMA8xDTALBgNVBAMMBHg3NDAwE6QRMA8xDTALBgNV +-BAMMBHg3NDEwE6QRMA8xDTALBgNVBAMMBHg3NDIwE6QRMA8xDTALBgNVBAMMBHg3 +-NDMwE6QRMA8xDTALBgNVBAMMBHg3NDQwE6QRMA8xDTALBgNVBAMMBHg3NDUwE6QR +-MA8xDTALBgNVBAMMBHg3NDYwE6QRMA8xDTALBgNVBAMMBHg3NDcwE6QRMA8xDTAL +-BgNVBAMMBHg3NDgwE6QRMA8xDTALBgNVBAMMBHg3NDkwE6QRMA8xDTALBgNVBAMM +-BHg3NTAwE6QRMA8xDTALBgNVBAMMBHg3NTEwE6QRMA8xDTALBgNVBAMMBHg3NTIw +-E6QRMA8xDTALBgNVBAMMBHg3NTMwE6QRMA8xDTALBgNVBAMMBHg3NTQwE6QRMA8x +-DTALBgNVBAMMBHg3NTUwE6QRMA8xDTALBgNVBAMMBHg3NTYwE6QRMA8xDTALBgNV +-BAMMBHg3NTcwE6QRMA8xDTALBgNVBAMMBHg3NTgwE6QRMA8xDTALBgNVBAMMBHg3 +-NTkwE6QRMA8xDTALBgNVBAMMBHg3NjAwE6QRMA8xDTALBgNVBAMMBHg3NjEwE6QR +-MA8xDTALBgNVBAMMBHg3NjIwE6QRMA8xDTALBgNVBAMMBHg3NjMwE6QRMA8xDTAL +-BgNVBAMMBHg3NjQwE6QRMA8xDTALBgNVBAMMBHg3NjUwE6QRMA8xDTALBgNVBAMM +-BHg3NjYwE6QRMA8xDTALBgNVBAMMBHg3NjcwE6QRMA8xDTALBgNVBAMMBHg3Njgw +-E6QRMA8xDTALBgNVBAMMBHg3NjkwE6QRMA8xDTALBgNVBAMMBHg3NzAwE6QRMA8x +-DTALBgNVBAMMBHg3NzEwE6QRMA8xDTALBgNVBAMMBHg3NzIwE6QRMA8xDTALBgNV +-BAMMBHg3NzMwE6QRMA8xDTALBgNVBAMMBHg3NzQwE6QRMA8xDTALBgNVBAMMBHg3 +-NzUwE6QRMA8xDTALBgNVBAMMBHg3NzYwE6QRMA8xDTALBgNVBAMMBHg3NzcwE6QR +-MA8xDTALBgNVBAMMBHg3NzgwE6QRMA8xDTALBgNVBAMMBHg3NzkwE6QRMA8xDTAL +-BgNVBAMMBHg3ODAwE6QRMA8xDTALBgNVBAMMBHg3ODEwE6QRMA8xDTALBgNVBAMM +-BHg3ODIwE6QRMA8xDTALBgNVBAMMBHg3ODMwE6QRMA8xDTALBgNVBAMMBHg3ODQw +-E6QRMA8xDTALBgNVBAMMBHg3ODUwE6QRMA8xDTALBgNVBAMMBHg3ODYwE6QRMA8x +-DTALBgNVBAMMBHg3ODcwE6QRMA8xDTALBgNVBAMMBHg3ODgwE6QRMA8xDTALBgNV +-BAMMBHg3ODkwE6QRMA8xDTALBgNVBAMMBHg3OTAwE6QRMA8xDTALBgNVBAMMBHg3 +-OTEwE6QRMA8xDTALBgNVBAMMBHg3OTIwE6QRMA8xDTALBgNVBAMMBHg3OTMwE6QR +-MA8xDTALBgNVBAMMBHg3OTQwE6QRMA8xDTALBgNVBAMMBHg3OTUwE6QRMA8xDTAL +-BgNVBAMMBHg3OTYwE6QRMA8xDTALBgNVBAMMBHg3OTcwE6QRMA8xDTALBgNVBAMM +-BHg3OTgwE6QRMA8xDTALBgNVBAMMBHg3OTkwE6QRMA8xDTALBgNVBAMMBHg4MDAw +-E6QRMA8xDTALBgNVBAMMBHg4MDEwE6QRMA8xDTALBgNVBAMMBHg4MDIwE6QRMA8x +-DTALBgNVBAMMBHg4MDMwE6QRMA8xDTALBgNVBAMMBHg4MDQwE6QRMA8xDTALBgNV +-BAMMBHg4MDUwE6QRMA8xDTALBgNVBAMMBHg4MDYwE6QRMA8xDTALBgNVBAMMBHg4 +-MDcwE6QRMA8xDTALBgNVBAMMBHg4MDgwE6QRMA8xDTALBgNVBAMMBHg4MDkwE6QR +-MA8xDTALBgNVBAMMBHg4MTAwE6QRMA8xDTALBgNVBAMMBHg4MTEwE6QRMA8xDTAL +-BgNVBAMMBHg4MTIwE6QRMA8xDTALBgNVBAMMBHg4MTMwE6QRMA8xDTALBgNVBAMM +-BHg4MTQwE6QRMA8xDTALBgNVBAMMBHg4MTUwE6QRMA8xDTALBgNVBAMMBHg4MTYw +-E6QRMA8xDTALBgNVBAMMBHg4MTcwE6QRMA8xDTALBgNVBAMMBHg4MTgwE6QRMA8x +-DTALBgNVBAMMBHg4MTkwE6QRMA8xDTALBgNVBAMMBHg4MjAwE6QRMA8xDTALBgNV +-BAMMBHg4MjEwE6QRMA8xDTALBgNVBAMMBHg4MjIwE6QRMA8xDTALBgNVBAMMBHg4 +-MjMwE6QRMA8xDTALBgNVBAMMBHg4MjQwE6QRMA8xDTALBgNVBAMMBHg4MjUwE6QR +-MA8xDTALBgNVBAMMBHg4MjYwE6QRMA8xDTALBgNVBAMMBHg4MjcwE6QRMA8xDTAL +-BgNVBAMMBHg4MjgwE6QRMA8xDTALBgNVBAMMBHg4MjkwE6QRMA8xDTALBgNVBAMM +-BHg4MzAwE6QRMA8xDTALBgNVBAMMBHg4MzEwE6QRMA8xDTALBgNVBAMMBHg4MzIw +-E6QRMA8xDTALBgNVBAMMBHg4MzMwE6QRMA8xDTALBgNVBAMMBHg4MzQwE6QRMA8x +-DTALBgNVBAMMBHg4MzUwE6QRMA8xDTALBgNVBAMMBHg4MzYwE6QRMA8xDTALBgNV +-BAMMBHg4MzcwE6QRMA8xDTALBgNVBAMMBHg4MzgwE6QRMA8xDTALBgNVBAMMBHg4 +-MzkwE6QRMA8xDTALBgNVBAMMBHg4NDAwE6QRMA8xDTALBgNVBAMMBHg4NDEwE6QR +-MA8xDTALBgNVBAMMBHg4NDIwE6QRMA8xDTALBgNVBAMMBHg4NDMwE6QRMA8xDTAL +-BgNVBAMMBHg4NDQwE6QRMA8xDTALBgNVBAMMBHg4NDUwE6QRMA8xDTALBgNVBAMM +-BHg4NDYwE6QRMA8xDTALBgNVBAMMBHg4NDcwE6QRMA8xDTALBgNVBAMMBHg4NDgw +-E6QRMA8xDTALBgNVBAMMBHg4NDkwE6QRMA8xDTALBgNVBAMMBHg4NTAwE6QRMA8x +-DTALBgNVBAMMBHg4NTEwE6QRMA8xDTALBgNVBAMMBHg4NTIwE6QRMA8xDTALBgNV +-BAMMBHg4NTMwE6QRMA8xDTALBgNVBAMMBHg4NTQwE6QRMA8xDTALBgNVBAMMBHg4 +-NTUwE6QRMA8xDTALBgNVBAMMBHg4NTYwE6QRMA8xDTALBgNVBAMMBHg4NTcwE6QR +-MA8xDTALBgNVBAMMBHg4NTgwE6QRMA8xDTALBgNVBAMMBHg4NTkwE6QRMA8xDTAL +-BgNVBAMMBHg4NjAwE6QRMA8xDTALBgNVBAMMBHg4NjEwE6QRMA8xDTALBgNVBAMM +-BHg4NjIwE6QRMA8xDTALBgNVBAMMBHg4NjMwE6QRMA8xDTALBgNVBAMMBHg4NjQw +-E6QRMA8xDTALBgNVBAMMBHg4NjUwE6QRMA8xDTALBgNVBAMMBHg4NjYwE6QRMA8x +-DTALBgNVBAMMBHg4NjcwE6QRMA8xDTALBgNVBAMMBHg4NjgwE6QRMA8xDTALBgNV +-BAMMBHg4NjkwE6QRMA8xDTALBgNVBAMMBHg4NzAwE6QRMA8xDTALBgNVBAMMBHg4 +-NzEwE6QRMA8xDTALBgNVBAMMBHg4NzIwE6QRMA8xDTALBgNVBAMMBHg4NzMwE6QR +-MA8xDTALBgNVBAMMBHg4NzQwE6QRMA8xDTALBgNVBAMMBHg4NzUwE6QRMA8xDTAL +-BgNVBAMMBHg4NzYwE6QRMA8xDTALBgNVBAMMBHg4NzcwE6QRMA8xDTALBgNVBAMM +-BHg4NzgwE6QRMA8xDTALBgNVBAMMBHg4NzkwE6QRMA8xDTALBgNVBAMMBHg4ODAw +-E6QRMA8xDTALBgNVBAMMBHg4ODEwE6QRMA8xDTALBgNVBAMMBHg4ODIwE6QRMA8x +-DTALBgNVBAMMBHg4ODMwE6QRMA8xDTALBgNVBAMMBHg4ODQwE6QRMA8xDTALBgNV +-BAMMBHg4ODUwE6QRMA8xDTALBgNVBAMMBHg4ODYwE6QRMA8xDTALBgNVBAMMBHg4 +-ODcwE6QRMA8xDTALBgNVBAMMBHg4ODgwE6QRMA8xDTALBgNVBAMMBHg4ODkwE6QR +-MA8xDTALBgNVBAMMBHg4OTAwE6QRMA8xDTALBgNVBAMMBHg4OTEwE6QRMA8xDTAL +-BgNVBAMMBHg4OTIwE6QRMA8xDTALBgNVBAMMBHg4OTMwE6QRMA8xDTALBgNVBAMM +-BHg4OTQwE6QRMA8xDTALBgNVBAMMBHg4OTUwE6QRMA8xDTALBgNVBAMMBHg4OTYw +-E6QRMA8xDTALBgNVBAMMBHg4OTcwE6QRMA8xDTALBgNVBAMMBHg4OTgwE6QRMA8x +-DTALBgNVBAMMBHg4OTkwE6QRMA8xDTALBgNVBAMMBHg5MDAwE6QRMA8xDTALBgNV +-BAMMBHg5MDEwE6QRMA8xDTALBgNVBAMMBHg5MDIwE6QRMA8xDTALBgNVBAMMBHg5 +-MDMwE6QRMA8xDTALBgNVBAMMBHg5MDQwE6QRMA8xDTALBgNVBAMMBHg5MDUwE6QR +-MA8xDTALBgNVBAMMBHg5MDYwE6QRMA8xDTALBgNVBAMMBHg5MDcwE6QRMA8xDTAL +-BgNVBAMMBHg5MDgwE6QRMA8xDTALBgNVBAMMBHg5MDkwE6QRMA8xDTALBgNVBAMM +-BHg5MTAwE6QRMA8xDTALBgNVBAMMBHg5MTEwE6QRMA8xDTALBgNVBAMMBHg5MTIw +-E6QRMA8xDTALBgNVBAMMBHg5MTMwE6QRMA8xDTALBgNVBAMMBHg5MTQwE6QRMA8x +-DTALBgNVBAMMBHg5MTUwE6QRMA8xDTALBgNVBAMMBHg5MTYwE6QRMA8xDTALBgNV +-BAMMBHg5MTcwE6QRMA8xDTALBgNVBAMMBHg5MTgwE6QRMA8xDTALBgNVBAMMBHg5 +-MTkwE6QRMA8xDTALBgNVBAMMBHg5MjAwE6QRMA8xDTALBgNVBAMMBHg5MjEwE6QR +-MA8xDTALBgNVBAMMBHg5MjIwE6QRMA8xDTALBgNVBAMMBHg5MjMwE6QRMA8xDTAL +-BgNVBAMMBHg5MjQwE6QRMA8xDTALBgNVBAMMBHg5MjUwE6QRMA8xDTALBgNVBAMM +-BHg5MjYwE6QRMA8xDTALBgNVBAMMBHg5MjcwE6QRMA8xDTALBgNVBAMMBHg5Mjgw +-E6QRMA8xDTALBgNVBAMMBHg5MjkwE6QRMA8xDTALBgNVBAMMBHg5MzAwE6QRMA8x +-DTALBgNVBAMMBHg5MzEwE6QRMA8xDTALBgNVBAMMBHg5MzIwE6QRMA8xDTALBgNV +-BAMMBHg5MzMwE6QRMA8xDTALBgNVBAMMBHg5MzQwE6QRMA8xDTALBgNVBAMMBHg5 +-MzUwE6QRMA8xDTALBgNVBAMMBHg5MzYwE6QRMA8xDTALBgNVBAMMBHg5MzcwE6QR +-MA8xDTALBgNVBAMMBHg5MzgwE6QRMA8xDTALBgNVBAMMBHg5MzkwE6QRMA8xDTAL +-BgNVBAMMBHg5NDAwE6QRMA8xDTALBgNVBAMMBHg5NDEwE6QRMA8xDTALBgNVBAMM +-BHg5NDIwE6QRMA8xDTALBgNVBAMMBHg5NDMwE6QRMA8xDTALBgNVBAMMBHg5NDQw +-E6QRMA8xDTALBgNVBAMMBHg5NDUwE6QRMA8xDTALBgNVBAMMBHg5NDYwE6QRMA8x +-DTALBgNVBAMMBHg5NDcwE6QRMA8xDTALBgNVBAMMBHg5NDgwE6QRMA8xDTALBgNV +-BAMMBHg5NDkwE6QRMA8xDTALBgNVBAMMBHg5NTAwE6QRMA8xDTALBgNVBAMMBHg5 +-NTEwE6QRMA8xDTALBgNVBAMMBHg5NTIwE6QRMA8xDTALBgNVBAMMBHg5NTMwE6QR +-MA8xDTALBgNVBAMMBHg5NTQwE6QRMA8xDTALBgNVBAMMBHg5NTUwE6QRMA8xDTAL +-BgNVBAMMBHg5NTYwE6QRMA8xDTALBgNVBAMMBHg5NTcwE6QRMA8xDTALBgNVBAMM +-BHg5NTgwE6QRMA8xDTALBgNVBAMMBHg5NTkwE6QRMA8xDTALBgNVBAMMBHg5NjAw +-E6QRMA8xDTALBgNVBAMMBHg5NjEwE6QRMA8xDTALBgNVBAMMBHg5NjIwE6QRMA8x +-DTALBgNVBAMMBHg5NjMwE6QRMA8xDTALBgNVBAMMBHg5NjQwE6QRMA8xDTALBgNV +-BAMMBHg5NjUwE6QRMA8xDTALBgNVBAMMBHg5NjYwE6QRMA8xDTALBgNVBAMMBHg5 +-NjcwE6QRMA8xDTALBgNVBAMMBHg5NjgwE6QRMA8xDTALBgNVBAMMBHg5NjkwE6QR +-MA8xDTALBgNVBAMMBHg5NzAwE6QRMA8xDTALBgNVBAMMBHg5NzEwE6QRMA8xDTAL +-BgNVBAMMBHg5NzIwE6QRMA8xDTALBgNVBAMMBHg5NzMwE6QRMA8xDTALBgNVBAMM +-BHg5NzQwE6QRMA8xDTALBgNVBAMMBHg5NzUwE6QRMA8xDTALBgNVBAMMBHg5NzYw +-E6QRMA8xDTALBgNVBAMMBHg5NzcwE6QRMA8xDTALBgNVBAMMBHg5NzgwE6QRMA8x +-DTALBgNVBAMMBHg5NzkwE6QRMA8xDTALBgNVBAMMBHg5ODAwE6QRMA8xDTALBgNV +-BAMMBHg5ODEwE6QRMA8xDTALBgNVBAMMBHg5ODIwE6QRMA8xDTALBgNVBAMMBHg5 +-ODMwE6QRMA8xDTALBgNVBAMMBHg5ODQwE6QRMA8xDTALBgNVBAMMBHg5ODUwE6QR +-MA8xDTALBgNVBAMMBHg5ODYwE6QRMA8xDTALBgNVBAMMBHg5ODcwE6QRMA8xDTAL +-BgNVBAMMBHg5ODgwE6QRMA8xDTALBgNVBAMMBHg5ODkwE6QRMA8xDTALBgNVBAMM +-BHg5OTAwE6QRMA8xDTALBgNVBAMMBHg5OTEwE6QRMA8xDTALBgNVBAMMBHg5OTIw +-E6QRMA8xDTALBgNVBAMMBHg5OTMwE6QRMA8xDTALBgNVBAMMBHg5OTQwE6QRMA8x +-DTALBgNVBAMMBHg5OTUwE6QRMA8xDTALBgNVBAMMBHg5OTYwE6QRMA8xDTALBgNV +-BAMMBHg5OTcwE6QRMA8xDTALBgNVBAMMBHg5OTgwE6QRMA8xDTALBgNVBAMMBHg5 +-OTkwFKQSMBAxDjAMBgNVBAMMBXgxMDAwMBSkEjAQMQ4wDAYDVQQDDAV4MTAwMTAU +-pBIwEDEOMAwGA1UEAwwFeDEwMDIwFKQSMBAxDjAMBgNVBAMMBXgxMDAzMBSkEjAQ +-MQ4wDAYDVQQDDAV4MTAwNDAUpBIwEDEOMAwGA1UEAwwFeDEwMDUwFKQSMBAxDjAM +-BgNVBAMMBXgxMDA2MBSkEjAQMQ4wDAYDVQQDDAV4MTAwNzAUpBIwEDEOMAwGA1UE +-AwwFeDEwMDgwFKQSMBAxDjAMBgNVBAMMBXgxMDA5MBSkEjAQMQ4wDAYDVQQDDAV4 +-MTAxMDAUpBIwEDEOMAwGA1UEAwwFeDEwMTEwFKQSMBAxDjAMBgNVBAMMBXgxMDEy +-MBSkEjAQMQ4wDAYDVQQDDAV4MTAxMzAUpBIwEDEOMAwGA1UEAwwFeDEwMTQwFKQS +-MBAxDjAMBgNVBAMMBXgxMDE1MBSkEjAQMQ4wDAYDVQQDDAV4MTAxNjAUpBIwEDEO +-MAwGA1UEAwwFeDEwMTcwFKQSMBAxDjAMBgNVBAMMBXgxMDE4MBSkEjAQMQ4wDAYD +-VQQDDAV4MTAxOTAUpBIwEDEOMAwGA1UEAwwFeDEwMjAwFKQSMBAxDjAMBgNVBAMM +-BXgxMDIxMBSkEjAQMQ4wDAYDVQQDDAV4MTAyMjAUpBIwEDEOMAwGA1UEAwwFeDEw +-MjMwFKQSMBAxDjAMBgNVBAMMBXgxMDI0MA+GDWh0dHA6Ly94ZXN0LzAwD4YNaHR0 +-cDovL3hlc3QvMTAPhg1odHRwOi8veGVzdC8yMA+GDWh0dHA6Ly94ZXN0LzMwD4YN +-aHR0cDovL3hlc3QvNDAPhg1odHRwOi8veGVzdC81MA+GDWh0dHA6Ly94ZXN0LzYw +-D4YNaHR0cDovL3hlc3QvNzAPhg1odHRwOi8veGVzdC84MA+GDWh0dHA6Ly94ZXN0 +-LzkwEIYOaHR0cDovL3hlc3QvMTAwEIYOaHR0cDovL3hlc3QvMTEwEIYOaHR0cDov +-L3hlc3QvMTIwEIYOaHR0cDovL3hlc3QvMTMwEIYOaHR0cDovL3hlc3QvMTQwEIYO +-aHR0cDovL3hlc3QvMTUwEIYOaHR0cDovL3hlc3QvMTYwEIYOaHR0cDovL3hlc3Qv +-MTcwEIYOaHR0cDovL3hlc3QvMTgwEIYOaHR0cDovL3hlc3QvMTkwEIYOaHR0cDov +-L3hlc3QvMjAwEIYOaHR0cDovL3hlc3QvMjEwEIYOaHR0cDovL3hlc3QvMjIwEIYO +-aHR0cDovL3hlc3QvMjMwEIYOaHR0cDovL3hlc3QvMjQwEIYOaHR0cDovL3hlc3Qv +-MjUwEIYOaHR0cDovL3hlc3QvMjYwEIYOaHR0cDovL3hlc3QvMjcwEIYOaHR0cDov +-L3hlc3QvMjgwEIYOaHR0cDovL3hlc3QvMjkwEIYOaHR0cDovL3hlc3QvMzAwEIYO +-aHR0cDovL3hlc3QvMzEwEIYOaHR0cDovL3hlc3QvMzIwEIYOaHR0cDovL3hlc3Qv +-MzMwEIYOaHR0cDovL3hlc3QvMzQwEIYOaHR0cDovL3hlc3QvMzUwEIYOaHR0cDov +-L3hlc3QvMzYwEIYOaHR0cDovL3hlc3QvMzcwEIYOaHR0cDovL3hlc3QvMzgwEIYO +-aHR0cDovL3hlc3QvMzkwEIYOaHR0cDovL3hlc3QvNDAwEIYOaHR0cDovL3hlc3Qv +-NDEwEIYOaHR0cDovL3hlc3QvNDIwEIYOaHR0cDovL3hlc3QvNDMwEIYOaHR0cDov +-L3hlc3QvNDQwEIYOaHR0cDovL3hlc3QvNDUwEIYOaHR0cDovL3hlc3QvNDYwEIYO +-aHR0cDovL3hlc3QvNDcwEIYOaHR0cDovL3hlc3QvNDgwEIYOaHR0cDovL3hlc3Qv +-NDkwEIYOaHR0cDovL3hlc3QvNTAwEIYOaHR0cDovL3hlc3QvNTEwEIYOaHR0cDov +-L3hlc3QvNTIwEIYOaHR0cDovL3hlc3QvNTMwEIYOaHR0cDovL3hlc3QvNTQwEIYO +-aHR0cDovL3hlc3QvNTUwEIYOaHR0cDovL3hlc3QvNTYwEIYOaHR0cDovL3hlc3Qv +-NTcwEIYOaHR0cDovL3hlc3QvNTgwEIYOaHR0cDovL3hlc3QvNTkwEIYOaHR0cDov +-L3hlc3QvNjAwEIYOaHR0cDovL3hlc3QvNjEwEIYOaHR0cDovL3hlc3QvNjIwEIYO +-aHR0cDovL3hlc3QvNjMwEIYOaHR0cDovL3hlc3QvNjQwEIYOaHR0cDovL3hlc3Qv +-NjUwEIYOaHR0cDovL3hlc3QvNjYwEIYOaHR0cDovL3hlc3QvNjcwEIYOaHR0cDov +-L3hlc3QvNjgwEIYOaHR0cDovL3hlc3QvNjkwEIYOaHR0cDovL3hlc3QvNzAwEIYO +-aHR0cDovL3hlc3QvNzEwEIYOaHR0cDovL3hlc3QvNzIwEIYOaHR0cDovL3hlc3Qv +-NzMwEIYOaHR0cDovL3hlc3QvNzQwEIYOaHR0cDovL3hlc3QvNzUwEIYOaHR0cDov +-L3hlc3QvNzYwEIYOaHR0cDovL3hlc3QvNzcwEIYOaHR0cDovL3hlc3QvNzgwEIYO +-aHR0cDovL3hlc3QvNzkwEIYOaHR0cDovL3hlc3QvODAwEIYOaHR0cDovL3hlc3Qv +-ODEwEIYOaHR0cDovL3hlc3QvODIwEIYOaHR0cDovL3hlc3QvODMwEIYOaHR0cDov +-L3hlc3QvODQwEIYOaHR0cDovL3hlc3QvODUwEIYOaHR0cDovL3hlc3QvODYwEIYO +-aHR0cDovL3hlc3QvODcwEIYOaHR0cDovL3hlc3QvODgwEIYOaHR0cDovL3hlc3Qv +-ODkwEIYOaHR0cDovL3hlc3QvOTAwEIYOaHR0cDovL3hlc3QvOTEwEIYOaHR0cDov +-L3hlc3QvOTIwEIYOaHR0cDovL3hlc3QvOTMwEIYOaHR0cDovL3hlc3QvOTQwEIYO +-aHR0cDovL3hlc3QvOTUwEIYOaHR0cDovL3hlc3QvOTYwEIYOaHR0cDovL3hlc3Qv +-OTcwEIYOaHR0cDovL3hlc3QvOTgwEIYOaHR0cDovL3hlc3QvOTkwEYYPaHR0cDov +-L3hlc3QvMTAwMBGGD2h0dHA6Ly94ZXN0LzEwMTARhg9odHRwOi8veGVzdC8xMDIw +-EYYPaHR0cDovL3hlc3QvMTAzMBGGD2h0dHA6Ly94ZXN0LzEwNDARhg9odHRwOi8v +-eGVzdC8xMDUwEYYPaHR0cDovL3hlc3QvMTA2MBGGD2h0dHA6Ly94ZXN0LzEwNzAR +-hg9odHRwOi8veGVzdC8xMDgwEYYPaHR0cDovL3hlc3QvMTA5MBGGD2h0dHA6Ly94 +-ZXN0LzExMDARhg9odHRwOi8veGVzdC8xMTEwEYYPaHR0cDovL3hlc3QvMTEyMBGG +-D2h0dHA6Ly94ZXN0LzExMzARhg9odHRwOi8veGVzdC8xMTQwEYYPaHR0cDovL3hl +-c3QvMTE1MBGGD2h0dHA6Ly94ZXN0LzExNjARhg9odHRwOi8veGVzdC8xMTcwEYYP +-aHR0cDovL3hlc3QvMTE4MBGGD2h0dHA6Ly94ZXN0LzExOTARhg9odHRwOi8veGVz +-dC8xMjAwEYYPaHR0cDovL3hlc3QvMTIxMBGGD2h0dHA6Ly94ZXN0LzEyMjARhg9o +-dHRwOi8veGVzdC8xMjMwEYYPaHR0cDovL3hlc3QvMTI0MBGGD2h0dHA6Ly94ZXN0 +-LzEyNTARhg9odHRwOi8veGVzdC8xMjYwEYYPaHR0cDovL3hlc3QvMTI3MBGGD2h0 +-dHA6Ly94ZXN0LzEyODARhg9odHRwOi8veGVzdC8xMjkwEYYPaHR0cDovL3hlc3Qv +-MTMwMBGGD2h0dHA6Ly94ZXN0LzEzMTARhg9odHRwOi8veGVzdC8xMzIwEYYPaHR0 +-cDovL3hlc3QvMTMzMBGGD2h0dHA6Ly94ZXN0LzEzNDARhg9odHRwOi8veGVzdC8x +-MzUwEYYPaHR0cDovL3hlc3QvMTM2MBGGD2h0dHA6Ly94ZXN0LzEzNzARhg9odHRw +-Oi8veGVzdC8xMzgwEYYPaHR0cDovL3hlc3QvMTM5MBGGD2h0dHA6Ly94ZXN0LzE0 +-MDARhg9odHRwOi8veGVzdC8xNDEwEYYPaHR0cDovL3hlc3QvMTQyMBGGD2h0dHA6 +-Ly94ZXN0LzE0MzARhg9odHRwOi8veGVzdC8xNDQwEYYPaHR0cDovL3hlc3QvMTQ1 +-MBGGD2h0dHA6Ly94ZXN0LzE0NjARhg9odHRwOi8veGVzdC8xNDcwEYYPaHR0cDov +-L3hlc3QvMTQ4MBGGD2h0dHA6Ly94ZXN0LzE0OTARhg9odHRwOi8veGVzdC8xNTAw +-EYYPaHR0cDovL3hlc3QvMTUxMBGGD2h0dHA6Ly94ZXN0LzE1MjARhg9odHRwOi8v +-eGVzdC8xNTMwEYYPaHR0cDovL3hlc3QvMTU0MBGGD2h0dHA6Ly94ZXN0LzE1NTAR +-hg9odHRwOi8veGVzdC8xNTYwEYYPaHR0cDovL3hlc3QvMTU3MBGGD2h0dHA6Ly94 +-ZXN0LzE1ODARhg9odHRwOi8veGVzdC8xNTkwEYYPaHR0cDovL3hlc3QvMTYwMBGG +-D2h0dHA6Ly94ZXN0LzE2MTARhg9odHRwOi8veGVzdC8xNjIwEYYPaHR0cDovL3hl +-c3QvMTYzMBGGD2h0dHA6Ly94ZXN0LzE2NDARhg9odHRwOi8veGVzdC8xNjUwEYYP +-aHR0cDovL3hlc3QvMTY2MBGGD2h0dHA6Ly94ZXN0LzE2NzARhg9odHRwOi8veGVz +-dC8xNjgwEYYPaHR0cDovL3hlc3QvMTY5MBGGD2h0dHA6Ly94ZXN0LzE3MDARhg9o +-dHRwOi8veGVzdC8xNzEwEYYPaHR0cDovL3hlc3QvMTcyMBGGD2h0dHA6Ly94ZXN0 +-LzE3MzARhg9odHRwOi8veGVzdC8xNzQwEYYPaHR0cDovL3hlc3QvMTc1MBGGD2h0 +-dHA6Ly94ZXN0LzE3NjARhg9odHRwOi8veGVzdC8xNzcwEYYPaHR0cDovL3hlc3Qv +-MTc4MBGGD2h0dHA6Ly94ZXN0LzE3OTARhg9odHRwOi8veGVzdC8xODAwEYYPaHR0 +-cDovL3hlc3QvMTgxMBGGD2h0dHA6Ly94ZXN0LzE4MjARhg9odHRwOi8veGVzdC8x +-ODMwEYYPaHR0cDovL3hlc3QvMTg0MBGGD2h0dHA6Ly94ZXN0LzE4NTARhg9odHRw +-Oi8veGVzdC8xODYwEYYPaHR0cDovL3hlc3QvMTg3MBGGD2h0dHA6Ly94ZXN0LzE4 +-ODARhg9odHRwOi8veGVzdC8xODkwEYYPaHR0cDovL3hlc3QvMTkwMBGGD2h0dHA6 +-Ly94ZXN0LzE5MTARhg9odHRwOi8veGVzdC8xOTIwEYYPaHR0cDovL3hlc3QvMTkz +-MBGGD2h0dHA6Ly94ZXN0LzE5NDARhg9odHRwOi8veGVzdC8xOTUwEYYPaHR0cDov +-L3hlc3QvMTk2MBGGD2h0dHA6Ly94ZXN0LzE5NzARhg9odHRwOi8veGVzdC8xOTgw +-EYYPaHR0cDovL3hlc3QvMTk5MBGGD2h0dHA6Ly94ZXN0LzIwMDARhg9odHRwOi8v +-eGVzdC8yMDEwEYYPaHR0cDovL3hlc3QvMjAyMBGGD2h0dHA6Ly94ZXN0LzIwMzAR +-hg9odHRwOi8veGVzdC8yMDQwEYYPaHR0cDovL3hlc3QvMjA1MBGGD2h0dHA6Ly94 +-ZXN0LzIwNjARhg9odHRwOi8veGVzdC8yMDcwEYYPaHR0cDovL3hlc3QvMjA4MBGG +-D2h0dHA6Ly94ZXN0LzIwOTARhg9odHRwOi8veGVzdC8yMTAwEYYPaHR0cDovL3hl +-c3QvMjExMBGGD2h0dHA6Ly94ZXN0LzIxMjARhg9odHRwOi8veGVzdC8yMTMwEYYP +-aHR0cDovL3hlc3QvMjE0MBGGD2h0dHA6Ly94ZXN0LzIxNTARhg9odHRwOi8veGVz +-dC8yMTYwEYYPaHR0cDovL3hlc3QvMjE3MBGGD2h0dHA6Ly94ZXN0LzIxODARhg9o +-dHRwOi8veGVzdC8yMTkwEYYPaHR0cDovL3hlc3QvMjIwMBGGD2h0dHA6Ly94ZXN0 +-LzIyMTARhg9odHRwOi8veGVzdC8yMjIwEYYPaHR0cDovL3hlc3QvMjIzMBGGD2h0 +-dHA6Ly94ZXN0LzIyNDARhg9odHRwOi8veGVzdC8yMjUwEYYPaHR0cDovL3hlc3Qv +-MjI2MBGGD2h0dHA6Ly94ZXN0LzIyNzARhg9odHRwOi8veGVzdC8yMjgwEYYPaHR0 +-cDovL3hlc3QvMjI5MBGGD2h0dHA6Ly94ZXN0LzIzMDARhg9odHRwOi8veGVzdC8y +-MzEwEYYPaHR0cDovL3hlc3QvMjMyMBGGD2h0dHA6Ly94ZXN0LzIzMzARhg9odHRw +-Oi8veGVzdC8yMzQwEYYPaHR0cDovL3hlc3QvMjM1MBGGD2h0dHA6Ly94ZXN0LzIz +-NjARhg9odHRwOi8veGVzdC8yMzcwEYYPaHR0cDovL3hlc3QvMjM4MBGGD2h0dHA6 +-Ly94ZXN0LzIzOTARhg9odHRwOi8veGVzdC8yNDAwEYYPaHR0cDovL3hlc3QvMjQx +-MBGGD2h0dHA6Ly94ZXN0LzI0MjARhg9odHRwOi8veGVzdC8yNDMwEYYPaHR0cDov +-L3hlc3QvMjQ0MBGGD2h0dHA6Ly94ZXN0LzI0NTARhg9odHRwOi8veGVzdC8yNDYw +-EYYPaHR0cDovL3hlc3QvMjQ3MBGGD2h0dHA6Ly94ZXN0LzI0ODARhg9odHRwOi8v +-eGVzdC8yNDkwEYYPaHR0cDovL3hlc3QvMjUwMBGGD2h0dHA6Ly94ZXN0LzI1MTAR +-hg9odHRwOi8veGVzdC8yNTIwEYYPaHR0cDovL3hlc3QvMjUzMBGGD2h0dHA6Ly94 +-ZXN0LzI1NDARhg9odHRwOi8veGVzdC8yNTUwEYYPaHR0cDovL3hlc3QvMjU2MBGG +-D2h0dHA6Ly94ZXN0LzI1NzARhg9odHRwOi8veGVzdC8yNTgwEYYPaHR0cDovL3hl +-c3QvMjU5MBGGD2h0dHA6Ly94ZXN0LzI2MDARhg9odHRwOi8veGVzdC8yNjEwEYYP +-aHR0cDovL3hlc3QvMjYyMBGGD2h0dHA6Ly94ZXN0LzI2MzARhg9odHRwOi8veGVz +-dC8yNjQwEYYPaHR0cDovL3hlc3QvMjY1MBGGD2h0dHA6Ly94ZXN0LzI2NjARhg9o +-dHRwOi8veGVzdC8yNjcwEYYPaHR0cDovL3hlc3QvMjY4MBGGD2h0dHA6Ly94ZXN0 +-LzI2OTARhg9odHRwOi8veGVzdC8yNzAwEYYPaHR0cDovL3hlc3QvMjcxMBGGD2h0 +-dHA6Ly94ZXN0LzI3MjARhg9odHRwOi8veGVzdC8yNzMwEYYPaHR0cDovL3hlc3Qv +-Mjc0MBGGD2h0dHA6Ly94ZXN0LzI3NTARhg9odHRwOi8veGVzdC8yNzYwEYYPaHR0 +-cDovL3hlc3QvMjc3MBGGD2h0dHA6Ly94ZXN0LzI3ODARhg9odHRwOi8veGVzdC8y +-NzkwEYYPaHR0cDovL3hlc3QvMjgwMBGGD2h0dHA6Ly94ZXN0LzI4MTARhg9odHRw +-Oi8veGVzdC8yODIwEYYPaHR0cDovL3hlc3QvMjgzMBGGD2h0dHA6Ly94ZXN0LzI4 +-NDARhg9odHRwOi8veGVzdC8yODUwEYYPaHR0cDovL3hlc3QvMjg2MBGGD2h0dHA6 +-Ly94ZXN0LzI4NzARhg9odHRwOi8veGVzdC8yODgwEYYPaHR0cDovL3hlc3QvMjg5 +-MBGGD2h0dHA6Ly94ZXN0LzI5MDARhg9odHRwOi8veGVzdC8yOTEwEYYPaHR0cDov +-L3hlc3QvMjkyMBGGD2h0dHA6Ly94ZXN0LzI5MzARhg9odHRwOi8veGVzdC8yOTQw +-EYYPaHR0cDovL3hlc3QvMjk1MBGGD2h0dHA6Ly94ZXN0LzI5NjARhg9odHRwOi8v +-eGVzdC8yOTcwEYYPaHR0cDovL3hlc3QvMjk4MBGGD2h0dHA6Ly94ZXN0LzI5OTAR +-hg9odHRwOi8veGVzdC8zMDAwEYYPaHR0cDovL3hlc3QvMzAxMBGGD2h0dHA6Ly94 +-ZXN0LzMwMjARhg9odHRwOi8veGVzdC8zMDMwEYYPaHR0cDovL3hlc3QvMzA0MBGG +-D2h0dHA6Ly94ZXN0LzMwNTARhg9odHRwOi8veGVzdC8zMDYwEYYPaHR0cDovL3hl +-c3QvMzA3MBGGD2h0dHA6Ly94ZXN0LzMwODARhg9odHRwOi8veGVzdC8zMDkwEYYP +-aHR0cDovL3hlc3QvMzEwMBGGD2h0dHA6Ly94ZXN0LzMxMTARhg9odHRwOi8veGVz +-dC8zMTIwEYYPaHR0cDovL3hlc3QvMzEzMBGGD2h0dHA6Ly94ZXN0LzMxNDARhg9o +-dHRwOi8veGVzdC8zMTUwEYYPaHR0cDovL3hlc3QvMzE2MBGGD2h0dHA6Ly94ZXN0 +-LzMxNzARhg9odHRwOi8veGVzdC8zMTgwEYYPaHR0cDovL3hlc3QvMzE5MBGGD2h0 +-dHA6Ly94ZXN0LzMyMDARhg9odHRwOi8veGVzdC8zMjEwEYYPaHR0cDovL3hlc3Qv +-MzIyMBGGD2h0dHA6Ly94ZXN0LzMyMzARhg9odHRwOi8veGVzdC8zMjQwEYYPaHR0 +-cDovL3hlc3QvMzI1MBGGD2h0dHA6Ly94ZXN0LzMyNjARhg9odHRwOi8veGVzdC8z +-MjcwEYYPaHR0cDovL3hlc3QvMzI4MBGGD2h0dHA6Ly94ZXN0LzMyOTARhg9odHRw +-Oi8veGVzdC8zMzAwEYYPaHR0cDovL3hlc3QvMzMxMBGGD2h0dHA6Ly94ZXN0LzMz +-MjARhg9odHRwOi8veGVzdC8zMzMwEYYPaHR0cDovL3hlc3QvMzM0MBGGD2h0dHA6 +-Ly94ZXN0LzMzNTARhg9odHRwOi8veGVzdC8zMzYwEYYPaHR0cDovL3hlc3QvMzM3 +-MBGGD2h0dHA6Ly94ZXN0LzMzODARhg9odHRwOi8veGVzdC8zMzkwEYYPaHR0cDov +-L3hlc3QvMzQwMBGGD2h0dHA6Ly94ZXN0LzM0MTARhg9odHRwOi8veGVzdC8zNDIw +-EYYPaHR0cDovL3hlc3QvMzQzMBGGD2h0dHA6Ly94ZXN0LzM0NDARhg9odHRwOi8v +-eGVzdC8zNDUwEYYPaHR0cDovL3hlc3QvMzQ2MBGGD2h0dHA6Ly94ZXN0LzM0NzAR +-hg9odHRwOi8veGVzdC8zNDgwEYYPaHR0cDovL3hlc3QvMzQ5MBGGD2h0dHA6Ly94 +-ZXN0LzM1MDARhg9odHRwOi8veGVzdC8zNTEwEYYPaHR0cDovL3hlc3QvMzUyMBGG +-D2h0dHA6Ly94ZXN0LzM1MzARhg9odHRwOi8veGVzdC8zNTQwEYYPaHR0cDovL3hl +-c3QvMzU1MBGGD2h0dHA6Ly94ZXN0LzM1NjARhg9odHRwOi8veGVzdC8zNTcwEYYP +-aHR0cDovL3hlc3QvMzU4MBGGD2h0dHA6Ly94ZXN0LzM1OTARhg9odHRwOi8veGVz +-dC8zNjAwEYYPaHR0cDovL3hlc3QvMzYxMBGGD2h0dHA6Ly94ZXN0LzM2MjARhg9o +-dHRwOi8veGVzdC8zNjMwEYYPaHR0cDovL3hlc3QvMzY0MBGGD2h0dHA6Ly94ZXN0 +-LzM2NTARhg9odHRwOi8veGVzdC8zNjYwEYYPaHR0cDovL3hlc3QvMzY3MBGGD2h0 +-dHA6Ly94ZXN0LzM2ODARhg9odHRwOi8veGVzdC8zNjkwEYYPaHR0cDovL3hlc3Qv +-MzcwMBGGD2h0dHA6Ly94ZXN0LzM3MTARhg9odHRwOi8veGVzdC8zNzIwEYYPaHR0 +-cDovL3hlc3QvMzczMBGGD2h0dHA6Ly94ZXN0LzM3NDARhg9odHRwOi8veGVzdC8z +-NzUwEYYPaHR0cDovL3hlc3QvMzc2MBGGD2h0dHA6Ly94ZXN0LzM3NzARhg9odHRw +-Oi8veGVzdC8zNzgwEYYPaHR0cDovL3hlc3QvMzc5MBGGD2h0dHA6Ly94ZXN0LzM4 +-MDARhg9odHRwOi8veGVzdC8zODEwEYYPaHR0cDovL3hlc3QvMzgyMBGGD2h0dHA6 +-Ly94ZXN0LzM4MzARhg9odHRwOi8veGVzdC8zODQwEYYPaHR0cDovL3hlc3QvMzg1 +-MBGGD2h0dHA6Ly94ZXN0LzM4NjARhg9odHRwOi8veGVzdC8zODcwEYYPaHR0cDov +-L3hlc3QvMzg4MBGGD2h0dHA6Ly94ZXN0LzM4OTARhg9odHRwOi8veGVzdC8zOTAw +-EYYPaHR0cDovL3hlc3QvMzkxMBGGD2h0dHA6Ly94ZXN0LzM5MjARhg9odHRwOi8v +-eGVzdC8zOTMwEYYPaHR0cDovL3hlc3QvMzk0MBGGD2h0dHA6Ly94ZXN0LzM5NTAR +-hg9odHRwOi8veGVzdC8zOTYwEYYPaHR0cDovL3hlc3QvMzk3MBGGD2h0dHA6Ly94 +-ZXN0LzM5ODARhg9odHRwOi8veGVzdC8zOTkwEYYPaHR0cDovL3hlc3QvNDAwMBGG +-D2h0dHA6Ly94ZXN0LzQwMTARhg9odHRwOi8veGVzdC80MDIwEYYPaHR0cDovL3hl +-c3QvNDAzMBGGD2h0dHA6Ly94ZXN0LzQwNDARhg9odHRwOi8veGVzdC80MDUwEYYP +-aHR0cDovL3hlc3QvNDA2MBGGD2h0dHA6Ly94ZXN0LzQwNzARhg9odHRwOi8veGVz +-dC80MDgwEYYPaHR0cDovL3hlc3QvNDA5MBGGD2h0dHA6Ly94ZXN0LzQxMDARhg9o +-dHRwOi8veGVzdC80MTEwEYYPaHR0cDovL3hlc3QvNDEyMBGGD2h0dHA6Ly94ZXN0 +-LzQxMzARhg9odHRwOi8veGVzdC80MTQwEYYPaHR0cDovL3hlc3QvNDE1MBGGD2h0 +-dHA6Ly94ZXN0LzQxNjARhg9odHRwOi8veGVzdC80MTcwEYYPaHR0cDovL3hlc3Qv +-NDE4MBGGD2h0dHA6Ly94ZXN0LzQxOTARhg9odHRwOi8veGVzdC80MjAwEYYPaHR0 +-cDovL3hlc3QvNDIxMBGGD2h0dHA6Ly94ZXN0LzQyMjARhg9odHRwOi8veGVzdC80 +-MjMwEYYPaHR0cDovL3hlc3QvNDI0MBGGD2h0dHA6Ly94ZXN0LzQyNTARhg9odHRw +-Oi8veGVzdC80MjYwEYYPaHR0cDovL3hlc3QvNDI3MBGGD2h0dHA6Ly94ZXN0LzQy +-ODARhg9odHRwOi8veGVzdC80MjkwEYYPaHR0cDovL3hlc3QvNDMwMBGGD2h0dHA6 +-Ly94ZXN0LzQzMTARhg9odHRwOi8veGVzdC80MzIwEYYPaHR0cDovL3hlc3QvNDMz +-MBGGD2h0dHA6Ly94ZXN0LzQzNDARhg9odHRwOi8veGVzdC80MzUwEYYPaHR0cDov +-L3hlc3QvNDM2MBGGD2h0dHA6Ly94ZXN0LzQzNzARhg9odHRwOi8veGVzdC80Mzgw +-EYYPaHR0cDovL3hlc3QvNDM5MBGGD2h0dHA6Ly94ZXN0LzQ0MDARhg9odHRwOi8v +-eGVzdC80NDEwEYYPaHR0cDovL3hlc3QvNDQyMBGGD2h0dHA6Ly94ZXN0LzQ0MzAR +-hg9odHRwOi8veGVzdC80NDQwEYYPaHR0cDovL3hlc3QvNDQ1MBGGD2h0dHA6Ly94 +-ZXN0LzQ0NjARhg9odHRwOi8veGVzdC80NDcwEYYPaHR0cDovL3hlc3QvNDQ4MBGG +-D2h0dHA6Ly94ZXN0LzQ0OTARhg9odHRwOi8veGVzdC80NTAwEYYPaHR0cDovL3hl +-c3QvNDUxMBGGD2h0dHA6Ly94ZXN0LzQ1MjARhg9odHRwOi8veGVzdC80NTMwEYYP +-aHR0cDovL3hlc3QvNDU0MBGGD2h0dHA6Ly94ZXN0LzQ1NTARhg9odHRwOi8veGVz +-dC80NTYwEYYPaHR0cDovL3hlc3QvNDU3MBGGD2h0dHA6Ly94ZXN0LzQ1ODARhg9o +-dHRwOi8veGVzdC80NTkwEYYPaHR0cDovL3hlc3QvNDYwMBGGD2h0dHA6Ly94ZXN0 +-LzQ2MTARhg9odHRwOi8veGVzdC80NjIwEYYPaHR0cDovL3hlc3QvNDYzMBGGD2h0 +-dHA6Ly94ZXN0LzQ2NDARhg9odHRwOi8veGVzdC80NjUwEYYPaHR0cDovL3hlc3Qv +-NDY2MBGGD2h0dHA6Ly94ZXN0LzQ2NzARhg9odHRwOi8veGVzdC80NjgwEYYPaHR0 +-cDovL3hlc3QvNDY5MBGGD2h0dHA6Ly94ZXN0LzQ3MDARhg9odHRwOi8veGVzdC80 +-NzEwEYYPaHR0cDovL3hlc3QvNDcyMBGGD2h0dHA6Ly94ZXN0LzQ3MzARhg9odHRw +-Oi8veGVzdC80NzQwEYYPaHR0cDovL3hlc3QvNDc1MBGGD2h0dHA6Ly94ZXN0LzQ3 +-NjARhg9odHRwOi8veGVzdC80NzcwEYYPaHR0cDovL3hlc3QvNDc4MBGGD2h0dHA6 +-Ly94ZXN0LzQ3OTARhg9odHRwOi8veGVzdC80ODAwEYYPaHR0cDovL3hlc3QvNDgx +-MBGGD2h0dHA6Ly94ZXN0LzQ4MjARhg9odHRwOi8veGVzdC80ODMwEYYPaHR0cDov +-L3hlc3QvNDg0MBGGD2h0dHA6Ly94ZXN0LzQ4NTARhg9odHRwOi8veGVzdC80ODYw +-EYYPaHR0cDovL3hlc3QvNDg3MBGGD2h0dHA6Ly94ZXN0LzQ4ODARhg9odHRwOi8v +-eGVzdC80ODkwEYYPaHR0cDovL3hlc3QvNDkwMBGGD2h0dHA6Ly94ZXN0LzQ5MTAR +-hg9odHRwOi8veGVzdC80OTIwEYYPaHR0cDovL3hlc3QvNDkzMBGGD2h0dHA6Ly94 +-ZXN0LzQ5NDARhg9odHRwOi8veGVzdC80OTUwEYYPaHR0cDovL3hlc3QvNDk2MBGG +-D2h0dHA6Ly94ZXN0LzQ5NzARhg9odHRwOi8veGVzdC80OTgwEYYPaHR0cDovL3hl +-c3QvNDk5MBGGD2h0dHA6Ly94ZXN0LzUwMDARhg9odHRwOi8veGVzdC81MDEwEYYP +-aHR0cDovL3hlc3QvNTAyMBGGD2h0dHA6Ly94ZXN0LzUwMzARhg9odHRwOi8veGVz +-dC81MDQwEYYPaHR0cDovL3hlc3QvNTA1MBGGD2h0dHA6Ly94ZXN0LzUwNjARhg9o +-dHRwOi8veGVzdC81MDcwEYYPaHR0cDovL3hlc3QvNTA4MBGGD2h0dHA6Ly94ZXN0 +-LzUwOTARhg9odHRwOi8veGVzdC81MTAwEYYPaHR0cDovL3hlc3QvNTExMBGGD2h0 +-dHA6Ly94ZXN0LzUxMjARhg9odHRwOi8veGVzdC81MTMwEYYPaHR0cDovL3hlc3Qv +-NTE0MBGGD2h0dHA6Ly94ZXN0LzUxNTARhg9odHRwOi8veGVzdC81MTYwEYYPaHR0 +-cDovL3hlc3QvNTE3MBGGD2h0dHA6Ly94ZXN0LzUxODARhg9odHRwOi8veGVzdC81 +-MTkwEYYPaHR0cDovL3hlc3QvNTIwMBGGD2h0dHA6Ly94ZXN0LzUyMTARhg9odHRw +-Oi8veGVzdC81MjIwEYYPaHR0cDovL3hlc3QvNTIzMBGGD2h0dHA6Ly94ZXN0LzUy +-NDARhg9odHRwOi8veGVzdC81MjUwEYYPaHR0cDovL3hlc3QvNTI2MBGGD2h0dHA6 +-Ly94ZXN0LzUyNzARhg9odHRwOi8veGVzdC81MjgwEYYPaHR0cDovL3hlc3QvNTI5 +-MBGGD2h0dHA6Ly94ZXN0LzUzMDARhg9odHRwOi8veGVzdC81MzEwEYYPaHR0cDov +-L3hlc3QvNTMyMBGGD2h0dHA6Ly94ZXN0LzUzMzARhg9odHRwOi8veGVzdC81MzQw +-EYYPaHR0cDovL3hlc3QvNTM1MBGGD2h0dHA6Ly94ZXN0LzUzNjARhg9odHRwOi8v +-eGVzdC81MzcwEYYPaHR0cDovL3hlc3QvNTM4MBGGD2h0dHA6Ly94ZXN0LzUzOTAR +-hg9odHRwOi8veGVzdC81NDAwEYYPaHR0cDovL3hlc3QvNTQxMBGGD2h0dHA6Ly94 +-ZXN0LzU0MjARhg9odHRwOi8veGVzdC81NDMwEYYPaHR0cDovL3hlc3QvNTQ0MBGG +-D2h0dHA6Ly94ZXN0LzU0NTARhg9odHRwOi8veGVzdC81NDYwEYYPaHR0cDovL3hl +-c3QvNTQ3MBGGD2h0dHA6Ly94ZXN0LzU0ODARhg9odHRwOi8veGVzdC81NDkwEYYP +-aHR0cDovL3hlc3QvNTUwMBGGD2h0dHA6Ly94ZXN0LzU1MTARhg9odHRwOi8veGVz +-dC81NTIwEYYPaHR0cDovL3hlc3QvNTUzMBGGD2h0dHA6Ly94ZXN0LzU1NDARhg9o +-dHRwOi8veGVzdC81NTUwEYYPaHR0cDovL3hlc3QvNTU2MBGGD2h0dHA6Ly94ZXN0 +-LzU1NzARhg9odHRwOi8veGVzdC81NTgwEYYPaHR0cDovL3hlc3QvNTU5MBGGD2h0 +-dHA6Ly94ZXN0LzU2MDARhg9odHRwOi8veGVzdC81NjEwEYYPaHR0cDovL3hlc3Qv +-NTYyMBGGD2h0dHA6Ly94ZXN0LzU2MzARhg9odHRwOi8veGVzdC81NjQwEYYPaHR0 +-cDovL3hlc3QvNTY1MBGGD2h0dHA6Ly94ZXN0LzU2NjARhg9odHRwOi8veGVzdC81 +-NjcwEYYPaHR0cDovL3hlc3QvNTY4MBGGD2h0dHA6Ly94ZXN0LzU2OTARhg9odHRw +-Oi8veGVzdC81NzAwEYYPaHR0cDovL3hlc3QvNTcxMBGGD2h0dHA6Ly94ZXN0LzU3 +-MjARhg9odHRwOi8veGVzdC81NzMwEYYPaHR0cDovL3hlc3QvNTc0MBGGD2h0dHA6 +-Ly94ZXN0LzU3NTARhg9odHRwOi8veGVzdC81NzYwEYYPaHR0cDovL3hlc3QvNTc3 +-MBGGD2h0dHA6Ly94ZXN0LzU3ODARhg9odHRwOi8veGVzdC81NzkwEYYPaHR0cDov +-L3hlc3QvNTgwMBGGD2h0dHA6Ly94ZXN0LzU4MTARhg9odHRwOi8veGVzdC81ODIw +-EYYPaHR0cDovL3hlc3QvNTgzMBGGD2h0dHA6Ly94ZXN0LzU4NDARhg9odHRwOi8v +-eGVzdC81ODUwEYYPaHR0cDovL3hlc3QvNTg2MBGGD2h0dHA6Ly94ZXN0LzU4NzAR +-hg9odHRwOi8veGVzdC81ODgwEYYPaHR0cDovL3hlc3QvNTg5MBGGD2h0dHA6Ly94 +-ZXN0LzU5MDARhg9odHRwOi8veGVzdC81OTEwEYYPaHR0cDovL3hlc3QvNTkyMBGG +-D2h0dHA6Ly94ZXN0LzU5MzARhg9odHRwOi8veGVzdC81OTQwEYYPaHR0cDovL3hl +-c3QvNTk1MBGGD2h0dHA6Ly94ZXN0LzU5NjARhg9odHRwOi8veGVzdC81OTcwEYYP +-aHR0cDovL3hlc3QvNTk4MBGGD2h0dHA6Ly94ZXN0LzU5OTARhg9odHRwOi8veGVz +-dC82MDAwEYYPaHR0cDovL3hlc3QvNjAxMBGGD2h0dHA6Ly94ZXN0LzYwMjARhg9o +-dHRwOi8veGVzdC82MDMwEYYPaHR0cDovL3hlc3QvNjA0MBGGD2h0dHA6Ly94ZXN0 +-LzYwNTARhg9odHRwOi8veGVzdC82MDYwEYYPaHR0cDovL3hlc3QvNjA3MBGGD2h0 +-dHA6Ly94ZXN0LzYwODARhg9odHRwOi8veGVzdC82MDkwEYYPaHR0cDovL3hlc3Qv +-NjEwMBGGD2h0dHA6Ly94ZXN0LzYxMTARhg9odHRwOi8veGVzdC82MTIwEYYPaHR0 +-cDovL3hlc3QvNjEzMBGGD2h0dHA6Ly94ZXN0LzYxNDARhg9odHRwOi8veGVzdC82 +-MTUwEYYPaHR0cDovL3hlc3QvNjE2MBGGD2h0dHA6Ly94ZXN0LzYxNzARhg9odHRw +-Oi8veGVzdC82MTgwEYYPaHR0cDovL3hlc3QvNjE5MBGGD2h0dHA6Ly94ZXN0LzYy +-MDARhg9odHRwOi8veGVzdC82MjEwEYYPaHR0cDovL3hlc3QvNjIyMBGGD2h0dHA6 +-Ly94ZXN0LzYyMzARhg9odHRwOi8veGVzdC82MjQwEYYPaHR0cDovL3hlc3QvNjI1 +-MBGGD2h0dHA6Ly94ZXN0LzYyNjARhg9odHRwOi8veGVzdC82MjcwEYYPaHR0cDov +-L3hlc3QvNjI4MBGGD2h0dHA6Ly94ZXN0LzYyOTARhg9odHRwOi8veGVzdC82MzAw +-EYYPaHR0cDovL3hlc3QvNjMxMBGGD2h0dHA6Ly94ZXN0LzYzMjARhg9odHRwOi8v +-eGVzdC82MzMwEYYPaHR0cDovL3hlc3QvNjM0MBGGD2h0dHA6Ly94ZXN0LzYzNTAR +-hg9odHRwOi8veGVzdC82MzYwEYYPaHR0cDovL3hlc3QvNjM3MBGGD2h0dHA6Ly94 +-ZXN0LzYzODARhg9odHRwOi8veGVzdC82MzkwEYYPaHR0cDovL3hlc3QvNjQwMBGG +-D2h0dHA6Ly94ZXN0LzY0MTARhg9odHRwOi8veGVzdC82NDIwEYYPaHR0cDovL3hl +-c3QvNjQzMBGGD2h0dHA6Ly94ZXN0LzY0NDARhg9odHRwOi8veGVzdC82NDUwEYYP +-aHR0cDovL3hlc3QvNjQ2MBGGD2h0dHA6Ly94ZXN0LzY0NzARhg9odHRwOi8veGVz +-dC82NDgwEYYPaHR0cDovL3hlc3QvNjQ5MBGGD2h0dHA6Ly94ZXN0LzY1MDARhg9o +-dHRwOi8veGVzdC82NTEwEYYPaHR0cDovL3hlc3QvNjUyMBGGD2h0dHA6Ly94ZXN0 +-LzY1MzARhg9odHRwOi8veGVzdC82NTQwEYYPaHR0cDovL3hlc3QvNjU1MBGGD2h0 +-dHA6Ly94ZXN0LzY1NjARhg9odHRwOi8veGVzdC82NTcwEYYPaHR0cDovL3hlc3Qv +-NjU4MBGGD2h0dHA6Ly94ZXN0LzY1OTARhg9odHRwOi8veGVzdC82NjAwEYYPaHR0 +-cDovL3hlc3QvNjYxMBGGD2h0dHA6Ly94ZXN0LzY2MjARhg9odHRwOi8veGVzdC82 +-NjMwEYYPaHR0cDovL3hlc3QvNjY0MBGGD2h0dHA6Ly94ZXN0LzY2NTARhg9odHRw +-Oi8veGVzdC82NjYwEYYPaHR0cDovL3hlc3QvNjY3MBGGD2h0dHA6Ly94ZXN0LzY2 +-ODARhg9odHRwOi8veGVzdC82NjkwEYYPaHR0cDovL3hlc3QvNjcwMBGGD2h0dHA6 +-Ly94ZXN0LzY3MTARhg9odHRwOi8veGVzdC82NzIwEYYPaHR0cDovL3hlc3QvNjcz +-MBGGD2h0dHA6Ly94ZXN0LzY3NDARhg9odHRwOi8veGVzdC82NzUwEYYPaHR0cDov +-L3hlc3QvNjc2MBGGD2h0dHA6Ly94ZXN0LzY3NzARhg9odHRwOi8veGVzdC82Nzgw +-EYYPaHR0cDovL3hlc3QvNjc5MBGGD2h0dHA6Ly94ZXN0LzY4MDARhg9odHRwOi8v +-eGVzdC82ODEwEYYPaHR0cDovL3hlc3QvNjgyMBGGD2h0dHA6Ly94ZXN0LzY4MzAR +-hg9odHRwOi8veGVzdC82ODQwEYYPaHR0cDovL3hlc3QvNjg1MBGGD2h0dHA6Ly94 +-ZXN0LzY4NjARhg9odHRwOi8veGVzdC82ODcwEYYPaHR0cDovL3hlc3QvNjg4MBGG +-D2h0dHA6Ly94ZXN0LzY4OTARhg9odHRwOi8veGVzdC82OTAwEYYPaHR0cDovL3hl +-c3QvNjkxMBGGD2h0dHA6Ly94ZXN0LzY5MjARhg9odHRwOi8veGVzdC82OTMwEYYP +-aHR0cDovL3hlc3QvNjk0MBGGD2h0dHA6Ly94ZXN0LzY5NTARhg9odHRwOi8veGVz +-dC82OTYwEYYPaHR0cDovL3hlc3QvNjk3MBGGD2h0dHA6Ly94ZXN0LzY5ODARhg9o +-dHRwOi8veGVzdC82OTkwEYYPaHR0cDovL3hlc3QvNzAwMBGGD2h0dHA6Ly94ZXN0 +-LzcwMTARhg9odHRwOi8veGVzdC83MDIwEYYPaHR0cDovL3hlc3QvNzAzMBGGD2h0 +-dHA6Ly94ZXN0LzcwNDARhg9odHRwOi8veGVzdC83MDUwEYYPaHR0cDovL3hlc3Qv +-NzA2MBGGD2h0dHA6Ly94ZXN0LzcwNzARhg9odHRwOi8veGVzdC83MDgwEYYPaHR0 +-cDovL3hlc3QvNzA5MBGGD2h0dHA6Ly94ZXN0LzcxMDARhg9odHRwOi8veGVzdC83 +-MTEwEYYPaHR0cDovL3hlc3QvNzEyMBGGD2h0dHA6Ly94ZXN0LzcxMzARhg9odHRw +-Oi8veGVzdC83MTQwEYYPaHR0cDovL3hlc3QvNzE1MBGGD2h0dHA6Ly94ZXN0Lzcx +-NjARhg9odHRwOi8veGVzdC83MTcwEYYPaHR0cDovL3hlc3QvNzE4MBGGD2h0dHA6 +-Ly94ZXN0LzcxOTARhg9odHRwOi8veGVzdC83MjAwEYYPaHR0cDovL3hlc3QvNzIx +-MBGGD2h0dHA6Ly94ZXN0LzcyMjARhg9odHRwOi8veGVzdC83MjMwEYYPaHR0cDov +-L3hlc3QvNzI0MBGGD2h0dHA6Ly94ZXN0LzcyNTARhg9odHRwOi8veGVzdC83MjYw +-EYYPaHR0cDovL3hlc3QvNzI3MBGGD2h0dHA6Ly94ZXN0LzcyODARhg9odHRwOi8v +-eGVzdC83MjkwEYYPaHR0cDovL3hlc3QvNzMwMBGGD2h0dHA6Ly94ZXN0LzczMTAR +-hg9odHRwOi8veGVzdC83MzIwEYYPaHR0cDovL3hlc3QvNzMzMBGGD2h0dHA6Ly94 +-ZXN0LzczNDARhg9odHRwOi8veGVzdC83MzUwEYYPaHR0cDovL3hlc3QvNzM2MBGG +-D2h0dHA6Ly94ZXN0LzczNzARhg9odHRwOi8veGVzdC83MzgwEYYPaHR0cDovL3hl +-c3QvNzM5MBGGD2h0dHA6Ly94ZXN0Lzc0MDARhg9odHRwOi8veGVzdC83NDEwEYYP +-aHR0cDovL3hlc3QvNzQyMBGGD2h0dHA6Ly94ZXN0Lzc0MzARhg9odHRwOi8veGVz +-dC83NDQwEYYPaHR0cDovL3hlc3QvNzQ1MBGGD2h0dHA6Ly94ZXN0Lzc0NjARhg9o +-dHRwOi8veGVzdC83NDcwEYYPaHR0cDovL3hlc3QvNzQ4MBGGD2h0dHA6Ly94ZXN0 +-Lzc0OTARhg9odHRwOi8veGVzdC83NTAwEYYPaHR0cDovL3hlc3QvNzUxMBGGD2h0 +-dHA6Ly94ZXN0Lzc1MjARhg9odHRwOi8veGVzdC83NTMwEYYPaHR0cDovL3hlc3Qv +-NzU0MBGGD2h0dHA6Ly94ZXN0Lzc1NTARhg9odHRwOi8veGVzdC83NTYwEYYPaHR0 +-cDovL3hlc3QvNzU3MBGGD2h0dHA6Ly94ZXN0Lzc1ODARhg9odHRwOi8veGVzdC83 +-NTkwEYYPaHR0cDovL3hlc3QvNzYwMBGGD2h0dHA6Ly94ZXN0Lzc2MTARhg9odHRw +-Oi8veGVzdC83NjIwEYYPaHR0cDovL3hlc3QvNzYzMBGGD2h0dHA6Ly94ZXN0Lzc2 +-NDARhg9odHRwOi8veGVzdC83NjUwEYYPaHR0cDovL3hlc3QvNzY2MBGGD2h0dHA6 +-Ly94ZXN0Lzc2NzARhg9odHRwOi8veGVzdC83NjgwEYYPaHR0cDovL3hlc3QvNzY5 +-MBGGD2h0dHA6Ly94ZXN0Lzc3MDARhg9odHRwOi8veGVzdC83NzEwEYYPaHR0cDov +-L3hlc3QvNzcyMBGGD2h0dHA6Ly94ZXN0Lzc3MzARhg9odHRwOi8veGVzdC83NzQw +-EYYPaHR0cDovL3hlc3QvNzc1MBGGD2h0dHA6Ly94ZXN0Lzc3NjARhg9odHRwOi8v +-eGVzdC83NzcwEYYPaHR0cDovL3hlc3QvNzc4MBGGD2h0dHA6Ly94ZXN0Lzc3OTAR +-hg9odHRwOi8veGVzdC83ODAwEYYPaHR0cDovL3hlc3QvNzgxMBGGD2h0dHA6Ly94 +-ZXN0Lzc4MjARhg9odHRwOi8veGVzdC83ODMwEYYPaHR0cDovL3hlc3QvNzg0MBGG +-D2h0dHA6Ly94ZXN0Lzc4NTARhg9odHRwOi8veGVzdC83ODYwEYYPaHR0cDovL3hl +-c3QvNzg3MBGGD2h0dHA6Ly94ZXN0Lzc4ODARhg9odHRwOi8veGVzdC83ODkwEYYP +-aHR0cDovL3hlc3QvNzkwMBGGD2h0dHA6Ly94ZXN0Lzc5MTARhg9odHRwOi8veGVz +-dC83OTIwEYYPaHR0cDovL3hlc3QvNzkzMBGGD2h0dHA6Ly94ZXN0Lzc5NDARhg9o +-dHRwOi8veGVzdC83OTUwEYYPaHR0cDovL3hlc3QvNzk2MBGGD2h0dHA6Ly94ZXN0 +-Lzc5NzARhg9odHRwOi8veGVzdC83OTgwEYYPaHR0cDovL3hlc3QvNzk5MBGGD2h0 +-dHA6Ly94ZXN0LzgwMDARhg9odHRwOi8veGVzdC84MDEwEYYPaHR0cDovL3hlc3Qv +-ODAyMBGGD2h0dHA6Ly94ZXN0LzgwMzARhg9odHRwOi8veGVzdC84MDQwEYYPaHR0 +-cDovL3hlc3QvODA1MBGGD2h0dHA6Ly94ZXN0LzgwNjARhg9odHRwOi8veGVzdC84 +-MDcwEYYPaHR0cDovL3hlc3QvODA4MBGGD2h0dHA6Ly94ZXN0LzgwOTARhg9odHRw +-Oi8veGVzdC84MTAwEYYPaHR0cDovL3hlc3QvODExMBGGD2h0dHA6Ly94ZXN0Lzgx +-MjARhg9odHRwOi8veGVzdC84MTMwEYYPaHR0cDovL3hlc3QvODE0MBGGD2h0dHA6 +-Ly94ZXN0LzgxNTARhg9odHRwOi8veGVzdC84MTYwEYYPaHR0cDovL3hlc3QvODE3 +-MBGGD2h0dHA6Ly94ZXN0LzgxODARhg9odHRwOi8veGVzdC84MTkwEYYPaHR0cDov +-L3hlc3QvODIwMBGGD2h0dHA6Ly94ZXN0LzgyMTARhg9odHRwOi8veGVzdC84MjIw +-EYYPaHR0cDovL3hlc3QvODIzMBGGD2h0dHA6Ly94ZXN0LzgyNDARhg9odHRwOi8v +-eGVzdC84MjUwEYYPaHR0cDovL3hlc3QvODI2MBGGD2h0dHA6Ly94ZXN0LzgyNzAR +-hg9odHRwOi8veGVzdC84MjgwEYYPaHR0cDovL3hlc3QvODI5MBGGD2h0dHA6Ly94 +-ZXN0LzgzMDARhg9odHRwOi8veGVzdC84MzEwEYYPaHR0cDovL3hlc3QvODMyMBGG +-D2h0dHA6Ly94ZXN0LzgzMzARhg9odHRwOi8veGVzdC84MzQwEYYPaHR0cDovL3hl +-c3QvODM1MBGGD2h0dHA6Ly94ZXN0LzgzNjARhg9odHRwOi8veGVzdC84MzcwEYYP +-aHR0cDovL3hlc3QvODM4MBGGD2h0dHA6Ly94ZXN0LzgzOTARhg9odHRwOi8veGVz +-dC84NDAwEYYPaHR0cDovL3hlc3QvODQxMBGGD2h0dHA6Ly94ZXN0Lzg0MjARhg9o +-dHRwOi8veGVzdC84NDMwEYYPaHR0cDovL3hlc3QvODQ0MBGGD2h0dHA6Ly94ZXN0 +-Lzg0NTARhg9odHRwOi8veGVzdC84NDYwEYYPaHR0cDovL3hlc3QvODQ3MBGGD2h0 +-dHA6Ly94ZXN0Lzg0ODARhg9odHRwOi8veGVzdC84NDkwEYYPaHR0cDovL3hlc3Qv +-ODUwMBGGD2h0dHA6Ly94ZXN0Lzg1MTARhg9odHRwOi8veGVzdC84NTIwEYYPaHR0 +-cDovL3hlc3QvODUzMBGGD2h0dHA6Ly94ZXN0Lzg1NDARhg9odHRwOi8veGVzdC84 +-NTUwEYYPaHR0cDovL3hlc3QvODU2MBGGD2h0dHA6Ly94ZXN0Lzg1NzARhg9odHRw +-Oi8veGVzdC84NTgwEYYPaHR0cDovL3hlc3QvODU5MBGGD2h0dHA6Ly94ZXN0Lzg2 +-MDARhg9odHRwOi8veGVzdC84NjEwEYYPaHR0cDovL3hlc3QvODYyMBGGD2h0dHA6 +-Ly94ZXN0Lzg2MzARhg9odHRwOi8veGVzdC84NjQwEYYPaHR0cDovL3hlc3QvODY1 +-MBGGD2h0dHA6Ly94ZXN0Lzg2NjARhg9odHRwOi8veGVzdC84NjcwEYYPaHR0cDov +-L3hlc3QvODY4MBGGD2h0dHA6Ly94ZXN0Lzg2OTARhg9odHRwOi8veGVzdC84NzAw +-EYYPaHR0cDovL3hlc3QvODcxMBGGD2h0dHA6Ly94ZXN0Lzg3MjARhg9odHRwOi8v +-eGVzdC84NzMwEYYPaHR0cDovL3hlc3QvODc0MBGGD2h0dHA6Ly94ZXN0Lzg3NTAR +-hg9odHRwOi8veGVzdC84NzYwEYYPaHR0cDovL3hlc3QvODc3MBGGD2h0dHA6Ly94 +-ZXN0Lzg3ODARhg9odHRwOi8veGVzdC84NzkwEYYPaHR0cDovL3hlc3QvODgwMBGG +-D2h0dHA6Ly94ZXN0Lzg4MTARhg9odHRwOi8veGVzdC84ODIwEYYPaHR0cDovL3hl +-c3QvODgzMBGGD2h0dHA6Ly94ZXN0Lzg4NDARhg9odHRwOi8veGVzdC84ODUwEYYP +-aHR0cDovL3hlc3QvODg2MBGGD2h0dHA6Ly94ZXN0Lzg4NzARhg9odHRwOi8veGVz +-dC84ODgwEYYPaHR0cDovL3hlc3QvODg5MBGGD2h0dHA6Ly94ZXN0Lzg5MDARhg9o +-dHRwOi8veGVzdC84OTEwEYYPaHR0cDovL3hlc3QvODkyMBGGD2h0dHA6Ly94ZXN0 +-Lzg5MzARhg9odHRwOi8veGVzdC84OTQwEYYPaHR0cDovL3hlc3QvODk1MBGGD2h0 +-dHA6Ly94ZXN0Lzg5NjARhg9odHRwOi8veGVzdC84OTcwEYYPaHR0cDovL3hlc3Qv +-ODk4MBGGD2h0dHA6Ly94ZXN0Lzg5OTARhg9odHRwOi8veGVzdC85MDAwEYYPaHR0 +-cDovL3hlc3QvOTAxMBGGD2h0dHA6Ly94ZXN0LzkwMjARhg9odHRwOi8veGVzdC85 +-MDMwEYYPaHR0cDovL3hlc3QvOTA0MBGGD2h0dHA6Ly94ZXN0LzkwNTARhg9odHRw +-Oi8veGVzdC85MDYwEYYPaHR0cDovL3hlc3QvOTA3MBGGD2h0dHA6Ly94ZXN0Lzkw +-ODARhg9odHRwOi8veGVzdC85MDkwEYYPaHR0cDovL3hlc3QvOTEwMBGGD2h0dHA6 +-Ly94ZXN0LzkxMTARhg9odHRwOi8veGVzdC85MTIwEYYPaHR0cDovL3hlc3QvOTEz +-MBGGD2h0dHA6Ly94ZXN0LzkxNDARhg9odHRwOi8veGVzdC85MTUwEYYPaHR0cDov +-L3hlc3QvOTE2MBGGD2h0dHA6Ly94ZXN0LzkxNzARhg9odHRwOi8veGVzdC85MTgw +-EYYPaHR0cDovL3hlc3QvOTE5MBGGD2h0dHA6Ly94ZXN0LzkyMDARhg9odHRwOi8v +-eGVzdC85MjEwEYYPaHR0cDovL3hlc3QvOTIyMBGGD2h0dHA6Ly94ZXN0LzkyMzAR +-hg9odHRwOi8veGVzdC85MjQwEYYPaHR0cDovL3hlc3QvOTI1MBGGD2h0dHA6Ly94 +-ZXN0LzkyNjARhg9odHRwOi8veGVzdC85MjcwEYYPaHR0cDovL3hlc3QvOTI4MBGG +-D2h0dHA6Ly94ZXN0LzkyOTARhg9odHRwOi8veGVzdC85MzAwEYYPaHR0cDovL3hl +-c3QvOTMxMBGGD2h0dHA6Ly94ZXN0LzkzMjARhg9odHRwOi8veGVzdC85MzMwEYYP +-aHR0cDovL3hlc3QvOTM0MBGGD2h0dHA6Ly94ZXN0LzkzNTARhg9odHRwOi8veGVz +-dC85MzYwEYYPaHR0cDovL3hlc3QvOTM3MBGGD2h0dHA6Ly94ZXN0LzkzODARhg9o +-dHRwOi8veGVzdC85MzkwEYYPaHR0cDovL3hlc3QvOTQwMBGGD2h0dHA6Ly94ZXN0 +-Lzk0MTARhg9odHRwOi8veGVzdC85NDIwEYYPaHR0cDovL3hlc3QvOTQzMBGGD2h0 +-dHA6Ly94ZXN0Lzk0NDARhg9odHRwOi8veGVzdC85NDUwEYYPaHR0cDovL3hlc3Qv +-OTQ2MBGGD2h0dHA6Ly94ZXN0Lzk0NzARhg9odHRwOi8veGVzdC85NDgwEYYPaHR0 +-cDovL3hlc3QvOTQ5MBGGD2h0dHA6Ly94ZXN0Lzk1MDARhg9odHRwOi8veGVzdC85 +-NTEwEYYPaHR0cDovL3hlc3QvOTUyMBGGD2h0dHA6Ly94ZXN0Lzk1MzARhg9odHRw +-Oi8veGVzdC85NTQwEYYPaHR0cDovL3hlc3QvOTU1MBGGD2h0dHA6Ly94ZXN0Lzk1 +-NjARhg9odHRwOi8veGVzdC85NTcwEYYPaHR0cDovL3hlc3QvOTU4MBGGD2h0dHA6 +-Ly94ZXN0Lzk1OTARhg9odHRwOi8veGVzdC85NjAwEYYPaHR0cDovL3hlc3QvOTYx +-MBGGD2h0dHA6Ly94ZXN0Lzk2MjARhg9odHRwOi8veGVzdC85NjMwEYYPaHR0cDov +-L3hlc3QvOTY0MBGGD2h0dHA6Ly94ZXN0Lzk2NTARhg9odHRwOi8veGVzdC85NjYw +-EYYPaHR0cDovL3hlc3QvOTY3MBGGD2h0dHA6Ly94ZXN0Lzk2ODARhg9odHRwOi8v +-eGVzdC85NjkwEYYPaHR0cDovL3hlc3QvOTcwMBGGD2h0dHA6Ly94ZXN0Lzk3MTAR +-hg9odHRwOi8veGVzdC85NzIwEYYPaHR0cDovL3hlc3QvOTczMBGGD2h0dHA6Ly94 +-ZXN0Lzk3NDARhg9odHRwOi8veGVzdC85NzUwEYYPaHR0cDovL3hlc3QvOTc2MBGG +-D2h0dHA6Ly94ZXN0Lzk3NzARhg9odHRwOi8veGVzdC85NzgwEYYPaHR0cDovL3hl +-c3QvOTc5MBGGD2h0dHA6Ly94ZXN0Lzk4MDARhg9odHRwOi8veGVzdC85ODEwEYYP +-aHR0cDovL3hlc3QvOTgyMBGGD2h0dHA6Ly94ZXN0Lzk4MzARhg9odHRwOi8veGVz +-dC85ODQwEYYPaHR0cDovL3hlc3QvOTg1MBGGD2h0dHA6Ly94ZXN0Lzk4NjARhg9o +-dHRwOi8veGVzdC85ODcwEYYPaHR0cDovL3hlc3QvOTg4MBGGD2h0dHA6Ly94ZXN0 +-Lzk4OTARhg9odHRwOi8veGVzdC85OTAwEYYPaHR0cDovL3hlc3QvOTkxMBGGD2h0 +-dHA6Ly94ZXN0Lzk5MjARhg9odHRwOi8veGVzdC85OTMwEYYPaHR0cDovL3hlc3Qv +-OTk0MBGGD2h0dHA6Ly94ZXN0Lzk5NTARhg9odHRwOi8veGVzdC85OTYwEYYPaHR0 +-cDovL3hlc3QvOTk3MBGGD2h0dHA6Ly94ZXN0Lzk5ODARhg9odHRwOi8veGVzdC85 +-OTkwEoYQaHR0cDovL3hlc3QvMTAwMDAShhBodHRwOi8veGVzdC8xMDAxMBKGEGh0 +-dHA6Ly94ZXN0LzEwMDIwEoYQaHR0cDovL3hlc3QvMTAwMzAShhBodHRwOi8veGVz +-dC8xMDA0MBKGEGh0dHA6Ly94ZXN0LzEwMDUwEoYQaHR0cDovL3hlc3QvMTAwNjAS +-hhBodHRwOi8veGVzdC8xMDA3MBKGEGh0dHA6Ly94ZXN0LzEwMDgwEoYQaHR0cDov +-L3hlc3QvMTAwOTAShhBodHRwOi8veGVzdC8xMDEwMBKGEGh0dHA6Ly94ZXN0LzEw +-MTEwEoYQaHR0cDovL3hlc3QvMTAxMjAShhBodHRwOi8veGVzdC8xMDEzMBKGEGh0 +-dHA6Ly94ZXN0LzEwMTQwEoYQaHR0cDovL3hlc3QvMTAxNTAShhBodHRwOi8veGVz +-dC8xMDE2MBKGEGh0dHA6Ly94ZXN0LzEwMTcwEoYQaHR0cDovL3hlc3QvMTAxODAS +-hhBodHRwOi8veGVzdC8xMDE5MBKGEGh0dHA6Ly94ZXN0LzEwMjAwEoYQaHR0cDov +-L3hlc3QvMTAyMTAShhBodHRwOi8veGVzdC8xMDIyMBKGEGh0dHA6Ly94ZXN0LzEw +-MjMwEoYQaHR0cDovL3hlc3QvMTAyNDANBgkqhkiG9w0BAQsFAAOCAQEADhRMCQwL +-+tquyKQTn32cU2LAUXp6iHiQgfkv5obgczEdhEV/ebpqnO1cqrDd0DKpaXga5Dz6 +-U4oVM33MRUxlTtQBSUfDAgRYqMJgqwGLNa3bV59oEisOxrCAFRHe5F1upbKANGUz +-6UwNkwlu5fT5Bsx+PS65eYCcg5LsFWLmr05Af1WiddHyr6EQKCvD9u86Fjpxmyis +-ZdSr/0qnqoKjjRg258FMeoeLOZCl4iPDmeZdEU9mSBJpckc+57szUTjF4iCqJBLO +-RP7U8zg3aYXYQTJBMPey8HbOS9pDlYcrGJr6QME2cazUj2jM7Y/2qQoplJhxaa/i +-hWJlNqN3rkOvgQ== +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Root +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: +- b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: +- d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: +- 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: +- 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: +- 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: +- 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: +- ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: +- cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: +- 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: +- 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: +- df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: +- 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: +- 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: +- 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: +- 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: +- fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: +- e1:7b +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: +- 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: +- 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: +- 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: +- e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: +- 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: +- 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: +- 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: +- 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: +- 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: +- d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: +- ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: +- cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: +- 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: +- d0:93:0b:59 +------BEGIN CERTIFICATE----- +-MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +-BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +-MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +-CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +-Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +-sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +-cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +-0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +-KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +-MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +-L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +-b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +-9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +-QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +-9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +-l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +-2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +-TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +------END CERTIFICATE----- +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.test b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.test +deleted file mode 100644 +index 96c5f8535640c..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-dns.test ++++ /dev/null +@@ -1,5 +0,0 @@ +-chain: ok-different-types-dns.pem +-last_cert_trust: TRUSTED_ANCHOR +-utc_time: DEFAULT +-key_purpose: SERVER_AUTH +-expected_errors: +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.pem b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.pem +deleted file mode 100644 +index 08135876c9eb9..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.pem ++++ /dev/null +@@ -1,8813 +0,0 @@ +-[Created by: generate-chains.py] +- +-A chain containing a large number of name constraints and names, +-but of different types, thus not triggering the limit. +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:dd +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Intermediate +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=t0 +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: +- 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: +- a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: +- ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: +- e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: +- 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: +- 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: +- 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: +- 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: +- 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: +- 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: +- 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: +- 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: +- 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: +- ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: +- 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: +- 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: +- 52:bd +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF +- X509v3 Authority Key Identifier: +- keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Intermediate.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Intermediate.crl +- +- X509v3 Key Usage: critical +- Digital Signature, Key Encipherment +- X509v3 Extended Key Usage: +- TLS Web Server Authentication, TLS Web Client Authentication +- X509v3 Subject Alternative Name: +- IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255, IP Address:10.0.4.0 +- Signature Algorithm: sha256WithRSAEncryption +- 7d:aa:54:38:c1:c7:b0:75:bf:a5:04:21:55:2a:32:fb:31:a9: +- e1:c8:17:7a:90:98:26:a7:ad:7d:37:89:b7:59:b0:05:c6:71: +- ab:d3:18:c0:2f:62:35:99:c2:69:06:4e:ce:95:9c:e6:ca:db: +- e4:41:d8:4d:61:7c:83:69:78:2a:a7:e5:d5:88:2d:fb:2d:ea: +- 76:34:7c:bd:ff:e2:84:ef:49:e9:7a:8b:ea:41:b4:2e:d7:88: +- cf:5a:70:69:94:57:d9:4f:4d:2d:d2:95:96:0f:9f:66:f3:99: +- ea:e5:31:8d:d5:82:46:83:35:52:85:e9:71:f2:36:e3:c1:2a: +- 53:d2:b7:3d:71:4c:af:be:7f:45:a2:23:28:ca:d5:77:86:e4: +- 96:bd:bf:4f:45:0f:5d:64:90:36:b1:e7:86:08:2a:fe:4e:9e: +- 27:33:76:a8:c1:6a:33:5b:fd:98:a2:28:5c:40:84:1d:22:e4: +- 0b:1b:fa:db:b5:77:6e:df:66:26:e2:7f:7b:fa:1d:00:8d:c2: +- a3:52:f3:90:33:ee:a7:b1:67:88:10:4b:7d:e3:3f:65:fd:4a: +- 2d:f2:06:7e:18:12:2f:d7:2e:df:a4:6f:28:2c:d4:f2:82:34: +- 87:24:0c:6f:5c:18:50:de:39:05:5a:40:c6:2b:9c:1b:79:d5: +- 30:09:0b:db +------BEGIN CERTIFICATE----- +-MIIbtDCCGpygAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY3TANBgkqhkiG9w0BAQsF +-ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +-MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +-ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +-P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +-B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +-Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +-QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +-4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGQEwghj9MB0GA1UdDgQW +-BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +-8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +-Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +-Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgTBgNVHREEghgKMIIYBocE +-CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +-CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +-CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +-CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +-CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +-CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +-CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +-CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +-CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +-CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +-CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +-CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +-CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +-CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +-CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +-CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +-CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +-CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +-CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +-CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +-CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +-CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +-CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +-CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +-CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +-CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +-CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +-CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +-CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +-CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +-CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +-CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +-CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +-CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +-CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +-CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +-CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +-CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +-CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +-CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +-CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +-CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +-CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +-CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +-CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +-CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +-CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +-CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +-CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +-CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +-CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +-CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +-CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +-CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +-CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +-CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +-CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +-CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +-CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +-CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +-CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +-CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +-CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +-CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +-CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +-CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +-CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +-CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +-CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +-CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +-CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +-CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +-CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +-CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +-CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +-CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +-CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +-CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +-CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +-CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +-CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +-CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +-CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +-CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +-CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +-CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +-CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +-CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +-CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +-CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +-CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +-CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +-CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +-CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +-CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +-CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +-CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +-CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +-CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +-CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +-CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +-CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +-CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +-CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +-CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +-CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +-CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +-CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +-CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +-CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +-CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +-CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +-CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +-CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +-CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +-CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +-CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +-CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +-CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +-CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +-CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +-CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +-CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +-CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +-CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +-CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +-CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +-CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/4cE +-CgAEADANBgkqhkiG9w0BAQsFAAOCAQEAfapUOMHHsHW/pQQhVSoy+zGp4cgXepCY +-JqetfTeJt1mwBcZxq9MYwC9iNZnCaQZOzpWc5srb5EHYTWF8g2l4Kqfl1Ygt+y3q +-djR8vf/ihO9J6XqL6kG0LteIz1pwaZRX2U9NLdKVlg+fZvOZ6uUxjdWCRoM1UoXp +-cfI248EqU9K3PXFMr75/RaIjKMrVd4bklr2/T0UPXWSQNrHnhggq/k6eJzN2qMFq +-M1v9mKIoXECEHSLkCxv627V3bt9mJuJ/e/odAI3Co1LzkDPup7FniBBLfeM/Zf1K +-LfIGfhgSL9cu36RvKCzU8oI0hyQMb1wYUN45BVpAxiucG3nVMAkL2w== +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:ff +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Intermediate +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: +- 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: +- 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: +- 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: +- d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: +- 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: +- 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: +- 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: +- d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: +- 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: +- 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: +- ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: +- da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: +- d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: +- 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: +- bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: +- 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: +- 86:65 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- X509v3 Name Constraints: +- Permitted: +- DNS:t0.test +- DNS:t1.test +- DNS:t2.test +- DNS:t3.test +- DNS:t4.test +- DNS:t5.test +- DNS:t6.test +- DNS:t7.test +- DNS:t8.test +- DNS:t9.test +- DNS:t10.test +- DNS:t11.test +- DNS:t12.test +- DNS:t13.test +- DNS:t14.test +- DNS:t15.test +- DNS:t16.test +- DNS:t17.test +- DNS:t18.test +- DNS:t19.test +- DNS:t20.test +- DNS:t21.test +- DNS:t22.test +- DNS:t23.test +- DNS:t24.test +- DNS:t25.test +- DNS:t26.test +- DNS:t27.test +- DNS:t28.test +- DNS:t29.test +- DNS:t30.test +- DNS:t31.test +- DNS:t32.test +- DNS:t33.test +- DNS:t34.test +- DNS:t35.test +- DNS:t36.test +- DNS:t37.test +- DNS:t38.test +- DNS:t39.test +- DNS:t40.test +- DNS:t41.test +- DNS:t42.test +- DNS:t43.test +- DNS:t44.test +- DNS:t45.test +- DNS:t46.test +- DNS:t47.test +- DNS:t48.test +- DNS:t49.test +- DNS:t50.test +- DNS:t51.test +- DNS:t52.test +- DNS:t53.test +- DNS:t54.test +- DNS:t55.test +- DNS:t56.test +- DNS:t57.test +- DNS:t58.test +- DNS:t59.test +- DNS:t60.test +- DNS:t61.test +- DNS:t62.test +- DNS:t63.test +- DNS:t64.test +- DNS:t65.test +- DNS:t66.test +- DNS:t67.test +- DNS:t68.test +- DNS:t69.test +- DNS:t70.test +- DNS:t71.test +- DNS:t72.test +- DNS:t73.test +- DNS:t74.test +- DNS:t75.test +- DNS:t76.test +- DNS:t77.test +- DNS:t78.test +- DNS:t79.test +- DNS:t80.test +- DNS:t81.test +- DNS:t82.test +- DNS:t83.test +- DNS:t84.test +- DNS:t85.test +- DNS:t86.test +- DNS:t87.test +- DNS:t88.test +- DNS:t89.test +- DNS:t90.test +- DNS:t91.test +- DNS:t92.test +- DNS:t93.test +- DNS:t94.test +- DNS:t95.test +- DNS:t96.test +- DNS:t97.test +- DNS:t98.test +- DNS:t99.test +- DNS:t100.test +- DNS:t101.test +- DNS:t102.test +- DNS:t103.test +- DNS:t104.test +- DNS:t105.test +- DNS:t106.test +- DNS:t107.test +- DNS:t108.test +- DNS:t109.test +- DNS:t110.test +- DNS:t111.test +- DNS:t112.test +- DNS:t113.test +- DNS:t114.test +- DNS:t115.test +- DNS:t116.test +- DNS:t117.test +- DNS:t118.test +- DNS:t119.test +- DNS:t120.test +- DNS:t121.test +- DNS:t122.test +- DNS:t123.test +- DNS:t124.test +- DNS:t125.test +- DNS:t126.test +- DNS:t127.test +- DNS:t128.test +- DNS:t129.test +- DNS:t130.test +- DNS:t131.test +- DNS:t132.test +- DNS:t133.test +- DNS:t134.test +- DNS:t135.test +- DNS:t136.test +- DNS:t137.test +- DNS:t138.test +- DNS:t139.test +- DNS:t140.test +- DNS:t141.test +- DNS:t142.test +- DNS:t143.test +- DNS:t144.test +- DNS:t145.test +- DNS:t146.test +- DNS:t147.test +- DNS:t148.test +- DNS:t149.test +- DNS:t150.test +- DNS:t151.test +- DNS:t152.test +- DNS:t153.test +- DNS:t154.test +- DNS:t155.test +- DNS:t156.test +- DNS:t157.test +- DNS:t158.test +- DNS:t159.test +- DNS:t160.test +- DNS:t161.test +- DNS:t162.test +- DNS:t163.test +- DNS:t164.test +- DNS:t165.test +- DNS:t166.test +- DNS:t167.test +- DNS:t168.test +- DNS:t169.test +- DNS:t170.test +- DNS:t171.test +- DNS:t172.test +- DNS:t173.test +- DNS:t174.test +- DNS:t175.test +- DNS:t176.test +- DNS:t177.test +- DNS:t178.test +- DNS:t179.test +- DNS:t180.test +- DNS:t181.test +- DNS:t182.test +- DNS:t183.test +- DNS:t184.test +- DNS:t185.test +- DNS:t186.test +- DNS:t187.test +- DNS:t188.test +- DNS:t189.test +- DNS:t190.test +- DNS:t191.test +- DNS:t192.test +- DNS:t193.test +- DNS:t194.test +- DNS:t195.test +- DNS:t196.test +- DNS:t197.test +- DNS:t198.test +- DNS:t199.test +- DNS:t200.test +- DNS:t201.test +- DNS:t202.test +- DNS:t203.test +- DNS:t204.test +- DNS:t205.test +- DNS:t206.test +- DNS:t207.test +- DNS:t208.test +- DNS:t209.test +- DNS:t210.test +- DNS:t211.test +- DNS:t212.test +- DNS:t213.test +- DNS:t214.test +- DNS:t215.test +- DNS:t216.test +- DNS:t217.test +- DNS:t218.test +- DNS:t219.test +- DNS:t220.test +- DNS:t221.test +- DNS:t222.test +- DNS:t223.test +- DNS:t224.test +- DNS:t225.test +- DNS:t226.test +- DNS:t227.test +- DNS:t228.test +- DNS:t229.test +- DNS:t230.test +- DNS:t231.test +- DNS:t232.test +- DNS:t233.test +- DNS:t234.test +- DNS:t235.test +- DNS:t236.test +- DNS:t237.test +- DNS:t238.test +- DNS:t239.test +- DNS:t240.test +- DNS:t241.test +- DNS:t242.test +- DNS:t243.test +- DNS:t244.test +- DNS:t245.test +- DNS:t246.test +- DNS:t247.test +- DNS:t248.test +- DNS:t249.test +- DNS:t250.test +- DNS:t251.test +- DNS:t252.test +- DNS:t253.test +- DNS:t254.test +- DNS:t255.test +- DNS:t256.test +- DNS:t257.test +- DNS:t258.test +- DNS:t259.test +- DNS:t260.test +- DNS:t261.test +- DNS:t262.test +- DNS:t263.test +- DNS:t264.test +- DNS:t265.test +- DNS:t266.test +- DNS:t267.test +- DNS:t268.test +- DNS:t269.test +- DNS:t270.test +- DNS:t271.test +- DNS:t272.test +- DNS:t273.test +- DNS:t274.test +- DNS:t275.test +- DNS:t276.test +- DNS:t277.test +- DNS:t278.test +- DNS:t279.test +- DNS:t280.test +- DNS:t281.test +- DNS:t282.test +- DNS:t283.test +- DNS:t284.test +- DNS:t285.test +- DNS:t286.test +- DNS:t287.test +- DNS:t288.test +- DNS:t289.test +- DNS:t290.test +- DNS:t291.test +- DNS:t292.test +- DNS:t293.test +- DNS:t294.test +- DNS:t295.test +- DNS:t296.test +- DNS:t297.test +- DNS:t298.test +- DNS:t299.test +- DNS:t300.test +- DNS:t301.test +- DNS:t302.test +- DNS:t303.test +- DNS:t304.test +- DNS:t305.test +- DNS:t306.test +- DNS:t307.test +- DNS:t308.test +- DNS:t309.test +- DNS:t310.test +- DNS:t311.test +- DNS:t312.test +- DNS:t313.test +- DNS:t314.test +- DNS:t315.test +- DNS:t316.test +- DNS:t317.test +- DNS:t318.test +- DNS:t319.test +- DNS:t320.test +- DNS:t321.test +- DNS:t322.test +- DNS:t323.test +- DNS:t324.test +- DNS:t325.test +- DNS:t326.test +- DNS:t327.test +- DNS:t328.test +- DNS:t329.test +- DNS:t330.test +- DNS:t331.test +- DNS:t332.test +- DNS:t333.test +- DNS:t334.test +- DNS:t335.test +- DNS:t336.test +- DNS:t337.test +- DNS:t338.test +- DNS:t339.test +- DNS:t340.test +- DNS:t341.test +- DNS:t342.test +- DNS:t343.test +- DNS:t344.test +- DNS:t345.test +- DNS:t346.test +- DNS:t347.test +- DNS:t348.test +- DNS:t349.test +- DNS:t350.test +- DNS:t351.test +- DNS:t352.test +- DNS:t353.test +- DNS:t354.test +- DNS:t355.test +- DNS:t356.test +- DNS:t357.test +- DNS:t358.test +- DNS:t359.test +- DNS:t360.test +- DNS:t361.test +- DNS:t362.test +- DNS:t363.test +- DNS:t364.test +- DNS:t365.test +- DNS:t366.test +- DNS:t367.test +- DNS:t368.test +- DNS:t369.test +- DNS:t370.test +- DNS:t371.test +- DNS:t372.test +- DNS:t373.test +- DNS:t374.test +- DNS:t375.test +- DNS:t376.test +- DNS:t377.test +- DNS:t378.test +- DNS:t379.test +- DNS:t380.test +- DNS:t381.test +- DNS:t382.test +- DNS:t383.test +- DNS:t384.test +- DNS:t385.test +- DNS:t386.test +- DNS:t387.test +- DNS:t388.test +- DNS:t389.test +- DNS:t390.test +- DNS:t391.test +- DNS:t392.test +- DNS:t393.test +- DNS:t394.test +- DNS:t395.test +- DNS:t396.test +- DNS:t397.test +- DNS:t398.test +- DNS:t399.test +- DNS:t400.test +- DNS:t401.test +- DNS:t402.test +- DNS:t403.test +- DNS:t404.test +- DNS:t405.test +- DNS:t406.test +- DNS:t407.test +- DNS:t408.test +- DNS:t409.test +- DNS:t410.test +- DNS:t411.test +- DNS:t412.test +- DNS:t413.test +- DNS:t414.test +- DNS:t415.test +- DNS:t416.test +- DNS:t417.test +- DNS:t418.test +- DNS:t419.test +- DNS:t420.test +- DNS:t421.test +- DNS:t422.test +- DNS:t423.test +- DNS:t424.test +- DNS:t425.test +- DNS:t426.test +- DNS:t427.test +- DNS:t428.test +- DNS:t429.test +- DNS:t430.test +- DNS:t431.test +- DNS:t432.test +- DNS:t433.test +- DNS:t434.test +- DNS:t435.test +- DNS:t436.test +- DNS:t437.test +- DNS:t438.test +- DNS:t439.test +- DNS:t440.test +- DNS:t441.test +- DNS:t442.test +- DNS:t443.test +- DNS:t444.test +- DNS:t445.test +- DNS:t446.test +- DNS:t447.test +- DNS:t448.test +- DNS:t449.test +- DNS:t450.test +- DNS:t451.test +- DNS:t452.test +- DNS:t453.test +- DNS:t454.test +- DNS:t455.test +- DNS:t456.test +- DNS:t457.test +- DNS:t458.test +- DNS:t459.test +- DNS:t460.test +- DNS:t461.test +- DNS:t462.test +- DNS:t463.test +- DNS:t464.test +- DNS:t465.test +- DNS:t466.test +- DNS:t467.test +- DNS:t468.test +- DNS:t469.test +- DNS:t470.test +- DNS:t471.test +- DNS:t472.test +- DNS:t473.test +- DNS:t474.test +- DNS:t475.test +- DNS:t476.test +- DNS:t477.test +- DNS:t478.test +- DNS:t479.test +- DNS:t480.test +- DNS:t481.test +- DNS:t482.test +- DNS:t483.test +- DNS:t484.test +- DNS:t485.test +- DNS:t486.test +- DNS:t487.test +- DNS:t488.test +- DNS:t489.test +- DNS:t490.test +- DNS:t491.test +- DNS:t492.test +- DNS:t493.test +- DNS:t494.test +- DNS:t495.test +- DNS:t496.test +- DNS:t497.test +- DNS:t498.test +- DNS:t499.test +- DNS:t500.test +- DNS:t501.test +- DNS:t502.test +- DNS:t503.test +- DNS:t504.test +- DNS:t505.test +- DNS:t506.test +- DNS:t507.test +- DNS:t508.test +- DNS:t509.test +- DNS:t510.test +- DNS:t511.test +- DNS:t512.test +- DNS:t513.test +- DNS:t514.test +- DNS:t515.test +- DNS:t516.test +- DNS:t517.test +- DNS:t518.test +- DNS:t519.test +- DNS:t520.test +- DNS:t521.test +- DNS:t522.test +- DNS:t523.test +- DNS:t524.test +- DNS:t525.test +- DNS:t526.test +- DNS:t527.test +- DNS:t528.test +- DNS:t529.test +- DNS:t530.test +- DNS:t531.test +- DNS:t532.test +- DNS:t533.test +- DNS:t534.test +- DNS:t535.test +- DNS:t536.test +- DNS:t537.test +- DNS:t538.test +- DNS:t539.test +- DNS:t540.test +- DNS:t541.test +- DNS:t542.test +- DNS:t543.test +- DNS:t544.test +- DNS:t545.test +- DNS:t546.test +- DNS:t547.test +- DNS:t548.test +- DNS:t549.test +- DNS:t550.test +- DNS:t551.test +- DNS:t552.test +- DNS:t553.test +- DNS:t554.test +- DNS:t555.test +- DNS:t556.test +- DNS:t557.test +- DNS:t558.test +- DNS:t559.test +- DNS:t560.test +- DNS:t561.test +- DNS:t562.test +- DNS:t563.test +- DNS:t564.test +- DNS:t565.test +- DNS:t566.test +- DNS:t567.test +- DNS:t568.test +- DNS:t569.test +- DNS:t570.test +- DNS:t571.test +- DNS:t572.test +- DNS:t573.test +- DNS:t574.test +- DNS:t575.test +- DNS:t576.test +- DNS:t577.test +- DNS:t578.test +- DNS:t579.test +- DNS:t580.test +- DNS:t581.test +- DNS:t582.test +- DNS:t583.test +- DNS:t584.test +- DNS:t585.test +- DNS:t586.test +- DNS:t587.test +- DNS:t588.test +- DNS:t589.test +- DNS:t590.test +- DNS:t591.test +- DNS:t592.test +- DNS:t593.test +- DNS:t594.test +- DNS:t595.test +- DNS:t596.test +- DNS:t597.test +- DNS:t598.test +- DNS:t599.test +- DNS:t600.test +- DNS:t601.test +- DNS:t602.test +- DNS:t603.test +- DNS:t604.test +- DNS:t605.test +- DNS:t606.test +- DNS:t607.test +- DNS:t608.test +- DNS:t609.test +- DNS:t610.test +- DNS:t611.test +- DNS:t612.test +- DNS:t613.test +- DNS:t614.test +- DNS:t615.test +- DNS:t616.test +- DNS:t617.test +- DNS:t618.test +- DNS:t619.test +- DNS:t620.test +- DNS:t621.test +- DNS:t622.test +- DNS:t623.test +- DNS:t624.test +- DNS:t625.test +- DNS:t626.test +- DNS:t627.test +- DNS:t628.test +- DNS:t629.test +- DNS:t630.test +- DNS:t631.test +- DNS:t632.test +- DNS:t633.test +- DNS:t634.test +- DNS:t635.test +- DNS:t636.test +- DNS:t637.test +- DNS:t638.test +- DNS:t639.test +- DNS:t640.test +- DNS:t641.test +- DNS:t642.test +- DNS:t643.test +- DNS:t644.test +- DNS:t645.test +- DNS:t646.test +- DNS:t647.test +- DNS:t648.test +- DNS:t649.test +- DNS:t650.test +- DNS:t651.test +- DNS:t652.test +- DNS:t653.test +- DNS:t654.test +- DNS:t655.test +- DNS:t656.test +- DNS:t657.test +- DNS:t658.test +- DNS:t659.test +- DNS:t660.test +- DNS:t661.test +- DNS:t662.test +- DNS:t663.test +- DNS:t664.test +- DNS:t665.test +- DNS:t666.test +- DNS:t667.test +- DNS:t668.test +- DNS:t669.test +- DNS:t670.test +- DNS:t671.test +- DNS:t672.test +- DNS:t673.test +- DNS:t674.test +- DNS:t675.test +- DNS:t676.test +- DNS:t677.test +- DNS:t678.test +- DNS:t679.test +- DNS:t680.test +- DNS:t681.test +- DNS:t682.test +- DNS:t683.test +- DNS:t684.test +- DNS:t685.test +- DNS:t686.test +- DNS:t687.test +- DNS:t688.test +- DNS:t689.test +- DNS:t690.test +- DNS:t691.test +- DNS:t692.test +- DNS:t693.test +- DNS:t694.test +- DNS:t695.test +- DNS:t696.test +- DNS:t697.test +- DNS:t698.test +- DNS:t699.test +- DNS:t700.test +- DNS:t701.test +- DNS:t702.test +- DNS:t703.test +- DNS:t704.test +- DNS:t705.test +- DNS:t706.test +- DNS:t707.test +- DNS:t708.test +- DNS:t709.test +- DNS:t710.test +- DNS:t711.test +- DNS:t712.test +- DNS:t713.test +- DNS:t714.test +- DNS:t715.test +- DNS:t716.test +- DNS:t717.test +- DNS:t718.test +- DNS:t719.test +- DNS:t720.test +- DNS:t721.test +- DNS:t722.test +- DNS:t723.test +- DNS:t724.test +- DNS:t725.test +- DNS:t726.test +- DNS:t727.test +- DNS:t728.test +- DNS:t729.test +- DNS:t730.test +- DNS:t731.test +- DNS:t732.test +- DNS:t733.test +- DNS:t734.test +- DNS:t735.test +- DNS:t736.test +- DNS:t737.test +- DNS:t738.test +- DNS:t739.test +- DNS:t740.test +- DNS:t741.test +- DNS:t742.test +- DNS:t743.test +- DNS:t744.test +- DNS:t745.test +- DNS:t746.test +- DNS:t747.test +- DNS:t748.test +- DNS:t749.test +- DNS:t750.test +- DNS:t751.test +- DNS:t752.test +- DNS:t753.test +- DNS:t754.test +- DNS:t755.test +- DNS:t756.test +- DNS:t757.test +- DNS:t758.test +- DNS:t759.test +- DNS:t760.test +- DNS:t761.test +- DNS:t762.test +- DNS:t763.test +- DNS:t764.test +- DNS:t765.test +- DNS:t766.test +- DNS:t767.test +- DNS:t768.test +- DNS:t769.test +- DNS:t770.test +- DNS:t771.test +- DNS:t772.test +- DNS:t773.test +- DNS:t774.test +- DNS:t775.test +- DNS:t776.test +- DNS:t777.test +- DNS:t778.test +- DNS:t779.test +- DNS:t780.test +- DNS:t781.test +- DNS:t782.test +- DNS:t783.test +- DNS:t784.test +- DNS:t785.test +- DNS:t786.test +- DNS:t787.test +- DNS:t788.test +- DNS:t789.test +- DNS:t790.test +- DNS:t791.test +- DNS:t792.test +- DNS:t793.test +- DNS:t794.test +- DNS:t795.test +- DNS:t796.test +- DNS:t797.test +- DNS:t798.test +- DNS:t799.test +- DNS:t800.test +- DNS:t801.test +- DNS:t802.test +- DNS:t803.test +- DNS:t804.test +- DNS:t805.test +- DNS:t806.test +- DNS:t807.test +- DNS:t808.test +- DNS:t809.test +- DNS:t810.test +- DNS:t811.test +- DNS:t812.test +- DNS:t813.test +- DNS:t814.test +- DNS:t815.test +- DNS:t816.test +- DNS:t817.test +- DNS:t818.test +- DNS:t819.test +- DNS:t820.test +- DNS:t821.test +- DNS:t822.test +- DNS:t823.test +- DNS:t824.test +- DNS:t825.test +- DNS:t826.test +- DNS:t827.test +- DNS:t828.test +- DNS:t829.test +- DNS:t830.test +- DNS:t831.test +- DNS:t832.test +- DNS:t833.test +- DNS:t834.test +- DNS:t835.test +- DNS:t836.test +- DNS:t837.test +- DNS:t838.test +- DNS:t839.test +- DNS:t840.test +- DNS:t841.test +- DNS:t842.test +- DNS:t843.test +- DNS:t844.test +- DNS:t845.test +- DNS:t846.test +- DNS:t847.test +- DNS:t848.test +- DNS:t849.test +- DNS:t850.test +- DNS:t851.test +- DNS:t852.test +- DNS:t853.test +- DNS:t854.test +- DNS:t855.test +- DNS:t856.test +- DNS:t857.test +- DNS:t858.test +- DNS:t859.test +- DNS:t860.test +- DNS:t861.test +- DNS:t862.test +- DNS:t863.test +- DNS:t864.test +- DNS:t865.test +- DNS:t866.test +- DNS:t867.test +- DNS:t868.test +- DNS:t869.test +- DNS:t870.test +- DNS:t871.test +- DNS:t872.test +- DNS:t873.test +- DNS:t874.test +- DNS:t875.test +- DNS:t876.test +- DNS:t877.test +- DNS:t878.test +- DNS:t879.test +- DNS:t880.test +- DNS:t881.test +- DNS:t882.test +- DNS:t883.test +- DNS:t884.test +- DNS:t885.test +- DNS:t886.test +- DNS:t887.test +- DNS:t888.test +- DNS:t889.test +- DNS:t890.test +- DNS:t891.test +- DNS:t892.test +- DNS:t893.test +- DNS:t894.test +- DNS:t895.test +- DNS:t896.test +- DNS:t897.test +- DNS:t898.test +- DNS:t899.test +- DNS:t900.test +- DNS:t901.test +- DNS:t902.test +- DNS:t903.test +- DNS:t904.test +- DNS:t905.test +- DNS:t906.test +- DNS:t907.test +- DNS:t908.test +- DNS:t909.test +- DNS:t910.test +- DNS:t911.test +- DNS:t912.test +- DNS:t913.test +- DNS:t914.test +- DNS:t915.test +- DNS:t916.test +- DNS:t917.test +- DNS:t918.test +- DNS:t919.test +- DNS:t920.test +- DNS:t921.test +- DNS:t922.test +- DNS:t923.test +- DNS:t924.test +- DNS:t925.test +- DNS:t926.test +- DNS:t927.test +- DNS:t928.test +- DNS:t929.test +- DNS:t930.test +- DNS:t931.test +- DNS:t932.test +- DNS:t933.test +- DNS:t934.test +- DNS:t935.test +- DNS:t936.test +- DNS:t937.test +- DNS:t938.test +- DNS:t939.test +- DNS:t940.test +- DNS:t941.test +- DNS:t942.test +- DNS:t943.test +- DNS:t944.test +- DNS:t945.test +- DNS:t946.test +- DNS:t947.test +- DNS:t948.test +- DNS:t949.test +- DNS:t950.test +- DNS:t951.test +- DNS:t952.test +- DNS:t953.test +- DNS:t954.test +- DNS:t955.test +- DNS:t956.test +- DNS:t957.test +- DNS:t958.test +- DNS:t959.test +- DNS:t960.test +- DNS:t961.test +- DNS:t962.test +- DNS:t963.test +- DNS:t964.test +- DNS:t965.test +- DNS:t966.test +- DNS:t967.test +- DNS:t968.test +- DNS:t969.test +- DNS:t970.test +- DNS:t971.test +- DNS:t972.test +- DNS:t973.test +- DNS:t974.test +- DNS:t975.test +- DNS:t976.test +- DNS:t977.test +- DNS:t978.test +- DNS:t979.test +- DNS:t980.test +- DNS:t981.test +- DNS:t982.test +- DNS:t983.test +- DNS:t984.test +- DNS:t985.test +- DNS:t986.test +- DNS:t987.test +- DNS:t988.test +- DNS:t989.test +- DNS:t990.test +- DNS:t991.test +- DNS:t992.test +- DNS:t993.test +- DNS:t994.test +- DNS:t995.test +- DNS:t996.test +- DNS:t997.test +- DNS:t998.test +- DNS:t999.test +- DNS:t1000.test +- DNS:t1001.test +- DNS:t1002.test +- DNS:t1003.test +- DNS:t1004.test +- DNS:t1005.test +- DNS:t1006.test +- DNS:t1007.test +- DNS:t1008.test +- DNS:t1009.test +- DNS:t1010.test +- DNS:t1011.test +- DNS:t1012.test +- DNS:t1013.test +- DNS:t1014.test +- DNS:t1015.test +- DNS:t1016.test +- DNS:t1017.test +- DNS:t1018.test +- DNS:t1019.test +- DNS:t1020.test +- DNS:t1021.test +- DNS:t1022.test +- DNS:t1023.test +- DNS:t1024.test +- DirName:CN = t0 +- DirName:CN = t1 +- DirName:CN = t2 +- DirName:CN = t3 +- DirName:CN = t4 +- DirName:CN = t5 +- DirName:CN = t6 +- DirName:CN = t7 +- DirName:CN = t8 +- DirName:CN = t9 +- DirName:CN = t10 +- DirName:CN = t11 +- DirName:CN = t12 +- DirName:CN = t13 +- DirName:CN = t14 +- DirName:CN = t15 +- DirName:CN = t16 +- DirName:CN = t17 +- DirName:CN = t18 +- DirName:CN = t19 +- DirName:CN = t20 +- DirName:CN = t21 +- DirName:CN = t22 +- DirName:CN = t23 +- DirName:CN = t24 +- DirName:CN = t25 +- DirName:CN = t26 +- DirName:CN = t27 +- DirName:CN = t28 +- DirName:CN = t29 +- DirName:CN = t30 +- DirName:CN = t31 +- DirName:CN = t32 +- DirName:CN = t33 +- DirName:CN = t34 +- DirName:CN = t35 +- DirName:CN = t36 +- DirName:CN = t37 +- DirName:CN = t38 +- DirName:CN = t39 +- DirName:CN = t40 +- DirName:CN = t41 +- DirName:CN = t42 +- DirName:CN = t43 +- DirName:CN = t44 +- DirName:CN = t45 +- DirName:CN = t46 +- DirName:CN = t47 +- DirName:CN = t48 +- DirName:CN = t49 +- DirName:CN = t50 +- DirName:CN = t51 +- DirName:CN = t52 +- DirName:CN = t53 +- DirName:CN = t54 +- DirName:CN = t55 +- DirName:CN = t56 +- DirName:CN = t57 +- DirName:CN = t58 +- DirName:CN = t59 +- DirName:CN = t60 +- DirName:CN = t61 +- DirName:CN = t62 +- DirName:CN = t63 +- DirName:CN = t64 +- DirName:CN = t65 +- DirName:CN = t66 +- DirName:CN = t67 +- DirName:CN = t68 +- DirName:CN = t69 +- DirName:CN = t70 +- DirName:CN = t71 +- DirName:CN = t72 +- DirName:CN = t73 +- DirName:CN = t74 +- DirName:CN = t75 +- DirName:CN = t76 +- DirName:CN = t77 +- DirName:CN = t78 +- DirName:CN = t79 +- DirName:CN = t80 +- DirName:CN = t81 +- DirName:CN = t82 +- DirName:CN = t83 +- DirName:CN = t84 +- DirName:CN = t85 +- DirName:CN = t86 +- DirName:CN = t87 +- DirName:CN = t88 +- DirName:CN = t89 +- DirName:CN = t90 +- DirName:CN = t91 +- DirName:CN = t92 +- DirName:CN = t93 +- DirName:CN = t94 +- DirName:CN = t95 +- DirName:CN = t96 +- DirName:CN = t97 +- DirName:CN = t98 +- DirName:CN = t99 +- DirName:CN = t100 +- DirName:CN = t101 +- DirName:CN = t102 +- DirName:CN = t103 +- DirName:CN = t104 +- DirName:CN = t105 +- DirName:CN = t106 +- DirName:CN = t107 +- DirName:CN = t108 +- DirName:CN = t109 +- DirName:CN = t110 +- DirName:CN = t111 +- DirName:CN = t112 +- DirName:CN = t113 +- DirName:CN = t114 +- DirName:CN = t115 +- DirName:CN = t116 +- DirName:CN = t117 +- DirName:CN = t118 +- DirName:CN = t119 +- DirName:CN = t120 +- DirName:CN = t121 +- DirName:CN = t122 +- DirName:CN = t123 +- DirName:CN = t124 +- DirName:CN = t125 +- DirName:CN = t126 +- DirName:CN = t127 +- DirName:CN = t128 +- DirName:CN = t129 +- DirName:CN = t130 +- DirName:CN = t131 +- DirName:CN = t132 +- DirName:CN = t133 +- DirName:CN = t134 +- DirName:CN = t135 +- DirName:CN = t136 +- DirName:CN = t137 +- DirName:CN = t138 +- DirName:CN = t139 +- DirName:CN = t140 +- DirName:CN = t141 +- DirName:CN = t142 +- DirName:CN = t143 +- DirName:CN = t144 +- DirName:CN = t145 +- DirName:CN = t146 +- DirName:CN = t147 +- DirName:CN = t148 +- DirName:CN = t149 +- DirName:CN = t150 +- DirName:CN = t151 +- DirName:CN = t152 +- DirName:CN = t153 +- DirName:CN = t154 +- DirName:CN = t155 +- DirName:CN = t156 +- DirName:CN = t157 +- DirName:CN = t158 +- DirName:CN = t159 +- DirName:CN = t160 +- DirName:CN = t161 +- DirName:CN = t162 +- DirName:CN = t163 +- DirName:CN = t164 +- DirName:CN = t165 +- DirName:CN = t166 +- DirName:CN = t167 +- DirName:CN = t168 +- DirName:CN = t169 +- DirName:CN = t170 +- DirName:CN = t171 +- DirName:CN = t172 +- DirName:CN = t173 +- DirName:CN = t174 +- DirName:CN = t175 +- DirName:CN = t176 +- DirName:CN = t177 +- DirName:CN = t178 +- DirName:CN = t179 +- DirName:CN = t180 +- DirName:CN = t181 +- DirName:CN = t182 +- DirName:CN = t183 +- DirName:CN = t184 +- DirName:CN = t185 +- DirName:CN = t186 +- DirName:CN = t187 +- DirName:CN = t188 +- DirName:CN = t189 +- DirName:CN = t190 +- DirName:CN = t191 +- DirName:CN = t192 +- DirName:CN = t193 +- DirName:CN = t194 +- DirName:CN = t195 +- DirName:CN = t196 +- DirName:CN = t197 +- DirName:CN = t198 +- DirName:CN = t199 +- DirName:CN = t200 +- DirName:CN = t201 +- DirName:CN = t202 +- DirName:CN = t203 +- DirName:CN = t204 +- DirName:CN = t205 +- DirName:CN = t206 +- DirName:CN = t207 +- DirName:CN = t208 +- DirName:CN = t209 +- DirName:CN = t210 +- DirName:CN = t211 +- DirName:CN = t212 +- DirName:CN = t213 +- DirName:CN = t214 +- DirName:CN = t215 +- DirName:CN = t216 +- DirName:CN = t217 +- DirName:CN = t218 +- DirName:CN = t219 +- DirName:CN = t220 +- DirName:CN = t221 +- DirName:CN = t222 +- DirName:CN = t223 +- DirName:CN = t224 +- DirName:CN = t225 +- DirName:CN = t226 +- DirName:CN = t227 +- DirName:CN = t228 +- DirName:CN = t229 +- DirName:CN = t230 +- DirName:CN = t231 +- DirName:CN = t232 +- DirName:CN = t233 +- DirName:CN = t234 +- DirName:CN = t235 +- DirName:CN = t236 +- DirName:CN = t237 +- DirName:CN = t238 +- DirName:CN = t239 +- DirName:CN = t240 +- DirName:CN = t241 +- DirName:CN = t242 +- DirName:CN = t243 +- DirName:CN = t244 +- DirName:CN = t245 +- DirName:CN = t246 +- DirName:CN = t247 +- DirName:CN = t248 +- DirName:CN = t249 +- DirName:CN = t250 +- DirName:CN = t251 +- DirName:CN = t252 +- DirName:CN = t253 +- DirName:CN = t254 +- DirName:CN = t255 +- DirName:CN = t256 +- DirName:CN = t257 +- DirName:CN = t258 +- DirName:CN = t259 +- DirName:CN = t260 +- DirName:CN = t261 +- DirName:CN = t262 +- DirName:CN = t263 +- DirName:CN = t264 +- DirName:CN = t265 +- DirName:CN = t266 +- DirName:CN = t267 +- DirName:CN = t268 +- DirName:CN = t269 +- DirName:CN = t270 +- DirName:CN = t271 +- DirName:CN = t272 +- DirName:CN = t273 +- DirName:CN = t274 +- DirName:CN = t275 +- DirName:CN = t276 +- DirName:CN = t277 +- DirName:CN = t278 +- DirName:CN = t279 +- DirName:CN = t280 +- DirName:CN = t281 +- DirName:CN = t282 +- DirName:CN = t283 +- DirName:CN = t284 +- DirName:CN = t285 +- DirName:CN = t286 +- DirName:CN = t287 +- DirName:CN = t288 +- DirName:CN = t289 +- DirName:CN = t290 +- DirName:CN = t291 +- DirName:CN = t292 +- DirName:CN = t293 +- DirName:CN = t294 +- DirName:CN = t295 +- DirName:CN = t296 +- DirName:CN = t297 +- DirName:CN = t298 +- DirName:CN = t299 +- DirName:CN = t300 +- DirName:CN = t301 +- DirName:CN = t302 +- DirName:CN = t303 +- DirName:CN = t304 +- DirName:CN = t305 +- DirName:CN = t306 +- DirName:CN = t307 +- DirName:CN = t308 +- DirName:CN = t309 +- DirName:CN = t310 +- DirName:CN = t311 +- DirName:CN = t312 +- DirName:CN = t313 +- DirName:CN = t314 +- DirName:CN = t315 +- DirName:CN = t316 +- DirName:CN = t317 +- DirName:CN = t318 +- DirName:CN = t319 +- DirName:CN = t320 +- DirName:CN = t321 +- DirName:CN = t322 +- DirName:CN = t323 +- DirName:CN = t324 +- DirName:CN = t325 +- DirName:CN = t326 +- DirName:CN = t327 +- DirName:CN = t328 +- DirName:CN = t329 +- DirName:CN = t330 +- DirName:CN = t331 +- DirName:CN = t332 +- DirName:CN = t333 +- DirName:CN = t334 +- DirName:CN = t335 +- DirName:CN = t336 +- DirName:CN = t337 +- DirName:CN = t338 +- DirName:CN = t339 +- DirName:CN = t340 +- DirName:CN = t341 +- DirName:CN = t342 +- DirName:CN = t343 +- DirName:CN = t344 +- DirName:CN = t345 +- DirName:CN = t346 +- DirName:CN = t347 +- DirName:CN = t348 +- DirName:CN = t349 +- DirName:CN = t350 +- DirName:CN = t351 +- DirName:CN = t352 +- DirName:CN = t353 +- DirName:CN = t354 +- DirName:CN = t355 +- DirName:CN = t356 +- DirName:CN = t357 +- DirName:CN = t358 +- DirName:CN = t359 +- DirName:CN = t360 +- DirName:CN = t361 +- DirName:CN = t362 +- DirName:CN = t363 +- DirName:CN = t364 +- DirName:CN = t365 +- DirName:CN = t366 +- DirName:CN = t367 +- DirName:CN = t368 +- DirName:CN = t369 +- DirName:CN = t370 +- DirName:CN = t371 +- DirName:CN = t372 +- DirName:CN = t373 +- DirName:CN = t374 +- DirName:CN = t375 +- DirName:CN = t376 +- DirName:CN = t377 +- DirName:CN = t378 +- DirName:CN = t379 +- DirName:CN = t380 +- DirName:CN = t381 +- DirName:CN = t382 +- DirName:CN = t383 +- DirName:CN = t384 +- DirName:CN = t385 +- DirName:CN = t386 +- DirName:CN = t387 +- DirName:CN = t388 +- DirName:CN = t389 +- DirName:CN = t390 +- DirName:CN = t391 +- DirName:CN = t392 +- DirName:CN = t393 +- DirName:CN = t394 +- DirName:CN = t395 +- DirName:CN = t396 +- DirName:CN = t397 +- DirName:CN = t398 +- DirName:CN = t399 +- DirName:CN = t400 +- DirName:CN = t401 +- DirName:CN = t402 +- DirName:CN = t403 +- DirName:CN = t404 +- DirName:CN = t405 +- DirName:CN = t406 +- DirName:CN = t407 +- DirName:CN = t408 +- DirName:CN = t409 +- DirName:CN = t410 +- DirName:CN = t411 +- DirName:CN = t412 +- DirName:CN = t413 +- DirName:CN = t414 +- DirName:CN = t415 +- DirName:CN = t416 +- DirName:CN = t417 +- DirName:CN = t418 +- DirName:CN = t419 +- DirName:CN = t420 +- DirName:CN = t421 +- DirName:CN = t422 +- DirName:CN = t423 +- DirName:CN = t424 +- DirName:CN = t425 +- DirName:CN = t426 +- DirName:CN = t427 +- DirName:CN = t428 +- DirName:CN = t429 +- DirName:CN = t430 +- DirName:CN = t431 +- DirName:CN = t432 +- DirName:CN = t433 +- DirName:CN = t434 +- DirName:CN = t435 +- DirName:CN = t436 +- DirName:CN = t437 +- DirName:CN = t438 +- DirName:CN = t439 +- DirName:CN = t440 +- DirName:CN = t441 +- DirName:CN = t442 +- DirName:CN = t443 +- DirName:CN = t444 +- DirName:CN = t445 +- DirName:CN = t446 +- DirName:CN = t447 +- DirName:CN = t448 +- DirName:CN = t449 +- DirName:CN = t450 +- DirName:CN = t451 +- DirName:CN = t452 +- DirName:CN = t453 +- DirName:CN = t454 +- DirName:CN = t455 +- DirName:CN = t456 +- DirName:CN = t457 +- DirName:CN = t458 +- DirName:CN = t459 +- DirName:CN = t460 +- DirName:CN = t461 +- DirName:CN = t462 +- DirName:CN = t463 +- DirName:CN = t464 +- DirName:CN = t465 +- DirName:CN = t466 +- DirName:CN = t467 +- DirName:CN = t468 +- DirName:CN = t469 +- DirName:CN = t470 +- DirName:CN = t471 +- DirName:CN = t472 +- DirName:CN = t473 +- DirName:CN = t474 +- DirName:CN = t475 +- DirName:CN = t476 +- DirName:CN = t477 +- DirName:CN = t478 +- DirName:CN = t479 +- DirName:CN = t480 +- DirName:CN = t481 +- DirName:CN = t482 +- DirName:CN = t483 +- DirName:CN = t484 +- DirName:CN = t485 +- DirName:CN = t486 +- DirName:CN = t487 +- DirName:CN = t488 +- DirName:CN = t489 +- DirName:CN = t490 +- DirName:CN = t491 +- DirName:CN = t492 +- DirName:CN = t493 +- DirName:CN = t494 +- DirName:CN = t495 +- DirName:CN = t496 +- DirName:CN = t497 +- DirName:CN = t498 +- DirName:CN = t499 +- DirName:CN = t500 +- DirName:CN = t501 +- DirName:CN = t502 +- DirName:CN = t503 +- DirName:CN = t504 +- DirName:CN = t505 +- DirName:CN = t506 +- DirName:CN = t507 +- DirName:CN = t508 +- DirName:CN = t509 +- DirName:CN = t510 +- DirName:CN = t511 +- DirName:CN = t512 +- DirName:CN = t513 +- DirName:CN = t514 +- DirName:CN = t515 +- DirName:CN = t516 +- DirName:CN = t517 +- DirName:CN = t518 +- DirName:CN = t519 +- DirName:CN = t520 +- DirName:CN = t521 +- DirName:CN = t522 +- DirName:CN = t523 +- DirName:CN = t524 +- DirName:CN = t525 +- DirName:CN = t526 +- DirName:CN = t527 +- DirName:CN = t528 +- DirName:CN = t529 +- DirName:CN = t530 +- DirName:CN = t531 +- DirName:CN = t532 +- DirName:CN = t533 +- DirName:CN = t534 +- DirName:CN = t535 +- DirName:CN = t536 +- DirName:CN = t537 +- DirName:CN = t538 +- DirName:CN = t539 +- DirName:CN = t540 +- DirName:CN = t541 +- DirName:CN = t542 +- DirName:CN = t543 +- DirName:CN = t544 +- DirName:CN = t545 +- DirName:CN = t546 +- DirName:CN = t547 +- DirName:CN = t548 +- DirName:CN = t549 +- DirName:CN = t550 +- DirName:CN = t551 +- DirName:CN = t552 +- DirName:CN = t553 +- DirName:CN = t554 +- DirName:CN = t555 +- DirName:CN = t556 +- DirName:CN = t557 +- DirName:CN = t558 +- DirName:CN = t559 +- DirName:CN = t560 +- DirName:CN = t561 +- DirName:CN = t562 +- DirName:CN = t563 +- DirName:CN = t564 +- DirName:CN = t565 +- DirName:CN = t566 +- DirName:CN = t567 +- DirName:CN = t568 +- DirName:CN = t569 +- DirName:CN = t570 +- DirName:CN = t571 +- DirName:CN = t572 +- DirName:CN = t573 +- DirName:CN = t574 +- DirName:CN = t575 +- DirName:CN = t576 +- DirName:CN = t577 +- DirName:CN = t578 +- DirName:CN = t579 +- DirName:CN = t580 +- DirName:CN = t581 +- DirName:CN = t582 +- DirName:CN = t583 +- DirName:CN = t584 +- DirName:CN = t585 +- DirName:CN = t586 +- DirName:CN = t587 +- DirName:CN = t588 +- DirName:CN = t589 +- DirName:CN = t590 +- DirName:CN = t591 +- DirName:CN = t592 +- DirName:CN = t593 +- DirName:CN = t594 +- DirName:CN = t595 +- DirName:CN = t596 +- DirName:CN = t597 +- DirName:CN = t598 +- DirName:CN = t599 +- DirName:CN = t600 +- DirName:CN = t601 +- DirName:CN = t602 +- DirName:CN = t603 +- DirName:CN = t604 +- DirName:CN = t605 +- DirName:CN = t606 +- DirName:CN = t607 +- DirName:CN = t608 +- DirName:CN = t609 +- DirName:CN = t610 +- DirName:CN = t611 +- DirName:CN = t612 +- DirName:CN = t613 +- DirName:CN = t614 +- DirName:CN = t615 +- DirName:CN = t616 +- DirName:CN = t617 +- DirName:CN = t618 +- DirName:CN = t619 +- DirName:CN = t620 +- DirName:CN = t621 +- DirName:CN = t622 +- DirName:CN = t623 +- DirName:CN = t624 +- DirName:CN = t625 +- DirName:CN = t626 +- DirName:CN = t627 +- DirName:CN = t628 +- DirName:CN = t629 +- DirName:CN = t630 +- DirName:CN = t631 +- DirName:CN = t632 +- DirName:CN = t633 +- DirName:CN = t634 +- DirName:CN = t635 +- DirName:CN = t636 +- DirName:CN = t637 +- DirName:CN = t638 +- DirName:CN = t639 +- DirName:CN = t640 +- DirName:CN = t641 +- DirName:CN = t642 +- DirName:CN = t643 +- DirName:CN = t644 +- DirName:CN = t645 +- DirName:CN = t646 +- DirName:CN = t647 +- DirName:CN = t648 +- DirName:CN = t649 +- DirName:CN = t650 +- DirName:CN = t651 +- DirName:CN = t652 +- DirName:CN = t653 +- DirName:CN = t654 +- DirName:CN = t655 +- DirName:CN = t656 +- DirName:CN = t657 +- DirName:CN = t658 +- DirName:CN = t659 +- DirName:CN = t660 +- DirName:CN = t661 +- DirName:CN = t662 +- DirName:CN = t663 +- DirName:CN = t664 +- DirName:CN = t665 +- DirName:CN = t666 +- DirName:CN = t667 +- DirName:CN = t668 +- DirName:CN = t669 +- DirName:CN = t670 +- DirName:CN = t671 +- DirName:CN = t672 +- DirName:CN = t673 +- DirName:CN = t674 +- DirName:CN = t675 +- DirName:CN = t676 +- DirName:CN = t677 +- DirName:CN = t678 +- DirName:CN = t679 +- DirName:CN = t680 +- DirName:CN = t681 +- DirName:CN = t682 +- DirName:CN = t683 +- DirName:CN = t684 +- DirName:CN = t685 +- DirName:CN = t686 +- DirName:CN = t687 +- DirName:CN = t688 +- DirName:CN = t689 +- DirName:CN = t690 +- DirName:CN = t691 +- DirName:CN = t692 +- DirName:CN = t693 +- DirName:CN = t694 +- DirName:CN = t695 +- DirName:CN = t696 +- DirName:CN = t697 +- DirName:CN = t698 +- DirName:CN = t699 +- DirName:CN = t700 +- DirName:CN = t701 +- DirName:CN = t702 +- DirName:CN = t703 +- DirName:CN = t704 +- DirName:CN = t705 +- DirName:CN = t706 +- DirName:CN = t707 +- DirName:CN = t708 +- DirName:CN = t709 +- DirName:CN = t710 +- DirName:CN = t711 +- DirName:CN = t712 +- DirName:CN = t713 +- DirName:CN = t714 +- DirName:CN = t715 +- DirName:CN = t716 +- DirName:CN = t717 +- DirName:CN = t718 +- DirName:CN = t719 +- DirName:CN = t720 +- DirName:CN = t721 +- DirName:CN = t722 +- DirName:CN = t723 +- DirName:CN = t724 +- DirName:CN = t725 +- DirName:CN = t726 +- DirName:CN = t727 +- DirName:CN = t728 +- DirName:CN = t729 +- DirName:CN = t730 +- DirName:CN = t731 +- DirName:CN = t732 +- DirName:CN = t733 +- DirName:CN = t734 +- DirName:CN = t735 +- DirName:CN = t736 +- DirName:CN = t737 +- DirName:CN = t738 +- DirName:CN = t739 +- DirName:CN = t740 +- DirName:CN = t741 +- DirName:CN = t742 +- DirName:CN = t743 +- DirName:CN = t744 +- DirName:CN = t745 +- DirName:CN = t746 +- DirName:CN = t747 +- DirName:CN = t748 +- DirName:CN = t749 +- DirName:CN = t750 +- DirName:CN = t751 +- DirName:CN = t752 +- DirName:CN = t753 +- DirName:CN = t754 +- DirName:CN = t755 +- DirName:CN = t756 +- DirName:CN = t757 +- DirName:CN = t758 +- DirName:CN = t759 +- DirName:CN = t760 +- DirName:CN = t761 +- DirName:CN = t762 +- DirName:CN = t763 +- DirName:CN = t764 +- DirName:CN = t765 +- DirName:CN = t766 +- DirName:CN = t767 +- DirName:CN = t768 +- DirName:CN = t769 +- DirName:CN = t770 +- DirName:CN = t771 +- DirName:CN = t772 +- DirName:CN = t773 +- DirName:CN = t774 +- DirName:CN = t775 +- DirName:CN = t776 +- DirName:CN = t777 +- DirName:CN = t778 +- DirName:CN = t779 +- DirName:CN = t780 +- DirName:CN = t781 +- DirName:CN = t782 +- DirName:CN = t783 +- DirName:CN = t784 +- DirName:CN = t785 +- DirName:CN = t786 +- DirName:CN = t787 +- DirName:CN = t788 +- DirName:CN = t789 +- DirName:CN = t790 +- DirName:CN = t791 +- DirName:CN = t792 +- DirName:CN = t793 +- DirName:CN = t794 +- DirName:CN = t795 +- DirName:CN = t796 +- DirName:CN = t797 +- DirName:CN = t798 +- DirName:CN = t799 +- DirName:CN = t800 +- DirName:CN = t801 +- DirName:CN = t802 +- DirName:CN = t803 +- DirName:CN = t804 +- DirName:CN = t805 +- DirName:CN = t806 +- DirName:CN = t807 +- DirName:CN = t808 +- DirName:CN = t809 +- DirName:CN = t810 +- DirName:CN = t811 +- DirName:CN = t812 +- DirName:CN = t813 +- DirName:CN = t814 +- DirName:CN = t815 +- DirName:CN = t816 +- DirName:CN = t817 +- DirName:CN = t818 +- DirName:CN = t819 +- DirName:CN = t820 +- DirName:CN = t821 +- DirName:CN = t822 +- DirName:CN = t823 +- DirName:CN = t824 +- DirName:CN = t825 +- DirName:CN = t826 +- DirName:CN = t827 +- DirName:CN = t828 +- DirName:CN = t829 +- DirName:CN = t830 +- DirName:CN = t831 +- DirName:CN = t832 +- DirName:CN = t833 +- DirName:CN = t834 +- DirName:CN = t835 +- DirName:CN = t836 +- DirName:CN = t837 +- DirName:CN = t838 +- DirName:CN = t839 +- DirName:CN = t840 +- DirName:CN = t841 +- DirName:CN = t842 +- DirName:CN = t843 +- DirName:CN = t844 +- DirName:CN = t845 +- DirName:CN = t846 +- DirName:CN = t847 +- DirName:CN = t848 +- DirName:CN = t849 +- DirName:CN = t850 +- DirName:CN = t851 +- DirName:CN = t852 +- DirName:CN = t853 +- DirName:CN = t854 +- DirName:CN = t855 +- DirName:CN = t856 +- DirName:CN = t857 +- DirName:CN = t858 +- DirName:CN = t859 +- DirName:CN = t860 +- DirName:CN = t861 +- DirName:CN = t862 +- DirName:CN = t863 +- DirName:CN = t864 +- DirName:CN = t865 +- DirName:CN = t866 +- DirName:CN = t867 +- DirName:CN = t868 +- DirName:CN = t869 +- DirName:CN = t870 +- DirName:CN = t871 +- DirName:CN = t872 +- DirName:CN = t873 +- DirName:CN = t874 +- DirName:CN = t875 +- DirName:CN = t876 +- DirName:CN = t877 +- DirName:CN = t878 +- DirName:CN = t879 +- DirName:CN = t880 +- DirName:CN = t881 +- DirName:CN = t882 +- DirName:CN = t883 +- DirName:CN = t884 +- DirName:CN = t885 +- DirName:CN = t886 +- DirName:CN = t887 +- DirName:CN = t888 +- DirName:CN = t889 +- DirName:CN = t890 +- DirName:CN = t891 +- DirName:CN = t892 +- DirName:CN = t893 +- DirName:CN = t894 +- DirName:CN = t895 +- DirName:CN = t896 +- DirName:CN = t897 +- DirName:CN = t898 +- DirName:CN = t899 +- DirName:CN = t900 +- DirName:CN = t901 +- DirName:CN = t902 +- DirName:CN = t903 +- DirName:CN = t904 +- DirName:CN = t905 +- DirName:CN = t906 +- DirName:CN = t907 +- DirName:CN = t908 +- DirName:CN = t909 +- DirName:CN = t910 +- DirName:CN = t911 +- DirName:CN = t912 +- DirName:CN = t913 +- DirName:CN = t914 +- DirName:CN = t915 +- DirName:CN = t916 +- DirName:CN = t917 +- DirName:CN = t918 +- DirName:CN = t919 +- DirName:CN = t920 +- DirName:CN = t921 +- DirName:CN = t922 +- DirName:CN = t923 +- DirName:CN = t924 +- DirName:CN = t925 +- DirName:CN = t926 +- DirName:CN = t927 +- DirName:CN = t928 +- DirName:CN = t929 +- DirName:CN = t930 +- DirName:CN = t931 +- DirName:CN = t932 +- DirName:CN = t933 +- DirName:CN = t934 +- DirName:CN = t935 +- DirName:CN = t936 +- DirName:CN = t937 +- DirName:CN = t938 +- DirName:CN = t939 +- DirName:CN = t940 +- DirName:CN = t941 +- DirName:CN = t942 +- DirName:CN = t943 +- DirName:CN = t944 +- DirName:CN = t945 +- DirName:CN = t946 +- DirName:CN = t947 +- DirName:CN = t948 +- DirName:CN = t949 +- DirName:CN = t950 +- DirName:CN = t951 +- DirName:CN = t952 +- DirName:CN = t953 +- DirName:CN = t954 +- DirName:CN = t955 +- DirName:CN = t956 +- DirName:CN = t957 +- DirName:CN = t958 +- DirName:CN = t959 +- DirName:CN = t960 +- DirName:CN = t961 +- DirName:CN = t962 +- DirName:CN = t963 +- DirName:CN = t964 +- DirName:CN = t965 +- DirName:CN = t966 +- DirName:CN = t967 +- DirName:CN = t968 +- DirName:CN = t969 +- DirName:CN = t970 +- DirName:CN = t971 +- DirName:CN = t972 +- DirName:CN = t973 +- DirName:CN = t974 +- DirName:CN = t975 +- DirName:CN = t976 +- DirName:CN = t977 +- DirName:CN = t978 +- DirName:CN = t979 +- DirName:CN = t980 +- DirName:CN = t981 +- DirName:CN = t982 +- DirName:CN = t983 +- DirName:CN = t984 +- DirName:CN = t985 +- DirName:CN = t986 +- DirName:CN = t987 +- DirName:CN = t988 +- DirName:CN = t989 +- DirName:CN = t990 +- DirName:CN = t991 +- DirName:CN = t992 +- DirName:CN = t993 +- DirName:CN = t994 +- DirName:CN = t995 +- DirName:CN = t996 +- DirName:CN = t997 +- DirName:CN = t998 +- DirName:CN = t999 +- DirName:CN = t1000 +- DirName:CN = t1001 +- DirName:CN = t1002 +- DirName:CN = t1003 +- DirName:CN = t1004 +- DirName:CN = t1005 +- DirName:CN = t1006 +- DirName:CN = t1007 +- DirName:CN = t1008 +- DirName:CN = t1009 +- DirName:CN = t1010 +- DirName:CN = t1011 +- DirName:CN = t1012 +- DirName:CN = t1013 +- DirName:CN = t1014 +- DirName:CN = t1015 +- DirName:CN = t1016 +- DirName:CN = t1017 +- DirName:CN = t1018 +- DirName:CN = t1019 +- DirName:CN = t1020 +- DirName:CN = t1021 +- DirName:CN = t1022 +- DirName:CN = t1023 +- DirName:CN = t1024 +- URI:http://test/0 +- URI:http://test/1 +- URI:http://test/2 +- URI:http://test/3 +- URI:http://test/4 +- URI:http://test/5 +- URI:http://test/6 +- URI:http://test/7 +- URI:http://test/8 +- URI:http://test/9 +- URI:http://test/10 +- URI:http://test/11 +- URI:http://test/12 +- URI:http://test/13 +- URI:http://test/14 +- URI:http://test/15 +- URI:http://test/16 +- URI:http://test/17 +- URI:http://test/18 +- URI:http://test/19 +- URI:http://test/20 +- URI:http://test/21 +- URI:http://test/22 +- URI:http://test/23 +- URI:http://test/24 +- URI:http://test/25 +- URI:http://test/26 +- URI:http://test/27 +- URI:http://test/28 +- URI:http://test/29 +- URI:http://test/30 +- URI:http://test/31 +- URI:http://test/32 +- URI:http://test/33 +- URI:http://test/34 +- URI:http://test/35 +- URI:http://test/36 +- URI:http://test/37 +- URI:http://test/38 +- URI:http://test/39 +- URI:http://test/40 +- URI:http://test/41 +- URI:http://test/42 +- URI:http://test/43 +- URI:http://test/44 +- URI:http://test/45 +- URI:http://test/46 +- URI:http://test/47 +- URI:http://test/48 +- URI:http://test/49 +- URI:http://test/50 +- URI:http://test/51 +- URI:http://test/52 +- URI:http://test/53 +- URI:http://test/54 +- URI:http://test/55 +- URI:http://test/56 +- URI:http://test/57 +- URI:http://test/58 +- URI:http://test/59 +- URI:http://test/60 +- URI:http://test/61 +- URI:http://test/62 +- URI:http://test/63 +- URI:http://test/64 +- URI:http://test/65 +- URI:http://test/66 +- URI:http://test/67 +- URI:http://test/68 +- URI:http://test/69 +- URI:http://test/70 +- URI:http://test/71 +- URI:http://test/72 +- URI:http://test/73 +- URI:http://test/74 +- URI:http://test/75 +- URI:http://test/76 +- URI:http://test/77 +- URI:http://test/78 +- URI:http://test/79 +- URI:http://test/80 +- URI:http://test/81 +- URI:http://test/82 +- URI:http://test/83 +- URI:http://test/84 +- URI:http://test/85 +- URI:http://test/86 +- URI:http://test/87 +- URI:http://test/88 +- URI:http://test/89 +- URI:http://test/90 +- URI:http://test/91 +- URI:http://test/92 +- URI:http://test/93 +- URI:http://test/94 +- URI:http://test/95 +- URI:http://test/96 +- URI:http://test/97 +- URI:http://test/98 +- URI:http://test/99 +- URI:http://test/100 +- URI:http://test/101 +- URI:http://test/102 +- URI:http://test/103 +- URI:http://test/104 +- URI:http://test/105 +- URI:http://test/106 +- URI:http://test/107 +- URI:http://test/108 +- URI:http://test/109 +- URI:http://test/110 +- URI:http://test/111 +- URI:http://test/112 +- URI:http://test/113 +- URI:http://test/114 +- URI:http://test/115 +- URI:http://test/116 +- URI:http://test/117 +- URI:http://test/118 +- URI:http://test/119 +- URI:http://test/120 +- URI:http://test/121 +- URI:http://test/122 +- URI:http://test/123 +- URI:http://test/124 +- URI:http://test/125 +- URI:http://test/126 +- URI:http://test/127 +- URI:http://test/128 +- URI:http://test/129 +- URI:http://test/130 +- URI:http://test/131 +- URI:http://test/132 +- URI:http://test/133 +- URI:http://test/134 +- URI:http://test/135 +- URI:http://test/136 +- URI:http://test/137 +- URI:http://test/138 +- URI:http://test/139 +- URI:http://test/140 +- URI:http://test/141 +- URI:http://test/142 +- URI:http://test/143 +- URI:http://test/144 +- URI:http://test/145 +- URI:http://test/146 +- URI:http://test/147 +- URI:http://test/148 +- URI:http://test/149 +- URI:http://test/150 +- URI:http://test/151 +- URI:http://test/152 +- URI:http://test/153 +- URI:http://test/154 +- URI:http://test/155 +- URI:http://test/156 +- URI:http://test/157 +- URI:http://test/158 +- URI:http://test/159 +- URI:http://test/160 +- URI:http://test/161 +- URI:http://test/162 +- URI:http://test/163 +- URI:http://test/164 +- URI:http://test/165 +- URI:http://test/166 +- URI:http://test/167 +- URI:http://test/168 +- URI:http://test/169 +- URI:http://test/170 +- URI:http://test/171 +- URI:http://test/172 +- URI:http://test/173 +- URI:http://test/174 +- URI:http://test/175 +- URI:http://test/176 +- URI:http://test/177 +- URI:http://test/178 +- URI:http://test/179 +- URI:http://test/180 +- URI:http://test/181 +- URI:http://test/182 +- URI:http://test/183 +- URI:http://test/184 +- URI:http://test/185 +- URI:http://test/186 +- URI:http://test/187 +- URI:http://test/188 +- URI:http://test/189 +- URI:http://test/190 +- URI:http://test/191 +- URI:http://test/192 +- URI:http://test/193 +- URI:http://test/194 +- URI:http://test/195 +- URI:http://test/196 +- URI:http://test/197 +- URI:http://test/198 +- URI:http://test/199 +- URI:http://test/200 +- URI:http://test/201 +- URI:http://test/202 +- URI:http://test/203 +- URI:http://test/204 +- URI:http://test/205 +- URI:http://test/206 +- URI:http://test/207 +- URI:http://test/208 +- URI:http://test/209 +- URI:http://test/210 +- URI:http://test/211 +- URI:http://test/212 +- URI:http://test/213 +- URI:http://test/214 +- URI:http://test/215 +- URI:http://test/216 +- URI:http://test/217 +- URI:http://test/218 +- URI:http://test/219 +- URI:http://test/220 +- URI:http://test/221 +- URI:http://test/222 +- URI:http://test/223 +- URI:http://test/224 +- URI:http://test/225 +- URI:http://test/226 +- URI:http://test/227 +- URI:http://test/228 +- URI:http://test/229 +- URI:http://test/230 +- URI:http://test/231 +- URI:http://test/232 +- URI:http://test/233 +- URI:http://test/234 +- URI:http://test/235 +- URI:http://test/236 +- URI:http://test/237 +- URI:http://test/238 +- URI:http://test/239 +- URI:http://test/240 +- URI:http://test/241 +- URI:http://test/242 +- URI:http://test/243 +- URI:http://test/244 +- URI:http://test/245 +- URI:http://test/246 +- URI:http://test/247 +- URI:http://test/248 +- URI:http://test/249 +- URI:http://test/250 +- URI:http://test/251 +- URI:http://test/252 +- URI:http://test/253 +- URI:http://test/254 +- URI:http://test/255 +- URI:http://test/256 +- URI:http://test/257 +- URI:http://test/258 +- URI:http://test/259 +- URI:http://test/260 +- URI:http://test/261 +- URI:http://test/262 +- URI:http://test/263 +- URI:http://test/264 +- URI:http://test/265 +- URI:http://test/266 +- URI:http://test/267 +- URI:http://test/268 +- URI:http://test/269 +- URI:http://test/270 +- URI:http://test/271 +- URI:http://test/272 +- URI:http://test/273 +- URI:http://test/274 +- URI:http://test/275 +- URI:http://test/276 +- URI:http://test/277 +- URI:http://test/278 +- URI:http://test/279 +- URI:http://test/280 +- URI:http://test/281 +- URI:http://test/282 +- URI:http://test/283 +- URI:http://test/284 +- URI:http://test/285 +- URI:http://test/286 +- URI:http://test/287 +- URI:http://test/288 +- URI:http://test/289 +- URI:http://test/290 +- URI:http://test/291 +- URI:http://test/292 +- URI:http://test/293 +- URI:http://test/294 +- URI:http://test/295 +- URI:http://test/296 +- URI:http://test/297 +- URI:http://test/298 +- URI:http://test/299 +- URI:http://test/300 +- URI:http://test/301 +- URI:http://test/302 +- URI:http://test/303 +- URI:http://test/304 +- URI:http://test/305 +- URI:http://test/306 +- URI:http://test/307 +- URI:http://test/308 +- URI:http://test/309 +- URI:http://test/310 +- URI:http://test/311 +- URI:http://test/312 +- URI:http://test/313 +- URI:http://test/314 +- URI:http://test/315 +- URI:http://test/316 +- URI:http://test/317 +- URI:http://test/318 +- URI:http://test/319 +- URI:http://test/320 +- URI:http://test/321 +- URI:http://test/322 +- URI:http://test/323 +- URI:http://test/324 +- URI:http://test/325 +- URI:http://test/326 +- URI:http://test/327 +- URI:http://test/328 +- URI:http://test/329 +- URI:http://test/330 +- URI:http://test/331 +- URI:http://test/332 +- URI:http://test/333 +- URI:http://test/334 +- URI:http://test/335 +- URI:http://test/336 +- URI:http://test/337 +- URI:http://test/338 +- URI:http://test/339 +- URI:http://test/340 +- URI:http://test/341 +- URI:http://test/342 +- URI:http://test/343 +- URI:http://test/344 +- URI:http://test/345 +- URI:http://test/346 +- URI:http://test/347 +- URI:http://test/348 +- URI:http://test/349 +- URI:http://test/350 +- URI:http://test/351 +- URI:http://test/352 +- URI:http://test/353 +- URI:http://test/354 +- URI:http://test/355 +- URI:http://test/356 +- URI:http://test/357 +- URI:http://test/358 +- URI:http://test/359 +- URI:http://test/360 +- URI:http://test/361 +- URI:http://test/362 +- URI:http://test/363 +- URI:http://test/364 +- URI:http://test/365 +- URI:http://test/366 +- URI:http://test/367 +- URI:http://test/368 +- URI:http://test/369 +- URI:http://test/370 +- URI:http://test/371 +- URI:http://test/372 +- URI:http://test/373 +- URI:http://test/374 +- URI:http://test/375 +- URI:http://test/376 +- URI:http://test/377 +- URI:http://test/378 +- URI:http://test/379 +- URI:http://test/380 +- URI:http://test/381 +- URI:http://test/382 +- URI:http://test/383 +- URI:http://test/384 +- URI:http://test/385 +- URI:http://test/386 +- URI:http://test/387 +- URI:http://test/388 +- URI:http://test/389 +- URI:http://test/390 +- URI:http://test/391 +- URI:http://test/392 +- URI:http://test/393 +- URI:http://test/394 +- URI:http://test/395 +- URI:http://test/396 +- URI:http://test/397 +- URI:http://test/398 +- URI:http://test/399 +- URI:http://test/400 +- URI:http://test/401 +- URI:http://test/402 +- URI:http://test/403 +- URI:http://test/404 +- URI:http://test/405 +- URI:http://test/406 +- URI:http://test/407 +- URI:http://test/408 +- URI:http://test/409 +- URI:http://test/410 +- URI:http://test/411 +- URI:http://test/412 +- URI:http://test/413 +- URI:http://test/414 +- URI:http://test/415 +- URI:http://test/416 +- URI:http://test/417 +- URI:http://test/418 +- URI:http://test/419 +- URI:http://test/420 +- URI:http://test/421 +- URI:http://test/422 +- URI:http://test/423 +- URI:http://test/424 +- URI:http://test/425 +- URI:http://test/426 +- URI:http://test/427 +- URI:http://test/428 +- URI:http://test/429 +- URI:http://test/430 +- URI:http://test/431 +- URI:http://test/432 +- URI:http://test/433 +- URI:http://test/434 +- URI:http://test/435 +- URI:http://test/436 +- URI:http://test/437 +- URI:http://test/438 +- URI:http://test/439 +- URI:http://test/440 +- URI:http://test/441 +- URI:http://test/442 +- URI:http://test/443 +- URI:http://test/444 +- URI:http://test/445 +- URI:http://test/446 +- URI:http://test/447 +- URI:http://test/448 +- URI:http://test/449 +- URI:http://test/450 +- URI:http://test/451 +- URI:http://test/452 +- URI:http://test/453 +- URI:http://test/454 +- URI:http://test/455 +- URI:http://test/456 +- URI:http://test/457 +- URI:http://test/458 +- URI:http://test/459 +- URI:http://test/460 +- URI:http://test/461 +- URI:http://test/462 +- URI:http://test/463 +- URI:http://test/464 +- URI:http://test/465 +- URI:http://test/466 +- URI:http://test/467 +- URI:http://test/468 +- URI:http://test/469 +- URI:http://test/470 +- URI:http://test/471 +- URI:http://test/472 +- URI:http://test/473 +- URI:http://test/474 +- URI:http://test/475 +- URI:http://test/476 +- URI:http://test/477 +- URI:http://test/478 +- URI:http://test/479 +- URI:http://test/480 +- URI:http://test/481 +- URI:http://test/482 +- URI:http://test/483 +- URI:http://test/484 +- URI:http://test/485 +- URI:http://test/486 +- URI:http://test/487 +- URI:http://test/488 +- URI:http://test/489 +- URI:http://test/490 +- URI:http://test/491 +- URI:http://test/492 +- URI:http://test/493 +- URI:http://test/494 +- URI:http://test/495 +- URI:http://test/496 +- URI:http://test/497 +- URI:http://test/498 +- URI:http://test/499 +- URI:http://test/500 +- URI:http://test/501 +- URI:http://test/502 +- URI:http://test/503 +- URI:http://test/504 +- URI:http://test/505 +- URI:http://test/506 +- URI:http://test/507 +- URI:http://test/508 +- URI:http://test/509 +- URI:http://test/510 +- URI:http://test/511 +- URI:http://test/512 +- URI:http://test/513 +- URI:http://test/514 +- URI:http://test/515 +- URI:http://test/516 +- URI:http://test/517 +- URI:http://test/518 +- URI:http://test/519 +- URI:http://test/520 +- URI:http://test/521 +- URI:http://test/522 +- URI:http://test/523 +- URI:http://test/524 +- URI:http://test/525 +- URI:http://test/526 +- URI:http://test/527 +- URI:http://test/528 +- URI:http://test/529 +- URI:http://test/530 +- URI:http://test/531 +- URI:http://test/532 +- URI:http://test/533 +- URI:http://test/534 +- URI:http://test/535 +- URI:http://test/536 +- URI:http://test/537 +- URI:http://test/538 +- URI:http://test/539 +- URI:http://test/540 +- URI:http://test/541 +- URI:http://test/542 +- URI:http://test/543 +- URI:http://test/544 +- URI:http://test/545 +- URI:http://test/546 +- URI:http://test/547 +- URI:http://test/548 +- URI:http://test/549 +- URI:http://test/550 +- URI:http://test/551 +- URI:http://test/552 +- URI:http://test/553 +- URI:http://test/554 +- URI:http://test/555 +- URI:http://test/556 +- URI:http://test/557 +- URI:http://test/558 +- URI:http://test/559 +- URI:http://test/560 +- URI:http://test/561 +- URI:http://test/562 +- URI:http://test/563 +- URI:http://test/564 +- URI:http://test/565 +- URI:http://test/566 +- URI:http://test/567 +- URI:http://test/568 +- URI:http://test/569 +- URI:http://test/570 +- URI:http://test/571 +- URI:http://test/572 +- URI:http://test/573 +- URI:http://test/574 +- URI:http://test/575 +- URI:http://test/576 +- URI:http://test/577 +- URI:http://test/578 +- URI:http://test/579 +- URI:http://test/580 +- URI:http://test/581 +- URI:http://test/582 +- URI:http://test/583 +- URI:http://test/584 +- URI:http://test/585 +- URI:http://test/586 +- URI:http://test/587 +- URI:http://test/588 +- URI:http://test/589 +- URI:http://test/590 +- URI:http://test/591 +- URI:http://test/592 +- URI:http://test/593 +- URI:http://test/594 +- URI:http://test/595 +- URI:http://test/596 +- URI:http://test/597 +- URI:http://test/598 +- URI:http://test/599 +- URI:http://test/600 +- URI:http://test/601 +- URI:http://test/602 +- URI:http://test/603 +- URI:http://test/604 +- URI:http://test/605 +- URI:http://test/606 +- URI:http://test/607 +- URI:http://test/608 +- URI:http://test/609 +- URI:http://test/610 +- URI:http://test/611 +- URI:http://test/612 +- URI:http://test/613 +- URI:http://test/614 +- URI:http://test/615 +- URI:http://test/616 +- URI:http://test/617 +- URI:http://test/618 +- URI:http://test/619 +- URI:http://test/620 +- URI:http://test/621 +- URI:http://test/622 +- URI:http://test/623 +- URI:http://test/624 +- URI:http://test/625 +- URI:http://test/626 +- URI:http://test/627 +- URI:http://test/628 +- URI:http://test/629 +- URI:http://test/630 +- URI:http://test/631 +- URI:http://test/632 +- URI:http://test/633 +- URI:http://test/634 +- URI:http://test/635 +- URI:http://test/636 +- URI:http://test/637 +- URI:http://test/638 +- URI:http://test/639 +- URI:http://test/640 +- URI:http://test/641 +- URI:http://test/642 +- URI:http://test/643 +- URI:http://test/644 +- URI:http://test/645 +- URI:http://test/646 +- URI:http://test/647 +- URI:http://test/648 +- URI:http://test/649 +- URI:http://test/650 +- URI:http://test/651 +- URI:http://test/652 +- URI:http://test/653 +- URI:http://test/654 +- URI:http://test/655 +- URI:http://test/656 +- URI:http://test/657 +- URI:http://test/658 +- URI:http://test/659 +- URI:http://test/660 +- URI:http://test/661 +- URI:http://test/662 +- URI:http://test/663 +- URI:http://test/664 +- URI:http://test/665 +- URI:http://test/666 +- URI:http://test/667 +- URI:http://test/668 +- URI:http://test/669 +- URI:http://test/670 +- URI:http://test/671 +- URI:http://test/672 +- URI:http://test/673 +- URI:http://test/674 +- URI:http://test/675 +- URI:http://test/676 +- URI:http://test/677 +- URI:http://test/678 +- URI:http://test/679 +- URI:http://test/680 +- URI:http://test/681 +- URI:http://test/682 +- URI:http://test/683 +- URI:http://test/684 +- URI:http://test/685 +- URI:http://test/686 +- URI:http://test/687 +- URI:http://test/688 +- URI:http://test/689 +- URI:http://test/690 +- URI:http://test/691 +- URI:http://test/692 +- URI:http://test/693 +- URI:http://test/694 +- URI:http://test/695 +- URI:http://test/696 +- URI:http://test/697 +- URI:http://test/698 +- URI:http://test/699 +- URI:http://test/700 +- URI:http://test/701 +- URI:http://test/702 +- URI:http://test/703 +- URI:http://test/704 +- URI:http://test/705 +- URI:http://test/706 +- URI:http://test/707 +- URI:http://test/708 +- URI:http://test/709 +- URI:http://test/710 +- URI:http://test/711 +- URI:http://test/712 +- URI:http://test/713 +- URI:http://test/714 +- URI:http://test/715 +- URI:http://test/716 +- URI:http://test/717 +- URI:http://test/718 +- URI:http://test/719 +- URI:http://test/720 +- URI:http://test/721 +- URI:http://test/722 +- URI:http://test/723 +- URI:http://test/724 +- URI:http://test/725 +- URI:http://test/726 +- URI:http://test/727 +- URI:http://test/728 +- URI:http://test/729 +- URI:http://test/730 +- URI:http://test/731 +- URI:http://test/732 +- URI:http://test/733 +- URI:http://test/734 +- URI:http://test/735 +- URI:http://test/736 +- URI:http://test/737 +- URI:http://test/738 +- URI:http://test/739 +- URI:http://test/740 +- URI:http://test/741 +- URI:http://test/742 +- URI:http://test/743 +- URI:http://test/744 +- URI:http://test/745 +- URI:http://test/746 +- URI:http://test/747 +- URI:http://test/748 +- URI:http://test/749 +- URI:http://test/750 +- URI:http://test/751 +- URI:http://test/752 +- URI:http://test/753 +- URI:http://test/754 +- URI:http://test/755 +- URI:http://test/756 +- URI:http://test/757 +- URI:http://test/758 +- URI:http://test/759 +- URI:http://test/760 +- URI:http://test/761 +- URI:http://test/762 +- URI:http://test/763 +- URI:http://test/764 +- URI:http://test/765 +- URI:http://test/766 +- URI:http://test/767 +- URI:http://test/768 +- URI:http://test/769 +- URI:http://test/770 +- URI:http://test/771 +- URI:http://test/772 +- URI:http://test/773 +- URI:http://test/774 +- URI:http://test/775 +- URI:http://test/776 +- URI:http://test/777 +- URI:http://test/778 +- URI:http://test/779 +- URI:http://test/780 +- URI:http://test/781 +- URI:http://test/782 +- URI:http://test/783 +- URI:http://test/784 +- URI:http://test/785 +- URI:http://test/786 +- URI:http://test/787 +- URI:http://test/788 +- URI:http://test/789 +- URI:http://test/790 +- URI:http://test/791 +- URI:http://test/792 +- URI:http://test/793 +- URI:http://test/794 +- URI:http://test/795 +- URI:http://test/796 +- URI:http://test/797 +- URI:http://test/798 +- URI:http://test/799 +- URI:http://test/800 +- URI:http://test/801 +- URI:http://test/802 +- URI:http://test/803 +- URI:http://test/804 +- URI:http://test/805 +- URI:http://test/806 +- URI:http://test/807 +- URI:http://test/808 +- URI:http://test/809 +- URI:http://test/810 +- URI:http://test/811 +- URI:http://test/812 +- URI:http://test/813 +- URI:http://test/814 +- URI:http://test/815 +- URI:http://test/816 +- URI:http://test/817 +- URI:http://test/818 +- URI:http://test/819 +- URI:http://test/820 +- URI:http://test/821 +- URI:http://test/822 +- URI:http://test/823 +- URI:http://test/824 +- URI:http://test/825 +- URI:http://test/826 +- URI:http://test/827 +- URI:http://test/828 +- URI:http://test/829 +- URI:http://test/830 +- URI:http://test/831 +- URI:http://test/832 +- URI:http://test/833 +- URI:http://test/834 +- URI:http://test/835 +- URI:http://test/836 +- URI:http://test/837 +- URI:http://test/838 +- URI:http://test/839 +- URI:http://test/840 +- URI:http://test/841 +- URI:http://test/842 +- URI:http://test/843 +- URI:http://test/844 +- URI:http://test/845 +- URI:http://test/846 +- URI:http://test/847 +- URI:http://test/848 +- URI:http://test/849 +- URI:http://test/850 +- URI:http://test/851 +- URI:http://test/852 +- URI:http://test/853 +- URI:http://test/854 +- URI:http://test/855 +- URI:http://test/856 +- URI:http://test/857 +- URI:http://test/858 +- URI:http://test/859 +- URI:http://test/860 +- URI:http://test/861 +- URI:http://test/862 +- URI:http://test/863 +- URI:http://test/864 +- URI:http://test/865 +- URI:http://test/866 +- URI:http://test/867 +- URI:http://test/868 +- URI:http://test/869 +- URI:http://test/870 +- URI:http://test/871 +- URI:http://test/872 +- URI:http://test/873 +- URI:http://test/874 +- URI:http://test/875 +- URI:http://test/876 +- URI:http://test/877 +- URI:http://test/878 +- URI:http://test/879 +- URI:http://test/880 +- URI:http://test/881 +- URI:http://test/882 +- URI:http://test/883 +- URI:http://test/884 +- URI:http://test/885 +- URI:http://test/886 +- URI:http://test/887 +- URI:http://test/888 +- URI:http://test/889 +- URI:http://test/890 +- URI:http://test/891 +- URI:http://test/892 +- URI:http://test/893 +- URI:http://test/894 +- URI:http://test/895 +- URI:http://test/896 +- URI:http://test/897 +- URI:http://test/898 +- URI:http://test/899 +- URI:http://test/900 +- URI:http://test/901 +- URI:http://test/902 +- URI:http://test/903 +- URI:http://test/904 +- URI:http://test/905 +- URI:http://test/906 +- URI:http://test/907 +- URI:http://test/908 +- URI:http://test/909 +- URI:http://test/910 +- URI:http://test/911 +- URI:http://test/912 +- URI:http://test/913 +- URI:http://test/914 +- URI:http://test/915 +- URI:http://test/916 +- URI:http://test/917 +- URI:http://test/918 +- URI:http://test/919 +- URI:http://test/920 +- URI:http://test/921 +- URI:http://test/922 +- URI:http://test/923 +- URI:http://test/924 +- URI:http://test/925 +- URI:http://test/926 +- URI:http://test/927 +- URI:http://test/928 +- URI:http://test/929 +- URI:http://test/930 +- URI:http://test/931 +- URI:http://test/932 +- URI:http://test/933 +- URI:http://test/934 +- URI:http://test/935 +- URI:http://test/936 +- URI:http://test/937 +- URI:http://test/938 +- URI:http://test/939 +- URI:http://test/940 +- URI:http://test/941 +- URI:http://test/942 +- URI:http://test/943 +- URI:http://test/944 +- URI:http://test/945 +- URI:http://test/946 +- URI:http://test/947 +- URI:http://test/948 +- URI:http://test/949 +- URI:http://test/950 +- URI:http://test/951 +- URI:http://test/952 +- URI:http://test/953 +- URI:http://test/954 +- URI:http://test/955 +- URI:http://test/956 +- URI:http://test/957 +- URI:http://test/958 +- URI:http://test/959 +- URI:http://test/960 +- URI:http://test/961 +- URI:http://test/962 +- URI:http://test/963 +- URI:http://test/964 +- URI:http://test/965 +- URI:http://test/966 +- URI:http://test/967 +- URI:http://test/968 +- URI:http://test/969 +- URI:http://test/970 +- URI:http://test/971 +- URI:http://test/972 +- URI:http://test/973 +- URI:http://test/974 +- URI:http://test/975 +- URI:http://test/976 +- URI:http://test/977 +- URI:http://test/978 +- URI:http://test/979 +- URI:http://test/980 +- URI:http://test/981 +- URI:http://test/982 +- URI:http://test/983 +- URI:http://test/984 +- URI:http://test/985 +- URI:http://test/986 +- URI:http://test/987 +- URI:http://test/988 +- URI:http://test/989 +- URI:http://test/990 +- URI:http://test/991 +- URI:http://test/992 +- URI:http://test/993 +- URI:http://test/994 +- URI:http://test/995 +- URI:http://test/996 +- URI:http://test/997 +- URI:http://test/998 +- URI:http://test/999 +- URI:http://test/1000 +- URI:http://test/1001 +- URI:http://test/1002 +- URI:http://test/1003 +- URI:http://test/1004 +- URI:http://test/1005 +- URI:http://test/1006 +- URI:http://test/1007 +- URI:http://test/1008 +- URI:http://test/1009 +- URI:http://test/1010 +- URI:http://test/1011 +- URI:http://test/1012 +- URI:http://test/1013 +- URI:http://test/1014 +- URI:http://test/1015 +- URI:http://test/1016 +- URI:http://test/1017 +- URI:http://test/1018 +- URI:http://test/1019 +- URI:http://test/1020 +- URI:http://test/1021 +- URI:http://test/1022 +- URI:http://test/1023 +- URI:http://test/1024 +- Excluded: +- DNS:x0.test +- DNS:x1.test +- DNS:x2.test +- DNS:x3.test +- DNS:x4.test +- DNS:x5.test +- DNS:x6.test +- DNS:x7.test +- DNS:x8.test +- DNS:x9.test +- DNS:x10.test +- DNS:x11.test +- DNS:x12.test +- DNS:x13.test +- DNS:x14.test +- DNS:x15.test +- DNS:x16.test +- DNS:x17.test +- DNS:x18.test +- DNS:x19.test +- DNS:x20.test +- DNS:x21.test +- DNS:x22.test +- DNS:x23.test +- DNS:x24.test +- DNS:x25.test +- DNS:x26.test +- DNS:x27.test +- DNS:x28.test +- DNS:x29.test +- DNS:x30.test +- DNS:x31.test +- DNS:x32.test +- DNS:x33.test +- DNS:x34.test +- DNS:x35.test +- DNS:x36.test +- DNS:x37.test +- DNS:x38.test +- DNS:x39.test +- DNS:x40.test +- DNS:x41.test +- DNS:x42.test +- DNS:x43.test +- DNS:x44.test +- DNS:x45.test +- DNS:x46.test +- DNS:x47.test +- DNS:x48.test +- DNS:x49.test +- DNS:x50.test +- DNS:x51.test +- DNS:x52.test +- DNS:x53.test +- DNS:x54.test +- DNS:x55.test +- DNS:x56.test +- DNS:x57.test +- DNS:x58.test +- DNS:x59.test +- DNS:x60.test +- DNS:x61.test +- DNS:x62.test +- DNS:x63.test +- DNS:x64.test +- DNS:x65.test +- DNS:x66.test +- DNS:x67.test +- DNS:x68.test +- DNS:x69.test +- DNS:x70.test +- DNS:x71.test +- DNS:x72.test +- DNS:x73.test +- DNS:x74.test +- DNS:x75.test +- DNS:x76.test +- DNS:x77.test +- DNS:x78.test +- DNS:x79.test +- DNS:x80.test +- DNS:x81.test +- DNS:x82.test +- DNS:x83.test +- DNS:x84.test +- DNS:x85.test +- DNS:x86.test +- DNS:x87.test +- DNS:x88.test +- DNS:x89.test +- DNS:x90.test +- DNS:x91.test +- DNS:x92.test +- DNS:x93.test +- DNS:x94.test +- DNS:x95.test +- DNS:x96.test +- DNS:x97.test +- DNS:x98.test +- DNS:x99.test +- DNS:x100.test +- DNS:x101.test +- DNS:x102.test +- DNS:x103.test +- DNS:x104.test +- DNS:x105.test +- DNS:x106.test +- DNS:x107.test +- DNS:x108.test +- DNS:x109.test +- DNS:x110.test +- DNS:x111.test +- DNS:x112.test +- DNS:x113.test +- DNS:x114.test +- DNS:x115.test +- DNS:x116.test +- DNS:x117.test +- DNS:x118.test +- DNS:x119.test +- DNS:x120.test +- DNS:x121.test +- DNS:x122.test +- DNS:x123.test +- DNS:x124.test +- DNS:x125.test +- DNS:x126.test +- DNS:x127.test +- DNS:x128.test +- DNS:x129.test +- DNS:x130.test +- DNS:x131.test +- DNS:x132.test +- DNS:x133.test +- DNS:x134.test +- DNS:x135.test +- DNS:x136.test +- DNS:x137.test +- DNS:x138.test +- DNS:x139.test +- DNS:x140.test +- DNS:x141.test +- DNS:x142.test +- DNS:x143.test +- DNS:x144.test +- DNS:x145.test +- DNS:x146.test +- DNS:x147.test +- DNS:x148.test +- DNS:x149.test +- DNS:x150.test +- DNS:x151.test +- DNS:x152.test +- DNS:x153.test +- DNS:x154.test +- DNS:x155.test +- DNS:x156.test +- DNS:x157.test +- DNS:x158.test +- DNS:x159.test +- DNS:x160.test +- DNS:x161.test +- DNS:x162.test +- DNS:x163.test +- DNS:x164.test +- DNS:x165.test +- DNS:x166.test +- DNS:x167.test +- DNS:x168.test +- DNS:x169.test +- DNS:x170.test +- DNS:x171.test +- DNS:x172.test +- DNS:x173.test +- DNS:x174.test +- DNS:x175.test +- DNS:x176.test +- DNS:x177.test +- DNS:x178.test +- DNS:x179.test +- DNS:x180.test +- DNS:x181.test +- DNS:x182.test +- DNS:x183.test +- DNS:x184.test +- DNS:x185.test +- DNS:x186.test +- DNS:x187.test +- DNS:x188.test +- DNS:x189.test +- DNS:x190.test +- DNS:x191.test +- DNS:x192.test +- DNS:x193.test +- DNS:x194.test +- DNS:x195.test +- DNS:x196.test +- DNS:x197.test +- DNS:x198.test +- DNS:x199.test +- DNS:x200.test +- DNS:x201.test +- DNS:x202.test +- DNS:x203.test +- DNS:x204.test +- DNS:x205.test +- DNS:x206.test +- DNS:x207.test +- DNS:x208.test +- DNS:x209.test +- DNS:x210.test +- DNS:x211.test +- DNS:x212.test +- DNS:x213.test +- DNS:x214.test +- DNS:x215.test +- DNS:x216.test +- DNS:x217.test +- DNS:x218.test +- DNS:x219.test +- DNS:x220.test +- DNS:x221.test +- DNS:x222.test +- DNS:x223.test +- DNS:x224.test +- DNS:x225.test +- DNS:x226.test +- DNS:x227.test +- DNS:x228.test +- DNS:x229.test +- DNS:x230.test +- DNS:x231.test +- DNS:x232.test +- DNS:x233.test +- DNS:x234.test +- DNS:x235.test +- DNS:x236.test +- DNS:x237.test +- DNS:x238.test +- DNS:x239.test +- DNS:x240.test +- DNS:x241.test +- DNS:x242.test +- DNS:x243.test +- DNS:x244.test +- DNS:x245.test +- DNS:x246.test +- DNS:x247.test +- DNS:x248.test +- DNS:x249.test +- DNS:x250.test +- DNS:x251.test +- DNS:x252.test +- DNS:x253.test +- DNS:x254.test +- DNS:x255.test +- DNS:x256.test +- DNS:x257.test +- DNS:x258.test +- DNS:x259.test +- DNS:x260.test +- DNS:x261.test +- DNS:x262.test +- DNS:x263.test +- DNS:x264.test +- DNS:x265.test +- DNS:x266.test +- DNS:x267.test +- DNS:x268.test +- DNS:x269.test +- DNS:x270.test +- DNS:x271.test +- DNS:x272.test +- DNS:x273.test +- DNS:x274.test +- DNS:x275.test +- DNS:x276.test +- DNS:x277.test +- DNS:x278.test +- DNS:x279.test +- DNS:x280.test +- DNS:x281.test +- DNS:x282.test +- DNS:x283.test +- DNS:x284.test +- DNS:x285.test +- DNS:x286.test +- DNS:x287.test +- DNS:x288.test +- DNS:x289.test +- DNS:x290.test +- DNS:x291.test +- DNS:x292.test +- DNS:x293.test +- DNS:x294.test +- DNS:x295.test +- DNS:x296.test +- DNS:x297.test +- DNS:x298.test +- DNS:x299.test +- DNS:x300.test +- DNS:x301.test +- DNS:x302.test +- DNS:x303.test +- DNS:x304.test +- DNS:x305.test +- DNS:x306.test +- DNS:x307.test +- DNS:x308.test +- DNS:x309.test +- DNS:x310.test +- DNS:x311.test +- DNS:x312.test +- DNS:x313.test +- DNS:x314.test +- DNS:x315.test +- DNS:x316.test +- DNS:x317.test +- DNS:x318.test +- DNS:x319.test +- DNS:x320.test +- DNS:x321.test +- DNS:x322.test +- DNS:x323.test +- DNS:x324.test +- DNS:x325.test +- DNS:x326.test +- DNS:x327.test +- DNS:x328.test +- DNS:x329.test +- DNS:x330.test +- DNS:x331.test +- DNS:x332.test +- DNS:x333.test +- DNS:x334.test +- DNS:x335.test +- DNS:x336.test +- DNS:x337.test +- DNS:x338.test +- DNS:x339.test +- DNS:x340.test +- DNS:x341.test +- DNS:x342.test +- DNS:x343.test +- DNS:x344.test +- DNS:x345.test +- DNS:x346.test +- DNS:x347.test +- DNS:x348.test +- DNS:x349.test +- DNS:x350.test +- DNS:x351.test +- DNS:x352.test +- DNS:x353.test +- DNS:x354.test +- DNS:x355.test +- DNS:x356.test +- DNS:x357.test +- DNS:x358.test +- DNS:x359.test +- DNS:x360.test +- DNS:x361.test +- DNS:x362.test +- DNS:x363.test +- DNS:x364.test +- DNS:x365.test +- DNS:x366.test +- DNS:x367.test +- DNS:x368.test +- DNS:x369.test +- DNS:x370.test +- DNS:x371.test +- DNS:x372.test +- DNS:x373.test +- DNS:x374.test +- DNS:x375.test +- DNS:x376.test +- DNS:x377.test +- DNS:x378.test +- DNS:x379.test +- DNS:x380.test +- DNS:x381.test +- DNS:x382.test +- DNS:x383.test +- DNS:x384.test +- DNS:x385.test +- DNS:x386.test +- DNS:x387.test +- DNS:x388.test +- DNS:x389.test +- DNS:x390.test +- DNS:x391.test +- DNS:x392.test +- DNS:x393.test +- DNS:x394.test +- DNS:x395.test +- DNS:x396.test +- DNS:x397.test +- DNS:x398.test +- DNS:x399.test +- DNS:x400.test +- DNS:x401.test +- DNS:x402.test +- DNS:x403.test +- DNS:x404.test +- DNS:x405.test +- DNS:x406.test +- DNS:x407.test +- DNS:x408.test +- DNS:x409.test +- DNS:x410.test +- DNS:x411.test +- DNS:x412.test +- DNS:x413.test +- DNS:x414.test +- DNS:x415.test +- DNS:x416.test +- DNS:x417.test +- DNS:x418.test +- DNS:x419.test +- DNS:x420.test +- DNS:x421.test +- DNS:x422.test +- DNS:x423.test +- DNS:x424.test +- DNS:x425.test +- DNS:x426.test +- DNS:x427.test +- DNS:x428.test +- DNS:x429.test +- DNS:x430.test +- DNS:x431.test +- DNS:x432.test +- DNS:x433.test +- DNS:x434.test +- DNS:x435.test +- DNS:x436.test +- DNS:x437.test +- DNS:x438.test +- DNS:x439.test +- DNS:x440.test +- DNS:x441.test +- DNS:x442.test +- DNS:x443.test +- DNS:x444.test +- DNS:x445.test +- DNS:x446.test +- DNS:x447.test +- DNS:x448.test +- DNS:x449.test +- DNS:x450.test +- DNS:x451.test +- DNS:x452.test +- DNS:x453.test +- DNS:x454.test +- DNS:x455.test +- DNS:x456.test +- DNS:x457.test +- DNS:x458.test +- DNS:x459.test +- DNS:x460.test +- DNS:x461.test +- DNS:x462.test +- DNS:x463.test +- DNS:x464.test +- DNS:x465.test +- DNS:x466.test +- DNS:x467.test +- DNS:x468.test +- DNS:x469.test +- DNS:x470.test +- DNS:x471.test +- DNS:x472.test +- DNS:x473.test +- DNS:x474.test +- DNS:x475.test +- DNS:x476.test +- DNS:x477.test +- DNS:x478.test +- DNS:x479.test +- DNS:x480.test +- DNS:x481.test +- DNS:x482.test +- DNS:x483.test +- DNS:x484.test +- DNS:x485.test +- DNS:x486.test +- DNS:x487.test +- DNS:x488.test +- DNS:x489.test +- DNS:x490.test +- DNS:x491.test +- DNS:x492.test +- DNS:x493.test +- DNS:x494.test +- DNS:x495.test +- DNS:x496.test +- DNS:x497.test +- DNS:x498.test +- DNS:x499.test +- DNS:x500.test +- DNS:x501.test +- DNS:x502.test +- DNS:x503.test +- DNS:x504.test +- DNS:x505.test +- DNS:x506.test +- DNS:x507.test +- DNS:x508.test +- DNS:x509.test +- DNS:x510.test +- DNS:x511.test +- DNS:x512.test +- DNS:x513.test +- DNS:x514.test +- DNS:x515.test +- DNS:x516.test +- DNS:x517.test +- DNS:x518.test +- DNS:x519.test +- DNS:x520.test +- DNS:x521.test +- DNS:x522.test +- DNS:x523.test +- DNS:x524.test +- DNS:x525.test +- DNS:x526.test +- DNS:x527.test +- DNS:x528.test +- DNS:x529.test +- DNS:x530.test +- DNS:x531.test +- DNS:x532.test +- DNS:x533.test +- DNS:x534.test +- DNS:x535.test +- DNS:x536.test +- DNS:x537.test +- DNS:x538.test +- DNS:x539.test +- DNS:x540.test +- DNS:x541.test +- DNS:x542.test +- DNS:x543.test +- DNS:x544.test +- DNS:x545.test +- DNS:x546.test +- DNS:x547.test +- DNS:x548.test +- DNS:x549.test +- DNS:x550.test +- DNS:x551.test +- DNS:x552.test +- DNS:x553.test +- DNS:x554.test +- DNS:x555.test +- DNS:x556.test +- DNS:x557.test +- DNS:x558.test +- DNS:x559.test +- DNS:x560.test +- DNS:x561.test +- DNS:x562.test +- DNS:x563.test +- DNS:x564.test +- DNS:x565.test +- DNS:x566.test +- DNS:x567.test +- DNS:x568.test +- DNS:x569.test +- DNS:x570.test +- DNS:x571.test +- DNS:x572.test +- DNS:x573.test +- DNS:x574.test +- DNS:x575.test +- DNS:x576.test +- DNS:x577.test +- DNS:x578.test +- DNS:x579.test +- DNS:x580.test +- DNS:x581.test +- DNS:x582.test +- DNS:x583.test +- DNS:x584.test +- DNS:x585.test +- DNS:x586.test +- DNS:x587.test +- DNS:x588.test +- DNS:x589.test +- DNS:x590.test +- DNS:x591.test +- DNS:x592.test +- DNS:x593.test +- DNS:x594.test +- DNS:x595.test +- DNS:x596.test +- DNS:x597.test +- DNS:x598.test +- DNS:x599.test +- DNS:x600.test +- DNS:x601.test +- DNS:x602.test +- DNS:x603.test +- DNS:x604.test +- DNS:x605.test +- DNS:x606.test +- DNS:x607.test +- DNS:x608.test +- DNS:x609.test +- DNS:x610.test +- DNS:x611.test +- DNS:x612.test +- DNS:x613.test +- DNS:x614.test +- DNS:x615.test +- DNS:x616.test +- DNS:x617.test +- DNS:x618.test +- DNS:x619.test +- DNS:x620.test +- DNS:x621.test +- DNS:x622.test +- DNS:x623.test +- DNS:x624.test +- DNS:x625.test +- DNS:x626.test +- DNS:x627.test +- DNS:x628.test +- DNS:x629.test +- DNS:x630.test +- DNS:x631.test +- DNS:x632.test +- DNS:x633.test +- DNS:x634.test +- DNS:x635.test +- DNS:x636.test +- DNS:x637.test +- DNS:x638.test +- DNS:x639.test +- DNS:x640.test +- DNS:x641.test +- DNS:x642.test +- DNS:x643.test +- DNS:x644.test +- DNS:x645.test +- DNS:x646.test +- DNS:x647.test +- DNS:x648.test +- DNS:x649.test +- DNS:x650.test +- DNS:x651.test +- DNS:x652.test +- DNS:x653.test +- DNS:x654.test +- DNS:x655.test +- DNS:x656.test +- DNS:x657.test +- DNS:x658.test +- DNS:x659.test +- DNS:x660.test +- DNS:x661.test +- DNS:x662.test +- DNS:x663.test +- DNS:x664.test +- DNS:x665.test +- DNS:x666.test +- DNS:x667.test +- DNS:x668.test +- DNS:x669.test +- DNS:x670.test +- DNS:x671.test +- DNS:x672.test +- DNS:x673.test +- DNS:x674.test +- DNS:x675.test +- DNS:x676.test +- DNS:x677.test +- DNS:x678.test +- DNS:x679.test +- DNS:x680.test +- DNS:x681.test +- DNS:x682.test +- DNS:x683.test +- DNS:x684.test +- DNS:x685.test +- DNS:x686.test +- DNS:x687.test +- DNS:x688.test +- DNS:x689.test +- DNS:x690.test +- DNS:x691.test +- DNS:x692.test +- DNS:x693.test +- DNS:x694.test +- DNS:x695.test +- DNS:x696.test +- DNS:x697.test +- DNS:x698.test +- DNS:x699.test +- DNS:x700.test +- DNS:x701.test +- DNS:x702.test +- DNS:x703.test +- DNS:x704.test +- DNS:x705.test +- DNS:x706.test +- DNS:x707.test +- DNS:x708.test +- DNS:x709.test +- DNS:x710.test +- DNS:x711.test +- DNS:x712.test +- DNS:x713.test +- DNS:x714.test +- DNS:x715.test +- DNS:x716.test +- DNS:x717.test +- DNS:x718.test +- DNS:x719.test +- DNS:x720.test +- DNS:x721.test +- DNS:x722.test +- DNS:x723.test +- DNS:x724.test +- DNS:x725.test +- DNS:x726.test +- DNS:x727.test +- DNS:x728.test +- DNS:x729.test +- DNS:x730.test +- DNS:x731.test +- DNS:x732.test +- DNS:x733.test +- DNS:x734.test +- DNS:x735.test +- DNS:x736.test +- DNS:x737.test +- DNS:x738.test +- DNS:x739.test +- DNS:x740.test +- DNS:x741.test +- DNS:x742.test +- DNS:x743.test +- DNS:x744.test +- DNS:x745.test +- DNS:x746.test +- DNS:x747.test +- DNS:x748.test +- DNS:x749.test +- DNS:x750.test +- DNS:x751.test +- DNS:x752.test +- DNS:x753.test +- DNS:x754.test +- DNS:x755.test +- DNS:x756.test +- DNS:x757.test +- DNS:x758.test +- DNS:x759.test +- DNS:x760.test +- DNS:x761.test +- DNS:x762.test +- DNS:x763.test +- DNS:x764.test +- DNS:x765.test +- DNS:x766.test +- DNS:x767.test +- DNS:x768.test +- DNS:x769.test +- DNS:x770.test +- DNS:x771.test +- DNS:x772.test +- DNS:x773.test +- DNS:x774.test +- DNS:x775.test +- DNS:x776.test +- DNS:x777.test +- DNS:x778.test +- DNS:x779.test +- DNS:x780.test +- DNS:x781.test +- DNS:x782.test +- DNS:x783.test +- DNS:x784.test +- DNS:x785.test +- DNS:x786.test +- DNS:x787.test +- DNS:x788.test +- DNS:x789.test +- DNS:x790.test +- DNS:x791.test +- DNS:x792.test +- DNS:x793.test +- DNS:x794.test +- DNS:x795.test +- DNS:x796.test +- DNS:x797.test +- DNS:x798.test +- DNS:x799.test +- DNS:x800.test +- DNS:x801.test +- DNS:x802.test +- DNS:x803.test +- DNS:x804.test +- DNS:x805.test +- DNS:x806.test +- DNS:x807.test +- DNS:x808.test +- DNS:x809.test +- DNS:x810.test +- DNS:x811.test +- DNS:x812.test +- DNS:x813.test +- DNS:x814.test +- DNS:x815.test +- DNS:x816.test +- DNS:x817.test +- DNS:x818.test +- DNS:x819.test +- DNS:x820.test +- DNS:x821.test +- DNS:x822.test +- DNS:x823.test +- DNS:x824.test +- DNS:x825.test +- DNS:x826.test +- DNS:x827.test +- DNS:x828.test +- DNS:x829.test +- DNS:x830.test +- DNS:x831.test +- DNS:x832.test +- DNS:x833.test +- DNS:x834.test +- DNS:x835.test +- DNS:x836.test +- DNS:x837.test +- DNS:x838.test +- DNS:x839.test +- DNS:x840.test +- DNS:x841.test +- DNS:x842.test +- DNS:x843.test +- DNS:x844.test +- DNS:x845.test +- DNS:x846.test +- DNS:x847.test +- DNS:x848.test +- DNS:x849.test +- DNS:x850.test +- DNS:x851.test +- DNS:x852.test +- DNS:x853.test +- DNS:x854.test +- DNS:x855.test +- DNS:x856.test +- DNS:x857.test +- DNS:x858.test +- DNS:x859.test +- DNS:x860.test +- DNS:x861.test +- DNS:x862.test +- DNS:x863.test +- DNS:x864.test +- DNS:x865.test +- DNS:x866.test +- DNS:x867.test +- DNS:x868.test +- DNS:x869.test +- DNS:x870.test +- DNS:x871.test +- DNS:x872.test +- DNS:x873.test +- DNS:x874.test +- DNS:x875.test +- DNS:x876.test +- DNS:x877.test +- DNS:x878.test +- DNS:x879.test +- DNS:x880.test +- DNS:x881.test +- DNS:x882.test +- DNS:x883.test +- DNS:x884.test +- DNS:x885.test +- DNS:x886.test +- DNS:x887.test +- DNS:x888.test +- DNS:x889.test +- DNS:x890.test +- DNS:x891.test +- DNS:x892.test +- DNS:x893.test +- DNS:x894.test +- DNS:x895.test +- DNS:x896.test +- DNS:x897.test +- DNS:x898.test +- DNS:x899.test +- DNS:x900.test +- DNS:x901.test +- DNS:x902.test +- DNS:x903.test +- DNS:x904.test +- DNS:x905.test +- DNS:x906.test +- DNS:x907.test +- DNS:x908.test +- DNS:x909.test +- DNS:x910.test +- DNS:x911.test +- DNS:x912.test +- DNS:x913.test +- DNS:x914.test +- DNS:x915.test +- DNS:x916.test +- DNS:x917.test +- DNS:x918.test +- DNS:x919.test +- DNS:x920.test +- DNS:x921.test +- DNS:x922.test +- DNS:x923.test +- DNS:x924.test +- DNS:x925.test +- DNS:x926.test +- DNS:x927.test +- DNS:x928.test +- DNS:x929.test +- DNS:x930.test +- DNS:x931.test +- DNS:x932.test +- DNS:x933.test +- DNS:x934.test +- DNS:x935.test +- DNS:x936.test +- DNS:x937.test +- DNS:x938.test +- DNS:x939.test +- DNS:x940.test +- DNS:x941.test +- DNS:x942.test +- DNS:x943.test +- DNS:x944.test +- DNS:x945.test +- DNS:x946.test +- DNS:x947.test +- DNS:x948.test +- DNS:x949.test +- DNS:x950.test +- DNS:x951.test +- DNS:x952.test +- DNS:x953.test +- DNS:x954.test +- DNS:x955.test +- DNS:x956.test +- DNS:x957.test +- DNS:x958.test +- DNS:x959.test +- DNS:x960.test +- DNS:x961.test +- DNS:x962.test +- DNS:x963.test +- DNS:x964.test +- DNS:x965.test +- DNS:x966.test +- DNS:x967.test +- DNS:x968.test +- DNS:x969.test +- DNS:x970.test +- DNS:x971.test +- DNS:x972.test +- DNS:x973.test +- DNS:x974.test +- DNS:x975.test +- DNS:x976.test +- DNS:x977.test +- DNS:x978.test +- DNS:x979.test +- DNS:x980.test +- DNS:x981.test +- DNS:x982.test +- DNS:x983.test +- DNS:x984.test +- DNS:x985.test +- DNS:x986.test +- DNS:x987.test +- DNS:x988.test +- DNS:x989.test +- DNS:x990.test +- DNS:x991.test +- DNS:x992.test +- DNS:x993.test +- DNS:x994.test +- DNS:x995.test +- DNS:x996.test +- DNS:x997.test +- DNS:x998.test +- DNS:x999.test +- DNS:x1000.test +- DNS:x1001.test +- DNS:x1002.test +- DNS:x1003.test +- DNS:x1004.test +- DNS:x1005.test +- DNS:x1006.test +- DNS:x1007.test +- DNS:x1008.test +- DNS:x1009.test +- DNS:x1010.test +- DNS:x1011.test +- DNS:x1012.test +- DNS:x1013.test +- DNS:x1014.test +- DNS:x1015.test +- DNS:x1016.test +- DNS:x1017.test +- DNS:x1018.test +- DNS:x1019.test +- DNS:x1020.test +- DNS:x1021.test +- DNS:x1022.test +- DNS:x1023.test +- DNS:x1024.test +- DirName:CN = x0 +- DirName:CN = x1 +- DirName:CN = x2 +- DirName:CN = x3 +- DirName:CN = x4 +- DirName:CN = x5 +- DirName:CN = x6 +- DirName:CN = x7 +- DirName:CN = x8 +- DirName:CN = x9 +- DirName:CN = x10 +- DirName:CN = x11 +- DirName:CN = x12 +- DirName:CN = x13 +- DirName:CN = x14 +- DirName:CN = x15 +- DirName:CN = x16 +- DirName:CN = x17 +- DirName:CN = x18 +- DirName:CN = x19 +- DirName:CN = x20 +- DirName:CN = x21 +- DirName:CN = x22 +- DirName:CN = x23 +- DirName:CN = x24 +- DirName:CN = x25 +- DirName:CN = x26 +- DirName:CN = x27 +- DirName:CN = x28 +- DirName:CN = x29 +- DirName:CN = x30 +- DirName:CN = x31 +- DirName:CN = x32 +- DirName:CN = x33 +- DirName:CN = x34 +- DirName:CN = x35 +- DirName:CN = x36 +- DirName:CN = x37 +- DirName:CN = x38 +- DirName:CN = x39 +- DirName:CN = x40 +- DirName:CN = x41 +- DirName:CN = x42 +- DirName:CN = x43 +- DirName:CN = x44 +- DirName:CN = x45 +- DirName:CN = x46 +- DirName:CN = x47 +- DirName:CN = x48 +- DirName:CN = x49 +- DirName:CN = x50 +- DirName:CN = x51 +- DirName:CN = x52 +- DirName:CN = x53 +- DirName:CN = x54 +- DirName:CN = x55 +- DirName:CN = x56 +- DirName:CN = x57 +- DirName:CN = x58 +- DirName:CN = x59 +- DirName:CN = x60 +- DirName:CN = x61 +- DirName:CN = x62 +- DirName:CN = x63 +- DirName:CN = x64 +- DirName:CN = x65 +- DirName:CN = x66 +- DirName:CN = x67 +- DirName:CN = x68 +- DirName:CN = x69 +- DirName:CN = x70 +- DirName:CN = x71 +- DirName:CN = x72 +- DirName:CN = x73 +- DirName:CN = x74 +- DirName:CN = x75 +- DirName:CN = x76 +- DirName:CN = x77 +- DirName:CN = x78 +- DirName:CN = x79 +- DirName:CN = x80 +- DirName:CN = x81 +- DirName:CN = x82 +- DirName:CN = x83 +- DirName:CN = x84 +- DirName:CN = x85 +- DirName:CN = x86 +- DirName:CN = x87 +- DirName:CN = x88 +- DirName:CN = x89 +- DirName:CN = x90 +- DirName:CN = x91 +- DirName:CN = x92 +- DirName:CN = x93 +- DirName:CN = x94 +- DirName:CN = x95 +- DirName:CN = x96 +- DirName:CN = x97 +- DirName:CN = x98 +- DirName:CN = x99 +- DirName:CN = x100 +- DirName:CN = x101 +- DirName:CN = x102 +- DirName:CN = x103 +- DirName:CN = x104 +- DirName:CN = x105 +- DirName:CN = x106 +- DirName:CN = x107 +- DirName:CN = x108 +- DirName:CN = x109 +- DirName:CN = x110 +- DirName:CN = x111 +- DirName:CN = x112 +- DirName:CN = x113 +- DirName:CN = x114 +- DirName:CN = x115 +- DirName:CN = x116 +- DirName:CN = x117 +- DirName:CN = x118 +- DirName:CN = x119 +- DirName:CN = x120 +- DirName:CN = x121 +- DirName:CN = x122 +- DirName:CN = x123 +- DirName:CN = x124 +- DirName:CN = x125 +- DirName:CN = x126 +- DirName:CN = x127 +- DirName:CN = x128 +- DirName:CN = x129 +- DirName:CN = x130 +- DirName:CN = x131 +- DirName:CN = x132 +- DirName:CN = x133 +- DirName:CN = x134 +- DirName:CN = x135 +- DirName:CN = x136 +- DirName:CN = x137 +- DirName:CN = x138 +- DirName:CN = x139 +- DirName:CN = x140 +- DirName:CN = x141 +- DirName:CN = x142 +- DirName:CN = x143 +- DirName:CN = x144 +- DirName:CN = x145 +- DirName:CN = x146 +- DirName:CN = x147 +- DirName:CN = x148 +- DirName:CN = x149 +- DirName:CN = x150 +- DirName:CN = x151 +- DirName:CN = x152 +- DirName:CN = x153 +- DirName:CN = x154 +- DirName:CN = x155 +- DirName:CN = x156 +- DirName:CN = x157 +- DirName:CN = x158 +- DirName:CN = x159 +- DirName:CN = x160 +- DirName:CN = x161 +- DirName:CN = x162 +- DirName:CN = x163 +- DirName:CN = x164 +- DirName:CN = x165 +- DirName:CN = x166 +- DirName:CN = x167 +- DirName:CN = x168 +- DirName:CN = x169 +- DirName:CN = x170 +- DirName:CN = x171 +- DirName:CN = x172 +- DirName:CN = x173 +- DirName:CN = x174 +- DirName:CN = x175 +- DirName:CN = x176 +- DirName:CN = x177 +- DirName:CN = x178 +- DirName:CN = x179 +- DirName:CN = x180 +- DirName:CN = x181 +- DirName:CN = x182 +- DirName:CN = x183 +- DirName:CN = x184 +- DirName:CN = x185 +- DirName:CN = x186 +- DirName:CN = x187 +- DirName:CN = x188 +- DirName:CN = x189 +- DirName:CN = x190 +- DirName:CN = x191 +- DirName:CN = x192 +- DirName:CN = x193 +- DirName:CN = x194 +- DirName:CN = x195 +- DirName:CN = x196 +- DirName:CN = x197 +- DirName:CN = x198 +- DirName:CN = x199 +- DirName:CN = x200 +- DirName:CN = x201 +- DirName:CN = x202 +- DirName:CN = x203 +- DirName:CN = x204 +- DirName:CN = x205 +- DirName:CN = x206 +- DirName:CN = x207 +- DirName:CN = x208 +- DirName:CN = x209 +- DirName:CN = x210 +- DirName:CN = x211 +- DirName:CN = x212 +- DirName:CN = x213 +- DirName:CN = x214 +- DirName:CN = x215 +- DirName:CN = x216 +- DirName:CN = x217 +- DirName:CN = x218 +- DirName:CN = x219 +- DirName:CN = x220 +- DirName:CN = x221 +- DirName:CN = x222 +- DirName:CN = x223 +- DirName:CN = x224 +- DirName:CN = x225 +- DirName:CN = x226 +- DirName:CN = x227 +- DirName:CN = x228 +- DirName:CN = x229 +- DirName:CN = x230 +- DirName:CN = x231 +- DirName:CN = x232 +- DirName:CN = x233 +- DirName:CN = x234 +- DirName:CN = x235 +- DirName:CN = x236 +- DirName:CN = x237 +- DirName:CN = x238 +- DirName:CN = x239 +- DirName:CN = x240 +- DirName:CN = x241 +- DirName:CN = x242 +- DirName:CN = x243 +- DirName:CN = x244 +- DirName:CN = x245 +- DirName:CN = x246 +- DirName:CN = x247 +- DirName:CN = x248 +- DirName:CN = x249 +- DirName:CN = x250 +- DirName:CN = x251 +- DirName:CN = x252 +- DirName:CN = x253 +- DirName:CN = x254 +- DirName:CN = x255 +- DirName:CN = x256 +- DirName:CN = x257 +- DirName:CN = x258 +- DirName:CN = x259 +- DirName:CN = x260 +- DirName:CN = x261 +- DirName:CN = x262 +- DirName:CN = x263 +- DirName:CN = x264 +- DirName:CN = x265 +- DirName:CN = x266 +- DirName:CN = x267 +- DirName:CN = x268 +- DirName:CN = x269 +- DirName:CN = x270 +- DirName:CN = x271 +- DirName:CN = x272 +- DirName:CN = x273 +- DirName:CN = x274 +- DirName:CN = x275 +- DirName:CN = x276 +- DirName:CN = x277 +- DirName:CN = x278 +- DirName:CN = x279 +- DirName:CN = x280 +- DirName:CN = x281 +- DirName:CN = x282 +- DirName:CN = x283 +- DirName:CN = x284 +- DirName:CN = x285 +- DirName:CN = x286 +- DirName:CN = x287 +- DirName:CN = x288 +- DirName:CN = x289 +- DirName:CN = x290 +- DirName:CN = x291 +- DirName:CN = x292 +- DirName:CN = x293 +- DirName:CN = x294 +- DirName:CN = x295 +- DirName:CN = x296 +- DirName:CN = x297 +- DirName:CN = x298 +- DirName:CN = x299 +- DirName:CN = x300 +- DirName:CN = x301 +- DirName:CN = x302 +- DirName:CN = x303 +- DirName:CN = x304 +- DirName:CN = x305 +- DirName:CN = x306 +- DirName:CN = x307 +- DirName:CN = x308 +- DirName:CN = x309 +- DirName:CN = x310 +- DirName:CN = x311 +- DirName:CN = x312 +- DirName:CN = x313 +- DirName:CN = x314 +- DirName:CN = x315 +- DirName:CN = x316 +- DirName:CN = x317 +- DirName:CN = x318 +- DirName:CN = x319 +- DirName:CN = x320 +- DirName:CN = x321 +- DirName:CN = x322 +- DirName:CN = x323 +- DirName:CN = x324 +- DirName:CN = x325 +- DirName:CN = x326 +- DirName:CN = x327 +- DirName:CN = x328 +- DirName:CN = x329 +- DirName:CN = x330 +- DirName:CN = x331 +- DirName:CN = x332 +- DirName:CN = x333 +- DirName:CN = x334 +- DirName:CN = x335 +- DirName:CN = x336 +- DirName:CN = x337 +- DirName:CN = x338 +- DirName:CN = x339 +- DirName:CN = x340 +- DirName:CN = x341 +- DirName:CN = x342 +- DirName:CN = x343 +- DirName:CN = x344 +- DirName:CN = x345 +- DirName:CN = x346 +- DirName:CN = x347 +- DirName:CN = x348 +- DirName:CN = x349 +- DirName:CN = x350 +- DirName:CN = x351 +- DirName:CN = x352 +- DirName:CN = x353 +- DirName:CN = x354 +- DirName:CN = x355 +- DirName:CN = x356 +- DirName:CN = x357 +- DirName:CN = x358 +- DirName:CN = x359 +- DirName:CN = x360 +- DirName:CN = x361 +- DirName:CN = x362 +- DirName:CN = x363 +- DirName:CN = x364 +- DirName:CN = x365 +- DirName:CN = x366 +- DirName:CN = x367 +- DirName:CN = x368 +- DirName:CN = x369 +- DirName:CN = x370 +- DirName:CN = x371 +- DirName:CN = x372 +- DirName:CN = x373 +- DirName:CN = x374 +- DirName:CN = x375 +- DirName:CN = x376 +- DirName:CN = x377 +- DirName:CN = x378 +- DirName:CN = x379 +- DirName:CN = x380 +- DirName:CN = x381 +- DirName:CN = x382 +- DirName:CN = x383 +- DirName:CN = x384 +- DirName:CN = x385 +- DirName:CN = x386 +- DirName:CN = x387 +- DirName:CN = x388 +- DirName:CN = x389 +- DirName:CN = x390 +- DirName:CN = x391 +- DirName:CN = x392 +- DirName:CN = x393 +- DirName:CN = x394 +- DirName:CN = x395 +- DirName:CN = x396 +- DirName:CN = x397 +- DirName:CN = x398 +- DirName:CN = x399 +- DirName:CN = x400 +- DirName:CN = x401 +- DirName:CN = x402 +- DirName:CN = x403 +- DirName:CN = x404 +- DirName:CN = x405 +- DirName:CN = x406 +- DirName:CN = x407 +- DirName:CN = x408 +- DirName:CN = x409 +- DirName:CN = x410 +- DirName:CN = x411 +- DirName:CN = x412 +- DirName:CN = x413 +- DirName:CN = x414 +- DirName:CN = x415 +- DirName:CN = x416 +- DirName:CN = x417 +- DirName:CN = x418 +- DirName:CN = x419 +- DirName:CN = x420 +- DirName:CN = x421 +- DirName:CN = x422 +- DirName:CN = x423 +- DirName:CN = x424 +- DirName:CN = x425 +- DirName:CN = x426 +- DirName:CN = x427 +- DirName:CN = x428 +- DirName:CN = x429 +- DirName:CN = x430 +- DirName:CN = x431 +- DirName:CN = x432 +- DirName:CN = x433 +- DirName:CN = x434 +- DirName:CN = x435 +- DirName:CN = x436 +- DirName:CN = x437 +- DirName:CN = x438 +- DirName:CN = x439 +- DirName:CN = x440 +- DirName:CN = x441 +- DirName:CN = x442 +- DirName:CN = x443 +- DirName:CN = x444 +- DirName:CN = x445 +- DirName:CN = x446 +- DirName:CN = x447 +- DirName:CN = x448 +- DirName:CN = x449 +- DirName:CN = x450 +- DirName:CN = x451 +- DirName:CN = x452 +- DirName:CN = x453 +- DirName:CN = x454 +- DirName:CN = x455 +- DirName:CN = x456 +- DirName:CN = x457 +- DirName:CN = x458 +- DirName:CN = x459 +- DirName:CN = x460 +- DirName:CN = x461 +- DirName:CN = x462 +- DirName:CN = x463 +- DirName:CN = x464 +- DirName:CN = x465 +- DirName:CN = x466 +- DirName:CN = x467 +- DirName:CN = x468 +- DirName:CN = x469 +- DirName:CN = x470 +- DirName:CN = x471 +- DirName:CN = x472 +- DirName:CN = x473 +- DirName:CN = x474 +- DirName:CN = x475 +- DirName:CN = x476 +- DirName:CN = x477 +- DirName:CN = x478 +- DirName:CN = x479 +- DirName:CN = x480 +- DirName:CN = x481 +- DirName:CN = x482 +- DirName:CN = x483 +- DirName:CN = x484 +- DirName:CN = x485 +- DirName:CN = x486 +- DirName:CN = x487 +- DirName:CN = x488 +- DirName:CN = x489 +- DirName:CN = x490 +- DirName:CN = x491 +- DirName:CN = x492 +- DirName:CN = x493 +- DirName:CN = x494 +- DirName:CN = x495 +- DirName:CN = x496 +- DirName:CN = x497 +- DirName:CN = x498 +- DirName:CN = x499 +- DirName:CN = x500 +- DirName:CN = x501 +- DirName:CN = x502 +- DirName:CN = x503 +- DirName:CN = x504 +- DirName:CN = x505 +- DirName:CN = x506 +- DirName:CN = x507 +- DirName:CN = x508 +- DirName:CN = x509 +- DirName:CN = x510 +- DirName:CN = x511 +- DirName:CN = x512 +- DirName:CN = x513 +- DirName:CN = x514 +- DirName:CN = x515 +- DirName:CN = x516 +- DirName:CN = x517 +- DirName:CN = x518 +- DirName:CN = x519 +- DirName:CN = x520 +- DirName:CN = x521 +- DirName:CN = x522 +- DirName:CN = x523 +- DirName:CN = x524 +- DirName:CN = x525 +- DirName:CN = x526 +- DirName:CN = x527 +- DirName:CN = x528 +- DirName:CN = x529 +- DirName:CN = x530 +- DirName:CN = x531 +- DirName:CN = x532 +- DirName:CN = x533 +- DirName:CN = x534 +- DirName:CN = x535 +- DirName:CN = x536 +- DirName:CN = x537 +- DirName:CN = x538 +- DirName:CN = x539 +- DirName:CN = x540 +- DirName:CN = x541 +- DirName:CN = x542 +- DirName:CN = x543 +- DirName:CN = x544 +- DirName:CN = x545 +- DirName:CN = x546 +- DirName:CN = x547 +- DirName:CN = x548 +- DirName:CN = x549 +- DirName:CN = x550 +- DirName:CN = x551 +- DirName:CN = x552 +- DirName:CN = x553 +- DirName:CN = x554 +- DirName:CN = x555 +- DirName:CN = x556 +- DirName:CN = x557 +- DirName:CN = x558 +- DirName:CN = x559 +- DirName:CN = x560 +- DirName:CN = x561 +- DirName:CN = x562 +- DirName:CN = x563 +- DirName:CN = x564 +- DirName:CN = x565 +- DirName:CN = x566 +- DirName:CN = x567 +- DirName:CN = x568 +- DirName:CN = x569 +- DirName:CN = x570 +- DirName:CN = x571 +- DirName:CN = x572 +- DirName:CN = x573 +- DirName:CN = x574 +- DirName:CN = x575 +- DirName:CN = x576 +- DirName:CN = x577 +- DirName:CN = x578 +- DirName:CN = x579 +- DirName:CN = x580 +- DirName:CN = x581 +- DirName:CN = x582 +- DirName:CN = x583 +- DirName:CN = x584 +- DirName:CN = x585 +- DirName:CN = x586 +- DirName:CN = x587 +- DirName:CN = x588 +- DirName:CN = x589 +- DirName:CN = x590 +- DirName:CN = x591 +- DirName:CN = x592 +- DirName:CN = x593 +- DirName:CN = x594 +- DirName:CN = x595 +- DirName:CN = x596 +- DirName:CN = x597 +- DirName:CN = x598 +- DirName:CN = x599 +- DirName:CN = x600 +- DirName:CN = x601 +- DirName:CN = x602 +- DirName:CN = x603 +- DirName:CN = x604 +- DirName:CN = x605 +- DirName:CN = x606 +- DirName:CN = x607 +- DirName:CN = x608 +- DirName:CN = x609 +- DirName:CN = x610 +- DirName:CN = x611 +- DirName:CN = x612 +- DirName:CN = x613 +- DirName:CN = x614 +- DirName:CN = x615 +- DirName:CN = x616 +- DirName:CN = x617 +- DirName:CN = x618 +- DirName:CN = x619 +- DirName:CN = x620 +- DirName:CN = x621 +- DirName:CN = x622 +- DirName:CN = x623 +- DirName:CN = x624 +- DirName:CN = x625 +- DirName:CN = x626 +- DirName:CN = x627 +- DirName:CN = x628 +- DirName:CN = x629 +- DirName:CN = x630 +- DirName:CN = x631 +- DirName:CN = x632 +- DirName:CN = x633 +- DirName:CN = x634 +- DirName:CN = x635 +- DirName:CN = x636 +- DirName:CN = x637 +- DirName:CN = x638 +- DirName:CN = x639 +- DirName:CN = x640 +- DirName:CN = x641 +- DirName:CN = x642 +- DirName:CN = x643 +- DirName:CN = x644 +- DirName:CN = x645 +- DirName:CN = x646 +- DirName:CN = x647 +- DirName:CN = x648 +- DirName:CN = x649 +- DirName:CN = x650 +- DirName:CN = x651 +- DirName:CN = x652 +- DirName:CN = x653 +- DirName:CN = x654 +- DirName:CN = x655 +- DirName:CN = x656 +- DirName:CN = x657 +- DirName:CN = x658 +- DirName:CN = x659 +- DirName:CN = x660 +- DirName:CN = x661 +- DirName:CN = x662 +- DirName:CN = x663 +- DirName:CN = x664 +- DirName:CN = x665 +- DirName:CN = x666 +- DirName:CN = x667 +- DirName:CN = x668 +- DirName:CN = x669 +- DirName:CN = x670 +- DirName:CN = x671 +- DirName:CN = x672 +- DirName:CN = x673 +- DirName:CN = x674 +- DirName:CN = x675 +- DirName:CN = x676 +- DirName:CN = x677 +- DirName:CN = x678 +- DirName:CN = x679 +- DirName:CN = x680 +- DirName:CN = x681 +- DirName:CN = x682 +- DirName:CN = x683 +- DirName:CN = x684 +- DirName:CN = x685 +- DirName:CN = x686 +- DirName:CN = x687 +- DirName:CN = x688 +- DirName:CN = x689 +- DirName:CN = x690 +- DirName:CN = x691 +- DirName:CN = x692 +- DirName:CN = x693 +- DirName:CN = x694 +- DirName:CN = x695 +- DirName:CN = x696 +- DirName:CN = x697 +- DirName:CN = x698 +- DirName:CN = x699 +- DirName:CN = x700 +- DirName:CN = x701 +- DirName:CN = x702 +- DirName:CN = x703 +- DirName:CN = x704 +- DirName:CN = x705 +- DirName:CN = x706 +- DirName:CN = x707 +- DirName:CN = x708 +- DirName:CN = x709 +- DirName:CN = x710 +- DirName:CN = x711 +- DirName:CN = x712 +- DirName:CN = x713 +- DirName:CN = x714 +- DirName:CN = x715 +- DirName:CN = x716 +- DirName:CN = x717 +- DirName:CN = x718 +- DirName:CN = x719 +- DirName:CN = x720 +- DirName:CN = x721 +- DirName:CN = x722 +- DirName:CN = x723 +- DirName:CN = x724 +- DirName:CN = x725 +- DirName:CN = x726 +- DirName:CN = x727 +- DirName:CN = x728 +- DirName:CN = x729 +- DirName:CN = x730 +- DirName:CN = x731 +- DirName:CN = x732 +- DirName:CN = x733 +- DirName:CN = x734 +- DirName:CN = x735 +- DirName:CN = x736 +- DirName:CN = x737 +- DirName:CN = x738 +- DirName:CN = x739 +- DirName:CN = x740 +- DirName:CN = x741 +- DirName:CN = x742 +- DirName:CN = x743 +- DirName:CN = x744 +- DirName:CN = x745 +- DirName:CN = x746 +- DirName:CN = x747 +- DirName:CN = x748 +- DirName:CN = x749 +- DirName:CN = x750 +- DirName:CN = x751 +- DirName:CN = x752 +- DirName:CN = x753 +- DirName:CN = x754 +- DirName:CN = x755 +- DirName:CN = x756 +- DirName:CN = x757 +- DirName:CN = x758 +- DirName:CN = x759 +- DirName:CN = x760 +- DirName:CN = x761 +- DirName:CN = x762 +- DirName:CN = x763 +- DirName:CN = x764 +- DirName:CN = x765 +- DirName:CN = x766 +- DirName:CN = x767 +- DirName:CN = x768 +- DirName:CN = x769 +- DirName:CN = x770 +- DirName:CN = x771 +- DirName:CN = x772 +- DirName:CN = x773 +- DirName:CN = x774 +- DirName:CN = x775 +- DirName:CN = x776 +- DirName:CN = x777 +- DirName:CN = x778 +- DirName:CN = x779 +- DirName:CN = x780 +- DirName:CN = x781 +- DirName:CN = x782 +- DirName:CN = x783 +- DirName:CN = x784 +- DirName:CN = x785 +- DirName:CN = x786 +- DirName:CN = x787 +- DirName:CN = x788 +- DirName:CN = x789 +- DirName:CN = x790 +- DirName:CN = x791 +- DirName:CN = x792 +- DirName:CN = x793 +- DirName:CN = x794 +- DirName:CN = x795 +- DirName:CN = x796 +- DirName:CN = x797 +- DirName:CN = x798 +- DirName:CN = x799 +- DirName:CN = x800 +- DirName:CN = x801 +- DirName:CN = x802 +- DirName:CN = x803 +- DirName:CN = x804 +- DirName:CN = x805 +- DirName:CN = x806 +- DirName:CN = x807 +- DirName:CN = x808 +- DirName:CN = x809 +- DirName:CN = x810 +- DirName:CN = x811 +- DirName:CN = x812 +- DirName:CN = x813 +- DirName:CN = x814 +- DirName:CN = x815 +- DirName:CN = x816 +- DirName:CN = x817 +- DirName:CN = x818 +- DirName:CN = x819 +- DirName:CN = x820 +- DirName:CN = x821 +- DirName:CN = x822 +- DirName:CN = x823 +- DirName:CN = x824 +- DirName:CN = x825 +- DirName:CN = x826 +- DirName:CN = x827 +- DirName:CN = x828 +- DirName:CN = x829 +- DirName:CN = x830 +- DirName:CN = x831 +- DirName:CN = x832 +- DirName:CN = x833 +- DirName:CN = x834 +- DirName:CN = x835 +- DirName:CN = x836 +- DirName:CN = x837 +- DirName:CN = x838 +- DirName:CN = x839 +- DirName:CN = x840 +- DirName:CN = x841 +- DirName:CN = x842 +- DirName:CN = x843 +- DirName:CN = x844 +- DirName:CN = x845 +- DirName:CN = x846 +- DirName:CN = x847 +- DirName:CN = x848 +- DirName:CN = x849 +- DirName:CN = x850 +- DirName:CN = x851 +- DirName:CN = x852 +- DirName:CN = x853 +- DirName:CN = x854 +- DirName:CN = x855 +- DirName:CN = x856 +- DirName:CN = x857 +- DirName:CN = x858 +- DirName:CN = x859 +- DirName:CN = x860 +- DirName:CN = x861 +- DirName:CN = x862 +- DirName:CN = x863 +- DirName:CN = x864 +- DirName:CN = x865 +- DirName:CN = x866 +- DirName:CN = x867 +- DirName:CN = x868 +- DirName:CN = x869 +- DirName:CN = x870 +- DirName:CN = x871 +- DirName:CN = x872 +- DirName:CN = x873 +- DirName:CN = x874 +- DirName:CN = x875 +- DirName:CN = x876 +- DirName:CN = x877 +- DirName:CN = x878 +- DirName:CN = x879 +- DirName:CN = x880 +- DirName:CN = x881 +- DirName:CN = x882 +- DirName:CN = x883 +- DirName:CN = x884 +- DirName:CN = x885 +- DirName:CN = x886 +- DirName:CN = x887 +- DirName:CN = x888 +- DirName:CN = x889 +- DirName:CN = x890 +- DirName:CN = x891 +- DirName:CN = x892 +- DirName:CN = x893 +- DirName:CN = x894 +- DirName:CN = x895 +- DirName:CN = x896 +- DirName:CN = x897 +- DirName:CN = x898 +- DirName:CN = x899 +- DirName:CN = x900 +- DirName:CN = x901 +- DirName:CN = x902 +- DirName:CN = x903 +- DirName:CN = x904 +- DirName:CN = x905 +- DirName:CN = x906 +- DirName:CN = x907 +- DirName:CN = x908 +- DirName:CN = x909 +- DirName:CN = x910 +- DirName:CN = x911 +- DirName:CN = x912 +- DirName:CN = x913 +- DirName:CN = x914 +- DirName:CN = x915 +- DirName:CN = x916 +- DirName:CN = x917 +- DirName:CN = x918 +- DirName:CN = x919 +- DirName:CN = x920 +- DirName:CN = x921 +- DirName:CN = x922 +- DirName:CN = x923 +- DirName:CN = x924 +- DirName:CN = x925 +- DirName:CN = x926 +- DirName:CN = x927 +- DirName:CN = x928 +- DirName:CN = x929 +- DirName:CN = x930 +- DirName:CN = x931 +- DirName:CN = x932 +- DirName:CN = x933 +- DirName:CN = x934 +- DirName:CN = x935 +- DirName:CN = x936 +- DirName:CN = x937 +- DirName:CN = x938 +- DirName:CN = x939 +- DirName:CN = x940 +- DirName:CN = x941 +- DirName:CN = x942 +- DirName:CN = x943 +- DirName:CN = x944 +- DirName:CN = x945 +- DirName:CN = x946 +- DirName:CN = x947 +- DirName:CN = x948 +- DirName:CN = x949 +- DirName:CN = x950 +- DirName:CN = x951 +- DirName:CN = x952 +- DirName:CN = x953 +- DirName:CN = x954 +- DirName:CN = x955 +- DirName:CN = x956 +- DirName:CN = x957 +- DirName:CN = x958 +- DirName:CN = x959 +- DirName:CN = x960 +- DirName:CN = x961 +- DirName:CN = x962 +- DirName:CN = x963 +- DirName:CN = x964 +- DirName:CN = x965 +- DirName:CN = x966 +- DirName:CN = x967 +- DirName:CN = x968 +- DirName:CN = x969 +- DirName:CN = x970 +- DirName:CN = x971 +- DirName:CN = x972 +- DirName:CN = x973 +- DirName:CN = x974 +- DirName:CN = x975 +- DirName:CN = x976 +- DirName:CN = x977 +- DirName:CN = x978 +- DirName:CN = x979 +- DirName:CN = x980 +- DirName:CN = x981 +- DirName:CN = x982 +- DirName:CN = x983 +- DirName:CN = x984 +- DirName:CN = x985 +- DirName:CN = x986 +- DirName:CN = x987 +- DirName:CN = x988 +- DirName:CN = x989 +- DirName:CN = x990 +- DirName:CN = x991 +- DirName:CN = x992 +- DirName:CN = x993 +- DirName:CN = x994 +- DirName:CN = x995 +- DirName:CN = x996 +- DirName:CN = x997 +- DirName:CN = x998 +- DirName:CN = x999 +- DirName:CN = x1000 +- DirName:CN = x1001 +- DirName:CN = x1002 +- DirName:CN = x1003 +- DirName:CN = x1004 +- DirName:CN = x1005 +- DirName:CN = x1006 +- DirName:CN = x1007 +- DirName:CN = x1008 +- DirName:CN = x1009 +- DirName:CN = x1010 +- DirName:CN = x1011 +- DirName:CN = x1012 +- DirName:CN = x1013 +- DirName:CN = x1014 +- DirName:CN = x1015 +- DirName:CN = x1016 +- DirName:CN = x1017 +- DirName:CN = x1018 +- DirName:CN = x1019 +- DirName:CN = x1020 +- DirName:CN = x1021 +- DirName:CN = x1022 +- DirName:CN = x1023 +- DirName:CN = x1024 +- URI:http://xest/0 +- URI:http://xest/1 +- URI:http://xest/2 +- URI:http://xest/3 +- URI:http://xest/4 +- URI:http://xest/5 +- URI:http://xest/6 +- URI:http://xest/7 +- URI:http://xest/8 +- URI:http://xest/9 +- URI:http://xest/10 +- URI:http://xest/11 +- URI:http://xest/12 +- URI:http://xest/13 +- URI:http://xest/14 +- URI:http://xest/15 +- URI:http://xest/16 +- URI:http://xest/17 +- URI:http://xest/18 +- URI:http://xest/19 +- URI:http://xest/20 +- URI:http://xest/21 +- URI:http://xest/22 +- URI:http://xest/23 +- URI:http://xest/24 +- URI:http://xest/25 +- URI:http://xest/26 +- URI:http://xest/27 +- URI:http://xest/28 +- URI:http://xest/29 +- URI:http://xest/30 +- URI:http://xest/31 +- URI:http://xest/32 +- URI:http://xest/33 +- URI:http://xest/34 +- URI:http://xest/35 +- URI:http://xest/36 +- URI:http://xest/37 +- URI:http://xest/38 +- URI:http://xest/39 +- URI:http://xest/40 +- URI:http://xest/41 +- URI:http://xest/42 +- URI:http://xest/43 +- URI:http://xest/44 +- URI:http://xest/45 +- URI:http://xest/46 +- URI:http://xest/47 +- URI:http://xest/48 +- URI:http://xest/49 +- URI:http://xest/50 +- URI:http://xest/51 +- URI:http://xest/52 +- URI:http://xest/53 +- URI:http://xest/54 +- URI:http://xest/55 +- URI:http://xest/56 +- URI:http://xest/57 +- URI:http://xest/58 +- URI:http://xest/59 +- URI:http://xest/60 +- URI:http://xest/61 +- URI:http://xest/62 +- URI:http://xest/63 +- URI:http://xest/64 +- URI:http://xest/65 +- URI:http://xest/66 +- URI:http://xest/67 +- URI:http://xest/68 +- URI:http://xest/69 +- URI:http://xest/70 +- URI:http://xest/71 +- URI:http://xest/72 +- URI:http://xest/73 +- URI:http://xest/74 +- URI:http://xest/75 +- URI:http://xest/76 +- URI:http://xest/77 +- URI:http://xest/78 +- URI:http://xest/79 +- URI:http://xest/80 +- URI:http://xest/81 +- URI:http://xest/82 +- URI:http://xest/83 +- URI:http://xest/84 +- URI:http://xest/85 +- URI:http://xest/86 +- URI:http://xest/87 +- URI:http://xest/88 +- URI:http://xest/89 +- URI:http://xest/90 +- URI:http://xest/91 +- URI:http://xest/92 +- URI:http://xest/93 +- URI:http://xest/94 +- URI:http://xest/95 +- URI:http://xest/96 +- URI:http://xest/97 +- URI:http://xest/98 +- URI:http://xest/99 +- URI:http://xest/100 +- URI:http://xest/101 +- URI:http://xest/102 +- URI:http://xest/103 +- URI:http://xest/104 +- URI:http://xest/105 +- URI:http://xest/106 +- URI:http://xest/107 +- URI:http://xest/108 +- URI:http://xest/109 +- URI:http://xest/110 +- URI:http://xest/111 +- URI:http://xest/112 +- URI:http://xest/113 +- URI:http://xest/114 +- URI:http://xest/115 +- URI:http://xest/116 +- URI:http://xest/117 +- URI:http://xest/118 +- URI:http://xest/119 +- URI:http://xest/120 +- URI:http://xest/121 +- URI:http://xest/122 +- URI:http://xest/123 +- URI:http://xest/124 +- URI:http://xest/125 +- URI:http://xest/126 +- URI:http://xest/127 +- URI:http://xest/128 +- URI:http://xest/129 +- URI:http://xest/130 +- URI:http://xest/131 +- URI:http://xest/132 +- URI:http://xest/133 +- URI:http://xest/134 +- URI:http://xest/135 +- URI:http://xest/136 +- URI:http://xest/137 +- URI:http://xest/138 +- URI:http://xest/139 +- URI:http://xest/140 +- URI:http://xest/141 +- URI:http://xest/142 +- URI:http://xest/143 +- URI:http://xest/144 +- URI:http://xest/145 +- URI:http://xest/146 +- URI:http://xest/147 +- URI:http://xest/148 +- URI:http://xest/149 +- URI:http://xest/150 +- URI:http://xest/151 +- URI:http://xest/152 +- URI:http://xest/153 +- URI:http://xest/154 +- URI:http://xest/155 +- URI:http://xest/156 +- URI:http://xest/157 +- URI:http://xest/158 +- URI:http://xest/159 +- URI:http://xest/160 +- URI:http://xest/161 +- URI:http://xest/162 +- URI:http://xest/163 +- URI:http://xest/164 +- URI:http://xest/165 +- URI:http://xest/166 +- URI:http://xest/167 +- URI:http://xest/168 +- URI:http://xest/169 +- URI:http://xest/170 +- URI:http://xest/171 +- URI:http://xest/172 +- URI:http://xest/173 +- URI:http://xest/174 +- URI:http://xest/175 +- URI:http://xest/176 +- URI:http://xest/177 +- URI:http://xest/178 +- URI:http://xest/179 +- URI:http://xest/180 +- URI:http://xest/181 +- URI:http://xest/182 +- URI:http://xest/183 +- URI:http://xest/184 +- URI:http://xest/185 +- URI:http://xest/186 +- URI:http://xest/187 +- URI:http://xest/188 +- URI:http://xest/189 +- URI:http://xest/190 +- URI:http://xest/191 +- URI:http://xest/192 +- URI:http://xest/193 +- URI:http://xest/194 +- URI:http://xest/195 +- URI:http://xest/196 +- URI:http://xest/197 +- URI:http://xest/198 +- URI:http://xest/199 +- URI:http://xest/200 +- URI:http://xest/201 +- URI:http://xest/202 +- URI:http://xest/203 +- URI:http://xest/204 +- URI:http://xest/205 +- URI:http://xest/206 +- URI:http://xest/207 +- URI:http://xest/208 +- URI:http://xest/209 +- URI:http://xest/210 +- URI:http://xest/211 +- URI:http://xest/212 +- URI:http://xest/213 +- URI:http://xest/214 +- URI:http://xest/215 +- URI:http://xest/216 +- URI:http://xest/217 +- URI:http://xest/218 +- URI:http://xest/219 +- URI:http://xest/220 +- URI:http://xest/221 +- URI:http://xest/222 +- URI:http://xest/223 +- URI:http://xest/224 +- URI:http://xest/225 +- URI:http://xest/226 +- URI:http://xest/227 +- URI:http://xest/228 +- URI:http://xest/229 +- URI:http://xest/230 +- URI:http://xest/231 +- URI:http://xest/232 +- URI:http://xest/233 +- URI:http://xest/234 +- URI:http://xest/235 +- URI:http://xest/236 +- URI:http://xest/237 +- URI:http://xest/238 +- URI:http://xest/239 +- URI:http://xest/240 +- URI:http://xest/241 +- URI:http://xest/242 +- URI:http://xest/243 +- URI:http://xest/244 +- URI:http://xest/245 +- URI:http://xest/246 +- URI:http://xest/247 +- URI:http://xest/248 +- URI:http://xest/249 +- URI:http://xest/250 +- URI:http://xest/251 +- URI:http://xest/252 +- URI:http://xest/253 +- URI:http://xest/254 +- URI:http://xest/255 +- URI:http://xest/256 +- URI:http://xest/257 +- URI:http://xest/258 +- URI:http://xest/259 +- URI:http://xest/260 +- URI:http://xest/261 +- URI:http://xest/262 +- URI:http://xest/263 +- URI:http://xest/264 +- URI:http://xest/265 +- URI:http://xest/266 +- URI:http://xest/267 +- URI:http://xest/268 +- URI:http://xest/269 +- URI:http://xest/270 +- URI:http://xest/271 +- URI:http://xest/272 +- URI:http://xest/273 +- URI:http://xest/274 +- URI:http://xest/275 +- URI:http://xest/276 +- URI:http://xest/277 +- URI:http://xest/278 +- URI:http://xest/279 +- URI:http://xest/280 +- URI:http://xest/281 +- URI:http://xest/282 +- URI:http://xest/283 +- URI:http://xest/284 +- URI:http://xest/285 +- URI:http://xest/286 +- URI:http://xest/287 +- URI:http://xest/288 +- URI:http://xest/289 +- URI:http://xest/290 +- URI:http://xest/291 +- URI:http://xest/292 +- URI:http://xest/293 +- URI:http://xest/294 +- URI:http://xest/295 +- URI:http://xest/296 +- URI:http://xest/297 +- URI:http://xest/298 +- URI:http://xest/299 +- URI:http://xest/300 +- URI:http://xest/301 +- URI:http://xest/302 +- URI:http://xest/303 +- URI:http://xest/304 +- URI:http://xest/305 +- URI:http://xest/306 +- URI:http://xest/307 +- URI:http://xest/308 +- URI:http://xest/309 +- URI:http://xest/310 +- URI:http://xest/311 +- URI:http://xest/312 +- URI:http://xest/313 +- URI:http://xest/314 +- URI:http://xest/315 +- URI:http://xest/316 +- URI:http://xest/317 +- URI:http://xest/318 +- URI:http://xest/319 +- URI:http://xest/320 +- URI:http://xest/321 +- URI:http://xest/322 +- URI:http://xest/323 +- URI:http://xest/324 +- URI:http://xest/325 +- URI:http://xest/326 +- URI:http://xest/327 +- URI:http://xest/328 +- URI:http://xest/329 +- URI:http://xest/330 +- URI:http://xest/331 +- URI:http://xest/332 +- URI:http://xest/333 +- URI:http://xest/334 +- URI:http://xest/335 +- URI:http://xest/336 +- URI:http://xest/337 +- URI:http://xest/338 +- URI:http://xest/339 +- URI:http://xest/340 +- URI:http://xest/341 +- URI:http://xest/342 +- URI:http://xest/343 +- URI:http://xest/344 +- URI:http://xest/345 +- URI:http://xest/346 +- URI:http://xest/347 +- URI:http://xest/348 +- URI:http://xest/349 +- URI:http://xest/350 +- URI:http://xest/351 +- URI:http://xest/352 +- URI:http://xest/353 +- URI:http://xest/354 +- URI:http://xest/355 +- URI:http://xest/356 +- URI:http://xest/357 +- URI:http://xest/358 +- URI:http://xest/359 +- URI:http://xest/360 +- URI:http://xest/361 +- URI:http://xest/362 +- URI:http://xest/363 +- URI:http://xest/364 +- URI:http://xest/365 +- URI:http://xest/366 +- URI:http://xest/367 +- URI:http://xest/368 +- URI:http://xest/369 +- URI:http://xest/370 +- URI:http://xest/371 +- URI:http://xest/372 +- URI:http://xest/373 +- URI:http://xest/374 +- URI:http://xest/375 +- URI:http://xest/376 +- URI:http://xest/377 +- URI:http://xest/378 +- URI:http://xest/379 +- URI:http://xest/380 +- URI:http://xest/381 +- URI:http://xest/382 +- URI:http://xest/383 +- URI:http://xest/384 +- URI:http://xest/385 +- URI:http://xest/386 +- URI:http://xest/387 +- URI:http://xest/388 +- URI:http://xest/389 +- URI:http://xest/390 +- URI:http://xest/391 +- URI:http://xest/392 +- URI:http://xest/393 +- URI:http://xest/394 +- URI:http://xest/395 +- URI:http://xest/396 +- URI:http://xest/397 +- URI:http://xest/398 +- URI:http://xest/399 +- URI:http://xest/400 +- URI:http://xest/401 +- URI:http://xest/402 +- URI:http://xest/403 +- URI:http://xest/404 +- URI:http://xest/405 +- URI:http://xest/406 +- URI:http://xest/407 +- URI:http://xest/408 +- URI:http://xest/409 +- URI:http://xest/410 +- URI:http://xest/411 +- URI:http://xest/412 +- URI:http://xest/413 +- URI:http://xest/414 +- URI:http://xest/415 +- URI:http://xest/416 +- URI:http://xest/417 +- URI:http://xest/418 +- URI:http://xest/419 +- URI:http://xest/420 +- URI:http://xest/421 +- URI:http://xest/422 +- URI:http://xest/423 +- URI:http://xest/424 +- URI:http://xest/425 +- URI:http://xest/426 +- URI:http://xest/427 +- URI:http://xest/428 +- URI:http://xest/429 +- URI:http://xest/430 +- URI:http://xest/431 +- URI:http://xest/432 +- URI:http://xest/433 +- URI:http://xest/434 +- URI:http://xest/435 +- URI:http://xest/436 +- URI:http://xest/437 +- URI:http://xest/438 +- URI:http://xest/439 +- URI:http://xest/440 +- URI:http://xest/441 +- URI:http://xest/442 +- URI:http://xest/443 +- URI:http://xest/444 +- URI:http://xest/445 +- URI:http://xest/446 +- URI:http://xest/447 +- URI:http://xest/448 +- URI:http://xest/449 +- URI:http://xest/450 +- URI:http://xest/451 +- URI:http://xest/452 +- URI:http://xest/453 +- URI:http://xest/454 +- URI:http://xest/455 +- URI:http://xest/456 +- URI:http://xest/457 +- URI:http://xest/458 +- URI:http://xest/459 +- URI:http://xest/460 +- URI:http://xest/461 +- URI:http://xest/462 +- URI:http://xest/463 +- URI:http://xest/464 +- URI:http://xest/465 +- URI:http://xest/466 +- URI:http://xest/467 +- URI:http://xest/468 +- URI:http://xest/469 +- URI:http://xest/470 +- URI:http://xest/471 +- URI:http://xest/472 +- URI:http://xest/473 +- URI:http://xest/474 +- URI:http://xest/475 +- URI:http://xest/476 +- URI:http://xest/477 +- URI:http://xest/478 +- URI:http://xest/479 +- URI:http://xest/480 +- URI:http://xest/481 +- URI:http://xest/482 +- URI:http://xest/483 +- URI:http://xest/484 +- URI:http://xest/485 +- URI:http://xest/486 +- URI:http://xest/487 +- URI:http://xest/488 +- URI:http://xest/489 +- URI:http://xest/490 +- URI:http://xest/491 +- URI:http://xest/492 +- URI:http://xest/493 +- URI:http://xest/494 +- URI:http://xest/495 +- URI:http://xest/496 +- URI:http://xest/497 +- URI:http://xest/498 +- URI:http://xest/499 +- URI:http://xest/500 +- URI:http://xest/501 +- URI:http://xest/502 +- URI:http://xest/503 +- URI:http://xest/504 +- URI:http://xest/505 +- URI:http://xest/506 +- URI:http://xest/507 +- URI:http://xest/508 +- URI:http://xest/509 +- URI:http://xest/510 +- URI:http://xest/511 +- URI:http://xest/512 +- URI:http://xest/513 +- URI:http://xest/514 +- URI:http://xest/515 +- URI:http://xest/516 +- URI:http://xest/517 +- URI:http://xest/518 +- URI:http://xest/519 +- URI:http://xest/520 +- URI:http://xest/521 +- URI:http://xest/522 +- URI:http://xest/523 +- URI:http://xest/524 +- URI:http://xest/525 +- URI:http://xest/526 +- URI:http://xest/527 +- URI:http://xest/528 +- URI:http://xest/529 +- URI:http://xest/530 +- URI:http://xest/531 +- URI:http://xest/532 +- URI:http://xest/533 +- URI:http://xest/534 +- URI:http://xest/535 +- URI:http://xest/536 +- URI:http://xest/537 +- URI:http://xest/538 +- URI:http://xest/539 +- URI:http://xest/540 +- URI:http://xest/541 +- URI:http://xest/542 +- URI:http://xest/543 +- URI:http://xest/544 +- URI:http://xest/545 +- URI:http://xest/546 +- URI:http://xest/547 +- URI:http://xest/548 +- URI:http://xest/549 +- URI:http://xest/550 +- URI:http://xest/551 +- URI:http://xest/552 +- URI:http://xest/553 +- URI:http://xest/554 +- URI:http://xest/555 +- URI:http://xest/556 +- URI:http://xest/557 +- URI:http://xest/558 +- URI:http://xest/559 +- URI:http://xest/560 +- URI:http://xest/561 +- URI:http://xest/562 +- URI:http://xest/563 +- URI:http://xest/564 +- URI:http://xest/565 +- URI:http://xest/566 +- URI:http://xest/567 +- URI:http://xest/568 +- URI:http://xest/569 +- URI:http://xest/570 +- URI:http://xest/571 +- URI:http://xest/572 +- URI:http://xest/573 +- URI:http://xest/574 +- URI:http://xest/575 +- URI:http://xest/576 +- URI:http://xest/577 +- URI:http://xest/578 +- URI:http://xest/579 +- URI:http://xest/580 +- URI:http://xest/581 +- URI:http://xest/582 +- URI:http://xest/583 +- URI:http://xest/584 +- URI:http://xest/585 +- URI:http://xest/586 +- URI:http://xest/587 +- URI:http://xest/588 +- URI:http://xest/589 +- URI:http://xest/590 +- URI:http://xest/591 +- URI:http://xest/592 +- URI:http://xest/593 +- URI:http://xest/594 +- URI:http://xest/595 +- URI:http://xest/596 +- URI:http://xest/597 +- URI:http://xest/598 +- URI:http://xest/599 +- URI:http://xest/600 +- URI:http://xest/601 +- URI:http://xest/602 +- URI:http://xest/603 +- URI:http://xest/604 +- URI:http://xest/605 +- URI:http://xest/606 +- URI:http://xest/607 +- URI:http://xest/608 +- URI:http://xest/609 +- URI:http://xest/610 +- URI:http://xest/611 +- URI:http://xest/612 +- URI:http://xest/613 +- URI:http://xest/614 +- URI:http://xest/615 +- URI:http://xest/616 +- URI:http://xest/617 +- URI:http://xest/618 +- URI:http://xest/619 +- URI:http://xest/620 +- URI:http://xest/621 +- URI:http://xest/622 +- URI:http://xest/623 +- URI:http://xest/624 +- URI:http://xest/625 +- URI:http://xest/626 +- URI:http://xest/627 +- URI:http://xest/628 +- URI:http://xest/629 +- URI:http://xest/630 +- URI:http://xest/631 +- URI:http://xest/632 +- URI:http://xest/633 +- URI:http://xest/634 +- URI:http://xest/635 +- URI:http://xest/636 +- URI:http://xest/637 +- URI:http://xest/638 +- URI:http://xest/639 +- URI:http://xest/640 +- URI:http://xest/641 +- URI:http://xest/642 +- URI:http://xest/643 +- URI:http://xest/644 +- URI:http://xest/645 +- URI:http://xest/646 +- URI:http://xest/647 +- URI:http://xest/648 +- URI:http://xest/649 +- URI:http://xest/650 +- URI:http://xest/651 +- URI:http://xest/652 +- URI:http://xest/653 +- URI:http://xest/654 +- URI:http://xest/655 +- URI:http://xest/656 +- URI:http://xest/657 +- URI:http://xest/658 +- URI:http://xest/659 +- URI:http://xest/660 +- URI:http://xest/661 +- URI:http://xest/662 +- URI:http://xest/663 +- URI:http://xest/664 +- URI:http://xest/665 +- URI:http://xest/666 +- URI:http://xest/667 +- URI:http://xest/668 +- URI:http://xest/669 +- URI:http://xest/670 +- URI:http://xest/671 +- URI:http://xest/672 +- URI:http://xest/673 +- URI:http://xest/674 +- URI:http://xest/675 +- URI:http://xest/676 +- URI:http://xest/677 +- URI:http://xest/678 +- URI:http://xest/679 +- URI:http://xest/680 +- URI:http://xest/681 +- URI:http://xest/682 +- URI:http://xest/683 +- URI:http://xest/684 +- URI:http://xest/685 +- URI:http://xest/686 +- URI:http://xest/687 +- URI:http://xest/688 +- URI:http://xest/689 +- URI:http://xest/690 +- URI:http://xest/691 +- URI:http://xest/692 +- URI:http://xest/693 +- URI:http://xest/694 +- URI:http://xest/695 +- URI:http://xest/696 +- URI:http://xest/697 +- URI:http://xest/698 +- URI:http://xest/699 +- URI:http://xest/700 +- URI:http://xest/701 +- URI:http://xest/702 +- URI:http://xest/703 +- URI:http://xest/704 +- URI:http://xest/705 +- URI:http://xest/706 +- URI:http://xest/707 +- URI:http://xest/708 +- URI:http://xest/709 +- URI:http://xest/710 +- URI:http://xest/711 +- URI:http://xest/712 +- URI:http://xest/713 +- URI:http://xest/714 +- URI:http://xest/715 +- URI:http://xest/716 +- URI:http://xest/717 +- URI:http://xest/718 +- URI:http://xest/719 +- URI:http://xest/720 +- URI:http://xest/721 +- URI:http://xest/722 +- URI:http://xest/723 +- URI:http://xest/724 +- URI:http://xest/725 +- URI:http://xest/726 +- URI:http://xest/727 +- URI:http://xest/728 +- URI:http://xest/729 +- URI:http://xest/730 +- URI:http://xest/731 +- URI:http://xest/732 +- URI:http://xest/733 +- URI:http://xest/734 +- URI:http://xest/735 +- URI:http://xest/736 +- URI:http://xest/737 +- URI:http://xest/738 +- URI:http://xest/739 +- URI:http://xest/740 +- URI:http://xest/741 +- URI:http://xest/742 +- URI:http://xest/743 +- URI:http://xest/744 +- URI:http://xest/745 +- URI:http://xest/746 +- URI:http://xest/747 +- URI:http://xest/748 +- URI:http://xest/749 +- URI:http://xest/750 +- URI:http://xest/751 +- URI:http://xest/752 +- URI:http://xest/753 +- URI:http://xest/754 +- URI:http://xest/755 +- URI:http://xest/756 +- URI:http://xest/757 +- URI:http://xest/758 +- URI:http://xest/759 +- URI:http://xest/760 +- URI:http://xest/761 +- URI:http://xest/762 +- URI:http://xest/763 +- URI:http://xest/764 +- URI:http://xest/765 +- URI:http://xest/766 +- URI:http://xest/767 +- URI:http://xest/768 +- URI:http://xest/769 +- URI:http://xest/770 +- URI:http://xest/771 +- URI:http://xest/772 +- URI:http://xest/773 +- URI:http://xest/774 +- URI:http://xest/775 +- URI:http://xest/776 +- URI:http://xest/777 +- URI:http://xest/778 +- URI:http://xest/779 +- URI:http://xest/780 +- URI:http://xest/781 +- URI:http://xest/782 +- URI:http://xest/783 +- URI:http://xest/784 +- URI:http://xest/785 +- URI:http://xest/786 +- URI:http://xest/787 +- URI:http://xest/788 +- URI:http://xest/789 +- URI:http://xest/790 +- URI:http://xest/791 +- URI:http://xest/792 +- URI:http://xest/793 +- URI:http://xest/794 +- URI:http://xest/795 +- URI:http://xest/796 +- URI:http://xest/797 +- URI:http://xest/798 +- URI:http://xest/799 +- URI:http://xest/800 +- URI:http://xest/801 +- URI:http://xest/802 +- URI:http://xest/803 +- URI:http://xest/804 +- URI:http://xest/805 +- URI:http://xest/806 +- URI:http://xest/807 +- URI:http://xest/808 +- URI:http://xest/809 +- URI:http://xest/810 +- URI:http://xest/811 +- URI:http://xest/812 +- URI:http://xest/813 +- URI:http://xest/814 +- URI:http://xest/815 +- URI:http://xest/816 +- URI:http://xest/817 +- URI:http://xest/818 +- URI:http://xest/819 +- URI:http://xest/820 +- URI:http://xest/821 +- URI:http://xest/822 +- URI:http://xest/823 +- URI:http://xest/824 +- URI:http://xest/825 +- URI:http://xest/826 +- URI:http://xest/827 +- URI:http://xest/828 +- URI:http://xest/829 +- URI:http://xest/830 +- URI:http://xest/831 +- URI:http://xest/832 +- URI:http://xest/833 +- URI:http://xest/834 +- URI:http://xest/835 +- URI:http://xest/836 +- URI:http://xest/837 +- URI:http://xest/838 +- URI:http://xest/839 +- URI:http://xest/840 +- URI:http://xest/841 +- URI:http://xest/842 +- URI:http://xest/843 +- URI:http://xest/844 +- URI:http://xest/845 +- URI:http://xest/846 +- URI:http://xest/847 +- URI:http://xest/848 +- URI:http://xest/849 +- URI:http://xest/850 +- URI:http://xest/851 +- URI:http://xest/852 +- URI:http://xest/853 +- URI:http://xest/854 +- URI:http://xest/855 +- URI:http://xest/856 +- URI:http://xest/857 +- URI:http://xest/858 +- URI:http://xest/859 +- URI:http://xest/860 +- URI:http://xest/861 +- URI:http://xest/862 +- URI:http://xest/863 +- URI:http://xest/864 +- URI:http://xest/865 +- URI:http://xest/866 +- URI:http://xest/867 +- URI:http://xest/868 +- URI:http://xest/869 +- URI:http://xest/870 +- URI:http://xest/871 +- URI:http://xest/872 +- URI:http://xest/873 +- URI:http://xest/874 +- URI:http://xest/875 +- URI:http://xest/876 +- URI:http://xest/877 +- URI:http://xest/878 +- URI:http://xest/879 +- URI:http://xest/880 +- URI:http://xest/881 +- URI:http://xest/882 +- URI:http://xest/883 +- URI:http://xest/884 +- URI:http://xest/885 +- URI:http://xest/886 +- URI:http://xest/887 +- URI:http://xest/888 +- URI:http://xest/889 +- URI:http://xest/890 +- URI:http://xest/891 +- URI:http://xest/892 +- URI:http://xest/893 +- URI:http://xest/894 +- URI:http://xest/895 +- URI:http://xest/896 +- URI:http://xest/897 +- URI:http://xest/898 +- URI:http://xest/899 +- URI:http://xest/900 +- URI:http://xest/901 +- URI:http://xest/902 +- URI:http://xest/903 +- URI:http://xest/904 +- URI:http://xest/905 +- URI:http://xest/906 +- URI:http://xest/907 +- URI:http://xest/908 +- URI:http://xest/909 +- URI:http://xest/910 +- URI:http://xest/911 +- URI:http://xest/912 +- URI:http://xest/913 +- URI:http://xest/914 +- URI:http://xest/915 +- URI:http://xest/916 +- URI:http://xest/917 +- URI:http://xest/918 +- URI:http://xest/919 +- URI:http://xest/920 +- URI:http://xest/921 +- URI:http://xest/922 +- URI:http://xest/923 +- URI:http://xest/924 +- URI:http://xest/925 +- URI:http://xest/926 +- URI:http://xest/927 +- URI:http://xest/928 +- URI:http://xest/929 +- URI:http://xest/930 +- URI:http://xest/931 +- URI:http://xest/932 +- URI:http://xest/933 +- URI:http://xest/934 +- URI:http://xest/935 +- URI:http://xest/936 +- URI:http://xest/937 +- URI:http://xest/938 +- URI:http://xest/939 +- URI:http://xest/940 +- URI:http://xest/941 +- URI:http://xest/942 +- URI:http://xest/943 +- URI:http://xest/944 +- URI:http://xest/945 +- URI:http://xest/946 +- URI:http://xest/947 +- URI:http://xest/948 +- URI:http://xest/949 +- URI:http://xest/950 +- URI:http://xest/951 +- URI:http://xest/952 +- URI:http://xest/953 +- URI:http://xest/954 +- URI:http://xest/955 +- URI:http://xest/956 +- URI:http://xest/957 +- URI:http://xest/958 +- URI:http://xest/959 +- URI:http://xest/960 +- URI:http://xest/961 +- URI:http://xest/962 +- URI:http://xest/963 +- URI:http://xest/964 +- URI:http://xest/965 +- URI:http://xest/966 +- URI:http://xest/967 +- URI:http://xest/968 +- URI:http://xest/969 +- URI:http://xest/970 +- URI:http://xest/971 +- URI:http://xest/972 +- URI:http://xest/973 +- URI:http://xest/974 +- URI:http://xest/975 +- URI:http://xest/976 +- URI:http://xest/977 +- URI:http://xest/978 +- URI:http://xest/979 +- URI:http://xest/980 +- URI:http://xest/981 +- URI:http://xest/982 +- URI:http://xest/983 +- URI:http://xest/984 +- URI:http://xest/985 +- URI:http://xest/986 +- URI:http://xest/987 +- URI:http://xest/988 +- URI:http://xest/989 +- URI:http://xest/990 +- URI:http://xest/991 +- URI:http://xest/992 +- URI:http://xest/993 +- URI:http://xest/994 +- URI:http://xest/995 +- URI:http://xest/996 +- URI:http://xest/997 +- URI:http://xest/998 +- URI:http://xest/999 +- URI:http://xest/1000 +- URI:http://xest/1001 +- URI:http://xest/1002 +- URI:http://xest/1003 +- URI:http://xest/1004 +- URI:http://xest/1005 +- URI:http://xest/1006 +- URI:http://xest/1007 +- URI:http://xest/1008 +- URI:http://xest/1009 +- URI:http://xest/1010 +- URI:http://xest/1011 +- URI:http://xest/1012 +- URI:http://xest/1013 +- URI:http://xest/1014 +- URI:http://xest/1015 +- URI:http://xest/1016 +- URI:http://xest/1017 +- URI:http://xest/1018 +- URI:http://xest/1019 +- URI:http://xest/1020 +- URI:http://xest/1021 +- URI:http://xest/1022 +- URI:http://xest/1023 +- URI:http://xest/1024 +- +- Signature Algorithm: sha256WithRSAEncryption +- 6b:fb:c9:52:d3:ad:a0:75:e3:07:18:5f:6c:dd:75:b4:3d:a4: +- 40:0f:97:2e:c2:08:3b:d6:c7:c5:d8:7c:d7:18:6e:7b:2b:99: +- 74:7d:d0:b1:fa:53:b1:7d:b8:0e:8f:16:4c:75:d7:78:ff:90: +- c2:14:fa:21:66:a5:27:43:f6:8c:13:77:e2:ba:c5:2f:29:36: +- 56:4a:6e:07:51:e7:9b:cf:78:17:6b:61:ef:87:9f:ba:83:77: +- f0:f3:25:01:1d:0c:d2:4a:65:b1:c0:0e:0e:92:ca:d9:b1:dc: +- 25:24:82:b8:9a:df:8d:92:42:b6:28:8e:5d:aa:f6:ff:62:13: +- bf:8c:3c:c6:3c:88:24:0b:5a:56:2a:da:74:1d:23:b3:e0:05: +- 1a:57:89:6b:b6:30:81:63:20:5a:e4:56:79:7c:5d:cf:9e:27: +- c5:b5:b3:35:f6:0e:6c:71:9c:58:99:40:f9:38:74:df:11:9a: +- a4:09:85:66:58:8e:ab:bf:58:a6:96:fc:e7:38:95:f1:13:42: +- a5:b3:32:53:a9:af:53:85:13:66:92:d3:29:7b:27:fa:9f:3b: +- 1c:cc:d4:11:69:11:6c:fd:77:4d:70:1d:4a:7c:9f:bc:a7:c3: +- 65:52:ce:78:12:0f:4a:6f:47:e7:44:ce:9a:42:7d:93:29:63: +- 1a:49:6a:c2 +------BEGIN CERTIFICATE----- +-MIMBqg0wgwGo9KADAgECAhQ85fyBiFmoUBbBf9flKuWWf8L2/zANBgkqhkiG9w0B +-AQsFADAPMQ0wCwYDVQQDDARSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +-MDAwMFowFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEF +-AAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxLHa4GJxiO +-VbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9WyNroD1co +-d26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luvC6DmdaXS +-4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf00YvmLxRm +-VvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9IbjmK6igvwa7 +-QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABo4MBp1UwgwGnUDAd +-BgNVHQ4EFgQUkhE/rBGWx2Y3z4NaJPA6d68zjX8wHwYDVR0jBBgwFoAUtsLvn9Ep +-yw+JjExS1L1AtxG3cd0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRw +-Oi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDov +-L3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +-BTADAQH/MIMBpoMGA1UdHgSDAaZ5MIMBpnSggtM2MAmCB3QwLnRlc3QwCYIHdDEu +-dGVzdDAJggd0Mi50ZXN0MAmCB3QzLnRlc3QwCYIHdDQudGVzdDAJggd0NS50ZXN0 +-MAmCB3Q2LnRlc3QwCYIHdDcudGVzdDAJggd0OC50ZXN0MAmCB3Q5LnRlc3QwCoII +-dDEwLnRlc3QwCoIIdDExLnRlc3QwCoIIdDEyLnRlc3QwCoIIdDEzLnRlc3QwCoII +-dDE0LnRlc3QwCoIIdDE1LnRlc3QwCoIIdDE2LnRlc3QwCoIIdDE3LnRlc3QwCoII +-dDE4LnRlc3QwCoIIdDE5LnRlc3QwCoIIdDIwLnRlc3QwCoIIdDIxLnRlc3QwCoII +-dDIyLnRlc3QwCoIIdDIzLnRlc3QwCoIIdDI0LnRlc3QwCoIIdDI1LnRlc3QwCoII +-dDI2LnRlc3QwCoIIdDI3LnRlc3QwCoIIdDI4LnRlc3QwCoIIdDI5LnRlc3QwCoII +-dDMwLnRlc3QwCoIIdDMxLnRlc3QwCoIIdDMyLnRlc3QwCoIIdDMzLnRlc3QwCoII +-dDM0LnRlc3QwCoIIdDM1LnRlc3QwCoIIdDM2LnRlc3QwCoIIdDM3LnRlc3QwCoII +-dDM4LnRlc3QwCoIIdDM5LnRlc3QwCoIIdDQwLnRlc3QwCoIIdDQxLnRlc3QwCoII +-dDQyLnRlc3QwCoIIdDQzLnRlc3QwCoIIdDQ0LnRlc3QwCoIIdDQ1LnRlc3QwCoII +-dDQ2LnRlc3QwCoIIdDQ3LnRlc3QwCoIIdDQ4LnRlc3QwCoIIdDQ5LnRlc3QwCoII +-dDUwLnRlc3QwCoIIdDUxLnRlc3QwCoIIdDUyLnRlc3QwCoIIdDUzLnRlc3QwCoII +-dDU0LnRlc3QwCoIIdDU1LnRlc3QwCoIIdDU2LnRlc3QwCoIIdDU3LnRlc3QwCoII +-dDU4LnRlc3QwCoIIdDU5LnRlc3QwCoIIdDYwLnRlc3QwCoIIdDYxLnRlc3QwCoII +-dDYyLnRlc3QwCoIIdDYzLnRlc3QwCoIIdDY0LnRlc3QwCoIIdDY1LnRlc3QwCoII +-dDY2LnRlc3QwCoIIdDY3LnRlc3QwCoIIdDY4LnRlc3QwCoIIdDY5LnRlc3QwCoII +-dDcwLnRlc3QwCoIIdDcxLnRlc3QwCoIIdDcyLnRlc3QwCoIIdDczLnRlc3QwCoII +-dDc0LnRlc3QwCoIIdDc1LnRlc3QwCoIIdDc2LnRlc3QwCoIIdDc3LnRlc3QwCoII +-dDc4LnRlc3QwCoIIdDc5LnRlc3QwCoIIdDgwLnRlc3QwCoIIdDgxLnRlc3QwCoII +-dDgyLnRlc3QwCoIIdDgzLnRlc3QwCoIIdDg0LnRlc3QwCoIIdDg1LnRlc3QwCoII +-dDg2LnRlc3QwCoIIdDg3LnRlc3QwCoIIdDg4LnRlc3QwCoIIdDg5LnRlc3QwCoII +-dDkwLnRlc3QwCoIIdDkxLnRlc3QwCoIIdDkyLnRlc3QwCoIIdDkzLnRlc3QwCoII +-dDk0LnRlc3QwCoIIdDk1LnRlc3QwCoIIdDk2LnRlc3QwCoIIdDk3LnRlc3QwCoII +-dDk4LnRlc3QwCoIIdDk5LnRlc3QwC4IJdDEwMC50ZXN0MAuCCXQxMDEudGVzdDAL +-ggl0MTAyLnRlc3QwC4IJdDEwMy50ZXN0MAuCCXQxMDQudGVzdDALggl0MTA1LnRl +-c3QwC4IJdDEwNi50ZXN0MAuCCXQxMDcudGVzdDALggl0MTA4LnRlc3QwC4IJdDEw +-OS50ZXN0MAuCCXQxMTAudGVzdDALggl0MTExLnRlc3QwC4IJdDExMi50ZXN0MAuC +-CXQxMTMudGVzdDALggl0MTE0LnRlc3QwC4IJdDExNS50ZXN0MAuCCXQxMTYudGVz +-dDALggl0MTE3LnRlc3QwC4IJdDExOC50ZXN0MAuCCXQxMTkudGVzdDALggl0MTIw +-LnRlc3QwC4IJdDEyMS50ZXN0MAuCCXQxMjIudGVzdDALggl0MTIzLnRlc3QwC4IJ +-dDEyNC50ZXN0MAuCCXQxMjUudGVzdDALggl0MTI2LnRlc3QwC4IJdDEyNy50ZXN0 +-MAuCCXQxMjgudGVzdDALggl0MTI5LnRlc3QwC4IJdDEzMC50ZXN0MAuCCXQxMzEu +-dGVzdDALggl0MTMyLnRlc3QwC4IJdDEzMy50ZXN0MAuCCXQxMzQudGVzdDALggl0 +-MTM1LnRlc3QwC4IJdDEzNi50ZXN0MAuCCXQxMzcudGVzdDALggl0MTM4LnRlc3Qw +-C4IJdDEzOS50ZXN0MAuCCXQxNDAudGVzdDALggl0MTQxLnRlc3QwC4IJdDE0Mi50 +-ZXN0MAuCCXQxNDMudGVzdDALggl0MTQ0LnRlc3QwC4IJdDE0NS50ZXN0MAuCCXQx +-NDYudGVzdDALggl0MTQ3LnRlc3QwC4IJdDE0OC50ZXN0MAuCCXQxNDkudGVzdDAL +-ggl0MTUwLnRlc3QwC4IJdDE1MS50ZXN0MAuCCXQxNTIudGVzdDALggl0MTUzLnRl +-c3QwC4IJdDE1NC50ZXN0MAuCCXQxNTUudGVzdDALggl0MTU2LnRlc3QwC4IJdDE1 +-Ny50ZXN0MAuCCXQxNTgudGVzdDALggl0MTU5LnRlc3QwC4IJdDE2MC50ZXN0MAuC +-CXQxNjEudGVzdDALggl0MTYyLnRlc3QwC4IJdDE2My50ZXN0MAuCCXQxNjQudGVz +-dDALggl0MTY1LnRlc3QwC4IJdDE2Ni50ZXN0MAuCCXQxNjcudGVzdDALggl0MTY4 +-LnRlc3QwC4IJdDE2OS50ZXN0MAuCCXQxNzAudGVzdDALggl0MTcxLnRlc3QwC4IJ +-dDE3Mi50ZXN0MAuCCXQxNzMudGVzdDALggl0MTc0LnRlc3QwC4IJdDE3NS50ZXN0 +-MAuCCXQxNzYudGVzdDALggl0MTc3LnRlc3QwC4IJdDE3OC50ZXN0MAuCCXQxNzku +-dGVzdDALggl0MTgwLnRlc3QwC4IJdDE4MS50ZXN0MAuCCXQxODIudGVzdDALggl0 +-MTgzLnRlc3QwC4IJdDE4NC50ZXN0MAuCCXQxODUudGVzdDALggl0MTg2LnRlc3Qw +-C4IJdDE4Ny50ZXN0MAuCCXQxODgudGVzdDALggl0MTg5LnRlc3QwC4IJdDE5MC50 +-ZXN0MAuCCXQxOTEudGVzdDALggl0MTkyLnRlc3QwC4IJdDE5My50ZXN0MAuCCXQx +-OTQudGVzdDALggl0MTk1LnRlc3QwC4IJdDE5Ni50ZXN0MAuCCXQxOTcudGVzdDAL +-ggl0MTk4LnRlc3QwC4IJdDE5OS50ZXN0MAuCCXQyMDAudGVzdDALggl0MjAxLnRl +-c3QwC4IJdDIwMi50ZXN0MAuCCXQyMDMudGVzdDALggl0MjA0LnRlc3QwC4IJdDIw +-NS50ZXN0MAuCCXQyMDYudGVzdDALggl0MjA3LnRlc3QwC4IJdDIwOC50ZXN0MAuC +-CXQyMDkudGVzdDALggl0MjEwLnRlc3QwC4IJdDIxMS50ZXN0MAuCCXQyMTIudGVz +-dDALggl0MjEzLnRlc3QwC4IJdDIxNC50ZXN0MAuCCXQyMTUudGVzdDALggl0MjE2 +-LnRlc3QwC4IJdDIxNy50ZXN0MAuCCXQyMTgudGVzdDALggl0MjE5LnRlc3QwC4IJ +-dDIyMC50ZXN0MAuCCXQyMjEudGVzdDALggl0MjIyLnRlc3QwC4IJdDIyMy50ZXN0 +-MAuCCXQyMjQudGVzdDALggl0MjI1LnRlc3QwC4IJdDIyNi50ZXN0MAuCCXQyMjcu +-dGVzdDALggl0MjI4LnRlc3QwC4IJdDIyOS50ZXN0MAuCCXQyMzAudGVzdDALggl0 +-MjMxLnRlc3QwC4IJdDIzMi50ZXN0MAuCCXQyMzMudGVzdDALggl0MjM0LnRlc3Qw +-C4IJdDIzNS50ZXN0MAuCCXQyMzYudGVzdDALggl0MjM3LnRlc3QwC4IJdDIzOC50 +-ZXN0MAuCCXQyMzkudGVzdDALggl0MjQwLnRlc3QwC4IJdDI0MS50ZXN0MAuCCXQy +-NDIudGVzdDALggl0MjQzLnRlc3QwC4IJdDI0NC50ZXN0MAuCCXQyNDUudGVzdDAL +-ggl0MjQ2LnRlc3QwC4IJdDI0Ny50ZXN0MAuCCXQyNDgudGVzdDALggl0MjQ5LnRl +-c3QwC4IJdDI1MC50ZXN0MAuCCXQyNTEudGVzdDALggl0MjUyLnRlc3QwC4IJdDI1 +-My50ZXN0MAuCCXQyNTQudGVzdDALggl0MjU1LnRlc3QwC4IJdDI1Ni50ZXN0MAuC +-CXQyNTcudGVzdDALggl0MjU4LnRlc3QwC4IJdDI1OS50ZXN0MAuCCXQyNjAudGVz +-dDALggl0MjYxLnRlc3QwC4IJdDI2Mi50ZXN0MAuCCXQyNjMudGVzdDALggl0MjY0 +-LnRlc3QwC4IJdDI2NS50ZXN0MAuCCXQyNjYudGVzdDALggl0MjY3LnRlc3QwC4IJ +-dDI2OC50ZXN0MAuCCXQyNjkudGVzdDALggl0MjcwLnRlc3QwC4IJdDI3MS50ZXN0 +-MAuCCXQyNzIudGVzdDALggl0MjczLnRlc3QwC4IJdDI3NC50ZXN0MAuCCXQyNzUu +-dGVzdDALggl0Mjc2LnRlc3QwC4IJdDI3Ny50ZXN0MAuCCXQyNzgudGVzdDALggl0 +-Mjc5LnRlc3QwC4IJdDI4MC50ZXN0MAuCCXQyODEudGVzdDALggl0MjgyLnRlc3Qw +-C4IJdDI4My50ZXN0MAuCCXQyODQudGVzdDALggl0Mjg1LnRlc3QwC4IJdDI4Ni50 +-ZXN0MAuCCXQyODcudGVzdDALggl0Mjg4LnRlc3QwC4IJdDI4OS50ZXN0MAuCCXQy +-OTAudGVzdDALggl0MjkxLnRlc3QwC4IJdDI5Mi50ZXN0MAuCCXQyOTMudGVzdDAL +-ggl0Mjk0LnRlc3QwC4IJdDI5NS50ZXN0MAuCCXQyOTYudGVzdDALggl0Mjk3LnRl +-c3QwC4IJdDI5OC50ZXN0MAuCCXQyOTkudGVzdDALggl0MzAwLnRlc3QwC4IJdDMw +-MS50ZXN0MAuCCXQzMDIudGVzdDALggl0MzAzLnRlc3QwC4IJdDMwNC50ZXN0MAuC +-CXQzMDUudGVzdDALggl0MzA2LnRlc3QwC4IJdDMwNy50ZXN0MAuCCXQzMDgudGVz +-dDALggl0MzA5LnRlc3QwC4IJdDMxMC50ZXN0MAuCCXQzMTEudGVzdDALggl0MzEy +-LnRlc3QwC4IJdDMxMy50ZXN0MAuCCXQzMTQudGVzdDALggl0MzE1LnRlc3QwC4IJ +-dDMxNi50ZXN0MAuCCXQzMTcudGVzdDALggl0MzE4LnRlc3QwC4IJdDMxOS50ZXN0 +-MAuCCXQzMjAudGVzdDALggl0MzIxLnRlc3QwC4IJdDMyMi50ZXN0MAuCCXQzMjMu +-dGVzdDALggl0MzI0LnRlc3QwC4IJdDMyNS50ZXN0MAuCCXQzMjYudGVzdDALggl0 +-MzI3LnRlc3QwC4IJdDMyOC50ZXN0MAuCCXQzMjkudGVzdDALggl0MzMwLnRlc3Qw +-C4IJdDMzMS50ZXN0MAuCCXQzMzIudGVzdDALggl0MzMzLnRlc3QwC4IJdDMzNC50 +-ZXN0MAuCCXQzMzUudGVzdDALggl0MzM2LnRlc3QwC4IJdDMzNy50ZXN0MAuCCXQz +-MzgudGVzdDALggl0MzM5LnRlc3QwC4IJdDM0MC50ZXN0MAuCCXQzNDEudGVzdDAL +-ggl0MzQyLnRlc3QwC4IJdDM0My50ZXN0MAuCCXQzNDQudGVzdDALggl0MzQ1LnRl +-c3QwC4IJdDM0Ni50ZXN0MAuCCXQzNDcudGVzdDALggl0MzQ4LnRlc3QwC4IJdDM0 +-OS50ZXN0MAuCCXQzNTAudGVzdDALggl0MzUxLnRlc3QwC4IJdDM1Mi50ZXN0MAuC +-CXQzNTMudGVzdDALggl0MzU0LnRlc3QwC4IJdDM1NS50ZXN0MAuCCXQzNTYudGVz +-dDALggl0MzU3LnRlc3QwC4IJdDM1OC50ZXN0MAuCCXQzNTkudGVzdDALggl0MzYw +-LnRlc3QwC4IJdDM2MS50ZXN0MAuCCXQzNjIudGVzdDALggl0MzYzLnRlc3QwC4IJ +-dDM2NC50ZXN0MAuCCXQzNjUudGVzdDALggl0MzY2LnRlc3QwC4IJdDM2Ny50ZXN0 +-MAuCCXQzNjgudGVzdDALggl0MzY5LnRlc3QwC4IJdDM3MC50ZXN0MAuCCXQzNzEu +-dGVzdDALggl0MzcyLnRlc3QwC4IJdDM3My50ZXN0MAuCCXQzNzQudGVzdDALggl0 +-Mzc1LnRlc3QwC4IJdDM3Ni50ZXN0MAuCCXQzNzcudGVzdDALggl0Mzc4LnRlc3Qw +-C4IJdDM3OS50ZXN0MAuCCXQzODAudGVzdDALggl0MzgxLnRlc3QwC4IJdDM4Mi50 +-ZXN0MAuCCXQzODMudGVzdDALggl0Mzg0LnRlc3QwC4IJdDM4NS50ZXN0MAuCCXQz +-ODYudGVzdDALggl0Mzg3LnRlc3QwC4IJdDM4OC50ZXN0MAuCCXQzODkudGVzdDAL +-ggl0MzkwLnRlc3QwC4IJdDM5MS50ZXN0MAuCCXQzOTIudGVzdDALggl0MzkzLnRl +-c3QwC4IJdDM5NC50ZXN0MAuCCXQzOTUudGVzdDALggl0Mzk2LnRlc3QwC4IJdDM5 +-Ny50ZXN0MAuCCXQzOTgudGVzdDALggl0Mzk5LnRlc3QwC4IJdDQwMC50ZXN0MAuC +-CXQ0MDEudGVzdDALggl0NDAyLnRlc3QwC4IJdDQwMy50ZXN0MAuCCXQ0MDQudGVz +-dDALggl0NDA1LnRlc3QwC4IJdDQwNi50ZXN0MAuCCXQ0MDcudGVzdDALggl0NDA4 +-LnRlc3QwC4IJdDQwOS50ZXN0MAuCCXQ0MTAudGVzdDALggl0NDExLnRlc3QwC4IJ +-dDQxMi50ZXN0MAuCCXQ0MTMudGVzdDALggl0NDE0LnRlc3QwC4IJdDQxNS50ZXN0 +-MAuCCXQ0MTYudGVzdDALggl0NDE3LnRlc3QwC4IJdDQxOC50ZXN0MAuCCXQ0MTku +-dGVzdDALggl0NDIwLnRlc3QwC4IJdDQyMS50ZXN0MAuCCXQ0MjIudGVzdDALggl0 +-NDIzLnRlc3QwC4IJdDQyNC50ZXN0MAuCCXQ0MjUudGVzdDALggl0NDI2LnRlc3Qw +-C4IJdDQyNy50ZXN0MAuCCXQ0MjgudGVzdDALggl0NDI5LnRlc3QwC4IJdDQzMC50 +-ZXN0MAuCCXQ0MzEudGVzdDALggl0NDMyLnRlc3QwC4IJdDQzMy50ZXN0MAuCCXQ0 +-MzQudGVzdDALggl0NDM1LnRlc3QwC4IJdDQzNi50ZXN0MAuCCXQ0MzcudGVzdDAL +-ggl0NDM4LnRlc3QwC4IJdDQzOS50ZXN0MAuCCXQ0NDAudGVzdDALggl0NDQxLnRl +-c3QwC4IJdDQ0Mi50ZXN0MAuCCXQ0NDMudGVzdDALggl0NDQ0LnRlc3QwC4IJdDQ0 +-NS50ZXN0MAuCCXQ0NDYudGVzdDALggl0NDQ3LnRlc3QwC4IJdDQ0OC50ZXN0MAuC +-CXQ0NDkudGVzdDALggl0NDUwLnRlc3QwC4IJdDQ1MS50ZXN0MAuCCXQ0NTIudGVz +-dDALggl0NDUzLnRlc3QwC4IJdDQ1NC50ZXN0MAuCCXQ0NTUudGVzdDALggl0NDU2 +-LnRlc3QwC4IJdDQ1Ny50ZXN0MAuCCXQ0NTgudGVzdDALggl0NDU5LnRlc3QwC4IJ +-dDQ2MC50ZXN0MAuCCXQ0NjEudGVzdDALggl0NDYyLnRlc3QwC4IJdDQ2My50ZXN0 +-MAuCCXQ0NjQudGVzdDALggl0NDY1LnRlc3QwC4IJdDQ2Ni50ZXN0MAuCCXQ0Njcu +-dGVzdDALggl0NDY4LnRlc3QwC4IJdDQ2OS50ZXN0MAuCCXQ0NzAudGVzdDALggl0 +-NDcxLnRlc3QwC4IJdDQ3Mi50ZXN0MAuCCXQ0NzMudGVzdDALggl0NDc0LnRlc3Qw +-C4IJdDQ3NS50ZXN0MAuCCXQ0NzYudGVzdDALggl0NDc3LnRlc3QwC4IJdDQ3OC50 +-ZXN0MAuCCXQ0NzkudGVzdDALggl0NDgwLnRlc3QwC4IJdDQ4MS50ZXN0MAuCCXQ0 +-ODIudGVzdDALggl0NDgzLnRlc3QwC4IJdDQ4NC50ZXN0MAuCCXQ0ODUudGVzdDAL +-ggl0NDg2LnRlc3QwC4IJdDQ4Ny50ZXN0MAuCCXQ0ODgudGVzdDALggl0NDg5LnRl +-c3QwC4IJdDQ5MC50ZXN0MAuCCXQ0OTEudGVzdDALggl0NDkyLnRlc3QwC4IJdDQ5 +-My50ZXN0MAuCCXQ0OTQudGVzdDALggl0NDk1LnRlc3QwC4IJdDQ5Ni50ZXN0MAuC +-CXQ0OTcudGVzdDALggl0NDk4LnRlc3QwC4IJdDQ5OS50ZXN0MAuCCXQ1MDAudGVz +-dDALggl0NTAxLnRlc3QwC4IJdDUwMi50ZXN0MAuCCXQ1MDMudGVzdDALggl0NTA0 +-LnRlc3QwC4IJdDUwNS50ZXN0MAuCCXQ1MDYudGVzdDALggl0NTA3LnRlc3QwC4IJ +-dDUwOC50ZXN0MAuCCXQ1MDkudGVzdDALggl0NTEwLnRlc3QwC4IJdDUxMS50ZXN0 +-MAuCCXQ1MTIudGVzdDALggl0NTEzLnRlc3QwC4IJdDUxNC50ZXN0MAuCCXQ1MTUu +-dGVzdDALggl0NTE2LnRlc3QwC4IJdDUxNy50ZXN0MAuCCXQ1MTgudGVzdDALggl0 +-NTE5LnRlc3QwC4IJdDUyMC50ZXN0MAuCCXQ1MjEudGVzdDALggl0NTIyLnRlc3Qw +-C4IJdDUyMy50ZXN0MAuCCXQ1MjQudGVzdDALggl0NTI1LnRlc3QwC4IJdDUyNi50 +-ZXN0MAuCCXQ1MjcudGVzdDALggl0NTI4LnRlc3QwC4IJdDUyOS50ZXN0MAuCCXQ1 +-MzAudGVzdDALggl0NTMxLnRlc3QwC4IJdDUzMi50ZXN0MAuCCXQ1MzMudGVzdDAL +-ggl0NTM0LnRlc3QwC4IJdDUzNS50ZXN0MAuCCXQ1MzYudGVzdDALggl0NTM3LnRl +-c3QwC4IJdDUzOC50ZXN0MAuCCXQ1MzkudGVzdDALggl0NTQwLnRlc3QwC4IJdDU0 +-MS50ZXN0MAuCCXQ1NDIudGVzdDALggl0NTQzLnRlc3QwC4IJdDU0NC50ZXN0MAuC +-CXQ1NDUudGVzdDALggl0NTQ2LnRlc3QwC4IJdDU0Ny50ZXN0MAuCCXQ1NDgudGVz +-dDALggl0NTQ5LnRlc3QwC4IJdDU1MC50ZXN0MAuCCXQ1NTEudGVzdDALggl0NTUy +-LnRlc3QwC4IJdDU1My50ZXN0MAuCCXQ1NTQudGVzdDALggl0NTU1LnRlc3QwC4IJ +-dDU1Ni50ZXN0MAuCCXQ1NTcudGVzdDALggl0NTU4LnRlc3QwC4IJdDU1OS50ZXN0 +-MAuCCXQ1NjAudGVzdDALggl0NTYxLnRlc3QwC4IJdDU2Mi50ZXN0MAuCCXQ1NjMu +-dGVzdDALggl0NTY0LnRlc3QwC4IJdDU2NS50ZXN0MAuCCXQ1NjYudGVzdDALggl0 +-NTY3LnRlc3QwC4IJdDU2OC50ZXN0MAuCCXQ1NjkudGVzdDALggl0NTcwLnRlc3Qw +-C4IJdDU3MS50ZXN0MAuCCXQ1NzIudGVzdDALggl0NTczLnRlc3QwC4IJdDU3NC50 +-ZXN0MAuCCXQ1NzUudGVzdDALggl0NTc2LnRlc3QwC4IJdDU3Ny50ZXN0MAuCCXQ1 +-NzgudGVzdDALggl0NTc5LnRlc3QwC4IJdDU4MC50ZXN0MAuCCXQ1ODEudGVzdDAL +-ggl0NTgyLnRlc3QwC4IJdDU4My50ZXN0MAuCCXQ1ODQudGVzdDALggl0NTg1LnRl +-c3QwC4IJdDU4Ni50ZXN0MAuCCXQ1ODcudGVzdDALggl0NTg4LnRlc3QwC4IJdDU4 +-OS50ZXN0MAuCCXQ1OTAudGVzdDALggl0NTkxLnRlc3QwC4IJdDU5Mi50ZXN0MAuC +-CXQ1OTMudGVzdDALggl0NTk0LnRlc3QwC4IJdDU5NS50ZXN0MAuCCXQ1OTYudGVz +-dDALggl0NTk3LnRlc3QwC4IJdDU5OC50ZXN0MAuCCXQ1OTkudGVzdDALggl0NjAw +-LnRlc3QwC4IJdDYwMS50ZXN0MAuCCXQ2MDIudGVzdDALggl0NjAzLnRlc3QwC4IJ +-dDYwNC50ZXN0MAuCCXQ2MDUudGVzdDALggl0NjA2LnRlc3QwC4IJdDYwNy50ZXN0 +-MAuCCXQ2MDgudGVzdDALggl0NjA5LnRlc3QwC4IJdDYxMC50ZXN0MAuCCXQ2MTEu +-dGVzdDALggl0NjEyLnRlc3QwC4IJdDYxMy50ZXN0MAuCCXQ2MTQudGVzdDALggl0 +-NjE1LnRlc3QwC4IJdDYxNi50ZXN0MAuCCXQ2MTcudGVzdDALggl0NjE4LnRlc3Qw +-C4IJdDYxOS50ZXN0MAuCCXQ2MjAudGVzdDALggl0NjIxLnRlc3QwC4IJdDYyMi50 +-ZXN0MAuCCXQ2MjMudGVzdDALggl0NjI0LnRlc3QwC4IJdDYyNS50ZXN0MAuCCXQ2 +-MjYudGVzdDALggl0NjI3LnRlc3QwC4IJdDYyOC50ZXN0MAuCCXQ2MjkudGVzdDAL +-ggl0NjMwLnRlc3QwC4IJdDYzMS50ZXN0MAuCCXQ2MzIudGVzdDALggl0NjMzLnRl +-c3QwC4IJdDYzNC50ZXN0MAuCCXQ2MzUudGVzdDALggl0NjM2LnRlc3QwC4IJdDYz +-Ny50ZXN0MAuCCXQ2MzgudGVzdDALggl0NjM5LnRlc3QwC4IJdDY0MC50ZXN0MAuC +-CXQ2NDEudGVzdDALggl0NjQyLnRlc3QwC4IJdDY0My50ZXN0MAuCCXQ2NDQudGVz +-dDALggl0NjQ1LnRlc3QwC4IJdDY0Ni50ZXN0MAuCCXQ2NDcudGVzdDALggl0NjQ4 +-LnRlc3QwC4IJdDY0OS50ZXN0MAuCCXQ2NTAudGVzdDALggl0NjUxLnRlc3QwC4IJ +-dDY1Mi50ZXN0MAuCCXQ2NTMudGVzdDALggl0NjU0LnRlc3QwC4IJdDY1NS50ZXN0 +-MAuCCXQ2NTYudGVzdDALggl0NjU3LnRlc3QwC4IJdDY1OC50ZXN0MAuCCXQ2NTku +-dGVzdDALggl0NjYwLnRlc3QwC4IJdDY2MS50ZXN0MAuCCXQ2NjIudGVzdDALggl0 +-NjYzLnRlc3QwC4IJdDY2NC50ZXN0MAuCCXQ2NjUudGVzdDALggl0NjY2LnRlc3Qw +-C4IJdDY2Ny50ZXN0MAuCCXQ2NjgudGVzdDALggl0NjY5LnRlc3QwC4IJdDY3MC50 +-ZXN0MAuCCXQ2NzEudGVzdDALggl0NjcyLnRlc3QwC4IJdDY3My50ZXN0MAuCCXQ2 +-NzQudGVzdDALggl0Njc1LnRlc3QwC4IJdDY3Ni50ZXN0MAuCCXQ2NzcudGVzdDAL +-ggl0Njc4LnRlc3QwC4IJdDY3OS50ZXN0MAuCCXQ2ODAudGVzdDALggl0NjgxLnRl +-c3QwC4IJdDY4Mi50ZXN0MAuCCXQ2ODMudGVzdDALggl0Njg0LnRlc3QwC4IJdDY4 +-NS50ZXN0MAuCCXQ2ODYudGVzdDALggl0Njg3LnRlc3QwC4IJdDY4OC50ZXN0MAuC +-CXQ2ODkudGVzdDALggl0NjkwLnRlc3QwC4IJdDY5MS50ZXN0MAuCCXQ2OTIudGVz +-dDALggl0NjkzLnRlc3QwC4IJdDY5NC50ZXN0MAuCCXQ2OTUudGVzdDALggl0Njk2 +-LnRlc3QwC4IJdDY5Ny50ZXN0MAuCCXQ2OTgudGVzdDALggl0Njk5LnRlc3QwC4IJ +-dDcwMC50ZXN0MAuCCXQ3MDEudGVzdDALggl0NzAyLnRlc3QwC4IJdDcwMy50ZXN0 +-MAuCCXQ3MDQudGVzdDALggl0NzA1LnRlc3QwC4IJdDcwNi50ZXN0MAuCCXQ3MDcu +-dGVzdDALggl0NzA4LnRlc3QwC4IJdDcwOS50ZXN0MAuCCXQ3MTAudGVzdDALggl0 +-NzExLnRlc3QwC4IJdDcxMi50ZXN0MAuCCXQ3MTMudGVzdDALggl0NzE0LnRlc3Qw +-C4IJdDcxNS50ZXN0MAuCCXQ3MTYudGVzdDALggl0NzE3LnRlc3QwC4IJdDcxOC50 +-ZXN0MAuCCXQ3MTkudGVzdDALggl0NzIwLnRlc3QwC4IJdDcyMS50ZXN0MAuCCXQ3 +-MjIudGVzdDALggl0NzIzLnRlc3QwC4IJdDcyNC50ZXN0MAuCCXQ3MjUudGVzdDAL +-ggl0NzI2LnRlc3QwC4IJdDcyNy50ZXN0MAuCCXQ3MjgudGVzdDALggl0NzI5LnRl +-c3QwC4IJdDczMC50ZXN0MAuCCXQ3MzEudGVzdDALggl0NzMyLnRlc3QwC4IJdDcz +-My50ZXN0MAuCCXQ3MzQudGVzdDALggl0NzM1LnRlc3QwC4IJdDczNi50ZXN0MAuC +-CXQ3MzcudGVzdDALggl0NzM4LnRlc3QwC4IJdDczOS50ZXN0MAuCCXQ3NDAudGVz +-dDALggl0NzQxLnRlc3QwC4IJdDc0Mi50ZXN0MAuCCXQ3NDMudGVzdDALggl0NzQ0 +-LnRlc3QwC4IJdDc0NS50ZXN0MAuCCXQ3NDYudGVzdDALggl0NzQ3LnRlc3QwC4IJ +-dDc0OC50ZXN0MAuCCXQ3NDkudGVzdDALggl0NzUwLnRlc3QwC4IJdDc1MS50ZXN0 +-MAuCCXQ3NTIudGVzdDALggl0NzUzLnRlc3QwC4IJdDc1NC50ZXN0MAuCCXQ3NTUu +-dGVzdDALggl0NzU2LnRlc3QwC4IJdDc1Ny50ZXN0MAuCCXQ3NTgudGVzdDALggl0 +-NzU5LnRlc3QwC4IJdDc2MC50ZXN0MAuCCXQ3NjEudGVzdDALggl0NzYyLnRlc3Qw +-C4IJdDc2My50ZXN0MAuCCXQ3NjQudGVzdDALggl0NzY1LnRlc3QwC4IJdDc2Ni50 +-ZXN0MAuCCXQ3NjcudGVzdDALggl0NzY4LnRlc3QwC4IJdDc2OS50ZXN0MAuCCXQ3 +-NzAudGVzdDALggl0NzcxLnRlc3QwC4IJdDc3Mi50ZXN0MAuCCXQ3NzMudGVzdDAL +-ggl0Nzc0LnRlc3QwC4IJdDc3NS50ZXN0MAuCCXQ3NzYudGVzdDALggl0Nzc3LnRl +-c3QwC4IJdDc3OC50ZXN0MAuCCXQ3NzkudGVzdDALggl0NzgwLnRlc3QwC4IJdDc4 +-MS50ZXN0MAuCCXQ3ODIudGVzdDALggl0NzgzLnRlc3QwC4IJdDc4NC50ZXN0MAuC +-CXQ3ODUudGVzdDALggl0Nzg2LnRlc3QwC4IJdDc4Ny50ZXN0MAuCCXQ3ODgudGVz +-dDALggl0Nzg5LnRlc3QwC4IJdDc5MC50ZXN0MAuCCXQ3OTEudGVzdDALggl0Nzky +-LnRlc3QwC4IJdDc5My50ZXN0MAuCCXQ3OTQudGVzdDALggl0Nzk1LnRlc3QwC4IJ +-dDc5Ni50ZXN0MAuCCXQ3OTcudGVzdDALggl0Nzk4LnRlc3QwC4IJdDc5OS50ZXN0 +-MAuCCXQ4MDAudGVzdDALggl0ODAxLnRlc3QwC4IJdDgwMi50ZXN0MAuCCXQ4MDMu +-dGVzdDALggl0ODA0LnRlc3QwC4IJdDgwNS50ZXN0MAuCCXQ4MDYudGVzdDALggl0 +-ODA3LnRlc3QwC4IJdDgwOC50ZXN0MAuCCXQ4MDkudGVzdDALggl0ODEwLnRlc3Qw +-C4IJdDgxMS50ZXN0MAuCCXQ4MTIudGVzdDALggl0ODEzLnRlc3QwC4IJdDgxNC50 +-ZXN0MAuCCXQ4MTUudGVzdDALggl0ODE2LnRlc3QwC4IJdDgxNy50ZXN0MAuCCXQ4 +-MTgudGVzdDALggl0ODE5LnRlc3QwC4IJdDgyMC50ZXN0MAuCCXQ4MjEudGVzdDAL +-ggl0ODIyLnRlc3QwC4IJdDgyMy50ZXN0MAuCCXQ4MjQudGVzdDALggl0ODI1LnRl +-c3QwC4IJdDgyNi50ZXN0MAuCCXQ4MjcudGVzdDALggl0ODI4LnRlc3QwC4IJdDgy +-OS50ZXN0MAuCCXQ4MzAudGVzdDALggl0ODMxLnRlc3QwC4IJdDgzMi50ZXN0MAuC +-CXQ4MzMudGVzdDALggl0ODM0LnRlc3QwC4IJdDgzNS50ZXN0MAuCCXQ4MzYudGVz +-dDALggl0ODM3LnRlc3QwC4IJdDgzOC50ZXN0MAuCCXQ4MzkudGVzdDALggl0ODQw +-LnRlc3QwC4IJdDg0MS50ZXN0MAuCCXQ4NDIudGVzdDALggl0ODQzLnRlc3QwC4IJ +-dDg0NC50ZXN0MAuCCXQ4NDUudGVzdDALggl0ODQ2LnRlc3QwC4IJdDg0Ny50ZXN0 +-MAuCCXQ4NDgudGVzdDALggl0ODQ5LnRlc3QwC4IJdDg1MC50ZXN0MAuCCXQ4NTEu +-dGVzdDALggl0ODUyLnRlc3QwC4IJdDg1My50ZXN0MAuCCXQ4NTQudGVzdDALggl0 +-ODU1LnRlc3QwC4IJdDg1Ni50ZXN0MAuCCXQ4NTcudGVzdDALggl0ODU4LnRlc3Qw +-C4IJdDg1OS50ZXN0MAuCCXQ4NjAudGVzdDALggl0ODYxLnRlc3QwC4IJdDg2Mi50 +-ZXN0MAuCCXQ4NjMudGVzdDALggl0ODY0LnRlc3QwC4IJdDg2NS50ZXN0MAuCCXQ4 +-NjYudGVzdDALggl0ODY3LnRlc3QwC4IJdDg2OC50ZXN0MAuCCXQ4NjkudGVzdDAL +-ggl0ODcwLnRlc3QwC4IJdDg3MS50ZXN0MAuCCXQ4NzIudGVzdDALggl0ODczLnRl +-c3QwC4IJdDg3NC50ZXN0MAuCCXQ4NzUudGVzdDALggl0ODc2LnRlc3QwC4IJdDg3 +-Ny50ZXN0MAuCCXQ4NzgudGVzdDALggl0ODc5LnRlc3QwC4IJdDg4MC50ZXN0MAuC +-CXQ4ODEudGVzdDALggl0ODgyLnRlc3QwC4IJdDg4My50ZXN0MAuCCXQ4ODQudGVz +-dDALggl0ODg1LnRlc3QwC4IJdDg4Ni50ZXN0MAuCCXQ4ODcudGVzdDALggl0ODg4 +-LnRlc3QwC4IJdDg4OS50ZXN0MAuCCXQ4OTAudGVzdDALggl0ODkxLnRlc3QwC4IJ +-dDg5Mi50ZXN0MAuCCXQ4OTMudGVzdDALggl0ODk0LnRlc3QwC4IJdDg5NS50ZXN0 +-MAuCCXQ4OTYudGVzdDALggl0ODk3LnRlc3QwC4IJdDg5OC50ZXN0MAuCCXQ4OTku +-dGVzdDALggl0OTAwLnRlc3QwC4IJdDkwMS50ZXN0MAuCCXQ5MDIudGVzdDALggl0 +-OTAzLnRlc3QwC4IJdDkwNC50ZXN0MAuCCXQ5MDUudGVzdDALggl0OTA2LnRlc3Qw +-C4IJdDkwNy50ZXN0MAuCCXQ5MDgudGVzdDALggl0OTA5LnRlc3QwC4IJdDkxMC50 +-ZXN0MAuCCXQ5MTEudGVzdDALggl0OTEyLnRlc3QwC4IJdDkxMy50ZXN0MAuCCXQ5 +-MTQudGVzdDALggl0OTE1LnRlc3QwC4IJdDkxNi50ZXN0MAuCCXQ5MTcudGVzdDAL +-ggl0OTE4LnRlc3QwC4IJdDkxOS50ZXN0MAuCCXQ5MjAudGVzdDALggl0OTIxLnRl +-c3QwC4IJdDkyMi50ZXN0MAuCCXQ5MjMudGVzdDALggl0OTI0LnRlc3QwC4IJdDky +-NS50ZXN0MAuCCXQ5MjYudGVzdDALggl0OTI3LnRlc3QwC4IJdDkyOC50ZXN0MAuC +-CXQ5MjkudGVzdDALggl0OTMwLnRlc3QwC4IJdDkzMS50ZXN0MAuCCXQ5MzIudGVz +-dDALggl0OTMzLnRlc3QwC4IJdDkzNC50ZXN0MAuCCXQ5MzUudGVzdDALggl0OTM2 +-LnRlc3QwC4IJdDkzNy50ZXN0MAuCCXQ5MzgudGVzdDALggl0OTM5LnRlc3QwC4IJ +-dDk0MC50ZXN0MAuCCXQ5NDEudGVzdDALggl0OTQyLnRlc3QwC4IJdDk0My50ZXN0 +-MAuCCXQ5NDQudGVzdDALggl0OTQ1LnRlc3QwC4IJdDk0Ni50ZXN0MAuCCXQ5NDcu +-dGVzdDALggl0OTQ4LnRlc3QwC4IJdDk0OS50ZXN0MAuCCXQ5NTAudGVzdDALggl0 +-OTUxLnRlc3QwC4IJdDk1Mi50ZXN0MAuCCXQ5NTMudGVzdDALggl0OTU0LnRlc3Qw +-C4IJdDk1NS50ZXN0MAuCCXQ5NTYudGVzdDALggl0OTU3LnRlc3QwC4IJdDk1OC50 +-ZXN0MAuCCXQ5NTkudGVzdDALggl0OTYwLnRlc3QwC4IJdDk2MS50ZXN0MAuCCXQ5 +-NjIudGVzdDALggl0OTYzLnRlc3QwC4IJdDk2NC50ZXN0MAuCCXQ5NjUudGVzdDAL +-ggl0OTY2LnRlc3QwC4IJdDk2Ny50ZXN0MAuCCXQ5NjgudGVzdDALggl0OTY5LnRl +-c3QwC4IJdDk3MC50ZXN0MAuCCXQ5NzEudGVzdDALggl0OTcyLnRlc3QwC4IJdDk3 +-My50ZXN0MAuCCXQ5NzQudGVzdDALggl0OTc1LnRlc3QwC4IJdDk3Ni50ZXN0MAuC +-CXQ5NzcudGVzdDALggl0OTc4LnRlc3QwC4IJdDk3OS50ZXN0MAuCCXQ5ODAudGVz +-dDALggl0OTgxLnRlc3QwC4IJdDk4Mi50ZXN0MAuCCXQ5ODMudGVzdDALggl0OTg0 +-LnRlc3QwC4IJdDk4NS50ZXN0MAuCCXQ5ODYudGVzdDALggl0OTg3LnRlc3QwC4IJ +-dDk4OC50ZXN0MAuCCXQ5ODkudGVzdDALggl0OTkwLnRlc3QwC4IJdDk5MS50ZXN0 +-MAuCCXQ5OTIudGVzdDALggl0OTkzLnRlc3QwC4IJdDk5NC50ZXN0MAuCCXQ5OTUu +-dGVzdDALggl0OTk2LnRlc3QwC4IJdDk5Ny50ZXN0MAuCCXQ5OTgudGVzdDALggl0 +-OTk5LnRlc3QwDIIKdDEwMDAudGVzdDAMggp0MTAwMS50ZXN0MAyCCnQxMDAyLnRl +-c3QwDIIKdDEwMDMudGVzdDAMggp0MTAwNC50ZXN0MAyCCnQxMDA1LnRlc3QwDIIK +-dDEwMDYudGVzdDAMggp0MTAwNy50ZXN0MAyCCnQxMDA4LnRlc3QwDIIKdDEwMDku +-dGVzdDAMggp0MTAxMC50ZXN0MAyCCnQxMDExLnRlc3QwDIIKdDEwMTIudGVzdDAM +-ggp0MTAxMy50ZXN0MAyCCnQxMDE0LnRlc3QwDIIKdDEwMTUudGVzdDAMggp0MTAx +-Ni50ZXN0MAyCCnQxMDE3LnRlc3QwDIIKdDEwMTgudGVzdDAMggp0MTAxOS50ZXN0 +-MAyCCnQxMDIwLnRlc3QwDIIKdDEwMjEudGVzdDAMggp0MTAyMi50ZXN0MAyCCnQx +-MDIzLnRlc3QwDIIKdDEwMjQudGVzdDARpA8wDTELMAkGA1UEAwwCdDAwEaQPMA0x +-CzAJBgNVBAMMAnQxMBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UEAwwC +-dDMwEaQPMA0xCzAJBgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8wDTEL +-MAkGA1UEAwwCdDYwEaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQDDAJ0 +-ODARpA8wDTELMAkGA1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAwDjEM +-MAoGA1UEAwwDdDExMBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNVBAMM +-A3QxMzASpBAwDjEMMAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUwEqQQ +-MA4xDDAKBgNVBAMMA3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQwwCgYD +-VQQDDAN0MTgwEqQQMA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwDdDIw +-MBKkEDAOMQwwCgYDVQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAwDjEM +-MAoGA1UEAwwDdDIzMBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNVBAMM +-A3QyNTASpBAwDjEMMAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0MjcwEqQQ +-MA4xDDAKBgNVBAMMA3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQwwCgYD +-VQQDDAN0MzAwEqQQMA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwDdDMy +-MBKkEDAOMQwwCgYDVQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAwDjEM +-MAoGA1UEAwwDdDM1MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNVBAMM +-A3QzNzASpBAwDjEMMAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0MzkwEqQQ +-MA4xDDAKBgNVBAMMA3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQwwCgYD +-VQQDDAN0NDIwEqQQMA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwDdDQ0 +-MBKkEDAOMQwwCgYDVQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAwDjEM +-MAoGA1UEAwwDdDQ3MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNVBAMM +-A3Q0OTASpBAwDjEMMAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEwEqQQ +-MA4xDDAKBgNVBAMMA3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQwwCgYD +-VQQDDAN0NTQwEqQQMA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwDdDU2 +-MBKkEDAOMQwwCgYDVQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAwDjEM +-MAoGA1UEAwwDdDU5MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNVBAMM +-A3Q2MTASpBAwDjEMMAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMwEqQQ +-MA4xDDAKBgNVBAMMA3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQwwCgYD +-VQQDDAN0NjYwEqQQMA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwDdDY4 +-MBKkEDAOMQwwCgYDVQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAwDjEM +-MAoGA1UEAwwDdDcxMBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNVBAMM +-A3Q3MzASpBAwDjEMMAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUwEqQQ +-MA4xDDAKBgNVBAMMA3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQwwCgYD +-VQQDDAN0NzgwEqQQMA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwDdDgw +-MBKkEDAOMQwwCgYDVQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAwDjEM +-MAoGA1UEAwwDdDgzMBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNVBAMM +-A3Q4NTASpBAwDjEMMAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcwEqQQ +-MA4xDDAKBgNVBAMMA3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQwwCgYD +-VQQDDAN0OTAwEqQQMA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwDdDky +-MBKkEDAOMQwwCgYDVQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAwDjEM +-MAoGA1UEAwwDdDk1MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNVBAMM +-A3Q5NzASpBAwDjEMMAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkwE6QR +-MA8xDTALBgNVBAMMBHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8xDTAL +-BgNVBAMMBHQxMDIwE6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNVBAMM +-BHQxMDQwE6QRMA8xDTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQxMDYw +-E6QRMA8xDTALBgNVBAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QRMA8x +-DTALBgNVBAMMBHQxMDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTALBgNV +-BAMMBHQxMTEwE6QRMA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMMBHQx +-MTMwE6QRMA8xDTALBgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUwE6QR +-MA8xDTALBgNVBAMMBHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8xDTAL +-BgNVBAMMBHQxMTgwE6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNVBAMM +-BHQxMjAwE6QRMA8xDTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQxMjIw +-E6QRMA8xDTALBgNVBAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QRMA8x +-DTALBgNVBAMMBHQxMjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTALBgNV +-BAMMBHQxMjcwE6QRMA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMMBHQx +-MjkwE6QRMA8xDTALBgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEwE6QR +-MA8xDTALBgNVBAMMBHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8xDTAL +-BgNVBAMMBHQxMzQwE6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNVBAMM +-BHQxMzYwE6QRMA8xDTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQxMzgw +-E6QRMA8xDTALBgNVBAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QRMA8x +-DTALBgNVBAMMBHQxNDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTALBgNV +-BAMMBHQxNDMwE6QRMA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMMBHQx +-NDUwE6QRMA8xDTALBgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcwE6QR +-MA8xDTALBgNVBAMMBHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8xDTAL +-BgNVBAMMBHQxNTAwE6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNVBAMM +-BHQxNTIwE6QRMA8xDTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQxNTQw +-E6QRMA8xDTALBgNVBAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QRMA8x +-DTALBgNVBAMMBHQxNTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTALBgNV +-BAMMBHQxNTkwE6QRMA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMMBHQx +-NjEwE6QRMA8xDTALBgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMwE6QR +-MA8xDTALBgNVBAMMBHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8xDTAL +-BgNVBAMMBHQxNjYwE6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNVBAMM +-BHQxNjgwE6QRMA8xDTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQxNzAw +-E6QRMA8xDTALBgNVBAMMBHQxNzEwE6QRMA8xDTALBgNVBAMMBHQxNzIwE6QRMA8x +-DTALBgNVBAMMBHQxNzMwE6QRMA8xDTALBgNVBAMMBHQxNzQwE6QRMA8xDTALBgNV +-BAMMBHQxNzUwE6QRMA8xDTALBgNVBAMMBHQxNzYwE6QRMA8xDTALBgNVBAMMBHQx +-NzcwE6QRMA8xDTALBgNVBAMMBHQxNzgwE6QRMA8xDTALBgNVBAMMBHQxNzkwE6QR +-MA8xDTALBgNVBAMMBHQxODAwE6QRMA8xDTALBgNVBAMMBHQxODEwE6QRMA8xDTAL +-BgNVBAMMBHQxODIwE6QRMA8xDTALBgNVBAMMBHQxODMwE6QRMA8xDTALBgNVBAMM +-BHQxODQwE6QRMA8xDTALBgNVBAMMBHQxODUwE6QRMA8xDTALBgNVBAMMBHQxODYw +-E6QRMA8xDTALBgNVBAMMBHQxODcwE6QRMA8xDTALBgNVBAMMBHQxODgwE6QRMA8x +-DTALBgNVBAMMBHQxODkwE6QRMA8xDTALBgNVBAMMBHQxOTAwE6QRMA8xDTALBgNV +-BAMMBHQxOTEwE6QRMA8xDTALBgNVBAMMBHQxOTIwE6QRMA8xDTALBgNVBAMMBHQx +-OTMwE6QRMA8xDTALBgNVBAMMBHQxOTQwE6QRMA8xDTALBgNVBAMMBHQxOTUwE6QR +-MA8xDTALBgNVBAMMBHQxOTYwE6QRMA8xDTALBgNVBAMMBHQxOTcwE6QRMA8xDTAL +-BgNVBAMMBHQxOTgwE6QRMA8xDTALBgNVBAMMBHQxOTkwE6QRMA8xDTALBgNVBAMM +-BHQyMDAwE6QRMA8xDTALBgNVBAMMBHQyMDEwE6QRMA8xDTALBgNVBAMMBHQyMDIw +-E6QRMA8xDTALBgNVBAMMBHQyMDMwE6QRMA8xDTALBgNVBAMMBHQyMDQwE6QRMA8x +-DTALBgNVBAMMBHQyMDUwE6QRMA8xDTALBgNVBAMMBHQyMDYwE6QRMA8xDTALBgNV +-BAMMBHQyMDcwE6QRMA8xDTALBgNVBAMMBHQyMDgwE6QRMA8xDTALBgNVBAMMBHQy +-MDkwE6QRMA8xDTALBgNVBAMMBHQyMTAwE6QRMA8xDTALBgNVBAMMBHQyMTEwE6QR +-MA8xDTALBgNVBAMMBHQyMTIwE6QRMA8xDTALBgNVBAMMBHQyMTMwE6QRMA8xDTAL +-BgNVBAMMBHQyMTQwE6QRMA8xDTALBgNVBAMMBHQyMTUwE6QRMA8xDTALBgNVBAMM +-BHQyMTYwE6QRMA8xDTALBgNVBAMMBHQyMTcwE6QRMA8xDTALBgNVBAMMBHQyMTgw +-E6QRMA8xDTALBgNVBAMMBHQyMTkwE6QRMA8xDTALBgNVBAMMBHQyMjAwE6QRMA8x +-DTALBgNVBAMMBHQyMjEwE6QRMA8xDTALBgNVBAMMBHQyMjIwE6QRMA8xDTALBgNV +-BAMMBHQyMjMwE6QRMA8xDTALBgNVBAMMBHQyMjQwE6QRMA8xDTALBgNVBAMMBHQy +-MjUwE6QRMA8xDTALBgNVBAMMBHQyMjYwE6QRMA8xDTALBgNVBAMMBHQyMjcwE6QR +-MA8xDTALBgNVBAMMBHQyMjgwE6QRMA8xDTALBgNVBAMMBHQyMjkwE6QRMA8xDTAL +-BgNVBAMMBHQyMzAwE6QRMA8xDTALBgNVBAMMBHQyMzEwE6QRMA8xDTALBgNVBAMM +-BHQyMzIwE6QRMA8xDTALBgNVBAMMBHQyMzMwE6QRMA8xDTALBgNVBAMMBHQyMzQw +-E6QRMA8xDTALBgNVBAMMBHQyMzUwE6QRMA8xDTALBgNVBAMMBHQyMzYwE6QRMA8x +-DTALBgNVBAMMBHQyMzcwE6QRMA8xDTALBgNVBAMMBHQyMzgwE6QRMA8xDTALBgNV +-BAMMBHQyMzkwE6QRMA8xDTALBgNVBAMMBHQyNDAwE6QRMA8xDTALBgNVBAMMBHQy +-NDEwE6QRMA8xDTALBgNVBAMMBHQyNDIwE6QRMA8xDTALBgNVBAMMBHQyNDMwE6QR +-MA8xDTALBgNVBAMMBHQyNDQwE6QRMA8xDTALBgNVBAMMBHQyNDUwE6QRMA8xDTAL +-BgNVBAMMBHQyNDYwE6QRMA8xDTALBgNVBAMMBHQyNDcwE6QRMA8xDTALBgNVBAMM +-BHQyNDgwE6QRMA8xDTALBgNVBAMMBHQyNDkwE6QRMA8xDTALBgNVBAMMBHQyNTAw +-E6QRMA8xDTALBgNVBAMMBHQyNTEwE6QRMA8xDTALBgNVBAMMBHQyNTIwE6QRMA8x +-DTALBgNVBAMMBHQyNTMwE6QRMA8xDTALBgNVBAMMBHQyNTQwE6QRMA8xDTALBgNV +-BAMMBHQyNTUwE6QRMA8xDTALBgNVBAMMBHQyNTYwE6QRMA8xDTALBgNVBAMMBHQy +-NTcwE6QRMA8xDTALBgNVBAMMBHQyNTgwE6QRMA8xDTALBgNVBAMMBHQyNTkwE6QR +-MA8xDTALBgNVBAMMBHQyNjAwE6QRMA8xDTALBgNVBAMMBHQyNjEwE6QRMA8xDTAL +-BgNVBAMMBHQyNjIwE6QRMA8xDTALBgNVBAMMBHQyNjMwE6QRMA8xDTALBgNVBAMM +-BHQyNjQwE6QRMA8xDTALBgNVBAMMBHQyNjUwE6QRMA8xDTALBgNVBAMMBHQyNjYw +-E6QRMA8xDTALBgNVBAMMBHQyNjcwE6QRMA8xDTALBgNVBAMMBHQyNjgwE6QRMA8x +-DTALBgNVBAMMBHQyNjkwE6QRMA8xDTALBgNVBAMMBHQyNzAwE6QRMA8xDTALBgNV +-BAMMBHQyNzEwE6QRMA8xDTALBgNVBAMMBHQyNzIwE6QRMA8xDTALBgNVBAMMBHQy +-NzMwE6QRMA8xDTALBgNVBAMMBHQyNzQwE6QRMA8xDTALBgNVBAMMBHQyNzUwE6QR +-MA8xDTALBgNVBAMMBHQyNzYwE6QRMA8xDTALBgNVBAMMBHQyNzcwE6QRMA8xDTAL +-BgNVBAMMBHQyNzgwE6QRMA8xDTALBgNVBAMMBHQyNzkwE6QRMA8xDTALBgNVBAMM +-BHQyODAwE6QRMA8xDTALBgNVBAMMBHQyODEwE6QRMA8xDTALBgNVBAMMBHQyODIw +-E6QRMA8xDTALBgNVBAMMBHQyODMwE6QRMA8xDTALBgNVBAMMBHQyODQwE6QRMA8x +-DTALBgNVBAMMBHQyODUwE6QRMA8xDTALBgNVBAMMBHQyODYwE6QRMA8xDTALBgNV +-BAMMBHQyODcwE6QRMA8xDTALBgNVBAMMBHQyODgwE6QRMA8xDTALBgNVBAMMBHQy +-ODkwE6QRMA8xDTALBgNVBAMMBHQyOTAwE6QRMA8xDTALBgNVBAMMBHQyOTEwE6QR +-MA8xDTALBgNVBAMMBHQyOTIwE6QRMA8xDTALBgNVBAMMBHQyOTMwE6QRMA8xDTAL +-BgNVBAMMBHQyOTQwE6QRMA8xDTALBgNVBAMMBHQyOTUwE6QRMA8xDTALBgNVBAMM +-BHQyOTYwE6QRMA8xDTALBgNVBAMMBHQyOTcwE6QRMA8xDTALBgNVBAMMBHQyOTgw +-E6QRMA8xDTALBgNVBAMMBHQyOTkwE6QRMA8xDTALBgNVBAMMBHQzMDAwE6QRMA8x +-DTALBgNVBAMMBHQzMDEwE6QRMA8xDTALBgNVBAMMBHQzMDIwE6QRMA8xDTALBgNV +-BAMMBHQzMDMwE6QRMA8xDTALBgNVBAMMBHQzMDQwE6QRMA8xDTALBgNVBAMMBHQz +-MDUwE6QRMA8xDTALBgNVBAMMBHQzMDYwE6QRMA8xDTALBgNVBAMMBHQzMDcwE6QR +-MA8xDTALBgNVBAMMBHQzMDgwE6QRMA8xDTALBgNVBAMMBHQzMDkwE6QRMA8xDTAL +-BgNVBAMMBHQzMTAwE6QRMA8xDTALBgNVBAMMBHQzMTEwE6QRMA8xDTALBgNVBAMM +-BHQzMTIwE6QRMA8xDTALBgNVBAMMBHQzMTMwE6QRMA8xDTALBgNVBAMMBHQzMTQw +-E6QRMA8xDTALBgNVBAMMBHQzMTUwE6QRMA8xDTALBgNVBAMMBHQzMTYwE6QRMA8x +-DTALBgNVBAMMBHQzMTcwE6QRMA8xDTALBgNVBAMMBHQzMTgwE6QRMA8xDTALBgNV +-BAMMBHQzMTkwE6QRMA8xDTALBgNVBAMMBHQzMjAwE6QRMA8xDTALBgNVBAMMBHQz +-MjEwE6QRMA8xDTALBgNVBAMMBHQzMjIwE6QRMA8xDTALBgNVBAMMBHQzMjMwE6QR +-MA8xDTALBgNVBAMMBHQzMjQwE6QRMA8xDTALBgNVBAMMBHQzMjUwE6QRMA8xDTAL +-BgNVBAMMBHQzMjYwE6QRMA8xDTALBgNVBAMMBHQzMjcwE6QRMA8xDTALBgNVBAMM +-BHQzMjgwE6QRMA8xDTALBgNVBAMMBHQzMjkwE6QRMA8xDTALBgNVBAMMBHQzMzAw +-E6QRMA8xDTALBgNVBAMMBHQzMzEwE6QRMA8xDTALBgNVBAMMBHQzMzIwE6QRMA8x +-DTALBgNVBAMMBHQzMzMwE6QRMA8xDTALBgNVBAMMBHQzMzQwE6QRMA8xDTALBgNV +-BAMMBHQzMzUwE6QRMA8xDTALBgNVBAMMBHQzMzYwE6QRMA8xDTALBgNVBAMMBHQz +-MzcwE6QRMA8xDTALBgNVBAMMBHQzMzgwE6QRMA8xDTALBgNVBAMMBHQzMzkwE6QR +-MA8xDTALBgNVBAMMBHQzNDAwE6QRMA8xDTALBgNVBAMMBHQzNDEwE6QRMA8xDTAL +-BgNVBAMMBHQzNDIwE6QRMA8xDTALBgNVBAMMBHQzNDMwE6QRMA8xDTALBgNVBAMM +-BHQzNDQwE6QRMA8xDTALBgNVBAMMBHQzNDUwE6QRMA8xDTALBgNVBAMMBHQzNDYw +-E6QRMA8xDTALBgNVBAMMBHQzNDcwE6QRMA8xDTALBgNVBAMMBHQzNDgwE6QRMA8x +-DTALBgNVBAMMBHQzNDkwE6QRMA8xDTALBgNVBAMMBHQzNTAwE6QRMA8xDTALBgNV +-BAMMBHQzNTEwE6QRMA8xDTALBgNVBAMMBHQzNTIwE6QRMA8xDTALBgNVBAMMBHQz +-NTMwE6QRMA8xDTALBgNVBAMMBHQzNTQwE6QRMA8xDTALBgNVBAMMBHQzNTUwE6QR +-MA8xDTALBgNVBAMMBHQzNTYwE6QRMA8xDTALBgNVBAMMBHQzNTcwE6QRMA8xDTAL +-BgNVBAMMBHQzNTgwE6QRMA8xDTALBgNVBAMMBHQzNTkwE6QRMA8xDTALBgNVBAMM +-BHQzNjAwE6QRMA8xDTALBgNVBAMMBHQzNjEwE6QRMA8xDTALBgNVBAMMBHQzNjIw +-E6QRMA8xDTALBgNVBAMMBHQzNjMwE6QRMA8xDTALBgNVBAMMBHQzNjQwE6QRMA8x +-DTALBgNVBAMMBHQzNjUwE6QRMA8xDTALBgNVBAMMBHQzNjYwE6QRMA8xDTALBgNV +-BAMMBHQzNjcwE6QRMA8xDTALBgNVBAMMBHQzNjgwE6QRMA8xDTALBgNVBAMMBHQz +-NjkwE6QRMA8xDTALBgNVBAMMBHQzNzAwE6QRMA8xDTALBgNVBAMMBHQzNzEwE6QR +-MA8xDTALBgNVBAMMBHQzNzIwE6QRMA8xDTALBgNVBAMMBHQzNzMwE6QRMA8xDTAL +-BgNVBAMMBHQzNzQwE6QRMA8xDTALBgNVBAMMBHQzNzUwE6QRMA8xDTALBgNVBAMM +-BHQzNzYwE6QRMA8xDTALBgNVBAMMBHQzNzcwE6QRMA8xDTALBgNVBAMMBHQzNzgw +-E6QRMA8xDTALBgNVBAMMBHQzNzkwE6QRMA8xDTALBgNVBAMMBHQzODAwE6QRMA8x +-DTALBgNVBAMMBHQzODEwE6QRMA8xDTALBgNVBAMMBHQzODIwE6QRMA8xDTALBgNV +-BAMMBHQzODMwE6QRMA8xDTALBgNVBAMMBHQzODQwE6QRMA8xDTALBgNVBAMMBHQz +-ODUwE6QRMA8xDTALBgNVBAMMBHQzODYwE6QRMA8xDTALBgNVBAMMBHQzODcwE6QR +-MA8xDTALBgNVBAMMBHQzODgwE6QRMA8xDTALBgNVBAMMBHQzODkwE6QRMA8xDTAL +-BgNVBAMMBHQzOTAwE6QRMA8xDTALBgNVBAMMBHQzOTEwE6QRMA8xDTALBgNVBAMM +-BHQzOTIwE6QRMA8xDTALBgNVBAMMBHQzOTMwE6QRMA8xDTALBgNVBAMMBHQzOTQw +-E6QRMA8xDTALBgNVBAMMBHQzOTUwE6QRMA8xDTALBgNVBAMMBHQzOTYwE6QRMA8x +-DTALBgNVBAMMBHQzOTcwE6QRMA8xDTALBgNVBAMMBHQzOTgwE6QRMA8xDTALBgNV +-BAMMBHQzOTkwE6QRMA8xDTALBgNVBAMMBHQ0MDAwE6QRMA8xDTALBgNVBAMMBHQ0 +-MDEwE6QRMA8xDTALBgNVBAMMBHQ0MDIwE6QRMA8xDTALBgNVBAMMBHQ0MDMwE6QR +-MA8xDTALBgNVBAMMBHQ0MDQwE6QRMA8xDTALBgNVBAMMBHQ0MDUwE6QRMA8xDTAL +-BgNVBAMMBHQ0MDYwE6QRMA8xDTALBgNVBAMMBHQ0MDcwE6QRMA8xDTALBgNVBAMM +-BHQ0MDgwE6QRMA8xDTALBgNVBAMMBHQ0MDkwE6QRMA8xDTALBgNVBAMMBHQ0MTAw +-E6QRMA8xDTALBgNVBAMMBHQ0MTEwE6QRMA8xDTALBgNVBAMMBHQ0MTIwE6QRMA8x +-DTALBgNVBAMMBHQ0MTMwE6QRMA8xDTALBgNVBAMMBHQ0MTQwE6QRMA8xDTALBgNV +-BAMMBHQ0MTUwE6QRMA8xDTALBgNVBAMMBHQ0MTYwE6QRMA8xDTALBgNVBAMMBHQ0 +-MTcwE6QRMA8xDTALBgNVBAMMBHQ0MTgwE6QRMA8xDTALBgNVBAMMBHQ0MTkwE6QR +-MA8xDTALBgNVBAMMBHQ0MjAwE6QRMA8xDTALBgNVBAMMBHQ0MjEwE6QRMA8xDTAL +-BgNVBAMMBHQ0MjIwE6QRMA8xDTALBgNVBAMMBHQ0MjMwE6QRMA8xDTALBgNVBAMM +-BHQ0MjQwE6QRMA8xDTALBgNVBAMMBHQ0MjUwE6QRMA8xDTALBgNVBAMMBHQ0MjYw +-E6QRMA8xDTALBgNVBAMMBHQ0MjcwE6QRMA8xDTALBgNVBAMMBHQ0MjgwE6QRMA8x +-DTALBgNVBAMMBHQ0MjkwE6QRMA8xDTALBgNVBAMMBHQ0MzAwE6QRMA8xDTALBgNV +-BAMMBHQ0MzEwE6QRMA8xDTALBgNVBAMMBHQ0MzIwE6QRMA8xDTALBgNVBAMMBHQ0 +-MzMwE6QRMA8xDTALBgNVBAMMBHQ0MzQwE6QRMA8xDTALBgNVBAMMBHQ0MzUwE6QR +-MA8xDTALBgNVBAMMBHQ0MzYwE6QRMA8xDTALBgNVBAMMBHQ0MzcwE6QRMA8xDTAL +-BgNVBAMMBHQ0MzgwE6QRMA8xDTALBgNVBAMMBHQ0MzkwE6QRMA8xDTALBgNVBAMM +-BHQ0NDAwE6QRMA8xDTALBgNVBAMMBHQ0NDEwE6QRMA8xDTALBgNVBAMMBHQ0NDIw +-E6QRMA8xDTALBgNVBAMMBHQ0NDMwE6QRMA8xDTALBgNVBAMMBHQ0NDQwE6QRMA8x +-DTALBgNVBAMMBHQ0NDUwE6QRMA8xDTALBgNVBAMMBHQ0NDYwE6QRMA8xDTALBgNV +-BAMMBHQ0NDcwE6QRMA8xDTALBgNVBAMMBHQ0NDgwE6QRMA8xDTALBgNVBAMMBHQ0 +-NDkwE6QRMA8xDTALBgNVBAMMBHQ0NTAwE6QRMA8xDTALBgNVBAMMBHQ0NTEwE6QR +-MA8xDTALBgNVBAMMBHQ0NTIwE6QRMA8xDTALBgNVBAMMBHQ0NTMwE6QRMA8xDTAL +-BgNVBAMMBHQ0NTQwE6QRMA8xDTALBgNVBAMMBHQ0NTUwE6QRMA8xDTALBgNVBAMM +-BHQ0NTYwE6QRMA8xDTALBgNVBAMMBHQ0NTcwE6QRMA8xDTALBgNVBAMMBHQ0NTgw +-E6QRMA8xDTALBgNVBAMMBHQ0NTkwE6QRMA8xDTALBgNVBAMMBHQ0NjAwE6QRMA8x +-DTALBgNVBAMMBHQ0NjEwE6QRMA8xDTALBgNVBAMMBHQ0NjIwE6QRMA8xDTALBgNV +-BAMMBHQ0NjMwE6QRMA8xDTALBgNVBAMMBHQ0NjQwE6QRMA8xDTALBgNVBAMMBHQ0 +-NjUwE6QRMA8xDTALBgNVBAMMBHQ0NjYwE6QRMA8xDTALBgNVBAMMBHQ0NjcwE6QR +-MA8xDTALBgNVBAMMBHQ0NjgwE6QRMA8xDTALBgNVBAMMBHQ0NjkwE6QRMA8xDTAL +-BgNVBAMMBHQ0NzAwE6QRMA8xDTALBgNVBAMMBHQ0NzEwE6QRMA8xDTALBgNVBAMM +-BHQ0NzIwE6QRMA8xDTALBgNVBAMMBHQ0NzMwE6QRMA8xDTALBgNVBAMMBHQ0NzQw +-E6QRMA8xDTALBgNVBAMMBHQ0NzUwE6QRMA8xDTALBgNVBAMMBHQ0NzYwE6QRMA8x +-DTALBgNVBAMMBHQ0NzcwE6QRMA8xDTALBgNVBAMMBHQ0NzgwE6QRMA8xDTALBgNV +-BAMMBHQ0NzkwE6QRMA8xDTALBgNVBAMMBHQ0ODAwE6QRMA8xDTALBgNVBAMMBHQ0 +-ODEwE6QRMA8xDTALBgNVBAMMBHQ0ODIwE6QRMA8xDTALBgNVBAMMBHQ0ODMwE6QR +-MA8xDTALBgNVBAMMBHQ0ODQwE6QRMA8xDTALBgNVBAMMBHQ0ODUwE6QRMA8xDTAL +-BgNVBAMMBHQ0ODYwE6QRMA8xDTALBgNVBAMMBHQ0ODcwE6QRMA8xDTALBgNVBAMM +-BHQ0ODgwE6QRMA8xDTALBgNVBAMMBHQ0ODkwE6QRMA8xDTALBgNVBAMMBHQ0OTAw +-E6QRMA8xDTALBgNVBAMMBHQ0OTEwE6QRMA8xDTALBgNVBAMMBHQ0OTIwE6QRMA8x +-DTALBgNVBAMMBHQ0OTMwE6QRMA8xDTALBgNVBAMMBHQ0OTQwE6QRMA8xDTALBgNV +-BAMMBHQ0OTUwE6QRMA8xDTALBgNVBAMMBHQ0OTYwE6QRMA8xDTALBgNVBAMMBHQ0 +-OTcwE6QRMA8xDTALBgNVBAMMBHQ0OTgwE6QRMA8xDTALBgNVBAMMBHQ0OTkwE6QR +-MA8xDTALBgNVBAMMBHQ1MDAwE6QRMA8xDTALBgNVBAMMBHQ1MDEwE6QRMA8xDTAL +-BgNVBAMMBHQ1MDIwE6QRMA8xDTALBgNVBAMMBHQ1MDMwE6QRMA8xDTALBgNVBAMM +-BHQ1MDQwE6QRMA8xDTALBgNVBAMMBHQ1MDUwE6QRMA8xDTALBgNVBAMMBHQ1MDYw +-E6QRMA8xDTALBgNVBAMMBHQ1MDcwE6QRMA8xDTALBgNVBAMMBHQ1MDgwE6QRMA8x +-DTALBgNVBAMMBHQ1MDkwE6QRMA8xDTALBgNVBAMMBHQ1MTAwE6QRMA8xDTALBgNV +-BAMMBHQ1MTEwE6QRMA8xDTALBgNVBAMMBHQ1MTIwE6QRMA8xDTALBgNVBAMMBHQ1 +-MTMwE6QRMA8xDTALBgNVBAMMBHQ1MTQwE6QRMA8xDTALBgNVBAMMBHQ1MTUwE6QR +-MA8xDTALBgNVBAMMBHQ1MTYwE6QRMA8xDTALBgNVBAMMBHQ1MTcwE6QRMA8xDTAL +-BgNVBAMMBHQ1MTgwE6QRMA8xDTALBgNVBAMMBHQ1MTkwE6QRMA8xDTALBgNVBAMM +-BHQ1MjAwE6QRMA8xDTALBgNVBAMMBHQ1MjEwE6QRMA8xDTALBgNVBAMMBHQ1MjIw +-E6QRMA8xDTALBgNVBAMMBHQ1MjMwE6QRMA8xDTALBgNVBAMMBHQ1MjQwE6QRMA8x +-DTALBgNVBAMMBHQ1MjUwE6QRMA8xDTALBgNVBAMMBHQ1MjYwE6QRMA8xDTALBgNV +-BAMMBHQ1MjcwE6QRMA8xDTALBgNVBAMMBHQ1MjgwE6QRMA8xDTALBgNVBAMMBHQ1 +-MjkwE6QRMA8xDTALBgNVBAMMBHQ1MzAwE6QRMA8xDTALBgNVBAMMBHQ1MzEwE6QR +-MA8xDTALBgNVBAMMBHQ1MzIwE6QRMA8xDTALBgNVBAMMBHQ1MzMwE6QRMA8xDTAL +-BgNVBAMMBHQ1MzQwE6QRMA8xDTALBgNVBAMMBHQ1MzUwE6QRMA8xDTALBgNVBAMM +-BHQ1MzYwE6QRMA8xDTALBgNVBAMMBHQ1MzcwE6QRMA8xDTALBgNVBAMMBHQ1Mzgw +-E6QRMA8xDTALBgNVBAMMBHQ1MzkwE6QRMA8xDTALBgNVBAMMBHQ1NDAwE6QRMA8x +-DTALBgNVBAMMBHQ1NDEwE6QRMA8xDTALBgNVBAMMBHQ1NDIwE6QRMA8xDTALBgNV +-BAMMBHQ1NDMwE6QRMA8xDTALBgNVBAMMBHQ1NDQwE6QRMA8xDTALBgNVBAMMBHQ1 +-NDUwE6QRMA8xDTALBgNVBAMMBHQ1NDYwE6QRMA8xDTALBgNVBAMMBHQ1NDcwE6QR +-MA8xDTALBgNVBAMMBHQ1NDgwE6QRMA8xDTALBgNVBAMMBHQ1NDkwE6QRMA8xDTAL +-BgNVBAMMBHQ1NTAwE6QRMA8xDTALBgNVBAMMBHQ1NTEwE6QRMA8xDTALBgNVBAMM +-BHQ1NTIwE6QRMA8xDTALBgNVBAMMBHQ1NTMwE6QRMA8xDTALBgNVBAMMBHQ1NTQw +-E6QRMA8xDTALBgNVBAMMBHQ1NTUwE6QRMA8xDTALBgNVBAMMBHQ1NTYwE6QRMA8x +-DTALBgNVBAMMBHQ1NTcwE6QRMA8xDTALBgNVBAMMBHQ1NTgwE6QRMA8xDTALBgNV +-BAMMBHQ1NTkwE6QRMA8xDTALBgNVBAMMBHQ1NjAwE6QRMA8xDTALBgNVBAMMBHQ1 +-NjEwE6QRMA8xDTALBgNVBAMMBHQ1NjIwE6QRMA8xDTALBgNVBAMMBHQ1NjMwE6QR +-MA8xDTALBgNVBAMMBHQ1NjQwE6QRMA8xDTALBgNVBAMMBHQ1NjUwE6QRMA8xDTAL +-BgNVBAMMBHQ1NjYwE6QRMA8xDTALBgNVBAMMBHQ1NjcwE6QRMA8xDTALBgNVBAMM +-BHQ1NjgwE6QRMA8xDTALBgNVBAMMBHQ1NjkwE6QRMA8xDTALBgNVBAMMBHQ1NzAw +-E6QRMA8xDTALBgNVBAMMBHQ1NzEwE6QRMA8xDTALBgNVBAMMBHQ1NzIwE6QRMA8x +-DTALBgNVBAMMBHQ1NzMwE6QRMA8xDTALBgNVBAMMBHQ1NzQwE6QRMA8xDTALBgNV +-BAMMBHQ1NzUwE6QRMA8xDTALBgNVBAMMBHQ1NzYwE6QRMA8xDTALBgNVBAMMBHQ1 +-NzcwE6QRMA8xDTALBgNVBAMMBHQ1NzgwE6QRMA8xDTALBgNVBAMMBHQ1NzkwE6QR +-MA8xDTALBgNVBAMMBHQ1ODAwE6QRMA8xDTALBgNVBAMMBHQ1ODEwE6QRMA8xDTAL +-BgNVBAMMBHQ1ODIwE6QRMA8xDTALBgNVBAMMBHQ1ODMwE6QRMA8xDTALBgNVBAMM +-BHQ1ODQwE6QRMA8xDTALBgNVBAMMBHQ1ODUwE6QRMA8xDTALBgNVBAMMBHQ1ODYw +-E6QRMA8xDTALBgNVBAMMBHQ1ODcwE6QRMA8xDTALBgNVBAMMBHQ1ODgwE6QRMA8x +-DTALBgNVBAMMBHQ1ODkwE6QRMA8xDTALBgNVBAMMBHQ1OTAwE6QRMA8xDTALBgNV +-BAMMBHQ1OTEwE6QRMA8xDTALBgNVBAMMBHQ1OTIwE6QRMA8xDTALBgNVBAMMBHQ1 +-OTMwE6QRMA8xDTALBgNVBAMMBHQ1OTQwE6QRMA8xDTALBgNVBAMMBHQ1OTUwE6QR +-MA8xDTALBgNVBAMMBHQ1OTYwE6QRMA8xDTALBgNVBAMMBHQ1OTcwE6QRMA8xDTAL +-BgNVBAMMBHQ1OTgwE6QRMA8xDTALBgNVBAMMBHQ1OTkwE6QRMA8xDTALBgNVBAMM +-BHQ2MDAwE6QRMA8xDTALBgNVBAMMBHQ2MDEwE6QRMA8xDTALBgNVBAMMBHQ2MDIw +-E6QRMA8xDTALBgNVBAMMBHQ2MDMwE6QRMA8xDTALBgNVBAMMBHQ2MDQwE6QRMA8x +-DTALBgNVBAMMBHQ2MDUwE6QRMA8xDTALBgNVBAMMBHQ2MDYwE6QRMA8xDTALBgNV +-BAMMBHQ2MDcwE6QRMA8xDTALBgNVBAMMBHQ2MDgwE6QRMA8xDTALBgNVBAMMBHQ2 +-MDkwE6QRMA8xDTALBgNVBAMMBHQ2MTAwE6QRMA8xDTALBgNVBAMMBHQ2MTEwE6QR +-MA8xDTALBgNVBAMMBHQ2MTIwE6QRMA8xDTALBgNVBAMMBHQ2MTMwE6QRMA8xDTAL +-BgNVBAMMBHQ2MTQwE6QRMA8xDTALBgNVBAMMBHQ2MTUwE6QRMA8xDTALBgNVBAMM +-BHQ2MTYwE6QRMA8xDTALBgNVBAMMBHQ2MTcwE6QRMA8xDTALBgNVBAMMBHQ2MTgw +-E6QRMA8xDTALBgNVBAMMBHQ2MTkwE6QRMA8xDTALBgNVBAMMBHQ2MjAwE6QRMA8x +-DTALBgNVBAMMBHQ2MjEwE6QRMA8xDTALBgNVBAMMBHQ2MjIwE6QRMA8xDTALBgNV +-BAMMBHQ2MjMwE6QRMA8xDTALBgNVBAMMBHQ2MjQwE6QRMA8xDTALBgNVBAMMBHQ2 +-MjUwE6QRMA8xDTALBgNVBAMMBHQ2MjYwE6QRMA8xDTALBgNVBAMMBHQ2MjcwE6QR +-MA8xDTALBgNVBAMMBHQ2MjgwE6QRMA8xDTALBgNVBAMMBHQ2MjkwE6QRMA8xDTAL +-BgNVBAMMBHQ2MzAwE6QRMA8xDTALBgNVBAMMBHQ2MzEwE6QRMA8xDTALBgNVBAMM +-BHQ2MzIwE6QRMA8xDTALBgNVBAMMBHQ2MzMwE6QRMA8xDTALBgNVBAMMBHQ2MzQw +-E6QRMA8xDTALBgNVBAMMBHQ2MzUwE6QRMA8xDTALBgNVBAMMBHQ2MzYwE6QRMA8x +-DTALBgNVBAMMBHQ2MzcwE6QRMA8xDTALBgNVBAMMBHQ2MzgwE6QRMA8xDTALBgNV +-BAMMBHQ2MzkwE6QRMA8xDTALBgNVBAMMBHQ2NDAwE6QRMA8xDTALBgNVBAMMBHQ2 +-NDEwE6QRMA8xDTALBgNVBAMMBHQ2NDIwE6QRMA8xDTALBgNVBAMMBHQ2NDMwE6QR +-MA8xDTALBgNVBAMMBHQ2NDQwE6QRMA8xDTALBgNVBAMMBHQ2NDUwE6QRMA8xDTAL +-BgNVBAMMBHQ2NDYwE6QRMA8xDTALBgNVBAMMBHQ2NDcwE6QRMA8xDTALBgNVBAMM +-BHQ2NDgwE6QRMA8xDTALBgNVBAMMBHQ2NDkwE6QRMA8xDTALBgNVBAMMBHQ2NTAw +-E6QRMA8xDTALBgNVBAMMBHQ2NTEwE6QRMA8xDTALBgNVBAMMBHQ2NTIwE6QRMA8x +-DTALBgNVBAMMBHQ2NTMwE6QRMA8xDTALBgNVBAMMBHQ2NTQwE6QRMA8xDTALBgNV +-BAMMBHQ2NTUwE6QRMA8xDTALBgNVBAMMBHQ2NTYwE6QRMA8xDTALBgNVBAMMBHQ2 +-NTcwE6QRMA8xDTALBgNVBAMMBHQ2NTgwE6QRMA8xDTALBgNVBAMMBHQ2NTkwE6QR +-MA8xDTALBgNVBAMMBHQ2NjAwE6QRMA8xDTALBgNVBAMMBHQ2NjEwE6QRMA8xDTAL +-BgNVBAMMBHQ2NjIwE6QRMA8xDTALBgNVBAMMBHQ2NjMwE6QRMA8xDTALBgNVBAMM +-BHQ2NjQwE6QRMA8xDTALBgNVBAMMBHQ2NjUwE6QRMA8xDTALBgNVBAMMBHQ2NjYw +-E6QRMA8xDTALBgNVBAMMBHQ2NjcwE6QRMA8xDTALBgNVBAMMBHQ2NjgwE6QRMA8x +-DTALBgNVBAMMBHQ2NjkwE6QRMA8xDTALBgNVBAMMBHQ2NzAwE6QRMA8xDTALBgNV +-BAMMBHQ2NzEwE6QRMA8xDTALBgNVBAMMBHQ2NzIwE6QRMA8xDTALBgNVBAMMBHQ2 +-NzMwE6QRMA8xDTALBgNVBAMMBHQ2NzQwE6QRMA8xDTALBgNVBAMMBHQ2NzUwE6QR +-MA8xDTALBgNVBAMMBHQ2NzYwE6QRMA8xDTALBgNVBAMMBHQ2NzcwE6QRMA8xDTAL +-BgNVBAMMBHQ2NzgwE6QRMA8xDTALBgNVBAMMBHQ2NzkwE6QRMA8xDTALBgNVBAMM +-BHQ2ODAwE6QRMA8xDTALBgNVBAMMBHQ2ODEwE6QRMA8xDTALBgNVBAMMBHQ2ODIw +-E6QRMA8xDTALBgNVBAMMBHQ2ODMwE6QRMA8xDTALBgNVBAMMBHQ2ODQwE6QRMA8x +-DTALBgNVBAMMBHQ2ODUwE6QRMA8xDTALBgNVBAMMBHQ2ODYwE6QRMA8xDTALBgNV +-BAMMBHQ2ODcwE6QRMA8xDTALBgNVBAMMBHQ2ODgwE6QRMA8xDTALBgNVBAMMBHQ2 +-ODkwE6QRMA8xDTALBgNVBAMMBHQ2OTAwE6QRMA8xDTALBgNVBAMMBHQ2OTEwE6QR +-MA8xDTALBgNVBAMMBHQ2OTIwE6QRMA8xDTALBgNVBAMMBHQ2OTMwE6QRMA8xDTAL +-BgNVBAMMBHQ2OTQwE6QRMA8xDTALBgNVBAMMBHQ2OTUwE6QRMA8xDTALBgNVBAMM +-BHQ2OTYwE6QRMA8xDTALBgNVBAMMBHQ2OTcwE6QRMA8xDTALBgNVBAMMBHQ2OTgw +-E6QRMA8xDTALBgNVBAMMBHQ2OTkwE6QRMA8xDTALBgNVBAMMBHQ3MDAwE6QRMA8x +-DTALBgNVBAMMBHQ3MDEwE6QRMA8xDTALBgNVBAMMBHQ3MDIwE6QRMA8xDTALBgNV +-BAMMBHQ3MDMwE6QRMA8xDTALBgNVBAMMBHQ3MDQwE6QRMA8xDTALBgNVBAMMBHQ3 +-MDUwE6QRMA8xDTALBgNVBAMMBHQ3MDYwE6QRMA8xDTALBgNVBAMMBHQ3MDcwE6QR +-MA8xDTALBgNVBAMMBHQ3MDgwE6QRMA8xDTALBgNVBAMMBHQ3MDkwE6QRMA8xDTAL +-BgNVBAMMBHQ3MTAwE6QRMA8xDTALBgNVBAMMBHQ3MTEwE6QRMA8xDTALBgNVBAMM +-BHQ3MTIwE6QRMA8xDTALBgNVBAMMBHQ3MTMwE6QRMA8xDTALBgNVBAMMBHQ3MTQw +-E6QRMA8xDTALBgNVBAMMBHQ3MTUwE6QRMA8xDTALBgNVBAMMBHQ3MTYwE6QRMA8x +-DTALBgNVBAMMBHQ3MTcwE6QRMA8xDTALBgNVBAMMBHQ3MTgwE6QRMA8xDTALBgNV +-BAMMBHQ3MTkwE6QRMA8xDTALBgNVBAMMBHQ3MjAwE6QRMA8xDTALBgNVBAMMBHQ3 +-MjEwE6QRMA8xDTALBgNVBAMMBHQ3MjIwE6QRMA8xDTALBgNVBAMMBHQ3MjMwE6QR +-MA8xDTALBgNVBAMMBHQ3MjQwE6QRMA8xDTALBgNVBAMMBHQ3MjUwE6QRMA8xDTAL +-BgNVBAMMBHQ3MjYwE6QRMA8xDTALBgNVBAMMBHQ3MjcwE6QRMA8xDTALBgNVBAMM +-BHQ3MjgwE6QRMA8xDTALBgNVBAMMBHQ3MjkwE6QRMA8xDTALBgNVBAMMBHQ3MzAw +-E6QRMA8xDTALBgNVBAMMBHQ3MzEwE6QRMA8xDTALBgNVBAMMBHQ3MzIwE6QRMA8x +-DTALBgNVBAMMBHQ3MzMwE6QRMA8xDTALBgNVBAMMBHQ3MzQwE6QRMA8xDTALBgNV +-BAMMBHQ3MzUwE6QRMA8xDTALBgNVBAMMBHQ3MzYwE6QRMA8xDTALBgNVBAMMBHQ3 +-MzcwE6QRMA8xDTALBgNVBAMMBHQ3MzgwE6QRMA8xDTALBgNVBAMMBHQ3MzkwE6QR +-MA8xDTALBgNVBAMMBHQ3NDAwE6QRMA8xDTALBgNVBAMMBHQ3NDEwE6QRMA8xDTAL +-BgNVBAMMBHQ3NDIwE6QRMA8xDTALBgNVBAMMBHQ3NDMwE6QRMA8xDTALBgNVBAMM +-BHQ3NDQwE6QRMA8xDTALBgNVBAMMBHQ3NDUwE6QRMA8xDTALBgNVBAMMBHQ3NDYw +-E6QRMA8xDTALBgNVBAMMBHQ3NDcwE6QRMA8xDTALBgNVBAMMBHQ3NDgwE6QRMA8x +-DTALBgNVBAMMBHQ3NDkwE6QRMA8xDTALBgNVBAMMBHQ3NTAwE6QRMA8xDTALBgNV +-BAMMBHQ3NTEwE6QRMA8xDTALBgNVBAMMBHQ3NTIwE6QRMA8xDTALBgNVBAMMBHQ3 +-NTMwE6QRMA8xDTALBgNVBAMMBHQ3NTQwE6QRMA8xDTALBgNVBAMMBHQ3NTUwE6QR +-MA8xDTALBgNVBAMMBHQ3NTYwE6QRMA8xDTALBgNVBAMMBHQ3NTcwE6QRMA8xDTAL +-BgNVBAMMBHQ3NTgwE6QRMA8xDTALBgNVBAMMBHQ3NTkwE6QRMA8xDTALBgNVBAMM +-BHQ3NjAwE6QRMA8xDTALBgNVBAMMBHQ3NjEwE6QRMA8xDTALBgNVBAMMBHQ3NjIw +-E6QRMA8xDTALBgNVBAMMBHQ3NjMwE6QRMA8xDTALBgNVBAMMBHQ3NjQwE6QRMA8x +-DTALBgNVBAMMBHQ3NjUwE6QRMA8xDTALBgNVBAMMBHQ3NjYwE6QRMA8xDTALBgNV +-BAMMBHQ3NjcwE6QRMA8xDTALBgNVBAMMBHQ3NjgwE6QRMA8xDTALBgNVBAMMBHQ3 +-NjkwE6QRMA8xDTALBgNVBAMMBHQ3NzAwE6QRMA8xDTALBgNVBAMMBHQ3NzEwE6QR +-MA8xDTALBgNVBAMMBHQ3NzIwE6QRMA8xDTALBgNVBAMMBHQ3NzMwE6QRMA8xDTAL +-BgNVBAMMBHQ3NzQwE6QRMA8xDTALBgNVBAMMBHQ3NzUwE6QRMA8xDTALBgNVBAMM +-BHQ3NzYwE6QRMA8xDTALBgNVBAMMBHQ3NzcwE6QRMA8xDTALBgNVBAMMBHQ3Nzgw +-E6QRMA8xDTALBgNVBAMMBHQ3NzkwE6QRMA8xDTALBgNVBAMMBHQ3ODAwE6QRMA8x +-DTALBgNVBAMMBHQ3ODEwE6QRMA8xDTALBgNVBAMMBHQ3ODIwE6QRMA8xDTALBgNV +-BAMMBHQ3ODMwE6QRMA8xDTALBgNVBAMMBHQ3ODQwE6QRMA8xDTALBgNVBAMMBHQ3 +-ODUwE6QRMA8xDTALBgNVBAMMBHQ3ODYwE6QRMA8xDTALBgNVBAMMBHQ3ODcwE6QR +-MA8xDTALBgNVBAMMBHQ3ODgwE6QRMA8xDTALBgNVBAMMBHQ3ODkwE6QRMA8xDTAL +-BgNVBAMMBHQ3OTAwE6QRMA8xDTALBgNVBAMMBHQ3OTEwE6QRMA8xDTALBgNVBAMM +-BHQ3OTIwE6QRMA8xDTALBgNVBAMMBHQ3OTMwE6QRMA8xDTALBgNVBAMMBHQ3OTQw +-E6QRMA8xDTALBgNVBAMMBHQ3OTUwE6QRMA8xDTALBgNVBAMMBHQ3OTYwE6QRMA8x +-DTALBgNVBAMMBHQ3OTcwE6QRMA8xDTALBgNVBAMMBHQ3OTgwE6QRMA8xDTALBgNV +-BAMMBHQ3OTkwE6QRMA8xDTALBgNVBAMMBHQ4MDAwE6QRMA8xDTALBgNVBAMMBHQ4 +-MDEwE6QRMA8xDTALBgNVBAMMBHQ4MDIwE6QRMA8xDTALBgNVBAMMBHQ4MDMwE6QR +-MA8xDTALBgNVBAMMBHQ4MDQwE6QRMA8xDTALBgNVBAMMBHQ4MDUwE6QRMA8xDTAL +-BgNVBAMMBHQ4MDYwE6QRMA8xDTALBgNVBAMMBHQ4MDcwE6QRMA8xDTALBgNVBAMM +-BHQ4MDgwE6QRMA8xDTALBgNVBAMMBHQ4MDkwE6QRMA8xDTALBgNVBAMMBHQ4MTAw +-E6QRMA8xDTALBgNVBAMMBHQ4MTEwE6QRMA8xDTALBgNVBAMMBHQ4MTIwE6QRMA8x +-DTALBgNVBAMMBHQ4MTMwE6QRMA8xDTALBgNVBAMMBHQ4MTQwE6QRMA8xDTALBgNV +-BAMMBHQ4MTUwE6QRMA8xDTALBgNVBAMMBHQ4MTYwE6QRMA8xDTALBgNVBAMMBHQ4 +-MTcwE6QRMA8xDTALBgNVBAMMBHQ4MTgwE6QRMA8xDTALBgNVBAMMBHQ4MTkwE6QR +-MA8xDTALBgNVBAMMBHQ4MjAwE6QRMA8xDTALBgNVBAMMBHQ4MjEwE6QRMA8xDTAL +-BgNVBAMMBHQ4MjIwE6QRMA8xDTALBgNVBAMMBHQ4MjMwE6QRMA8xDTALBgNVBAMM +-BHQ4MjQwE6QRMA8xDTALBgNVBAMMBHQ4MjUwE6QRMA8xDTALBgNVBAMMBHQ4MjYw +-E6QRMA8xDTALBgNVBAMMBHQ4MjcwE6QRMA8xDTALBgNVBAMMBHQ4MjgwE6QRMA8x +-DTALBgNVBAMMBHQ4MjkwE6QRMA8xDTALBgNVBAMMBHQ4MzAwE6QRMA8xDTALBgNV +-BAMMBHQ4MzEwE6QRMA8xDTALBgNVBAMMBHQ4MzIwE6QRMA8xDTALBgNVBAMMBHQ4 +-MzMwE6QRMA8xDTALBgNVBAMMBHQ4MzQwE6QRMA8xDTALBgNVBAMMBHQ4MzUwE6QR +-MA8xDTALBgNVBAMMBHQ4MzYwE6QRMA8xDTALBgNVBAMMBHQ4MzcwE6QRMA8xDTAL +-BgNVBAMMBHQ4MzgwE6QRMA8xDTALBgNVBAMMBHQ4MzkwE6QRMA8xDTALBgNVBAMM +-BHQ4NDAwE6QRMA8xDTALBgNVBAMMBHQ4NDEwE6QRMA8xDTALBgNVBAMMBHQ4NDIw +-E6QRMA8xDTALBgNVBAMMBHQ4NDMwE6QRMA8xDTALBgNVBAMMBHQ4NDQwE6QRMA8x +-DTALBgNVBAMMBHQ4NDUwE6QRMA8xDTALBgNVBAMMBHQ4NDYwE6QRMA8xDTALBgNV +-BAMMBHQ4NDcwE6QRMA8xDTALBgNVBAMMBHQ4NDgwE6QRMA8xDTALBgNVBAMMBHQ4 +-NDkwE6QRMA8xDTALBgNVBAMMBHQ4NTAwE6QRMA8xDTALBgNVBAMMBHQ4NTEwE6QR +-MA8xDTALBgNVBAMMBHQ4NTIwE6QRMA8xDTALBgNVBAMMBHQ4NTMwE6QRMA8xDTAL +-BgNVBAMMBHQ4NTQwE6QRMA8xDTALBgNVBAMMBHQ4NTUwE6QRMA8xDTALBgNVBAMM +-BHQ4NTYwE6QRMA8xDTALBgNVBAMMBHQ4NTcwE6QRMA8xDTALBgNVBAMMBHQ4NTgw +-E6QRMA8xDTALBgNVBAMMBHQ4NTkwE6QRMA8xDTALBgNVBAMMBHQ4NjAwE6QRMA8x +-DTALBgNVBAMMBHQ4NjEwE6QRMA8xDTALBgNVBAMMBHQ4NjIwE6QRMA8xDTALBgNV +-BAMMBHQ4NjMwE6QRMA8xDTALBgNVBAMMBHQ4NjQwE6QRMA8xDTALBgNVBAMMBHQ4 +-NjUwE6QRMA8xDTALBgNVBAMMBHQ4NjYwE6QRMA8xDTALBgNVBAMMBHQ4NjcwE6QR +-MA8xDTALBgNVBAMMBHQ4NjgwE6QRMA8xDTALBgNVBAMMBHQ4NjkwE6QRMA8xDTAL +-BgNVBAMMBHQ4NzAwE6QRMA8xDTALBgNVBAMMBHQ4NzEwE6QRMA8xDTALBgNVBAMM +-BHQ4NzIwE6QRMA8xDTALBgNVBAMMBHQ4NzMwE6QRMA8xDTALBgNVBAMMBHQ4NzQw +-E6QRMA8xDTALBgNVBAMMBHQ4NzUwE6QRMA8xDTALBgNVBAMMBHQ4NzYwE6QRMA8x +-DTALBgNVBAMMBHQ4NzcwE6QRMA8xDTALBgNVBAMMBHQ4NzgwE6QRMA8xDTALBgNV +-BAMMBHQ4NzkwE6QRMA8xDTALBgNVBAMMBHQ4ODAwE6QRMA8xDTALBgNVBAMMBHQ4 +-ODEwE6QRMA8xDTALBgNVBAMMBHQ4ODIwE6QRMA8xDTALBgNVBAMMBHQ4ODMwE6QR +-MA8xDTALBgNVBAMMBHQ4ODQwE6QRMA8xDTALBgNVBAMMBHQ4ODUwE6QRMA8xDTAL +-BgNVBAMMBHQ4ODYwE6QRMA8xDTALBgNVBAMMBHQ4ODcwE6QRMA8xDTALBgNVBAMM +-BHQ4ODgwE6QRMA8xDTALBgNVBAMMBHQ4ODkwE6QRMA8xDTALBgNVBAMMBHQ4OTAw +-E6QRMA8xDTALBgNVBAMMBHQ4OTEwE6QRMA8xDTALBgNVBAMMBHQ4OTIwE6QRMA8x +-DTALBgNVBAMMBHQ4OTMwE6QRMA8xDTALBgNVBAMMBHQ4OTQwE6QRMA8xDTALBgNV +-BAMMBHQ4OTUwE6QRMA8xDTALBgNVBAMMBHQ4OTYwE6QRMA8xDTALBgNVBAMMBHQ4 +-OTcwE6QRMA8xDTALBgNVBAMMBHQ4OTgwE6QRMA8xDTALBgNVBAMMBHQ4OTkwE6QR +-MA8xDTALBgNVBAMMBHQ5MDAwE6QRMA8xDTALBgNVBAMMBHQ5MDEwE6QRMA8xDTAL +-BgNVBAMMBHQ5MDIwE6QRMA8xDTALBgNVBAMMBHQ5MDMwE6QRMA8xDTALBgNVBAMM +-BHQ5MDQwE6QRMA8xDTALBgNVBAMMBHQ5MDUwE6QRMA8xDTALBgNVBAMMBHQ5MDYw +-E6QRMA8xDTALBgNVBAMMBHQ5MDcwE6QRMA8xDTALBgNVBAMMBHQ5MDgwE6QRMA8x +-DTALBgNVBAMMBHQ5MDkwE6QRMA8xDTALBgNVBAMMBHQ5MTAwE6QRMA8xDTALBgNV +-BAMMBHQ5MTEwE6QRMA8xDTALBgNVBAMMBHQ5MTIwE6QRMA8xDTALBgNVBAMMBHQ5 +-MTMwE6QRMA8xDTALBgNVBAMMBHQ5MTQwE6QRMA8xDTALBgNVBAMMBHQ5MTUwE6QR +-MA8xDTALBgNVBAMMBHQ5MTYwE6QRMA8xDTALBgNVBAMMBHQ5MTcwE6QRMA8xDTAL +-BgNVBAMMBHQ5MTgwE6QRMA8xDTALBgNVBAMMBHQ5MTkwE6QRMA8xDTALBgNVBAMM +-BHQ5MjAwE6QRMA8xDTALBgNVBAMMBHQ5MjEwE6QRMA8xDTALBgNVBAMMBHQ5MjIw +-E6QRMA8xDTALBgNVBAMMBHQ5MjMwE6QRMA8xDTALBgNVBAMMBHQ5MjQwE6QRMA8x +-DTALBgNVBAMMBHQ5MjUwE6QRMA8xDTALBgNVBAMMBHQ5MjYwE6QRMA8xDTALBgNV +-BAMMBHQ5MjcwE6QRMA8xDTALBgNVBAMMBHQ5MjgwE6QRMA8xDTALBgNVBAMMBHQ5 +-MjkwE6QRMA8xDTALBgNVBAMMBHQ5MzAwE6QRMA8xDTALBgNVBAMMBHQ5MzEwE6QR +-MA8xDTALBgNVBAMMBHQ5MzIwE6QRMA8xDTALBgNVBAMMBHQ5MzMwE6QRMA8xDTAL +-BgNVBAMMBHQ5MzQwE6QRMA8xDTALBgNVBAMMBHQ5MzUwE6QRMA8xDTALBgNVBAMM +-BHQ5MzYwE6QRMA8xDTALBgNVBAMMBHQ5MzcwE6QRMA8xDTALBgNVBAMMBHQ5Mzgw +-E6QRMA8xDTALBgNVBAMMBHQ5MzkwE6QRMA8xDTALBgNVBAMMBHQ5NDAwE6QRMA8x +-DTALBgNVBAMMBHQ5NDEwE6QRMA8xDTALBgNVBAMMBHQ5NDIwE6QRMA8xDTALBgNV +-BAMMBHQ5NDMwE6QRMA8xDTALBgNVBAMMBHQ5NDQwE6QRMA8xDTALBgNVBAMMBHQ5 +-NDUwE6QRMA8xDTALBgNVBAMMBHQ5NDYwE6QRMA8xDTALBgNVBAMMBHQ5NDcwE6QR +-MA8xDTALBgNVBAMMBHQ5NDgwE6QRMA8xDTALBgNVBAMMBHQ5NDkwE6QRMA8xDTAL +-BgNVBAMMBHQ5NTAwE6QRMA8xDTALBgNVBAMMBHQ5NTEwE6QRMA8xDTALBgNVBAMM +-BHQ5NTIwE6QRMA8xDTALBgNVBAMMBHQ5NTMwE6QRMA8xDTALBgNVBAMMBHQ5NTQw +-E6QRMA8xDTALBgNVBAMMBHQ5NTUwE6QRMA8xDTALBgNVBAMMBHQ5NTYwE6QRMA8x +-DTALBgNVBAMMBHQ5NTcwE6QRMA8xDTALBgNVBAMMBHQ5NTgwE6QRMA8xDTALBgNV +-BAMMBHQ5NTkwE6QRMA8xDTALBgNVBAMMBHQ5NjAwE6QRMA8xDTALBgNVBAMMBHQ5 +-NjEwE6QRMA8xDTALBgNVBAMMBHQ5NjIwE6QRMA8xDTALBgNVBAMMBHQ5NjMwE6QR +-MA8xDTALBgNVBAMMBHQ5NjQwE6QRMA8xDTALBgNVBAMMBHQ5NjUwE6QRMA8xDTAL +-BgNVBAMMBHQ5NjYwE6QRMA8xDTALBgNVBAMMBHQ5NjcwE6QRMA8xDTALBgNVBAMM +-BHQ5NjgwE6QRMA8xDTALBgNVBAMMBHQ5NjkwE6QRMA8xDTALBgNVBAMMBHQ5NzAw +-E6QRMA8xDTALBgNVBAMMBHQ5NzEwE6QRMA8xDTALBgNVBAMMBHQ5NzIwE6QRMA8x +-DTALBgNVBAMMBHQ5NzMwE6QRMA8xDTALBgNVBAMMBHQ5NzQwE6QRMA8xDTALBgNV +-BAMMBHQ5NzUwE6QRMA8xDTALBgNVBAMMBHQ5NzYwE6QRMA8xDTALBgNVBAMMBHQ5 +-NzcwE6QRMA8xDTALBgNVBAMMBHQ5NzgwE6QRMA8xDTALBgNVBAMMBHQ5NzkwE6QR +-MA8xDTALBgNVBAMMBHQ5ODAwE6QRMA8xDTALBgNVBAMMBHQ5ODEwE6QRMA8xDTAL +-BgNVBAMMBHQ5ODIwE6QRMA8xDTALBgNVBAMMBHQ5ODMwE6QRMA8xDTALBgNVBAMM +-BHQ5ODQwE6QRMA8xDTALBgNVBAMMBHQ5ODUwE6QRMA8xDTALBgNVBAMMBHQ5ODYw +-E6QRMA8xDTALBgNVBAMMBHQ5ODcwE6QRMA8xDTALBgNVBAMMBHQ5ODgwE6QRMA8x +-DTALBgNVBAMMBHQ5ODkwE6QRMA8xDTALBgNVBAMMBHQ5OTAwE6QRMA8xDTALBgNV +-BAMMBHQ5OTEwE6QRMA8xDTALBgNVBAMMBHQ5OTIwE6QRMA8xDTALBgNVBAMMBHQ5 +-OTMwE6QRMA8xDTALBgNVBAMMBHQ5OTQwE6QRMA8xDTALBgNVBAMMBHQ5OTUwE6QR +-MA8xDTALBgNVBAMMBHQ5OTYwE6QRMA8xDTALBgNVBAMMBHQ5OTcwE6QRMA8xDTAL +-BgNVBAMMBHQ5OTgwE6QRMA8xDTALBgNVBAMMBHQ5OTkwFKQSMBAxDjAMBgNVBAMM +-BXQxMDAwMBSkEjAQMQ4wDAYDVQQDDAV0MTAwMTAUpBIwEDEOMAwGA1UEAwwFdDEw +-MDIwFKQSMBAxDjAMBgNVBAMMBXQxMDAzMBSkEjAQMQ4wDAYDVQQDDAV0MTAwNDAU +-pBIwEDEOMAwGA1UEAwwFdDEwMDUwFKQSMBAxDjAMBgNVBAMMBXQxMDA2MBSkEjAQ +-MQ4wDAYDVQQDDAV0MTAwNzAUpBIwEDEOMAwGA1UEAwwFdDEwMDgwFKQSMBAxDjAM +-BgNVBAMMBXQxMDA5MBSkEjAQMQ4wDAYDVQQDDAV0MTAxMDAUpBIwEDEOMAwGA1UE +-AwwFdDEwMTEwFKQSMBAxDjAMBgNVBAMMBXQxMDEyMBSkEjAQMQ4wDAYDVQQDDAV0 +-MTAxMzAUpBIwEDEOMAwGA1UEAwwFdDEwMTQwFKQSMBAxDjAMBgNVBAMMBXQxMDE1 +-MBSkEjAQMQ4wDAYDVQQDDAV0MTAxNjAUpBIwEDEOMAwGA1UEAwwFdDEwMTcwFKQS +-MBAxDjAMBgNVBAMMBXQxMDE4MBSkEjAQMQ4wDAYDVQQDDAV0MTAxOTAUpBIwEDEO +-MAwGA1UEAwwFdDEwMjAwFKQSMBAxDjAMBgNVBAMMBXQxMDIxMBSkEjAQMQ4wDAYD +-VQQDDAV0MTAyMjAUpBIwEDEOMAwGA1UEAwwFdDEwMjMwFKQSMBAxDjAMBgNVBAMM +-BXQxMDI0MA+GDWh0dHA6Ly90ZXN0LzAwD4YNaHR0cDovL3Rlc3QvMTAPhg1odHRw +-Oi8vdGVzdC8yMA+GDWh0dHA6Ly90ZXN0LzMwD4YNaHR0cDovL3Rlc3QvNDAPhg1o +-dHRwOi8vdGVzdC81MA+GDWh0dHA6Ly90ZXN0LzYwD4YNaHR0cDovL3Rlc3QvNzAP +-hg1odHRwOi8vdGVzdC84MA+GDWh0dHA6Ly90ZXN0LzkwEIYOaHR0cDovL3Rlc3Qv +-MTAwEIYOaHR0cDovL3Rlc3QvMTEwEIYOaHR0cDovL3Rlc3QvMTIwEIYOaHR0cDov +-L3Rlc3QvMTMwEIYOaHR0cDovL3Rlc3QvMTQwEIYOaHR0cDovL3Rlc3QvMTUwEIYO +-aHR0cDovL3Rlc3QvMTYwEIYOaHR0cDovL3Rlc3QvMTcwEIYOaHR0cDovL3Rlc3Qv +-MTgwEIYOaHR0cDovL3Rlc3QvMTkwEIYOaHR0cDovL3Rlc3QvMjAwEIYOaHR0cDov +-L3Rlc3QvMjEwEIYOaHR0cDovL3Rlc3QvMjIwEIYOaHR0cDovL3Rlc3QvMjMwEIYO +-aHR0cDovL3Rlc3QvMjQwEIYOaHR0cDovL3Rlc3QvMjUwEIYOaHR0cDovL3Rlc3Qv +-MjYwEIYOaHR0cDovL3Rlc3QvMjcwEIYOaHR0cDovL3Rlc3QvMjgwEIYOaHR0cDov +-L3Rlc3QvMjkwEIYOaHR0cDovL3Rlc3QvMzAwEIYOaHR0cDovL3Rlc3QvMzEwEIYO +-aHR0cDovL3Rlc3QvMzIwEIYOaHR0cDovL3Rlc3QvMzMwEIYOaHR0cDovL3Rlc3Qv +-MzQwEIYOaHR0cDovL3Rlc3QvMzUwEIYOaHR0cDovL3Rlc3QvMzYwEIYOaHR0cDov +-L3Rlc3QvMzcwEIYOaHR0cDovL3Rlc3QvMzgwEIYOaHR0cDovL3Rlc3QvMzkwEIYO +-aHR0cDovL3Rlc3QvNDAwEIYOaHR0cDovL3Rlc3QvNDEwEIYOaHR0cDovL3Rlc3Qv +-NDIwEIYOaHR0cDovL3Rlc3QvNDMwEIYOaHR0cDovL3Rlc3QvNDQwEIYOaHR0cDov +-L3Rlc3QvNDUwEIYOaHR0cDovL3Rlc3QvNDYwEIYOaHR0cDovL3Rlc3QvNDcwEIYO +-aHR0cDovL3Rlc3QvNDgwEIYOaHR0cDovL3Rlc3QvNDkwEIYOaHR0cDovL3Rlc3Qv +-NTAwEIYOaHR0cDovL3Rlc3QvNTEwEIYOaHR0cDovL3Rlc3QvNTIwEIYOaHR0cDov +-L3Rlc3QvNTMwEIYOaHR0cDovL3Rlc3QvNTQwEIYOaHR0cDovL3Rlc3QvNTUwEIYO +-aHR0cDovL3Rlc3QvNTYwEIYOaHR0cDovL3Rlc3QvNTcwEIYOaHR0cDovL3Rlc3Qv +-NTgwEIYOaHR0cDovL3Rlc3QvNTkwEIYOaHR0cDovL3Rlc3QvNjAwEIYOaHR0cDov +-L3Rlc3QvNjEwEIYOaHR0cDovL3Rlc3QvNjIwEIYOaHR0cDovL3Rlc3QvNjMwEIYO +-aHR0cDovL3Rlc3QvNjQwEIYOaHR0cDovL3Rlc3QvNjUwEIYOaHR0cDovL3Rlc3Qv +-NjYwEIYOaHR0cDovL3Rlc3QvNjcwEIYOaHR0cDovL3Rlc3QvNjgwEIYOaHR0cDov +-L3Rlc3QvNjkwEIYOaHR0cDovL3Rlc3QvNzAwEIYOaHR0cDovL3Rlc3QvNzEwEIYO +-aHR0cDovL3Rlc3QvNzIwEIYOaHR0cDovL3Rlc3QvNzMwEIYOaHR0cDovL3Rlc3Qv +-NzQwEIYOaHR0cDovL3Rlc3QvNzUwEIYOaHR0cDovL3Rlc3QvNzYwEIYOaHR0cDov +-L3Rlc3QvNzcwEIYOaHR0cDovL3Rlc3QvNzgwEIYOaHR0cDovL3Rlc3QvNzkwEIYO +-aHR0cDovL3Rlc3QvODAwEIYOaHR0cDovL3Rlc3QvODEwEIYOaHR0cDovL3Rlc3Qv +-ODIwEIYOaHR0cDovL3Rlc3QvODMwEIYOaHR0cDovL3Rlc3QvODQwEIYOaHR0cDov +-L3Rlc3QvODUwEIYOaHR0cDovL3Rlc3QvODYwEIYOaHR0cDovL3Rlc3QvODcwEIYO +-aHR0cDovL3Rlc3QvODgwEIYOaHR0cDovL3Rlc3QvODkwEIYOaHR0cDovL3Rlc3Qv +-OTAwEIYOaHR0cDovL3Rlc3QvOTEwEIYOaHR0cDovL3Rlc3QvOTIwEIYOaHR0cDov +-L3Rlc3QvOTMwEIYOaHR0cDovL3Rlc3QvOTQwEIYOaHR0cDovL3Rlc3QvOTUwEIYO +-aHR0cDovL3Rlc3QvOTYwEIYOaHR0cDovL3Rlc3QvOTcwEIYOaHR0cDovL3Rlc3Qv +-OTgwEIYOaHR0cDovL3Rlc3QvOTkwEYYPaHR0cDovL3Rlc3QvMTAwMBGGD2h0dHA6 +-Ly90ZXN0LzEwMTARhg9odHRwOi8vdGVzdC8xMDIwEYYPaHR0cDovL3Rlc3QvMTAz +-MBGGD2h0dHA6Ly90ZXN0LzEwNDARhg9odHRwOi8vdGVzdC8xMDUwEYYPaHR0cDov +-L3Rlc3QvMTA2MBGGD2h0dHA6Ly90ZXN0LzEwNzARhg9odHRwOi8vdGVzdC8xMDgw +-EYYPaHR0cDovL3Rlc3QvMTA5MBGGD2h0dHA6Ly90ZXN0LzExMDARhg9odHRwOi8v +-dGVzdC8xMTEwEYYPaHR0cDovL3Rlc3QvMTEyMBGGD2h0dHA6Ly90ZXN0LzExMzAR +-hg9odHRwOi8vdGVzdC8xMTQwEYYPaHR0cDovL3Rlc3QvMTE1MBGGD2h0dHA6Ly90 +-ZXN0LzExNjARhg9odHRwOi8vdGVzdC8xMTcwEYYPaHR0cDovL3Rlc3QvMTE4MBGG +-D2h0dHA6Ly90ZXN0LzExOTARhg9odHRwOi8vdGVzdC8xMjAwEYYPaHR0cDovL3Rl +-c3QvMTIxMBGGD2h0dHA6Ly90ZXN0LzEyMjARhg9odHRwOi8vdGVzdC8xMjMwEYYP +-aHR0cDovL3Rlc3QvMTI0MBGGD2h0dHA6Ly90ZXN0LzEyNTARhg9odHRwOi8vdGVz +-dC8xMjYwEYYPaHR0cDovL3Rlc3QvMTI3MBGGD2h0dHA6Ly90ZXN0LzEyODARhg9o +-dHRwOi8vdGVzdC8xMjkwEYYPaHR0cDovL3Rlc3QvMTMwMBGGD2h0dHA6Ly90ZXN0 +-LzEzMTARhg9odHRwOi8vdGVzdC8xMzIwEYYPaHR0cDovL3Rlc3QvMTMzMBGGD2h0 +-dHA6Ly90ZXN0LzEzNDARhg9odHRwOi8vdGVzdC8xMzUwEYYPaHR0cDovL3Rlc3Qv +-MTM2MBGGD2h0dHA6Ly90ZXN0LzEzNzARhg9odHRwOi8vdGVzdC8xMzgwEYYPaHR0 +-cDovL3Rlc3QvMTM5MBGGD2h0dHA6Ly90ZXN0LzE0MDARhg9odHRwOi8vdGVzdC8x +-NDEwEYYPaHR0cDovL3Rlc3QvMTQyMBGGD2h0dHA6Ly90ZXN0LzE0MzARhg9odHRw +-Oi8vdGVzdC8xNDQwEYYPaHR0cDovL3Rlc3QvMTQ1MBGGD2h0dHA6Ly90ZXN0LzE0 +-NjARhg9odHRwOi8vdGVzdC8xNDcwEYYPaHR0cDovL3Rlc3QvMTQ4MBGGD2h0dHA6 +-Ly90ZXN0LzE0OTARhg9odHRwOi8vdGVzdC8xNTAwEYYPaHR0cDovL3Rlc3QvMTUx +-MBGGD2h0dHA6Ly90ZXN0LzE1MjARhg9odHRwOi8vdGVzdC8xNTMwEYYPaHR0cDov +-L3Rlc3QvMTU0MBGGD2h0dHA6Ly90ZXN0LzE1NTARhg9odHRwOi8vdGVzdC8xNTYw +-EYYPaHR0cDovL3Rlc3QvMTU3MBGGD2h0dHA6Ly90ZXN0LzE1ODARhg9odHRwOi8v +-dGVzdC8xNTkwEYYPaHR0cDovL3Rlc3QvMTYwMBGGD2h0dHA6Ly90ZXN0LzE2MTAR +-hg9odHRwOi8vdGVzdC8xNjIwEYYPaHR0cDovL3Rlc3QvMTYzMBGGD2h0dHA6Ly90 +-ZXN0LzE2NDARhg9odHRwOi8vdGVzdC8xNjUwEYYPaHR0cDovL3Rlc3QvMTY2MBGG +-D2h0dHA6Ly90ZXN0LzE2NzARhg9odHRwOi8vdGVzdC8xNjgwEYYPaHR0cDovL3Rl +-c3QvMTY5MBGGD2h0dHA6Ly90ZXN0LzE3MDARhg9odHRwOi8vdGVzdC8xNzEwEYYP +-aHR0cDovL3Rlc3QvMTcyMBGGD2h0dHA6Ly90ZXN0LzE3MzARhg9odHRwOi8vdGVz +-dC8xNzQwEYYPaHR0cDovL3Rlc3QvMTc1MBGGD2h0dHA6Ly90ZXN0LzE3NjARhg9o +-dHRwOi8vdGVzdC8xNzcwEYYPaHR0cDovL3Rlc3QvMTc4MBGGD2h0dHA6Ly90ZXN0 +-LzE3OTARhg9odHRwOi8vdGVzdC8xODAwEYYPaHR0cDovL3Rlc3QvMTgxMBGGD2h0 +-dHA6Ly90ZXN0LzE4MjARhg9odHRwOi8vdGVzdC8xODMwEYYPaHR0cDovL3Rlc3Qv +-MTg0MBGGD2h0dHA6Ly90ZXN0LzE4NTARhg9odHRwOi8vdGVzdC8xODYwEYYPaHR0 +-cDovL3Rlc3QvMTg3MBGGD2h0dHA6Ly90ZXN0LzE4ODARhg9odHRwOi8vdGVzdC8x +-ODkwEYYPaHR0cDovL3Rlc3QvMTkwMBGGD2h0dHA6Ly90ZXN0LzE5MTARhg9odHRw +-Oi8vdGVzdC8xOTIwEYYPaHR0cDovL3Rlc3QvMTkzMBGGD2h0dHA6Ly90ZXN0LzE5 +-NDARhg9odHRwOi8vdGVzdC8xOTUwEYYPaHR0cDovL3Rlc3QvMTk2MBGGD2h0dHA6 +-Ly90ZXN0LzE5NzARhg9odHRwOi8vdGVzdC8xOTgwEYYPaHR0cDovL3Rlc3QvMTk5 +-MBGGD2h0dHA6Ly90ZXN0LzIwMDARhg9odHRwOi8vdGVzdC8yMDEwEYYPaHR0cDov +-L3Rlc3QvMjAyMBGGD2h0dHA6Ly90ZXN0LzIwMzARhg9odHRwOi8vdGVzdC8yMDQw +-EYYPaHR0cDovL3Rlc3QvMjA1MBGGD2h0dHA6Ly90ZXN0LzIwNjARhg9odHRwOi8v +-dGVzdC8yMDcwEYYPaHR0cDovL3Rlc3QvMjA4MBGGD2h0dHA6Ly90ZXN0LzIwOTAR +-hg9odHRwOi8vdGVzdC8yMTAwEYYPaHR0cDovL3Rlc3QvMjExMBGGD2h0dHA6Ly90 +-ZXN0LzIxMjARhg9odHRwOi8vdGVzdC8yMTMwEYYPaHR0cDovL3Rlc3QvMjE0MBGG +-D2h0dHA6Ly90ZXN0LzIxNTARhg9odHRwOi8vdGVzdC8yMTYwEYYPaHR0cDovL3Rl +-c3QvMjE3MBGGD2h0dHA6Ly90ZXN0LzIxODARhg9odHRwOi8vdGVzdC8yMTkwEYYP +-aHR0cDovL3Rlc3QvMjIwMBGGD2h0dHA6Ly90ZXN0LzIyMTARhg9odHRwOi8vdGVz +-dC8yMjIwEYYPaHR0cDovL3Rlc3QvMjIzMBGGD2h0dHA6Ly90ZXN0LzIyNDARhg9o +-dHRwOi8vdGVzdC8yMjUwEYYPaHR0cDovL3Rlc3QvMjI2MBGGD2h0dHA6Ly90ZXN0 +-LzIyNzARhg9odHRwOi8vdGVzdC8yMjgwEYYPaHR0cDovL3Rlc3QvMjI5MBGGD2h0 +-dHA6Ly90ZXN0LzIzMDARhg9odHRwOi8vdGVzdC8yMzEwEYYPaHR0cDovL3Rlc3Qv +-MjMyMBGGD2h0dHA6Ly90ZXN0LzIzMzARhg9odHRwOi8vdGVzdC8yMzQwEYYPaHR0 +-cDovL3Rlc3QvMjM1MBGGD2h0dHA6Ly90ZXN0LzIzNjARhg9odHRwOi8vdGVzdC8y +-MzcwEYYPaHR0cDovL3Rlc3QvMjM4MBGGD2h0dHA6Ly90ZXN0LzIzOTARhg9odHRw +-Oi8vdGVzdC8yNDAwEYYPaHR0cDovL3Rlc3QvMjQxMBGGD2h0dHA6Ly90ZXN0LzI0 +-MjARhg9odHRwOi8vdGVzdC8yNDMwEYYPaHR0cDovL3Rlc3QvMjQ0MBGGD2h0dHA6 +-Ly90ZXN0LzI0NTARhg9odHRwOi8vdGVzdC8yNDYwEYYPaHR0cDovL3Rlc3QvMjQ3 +-MBGGD2h0dHA6Ly90ZXN0LzI0ODARhg9odHRwOi8vdGVzdC8yNDkwEYYPaHR0cDov +-L3Rlc3QvMjUwMBGGD2h0dHA6Ly90ZXN0LzI1MTARhg9odHRwOi8vdGVzdC8yNTIw +-EYYPaHR0cDovL3Rlc3QvMjUzMBGGD2h0dHA6Ly90ZXN0LzI1NDARhg9odHRwOi8v +-dGVzdC8yNTUwEYYPaHR0cDovL3Rlc3QvMjU2MBGGD2h0dHA6Ly90ZXN0LzI1NzAR +-hg9odHRwOi8vdGVzdC8yNTgwEYYPaHR0cDovL3Rlc3QvMjU5MBGGD2h0dHA6Ly90 +-ZXN0LzI2MDARhg9odHRwOi8vdGVzdC8yNjEwEYYPaHR0cDovL3Rlc3QvMjYyMBGG +-D2h0dHA6Ly90ZXN0LzI2MzARhg9odHRwOi8vdGVzdC8yNjQwEYYPaHR0cDovL3Rl +-c3QvMjY1MBGGD2h0dHA6Ly90ZXN0LzI2NjARhg9odHRwOi8vdGVzdC8yNjcwEYYP +-aHR0cDovL3Rlc3QvMjY4MBGGD2h0dHA6Ly90ZXN0LzI2OTARhg9odHRwOi8vdGVz +-dC8yNzAwEYYPaHR0cDovL3Rlc3QvMjcxMBGGD2h0dHA6Ly90ZXN0LzI3MjARhg9o +-dHRwOi8vdGVzdC8yNzMwEYYPaHR0cDovL3Rlc3QvMjc0MBGGD2h0dHA6Ly90ZXN0 +-LzI3NTARhg9odHRwOi8vdGVzdC8yNzYwEYYPaHR0cDovL3Rlc3QvMjc3MBGGD2h0 +-dHA6Ly90ZXN0LzI3ODARhg9odHRwOi8vdGVzdC8yNzkwEYYPaHR0cDovL3Rlc3Qv +-MjgwMBGGD2h0dHA6Ly90ZXN0LzI4MTARhg9odHRwOi8vdGVzdC8yODIwEYYPaHR0 +-cDovL3Rlc3QvMjgzMBGGD2h0dHA6Ly90ZXN0LzI4NDARhg9odHRwOi8vdGVzdC8y +-ODUwEYYPaHR0cDovL3Rlc3QvMjg2MBGGD2h0dHA6Ly90ZXN0LzI4NzARhg9odHRw +-Oi8vdGVzdC8yODgwEYYPaHR0cDovL3Rlc3QvMjg5MBGGD2h0dHA6Ly90ZXN0LzI5 +-MDARhg9odHRwOi8vdGVzdC8yOTEwEYYPaHR0cDovL3Rlc3QvMjkyMBGGD2h0dHA6 +-Ly90ZXN0LzI5MzARhg9odHRwOi8vdGVzdC8yOTQwEYYPaHR0cDovL3Rlc3QvMjk1 +-MBGGD2h0dHA6Ly90ZXN0LzI5NjARhg9odHRwOi8vdGVzdC8yOTcwEYYPaHR0cDov +-L3Rlc3QvMjk4MBGGD2h0dHA6Ly90ZXN0LzI5OTARhg9odHRwOi8vdGVzdC8zMDAw +-EYYPaHR0cDovL3Rlc3QvMzAxMBGGD2h0dHA6Ly90ZXN0LzMwMjARhg9odHRwOi8v +-dGVzdC8zMDMwEYYPaHR0cDovL3Rlc3QvMzA0MBGGD2h0dHA6Ly90ZXN0LzMwNTAR +-hg9odHRwOi8vdGVzdC8zMDYwEYYPaHR0cDovL3Rlc3QvMzA3MBGGD2h0dHA6Ly90 +-ZXN0LzMwODARhg9odHRwOi8vdGVzdC8zMDkwEYYPaHR0cDovL3Rlc3QvMzEwMBGG +-D2h0dHA6Ly90ZXN0LzMxMTARhg9odHRwOi8vdGVzdC8zMTIwEYYPaHR0cDovL3Rl +-c3QvMzEzMBGGD2h0dHA6Ly90ZXN0LzMxNDARhg9odHRwOi8vdGVzdC8zMTUwEYYP +-aHR0cDovL3Rlc3QvMzE2MBGGD2h0dHA6Ly90ZXN0LzMxNzARhg9odHRwOi8vdGVz +-dC8zMTgwEYYPaHR0cDovL3Rlc3QvMzE5MBGGD2h0dHA6Ly90ZXN0LzMyMDARhg9o +-dHRwOi8vdGVzdC8zMjEwEYYPaHR0cDovL3Rlc3QvMzIyMBGGD2h0dHA6Ly90ZXN0 +-LzMyMzARhg9odHRwOi8vdGVzdC8zMjQwEYYPaHR0cDovL3Rlc3QvMzI1MBGGD2h0 +-dHA6Ly90ZXN0LzMyNjARhg9odHRwOi8vdGVzdC8zMjcwEYYPaHR0cDovL3Rlc3Qv +-MzI4MBGGD2h0dHA6Ly90ZXN0LzMyOTARhg9odHRwOi8vdGVzdC8zMzAwEYYPaHR0 +-cDovL3Rlc3QvMzMxMBGGD2h0dHA6Ly90ZXN0LzMzMjARhg9odHRwOi8vdGVzdC8z +-MzMwEYYPaHR0cDovL3Rlc3QvMzM0MBGGD2h0dHA6Ly90ZXN0LzMzNTARhg9odHRw +-Oi8vdGVzdC8zMzYwEYYPaHR0cDovL3Rlc3QvMzM3MBGGD2h0dHA6Ly90ZXN0LzMz +-ODARhg9odHRwOi8vdGVzdC8zMzkwEYYPaHR0cDovL3Rlc3QvMzQwMBGGD2h0dHA6 +-Ly90ZXN0LzM0MTARhg9odHRwOi8vdGVzdC8zNDIwEYYPaHR0cDovL3Rlc3QvMzQz +-MBGGD2h0dHA6Ly90ZXN0LzM0NDARhg9odHRwOi8vdGVzdC8zNDUwEYYPaHR0cDov +-L3Rlc3QvMzQ2MBGGD2h0dHA6Ly90ZXN0LzM0NzARhg9odHRwOi8vdGVzdC8zNDgw +-EYYPaHR0cDovL3Rlc3QvMzQ5MBGGD2h0dHA6Ly90ZXN0LzM1MDARhg9odHRwOi8v +-dGVzdC8zNTEwEYYPaHR0cDovL3Rlc3QvMzUyMBGGD2h0dHA6Ly90ZXN0LzM1MzAR +-hg9odHRwOi8vdGVzdC8zNTQwEYYPaHR0cDovL3Rlc3QvMzU1MBGGD2h0dHA6Ly90 +-ZXN0LzM1NjARhg9odHRwOi8vdGVzdC8zNTcwEYYPaHR0cDovL3Rlc3QvMzU4MBGG +-D2h0dHA6Ly90ZXN0LzM1OTARhg9odHRwOi8vdGVzdC8zNjAwEYYPaHR0cDovL3Rl +-c3QvMzYxMBGGD2h0dHA6Ly90ZXN0LzM2MjARhg9odHRwOi8vdGVzdC8zNjMwEYYP +-aHR0cDovL3Rlc3QvMzY0MBGGD2h0dHA6Ly90ZXN0LzM2NTARhg9odHRwOi8vdGVz +-dC8zNjYwEYYPaHR0cDovL3Rlc3QvMzY3MBGGD2h0dHA6Ly90ZXN0LzM2ODARhg9o +-dHRwOi8vdGVzdC8zNjkwEYYPaHR0cDovL3Rlc3QvMzcwMBGGD2h0dHA6Ly90ZXN0 +-LzM3MTARhg9odHRwOi8vdGVzdC8zNzIwEYYPaHR0cDovL3Rlc3QvMzczMBGGD2h0 +-dHA6Ly90ZXN0LzM3NDARhg9odHRwOi8vdGVzdC8zNzUwEYYPaHR0cDovL3Rlc3Qv +-Mzc2MBGGD2h0dHA6Ly90ZXN0LzM3NzARhg9odHRwOi8vdGVzdC8zNzgwEYYPaHR0 +-cDovL3Rlc3QvMzc5MBGGD2h0dHA6Ly90ZXN0LzM4MDARhg9odHRwOi8vdGVzdC8z +-ODEwEYYPaHR0cDovL3Rlc3QvMzgyMBGGD2h0dHA6Ly90ZXN0LzM4MzARhg9odHRw +-Oi8vdGVzdC8zODQwEYYPaHR0cDovL3Rlc3QvMzg1MBGGD2h0dHA6Ly90ZXN0LzM4 +-NjARhg9odHRwOi8vdGVzdC8zODcwEYYPaHR0cDovL3Rlc3QvMzg4MBGGD2h0dHA6 +-Ly90ZXN0LzM4OTARhg9odHRwOi8vdGVzdC8zOTAwEYYPaHR0cDovL3Rlc3QvMzkx +-MBGGD2h0dHA6Ly90ZXN0LzM5MjARhg9odHRwOi8vdGVzdC8zOTMwEYYPaHR0cDov +-L3Rlc3QvMzk0MBGGD2h0dHA6Ly90ZXN0LzM5NTARhg9odHRwOi8vdGVzdC8zOTYw +-EYYPaHR0cDovL3Rlc3QvMzk3MBGGD2h0dHA6Ly90ZXN0LzM5ODARhg9odHRwOi8v +-dGVzdC8zOTkwEYYPaHR0cDovL3Rlc3QvNDAwMBGGD2h0dHA6Ly90ZXN0LzQwMTAR +-hg9odHRwOi8vdGVzdC80MDIwEYYPaHR0cDovL3Rlc3QvNDAzMBGGD2h0dHA6Ly90 +-ZXN0LzQwNDARhg9odHRwOi8vdGVzdC80MDUwEYYPaHR0cDovL3Rlc3QvNDA2MBGG +-D2h0dHA6Ly90ZXN0LzQwNzARhg9odHRwOi8vdGVzdC80MDgwEYYPaHR0cDovL3Rl +-c3QvNDA5MBGGD2h0dHA6Ly90ZXN0LzQxMDARhg9odHRwOi8vdGVzdC80MTEwEYYP +-aHR0cDovL3Rlc3QvNDEyMBGGD2h0dHA6Ly90ZXN0LzQxMzARhg9odHRwOi8vdGVz +-dC80MTQwEYYPaHR0cDovL3Rlc3QvNDE1MBGGD2h0dHA6Ly90ZXN0LzQxNjARhg9o +-dHRwOi8vdGVzdC80MTcwEYYPaHR0cDovL3Rlc3QvNDE4MBGGD2h0dHA6Ly90ZXN0 +-LzQxOTARhg9odHRwOi8vdGVzdC80MjAwEYYPaHR0cDovL3Rlc3QvNDIxMBGGD2h0 +-dHA6Ly90ZXN0LzQyMjARhg9odHRwOi8vdGVzdC80MjMwEYYPaHR0cDovL3Rlc3Qv +-NDI0MBGGD2h0dHA6Ly90ZXN0LzQyNTARhg9odHRwOi8vdGVzdC80MjYwEYYPaHR0 +-cDovL3Rlc3QvNDI3MBGGD2h0dHA6Ly90ZXN0LzQyODARhg9odHRwOi8vdGVzdC80 +-MjkwEYYPaHR0cDovL3Rlc3QvNDMwMBGGD2h0dHA6Ly90ZXN0LzQzMTARhg9odHRw +-Oi8vdGVzdC80MzIwEYYPaHR0cDovL3Rlc3QvNDMzMBGGD2h0dHA6Ly90ZXN0LzQz +-NDARhg9odHRwOi8vdGVzdC80MzUwEYYPaHR0cDovL3Rlc3QvNDM2MBGGD2h0dHA6 +-Ly90ZXN0LzQzNzARhg9odHRwOi8vdGVzdC80MzgwEYYPaHR0cDovL3Rlc3QvNDM5 +-MBGGD2h0dHA6Ly90ZXN0LzQ0MDARhg9odHRwOi8vdGVzdC80NDEwEYYPaHR0cDov +-L3Rlc3QvNDQyMBGGD2h0dHA6Ly90ZXN0LzQ0MzARhg9odHRwOi8vdGVzdC80NDQw +-EYYPaHR0cDovL3Rlc3QvNDQ1MBGGD2h0dHA6Ly90ZXN0LzQ0NjARhg9odHRwOi8v +-dGVzdC80NDcwEYYPaHR0cDovL3Rlc3QvNDQ4MBGGD2h0dHA6Ly90ZXN0LzQ0OTAR +-hg9odHRwOi8vdGVzdC80NTAwEYYPaHR0cDovL3Rlc3QvNDUxMBGGD2h0dHA6Ly90 +-ZXN0LzQ1MjARhg9odHRwOi8vdGVzdC80NTMwEYYPaHR0cDovL3Rlc3QvNDU0MBGG +-D2h0dHA6Ly90ZXN0LzQ1NTARhg9odHRwOi8vdGVzdC80NTYwEYYPaHR0cDovL3Rl +-c3QvNDU3MBGGD2h0dHA6Ly90ZXN0LzQ1ODARhg9odHRwOi8vdGVzdC80NTkwEYYP +-aHR0cDovL3Rlc3QvNDYwMBGGD2h0dHA6Ly90ZXN0LzQ2MTARhg9odHRwOi8vdGVz +-dC80NjIwEYYPaHR0cDovL3Rlc3QvNDYzMBGGD2h0dHA6Ly90ZXN0LzQ2NDARhg9o +-dHRwOi8vdGVzdC80NjUwEYYPaHR0cDovL3Rlc3QvNDY2MBGGD2h0dHA6Ly90ZXN0 +-LzQ2NzARhg9odHRwOi8vdGVzdC80NjgwEYYPaHR0cDovL3Rlc3QvNDY5MBGGD2h0 +-dHA6Ly90ZXN0LzQ3MDARhg9odHRwOi8vdGVzdC80NzEwEYYPaHR0cDovL3Rlc3Qv +-NDcyMBGGD2h0dHA6Ly90ZXN0LzQ3MzARhg9odHRwOi8vdGVzdC80NzQwEYYPaHR0 +-cDovL3Rlc3QvNDc1MBGGD2h0dHA6Ly90ZXN0LzQ3NjARhg9odHRwOi8vdGVzdC80 +-NzcwEYYPaHR0cDovL3Rlc3QvNDc4MBGGD2h0dHA6Ly90ZXN0LzQ3OTARhg9odHRw +-Oi8vdGVzdC80ODAwEYYPaHR0cDovL3Rlc3QvNDgxMBGGD2h0dHA6Ly90ZXN0LzQ4 +-MjARhg9odHRwOi8vdGVzdC80ODMwEYYPaHR0cDovL3Rlc3QvNDg0MBGGD2h0dHA6 +-Ly90ZXN0LzQ4NTARhg9odHRwOi8vdGVzdC80ODYwEYYPaHR0cDovL3Rlc3QvNDg3 +-MBGGD2h0dHA6Ly90ZXN0LzQ4ODARhg9odHRwOi8vdGVzdC80ODkwEYYPaHR0cDov +-L3Rlc3QvNDkwMBGGD2h0dHA6Ly90ZXN0LzQ5MTARhg9odHRwOi8vdGVzdC80OTIw +-EYYPaHR0cDovL3Rlc3QvNDkzMBGGD2h0dHA6Ly90ZXN0LzQ5NDARhg9odHRwOi8v +-dGVzdC80OTUwEYYPaHR0cDovL3Rlc3QvNDk2MBGGD2h0dHA6Ly90ZXN0LzQ5NzAR +-hg9odHRwOi8vdGVzdC80OTgwEYYPaHR0cDovL3Rlc3QvNDk5MBGGD2h0dHA6Ly90 +-ZXN0LzUwMDARhg9odHRwOi8vdGVzdC81MDEwEYYPaHR0cDovL3Rlc3QvNTAyMBGG +-D2h0dHA6Ly90ZXN0LzUwMzARhg9odHRwOi8vdGVzdC81MDQwEYYPaHR0cDovL3Rl +-c3QvNTA1MBGGD2h0dHA6Ly90ZXN0LzUwNjARhg9odHRwOi8vdGVzdC81MDcwEYYP +-aHR0cDovL3Rlc3QvNTA4MBGGD2h0dHA6Ly90ZXN0LzUwOTARhg9odHRwOi8vdGVz +-dC81MTAwEYYPaHR0cDovL3Rlc3QvNTExMBGGD2h0dHA6Ly90ZXN0LzUxMjARhg9o +-dHRwOi8vdGVzdC81MTMwEYYPaHR0cDovL3Rlc3QvNTE0MBGGD2h0dHA6Ly90ZXN0 +-LzUxNTARhg9odHRwOi8vdGVzdC81MTYwEYYPaHR0cDovL3Rlc3QvNTE3MBGGD2h0 +-dHA6Ly90ZXN0LzUxODARhg9odHRwOi8vdGVzdC81MTkwEYYPaHR0cDovL3Rlc3Qv +-NTIwMBGGD2h0dHA6Ly90ZXN0LzUyMTARhg9odHRwOi8vdGVzdC81MjIwEYYPaHR0 +-cDovL3Rlc3QvNTIzMBGGD2h0dHA6Ly90ZXN0LzUyNDARhg9odHRwOi8vdGVzdC81 +-MjUwEYYPaHR0cDovL3Rlc3QvNTI2MBGGD2h0dHA6Ly90ZXN0LzUyNzARhg9odHRw +-Oi8vdGVzdC81MjgwEYYPaHR0cDovL3Rlc3QvNTI5MBGGD2h0dHA6Ly90ZXN0LzUz +-MDARhg9odHRwOi8vdGVzdC81MzEwEYYPaHR0cDovL3Rlc3QvNTMyMBGGD2h0dHA6 +-Ly90ZXN0LzUzMzARhg9odHRwOi8vdGVzdC81MzQwEYYPaHR0cDovL3Rlc3QvNTM1 +-MBGGD2h0dHA6Ly90ZXN0LzUzNjARhg9odHRwOi8vdGVzdC81MzcwEYYPaHR0cDov +-L3Rlc3QvNTM4MBGGD2h0dHA6Ly90ZXN0LzUzOTARhg9odHRwOi8vdGVzdC81NDAw +-EYYPaHR0cDovL3Rlc3QvNTQxMBGGD2h0dHA6Ly90ZXN0LzU0MjARhg9odHRwOi8v +-dGVzdC81NDMwEYYPaHR0cDovL3Rlc3QvNTQ0MBGGD2h0dHA6Ly90ZXN0LzU0NTAR +-hg9odHRwOi8vdGVzdC81NDYwEYYPaHR0cDovL3Rlc3QvNTQ3MBGGD2h0dHA6Ly90 +-ZXN0LzU0ODARhg9odHRwOi8vdGVzdC81NDkwEYYPaHR0cDovL3Rlc3QvNTUwMBGG +-D2h0dHA6Ly90ZXN0LzU1MTARhg9odHRwOi8vdGVzdC81NTIwEYYPaHR0cDovL3Rl +-c3QvNTUzMBGGD2h0dHA6Ly90ZXN0LzU1NDARhg9odHRwOi8vdGVzdC81NTUwEYYP +-aHR0cDovL3Rlc3QvNTU2MBGGD2h0dHA6Ly90ZXN0LzU1NzARhg9odHRwOi8vdGVz +-dC81NTgwEYYPaHR0cDovL3Rlc3QvNTU5MBGGD2h0dHA6Ly90ZXN0LzU2MDARhg9o +-dHRwOi8vdGVzdC81NjEwEYYPaHR0cDovL3Rlc3QvNTYyMBGGD2h0dHA6Ly90ZXN0 +-LzU2MzARhg9odHRwOi8vdGVzdC81NjQwEYYPaHR0cDovL3Rlc3QvNTY1MBGGD2h0 +-dHA6Ly90ZXN0LzU2NjARhg9odHRwOi8vdGVzdC81NjcwEYYPaHR0cDovL3Rlc3Qv +-NTY4MBGGD2h0dHA6Ly90ZXN0LzU2OTARhg9odHRwOi8vdGVzdC81NzAwEYYPaHR0 +-cDovL3Rlc3QvNTcxMBGGD2h0dHA6Ly90ZXN0LzU3MjARhg9odHRwOi8vdGVzdC81 +-NzMwEYYPaHR0cDovL3Rlc3QvNTc0MBGGD2h0dHA6Ly90ZXN0LzU3NTARhg9odHRw +-Oi8vdGVzdC81NzYwEYYPaHR0cDovL3Rlc3QvNTc3MBGGD2h0dHA6Ly90ZXN0LzU3 +-ODARhg9odHRwOi8vdGVzdC81NzkwEYYPaHR0cDovL3Rlc3QvNTgwMBGGD2h0dHA6 +-Ly90ZXN0LzU4MTARhg9odHRwOi8vdGVzdC81ODIwEYYPaHR0cDovL3Rlc3QvNTgz +-MBGGD2h0dHA6Ly90ZXN0LzU4NDARhg9odHRwOi8vdGVzdC81ODUwEYYPaHR0cDov +-L3Rlc3QvNTg2MBGGD2h0dHA6Ly90ZXN0LzU4NzARhg9odHRwOi8vdGVzdC81ODgw +-EYYPaHR0cDovL3Rlc3QvNTg5MBGGD2h0dHA6Ly90ZXN0LzU5MDARhg9odHRwOi8v +-dGVzdC81OTEwEYYPaHR0cDovL3Rlc3QvNTkyMBGGD2h0dHA6Ly90ZXN0LzU5MzAR +-hg9odHRwOi8vdGVzdC81OTQwEYYPaHR0cDovL3Rlc3QvNTk1MBGGD2h0dHA6Ly90 +-ZXN0LzU5NjARhg9odHRwOi8vdGVzdC81OTcwEYYPaHR0cDovL3Rlc3QvNTk4MBGG +-D2h0dHA6Ly90ZXN0LzU5OTARhg9odHRwOi8vdGVzdC82MDAwEYYPaHR0cDovL3Rl +-c3QvNjAxMBGGD2h0dHA6Ly90ZXN0LzYwMjARhg9odHRwOi8vdGVzdC82MDMwEYYP +-aHR0cDovL3Rlc3QvNjA0MBGGD2h0dHA6Ly90ZXN0LzYwNTARhg9odHRwOi8vdGVz +-dC82MDYwEYYPaHR0cDovL3Rlc3QvNjA3MBGGD2h0dHA6Ly90ZXN0LzYwODARhg9o +-dHRwOi8vdGVzdC82MDkwEYYPaHR0cDovL3Rlc3QvNjEwMBGGD2h0dHA6Ly90ZXN0 +-LzYxMTARhg9odHRwOi8vdGVzdC82MTIwEYYPaHR0cDovL3Rlc3QvNjEzMBGGD2h0 +-dHA6Ly90ZXN0LzYxNDARhg9odHRwOi8vdGVzdC82MTUwEYYPaHR0cDovL3Rlc3Qv +-NjE2MBGGD2h0dHA6Ly90ZXN0LzYxNzARhg9odHRwOi8vdGVzdC82MTgwEYYPaHR0 +-cDovL3Rlc3QvNjE5MBGGD2h0dHA6Ly90ZXN0LzYyMDARhg9odHRwOi8vdGVzdC82 +-MjEwEYYPaHR0cDovL3Rlc3QvNjIyMBGGD2h0dHA6Ly90ZXN0LzYyMzARhg9odHRw +-Oi8vdGVzdC82MjQwEYYPaHR0cDovL3Rlc3QvNjI1MBGGD2h0dHA6Ly90ZXN0LzYy +-NjARhg9odHRwOi8vdGVzdC82MjcwEYYPaHR0cDovL3Rlc3QvNjI4MBGGD2h0dHA6 +-Ly90ZXN0LzYyOTARhg9odHRwOi8vdGVzdC82MzAwEYYPaHR0cDovL3Rlc3QvNjMx +-MBGGD2h0dHA6Ly90ZXN0LzYzMjARhg9odHRwOi8vdGVzdC82MzMwEYYPaHR0cDov +-L3Rlc3QvNjM0MBGGD2h0dHA6Ly90ZXN0LzYzNTARhg9odHRwOi8vdGVzdC82MzYw +-EYYPaHR0cDovL3Rlc3QvNjM3MBGGD2h0dHA6Ly90ZXN0LzYzODARhg9odHRwOi8v +-dGVzdC82MzkwEYYPaHR0cDovL3Rlc3QvNjQwMBGGD2h0dHA6Ly90ZXN0LzY0MTAR +-hg9odHRwOi8vdGVzdC82NDIwEYYPaHR0cDovL3Rlc3QvNjQzMBGGD2h0dHA6Ly90 +-ZXN0LzY0NDARhg9odHRwOi8vdGVzdC82NDUwEYYPaHR0cDovL3Rlc3QvNjQ2MBGG +-D2h0dHA6Ly90ZXN0LzY0NzARhg9odHRwOi8vdGVzdC82NDgwEYYPaHR0cDovL3Rl +-c3QvNjQ5MBGGD2h0dHA6Ly90ZXN0LzY1MDARhg9odHRwOi8vdGVzdC82NTEwEYYP +-aHR0cDovL3Rlc3QvNjUyMBGGD2h0dHA6Ly90ZXN0LzY1MzARhg9odHRwOi8vdGVz +-dC82NTQwEYYPaHR0cDovL3Rlc3QvNjU1MBGGD2h0dHA6Ly90ZXN0LzY1NjARhg9o +-dHRwOi8vdGVzdC82NTcwEYYPaHR0cDovL3Rlc3QvNjU4MBGGD2h0dHA6Ly90ZXN0 +-LzY1OTARhg9odHRwOi8vdGVzdC82NjAwEYYPaHR0cDovL3Rlc3QvNjYxMBGGD2h0 +-dHA6Ly90ZXN0LzY2MjARhg9odHRwOi8vdGVzdC82NjMwEYYPaHR0cDovL3Rlc3Qv +-NjY0MBGGD2h0dHA6Ly90ZXN0LzY2NTARhg9odHRwOi8vdGVzdC82NjYwEYYPaHR0 +-cDovL3Rlc3QvNjY3MBGGD2h0dHA6Ly90ZXN0LzY2ODARhg9odHRwOi8vdGVzdC82 +-NjkwEYYPaHR0cDovL3Rlc3QvNjcwMBGGD2h0dHA6Ly90ZXN0LzY3MTARhg9odHRw +-Oi8vdGVzdC82NzIwEYYPaHR0cDovL3Rlc3QvNjczMBGGD2h0dHA6Ly90ZXN0LzY3 +-NDARhg9odHRwOi8vdGVzdC82NzUwEYYPaHR0cDovL3Rlc3QvNjc2MBGGD2h0dHA6 +-Ly90ZXN0LzY3NzARhg9odHRwOi8vdGVzdC82NzgwEYYPaHR0cDovL3Rlc3QvNjc5 +-MBGGD2h0dHA6Ly90ZXN0LzY4MDARhg9odHRwOi8vdGVzdC82ODEwEYYPaHR0cDov +-L3Rlc3QvNjgyMBGGD2h0dHA6Ly90ZXN0LzY4MzARhg9odHRwOi8vdGVzdC82ODQw +-EYYPaHR0cDovL3Rlc3QvNjg1MBGGD2h0dHA6Ly90ZXN0LzY4NjARhg9odHRwOi8v +-dGVzdC82ODcwEYYPaHR0cDovL3Rlc3QvNjg4MBGGD2h0dHA6Ly90ZXN0LzY4OTAR +-hg9odHRwOi8vdGVzdC82OTAwEYYPaHR0cDovL3Rlc3QvNjkxMBGGD2h0dHA6Ly90 +-ZXN0LzY5MjARhg9odHRwOi8vdGVzdC82OTMwEYYPaHR0cDovL3Rlc3QvNjk0MBGG +-D2h0dHA6Ly90ZXN0LzY5NTARhg9odHRwOi8vdGVzdC82OTYwEYYPaHR0cDovL3Rl +-c3QvNjk3MBGGD2h0dHA6Ly90ZXN0LzY5ODARhg9odHRwOi8vdGVzdC82OTkwEYYP +-aHR0cDovL3Rlc3QvNzAwMBGGD2h0dHA6Ly90ZXN0LzcwMTARhg9odHRwOi8vdGVz +-dC83MDIwEYYPaHR0cDovL3Rlc3QvNzAzMBGGD2h0dHA6Ly90ZXN0LzcwNDARhg9o +-dHRwOi8vdGVzdC83MDUwEYYPaHR0cDovL3Rlc3QvNzA2MBGGD2h0dHA6Ly90ZXN0 +-LzcwNzARhg9odHRwOi8vdGVzdC83MDgwEYYPaHR0cDovL3Rlc3QvNzA5MBGGD2h0 +-dHA6Ly90ZXN0LzcxMDARhg9odHRwOi8vdGVzdC83MTEwEYYPaHR0cDovL3Rlc3Qv +-NzEyMBGGD2h0dHA6Ly90ZXN0LzcxMzARhg9odHRwOi8vdGVzdC83MTQwEYYPaHR0 +-cDovL3Rlc3QvNzE1MBGGD2h0dHA6Ly90ZXN0LzcxNjARhg9odHRwOi8vdGVzdC83 +-MTcwEYYPaHR0cDovL3Rlc3QvNzE4MBGGD2h0dHA6Ly90ZXN0LzcxOTARhg9odHRw +-Oi8vdGVzdC83MjAwEYYPaHR0cDovL3Rlc3QvNzIxMBGGD2h0dHA6Ly90ZXN0Lzcy +-MjARhg9odHRwOi8vdGVzdC83MjMwEYYPaHR0cDovL3Rlc3QvNzI0MBGGD2h0dHA6 +-Ly90ZXN0LzcyNTARhg9odHRwOi8vdGVzdC83MjYwEYYPaHR0cDovL3Rlc3QvNzI3 +-MBGGD2h0dHA6Ly90ZXN0LzcyODARhg9odHRwOi8vdGVzdC83MjkwEYYPaHR0cDov +-L3Rlc3QvNzMwMBGGD2h0dHA6Ly90ZXN0LzczMTARhg9odHRwOi8vdGVzdC83MzIw +-EYYPaHR0cDovL3Rlc3QvNzMzMBGGD2h0dHA6Ly90ZXN0LzczNDARhg9odHRwOi8v +-dGVzdC83MzUwEYYPaHR0cDovL3Rlc3QvNzM2MBGGD2h0dHA6Ly90ZXN0LzczNzAR +-hg9odHRwOi8vdGVzdC83MzgwEYYPaHR0cDovL3Rlc3QvNzM5MBGGD2h0dHA6Ly90 +-ZXN0Lzc0MDARhg9odHRwOi8vdGVzdC83NDEwEYYPaHR0cDovL3Rlc3QvNzQyMBGG +-D2h0dHA6Ly90ZXN0Lzc0MzARhg9odHRwOi8vdGVzdC83NDQwEYYPaHR0cDovL3Rl +-c3QvNzQ1MBGGD2h0dHA6Ly90ZXN0Lzc0NjARhg9odHRwOi8vdGVzdC83NDcwEYYP +-aHR0cDovL3Rlc3QvNzQ4MBGGD2h0dHA6Ly90ZXN0Lzc0OTARhg9odHRwOi8vdGVz +-dC83NTAwEYYPaHR0cDovL3Rlc3QvNzUxMBGGD2h0dHA6Ly90ZXN0Lzc1MjARhg9o +-dHRwOi8vdGVzdC83NTMwEYYPaHR0cDovL3Rlc3QvNzU0MBGGD2h0dHA6Ly90ZXN0 +-Lzc1NTARhg9odHRwOi8vdGVzdC83NTYwEYYPaHR0cDovL3Rlc3QvNzU3MBGGD2h0 +-dHA6Ly90ZXN0Lzc1ODARhg9odHRwOi8vdGVzdC83NTkwEYYPaHR0cDovL3Rlc3Qv +-NzYwMBGGD2h0dHA6Ly90ZXN0Lzc2MTARhg9odHRwOi8vdGVzdC83NjIwEYYPaHR0 +-cDovL3Rlc3QvNzYzMBGGD2h0dHA6Ly90ZXN0Lzc2NDARhg9odHRwOi8vdGVzdC83 +-NjUwEYYPaHR0cDovL3Rlc3QvNzY2MBGGD2h0dHA6Ly90ZXN0Lzc2NzARhg9odHRw +-Oi8vdGVzdC83NjgwEYYPaHR0cDovL3Rlc3QvNzY5MBGGD2h0dHA6Ly90ZXN0Lzc3 +-MDARhg9odHRwOi8vdGVzdC83NzEwEYYPaHR0cDovL3Rlc3QvNzcyMBGGD2h0dHA6 +-Ly90ZXN0Lzc3MzARhg9odHRwOi8vdGVzdC83NzQwEYYPaHR0cDovL3Rlc3QvNzc1 +-MBGGD2h0dHA6Ly90ZXN0Lzc3NjARhg9odHRwOi8vdGVzdC83NzcwEYYPaHR0cDov +-L3Rlc3QvNzc4MBGGD2h0dHA6Ly90ZXN0Lzc3OTARhg9odHRwOi8vdGVzdC83ODAw +-EYYPaHR0cDovL3Rlc3QvNzgxMBGGD2h0dHA6Ly90ZXN0Lzc4MjARhg9odHRwOi8v +-dGVzdC83ODMwEYYPaHR0cDovL3Rlc3QvNzg0MBGGD2h0dHA6Ly90ZXN0Lzc4NTAR +-hg9odHRwOi8vdGVzdC83ODYwEYYPaHR0cDovL3Rlc3QvNzg3MBGGD2h0dHA6Ly90 +-ZXN0Lzc4ODARhg9odHRwOi8vdGVzdC83ODkwEYYPaHR0cDovL3Rlc3QvNzkwMBGG +-D2h0dHA6Ly90ZXN0Lzc5MTARhg9odHRwOi8vdGVzdC83OTIwEYYPaHR0cDovL3Rl +-c3QvNzkzMBGGD2h0dHA6Ly90ZXN0Lzc5NDARhg9odHRwOi8vdGVzdC83OTUwEYYP +-aHR0cDovL3Rlc3QvNzk2MBGGD2h0dHA6Ly90ZXN0Lzc5NzARhg9odHRwOi8vdGVz +-dC83OTgwEYYPaHR0cDovL3Rlc3QvNzk5MBGGD2h0dHA6Ly90ZXN0LzgwMDARhg9o +-dHRwOi8vdGVzdC84MDEwEYYPaHR0cDovL3Rlc3QvODAyMBGGD2h0dHA6Ly90ZXN0 +-LzgwMzARhg9odHRwOi8vdGVzdC84MDQwEYYPaHR0cDovL3Rlc3QvODA1MBGGD2h0 +-dHA6Ly90ZXN0LzgwNjARhg9odHRwOi8vdGVzdC84MDcwEYYPaHR0cDovL3Rlc3Qv +-ODA4MBGGD2h0dHA6Ly90ZXN0LzgwOTARhg9odHRwOi8vdGVzdC84MTAwEYYPaHR0 +-cDovL3Rlc3QvODExMBGGD2h0dHA6Ly90ZXN0LzgxMjARhg9odHRwOi8vdGVzdC84 +-MTMwEYYPaHR0cDovL3Rlc3QvODE0MBGGD2h0dHA6Ly90ZXN0LzgxNTARhg9odHRw +-Oi8vdGVzdC84MTYwEYYPaHR0cDovL3Rlc3QvODE3MBGGD2h0dHA6Ly90ZXN0Lzgx +-ODARhg9odHRwOi8vdGVzdC84MTkwEYYPaHR0cDovL3Rlc3QvODIwMBGGD2h0dHA6 +-Ly90ZXN0LzgyMTARhg9odHRwOi8vdGVzdC84MjIwEYYPaHR0cDovL3Rlc3QvODIz +-MBGGD2h0dHA6Ly90ZXN0LzgyNDARhg9odHRwOi8vdGVzdC84MjUwEYYPaHR0cDov +-L3Rlc3QvODI2MBGGD2h0dHA6Ly90ZXN0LzgyNzARhg9odHRwOi8vdGVzdC84Mjgw +-EYYPaHR0cDovL3Rlc3QvODI5MBGGD2h0dHA6Ly90ZXN0LzgzMDARhg9odHRwOi8v +-dGVzdC84MzEwEYYPaHR0cDovL3Rlc3QvODMyMBGGD2h0dHA6Ly90ZXN0LzgzMzAR +-hg9odHRwOi8vdGVzdC84MzQwEYYPaHR0cDovL3Rlc3QvODM1MBGGD2h0dHA6Ly90 +-ZXN0LzgzNjARhg9odHRwOi8vdGVzdC84MzcwEYYPaHR0cDovL3Rlc3QvODM4MBGG +-D2h0dHA6Ly90ZXN0LzgzOTARhg9odHRwOi8vdGVzdC84NDAwEYYPaHR0cDovL3Rl +-c3QvODQxMBGGD2h0dHA6Ly90ZXN0Lzg0MjARhg9odHRwOi8vdGVzdC84NDMwEYYP +-aHR0cDovL3Rlc3QvODQ0MBGGD2h0dHA6Ly90ZXN0Lzg0NTARhg9odHRwOi8vdGVz +-dC84NDYwEYYPaHR0cDovL3Rlc3QvODQ3MBGGD2h0dHA6Ly90ZXN0Lzg0ODARhg9o +-dHRwOi8vdGVzdC84NDkwEYYPaHR0cDovL3Rlc3QvODUwMBGGD2h0dHA6Ly90ZXN0 +-Lzg1MTARhg9odHRwOi8vdGVzdC84NTIwEYYPaHR0cDovL3Rlc3QvODUzMBGGD2h0 +-dHA6Ly90ZXN0Lzg1NDARhg9odHRwOi8vdGVzdC84NTUwEYYPaHR0cDovL3Rlc3Qv +-ODU2MBGGD2h0dHA6Ly90ZXN0Lzg1NzARhg9odHRwOi8vdGVzdC84NTgwEYYPaHR0 +-cDovL3Rlc3QvODU5MBGGD2h0dHA6Ly90ZXN0Lzg2MDARhg9odHRwOi8vdGVzdC84 +-NjEwEYYPaHR0cDovL3Rlc3QvODYyMBGGD2h0dHA6Ly90ZXN0Lzg2MzARhg9odHRw +-Oi8vdGVzdC84NjQwEYYPaHR0cDovL3Rlc3QvODY1MBGGD2h0dHA6Ly90ZXN0Lzg2 +-NjARhg9odHRwOi8vdGVzdC84NjcwEYYPaHR0cDovL3Rlc3QvODY4MBGGD2h0dHA6 +-Ly90ZXN0Lzg2OTARhg9odHRwOi8vdGVzdC84NzAwEYYPaHR0cDovL3Rlc3QvODcx +-MBGGD2h0dHA6Ly90ZXN0Lzg3MjARhg9odHRwOi8vdGVzdC84NzMwEYYPaHR0cDov +-L3Rlc3QvODc0MBGGD2h0dHA6Ly90ZXN0Lzg3NTARhg9odHRwOi8vdGVzdC84NzYw +-EYYPaHR0cDovL3Rlc3QvODc3MBGGD2h0dHA6Ly90ZXN0Lzg3ODARhg9odHRwOi8v +-dGVzdC84NzkwEYYPaHR0cDovL3Rlc3QvODgwMBGGD2h0dHA6Ly90ZXN0Lzg4MTAR +-hg9odHRwOi8vdGVzdC84ODIwEYYPaHR0cDovL3Rlc3QvODgzMBGGD2h0dHA6Ly90 +-ZXN0Lzg4NDARhg9odHRwOi8vdGVzdC84ODUwEYYPaHR0cDovL3Rlc3QvODg2MBGG +-D2h0dHA6Ly90ZXN0Lzg4NzARhg9odHRwOi8vdGVzdC84ODgwEYYPaHR0cDovL3Rl +-c3QvODg5MBGGD2h0dHA6Ly90ZXN0Lzg5MDARhg9odHRwOi8vdGVzdC84OTEwEYYP +-aHR0cDovL3Rlc3QvODkyMBGGD2h0dHA6Ly90ZXN0Lzg5MzARhg9odHRwOi8vdGVz +-dC84OTQwEYYPaHR0cDovL3Rlc3QvODk1MBGGD2h0dHA6Ly90ZXN0Lzg5NjARhg9o +-dHRwOi8vdGVzdC84OTcwEYYPaHR0cDovL3Rlc3QvODk4MBGGD2h0dHA6Ly90ZXN0 +-Lzg5OTARhg9odHRwOi8vdGVzdC85MDAwEYYPaHR0cDovL3Rlc3QvOTAxMBGGD2h0 +-dHA6Ly90ZXN0LzkwMjARhg9odHRwOi8vdGVzdC85MDMwEYYPaHR0cDovL3Rlc3Qv +-OTA0MBGGD2h0dHA6Ly90ZXN0LzkwNTARhg9odHRwOi8vdGVzdC85MDYwEYYPaHR0 +-cDovL3Rlc3QvOTA3MBGGD2h0dHA6Ly90ZXN0LzkwODARhg9odHRwOi8vdGVzdC85 +-MDkwEYYPaHR0cDovL3Rlc3QvOTEwMBGGD2h0dHA6Ly90ZXN0LzkxMTARhg9odHRw +-Oi8vdGVzdC85MTIwEYYPaHR0cDovL3Rlc3QvOTEzMBGGD2h0dHA6Ly90ZXN0Lzkx +-NDARhg9odHRwOi8vdGVzdC85MTUwEYYPaHR0cDovL3Rlc3QvOTE2MBGGD2h0dHA6 +-Ly90ZXN0LzkxNzARhg9odHRwOi8vdGVzdC85MTgwEYYPaHR0cDovL3Rlc3QvOTE5 +-MBGGD2h0dHA6Ly90ZXN0LzkyMDARhg9odHRwOi8vdGVzdC85MjEwEYYPaHR0cDov +-L3Rlc3QvOTIyMBGGD2h0dHA6Ly90ZXN0LzkyMzARhg9odHRwOi8vdGVzdC85MjQw +-EYYPaHR0cDovL3Rlc3QvOTI1MBGGD2h0dHA6Ly90ZXN0LzkyNjARhg9odHRwOi8v +-dGVzdC85MjcwEYYPaHR0cDovL3Rlc3QvOTI4MBGGD2h0dHA6Ly90ZXN0LzkyOTAR +-hg9odHRwOi8vdGVzdC85MzAwEYYPaHR0cDovL3Rlc3QvOTMxMBGGD2h0dHA6Ly90 +-ZXN0LzkzMjARhg9odHRwOi8vdGVzdC85MzMwEYYPaHR0cDovL3Rlc3QvOTM0MBGG +-D2h0dHA6Ly90ZXN0LzkzNTARhg9odHRwOi8vdGVzdC85MzYwEYYPaHR0cDovL3Rl +-c3QvOTM3MBGGD2h0dHA6Ly90ZXN0LzkzODARhg9odHRwOi8vdGVzdC85MzkwEYYP +-aHR0cDovL3Rlc3QvOTQwMBGGD2h0dHA6Ly90ZXN0Lzk0MTARhg9odHRwOi8vdGVz +-dC85NDIwEYYPaHR0cDovL3Rlc3QvOTQzMBGGD2h0dHA6Ly90ZXN0Lzk0NDARhg9o +-dHRwOi8vdGVzdC85NDUwEYYPaHR0cDovL3Rlc3QvOTQ2MBGGD2h0dHA6Ly90ZXN0 +-Lzk0NzARhg9odHRwOi8vdGVzdC85NDgwEYYPaHR0cDovL3Rlc3QvOTQ5MBGGD2h0 +-dHA6Ly90ZXN0Lzk1MDARhg9odHRwOi8vdGVzdC85NTEwEYYPaHR0cDovL3Rlc3Qv +-OTUyMBGGD2h0dHA6Ly90ZXN0Lzk1MzARhg9odHRwOi8vdGVzdC85NTQwEYYPaHR0 +-cDovL3Rlc3QvOTU1MBGGD2h0dHA6Ly90ZXN0Lzk1NjARhg9odHRwOi8vdGVzdC85 +-NTcwEYYPaHR0cDovL3Rlc3QvOTU4MBGGD2h0dHA6Ly90ZXN0Lzk1OTARhg9odHRw +-Oi8vdGVzdC85NjAwEYYPaHR0cDovL3Rlc3QvOTYxMBGGD2h0dHA6Ly90ZXN0Lzk2 +-MjARhg9odHRwOi8vdGVzdC85NjMwEYYPaHR0cDovL3Rlc3QvOTY0MBGGD2h0dHA6 +-Ly90ZXN0Lzk2NTARhg9odHRwOi8vdGVzdC85NjYwEYYPaHR0cDovL3Rlc3QvOTY3 +-MBGGD2h0dHA6Ly90ZXN0Lzk2ODARhg9odHRwOi8vdGVzdC85NjkwEYYPaHR0cDov +-L3Rlc3QvOTcwMBGGD2h0dHA6Ly90ZXN0Lzk3MTARhg9odHRwOi8vdGVzdC85NzIw +-EYYPaHR0cDovL3Rlc3QvOTczMBGGD2h0dHA6Ly90ZXN0Lzk3NDARhg9odHRwOi8v +-dGVzdC85NzUwEYYPaHR0cDovL3Rlc3QvOTc2MBGGD2h0dHA6Ly90ZXN0Lzk3NzAR +-hg9odHRwOi8vdGVzdC85NzgwEYYPaHR0cDovL3Rlc3QvOTc5MBGGD2h0dHA6Ly90 +-ZXN0Lzk4MDARhg9odHRwOi8vdGVzdC85ODEwEYYPaHR0cDovL3Rlc3QvOTgyMBGG +-D2h0dHA6Ly90ZXN0Lzk4MzARhg9odHRwOi8vdGVzdC85ODQwEYYPaHR0cDovL3Rl +-c3QvOTg1MBGGD2h0dHA6Ly90ZXN0Lzk4NjARhg9odHRwOi8vdGVzdC85ODcwEYYP +-aHR0cDovL3Rlc3QvOTg4MBGGD2h0dHA6Ly90ZXN0Lzk4OTARhg9odHRwOi8vdGVz +-dC85OTAwEYYPaHR0cDovL3Rlc3QvOTkxMBGGD2h0dHA6Ly90ZXN0Lzk5MjARhg9o +-dHRwOi8vdGVzdC85OTMwEYYPaHR0cDovL3Rlc3QvOTk0MBGGD2h0dHA6Ly90ZXN0 +-Lzk5NTARhg9odHRwOi8vdGVzdC85OTYwEYYPaHR0cDovL3Rlc3QvOTk3MBGGD2h0 +-dHA6Ly90ZXN0Lzk5ODARhg9odHRwOi8vdGVzdC85OTkwEoYQaHR0cDovL3Rlc3Qv +-MTAwMDAShhBodHRwOi8vdGVzdC8xMDAxMBKGEGh0dHA6Ly90ZXN0LzEwMDIwEoYQ +-aHR0cDovL3Rlc3QvMTAwMzAShhBodHRwOi8vdGVzdC8xMDA0MBKGEGh0dHA6Ly90 +-ZXN0LzEwMDUwEoYQaHR0cDovL3Rlc3QvMTAwNjAShhBodHRwOi8vdGVzdC8xMDA3 +-MBKGEGh0dHA6Ly90ZXN0LzEwMDgwEoYQaHR0cDovL3Rlc3QvMTAwOTAShhBodHRw +-Oi8vdGVzdC8xMDEwMBKGEGh0dHA6Ly90ZXN0LzEwMTEwEoYQaHR0cDovL3Rlc3Qv +-MTAxMjAShhBodHRwOi8vdGVzdC8xMDEzMBKGEGh0dHA6Ly90ZXN0LzEwMTQwEoYQ +-aHR0cDovL3Rlc3QvMTAxNTAShhBodHRwOi8vdGVzdC8xMDE2MBKGEGh0dHA6Ly90 +-ZXN0LzEwMTcwEoYQaHR0cDovL3Rlc3QvMTAxODAShhBodHRwOi8vdGVzdC8xMDE5 +-MBKGEGh0dHA6Ly90ZXN0LzEwMjAwEoYQaHR0cDovL3Rlc3QvMTAyMTAShhBodHRw +-Oi8vdGVzdC8xMDIyMBKGEGh0dHA6Ly90ZXN0LzEwMjMwEoYQaHR0cDovL3Rlc3Qv +-MTAyNKGC0zYwCYIHeDAudGVzdDAJggd4MS50ZXN0MAmCB3gyLnRlc3QwCYIHeDMu +-dGVzdDAJggd4NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYudGVzdDAJggd4Ny50ZXN0 +-MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAKggh4MTAudGVzdDAKggh4MTEudGVzdDAK +-ggh4MTIudGVzdDAKggh4MTMudGVzdDAKggh4MTQudGVzdDAKggh4MTUudGVzdDAK +-ggh4MTYudGVzdDAKggh4MTcudGVzdDAKggh4MTgudGVzdDAKggh4MTkudGVzdDAK +-ggh4MjAudGVzdDAKggh4MjEudGVzdDAKggh4MjIudGVzdDAKggh4MjMudGVzdDAK +-ggh4MjQudGVzdDAKggh4MjUudGVzdDAKggh4MjYudGVzdDAKggh4MjcudGVzdDAK +-ggh4MjgudGVzdDAKggh4MjkudGVzdDAKggh4MzAudGVzdDAKggh4MzEudGVzdDAK +-ggh4MzIudGVzdDAKggh4MzMudGVzdDAKggh4MzQudGVzdDAKggh4MzUudGVzdDAK +-ggh4MzYudGVzdDAKggh4MzcudGVzdDAKggh4MzgudGVzdDAKggh4MzkudGVzdDAK +-ggh4NDAudGVzdDAKggh4NDEudGVzdDAKggh4NDIudGVzdDAKggh4NDMudGVzdDAK +-ggh4NDQudGVzdDAKggh4NDUudGVzdDAKggh4NDYudGVzdDAKggh4NDcudGVzdDAK +-ggh4NDgudGVzdDAKggh4NDkudGVzdDAKggh4NTAudGVzdDAKggh4NTEudGVzdDAK +-ggh4NTIudGVzdDAKggh4NTMudGVzdDAKggh4NTQudGVzdDAKggh4NTUudGVzdDAK +-ggh4NTYudGVzdDAKggh4NTcudGVzdDAKggh4NTgudGVzdDAKggh4NTkudGVzdDAK +-ggh4NjAudGVzdDAKggh4NjEudGVzdDAKggh4NjIudGVzdDAKggh4NjMudGVzdDAK +-ggh4NjQudGVzdDAKggh4NjUudGVzdDAKggh4NjYudGVzdDAKggh4NjcudGVzdDAK +-ggh4NjgudGVzdDAKggh4NjkudGVzdDAKggh4NzAudGVzdDAKggh4NzEudGVzdDAK +-ggh4NzIudGVzdDAKggh4NzMudGVzdDAKggh4NzQudGVzdDAKggh4NzUudGVzdDAK +-ggh4NzYudGVzdDAKggh4NzcudGVzdDAKggh4NzgudGVzdDAKggh4NzkudGVzdDAK +-ggh4ODAudGVzdDAKggh4ODEudGVzdDAKggh4ODIudGVzdDAKggh4ODMudGVzdDAK +-ggh4ODQudGVzdDAKggh4ODUudGVzdDAKggh4ODYudGVzdDAKggh4ODcudGVzdDAK +-ggh4ODgudGVzdDAKggh4ODkudGVzdDAKggh4OTAudGVzdDAKggh4OTEudGVzdDAK +-ggh4OTIudGVzdDAKggh4OTMudGVzdDAKggh4OTQudGVzdDAKggh4OTUudGVzdDAK +-ggh4OTYudGVzdDAKggh4OTcudGVzdDAKggh4OTgudGVzdDAKggh4OTkudGVzdDAL +-ggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIudGVzdDALggl4MTAzLnRl +-c3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUudGVzdDALggl4MTA2LnRlc3QwC4IJeDEw +-Ny50ZXN0MAuCCXgxMDgudGVzdDALggl4MTA5LnRlc3QwC4IJeDExMC50ZXN0MAuC +-CXgxMTEudGVzdDALggl4MTEyLnRlc3QwC4IJeDExMy50ZXN0MAuCCXgxMTQudGVz +-dDALggl4MTE1LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgxMTcudGVzdDALggl4MTE4 +-LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgxMjAudGVzdDALggl4MTIxLnRlc3QwC4IJ +-eDEyMi50ZXN0MAuCCXgxMjMudGVzdDALggl4MTI0LnRlc3QwC4IJeDEyNS50ZXN0 +-MAuCCXgxMjYudGVzdDALggl4MTI3LnRlc3QwC4IJeDEyOC50ZXN0MAuCCXgxMjku +-dGVzdDALggl4MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuCCXgxMzIudGVzdDALggl4 +-MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuCCXgxMzUudGVzdDALggl4MTM2LnRlc3Qw +-C4IJeDEzNy50ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5LnRlc3QwC4IJeDE0MC50 +-ZXN0MAuCCXgxNDEudGVzdDALggl4MTQyLnRlc3QwC4IJeDE0My50ZXN0MAuCCXgx +-NDQudGVzdDALggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0MAuCCXgxNDcudGVzdDAL +-ggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAudGVzdDALggl4MTUxLnRl +-c3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4MTU0LnRlc3QwC4IJeDE1 +-NS50ZXN0MAuCCXgxNTYudGVzdDALggl4MTU3LnRlc3QwC4IJeDE1OC50ZXN0MAuC +-CXgxNTkudGVzdDALggl4MTYwLnRlc3QwC4IJeDE2MS50ZXN0MAuCCXgxNjIudGVz +-dDALggl4MTYzLnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgxNjUudGVzdDALggl4MTY2 +-LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgxNjgudGVzdDALggl4MTY5LnRlc3QwC4IJ +-eDE3MC50ZXN0MAuCCXgxNzEudGVzdDALggl4MTcyLnRlc3QwC4IJeDE3My50ZXN0 +-MAuCCXgxNzQudGVzdDALggl4MTc1LnRlc3QwC4IJeDE3Ni50ZXN0MAuCCXgxNzcu +-dGVzdDALggl4MTc4LnRlc3QwC4IJeDE3OS50ZXN0MAuCCXgxODAudGVzdDALggl4 +-MTgxLnRlc3QwC4IJeDE4Mi50ZXN0MAuCCXgxODMudGVzdDALggl4MTg0LnRlc3Qw +-C4IJeDE4NS50ZXN0MAuCCXgxODYudGVzdDALggl4MTg3LnRlc3QwC4IJeDE4OC50 +-ZXN0MAuCCXgxODkudGVzdDALggl4MTkwLnRlc3QwC4IJeDE5MS50ZXN0MAuCCXgx +-OTIudGVzdDALggl4MTkzLnRlc3QwC4IJeDE5NC50ZXN0MAuCCXgxOTUudGVzdDAL +-ggl4MTk2LnRlc3QwC4IJeDE5Ny50ZXN0MAuCCXgxOTgudGVzdDALggl4MTk5LnRl +-c3QwC4IJeDIwMC50ZXN0MAuCCXgyMDEudGVzdDALggl4MjAyLnRlc3QwC4IJeDIw +-My50ZXN0MAuCCXgyMDQudGVzdDALggl4MjA1LnRlc3QwC4IJeDIwNi50ZXN0MAuC +-CXgyMDcudGVzdDALggl4MjA4LnRlc3QwC4IJeDIwOS50ZXN0MAuCCXgyMTAudGVz +-dDALggl4MjExLnRlc3QwC4IJeDIxMi50ZXN0MAuCCXgyMTMudGVzdDALggl4MjE0 +-LnRlc3QwC4IJeDIxNS50ZXN0MAuCCXgyMTYudGVzdDALggl4MjE3LnRlc3QwC4IJ +-eDIxOC50ZXN0MAuCCXgyMTkudGVzdDALggl4MjIwLnRlc3QwC4IJeDIyMS50ZXN0 +-MAuCCXgyMjIudGVzdDALggl4MjIzLnRlc3QwC4IJeDIyNC50ZXN0MAuCCXgyMjUu +-dGVzdDALggl4MjI2LnRlc3QwC4IJeDIyNy50ZXN0MAuCCXgyMjgudGVzdDALggl4 +-MjI5LnRlc3QwC4IJeDIzMC50ZXN0MAuCCXgyMzEudGVzdDALggl4MjMyLnRlc3Qw +-C4IJeDIzMy50ZXN0MAuCCXgyMzQudGVzdDALggl4MjM1LnRlc3QwC4IJeDIzNi50 +-ZXN0MAuCCXgyMzcudGVzdDALggl4MjM4LnRlc3QwC4IJeDIzOS50ZXN0MAuCCXgy +-NDAudGVzdDALggl4MjQxLnRlc3QwC4IJeDI0Mi50ZXN0MAuCCXgyNDMudGVzdDAL +-ggl4MjQ0LnRlc3QwC4IJeDI0NS50ZXN0MAuCCXgyNDYudGVzdDALggl4MjQ3LnRl +-c3QwC4IJeDI0OC50ZXN0MAuCCXgyNDkudGVzdDALggl4MjUwLnRlc3QwC4IJeDI1 +-MS50ZXN0MAuCCXgyNTIudGVzdDALggl4MjUzLnRlc3QwC4IJeDI1NC50ZXN0MAuC +-CXgyNTUudGVzdDALggl4MjU2LnRlc3QwC4IJeDI1Ny50ZXN0MAuCCXgyNTgudGVz +-dDALggl4MjU5LnRlc3QwC4IJeDI2MC50ZXN0MAuCCXgyNjEudGVzdDALggl4MjYy +-LnRlc3QwC4IJeDI2My50ZXN0MAuCCXgyNjQudGVzdDALggl4MjY1LnRlc3QwC4IJ +-eDI2Ni50ZXN0MAuCCXgyNjcudGVzdDALggl4MjY4LnRlc3QwC4IJeDI2OS50ZXN0 +-MAuCCXgyNzAudGVzdDALggl4MjcxLnRlc3QwC4IJeDI3Mi50ZXN0MAuCCXgyNzMu +-dGVzdDALggl4Mjc0LnRlc3QwC4IJeDI3NS50ZXN0MAuCCXgyNzYudGVzdDALggl4 +-Mjc3LnRlc3QwC4IJeDI3OC50ZXN0MAuCCXgyNzkudGVzdDALggl4MjgwLnRlc3Qw +-C4IJeDI4MS50ZXN0MAuCCXgyODIudGVzdDALggl4MjgzLnRlc3QwC4IJeDI4NC50 +-ZXN0MAuCCXgyODUudGVzdDALggl4Mjg2LnRlc3QwC4IJeDI4Ny50ZXN0MAuCCXgy +-ODgudGVzdDALggl4Mjg5LnRlc3QwC4IJeDI5MC50ZXN0MAuCCXgyOTEudGVzdDAL +-ggl4MjkyLnRlc3QwC4IJeDI5My50ZXN0MAuCCXgyOTQudGVzdDALggl4Mjk1LnRl +-c3QwC4IJeDI5Ni50ZXN0MAuCCXgyOTcudGVzdDALggl4Mjk4LnRlc3QwC4IJeDI5 +-OS50ZXN0MAuCCXgzMDAudGVzdDALggl4MzAxLnRlc3QwC4IJeDMwMi50ZXN0MAuC +-CXgzMDMudGVzdDALggl4MzA0LnRlc3QwC4IJeDMwNS50ZXN0MAuCCXgzMDYudGVz +-dDALggl4MzA3LnRlc3QwC4IJeDMwOC50ZXN0MAuCCXgzMDkudGVzdDALggl4MzEw +-LnRlc3QwC4IJeDMxMS50ZXN0MAuCCXgzMTIudGVzdDALggl4MzEzLnRlc3QwC4IJ +-eDMxNC50ZXN0MAuCCXgzMTUudGVzdDALggl4MzE2LnRlc3QwC4IJeDMxNy50ZXN0 +-MAuCCXgzMTgudGVzdDALggl4MzE5LnRlc3QwC4IJeDMyMC50ZXN0MAuCCXgzMjEu +-dGVzdDALggl4MzIyLnRlc3QwC4IJeDMyMy50ZXN0MAuCCXgzMjQudGVzdDALggl4 +-MzI1LnRlc3QwC4IJeDMyNi50ZXN0MAuCCXgzMjcudGVzdDALggl4MzI4LnRlc3Qw +-C4IJeDMyOS50ZXN0MAuCCXgzMzAudGVzdDALggl4MzMxLnRlc3QwC4IJeDMzMi50 +-ZXN0MAuCCXgzMzMudGVzdDALggl4MzM0LnRlc3QwC4IJeDMzNS50ZXN0MAuCCXgz +-MzYudGVzdDALggl4MzM3LnRlc3QwC4IJeDMzOC50ZXN0MAuCCXgzMzkudGVzdDAL +-ggl4MzQwLnRlc3QwC4IJeDM0MS50ZXN0MAuCCXgzNDIudGVzdDALggl4MzQzLnRl +-c3QwC4IJeDM0NC50ZXN0MAuCCXgzNDUudGVzdDALggl4MzQ2LnRlc3QwC4IJeDM0 +-Ny50ZXN0MAuCCXgzNDgudGVzdDALggl4MzQ5LnRlc3QwC4IJeDM1MC50ZXN0MAuC +-CXgzNTEudGVzdDALggl4MzUyLnRlc3QwC4IJeDM1My50ZXN0MAuCCXgzNTQudGVz +-dDALggl4MzU1LnRlc3QwC4IJeDM1Ni50ZXN0MAuCCXgzNTcudGVzdDALggl4MzU4 +-LnRlc3QwC4IJeDM1OS50ZXN0MAuCCXgzNjAudGVzdDALggl4MzYxLnRlc3QwC4IJ +-eDM2Mi50ZXN0MAuCCXgzNjMudGVzdDALggl4MzY0LnRlc3QwC4IJeDM2NS50ZXN0 +-MAuCCXgzNjYudGVzdDALggl4MzY3LnRlc3QwC4IJeDM2OC50ZXN0MAuCCXgzNjku +-dGVzdDALggl4MzcwLnRlc3QwC4IJeDM3MS50ZXN0MAuCCXgzNzIudGVzdDALggl4 +-MzczLnRlc3QwC4IJeDM3NC50ZXN0MAuCCXgzNzUudGVzdDALggl4Mzc2LnRlc3Qw +-C4IJeDM3Ny50ZXN0MAuCCXgzNzgudGVzdDALggl4Mzc5LnRlc3QwC4IJeDM4MC50 +-ZXN0MAuCCXgzODEudGVzdDALggl4MzgyLnRlc3QwC4IJeDM4My50ZXN0MAuCCXgz +-ODQudGVzdDALggl4Mzg1LnRlc3QwC4IJeDM4Ni50ZXN0MAuCCXgzODcudGVzdDAL +-ggl4Mzg4LnRlc3QwC4IJeDM4OS50ZXN0MAuCCXgzOTAudGVzdDALggl4MzkxLnRl +-c3QwC4IJeDM5Mi50ZXN0MAuCCXgzOTMudGVzdDALggl4Mzk0LnRlc3QwC4IJeDM5 +-NS50ZXN0MAuCCXgzOTYudGVzdDALggl4Mzk3LnRlc3QwC4IJeDM5OC50ZXN0MAuC +-CXgzOTkudGVzdDALggl4NDAwLnRlc3QwC4IJeDQwMS50ZXN0MAuCCXg0MDIudGVz +-dDALggl4NDAzLnRlc3QwC4IJeDQwNC50ZXN0MAuCCXg0MDUudGVzdDALggl4NDA2 +-LnRlc3QwC4IJeDQwNy50ZXN0MAuCCXg0MDgudGVzdDALggl4NDA5LnRlc3QwC4IJ +-eDQxMC50ZXN0MAuCCXg0MTEudGVzdDALggl4NDEyLnRlc3QwC4IJeDQxMy50ZXN0 +-MAuCCXg0MTQudGVzdDALggl4NDE1LnRlc3QwC4IJeDQxNi50ZXN0MAuCCXg0MTcu +-dGVzdDALggl4NDE4LnRlc3QwC4IJeDQxOS50ZXN0MAuCCXg0MjAudGVzdDALggl4 +-NDIxLnRlc3QwC4IJeDQyMi50ZXN0MAuCCXg0MjMudGVzdDALggl4NDI0LnRlc3Qw +-C4IJeDQyNS50ZXN0MAuCCXg0MjYudGVzdDALggl4NDI3LnRlc3QwC4IJeDQyOC50 +-ZXN0MAuCCXg0MjkudGVzdDALggl4NDMwLnRlc3QwC4IJeDQzMS50ZXN0MAuCCXg0 +-MzIudGVzdDALggl4NDMzLnRlc3QwC4IJeDQzNC50ZXN0MAuCCXg0MzUudGVzdDAL +-ggl4NDM2LnRlc3QwC4IJeDQzNy50ZXN0MAuCCXg0MzgudGVzdDALggl4NDM5LnRl +-c3QwC4IJeDQ0MC50ZXN0MAuCCXg0NDEudGVzdDALggl4NDQyLnRlc3QwC4IJeDQ0 +-My50ZXN0MAuCCXg0NDQudGVzdDALggl4NDQ1LnRlc3QwC4IJeDQ0Ni50ZXN0MAuC +-CXg0NDcudGVzdDALggl4NDQ4LnRlc3QwC4IJeDQ0OS50ZXN0MAuCCXg0NTAudGVz +-dDALggl4NDUxLnRlc3QwC4IJeDQ1Mi50ZXN0MAuCCXg0NTMudGVzdDALggl4NDU0 +-LnRlc3QwC4IJeDQ1NS50ZXN0MAuCCXg0NTYudGVzdDALggl4NDU3LnRlc3QwC4IJ +-eDQ1OC50ZXN0MAuCCXg0NTkudGVzdDALggl4NDYwLnRlc3QwC4IJeDQ2MS50ZXN0 +-MAuCCXg0NjIudGVzdDALggl4NDYzLnRlc3QwC4IJeDQ2NC50ZXN0MAuCCXg0NjUu +-dGVzdDALggl4NDY2LnRlc3QwC4IJeDQ2Ny50ZXN0MAuCCXg0NjgudGVzdDALggl4 +-NDY5LnRlc3QwC4IJeDQ3MC50ZXN0MAuCCXg0NzEudGVzdDALggl4NDcyLnRlc3Qw +-C4IJeDQ3My50ZXN0MAuCCXg0NzQudGVzdDALggl4NDc1LnRlc3QwC4IJeDQ3Ni50 +-ZXN0MAuCCXg0NzcudGVzdDALggl4NDc4LnRlc3QwC4IJeDQ3OS50ZXN0MAuCCXg0 +-ODAudGVzdDALggl4NDgxLnRlc3QwC4IJeDQ4Mi50ZXN0MAuCCXg0ODMudGVzdDAL +-ggl4NDg0LnRlc3QwC4IJeDQ4NS50ZXN0MAuCCXg0ODYudGVzdDALggl4NDg3LnRl +-c3QwC4IJeDQ4OC50ZXN0MAuCCXg0ODkudGVzdDALggl4NDkwLnRlc3QwC4IJeDQ5 +-MS50ZXN0MAuCCXg0OTIudGVzdDALggl4NDkzLnRlc3QwC4IJeDQ5NC50ZXN0MAuC +-CXg0OTUudGVzdDALggl4NDk2LnRlc3QwC4IJeDQ5Ny50ZXN0MAuCCXg0OTgudGVz +-dDALggl4NDk5LnRlc3QwC4IJeDUwMC50ZXN0MAuCCXg1MDEudGVzdDALggl4NTAy +-LnRlc3QwC4IJeDUwMy50ZXN0MAuCCXg1MDQudGVzdDALggl4NTA1LnRlc3QwC4IJ +-eDUwNi50ZXN0MAuCCXg1MDcudGVzdDALggl4NTA4LnRlc3QwC4IJeDUwOS50ZXN0 +-MAuCCXg1MTAudGVzdDALggl4NTExLnRlc3QwC4IJeDUxMi50ZXN0MAuCCXg1MTMu +-dGVzdDALggl4NTE0LnRlc3QwC4IJeDUxNS50ZXN0MAuCCXg1MTYudGVzdDALggl4 +-NTE3LnRlc3QwC4IJeDUxOC50ZXN0MAuCCXg1MTkudGVzdDALggl4NTIwLnRlc3Qw +-C4IJeDUyMS50ZXN0MAuCCXg1MjIudGVzdDALggl4NTIzLnRlc3QwC4IJeDUyNC50 +-ZXN0MAuCCXg1MjUudGVzdDALggl4NTI2LnRlc3QwC4IJeDUyNy50ZXN0MAuCCXg1 +-MjgudGVzdDALggl4NTI5LnRlc3QwC4IJeDUzMC50ZXN0MAuCCXg1MzEudGVzdDAL +-ggl4NTMyLnRlc3QwC4IJeDUzMy50ZXN0MAuCCXg1MzQudGVzdDALggl4NTM1LnRl +-c3QwC4IJeDUzNi50ZXN0MAuCCXg1MzcudGVzdDALggl4NTM4LnRlc3QwC4IJeDUz +-OS50ZXN0MAuCCXg1NDAudGVzdDALggl4NTQxLnRlc3QwC4IJeDU0Mi50ZXN0MAuC +-CXg1NDMudGVzdDALggl4NTQ0LnRlc3QwC4IJeDU0NS50ZXN0MAuCCXg1NDYudGVz +-dDALggl4NTQ3LnRlc3QwC4IJeDU0OC50ZXN0MAuCCXg1NDkudGVzdDALggl4NTUw +-LnRlc3QwC4IJeDU1MS50ZXN0MAuCCXg1NTIudGVzdDALggl4NTUzLnRlc3QwC4IJ +-eDU1NC50ZXN0MAuCCXg1NTUudGVzdDALggl4NTU2LnRlc3QwC4IJeDU1Ny50ZXN0 +-MAuCCXg1NTgudGVzdDALggl4NTU5LnRlc3QwC4IJeDU2MC50ZXN0MAuCCXg1NjEu +-dGVzdDALggl4NTYyLnRlc3QwC4IJeDU2My50ZXN0MAuCCXg1NjQudGVzdDALggl4 +-NTY1LnRlc3QwC4IJeDU2Ni50ZXN0MAuCCXg1NjcudGVzdDALggl4NTY4LnRlc3Qw +-C4IJeDU2OS50ZXN0MAuCCXg1NzAudGVzdDALggl4NTcxLnRlc3QwC4IJeDU3Mi50 +-ZXN0MAuCCXg1NzMudGVzdDALggl4NTc0LnRlc3QwC4IJeDU3NS50ZXN0MAuCCXg1 +-NzYudGVzdDALggl4NTc3LnRlc3QwC4IJeDU3OC50ZXN0MAuCCXg1NzkudGVzdDAL +-ggl4NTgwLnRlc3QwC4IJeDU4MS50ZXN0MAuCCXg1ODIudGVzdDALggl4NTgzLnRl +-c3QwC4IJeDU4NC50ZXN0MAuCCXg1ODUudGVzdDALggl4NTg2LnRlc3QwC4IJeDU4 +-Ny50ZXN0MAuCCXg1ODgudGVzdDALggl4NTg5LnRlc3QwC4IJeDU5MC50ZXN0MAuC +-CXg1OTEudGVzdDALggl4NTkyLnRlc3QwC4IJeDU5My50ZXN0MAuCCXg1OTQudGVz +-dDALggl4NTk1LnRlc3QwC4IJeDU5Ni50ZXN0MAuCCXg1OTcudGVzdDALggl4NTk4 +-LnRlc3QwC4IJeDU5OS50ZXN0MAuCCXg2MDAudGVzdDALggl4NjAxLnRlc3QwC4IJ +-eDYwMi50ZXN0MAuCCXg2MDMudGVzdDALggl4NjA0LnRlc3QwC4IJeDYwNS50ZXN0 +-MAuCCXg2MDYudGVzdDALggl4NjA3LnRlc3QwC4IJeDYwOC50ZXN0MAuCCXg2MDku +-dGVzdDALggl4NjEwLnRlc3QwC4IJeDYxMS50ZXN0MAuCCXg2MTIudGVzdDALggl4 +-NjEzLnRlc3QwC4IJeDYxNC50ZXN0MAuCCXg2MTUudGVzdDALggl4NjE2LnRlc3Qw +-C4IJeDYxNy50ZXN0MAuCCXg2MTgudGVzdDALggl4NjE5LnRlc3QwC4IJeDYyMC50 +-ZXN0MAuCCXg2MjEudGVzdDALggl4NjIyLnRlc3QwC4IJeDYyMy50ZXN0MAuCCXg2 +-MjQudGVzdDALggl4NjI1LnRlc3QwC4IJeDYyNi50ZXN0MAuCCXg2MjcudGVzdDAL +-ggl4NjI4LnRlc3QwC4IJeDYyOS50ZXN0MAuCCXg2MzAudGVzdDALggl4NjMxLnRl +-c3QwC4IJeDYzMi50ZXN0MAuCCXg2MzMudGVzdDALggl4NjM0LnRlc3QwC4IJeDYz +-NS50ZXN0MAuCCXg2MzYudGVzdDALggl4NjM3LnRlc3QwC4IJeDYzOC50ZXN0MAuC +-CXg2MzkudGVzdDALggl4NjQwLnRlc3QwC4IJeDY0MS50ZXN0MAuCCXg2NDIudGVz +-dDALggl4NjQzLnRlc3QwC4IJeDY0NC50ZXN0MAuCCXg2NDUudGVzdDALggl4NjQ2 +-LnRlc3QwC4IJeDY0Ny50ZXN0MAuCCXg2NDgudGVzdDALggl4NjQ5LnRlc3QwC4IJ +-eDY1MC50ZXN0MAuCCXg2NTEudGVzdDALggl4NjUyLnRlc3QwC4IJeDY1My50ZXN0 +-MAuCCXg2NTQudGVzdDALggl4NjU1LnRlc3QwC4IJeDY1Ni50ZXN0MAuCCXg2NTcu +-dGVzdDALggl4NjU4LnRlc3QwC4IJeDY1OS50ZXN0MAuCCXg2NjAudGVzdDALggl4 +-NjYxLnRlc3QwC4IJeDY2Mi50ZXN0MAuCCXg2NjMudGVzdDALggl4NjY0LnRlc3Qw +-C4IJeDY2NS50ZXN0MAuCCXg2NjYudGVzdDALggl4NjY3LnRlc3QwC4IJeDY2OC50 +-ZXN0MAuCCXg2NjkudGVzdDALggl4NjcwLnRlc3QwC4IJeDY3MS50ZXN0MAuCCXg2 +-NzIudGVzdDALggl4NjczLnRlc3QwC4IJeDY3NC50ZXN0MAuCCXg2NzUudGVzdDAL +-ggl4Njc2LnRlc3QwC4IJeDY3Ny50ZXN0MAuCCXg2NzgudGVzdDALggl4Njc5LnRl +-c3QwC4IJeDY4MC50ZXN0MAuCCXg2ODEudGVzdDALggl4NjgyLnRlc3QwC4IJeDY4 +-My50ZXN0MAuCCXg2ODQudGVzdDALggl4Njg1LnRlc3QwC4IJeDY4Ni50ZXN0MAuC +-CXg2ODcudGVzdDALggl4Njg4LnRlc3QwC4IJeDY4OS50ZXN0MAuCCXg2OTAudGVz +-dDALggl4NjkxLnRlc3QwC4IJeDY5Mi50ZXN0MAuCCXg2OTMudGVzdDALggl4Njk0 +-LnRlc3QwC4IJeDY5NS50ZXN0MAuCCXg2OTYudGVzdDALggl4Njk3LnRlc3QwC4IJ +-eDY5OC50ZXN0MAuCCXg2OTkudGVzdDALggl4NzAwLnRlc3QwC4IJeDcwMS50ZXN0 +-MAuCCXg3MDIudGVzdDALggl4NzAzLnRlc3QwC4IJeDcwNC50ZXN0MAuCCXg3MDUu +-dGVzdDALggl4NzA2LnRlc3QwC4IJeDcwNy50ZXN0MAuCCXg3MDgudGVzdDALggl4 +-NzA5LnRlc3QwC4IJeDcxMC50ZXN0MAuCCXg3MTEudGVzdDALggl4NzEyLnRlc3Qw +-C4IJeDcxMy50ZXN0MAuCCXg3MTQudGVzdDALggl4NzE1LnRlc3QwC4IJeDcxNi50 +-ZXN0MAuCCXg3MTcudGVzdDALggl4NzE4LnRlc3QwC4IJeDcxOS50ZXN0MAuCCXg3 +-MjAudGVzdDALggl4NzIxLnRlc3QwC4IJeDcyMi50ZXN0MAuCCXg3MjMudGVzdDAL +-ggl4NzI0LnRlc3QwC4IJeDcyNS50ZXN0MAuCCXg3MjYudGVzdDALggl4NzI3LnRl +-c3QwC4IJeDcyOC50ZXN0MAuCCXg3MjkudGVzdDALggl4NzMwLnRlc3QwC4IJeDcz +-MS50ZXN0MAuCCXg3MzIudGVzdDALggl4NzMzLnRlc3QwC4IJeDczNC50ZXN0MAuC +-CXg3MzUudGVzdDALggl4NzM2LnRlc3QwC4IJeDczNy50ZXN0MAuCCXg3MzgudGVz +-dDALggl4NzM5LnRlc3QwC4IJeDc0MC50ZXN0MAuCCXg3NDEudGVzdDALggl4NzQy +-LnRlc3QwC4IJeDc0My50ZXN0MAuCCXg3NDQudGVzdDALggl4NzQ1LnRlc3QwC4IJ +-eDc0Ni50ZXN0MAuCCXg3NDcudGVzdDALggl4NzQ4LnRlc3QwC4IJeDc0OS50ZXN0 +-MAuCCXg3NTAudGVzdDALggl4NzUxLnRlc3QwC4IJeDc1Mi50ZXN0MAuCCXg3NTMu +-dGVzdDALggl4NzU0LnRlc3QwC4IJeDc1NS50ZXN0MAuCCXg3NTYudGVzdDALggl4 +-NzU3LnRlc3QwC4IJeDc1OC50ZXN0MAuCCXg3NTkudGVzdDALggl4NzYwLnRlc3Qw +-C4IJeDc2MS50ZXN0MAuCCXg3NjIudGVzdDALggl4NzYzLnRlc3QwC4IJeDc2NC50 +-ZXN0MAuCCXg3NjUudGVzdDALggl4NzY2LnRlc3QwC4IJeDc2Ny50ZXN0MAuCCXg3 +-NjgudGVzdDALggl4NzY5LnRlc3QwC4IJeDc3MC50ZXN0MAuCCXg3NzEudGVzdDAL +-ggl4NzcyLnRlc3QwC4IJeDc3My50ZXN0MAuCCXg3NzQudGVzdDALggl4Nzc1LnRl +-c3QwC4IJeDc3Ni50ZXN0MAuCCXg3NzcudGVzdDALggl4Nzc4LnRlc3QwC4IJeDc3 +-OS50ZXN0MAuCCXg3ODAudGVzdDALggl4NzgxLnRlc3QwC4IJeDc4Mi50ZXN0MAuC +-CXg3ODMudGVzdDALggl4Nzg0LnRlc3QwC4IJeDc4NS50ZXN0MAuCCXg3ODYudGVz +-dDALggl4Nzg3LnRlc3QwC4IJeDc4OC50ZXN0MAuCCXg3ODkudGVzdDALggl4Nzkw +-LnRlc3QwC4IJeDc5MS50ZXN0MAuCCXg3OTIudGVzdDALggl4NzkzLnRlc3QwC4IJ +-eDc5NC50ZXN0MAuCCXg3OTUudGVzdDALggl4Nzk2LnRlc3QwC4IJeDc5Ny50ZXN0 +-MAuCCXg3OTgudGVzdDALggl4Nzk5LnRlc3QwC4IJeDgwMC50ZXN0MAuCCXg4MDEu +-dGVzdDALggl4ODAyLnRlc3QwC4IJeDgwMy50ZXN0MAuCCXg4MDQudGVzdDALggl4 +-ODA1LnRlc3QwC4IJeDgwNi50ZXN0MAuCCXg4MDcudGVzdDALggl4ODA4LnRlc3Qw +-C4IJeDgwOS50ZXN0MAuCCXg4MTAudGVzdDALggl4ODExLnRlc3QwC4IJeDgxMi50 +-ZXN0MAuCCXg4MTMudGVzdDALggl4ODE0LnRlc3QwC4IJeDgxNS50ZXN0MAuCCXg4 +-MTYudGVzdDALggl4ODE3LnRlc3QwC4IJeDgxOC50ZXN0MAuCCXg4MTkudGVzdDAL +-ggl4ODIwLnRlc3QwC4IJeDgyMS50ZXN0MAuCCXg4MjIudGVzdDALggl4ODIzLnRl +-c3QwC4IJeDgyNC50ZXN0MAuCCXg4MjUudGVzdDALggl4ODI2LnRlc3QwC4IJeDgy +-Ny50ZXN0MAuCCXg4MjgudGVzdDALggl4ODI5LnRlc3QwC4IJeDgzMC50ZXN0MAuC +-CXg4MzEudGVzdDALggl4ODMyLnRlc3QwC4IJeDgzMy50ZXN0MAuCCXg4MzQudGVz +-dDALggl4ODM1LnRlc3QwC4IJeDgzNi50ZXN0MAuCCXg4MzcudGVzdDALggl4ODM4 +-LnRlc3QwC4IJeDgzOS50ZXN0MAuCCXg4NDAudGVzdDALggl4ODQxLnRlc3QwC4IJ +-eDg0Mi50ZXN0MAuCCXg4NDMudGVzdDALggl4ODQ0LnRlc3QwC4IJeDg0NS50ZXN0 +-MAuCCXg4NDYudGVzdDALggl4ODQ3LnRlc3QwC4IJeDg0OC50ZXN0MAuCCXg4NDku +-dGVzdDALggl4ODUwLnRlc3QwC4IJeDg1MS50ZXN0MAuCCXg4NTIudGVzdDALggl4 +-ODUzLnRlc3QwC4IJeDg1NC50ZXN0MAuCCXg4NTUudGVzdDALggl4ODU2LnRlc3Qw +-C4IJeDg1Ny50ZXN0MAuCCXg4NTgudGVzdDALggl4ODU5LnRlc3QwC4IJeDg2MC50 +-ZXN0MAuCCXg4NjEudGVzdDALggl4ODYyLnRlc3QwC4IJeDg2My50ZXN0MAuCCXg4 +-NjQudGVzdDALggl4ODY1LnRlc3QwC4IJeDg2Ni50ZXN0MAuCCXg4NjcudGVzdDAL +-ggl4ODY4LnRlc3QwC4IJeDg2OS50ZXN0MAuCCXg4NzAudGVzdDALggl4ODcxLnRl +-c3QwC4IJeDg3Mi50ZXN0MAuCCXg4NzMudGVzdDALggl4ODc0LnRlc3QwC4IJeDg3 +-NS50ZXN0MAuCCXg4NzYudGVzdDALggl4ODc3LnRlc3QwC4IJeDg3OC50ZXN0MAuC +-CXg4NzkudGVzdDALggl4ODgwLnRlc3QwC4IJeDg4MS50ZXN0MAuCCXg4ODIudGVz +-dDALggl4ODgzLnRlc3QwC4IJeDg4NC50ZXN0MAuCCXg4ODUudGVzdDALggl4ODg2 +-LnRlc3QwC4IJeDg4Ny50ZXN0MAuCCXg4ODgudGVzdDALggl4ODg5LnRlc3QwC4IJ +-eDg5MC50ZXN0MAuCCXg4OTEudGVzdDALggl4ODkyLnRlc3QwC4IJeDg5My50ZXN0 +-MAuCCXg4OTQudGVzdDALggl4ODk1LnRlc3QwC4IJeDg5Ni50ZXN0MAuCCXg4OTcu +-dGVzdDALggl4ODk4LnRlc3QwC4IJeDg5OS50ZXN0MAuCCXg5MDAudGVzdDALggl4 +-OTAxLnRlc3QwC4IJeDkwMi50ZXN0MAuCCXg5MDMudGVzdDALggl4OTA0LnRlc3Qw +-C4IJeDkwNS50ZXN0MAuCCXg5MDYudGVzdDALggl4OTA3LnRlc3QwC4IJeDkwOC50 +-ZXN0MAuCCXg5MDkudGVzdDALggl4OTEwLnRlc3QwC4IJeDkxMS50ZXN0MAuCCXg5 +-MTIudGVzdDALggl4OTEzLnRlc3QwC4IJeDkxNC50ZXN0MAuCCXg5MTUudGVzdDAL +-ggl4OTE2LnRlc3QwC4IJeDkxNy50ZXN0MAuCCXg5MTgudGVzdDALggl4OTE5LnRl +-c3QwC4IJeDkyMC50ZXN0MAuCCXg5MjEudGVzdDALggl4OTIyLnRlc3QwC4IJeDky +-My50ZXN0MAuCCXg5MjQudGVzdDALggl4OTI1LnRlc3QwC4IJeDkyNi50ZXN0MAuC +-CXg5MjcudGVzdDALggl4OTI4LnRlc3QwC4IJeDkyOS50ZXN0MAuCCXg5MzAudGVz +-dDALggl4OTMxLnRlc3QwC4IJeDkzMi50ZXN0MAuCCXg5MzMudGVzdDALggl4OTM0 +-LnRlc3QwC4IJeDkzNS50ZXN0MAuCCXg5MzYudGVzdDALggl4OTM3LnRlc3QwC4IJ +-eDkzOC50ZXN0MAuCCXg5MzkudGVzdDALggl4OTQwLnRlc3QwC4IJeDk0MS50ZXN0 +-MAuCCXg5NDIudGVzdDALggl4OTQzLnRlc3QwC4IJeDk0NC50ZXN0MAuCCXg5NDUu +-dGVzdDALggl4OTQ2LnRlc3QwC4IJeDk0Ny50ZXN0MAuCCXg5NDgudGVzdDALggl4 +-OTQ5LnRlc3QwC4IJeDk1MC50ZXN0MAuCCXg5NTEudGVzdDALggl4OTUyLnRlc3Qw +-C4IJeDk1My50ZXN0MAuCCXg5NTQudGVzdDALggl4OTU1LnRlc3QwC4IJeDk1Ni50 +-ZXN0MAuCCXg5NTcudGVzdDALggl4OTU4LnRlc3QwC4IJeDk1OS50ZXN0MAuCCXg5 +-NjAudGVzdDALggl4OTYxLnRlc3QwC4IJeDk2Mi50ZXN0MAuCCXg5NjMudGVzdDAL +-ggl4OTY0LnRlc3QwC4IJeDk2NS50ZXN0MAuCCXg5NjYudGVzdDALggl4OTY3LnRl +-c3QwC4IJeDk2OC50ZXN0MAuCCXg5NjkudGVzdDALggl4OTcwLnRlc3QwC4IJeDk3 +-MS50ZXN0MAuCCXg5NzIudGVzdDALggl4OTczLnRlc3QwC4IJeDk3NC50ZXN0MAuC +-CXg5NzUudGVzdDALggl4OTc2LnRlc3QwC4IJeDk3Ny50ZXN0MAuCCXg5NzgudGVz +-dDALggl4OTc5LnRlc3QwC4IJeDk4MC50ZXN0MAuCCXg5ODEudGVzdDALggl4OTgy +-LnRlc3QwC4IJeDk4My50ZXN0MAuCCXg5ODQudGVzdDALggl4OTg1LnRlc3QwC4IJ +-eDk4Ni50ZXN0MAuCCXg5ODcudGVzdDALggl4OTg4LnRlc3QwC4IJeDk4OS50ZXN0 +-MAuCCXg5OTAudGVzdDALggl4OTkxLnRlc3QwC4IJeDk5Mi50ZXN0MAuCCXg5OTMu +-dGVzdDALggl4OTk0LnRlc3QwC4IJeDk5NS50ZXN0MAuCCXg5OTYudGVzdDALggl4 +-OTk3LnRlc3QwC4IJeDk5OC50ZXN0MAuCCXg5OTkudGVzdDAMggp4MTAwMC50ZXN0 +-MAyCCngxMDAxLnRlc3QwDIIKeDEwMDIudGVzdDAMggp4MTAwMy50ZXN0MAyCCngx +-MDA0LnRlc3QwDIIKeDEwMDUudGVzdDAMggp4MTAwNi50ZXN0MAyCCngxMDA3LnRl +-c3QwDIIKeDEwMDgudGVzdDAMggp4MTAwOS50ZXN0MAyCCngxMDEwLnRlc3QwDIIK +-eDEwMTEudGVzdDAMggp4MTAxMi50ZXN0MAyCCngxMDEzLnRlc3QwDIIKeDEwMTQu +-dGVzdDAMggp4MTAxNS50ZXN0MAyCCngxMDE2LnRlc3QwDIIKeDEwMTcudGVzdDAM +-ggp4MTAxOC50ZXN0MAyCCngxMDE5LnRlc3QwDIIKeDEwMjAudGVzdDAMggp4MTAy +-MS50ZXN0MAyCCngxMDIyLnRlc3QwDIIKeDEwMjMudGVzdDAMggp4MTAyNC50ZXN0 +-MBGkDzANMQswCQYDVQQDDAJ4MDARpA8wDTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJ +-BgNVBAMMAngyMBGkDzANMQswCQYDVQQDDAJ4MzARpA8wDTELMAkGA1UEAwwCeDQw +-EaQPMA0xCzAJBgNVBAMMAng1MBGkDzANMQswCQYDVQQDDAJ4NjARpA8wDTELMAkG +-A1UEAwwCeDcwEaQPMA0xCzAJBgNVBAMMAng4MBGkDzANMQswCQYDVQQDDAJ4OTAS +-pBAwDjEMMAoGA1UEAwwDeDEwMBKkEDAOMQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAK +-BgNVBAMMA3gxMjASpBAwDjEMMAoGA1UEAwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4 +-MTQwEqQQMA4xDDAKBgNVBAMMA3gxNTASpBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAO +-MQwwCgYDVQQDDAN4MTcwEqQQMA4xDDAKBgNVBAMMA3gxODASpBAwDjEMMAoGA1UE +-AwwDeDE5MBKkEDAOMQwwCgYDVQQDDAN4MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTAS +-pBAwDjEMMAoGA1UEAwwDeDIyMBKkEDAOMQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAK +-BgNVBAMMA3gyNDASpBAwDjEMMAoGA1UEAwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4 +-MjYwEqQQMA4xDDAKBgNVBAMMA3gyNzASpBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAO +-MQwwCgYDVQQDDAN4MjkwEqQQMA4xDDAKBgNVBAMMA3gzMDASpBAwDjEMMAoGA1UE +-AwwDeDMxMBKkEDAOMQwwCgYDVQQDDAN4MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzAS +-pBAwDjEMMAoGA1UEAwwDeDM0MBKkEDAOMQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAK +-BgNVBAMMA3gzNjASpBAwDjEMMAoGA1UEAwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4 +-MzgwEqQQMA4xDDAKBgNVBAMMA3gzOTASpBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAO +-MQwwCgYDVQQDDAN4NDEwEqQQMA4xDDAKBgNVBAMMA3g0MjASpBAwDjEMMAoGA1UE +-AwwDeDQzMBKkEDAOMQwwCgYDVQQDDAN4NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTAS +-pBAwDjEMMAoGA1UEAwwDeDQ2MBKkEDAOMQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAK +-BgNVBAMMA3g0ODASpBAwDjEMMAoGA1UEAwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4 +-NTAwEqQQMA4xDDAKBgNVBAMMA3g1MTASpBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAO +-MQwwCgYDVQQDDAN4NTMwEqQQMA4xDDAKBgNVBAMMA3g1NDASpBAwDjEMMAoGA1UE +-AwwDeDU1MBKkEDAOMQwwCgYDVQQDDAN4NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzAS +-pBAwDjEMMAoGA1UEAwwDeDU4MBKkEDAOMQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAK +-BgNVBAMMA3g2MDASpBAwDjEMMAoGA1UEAwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4 +-NjIwEqQQMA4xDDAKBgNVBAMMA3g2MzASpBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAO +-MQwwCgYDVQQDDAN4NjUwEqQQMA4xDDAKBgNVBAMMA3g2NjASpBAwDjEMMAoGA1UE +-AwwDeDY3MBKkEDAOMQwwCgYDVQQDDAN4NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTAS +-pBAwDjEMMAoGA1UEAwwDeDcwMBKkEDAOMQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAK +-BgNVBAMMA3g3MjASpBAwDjEMMAoGA1UEAwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4 +-NzQwEqQQMA4xDDAKBgNVBAMMA3g3NTASpBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAO +-MQwwCgYDVQQDDAN4NzcwEqQQMA4xDDAKBgNVBAMMA3g3ODASpBAwDjEMMAoGA1UE +-AwwDeDc5MBKkEDAOMQwwCgYDVQQDDAN4ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTAS +-pBAwDjEMMAoGA1UEAwwDeDgyMBKkEDAOMQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAK +-BgNVBAMMA3g4NDASpBAwDjEMMAoGA1UEAwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4 +-ODYwEqQQMA4xDDAKBgNVBAMMA3g4NzASpBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAO +-MQwwCgYDVQQDDAN4ODkwEqQQMA4xDDAKBgNVBAMMA3g5MDASpBAwDjEMMAoGA1UE +-AwwDeDkxMBKkEDAOMQwwCgYDVQQDDAN4OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzAS +-pBAwDjEMMAoGA1UEAwwDeDk0MBKkEDAOMQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAK +-BgNVBAMMA3g5NjASpBAwDjEMMAoGA1UEAwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4 +-OTgwEqQQMA4xDDAKBgNVBAMMA3g5OTATpBEwDzENMAsGA1UEAwwEeDEwMDATpBEw +-DzENMAsGA1UEAwwEeDEwMTATpBEwDzENMAsGA1UEAwwEeDEwMjATpBEwDzENMAsG +-A1UEAwwEeDEwMzATpBEwDzENMAsGA1UEAwwEeDEwNDATpBEwDzENMAsGA1UEAwwE +-eDEwNTATpBEwDzENMAsGA1UEAwwEeDEwNjATpBEwDzENMAsGA1UEAwwEeDEwNzAT +-pBEwDzENMAsGA1UEAwwEeDEwODATpBEwDzENMAsGA1UEAwwEeDEwOTATpBEwDzEN +-MAsGA1UEAwwEeDExMDATpBEwDzENMAsGA1UEAwwEeDExMTATpBEwDzENMAsGA1UE +-AwwEeDExMjATpBEwDzENMAsGA1UEAwwEeDExMzATpBEwDzENMAsGA1UEAwwEeDEx +-NDATpBEwDzENMAsGA1UEAwwEeDExNTATpBEwDzENMAsGA1UEAwwEeDExNjATpBEw +-DzENMAsGA1UEAwwEeDExNzATpBEwDzENMAsGA1UEAwwEeDExODATpBEwDzENMAsG +-A1UEAwwEeDExOTATpBEwDzENMAsGA1UEAwwEeDEyMDATpBEwDzENMAsGA1UEAwwE +-eDEyMTATpBEwDzENMAsGA1UEAwwEeDEyMjATpBEwDzENMAsGA1UEAwwEeDEyMzAT +-pBEwDzENMAsGA1UEAwwEeDEyNDATpBEwDzENMAsGA1UEAwwEeDEyNTATpBEwDzEN +-MAsGA1UEAwwEeDEyNjATpBEwDzENMAsGA1UEAwwEeDEyNzATpBEwDzENMAsGA1UE +-AwwEeDEyODATpBEwDzENMAsGA1UEAwwEeDEyOTATpBEwDzENMAsGA1UEAwwEeDEz +-MDATpBEwDzENMAsGA1UEAwwEeDEzMTATpBEwDzENMAsGA1UEAwwEeDEzMjATpBEw +-DzENMAsGA1UEAwwEeDEzMzATpBEwDzENMAsGA1UEAwwEeDEzNDATpBEwDzENMAsG +-A1UEAwwEeDEzNTATpBEwDzENMAsGA1UEAwwEeDEzNjATpBEwDzENMAsGA1UEAwwE +-eDEzNzATpBEwDzENMAsGA1UEAwwEeDEzODATpBEwDzENMAsGA1UEAwwEeDEzOTAT +-pBEwDzENMAsGA1UEAwwEeDE0MDATpBEwDzENMAsGA1UEAwwEeDE0MTATpBEwDzEN +-MAsGA1UEAwwEeDE0MjATpBEwDzENMAsGA1UEAwwEeDE0MzATpBEwDzENMAsGA1UE +-AwwEeDE0NDATpBEwDzENMAsGA1UEAwwEeDE0NTATpBEwDzENMAsGA1UEAwwEeDE0 +-NjATpBEwDzENMAsGA1UEAwwEeDE0NzATpBEwDzENMAsGA1UEAwwEeDE0ODATpBEw +-DzENMAsGA1UEAwwEeDE0OTATpBEwDzENMAsGA1UEAwwEeDE1MDATpBEwDzENMAsG +-A1UEAwwEeDE1MTATpBEwDzENMAsGA1UEAwwEeDE1MjATpBEwDzENMAsGA1UEAwwE +-eDE1MzATpBEwDzENMAsGA1UEAwwEeDE1NDATpBEwDzENMAsGA1UEAwwEeDE1NTAT +-pBEwDzENMAsGA1UEAwwEeDE1NjATpBEwDzENMAsGA1UEAwwEeDE1NzATpBEwDzEN +-MAsGA1UEAwwEeDE1ODATpBEwDzENMAsGA1UEAwwEeDE1OTATpBEwDzENMAsGA1UE +-AwwEeDE2MDATpBEwDzENMAsGA1UEAwwEeDE2MTATpBEwDzENMAsGA1UEAwwEeDE2 +-MjATpBEwDzENMAsGA1UEAwwEeDE2MzATpBEwDzENMAsGA1UEAwwEeDE2NDATpBEw +-DzENMAsGA1UEAwwEeDE2NTATpBEwDzENMAsGA1UEAwwEeDE2NjATpBEwDzENMAsG +-A1UEAwwEeDE2NzATpBEwDzENMAsGA1UEAwwEeDE2ODATpBEwDzENMAsGA1UEAwwE +-eDE2OTATpBEwDzENMAsGA1UEAwwEeDE3MDATpBEwDzENMAsGA1UEAwwEeDE3MTAT +-pBEwDzENMAsGA1UEAwwEeDE3MjATpBEwDzENMAsGA1UEAwwEeDE3MzATpBEwDzEN +-MAsGA1UEAwwEeDE3NDATpBEwDzENMAsGA1UEAwwEeDE3NTATpBEwDzENMAsGA1UE +-AwwEeDE3NjATpBEwDzENMAsGA1UEAwwEeDE3NzATpBEwDzENMAsGA1UEAwwEeDE3 +-ODATpBEwDzENMAsGA1UEAwwEeDE3OTATpBEwDzENMAsGA1UEAwwEeDE4MDATpBEw +-DzENMAsGA1UEAwwEeDE4MTATpBEwDzENMAsGA1UEAwwEeDE4MjATpBEwDzENMAsG +-A1UEAwwEeDE4MzATpBEwDzENMAsGA1UEAwwEeDE4NDATpBEwDzENMAsGA1UEAwwE +-eDE4NTATpBEwDzENMAsGA1UEAwwEeDE4NjATpBEwDzENMAsGA1UEAwwEeDE4NzAT +-pBEwDzENMAsGA1UEAwwEeDE4ODATpBEwDzENMAsGA1UEAwwEeDE4OTATpBEwDzEN +-MAsGA1UEAwwEeDE5MDATpBEwDzENMAsGA1UEAwwEeDE5MTATpBEwDzENMAsGA1UE +-AwwEeDE5MjATpBEwDzENMAsGA1UEAwwEeDE5MzATpBEwDzENMAsGA1UEAwwEeDE5 +-NDATpBEwDzENMAsGA1UEAwwEeDE5NTATpBEwDzENMAsGA1UEAwwEeDE5NjATpBEw +-DzENMAsGA1UEAwwEeDE5NzATpBEwDzENMAsGA1UEAwwEeDE5ODATpBEwDzENMAsG +-A1UEAwwEeDE5OTATpBEwDzENMAsGA1UEAwwEeDIwMDATpBEwDzENMAsGA1UEAwwE +-eDIwMTATpBEwDzENMAsGA1UEAwwEeDIwMjATpBEwDzENMAsGA1UEAwwEeDIwMzAT +-pBEwDzENMAsGA1UEAwwEeDIwNDATpBEwDzENMAsGA1UEAwwEeDIwNTATpBEwDzEN +-MAsGA1UEAwwEeDIwNjATpBEwDzENMAsGA1UEAwwEeDIwNzATpBEwDzENMAsGA1UE +-AwwEeDIwODATpBEwDzENMAsGA1UEAwwEeDIwOTATpBEwDzENMAsGA1UEAwwEeDIx +-MDATpBEwDzENMAsGA1UEAwwEeDIxMTATpBEwDzENMAsGA1UEAwwEeDIxMjATpBEw +-DzENMAsGA1UEAwwEeDIxMzATpBEwDzENMAsGA1UEAwwEeDIxNDATpBEwDzENMAsG +-A1UEAwwEeDIxNTATpBEwDzENMAsGA1UEAwwEeDIxNjATpBEwDzENMAsGA1UEAwwE +-eDIxNzATpBEwDzENMAsGA1UEAwwEeDIxODATpBEwDzENMAsGA1UEAwwEeDIxOTAT +-pBEwDzENMAsGA1UEAwwEeDIyMDATpBEwDzENMAsGA1UEAwwEeDIyMTATpBEwDzEN +-MAsGA1UEAwwEeDIyMjATpBEwDzENMAsGA1UEAwwEeDIyMzATpBEwDzENMAsGA1UE +-AwwEeDIyNDATpBEwDzENMAsGA1UEAwwEeDIyNTATpBEwDzENMAsGA1UEAwwEeDIy +-NjATpBEwDzENMAsGA1UEAwwEeDIyNzATpBEwDzENMAsGA1UEAwwEeDIyODATpBEw +-DzENMAsGA1UEAwwEeDIyOTATpBEwDzENMAsGA1UEAwwEeDIzMDATpBEwDzENMAsG +-A1UEAwwEeDIzMTATpBEwDzENMAsGA1UEAwwEeDIzMjATpBEwDzENMAsGA1UEAwwE +-eDIzMzATpBEwDzENMAsGA1UEAwwEeDIzNDATpBEwDzENMAsGA1UEAwwEeDIzNTAT +-pBEwDzENMAsGA1UEAwwEeDIzNjATpBEwDzENMAsGA1UEAwwEeDIzNzATpBEwDzEN +-MAsGA1UEAwwEeDIzODATpBEwDzENMAsGA1UEAwwEeDIzOTATpBEwDzENMAsGA1UE +-AwwEeDI0MDATpBEwDzENMAsGA1UEAwwEeDI0MTATpBEwDzENMAsGA1UEAwwEeDI0 +-MjATpBEwDzENMAsGA1UEAwwEeDI0MzATpBEwDzENMAsGA1UEAwwEeDI0NDATpBEw +-DzENMAsGA1UEAwwEeDI0NTATpBEwDzENMAsGA1UEAwwEeDI0NjATpBEwDzENMAsG +-A1UEAwwEeDI0NzATpBEwDzENMAsGA1UEAwwEeDI0ODATpBEwDzENMAsGA1UEAwwE +-eDI0OTATpBEwDzENMAsGA1UEAwwEeDI1MDATpBEwDzENMAsGA1UEAwwEeDI1MTAT +-pBEwDzENMAsGA1UEAwwEeDI1MjATpBEwDzENMAsGA1UEAwwEeDI1MzATpBEwDzEN +-MAsGA1UEAwwEeDI1NDATpBEwDzENMAsGA1UEAwwEeDI1NTATpBEwDzENMAsGA1UE +-AwwEeDI1NjATpBEwDzENMAsGA1UEAwwEeDI1NzATpBEwDzENMAsGA1UEAwwEeDI1 +-ODATpBEwDzENMAsGA1UEAwwEeDI1OTATpBEwDzENMAsGA1UEAwwEeDI2MDATpBEw +-DzENMAsGA1UEAwwEeDI2MTATpBEwDzENMAsGA1UEAwwEeDI2MjATpBEwDzENMAsG +-A1UEAwwEeDI2MzATpBEwDzENMAsGA1UEAwwEeDI2NDATpBEwDzENMAsGA1UEAwwE +-eDI2NTATpBEwDzENMAsGA1UEAwwEeDI2NjATpBEwDzENMAsGA1UEAwwEeDI2NzAT +-pBEwDzENMAsGA1UEAwwEeDI2ODATpBEwDzENMAsGA1UEAwwEeDI2OTATpBEwDzEN +-MAsGA1UEAwwEeDI3MDATpBEwDzENMAsGA1UEAwwEeDI3MTATpBEwDzENMAsGA1UE +-AwwEeDI3MjATpBEwDzENMAsGA1UEAwwEeDI3MzATpBEwDzENMAsGA1UEAwwEeDI3 +-NDATpBEwDzENMAsGA1UEAwwEeDI3NTATpBEwDzENMAsGA1UEAwwEeDI3NjATpBEw +-DzENMAsGA1UEAwwEeDI3NzATpBEwDzENMAsGA1UEAwwEeDI3ODATpBEwDzENMAsG +-A1UEAwwEeDI3OTATpBEwDzENMAsGA1UEAwwEeDI4MDATpBEwDzENMAsGA1UEAwwE +-eDI4MTATpBEwDzENMAsGA1UEAwwEeDI4MjATpBEwDzENMAsGA1UEAwwEeDI4MzAT +-pBEwDzENMAsGA1UEAwwEeDI4NDATpBEwDzENMAsGA1UEAwwEeDI4NTATpBEwDzEN +-MAsGA1UEAwwEeDI4NjATpBEwDzENMAsGA1UEAwwEeDI4NzATpBEwDzENMAsGA1UE +-AwwEeDI4ODATpBEwDzENMAsGA1UEAwwEeDI4OTATpBEwDzENMAsGA1UEAwwEeDI5 +-MDATpBEwDzENMAsGA1UEAwwEeDI5MTATpBEwDzENMAsGA1UEAwwEeDI5MjATpBEw +-DzENMAsGA1UEAwwEeDI5MzATpBEwDzENMAsGA1UEAwwEeDI5NDATpBEwDzENMAsG +-A1UEAwwEeDI5NTATpBEwDzENMAsGA1UEAwwEeDI5NjATpBEwDzENMAsGA1UEAwwE +-eDI5NzATpBEwDzENMAsGA1UEAwwEeDI5ODATpBEwDzENMAsGA1UEAwwEeDI5OTAT +-pBEwDzENMAsGA1UEAwwEeDMwMDATpBEwDzENMAsGA1UEAwwEeDMwMTATpBEwDzEN +-MAsGA1UEAwwEeDMwMjATpBEwDzENMAsGA1UEAwwEeDMwMzATpBEwDzENMAsGA1UE +-AwwEeDMwNDATpBEwDzENMAsGA1UEAwwEeDMwNTATpBEwDzENMAsGA1UEAwwEeDMw +-NjATpBEwDzENMAsGA1UEAwwEeDMwNzATpBEwDzENMAsGA1UEAwwEeDMwODATpBEw +-DzENMAsGA1UEAwwEeDMwOTATpBEwDzENMAsGA1UEAwwEeDMxMDATpBEwDzENMAsG +-A1UEAwwEeDMxMTATpBEwDzENMAsGA1UEAwwEeDMxMjATpBEwDzENMAsGA1UEAwwE +-eDMxMzATpBEwDzENMAsGA1UEAwwEeDMxNDATpBEwDzENMAsGA1UEAwwEeDMxNTAT +-pBEwDzENMAsGA1UEAwwEeDMxNjATpBEwDzENMAsGA1UEAwwEeDMxNzATpBEwDzEN +-MAsGA1UEAwwEeDMxODATpBEwDzENMAsGA1UEAwwEeDMxOTATpBEwDzENMAsGA1UE +-AwwEeDMyMDATpBEwDzENMAsGA1UEAwwEeDMyMTATpBEwDzENMAsGA1UEAwwEeDMy +-MjATpBEwDzENMAsGA1UEAwwEeDMyMzATpBEwDzENMAsGA1UEAwwEeDMyNDATpBEw +-DzENMAsGA1UEAwwEeDMyNTATpBEwDzENMAsGA1UEAwwEeDMyNjATpBEwDzENMAsG +-A1UEAwwEeDMyNzATpBEwDzENMAsGA1UEAwwEeDMyODATpBEwDzENMAsGA1UEAwwE +-eDMyOTATpBEwDzENMAsGA1UEAwwEeDMzMDATpBEwDzENMAsGA1UEAwwEeDMzMTAT +-pBEwDzENMAsGA1UEAwwEeDMzMjATpBEwDzENMAsGA1UEAwwEeDMzMzATpBEwDzEN +-MAsGA1UEAwwEeDMzNDATpBEwDzENMAsGA1UEAwwEeDMzNTATpBEwDzENMAsGA1UE +-AwwEeDMzNjATpBEwDzENMAsGA1UEAwwEeDMzNzATpBEwDzENMAsGA1UEAwwEeDMz +-ODATpBEwDzENMAsGA1UEAwwEeDMzOTATpBEwDzENMAsGA1UEAwwEeDM0MDATpBEw +-DzENMAsGA1UEAwwEeDM0MTATpBEwDzENMAsGA1UEAwwEeDM0MjATpBEwDzENMAsG +-A1UEAwwEeDM0MzATpBEwDzENMAsGA1UEAwwEeDM0NDATpBEwDzENMAsGA1UEAwwE +-eDM0NTATpBEwDzENMAsGA1UEAwwEeDM0NjATpBEwDzENMAsGA1UEAwwEeDM0NzAT +-pBEwDzENMAsGA1UEAwwEeDM0ODATpBEwDzENMAsGA1UEAwwEeDM0OTATpBEwDzEN +-MAsGA1UEAwwEeDM1MDATpBEwDzENMAsGA1UEAwwEeDM1MTATpBEwDzENMAsGA1UE +-AwwEeDM1MjATpBEwDzENMAsGA1UEAwwEeDM1MzATpBEwDzENMAsGA1UEAwwEeDM1 +-NDATpBEwDzENMAsGA1UEAwwEeDM1NTATpBEwDzENMAsGA1UEAwwEeDM1NjATpBEw +-DzENMAsGA1UEAwwEeDM1NzATpBEwDzENMAsGA1UEAwwEeDM1ODATpBEwDzENMAsG +-A1UEAwwEeDM1OTATpBEwDzENMAsGA1UEAwwEeDM2MDATpBEwDzENMAsGA1UEAwwE +-eDM2MTATpBEwDzENMAsGA1UEAwwEeDM2MjATpBEwDzENMAsGA1UEAwwEeDM2MzAT +-pBEwDzENMAsGA1UEAwwEeDM2NDATpBEwDzENMAsGA1UEAwwEeDM2NTATpBEwDzEN +-MAsGA1UEAwwEeDM2NjATpBEwDzENMAsGA1UEAwwEeDM2NzATpBEwDzENMAsGA1UE +-AwwEeDM2ODATpBEwDzENMAsGA1UEAwwEeDM2OTATpBEwDzENMAsGA1UEAwwEeDM3 +-MDATpBEwDzENMAsGA1UEAwwEeDM3MTATpBEwDzENMAsGA1UEAwwEeDM3MjATpBEw +-DzENMAsGA1UEAwwEeDM3MzATpBEwDzENMAsGA1UEAwwEeDM3NDATpBEwDzENMAsG +-A1UEAwwEeDM3NTATpBEwDzENMAsGA1UEAwwEeDM3NjATpBEwDzENMAsGA1UEAwwE +-eDM3NzATpBEwDzENMAsGA1UEAwwEeDM3ODATpBEwDzENMAsGA1UEAwwEeDM3OTAT +-pBEwDzENMAsGA1UEAwwEeDM4MDATpBEwDzENMAsGA1UEAwwEeDM4MTATpBEwDzEN +-MAsGA1UEAwwEeDM4MjATpBEwDzENMAsGA1UEAwwEeDM4MzATpBEwDzENMAsGA1UE +-AwwEeDM4NDATpBEwDzENMAsGA1UEAwwEeDM4NTATpBEwDzENMAsGA1UEAwwEeDM4 +-NjATpBEwDzENMAsGA1UEAwwEeDM4NzATpBEwDzENMAsGA1UEAwwEeDM4ODATpBEw +-DzENMAsGA1UEAwwEeDM4OTATpBEwDzENMAsGA1UEAwwEeDM5MDATpBEwDzENMAsG +-A1UEAwwEeDM5MTATpBEwDzENMAsGA1UEAwwEeDM5MjATpBEwDzENMAsGA1UEAwwE +-eDM5MzATpBEwDzENMAsGA1UEAwwEeDM5NDATpBEwDzENMAsGA1UEAwwEeDM5NTAT +-pBEwDzENMAsGA1UEAwwEeDM5NjATpBEwDzENMAsGA1UEAwwEeDM5NzATpBEwDzEN +-MAsGA1UEAwwEeDM5ODATpBEwDzENMAsGA1UEAwwEeDM5OTATpBEwDzENMAsGA1UE +-AwwEeDQwMDATpBEwDzENMAsGA1UEAwwEeDQwMTATpBEwDzENMAsGA1UEAwwEeDQw +-MjATpBEwDzENMAsGA1UEAwwEeDQwMzATpBEwDzENMAsGA1UEAwwEeDQwNDATpBEw +-DzENMAsGA1UEAwwEeDQwNTATpBEwDzENMAsGA1UEAwwEeDQwNjATpBEwDzENMAsG +-A1UEAwwEeDQwNzATpBEwDzENMAsGA1UEAwwEeDQwODATpBEwDzENMAsGA1UEAwwE +-eDQwOTATpBEwDzENMAsGA1UEAwwEeDQxMDATpBEwDzENMAsGA1UEAwwEeDQxMTAT +-pBEwDzENMAsGA1UEAwwEeDQxMjATpBEwDzENMAsGA1UEAwwEeDQxMzATpBEwDzEN +-MAsGA1UEAwwEeDQxNDATpBEwDzENMAsGA1UEAwwEeDQxNTATpBEwDzENMAsGA1UE +-AwwEeDQxNjATpBEwDzENMAsGA1UEAwwEeDQxNzATpBEwDzENMAsGA1UEAwwEeDQx +-ODATpBEwDzENMAsGA1UEAwwEeDQxOTATpBEwDzENMAsGA1UEAwwEeDQyMDATpBEw +-DzENMAsGA1UEAwwEeDQyMTATpBEwDzENMAsGA1UEAwwEeDQyMjATpBEwDzENMAsG +-A1UEAwwEeDQyMzATpBEwDzENMAsGA1UEAwwEeDQyNDATpBEwDzENMAsGA1UEAwwE +-eDQyNTATpBEwDzENMAsGA1UEAwwEeDQyNjATpBEwDzENMAsGA1UEAwwEeDQyNzAT +-pBEwDzENMAsGA1UEAwwEeDQyODATpBEwDzENMAsGA1UEAwwEeDQyOTATpBEwDzEN +-MAsGA1UEAwwEeDQzMDATpBEwDzENMAsGA1UEAwwEeDQzMTATpBEwDzENMAsGA1UE +-AwwEeDQzMjATpBEwDzENMAsGA1UEAwwEeDQzMzATpBEwDzENMAsGA1UEAwwEeDQz +-NDATpBEwDzENMAsGA1UEAwwEeDQzNTATpBEwDzENMAsGA1UEAwwEeDQzNjATpBEw +-DzENMAsGA1UEAwwEeDQzNzATpBEwDzENMAsGA1UEAwwEeDQzODATpBEwDzENMAsG +-A1UEAwwEeDQzOTATpBEwDzENMAsGA1UEAwwEeDQ0MDATpBEwDzENMAsGA1UEAwwE +-eDQ0MTATpBEwDzENMAsGA1UEAwwEeDQ0MjATpBEwDzENMAsGA1UEAwwEeDQ0MzAT +-pBEwDzENMAsGA1UEAwwEeDQ0NDATpBEwDzENMAsGA1UEAwwEeDQ0NTATpBEwDzEN +-MAsGA1UEAwwEeDQ0NjATpBEwDzENMAsGA1UEAwwEeDQ0NzATpBEwDzENMAsGA1UE +-AwwEeDQ0ODATpBEwDzENMAsGA1UEAwwEeDQ0OTATpBEwDzENMAsGA1UEAwwEeDQ1 +-MDATpBEwDzENMAsGA1UEAwwEeDQ1MTATpBEwDzENMAsGA1UEAwwEeDQ1MjATpBEw +-DzENMAsGA1UEAwwEeDQ1MzATpBEwDzENMAsGA1UEAwwEeDQ1NDATpBEwDzENMAsG +-A1UEAwwEeDQ1NTATpBEwDzENMAsGA1UEAwwEeDQ1NjATpBEwDzENMAsGA1UEAwwE +-eDQ1NzATpBEwDzENMAsGA1UEAwwEeDQ1ODATpBEwDzENMAsGA1UEAwwEeDQ1OTAT +-pBEwDzENMAsGA1UEAwwEeDQ2MDATpBEwDzENMAsGA1UEAwwEeDQ2MTATpBEwDzEN +-MAsGA1UEAwwEeDQ2MjATpBEwDzENMAsGA1UEAwwEeDQ2MzATpBEwDzENMAsGA1UE +-AwwEeDQ2NDATpBEwDzENMAsGA1UEAwwEeDQ2NTATpBEwDzENMAsGA1UEAwwEeDQ2 +-NjATpBEwDzENMAsGA1UEAwwEeDQ2NzATpBEwDzENMAsGA1UEAwwEeDQ2ODATpBEw +-DzENMAsGA1UEAwwEeDQ2OTATpBEwDzENMAsGA1UEAwwEeDQ3MDATpBEwDzENMAsG +-A1UEAwwEeDQ3MTATpBEwDzENMAsGA1UEAwwEeDQ3MjATpBEwDzENMAsGA1UEAwwE +-eDQ3MzATpBEwDzENMAsGA1UEAwwEeDQ3NDATpBEwDzENMAsGA1UEAwwEeDQ3NTAT +-pBEwDzENMAsGA1UEAwwEeDQ3NjATpBEwDzENMAsGA1UEAwwEeDQ3NzATpBEwDzEN +-MAsGA1UEAwwEeDQ3ODATpBEwDzENMAsGA1UEAwwEeDQ3OTATpBEwDzENMAsGA1UE +-AwwEeDQ4MDATpBEwDzENMAsGA1UEAwwEeDQ4MTATpBEwDzENMAsGA1UEAwwEeDQ4 +-MjATpBEwDzENMAsGA1UEAwwEeDQ4MzATpBEwDzENMAsGA1UEAwwEeDQ4NDATpBEw +-DzENMAsGA1UEAwwEeDQ4NTATpBEwDzENMAsGA1UEAwwEeDQ4NjATpBEwDzENMAsG +-A1UEAwwEeDQ4NzATpBEwDzENMAsGA1UEAwwEeDQ4ODATpBEwDzENMAsGA1UEAwwE +-eDQ4OTATpBEwDzENMAsGA1UEAwwEeDQ5MDATpBEwDzENMAsGA1UEAwwEeDQ5MTAT +-pBEwDzENMAsGA1UEAwwEeDQ5MjATpBEwDzENMAsGA1UEAwwEeDQ5MzATpBEwDzEN +-MAsGA1UEAwwEeDQ5NDATpBEwDzENMAsGA1UEAwwEeDQ5NTATpBEwDzENMAsGA1UE +-AwwEeDQ5NjATpBEwDzENMAsGA1UEAwwEeDQ5NzATpBEwDzENMAsGA1UEAwwEeDQ5 +-ODATpBEwDzENMAsGA1UEAwwEeDQ5OTATpBEwDzENMAsGA1UEAwwEeDUwMDATpBEw +-DzENMAsGA1UEAwwEeDUwMTATpBEwDzENMAsGA1UEAwwEeDUwMjATpBEwDzENMAsG +-A1UEAwwEeDUwMzATpBEwDzENMAsGA1UEAwwEeDUwNDATpBEwDzENMAsGA1UEAwwE +-eDUwNTATpBEwDzENMAsGA1UEAwwEeDUwNjATpBEwDzENMAsGA1UEAwwEeDUwNzAT +-pBEwDzENMAsGA1UEAwwEeDUwODATpBEwDzENMAsGA1UEAwwEeDUwOTATpBEwDzEN +-MAsGA1UEAwwEeDUxMDATpBEwDzENMAsGA1UEAwwEeDUxMTATpBEwDzENMAsGA1UE +-AwwEeDUxMjATpBEwDzENMAsGA1UEAwwEeDUxMzATpBEwDzENMAsGA1UEAwwEeDUx +-NDATpBEwDzENMAsGA1UEAwwEeDUxNTATpBEwDzENMAsGA1UEAwwEeDUxNjATpBEw +-DzENMAsGA1UEAwwEeDUxNzATpBEwDzENMAsGA1UEAwwEeDUxODATpBEwDzENMAsG +-A1UEAwwEeDUxOTATpBEwDzENMAsGA1UEAwwEeDUyMDATpBEwDzENMAsGA1UEAwwE +-eDUyMTATpBEwDzENMAsGA1UEAwwEeDUyMjATpBEwDzENMAsGA1UEAwwEeDUyMzAT +-pBEwDzENMAsGA1UEAwwEeDUyNDATpBEwDzENMAsGA1UEAwwEeDUyNTATpBEwDzEN +-MAsGA1UEAwwEeDUyNjATpBEwDzENMAsGA1UEAwwEeDUyNzATpBEwDzENMAsGA1UE +-AwwEeDUyODATpBEwDzENMAsGA1UEAwwEeDUyOTATpBEwDzENMAsGA1UEAwwEeDUz +-MDATpBEwDzENMAsGA1UEAwwEeDUzMTATpBEwDzENMAsGA1UEAwwEeDUzMjATpBEw +-DzENMAsGA1UEAwwEeDUzMzATpBEwDzENMAsGA1UEAwwEeDUzNDATpBEwDzENMAsG +-A1UEAwwEeDUzNTATpBEwDzENMAsGA1UEAwwEeDUzNjATpBEwDzENMAsGA1UEAwwE +-eDUzNzATpBEwDzENMAsGA1UEAwwEeDUzODATpBEwDzENMAsGA1UEAwwEeDUzOTAT +-pBEwDzENMAsGA1UEAwwEeDU0MDATpBEwDzENMAsGA1UEAwwEeDU0MTATpBEwDzEN +-MAsGA1UEAwwEeDU0MjATpBEwDzENMAsGA1UEAwwEeDU0MzATpBEwDzENMAsGA1UE +-AwwEeDU0NDATpBEwDzENMAsGA1UEAwwEeDU0NTATpBEwDzENMAsGA1UEAwwEeDU0 +-NjATpBEwDzENMAsGA1UEAwwEeDU0NzATpBEwDzENMAsGA1UEAwwEeDU0ODATpBEw +-DzENMAsGA1UEAwwEeDU0OTATpBEwDzENMAsGA1UEAwwEeDU1MDATpBEwDzENMAsG +-A1UEAwwEeDU1MTATpBEwDzENMAsGA1UEAwwEeDU1MjATpBEwDzENMAsGA1UEAwwE +-eDU1MzATpBEwDzENMAsGA1UEAwwEeDU1NDATpBEwDzENMAsGA1UEAwwEeDU1NTAT +-pBEwDzENMAsGA1UEAwwEeDU1NjATpBEwDzENMAsGA1UEAwwEeDU1NzATpBEwDzEN +-MAsGA1UEAwwEeDU1ODATpBEwDzENMAsGA1UEAwwEeDU1OTATpBEwDzENMAsGA1UE +-AwwEeDU2MDATpBEwDzENMAsGA1UEAwwEeDU2MTATpBEwDzENMAsGA1UEAwwEeDU2 +-MjATpBEwDzENMAsGA1UEAwwEeDU2MzATpBEwDzENMAsGA1UEAwwEeDU2NDATpBEw +-DzENMAsGA1UEAwwEeDU2NTATpBEwDzENMAsGA1UEAwwEeDU2NjATpBEwDzENMAsG +-A1UEAwwEeDU2NzATpBEwDzENMAsGA1UEAwwEeDU2ODATpBEwDzENMAsGA1UEAwwE +-eDU2OTATpBEwDzENMAsGA1UEAwwEeDU3MDATpBEwDzENMAsGA1UEAwwEeDU3MTAT +-pBEwDzENMAsGA1UEAwwEeDU3MjATpBEwDzENMAsGA1UEAwwEeDU3MzATpBEwDzEN +-MAsGA1UEAwwEeDU3NDATpBEwDzENMAsGA1UEAwwEeDU3NTATpBEwDzENMAsGA1UE +-AwwEeDU3NjATpBEwDzENMAsGA1UEAwwEeDU3NzATpBEwDzENMAsGA1UEAwwEeDU3 +-ODATpBEwDzENMAsGA1UEAwwEeDU3OTATpBEwDzENMAsGA1UEAwwEeDU4MDATpBEw +-DzENMAsGA1UEAwwEeDU4MTATpBEwDzENMAsGA1UEAwwEeDU4MjATpBEwDzENMAsG +-A1UEAwwEeDU4MzATpBEwDzENMAsGA1UEAwwEeDU4NDATpBEwDzENMAsGA1UEAwwE +-eDU4NTATpBEwDzENMAsGA1UEAwwEeDU4NjATpBEwDzENMAsGA1UEAwwEeDU4NzAT +-pBEwDzENMAsGA1UEAwwEeDU4ODATpBEwDzENMAsGA1UEAwwEeDU4OTATpBEwDzEN +-MAsGA1UEAwwEeDU5MDATpBEwDzENMAsGA1UEAwwEeDU5MTATpBEwDzENMAsGA1UE +-AwwEeDU5MjATpBEwDzENMAsGA1UEAwwEeDU5MzATpBEwDzENMAsGA1UEAwwEeDU5 +-NDATpBEwDzENMAsGA1UEAwwEeDU5NTATpBEwDzENMAsGA1UEAwwEeDU5NjATpBEw +-DzENMAsGA1UEAwwEeDU5NzATpBEwDzENMAsGA1UEAwwEeDU5ODATpBEwDzENMAsG +-A1UEAwwEeDU5OTATpBEwDzENMAsGA1UEAwwEeDYwMDATpBEwDzENMAsGA1UEAwwE +-eDYwMTATpBEwDzENMAsGA1UEAwwEeDYwMjATpBEwDzENMAsGA1UEAwwEeDYwMzAT +-pBEwDzENMAsGA1UEAwwEeDYwNDATpBEwDzENMAsGA1UEAwwEeDYwNTATpBEwDzEN +-MAsGA1UEAwwEeDYwNjATpBEwDzENMAsGA1UEAwwEeDYwNzATpBEwDzENMAsGA1UE +-AwwEeDYwODATpBEwDzENMAsGA1UEAwwEeDYwOTATpBEwDzENMAsGA1UEAwwEeDYx +-MDATpBEwDzENMAsGA1UEAwwEeDYxMTATpBEwDzENMAsGA1UEAwwEeDYxMjATpBEw +-DzENMAsGA1UEAwwEeDYxMzATpBEwDzENMAsGA1UEAwwEeDYxNDATpBEwDzENMAsG +-A1UEAwwEeDYxNTATpBEwDzENMAsGA1UEAwwEeDYxNjATpBEwDzENMAsGA1UEAwwE +-eDYxNzATpBEwDzENMAsGA1UEAwwEeDYxODATpBEwDzENMAsGA1UEAwwEeDYxOTAT +-pBEwDzENMAsGA1UEAwwEeDYyMDATpBEwDzENMAsGA1UEAwwEeDYyMTATpBEwDzEN +-MAsGA1UEAwwEeDYyMjATpBEwDzENMAsGA1UEAwwEeDYyMzATpBEwDzENMAsGA1UE +-AwwEeDYyNDATpBEwDzENMAsGA1UEAwwEeDYyNTATpBEwDzENMAsGA1UEAwwEeDYy +-NjATpBEwDzENMAsGA1UEAwwEeDYyNzATpBEwDzENMAsGA1UEAwwEeDYyODATpBEw +-DzENMAsGA1UEAwwEeDYyOTATpBEwDzENMAsGA1UEAwwEeDYzMDATpBEwDzENMAsG +-A1UEAwwEeDYzMTATpBEwDzENMAsGA1UEAwwEeDYzMjATpBEwDzENMAsGA1UEAwwE +-eDYzMzATpBEwDzENMAsGA1UEAwwEeDYzNDATpBEwDzENMAsGA1UEAwwEeDYzNTAT +-pBEwDzENMAsGA1UEAwwEeDYzNjATpBEwDzENMAsGA1UEAwwEeDYzNzATpBEwDzEN +-MAsGA1UEAwwEeDYzODATpBEwDzENMAsGA1UEAwwEeDYzOTATpBEwDzENMAsGA1UE +-AwwEeDY0MDATpBEwDzENMAsGA1UEAwwEeDY0MTATpBEwDzENMAsGA1UEAwwEeDY0 +-MjATpBEwDzENMAsGA1UEAwwEeDY0MzATpBEwDzENMAsGA1UEAwwEeDY0NDATpBEw +-DzENMAsGA1UEAwwEeDY0NTATpBEwDzENMAsGA1UEAwwEeDY0NjATpBEwDzENMAsG +-A1UEAwwEeDY0NzATpBEwDzENMAsGA1UEAwwEeDY0ODATpBEwDzENMAsGA1UEAwwE +-eDY0OTATpBEwDzENMAsGA1UEAwwEeDY1MDATpBEwDzENMAsGA1UEAwwEeDY1MTAT +-pBEwDzENMAsGA1UEAwwEeDY1MjATpBEwDzENMAsGA1UEAwwEeDY1MzATpBEwDzEN +-MAsGA1UEAwwEeDY1NDATpBEwDzENMAsGA1UEAwwEeDY1NTATpBEwDzENMAsGA1UE +-AwwEeDY1NjATpBEwDzENMAsGA1UEAwwEeDY1NzATpBEwDzENMAsGA1UEAwwEeDY1 +-ODATpBEwDzENMAsGA1UEAwwEeDY1OTATpBEwDzENMAsGA1UEAwwEeDY2MDATpBEw +-DzENMAsGA1UEAwwEeDY2MTATpBEwDzENMAsGA1UEAwwEeDY2MjATpBEwDzENMAsG +-A1UEAwwEeDY2MzATpBEwDzENMAsGA1UEAwwEeDY2NDATpBEwDzENMAsGA1UEAwwE +-eDY2NTATpBEwDzENMAsGA1UEAwwEeDY2NjATpBEwDzENMAsGA1UEAwwEeDY2NzAT +-pBEwDzENMAsGA1UEAwwEeDY2ODATpBEwDzENMAsGA1UEAwwEeDY2OTATpBEwDzEN +-MAsGA1UEAwwEeDY3MDATpBEwDzENMAsGA1UEAwwEeDY3MTATpBEwDzENMAsGA1UE +-AwwEeDY3MjATpBEwDzENMAsGA1UEAwwEeDY3MzATpBEwDzENMAsGA1UEAwwEeDY3 +-NDATpBEwDzENMAsGA1UEAwwEeDY3NTATpBEwDzENMAsGA1UEAwwEeDY3NjATpBEw +-DzENMAsGA1UEAwwEeDY3NzATpBEwDzENMAsGA1UEAwwEeDY3ODATpBEwDzENMAsG +-A1UEAwwEeDY3OTATpBEwDzENMAsGA1UEAwwEeDY4MDATpBEwDzENMAsGA1UEAwwE +-eDY4MTATpBEwDzENMAsGA1UEAwwEeDY4MjATpBEwDzENMAsGA1UEAwwEeDY4MzAT +-pBEwDzENMAsGA1UEAwwEeDY4NDATpBEwDzENMAsGA1UEAwwEeDY4NTATpBEwDzEN +-MAsGA1UEAwwEeDY4NjATpBEwDzENMAsGA1UEAwwEeDY4NzATpBEwDzENMAsGA1UE +-AwwEeDY4ODATpBEwDzENMAsGA1UEAwwEeDY4OTATpBEwDzENMAsGA1UEAwwEeDY5 +-MDATpBEwDzENMAsGA1UEAwwEeDY5MTATpBEwDzENMAsGA1UEAwwEeDY5MjATpBEw +-DzENMAsGA1UEAwwEeDY5MzATpBEwDzENMAsGA1UEAwwEeDY5NDATpBEwDzENMAsG +-A1UEAwwEeDY5NTATpBEwDzENMAsGA1UEAwwEeDY5NjATpBEwDzENMAsGA1UEAwwE +-eDY5NzATpBEwDzENMAsGA1UEAwwEeDY5ODATpBEwDzENMAsGA1UEAwwEeDY5OTAT +-pBEwDzENMAsGA1UEAwwEeDcwMDATpBEwDzENMAsGA1UEAwwEeDcwMTATpBEwDzEN +-MAsGA1UEAwwEeDcwMjATpBEwDzENMAsGA1UEAwwEeDcwMzATpBEwDzENMAsGA1UE +-AwwEeDcwNDATpBEwDzENMAsGA1UEAwwEeDcwNTATpBEwDzENMAsGA1UEAwwEeDcw +-NjATpBEwDzENMAsGA1UEAwwEeDcwNzATpBEwDzENMAsGA1UEAwwEeDcwODATpBEw +-DzENMAsGA1UEAwwEeDcwOTATpBEwDzENMAsGA1UEAwwEeDcxMDATpBEwDzENMAsG +-A1UEAwwEeDcxMTATpBEwDzENMAsGA1UEAwwEeDcxMjATpBEwDzENMAsGA1UEAwwE +-eDcxMzATpBEwDzENMAsGA1UEAwwEeDcxNDATpBEwDzENMAsGA1UEAwwEeDcxNTAT +-pBEwDzENMAsGA1UEAwwEeDcxNjATpBEwDzENMAsGA1UEAwwEeDcxNzATpBEwDzEN +-MAsGA1UEAwwEeDcxODATpBEwDzENMAsGA1UEAwwEeDcxOTATpBEwDzENMAsGA1UE +-AwwEeDcyMDATpBEwDzENMAsGA1UEAwwEeDcyMTATpBEwDzENMAsGA1UEAwwEeDcy +-MjATpBEwDzENMAsGA1UEAwwEeDcyMzATpBEwDzENMAsGA1UEAwwEeDcyNDATpBEw +-DzENMAsGA1UEAwwEeDcyNTATpBEwDzENMAsGA1UEAwwEeDcyNjATpBEwDzENMAsG +-A1UEAwwEeDcyNzATpBEwDzENMAsGA1UEAwwEeDcyODATpBEwDzENMAsGA1UEAwwE +-eDcyOTATpBEwDzENMAsGA1UEAwwEeDczMDATpBEwDzENMAsGA1UEAwwEeDczMTAT +-pBEwDzENMAsGA1UEAwwEeDczMjATpBEwDzENMAsGA1UEAwwEeDczMzATpBEwDzEN +-MAsGA1UEAwwEeDczNDATpBEwDzENMAsGA1UEAwwEeDczNTATpBEwDzENMAsGA1UE +-AwwEeDczNjATpBEwDzENMAsGA1UEAwwEeDczNzATpBEwDzENMAsGA1UEAwwEeDcz +-ODATpBEwDzENMAsGA1UEAwwEeDczOTATpBEwDzENMAsGA1UEAwwEeDc0MDATpBEw +-DzENMAsGA1UEAwwEeDc0MTATpBEwDzENMAsGA1UEAwwEeDc0MjATpBEwDzENMAsG +-A1UEAwwEeDc0MzATpBEwDzENMAsGA1UEAwwEeDc0NDATpBEwDzENMAsGA1UEAwwE +-eDc0NTATpBEwDzENMAsGA1UEAwwEeDc0NjATpBEwDzENMAsGA1UEAwwEeDc0NzAT +-pBEwDzENMAsGA1UEAwwEeDc0ODATpBEwDzENMAsGA1UEAwwEeDc0OTATpBEwDzEN +-MAsGA1UEAwwEeDc1MDATpBEwDzENMAsGA1UEAwwEeDc1MTATpBEwDzENMAsGA1UE +-AwwEeDc1MjATpBEwDzENMAsGA1UEAwwEeDc1MzATpBEwDzENMAsGA1UEAwwEeDc1 +-NDATpBEwDzENMAsGA1UEAwwEeDc1NTATpBEwDzENMAsGA1UEAwwEeDc1NjATpBEw +-DzENMAsGA1UEAwwEeDc1NzATpBEwDzENMAsGA1UEAwwEeDc1ODATpBEwDzENMAsG +-A1UEAwwEeDc1OTATpBEwDzENMAsGA1UEAwwEeDc2MDATpBEwDzENMAsGA1UEAwwE +-eDc2MTATpBEwDzENMAsGA1UEAwwEeDc2MjATpBEwDzENMAsGA1UEAwwEeDc2MzAT +-pBEwDzENMAsGA1UEAwwEeDc2NDATpBEwDzENMAsGA1UEAwwEeDc2NTATpBEwDzEN +-MAsGA1UEAwwEeDc2NjATpBEwDzENMAsGA1UEAwwEeDc2NzATpBEwDzENMAsGA1UE +-AwwEeDc2ODATpBEwDzENMAsGA1UEAwwEeDc2OTATpBEwDzENMAsGA1UEAwwEeDc3 +-MDATpBEwDzENMAsGA1UEAwwEeDc3MTATpBEwDzENMAsGA1UEAwwEeDc3MjATpBEw +-DzENMAsGA1UEAwwEeDc3MzATpBEwDzENMAsGA1UEAwwEeDc3NDATpBEwDzENMAsG +-A1UEAwwEeDc3NTATpBEwDzENMAsGA1UEAwwEeDc3NjATpBEwDzENMAsGA1UEAwwE +-eDc3NzATpBEwDzENMAsGA1UEAwwEeDc3ODATpBEwDzENMAsGA1UEAwwEeDc3OTAT +-pBEwDzENMAsGA1UEAwwEeDc4MDATpBEwDzENMAsGA1UEAwwEeDc4MTATpBEwDzEN +-MAsGA1UEAwwEeDc4MjATpBEwDzENMAsGA1UEAwwEeDc4MzATpBEwDzENMAsGA1UE +-AwwEeDc4NDATpBEwDzENMAsGA1UEAwwEeDc4NTATpBEwDzENMAsGA1UEAwwEeDc4 +-NjATpBEwDzENMAsGA1UEAwwEeDc4NzATpBEwDzENMAsGA1UEAwwEeDc4ODATpBEw +-DzENMAsGA1UEAwwEeDc4OTATpBEwDzENMAsGA1UEAwwEeDc5MDATpBEwDzENMAsG +-A1UEAwwEeDc5MTATpBEwDzENMAsGA1UEAwwEeDc5MjATpBEwDzENMAsGA1UEAwwE +-eDc5MzATpBEwDzENMAsGA1UEAwwEeDc5NDATpBEwDzENMAsGA1UEAwwEeDc5NTAT +-pBEwDzENMAsGA1UEAwwEeDc5NjATpBEwDzENMAsGA1UEAwwEeDc5NzATpBEwDzEN +-MAsGA1UEAwwEeDc5ODATpBEwDzENMAsGA1UEAwwEeDc5OTATpBEwDzENMAsGA1UE +-AwwEeDgwMDATpBEwDzENMAsGA1UEAwwEeDgwMTATpBEwDzENMAsGA1UEAwwEeDgw +-MjATpBEwDzENMAsGA1UEAwwEeDgwMzATpBEwDzENMAsGA1UEAwwEeDgwNDATpBEw +-DzENMAsGA1UEAwwEeDgwNTATpBEwDzENMAsGA1UEAwwEeDgwNjATpBEwDzENMAsG +-A1UEAwwEeDgwNzATpBEwDzENMAsGA1UEAwwEeDgwODATpBEwDzENMAsGA1UEAwwE +-eDgwOTATpBEwDzENMAsGA1UEAwwEeDgxMDATpBEwDzENMAsGA1UEAwwEeDgxMTAT +-pBEwDzENMAsGA1UEAwwEeDgxMjATpBEwDzENMAsGA1UEAwwEeDgxMzATpBEwDzEN +-MAsGA1UEAwwEeDgxNDATpBEwDzENMAsGA1UEAwwEeDgxNTATpBEwDzENMAsGA1UE +-AwwEeDgxNjATpBEwDzENMAsGA1UEAwwEeDgxNzATpBEwDzENMAsGA1UEAwwEeDgx +-ODATpBEwDzENMAsGA1UEAwwEeDgxOTATpBEwDzENMAsGA1UEAwwEeDgyMDATpBEw +-DzENMAsGA1UEAwwEeDgyMTATpBEwDzENMAsGA1UEAwwEeDgyMjATpBEwDzENMAsG +-A1UEAwwEeDgyMzATpBEwDzENMAsGA1UEAwwEeDgyNDATpBEwDzENMAsGA1UEAwwE +-eDgyNTATpBEwDzENMAsGA1UEAwwEeDgyNjATpBEwDzENMAsGA1UEAwwEeDgyNzAT +-pBEwDzENMAsGA1UEAwwEeDgyODATpBEwDzENMAsGA1UEAwwEeDgyOTATpBEwDzEN +-MAsGA1UEAwwEeDgzMDATpBEwDzENMAsGA1UEAwwEeDgzMTATpBEwDzENMAsGA1UE +-AwwEeDgzMjATpBEwDzENMAsGA1UEAwwEeDgzMzATpBEwDzENMAsGA1UEAwwEeDgz +-NDATpBEwDzENMAsGA1UEAwwEeDgzNTATpBEwDzENMAsGA1UEAwwEeDgzNjATpBEw +-DzENMAsGA1UEAwwEeDgzNzATpBEwDzENMAsGA1UEAwwEeDgzODATpBEwDzENMAsG +-A1UEAwwEeDgzOTATpBEwDzENMAsGA1UEAwwEeDg0MDATpBEwDzENMAsGA1UEAwwE +-eDg0MTATpBEwDzENMAsGA1UEAwwEeDg0MjATpBEwDzENMAsGA1UEAwwEeDg0MzAT +-pBEwDzENMAsGA1UEAwwEeDg0NDATpBEwDzENMAsGA1UEAwwEeDg0NTATpBEwDzEN +-MAsGA1UEAwwEeDg0NjATpBEwDzENMAsGA1UEAwwEeDg0NzATpBEwDzENMAsGA1UE +-AwwEeDg0ODATpBEwDzENMAsGA1UEAwwEeDg0OTATpBEwDzENMAsGA1UEAwwEeDg1 +-MDATpBEwDzENMAsGA1UEAwwEeDg1MTATpBEwDzENMAsGA1UEAwwEeDg1MjATpBEw +-DzENMAsGA1UEAwwEeDg1MzATpBEwDzENMAsGA1UEAwwEeDg1NDATpBEwDzENMAsG +-A1UEAwwEeDg1NTATpBEwDzENMAsGA1UEAwwEeDg1NjATpBEwDzENMAsGA1UEAwwE +-eDg1NzATpBEwDzENMAsGA1UEAwwEeDg1ODATpBEwDzENMAsGA1UEAwwEeDg1OTAT +-pBEwDzENMAsGA1UEAwwEeDg2MDATpBEwDzENMAsGA1UEAwwEeDg2MTATpBEwDzEN +-MAsGA1UEAwwEeDg2MjATpBEwDzENMAsGA1UEAwwEeDg2MzATpBEwDzENMAsGA1UE +-AwwEeDg2NDATpBEwDzENMAsGA1UEAwwEeDg2NTATpBEwDzENMAsGA1UEAwwEeDg2 +-NjATpBEwDzENMAsGA1UEAwwEeDg2NzATpBEwDzENMAsGA1UEAwwEeDg2ODATpBEw +-DzENMAsGA1UEAwwEeDg2OTATpBEwDzENMAsGA1UEAwwEeDg3MDATpBEwDzENMAsG +-A1UEAwwEeDg3MTATpBEwDzENMAsGA1UEAwwEeDg3MjATpBEwDzENMAsGA1UEAwwE +-eDg3MzATpBEwDzENMAsGA1UEAwwEeDg3NDATpBEwDzENMAsGA1UEAwwEeDg3NTAT +-pBEwDzENMAsGA1UEAwwEeDg3NjATpBEwDzENMAsGA1UEAwwEeDg3NzATpBEwDzEN +-MAsGA1UEAwwEeDg3ODATpBEwDzENMAsGA1UEAwwEeDg3OTATpBEwDzENMAsGA1UE +-AwwEeDg4MDATpBEwDzENMAsGA1UEAwwEeDg4MTATpBEwDzENMAsGA1UEAwwEeDg4 +-MjATpBEwDzENMAsGA1UEAwwEeDg4MzATpBEwDzENMAsGA1UEAwwEeDg4NDATpBEw +-DzENMAsGA1UEAwwEeDg4NTATpBEwDzENMAsGA1UEAwwEeDg4NjATpBEwDzENMAsG +-A1UEAwwEeDg4NzATpBEwDzENMAsGA1UEAwwEeDg4ODATpBEwDzENMAsGA1UEAwwE +-eDg4OTATpBEwDzENMAsGA1UEAwwEeDg5MDATpBEwDzENMAsGA1UEAwwEeDg5MTAT +-pBEwDzENMAsGA1UEAwwEeDg5MjATpBEwDzENMAsGA1UEAwwEeDg5MzATpBEwDzEN +-MAsGA1UEAwwEeDg5NDATpBEwDzENMAsGA1UEAwwEeDg5NTATpBEwDzENMAsGA1UE +-AwwEeDg5NjATpBEwDzENMAsGA1UEAwwEeDg5NzATpBEwDzENMAsGA1UEAwwEeDg5 +-ODATpBEwDzENMAsGA1UEAwwEeDg5OTATpBEwDzENMAsGA1UEAwwEeDkwMDATpBEw +-DzENMAsGA1UEAwwEeDkwMTATpBEwDzENMAsGA1UEAwwEeDkwMjATpBEwDzENMAsG +-A1UEAwwEeDkwMzATpBEwDzENMAsGA1UEAwwEeDkwNDATpBEwDzENMAsGA1UEAwwE +-eDkwNTATpBEwDzENMAsGA1UEAwwEeDkwNjATpBEwDzENMAsGA1UEAwwEeDkwNzAT +-pBEwDzENMAsGA1UEAwwEeDkwODATpBEwDzENMAsGA1UEAwwEeDkwOTATpBEwDzEN +-MAsGA1UEAwwEeDkxMDATpBEwDzENMAsGA1UEAwwEeDkxMTATpBEwDzENMAsGA1UE +-AwwEeDkxMjATpBEwDzENMAsGA1UEAwwEeDkxMzATpBEwDzENMAsGA1UEAwwEeDkx +-NDATpBEwDzENMAsGA1UEAwwEeDkxNTATpBEwDzENMAsGA1UEAwwEeDkxNjATpBEw +-DzENMAsGA1UEAwwEeDkxNzATpBEwDzENMAsGA1UEAwwEeDkxODATpBEwDzENMAsG +-A1UEAwwEeDkxOTATpBEwDzENMAsGA1UEAwwEeDkyMDATpBEwDzENMAsGA1UEAwwE +-eDkyMTATpBEwDzENMAsGA1UEAwwEeDkyMjATpBEwDzENMAsGA1UEAwwEeDkyMzAT +-pBEwDzENMAsGA1UEAwwEeDkyNDATpBEwDzENMAsGA1UEAwwEeDkyNTATpBEwDzEN +-MAsGA1UEAwwEeDkyNjATpBEwDzENMAsGA1UEAwwEeDkyNzATpBEwDzENMAsGA1UE +-AwwEeDkyODATpBEwDzENMAsGA1UEAwwEeDkyOTATpBEwDzENMAsGA1UEAwwEeDkz +-MDATpBEwDzENMAsGA1UEAwwEeDkzMTATpBEwDzENMAsGA1UEAwwEeDkzMjATpBEw +-DzENMAsGA1UEAwwEeDkzMzATpBEwDzENMAsGA1UEAwwEeDkzNDATpBEwDzENMAsG +-A1UEAwwEeDkzNTATpBEwDzENMAsGA1UEAwwEeDkzNjATpBEwDzENMAsGA1UEAwwE +-eDkzNzATpBEwDzENMAsGA1UEAwwEeDkzODATpBEwDzENMAsGA1UEAwwEeDkzOTAT +-pBEwDzENMAsGA1UEAwwEeDk0MDATpBEwDzENMAsGA1UEAwwEeDk0MTATpBEwDzEN +-MAsGA1UEAwwEeDk0MjATpBEwDzENMAsGA1UEAwwEeDk0MzATpBEwDzENMAsGA1UE +-AwwEeDk0NDATpBEwDzENMAsGA1UEAwwEeDk0NTATpBEwDzENMAsGA1UEAwwEeDk0 +-NjATpBEwDzENMAsGA1UEAwwEeDk0NzATpBEwDzENMAsGA1UEAwwEeDk0ODATpBEw +-DzENMAsGA1UEAwwEeDk0OTATpBEwDzENMAsGA1UEAwwEeDk1MDATpBEwDzENMAsG +-A1UEAwwEeDk1MTATpBEwDzENMAsGA1UEAwwEeDk1MjATpBEwDzENMAsGA1UEAwwE +-eDk1MzATpBEwDzENMAsGA1UEAwwEeDk1NDATpBEwDzENMAsGA1UEAwwEeDk1NTAT +-pBEwDzENMAsGA1UEAwwEeDk1NjATpBEwDzENMAsGA1UEAwwEeDk1NzATpBEwDzEN +-MAsGA1UEAwwEeDk1ODATpBEwDzENMAsGA1UEAwwEeDk1OTATpBEwDzENMAsGA1UE +-AwwEeDk2MDATpBEwDzENMAsGA1UEAwwEeDk2MTATpBEwDzENMAsGA1UEAwwEeDk2 +-MjATpBEwDzENMAsGA1UEAwwEeDk2MzATpBEwDzENMAsGA1UEAwwEeDk2NDATpBEw +-DzENMAsGA1UEAwwEeDk2NTATpBEwDzENMAsGA1UEAwwEeDk2NjATpBEwDzENMAsG +-A1UEAwwEeDk2NzATpBEwDzENMAsGA1UEAwwEeDk2ODATpBEwDzENMAsGA1UEAwwE +-eDk2OTATpBEwDzENMAsGA1UEAwwEeDk3MDATpBEwDzENMAsGA1UEAwwEeDk3MTAT +-pBEwDzENMAsGA1UEAwwEeDk3MjATpBEwDzENMAsGA1UEAwwEeDk3MzATpBEwDzEN +-MAsGA1UEAwwEeDk3NDATpBEwDzENMAsGA1UEAwwEeDk3NTATpBEwDzENMAsGA1UE +-AwwEeDk3NjATpBEwDzENMAsGA1UEAwwEeDk3NzATpBEwDzENMAsGA1UEAwwEeDk3 +-ODATpBEwDzENMAsGA1UEAwwEeDk3OTATpBEwDzENMAsGA1UEAwwEeDk4MDATpBEw +-DzENMAsGA1UEAwwEeDk4MTATpBEwDzENMAsGA1UEAwwEeDk4MjATpBEwDzENMAsG +-A1UEAwwEeDk4MzATpBEwDzENMAsGA1UEAwwEeDk4NDATpBEwDzENMAsGA1UEAwwE +-eDk4NTATpBEwDzENMAsGA1UEAwwEeDk4NjATpBEwDzENMAsGA1UEAwwEeDk4NzAT +-pBEwDzENMAsGA1UEAwwEeDk4ODATpBEwDzENMAsGA1UEAwwEeDk4OTATpBEwDzEN +-MAsGA1UEAwwEeDk5MDATpBEwDzENMAsGA1UEAwwEeDk5MTATpBEwDzENMAsGA1UE +-AwwEeDk5MjATpBEwDzENMAsGA1UEAwwEeDk5MzATpBEwDzENMAsGA1UEAwwEeDk5 +-NDATpBEwDzENMAsGA1UEAwwEeDk5NTATpBEwDzENMAsGA1UEAwwEeDk5NjATpBEw +-DzENMAsGA1UEAwwEeDk5NzATpBEwDzENMAsGA1UEAwwEeDk5ODATpBEwDzENMAsG +-A1UEAwwEeDk5OTAUpBIwEDEOMAwGA1UEAwwFeDEwMDAwFKQSMBAxDjAMBgNVBAMM +-BXgxMDAxMBSkEjAQMQ4wDAYDVQQDDAV4MTAwMjAUpBIwEDEOMAwGA1UEAwwFeDEw +-MDMwFKQSMBAxDjAMBgNVBAMMBXgxMDA0MBSkEjAQMQ4wDAYDVQQDDAV4MTAwNTAU +-pBIwEDEOMAwGA1UEAwwFeDEwMDYwFKQSMBAxDjAMBgNVBAMMBXgxMDA3MBSkEjAQ +-MQ4wDAYDVQQDDAV4MTAwODAUpBIwEDEOMAwGA1UEAwwFeDEwMDkwFKQSMBAxDjAM +-BgNVBAMMBXgxMDEwMBSkEjAQMQ4wDAYDVQQDDAV4MTAxMTAUpBIwEDEOMAwGA1UE +-AwwFeDEwMTIwFKQSMBAxDjAMBgNVBAMMBXgxMDEzMBSkEjAQMQ4wDAYDVQQDDAV4 +-MTAxNDAUpBIwEDEOMAwGA1UEAwwFeDEwMTUwFKQSMBAxDjAMBgNVBAMMBXgxMDE2 +-MBSkEjAQMQ4wDAYDVQQDDAV4MTAxNzAUpBIwEDEOMAwGA1UEAwwFeDEwMTgwFKQS +-MBAxDjAMBgNVBAMMBXgxMDE5MBSkEjAQMQ4wDAYDVQQDDAV4MTAyMDAUpBIwEDEO +-MAwGA1UEAwwFeDEwMjEwFKQSMBAxDjAMBgNVBAMMBXgxMDIyMBSkEjAQMQ4wDAYD +-VQQDDAV4MTAyMzAUpBIwEDEOMAwGA1UEAwwFeDEwMjQwD4YNaHR0cDovL3hlc3Qv +-MDAPhg1odHRwOi8veGVzdC8xMA+GDWh0dHA6Ly94ZXN0LzIwD4YNaHR0cDovL3hl +-c3QvMzAPhg1odHRwOi8veGVzdC80MA+GDWh0dHA6Ly94ZXN0LzUwD4YNaHR0cDov +-L3hlc3QvNjAPhg1odHRwOi8veGVzdC83MA+GDWh0dHA6Ly94ZXN0LzgwD4YNaHR0 +-cDovL3hlc3QvOTAQhg5odHRwOi8veGVzdC8xMDAQhg5odHRwOi8veGVzdC8xMTAQ +-hg5odHRwOi8veGVzdC8xMjAQhg5odHRwOi8veGVzdC8xMzAQhg5odHRwOi8veGVz +-dC8xNDAQhg5odHRwOi8veGVzdC8xNTAQhg5odHRwOi8veGVzdC8xNjAQhg5odHRw +-Oi8veGVzdC8xNzAQhg5odHRwOi8veGVzdC8xODAQhg5odHRwOi8veGVzdC8xOTAQ +-hg5odHRwOi8veGVzdC8yMDAQhg5odHRwOi8veGVzdC8yMTAQhg5odHRwOi8veGVz +-dC8yMjAQhg5odHRwOi8veGVzdC8yMzAQhg5odHRwOi8veGVzdC8yNDAQhg5odHRw +-Oi8veGVzdC8yNTAQhg5odHRwOi8veGVzdC8yNjAQhg5odHRwOi8veGVzdC8yNzAQ +-hg5odHRwOi8veGVzdC8yODAQhg5odHRwOi8veGVzdC8yOTAQhg5odHRwOi8veGVz +-dC8zMDAQhg5odHRwOi8veGVzdC8zMTAQhg5odHRwOi8veGVzdC8zMjAQhg5odHRw +-Oi8veGVzdC8zMzAQhg5odHRwOi8veGVzdC8zNDAQhg5odHRwOi8veGVzdC8zNTAQ +-hg5odHRwOi8veGVzdC8zNjAQhg5odHRwOi8veGVzdC8zNzAQhg5odHRwOi8veGVz +-dC8zODAQhg5odHRwOi8veGVzdC8zOTAQhg5odHRwOi8veGVzdC80MDAQhg5odHRw +-Oi8veGVzdC80MTAQhg5odHRwOi8veGVzdC80MjAQhg5odHRwOi8veGVzdC80MzAQ +-hg5odHRwOi8veGVzdC80NDAQhg5odHRwOi8veGVzdC80NTAQhg5odHRwOi8veGVz +-dC80NjAQhg5odHRwOi8veGVzdC80NzAQhg5odHRwOi8veGVzdC80ODAQhg5odHRw +-Oi8veGVzdC80OTAQhg5odHRwOi8veGVzdC81MDAQhg5odHRwOi8veGVzdC81MTAQ +-hg5odHRwOi8veGVzdC81MjAQhg5odHRwOi8veGVzdC81MzAQhg5odHRwOi8veGVz +-dC81NDAQhg5odHRwOi8veGVzdC81NTAQhg5odHRwOi8veGVzdC81NjAQhg5odHRw +-Oi8veGVzdC81NzAQhg5odHRwOi8veGVzdC81ODAQhg5odHRwOi8veGVzdC81OTAQ +-hg5odHRwOi8veGVzdC82MDAQhg5odHRwOi8veGVzdC82MTAQhg5odHRwOi8veGVz +-dC82MjAQhg5odHRwOi8veGVzdC82MzAQhg5odHRwOi8veGVzdC82NDAQhg5odHRw +-Oi8veGVzdC82NTAQhg5odHRwOi8veGVzdC82NjAQhg5odHRwOi8veGVzdC82NzAQ +-hg5odHRwOi8veGVzdC82ODAQhg5odHRwOi8veGVzdC82OTAQhg5odHRwOi8veGVz +-dC83MDAQhg5odHRwOi8veGVzdC83MTAQhg5odHRwOi8veGVzdC83MjAQhg5odHRw +-Oi8veGVzdC83MzAQhg5odHRwOi8veGVzdC83NDAQhg5odHRwOi8veGVzdC83NTAQ +-hg5odHRwOi8veGVzdC83NjAQhg5odHRwOi8veGVzdC83NzAQhg5odHRwOi8veGVz +-dC83ODAQhg5odHRwOi8veGVzdC83OTAQhg5odHRwOi8veGVzdC84MDAQhg5odHRw +-Oi8veGVzdC84MTAQhg5odHRwOi8veGVzdC84MjAQhg5odHRwOi8veGVzdC84MzAQ +-hg5odHRwOi8veGVzdC84NDAQhg5odHRwOi8veGVzdC84NTAQhg5odHRwOi8veGVz +-dC84NjAQhg5odHRwOi8veGVzdC84NzAQhg5odHRwOi8veGVzdC84ODAQhg5odHRw +-Oi8veGVzdC84OTAQhg5odHRwOi8veGVzdC85MDAQhg5odHRwOi8veGVzdC85MTAQ +-hg5odHRwOi8veGVzdC85MjAQhg5odHRwOi8veGVzdC85MzAQhg5odHRwOi8veGVz +-dC85NDAQhg5odHRwOi8veGVzdC85NTAQhg5odHRwOi8veGVzdC85NjAQhg5odHRw +-Oi8veGVzdC85NzAQhg5odHRwOi8veGVzdC85ODAQhg5odHRwOi8veGVzdC85OTAR +-hg9odHRwOi8veGVzdC8xMDAwEYYPaHR0cDovL3hlc3QvMTAxMBGGD2h0dHA6Ly94 +-ZXN0LzEwMjARhg9odHRwOi8veGVzdC8xMDMwEYYPaHR0cDovL3hlc3QvMTA0MBGG +-D2h0dHA6Ly94ZXN0LzEwNTARhg9odHRwOi8veGVzdC8xMDYwEYYPaHR0cDovL3hl +-c3QvMTA3MBGGD2h0dHA6Ly94ZXN0LzEwODARhg9odHRwOi8veGVzdC8xMDkwEYYP +-aHR0cDovL3hlc3QvMTEwMBGGD2h0dHA6Ly94ZXN0LzExMTARhg9odHRwOi8veGVz +-dC8xMTIwEYYPaHR0cDovL3hlc3QvMTEzMBGGD2h0dHA6Ly94ZXN0LzExNDARhg9o +-dHRwOi8veGVzdC8xMTUwEYYPaHR0cDovL3hlc3QvMTE2MBGGD2h0dHA6Ly94ZXN0 +-LzExNzARhg9odHRwOi8veGVzdC8xMTgwEYYPaHR0cDovL3hlc3QvMTE5MBGGD2h0 +-dHA6Ly94ZXN0LzEyMDARhg9odHRwOi8veGVzdC8xMjEwEYYPaHR0cDovL3hlc3Qv +-MTIyMBGGD2h0dHA6Ly94ZXN0LzEyMzARhg9odHRwOi8veGVzdC8xMjQwEYYPaHR0 +-cDovL3hlc3QvMTI1MBGGD2h0dHA6Ly94ZXN0LzEyNjARhg9odHRwOi8veGVzdC8x +-MjcwEYYPaHR0cDovL3hlc3QvMTI4MBGGD2h0dHA6Ly94ZXN0LzEyOTARhg9odHRw +-Oi8veGVzdC8xMzAwEYYPaHR0cDovL3hlc3QvMTMxMBGGD2h0dHA6Ly94ZXN0LzEz +-MjARhg9odHRwOi8veGVzdC8xMzMwEYYPaHR0cDovL3hlc3QvMTM0MBGGD2h0dHA6 +-Ly94ZXN0LzEzNTARhg9odHRwOi8veGVzdC8xMzYwEYYPaHR0cDovL3hlc3QvMTM3 +-MBGGD2h0dHA6Ly94ZXN0LzEzODARhg9odHRwOi8veGVzdC8xMzkwEYYPaHR0cDov +-L3hlc3QvMTQwMBGGD2h0dHA6Ly94ZXN0LzE0MTARhg9odHRwOi8veGVzdC8xNDIw +-EYYPaHR0cDovL3hlc3QvMTQzMBGGD2h0dHA6Ly94ZXN0LzE0NDARhg9odHRwOi8v +-eGVzdC8xNDUwEYYPaHR0cDovL3hlc3QvMTQ2MBGGD2h0dHA6Ly94ZXN0LzE0NzAR +-hg9odHRwOi8veGVzdC8xNDgwEYYPaHR0cDovL3hlc3QvMTQ5MBGGD2h0dHA6Ly94 +-ZXN0LzE1MDARhg9odHRwOi8veGVzdC8xNTEwEYYPaHR0cDovL3hlc3QvMTUyMBGG +-D2h0dHA6Ly94ZXN0LzE1MzARhg9odHRwOi8veGVzdC8xNTQwEYYPaHR0cDovL3hl +-c3QvMTU1MBGGD2h0dHA6Ly94ZXN0LzE1NjARhg9odHRwOi8veGVzdC8xNTcwEYYP +-aHR0cDovL3hlc3QvMTU4MBGGD2h0dHA6Ly94ZXN0LzE1OTARhg9odHRwOi8veGVz +-dC8xNjAwEYYPaHR0cDovL3hlc3QvMTYxMBGGD2h0dHA6Ly94ZXN0LzE2MjARhg9o +-dHRwOi8veGVzdC8xNjMwEYYPaHR0cDovL3hlc3QvMTY0MBGGD2h0dHA6Ly94ZXN0 +-LzE2NTARhg9odHRwOi8veGVzdC8xNjYwEYYPaHR0cDovL3hlc3QvMTY3MBGGD2h0 +-dHA6Ly94ZXN0LzE2ODARhg9odHRwOi8veGVzdC8xNjkwEYYPaHR0cDovL3hlc3Qv +-MTcwMBGGD2h0dHA6Ly94ZXN0LzE3MTARhg9odHRwOi8veGVzdC8xNzIwEYYPaHR0 +-cDovL3hlc3QvMTczMBGGD2h0dHA6Ly94ZXN0LzE3NDARhg9odHRwOi8veGVzdC8x +-NzUwEYYPaHR0cDovL3hlc3QvMTc2MBGGD2h0dHA6Ly94ZXN0LzE3NzARhg9odHRw +-Oi8veGVzdC8xNzgwEYYPaHR0cDovL3hlc3QvMTc5MBGGD2h0dHA6Ly94ZXN0LzE4 +-MDARhg9odHRwOi8veGVzdC8xODEwEYYPaHR0cDovL3hlc3QvMTgyMBGGD2h0dHA6 +-Ly94ZXN0LzE4MzARhg9odHRwOi8veGVzdC8xODQwEYYPaHR0cDovL3hlc3QvMTg1 +-MBGGD2h0dHA6Ly94ZXN0LzE4NjARhg9odHRwOi8veGVzdC8xODcwEYYPaHR0cDov +-L3hlc3QvMTg4MBGGD2h0dHA6Ly94ZXN0LzE4OTARhg9odHRwOi8veGVzdC8xOTAw +-EYYPaHR0cDovL3hlc3QvMTkxMBGGD2h0dHA6Ly94ZXN0LzE5MjARhg9odHRwOi8v +-eGVzdC8xOTMwEYYPaHR0cDovL3hlc3QvMTk0MBGGD2h0dHA6Ly94ZXN0LzE5NTAR +-hg9odHRwOi8veGVzdC8xOTYwEYYPaHR0cDovL3hlc3QvMTk3MBGGD2h0dHA6Ly94 +-ZXN0LzE5ODARhg9odHRwOi8veGVzdC8xOTkwEYYPaHR0cDovL3hlc3QvMjAwMBGG +-D2h0dHA6Ly94ZXN0LzIwMTARhg9odHRwOi8veGVzdC8yMDIwEYYPaHR0cDovL3hl +-c3QvMjAzMBGGD2h0dHA6Ly94ZXN0LzIwNDARhg9odHRwOi8veGVzdC8yMDUwEYYP +-aHR0cDovL3hlc3QvMjA2MBGGD2h0dHA6Ly94ZXN0LzIwNzARhg9odHRwOi8veGVz +-dC8yMDgwEYYPaHR0cDovL3hlc3QvMjA5MBGGD2h0dHA6Ly94ZXN0LzIxMDARhg9o +-dHRwOi8veGVzdC8yMTEwEYYPaHR0cDovL3hlc3QvMjEyMBGGD2h0dHA6Ly94ZXN0 +-LzIxMzARhg9odHRwOi8veGVzdC8yMTQwEYYPaHR0cDovL3hlc3QvMjE1MBGGD2h0 +-dHA6Ly94ZXN0LzIxNjARhg9odHRwOi8veGVzdC8yMTcwEYYPaHR0cDovL3hlc3Qv +-MjE4MBGGD2h0dHA6Ly94ZXN0LzIxOTARhg9odHRwOi8veGVzdC8yMjAwEYYPaHR0 +-cDovL3hlc3QvMjIxMBGGD2h0dHA6Ly94ZXN0LzIyMjARhg9odHRwOi8veGVzdC8y +-MjMwEYYPaHR0cDovL3hlc3QvMjI0MBGGD2h0dHA6Ly94ZXN0LzIyNTARhg9odHRw +-Oi8veGVzdC8yMjYwEYYPaHR0cDovL3hlc3QvMjI3MBGGD2h0dHA6Ly94ZXN0LzIy +-ODARhg9odHRwOi8veGVzdC8yMjkwEYYPaHR0cDovL3hlc3QvMjMwMBGGD2h0dHA6 +-Ly94ZXN0LzIzMTARhg9odHRwOi8veGVzdC8yMzIwEYYPaHR0cDovL3hlc3QvMjMz +-MBGGD2h0dHA6Ly94ZXN0LzIzNDARhg9odHRwOi8veGVzdC8yMzUwEYYPaHR0cDov +-L3hlc3QvMjM2MBGGD2h0dHA6Ly94ZXN0LzIzNzARhg9odHRwOi8veGVzdC8yMzgw +-EYYPaHR0cDovL3hlc3QvMjM5MBGGD2h0dHA6Ly94ZXN0LzI0MDARhg9odHRwOi8v +-eGVzdC8yNDEwEYYPaHR0cDovL3hlc3QvMjQyMBGGD2h0dHA6Ly94ZXN0LzI0MzAR +-hg9odHRwOi8veGVzdC8yNDQwEYYPaHR0cDovL3hlc3QvMjQ1MBGGD2h0dHA6Ly94 +-ZXN0LzI0NjARhg9odHRwOi8veGVzdC8yNDcwEYYPaHR0cDovL3hlc3QvMjQ4MBGG +-D2h0dHA6Ly94ZXN0LzI0OTARhg9odHRwOi8veGVzdC8yNTAwEYYPaHR0cDovL3hl +-c3QvMjUxMBGGD2h0dHA6Ly94ZXN0LzI1MjARhg9odHRwOi8veGVzdC8yNTMwEYYP +-aHR0cDovL3hlc3QvMjU0MBGGD2h0dHA6Ly94ZXN0LzI1NTARhg9odHRwOi8veGVz +-dC8yNTYwEYYPaHR0cDovL3hlc3QvMjU3MBGGD2h0dHA6Ly94ZXN0LzI1ODARhg9o +-dHRwOi8veGVzdC8yNTkwEYYPaHR0cDovL3hlc3QvMjYwMBGGD2h0dHA6Ly94ZXN0 +-LzI2MTARhg9odHRwOi8veGVzdC8yNjIwEYYPaHR0cDovL3hlc3QvMjYzMBGGD2h0 +-dHA6Ly94ZXN0LzI2NDARhg9odHRwOi8veGVzdC8yNjUwEYYPaHR0cDovL3hlc3Qv +-MjY2MBGGD2h0dHA6Ly94ZXN0LzI2NzARhg9odHRwOi8veGVzdC8yNjgwEYYPaHR0 +-cDovL3hlc3QvMjY5MBGGD2h0dHA6Ly94ZXN0LzI3MDARhg9odHRwOi8veGVzdC8y +-NzEwEYYPaHR0cDovL3hlc3QvMjcyMBGGD2h0dHA6Ly94ZXN0LzI3MzARhg9odHRw +-Oi8veGVzdC8yNzQwEYYPaHR0cDovL3hlc3QvMjc1MBGGD2h0dHA6Ly94ZXN0LzI3 +-NjARhg9odHRwOi8veGVzdC8yNzcwEYYPaHR0cDovL3hlc3QvMjc4MBGGD2h0dHA6 +-Ly94ZXN0LzI3OTARhg9odHRwOi8veGVzdC8yODAwEYYPaHR0cDovL3hlc3QvMjgx +-MBGGD2h0dHA6Ly94ZXN0LzI4MjARhg9odHRwOi8veGVzdC8yODMwEYYPaHR0cDov +-L3hlc3QvMjg0MBGGD2h0dHA6Ly94ZXN0LzI4NTARhg9odHRwOi8veGVzdC8yODYw +-EYYPaHR0cDovL3hlc3QvMjg3MBGGD2h0dHA6Ly94ZXN0LzI4ODARhg9odHRwOi8v +-eGVzdC8yODkwEYYPaHR0cDovL3hlc3QvMjkwMBGGD2h0dHA6Ly94ZXN0LzI5MTAR +-hg9odHRwOi8veGVzdC8yOTIwEYYPaHR0cDovL3hlc3QvMjkzMBGGD2h0dHA6Ly94 +-ZXN0LzI5NDARhg9odHRwOi8veGVzdC8yOTUwEYYPaHR0cDovL3hlc3QvMjk2MBGG +-D2h0dHA6Ly94ZXN0LzI5NzARhg9odHRwOi8veGVzdC8yOTgwEYYPaHR0cDovL3hl +-c3QvMjk5MBGGD2h0dHA6Ly94ZXN0LzMwMDARhg9odHRwOi8veGVzdC8zMDEwEYYP +-aHR0cDovL3hlc3QvMzAyMBGGD2h0dHA6Ly94ZXN0LzMwMzARhg9odHRwOi8veGVz +-dC8zMDQwEYYPaHR0cDovL3hlc3QvMzA1MBGGD2h0dHA6Ly94ZXN0LzMwNjARhg9o +-dHRwOi8veGVzdC8zMDcwEYYPaHR0cDovL3hlc3QvMzA4MBGGD2h0dHA6Ly94ZXN0 +-LzMwOTARhg9odHRwOi8veGVzdC8zMTAwEYYPaHR0cDovL3hlc3QvMzExMBGGD2h0 +-dHA6Ly94ZXN0LzMxMjARhg9odHRwOi8veGVzdC8zMTMwEYYPaHR0cDovL3hlc3Qv +-MzE0MBGGD2h0dHA6Ly94ZXN0LzMxNTARhg9odHRwOi8veGVzdC8zMTYwEYYPaHR0 +-cDovL3hlc3QvMzE3MBGGD2h0dHA6Ly94ZXN0LzMxODARhg9odHRwOi8veGVzdC8z +-MTkwEYYPaHR0cDovL3hlc3QvMzIwMBGGD2h0dHA6Ly94ZXN0LzMyMTARhg9odHRw +-Oi8veGVzdC8zMjIwEYYPaHR0cDovL3hlc3QvMzIzMBGGD2h0dHA6Ly94ZXN0LzMy +-NDARhg9odHRwOi8veGVzdC8zMjUwEYYPaHR0cDovL3hlc3QvMzI2MBGGD2h0dHA6 +-Ly94ZXN0LzMyNzARhg9odHRwOi8veGVzdC8zMjgwEYYPaHR0cDovL3hlc3QvMzI5 +-MBGGD2h0dHA6Ly94ZXN0LzMzMDARhg9odHRwOi8veGVzdC8zMzEwEYYPaHR0cDov +-L3hlc3QvMzMyMBGGD2h0dHA6Ly94ZXN0LzMzMzARhg9odHRwOi8veGVzdC8zMzQw +-EYYPaHR0cDovL3hlc3QvMzM1MBGGD2h0dHA6Ly94ZXN0LzMzNjARhg9odHRwOi8v +-eGVzdC8zMzcwEYYPaHR0cDovL3hlc3QvMzM4MBGGD2h0dHA6Ly94ZXN0LzMzOTAR +-hg9odHRwOi8veGVzdC8zNDAwEYYPaHR0cDovL3hlc3QvMzQxMBGGD2h0dHA6Ly94 +-ZXN0LzM0MjARhg9odHRwOi8veGVzdC8zNDMwEYYPaHR0cDovL3hlc3QvMzQ0MBGG +-D2h0dHA6Ly94ZXN0LzM0NTARhg9odHRwOi8veGVzdC8zNDYwEYYPaHR0cDovL3hl +-c3QvMzQ3MBGGD2h0dHA6Ly94ZXN0LzM0ODARhg9odHRwOi8veGVzdC8zNDkwEYYP +-aHR0cDovL3hlc3QvMzUwMBGGD2h0dHA6Ly94ZXN0LzM1MTARhg9odHRwOi8veGVz +-dC8zNTIwEYYPaHR0cDovL3hlc3QvMzUzMBGGD2h0dHA6Ly94ZXN0LzM1NDARhg9o +-dHRwOi8veGVzdC8zNTUwEYYPaHR0cDovL3hlc3QvMzU2MBGGD2h0dHA6Ly94ZXN0 +-LzM1NzARhg9odHRwOi8veGVzdC8zNTgwEYYPaHR0cDovL3hlc3QvMzU5MBGGD2h0 +-dHA6Ly94ZXN0LzM2MDARhg9odHRwOi8veGVzdC8zNjEwEYYPaHR0cDovL3hlc3Qv +-MzYyMBGGD2h0dHA6Ly94ZXN0LzM2MzARhg9odHRwOi8veGVzdC8zNjQwEYYPaHR0 +-cDovL3hlc3QvMzY1MBGGD2h0dHA6Ly94ZXN0LzM2NjARhg9odHRwOi8veGVzdC8z +-NjcwEYYPaHR0cDovL3hlc3QvMzY4MBGGD2h0dHA6Ly94ZXN0LzM2OTARhg9odHRw +-Oi8veGVzdC8zNzAwEYYPaHR0cDovL3hlc3QvMzcxMBGGD2h0dHA6Ly94ZXN0LzM3 +-MjARhg9odHRwOi8veGVzdC8zNzMwEYYPaHR0cDovL3hlc3QvMzc0MBGGD2h0dHA6 +-Ly94ZXN0LzM3NTARhg9odHRwOi8veGVzdC8zNzYwEYYPaHR0cDovL3hlc3QvMzc3 +-MBGGD2h0dHA6Ly94ZXN0LzM3ODARhg9odHRwOi8veGVzdC8zNzkwEYYPaHR0cDov +-L3hlc3QvMzgwMBGGD2h0dHA6Ly94ZXN0LzM4MTARhg9odHRwOi8veGVzdC8zODIw +-EYYPaHR0cDovL3hlc3QvMzgzMBGGD2h0dHA6Ly94ZXN0LzM4NDARhg9odHRwOi8v +-eGVzdC8zODUwEYYPaHR0cDovL3hlc3QvMzg2MBGGD2h0dHA6Ly94ZXN0LzM4NzAR +-hg9odHRwOi8veGVzdC8zODgwEYYPaHR0cDovL3hlc3QvMzg5MBGGD2h0dHA6Ly94 +-ZXN0LzM5MDARhg9odHRwOi8veGVzdC8zOTEwEYYPaHR0cDovL3hlc3QvMzkyMBGG +-D2h0dHA6Ly94ZXN0LzM5MzARhg9odHRwOi8veGVzdC8zOTQwEYYPaHR0cDovL3hl +-c3QvMzk1MBGGD2h0dHA6Ly94ZXN0LzM5NjARhg9odHRwOi8veGVzdC8zOTcwEYYP +-aHR0cDovL3hlc3QvMzk4MBGGD2h0dHA6Ly94ZXN0LzM5OTARhg9odHRwOi8veGVz +-dC80MDAwEYYPaHR0cDovL3hlc3QvNDAxMBGGD2h0dHA6Ly94ZXN0LzQwMjARhg9o +-dHRwOi8veGVzdC80MDMwEYYPaHR0cDovL3hlc3QvNDA0MBGGD2h0dHA6Ly94ZXN0 +-LzQwNTARhg9odHRwOi8veGVzdC80MDYwEYYPaHR0cDovL3hlc3QvNDA3MBGGD2h0 +-dHA6Ly94ZXN0LzQwODARhg9odHRwOi8veGVzdC80MDkwEYYPaHR0cDovL3hlc3Qv +-NDEwMBGGD2h0dHA6Ly94ZXN0LzQxMTARhg9odHRwOi8veGVzdC80MTIwEYYPaHR0 +-cDovL3hlc3QvNDEzMBGGD2h0dHA6Ly94ZXN0LzQxNDARhg9odHRwOi8veGVzdC80 +-MTUwEYYPaHR0cDovL3hlc3QvNDE2MBGGD2h0dHA6Ly94ZXN0LzQxNzARhg9odHRw +-Oi8veGVzdC80MTgwEYYPaHR0cDovL3hlc3QvNDE5MBGGD2h0dHA6Ly94ZXN0LzQy +-MDARhg9odHRwOi8veGVzdC80MjEwEYYPaHR0cDovL3hlc3QvNDIyMBGGD2h0dHA6 +-Ly94ZXN0LzQyMzARhg9odHRwOi8veGVzdC80MjQwEYYPaHR0cDovL3hlc3QvNDI1 +-MBGGD2h0dHA6Ly94ZXN0LzQyNjARhg9odHRwOi8veGVzdC80MjcwEYYPaHR0cDov +-L3hlc3QvNDI4MBGGD2h0dHA6Ly94ZXN0LzQyOTARhg9odHRwOi8veGVzdC80MzAw +-EYYPaHR0cDovL3hlc3QvNDMxMBGGD2h0dHA6Ly94ZXN0LzQzMjARhg9odHRwOi8v +-eGVzdC80MzMwEYYPaHR0cDovL3hlc3QvNDM0MBGGD2h0dHA6Ly94ZXN0LzQzNTAR +-hg9odHRwOi8veGVzdC80MzYwEYYPaHR0cDovL3hlc3QvNDM3MBGGD2h0dHA6Ly94 +-ZXN0LzQzODARhg9odHRwOi8veGVzdC80MzkwEYYPaHR0cDovL3hlc3QvNDQwMBGG +-D2h0dHA6Ly94ZXN0LzQ0MTARhg9odHRwOi8veGVzdC80NDIwEYYPaHR0cDovL3hl +-c3QvNDQzMBGGD2h0dHA6Ly94ZXN0LzQ0NDARhg9odHRwOi8veGVzdC80NDUwEYYP +-aHR0cDovL3hlc3QvNDQ2MBGGD2h0dHA6Ly94ZXN0LzQ0NzARhg9odHRwOi8veGVz +-dC80NDgwEYYPaHR0cDovL3hlc3QvNDQ5MBGGD2h0dHA6Ly94ZXN0LzQ1MDARhg9o +-dHRwOi8veGVzdC80NTEwEYYPaHR0cDovL3hlc3QvNDUyMBGGD2h0dHA6Ly94ZXN0 +-LzQ1MzARhg9odHRwOi8veGVzdC80NTQwEYYPaHR0cDovL3hlc3QvNDU1MBGGD2h0 +-dHA6Ly94ZXN0LzQ1NjARhg9odHRwOi8veGVzdC80NTcwEYYPaHR0cDovL3hlc3Qv +-NDU4MBGGD2h0dHA6Ly94ZXN0LzQ1OTARhg9odHRwOi8veGVzdC80NjAwEYYPaHR0 +-cDovL3hlc3QvNDYxMBGGD2h0dHA6Ly94ZXN0LzQ2MjARhg9odHRwOi8veGVzdC80 +-NjMwEYYPaHR0cDovL3hlc3QvNDY0MBGGD2h0dHA6Ly94ZXN0LzQ2NTARhg9odHRw +-Oi8veGVzdC80NjYwEYYPaHR0cDovL3hlc3QvNDY3MBGGD2h0dHA6Ly94ZXN0LzQ2 +-ODARhg9odHRwOi8veGVzdC80NjkwEYYPaHR0cDovL3hlc3QvNDcwMBGGD2h0dHA6 +-Ly94ZXN0LzQ3MTARhg9odHRwOi8veGVzdC80NzIwEYYPaHR0cDovL3hlc3QvNDcz +-MBGGD2h0dHA6Ly94ZXN0LzQ3NDARhg9odHRwOi8veGVzdC80NzUwEYYPaHR0cDov +-L3hlc3QvNDc2MBGGD2h0dHA6Ly94ZXN0LzQ3NzARhg9odHRwOi8veGVzdC80Nzgw +-EYYPaHR0cDovL3hlc3QvNDc5MBGGD2h0dHA6Ly94ZXN0LzQ4MDARhg9odHRwOi8v +-eGVzdC80ODEwEYYPaHR0cDovL3hlc3QvNDgyMBGGD2h0dHA6Ly94ZXN0LzQ4MzAR +-hg9odHRwOi8veGVzdC80ODQwEYYPaHR0cDovL3hlc3QvNDg1MBGGD2h0dHA6Ly94 +-ZXN0LzQ4NjARhg9odHRwOi8veGVzdC80ODcwEYYPaHR0cDovL3hlc3QvNDg4MBGG +-D2h0dHA6Ly94ZXN0LzQ4OTARhg9odHRwOi8veGVzdC80OTAwEYYPaHR0cDovL3hl +-c3QvNDkxMBGGD2h0dHA6Ly94ZXN0LzQ5MjARhg9odHRwOi8veGVzdC80OTMwEYYP +-aHR0cDovL3hlc3QvNDk0MBGGD2h0dHA6Ly94ZXN0LzQ5NTARhg9odHRwOi8veGVz +-dC80OTYwEYYPaHR0cDovL3hlc3QvNDk3MBGGD2h0dHA6Ly94ZXN0LzQ5ODARhg9o +-dHRwOi8veGVzdC80OTkwEYYPaHR0cDovL3hlc3QvNTAwMBGGD2h0dHA6Ly94ZXN0 +-LzUwMTARhg9odHRwOi8veGVzdC81MDIwEYYPaHR0cDovL3hlc3QvNTAzMBGGD2h0 +-dHA6Ly94ZXN0LzUwNDARhg9odHRwOi8veGVzdC81MDUwEYYPaHR0cDovL3hlc3Qv +-NTA2MBGGD2h0dHA6Ly94ZXN0LzUwNzARhg9odHRwOi8veGVzdC81MDgwEYYPaHR0 +-cDovL3hlc3QvNTA5MBGGD2h0dHA6Ly94ZXN0LzUxMDARhg9odHRwOi8veGVzdC81 +-MTEwEYYPaHR0cDovL3hlc3QvNTEyMBGGD2h0dHA6Ly94ZXN0LzUxMzARhg9odHRw +-Oi8veGVzdC81MTQwEYYPaHR0cDovL3hlc3QvNTE1MBGGD2h0dHA6Ly94ZXN0LzUx +-NjARhg9odHRwOi8veGVzdC81MTcwEYYPaHR0cDovL3hlc3QvNTE4MBGGD2h0dHA6 +-Ly94ZXN0LzUxOTARhg9odHRwOi8veGVzdC81MjAwEYYPaHR0cDovL3hlc3QvNTIx +-MBGGD2h0dHA6Ly94ZXN0LzUyMjARhg9odHRwOi8veGVzdC81MjMwEYYPaHR0cDov +-L3hlc3QvNTI0MBGGD2h0dHA6Ly94ZXN0LzUyNTARhg9odHRwOi8veGVzdC81MjYw +-EYYPaHR0cDovL3hlc3QvNTI3MBGGD2h0dHA6Ly94ZXN0LzUyODARhg9odHRwOi8v +-eGVzdC81MjkwEYYPaHR0cDovL3hlc3QvNTMwMBGGD2h0dHA6Ly94ZXN0LzUzMTAR +-hg9odHRwOi8veGVzdC81MzIwEYYPaHR0cDovL3hlc3QvNTMzMBGGD2h0dHA6Ly94 +-ZXN0LzUzNDARhg9odHRwOi8veGVzdC81MzUwEYYPaHR0cDovL3hlc3QvNTM2MBGG +-D2h0dHA6Ly94ZXN0LzUzNzARhg9odHRwOi8veGVzdC81MzgwEYYPaHR0cDovL3hl +-c3QvNTM5MBGGD2h0dHA6Ly94ZXN0LzU0MDARhg9odHRwOi8veGVzdC81NDEwEYYP +-aHR0cDovL3hlc3QvNTQyMBGGD2h0dHA6Ly94ZXN0LzU0MzARhg9odHRwOi8veGVz +-dC81NDQwEYYPaHR0cDovL3hlc3QvNTQ1MBGGD2h0dHA6Ly94ZXN0LzU0NjARhg9o +-dHRwOi8veGVzdC81NDcwEYYPaHR0cDovL3hlc3QvNTQ4MBGGD2h0dHA6Ly94ZXN0 +-LzU0OTARhg9odHRwOi8veGVzdC81NTAwEYYPaHR0cDovL3hlc3QvNTUxMBGGD2h0 +-dHA6Ly94ZXN0LzU1MjARhg9odHRwOi8veGVzdC81NTMwEYYPaHR0cDovL3hlc3Qv +-NTU0MBGGD2h0dHA6Ly94ZXN0LzU1NTARhg9odHRwOi8veGVzdC81NTYwEYYPaHR0 +-cDovL3hlc3QvNTU3MBGGD2h0dHA6Ly94ZXN0LzU1ODARhg9odHRwOi8veGVzdC81 +-NTkwEYYPaHR0cDovL3hlc3QvNTYwMBGGD2h0dHA6Ly94ZXN0LzU2MTARhg9odHRw +-Oi8veGVzdC81NjIwEYYPaHR0cDovL3hlc3QvNTYzMBGGD2h0dHA6Ly94ZXN0LzU2 +-NDARhg9odHRwOi8veGVzdC81NjUwEYYPaHR0cDovL3hlc3QvNTY2MBGGD2h0dHA6 +-Ly94ZXN0LzU2NzARhg9odHRwOi8veGVzdC81NjgwEYYPaHR0cDovL3hlc3QvNTY5 +-MBGGD2h0dHA6Ly94ZXN0LzU3MDARhg9odHRwOi8veGVzdC81NzEwEYYPaHR0cDov +-L3hlc3QvNTcyMBGGD2h0dHA6Ly94ZXN0LzU3MzARhg9odHRwOi8veGVzdC81NzQw +-EYYPaHR0cDovL3hlc3QvNTc1MBGGD2h0dHA6Ly94ZXN0LzU3NjARhg9odHRwOi8v +-eGVzdC81NzcwEYYPaHR0cDovL3hlc3QvNTc4MBGGD2h0dHA6Ly94ZXN0LzU3OTAR +-hg9odHRwOi8veGVzdC81ODAwEYYPaHR0cDovL3hlc3QvNTgxMBGGD2h0dHA6Ly94 +-ZXN0LzU4MjARhg9odHRwOi8veGVzdC81ODMwEYYPaHR0cDovL3hlc3QvNTg0MBGG +-D2h0dHA6Ly94ZXN0LzU4NTARhg9odHRwOi8veGVzdC81ODYwEYYPaHR0cDovL3hl +-c3QvNTg3MBGGD2h0dHA6Ly94ZXN0LzU4ODARhg9odHRwOi8veGVzdC81ODkwEYYP +-aHR0cDovL3hlc3QvNTkwMBGGD2h0dHA6Ly94ZXN0LzU5MTARhg9odHRwOi8veGVz +-dC81OTIwEYYPaHR0cDovL3hlc3QvNTkzMBGGD2h0dHA6Ly94ZXN0LzU5NDARhg9o +-dHRwOi8veGVzdC81OTUwEYYPaHR0cDovL3hlc3QvNTk2MBGGD2h0dHA6Ly94ZXN0 +-LzU5NzARhg9odHRwOi8veGVzdC81OTgwEYYPaHR0cDovL3hlc3QvNTk5MBGGD2h0 +-dHA6Ly94ZXN0LzYwMDARhg9odHRwOi8veGVzdC82MDEwEYYPaHR0cDovL3hlc3Qv +-NjAyMBGGD2h0dHA6Ly94ZXN0LzYwMzARhg9odHRwOi8veGVzdC82MDQwEYYPaHR0 +-cDovL3hlc3QvNjA1MBGGD2h0dHA6Ly94ZXN0LzYwNjARhg9odHRwOi8veGVzdC82 +-MDcwEYYPaHR0cDovL3hlc3QvNjA4MBGGD2h0dHA6Ly94ZXN0LzYwOTARhg9odHRw +-Oi8veGVzdC82MTAwEYYPaHR0cDovL3hlc3QvNjExMBGGD2h0dHA6Ly94ZXN0LzYx +-MjARhg9odHRwOi8veGVzdC82MTMwEYYPaHR0cDovL3hlc3QvNjE0MBGGD2h0dHA6 +-Ly94ZXN0LzYxNTARhg9odHRwOi8veGVzdC82MTYwEYYPaHR0cDovL3hlc3QvNjE3 +-MBGGD2h0dHA6Ly94ZXN0LzYxODARhg9odHRwOi8veGVzdC82MTkwEYYPaHR0cDov +-L3hlc3QvNjIwMBGGD2h0dHA6Ly94ZXN0LzYyMTARhg9odHRwOi8veGVzdC82MjIw +-EYYPaHR0cDovL3hlc3QvNjIzMBGGD2h0dHA6Ly94ZXN0LzYyNDARhg9odHRwOi8v +-eGVzdC82MjUwEYYPaHR0cDovL3hlc3QvNjI2MBGGD2h0dHA6Ly94ZXN0LzYyNzAR +-hg9odHRwOi8veGVzdC82MjgwEYYPaHR0cDovL3hlc3QvNjI5MBGGD2h0dHA6Ly94 +-ZXN0LzYzMDARhg9odHRwOi8veGVzdC82MzEwEYYPaHR0cDovL3hlc3QvNjMyMBGG +-D2h0dHA6Ly94ZXN0LzYzMzARhg9odHRwOi8veGVzdC82MzQwEYYPaHR0cDovL3hl +-c3QvNjM1MBGGD2h0dHA6Ly94ZXN0LzYzNjARhg9odHRwOi8veGVzdC82MzcwEYYP +-aHR0cDovL3hlc3QvNjM4MBGGD2h0dHA6Ly94ZXN0LzYzOTARhg9odHRwOi8veGVz +-dC82NDAwEYYPaHR0cDovL3hlc3QvNjQxMBGGD2h0dHA6Ly94ZXN0LzY0MjARhg9o +-dHRwOi8veGVzdC82NDMwEYYPaHR0cDovL3hlc3QvNjQ0MBGGD2h0dHA6Ly94ZXN0 +-LzY0NTARhg9odHRwOi8veGVzdC82NDYwEYYPaHR0cDovL3hlc3QvNjQ3MBGGD2h0 +-dHA6Ly94ZXN0LzY0ODARhg9odHRwOi8veGVzdC82NDkwEYYPaHR0cDovL3hlc3Qv +-NjUwMBGGD2h0dHA6Ly94ZXN0LzY1MTARhg9odHRwOi8veGVzdC82NTIwEYYPaHR0 +-cDovL3hlc3QvNjUzMBGGD2h0dHA6Ly94ZXN0LzY1NDARhg9odHRwOi8veGVzdC82 +-NTUwEYYPaHR0cDovL3hlc3QvNjU2MBGGD2h0dHA6Ly94ZXN0LzY1NzARhg9odHRw +-Oi8veGVzdC82NTgwEYYPaHR0cDovL3hlc3QvNjU5MBGGD2h0dHA6Ly94ZXN0LzY2 +-MDARhg9odHRwOi8veGVzdC82NjEwEYYPaHR0cDovL3hlc3QvNjYyMBGGD2h0dHA6 +-Ly94ZXN0LzY2MzARhg9odHRwOi8veGVzdC82NjQwEYYPaHR0cDovL3hlc3QvNjY1 +-MBGGD2h0dHA6Ly94ZXN0LzY2NjARhg9odHRwOi8veGVzdC82NjcwEYYPaHR0cDov +-L3hlc3QvNjY4MBGGD2h0dHA6Ly94ZXN0LzY2OTARhg9odHRwOi8veGVzdC82NzAw +-EYYPaHR0cDovL3hlc3QvNjcxMBGGD2h0dHA6Ly94ZXN0LzY3MjARhg9odHRwOi8v +-eGVzdC82NzMwEYYPaHR0cDovL3hlc3QvNjc0MBGGD2h0dHA6Ly94ZXN0LzY3NTAR +-hg9odHRwOi8veGVzdC82NzYwEYYPaHR0cDovL3hlc3QvNjc3MBGGD2h0dHA6Ly94 +-ZXN0LzY3ODARhg9odHRwOi8veGVzdC82NzkwEYYPaHR0cDovL3hlc3QvNjgwMBGG +-D2h0dHA6Ly94ZXN0LzY4MTARhg9odHRwOi8veGVzdC82ODIwEYYPaHR0cDovL3hl +-c3QvNjgzMBGGD2h0dHA6Ly94ZXN0LzY4NDARhg9odHRwOi8veGVzdC82ODUwEYYP +-aHR0cDovL3hlc3QvNjg2MBGGD2h0dHA6Ly94ZXN0LzY4NzARhg9odHRwOi8veGVz +-dC82ODgwEYYPaHR0cDovL3hlc3QvNjg5MBGGD2h0dHA6Ly94ZXN0LzY5MDARhg9o +-dHRwOi8veGVzdC82OTEwEYYPaHR0cDovL3hlc3QvNjkyMBGGD2h0dHA6Ly94ZXN0 +-LzY5MzARhg9odHRwOi8veGVzdC82OTQwEYYPaHR0cDovL3hlc3QvNjk1MBGGD2h0 +-dHA6Ly94ZXN0LzY5NjARhg9odHRwOi8veGVzdC82OTcwEYYPaHR0cDovL3hlc3Qv +-Njk4MBGGD2h0dHA6Ly94ZXN0LzY5OTARhg9odHRwOi8veGVzdC83MDAwEYYPaHR0 +-cDovL3hlc3QvNzAxMBGGD2h0dHA6Ly94ZXN0LzcwMjARhg9odHRwOi8veGVzdC83 +-MDMwEYYPaHR0cDovL3hlc3QvNzA0MBGGD2h0dHA6Ly94ZXN0LzcwNTARhg9odHRw +-Oi8veGVzdC83MDYwEYYPaHR0cDovL3hlc3QvNzA3MBGGD2h0dHA6Ly94ZXN0Lzcw +-ODARhg9odHRwOi8veGVzdC83MDkwEYYPaHR0cDovL3hlc3QvNzEwMBGGD2h0dHA6 +-Ly94ZXN0LzcxMTARhg9odHRwOi8veGVzdC83MTIwEYYPaHR0cDovL3hlc3QvNzEz +-MBGGD2h0dHA6Ly94ZXN0LzcxNDARhg9odHRwOi8veGVzdC83MTUwEYYPaHR0cDov +-L3hlc3QvNzE2MBGGD2h0dHA6Ly94ZXN0LzcxNzARhg9odHRwOi8veGVzdC83MTgw +-EYYPaHR0cDovL3hlc3QvNzE5MBGGD2h0dHA6Ly94ZXN0LzcyMDARhg9odHRwOi8v +-eGVzdC83MjEwEYYPaHR0cDovL3hlc3QvNzIyMBGGD2h0dHA6Ly94ZXN0LzcyMzAR +-hg9odHRwOi8veGVzdC83MjQwEYYPaHR0cDovL3hlc3QvNzI1MBGGD2h0dHA6Ly94 +-ZXN0LzcyNjARhg9odHRwOi8veGVzdC83MjcwEYYPaHR0cDovL3hlc3QvNzI4MBGG +-D2h0dHA6Ly94ZXN0LzcyOTARhg9odHRwOi8veGVzdC83MzAwEYYPaHR0cDovL3hl +-c3QvNzMxMBGGD2h0dHA6Ly94ZXN0LzczMjARhg9odHRwOi8veGVzdC83MzMwEYYP +-aHR0cDovL3hlc3QvNzM0MBGGD2h0dHA6Ly94ZXN0LzczNTARhg9odHRwOi8veGVz +-dC83MzYwEYYPaHR0cDovL3hlc3QvNzM3MBGGD2h0dHA6Ly94ZXN0LzczODARhg9o +-dHRwOi8veGVzdC83MzkwEYYPaHR0cDovL3hlc3QvNzQwMBGGD2h0dHA6Ly94ZXN0 +-Lzc0MTARhg9odHRwOi8veGVzdC83NDIwEYYPaHR0cDovL3hlc3QvNzQzMBGGD2h0 +-dHA6Ly94ZXN0Lzc0NDARhg9odHRwOi8veGVzdC83NDUwEYYPaHR0cDovL3hlc3Qv +-NzQ2MBGGD2h0dHA6Ly94ZXN0Lzc0NzARhg9odHRwOi8veGVzdC83NDgwEYYPaHR0 +-cDovL3hlc3QvNzQ5MBGGD2h0dHA6Ly94ZXN0Lzc1MDARhg9odHRwOi8veGVzdC83 +-NTEwEYYPaHR0cDovL3hlc3QvNzUyMBGGD2h0dHA6Ly94ZXN0Lzc1MzARhg9odHRw +-Oi8veGVzdC83NTQwEYYPaHR0cDovL3hlc3QvNzU1MBGGD2h0dHA6Ly94ZXN0Lzc1 +-NjARhg9odHRwOi8veGVzdC83NTcwEYYPaHR0cDovL3hlc3QvNzU4MBGGD2h0dHA6 +-Ly94ZXN0Lzc1OTARhg9odHRwOi8veGVzdC83NjAwEYYPaHR0cDovL3hlc3QvNzYx +-MBGGD2h0dHA6Ly94ZXN0Lzc2MjARhg9odHRwOi8veGVzdC83NjMwEYYPaHR0cDov +-L3hlc3QvNzY0MBGGD2h0dHA6Ly94ZXN0Lzc2NTARhg9odHRwOi8veGVzdC83NjYw +-EYYPaHR0cDovL3hlc3QvNzY3MBGGD2h0dHA6Ly94ZXN0Lzc2ODARhg9odHRwOi8v +-eGVzdC83NjkwEYYPaHR0cDovL3hlc3QvNzcwMBGGD2h0dHA6Ly94ZXN0Lzc3MTAR +-hg9odHRwOi8veGVzdC83NzIwEYYPaHR0cDovL3hlc3QvNzczMBGGD2h0dHA6Ly94 +-ZXN0Lzc3NDARhg9odHRwOi8veGVzdC83NzUwEYYPaHR0cDovL3hlc3QvNzc2MBGG +-D2h0dHA6Ly94ZXN0Lzc3NzARhg9odHRwOi8veGVzdC83NzgwEYYPaHR0cDovL3hl +-c3QvNzc5MBGGD2h0dHA6Ly94ZXN0Lzc4MDARhg9odHRwOi8veGVzdC83ODEwEYYP +-aHR0cDovL3hlc3QvNzgyMBGGD2h0dHA6Ly94ZXN0Lzc4MzARhg9odHRwOi8veGVz +-dC83ODQwEYYPaHR0cDovL3hlc3QvNzg1MBGGD2h0dHA6Ly94ZXN0Lzc4NjARhg9o +-dHRwOi8veGVzdC83ODcwEYYPaHR0cDovL3hlc3QvNzg4MBGGD2h0dHA6Ly94ZXN0 +-Lzc4OTARhg9odHRwOi8veGVzdC83OTAwEYYPaHR0cDovL3hlc3QvNzkxMBGGD2h0 +-dHA6Ly94ZXN0Lzc5MjARhg9odHRwOi8veGVzdC83OTMwEYYPaHR0cDovL3hlc3Qv +-Nzk0MBGGD2h0dHA6Ly94ZXN0Lzc5NTARhg9odHRwOi8veGVzdC83OTYwEYYPaHR0 +-cDovL3hlc3QvNzk3MBGGD2h0dHA6Ly94ZXN0Lzc5ODARhg9odHRwOi8veGVzdC83 +-OTkwEYYPaHR0cDovL3hlc3QvODAwMBGGD2h0dHA6Ly94ZXN0LzgwMTARhg9odHRw +-Oi8veGVzdC84MDIwEYYPaHR0cDovL3hlc3QvODAzMBGGD2h0dHA6Ly94ZXN0Lzgw +-NDARhg9odHRwOi8veGVzdC84MDUwEYYPaHR0cDovL3hlc3QvODA2MBGGD2h0dHA6 +-Ly94ZXN0LzgwNzARhg9odHRwOi8veGVzdC84MDgwEYYPaHR0cDovL3hlc3QvODA5 +-MBGGD2h0dHA6Ly94ZXN0LzgxMDARhg9odHRwOi8veGVzdC84MTEwEYYPaHR0cDov +-L3hlc3QvODEyMBGGD2h0dHA6Ly94ZXN0LzgxMzARhg9odHRwOi8veGVzdC84MTQw +-EYYPaHR0cDovL3hlc3QvODE1MBGGD2h0dHA6Ly94ZXN0LzgxNjARhg9odHRwOi8v +-eGVzdC84MTcwEYYPaHR0cDovL3hlc3QvODE4MBGGD2h0dHA6Ly94ZXN0LzgxOTAR +-hg9odHRwOi8veGVzdC84MjAwEYYPaHR0cDovL3hlc3QvODIxMBGGD2h0dHA6Ly94 +-ZXN0LzgyMjARhg9odHRwOi8veGVzdC84MjMwEYYPaHR0cDovL3hlc3QvODI0MBGG +-D2h0dHA6Ly94ZXN0LzgyNTARhg9odHRwOi8veGVzdC84MjYwEYYPaHR0cDovL3hl +-c3QvODI3MBGGD2h0dHA6Ly94ZXN0LzgyODARhg9odHRwOi8veGVzdC84MjkwEYYP +-aHR0cDovL3hlc3QvODMwMBGGD2h0dHA6Ly94ZXN0LzgzMTARhg9odHRwOi8veGVz +-dC84MzIwEYYPaHR0cDovL3hlc3QvODMzMBGGD2h0dHA6Ly94ZXN0LzgzNDARhg9o +-dHRwOi8veGVzdC84MzUwEYYPaHR0cDovL3hlc3QvODM2MBGGD2h0dHA6Ly94ZXN0 +-LzgzNzARhg9odHRwOi8veGVzdC84MzgwEYYPaHR0cDovL3hlc3QvODM5MBGGD2h0 +-dHA6Ly94ZXN0Lzg0MDARhg9odHRwOi8veGVzdC84NDEwEYYPaHR0cDovL3hlc3Qv +-ODQyMBGGD2h0dHA6Ly94ZXN0Lzg0MzARhg9odHRwOi8veGVzdC84NDQwEYYPaHR0 +-cDovL3hlc3QvODQ1MBGGD2h0dHA6Ly94ZXN0Lzg0NjARhg9odHRwOi8veGVzdC84 +-NDcwEYYPaHR0cDovL3hlc3QvODQ4MBGGD2h0dHA6Ly94ZXN0Lzg0OTARhg9odHRw +-Oi8veGVzdC84NTAwEYYPaHR0cDovL3hlc3QvODUxMBGGD2h0dHA6Ly94ZXN0Lzg1 +-MjARhg9odHRwOi8veGVzdC84NTMwEYYPaHR0cDovL3hlc3QvODU0MBGGD2h0dHA6 +-Ly94ZXN0Lzg1NTARhg9odHRwOi8veGVzdC84NTYwEYYPaHR0cDovL3hlc3QvODU3 +-MBGGD2h0dHA6Ly94ZXN0Lzg1ODARhg9odHRwOi8veGVzdC84NTkwEYYPaHR0cDov +-L3hlc3QvODYwMBGGD2h0dHA6Ly94ZXN0Lzg2MTARhg9odHRwOi8veGVzdC84NjIw +-EYYPaHR0cDovL3hlc3QvODYzMBGGD2h0dHA6Ly94ZXN0Lzg2NDARhg9odHRwOi8v +-eGVzdC84NjUwEYYPaHR0cDovL3hlc3QvODY2MBGGD2h0dHA6Ly94ZXN0Lzg2NzAR +-hg9odHRwOi8veGVzdC84NjgwEYYPaHR0cDovL3hlc3QvODY5MBGGD2h0dHA6Ly94 +-ZXN0Lzg3MDARhg9odHRwOi8veGVzdC84NzEwEYYPaHR0cDovL3hlc3QvODcyMBGG +-D2h0dHA6Ly94ZXN0Lzg3MzARhg9odHRwOi8veGVzdC84NzQwEYYPaHR0cDovL3hl +-c3QvODc1MBGGD2h0dHA6Ly94ZXN0Lzg3NjARhg9odHRwOi8veGVzdC84NzcwEYYP +-aHR0cDovL3hlc3QvODc4MBGGD2h0dHA6Ly94ZXN0Lzg3OTARhg9odHRwOi8veGVz +-dC84ODAwEYYPaHR0cDovL3hlc3QvODgxMBGGD2h0dHA6Ly94ZXN0Lzg4MjARhg9o +-dHRwOi8veGVzdC84ODMwEYYPaHR0cDovL3hlc3QvODg0MBGGD2h0dHA6Ly94ZXN0 +-Lzg4NTARhg9odHRwOi8veGVzdC84ODYwEYYPaHR0cDovL3hlc3QvODg3MBGGD2h0 +-dHA6Ly94ZXN0Lzg4ODARhg9odHRwOi8veGVzdC84ODkwEYYPaHR0cDovL3hlc3Qv +-ODkwMBGGD2h0dHA6Ly94ZXN0Lzg5MTARhg9odHRwOi8veGVzdC84OTIwEYYPaHR0 +-cDovL3hlc3QvODkzMBGGD2h0dHA6Ly94ZXN0Lzg5NDARhg9odHRwOi8veGVzdC84 +-OTUwEYYPaHR0cDovL3hlc3QvODk2MBGGD2h0dHA6Ly94ZXN0Lzg5NzARhg9odHRw +-Oi8veGVzdC84OTgwEYYPaHR0cDovL3hlc3QvODk5MBGGD2h0dHA6Ly94ZXN0Lzkw +-MDARhg9odHRwOi8veGVzdC85MDEwEYYPaHR0cDovL3hlc3QvOTAyMBGGD2h0dHA6 +-Ly94ZXN0LzkwMzARhg9odHRwOi8veGVzdC85MDQwEYYPaHR0cDovL3hlc3QvOTA1 +-MBGGD2h0dHA6Ly94ZXN0LzkwNjARhg9odHRwOi8veGVzdC85MDcwEYYPaHR0cDov +-L3hlc3QvOTA4MBGGD2h0dHA6Ly94ZXN0LzkwOTARhg9odHRwOi8veGVzdC85MTAw +-EYYPaHR0cDovL3hlc3QvOTExMBGGD2h0dHA6Ly94ZXN0LzkxMjARhg9odHRwOi8v +-eGVzdC85MTMwEYYPaHR0cDovL3hlc3QvOTE0MBGGD2h0dHA6Ly94ZXN0LzkxNTAR +-hg9odHRwOi8veGVzdC85MTYwEYYPaHR0cDovL3hlc3QvOTE3MBGGD2h0dHA6Ly94 +-ZXN0LzkxODARhg9odHRwOi8veGVzdC85MTkwEYYPaHR0cDovL3hlc3QvOTIwMBGG +-D2h0dHA6Ly94ZXN0LzkyMTARhg9odHRwOi8veGVzdC85MjIwEYYPaHR0cDovL3hl +-c3QvOTIzMBGGD2h0dHA6Ly94ZXN0LzkyNDARhg9odHRwOi8veGVzdC85MjUwEYYP +-aHR0cDovL3hlc3QvOTI2MBGGD2h0dHA6Ly94ZXN0LzkyNzARhg9odHRwOi8veGVz +-dC85MjgwEYYPaHR0cDovL3hlc3QvOTI5MBGGD2h0dHA6Ly94ZXN0LzkzMDARhg9o +-dHRwOi8veGVzdC85MzEwEYYPaHR0cDovL3hlc3QvOTMyMBGGD2h0dHA6Ly94ZXN0 +-LzkzMzARhg9odHRwOi8veGVzdC85MzQwEYYPaHR0cDovL3hlc3QvOTM1MBGGD2h0 +-dHA6Ly94ZXN0LzkzNjARhg9odHRwOi8veGVzdC85MzcwEYYPaHR0cDovL3hlc3Qv +-OTM4MBGGD2h0dHA6Ly94ZXN0LzkzOTARhg9odHRwOi8veGVzdC85NDAwEYYPaHR0 +-cDovL3hlc3QvOTQxMBGGD2h0dHA6Ly94ZXN0Lzk0MjARhg9odHRwOi8veGVzdC85 +-NDMwEYYPaHR0cDovL3hlc3QvOTQ0MBGGD2h0dHA6Ly94ZXN0Lzk0NTARhg9odHRw +-Oi8veGVzdC85NDYwEYYPaHR0cDovL3hlc3QvOTQ3MBGGD2h0dHA6Ly94ZXN0Lzk0 +-ODARhg9odHRwOi8veGVzdC85NDkwEYYPaHR0cDovL3hlc3QvOTUwMBGGD2h0dHA6 +-Ly94ZXN0Lzk1MTARhg9odHRwOi8veGVzdC85NTIwEYYPaHR0cDovL3hlc3QvOTUz +-MBGGD2h0dHA6Ly94ZXN0Lzk1NDARhg9odHRwOi8veGVzdC85NTUwEYYPaHR0cDov +-L3hlc3QvOTU2MBGGD2h0dHA6Ly94ZXN0Lzk1NzARhg9odHRwOi8veGVzdC85NTgw +-EYYPaHR0cDovL3hlc3QvOTU5MBGGD2h0dHA6Ly94ZXN0Lzk2MDARhg9odHRwOi8v +-eGVzdC85NjEwEYYPaHR0cDovL3hlc3QvOTYyMBGGD2h0dHA6Ly94ZXN0Lzk2MzAR +-hg9odHRwOi8veGVzdC85NjQwEYYPaHR0cDovL3hlc3QvOTY1MBGGD2h0dHA6Ly94 +-ZXN0Lzk2NjARhg9odHRwOi8veGVzdC85NjcwEYYPaHR0cDovL3hlc3QvOTY4MBGG +-D2h0dHA6Ly94ZXN0Lzk2OTARhg9odHRwOi8veGVzdC85NzAwEYYPaHR0cDovL3hl +-c3QvOTcxMBGGD2h0dHA6Ly94ZXN0Lzk3MjARhg9odHRwOi8veGVzdC85NzMwEYYP +-aHR0cDovL3hlc3QvOTc0MBGGD2h0dHA6Ly94ZXN0Lzk3NTARhg9odHRwOi8veGVz +-dC85NzYwEYYPaHR0cDovL3hlc3QvOTc3MBGGD2h0dHA6Ly94ZXN0Lzk3ODARhg9o +-dHRwOi8veGVzdC85NzkwEYYPaHR0cDovL3hlc3QvOTgwMBGGD2h0dHA6Ly94ZXN0 +-Lzk4MTARhg9odHRwOi8veGVzdC85ODIwEYYPaHR0cDovL3hlc3QvOTgzMBGGD2h0 +-dHA6Ly94ZXN0Lzk4NDARhg9odHRwOi8veGVzdC85ODUwEYYPaHR0cDovL3hlc3Qv +-OTg2MBGGD2h0dHA6Ly94ZXN0Lzk4NzARhg9odHRwOi8veGVzdC85ODgwEYYPaHR0 +-cDovL3hlc3QvOTg5MBGGD2h0dHA6Ly94ZXN0Lzk5MDARhg9odHRwOi8veGVzdC85 +-OTEwEYYPaHR0cDovL3hlc3QvOTkyMBGGD2h0dHA6Ly94ZXN0Lzk5MzARhg9odHRw +-Oi8veGVzdC85OTQwEYYPaHR0cDovL3hlc3QvOTk1MBGGD2h0dHA6Ly94ZXN0Lzk5 +-NjARhg9odHRwOi8veGVzdC85OTcwEYYPaHR0cDovL3hlc3QvOTk4MBGGD2h0dHA6 +-Ly94ZXN0Lzk5OTAShhBodHRwOi8veGVzdC8xMDAwMBKGEGh0dHA6Ly94ZXN0LzEw +-MDEwEoYQaHR0cDovL3hlc3QvMTAwMjAShhBodHRwOi8veGVzdC8xMDAzMBKGEGh0 +-dHA6Ly94ZXN0LzEwMDQwEoYQaHR0cDovL3hlc3QvMTAwNTAShhBodHRwOi8veGVz +-dC8xMDA2MBKGEGh0dHA6Ly94ZXN0LzEwMDcwEoYQaHR0cDovL3hlc3QvMTAwODAS +-hhBodHRwOi8veGVzdC8xMDA5MBKGEGh0dHA6Ly94ZXN0LzEwMTAwEoYQaHR0cDov +-L3hlc3QvMTAxMTAShhBodHRwOi8veGVzdC8xMDEyMBKGEGh0dHA6Ly94ZXN0LzEw +-MTMwEoYQaHR0cDovL3hlc3QvMTAxNDAShhBodHRwOi8veGVzdC8xMDE1MBKGEGh0 +-dHA6Ly94ZXN0LzEwMTYwEoYQaHR0cDovL3hlc3QvMTAxNzAShhBodHRwOi8veGVz +-dC8xMDE4MBKGEGh0dHA6Ly94ZXN0LzEwMTkwEoYQaHR0cDovL3hlc3QvMTAyMDAS +-hhBodHRwOi8veGVzdC8xMDIxMBKGEGh0dHA6Ly94ZXN0LzEwMjIwEoYQaHR0cDov +-L3hlc3QvMTAyMzAShhBodHRwOi8veGVzdC8xMDI0MA0GCSqGSIb3DQEBCwUAA4IB +-AQBr+8lS062gdeMHGF9s3XW0PaRAD5cuwgg71sfF2HzXGG57K5l0fdCx+lOxfbgO +-jxZMddd4/5DCFPohZqUnQ/aME3fiusUvKTZWSm4HUeebz3gXa2Hvh5+6g3fw8yUB +-HQzSSmWxwA4OksrZsdwlJIK4mt+NkkK2KI5dqvb/YhO/jDzGPIgkC1pWKtp0HSOz +-4AUaV4lrtjCBYyBa5FZ5fF3PnifFtbM19g5scZxYmUD5OHTfEZqkCYVmWI6rv1im +-lvznOJXxE0KlszJTqa9ThRNmktMpeyf6nzsczNQRaRFs/XdNcB1KfJ+8p8NlUs54 +-Eg9Kb0fnRM6aQn2TKWMaSWrC +------END CERTIFICATE----- +- +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: CN=Root +- Validity +- Not Before: Oct 5 12:00:00 2021 GMT +- Not After : Oct 5 12:00:00 2022 GMT +- Subject: CN=Root +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: +- b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: +- d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: +- 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: +- 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: +- 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: +- 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: +- ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: +- cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: +- 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: +- 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: +- df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: +- 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: +- 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: +- 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: +- 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: +- fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: +- e1:7b +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- X509v3 Authority Key Identifier: +- keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD +- +- Authority Information Access: +- CA Issuers - URI:http://url-for-aia/Root.cer +- +- X509v3 CRL Distribution Points: +- +- Full Name: +- URI:http://url-for-crl/Root.crl +- +- X509v3 Key Usage: critical +- Certificate Sign, CRL Sign +- X509v3 Basic Constraints: critical +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: +- 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: +- 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: +- 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: +- e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: +- 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: +- 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: +- 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: +- 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: +- 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: +- d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: +- ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: +- cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: +- 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: +- d0:93:0b:59 +------BEGIN CERTIFICATE----- +-MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +-BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +-MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +-CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +-Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +-sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +-cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +-0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +-KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +-MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +-L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +-b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +-9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +-QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +-9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +-l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +-2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +-TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +------END CERTIFICATE----- +diff --git a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.test b/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.test +deleted file mode 100644 +index b65959ca6a117..0000000000000 +--- a/net/data/verify_certificate_chain_unittest/many-names/ok-different-types-ips.test ++++ /dev/null +@@ -1,5 +0,0 @@ +-chain: ok-different-types-ips.pem +-last_cert_trust: TRUSTED_ANCHOR +-utc_time: DEFAULT +-key_purpose: SERVER_AUTH +-expected_errors: +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-all-types.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-all-types.pem +index 6e8eb13fd5247..159ea50748182 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-all-types.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-all-types.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of different types of name + constraints and names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -56,25 +56,25 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: +- DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417 ++ DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340 + Signature Algorithm: sha256WithRSAEncryption +- b2:e5:7a:fb:a0:db:99:7b:2b:60:3b:29:0a:96:9e:2a:72:5a: +- f9:59:9b:e8:af:4e:1e:10:cb:22:a6:33:db:18:62:db:c6:e7: +- ea:9b:c2:83:4e:f0:88:bf:d9:70:4e:d4:bd:21:08:99:9a:0e: +- 6b:f1:ed:fb:43:63:c4:0e:22:33:e9:67:5c:5f:d3:51:61:df: +- dd:2c:51:2f:d2:a5:3f:41:7a:fb:e3:ff:16:9c:fe:77:7c:57: +- 25:6c:02:8c:bc:e6:56:8e:e0:db:3e:2e:a2:fd:91:30:fd:7c: +- 3a:b1:03:cb:eb:c1:77:c0:b2:e0:1a:f9:ba:3d:e4:75:56:8d: +- 98:62:61:a1:cc:8d:90:56:36:44:2c:a2:92:be:48:25:c7:ef: +- 86:54:8e:d2:3e:c7:14:d6:ef:05:82:af:86:b5:bb:14:a4:80: +- 3f:04:e0:36:6e:0f:ab:0e:9c:27:bc:f4:43:a1:69:47:3a:ea: +- 7f:7b:1e:26:14:2c:0a:3a:01:3f:d8:06:f7:1a:e1:7c:6e:e8: +- 1e:1d:c0:24:61:56:10:23:6a:e3:26:54:d9:1d:48:2b:0d:39: +- 3b:76:a3:20:b9:a0:6a:c8:cf:77:57:d7:d6:32:c4:bc:d2:10: +- 28:1d:a8:df:ee:bc:a3:21:74:e9:45:5b:ec:77:0a:d5:b1:b4: +- 41:33:e3:0b ++ 90:c2:57:f6:92:e9:c7:58:4e:b5:bd:11:26:33:dd:b9:3d:c2: ++ 1e:6d:6b:21:74:04:85:22:1e:d2:1b:09:fb:99:24:d8:e6:ed: ++ 1c:55:14:34:b7:19:4e:f2:cc:37:2e:b3:d3:26:96:f2:6d:88: ++ d6:8d:b2:7b:1a:6f:eb:66:f1:d9:f3:a3:4f:b0:76:51:d2:1c: ++ e6:b0:ae:0f:28:38:bf:c6:94:d5:76:71:0f:f6:11:95:c8:07: ++ 26:be:81:aa:55:4d:17:17:36:90:bb:c2:b8:40:72:a2:cf:0f: ++ d3:55:b1:65:50:67:c8:57:4b:54:bd:5b:42:7f:d4:b4:46:0e: ++ fe:9d:f0:eb:a9:96:c2:53:ce:b5:fb:71:3c:da:51:37:94:c7: ++ 7b:1e:d6:5b:c1:1b:da:ae:09:b1:da:d0:2d:27:ae:46:c6:5e: ++ d0:72:cb:e0:29:a7:c8:40:e8:18:94:26:ad:d8:51:21:43:24: ++ f6:f9:a4:9e:f1:57:d1:4b:3e:74:71:97:8f:de:09:2d:d3:85: ++ b1:79:a8:9d:d0:6c:35:90:a8:62:2f:fb:45:ac:c5:5b:5c:cc: ++ ea:72:05:b0:2f:79:36:56:f2:75:5b:b4:30:8c:0c:9f:fc:e8: ++ da:7e:2c:dd:fc:5e:fc:23:04:c1:53:31:a7:e2:ce:18:10:28: ++ b8:d4:60:8e + -----BEGIN CERTIFICATE----- +-MII9qzCCPJOgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1TANBgkqhkiG9w0BAQsF ++MIIy0TCCMbmgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1TANBgkqhkiG9w0BAQsF + ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx + MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +@@ -82,12 +82,12 @@ P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ + B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O + Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g + QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +-4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCOvgwgjr0MB0GA1UdDgQW ++4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCMB4wgjAaMB0GA1UdDgQW + BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok + 8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt + Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 + Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgjoKBgNVHREEgjoBMII5/YIH ++BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgi8wBgNVHREEgi8nMIIvI4IH + dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu + dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl + c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +@@ -164,245 +164,188 @@ MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 + ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC + CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz + Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +-c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +-dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +-LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +-dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +-MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +-dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +-ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +-NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +-ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +-CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +-NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +-c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +-dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +-LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +-dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +-NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +-dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +-ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0hwQKAAAAhwQKAAABhwQK +-AAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQKAAAHhwQKAAAIhwQKAAAJhwQK +-AAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQKAAAPhwQKAAAQhwQKAAARhwQK +-AAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQKAAAXhwQKAAAYhwQKAAAZhwQK +-AAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQKAAAfhwQKAAAghwQKAAAhhwQK +-AAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQKAAAnhwQKAAAohwQKAAAphwQK +-AAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQKAAAvhwQKAAAwhwQKAAAxhwQK +-AAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQKAAA3hwQKAAA4hwQKAAA5hwQK +-AAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQKAAA/hwQKAABAhwQKAABBhwQK +-AABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQKAABHhwQKAABIhwQKAABJhwQK +-AABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQKAABPhwQKAABQhwQKAABRhwQK +-AABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQKAABXhwQKAABYhwQKAABZhwQK +-AABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQKAABfhwQKAABghwQKAABhhwQK +-AABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQKAABnhwQKAABohwQKAABphwQK +-AABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQKAABvhwQKAABwhwQKAABxhwQK +-AAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQKAAB3hwQKAAB4hwQKAAB5hwQK +-AAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQKAAB/hwQKAACAhwQKAACBhwQK +-AACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQKAACHhwQKAACIhwQKAACJhwQK +-AACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQKAACPhwQKAACQhwQKAACRhwQK +-AACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQKAACXhwQKAACYhwQKAACZhwQK +-AACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQKAACfhwQKAACghwQKAAChhwQK +-AACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQKAACnhwQKAACohwQKAACphwQK +-AACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQKAACvhwQKAACwhwQKAACxhwQK +-AACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQKAAC3hwQKAAC4hwQKAAC5hwQK +-AAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQKAAC/hwQKAADAhwQKAADBhwQK +-AADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQKAADHhwQKAADIhwQKAADJhwQK +-AADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQKAADPhwQKAADQhwQKAADRhwQK +-AADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQKAADXhwQKAADYhwQKAADZhwQK +-AADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQKAADfhwQKAADghwQKAADhhwQK +-AADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQKAADnhwQKAADohwQKAADphwQK +-AADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQKAADvhwQKAADwhwQKAADxhwQK +-AADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQKAAD3hwQKAAD4hwQKAAD5hwQK +-AAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQKAAD/hwQKAAEAhwQKAAEBhwQK +-AAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQKAAEHhwQKAAEIhwQKAAEJhwQK +-AAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQKAAEPhwQKAAEQhwQKAAERhwQK +-AAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQKAAEXhwQKAAEYhwQKAAEZhwQK +-AAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQKAAEfhwQKAAEghwQKAAEhhwQK +-AAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQKAAEnhwQKAAEohwQKAAEphwQK +-AAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQKAAEvhwQKAAEwhwQKAAExhwQK +-AAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQKAAE3hwQKAAE4hwQKAAE5hwQK +-AAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQKAAE/hwQKAAFAhwQKAAFBhwQK +-AAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQKAAFHhwQKAAFIhwQKAAFJhwQK +-AAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQKAAFPhwQKAAFQhwQKAAFRhwQK +-AAFShwQKAAFThwQKAAFUhwQKAAFVhwQKAAFWhwQKAAFXhwQKAAFYhwQKAAFZhwQK +-AAFahwQKAAFbhwQKAAFchwQKAAFdhwQKAAFehwQKAAFfhwQKAAFghwQKAAFhhwQK +-AAFihwQKAAFjhwQKAAFkhwQKAAFlhwQKAAFmhwQKAAFnhwQKAAFohwQKAAFphwQK +-AAFqhwQKAAFrhwQKAAFshwQKAAFthwQKAAFuhwQKAAFvhwQKAAFwhwQKAAFxhwQK +-AAFyhwQKAAFzhwQKAAF0hwQKAAF1hwQKAAF2hwQKAAF3hwQKAAF4hwQKAAF5hwQK +-AAF6hwQKAAF7hwQKAAF8hwQKAAF9hwQKAAF+hwQKAAF/hwQKAAGAhwQKAAGBhwQK +-AAGChwQKAAGDhwQKAAGEhwQKAAGFhwQKAAGGhwQKAAGHhwQKAAGIhwQKAAGJhwQK +-AAGKhwQKAAGLhwQKAAGMhwQKAAGNhwQKAAGOhwQKAAGPhwQKAAGQhwQKAAGRhwQK +-AAGShwQKAAGThwQKAAGUhwQKAAGVhwQKAAGWhwQKAAGXhwQKAAGYhwQKAAGZhwQK +-AAGahwQKAAGbhwQKAAGchwQKAAGdhwQKAAGehwQKAAGfhwQKAAGghwQKAAGhhwQK +-AAGipA8wDTELMAkGA1UEAwwCdDCkDzANMQswCQYDVQQDDAJ0MaQPMA0xCzAJBgNV +-BAMMAnQypA8wDTELMAkGA1UEAwwCdDOkDzANMQswCQYDVQQDDAJ0NKQPMA0xCzAJ +-BgNVBAMMAnQ1pA8wDTELMAkGA1UEAwwCdDakDzANMQswCQYDVQQDDAJ0N6QPMA0x +-CzAJBgNVBAMMAnQ4pA8wDTELMAkGA1UEAwwCdDmkEDAOMQwwCgYDVQQDDAN0MTCk +-EDAOMQwwCgYDVQQDDAN0MTGkEDAOMQwwCgYDVQQDDAN0MTKkEDAOMQwwCgYDVQQD +-DAN0MTOkEDAOMQwwCgYDVQQDDAN0MTSkEDAOMQwwCgYDVQQDDAN0MTWkEDAOMQww +-CgYDVQQDDAN0MTakEDAOMQwwCgYDVQQDDAN0MTekEDAOMQwwCgYDVQQDDAN0MTik +-EDAOMQwwCgYDVQQDDAN0MTmkEDAOMQwwCgYDVQQDDAN0MjCkEDAOMQwwCgYDVQQD +-DAN0MjGkEDAOMQwwCgYDVQQDDAN0MjKkEDAOMQwwCgYDVQQDDAN0MjOkEDAOMQww +-CgYDVQQDDAN0MjSkEDAOMQwwCgYDVQQDDAN0MjWkEDAOMQwwCgYDVQQDDAN0Mjak +-EDAOMQwwCgYDVQQDDAN0MjekEDAOMQwwCgYDVQQDDAN0MjikEDAOMQwwCgYDVQQD +-DAN0MjmkEDAOMQwwCgYDVQQDDAN0MzCkEDAOMQwwCgYDVQQDDAN0MzGkEDAOMQww +-CgYDVQQDDAN0MzKkEDAOMQwwCgYDVQQDDAN0MzOkEDAOMQwwCgYDVQQDDAN0MzSk +-EDAOMQwwCgYDVQQDDAN0MzWkEDAOMQwwCgYDVQQDDAN0MzakEDAOMQwwCgYDVQQD +-DAN0MzekEDAOMQwwCgYDVQQDDAN0MzikEDAOMQwwCgYDVQQDDAN0MzmkEDAOMQww +-CgYDVQQDDAN0NDCkEDAOMQwwCgYDVQQDDAN0NDGkEDAOMQwwCgYDVQQDDAN0NDKk +-EDAOMQwwCgYDVQQDDAN0NDOkEDAOMQwwCgYDVQQDDAN0NDSkEDAOMQwwCgYDVQQD +-DAN0NDWkEDAOMQwwCgYDVQQDDAN0NDakEDAOMQwwCgYDVQQDDAN0NDekEDAOMQww +-CgYDVQQDDAN0NDikEDAOMQwwCgYDVQQDDAN0NDmkEDAOMQwwCgYDVQQDDAN0NTCk +-EDAOMQwwCgYDVQQDDAN0NTGkEDAOMQwwCgYDVQQDDAN0NTKkEDAOMQwwCgYDVQQD +-DAN0NTOkEDAOMQwwCgYDVQQDDAN0NTSkEDAOMQwwCgYDVQQDDAN0NTWkEDAOMQww +-CgYDVQQDDAN0NTakEDAOMQwwCgYDVQQDDAN0NTekEDAOMQwwCgYDVQQDDAN0NTik +-EDAOMQwwCgYDVQQDDAN0NTmkEDAOMQwwCgYDVQQDDAN0NjCkEDAOMQwwCgYDVQQD +-DAN0NjGkEDAOMQwwCgYDVQQDDAN0NjKkEDAOMQwwCgYDVQQDDAN0NjOkEDAOMQww +-CgYDVQQDDAN0NjSkEDAOMQwwCgYDVQQDDAN0NjWkEDAOMQwwCgYDVQQDDAN0Njak +-EDAOMQwwCgYDVQQDDAN0NjekEDAOMQwwCgYDVQQDDAN0NjikEDAOMQwwCgYDVQQD +-DAN0NjmkEDAOMQwwCgYDVQQDDAN0NzCkEDAOMQwwCgYDVQQDDAN0NzGkEDAOMQww +-CgYDVQQDDAN0NzKkEDAOMQwwCgYDVQQDDAN0NzOkEDAOMQwwCgYDVQQDDAN0NzSk +-EDAOMQwwCgYDVQQDDAN0NzWkEDAOMQwwCgYDVQQDDAN0NzakEDAOMQwwCgYDVQQD +-DAN0NzekEDAOMQwwCgYDVQQDDAN0NzikEDAOMQwwCgYDVQQDDAN0NzmkEDAOMQww +-CgYDVQQDDAN0ODCkEDAOMQwwCgYDVQQDDAN0ODGkEDAOMQwwCgYDVQQDDAN0ODKk +-EDAOMQwwCgYDVQQDDAN0ODOkEDAOMQwwCgYDVQQDDAN0ODSkEDAOMQwwCgYDVQQD +-DAN0ODWkEDAOMQwwCgYDVQQDDAN0ODakEDAOMQwwCgYDVQQDDAN0ODekEDAOMQww +-CgYDVQQDDAN0ODikEDAOMQwwCgYDVQQDDAN0ODmkEDAOMQwwCgYDVQQDDAN0OTCk +-EDAOMQwwCgYDVQQDDAN0OTGkEDAOMQwwCgYDVQQDDAN0OTKkEDAOMQwwCgYDVQQD +-DAN0OTOkEDAOMQwwCgYDVQQDDAN0OTSkEDAOMQwwCgYDVQQDDAN0OTWkEDAOMQww +-CgYDVQQDDAN0OTakEDAOMQwwCgYDVQQDDAN0OTekEDAOMQwwCgYDVQQDDAN0OTik +-EDAOMQwwCgYDVQQDDAN0OTmkETAPMQ0wCwYDVQQDDAR0MTAwpBEwDzENMAsGA1UE +-AwwEdDEwMaQRMA8xDTALBgNVBAMMBHQxMDKkETAPMQ0wCwYDVQQDDAR0MTAzpBEw +-DzENMAsGA1UEAwwEdDEwNKQRMA8xDTALBgNVBAMMBHQxMDWkETAPMQ0wCwYDVQQD +-DAR0MTA2pBEwDzENMAsGA1UEAwwEdDEwN6QRMA8xDTALBgNVBAMMBHQxMDikETAP +-MQ0wCwYDVQQDDAR0MTA5pBEwDzENMAsGA1UEAwwEdDExMKQRMA8xDTALBgNVBAMM +-BHQxMTGkETAPMQ0wCwYDVQQDDAR0MTEypBEwDzENMAsGA1UEAwwEdDExM6QRMA8x +-DTALBgNVBAMMBHQxMTSkETAPMQ0wCwYDVQQDDAR0MTE1pBEwDzENMAsGA1UEAwwE +-dDExNqQRMA8xDTALBgNVBAMMBHQxMTekETAPMQ0wCwYDVQQDDAR0MTE4pBEwDzEN +-MAsGA1UEAwwEdDExOaQRMA8xDTALBgNVBAMMBHQxMjCkETAPMQ0wCwYDVQQDDAR0 +-MTIxpBEwDzENMAsGA1UEAwwEdDEyMqQRMA8xDTALBgNVBAMMBHQxMjOkETAPMQ0w +-CwYDVQQDDAR0MTI0pBEwDzENMAsGA1UEAwwEdDEyNaQRMA8xDTALBgNVBAMMBHQx +-MjakETAPMQ0wCwYDVQQDDAR0MTI3pBEwDzENMAsGA1UEAwwEdDEyOKQRMA8xDTAL +-BgNVBAMMBHQxMjmkETAPMQ0wCwYDVQQDDAR0MTMwpBEwDzENMAsGA1UEAwwEdDEz +-MaQRMA8xDTALBgNVBAMMBHQxMzKkETAPMQ0wCwYDVQQDDAR0MTMzpBEwDzENMAsG +-A1UEAwwEdDEzNKQRMA8xDTALBgNVBAMMBHQxMzWkETAPMQ0wCwYDVQQDDAR0MTM2 +-pBEwDzENMAsGA1UEAwwEdDEzN6QRMA8xDTALBgNVBAMMBHQxMzikETAPMQ0wCwYD +-VQQDDAR0MTM5pBEwDzENMAsGA1UEAwwEdDE0MKQRMA8xDTALBgNVBAMMBHQxNDGk +-ETAPMQ0wCwYDVQQDDAR0MTQypBEwDzENMAsGA1UEAwwEdDE0M6QRMA8xDTALBgNV +-BAMMBHQxNDSkETAPMQ0wCwYDVQQDDAR0MTQ1pBEwDzENMAsGA1UEAwwEdDE0NqQR +-MA8xDTALBgNVBAMMBHQxNDekETAPMQ0wCwYDVQQDDAR0MTQ4pBEwDzENMAsGA1UE +-AwwEdDE0OaQRMA8xDTALBgNVBAMMBHQxNTCkETAPMQ0wCwYDVQQDDAR0MTUxpBEw +-DzENMAsGA1UEAwwEdDE1MqQRMA8xDTALBgNVBAMMBHQxNTOkETAPMQ0wCwYDVQQD +-DAR0MTU0pBEwDzENMAsGA1UEAwwEdDE1NaQRMA8xDTALBgNVBAMMBHQxNTakETAP +-MQ0wCwYDVQQDDAR0MTU3pBEwDzENMAsGA1UEAwwEdDE1OKQRMA8xDTALBgNVBAMM +-BHQxNTmkETAPMQ0wCwYDVQQDDAR0MTYwpBEwDzENMAsGA1UEAwwEdDE2MaQRMA8x +-DTALBgNVBAMMBHQxNjKkETAPMQ0wCwYDVQQDDAR0MTYzpBEwDzENMAsGA1UEAwwE +-dDE2NKQRMA8xDTALBgNVBAMMBHQxNjWkETAPMQ0wCwYDVQQDDAR0MTY2pBEwDzEN +-MAsGA1UEAwwEdDE2N6QRMA8xDTALBgNVBAMMBHQxNjikETAPMQ0wCwYDVQQDDAR0 +-MTY5pBEwDzENMAsGA1UEAwwEdDE3MKQRMA8xDTALBgNVBAMMBHQxNzGkETAPMQ0w +-CwYDVQQDDAR0MTcypBEwDzENMAsGA1UEAwwEdDE3M6QRMA8xDTALBgNVBAMMBHQx +-NzSkETAPMQ0wCwYDVQQDDAR0MTc1pBEwDzENMAsGA1UEAwwEdDE3NqQRMA8xDTAL +-BgNVBAMMBHQxNzekETAPMQ0wCwYDVQQDDAR0MTc4pBEwDzENMAsGA1UEAwwEdDE3 +-OaQRMA8xDTALBgNVBAMMBHQxODCkETAPMQ0wCwYDVQQDDAR0MTgxpBEwDzENMAsG +-A1UEAwwEdDE4MqQRMA8xDTALBgNVBAMMBHQxODOkETAPMQ0wCwYDVQQDDAR0MTg0 +-pBEwDzENMAsGA1UEAwwEdDE4NaQRMA8xDTALBgNVBAMMBHQxODakETAPMQ0wCwYD +-VQQDDAR0MTg3pBEwDzENMAsGA1UEAwwEdDE4OKQRMA8xDTALBgNVBAMMBHQxODmk +-ETAPMQ0wCwYDVQQDDAR0MTkwpBEwDzENMAsGA1UEAwwEdDE5MaQRMA8xDTALBgNV +-BAMMBHQxOTKkETAPMQ0wCwYDVQQDDAR0MTkzpBEwDzENMAsGA1UEAwwEdDE5NKQR +-MA8xDTALBgNVBAMMBHQxOTWkETAPMQ0wCwYDVQQDDAR0MTk2pBEwDzENMAsGA1UE +-AwwEdDE5N6QRMA8xDTALBgNVBAMMBHQxOTikETAPMQ0wCwYDVQQDDAR0MTk5pBEw +-DzENMAsGA1UEAwwEdDIwMKQRMA8xDTALBgNVBAMMBHQyMDGkETAPMQ0wCwYDVQQD +-DAR0MjAypBEwDzENMAsGA1UEAwwEdDIwM6QRMA8xDTALBgNVBAMMBHQyMDSkETAP +-MQ0wCwYDVQQDDAR0MjA1pBEwDzENMAsGA1UEAwwEdDIwNqQRMA8xDTALBgNVBAMM +-BHQyMDekETAPMQ0wCwYDVQQDDAR0MjA4pBEwDzENMAsGA1UEAwwEdDIwOaQRMA8x +-DTALBgNVBAMMBHQyMTCkETAPMQ0wCwYDVQQDDAR0MjExpBEwDzENMAsGA1UEAwwE +-dDIxMqQRMA8xDTALBgNVBAMMBHQyMTOkETAPMQ0wCwYDVQQDDAR0MjE0pBEwDzEN +-MAsGA1UEAwwEdDIxNaQRMA8xDTALBgNVBAMMBHQyMTakETAPMQ0wCwYDVQQDDAR0 +-MjE3pBEwDzENMAsGA1UEAwwEdDIxOKQRMA8xDTALBgNVBAMMBHQyMTmkETAPMQ0w +-CwYDVQQDDAR0MjIwpBEwDzENMAsGA1UEAwwEdDIyMaQRMA8xDTALBgNVBAMMBHQy +-MjKkETAPMQ0wCwYDVQQDDAR0MjIzpBEwDzENMAsGA1UEAwwEdDIyNKQRMA8xDTAL +-BgNVBAMMBHQyMjWkETAPMQ0wCwYDVQQDDAR0MjI2pBEwDzENMAsGA1UEAwwEdDIy +-N6QRMA8xDTALBgNVBAMMBHQyMjikETAPMQ0wCwYDVQQDDAR0MjI5pBEwDzENMAsG +-A1UEAwwEdDIzMKQRMA8xDTALBgNVBAMMBHQyMzGkETAPMQ0wCwYDVQQDDAR0MjMy +-pBEwDzENMAsGA1UEAwwEdDIzM6QRMA8xDTALBgNVBAMMBHQyMzSkETAPMQ0wCwYD +-VQQDDAR0MjM1pBEwDzENMAsGA1UEAwwEdDIzNqQRMA8xDTALBgNVBAMMBHQyMzek +-ETAPMQ0wCwYDVQQDDAR0MjM4pBEwDzENMAsGA1UEAwwEdDIzOaQRMA8xDTALBgNV +-BAMMBHQyNDCkETAPMQ0wCwYDVQQDDAR0MjQxpBEwDzENMAsGA1UEAwwEdDI0MqQR +-MA8xDTALBgNVBAMMBHQyNDOkETAPMQ0wCwYDVQQDDAR0MjQ0pBEwDzENMAsGA1UE +-AwwEdDI0NaQRMA8xDTALBgNVBAMMBHQyNDakETAPMQ0wCwYDVQQDDAR0MjQ3pBEw +-DzENMAsGA1UEAwwEdDI0OKQRMA8xDTALBgNVBAMMBHQyNDmkETAPMQ0wCwYDVQQD +-DAR0MjUwpBEwDzENMAsGA1UEAwwEdDI1MaQRMA8xDTALBgNVBAMMBHQyNTKkETAP +-MQ0wCwYDVQQDDAR0MjUzpBEwDzENMAsGA1UEAwwEdDI1NKQRMA8xDTALBgNVBAMM +-BHQyNTWkETAPMQ0wCwYDVQQDDAR0MjU2pBEwDzENMAsGA1UEAwwEdDI1N6QRMA8x +-DTALBgNVBAMMBHQyNTikETAPMQ0wCwYDVQQDDAR0MjU5pBEwDzENMAsGA1UEAwwE +-dDI2MKQRMA8xDTALBgNVBAMMBHQyNjGkETAPMQ0wCwYDVQQDDAR0MjYypBEwDzEN +-MAsGA1UEAwwEdDI2M6QRMA8xDTALBgNVBAMMBHQyNjSkETAPMQ0wCwYDVQQDDAR0 +-MjY1pBEwDzENMAsGA1UEAwwEdDI2NqQRMA8xDTALBgNVBAMMBHQyNjekETAPMQ0w +-CwYDVQQDDAR0MjY4pBEwDzENMAsGA1UEAwwEdDI2OaQRMA8xDTALBgNVBAMMBHQy +-NzCkETAPMQ0wCwYDVQQDDAR0MjcxpBEwDzENMAsGA1UEAwwEdDI3MqQRMA8xDTAL +-BgNVBAMMBHQyNzOkETAPMQ0wCwYDVQQDDAR0Mjc0pBEwDzENMAsGA1UEAwwEdDI3 +-NaQRMA8xDTALBgNVBAMMBHQyNzakETAPMQ0wCwYDVQQDDAR0Mjc3pBEwDzENMAsG +-A1UEAwwEdDI3OKQRMA8xDTALBgNVBAMMBHQyNzmkETAPMQ0wCwYDVQQDDAR0Mjgw +-pBEwDzENMAsGA1UEAwwEdDI4MaQRMA8xDTALBgNVBAMMBHQyODKkETAPMQ0wCwYD +-VQQDDAR0MjgzpBEwDzENMAsGA1UEAwwEdDI4NKQRMA8xDTALBgNVBAMMBHQyODWk +-ETAPMQ0wCwYDVQQDDAR0Mjg2pBEwDzENMAsGA1UEAwwEdDI4N6QRMA8xDTALBgNV +-BAMMBHQyODikETAPMQ0wCwYDVQQDDAR0Mjg5pBEwDzENMAsGA1UEAwwEdDI5MKQR +-MA8xDTALBgNVBAMMBHQyOTGkETAPMQ0wCwYDVQQDDAR0MjkypBEwDzENMAsGA1UE +-AwwEdDI5M6QRMA8xDTALBgNVBAMMBHQyOTSkETAPMQ0wCwYDVQQDDAR0Mjk1pBEw +-DzENMAsGA1UEAwwEdDI5NqQRMA8xDTALBgNVBAMMBHQyOTekETAPMQ0wCwYDVQQD +-DAR0Mjk4pBEwDzENMAsGA1UEAwwEdDI5OaQRMA8xDTALBgNVBAMMBHQzMDCkETAP +-MQ0wCwYDVQQDDAR0MzAxpBEwDzENMAsGA1UEAwwEdDMwMqQRMA8xDTALBgNVBAMM +-BHQzMDOkETAPMQ0wCwYDVQQDDAR0MzA0pBEwDzENMAsGA1UEAwwEdDMwNaQRMA8x +-DTALBgNVBAMMBHQzMDakETAPMQ0wCwYDVQQDDAR0MzA3pBEwDzENMAsGA1UEAwwE +-dDMwOKQRMA8xDTALBgNVBAMMBHQzMDmkETAPMQ0wCwYDVQQDDAR0MzEwpBEwDzEN +-MAsGA1UEAwwEdDMxMaQRMA8xDTALBgNVBAMMBHQzMTKkETAPMQ0wCwYDVQQDDAR0 +-MzEzpBEwDzENMAsGA1UEAwwEdDMxNKQRMA8xDTALBgNVBAMMBHQzMTWkETAPMQ0w +-CwYDVQQDDAR0MzE2pBEwDzENMAsGA1UEAwwEdDMxN6QRMA8xDTALBgNVBAMMBHQz +-MTikETAPMQ0wCwYDVQQDDAR0MzE5pBEwDzENMAsGA1UEAwwEdDMyMKQRMA8xDTAL +-BgNVBAMMBHQzMjGkETAPMQ0wCwYDVQQDDAR0MzIypBEwDzENMAsGA1UEAwwEdDMy +-M6QRMA8xDTALBgNVBAMMBHQzMjSkETAPMQ0wCwYDVQQDDAR0MzI1pBEwDzENMAsG +-A1UEAwwEdDMyNqQRMA8xDTALBgNVBAMMBHQzMjekETAPMQ0wCwYDVQQDDAR0MzI4 +-pBEwDzENMAsGA1UEAwwEdDMyOaQRMA8xDTALBgNVBAMMBHQzMzCkETAPMQ0wCwYD +-VQQDDAR0MzMxpBEwDzENMAsGA1UEAwwEdDMzMqQRMA8xDTALBgNVBAMMBHQzMzOk +-ETAPMQ0wCwYDVQQDDAR0MzM0pBEwDzENMAsGA1UEAwwEdDMzNaQRMA8xDTALBgNV +-BAMMBHQzMzakETAPMQ0wCwYDVQQDDAR0MzM3pBEwDzENMAsGA1UEAwwEdDMzOKQR +-MA8xDTALBgNVBAMMBHQzMzmkETAPMQ0wCwYDVQQDDAR0MzQwpBEwDzENMAsGA1UE +-AwwEdDM0MaQRMA8xDTALBgNVBAMMBHQzNDKkETAPMQ0wCwYDVQQDDAR0MzQzpBEw +-DzENMAsGA1UEAwwEdDM0NKQRMA8xDTALBgNVBAMMBHQzNDWkETAPMQ0wCwYDVQQD +-DAR0MzQ2pBEwDzENMAsGA1UEAwwEdDM0N6QRMA8xDTALBgNVBAMMBHQzNDikETAP +-MQ0wCwYDVQQDDAR0MzQ5pBEwDzENMAsGA1UEAwwEdDM1MKQRMA8xDTALBgNVBAMM +-BHQzNTGkETAPMQ0wCwYDVQQDDAR0MzUypBEwDzENMAsGA1UEAwwEdDM1M6QRMA8x +-DTALBgNVBAMMBHQzNTSkETAPMQ0wCwYDVQQDDAR0MzU1pBEwDzENMAsGA1UEAwwE +-dDM1NqQRMA8xDTALBgNVBAMMBHQzNTekETAPMQ0wCwYDVQQDDAR0MzU4pBEwDzEN +-MAsGA1UEAwwEdDM1OaQRMA8xDTALBgNVBAMMBHQzNjCkETAPMQ0wCwYDVQQDDAR0 +-MzYxpBEwDzENMAsGA1UEAwwEdDM2MqQRMA8xDTALBgNVBAMMBHQzNjOkETAPMQ0w +-CwYDVQQDDAR0MzY0pBEwDzENMAsGA1UEAwwEdDM2NaQRMA8xDTALBgNVBAMMBHQz +-NjakETAPMQ0wCwYDVQQDDAR0MzY3pBEwDzENMAsGA1UEAwwEdDM2OKQRMA8xDTAL +-BgNVBAMMBHQzNjmkETAPMQ0wCwYDVQQDDAR0MzcwpBEwDzENMAsGA1UEAwwEdDM3 +-MaQRMA8xDTALBgNVBAMMBHQzNzKkETAPMQ0wCwYDVQQDDAR0MzczpBEwDzENMAsG +-A1UEAwwEdDM3NKQRMA8xDTALBgNVBAMMBHQzNzWkETAPMQ0wCwYDVQQDDAR0Mzc2 +-pBEwDzENMAsGA1UEAwwEdDM3N6QRMA8xDTALBgNVBAMMBHQzNzikETAPMQ0wCwYD +-VQQDDAR0Mzc5pBEwDzENMAsGA1UEAwwEdDM4MKQRMA8xDTALBgNVBAMMBHQzODGk +-ETAPMQ0wCwYDVQQDDAR0MzgypBEwDzENMAsGA1UEAwwEdDM4M6QRMA8xDTALBgNV +-BAMMBHQzODSkETAPMQ0wCwYDVQQDDAR0Mzg1pBEwDzENMAsGA1UEAwwEdDM4NqQR +-MA8xDTALBgNVBAMMBHQzODekETAPMQ0wCwYDVQQDDAR0Mzg4pBEwDzENMAsGA1UE +-AwwEdDM4OaQRMA8xDTALBgNVBAMMBHQzOTCkETAPMQ0wCwYDVQQDDAR0MzkxpBEw +-DzENMAsGA1UEAwwEdDM5MqQRMA8xDTALBgNVBAMMBHQzOTOkETAPMQ0wCwYDVQQD +-DAR0Mzk0pBEwDzENMAsGA1UEAwwEdDM5NaQRMA8xDTALBgNVBAMMBHQzOTakETAP +-MQ0wCwYDVQQDDAR0Mzk3pBEwDzENMAsGA1UEAwwEdDM5OKQRMA8xDTALBgNVBAMM +-BHQzOTmkETAPMQ0wCwYDVQQDDAR0NDAwpBEwDzENMAsGA1UEAwwEdDQwMaQRMA8x +-DTALBgNVBAMMBHQ0MDKkETAPMQ0wCwYDVQQDDAR0NDAzpBEwDzENMAsGA1UEAwwE +-dDQwNKQRMA8xDTALBgNVBAMMBHQ0MDWkETAPMQ0wCwYDVQQDDAR0NDA2pBEwDzEN +-MAsGA1UEAwwEdDQwN6QRMA8xDTALBgNVBAMMBHQ0MDikETAPMQ0wCwYDVQQDDAR0 +-NDA5pBEwDzENMAsGA1UEAwwEdDQxMKQRMA8xDTALBgNVBAMMBHQ0MTGkETAPMQ0w +-CwYDVQQDDAR0NDEypBEwDzENMAsGA1UEAwwEdDQxM6QRMA8xDTALBgNVBAMMBHQ0 +-MTSkETAPMQ0wCwYDVQQDDAR0NDE1pBEwDzENMAsGA1UEAwwEdDQxNqQRMA8xDTAL +-BgNVBAMMBHQ0MTcwDQYJKoZIhvcNAQELBQADggEBALLlevug25l7K2A7KQqWnipy +-WvlZm+ivTh4QyyKmM9sYYtvG5+qbwoNO8Ii/2XBO1L0hCJmaDmvx7ftDY8QOIjPp +-Z1xf01Fh390sUS/SpT9Bevvj/xac/nd8VyVsAoy85laO4Ns+LqL9kTD9fDqxA8vr +-wXfAsuAa+bo95HVWjZhiYaHMjZBWNkQsopK+SCXH74ZUjtI+xxTW7wWCr4a1uxSk +-gD8E4DZuD6sOnCe89EOhaUc66n97HiYULAo6AT/YBvca4Xxu6B4dwCRhVhAjauMm +-VNkdSCsNOTt2oyC5oGrIz3dX19YyxLzSECgdqN/uvKMhdOlFW+x3CtWxtEEz4ws= ++c3SHBAoAAACHBAoAAAGHBAoAAAKHBAoAAAOHBAoAAASHBAoAAAWHBAoAAAaHBAoA ++AAeHBAoAAAiHBAoAAAmHBAoAAAqHBAoAAAuHBAoAAAyHBAoAAA2HBAoAAA6HBAoA ++AA+HBAoAABCHBAoAABGHBAoAABKHBAoAABOHBAoAABSHBAoAABWHBAoAABaHBAoA ++ABeHBAoAABiHBAoAABmHBAoAABqHBAoAABuHBAoAAByHBAoAAB2HBAoAAB6HBAoA ++AB+HBAoAACCHBAoAACGHBAoAACKHBAoAACOHBAoAACSHBAoAACWHBAoAACaHBAoA ++ACeHBAoAACiHBAoAACmHBAoAACqHBAoAACuHBAoAACyHBAoAAC2HBAoAAC6HBAoA ++AC+HBAoAADCHBAoAADGHBAoAADKHBAoAADOHBAoAADSHBAoAADWHBAoAADaHBAoA ++ADeHBAoAADiHBAoAADmHBAoAADqHBAoAADuHBAoAADyHBAoAAD2HBAoAAD6HBAoA ++AD+HBAoAAECHBAoAAEGHBAoAAEKHBAoAAEOHBAoAAESHBAoAAEWHBAoAAEaHBAoA ++AEeHBAoAAEiHBAoAAEmHBAoAAEqHBAoAAEuHBAoAAEyHBAoAAE2HBAoAAE6HBAoA ++AE+HBAoAAFCHBAoAAFGHBAoAAFKHBAoAAFOHBAoAAFSHBAoAAFWHBAoAAFaHBAoA ++AFeHBAoAAFiHBAoAAFmHBAoAAFqHBAoAAFuHBAoAAFyHBAoAAF2HBAoAAF6HBAoA ++AF+HBAoAAGCHBAoAAGGHBAoAAGKHBAoAAGOHBAoAAGSHBAoAAGWHBAoAAGaHBAoA ++AGeHBAoAAGiHBAoAAGmHBAoAAGqHBAoAAGuHBAoAAGyHBAoAAG2HBAoAAG6HBAoA ++AG+HBAoAAHCHBAoAAHGHBAoAAHKHBAoAAHOHBAoAAHSHBAoAAHWHBAoAAHaHBAoA ++AHeHBAoAAHiHBAoAAHmHBAoAAHqHBAoAAHuHBAoAAHyHBAoAAH2HBAoAAH6HBAoA ++AH+HBAoAAICHBAoAAIGHBAoAAIKHBAoAAIOHBAoAAISHBAoAAIWHBAoAAIaHBAoA ++AIeHBAoAAIiHBAoAAImHBAoAAIqHBAoAAIuHBAoAAIyHBAoAAI2HBAoAAI6HBAoA ++AI+HBAoAAJCHBAoAAJGHBAoAAJKHBAoAAJOHBAoAAJSHBAoAAJWHBAoAAJaHBAoA ++AJeHBAoAAJiHBAoAAJmHBAoAAJqHBAoAAJuHBAoAAJyHBAoAAJ2HBAoAAJ6HBAoA ++AJ+HBAoAAKCHBAoAAKGHBAoAAKKHBAoAAKOHBAoAAKSHBAoAAKWHBAoAAKaHBAoA ++AKeHBAoAAKiHBAoAAKmHBAoAAKqHBAoAAKuHBAoAAKyHBAoAAK2HBAoAAK6HBAoA ++AK+HBAoAALCHBAoAALGHBAoAALKHBAoAALOHBAoAALSHBAoAALWHBAoAALaHBAoA ++ALeHBAoAALiHBAoAALmHBAoAALqHBAoAALuHBAoAALyHBAoAAL2HBAoAAL6HBAoA ++AL+HBAoAAMCHBAoAAMGHBAoAAMKHBAoAAMOHBAoAAMSHBAoAAMWHBAoAAMaHBAoA ++AMeHBAoAAMiHBAoAAMmHBAoAAMqHBAoAAMuHBAoAAMyHBAoAAM2HBAoAAM6HBAoA ++AM+HBAoAANCHBAoAANGHBAoAANKHBAoAANOHBAoAANSHBAoAANWHBAoAANaHBAoA ++ANeHBAoAANiHBAoAANmHBAoAANqHBAoAANuHBAoAANyHBAoAAN2HBAoAAN6HBAoA ++AN+HBAoAAOCHBAoAAOGHBAoAAOKHBAoAAOOHBAoAAOSHBAoAAOWHBAoAAOaHBAoA ++AOeHBAoAAOiHBAoAAOmHBAoAAOqHBAoAAOuHBAoAAOyHBAoAAO2HBAoAAO6HBAoA ++AO+HBAoAAPCHBAoAAPGHBAoAAPKHBAoAAPOHBAoAAPSHBAoAAPWHBAoAAPaHBAoA ++APeHBAoAAPiHBAoAAPmHBAoAAPqHBAoAAPuHBAoAAPyHBAoAAP2HBAoAAP6HBAoA ++AP+HBAoAAQCHBAoAAQGHBAoAAQKHBAoAAQOHBAoAAQSHBAoAAQWHBAoAAQaHBAoA ++AQeHBAoAAQiHBAoAAQmHBAoAAQqHBAoAAQuHBAoAAQyHBAoAAQ2HBAoAAQ6HBAoA ++AQ+HBAoAARCHBAoAARGHBAoAARKHBAoAAROHBAoAARSHBAoAARWHBAoAARaHBAoA ++AReHBAoAARiHBAoAARmHBAoAARqHBAoAARuHBAoAARyHBAoAAR2HBAoAAR6HBAoA ++AR+HBAoAASCHBAoAASGHBAoAASKHBAoAASOHBAoAASSHBAoAASWHBAoAASaHBAoA ++ASeHBAoAASiHBAoAASmHBAoAASqHBAoAASuHBAoAASyHBAoAAS2HBAoAAS6HBAoA ++AS+HBAoAATCHBAoAATGHBAoAATKHBAoAATOHBAoAATSHBAoAATWHBAoAATaHBAoA ++ATeHBAoAATiHBAoAATmHBAoAATqHBAoAATuHBAoAATyHBAoAAT2HBAoAAT6HBAoA ++AT+HBAoAAUCHBAoAAUGHBAoAAUKHBAoAAUOHBAoAAUSHBAoAAUWHBAoAAUaHBAoA ++AUeHBAoAAUiHBAoAAUmHBAoAAUqHBAoAAUuHBAoAAUyHBAoAAU2HBAoAAU6HBAoA ++AU+HBAoAAVCHBAoAAVGHBAoAAVKHBAoAAVOHBAoAAVSkDzANMQswCQYDVQQDDAJ0 ++MKQPMA0xCzAJBgNVBAMMAnQxpA8wDTELMAkGA1UEAwwCdDKkDzANMQswCQYDVQQD ++DAJ0M6QPMA0xCzAJBgNVBAMMAnQ0pA8wDTELMAkGA1UEAwwCdDWkDzANMQswCQYD ++VQQDDAJ0NqQPMA0xCzAJBgNVBAMMAnQ3pA8wDTELMAkGA1UEAwwCdDikDzANMQsw ++CQYDVQQDDAJ0OaQQMA4xDDAKBgNVBAMMA3QxMKQQMA4xDDAKBgNVBAMMA3QxMaQQ ++MA4xDDAKBgNVBAMMA3QxMqQQMA4xDDAKBgNVBAMMA3QxM6QQMA4xDDAKBgNVBAMM ++A3QxNKQQMA4xDDAKBgNVBAMMA3QxNaQQMA4xDDAKBgNVBAMMA3QxNqQQMA4xDDAK ++BgNVBAMMA3QxN6QQMA4xDDAKBgNVBAMMA3QxOKQQMA4xDDAKBgNVBAMMA3QxOaQQ ++MA4xDDAKBgNVBAMMA3QyMKQQMA4xDDAKBgNVBAMMA3QyMaQQMA4xDDAKBgNVBAMM ++A3QyMqQQMA4xDDAKBgNVBAMMA3QyM6QQMA4xDDAKBgNVBAMMA3QyNKQQMA4xDDAK ++BgNVBAMMA3QyNaQQMA4xDDAKBgNVBAMMA3QyNqQQMA4xDDAKBgNVBAMMA3QyN6QQ ++MA4xDDAKBgNVBAMMA3QyOKQQMA4xDDAKBgNVBAMMA3QyOaQQMA4xDDAKBgNVBAMM ++A3QzMKQQMA4xDDAKBgNVBAMMA3QzMaQQMA4xDDAKBgNVBAMMA3QzMqQQMA4xDDAK ++BgNVBAMMA3QzM6QQMA4xDDAKBgNVBAMMA3QzNKQQMA4xDDAKBgNVBAMMA3QzNaQQ ++MA4xDDAKBgNVBAMMA3QzNqQQMA4xDDAKBgNVBAMMA3QzN6QQMA4xDDAKBgNVBAMM ++A3QzOKQQMA4xDDAKBgNVBAMMA3QzOaQQMA4xDDAKBgNVBAMMA3Q0MKQQMA4xDDAK ++BgNVBAMMA3Q0MaQQMA4xDDAKBgNVBAMMA3Q0MqQQMA4xDDAKBgNVBAMMA3Q0M6QQ ++MA4xDDAKBgNVBAMMA3Q0NKQQMA4xDDAKBgNVBAMMA3Q0NaQQMA4xDDAKBgNVBAMM ++A3Q0NqQQMA4xDDAKBgNVBAMMA3Q0N6QQMA4xDDAKBgNVBAMMA3Q0OKQQMA4xDDAK ++BgNVBAMMA3Q0OaQQMA4xDDAKBgNVBAMMA3Q1MKQQMA4xDDAKBgNVBAMMA3Q1MaQQ ++MA4xDDAKBgNVBAMMA3Q1MqQQMA4xDDAKBgNVBAMMA3Q1M6QQMA4xDDAKBgNVBAMM ++A3Q1NKQQMA4xDDAKBgNVBAMMA3Q1NaQQMA4xDDAKBgNVBAMMA3Q1NqQQMA4xDDAK ++BgNVBAMMA3Q1N6QQMA4xDDAKBgNVBAMMA3Q1OKQQMA4xDDAKBgNVBAMMA3Q1OaQQ ++MA4xDDAKBgNVBAMMA3Q2MKQQMA4xDDAKBgNVBAMMA3Q2MaQQMA4xDDAKBgNVBAMM ++A3Q2MqQQMA4xDDAKBgNVBAMMA3Q2M6QQMA4xDDAKBgNVBAMMA3Q2NKQQMA4xDDAK ++BgNVBAMMA3Q2NaQQMA4xDDAKBgNVBAMMA3Q2NqQQMA4xDDAKBgNVBAMMA3Q2N6QQ ++MA4xDDAKBgNVBAMMA3Q2OKQQMA4xDDAKBgNVBAMMA3Q2OaQQMA4xDDAKBgNVBAMM ++A3Q3MKQQMA4xDDAKBgNVBAMMA3Q3MaQQMA4xDDAKBgNVBAMMA3Q3MqQQMA4xDDAK ++BgNVBAMMA3Q3M6QQMA4xDDAKBgNVBAMMA3Q3NKQQMA4xDDAKBgNVBAMMA3Q3NaQQ ++MA4xDDAKBgNVBAMMA3Q3NqQQMA4xDDAKBgNVBAMMA3Q3N6QQMA4xDDAKBgNVBAMM ++A3Q3OKQQMA4xDDAKBgNVBAMMA3Q3OaQQMA4xDDAKBgNVBAMMA3Q4MKQQMA4xDDAK ++BgNVBAMMA3Q4MaQQMA4xDDAKBgNVBAMMA3Q4MqQQMA4xDDAKBgNVBAMMA3Q4M6QQ ++MA4xDDAKBgNVBAMMA3Q4NKQQMA4xDDAKBgNVBAMMA3Q4NaQQMA4xDDAKBgNVBAMM ++A3Q4NqQQMA4xDDAKBgNVBAMMA3Q4N6QQMA4xDDAKBgNVBAMMA3Q4OKQQMA4xDDAK ++BgNVBAMMA3Q4OaQQMA4xDDAKBgNVBAMMA3Q5MKQQMA4xDDAKBgNVBAMMA3Q5MaQQ ++MA4xDDAKBgNVBAMMA3Q5MqQQMA4xDDAKBgNVBAMMA3Q5M6QQMA4xDDAKBgNVBAMM ++A3Q5NKQQMA4xDDAKBgNVBAMMA3Q5NaQQMA4xDDAKBgNVBAMMA3Q5NqQQMA4xDDAK ++BgNVBAMMA3Q5N6QQMA4xDDAKBgNVBAMMA3Q5OKQQMA4xDDAKBgNVBAMMA3Q5OaQR ++MA8xDTALBgNVBAMMBHQxMDCkETAPMQ0wCwYDVQQDDAR0MTAxpBEwDzENMAsGA1UE ++AwwEdDEwMqQRMA8xDTALBgNVBAMMBHQxMDOkETAPMQ0wCwYDVQQDDAR0MTA0pBEw ++DzENMAsGA1UEAwwEdDEwNaQRMA8xDTALBgNVBAMMBHQxMDakETAPMQ0wCwYDVQQD ++DAR0MTA3pBEwDzENMAsGA1UEAwwEdDEwOKQRMA8xDTALBgNVBAMMBHQxMDmkETAP ++MQ0wCwYDVQQDDAR0MTEwpBEwDzENMAsGA1UEAwwEdDExMaQRMA8xDTALBgNVBAMM ++BHQxMTKkETAPMQ0wCwYDVQQDDAR0MTEzpBEwDzENMAsGA1UEAwwEdDExNKQRMA8x ++DTALBgNVBAMMBHQxMTWkETAPMQ0wCwYDVQQDDAR0MTE2pBEwDzENMAsGA1UEAwwE ++dDExN6QRMA8xDTALBgNVBAMMBHQxMTikETAPMQ0wCwYDVQQDDAR0MTE5pBEwDzEN ++MAsGA1UEAwwEdDEyMKQRMA8xDTALBgNVBAMMBHQxMjGkETAPMQ0wCwYDVQQDDAR0 ++MTIypBEwDzENMAsGA1UEAwwEdDEyM6QRMA8xDTALBgNVBAMMBHQxMjSkETAPMQ0w ++CwYDVQQDDAR0MTI1pBEwDzENMAsGA1UEAwwEdDEyNqQRMA8xDTALBgNVBAMMBHQx ++MjekETAPMQ0wCwYDVQQDDAR0MTI4pBEwDzENMAsGA1UEAwwEdDEyOaQRMA8xDTAL ++BgNVBAMMBHQxMzCkETAPMQ0wCwYDVQQDDAR0MTMxpBEwDzENMAsGA1UEAwwEdDEz ++MqQRMA8xDTALBgNVBAMMBHQxMzOkETAPMQ0wCwYDVQQDDAR0MTM0pBEwDzENMAsG ++A1UEAwwEdDEzNaQRMA8xDTALBgNVBAMMBHQxMzakETAPMQ0wCwYDVQQDDAR0MTM3 ++pBEwDzENMAsGA1UEAwwEdDEzOKQRMA8xDTALBgNVBAMMBHQxMzmkETAPMQ0wCwYD ++VQQDDAR0MTQwpBEwDzENMAsGA1UEAwwEdDE0MaQRMA8xDTALBgNVBAMMBHQxNDKk ++ETAPMQ0wCwYDVQQDDAR0MTQzpBEwDzENMAsGA1UEAwwEdDE0NKQRMA8xDTALBgNV ++BAMMBHQxNDWkETAPMQ0wCwYDVQQDDAR0MTQ2pBEwDzENMAsGA1UEAwwEdDE0N6QR ++MA8xDTALBgNVBAMMBHQxNDikETAPMQ0wCwYDVQQDDAR0MTQ5pBEwDzENMAsGA1UE ++AwwEdDE1MKQRMA8xDTALBgNVBAMMBHQxNTGkETAPMQ0wCwYDVQQDDAR0MTUypBEw ++DzENMAsGA1UEAwwEdDE1M6QRMA8xDTALBgNVBAMMBHQxNTSkETAPMQ0wCwYDVQQD ++DAR0MTU1pBEwDzENMAsGA1UEAwwEdDE1NqQRMA8xDTALBgNVBAMMBHQxNTekETAP ++MQ0wCwYDVQQDDAR0MTU4pBEwDzENMAsGA1UEAwwEdDE1OaQRMA8xDTALBgNVBAMM ++BHQxNjCkETAPMQ0wCwYDVQQDDAR0MTYxpBEwDzENMAsGA1UEAwwEdDE2MqQRMA8x ++DTALBgNVBAMMBHQxNjOkETAPMQ0wCwYDVQQDDAR0MTY0pBEwDzENMAsGA1UEAwwE ++dDE2NaQRMA8xDTALBgNVBAMMBHQxNjakETAPMQ0wCwYDVQQDDAR0MTY3pBEwDzEN ++MAsGA1UEAwwEdDE2OKQRMA8xDTALBgNVBAMMBHQxNjmkETAPMQ0wCwYDVQQDDAR0 ++MTcwpBEwDzENMAsGA1UEAwwEdDE3MaQRMA8xDTALBgNVBAMMBHQxNzKkETAPMQ0w ++CwYDVQQDDAR0MTczpBEwDzENMAsGA1UEAwwEdDE3NKQRMA8xDTALBgNVBAMMBHQx ++NzWkETAPMQ0wCwYDVQQDDAR0MTc2pBEwDzENMAsGA1UEAwwEdDE3N6QRMA8xDTAL ++BgNVBAMMBHQxNzikETAPMQ0wCwYDVQQDDAR0MTc5pBEwDzENMAsGA1UEAwwEdDE4 ++MKQRMA8xDTALBgNVBAMMBHQxODGkETAPMQ0wCwYDVQQDDAR0MTgypBEwDzENMAsG ++A1UEAwwEdDE4M6QRMA8xDTALBgNVBAMMBHQxODSkETAPMQ0wCwYDVQQDDAR0MTg1 ++pBEwDzENMAsGA1UEAwwEdDE4NqQRMA8xDTALBgNVBAMMBHQxODekETAPMQ0wCwYD ++VQQDDAR0MTg4pBEwDzENMAsGA1UEAwwEdDE4OaQRMA8xDTALBgNVBAMMBHQxOTCk ++ETAPMQ0wCwYDVQQDDAR0MTkxpBEwDzENMAsGA1UEAwwEdDE5MqQRMA8xDTALBgNV ++BAMMBHQxOTOkETAPMQ0wCwYDVQQDDAR0MTk0pBEwDzENMAsGA1UEAwwEdDE5NaQR ++MA8xDTALBgNVBAMMBHQxOTakETAPMQ0wCwYDVQQDDAR0MTk3pBEwDzENMAsGA1UE ++AwwEdDE5OKQRMA8xDTALBgNVBAMMBHQxOTmkETAPMQ0wCwYDVQQDDAR0MjAwpBEw ++DzENMAsGA1UEAwwEdDIwMaQRMA8xDTALBgNVBAMMBHQyMDKkETAPMQ0wCwYDVQQD ++DAR0MjAzpBEwDzENMAsGA1UEAwwEdDIwNKQRMA8xDTALBgNVBAMMBHQyMDWkETAP ++MQ0wCwYDVQQDDAR0MjA2pBEwDzENMAsGA1UEAwwEdDIwN6QRMA8xDTALBgNVBAMM ++BHQyMDikETAPMQ0wCwYDVQQDDAR0MjA5pBEwDzENMAsGA1UEAwwEdDIxMKQRMA8x ++DTALBgNVBAMMBHQyMTGkETAPMQ0wCwYDVQQDDAR0MjEypBEwDzENMAsGA1UEAwwE ++dDIxM6QRMA8xDTALBgNVBAMMBHQyMTSkETAPMQ0wCwYDVQQDDAR0MjE1pBEwDzEN ++MAsGA1UEAwwEdDIxNqQRMA8xDTALBgNVBAMMBHQyMTekETAPMQ0wCwYDVQQDDAR0 ++MjE4pBEwDzENMAsGA1UEAwwEdDIxOaQRMA8xDTALBgNVBAMMBHQyMjCkETAPMQ0w ++CwYDVQQDDAR0MjIxpBEwDzENMAsGA1UEAwwEdDIyMqQRMA8xDTALBgNVBAMMBHQy ++MjOkETAPMQ0wCwYDVQQDDAR0MjI0pBEwDzENMAsGA1UEAwwEdDIyNaQRMA8xDTAL ++BgNVBAMMBHQyMjakETAPMQ0wCwYDVQQDDAR0MjI3pBEwDzENMAsGA1UEAwwEdDIy ++OKQRMA8xDTALBgNVBAMMBHQyMjmkETAPMQ0wCwYDVQQDDAR0MjMwpBEwDzENMAsG ++A1UEAwwEdDIzMaQRMA8xDTALBgNVBAMMBHQyMzKkETAPMQ0wCwYDVQQDDAR0MjMz ++pBEwDzENMAsGA1UEAwwEdDIzNKQRMA8xDTALBgNVBAMMBHQyMzWkETAPMQ0wCwYD ++VQQDDAR0MjM2pBEwDzENMAsGA1UEAwwEdDIzN6QRMA8xDTALBgNVBAMMBHQyMzik ++ETAPMQ0wCwYDVQQDDAR0MjM5pBEwDzENMAsGA1UEAwwEdDI0MKQRMA8xDTALBgNV ++BAMMBHQyNDGkETAPMQ0wCwYDVQQDDAR0MjQypBEwDzENMAsGA1UEAwwEdDI0M6QR ++MA8xDTALBgNVBAMMBHQyNDSkETAPMQ0wCwYDVQQDDAR0MjQ1pBEwDzENMAsGA1UE ++AwwEdDI0NqQRMA8xDTALBgNVBAMMBHQyNDekETAPMQ0wCwYDVQQDDAR0MjQ4pBEw ++DzENMAsGA1UEAwwEdDI0OaQRMA8xDTALBgNVBAMMBHQyNTCkETAPMQ0wCwYDVQQD ++DAR0MjUxpBEwDzENMAsGA1UEAwwEdDI1MqQRMA8xDTALBgNVBAMMBHQyNTOkETAP ++MQ0wCwYDVQQDDAR0MjU0pBEwDzENMAsGA1UEAwwEdDI1NaQRMA8xDTALBgNVBAMM ++BHQyNTakETAPMQ0wCwYDVQQDDAR0MjU3pBEwDzENMAsGA1UEAwwEdDI1OKQRMA8x ++DTALBgNVBAMMBHQyNTmkETAPMQ0wCwYDVQQDDAR0MjYwpBEwDzENMAsGA1UEAwwE ++dDI2MaQRMA8xDTALBgNVBAMMBHQyNjKkETAPMQ0wCwYDVQQDDAR0MjYzpBEwDzEN ++MAsGA1UEAwwEdDI2NKQRMA8xDTALBgNVBAMMBHQyNjWkETAPMQ0wCwYDVQQDDAR0 ++MjY2pBEwDzENMAsGA1UEAwwEdDI2N6QRMA8xDTALBgNVBAMMBHQyNjikETAPMQ0w ++CwYDVQQDDAR0MjY5pBEwDzENMAsGA1UEAwwEdDI3MKQRMA8xDTALBgNVBAMMBHQy ++NzGkETAPMQ0wCwYDVQQDDAR0MjcypBEwDzENMAsGA1UEAwwEdDI3M6QRMA8xDTAL ++BgNVBAMMBHQyNzSkETAPMQ0wCwYDVQQDDAR0Mjc1pBEwDzENMAsGA1UEAwwEdDI3 ++NqQRMA8xDTALBgNVBAMMBHQyNzekETAPMQ0wCwYDVQQDDAR0Mjc4pBEwDzENMAsG ++A1UEAwwEdDI3OaQRMA8xDTALBgNVBAMMBHQyODCkETAPMQ0wCwYDVQQDDAR0Mjgx ++pBEwDzENMAsGA1UEAwwEdDI4MqQRMA8xDTALBgNVBAMMBHQyODOkETAPMQ0wCwYD ++VQQDDAR0Mjg0pBEwDzENMAsGA1UEAwwEdDI4NaQRMA8xDTALBgNVBAMMBHQyODak ++ETAPMQ0wCwYDVQQDDAR0Mjg3pBEwDzENMAsGA1UEAwwEdDI4OKQRMA8xDTALBgNV ++BAMMBHQyODmkETAPMQ0wCwYDVQQDDAR0MjkwpBEwDzENMAsGA1UEAwwEdDI5MaQR ++MA8xDTALBgNVBAMMBHQyOTKkETAPMQ0wCwYDVQQDDAR0MjkzpBEwDzENMAsGA1UE ++AwwEdDI5NKQRMA8xDTALBgNVBAMMBHQyOTWkETAPMQ0wCwYDVQQDDAR0Mjk2pBEw ++DzENMAsGA1UEAwwEdDI5N6QRMA8xDTALBgNVBAMMBHQyOTikETAPMQ0wCwYDVQQD ++DAR0Mjk5pBEwDzENMAsGA1UEAwwEdDMwMKQRMA8xDTALBgNVBAMMBHQzMDGkETAP ++MQ0wCwYDVQQDDAR0MzAypBEwDzENMAsGA1UEAwwEdDMwM6QRMA8xDTALBgNVBAMM ++BHQzMDSkETAPMQ0wCwYDVQQDDAR0MzA1pBEwDzENMAsGA1UEAwwEdDMwNqQRMA8x ++DTALBgNVBAMMBHQzMDekETAPMQ0wCwYDVQQDDAR0MzA4pBEwDzENMAsGA1UEAwwE ++dDMwOaQRMA8xDTALBgNVBAMMBHQzMTCkETAPMQ0wCwYDVQQDDAR0MzExpBEwDzEN ++MAsGA1UEAwwEdDMxMqQRMA8xDTALBgNVBAMMBHQzMTOkETAPMQ0wCwYDVQQDDAR0 ++MzE0pBEwDzENMAsGA1UEAwwEdDMxNaQRMA8xDTALBgNVBAMMBHQzMTakETAPMQ0w ++CwYDVQQDDAR0MzE3pBEwDzENMAsGA1UEAwwEdDMxOKQRMA8xDTALBgNVBAMMBHQz ++MTmkETAPMQ0wCwYDVQQDDAR0MzIwpBEwDzENMAsGA1UEAwwEdDMyMaQRMA8xDTAL ++BgNVBAMMBHQzMjKkETAPMQ0wCwYDVQQDDAR0MzIzpBEwDzENMAsGA1UEAwwEdDMy ++NKQRMA8xDTALBgNVBAMMBHQzMjWkETAPMQ0wCwYDVQQDDAR0MzI2pBEwDzENMAsG ++A1UEAwwEdDMyN6QRMA8xDTALBgNVBAMMBHQzMjikETAPMQ0wCwYDVQQDDAR0MzI5 ++pBEwDzENMAsGA1UEAwwEdDMzMKQRMA8xDTALBgNVBAMMBHQzMzGkETAPMQ0wCwYD ++VQQDDAR0MzMypBEwDzENMAsGA1UEAwwEdDMzM6QRMA8xDTALBgNVBAMMBHQzMzSk ++ETAPMQ0wCwYDVQQDDAR0MzM1pBEwDzENMAsGA1UEAwwEdDMzNqQRMA8xDTALBgNV ++BAMMBHQzMzekETAPMQ0wCwYDVQQDDAR0MzM4pBEwDzENMAsGA1UEAwwEdDMzOaQR ++MA8xDTALBgNVBAMMBHQzNDAwDQYJKoZIhvcNAQELBQADggEBAJDCV/aS6cdYTrW9 ++ESYz3bk9wh5tayF0BIUiHtIbCfuZJNjm7RxVFDS3GU7yzDcus9MmlvJtiNaNsnsa ++b+tm8dnzo0+wdlHSHOawrg8oOL/GlNV2cQ/2EZXIBya+gapVTRcXNpC7wrhAcqLP ++D9NVsWVQZ8hXS1S9W0J/1LRGDv6d8OuplsJTzrX7cTzaUTeUx3se1lvBG9quCbHa ++0C0nrkbGXtByy+App8hA6BiUJq3YUSFDJPb5pJ7xV9FLPnRxl4/eCS3ThbF5qJ3Q ++bDWQqGIv+0WsxVtczOpyBbAveTZW8nVbtDCMDJ/86Np+LN38XvwjBMFTMafizhgQ ++KLjUYI4= + -----END CERTIFICATE----- + + Certificate: +@@ -410,7 +353,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f7 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -631,253 +574,6 @@ Certificate: + DNS:t169.test + DNS:t170.test + DNS:t171.test +- DNS:t172.test +- DNS:t173.test +- DNS:t174.test +- DNS:t175.test +- DNS:t176.test +- DNS:t177.test +- DNS:t178.test +- DNS:t179.test +- DNS:t180.test +- DNS:t181.test +- DNS:t182.test +- DNS:t183.test +- DNS:t184.test +- DNS:t185.test +- DNS:t186.test +- DNS:t187.test +- DNS:t188.test +- DNS:t189.test +- DNS:t190.test +- DNS:t191.test +- DNS:t192.test +- DNS:t193.test +- DNS:t194.test +- DNS:t195.test +- DNS:t196.test +- DNS:t197.test +- DNS:t198.test +- DNS:t199.test +- DNS:t200.test +- DNS:t201.test +- DNS:t202.test +- DNS:t203.test +- DNS:t204.test +- DNS:t205.test +- DNS:t206.test +- DNS:t207.test +- DNS:t208.test +- DNS:t209.test +- DNS:t210.test +- DNS:t211.test +- DNS:t212.test +- DNS:t213.test +- DNS:t214.test +- DNS:t215.test +- DNS:t216.test +- DNS:t217.test +- DNS:t218.test +- DNS:t219.test +- DNS:t220.test +- DNS:t221.test +- DNS:t222.test +- DNS:t223.test +- DNS:t224.test +- DNS:t225.test +- DNS:t226.test +- DNS:t227.test +- DNS:t228.test +- DNS:t229.test +- DNS:t230.test +- DNS:t231.test +- DNS:t232.test +- DNS:t233.test +- DNS:t234.test +- DNS:t235.test +- DNS:t236.test +- DNS:t237.test +- DNS:t238.test +- DNS:t239.test +- DNS:t240.test +- DNS:t241.test +- DNS:t242.test +- DNS:t243.test +- DNS:t244.test +- DNS:t245.test +- DNS:t246.test +- DNS:t247.test +- DNS:t248.test +- DNS:t249.test +- DNS:t250.test +- DNS:t251.test +- DNS:t252.test +- DNS:t253.test +- DNS:t254.test +- DNS:t255.test +- DNS:t256.test +- DNS:t257.test +- DNS:t258.test +- DNS:t259.test +- DNS:t260.test +- DNS:t261.test +- DNS:t262.test +- DNS:t263.test +- DNS:t264.test +- DNS:t265.test +- DNS:t266.test +- DNS:t267.test +- DNS:t268.test +- DNS:t269.test +- DNS:t270.test +- DNS:t271.test +- DNS:t272.test +- DNS:t273.test +- DNS:t274.test +- DNS:t275.test +- DNS:t276.test +- DNS:t277.test +- DNS:t278.test +- DNS:t279.test +- DNS:t280.test +- DNS:t281.test +- DNS:t282.test +- DNS:t283.test +- DNS:t284.test +- DNS:t285.test +- DNS:t286.test +- DNS:t287.test +- DNS:t288.test +- DNS:t289.test +- DNS:t290.test +- DNS:t291.test +- DNS:t292.test +- DNS:t293.test +- DNS:t294.test +- DNS:t295.test +- DNS:t296.test +- DNS:t297.test +- DNS:t298.test +- DNS:t299.test +- DNS:t300.test +- DNS:t301.test +- DNS:t302.test +- DNS:t303.test +- DNS:t304.test +- DNS:t305.test +- DNS:t306.test +- DNS:t307.test +- DNS:t308.test +- DNS:t309.test +- DNS:t310.test +- DNS:t311.test +- DNS:t312.test +- DNS:t313.test +- DNS:t314.test +- DNS:t315.test +- DNS:t316.test +- DNS:t317.test +- DNS:t318.test +- DNS:t319.test +- DNS:t320.test +- DNS:t321.test +- DNS:t322.test +- DNS:t323.test +- DNS:t324.test +- DNS:t325.test +- DNS:t326.test +- DNS:t327.test +- DNS:t328.test +- DNS:t329.test +- DNS:t330.test +- DNS:t331.test +- DNS:t332.test +- DNS:t333.test +- DNS:t334.test +- DNS:t335.test +- DNS:t336.test +- DNS:t337.test +- DNS:t338.test +- DNS:t339.test +- DNS:t340.test +- DNS:t341.test +- DNS:t342.test +- DNS:t343.test +- DNS:t344.test +- DNS:t345.test +- DNS:t346.test +- DNS:t347.test +- DNS:t348.test +- DNS:t349.test +- DNS:t350.test +- DNS:t351.test +- DNS:t352.test +- DNS:t353.test +- DNS:t354.test +- DNS:t355.test +- DNS:t356.test +- DNS:t357.test +- DNS:t358.test +- DNS:t359.test +- DNS:t360.test +- DNS:t361.test +- DNS:t362.test +- DNS:t363.test +- DNS:t364.test +- DNS:t365.test +- DNS:t366.test +- DNS:t367.test +- DNS:t368.test +- DNS:t369.test +- DNS:t370.test +- DNS:t371.test +- DNS:t372.test +- DNS:t373.test +- DNS:t374.test +- DNS:t375.test +- DNS:t376.test +- DNS:t377.test +- DNS:t378.test +- DNS:t379.test +- DNS:t380.test +- DNS:t381.test +- DNS:t382.test +- DNS:t383.test +- DNS:t384.test +- DNS:t385.test +- DNS:t386.test +- DNS:t387.test +- DNS:t388.test +- DNS:t389.test +- DNS:t390.test +- DNS:t391.test +- DNS:t392.test +- DNS:t393.test +- DNS:t394.test +- DNS:t395.test +- DNS:t396.test +- DNS:t397.test +- DNS:t398.test +- DNS:t399.test +- DNS:t400.test +- DNS:t401.test +- DNS:t402.test +- DNS:t403.test +- DNS:t404.test +- DNS:t405.test +- DNS:t406.test +- DNS:t407.test +- DNS:t408.test +- DNS:t409.test +- DNS:t410.test +- DNS:t411.test +- DNS:t412.test +- DNS:t413.test +- DNS:t414.test +- DNS:t415.test +- DNS:t416.test +- DNS:t417.test +- DNS:t418.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 +@@ -1049,673 +745,178 @@ Certificate: + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 +- IP:10.0.0.171/255.255.255.255 +- IP:10.0.0.172/255.255.255.255 +- IP:10.0.0.173/255.255.255.255 +- IP:10.0.0.174/255.255.255.255 +- IP:10.0.0.175/255.255.255.255 +- IP:10.0.0.176/255.255.255.255 +- IP:10.0.0.177/255.255.255.255 +- IP:10.0.0.178/255.255.255.255 +- IP:10.0.0.179/255.255.255.255 +- IP:10.0.0.180/255.255.255.255 +- IP:10.0.0.181/255.255.255.255 +- IP:10.0.0.182/255.255.255.255 +- IP:10.0.0.183/255.255.255.255 +- IP:10.0.0.184/255.255.255.255 +- IP:10.0.0.185/255.255.255.255 +- IP:10.0.0.186/255.255.255.255 +- IP:10.0.0.187/255.255.255.255 +- IP:10.0.0.188/255.255.255.255 +- IP:10.0.0.189/255.255.255.255 +- IP:10.0.0.190/255.255.255.255 +- IP:10.0.0.191/255.255.255.255 +- IP:10.0.0.192/255.255.255.255 +- IP:10.0.0.193/255.255.255.255 +- IP:10.0.0.194/255.255.255.255 +- IP:10.0.0.195/255.255.255.255 +- IP:10.0.0.196/255.255.255.255 +- IP:10.0.0.197/255.255.255.255 +- IP:10.0.0.198/255.255.255.255 +- IP:10.0.0.199/255.255.255.255 +- IP:10.0.0.200/255.255.255.255 +- IP:10.0.0.201/255.255.255.255 +- IP:10.0.0.202/255.255.255.255 +- IP:10.0.0.203/255.255.255.255 +- IP:10.0.0.204/255.255.255.255 +- IP:10.0.0.205/255.255.255.255 +- IP:10.0.0.206/255.255.255.255 +- IP:10.0.0.207/255.255.255.255 +- IP:10.0.0.208/255.255.255.255 +- IP:10.0.0.209/255.255.255.255 +- IP:10.0.0.210/255.255.255.255 +- IP:10.0.0.211/255.255.255.255 +- IP:10.0.0.212/255.255.255.255 +- IP:10.0.0.213/255.255.255.255 +- IP:10.0.0.214/255.255.255.255 +- IP:10.0.0.215/255.255.255.255 +- IP:10.0.0.216/255.255.255.255 +- IP:10.0.0.217/255.255.255.255 +- IP:10.0.0.218/255.255.255.255 +- IP:10.0.0.219/255.255.255.255 +- IP:10.0.0.220/255.255.255.255 +- IP:10.0.0.221/255.255.255.255 +- IP:10.0.0.222/255.255.255.255 +- IP:10.0.0.223/255.255.255.255 +- IP:10.0.0.224/255.255.255.255 +- IP:10.0.0.225/255.255.255.255 +- IP:10.0.0.226/255.255.255.255 +- IP:10.0.0.227/255.255.255.255 +- IP:10.0.0.228/255.255.255.255 +- IP:10.0.0.229/255.255.255.255 +- IP:10.0.0.230/255.255.255.255 +- IP:10.0.0.231/255.255.255.255 +- IP:10.0.0.232/255.255.255.255 +- IP:10.0.0.233/255.255.255.255 +- IP:10.0.0.234/255.255.255.255 +- IP:10.0.0.235/255.255.255.255 +- IP:10.0.0.236/255.255.255.255 +- IP:10.0.0.237/255.255.255.255 +- IP:10.0.0.238/255.255.255.255 +- IP:10.0.0.239/255.255.255.255 +- IP:10.0.0.240/255.255.255.255 +- IP:10.0.0.241/255.255.255.255 +- IP:10.0.0.242/255.255.255.255 +- IP:10.0.0.243/255.255.255.255 +- IP:10.0.0.244/255.255.255.255 +- IP:10.0.0.245/255.255.255.255 +- IP:10.0.0.246/255.255.255.255 +- IP:10.0.0.247/255.255.255.255 +- IP:10.0.0.248/255.255.255.255 +- IP:10.0.0.249/255.255.255.255 +- IP:10.0.0.250/255.255.255.255 +- IP:10.0.0.251/255.255.255.255 +- IP:10.0.0.252/255.255.255.255 +- IP:10.0.0.253/255.255.255.255 +- IP:10.0.0.254/255.255.255.255 +- IP:10.0.0.255/255.255.255.255 +- IP:10.0.1.0/255.255.255.255 +- IP:10.0.1.1/255.255.255.255 +- IP:10.0.1.2/255.255.255.255 +- IP:10.0.1.3/255.255.255.255 +- IP:10.0.1.4/255.255.255.255 +- IP:10.0.1.5/255.255.255.255 +- IP:10.0.1.6/255.255.255.255 +- IP:10.0.1.7/255.255.255.255 +- IP:10.0.1.8/255.255.255.255 +- IP:10.0.1.9/255.255.255.255 +- IP:10.0.1.10/255.255.255.255 +- IP:10.0.1.11/255.255.255.255 +- IP:10.0.1.12/255.255.255.255 +- IP:10.0.1.13/255.255.255.255 +- IP:10.0.1.14/255.255.255.255 +- IP:10.0.1.15/255.255.255.255 +- IP:10.0.1.16/255.255.255.255 +- IP:10.0.1.17/255.255.255.255 +- IP:10.0.1.18/255.255.255.255 +- IP:10.0.1.19/255.255.255.255 +- IP:10.0.1.20/255.255.255.255 +- IP:10.0.1.21/255.255.255.255 +- IP:10.0.1.22/255.255.255.255 +- IP:10.0.1.23/255.255.255.255 +- IP:10.0.1.24/255.255.255.255 +- IP:10.0.1.25/255.255.255.255 +- IP:10.0.1.26/255.255.255.255 +- IP:10.0.1.27/255.255.255.255 +- IP:10.0.1.28/255.255.255.255 +- IP:10.0.1.29/255.255.255.255 +- IP:10.0.1.30/255.255.255.255 +- IP:10.0.1.31/255.255.255.255 +- IP:10.0.1.32/255.255.255.255 +- IP:10.0.1.33/255.255.255.255 +- IP:10.0.1.34/255.255.255.255 +- IP:10.0.1.35/255.255.255.255 +- IP:10.0.1.36/255.255.255.255 +- IP:10.0.1.37/255.255.255.255 +- IP:10.0.1.38/255.255.255.255 +- IP:10.0.1.39/255.255.255.255 +- IP:10.0.1.40/255.255.255.255 +- IP:10.0.1.41/255.255.255.255 +- IP:10.0.1.42/255.255.255.255 +- IP:10.0.1.43/255.255.255.255 +- IP:10.0.1.44/255.255.255.255 +- IP:10.0.1.45/255.255.255.255 +- IP:10.0.1.46/255.255.255.255 +- IP:10.0.1.47/255.255.255.255 +- IP:10.0.1.48/255.255.255.255 +- IP:10.0.1.49/255.255.255.255 +- IP:10.0.1.50/255.255.255.255 +- IP:10.0.1.51/255.255.255.255 +- IP:10.0.1.52/255.255.255.255 +- IP:10.0.1.53/255.255.255.255 +- IP:10.0.1.54/255.255.255.255 +- IP:10.0.1.55/255.255.255.255 +- IP:10.0.1.56/255.255.255.255 +- IP:10.0.1.57/255.255.255.255 +- IP:10.0.1.58/255.255.255.255 +- IP:10.0.1.59/255.255.255.255 +- IP:10.0.1.60/255.255.255.255 +- IP:10.0.1.61/255.255.255.255 +- IP:10.0.1.62/255.255.255.255 +- IP:10.0.1.63/255.255.255.255 +- IP:10.0.1.64/255.255.255.255 +- IP:10.0.1.65/255.255.255.255 +- IP:10.0.1.66/255.255.255.255 +- IP:10.0.1.67/255.255.255.255 +- IP:10.0.1.68/255.255.255.255 +- IP:10.0.1.69/255.255.255.255 +- IP:10.0.1.70/255.255.255.255 +- IP:10.0.1.71/255.255.255.255 +- IP:10.0.1.72/255.255.255.255 +- IP:10.0.1.73/255.255.255.255 +- IP:10.0.1.74/255.255.255.255 +- IP:10.0.1.75/255.255.255.255 +- IP:10.0.1.76/255.255.255.255 +- IP:10.0.1.77/255.255.255.255 +- IP:10.0.1.78/255.255.255.255 +- IP:10.0.1.79/255.255.255.255 +- IP:10.0.1.80/255.255.255.255 +- IP:10.0.1.81/255.255.255.255 +- IP:10.0.1.82/255.255.255.255 +- IP:10.0.1.83/255.255.255.255 +- IP:10.0.1.84/255.255.255.255 +- IP:10.0.1.85/255.255.255.255 +- IP:10.0.1.86/255.255.255.255 +- IP:10.0.1.87/255.255.255.255 +- IP:10.0.1.88/255.255.255.255 +- IP:10.0.1.89/255.255.255.255 +- IP:10.0.1.90/255.255.255.255 +- IP:10.0.1.91/255.255.255.255 +- IP:10.0.1.92/255.255.255.255 +- IP:10.0.1.93/255.255.255.255 +- IP:10.0.1.94/255.255.255.255 +- IP:10.0.1.95/255.255.255.255 +- IP:10.0.1.96/255.255.255.255 +- IP:10.0.1.97/255.255.255.255 +- IP:10.0.1.98/255.255.255.255 +- IP:10.0.1.99/255.255.255.255 +- IP:10.0.1.100/255.255.255.255 +- IP:10.0.1.101/255.255.255.255 +- IP:10.0.1.102/255.255.255.255 +- IP:10.0.1.103/255.255.255.255 +- IP:10.0.1.104/255.255.255.255 +- IP:10.0.1.105/255.255.255.255 +- IP:10.0.1.106/255.255.255.255 +- IP:10.0.1.107/255.255.255.255 +- IP:10.0.1.108/255.255.255.255 +- IP:10.0.1.109/255.255.255.255 +- IP:10.0.1.110/255.255.255.255 +- IP:10.0.1.111/255.255.255.255 +- IP:10.0.1.112/255.255.255.255 +- IP:10.0.1.113/255.255.255.255 +- IP:10.0.1.114/255.255.255.255 +- IP:10.0.1.115/255.255.255.255 +- IP:10.0.1.116/255.255.255.255 +- IP:10.0.1.117/255.255.255.255 +- IP:10.0.1.118/255.255.255.255 +- IP:10.0.1.119/255.255.255.255 +- IP:10.0.1.120/255.255.255.255 +- IP:10.0.1.121/255.255.255.255 +- IP:10.0.1.122/255.255.255.255 +- IP:10.0.1.123/255.255.255.255 +- IP:10.0.1.124/255.255.255.255 +- IP:10.0.1.125/255.255.255.255 +- IP:10.0.1.126/255.255.255.255 +- IP:10.0.1.127/255.255.255.255 +- IP:10.0.1.128/255.255.255.255 +- IP:10.0.1.129/255.255.255.255 +- IP:10.0.1.130/255.255.255.255 +- IP:10.0.1.131/255.255.255.255 +- IP:10.0.1.132/255.255.255.255 +- IP:10.0.1.133/255.255.255.255 +- IP:10.0.1.134/255.255.255.255 +- IP:10.0.1.135/255.255.255.255 +- IP:10.0.1.136/255.255.255.255 +- IP:10.0.1.137/255.255.255.255 +- IP:10.0.1.138/255.255.255.255 +- IP:10.0.1.139/255.255.255.255 +- IP:10.0.1.140/255.255.255.255 +- IP:10.0.1.141/255.255.255.255 +- IP:10.0.1.142/255.255.255.255 +- IP:10.0.1.143/255.255.255.255 +- IP:10.0.1.144/255.255.255.255 +- IP:10.0.1.145/255.255.255.255 +- IP:10.0.1.146/255.255.255.255 +- IP:10.0.1.147/255.255.255.255 +- IP:10.0.1.148/255.255.255.255 +- IP:10.0.1.149/255.255.255.255 +- IP:10.0.1.150/255.255.255.255 +- IP:10.0.1.151/255.255.255.255 +- IP:10.0.1.152/255.255.255.255 +- IP:10.0.1.153/255.255.255.255 +- IP:10.0.1.154/255.255.255.255 +- IP:10.0.1.155/255.255.255.255 +- IP:10.0.1.156/255.255.255.255 +- IP:10.0.1.157/255.255.255.255 +- IP:10.0.1.158/255.255.255.255 +- IP:10.0.1.159/255.255.255.255 +- IP:10.0.1.160/255.255.255.255 +- IP:10.0.1.161/255.255.255.255 +- IP:10.0.1.162/255.255.255.255 +- DirName:CN = t0 +- DirName:CN = t1 +- DirName:CN = t2 +- DirName:CN = t3 +- DirName:CN = t4 +- DirName:CN = t5 +- DirName:CN = t6 +- DirName:CN = t7 +- DirName:CN = t8 +- DirName:CN = t9 +- DirName:CN = t10 +- DirName:CN = t11 +- DirName:CN = t12 +- DirName:CN = t13 +- DirName:CN = t14 +- DirName:CN = t15 +- DirName:CN = t16 +- DirName:CN = t17 +- DirName:CN = t18 +- DirName:CN = t19 +- DirName:CN = t20 +- DirName:CN = t21 +- DirName:CN = t22 +- DirName:CN = t23 +- DirName:CN = t24 +- DirName:CN = t25 +- DirName:CN = t26 +- DirName:CN = t27 +- DirName:CN = t28 +- DirName:CN = t29 +- DirName:CN = t30 +- DirName:CN = t31 +- DirName:CN = t32 +- DirName:CN = t33 +- DirName:CN = t34 +- DirName:CN = t35 +- DirName:CN = t36 +- DirName:CN = t37 +- DirName:CN = t38 +- DirName:CN = t39 +- DirName:CN = t40 +- DirName:CN = t41 +- DirName:CN = t42 +- DirName:CN = t43 +- DirName:CN = t44 +- DirName:CN = t45 +- DirName:CN = t46 +- DirName:CN = t47 +- DirName:CN = t48 +- DirName:CN = t49 +- DirName:CN = t50 +- DirName:CN = t51 +- DirName:CN = t52 +- DirName:CN = t53 +- DirName:CN = t54 +- DirName:CN = t55 +- DirName:CN = t56 +- DirName:CN = t57 +- DirName:CN = t58 +- DirName:CN = t59 +- DirName:CN = t60 +- DirName:CN = t61 +- DirName:CN = t62 +- DirName:CN = t63 +- DirName:CN = t64 +- DirName:CN = t65 +- DirName:CN = t66 +- DirName:CN = t67 +- DirName:CN = t68 +- DirName:CN = t69 +- DirName:CN = t70 +- DirName:CN = t71 +- DirName:CN = t72 +- DirName:CN = t73 +- DirName:CN = t74 +- DirName:CN = t75 +- DirName:CN = t76 +- DirName:CN = t77 +- DirName:CN = t78 +- DirName:CN = t79 +- DirName:CN = t80 +- DirName:CN = t81 +- DirName:CN = t82 +- DirName:CN = t83 +- DirName:CN = t84 +- DirName:CN = t85 +- DirName:CN = t86 +- DirName:CN = t87 +- DirName:CN = t88 +- DirName:CN = t89 +- DirName:CN = t90 +- DirName:CN = t91 +- DirName:CN = t92 +- DirName:CN = t93 +- DirName:CN = t94 +- DirName:CN = t95 +- DirName:CN = t96 +- DirName:CN = t97 +- DirName:CN = t98 +- DirName:CN = t99 +- DirName:CN = t100 +- DirName:CN = t101 +- DirName:CN = t102 +- DirName:CN = t103 +- DirName:CN = t104 +- DirName:CN = t105 +- DirName:CN = t106 +- DirName:CN = t107 +- DirName:CN = t108 +- DirName:CN = t109 +- DirName:CN = t110 +- DirName:CN = t111 +- DirName:CN = t112 +- DirName:CN = t113 +- DirName:CN = t114 +- DirName:CN = t115 +- DirName:CN = t116 +- DirName:CN = t117 +- DirName:CN = t118 +- DirName:CN = t119 +- DirName:CN = t120 +- DirName:CN = t121 +- DirName:CN = t122 +- DirName:CN = t123 +- DirName:CN = t124 +- DirName:CN = t125 +- DirName:CN = t126 +- DirName:CN = t127 +- DirName:CN = t128 +- DirName:CN = t129 +- DirName:CN = t130 +- DirName:CN = t131 +- DirName:CN = t132 +- DirName:CN = t133 +- DirName:CN = t134 +- DirName:CN = t135 +- DirName:CN = t136 +- DirName:CN = t137 +- DirName:CN = t138 +- DirName:CN = t139 +- DirName:CN = t140 +- DirName:CN = t141 +- DirName:CN = t142 +- DirName:CN = t143 +- DirName:CN = t144 +- DirName:CN = t145 +- DirName:CN = t146 +- DirName:CN = t147 +- DirName:CN = t148 +- DirName:CN = t149 +- DirName:CN = t150 +- DirName:CN = t151 +- DirName:CN = t152 +- DirName:CN = t153 +- DirName:CN = t154 +- DirName:CN = t155 +- DirName:CN = t156 +- DirName:CN = t157 +- DirName:CN = t158 +- DirName:CN = t159 +- DirName:CN = t160 +- DirName:CN = t161 +- DirName:CN = t162 +- DirName:CN = t163 +- DirName:CN = t164 +- DirName:CN = t165 +- DirName:CN = t166 +- DirName:CN = t167 +- DirName:CN = t168 +- DirName:CN = t169 +- DirName:CN = t170 +- DirName:CN = t171 +- DirName:CN = t172 +- DirName:CN = t173 +- DirName:CN = t174 +- DirName:CN = t175 +- DirName:CN = t176 +- DirName:CN = t177 +- DirName:CN = t178 +- DirName:CN = t179 +- DirName:CN = t180 +- DirName:CN = t181 +- DirName:CN = t182 +- DirName:CN = t183 +- DirName:CN = t184 +- DirName:CN = t185 +- DirName:CN = t186 +- DirName:CN = t187 +- DirName:CN = t188 +- DirName:CN = t189 +- DirName:CN = t190 +- DirName:CN = t191 +- DirName:CN = t192 +- DirName:CN = t193 +- DirName:CN = t194 +- DirName:CN = t195 +- DirName:CN = t196 +- DirName:CN = t197 +- DirName:CN = t198 +- DirName:CN = t199 +- DirName:CN = t200 +- DirName:CN = t201 +- DirName:CN = t202 +- DirName:CN = t203 +- DirName:CN = t204 +- DirName:CN = t205 +- DirName:CN = t206 +- DirName:CN = t207 +- DirName:CN = t208 +- DirName:CN = t209 +- DirName:CN = t210 +- DirName:CN = t211 +- DirName:CN = t212 +- DirName:CN = t213 +- DirName:CN = t214 +- DirName:CN = t215 +- DirName:CN = t216 +- DirName:CN = t217 +- DirName:CN = t218 +- DirName:CN = t219 +- DirName:CN = t220 +- DirName:CN = t221 +- DirName:CN = t222 +- DirName:CN = t223 +- DirName:CN = t224 +- DirName:CN = t225 +- DirName:CN = t226 +- DirName:CN = t227 +- DirName:CN = t228 +- DirName:CN = t229 +- DirName:CN = t230 +- DirName:CN = t231 +- DirName:CN = t232 +- DirName:CN = t233 +- DirName:CN = t234 +- DirName:CN = t235 +- DirName:CN = t236 +- DirName:CN = t237 +- DirName:CN = t238 +- DirName:CN = t239 +- DirName:CN = t240 +- DirName:CN = t241 +- DirName:CN = t242 +- DirName:CN = t243 +- DirName:CN = t244 +- DirName:CN = t245 +- DirName:CN = t246 +- DirName:CN = t247 +- DirName:CN = t248 +- DirName:CN = t249 +- DirName:CN = t250 +- DirName:CN = t251 +- DirName:CN = t252 +- DirName:CN = t253 +- DirName:CN = t254 +- DirName:CN = t255 +- DirName:CN = t256 +- DirName:CN = t257 +- DirName:CN = t258 +- DirName:CN = t259 +- DirName:CN = t260 +- DirName:CN = t261 +- DirName:CN = t262 +- DirName:CN = t263 +- DirName:CN = t264 +- DirName:CN = t265 +- DirName:CN = t266 +- DirName:CN = t267 +- DirName:CN = t268 +- DirName:CN = t269 +- DirName:CN = t270 +- DirName:CN = t271 +- DirName:CN = t272 +- DirName:CN = t273 +- DirName:CN = t274 +- DirName:CN = t275 +- DirName:CN = t276 +- DirName:CN = t277 +- DirName:CN = t278 +- DirName:CN = t279 +- DirName:CN = t280 +- DirName:CN = t281 +- DirName:CN = t282 +- DirName:CN = t283 +- DirName:CN = t284 +- DirName:CN = t285 +- DirName:CN = t286 +- DirName:CN = t287 +- DirName:CN = t288 +- DirName:CN = t289 +- DirName:CN = t290 +- DirName:CN = t291 +- DirName:CN = t292 +- DirName:CN = t293 +- DirName:CN = t294 +- DirName:CN = t295 +- DirName:CN = t296 +- DirName:CN = t297 +- DirName:CN = t298 +- DirName:CN = t299 +- DirName:CN = t300 +- DirName:CN = t301 +- DirName:CN = t302 +- DirName:CN = t303 +- DirName:CN = t304 +- DirName:CN = t305 +- DirName:CN = t306 +- DirName:CN = t307 +- DirName:CN = t308 +- DirName:CN = t309 +- DirName:CN = t310 +- DirName:CN = t311 +- DirName:CN = t312 +- DirName:CN = t313 +- DirName:CN = t314 +- DirName:CN = t315 +- DirName:CN = t316 +- DirName:CN = t317 +- DirName:CN = t318 +- DirName:CN = t319 +- DirName:CN = t320 +- DirName:CN = t321 +- DirName:CN = t322 +- DirName:CN = t323 +- DirName:CN = t324 +- DirName:CN = t325 +- DirName:CN = t326 +- DirName:CN = t327 +- DirName:CN = t328 +- DirName:CN = t329 +- DirName:CN = t330 +- DirName:CN = t331 +- DirName:CN = t332 +- DirName:CN = t333 +- DirName:CN = t334 +- DirName:CN = t335 +- DirName:CN = t336 +- DirName:CN = t337 +- DirName:CN = t338 +- DirName:CN = t339 +- DirName:CN = t340 +- DirName:CN = t341 +- DirName:CN = t342 +- DirName:CN = t343 +- DirName:CN = t344 +- DirName:CN = t345 +- DirName:CN = t346 +- DirName:CN = t347 +- DirName:CN = t348 +- DirName:CN = t349 +- DirName:CN = t350 +- DirName:CN = t351 +- DirName:CN = t352 +- DirName:CN = t353 +- DirName:CN = t354 +- DirName:CN = t355 +- DirName:CN = t356 +- DirName:CN = t357 +- DirName:CN = t358 +- DirName:CN = t359 +- DirName:CN = t360 +- DirName:CN = t361 +- DirName:CN = t362 +- DirName:CN = t363 +- DirName:CN = t364 +- DirName:CN = t365 +- DirName:CN = t366 +- DirName:CN = t367 +- DirName:CN = t368 +- DirName:CN = t369 +- DirName:CN = t370 +- DirName:CN = t371 +- DirName:CN = t372 +- DirName:CN = t373 +- DirName:CN = t374 +- DirName:CN = t375 +- DirName:CN = t376 +- DirName:CN = t377 +- DirName:CN = t378 +- DirName:CN = t379 +- DirName:CN = t380 +- DirName:CN = t381 +- DirName:CN = t382 +- DirName:CN = t383 +- DirName:CN = t384 +- DirName:CN = t385 +- DirName:CN = t386 +- DirName:CN = t387 +- DirName:CN = t388 +- DirName:CN = t389 +- DirName:CN = t390 +- DirName:CN = t391 +- DirName:CN = t392 +- DirName:CN = t393 +- DirName:CN = t394 +- DirName:CN = t395 +- DirName:CN = t396 +- DirName:CN = t397 +- DirName:CN = t398 +- DirName:CN = t399 +- DirName:CN = t400 +- DirName:CN = t401 +- DirName:CN = t402 +- DirName:CN = t403 +- DirName:CN = t404 +- DirName:CN = t405 +- DirName:CN = t406 +- DirName:CN = t407 +- DirName:CN = t408 +- DirName:CN = t409 +- DirName:CN = t410 +- DirName:CN = t411 +- DirName:CN = t412 +- DirName:CN = t413 +- DirName:CN = t414 +- DirName:CN = t415 +- DirName:CN = t416 +- DirName:CN = t417 +- DirName:CN = t418 ++ DirName: CN = t0 ++ DirName: CN = t1 ++ DirName: CN = t2 ++ DirName: CN = t3 ++ DirName: CN = t4 ++ DirName: CN = t5 ++ DirName: CN = t6 ++ DirName: CN = t7 ++ DirName: CN = t8 ++ DirName: CN = t9 ++ DirName: CN = t10 ++ DirName: CN = t11 ++ DirName: CN = t12 ++ DirName: CN = t13 ++ DirName: CN = t14 ++ DirName: CN = t15 ++ DirName: CN = t16 ++ DirName: CN = t17 ++ DirName: CN = t18 ++ DirName: CN = t19 ++ DirName: CN = t20 ++ DirName: CN = t21 ++ DirName: CN = t22 ++ DirName: CN = t23 ++ DirName: CN = t24 ++ DirName: CN = t25 ++ DirName: CN = t26 ++ DirName: CN = t27 ++ DirName: CN = t28 ++ DirName: CN = t29 ++ DirName: CN = t30 ++ DirName: CN = t31 ++ DirName: CN = t32 ++ DirName: CN = t33 ++ DirName: CN = t34 ++ DirName: CN = t35 ++ DirName: CN = t36 ++ DirName: CN = t37 ++ DirName: CN = t38 ++ DirName: CN = t39 ++ DirName: CN = t40 ++ DirName: CN = t41 ++ DirName: CN = t42 ++ DirName: CN = t43 ++ DirName: CN = t44 ++ DirName: CN = t45 ++ DirName: CN = t46 ++ DirName: CN = t47 ++ DirName: CN = t48 ++ DirName: CN = t49 ++ DirName: CN = t50 ++ DirName: CN = t51 ++ DirName: CN = t52 ++ DirName: CN = t53 ++ DirName: CN = t54 ++ DirName: CN = t55 ++ DirName: CN = t56 ++ DirName: CN = t57 ++ DirName: CN = t58 ++ DirName: CN = t59 ++ DirName: CN = t60 ++ DirName: CN = t61 ++ DirName: CN = t62 ++ DirName: CN = t63 ++ DirName: CN = t64 ++ DirName: CN = t65 ++ DirName: CN = t66 ++ DirName: CN = t67 ++ DirName: CN = t68 ++ DirName: CN = t69 ++ DirName: CN = t70 ++ DirName: CN = t71 ++ DirName: CN = t72 ++ DirName: CN = t73 ++ DirName: CN = t74 ++ DirName: CN = t75 ++ DirName: CN = t76 ++ DirName: CN = t77 ++ DirName: CN = t78 ++ DirName: CN = t79 ++ DirName: CN = t80 ++ DirName: CN = t81 ++ DirName: CN = t82 ++ DirName: CN = t83 ++ DirName: CN = t84 ++ DirName: CN = t85 ++ DirName: CN = t86 ++ DirName: CN = t87 ++ DirName: CN = t88 ++ DirName: CN = t89 ++ DirName: CN = t90 ++ DirName: CN = t91 ++ DirName: CN = t92 ++ DirName: CN = t93 ++ DirName: CN = t94 ++ DirName: CN = t95 ++ DirName: CN = t96 ++ DirName: CN = t97 ++ DirName: CN = t98 ++ DirName: CN = t99 ++ DirName: CN = t100 ++ DirName: CN = t101 ++ DirName: CN = t102 ++ DirName: CN = t103 ++ DirName: CN = t104 ++ DirName: CN = t105 ++ DirName: CN = t106 ++ DirName: CN = t107 ++ DirName: CN = t108 ++ DirName: CN = t109 ++ DirName: CN = t110 ++ DirName: CN = t111 ++ DirName: CN = t112 ++ DirName: CN = t113 ++ DirName: CN = t114 ++ DirName: CN = t115 ++ DirName: CN = t116 ++ DirName: CN = t117 ++ DirName: CN = t118 ++ DirName: CN = t119 ++ DirName: CN = t120 ++ DirName: CN = t121 ++ DirName: CN = t122 ++ DirName: CN = t123 ++ DirName: CN = t124 ++ DirName: CN = t125 ++ DirName: CN = t126 ++ DirName: CN = t127 ++ DirName: CN = t128 ++ DirName: CN = t129 ++ DirName: CN = t130 ++ DirName: CN = t131 ++ DirName: CN = t132 ++ DirName: CN = t133 ++ DirName: CN = t134 ++ DirName: CN = t135 ++ DirName: CN = t136 ++ DirName: CN = t137 ++ DirName: CN = t138 ++ DirName: CN = t139 ++ DirName: CN = t140 ++ DirName: CN = t141 ++ DirName: CN = t142 ++ DirName: CN = t143 ++ DirName: CN = t144 ++ DirName: CN = t145 ++ DirName: CN = t146 ++ DirName: CN = t147 ++ DirName: CN = t148 ++ DirName: CN = t149 ++ DirName: CN = t150 ++ DirName: CN = t151 ++ DirName: CN = t152 ++ DirName: CN = t153 ++ DirName: CN = t154 ++ DirName: CN = t155 ++ DirName: CN = t156 ++ DirName: CN = t157 ++ DirName: CN = t158 ++ DirName: CN = t159 ++ DirName: CN = t160 ++ DirName: CN = t161 ++ DirName: CN = t162 ++ DirName: CN = t163 ++ DirName: CN = t164 ++ DirName: CN = t165 ++ DirName: CN = t166 ++ DirName: CN = t167 ++ DirName: CN = t168 ++ DirName: CN = t169 ++ DirName: CN = t170 ++ DirName: CN = t171 + Excluded: + DNS:x0.test + DNS:x1.test +@@ -1887,255 +1088,6 @@ Certificate: + DNS:x167.test + DNS:x168.test + DNS:x169.test +- DNS:x170.test +- DNS:x171.test +- DNS:x172.test +- DNS:x173.test +- DNS:x174.test +- DNS:x175.test +- DNS:x176.test +- DNS:x177.test +- DNS:x178.test +- DNS:x179.test +- DNS:x180.test +- DNS:x181.test +- DNS:x182.test +- DNS:x183.test +- DNS:x184.test +- DNS:x185.test +- DNS:x186.test +- DNS:x187.test +- DNS:x188.test +- DNS:x189.test +- DNS:x190.test +- DNS:x191.test +- DNS:x192.test +- DNS:x193.test +- DNS:x194.test +- DNS:x195.test +- DNS:x196.test +- DNS:x197.test +- DNS:x198.test +- DNS:x199.test +- DNS:x200.test +- DNS:x201.test +- DNS:x202.test +- DNS:x203.test +- DNS:x204.test +- DNS:x205.test +- DNS:x206.test +- DNS:x207.test +- DNS:x208.test +- DNS:x209.test +- DNS:x210.test +- DNS:x211.test +- DNS:x212.test +- DNS:x213.test +- DNS:x214.test +- DNS:x215.test +- DNS:x216.test +- DNS:x217.test +- DNS:x218.test +- DNS:x219.test +- DNS:x220.test +- DNS:x221.test +- DNS:x222.test +- DNS:x223.test +- DNS:x224.test +- DNS:x225.test +- DNS:x226.test +- DNS:x227.test +- DNS:x228.test +- DNS:x229.test +- DNS:x230.test +- DNS:x231.test +- DNS:x232.test +- DNS:x233.test +- DNS:x234.test +- DNS:x235.test +- DNS:x236.test +- DNS:x237.test +- DNS:x238.test +- DNS:x239.test +- DNS:x240.test +- DNS:x241.test +- DNS:x242.test +- DNS:x243.test +- DNS:x244.test +- DNS:x245.test +- DNS:x246.test +- DNS:x247.test +- DNS:x248.test +- DNS:x249.test +- DNS:x250.test +- DNS:x251.test +- DNS:x252.test +- DNS:x253.test +- DNS:x254.test +- DNS:x255.test +- DNS:x256.test +- DNS:x257.test +- DNS:x258.test +- DNS:x259.test +- DNS:x260.test +- DNS:x261.test +- DNS:x262.test +- DNS:x263.test +- DNS:x264.test +- DNS:x265.test +- DNS:x266.test +- DNS:x267.test +- DNS:x268.test +- DNS:x269.test +- DNS:x270.test +- DNS:x271.test +- DNS:x272.test +- DNS:x273.test +- DNS:x274.test +- DNS:x275.test +- DNS:x276.test +- DNS:x277.test +- DNS:x278.test +- DNS:x279.test +- DNS:x280.test +- DNS:x281.test +- DNS:x282.test +- DNS:x283.test +- DNS:x284.test +- DNS:x285.test +- DNS:x286.test +- DNS:x287.test +- DNS:x288.test +- DNS:x289.test +- DNS:x290.test +- DNS:x291.test +- DNS:x292.test +- DNS:x293.test +- DNS:x294.test +- DNS:x295.test +- DNS:x296.test +- DNS:x297.test +- DNS:x298.test +- DNS:x299.test +- DNS:x300.test +- DNS:x301.test +- DNS:x302.test +- DNS:x303.test +- DNS:x304.test +- DNS:x305.test +- DNS:x306.test +- DNS:x307.test +- DNS:x308.test +- DNS:x309.test +- DNS:x310.test +- DNS:x311.test +- DNS:x312.test +- DNS:x313.test +- DNS:x314.test +- DNS:x315.test +- DNS:x316.test +- DNS:x317.test +- DNS:x318.test +- DNS:x319.test +- DNS:x320.test +- DNS:x321.test +- DNS:x322.test +- DNS:x323.test +- DNS:x324.test +- DNS:x325.test +- DNS:x326.test +- DNS:x327.test +- DNS:x328.test +- DNS:x329.test +- DNS:x330.test +- DNS:x331.test +- DNS:x332.test +- DNS:x333.test +- DNS:x334.test +- DNS:x335.test +- DNS:x336.test +- DNS:x337.test +- DNS:x338.test +- DNS:x339.test +- DNS:x340.test +- DNS:x341.test +- DNS:x342.test +- DNS:x343.test +- DNS:x344.test +- DNS:x345.test +- DNS:x346.test +- DNS:x347.test +- DNS:x348.test +- DNS:x349.test +- DNS:x350.test +- DNS:x351.test +- DNS:x352.test +- DNS:x353.test +- DNS:x354.test +- DNS:x355.test +- DNS:x356.test +- DNS:x357.test +- DNS:x358.test +- DNS:x359.test +- DNS:x360.test +- DNS:x361.test +- DNS:x362.test +- DNS:x363.test +- DNS:x364.test +- DNS:x365.test +- DNS:x366.test +- DNS:x367.test +- DNS:x368.test +- DNS:x369.test +- DNS:x370.test +- DNS:x371.test +- DNS:x372.test +- DNS:x373.test +- DNS:x374.test +- DNS:x375.test +- DNS:x376.test +- DNS:x377.test +- DNS:x378.test +- DNS:x379.test +- DNS:x380.test +- DNS:x381.test +- DNS:x382.test +- DNS:x383.test +- DNS:x384.test +- DNS:x385.test +- DNS:x386.test +- DNS:x387.test +- DNS:x388.test +- DNS:x389.test +- DNS:x390.test +- DNS:x391.test +- DNS:x392.test +- DNS:x393.test +- DNS:x394.test +- DNS:x395.test +- DNS:x396.test +- DNS:x397.test +- DNS:x398.test +- DNS:x399.test +- DNS:x400.test +- DNS:x401.test +- DNS:x402.test +- DNS:x403.test +- DNS:x404.test +- DNS:x405.test +- DNS:x406.test +- DNS:x407.test +- DNS:x408.test +- DNS:x409.test +- DNS:x410.test +- DNS:x411.test +- DNS:x412.test +- DNS:x413.test +- DNS:x414.test +- DNS:x415.test +- DNS:x416.test +- DNS:x417.test +- DNS:x418.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 +@@ -2306,693 +1258,195 @@ Certificate: + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 +- IP:11.0.0.170/255.255.255.255 +- IP:11.0.0.171/255.255.255.255 +- IP:11.0.0.172/255.255.255.255 +- IP:11.0.0.173/255.255.255.255 +- IP:11.0.0.174/255.255.255.255 +- IP:11.0.0.175/255.255.255.255 +- IP:11.0.0.176/255.255.255.255 +- IP:11.0.0.177/255.255.255.255 +- IP:11.0.0.178/255.255.255.255 +- IP:11.0.0.179/255.255.255.255 +- IP:11.0.0.180/255.255.255.255 +- IP:11.0.0.181/255.255.255.255 +- IP:11.0.0.182/255.255.255.255 +- IP:11.0.0.183/255.255.255.255 +- IP:11.0.0.184/255.255.255.255 +- IP:11.0.0.185/255.255.255.255 +- IP:11.0.0.186/255.255.255.255 +- IP:11.0.0.187/255.255.255.255 +- IP:11.0.0.188/255.255.255.255 +- IP:11.0.0.189/255.255.255.255 +- IP:11.0.0.190/255.255.255.255 +- IP:11.0.0.191/255.255.255.255 +- IP:11.0.0.192/255.255.255.255 +- IP:11.0.0.193/255.255.255.255 +- IP:11.0.0.194/255.255.255.255 +- IP:11.0.0.195/255.255.255.255 +- IP:11.0.0.196/255.255.255.255 +- IP:11.0.0.197/255.255.255.255 +- IP:11.0.0.198/255.255.255.255 +- IP:11.0.0.199/255.255.255.255 +- IP:11.0.0.200/255.255.255.255 +- IP:11.0.0.201/255.255.255.255 +- IP:11.0.0.202/255.255.255.255 +- IP:11.0.0.203/255.255.255.255 +- IP:11.0.0.204/255.255.255.255 +- IP:11.0.0.205/255.255.255.255 +- IP:11.0.0.206/255.255.255.255 +- IP:11.0.0.207/255.255.255.255 +- IP:11.0.0.208/255.255.255.255 +- IP:11.0.0.209/255.255.255.255 +- IP:11.0.0.210/255.255.255.255 +- IP:11.0.0.211/255.255.255.255 +- IP:11.0.0.212/255.255.255.255 +- IP:11.0.0.213/255.255.255.255 +- IP:11.0.0.214/255.255.255.255 +- IP:11.0.0.215/255.255.255.255 +- IP:11.0.0.216/255.255.255.255 +- IP:11.0.0.217/255.255.255.255 +- IP:11.0.0.218/255.255.255.255 +- IP:11.0.0.219/255.255.255.255 +- IP:11.0.0.220/255.255.255.255 +- IP:11.0.0.221/255.255.255.255 +- IP:11.0.0.222/255.255.255.255 +- IP:11.0.0.223/255.255.255.255 +- IP:11.0.0.224/255.255.255.255 +- IP:11.0.0.225/255.255.255.255 +- IP:11.0.0.226/255.255.255.255 +- IP:11.0.0.227/255.255.255.255 +- IP:11.0.0.228/255.255.255.255 +- IP:11.0.0.229/255.255.255.255 +- IP:11.0.0.230/255.255.255.255 +- IP:11.0.0.231/255.255.255.255 +- IP:11.0.0.232/255.255.255.255 +- IP:11.0.0.233/255.255.255.255 +- IP:11.0.0.234/255.255.255.255 +- IP:11.0.0.235/255.255.255.255 +- IP:11.0.0.236/255.255.255.255 +- IP:11.0.0.237/255.255.255.255 +- IP:11.0.0.238/255.255.255.255 +- IP:11.0.0.239/255.255.255.255 +- IP:11.0.0.240/255.255.255.255 +- IP:11.0.0.241/255.255.255.255 +- IP:11.0.0.242/255.255.255.255 +- IP:11.0.0.243/255.255.255.255 +- IP:11.0.0.244/255.255.255.255 +- IP:11.0.0.245/255.255.255.255 +- IP:11.0.0.246/255.255.255.255 +- IP:11.0.0.247/255.255.255.255 +- IP:11.0.0.248/255.255.255.255 +- IP:11.0.0.249/255.255.255.255 +- IP:11.0.0.250/255.255.255.255 +- IP:11.0.0.251/255.255.255.255 +- IP:11.0.0.252/255.255.255.255 +- IP:11.0.0.253/255.255.255.255 +- IP:11.0.0.254/255.255.255.255 +- IP:11.0.0.255/255.255.255.255 +- IP:11.0.1.0/255.255.255.255 +- IP:11.0.1.1/255.255.255.255 +- IP:11.0.1.2/255.255.255.255 +- IP:11.0.1.3/255.255.255.255 +- IP:11.0.1.4/255.255.255.255 +- IP:11.0.1.5/255.255.255.255 +- IP:11.0.1.6/255.255.255.255 +- IP:11.0.1.7/255.255.255.255 +- IP:11.0.1.8/255.255.255.255 +- IP:11.0.1.9/255.255.255.255 +- IP:11.0.1.10/255.255.255.255 +- IP:11.0.1.11/255.255.255.255 +- IP:11.0.1.12/255.255.255.255 +- IP:11.0.1.13/255.255.255.255 +- IP:11.0.1.14/255.255.255.255 +- IP:11.0.1.15/255.255.255.255 +- IP:11.0.1.16/255.255.255.255 +- IP:11.0.1.17/255.255.255.255 +- IP:11.0.1.18/255.255.255.255 +- IP:11.0.1.19/255.255.255.255 +- IP:11.0.1.20/255.255.255.255 +- IP:11.0.1.21/255.255.255.255 +- IP:11.0.1.22/255.255.255.255 +- IP:11.0.1.23/255.255.255.255 +- IP:11.0.1.24/255.255.255.255 +- IP:11.0.1.25/255.255.255.255 +- IP:11.0.1.26/255.255.255.255 +- IP:11.0.1.27/255.255.255.255 +- IP:11.0.1.28/255.255.255.255 +- IP:11.0.1.29/255.255.255.255 +- IP:11.0.1.30/255.255.255.255 +- IP:11.0.1.31/255.255.255.255 +- IP:11.0.1.32/255.255.255.255 +- IP:11.0.1.33/255.255.255.255 +- IP:11.0.1.34/255.255.255.255 +- IP:11.0.1.35/255.255.255.255 +- IP:11.0.1.36/255.255.255.255 +- IP:11.0.1.37/255.255.255.255 +- IP:11.0.1.38/255.255.255.255 +- IP:11.0.1.39/255.255.255.255 +- IP:11.0.1.40/255.255.255.255 +- IP:11.0.1.41/255.255.255.255 +- IP:11.0.1.42/255.255.255.255 +- IP:11.0.1.43/255.255.255.255 +- IP:11.0.1.44/255.255.255.255 +- IP:11.0.1.45/255.255.255.255 +- IP:11.0.1.46/255.255.255.255 +- IP:11.0.1.47/255.255.255.255 +- IP:11.0.1.48/255.255.255.255 +- IP:11.0.1.49/255.255.255.255 +- IP:11.0.1.50/255.255.255.255 +- IP:11.0.1.51/255.255.255.255 +- IP:11.0.1.52/255.255.255.255 +- IP:11.0.1.53/255.255.255.255 +- IP:11.0.1.54/255.255.255.255 +- IP:11.0.1.55/255.255.255.255 +- IP:11.0.1.56/255.255.255.255 +- IP:11.0.1.57/255.255.255.255 +- IP:11.0.1.58/255.255.255.255 +- IP:11.0.1.59/255.255.255.255 +- IP:11.0.1.60/255.255.255.255 +- IP:11.0.1.61/255.255.255.255 +- IP:11.0.1.62/255.255.255.255 +- IP:11.0.1.63/255.255.255.255 +- IP:11.0.1.64/255.255.255.255 +- IP:11.0.1.65/255.255.255.255 +- IP:11.0.1.66/255.255.255.255 +- IP:11.0.1.67/255.255.255.255 +- IP:11.0.1.68/255.255.255.255 +- IP:11.0.1.69/255.255.255.255 +- IP:11.0.1.70/255.255.255.255 +- IP:11.0.1.71/255.255.255.255 +- IP:11.0.1.72/255.255.255.255 +- IP:11.0.1.73/255.255.255.255 +- IP:11.0.1.74/255.255.255.255 +- IP:11.0.1.75/255.255.255.255 +- IP:11.0.1.76/255.255.255.255 +- IP:11.0.1.77/255.255.255.255 +- IP:11.0.1.78/255.255.255.255 +- IP:11.0.1.79/255.255.255.255 +- IP:11.0.1.80/255.255.255.255 +- IP:11.0.1.81/255.255.255.255 +- IP:11.0.1.82/255.255.255.255 +- IP:11.0.1.83/255.255.255.255 +- IP:11.0.1.84/255.255.255.255 +- IP:11.0.1.85/255.255.255.255 +- IP:11.0.1.86/255.255.255.255 +- IP:11.0.1.87/255.255.255.255 +- IP:11.0.1.88/255.255.255.255 +- IP:11.0.1.89/255.255.255.255 +- IP:11.0.1.90/255.255.255.255 +- IP:11.0.1.91/255.255.255.255 +- IP:11.0.1.92/255.255.255.255 +- IP:11.0.1.93/255.255.255.255 +- IP:11.0.1.94/255.255.255.255 +- IP:11.0.1.95/255.255.255.255 +- IP:11.0.1.96/255.255.255.255 +- IP:11.0.1.97/255.255.255.255 +- IP:11.0.1.98/255.255.255.255 +- IP:11.0.1.99/255.255.255.255 +- IP:11.0.1.100/255.255.255.255 +- IP:11.0.1.101/255.255.255.255 +- IP:11.0.1.102/255.255.255.255 +- IP:11.0.1.103/255.255.255.255 +- IP:11.0.1.104/255.255.255.255 +- IP:11.0.1.105/255.255.255.255 +- IP:11.0.1.106/255.255.255.255 +- IP:11.0.1.107/255.255.255.255 +- IP:11.0.1.108/255.255.255.255 +- IP:11.0.1.109/255.255.255.255 +- IP:11.0.1.110/255.255.255.255 +- IP:11.0.1.111/255.255.255.255 +- IP:11.0.1.112/255.255.255.255 +- IP:11.0.1.113/255.255.255.255 +- IP:11.0.1.114/255.255.255.255 +- IP:11.0.1.115/255.255.255.255 +- IP:11.0.1.116/255.255.255.255 +- IP:11.0.1.117/255.255.255.255 +- IP:11.0.1.118/255.255.255.255 +- IP:11.0.1.119/255.255.255.255 +- IP:11.0.1.120/255.255.255.255 +- IP:11.0.1.121/255.255.255.255 +- IP:11.0.1.122/255.255.255.255 +- IP:11.0.1.123/255.255.255.255 +- IP:11.0.1.124/255.255.255.255 +- IP:11.0.1.125/255.255.255.255 +- IP:11.0.1.126/255.255.255.255 +- IP:11.0.1.127/255.255.255.255 +- IP:11.0.1.128/255.255.255.255 +- IP:11.0.1.129/255.255.255.255 +- IP:11.0.1.130/255.255.255.255 +- IP:11.0.1.131/255.255.255.255 +- IP:11.0.1.132/255.255.255.255 +- IP:11.0.1.133/255.255.255.255 +- IP:11.0.1.134/255.255.255.255 +- IP:11.0.1.135/255.255.255.255 +- IP:11.0.1.136/255.255.255.255 +- IP:11.0.1.137/255.255.255.255 +- IP:11.0.1.138/255.255.255.255 +- IP:11.0.1.139/255.255.255.255 +- IP:11.0.1.140/255.255.255.255 +- IP:11.0.1.141/255.255.255.255 +- IP:11.0.1.142/255.255.255.255 +- IP:11.0.1.143/255.255.255.255 +- IP:11.0.1.144/255.255.255.255 +- IP:11.0.1.145/255.255.255.255 +- IP:11.0.1.146/255.255.255.255 +- IP:11.0.1.147/255.255.255.255 +- IP:11.0.1.148/255.255.255.255 +- IP:11.0.1.149/255.255.255.255 +- IP:11.0.1.150/255.255.255.255 +- IP:11.0.1.151/255.255.255.255 +- IP:11.0.1.152/255.255.255.255 +- IP:11.0.1.153/255.255.255.255 +- IP:11.0.1.154/255.255.255.255 +- IP:11.0.1.155/255.255.255.255 +- IP:11.0.1.156/255.255.255.255 +- IP:11.0.1.157/255.255.255.255 +- IP:11.0.1.158/255.255.255.255 +- IP:11.0.1.159/255.255.255.255 +- IP:11.0.1.160/255.255.255.255 +- IP:11.0.1.161/255.255.255.255 +- IP:11.0.1.162/255.255.255.255 +- DirName:CN = x0 +- DirName:CN = x1 +- DirName:CN = x2 +- DirName:CN = x3 +- DirName:CN = x4 +- DirName:CN = x5 +- DirName:CN = x6 +- DirName:CN = x7 +- DirName:CN = x8 +- DirName:CN = x9 +- DirName:CN = x10 +- DirName:CN = x11 +- DirName:CN = x12 +- DirName:CN = x13 +- DirName:CN = x14 +- DirName:CN = x15 +- DirName:CN = x16 +- DirName:CN = x17 +- DirName:CN = x18 +- DirName:CN = x19 +- DirName:CN = x20 +- DirName:CN = x21 +- DirName:CN = x22 +- DirName:CN = x23 +- DirName:CN = x24 +- DirName:CN = x25 +- DirName:CN = x26 +- DirName:CN = x27 +- DirName:CN = x28 +- DirName:CN = x29 +- DirName:CN = x30 +- DirName:CN = x31 +- DirName:CN = x32 +- DirName:CN = x33 +- DirName:CN = x34 +- DirName:CN = x35 +- DirName:CN = x36 +- DirName:CN = x37 +- DirName:CN = x38 +- DirName:CN = x39 +- DirName:CN = x40 +- DirName:CN = x41 +- DirName:CN = x42 +- DirName:CN = x43 +- DirName:CN = x44 +- DirName:CN = x45 +- DirName:CN = x46 +- DirName:CN = x47 +- DirName:CN = x48 +- DirName:CN = x49 +- DirName:CN = x50 +- DirName:CN = x51 +- DirName:CN = x52 +- DirName:CN = x53 +- DirName:CN = x54 +- DirName:CN = x55 +- DirName:CN = x56 +- DirName:CN = x57 +- DirName:CN = x58 +- DirName:CN = x59 +- DirName:CN = x60 +- DirName:CN = x61 +- DirName:CN = x62 +- DirName:CN = x63 +- DirName:CN = x64 +- DirName:CN = x65 +- DirName:CN = x66 +- DirName:CN = x67 +- DirName:CN = x68 +- DirName:CN = x69 +- DirName:CN = x70 +- DirName:CN = x71 +- DirName:CN = x72 +- DirName:CN = x73 +- DirName:CN = x74 +- DirName:CN = x75 +- DirName:CN = x76 +- DirName:CN = x77 +- DirName:CN = x78 +- DirName:CN = x79 +- DirName:CN = x80 +- DirName:CN = x81 +- DirName:CN = x82 +- DirName:CN = x83 +- DirName:CN = x84 +- DirName:CN = x85 +- DirName:CN = x86 +- DirName:CN = x87 +- DirName:CN = x88 +- DirName:CN = x89 +- DirName:CN = x90 +- DirName:CN = x91 +- DirName:CN = x92 +- DirName:CN = x93 +- DirName:CN = x94 +- DirName:CN = x95 +- DirName:CN = x96 +- DirName:CN = x97 +- DirName:CN = x98 +- DirName:CN = x99 +- DirName:CN = x100 +- DirName:CN = x101 +- DirName:CN = x102 +- DirName:CN = x103 +- DirName:CN = x104 +- DirName:CN = x105 +- DirName:CN = x106 +- DirName:CN = x107 +- DirName:CN = x108 +- DirName:CN = x109 +- DirName:CN = x110 +- DirName:CN = x111 +- DirName:CN = x112 +- DirName:CN = x113 +- DirName:CN = x114 +- DirName:CN = x115 +- DirName:CN = x116 +- DirName:CN = x117 +- DirName:CN = x118 +- DirName:CN = x119 +- DirName:CN = x120 +- DirName:CN = x121 +- DirName:CN = x122 +- DirName:CN = x123 +- DirName:CN = x124 +- DirName:CN = x125 +- DirName:CN = x126 +- DirName:CN = x127 +- DirName:CN = x128 +- DirName:CN = x129 +- DirName:CN = x130 +- DirName:CN = x131 +- DirName:CN = x132 +- DirName:CN = x133 +- DirName:CN = x134 +- DirName:CN = x135 +- DirName:CN = x136 +- DirName:CN = x137 +- DirName:CN = x138 +- DirName:CN = x139 +- DirName:CN = x140 +- DirName:CN = x141 +- DirName:CN = x142 +- DirName:CN = x143 +- DirName:CN = x144 +- DirName:CN = x145 +- DirName:CN = x146 +- DirName:CN = x147 +- DirName:CN = x148 +- DirName:CN = x149 +- DirName:CN = x150 +- DirName:CN = x151 +- DirName:CN = x152 +- DirName:CN = x153 +- DirName:CN = x154 +- DirName:CN = x155 +- DirName:CN = x156 +- DirName:CN = x157 +- DirName:CN = x158 +- DirName:CN = x159 +- DirName:CN = x160 +- DirName:CN = x161 +- DirName:CN = x162 +- DirName:CN = x163 +- DirName:CN = x164 +- DirName:CN = x165 +- DirName:CN = x166 +- DirName:CN = x167 +- DirName:CN = x168 +- DirName:CN = x169 +- DirName:CN = x170 +- DirName:CN = x171 +- DirName:CN = x172 +- DirName:CN = x173 +- DirName:CN = x174 +- DirName:CN = x175 +- DirName:CN = x176 +- DirName:CN = x177 +- DirName:CN = x178 +- DirName:CN = x179 +- DirName:CN = x180 +- DirName:CN = x181 +- DirName:CN = x182 +- DirName:CN = x183 +- DirName:CN = x184 +- DirName:CN = x185 +- DirName:CN = x186 +- DirName:CN = x187 +- DirName:CN = x188 +- DirName:CN = x189 +- DirName:CN = x190 +- DirName:CN = x191 +- DirName:CN = x192 +- DirName:CN = x193 +- DirName:CN = x194 +- DirName:CN = x195 +- DirName:CN = x196 +- DirName:CN = x197 +- DirName:CN = x198 +- DirName:CN = x199 +- DirName:CN = x200 +- DirName:CN = x201 +- DirName:CN = x202 +- DirName:CN = x203 +- DirName:CN = x204 +- DirName:CN = x205 +- DirName:CN = x206 +- DirName:CN = x207 +- DirName:CN = x208 +- DirName:CN = x209 +- DirName:CN = x210 +- DirName:CN = x211 +- DirName:CN = x212 +- DirName:CN = x213 +- DirName:CN = x214 +- DirName:CN = x215 +- DirName:CN = x216 +- DirName:CN = x217 +- DirName:CN = x218 +- DirName:CN = x219 +- DirName:CN = x220 +- DirName:CN = x221 +- DirName:CN = x222 +- DirName:CN = x223 +- DirName:CN = x224 +- DirName:CN = x225 +- DirName:CN = x226 +- DirName:CN = x227 +- DirName:CN = x228 +- DirName:CN = x229 +- DirName:CN = x230 +- DirName:CN = x231 +- DirName:CN = x232 +- DirName:CN = x233 +- DirName:CN = x234 +- DirName:CN = x235 +- DirName:CN = x236 +- DirName:CN = x237 +- DirName:CN = x238 +- DirName:CN = x239 +- DirName:CN = x240 +- DirName:CN = x241 +- DirName:CN = x242 +- DirName:CN = x243 +- DirName:CN = x244 +- DirName:CN = x245 +- DirName:CN = x246 +- DirName:CN = x247 +- DirName:CN = x248 +- DirName:CN = x249 +- DirName:CN = x250 +- DirName:CN = x251 +- DirName:CN = x252 +- DirName:CN = x253 +- DirName:CN = x254 +- DirName:CN = x255 +- DirName:CN = x256 +- DirName:CN = x257 +- DirName:CN = x258 +- DirName:CN = x259 +- DirName:CN = x260 +- DirName:CN = x261 +- DirName:CN = x262 +- DirName:CN = x263 +- DirName:CN = x264 +- DirName:CN = x265 +- DirName:CN = x266 +- DirName:CN = x267 +- DirName:CN = x268 +- DirName:CN = x269 +- DirName:CN = x270 +- DirName:CN = x271 +- DirName:CN = x272 +- DirName:CN = x273 +- DirName:CN = x274 +- DirName:CN = x275 +- DirName:CN = x276 +- DirName:CN = x277 +- DirName:CN = x278 +- DirName:CN = x279 +- DirName:CN = x280 +- DirName:CN = x281 +- DirName:CN = x282 +- DirName:CN = x283 +- DirName:CN = x284 +- DirName:CN = x285 +- DirName:CN = x286 +- DirName:CN = x287 +- DirName:CN = x288 +- DirName:CN = x289 +- DirName:CN = x290 +- DirName:CN = x291 +- DirName:CN = x292 +- DirName:CN = x293 +- DirName:CN = x294 +- DirName:CN = x295 +- DirName:CN = x296 +- DirName:CN = x297 +- DirName:CN = x298 +- DirName:CN = x299 +- DirName:CN = x300 +- DirName:CN = x301 +- DirName:CN = x302 +- DirName:CN = x303 +- DirName:CN = x304 +- DirName:CN = x305 +- DirName:CN = x306 +- DirName:CN = x307 +- DirName:CN = x308 +- DirName:CN = x309 +- DirName:CN = x310 +- DirName:CN = x311 +- DirName:CN = x312 +- DirName:CN = x313 +- DirName:CN = x314 +- DirName:CN = x315 +- DirName:CN = x316 +- DirName:CN = x317 +- DirName:CN = x318 +- DirName:CN = x319 +- DirName:CN = x320 +- DirName:CN = x321 +- DirName:CN = x322 +- DirName:CN = x323 +- DirName:CN = x324 +- DirName:CN = x325 +- DirName:CN = x326 +- DirName:CN = x327 +- DirName:CN = x328 +- DirName:CN = x329 +- DirName:CN = x330 +- DirName:CN = x331 +- DirName:CN = x332 +- DirName:CN = x333 +- DirName:CN = x334 +- DirName:CN = x335 +- DirName:CN = x336 +- DirName:CN = x337 +- DirName:CN = x338 +- DirName:CN = x339 +- DirName:CN = x340 +- DirName:CN = x341 +- DirName:CN = x342 +- DirName:CN = x343 +- DirName:CN = x344 +- DirName:CN = x345 +- DirName:CN = x346 +- DirName:CN = x347 +- DirName:CN = x348 +- DirName:CN = x349 +- DirName:CN = x350 +- DirName:CN = x351 +- DirName:CN = x352 +- DirName:CN = x353 +- DirName:CN = x354 +- DirName:CN = x355 +- DirName:CN = x356 +- DirName:CN = x357 +- DirName:CN = x358 +- DirName:CN = x359 +- DirName:CN = x360 +- DirName:CN = x361 +- DirName:CN = x362 +- DirName:CN = x363 +- DirName:CN = x364 +- DirName:CN = x365 +- DirName:CN = x366 +- DirName:CN = x367 +- DirName:CN = x368 +- DirName:CN = x369 +- DirName:CN = x370 +- DirName:CN = x371 +- DirName:CN = x372 +- DirName:CN = x373 +- DirName:CN = x374 +- DirName:CN = x375 +- DirName:CN = x376 +- DirName:CN = x377 +- DirName:CN = x378 +- DirName:CN = x379 +- DirName:CN = x380 +- DirName:CN = x381 +- DirName:CN = x382 +- DirName:CN = x383 +- DirName:CN = x384 +- DirName:CN = x385 +- DirName:CN = x386 +- DirName:CN = x387 +- DirName:CN = x388 +- DirName:CN = x389 +- DirName:CN = x390 +- DirName:CN = x391 +- DirName:CN = x392 +- DirName:CN = x393 +- DirName:CN = x394 +- DirName:CN = x395 +- DirName:CN = x396 +- DirName:CN = x397 +- DirName:CN = x398 +- DirName:CN = x399 +- DirName:CN = x400 +- DirName:CN = x401 +- DirName:CN = x402 +- DirName:CN = x403 +- DirName:CN = x404 +- DirName:CN = x405 +- DirName:CN = x406 +- DirName:CN = x407 +- DirName:CN = x408 +- DirName:CN = x409 +- DirName:CN = x410 +- DirName:CN = x411 +- DirName:CN = x412 +- DirName:CN = x413 +- DirName:CN = x414 +- DirName:CN = x415 +- DirName:CN = x416 +- DirName:CN = x417 +- DirName:CN = x418 ++ DirName: CN = x0 ++ DirName: CN = x1 ++ DirName: CN = x2 ++ DirName: CN = x3 ++ DirName: CN = x4 ++ DirName: CN = x5 ++ DirName: CN = x6 ++ DirName: CN = x7 ++ DirName: CN = x8 ++ DirName: CN = x9 ++ DirName: CN = x10 ++ DirName: CN = x11 ++ DirName: CN = x12 ++ DirName: CN = x13 ++ DirName: CN = x14 ++ DirName: CN = x15 ++ DirName: CN = x16 ++ DirName: CN = x17 ++ DirName: CN = x18 ++ DirName: CN = x19 ++ DirName: CN = x20 ++ DirName: CN = x21 ++ DirName: CN = x22 ++ DirName: CN = x23 ++ DirName: CN = x24 ++ DirName: CN = x25 ++ DirName: CN = x26 ++ DirName: CN = x27 ++ DirName: CN = x28 ++ DirName: CN = x29 ++ DirName: CN = x30 ++ DirName: CN = x31 ++ DirName: CN = x32 ++ DirName: CN = x33 ++ DirName: CN = x34 ++ DirName: CN = x35 ++ DirName: CN = x36 ++ DirName: CN = x37 ++ DirName: CN = x38 ++ DirName: CN = x39 ++ DirName: CN = x40 ++ DirName: CN = x41 ++ DirName: CN = x42 ++ DirName: CN = x43 ++ DirName: CN = x44 ++ DirName: CN = x45 ++ DirName: CN = x46 ++ DirName: CN = x47 ++ DirName: CN = x48 ++ DirName: CN = x49 ++ DirName: CN = x50 ++ DirName: CN = x51 ++ DirName: CN = x52 ++ DirName: CN = x53 ++ DirName: CN = x54 ++ DirName: CN = x55 ++ DirName: CN = x56 ++ DirName: CN = x57 ++ DirName: CN = x58 ++ DirName: CN = x59 ++ DirName: CN = x60 ++ DirName: CN = x61 ++ DirName: CN = x62 ++ DirName: CN = x63 ++ DirName: CN = x64 ++ DirName: CN = x65 ++ DirName: CN = x66 ++ DirName: CN = x67 ++ DirName: CN = x68 ++ DirName: CN = x69 ++ DirName: CN = x70 ++ DirName: CN = x71 ++ DirName: CN = x72 ++ DirName: CN = x73 ++ DirName: CN = x74 ++ DirName: CN = x75 ++ DirName: CN = x76 ++ DirName: CN = x77 ++ DirName: CN = x78 ++ DirName: CN = x79 ++ DirName: CN = x80 ++ DirName: CN = x81 ++ DirName: CN = x82 ++ DirName: CN = x83 ++ DirName: CN = x84 ++ DirName: CN = x85 ++ DirName: CN = x86 ++ DirName: CN = x87 ++ DirName: CN = x88 ++ DirName: CN = x89 ++ DirName: CN = x90 ++ DirName: CN = x91 ++ DirName: CN = x92 ++ DirName: CN = x93 ++ DirName: CN = x94 ++ DirName: CN = x95 ++ DirName: CN = x96 ++ DirName: CN = x97 ++ DirName: CN = x98 ++ DirName: CN = x99 ++ DirName: CN = x100 ++ DirName: CN = x101 ++ DirName: CN = x102 ++ DirName: CN = x103 ++ DirName: CN = x104 ++ DirName: CN = x105 ++ DirName: CN = x106 ++ DirName: CN = x107 ++ DirName: CN = x108 ++ DirName: CN = x109 ++ DirName: CN = x110 ++ DirName: CN = x111 ++ DirName: CN = x112 ++ DirName: CN = x113 ++ DirName: CN = x114 ++ DirName: CN = x115 ++ DirName: CN = x116 ++ DirName: CN = x117 ++ DirName: CN = x118 ++ DirName: CN = x119 ++ DirName: CN = x120 ++ DirName: CN = x121 ++ DirName: CN = x122 ++ DirName: CN = x123 ++ DirName: CN = x124 ++ DirName: CN = x125 ++ DirName: CN = x126 ++ DirName: CN = x127 ++ DirName: CN = x128 ++ DirName: CN = x129 ++ DirName: CN = x130 ++ DirName: CN = x131 ++ DirName: CN = x132 ++ DirName: CN = x133 ++ DirName: CN = x134 ++ DirName: CN = x135 ++ DirName: CN = x136 ++ DirName: CN = x137 ++ DirName: CN = x138 ++ DirName: CN = x139 ++ DirName: CN = x140 ++ DirName: CN = x141 ++ DirName: CN = x142 ++ DirName: CN = x143 ++ DirName: CN = x144 ++ DirName: CN = x145 ++ DirName: CN = x146 ++ DirName: CN = x147 ++ DirName: CN = x148 ++ DirName: CN = x149 ++ DirName: CN = x150 ++ DirName: CN = x151 ++ DirName: CN = x152 ++ DirName: CN = x153 ++ DirName: CN = x154 ++ DirName: CN = x155 ++ DirName: CN = x156 ++ DirName: CN = x157 ++ DirName: CN = x158 ++ DirName: CN = x159 ++ DirName: CN = x160 ++ DirName: CN = x161 ++ DirName: CN = x162 ++ DirName: CN = x163 ++ DirName: CN = x164 ++ DirName: CN = x165 ++ DirName: CN = x166 ++ DirName: CN = x167 ++ DirName: CN = x168 ++ DirName: CN = x169 + + Signature Algorithm: sha256WithRSAEncryption +- 78:77:cf:93:5f:bd:ff:3f:90:a4:39:4b:72:18:90:72:32:7c: +- f7:dc:b3:6d:f4:ce:c9:99:72:d9:63:06:88:85:d8:91:20:35: +- 72:4d:09:b5:02:89:50:63:5e:69:59:5f:f9:c1:e7:0f:d6:55: +- 6b:67:0d:f7:b0:83:02:18:d5:75:ba:06:96:e5:3f:fa:c4:0f: +- 30:79:bc:43:9b:6e:e6:15:c2:87:bc:57:4f:3a:7c:37:bb:15: +- 90:f3:d7:ad:42:44:c3:ad:cb:f4:fa:0f:32:25:9b:5a:2a:0b: +- 7e:2a:f1:eb:35:7f:f2:7d:60:4b:e3:8f:fc:01:a6:be:cc:8b: +- 4a:e6:5f:ec:42:47:e4:66:5a:4f:20:b2:7b:cc:51:27:91:ea: +- b0:df:70:9f:e5:77:6a:62:25:12:da:7a:f2:54:4f:3e:b8:18: +- a9:63:4d:50:02:f0:4d:ec:1d:bc:7c:3a:7b:7e:0f:6b:b7:30: +- 61:e7:43:1c:ba:c5:8e:c6:9e:14:0d:7f:07:e0:66:6b:1d:32: +- d3:2e:a6:e1:16:f6:2e:d5:b1:56:ae:88:f9:e4:a8:1d:f7:67: +- ac:d0:2e:2c:ab:04:44:4b:67:7f:03:07:9d:f8:4d:b7:82:31: +- 4f:23:37:5e:8e:d7:e3:fa:52:94:a2:27:98:79:9b:4e:33:99: +- 45:a4:d6:98 ++ 9f:cb:83:7b:e2:3c:57:27:25:ec:82:3f:30:c2:ff:12:51:71: ++ 3f:d5:94:05:1a:5b:58:44:80:b4:89:1e:e0:89:45:e5:e3:72: ++ 8b:c4:d8:ca:54:a3:db:f2:a3:fd:16:00:c1:86:21:e2:ed:e3: ++ 6c:94:7e:09:ae:ed:36:1c:e3:97:6f:3d:0a:b1:39:78:7a:b3: ++ b9:ce:c3:68:ee:60:27:7c:cb:6b:33:3c:5f:a2:6a:99:d4:08: ++ 2a:e9:21:04:ea:12:d9:28:53:1f:cc:af:ab:41:a3:6e:34:fa: ++ 56:56:44:d5:c5:10:bd:f4:37:3b:45:94:74:19:b2:49:cf:0f: ++ 98:94:75:68:ec:4e:6f:b0:41:ac:f7:38:02:1d:dd:1f:14:f6: ++ b5:c6:0c:a2:b2:a7:07:75:99:54:4e:fe:68:0c:1d:ae:a0:90: ++ d7:d5:64:60:15:ff:c7:fd:31:da:ab:50:43:44:b7:cc:3f:d2: ++ ee:e4:03:3e:a0:9d:8e:81:48:21:86:34:66:27:be:b2:73:01: ++ 2b:65:ee:51:3b:57:3f:76:51:ad:82:fc:7e:c9:ce:89:38:04: ++ 5f:c9:f6:41:62:32:60:b2:b9:d1:fe:4e:78:d6:a5:79:56:7b: ++ 57:e4:1d:42:7a:1f:aa:f7:b0:d0:82:ba:d4:f1:bb:f9:9c:ec: ++ ca:e7:f7:09 + -----BEGIN CERTIFICATE----- +-MIKYdzCCl1+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vcwDQYJKoZIhvcNAQEL ++MII/SzCCPjOgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vcwDQYJKoZIhvcNAQEL + BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw + MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +@@ -3000,12 +1454,12 @@ rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu + mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy + TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx + 2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +-GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOClcEwgpW9MB0GA1Ud ++GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCPJUwgjyRMB0GA1Ud + DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM + TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 + cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs + LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +-Af8wgpTxBgNVHR4EgpToMIKU5KCCSm4wCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC ++Af8wgjvFBgNVHR4Egju8MII7uKCCHgAwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC + B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu + dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz + dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +@@ -3049,763 +1503,287 @@ MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw + C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 + ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx + NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +-ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDALggl0MTcyLnRl +-c3QwC4IJdDE3My50ZXN0MAuCCXQxNzQudGVzdDALggl0MTc1LnRlc3QwC4IJdDE3 +-Ni50ZXN0MAuCCXQxNzcudGVzdDALggl0MTc4LnRlc3QwC4IJdDE3OS50ZXN0MAuC +-CXQxODAudGVzdDALggl0MTgxLnRlc3QwC4IJdDE4Mi50ZXN0MAuCCXQxODMudGVz +-dDALggl0MTg0LnRlc3QwC4IJdDE4NS50ZXN0MAuCCXQxODYudGVzdDALggl0MTg3 +-LnRlc3QwC4IJdDE4OC50ZXN0MAuCCXQxODkudGVzdDALggl0MTkwLnRlc3QwC4IJ +-dDE5MS50ZXN0MAuCCXQxOTIudGVzdDALggl0MTkzLnRlc3QwC4IJdDE5NC50ZXN0 +-MAuCCXQxOTUudGVzdDALggl0MTk2LnRlc3QwC4IJdDE5Ny50ZXN0MAuCCXQxOTgu +-dGVzdDALggl0MTk5LnRlc3QwC4IJdDIwMC50ZXN0MAuCCXQyMDEudGVzdDALggl0 +-MjAyLnRlc3QwC4IJdDIwMy50ZXN0MAuCCXQyMDQudGVzdDALggl0MjA1LnRlc3Qw +-C4IJdDIwNi50ZXN0MAuCCXQyMDcudGVzdDALggl0MjA4LnRlc3QwC4IJdDIwOS50 +-ZXN0MAuCCXQyMTAudGVzdDALggl0MjExLnRlc3QwC4IJdDIxMi50ZXN0MAuCCXQy +-MTMudGVzdDALggl0MjE0LnRlc3QwC4IJdDIxNS50ZXN0MAuCCXQyMTYudGVzdDAL +-ggl0MjE3LnRlc3QwC4IJdDIxOC50ZXN0MAuCCXQyMTkudGVzdDALggl0MjIwLnRl +-c3QwC4IJdDIyMS50ZXN0MAuCCXQyMjIudGVzdDALggl0MjIzLnRlc3QwC4IJdDIy +-NC50ZXN0MAuCCXQyMjUudGVzdDALggl0MjI2LnRlc3QwC4IJdDIyNy50ZXN0MAuC +-CXQyMjgudGVzdDALggl0MjI5LnRlc3QwC4IJdDIzMC50ZXN0MAuCCXQyMzEudGVz +-dDALggl0MjMyLnRlc3QwC4IJdDIzMy50ZXN0MAuCCXQyMzQudGVzdDALggl0MjM1 +-LnRlc3QwC4IJdDIzNi50ZXN0MAuCCXQyMzcudGVzdDALggl0MjM4LnRlc3QwC4IJ +-dDIzOS50ZXN0MAuCCXQyNDAudGVzdDALggl0MjQxLnRlc3QwC4IJdDI0Mi50ZXN0 +-MAuCCXQyNDMudGVzdDALggl0MjQ0LnRlc3QwC4IJdDI0NS50ZXN0MAuCCXQyNDYu +-dGVzdDALggl0MjQ3LnRlc3QwC4IJdDI0OC50ZXN0MAuCCXQyNDkudGVzdDALggl0 +-MjUwLnRlc3QwC4IJdDI1MS50ZXN0MAuCCXQyNTIudGVzdDALggl0MjUzLnRlc3Qw +-C4IJdDI1NC50ZXN0MAuCCXQyNTUudGVzdDALggl0MjU2LnRlc3QwC4IJdDI1Ny50 +-ZXN0MAuCCXQyNTgudGVzdDALggl0MjU5LnRlc3QwC4IJdDI2MC50ZXN0MAuCCXQy +-NjEudGVzdDALggl0MjYyLnRlc3QwC4IJdDI2My50ZXN0MAuCCXQyNjQudGVzdDAL +-ggl0MjY1LnRlc3QwC4IJdDI2Ni50ZXN0MAuCCXQyNjcudGVzdDALggl0MjY4LnRl +-c3QwC4IJdDI2OS50ZXN0MAuCCXQyNzAudGVzdDALggl0MjcxLnRlc3QwC4IJdDI3 +-Mi50ZXN0MAuCCXQyNzMudGVzdDALggl0Mjc0LnRlc3QwC4IJdDI3NS50ZXN0MAuC +-CXQyNzYudGVzdDALggl0Mjc3LnRlc3QwC4IJdDI3OC50ZXN0MAuCCXQyNzkudGVz +-dDALggl0MjgwLnRlc3QwC4IJdDI4MS50ZXN0MAuCCXQyODIudGVzdDALggl0Mjgz +-LnRlc3QwC4IJdDI4NC50ZXN0MAuCCXQyODUudGVzdDALggl0Mjg2LnRlc3QwC4IJ +-dDI4Ny50ZXN0MAuCCXQyODgudGVzdDALggl0Mjg5LnRlc3QwC4IJdDI5MC50ZXN0 +-MAuCCXQyOTEudGVzdDALggl0MjkyLnRlc3QwC4IJdDI5My50ZXN0MAuCCXQyOTQu +-dGVzdDALggl0Mjk1LnRlc3QwC4IJdDI5Ni50ZXN0MAuCCXQyOTcudGVzdDALggl0 +-Mjk4LnRlc3QwC4IJdDI5OS50ZXN0MAuCCXQzMDAudGVzdDALggl0MzAxLnRlc3Qw +-C4IJdDMwMi50ZXN0MAuCCXQzMDMudGVzdDALggl0MzA0LnRlc3QwC4IJdDMwNS50 +-ZXN0MAuCCXQzMDYudGVzdDALggl0MzA3LnRlc3QwC4IJdDMwOC50ZXN0MAuCCXQz +-MDkudGVzdDALggl0MzEwLnRlc3QwC4IJdDMxMS50ZXN0MAuCCXQzMTIudGVzdDAL +-ggl0MzEzLnRlc3QwC4IJdDMxNC50ZXN0MAuCCXQzMTUudGVzdDALggl0MzE2LnRl +-c3QwC4IJdDMxNy50ZXN0MAuCCXQzMTgudGVzdDALggl0MzE5LnRlc3QwC4IJdDMy +-MC50ZXN0MAuCCXQzMjEudGVzdDALggl0MzIyLnRlc3QwC4IJdDMyMy50ZXN0MAuC +-CXQzMjQudGVzdDALggl0MzI1LnRlc3QwC4IJdDMyNi50ZXN0MAuCCXQzMjcudGVz +-dDALggl0MzI4LnRlc3QwC4IJdDMyOS50ZXN0MAuCCXQzMzAudGVzdDALggl0MzMx +-LnRlc3QwC4IJdDMzMi50ZXN0MAuCCXQzMzMudGVzdDALggl0MzM0LnRlc3QwC4IJ +-dDMzNS50ZXN0MAuCCXQzMzYudGVzdDALggl0MzM3LnRlc3QwC4IJdDMzOC50ZXN0 +-MAuCCXQzMzkudGVzdDALggl0MzQwLnRlc3QwC4IJdDM0MS50ZXN0MAuCCXQzNDIu +-dGVzdDALggl0MzQzLnRlc3QwC4IJdDM0NC50ZXN0MAuCCXQzNDUudGVzdDALggl0 +-MzQ2LnRlc3QwC4IJdDM0Ny50ZXN0MAuCCXQzNDgudGVzdDALggl0MzQ5LnRlc3Qw +-C4IJdDM1MC50ZXN0MAuCCXQzNTEudGVzdDALggl0MzUyLnRlc3QwC4IJdDM1My50 +-ZXN0MAuCCXQzNTQudGVzdDALggl0MzU1LnRlc3QwC4IJdDM1Ni50ZXN0MAuCCXQz +-NTcudGVzdDALggl0MzU4LnRlc3QwC4IJdDM1OS50ZXN0MAuCCXQzNjAudGVzdDAL +-ggl0MzYxLnRlc3QwC4IJdDM2Mi50ZXN0MAuCCXQzNjMudGVzdDALggl0MzY0LnRl +-c3QwC4IJdDM2NS50ZXN0MAuCCXQzNjYudGVzdDALggl0MzY3LnRlc3QwC4IJdDM2 +-OC50ZXN0MAuCCXQzNjkudGVzdDALggl0MzcwLnRlc3QwC4IJdDM3MS50ZXN0MAuC +-CXQzNzIudGVzdDALggl0MzczLnRlc3QwC4IJdDM3NC50ZXN0MAuCCXQzNzUudGVz +-dDALggl0Mzc2LnRlc3QwC4IJdDM3Ny50ZXN0MAuCCXQzNzgudGVzdDALggl0Mzc5 +-LnRlc3QwC4IJdDM4MC50ZXN0MAuCCXQzODEudGVzdDALggl0MzgyLnRlc3QwC4IJ +-dDM4My50ZXN0MAuCCXQzODQudGVzdDALggl0Mzg1LnRlc3QwC4IJdDM4Ni50ZXN0 +-MAuCCXQzODcudGVzdDALggl0Mzg4LnRlc3QwC4IJdDM4OS50ZXN0MAuCCXQzOTAu +-dGVzdDALggl0MzkxLnRlc3QwC4IJdDM5Mi50ZXN0MAuCCXQzOTMudGVzdDALggl0 +-Mzk0LnRlc3QwC4IJdDM5NS50ZXN0MAuCCXQzOTYudGVzdDALggl0Mzk3LnRlc3Qw +-C4IJdDM5OC50ZXN0MAuCCXQzOTkudGVzdDALggl0NDAwLnRlc3QwC4IJdDQwMS50 +-ZXN0MAuCCXQ0MDIudGVzdDALggl0NDAzLnRlc3QwC4IJdDQwNC50ZXN0MAuCCXQ0 +-MDUudGVzdDALggl0NDA2LnRlc3QwC4IJdDQwNy50ZXN0MAuCCXQ0MDgudGVzdDAL +-ggl0NDA5LnRlc3QwC4IJdDQxMC50ZXN0MAuCCXQ0MTEudGVzdDALggl0NDEyLnRl +-c3QwC4IJdDQxMy50ZXN0MAuCCXQ0MTQudGVzdDALggl0NDE1LnRlc3QwC4IJdDQx +-Ni50ZXN0MAuCCXQ0MTcudGVzdDALggl0NDE4LnRlc3QwCocICgAAAP////8wCocI +-CgAAAf////8wCocICgAAAv////8wCocICgAAA/////8wCocICgAABP////8wCocI +-CgAABf////8wCocICgAABv////8wCocICgAAB/////8wCocICgAACP////8wCocI +-CgAACf////8wCocICgAACv////8wCocICgAAC/////8wCocICgAADP////8wCocI +-CgAADf////8wCocICgAADv////8wCocICgAAD/////8wCocICgAAEP////8wCocI +-CgAAEf////8wCocICgAAEv////8wCocICgAAE/////8wCocICgAAFP////8wCocI +-CgAAFf////8wCocICgAAFv////8wCocICgAAF/////8wCocICgAAGP////8wCocI +-CgAAGf////8wCocICgAAGv////8wCocICgAAG/////8wCocICgAAHP////8wCocI +-CgAAHf////8wCocICgAAHv////8wCocICgAAH/////8wCocICgAAIP////8wCocI +-CgAAIf////8wCocICgAAIv////8wCocICgAAI/////8wCocICgAAJP////8wCocI +-CgAAJf////8wCocICgAAJv////8wCocICgAAJ/////8wCocICgAAKP////8wCocI +-CgAAKf////8wCocICgAAKv////8wCocICgAAK/////8wCocICgAALP////8wCocI +-CgAALf////8wCocICgAALv////8wCocICgAAL/////8wCocICgAAMP////8wCocI +-CgAAMf////8wCocICgAAMv////8wCocICgAAM/////8wCocICgAANP////8wCocI +-CgAANf////8wCocICgAANv////8wCocICgAAN/////8wCocICgAAOP////8wCocI +-CgAAOf////8wCocICgAAOv////8wCocICgAAO/////8wCocICgAAPP////8wCocI +-CgAAPf////8wCocICgAAPv////8wCocICgAAP/////8wCocICgAAQP////8wCocI +-CgAAQf////8wCocICgAAQv////8wCocICgAAQ/////8wCocICgAARP////8wCocI +-CgAARf////8wCocICgAARv////8wCocICgAAR/////8wCocICgAASP////8wCocI +-CgAASf////8wCocICgAASv////8wCocICgAAS/////8wCocICgAATP////8wCocI +-CgAATf////8wCocICgAATv////8wCocICgAAT/////8wCocICgAAUP////8wCocI +-CgAAUf////8wCocICgAAUv////8wCocICgAAU/////8wCocICgAAVP////8wCocI +-CgAAVf////8wCocICgAAVv////8wCocICgAAV/////8wCocICgAAWP////8wCocI +-CgAAWf////8wCocICgAAWv////8wCocICgAAW/////8wCocICgAAXP////8wCocI +-CgAAXf////8wCocICgAAXv////8wCocICgAAX/////8wCocICgAAYP////8wCocI +-CgAAYf////8wCocICgAAYv////8wCocICgAAY/////8wCocICgAAZP////8wCocI +-CgAAZf////8wCocICgAAZv////8wCocICgAAZ/////8wCocICgAAaP////8wCocI +-CgAAaf////8wCocICgAAav////8wCocICgAAa/////8wCocICgAAbP////8wCocI +-CgAAbf////8wCocICgAAbv////8wCocICgAAb/////8wCocICgAAcP////8wCocI +-CgAAcf////8wCocICgAAcv////8wCocICgAAc/////8wCocICgAAdP////8wCocI +-CgAAdf////8wCocICgAAdv////8wCocICgAAd/////8wCocICgAAeP////8wCocI +-CgAAef////8wCocICgAAev////8wCocICgAAe/////8wCocICgAAfP////8wCocI +-CgAAff////8wCocICgAAfv////8wCocICgAAf/////8wCocICgAAgP////8wCocI +-CgAAgf////8wCocICgAAgv////8wCocICgAAg/////8wCocICgAAhP////8wCocI +-CgAAhf////8wCocICgAAhv////8wCocICgAAh/////8wCocICgAAiP////8wCocI +-CgAAif////8wCocICgAAiv////8wCocICgAAi/////8wCocICgAAjP////8wCocI +-CgAAjf////8wCocICgAAjv////8wCocICgAAj/////8wCocICgAAkP////8wCocI +-CgAAkf////8wCocICgAAkv////8wCocICgAAk/////8wCocICgAAlP////8wCocI +-CgAAlf////8wCocICgAAlv////8wCocICgAAl/////8wCocICgAAmP////8wCocI +-CgAAmf////8wCocICgAAmv////8wCocICgAAm/////8wCocICgAAnP////8wCocI +-CgAAnf////8wCocICgAAnv////8wCocICgAAn/////8wCocICgAAoP////8wCocI +-CgAAof////8wCocICgAAov////8wCocICgAAo/////8wCocICgAApP////8wCocI +-CgAApf////8wCocICgAApv////8wCocICgAAp/////8wCocICgAAqP////8wCocI +-CgAAqf////8wCocICgAAqv////8wCocICgAAq/////8wCocICgAArP////8wCocI +-CgAArf////8wCocICgAArv////8wCocICgAAr/////8wCocICgAAsP////8wCocI +-CgAAsf////8wCocICgAAsv////8wCocICgAAs/////8wCocICgAAtP////8wCocI +-CgAAtf////8wCocICgAAtv////8wCocICgAAt/////8wCocICgAAuP////8wCocI +-CgAAuf////8wCocICgAAuv////8wCocICgAAu/////8wCocICgAAvP////8wCocI +-CgAAvf////8wCocICgAAvv////8wCocICgAAv/////8wCocICgAAwP////8wCocI +-CgAAwf////8wCocICgAAwv////8wCocICgAAw/////8wCocICgAAxP////8wCocI +-CgAAxf////8wCocICgAAxv////8wCocICgAAx/////8wCocICgAAyP////8wCocI +-CgAAyf////8wCocICgAAyv////8wCocICgAAy/////8wCocICgAAzP////8wCocI +-CgAAzf////8wCocICgAAzv////8wCocICgAAz/////8wCocICgAA0P////8wCocI +-CgAA0f////8wCocICgAA0v////8wCocICgAA0/////8wCocICgAA1P////8wCocI +-CgAA1f////8wCocICgAA1v////8wCocICgAA1/////8wCocICgAA2P////8wCocI +-CgAA2f////8wCocICgAA2v////8wCocICgAA2/////8wCocICgAA3P////8wCocI +-CgAA3f////8wCocICgAA3v////8wCocICgAA3/////8wCocICgAA4P////8wCocI +-CgAA4f////8wCocICgAA4v////8wCocICgAA4/////8wCocICgAA5P////8wCocI +-CgAA5f////8wCocICgAA5v////8wCocICgAA5/////8wCocICgAA6P////8wCocI +-CgAA6f////8wCocICgAA6v////8wCocICgAA6/////8wCocICgAA7P////8wCocI +-CgAA7f////8wCocICgAA7v////8wCocICgAA7/////8wCocICgAA8P////8wCocI +-CgAA8f////8wCocICgAA8v////8wCocICgAA8/////8wCocICgAA9P////8wCocI +-CgAA9f////8wCocICgAA9v////8wCocICgAA9/////8wCocICgAA+P////8wCocI +-CgAA+f////8wCocICgAA+v////8wCocICgAA+/////8wCocICgAA/P////8wCocI +-CgAA/f////8wCocICgAA/v////8wCocICgAA//////8wCocICgABAP////8wCocI +-CgABAf////8wCocICgABAv////8wCocICgABA/////8wCocICgABBP////8wCocI +-CgABBf////8wCocICgABBv////8wCocICgABB/////8wCocICgABCP////8wCocI +-CgABCf////8wCocICgABCv////8wCocICgABC/////8wCocICgABDP////8wCocI +-CgABDf////8wCocICgABDv////8wCocICgABD/////8wCocICgABEP////8wCocI +-CgABEf////8wCocICgABEv////8wCocICgABE/////8wCocICgABFP////8wCocI +-CgABFf////8wCocICgABFv////8wCocICgABF/////8wCocICgABGP////8wCocI +-CgABGf////8wCocICgABGv////8wCocICgABG/////8wCocICgABHP////8wCocI +-CgABHf////8wCocICgABHv////8wCocICgABH/////8wCocICgABIP////8wCocI +-CgABIf////8wCocICgABIv////8wCocICgABI/////8wCocICgABJP////8wCocI +-CgABJf////8wCocICgABJv////8wCocICgABJ/////8wCocICgABKP////8wCocI +-CgABKf////8wCocICgABKv////8wCocICgABK/////8wCocICgABLP////8wCocI +-CgABLf////8wCocICgABLv////8wCocICgABL/////8wCocICgABMP////8wCocI +-CgABMf////8wCocICgABMv////8wCocICgABM/////8wCocICgABNP////8wCocI +-CgABNf////8wCocICgABNv////8wCocICgABN/////8wCocICgABOP////8wCocI +-CgABOf////8wCocICgABOv////8wCocICgABO/////8wCocICgABPP////8wCocI +-CgABPf////8wCocICgABPv////8wCocICgABP/////8wCocICgABQP////8wCocI +-CgABQf////8wCocICgABQv////8wCocICgABQ/////8wCocICgABRP////8wCocI +-CgABRf////8wCocICgABRv////8wCocICgABR/////8wCocICgABSP////8wCocI +-CgABSf////8wCocICgABSv////8wCocICgABS/////8wCocICgABTP////8wCocI +-CgABTf////8wCocICgABTv////8wCocICgABT/////8wCocICgABUP////8wCocI +-CgABUf////8wCocICgABUv////8wCocICgABU/////8wCocICgABVP////8wCocI +-CgABVf////8wCocICgABVv////8wCocICgABV/////8wCocICgABWP////8wCocI +-CgABWf////8wCocICgABWv////8wCocICgABW/////8wCocICgABXP////8wCocI +-CgABXf////8wCocICgABXv////8wCocICgABX/////8wCocICgABYP////8wCocI +-CgABYf////8wCocICgABYv////8wCocICgABY/////8wCocICgABZP////8wCocI +-CgABZf////8wCocICgABZv////8wCocICgABZ/////8wCocICgABaP////8wCocI +-CgABaf////8wCocICgABav////8wCocICgABa/////8wCocICgABbP////8wCocI +-CgABbf////8wCocICgABbv////8wCocICgABb/////8wCocICgABcP////8wCocI +-CgABcf////8wCocICgABcv////8wCocICgABc/////8wCocICgABdP////8wCocI +-CgABdf////8wCocICgABdv////8wCocICgABd/////8wCocICgABeP////8wCocI +-CgABef////8wCocICgABev////8wCocICgABe/////8wCocICgABfP////8wCocI +-CgABff////8wCocICgABfv////8wCocICgABf/////8wCocICgABgP////8wCocI +-CgABgf////8wCocICgABgv////8wCocICgABg/////8wCocICgABhP////8wCocI +-CgABhf////8wCocICgABhv////8wCocICgABh/////8wCocICgABiP////8wCocI +-CgABif////8wCocICgABiv////8wCocICgABi/////8wCocICgABjP////8wCocI +-CgABjf////8wCocICgABjv////8wCocICgABj/////8wCocICgABkP////8wCocI +-CgABkf////8wCocICgABkv////8wCocICgABk/////8wCocICgABlP////8wCocI +-CgABlf////8wCocICgABlv////8wCocICgABl/////8wCocICgABmP////8wCocI +-CgABmf////8wCocICgABmv////8wCocICgABm/////8wCocICgABnP////8wCocI +-CgABnf////8wCocICgABnv////8wCocICgABn/////8wCocICgABoP////8wCocI +-CgABof////8wCocICgABov////8wEaQPMA0xCzAJBgNVBAMMAnQwMBGkDzANMQsw +-CQYDVQQDDAJ0MTARpA8wDTELMAkGA1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMMAnQz +-MBGkDzANMQswCQYDVQQDDAJ0NDARpA8wDTELMAkGA1UEAwwCdDUwEaQPMA0xCzAJ +-BgNVBAMMAnQ2MBGkDzANMQswCQYDVQQDDAJ0NzARpA8wDTELMAkGA1UEAwwCdDgw +-EaQPMA0xCzAJBgNVBAMMAnQ5MBKkEDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4xDDAK +-BgNVBAMMA3QxMTASpBAwDjEMMAoGA1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQDDAN0 +-MTMwEqQQMA4xDDAKBgNVBAMMA3QxNDASpBAwDjEMMAoGA1UEAwwDdDE1MBKkEDAO +-MQwwCgYDVQQDDAN0MTYwEqQQMA4xDDAKBgNVBAMMA3QxNzASpBAwDjEMMAoGA1UE +-AwwDdDE4MBKkEDAOMQwwCgYDVQQDDAN0MTkwEqQQMA4xDDAKBgNVBAMMA3QyMDAS +-pBAwDjEMMAoGA1UEAwwDdDIxMBKkEDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4xDDAK +-BgNVBAMMA3QyMzASpBAwDjEMMAoGA1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQDDAN0 +-MjUwEqQQMA4xDDAKBgNVBAMMA3QyNjASpBAwDjEMMAoGA1UEAwwDdDI3MBKkEDAO +-MQwwCgYDVQQDDAN0MjgwEqQQMA4xDDAKBgNVBAMMA3QyOTASpBAwDjEMMAoGA1UE +-AwwDdDMwMBKkEDAOMQwwCgYDVQQDDAN0MzEwEqQQMA4xDDAKBgNVBAMMA3QzMjAS +-pBAwDjEMMAoGA1UEAwwDdDMzMBKkEDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4xDDAK +-BgNVBAMMA3QzNTASpBAwDjEMMAoGA1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQDDAN0 +-MzcwEqQQMA4xDDAKBgNVBAMMA3QzODASpBAwDjEMMAoGA1UEAwwDdDM5MBKkEDAO +-MQwwCgYDVQQDDAN0NDAwEqQQMA4xDDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoGA1UE +-AwwDdDQyMBKkEDAOMQwwCgYDVQQDDAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0NDAS +-pBAwDjEMMAoGA1UEAwwDdDQ1MBKkEDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4xDDAK +-BgNVBAMMA3Q0NzASpBAwDjEMMAoGA1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQDDAN0 +-NDkwEqQQMA4xDDAKBgNVBAMMA3Q1MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKkEDAO +-MQwwCgYDVQQDDAN0NTIwEqQQMA4xDDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoGA1UE +-AwwDdDU0MBKkEDAOMQwwCgYDVQQDDAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1NjAS +-pBAwDjEMMAoGA1UEAwwDdDU3MBKkEDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4xDDAK +-BgNVBAMMA3Q1OTASpBAwDjEMMAoGA1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQDDAN0 +-NjEwEqQQMA4xDDAKBgNVBAMMA3Q2MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKkEDAO +-MQwwCgYDVQQDDAN0NjQwEqQQMA4xDDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoGA1UE +-AwwDdDY2MBKkEDAOMQwwCgYDVQQDDAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2ODAS +-pBAwDjEMMAoGA1UEAwwDdDY5MBKkEDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4xDDAK +-BgNVBAMMA3Q3MTASpBAwDjEMMAoGA1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQDDAN0 +-NzMwEqQQMA4xDDAKBgNVBAMMA3Q3NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKkEDAO +-MQwwCgYDVQQDDAN0NzYwEqQQMA4xDDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoGA1UE +-AwwDdDc4MBKkEDAOMQwwCgYDVQQDDAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4MDAS +-pBAwDjEMMAoGA1UEAwwDdDgxMBKkEDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4xDDAK +-BgNVBAMMA3Q4MzASpBAwDjEMMAoGA1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQDDAN0 +-ODUwEqQQMA4xDDAKBgNVBAMMA3Q4NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKkEDAO +-MQwwCgYDVQQDDAN0ODgwEqQQMA4xDDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoGA1UE +-AwwDdDkwMBKkEDAOMQwwCgYDVQQDDAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5MjAS +-pBAwDjEMMAoGA1UEAwwDdDkzMBKkEDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4xDDAK +-BgNVBAMMA3Q5NTASpBAwDjEMMAoGA1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQDDAN0 +-OTcwEqQQMA4xDDAKBgNVBAMMA3Q5ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOkETAP +-MQ0wCwYDVQQDDAR0MTAwMBOkETAPMQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0wCwYD +-VQQDDAR0MTAyMBOkETAPMQ0wCwYDVQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQDDAR0 +-MTA0MBOkETAPMQ0wCwYDVQQDDAR0MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2MBOk +-ETAPMQ0wCwYDVQQDDAR0MTA3MBOkETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAPMQ0w +-CwYDVQQDDAR0MTA5MBOkETAPMQ0wCwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYDVQQD +-DAR0MTExMBOkETAPMQ0wCwYDVQQDDAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0MTEz +-MBOkETAPMQ0wCwYDVQQDDAR0MTE0MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOkETAP +-MQ0wCwYDVQQDDAR0MTE2MBOkETAPMQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0wCwYD +-VQQDDAR0MTE4MBOkETAPMQ0wCwYDVQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQDDAR0 +-MTIwMBOkETAPMQ0wCwYDVQQDDAR0MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIyMBOk +-ETAPMQ0wCwYDVQQDDAR0MTIzMBOkETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAPMQ0w +-CwYDVQQDDAR0MTI1MBOkETAPMQ0wCwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYDVQQD +-DAR0MTI3MBOkETAPMQ0wCwYDVQQDDAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0MTI5 +-MBOkETAPMQ0wCwYDVQQDDAR0MTMwMBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOkETAP +-MQ0wCwYDVQQDDAR0MTMyMBOkETAPMQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0wCwYD +-VQQDDAR0MTM0MBOkETAPMQ0wCwYDVQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQDDAR0 +-MTM2MBOkETAPMQ0wCwYDVQQDDAR0MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4MBOk +-ETAPMQ0wCwYDVQQDDAR0MTM5MBOkETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAPMQ0w +-CwYDVQQDDAR0MTQxMBOkETAPMQ0wCwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYDVQQD +-DAR0MTQzMBOkETAPMQ0wCwYDVQQDDAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0MTQ1 +-MBOkETAPMQ0wCwYDVQQDDAR0MTQ2MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOkETAP +-MQ0wCwYDVQQDDAR0MTQ4MBOkETAPMQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0wCwYD +-VQQDDAR0MTUwMBOkETAPMQ0wCwYDVQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQDDAR0 +-MTUyMBOkETAPMQ0wCwYDVQQDDAR0MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0MBOk +-ETAPMQ0wCwYDVQQDDAR0MTU1MBOkETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAPMQ0w +-CwYDVQQDDAR0MTU3MBOkETAPMQ0wCwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYDVQQD +-DAR0MTU5MBOkETAPMQ0wCwYDVQQDDAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0MTYx +-MBOkETAPMQ0wCwYDVQQDDAR0MTYyMBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOkETAP +-MQ0wCwYDVQQDDAR0MTY0MBOkETAPMQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0wCwYD +-VQQDDAR0MTY2MBOkETAPMQ0wCwYDVQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQDDAR0 +-MTY4MBOkETAPMQ0wCwYDVQQDDAR0MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcwMBOk +-ETAPMQ0wCwYDVQQDDAR0MTcxMBOkETAPMQ0wCwYDVQQDDAR0MTcyMBOkETAPMQ0w +-CwYDVQQDDAR0MTczMBOkETAPMQ0wCwYDVQQDDAR0MTc0MBOkETAPMQ0wCwYDVQQD +-DAR0MTc1MBOkETAPMQ0wCwYDVQQDDAR0MTc2MBOkETAPMQ0wCwYDVQQDDAR0MTc3 +-MBOkETAPMQ0wCwYDVQQDDAR0MTc4MBOkETAPMQ0wCwYDVQQDDAR0MTc5MBOkETAP +-MQ0wCwYDVQQDDAR0MTgwMBOkETAPMQ0wCwYDVQQDDAR0MTgxMBOkETAPMQ0wCwYD +-VQQDDAR0MTgyMBOkETAPMQ0wCwYDVQQDDAR0MTgzMBOkETAPMQ0wCwYDVQQDDAR0 +-MTg0MBOkETAPMQ0wCwYDVQQDDAR0MTg1MBOkETAPMQ0wCwYDVQQDDAR0MTg2MBOk +-ETAPMQ0wCwYDVQQDDAR0MTg3MBOkETAPMQ0wCwYDVQQDDAR0MTg4MBOkETAPMQ0w +-CwYDVQQDDAR0MTg5MBOkETAPMQ0wCwYDVQQDDAR0MTkwMBOkETAPMQ0wCwYDVQQD +-DAR0MTkxMBOkETAPMQ0wCwYDVQQDDAR0MTkyMBOkETAPMQ0wCwYDVQQDDAR0MTkz +-MBOkETAPMQ0wCwYDVQQDDAR0MTk0MBOkETAPMQ0wCwYDVQQDDAR0MTk1MBOkETAP +-MQ0wCwYDVQQDDAR0MTk2MBOkETAPMQ0wCwYDVQQDDAR0MTk3MBOkETAPMQ0wCwYD +-VQQDDAR0MTk4MBOkETAPMQ0wCwYDVQQDDAR0MTk5MBOkETAPMQ0wCwYDVQQDDAR0 +-MjAwMBOkETAPMQ0wCwYDVQQDDAR0MjAxMBOkETAPMQ0wCwYDVQQDDAR0MjAyMBOk +-ETAPMQ0wCwYDVQQDDAR0MjAzMBOkETAPMQ0wCwYDVQQDDAR0MjA0MBOkETAPMQ0w +-CwYDVQQDDAR0MjA1MBOkETAPMQ0wCwYDVQQDDAR0MjA2MBOkETAPMQ0wCwYDVQQD +-DAR0MjA3MBOkETAPMQ0wCwYDVQQDDAR0MjA4MBOkETAPMQ0wCwYDVQQDDAR0MjA5 +-MBOkETAPMQ0wCwYDVQQDDAR0MjEwMBOkETAPMQ0wCwYDVQQDDAR0MjExMBOkETAP +-MQ0wCwYDVQQDDAR0MjEyMBOkETAPMQ0wCwYDVQQDDAR0MjEzMBOkETAPMQ0wCwYD +-VQQDDAR0MjE0MBOkETAPMQ0wCwYDVQQDDAR0MjE1MBOkETAPMQ0wCwYDVQQDDAR0 +-MjE2MBOkETAPMQ0wCwYDVQQDDAR0MjE3MBOkETAPMQ0wCwYDVQQDDAR0MjE4MBOk +-ETAPMQ0wCwYDVQQDDAR0MjE5MBOkETAPMQ0wCwYDVQQDDAR0MjIwMBOkETAPMQ0w +-CwYDVQQDDAR0MjIxMBOkETAPMQ0wCwYDVQQDDAR0MjIyMBOkETAPMQ0wCwYDVQQD +-DAR0MjIzMBOkETAPMQ0wCwYDVQQDDAR0MjI0MBOkETAPMQ0wCwYDVQQDDAR0MjI1 +-MBOkETAPMQ0wCwYDVQQDDAR0MjI2MBOkETAPMQ0wCwYDVQQDDAR0MjI3MBOkETAP +-MQ0wCwYDVQQDDAR0MjI4MBOkETAPMQ0wCwYDVQQDDAR0MjI5MBOkETAPMQ0wCwYD +-VQQDDAR0MjMwMBOkETAPMQ0wCwYDVQQDDAR0MjMxMBOkETAPMQ0wCwYDVQQDDAR0 +-MjMyMBOkETAPMQ0wCwYDVQQDDAR0MjMzMBOkETAPMQ0wCwYDVQQDDAR0MjM0MBOk +-ETAPMQ0wCwYDVQQDDAR0MjM1MBOkETAPMQ0wCwYDVQQDDAR0MjM2MBOkETAPMQ0w +-CwYDVQQDDAR0MjM3MBOkETAPMQ0wCwYDVQQDDAR0MjM4MBOkETAPMQ0wCwYDVQQD +-DAR0MjM5MBOkETAPMQ0wCwYDVQQDDAR0MjQwMBOkETAPMQ0wCwYDVQQDDAR0MjQx +-MBOkETAPMQ0wCwYDVQQDDAR0MjQyMBOkETAPMQ0wCwYDVQQDDAR0MjQzMBOkETAP +-MQ0wCwYDVQQDDAR0MjQ0MBOkETAPMQ0wCwYDVQQDDAR0MjQ1MBOkETAPMQ0wCwYD +-VQQDDAR0MjQ2MBOkETAPMQ0wCwYDVQQDDAR0MjQ3MBOkETAPMQ0wCwYDVQQDDAR0 +-MjQ4MBOkETAPMQ0wCwYDVQQDDAR0MjQ5MBOkETAPMQ0wCwYDVQQDDAR0MjUwMBOk +-ETAPMQ0wCwYDVQQDDAR0MjUxMBOkETAPMQ0wCwYDVQQDDAR0MjUyMBOkETAPMQ0w +-CwYDVQQDDAR0MjUzMBOkETAPMQ0wCwYDVQQDDAR0MjU0MBOkETAPMQ0wCwYDVQQD +-DAR0MjU1MBOkETAPMQ0wCwYDVQQDDAR0MjU2MBOkETAPMQ0wCwYDVQQDDAR0MjU3 +-MBOkETAPMQ0wCwYDVQQDDAR0MjU4MBOkETAPMQ0wCwYDVQQDDAR0MjU5MBOkETAP +-MQ0wCwYDVQQDDAR0MjYwMBOkETAPMQ0wCwYDVQQDDAR0MjYxMBOkETAPMQ0wCwYD +-VQQDDAR0MjYyMBOkETAPMQ0wCwYDVQQDDAR0MjYzMBOkETAPMQ0wCwYDVQQDDAR0 +-MjY0MBOkETAPMQ0wCwYDVQQDDAR0MjY1MBOkETAPMQ0wCwYDVQQDDAR0MjY2MBOk +-ETAPMQ0wCwYDVQQDDAR0MjY3MBOkETAPMQ0wCwYDVQQDDAR0MjY4MBOkETAPMQ0w +-CwYDVQQDDAR0MjY5MBOkETAPMQ0wCwYDVQQDDAR0MjcwMBOkETAPMQ0wCwYDVQQD +-DAR0MjcxMBOkETAPMQ0wCwYDVQQDDAR0MjcyMBOkETAPMQ0wCwYDVQQDDAR0Mjcz +-MBOkETAPMQ0wCwYDVQQDDAR0Mjc0MBOkETAPMQ0wCwYDVQQDDAR0Mjc1MBOkETAP +-MQ0wCwYDVQQDDAR0Mjc2MBOkETAPMQ0wCwYDVQQDDAR0Mjc3MBOkETAPMQ0wCwYD +-VQQDDAR0Mjc4MBOkETAPMQ0wCwYDVQQDDAR0Mjc5MBOkETAPMQ0wCwYDVQQDDAR0 +-MjgwMBOkETAPMQ0wCwYDVQQDDAR0MjgxMBOkETAPMQ0wCwYDVQQDDAR0MjgyMBOk +-ETAPMQ0wCwYDVQQDDAR0MjgzMBOkETAPMQ0wCwYDVQQDDAR0Mjg0MBOkETAPMQ0w +-CwYDVQQDDAR0Mjg1MBOkETAPMQ0wCwYDVQQDDAR0Mjg2MBOkETAPMQ0wCwYDVQQD +-DAR0Mjg3MBOkETAPMQ0wCwYDVQQDDAR0Mjg4MBOkETAPMQ0wCwYDVQQDDAR0Mjg5 +-MBOkETAPMQ0wCwYDVQQDDAR0MjkwMBOkETAPMQ0wCwYDVQQDDAR0MjkxMBOkETAP +-MQ0wCwYDVQQDDAR0MjkyMBOkETAPMQ0wCwYDVQQDDAR0MjkzMBOkETAPMQ0wCwYD +-VQQDDAR0Mjk0MBOkETAPMQ0wCwYDVQQDDAR0Mjk1MBOkETAPMQ0wCwYDVQQDDAR0 +-Mjk2MBOkETAPMQ0wCwYDVQQDDAR0Mjk3MBOkETAPMQ0wCwYDVQQDDAR0Mjk4MBOk +-ETAPMQ0wCwYDVQQDDAR0Mjk5MBOkETAPMQ0wCwYDVQQDDAR0MzAwMBOkETAPMQ0w +-CwYDVQQDDAR0MzAxMBOkETAPMQ0wCwYDVQQDDAR0MzAyMBOkETAPMQ0wCwYDVQQD +-DAR0MzAzMBOkETAPMQ0wCwYDVQQDDAR0MzA0MBOkETAPMQ0wCwYDVQQDDAR0MzA1 +-MBOkETAPMQ0wCwYDVQQDDAR0MzA2MBOkETAPMQ0wCwYDVQQDDAR0MzA3MBOkETAP +-MQ0wCwYDVQQDDAR0MzA4MBOkETAPMQ0wCwYDVQQDDAR0MzA5MBOkETAPMQ0wCwYD +-VQQDDAR0MzEwMBOkETAPMQ0wCwYDVQQDDAR0MzExMBOkETAPMQ0wCwYDVQQDDAR0 +-MzEyMBOkETAPMQ0wCwYDVQQDDAR0MzEzMBOkETAPMQ0wCwYDVQQDDAR0MzE0MBOk +-ETAPMQ0wCwYDVQQDDAR0MzE1MBOkETAPMQ0wCwYDVQQDDAR0MzE2MBOkETAPMQ0w +-CwYDVQQDDAR0MzE3MBOkETAPMQ0wCwYDVQQDDAR0MzE4MBOkETAPMQ0wCwYDVQQD +-DAR0MzE5MBOkETAPMQ0wCwYDVQQDDAR0MzIwMBOkETAPMQ0wCwYDVQQDDAR0MzIx +-MBOkETAPMQ0wCwYDVQQDDAR0MzIyMBOkETAPMQ0wCwYDVQQDDAR0MzIzMBOkETAP +-MQ0wCwYDVQQDDAR0MzI0MBOkETAPMQ0wCwYDVQQDDAR0MzI1MBOkETAPMQ0wCwYD +-VQQDDAR0MzI2MBOkETAPMQ0wCwYDVQQDDAR0MzI3MBOkETAPMQ0wCwYDVQQDDAR0 +-MzI4MBOkETAPMQ0wCwYDVQQDDAR0MzI5MBOkETAPMQ0wCwYDVQQDDAR0MzMwMBOk +-ETAPMQ0wCwYDVQQDDAR0MzMxMBOkETAPMQ0wCwYDVQQDDAR0MzMyMBOkETAPMQ0w +-CwYDVQQDDAR0MzMzMBOkETAPMQ0wCwYDVQQDDAR0MzM0MBOkETAPMQ0wCwYDVQQD +-DAR0MzM1MBOkETAPMQ0wCwYDVQQDDAR0MzM2MBOkETAPMQ0wCwYDVQQDDAR0MzM3 +-MBOkETAPMQ0wCwYDVQQDDAR0MzM4MBOkETAPMQ0wCwYDVQQDDAR0MzM5MBOkETAP +-MQ0wCwYDVQQDDAR0MzQwMBOkETAPMQ0wCwYDVQQDDAR0MzQxMBOkETAPMQ0wCwYD +-VQQDDAR0MzQyMBOkETAPMQ0wCwYDVQQDDAR0MzQzMBOkETAPMQ0wCwYDVQQDDAR0 +-MzQ0MBOkETAPMQ0wCwYDVQQDDAR0MzQ1MBOkETAPMQ0wCwYDVQQDDAR0MzQ2MBOk +-ETAPMQ0wCwYDVQQDDAR0MzQ3MBOkETAPMQ0wCwYDVQQDDAR0MzQ4MBOkETAPMQ0w +-CwYDVQQDDAR0MzQ5MBOkETAPMQ0wCwYDVQQDDAR0MzUwMBOkETAPMQ0wCwYDVQQD +-DAR0MzUxMBOkETAPMQ0wCwYDVQQDDAR0MzUyMBOkETAPMQ0wCwYDVQQDDAR0MzUz +-MBOkETAPMQ0wCwYDVQQDDAR0MzU0MBOkETAPMQ0wCwYDVQQDDAR0MzU1MBOkETAP +-MQ0wCwYDVQQDDAR0MzU2MBOkETAPMQ0wCwYDVQQDDAR0MzU3MBOkETAPMQ0wCwYD +-VQQDDAR0MzU4MBOkETAPMQ0wCwYDVQQDDAR0MzU5MBOkETAPMQ0wCwYDVQQDDAR0 +-MzYwMBOkETAPMQ0wCwYDVQQDDAR0MzYxMBOkETAPMQ0wCwYDVQQDDAR0MzYyMBOk +-ETAPMQ0wCwYDVQQDDAR0MzYzMBOkETAPMQ0wCwYDVQQDDAR0MzY0MBOkETAPMQ0w +-CwYDVQQDDAR0MzY1MBOkETAPMQ0wCwYDVQQDDAR0MzY2MBOkETAPMQ0wCwYDVQQD +-DAR0MzY3MBOkETAPMQ0wCwYDVQQDDAR0MzY4MBOkETAPMQ0wCwYDVQQDDAR0MzY5 +-MBOkETAPMQ0wCwYDVQQDDAR0MzcwMBOkETAPMQ0wCwYDVQQDDAR0MzcxMBOkETAP +-MQ0wCwYDVQQDDAR0MzcyMBOkETAPMQ0wCwYDVQQDDAR0MzczMBOkETAPMQ0wCwYD +-VQQDDAR0Mzc0MBOkETAPMQ0wCwYDVQQDDAR0Mzc1MBOkETAPMQ0wCwYDVQQDDAR0 +-Mzc2MBOkETAPMQ0wCwYDVQQDDAR0Mzc3MBOkETAPMQ0wCwYDVQQDDAR0Mzc4MBOk +-ETAPMQ0wCwYDVQQDDAR0Mzc5MBOkETAPMQ0wCwYDVQQDDAR0MzgwMBOkETAPMQ0w +-CwYDVQQDDAR0MzgxMBOkETAPMQ0wCwYDVQQDDAR0MzgyMBOkETAPMQ0wCwYDVQQD +-DAR0MzgzMBOkETAPMQ0wCwYDVQQDDAR0Mzg0MBOkETAPMQ0wCwYDVQQDDAR0Mzg1 +-MBOkETAPMQ0wCwYDVQQDDAR0Mzg2MBOkETAPMQ0wCwYDVQQDDAR0Mzg3MBOkETAP +-MQ0wCwYDVQQDDAR0Mzg4MBOkETAPMQ0wCwYDVQQDDAR0Mzg5MBOkETAPMQ0wCwYD +-VQQDDAR0MzkwMBOkETAPMQ0wCwYDVQQDDAR0MzkxMBOkETAPMQ0wCwYDVQQDDAR0 +-MzkyMBOkETAPMQ0wCwYDVQQDDAR0MzkzMBOkETAPMQ0wCwYDVQQDDAR0Mzk0MBOk +-ETAPMQ0wCwYDVQQDDAR0Mzk1MBOkETAPMQ0wCwYDVQQDDAR0Mzk2MBOkETAPMQ0w +-CwYDVQQDDAR0Mzk3MBOkETAPMQ0wCwYDVQQDDAR0Mzk4MBOkETAPMQ0wCwYDVQQD +-DAR0Mzk5MBOkETAPMQ0wCwYDVQQDDAR0NDAwMBOkETAPMQ0wCwYDVQQDDAR0NDAx +-MBOkETAPMQ0wCwYDVQQDDAR0NDAyMBOkETAPMQ0wCwYDVQQDDAR0NDAzMBOkETAP +-MQ0wCwYDVQQDDAR0NDA0MBOkETAPMQ0wCwYDVQQDDAR0NDA1MBOkETAPMQ0wCwYD +-VQQDDAR0NDA2MBOkETAPMQ0wCwYDVQQDDAR0NDA3MBOkETAPMQ0wCwYDVQQDDAR0 +-NDA4MBOkETAPMQ0wCwYDVQQDDAR0NDA5MBOkETAPMQ0wCwYDVQQDDAR0NDEwMBOk +-ETAPMQ0wCwYDVQQDDAR0NDExMBOkETAPMQ0wCwYDVQQDDAR0NDEyMBOkETAPMQ0w +-CwYDVQQDDAR0NDEzMBOkETAPMQ0wCwYDVQQDDAR0NDE0MBOkETAPMQ0wCwYDVQQD +-DAR0NDE1MBOkETAPMQ0wCwYDVQQDDAR0NDE2MBOkETAPMQ0wCwYDVQQDDAR0NDE3 +-MBOkETAPMQ0wCwYDVQQDDAR0NDE4oYJKbjAJggd4MC50ZXN0MAmCB3gxLnRlc3Qw +-CYIHeDIudGVzdDAJggd4My50ZXN0MAmCB3g0LnRlc3QwCYIHeDUudGVzdDAJggd4 +-Ni50ZXN0MAmCB3g3LnRlc3QwCYIHeDgudGVzdDAJggd4OS50ZXN0MAqCCHgxMC50 +-ZXN0MAqCCHgxMS50ZXN0MAqCCHgxMi50ZXN0MAqCCHgxMy50ZXN0MAqCCHgxNC50 +-ZXN0MAqCCHgxNS50ZXN0MAqCCHgxNi50ZXN0MAqCCHgxNy50ZXN0MAqCCHgxOC50 +-ZXN0MAqCCHgxOS50ZXN0MAqCCHgyMC50ZXN0MAqCCHgyMS50ZXN0MAqCCHgyMi50 +-ZXN0MAqCCHgyMy50ZXN0MAqCCHgyNC50ZXN0MAqCCHgyNS50ZXN0MAqCCHgyNi50 +-ZXN0MAqCCHgyNy50ZXN0MAqCCHgyOC50ZXN0MAqCCHgyOS50ZXN0MAqCCHgzMC50 +-ZXN0MAqCCHgzMS50ZXN0MAqCCHgzMi50ZXN0MAqCCHgzMy50ZXN0MAqCCHgzNC50 +-ZXN0MAqCCHgzNS50ZXN0MAqCCHgzNi50ZXN0MAqCCHgzNy50ZXN0MAqCCHgzOC50 +-ZXN0MAqCCHgzOS50ZXN0MAqCCHg0MC50ZXN0MAqCCHg0MS50ZXN0MAqCCHg0Mi50 +-ZXN0MAqCCHg0My50ZXN0MAqCCHg0NC50ZXN0MAqCCHg0NS50ZXN0MAqCCHg0Ni50 +-ZXN0MAqCCHg0Ny50ZXN0MAqCCHg0OC50ZXN0MAqCCHg0OS50ZXN0MAqCCHg1MC50 +-ZXN0MAqCCHg1MS50ZXN0MAqCCHg1Mi50ZXN0MAqCCHg1My50ZXN0MAqCCHg1NC50 +-ZXN0MAqCCHg1NS50ZXN0MAqCCHg1Ni50ZXN0MAqCCHg1Ny50ZXN0MAqCCHg1OC50 +-ZXN0MAqCCHg1OS50ZXN0MAqCCHg2MC50ZXN0MAqCCHg2MS50ZXN0MAqCCHg2Mi50 +-ZXN0MAqCCHg2My50ZXN0MAqCCHg2NC50ZXN0MAqCCHg2NS50ZXN0MAqCCHg2Ni50 +-ZXN0MAqCCHg2Ny50ZXN0MAqCCHg2OC50ZXN0MAqCCHg2OS50ZXN0MAqCCHg3MC50 +-ZXN0MAqCCHg3MS50ZXN0MAqCCHg3Mi50ZXN0MAqCCHg3My50ZXN0MAqCCHg3NC50 +-ZXN0MAqCCHg3NS50ZXN0MAqCCHg3Ni50ZXN0MAqCCHg3Ny50ZXN0MAqCCHg3OC50 +-ZXN0MAqCCHg3OS50ZXN0MAqCCHg4MC50ZXN0MAqCCHg4MS50ZXN0MAqCCHg4Mi50 +-ZXN0MAqCCHg4My50ZXN0MAqCCHg4NC50ZXN0MAqCCHg4NS50ZXN0MAqCCHg4Ni50 +-ZXN0MAqCCHg4Ny50ZXN0MAqCCHg4OC50ZXN0MAqCCHg4OS50ZXN0MAqCCHg5MC50 +-ZXN0MAqCCHg5MS50ZXN0MAqCCHg5Mi50ZXN0MAqCCHg5My50ZXN0MAqCCHg5NC50 +-ZXN0MAqCCHg5NS50ZXN0MAqCCHg5Ni50ZXN0MAqCCHg5Ny50ZXN0MAqCCHg5OC50 +-ZXN0MAqCCHg5OS50ZXN0MAuCCXgxMDAudGVzdDALggl4MTAxLnRlc3QwC4IJeDEw +-Mi50ZXN0MAuCCXgxMDMudGVzdDALggl4MTA0LnRlc3QwC4IJeDEwNS50ZXN0MAuC +-CXgxMDYudGVzdDALggl4MTA3LnRlc3QwC4IJeDEwOC50ZXN0MAuCCXgxMDkudGVz +-dDALggl4MTEwLnRlc3QwC4IJeDExMS50ZXN0MAuCCXgxMTIudGVzdDALggl4MTEz +-LnRlc3QwC4IJeDExNC50ZXN0MAuCCXgxMTUudGVzdDALggl4MTE2LnRlc3QwC4IJ +-eDExNy50ZXN0MAuCCXgxMTgudGVzdDALggl4MTE5LnRlc3QwC4IJeDEyMC50ZXN0 +-MAuCCXgxMjEudGVzdDALggl4MTIyLnRlc3QwC4IJeDEyMy50ZXN0MAuCCXgxMjQu +-dGVzdDALggl4MTI1LnRlc3QwC4IJeDEyNi50ZXN0MAuCCXgxMjcudGVzdDALggl4 +-MTI4LnRlc3QwC4IJeDEyOS50ZXN0MAuCCXgxMzAudGVzdDALggl4MTMxLnRlc3Qw +-C4IJeDEzMi50ZXN0MAuCCXgxMzMudGVzdDALggl4MTM0LnRlc3QwC4IJeDEzNS50 +-ZXN0MAuCCXgxMzYudGVzdDALggl4MTM3LnRlc3QwC4IJeDEzOC50ZXN0MAuCCXgx +-MzkudGVzdDALggl4MTQwLnRlc3QwC4IJeDE0MS50ZXN0MAuCCXgxNDIudGVzdDAL +-ggl4MTQzLnRlc3QwC4IJeDE0NC50ZXN0MAuCCXgxNDUudGVzdDALggl4MTQ2LnRl +-c3QwC4IJeDE0Ny50ZXN0MAuCCXgxNDgudGVzdDALggl4MTQ5LnRlc3QwC4IJeDE1 +-MC50ZXN0MAuCCXgxNTEudGVzdDALggl4MTUyLnRlc3QwC4IJeDE1My50ZXN0MAuC +-CXgxNTQudGVzdDALggl4MTU1LnRlc3QwC4IJeDE1Ni50ZXN0MAuCCXgxNTcudGVz +-dDALggl4MTU4LnRlc3QwC4IJeDE1OS50ZXN0MAuCCXgxNjAudGVzdDALggl4MTYx +-LnRlc3QwC4IJeDE2Mi50ZXN0MAuCCXgxNjMudGVzdDALggl4MTY0LnRlc3QwC4IJ +-eDE2NS50ZXN0MAuCCXgxNjYudGVzdDALggl4MTY3LnRlc3QwC4IJeDE2OC50ZXN0 +-MAuCCXgxNjkudGVzdDALggl4MTcwLnRlc3QwC4IJeDE3MS50ZXN0MAuCCXgxNzIu +-dGVzdDALggl4MTczLnRlc3QwC4IJeDE3NC50ZXN0MAuCCXgxNzUudGVzdDALggl4 +-MTc2LnRlc3QwC4IJeDE3Ny50ZXN0MAuCCXgxNzgudGVzdDALggl4MTc5LnRlc3Qw +-C4IJeDE4MC50ZXN0MAuCCXgxODEudGVzdDALggl4MTgyLnRlc3QwC4IJeDE4My50 +-ZXN0MAuCCXgxODQudGVzdDALggl4MTg1LnRlc3QwC4IJeDE4Ni50ZXN0MAuCCXgx +-ODcudGVzdDALggl4MTg4LnRlc3QwC4IJeDE4OS50ZXN0MAuCCXgxOTAudGVzdDAL +-ggl4MTkxLnRlc3QwC4IJeDE5Mi50ZXN0MAuCCXgxOTMudGVzdDALggl4MTk0LnRl +-c3QwC4IJeDE5NS50ZXN0MAuCCXgxOTYudGVzdDALggl4MTk3LnRlc3QwC4IJeDE5 +-OC50ZXN0MAuCCXgxOTkudGVzdDALggl4MjAwLnRlc3QwC4IJeDIwMS50ZXN0MAuC +-CXgyMDIudGVzdDALggl4MjAzLnRlc3QwC4IJeDIwNC50ZXN0MAuCCXgyMDUudGVz +-dDALggl4MjA2LnRlc3QwC4IJeDIwNy50ZXN0MAuCCXgyMDgudGVzdDALggl4MjA5 +-LnRlc3QwC4IJeDIxMC50ZXN0MAuCCXgyMTEudGVzdDALggl4MjEyLnRlc3QwC4IJ +-eDIxMy50ZXN0MAuCCXgyMTQudGVzdDALggl4MjE1LnRlc3QwC4IJeDIxNi50ZXN0 +-MAuCCXgyMTcudGVzdDALggl4MjE4LnRlc3QwC4IJeDIxOS50ZXN0MAuCCXgyMjAu +-dGVzdDALggl4MjIxLnRlc3QwC4IJeDIyMi50ZXN0MAuCCXgyMjMudGVzdDALggl4 +-MjI0LnRlc3QwC4IJeDIyNS50ZXN0MAuCCXgyMjYudGVzdDALggl4MjI3LnRlc3Qw +-C4IJeDIyOC50ZXN0MAuCCXgyMjkudGVzdDALggl4MjMwLnRlc3QwC4IJeDIzMS50 +-ZXN0MAuCCXgyMzIudGVzdDALggl4MjMzLnRlc3QwC4IJeDIzNC50ZXN0MAuCCXgy +-MzUudGVzdDALggl4MjM2LnRlc3QwC4IJeDIzNy50ZXN0MAuCCXgyMzgudGVzdDAL +-ggl4MjM5LnRlc3QwC4IJeDI0MC50ZXN0MAuCCXgyNDEudGVzdDALggl4MjQyLnRl +-c3QwC4IJeDI0My50ZXN0MAuCCXgyNDQudGVzdDALggl4MjQ1LnRlc3QwC4IJeDI0 +-Ni50ZXN0MAuCCXgyNDcudGVzdDALggl4MjQ4LnRlc3QwC4IJeDI0OS50ZXN0MAuC +-CXgyNTAudGVzdDALggl4MjUxLnRlc3QwC4IJeDI1Mi50ZXN0MAuCCXgyNTMudGVz +-dDALggl4MjU0LnRlc3QwC4IJeDI1NS50ZXN0MAuCCXgyNTYudGVzdDALggl4MjU3 +-LnRlc3QwC4IJeDI1OC50ZXN0MAuCCXgyNTkudGVzdDALggl4MjYwLnRlc3QwC4IJ +-eDI2MS50ZXN0MAuCCXgyNjIudGVzdDALggl4MjYzLnRlc3QwC4IJeDI2NC50ZXN0 +-MAuCCXgyNjUudGVzdDALggl4MjY2LnRlc3QwC4IJeDI2Ny50ZXN0MAuCCXgyNjgu +-dGVzdDALggl4MjY5LnRlc3QwC4IJeDI3MC50ZXN0MAuCCXgyNzEudGVzdDALggl4 +-MjcyLnRlc3QwC4IJeDI3My50ZXN0MAuCCXgyNzQudGVzdDALggl4Mjc1LnRlc3Qw +-C4IJeDI3Ni50ZXN0MAuCCXgyNzcudGVzdDALggl4Mjc4LnRlc3QwC4IJeDI3OS50 +-ZXN0MAuCCXgyODAudGVzdDALggl4MjgxLnRlc3QwC4IJeDI4Mi50ZXN0MAuCCXgy +-ODMudGVzdDALggl4Mjg0LnRlc3QwC4IJeDI4NS50ZXN0MAuCCXgyODYudGVzdDAL +-ggl4Mjg3LnRlc3QwC4IJeDI4OC50ZXN0MAuCCXgyODkudGVzdDALggl4MjkwLnRl +-c3QwC4IJeDI5MS50ZXN0MAuCCXgyOTIudGVzdDALggl4MjkzLnRlc3QwC4IJeDI5 +-NC50ZXN0MAuCCXgyOTUudGVzdDALggl4Mjk2LnRlc3QwC4IJeDI5Ny50ZXN0MAuC +-CXgyOTgudGVzdDALggl4Mjk5LnRlc3QwC4IJeDMwMC50ZXN0MAuCCXgzMDEudGVz +-dDALggl4MzAyLnRlc3QwC4IJeDMwMy50ZXN0MAuCCXgzMDQudGVzdDALggl4MzA1 +-LnRlc3QwC4IJeDMwNi50ZXN0MAuCCXgzMDcudGVzdDALggl4MzA4LnRlc3QwC4IJ +-eDMwOS50ZXN0MAuCCXgzMTAudGVzdDALggl4MzExLnRlc3QwC4IJeDMxMi50ZXN0 +-MAuCCXgzMTMudGVzdDALggl4MzE0LnRlc3QwC4IJeDMxNS50ZXN0MAuCCXgzMTYu +-dGVzdDALggl4MzE3LnRlc3QwC4IJeDMxOC50ZXN0MAuCCXgzMTkudGVzdDALggl4 +-MzIwLnRlc3QwC4IJeDMyMS50ZXN0MAuCCXgzMjIudGVzdDALggl4MzIzLnRlc3Qw +-C4IJeDMyNC50ZXN0MAuCCXgzMjUudGVzdDALggl4MzI2LnRlc3QwC4IJeDMyNy50 +-ZXN0MAuCCXgzMjgudGVzdDALggl4MzI5LnRlc3QwC4IJeDMzMC50ZXN0MAuCCXgz +-MzEudGVzdDALggl4MzMyLnRlc3QwC4IJeDMzMy50ZXN0MAuCCXgzMzQudGVzdDAL +-ggl4MzM1LnRlc3QwC4IJeDMzNi50ZXN0MAuCCXgzMzcudGVzdDALggl4MzM4LnRl +-c3QwC4IJeDMzOS50ZXN0MAuCCXgzNDAudGVzdDALggl4MzQxLnRlc3QwC4IJeDM0 +-Mi50ZXN0MAuCCXgzNDMudGVzdDALggl4MzQ0LnRlc3QwC4IJeDM0NS50ZXN0MAuC +-CXgzNDYudGVzdDALggl4MzQ3LnRlc3QwC4IJeDM0OC50ZXN0MAuCCXgzNDkudGVz +-dDALggl4MzUwLnRlc3QwC4IJeDM1MS50ZXN0MAuCCXgzNTIudGVzdDALggl4MzUz +-LnRlc3QwC4IJeDM1NC50ZXN0MAuCCXgzNTUudGVzdDALggl4MzU2LnRlc3QwC4IJ +-eDM1Ny50ZXN0MAuCCXgzNTgudGVzdDALggl4MzU5LnRlc3QwC4IJeDM2MC50ZXN0 +-MAuCCXgzNjEudGVzdDALggl4MzYyLnRlc3QwC4IJeDM2My50ZXN0MAuCCXgzNjQu +-dGVzdDALggl4MzY1LnRlc3QwC4IJeDM2Ni50ZXN0MAuCCXgzNjcudGVzdDALggl4 +-MzY4LnRlc3QwC4IJeDM2OS50ZXN0MAuCCXgzNzAudGVzdDALggl4MzcxLnRlc3Qw +-C4IJeDM3Mi50ZXN0MAuCCXgzNzMudGVzdDALggl4Mzc0LnRlc3QwC4IJeDM3NS50 +-ZXN0MAuCCXgzNzYudGVzdDALggl4Mzc3LnRlc3QwC4IJeDM3OC50ZXN0MAuCCXgz +-NzkudGVzdDALggl4MzgwLnRlc3QwC4IJeDM4MS50ZXN0MAuCCXgzODIudGVzdDAL +-ggl4MzgzLnRlc3QwC4IJeDM4NC50ZXN0MAuCCXgzODUudGVzdDALggl4Mzg2LnRl +-c3QwC4IJeDM4Ny50ZXN0MAuCCXgzODgudGVzdDALggl4Mzg5LnRlc3QwC4IJeDM5 +-MC50ZXN0MAuCCXgzOTEudGVzdDALggl4MzkyLnRlc3QwC4IJeDM5My50ZXN0MAuC +-CXgzOTQudGVzdDALggl4Mzk1LnRlc3QwC4IJeDM5Ni50ZXN0MAuCCXgzOTcudGVz +-dDALggl4Mzk4LnRlc3QwC4IJeDM5OS50ZXN0MAuCCXg0MDAudGVzdDALggl4NDAx +-LnRlc3QwC4IJeDQwMi50ZXN0MAuCCXg0MDMudGVzdDALggl4NDA0LnRlc3QwC4IJ +-eDQwNS50ZXN0MAuCCXg0MDYudGVzdDALggl4NDA3LnRlc3QwC4IJeDQwOC50ZXN0 +-MAuCCXg0MDkudGVzdDALggl4NDEwLnRlc3QwC4IJeDQxMS50ZXN0MAuCCXg0MTIu +-dGVzdDALggl4NDEzLnRlc3QwC4IJeDQxNC50ZXN0MAuCCXg0MTUudGVzdDALggl4 +-NDE2LnRlc3QwC4IJeDQxNy50ZXN0MAuCCXg0MTgudGVzdDAKhwgLAAAA/////zAK +-hwgLAAAB/////zAKhwgLAAAC/////zAKhwgLAAAD/////zAKhwgLAAAE/////zAK +-hwgLAAAF/////zAKhwgLAAAG/////zAKhwgLAAAH/////zAKhwgLAAAI/////zAK +-hwgLAAAJ/////zAKhwgLAAAK/////zAKhwgLAAAL/////zAKhwgLAAAM/////zAK +-hwgLAAAN/////zAKhwgLAAAO/////zAKhwgLAAAP/////zAKhwgLAAAQ/////zAK +-hwgLAAAR/////zAKhwgLAAAS/////zAKhwgLAAAT/////zAKhwgLAAAU/////zAK +-hwgLAAAV/////zAKhwgLAAAW/////zAKhwgLAAAX/////zAKhwgLAAAY/////zAK +-hwgLAAAZ/////zAKhwgLAAAa/////zAKhwgLAAAb/////zAKhwgLAAAc/////zAK +-hwgLAAAd/////zAKhwgLAAAe/////zAKhwgLAAAf/////zAKhwgLAAAg/////zAK +-hwgLAAAh/////zAKhwgLAAAi/////zAKhwgLAAAj/////zAKhwgLAAAk/////zAK +-hwgLAAAl/////zAKhwgLAAAm/////zAKhwgLAAAn/////zAKhwgLAAAo/////zAK +-hwgLAAAp/////zAKhwgLAAAq/////zAKhwgLAAAr/////zAKhwgLAAAs/////zAK +-hwgLAAAt/////zAKhwgLAAAu/////zAKhwgLAAAv/////zAKhwgLAAAw/////zAK +-hwgLAAAx/////zAKhwgLAAAy/////zAKhwgLAAAz/////zAKhwgLAAA0/////zAK +-hwgLAAA1/////zAKhwgLAAA2/////zAKhwgLAAA3/////zAKhwgLAAA4/////zAK +-hwgLAAA5/////zAKhwgLAAA6/////zAKhwgLAAA7/////zAKhwgLAAA8/////zAK +-hwgLAAA9/////zAKhwgLAAA+/////zAKhwgLAAA//////zAKhwgLAABA/////zAK +-hwgLAABB/////zAKhwgLAABC/////zAKhwgLAABD/////zAKhwgLAABE/////zAK +-hwgLAABF/////zAKhwgLAABG/////zAKhwgLAABH/////zAKhwgLAABI/////zAK +-hwgLAABJ/////zAKhwgLAABK/////zAKhwgLAABL/////zAKhwgLAABM/////zAK +-hwgLAABN/////zAKhwgLAABO/////zAKhwgLAABP/////zAKhwgLAABQ/////zAK +-hwgLAABR/////zAKhwgLAABS/////zAKhwgLAABT/////zAKhwgLAABU/////zAK +-hwgLAABV/////zAKhwgLAABW/////zAKhwgLAABX/////zAKhwgLAABY/////zAK +-hwgLAABZ/////zAKhwgLAABa/////zAKhwgLAABb/////zAKhwgLAABc/////zAK +-hwgLAABd/////zAKhwgLAABe/////zAKhwgLAABf/////zAKhwgLAABg/////zAK +-hwgLAABh/////zAKhwgLAABi/////zAKhwgLAABj/////zAKhwgLAABk/////zAK +-hwgLAABl/////zAKhwgLAABm/////zAKhwgLAABn/////zAKhwgLAABo/////zAK +-hwgLAABp/////zAKhwgLAABq/////zAKhwgLAABr/////zAKhwgLAABs/////zAK +-hwgLAABt/////zAKhwgLAABu/////zAKhwgLAABv/////zAKhwgLAABw/////zAK +-hwgLAABx/////zAKhwgLAABy/////zAKhwgLAABz/////zAKhwgLAAB0/////zAK +-hwgLAAB1/////zAKhwgLAAB2/////zAKhwgLAAB3/////zAKhwgLAAB4/////zAK +-hwgLAAB5/////zAKhwgLAAB6/////zAKhwgLAAB7/////zAKhwgLAAB8/////zAK +-hwgLAAB9/////zAKhwgLAAB+/////zAKhwgLAAB//////zAKhwgLAACA/////zAK +-hwgLAACB/////zAKhwgLAACC/////zAKhwgLAACD/////zAKhwgLAACE/////zAK +-hwgLAACF/////zAKhwgLAACG/////zAKhwgLAACH/////zAKhwgLAACI/////zAK +-hwgLAACJ/////zAKhwgLAACK/////zAKhwgLAACL/////zAKhwgLAACM/////zAK +-hwgLAACN/////zAKhwgLAACO/////zAKhwgLAACP/////zAKhwgLAACQ/////zAK +-hwgLAACR/////zAKhwgLAACS/////zAKhwgLAACT/////zAKhwgLAACU/////zAK +-hwgLAACV/////zAKhwgLAACW/////zAKhwgLAACX/////zAKhwgLAACY/////zAK +-hwgLAACZ/////zAKhwgLAACa/////zAKhwgLAACb/////zAKhwgLAACc/////zAK +-hwgLAACd/////zAKhwgLAACe/////zAKhwgLAACf/////zAKhwgLAACg/////zAK +-hwgLAACh/////zAKhwgLAACi/////zAKhwgLAACj/////zAKhwgLAACk/////zAK +-hwgLAACl/////zAKhwgLAACm/////zAKhwgLAACn/////zAKhwgLAACo/////zAK +-hwgLAACp/////zAKhwgLAACq/////zAKhwgLAACr/////zAKhwgLAACs/////zAK +-hwgLAACt/////zAKhwgLAACu/////zAKhwgLAACv/////zAKhwgLAACw/////zAK +-hwgLAACx/////zAKhwgLAACy/////zAKhwgLAACz/////zAKhwgLAAC0/////zAK +-hwgLAAC1/////zAKhwgLAAC2/////zAKhwgLAAC3/////zAKhwgLAAC4/////zAK +-hwgLAAC5/////zAKhwgLAAC6/////zAKhwgLAAC7/////zAKhwgLAAC8/////zAK +-hwgLAAC9/////zAKhwgLAAC+/////zAKhwgLAAC//////zAKhwgLAADA/////zAK +-hwgLAADB/////zAKhwgLAADC/////zAKhwgLAADD/////zAKhwgLAADE/////zAK +-hwgLAADF/////zAKhwgLAADG/////zAKhwgLAADH/////zAKhwgLAADI/////zAK +-hwgLAADJ/////zAKhwgLAADK/////zAKhwgLAADL/////zAKhwgLAADM/////zAK +-hwgLAADN/////zAKhwgLAADO/////zAKhwgLAADP/////zAKhwgLAADQ/////zAK +-hwgLAADR/////zAKhwgLAADS/////zAKhwgLAADT/////zAKhwgLAADU/////zAK +-hwgLAADV/////zAKhwgLAADW/////zAKhwgLAADX/////zAKhwgLAADY/////zAK +-hwgLAADZ/////zAKhwgLAADa/////zAKhwgLAADb/////zAKhwgLAADc/////zAK +-hwgLAADd/////zAKhwgLAADe/////zAKhwgLAADf/////zAKhwgLAADg/////zAK +-hwgLAADh/////zAKhwgLAADi/////zAKhwgLAADj/////zAKhwgLAADk/////zAK +-hwgLAADl/////zAKhwgLAADm/////zAKhwgLAADn/////zAKhwgLAADo/////zAK +-hwgLAADp/////zAKhwgLAADq/////zAKhwgLAADr/////zAKhwgLAADs/////zAK +-hwgLAADt/////zAKhwgLAADu/////zAKhwgLAADv/////zAKhwgLAADw/////zAK +-hwgLAADx/////zAKhwgLAADy/////zAKhwgLAADz/////zAKhwgLAAD0/////zAK +-hwgLAAD1/////zAKhwgLAAD2/////zAKhwgLAAD3/////zAKhwgLAAD4/////zAK +-hwgLAAD5/////zAKhwgLAAD6/////zAKhwgLAAD7/////zAKhwgLAAD8/////zAK +-hwgLAAD9/////zAKhwgLAAD+/////zAKhwgLAAD//////zAKhwgLAAEA/////zAK +-hwgLAAEB/////zAKhwgLAAEC/////zAKhwgLAAED/////zAKhwgLAAEE/////zAK +-hwgLAAEF/////zAKhwgLAAEG/////zAKhwgLAAEH/////zAKhwgLAAEI/////zAK +-hwgLAAEJ/////zAKhwgLAAEK/////zAKhwgLAAEL/////zAKhwgLAAEM/////zAK +-hwgLAAEN/////zAKhwgLAAEO/////zAKhwgLAAEP/////zAKhwgLAAEQ/////zAK +-hwgLAAER/////zAKhwgLAAES/////zAKhwgLAAET/////zAKhwgLAAEU/////zAK +-hwgLAAEV/////zAKhwgLAAEW/////zAKhwgLAAEX/////zAKhwgLAAEY/////zAK +-hwgLAAEZ/////zAKhwgLAAEa/////zAKhwgLAAEb/////zAKhwgLAAEc/////zAK +-hwgLAAEd/////zAKhwgLAAEe/////zAKhwgLAAEf/////zAKhwgLAAEg/////zAK +-hwgLAAEh/////zAKhwgLAAEi/////zAKhwgLAAEj/////zAKhwgLAAEk/////zAK +-hwgLAAEl/////zAKhwgLAAEm/////zAKhwgLAAEn/////zAKhwgLAAEo/////zAK +-hwgLAAEp/////zAKhwgLAAEq/////zAKhwgLAAEr/////zAKhwgLAAEs/////zAK +-hwgLAAEt/////zAKhwgLAAEu/////zAKhwgLAAEv/////zAKhwgLAAEw/////zAK +-hwgLAAEx/////zAKhwgLAAEy/////zAKhwgLAAEz/////zAKhwgLAAE0/////zAK +-hwgLAAE1/////zAKhwgLAAE2/////zAKhwgLAAE3/////zAKhwgLAAE4/////zAK +-hwgLAAE5/////zAKhwgLAAE6/////zAKhwgLAAE7/////zAKhwgLAAE8/////zAK +-hwgLAAE9/////zAKhwgLAAE+/////zAKhwgLAAE//////zAKhwgLAAFA/////zAK +-hwgLAAFB/////zAKhwgLAAFC/////zAKhwgLAAFD/////zAKhwgLAAFE/////zAK +-hwgLAAFF/////zAKhwgLAAFG/////zAKhwgLAAFH/////zAKhwgLAAFI/////zAK +-hwgLAAFJ/////zAKhwgLAAFK/////zAKhwgLAAFL/////zAKhwgLAAFM/////zAK +-hwgLAAFN/////zAKhwgLAAFO/////zAKhwgLAAFP/////zAKhwgLAAFQ/////zAK +-hwgLAAFR/////zAKhwgLAAFS/////zAKhwgLAAFT/////zAKhwgLAAFU/////zAK +-hwgLAAFV/////zAKhwgLAAFW/////zAKhwgLAAFX/////zAKhwgLAAFY/////zAK +-hwgLAAFZ/////zAKhwgLAAFa/////zAKhwgLAAFb/////zAKhwgLAAFc/////zAK +-hwgLAAFd/////zAKhwgLAAFe/////zAKhwgLAAFf/////zAKhwgLAAFg/////zAK +-hwgLAAFh/////zAKhwgLAAFi/////zAKhwgLAAFj/////zAKhwgLAAFk/////zAK +-hwgLAAFl/////zAKhwgLAAFm/////zAKhwgLAAFn/////zAKhwgLAAFo/////zAK +-hwgLAAFp/////zAKhwgLAAFq/////zAKhwgLAAFr/////zAKhwgLAAFs/////zAK +-hwgLAAFt/////zAKhwgLAAFu/////zAKhwgLAAFv/////zAKhwgLAAFw/////zAK +-hwgLAAFx/////zAKhwgLAAFy/////zAKhwgLAAFz/////zAKhwgLAAF0/////zAK +-hwgLAAF1/////zAKhwgLAAF2/////zAKhwgLAAF3/////zAKhwgLAAF4/////zAK +-hwgLAAF5/////zAKhwgLAAF6/////zAKhwgLAAF7/////zAKhwgLAAF8/////zAK +-hwgLAAF9/////zAKhwgLAAF+/////zAKhwgLAAF//////zAKhwgLAAGA/////zAK +-hwgLAAGB/////zAKhwgLAAGC/////zAKhwgLAAGD/////zAKhwgLAAGE/////zAK +-hwgLAAGF/////zAKhwgLAAGG/////zAKhwgLAAGH/////zAKhwgLAAGI/////zAK +-hwgLAAGJ/////zAKhwgLAAGK/////zAKhwgLAAGL/////zAKhwgLAAGM/////zAK +-hwgLAAGN/////zAKhwgLAAGO/////zAKhwgLAAGP/////zAKhwgLAAGQ/////zAK +-hwgLAAGR/////zAKhwgLAAGS/////zAKhwgLAAGT/////zAKhwgLAAGU/////zAK +-hwgLAAGV/////zAKhwgLAAGW/////zAKhwgLAAGX/////zAKhwgLAAGY/////zAK +-hwgLAAGZ/////zAKhwgLAAGa/////zAKhwgLAAGb/////zAKhwgLAAGc/////zAK +-hwgLAAGd/////zAKhwgLAAGe/////zAKhwgLAAGf/////zAKhwgLAAGg/////zAK +-hwgLAAGh/////zAKhwgLAAGi/////zARpA8wDTELMAkGA1UEAwwCeDAwEaQPMA0x +-CzAJBgNVBAMMAngxMBGkDzANMQswCQYDVQQDDAJ4MjARpA8wDTELMAkGA1UEAwwC +-eDMwEaQPMA0xCzAJBgNVBAMMAng0MBGkDzANMQswCQYDVQQDDAJ4NTARpA8wDTEL +-MAkGA1UEAwwCeDYwEaQPMA0xCzAJBgNVBAMMAng3MBGkDzANMQswCQYDVQQDDAJ4 +-ODARpA8wDTELMAkGA1UEAwwCeDkwEqQQMA4xDDAKBgNVBAMMA3gxMDASpBAwDjEM +-MAoGA1UEAwwDeDExMBKkEDAOMQwwCgYDVQQDDAN4MTIwEqQQMA4xDDAKBgNVBAMM +-A3gxMzASpBAwDjEMMAoGA1UEAwwDeDE0MBKkEDAOMQwwCgYDVQQDDAN4MTUwEqQQ +-MA4xDDAKBgNVBAMMA3gxNjASpBAwDjEMMAoGA1UEAwwDeDE3MBKkEDAOMQwwCgYD +-VQQDDAN4MTgwEqQQMA4xDDAKBgNVBAMMA3gxOTASpBAwDjEMMAoGA1UEAwwDeDIw +-MBKkEDAOMQwwCgYDVQQDDAN4MjEwEqQQMA4xDDAKBgNVBAMMA3gyMjASpBAwDjEM +-MAoGA1UEAwwDeDIzMBKkEDAOMQwwCgYDVQQDDAN4MjQwEqQQMA4xDDAKBgNVBAMM +-A3gyNTASpBAwDjEMMAoGA1UEAwwDeDI2MBKkEDAOMQwwCgYDVQQDDAN4MjcwEqQQ +-MA4xDDAKBgNVBAMMA3gyODASpBAwDjEMMAoGA1UEAwwDeDI5MBKkEDAOMQwwCgYD +-VQQDDAN4MzAwEqQQMA4xDDAKBgNVBAMMA3gzMTASpBAwDjEMMAoGA1UEAwwDeDMy +-MBKkEDAOMQwwCgYDVQQDDAN4MzMwEqQQMA4xDDAKBgNVBAMMA3gzNDASpBAwDjEM +-MAoGA1UEAwwDeDM1MBKkEDAOMQwwCgYDVQQDDAN4MzYwEqQQMA4xDDAKBgNVBAMM +-A3gzNzASpBAwDjEMMAoGA1UEAwwDeDM4MBKkEDAOMQwwCgYDVQQDDAN4MzkwEqQQ +-MA4xDDAKBgNVBAMMA3g0MDASpBAwDjEMMAoGA1UEAwwDeDQxMBKkEDAOMQwwCgYD +-VQQDDAN4NDIwEqQQMA4xDDAKBgNVBAMMA3g0MzASpBAwDjEMMAoGA1UEAwwDeDQ0 +-MBKkEDAOMQwwCgYDVQQDDAN4NDUwEqQQMA4xDDAKBgNVBAMMA3g0NjASpBAwDjEM +-MAoGA1UEAwwDeDQ3MBKkEDAOMQwwCgYDVQQDDAN4NDgwEqQQMA4xDDAKBgNVBAMM +-A3g0OTASpBAwDjEMMAoGA1UEAwwDeDUwMBKkEDAOMQwwCgYDVQQDDAN4NTEwEqQQ +-MA4xDDAKBgNVBAMMA3g1MjASpBAwDjEMMAoGA1UEAwwDeDUzMBKkEDAOMQwwCgYD +-VQQDDAN4NTQwEqQQMA4xDDAKBgNVBAMMA3g1NTASpBAwDjEMMAoGA1UEAwwDeDU2 +-MBKkEDAOMQwwCgYDVQQDDAN4NTcwEqQQMA4xDDAKBgNVBAMMA3g1ODASpBAwDjEM +-MAoGA1UEAwwDeDU5MBKkEDAOMQwwCgYDVQQDDAN4NjAwEqQQMA4xDDAKBgNVBAMM +-A3g2MTASpBAwDjEMMAoGA1UEAwwDeDYyMBKkEDAOMQwwCgYDVQQDDAN4NjMwEqQQ +-MA4xDDAKBgNVBAMMA3g2NDASpBAwDjEMMAoGA1UEAwwDeDY1MBKkEDAOMQwwCgYD +-VQQDDAN4NjYwEqQQMA4xDDAKBgNVBAMMA3g2NzASpBAwDjEMMAoGA1UEAwwDeDY4 +-MBKkEDAOMQwwCgYDVQQDDAN4NjkwEqQQMA4xDDAKBgNVBAMMA3g3MDASpBAwDjEM +-MAoGA1UEAwwDeDcxMBKkEDAOMQwwCgYDVQQDDAN4NzIwEqQQMA4xDDAKBgNVBAMM +-A3g3MzASpBAwDjEMMAoGA1UEAwwDeDc0MBKkEDAOMQwwCgYDVQQDDAN4NzUwEqQQ +-MA4xDDAKBgNVBAMMA3g3NjASpBAwDjEMMAoGA1UEAwwDeDc3MBKkEDAOMQwwCgYD +-VQQDDAN4NzgwEqQQMA4xDDAKBgNVBAMMA3g3OTASpBAwDjEMMAoGA1UEAwwDeDgw +-MBKkEDAOMQwwCgYDVQQDDAN4ODEwEqQQMA4xDDAKBgNVBAMMA3g4MjASpBAwDjEM +-MAoGA1UEAwwDeDgzMBKkEDAOMQwwCgYDVQQDDAN4ODQwEqQQMA4xDDAKBgNVBAMM +-A3g4NTASpBAwDjEMMAoGA1UEAwwDeDg2MBKkEDAOMQwwCgYDVQQDDAN4ODcwEqQQ +-MA4xDDAKBgNVBAMMA3g4ODASpBAwDjEMMAoGA1UEAwwDeDg5MBKkEDAOMQwwCgYD +-VQQDDAN4OTAwEqQQMA4xDDAKBgNVBAMMA3g5MTASpBAwDjEMMAoGA1UEAwwDeDky +-MBKkEDAOMQwwCgYDVQQDDAN4OTMwEqQQMA4xDDAKBgNVBAMMA3g5NDASpBAwDjEM +-MAoGA1UEAwwDeDk1MBKkEDAOMQwwCgYDVQQDDAN4OTYwEqQQMA4xDDAKBgNVBAMM +-A3g5NzASpBAwDjEMMAoGA1UEAwwDeDk4MBKkEDAOMQwwCgYDVQQDDAN4OTkwE6QR +-MA8xDTALBgNVBAMMBHgxMDAwE6QRMA8xDTALBgNVBAMMBHgxMDEwE6QRMA8xDTAL +-BgNVBAMMBHgxMDIwE6QRMA8xDTALBgNVBAMMBHgxMDMwE6QRMA8xDTALBgNVBAMM +-BHgxMDQwE6QRMA8xDTALBgNVBAMMBHgxMDUwE6QRMA8xDTALBgNVBAMMBHgxMDYw +-E6QRMA8xDTALBgNVBAMMBHgxMDcwE6QRMA8xDTALBgNVBAMMBHgxMDgwE6QRMA8x +-DTALBgNVBAMMBHgxMDkwE6QRMA8xDTALBgNVBAMMBHgxMTAwE6QRMA8xDTALBgNV +-BAMMBHgxMTEwE6QRMA8xDTALBgNVBAMMBHgxMTIwE6QRMA8xDTALBgNVBAMMBHgx +-MTMwE6QRMA8xDTALBgNVBAMMBHgxMTQwE6QRMA8xDTALBgNVBAMMBHgxMTUwE6QR +-MA8xDTALBgNVBAMMBHgxMTYwE6QRMA8xDTALBgNVBAMMBHgxMTcwE6QRMA8xDTAL +-BgNVBAMMBHgxMTgwE6QRMA8xDTALBgNVBAMMBHgxMTkwE6QRMA8xDTALBgNVBAMM +-BHgxMjAwE6QRMA8xDTALBgNVBAMMBHgxMjEwE6QRMA8xDTALBgNVBAMMBHgxMjIw +-E6QRMA8xDTALBgNVBAMMBHgxMjMwE6QRMA8xDTALBgNVBAMMBHgxMjQwE6QRMA8x +-DTALBgNVBAMMBHgxMjUwE6QRMA8xDTALBgNVBAMMBHgxMjYwE6QRMA8xDTALBgNV +-BAMMBHgxMjcwE6QRMA8xDTALBgNVBAMMBHgxMjgwE6QRMA8xDTALBgNVBAMMBHgx +-MjkwE6QRMA8xDTALBgNVBAMMBHgxMzAwE6QRMA8xDTALBgNVBAMMBHgxMzEwE6QR +-MA8xDTALBgNVBAMMBHgxMzIwE6QRMA8xDTALBgNVBAMMBHgxMzMwE6QRMA8xDTAL +-BgNVBAMMBHgxMzQwE6QRMA8xDTALBgNVBAMMBHgxMzUwE6QRMA8xDTALBgNVBAMM +-BHgxMzYwE6QRMA8xDTALBgNVBAMMBHgxMzcwE6QRMA8xDTALBgNVBAMMBHgxMzgw +-E6QRMA8xDTALBgNVBAMMBHgxMzkwE6QRMA8xDTALBgNVBAMMBHgxNDAwE6QRMA8x +-DTALBgNVBAMMBHgxNDEwE6QRMA8xDTALBgNVBAMMBHgxNDIwE6QRMA8xDTALBgNV +-BAMMBHgxNDMwE6QRMA8xDTALBgNVBAMMBHgxNDQwE6QRMA8xDTALBgNVBAMMBHgx +-NDUwE6QRMA8xDTALBgNVBAMMBHgxNDYwE6QRMA8xDTALBgNVBAMMBHgxNDcwE6QR +-MA8xDTALBgNVBAMMBHgxNDgwE6QRMA8xDTALBgNVBAMMBHgxNDkwE6QRMA8xDTAL +-BgNVBAMMBHgxNTAwE6QRMA8xDTALBgNVBAMMBHgxNTEwE6QRMA8xDTALBgNVBAMM +-BHgxNTIwE6QRMA8xDTALBgNVBAMMBHgxNTMwE6QRMA8xDTALBgNVBAMMBHgxNTQw +-E6QRMA8xDTALBgNVBAMMBHgxNTUwE6QRMA8xDTALBgNVBAMMBHgxNTYwE6QRMA8x +-DTALBgNVBAMMBHgxNTcwE6QRMA8xDTALBgNVBAMMBHgxNTgwE6QRMA8xDTALBgNV +-BAMMBHgxNTkwE6QRMA8xDTALBgNVBAMMBHgxNjAwE6QRMA8xDTALBgNVBAMMBHgx +-NjEwE6QRMA8xDTALBgNVBAMMBHgxNjIwE6QRMA8xDTALBgNVBAMMBHgxNjMwE6QR +-MA8xDTALBgNVBAMMBHgxNjQwE6QRMA8xDTALBgNVBAMMBHgxNjUwE6QRMA8xDTAL +-BgNVBAMMBHgxNjYwE6QRMA8xDTALBgNVBAMMBHgxNjcwE6QRMA8xDTALBgNVBAMM +-BHgxNjgwE6QRMA8xDTALBgNVBAMMBHgxNjkwE6QRMA8xDTALBgNVBAMMBHgxNzAw +-E6QRMA8xDTALBgNVBAMMBHgxNzEwE6QRMA8xDTALBgNVBAMMBHgxNzIwE6QRMA8x +-DTALBgNVBAMMBHgxNzMwE6QRMA8xDTALBgNVBAMMBHgxNzQwE6QRMA8xDTALBgNV +-BAMMBHgxNzUwE6QRMA8xDTALBgNVBAMMBHgxNzYwE6QRMA8xDTALBgNVBAMMBHgx +-NzcwE6QRMA8xDTALBgNVBAMMBHgxNzgwE6QRMA8xDTALBgNVBAMMBHgxNzkwE6QR +-MA8xDTALBgNVBAMMBHgxODAwE6QRMA8xDTALBgNVBAMMBHgxODEwE6QRMA8xDTAL +-BgNVBAMMBHgxODIwE6QRMA8xDTALBgNVBAMMBHgxODMwE6QRMA8xDTALBgNVBAMM +-BHgxODQwE6QRMA8xDTALBgNVBAMMBHgxODUwE6QRMA8xDTALBgNVBAMMBHgxODYw +-E6QRMA8xDTALBgNVBAMMBHgxODcwE6QRMA8xDTALBgNVBAMMBHgxODgwE6QRMA8x +-DTALBgNVBAMMBHgxODkwE6QRMA8xDTALBgNVBAMMBHgxOTAwE6QRMA8xDTALBgNV +-BAMMBHgxOTEwE6QRMA8xDTALBgNVBAMMBHgxOTIwE6QRMA8xDTALBgNVBAMMBHgx +-OTMwE6QRMA8xDTALBgNVBAMMBHgxOTQwE6QRMA8xDTALBgNVBAMMBHgxOTUwE6QR +-MA8xDTALBgNVBAMMBHgxOTYwE6QRMA8xDTALBgNVBAMMBHgxOTcwE6QRMA8xDTAL +-BgNVBAMMBHgxOTgwE6QRMA8xDTALBgNVBAMMBHgxOTkwE6QRMA8xDTALBgNVBAMM +-BHgyMDAwE6QRMA8xDTALBgNVBAMMBHgyMDEwE6QRMA8xDTALBgNVBAMMBHgyMDIw +-E6QRMA8xDTALBgNVBAMMBHgyMDMwE6QRMA8xDTALBgNVBAMMBHgyMDQwE6QRMA8x +-DTALBgNVBAMMBHgyMDUwE6QRMA8xDTALBgNVBAMMBHgyMDYwE6QRMA8xDTALBgNV +-BAMMBHgyMDcwE6QRMA8xDTALBgNVBAMMBHgyMDgwE6QRMA8xDTALBgNVBAMMBHgy +-MDkwE6QRMA8xDTALBgNVBAMMBHgyMTAwE6QRMA8xDTALBgNVBAMMBHgyMTEwE6QR +-MA8xDTALBgNVBAMMBHgyMTIwE6QRMA8xDTALBgNVBAMMBHgyMTMwE6QRMA8xDTAL +-BgNVBAMMBHgyMTQwE6QRMA8xDTALBgNVBAMMBHgyMTUwE6QRMA8xDTALBgNVBAMM +-BHgyMTYwE6QRMA8xDTALBgNVBAMMBHgyMTcwE6QRMA8xDTALBgNVBAMMBHgyMTgw +-E6QRMA8xDTALBgNVBAMMBHgyMTkwE6QRMA8xDTALBgNVBAMMBHgyMjAwE6QRMA8x +-DTALBgNVBAMMBHgyMjEwE6QRMA8xDTALBgNVBAMMBHgyMjIwE6QRMA8xDTALBgNV +-BAMMBHgyMjMwE6QRMA8xDTALBgNVBAMMBHgyMjQwE6QRMA8xDTALBgNVBAMMBHgy +-MjUwE6QRMA8xDTALBgNVBAMMBHgyMjYwE6QRMA8xDTALBgNVBAMMBHgyMjcwE6QR +-MA8xDTALBgNVBAMMBHgyMjgwE6QRMA8xDTALBgNVBAMMBHgyMjkwE6QRMA8xDTAL +-BgNVBAMMBHgyMzAwE6QRMA8xDTALBgNVBAMMBHgyMzEwE6QRMA8xDTALBgNVBAMM +-BHgyMzIwE6QRMA8xDTALBgNVBAMMBHgyMzMwE6QRMA8xDTALBgNVBAMMBHgyMzQw +-E6QRMA8xDTALBgNVBAMMBHgyMzUwE6QRMA8xDTALBgNVBAMMBHgyMzYwE6QRMA8x +-DTALBgNVBAMMBHgyMzcwE6QRMA8xDTALBgNVBAMMBHgyMzgwE6QRMA8xDTALBgNV +-BAMMBHgyMzkwE6QRMA8xDTALBgNVBAMMBHgyNDAwE6QRMA8xDTALBgNVBAMMBHgy +-NDEwE6QRMA8xDTALBgNVBAMMBHgyNDIwE6QRMA8xDTALBgNVBAMMBHgyNDMwE6QR +-MA8xDTALBgNVBAMMBHgyNDQwE6QRMA8xDTALBgNVBAMMBHgyNDUwE6QRMA8xDTAL +-BgNVBAMMBHgyNDYwE6QRMA8xDTALBgNVBAMMBHgyNDcwE6QRMA8xDTALBgNVBAMM +-BHgyNDgwE6QRMA8xDTALBgNVBAMMBHgyNDkwE6QRMA8xDTALBgNVBAMMBHgyNTAw +-E6QRMA8xDTALBgNVBAMMBHgyNTEwE6QRMA8xDTALBgNVBAMMBHgyNTIwE6QRMA8x +-DTALBgNVBAMMBHgyNTMwE6QRMA8xDTALBgNVBAMMBHgyNTQwE6QRMA8xDTALBgNV +-BAMMBHgyNTUwE6QRMA8xDTALBgNVBAMMBHgyNTYwE6QRMA8xDTALBgNVBAMMBHgy +-NTcwE6QRMA8xDTALBgNVBAMMBHgyNTgwE6QRMA8xDTALBgNVBAMMBHgyNTkwE6QR +-MA8xDTALBgNVBAMMBHgyNjAwE6QRMA8xDTALBgNVBAMMBHgyNjEwE6QRMA8xDTAL +-BgNVBAMMBHgyNjIwE6QRMA8xDTALBgNVBAMMBHgyNjMwE6QRMA8xDTALBgNVBAMM +-BHgyNjQwE6QRMA8xDTALBgNVBAMMBHgyNjUwE6QRMA8xDTALBgNVBAMMBHgyNjYw +-E6QRMA8xDTALBgNVBAMMBHgyNjcwE6QRMA8xDTALBgNVBAMMBHgyNjgwE6QRMA8x +-DTALBgNVBAMMBHgyNjkwE6QRMA8xDTALBgNVBAMMBHgyNzAwE6QRMA8xDTALBgNV +-BAMMBHgyNzEwE6QRMA8xDTALBgNVBAMMBHgyNzIwE6QRMA8xDTALBgNVBAMMBHgy +-NzMwE6QRMA8xDTALBgNVBAMMBHgyNzQwE6QRMA8xDTALBgNVBAMMBHgyNzUwE6QR +-MA8xDTALBgNVBAMMBHgyNzYwE6QRMA8xDTALBgNVBAMMBHgyNzcwE6QRMA8xDTAL +-BgNVBAMMBHgyNzgwE6QRMA8xDTALBgNVBAMMBHgyNzkwE6QRMA8xDTALBgNVBAMM +-BHgyODAwE6QRMA8xDTALBgNVBAMMBHgyODEwE6QRMA8xDTALBgNVBAMMBHgyODIw +-E6QRMA8xDTALBgNVBAMMBHgyODMwE6QRMA8xDTALBgNVBAMMBHgyODQwE6QRMA8x +-DTALBgNVBAMMBHgyODUwE6QRMA8xDTALBgNVBAMMBHgyODYwE6QRMA8xDTALBgNV +-BAMMBHgyODcwE6QRMA8xDTALBgNVBAMMBHgyODgwE6QRMA8xDTALBgNVBAMMBHgy +-ODkwE6QRMA8xDTALBgNVBAMMBHgyOTAwE6QRMA8xDTALBgNVBAMMBHgyOTEwE6QR +-MA8xDTALBgNVBAMMBHgyOTIwE6QRMA8xDTALBgNVBAMMBHgyOTMwE6QRMA8xDTAL +-BgNVBAMMBHgyOTQwE6QRMA8xDTALBgNVBAMMBHgyOTUwE6QRMA8xDTALBgNVBAMM +-BHgyOTYwE6QRMA8xDTALBgNVBAMMBHgyOTcwE6QRMA8xDTALBgNVBAMMBHgyOTgw +-E6QRMA8xDTALBgNVBAMMBHgyOTkwE6QRMA8xDTALBgNVBAMMBHgzMDAwE6QRMA8x +-DTALBgNVBAMMBHgzMDEwE6QRMA8xDTALBgNVBAMMBHgzMDIwE6QRMA8xDTALBgNV +-BAMMBHgzMDMwE6QRMA8xDTALBgNVBAMMBHgzMDQwE6QRMA8xDTALBgNVBAMMBHgz +-MDUwE6QRMA8xDTALBgNVBAMMBHgzMDYwE6QRMA8xDTALBgNVBAMMBHgzMDcwE6QR +-MA8xDTALBgNVBAMMBHgzMDgwE6QRMA8xDTALBgNVBAMMBHgzMDkwE6QRMA8xDTAL +-BgNVBAMMBHgzMTAwE6QRMA8xDTALBgNVBAMMBHgzMTEwE6QRMA8xDTALBgNVBAMM +-BHgzMTIwE6QRMA8xDTALBgNVBAMMBHgzMTMwE6QRMA8xDTALBgNVBAMMBHgzMTQw +-E6QRMA8xDTALBgNVBAMMBHgzMTUwE6QRMA8xDTALBgNVBAMMBHgzMTYwE6QRMA8x +-DTALBgNVBAMMBHgzMTcwE6QRMA8xDTALBgNVBAMMBHgzMTgwE6QRMA8xDTALBgNV +-BAMMBHgzMTkwE6QRMA8xDTALBgNVBAMMBHgzMjAwE6QRMA8xDTALBgNVBAMMBHgz +-MjEwE6QRMA8xDTALBgNVBAMMBHgzMjIwE6QRMA8xDTALBgNVBAMMBHgzMjMwE6QR +-MA8xDTALBgNVBAMMBHgzMjQwE6QRMA8xDTALBgNVBAMMBHgzMjUwE6QRMA8xDTAL +-BgNVBAMMBHgzMjYwE6QRMA8xDTALBgNVBAMMBHgzMjcwE6QRMA8xDTALBgNVBAMM +-BHgzMjgwE6QRMA8xDTALBgNVBAMMBHgzMjkwE6QRMA8xDTALBgNVBAMMBHgzMzAw +-E6QRMA8xDTALBgNVBAMMBHgzMzEwE6QRMA8xDTALBgNVBAMMBHgzMzIwE6QRMA8x +-DTALBgNVBAMMBHgzMzMwE6QRMA8xDTALBgNVBAMMBHgzMzQwE6QRMA8xDTALBgNV +-BAMMBHgzMzUwE6QRMA8xDTALBgNVBAMMBHgzMzYwE6QRMA8xDTALBgNVBAMMBHgz +-MzcwE6QRMA8xDTALBgNVBAMMBHgzMzgwE6QRMA8xDTALBgNVBAMMBHgzMzkwE6QR +-MA8xDTALBgNVBAMMBHgzNDAwE6QRMA8xDTALBgNVBAMMBHgzNDEwE6QRMA8xDTAL +-BgNVBAMMBHgzNDIwE6QRMA8xDTALBgNVBAMMBHgzNDMwE6QRMA8xDTALBgNVBAMM +-BHgzNDQwE6QRMA8xDTALBgNVBAMMBHgzNDUwE6QRMA8xDTALBgNVBAMMBHgzNDYw +-E6QRMA8xDTALBgNVBAMMBHgzNDcwE6QRMA8xDTALBgNVBAMMBHgzNDgwE6QRMA8x +-DTALBgNVBAMMBHgzNDkwE6QRMA8xDTALBgNVBAMMBHgzNTAwE6QRMA8xDTALBgNV +-BAMMBHgzNTEwE6QRMA8xDTALBgNVBAMMBHgzNTIwE6QRMA8xDTALBgNVBAMMBHgz +-NTMwE6QRMA8xDTALBgNVBAMMBHgzNTQwE6QRMA8xDTALBgNVBAMMBHgzNTUwE6QR +-MA8xDTALBgNVBAMMBHgzNTYwE6QRMA8xDTALBgNVBAMMBHgzNTcwE6QRMA8xDTAL +-BgNVBAMMBHgzNTgwE6QRMA8xDTALBgNVBAMMBHgzNTkwE6QRMA8xDTALBgNVBAMM +-BHgzNjAwE6QRMA8xDTALBgNVBAMMBHgzNjEwE6QRMA8xDTALBgNVBAMMBHgzNjIw +-E6QRMA8xDTALBgNVBAMMBHgzNjMwE6QRMA8xDTALBgNVBAMMBHgzNjQwE6QRMA8x +-DTALBgNVBAMMBHgzNjUwE6QRMA8xDTALBgNVBAMMBHgzNjYwE6QRMA8xDTALBgNV +-BAMMBHgzNjcwE6QRMA8xDTALBgNVBAMMBHgzNjgwE6QRMA8xDTALBgNVBAMMBHgz +-NjkwE6QRMA8xDTALBgNVBAMMBHgzNzAwE6QRMA8xDTALBgNVBAMMBHgzNzEwE6QR +-MA8xDTALBgNVBAMMBHgzNzIwE6QRMA8xDTALBgNVBAMMBHgzNzMwE6QRMA8xDTAL +-BgNVBAMMBHgzNzQwE6QRMA8xDTALBgNVBAMMBHgzNzUwE6QRMA8xDTALBgNVBAMM +-BHgzNzYwE6QRMA8xDTALBgNVBAMMBHgzNzcwE6QRMA8xDTALBgNVBAMMBHgzNzgw +-E6QRMA8xDTALBgNVBAMMBHgzNzkwE6QRMA8xDTALBgNVBAMMBHgzODAwE6QRMA8x +-DTALBgNVBAMMBHgzODEwE6QRMA8xDTALBgNVBAMMBHgzODIwE6QRMA8xDTALBgNV +-BAMMBHgzODMwE6QRMA8xDTALBgNVBAMMBHgzODQwE6QRMA8xDTALBgNVBAMMBHgz +-ODUwE6QRMA8xDTALBgNVBAMMBHgzODYwE6QRMA8xDTALBgNVBAMMBHgzODcwE6QR +-MA8xDTALBgNVBAMMBHgzODgwE6QRMA8xDTALBgNVBAMMBHgzODkwE6QRMA8xDTAL +-BgNVBAMMBHgzOTAwE6QRMA8xDTALBgNVBAMMBHgzOTEwE6QRMA8xDTALBgNVBAMM +-BHgzOTIwE6QRMA8xDTALBgNVBAMMBHgzOTMwE6QRMA8xDTALBgNVBAMMBHgzOTQw +-E6QRMA8xDTALBgNVBAMMBHgzOTUwE6QRMA8xDTALBgNVBAMMBHgzOTYwE6QRMA8x +-DTALBgNVBAMMBHgzOTcwE6QRMA8xDTALBgNVBAMMBHgzOTgwE6QRMA8xDTALBgNV +-BAMMBHgzOTkwE6QRMA8xDTALBgNVBAMMBHg0MDAwE6QRMA8xDTALBgNVBAMMBHg0 +-MDEwE6QRMA8xDTALBgNVBAMMBHg0MDIwE6QRMA8xDTALBgNVBAMMBHg0MDMwE6QR +-MA8xDTALBgNVBAMMBHg0MDQwE6QRMA8xDTALBgNVBAMMBHg0MDUwE6QRMA8xDTAL +-BgNVBAMMBHg0MDYwE6QRMA8xDTALBgNVBAMMBHg0MDcwE6QRMA8xDTALBgNVBAMM +-BHg0MDgwE6QRMA8xDTALBgNVBAMMBHg0MDkwE6QRMA8xDTALBgNVBAMMBHg0MTAw +-E6QRMA8xDTALBgNVBAMMBHg0MTEwE6QRMA8xDTALBgNVBAMMBHg0MTIwE6QRMA8x +-DTALBgNVBAMMBHg0MTMwE6QRMA8xDTALBgNVBAMMBHg0MTQwE6QRMA8xDTALBgNV +-BAMMBHg0MTUwE6QRMA8xDTALBgNVBAMMBHg0MTYwE6QRMA8xDTALBgNVBAMMBHg0 +-MTcwE6QRMA8xDTALBgNVBAMMBHg0MTgwDQYJKoZIhvcNAQELBQADggEBAHh3z5Nf +-vf8/kKQ5S3IYkHIyfPfcs230zsmZctljBoiF2JEgNXJNCbUCiVBjXmlZX/nB5w/W +-VWtnDfewgwIY1XW6BpblP/rEDzB5vEObbuYVwoe8V086fDe7FZDz161CRMOty/T6 +-DzIlm1oqC34q8es1f/J9YEvjj/wBpr7Mi0rmX+xCR+RmWk8gsnvMUSeR6rDfcJ/l +-d2piJRLaevJUTz64GKljTVAC8E3sHbx8Ont+D2u3MGHnQxy6xY7GnhQNfwfgZmsd +-MtMupuEW9i7VsVauiPnkqB33Z6zQLiyrBERLZ38DB534TbeCMU8jN16O1+P6UpSi +-J5h5m04zmUWk1pg= ++ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDAKhwgKAAAA//// ++/zAKhwgKAAAB/////zAKhwgKAAAC/////zAKhwgKAAAD/////zAKhwgKAAAE//// ++/zAKhwgKAAAF/////zAKhwgKAAAG/////zAKhwgKAAAH/////zAKhwgKAAAI//// ++/zAKhwgKAAAJ/////zAKhwgKAAAK/////zAKhwgKAAAL/////zAKhwgKAAAM//// ++/zAKhwgKAAAN/////zAKhwgKAAAO/////zAKhwgKAAAP/////zAKhwgKAAAQ//// ++/zAKhwgKAAAR/////zAKhwgKAAAS/////zAKhwgKAAAT/////zAKhwgKAAAU//// ++/zAKhwgKAAAV/////zAKhwgKAAAW/////zAKhwgKAAAX/////zAKhwgKAAAY//// ++/zAKhwgKAAAZ/////zAKhwgKAAAa/////zAKhwgKAAAb/////zAKhwgKAAAc//// ++/zAKhwgKAAAd/////zAKhwgKAAAe/////zAKhwgKAAAf/////zAKhwgKAAAg//// ++/zAKhwgKAAAh/////zAKhwgKAAAi/////zAKhwgKAAAj/////zAKhwgKAAAk//// ++/zAKhwgKAAAl/////zAKhwgKAAAm/////zAKhwgKAAAn/////zAKhwgKAAAo//// ++/zAKhwgKAAAp/////zAKhwgKAAAq/////zAKhwgKAAAr/////zAKhwgKAAAs//// ++/zAKhwgKAAAt/////zAKhwgKAAAu/////zAKhwgKAAAv/////zAKhwgKAAAw//// ++/zAKhwgKAAAx/////zAKhwgKAAAy/////zAKhwgKAAAz/////zAKhwgKAAA0//// ++/zAKhwgKAAA1/////zAKhwgKAAA2/////zAKhwgKAAA3/////zAKhwgKAAA4//// ++/zAKhwgKAAA5/////zAKhwgKAAA6/////zAKhwgKAAA7/////zAKhwgKAAA8//// ++/zAKhwgKAAA9/////zAKhwgKAAA+/////zAKhwgKAAA//////zAKhwgKAABA//// ++/zAKhwgKAABB/////zAKhwgKAABC/////zAKhwgKAABD/////zAKhwgKAABE//// ++/zAKhwgKAABF/////zAKhwgKAABG/////zAKhwgKAABH/////zAKhwgKAABI//// ++/zAKhwgKAABJ/////zAKhwgKAABK/////zAKhwgKAABL/////zAKhwgKAABM//// ++/zAKhwgKAABN/////zAKhwgKAABO/////zAKhwgKAABP/////zAKhwgKAABQ//// ++/zAKhwgKAABR/////zAKhwgKAABS/////zAKhwgKAABT/////zAKhwgKAABU//// ++/zAKhwgKAABV/////zAKhwgKAABW/////zAKhwgKAABX/////zAKhwgKAABY//// ++/zAKhwgKAABZ/////zAKhwgKAABa/////zAKhwgKAABb/////zAKhwgKAABc//// ++/zAKhwgKAABd/////zAKhwgKAABe/////zAKhwgKAABf/////zAKhwgKAABg//// ++/zAKhwgKAABh/////zAKhwgKAABi/////zAKhwgKAABj/////zAKhwgKAABk//// ++/zAKhwgKAABl/////zAKhwgKAABm/////zAKhwgKAABn/////zAKhwgKAABo//// ++/zAKhwgKAABp/////zAKhwgKAABq/////zAKhwgKAABr/////zAKhwgKAABs//// ++/zAKhwgKAABt/////zAKhwgKAABu/////zAKhwgKAABv/////zAKhwgKAABw//// ++/zAKhwgKAABx/////zAKhwgKAABy/////zAKhwgKAABz/////zAKhwgKAAB0//// ++/zAKhwgKAAB1/////zAKhwgKAAB2/////zAKhwgKAAB3/////zAKhwgKAAB4//// ++/zAKhwgKAAB5/////zAKhwgKAAB6/////zAKhwgKAAB7/////zAKhwgKAAB8//// ++/zAKhwgKAAB9/////zAKhwgKAAB+/////zAKhwgKAAB//////zAKhwgKAACA//// ++/zAKhwgKAACB/////zAKhwgKAACC/////zAKhwgKAACD/////zAKhwgKAACE//// ++/zAKhwgKAACF/////zAKhwgKAACG/////zAKhwgKAACH/////zAKhwgKAACI//// ++/zAKhwgKAACJ/////zAKhwgKAACK/////zAKhwgKAACL/////zAKhwgKAACM//// ++/zAKhwgKAACN/////zAKhwgKAACO/////zAKhwgKAACP/////zAKhwgKAACQ//// ++/zAKhwgKAACR/////zAKhwgKAACS/////zAKhwgKAACT/////zAKhwgKAACU//// ++/zAKhwgKAACV/////zAKhwgKAACW/////zAKhwgKAACX/////zAKhwgKAACY//// ++/zAKhwgKAACZ/////zAKhwgKAACa/////zAKhwgKAACb/////zAKhwgKAACc//// ++/zAKhwgKAACd/////zAKhwgKAACe/////zAKhwgKAACf/////zAKhwgKAACg//// ++/zAKhwgKAACh/////zAKhwgKAACi/////zAKhwgKAACj/////zAKhwgKAACk//// ++/zAKhwgKAACl/////zAKhwgKAACm/////zAKhwgKAACn/////zAKhwgKAACo//// ++/zAKhwgKAACp/////zAKhwgKAACq/////zARpA8wDTELMAkGA1UEAwwCdDAwEaQP ++MA0xCzAJBgNVBAMMAnQxMBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UE ++AwwCdDMwEaQPMA0xCzAJBgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8w ++DTELMAkGA1UEAwwCdDYwEaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQD ++DAJ0ODARpA8wDTELMAkGA1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAw ++DjEMMAoGA1UEAwwDdDExMBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNV ++BAMMA3QxMzASpBAwDjEMMAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUw ++EqQQMA4xDDAKBgNVBAMMA3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQww ++CgYDVQQDDAN0MTgwEqQQMA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwD ++dDIwMBKkEDAOMQwwCgYDVQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAw ++DjEMMAoGA1UEAwwDdDIzMBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNV ++BAMMA3QyNTASpBAwDjEMMAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0Mjcw ++EqQQMA4xDDAKBgNVBAMMA3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQww ++CgYDVQQDDAN0MzAwEqQQMA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwD ++dDMyMBKkEDAOMQwwCgYDVQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAw ++DjEMMAoGA1UEAwwDdDM1MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNV ++BAMMA3QzNzASpBAwDjEMMAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0Mzkw ++EqQQMA4xDDAKBgNVBAMMA3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQww ++CgYDVQQDDAN0NDIwEqQQMA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwD ++dDQ0MBKkEDAOMQwwCgYDVQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAw ++DjEMMAoGA1UEAwwDdDQ3MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNV ++BAMMA3Q0OTASpBAwDjEMMAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEw ++EqQQMA4xDDAKBgNVBAMMA3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQww ++CgYDVQQDDAN0NTQwEqQQMA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwD ++dDU2MBKkEDAOMQwwCgYDVQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAw ++DjEMMAoGA1UEAwwDdDU5MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNV ++BAMMA3Q2MTASpBAwDjEMMAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMw ++EqQQMA4xDDAKBgNVBAMMA3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQww ++CgYDVQQDDAN0NjYwEqQQMA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwD ++dDY4MBKkEDAOMQwwCgYDVQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAw ++DjEMMAoGA1UEAwwDdDcxMBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNV ++BAMMA3Q3MzASpBAwDjEMMAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUw ++EqQQMA4xDDAKBgNVBAMMA3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQww ++CgYDVQQDDAN0NzgwEqQQMA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwD ++dDgwMBKkEDAOMQwwCgYDVQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAw ++DjEMMAoGA1UEAwwDdDgzMBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNV ++BAMMA3Q4NTASpBAwDjEMMAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcw ++EqQQMA4xDDAKBgNVBAMMA3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQww ++CgYDVQQDDAN0OTAwEqQQMA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwD ++dDkyMBKkEDAOMQwwCgYDVQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAw ++DjEMMAoGA1UEAwwDdDk1MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNV ++BAMMA3Q5NzASpBAwDjEMMAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkw ++E6QRMA8xDTALBgNVBAMMBHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8x ++DTALBgNVBAMMBHQxMDIwE6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNV ++BAMMBHQxMDQwE6QRMA8xDTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQx ++MDYwE6QRMA8xDTALBgNVBAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QR ++MA8xDTALBgNVBAMMBHQxMDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTAL ++BgNVBAMMBHQxMTEwE6QRMA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMM ++BHQxMTMwE6QRMA8xDTALBgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUw ++E6QRMA8xDTALBgNVBAMMBHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8x ++DTALBgNVBAMMBHQxMTgwE6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNV ++BAMMBHQxMjAwE6QRMA8xDTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQx ++MjIwE6QRMA8xDTALBgNVBAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QR ++MA8xDTALBgNVBAMMBHQxMjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTAL ++BgNVBAMMBHQxMjcwE6QRMA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMM ++BHQxMjkwE6QRMA8xDTALBgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEw ++E6QRMA8xDTALBgNVBAMMBHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8x ++DTALBgNVBAMMBHQxMzQwE6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNV ++BAMMBHQxMzYwE6QRMA8xDTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQx ++MzgwE6QRMA8xDTALBgNVBAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QR ++MA8xDTALBgNVBAMMBHQxNDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTAL ++BgNVBAMMBHQxNDMwE6QRMA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMM ++BHQxNDUwE6QRMA8xDTALBgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcw ++E6QRMA8xDTALBgNVBAMMBHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8x ++DTALBgNVBAMMBHQxNTAwE6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNV ++BAMMBHQxNTIwE6QRMA8xDTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQx ++NTQwE6QRMA8xDTALBgNVBAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QR ++MA8xDTALBgNVBAMMBHQxNTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTAL ++BgNVBAMMBHQxNTkwE6QRMA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMM ++BHQxNjEwE6QRMA8xDTALBgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMw ++E6QRMA8xDTALBgNVBAMMBHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8x ++DTALBgNVBAMMBHQxNjYwE6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNV ++BAMMBHQxNjgwE6QRMA8xDTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQx ++NzAwE6QRMA8xDTALBgNVBAMMBHQxNzGhgh2wMAmCB3gwLnRlc3QwCYIHeDEudGVz ++dDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmC ++B3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEw ++LnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0 ++LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4 ++LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIy ++LnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2 ++LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMw ++LnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0 ++LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4 ++LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQy ++LnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2 ++LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUw ++LnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0 ++LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4 ++LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYy ++LnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2 ++LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcw ++LnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0 ++LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4 ++LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgy ++LnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2 ++LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkw ++LnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0 ++LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4 ++LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4 ++MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3Qw ++C4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50 ++ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgx ++MTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDAL ++ggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRl ++c3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEy ++NC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuC ++CXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVz ++dDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1 ++LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJ ++eDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0 ++MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYu ++dGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4 ++MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3Qw ++C4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50 ++ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgx ++NjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDAL ++ggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRl ++c3QwC4IJeDE2OS50ZXN0MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/ ++////MAqHCAsAAAP/////MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/ ++////MAqHCAsAAAf/////MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/ ++////MAqHCAsAAAv/////MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/ ++////MAqHCAsAAA//////MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/ ++////MAqHCAsAABP/////MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/ ++////MAqHCAsAABf/////MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/ ++////MAqHCAsAABv/////MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/ ++////MAqHCAsAAB//////MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/ ++////MAqHCAsAACP/////MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/ ++////MAqHCAsAACf/////MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/ ++////MAqHCAsAACv/////MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/ ++////MAqHCAsAAC//////MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/ ++////MAqHCAsAADP/////MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/ ++////MAqHCAsAADf/////MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/ ++////MAqHCAsAADv/////MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/ ++////MAqHCAsAAD//////MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/ ++////MAqHCAsAAEP/////MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/ ++////MAqHCAsAAEf/////MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/ ++////MAqHCAsAAEv/////MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/ ++////MAqHCAsAAE//////MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/ ++////MAqHCAsAAFP/////MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/ ++////MAqHCAsAAFf/////MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/ ++////MAqHCAsAAFv/////MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/ ++////MAqHCAsAAF//////MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/ ++////MAqHCAsAAGP/////MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/ ++////MAqHCAsAAGf/////MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/ ++////MAqHCAsAAGv/////MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/ ++////MAqHCAsAAG//////MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/ ++////MAqHCAsAAHP/////MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/ ++////MAqHCAsAAHf/////MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/ ++////MAqHCAsAAHv/////MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/ ++////MAqHCAsAAH//////MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/ ++////MAqHCAsAAIP/////MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/ ++////MAqHCAsAAIf/////MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/ ++////MAqHCAsAAIv/////MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/ ++////MAqHCAsAAI//////MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/ ++////MAqHCAsAAJP/////MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/ ++////MAqHCAsAAJf/////MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/ ++////MAqHCAsAAJv/////MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/ ++////MAqHCAsAAJ//////MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/ ++////MAqHCAsAAKP/////MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/ ++////MAqHCAsAAKf/////MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQsw ++CQYDVQQDDAJ4MDARpA8wDTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngy ++MBGkDzANMQswCQYDVQQDDAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJ ++BgNVBAMMAng1MBGkDzANMQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcw ++EaQPMA0xCzAJBgNVBAMMAng4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoG ++A1UEAwwDeDEwMBKkEDAOMQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gx ++MjASpBAwDjEMMAoGA1UEAwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4x ++DDAKBgNVBAMMA3gxNTASpBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQD ++DAN4MTcwEqQQMA4xDDAKBgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKk ++EDAOMQwwCgYDVQQDDAN4MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoG ++A1UEAwwDeDIyMBKkEDAOMQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gy ++NDASpBAwDjEMMAoGA1UEAwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4x ++DDAKBgNVBAMMA3gyNzASpBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQD ++DAN4MjkwEqQQMA4xDDAKBgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKk ++EDAOMQwwCgYDVQQDDAN4MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoG ++A1UEAwwDeDM0MBKkEDAOMQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gz ++NjASpBAwDjEMMAoGA1UEAwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4x ++DDAKBgNVBAMMA3gzOTASpBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQD ++DAN4NDEwEqQQMA4xDDAKBgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKk ++EDAOMQwwCgYDVQQDDAN4NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoG ++A1UEAwwDeDQ2MBKkEDAOMQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0 ++ODASpBAwDjEMMAoGA1UEAwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4x ++DDAKBgNVBAMMA3g1MTASpBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQD ++DAN4NTMwEqQQMA4xDDAKBgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKk ++EDAOMQwwCgYDVQQDDAN4NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoG ++A1UEAwwDeDU4MBKkEDAOMQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2 ++MDASpBAwDjEMMAoGA1UEAwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4x ++DDAKBgNVBAMMA3g2MzASpBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQD ++DAN4NjUwEqQQMA4xDDAKBgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKk ++EDAOMQwwCgYDVQQDDAN4NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoG ++A1UEAwwDeDcwMBKkEDAOMQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3 ++MjASpBAwDjEMMAoGA1UEAwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4x ++DDAKBgNVBAMMA3g3NTASpBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQD ++DAN4NzcwEqQQMA4xDDAKBgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKk ++EDAOMQwwCgYDVQQDDAN4ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoG ++A1UEAwwDeDgyMBKkEDAOMQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4 ++NDASpBAwDjEMMAoGA1UEAwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4x ++DDAKBgNVBAMMA3g4NzASpBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQD ++DAN4ODkwEqQQMA4xDDAKBgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKk ++EDAOMQwwCgYDVQQDDAN4OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoG ++A1UEAwwDeDk0MBKkEDAOMQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5 ++NjASpBAwDjEMMAoGA1UEAwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4x ++DDAKBgNVBAMMA3g5OTATpBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UE ++AwwEeDEwMTATpBEwDzENMAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEw ++MzATpBEwDzENMAsGA1UEAwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEw ++DzENMAsGA1UEAwwEeDEwNjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsG ++A1UEAwwEeDEwODATpBEwDzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwE ++eDExMDATpBEwDzENMAsGA1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjAT ++pBEwDzENMAsGA1UEAwwEeDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzEN ++MAsGA1UEAwwEeDExNTATpBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UE ++AwwEeDExNzATpBEwDzENMAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDEx ++OTATpBEwDzENMAsGA1UEAwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEw ++DzENMAsGA1UEAwwEeDEyMjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsG ++A1UEAwwEeDEyNDATpBEwDzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwE ++eDEyNjATpBEwDzENMAsGA1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODAT ++pBEwDzENMAsGA1UEAwwEeDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzEN ++MAsGA1UEAwwEeDEzMTATpBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UE ++AwwEeDEzMzATpBEwDzENMAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEz ++NTATpBEwDzENMAsGA1UEAwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEw ++DzENMAsGA1UEAwwEeDEzODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsG ++A1UEAwwEeDE0MDATpBEwDzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwE ++eDE0MjATpBEwDzENMAsGA1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDAT ++pBEwDzENMAsGA1UEAwwEeDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzEN ++MAsGA1UEAwwEeDE0NzATpBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UE ++AwwEeDE0OTATpBEwDzENMAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1 ++MTATpBEwDzENMAsGA1UEAwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEw ++DzENMAsGA1UEAwwEeDE1NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsG ++A1UEAwwEeDE1NjATpBEwDzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwE ++eDE1ODATpBEwDzENMAsGA1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDAT ++pBEwDzENMAsGA1UEAwwEeDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzEN ++MAsGA1UEAwwEeDE2MzATpBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UE ++AwwEeDE2NTATpBEwDzENMAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2 ++NzATpBEwDzENMAsGA1UEAwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTANBgkq ++hkiG9w0BAQsFAAOCAQEAn8uDe+I8Vycl7II/MML/ElFxP9WUBRpbWESAtIke4IlF ++5eNyi8TYylSj2/Kj/RYAwYYh4u3jbJR+Ca7tNhzjl289CrE5eHqzuc7DaO5gJ3zL ++azM8X6JqmdQIKukhBOoS2ShTH8yvq0GjbjT6VlZE1cUQvfQ3O0WUdBmySc8PmJR1 ++aOxOb7BBrPc4Ah3dHxT2tcYMorKnB3WZVE7+aAwdrqCQ19VkYBX/x/0x2qtQQ0S3 ++zD/S7uQDPqCdjoFIIYY0Zie+snMBK2XuUTtXP3ZRrYL8fsnOiTgEX8n2QWIyYLK5 ++0f5OeNaleVZ7V+QdQnofqvew0IK61PG7+Zzsyuf3CQ== + -----END CERTIFICATE----- + + Certificate: +@@ -3813,7 +1791,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem +index 80c8f81db55b7..5d15afebb118d 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of excluded directory name + constraints and directory names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d8 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -505,7 +505,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fa +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -554,1031 +554,1031 @@ Certificate: + CA:TRUE + X509v3 Name Constraints: + Excluded: +- DirName:CN = x0 +- DirName:CN = x1 +- DirName:CN = x2 +- DirName:CN = x3 +- DirName:CN = x4 +- DirName:CN = x5 +- DirName:CN = x6 +- DirName:CN = x7 +- DirName:CN = x8 +- DirName:CN = x9 +- DirName:CN = x10 +- DirName:CN = x11 +- DirName:CN = x12 +- DirName:CN = x13 +- DirName:CN = x14 +- DirName:CN = x15 +- DirName:CN = x16 +- DirName:CN = x17 +- DirName:CN = x18 +- DirName:CN = x19 +- DirName:CN = x20 +- DirName:CN = x21 +- DirName:CN = x22 +- DirName:CN = x23 +- DirName:CN = x24 +- DirName:CN = x25 +- DirName:CN = x26 +- DirName:CN = x27 +- DirName:CN = x28 +- DirName:CN = x29 +- DirName:CN = x30 +- DirName:CN = x31 +- DirName:CN = x32 +- DirName:CN = x33 +- DirName:CN = x34 +- DirName:CN = x35 +- DirName:CN = x36 +- DirName:CN = x37 +- DirName:CN = x38 +- DirName:CN = x39 +- DirName:CN = x40 +- DirName:CN = x41 +- DirName:CN = x42 +- DirName:CN = x43 +- DirName:CN = x44 +- DirName:CN = x45 +- DirName:CN = x46 +- DirName:CN = x47 +- DirName:CN = x48 +- DirName:CN = x49 +- DirName:CN = x50 +- DirName:CN = x51 +- DirName:CN = x52 +- DirName:CN = x53 +- DirName:CN = x54 +- DirName:CN = x55 +- DirName:CN = x56 +- DirName:CN = x57 +- DirName:CN = x58 +- DirName:CN = x59 +- DirName:CN = x60 +- DirName:CN = x61 +- DirName:CN = x62 +- DirName:CN = x63 +- DirName:CN = x64 +- DirName:CN = x65 +- DirName:CN = x66 +- DirName:CN = x67 +- DirName:CN = x68 +- DirName:CN = x69 +- DirName:CN = x70 +- DirName:CN = x71 +- DirName:CN = x72 +- DirName:CN = x73 +- DirName:CN = x74 +- DirName:CN = x75 +- DirName:CN = x76 +- DirName:CN = x77 +- DirName:CN = x78 +- DirName:CN = x79 +- DirName:CN = x80 +- DirName:CN = x81 +- DirName:CN = x82 +- DirName:CN = x83 +- DirName:CN = x84 +- DirName:CN = x85 +- DirName:CN = x86 +- DirName:CN = x87 +- DirName:CN = x88 +- DirName:CN = x89 +- DirName:CN = x90 +- DirName:CN = x91 +- DirName:CN = x92 +- DirName:CN = x93 +- DirName:CN = x94 +- DirName:CN = x95 +- DirName:CN = x96 +- DirName:CN = x97 +- DirName:CN = x98 +- DirName:CN = x99 +- DirName:CN = x100 +- DirName:CN = x101 +- DirName:CN = x102 +- DirName:CN = x103 +- DirName:CN = x104 +- DirName:CN = x105 +- DirName:CN = x106 +- DirName:CN = x107 +- DirName:CN = x108 +- DirName:CN = x109 +- DirName:CN = x110 +- DirName:CN = x111 +- DirName:CN = x112 +- DirName:CN = x113 +- DirName:CN = x114 +- DirName:CN = x115 +- DirName:CN = x116 +- DirName:CN = x117 +- DirName:CN = x118 +- DirName:CN = x119 +- DirName:CN = x120 +- DirName:CN = x121 +- DirName:CN = x122 +- DirName:CN = x123 +- DirName:CN = x124 +- DirName:CN = x125 +- DirName:CN = x126 +- DirName:CN = x127 +- DirName:CN = x128 +- DirName:CN = x129 +- DirName:CN = x130 +- DirName:CN = x131 +- DirName:CN = x132 +- DirName:CN = x133 +- DirName:CN = x134 +- DirName:CN = x135 +- DirName:CN = x136 +- DirName:CN = x137 +- DirName:CN = x138 +- DirName:CN = x139 +- DirName:CN = x140 +- DirName:CN = x141 +- DirName:CN = x142 +- DirName:CN = x143 +- DirName:CN = x144 +- DirName:CN = x145 +- DirName:CN = x146 +- DirName:CN = x147 +- DirName:CN = x148 +- DirName:CN = x149 +- DirName:CN = x150 +- DirName:CN = x151 +- DirName:CN = x152 +- DirName:CN = x153 +- DirName:CN = x154 +- DirName:CN = x155 +- DirName:CN = x156 +- DirName:CN = x157 +- DirName:CN = x158 +- DirName:CN = x159 +- DirName:CN = x160 +- DirName:CN = x161 +- DirName:CN = x162 +- DirName:CN = x163 +- DirName:CN = x164 +- DirName:CN = x165 +- DirName:CN = x166 +- DirName:CN = x167 +- DirName:CN = x168 +- DirName:CN = x169 +- DirName:CN = x170 +- DirName:CN = x171 +- DirName:CN = x172 +- DirName:CN = x173 +- DirName:CN = x174 +- DirName:CN = x175 +- DirName:CN = x176 +- DirName:CN = x177 +- DirName:CN = x178 +- DirName:CN = x179 +- DirName:CN = x180 +- DirName:CN = x181 +- DirName:CN = x182 +- DirName:CN = x183 +- DirName:CN = x184 +- DirName:CN = x185 +- DirName:CN = x186 +- DirName:CN = x187 +- DirName:CN = x188 +- DirName:CN = x189 +- DirName:CN = x190 +- DirName:CN = x191 +- DirName:CN = x192 +- DirName:CN = x193 +- DirName:CN = x194 +- DirName:CN = x195 +- DirName:CN = x196 +- DirName:CN = x197 +- DirName:CN = x198 +- DirName:CN = x199 +- DirName:CN = x200 +- DirName:CN = x201 +- DirName:CN = x202 +- DirName:CN = x203 +- DirName:CN = x204 +- DirName:CN = x205 +- DirName:CN = x206 +- DirName:CN = x207 +- DirName:CN = x208 +- DirName:CN = x209 +- DirName:CN = x210 +- DirName:CN = x211 +- DirName:CN = x212 +- DirName:CN = x213 +- DirName:CN = x214 +- DirName:CN = x215 +- DirName:CN = x216 +- DirName:CN = x217 +- DirName:CN = x218 +- DirName:CN = x219 +- DirName:CN = x220 +- DirName:CN = x221 +- DirName:CN = x222 +- DirName:CN = x223 +- DirName:CN = x224 +- DirName:CN = x225 +- DirName:CN = x226 +- DirName:CN = x227 +- DirName:CN = x228 +- DirName:CN = x229 +- DirName:CN = x230 +- DirName:CN = x231 +- DirName:CN = x232 +- DirName:CN = x233 +- DirName:CN = x234 +- DirName:CN = x235 +- DirName:CN = x236 +- DirName:CN = x237 +- DirName:CN = x238 +- DirName:CN = x239 +- DirName:CN = x240 +- DirName:CN = x241 +- DirName:CN = x242 +- DirName:CN = x243 +- DirName:CN = x244 +- DirName:CN = x245 +- DirName:CN = x246 +- DirName:CN = x247 +- DirName:CN = x248 +- DirName:CN = x249 +- DirName:CN = x250 +- DirName:CN = x251 +- DirName:CN = x252 +- DirName:CN = x253 +- DirName:CN = x254 +- DirName:CN = x255 +- DirName:CN = x256 +- DirName:CN = x257 +- DirName:CN = x258 +- DirName:CN = x259 +- DirName:CN = x260 +- DirName:CN = x261 +- DirName:CN = x262 +- DirName:CN = x263 +- DirName:CN = x264 +- DirName:CN = x265 +- DirName:CN = x266 +- DirName:CN = x267 +- DirName:CN = x268 +- DirName:CN = x269 +- DirName:CN = x270 +- DirName:CN = x271 +- DirName:CN = x272 +- DirName:CN = x273 +- DirName:CN = x274 +- DirName:CN = x275 +- DirName:CN = x276 +- DirName:CN = x277 +- DirName:CN = x278 +- DirName:CN = x279 +- DirName:CN = x280 +- DirName:CN = x281 +- DirName:CN = x282 +- DirName:CN = x283 +- DirName:CN = x284 +- DirName:CN = x285 +- DirName:CN = x286 +- DirName:CN = x287 +- DirName:CN = x288 +- DirName:CN = x289 +- DirName:CN = x290 +- DirName:CN = x291 +- DirName:CN = x292 +- DirName:CN = x293 +- DirName:CN = x294 +- DirName:CN = x295 +- DirName:CN = x296 +- DirName:CN = x297 +- DirName:CN = x298 +- DirName:CN = x299 +- DirName:CN = x300 +- DirName:CN = x301 +- DirName:CN = x302 +- DirName:CN = x303 +- DirName:CN = x304 +- DirName:CN = x305 +- DirName:CN = x306 +- DirName:CN = x307 +- DirName:CN = x308 +- DirName:CN = x309 +- DirName:CN = x310 +- DirName:CN = x311 +- DirName:CN = x312 +- DirName:CN = x313 +- DirName:CN = x314 +- DirName:CN = x315 +- DirName:CN = x316 +- DirName:CN = x317 +- DirName:CN = x318 +- DirName:CN = x319 +- DirName:CN = x320 +- DirName:CN = x321 +- DirName:CN = x322 +- DirName:CN = x323 +- DirName:CN = x324 +- DirName:CN = x325 +- DirName:CN = x326 +- DirName:CN = x327 +- DirName:CN = x328 +- DirName:CN = x329 +- DirName:CN = x330 +- DirName:CN = x331 +- DirName:CN = x332 +- DirName:CN = x333 +- DirName:CN = x334 +- DirName:CN = x335 +- DirName:CN = x336 +- DirName:CN = x337 +- DirName:CN = x338 +- DirName:CN = x339 +- DirName:CN = x340 +- DirName:CN = x341 +- DirName:CN = x342 +- DirName:CN = x343 +- DirName:CN = x344 +- DirName:CN = x345 +- DirName:CN = x346 +- DirName:CN = x347 +- DirName:CN = x348 +- DirName:CN = x349 +- DirName:CN = x350 +- DirName:CN = x351 +- DirName:CN = x352 +- DirName:CN = x353 +- DirName:CN = x354 +- DirName:CN = x355 +- DirName:CN = x356 +- DirName:CN = x357 +- DirName:CN = x358 +- DirName:CN = x359 +- DirName:CN = x360 +- DirName:CN = x361 +- DirName:CN = x362 +- DirName:CN = x363 +- DirName:CN = x364 +- DirName:CN = x365 +- DirName:CN = x366 +- DirName:CN = x367 +- DirName:CN = x368 +- DirName:CN = x369 +- DirName:CN = x370 +- DirName:CN = x371 +- DirName:CN = x372 +- DirName:CN = x373 +- DirName:CN = x374 +- DirName:CN = x375 +- DirName:CN = x376 +- DirName:CN = x377 +- DirName:CN = x378 +- DirName:CN = x379 +- DirName:CN = x380 +- DirName:CN = x381 +- DirName:CN = x382 +- DirName:CN = x383 +- DirName:CN = x384 +- DirName:CN = x385 +- DirName:CN = x386 +- DirName:CN = x387 +- DirName:CN = x388 +- DirName:CN = x389 +- DirName:CN = x390 +- DirName:CN = x391 +- DirName:CN = x392 +- DirName:CN = x393 +- DirName:CN = x394 +- DirName:CN = x395 +- DirName:CN = x396 +- DirName:CN = x397 +- DirName:CN = x398 +- DirName:CN = x399 +- DirName:CN = x400 +- DirName:CN = x401 +- DirName:CN = x402 +- DirName:CN = x403 +- DirName:CN = x404 +- DirName:CN = x405 +- DirName:CN = x406 +- DirName:CN = x407 +- DirName:CN = x408 +- DirName:CN = x409 +- DirName:CN = x410 +- DirName:CN = x411 +- DirName:CN = x412 +- DirName:CN = x413 +- DirName:CN = x414 +- DirName:CN = x415 +- DirName:CN = x416 +- DirName:CN = x417 +- DirName:CN = x418 +- DirName:CN = x419 +- DirName:CN = x420 +- DirName:CN = x421 +- DirName:CN = x422 +- DirName:CN = x423 +- DirName:CN = x424 +- DirName:CN = x425 +- DirName:CN = x426 +- DirName:CN = x427 +- DirName:CN = x428 +- DirName:CN = x429 +- DirName:CN = x430 +- DirName:CN = x431 +- DirName:CN = x432 +- DirName:CN = x433 +- DirName:CN = x434 +- DirName:CN = x435 +- DirName:CN = x436 +- DirName:CN = x437 +- DirName:CN = x438 +- DirName:CN = x439 +- DirName:CN = x440 +- DirName:CN = x441 +- DirName:CN = x442 +- DirName:CN = x443 +- DirName:CN = x444 +- DirName:CN = x445 +- DirName:CN = x446 +- DirName:CN = x447 +- DirName:CN = x448 +- DirName:CN = x449 +- DirName:CN = x450 +- DirName:CN = x451 +- DirName:CN = x452 +- DirName:CN = x453 +- DirName:CN = x454 +- DirName:CN = x455 +- DirName:CN = x456 +- DirName:CN = x457 +- DirName:CN = x458 +- DirName:CN = x459 +- DirName:CN = x460 +- DirName:CN = x461 +- DirName:CN = x462 +- DirName:CN = x463 +- DirName:CN = x464 +- DirName:CN = x465 +- DirName:CN = x466 +- DirName:CN = x467 +- DirName:CN = x468 +- DirName:CN = x469 +- DirName:CN = x470 +- DirName:CN = x471 +- DirName:CN = x472 +- DirName:CN = x473 +- DirName:CN = x474 +- DirName:CN = x475 +- DirName:CN = x476 +- DirName:CN = x477 +- DirName:CN = x478 +- DirName:CN = x479 +- DirName:CN = x480 +- DirName:CN = x481 +- DirName:CN = x482 +- DirName:CN = x483 +- DirName:CN = x484 +- DirName:CN = x485 +- DirName:CN = x486 +- DirName:CN = x487 +- DirName:CN = x488 +- DirName:CN = x489 +- DirName:CN = x490 +- DirName:CN = x491 +- DirName:CN = x492 +- DirName:CN = x493 +- DirName:CN = x494 +- DirName:CN = x495 +- DirName:CN = x496 +- DirName:CN = x497 +- DirName:CN = x498 +- DirName:CN = x499 +- DirName:CN = x500 +- DirName:CN = x501 +- DirName:CN = x502 +- DirName:CN = x503 +- DirName:CN = x504 +- DirName:CN = x505 +- DirName:CN = x506 +- DirName:CN = x507 +- DirName:CN = x508 +- DirName:CN = x509 +- DirName:CN = x510 +- DirName:CN = x511 +- DirName:CN = x512 +- DirName:CN = x513 +- DirName:CN = x514 +- DirName:CN = x515 +- DirName:CN = x516 +- DirName:CN = x517 +- DirName:CN = x518 +- DirName:CN = x519 +- DirName:CN = x520 +- DirName:CN = x521 +- DirName:CN = x522 +- DirName:CN = x523 +- DirName:CN = x524 +- DirName:CN = x525 +- DirName:CN = x526 +- DirName:CN = x527 +- DirName:CN = x528 +- DirName:CN = x529 +- DirName:CN = x530 +- DirName:CN = x531 +- DirName:CN = x532 +- DirName:CN = x533 +- DirName:CN = x534 +- DirName:CN = x535 +- DirName:CN = x536 +- DirName:CN = x537 +- DirName:CN = x538 +- DirName:CN = x539 +- DirName:CN = x540 +- DirName:CN = x541 +- DirName:CN = x542 +- DirName:CN = x543 +- DirName:CN = x544 +- DirName:CN = x545 +- DirName:CN = x546 +- DirName:CN = x547 +- DirName:CN = x548 +- DirName:CN = x549 +- DirName:CN = x550 +- DirName:CN = x551 +- DirName:CN = x552 +- DirName:CN = x553 +- DirName:CN = x554 +- DirName:CN = x555 +- DirName:CN = x556 +- DirName:CN = x557 +- DirName:CN = x558 +- DirName:CN = x559 +- DirName:CN = x560 +- DirName:CN = x561 +- DirName:CN = x562 +- DirName:CN = x563 +- DirName:CN = x564 +- DirName:CN = x565 +- DirName:CN = x566 +- DirName:CN = x567 +- DirName:CN = x568 +- DirName:CN = x569 +- DirName:CN = x570 +- DirName:CN = x571 +- DirName:CN = x572 +- DirName:CN = x573 +- DirName:CN = x574 +- DirName:CN = x575 +- DirName:CN = x576 +- DirName:CN = x577 +- DirName:CN = x578 +- DirName:CN = x579 +- DirName:CN = x580 +- DirName:CN = x581 +- DirName:CN = x582 +- DirName:CN = x583 +- DirName:CN = x584 +- DirName:CN = x585 +- DirName:CN = x586 +- DirName:CN = x587 +- DirName:CN = x588 +- DirName:CN = x589 +- DirName:CN = x590 +- DirName:CN = x591 +- DirName:CN = x592 +- DirName:CN = x593 +- DirName:CN = x594 +- DirName:CN = x595 +- DirName:CN = x596 +- DirName:CN = x597 +- DirName:CN = x598 +- DirName:CN = x599 +- DirName:CN = x600 +- DirName:CN = x601 +- DirName:CN = x602 +- DirName:CN = x603 +- DirName:CN = x604 +- DirName:CN = x605 +- DirName:CN = x606 +- DirName:CN = x607 +- DirName:CN = x608 +- DirName:CN = x609 +- DirName:CN = x610 +- DirName:CN = x611 +- DirName:CN = x612 +- DirName:CN = x613 +- DirName:CN = x614 +- DirName:CN = x615 +- DirName:CN = x616 +- DirName:CN = x617 +- DirName:CN = x618 +- DirName:CN = x619 +- DirName:CN = x620 +- DirName:CN = x621 +- DirName:CN = x622 +- DirName:CN = x623 +- DirName:CN = x624 +- DirName:CN = x625 +- DirName:CN = x626 +- DirName:CN = x627 +- DirName:CN = x628 +- DirName:CN = x629 +- DirName:CN = x630 +- DirName:CN = x631 +- DirName:CN = x632 +- DirName:CN = x633 +- DirName:CN = x634 +- DirName:CN = x635 +- DirName:CN = x636 +- DirName:CN = x637 +- DirName:CN = x638 +- DirName:CN = x639 +- DirName:CN = x640 +- DirName:CN = x641 +- DirName:CN = x642 +- DirName:CN = x643 +- DirName:CN = x644 +- DirName:CN = x645 +- DirName:CN = x646 +- DirName:CN = x647 +- DirName:CN = x648 +- DirName:CN = x649 +- DirName:CN = x650 +- DirName:CN = x651 +- DirName:CN = x652 +- DirName:CN = x653 +- DirName:CN = x654 +- DirName:CN = x655 +- DirName:CN = x656 +- DirName:CN = x657 +- DirName:CN = x658 +- DirName:CN = x659 +- DirName:CN = x660 +- DirName:CN = x661 +- DirName:CN = x662 +- DirName:CN = x663 +- DirName:CN = x664 +- DirName:CN = x665 +- DirName:CN = x666 +- DirName:CN = x667 +- DirName:CN = x668 +- DirName:CN = x669 +- DirName:CN = x670 +- DirName:CN = x671 +- DirName:CN = x672 +- DirName:CN = x673 +- DirName:CN = x674 +- DirName:CN = x675 +- DirName:CN = x676 +- DirName:CN = x677 +- DirName:CN = x678 +- DirName:CN = x679 +- DirName:CN = x680 +- DirName:CN = x681 +- DirName:CN = x682 +- DirName:CN = x683 +- DirName:CN = x684 +- DirName:CN = x685 +- DirName:CN = x686 +- DirName:CN = x687 +- DirName:CN = x688 +- DirName:CN = x689 +- DirName:CN = x690 +- DirName:CN = x691 +- DirName:CN = x692 +- DirName:CN = x693 +- DirName:CN = x694 +- DirName:CN = x695 +- DirName:CN = x696 +- DirName:CN = x697 +- DirName:CN = x698 +- DirName:CN = x699 +- DirName:CN = x700 +- DirName:CN = x701 +- DirName:CN = x702 +- DirName:CN = x703 +- DirName:CN = x704 +- DirName:CN = x705 +- DirName:CN = x706 +- DirName:CN = x707 +- DirName:CN = x708 +- DirName:CN = x709 +- DirName:CN = x710 +- DirName:CN = x711 +- DirName:CN = x712 +- DirName:CN = x713 +- DirName:CN = x714 +- DirName:CN = x715 +- DirName:CN = x716 +- DirName:CN = x717 +- DirName:CN = x718 +- DirName:CN = x719 +- DirName:CN = x720 +- DirName:CN = x721 +- DirName:CN = x722 +- DirName:CN = x723 +- DirName:CN = x724 +- DirName:CN = x725 +- DirName:CN = x726 +- DirName:CN = x727 +- DirName:CN = x728 +- DirName:CN = x729 +- DirName:CN = x730 +- DirName:CN = x731 +- DirName:CN = x732 +- DirName:CN = x733 +- DirName:CN = x734 +- DirName:CN = x735 +- DirName:CN = x736 +- DirName:CN = x737 +- DirName:CN = x738 +- DirName:CN = x739 +- DirName:CN = x740 +- DirName:CN = x741 +- DirName:CN = x742 +- DirName:CN = x743 +- DirName:CN = x744 +- DirName:CN = x745 +- DirName:CN = x746 +- DirName:CN = x747 +- DirName:CN = x748 +- DirName:CN = x749 +- DirName:CN = x750 +- DirName:CN = x751 +- DirName:CN = x752 +- DirName:CN = x753 +- DirName:CN = x754 +- DirName:CN = x755 +- DirName:CN = x756 +- DirName:CN = x757 +- DirName:CN = x758 +- DirName:CN = x759 +- DirName:CN = x760 +- DirName:CN = x761 +- DirName:CN = x762 +- DirName:CN = x763 +- DirName:CN = x764 +- DirName:CN = x765 +- DirName:CN = x766 +- DirName:CN = x767 +- DirName:CN = x768 +- DirName:CN = x769 +- DirName:CN = x770 +- DirName:CN = x771 +- DirName:CN = x772 +- DirName:CN = x773 +- DirName:CN = x774 +- DirName:CN = x775 +- DirName:CN = x776 +- DirName:CN = x777 +- DirName:CN = x778 +- DirName:CN = x779 +- DirName:CN = x780 +- DirName:CN = x781 +- DirName:CN = x782 +- DirName:CN = x783 +- DirName:CN = x784 +- DirName:CN = x785 +- DirName:CN = x786 +- DirName:CN = x787 +- DirName:CN = x788 +- DirName:CN = x789 +- DirName:CN = x790 +- DirName:CN = x791 +- DirName:CN = x792 +- DirName:CN = x793 +- DirName:CN = x794 +- DirName:CN = x795 +- DirName:CN = x796 +- DirName:CN = x797 +- DirName:CN = x798 +- DirName:CN = x799 +- DirName:CN = x800 +- DirName:CN = x801 +- DirName:CN = x802 +- DirName:CN = x803 +- DirName:CN = x804 +- DirName:CN = x805 +- DirName:CN = x806 +- DirName:CN = x807 +- DirName:CN = x808 +- DirName:CN = x809 +- DirName:CN = x810 +- DirName:CN = x811 +- DirName:CN = x812 +- DirName:CN = x813 +- DirName:CN = x814 +- DirName:CN = x815 +- DirName:CN = x816 +- DirName:CN = x817 +- DirName:CN = x818 +- DirName:CN = x819 +- DirName:CN = x820 +- DirName:CN = x821 +- DirName:CN = x822 +- DirName:CN = x823 +- DirName:CN = x824 +- DirName:CN = x825 +- DirName:CN = x826 +- DirName:CN = x827 +- DirName:CN = x828 +- DirName:CN = x829 +- DirName:CN = x830 +- DirName:CN = x831 +- DirName:CN = x832 +- DirName:CN = x833 +- DirName:CN = x834 +- DirName:CN = x835 +- DirName:CN = x836 +- DirName:CN = x837 +- DirName:CN = x838 +- DirName:CN = x839 +- DirName:CN = x840 +- DirName:CN = x841 +- DirName:CN = x842 +- DirName:CN = x843 +- DirName:CN = x844 +- DirName:CN = x845 +- DirName:CN = x846 +- DirName:CN = x847 +- DirName:CN = x848 +- DirName:CN = x849 +- DirName:CN = x850 +- DirName:CN = x851 +- DirName:CN = x852 +- DirName:CN = x853 +- DirName:CN = x854 +- DirName:CN = x855 +- DirName:CN = x856 +- DirName:CN = x857 +- DirName:CN = x858 +- DirName:CN = x859 +- DirName:CN = x860 +- DirName:CN = x861 +- DirName:CN = x862 +- DirName:CN = x863 +- DirName:CN = x864 +- DirName:CN = x865 +- DirName:CN = x866 +- DirName:CN = x867 +- DirName:CN = x868 +- DirName:CN = x869 +- DirName:CN = x870 +- DirName:CN = x871 +- DirName:CN = x872 +- DirName:CN = x873 +- DirName:CN = x874 +- DirName:CN = x875 +- DirName:CN = x876 +- DirName:CN = x877 +- DirName:CN = x878 +- DirName:CN = x879 +- DirName:CN = x880 +- DirName:CN = x881 +- DirName:CN = x882 +- DirName:CN = x883 +- DirName:CN = x884 +- DirName:CN = x885 +- DirName:CN = x886 +- DirName:CN = x887 +- DirName:CN = x888 +- DirName:CN = x889 +- DirName:CN = x890 +- DirName:CN = x891 +- DirName:CN = x892 +- DirName:CN = x893 +- DirName:CN = x894 +- DirName:CN = x895 +- DirName:CN = x896 +- DirName:CN = x897 +- DirName:CN = x898 +- DirName:CN = x899 +- DirName:CN = x900 +- DirName:CN = x901 +- DirName:CN = x902 +- DirName:CN = x903 +- DirName:CN = x904 +- DirName:CN = x905 +- DirName:CN = x906 +- DirName:CN = x907 +- DirName:CN = x908 +- DirName:CN = x909 +- DirName:CN = x910 +- DirName:CN = x911 +- DirName:CN = x912 +- DirName:CN = x913 +- DirName:CN = x914 +- DirName:CN = x915 +- DirName:CN = x916 +- DirName:CN = x917 +- DirName:CN = x918 +- DirName:CN = x919 +- DirName:CN = x920 +- DirName:CN = x921 +- DirName:CN = x922 +- DirName:CN = x923 +- DirName:CN = x924 +- DirName:CN = x925 +- DirName:CN = x926 +- DirName:CN = x927 +- DirName:CN = x928 +- DirName:CN = x929 +- DirName:CN = x930 +- DirName:CN = x931 +- DirName:CN = x932 +- DirName:CN = x933 +- DirName:CN = x934 +- DirName:CN = x935 +- DirName:CN = x936 +- DirName:CN = x937 +- DirName:CN = x938 +- DirName:CN = x939 +- DirName:CN = x940 +- DirName:CN = x941 +- DirName:CN = x942 +- DirName:CN = x943 +- DirName:CN = x944 +- DirName:CN = x945 +- DirName:CN = x946 +- DirName:CN = x947 +- DirName:CN = x948 +- DirName:CN = x949 +- DirName:CN = x950 +- DirName:CN = x951 +- DirName:CN = x952 +- DirName:CN = x953 +- DirName:CN = x954 +- DirName:CN = x955 +- DirName:CN = x956 +- DirName:CN = x957 +- DirName:CN = x958 +- DirName:CN = x959 +- DirName:CN = x960 +- DirName:CN = x961 +- DirName:CN = x962 +- DirName:CN = x963 +- DirName:CN = x964 +- DirName:CN = x965 +- DirName:CN = x966 +- DirName:CN = x967 +- DirName:CN = x968 +- DirName:CN = x969 +- DirName:CN = x970 +- DirName:CN = x971 +- DirName:CN = x972 +- DirName:CN = x973 +- DirName:CN = x974 +- DirName:CN = x975 +- DirName:CN = x976 +- DirName:CN = x977 +- DirName:CN = x978 +- DirName:CN = x979 +- DirName:CN = x980 +- DirName:CN = x981 +- DirName:CN = x982 +- DirName:CN = x983 +- DirName:CN = x984 +- DirName:CN = x985 +- DirName:CN = x986 +- DirName:CN = x987 +- DirName:CN = x988 +- DirName:CN = x989 +- DirName:CN = x990 +- DirName:CN = x991 +- DirName:CN = x992 +- DirName:CN = x993 +- DirName:CN = x994 +- DirName:CN = x995 +- DirName:CN = x996 +- DirName:CN = x997 +- DirName:CN = x998 +- DirName:CN = x999 +- DirName:CN = x1000 +- DirName:CN = x1001 +- DirName:CN = x1002 +- DirName:CN = x1003 +- DirName:CN = x1004 +- DirName:CN = x1005 +- DirName:CN = x1006 +- DirName:CN = x1007 +- DirName:CN = x1008 +- DirName:CN = x1009 +- DirName:CN = x1010 +- DirName:CN = x1011 +- DirName:CN = x1012 +- DirName:CN = x1013 +- DirName:CN = x1014 +- DirName:CN = x1015 +- DirName:CN = x1016 +- DirName:CN = x1017 +- DirName:CN = x1018 +- DirName:CN = x1019 +- DirName:CN = x1020 +- DirName:CN = x1021 +- DirName:CN = x1022 +- DirName:CN = x1023 +- DirName:CN = x1024 ++ DirName: CN = x0 ++ DirName: CN = x1 ++ DirName: CN = x2 ++ DirName: CN = x3 ++ DirName: CN = x4 ++ DirName: CN = x5 ++ DirName: CN = x6 ++ DirName: CN = x7 ++ DirName: CN = x8 ++ DirName: CN = x9 ++ DirName: CN = x10 ++ DirName: CN = x11 ++ DirName: CN = x12 ++ DirName: CN = x13 ++ DirName: CN = x14 ++ DirName: CN = x15 ++ DirName: CN = x16 ++ DirName: CN = x17 ++ DirName: CN = x18 ++ DirName: CN = x19 ++ DirName: CN = x20 ++ DirName: CN = x21 ++ DirName: CN = x22 ++ DirName: CN = x23 ++ DirName: CN = x24 ++ DirName: CN = x25 ++ DirName: CN = x26 ++ DirName: CN = x27 ++ DirName: CN = x28 ++ DirName: CN = x29 ++ DirName: CN = x30 ++ DirName: CN = x31 ++ DirName: CN = x32 ++ DirName: CN = x33 ++ DirName: CN = x34 ++ DirName: CN = x35 ++ DirName: CN = x36 ++ DirName: CN = x37 ++ DirName: CN = x38 ++ DirName: CN = x39 ++ DirName: CN = x40 ++ DirName: CN = x41 ++ DirName: CN = x42 ++ DirName: CN = x43 ++ DirName: CN = x44 ++ DirName: CN = x45 ++ DirName: CN = x46 ++ DirName: CN = x47 ++ DirName: CN = x48 ++ DirName: CN = x49 ++ DirName: CN = x50 ++ DirName: CN = x51 ++ DirName: CN = x52 ++ DirName: CN = x53 ++ DirName: CN = x54 ++ DirName: CN = x55 ++ DirName: CN = x56 ++ DirName: CN = x57 ++ DirName: CN = x58 ++ DirName: CN = x59 ++ DirName: CN = x60 ++ DirName: CN = x61 ++ DirName: CN = x62 ++ DirName: CN = x63 ++ DirName: CN = x64 ++ DirName: CN = x65 ++ DirName: CN = x66 ++ DirName: CN = x67 ++ DirName: CN = x68 ++ DirName: CN = x69 ++ DirName: CN = x70 ++ DirName: CN = x71 ++ DirName: CN = x72 ++ DirName: CN = x73 ++ DirName: CN = x74 ++ DirName: CN = x75 ++ DirName: CN = x76 ++ DirName: CN = x77 ++ DirName: CN = x78 ++ DirName: CN = x79 ++ DirName: CN = x80 ++ DirName: CN = x81 ++ DirName: CN = x82 ++ DirName: CN = x83 ++ DirName: CN = x84 ++ DirName: CN = x85 ++ DirName: CN = x86 ++ DirName: CN = x87 ++ DirName: CN = x88 ++ DirName: CN = x89 ++ DirName: CN = x90 ++ DirName: CN = x91 ++ DirName: CN = x92 ++ DirName: CN = x93 ++ DirName: CN = x94 ++ DirName: CN = x95 ++ DirName: CN = x96 ++ DirName: CN = x97 ++ DirName: CN = x98 ++ DirName: CN = x99 ++ DirName: CN = x100 ++ DirName: CN = x101 ++ DirName: CN = x102 ++ DirName: CN = x103 ++ DirName: CN = x104 ++ DirName: CN = x105 ++ DirName: CN = x106 ++ DirName: CN = x107 ++ DirName: CN = x108 ++ DirName: CN = x109 ++ DirName: CN = x110 ++ DirName: CN = x111 ++ DirName: CN = x112 ++ DirName: CN = x113 ++ DirName: CN = x114 ++ DirName: CN = x115 ++ DirName: CN = x116 ++ DirName: CN = x117 ++ DirName: CN = x118 ++ DirName: CN = x119 ++ DirName: CN = x120 ++ DirName: CN = x121 ++ DirName: CN = x122 ++ DirName: CN = x123 ++ DirName: CN = x124 ++ DirName: CN = x125 ++ DirName: CN = x126 ++ DirName: CN = x127 ++ DirName: CN = x128 ++ DirName: CN = x129 ++ DirName: CN = x130 ++ DirName: CN = x131 ++ DirName: CN = x132 ++ DirName: CN = x133 ++ DirName: CN = x134 ++ DirName: CN = x135 ++ DirName: CN = x136 ++ DirName: CN = x137 ++ DirName: CN = x138 ++ DirName: CN = x139 ++ DirName: CN = x140 ++ DirName: CN = x141 ++ DirName: CN = x142 ++ DirName: CN = x143 ++ DirName: CN = x144 ++ DirName: CN = x145 ++ DirName: CN = x146 ++ DirName: CN = x147 ++ DirName: CN = x148 ++ DirName: CN = x149 ++ DirName: CN = x150 ++ DirName: CN = x151 ++ DirName: CN = x152 ++ DirName: CN = x153 ++ DirName: CN = x154 ++ DirName: CN = x155 ++ DirName: CN = x156 ++ DirName: CN = x157 ++ DirName: CN = x158 ++ DirName: CN = x159 ++ DirName: CN = x160 ++ DirName: CN = x161 ++ DirName: CN = x162 ++ DirName: CN = x163 ++ DirName: CN = x164 ++ DirName: CN = x165 ++ DirName: CN = x166 ++ DirName: CN = x167 ++ DirName: CN = x168 ++ DirName: CN = x169 ++ DirName: CN = x170 ++ DirName: CN = x171 ++ DirName: CN = x172 ++ DirName: CN = x173 ++ DirName: CN = x174 ++ DirName: CN = x175 ++ DirName: CN = x176 ++ DirName: CN = x177 ++ DirName: CN = x178 ++ DirName: CN = x179 ++ DirName: CN = x180 ++ DirName: CN = x181 ++ DirName: CN = x182 ++ DirName: CN = x183 ++ DirName: CN = x184 ++ DirName: CN = x185 ++ DirName: CN = x186 ++ DirName: CN = x187 ++ DirName: CN = x188 ++ DirName: CN = x189 ++ DirName: CN = x190 ++ DirName: CN = x191 ++ DirName: CN = x192 ++ DirName: CN = x193 ++ DirName: CN = x194 ++ DirName: CN = x195 ++ DirName: CN = x196 ++ DirName: CN = x197 ++ DirName: CN = x198 ++ DirName: CN = x199 ++ DirName: CN = x200 ++ DirName: CN = x201 ++ DirName: CN = x202 ++ DirName: CN = x203 ++ DirName: CN = x204 ++ DirName: CN = x205 ++ DirName: CN = x206 ++ DirName: CN = x207 ++ DirName: CN = x208 ++ DirName: CN = x209 ++ DirName: CN = x210 ++ DirName: CN = x211 ++ DirName: CN = x212 ++ DirName: CN = x213 ++ DirName: CN = x214 ++ DirName: CN = x215 ++ DirName: CN = x216 ++ DirName: CN = x217 ++ DirName: CN = x218 ++ DirName: CN = x219 ++ DirName: CN = x220 ++ DirName: CN = x221 ++ DirName: CN = x222 ++ DirName: CN = x223 ++ DirName: CN = x224 ++ DirName: CN = x225 ++ DirName: CN = x226 ++ DirName: CN = x227 ++ DirName: CN = x228 ++ DirName: CN = x229 ++ DirName: CN = x230 ++ DirName: CN = x231 ++ DirName: CN = x232 ++ DirName: CN = x233 ++ DirName: CN = x234 ++ DirName: CN = x235 ++ DirName: CN = x236 ++ DirName: CN = x237 ++ DirName: CN = x238 ++ DirName: CN = x239 ++ DirName: CN = x240 ++ DirName: CN = x241 ++ DirName: CN = x242 ++ DirName: CN = x243 ++ DirName: CN = x244 ++ DirName: CN = x245 ++ DirName: CN = x246 ++ DirName: CN = x247 ++ DirName: CN = x248 ++ DirName: CN = x249 ++ DirName: CN = x250 ++ DirName: CN = x251 ++ DirName: CN = x252 ++ DirName: CN = x253 ++ DirName: CN = x254 ++ DirName: CN = x255 ++ DirName: CN = x256 ++ DirName: CN = x257 ++ DirName: CN = x258 ++ DirName: CN = x259 ++ DirName: CN = x260 ++ DirName: CN = x261 ++ DirName: CN = x262 ++ DirName: CN = x263 ++ DirName: CN = x264 ++ DirName: CN = x265 ++ DirName: CN = x266 ++ DirName: CN = x267 ++ DirName: CN = x268 ++ DirName: CN = x269 ++ DirName: CN = x270 ++ DirName: CN = x271 ++ DirName: CN = x272 ++ DirName: CN = x273 ++ DirName: CN = x274 ++ DirName: CN = x275 ++ DirName: CN = x276 ++ DirName: CN = x277 ++ DirName: CN = x278 ++ DirName: CN = x279 ++ DirName: CN = x280 ++ DirName: CN = x281 ++ DirName: CN = x282 ++ DirName: CN = x283 ++ DirName: CN = x284 ++ DirName: CN = x285 ++ DirName: CN = x286 ++ DirName: CN = x287 ++ DirName: CN = x288 ++ DirName: CN = x289 ++ DirName: CN = x290 ++ DirName: CN = x291 ++ DirName: CN = x292 ++ DirName: CN = x293 ++ DirName: CN = x294 ++ DirName: CN = x295 ++ DirName: CN = x296 ++ DirName: CN = x297 ++ DirName: CN = x298 ++ DirName: CN = x299 ++ DirName: CN = x300 ++ DirName: CN = x301 ++ DirName: CN = x302 ++ DirName: CN = x303 ++ DirName: CN = x304 ++ DirName: CN = x305 ++ DirName: CN = x306 ++ DirName: CN = x307 ++ DirName: CN = x308 ++ DirName: CN = x309 ++ DirName: CN = x310 ++ DirName: CN = x311 ++ DirName: CN = x312 ++ DirName: CN = x313 ++ DirName: CN = x314 ++ DirName: CN = x315 ++ DirName: CN = x316 ++ DirName: CN = x317 ++ DirName: CN = x318 ++ DirName: CN = x319 ++ DirName: CN = x320 ++ DirName: CN = x321 ++ DirName: CN = x322 ++ DirName: CN = x323 ++ DirName: CN = x324 ++ DirName: CN = x325 ++ DirName: CN = x326 ++ DirName: CN = x327 ++ DirName: CN = x328 ++ DirName: CN = x329 ++ DirName: CN = x330 ++ DirName: CN = x331 ++ DirName: CN = x332 ++ DirName: CN = x333 ++ DirName: CN = x334 ++ DirName: CN = x335 ++ DirName: CN = x336 ++ DirName: CN = x337 ++ DirName: CN = x338 ++ DirName: CN = x339 ++ DirName: CN = x340 ++ DirName: CN = x341 ++ DirName: CN = x342 ++ DirName: CN = x343 ++ DirName: CN = x344 ++ DirName: CN = x345 ++ DirName: CN = x346 ++ DirName: CN = x347 ++ DirName: CN = x348 ++ DirName: CN = x349 ++ DirName: CN = x350 ++ DirName: CN = x351 ++ DirName: CN = x352 ++ DirName: CN = x353 ++ DirName: CN = x354 ++ DirName: CN = x355 ++ DirName: CN = x356 ++ DirName: CN = x357 ++ DirName: CN = x358 ++ DirName: CN = x359 ++ DirName: CN = x360 ++ DirName: CN = x361 ++ DirName: CN = x362 ++ DirName: CN = x363 ++ DirName: CN = x364 ++ DirName: CN = x365 ++ DirName: CN = x366 ++ DirName: CN = x367 ++ DirName: CN = x368 ++ DirName: CN = x369 ++ DirName: CN = x370 ++ DirName: CN = x371 ++ DirName: CN = x372 ++ DirName: CN = x373 ++ DirName: CN = x374 ++ DirName: CN = x375 ++ DirName: CN = x376 ++ DirName: CN = x377 ++ DirName: CN = x378 ++ DirName: CN = x379 ++ DirName: CN = x380 ++ DirName: CN = x381 ++ DirName: CN = x382 ++ DirName: CN = x383 ++ DirName: CN = x384 ++ DirName: CN = x385 ++ DirName: CN = x386 ++ DirName: CN = x387 ++ DirName: CN = x388 ++ DirName: CN = x389 ++ DirName: CN = x390 ++ DirName: CN = x391 ++ DirName: CN = x392 ++ DirName: CN = x393 ++ DirName: CN = x394 ++ DirName: CN = x395 ++ DirName: CN = x396 ++ DirName: CN = x397 ++ DirName: CN = x398 ++ DirName: CN = x399 ++ DirName: CN = x400 ++ DirName: CN = x401 ++ DirName: CN = x402 ++ DirName: CN = x403 ++ DirName: CN = x404 ++ DirName: CN = x405 ++ DirName: CN = x406 ++ DirName: CN = x407 ++ DirName: CN = x408 ++ DirName: CN = x409 ++ DirName: CN = x410 ++ DirName: CN = x411 ++ DirName: CN = x412 ++ DirName: CN = x413 ++ DirName: CN = x414 ++ DirName: CN = x415 ++ DirName: CN = x416 ++ DirName: CN = x417 ++ DirName: CN = x418 ++ DirName: CN = x419 ++ DirName: CN = x420 ++ DirName: CN = x421 ++ DirName: CN = x422 ++ DirName: CN = x423 ++ DirName: CN = x424 ++ DirName: CN = x425 ++ DirName: CN = x426 ++ DirName: CN = x427 ++ DirName: CN = x428 ++ DirName: CN = x429 ++ DirName: CN = x430 ++ DirName: CN = x431 ++ DirName: CN = x432 ++ DirName: CN = x433 ++ DirName: CN = x434 ++ DirName: CN = x435 ++ DirName: CN = x436 ++ DirName: CN = x437 ++ DirName: CN = x438 ++ DirName: CN = x439 ++ DirName: CN = x440 ++ DirName: CN = x441 ++ DirName: CN = x442 ++ DirName: CN = x443 ++ DirName: CN = x444 ++ DirName: CN = x445 ++ DirName: CN = x446 ++ DirName: CN = x447 ++ DirName: CN = x448 ++ DirName: CN = x449 ++ DirName: CN = x450 ++ DirName: CN = x451 ++ DirName: CN = x452 ++ DirName: CN = x453 ++ DirName: CN = x454 ++ DirName: CN = x455 ++ DirName: CN = x456 ++ DirName: CN = x457 ++ DirName: CN = x458 ++ DirName: CN = x459 ++ DirName: CN = x460 ++ DirName: CN = x461 ++ DirName: CN = x462 ++ DirName: CN = x463 ++ DirName: CN = x464 ++ DirName: CN = x465 ++ DirName: CN = x466 ++ DirName: CN = x467 ++ DirName: CN = x468 ++ DirName: CN = x469 ++ DirName: CN = x470 ++ DirName: CN = x471 ++ DirName: CN = x472 ++ DirName: CN = x473 ++ DirName: CN = x474 ++ DirName: CN = x475 ++ DirName: CN = x476 ++ DirName: CN = x477 ++ DirName: CN = x478 ++ DirName: CN = x479 ++ DirName: CN = x480 ++ DirName: CN = x481 ++ DirName: CN = x482 ++ DirName: CN = x483 ++ DirName: CN = x484 ++ DirName: CN = x485 ++ DirName: CN = x486 ++ DirName: CN = x487 ++ DirName: CN = x488 ++ DirName: CN = x489 ++ DirName: CN = x490 ++ DirName: CN = x491 ++ DirName: CN = x492 ++ DirName: CN = x493 ++ DirName: CN = x494 ++ DirName: CN = x495 ++ DirName: CN = x496 ++ DirName: CN = x497 ++ DirName: CN = x498 ++ DirName: CN = x499 ++ DirName: CN = x500 ++ DirName: CN = x501 ++ DirName: CN = x502 ++ DirName: CN = x503 ++ DirName: CN = x504 ++ DirName: CN = x505 ++ DirName: CN = x506 ++ DirName: CN = x507 ++ DirName: CN = x508 ++ DirName: CN = x509 ++ DirName: CN = x510 ++ DirName: CN = x511 ++ DirName: CN = x512 ++ DirName: CN = x513 ++ DirName: CN = x514 ++ DirName: CN = x515 ++ DirName: CN = x516 ++ DirName: CN = x517 ++ DirName: CN = x518 ++ DirName: CN = x519 ++ DirName: CN = x520 ++ DirName: CN = x521 ++ DirName: CN = x522 ++ DirName: CN = x523 ++ DirName: CN = x524 ++ DirName: CN = x525 ++ DirName: CN = x526 ++ DirName: CN = x527 ++ DirName: CN = x528 ++ DirName: CN = x529 ++ DirName: CN = x530 ++ DirName: CN = x531 ++ DirName: CN = x532 ++ DirName: CN = x533 ++ DirName: CN = x534 ++ DirName: CN = x535 ++ DirName: CN = x536 ++ DirName: CN = x537 ++ DirName: CN = x538 ++ DirName: CN = x539 ++ DirName: CN = x540 ++ DirName: CN = x541 ++ DirName: CN = x542 ++ DirName: CN = x543 ++ DirName: CN = x544 ++ DirName: CN = x545 ++ DirName: CN = x546 ++ DirName: CN = x547 ++ DirName: CN = x548 ++ DirName: CN = x549 ++ DirName: CN = x550 ++ DirName: CN = x551 ++ DirName: CN = x552 ++ DirName: CN = x553 ++ DirName: CN = x554 ++ DirName: CN = x555 ++ DirName: CN = x556 ++ DirName: CN = x557 ++ DirName: CN = x558 ++ DirName: CN = x559 ++ DirName: CN = x560 ++ DirName: CN = x561 ++ DirName: CN = x562 ++ DirName: CN = x563 ++ DirName: CN = x564 ++ DirName: CN = x565 ++ DirName: CN = x566 ++ DirName: CN = x567 ++ DirName: CN = x568 ++ DirName: CN = x569 ++ DirName: CN = x570 ++ DirName: CN = x571 ++ DirName: CN = x572 ++ DirName: CN = x573 ++ DirName: CN = x574 ++ DirName: CN = x575 ++ DirName: CN = x576 ++ DirName: CN = x577 ++ DirName: CN = x578 ++ DirName: CN = x579 ++ DirName: CN = x580 ++ DirName: CN = x581 ++ DirName: CN = x582 ++ DirName: CN = x583 ++ DirName: CN = x584 ++ DirName: CN = x585 ++ DirName: CN = x586 ++ DirName: CN = x587 ++ DirName: CN = x588 ++ DirName: CN = x589 ++ DirName: CN = x590 ++ DirName: CN = x591 ++ DirName: CN = x592 ++ DirName: CN = x593 ++ DirName: CN = x594 ++ DirName: CN = x595 ++ DirName: CN = x596 ++ DirName: CN = x597 ++ DirName: CN = x598 ++ DirName: CN = x599 ++ DirName: CN = x600 ++ DirName: CN = x601 ++ DirName: CN = x602 ++ DirName: CN = x603 ++ DirName: CN = x604 ++ DirName: CN = x605 ++ DirName: CN = x606 ++ DirName: CN = x607 ++ DirName: CN = x608 ++ DirName: CN = x609 ++ DirName: CN = x610 ++ DirName: CN = x611 ++ DirName: CN = x612 ++ DirName: CN = x613 ++ DirName: CN = x614 ++ DirName: CN = x615 ++ DirName: CN = x616 ++ DirName: CN = x617 ++ DirName: CN = x618 ++ DirName: CN = x619 ++ DirName: CN = x620 ++ DirName: CN = x621 ++ DirName: CN = x622 ++ DirName: CN = x623 ++ DirName: CN = x624 ++ DirName: CN = x625 ++ DirName: CN = x626 ++ DirName: CN = x627 ++ DirName: CN = x628 ++ DirName: CN = x629 ++ DirName: CN = x630 ++ DirName: CN = x631 ++ DirName: CN = x632 ++ DirName: CN = x633 ++ DirName: CN = x634 ++ DirName: CN = x635 ++ DirName: CN = x636 ++ DirName: CN = x637 ++ DirName: CN = x638 ++ DirName: CN = x639 ++ DirName: CN = x640 ++ DirName: CN = x641 ++ DirName: CN = x642 ++ DirName: CN = x643 ++ DirName: CN = x644 ++ DirName: CN = x645 ++ DirName: CN = x646 ++ DirName: CN = x647 ++ DirName: CN = x648 ++ DirName: CN = x649 ++ DirName: CN = x650 ++ DirName: CN = x651 ++ DirName: CN = x652 ++ DirName: CN = x653 ++ DirName: CN = x654 ++ DirName: CN = x655 ++ DirName: CN = x656 ++ DirName: CN = x657 ++ DirName: CN = x658 ++ DirName: CN = x659 ++ DirName: CN = x660 ++ DirName: CN = x661 ++ DirName: CN = x662 ++ DirName: CN = x663 ++ DirName: CN = x664 ++ DirName: CN = x665 ++ DirName: CN = x666 ++ DirName: CN = x667 ++ DirName: CN = x668 ++ DirName: CN = x669 ++ DirName: CN = x670 ++ DirName: CN = x671 ++ DirName: CN = x672 ++ DirName: CN = x673 ++ DirName: CN = x674 ++ DirName: CN = x675 ++ DirName: CN = x676 ++ DirName: CN = x677 ++ DirName: CN = x678 ++ DirName: CN = x679 ++ DirName: CN = x680 ++ DirName: CN = x681 ++ DirName: CN = x682 ++ DirName: CN = x683 ++ DirName: CN = x684 ++ DirName: CN = x685 ++ DirName: CN = x686 ++ DirName: CN = x687 ++ DirName: CN = x688 ++ DirName: CN = x689 ++ DirName: CN = x690 ++ DirName: CN = x691 ++ DirName: CN = x692 ++ DirName: CN = x693 ++ DirName: CN = x694 ++ DirName: CN = x695 ++ DirName: CN = x696 ++ DirName: CN = x697 ++ DirName: CN = x698 ++ DirName: CN = x699 ++ DirName: CN = x700 ++ DirName: CN = x701 ++ DirName: CN = x702 ++ DirName: CN = x703 ++ DirName: CN = x704 ++ DirName: CN = x705 ++ DirName: CN = x706 ++ DirName: CN = x707 ++ DirName: CN = x708 ++ DirName: CN = x709 ++ DirName: CN = x710 ++ DirName: CN = x711 ++ DirName: CN = x712 ++ DirName: CN = x713 ++ DirName: CN = x714 ++ DirName: CN = x715 ++ DirName: CN = x716 ++ DirName: CN = x717 ++ DirName: CN = x718 ++ DirName: CN = x719 ++ DirName: CN = x720 ++ DirName: CN = x721 ++ DirName: CN = x722 ++ DirName: CN = x723 ++ DirName: CN = x724 ++ DirName: CN = x725 ++ DirName: CN = x726 ++ DirName: CN = x727 ++ DirName: CN = x728 ++ DirName: CN = x729 ++ DirName: CN = x730 ++ DirName: CN = x731 ++ DirName: CN = x732 ++ DirName: CN = x733 ++ DirName: CN = x734 ++ DirName: CN = x735 ++ DirName: CN = x736 ++ DirName: CN = x737 ++ DirName: CN = x738 ++ DirName: CN = x739 ++ DirName: CN = x740 ++ DirName: CN = x741 ++ DirName: CN = x742 ++ DirName: CN = x743 ++ DirName: CN = x744 ++ DirName: CN = x745 ++ DirName: CN = x746 ++ DirName: CN = x747 ++ DirName: CN = x748 ++ DirName: CN = x749 ++ DirName: CN = x750 ++ DirName: CN = x751 ++ DirName: CN = x752 ++ DirName: CN = x753 ++ DirName: CN = x754 ++ DirName: CN = x755 ++ DirName: CN = x756 ++ DirName: CN = x757 ++ DirName: CN = x758 ++ DirName: CN = x759 ++ DirName: CN = x760 ++ DirName: CN = x761 ++ DirName: CN = x762 ++ DirName: CN = x763 ++ DirName: CN = x764 ++ DirName: CN = x765 ++ DirName: CN = x766 ++ DirName: CN = x767 ++ DirName: CN = x768 ++ DirName: CN = x769 ++ DirName: CN = x770 ++ DirName: CN = x771 ++ DirName: CN = x772 ++ DirName: CN = x773 ++ DirName: CN = x774 ++ DirName: CN = x775 ++ DirName: CN = x776 ++ DirName: CN = x777 ++ DirName: CN = x778 ++ DirName: CN = x779 ++ DirName: CN = x780 ++ DirName: CN = x781 ++ DirName: CN = x782 ++ DirName: CN = x783 ++ DirName: CN = x784 ++ DirName: CN = x785 ++ DirName: CN = x786 ++ DirName: CN = x787 ++ DirName: CN = x788 ++ DirName: CN = x789 ++ DirName: CN = x790 ++ DirName: CN = x791 ++ DirName: CN = x792 ++ DirName: CN = x793 ++ DirName: CN = x794 ++ DirName: CN = x795 ++ DirName: CN = x796 ++ DirName: CN = x797 ++ DirName: CN = x798 ++ DirName: CN = x799 ++ DirName: CN = x800 ++ DirName: CN = x801 ++ DirName: CN = x802 ++ DirName: CN = x803 ++ DirName: CN = x804 ++ DirName: CN = x805 ++ DirName: CN = x806 ++ DirName: CN = x807 ++ DirName: CN = x808 ++ DirName: CN = x809 ++ DirName: CN = x810 ++ DirName: CN = x811 ++ DirName: CN = x812 ++ DirName: CN = x813 ++ DirName: CN = x814 ++ DirName: CN = x815 ++ DirName: CN = x816 ++ DirName: CN = x817 ++ DirName: CN = x818 ++ DirName: CN = x819 ++ DirName: CN = x820 ++ DirName: CN = x821 ++ DirName: CN = x822 ++ DirName: CN = x823 ++ DirName: CN = x824 ++ DirName: CN = x825 ++ DirName: CN = x826 ++ DirName: CN = x827 ++ DirName: CN = x828 ++ DirName: CN = x829 ++ DirName: CN = x830 ++ DirName: CN = x831 ++ DirName: CN = x832 ++ DirName: CN = x833 ++ DirName: CN = x834 ++ DirName: CN = x835 ++ DirName: CN = x836 ++ DirName: CN = x837 ++ DirName: CN = x838 ++ DirName: CN = x839 ++ DirName: CN = x840 ++ DirName: CN = x841 ++ DirName: CN = x842 ++ DirName: CN = x843 ++ DirName: CN = x844 ++ DirName: CN = x845 ++ DirName: CN = x846 ++ DirName: CN = x847 ++ DirName: CN = x848 ++ DirName: CN = x849 ++ DirName: CN = x850 ++ DirName: CN = x851 ++ DirName: CN = x852 ++ DirName: CN = x853 ++ DirName: CN = x854 ++ DirName: CN = x855 ++ DirName: CN = x856 ++ DirName: CN = x857 ++ DirName: CN = x858 ++ DirName: CN = x859 ++ DirName: CN = x860 ++ DirName: CN = x861 ++ DirName: CN = x862 ++ DirName: CN = x863 ++ DirName: CN = x864 ++ DirName: CN = x865 ++ DirName: CN = x866 ++ DirName: CN = x867 ++ DirName: CN = x868 ++ DirName: CN = x869 ++ DirName: CN = x870 ++ DirName: CN = x871 ++ DirName: CN = x872 ++ DirName: CN = x873 ++ DirName: CN = x874 ++ DirName: CN = x875 ++ DirName: CN = x876 ++ DirName: CN = x877 ++ DirName: CN = x878 ++ DirName: CN = x879 ++ DirName: CN = x880 ++ DirName: CN = x881 ++ DirName: CN = x882 ++ DirName: CN = x883 ++ DirName: CN = x884 ++ DirName: CN = x885 ++ DirName: CN = x886 ++ DirName: CN = x887 ++ DirName: CN = x888 ++ DirName: CN = x889 ++ DirName: CN = x890 ++ DirName: CN = x891 ++ DirName: CN = x892 ++ DirName: CN = x893 ++ DirName: CN = x894 ++ DirName: CN = x895 ++ DirName: CN = x896 ++ DirName: CN = x897 ++ DirName: CN = x898 ++ DirName: CN = x899 ++ DirName: CN = x900 ++ DirName: CN = x901 ++ DirName: CN = x902 ++ DirName: CN = x903 ++ DirName: CN = x904 ++ DirName: CN = x905 ++ DirName: CN = x906 ++ DirName: CN = x907 ++ DirName: CN = x908 ++ DirName: CN = x909 ++ DirName: CN = x910 ++ DirName: CN = x911 ++ DirName: CN = x912 ++ DirName: CN = x913 ++ DirName: CN = x914 ++ DirName: CN = x915 ++ DirName: CN = x916 ++ DirName: CN = x917 ++ DirName: CN = x918 ++ DirName: CN = x919 ++ DirName: CN = x920 ++ DirName: CN = x921 ++ DirName: CN = x922 ++ DirName: CN = x923 ++ DirName: CN = x924 ++ DirName: CN = x925 ++ DirName: CN = x926 ++ DirName: CN = x927 ++ DirName: CN = x928 ++ DirName: CN = x929 ++ DirName: CN = x930 ++ DirName: CN = x931 ++ DirName: CN = x932 ++ DirName: CN = x933 ++ DirName: CN = x934 ++ DirName: CN = x935 ++ DirName: CN = x936 ++ DirName: CN = x937 ++ DirName: CN = x938 ++ DirName: CN = x939 ++ DirName: CN = x940 ++ DirName: CN = x941 ++ DirName: CN = x942 ++ DirName: CN = x943 ++ DirName: CN = x944 ++ DirName: CN = x945 ++ DirName: CN = x946 ++ DirName: CN = x947 ++ DirName: CN = x948 ++ DirName: CN = x949 ++ DirName: CN = x950 ++ DirName: CN = x951 ++ DirName: CN = x952 ++ DirName: CN = x953 ++ DirName: CN = x954 ++ DirName: CN = x955 ++ DirName: CN = x956 ++ DirName: CN = x957 ++ DirName: CN = x958 ++ DirName: CN = x959 ++ DirName: CN = x960 ++ DirName: CN = x961 ++ DirName: CN = x962 ++ DirName: CN = x963 ++ DirName: CN = x964 ++ DirName: CN = x965 ++ DirName: CN = x966 ++ DirName: CN = x967 ++ DirName: CN = x968 ++ DirName: CN = x969 ++ DirName: CN = x970 ++ DirName: CN = x971 ++ DirName: CN = x972 ++ DirName: CN = x973 ++ DirName: CN = x974 ++ DirName: CN = x975 ++ DirName: CN = x976 ++ DirName: CN = x977 ++ DirName: CN = x978 ++ DirName: CN = x979 ++ DirName: CN = x980 ++ DirName: CN = x981 ++ DirName: CN = x982 ++ DirName: CN = x983 ++ DirName: CN = x984 ++ DirName: CN = x985 ++ DirName: CN = x986 ++ DirName: CN = x987 ++ DirName: CN = x988 ++ DirName: CN = x989 ++ DirName: CN = x990 ++ DirName: CN = x991 ++ DirName: CN = x992 ++ DirName: CN = x993 ++ DirName: CN = x994 ++ DirName: CN = x995 ++ DirName: CN = x996 ++ DirName: CN = x997 ++ DirName: CN = x998 ++ DirName: CN = x999 ++ DirName: CN = x1000 ++ DirName: CN = x1001 ++ DirName: CN = x1002 ++ DirName: CN = x1003 ++ DirName: CN = x1004 ++ DirName: CN = x1005 ++ DirName: CN = x1006 ++ DirName: CN = x1007 ++ DirName: CN = x1008 ++ DirName: CN = x1009 ++ DirName: CN = x1010 ++ DirName: CN = x1011 ++ DirName: CN = x1012 ++ DirName: CN = x1013 ++ DirName: CN = x1014 ++ DirName: CN = x1015 ++ DirName: CN = x1016 ++ DirName: CN = x1017 ++ DirName: CN = x1018 ++ DirName: CN = x1019 ++ DirName: CN = x1020 ++ DirName: CN = x1021 ++ DirName: CN = x1022 ++ DirName: CN = x1023 ++ DirName: CN = x1024 + + Signature Algorithm: sha256WithRSAEncryption + 75:8f:ad:5f:a0:8c:a2:05:18:d8:98:a6:c5:1d:7c:b9:11:f4: +@@ -2070,7 +2070,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem +index 44730ad8ea73c..91acca564e7ed 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of permitted directory name + constraints and directory names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:db +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -505,7 +505,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fd +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -554,1031 +554,1031 @@ Certificate: + CA:TRUE + X509v3 Name Constraints: + Permitted: +- DirName:CN = t0 +- DirName:CN = t1 +- DirName:CN = t2 +- DirName:CN = t3 +- DirName:CN = t4 +- DirName:CN = t5 +- DirName:CN = t6 +- DirName:CN = t7 +- DirName:CN = t8 +- DirName:CN = t9 +- DirName:CN = t10 +- DirName:CN = t11 +- DirName:CN = t12 +- DirName:CN = t13 +- DirName:CN = t14 +- DirName:CN = t15 +- DirName:CN = t16 +- DirName:CN = t17 +- DirName:CN = t18 +- DirName:CN = t19 +- DirName:CN = t20 +- DirName:CN = t21 +- DirName:CN = t22 +- DirName:CN = t23 +- DirName:CN = t24 +- DirName:CN = t25 +- DirName:CN = t26 +- DirName:CN = t27 +- DirName:CN = t28 +- DirName:CN = t29 +- DirName:CN = t30 +- DirName:CN = t31 +- DirName:CN = t32 +- DirName:CN = t33 +- DirName:CN = t34 +- DirName:CN = t35 +- DirName:CN = t36 +- DirName:CN = t37 +- DirName:CN = t38 +- DirName:CN = t39 +- DirName:CN = t40 +- DirName:CN = t41 +- DirName:CN = t42 +- DirName:CN = t43 +- DirName:CN = t44 +- DirName:CN = t45 +- DirName:CN = t46 +- DirName:CN = t47 +- DirName:CN = t48 +- DirName:CN = t49 +- DirName:CN = t50 +- DirName:CN = t51 +- DirName:CN = t52 +- DirName:CN = t53 +- DirName:CN = t54 +- DirName:CN = t55 +- DirName:CN = t56 +- DirName:CN = t57 +- DirName:CN = t58 +- DirName:CN = t59 +- DirName:CN = t60 +- DirName:CN = t61 +- DirName:CN = t62 +- DirName:CN = t63 +- DirName:CN = t64 +- DirName:CN = t65 +- DirName:CN = t66 +- DirName:CN = t67 +- DirName:CN = t68 +- DirName:CN = t69 +- DirName:CN = t70 +- DirName:CN = t71 +- DirName:CN = t72 +- DirName:CN = t73 +- DirName:CN = t74 +- DirName:CN = t75 +- DirName:CN = t76 +- DirName:CN = t77 +- DirName:CN = t78 +- DirName:CN = t79 +- DirName:CN = t80 +- DirName:CN = t81 +- DirName:CN = t82 +- DirName:CN = t83 +- DirName:CN = t84 +- DirName:CN = t85 +- DirName:CN = t86 +- DirName:CN = t87 +- DirName:CN = t88 +- DirName:CN = t89 +- DirName:CN = t90 +- DirName:CN = t91 +- DirName:CN = t92 +- DirName:CN = t93 +- DirName:CN = t94 +- DirName:CN = t95 +- DirName:CN = t96 +- DirName:CN = t97 +- DirName:CN = t98 +- DirName:CN = t99 +- DirName:CN = t100 +- DirName:CN = t101 +- DirName:CN = t102 +- DirName:CN = t103 +- DirName:CN = t104 +- DirName:CN = t105 +- DirName:CN = t106 +- DirName:CN = t107 +- DirName:CN = t108 +- DirName:CN = t109 +- DirName:CN = t110 +- DirName:CN = t111 +- DirName:CN = t112 +- DirName:CN = t113 +- DirName:CN = t114 +- DirName:CN = t115 +- DirName:CN = t116 +- DirName:CN = t117 +- DirName:CN = t118 +- DirName:CN = t119 +- DirName:CN = t120 +- DirName:CN = t121 +- DirName:CN = t122 +- DirName:CN = t123 +- DirName:CN = t124 +- DirName:CN = t125 +- DirName:CN = t126 +- DirName:CN = t127 +- DirName:CN = t128 +- DirName:CN = t129 +- DirName:CN = t130 +- DirName:CN = t131 +- DirName:CN = t132 +- DirName:CN = t133 +- DirName:CN = t134 +- DirName:CN = t135 +- DirName:CN = t136 +- DirName:CN = t137 +- DirName:CN = t138 +- DirName:CN = t139 +- DirName:CN = t140 +- DirName:CN = t141 +- DirName:CN = t142 +- DirName:CN = t143 +- DirName:CN = t144 +- DirName:CN = t145 +- DirName:CN = t146 +- DirName:CN = t147 +- DirName:CN = t148 +- DirName:CN = t149 +- DirName:CN = t150 +- DirName:CN = t151 +- DirName:CN = t152 +- DirName:CN = t153 +- DirName:CN = t154 +- DirName:CN = t155 +- DirName:CN = t156 +- DirName:CN = t157 +- DirName:CN = t158 +- DirName:CN = t159 +- DirName:CN = t160 +- DirName:CN = t161 +- DirName:CN = t162 +- DirName:CN = t163 +- DirName:CN = t164 +- DirName:CN = t165 +- DirName:CN = t166 +- DirName:CN = t167 +- DirName:CN = t168 +- DirName:CN = t169 +- DirName:CN = t170 +- DirName:CN = t171 +- DirName:CN = t172 +- DirName:CN = t173 +- DirName:CN = t174 +- DirName:CN = t175 +- DirName:CN = t176 +- DirName:CN = t177 +- DirName:CN = t178 +- DirName:CN = t179 +- DirName:CN = t180 +- DirName:CN = t181 +- DirName:CN = t182 +- DirName:CN = t183 +- DirName:CN = t184 +- DirName:CN = t185 +- DirName:CN = t186 +- DirName:CN = t187 +- DirName:CN = t188 +- DirName:CN = t189 +- DirName:CN = t190 +- DirName:CN = t191 +- DirName:CN = t192 +- DirName:CN = t193 +- DirName:CN = t194 +- DirName:CN = t195 +- DirName:CN = t196 +- DirName:CN = t197 +- DirName:CN = t198 +- DirName:CN = t199 +- DirName:CN = t200 +- DirName:CN = t201 +- DirName:CN = t202 +- DirName:CN = t203 +- DirName:CN = t204 +- DirName:CN = t205 +- DirName:CN = t206 +- DirName:CN = t207 +- DirName:CN = t208 +- DirName:CN = t209 +- DirName:CN = t210 +- DirName:CN = t211 +- DirName:CN = t212 +- DirName:CN = t213 +- DirName:CN = t214 +- DirName:CN = t215 +- DirName:CN = t216 +- DirName:CN = t217 +- DirName:CN = t218 +- DirName:CN = t219 +- DirName:CN = t220 +- DirName:CN = t221 +- DirName:CN = t222 +- DirName:CN = t223 +- DirName:CN = t224 +- DirName:CN = t225 +- DirName:CN = t226 +- DirName:CN = t227 +- DirName:CN = t228 +- DirName:CN = t229 +- DirName:CN = t230 +- DirName:CN = t231 +- DirName:CN = t232 +- DirName:CN = t233 +- DirName:CN = t234 +- DirName:CN = t235 +- DirName:CN = t236 +- DirName:CN = t237 +- DirName:CN = t238 +- DirName:CN = t239 +- DirName:CN = t240 +- DirName:CN = t241 +- DirName:CN = t242 +- DirName:CN = t243 +- DirName:CN = t244 +- DirName:CN = t245 +- DirName:CN = t246 +- DirName:CN = t247 +- DirName:CN = t248 +- DirName:CN = t249 +- DirName:CN = t250 +- DirName:CN = t251 +- DirName:CN = t252 +- DirName:CN = t253 +- DirName:CN = t254 +- DirName:CN = t255 +- DirName:CN = t256 +- DirName:CN = t257 +- DirName:CN = t258 +- DirName:CN = t259 +- DirName:CN = t260 +- DirName:CN = t261 +- DirName:CN = t262 +- DirName:CN = t263 +- DirName:CN = t264 +- DirName:CN = t265 +- DirName:CN = t266 +- DirName:CN = t267 +- DirName:CN = t268 +- DirName:CN = t269 +- DirName:CN = t270 +- DirName:CN = t271 +- DirName:CN = t272 +- DirName:CN = t273 +- DirName:CN = t274 +- DirName:CN = t275 +- DirName:CN = t276 +- DirName:CN = t277 +- DirName:CN = t278 +- DirName:CN = t279 +- DirName:CN = t280 +- DirName:CN = t281 +- DirName:CN = t282 +- DirName:CN = t283 +- DirName:CN = t284 +- DirName:CN = t285 +- DirName:CN = t286 +- DirName:CN = t287 +- DirName:CN = t288 +- DirName:CN = t289 +- DirName:CN = t290 +- DirName:CN = t291 +- DirName:CN = t292 +- DirName:CN = t293 +- DirName:CN = t294 +- DirName:CN = t295 +- DirName:CN = t296 +- DirName:CN = t297 +- DirName:CN = t298 +- DirName:CN = t299 +- DirName:CN = t300 +- DirName:CN = t301 +- DirName:CN = t302 +- DirName:CN = t303 +- DirName:CN = t304 +- DirName:CN = t305 +- DirName:CN = t306 +- DirName:CN = t307 +- DirName:CN = t308 +- DirName:CN = t309 +- DirName:CN = t310 +- DirName:CN = t311 +- DirName:CN = t312 +- DirName:CN = t313 +- DirName:CN = t314 +- DirName:CN = t315 +- DirName:CN = t316 +- DirName:CN = t317 +- DirName:CN = t318 +- DirName:CN = t319 +- DirName:CN = t320 +- DirName:CN = t321 +- DirName:CN = t322 +- DirName:CN = t323 +- DirName:CN = t324 +- DirName:CN = t325 +- DirName:CN = t326 +- DirName:CN = t327 +- DirName:CN = t328 +- DirName:CN = t329 +- DirName:CN = t330 +- DirName:CN = t331 +- DirName:CN = t332 +- DirName:CN = t333 +- DirName:CN = t334 +- DirName:CN = t335 +- DirName:CN = t336 +- DirName:CN = t337 +- DirName:CN = t338 +- DirName:CN = t339 +- DirName:CN = t340 +- DirName:CN = t341 +- DirName:CN = t342 +- DirName:CN = t343 +- DirName:CN = t344 +- DirName:CN = t345 +- DirName:CN = t346 +- DirName:CN = t347 +- DirName:CN = t348 +- DirName:CN = t349 +- DirName:CN = t350 +- DirName:CN = t351 +- DirName:CN = t352 +- DirName:CN = t353 +- DirName:CN = t354 +- DirName:CN = t355 +- DirName:CN = t356 +- DirName:CN = t357 +- DirName:CN = t358 +- DirName:CN = t359 +- DirName:CN = t360 +- DirName:CN = t361 +- DirName:CN = t362 +- DirName:CN = t363 +- DirName:CN = t364 +- DirName:CN = t365 +- DirName:CN = t366 +- DirName:CN = t367 +- DirName:CN = t368 +- DirName:CN = t369 +- DirName:CN = t370 +- DirName:CN = t371 +- DirName:CN = t372 +- DirName:CN = t373 +- DirName:CN = t374 +- DirName:CN = t375 +- DirName:CN = t376 +- DirName:CN = t377 +- DirName:CN = t378 +- DirName:CN = t379 +- DirName:CN = t380 +- DirName:CN = t381 +- DirName:CN = t382 +- DirName:CN = t383 +- DirName:CN = t384 +- DirName:CN = t385 +- DirName:CN = t386 +- DirName:CN = t387 +- DirName:CN = t388 +- DirName:CN = t389 +- DirName:CN = t390 +- DirName:CN = t391 +- DirName:CN = t392 +- DirName:CN = t393 +- DirName:CN = t394 +- DirName:CN = t395 +- DirName:CN = t396 +- DirName:CN = t397 +- DirName:CN = t398 +- DirName:CN = t399 +- DirName:CN = t400 +- DirName:CN = t401 +- DirName:CN = t402 +- DirName:CN = t403 +- DirName:CN = t404 +- DirName:CN = t405 +- DirName:CN = t406 +- DirName:CN = t407 +- DirName:CN = t408 +- DirName:CN = t409 +- DirName:CN = t410 +- DirName:CN = t411 +- DirName:CN = t412 +- DirName:CN = t413 +- DirName:CN = t414 +- DirName:CN = t415 +- DirName:CN = t416 +- DirName:CN = t417 +- DirName:CN = t418 +- DirName:CN = t419 +- DirName:CN = t420 +- DirName:CN = t421 +- DirName:CN = t422 +- DirName:CN = t423 +- DirName:CN = t424 +- DirName:CN = t425 +- DirName:CN = t426 +- DirName:CN = t427 +- DirName:CN = t428 +- DirName:CN = t429 +- DirName:CN = t430 +- DirName:CN = t431 +- DirName:CN = t432 +- DirName:CN = t433 +- DirName:CN = t434 +- DirName:CN = t435 +- DirName:CN = t436 +- DirName:CN = t437 +- DirName:CN = t438 +- DirName:CN = t439 +- DirName:CN = t440 +- DirName:CN = t441 +- DirName:CN = t442 +- DirName:CN = t443 +- DirName:CN = t444 +- DirName:CN = t445 +- DirName:CN = t446 +- DirName:CN = t447 +- DirName:CN = t448 +- DirName:CN = t449 +- DirName:CN = t450 +- DirName:CN = t451 +- DirName:CN = t452 +- DirName:CN = t453 +- DirName:CN = t454 +- DirName:CN = t455 +- DirName:CN = t456 +- DirName:CN = t457 +- DirName:CN = t458 +- DirName:CN = t459 +- DirName:CN = t460 +- DirName:CN = t461 +- DirName:CN = t462 +- DirName:CN = t463 +- DirName:CN = t464 +- DirName:CN = t465 +- DirName:CN = t466 +- DirName:CN = t467 +- DirName:CN = t468 +- DirName:CN = t469 +- DirName:CN = t470 +- DirName:CN = t471 +- DirName:CN = t472 +- DirName:CN = t473 +- DirName:CN = t474 +- DirName:CN = t475 +- DirName:CN = t476 +- DirName:CN = t477 +- DirName:CN = t478 +- DirName:CN = t479 +- DirName:CN = t480 +- DirName:CN = t481 +- DirName:CN = t482 +- DirName:CN = t483 +- DirName:CN = t484 +- DirName:CN = t485 +- DirName:CN = t486 +- DirName:CN = t487 +- DirName:CN = t488 +- DirName:CN = t489 +- DirName:CN = t490 +- DirName:CN = t491 +- DirName:CN = t492 +- DirName:CN = t493 +- DirName:CN = t494 +- DirName:CN = t495 +- DirName:CN = t496 +- DirName:CN = t497 +- DirName:CN = t498 +- DirName:CN = t499 +- DirName:CN = t500 +- DirName:CN = t501 +- DirName:CN = t502 +- DirName:CN = t503 +- DirName:CN = t504 +- DirName:CN = t505 +- DirName:CN = t506 +- DirName:CN = t507 +- DirName:CN = t508 +- DirName:CN = t509 +- DirName:CN = t510 +- DirName:CN = t511 +- DirName:CN = t512 +- DirName:CN = t513 +- DirName:CN = t514 +- DirName:CN = t515 +- DirName:CN = t516 +- DirName:CN = t517 +- DirName:CN = t518 +- DirName:CN = t519 +- DirName:CN = t520 +- DirName:CN = t521 +- DirName:CN = t522 +- DirName:CN = t523 +- DirName:CN = t524 +- DirName:CN = t525 +- DirName:CN = t526 +- DirName:CN = t527 +- DirName:CN = t528 +- DirName:CN = t529 +- DirName:CN = t530 +- DirName:CN = t531 +- DirName:CN = t532 +- DirName:CN = t533 +- DirName:CN = t534 +- DirName:CN = t535 +- DirName:CN = t536 +- DirName:CN = t537 +- DirName:CN = t538 +- DirName:CN = t539 +- DirName:CN = t540 +- DirName:CN = t541 +- DirName:CN = t542 +- DirName:CN = t543 +- DirName:CN = t544 +- DirName:CN = t545 +- DirName:CN = t546 +- DirName:CN = t547 +- DirName:CN = t548 +- DirName:CN = t549 +- DirName:CN = t550 +- DirName:CN = t551 +- DirName:CN = t552 +- DirName:CN = t553 +- DirName:CN = t554 +- DirName:CN = t555 +- DirName:CN = t556 +- DirName:CN = t557 +- DirName:CN = t558 +- DirName:CN = t559 +- DirName:CN = t560 +- DirName:CN = t561 +- DirName:CN = t562 +- DirName:CN = t563 +- DirName:CN = t564 +- DirName:CN = t565 +- DirName:CN = t566 +- DirName:CN = t567 +- DirName:CN = t568 +- DirName:CN = t569 +- DirName:CN = t570 +- DirName:CN = t571 +- DirName:CN = t572 +- DirName:CN = t573 +- DirName:CN = t574 +- DirName:CN = t575 +- DirName:CN = t576 +- DirName:CN = t577 +- DirName:CN = t578 +- DirName:CN = t579 +- DirName:CN = t580 +- DirName:CN = t581 +- DirName:CN = t582 +- DirName:CN = t583 +- DirName:CN = t584 +- DirName:CN = t585 +- DirName:CN = t586 +- DirName:CN = t587 +- DirName:CN = t588 +- DirName:CN = t589 +- DirName:CN = t590 +- DirName:CN = t591 +- DirName:CN = t592 +- DirName:CN = t593 +- DirName:CN = t594 +- DirName:CN = t595 +- DirName:CN = t596 +- DirName:CN = t597 +- DirName:CN = t598 +- DirName:CN = t599 +- DirName:CN = t600 +- DirName:CN = t601 +- DirName:CN = t602 +- DirName:CN = t603 +- DirName:CN = t604 +- DirName:CN = t605 +- DirName:CN = t606 +- DirName:CN = t607 +- DirName:CN = t608 +- DirName:CN = t609 +- DirName:CN = t610 +- DirName:CN = t611 +- DirName:CN = t612 +- DirName:CN = t613 +- DirName:CN = t614 +- DirName:CN = t615 +- DirName:CN = t616 +- DirName:CN = t617 +- DirName:CN = t618 +- DirName:CN = t619 +- DirName:CN = t620 +- DirName:CN = t621 +- DirName:CN = t622 +- DirName:CN = t623 +- DirName:CN = t624 +- DirName:CN = t625 +- DirName:CN = t626 +- DirName:CN = t627 +- DirName:CN = t628 +- DirName:CN = t629 +- DirName:CN = t630 +- DirName:CN = t631 +- DirName:CN = t632 +- DirName:CN = t633 +- DirName:CN = t634 +- DirName:CN = t635 +- DirName:CN = t636 +- DirName:CN = t637 +- DirName:CN = t638 +- DirName:CN = t639 +- DirName:CN = t640 +- DirName:CN = t641 +- DirName:CN = t642 +- DirName:CN = t643 +- DirName:CN = t644 +- DirName:CN = t645 +- DirName:CN = t646 +- DirName:CN = t647 +- DirName:CN = t648 +- DirName:CN = t649 +- DirName:CN = t650 +- DirName:CN = t651 +- DirName:CN = t652 +- DirName:CN = t653 +- DirName:CN = t654 +- DirName:CN = t655 +- DirName:CN = t656 +- DirName:CN = t657 +- DirName:CN = t658 +- DirName:CN = t659 +- DirName:CN = t660 +- DirName:CN = t661 +- DirName:CN = t662 +- DirName:CN = t663 +- DirName:CN = t664 +- DirName:CN = t665 +- DirName:CN = t666 +- DirName:CN = t667 +- DirName:CN = t668 +- DirName:CN = t669 +- DirName:CN = t670 +- DirName:CN = t671 +- DirName:CN = t672 +- DirName:CN = t673 +- DirName:CN = t674 +- DirName:CN = t675 +- DirName:CN = t676 +- DirName:CN = t677 +- DirName:CN = t678 +- DirName:CN = t679 +- DirName:CN = t680 +- DirName:CN = t681 +- DirName:CN = t682 +- DirName:CN = t683 +- DirName:CN = t684 +- DirName:CN = t685 +- DirName:CN = t686 +- DirName:CN = t687 +- DirName:CN = t688 +- DirName:CN = t689 +- DirName:CN = t690 +- DirName:CN = t691 +- DirName:CN = t692 +- DirName:CN = t693 +- DirName:CN = t694 +- DirName:CN = t695 +- DirName:CN = t696 +- DirName:CN = t697 +- DirName:CN = t698 +- DirName:CN = t699 +- DirName:CN = t700 +- DirName:CN = t701 +- DirName:CN = t702 +- DirName:CN = t703 +- DirName:CN = t704 +- DirName:CN = t705 +- DirName:CN = t706 +- DirName:CN = t707 +- DirName:CN = t708 +- DirName:CN = t709 +- DirName:CN = t710 +- DirName:CN = t711 +- DirName:CN = t712 +- DirName:CN = t713 +- DirName:CN = t714 +- DirName:CN = t715 +- DirName:CN = t716 +- DirName:CN = t717 +- DirName:CN = t718 +- DirName:CN = t719 +- DirName:CN = t720 +- DirName:CN = t721 +- DirName:CN = t722 +- DirName:CN = t723 +- DirName:CN = t724 +- DirName:CN = t725 +- DirName:CN = t726 +- DirName:CN = t727 +- DirName:CN = t728 +- DirName:CN = t729 +- DirName:CN = t730 +- DirName:CN = t731 +- DirName:CN = t732 +- DirName:CN = t733 +- DirName:CN = t734 +- DirName:CN = t735 +- DirName:CN = t736 +- DirName:CN = t737 +- DirName:CN = t738 +- DirName:CN = t739 +- DirName:CN = t740 +- DirName:CN = t741 +- DirName:CN = t742 +- DirName:CN = t743 +- DirName:CN = t744 +- DirName:CN = t745 +- DirName:CN = t746 +- DirName:CN = t747 +- DirName:CN = t748 +- DirName:CN = t749 +- DirName:CN = t750 +- DirName:CN = t751 +- DirName:CN = t752 +- DirName:CN = t753 +- DirName:CN = t754 +- DirName:CN = t755 +- DirName:CN = t756 +- DirName:CN = t757 +- DirName:CN = t758 +- DirName:CN = t759 +- DirName:CN = t760 +- DirName:CN = t761 +- DirName:CN = t762 +- DirName:CN = t763 +- DirName:CN = t764 +- DirName:CN = t765 +- DirName:CN = t766 +- DirName:CN = t767 +- DirName:CN = t768 +- DirName:CN = t769 +- DirName:CN = t770 +- DirName:CN = t771 +- DirName:CN = t772 +- DirName:CN = t773 +- DirName:CN = t774 +- DirName:CN = t775 +- DirName:CN = t776 +- DirName:CN = t777 +- DirName:CN = t778 +- DirName:CN = t779 +- DirName:CN = t780 +- DirName:CN = t781 +- DirName:CN = t782 +- DirName:CN = t783 +- DirName:CN = t784 +- DirName:CN = t785 +- DirName:CN = t786 +- DirName:CN = t787 +- DirName:CN = t788 +- DirName:CN = t789 +- DirName:CN = t790 +- DirName:CN = t791 +- DirName:CN = t792 +- DirName:CN = t793 +- DirName:CN = t794 +- DirName:CN = t795 +- DirName:CN = t796 +- DirName:CN = t797 +- DirName:CN = t798 +- DirName:CN = t799 +- DirName:CN = t800 +- DirName:CN = t801 +- DirName:CN = t802 +- DirName:CN = t803 +- DirName:CN = t804 +- DirName:CN = t805 +- DirName:CN = t806 +- DirName:CN = t807 +- DirName:CN = t808 +- DirName:CN = t809 +- DirName:CN = t810 +- DirName:CN = t811 +- DirName:CN = t812 +- DirName:CN = t813 +- DirName:CN = t814 +- DirName:CN = t815 +- DirName:CN = t816 +- DirName:CN = t817 +- DirName:CN = t818 +- DirName:CN = t819 +- DirName:CN = t820 +- DirName:CN = t821 +- DirName:CN = t822 +- DirName:CN = t823 +- DirName:CN = t824 +- DirName:CN = t825 +- DirName:CN = t826 +- DirName:CN = t827 +- DirName:CN = t828 +- DirName:CN = t829 +- DirName:CN = t830 +- DirName:CN = t831 +- DirName:CN = t832 +- DirName:CN = t833 +- DirName:CN = t834 +- DirName:CN = t835 +- DirName:CN = t836 +- DirName:CN = t837 +- DirName:CN = t838 +- DirName:CN = t839 +- DirName:CN = t840 +- DirName:CN = t841 +- DirName:CN = t842 +- DirName:CN = t843 +- DirName:CN = t844 +- DirName:CN = t845 +- DirName:CN = t846 +- DirName:CN = t847 +- DirName:CN = t848 +- DirName:CN = t849 +- DirName:CN = t850 +- DirName:CN = t851 +- DirName:CN = t852 +- DirName:CN = t853 +- DirName:CN = t854 +- DirName:CN = t855 +- DirName:CN = t856 +- DirName:CN = t857 +- DirName:CN = t858 +- DirName:CN = t859 +- DirName:CN = t860 +- DirName:CN = t861 +- DirName:CN = t862 +- DirName:CN = t863 +- DirName:CN = t864 +- DirName:CN = t865 +- DirName:CN = t866 +- DirName:CN = t867 +- DirName:CN = t868 +- DirName:CN = t869 +- DirName:CN = t870 +- DirName:CN = t871 +- DirName:CN = t872 +- DirName:CN = t873 +- DirName:CN = t874 +- DirName:CN = t875 +- DirName:CN = t876 +- DirName:CN = t877 +- DirName:CN = t878 +- DirName:CN = t879 +- DirName:CN = t880 +- DirName:CN = t881 +- DirName:CN = t882 +- DirName:CN = t883 +- DirName:CN = t884 +- DirName:CN = t885 +- DirName:CN = t886 +- DirName:CN = t887 +- DirName:CN = t888 +- DirName:CN = t889 +- DirName:CN = t890 +- DirName:CN = t891 +- DirName:CN = t892 +- DirName:CN = t893 +- DirName:CN = t894 +- DirName:CN = t895 +- DirName:CN = t896 +- DirName:CN = t897 +- DirName:CN = t898 +- DirName:CN = t899 +- DirName:CN = t900 +- DirName:CN = t901 +- DirName:CN = t902 +- DirName:CN = t903 +- DirName:CN = t904 +- DirName:CN = t905 +- DirName:CN = t906 +- DirName:CN = t907 +- DirName:CN = t908 +- DirName:CN = t909 +- DirName:CN = t910 +- DirName:CN = t911 +- DirName:CN = t912 +- DirName:CN = t913 +- DirName:CN = t914 +- DirName:CN = t915 +- DirName:CN = t916 +- DirName:CN = t917 +- DirName:CN = t918 +- DirName:CN = t919 +- DirName:CN = t920 +- DirName:CN = t921 +- DirName:CN = t922 +- DirName:CN = t923 +- DirName:CN = t924 +- DirName:CN = t925 +- DirName:CN = t926 +- DirName:CN = t927 +- DirName:CN = t928 +- DirName:CN = t929 +- DirName:CN = t930 +- DirName:CN = t931 +- DirName:CN = t932 +- DirName:CN = t933 +- DirName:CN = t934 +- DirName:CN = t935 +- DirName:CN = t936 +- DirName:CN = t937 +- DirName:CN = t938 +- DirName:CN = t939 +- DirName:CN = t940 +- DirName:CN = t941 +- DirName:CN = t942 +- DirName:CN = t943 +- DirName:CN = t944 +- DirName:CN = t945 +- DirName:CN = t946 +- DirName:CN = t947 +- DirName:CN = t948 +- DirName:CN = t949 +- DirName:CN = t950 +- DirName:CN = t951 +- DirName:CN = t952 +- DirName:CN = t953 +- DirName:CN = t954 +- DirName:CN = t955 +- DirName:CN = t956 +- DirName:CN = t957 +- DirName:CN = t958 +- DirName:CN = t959 +- DirName:CN = t960 +- DirName:CN = t961 +- DirName:CN = t962 +- DirName:CN = t963 +- DirName:CN = t964 +- DirName:CN = t965 +- DirName:CN = t966 +- DirName:CN = t967 +- DirName:CN = t968 +- DirName:CN = t969 +- DirName:CN = t970 +- DirName:CN = t971 +- DirName:CN = t972 +- DirName:CN = t973 +- DirName:CN = t974 +- DirName:CN = t975 +- DirName:CN = t976 +- DirName:CN = t977 +- DirName:CN = t978 +- DirName:CN = t979 +- DirName:CN = t980 +- DirName:CN = t981 +- DirName:CN = t982 +- DirName:CN = t983 +- DirName:CN = t984 +- DirName:CN = t985 +- DirName:CN = t986 +- DirName:CN = t987 +- DirName:CN = t988 +- DirName:CN = t989 +- DirName:CN = t990 +- DirName:CN = t991 +- DirName:CN = t992 +- DirName:CN = t993 +- DirName:CN = t994 +- DirName:CN = t995 +- DirName:CN = t996 +- DirName:CN = t997 +- DirName:CN = t998 +- DirName:CN = t999 +- DirName:CN = t1000 +- DirName:CN = t1001 +- DirName:CN = t1002 +- DirName:CN = t1003 +- DirName:CN = t1004 +- DirName:CN = t1005 +- DirName:CN = t1006 +- DirName:CN = t1007 +- DirName:CN = t1008 +- DirName:CN = t1009 +- DirName:CN = t1010 +- DirName:CN = t1011 +- DirName:CN = t1012 +- DirName:CN = t1013 +- DirName:CN = t1014 +- DirName:CN = t1015 +- DirName:CN = t1016 +- DirName:CN = t1017 +- DirName:CN = t1018 +- DirName:CN = t1019 +- DirName:CN = t1020 +- DirName:CN = t1021 +- DirName:CN = t1022 +- DirName:CN = t1023 +- DirName:CN = t1024 ++ DirName: CN = t0 ++ DirName: CN = t1 ++ DirName: CN = t2 ++ DirName: CN = t3 ++ DirName: CN = t4 ++ DirName: CN = t5 ++ DirName: CN = t6 ++ DirName: CN = t7 ++ DirName: CN = t8 ++ DirName: CN = t9 ++ DirName: CN = t10 ++ DirName: CN = t11 ++ DirName: CN = t12 ++ DirName: CN = t13 ++ DirName: CN = t14 ++ DirName: CN = t15 ++ DirName: CN = t16 ++ DirName: CN = t17 ++ DirName: CN = t18 ++ DirName: CN = t19 ++ DirName: CN = t20 ++ DirName: CN = t21 ++ DirName: CN = t22 ++ DirName: CN = t23 ++ DirName: CN = t24 ++ DirName: CN = t25 ++ DirName: CN = t26 ++ DirName: CN = t27 ++ DirName: CN = t28 ++ DirName: CN = t29 ++ DirName: CN = t30 ++ DirName: CN = t31 ++ DirName: CN = t32 ++ DirName: CN = t33 ++ DirName: CN = t34 ++ DirName: CN = t35 ++ DirName: CN = t36 ++ DirName: CN = t37 ++ DirName: CN = t38 ++ DirName: CN = t39 ++ DirName: CN = t40 ++ DirName: CN = t41 ++ DirName: CN = t42 ++ DirName: CN = t43 ++ DirName: CN = t44 ++ DirName: CN = t45 ++ DirName: CN = t46 ++ DirName: CN = t47 ++ DirName: CN = t48 ++ DirName: CN = t49 ++ DirName: CN = t50 ++ DirName: CN = t51 ++ DirName: CN = t52 ++ DirName: CN = t53 ++ DirName: CN = t54 ++ DirName: CN = t55 ++ DirName: CN = t56 ++ DirName: CN = t57 ++ DirName: CN = t58 ++ DirName: CN = t59 ++ DirName: CN = t60 ++ DirName: CN = t61 ++ DirName: CN = t62 ++ DirName: CN = t63 ++ DirName: CN = t64 ++ DirName: CN = t65 ++ DirName: CN = t66 ++ DirName: CN = t67 ++ DirName: CN = t68 ++ DirName: CN = t69 ++ DirName: CN = t70 ++ DirName: CN = t71 ++ DirName: CN = t72 ++ DirName: CN = t73 ++ DirName: CN = t74 ++ DirName: CN = t75 ++ DirName: CN = t76 ++ DirName: CN = t77 ++ DirName: CN = t78 ++ DirName: CN = t79 ++ DirName: CN = t80 ++ DirName: CN = t81 ++ DirName: CN = t82 ++ DirName: CN = t83 ++ DirName: CN = t84 ++ DirName: CN = t85 ++ DirName: CN = t86 ++ DirName: CN = t87 ++ DirName: CN = t88 ++ DirName: CN = t89 ++ DirName: CN = t90 ++ DirName: CN = t91 ++ DirName: CN = t92 ++ DirName: CN = t93 ++ DirName: CN = t94 ++ DirName: CN = t95 ++ DirName: CN = t96 ++ DirName: CN = t97 ++ DirName: CN = t98 ++ DirName: CN = t99 ++ DirName: CN = t100 ++ DirName: CN = t101 ++ DirName: CN = t102 ++ DirName: CN = t103 ++ DirName: CN = t104 ++ DirName: CN = t105 ++ DirName: CN = t106 ++ DirName: CN = t107 ++ DirName: CN = t108 ++ DirName: CN = t109 ++ DirName: CN = t110 ++ DirName: CN = t111 ++ DirName: CN = t112 ++ DirName: CN = t113 ++ DirName: CN = t114 ++ DirName: CN = t115 ++ DirName: CN = t116 ++ DirName: CN = t117 ++ DirName: CN = t118 ++ DirName: CN = t119 ++ DirName: CN = t120 ++ DirName: CN = t121 ++ DirName: CN = t122 ++ DirName: CN = t123 ++ DirName: CN = t124 ++ DirName: CN = t125 ++ DirName: CN = t126 ++ DirName: CN = t127 ++ DirName: CN = t128 ++ DirName: CN = t129 ++ DirName: CN = t130 ++ DirName: CN = t131 ++ DirName: CN = t132 ++ DirName: CN = t133 ++ DirName: CN = t134 ++ DirName: CN = t135 ++ DirName: CN = t136 ++ DirName: CN = t137 ++ DirName: CN = t138 ++ DirName: CN = t139 ++ DirName: CN = t140 ++ DirName: CN = t141 ++ DirName: CN = t142 ++ DirName: CN = t143 ++ DirName: CN = t144 ++ DirName: CN = t145 ++ DirName: CN = t146 ++ DirName: CN = t147 ++ DirName: CN = t148 ++ DirName: CN = t149 ++ DirName: CN = t150 ++ DirName: CN = t151 ++ DirName: CN = t152 ++ DirName: CN = t153 ++ DirName: CN = t154 ++ DirName: CN = t155 ++ DirName: CN = t156 ++ DirName: CN = t157 ++ DirName: CN = t158 ++ DirName: CN = t159 ++ DirName: CN = t160 ++ DirName: CN = t161 ++ DirName: CN = t162 ++ DirName: CN = t163 ++ DirName: CN = t164 ++ DirName: CN = t165 ++ DirName: CN = t166 ++ DirName: CN = t167 ++ DirName: CN = t168 ++ DirName: CN = t169 ++ DirName: CN = t170 ++ DirName: CN = t171 ++ DirName: CN = t172 ++ DirName: CN = t173 ++ DirName: CN = t174 ++ DirName: CN = t175 ++ DirName: CN = t176 ++ DirName: CN = t177 ++ DirName: CN = t178 ++ DirName: CN = t179 ++ DirName: CN = t180 ++ DirName: CN = t181 ++ DirName: CN = t182 ++ DirName: CN = t183 ++ DirName: CN = t184 ++ DirName: CN = t185 ++ DirName: CN = t186 ++ DirName: CN = t187 ++ DirName: CN = t188 ++ DirName: CN = t189 ++ DirName: CN = t190 ++ DirName: CN = t191 ++ DirName: CN = t192 ++ DirName: CN = t193 ++ DirName: CN = t194 ++ DirName: CN = t195 ++ DirName: CN = t196 ++ DirName: CN = t197 ++ DirName: CN = t198 ++ DirName: CN = t199 ++ DirName: CN = t200 ++ DirName: CN = t201 ++ DirName: CN = t202 ++ DirName: CN = t203 ++ DirName: CN = t204 ++ DirName: CN = t205 ++ DirName: CN = t206 ++ DirName: CN = t207 ++ DirName: CN = t208 ++ DirName: CN = t209 ++ DirName: CN = t210 ++ DirName: CN = t211 ++ DirName: CN = t212 ++ DirName: CN = t213 ++ DirName: CN = t214 ++ DirName: CN = t215 ++ DirName: CN = t216 ++ DirName: CN = t217 ++ DirName: CN = t218 ++ DirName: CN = t219 ++ DirName: CN = t220 ++ DirName: CN = t221 ++ DirName: CN = t222 ++ DirName: CN = t223 ++ DirName: CN = t224 ++ DirName: CN = t225 ++ DirName: CN = t226 ++ DirName: CN = t227 ++ DirName: CN = t228 ++ DirName: CN = t229 ++ DirName: CN = t230 ++ DirName: CN = t231 ++ DirName: CN = t232 ++ DirName: CN = t233 ++ DirName: CN = t234 ++ DirName: CN = t235 ++ DirName: CN = t236 ++ DirName: CN = t237 ++ DirName: CN = t238 ++ DirName: CN = t239 ++ DirName: CN = t240 ++ DirName: CN = t241 ++ DirName: CN = t242 ++ DirName: CN = t243 ++ DirName: CN = t244 ++ DirName: CN = t245 ++ DirName: CN = t246 ++ DirName: CN = t247 ++ DirName: CN = t248 ++ DirName: CN = t249 ++ DirName: CN = t250 ++ DirName: CN = t251 ++ DirName: CN = t252 ++ DirName: CN = t253 ++ DirName: CN = t254 ++ DirName: CN = t255 ++ DirName: CN = t256 ++ DirName: CN = t257 ++ DirName: CN = t258 ++ DirName: CN = t259 ++ DirName: CN = t260 ++ DirName: CN = t261 ++ DirName: CN = t262 ++ DirName: CN = t263 ++ DirName: CN = t264 ++ DirName: CN = t265 ++ DirName: CN = t266 ++ DirName: CN = t267 ++ DirName: CN = t268 ++ DirName: CN = t269 ++ DirName: CN = t270 ++ DirName: CN = t271 ++ DirName: CN = t272 ++ DirName: CN = t273 ++ DirName: CN = t274 ++ DirName: CN = t275 ++ DirName: CN = t276 ++ DirName: CN = t277 ++ DirName: CN = t278 ++ DirName: CN = t279 ++ DirName: CN = t280 ++ DirName: CN = t281 ++ DirName: CN = t282 ++ DirName: CN = t283 ++ DirName: CN = t284 ++ DirName: CN = t285 ++ DirName: CN = t286 ++ DirName: CN = t287 ++ DirName: CN = t288 ++ DirName: CN = t289 ++ DirName: CN = t290 ++ DirName: CN = t291 ++ DirName: CN = t292 ++ DirName: CN = t293 ++ DirName: CN = t294 ++ DirName: CN = t295 ++ DirName: CN = t296 ++ DirName: CN = t297 ++ DirName: CN = t298 ++ DirName: CN = t299 ++ DirName: CN = t300 ++ DirName: CN = t301 ++ DirName: CN = t302 ++ DirName: CN = t303 ++ DirName: CN = t304 ++ DirName: CN = t305 ++ DirName: CN = t306 ++ DirName: CN = t307 ++ DirName: CN = t308 ++ DirName: CN = t309 ++ DirName: CN = t310 ++ DirName: CN = t311 ++ DirName: CN = t312 ++ DirName: CN = t313 ++ DirName: CN = t314 ++ DirName: CN = t315 ++ DirName: CN = t316 ++ DirName: CN = t317 ++ DirName: CN = t318 ++ DirName: CN = t319 ++ DirName: CN = t320 ++ DirName: CN = t321 ++ DirName: CN = t322 ++ DirName: CN = t323 ++ DirName: CN = t324 ++ DirName: CN = t325 ++ DirName: CN = t326 ++ DirName: CN = t327 ++ DirName: CN = t328 ++ DirName: CN = t329 ++ DirName: CN = t330 ++ DirName: CN = t331 ++ DirName: CN = t332 ++ DirName: CN = t333 ++ DirName: CN = t334 ++ DirName: CN = t335 ++ DirName: CN = t336 ++ DirName: CN = t337 ++ DirName: CN = t338 ++ DirName: CN = t339 ++ DirName: CN = t340 ++ DirName: CN = t341 ++ DirName: CN = t342 ++ DirName: CN = t343 ++ DirName: CN = t344 ++ DirName: CN = t345 ++ DirName: CN = t346 ++ DirName: CN = t347 ++ DirName: CN = t348 ++ DirName: CN = t349 ++ DirName: CN = t350 ++ DirName: CN = t351 ++ DirName: CN = t352 ++ DirName: CN = t353 ++ DirName: CN = t354 ++ DirName: CN = t355 ++ DirName: CN = t356 ++ DirName: CN = t357 ++ DirName: CN = t358 ++ DirName: CN = t359 ++ DirName: CN = t360 ++ DirName: CN = t361 ++ DirName: CN = t362 ++ DirName: CN = t363 ++ DirName: CN = t364 ++ DirName: CN = t365 ++ DirName: CN = t366 ++ DirName: CN = t367 ++ DirName: CN = t368 ++ DirName: CN = t369 ++ DirName: CN = t370 ++ DirName: CN = t371 ++ DirName: CN = t372 ++ DirName: CN = t373 ++ DirName: CN = t374 ++ DirName: CN = t375 ++ DirName: CN = t376 ++ DirName: CN = t377 ++ DirName: CN = t378 ++ DirName: CN = t379 ++ DirName: CN = t380 ++ DirName: CN = t381 ++ DirName: CN = t382 ++ DirName: CN = t383 ++ DirName: CN = t384 ++ DirName: CN = t385 ++ DirName: CN = t386 ++ DirName: CN = t387 ++ DirName: CN = t388 ++ DirName: CN = t389 ++ DirName: CN = t390 ++ DirName: CN = t391 ++ DirName: CN = t392 ++ DirName: CN = t393 ++ DirName: CN = t394 ++ DirName: CN = t395 ++ DirName: CN = t396 ++ DirName: CN = t397 ++ DirName: CN = t398 ++ DirName: CN = t399 ++ DirName: CN = t400 ++ DirName: CN = t401 ++ DirName: CN = t402 ++ DirName: CN = t403 ++ DirName: CN = t404 ++ DirName: CN = t405 ++ DirName: CN = t406 ++ DirName: CN = t407 ++ DirName: CN = t408 ++ DirName: CN = t409 ++ DirName: CN = t410 ++ DirName: CN = t411 ++ DirName: CN = t412 ++ DirName: CN = t413 ++ DirName: CN = t414 ++ DirName: CN = t415 ++ DirName: CN = t416 ++ DirName: CN = t417 ++ DirName: CN = t418 ++ DirName: CN = t419 ++ DirName: CN = t420 ++ DirName: CN = t421 ++ DirName: CN = t422 ++ DirName: CN = t423 ++ DirName: CN = t424 ++ DirName: CN = t425 ++ DirName: CN = t426 ++ DirName: CN = t427 ++ DirName: CN = t428 ++ DirName: CN = t429 ++ DirName: CN = t430 ++ DirName: CN = t431 ++ DirName: CN = t432 ++ DirName: CN = t433 ++ DirName: CN = t434 ++ DirName: CN = t435 ++ DirName: CN = t436 ++ DirName: CN = t437 ++ DirName: CN = t438 ++ DirName: CN = t439 ++ DirName: CN = t440 ++ DirName: CN = t441 ++ DirName: CN = t442 ++ DirName: CN = t443 ++ DirName: CN = t444 ++ DirName: CN = t445 ++ DirName: CN = t446 ++ DirName: CN = t447 ++ DirName: CN = t448 ++ DirName: CN = t449 ++ DirName: CN = t450 ++ DirName: CN = t451 ++ DirName: CN = t452 ++ DirName: CN = t453 ++ DirName: CN = t454 ++ DirName: CN = t455 ++ DirName: CN = t456 ++ DirName: CN = t457 ++ DirName: CN = t458 ++ DirName: CN = t459 ++ DirName: CN = t460 ++ DirName: CN = t461 ++ DirName: CN = t462 ++ DirName: CN = t463 ++ DirName: CN = t464 ++ DirName: CN = t465 ++ DirName: CN = t466 ++ DirName: CN = t467 ++ DirName: CN = t468 ++ DirName: CN = t469 ++ DirName: CN = t470 ++ DirName: CN = t471 ++ DirName: CN = t472 ++ DirName: CN = t473 ++ DirName: CN = t474 ++ DirName: CN = t475 ++ DirName: CN = t476 ++ DirName: CN = t477 ++ DirName: CN = t478 ++ DirName: CN = t479 ++ DirName: CN = t480 ++ DirName: CN = t481 ++ DirName: CN = t482 ++ DirName: CN = t483 ++ DirName: CN = t484 ++ DirName: CN = t485 ++ DirName: CN = t486 ++ DirName: CN = t487 ++ DirName: CN = t488 ++ DirName: CN = t489 ++ DirName: CN = t490 ++ DirName: CN = t491 ++ DirName: CN = t492 ++ DirName: CN = t493 ++ DirName: CN = t494 ++ DirName: CN = t495 ++ DirName: CN = t496 ++ DirName: CN = t497 ++ DirName: CN = t498 ++ DirName: CN = t499 ++ DirName: CN = t500 ++ DirName: CN = t501 ++ DirName: CN = t502 ++ DirName: CN = t503 ++ DirName: CN = t504 ++ DirName: CN = t505 ++ DirName: CN = t506 ++ DirName: CN = t507 ++ DirName: CN = t508 ++ DirName: CN = t509 ++ DirName: CN = t510 ++ DirName: CN = t511 ++ DirName: CN = t512 ++ DirName: CN = t513 ++ DirName: CN = t514 ++ DirName: CN = t515 ++ DirName: CN = t516 ++ DirName: CN = t517 ++ DirName: CN = t518 ++ DirName: CN = t519 ++ DirName: CN = t520 ++ DirName: CN = t521 ++ DirName: CN = t522 ++ DirName: CN = t523 ++ DirName: CN = t524 ++ DirName: CN = t525 ++ DirName: CN = t526 ++ DirName: CN = t527 ++ DirName: CN = t528 ++ DirName: CN = t529 ++ DirName: CN = t530 ++ DirName: CN = t531 ++ DirName: CN = t532 ++ DirName: CN = t533 ++ DirName: CN = t534 ++ DirName: CN = t535 ++ DirName: CN = t536 ++ DirName: CN = t537 ++ DirName: CN = t538 ++ DirName: CN = t539 ++ DirName: CN = t540 ++ DirName: CN = t541 ++ DirName: CN = t542 ++ DirName: CN = t543 ++ DirName: CN = t544 ++ DirName: CN = t545 ++ DirName: CN = t546 ++ DirName: CN = t547 ++ DirName: CN = t548 ++ DirName: CN = t549 ++ DirName: CN = t550 ++ DirName: CN = t551 ++ DirName: CN = t552 ++ DirName: CN = t553 ++ DirName: CN = t554 ++ DirName: CN = t555 ++ DirName: CN = t556 ++ DirName: CN = t557 ++ DirName: CN = t558 ++ DirName: CN = t559 ++ DirName: CN = t560 ++ DirName: CN = t561 ++ DirName: CN = t562 ++ DirName: CN = t563 ++ DirName: CN = t564 ++ DirName: CN = t565 ++ DirName: CN = t566 ++ DirName: CN = t567 ++ DirName: CN = t568 ++ DirName: CN = t569 ++ DirName: CN = t570 ++ DirName: CN = t571 ++ DirName: CN = t572 ++ DirName: CN = t573 ++ DirName: CN = t574 ++ DirName: CN = t575 ++ DirName: CN = t576 ++ DirName: CN = t577 ++ DirName: CN = t578 ++ DirName: CN = t579 ++ DirName: CN = t580 ++ DirName: CN = t581 ++ DirName: CN = t582 ++ DirName: CN = t583 ++ DirName: CN = t584 ++ DirName: CN = t585 ++ DirName: CN = t586 ++ DirName: CN = t587 ++ DirName: CN = t588 ++ DirName: CN = t589 ++ DirName: CN = t590 ++ DirName: CN = t591 ++ DirName: CN = t592 ++ DirName: CN = t593 ++ DirName: CN = t594 ++ DirName: CN = t595 ++ DirName: CN = t596 ++ DirName: CN = t597 ++ DirName: CN = t598 ++ DirName: CN = t599 ++ DirName: CN = t600 ++ DirName: CN = t601 ++ DirName: CN = t602 ++ DirName: CN = t603 ++ DirName: CN = t604 ++ DirName: CN = t605 ++ DirName: CN = t606 ++ DirName: CN = t607 ++ DirName: CN = t608 ++ DirName: CN = t609 ++ DirName: CN = t610 ++ DirName: CN = t611 ++ DirName: CN = t612 ++ DirName: CN = t613 ++ DirName: CN = t614 ++ DirName: CN = t615 ++ DirName: CN = t616 ++ DirName: CN = t617 ++ DirName: CN = t618 ++ DirName: CN = t619 ++ DirName: CN = t620 ++ DirName: CN = t621 ++ DirName: CN = t622 ++ DirName: CN = t623 ++ DirName: CN = t624 ++ DirName: CN = t625 ++ DirName: CN = t626 ++ DirName: CN = t627 ++ DirName: CN = t628 ++ DirName: CN = t629 ++ DirName: CN = t630 ++ DirName: CN = t631 ++ DirName: CN = t632 ++ DirName: CN = t633 ++ DirName: CN = t634 ++ DirName: CN = t635 ++ DirName: CN = t636 ++ DirName: CN = t637 ++ DirName: CN = t638 ++ DirName: CN = t639 ++ DirName: CN = t640 ++ DirName: CN = t641 ++ DirName: CN = t642 ++ DirName: CN = t643 ++ DirName: CN = t644 ++ DirName: CN = t645 ++ DirName: CN = t646 ++ DirName: CN = t647 ++ DirName: CN = t648 ++ DirName: CN = t649 ++ DirName: CN = t650 ++ DirName: CN = t651 ++ DirName: CN = t652 ++ DirName: CN = t653 ++ DirName: CN = t654 ++ DirName: CN = t655 ++ DirName: CN = t656 ++ DirName: CN = t657 ++ DirName: CN = t658 ++ DirName: CN = t659 ++ DirName: CN = t660 ++ DirName: CN = t661 ++ DirName: CN = t662 ++ DirName: CN = t663 ++ DirName: CN = t664 ++ DirName: CN = t665 ++ DirName: CN = t666 ++ DirName: CN = t667 ++ DirName: CN = t668 ++ DirName: CN = t669 ++ DirName: CN = t670 ++ DirName: CN = t671 ++ DirName: CN = t672 ++ DirName: CN = t673 ++ DirName: CN = t674 ++ DirName: CN = t675 ++ DirName: CN = t676 ++ DirName: CN = t677 ++ DirName: CN = t678 ++ DirName: CN = t679 ++ DirName: CN = t680 ++ DirName: CN = t681 ++ DirName: CN = t682 ++ DirName: CN = t683 ++ DirName: CN = t684 ++ DirName: CN = t685 ++ DirName: CN = t686 ++ DirName: CN = t687 ++ DirName: CN = t688 ++ DirName: CN = t689 ++ DirName: CN = t690 ++ DirName: CN = t691 ++ DirName: CN = t692 ++ DirName: CN = t693 ++ DirName: CN = t694 ++ DirName: CN = t695 ++ DirName: CN = t696 ++ DirName: CN = t697 ++ DirName: CN = t698 ++ DirName: CN = t699 ++ DirName: CN = t700 ++ DirName: CN = t701 ++ DirName: CN = t702 ++ DirName: CN = t703 ++ DirName: CN = t704 ++ DirName: CN = t705 ++ DirName: CN = t706 ++ DirName: CN = t707 ++ DirName: CN = t708 ++ DirName: CN = t709 ++ DirName: CN = t710 ++ DirName: CN = t711 ++ DirName: CN = t712 ++ DirName: CN = t713 ++ DirName: CN = t714 ++ DirName: CN = t715 ++ DirName: CN = t716 ++ DirName: CN = t717 ++ DirName: CN = t718 ++ DirName: CN = t719 ++ DirName: CN = t720 ++ DirName: CN = t721 ++ DirName: CN = t722 ++ DirName: CN = t723 ++ DirName: CN = t724 ++ DirName: CN = t725 ++ DirName: CN = t726 ++ DirName: CN = t727 ++ DirName: CN = t728 ++ DirName: CN = t729 ++ DirName: CN = t730 ++ DirName: CN = t731 ++ DirName: CN = t732 ++ DirName: CN = t733 ++ DirName: CN = t734 ++ DirName: CN = t735 ++ DirName: CN = t736 ++ DirName: CN = t737 ++ DirName: CN = t738 ++ DirName: CN = t739 ++ DirName: CN = t740 ++ DirName: CN = t741 ++ DirName: CN = t742 ++ DirName: CN = t743 ++ DirName: CN = t744 ++ DirName: CN = t745 ++ DirName: CN = t746 ++ DirName: CN = t747 ++ DirName: CN = t748 ++ DirName: CN = t749 ++ DirName: CN = t750 ++ DirName: CN = t751 ++ DirName: CN = t752 ++ DirName: CN = t753 ++ DirName: CN = t754 ++ DirName: CN = t755 ++ DirName: CN = t756 ++ DirName: CN = t757 ++ DirName: CN = t758 ++ DirName: CN = t759 ++ DirName: CN = t760 ++ DirName: CN = t761 ++ DirName: CN = t762 ++ DirName: CN = t763 ++ DirName: CN = t764 ++ DirName: CN = t765 ++ DirName: CN = t766 ++ DirName: CN = t767 ++ DirName: CN = t768 ++ DirName: CN = t769 ++ DirName: CN = t770 ++ DirName: CN = t771 ++ DirName: CN = t772 ++ DirName: CN = t773 ++ DirName: CN = t774 ++ DirName: CN = t775 ++ DirName: CN = t776 ++ DirName: CN = t777 ++ DirName: CN = t778 ++ DirName: CN = t779 ++ DirName: CN = t780 ++ DirName: CN = t781 ++ DirName: CN = t782 ++ DirName: CN = t783 ++ DirName: CN = t784 ++ DirName: CN = t785 ++ DirName: CN = t786 ++ DirName: CN = t787 ++ DirName: CN = t788 ++ DirName: CN = t789 ++ DirName: CN = t790 ++ DirName: CN = t791 ++ DirName: CN = t792 ++ DirName: CN = t793 ++ DirName: CN = t794 ++ DirName: CN = t795 ++ DirName: CN = t796 ++ DirName: CN = t797 ++ DirName: CN = t798 ++ DirName: CN = t799 ++ DirName: CN = t800 ++ DirName: CN = t801 ++ DirName: CN = t802 ++ DirName: CN = t803 ++ DirName: CN = t804 ++ DirName: CN = t805 ++ DirName: CN = t806 ++ DirName: CN = t807 ++ DirName: CN = t808 ++ DirName: CN = t809 ++ DirName: CN = t810 ++ DirName: CN = t811 ++ DirName: CN = t812 ++ DirName: CN = t813 ++ DirName: CN = t814 ++ DirName: CN = t815 ++ DirName: CN = t816 ++ DirName: CN = t817 ++ DirName: CN = t818 ++ DirName: CN = t819 ++ DirName: CN = t820 ++ DirName: CN = t821 ++ DirName: CN = t822 ++ DirName: CN = t823 ++ DirName: CN = t824 ++ DirName: CN = t825 ++ DirName: CN = t826 ++ DirName: CN = t827 ++ DirName: CN = t828 ++ DirName: CN = t829 ++ DirName: CN = t830 ++ DirName: CN = t831 ++ DirName: CN = t832 ++ DirName: CN = t833 ++ DirName: CN = t834 ++ DirName: CN = t835 ++ DirName: CN = t836 ++ DirName: CN = t837 ++ DirName: CN = t838 ++ DirName: CN = t839 ++ DirName: CN = t840 ++ DirName: CN = t841 ++ DirName: CN = t842 ++ DirName: CN = t843 ++ DirName: CN = t844 ++ DirName: CN = t845 ++ DirName: CN = t846 ++ DirName: CN = t847 ++ DirName: CN = t848 ++ DirName: CN = t849 ++ DirName: CN = t850 ++ DirName: CN = t851 ++ DirName: CN = t852 ++ DirName: CN = t853 ++ DirName: CN = t854 ++ DirName: CN = t855 ++ DirName: CN = t856 ++ DirName: CN = t857 ++ DirName: CN = t858 ++ DirName: CN = t859 ++ DirName: CN = t860 ++ DirName: CN = t861 ++ DirName: CN = t862 ++ DirName: CN = t863 ++ DirName: CN = t864 ++ DirName: CN = t865 ++ DirName: CN = t866 ++ DirName: CN = t867 ++ DirName: CN = t868 ++ DirName: CN = t869 ++ DirName: CN = t870 ++ DirName: CN = t871 ++ DirName: CN = t872 ++ DirName: CN = t873 ++ DirName: CN = t874 ++ DirName: CN = t875 ++ DirName: CN = t876 ++ DirName: CN = t877 ++ DirName: CN = t878 ++ DirName: CN = t879 ++ DirName: CN = t880 ++ DirName: CN = t881 ++ DirName: CN = t882 ++ DirName: CN = t883 ++ DirName: CN = t884 ++ DirName: CN = t885 ++ DirName: CN = t886 ++ DirName: CN = t887 ++ DirName: CN = t888 ++ DirName: CN = t889 ++ DirName: CN = t890 ++ DirName: CN = t891 ++ DirName: CN = t892 ++ DirName: CN = t893 ++ DirName: CN = t894 ++ DirName: CN = t895 ++ DirName: CN = t896 ++ DirName: CN = t897 ++ DirName: CN = t898 ++ DirName: CN = t899 ++ DirName: CN = t900 ++ DirName: CN = t901 ++ DirName: CN = t902 ++ DirName: CN = t903 ++ DirName: CN = t904 ++ DirName: CN = t905 ++ DirName: CN = t906 ++ DirName: CN = t907 ++ DirName: CN = t908 ++ DirName: CN = t909 ++ DirName: CN = t910 ++ DirName: CN = t911 ++ DirName: CN = t912 ++ DirName: CN = t913 ++ DirName: CN = t914 ++ DirName: CN = t915 ++ DirName: CN = t916 ++ DirName: CN = t917 ++ DirName: CN = t918 ++ DirName: CN = t919 ++ DirName: CN = t920 ++ DirName: CN = t921 ++ DirName: CN = t922 ++ DirName: CN = t923 ++ DirName: CN = t924 ++ DirName: CN = t925 ++ DirName: CN = t926 ++ DirName: CN = t927 ++ DirName: CN = t928 ++ DirName: CN = t929 ++ DirName: CN = t930 ++ DirName: CN = t931 ++ DirName: CN = t932 ++ DirName: CN = t933 ++ DirName: CN = t934 ++ DirName: CN = t935 ++ DirName: CN = t936 ++ DirName: CN = t937 ++ DirName: CN = t938 ++ DirName: CN = t939 ++ DirName: CN = t940 ++ DirName: CN = t941 ++ DirName: CN = t942 ++ DirName: CN = t943 ++ DirName: CN = t944 ++ DirName: CN = t945 ++ DirName: CN = t946 ++ DirName: CN = t947 ++ DirName: CN = t948 ++ DirName: CN = t949 ++ DirName: CN = t950 ++ DirName: CN = t951 ++ DirName: CN = t952 ++ DirName: CN = t953 ++ DirName: CN = t954 ++ DirName: CN = t955 ++ DirName: CN = t956 ++ DirName: CN = t957 ++ DirName: CN = t958 ++ DirName: CN = t959 ++ DirName: CN = t960 ++ DirName: CN = t961 ++ DirName: CN = t962 ++ DirName: CN = t963 ++ DirName: CN = t964 ++ DirName: CN = t965 ++ DirName: CN = t966 ++ DirName: CN = t967 ++ DirName: CN = t968 ++ DirName: CN = t969 ++ DirName: CN = t970 ++ DirName: CN = t971 ++ DirName: CN = t972 ++ DirName: CN = t973 ++ DirName: CN = t974 ++ DirName: CN = t975 ++ DirName: CN = t976 ++ DirName: CN = t977 ++ DirName: CN = t978 ++ DirName: CN = t979 ++ DirName: CN = t980 ++ DirName: CN = t981 ++ DirName: CN = t982 ++ DirName: CN = t983 ++ DirName: CN = t984 ++ DirName: CN = t985 ++ DirName: CN = t986 ++ DirName: CN = t987 ++ DirName: CN = t988 ++ DirName: CN = t989 ++ DirName: CN = t990 ++ DirName: CN = t991 ++ DirName: CN = t992 ++ DirName: CN = t993 ++ DirName: CN = t994 ++ DirName: CN = t995 ++ DirName: CN = t996 ++ DirName: CN = t997 ++ DirName: CN = t998 ++ DirName: CN = t999 ++ DirName: CN = t1000 ++ DirName: CN = t1001 ++ DirName: CN = t1002 ++ DirName: CN = t1003 ++ DirName: CN = t1004 ++ DirName: CN = t1005 ++ DirName: CN = t1006 ++ DirName: CN = t1007 ++ DirName: CN = t1008 ++ DirName: CN = t1009 ++ DirName: CN = t1010 ++ DirName: CN = t1011 ++ DirName: CN = t1012 ++ DirName: CN = t1013 ++ DirName: CN = t1014 ++ DirName: CN = t1015 ++ DirName: CN = t1016 ++ DirName: CN = t1017 ++ DirName: CN = t1018 ++ DirName: CN = t1019 ++ DirName: CN = t1020 ++ DirName: CN = t1021 ++ DirName: CN = t1022 ++ DirName: CN = t1023 ++ DirName: CN = t1024 + + Signature Algorithm: sha256WithRSAEncryption + 12:ce:60:d6:3b:b5:7e:7a:8e:9e:d0:f5:fd:a8:8a:33:24:95: +@@ -2070,7 +2070,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem +index c2b90f8160687..b6f3f79705072 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of excluded DNS name + constraints and DNS names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d6 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -334,7 +334,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f8 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -1729,7 +1729,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem +index 2ec9a87d02f73..a11fcc874efab 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of permitted DNS name + constraints and DNS names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d9 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -334,7 +334,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fb +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -1729,7 +1729,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem +index 1199678d26041..9a0ca5bd26a5b 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of excluded IP name + constraints and IP names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d7 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -229,7 +229,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f9 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -1604,7 +1604,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +diff --git a/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem b/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem +index efdbd5eaca095..56bc9c89c4c42 100644 +--- a/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem ++++ b/net/data/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem +@@ -1,4 +1,4 @@ +-[Created by: generate-chains.py] ++[Created by: ./generate-chains.py] + + A chain containing a large number of permitted IP name + constraints and IP names, above the limit. +@@ -8,7 +8,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:da +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -229,7 +229,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fc +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +@@ -1604,7 +1604,7 @@ Certificate: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 +- Signature Algorithm: sha256WithRSAEncryption ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT +-- +2.41.0.162.gfafddb0af9-goog + diff --git a/pki/patches/0002-Conditionalize-the-use-of-DVLOG-LOG-in-path-builder-.patch b/pki/patches/0002-Conditionalize-the-use-of-DVLOG-LOG-in-path-builder-.patch new file mode 100644 index 0000000000..11e629567c --- /dev/null +++ b/pki/patches/0002-Conditionalize-the-use-of-DVLOG-LOG-in-path-builder-.patch @@ -0,0 +1,221 @@ +From 8776d775ed86427e37b17ce1ea4728e99cb45275 Mon Sep 17 00:00:00 2001 +From: Bob Beck +Date: Thu, 1 Jun 2023 10:54:40 +0200 +Subject: [PATCH 2/3] Conditionalize the use of DVLOG/LOG in path builder on + DVLOG existing + +--- + net/cert/pki/path_builder.cc | 35 +++++++++++++++++++++ + net/cert/pki/path_builder_pkits_unittest.cc | 2 ++ + 2 files changed, 37 insertions(+) + +diff --git a/net/cert/pki/path_builder.cc b/net/cert/pki/path_builder.cc +index c373c8d4cda99..8b84fca03e962 100644 +--- a/net/cert/pki/path_builder.cc ++++ b/net/cert/pki/path_builder.cc +@@ -37,6 +37,7 @@ std::string FingerPrintParsedCertificate(const net::ParsedCertificate* cert) { + } + + // TODO(mattm): decide how much debug logging to keep. ++// TODO(bbe): perhaps none - currently conditionalizing on DVLOG.. + std::string CertDebugString(const ParsedCertificate* cert) { + RDNSequence subject; + std::string subject_str; +@@ -47,6 +48,7 @@ std::string CertDebugString(const ParsedCertificate* cert) { + return FingerPrintParsedCertificate(cert) + " " + subject_str; + } + ++#if defined(DVLOG) + std::string PathDebugString(const ParsedCertificateList& certs) { + std::string s; + for (const auto& cert : certs) { +@@ -56,6 +58,7 @@ std::string PathDebugString(const ParsedCertificateList& certs) { + } + return s; + } ++#endif + + // This structure describes a certificate and its trust level. Note that |cert| + // may be null to indicate an "empty" entry. +@@ -249,7 +252,9 @@ CertIssuersIter::CertIssuersIter( + cert_issuer_sources_(cert_issuer_sources), + trust_store_(trust_store), + debug_data_(debug_data) { ++#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter created for " << CertDebugString(cert()); ++#endif + } + + void CertIssuersIter::GetNextIssuer(IssuerEntry* out) { +@@ -289,8 +294,10 @@ void CertIssuersIter::GetNextIssuer(IssuerEntry* out) { + if (HasCurrentIssuer()) { + SortRemainingIssuers(); + ++#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter returning issuer " << cur_issuer_ << " of " + << issuers_.size() << " for " << CertDebugString(cert()); ++#endif + // Still have issuers that haven't been returned yet, return the highest + // priority one (head of remaining list). A reference to the returned issuer + // is retained, since |present_issuers_| points to data owned by it. +@@ -298,8 +305,10 @@ void CertIssuersIter::GetNextIssuer(IssuerEntry* out) { + return; + } + ++#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter reached the end of all available issuers for " + << CertDebugString(cert()); ++#endif + // Reached the end of all available issuers. + *out = IssuerEntry(); + } +@@ -331,7 +340,9 @@ void CertIssuersIter::DoAsyncIssuerQuery() { + std::unique_ptr request; + cert_issuer_source->AsyncGetIssuersOf(cert(), &request); + if (request) { ++#if defined(DVLOG) + DVLOG(1) << "AsyncGetIssuersOf pending for " << CertDebugString(cert()); ++#endif + pending_async_requests_.push_back(std::move(request)); + } + } +@@ -558,16 +569,20 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + cur_path_.Length() >= max_path_building_depth) { + cur_path_.CopyPath(out_certs); + out_errors->GetOtherErrors()->AddError(cert_errors::kDepthLimitExceeded); ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter reached depth limit. Returning partial path " + "and backtracking:\n" + << PathDebugString(*out_certs); ++#endif + cur_path_.Pop(); + return true; + } + + if (!next_issuer_.cert) { + if (cur_path_.Empty()) { ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter exhausted all paths..."; ++#endif + return false; + } + +@@ -587,14 +602,18 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + cur_path_.CopyPath(out_certs); + out_errors->GetErrorsForCert(out_certs->size() - 1) + ->AddError(cert_errors::kNoIssuersFound); ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter returning partial path and backtracking:\n" + << PathDebugString(*out_certs); ++#endif + cur_path_.Pop(); + return true; + } else { + // No more issuers for current chain, go back up and see if there are + // any more for the previous cert. ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter backtracking..."; ++#endif + cur_path_.Pop(); + continue; + } +@@ -610,7 +629,9 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + // unspecified trust. This may allow a successful path to be built to a + // different root (or to the same cert if it's self-signed). + if (cur_path_.Empty()) { ++#if defined(DVLOG) + DVLOG(1) << "Leaf is a trust anchor, considering as UNSPECIFIED"; ++#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; +@@ -619,7 +640,9 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + // unspecified trust. This may allow a successful path to be built to a + // trusted root. + if (!cur_path_.Empty()) { ++#if defined(DVLOG) + DVLOG(1) << "Issuer is a trust leaf, considering as UNSPECIFIED"; ++#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; +@@ -639,8 +662,10 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + !VerifyCertificateIsSelfSigned(*next_issuer_.cert, + delegate->GetVerifyCache(), + /*errors=*/nullptr)) { ++#if defined(DVLOG) + DVLOG(1) << "Leaf is trusted with require_leaf_selfsigned but is " + "not self-signed, considering as UNSPECIFIED"; ++#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; +@@ -660,12 +685,16 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + case CertificateTrustType::TRUSTED_LEAF: { + // If the issuer has a known trust level, can stop building the path. ++#if defined(DVLOG) + DVLOG(2) << "CertPathIter got anchor: " + << CertDebugString(next_issuer_.cert.get()); ++#endif + cur_path_.CopyPath(out_certs); + out_certs->push_back(std::move(next_issuer_.cert)); ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter returning path:\n" + << PathDebugString(*out_certs); ++#endif + *out_last_cert_trust = next_issuer_.trust; + next_issuer_ = IssuerEntry(); + return true; +@@ -674,8 +703,10 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + // Skip this cert if it is already in the chain. + if (cur_path_.IsPresent(next_issuer_.cert.get())) { + cur_path_.back()->increment_skipped_issuer_count(); ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter skipping dupe cert: " + << CertDebugString(next_issuer_.cert.get()); ++#endif + next_issuer_ = IssuerEntry(); + continue; + } +@@ -684,7 +715,9 @@ bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + std::move(next_issuer_.cert), &cert_issuer_sources_, trust_store_, + debug_data_)); + next_issuer_ = IssuerEntry(); ++#if defined(DVLOG) + DVLOG(1) << "CertPathIter cur_path_ =\n" << cur_path_.PathDebugString(); ++#endif + // Continue descending the tree. + continue; + } +@@ -832,8 +865,10 @@ CertPathBuilder::Result CertPathBuilder::Run() { + &result_path->user_constrained_policy_set, &result_path->errors); + } + ++#if defined(DVLOG) + DVLOG(1) << "CertPathBuilder VerifyCertificateChain errors:\n" + << result_path->errors.ToDebugString(result_path->certs); ++#endif + + // Give the delegate a chance to add errors to the path. + delegate_->CheckPathAfterVerification(*this, result_path.get()); +diff --git a/net/cert/pki/path_builder_pkits_unittest.cc b/net/cert/pki/path_builder_pkits_unittest.cc +index 090cce0cbd52b..c8fd0bd993996 100644 +--- a/net/cert/pki/path_builder_pkits_unittest.cc ++++ b/net/cert/pki/path_builder_pkits_unittest.cc +@@ -232,10 +232,12 @@ class PathBuilderPkitsTestDelegate { + + if (info.should_validate != result.HasValidPath()) { + for (size_t i = 0; i < result.paths.size(); ++i) { ++#if defined(DVLOG) + const net::CertPathBuilderResultPath* result_path = + result.paths[i].get(); + LOG(ERROR) << "path " << i << " errors:\n" + << result_path->errors.ToDebugString(result_path->certs); ++#endif + } + } + +-- +2.41.0.162.gfafddb0af9-goog + diff --git a/pki/patches/0003-disable-path-builder-tests-with-unsupported-dependen.patch b/pki/patches/0003-disable-path-builder-tests-with-unsupported-dependen.patch new file mode 100644 index 0000000000..c9b175386d --- /dev/null +++ b/pki/patches/0003-disable-path-builder-tests-with-unsupported-dependen.patch @@ -0,0 +1,112 @@ +From 9a38f227afca29cb3e373ca973d2f68126a0145e Mon Sep 17 00:00:00 2001 +From: Bob Beck +Date: Fri, 2 Jun 2023 11:08:50 +0200 +Subject: [PATCH 3/3] disable path builder tests with unsupported dependencies + +--- + net/cert/pki/path_builder_unittest.cc | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/net/cert/pki/path_builder_unittest.cc b/net/cert/pki/path_builder_unittest.cc +index d2cf0626cd474..112d0cafd811b 100644 +--- a/net/cert/pki/path_builder_unittest.cc ++++ b/net/cert/pki/path_builder_unittest.cc +@@ -34,6 +34,7 @@ namespace net { + + namespace { + ++#if !defined(_BORINGSSL_LIBPKI_) + using ::testing::_; + using ::testing::ElementsAre; + using ::testing::Exactly; +@@ -43,6 +44,7 @@ using ::testing::Return; + using ::testing::SaveArg; + using ::testing::SetArgPointee; + using ::testing::StrictMock; ++#endif // !_BORINGSSL_LIBPKI_ + + class TestPathBuilderDelegate : public SimplePathBuilderDelegate { + public: +@@ -161,6 +163,7 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource { + } + + const void* kKey = &kKey; ++#if !defined(_BORINGSSL_LIBPKI_) + class TrustStoreThatStoresUserData : public TrustStore { + public: + class Data : public base::SupportsUserData::Data { +@@ -202,6 +205,7 @@ TEST(PathBuilderResultUserDataTest, ModifyUserDataInConstructor) { + ASSERT_TRUE(data); + EXPECT_EQ(1234, data->value); + } ++#endif // !_BORINGSSL_LIBPKI_ + + class PathBuilderMultiRootTest : public ::testing::Test { + public: +@@ -1566,6 +1570,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { + EXPECT_EQ(newroot_->der_cert(), path.certs[2]->der_cert()); + } + ++#if !defined(_BORINGSSL_LIBPKI_) + class MockCertIssuerSourceRequest : public CertIssuerSource::Request { + public: + MOCK_METHOD2(GetNext, void(ParsedCertificateList*, base::SupportsUserData*)); +@@ -1578,6 +1583,7 @@ class MockCertIssuerSource : public CertIssuerSource { + MOCK_METHOD2(AsyncGetIssuersOf, + void(const ParsedCertificate*, std::unique_ptr*)); + }; ++#endif // !_BORINGSSL_LIBPKI_ + + // Helper class to pass the Request to the PathBuilder when it calls + // AsyncGetIssuersOf. (GoogleMock has a ByMove helper, but it apparently can +@@ -1613,6 +1619,7 @@ class AppendCertToList { + std::shared_ptr cert_; + }; + ++#if !defined(_BORINGSSL_LIBPKI_) + // Test that a single CertIssuerSource returning multiple async batches of + // issuers is handled correctly. Due to the StrictMocks, it also tests that path + // builder does not request issuers of certs that it shouldn't. +@@ -1782,6 +1789,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(newroot_, path1.certs[2]); + } ++#endif // !_BORINGSSL_LIBPKI_ + + class PathBuilderSimpleChainTest : public ::testing::Test { + public: +@@ -1936,6 +1944,7 @@ class CertPathBuilderDelegateBase : public SimplePathBuilderDelegate { + } + }; + ++#if !defined(_BORINGSSL_LIBPKI_) + class MockPathBuilderDelegate : public CertPathBuilderDelegateBase { + public: + MOCK_METHOD2(CheckPathAfterVerification, +@@ -1951,6 +1960,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, NoOpToValidPath) { + CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate); + EXPECT_TRUE(result.HasValidPath()); + } ++#endif // !_BORINGSSL_LIBPKI_ + + DEFINE_CERT_ERROR_ID(kWarningFromDelegate, "Warning from delegate"); + +@@ -2002,6 +2012,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) { + EXPECT_TRUE(cert2_errors->ContainsError(kErrorFromDelegate)); + } + ++#if !defined(_BORINGSSL_LIBPKI_) + TEST_F(PathBuilderCheckPathAfterVerificationTest, NoopToAlreadyInvalidPath) { + StrictMock delegate; + // Just verify that the hook is called (on an invalid path). +@@ -2034,6 +2045,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, SetsDelegateData) { + + EXPECT_EQ(0xB33F, data->value); + } ++#endif // !_BORINGSSL_LIBPKI_ + + TEST(PathBuilderPrioritizationTest, DatePrioritization) { + std::string test_dir = +-- +2.41.0.162.gfafddb0af9-goog + diff --git a/pki/path_builder.cc b/pki/path_builder.cc new file mode 100644 index 0000000000..9624598a9f --- /dev/null +++ b/pki/path_builder.cc @@ -0,0 +1,914 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "path_builder.h" + +#include +#include +#include +#include + +#include "fillins/net_errors.h" + +#include "cert_issuer_source.h" +#include "certificate_policies.h" +#include "common_cert_errors.h" +#include "parse_certificate.h" +#include "parse_name.h" // For CertDebugString. +#include "string_util.h" +#include "trust_store.h" +#include "verify_certificate_chain.h" +#include "verify_name_match.h" +#include "parser.h" +#include "tag.h" +#include + +namespace bssl { + +namespace { + +using CertIssuerSources = std::vector; + +// Returns a hex-encoded sha256 of the DER-encoding of |cert|. +std::string FingerPrintParsedCertificate(const ParsedCertificate* cert) { + uint8_t digest[SHA256_DIGEST_LENGTH]; + SHA256(cert->der_cert().UnsafeData(), cert->der_cert().Length(), digest); + return bssl::string_util::HexEncode(digest, sizeof(digest)); +} + +// TODO(mattm): decide how much debug logging to keep. +// TODO(bbe): perhaps none - currently conditionalizing on DVLOG.. +std::string CertDebugString(const ParsedCertificate* cert) { + RDNSequence subject; + std::string subject_str; + if (!ParseName(cert->tbs().subject_tlv, &subject) || + !ConvertToRFC2253(subject, &subject_str)) + subject_str = "???"; + + return FingerPrintParsedCertificate(cert) + " " + subject_str; +} + +#if defined(DVLOG) +std::string PathDebugString(const ParsedCertificateList& certs) { + std::string s; + for (const auto& cert : certs) { + if (!s.empty()) + s += "\n"; + s += " " + CertDebugString(cert.get()); + } + return s; +} +#endif + +// This structure describes a certificate and its trust level. Note that |cert| +// may be null to indicate an "empty" entry. +struct IssuerEntry { + std::shared_ptr cert; + CertificateTrust trust; + int trust_and_key_id_match_ordering; +}; + +enum KeyIdentifierMatch { + // |target| has a keyIdentifier and it matches |issuer|'s + // subjectKeyIdentifier. + kMatch = 0, + // |target| does not have authorityKeyIdentifier or |issuer| does not have + // subjectKeyIdentifier. + kNoData = 1, + // |target|'s authorityKeyIdentifier does not match |issuer|. + kMismatch = 2, +}; + +// Returns an integer that represents the relative ordering of |issuer| for +// prioritizing certificates in path building based on |issuer|'s +// subjectKeyIdentifier and |target|'s authorityKeyIdentifier. Lower return +// values indicate higer priority. +KeyIdentifierMatch CalculateKeyIdentifierMatch( + const ParsedCertificate* target, + const ParsedCertificate* issuer) { + if (!target->authority_key_identifier()) + return kNoData; + + // TODO(crbug.com/635205): If issuer does not have a subjectKeyIdentifier, + // could try synthesizing one using the standard SHA-1 method. Ideally in a + // way where any issuers that do have a matching subjectKeyIdentifier could + // be tried first before doing the extra work. + if (target->authority_key_identifier()->key_identifier && + issuer->subject_key_identifier()) { + if (target->authority_key_identifier()->key_identifier != + issuer->subject_key_identifier().value()) { + return kMismatch; + } + return kMatch; + } + + return kNoData; +} + +// Returns an integer that represents the relative ordering of |issuer| based +// on |issuer_trust| and authorityKeyIdentifier matching for prioritizing +// certificates in path building. Lower return values indicate higer priority. +int TrustAndKeyIdentifierMatchToOrder(const ParsedCertificate* target, + const ParsedCertificate* issuer, + const CertificateTrust& issuer_trust) { + enum { + kTrustedAndKeyIdMatch = 0, + kTrustedAndKeyIdNoData = 1, + kKeyIdMatch = 2, + kKeyIdNoData = 3, + kTrustedAndKeyIdMismatch = 4, + kKeyIdMismatch = 5, + kDistrustedAndKeyIdMatch = 6, + kDistrustedAndKeyIdNoData = 7, + kDistrustedAndKeyIdMismatch = 8, + }; + + KeyIdentifierMatch key_id_match = CalculateKeyIdentifierMatch(target, issuer); + switch (issuer_trust.type) { + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + switch (key_id_match) { + case kMatch: + return kTrustedAndKeyIdMatch; + case kNoData: + return kTrustedAndKeyIdNoData; + case kMismatch: + return kTrustedAndKeyIdMismatch; + } + break; + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_LEAF: + switch (key_id_match) { + case kMatch: + return kKeyIdMatch; + case kNoData: + return kKeyIdNoData; + case kMismatch: + return kKeyIdMismatch; + } + break; + case CertificateTrustType::DISTRUSTED: + switch (key_id_match) { + case kMatch: + return kDistrustedAndKeyIdMatch; + case kNoData: + return kDistrustedAndKeyIdNoData; + case kMismatch: + return kDistrustedAndKeyIdMismatch; + } + break; + } + assert(0); // NOTREACHED + return -1; +} + +// CertIssuersIter iterates through the intermediates from |cert_issuer_sources| +// which may be issuers of |cert|. +class CertIssuersIter { + public: + // Constructs the CertIssuersIter. |*cert_issuer_sources|, |*trust_store|, + // and |*debug_data| must be valid for the lifetime of the CertIssuersIter. + CertIssuersIter(std::shared_ptr cert, + CertIssuerSources* cert_issuer_sources, + TrustStore* trust_store, + void* debug_data); + + CertIssuersIter(const CertIssuersIter&) = delete; + CertIssuersIter& operator=(const CertIssuersIter&) = delete; + + // Gets the next candidate issuer, or clears |*out| when all issuers have been + // exhausted. + void GetNextIssuer(IssuerEntry* out); + + // Returns true if candidate issuers were found for |cert_|. + bool had_non_skipped_issuers() const { + return issuers_.size() > skipped_issuer_count_; + } + + void increment_skipped_issuer_count() { skipped_issuer_count_++; } + + // Returns the |cert| for which issuers are being retrieved. + const ParsedCertificate* cert() const { return cert_.get(); } + std::shared_ptr reference_cert() const { + return cert_; + } + + private: + void AddIssuers(ParsedCertificateList issuers); + void DoAsyncIssuerQuery(); + + // Returns true if |issuers_| contains unconsumed certificates. + bool HasCurrentIssuer() const { return cur_issuer_ < issuers_.size(); } + + // Sorts the remaining entries in |issuers_| in the preferred order to + // explore. Does not change the ordering for indices before cur_issuer_. + void SortRemainingIssuers(); + + std::shared_ptr cert_; + CertIssuerSources* cert_issuer_sources_; + TrustStore* trust_store_; + + // The list of issuers for |cert_|. This is added to incrementally (first + // synchronous results, then possibly multiple times as asynchronous results + // arrive.) The issuers may be re-sorted each time new issuers are added, but + // only the results from |cur_| onwards should be sorted, since the earlier + // results were already returned. + // Elements should not be removed from |issuers_| once added, since + // |present_issuers_| will point to data owned by the certs. + std::vector issuers_; + // The index of the next cert in |issuers_| to return. + size_t cur_issuer_ = 0; + // The number of issuers that were skipped due to the loop checker. + size_t skipped_issuer_count_ = 0; + // Set to true whenever new issuers are appended at the end, to indicate the + // ordering needs to be checked. + bool issuers_needs_sort_ = false; + + // Set of DER-encoded values for the certs in |issuers_|. Used to prevent + // duplicates. This is based on the full DER of the cert to allow different + // versions of the same certificate to be tried in different candidate paths. + // This points to data owned by |issuers_|. + std::unordered_set present_issuers_; + + // Tracks which requests have been made yet. + bool did_initial_query_ = false; + bool did_async_issuer_query_ = false; + // Index into pending_async_requests_ that is the next one to process. + size_t cur_async_request_ = 0; + // Owns the Request objects for any asynchronous requests so that they will be + // cancelled if CertIssuersIter is destroyed. + std::vector> + pending_async_requests_; + + void* debug_data_; +}; + +CertIssuersIter::CertIssuersIter( + std::shared_ptr in_cert, + CertIssuerSources* cert_issuer_sources, + TrustStore* trust_store, + void* debug_data) + : cert_(std::move(in_cert)), + cert_issuer_sources_(cert_issuer_sources), + trust_store_(trust_store), + debug_data_(debug_data) { +#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter created for " << CertDebugString(cert()); +#endif +} + +void CertIssuersIter::GetNextIssuer(IssuerEntry* out) { + if (!did_initial_query_) { + did_initial_query_ = true; + for (auto* cert_issuer_source : *cert_issuer_sources_) { + ParsedCertificateList new_issuers; + cert_issuer_source->SyncGetIssuersOf(cert(), &new_issuers); + AddIssuers(std::move(new_issuers)); + } + } + + // If there aren't any issuers, block until async results are ready. + if (!HasCurrentIssuer()) { + if (!did_async_issuer_query_) { + // Now issue request(s) for async ones (AIA, etc). + DoAsyncIssuerQuery(); + } + + // TODO(eroman): Rather than blocking on the async requests in FIFO order, + // consume in the order they become ready. + while (!HasCurrentIssuer() && + cur_async_request_ < pending_async_requests_.size()) { + ParsedCertificateList new_issuers; + pending_async_requests_[cur_async_request_]->GetNext(&new_issuers, + debug_data_); + if (new_issuers.empty()) { + // Request is exhausted, no more results pending from that + // CertIssuerSource. + pending_async_requests_[cur_async_request_++].reset(); + } else { + AddIssuers(std::move(new_issuers)); + } + } + } + + if (HasCurrentIssuer()) { + SortRemainingIssuers(); + +#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter returning issuer " << cur_issuer_ << " of " + << issuers_.size() << " for " << CertDebugString(cert()); +#endif + // Still have issuers that haven't been returned yet, return the highest + // priority one (head of remaining list). A reference to the returned issuer + // is retained, since |present_issuers_| points to data owned by it. + *out = issuers_[cur_issuer_++]; + return; + } + +#if defined(DVLOG) + DVLOG(2) << "CertIssuersIter reached the end of all available issuers for " + << CertDebugString(cert()); +#endif + // Reached the end of all available issuers. + *out = IssuerEntry(); +} + +void CertIssuersIter::AddIssuers(ParsedCertificateList new_issuers) { + for (std::shared_ptr& issuer : new_issuers) { + if (present_issuers_.find(issuer->der_cert().AsStringView()) != + present_issuers_.end()) + continue; + present_issuers_.insert(issuer->der_cert().AsStringView()); + + // Look up the trust for this issuer. + IssuerEntry entry; + entry.cert = std::move(issuer); + entry.trust = trust_store_->GetTrust(entry.cert.get(), debug_data_); + entry.trust_and_key_id_match_ordering = TrustAndKeyIdentifierMatchToOrder( + cert(), entry.cert.get(), entry.trust); + + issuers_.push_back(std::move(entry)); + issuers_needs_sort_ = true; + } +} + +void CertIssuersIter::DoAsyncIssuerQuery() { + DCHECK(!did_async_issuer_query_); + did_async_issuer_query_ = true; + cur_async_request_ = 0; + for (auto* cert_issuer_source : *cert_issuer_sources_) { + std::unique_ptr request; + cert_issuer_source->AsyncGetIssuersOf(cert(), &request); + if (request) { +#if defined(DVLOG) + DVLOG(1) << "AsyncGetIssuersOf pending for " << CertDebugString(cert()); +#endif + pending_async_requests_.push_back(std::move(request)); + } + } +} + +void CertIssuersIter::SortRemainingIssuers() { + if (!issuers_needs_sort_) + return; + + std::stable_sort( + issuers_.begin() + cur_issuer_, issuers_.end(), + [](const IssuerEntry& issuer1, const IssuerEntry& issuer2) { + // TODO(crbug.com/635205): Add other prioritization hints. (See big list + // of possible sorting hints in RFC 4158.) + const bool issuer1_self_issued = issuer1.cert->normalized_subject() == + issuer1.cert->normalized_issuer(); + const bool issuer2_self_issued = issuer2.cert->normalized_subject() == + issuer2.cert->normalized_issuer(); + return std::tie(issuer1.trust_and_key_id_match_ordering, + issuer2_self_issued, + // Newer(larger) notBefore & notAfter dates are + // preferred, hence |issuer2| is on the LHS of + // the comparison and |issuer1| on the RHS. + issuer2.cert->tbs().validity_not_before, + issuer2.cert->tbs().validity_not_after) < + std::tie(issuer2.trust_and_key_id_match_ordering, + issuer1_self_issued, + issuer1.cert->tbs().validity_not_before, + issuer1.cert->tbs().validity_not_after); + }); + + issuers_needs_sort_ = false; +} + +// CertIssuerIterPath tracks which certs are present in the path and prevents +// paths from being built which repeat any certs (including different versions +// of the same cert, based on Subject+SubjectAltName+SPKI). +// (RFC 5280 forbids duplicate certificates per section 6.1, and RFC 4158 +// further recommends disallowing the same Subject+SubjectAltName+SPKI in +// section 2.4.2.) +class CertIssuerIterPath { + public: + // Returns true if |cert| is already present in the path. + bool IsPresent(const ParsedCertificate* cert) const { + return present_certs_.find(GetKey(cert)) != present_certs_.end(); + } + + // Appends |cert_issuers_iter| to the path. The cert referred to by + // |cert_issuers_iter| must not be present in the path already. + void Append(std::unique_ptr cert_issuers_iter) { + bool added = + present_certs_.insert(GetKey(cert_issuers_iter->cert())).second; + DCHECK(added); + cur_path_.push_back(std::move(cert_issuers_iter)); + } + + // Pops the last CertIssuersIter off the path. + void Pop() { + size_t num_erased = present_certs_.erase(GetKey(cur_path_.back()->cert())); + DCHECK_EQ(num_erased, 1U); + cur_path_.pop_back(); + } + + // Copies the ParsedCertificate elements of the current path to |*out_path|. + void CopyPath(ParsedCertificateList* out_path) { + out_path->clear(); + for (const auto& node : cur_path_) + out_path->push_back(node->reference_cert()); + } + + // Returns true if the path is empty. + bool Empty() const { return cur_path_.empty(); } + + // Returns the last CertIssuersIter in the path. + CertIssuersIter* back() { return cur_path_.back().get(); } + + // Returns the length of the path. + size_t Length() const { return cur_path_.size(); } + + std::string PathDebugString() { + std::string s; + for (const auto& node : cur_path_) { + if (!s.empty()) + s += "\n"; + s += " " + CertDebugString(node->cert()); + } + return s; + } + + private: + using Key = std::tuple; + + static Key GetKey(const ParsedCertificate* cert) { + // TODO(mattm): ideally this would use a normalized version of + // SubjectAltName, but it's not that important just for LoopChecker. + // + // Note that subject_alt_names_extension().value will be empty if the cert + // had no SubjectAltName extension, so there is no need for a condition on + // has_subject_alt_names(). + return Key(cert->normalized_subject().AsStringView(), + cert->subject_alt_names_extension().value.AsStringView(), + cert->tbs().spki_tlv.AsStringView()); + } + + std::vector> cur_path_; + + // This refers to data owned by |cur_path_|. + // TODO(mattm): use unordered_set. Requires making a hash function for Key. + std::set present_certs_; +}; + +} // namespace + +const ParsedCertificate* CertPathBuilderResultPath::GetTrustedCert() const { + if (certs.empty()) + return nullptr; + + switch (last_cert_trust.type) { + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + case CertificateTrustType::TRUSTED_LEAF: + return certs.back().get(); + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::DISTRUSTED: + return nullptr; + } + + assert(0); // NOTREACHED + return nullptr; +} + +// CertPathIter generates possible paths from |cert| to a trust anchor in +// |trust_store|, using intermediates from the |cert_issuer_source| objects if +// necessary. +class CertPathIter { + public: + CertPathIter(std::shared_ptr cert, + TrustStore* trust_store, + void* debug_data); + + CertPathIter(const CertPathIter&) = delete; + CertPathIter& operator=(const CertPathIter&) = delete; + + // Adds a CertIssuerSource to provide intermediates for use in path building. + // The |*cert_issuer_source| must remain valid for the lifetime of the + // CertPathIter. + void AddCertIssuerSource(CertIssuerSource* cert_issuer_source); + + // Gets the next candidate path, and fills it into |out_certs| and + // |out_last_cert_trust|. Note that the returned path is unverified and must + // still be run through a chain validator. If a candidate path could not be + // built, a partial path will be returned and |out_errors| will have an error + // added. + // If the return value is true, GetNextPath may be called again to backtrack + // and continue path building. Once all paths have been exhausted returns + // false. If deadline or iteration limit is exceeded, sets |out_certs| to the + // current path being explored and returns false. + bool GetNextPath(ParsedCertificateList* out_certs, + CertificateTrust* out_last_cert_trust, + CertPathErrors* out_errors, + CertPathBuilderDelegate* delegate, + uint32_t* iteration_count, + const uint32_t max_iteration_count, + const uint32_t max_path_building_depth); + + private: + // Stores the next candidate issuer, until it is used during the + // STATE_GET_NEXT_ISSUER_COMPLETE step. + IssuerEntry next_issuer_; + // The current path being explored, made up of CertIssuerIters. Each node + // keeps track of the state of searching for issuers of that cert, so that + // when backtracking it can resume the search where it left off. + CertIssuerIterPath cur_path_; + // The CertIssuerSources for retrieving candidate issuers. + CertIssuerSources cert_issuer_sources_; + // The TrustStore for checking if a path ends in a trust anchor. + TrustStore* trust_store_; + + void* debug_data_; +}; + +CertPathIter::CertPathIter(std::shared_ptr cert, + TrustStore* trust_store, + void* debug_data) + : trust_store_(trust_store), debug_data_(debug_data) { + // Initialize |next_issuer_| to the target certificate. + next_issuer_.cert = std::move(cert); + next_issuer_.trust = + trust_store_->GetTrust(next_issuer_.cert.get(), debug_data_); +} + +void CertPathIter::AddCertIssuerSource(CertIssuerSource* cert_issuer_source) { + cert_issuer_sources_.push_back(cert_issuer_source); +} + +bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, + CertificateTrust* out_last_cert_trust, + CertPathErrors* out_errors, + CertPathBuilderDelegate* delegate, + uint32_t* iteration_count, + const uint32_t max_iteration_count, + const uint32_t max_path_building_depth) { + out_certs->clear(); + *out_last_cert_trust = CertificateTrust::ForUnspecified(); + + while (true) { + if (delegate->IsDeadlineExpired()) { + if (cur_path_.Empty()) { + // If the deadline is already expired before the first call to + // GetNextPath, cur_path_ will be empty. Return the leaf cert in that + // case. + if (next_issuer_.cert) + out_certs->push_back(next_issuer_.cert); + } else { + cur_path_.CopyPath(out_certs); + } + out_errors->GetOtherErrors()->AddError(cert_errors::kDeadlineExceeded); + return false; + } + + // We are not done yet, so if the current path is at the depth limit then + // we must backtrack to find an acceptable solution. + if (max_path_building_depth > 0 && + cur_path_.Length() >= max_path_building_depth) { + cur_path_.CopyPath(out_certs); + out_errors->GetOtherErrors()->AddError(cert_errors::kDepthLimitExceeded); +#if defined(DVLOG) + DVLOG(1) << "CertPathIter reached depth limit. Returning partial path " + "and backtracking:\n" + << PathDebugString(*out_certs); +#endif + cur_path_.Pop(); + return true; + } + + if (!next_issuer_.cert) { + if (cur_path_.Empty()) { +#if defined(DVLOG) + DVLOG(1) << "CertPathIter exhausted all paths..."; +#endif + return false; + } + + (*iteration_count)++; + if (max_iteration_count > 0 && *iteration_count > max_iteration_count) { + cur_path_.CopyPath(out_certs); + out_errors->GetOtherErrors()->AddError( + cert_errors::kIterationLimitExceeded); + return false; + } + + cur_path_.back()->GetNextIssuer(&next_issuer_); + if (!next_issuer_.cert) { + if (!cur_path_.back()->had_non_skipped_issuers()) { + // If the end of a path was reached without finding an anchor, return + // the partial path before backtracking. + cur_path_.CopyPath(out_certs); + out_errors->GetErrorsForCert(out_certs->size() - 1) + ->AddError(cert_errors::kNoIssuersFound); +#if defined(DVLOG) + DVLOG(1) << "CertPathIter returning partial path and backtracking:\n" + << PathDebugString(*out_certs); +#endif + cur_path_.Pop(); + return true; + } else { + // No more issuers for current chain, go back up and see if there are + // any more for the previous cert. +#if defined(DVLOG) + DVLOG(1) << "CertPathIter backtracking..."; +#endif + cur_path_.Pop(); + continue; + } + } + } + + // Overrides for cert with trust appearing in the wrong place for the type + // of trust (trusted leaf in non-leaf position, or trust anchor in leaf + // position.) + switch (next_issuer_.trust.type) { + case CertificateTrustType::TRUSTED_ANCHOR: + // If the leaf cert is trusted only as an anchor, treat it as having + // unspecified trust. This may allow a successful path to be built to a + // different root (or to the same cert if it's self-signed). + if (cur_path_.Empty()) { +#if defined(DVLOG) + DVLOG(1) << "Leaf is a trust anchor, considering as UNSPECIFIED"; +#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; + case CertificateTrustType::TRUSTED_LEAF: + // If a non-leaf cert is trusted only as a leaf, treat it as having + // unspecified trust. This may allow a successful path to be built to a + // trusted root. + if (!cur_path_.Empty()) { +#if defined(DVLOG) + DVLOG(1) << "Issuer is a trust leaf, considering as UNSPECIFIED"; +#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + // No override necessary. + break; + } + + // Overrides for trusted leaf cert with require_leaf_selfsigned. If the leaf + // isn't actually self-signed, treat it as unspecified. + switch (next_issuer_.trust.type) { + case CertificateTrustType::TRUSTED_LEAF: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + if (cur_path_.Empty() && next_issuer_.trust.require_leaf_selfsigned && + !VerifyCertificateIsSelfSigned(*next_issuer_.cert, + delegate->GetVerifyCache(), + /*errors=*/nullptr)) { +#if defined(DVLOG) + DVLOG(1) << "Leaf is trusted with require_leaf_selfsigned but is " + "not self-signed, considering as UNSPECIFIED"; +#endif + next_issuer_.trust = CertificateTrust::ForUnspecified(); + } + break; + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::UNSPECIFIED: + // No override necessary. + break; + } + + switch (next_issuer_.trust.type) { + // If the trust for this issuer is "known" (either because it is + // distrusted, or because it is trusted) then stop building and return the + // path. + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + case CertificateTrustType::TRUSTED_LEAF: { + // If the issuer has a known trust level, can stop building the path. +#if defined(DVLOG) + DVLOG(2) << "CertPathIter got anchor: " + << CertDebugString(next_issuer_.cert.get()); +#endif + cur_path_.CopyPath(out_certs); + out_certs->push_back(std::move(next_issuer_.cert)); +#if defined(DVLOG) + DVLOG(1) << "CertPathIter returning path:\n" + << PathDebugString(*out_certs); +#endif + *out_last_cert_trust = next_issuer_.trust; + next_issuer_ = IssuerEntry(); + return true; + } + case CertificateTrustType::UNSPECIFIED: { + // Skip this cert if it is already in the chain. + if (cur_path_.IsPresent(next_issuer_.cert.get())) { + cur_path_.back()->increment_skipped_issuer_count(); +#if defined(DVLOG) + DVLOG(1) << "CertPathIter skipping dupe cert: " + << CertDebugString(next_issuer_.cert.get()); +#endif + next_issuer_ = IssuerEntry(); + continue; + } + + cur_path_.Append(std::make_unique( + std::move(next_issuer_.cert), &cert_issuer_sources_, trust_store_, + debug_data_)); + next_issuer_ = IssuerEntry(); +#if defined(DVLOG) + DVLOG(1) << "CertPathIter cur_path_ =\n" << cur_path_.PathDebugString(); +#endif + // Continue descending the tree. + continue; + } + } + } +} + +CertPathBuilderResultPath::CertPathBuilderResultPath() = default; +CertPathBuilderResultPath::~CertPathBuilderResultPath() = default; + +bool CertPathBuilderResultPath::IsValid() const { + return GetTrustedCert() && !errors.ContainsHighSeverityErrors(); +} + +CertPathBuilder::Result::Result() = default; +CertPathBuilder::Result::Result(Result&&) = default; +CertPathBuilder::Result::~Result() = default; +CertPathBuilder::Result& CertPathBuilder::Result::operator=(Result&&) = default; + +bool CertPathBuilder::Result::HasValidPath() const { + return GetBestValidPath() != nullptr; +} + +bool CertPathBuilder::Result::AnyPathContainsError(CertErrorId error_id) const { + for (const auto& path : paths) { + if (path->errors.ContainsError(error_id)) + return true; + } + + return false; +} + +const CertPathBuilderResultPath* CertPathBuilder::Result::GetBestValidPath() + const { + const CertPathBuilderResultPath* result_path = GetBestPathPossiblyInvalid(); + + if (result_path && result_path->IsValid()) + return result_path; + + return nullptr; +} + +const CertPathBuilderResultPath* +CertPathBuilder::Result::GetBestPathPossiblyInvalid() const { + DCHECK((paths.empty() && best_result_index == 0) || + best_result_index < paths.size()); + + if (best_result_index >= paths.size()) + return nullptr; + + return paths[best_result_index].get(); +} + +CertPathBuilder::CertPathBuilder( + std::shared_ptr cert, + TrustStore* trust_store, + CertPathBuilderDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit) + : cert_path_iter_( + std::make_unique(std::move(cert), + trust_store, + /*debug_data=*/&out_result_)), + delegate_(delegate), + time_(time), + key_purpose_(key_purpose), + initial_explicit_policy_(initial_explicit_policy), + user_initial_policy_set_(user_initial_policy_set), + initial_policy_mapping_inhibit_(initial_policy_mapping_inhibit), + initial_any_policy_inhibit_(initial_any_policy_inhibit) { + DCHECK(delegate); + // The TrustStore also implements the CertIssuerSource interface. + AddCertIssuerSource(trust_store); +} + +CertPathBuilder::~CertPathBuilder() = default; + +void CertPathBuilder::AddCertIssuerSource( + CertIssuerSource* cert_issuer_source) { + cert_path_iter_->AddCertIssuerSource(cert_issuer_source); +} + +void CertPathBuilder::SetIterationLimit(uint32_t limit) { + max_iteration_count_ = limit; +} + +void CertPathBuilder::SetDepthLimit(uint32_t limit) { + max_path_building_depth_ = limit; +} + +void CertPathBuilder::SetExploreAllPaths(bool explore_all_paths) { + explore_all_paths_ = explore_all_paths; +} + +CertPathBuilder::Result CertPathBuilder::Run() { + uint32_t iteration_count = 0; + + while (true) { + std::unique_ptr result_path = + std::make_unique(); + + if (!cert_path_iter_->GetNextPath( + &result_path->certs, &result_path->last_cert_trust, + &result_path->errors, delegate_, &iteration_count, + max_iteration_count_, max_path_building_depth_)) { + // There are no more paths to check or limits were exceeded. + if (result_path->errors.ContainsError( + cert_errors::kIterationLimitExceeded)) { + out_result_.exceeded_iteration_limit = true; + } + if (result_path->errors.ContainsError(cert_errors::kDeadlineExceeded)) { + out_result_.exceeded_deadline = true; + } + if (!result_path->certs.empty()) { + // It shouldn't be possible to get here without adding one of the + // errors above, but just in case, add an error if there isn't one + // already. + if (!result_path->errors.ContainsHighSeverityErrors()) { + result_path->errors.GetOtherErrors()->AddError( + cert_errors::kInternalError); + } + AddResultPath(std::move(result_path)); + } + out_result_.iteration_count = iteration_count; + return std::move(out_result_); + } + + if (result_path->last_cert_trust.HasUnspecifiedTrust()) { + // Partial path, don't attempt to verify. Just double check that it is + // marked with an error, and move on. + if (!result_path->errors.ContainsHighSeverityErrors()) { + result_path->errors.GetOtherErrors()->AddError( + cert_errors::kInternalError); + } + } else { + // Verify the entire certificate chain. + VerifyCertificateChain( + result_path->certs, result_path->last_cert_trust, delegate_, time_, + key_purpose_, initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, + &result_path->user_constrained_policy_set, &result_path->errors); + } + +#if defined(DVLOG) + DVLOG(1) << "CertPathBuilder VerifyCertificateChain errors:\n" + << result_path->errors.ToDebugString(result_path->certs); +#endif + + // Give the delegate a chance to add errors to the path. + delegate_->CheckPathAfterVerification(*this, result_path.get()); + + bool path_is_good = result_path->IsValid(); + + AddResultPath(std::move(result_path)); + + if (path_is_good && !explore_all_paths_) { + out_result_.iteration_count = iteration_count; + // Found a valid path, return immediately. + return std::move(out_result_); + } + // Path did not verify. Try more paths. + } +} + +void CertPathBuilder::AddResultPath( + std::unique_ptr result_path) { + // TODO(mattm): If there are no valid paths, set best_result_index based on + // number or severity of errors. If there are multiple valid paths, could set + // best_result_index based on prioritization (since due to AIA and such, the + // actual order results were discovered may not match the ideal). + if (!out_result_.HasValidPath()) { + const CertPathBuilderResultPath* old_best_path = + out_result_.GetBestPathPossiblyInvalid(); + // If |result_path| is a valid path or if the previous best result did not + // end in a trust anchor but the |result_path| does, then update the best + // result to the new result. + if (result_path->IsValid() || + (!result_path->last_cert_trust.HasUnspecifiedTrust() && old_best_path && + old_best_path->last_cert_trust.HasUnspecifiedTrust())) { + out_result_.best_result_index = out_result_.paths.size(); + } + } + if (result_path->certs.size() > out_result_.max_depth_seen) { + out_result_.max_depth_seen = result_path->certs.size(); + } + out_result_.paths.push_back(std::move(result_path)); +} + +} // namespace net diff --git a/pki/path_builder.h b/pki/path_builder.h new file mode 100644 index 0000000000..b1f03faa4a --- /dev/null +++ b/pki/path_builder.h @@ -0,0 +1,240 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_PATH_BUILDER_H_ +#define BSSL_PKI_PATH_BUILDER_H_ + +#include "fillins/openssl_util.h" +#include +#include + + + +#include "cert_errors.h" +#include "parsed_certificate.h" +#include "trust_store.h" +#include "verify_certificate_chain.h" +#include "input.h" +#include "parse_values.h" + +namespace bssl { + +namespace der { +struct GeneralizedTime; +} + +class CertPathBuilder; +class CertPathIter; +class CertIssuerSource; + +// Base class for custom data that CertPathBuilderDelegate can attach to paths. +class OPENSSL_EXPORT CertPathBuilderDelegateData { + public: + virtual ~CertPathBuilderDelegateData() = default; +}; + +// Represents a single candidate path that was built or is being processed. +// +// This is used both to represent valid paths, as well as invalid/partial ones. +// +// Consumers must use |IsValid()| to test whether the +// CertPathBuilderResultPath is the result of a successful certificate +// verification. +struct OPENSSL_EXPORT CertPathBuilderResultPath { + CertPathBuilderResultPath(); + ~CertPathBuilderResultPath(); + + // Returns true if the candidate path is valid. A "valid" path is one which + // chains to a trusted root, and did not have any high severity errors added + // to it during certificate verification. + bool IsValid() const; + + // Returns the chain's root certificate or nullptr if the chain doesn't + // chain to a trust anchor. + const ParsedCertificate* GetTrustedCert() const; + + // Path in the forward direction: + // + // certs[0] is the target certificate + // certs[i] was issued by certs[i+1] + // certs.back() is the root certificate (which may or may not be trusted). + ParsedCertificateList certs; + + // Describes the trustedness of the final certificate in the chain, + // |certs.back()| + // + // For result paths where |IsValid()|, the final certificate is trusted. + // However for failed or partially constructed paths the final certificate may + // not be a trust anchor. + CertificateTrust last_cert_trust; + + // The set of policies that the certificate is valid for (of the + // subset of policies user requested during verification). + std::set user_constrained_policy_set; + + // Slot for per-path data that may set by CertPathBuilderDelegate. The + // specific type is chosen by the delegate. Can be nullptr when unused. + std::unique_ptr delegate_data; + + // The set of errors and warnings associated with this path (bucketed + // per-certificate). Note that consumers should always use |IsValid()| to + // determine validity of the CertPathBuilderResultPath, and not just inspect + // |errors|. + CertPathErrors errors; +}; + +// CertPathBuilderDelegate controls policies for certificate verification and +// path building. +class OPENSSL_EXPORT CertPathBuilderDelegate + : public VerifyCertificateChainDelegate { + public: + // This is called during path building on candidate paths which have already + // been run through RFC 5280 verification. |path| may already have errors + // and warnings set on it. Delegates can "reject" a candidate path from path + // building by adding high severity errors. + virtual void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) = 0; + + // This is called during path building in between attempts to build candidate + // paths. Delegates can cause path building to stop and return indicating + // the deadline was exceeded by returning true from this function. + virtual bool IsDeadlineExpired() = 0; +}; + +// Checks whether a certificate is trusted by building candidate paths to trust +// anchors and verifying those paths according to RFC 5280. Each instance of +// CertPathBuilder is used for a single verification. +// +// WARNING: This implementation is currently experimental. Consult an OWNER +// before using it. +class OPENSSL_EXPORT CertPathBuilder { + public: + // Provides the overall result of path building. This includes the paths that + // were attempted. + struct OPENSSL_EXPORT Result { + Result(); + Result(Result&&); + + Result(const Result&) = delete; + Result& operator=(const Result&) = delete; + + ~Result(); + Result& operator=(Result&&); + + // Returns true if there was a valid path. + bool HasValidPath() const; + + // Returns true if any of the attempted paths contain |error_id|. + bool AnyPathContainsError(CertErrorId error_id) const; + + // Returns the CertPathBuilderResultPath for the best valid path, or nullptr + // if there was none. + const CertPathBuilderResultPath* GetBestValidPath() const; + + // Returns the best CertPathBuilderResultPath or nullptr if there was none. + const CertPathBuilderResultPath* GetBestPathPossiblyInvalid() const; + + // List of paths that were attempted and the result for each. + std::vector> paths; + + // Index into |paths|. Before use, |paths.empty()| must be checked. + // NOTE: currently the definition of "best" is fairly limited. Valid is + // better than invalid, but otherwise nothing is guaranteed. + size_t best_result_index = 0; + + // The iteration count reached by path building. + uint32_t iteration_count = 0; + + // The max depth seen while path building. + uint32_t max_depth_seen = 0; + + // True if the search stopped because it exceeded the iteration limit + // configured with |SetIterationLimit|. + bool exceeded_iteration_limit = false; + + // True if the search stopped because delegate->IsDeadlineExpired() returned + // true. + bool exceeded_deadline = false; + }; + + // Creates a CertPathBuilder that attempts to find a path from |cert| to a + // trust anchor in |trust_store| and is valid at |time|. + // + // The caller must keep |trust_store| and |delegate| valid for the lifetime + // of the CertPathBuilder. + // + // See VerifyCertificateChain() for a more detailed explanation of the + // same-named parameters not defined below. + // + // * |delegate|: Must be non-null. The delegate is called at various points in + // path building to verify specific parts of certificates or the + // final chain. See CertPathBuilderDelegate and + // VerifyCertificateChainDelegate for more information. + CertPathBuilder(std::shared_ptr cert, + TrustStore* trust_store, + CertPathBuilderDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit); + + CertPathBuilder(const CertPathBuilder&) = delete; + CertPathBuilder& operator=(const CertPathBuilder&) = delete; + + ~CertPathBuilder(); + + // Adds a CertIssuerSource to provide intermediates for use in path building. + // Multiple sources may be added. Must not be called after Run is called. + // The |*cert_issuer_source| must remain valid for the lifetime of the + // CertPathBuilder. + // + // (If no issuer sources are added, the target certificate will only verify if + // it is a trust anchor or is directly signed by a trust anchor.) + void AddCertIssuerSource(CertIssuerSource* cert_issuer_source); + + // Sets a limit to the number of times to repeat the process of considering a + // new intermediate over all potential paths. Setting |limit| to 0 disables + // the iteration limit, which is the default. + void SetIterationLimit(uint32_t limit); + + // Sets a limit to the number of certificates to be added in a path from leaf + // to root. Setting |limit| to 0 disables this limit, which is the default. + void SetDepthLimit(uint32_t limit); + + // If |explore_all_paths| is false (the default), path building will stop as + // soon as a valid path is found. If |explore_all_paths| is true, path + // building will continue until all possible paths have been exhausted (or + // iteration limit / deadline is exceeded). + void SetExploreAllPaths(bool explore_all_paths); + + // Executes verification of the target certificate. + // + // Run must not be called more than once on each CertPathBuilder instance. + Result Run(); + + private: + void AddResultPath(std::unique_ptr result_path); + + // |out_result_| may be referenced by other members, so should be initialized + // first. + Result out_result_; + + std::unique_ptr cert_path_iter_; + CertPathBuilderDelegate * delegate_; + const der::GeneralizedTime time_; + const KeyPurpose key_purpose_; + const InitialExplicitPolicy initial_explicit_policy_; + const std::set user_initial_policy_set_; + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_; + const InitialAnyPolicyInhibit initial_any_policy_inhibit_; + uint32_t max_iteration_count_ = 0; + uint32_t max_path_building_depth_ = 0; + bool explore_all_paths_ = false; +}; + +} // namespace net + +#endif // BSSL_PKI_PATH_BUILDER_H_ diff --git a/pki/path_builder_pkits_unittest.cc b/pki/path_builder_pkits_unittest.cc new file mode 100644 index 0000000000..a6da30f7e8 --- /dev/null +++ b/pki/path_builder_pkits_unittest.cc @@ -0,0 +1,306 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "path_builder.h" + +#include + +#include "fillins/net_errors.h" + +#include "cert_issuer_source_static.h" +#include "common_cert_errors.h" +#include "crl.h" +#include "parse_certificate.h" +#include "parsed_certificate.h" +#include "simple_path_builder_delegate.h" +#include "trust_store_in_memory.h" +#include "verify_certificate_chain.h" +#include "encode_values.h" +#include "input.h" +#include + +#include "nist_pkits_unittest.h" + +constexpr int64_t kOneYear = 60 * 60 * 24 * 365; + +namespace bssl { + +namespace { + +class CrlCheckingPathBuilderDelegate : public SimplePathBuilderDelegate { + public: + CrlCheckingPathBuilderDelegate(const std::vector& der_crls, + int64_t verify_time, + int64_t max_age, + size_t min_rsa_modulus_length_bits, + DigestPolicy digest_policy) + : SimplePathBuilderDelegate(min_rsa_modulus_length_bits, digest_policy), + der_crls_(der_crls), + verify_time_(verify_time), + max_age_(max_age) {} + + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override { + SimplePathBuilderDelegate::CheckPathAfterVerification(path_builder, path); + + if (!path->IsValid()) + return; + + // It would be preferable if this test could use + // CheckValidatedChainRevocation somehow, but that only supports getting + // CRLs by http distributionPoints. So this just settles for writing a + // little bit of wrapper code to test CheckCRL directly. + const ParsedCertificateList& certs = path->certs; + for (size_t reverse_i = 0; reverse_i < certs.size(); ++reverse_i) { + size_t i = certs.size() - reverse_i - 1; + + // Trust anchors bypass OCSP/CRL revocation checks. (The only way to + // revoke trust anchors is via CRLSet or the built-in SPKI block list). + if (reverse_i == 0 && path->last_cert_trust.IsTrustAnchor()) + continue; + + // RFC 5280 6.3.3. [If the CRL was not specified in a distribution + // point], assume a DP with both the reasons and the + // cRLIssuer fields omitted and a distribution point + // name of the certificate issuer. + // Since this implementation only supports URI names in distribution + // points, this means a default-initialized ParsedDistributionPoint is + // sufficient. + ParsedDistributionPoint fake_cert_dp; + const ParsedDistributionPoint* cert_dp = &fake_cert_dp; + + // If the target cert does have a distribution point, use it. + std::vector distribution_points; + ParsedExtension crl_dp_extension; + if (certs[i]->GetExtension(der::Input(kCrlDistributionPointsOid), + &crl_dp_extension)) { + ASSERT_TRUE(ParseCrlDistributionPoints(crl_dp_extension.value, + &distribution_points)); + // TODO(mattm): some test cases (some of the 4.14.* onlySomeReasons + // tests)) have two CRLs and two distribution points, one point + // corresponding to each CRL. Should select the matching point for + // each CRL. (Doesn't matter currently since we don't support + // reasons.) + + // Look for a DistributionPoint without reasons. + for (const auto& dp : distribution_points) { + if (!dp.reasons) { + cert_dp = &dp; + break; + } + } + // If there were only DistributionPoints with reasons, just use the + // first one. + if (cert_dp == &fake_cert_dp && !distribution_points.empty()) + cert_dp = &distribution_points[0]; + } + + bool cert_good = false; + + for (const auto& der_crl : der_crls_) { + CRLRevocationStatus crl_status = + CheckCRL(der_crl, certs, i, *cert_dp, verify_time_, max_age_); + if (crl_status == CRLRevocationStatus::REVOKED) { + path->errors.GetErrorsForCert(i)->AddError( + cert_errors::kCertificateRevoked); + return; + } + if (crl_status == CRLRevocationStatus::GOOD) { + cert_good = true; + break; + } + } + if (!cert_good) { + // PKITS tests assume hard-fail revocation checking. + // From PKITS 4.4: "When running the tests in this section, the + // application should be configured in such a way that the + // certification path is not accepted unless valid, up-to-date + // revocation data is available for every certificate in the path." + path->errors.GetErrorsForCert(i)->AddError( + cert_errors::kUnableToCheckRevocation); + } + } + } + + private: + std::vector der_crls_; + int64_t verify_time_; + int64_t max_age_; +}; + +class PathBuilderPkitsTestDelegate { + public: + static void RunTest(std::vector cert_ders, + std::vector crl_ders, + const PkitsTestInfo& orig_info) { + PkitsTestInfo info = orig_info; + + ASSERT_FALSE(cert_ders.empty()); + ParsedCertificateList certs; + for (const std::string& der : cert_ders) { + CertErrors errors; + ASSERT_TRUE(ParsedCertificate::CreateAndAddToVector( + bssl::UniquePtr( + CRYPTO_BUFFER_new(reinterpret_cast(der.data()), + der.size(), nullptr)), + {}, &certs, &errors)) + << errors.ToDebugString(); + } + // First entry in the PKITS chain is the trust anchor. + // TODO(mattm): test with all possible trust anchors in the trust store? + TrustStoreInMemory trust_store; + + trust_store.AddTrustAnchor(certs[0]); + + // TODO(mattm): test with other irrelevant certs in cert_issuer_sources? + CertIssuerSourceStatic cert_issuer_source; + for (size_t i = 1; i < cert_ders.size() - 1; ++i) + cert_issuer_source.AddCert(certs[i]); + + std::shared_ptr target_cert(certs.back()); + + int64_t verify_time; + ASSERT_TRUE(der::GeneralizedTimeToPosixTime(info.time, &verify_time)); + CrlCheckingPathBuilderDelegate path_builder_delegate( + crl_ders, verify_time, /*max_age=*/kOneYear * 2, 1024, + SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + + std::string_view test_number = info.test_number; + if (test_number == "4.4.19" || test_number == "4.5.3" || + test_number == "4.5.4" || test_number == "4.5.6") { + // 4.4.19 - fails since CRL is signed by a certificate that is not part + // of the verified chain, which is not supported. + // 4.5.3 - fails since non-URI distribution point names are not supported + // 4.5.4, 4.5.6 - fails since CRL is signed by a certificate that is not + // part of verified chain, and also non-URI distribution + // point names not supported + info.should_validate = false; + } else if (test_number == "4.14.1" || test_number == "4.14.4" || + test_number == "4.14.5" || test_number == "4.14.7" || + test_number == "4.14.18" || test_number == "4.14.19" || + test_number == "4.14.22" || test_number == "4.14.24" || + test_number == "4.14.25" || test_number == "4.14.28" || + test_number == "4.14.29" || test_number == "4.14.30" || + test_number == "4.14.33") { + // 4.14 tests: + // .1 - fails since non-URI distribution point names not supported + // .2, .3 - fails since non-URI distribution point names not supported + // (but test is expected to fail for other reason) + // .4, .5 - fails since non-URI distribution point names not supported, + // also uses nameRelativeToCRLIssuer which is not supported + // .6 - fails since non-URI distribution point names not supported, also + // uses nameRelativeToCRLIssuer which is not supported (but test is + // expected to fail for other reason) + // .7 - fails since relative distributionPointName not supported + // .8, .9 - fails since relative distributionPointName not supported (but + // test is expected to fail for other reason) + // .10, .11, .12, .13, .14, .27, .35 - PASS + // .15, .16, .17, .20, .21 - fails since onlySomeReasons is not supported + // (but test is expected to fail for other + // reason) + // .18, .19 - fails since onlySomeReasons is not supported + // .22, .24, .25, .28, .29, .30, .33 - fails since indirect CRLs are not + // supported + // .23, .26, .31, .32, .34 - fails since indirect CRLs are not supported + // (but test is expected to fail for other + // reason) + info.should_validate = false; + } else if (test_number == "4.15.1" || test_number == "4.15.5") { + // 4.15 tests: + // .1 - fails due to unhandled critical deltaCRLIndicator extension + // .2, .3, .6, .7, .8, .9, .10 - PASS since expected cert status is + // reflected in base CRL and delta CRL is + // ignored + // .5 - fails, cert status is "on hold" in base CRL but the delta CRL + // which removes the cert from CRL is ignored + info.should_validate = false; + } else if (test_number == "4.15.4") { + // 4.15.4 - Invalid delta-CRL Test4 has the target cert marked revoked in + // a delta-CRL. Since delta-CRLs are not supported, the chain validates + // successfully. + info.should_validate = true; + } + + CertPathBuilder path_builder( + std::move(target_cert), &trust_store, &path_builder_delegate, info.time, + KeyPurpose::ANY_EKU, info.initial_explicit_policy, + info.initial_policy_set, info.initial_policy_mapping_inhibit, + info.initial_inhibit_any_policy); + path_builder.AddCertIssuerSource(&cert_issuer_source); + + CertPathBuilder::Result result = path_builder.Run(); + + if (info.should_validate != result.HasValidPath()) { + for (size_t i = 0; i < result.paths.size(); ++i) { +#if defined(DVLOG) + const CertPathBuilderResultPath* result_path = + result.paths[i].get(); + LOG(ERROR) << "path " << i << " errors:\n" + << result_path->errors.ToDebugString(result_path->certs); +#endif + } + } + + ASSERT_EQ(info.should_validate, result.HasValidPath()); + + if (result.HasValidPath()) { + EXPECT_EQ(info.user_constrained_policy_set, + result.GetBestValidPath()->user_constrained_policy_set); + } + } +}; + +} // namespace + +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest01SignatureVerification, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest02ValidityPeriods, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest03VerifyingNameChaining, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest04BasicCertificateRevocationTests, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P( + PathBuilder, + PkitsTest05VerifyingPathswithSelfIssuedCertificates, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest06VerifyingBasicConstraints, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest07KeyUsage, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest08CertificatePolicies, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest09RequireExplicitPolicy, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest10PolicyMappings, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest11InhibitPolicyMapping, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest12InhibitAnyPolicy, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest13NameConstraints, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest14DistributionPoints, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest15DeltaCRLs, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest16PrivateCertificateExtensions, + PathBuilderPkitsTestDelegate); + +} // namespace net diff --git a/pki/path_builder_unittest.cc b/pki/path_builder_unittest.cc new file mode 100644 index 0000000000..4f3ca4dd30 --- /dev/null +++ b/pki/path_builder_unittest.cc @@ -0,0 +1,2524 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "path_builder.h" + +#include + +#include "fillins/path_service.h" +#include "fillins/file_util.h" + + +#include "pem.h" +#include "cert_error_params.h" +#include "cert_issuer_source_static.h" +#include "common_cert_errors.h" +#include "mock_signature_verify_cache.h" +#include "parsed_certificate.h" +#include "simple_path_builder_delegate.h" +#include "test_helpers.h" +#include "trust_store_collection.h" +#include "trust_store_in_memory.h" +#include "verify_certificate_chain.h" +#include "input.h" + +#include "testdata/test_certificate_data.h" +#include +#include +#include + +namespace bssl { + +// TODO(crbug.com/634443): Assert the errors for each ResultPath. + +namespace { + +#if !defined(_BORINGSSL_LIBPKI_) +using ::testing::_; +using ::testing::ElementsAre; +using ::testing::Exactly; +using ::testing::Invoke; +using ::testing::NiceMock; +using ::testing::Return; +using ::testing::SaveArg; +using ::testing::SetArgPointee; +using ::testing::StrictMock; +#endif // !_BORINGSSL_LIBPKI_ + +class TestPathBuilderDelegate : public SimplePathBuilderDelegate { + public: + TestPathBuilderDelegate(size_t min_rsa_modulus_length_bits, + DigestPolicy digest_policy) + : SimplePathBuilderDelegate(min_rsa_modulus_length_bits, digest_policy) {} + + bool IsDeadlineExpired() override { return deadline_is_expired_; } + + void SetDeadlineExpiredForTesting(bool deadline_is_expired) { + deadline_is_expired_ = deadline_is_expired; + } + + SignatureVerifyCache* GetVerifyCache() override { + return use_signature_cache_ ? &cache_ : nullptr; + } + + void ActivateCache() { use_signature_cache_ = true; } + + void DeActivateCache() { use_signature_cache_ = false; } + + MockSignatureVerifyCache* GetMockVerifyCache() { return &cache_; } + + private: + bool deadline_is_expired_ = false; + bool use_signature_cache_ = false; + MockSignatureVerifyCache cache_; +}; + +// AsyncCertIssuerSourceStatic always returns its certs asynchronously. +class AsyncCertIssuerSourceStatic : public CertIssuerSource { + public: + class StaticAsyncRequest : public Request { + public: + explicit StaticAsyncRequest(ParsedCertificateList&& issuers) { + issuers_.swap(issuers); + issuers_iter_ = issuers_.begin(); + } + + StaticAsyncRequest(const StaticAsyncRequest&) = delete; + StaticAsyncRequest& operator=(const StaticAsyncRequest&) = delete; + + ~StaticAsyncRequest() override = default; + + void GetNext(ParsedCertificateList* out_certs, + void* debug_data) override { + if (issuers_iter_ != issuers_.end()) + out_certs->push_back(std::move(*issuers_iter_++)); + } + + ParsedCertificateList issuers_; + ParsedCertificateList::iterator issuers_iter_; + }; + + ~AsyncCertIssuerSourceStatic() override = default; + + void SetAsyncGetCallback(std::function closure) { + async_get_callback_ = std::move(closure); + } + + void AddCert(std::shared_ptr cert) { + static_cert_issuer_source_.AddCert(std::move(cert)); + } + + void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) override {} + void AsyncGetIssuersOf(const ParsedCertificate* cert, + std::unique_ptr* out_req) override { + num_async_gets_++; + ParsedCertificateList issuers; + static_cert_issuer_source_.SyncGetIssuersOf(cert, &issuers); + auto req = std::make_unique(std::move(issuers)); + *out_req = std::move(req); + if (async_get_callback_) { + async_get_callback_(); + } + } + int num_async_gets() const { return num_async_gets_; } + + private: + CertIssuerSourceStatic static_cert_issuer_source_; + + int num_async_gets_ = 0; + std::function async_get_callback_ = nullptr; +}; + +::testing::AssertionResult ReadTestPem(const std::string& file_name, + const std::string& block_name, + std::string* result) { + const PemBlockMapping mappings[] = { + {block_name.c_str(), result}, + }; + + return ReadTestDataFromPemFile(file_name, mappings); +} + +::testing::AssertionResult ReadTestCert( + const std::string& file_name, + std::shared_ptr* result) { + std::string der; + ::testing::AssertionResult r = ReadTestPem( + "testdata/ssl/certificates/" + file_name, "CERTIFICATE", &der); + if (!r) + return r; + CertErrors errors; + *result = ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(der.data()), der.size(), nullptr)), + {}, &errors); + if (!*result) { + return ::testing::AssertionFailure() + << "ParseCertificate::Create() failed:\n" + << errors.ToDebugString(); + } + return ::testing::AssertionSuccess(); +} + +const void* kKey = &kKey; +#if !defined(_BORINGSSL_LIBPKI_) +class TrustStoreThatStoresUserData : public TrustStore { + public: + class Data ::Data { + public: + explicit Data(int value) : value(value) {} + + int value = 0; + }; + + // TrustStore implementation: + void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) override {} + CertificateTrust GetTrust(const ParsedCertificate* cert, + void* debug_data) override { + debug_data->SetUserData(kKey, std::make_unique(1234)); + return CertificateTrust::ForUnspecified(); + } +}; + +TEST(PathBuilderResultUserDataTest, ModifyUserDataInConstructor) { + std::shared_ptr a_by_b; + ASSERT_TRUE(ReadTestCert("multi-root-A-by-B.pem", &a_by_b)); + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + TrustStoreThatStoresUserData trust_store; + + // |trust_store| will unconditionally store user data in the + // CertPathBuilder::Result. This ensures that the Result object has been + // initialized before the first GetTrust call occurs (otherwise the test will + // crash or fail on ASAN bots). + CertPathBuilder path_builder( + a_by_b, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + CertPathBuilder::Result result = path_builder.Run(); + auto* data = static_cast( + result.GetUserData(kKey)); + ASSERT_TRUE(data); + EXPECT_EQ(1234, data->value); +} +#endif // !_BORINGSSL_LIBPKI_ + +class PathBuilderMultiRootTest : public ::testing::Test { + public: + PathBuilderMultiRootTest() + : delegate_(1024, TestPathBuilderDelegate::DigestPolicy::kWeakAllowSha1) { + } + + void SetUp() override { + ASSERT_TRUE(ReadTestCert("multi-root-A-by-B.pem", &a_by_b_)); + ASSERT_TRUE(ReadTestCert("multi-root-B-by-C.pem", &b_by_c_)); + ASSERT_TRUE(ReadTestCert("multi-root-B-by-F.pem", &b_by_f_)); + ASSERT_TRUE(ReadTestCert("multi-root-C-by-D.pem", &c_by_d_)); + ASSERT_TRUE(ReadTestCert("multi-root-C-by-E.pem", &c_by_e_)); + ASSERT_TRUE(ReadTestCert("multi-root-D-by-D.pem", &d_by_d_)); + ASSERT_TRUE(ReadTestCert("multi-root-E-by-E.pem", &e_by_e_)); + ASSERT_TRUE(ReadTestCert("multi-root-F-by-E.pem", &f_by_e_)); + } + + protected: + std::shared_ptr a_by_b_, b_by_c_, b_by_f_, c_by_d_, + c_by_e_, d_by_d_, e_by_e_, f_by_e_; + + TestPathBuilderDelegate delegate_; + der::GeneralizedTime time_ = {2017, 3, 1, 0, 0, 0}; + + const InitialExplicitPolicy initial_explicit_policy_ = + InitialExplicitPolicy::kFalse; + const std::set user_initial_policy_set_ = { + der::Input(kAnyPolicyOid)}; + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_ = + InitialPolicyMappingInhibit::kFalse; + const InitialAnyPolicyInhibit initial_any_policy_inhibit_ = + InitialAnyPolicyInhibit::kFalse; +}; + +// Tests when the target cert has the same name and key as a trust anchor, +// however is signed by a different trust anchor. This should successfully build +// a path, however the trust anchor will be the signer of this cert. +// +// (This test is very similar to TestEndEntityHasSameNameAndSpkiAsTrustAnchor +// but with different data; also in this test the target cert itself is in the +// trust store). +TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(a_by_b_); + trust_store.AddTrustAnchor(b_by_f_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(2U, path.certs.size()); + EXPECT_EQ(a_by_b_, path.certs[0]); + EXPECT_EQ(b_by_f_, path.certs[1]); +} + +// If the target cert is has the same name and key as a trust anchor, however +// is NOT itself signed by a trust anchor, it fails. Although the provided SPKI +// is trusted, the certificate contents cannot be verified. +TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(a_by_b_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + EXPECT_EQ(1U, result.max_depth_seen); +} + +// Test a failed path building when the trust anchor is provided as a +// supplemental certificate. Conceptually the following paths could be built: +// +// B(C) <- C(D) <- [Trust anchor D] +// B(C) <- C(D) <- D(D) <- [Trust anchor D] +// +// However the second one is extraneous given the shorter path. +TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + // The (extraneous) trust anchor D(D) is supplied as a certificate, as is the + // intermediate needed for path building C(D). + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(d_by_d_); + sync_certs.AddCert(c_by_d_); + + // C(D) is not valid at this time, so path building will fail. + der::GeneralizedTime expired_time = {2016, 1, 1, 0, 0, 0}; + + CertPathBuilder path_builder( + b_by_c_, &trust_store, &delegate_, expired_time, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(1U, result.paths.size()); + + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path0 = *result.paths[0]; + ASSERT_EQ(3U, path0.certs.size()); + EXPECT_EQ(b_by_c_, path0.certs[0]); + EXPECT_EQ(c_by_d_, path0.certs[1]); + EXPECT_EQ(d_by_d_, path0.certs[2]); +} + +// Test verifying a certificate that is a trust anchor. +TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(e_by_e_); + // This is not necessary for the test, just an extra... + trust_store.AddTrustAnchor(f_by_e_); + + CertPathBuilder path_builder( + e_by_e_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + + // Verifying a trusted leaf certificate is not permitted, however this + // certificate is self-signed, and can chain to itself. + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(2U, path.certs.size()); + EXPECT_EQ(e_by_e_, path.certs[0]); + EXPECT_EQ(e_by_e_, path.certs[1]); +} + +// If the target cert is directly issued by a trust anchor, it should verify +// without any intermediate certs being provided. +TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(b_by_f_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(2U, path.certs.size()); + EXPECT_EQ(a_by_b_, path.certs[0]); + EXPECT_EQ(b_by_f_, path.certs[1]); +} + +// Test that async cert queries are not made if the path can be successfully +// built with synchronously available certs. +TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(e_by_e_); + + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(b_by_c_); + async_certs.AddCert(c_by_e_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&async_certs); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + EXPECT_EQ(0, async_certs.num_async_gets()); +} + +// If async queries are needed, all async sources will be queried +// simultaneously. +TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(e_by_e_); + + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + sync_certs.AddCert(b_by_f_); + + AsyncCertIssuerSourceStatic async_certs1; + async_certs1.AddCert(c_by_e_); + + AsyncCertIssuerSourceStatic async_certs2; + async_certs2.AddCert(f_by_e_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&async_certs1); + path_builder.AddCertIssuerSource(&async_certs2); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + EXPECT_EQ(1, async_certs1.num_async_gets()); + EXPECT_EQ(1, async_certs2.num_async_gets()); +} + +// Test that PathBuilder does not generate longer paths than necessary if one of +// the supplied certs is itself a trust anchor. +TEST_F(PathBuilderMultiRootTest, TestLongChain) { + // Both D(D) and C(D) are trusted roots. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + trust_store.AddTrustAnchor(c_by_d_); + + // Certs B(C), and C(D) are all supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + sync_certs.AddCert(c_by_d_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + + // The result path should be A(B) <- B(C) <- C(D) + // not the longer but also valid A(B) <- B(C) <- C(D) <- D(D) + EXPECT_EQ(3U, result.GetBestValidPath()->certs.size()); +} + +// Test that PathBuilder will backtrack and try a different path if the first +// one doesn't work out. +TEST_F(PathBuilderMultiRootTest, TestBacktracking) { + // Only D(D) is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + // Certs B(F) and F(E) are supplied synchronously, thus the path + // A(B) <- B(F) <- F(E) should be built first, though it won't verify. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + // Certs B(C), and C(D) are supplied asynchronously, so the path + // A(B) <- B(C) <- C(D) <- D(D) should be tried second. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(b_by_c_); + async_certs.AddCert(c_by_d_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + + // The partial path should be returned even though it didn't reach a trust + // anchor. + ASSERT_EQ(2U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_f_, result.paths[0]->certs[1]); + EXPECT_EQ(f_by_e_, result.paths[0]->certs[2]); + + // The result path should be A(B) <- B(C) <- C(D) <- D(D) + EXPECT_EQ(1U, result.best_result_index); + EXPECT_TRUE(result.paths[1]->IsValid()); + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(4U, path.certs.size()); + EXPECT_EQ(a_by_b_, path.certs[0]); + EXPECT_EQ(b_by_c_, path.certs[1]); + EXPECT_EQ(c_by_d_, path.certs[2]); + EXPECT_EQ(d_by_d_, path.certs[3]); +} + +// Test that if no path to a trust anchor was found, the partial path is +// returned. +TEST_F(PathBuilderMultiRootTest, TestOnlyPartialPathResult) { + TrustStoreInMemory trust_store; + + // Certs B(F) and F(E) are supplied synchronously, thus the path + // A(B) <- B(F) <- F(E) should be built first, though it won't verify. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + + // The partial path should be returned even though it didn't reach a trust + // anchor. + ASSERT_EQ(1U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_f_, result.paths[0]->certs[1]); + EXPECT_EQ(f_by_e_, result.paths[0]->certs[2]); +} + +// Test that if two partial paths are returned, the first is marked as the best +// path. +TEST_F(PathBuilderMultiRootTest, TestTwoPartialPathResults) { + TrustStoreInMemory trust_store; + + // Certs B(F) and F(E) are supplied synchronously, thus the path + // A(B) <- B(F) <- F(E) should be built first, though it won't verify. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + // Certs B(C), and C(D) are supplied asynchronously, so the path + // A(B) <- B(C) <- C(D) <- D(D) should be tried second. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(b_by_c_); + async_certs.AddCert(c_by_d_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + + // First partial path found should be marked as the best one. + EXPECT_EQ(0U, result.best_result_index); + + ASSERT_EQ(2U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_f_, result.paths[0]->certs[1]); + EXPECT_EQ(f_by_e_, result.paths[0]->certs[2]); + + EXPECT_FALSE(result.paths[1]->IsValid()); + ASSERT_EQ(3U, result.paths[1]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[1]->certs[0]); + EXPECT_EQ(b_by_c_, result.paths[1]->certs[1]); + EXPECT_EQ(c_by_d_, result.paths[1]->certs[2]); +} + +// Test that if no valid path is found, and the first invalid path is a partial +// path, but the 2nd invalid path ends with a cert with a trust record, the 2nd +// path should be preferred. +TEST_F(PathBuilderMultiRootTest, TestDistrustedPathPreferredOverPartialPath) { + // Only D(D) has a trust record, but it is distrusted. + TrustStoreInMemory trust_store; + trust_store.AddDistrustedCertificateForTest(d_by_d_); + + // Certs B(F) and F(E) are supplied synchronously, thus the path + // A(B) <- B(F) <- F(E) should be built first, though it won't verify. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + // Certs B(C), and C(D) are supplied asynchronously, so the path + // A(B) <- B(C) <- C(D) <- D(D) should be tried second. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(b_by_c_); + async_certs.AddCert(c_by_d_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + + // The partial path should be returned even though it didn't reach a trust + // anchor. + ASSERT_EQ(2U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_f_, result.paths[0]->certs[1]); + EXPECT_EQ(f_by_e_, result.paths[0]->certs[2]); + + // The result path should be A(B) <- B(C) <- C(D) <- D(D) + EXPECT_EQ(1U, result.best_result_index); + EXPECT_FALSE(result.paths[1]->IsValid()); + const auto& path = *result.GetBestPathPossiblyInvalid(); + ASSERT_EQ(4U, path.certs.size()); + EXPECT_EQ(a_by_b_, path.certs[0]); + EXPECT_EQ(b_by_c_, path.certs[1]); + EXPECT_EQ(c_by_d_, path.certs[2]); + EXPECT_EQ(d_by_d_, path.certs[3]); +} + +// Test that whichever order CertIssuerSource returns the issuers, the path +// building still succeeds. +TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) { + // Only D(D) is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + for (bool reverse_order : {false, true}) { + SCOPED_TRACE(reverse_order); + std::vector> certs = { + b_by_c_, b_by_f_, f_by_e_, c_by_d_, c_by_e_}; + CertIssuerSourceStatic sync_certs; + if (reverse_order) { + for (auto it = certs.rbegin(); it != certs.rend(); ++it) + sync_certs.AddCert(*it); + } else { + for (const auto& cert : certs) + sync_certs.AddCert(cert); + } + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + + // The result path should be A(B) <- B(C) <- C(D) <- D(D) + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(4U, path.certs.size()); + EXPECT_EQ(a_by_b_, path.certs[0]); + EXPECT_EQ(b_by_c_, path.certs[1]); + EXPECT_EQ(c_by_d_, path.certs[2]); + EXPECT_EQ(d_by_d_, path.certs[3]); + } +} + +TEST_F(PathBuilderMultiRootTest, TestIterationLimit) { + // D(D) is the trust root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + // Certs B(C) and C(D) are supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + sync_certs.AddCert(c_by_d_); + + for (const bool insufficient_limit : {true, false}) { + SCOPED_TRACE(insufficient_limit); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + if (insufficient_limit) { + // A limit of one is insufficient to build a path in this case. Therefore + // building is expected to fail in this case. + path_builder.SetIterationLimit(1); + } else { + // The other tests in this file exercise the case that |SetIterationLimit| + // isn't called. Therefore set a sufficient limit for the path to be + // found. + path_builder.SetIterationLimit(5); + } + + auto result = path_builder.Run(); + + EXPECT_EQ(!insufficient_limit, result.HasValidPath()); + EXPECT_EQ(insufficient_limit, result.exceeded_iteration_limit); + + if (insufficient_limit) { + EXPECT_EQ(2U, result.iteration_count); + } else { + EXPECT_EQ(3U, result.iteration_count); + } + } +} + +TEST_F(PathBuilderMultiRootTest, TestTrivialDeadline) { + // C(D) is the trust root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(c_by_d_); + + // Cert B(C) is supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + + for (const bool insufficient_limit : {true, false}) { + SCOPED_TRACE(insufficient_limit); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + // Make the deadline either expired or not. + delegate_.SetDeadlineExpiredForTesting(insufficient_limit); + + auto result = path_builder.Run(); + + EXPECT_EQ(!insufficient_limit, result.HasValidPath()); + EXPECT_EQ(insufficient_limit, result.exceeded_deadline); + EXPECT_EQ(delegate_.IsDeadlineExpired(), insufficient_limit); + + if (insufficient_limit) { + ASSERT_EQ(1U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(1U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_TRUE(result.paths[0]->errors.ContainsError( + cert_errors::kDeadlineExceeded)); + } else { + ASSERT_EQ(1U, result.paths.size()); + EXPECT_TRUE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_c_, result.paths[0]->certs[1]); + EXPECT_EQ(c_by_d_, result.paths[0]->certs[2]); + } + } +} + +TEST_F(PathBuilderMultiRootTest, TestVerifyCache) { + // C(D) is the trust root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(c_by_d_); + + // Cert B(C) is supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + + // Test Activation / DeActivation of the cache. + EXPECT_FALSE(delegate_.GetVerifyCache()); + delegate_.ActivateCache(); + EXPECT_TRUE(delegate_.GetVerifyCache()); + delegate_.DeActivateCache(); + EXPECT_FALSE(delegate_.GetVerifyCache()); + delegate_.ActivateCache(); + EXPECT_TRUE(delegate_.GetVerifyCache()); + for (size_t i = 0; i < 3; i++) { + SCOPED_TRACE(i); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + ASSERT_EQ(1U, result.paths.size()); + EXPECT_TRUE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_c_, result.paths[0]->certs[1]); + EXPECT_EQ(c_by_d_, result.paths[0]->certs[2]); + + // The path is 3 certificates long, so requires 2 distinct signature + // verifications. The first time through the loop will cause 2 cache misses + // and stores, subsequent iterations will repeat the same verifications, + // causing 2 cache hits. + EXPECT_EQ(delegate_.GetMockVerifyCache()->CacheHits(), i * 2); + EXPECT_EQ(delegate_.GetMockVerifyCache()->CacheMisses(), 2U); + EXPECT_EQ(delegate_.GetMockVerifyCache()->CacheStores(), 2U); + } +} + +TEST_F(PathBuilderMultiRootTest, TestDeadline) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + // Cert B(C) is supplied statically. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + + // Cert C(D) is supplied asynchronously and will expire the deadline before + // returning the async result. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(c_by_d_); + async_certs.SetAsyncGetCallback( + [&] { delegate_.SetDeadlineExpiredForTesting(true); }); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + EXPECT_TRUE(result.exceeded_deadline); + EXPECT_TRUE(delegate_.IsDeadlineExpired()); + + // The chain returned should end in c_by_d_, since the deadline would only be + // checked again after the async results had been checked (since + // AsyncCertIssuerSourceStatic makes the async results available immediately.) + ASSERT_EQ(1U, result.paths.size()); + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(a_by_b_, result.paths[0]->certs[0]); + EXPECT_EQ(b_by_c_, result.paths[0]->certs[1]); + EXPECT_EQ(c_by_d_, result.paths[0]->certs[2]); + EXPECT_TRUE( + result.paths[0]->errors.ContainsError(cert_errors::kDeadlineExceeded)); +} + +TEST_F(PathBuilderMultiRootTest, TestDepthLimit) { + // D(D) is the trust root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(d_by_d_); + + // Certs B(C) and C(D) are supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + sync_certs.AddCert(c_by_d_); + + for (const bool insufficient_limit : {true, false}) { + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + if (insufficient_limit) { + // A limit of depth equal to 2 is insufficient to build the path. + // Therefore, building is expected to fail. + path_builder.SetDepthLimit(2); + } else { + // The other tests in this file exercise the case that |SetDepthLimit| + // isn't called. Therefore, set a sufficient limit for the path to be + // found. + path_builder.SetDepthLimit(5); + } + + auto result = path_builder.Run(); + + EXPECT_EQ(!insufficient_limit, result.HasValidPath()); + EXPECT_EQ(insufficient_limit, + result.AnyPathContainsError(cert_errors::kDepthLimitExceeded)); + if (insufficient_limit) { + EXPECT_EQ(2U, result.max_depth_seen); + } else { + EXPECT_EQ(4U, result.max_depth_seen); + } + } +} + +TEST_F(PathBuilderMultiRootTest, TestDepthLimitMultiplePaths) { + // This case tests path building backracking due to reaching the path depth + // limit. Given the root and issuer certificates below, there can be two paths + // from between the leaf to a trusted root, one has length of 3 and the other + // has length of 4. These certificates are specifically chosen because path + // building will first explore the 4-certificate long path then the + // 3-certificate long path. So with a depth limit of 3, we can test the + // backtracking code path. + + // E(E) and C(D) are the trust roots. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(e_by_e_); + trust_store.AddTrustAnchor(c_by_d_); + + // Certs B(C). B(F) and F(E) are supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + sync_certs.AddCert(b_by_f_); + sync_certs.AddCert(f_by_e_); + + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + path_builder.SetDepthLimit(3); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + EXPECT_TRUE(result.AnyPathContainsError(cert_errors::kDepthLimitExceeded)); + + ASSERT_EQ(result.paths.size(), 2u); + + const CertPathBuilderResultPath* truncated_path = result.paths[0].get(); + EXPECT_FALSE(truncated_path->IsValid()); + EXPECT_TRUE( + truncated_path->errors.ContainsError(cert_errors::kDepthLimitExceeded)); + ASSERT_EQ(truncated_path->certs.size(), 3u); + EXPECT_EQ(a_by_b_, truncated_path->certs[0]); + EXPECT_EQ(b_by_f_, truncated_path->certs[1]); + EXPECT_EQ(f_by_e_, truncated_path->certs[2]); + + const CertPathBuilderResultPath* valid_path = result.paths[1].get(); + EXPECT_TRUE(valid_path->IsValid()); + EXPECT_FALSE( + valid_path->errors.ContainsError(cert_errors::kDepthLimitExceeded)); + ASSERT_EQ(valid_path->certs.size(), 3u); + EXPECT_EQ(a_by_b_, valid_path->certs[0]); + EXPECT_EQ(b_by_c_, valid_path->certs[1]); + EXPECT_EQ(c_by_d_, valid_path->certs[2]); +} + +class PathBuilderKeyRolloverTest : public ::testing::Test { + public: + PathBuilderKeyRolloverTest() + : delegate_(1024, + SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1) {} + + void SetUp() override { + ParsedCertificateList path; + + VerifyCertChainTest test; + ASSERT_TRUE(ReadVerifyCertChainTestFromFile( + "testdata/verify_certificate_chain_unittest/key-rollover/oldchain.test", + &test)); + path = test.chain; + ASSERT_EQ(3U, path.size()); + target_ = path[0]; + oldintermediate_ = path[1]; + oldroot_ = path[2]; + time_ = test.time; + + ASSERT_TRUE(target_); + ASSERT_TRUE(oldintermediate_); + + ASSERT_TRUE(ReadVerifyCertChainTestFromFile( + "testdata/verify_certificate_chain_unittest/" + "key-rollover/longrolloverchain.test", + &test)); + path = test.chain; + + ASSERT_EQ(5U, path.size()); + newintermediate_ = path[1]; + newroot_ = path[2]; + newrootrollover_ = path[3]; + ASSERT_TRUE(newintermediate_); + ASSERT_TRUE(newroot_); + ASSERT_TRUE(newrootrollover_); + } + + protected: + // oldroot-------->newrootrollover newroot + // | | | + // v v v + // oldintermediate newintermediate + // | | + // +------------+-------------+ + // | + // v + // target + std::shared_ptr target_; + std::shared_ptr oldintermediate_; + std::shared_ptr newintermediate_; + std::shared_ptr oldroot_; + std::shared_ptr newroot_; + std::shared_ptr newrootrollover_; + + SimplePathBuilderDelegate delegate_; + der::GeneralizedTime time_; + + const InitialExplicitPolicy initial_explicit_policy_ = + InitialExplicitPolicy::kFalse; + const std::set user_initial_policy_set_ = { + der::Input(kAnyPolicyOid)}; + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_ = + InitialPolicyMappingInhibit::kFalse; + const InitialAnyPolicyInhibit initial_any_policy_inhibit_ = + InitialAnyPolicyInhibit::kFalse; +}; + +// Tests that if only the old root cert is trusted, the path builder can build a +// path through the new intermediate and rollover cert to the old root. +TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { + // Only oldroot is trusted. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(oldroot_); + + // Old intermediate cert is not provided, so the pathbuilder will need to go + // through the rollover cert. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(newintermediate_); + sync_certs.AddCert(newrootrollover_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + + // Due to authorityKeyIdentifier prioritization, path builder will first + // attempt: target <- newintermediate <- newrootrollover <- oldroot + // which will succeed. + ASSERT_EQ(1U, result.paths.size()); + const auto& path0 = *result.paths[0]; + EXPECT_EQ(0U, result.best_result_index); + EXPECT_TRUE(path0.IsValid()); + ASSERT_EQ(4U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + EXPECT_EQ(newintermediate_, path0.certs[1]); + EXPECT_EQ(newrootrollover_, path0.certs[2]); + EXPECT_EQ(oldroot_, path0.certs[3]); +} + +// Tests that if both old and new roots are trusted it builds a path through +// the new intermediate. +TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { + // Both oldroot and newroot are trusted. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(oldroot_); + trust_store.AddTrustAnchor(newroot_); + + // Both old and new intermediates + rollover cert are provided. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(oldintermediate_); + sync_certs.AddCert(newintermediate_); + sync_certs.AddCert(newrootrollover_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + + ASSERT_EQ(1U, result.paths.size()); + const auto& path = *result.paths[0]; + EXPECT_TRUE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); + // The newer intermediate should be used as newer certs are prioritized in + // path building. + EXPECT_EQ(newintermediate_, path.certs[1]); + EXPECT_EQ(newroot_, path.certs[2]); +} + +// If trust anchor query returned no results, and there are no issuer +// sources, path building should fail at that point. +TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) { + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newroot_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + + ASSERT_EQ(1U, result.paths.size()); + const auto& path = *result.paths[0]; + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(1U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); +} + +// If a path to a trust anchor could not be found, and the last issuer(s) in +// the chain were culled by the loop checker, the partial path up to that point +// should be returned. +TEST_F(PathBuilderKeyRolloverTest, TestReturnsPartialPathEndedByLoopChecker) { + TrustStoreInMemory trust_store; + + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(newintermediate_); + sync_certs.AddCert(newroot_); + + CertIssuerSourceStatic rollover_certs; + rollover_certs.AddCert(newrootrollover_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + // The rollover root is added as a second issuer source to ensure we get paths + // back in a deterministic order, otherwise newroot and newrootrollover do not + // differ in any way that the path builder would use for prioritizing which + // path comes back first. + path_builder.AddCertIssuerSource(&rollover_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(2U, result.paths.size()); + + // Since none of the certs are trusted, the path builder should build 4 + // candidate paths, all of which are disallowed due to the loop checker: + // target->newintermediate->newroot->newroot + // target->newintermediate->newroot->newrootrollover + // target->newintermediate->newrootrollover->newroot + // target->newintermediate->newrootrollover->newrootrollover + // This should end up returning the 2 partial paths which are the longest + // paths for which no acceptable issuers could be found: + // target->newintermediate->newroot + // target->newintermediate->newrootrollover + + { + const auto& path = *result.paths[0]; + EXPECT_FALSE(path.IsValid()); + ASSERT_EQ(3U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); + EXPECT_EQ(newintermediate_, path.certs[1]); + EXPECT_EQ(newroot_, path.certs[2]); + EXPECT_TRUE(path.errors.ContainsError(cert_errors::kNoIssuersFound)); + } + + { + const auto& path = *result.paths[1]; + EXPECT_FALSE(path.IsValid()); + ASSERT_EQ(3U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); + EXPECT_EQ(newintermediate_, path.certs[1]); + EXPECT_EQ(newrootrollover_, path.certs[2]); + EXPECT_TRUE(path.errors.ContainsError(cert_errors::kNoIssuersFound)); + } +} + +// Tests that multiple trust root matches on a single path will be considered. +// Both roots have the same subject but different keys. Only one of them will +// verify. +TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { + TrustStoreCollection trust_store_collection; + TrustStoreInMemory trust_store1; + TrustStoreInMemory trust_store2; + trust_store_collection.AddTrustStore(&trust_store1); + trust_store_collection.AddTrustStore(&trust_store2); + // Add two trust anchors (newroot_ and oldroot_). Path building will attempt + // them in this same order, as trust_store1 was added to + // trust_store_collection first. + trust_store1.AddTrustAnchor(newroot_); + trust_store2.AddTrustAnchor(oldroot_); + + // Only oldintermediate is supplied, so the path with newroot should fail, + // oldroot should succeed. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(oldintermediate_); + + CertPathBuilder path_builder( + target_, &trust_store_collection, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(1U, result.paths.size()); + + // Due to authorityKeyIdentifier prioritization, path builder will first + // attempt: target <- old intermediate <- oldroot + // which should succeed. + EXPECT_TRUE(result.paths[result.best_result_index]->IsValid()); + const auto& path = *result.paths[result.best_result_index]; + ASSERT_EQ(3U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); + EXPECT_EQ(oldintermediate_, path.certs[1]); + EXPECT_EQ(oldroot_, path.certs[2]); +} + +// Tests that the path builder doesn't build longer than necessary paths, +// by skipping certs where the same Name+SAN+SPKI is already in the current +// path. +TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { + // Only oldroot is trusted. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(oldroot_); + + // New intermediate and new root are provided synchronously. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(newintermediate_); + sync_certs.AddCert(newroot_); + + // Rollover cert is only provided asynchronously. This will force the + // pathbuilder to first try building a longer than necessary path. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(newrootrollover_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(3U, result.paths.size()); + + // Path builder will first attempt: + // target <- newintermediate <- newroot <- oldroot + // but it will fail since newroot is self-signed. + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path0 = *result.paths[0]; + ASSERT_EQ(4U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + EXPECT_EQ(newintermediate_, path0.certs[1]); + EXPECT_EQ(newroot_, path0.certs[2]); + EXPECT_EQ(oldroot_, path0.certs[3]); + + // Path builder will next attempt: target <- newintermediate <- oldroot + // but it will fail since newintermediate is signed by newroot. + EXPECT_FALSE(result.paths[1]->IsValid()); + const auto& path1 = *result.paths[1]; + ASSERT_EQ(3U, path1.certs.size()); + EXPECT_EQ(target_, path1.certs[0]); + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(oldroot_, path1.certs[2]); + + // Path builder will skip: + // target <- newintermediate <- newroot <- newrootrollover <- ... + // Since newroot and newrootrollover have the same Name+SAN+SPKI. + + // Finally path builder will use: + // target <- newintermediate <- newrootrollover <- oldroot + EXPECT_EQ(2U, result.best_result_index); + EXPECT_TRUE(result.paths[2]->IsValid()); + const auto& path2 = *result.paths[2]; + ASSERT_EQ(4U, path2.certs.size()); + EXPECT_EQ(target_, path2.certs[0]); + EXPECT_EQ(newintermediate_, path2.certs[1]); + EXPECT_EQ(newrootrollover_, path2.certs[2]); + EXPECT_EQ(oldroot_, path2.certs[3]); +} + +// Tests that when SetExploreAllPaths is combined with SetIterationLimit the +// path builder will return all the paths that were able to be built before the +// iteration limit was reached. +TEST_F(PathBuilderKeyRolloverTest, ExploreAllPathsWithIterationLimit) { + struct Expectation { + int iteration_limit; + size_t expected_num_paths; + std::vector> partial_path; + } kExpectations[] = { + // No iteration limit. All possible paths should be built. + {0, 4, {}}, + // Limit 1 is only enough to reach the intermediate, no complete path + // should be built. + {1, 0, {target_, newintermediate_}}, + // Limit 2 allows reaching the root on the first path. + {2, 1, {target_, newintermediate_}}, + // Next iteration uses oldroot instead of newroot. + {3, 2, {target_, newintermediate_}}, + // Backtracking to the target cert. + {4, 2, {target_}}, + // Adding oldintermediate. + {5, 2, {target_, oldintermediate_}}, + // Trying oldroot. + {6, 3, {target_, oldintermediate_}}, + // Trying newroot. + {7, 4, {target_, oldintermediate_}}, + }; + + // Trust both old and new roots. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(oldroot_); + trust_store.AddTrustAnchor(newroot_); + + // Intermediates and root rollover are all provided synchronously. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(oldintermediate_); + sync_certs.AddCert(newintermediate_); + + for (const auto& expectation : kExpectations) { + SCOPED_TRACE(expectation.iteration_limit); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + // Explore all paths, rather than stopping at the first valid path. + path_builder.SetExploreAllPaths(true); + + // Limit the number of iterations. + path_builder.SetIterationLimit(expectation.iteration_limit); + + auto result = path_builder.Run(); + + EXPECT_EQ(expectation.expected_num_paths > 0, result.HasValidPath()); + if (expectation.partial_path.empty()) { + ASSERT_EQ(expectation.expected_num_paths, result.paths.size()); + } else { + ASSERT_EQ(1 + expectation.expected_num_paths, result.paths.size()); + const auto& path = *result.paths[result.paths.size() - 1]; + EXPECT_FALSE(path.IsValid()); + EXPECT_EQ(expectation.partial_path, path.certs); + EXPECT_TRUE( + path.errors.ContainsError(cert_errors::kIterationLimitExceeded)); + } + + if (expectation.expected_num_paths > 0) { + // Path builder will first build path: target <- newintermediate <- + // newroot + const auto& path0 = *result.paths[0]; + EXPECT_TRUE(path0.IsValid()); + ASSERT_EQ(3U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + EXPECT_EQ(newintermediate_, path0.certs[1]); + EXPECT_EQ(newroot_, path0.certs[2]); + EXPECT_EQ(3U, result.max_depth_seen); + } + + if (expectation.expected_num_paths > 1) { + // Next path: target <- newintermediate <- oldroot + const auto& path1 = *result.paths[1]; + EXPECT_FALSE(path1.IsValid()); + ASSERT_EQ(3U, path1.certs.size()); + EXPECT_EQ(target_, path1.certs[0]); + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(oldroot_, path1.certs[2]); + EXPECT_EQ(3U, result.max_depth_seen); + } + + if (expectation.expected_num_paths > 2) { + // Next path: target <- oldintermediate <- oldroot + const auto& path2 = *result.paths[2]; + EXPECT_TRUE(path2.IsValid()); + ASSERT_EQ(3U, path2.certs.size()); + EXPECT_EQ(target_, path2.certs[0]); + EXPECT_EQ(oldintermediate_, path2.certs[1]); + EXPECT_EQ(oldroot_, path2.certs[2]); + EXPECT_EQ(3U, result.max_depth_seen); + } + + if (expectation.expected_num_paths > 3) { + // Final path: target <- oldintermediate <- newroot + const auto& path3 = *result.paths[3]; + EXPECT_FALSE(path3.IsValid()); + ASSERT_EQ(3U, path3.certs.size()); + EXPECT_EQ(target_, path3.certs[0]); + EXPECT_EQ(oldintermediate_, path3.certs[1]); + EXPECT_EQ(newroot_, path3.certs[2]); + EXPECT_EQ(3U, result.max_depth_seen); + } + } +} + +// If the target cert is a trust anchor, however is not itself *signed* by a +// trust anchor, then it is not considered valid (the SPKI and name of the +// trust anchor matches the SPKI and subject of the targe certificate, but the +// rest of the certificate cannot be verified). +TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) { + // Trust newintermediate. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newintermediate_); + + // Newintermediate is also the target cert. + CertPathBuilder path_builder( + newintermediate_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); +} + +// If target has same Name+SAN+SPKI as a necessary intermediate, test if a path +// can still be built. +// Since LoopChecker will prevent the intermediate from being included, this +// currently does NOT verify. This case shouldn't occur in the web PKI. +TEST_F(PathBuilderKeyRolloverTest, + TestEndEntityHasSameNameAndSpkiAsIntermediate) { + // Trust oldroot. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(oldroot_); + + // New root rollover is provided synchronously. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(newrootrollover_); + + // Newroot is the target cert. + CertPathBuilder path_builder( + newroot_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + // This could actually be OK, but CertPathBuilder does not build the + // newroot <- newrootrollover <- oldroot path. + EXPECT_FALSE(result.HasValidPath()); +} + +// If target has same Name+SAN+SPKI as the trust root, test that a (trivial) +// path can still be built. +TEST_F(PathBuilderKeyRolloverTest, + TestEndEntityHasSameNameAndSpkiAsTrustAnchor) { + // Trust newrootrollover. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newrootrollover_); + + // Newroot is the target cert. + CertPathBuilder path_builder( + newroot_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + + auto result = path_builder.Run(); + + ASSERT_TRUE(result.HasValidPath()); + + const CertPathBuilderResultPath* best_result = result.GetBestValidPath(); + + // Newroot has same name+SPKI as newrootrollover, thus the path is valid and + // only contains newroot. + EXPECT_TRUE(best_result->IsValid()); + ASSERT_EQ(2U, best_result->certs.size()); + EXPECT_EQ(newroot_, best_result->certs[0]); + EXPECT_EQ(newrootrollover_, best_result->certs[1]); +} + +// Test that PathBuilder will not try the same path twice if multiple +// CertIssuerSources provide the same certificate. +TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { + // Create a separate copy of oldintermediate. + std::shared_ptr oldintermediate_dupe( + ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + oldintermediate_->der_cert().UnsafeData(), + oldintermediate_->der_cert().Length(), nullptr)), + {}, nullptr)); + + // Only newroot is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newroot_); + + // The oldintermediate is supplied synchronously by |sync_certs1| and + // another copy of oldintermediate is supplied synchronously by |sync_certs2|. + // The path target <- oldintermediate <- newroot should be built first, + // though it won't verify. It should not be attempted again even though + // oldintermediate was supplied twice. + CertIssuerSourceStatic sync_certs1; + sync_certs1.AddCert(oldintermediate_); + CertIssuerSourceStatic sync_certs2; + sync_certs2.AddCert(oldintermediate_dupe); + + // The newintermediate is supplied asynchronously, so the path + // target <- newintermediate <- newroot should be tried second. + AsyncCertIssuerSourceStatic async_certs; + async_certs.AddCert(newintermediate_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs1); + path_builder.AddCertIssuerSource(&sync_certs2); + path_builder.AddCertIssuerSource(&async_certs); + + auto result = path_builder.Run(); + + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(2U, result.paths.size()); + + // Path builder will first attempt: target <- oldintermediate <- newroot + // but it will fail since oldintermediate is signed by oldroot. + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path0 = *result.paths[0]; + + ASSERT_EQ(3U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + // Compare the DER instead of ParsedCertificate pointer, don't care which copy + // of oldintermediate was used in the path. + EXPECT_EQ(oldintermediate_->der_cert(), path0.certs[1]->der_cert()); + EXPECT_EQ(newroot_, path0.certs[2]); + + // Path builder will next attempt: target <- newintermediate <- newroot + // which will succeed. + EXPECT_EQ(1U, result.best_result_index); + EXPECT_TRUE(result.paths[1]->IsValid()); + const auto& path1 = *result.paths[1]; + ASSERT_EQ(3U, path1.certs.size()); + EXPECT_EQ(target_, path1.certs[0]); + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(newroot_, path1.certs[2]); +} + +// Test when PathBuilder is given a cert via CertIssuerSources that has the same +// SPKI as a trust anchor. +TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { + // Create a separate copy of newroot. + std::shared_ptr newroot_dupe( + ParsedCertificate::Create( + bssl::UniquePtr( + CRYPTO_BUFFER_new(newroot_->der_cert().UnsafeData(), + newroot_->der_cert().Length(), nullptr)), + {}, nullptr)); + + // Only newroot is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newroot_); + + // The oldintermediate and newroot are supplied synchronously by |sync_certs|. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(oldintermediate_); + sync_certs.AddCert(newroot_dupe); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&sync_certs); + + auto result = path_builder.Run(); + + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(1U, result.paths.size()); + + // Path builder attempt: target <- oldintermediate <- newroot + // but it will fail since oldintermediate is signed by oldroot. + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path = *result.paths[0]; + ASSERT_EQ(3U, path.certs.size()); + EXPECT_EQ(target_, path.certs[0]); + EXPECT_EQ(oldintermediate_, path.certs[1]); + // Compare the DER instead of ParsedCertificate pointer, don't care which copy + // of newroot was used in the path. + EXPECT_EQ(newroot_->der_cert(), path.certs[2]->der_cert()); +} + +#if !defined(_BORINGSSL_LIBPKI_) +class MockCertIssuerSourceRequest : public CertIssuerSource::Request { + public: + MOCK_METHOD2(GetNext, void(ParsedCertificateList*, void*)); +}; + +class MockCertIssuerSource : public CertIssuerSource { + public: + MOCK_METHOD2(SyncGetIssuersOf, + void(const ParsedCertificate*, ParsedCertificateList*)); + MOCK_METHOD2(AsyncGetIssuersOf, + void(const ParsedCertificate*, std::unique_ptr*)); +}; +#endif // !_BORINGSSL_LIBPKI_ + +// Helper class to pass the Request to the PathBuilder when it calls +// AsyncGetIssuersOf. (GoogleMock has a ByMove helper, but it apparently can +// only be used with Return, not SetArgPointee.) +class CertIssuerSourceRequestMover { + public: + explicit CertIssuerSourceRequestMover( + std::unique_ptr req) + : request_(std::move(req)) {} + void MoveIt(const ParsedCertificate* cert, + std::unique_ptr* out_req) { + *out_req = std::move(request_); + } + + private: + std::unique_ptr request_; +}; + +// Functor that when called with a ParsedCertificateList* will append the +// specified certificate. +class AppendCertToList { + public: + explicit AppendCertToList( + const std::shared_ptr& cert) + : cert_(cert) {} + + void operator()(ParsedCertificateList* out, + void* debug_data) { + out->push_back(cert_); + } + + private: + std::shared_ptr cert_; +}; + +#if !defined(_BORINGSSL_LIBPKI_) +// Test that a single CertIssuerSource returning multiple async batches of +// issuers is handled correctly. Due to the StrictMocks, it also tests that path +// builder does not request issuers of certs that it shouldn't. +TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) { + StrictMock cert_issuer_source; + + // Only newroot is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newroot_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&cert_issuer_source); + + // Create the mock CertIssuerSource::Request... + auto target_issuers_req_owner = + std::make_unique>(); + // Keep a raw pointer to the Request... + StrictMock* target_issuers_req = + target_issuers_req_owner.get(); + // Setup helper class to pass ownership of the Request to the PathBuilder when + // it calls AsyncGetIssuersOf. + CertIssuerSourceRequestMover req_mover(std::move(target_issuers_req_owner)); + { + ::testing::InSequence s; + EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(target_.get(), _)); + EXPECT_CALL(cert_issuer_source, AsyncGetIssuersOf(target_.get(), _)) + .WillOnce(Invoke(&req_mover, &CertIssuerSourceRequestMover::MoveIt)); + } + + EXPECT_CALL(*target_issuers_req, GetNext(_, _)) + // First async batch: return oldintermediate_. + .WillOnce(Invoke(AppendCertToList(oldintermediate_))) + // Second async batch: return newintermediate_. + .WillOnce(Invoke(AppendCertToList(newintermediate_))); + { + ::testing::InSequence s; + // oldintermediate_ does not create a valid path, so both sync and async + // lookups are expected. + EXPECT_CALL(cert_issuer_source, + SyncGetIssuersOf(oldintermediate_.get(), _)); + EXPECT_CALL(cert_issuer_source, + AsyncGetIssuersOf(oldintermediate_.get(), _)); + } + + // newroot_ is in the trust store, so this path will be completed + // synchronously. AsyncGetIssuersOf will not be called on newintermediate_. + EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(newintermediate_.get(), _)); + + // Ensure pathbuilder finished and filled result. + auto result = path_builder.Run(); + + // Note that VerifyAndClearExpectations(target_issuers_req) is not called + // here. PathBuilder could have destroyed it already, so just let the + // expectations get checked by the destructor. + ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); + + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(2U, result.paths.size()); + + // Path builder first attempts: target <- oldintermediate <- newroot + // but it will fail since oldintermediate is signed by oldroot. + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path0 = *result.paths[0]; + ASSERT_EQ(3U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + EXPECT_EQ(oldintermediate_, path0.certs[1]); + EXPECT_EQ(newroot_, path0.certs[2]); + + // After the second batch of async results, path builder will attempt: + // target <- newintermediate <- newroot which will succeed. + EXPECT_TRUE(result.paths[1]->IsValid()); + const auto& path1 = *result.paths[1]; + ASSERT_EQ(3U, path1.certs.size()); + EXPECT_EQ(target_, path1.certs[0]); + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(newroot_, path1.certs[2]); +} + +// Test that PathBuilder will not try the same path twice if CertIssuerSources +// asynchronously provide the same certificate multiple times. +TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { + StrictMock cert_issuer_source; + + // Only newroot is a trusted root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(newroot_); + + CertPathBuilder path_builder( + target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_); + path_builder.AddCertIssuerSource(&cert_issuer_source); + + // Create the mock CertIssuerSource::Request... + auto target_issuers_req_owner = + std::make_unique>(); + // Keep a raw pointer to the Request... + StrictMock* target_issuers_req = + target_issuers_req_owner.get(); + // Setup helper class to pass ownership of the Request to the PathBuilder when + // it calls AsyncGetIssuersOf. + CertIssuerSourceRequestMover req_mover(std::move(target_issuers_req_owner)); + { + ::testing::InSequence s; + EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(target_.get(), _)); + EXPECT_CALL(cert_issuer_source, AsyncGetIssuersOf(target_.get(), _)) + .WillOnce(Invoke(&req_mover, &CertIssuerSourceRequestMover::MoveIt)); + } + + std::shared_ptr oldintermediate_dupe( + ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + oldintermediate_->der_cert().UnsafeData(), + oldintermediate_->der_cert().Length(), nullptr)), + {}, nullptr)); + + EXPECT_CALL(*target_issuers_req, GetNext(_, _)) + // First async batch: return oldintermediate_. + .WillOnce(Invoke(AppendCertToList(oldintermediate_))) + // Second async batch: return a different copy of oldintermediate_ again. + .WillOnce(Invoke(AppendCertToList(oldintermediate_dupe))) + // Third async batch: return newintermediate_. + .WillOnce(Invoke(AppendCertToList(newintermediate_))); + + { + ::testing::InSequence s; + // oldintermediate_ does not create a valid path, so both sync and async + // lookups are expected. + EXPECT_CALL(cert_issuer_source, + SyncGetIssuersOf(oldintermediate_.get(), _)); + EXPECT_CALL(cert_issuer_source, + AsyncGetIssuersOf(oldintermediate_.get(), _)); + } + + // newroot_ is in the trust store, so this path will be completed + // synchronously. AsyncGetIssuersOf will not be called on newintermediate_. + EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(newintermediate_.get(), _)); + + // Ensure pathbuilder finished and filled result. + auto result = path_builder.Run(); + + ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); + + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(2U, result.paths.size()); + + // Path builder first attempts: target <- oldintermediate <- newroot + // but it will fail since oldintermediate is signed by oldroot. + EXPECT_FALSE(result.paths[0]->IsValid()); + const auto& path0 = *result.paths[0]; + ASSERT_EQ(3U, path0.certs.size()); + EXPECT_EQ(target_, path0.certs[0]); + EXPECT_EQ(oldintermediate_, path0.certs[1]); + EXPECT_EQ(newroot_, path0.certs[2]); + + // The second async result does not generate any path. + + // After the third batch of async results, path builder will attempt: + // target <- newintermediate <- newroot which will succeed. + EXPECT_TRUE(result.paths[1]->IsValid()); + const auto& path1 = *result.paths[1]; + ASSERT_EQ(3U, path1.certs.size()); + EXPECT_EQ(target_, path1.certs[0]); + EXPECT_EQ(newintermediate_, path1.certs[1]); + EXPECT_EQ(newroot_, path1.certs[2]); +} +#endif // !_BORINGSSL_LIBPKI_ + +class PathBuilderSimpleChainTest : public ::testing::Test { + public: + PathBuilderSimpleChainTest() = default; + + protected: + void SetUp() override { + // Read a simple test chain comprised of a target, intermediate, and root. + ASSERT_TRUE(ReadVerifyCertChainTestFromFile( + "testdata/verify_certificate_chain_unittest/target-and-intermediate/" + "main.test", + &test_)); + ASSERT_EQ(3u, test_.chain.size()); + } + + // Runs the path builder for the target certificate while |distrusted_cert| is + // blocked, and |delegate| if non-null. + CertPathBuilder::Result RunPathBuilder( + const std::shared_ptr& distrusted_cert, + CertPathBuilderDelegate* optional_delegate) { + // Set up the trust store such that |distrusted_cert| is blocked, and + // the root is trusted (except if it was |distrusted_cert|). + TrustStoreInMemory trust_store; + if (distrusted_cert != test_.chain.back()) + trust_store.AddTrustAnchor(test_.chain.back()); + if (distrusted_cert) + trust_store.AddDistrustedCertificateForTest(distrusted_cert); + + // Add the single intermediate. + CertIssuerSourceStatic intermediates; + intermediates.AddCert(test_.chain[1]); + + SimplePathBuilderDelegate default_delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + CertPathBuilderDelegate* delegate = + optional_delegate ? optional_delegate : &default_delegate; + + const InitialExplicitPolicy initial_explicit_policy = + InitialExplicitPolicy::kFalse; + const std::set user_initial_policy_set = { + der::Input(kAnyPolicyOid)}; + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit = + InitialPolicyMappingInhibit::kFalse; + const InitialAnyPolicyInhibit initial_any_policy_inhibit = + InitialAnyPolicyInhibit::kFalse; + + CertPathBuilder path_builder( + test_.chain.front(), &trust_store, delegate, test_.time, + KeyPurpose::ANY_EKU, initial_explicit_policy, user_initial_policy_set, + initial_policy_mapping_inhibit, initial_any_policy_inhibit); + path_builder.AddCertIssuerSource(&intermediates); + return path_builder.Run(); + } + + protected: + VerifyCertChainTest test_; +}; + +// Test fixture for running the path builder over a simple chain, while varying +// the trustedness of certain certificates. +class PathBuilderDistrustTest : public PathBuilderSimpleChainTest { + public: + PathBuilderDistrustTest() = default; + + protected: + // Runs the path builder for the target certificate while |distrusted_cert| is + // blocked. + CertPathBuilder::Result RunPathBuilderWithDistrustedCert( + const std::shared_ptr& distrusted_cert) { + return RunPathBuilder(distrusted_cert, nullptr); + } +}; + +// Tests that path building fails when the target, intermediate, or root are +// distrusted (but the path is otherwise valid). +TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) { + // First do a control test -- path building without any blocked + // certificates should work. + CertPathBuilder::Result result = RunPathBuilderWithDistrustedCert(nullptr); + { + ASSERT_TRUE(result.HasValidPath()); + // The built path should be identical the the one read from disk. + const auto& path = *result.GetBestValidPath(); + ASSERT_EQ(test_.chain.size(), path.certs.size()); + for (size_t i = 0; i < test_.chain.size(); ++i) + EXPECT_EQ(test_.chain[i], path.certs[i]); + } + + // Try path building when only the target is blocked - should fail. + result = RunPathBuilderWithDistrustedCert(test_.chain[0]); + { + EXPECT_FALSE(result.HasValidPath()); + ASSERT_LT(result.best_result_index, result.paths.size()); + const auto& best_path = result.paths[result.best_result_index]; + + // The built chain has length 1 since path building stopped once + // it encountered the blocked certificate (target). + ASSERT_EQ(1u, best_path->certs.size()); + EXPECT_EQ(best_path->certs[0], test_.chain[0]); + EXPECT_TRUE(best_path->errors.ContainsHighSeverityErrors()); + best_path->errors.ContainsError(cert_errors::kDistrustedByTrustStore); + } + + // Try path building when only the intermediate is blocked - should fail. + result = RunPathBuilderWithDistrustedCert(test_.chain[1]); + { + EXPECT_FALSE(result.HasValidPath()); + ASSERT_LT(result.best_result_index, result.paths.size()); + const auto& best_path = result.paths[result.best_result_index]; + + // The built chain has length 2 since path building stopped once + // it encountered the blocked certificate (intermediate). + ASSERT_EQ(2u, best_path->certs.size()); + EXPECT_EQ(best_path->certs[0], test_.chain[0]); + EXPECT_EQ(best_path->certs[1], test_.chain[1]); + EXPECT_TRUE(best_path->errors.ContainsHighSeverityErrors()); + best_path->errors.ContainsError(cert_errors::kDistrustedByTrustStore); + } + + // Try path building when only the root is blocked - should fail. + result = RunPathBuilderWithDistrustedCert(test_.chain[2]); + { + EXPECT_FALSE(result.HasValidPath()); + ASSERT_LT(result.best_result_index, result.paths.size()); + const auto& best_path = result.paths[result.best_result_index]; + + // The built chain has length 3 since path building stopped once + // it encountered the blocked certificate (root). + ASSERT_EQ(3u, best_path->certs.size()); + EXPECT_EQ(best_path->certs[0], test_.chain[0]); + EXPECT_EQ(best_path->certs[1], test_.chain[1]); + EXPECT_EQ(best_path->certs[2], test_.chain[2]); + EXPECT_TRUE(best_path->errors.ContainsHighSeverityErrors()); + best_path->errors.ContainsError(cert_errors::kDistrustedByTrustStore); + } +} + +// Test fixture for running the path builder over a simple chain, while varying +// what CheckPathAfterVerification() does. +class PathBuilderCheckPathAfterVerificationTest + : public PathBuilderSimpleChainTest {}; + +class CertPathBuilderDelegateBase : public SimplePathBuilderDelegate { + public: + CertPathBuilderDelegateBase() + : SimplePathBuilderDelegate( + 1024, + SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1) {} + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override { + ADD_FAILURE() << "Tests must override this"; + } +}; + +#if !defined(_BORINGSSL_LIBPKI_) +class MockPathBuilderDelegate : public CertPathBuilderDelegateBase { + public: + MOCK_METHOD2(CheckPathAfterVerification, + void(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path)); +}; + +TEST_F(PathBuilderCheckPathAfterVerificationTest, NoOpToValidPath) { + StrictMock delegate; + // Just verify that the hook is called. + EXPECT_CALL(delegate, CheckPathAfterVerification(_, _)); + + CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate); + EXPECT_TRUE(result.HasValidPath()); +} +#endif // !_BORINGSSL_LIBPKI_ + +DEFINE_CERT_ERROR_ID(kWarningFromDelegate, "Warning from delegate"); + +class AddWarningPathBuilderDelegate : public CertPathBuilderDelegateBase { + public: + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override { + path->errors.GetErrorsForCert(1)->AddWarning(kWarningFromDelegate, nullptr); + } +}; + +TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsWarningToValidPath) { + AddWarningPathBuilderDelegate delegate; + CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate); + ASSERT_TRUE(result.HasValidPath()); + + // A warning should have been added to certificate at index 1 in the path. + const CertErrors* cert1_errors = + result.GetBestValidPath()->errors.GetErrorsForCert(1); + ASSERT_TRUE(cert1_errors); + EXPECT_TRUE(cert1_errors->ContainsError(kWarningFromDelegate)); +} + +DEFINE_CERT_ERROR_ID(kErrorFromDelegate, "Error from delegate"); + +class AddErrorPathBuilderDelegate : public CertPathBuilderDelegateBase { + public: + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override { + path->errors.GetErrorsForCert(2)->AddError(kErrorFromDelegate, nullptr); + } +}; + +TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) { + AddErrorPathBuilderDelegate delegate; + CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate); + + // Verification failed. + ASSERT_FALSE(result.HasValidPath()); + + ASSERT_LT(result.best_result_index, result.paths.size()); + const CertPathBuilderResultPath* failed_path = + result.paths[result.best_result_index].get(); + ASSERT_TRUE(failed_path); + + // An error should have been added to certificate at index 2 in the path. + const CertErrors* cert2_errors = failed_path->errors.GetErrorsForCert(2); + ASSERT_TRUE(cert2_errors); + EXPECT_TRUE(cert2_errors->ContainsError(kErrorFromDelegate)); +} + +#if !defined(_BORINGSSL_LIBPKI_) +TEST_F(PathBuilderCheckPathAfterVerificationTest, NoopToAlreadyInvalidPath) { + StrictMock delegate; + // Just verify that the hook is called (on an invalid path). + EXPECT_CALL(delegate, CheckPathAfterVerification(_, _)); + + // Run the pathbuilder with certificate at index 1 actively distrusted. + CertPathBuilder::Result result = RunPathBuilder(test_.chain[1], &delegate); + EXPECT_FALSE(result.HasValidPath()); +} + +struct DelegateData : public CertPathBuilderDelegateData { + int value = 0xB33F; +}; + +class SetsDelegateDataPathBuilderDelegate : public CertPathBuilderDelegateBase { + public: + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override { + path->delegate_data = std::make_unique(); + } +}; + +TEST_F(PathBuilderCheckPathAfterVerificationTest, SetsDelegateData) { + SetsDelegateDataPathBuilderDelegate delegate; + CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate); + ASSERT_TRUE(result.HasValidPath()); + + DelegateData* data = reinterpret_cast( + result.GetBestValidPath()->delegate_data.get()); + + EXPECT_EQ(0xB33F, data->value); +} +#endif // !_BORINGSSL_LIBPKI_ + +TEST(PathBuilderPrioritizationTest, DatePrioritization) { + std::string test_dir = + "testdata/path_builder_unittest/validity_date_prioritization/"; + std::shared_ptr root = + ReadCertFromFile(test_dir + "root.pem"); + ASSERT_TRUE(root); + std::shared_ptr int_ac = + ReadCertFromFile(test_dir + "int_ac.pem"); + ASSERT_TRUE(int_ac); + std::shared_ptr int_ad = + ReadCertFromFile(test_dir + "int_ad.pem"); + ASSERT_TRUE(int_ad); + std::shared_ptr int_bc = + ReadCertFromFile(test_dir + "int_bc.pem"); + ASSERT_TRUE(int_bc); + std::shared_ptr int_bd = + ReadCertFromFile(test_dir + "int_bd.pem"); + ASSERT_TRUE(int_bd); + std::shared_ptr target = + ReadCertFromFile(test_dir + "target.pem"); + ASSERT_TRUE(target); + + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + + // Distrust the root certificate. This will force the path builder to attempt + // all possible paths. + TrustStoreInMemory trust_store; + trust_store.AddDistrustedCertificateForTest(root); + + for (bool reverse_input_order : {false, true}) { + SCOPED_TRACE(reverse_input_order); + + CertIssuerSourceStatic intermediates; + // Test with the intermediates supplied in two different orders to ensure + // the results don't depend on input ordering. + if (reverse_input_order) { + intermediates.AddCert(int_bd); + intermediates.AddCert(int_bc); + intermediates.AddCert(int_ad); + intermediates.AddCert(int_ac); + } else { + intermediates.AddCert(int_ac); + intermediates.AddCert(int_ad); + intermediates.AddCert(int_bc); + intermediates.AddCert(int_bd); + } + + CertPathBuilder path_builder( + target, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + path_builder.AddCertIssuerSource(&intermediates); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(4U, result.paths.size()); + + // Path builder should have attempted paths using the intermediates in + // order: bd, bc, ad, ac + + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(target, result.paths[0]->certs[0]); + EXPECT_EQ(int_bd, result.paths[0]->certs[1]); + EXPECT_EQ(root, result.paths[0]->certs[2]); + + EXPECT_FALSE(result.paths[1]->IsValid()); + ASSERT_EQ(3U, result.paths[1]->certs.size()); + EXPECT_EQ(target, result.paths[1]->certs[0]); + EXPECT_EQ(int_bc, result.paths[1]->certs[1]); + EXPECT_EQ(root, result.paths[1]->certs[2]); + + EXPECT_FALSE(result.paths[2]->IsValid()); + ASSERT_EQ(3U, result.paths[2]->certs.size()); + EXPECT_EQ(target, result.paths[2]->certs[0]); + EXPECT_EQ(int_ad, result.paths[2]->certs[1]); + EXPECT_EQ(root, result.paths[2]->certs[2]); + + EXPECT_FALSE(result.paths[3]->IsValid()); + ASSERT_EQ(3U, result.paths[3]->certs.size()); + EXPECT_EQ(target, result.paths[3]->certs[0]); + EXPECT_EQ(int_ac, result.paths[3]->certs[1]); + EXPECT_EQ(root, result.paths[3]->certs[2]); + } +} + +TEST(PathBuilderPrioritizationTest, KeyIdPrioritization) { + std::string test_dir = + "testdata/path_builder_unittest/key_id_prioritization/"; + std::shared_ptr root = + ReadCertFromFile(test_dir + "root.pem"); + ASSERT_TRUE(root); + std::shared_ptr int_matching_ski_a = + ReadCertFromFile(test_dir + "int_matching_ski_a.pem"); + ASSERT_TRUE(int_matching_ski_a); + std::shared_ptr int_matching_ski_b = + ReadCertFromFile(test_dir + "int_matching_ski_b.pem"); + ASSERT_TRUE(int_matching_ski_b); + std::shared_ptr int_no_ski_a = + ReadCertFromFile(test_dir + "int_no_ski_a.pem"); + ASSERT_TRUE(int_no_ski_a); + std::shared_ptr int_no_ski_b = + ReadCertFromFile(test_dir + "int_no_ski_b.pem"); + ASSERT_TRUE(int_no_ski_b); + std::shared_ptr int_different_ski_a = + ReadCertFromFile(test_dir + "int_different_ski_a.pem"); + ASSERT_TRUE(int_different_ski_a); + std::shared_ptr int_different_ski_b = + ReadCertFromFile(test_dir + "int_different_ski_b.pem"); + ASSERT_TRUE(int_different_ski_b); + std::shared_ptr target = + ReadCertFromFile(test_dir + "target.pem"); + ASSERT_TRUE(target); + + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + + // Distrust the root certificate. This will force the path builder to attempt + // all possible paths. + TrustStoreInMemory trust_store; + trust_store.AddDistrustedCertificateForTest(root); + + for (bool reverse_input_order : {false, true}) { + SCOPED_TRACE(reverse_input_order); + + CertIssuerSourceStatic intermediates; + // Test with the intermediates supplied in two different orders to ensure + // the results don't depend on input ordering. + if (reverse_input_order) { + intermediates.AddCert(int_different_ski_b); + intermediates.AddCert(int_different_ski_a); + intermediates.AddCert(int_no_ski_b); + intermediates.AddCert(int_no_ski_a); + intermediates.AddCert(int_matching_ski_b); + intermediates.AddCert(int_matching_ski_a); + } else { + intermediates.AddCert(int_matching_ski_a); + intermediates.AddCert(int_matching_ski_b); + intermediates.AddCert(int_no_ski_a); + intermediates.AddCert(int_no_ski_b); + intermediates.AddCert(int_different_ski_a); + intermediates.AddCert(int_different_ski_b); + } + + CertPathBuilder path_builder( + target, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + path_builder.AddCertIssuerSource(&intermediates); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(6U, result.paths.size()); + + // Path builder should have attempted paths using the intermediates in + // order: matching_ski_b, matching_ski_a, no_ski_b, no_ski_a, + // different_ski_b, different_ski_a + + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(target, result.paths[0]->certs[0]); + EXPECT_EQ(int_matching_ski_b, result.paths[0]->certs[1]); + EXPECT_EQ(root, result.paths[0]->certs[2]); + + EXPECT_FALSE(result.paths[1]->IsValid()); + ASSERT_EQ(3U, result.paths[1]->certs.size()); + EXPECT_EQ(target, result.paths[1]->certs[0]); + EXPECT_EQ(int_matching_ski_a, result.paths[1]->certs[1]); + EXPECT_EQ(root, result.paths[1]->certs[2]); + + EXPECT_FALSE(result.paths[2]->IsValid()); + ASSERT_EQ(3U, result.paths[2]->certs.size()); + EXPECT_EQ(target, result.paths[2]->certs[0]); + EXPECT_EQ(int_no_ski_b, result.paths[2]->certs[1]); + EXPECT_EQ(root, result.paths[2]->certs[2]); + + EXPECT_FALSE(result.paths[3]->IsValid()); + ASSERT_EQ(3U, result.paths[3]->certs.size()); + EXPECT_EQ(target, result.paths[3]->certs[0]); + EXPECT_EQ(int_no_ski_a, result.paths[3]->certs[1]); + EXPECT_EQ(root, result.paths[3]->certs[2]); + + EXPECT_FALSE(result.paths[4]->IsValid()); + ASSERT_EQ(3U, result.paths[4]->certs.size()); + EXPECT_EQ(target, result.paths[4]->certs[0]); + EXPECT_EQ(int_different_ski_b, result.paths[4]->certs[1]); + EXPECT_EQ(root, result.paths[4]->certs[2]); + + EXPECT_FALSE(result.paths[5]->IsValid()); + ASSERT_EQ(3U, result.paths[5]->certs.size()); + EXPECT_EQ(target, result.paths[5]->certs[0]); + EXPECT_EQ(int_different_ski_a, result.paths[5]->certs[1]); + EXPECT_EQ(root, result.paths[5]->certs[2]); + } +} + +TEST(PathBuilderPrioritizationTest, TrustAndKeyIdPrioritization) { + std::string test_dir = + "testdata/path_builder_unittest/key_id_prioritization/"; + std::shared_ptr root = + ReadCertFromFile(test_dir + "root.pem"); + ASSERT_TRUE(root); + std::shared_ptr trusted_and_matching = + ReadCertFromFile(test_dir + "int_matching_ski_a.pem"); + ASSERT_TRUE(trusted_and_matching); + std::shared_ptr matching = + ReadCertFromFile(test_dir + "int_matching_ski_b.pem"); + ASSERT_TRUE(matching); + std::shared_ptr distrusted_and_matching = + ReadCertFromFile(test_dir + "int_matching_ski_c.pem"); + ASSERT_TRUE(distrusted_and_matching); + std::shared_ptr trusted_and_no_match_data = + ReadCertFromFile(test_dir + "int_no_ski_a.pem"); + ASSERT_TRUE(trusted_and_no_match_data); + std::shared_ptr no_match_data = + ReadCertFromFile(test_dir + "int_no_ski_b.pem"); + ASSERT_TRUE(no_match_data); + std::shared_ptr distrusted_and_no_match_data = + ReadCertFromFile(test_dir + "int_no_ski_c.pem"); + ASSERT_TRUE(distrusted_and_no_match_data); + std::shared_ptr trusted_and_mismatch = + ReadCertFromFile(test_dir + "int_different_ski_a.pem"); + ASSERT_TRUE(trusted_and_mismatch); + std::shared_ptr mismatch = + ReadCertFromFile(test_dir + "int_different_ski_b.pem"); + ASSERT_TRUE(mismatch); + std::shared_ptr distrusted_and_mismatch = + ReadCertFromFile(test_dir + "int_different_ski_c.pem"); + ASSERT_TRUE(distrusted_and_mismatch); + std::shared_ptr target = + ReadCertFromFile(test_dir + "target.pem"); + ASSERT_TRUE(target); + + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + + for (bool reverse_input_order : {false, true}) { + SCOPED_TRACE(reverse_input_order); + + TrustStoreInMemory trust_store; + // Test with the intermediates supplied in two different orders to ensure + // the results don't depend on input ordering. + if (reverse_input_order) { + trust_store.AddTrustAnchor(trusted_and_matching); + trust_store.AddCertificateWithUnspecifiedTrust(matching); + trust_store.AddDistrustedCertificateForTest(distrusted_and_matching); + trust_store.AddTrustAnchor(trusted_and_no_match_data); + trust_store.AddCertificateWithUnspecifiedTrust(no_match_data); + trust_store.AddDistrustedCertificateForTest(distrusted_and_no_match_data); + trust_store.AddTrustAnchor(trusted_and_mismatch); + trust_store.AddCertificateWithUnspecifiedTrust(mismatch); + trust_store.AddDistrustedCertificateForTest(distrusted_and_mismatch); + } else { + trust_store.AddDistrustedCertificateForTest(distrusted_and_matching); + trust_store.AddCertificateWithUnspecifiedTrust(no_match_data); + trust_store.AddTrustAnchor(trusted_and_no_match_data); + trust_store.AddTrustAnchor(trusted_and_matching); + trust_store.AddCertificateWithUnspecifiedTrust(matching); + trust_store.AddCertificateWithUnspecifiedTrust(mismatch); + trust_store.AddDistrustedCertificateForTest(distrusted_and_no_match_data); + trust_store.AddTrustAnchor(trusted_and_mismatch); + trust_store.AddDistrustedCertificateForTest(distrusted_and_mismatch); + } + // Also distrust the root certificate. This will force the path builder to + // report paths that included an unspecified trust intermediate. + trust_store.AddDistrustedCertificateForTest(root); + + CertPathBuilder path_builder( + target, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + path_builder.SetExploreAllPaths(true); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_TRUE(result.HasValidPath()); + ASSERT_EQ(9U, result.paths.size()); + + // Path builder should have attempted paths using the intermediates in + // order: trusted_and_matching, trusted_and_no_match_data, matching, + // no_match_data, trusted_and_mismatch, mismatch, distrusted_and_matching, + // distrusted_and_no_match_data, distrusted_and_mismatch. + + EXPECT_TRUE(result.paths[0]->IsValid()); + ASSERT_EQ(2U, result.paths[0]->certs.size()); + EXPECT_EQ(target, result.paths[0]->certs[0]); + EXPECT_EQ(trusted_and_matching, result.paths[0]->certs[1]); + + EXPECT_TRUE(result.paths[1]->IsValid()); + ASSERT_EQ(2U, result.paths[1]->certs.size()); + EXPECT_EQ(target, result.paths[1]->certs[0]); + EXPECT_EQ(trusted_and_no_match_data, result.paths[1]->certs[1]); + + EXPECT_FALSE(result.paths[2]->IsValid()); + ASSERT_EQ(3U, result.paths[2]->certs.size()); + EXPECT_EQ(target, result.paths[2]->certs[0]); + EXPECT_EQ(matching, result.paths[2]->certs[1]); + EXPECT_EQ(root, result.paths[2]->certs[2]); + + EXPECT_FALSE(result.paths[3]->IsValid()); + ASSERT_EQ(3U, result.paths[3]->certs.size()); + EXPECT_EQ(target, result.paths[3]->certs[0]); + EXPECT_EQ(no_match_data, result.paths[3]->certs[1]); + EXPECT_EQ(root, result.paths[3]->certs[2]); + + // Although this intermediate is trusted, it has the wrong key, so + // the path should not be valid. + EXPECT_FALSE(result.paths[4]->IsValid()); + ASSERT_EQ(2U, result.paths[4]->certs.size()); + EXPECT_EQ(target, result.paths[4]->certs[0]); + EXPECT_EQ(trusted_and_mismatch, result.paths[4]->certs[1]); + + EXPECT_FALSE(result.paths[5]->IsValid()); + ASSERT_EQ(3U, result.paths[5]->certs.size()); + EXPECT_EQ(target, result.paths[5]->certs[0]); + EXPECT_EQ(mismatch, result.paths[5]->certs[1]); + EXPECT_EQ(root, result.paths[5]->certs[2]); + + EXPECT_FALSE(result.paths[6]->IsValid()); + ASSERT_EQ(2U, result.paths[6]->certs.size()); + EXPECT_EQ(target, result.paths[6]->certs[0]); + EXPECT_EQ(distrusted_and_matching, result.paths[6]->certs[1]); + + EXPECT_FALSE(result.paths[7]->IsValid()); + ASSERT_EQ(2U, result.paths[7]->certs.size()); + EXPECT_EQ(target, result.paths[7]->certs[0]); + EXPECT_EQ(distrusted_and_no_match_data, result.paths[7]->certs[1]); + + EXPECT_FALSE(result.paths[8]->IsValid()); + ASSERT_EQ(2U, result.paths[8]->certs.size()); + EXPECT_EQ(target, result.paths[8]->certs[0]); + EXPECT_EQ(distrusted_and_mismatch, result.paths[8]->certs[1]); + } +} + +// PathBuilder does not support prioritization based on the issuer name & +// serial in authorityKeyIdentifier, so this test just ensures that it does not +// affect prioritization order and that it is generally just ignored +// completely. +TEST(PathBuilderPrioritizationTest, KeyIdNameAndSerialPrioritization) { + std::string test_dir = + "testdata/path_builder_unittest/key_id_name_and_serial_prioritization/"; + std::shared_ptr root = + ReadCertFromFile(test_dir + "root.pem"); + ASSERT_TRUE(root); + std::shared_ptr root2 = + ReadCertFromFile(test_dir + "root2.pem"); + ASSERT_TRUE(root2); + std::shared_ptr int_matching = + ReadCertFromFile(test_dir + "int_matching.pem"); + ASSERT_TRUE(int_matching); + std::shared_ptr int_match_name_only = + ReadCertFromFile(test_dir + "int_match_name_only.pem"); + ASSERT_TRUE(int_match_name_only); + std::shared_ptr int_mismatch = + ReadCertFromFile(test_dir + "int_mismatch.pem"); + ASSERT_TRUE(int_mismatch); + std::shared_ptr target = + ReadCertFromFile(test_dir + "target.pem"); + ASSERT_TRUE(target); + + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + + // Distrust the root certificates. This will force the path builder to attempt + // all possible paths. + TrustStoreInMemory trust_store; + trust_store.AddDistrustedCertificateForTest(root); + trust_store.AddDistrustedCertificateForTest(root2); + + for (bool reverse_input_order : {false, true}) { + SCOPED_TRACE(reverse_input_order); + + CertIssuerSourceStatic intermediates; + // Test with the intermediates supplied in two different orders to ensure + // the results don't depend on input ordering. + if (reverse_input_order) { + intermediates.AddCert(int_mismatch); + intermediates.AddCert(int_match_name_only); + intermediates.AddCert(int_matching); + } else { + intermediates.AddCert(int_matching); + intermediates.AddCert(int_match_name_only); + intermediates.AddCert(int_mismatch); + } + + CertPathBuilder path_builder( + target, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + path_builder.AddCertIssuerSource(&intermediates); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_FALSE(result.HasValidPath()); + ASSERT_EQ(3U, result.paths.size()); + + // The serial & issuer method is not used in prioritization, so the certs + // should have been prioritized based on dates. The test certs have the + // date priority order in the reverse of what authorityKeyIdentifier + // prioritization would have done if it were supported. + // Path builder should have attempted paths using the intermediates in + // order: mismatch, match_name_only, matching + + EXPECT_FALSE(result.paths[0]->IsValid()); + ASSERT_EQ(3U, result.paths[0]->certs.size()); + EXPECT_EQ(target, result.paths[0]->certs[0]); + EXPECT_EQ(int_mismatch, result.paths[0]->certs[1]); + EXPECT_EQ(root2, result.paths[0]->certs[2]); + + EXPECT_FALSE(result.paths[1]->IsValid()); + ASSERT_EQ(3U, result.paths[1]->certs.size()); + EXPECT_EQ(target, result.paths[1]->certs[0]); + EXPECT_EQ(int_match_name_only, result.paths[1]->certs[1]); + EXPECT_EQ(root, result.paths[1]->certs[2]); + + EXPECT_FALSE(result.paths[2]->IsValid()); + ASSERT_EQ(3U, result.paths[2]->certs.size()); + EXPECT_EQ(target, result.paths[2]->certs[0]); + EXPECT_EQ(int_matching, result.paths[2]->certs[1]); + EXPECT_EQ(root, result.paths[2]->certs[2]); + } +} + +TEST(PathBuilderPrioritizationTest, SelfIssuedPrioritization) { + std::string test_dir = + "testdata/path_builder_unittest/self_issued_prioritization/"; + std::shared_ptr root1 = + ReadCertFromFile(test_dir + "root1.pem"); + ASSERT_TRUE(root1); + std::shared_ptr root1_cross = + ReadCertFromFile(test_dir + "root1_cross.pem"); + ASSERT_TRUE(root1_cross); + std::shared_ptr target = + ReadCertFromFile(test_dir + "target.pem"); + ASSERT_TRUE(target); + + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + der::GeneralizedTime verify_time = {2017, 3, 1, 0, 0, 0}; + + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(root1); + trust_store.AddTrustAnchor(root1_cross); + CertPathBuilder path_builder( + target, &trust_store, &delegate, verify_time, KeyPurpose::ANY_EKU, + InitialExplicitPolicy::kFalse, {der::Input(kAnyPolicyOid)}, + InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse); + path_builder.SetExploreAllPaths(true); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_TRUE(result.HasValidPath()); + + // Path builder should have built paths to both trusted roots. + ASSERT_EQ(2U, result.paths.size()); + + // |root1| should have been preferred because it is self-issued, even though + // the notBefore date is older than |root1_cross|. + EXPECT_TRUE(result.paths[0]->IsValid()); + ASSERT_EQ(2U, result.paths[0]->certs.size()); + EXPECT_EQ(target, result.paths[0]->certs[0]); + EXPECT_EQ(root1, result.paths[0]->certs[1]); + + EXPECT_TRUE(result.paths[1]->IsValid()); + ASSERT_EQ(2U, result.paths[1]->certs.size()); + EXPECT_EQ(target, result.paths[1]->certs[0]); + EXPECT_EQ(root1_cross, result.paths[1]->certs[1]); +} + +} // namespace + +} // namespace net diff --git a/pki/path_builder_verify_certificate_chain_unittest.cc b/pki/path_builder_verify_certificate_chain_unittest.cc new file mode 100644 index 0000000000..b2cac64e58 --- /dev/null +++ b/pki/path_builder_verify_certificate_chain_unittest.cc @@ -0,0 +1,55 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "path_builder.h" + +#include "cert_issuer_source_static.h" +#include "simple_path_builder_delegate.h" +#include "trust_store_in_memory.h" +#include "verify_certificate_chain_typed_unittest.h" + +namespace bssl { + +namespace { + +class PathBuilderTestDelegate { + public: + static void Verify(const VerifyCertChainTest& test, + const std::string& test_file_path) { + SimplePathBuilderDelegate path_builder_delegate(1024, test.digest_policy); + ASSERT_FALSE(test.chain.empty()); + + TrustStoreInMemory trust_store; + trust_store.AddCertificate(test.chain.back(), test.last_cert_trust); + + CertIssuerSourceStatic intermediate_cert_issuer_source; + for (size_t i = 1; i < test.chain.size(); ++i) + intermediate_cert_issuer_source.AddCert(test.chain[i]); + + // First cert in the |chain| is the target. + CertPathBuilder path_builder( + test.chain.front(), &trust_store, &path_builder_delegate, test.time, + test.key_purpose, test.initial_explicit_policy, + test.user_initial_policy_set, test.initial_policy_mapping_inhibit, + test.initial_any_policy_inhibit); + path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); + + CertPathBuilder::Result result = path_builder.Run(); + EXPECT_EQ(!test.HasHighSeverityErrors(), result.HasValidPath()); + if (result.HasValidPath()) { + VerifyUserConstrainedPolicySet( + test.expected_user_constrained_policy_set, + result.GetBestValidPath()->user_constrained_policy_set, + test_file_path); + } + } +}; + +} // namespace + +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + VerifyCertificateChainSingleRootTest, + PathBuilderTestDelegate); + +} // namespace net diff --git a/pki/pem.cc b/pki/pem.cc new file mode 100644 index 0000000000..af9d1937d4 --- /dev/null +++ b/pki/pem.cc @@ -0,0 +1,143 @@ +// Copyright 2010 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "string_util.h" +#include "pem.h" + +#include "fillins/base64.h" +#include + +#include "fillins/string_util.h" + +namespace { + +constexpr std::string_view kPEMHeaderBeginBlock = "-----BEGIN "; +constexpr std::string_view kPEMHeaderEndBlock = "-----END "; +constexpr std::string_view kPEMHeaderTail = "-----"; + +} // namespace + +namespace bssl { + + + +struct PEMTokenizer::PEMType { + std::string type; + std::string header; + std::string footer; +}; + +PEMTokenizer::PEMTokenizer( + std::string_view str, + const std::vector& allowed_block_types) { + Init(str, allowed_block_types); +} + +PEMTokenizer::~PEMTokenizer() = default; + +bool PEMTokenizer::GetNext() { + while (pos_ != std::string_view::npos) { + // Scan for the beginning of the next PEM encoded block. + pos_ = str_.find(kPEMHeaderBeginBlock, pos_); + if (pos_ == std::string_view::npos) + return false; // No more PEM blocks + + std::vector::const_iterator it; + // Check to see if it is of an acceptable block type. + for (it = block_types_.begin(); it != block_types_.end(); ++it) { + if (!bssl::string_util::StartsWith(str_.substr(pos_), it->header)) + continue; + + // Look for a footer matching the header. If none is found, then all + // data following this point is invalid and should not be parsed. + std::string_view::size_type footer_pos = str_.find(it->footer, pos_); + if (footer_pos == std::string_view::npos) { + pos_ = std::string_view::npos; + return false; + } + + // Chop off the header and footer and parse the data in between. + std::string_view::size_type data_begin = pos_ + it->header.size(); + pos_ = footer_pos + it->footer.size(); + block_type_ = it->type; + + std::string_view encoded = str_.substr(data_begin, footer_pos - data_begin); + if (!fillins::Base64Decode(fillins::CollapseWhitespaceASCII(encoded, true), + &data_)) { + // The most likely cause for a decode failure is a datatype that + // includes PEM headers, which are not supported. + break; + } + + return true; + } + + // If the block did not match any acceptable type, move past it and + // continue the search. Otherwise, |pos_| has been updated to the most + // appropriate search position to continue searching from and should not + // be adjusted. + if (it == block_types_.end()) + pos_ += kPEMHeaderBeginBlock.size(); + } + + return false; +} + +void PEMTokenizer::Init(std::string_view str, + const std::vector& allowed_block_types) { + str_ = str; + pos_ = 0; + + // Construct PEM header/footer strings for all the accepted types, to + // reduce parsing later. + for (const auto& allowed_block_type : allowed_block_types) { + PEMType allowed_type; + allowed_type.type = allowed_block_type; + allowed_type.header = kPEMHeaderBeginBlock; + allowed_type.header.append(allowed_block_type); + allowed_type.header.append(kPEMHeaderTail); + allowed_type.footer = kPEMHeaderEndBlock; + allowed_type.footer.append(allowed_block_type); + allowed_type.footer.append(kPEMHeaderTail); + block_types_.push_back(allowed_type); + } +} + +std::string PEMEncode(std::string_view data, const std::string& type) { + std::string b64_encoded; + fillins::Base64Encode(data, &b64_encoded); + + // Divide the Base-64 encoded data into 64-character chunks, as per + // 4.3.2.4 of RFC 1421. + static const size_t kChunkSize = 64; + size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize; + + std::string pem_encoded; + pem_encoded.reserve( + // header & footer + 17 + 15 + type.size() * 2 + + // encoded data + b64_encoded.size() + + // newline characters for line wrapping in encoded data + chunks); + + pem_encoded = kPEMHeaderBeginBlock; + pem_encoded.append(type); + pem_encoded.append(kPEMHeaderTail); + pem_encoded.append("\n"); + + for (size_t i = 0, chunk_offset = 0; i < chunks; + ++i, chunk_offset += kChunkSize) { + pem_encoded.append(b64_encoded, chunk_offset, kChunkSize); + pem_encoded.append("\n"); + } + + pem_encoded.append(kPEMHeaderEndBlock); + pem_encoded.append(type); + pem_encoded.append(kPEMHeaderTail); + pem_encoded.append("\n"); + return pem_encoded; +} + +} // namespace net diff --git a/pki/pem.h b/pki/pem.h new file mode 100644 index 0000000000..6bd1e41db6 --- /dev/null +++ b/pki/pem.h @@ -0,0 +1,88 @@ +// Copyright 2011 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_PEM_H_ +#define BSSL_PKI_PEM_H_ + +#include "fillins/openssl_util.h" +#include + +#include +#include + +#include + + + +namespace bssl { + +// PEMTokenizer is a utility class for the parsing of data encapsulated +// using RFC 1421, Privacy Enhancement for Internet Electronic Mail. It +// does not implement the full specification, most notably it does not +// support the Encapsulated Header Portion described in Section 4.4. +class OPENSSL_EXPORT PEMTokenizer { + public: + // Create a new PEMTokenizer that iterates through |str| searching for + // instances of PEM encoded blocks that are of the |allowed_block_types|. + // |str| must remain valid for the duration of the PEMTokenizer. + PEMTokenizer(std::string_view str, + const std::vector& allowed_block_types); + + PEMTokenizer(const PEMTokenizer&) = delete; + PEMTokenizer& operator=(const PEMTokenizer&) = delete; + + ~PEMTokenizer(); + + // Attempts to decode the next PEM block in the string. Returns false if no + // PEM blocks can be decoded. The decoded PEM block will be available via + // data(). + bool GetNext(); + + // Returns the PEM block type (eg: CERTIFICATE) of the last successfully + // decoded PEM block. + // GetNext() must have returned true before calling this method. + const std::string& block_type() const { return block_type_; } + + // Returns the raw, Base64-decoded data of the last successfully decoded + // PEM block. + // GetNext() must have returned true before calling this method. + const std::string& data() const { return data_; } + + private: + void Init(std::string_view str, + const std::vector& allowed_block_types); + + // A simple cache of the allowed PEM header and footer for a given PEM + // block type, so that it is only computed once. + struct PEMType; + + // The string to search, which must remain valid for as long as this class + // is around. + std::string_view str_; + + // The current position within |str_| that searching should begin from, + // or std::string_view::npos if iteration is complete + std::string_view::size_type pos_; + + // The type of data that was encoded, as indicated in the PEM + // Pre-Encapsulation Boundary (eg: CERTIFICATE, PKCS7, or + // PRIVACY-ENHANCED MESSAGE). + std::string block_type_; + + // The types of PEM blocks that are allowed. PEM blocks that are not of + // one of these types will be skipped. + std::vector block_types_; + + // The raw (Base64-decoded) data of the last successfully decoded block. + std::string data_; +}; + +// Encodes |data| in the encapsulated message format described in RFC 1421, +// with |type| as the PEM block type (eg: CERTIFICATE). +OPENSSL_EXPORT std::string PEMEncode(std::string_view data, + const std::string& type); + +} // namespace net + +#endif // BSSL_PKI_PEM_H_ diff --git a/pki/revocation_util.cc b/pki/revocation_util.cc new file mode 100644 index 0000000000..801a54599c --- /dev/null +++ b/pki/revocation_util.cc @@ -0,0 +1,59 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "revocation_util.h" + +#include "encode_values.h" +#include "parse_values.h" + +namespace bssl { + +namespace { + +constexpr int64_t kMinValidTime = -62167219200; // 0000-01-01 00:00:00 UTC +constexpr int64_t kMaxValidTime = 253402300799; // 9999-12-31 23:59:59 UTC + +} // namespace + +bool CheckRevocationDateValid(const der::GeneralizedTime& this_update, + const der::GeneralizedTime* next_update, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds) { + if (verify_time_epoch_seconds > kMaxValidTime || + verify_time_epoch_seconds < kMinValidTime || + (max_age_seconds.has_value() && + (max_age_seconds.value() > kMaxValidTime || + max_age_seconds.value() < 0))) { + return false; + } + der::GeneralizedTime verify_time; + if (!der::EncodePosixTimeAsGeneralizedTime(verify_time_epoch_seconds, + &verify_time)) { + return false; + } + + if (this_update > verify_time) { + return false; // Response is not yet valid. + } + + if (next_update && (*next_update <= verify_time)) { + return false; // Response is no longer valid. + } + + if (max_age_seconds.has_value()) { + der::GeneralizedTime earliest_this_update; + if (!der::EncodePosixTimeAsGeneralizedTime( + verify_time_epoch_seconds - max_age_seconds.value(), + &earliest_this_update)) { + return false; + } + if (this_update < earliest_this_update) { + return false; // Response is too old. + } + } + + return true; +} + +} // namespace net diff --git a/pki/revocation_util.h b/pki/revocation_util.h new file mode 100644 index 0000000000..33c12ef2b2 --- /dev/null +++ b/pki/revocation_util.h @@ -0,0 +1,33 @@ +// Copyright 2019 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_REVOCATION_UTIL_H_ +#define BSSL_PKI_REVOCATION_UTIL_H_ + +#include "fillins/openssl_util.h" + +#include + +#include + +namespace bssl { + +namespace der { +struct GeneralizedTime; +} + +// Returns true if a revocation status with |this_update| field and potentially +// a |next_update| field, is valid at POSIX time |verify_time_epoch_seconds| and +// not older than |max_age_seconds| seconds, if specified. Expressed +// differently, returns true if |this_update <= verify_time < next_update|, and +// |this_update >= verify_time - max_age|. +[[nodiscard]] OPENSSL_EXPORT bool CheckRevocationDateValid( + const der::GeneralizedTime& this_update, + const der::GeneralizedTime* next_update, + int64_t verify_time_epoch_seconds, + std::optional max_age_seconds); + +} // namespace net + +#endif // BSSL_PKI_REVOCATION_UTIL_H_ diff --git a/pki/signature_algorithm.cc b/pki/signature_algorithm.cc new file mode 100644 index 0000000000..e66ef12100 --- /dev/null +++ b/pki/signature_algorithm.cc @@ -0,0 +1,420 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "signature_algorithm.h" + +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include +#include + +namespace bssl { + +namespace { + +// From RFC 5912: +// +// sha1WithRSAEncryption OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +// pkcs-1(1) 5 } +// +// In dotted notation: 1.2.840.113549.1.1.5 +const uint8_t kOidSha1WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x05}; + +// sha1WithRSASignature is a deprecated equivalent of +// sha1WithRSAEncryption. +// +// It originates from the NIST Open Systems Environment (OSE) +// Implementor's Workshop (OIW). +// +// It is supported for compatibility with Microsoft's certificate APIs and +// tools, particularly makecert.exe, which default(ed/s) to this OID for SHA-1. +// +// See also: https://bugzilla.mozilla.org/show_bug.cgi?id=1042479 +// +// In dotted notation: 1.3.14.3.2.29 +const uint8_t kOidSha1WithRsaSignature[] = {0x2b, 0x0e, 0x03, 0x02, 0x1d}; + +// From RFC 5912: +// +// pkcs-1 OBJECT IDENTIFIER ::= +// { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } + +// From RFC 5912: +// +// sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } +// +// In dotted notation: 1.2.840.113549.1.1.11 +const uint8_t kOidSha256WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b}; + +// From RFC 5912: +// +// sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } +// +// In dotted notation: 1.2.840.113549.1.1.11 +const uint8_t kOidSha384WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0c}; + +// From RFC 5912: +// +// sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } +// +// In dotted notation: 1.2.840.113549.1.1.13 +const uint8_t kOidSha512WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0d}; + +// From RFC 5912: +// +// ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) +// signatures(4) 1 } +// +// In dotted notation: 1.2.840.10045.4.1 +const uint8_t kOidEcdsaWithSha1[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01}; + +// From RFC 5912: +// +// ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +// ecdsa-with-SHA2(3) 2 } +// +// In dotted notation: 1.2.840.10045.4.3.2 +const uint8_t kOidEcdsaWithSha256[] = {0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02}; + +// From RFC 5912: +// +// ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +// ecdsa-with-SHA2(3) 3 } +// +// In dotted notation: 1.2.840.10045.4.3.3 +const uint8_t kOidEcdsaWithSha384[] = {0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x03}; + +// From RFC 5912: +// +// ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +// ecdsa-with-SHA2(3) 4 } +// +// In dotted notation: 1.2.840.10045.4.3.4 +const uint8_t kOidEcdsaWithSha512[] = {0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x04}; + +// From RFC 5912: +// +// id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } +// +// In dotted notation: 1.2.840.113549.1.1.10 +const uint8_t kOidRsaSsaPss[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0a}; + +// From RFC 5912: +// +// id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } +// +// In dotted notation: 1.2.840.113549.1.1.8 +const uint8_t kOidMgf1[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x08}; + +// Returns true if |input| is empty. +[[nodiscard]] bool IsEmpty(const der::Input& input) { + return input.Length() == 0; +} + +// Returns true if the entirety of the input is a NULL value. +[[nodiscard]] bool IsNull(const der::Input& input) { + der::Parser parser(input); + der::Input null_value; + if (!parser.ReadTag(der::kNull, &null_value)) + return false; + + // NULL values are TLV encoded; the value is expected to be empty. + if (!IsEmpty(null_value)) + return false; + + // By definition of this function, the entire input must be a NULL. + return !parser.HasMore(); +} + +[[nodiscard]] bool IsNullOrEmpty(const der::Input& input) { + return IsNull(input) || IsEmpty(input); +} + +// Parses a MaskGenAlgorithm as defined by RFC 5912: +// +// MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM, +// {PKCS1MGFAlgorithms}} +// +// mgf1SHA1 MaskGenAlgorithm ::= { +// algorithm id-mgf1, +// parameters HashAlgorithm : sha1Identifier +// } +// +// -- +// -- Define the set of mask generation functions +// -- +// -- If the identifier is id-mgf1, any of the listed hash +// -- algorithms may be used. +// -- +// +// PKCS1MGFAlgorithms ALGORITHM ::= { +// { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required }, +// ... +// } +// +// Note that the possible mask gen algorithms is extensible. However at present +// the only function supported is MGF1, as that is the singular mask gen +// function defined by RFC 4055 / RFC 5912. +[[nodiscard]] bool ParseMaskGenAlgorithm(const der::Input input, + DigestAlgorithm* mgf1_hash) { + der::Input oid; + der::Input params; + if (!ParseAlgorithmIdentifier(input, &oid, ¶ms)) + return false; + + // MGF1 is the only supported mask generation algorithm. + if (oid != der::Input(kOidMgf1)) + return false; + + return ParseHashAlgorithm(params, mgf1_hash); +} + +// Parses the parameters for an RSASSA-PSS signature algorithm, as defined by +// RFC 5912: +// +// sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= { +// IDENTIFIER id-RSASSA-PSS +// PARAMS TYPE RSASSA-PSS-params ARE required +// HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384 +// | mda-sha512 } +// PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS } +// SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS } +// } +// +// RSASSA-PSS-params ::= SEQUENCE { +// hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, +// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, +// saltLength [2] INTEGER DEFAULT 20, +// trailerField [3] INTEGER DEFAULT 1 +// } +// +// Which is to say the parameters MUST be present, and of type +// RSASSA-PSS-params. Additionally, we only support the RSA-PSS parameter +// combinations representable by TLS 1.3 (RFC 8446). +// +// Note also that DER encoding (ITU-T X.690 section 11.5) prohibits +// specifying default values explicitly. The parameter should instead be +// omitted to indicate a default value. +std::optional ParseRsaPss(const der::Input& params) { + der::Parser parser(params); + der::Parser params_parser; + if (!parser.ReadSequence(¶ms_parser)) { + return std::nullopt; + } + + // There shouldn't be anything after the sequence (by definition the + // parameters is a single sequence). + if (parser.HasMore()) { + return std::nullopt; + } + + // The default values for hashAlgorithm, maskGenAlgorithm, and saltLength + // correspond to SHA-1, which we do not support with RSA-PSS, so treat them as + // required fields. Explicitly-specified defaults will be rejected later, when + // we limit combinations. Additionally, as the trailerField is required to be + // the default, we simply ignore it and reject it as any other trailing data. + // + // hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, + // maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, + // saltLength [2] INTEGER DEFAULT 20, + // trailerField [3] INTEGER DEFAULT 1 + der::Input field; + DigestAlgorithm hash, mgf1_hash; + der::Parser salt_length_parser; + uint64_t salt_length; + if (!params_parser.ReadTag(der::ContextSpecificConstructed(0), &field) || + !ParseHashAlgorithm(field, &hash) || + !params_parser.ReadTag(der::ContextSpecificConstructed(1), &field) || + !ParseMaskGenAlgorithm(field, &mgf1_hash) || + !params_parser.ReadConstructed(der::ContextSpecificConstructed(2), + &salt_length_parser) || + !salt_length_parser.ReadUint64(&salt_length) || + salt_length_parser.HasMore() || params_parser.HasMore()) { + return std::nullopt; + } + + // Only combinations of RSASSA-PSS-params specified by TLS 1.3 (RFC 8446) are + // supported. + if (hash != mgf1_hash) { + return std::nullopt; // TLS 1.3 always matches MGF-1 and message hash. + } + if (hash == DigestAlgorithm::Sha256 && salt_length == 32) { + return SignatureAlgorithm::kRsaPssSha256; + } + if (hash == DigestAlgorithm::Sha384 && salt_length == 48) { + return SignatureAlgorithm::kRsaPssSha384; + } + if (hash == DigestAlgorithm::Sha512 && salt_length == 64) { + return SignatureAlgorithm::kRsaPssSha512; + } + + return std::nullopt; +} + +} // namespace + +[[nodiscard]] bool ParseAlgorithmIdentifier(const der::Input& input, + der::Input* algorithm, + der::Input* parameters) { + der::Parser parser(input); + + der::Parser algorithm_identifier_parser; + if (!parser.ReadSequence(&algorithm_identifier_parser)) + return false; + + // There shouldn't be anything after the sequence. This is by definition, + // as the input to this function is expected to be a single + // AlgorithmIdentifier. + if (parser.HasMore()) + return false; + + if (!algorithm_identifier_parser.ReadTag(der::kOid, algorithm)) + return false; + + // Read the optional parameters to a der::Input. The parameters can be at + // most one TLV (for instance NULL or a sequence). + // + // Note that nothing is allowed after the single optional "parameters" TLV. + // This is because RFC 5912's notation for AlgorithmIdentifier doesn't + // explicitly list an extension point after "parameters". + *parameters = der::Input(); + if (algorithm_identifier_parser.HasMore() && + !algorithm_identifier_parser.ReadRawTLV(parameters)) { + return false; + } + return !algorithm_identifier_parser.HasMore(); +} + +[[nodiscard]] bool ParseHashAlgorithm(const der::Input& input, + DigestAlgorithm* out) { + CBS cbs; + CBS_init(&cbs, input.UnsafeData(), input.Length()); + const EVP_MD* md = EVP_parse_digest_algorithm(&cbs); + + if (md == EVP_sha1()) { + *out = DigestAlgorithm::Sha1; + } else if (md == EVP_sha256()) { + *out = DigestAlgorithm::Sha256; + } else if (md == EVP_sha384()) { + *out = DigestAlgorithm::Sha384; + } else if (md == EVP_sha512()) { + *out = DigestAlgorithm::Sha512; + } else { + // TODO(eroman): Support MD2, MD4, MD5 for completeness? + // Unsupported digest algorithm. + return false; + } + + return true; +} + +std::optional ParseSignatureAlgorithm( + const der::Input& algorithm_identifier) { + der::Input oid; + der::Input params; + if (!ParseAlgorithmIdentifier(algorithm_identifier, &oid, ¶ms)) { + return std::nullopt; + } + + // TODO(eroman): Each OID is tested for equality in order, which is not + // particularly efficient. + + // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be + // NULL ("PARAMS TYPE NULL ARE required"), however an empty parameter is also + // allowed for compatibility with non-compliant OCSP responders. + // + // TODO(svaldez): Add warning about non-strict parsing. + if (oid == der::Input(kOidSha1WithRsaEncryption) && IsNullOrEmpty(params)) { + return SignatureAlgorithm::kRsaPkcs1Sha1; + } + if (oid == der::Input(kOidSha256WithRsaEncryption) && IsNullOrEmpty(params)) { + return SignatureAlgorithm::kRsaPkcs1Sha256; + } + if (oid == der::Input(kOidSha384WithRsaEncryption) && IsNullOrEmpty(params)) { + return SignatureAlgorithm::kRsaPkcs1Sha384; + } + if (oid == der::Input(kOidSha512WithRsaEncryption) && IsNullOrEmpty(params)) { + return SignatureAlgorithm::kRsaPkcs1Sha512; + } + if (oid == der::Input(kOidSha1WithRsaSignature) && IsNullOrEmpty(params)) { + return SignatureAlgorithm::kRsaPkcs1Sha1; + } + + // RFC 5912 requires that the parameters for ECDSA algorithms be absent + // ("PARAMS TYPE NULL ARE absent"): + if (oid == der::Input(kOidEcdsaWithSha1) && IsEmpty(params)) { + return SignatureAlgorithm::kEcdsaSha1; + } + if (oid == der::Input(kOidEcdsaWithSha256) && IsEmpty(params)) { + return SignatureAlgorithm::kEcdsaSha256; + } + if (oid == der::Input(kOidEcdsaWithSha384) && IsEmpty(params)) { + return SignatureAlgorithm::kEcdsaSha384; + } + if (oid == der::Input(kOidEcdsaWithSha512) && IsEmpty(params)) { + return SignatureAlgorithm::kEcdsaSha512; + } + + if (oid == der::Input(kOidRsaSsaPss)) { + return ParseRsaPss(params); + } + + // Unknown signature algorithm. + return std::nullopt; +} + +std::optional GetTlsServerEndpointDigestAlgorithm( + SignatureAlgorithm alg) { + // See RFC 5929, section 4.1. RFC 5929 breaks the signature algorithm + // abstraction by trying to extract individual digest algorithms. (While + // common, this is not a universal property of signature algorithms.) We + // implement this within the library, so callers do not need to condition over + // all algorithms. + switch (alg) { + // If the single digest algorithm is SHA-1, use SHA-256. + case SignatureAlgorithm::kRsaPkcs1Sha1: + case SignatureAlgorithm::kEcdsaSha1: + return DigestAlgorithm::Sha256; + + case SignatureAlgorithm::kRsaPkcs1Sha256: + case SignatureAlgorithm::kEcdsaSha256: + return DigestAlgorithm::Sha256; + + case SignatureAlgorithm::kRsaPkcs1Sha384: + case SignatureAlgorithm::kEcdsaSha384: + return DigestAlgorithm::Sha384; + + case SignatureAlgorithm::kRsaPkcs1Sha512: + case SignatureAlgorithm::kEcdsaSha512: + return DigestAlgorithm::Sha512; + + // It is ambiguous whether hash-matching RSASSA-PSS instantiations count as + // using one or multiple digests, but the corresponding digest is the only + // reasonable interpretation. + case SignatureAlgorithm::kRsaPssSha256: + return DigestAlgorithm::Sha256; + case SignatureAlgorithm::kRsaPssSha384: + return DigestAlgorithm::Sha384; + case SignatureAlgorithm::kRsaPssSha512: + return DigestAlgorithm::Sha512; + } + return std::nullopt; +} + +} // namespace net diff --git a/pki/signature_algorithm.h b/pki/signature_algorithm.h new file mode 100644 index 0000000000..069ab7e784 --- /dev/null +++ b/pki/signature_algorithm.h @@ -0,0 +1,87 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_SIGNATURE_ALGORITHM_H_ +#define BSSL_PKI_SIGNATURE_ALGORITHM_H_ + +#include "fillins/openssl_util.h" +#include + + +#include +#include + +namespace bssl { + +namespace der { +class Input; +} // namespace der + +// The digest algorithm used within a signature. +enum class DigestAlgorithm { + Md2, + Md4, + Md5, + Sha1, + Sha256, + Sha384, + Sha512, +}; + +// The signature algorithm used within a certificate. +enum class SignatureAlgorithm { + kRsaPkcs1Sha1, + kRsaPkcs1Sha256, + kRsaPkcs1Sha384, + kRsaPkcs1Sha512, + kEcdsaSha1, + kEcdsaSha256, + kEcdsaSha384, + kEcdsaSha512, + // These RSA-PSS constants match RFC 8446 and refer to RSASSA-PSS with MGF-1, + // using the specified hash as both the signature and MGF-1 hash, and the hash + // length as the salt length. + kRsaPssSha256, + kRsaPssSha384, + kRsaPssSha512, +}; + +// Parses AlgorithmIdentifier as defined by RFC 5280 section 4.1.1.2: +// +// AlgorithmIdentifier ::= SEQUENCE { +// algorithm OBJECT IDENTIFIER, +// parameters ANY DEFINED BY algorithm OPTIONAL } +[[nodiscard]] OPENSSL_EXPORT bool ParseAlgorithmIdentifier(const der::Input& input, + der::Input* algorithm, + der::Input* parameters); + +// Parses a HashAlgorithm as defined by RFC 5912: +// +// HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, +// {HashAlgorithms}} +// +// HashAlgorithms DIGEST-ALGORITHM ::= { +// { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent } +// } +[[nodiscard]] bool ParseHashAlgorithm(const der::Input& input, + DigestAlgorithm* out); + +// Parses an AlgorithmIdentifier into a signature algorithm and returns it, or +// returns `std::nullopt` if `algorithm_identifer` either cannot be parsed or +// is not a recognized signature algorithm. +OPENSSL_EXPORT std::optional ParseSignatureAlgorithm( + const der::Input& algorithm_identifier); + +// Returns the hash to be used with the tls-server-end-point channel binding +// (RFC 5929) or `std::nullopt`, if not supported for this signature algorithm. +std::optional GetTlsServerEndpointDigestAlgorithm( + SignatureAlgorithm alg); + +} // namespace net + +#endif // BSSL_PKI_SIGNATURE_ALGORITHM_H_ diff --git a/pki/signature_algorithm_unittest.cc b/pki/signature_algorithm_unittest.cc new file mode 100644 index 0000000000..ff60891734 --- /dev/null +++ b/pki/signature_algorithm_unittest.cc @@ -0,0 +1,1455 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "signature_algorithm.h" + +#include + +#include "fillins/file_util.h" +#include "pem.h" +#include "input.h" +#include "parser.h" +#include + +namespace bssl { + +namespace { + +// Parses a SignatureAlgorithm given an empty DER input. +TEST(SignatureAlgorithmTest, ParseDerEmpty) { + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input())); +} + +// Parses a SignatureAlgorithm given invalid DER input. +TEST(SignatureAlgorithmTest, ParseDerBogus) { + const uint8_t kData[] = {0x00}; + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a SignatureAlgorithm with an unsupported algorithm OID. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 66 (bogus) +TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedAlgorithmOid) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x03, // SEQUENCE (3 bytes) + 0x06, 0x01, // OBJECT IDENTIFIER (1 bytes) + 0x42, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a sha1WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha1); +} + +// Parses a sha1WithRSAEncryption which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha1); +} + +// Parses a sha1WithRSAEncryption which contains an unexpected parameters +// field. Instead of being NULL it is an integer. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +// INTEGER 0 +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0E, // SEQUENCE (14 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x02, 0x01, 0x00, // INTEGER (1 byte) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a sha1WithRSASignature which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.29 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2b, 0x0e, 0x03, 0x02, 0x1d, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha1); +} + +// Parses a sha1WithRSASignature which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.29 +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x07, // SEQUENCE (7 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2b, 0x0e, 0x03, 0x02, 0x1d, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha1); +} + +// Parses a sha1WithRSAEncryption which contains values after the sequence. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +// NULL +// INTEGER 0 +TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x00, // NULL (0 bytes) + 0x02, 0x01, 0x00, // INTEGER (1 byte) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a sha1WithRSAEncryption which contains a bad NULL parameters field. +// Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here +// NULL is encoded as having a length of 1 instead, followed by data 0x09. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionBadNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0E, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x01, 0x09, // NULL (1 byte) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a sha1WithRSAEncryption which contains a NULL parameters field, +// followed by an integer. +// +// SEQUENCE (3 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 +// NULL +// INTEGER 0 +TEST(SignatureAlgorithmTest, + ParseDerSha1WithRSAEncryptionNullParamsThenInteger) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x10, // SEQUENCE (16 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x00, // NULL (0 bytes) + 0x02, 0x01, 0x00, // INTEGER (1 byte) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a SignatureAlgorithm given DER which does not encode a sequence. +// +// INTEGER 0 +TEST(SignatureAlgorithmTest, ParseDerNotASequence) { + // clang-format off + const uint8_t kData[] = { + 0x02, 0x01, 0x00, // INTEGER (1 byte) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a sha256WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.11 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha256); +} + +// Parses a sha256WithRSAEncryption which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.11 +TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha256); +} + +// Parses a sha384WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.12 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha384); +} + +// Parses a sha384WithRSAEncryption which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.12 +TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha384); +} + +// Parses a sha512WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.13 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha512); +} + +// Parses a sha512WithRSAEncryption which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.13 +TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPkcs1Sha512); +} + +// Parses a sha224WithRSAEncryption which contains a NULL parameters field. +// This fails because the parsing code does not enumerate this OID (even though +// it is in fact valid). +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.14 +// NULL +TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0e, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a ecdsa-with-SHA1 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.1 +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kEcdsaSha1); +} + +// Parses a ecdsa-with-SHA1 which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.1 +// NULL +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a ecdsa-with-SHA256 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.2 +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0A, // SEQUENCE (10 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kEcdsaSha256); +} + +// Parses a ecdsa-with-SHA256 which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.2 +// NULL +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0C, // SEQUENCE (12 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a ecdsa-with-SHA384 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.3 +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0A, // SEQUENCE (10 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kEcdsaSha384); +} + +// Parses a ecdsa-with-SHA384 which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0C, // SEQUENCE (12 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a ecdsa-with-SHA512 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.4 +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0A, // SEQUENCE (10 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kEcdsaSha512); +} + +// Parses a ecdsa-with-SHA512 which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.10045.4.3.4 +// NULL +TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0C, // SEQUENCE (12 bytes) + 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses SHA256 and a salt length of 32. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (4 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 +// NULL +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 +// NULL +// [2] (1 elem) +// INTEGER 32 +TEST(SignatureAlgorithmTest, ParseDerRsaPss) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x41, // SEQUENCE (65 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x34, // SEQUENCE (52 bytes) + 0xA0, 0x0F, // [0] (15 bytes) + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, // NULL (0 bytes) + 0xA1, 0x1C, // [1] (28 bytes) + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, // NULL (0 bytes) + 0xA2, 0x03, // [2] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x20, + + }; + // clang-format on + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)), + SignatureAlgorithm::kRsaPssSha256); +} + +// Parses a rsaPss algorithm that has an empty parameters. This encodes the +// default, SHA-1, which we do not support. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (0 elem) +TEST(SignatureAlgorithmTest, ParseDerRsaPssEmptyParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x00, // SEQUENCE (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has NULL parameters. This fails. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has no parameters. This fails. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +TEST(SignatureAlgorithmTest, ParseDerRsaPssNoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has data after the parameters sequence. +// +// SEQUENCE (3 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (0 elem) +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssDataAfterParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0F, // SEQUENCE (15 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x00, // SEQUENCE (0 bytes) + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has unrecognized data (NULL) within the +// parameters sequence. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (2 elem) +// [2] (1 elem) +// INTEGER 23 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssNullInsideParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x14, // SEQUENCE (62 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x07, // SEQUENCE (5 bytes) + 0xA2, 0x03, // [2] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x17, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has an unsupported trailer value (2). Only +// trailer values of 1 are allowed by RFC 4055. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [3] (1 elem) +// INTEGER 2 +TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedTrailer) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x12, // SEQUENCE (18 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x05, // SEQUENCE (5 bytes) + 0xA3, 0x03, // [3] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x02, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that has extra data appearing after the trailer in +// the [3] section. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [3] (2 elem) +// INTEGER 1 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssBadTrailer) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x14, // SEQUENCE (20 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x07, // SEQUENCE (7 bytes) + 0xA3, 0x05, // [3] (5 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x01, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses SHA384 for the hash, and leaves the rest +// as defaults, specifying a SHA-1 MGF-1 hash. This fails because we require +// the hashes match. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.2 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHash) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x1E, // SEQUENCE (30 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x11, // SEQUENCE (17 bytes) + 0xA0, 0x0F, // [0] (15 bytes) + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses an invalid hash algorithm (twiddled the +// bytes for the SHA-384 OID a bit). +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [0] (1 elem) +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 2.16.840.2.103.19.4.2.2 +TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedHashOid) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x1C, // SEQUENCE (28 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x0F, // SEQUENCE (15 bytes) + 0xA0, 0x0D, // [0] (13 bytes) + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x02, 0x67, 0x13, 0x04, 0x02, 0x02, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses SHA512 MGF1 for the mask gen, and +// defaults (SHA-1) for the rest. This fails because we require the hashes +// match. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultMaskGen) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x2B, // SEQUENCE (43 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x1E, // SEQUENCE (30 bytes) + 0xA1, 0x1C, // [1] (28 bytes) + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses a mask gen with an unrecognized OID +// (twiddled some of the bits). +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113618.1.2.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedMaskGen) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x2B, // SEQUENCE (43 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x1E, // SEQUENCE (30 bytes) + 0xA1, 0x1C, // [1] (28 bytes) + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x52, 0x01, 0x02, 0x08, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA512 for the +// MGF1. This fails because we require the hashes match. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (2 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 +// NULL +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGen) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x3C, // SEQUENCE (60 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x2F, // SEQUENCE (47 bytes) + 0xA0, 0x0F, // [0] (15 bytes) + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, // NULL (0 bytes) + 0xA1, 0x1C, // [1] (28 bytes) + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA256 for the +// MGF1, and a salt length of 10. This fails because we require a standard salt +// length. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (3 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 +// NULL +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 +// NULL +// [2] (1 elem) +// INTEGER 10 +TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x41, // SEQUENCE (65 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x34, // SEQUENCE (52 bytes) + 0xA0, 0x0F, // [0] (15 bytes) + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, // NULL (0 bytes) + 0xA1, 0x1C, // [1] (28 bytes) + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, // NULL (0 bytes) + 0xA2, 0x03, // [2] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x0A, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that specifies default hash (SHA1). +// It is invalid to specify the default. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.26 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultHash) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0xA0, 0x0B, // [0] (11 bytes) + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that specifies default mask gen algorithm (SHA1). +// It is invalid to specify the default. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.26 +// NULL +TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultMaskGen) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x27, // SEQUENCE (39 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x1A, // SEQUENCE (26 bytes) + 0xA1, 0x18, // [1] (24 bytes) + 0x30, 0x16, // SEQUENCE (22 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that specifies default salt length. +// It is invalid to specify the default. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (1 elem) +// [2] (1 elem) +// INTEGER 20 +TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultSaltLength) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x12, // SEQUENCE (18 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x05, // SEQUENCE (5 bytes) + 0xA2, 0x03, // [2] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x14, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that specifies default trailer field. +// It is invalid to specify the default. +TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultTrailerField) { + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 32 } + // } + // [3] { + // INTEGER { 1 } + // } + // } + // } + const uint8_t kData[] = { + 0x30, 0x46, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x39, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x20, 0xa3, 0x03, 0x02, 0x01, 0x01}; + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a rsaPss algorithm that specifies multiple default parameter values. +// It is invalid to specify a default value. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.10 +// SEQUENCE (3 elem) +// [0] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.26 +// NULL +// [1] (1 elem) +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.8 +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.3.14.3.2.26 +// NULL +// [2] (1 elem) +// INTEGER 20 +// [3] (1 elem) +// INTEGER 1 +TEST(SignatureAlgorithmTest, ParseDerRsaPssMultipleDefaultParameterValues) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x3E, // SEQUENCE (62 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A, + 0x30, 0x31, // SEQUENCE (49 bytes) + 0xA0, 0x0B, // [0] (11 bytes) + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, // NULL (0 bytes) + 0xA1, 0x18, // [1] (24 bytes) + 0x30, 0x16, // SEQUENCE (22 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) + 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, // NULL (0 bytes) + 0xA2, 0x03, // [2] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x14, + 0xA3, 0x03, // [3] (3 bytes) + 0x02, 0x01, // INTEGER (1 byte) + 0x01, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +TEST(SignatureAlgorithmTest, ParseRsaPss) { + // Test data generated with https://github.com/google/der-ascii. + struct { + std::vector data; + SignatureAlgorithm expected; + } kValidTests[] = { + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 32 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x20}, + SignatureAlgorithm::kRsaPssSha256}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha384 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha384 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 48 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x30}, + SignatureAlgorithm::kRsaPssSha384}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha512 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha512 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 64 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x40}, + SignatureAlgorithm::kRsaPssSha512}, + + // The same inputs as above, but the NULLs in the digest algorithms are + // omitted. + {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0xa1, 0x1a, 0x30, + 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0xa2, 0x03, 0x02, 0x01, 0x20}, + SignatureAlgorithm::kRsaPssSha256}, + {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0xa1, 0x1a, 0x30, + 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0xa2, 0x03, 0x02, 0x01, 0x30}, + SignatureAlgorithm::kRsaPssSha384}, + {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0xa1, 0x1a, 0x30, + 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0xa2, 0x03, 0x02, 0x01, 0x40}, + SignatureAlgorithm::kRsaPssSha512}}; + for (const auto& t : kValidTests) { + EXPECT_EQ(ParseSignatureAlgorithm(der::Input(t.data.data(), t.data.size())), + t.expected); + } + + struct { + std::vector data; + } kInvalidTests[] = { + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha384 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } + // NULL {} + // } + // } + // } + // } + // } + {{0x30, 0x3c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0a, 0x30, 0x2f, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, + 0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x08, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00}}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # md5 + // OBJECT_IDENTIFIER { 1.2.840.113549.2.5 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # md5 + // OBJECT_IDENTIFIER { 1.2.840.113549.2.5 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 16 } + // } + // } + // } + {{0x30, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0a, 0x30, 0x32, 0xa0, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0xa1, 0x1b, + 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x08, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x02, 0x05, 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x10}}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // # SHA-1 with salt length 20 is the default. + // SEQUENCE {} + // } + {{0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x00}}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [2] { + // INTEGER { 21 } + // } + // } + // } + {{0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, 0x01, 0x15}}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha256 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 33 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x21}}, + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha384 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha384 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 49 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x31}}, + + // SEQUENCE { + // # rsassa-pss + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } + // SEQUENCE { + // [0] { + // SEQUENCE { + // # sha512 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } + // NULL {} + // } + // } + // [1] { + // SEQUENCE { + // # mgf1 + // OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } + // SEQUENCE { + // # sha512 + // OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } + // NULL {} + // } + // } + // } + // [2] { + // INTEGER { 65 } + // } + // } + // } + {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x41}}, + }; + for (const auto& t : kInvalidTests) { + EXPECT_FALSE( + ParseSignatureAlgorithm(der::Input(t.data.data(), t.data.size()))); + } +} + +// Parses a md5WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.4 +// NULL +TEST(SignatureAlgorithmTest, ParseDerMd5WithRsaEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a md4WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerMd4WithRsaEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a md2WithRSAEncryption which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.113549.1.1.2 +// NULL +TEST(SignatureAlgorithmTest, ParseDerMd2WithRsaEncryptionNullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0D, // SEQUENCE (13 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a dsaWithSha1 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 1.2.840.10040.4.3 +TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x09, // SEQUENCE (9 bytes) + 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03, + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a dsaWithSha1 which contains a NULL parameters field. +// +// SEQUENCE (2 elem) +// OBJECT IDENTIFIER 1.2.840.10040.4.3 +// NULL +TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NullParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (9 bytes) + 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes) + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03, + 0x05, 0x00, // NULL (0 bytes) + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +// Parses a dsaWithSha256 which contains no parameters field. +// +// SEQUENCE (1 elem) +// OBJECT IDENTIFIER 2.16.840.1.101.3.4.3.2 +TEST(SignatureAlgorithmTest, ParseDerDsaWithSha256NoParams) { + // clang-format off + const uint8_t kData[] = { + 0x30, 0x0B, // SEQUENCE (11 bytes) + 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02 + }; + // clang-format on + EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData))); +} + +} // namespace + +} // namespace net diff --git a/pki/signature_verify_cache.h b/pki/signature_verify_cache.h new file mode 100644 index 0000000000..f0d98cfc43 --- /dev/null +++ b/pki/signature_verify_cache.h @@ -0,0 +1,41 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_SIGNATURE_VERIFY_CACHE_H_ +#define BSSL_PKI_SIGNATURE_VERIFY_CACHE_H_ + +#include "fillins/openssl_util.h" +#include + +namespace bssl { + +class OPENSSL_EXPORT SignatureVerifyCache { + public: + enum class Value { + kValid, // Cached as a valid signature result. + kInvalid, // Cached as an invalid signature result. + kUnknown, // Cache has no information. + }; + + virtual ~SignatureVerifyCache() = default; + + // This interface uses a const std::string reference instead of + // std::string_view because any implementation that may reasonably want to use + // std::unordered_map or similar can run into problems with std::hash before + // C++20. (https://en.cppreference.com/w/cpp/container/unordered_map/find) + + // |Store| is called to store the result of a verification for |key| as kValid + // or kInvalid after a signature check. + virtual void Store(const std::string& key, Value value) = 0; + + // |Check| is called to fetch a cached value for a verification for |key|. If + // the result is kValid, or kInvalid, signature checking is skipped and the + // corresponding cached result is used. If the result is kUnknown signature + // checking is performed and the corresponding result saved using |Store|. + virtual Value Check(const std::string& key) = 0; +}; + +} // namespace net + +#endif // BSSL_PKI_SIGNATURE_VERIFY_CACHE_H_ diff --git a/pki/simple_path_builder_delegate.cc b/pki/simple_path_builder_delegate.cc new file mode 100644 index 0000000000..cc173bfba2 --- /dev/null +++ b/pki/simple_path_builder_delegate.cc @@ -0,0 +1,126 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "simple_path_builder_delegate.h" + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "signature_algorithm.h" +#include "signature_verify_cache.h" +#include "verify_signed_data.h" +#include +#include +#include +#include +#include +#include +#include +#include + +namespace bssl { + +DEFINE_CERT_ERROR_ID(SimplePathBuilderDelegate::kRsaModulusTooSmall, + "RSA modulus too small"); + +namespace { + +DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa, + "Only P-256, P-384, P-521 are supported for ECDSA"); + +bool IsAcceptableCurveForEcdsa(int curve_nid) { + switch (curve_nid) { + case NID_X9_62_prime256v1: + case NID_secp384r1: + case NID_secp521r1: + return true; + } + + return false; +} + +} // namespace + +SimplePathBuilderDelegate::SimplePathBuilderDelegate( + size_t min_rsa_modulus_length_bits, + DigestPolicy digest_policy) + : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits), + digest_policy_(digest_policy) {} + +void SimplePathBuilderDelegate::CheckPathAfterVerification( + const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) { + // Do nothing - consider all candidate paths valid. +} + +bool SimplePathBuilderDelegate::IsDeadlineExpired() { + return false; +} + +SignatureVerifyCache* SimplePathBuilderDelegate::GetVerifyCache() { + return nullptr; +} + +bool SimplePathBuilderDelegate::IsSignatureAlgorithmAcceptable( + SignatureAlgorithm algorithm, + CertErrors* errors) { + switch (algorithm) { + case SignatureAlgorithm::kRsaPkcs1Sha1: + case SignatureAlgorithm::kEcdsaSha1: + return digest_policy_ == DigestPolicy::kWeakAllowSha1; + + case SignatureAlgorithm::kRsaPkcs1Sha256: + case SignatureAlgorithm::kRsaPkcs1Sha384: + case SignatureAlgorithm::kRsaPkcs1Sha512: + case SignatureAlgorithm::kEcdsaSha256: + case SignatureAlgorithm::kEcdsaSha384: + case SignatureAlgorithm::kEcdsaSha512: + case SignatureAlgorithm::kRsaPssSha256: + case SignatureAlgorithm::kRsaPssSha384: + case SignatureAlgorithm::kRsaPssSha512: + return true; + } + return false; +} + +bool SimplePathBuilderDelegate::IsPublicKeyAcceptable(EVP_PKEY* public_key, + CertErrors* errors) { + int pkey_id = EVP_PKEY_id(public_key); + if (pkey_id == EVP_PKEY_RSA) { + // Extract the modulus length from the key. + RSA* rsa = EVP_PKEY_get0_RSA(public_key); + if (!rsa) + return false; + unsigned int modulus_length_bits = RSA_bits(rsa); + + if (modulus_length_bits < min_rsa_modulus_length_bits_) { + errors->AddError( + kRsaModulusTooSmall, + CreateCertErrorParams2SizeT("actual", modulus_length_bits, "minimum", + min_rsa_modulus_length_bits_)); + return false; + } + + return true; + } + + if (pkey_id == EVP_PKEY_EC) { + // Extract the curve name. + EC_KEY* ec = EVP_PKEY_get0_EC_KEY(public_key); + if (!ec) + return false; // Unexpected. + int curve_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + + if (!IsAcceptableCurveForEcdsa(curve_nid)) { + errors->AddError(kUnacceptableCurveForEcdsa); + return false; + } + + return true; + } + + // Unexpected key type. + return false; +} + +} // namespace net diff --git a/pki/simple_path_builder_delegate.h b/pki/simple_path_builder_delegate.h new file mode 100644 index 0000000000..ac22d450c6 --- /dev/null +++ b/pki/simple_path_builder_delegate.h @@ -0,0 +1,73 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_ +#define BSSL_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "path_builder.h" +#include "signature_algorithm.h" +#include "signature_verify_cache.h" + +namespace bssl { + +class CertErrors; + +// SimplePathBuilderDelegate is an implementation of CertPathBuilderDelegate +// that uses some default policies: +// +// * RSA public keys must be >= |min_rsa_modulus_length_bits|. +// * Signature algorithm can be RSA PKCS#1, RSASSA-PSS or ECDSA +// * Digest algorithm can be SHA256, SHA348 or SHA512. +// * If the |digest_policy| was set to kAllowSha1, then SHA1 is +// additionally accepted. +// * EC named curve can be P-256, P-384, P-521. +class OPENSSL_EXPORT SimplePathBuilderDelegate : public CertPathBuilderDelegate { + public: + enum class DigestPolicy { + // Accepts digests of SHA256, SHA348 or SHA512 + kStrong, + + // Accepts everything that kStrong does, plus SHA1. + kWeakAllowSha1, + + kMaxValue = kWeakAllowSha1 + }; + + // Error emitted when a public key is rejected because it is an RSA key with a + // modulus size that is too small. + static const CertErrorId kRsaModulusTooSmall; + + SimplePathBuilderDelegate(size_t min_rsa_modulus_length_bits, + DigestPolicy digest_policy); + + // Accepts RSA PKCS#1, RSASSA-PSS or ECDA using any of the SHA* digests + // (including SHA1). + bool IsSignatureAlgorithmAcceptable(SignatureAlgorithm signature_algorithm, + CertErrors* errors) override; + + // Requires RSA keys be >= |min_rsa_modulus_length_bits_|. + bool IsPublicKeyAcceptable(EVP_PKEY* public_key, CertErrors* errors) override; + + // No-op implementation. + void CheckPathAfterVerification(const CertPathBuilder& path_builder, + CertPathBuilderResultPath* path) override; + + // No-op implementation. + bool IsDeadlineExpired() override; + + // No-op implementation. + SignatureVerifyCache* GetVerifyCache() override; + + private: + const size_t min_rsa_modulus_length_bits_; + const DigestPolicy digest_policy_; +}; + +} // namespace net + +#endif // BSSL_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_ diff --git a/pki/simple_path_builder_delegate_unittest.cc b/pki/simple_path_builder_delegate_unittest.cc new file mode 100644 index 0000000000..7d47406d45 --- /dev/null +++ b/pki/simple_path_builder_delegate_unittest.cc @@ -0,0 +1,108 @@ +// Copyright 2017 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +#include "simple_path_builder_delegate.h" + +#include +#include + +#include "cert_errors.h" +#include "signature_algorithm.h" +#include "test_helpers.h" +#include "verify_signed_data.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include +#include + +namespace bssl { + +namespace { + +// Reads the public key and algorithm from the test data at |file_name|. +void ReadTestCase(const char* file_name, + SignatureAlgorithm* signature_algorithm, + bssl::UniquePtr* public_key) { + std::string path = + std::string("testdata/verify_signed_data_unittest/") + file_name; + + std::string public_key_str; + std::string algorithm_str; + + const PemBlockMapping mappings[] = { + {"PUBLIC KEY", &public_key_str}, + {"ALGORITHM", &algorithm_str}, + }; + + ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings)); + + std::optional sigalg_opt = + ParseSignatureAlgorithm(der::Input(&algorithm_str)); + ASSERT_TRUE(sigalg_opt); + *signature_algorithm = *sigalg_opt; + + ASSERT_TRUE(ParsePublicKey(der::Input(&public_key_str), public_key)); +} + +class SimplePathBuilderDelegate1024SuccessTest + : public ::testing::TestWithParam {}; + +const char* kSuccess1024Filenames[] = { + "rsa-pkcs1-sha1.pem", "rsa-pkcs1-sha256.pem", + "rsa2048-pkcs1-sha512.pem", "ecdsa-secp384r1-sha256.pem", + "ecdsa-prime256v1-sha512.pem", "rsa-pss-sha256.pem", + "ecdsa-secp384r1-sha256.pem", "ecdsa-prime256v1-sha512.pem", +}; + +INSTANTIATE_TEST_SUITE_P(All, + SimplePathBuilderDelegate1024SuccessTest, + ::testing::ValuesIn(kSuccess1024Filenames)); + +TEST_P(SimplePathBuilderDelegate1024SuccessTest, IsAcceptableSignatureAndKey) { + SignatureAlgorithm signature_algorithm{}; + bssl::UniquePtr public_key; + ASSERT_NO_FATAL_FAILURE( + ReadTestCase(GetParam(), &signature_algorithm, &public_key)); + ASSERT_TRUE(public_key); + + CertErrors errors; + SimplePathBuilderDelegate delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + + EXPECT_TRUE( + delegate.IsSignatureAlgorithmAcceptable(signature_algorithm, &errors)); + + EXPECT_TRUE(delegate.IsPublicKeyAcceptable(public_key.get(), &errors)); +} + +class SimplePathBuilderDelegate2048FailTest + : public ::testing::TestWithParam {}; + +const char* kFail2048Filenames[] = {"rsa-pkcs1-sha1.pem", + "rsa-pkcs1-sha256.pem"}; + +INSTANTIATE_TEST_SUITE_P(All, + SimplePathBuilderDelegate2048FailTest, + ::testing::ValuesIn(kFail2048Filenames)); + +TEST_P(SimplePathBuilderDelegate2048FailTest, RsaKeySmallerThan2048) { + SignatureAlgorithm signature_algorithm{}; + bssl::UniquePtr public_key; + ASSERT_NO_FATAL_FAILURE( + ReadTestCase(GetParam(), &signature_algorithm, &public_key)); + ASSERT_TRUE(public_key); + + CertErrors errors; + SimplePathBuilderDelegate delegate( + 2048, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + + EXPECT_TRUE( + delegate.IsSignatureAlgorithmAcceptable(signature_algorithm, &errors)); + + EXPECT_FALSE(delegate.IsPublicKeyAcceptable(public_key.get(), &errors)); +} + +} // namespace + +} // namespace net diff --git a/pki/string_util.cc b/pki/string_util.cc new file mode 100644 index 0000000000..9f1b15d2d9 --- /dev/null +++ b/pki/string_util.cc @@ -0,0 +1,117 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "string_util.h" + +#include +#include +#include +#include + +#include + +namespace bssl::string_util { + +bool IsAscii(std::string_view str) { + for (unsigned char c : str) { + if (c > 127) { + return false; + } + } + return true; +} + +bool IsEqualNoCase(std::string_view str1, std::string_view str2) { + return std::equal(str1.begin(), str1.end(), str2.begin(), str2.end(), + [](const unsigned char a, const unsigned char b) { + return OPENSSL_tolower(a) == OPENSSL_tolower(b); + }); +} + +bool EndsWithNoCase(std::string_view str, std::string_view suffix) { + return suffix.size() <= str.size() && + IsEqualNoCase(suffix, str.substr(str.size() - suffix.size())); +} + +bool StartsWithNoCase(std::string_view str, std::string_view prefix) { + return prefix.size() <= str.size() && + IsEqualNoCase(prefix, str.substr(0, prefix.size())); +} + +std::string FindAndReplace(std::string_view str, + std::string_view find, + std::string_view replace) { + std::string ret; + + if (find.empty()) { + return std::string(str); + } + while (!str.empty()) { + size_t index = str.find(find); + if (index == std::string_view::npos) { + ret.append(str); + break; + } + ret.append(str.substr(0, index)); + ret.append(replace); + str = str.substr(index + find.size()); + } + return ret; +} + +// TODO(bbe) get rid of this once we can c++20. +bool EndsWith(std::string_view str, std::string_view suffix) { + return suffix.size() <= str.size() && + suffix == str.substr(str.size() - suffix.size()); +} + +// TODO(bbe) get rid of this once we can c++20. +bool StartsWith(std::string_view str, std::string_view prefix) { + return prefix.size() <= str.size() && prefix == str.substr(0, prefix.size()); +} + +std::string HexEncode(const uint8_t* data, size_t length) { + std::ostringstream out; + for (size_t i = 0; i < length; i++) { + out << std::hex << std::setfill('0') << std::setw(2) << std::uppercase + << int{data[i]}; + } + return out.str(); +} + +// TODO(bbe) get rid of this once extracted to boringssl. Everything else +// in third_party uses std::to_string +std::string NumberToDecimalString(int i) { + std::ostringstream out; + out << std::dec << i; + return out.str(); +} + +std::vector SplitString(std::string_view str, + char split_char) { + std::vector out; + + if (str.empty()) { + return out; + } + + while (true) { + // Find end of current token + size_t i = str.find(split_char); + + // Add current token + out.push_back(str.substr(0, i)); + + if (i == str.npos) { + // That was the last token + break; + } + // Continue to next + str = str.substr(i + 1); + } + + return out; +} + +} // namespace net::string_util diff --git a/pki/string_util.h b/pki/string_util.h new file mode 100644 index 0000000000..08bb2b7544 --- /dev/null +++ b/pki/string_util.h @@ -0,0 +1,65 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_STRING_UTIL_H_ +#define BSSL_PKI_STRING_UTIL_H_ + +#include "fillins/openssl_util.h" + + +#include + +#include +#include +#include + +namespace bssl::string_util { + +// Returns true if the characters in |str| are all ASCII, false otherwise. +OPENSSL_EXPORT bool IsAscii(std::string_view str); + +// Compares |str1| and |str2| ASCII case insensitively (independent of locale). +// Returns true if |str1| and |str2| match. +OPENSSL_EXPORT bool IsEqualNoCase(std::string_view str1, + std::string_view str2); + +// Compares |str1| and |prefix| ASCII case insensitively (independent of +// locale). Returns true if |str1| starts with |prefix|. +OPENSSL_EXPORT bool StartsWithNoCase(std::string_view str, + std::string_view prefix); + +// Compares |str1| and |suffix| ASCII case insensitively (independent of +// locale). Returns true if |str1| starts with |suffix|. +OPENSSL_EXPORT bool EndsWithNoCase(std::string_view str, + std::string_view suffix); + +// Finds and replaces all occurrences of |find| of non zero length with +// |replace| in |str|, returning the result. +OPENSSL_EXPORT std::string FindAndReplace(std::string_view str, + std::string_view find, + std::string_view replace); + +// TODO(bbe) transition below to c++20 +// Compares |str1| and |prefix|. Returns true if |str1| starts with |prefix|. +OPENSSL_EXPORT bool StartsWith(std::string_view str, + std::string_view prefix); + +// TODO(bbe) transition below to c++20 +// Compares |str1| and |suffix|. Returns true if |str1| ends with |suffix|. +OPENSSL_EXPORT bool EndsWith(std::string_view str, std::string_view suffix); + +// Returns a hexadecimal string encoding |data| of length |length|. +OPENSSL_EXPORT std::string HexEncode(const uint8_t* data, size_t length); + +// Returns a decimal string representation of |i|. +OPENSSL_EXPORT std::string NumberToDecimalString(int i); + +// Splits |str| on |split_char| returning the list of resulting strings. +OPENSSL_EXPORT std::vector SplitString( + std::string_view str, + char split_char); + +} // namespace net::string_util + +#endif // BSSL_PKI_STRING_UTIL_H_ diff --git a/pki/string_util_unittest.cc b/pki/string_util_unittest.cc new file mode 100644 index 0000000000..c8da4a5af5 --- /dev/null +++ b/pki/string_util_unittest.cc @@ -0,0 +1,155 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "string_util.h" +#include + +namespace bssl { + +namespace { + +TEST(StringUtilTest, IsAscii) { + EXPECT_TRUE(bssl::string_util::IsAscii("")); + EXPECT_TRUE(bssl::string_util::IsAscii("mail.google.com")); + EXPECT_TRUE(bssl::string_util::IsAscii("mail.google.com\x7F")); + EXPECT_FALSE(bssl::string_util::IsAscii("mail.google.com\x80")); + EXPECT_FALSE(bssl::string_util::IsAscii("mail.google.com\xFF")); +} + +TEST(StringUtilTest, IsEqualNoCase) { + EXPECT_TRUE(bssl::string_util::IsEqualNoCase("", "")); + EXPECT_TRUE( + bssl::string_util::IsEqualNoCase("mail.google.com", "maIL.GOoGlE.cOm")); + EXPECT_TRUE(bssl::string_util::IsEqualNoCase("MAil~-.google.cOm", + "maIL~-.gOoGlE.CoM")); + EXPECT_TRUE(bssl::string_util::IsEqualNoCase("mail\x80.google.com", + "maIL\x80.GOoGlE.cOm")); + EXPECT_TRUE(bssl::string_util::IsEqualNoCase("mail\xFF.google.com", + "maIL\xFF.GOoGlE.cOm")); + EXPECT_FALSE( + bssl::string_util::IsEqualNoCase("mail.google.co", "maIL.GOoGlE.cOm")); + EXPECT_FALSE( + bssl::string_util::IsEqualNoCase("mail.google.com", "maIL.GOoGlE.cO")); +} + +TEST(StringUtilTest, EndsWithNoCase) { + EXPECT_TRUE(bssl::string_util::EndsWithNoCase("", "")); + EXPECT_TRUE(bssl::string_util::EndsWithNoCase("mail.google.com", "")); + EXPECT_TRUE( + bssl::string_util::EndsWithNoCase("mail.google.com", "maIL.GOoGlE.cOm")); + EXPECT_TRUE( + bssl::string_util::EndsWithNoCase("mail.google.com", ".gOoGlE.cOm")); + EXPECT_TRUE( + bssl::string_util::EndsWithNoCase("MAil~-.google.cOm", "-.gOoGlE.CoM")); + EXPECT_TRUE(bssl::string_util::EndsWithNoCase("mail\x80.google.com", + "\x80.GOoGlE.cOm")); + EXPECT_FALSE( + bssl::string_util::EndsWithNoCase("mail.google.com", "pOoGlE.com")); + EXPECT_FALSE(bssl::string_util::EndsWithNoCase("mail\x80.google.com", + "\x81.GOoGlE.cOm")); + EXPECT_FALSE( + bssl::string_util::EndsWithNoCase("mail.google.co", ".GOoGlE.cOm")); + EXPECT_FALSE( + bssl::string_util::EndsWithNoCase("mail.google.com", ".GOoGlE.cO")); + EXPECT_FALSE( + bssl::string_util::EndsWithNoCase("mail.google.com", "mail.google.com1")); + EXPECT_FALSE( + bssl::string_util::EndsWithNoCase("mail.google.com", "1mail.google.com")); +} + +TEST(StringUtilTest, FindAndReplace) { + std::string tester = "hoobla derp hoobla derp porkrind"; + tester = bssl::string_util::FindAndReplace(tester, "blah", "woof"); + EXPECT_EQ(tester, "hoobla derp hoobla derp porkrind"); + tester = bssl::string_util::FindAndReplace(tester, "", "yeet"); + EXPECT_EQ(tester, "hoobla derp hoobla derp porkrind"); + tester = bssl::string_util::FindAndReplace(tester, "hoobla", "derp"); + EXPECT_EQ(tester, "derp derp derp derp porkrind"); + tester = bssl::string_util::FindAndReplace(tester, "derp", "a"); + EXPECT_EQ(tester, "a a a a porkrind"); + tester = bssl::string_util::FindAndReplace(tester, "a ", ""); + EXPECT_EQ(tester, "porkrind"); + tester = bssl::string_util::FindAndReplace(tester, "porkrind", ""); + EXPECT_EQ(tester, ""); +} + +TEST(StringUtilTest, StartsWithNoCase) { + EXPECT_TRUE(bssl::string_util::StartsWithNoCase("", "")); + EXPECT_TRUE(bssl::string_util::StartsWithNoCase("mail.google.com", "")); + EXPECT_TRUE( + bssl::string_util::StartsWithNoCase("mail.google.com", "maIL.GOoGlE.cOm")); + EXPECT_TRUE(bssl::string_util::StartsWithNoCase("mail.google.com", "MaIL.")); + EXPECT_TRUE( + bssl::string_util::StartsWithNoCase("MAil~-.google.cOm", "maiL~-.Goo")); + EXPECT_TRUE( + bssl::string_util::StartsWithNoCase("mail\x80.google.com", "MAIL\x80.")); + EXPECT_FALSE( + bssl::string_util::StartsWithNoCase("mail.google.com", "maIl.MoO")); + EXPECT_FALSE( + bssl::string_util::StartsWithNoCase("mail\x80.google.com", "Mail\x81")); + EXPECT_FALSE( + bssl::string_util::StartsWithNoCase("mai.google.co", "MAiL.GoogLE")); + EXPECT_FALSE( + bssl::string_util::StartsWithNoCase("mail.google.com", "MaI.GooGLE")); + EXPECT_FALSE(bssl::string_util::StartsWithNoCase("mail.google.com", + "mail.google.com1")); + EXPECT_FALSE(bssl::string_util::StartsWithNoCase("mail.google.com", + "1mail.google.com")); +} + +TEST(StringUtilTest, HexEncode) { + std::string hex(bssl::string_util::HexEncode(nullptr, 0)); + EXPECT_EQ(hex.length(), 0U); + uint8_t bytes[] = {0x01, 0xff, 0x02, 0xfe, 0x03, 0x80, 0x81}; + hex = bssl::string_util::HexEncode(bytes, sizeof(bytes)); + EXPECT_EQ(hex, "01FF02FE038081"); +} + +TEST(StringUtilTest, NumberToDecimalString) { + std::string number(bssl::string_util::NumberToDecimalString(42)); + EXPECT_EQ(number, "42"); + number = bssl::string_util::NumberToDecimalString(-1); + EXPECT_EQ(number, "-1"); + number = bssl::string_util::NumberToDecimalString(0); + EXPECT_EQ(number, "0"); + number = bssl::string_util::NumberToDecimalString(0xFF); + EXPECT_EQ(number, "255"); +} + +TEST(StringUtilTest, SplitString) { + EXPECT_EQ(bssl::string_util::SplitString("", ','), + std::vector()); + + EXPECT_EQ(bssl::string_util::SplitString("a", ','), + std::vector({"a"})); + EXPECT_EQ(bssl::string_util::SplitString("abc", ','), + std::vector({"abc"})); + + EXPECT_EQ(bssl::string_util::SplitString(",", ','), + std::vector({"", ""})); + + EXPECT_EQ(bssl::string_util::SplitString("a,", ','), + std::vector({"a", ""})); + EXPECT_EQ(bssl::string_util::SplitString("abc,", ','), + std::vector({"abc", ""})); + + EXPECT_EQ(bssl::string_util::SplitString(",a", ','), + std::vector({"", "a"})); + EXPECT_EQ(bssl::string_util::SplitString(",abc", ','), + std::vector({"", "abc"})); + + EXPECT_EQ(bssl::string_util::SplitString("a,b", ','), + std::vector({"a", "b"})); + EXPECT_EQ(bssl::string_util::SplitString("abc,def", ','), + std::vector({"abc", "def"})); + + EXPECT_EQ(bssl::string_util::SplitString("a,,b", ','), + std::vector({"a", "", "b"})); + EXPECT_EQ(bssl::string_util::SplitString("abc,,def", ','), + std::vector({"abc", "", "def"})); +} + +} // namespace + +} // namespace net diff --git a/pki/tag.cc b/pki/tag.cc new file mode 100644 index 0000000000..5b7cf73826 --- /dev/null +++ b/pki/tag.cc @@ -0,0 +1,25 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "tag.h" + +#include "fillins/check.h" + +namespace bssl::der { + +Tag ContextSpecificConstructed(uint8_t tag_number) { + DCHECK_EQ(tag_number, tag_number & kTagNumberMask); + return (tag_number & kTagNumberMask) | kTagConstructed | kTagContextSpecific; +} + +Tag ContextSpecificPrimitive(uint8_t base) { + DCHECK_EQ(base, base & kTagNumberMask); + return (base & kTagNumberMask) | kTagPrimitive | kTagContextSpecific; +} + +bool IsConstructed(Tag tag) { + return (tag & kTagConstructionMask) == kTagConstructed; +} + +} // namespace bssl::der diff --git a/pki/tag.h b/pki/tag.h new file mode 100644 index 0000000000..986a805cb0 --- /dev/null +++ b/pki/tag.h @@ -0,0 +1,78 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_DER_TAG_H_ +#define BSSL_DER_TAG_H_ + +#include "fillins/openssl_util.h" +#include + + +#include + +namespace bssl::der { + +// This Tag type represents the identifier for an ASN.1 tag as encoded with +// DER. It matches the BoringSSL CBS and CBB in-memory representation for a +// tag. +// +// Callers must not assume it matches the DER representation for small tag +// numbers. Instead, constants are provided for universal class types, and +// functions are provided for building context specific tags. Tags can also be +// built from the provided constants and bitmasks. +using Tag = unsigned; + +// Universal class primitive types +const Tag kBool = CBS_ASN1_BOOLEAN; +const Tag kInteger = CBS_ASN1_INTEGER; +const Tag kBitString = CBS_ASN1_BITSTRING; +const Tag kOctetString = CBS_ASN1_OCTETSTRING; +const Tag kNull = CBS_ASN1_NULL; +const Tag kOid = CBS_ASN1_OBJECT; +const Tag kEnumerated = CBS_ASN1_ENUMERATED; +const Tag kUtf8String = CBS_ASN1_UTF8STRING; +const Tag kPrintableString = CBS_ASN1_PRINTABLESTRING; +const Tag kTeletexString = CBS_ASN1_T61STRING; +const Tag kIA5String = CBS_ASN1_IA5STRING; +const Tag kUtcTime = CBS_ASN1_UTCTIME; +const Tag kGeneralizedTime = CBS_ASN1_GENERALIZEDTIME; +const Tag kVisibleString = CBS_ASN1_VISIBLESTRING; +const Tag kUniversalString = CBS_ASN1_UNIVERSALSTRING; +const Tag kBmpString = CBS_ASN1_BMPSTRING; + +// Universal class constructed types +const Tag kSequence = CBS_ASN1_SEQUENCE; +const Tag kSet = CBS_ASN1_SET; + +// Primitive/constructed bits +const unsigned kTagPrimitive = 0x00; +const unsigned kTagConstructed = CBS_ASN1_CONSTRUCTED; + +// Tag classes +const unsigned kTagUniversal = 0x00; +const unsigned kTagApplication = CBS_ASN1_APPLICATION; +const unsigned kTagContextSpecific = CBS_ASN1_CONTEXT_SPECIFIC; +const unsigned kTagPrivate = CBS_ASN1_PRIVATE; + +// Masks for the 3 components of a tag (class, primitive/constructed, number) +const unsigned kTagNumberMask = CBS_ASN1_TAG_NUMBER_MASK; +const unsigned kTagConstructionMask = CBS_ASN1_CONSTRUCTED; +const unsigned kTagClassMask = CBS_ASN1_CLASS_MASK; + +// Creates the value for the outer tag of an explicitly tagged type. +// +// The ASN.1 keyword for this is: +// [tag_number] EXPLICIT +// +// (Note, the EXPLICIT may be omitted if the entire schema is in +// EXPLICIT mode, the default) +OPENSSL_EXPORT Tag ContextSpecificConstructed(uint8_t tag_number); + +OPENSSL_EXPORT Tag ContextSpecificPrimitive(uint8_t base); + +OPENSSL_EXPORT bool IsConstructed(Tag tag); + +} // namespace bssl::der + +#endif // BSSL_DER_TAG_H_ diff --git a/pki/test_helpers.cc b/pki/test_helpers.cc new file mode 100644 index 0000000000..98487d75b7 --- /dev/null +++ b/pki/test_helpers.cc @@ -0,0 +1,489 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "test_helpers.h" + +#include +#include + +#include "fillins/path_service.h" +#include "fillins/file_util.h" + +#include "pem.h" +#include "cert_error_params.h" +#include "cert_errors.h" +#include "simple_path_builder_delegate.h" +#include "string_util.h" +#include "trust_store.h" +#include "parser.h" +#include +#include +#include +#include + +namespace bssl { + +namespace { + +bool GetValue(std::string_view prefix, + std::string_view line, + std::string* value, + bool* has_value) { + if (!bssl::string_util::StartsWith(line, prefix)) + return false; + + if (*has_value) { + ADD_FAILURE() << "Duplicated " << prefix; + return false; + } + + *has_value = true; + *value = std::string(line.substr(prefix.size())); + return true; +} + +// Returns a string containing the dotted numeric form of |oid|, or a +// hex-encoded string on error. +std::string OidToString(der::Input oid) { + CBS cbs; + CBS_init(&cbs, oid.UnsafeData(), oid.Length()); + bssl::UniquePtr text(CBS_asn1_oid_to_text(&cbs)); + if (!text) { + return "invalid:" + + bssl::string_util::HexEncode(oid.UnsafeData(), oid.Length()); + } + return text.get(); +} + +std::string StrSetToString(const std::set& str_set) { + std::string out; + for (const auto& s : str_set) { + EXPECT_FALSE(s.empty()); + if (!out.empty()) { + out += ", "; + } + out += s; + } + return out; +} + +std::string StripString(std::string_view str) { + size_t start = str.find_first_not_of(' '); + if (start == str.npos) { + return std::string(); + } + str = str.substr(start); + size_t end = str.find_last_not_of(' '); + if (end != str.npos) { + ++end; + } + return std::string(str.substr(0, end)); +} + +std::vector SplitString(std::string_view str) { + std::vector split = string_util::SplitString(str, ','); + + std::vector out; + for (const auto& s : split) { + out.push_back(StripString(s)); + } + return out; +} + +} // namespace + +namespace der { + +void PrintTo(const Input& data, ::std::ostream* os) { + size_t len; + if (!EVP_EncodedLength(&len, data.Length())) { + *os << "[]"; + return; + } + std::vector encoded(len); + len = EVP_EncodeBlock(encoded.data(), data.UnsafeData(), data.Length()); + // Skip the trailing \0. + std::string b64_encoded(encoded.begin(), encoded.begin() + len); + *os << "[" << b64_encoded << "]"; +} + +} // namespace der + +der::Input SequenceValueFromString(const std::string* s) { + der::Parser parser((der::Input(s))); + der::Input data; + if (!parser.ReadTag(der::kSequence, &data)) { + ADD_FAILURE(); + return der::Input(); + } + if (parser.HasMore()) { + ADD_FAILURE(); + return der::Input(); + } + return data; +} + +::testing::AssertionResult ReadTestDataFromPemFile( + const std::string& file_path_ascii, + const PemBlockMapping* mappings, + size_t mappings_length) { + std::string file_data = ReadTestFileToString(file_path_ascii); + + // mappings_copy is used to keep track of which mappings have already been + // satisfied (by nulling the |value| field). This is used to track when + // blocks are mulitply defined. + std::vector mappings_copy(mappings, + mappings + mappings_length); + + // Build the |pem_headers| vector needed for PEMTokenzier. + std::vector pem_headers; + for (const auto& mapping : mappings_copy) { + pem_headers.push_back(mapping.block_name); + } + + PEMTokenizer pem_tokenizer(file_data, pem_headers); + while (pem_tokenizer.GetNext()) { + for (auto& mapping : mappings_copy) { + // Find the mapping for this block type. + if (pem_tokenizer.block_type() == mapping.block_name) { + if (!mapping.value) { + return ::testing::AssertionFailure() + << "PEM block defined multiple times: " << mapping.block_name; + } + + // Copy the data to the result. + mapping.value->assign(pem_tokenizer.data()); + + // Mark the mapping as having been satisfied. + mapping.value = nullptr; + } + } + } + + // Ensure that all specified blocks were found. + for (const auto& mapping : mappings_copy) { + if (mapping.value && !mapping.optional) { + return ::testing::AssertionFailure() + << "PEM block missing: " << mapping.block_name; + } + } + + return ::testing::AssertionSuccess(); +} + +VerifyCertChainTest::VerifyCertChainTest() + : user_initial_policy_set{der::Input(kAnyPolicyOid)} {} +VerifyCertChainTest::~VerifyCertChainTest() = default; + +bool VerifyCertChainTest::HasHighSeverityErrors() const { + // This function assumes that high severity warnings are prefixed with + // "ERROR: " and warnings are prefixed with "WARNING: ". This is an + // implementation detail of CertError::ToDebugString). + // + // Do a quick sanity-check to confirm this. + CertError error(CertError::SEVERITY_HIGH, "unused", nullptr); + EXPECT_EQ("ERROR: unused\n", error.ToDebugString()); + CertError warning(CertError::SEVERITY_WARNING, "unused", nullptr); + EXPECT_EQ("WARNING: unused\n", warning.ToDebugString()); + + // Do a simple substring test (not perfect, but good enough for our test + // corpus). + return expected_errors.find("ERROR: ") != std::string::npos; +} + +bool ReadCertChainFromFile(const std::string& file_path_ascii, + ParsedCertificateList* chain) { + // Reset all the out parameters to their defaults. + *chain = ParsedCertificateList(); + + std::string file_data = ReadTestFileToString(file_path_ascii); + if (file_data.empty()) + return false; + + std::vector pem_headers = {"CERTIFICATE"}; + + PEMTokenizer pem_tokenizer(file_data, pem_headers); + while (pem_tokenizer.GetNext()) { + const std::string& block_data = pem_tokenizer.data(); + + CertErrors errors; + if (!ParsedCertificate::CreateAndAddToVector( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(block_data.data()), + block_data.size(), nullptr)), + {}, chain, &errors)) { + ADD_FAILURE() << errors.ToDebugString(); + return false; + } + } + + return true; +} + +std::shared_ptr ReadCertFromFile( + const std::string& file_path_ascii) { + ParsedCertificateList chain; + if (!ReadCertChainFromFile(file_path_ascii, &chain)) + return nullptr; + if (chain.size() != 1) + return nullptr; + return chain[0]; +} + +bool ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, + VerifyCertChainTest* test) { + // Reset all the out parameters to their defaults. + *test = {}; + + std::string file_data = ReadTestFileToString(file_path_ascii); + if (file_data.empty()) + return false; + + bool has_chain = false; + bool has_trust = false; + bool has_time = false; + bool has_errors = false; + bool has_key_purpose = false; + bool has_digest_policy = false; + bool has_user_constrained_policy_set = false; + + std::string kExpectedErrors = "expected_errors:"; + + std::istringstream stream(file_data); + for (std::string line; std::getline(stream, line, '\n');) { + size_t start = line.find_first_not_of(" \n\t\r\f\v"); + if (start == std::string::npos) { + continue; + } + size_t end = line.find_last_not_of(" \n\t\r\f\v"); + if (end == std::string::npos) { + continue; + } + line = line.substr(start, end + 1); + if (line.empty()) { + continue; + } + std::string_view line_piece(line); + + std::string value; + + // For details on the file format refer to: + // net/data/verify_certificate_chain_unittest/README. + if (GetValue("chain: ", line_piece, &value, &has_chain)) { + // Interpret the |chain| path as being relative to the .test file. + size_t slash = file_path_ascii.rfind('/'); + if (slash == std::string::npos) { + ADD_FAILURE() << "Bad path - expecting slashes"; + return false; + } + std::string chain_path = file_path_ascii.substr(0, slash) + "/" + value; + + ReadCertChainFromFile(chain_path, &test->chain); + } else if (GetValue("utc_time: ", line_piece, &value, &has_time)) { + if (value == "DEFAULT") { + value = "211005120000Z"; + } + if (!der::ParseUTCTime(der::Input(&value), &test->time)) { + ADD_FAILURE() << "Failed parsing UTC time"; + return false; + } + } else if (GetValue("key_purpose: ", line_piece, &value, + &has_key_purpose)) { + if (value == "ANY_EKU") { + test->key_purpose = KeyPurpose::ANY_EKU; + } else if (value == "SERVER_AUTH") { + test->key_purpose = KeyPurpose::SERVER_AUTH; + } else if (value == "CLIENT_AUTH") { + test->key_purpose = KeyPurpose::CLIENT_AUTH; + } else if (value == "SERVER_AUTH_STRICT") { + test->key_purpose = KeyPurpose::SERVER_AUTH_STRICT; + } else if (value == "CLIENT_AUTH_STRICT") { + test->key_purpose = KeyPurpose::CLIENT_AUTH_STRICT; + } else { + ADD_FAILURE() << "Unrecognized key_purpose: " << value; + return false; + } + } else if (GetValue("last_cert_trust: ", line_piece, &value, &has_trust)) { + // TODO(mattm): convert test files to use + // CertificateTrust::FromDebugString strings. + if (value == "TRUSTED_ANCHOR") { + test->last_cert_trust = CertificateTrust::ForTrustAnchor(); + } else if (value == "TRUSTED_ANCHOR_WITH_EXPIRATION") { + test->last_cert_trust = + CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry(); + } else if (value == "TRUSTED_ANCHOR_WITH_CONSTRAINTS") { + test->last_cert_trust = + CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints(); + } else if (value == "TRUSTED_ANCHOR_WITH_REQUIRE_BASIC_CONSTRAINTS") { + test->last_cert_trust = CertificateTrust::ForTrustAnchor() + .WithRequireAnchorBasicConstraints(); + } else if (value == + "TRUSTED_ANCHOR_WITH_CONSTRAINTS_REQUIRE_BASIC_CONSTRAINTS") { + test->last_cert_trust = CertificateTrust::ForTrustAnchor() + .WithEnforceAnchorConstraints() + .WithRequireAnchorBasicConstraints(); + } else if (value == "TRUSTED_ANCHOR_WITH_EXPIRATION_AND_CONSTRAINTS") { + test->last_cert_trust = CertificateTrust::ForTrustAnchor() + .WithEnforceAnchorExpiry() + .WithEnforceAnchorConstraints(); + } else if (value == "TRUSTED_ANCHOR_OR_LEAF") { + test->last_cert_trust = CertificateTrust::ForTrustAnchorOrLeaf(); + } else if (value == "TRUSTED_LEAF") { + test->last_cert_trust = CertificateTrust::ForTrustedLeaf(); + } else if (value == "TRUSTED_LEAF_REQUIRE_SELF_SIGNED") { + test->last_cert_trust = + CertificateTrust::ForTrustedLeaf().WithRequireLeafSelfSigned(); + } else if (value == "DISTRUSTED") { + test->last_cert_trust = CertificateTrust::ForDistrusted(); + } else if (value == "UNSPECIFIED") { + test->last_cert_trust = CertificateTrust::ForUnspecified(); + } else { + ADD_FAILURE() << "Unrecognized last_cert_trust: " << value; + return false; + } + } else if (GetValue("digest_policy: ", line_piece, &value, + &has_digest_policy)) { + if (value == "STRONG") { + test->digest_policy = SimplePathBuilderDelegate::DigestPolicy::kStrong; + } else if (value == "ALLOW_SHA_1") { + test->digest_policy = + SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1; + } else { + ADD_FAILURE() << "Unrecognized digest_policy: " << value; + return false; + } + } else if (GetValue("expected_user_constrained_policy_set: ", line_piece, + &value, &has_user_constrained_policy_set)) { + std::vector split_value(SplitString(value)); + test->expected_user_constrained_policy_set = + std::set(split_value.begin(), split_value.end()); + } else if (bssl::string_util::StartsWith(line_piece, "#")) { + // Skip comments. + continue; + } else if (line_piece == kExpectedErrors) { + has_errors = true; + // The errors start on the next line, and extend until the end of the + // file. + std::string prefix = + std::string("\n") + kExpectedErrors + std::string("\n"); + size_t errors_start = file_data.find(prefix); + if (errors_start == std::string::npos) { + ADD_FAILURE() << "expected_errors not found"; + return false; + } + test->expected_errors = file_data.substr(errors_start + prefix.size()); + break; + } else { + ADD_FAILURE() << "Unknown line: " << line_piece; + return false; + } + } + + if (!has_chain) { + ADD_FAILURE() << "Missing chain: "; + return false; + } + + if (!has_trust) { + ADD_FAILURE() << "Missing last_cert_trust: "; + return false; + } + + if (!has_time) { + ADD_FAILURE() << "Missing time: "; + return false; + } + + if (!has_key_purpose) { + ADD_FAILURE() << "Missing key_purpose: "; + return false; + } + + if (!has_errors) { + ADD_FAILURE() << "Missing errors:"; + return false; + } + + // `has_user_constrained_policy_set` is intentionally not checked here. Not + // specifying expected_user_constrained_policy_set means the expected policy + // set is empty. + + return true; +} + +std::string ReadTestFileToString(const std::string& file_path_ascii) { + // Compute the full path, relative to the src/ directory. + fillins::FilePath src_root; + bssl::fillins::PathService::Get(fillins::DIR_SOURCE_ROOT, &src_root); + fillins::FilePath filepath = src_root.AppendASCII(file_path_ascii); + + // Read the full contents of the file. + std::string file_data; + if (!fillins::ReadFileToString(filepath, &file_data)) { + ADD_FAILURE() << "Couldn't read file: " << filepath.value(); + return std::string(); + } + + return file_data; +} + +void VerifyCertPathErrors(const std::string& expected_errors_str, + const CertPathErrors& actual_errors, + const ParsedCertificateList& chain, + const std::string& errors_file_path) { + std::string actual_errors_str = actual_errors.ToDebugString(chain); + + if (expected_errors_str != actual_errors_str) { + ADD_FAILURE() << "Cert path errors don't match expectations (" + << errors_file_path << ")\n\n" + << "EXPECTED:\n\n" + << expected_errors_str << "\n" + << "ACTUAL:\n\n" + << actual_errors_str << "\n" + << "===> Use " + "testdata/verify_certificate_chain_unittest/" + "rebase-errors.py to rebaseline.\n"; + } +} + +void VerifyCertErrors(const std::string& expected_errors_str, + const CertErrors& actual_errors, + const std::string& errors_file_path) { + std::string actual_errors_str = actual_errors.ToDebugString(); + + if (expected_errors_str != actual_errors_str) { + ADD_FAILURE() << "Cert errors don't match expectations (" + << errors_file_path << ")\n\n" + << "EXPECTED:\n\n" + << expected_errors_str << "\n" + << "ACTUAL:\n\n" + << actual_errors_str << "\n" + << "===> Use " + "testdata/parse_certificate_unittest/" + "rebase-errors.py to rebaseline.\n"; + } +} + +void VerifyUserConstrainedPolicySet( + const std::set& expected_user_constrained_policy_str_set, + const std::set& actual_user_constrained_policy_set, + const std::string& errors_file_path) { + std::set actual_user_constrained_policy_str_set; + for (const der::Input& der_oid : actual_user_constrained_policy_set) { + actual_user_constrained_policy_str_set.insert(OidToString(der_oid)); + } + if (expected_user_constrained_policy_str_set != + actual_user_constrained_policy_str_set) { + ADD_FAILURE() << "user_constrained_policy_set doesn't match expectations (" + << errors_file_path << ")\n\n" + << "EXPECTED: " + << StrSetToString(expected_user_constrained_policy_str_set) + << "\n" + << "ACTUAL: " + << StrSetToString(actual_user_constrained_policy_str_set) + << "\n"; + } +} + +} // namespace net diff --git a/pki/test_helpers.h b/pki/test_helpers.h new file mode 100644 index 0000000000..de55dffb2b --- /dev/null +++ b/pki/test_helpers.h @@ -0,0 +1,168 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_TEST_HELPERS_H_ +#define BSSL_PKI_TEST_HELPERS_H_ + +#include + +#include +#include +#include + +#include "parsed_certificate.h" +#include "simple_path_builder_delegate.h" +#include "trust_store.h" +#include "verify_certificate_chain.h" +#include "input.h" +#include + +namespace bssl { + +namespace der { + +// This function is used by GTest to support EXPECT_EQ() for der::Input. +void PrintTo(const Input& data, ::std::ostream* os); + +} // namespace der + +// Parses |s| as a DER SEQUENCE TLV and returns a der::Input corresponding to +// the value portion. On error returns an empty der::Input and adds a gtest +// failure. +// +// The returned der::Input() is only valid so long as the input string is alive +// and is not mutated. +der::Input SequenceValueFromString(const std::string* s); + +// Helper structure that maps a PEM block header (for instance "CERTIFICATE") to +// the destination where the value for that block should be written. +struct PemBlockMapping { + // The name of the PEM header. Example "CERTIFICATE". + const char* block_name; + + // The destination where the read value should be written to. + std::string* value; + + // True to indicate that the block is not required to be present. If the + // block is optional and is not present, then |value| will not be modified. + bool optional; +}; + +// ReadTestDataFromPemFile() is a helper function that reads a PEM test file +// rooted in the "src/" directory. +// +// * file_path_ascii: +// The path to the PEM file, relative to src. For instance +// "testdata/verify_signed_data_unittest/foopy.pem" +// +// * mappings: +// An array of length |mappings_length| which maps the expected PEM +// headers to the destination to write its data. +// +// The function ensures that each of the chosen mappings is satisfied exactly +// once. In other words, the header must be present (unless marked as +// optional=true), have valid data, and appear no more than once. +::testing::AssertionResult ReadTestDataFromPemFile( + const std::string& file_path_ascii, + const PemBlockMapping* mappings, + size_t mappings_length); + +// This is the same as the variant above, however it uses template magic so an +// mappings array can be passed in directly (and the correct length is +// inferred). +template +::testing::AssertionResult ReadTestDataFromPemFile( + const std::string& file_path_ascii, + const PemBlockMapping (&mappings)[N]) { + return ReadTestDataFromPemFile(file_path_ascii, mappings, N); +} + +// Test cases are comprised of all the parameters to certificate +// verification, as well as the expected outputs. +struct VerifyCertChainTest { + VerifyCertChainTest(); + ~VerifyCertChainTest(); + + // The chain of certificates (with the zero-th being the target). + ParsedCertificateList chain; + + // Details on the trustedness of the last certificate. + CertificateTrust last_cert_trust; + + // The time to use when verifying the chain. + der::GeneralizedTime time; + + // The Key Purpose to use when verifying the chain. + KeyPurpose key_purpose = KeyPurpose::ANY_EKU; + + InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; + + std::set user_initial_policy_set; + + InitialPolicyMappingInhibit initial_policy_mapping_inhibit = + InitialPolicyMappingInhibit::kFalse; + + InitialAnyPolicyInhibit initial_any_policy_inhibit = + InitialAnyPolicyInhibit::kFalse; + + // The expected errors/warnings from verification (as a string). + std::string expected_errors; + + // Expected user_constrained_policy_set, as a set of numeric OID strings. + std::set expected_user_constrained_policy_set; + + SimplePathBuilderDelegate::DigestPolicy digest_policy = + SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1; + + // Returns true if |expected_errors| contains any high severity errors (a + // non-empty expected_errors doesn't necessarily mean verification is + // expected to fail, as it may have contained warnings). + bool HasHighSeverityErrors() const; +}; + +// Reads a test case from |file_path_ascii| (which is relative to //src). +// Generally |file_path_ascii| will start with: +// net/data/verify_certificate_chain_unittest/ +bool ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, + VerifyCertChainTest* test); + +// Reads a certificate chain from |file_path_ascii| +bool ReadCertChainFromFile(const std::string& file_path_ascii, + ParsedCertificateList* chain); + +// Reads a certificate from |file_path_ascii|. Returns nullptr if the file +// contained more that one certificate. +std::shared_ptr ReadCertFromFile( + const std::string& file_path_ascii); + +// Reads a data file relative to the src root directory. +std::string ReadTestFileToString(const std::string& file_path_ascii); + +// Asserts that |actual_errors| matches |expected_errors_str|. +// +// This is a helper function to simplify rebasing the error expectations when +// they originate from a test file. +void VerifyCertPathErrors(const std::string& expected_errors_str, + const CertPathErrors& actual_errors, + const ParsedCertificateList& chain, + const std::string& errors_file_path); + +// Asserts that |actual_errors| matches |expected_errors_str|. +// +// This is a helper function to simplify rebasing the error expectations when +// they originate from a test file. +void VerifyCertErrors(const std::string& expected_errors_str, + const CertErrors& actual_errors, + const std::string& errors_file_path); + +// Asserts that |actual_user_constrained_policy_set| matches +// |expected_user_constrained_policy_set|. +void VerifyUserConstrainedPolicySet( + const std::set& expected_user_constrained_policy_str_set, + const std::set& actual_user_constrained_policy_set, + const std::string& errors_file_path); + +} // namespace net + +#endif // BSSL_PKI_TEST_HELPERS_H_ diff --git a/pki/testdata/cert_issuer_source_static_unittest/c1.pem b/pki/testdata/cert_issuer_source_static_unittest/c1.pem new file mode 100644 index 0000000000..5c5b3ecb95 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/c1.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 26:7a:57:9f:40:d9:68:0b:83:9e:04:66:b2:14:80:b2:ea:fa:e2:55 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=I1 + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=C1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ae:71:64:ba:9f:1d:b4:bc:c9:8a:c7:ed:ef:a5: + f4:42:5d:c6:db:d5:c9:b0:77:45:83:d1:15:bf:2f: + 9b:19:a3:7c:fb:fd:70:62:0d:95:a7:bd:58:9f:2c: + d5:c5:78:fc:fa:23:e0:97:3d:9d:0c:a1:d9:71:8f: + 03:28:c7:7c:d1:09:7f:94:90:74:c1:db:c6:ec:ae: + da:cd:51:45:20:23:3d:f2:23:f5:f6:53:23:86:b0: + 16:84:4a:ea:bd:d4:0a:1a:70:91:70:8d:21:06:b9: + 9e:fc:2f:a2:ad:80:24:b2:06:ed:6b:55:ac:cb:ad: + 70:44:f1:ed:d4:21:e5:cd:fe:1c:42:e8:79:0e:7d: + 87:18:08:c1:85:3c:32:f6:ee:96:dc:5a:84:63:90: + e3:67:a3:fe:31:52:ec:bc:43:24:86:77:a5:56:a3: + 4c:fe:39:2f:ed:d2:75:64:53:30:1a:a3:ce:30:cd: + f2:7b:13:71:be:b4:80:95:9a:a3:8e:f1:3a:f5:15: + 65:a8:a3:91:34:12:67:dc:34:cf:25:5d:8f:ef:79: + 64:49:af:0a:3c:17:89:b5:95:da:85:2b:df:7a:f1: + 57:1f:0f:b0:c1:bc:e1:5b:4a:86:a7:2e:c8:6b:a3: + 96:c6:28:29:d6:33:7c:f2:e7:5e:19:09:6c:93:cb: + 14:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 43:56:C8:D4:66:24:6F:71:A2:C8:6F:A6:A1:0B:0F:53:F2:16:15:5B + X509v3 Authority Key Identifier: + keyid:1B:26:D0:C4:43:00:72:E2:A4:AB:01:D1:A4:68:D5:E5:B2:1E:9C:0D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/I1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/I1.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 0a:c8:a8:ab:c1:3f:ec:8c:1d:c4:bc:ac:6c:ab:d5:28:4a:78: + 43:90:ff:9c:8d:e3:1b:b7:79:bc:4d:5c:c2:f4:31:4a:1a:34: + 55:7c:32:79:25:4f:cb:9a:2a:41:3c:55:70:3f:d7:88:2e:e8: + 1e:98:05:df:be:6f:e5:28:d2:f0:6a:9c:c1:c3:ed:5b:26:f9: + 72:de:80:2e:3c:15:1d:d4:be:bd:26:a6:bb:1e:f8:9b:fa:fb: + 1a:50:a0:a1:4e:57:d4:0d:0e:63:dc:b0:24:7d:6f:d7:88:f9: + 9d:16:dd:60:b3:61:39:63:a9:73:5c:08:f8:98:c1:62:a8:51: + d8:0e:7e:3f:7a:62:9e:d1:31:ab:75:05:d5:c1:a3:59:ad:c5: + e0:c5:57:c5:41:1f:ab:b6:04:35:d5:81:5f:64:9d:55:f6:09: + fd:5b:6e:41:85:27:77:d8:33:62:46:a9:a9:ce:a0:0f:c4:95: + 81:01:87:f6:90:42:fc:8f:04:3b:55:2b:25:22:c7:9e:f6:8a: + 74:fa:9d:13:a5:d1:6b:c1:43:9d:45:4c:38:d5:4d:5c:84:73: + 20:9a:7e:c2:4b:f5:e9:82:b3:74:75:f0:e4:ab:fc:d6:13:12: + c8:46:f4:ff:da:b1:bc:5e:a0:2f:fb:08:ee:bc:4f:a8:44:b9: + fc:34:02:7b +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIUJnpXn0DZaAuDngRmshSAsur64lUwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCSTEwHhcNMjAxMTAzMTIwMDAwWhcNMjExMTAzMTIwMDAw +WjANMQswCQYDVQQDDAJDMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AK5xZLqfHbS8yYrH7e+l9EJdxtvVybB3RYPRFb8vmxmjfPv9cGINlae9WJ8s1cV4 +/Poj4Jc9nQyh2XGPAyjHfNEJf5SQdMHbxuyu2s1RRSAjPfIj9fZTI4awFoRK6r3U +ChpwkXCNIQa5nvwvoq2AJLIG7WtVrMutcETx7dQh5c3+HELoeQ59hxgIwYU8Mvbu +ltxahGOQ42ej/jFS7LxDJIZ3pVajTP45L+3SdWRTMBqjzjDN8nsTcb60gJWao47x +OvUVZaijkTQSZ9w0zyVdj+95ZEmvCjwXibWV2oUr33rxVx8PsMG84VtKhqcuyGuj +lsYoKdYzfPLnXhkJbJPLFM0CAwEAAaOB1TCB0jAdBgNVHQ4EFgQUQ1bI1GYkb3Gi +yG+moQsPU/IWFVswHwYDVR0jBBgwFoAUGybQxEMAcuKkqwHRpGjV5bIenA0wNQYI +KwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vdXJsLWZvci1haWEvSTEu +Y2VyMCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly91cmwtZm9yLWNybC9JMS5jcmww +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN +BgkqhkiG9w0BAQsFAAOCAQEACsioq8E/7IwdxLysbKvVKEp4Q5D/nI3jG7d5vE1c +wvQxSho0VXwyeSVPy5oqQTxVcD/XiC7oHpgF375v5SjS8GqcwcPtWyb5ct6ALjwV +HdS+vSamux74m/r7GlCgoU5X1A0OY9ywJH1v14j5nRbdYLNhOWOpc1wI+JjBYqhR +2A5+P3pintExq3UF1cGjWa3F4MVXxUEfq7YENdWBX2SdVfYJ/VtuQYUnd9gzYkap +qc6gD8SVgQGH9pBC/I8EO1UrJSLHnvaKdPqdE6XRa8FDnUVMONVNXIRzIJp+wkv1 +6YKzdHXw5Kv81hMSyEb0/9qxvF6gL/sI7rxPqES5/DQCew== +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/c2.pem b/pki/testdata/cert_issuer_source_static_unittest/c2.pem new file mode 100644 index 0000000000..b63918366d --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/c2.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 45:5b:b7:0e:4f:f1:04:6d:35:b4:b4:54:3d:27:94:8e:c4:e4:1b:2e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=i1 + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=C2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b9:9e:f6:53:ca:8c:31:b4:0a:6a:26:23:11:03: + cc:e1:e3:93:9e:d8:76:52:89:2f:0c:42:15:21:c0: + d9:bc:16:ea:6e:bc:39:c0:2f:62:8a:35:c9:95:71: + 4d:a3:45:ac:7f:b3:7e:ec:fa:ac:f3:e8:bf:66:02: + 1a:b1:bd:ce:79:17:6a:19:12:96:eb:b1:9d:dd:e3: + 1c:69:15:e1:f6:34:ed:ba:4d:af:0a:50:03:43:2f: + 9d:7c:8e:79:fa:92:13:2d:73:16:a8:de:72:c2:61: + 19:54:4b:01:2f:5c:a1:77:fc:f7:82:0b:aa:cb:8f: + 55:0d:19:d8:ab:2c:af:35:b4:f7:eb:52:26:97:5e: + 5b:00:f3:a8:12:fa:ce:0d:0d:56:cd:15:1c:7a:67: + 82:9f:b3:fb:5f:05:9c:b7:9f:35:66:3b:18:93:b8: + 2d:1d:47:9b:4b:5e:f3:20:6f:83:c7:5d:91:d2:2b: + 19:9d:a9:f3:46:ff:93:eb:3f:fb:5b:40:a0:8d:5d: + ab:a5:de:d1:02:d4:6b:3e:1a:24:5c:86:a2:ec:9d: + 50:1b:c3:92:22:27:5f:a7:79:5b:40:97:cc:ca:10: + ff:ed:06:2a:51:11:e5:cb:b1:0a:82:84:92:2f:00: + 10:6d:19:af:db:66:53:8d:f7:10:b3:bc:4a:52:83: + eb:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 37:6E:35:3A:24:04:92:08:FF:D2:5F:88:1F:86:C1:9C:95:A9:0D:72 + X509v3 Authority Key Identifier: + keyid:E3:AC:1D:35:9E:1C:CC:C6:29:9F:37:59:41:C6:DA:C9:44:2C:B2:F3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/i1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/i1.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 90:e7:5b:22:d3:4d:55:9f:8f:e4:86:4e:b7:47:0f:48:93:d7: + 58:28:9f:a6:8c:39:31:c2:c5:ae:a9:9e:4a:b7:53:07:bd:c9: + a0:48:a8:05:7d:f8:32:91:ad:6d:5a:03:e9:8f:f3:61:6b:d0: + 35:d4:b3:64:61:34:44:8b:a3:da:f6:8a:5b:24:8b:3b:ec:ed: + 31:d8:c6:bf:8a:57:36:44:f8:a4:a6:d9:1f:3e:11:7e:3f:39: + ce:67:08:15:30:01:65:4e:fd:f0:fc:00:14:ab:5a:55:16:f3: + ad:e3:65:41:63:f0:5d:b8:86:f1:26:d0:55:8e:87:97:ca:92: + 05:13:9c:2e:83:66:3d:a0:ee:76:3c:db:69:4d:22:60:3b:22: + 11:16:ed:8c:64:c3:87:22:df:67:f4:b7:8c:a3:a0:3b:c7:5c: + c3:f9:3c:d7:69:26:c3:70:f6:d0:0a:1f:c1:2b:49:9c:c2:33: + d5:d4:cd:02:28:47:0a:60:00:04:78:c5:66:b8:00:2b:10:b7: + 1b:23:cb:e9:f8:6a:54:5c:4a:60:c9:5f:ef:9a:6a:44:28:d1: + b9:01:07:b3:8a:82:c8:94:45:1f:47:06:f6:9c:d0:02:ab:86: + b5:62:e2:3f:2c:ef:f6:7b:78:9b:fe:d6:d4:1b:d3:67:05:99: + 9c:af:c8:e5 +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIURVu3Dk/xBG01tLRUPSeUjsTkGy4wDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCaTEwHhcNMjAxMTAzMTIwMDAwWhcNMjExMTAzMTIwMDAw +WjANMQswCQYDVQQDDAJDMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALme9lPKjDG0CmomIxEDzOHjk57YdlKJLwxCFSHA2bwW6m68OcAvYoo1yZVxTaNF +rH+zfuz6rPPov2YCGrG9znkXahkSluuxnd3jHGkV4fY07bpNrwpQA0MvnXyOefqS +Ey1zFqjecsJhGVRLAS9coXf894ILqsuPVQ0Z2KssrzW09+tSJpdeWwDzqBL6zg0N +Vs0VHHpngp+z+18FnLefNWY7GJO4LR1Hm0te8yBvg8ddkdIrGZ2p80b/k+s/+1tA +oI1dq6Xe0QLUaz4aJFyGouydUBvDkiInX6d5W0CXzMoQ/+0GKlER5cuxCoKEki8A +EG0Zr9tmU433ELO8SlKD67ECAwEAAaOB1TCB0jAdBgNVHQ4EFgQUN241OiQEkgj/ +0l+IH4bBnJWpDXIwHwYDVR0jBBgwFoAU46wdNZ4czMYpnzdZQcbayUQssvMwNQYI +KwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vdXJsLWZvci1haWEvaTEu +Y2VyMCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly91cmwtZm9yLWNybC9pMS5jcmww +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN +BgkqhkiG9w0BAQsFAAOCAQEAkOdbItNNVZ+P5IZOt0cPSJPXWCifpow5McLFrqme +SrdTB73JoEioBX34MpGtbVoD6Y/zYWvQNdSzZGE0RIuj2vaKWySLO+ztMdjGv4pX +NkT4pKbZHz4Rfj85zmcIFTABZU798PwAFKtaVRbzreNlQWPwXbiG8SbQVY6Hl8qS +BROcLoNmPaDudjzbaU0iYDsiERbtjGTDhyLfZ/S3jKOgO8dcw/k812kmw3D20Aof +wStJnMIz1dTNAihHCmAABHjFZrgAKxC3GyPL6fhqVFxKYMlf75pqRCjRuQEHs4qC +yJRFH0cG9pzQAquGtWLiPyzv9nt4m/7W1BvTZwWZnK/I5Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/d.pem b/pki/testdata/cert_issuer_source_static_unittest/d.pem new file mode 100644 index 0000000000..3365d55ed5 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/d.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7b:e6:27:43:08:d3:93:75:8e:0e:ac:20:0e:fd:8d:81:13:1a:ef:e1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=I2 + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=D + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:ae:07:4a:35:ce:ea:26:bf:b9:d4:ac:b8:c2: + 4b:40:c7:99:e2:52:d5:24:8a:83:1a:31:fd:dd:b4: + ec:b9:8a:90:67:d9:7f:d3:ea:7f:8a:96:d6:ab:a5: + e8:ee:59:61:6d:f3:7f:26:14:82:19:90:f4:65:21: + 68:22:45:58:5a:2e:d4:94:31:a7:13:2c:27:0f:07: + 26:9a:77:dc:47:9a:d7:04:18:94:bd:09:e3:fc:fa: + ef:44:61:f0:b6:c6:65:37:95:8e:c5:67:86:7f:cc: + 58:e7:e8:43:de:ee:cb:de:ad:68:00:95:f4:cd:21: + e7:db:33:09:c1:6d:6b:53:eb:8d:f3:53:cc:7a:a3: + f0:86:bb:0f:2c:3f:94:11:d5:dd:52:44:96:c1:97: + 4a:d3:ca:48:40:b5:67:95:3d:c6:58:44:ac:6d:a3: + 2f:a4:60:eb:72:48:b8:1d:cb:3d:6b:0a:b0:bf:3d: + 42:68:cc:7d:29:78:29:9e:3d:ec:16:ae:84:98:31: + fe:ce:b2:b5:f7:ac:89:e8:df:c7:f1:ad:86:38:22: + fc:24:66:56:cc:5f:09:d8:23:eb:d2:67:96:b1:67: + de:f6:ae:bb:8e:db:88:a9:39:fc:9c:82:35:8b:b8: + 49:54:b4:5f:78:5b:94:c3:4f:9f:bc:bf:0b:06:fc: + 04:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D1:6E:9D:B4:88:56:98:C2:B2:A3:45:F5:95:3E:49:A0:70:45:13:EA + X509v3 Authority Key Identifier: + keyid:3C:E2:AD:12:A1:C0:96:C8:53:4A:6B:B2:49:5C:5A:A6:1E:A9:19:EC + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/I2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/I2.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 2f:89:77:91:17:bb:d7:b6:c1:89:29:bd:a6:cc:c1:14:8d:32: + 1d:87:57:08:0a:0f:02:16:80:c5:c5:e6:e1:11:fb:ed:eb:17: + 67:92:28:70:10:06:b5:7e:46:1c:a3:cf:dc:a8:01:47:51:bf: + f3:d3:ef:ed:04:bd:ff:7d:30:18:35:df:11:56:f2:a8:c2:f5: + c0:70:37:5b:8e:ec:63:e6:64:1c:81:a1:a1:62:40:a4:e9:95: + ef:8f:3e:31:8f:b6:03:28:5b:c5:fa:ab:af:e7:9f:3f:ca:f3: + fd:2e:68:26:c4:8f:df:e4:ca:33:8a:47:d4:cf:f1:2a:de:11: + bb:3a:5d:db:88:ef:42:ed:ff:af:fe:fc:b8:e6:0d:cf:91:9a: + a0:09:f8:45:53:85:be:53:a5:9f:63:8f:9b:8e:70:d8:a7:e9: + 9d:66:17:4c:cb:85:f7:26:b2:3a:10:64:f2:81:b6:c2:57:2f: + 65:37:58:64:f2:20:ea:0c:8a:a6:6c:8f:8d:c6:4d:1e:c5:2f: + 62:53:04:8d:ce:a2:f1:8d:71:6f:f3:30:16:c4:72:2e:67:33: + e5:fa:84:0e:88:ae:49:51:c4:20:c0:d8:87:20:5b:a8:e5:71: + e2:06:8f:2f:50:29:7b:5b:6b:32:95:c9:55:0d:e5:a0:71:77: + d0:47:ed:9d +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIUe+YnQwjTk3WODqwgDv2NgRMa7+EwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCSTIwHhcNMjAxMTAzMTIwMDAwWhcNMjExMTAzMTIwMDAw +WjAMMQowCAYDVQQDDAFEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wq4HSjXO6ia/udSsuMJLQMeZ4lLVJIqDGjH93bTsuYqQZ9l/0+p/ipbWq6Xo7llh +bfN/JhSCGZD0ZSFoIkVYWi7UlDGnEywnDwcmmnfcR5rXBBiUvQnj/PrvRGHwtsZl +N5WOxWeGf8xY5+hD3u7L3q1oAJX0zSHn2zMJwW1rU+uN81PMeqPwhrsPLD+UEdXd +UkSWwZdK08pIQLVnlT3GWESsbaMvpGDrcki4Hcs9awqwvz1CaMx9KXgpnj3sFq6E +mDH+zrK196yJ6N/H8a2GOCL8JGZWzF8J2CPr0meWsWfe9q67jtuIqTn8nII1i7hJ +VLRfeFuUw0+fvL8LBvwEZQIDAQABo4HVMIHSMB0GA1UdDgQWBBTRbp20iFaYwrKj +RfWVPkmgcEUT6jAfBgNVHSMEGDAWgBQ84q0SocCWyFNKa7JJXFqmHqkZ7DA1Bggr +BgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHA6Ly91cmwtZm9yLWFpYS9JMi5j +ZXIwKgYDVR0fBCMwITAfoB2gG4YZaHR0cDovL3VybC1mb3ItY3JsL0kyLmNybDAO +BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G +CSqGSIb3DQEBCwUAA4IBAQAviXeRF7vXtsGJKb2mzMEUjTIdh1cICg8CFoDFxebh +Efvt6xdnkihwEAa1fkYco8/cqAFHUb/z0+/tBL3/fTAYNd8RVvKowvXAcDdbjuxj +5mQcgaGhYkCk6ZXvjz4xj7YDKFvF+quv558/yvP9LmgmxI/f5MozikfUz/Eq3hG7 +Ol3biO9C7f+v/vy45g3PkZqgCfhFU4W+U6WfY4+bjnDYp+mdZhdMy4X3JrI6EGTy +gbbCVy9lN1hk8iDqDIqmbI+Nxk0exS9iUwSNzqLxjXFv8zAWxHIuZzPl+oQOiK5J +UcQgwNiHIFuo5XHiBo8vUCl7W2sylclVDeWgcXfQR+2d +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/e1.pem b/pki/testdata/cert_issuer_source_static_unittest/e1.pem new file mode 100644 index 0000000000..f6ff131f7c --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/e1.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 47:53:2a:a4:de:8f:dd:a0:ab:98:ed:1f:0d:77:1c:7b:62:99:d5:17 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=I3 + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=E1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ae:91:6b:78:fb:33:11:82:bb:52:ce:22:b5:28: + a4:c1:bb:17:65:49:6f:85:08:98:3f:2b:e1:b6:d5: + 43:42:5c:9f:30:b5:91:9c:28:6a:66:13:62:b2:cf: + 01:90:1b:0c:c6:58:81:9b:78:f6:77:12:e2:1a:32: + 9f:a9:f3:d0:59:56:95:8b:bf:6b:b8:39:d5:77:04: + 46:66:49:dd:1e:65:11:8d:51:a7:b5:25:d1:d0:25: + 73:00:27:98:3a:02:31:90:86:cf:a8:53:dd:10:fc: + a5:f6:29:85:cd:ea:c9:d9:08:7b:58:87:c3:6a:72: + f2:17:7d:e7:e2:be:f7:88:c8:79:b5:29:43:2e:9a: + e8:3c:e0:0b:42:47:c2:0e:3e:b1:6f:2e:a9:78:f0: + 33:0c:b1:b9:67:3c:3f:ac:47:14:33:1d:2a:5a:37: + 7d:24:7f:ca:a7:4d:7c:a9:28:82:86:3b:ab:6f:d2: + 65:6e:e3:cc:f6:7a:96:65:81:7c:e9:8d:64:46:45: + 46:fc:f4:9f:6f:67:f8:9a:2b:df:cc:a9:3a:de:31: + 13:a9:08:99:d1:fd:44:99:be:28:cd:74:bc:84:58: + f5:d9:df:bd:f5:2b:a9:bb:ec:f3:50:e2:75:bb:19: + da:d4:f9:89:55:0f:33:1f:5e:ec:48:1d:e0:91:2d: + 83:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7B:31:A7:9B:6B:7F:0F:2F:2E:F1:FC:54:09:FB:1A:5F:66:8D:EC:8E + X509v3 Authority Key Identifier: + keyid:02:D2:01:6B:5B:63:DC:4E:54:01:08:CD:A7:27:A0:85:29:78:E1:D3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/I3.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/I3.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 46:4d:39:4f:27:a0:0f:2e:5b:27:3e:35:69:0d:a2:bf:9b:5c: + 20:80:79:3d:be:68:e9:e5:dc:55:e4:77:1b:5e:b6:6a:ea:d3: + 20:50:c4:a1:4c:5d:2f:ca:00:a7:6b:d9:c0:70:9d:2c:81:85: + 5c:57:bd:49:42:92:1a:9f:8f:5a:92:e7:f5:36:aa:a8:26:0d: + 03:f9:92:da:80:2a:ba:a6:e5:77:c4:b7:34:f6:e6:7a:d7:f4: + 39:21:7b:24:b1:83:e2:1b:9e:8e:5f:fe:75:94:66:1c:ad:2d: + af:3b:bc:4d:79:e0:5a:47:8e:c8:2d:20:0c:9e:64:6e:10:b1: + 8f:61:35:ce:9b:e7:26:11:38:06:db:c8:33:9a:13:ea:cd:46: + 52:65:00:ec:c5:96:a0:d8:57:46:5c:b7:79:11:44:38:6e:63: + f0:0c:c7:8c:d5:e6:c8:f9:07:17:13:3f:fd:71:c1:51:9c:8a: + 2a:dc:7b:07:aa:78:40:06:48:66:40:f2:75:63:a1:38:42:68: + b7:d8:c9:97:d1:8e:00:4d:7b:22:d0:f1:3f:6b:5e:81:7e:f9: + 60:c9:3f:f1:f7:9a:50:eb:e2:fa:43:59:9a:6b:5f:d4:61:8a: + 64:7a:cd:d2:3c:9c:02:57:fa:d2:49:9a:83:af:4c:a0:5e:25: + c5:82:59:84 +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIUR1MqpN6P3aCrmO0fDXcce2KZ1RcwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCSTMwHhcNMjAxMTAzMTIwMDAwWhcNMjExMTAzMTIwMDAw +WjANMQswCQYDVQQDDAJFMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AK6Ra3j7MxGCu1LOIrUopMG7F2VJb4UImD8r4bbVQ0JcnzC1kZwoamYTYrLPAZAb +DMZYgZt49ncS4hoyn6nz0FlWlYu/a7g51XcERmZJ3R5lEY1Rp7Ul0dAlcwAnmDoC +MZCGz6hT3RD8pfYphc3qydkIe1iHw2py8hd95+K+94jIebUpQy6a6DzgC0JHwg4+ +sW8uqXjwMwyxuWc8P6xHFDMdKlo3fSR/yqdNfKkogoY7q2/SZW7jzPZ6lmWBfOmN +ZEZFRvz0n29n+Jor38ypOt4xE6kImdH9RJm+KM10vIRY9dnfvfUrqbvs81DidbsZ +2tT5iVUPMx9e7Egd4JEtg6ECAwEAAaOB1TCB0jAdBgNVHQ4EFgQUezGnm2t/Dy8u +8fxUCfsaX2aN7I4wHwYDVR0jBBgwFoAUAtIBa1tj3E5UAQjNpyeghSl44dMwNQYI +KwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vdXJsLWZvci1haWEvSTMu +Y2VyMCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly91cmwtZm9yLWNybC9JMy5jcmww +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN +BgkqhkiG9w0BAQsFAAOCAQEARk05TyegDy5bJz41aQ2iv5tcIIB5Pb5o6eXcVeR3 +G162aurTIFDEoUxdL8oAp2vZwHCdLIGFXFe9SUKSGp+PWpLn9TaqqCYNA/mS2oAq +uqbld8S3NPbmetf0OSF7JLGD4huejl/+dZRmHK0trzu8TXngWkeOyC0gDJ5kbhCx +j2E1zpvnJhE4BtvIM5oT6s1GUmUA7MWWoNhXRly3eRFEOG5j8AzHjNXmyPkHFxM/ +/XHBUZyKKtx7B6p4QAZIZkDydWOhOEJot9jJl9GOAE17ItDxP2tegX75YMk/8fea +UOvi+kNZmmtf1GGKZHrN0jycAlf60kmag69MoF4lxYJZhA== +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/e2.pem b/pki/testdata/cert_issuer_source_static_unittest/e2.pem new file mode 100644 index 0000000000..8aa86ae716 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/e2.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 47:53:2a:a4:de:8f:dd:a0:ab:98:ed:1f:0d:77:1c:7b:62:99:d5:18 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=I3 + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=E2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cd:3f:ae:a0:40:34:21:a1:4f:e4:72:59:5f:97: + 23:a3:bd:f1:64:c4:c5:9d:73:a6:61:bb:68:12:30: + 97:33:a1:86:4a:a3:bc:e7:9e:43:3a:de:be:06:16: + 6e:c0:5c:fa:9e:e4:ed:b9:43:1a:e2:58:0c:b9:92: + 8f:c3:d3:2b:59:c4:92:c0:32:db:3b:40:3f:b5:5a: + 21:a4:72:18:fa:79:ae:8b:9e:2a:2d:f0:ed:20:0b: + a0:72:af:8c:01:ff:f3:13:83:4d:8a:14:7e:67:4e: + f7:52:40:f1:e9:69:b8:46:51:5b:1f:e9:3e:34:f0: + 87:9a:f2:a4:c4:24:34:ca:b9:52:f4:8b:4b:16:bd: + db:be:27:1d:1e:32:71:7c:a3:2c:8a:e5:44:d0:31: + 21:39:fc:56:e6:c7:bd:2f:36:f7:ef:b4:36:3e:a2: + 35:2e:65:3b:4a:ac:30:ae:47:57:49:58:e4:f1:e6: + 43:53:d4:ec:cf:3a:46:ed:19:00:9f:d9:fa:e2:08: + ca:20:93:d7:11:36:4a:91:89:34:d0:c7:11:11:99: + 4d:3f:8d:c7:e3:9a:90:57:ee:0f:2b:a0:ea:c7:54: + 74:1b:39:71:2e:6b:4a:c4:bc:79:0c:2b:cb:15:30: + 06:e8:ac:8a:74:d3:46:72:82:ff:5a:bc:52:a2:a6: + e6:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EF:94:D6:BF:45:A2:19:EC:07:A8:F7:DC:48:48:D0:A3:9C:FE:C8:84 + X509v3 Authority Key Identifier: + keyid:40:F8:36:2C:4C:E3:28:99:C2:3E:78:F2:EA:68:AB:4F:01:7C:FC:28 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/I3.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/I3.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 10:5f:3b:b8:c6:f3:ac:d3:d1:8c:90:8d:b0:9b:f5:df:32:22: + 48:e3:ca:95:3f:09:79:fd:aa:05:ae:3f:39:d7:d7:eb:b0:68: + 69:a1:87:9e:c7:74:8c:41:24:3e:8a:dd:b6:05:9a:a7:ed:e5: + b5:1f:31:d1:26:4b:88:eb:4a:cb:db:89:67:3d:06:c0:1d:99: + 38:e8:7e:53:f8:ba:fc:6d:bd:08:00:ef:d8:20:58:fa:7a:6b: + 62:e0:74:c5:42:0b:26:f0:78:3d:f1:fe:aa:ef:ad:ae:99:45: + e2:5f:11:2c:7e:8d:f8:58:ad:9e:83:85:ab:0b:59:a0:18:4a: + d9:e5:77:e9:86:74:e0:02:5f:34:1b:0c:bc:ce:c7:a6:17:0a: + 22:24:c0:1c:90:bf:ac:94:34:9e:b2:2c:b1:a5:79:62:47:36: + 87:08:77:7c:11:26:a1:94:e9:fc:15:82:79:b8:75:d4:e3:63: + 6c:16:41:12:ce:e6:97:16:e2:90:3c:38:14:92:a5:5a:d3:73: + 31:3a:37:a0:ce:b5:21:64:fc:f1:f9:f4:9a:f7:d0:e7:89:d5: + 3f:55:27:e9:fc:ef:81:2f:c7:67:71:c7:fe:68:97:a7:af:93: + 32:96:4a:5d:d5:c5:62:f9:4d:c7:8d:1e:ea:21:23:4d:f4:51: + 95:b5:9e:2d +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIUR1MqpN6P3aCrmO0fDXcce2KZ1RgwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCSTMwHhcNMjAxMTAzMTIwMDAwWhcNMjExMTAzMTIwMDAw +WjANMQswCQYDVQQDDAJFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AM0/rqBANCGhT+RyWV+XI6O98WTExZ1zpmG7aBIwlzOhhkqjvOeeQzrevgYWbsBc ++p7k7blDGuJYDLmSj8PTK1nEksAy2ztAP7VaIaRyGPp5roueKi3w7SALoHKvjAH/ +8xODTYoUfmdO91JA8elpuEZRWx/pPjTwh5rypMQkNMq5UvSLSxa9274nHR4ycXyj +LIrlRNAxITn8VubHvS829++0Nj6iNS5lO0qsMK5HV0lY5PHmQ1PU7M86Ru0ZAJ/Z ++uIIyiCT1xE2SpGJNNDHERGZTT+Nx+OakFfuDyug6sdUdBs5cS5rSsS8eQwryxUw +BuisinTTRnKC/1q8UqKm5vMCAwEAAaOB1TCB0jAdBgNVHQ4EFgQU75TWv0WiGewH +qPfcSEjQo5z+yIQwHwYDVR0jBBgwFoAUQPg2LEzjKJnCPnjy6mirTwF8/CgwNQYI +KwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vdXJsLWZvci1haWEvSTMu +Y2VyMCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly91cmwtZm9yLWNybC9JMy5jcmww +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN +BgkqhkiG9w0BAQsFAAOCAQEAEF87uMbzrNPRjJCNsJv13zIiSOPKlT8Jef2qBa4/ +OdfX67BoaaGHnsd0jEEkPordtgWap+3ltR8x0SZLiOtKy9uJZz0GwB2ZOOh+U/i6 +/G29CADv2CBY+nprYuB0xUILJvB4PfH+qu+trplF4l8RLH6N+FitnoOFqwtZoBhK +2eV36YZ04AJfNBsMvM7HphcKIiTAHJC/rJQ0nrIssaV5Ykc2hwh3fBEmoZTp/BWC +ebh11ONjbBZBEs7mlxbikDw4FJKlWtNzMTo3oM61IWT88fn0mvfQ54nVP1Un6fzv +gS/HZ3HH/miXp6+TMpZKXdXFYvlNx40e6iEjTfRRlbWeLQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/generate-certs.py b/pki/testdata/cert_issuer_source_static_unittest/generate-certs.py new file mode 100755 index 0000000000..81f53033ac --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/generate-certs.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificates for testing issuer lookup. + + Root + /| | |\\ + / | | | \\ + / | | | \\ + / | | | \\ + / | | | \\ + v v v v v + I1_1 i1_2 I2 I3_1 I3_2 + | | | | | + | | | | | + | | | | | + | | | | | + v v v | | + C1 C2 D E1 E2 + +I1 (i1_1.pem) and i1 (i1_2.pem) have subjects that are equal after +normalization. + +I3_1 and I3_2 have subjects that are exactly equal. + +C1 and C2 should (attempt to) chain up through both I1 and i1, since I1 and i1 +have the same the name (after normalization). + +E1 and E3 should (attempt to) chain up through both I3 intermediates. +""" + +import os +import sys +sys.path += ['..'] + +import gencerts + + +def write_cert_to_file(cert, filename): + gencerts.write_string_to_file( + "Generated by %s.\n" + "Refer to generator script docstring for details.\n%s" % ( + sys.argv[0], cert.get_cert_pem()), + filename) + + +# Self-signed root certificate +root = gencerts.create_self_signed_root_certificate('Root') +write_cert_to_file(root, 'root.pem') + + +# Intermediate certificates +i1_1 = gencerts.create_intermediate_certificate('I1', root) +write_cert_to_file(i1_1, 'i1_1.pem') + +# same name (after normalization), different key +i1_2 = gencerts.create_intermediate_certificate('i1', root) +write_cert_to_file(i1_2, 'i1_2.pem') + +# different name +i2 = gencerts.create_intermediate_certificate('I2', root) +write_cert_to_file(i2, 'i2.pem') + +# Two intermediates with exactly the same name. +i3_1 = gencerts.create_intermediate_certificate('I3', root) +write_cert_to_file(i3_1, 'i3_1.pem') +i3_2 = gencerts.create_intermediate_certificate('I3', root) +write_cert_to_file(i3_2, 'i3_2.pem') + +# target certs + +c1 = gencerts.create_end_entity_certificate('C1', i1_1) +write_cert_to_file(c1, 'c1.pem') + +c2 = gencerts.create_end_entity_certificate('C2', i1_2) +write_cert_to_file(c2, 'c2.pem') + +d = gencerts.create_end_entity_certificate('D', i2) +write_cert_to_file(d, 'd.pem') + +e1 = gencerts.create_end_entity_certificate('E1', i3_1) +write_cert_to_file(e1, 'e1.pem') + +e2 = gencerts.create_end_entity_certificate('E2', i3_2) +write_cert_to_file(e2, 'e2.pem') + diff --git a/pki/testdata/cert_issuer_source_static_unittest/i1_1.pem b/pki/testdata/cert_issuer_source_static_unittest/i1_1.pem new file mode 100644 index 0000000000..4091e066c7 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/i1_1.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:16 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=I1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b4:6e:db:61:6f:ec:1f:d1:6e:3d:fa:12:27:3b: + 8c:f7:8c:c7:a7:7d:0d:5e:b5:2a:02:8d:97:29:9b: + 7a:64:bd:0d:56:9b:1f:6e:71:ab:d3:af:10:37:90: + 2b:3a:f0:ee:55:43:fd:50:ea:46:c9:d8:2a:a7:68: + 7a:10:74:a1:cb:fc:b5:c4:b6:ee:67:b4:8b:f5:8d: + 12:b5:3c:d9:0c:ab:e5:37:72:19:be:b2:9f:b9:65: + 78:c1:d1:4e:88:86:10:57:aa:e5:0a:ef:1a:41:1d: + 0a:55:49:34:5e:ae:f7:4e:29:07:c2:34:1f:79:0d: + f8:b7:26:dc:9b:de:a5:00:5c:0e:a3:53:a8:73:3f: + fd:df:ab:18:03:bb:0a:d6:dc:f7:3e:0b:28:c8:61: + 51:71:68:48:fa:5c:87:54:82:19:20:d9:28:2d:fa: + 33:89:4c:5b:dc:a6:d9:49:44:45:c6:af:3d:1a:f9: + 28:45:10:58:a7:27:67:75:7b:8b:58:92:80:a3:ef: + 81:ae:95:27:97:2b:5b:d3:dd:ea:7a:b7:ff:1c:d1: + de:c6:df:ea:d6:19:e0:fe:4f:96:d6:59:cf:85:52: + 71:76:62:ec:fb:97:74:e3:5f:b5:29:62:cd:89:be: + 03:30:5b:5a:35:5d:08:a2:3d:5f:b3:8b:60:0b:5e: + 42:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1B:26:D0:C4:43:00:72:E2:A4:AB:01:D1:A4:68:D5:E5:B2:1E:9C:0D + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 72:e2:fa:0a:11:c4:bf:f2:60:f4:98:28:72:32:a4:1b:11:d5: + 70:df:06:93:7d:7e:00:44:89:3b:d8:cf:c1:bd:89:2b:51:d1: + 74:c6:38:c9:e6:00:20:ec:9a:2d:0b:f4:76:26:6e:24:6d:bc: + 6e:30:6c:85:3b:ac:ba:df:fc:06:ab:0f:80:bc:e8:6d:2e:c7: + ba:e8:ce:23:13:74:6f:75:76:c7:ac:9f:20:3f:25:1f:4d:db: + c1:b0:4e:42:49:1b:3d:97:0a:89:6f:0a:91:27:56:58:1f:cf: + 2c:d5:80:35:52:d9:e5:53:7d:a3:69:09:38:cd:f2:81:a1:60: + 0f:6a:67:08:c8:d2:9b:3b:ba:39:95:92:c5:a1:71:5d:a4:a4: + 37:4c:2e:a4:b9:67:01:55:74:91:b4:8f:6f:c3:5d:29:f0:0a: + 68:92:15:5b:bd:17:4f:ac:89:bd:13:e0:ff:d3:96:71:d1:e2: + 77:30:e0:aa:4f:51:69:f6:02:43:1f:65:90:56:88:db:c0:70: + a0:0b:be:a2:87:e8:b8:98:7f:96:46:16:e2:cb:89:9d:ba:b5: + 64:7f:0d:c5:3d:6f:70:66:42:07:2a:95:83:10:c1:75:27:c7: + 78:04:2c:87:8b:0d:95:ad:5d:0c:ff:a7:1e:c2:85:19:03:98: + e9:42:50:fd +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA0xCzAJBgNVBAMMAkkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtG7bYW/sH9FuPfoSJzuM94zHp30NXrUqAo2XKZt6ZL0NVpsfbnGr068QN5Ar +OvDuVUP9UOpGydgqp2h6EHShy/y1xLbuZ7SL9Y0StTzZDKvlN3IZvrKfuWV4wdFO +iIYQV6rlCu8aQR0KVUk0Xq73TikHwjQfeQ34tybcm96lAFwOo1Oocz/936sYA7sK +1tz3PgsoyGFRcWhI+lyHVIIZINkoLfoziUxb3KbZSURFxq89GvkoRRBYpydndXuL +WJKAo++BrpUnlytb093qerf/HNHext/q1hng/k+W1lnPhVJxdmLs+5d041+1KWLN +ib4DMFtaNV0Ioj1fs4tgC15C5wIDAQABo4HLMIHIMB0GA1UdDgQWBBQbJtDEQwBy +4qSrAdGkaNXlsh6cDTAfBgNVHSMEGDAWgBRfz1S9fDibX6Gs/qZueoOApkv5vzA3 +BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9S +b290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9v +dC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAHLi+goRxL/yYPSYKHIypBsR1XDfBpN9fgBEiTvYz8G9iStR0XTG +OMnmACDsmi0L9HYmbiRtvG4wbIU7rLrf/AarD4C86G0ux7roziMTdG91dsesnyA/ +JR9N28GwTkJJGz2XColvCpEnVlgfzyzVgDVS2eVTfaNpCTjN8oGhYA9qZwjI0ps7 +ujmVksWhcV2kpDdMLqS5ZwFVdJG0j2/DXSnwCmiSFVu9F0+sib0T4P/TlnHR4ncw +4KpPUWn2AkMfZZBWiNvAcKALvqKH6LiYf5ZGFuLLiZ26tWR/DcU9b3BmQgcqlYMQ +wXUnx3gELIeLDZWtXQz/px7ChRkDmOlCUP0= +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/i1_2.pem b/pki/testdata/cert_issuer_source_static_unittest/i1_2.pem new file mode 100644 index 0000000000..984bc2a4a7 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/i1_2.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:17 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=i1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c9:e4:64:23:d2:71:36:4d:70:84:36:ec:bb:05: + 57:35:56:0c:a0:61:1f:64:fc:87:35:4b:cd:3d:17: + 9d:6a:f9:d5:ef:8f:99:30:36:db:97:e0:80:72:d2: + 0e:30:42:f4:c6:67:3c:be:dc:8c:05:02:13:e2:9b: + ab:a0:45:6e:78:18:4f:34:ae:ee:5d:4e:bb:47:b1: + af:87:fc:d4:99:17:42:cb:06:b4:c5:5f:e1:a0:0c: + 79:5f:f2:b4:ee:74:52:43:6f:6e:83:4e:00:e0:c9: + 66:e1:ea:98:89:6d:85:23:1b:ed:2b:da:af:c5:6b: + 42:35:48:25:f9:a7:2a:54:90:f8:f1:b1:d4:93:61: + c8:c3:0c:39:99:dd:c4:a6:b8:2e:cf:92:57:14:8c: + b9:45:ba:fb:76:40:d4:d8:fe:44:54:17:76:ba:e2: + d0:f2:24:64:14:12:65:a7:be:c6:1a:d7:48:b9:4a: + 93:5f:b1:b3:76:53:f8:ad:5f:d2:44:19:03:0f:f3: + af:99:ee:96:b5:85:ed:2a:ae:b8:41:90:5c:dd:e0: + 19:0c:2a:71:ae:16:59:19:5d:3f:45:44:5e:4a:b3: + e0:86:ea:15:e2:fb:0c:b8:b9:6f:24:a0:c6:bc:fc: + f3:0c:02:f2:52:d8:34:fd:dc:8d:37:08:01:6a:f9: + c4:31 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E3:AC:1D:35:9E:1C:CC:C6:29:9F:37:59:41:C6:DA:C9:44:2C:B2:F3 + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 84:94:cd:21:91:dc:01:e3:02:e4:7d:24:18:4b:64:38:91:55: + 1d:31:6c:62:1b:1d:6f:23:8a:f5:a0:3a:11:ea:1a:a7:38:ab: + 7b:e9:ee:9d:2d:e7:d9:3d:9b:ed:41:17:4f:c2:ec:50:45:2d: + cc:09:d2:99:2d:ef:66:45:9c:24:5e:bc:90:ed:d9:51:a9:20: + 3e:31:e0:6f:55:9a:cd:18:96:04:7b:db:3c:2a:83:49:51:da: + 15:08:c2:27:e9:cd:8e:3c:c0:b1:fe:8e:19:99:15:9f:0d:7e: + cc:6d:33:35:44:46:4b:e6:09:0b:5a:8a:b8:65:08:e0:1c:ee: + ce:19:dc:cc:b5:55:2d:16:bd:fd:3b:9d:6d:da:56:48:42:d5: + 0f:6d:3e:3e:93:d0:3a:90:b1:74:9f:12:dd:54:57:0f:a3:1b: + 59:ed:9c:12:ac:cd:78:56:b8:d7:87:eb:15:16:8d:7f:b3:82: + 05:76:14:23:4d:2a:e6:02:cf:ab:22:96:97:35:dc:ba:04:08: + 81:47:8d:b2:48:6d:58:c1:d1:a9:ba:57:91:c4:43:aa:60:04: + 42:b5:d0:47:5c:6a:6d:d5:13:f3:dc:57:2e:d1:a4:0d:7a:42: + f5:ca:94:05:f0:19:9c:26:24:f3:06:e9:9a:ef:4e:4a:e4:1d: + 12:df:65:e9 +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA0xCzAJBgNVBAMMAmkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAyeRkI9JxNk1whDbsuwVXNVYMoGEfZPyHNUvNPRedavnV74+ZMDbbl+CActIO +MEL0xmc8vtyMBQIT4puroEVueBhPNK7uXU67R7Gvh/zUmRdCywa0xV/hoAx5X/K0 +7nRSQ29ug04A4Mlm4eqYiW2FIxvtK9qvxWtCNUgl+acqVJD48bHUk2HIwww5md3E +prguz5JXFIy5Rbr7dkDU2P5EVBd2uuLQ8iRkFBJlp77GGtdIuUqTX7GzdlP4rV/S +RBkDD/Ovme6WtYXtKq64QZBc3eAZDCpxrhZZGV0/RUReSrPghuoV4vsMuLlvJKDG +vPzzDALyUtg0/dyNNwgBavnEMQIDAQABo4HLMIHIMB0GA1UdDgQWBBTjrB01nhzM +ximfN1lBxtrJRCyy8zAfBgNVHSMEGDAWgBRfz1S9fDibX6Gs/qZueoOApkv5vzA3 +BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9S +b290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9v +dC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAISUzSGR3AHjAuR9JBhLZDiRVR0xbGIbHW8jivWgOhHqGqc4q3vp +7p0t59k9m+1BF0/C7FBFLcwJ0pkt72ZFnCRevJDt2VGpID4x4G9Vms0YlgR72zwq +g0lR2hUIwifpzY48wLH+jhmZFZ8NfsxtMzVERkvmCQtairhlCOAc7s4Z3My1VS0W +vf07nW3aVkhC1Q9tPj6T0DqQsXSfEt1UVw+jG1ntnBKszXhWuNeH6xUWjX+zggV2 +FCNNKuYCz6silpc13LoECIFHjbJIbVjB0am6V5HEQ6pgBEK10Edcam3VE/PcVy7R +pA16QvXKlAXwGZwmJPMG6ZrvTkrkHRLfZek= +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/i2.pem b/pki/testdata/cert_issuer_source_static_unittest/i2.pem new file mode 100644 index 0000000000..93499bd817 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/i2.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:18 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=I2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d1:69:29:58:fb:d8:7f:47:62:6f:d6:3f:4a:93: + d5:37:73:27:45:1d:e6:73:d5:7e:50:1b:e0:97:4a: + d9:69:90:68:7e:ab:26:f0:c5:2a:11:35:fd:cb:68: + cf:30:bd:b6:59:c5:d8:8b:0e:c8:19:c4:d7:61:d1: + 64:60:41:12:6e:33:88:ac:b9:51:4f:0f:26:9f:4b: + 71:a1:f8:b6:9d:bd:71:9f:37:4b:a6:db:a9:23:06: + f0:c3:22:b3:6b:b7:e5:e7:a1:fc:1f:29:48:4d:96: + a8:35:1e:0a:52:e5:c9:bd:eb:20:be:02:6b:fe:54: + ba:7c:98:20:45:f6:09:dc:64:5f:b3:11:ec:6b:46: + 1e:ea:de:98:64:29:c2:98:c9:c2:e7:9c:23:85:74: + 79:10:d1:b3:7b:c0:be:37:7c:eb:96:38:90:35:45: + f7:30:6f:40:8b:16:be:dd:0f:9d:8b:d4:b0:cb:e1: + 41:6f:94:e7:e9:83:a5:a0:5a:4f:fd:cd:90:eb:c9: + 63:b3:19:17:12:46:4a:63:48:93:44:2c:da:ea:8f: + 6b:d7:28:28:5b:43:ee:82:2d:ce:0a:b9:35:6c:16: + 0a:a8:0b:c2:12:b1:0e:32:ae:33:ec:3e:38:6d:74: + 88:49:77:99:4f:78:59:96:f5:11:10:86:3b:be:2d: + d7:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3C:E2:AD:12:A1:C0:96:C8:53:4A:6B:B2:49:5C:5A:A6:1E:A9:19:EC + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 5c:25:b5:ec:a7:e4:d2:4d:f7:ef:c6:f0:ac:03:42:0e:3a:dc: + d6:d1:32:83:cb:ed:55:b5:ed:44:8c:03:cd:7a:98:94:d4:da: + 8b:3c:ec:77:99:e7:08:ab:e4:5f:2f:ca:6b:be:0d:5e:96:55: + 56:b8:8a:b3:44:32:46:9a:6e:e3:98:55:1f:ab:3f:d7:03:27: + 2b:e1:cf:cb:1a:22:b3:3f:4e:c3:85:d7:61:ee:f3:04:38:ed: + d9:b4:ef:26:c7:44:43:45:9d:71:1a:78:14:cf:c1:cc:7c:d2: + 20:7d:a8:39:74:18:b2:a9:82:4e:6c:29:7f:83:a9:e3:28:2d: + f1:89:cf:37:ff:5f:ff:55:b4:49:47:60:d6:ad:30:46:be:32: + c3:67:1e:7f:e9:d5:78:4a:b9:58:68:6c:2a:e5:26:49:58:b9: + ff:0f:51:22:00:49:07:6d:26:c8:91:34:73:50:94:bd:83:80: + 24:58:83:4b:9c:77:22:e0:26:89:b1:76:a3:92:6f:40:87:fd: + ef:8c:cd:2b:e6:65:4d:53:ac:93:d2:b7:23:c2:cd:14:d3:8e: + 25:17:f6:0c:77:a1:9e:d5:ef:f3:98:f6:c0:42:48:ed:7a:bc: + 05:d3:6c:2b:82:b7:f1:f6:69:40:2b:4d:85:9b:f8:8b:64:b6: + 27:71:c5:d2 +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA0xCzAJBgNVBAMMAkkyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA0WkpWPvYf0dib9Y/SpPVN3MnRR3mc9V+UBvgl0rZaZBofqsm8MUqETX9y2jP +ML22WcXYiw7IGcTXYdFkYEESbjOIrLlRTw8mn0txofi2nb1xnzdLptupIwbwwyKz +a7fl56H8HylITZaoNR4KUuXJvesgvgJr/lS6fJggRfYJ3GRfsxHsa0Ye6t6YZCnC +mMnC55wjhXR5ENGze8C+N3zrljiQNUX3MG9Aixa+3Q+di9Swy+FBb5Tn6YOloFpP +/c2Q68ljsxkXEkZKY0iTRCza6o9r1ygoW0Pugi3OCrk1bBYKqAvCErEOMq4z7D44 +bXSISXeZT3hZlvUREIY7vi3XUQIDAQABo4HLMIHIMB0GA1UdDgQWBBQ84q0SocCW +yFNKa7JJXFqmHqkZ7DAfBgNVHSMEGDAWgBRfz1S9fDibX6Gs/qZueoOApkv5vzA3 +BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9S +b290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9v +dC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAFwlteyn5NJN9+/G8KwDQg463NbRMoPL7VW17USMA816mJTU2os8 +7HeZ5wir5F8vymu+DV6WVVa4irNEMkaabuOYVR+rP9cDJyvhz8saIrM/TsOF12Hu +8wQ47dm07ybHRENFnXEaeBTPwcx80iB9qDl0GLKpgk5sKX+DqeMoLfGJzzf/X/9V +tElHYNatMEa+MsNnHn/p1XhKuVhobCrlJklYuf8PUSIASQdtJsiRNHNQlL2DgCRY +g0ucdyLgJomxdqOSb0CH/e+MzSvmZU1TrJPStyPCzRTTjiUX9gx3oZ7V7/OY9sBC +SO16vAXTbCuCt/H2aUArTYWb+ItktidxxdI= +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/i3_1.pem b/pki/testdata/cert_issuer_source_static_unittest/i3_1.pem new file mode 100644 index 0000000000..0e63df0d7a --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/i3_1.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=I3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:ad:d0:52:c3:c3:db:22:c1:cf:d4:40:39:dc: + d1:75:c5:07:26:08:d7:99:df:06:dd:de:37:8c:94: + 14:16:44:69:09:e7:5a:17:08:bf:d5:a2:ed:fd:d7: + e6:ae:bc:33:9c:42:4e:fb:20:5a:94:83:4f:60:71: + e8:b6:ff:68:78:c0:2f:09:05:cd:24:3e:f6:ee:f3: + 8c:98:db:0a:15:98:1d:48:dc:ea:11:e7:0d:52:61: + 0d:b4:d3:7a:55:40:bc:29:82:a0:1e:02:d3:00:ed: + 9b:7a:a9:48:76:0d:37:a8:dd:40:f8:13:44:1e:1c: + 3a:d5:db:ca:e7:40:d5:22:77:59:78:43:f5:b5:df: + d7:7e:db:73:2c:e6:73:7c:09:e1:a0:30:ed:8c:c1: + 4e:7d:5d:4c:9b:3a:0f:13:33:a1:9f:3e:d8:06:50: + 9e:0f:2f:59:d7:5b:7a:db:80:36:81:21:5b:7e:0b: + 7d:c8:2d:8c:1c:1e:9f:c7:3b:b6:78:6e:97:40:b9: + 55:04:1b:2b:a2:4b:7c:a1:6a:a6:46:c2:0d:70:07: + 60:9b:e4:52:12:6a:f5:f9:40:44:0c:bd:35:f0:fd: + 00:d7:dc:ba:9e:9e:ed:30:c4:c8:e8:8b:cd:4e:5c: + 50:66:12:00:db:43:4f:d6:67:d6:4f:7f:68:57:55: + 5f:f9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 02:D2:01:6B:5B:63:DC:4E:54:01:08:CD:A7:27:A0:85:29:78:E1:D3 + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 49:aa:46:a3:20:60:5a:9b:b9:e4:2c:b3:b7:7a:fd:c1:2a:87: + dd:43:be:ba:12:2a:c4:34:68:10:b8:97:7f:ce:e6:cf:1d:9d: + 4f:af:e6:53:3a:7b:85:a6:95:e3:1c:c8:c9:13:c5:a0:cb:22: + 08:09:c8:0d:e1:84:75:23:57:01:2d:db:24:7b:db:95:84:60: + 4b:46:ba:c8:39:d4:1f:8c:7b:32:7a:95:7a:f3:e5:dc:2e:4a: + 37:3c:9f:c6:45:91:5c:7d:67:5c:ae:53:e7:ed:ca:80:59:30: + f1:85:a6:51:0e:a8:11:91:aa:ba:04:11:92:ec:d2:4f:bf:af: + 51:4d:c2:1e:0d:8a:98:a8:61:f4:e6:da:70:28:1b:b5:03:d6: + 53:7c:27:13:e1:29:03:7a:25:86:0d:b1:85:59:80:98:42:5e: + 79:54:14:0d:1c:7f:74:33:f9:21:b2:27:5e:b5:b4:92:f1:cb: + a5:44:20:9e:50:96:36:09:8d:28:db:f0:51:02:67:24:0a:b8: + a8:29:a2:5a:24:e1:b4:b7:ca:41:eb:b5:79:5f:13:7e:cc:7f: + b4:1a:0d:ad:64:06:82:34:00:48:2a:c8:f9:64:3b:38:c5:92: + b0:c8:4c:82:8e:e9:00:6b:46:fa:de:fe:d0:45:a7:5b:55:e6: + 70:52:f9:58 +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA0xCzAJBgNVBAMMAkkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAzK3QUsPD2yLBz9RAOdzRdcUHJgjXmd8G3d43jJQUFkRpCedaFwi/1aLt/dfm +rrwznEJO+yBalINPYHHotv9oeMAvCQXNJD727vOMmNsKFZgdSNzqEecNUmENtNN6 +VUC8KYKgHgLTAO2beqlIdg03qN1A+BNEHhw61dvK50DVIndZeEP1td/XfttzLOZz +fAnhoDDtjMFOfV1MmzoPEzOhnz7YBlCeDy9Z11t624A2gSFbfgt9yC2MHB6fxzu2 +eG6XQLlVBBsrokt8oWqmRsINcAdgm+RSEmr1+UBEDL018P0A19y6np7tMMTI6IvN +TlxQZhIA20NP1mfWT39oV1Vf+QIDAQABo4HLMIHIMB0GA1UdDgQWBBQC0gFrW2Pc +TlQBCM2nJ6CFKXjh0zAfBgNVHSMEGDAWgBRfz1S9fDibX6Gs/qZueoOApkv5vzA3 +BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9S +b290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9v +dC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAEmqRqMgYFqbueQss7d6/cEqh91DvroSKsQ0aBC4l3/O5s8dnU+v +5lM6e4WmleMcyMkTxaDLIggJyA3hhHUjVwEt2yR725WEYEtGusg51B+MezJ6lXrz +5dwuSjc8n8ZFkVx9Z1yuU+ftyoBZMPGFplEOqBGRqroEEZLs0k+/r1FNwh4Nipio +YfTm2nAoG7UD1lN8JxPhKQN6JYYNsYVZgJhCXnlUFA0cf3Qz+SGyJ161tJLxy6VE +IJ5QljYJjSjb8FECZyQKuKgpolok4bS3ykHrtXlfE37Mf7QaDa1kBoI0AEgqyPlk +OzjFkrDITIKO6QBrRvre/tBFp1tV5nBS+Vg= +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/i3_2.pem b/pki/testdata/cert_issuer_source_static_unittest/i3_2.pem new file mode 100644 index 0000000000..f7e129b3fa --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/i3_2.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:1a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=I3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:69:2a:fa:fb:3f:74:eb:e7:a8:42:19:92:88: + 30:f7:1d:0b:77:09:d0:74:17:3e:2e:93:57:1a:49: + 4a:10:e5:37:11:13:0f:25:fc:2c:11:eb:8f:95:86: + 9f:c0:67:b4:be:5b:58:71:d3:66:09:ba:c5:db:5e: + 43:4b:62:b3:6a:c1:41:fa:a4:e2:80:3d:72:0a:48: + 26:e4:f9:96:ae:4b:b6:b4:2c:c6:5f:53:bc:80:65: + 13:5e:a1:04:f1:e8:18:9b:e5:db:15:04:29:2d:c5: + 97:7b:9f:a2:6a:f0:bd:ac:f7:89:c5:6f:5b:61:39: + 97:82:eb:19:02:eb:56:a2:f7:2f:e8:56:72:26:f2: + 8e:d8:6b:6d:4f:0c:4c:4d:bb:46:b7:f1:4f:37:33: + d4:9d:8b:5e:35:92:7c:e2:79:1a:55:fc:01:17:b1: + 26:2d:af:e3:16:e4:96:2d:a6:41:81:ab:16:b0:74: + 37:39:65:ba:12:0c:f1:8d:a9:1e:3f:51:91:a8:50: + c9:16:b3:ef:78:25:67:e5:c0:22:ec:93:64:50:a7: + 81:78:10:00:28:df:17:c6:35:cc:9c:f8:50:83:36: + 1f:a1:24:f4:44:c6:2f:69:a7:bc:36:73:69:3d:bb: + 24:d8:19:74:1e:10:25:e3:0c:fc:d9:e2:95:2e:bf: + 8d:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 40:F8:36:2C:4C:E3:28:99:C2:3E:78:F2:EA:68:AB:4F:01:7C:FC:28 + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3b:bd:9d:17:4b:ef:27:81:ff:c2:2a:a1:db:dd:81:20:01:61: + 3a:7a:2a:06:0b:bd:6b:02:a2:59:6b:ad:1c:7c:22:96:59:76: + b4:35:f3:75:da:ce:67:20:5f:47:93:c0:f7:4e:47:7d:de:f3: + 3b:48:83:c0:bb:00:5e:66:eb:66:49:95:19:7e:44:8e:1a:23: + d6:f9:41:40:c0:6f:76:20:d3:14:5a:44:a6:48:a7:d7:1d:e1: + 9e:c4:de:f6:46:7d:5d:cd:62:2a:8d:4c:dd:38:88:4e:1a:fa: + e5:d1:ac:c7:0d:27:3e:7d:29:36:12:07:d8:f3:05:0a:2d:fb: + bf:dd:45:03:ac:aa:e3:df:fb:8f:5f:ce:6e:a5:f7:69:79:0e: + c3:e1:0f:62:03:89:6d:78:a4:df:aa:6c:47:fb:b4:9f:a3:74: + bd:58:05:e2:01:1d:88:b9:71:53:d4:0c:6d:4f:d2:f7:e1:ea: + b5:f4:0d:17:28:db:fd:3d:fb:80:5a:e2:bf:ce:5c:8f:8f:48: + 4c:f6:cf:d9:c7:3d:40:9f:0a:35:8f:9f:51:52:d9:5d:f4:2d: + 29:f7:c4:8b:82:eb:5d:24:36:ed:57:e9:33:ee:2f:fd:80:a4: + f7:db:14:dc:b4:0d:6d:fa:33:b4:31:d2:1b:51:81:82:6a:89: + 71:a7:6c:e5 +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA0xCzAJBgNVBAMMAkkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA22kq+vs/dOvnqEIZkogw9x0LdwnQdBc+LpNXGklKEOU3ERMPJfwsEeuPlYaf +wGe0vltYcdNmCbrF215DS2KzasFB+qTigD1yCkgm5PmWrku2tCzGX1O8gGUTXqEE +8egYm+XbFQQpLcWXe5+iavC9rPeJxW9bYTmXgusZAutWovcv6FZyJvKO2GttTwxM +TbtGt/FPNzPUnYteNZJ84nkaVfwBF7EmLa/jFuSWLaZBgasWsHQ3OWW6Egzxjake +P1GRqFDJFrPveCVn5cAi7JNkUKeBeBAAKN8XxjXMnPhQgzYfoST0RMYvaae8NnNp +Pbsk2Bl0HhAl4wz82eKVLr+NxwIDAQABo4HLMIHIMB0GA1UdDgQWBBRA+DYsTOMo +mcI+ePLqaKtPAXz8KDAfBgNVHSMEGDAWgBRfz1S9fDibX6Gs/qZueoOApkv5vzA3 +BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9S +b290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9v +dC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBADu9nRdL7yeB/8IqodvdgSABYTp6KgYLvWsCollrrRx8IpZZdrQ1 +83XazmcgX0eTwPdOR33e8ztIg8C7AF5m62ZJlRl+RI4aI9b5QUDAb3Yg0xRaRKZI +p9cd4Z7E3vZGfV3NYiqNTN04iE4a+uXRrMcNJz59KTYSB9jzBQot+7/dRQOsquPf ++49fzm6l92l5DsPhD2IDiW14pN+qbEf7tJ+jdL1YBeIBHYi5cVPUDG1P0vfh6rX0 +DRco2/09+4Ba4r/OXI+PSEz2z9nHPUCfCjWPn1FS2V30LSn3xIuC610kNu1X6TPu +L/2ApPfbFNy0DW36M7Qx0htRgYJqiXGnbOU= +-----END CERTIFICATE----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/C1.key b/pki/testdata/cert_issuer_source_static_unittest/keys/C1.key new file mode 100644 index 0000000000..875508ffc0 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/C1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArnFkup8dtLzJisft76X0Ql3G29XJsHdFg9EVvy+bGaN8+/1w +Yg2Vp71YnyzVxXj8+iPglz2dDKHZcY8DKMd80Ql/lJB0wdvG7K7azVFFICM98iP1 +9lMjhrAWhErqvdQKGnCRcI0hBrme/C+irYAksgbta1Wsy61wRPHt1CHlzf4cQuh5 +Dn2HGAjBhTwy9u6W3FqEY5DjZ6P+MVLsvEMkhnelVqNM/jkv7dJ1ZFMwGqPOMM3y +exNxvrSAlZqjjvE69RVlqKORNBJn3DTPJV2P73lkSa8KPBeJtZXahSvfevFXHw+w +wbzhW0qGpy7Ia6OWxigp1jN88udeGQlsk8sUzQIDAQABAoIBAQCATz3FGzaRc29X +GjnEVS/2BN45YuYIW6KRE6DIUK7ny94px7/7D3zttZNS+Xp/1r9VCkCvXg1/dijn +o0aynxEK/M6PqzWGRi7qdq7P6KBMxD9TNOo89egisLDPO/+wAyAvVG9V9yi8tpnf +avZgYeob3IaTtZ/07KywubaymwBaZADeAYUlbht60PViywQoP9r96yvXBgGtT36l +uW8gjPmaUuzBQWnTfCoM7Baq0TI5cFdSfS2reJ9AWbBiMmiDiMWTcVq9050uiirk +wUcXOcFgE6WlHY1xmFzdgbrSvxIfQpqq3YDTz08X0GG2CCAsOrn5PgVan0QeYMlL +SrXnxGuNAoGBANcwC31BdAP6gq+HDSCugIlslQHponx+dOC30uoLs2Ft7i936mg9 +HLYcQX4qOAd8McKglsScHKhAIcbdgEBrjIHNje+DWY43gF9TvVEN23nJ+8FN/B5a ++6mOnUdXlsOKGwh9m0t/L9nFYXV3bd+eJdSCW+vGBWYXZdCfpbHR3e+rAoGBAM+H +FFipy1idVTYRyeYAVRiw6psZyxfSrTTIKpLSJUWmvihZdg2i42uxG1j7DFILQKAh +NwY6kjs6PcW6JhaRz57siJIJR2ICYOGFfJCmXu6ewmfgfG+7PrYGBUKjtTZ13Xi7 +JY4jw6qIHF7c/kMj7DK2dyhFKptcMGGMoqYqY/VnAoGAIjDLEorM0TkDfLo7lr7D +Q5KSFmy12YwKLA5pH7DePpPF7ZrjDs7u+eyBZ3dz0ZSlH2R+sByR3RXbiAp3r0Sn +XZR4gd7f4t3kssDOasuF3NMAAlXOwk/4fpdfXA+Jr+YIp4+1lghOZQ6cjpp8RbSO +FDbmPg8HmpILJlvHavqKheMCgYAv2z2U6Krs53NEAbwmXwNAq2Oemscb2kh4+IPg +0bcopbgKQ/8WS+7X4cKltVb1AIVJp/8xX4ZjRB4En9WytLNFOdSQoLUmY9gFiavd +C5CuxEueesUXWv2uKhtCb9AVG/8TnUyex56Sj8rDEYFM6FbKpws5bSHTK+I4TJ8h +ZHsilwKBgA3qYo8z/eD7NJEn3fta64ZcWbPNyP3hP/TUCD9kq4iwWN8VLnl6lojm +t+7jqafgkPGoLmYT2l76cIQNCHopbhsyFDVYzSC3z2sBNSrDsHjvJ0bpmVfvnfov +E07ojdu832SXZeDF02nwMa9s+CRLtNf7R3HmbdO0SgY+QAQEhnn4 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/C2.key b/pki/testdata/cert_issuer_source_static_unittest/keys/C2.key new file mode 100644 index 0000000000..b86252ec26 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/C2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuZ72U8qMMbQKaiYjEQPM4eOTnth2UokvDEIVIcDZvBbqbrw5 +wC9iijXJlXFNo0Wsf7N+7Pqs8+i/ZgIasb3OeRdqGRKW67Gd3eMcaRXh9jTtuk2v +ClADQy+dfI55+pITLXMWqN5ywmEZVEsBL1yhd/z3gguqy49VDRnYqyyvNbT361Im +l15bAPOoEvrODQ1WzRUcemeCn7P7XwWct581ZjsYk7gtHUebS17zIG+Dx12R0isZ +nanzRv+T6z/7W0CgjV2rpd7RAtRrPhokXIai7J1QG8OSIidfp3lbQJfMyhD/7QYq +URHly7EKgoSSLwAQbRmv22ZTjfcQs7xKUoPrsQIDAQABAoIBABZcbwJDGUZ3kPWe +qITJN2pS9xqgqwhgXFmWsGMDj3dYL1+trytWygEqX6FwJ9EueIxdvEGiJSmw9TW9 +tSeKXRA7YN2qXqIAIKt1S5vhNfpp/+V8rESKxQnX95nktA8af9Lu1WD8g0ilV97O +tlLVTuJciBiTfTzOhIlyfqaIWIcYlFsEiJ3eeRb1TH5374LUNiFD6I54F5E03KzO +lUlv1Rn6xQ5OhIw1BE3EOpR5xXm0fIOP57OQyEHcOdgp8WuVgW03LeHBNe/Vx3Zj +0ONM6Y18XoV6dpnnv2WkzPgA8CtToN87QWig5zrdjquf0gmc34ZaE/viRK+fK5qM +y+lbsgECgYEA5SOI2H9B9vF8TfMdDixBV5KGT3fIHWOQdFxj1rvJjflvWf+lm+f5 +d8HN20atbSyXQDW5+rzKepLrvIa1GyUEPhCZQrf74izWF7u4xaSmYpin5bhok3Bo +dQrIr6bONLL2q11OQiaW2REDCkDCvYOu/gYAlc9slcYb1oAohaJDpmECgYEAz2F0 +bT37J+3s8eqLa++XiKIG0E4vhqfwn4CY0iSGWyI4oN/EhgfC61GEoWjXQ4fvyLVt +rMo5ZLVb3kEbs7T1HOk+W/5bDB1fExL9S65AhxFTnJZ9uFntDFq65Z3PrzvIYmlj +ICsvFMc8PBOAmfcAOv4FBPislRcTo/uZAZxzp1ECgYEA4esvOYX/G+LslE5nD1pC +8nzdP+zxuUg5XQDazxVHnFualjmgpx8IsDK9LL16sHGOjxhpzfXmDQReuPp4BdNx +Y2AqO8X66v0Z+Tx06Sl1gzDQGYbAVN43n26Kf+UO2pa47iyIxGAXyt0jCjDf0MrM +9lgkq5BflyxEtjCVw2xBFwECgYEAvvhwnbTJF0EbxL8HOxM8yT7j5WlKjMcUZ92l +XUbzTvMZkNPfhsmY7th3uafxK6f/4SVp5QeoiJwWCHqOhxOp8MC9gzudHm/hwI/p +H4tMstT62SUgiuaMy6a1m4OS4Dy+UBnahaIezhSW3H/dGmuCE9EeUDCrxPOmS4kC +oqAvRLECgYByuRj5W5n8co8o0uiI5JvPBk8hGtlM/hrViL3GEbGqp96nkmIhxFM7 +A77MpFdpzU0hOi2zuxg6KNc+E9ptdDsRJnodt1UXipYP8tjNr8oLp5xmC/misUHm +9ywaW5t5ZxbdhfSA6kuEqb5Lerb/ytrvTBvZlWZKgeZ9bKOfqPi8kQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/D.key b/pki/testdata/cert_issuer_source_static_unittest/keys/D.key new file mode 100644 index 0000000000..0133ecf7e9 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/D.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwq4HSjXO6ia/udSsuMJLQMeZ4lLVJIqDGjH93bTsuYqQZ9l/ +0+p/ipbWq6Xo7llhbfN/JhSCGZD0ZSFoIkVYWi7UlDGnEywnDwcmmnfcR5rXBBiU +vQnj/PrvRGHwtsZlN5WOxWeGf8xY5+hD3u7L3q1oAJX0zSHn2zMJwW1rU+uN81PM +eqPwhrsPLD+UEdXdUkSWwZdK08pIQLVnlT3GWESsbaMvpGDrcki4Hcs9awqwvz1C +aMx9KXgpnj3sFq6EmDH+zrK196yJ6N/H8a2GOCL8JGZWzF8J2CPr0meWsWfe9q67 +jtuIqTn8nII1i7hJVLRfeFuUw0+fvL8LBvwEZQIDAQABAoIBADHRnRX1jRzIi7m/ +Xe/t8JoEOjH7poWyWHhkoKWSvh2BAxFATIDrenX5wbetPl14TAF6FWimSODIAnK6 +yM40VrbFUysVRb8XRmuHFe7ji2BblHh83ds+Y7SCdqZWNeZgANjnkeCcbIPZxEqc +Wnn7O/qg/4Ne3IV+Dro+Zlm0aYnQxHly7m/AdwfaZ1RZVfInF0dvjZylkbtmJuaC +hsJ6RAq3jQ6nsyaEbEqdAxbnJ2evd5PhlTcADsxgKBCKySMrUgK+QbAgYzyY1EDK +ndYwQEDBgXEde2/z6aFfl3O9usthwqkG39+rna1CJlqj+oRVyF8/lqpBdDtuaPBJ +qJd0iAECgYEA5IP8ucjMXYJA3GvUMQZq+do5Pun7soGU55Zt0Q+/VrCfyoAWD1FX +iSMS8A+kfuM8Ju6nzchn1Rokx304++CpE2MQm7VZiU8NTIMIGxEsbsm1+hQHWd/n +FC/mu9kIFV4GwKfGRbb0ZlkXwo308PMYdeiDwPj1X2pzMqK+TFwbRmUCgYEA2hg8 +Kd73HSvOo2wakopDtqET4/d+EVp35T305XgXYMHMXB3d8G+9hcx3KeLrMWXcUXAY +RTi2gewz8nV60LS1i50zBrZ2z/0MdY++0LC5p6Jrkfe4WlXhJztS5Wb4EKwiNoVZ +IPMQ7Dumxhx/mpdeOUgiynYtflfrjC9B1Y/65gECgYEA4Sd/EprbaeMV/1irOSbG +rqmqr+ehnQ96ZPjd+RhYAZWDy+WKVsthwXhyh2ASRwekVAPgCK1GST06MeibBeol +DToVuiXkM5tVUiblDK5OJlbO27lySMaJC2XrJPlBsrPzWU212SjcBCASfhqa1fHg +DwTrFG74bWwYVzLs55X1NdUCgYEAwtmUJvSFYxKYc3lJ5FKTXL9cvfeIMojZRX6t +Jba9bDy5EDO+7elnMfsTG+EYr/GJfVjg1jdtF3aokp5TM9O/vxSbWgv66qfyUbYz +jM/XjuWVpbvkgRDpL9vYnAv65SplBsDseHuxSt2giq87cip6jELeknQzAQYb9Ark +jqEsUAECgYEAlZ64hDcl1FQOoXB2bCW+5aovqA30+aVIuajWV+mDMhLU13cU/diF +MoyfNxuR+DW6RynyKI4jnTY1QYUoNhgrefXSFN5J+W/iq6eLl2WGaliMaFMzevkE +KE/kP8sG+SW5wtU6WGMxWYAxnNEW8nVm+8sL3jOLFejIF0Daop7aV0U= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/E1.key b/pki/testdata/cert_issuer_source_static_unittest/keys/E1.key new file mode 100644 index 0000000000..ff46f24305 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/E1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEArpFrePszEYK7Us4itSikwbsXZUlvhQiYPyvhttVDQlyfMLWR +nChqZhNiss8BkBsMxliBm3j2dxLiGjKfqfPQWVaVi79ruDnVdwRGZkndHmURjVGn +tSXR0CVzACeYOgIxkIbPqFPdEPyl9imFzerJ2Qh7WIfDanLyF33n4r73iMh5tSlD +LproPOALQkfCDj6xby6pePAzDLG5Zzw/rEcUMx0qWjd9JH/Kp018qSiChjurb9Jl +buPM9nqWZYF86Y1kRkVG/PSfb2f4mivfzKk63jETqQiZ0f1Emb4ozXS8hFj12d+9 +9Supu+zzUOJ1uxna1PmJVQ8zH17sSB3gkS2DoQIDAQABAoIBAHaeMZz/c/AOGSNn +FoZqm6lYa8lTYQfQk0M5miIWP6G0Nidu+QZXIBVETuiZaMJ23vNX6JmwVCkNF74d +cAiXt5c9EljnNVb1VWuN6BhRUIL6wjZ4qbCZhjwddktAnFuuaed+81O5yJlmU481 +H8qQI5/p94ZsmgiXGpGD6DFW+fRixY8SHhK/T5xJd0C2XW/dQ2aZu3Uu8Nf49ebE ++0OZ8wmCRwDboqxnD3rpyJVIgBiQ4WC+x5aZk9Ihkuo3KJT8LpmEjta128aC6GEp +GnFvDFjanNuewr/lZLZyl/8TY0eqP9eL9vTyYLoJIuYpDiZfVaecY74PKqrPHkLG +4qenoAECgYEA2LXn8Sct/jbtzDUS61jpMxf64tWMOC3Y77mOvXkWZz1ia45vpoxg +aveVf9LqMmFx+OU0eVeX1/6VZ6vpgu74JQZTINeLHszmR4d8GZs5wk5fZWcEKzJG +uHD94RiWyl5BSSS5ppXwg6s3hYbZvU5BVjoJoGCo5vje30pN5J6QieECgYEAzjeS +L6uB9rf3DgmQXkWzwMXqS8imsu0jn/HRRtME8pFlYtJ62s1Sg8D1HEaohIT9+ehd +iP+4bpbH1dQj/4UNfR5mxq0lVPc6Bgm7sA7AN9UP5P7UOLtl2wgr7V+s1rLVkVVm +ZKEC3vx8U+DSc32ICVBOvmxkaGBj/bZK1i0BscECgYEAixYE7SOmQzhh2uRdZitE +UISdgyRnwE68ou9HC5hBprUhC8L5Kb2CzGRm0Qk/QmKEUahZy19Kl1hP75/IWT6i +iLDMfZGZOoVrbpEoNw8HPQwr8dryM/8qoIn0h5nOfceMwzMM7Dvjh75F/i8UZIlr +KbpKH2KqRMOJ12nLIGYcgkECgYBWqBuSVKwklWIIUBSOyROkaobumb8TaXuS9vdO +n9ZwaJEGWhSuZaHLJAbcfwTJy2k+31qO+4bxUgNf4+nMsojcjy35R0Fs1wdXCjgI +3+n+jFZFkKB1xqoixOhQs+fZwQTmMdD5cH/YXJmSVeOaDKJh55Fvi/UVt4vNThFc +t0UDAQKBgQCOWipJJLYeR51/IFaZnqxdVMvh7yl0QmUJHapAAcxrXG2TibMdYlt2 +O9oP0dOVDddJTe2RLRJCcGivL6w4bEuKA+EO4K56G/cS0QuI2dghpS2e1xoSHDfQ +JK5oTDjiTjaTwrH5HlpUjZWVoq7p37F5WEYhqGZztyhkQ8ToaQlqhQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/E2.key b/pki/testdata/cert_issuer_source_static_unittest/keys/E2.key new file mode 100644 index 0000000000..6f3b6e8f7e --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/E2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzT+uoEA0IaFP5HJZX5cjo73xZMTFnXOmYbtoEjCXM6GGSqO8 +555DOt6+BhZuwFz6nuTtuUMa4lgMuZKPw9MrWcSSwDLbO0A/tVohpHIY+nmui54q +LfDtIAugcq+MAf/zE4NNihR+Z073UkDx6Wm4RlFbH+k+NPCHmvKkxCQ0yrlS9ItL +Fr3bvicdHjJxfKMsiuVE0DEhOfxW5se9Lzb377Q2PqI1LmU7SqwwrkdXSVjk8eZD +U9TszzpG7RkAn9n64gjKIJPXETZKkYk00McREZlNP43H45qQV+4PK6Dqx1R0Gzlx +LmtKxLx5DCvLFTAG6KyKdNNGcoL/WrxSoqbm8wIDAQABAoIBAQC+uTVo/iAzO/XE +X6nDFOvuRRuiOuMzG3t5h67+cB6gwLDMfPiV9k+czcygVYoWwI+2xR5OMBg0SgOR +Ear8GidHZE3FwbxMg7hvqdBnQgsJ/bZ/ULr7M8z1ITi4OX4Ngax77mBINiD7mLpj +uavR7QZqeUEHFzNR+EzaZC1NgiN4WDEIWpkDYD9gYD7OR8oIvVFJQZxpq5gIJtp+ +gqyiipDpCjP0EhP88tF6iYzYAWLl/RlgNhDP8Mv/8YLjoKNTtZzZHnzhr2crmvk6 +VgguKqNe5Z6cAQg1zrs2r1pB/I/G1b5WJbGXw6VzI163VJ2vGuex3rzR2KNDMKM/ +T7kUyQeZAoGBAPMl1lkbIW3dyh4Wa3/Rm8dgnMcD109HeOK7meixmN374Brsdlkj +dCJtTP3zU96I1ucXp3E7V25s3ugm9Mp3D2t2Tw5CTpMYPObjYdQGkFr6NBFkFpHB +/j4mz/w1hZMBRTTYbIC0ZlrH23rrE8oamV3nUu07YsdIF87QTD5CzdDPAoGBANgZ +Azy9wcnSKAqrDMDT1jUxzdIqOjn7KTPFXGbqp/HKyZsf1hiFX/RvI3u3ajAx4qH5 +veGNdZQSdJSUnZwgZ7iPJPLhj5Qsr/BsJYJtSscEcf57HVX5j/mJ5qt3HUX6Ul3X +2sQwXZaGpZqLmd47fr34UITJMeyrCgcweqmtuqidAoGAK8/4lKvH1UUuo0dE7Y42 +dLGa7l1p0ZY+WRSWwhAmTHGTSyaqmJtD1OQ/CE9tIF8l4hQoDsYzlek2LTy/xS+4 +7pMt4ZLfF7A5YR09xne8UTheY3fWfUMobciOl5KJVBjZgJEy0+otu1Ph3382XKd4 +VSxWi/q0bNY3vANaial97o8CgYEAp/QIyBTToQBtjp0S9GuwePeUeFvJlXbXtx0V +jAelMA/kUWSVCcnfoiMe+PC832hmNG3eXoeLcuJFKZW4SbgF5TOcDAmzhf6VX88t ++AjprXSPBLK7Qi8M7212kp2patH7YmR56zGMC4nq/Aq0ND0ZbJyqOAoHe2IUETJk +o6wa/yECgYEA4V8WtbetCOCexgOXXvCGIo4S9bZDh27aho0Jsvj7WcMaOOnetiwC +wJIAQo2ltPAMd11pUcqTBZ3V4PFb8H4nFb/MIQXcg4o54dUFx5bi4/ani5n/BT32 +KEG7bBErksKD0aHWoKZzPBdm6GJ4eCCy3qpE5yIqZi+HHysOyG/qA4o= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/I1.key b/pki/testdata/cert_issuer_source_static_unittest/keys/I1.key new file mode 100644 index 0000000000..c6ca1cc9a3 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/I1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtG7bYW/sH9FuPfoSJzuM94zHp30NXrUqAo2XKZt6ZL0NVpsf +bnGr068QN5ArOvDuVUP9UOpGydgqp2h6EHShy/y1xLbuZ7SL9Y0StTzZDKvlN3IZ +vrKfuWV4wdFOiIYQV6rlCu8aQR0KVUk0Xq73TikHwjQfeQ34tybcm96lAFwOo1Oo +cz/936sYA7sK1tz3PgsoyGFRcWhI+lyHVIIZINkoLfoziUxb3KbZSURFxq89Gvko +RRBYpydndXuLWJKAo++BrpUnlytb093qerf/HNHext/q1hng/k+W1lnPhVJxdmLs ++5d041+1KWLNib4DMFtaNV0Ioj1fs4tgC15C5wIDAQABAoIBACO5j1ZLgsUKAnni ++ZUrBU4+YYmYCP2ngRngTv29+w3XILz1GdQUTaEsGFnoAac57PaU76MFv95XHprm +5MQ9U4vADX1Vev6tkMidlgasdY08u7WuscpAM7/Rh4dYmeQOJ040WAVCMkCSL2mT +hPr6SZ0AIrkg+NpPGd+poiR6gNEBE7MXcKKECxw73HjzmhFzjb0+cQOljAd6jbtB +CGY7cD9C6dafWEUYg7FPLC0SXD1ZIOdTCdJ0brsWBaOwDClxrTDBxChsxLnh4bxl +Uizv1HKDz8T8aBbaDMJBRSdcwsND+TscZ+bbDwx+WfflxgRkKSyEPRZwA/lGKA5d +s3HIY4ECgYEA6ukJKhoyyZX8+VMbHj2oe05feQCqEFu270iw7ACYny5AU6JS0SlQ +XWSNFeEDwkqsvwP3fQnqmOzLWcNgRegpOINFPgA1UXM2VAI8NURX07uRx9z0hkUo +YAGU2JhI5ifaVmp0fE3xjwST3Gl5yqKf+vPzxHrdAM2/OSNgJ0nxxKUCgYEAxKHD +8vIN4eUpr8xmuvCwjem/m4lmxHU1MX2cYgzQGINsJIjyiHtuZ7SmmN4FngFtiSEH +pM857YIUEZuVHmz7TSFRJsFLsMLrVN+yd0xuqZj1jHsyyiTyEF6fc0LDYA15b/ok +rJbctMtG05NoQ2mZgM35i7uBFnuXsV076ntt95sCgYB5V6jpO6EyaizDqX8fjuAB +2ckNWx991bJYRidFsUUlLKID0ZyP+JRPucn7HEFx0lsLTIRB7aZmGiMsmfSYB8WL +MJvK3BaunSHaIVFyfnwTnhc+s08IMJ8bgJWfkIJPiRSKgPDs6OI3azjpqP5Fgt26 +ptsrif+xE5aMcE6R3OtrFQKBgQCCDgi/4M/D0MIAz+5GyTnNs4STSI8bc/ap9E4C +ID1naU2W4KmiEhnVKAxk4bzPZFxhreITZSkIadgCSWiZBjY1LssxGfqJQHNM4OR2 +uawcKtqGf1n5j/Q3VY6bOtZk6qSeptGpAeObBTSkbkQxCmCIbDQY8v0PtNGBc4xU +rCzw7wKBgDgXRAfXxnTZTwtZqgX1TnTgHos/ekZwrgvm/XBwJkvp7TjnTAPB0v6A +VOXI4BsfyJ2++25b/vztQPY/bhPusnUd/NbWbJHl+27gW9BMJvVk2P95lRQsTHJa ++a5cviN6eimu/OCmwifgKI4rUW56jCZrUbueO0HKDUN0J3yMk8OQ +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/I2.key b/pki/testdata/cert_issuer_source_static_unittest/keys/I2.key new file mode 100644 index 0000000000..8cc60ea09d --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/I2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0WkpWPvYf0dib9Y/SpPVN3MnRR3mc9V+UBvgl0rZaZBofqsm +8MUqETX9y2jPML22WcXYiw7IGcTXYdFkYEESbjOIrLlRTw8mn0txofi2nb1xnzdL +ptupIwbwwyKza7fl56H8HylITZaoNR4KUuXJvesgvgJr/lS6fJggRfYJ3GRfsxHs +a0Ye6t6YZCnCmMnC55wjhXR5ENGze8C+N3zrljiQNUX3MG9Aixa+3Q+di9Swy+FB +b5Tn6YOloFpP/c2Q68ljsxkXEkZKY0iTRCza6o9r1ygoW0Pugi3OCrk1bBYKqAvC +ErEOMq4z7D44bXSISXeZT3hZlvUREIY7vi3XUQIDAQABAoIBAQChAU29EMU/9s6E +ViGLYWZJn8vNpFOPM9JOHWDscav/Mfxlh4oFDFJvsSdUwVyriPEuzKLVJ6RJy8Id +fzTBnMZi3FR1GHafZnK3fvX7JpKhbQpy87zCqZi9SZTLM17nrxigozaJbuAcZ30k +edhOLEaUMreV357QiKxpJz2JDMZAH7ff6J52iKF5x/7DatuAho/jzg5WBqRG9kR+ ++miTw36Qda1MrlzKCum1X5xwokKlrcOEDHJaICYU3z2ECXTbdroLqXs8SoWX6Scd +T/rncrJMBO6KCkB2mEJ/qp1e3sDSYnXT7/eV7CGdzXq4JfbCznj1HFOP7Igwb5lA +R9VwZBgBAoGBAPIct1+dayALcnp8YaRsUvb76RiYiXJ+wLqyqt4AJdhsHoQ0az6L +s/fsHu/8hWxBKS5aUtH/GLePDSRrSNWLJ6YpYF4IrVb16C4mjjF6O2RxyR5Wo1l6 +d6knG0w9xoi0+cGqj3hLxRiwEvLy5rN8AXxGyMZ0Jhh+VaDu9Th2fhihAoGBAN1s +Pk9vYbZKIJN5Dr5L1Mj7daiQq5FX6Uj9xDPppcqnnG0CkCvuCR6NZx/cN7+mUkng +njF2sOdkIS34iIrIRKBjUxmXxsOyDDdlRpBpPdhuiT3WuNILScagUzU9KsQKHEOC +5GwNGJbRmpScwAB1S1Fpyq6e7EbC3SDAuaYPfNCxAoGAN3OARDPnryUwCQGn02LD +9bFoh6uX/1MsjRYSsFnUUSciLiFbVq3kgCniRBDP9iVOa0FgqpwEazYmSmsP+Wiv +ogzj92WBXeNgVAGcm5RlOfIdoAczznCQK3u7ctDLQdBBS6vmxCSGdcsN6/rZ/82t +AWus3FcJyp5UulFAdLge1UECgYEAnqDYdwIdp4GtmtlEZbJf6+iyXyPdtg+cEm2y +7Vn7K5cuqq4GaWJr6BZ3hcy3p7ZZB5JC4r7cd7k1SADgmURmXd0qgJBKlpJszBbj +Gbw70V1HNyUoXVo27XSYh/CdPbrcisUwLfSn5AyfyM4Pg4SEg/vdd4JlVUBvOPK5 +Ta2UxtECgYEAoiYPSk6YwTSslouGq2h7KISm5W7vfxKB+rFtnUVNxamU75caS+3v +lKQcbVxFc9l855gGbQ2DZbe1bWmnOCT5lDuhR92UCLk/+GJ8Pxbtrd6e4iUoC0IZ +DilqFjHFo5I9FrfsERlpve+xwjfXo4jxmmB/g6A4v9JHT8URYTIfTHk= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/I3.key b/pki/testdata/cert_issuer_source_static_unittest/keys/I3.key new file mode 100644 index 0000000000..fec5131f41 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/I3.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzK3QUsPD2yLBz9RAOdzRdcUHJgjXmd8G3d43jJQUFkRpCeda +Fwi/1aLt/dfmrrwznEJO+yBalINPYHHotv9oeMAvCQXNJD727vOMmNsKFZgdSNzq +EecNUmENtNN6VUC8KYKgHgLTAO2beqlIdg03qN1A+BNEHhw61dvK50DVIndZeEP1 +td/XfttzLOZzfAnhoDDtjMFOfV1MmzoPEzOhnz7YBlCeDy9Z11t624A2gSFbfgt9 +yC2MHB6fxzu2eG6XQLlVBBsrokt8oWqmRsINcAdgm+RSEmr1+UBEDL018P0A19y6 +np7tMMTI6IvNTlxQZhIA20NP1mfWT39oV1Vf+QIDAQABAoIBADaPht7pLIZ3x25d +SBmkkXlxYixzYvWzjCMMn4Yr2wbsiYuITm2heXG7kvF94hJmPOPEkUVEJKE+N6Sf ++Mb/Ypv9rwwarcqhtjWQWsRMb22+NOA9c2/+RYDWOk8fqJadQQtXtNMLMbAnprCV ++6jscQ/kmvMGP7w/Djf/9SCcGbSr3eUU0dPOLvNIGbA8Ir7bmPdN2uSH8NVqG9h7 +RyLtdexgBioylEitgG9fStQNG7dym1Xj3jaXclsRJoPg2Garf+5qng0Go1d5hK55 +Sj+NNoq+T+voZkwv6ut6iQn0ijM/To6CdIypTg20f3Jzv/zZTwG9zsAVDA3V50se +dnsNYAECgYEA7H57fnStW8tRsHDkW2gGT2ZXc1xAl/zxCHRgAot0491RR7hcRhum +wfyw0asqYJuNdefPili+WUBGJsZxm6Fnh5o3yaB0SlR7nsCOEN0rjuXWqNMxup69 +FMSdbG6jXczIw833qyppW/eXWgt1SyWPrcXaUMvkBqFUkp9ycuPpJgECgYEA3Y+Q +CSq/Yc0qrF4ypFuqXLKN+oVV3/OlTymmF7F/1crAEhqJ1V5VM3asgRseICdPN9hs +A3WujB8c/9xPp41DKWmvZ1iuShsCenBDWqOJVXsVoM3DWjhboID15Ezs+PCDV4kD +71ESY1As+gBMQHGFcyHrijnP8Qmr8HgTvBL5afkCgYEAuNhDfhuERHMublJOqoMs +K3M6dxhsBF/XpVwQjuyheFjL5trahJGoTYdMTRUUEl6Cut1tAh1K6keqjTQeKB6H +5R1M7XNUcaSG2xZ19Ahqu0458crg25SnBUyIHvB7EB237hNWuZp0r0VeLys1in7Z +RmGWugAjQmtmxxOJSPOKkAECgYEAx1YJneXC6Cghs5DQeUUrglj3GiTqPSJFYXK0 +R27f96aBpggQaFKFz1Z/H20Zbo5PXIwvqfEwCEtZ2O0LEVEr0s+OCyojLPMeCLCG +OL8XqTujGtjlYH+CGGbOVAfN0K77TD8uthq3s3iH7qlj8TrxeMNU2jjnWBJ+ikxO +XRCpK2kCgYEAgErGxfYyuuAGnPb2x+4spr2/5WoDxwRyddYrhxp+DbEb21b+b/FW +s4mALW0+zd+SnDPfFf8FBGFb+A6niNokSfjxd7qsofTF32ozvxXmvZsv3VKiaNHM +93pbV0VBkmzsc0buqEdB/zyLfQVvXMEYkVSfIEo32PB5A3/AJvZoNuk= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/I3_1.key b/pki/testdata/cert_issuer_source_static_unittest/keys/I3_1.key new file mode 100644 index 0000000000..e21b3bf396 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/I3_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA22kq+vs/dOvnqEIZkogw9x0LdwnQdBc+LpNXGklKEOU3ERMP +JfwsEeuPlYafwGe0vltYcdNmCbrF215DS2KzasFB+qTigD1yCkgm5PmWrku2tCzG +X1O8gGUTXqEE8egYm+XbFQQpLcWXe5+iavC9rPeJxW9bYTmXgusZAutWovcv6FZy +JvKO2GttTwxMTbtGt/FPNzPUnYteNZJ84nkaVfwBF7EmLa/jFuSWLaZBgasWsHQ3 +OWW6EgzxjakeP1GRqFDJFrPveCVn5cAi7JNkUKeBeBAAKN8XxjXMnPhQgzYfoST0 +RMYvaae8NnNpPbsk2Bl0HhAl4wz82eKVLr+NxwIDAQABAoIBADSjj481Ne0sJ6DD +cvUnvW+bxUNi1GL1rJJqAOyqhp11EHgFNY4saLpH5GPAL5Vui/tbWOW+DO3qpEtT +2xs768WB5f1nD3wqwbBbzREEHDVmrsedMl5ubXv0Q+hhAxmyUC0ewSfSnrp/fC9J +hiLX7PmRTblTVP4HXiUnmBGOOnPQHiBMxpmtvO5RobxVt5/2pQEQhbcMKYRX/zSv +NNh7KIZmkxe0RcpaNfDZrirAKt3Mlq4AewY0FI2XRiMJiY+1lOGQfqFObAaDdsmt +v7+weaoux38A103FiNp5LaC2j7zTokgYCJ7Uc6846f7KHStLVaXb0G/X8NRVcY5B +D3KTy0kCgYEA9ayCc6/2J0eK0A2MSvJR6AqA0T1neDjgVVQNtQB6Gl3KPrZc4K1v +RVuXR2N03kbpm9iH01bDFLgdI4wyXVHnhtNEtwqIUyfVbTbUgBmrcLWGJ/Q82i5R +w8+WGnpyUB7tgZCYQglvjMUu6WCE0p3SevCE/snXCDlEozP46ifBZAMCgYEA5KIQ +SZT86mf8BAs9zcgB4fq0ZCCNGLvZZYOERHXmj4i18aAr2hAefAsfNqcucmNz/JFf +FE365czjvohp1RSR39ypNClMO+0Q/vq4W4CISi6rYFtb3L/G8HsgD382jg3WTPPn +lhlTC4DJ4zQrc2JOaPxQxQz3qwSdYlTNfS71/e0CgYBBD6qMkLETvfKZHr1kq7/d +P8rVnvlj8UwXzObEZJfxm50P9qOqLMQnDhaGJWSx6P289B8kbPnE5u1wmJRN+n7i +SdkM0JFB1G7FOZwVQLcSZkBdHGVxMosc3EDYSk0zwr0LbwujkXQlR6Mg0xrZ3En9 +nOzbvQBhgSkYP49QE683mQKBgQCnwb4/r2EwQaIp+XGcx0+SV1j7SuMcreDi2nA3 +p2bIFKCjrUnf1An6LFL30A2FgzG8tZHVHS6mZQMKb59v6IrsfkVs74xvQBBDdwXE +pffaromyxvYNcG3xT/aDSG1oKAEBL8nSWbyUaSg5XLMxE4XDBLfjDhO/2T/9wYmR +e96lNQKBgQCwHGtV++WnPafRsUy9JUIsxUJF5c3i6/yTLCqv5MHwXTUVAITKixvs +CWMdIYm2MiOMEeMKyfm/1fBTf3dx0TYC5KFVf9MOBw98kOd56/oxDkxsfCo+4z62 +9G8eyvWIc76GLhNk6cqmqEjLV5j8JmMPwvOtYiXxlq0psImSo/hBNw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/Root.key b/pki/testdata/cert_issuer_source_static_unittest/keys/Root.key new file mode 100644 index 0000000000..86ed8c9c4c --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAnntK4KGHGNrfdgr5n+nR45sq5epnflopxRmupF/xRuurzEM2 +/dOmHs0x9afEBRv2FQdmaV+8nKOUGjW0+HDORuJxSIf/01ABlZtIJNlBcZCayo9b +4/kRLX1p0SlUTWtfRDY4jCJXimO4E8UCc3ihdtjEQYlXYuL+y6y/MCGV/9a3o0vV +QIwPqe8p4n/NoVaJXoBQlGgTRQDk2wEMDym+a1tqKaTVpFCaFY0eKL1ezZJIczyl +ToO2O7/YwDtnGqK7yw8mNECb+bo8M5UrsqBwuSfFwR+8Kl1G0DmiUcWIkN0bzoTc +rsxgpjd9DsLPY0++lpQryyMPiDhDUnT6FlTpKQIDAQABAoIBAFOG7c74s0hhSzde +z3P9+1Z3mKN26LcKdEtins4ZlwPnADP3FQuwujQvt+4eTszWkNtCfDJ7d+AiwtMR +jWEHq2BmxogQzb+kwkEEh4CMVNay/TJXXnoH8orEN7o6iykGtz4vSZxqGTNiHUmm +IwWTBZ6q3r0f0sPWma3lTRrkCLe+sdX52rkjSxtElqyMbjhpQdXHPjoX3YKviGKG +mZ4bucatA3e/l/50/gH1eIPLXKSQ6TZXTEDVFlFUL9pGjP4nyCPitYXNav7gCvv5 +qyYrBuF2k9MH7R+RGq8hghOh+E1x9jmQ4otPgwn4UrcZ2zb5nXIw3Fq4DMsNRgnw +RxmVAxECgYEAykAjUhFBfduGMoPtjHYkz8x+eW8qM/wZn0WEndoGgBc1jeZn3xzI +8pHlLGJeMXA0Z+kFy8bAnMK4eT9NZy7uvdaDFkynBtVPEjkadfafKG1Qv3MZ4Nge +i4vbjkTwV1zucYjdiOwMdsl0Xl7SV+FqtliS+Gt9w9ky/MuK4NqVB6UCgYEAyJlj +7rmzWe1Np8iuQ6cab6mr5ZaEoe+UdJRncpFTmMpPiqB/EWNkQPCSViG9z6lxA+QL +iFn05WlT2c3yYqLsi/3KVJNgVJQjlb3Cd4nXwWk7AN4eZwRCfqOvZUOcVtXViuro +GGaWZE3KwYtFPpLad7wMq2umN+Ei9TMBt/sgxDUCgYEApb4X8+o2PHjJKd6ZrnEn +S69uuf9Sm5VuPerPejiw+QmMFsSJvPqu5rKPF2dpf6RPHhSFbnBrakvct2gb+4In +niUL+htJCb2G9g0b1S4NUij7cllWDL+vkHZFr/po53893Ibn3YxrznDbT3bvc5tE +QzilALW+M+Br+2SmZAxc8w0CgYBTjiDj9RHRqVipRJvhrh8C1+ez7+g7E3IAxTf5 +rrLld49+LLAA7Cd8LTinC9LmRqu+dSSgnOe3DxJQLMqDb12cShAW/nQnhrTz0GDK +Le5ir5RWHi8HteyEl2WdhnX+bX9PJ92ZHFIUYZrM11f2YnEBYqDcXjCUIgDPpXlX +yxCw6QKBgGdVOSS3h8cIE9lUNLRIGjiopEItNGUrah8uK6dIEcfUR9TScv/S9Rnd +Yo+2o2wz0GWFt6+EeXhodq391DEA+7o03ri0CEGJWJ19bXQJ92J5gvF5IV2rbWQi +8APItQ/iNwhBkZj50nscgIezkj64V6H9UF1BaaF5D2+yLbbIiq6e +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/keys/i1_1.key b/pki/testdata/cert_issuer_source_static_unittest/keys/i1_1.key new file mode 100644 index 0000000000..10175d5f19 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/keys/i1_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyeRkI9JxNk1whDbsuwVXNVYMoGEfZPyHNUvNPRedavnV74+Z +MDbbl+CActIOMEL0xmc8vtyMBQIT4puroEVueBhPNK7uXU67R7Gvh/zUmRdCywa0 +xV/hoAx5X/K07nRSQ29ug04A4Mlm4eqYiW2FIxvtK9qvxWtCNUgl+acqVJD48bHU +k2HIwww5md3Eprguz5JXFIy5Rbr7dkDU2P5EVBd2uuLQ8iRkFBJlp77GGtdIuUqT +X7GzdlP4rV/SRBkDD/Ovme6WtYXtKq64QZBc3eAZDCpxrhZZGV0/RUReSrPghuoV +4vsMuLlvJKDGvPzzDALyUtg0/dyNNwgBavnEMQIDAQABAoIBADI13f3WuZdCvSf0 +rP16P40hQHSmkvM/prTHjFyUQe84AU/aC8Qk8IoeKHPl7+dqz4uEY2QoX55jPOTP +yGhMvEOb8B7vHpMQIJ2dAEW2yHzmfxMVMOIhjXCLiagmKX9gaJEi5n47aRZ+oFqx +SIxtM35e1KZidfKIUWgE8ITdYTa0gk+aP8dVQFnelrdzO+5gHtset2ExeY/7B1+6 +qT5ACQTHef3HXdl98cSDamniPtsXpieT3IbIlrHDwS2l7N9JS+cU9sl7tjafTQJB +0uYWotmt4R8fXjOzX0MQcSI2o/SZC/FX70H0rO/izPBaCmMpIPCz+d0TY4yZmjk3 +d+3c/sECgYEA5RZRHFx9Yczz20q4q15ZyRF2MFVQalto0DA011WQCmC/rqnQoTdc +sIFHViqAvJrCrNr3YU06eXNPNbgptp5Tr49fzZdpnMA2B09+z4lVBAuMBoLIlguW +EB1os6lK0+kSzuR74Jc/kHdsQ7LYG3rnclRxQMoAPOXDwGIO0KHOHdkCgYEA4Zwy +kWUBhugJ8M2NLf1uqmxdS0QZWXaB/V4LuUUmZXnkf+Arzz80ZuciV7P0EEvBF/Y6 +4VyxWUsmxFly0jNguSIK3I17iqQiBmgv2AJjsqhhcRbz7FRmQpGwmJKR9CEfYz1A +UfI43zZ72iUzCZKKS213nKDe3sJ+gJx3X8pFahkCgYEA0fk7jPhFP/AgD36UdxY6 +y23C25hG5cU086VLuZdGOAznhEtH24yn22wTG6pHZxeemdr1ZWzozMrg7kcHjMff +wolycTl35uHSY678d3LTxqpixND403Z5K/oYrpvb5xG5WILZ/EgFTf/37rEtHTrw +ir1VNOIxh5+9ZUc7dwTnrDkCgYEAiQj2Eig24DmK6DACQ9/+2xdNJ41qlFOOK1Z3 +aoZdByAdsap5Eb4DV0mnK3xLj6Zj1+kg5IgH1QP3vSXTv2ejpW/PBx4M3y5I2Hlq +LhttcTQjU6ysZmzxXBfgGxxT+OQxi3bF3cBx2OrgGaWktXjD9YK9N27jUIz0h6wC +OjXDKekCgYBZV/r8oV9VPYuMQS3RrH1S9p/wmt0ZXb8g5msfKBtDeuCqdaTuRtfh +GLY1XPhFkeh4GWJ65UHgrI3iw07UUoSLITC7cUY0fvYp8mjKL5m1LwR2mw/I0gtN +BgPu6gFkhbLkecmEY7zOB2jHdBoZEAmQqxhmHCpj+rBHRKQ/W4eRRg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/cert_issuer_source_static_unittest/root.pem b/pki/testdata/cert_issuer_source_static_unittest/root.pem new file mode 100644 index 0000000000..68a5e44f42 --- /dev/null +++ b/pki/testdata/cert_issuer_source_static_unittest/root.pem @@ -0,0 +1,91 @@ +Generated by ./generate-certs.py. +Refer to generator script docstring for details. +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:cf:94:c3:ef:a3:21:ee:42:87:34:c7:d6:d6:e1:8c:da:71:34:15 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Nov 3 12:00:00 2020 GMT + Not After : Nov 3 12:00:00 2021 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9e:7b:4a:e0:a1:87:18:da:df:76:0a:f9:9f:e9: + d1:e3:9b:2a:e5:ea:67:7e:5a:29:c5:19:ae:a4:5f: + f1:46:eb:ab:cc:43:36:fd:d3:a6:1e:cd:31:f5:a7: + c4:05:1b:f6:15:07:66:69:5f:bc:9c:a3:94:1a:35: + b4:f8:70:ce:46:e2:71:48:87:ff:d3:50:01:95:9b: + 48:24:d9:41:71:90:9a:ca:8f:5b:e3:f9:11:2d:7d: + 69:d1:29:54:4d:6b:5f:44:36:38:8c:22:57:8a:63: + b8:13:c5:02:73:78:a1:76:d8:c4:41:89:57:62:e2: + fe:cb:ac:bf:30:21:95:ff:d6:b7:a3:4b:d5:40:8c: + 0f:a9:ef:29:e2:7f:cd:a1:56:89:5e:80:50:94:68: + 13:45:00:e4:db:01:0c:0f:29:be:6b:5b:6a:29:a4: + d5:a4:50:9a:15:8d:1e:28:bd:5e:cd:92:48:73:3c: + a5:4e:83:b6:3b:bf:d8:c0:3b:67:1a:a2:bb:cb:0f: + 26:34:40:9b:f9:ba:3c:33:95:2b:b2:a0:70:b9:27: + c5:c1:1f:bc:2a:5d:46:d0:39:a2:51:c5:88:90:dd: + 1b:ce:84:dc:ae:cc:60:a6:37:7d:0e:c2:cf:63:4f: + be:96:94:2b:cb:23:0f:88:38:43:52:74:fa:16:54: + e9:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + X509v3 Authority Key Identifier: + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 03:b7:85:b9:22:17:99:7f:87:70:b2:c4:3b:fc:1e:71:88:be: + e0:0b:7c:f2:2e:ef:a8:b2:6c:dd:40:34:1b:a2:b4:c2:35:4a: + c3:23:a6:c5:8a:c0:af:95:5b:d8:46:fe:71:22:41:10:63:5d: + 5c:ea:ff:65:01:56:96:0e:69:8f:8f:13:e9:77:48:64:b6:0a: + 3c:87:f7:b2:d8:2d:e5:2c:ab:ab:37:a0:9a:63:18:da:d4:40: + de:8b:6f:5f:5a:7e:37:7b:69:98:7b:ce:79:d5:9b:46:8d:ae: + 30:d4:cb:eb:6e:06:e5:32:a7:24:a2:91:be:a2:03:eb:4c:3f: + 5f:6c:ce:cb:4f:d8:8a:34:a1:d0:c2:9f:e7:d4:d0:81:4a:2d: + fd:65:7f:9d:04:a4:a5:3c:12:69:33:be:18:38:7d:37:c7:06: + 3a:bf:b4:3b:48:78:c7:7d:4e:a6:22:b9:b8:bb:f5:2a:e6:27: + 7d:a0:0b:09:9b:84:14:53:76:bc:55:42:cf:f6:ce:b6:10:26: + 11:f1:ee:70:a1:2f:a5:97:da:79:e1:91:92:09:f5:4b:7d:8d: + 8a:0b:60:a3:2b:eb:84:8c:d0:40:e9:d2:83:ce:97:30:ee:e1: + 1e:b2:9e:ee:e8:6c:01:13:17:c3:59:4c:07:7c:18:61:fc:59: + cf:31:d2:e1 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPs+Uw++jIe5ChzTH1tbhjNpxNBUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCee0rgoYcY2t92Cvmf6dHjmyrl6md+WinFGa6kX/FG66vMQzb906YezTH1 +p8QFG/YVB2ZpX7yco5QaNbT4cM5G4nFIh//TUAGVm0gk2UFxkJrKj1vj+REtfWnR +KVRNa19ENjiMIleKY7gTxQJzeKF22MRBiVdi4v7LrL8wIZX/1rejS9VAjA+p7yni +f82hVolegFCUaBNFAOTbAQwPKb5rW2oppNWkUJoVjR4ovV7NkkhzPKVOg7Y7v9jA +O2caorvLDyY0QJv5ujwzlSuyoHC5J8XBH7wqXUbQOaJRxYiQ3RvOhNyuzGCmN30O +ws9jT76WlCvLIw+IOENSdPoWVOkpAgMBAAGjgcswgcgwHQYDVR0OBBYEFF/PVL18 +OJtfoaz+pm56g4CmS/m/MB8GA1UdIwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/ +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAA7eFuSIXmX+HcLLEO/wecYi+4At88i7vqLJs3UA0G6K0wjVK +wyOmxYrAr5Vb2Eb+cSJBEGNdXOr/ZQFWlg5pj48T6XdIZLYKPIf3stgt5Syrqzeg +mmMY2tRA3otvX1p+N3tpmHvOedWbRo2uMNTL624G5TKnJKKRvqID60w/X2zOy0/Y +ijSh0MKf59TQgUot/WV/nQSkpTwSaTO+GDh9N8cGOr+0O0h4x31OpiK5uLv1KuYn +faALCZuEFFN2vFVCz/bOthAmEfHucKEvpZfaeeGRkgn1S32NigtgoyvrhIzQQOnS +g86XMO7hHrKe7uhsARMXw1lMB3wYYfxZzzHS4Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/certificate_policies_unittest/anypolicy.pem b/pki/testdata/certificate_policies_unittest/anypolicy.pem new file mode 100644 index 0000000000..104ed45e0e --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/anypolicy.pem @@ -0,0 +1,6 @@ + 0:d=0 hl=2 l= 8 cons: SEQUENCE + 2:d=1 hl=2 l= 6 cons: SEQUENCE + 4:d=2 hl=2 l= 4 prim: OBJECT :X509v3 Any Policy +-----BEGIN CERTIFICATE POLICIES----- +MAgwBgYEVR0gAA== +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/anypolicy_with_qualifier.pem b/pki/testdata/certificate_policies_unittest/anypolicy_with_qualifier.pem new file mode 100644 index 0000000000..6ecc6d1b85 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/anypolicy_with_qualifier.pem @@ -0,0 +1,10 @@ + 0:d=0 hl=2 l= 49 cons: SEQUENCE + 2:d=1 hl=2 l= 47 cons: SEQUENCE + 4:d=2 hl=2 l= 4 prim: OBJECT :X509v3 Any Policy + 10:d=2 hl=2 l= 39 cons: SEQUENCE + 12:d=3 hl=2 l= 37 cons: SEQUENCE + 14:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 24:d=4 hl=2 l= 25 prim: IA5STRING :https://example.com/1_2_3 +-----BEGIN CERTIFICATE POLICIES----- +MDEwLwYEVR0gADAnMCUGCCsGAQUFBwIBFhlodHRwczovL2V4YW1wbGUuY29tLzFfMl8z +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/generate_policies.py b/pki/testdata/certificate_policies_unittest/generate_policies.py new file mode 100755 index 0000000000..bb40e9c356 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/generate_policies.py @@ -0,0 +1,176 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import base64 +import copy +import os +import random +import subprocess +import sys +import tempfile + + +def generate(token, s, out_fn): + with tempfile.NamedTemporaryFile() as der_tmpfile: + with tempfile.NamedTemporaryFile() as conf_tempfile: + conf_tempfile.write(str(s)) + conf_tempfile.flush() + description_tmpfile = tempfile.NamedTemporaryFile() + subprocess.check_call(["openssl", "asn1parse", "-genconf", + conf_tempfile.name, "-i", "-out", + der_tmpfile.name], + stdout=description_tmpfile) + + with open(out_fn, "w") as output_file: + description_tmpfile.seek(0) + output_file.write(description_tmpfile.read()) + output_file.write("-----BEGIN %s-----\n" % token) + output_file.write(base64.encodestring(der_tmpfile.read())) + output_file.write("-----END %s-----\n" % token) + + +class CertificatePoliciesGenerator: + def __init__(self): + self.policies = [] + + def generate(self, out_fn): + generate("CERTIFICATE POLICIES", self, out_fn) + + def add_policy(self, policy): + self.policies.append(policy) + + def __str__(self): + s = "asn1 = SEQUENCE:certificatePoliciesSequence\n" + s += "[certificatePoliciesSequence]\n" + s_suffix = "" + for n, policy in enumerate(self.policies): + n1, n2 = (str(policy) + "\n").split("\n", 1) + if n2: + s_suffix += n2 + "\n" + s += "%s%s\n" % (n, n1) + + return s + s_suffix + + +def policy_qualifier(qualifier_id, qualifier): + i = random.randint(0, sys.maxint) + s = "asn1 = SEQUENCE:PolicyQualifierInfoSequence%i\n" % i + s += "[PolicyQualifierInfoSequence%i]\n" % i + s += "policyQualifierId = %s\n" % qualifier_id + s += qualifier + return s + + +def cps_uri_qualifier(url): + return policy_qualifier("OID:id-qt-cps", "cPSUri = IA5STRING:%s\n" % url) + + +def policy_information(policy_id, qualifiers): + i = random.randint(0, sys.maxint) + s = "policyInformation = SEQUENCE:PolicyInformationSequence%i\n" % i + s += "[PolicyInformationSequence%i]\n" % i + s += "policyIdentifier = OID:%s\n" % policy_id + s_suffix = "" + if qualifiers is not None: + s += "policyQualifiers = SEQUENCE:PolicyQualifiersSequence%i\n" % i + s += "[PolicyQualifiersSequence%i]\n" % i + for n, qualifier in enumerate(qualifiers): + n1, n2 = (str(qualifier) + "\n").split("\n", 1) + if n2: + s_suffix += n2 + "\n" + s += "%s%s\n" % (n, n1) + + return s + s_suffix + + +def main(): + p = CertificatePoliciesGenerator() + p.generate("invalid-empty.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("anyPolicy", None)) + p.generate("anypolicy.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("anyPolicy", [ + cps_uri_qualifier("https://example.com/1_2_3")])) + p.generate("anypolicy_with_qualifier.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("anyPolicy", [ + policy_qualifier("OID:1.2.3.4", 'foo = UTF8:"hi"')])) + p.generate("invalid-anypolicy_with_custom_qualifier.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", None)) + p.generate("policy_1_2_3.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", [ + cps_uri_qualifier("https://example.com/1_2_3")])) + p.generate("policy_1_2_3_with_qualifier.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", [ + policy_qualifier("OID:1.2.3.4", 'foo = UTF8:"hi"')])) + p.generate("policy_1_2_3_with_custom_qualifier.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", None)) + p.add_policy(policy_information("1.2.3", [ + cps_uri_qualifier("https://example.com/1_2_3")])) + p.generate("invalid-policy_1_2_3_dupe.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", [])) + p.generate("invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", None)) + p.add_policy(policy_information("1.2.4", None)) + p.generate("policy_1_2_3_and_1_2_4.pem") + + p = CertificatePoliciesGenerator() + p.add_policy(policy_information("1.2.3", [ + cps_uri_qualifier("https://example.com/1_2_3")])) + p.add_policy(policy_information("1.2.4", [ + cps_uri_qualifier("http://example.com/1_2_4")])) + p.generate("policy_1_2_3_and_1_2_4_with_qualifiers.pem") + + generate("CERTIFICATE POLICIES", + "asn1 = SEQUENCE:certificatePoliciesSequence\n" + "[certificatePoliciesSequence]\n" + "policyInformation = SEQUENCE:PolicyInformationSequence\n" + 'extradata = IA5STRING:"unconsumed data"\n' + "[PolicyInformationSequence]\n" + "policyIdentifier = OID:1.2.3\n", + "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem") + + generate("CERTIFICATE POLICIES", + "asn1 = SEQUENCE:certificatePoliciesSequence\n" + "[certificatePoliciesSequence]\n" + "policyInformation = SEQUENCE:PolicyInformationSequence\n" + "[PolicyInformationSequence]\n" + "policyIdentifier = OID:1.2.3\n" + "policyQualifiers = SEQUENCE:PolicyQualifiersSequence\n" + "[PolicyQualifiersSequence]\n" + "policyQualifierInfo = SEQUENCE:PolicyQualifierInfoSequence\n" + "[PolicyQualifierInfoSequence]\n" + "policyQualifierId = OID:id-qt-cps\n" + "cPSUri = IA5STRING:https://example.com/1_2_3\n" + 'extradata = IA5STRING:"unconsumed data"\n', + "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem") + + generate("CERTIFICATE POLICIES", + "asn1 = SEQUENCE:certificatePoliciesSequence\n" + "[certificatePoliciesSequence]\n" + "policyInformation = SEQUENCE:PolicyInformationSequence\n" + "[PolicyInformationSequence]\n" + 'policyIdentifier = IA5STRING:"1.2.3"\n', + "invalid-policy_identifier_not_oid.pem") + + +if __name__ == "__main__": + main() diff --git a/pki/testdata/certificate_policies_unittest/invalid-anypolicy_with_custom_qualifier.pem b/pki/testdata/certificate_policies_unittest/invalid-anypolicy_with_custom_qualifier.pem new file mode 100644 index 0000000000..f60dc1af77 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-anypolicy_with_custom_qualifier.pem @@ -0,0 +1,10 @@ + 0:d=0 hl=2 l= 21 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 4 prim: OBJECT :X509v3 Any Policy + 10:d=2 hl=2 l= 11 cons: SEQUENCE + 12:d=3 hl=2 l= 9 cons: SEQUENCE + 14:d=4 hl=2 l= 3 prim: OBJECT :1.2.3.4 + 19:d=4 hl=2 l= 2 prim: UTF8STRING :hi +-----BEGIN CERTIFICATE POLICIES----- +MBUwEwYEVR0gADALMAkGAyoDBAwCaGk= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-empty.pem b/pki/testdata/certificate_policies_unittest/invalid-empty.pem new file mode 100644 index 0000000000..186d6dedb5 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-empty.pem @@ -0,0 +1,4 @@ + 0:d=0 hl=2 l= 0 cons: SEQUENCE +-----BEGIN CERTIFICATE POLICIES----- +MAA= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_dupe.pem b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_dupe.pem new file mode 100644 index 0000000000..b667184800 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_dupe.pem @@ -0,0 +1,12 @@ + 0:d=0 hl=2 l= 53 cons: SEQUENCE + 2:d=1 hl=2 l= 4 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=1 hl=2 l= 45 cons: SEQUENCE + 10:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 14:d=2 hl=2 l= 39 cons: SEQUENCE + 16:d=3 hl=2 l= 37 cons: SEQUENCE + 18:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 28:d=4 hl=2 l= 25 prim: IA5STRING :https://example.com/1_2_3 +-----BEGIN CERTIFICATE POLICIES----- +MDUwBAYCKgMwLQYCKgMwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9leGFtcGxlLmNvbS8xXzJfMw== +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyinformation_unconsumed_data.pem b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyinformation_unconsumed_data.pem new file mode 100644 index 0000000000..689caf191a --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyinformation_unconsumed_data.pem @@ -0,0 +1,7 @@ + 0:d=0 hl=2 l= 23 cons: SEQUENCE + 2:d=1 hl=2 l= 4 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=1 hl=2 l= 15 prim: IA5STRING :unconsumed data +-----BEGIN CERTIFICATE POLICIES----- +MBcwBAYCKgMWD3VuY29uc3VtZWQgZGF0YQ== +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem new file mode 100644 index 0000000000..c595faf826 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem @@ -0,0 +1,12 @@ + 0:d=0 hl=2 l= 64 cons: SEQUENCE + 2:d=1 hl=2 l= 62 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=2 hl=2 l= 56 cons: SEQUENCE + 10:d=3 hl=2 l= 54 cons: SEQUENCE + 12:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 22:d=4 hl=2 l= 25 prim: IA5STRING :https://example.com/1_2_3 + 49:d=4 hl=2 l= 15 prim: IA5STRING :unconsumed data +-----BEGIN CERTIFICATE POLICIES----- +MEAwPgYCKgMwODA2BggrBgEFBQcCARYZaHR0cHM6Ly9leGFtcGxlLmNvbS8xXzJfMxYPdW5jb25z +dW1lZCBkYXRh +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem new file mode 100644 index 0000000000..b370a8863c --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem @@ -0,0 +1,7 @@ + 0:d=0 hl=2 l= 8 cons: SEQUENCE + 2:d=1 hl=2 l= 6 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=2 hl=2 l= 0 cons: SEQUENCE +-----BEGIN CERTIFICATE POLICIES----- +MAgwBgYCKgMwAA== +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/invalid-policy_identifier_not_oid.pem b/pki/testdata/certificate_policies_unittest/invalid-policy_identifier_not_oid.pem new file mode 100644 index 0000000000..4cd5eacac0 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/invalid-policy_identifier_not_oid.pem @@ -0,0 +1,6 @@ + 0:d=0 hl=2 l= 9 cons: SEQUENCE + 2:d=1 hl=2 l= 7 cons: SEQUENCE + 4:d=2 hl=2 l= 5 prim: IA5STRING :1.2.3 +-----BEGIN CERTIFICATE POLICIES----- +MAkwBxYFMS4yLjM= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/policy_1_2_3.pem b/pki/testdata/certificate_policies_unittest/policy_1_2_3.pem new file mode 100644 index 0000000000..a67b60ed31 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/policy_1_2_3.pem @@ -0,0 +1,6 @@ + 0:d=0 hl=2 l= 6 cons: SEQUENCE + 2:d=1 hl=2 l= 4 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 +-----BEGIN CERTIFICATE POLICIES----- +MAYwBAYCKgM= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4.pem b/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4.pem new file mode 100644 index 0000000000..8372efc561 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4.pem @@ -0,0 +1,8 @@ + 0:d=0 hl=2 l= 12 cons: SEQUENCE + 2:d=1 hl=2 l= 4 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=1 hl=2 l= 4 cons: SEQUENCE + 10:d=2 hl=2 l= 2 prim: OBJECT :1.2.4 +-----BEGIN CERTIFICATE POLICIES----- +MAwwBAYCKgMwBAYCKgQ= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem b/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem new file mode 100644 index 0000000000..ceb01c2a8e --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem @@ -0,0 +1,17 @@ + 0:d=0 hl=2 l= 93 cons: SEQUENCE + 2:d=1 hl=2 l= 45 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=2 hl=2 l= 39 cons: SEQUENCE + 10:d=3 hl=2 l= 37 cons: SEQUENCE + 12:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 22:d=4 hl=2 l= 25 prim: IA5STRING :https://example.com/1_2_3 + 49:d=1 hl=2 l= 44 cons: SEQUENCE + 51:d=2 hl=2 l= 2 prim: OBJECT :1.2.4 + 55:d=2 hl=2 l= 38 cons: SEQUENCE + 57:d=3 hl=2 l= 36 cons: SEQUENCE + 59:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 69:d=4 hl=2 l= 24 prim: IA5STRING :http://example.com/1_2_4 +-----BEGIN CERTIFICATE POLICIES----- +MF0wLQYCKgMwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9leGFtcGxlLmNvbS8xXzJfMzAsBgIqBDAm +MCQGCCsGAQUFBwIBFhhodHRwOi8vZXhhbXBsZS5jb20vMV8yXzQ= +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem b/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem new file mode 100644 index 0000000000..18a27cc312 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem @@ -0,0 +1,10 @@ + 0:d=0 hl=2 l= 19 cons: SEQUENCE + 2:d=1 hl=2 l= 17 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=2 hl=2 l= 11 cons: SEQUENCE + 10:d=3 hl=2 l= 9 cons: SEQUENCE + 12:d=4 hl=2 l= 3 prim: OBJECT :1.2.3.4 + 17:d=4 hl=2 l= 2 prim: UTF8STRING :hi +-----BEGIN CERTIFICATE POLICIES----- +MBMwEQYCKgMwCzAJBgMqAwQMAmhp +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem b/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem new file mode 100644 index 0000000000..f2e6cedc46 --- /dev/null +++ b/pki/testdata/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem @@ -0,0 +1,10 @@ + 0:d=0 hl=2 l= 47 cons: SEQUENCE + 2:d=1 hl=2 l= 45 cons: SEQUENCE + 4:d=2 hl=2 l= 2 prim: OBJECT :1.2.3 + 8:d=2 hl=2 l= 39 cons: SEQUENCE + 10:d=3 hl=2 l= 37 cons: SEQUENCE + 12:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS + 22:d=4 hl=2 l= 25 prim: IA5STRING :https://example.com/1_2_3 +-----BEGIN CERTIFICATE POLICIES----- +MC8wLQYCKgMwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9leGFtcGxlLmNvbS8xXzJfMw== +-----END CERTIFICATE POLICIES----- diff --git a/pki/testdata/name_constraints_unittest/directoryname-excludeall.pem b/pki/testdata/name_constraints_unittest/directoryname-excludeall.pem new file mode 100644 index 0000000000..7648c369fd --- /dev/null +++ b/pki/testdata/name_constraints_unittest/directoryname-excludeall.pem @@ -0,0 +1,27 @@ +SEQUENCE { + [0] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + } + } + } + } + [1] { + SEQUENCE { + [4] { + SEQUENCE {} + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MB2gEzARpA8wDTELMAkGA1UEBhMCVVOhBjAEpAIwAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/directoryname-excluded.pem b/pki/testdata/name_constraints_unittest/directoryname-excluded.pem new file mode 100644 index 0000000000..be4d542bc0 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/directoryname-excluded.pem @@ -0,0 +1,27 @@ +SEQUENCE { + [1] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCqhKDAmpCQwIjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWE= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/directoryname.pem b/pki/testdata/name_constraints_unittest/directoryname.pem new file mode 100644 index 0000000000..49dbd25f6b --- /dev/null +++ b/pki/testdata/name_constraints_unittest/directoryname.pem @@ -0,0 +1,105 @@ +SEQUENCE { + [0] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "Mountain View" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { `e69db1e4baac` } + } + } + } + } + } + } + [1] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "DE" } + } + } + } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MIG2oHcwEaQPMA0xCzAJBgNVBAYTAlVTMD6kPDA6MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs +aWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzAipCAwHjELMAkGA1UEBhMCSlAxDzANBgNV +BAgMBuadseS6rKE7MCakJDAiMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTARpA8w +DTELMAkGA1UEBhMCREU= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/directoryname_and_dnsname.pem b/pki/testdata/name_constraints_unittest/directoryname_and_dnsname.pem new file mode 100644 index 0000000000..cebc8a26af --- /dev/null +++ b/pki/testdata/name_constraints_unittest/directoryname_and_dnsname.pem @@ -0,0 +1,130 @@ +SEQUENCE { + [0] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "Mountain View" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { `e69db1e4baac` } + } + } + } + } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example2.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example3.com." } + } + SEQUENCE { + [2 PRIMITIVE] { "alsopermitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "stillnotpermitted.excluded.permitted.example.com" } + } + } + [1] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "DE" } + } + } + } + } + } + SEQUENCE { + [2 PRIMITIVE] { "excluded.permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "extraneousexclusion.example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MIIBnaCCARYwEaQPMA0xCzAJBgNVBAYTAlVTMD6kPDA6MQswCQYDVQQGEwJVUzETMBEGA1UECAwK +Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzAipCAwHjELMAkGA1UEBhMCSlAxDzAN +BgNVBAgMBuadseS6rDAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb20wGIIWcGVybWl0dGVkLmV4YW1w +bGUyLmNvbTAZghdwZXJtaXR0ZWQuZXhhbXBsZTMuY29tLjAbghlhbHNvcGVybWl0dGVkLmV4YW1w +bGUuY29tMDKCMHN0aWxsbm90cGVybWl0dGVkLmV4Y2x1ZGVkLnBlcm1pdHRlZC5leGFtcGxlLmNv +baGBgDAmpCQwIjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEwEaQPMA0xCzAJBgNV +BAYTAkRFMCCCHmV4Y2x1ZGVkLnBlcm1pdHRlZC5leGFtcGxlLmNvbTAhgh9leHRyYW5lb3VzZXhj +bHVzaW9uLmV4YW1wbGUuY29t +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/directoryname_and_dnsname_and_ipaddress.pem b/pki/testdata/name_constraints_unittest/directoryname_and_dnsname_and_ipaddress.pem new file mode 100644 index 0000000000..f4ab01952c --- /dev/null +++ b/pki/testdata/name_constraints_unittest/directoryname_and_dnsname_and_ipaddress.pem @@ -0,0 +1,164 @@ +SEQUENCE { + [0] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "Mountain View" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { `e69db1e4baac` } + } + } + } + } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example2.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example3.com." } + } + SEQUENCE { + [2 PRIMITIVE] { "alsopermitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "stillnotpermitted.excluded.permitted.example.com" } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a80000ffff0000` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a80520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a70520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c00000000ffffffffffffffffffffffff00000000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c05200000ffffffffffffffffffffffffffe00000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0b05200000ffffffffffffffffffffffffffe00000` } + } + } + [1] { + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + } + } + } + SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "DE" } + } + } + } + } + } + SEQUENCE { + [2 PRIMITIVE] { "excluded.permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "extraneousexclusion.example.com" } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a80500ffffff00` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a60520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c05000000ffffffffffffffffffffffffff000000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0a05200000ffffffffffffffffffffffffffe00000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MIICjaCCAaYwEaQPMA0xCzAJBgNVBAYTAlVTMD6kPDA6MQswCQYDVQQGEwJVUzETMBEGA1UECAwK +Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzAipCAwHjELMAkGA1UEBhMCSlAxDzAN +BgNVBAgMBuadseS6rDAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb20wGIIWcGVybWl0dGVkLmV4YW1w +bGUyLmNvbTAZghdwZXJtaXR0ZWQuZXhhbXBsZTMuY29tLjAbghlhbHNvcGVybWl0dGVkLmV4YW1w +bGUuY29tMDKCMHN0aWxsbm90cGVybWl0dGVkLmV4Y2x1ZGVkLnBlcm1pdHRlZC5leGFtcGxlLmNv +bTAKhwjAqAAA//8AADAKhwjAqAUg////4DAKhwjApwUg////4DAihyABAgMEBQYHCAkKCwwAAAAA +////////////////AAAAADAihyABAgMEBQYHCAkKCwwFIAAA/////////////////+AAADAihyAB +AgMEBQYHCAkKCwsFIAAA/////////////////+AAAKGB4DAmpCQwIjELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCkNhbGlmb3JuaWEwEaQPMA0xCzAJBgNVBAYTAkRFMCCCHmV4Y2x1ZGVkLnBlcm1pdHRl +ZC5leGFtcGxlLmNvbTAhgh9leHRyYW5lb3VzZXhjbHVzaW9uLmV4YW1wbGUuY29tMAqHCMCoBQD/ +//8AMAqHCMCmBSD////gMCKHIAECAwQFBgcICQoLDAUAAAD/////////////////AAAAMCKHIAEC +AwQFBgcICQoLCgUgAAD/////////////////4AAA +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-exclude_dot.pem b/pki/testdata/name_constraints_unittest/dnsname-exclude_dot.pem new file mode 100644 index 0000000000..5caef0f6ab --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-exclude_dot.pem @@ -0,0 +1,15 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + } + } + [1] { + SEQUENCE { + [2 PRIMITIVE] { "." } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCKgGTAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22hBTADggEu +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-excludeall.pem b/pki/testdata/name_constraints_unittest/dnsname-excludeall.pem new file mode 100644 index 0000000000..e4bab2cdde --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-excludeall.pem @@ -0,0 +1,15 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + } + } + [1] { + SEQUENCE { + [2 PRIMITIVE] {} + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCGgGTAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22hBDACggA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-excluded.pem b/pki/testdata/name_constraints_unittest/dnsname-excluded.pem new file mode 100644 index 0000000000..6357a5cdd2 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-excluded.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [2 PRIMITIVE] { "excluded.permitted.example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCShIjAggh5leGNsdWRlZC5wZXJtaXR0ZWQuZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-excluded_with_leading_dot.pem b/pki/testdata/name_constraints_unittest/dnsname-excluded_with_leading_dot.pem new file mode 100644 index 0000000000..d7a664ab48 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-excluded_with_leading_dot.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [2 PRIMITIVE] { ".bar.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6hDDAKggguYmFyLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-permitted_two_dot.pem b/pki/testdata/name_constraints_unittest/dnsname-permitted_two_dot.pem new file mode 100644 index 0000000000..3b8a4278a6 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-permitted_two_dot.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { ".." } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAigBjAEggIuLg== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-permitted_with_leading_dot.pem b/pki/testdata/name_constraints_unittest/dnsname-permitted_with_leading_dot.pem new file mode 100644 index 0000000000..5d1939c3ed --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-permitted_with_leading_dot.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { ".bar.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKggguYmFyLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-with_max.pem b/pki/testdata/name_constraints_unittest/dnsname-with_max.pem new file mode 100644 index 0000000000..58f4d6f4dc --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-with_max.pem @@ -0,0 +1,11 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [1 PRIMITIVE] { `02` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MB6gHDAaghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22BAQI= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-with_min_0.pem b/pki/testdata/name_constraints_unittest/dnsname-with_min_0.pem new file mode 100644 index 0000000000..8fcf95e619 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-with_min_0.pem @@ -0,0 +1,11 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [0 PRIMITIVE] { `00` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MB6gHDAaghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22AAQA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-with_min_0_and_max.pem b/pki/testdata/name_constraints_unittest/dnsname-with_min_0_and_max.pem new file mode 100644 index 0000000000..ef77d890d2 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-with_min_0_and_max.pem @@ -0,0 +1,12 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [0 PRIMITIVE] { `00` } + [1 PRIMITIVE] { `02` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCGgHzAdghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22AAQCBAQI= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-with_min_1.pem b/pki/testdata/name_constraints_unittest/dnsname-with_min_1.pem new file mode 100644 index 0000000000..349a6b70b2 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-with_min_1.pem @@ -0,0 +1,11 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [0 PRIMITIVE] { `01` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MB6gHDAaghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22AAQE= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname-with_min_1_and_max.pem b/pki/testdata/name_constraints_unittest/dnsname-with_min_1_and_max.pem new file mode 100644 index 0000000000..8aaa5cff72 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname-with_min_1_and_max.pem @@ -0,0 +1,12 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [0 PRIMITIVE] { `01` } + [1 PRIMITIVE] { `02` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MCGgHzAdghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22AAQGBAQI= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname.pem b/pki/testdata/name_constraints_unittest/dnsname.pem new file mode 100644 index 0000000000..5feb5088f5 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname.pem @@ -0,0 +1,34 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example2.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "permitted.example3.com." } + } + SEQUENCE { + [2 PRIMITIVE] { "alsopermitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "stillnotpermitted.excluded.permitted.example.com" } + } + } + [1] { + SEQUENCE { + [2 PRIMITIVE] { "excluded.permitted.example.com" } + } + SEQUENCE { + [2 PRIMITIVE] { "extraneousexclusion.example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MIHpoIGfMBeCFXBlcm1pdHRlZC5leGFtcGxlLmNvbTAYghZwZXJtaXR0ZWQuZXhhbXBsZTIuY29t +MBmCF3Blcm1pdHRlZC5leGFtcGxlMy5jb20uMBuCGWFsc29wZXJtaXR0ZWQuZXhhbXBsZS5jb20w +MoIwc3RpbGxub3RwZXJtaXR0ZWQuZXhjbHVkZWQucGVybWl0dGVkLmV4YW1wbGUuY29toUUwIIIe +ZXhjbHVkZWQucGVybWl0dGVkLmV4YW1wbGUuY29tMCGCH2V4dHJhbmVvdXNleGNsdXNpb24uZXhh +bXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/dnsname2.pem b/pki/testdata/name_constraints_unittest/dnsname2.pem new file mode 100644 index 0000000000..1fd2fab6b0 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/dnsname2.pem @@ -0,0 +1,15 @@ +SEQUENCE { + [0] { + SEQUENCE { + [2 PRIMITIVE] { "com" } + } + } + [1] { + SEQUENCE { + [2 PRIMITIVE] { "foo.bar.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBqgBzAFggNjb22hDzANggtmb28uYmFyLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/edipartyname-excluded.pem b/pki/testdata/name_constraints_unittest/edipartyname-excluded.pem new file mode 100644 index 0000000000..acc7d6eab4 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/edipartyname-excluded.pem @@ -0,0 +1,12 @@ +SEQUENCE { + [1] { + SEQUENCE { + [5] { + [1 PRIMITIVE] { "foo" } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAuhCTAHpQWBA2Zvbw== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/edipartyname-permitted.pem b/pki/testdata/name_constraints_unittest/edipartyname-permitted.pem new file mode 100644 index 0000000000..e45036eec2 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/edipartyname-permitted.pem @@ -0,0 +1,12 @@ +SEQUENCE { + [0] { + SEQUENCE { + [5] { + [1 PRIMITIVE] { "foo" } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAugCTAHpQWBA2Zvbw== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/generate_name_constraints.py b/pki/testdata/name_constraints_unittest/generate_name_constraints.py new file mode 100755 index 0000000000..bf7e89bac9 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/generate_name_constraints.py @@ -0,0 +1,677 @@ +#!/usr/bin/env python3 +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import base64 +import copy +import os +import random +import subprocess +import sys +import tempfile + +sys.path += [os.path.join('..', 'verify_name_match_unittest', 'scripts')] + +import generate_names + + +def generate(s, out_fn): + conf_tempfile = tempfile.NamedTemporaryFile(mode='wt', encoding='utf-8') + conf_tempfile.write(str(s)) + conf_tempfile.flush() + der_tmpfile = tempfile.NamedTemporaryFile() + subprocess.check_call([ + 'openssl', 'asn1parse', '-genconf', conf_tempfile.name, '-i', '-out', + der_tmpfile.name + ], + stdout=subprocess.DEVNULL) + conf_tempfile.close() + + description_tmpfile = tempfile.NamedTemporaryFile() + subprocess.check_call(['der2ascii', '-i', der_tmpfile.name], + stdout=description_tmpfile) + + output_file = open(out_fn, 'wb') + description_tmpfile.seek(0) + output_file.write(description_tmpfile.read()) + output_file.write(b'-----BEGIN %b-----\n' % s.token()) + output_file.write(base64.encodebytes(der_tmpfile.read())) + output_file.write(b'-----END %b-----\n' % s.token()) + output_file.close() + + +class SubjectAltNameGenerator: + def __init__(self): + self.names = [] + + def token(self): + return b"SUBJECT ALTERNATIVE NAME" + + def add_name(self, general_name): + self.names.append(general_name) + + def __str__(self): + s = "asn1 = SEQUENCE:subjectAltNameSequence\n" + s += "[subjectAltNameSequence]\n" + s_suffix = "" + for n, name in enumerate(self.names): + n1, n2 = (str(name) + '\n').split('\n', 1) + if n2: + s_suffix += n2 + '\n' + s += '%s%s\n' % (n, n1) + + return s + s_suffix + + +class NameConstraintsGenerator: + def __init__(self, + force_permitted_sequence=False, + force_excluded_sequence=False): + self.permitted = [] + self.excluded = [] + self.force_permitted_sequence = force_permitted_sequence + self.force_excluded_sequence = force_excluded_sequence + + def token(self): + return b"NAME CONSTRAINTS" + + def union_from(self, c): + self.permitted.extend(c.permitted) + self.excluded.extend(c.excluded) + + def add_permitted(self, general_name): + self.permitted.append(general_name) + + def add_excluded(self, general_name): + self.excluded.append(general_name) + + def __str__(self): + s = "asn1 = SEQUENCE:nameConstraintsSequence\n[nameConstraintsSequence]\n" + + if self.permitted or self.force_permitted_sequence: + s += "permittedSubtrees = IMPLICIT:0,SEQUENCE:permittedSubtreesSequence\n" + if self.excluded or self.force_excluded_sequence: + s += "excludedSubtrees = IMPLICIT:1,SEQUENCE:excludedSubtreesSequence\n" + + if self.permitted or self.force_permitted_sequence: + s += "[permittedSubtreesSequence]\n" + for n, subtree in enumerate(self.permitted): + s += 'subtree%i = SEQUENCE:permittedSubtree%i\n' % (n, n) + + if self.excluded or self.force_excluded_sequence: + s += "[excludedSubtreesSequence]\n" + for n, subtree in enumerate(self.excluded): + s += 'subtree%i = SEQUENCE:excludedSubtree%i\n' % (n, n) + + for n, subtree in enumerate(self.permitted): + s += '[permittedSubtree%i]\n%s\n' % (n, subtree) + + for n, subtree in enumerate(self.excluded): + s += '[excludedSubtree%i]\n%s\n' % (n, subtree) + + return s + + +def other_name(): + i = random.randint(0, sys.maxsize) + s = 'otherName = IMPLICIT:0,SEQUENCE:otherNameSequence%i\n' % i + s += '[otherNameSequence%i]\n' % i + s += 'type_id = OID:1.2.3.4.5\n' + s += 'value = FORMAT:HEX,OCTETSTRING:DEADBEEF\n' + return s + + +def rfc822_name(name): + return 'rfc822Name = IMPLICIT:1,IA5STRING:' + name + + +def dns_name(name): + return 'dNSName = IMPLICIT:2,IA5STRING:' + name + + +def x400_address(): + i = random.randint(0, sys.maxsize) + s = 'x400Address = IMPLICIT:3,SEQUENCE:x400AddressSequence%i\n' % i + s += '[x400AddressSequence%i]\n' % i + s += 'builtinstandardattributes = SEQUENCE:BuiltInStandardAttributes%i\n' % i + s += '[BuiltInStandardAttributes%i]\n' % i + s += 'countryname = EXPLICIT:1A,PRINTABLESTRING:US\n' + return s + + +def directory_name(name): + return str(name).replace( + 'asn1 = SEQUENCE', 'directoryName = EXPLICIT:4,SEQUENCE') + + +def edi_party_name(): + i = random.randint(0, sys.maxsize) + s = 'ediPartyName = IMPLICIT:5,SEQUENCE:ediPartyNameSequence%i\n' % i + s += '[ediPartyNameSequence%i]\n' % i + s += 'partyName = IMPLICIT:1,UTF8:foo\n' + return s + + +def uniform_resource_identifier(name): + return 'uniformResourceIdentifier = IMPLICIT:6,IA5STRING:' + name + + +def ip_address(addr, enforce_length=True): + if enforce_length: + assert len(addr) in (4,16) + addr_str = "" + for addr_byte in addr: + addr_str += '%02X'%(addr_byte) + return 'iPAddress = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:' + addr_str + + +def ip_address_range(addr, netmask, enforce_length=True): + if enforce_length: + assert len(addr) in (4,16) + addr_str = "" + netmask_str = "" + for addr_byte, mask_byte in zip(addr, netmask, strict=True): + assert (addr_byte & ~mask_byte) == 0 + addr_str += '%02X'%(addr_byte) + netmask_str += '%02X'%(mask_byte) + return ('iPAddress = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:' + addr_str + + netmask_str) + + +def registered_id(oid): + return 'registeredID = IMPLICIT:8,OID:' + oid + + +def with_min_max(val, minimum=None, maximum=None): + s = val + s += '\n' + assert '\n[' not in s + if minimum is not None: + s += 'minimum = IMPLICIT:0,INTEGER:%i\n' % minimum + if maximum is not None: + s += 'maximum = IMPLICIT:1,INTEGER:%i\n' % maximum + return s + + +def main(): + dnsname_constraints = NameConstraintsGenerator() + dnsname_constraints.add_permitted(dns_name("permitted.example.com")) + dnsname_constraints.add_permitted(dns_name("permitted.example2.com")) + dnsname_constraints.add_permitted(dns_name("permitted.example3.com.")) + dnsname_constraints.add_permitted(dns_name("alsopermitted.example.com")) + dnsname_constraints.add_excluded(dns_name("excluded.permitted.example.com")) + dnsname_constraints.add_permitted( + dns_name("stillnotpermitted.excluded.permitted.example.com")) + dnsname_constraints.add_excluded(dns_name("extraneousexclusion.example.com")) + generate(dnsname_constraints, "dnsname.pem") + + dnsname_constraints2 = NameConstraintsGenerator() + dnsname_constraints2.add_permitted(dns_name("com")) + dnsname_constraints2.add_excluded(dns_name("foo.bar.com")) + generate(dnsname_constraints2, "dnsname2.pem") + + dnsname_constraints3 = NameConstraintsGenerator() + dnsname_constraints3.add_permitted(dns_name(".bar.com")) + generate(dnsname_constraints3, "dnsname-permitted_with_leading_dot.pem") + + dnsname_constraints4 = NameConstraintsGenerator() + dnsname_constraints4.add_excluded(dns_name(".bar.com")) + generate(dnsname_constraints4, "dnsname-excluded_with_leading_dot.pem") + + dnsname_constraints5 = NameConstraintsGenerator() + dnsname_constraints5.add_permitted(dns_name("..")) + generate(dnsname_constraints5, "dnsname-permitted_two_dot.pem") + + c = NameConstraintsGenerator() + c.add_excluded(dns_name("excluded.permitted.example.com")) + generate(c, "dnsname-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(dns_name("permitted.example.com")) + c.add_excluded(dns_name("")) + generate(c, "dnsname-excludeall.pem") + + c = NameConstraintsGenerator() + c.add_permitted(dns_name("permitted.example.com")) + c.add_excluded(dns_name(".")) + generate(c, "dnsname-exclude_dot.pem") + + ipaddress_constraints = NameConstraintsGenerator() + ipaddress_constraints.add_permitted( + ip_address_range((192,168,0,0),(255,255,0,0))) + ipaddress_constraints.add_excluded( + ip_address_range((192,168,5,0),(255,255,255,0))) + ipaddress_constraints.add_permitted( + ip_address_range((192,168,5,32),(255,255,255,224))) + ipaddress_constraints.add_permitted( + ip_address_range((192,167,5,32),(255,255,255,224))) + ipaddress_constraints.add_excluded( + ip_address_range((192,166,5,32),(255,255,255,224))) + ipaddress_constraints.add_permitted(ip_address_range( + (1,2,3,4,5,6,7,8,9,10,11,12,0,0,0,0), + (255,255,255,255,255,255,255,255,255,255,255,255,0,0,0,0))) + ipaddress_constraints.add_excluded(ip_address_range( + (1,2,3,4,5,6,7,8,9,10,11,12,5,0,0,0), + (255,255,255,255,255,255,255,255,255,255,255,255,255,0,0,0))) + ipaddress_constraints.add_permitted(ip_address_range( + (1,2,3,4,5,6,7,8,9,10,11,12,5,32,0,0), + (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) + ipaddress_constraints.add_permitted(ip_address_range( + (1,2,3,4,5,6,7,8,9,10,11,11,5,32,0,0), + (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) + ipaddress_constraints.add_excluded(ip_address_range( + (1,2,3,4,5,6,7,8,9,10,11,10,5,32,0,0), + (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) + generate(ipaddress_constraints, "ipaddress.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,1,3),(255,255,255,255))) + generate(c, "ipaddress-permit_singlehost.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((0,0,0,0),(0,0,0,0))) + generate(c, "ipaddress-permit_all.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((0x80,0,0,0),(0x80,0,0,0))) + generate(c, "ipaddress-permit_prefix1.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,1,2),(255,255,255,254))) + generate(c, "ipaddress-permit_prefix31.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,1,0),(255,255,255,253))) + generate(c, "ipaddress-invalid_mask_not_contiguous_1.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,0,0),(255,253,0,0))) + generate(c, "ipaddress-invalid_mask_not_contiguous_2.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((0,0,0,0),(0x40,0,0,0))) + generate(c, "ipaddress-invalid_mask_not_contiguous_3.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,0,0,0),(0xFF,0,0xFF,0))) + generate(c, "ipaddress-invalid_mask_not_contiguous_4.pem") + + c = NameConstraintsGenerator() + c.add_excluded(ip_address_range((192,168,5,0),(255,255,255,0))) + generate(c, "ipaddress-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,0,0),(255,255,0,0))) + c.add_permitted(ip_address_range((1,2,3,4,5,6,7,8,9,10,11,12,0,0,0,0), + (255,255,255,255,255,255,255,255, + 255,255,255,255,0,0,0,0))) + c.add_excluded(ip_address_range((0,0,0,0),(0,0,0,0))) + c.add_excluded(ip_address_range((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), + (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))) + generate(c, "ipaddress-excludeall.pem") + + c = NameConstraintsGenerator() + c.add_permitted(ip_address_range((192,168,0,0),(255,255,255,0))) + c.add_permitted(ip_address_range((192,168,5,0,0),(255,255,255,0,0), + enforce_length=False)) + generate(c, "ipaddress-invalid_addr.pem") + + n_us = generate_names.NameGenerator() + n_us.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'US') + generate(n_us, "name-us.pem") + n_us_az = copy.deepcopy(n_us) + n_us_az.add_rdn().add_attr('stateOrProvinceName', 'UTF8', 'Arizona') + generate(n_us_az, "name-us-arizona.pem") + n_us_ca = copy.deepcopy(n_us) + n_us_ca.add_rdn().add_attr('stateOrProvinceName', 'UTF8', 'California') + generate(n_us_ca, "name-us-california.pem") + n_us_ca_mountain_view = copy.deepcopy(n_us_ca) + n_us_ca_mountain_view.add_rdn().add_attr( + 'localityName', 'UTF8', 'Mountain View') + generate(n_us_ca_mountain_view, "name-us-california-mountain_view.pem") + + n_jp = generate_names.NameGenerator() + n_jp.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP') + generate(n_jp, "name-jp.pem") + n_jp_tokyo = copy.deepcopy(n_jp) + n_jp_tokyo.add_rdn().add_attr('stateOrProvinceName', 'UTF8', '\u6771\u4eac', + 'FORMAT:UTF8') + generate(n_jp_tokyo, "name-jp-tokyo.pem") + + n_us_az_foodotcom = copy.deepcopy(n_us_az) + n_us_az_foodotcom.add_rdn().add_attr('commonName', 'UTF8', 'foo.com') + generate(n_us_az_foodotcom, "name-us-arizona-foo.com.pem") + + n_us_az_permittedexamplecom = copy.deepcopy(n_us_az) + n_us_az_permittedexamplecom.add_rdn().add_attr('commonName', 'UTF8', + 'permitted.example.com') + generate(n_us_az_permittedexamplecom, + "name-us-arizona-permitted.example.com.pem") + + n_us_ca_permittedexamplecom = copy.deepcopy(n_us_ca) + n_us_ca_permittedexamplecom.add_rdn().add_attr('commonName', 'UTF8', + 'permitted.example.com') + generate(n_us_ca_permittedexamplecom, + "name-us-california-permitted.example.com.pem") + + n_us_az_ip1111 = copy.deepcopy(n_us_az) + n_us_az_ip1111.add_rdn().add_attr('commonName', 'UTF8', '1.1.1.1') + generate(n_us_az_ip1111, "name-us-arizona-1.1.1.1.pem") + + n_us_az_192_168_1_1 = copy.deepcopy(n_us_az) + n_us_az_192_168_1_1.add_rdn().add_attr('commonName', 'UTF8', '192.168.1.1') + generate(n_us_az_192_168_1_1, "name-us-arizona-192.168.1.1.pem") + + n_us_az_ipv6 = copy.deepcopy(n_us_az) + n_us_az_ipv6.add_rdn().add_attr('commonName', 'UTF8', + '102:304:506:708:90a:b0c::1') + generate(n_us_az_ipv6, "name-us-arizona-ipv6.pem") + + n_us_ca_192_168_1_1 = copy.deepcopy(n_us_ca) + n_us_ca_192_168_1_1.add_rdn().add_attr('commonName', 'UTF8', '192.168.1.1') + generate(n_us_ca_192_168_1_1, "name-us-california-192.168.1.1.pem") + + n_us_az_email = copy.deepcopy(n_us_az) + n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', + 'bar@example.com') + generate(n_us_az_email, "name-us-arizona-email.pem") + + n_us_az_email = copy.deepcopy(n_us_az) + n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', + 'FoO@example.com') + generate(n_us_az_email, "name-us-arizona-email-localpartcase.pem") + + n_us_az_email = copy.deepcopy(n_us_az) + n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', + 'foo@example.com') + n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', + 'bar@example.com') + generate(n_us_az_email, "name-us-arizona-email-multiple.pem") + + n_us_az_email = copy.deepcopy(n_us_az) + n_us_az_email.add_rdn().add_attr('emailAddress', 'VISIBLESTRING', + 'bar@example.com') + generate(n_us_az_email, "name-us-arizona-email-invalidstring.pem") + + n_ca = generate_names.NameGenerator() + n_ca.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'CA') + generate(n_ca, "name-ca.pem") + + n_de = generate_names.NameGenerator() + n_de.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'DE') + generate(n_de, "name-de.pem") + + n_empty = generate_names.NameGenerator() + generate(n_empty, "name-empty.pem") + + + directoryname_constraints = NameConstraintsGenerator() + directoryname_constraints.add_permitted(directory_name(n_us)) + directoryname_constraints.add_excluded(directory_name(n_us_ca)) + directoryname_constraints.add_permitted(directory_name(n_us_ca_mountain_view)) + directoryname_constraints.add_excluded(directory_name(n_de)) + directoryname_constraints.add_permitted(directory_name(n_jp_tokyo)) + generate(directoryname_constraints, "directoryname.pem") + + c = NameConstraintsGenerator() + c.union_from(directoryname_constraints) + c.union_from(dnsname_constraints) + generate(c, "directoryname_and_dnsname.pem") + + c = NameConstraintsGenerator() + c.union_from(directoryname_constraints) + c.union_from(dnsname_constraints) + c.union_from(ipaddress_constraints) + generate(c, "directoryname_and_dnsname_and_ipaddress.pem") + + c = NameConstraintsGenerator() + c.add_excluded(directory_name(n_us_ca)) + generate(c, "directoryname-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(directory_name(n_us)) + c.add_excluded(directory_name(n_empty)) + generate(c, "directoryname-excludeall.pem") + + san = SubjectAltNameGenerator() + san.add_name(dns_name("permitted.example.com")) + san.add_name(ip_address((192,168,1,2))) + san.add_name(directory_name(n_us_az)) + generate(san, "san-permitted.pem") + + san2 = copy.deepcopy(san) + san2.add_name( + dns_name("foo.stillnotpermitted.excluded.permitted.example.com")) + generate(san2, "san-excluded-dnsname.pem") + + san2 = copy.deepcopy(san) + san2.add_name(ip_address((192,168,5,5))) + generate(san2, "san-excluded-ipaddress.pem") + + san2 = copy.deepcopy(san) + san2.add_name(directory_name(n_us_ca_mountain_view)) + generate(san2, "san-excluded-directoryname.pem") + + san = SubjectAltNameGenerator() + san.add_name(other_name()) + generate(san, "san-othername.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@example.com")) + generate(san, "san-rfc822name.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@eXaMplE.cOm")) + generate(san, "san-rfc822name-domaincase.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("FoO@example.com")) + generate(san, "san-rfc822name-localpartcase.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name('\\"foo\\"@example.com')) + generate(san, "san-rfc822name-quoted.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("@example.com")) + generate(san, "san-rfc822name-empty-localpart.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@subdomain.example.com")) + generate(san, "san-rfc822name-subdomain.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@sUbdoMAin.exAmPLe.COm")) + generate(san, "san-rfc822name-subdomaincase.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("example.com")) + generate(san, "san-rfc822name-no-at.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@bar@example.com")) + generate(san, "san-rfc822name-two-ats.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("subdomain.example.com")) + generate(san, "san-rfc822name-subdomain-no-at.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@bar@subdomain.example.com")) + generate(san, "san-rfc822name-subdomain-two-ats.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("")) + generate(san, "san-rfc822name-empty.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@[8.8.8.8]")) + generate(san, "san-rfc822name-ipv4.pem") + + san = SubjectAltNameGenerator() + san.add_name(rfc822_name("foo@example.com")) + san.add_name(rfc822_name("bar@example.com")) + generate(san, "san-rfc822name-multiple.pem") + + san = SubjectAltNameGenerator() + san.add_name(dns_name("foo.example.com")) + generate(san, "san-dnsname.pem") + + san = SubjectAltNameGenerator() + san.add_name(x400_address()) + generate(san, "san-x400address.pem") + + san = SubjectAltNameGenerator() + san.add_name(directory_name(n_us)) + generate(san, "san-directoryname.pem") + + san = SubjectAltNameGenerator() + san.add_name(uniform_resource_identifier('http://example.com')) + generate(san, "san-uri.pem") + + san = SubjectAltNameGenerator() + san.add_name(ip_address((192,168,6,7))) + generate(san, "san-ipaddress4.pem") + + san = SubjectAltNameGenerator() + san.add_name(ip_address((0xFE, 0x80, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + 13, 14))) + generate(san, "san-ipaddress6.pem") + + san = SubjectAltNameGenerator() + san.add_name(registered_id("1.2.3.4")) + generate(san, "san-registeredid.pem") + + san = SubjectAltNameGenerator() + generate(san, "san-invalid-empty.pem") + + san = SubjectAltNameGenerator() + san.add_name(ip_address((192,168,0,5,0), enforce_length=False)) + generate(san, "san-invalid-ipaddress.pem") + + c = NameConstraintsGenerator() + c.add_permitted(other_name()) + generate(c, "othername-permitted.pem") + c = NameConstraintsGenerator() + c.add_excluded(other_name()) + generate(c, "othername-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name("foo@example.com")) + generate(c, "rfc822name-permitted.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name('\\"foo\\"@example.com')) + generate(c, "rfc822name-permitted-quoted.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name("example.com")) + generate(c, "rfc822name-permitted-hostname.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name("@example.com")) + generate(c, "rfc822name-permitted-hostnamewithat.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name(".example.com")) + generate(c, "rfc822name-permitted-subdomains.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name("")) + generate(c, "rfc822name-permitted-empty.pem") + + c = NameConstraintsGenerator() + c.add_permitted(rfc822_name("[8.8.8.8]")) + generate(c, "rfc822name-permitted-ipv4.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name("foo@example.com")) + generate(c, "rfc822name-excluded.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name('\\"foo\\"@example.com')) + generate(c, "rfc822name-excluded-quoted.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name("example.com")) + generate(c, "rfc822name-excluded-hostname.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name("@example.com")) + generate(c, "rfc822name-excluded-hostnamewithat.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name(".example.com")) + generate(c, "rfc822name-excluded-subdomains.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name("")) + generate(c, "rfc822name-excluded-empty.pem") + + c = NameConstraintsGenerator() + c.add_excluded(rfc822_name("[8.8.8.8]")) + generate(c, "rfc822name-excluded-ipv4.pem") + + c = NameConstraintsGenerator() + c.add_permitted(x400_address()) + generate(c, "x400address-permitted.pem") + c = NameConstraintsGenerator() + c.add_excluded(x400_address()) + generate(c, "x400address-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(edi_party_name()) + generate(c, "edipartyname-permitted.pem") + c = NameConstraintsGenerator() + c.add_excluded(edi_party_name()) + generate(c, "edipartyname-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(uniform_resource_identifier("http://example.com")) + generate(c, "uri-permitted.pem") + c = NameConstraintsGenerator() + c.add_excluded(uniform_resource_identifier("http://example.com")) + generate(c, "uri-excluded.pem") + + c = NameConstraintsGenerator() + c.add_permitted(registered_id("1.2.3.4")) + generate(c, "registeredid-permitted.pem") + c = NameConstraintsGenerator() + c.add_excluded(registered_id("1.2.3.4")) + generate(c, "registeredid-excluded.pem") + + c = NameConstraintsGenerator() + generate(c, "invalid-no_subtrees.pem") + + c = NameConstraintsGenerator(force_permitted_sequence=True) + generate(c, "invalid-empty_permitted_subtree.pem") + + c = NameConstraintsGenerator(force_excluded_sequence=True) + generate(c, "invalid-empty_excluded_subtree.pem") + + c = NameConstraintsGenerator() + c.add_permitted(with_min_max(dns_name("permitted.example.com"), minimum=0)) + generate(c, "dnsname-with_min_0.pem") + + c = NameConstraintsGenerator() + c.add_permitted(with_min_max(dns_name("permitted.example.com"), minimum=1)) + generate(c, "dnsname-with_min_1.pem") + + c = NameConstraintsGenerator() + c.add_permitted(with_min_max( + dns_name("permitted.example.com"), minimum=0, maximum=2)) + generate(c, "dnsname-with_min_0_and_max.pem") + + c = NameConstraintsGenerator() + c.add_permitted(with_min_max( + dns_name("permitted.example.com"), minimum=1, maximum=2)) + generate(c, "dnsname-with_min_1_and_max.pem") + + c = NameConstraintsGenerator() + c.add_permitted(with_min_max(dns_name("permitted.example.com"), maximum=2)) + generate(c, "dnsname-with_max.pem") + + +if __name__ == '__main__': + main() diff --git a/pki/testdata/name_constraints_unittest/invalid-empty_excluded_subtree.pem b/pki/testdata/name_constraints_unittest/invalid-empty_excluded_subtree.pem new file mode 100644 index 0000000000..61dd84c713 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/invalid-empty_excluded_subtree.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1] {} +} +-----BEGIN NAME CONSTRAINTS----- +MAKhAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/invalid-empty_permitted_subtree.pem b/pki/testdata/name_constraints_unittest/invalid-empty_permitted_subtree.pem new file mode 100644 index 0000000000..f6fd071baa --- /dev/null +++ b/pki/testdata/name_constraints_unittest/invalid-empty_permitted_subtree.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [0] {} +} +-----BEGIN NAME CONSTRAINTS----- +MAKgAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/invalid-no_subtrees.pem b/pki/testdata/name_constraints_unittest/invalid-no_subtrees.pem new file mode 100644 index 0000000000..e7c27800e3 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/invalid-no_subtrees.pem @@ -0,0 +1,4 @@ +SEQUENCE {} +-----BEGIN NAME CONSTRAINTS----- +MAA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-excludeall.pem b/pki/testdata/name_constraints_unittest/ipaddress-excludeall.pem new file mode 100644 index 0000000000..2bfa5afa05 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-excludeall.pem @@ -0,0 +1,22 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80000ffff0000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c00000000ffffffffffffffffffffffff00000000` } + } + } + [1] { + SEQUENCE { + [7 PRIMITIVE] { `0000000000000000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0000000000000000000000000000000000000000000000000000000000000000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MGSgMDAKhwjAqAAA//8AADAihyABAgMEBQYHCAkKCwwAAAAA////////////////AAAAAKEwMAqH +CAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-excluded.pem b/pki/testdata/name_constraints_unittest/ipaddress-excluded.pem new file mode 100644 index 0000000000..b508881134 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-excluded.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80500ffffff00` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6hDDAKhwjAqAUA////AA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-invalid_addr.pem b/pki/testdata/name_constraints_unittest/ipaddress-invalid_addr.pem new file mode 100644 index 0000000000..bf2584bf44 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-invalid_addr.pem @@ -0,0 +1,13 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80000ffffff00` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a8050000ffffff0000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBygGjAKhwjAqAAA////ADAMhwrAqAUAAP///wAA +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_1.pem b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_1.pem new file mode 100644 index 0000000000..d8d9e30f32 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_1.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80100fffffffd` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwjAqAEA/////Q== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_2.pem b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_2.pem new file mode 100644 index 0000000000..92419b1133 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_2.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80000fffd0000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwjAqAAA//0AAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_3.pem b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_3.pem new file mode 100644 index 0000000000..3e4e685db8 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_3.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `0000000040000000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwgAAAAAQAAAAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_4.pem b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_4.pem new file mode 100644 index 0000000000..03878d5839 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_4.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0000000ff00ff00` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwjAAAAA/wD/AA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-permit_all.pem b/pki/testdata/name_constraints_unittest/ipaddress-permit_all.pem new file mode 100644 index 0000000000..f4dcae11c8 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-permit_all.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `0000000000000000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwgAAAAAAAAAAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix1.pem b/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix1.pem new file mode 100644 index 0000000000..e6480cbfac --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix1.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `8000000080000000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwiAAAAAgAAAAA== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix31.pem b/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix31.pem new file mode 100644 index 0000000000..e83616d405 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-permit_prefix31.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80102fffffffe` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwjAqAEC/////g== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress-permit_singlehost.pem b/pki/testdata/name_constraints_unittest/ipaddress-permit_singlehost.pem new file mode 100644 index 0000000000..c5e20ff15a --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress-permit_singlehost.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80103ffffffff` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKhwjAqAED/////w== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/ipaddress.pem b/pki/testdata/name_constraints_unittest/ipaddress.pem new file mode 100644 index 0000000000..9afdebb3e3 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/ipaddress.pem @@ -0,0 +1,43 @@ +SEQUENCE { + [0] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80000ffff0000` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a80520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a70520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c00000000ffffffffffffffffffffffff00000000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c05200000ffffffffffffffffffffffffffe00000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0b05200000ffffffffffffffffffffffffffe00000` } + } + } + [1] { + SEQUENCE { + [7 PRIMITIVE] { `c0a80500ffffff00` } + } + SEQUENCE { + [7 PRIMITIVE] { `c0a60520ffffffe0` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0c05000000ffffffffffffffffffffffffff000000` } + } + SEQUENCE { + [7 PRIMITIVE] { `0102030405060708090a0b0a05200000ffffffffffffffffffffffffffe00000` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MIH1oIGQMAqHCMCoAAD//wAAMAqHCMCoBSD////gMAqHCMCnBSD////gMCKHIAECAwQFBgcICQoL +DAAAAAD///////////////8AAAAAMCKHIAECAwQFBgcICQoLDAUgAAD/////////////////4AAA +MCKHIAECAwQFBgcICQoLCwUgAAD/////////////////4AAAoWAwCocIwKgFAP///wAwCocIwKYF +IP///+AwIocgAQIDBAUGBwgJCgsMBQAAAP////////////////8AAAAwIocgAQIDBAUGBwgJCgsK +BSAAAP/////////////////gAAA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/name-ca.pem b/pki/testdata/name_constraints_unittest/name-ca.pem new file mode 100644 index 0000000000..3f553203df --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-ca.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "CA" } + } + } +} +-----BEGIN NAME----- +MA0xCzAJBgNVBAYTAkNB +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-de.pem b/pki/testdata/name_constraints_unittest/name-de.pem new file mode 100644 index 0000000000..9574268b26 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-de.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "DE" } + } + } +} +-----BEGIN NAME----- +MA0xCzAJBgNVBAYTAkRF +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-empty.pem b/pki/testdata/name_constraints_unittest/name-empty.pem new file mode 100644 index 0000000000..8f4c898799 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-empty.pem @@ -0,0 +1,4 @@ +SEQUENCE {} +-----BEGIN NAME----- +MAA= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-jp-tokyo.pem b/pki/testdata/name_constraints_unittest/name-jp-tokyo.pem new file mode 100644 index 0000000000..087ca9ed12 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-jp-tokyo.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { `e69db1e4baac` } + } + } +} +-----BEGIN NAME----- +MB4xCzAJBgNVBAYTAkpQMQ8wDQYDVQQIDAbmnbHkuqw= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-jp.pem b/pki/testdata/name_constraints_unittest/name-jp.pem new file mode 100644 index 0000000000..e3e7c67452 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-jp.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } +} +-----BEGIN NAME----- +MA0xCzAJBgNVBAYTAkpQ +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-1.1.1.1.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-1.1.1.1.pem new file mode 100644 index 0000000000..7424c08a2c --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-1.1.1.1.pem @@ -0,0 +1,26 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "1.1.1.1" } + } + } +} +-----BEGIN NAME----- +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMRAwDgYDVQQDDAcxLjEuMS4x +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-192.168.1.1.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-192.168.1.1.pem new file mode 100644 index 0000000000..9e68cf6ed1 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-192.168.1.1.pem @@ -0,0 +1,26 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "192.168.1.1" } + } + } +} +-----BEGIN NAME----- +MDUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMRQwEgYDVQQDDAsxOTIuMTY4LjEuMQ== +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-email-invalidstring.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-email-invalidstring.pem new file mode 100644 index 0000000000..f9bc413e90 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-email-invalidstring.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # emailAddress + OBJECT_IDENTIFIER { 1.2.840.113549.1.9.1 } + VisibleString { "bar@example.com" } + } + } +} +-----BEGIN NAME----- +MD8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMR4wHAYJKoZIhvcNAQkBGg9iYXJAZXhh +bXBsZS5jb20= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-email-localpartcase.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-email-localpartcase.pem new file mode 100644 index 0000000000..2ee64d917b --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-email-localpartcase.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # emailAddress + OBJECT_IDENTIFIER { 1.2.840.113549.1.9.1 } + IA5String { "FoO@example.com" } + } + } +} +-----BEGIN NAME----- +MD8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMR4wHAYJKoZIhvcNAQkBFg9Gb09AZXhh +bXBsZS5jb20= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-email-multiple.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-email-multiple.pem new file mode 100644 index 0000000000..b5add4a0d6 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-email-multiple.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # emailAddress + OBJECT_IDENTIFIER { 1.2.840.113549.1.9.1 } + IA5String { "foo@example.com" } + } + } + SET { + SEQUENCE { + # emailAddress + OBJECT_IDENTIFIER { 1.2.840.113549.1.9.1 } + IA5String { "bar@example.com" } + } + } +} +-----BEGIN NAME----- +MF8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMR4wHAYJKoZIhvcNAQkBFg9mb29AZXhh +bXBsZS5jb20xHjAcBgkqhkiG9w0BCQEWD2JhckBleGFtcGxlLmNvbQ== +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-email.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-email.pem new file mode 100644 index 0000000000..e2838db6f6 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-email.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # emailAddress + OBJECT_IDENTIFIER { 1.2.840.113549.1.9.1 } + IA5String { "bar@example.com" } + } + } +} +-----BEGIN NAME----- +MD8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMR4wHAYJKoZIhvcNAQkBFg9iYXJAZXhh +bXBsZS5jb20= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-foo.com.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-foo.com.pem new file mode 100644 index 0000000000..4ed25f01fc --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-foo.com.pem @@ -0,0 +1,26 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "foo.com" } + } + } +} +-----BEGIN NAME----- +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMRAwDgYDVQQDDAdmb28uY29t +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-ipv6.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-ipv6.pem new file mode 100644 index 0000000000..b81ed7bd19 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-ipv6.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "102:304:506:708:90a:b0c::1" } + } + } +} +-----BEGIN NAME----- +MEQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMSMwIQYDVQQDDBoxMDI6MzA0OjUwNjo3 +MDg6OTBhOmIwYzo6MQ== +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona-permitted.example.com.pem b/pki/testdata/name_constraints_unittest/name-us-arizona-permitted.example.com.pem new file mode 100644 index 0000000000..c032b98492 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona-permitted.example.com.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "permitted.example.com" } + } + } +} +-----BEGIN NAME----- +MD8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMR4wHAYDVQQDDBVwZXJtaXR0ZWQuZXhh +bXBsZS5jb20= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-arizona.pem b/pki/testdata/name_constraints_unittest/name-us-arizona.pem new file mode 100644 index 0000000000..5fb51b529d --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-arizona.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } +} +-----BEGIN NAME----- +MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25h +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-california-192.168.1.1.pem b/pki/testdata/name_constraints_unittest/name-us-california-192.168.1.1.pem new file mode 100644 index 0000000000..83f1c575ff --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-california-192.168.1.1.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "192.168.1.1" } + } + } +} +-----BEGIN NAME----- +MDgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQDDAsxOTIuMTY4LjEu +MQ== +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-california-mountain_view.pem b/pki/testdata/name_constraints_unittest/name-us-california-mountain_view.pem new file mode 100644 index 0000000000..f11146e6b4 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-california-mountain_view.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "Mountain View" } + } + } +} +-----BEGIN NAME----- +MDoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3 +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-california-permitted.example.com.pem b/pki/testdata/name_constraints_unittest/name-us-california-permitted.example.com.pem new file mode 100644 index 0000000000..4a6d5769a6 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-california-permitted.example.com.pem @@ -0,0 +1,27 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "permitted.example.com" } + } + } +} +-----BEGIN NAME----- +MEIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR4wHAYDVQQDDBVwZXJtaXR0ZWQu +ZXhhbXBsZS5jb20= +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us-california.pem b/pki/testdata/name_constraints_unittest/name-us-california.pem new file mode 100644 index 0000000000..195f6bb2db --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us-california.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } +} +-----BEGIN NAME----- +MCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/name-us.pem b/pki/testdata/name_constraints_unittest/name-us.pem new file mode 100644 index 0000000000..abf1ab60b0 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/name-us.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MA0xCzAJBgNVBAYTAlVT +-----END NAME----- diff --git a/pki/testdata/name_constraints_unittest/othername-excluded.pem b/pki/testdata/name_constraints_unittest/othername-excluded.pem new file mode 100644 index 0000000000..8587b3127c --- /dev/null +++ b/pki/testdata/name_constraints_unittest/othername-excluded.pem @@ -0,0 +1,13 @@ +SEQUENCE { + [1] { + SEQUENCE { + [0] { + OBJECT_IDENTIFIER { 1.2.3.4.5 } + OCTET_STRING { `deadbeef` } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKhEDAOoAwGBCoDBAUEBN6tvu8= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/othername-permitted.pem b/pki/testdata/name_constraints_unittest/othername-permitted.pem new file mode 100644 index 0000000000..85b7b9f7f7 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/othername-permitted.pem @@ -0,0 +1,13 @@ +SEQUENCE { + [0] { + SEQUENCE { + [0] { + OBJECT_IDENTIFIER { 1.2.3.4.5 } + OCTET_STRING { `deadbeef` } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKgEDAOoAwGBCoDBAUEBN6tvu8= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/registeredid-excluded.pem b/pki/testdata/name_constraints_unittest/registeredid-excluded.pem new file mode 100644 index 0000000000..f3272d4b64 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/registeredid-excluded.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [8 PRIMITIVE] { `2a0304` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAmhBzAFiAMqAwQ= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/registeredid-permitted.pem b/pki/testdata/name_constraints_unittest/registeredid-permitted.pem new file mode 100644 index 0000000000..474a033965 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/registeredid-permitted.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [8 PRIMITIVE] { `2a0304` } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAmgBzAFiAMqAwQ= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-empty.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-empty.pem new file mode 100644 index 0000000000..ab98f4a326 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-empty.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] {} + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAahBDACgQA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostname.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostname.pem new file mode 100644 index 0000000000..ee7f713592 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostname.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { "example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBGhDzANgQtleGFtcGxlLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostnamewithat.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostnamewithat.pem new file mode 100644 index 0000000000..c1cf80f3af --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-hostnamewithat.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { "@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKhEDAOgQxAZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-ipv4.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-ipv4.pem new file mode 100644 index 0000000000..788b7feda2 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-ipv4.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { "[8.8.8.8]" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA+hDTALgQlbOC44LjguOF0= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-quoted.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-quoted.pem new file mode 100644 index 0000000000..ddad9b8851 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-quoted.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { "\"foo\"@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBehFTATgREiZm9vIkBleGFtcGxlLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded-subdomains.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded-subdomains.pem new file mode 100644 index 0000000000..964cfd127d --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded-subdomains.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { ".example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKhEDAOgQwuZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-excluded.pem b/pki/testdata/name_constraints_unittest/rfc822name-excluded.pem new file mode 100644 index 0000000000..6d5e9dff4f --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-excluded.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [1 PRIMITIVE] { "foo@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBWhEzARgQ9mb29AZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-empty.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-empty.pem new file mode 100644 index 0000000000..12e9e37c0a --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-empty.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] {} + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MAagBDACgQA= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostname.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostname.pem new file mode 100644 index 0000000000..56fc8eb34f --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostname.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { "example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBGgDzANgQtleGFtcGxlLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostnamewithat.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostnamewithat.pem new file mode 100644 index 0000000000..c1be142295 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-hostnamewithat.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { "@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKgEDAOgQxAZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-ipv4.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-ipv4.pem new file mode 100644 index 0000000000..46a32073b1 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-ipv4.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { "[8.8.8.8]" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA+gDTALgQlbOC44LjguOF0= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-quoted.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-quoted.pem new file mode 100644 index 0000000000..858a0281be --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-quoted.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { "\"foo\"@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBegFTATgREiZm9vIkBleGFtcGxlLmNvbQ== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted-subdomains.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted-subdomains.pem new file mode 100644 index 0000000000..c21de69be3 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted-subdomains.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { ".example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBKgEDAOgQwuZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/rfc822name-permitted.pem b/pki/testdata/name_constraints_unittest/rfc822name-permitted.pem new file mode 100644 index 0000000000..ffb0ffa613 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/rfc822name-permitted.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [1 PRIMITIVE] { "foo@example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBWgEzARgQ9mb29AZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/san-directoryname.pem b/pki/testdata/name_constraints_unittest/san-directoryname.pem new file mode 100644 index 0000000000..20ffc71646 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-directoryname.pem @@ -0,0 +1,16 @@ +SEQUENCE { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + } + } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBGkDzANMQswCQYDVQQGEwJVUw== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-dnsname.pem b/pki/testdata/name_constraints_unittest/san-dnsname.pem new file mode 100644 index 0000000000..62a8d5d5ee --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-dnsname.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [2 PRIMITIVE] { "foo.example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBGCD2Zvby5leGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-edipartyname.pem b/pki/testdata/name_constraints_unittest/san-edipartyname.pem new file mode 100644 index 0000000000..699aeb5c53 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-edipartyname.pem @@ -0,0 +1,6 @@ + 0:d=0 hl=2 l= 7 cons: SEQUENCE + 2:d=1 hl=2 l= 5 cons: cont [ 5 ] + 4:d=2 hl=2 l= 3 prim: cont [ 1 ] +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAelBYEDZm9v +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-excluded-directoryname.pem b/pki/testdata/name_constraints_unittest/san-excluded-directoryname.pem new file mode 100644 index 0000000000..50c019f241 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-excluded-directoryname.pem @@ -0,0 +1,52 @@ +SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [7 PRIMITIVE] { `c0a80102` } + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + } + } + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "California" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "Mountain View" } + } + } + } + } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MH6CFXBlcm1pdHRlZC5leGFtcGxlLmNvbYcEwKgBAqQhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdBcml6b25hpDwwOjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXc= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-excluded-dnsname.pem b/pki/testdata/name_constraints_unittest/san-excluded-dnsname.pem new file mode 100644 index 0000000000..1abd58d597 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-excluded-dnsname.pem @@ -0,0 +1,28 @@ +SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [7 PRIMITIVE] { `c0a80102` } + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + } + } + [2 PRIMITIVE] { "foo.stillnotpermitted.excluded.permitted.example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MHaCFXBlcm1pdHRlZC5leGFtcGxlLmNvbYcEwKgBAqQhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdBcml6b25hgjRmb28uc3RpbGxub3RwZXJtaXR0ZWQuZXhjbHVkZWQucGVybWl0dGVkLmV4YW1w +bGUuY29t +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-excluded-ipaddress.pem b/pki/testdata/name_constraints_unittest/san-excluded-ipaddress.pem new file mode 100644 index 0000000000..9982bd2620 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-excluded-ipaddress.pem @@ -0,0 +1,27 @@ +SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [7 PRIMITIVE] { `c0a80102` } + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + } + } + [7 PRIMITIVE] { `c0a80505` } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MEaCFXBlcm1pdHRlZC5leGFtcGxlLmNvbYcEwKgBAqQhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdBcml6b25hhwTAqAUF +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-invalid-empty.pem b/pki/testdata/name_constraints_unittest/san-invalid-empty.pem new file mode 100644 index 0000000000..b96e9cc1fd --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-invalid-empty.pem @@ -0,0 +1,4 @@ +SEQUENCE {} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAA= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-invalid-ipaddress.pem b/pki/testdata/name_constraints_unittest/san-invalid-ipaddress.pem new file mode 100644 index 0000000000..5e5f43adeb --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-invalid-ipaddress.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [7 PRIMITIVE] { `c0a8000500` } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAeHBcCoAAUA +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-ipaddress4.pem b/pki/testdata/name_constraints_unittest/san-ipaddress4.pem new file mode 100644 index 0000000000..4cab4787be --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-ipaddress4.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [7 PRIMITIVE] { `c0a80607` } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAaHBMCoBgc= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-ipaddress6.pem b/pki/testdata/name_constraints_unittest/san-ipaddress6.pem new file mode 100644 index 0000000000..1ff71fe78a --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-ipaddress6.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [7 PRIMITIVE] { `fe800102030405060708090a0b0c0d0e` } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBKHEP6AAQIDBAUGBwgJCgsMDQ4= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-othername.pem b/pki/testdata/name_constraints_unittest/san-othername.pem new file mode 100644 index 0000000000..e3e4a19883 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-othername.pem @@ -0,0 +1,9 @@ +SEQUENCE { + [0] { + OBJECT_IDENTIFIER { 1.2.3.4.5 } + OCTET_STRING { `deadbeef` } + } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MA6gDAYEKgMEBQQE3q2+7w== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-permitted.pem b/pki/testdata/name_constraints_unittest/san-permitted.pem new file mode 100644 index 0000000000..13e540dd55 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-permitted.pem @@ -0,0 +1,26 @@ +SEQUENCE { + [2 PRIMITIVE] { "permitted.example.com" } + [7 PRIMITIVE] { `c0a80102` } + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Arizona" } + } + } + } + } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MECCFXBlcm1pdHRlZC5leGFtcGxlLmNvbYcEwKgBAqQhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdBcml6b25h +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-registeredid.pem b/pki/testdata/name_constraints_unittest/san-registeredid.pem new file mode 100644 index 0000000000..f015ca20d5 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-registeredid.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [8 PRIMITIVE] { `2a0304` } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAWIAyoDBA== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-domaincase.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-domaincase.pem new file mode 100644 index 0000000000..d14130c766 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-domaincase.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@eXaMplE.cOm" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBGBD2Zvb0BlWGFNcGxFLmNPbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-empty-localpart.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-empty-localpart.pem new file mode 100644 index 0000000000..857b74612a --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-empty-localpart.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MA6BDEBleGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-empty.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-empty.pem new file mode 100644 index 0000000000..851dfc07aa --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-empty.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] {} +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAKBAA== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-ipv4.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-ipv4.pem new file mode 100644 index 0000000000..6c2861fb73 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-ipv4.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@[8.8.8.8]" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MA+BDWZvb0BbOC44LjguOF0= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-localpartcase.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-localpartcase.pem new file mode 100644 index 0000000000..7ab5a23b95 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-localpartcase.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "FoO@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBGBD0ZvT0BleGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-multiple.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-multiple.pem new file mode 100644 index 0000000000..48840c9377 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-multiple.pem @@ -0,0 +1,7 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@example.com" } + [1 PRIMITIVE] { "bar@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MCKBD2Zvb0BleGFtcGxlLmNvbYEPYmFyQGV4YW1wbGUuY29t +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-no-at.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-no-at.pem new file mode 100644 index 0000000000..175af6fbab --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-no-at.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MA2BC2V4YW1wbGUuY29t +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-quoted.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-quoted.pem new file mode 100644 index 0000000000..1bcc4bd42f --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-quoted.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "\"foo\"@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBOBESJmb28iQGV4YW1wbGUuY29t +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-no-at.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-no-at.pem new file mode 100644 index 0000000000..4e56bc21c6 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-no-at.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "subdomain.example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBeBFXN1YmRvbWFpbi5leGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-two-ats.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-two-ats.pem new file mode 100644 index 0000000000..5acd05a585 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain-two-ats.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@bar@subdomain.example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MB+BHWZvb0BiYXJAc3ViZG9tYWluLmV4YW1wbGUuY29t +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain.pem new file mode 100644 index 0000000000..b520559b90 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomain.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@subdomain.example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBuBGWZvb0BzdWJkb21haW4uZXhhbXBsZS5jb20= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-subdomaincase.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomaincase.pem new file mode 100644 index 0000000000..eede4fb22b --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-subdomaincase.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@sUbdoMAin.exAmPLe.COm" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBuBGWZvb0BzVWJkb01BaW4uZXhBbVBMZS5DT20= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name-two-ats.pem b/pki/testdata/name_constraints_unittest/san-rfc822name-two-ats.pem new file mode 100644 index 0000000000..421b3487b8 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name-two-ats.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@bar@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBWBE2Zvb0BiYXJAZXhhbXBsZS5jb20= +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-rfc822name.pem b/pki/testdata/name_constraints_unittest/san-rfc822name.pem new file mode 100644 index 0000000000..d3604d8185 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-rfc822name.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [1 PRIMITIVE] { "foo@example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBGBD2Zvb0BleGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-uri.pem b/pki/testdata/name_constraints_unittest/san-uri.pem new file mode 100644 index 0000000000..3b4a20bdfc --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-uri.pem @@ -0,0 +1,6 @@ +SEQUENCE { + [6 PRIMITIVE] { "http://example.com" } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MBSGEmh0dHA6Ly9leGFtcGxlLmNvbQ== +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/san-x400address.pem b/pki/testdata/name_constraints_unittest/san-x400address.pem new file mode 100644 index 0000000000..043135a7d0 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/san-x400address.pem @@ -0,0 +1,12 @@ +SEQUENCE { + [3] { + SEQUENCE { + [APPLICATION 1] { + PrintableString { "US" } + } + } + } +} +-----BEGIN SUBJECT ALTERNATIVE NAME----- +MAqjCDAGYQQTAlVT +-----END SUBJECT ALTERNATIVE NAME----- diff --git a/pki/testdata/name_constraints_unittest/uri-excluded.pem b/pki/testdata/name_constraints_unittest/uri-excluded.pem new file mode 100644 index 0000000000..8e5f467ee3 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/uri-excluded.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [1] { + SEQUENCE { + [6 PRIMITIVE] { "http://example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBihFjAUhhJodHRwOi8vZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/uri-permitted.pem b/pki/testdata/name_constraints_unittest/uri-permitted.pem new file mode 100644 index 0000000000..d48a8ec4ce --- /dev/null +++ b/pki/testdata/name_constraints_unittest/uri-permitted.pem @@ -0,0 +1,10 @@ +SEQUENCE { + [0] { + SEQUENCE { + [6 PRIMITIVE] { "http://example.com" } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MBigFjAUhhJodHRwOi8vZXhhbXBsZS5jb20= +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/x400address-excluded.pem b/pki/testdata/name_constraints_unittest/x400address-excluded.pem new file mode 100644 index 0000000000..138545be14 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/x400address-excluded.pem @@ -0,0 +1,16 @@ +SEQUENCE { + [1] { + SEQUENCE { + [3] { + SEQUENCE { + [APPLICATION 1] { + PrintableString { "US" } + } + } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6hDDAKowgwBmEEEwJVUw== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/name_constraints_unittest/x400address-permitted.pem b/pki/testdata/name_constraints_unittest/x400address-permitted.pem new file mode 100644 index 0000000000..ac4de7db56 --- /dev/null +++ b/pki/testdata/name_constraints_unittest/x400address-permitted.pem @@ -0,0 +1,16 @@ +SEQUENCE { + [0] { + SEQUENCE { + [3] { + SEQUENCE { + [APPLICATION 1] { + PrintableString { "US" } + } + } + } + } + } +} +-----BEGIN NAME CONSTRAINTS----- +MA6gDDAKowgwBmEEEwJVUw== +-----END NAME CONSTRAINTS----- diff --git a/pki/testdata/nist-pkits/BUILD.gn b/pki/testdata/nist-pkits/BUILD.gn new file mode 100644 index 0000000000..c64c7dd79a --- /dev/null +++ b/pki/testdata/nist-pkits/BUILD.gn @@ -0,0 +1,21 @@ +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +if (is_ios) { + import("//build/config/ios/bundle_data_from_filelist.gni") + + bundle_data_from_filelist("test_bundle_data") { + testonly = true + filelist_name = "test_bundle_data.filelist" + } +} + +# Depend on this to get the data deps necessary to run the PKITS tests in the +# test environment. +group("nist-pkits") { + data = [ + "certs/", + "crls/", + ] +} diff --git a/pki/testdata/nist-pkits/README.chromium b/pki/testdata/nist-pkits/README.chromium new file mode 100644 index 0000000000..b017b54365 --- /dev/null +++ b/pki/testdata/nist-pkits/README.chromium @@ -0,0 +1,19 @@ +Name: NIST Public Key Interoperability Test Suite +Short Name: NIST PKITS +URL: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html +Version: 1.0.1 +Date: April 14, 2011 +License: Public Domain: United States Government Work under 17 U.S.C. 105 +License File: NOT_SHIPPED + +Description: +The Public Key Interoperability Test Suite (PKITS) is a comprehensive X.509 +path validation test suite that was developed by NIST in conjunction with BAE +Systems and NSA. The PKITS path validation test suite is designed to cover +most of the features specified in X.509 and RFC 3280. + +Local Modifications: +Only the certs/ and crls/ directories were extracted from PKITS_data.zip. + +pkits_testcases-inl.h is generated from the test descriptions in PKITS.pdf +using generate_tests.py. diff --git a/pki/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt b/pki/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ae6be6c4c8f63f4853d671e0b30d3e09d0cd5113 GIT binary patch literal 898 zcmXqLVy-i2VoF=U%*4pV#K>sC%f_kI=F#?@mywa1mBGN>klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6gLnBDPR`n^UGHV$j`}4&IC$1I~vG| z^BNi$7y_Y%v4Md>lsK=kfuWHxjBAiZqD58)77&XJ9dmL}9fEALt1Ggc0?5@y22G4g z$o^zxWngY%6){F1jHDtM+5kAwW{-fc@l7RVI&QD4_O)Whd53>9$pDoB0ydrn6=#O`@ zihF%7Myx!0EBeA|gC9~p0xc7E`~98Fvtjkt$eqHqJC1y1m?6eJcN4dI&xD?>*A&;U z+YqaLZRZyKeRuj?i{F%JeiQj0!rZd(zusTdb+T5!xSEfsGQByuW!JyUe$S zKa1g-nIlfOs)L1r?Sh?wnrh4cb#vih1`|P;_cG=PJMYKoZRkpaQ4QM_zkJ2zO(vl z2zwK#@^k@L-(|PL^(pFnx9s|V?p^T2&hqs^848%YRn1%TR@^dniGlAj(hDHj`js|k# zyoLq_hCpaxY+zszCC+PXU}$6v;~M0WXp^mhHN++p$DABgmjox~rYgYgcXdUURRB30 z=#VBxC1k%cvNA9?G4eA2#krW87#SHZDE;Q^skl*epm}NLUXRIMH})8R{wKZcXH4nB zo!>(IR%=>W?BDWNyzF}8?uWX&W-rKYoV|I$w&O+tQe5V)yjz9(WNlsT0 zo+)A-J@bwt^F=v})L4ZqldYC3YFGU_-us|cA|-8+ZggkN*_H2ozuj4NxcOT8ljmoc zb29&T%;~kAIdPL+$AlQUWx1bR=RIgn7!W(&9&6dHJ>TwD-hMPdSnPr60&?OVk{zD)9$e(#JSEo>MmxywNcXI%RjE| z27Dm>{EUqMSy-5vSUwo2g7^w7at1O6JZxMEZ61uNz{F?3h{8iph``8UWYFF-NkQ|o z_u>M<_N*V*o94GK4VmD#q}XTE?0QF5F|}Ws&s{d!?JoNCc&C|9!Osl|l~;Ns?KRSi z=3g?Xy7tu2;(OckE_2x;&GH)wSJQ-JPucwPH9dUqf!oq=d>pr`_`~kAG?y$e=}@$Z z`5rTcSIW4u<#^)EBl49CIje(J5B;4}#%<2;yJVRW&`hcC97TK+P5Nf literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt b/pki/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..c296e5a4308848dcc1efa76852ff0515898982c4 GIT binary patch literal 958 zcmXqLV%}xY#I$GuGZP~d5E<~YacZ@Bw0-AgWaMULFz__wHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;14a7kTn1uxb@^dniGlAj(hDOE;&W;9h z;=G0i28KXrVQgSv5GBrQYygykaSd`ww93}N8e)}+V@?jLQ-Tw7Qx)J2aCJqNRRFo% z(Ac1fQ3=_zjI0dIO^o~uKyfanCPqevU7gQs?&m(d?w|f**6k&sGhE*2tWa#%Zfch} zZ*9KmBFp8V&(^CZ9!znQRigf0!QS zgt-3VPWXMl-^HQPLgdKfkLh==T&>cTUjO=rLe=)ax)C#`-_ErAsc`6{%J%g=VjV)f zkqr8Bj}wZ@1b&@(eP^n`TE`{NrUvsf#BR90CcNw5L#rU!Nm;^sLwPrG@VqrF$ayn3m=D74tejoEEkjU5J!tp@VIfRkJLlirRmfl=EMIrYr6-6YEe zZm!5O-~;LBXJq`(!otkN^1;9u#8+U^G0-yLVdF|@^I%K`rauEl6dn@_j~O|#fGHCg zS&R&oTNVDN{qsDtZ}y=V;#Q$jlTLpQ*5Rpd-TuC0=U%lt!q4<%b{W6&e$o5k(Jm#c z<>`5yGNu_*G`7}VTsZNf{d|4COZ%SK2sv}5{M`7L zdA+d0*SES$rgZHt6uwhg0 SJf}MKsGRZMK#4W)761VDRb+?& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt b/pki/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..7439f85152a7850feb29f4d19081a61e9efd2993 GIT binary patch literal 914 zcmXqLV(v3&Vk%p}%*4pV#K>sC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNzAJZ$j`}4u2gV#G>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C3NbYb*`SA=Vf;=H#F{17WYLE3%9N$i;?+22G4g z$ev_mWngY%8NY1fA#TZ`?X%tcFN4I)eB>H-Ql@EZ%u`E z(8hKZKG$WIjW51L=x@JxEh+W4;zSOsS39n?Pw-Oebah+yVCOf35GC%;^?ft#HYhwS zGmd0Q*CT2zk#>J@y$p-SkAeL2TkuVTz5ZQh5 z-U*qh&z&AkSk$+UIcBv=LR~93Ey(h*h_Q(LHGH=s|C5D>eGjwCXZwPDM~gDak>sZKv4l`6_J`>y4O!{#Xq zXDRR9I3skG^UWWh_3oTaG(GvQUD@w#<*3|tMl4LI4DLs{5_nL>jNFo+W8H8wCbGKO&tB1p7G!$1vUjXc5{S65{BD1aPjXkyUBsD$h%Mpg#q zCPsb+pg0#(6C)$TsqmiKM4hBX+WnP$&l~UZlye3I6&Wn8KkWO|F3qMOuw;j^;l=r9 z-ksgp|Hk~%tH_OCg*8QdMZ({FTD<;I?DDooHI4;V{J&EFElw=DdfIEljKj0mnT2Xw zSUg&jkhx=G^yyY1^CRDr|GYVP|Jb@oN(pRp8nc(zpT3ges~*_7(e#uB$D8z-tApo# z*f-_D9CjbW9kOL{R}bEBdHi<0`>j2%`8Eo->{aKm$XkBqc1($e(TQ?F3j?1OeGhj_ zPbgy#;q%QX-n~+M;eVH+6H!GHwkE&N%6dM3*DZ99Px{6w_WbL{2cvyu`4Uf9HcenR zxPEQ18Mj_%k?AdaTc1CR&ij6~cVuE_WMEvJZIEdo4-8RRWflnou?CUdC-0q*nfl!6 z(S${P>zHF!t0dI5f}>uRk420{WaIh7lNAdWHr<>*&x6(A+E>f-yV4E#K>GO^8UM4e zFf*}yFc1gv6<7oe_zZa1xDwht7*m0X%zzO&I)F(G7#)lZ{%lkGbAN41kh^qRJWy0x zV!E5nhuNoHR?h27SgjVyUva%Y`mUQ=N>J3 zt|hjpFsp3OgY(yS7jL}r)9NB?Q<4sT-*;U!xx>!x?4j+q7P0Tr`|&Bz z{-J+}R(ja<8^&$c+;g}WzOWA2zQaT>!gy!e*KD25e;2D~mRH`FyO4KP*J4F(e7b|> z$2RU(+ms(2Gvn(DTW4@z6vD%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@J2GpzdH67IR8WQE(3OQSdA-E=?^`@Jq~1Rd9AR zXkt`C_6j2_19KB2KLb#li>Zl`k>Ti@d~PZ8#6QPmx33J?w{=4Nwh1f`+eOtAD_5z1 z{I^ofeZnh8i;SjK%KZD@Jh4jr^Ca|Jpv%-lUv;v2uhg|^9XurcJ_w*nS7^%Udj`V+Mxd4K=zDqXW) zW<`3~{28HtR&(#reY^eDyBTL=weEW#tO{VY+%F8h4Z(ZyL| z-zOy=eJXlk#?H|AB^P(R47zfPZ`X5HL8q78JA4Zi-ZC*WGB7T#F{m<-2gaAIGK++P zScAxu+W3nxQ`?2K*oiVUR*r17;wF96!LM z28T-|W}$Gw))shggz{akAjx_ImDZ$+1P+obM(Ja2)Hg5m#v zE!wU}W-;t!owiTZmP5P&Hs7==L_DmohN2wt+O{`e^mVD UoVJ}0-@1JfO`jKL-uS)<0CARHv;Y7A literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt b/pki/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..6dfa00d6b8ebf7170e60e14481856e20b0685a29 GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pV#K>X5%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz?Vd8WDTSt)`&PIrYJZE`6vWurspM=loq8bI6E3N zF)AT@gprkjxrvdV0VvMJ)WpchuxQ4i_3SAX0pA-|J8z8qqvLn4D^=U&7~gHN6HdQ0 z_U?PJMM|T>zm8F!kkw%?<}eO_}MQ)bI!`u(-mGb*}03@-deeNu7&vKRvY8zyAJI9 z(U~{-Wi#4pYNec~2$w0+#*v_Na~+LZ+-U7{qy)qH}d zEIh*cI4l3r&(80!-b%#FC-hXNoe|BqeHq&%FL@)@ip$Yz-|2ZJE1rIty>;1_*GDTi zOnV^P$FX!~>HE0NlEP^}eK|DM4hA~z-TQCe&ak_mj&9(b-z^ir#eQXygY6aRxfjkC zt9S`i!*O!eVsX_U4`g2U+-M3` zdf=zAMrDU%o@0xH)2Z|29lxgUm_1KwsgMKfEp90}7e)PfssE2x%m2U7=NIhhJ;P6G S;mT(&vfpNxhH^4G>H`2RKv;kP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BadSignedCACert.crt b/pki/testdata/nist-pkits/certs/BadSignedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..0a598fcb8eb03f9d1169377e3e311ca826bf3569 GIT binary patch literal 902 zcmXqLVs0{MV#->;%*4pV#K>&G%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>P#}#0*3r*6=zdrYHnwrst)mC^$PBG%+e6`+$*^ zfw_s1p8+V&#ni;e$Z-Gtp4Y3tm+!0E+kNVf-_Cz*Ij0{)s`!g+^}@;{ledcSIo`grp~ z{T61WgoBFvTz@BV&h$TP!&KmNK~cN1k%^g+fpKw-L6w0#F#KedStJa^8bqGd#$Sw? z+Qy;7x^7?Tw$$Y}V^^esBU+Y^MT|wH`mTVr*Mk#xU0VG*Y@)i)&QzMb-hdCJpP!NO zKMM;m>984ygZK(80tS2rJZxMEZ61uNKyd>`1AdT%Fi0V*0W*+7jvrtO1I7;{W6FO2 z|181ITej?Y?{_XS>Um`NbB))ZeU=KOGSZjf%j&sb z?|kj@ylktKqI%IT?%Hf$1;4bIuSYZ)zlF?SI_a`h1^=6XYqF^yL`~+Fl;3*Xd|2e+ zgO3kiow(WBrx~?J+KnMu%jZPbLgura#VdPs?Tpm7g&mm8utVc)rs!gWRR3w}`?J@4 Lax+M66)yt-48>Xm literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt b/pki/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..7a7dcec665123a801a7cc3254a86e46da9c7c235 GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pV#K>yE%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{0a7sP>a4SY$oM%F+YVvUGXVv0gueu-mRNotXT3(z47&W;96j7rEJ zVPs`sZerwT0E%-lH8Cu;wR zBs^Xjrs}0-vQxM6_v(y$S3~av-w_bHwdCrhd&<3qADTJSf1bRMFWS!^qpaI+eM+l# zpND_Q$%{EV?%H(fM^D)MWyYNqI?eO*gD<6B+u0p5>zH(6y9eVQ23h~oXO{xh<2+YX z&oTYIC(dv8+?5=<#=G{L+x?21;pOTn}?aF&3YRf(O-$;nL2j0}v6YYeIk?-bJqDCn;)Goal2u_2hz{a z$oQXy1(<@^48%cv1r`AVJ_8;$u7oxZ##ErV0iyvwNJ1E-kkx=0NFm1$FrfkChmm1f z$I-~cO5UB8&kjtwFF7x{_QsAm*VVmq%>-AOsy?dzaW{R*-BTwxeod*CJAL@A+i%s5 z0$raM9Qp=arF}1JtF&^R7HG(-9xP#4^@!oJ>buY>sg*ZwdHq^(a(U5gg}a;IWr)2r zjgQz7%3ydVu79TWuGbeWBT}?aB>q__x9`XX#$PVxM>tvj*7|N_S$$}}wZy_khTN&K z)&~UxrZ4*97~zrSu&v9oWPieeO`iH~UlXr8UfrSawG`sYa6%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zF*h&-ssO4oFo*(jEs?keek58WXCMQyM${=WMIkT0#3?l`zbI9~1?Un5XGeo3MkQpQ zFtRc*H!<=v0L8hOniv@wmIqIdT6lbh8~=m#HYFneCR|ccP1jAIKJ(gBxu)vJ%l_x) z{+Dt+>goLSy2|(0npK>WiUVf#B^#!A_}((lK3ufpeaGYmr9$ERm;8=wc~ZQohF@Ui z`PlQbB6_u^s6Lx}Ke_1X^rLz+@_){pExSxaXn6*Q`5LQFMPA;E(=zW_E!zKcdej=G z>n%Nv8?*D8xL1chSJWz!G?lw8`$(wxy{OW=AB$Pe*Swp&sMO<7!p+>J(*%;fM@w`( zy|MGU!dCCo3DsUFrG9P}ofg9L@_zYkAj`)oMy0x{$1-J=dC3PZt2e^)Ob)mgv)5=W z{+ANkEYip)Yx>TvvNWLdwXRV2^{1RanV1-LpyOI?05c10RE!e#kb#8^a20po{}VVj4P z4%@jyujewYRQx~3^YH1_ZU@Y(BVJf74L@Dc|J38p;&t1b%`@2I*C;C-n|HnNlAK$w zoPhC{X?8I`PYY%Xi|=P#Wf)WS`|UT$IuAA$rQ6e`%n$BWGMlvd$)jcYU26|Guawu| zTdJ}seEPP76CStR%{nRj{#Hn(e)>lKmlo4g?*8|&*rAm%d+m~6M`zq$|M0)jqKMFi zb6Qs|DKkoVxG>q|jL;?DD7*Fxt}P2>Bg_s*CfeS=&8KV;wtKPoqZJ{0C!3z=eR=1{ zA>D6Jt$sBf?Y;B1H(+CSyy;AV?>}BlIDDmft68`(^MzS+mHRhT=4_m#vCjJK0gm|S NRY&|DpLnl(3jo+{UD5ym literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt b/pki/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..4e1245299d42e8d9400af61a3106e82c8fedc856 GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iBZ&mmyJ`a&7Z=o)B4tWj}FEY3_;2u{sO)AcMaE=^5Qa1QcO z2+mB;%gjqx@J_8%aCS6kVpKx*7$YkKa}y&!15licsfm%1VfN|vi7%p0wz-?mQ(ZAd z@Ag4+_QjH_UM$jYCNVF)cg=r-)n)m|dm4E&Hb)CjVO%M=VP4EU1D0Ux-%rX|?edOo z;Q3?n(D2Bt3ErC(*1i0EulI+}q0?`crrp>2U%Ax8uK3Z@_OJhQ0=55l@VhOWGw<%I z36bnai`bjQo3Fo$Vl-0JtUb=?us1qVC1O&fq-e~ULrWuf?a8uQ=^f_!JxO()=H(yd zfq!q@Im4-Dm3vPs;d$@zDi_(O`~Oz{QjHI>UE90vKmtQdPK=_~9S@GlUyELAoxH|u zQM@7`<(B1)gU4I{u&Q6(J*Q9qMeZLZdBH0Z%l0rU$Bs8Au_=4=~{Y5$yp!P$aXZGDKbMItdG*G-_6u&}Qep|Oh zP?-3Veb*zim9P1wG@s%4a5-neizQ8Roi6%bUYqYv+Vy>DD7W9g{q}E|zV8h`c~bw< z$Bo;aPo0+z+^yTU>3gR1rgciY1+TfE**mdMUByED+;#t%%+8;$%B{*sY*JZ#>m$dz zl2)E8Sz80sbY{=)6F0v!gk@aL`M=W!d#xg1Ix)eesC%f_kI=F#?@mywa1mBAp^klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW)HTosDPR^>aY`)COjZa^%}LYsEG{lh zO;K{YLH8e0V1VRgA0|SF7ab9BsLnC7tm)6!dF)AT@ zn30u%xrvdV!Jvtei>Zl`k>NnK$~P+xZK?YG8{Z30PkO#2fp5~MlXqORv_G(&karZ{ zn8tqa7t70|Q)gY%-up&+-wTV5w|`ZiGk^S7A6)(8ve(`%=L_a++8W8;X5=06T|Z_2 ztT{OwURpofq|~>=K;@r#%z1~y%9$pYFU`BHEpRYqeqk;DH5c=W7{!Ey=&QJ-7;H<<)v`j_sRaVE`4py*-#-F z!F0dW(YAHlDfun+*M2@MRXLv%Jo(g)&w?Kv6}~vevEJZm*R!77{ARi59PY3d`}CFT z&R9I-onJP!HY#dpz*7LJTP8mm02VV#2Q32 zXSwQ`O`ZGZQ(VX#;j1^lxlGg%2B!>JJ{B<+5tW0Xg}>%KRBYAyur_hI=+3LY&f*5* zApHs~0tS2rJZxMEZ61uNz%*yTXut=O;Adp~&%y#qga(bBAOU%n#zupBgW3hv3o4hC z8&cx`SB9V(yciiafX?|a{z3#Mp(UquGFADoJZvVcM*7s|p=EsF? z_ii+G{bffr)7p`)%jc<7TNS2+qb?=H7_Rqck z{$I(&t|~Uu*g-6}T8XRiz@c6957%0sYOt%w7M>TT_f*6$vcTb>Dceiob+-=ah8~>~ xr6_D*`I*~y;S@8QkNx&8=l)Hx4!hXYeJadnPD)wSMmEX%-O6oAU9Mg>W&o^dhmQaN literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt b/pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..1f83cb863f1d83b827ff5329985150d63d0f8578 GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!iBZ^qmyJ`a&7Qz5CqsoEUtjS9+Zay6npfvGTZH?h;`8vNXE0atn+%SljmT5T4bTac{&2^7` zG57aHX~;0P_qnWEEdS)rc6m8%{w05MGW0gGpI+urWSjdw?o;fZqkc!kXKSC^&=*p? z>L%w*d7Xf;=qtOg--_xFf5{+l#KnK3=H50Pp{rfD{&5~>HfOB-!SZhZ>V}zfUdnDf zVzSw@>VUtgZ~DsafD5-+FO+BtCLHi>2j_y_pXMusR!)$-WuubF0WeU^Qa`snu(c_fpKw-L6w0#FgRtE zStJa^8bqGd#$Sw?+Qy;7x^7?Tw$$Y}V^^es<6V}IMT|vc!Jh*A8^WPUqNOyi@r)cZco$;#{l!>t?BkYwr$A-MWX9SB-!7^_9UD zwV~TyP2RQi*S&-kMa7HBTW(u_TB*NXHT$6ag8CDml!UuV1Ye$AoVPlp?L~{-34Pt7 zgeyn#bo=CcrmZiit$Y#Y;$E(+U?+Cid)~(BS2xD3QIItFsDC6!v+dYfDX$q7D?S-} zuD^Bq;WhIY;_k)o3Zl5Rj}#sMca%NJozZ*eEp<=v%p@hLBNe3cDQ4>ORc?B9 XeL}12w&kp9UyHBzUNK(2RQ?zM#jH|> literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt b/pki/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..8773e48464cb139645d7079868597feba315fc6a GIT binary patch literal 933 zcmXqLVqR#_#MHTfnTe5!iILHOmyJ`a&7VpKx*AR{XSa}y&! zgFzD`7gG}>Bg3g@a#3EZ7Kkh{n|q^_#X|boCY>->uKL+?TT{mzh%O=jPt zX&3$DPEB3Id47R=!|D}l-u2&OIJ{k^letN%yU|=FCU<{-RqArCN%ksR&ao|3K6Urq zv98uxlJ}klE!k_?z@aYnvYqkB%?Oj%xBdy`2=PvIn||-rk=ZO0SH=Dbe?7OcX@+{o z(HR?`y>$QlTp&kAQoWj+Gf(JGnc~cLyYFh8N zynOOtEvL;S{SBTS>;ArrlyXED{D{4I&Hv9ME|k`fd_i z&PutL@$rl1Cn-+_rvq6&7BLo)vYHzyEGC@(_X`zE_<6);o2_WNZomi9&(FyCpM?dO zve*p7L3{-k0Ruh*9yYFoHV?*Bptu2}0Y6AW7^INZfEh?3#}6<80^^5~f%gz2`|5{l z7Z;u`yPo9N8qh1hc<&*z1ftC4si?> zg_B**r_ka1U;5A&DdEfiQW47$bg(VRg%1n~$ z=PgaY5fpfr`-X)0dRZb!~g z_kY)XOFr93pg^t9>c!SA%B8g)4mwvjrNkKf)^Cnjuq1kQMy|ycg}{GW8?J;YF{_0yFm+*-k-N(LHR!X?+2^Tod8@fK{%#%z@=C7}+ GrvLyPpI3bV literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt b/pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..b00748cc262b20871e9c0a460dc865bea275c649 GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!iBZIWmyJ`a&7+Fs6nudiy;GIQ_DWzS45eVMiTM*P1}vu}sK3+I%a`%_*c;dHevB2Mf2Ep6#J zx1$_{k`f+wGfwO(iiwbp{LRkT!L-;wNVn~G*R*{$4mygZ>plva-6>zJb6xnV%4OCs z7mtJBET((~jzWn>G1&*S+sN56m_mlC&w_Y?o(Is`}3{ajDv*95=PqjLQvb zB`)T_m>3rR@934xh4W5$a96ebzyEcy)Aeof0fu?H-*qCNy?nvX#LURRxVXlk%0M0% zoU+O+5(Z)oB2Q}LFUCx5hhbhE7HL6F3ZOv#v*c;x3o7nL+Hq9QHKK} zZ6aa@3-_%z-~;LBXJq`(!U9Z5YzE>Wz5kHdX-z{p5?-n}xT-;)w$L0+M z8=w9%N{h0cesf8+LYgkO&-@d;LB&f_UZmJdi>+hs7M@stUw;bY-}OoF9rD7(&->U0 zJfFkooPF;8FBZ89ek1n8gqiz4G<`k8zns;t;ekQ=Es@&2Cu}To7KM0=g`V=f=Axa< zcSrt!->Ua~x#=Y?&+X3n+Q@c2Grja(-Tla=#Mwut_{S<7d0HQFNsH0&CPR%&#Qxt0 YGPZA=nx%VHu35l2JVEnAN|nV40HqyRP5=M^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt b/pki/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..963f57a485d4a986c4078da47c3ea70c3a4979a7 GIT binary patch literal 1067 zcmXqLVo^6}V&-4K%*4pV#K>sC%f_kI=F#?@mywa1mBAp?klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWR5efrDPR_saY`)COjZa^%}LYsEG{lh zO;PaANm1}ltyFM!G>{YLH8e0V1VRgA0|SF7ab9BsLnC7tmsZv`F)AT@kdc*vxrvdV z!Jvtei>Zl`k>OB*zrp9TtB-cLthebrwM9Lv&BD>}vs|)ia{g*~6s=R*5&@esR+wy4iPWE{&Y+njE`<#rDF1;~O-D+}t_kYjI!=XZN zYE@m0Sy)U}U+`i`*wOn_G0Up6X82#DQX z6){`d#gOg)uKO1YOpj~c`+a`{+mr{o`A7e3Jj1)Lw{Q!G)zb-*++R3@uFU>(UT`;S z>q0pnmB}X+y4F;BUK9N8IdQ|E$J;w4Z%tqGaO*6-H+fsDQ~p+FWHH+^6lNTjSDb#l zppG59+~qCp4bBic za$3~kfJmE&n8Ct*>%mDumXAe@MWiEspS`JN+N{^Uht#CiHfpJF<-Bq0n^$ZEh0qzoDxKqB%il?LSor3;D| z6fVg($R#l$+8S5`4FM)Z6XYZaO0Wtp0SamPMGANmC~7tUrV>VmY~4d4z5-ua?*A8; z(pa%?!bjyKR$lH!4?ChK_2eZxEdPGn?PYnxoVOFr5(TS$7x^u?Z2UYRRKRyq!X)$d z489Y4{>N#GzG6P#H0dDw)DN}MqBH-oe0+1qH=9e%@5q(@P0Vj9#V3n@ObJ(d!zI+B zHu=!6gjV(iR|42p?5aIt5Y(D(^o4B!yHyE)lwDfw-*BxPCEUt~A1r$MuYUQT)=viC z-_B6DB{uueU3Lk+$g;kY>FirWi?mz{m7>pXn5gM1Cg7&}_IOB(+$<$iUFhP{4o>q<~qN-90})MZww8Ku(<3(7?bD z2rY~a3=E>gd5sMWjf`PjgA@{NFflNK*r4qk5Udc8pP5&ZTBHzInwSH036SOLitH=} zkUNbG44N2~kiEvp%D~*j$j<;2=VEGNWMnudy0w^lnyJ#^qjy$Y>13*$Gl^%-+%&s& zN#LyaC65krTYixL-n}}$AZNh|2DOwjwuM29mDYLh`Sxhdk>{K(7EG5f9J1KL^n_O{ zVS@*Qa`MrB|Gm$=KCmqN>-6eJ*y_(W3a%Yr9ejM#ZRVe`cVo}L(fbh2SbS7)!@v0& zj!RnN*q_f&e||^DB;kH{;*Ippc5AJjH?MJdc=~spC*NuxpC7ZA9S-t1D4czu{yFQG z{>vYia;>YE)d~3(6nE>6_U`nHHxt`gcLf#Px8(d9&zLo{aepA+eNF#&3bj$8EC-l3 zF0V?fh;}`i&LvaucoFX^-&w)(2Hh5Fk||5wOLtl<=SkRX&&15gz__^ayg}m`19@Qh z$||!+7>G59L@>6fNbk`On&M@&C@auZ3li)NU%f}+dBJ$4Z0)JH5%CxYKgY7fc z9`W^!1aAi<0&7GK)*}((}vo(~I&;3ySrFL-do2Dho>T;}Z)CisLi$ z(uxv+D)Wo<3$iogi&E2p>WdOfGV}BFGD>oDlmomyK{1aU=fLC)jB`eYEPHw1Win6Z zKhQd`g=xF(7uAKr?V0>-i)QrdJr8C(ezxZSdGX0>w^-N8>$>`Lkqf^-7Dw8ax=(s+;^L3RO%DIsIHhCZ?LV9M&Hvw~F(c-VN0HLQcT+_x HDrDOLCmMok literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DSACACert.crt b/pki/testdata/nist-pkits/certs/DSACACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..14787b05801bd1609875ca9bd1035f5301e776b2 GIT binary patch literal 1045 zcmXqLVi7cGV*0s&nTe5!iHZH90WTY;R+~rLcV0$DZdL{ZS3_6FF7N>$Ush< z*U-Sg5C|=d4GavT#CeSk42_IoTmyR&t>Fi{6KoBeOR%GYv!g*1<8~m{VPgk6{+tC1 zBakD{)Y!;y|EZwet(V*K1g^cB`)ID!2KT)#49CMxoXNXj+!E$)YWpqZ#N$J2cke3w ztZ&S-?5E+I^v6$U=Kj&lTNU0>Wb&wwVZwvOYf}0Se6x}5-*Ups!yvAH)toXl?%Tq} z#?8|Y9NqlP{Hxu6QQj*H^>!KlSlxbu`%L)^r@S?jXB^tAS8c-0B+77}jpfGw?$-=2 zzs0amEB-qz)k>cofvx_j}(Gd_Vo~neUNF{d4A=73hyy!arv_`Nt<+?&>ank_qHwai%Oyo_t~J=n2mzRZ;KE^&`?PI(B+?s~m$@$XarPjH#f zyu6*s;z*&GX7ahMoR%MA!anSCtJ5)9wlFoYztQ@HXYLodsZ;is` zFf}%m==+ymXbe}**G)^FaM4NOwDWwwM_;W(F5Ni(>h9-Fa*eYR1spgxRRw-d`)Q_J z5c1+>TGf=L8^1^!N`%Gk?~)XApO~=fXRm7vlXrdkW~OibxgtByrcAiY({cQWx6s8M z`-~RM-|5w2e0cRXCvR_~x0<%>KiKOQeZR3NEVxiBxO#DoL6w0#(DAa$ED{D{4I=#$ zj`fthsOC8ldA!ypIwUedm3t#Nd}aAq#8^a98|N2T^{oBoEPLX4e`wze@7wK<4ER9$ z`577iv#sC%f_kI=F#?@mywa1mBGN>klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6gLnBDPR`n3&_vOOwI&~2N)|jI~vG| z^BNi$7y_Y%v4Md>lsK=kfuWHxjBAicqD6)V`VfmWTr$(rQj1daN)+H$y1F7eO#$Rq zLnDJGMkQqLF|sl+H!<=v0L8hOniv@wK9~6KQFf4U3*xT4_lw16>W3v^>~FSgaKE=} zdB79i{x`mjEpO~U9+$~Jf6)Je@Rhv>)C)g&9gt*E_gEo#?phzu-+g7Bi(eP3OElf_ z`I;$uq`;Mzvu8Hb)S^eC4GR`ziOqfEIVpMV{OWcyl`er!A(wjx4m_CScX9X8$=idH zJy)e_&hyJMlWo0pY>!Ka)kHS~w*wC)Gq+8=7i3)H>lbyyw`NcI`4g`#x6V0yr#^CC zy4RwUzueBK7`&bKj+yUQ<@&`9@qATjaXdU{WDbY5>|2|6Mly!K;;?VH-NUbLs;nJ> zyy|jHhBdqvar@?+VQhc>_=V}T^un1TUl>hqUU{baB9Muhk%4h>wn3(WJTPcwm02VV z#2Q3yu&&lw(0zE)onvdW?Du~@Hsk4?zu;6L%f}+dB62vtF?5ZY-;sy~2?zEoO*;|$ zd-7ESK9GKXM#ldvEX+(S9}L7nd<7N(13m*DHm-y=55`nrdNW`_jt*dI14aiU!(z5a z%3(>njJE5`+*`K!{>HfxX^(gr6&3k5s;w!S)Ev1;@9;03l$<)gqqZ+4O?2CeucZN{cz5P7_vAdj>^uB^ zyqDIQCwz_jUvYeomhx{X*QJ(M@$zNUg5WvkmR>8{8U||$z5o>#A!<4*MrrMtF~}X LmYCk;5NibhwM$t; literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt b/pki/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..57f1df4334e9675b3a2c6ffe09b867899deeb0ac GIT binary patch literal 916 zcmXqLVxC~o#8k0>nTe5!iILHOmyJ`a&7{YLH8e0V1VRgA0|SF7ab9BsLnC7t*C2sJy9^BUAa<#{WTvI17NzEuD8OxXbwzfa z0?4_>22G4g$R1>5WngY%V}Dq@B~R_1oUz9#eIf;o}enb6u{r&wYM*>Be}Le|&Jr);wtE>m5vL zf8tqRncTCM_qd*4IK6Vi=Tdb~*IiHazE-qcldAuGHCo!MWdF5?ayQNLqNnFjK}kd;+t zkuVTz5Q(#CDV}FgP*gZ$U89-gZ6&^%^~~UOAj`)h#v&4-@NK>UUmA<;^5YjX-Yi(p z74q(z0Ut;|KO^IR78YhEmJbHvAie^NfB~NY4;xoPn+IbmFvS@#Ax8%=y#b?xks)QJ zqSVf~j+wj%cm4c#ILfA6yeE!v5-Pap_X55mTt{;#txx3A++WN{|?yOkhn!U$WxE>xk zk@-=sWYfdjulf`s96zL`20zc^w|?}A$j3s@x$cNM)~{)Fe9-bP7n;rcnM zd!HQt6&oFps(!DobZOLm$E$Jc7xRY}h--;|=Th&ol<(tQ@~^bsC%f_kI=F#?@mywa1mBGN-klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6gCh9DPR`na?j6CQ7A4=a&|P36X!KF zFfar{3u6NVgD7!cV*^7YV;I*UfkaCT4D=wDsJmpQrKJ|7=9MS}Wb_v z1&}*U44N2~kbTC;%D~*j$j<;2=VEGNWMtU5UEj3-&i&kzbxD`w+%~5!QE}&Zo2$NA z@`A^a-6wuM%#_}@=Z@_k_sRyN^Xz#soBQ0}9#viS^}zg@KJ%nbH}|gk^2n<4!@o-( zHG<4DS=K#NZJz$I^yQ{sh2NJZKd9S!w(~6)kHHo0Jr^gnmCdVtwbnbw*YQE)#~Dvn zJ+qy5M0Mu!t2K{5YF%>p;_-Zu^OWx|=g*UzYHc{}>&#bHqREPF4)By~%yUe%jfdcX5qI z4*OsHPw9E6YI^7U!)+T&ye_J{?tW?#=U(|IvHVE4O-OS6?deR+j0}v6vkfv0=HCBI(m&=$ z8{EBfy3BwNq@SOW@jnX-GZV`P191>vfknW8&wz)GE1}JUF%_89449Ck1DMc&(ZR@& z*ZCo5Rb$1D$6BsfDvVRCfBfxq_s8yTPPl??1Qe6al{hf3eRM^Rl2 zD>vNk)xNe{wDJry>-`(QAD-9Ak{8T=z`U-xucS}8&*|MGr_15*zE;FMWGWZQU^c0| zvuUA++WCWBR;u5dpWAla^!>LnuxG~-R(p=4>xy4%9Iq2j@%QSj5Lmt`y0`J-n$TW< zg%=_sT&vpWwA_6gk@zpCrSOZUjjP?VHdl?EvR(GiYi`GGuyC}0c{)=>TUD~AXZwzu zy{9KlZQv^u4v3QEX;aDIIH|wlZIJ}y`xq^|3F+0DEj-w*UYD literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt b/pki/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b6d31236e2c5ebcb34005b52422d00e7c7997f32 GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!iILHOmyJ`a&7+&C~;n614AQY7}p?yM9T~e^dOe0yJV)Nr52^;l_GITXFD{JGE4-B#&e7rq`@ji7mXAe@MP$a5)0?cs)_!z564h;_ zZMao8i0`KXA4oqxBjbM-7G@@v4+i2Oz5_4}8ZC_1F+?`SuQE}S9|HGMiu`V)qq)(@JvkS$nd7bs?k!6s-NaNcFYo|#R z?d11s`MqXCs2`)=+tfY#l{e1OnR)fmCh?3Z$(b`J%39Qme>>3^^t*5dS6o<)&WQyr z8_$_0x2*2E^KFyDp1}=JZ?HJnu=GzbYWJ24#R@`}3;PzG^_{gNc#Yvgz zkDh;ep857TU%kj`@lOxJ-2G2f{ClB&?yX#PWX2tqmT!RuOw%t4O5`LmG|FAHe^Dkj z<@e>kzg9{=oKut_pqI7P=HC*xbG}QND&AjWf4*zOY8Q>uhvdz7#K($%U-4D3#Qgp* N^{~qp&m1p!0sy_vX!-yE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt b/pki/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4c9c82bbcdae6263292a16a09aef51954e971e21 GIT binary patch literal 943 zcmXqLVqR^~#58#UGZP~d6CB(+$<$iUFhP{lwAq<~piIv_tMGdU9|9$;u>tWaE< z1Vqk`Ku&<6ft)z6p@D%R5Ly@;7#Ku}^BNlfRl&Fh2_)KTV4w%FRox{sEiJVuHLpYg zZojK5vO5((4mUSwVpKx*DkCcca}y&!15licsfm%1Ve8KoEn4MY4c;6{xW%F@*K+TD zUA?hnadys3iG~F#-H&g^-P*}`OtR#`h6vNOX`O*ZJ`!0=Z`)cQowhq-*E>Z6yKAnd ztn;nU_DOYqbo-nAK%!=Rk`vQYq;-atlHPhYI-l-?#|KL$y z8C}umZ0@H~e@pquvUjT&73(ZIePoMT>)LScG59Jdw6@+y3mt${TMl8rQQv{1_{watNFvWcgUcSVU(2s5B6| zrm*z)>8nlI!P6|xp6a^rc4gvgP2SIeDi1vk12n8{#MVjdsK1$#($SLX)3I#o`59Io zH(lh`y??gn)tP;-?|%Onr={DqZOulLg3cz}o8P8K*m{3oy1csZ5{GVRd9T>#gfBay zxHmWnvwf}v}{jDQhn#CHLBow*QE5kL`XQ|URc1= eR8{j0)2A>ctx~br^5N~`t2YaoD!em~s{#Oo%V=}} literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt b/pki/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6c01f377f46c86824d67ef2e6c5565499bcf6255 GIT binary patch literal 941 zcmXqLVqR&`#58dMGZP~d6CB(+$<$iUFhP{}|6q<~piG9W)EGdU9|9$;vsP+Xb> zM9z)@h5<$fa^k#(1_p*eXklz%U=StFYiwX>WDMgPB#>yQfq@>xPIZ^ew6xTs)VvY} zxb3d4$gWfXIoraZiBSpJql~N!%uS5^3_x)%rY1&4hJ!N?uuO{JPmImid9q#R<~4y< zi(@*zHM2UHS!?DkeeEoF>*AYbu}`eKY?>w{U$)4f{#5blnV>IaneslE*;caK{F=skt%Q`nH;*k+Q=6x7W$BF7T=N>{ z?mF~-kJ`*uF^S(_j^T@r;_cTFaXTb519%jR6lW3b!0d46-Q z{L9Nr7k+%Z>>JCPRhmtkjyZbI+HaA#;ji4Xy?@V~R!J=J{l8ApM{b_rr>VQe+yWo1 z6)+K7c&pJ!^~(FYWtVdjkFafRYI&5^vsFs5ys)QXRp;?dT&E28?o@4OVrFDuTwG&N zWgrg>Sy^Qk2?MbPk>g9vmtXj$^0emu?N70px8I%mHuD`gJ;?I0h_Q%>FU(&ho)g^2 zDW#eImub(x81RGi3o|nQXJIv922uv%AOQsy0Ruh*9yYFoHV?*BVA3;SGT;MA z@Pkyc00q7w#}6(e?+Ewk%=~_ci*`c5%YY8m6-`oHfsC zb~Hy;?fP?U=DsC&-nG6u>uYh!bElX4G`3nP_A1kfyRQ9;;8kWn=Xt;E_2-<5qV*Fj z-yZL_{glmZ?iO>ytL>8Z>b0NioLD*Zc}_8i6{}1)FMNCS;JddhpC6ok9n$b?YpBAH fUz2}z$L+}awQYIl(m6bj#Ztb8&6Zu7{YV!8vnXZL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt b/pki/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b2e30bd69217cc0f76f7c27140960f113b33ab44 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!iILHOmyJ`a&7tu`>wgIKNZl9`s4T9les zf^dYZE3#u1K(4nmXkt`C_AetV19KB2KLb#li>Zl`kzwEWHI)~=oBr!hd#iIq<>hqN z+IO|mW;M0T`jcAf93z@6%w9NNRowY{jor#ucKVVbJX*g!VxJ!3@z~ejpRt_ReoIG3 zpziONLZ>8c_)LGUSRC2&wb?Y`F#j@7R-*&cudz*akC;>xYasr3)`1BZgnzx#D!W{K zX)ep5T|#$V?!P%%a{fueZo?M`W;7k;R+23jNczqrJIB~Z<7UMw8JWbZHVq1l&l3e@ z=3f(;AMcSV8ui-dYDCAAuxWXLP4^2Gg7TGDg#KuY{?yFy!}))7Z>VSGhwHILRXer4 z*Y-XZ~=4E`d43Kx|04EDsJ{B<+k;iP|<)1@@_VJnO z%7o20cz)&5;1>pbApQJ|jQ?3!n3-5U7>I-T3M>K!dylfYHIo zV14vh@$-GnBKduZ9beZyJE2)VOX|{B?;Ae~Db=12A5Ank+286G zla-Uv5^TrI_w#yu73;yD*#aLWa~|GG4z|0f`&m*n`t`f7jRpdj(oFc1)LU4)KWn?a zaFn`S!LDfUx8LJstxEaPot^s=UafCxzpT1&tCymPj=Ix5uZ6)&E7$fGESUVhDZ%eF zFVoH&Kjd@n>V=D~h&7mg<<1X5rqxPuKlsF=BX6(Kob>%z`X{` z!`^jAc1-tOnHo3G_5ZAsa<7$D)-+>}4H;^-4mor~!ivldNvx>Oz@%VSx~^2}BsKy1pN%7o9K z0uJx~D%{6VaWP;H+XTg$6U!#?Prq=zI#jZ9rAz-2K z=`Sl-F8!W->u>q&yW9?XSNDqjez-8}7w10a!&x0OOed5X0|DwnAz1)JgNsHKc&$i4w)tA6@|=h5uc-E1mhefwJ1O2$e3M*(^ZK&Bi6Z}h&oyUaW@KPoTw_pW zAP)>tS!EUp1F;5?C$;exW2Uxo=&-KaSGp~A`OVlBY2c`r-L7%eO%TPGda0!h4+VAn;0c6hTH8fqR#i3pMCs)%~9uk zpYtKJjy#F}SoVsg>p%VK+|~azx#ZUEW1_+u*{XjEFPM9Z@T^z7QFd0?LdsQRmcZ2* z&gXy34}M-0@kacyDHmtVcD4Tgwr>l> cZ>pDWuRXj`x7XlVpujA@IjhcT*3|tMl4LI4DLs{5_nL>jN{2~K6ab80M z14AIRFg7qSh!W>DHZU|YhH(uXNVG=4fDd8~yL*0qih{GFK@+1AvfCM18JL?G`5A!X zTue=jj0_VZX1OQz{*L|jd%=|c>Zj{#EsGU$w?^`vIdSaRmi5m*r7z|-sVaW{f5{9N z`OkBBm389QD?W3*#ga8m`}L&*_UF&d^GnFejZ5q=y5YQqM|JJ;ClXI~NG;<0{L(fi zY0a-MA~BQJSovAIy*d2iTi&vDI@i}k=|;`Sb=daOUE=b=mGhd;%1jIT<2n6sSmfP% z5^2V%OS-~DEcvAFSYVvMhuxe%5xH=m+>_1N?mZKhkt2(%aq_L>uY|q zwWf=#@Q63x7nZ{2nG<>JYjeQ;lAu^!9WU=D-*e%jj1NQEcK)rjn7p#7x3F^)uU+ce z>#ecb$+f38drfO{OS#p}#LURRxVXlk%0M0%ahhbhE7HJGEX&6t#v&5I*rFo6M>}YWm+ex4B9Xwa>#a_LLtd7jk?}tZ3oy~J8Hj_- zQ(yr`i2)BAS3;WyV=7SGfYE>-Bq0n^$ZEh0q>$qWn6`lN!^mLTK3(itsp;7RLjR}5 zC_1fC&o|0ug>+rHRkY~1sIu0V0hy7{}z!fIH**wzHP?~$^7XY0oP ztEJ=Ghr1`1E6+G~%GFPMvipj=j%Rsmv=qZ_Ia&5@%9;9G)}5Q_hp*MEA6rjr%fAZK z_>#2JE@1kBZ9B~R%DCbVtP?p9;8fZqwMXh2Z}2ja%)gQ|T!HIvW@rt%NuL5#QUn!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXz?noFgbf5CHgJJ$C@xI`TGGU*gzR!gRtDxKMt%mMI2ThB zBO}8mz8TX_h$ufQtaQ5Y^AY3kc_07Y{kz_-c<~IVHxmzHe?Chz-` zo>`uMQl7?tBF19RTs_g7f1d@l>^Rq+{Q2#K$=UbUzdA5i=~#8Rjm`{xg-c?~CS||( zmfX&{Zr&!hhUQ1&lGaSjj0}v68@mk}I}GH3!6&QCB4HrbAQHjYq9VOVJ7|iR?NWgv zk-)F(txkfYSeB1Pj77wVU1wfNtZuC4?u}Kw)}ldMYMm;;5iHBk$oQXy1(;~q48%d^ zDX;)z-hhXVE1}JUF%>9oz-Yh^k`M+dWHn$0Qb1{-fC`A$z{r3cU%-?Gj4wup!rJw2 z2ftbeUf3Z2TP^(GqJNq-J@WpO5A6HD^5HJKgXwxRJ~3UfxH9=nx+SaeT}ee}t;sq5 zTP?C1uKqZ8F(~qF`+BY5T?UmriFUltGURT~-e{P={aHuk?SkV1g-fpQ6G&cKGrfr^ z>+PEBUnXW5X4Oj0xOZM5CCVf~^ovHjTCDb#gz{Umsn1t$d-KVmk2hD#kn`!Xqq_O* zsdjbA+asloN>bLWdA#oV!kEn6jRo7B0w2hKmRIA7I#j-YzQYF_QJ>A9rtXwK?z%j0 zu6A4f)S`bocTJqnJ@38UCf}E}sdo=JZQGilT^Oo=pQEZ*xG(FV0C#}mom!>1|3`eZ Kzq1v%ivj?k>`=7; literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt b/pki/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..9f4d95f39533c50f3df78b40c031dc7c1f53809c GIT binary patch literal 968 zcmXqLVm@Nf#I$AsGZP~d6Qh^`FB_*;n@8JsUPeZ4Rt5tHLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP{4o>q<~qN-90})MZww8Ku(<3(7?bD z2rY~a3=E>gd5sMWjf`PjgJ=?M&^FM7*q{Wqp|~{3*-;@NF|RTpKPNM}Qo%Q|pdd3Z zUBR#<-^ieeQ3=^cjI0dIO^o~uKyfanCPqev6Geu49%qBMh~Ht;p6GP!px36$)!jwk zt_YNH%)9Tn{PTm@(0^P@fAiL$FP>SHF*9%RGoD`FUFOHHSGGjlH ziYE(XH$FKDj(AyqM#ldvEWpIXX21_JPZ-2!HDCr(20S1E6%en1k-SS+lcrR7loX0ig!bj`n|8~9Rv-R6l^|ElC(ps6{_Sd(?tCghKPq&@GIjhaI zRy%)kY|qhBgG;%BD;8DWx2@>U(UFnf_f|%P^wBGjnNm*O>Oh$vHvrY*iw07+mpB-F6Z{SEE4x>i?27Ew1`n= z#iQ3EN8c2?JMC}!ym)h|uVU@DL-q9v+lxK~cK$JVG*_v*G{Cd#K)%>DulaZTPh?~y z)(E?ppXtq*=)3+wa=+VCFYi^`?v?ioK91W~Yw|Tsc!9M7li|nJ|95W)DL(j{VIu&I Cj9|I| literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e24d88d444d0dbdeb51a3b503936f02d1d1d186b GIT binary patch literal 930 zcmXqLVxDKv#MHKcnTe5!iILHOmyJ`a&7QxhX2!|gzJ`wa8Xi>=wZKc8WHy#CLdIMT$bnPtv}X&XOf!$qh$QT@5%M-J^u4F-Bf0mdAf32&iVBu zw=@6Dl(fy;T$QdDq-++JoS;9Sjr+uf>s9CXK6t)Gqv%t|#P$$7r!z)ZFY*7=nf38U zOoheUmmU81C%pTkb2#G@OSz;^;?Fl7=ls)NswSTQ@^gp1|NO#zHY+DbF<6VnN>xb3 zc%>|7_@vcxH|Buw+SCrE20Js(HL71OPG?^;{j>4uEYG7NS<`Qaeb$bP-Y;8n!NZ_@ zQq4@QVy4>DRd=HoG(B2q)+N8wI<{8i$d$H8+5K*(Ha<35yWg0JnUR5UakfFGfjlsX zWtCYZ48$5l1dBeI#GO^8UM4eFf*}yFc1gv6<7oe_zZa1xDwht7*m1i&j3C30i%PFp*KkS z-n*lJjTmm8@#S`Lee`*X;g5m?OXj?NBUUnh$7A!CU957S?r2EY)=VJJa_Ej zL>=37txr4F`n?xQwKrnSFcRwjeBzb;d`?@ NUT<%Wp3Tf&o&cW=X)XW& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt b/pki/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4b35bd248ed3f535219be01431313bdc5d000de4 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!iILHOmyJ`a&7Y)QWT$#2uaz(;txe zjZ-1HHgD^ifR)*|XcX z?&^oynOR4~H|_k*x{h0AY20rOS=oceC)pgGdH;ERoIiJ>^sj^ex$l|=OiY+LYqg`a znr8lUrBzl-E$;m_emVWw#!bKP`9Hq#>fG8ZweSAdZ86`@y18c0djGh6@#U-IG_S97 zX0({qwWmJ)0_VK&jo%(Os$}^;Ioa|2<6$n2s@z#~`eF;p$^>3}YO->Ly1e9B@?Y~P z%P+HUQCm}lEg~Ovd|zAd<-MI}zl`vu2WEdR9`Ca`a9&^h{p2sMOw5c7jEl1kG7aQ` z0W7P`B4HrbAY#~U+B?rB(Lm(hb8bBmNe`9VKlg%Dge)J67>kHut{|hpBgHzAkOfyK z>fCs%wvqd&0Ut;|KO^IR78YhEmJbHvAie^NfB~NY4;xoPn+IbmFzp$jr#xVEFfyoq zylS#c;#*F^%7~lqBX_N;)cG&hYB62!YM;<9J;8^yTYpI#$uG3Xdgqm%tM>2htTn$Y zzAL(y+qt|Jeje4bI;!}898OeY0OozqRj`@t@zo(0RRi0JV(KzQV+boATm&s?t zZ@u=p6|?#{^Fof2&tkI{Eb-scS?C@oZl4!q`ZKw7!_-vP6AKm|*~nTK7`xjwsL5;1 zO{V{0*GliD*1eX0uOhJeg8P}BHOG|RRO~(H`*uZLIrD!3iBGG!mUw3K{|jJYxUB(+$<$iUFhP}e{kq<~pi#VN5kGg%=xH78Biv$(i4 zHATTW$VVYKGd(XeFI~YqwNk;^(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!V5Ft#>zY zg;;OrnOByWlbNDG*cq;_$o^0OdCc6PiBSnTC>U88n41{+8GzzkOihf83o{F#Qce5VXbic7o_@;QoonlAn_w4d7H#`2a_TGA?y&!9@ReOHx)+uk+s;Ylp zp7dx(?cHZry}ryn_2Z)Ne5S8CFK=%8*XG_OvxhnAy^CQf8`tx=UdD-MkIZ#1Wn@16 z$?;6FwENkWORw%x9O)Py9}qs7mv>foHb`t_vMAZF7!U{>D=&mL+`vYn{CH^yMFys3Dm6A*sz~bSI_Z>oY;hx z@QO%-Y3n|y3dV~mS#MXbZJ&L7@^%BZ*qNOZ)*t0RJN3uj!=^_>erH_RcKGV|NekyX zPE2^Vnu(c_fpKxRL8gH`Fu-M%StJa^8bmZ_x$2oso%`lfT*w^Zt2e*7OwFl7RxgOR~!xn*N#7~h>g=NBb2ygPS;dxnmDs>SwQdu1Z!410uc z+fLiPa(UI6Yr!mg3}vj`U;M9YaCZxvd3AQQ=iY~=M!V0*8YPxzmKYv$a+6^%Xt3uy zH|MHj8qfE2>-gI?oGs?wZ&R+cW|=-mw|4hEp0?hKry)PK+_e6%!1~0?Z(*NWZkyX| zweNl25UW*qGoj-^sn5CRYnQ1TM6k_%zR_XPzn4!AzYscIYv*@&@{Q@$Q{T@kF0x$x zf>Z6B{nWdqp@R4KDzqwx&uh$Swy3zUwYhrXrFE?5($yN)$RFW!V6Ni+`-OKepVCHN h&7RA~mgXj}XKrCx!t{CjyhC->?At@WaZgvd2>^2^aHs$P literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt b/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3ca799546005f83e5a6f0594f8f19539bcb8d985 GIT binary patch literal 958 zcmXqLV%}xY#I$GuGZP~d6C;ZOFB_*;n@8JsUPeZ4RtAGuLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}e{kq<~pi#VN5kGg%=xH78Biv$(i4 zHATTW$VVYKGd(XeFI~YqwNk;^(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!V5Ft#>zY zg;;OrnOByWlbNDG*cq;_$o^0OdCbC~iBSnTC>U88n41{+8GzzkOihf842$A4{(M^z zQ2wlTb*IOLys}wyWhblZU)jW%@?g=iujbLr3fu-8IageAJl!w4b$QI4u!xsVr|hnm ztM^Fz|MKgX(46nQyJ4r`?DaiQd+&-ryS7yQ#VyVw+OrxC7scN?S2fjHrSqE6r5#4y zD;1UZJiE1R)B96Ww+ZEo!vC(rQ7KN>|ud5?!L_}+PFq1%zY2`lee6;GMJ zA%Cag(EyJ%=lw3cXUe>DZSAI)OdEy8F7usIley7;gk@T8&8Isj7pe=me-u{avG{i3 zpnS0DY9?kz2FAtN2AKx(zyOz3W|1%uYYgy~HPBF54 zEMhDo85~#ro`&?Paj0ZViN`IRbF6RPTLV6jett&A|12!bOe`M^#6f%o76Ai310FW6 zgf4CB-Xj z=Xh|S?9gFu~U847EPAtk2Q*P%%Wozd*`Lp`B$IGU(Tq&TYdNK^6YI zmDu?GsHnzfgW^?BpU+Kq^X6rkv%PMC&Br_9&8#I32PaKiTcl-ZzuDmjbJ#IYfxA0* zyuPu1T4(Od!{)0*3o_ZmoBpQQI_ES^-@10jj`>}lQ?JKPmR_{mWd>VKF4O6?Z1K6w h?(#vKCl=WBSQ>de4^h1mwCd4Pe;I*A{~kR50|0DKZD9Za literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6cc192b8ba2195fc21f44401cd123ce34743fbf9 GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d6C;ZOFB_*;n@8JsUPeZ4RtAGmLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}M*gq<~pi#woElGg%=xH78Biv$(i4 zHATTcCq=>+qnOByW zlbND`X}w=+xk7kmNe0**uCBImA{PLZTqLK`f+CQyG5xy0r}az z3+!z3Emv-6Y%j7lis+lUP+n=<<24f3_s{X$zxlMnlqrl2^SMr+-j+MJ?=s)fFN-V! zR&gHwazK>hUC>0PkNFEP))m~gYCmd}zs2l}g;4Yr<5vyhibaPeY@Ds&8)dgfIeXjZ zc}9Na+hms1J=_oZH(*gH0=1AwynBKO;j;m?S8K#h@FJ{@|PV3g5WquypnPQ4~U+qkIf8&k;A4oqxBjbM-7G@@v4+i2Oz5`*kEh{e6Hn|$zWRF=pVq8A zap}bFDP8tmJoAJy4Ec1VvpzCiU|f7vS?d2Liw$g+Q&jCwel7WKKHop-DP#5m&I>bR zCmpD~H7#qKLQmqR-=@BY4(l_C-rc-t;;bFPr;e7z?01q+z8lWDFDaHy_}`^nVlg(| zioYh5uutADZLE3WlJDx+TaPwL$zQ7cJM#ta?Ke6WzI^*8Exz06*4k9RL6T literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..18033bc34b08de2db08663c7a201b74f547db21c GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d6C<+$FB_*;n@8JsUPeZ4RtAGmLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}M*gq<~pi#woElGg%=xH78Biv$(i4 zHATTMwOqkFwNk;^(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!Ru4t#vVQf>>+qnOByW zlbND`X}y0=ib8m1Ne0**uCB4Fs+(Csx0ZX^)0(HBe}vsXn83NzxF(YQ+I4$d_6Jd)C-49NQ}oSKDOh zl1j}#{xgorJjS-{=z{YTW|-|xogY`fVD9O?u@BSdzWHr`qPrOIm4>q-+hUAcL~I>o)A-81)-Q?_Dc`!Ur6>>Z0^D&7c7N?UDxd+xeas=TfC zca_DFOw5c7jEl1kG7aQ`p)IS-B4HrbAW~LyBZb9;)Bk>EP1nK6M3#?5 zj7212&fT(O3+nB^Z#I&h6ekki{Aqou0Ut;|KO^IR78YhEmJbHvAie^NfB~NY4;xoP zn+IbmFhLqHB1Z=>IRc}Dk->)Hmw83=>{AQn_i%@b&)F}>QMSms?Wo-GaknP!#Mh!E$ctT@ z&&pmXPc}E;zIFXSPdU%p3X@AbHivEYGu>L(*qihyY+myD7J2iU?f17Z|Y3AgvOPg1jO#iDi!Rn2phrY`3uRNlmh0FI`=Qi56 zX2GwtXTJi%=lC<<3xDTOmb6*E_=vLFsC%f_kI=F#?@mywa1mBGNxklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6f+P3DPR`nbxKT82+mB;OHEO5b~KO^ z=QT7iFa$yiV*>+&C~;n614AQY7}p?}M0=DC6e0FVdFGWR=465_0b7??Qd*R%0CJs? zK@+1AvVRy^8JL?G`5A!XTue=jj104K7cZ^^^6|i8s8->G-FaaV2e! zPnGX7v27l^dfB7SM8#hI`XzYNTXu;h?rCig&t&XAGnwn3(WJTNe2m02VV z#2Q4Z?+RFZJvedKrPZ&)CaU}FOr^=|!OS2o>WM%gk3f&X_T& zkJW$=q@SOW@jnX-GZV`P191>vfknW8&wz)GE1}JUF%_7=4A7GoFgh3+Ce6t(J6sZ`{uur^&id5V z{K3Qrf-W+9O@-sEzQxT=dX^>n`q&mOs~HU9k+&wilwn;VZhdv_>EDa*-uV6Dw)?x- zu-U!0<1JQi=PYX9{P)}~ulZukTdJfu_Dz|nRGgAB=}KU##luU@JeSIopPrA%-q2R# IT;AXY00T&1bN~PV literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a9938aa80e9552c031ea4591a53172ea7abbaac8 GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iILHOmyJ`a&7PiL8@{^fGalN_T64%IiAFGLnhUwHlZdWroTL=+6ZPU`$O%iP?$ z+iSgx`-_|FJT6q7RNNeLO*DY}>0I|^0)gvZuU&GW{8~k!{bDBju%PQa(a~&yemBfc zG<&VA-QX%XS>Z!jY1&S{=q~~L4%ch>*K&(4WUPvv|2uxow3D3^H!1zKn38yTqv6H? z0THH~|5tm&ZC%-{BIYtl{S+7Pp-drPbK9o$wd?2Jefn1HkMlvV{W_dGXDl(YGEB-j zIs4)Dl@7&a@vqL5+7#tx&d=Sx{+fE6O~%%e+OI-Q)yLOfNbYB1W@KPooNbV4AP)>* zS!EUp1F;4X9lpQc-`RX#lJ@2~>->(*kIt94-2f*DSw0pq7Lj6qE8lIxT8l2vxaBD9 zwRB0usR@e>_(1yk85#exurM>Rd@v9P@fBDE4EPLq*tinfJQ!1fNzVX1;Q^zAk-_X3 zcjio;NpkB0!c5Nh&b(7K_3ay#=XI%nr)!S*MGs3s-gQS7`ae@wBCR2h0D(^%F(4 MRXewGke6TLl$w@bl&atY zRHESQXdoxfYiM9#2!s~K1_lOE;=INNhDOFPu0cA9_L&=)LhRG?%qvUG$xH!Sf^My= zE3!isKrS~lXkt`C_A4VR19KB2KLb#li>Zl`kztR(ZO226l3WL#ewexJXpn;N=8fBv z3$^UL)>f-_wXQg`sJK_COFOu%r?B3oQ0+{Z#-iZmCWky58eJ3B8!BciCTYEt%1=|C z6ZtLfTk5xsTlg+9pWGHCX#FvVQ~j0H=Y(b@trZrEYPZ+4ga_MLal4AWe{grte%q7k zhNY*=3wEDv{xs+Pkz<8d>Xh&MozhNFIbyf!|MCrQPGnqmXZOvCkL~z8d(k|`+gEO8 zm6bO(Pi1-X{L5XHYdza4HkRJZ4|}2`@gu_MK%ZdBF#(xN+heZBJy_ki&?h1G0$YI0 z=|8_W-`HjzdVd>}anL`>^6q_;G}dr^jk+D=`gFgeXw-L;ixW;VF*7nSF3vW{G>``d zu&gqRgn?LtNV44?sd>K_eu`YE?>+V3vwLAX+8n@1LY9w3j74PSj~&%v`Gs?T{#U$t z-d5E^_4~4313r*`en!UsEG*1SEFTQSL3{-k0Ruh*9yYFoHV?*BVB#}CPkO-UU}W&J zn3g;vt72p3LFaj<0jqh=2=9nLKSN^ifln7#a(_$K`M6(t&xh5QL^75y$zL?{E^oEw z(?7|~6VJX~?seFh$&vZjCa>%R3CH*MiHMqB+?VBhHRb}lt&PINw)IYu>)-VMS>MDc zuCr=;eL~%%hqD}P@ItEnQI>S@0@#F@xAW$54L?z?|RXnFtu literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..5f7ad1535aa50a917f722f52058d22c7e60d76c0 GIT binary patch literal 981 zcmXqLV!mk5#I$n(GZP~d5E<~YacZ@Bw0-AgWaMULFbFW@HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1 zZFhA=cB}%(^*}3|7?qGc%*e{X+{DPw02Jq9YGPz$IJ()+C#Lt;<>M0%@4I_FH8|nD zpl0l`;O|MoSNe3Iar_^Xbk z=XtA!igfHwHz(r>vpv}3RGL?I=rFF_D$jfVuk81i%0cVSI!zJ!H9MVKxNhEa1Ku;& zpMHJ)CF}Q`n=CtC7Ux#@H!q5t`$AS|o59o@DvOk6mTX)7Zms|QgikpMp`mtn=adwx zb@BdW?Y;Pezgu5T*Z;)N*Rx8tonqZKJ<+Ar96Sc%tJVhD3NQJ|#LURRxVUk) zLE{Vqd0;5ZDziu!h&708TqXYD@%b~CmUk{|X21JC?-u)GPjJeRI-T3M>K!d zZFhA=cB}%(^~S~qO^iy&9%f`^U~XdMX8?+GF*PwVG8~g;kNzt)#p7?*%c2?m&J5~~ zTa$vF8GKF8KD*CzYLfNsw=74Zp3l&IU^gvADM#EYNL^^6!yi|(Be(86f17qje|61Q zG|R_FKF zc+1RB5zGH>`B^SF>J)bu6Hnc{zaDIxFD2W~by$`5xK+MlRjkYQgGuQhwnYA^>pS*~ zWwY+e7@k~gRCL^UYz4ZJt{w+D(Dc`-~W$9MQ+;&*xtP-y1s7eS*fad4MvBKmUPapcseU%aowKG`u_H{ zlUEij_#Z!2Q0mx+M{)OGhB+;7tXXC9Y>s4`+~F|Y&^Za+ZnN`)bU1e@H%>a;q`XwA qOg~@XZgWP@Pwn?=60FO==m+%8w%1%;TTB(+$<$iUFhP{BYBq<~piJTEaf)j2<}xTGjCGq0pr z!No7wP{G;JKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgDetlv@)=O*l6gPSC*KQnF6v& z0o`_2S7gU3fLw2EVbH{=gzRBPRtDxKMt%mMI2ThBBO}9#s*>Z2yT4j$e_z7#%ZBs0 zbG1T&&EbA??%7Ag|@} zCNb}xkZ+XZ!?V{w+(^*qHVjjP%fr(j7v|(22fz7N{=E?ngy9K42o0Pod^&C6B-dgSZ zkt&jL>cI2(1$zq^ezDAWvhHK{NzSHC74y69ncl4nj+A}w*=F~>{?Q_}no0XN@@N;n zcyM&{ffub-dDTyP=bG+0yv1N!OGUHf>1f`jJHdfbZ&QE2ziRQ!rQDT?nUR5Uabv$h zV~>G6FqCDLStJa^8bmg(694e{{FzJ3JC`-H-~FF=i~X@DIAzH4v52vVoO4iDT5(NE z&6<7UzmJk{1KiGemmBbb^z$<^{%2ufW@7nZAP(Xyum~9N8St=iCA4`krUKKT0i%H; zNJ5ZB%0Qw?EVmMvvPzPXl9^t5ei?F{0TU@O&KMb7(}T}epL=**kSo!*m`8lM&pg?M z2_I{2=KNLIS{GmR=xAkQd+6R`d83cM%l_Wk@jkF5BIe(|D_Ql%-p3fOZvMCJoC{yt z_7mL`Cp=K9ac{Y%eZJqaMc!?W)$yaVELfjB$nri{q7gMo>Q2N$;BC#v6leXrNfs2rEQfLmAi uxlQ!z4O7DyU(`;EUnZII{f5ZdSF11WarnK1e^YDj_p4Jc@XyY;*z4o%)F9f1s6XFo+W8 zH8wCbGKO&t8YfWEMJ@(T5Eof{=9MMpWTpUJqL7%Eq7dZfY++=ifbLFLS7a|MfWpAY z!k~#!2|3spSs9p{82K51;#^EkjEoFB_U;O3_c*z_IJvv><3shk57)a)Zaem%Zm~XB z^13toH%W25*7-B9^xl7dNsl)6e-nk*+kI26WH~?os`9Fjvi}1Xzs%Bg@tEb3c${U< zsVHaLWA9#U(BxdMVvwM=`IL;@`vos2a-ZYN%iAvByh%pR@}}Wc<+z1n%Wg{6?-MUD zTs&cRCUeBerjJSob#^i*tFTJSKac<6k&|ie9X)5yv6(lAgO|H6 z6Awu;-~;LBXJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`rep&~18tCmAd8BDQX@2; zTwNV9A+el{lx+3V^UIK9518nIvB${JmhvoDNbw8n(}|T|K3(zK!%ZLHjoqNH8e0V1VRgA0|SF7 zab9BsLnC7t*P!tr6prK6?S!X$b=Z0j1)?G>G@>_O^iy&;mpX&z}&>h&j1wXVrpV!WSG}@ zKH%=`<~7|s1ra`}t}RC!-x=mNdM~`j-qT%q>Vcogsxyy;E1$h=@#OJ|sS$Cqd-%hw zqxJ0)UCXKl`@4#-#Oz*a3S2)rlV8^QN=y*1)dnwym!`T`PKmehefh+Hy;5qrXx8a> zdMOr)7PEbAkI62a6TalZI~%3?%7_;^zSH;KSn%deF?Ymnlir!(tEX*cSggO{$qw(n zH)2Qr+*`PmJzH&=ZpBJ=j#(O8yC0@$|J8eKQuFub!J}syAB&e=*b(&7{?;#{*fYG} zqT{l6Y0rNAXTveg!;7ymwC6PJl$<1X>Du{YkLC5`m~5xNSvPUR8y&m4k{5-}m-ola z+EiziY~gU7iJ6gsadEamrhz;#dSsPZBn-qFMASW>u-tV0l`~^X&Y!ouhgE`dLtVhh zQI?NIj73Cim4@4rt}62-%UtH)NqC{m68m9>0Ut;|KO^IR78YhEmJbHvAie^NfB~NY z4;xoPn+IbmFyR|8B1Z=>*#o14kwIb3;c4l!(}b1JdHDZIURQQ)65sTVl1r3%!q*;o zV)H;*}DD9 z^P896XpFUKI2a$hch0JpS^y*D9{iCVe^M)id8`+xg@8lwzw7)kY~^S3UDY!|44b zN7r`;e}?dw9hR%kE1i(J{>tTTxja9AHzXd)-&mgQ?|gqD%VM^vl@r>lRD9p|Nplpt k@00txTW-hv)j0tSUFthtXiYIXzbfQ-RfEF9-#_jF01B(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt#1 z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#swtWC}ki4auT<&U_ok8Ze~eIYD#cv zQb|#2s-dBzfjC4?AhjYnr!)mg%F@6bB*iRj;F(vJn3I_Tbf5ydn_XRzy{G{4Gtlu( zj7rGC#K_9P+{DPw02Jq9YGPz$I2~g#(cZ0Ws!Y@2+S%??J$$Y|J&?H1JT)ZKoV8L^ zNpSTQJx{sRPW~&KriOd|w|i?H<8ycMhUtH1O?hJwlJIu3b?{}0vP(+@4y^N>V|H)e z)ed%_7=EU!Q(im#zg4w#;wqb%`8pEJ8WQbN+t1AJwDmcqs=Q(o``xE|9?rWyHD;;G zR`$L$FV0hXX4n5lS61>!tZS(_S$&YrM6dlrW@&6+uXWe|;HT%9Dk_3~PrI!a)L-_~ z@Y(hM75_d6-oE<>g+n>fqEQ%f}+dBJ!i=J6DBKaMSgtGnnqTuloHt_0k0c zK9GKXM#ldvEX+(SAHcCGtH2^)z-Pe2#+A_K!I%n6w+85`78o6j4C1R67C(|QmE|^^ zHt*Qirkx_4n?HWKe*1pdeUIoBmsD41@J|eV&T(}4%9%6ncnZcQ+HjJ8^+yor>L(#OiqsZ&(}RzHIxjf7=z|8Oqv-o&$OZk^V-y=unWnJH%uy<)s?!@X$p#jyQ{D}|2!TqquXWnG$BLnY_? FIRNT~dXoSE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..5f3a49f93e402b60be1e8060b555f961df1fa7a4 GIT binary patch literal 991 zcmXqLV!mzA#B_K8GZP~d6CB(+$<$iUFhP|838q<~vkupqT4H?yQ9H6^$-siY`1 z)zDDcKoKOzEG(6mn49XHpI2N`l$e=UQmo+OXQ)tIn&j+gXdoxfYiM9#2!s~K1_lOE z;=INNhDOFPu0dlf6VoqiX&?O4!j&pTI_NM~Kh&j1wXVrpV!WZ1aOJn37&CB8cbo_o0T4jM0?{Nlzry`Gc51ApHrxyW`pOPVo$ zA(z2Do3-EmxnxJpS$E*}*#&FElRSBRD*Lj_|9@85G3o5mqQK6x4e3TZ&q#(o`DJ*{ zNY+oG>=X0JFB60;-mT@1GZV9kPq+N~r@i9nLHUR2GNPZ795?#}zE9cF#8~6%T^p{^ z_>u8ylx5`3B7<*NqPgqx&qTaubiHv!({w*m^YYm~S^cLkPqJKf%XEs}j4gbj0hi5| ze_&iFahFTWa?Ad6O?DZE_LV!9z4hzan{zWbICA3F8P_V9FTe6mtxx^bRbgfnn%>g4 z(EDLoov-V4mX+aJp?7x&st(p77WZoy)*f)1F{7?Qkw*KiNDXx_-yG-r2*H=yWm}7mHW%+C0 zSR>v^_9xUNx6Yd;d*1W-mxqZqW$`MfN@rV1?cg)|G5zNZ&G54o?`phW7|q;2J(cQ*3yBhA9MdZKF(0#PRwt>y1aSOAz(u((4 vvkTm+1&%sCDhzRW&Tq8TBx_xJj5v?}<~a>%0kb_;@yt53G)8sRv1wBP^XhH3 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..d64ddf53c7a101cd47bb9b2212613f8881004dfe GIT binary patch literal 991 zcmXqLV!mzA#B_K8GZP~d6CB(+$<$iUFhP|838q<~vkupqT4H?yQ9H6^$-siY`1 z)zDDcKoKOzEG(6mn49XHpI2N`l$e=UQmo+OXQ)tIn&j+gWFRNbYiM9#2!s~K1_lOE z;=INNhDOFPu0dlf6VoqiX&?O4!j&pTI_NM~Kh&j1wXVrpV!WY}SUUhG?ilg93y-JBC7%1=kx1Ss*fMZWm!6!rCMaG&hM0~(3@ zJ12(cZ$0^WQT`q;^L=|C6gQoUe|Nnsd&9=vYw~}K9#KzAlzm*kwQ0t3@i1G5Yx*xb z6aQ%*KaswpV@rP3W2bZFQ{*Sb@ZD6+d)CtGmLDRn_(im(!v5s)--)-@YV>X_o_3kz z?!|4{dB*w;ZaEhZme})8+MVboITw#XUQabFsLj$xnfUx_6nF85tNCXB%W1$OD5|R+&Y@K&(Mzk$yyTw9nM( z+uwa_-!h%=LH&d2qTnPY%f}+dB647Q$q8AbW%_Ljv(`0KJX?3yNk-m)52T-;k?}tZ z3o{eT2Lo{sUx7uyfX{%3jVqzegE1ADcn#2#E-*S68PxtiJm#Wn@g$~w+5Mzv2L<2e ztd%4{y``cYvr0aQE)Q&W6S!jEt(cE20 zB9{Mc!Bexu$BHkkUDTdlZ9TVU#$Q+F@B`lx7u@(_=rY;srP}d}J{neazxLVvXk+Ye ve)V8S!tw1h1B!o?aVRl2U3oljd%M%ZY6T^o{g-MsJ_`xCvSpfuDw8(=p(J%F literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..fd864ced34c1763f00e5ec21c5cdda4dad0293a6 GIT binary patch literal 962 zcmXqLV%}%a#I$SyGZP~d6CB(+$<$iUFhP}x8cq<~piDlaiN)j2<}xTGjCGq0pr z!Nt#5p|~{3+0oEIPMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#ugH7l{63s*~%>}kXn(P zQ<{>R5?q>8Qk0r%XlQ9*4snoyXI@!iPG$f=Hx!sHD}oDX59MR6t;TCp*`o0Y`i%wwIXm|!|RpaQOlpL z*p~iq*}2^c7mn_0`f+d(*SRg%Z*eZRo+}70EfJ zDXA&JrAZ}4si{VWmIme!2N`(gl_ln6rT`tHfbKR|S7fg!fc$1?X3)f_gd7}KTh=T9wYWSxDFB`$JDLG?9 zeen#t+J<{s@1AzuwAvBeXus6uO=O5rvB($aw3Y(Dncel<3HYR-q_6E~Wi%E5ka|FZk|{)t%3KOW{$c zGsnC5^toOpT`ERdb+7hSo_u}%XiiAx+r=qDM^AqE-Ku-mC*fd=qRV>Sxw&G||BjxU z@@0d@{f$3)m?A_nUY9bgl~TIj&&15gz_>WuAk#n|7{s#5ED{D{4I&MDj_ZBzldAt{ zQT@gA_1%{d$7}+?sYaHMMT|uxVf&YtSL-evDAM`*Wq(h?r#1bm#|-#D`uQ0d|Ff_# zGqHRC$EK_Ti+};20S_BjLYoI;DlmN-Fd|0>Fm(c>gOS1S#?nI$Yg0D*=zsQ{QGYva zxB350OP)0hlj;tvURPQwXa4_Qw>k&su9RT?g(2~tTjvX&*0q*a6rcT}r}?Y2ZLN#Y zCl&e1PYivl563<{oc!s4&c)0P*AK2(nJa3;+@9zsdxG)wgazvA)*TWdl9o5;PMbda zYi~8vIY#Agta_<;xGS?dZ(I`Cx4C2Q>WMsmOD&J;yuRu5-r}Tg29xuh?Kd6v%!yPn zKj;7ExCQfF_JZV-JI^}L`7n8(n5F8~d$aGqnP(cablrL1-D^%xd)@B(rK_NLEq9e-UtIi3Ur?8ae>9bBexMzB?ugjF|wz)r)T9B(+$<$iUFhP}x8cq<~piDlaiN)j2<}xTGjCGq0pr z!Nt#5p|~{3+0n>APMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#ugH7l{63s*~%>}kXn(P zQ<{>R5?q>8Qk0r%XlQ9*4snoyXI@!iPG$%JwKB@)>U3ZhwK-iG{XfwN^i_Ani` ze1Eu4>#Zx9`Mh3>k*#?;g^1vXLRc4Ve5Ni-Q!}2yuL$>Z- z$}5Hrtv98D`UgW zF37|ybTccEYZiz9hG}Qc2vD%f_kI=F#?@mywa1mBGN@klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7lRDPR^B%S+5nb|A$y9Em4Ug5k)Oe!iIIz`iII`v zickK^{x;?>DaU62)jH2raBFRu=k?h$=34QGulpodex~T#Pa~!CN~s$X7Cf?5>0Q>k z>_m~|hc8U`eir6x?AsCGI_c(>;~%^h>Tzl)esE+z$(|-0)#(%e%HzGY{C@eCYn3)S z-_$k~T~~@uESQ!2L%Qwe6ydLzuDLRu^6dZqE-vD=%}?)GHOm2Pm~e(s;1rfKcOw3)0sW(54uzIU?peZOZ0 z<8~t+)<2fVp35>ZGcqtP&Nj$2kOxMstTKy)fmnlxV}+C3S-%xc&mUUe|GrY}0N0=Q zZQ!_<Rx%0p_AN?ZoIBq?CdZwEE>jSY8lZar3-^S&iVQ8G6@Xbsb+V5QfpZi`k%rvJ-N*uwjE&ZesWH-mPROMZIB z-aBE-Qx(1jtul$eO^bhCy6|%c|FtSTi>mj_GK!zRsy;c};;Ssj_2>Kl1idoiFyHvr z<4-h#O=en(e)uWM)G n3VBgqxAMiMdrMEvNtrcGrX?kg@okf`G5>^yQ(L=rkMaTl=n!C5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3fd895c9242de0c4314cb2dd88e8b73f762d8f1e GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d5E<~YacZ@Bw0-AgWaMULFz`3zHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1 z-}OtcdY;<_NH5%y%C6-nDSG)v&uaTnj#-^1w7wW|ff3fA{GPLZWY{-g$m|(p7`2N;$Jr*YhUt zcbfL8L{GA6)^GoLt@>8XGuxj`*zNhy;`OFaGSAu;d#^N8@v(WlHRhabo`L4vta{eu zqSRLxKTLf0roHS{H4`%<1LNXsgG>W?UMWE5#0Q z{dwO8PB5~3EMhDoe~SMvc@)+7UG4NHC+ly#GFzA5ylTJ)($CMx_@9M^nTh2CI5K4w zSOg6C40zbM652c%Q-Mj-fDt)5fC&>A9gGZNuOdF?#zbYWt8fZ*T(fo7-3@m{KWv>= z_DtAK>e`$q1#NHmpKVHaiqSmXZR>GudEK%%Qh7={Tb7ll6$fuAa4}l-z1{uxeGi-1 z`(LVhg9UQJZ(Vo1YGS!mYsZZfUHe2iqb{xfzN+@xEp^UF@tn)Gx!?15HSV9UBVL|x z^vD*+-#-H;n5$n+>)$J$lM!g+6{+>}mbKxAV;!ZUk5io_S^70odbc_r6Dqm<DY0sx--a2o&s literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..decbf34aaceec2999b83492e201c5c6d755f3d6e GIT binary patch literal 1113 zcmXqLVhJ^9Vzynt%*4pV#K>&G%f_kI=F#?@mywa1mBGN@klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7lRDPR^B%S+5nbO92AVK49rc8{0u;G zE~X|%MuwyOjhq*cI&RLoB2^;cy~*m^4DSq?+cKI7c3+G5l{!Uk1L`ZaiUhs!l|3 z#eur1X40E1UX_b3J)!LEt?Qc1cH-E>S!EUp1F;4X#|kI6vwka@oCA_vaV-fr0OU@5{?wtMW{m0p&FVB!GMnR@qinhQ2$RKSP^)<%%r-+2{OPpzOADtJK9)MY#pTYkl&RbzIk8r4JM#7^Buuui`Or~c8~T>vQlHZH e9Kop{Z+fv?BysaiE6je{Cf5D`N@Yp^`dR?T^q67* literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6ac76654e5e7e347f48d2584258beb9bf9605205 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d5E<~YacZ@Bw0-AgWaMULFz`3zHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1{jqiTEZAQC*12J1Su1tuk1U5`x4z3O z4MCnq+Izn-E6kZ2k<4)7@HQsXEe1*M=RT&2{}jD@KKdJ%=**P$M|6(w`a8>Ct>51C zg3~n1l$%;ReantYtm~O`s7&?B+tbP?l^m`F9#^jXv%vpfo&IT~;=3&GS1(<3fBh$h zr$tjLrn2Xkw#3YRbVz@hQCs%>>lvNix0_0*Y*^Xv)nfBh=!Q1BOncb{~-McOqF zt&UNdHD}*}MKT38z;@ojw1)<&9QXol=BR`J3m> zCv$TgGfL{7CN#+3;ro&>hm9{4)VG4Zu4&q{u8%c?-t$v``aN|RbOmv-sKbb zUmoAM)PFS#XYKP%4xHy=avE>lE!DBDzPe=Fu9g(3`Fqn@zfKc9A{pDf;N}PC%f;3~ zo`Gq)b1X}o??gwNd}Ey38q4)#XF&SI+rbvUU&^0XFq@M5Suae<3OB>oQmS}@-_cbr33@g*FI7d3TX_j^8Wd+({t_jZU7zfZ!iD= literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..48adc0a6d55c90ce0dd9c1a8f5ce152392a68367 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d6CB(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt!+ z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#%2<2lr#_rIf+|XAhjYnr!*xsCAc)H zq$oAj(9pub3?#)YtnZmumY9>70(67|y1QImk-eb+@|T4{6QdGxNHDT8FgG#sGXTZ8 zn3@#VNC|GqipFPC;Ft<+g4{Mt6Yec85H^ZdslN4B12Rp-za^eH~` z^>5>zdeh*LOMx%L&KEA6`@i|5#RlE~TNNq;?`xFY*?G!%^E!uBM(N+nc>z)=;&b*$agQQY`ZwCA2S&X=B$TmCFKLZ;(naR~x$aWOcd4vh z-s<1nCy42<Jh0FpStwVy; zR2VLwDg`GPSw0pq77^LgYtB}dUw-xK`MT}}CrsDd7p2%3@PYL6Gcx{XVPR%s`2dbg zSp^mW13m*DHm-y=55`nr(lkI%n84^@WKi3)S!&YV(xbJ#?QV0eWDc!bP$sxOAwB58 zu2UaAZ;GDs=F*x{w)HIK1^Ykwuosz0uPa*=;QLN$;a0mhR@&1Zx`^lJxBbyoa6Hh? zKg})m|B`F9+r^d@w%nI*e)OmCmbc)RIl;dEP1pSPGH|@xddP|WLqufqqg@>})j!|n z?@50b5V1^K@z>Pcj_mo~T)jswCr=Uj_xkUB<45gg8|pqJ&W#rfZgr`-BmC>kjQ88O z_qz0R*hChrUSuAZG<9Q~f&GMicP+UjHaD8oet)#+HS3m>4BhjtmM;I#CbY)x)UQ2C odWCACMUCMrL$0@qd%0hGRe0ufPrlx4*Kq!aa~LF<{!hsP0JE}hwg3PC literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt b/pki/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ed753d42e6664959fc6db584c1b4db1984164246 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d5E<~YacZ@Bw0-AgWaMULFz`3zHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1+@!Kye$~#2cRn1_e5xia9C&O`X~4S9`Qe8+>denA zc;1|^F!i&Og52p(omutUcuQi8-nmFTN@kF>*}me=zn1r3x`QvI*q9~S$=Q7Sxg zi<4Qt&wlyvU(}!exS79}T6akCUtLyvS7Xl0>9@-xPMMr!YdzbU9V8qf@yI7O?L~av zTiMsCGj9aEbF33S+Rwzy$iTQb+aS|G9vH&1$}AEFVhtiWo@Q(HB07c40v)YGg49$P zE}tp|Cm2~i7BLo)fF*`zY|?$#4_-LC@E~x;{LjL|%*65m9GS8T zECL3620UzB32h#XslcRZz=#|jz=R2m4n~F*v!^VxKefhD)A0;HyRqjvX`^Ec?5+yN z+fSDM6C(6E-h$)pj>R0Un?1!R2L!DA#86yvjCnE1kHXC-WdvDJ1 zOyq&t#_9~oW6z)L;cIbUS?@KsJI!*zn=D7E$KMaeO`W$b@91L-r@8JkY}McH3q5LX z@5sA`MQLNq?%Dijw!WSsu(kEqv?6Tx5@x{&G$;PhL=5fw~h1tN~kQ>Nl4rO5zW(o~9lsAwCakzxV zLQ;!M6r59wN;1 zMlki9`e%MN_IGv)hOchy7pa!trtv@3?djRMOErJ!ALM8#EhunQXE2MlT3GG9X<^vk zRUghdJvDo85>l=?YhCgx&+m5Y9v=Gnt<&iL%#7-v=S*Th)@Y_wo20B|5@nd4%)#q) zYQFdm-Z}=Wr>w?H^r8cq&4vI z!T@xJK;+IP2gQFG{A2v;drvL+`MjvHZ^{A<=lkDTMqnXjxW5+=6F8; z*O`SUH`Tc`K@w@)U(wI*Hb6Hz_FC2eUzxBa`b1^@rEzUN`G>`{IxU4dZgn?Lt zNdJUmJtZ%yc}_$gueFH|iA+%C-Uv>UvV1IJEFx_ge803jvpqk!#_dm98g#c+A;Hx^ z9Hd`?MZkd1fQOAMq0NIa6`0Zu7!CM968wye|5;d=nb-~>rF&*OMgv_Y5&I=i7+%lV uQ`{zUvUK;x+4jM&*1`Yk+iD593AG`dCsw>VSbS*yj71E{fC&Jnb3-}+ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..9238109b646e7d9fae59ea170a079560c45d80b7 GIT binary patch literal 893 zcmXqLVy-l3VoF@V%*4n9L*3>*x(4LI4DLs{5_nL>jNs{QMLJXGa4$ab80M14AIR zFg7qSh!W>DHZU|YhH(voNwh)PKoMetlxJR9Voqj?f~%`SaAta5Vo7OHsshMe#s*D{ zO2|H8WMyD(V&rE4igPhFF)}jjRn%rQXSFoi7-6|1?`ik$?D<9tcW(V`x^K1h>NS?r zSB~A1PHTCzwk!SU(;4MEZ%zIXv$3~+bMmo^kJ`0&mHhP=KB&>Bwc}QDv$SBr-+85T zH@wbu+?-ca{kSOL-#R<3BM~nHemI-FQ=Fn-ef)vBt&h~&zAH7~p2;e2JS2KILx0{u zK7V_smA&nuO6h?eru$z;v@SfhLP+oWtDdO$T>ENkIes`vh+n_|j72QY@b~MyLy~$v z`Ca}7UF&vS&?{Ilr7bTm=T_Z=#$^|m>@n>>yX>69`n1RIE@jPqF@;b6?3N?0R}6R7 zM`W8C%LIx#PkzY8=lM$KJ!{Rw|NiOyZQEEE7c((4GB7UAHpn!P2L`6BGK++PSc6Ce zV~dLP9_^qhUbagGibMjxuD3b~j&NB%7BLo)gU#nBIoi$t5cK2Wo4nw2DZ3x-aRNuT zEI%XTe-;*ICYBEd;vn-BSb*ukfQOAMq0NIa6_~UP7?Gm`n6QA+!N|b8`9tc#gKITD z*|h$BcCZD=(`5yq~8TB5nM3*~BkAxBkqMt~fd2lj_V1wJ+Q^Xov4U zopVN;=a+-QIeGuika^mnTemATsoBauI@a{?TlwMJTfDz<&Stq+@qMD|KHpvDh2iCF zDLyBqAFPuxpTD`Q3Gai`pli>|fHqTb9djpWlP;vuvhjPYHbV G)*1jikY9=b literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt b/pki/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..af6fdf8c5a91ced4ca4bddab927d445c35997464 GIT binary patch literal 912 zcmXqLV(u|$Vk%j{%*4pV#K>mA%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{0a7sP>a4bn)o!OXw}VuP+{URh#JW{QHVt3qCWiDOzxYLS8q&?z7RB$p|G zoN8v!#HfVqIYw3n<|amd2B0_>QxhX2!_^6`hYGDaxV@|vMJfN<{pUcK=!mAP&lEd7?ZENPn`WIadtGT(^03)+-}WVooF-Q;QP%zD&mU8<+T`pjb(2~Y z&b=3YxAg6bXHz<>rw1>pX}YoTG=sRUERWj}?bELW#LvHfZg`@B@0&J9W%m3tZ$p)) zE3df4I!F4#nmZd4-}c0WMsB`&V`=7XMb${B!oaJ4*Lt2y3=pnZ>Lu3^>JY~8nnCWb zqwqY3x#xqzR-IojUBc7PSARIPblQ#hpNi3HD&K8GYeICgZkL@s-NR};acYH8#O6wm z*}G0G_P_h)_vzM9CdbS*4vUTSS+*Zz$hLeWW_HxU=A1VZGb01z;%tLV19@Qh$||!+ z7>G59L@>6fNbk`On&M@&C@auZ3li)NU%f}+dBBJ`@both++tw?`3-X64?_yiO zcF96;3XtVzWc<&THuU2L+olR*r&~vq{T#AgqZ_Ti=Wq3@XjeFNl&9jxJJorK!2%p!`F6*- zB%Z$AE%5MTME)ken`YeR?;kIm_2%2UC;tkvcqdHwX%-bZbV=BBw6lPIy%SQ zH@W7C-^D`CZ5%qzf>u|OdCne@a(yE_93^e3?PthFyRZg#0DQAy^N z6hHmGlEYu?)wPC0H6G3jv!o>sHvYF*SQ_>@YL4Q6-h28p&t2xax%SNghZ|RP=6O~8 zjbQyT>28fv_x^;x3s(jeGEH_BJrKWI?NY#-?%gM6Cj~e#Haos|k!jbE5nQvLvA83) J{_L&-O90!nRGk0- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3ddef09cabffac1e6772570205da804a79d05b72 GIT binary patch literal 913 zcmXqLV(v9)Vk%w0%*4pV#K>&G%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MF*h&- zN&*!a7(@ZNmPlNKbP{baH!y|Rpy!!amY9>7qTuSPke6TLl$w@bl&atYbPGrX$!Q88 zw;CBVF)AVZj**ptxrvdV0VvMJ)Wpchu=VVgg!zweZRwqoRIh&P)n+lTgWQLI{$0xX zzbJg=ivy=QCBTMAFa1Re|~zsOp)eVy5&|#_lb(LfT3$nvp>v53qpS#Il;qn~FeSTQxGu+($hdC!gYM+v<01mF?OujS9TaVjX{GCw^<1ed_#*>x&L;k-l)o^5)gk z#EtTCkmJYR)CvV&NY-aR%#*6tXgB5epD!le=3KX~rPvru K)_W&kw+aB~7FwtP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt b/pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..5cf92f7ce456958b42e455aeebedce6480f4f10b GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe4JhzxkyIJMe5+P?ELGIFyr7yFJG@^ zE^smVc--^ti|tPBzWa`tUx|6xmHK7bT&}2CujJT9@6#7qR?WQTFnNC2)YglvdP}^b zmql`U98YPub97B{=rzWteZt>1T*{l@YGQL@{}1nbZ?>7AY_d`PzH!UOavt%9!7y>Mi}Nd}~u%meY?zk)K-BU%xx^*Eo7n;EO*e%Oq2O#++lmU3jE#>b7+Yb{&7Q zI(@t3|GkNpC3o`QX1i?nI{sfeFf!-L-r$HJweb7j*Vo>j$zrcNr!i_v_x&`9l=)xp zc=zWfH%|OL)w(~yV*2@&6JIS)(0=ElG3$l$^Yzyj{`#I981uk*ldi#eCT2zk#>LqN znFjK}K$cZz0mf^Ci0Y5^f7WkXDJ5O$efxBZPPg|)(X-$LAjI4@PYL6Gcx{XVPR%s`CuRp;w!KS81NbJuyG}{c`&8|lb!)1a&!O_ z9xyr>8A?-kH$R$NbGXZKWko>Yk#BQ~-2Z&%*m3;6wZC9bZpHkzTSpUtOH*aSP->&Cvf-heSA710h=6Q1e UWJi0YqU8a6n-9&N;_dJr0PU!84*&oF literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt b/pki/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..c4b45f87831eb714fd1134886e0a66573bcebf82 GIT binary patch literal 1019 zcmXqLV*YN>#B_fFGZP~d6C<+$FB_*;n@8JsUPeZ4Rt5tPLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP{KeAq<~qNKQk{SvnVyW#5u@E!P(Ks zKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgKQFQvNo`U*kt6HSC*KQnWEt75};6?S(2fE zY_+Q^vMUup&NebLXkt`C_9-JP19KB2KLb#li>Zl`k>Sj&YNLFH3C>#4?OX15UY*34 zHZ_~o@Pc7W&z*+qL`J?hiY$-b9j>-_l$$%b$5Xxk!rGGKdMxoe*BDuk24DVBcQn(% zLh+{Ge3`dzFE%GlkiKvAZBhF52@jJWD*UN%c`I|cqjA}~qK#krBcJ=OG~B=RoR)m~ z@7kJgv(Kd%E>6BBYEZrZw#r_UYW;q@%OQWIYnOjN{zZPqFXaz)HXM^pc7MwVSlM-E zT9t9`EMAEpEG_Nlw70LXs_Hr~_s%0Oa5710$P}f$854=~LU=vu@ry zbMR^E4%06(o7m>v*y6tIhwvxSxY!bfj|+d+hIbi%2>n{-l>f8E#)`FS;r3r|uFPUN z;K=z}zwc%NXU}Z+XeQfs8-?hCbN#nEv?oMfQ(U^IxkxjJ+jaCA2jq&5Yga=DyDQRf{$B zb4Ba(&-3N$9pc!&o^AIQ|1WP&1m8a{Q!zX2bl>#&Y}*ZX+d|!n%k2U*c7{yP-3I{H CJ$CT` literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt b/pki/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..56b1ab45831fb547129ed606b10b8b9fd90321f3 GIT binary patch literal 948 zcmXqLV%}iT#57|8GZP~dlSn-y6Eh1d8#@Ol7dHd#AN85K^Mn-N{ z1_M7sZUas>=1>+kVW!YvLwN&P5Qj@xEF`tKM8P?=s3bEjGdZy&wOGN(z|hc8&OipF zfLU17CqFM;Avm=tGciZOuQWF)wMfC)(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!Ty! z?Xxs6huCM}nOByWlbND`#a>reWS1&{oNj1g(8Q>O>{~`w2IeM4eg>d87gG}>Bf~M{ z1+G4q8dm8ku4}lr)kP{}yO4g2@x6toK5KXF5sCg-{=w4u*5@B79}-MuPIG$hwu_&A zcXj3DDd`KBY;=v%oZfPjKiP415|`~kxjjd+6#H8mpKqVRTQ%ot?Ty`wOXr<(kl$J; z=ia?#X>|Vy1$7(Kd8fo~{tqY*^pgAd=jUxxIjxDJ%Z@cC$emiNy|B!eg=Klnw*|_t z%N*ZcH}IXw=bjswulZnarQ!=EQ{{-cTirVCD>MV&&hcCqm+^bq$+))Scc0HOb~`nm z4GDF6@$&A@b+1BqewiTdmYnFfnf*l7<+9|avvSF0=Pb&v?|qeQ_H>ulJ>Lr-y1ly} z<|x^%{=7(%iJ6gsadEamrhz;#h-H;oBn-qFM7Wc;yRSRMZX{iw|JZ8BEAIc-QmfF1tE3c3%0iH$_*>E+4i3)qO+yMfDfdfpONuD3kx$7%LfB-5MO~sz<|$y zhm9+t&4V!&m?8}rk)s2c_<+&D$Pl@8_Wx&RyJqKdC6{?E4HHiMe)CVuiAC0{3OX;_ zugqEfI{5hmmDzc#ZNFbr-yt%|@YMR*FO8GeJ7Zo* z+l4(Iug-6%`OD@p^I5}JyR-;Y_K)&GR|DS63ffR4dK@j&sI*?!&E2 zm*#Q0o$&ta{%C){W89MG(Fvjx|ICYCAK7xjX8$|R4bnB0&P%thauo3_e7oQ3O5}!j ltDG$lYroy}enMrY!K#}-f6=(kkeQdR;8v8MtB{yi z8IYfonOv#h>}Vh-&TD93UZl`k>TjqcUg<0#I}Zd{CIxUF;|km z@lng_=>^Y<pc)w}2JvvhPevOjKKbl}XwiT%qs1@Ens<(_oQBYyhxnYyfd zZ3_}uT{|3Bi+t#FPv_nAsr$n+zg@RDlPn?8P*Po!#{d;GR;a{^E(l=f$kF{Cfy+r$# z=#xo?PEPk__W5)-+UCQ&lzr1x;>)E-KiJ6gsadEam zrhz;#lx3A!Bn-qFL^6s+9&nqSFLJmwW!g2-)m2OK^?JZ*Lza(4j77w-yJK=*`MEc{ zpSbI+p1M@$*QL#+27Dm>{EUqMSy-5vSUwntgZK(80tS2rJZxMEZ61uNz*J~}o(6%@ z!N_2J-=#Kzwcd8+n}B60r#pO~w6%$D)msHI5YAYq)kk;f0Lr#9zMQ zW+6MP5|bK?E_J3Da9@eaI#6-uf6xEO)eUK@kFx7zwukW>WwF literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt b/pki/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ee6914c15aba209a9ba118c78fda02befd710bbe GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!iILHOmyJ`a&7F(Js3QelybUc=GGT>E(UBm1)Rm(#guI=wH4qvv?E~~$i>-2_uN5kC>)H1zB-+w8fl%rAo0YaN;pu}(pL3h()wmv`h^zP^0* zaJp!jNZRq2NAonJ3WPSYi?&t2*Hmx#A6jd|S6WfjsPLsX`%t6Rf@h{r3a@`UX0_ZX{Zu}@yczxCUh zW6gzE^cJWs(0*3ct&@`%{y9Ei;WxMHD>oUgn$GpJfnWuW{3h!On^q+kU zfqMI*0@-&g+Zg%x1kW$VxQonjpAXM&+QB8Wx58qM*>%@0*){jCi*N~TTdn5rq5AOu Ne73B|>(92;0ssddXNdp+ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt b/pki/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..30b027590338a44d691c4c5c85907e78d44285fe GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pV#K>sC%f_kI=F#?@mywa1mBGNtklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6fzJ1DPR`n^vhRp4)RfOb~KO^=QT7i zFa$yiV*>+&C~;n614AQY7}p??L^})(^dWX=c;=NQ=47TQ_+}OtXXd4YEp&B7c9sIj zorVTYj7rEpV`ODuZerwT0E%-lH8C!3oAJbOyY$u-+nj=Km!AEe zAMIH(Pgv2eRz~8rlc?Oj)t*tGf3t51-TiFx$p!Ow&0f{$&&dx}$u9fvGOOzhA^$F;^h;Nfqjk~j{l{ez;-meZtHtj0QSC+kI z+7`DX!g}#X*_xLd_T}h)wBC`(EAWmz`DxS3W73HX-+Ig4bxM|gu2YgRYHhmP$9?U0 I&bh^x04C02m;e9( literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt b/pki/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..80ba7a03dd1ad0fa897b651c2238e99929b50693 GIT binary patch literal 940 zcmXqLVqRg;#57?6GZP~d6CB(+$<$iUFhP{lwAq<~pi+BdVfI5RI@At|vqGub&m zuehWrF*C2ESi#xRKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgFF&#wKK4R*lOyTSC*KQ znWBKxc2`$qS1W+LVQA3AsD$isMpg#qCPsb+pg0#(6C)$Tc^B*6(C2>^f7S04n_sMM z=5$8xpNi?xw(ujHZ_b?>v|en=4%gjQuKSfAnwCqY-&YEiYF_naS$ zOYXU9aMURC*PJKDyMCNrKUcQ#c=5MOrW>6e+wUrxy!-GD5#P2`iP2B^->EXM_ibG! zcfvaJWYq`BYxDP9c&BRAbeb`Jsr7bCjWr7;*Y>WQ+_X|#=;u+MZ5|;~f=0YI3%Mg_ zas0~hUUPre)ma;z8s`Uk>!cn&!*qz_Y3E^?w>$Sfzv=3=JME}Y-K>Q5Nuo^5j0}v6 zvkfv01-nWaLyG|)NIyR#<9`+wW+s*o2I3&T0*inFp8*dWS3;WyV=6Eu8la~` zV017tgq0~2h)S)o5?G|&9JBc>+vQV?qJOUlOk$YQ@#w6P{eh_aes^yl`o-!Rc6OWG zeg-e?Sc@B9&fO8){50jxhyFVamqiwZdDW^tUTZM(N$nZkDEF(=lh5tD@o;nIlD)U2 zSw?)mL_xI8VFN zVaP46kbGj{x6&_L?0*R?PI^&to$KzceawPv%(E3)c#dAod|0HbmLbw>f4U1LW8 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b7d7de29c65e338c3f0b3bca395cfb9bed538e7 GIT binary patch literal 999 zcmXqLVt#DU#B_QAGZP~d6COfOYv7rKA>R=A|n*I~vG|^BNi$7y_Y%v4Md> zlsK=kfuWHxjBAidqN6Ph%pq18c;=NQ=47To9O|5rn3)H%5^T4Et1Gg96+i)CWYEN@ zgdAp!tPIRejQk8haW1ANMn;BZ64fc<9cz8Pwli{mPFb-QBR>lu;v#=}_FUh7Fq{Bfj@lzb~7A zmo4;ytcLuV>6g#=h#ziuDec?YC&I{AF#SYAR(!v=tI`3mT4ottyG1U$eB6DWiJ6gsadEamrhz;#h-H;oBn-qFMD}}i zH_rC$5i#tEetG7u{)SU#_tBTwLz< zRjr(r&-Y(Le9^mmQ8pqMFTXRK{L{L=VX{y4wEM0PSqf&JGLkz`%{YV2;P%d=iRNX~ zXRq&Uy?n+0@~bF+&(!XtNl%$YI9JV>xbRF*-j%afli&RLu<&nwrtzyH z4rWP*{k^Q^`xhk4X*WDlaZ$fDsJX4a=0rt1>xC(fkrGu#>^3*d#Q5jU&^+q@>)}!N zoJVK5mwwskn&W>dp6mV-5$1CXGY?v+Upi;LDztKKWwiAFEB%id>+3rhXUup20H)(| ASpWb4 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt b/pki/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ee18fa08fbb48d233ddb881f4bff98fe9cc8ae50 GIT binary patch literal 914 zcmXqLV(v3&Vk%p}%*4pV#K>vD%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nanH|BQE+xt2+GedF_07I zH8e0V1VRgA0|SF7ab9BsLnC7t*C3fhYk;~T)@XU=l_ln6rYQI&=B6q*XC!9kW#*+T zxVj>{O#$RsLxUzpC1me0vNA9?G4eA2#krW87#SJ%FBi;9a7tM3-+bZW_9F-POUx+! zmM5Y-B_&wqz3rp3F`uf_KOJuCnmKcqRZ+x3^&Q(J;;KIWKVBuc#ImDw&P|nD&xN=B z36q*MUqXEU28pis42#Sfi=-4{j&d(>+&ZI~b${HZP3M`blXkD(DSowaL+U!_kPAJl zX8A?dc28YDx6DRt9cS*xb5-&|9Fvxx*d6h&Z^Ft?c@MgeDeGPeIm)+O_h+hHpX{9- zss$ci#q%CFJD2C3cewc^e`{*dZ%zGk-w(2^eA?s{Jv)EFXI+l;1wyAK6%u==+>bW3 zxfjDw$NEP%sjL5j$M4s-n_i#W9>h2=+S>c*yNGFjCcRO;Wt1Fys+)wn3(W zJTP!&m02VV#2Q2*7+X}N_h<)A@v>biP$Uxgb-mR|a4L}HV-aH!kvhOJ$%P;Z+AGtlgWw^aE(9YDd zd}C*#&cSbzvjsE{e-e}bb2U(L-IO_7PW|1Pd0*Y6j!ipNG2yJ=@A?%xugL@z^k}Z> ze{HgqtDnulM#L(1mXPkg^fb4l3)TAjx(>hpb(w9h!==w}zcQzPX2@)x@9wc?%ACq= z&zD(F`nOxFQuk?Y>DDzb?-a<~s%E(z%rs?%g?AIXW5fFFRpnZuN%B*dZ+pv-k=Hc6 zd}_{td%yO)yQO!_>+rwXL5kWxB(+$<$iUFhP{}|6q<~pi(l0eVu_UuBRUtUFC^Iof z!LKwoDYZz!+0j5woY&C6zz_&6j13G7qQrTP4GfKpVO)b;6794#u!h)a;+a>Ln3I{J zfWvNAS7a9}fV^O6YS6@}gzRfZRtDxKMt%mMI2ThBBO}A>r2c5BD=xL~7J3#vinlsv z`n7Gw4!$bK?+rK3@_TzEu9UWXDq>yduKmQ!#4)I|@8zuGU|vhzTgS~AxspG<{S>?1 zZj1Y?tpd@{SLSx@5#JM@pUN{WL)o3bBed_|#>mrJe$vr4O%_ir9Lr1%XTHdI1#Bm@^oy7l=+;SCU{3;&DC>j9NP9=^qneOTG{BG zr*iX_#5L7YZLOkXjJqQQ!!H~^J#9f(kN#ezS^Uf^XU(Zwa#uD)^;?NH6Eh zFcAWygOR~AYij81uSU9Ji}vOPXba7;;hi7V*lu{SL8;p9%cUp%?=;`+N?Pr<*!sim z1bLp%vmRIG9(u6O@@e>`ja%6!?0h@txWEj7B5$LOa*NV`&-nMbWQ(0l8{^AU`g=B- zZITo|xN4V!=?-E3?9Zl7uM4W|=T2hmbP(G-$^QO{X$G7Z_q|p*^ao%5*g&39p~ zQ~iP+vV@I=?wvSuDrbskWUlSUWjX~*7fK&Ha{54r+tEim;v0)LX00~4-8;c{ewzAA zeUs|;zxJ9L>zGhfz3$iRVNLT;= V@#bEon@msUO*dX1zxL_>JODztWLW?J literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt b/pki/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1ec410d7554529c7b71796b8c183986a72671538 GIT binary patch literal 929 zcmXqLVxDWz#MHWgnTe5!iILHOmyJ`a&7YtOM;2h+mke6Cf5?YV~ zRHESQXdoxfYiM9#2!s~K1_lOE;=INNhDOFPu0bY=_E{R3L+mr~%qvUG$xKneVy~+! zvP%^}PB%0(Xkt`C_AMhT19KB2KLb#li>Zl`k>Mzl^NQR#jmNg6UsKj>)T=Z~|Mu^B zAWuTl_650JCqq|ozu(s$usLMp^Mr8ZnVpiX$+SA*sozrH(~@(6qqz17ONhzo z2+z$A7Bw=TnNo5pe^r0d(U~&>4=mKY&^=o`)>h?f%AYG7Ilaeir(P-1dHKv}Yf;Fx z>5tvK@73s4o_l1-^dAxuYwCB(uf5h1r7ZNEJ)d86+4@N$Y>&PM{5Z#(e}s+g z=(E0f@e>b961M+K4Lck=H~y;QcEfJvRRw=^>`GcqtP&Nj$2kOu~_ ztTKy)fmnmcxm)tLqR#Y9|D_Az-Luh!WLVQ`|5RVw=CaIOS*9j4ETL zzI$1<4I2$anLizy$9!^nS-0bSf4h6l!UwEZUIOL4qM zPC7IxeF=Hn(dRNlKrPbW_jKaAD#7Y&r=Gem&Hrg!m{R6sdwwyqLE;?+(Km+=`7~V5 z5qayjqw2EX_W$w~8dI!Xx}UGA6#uPz;4+i6fc2laJNnWGJ3g(uCHlY8l z)NW?%IsOJQWyAPsawe-JJ+v9V2fj{a=91cMQg!6Y9}_)}GNslTKhC{ekhtN%bt+_B%q@z;)bJ0~%zcApN~_wa*jAG?`Y{}k!E+e>wl)0SM_ z?(RRM=9a3R>-MYjg<@(YO!%jt_7T)e$nBlADSNh^-zu@hUDdjY##5d@@P4uAO@fRg zgVypDugpSiwu1gFmY2GEJlZU`lKESv)bw7zBY*b( zJVbqABz}^ z$jANvUfg}rzVMtyd6StUOMqOhtcn32NIyR#<9`+wW+s*o2I3&T0*inFp8*dWS3;Wy zV=6Em8la~_V017ttgo7``Y8Eaai-`0x9#&2_p81AEA*p7QA}gir)!V4YtPk^J~ORs z*9H9-o8OdKPgXpAPGf@X8P*dI+UD1r#ZC*VnQ`KMV~=|C7=5=^R)#t1Wc%*j z`+_XS{CAd_DI;U8Y4q^>6u~&xEB7rQW>eF{@ggXZ&L8BQ-9aYdr=H zJSvNoCB3&@(BhrrKI8mPZ?5ai_us#oa_V4Fv7P+7ZOnc1UhLoL{L6aAnF$WscX|$W ze0Nvnf0z5NZzc1uhx>hmmiGLYU}r1RZeX6+vtyE9n&G9BhdI1$pRWmvo)*3_|eV-S8PC6F=4cljd literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1ed661582c49fe14b9f6848751c0330ac74af35c GIT binary patch literal 918 zcmXqLVxDBs#8kC_nTe4JhzxkyIJMe5+P?ELGIFyr7i3J6jdFcv2#GK3&g@F8=%;ZW1n8mKH z$nH}BIoQaciBSpJi;S!c%uS5^3_x)%rY1&4hVvI^o;(=zH-!DJ<-KsNkWW0~S0{UL z7Ek&gd)ABTyW^wz1_m=fUOr{?w!V0I&dI>bHFFOC`JsPa|I(XHIot{#HXDBPoTad7 z-n8ZO3;O4^KAtKwBkkf*!>7CWPe{#Gy|=}W@7kx;oU&Y&p(aOsG@tx#QTwp1_=>i_ zT0p`I{Wlrk&(577a%0Df(@UqFn7zBuFY;^V+=I?3$7i4UvTsHE`zL)NVdit*vnelB zGkdz|>%R}D5BWUxk<_*`?5s%pwqSYJ)syS^4G%u^TViWf#9F2)p7X2o*W%zm++zI| zEi4U};$)0uJ2qXao76NVrF)u{R6^p8kZfKxyI$`2EKngzuZ0!P6@JnEMhDoGT*Bv&fhT8d|t_M zgVHtL*A(mbZZ+To>E~x;{LjL|%*67+KpezZU=c9jGvHz4N@(+7Oa-Pn14iWN0H!!# zbTBd;JGx-TMfO?e?%1e%$L75I+5J!>F8T3C_3Sg==e^r_=Vu5qEb?S%gMxTcu3 z=L;Wm>@a^_tP;p~E32aQkl(yrRmY4Et@Yk`DUbE`nxsghgYz#uxKdM4J-hV)tMQA5 z+vmgko~xD^oQmu9zF8=^R%^O;NyYN85QTQ>#D_UnVnr-pErUu=7B08o$@8|I`8-{i zA=l}T+xorp<#?A)@6ms~PU-!^s#eQucl*yQc&s|PwXIr{dt1R;%Z9`zL*JdjnNzvN Q@7>(@-O^z}(^b literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt b/pki/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a194a040a70a07cede92b377a4890f494bee361d GIT binary patch literal 928 zcmXqLVxD8r#MH8YnTe4JhzxkyIJMe5+P?ELGIFyr7z7z|8*s8QhqAB{11g(@hMT7?qGc%gD;W+{DPw02Jq9YGPz$*ztTp)nAVF{2!-jYRdT^ zHEfuZd~cFcrn9$;Bkz)vlhpTA3GBFfcJBPfhR7!$7exLne(}P2c~)}pi+9%>o?p9R z-zp^6b+^`O;aiWx_ZRy+)!eT2V+-}1I_cP#`pI`0MAY3mXUIPgPhBwIyY8CXD~0O) z(^vZ3y4&<1xpvc)h}w|Pfv4En>b^ZZ+5N*i<=?8^>x=g?J!v{PMR4uU>s{Lxyqd>o z_r}a6<=(>ig@432=Y3${FPF1XxpKO@ZKdLUhb&%3_su-{o`=lt{CHii^!uY?f$j0c z84Gu{1^jY&DxUw@;q{WX^4V-t_3wsd@jX~CF_j_ZOE#}aM#;K>^aVjDKb4+mVrFDu zT%2u?X&?^_U0G!o2?MbP5r$YxJN~DuwBmHXt;^6_YdqU_b}=|j$nvp>v50({7kG*> zde`x7x6W*tl1mx7DewRp`w7Yo&GhsPWA6 zx0bDQd=xsrXZl3hll{VpCp_70inm3U%$jzn_{5K`H;0{I5J_+4C<)%o5Wb`S1&|+%j0~C>m5{y7$jZRn#K_M86z5`UVq|2v^lLW1aqUE}w_WNznJ$<8 zwHQ9iS{+{U!_lzng;qq$6|Vn>SML)F47ThsozHbdx8}S3ES)Jr-&LQ!Dz9nTptoc5 zy^u+cxfkY7DNdN4$vo8}OTt2ARZq{ASKIG@3t`l8Q~tj7wo#&>#FbnD|0{k=?pJc{ zThrmWZDrWD^&S08bLQsDM6A!5_~?1x+ zU8%>tM9N*7V{Xyrif=#6qogOAgeG#_`Mrw$KydbRj_F|={C~K2J#EWOd-wXqI*04G z-_Ka^nCqy%z?)b1^o`j|tQtg4C!ex+GJojeI3Z8FSJkD?Tr_e9y0?{rSDyQ&&F8 ztv@-OXGiVMYq|3H+2-FD9>hOYX1m&N+qh~DvyuE?@h@!8CjGlS`}zW{tA*7ib9!U_ zFIsH>Jn2?oR7aK9$DZ!6lvbN52NE`Jy?V{STxRhGnM-ab_A_6!d?Ef{;6{qWBfB5( z1V5c`d*Us5y8Gh>pKU*;UX;o|_x`-`%5A|ZCl5Z+?_b1l@N0_Tu_u}@LL(Qv0s!hL BeMSHP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt b/pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..28ef8f7491e37dfd0ef06983210027426ba89f50 GIT binary patch literal 993 zcmXqLV!mt8#B_84GZP~d5E<~YacZ@Bw0-AgWaMULFbFo}HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1Wb`S1&|+%ObnVBm5{y7$jZRn#K_M86z5`UVq|1^dtsfpwpf9n>FM=mO)EO( zV@(`3EYn$R+Qc(y|C`)n0rLuu>ze-4Vv)amS?!6D)yC3g?2M@?N)bGN&F5X1Zaq73 z?*8zbUo9&;bF{RN{9}HTb>MoEfzu?3&0BSj%|HC}a+}}jpYikR7}jgw+Vw%*{BM8H zhZU!eu6!n{=GE=QxhwCTUeAf`$>Fj&Q@%ZjetBY>w4_Aai~lQsR95Z2VBgQ|{&KFK zHP5!mw>i}IzL+lj&i0^zVy1D=Hn6`)8jlc)-AN zgYWh>H_r8k-k6_=5HDm{mZ&WH(p|Yn?9QveYDcg3l_i(970=9BeW-KKyvBTv3xKP2k{kH1Pu5Lc-XiS+B_Ijfho~| z(ZCoaA;_X*pw*}Wi6>WAhup->oZ{4?veY6yV2UeAMoNBq>G@^Iu?S4Oz*uBtF!*t= zx9Qr#r75)%oPJA9tyoM(xlTe#y|-x#w)1hDw6Smg|j0>gQH**_~V{ z^!U6Q{~Nu2;c73|O4TE>iHEvcUZ{KP=bB_C^KVQ)=VrvXeD)>o$i3etU$KnYC^Drr zyh|{Z@8=CJalzD+{kvvNTlDXqxNo_{@#DN9j!eSS4ob}U6f{esUT#CUiQK+tTMAFT z)l2IAboa00Cy%V_K0<3*E0Xi~SujiOOL&2%TWy>8kpufR z{r44xv3c)Xr6qN0;=kVK-NBwuHf@nq`L_SX>uJ9&)+wyY3BG9L_eEK5idFM=yVKux KZGUsrrUU@`j&WN6 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt b/pki/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..0e7f71937a505464f0ac067c9007c259f6f9639f GIT binary patch literal 982 zcmXqLV!mY1#I$PxGZP~d5E<~YacZ@Bw0-AgWaMULFbFo}HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1Wb`S1&|+%%nX_sm5{y7$jZRn#K_M86z5`UVq|1^d`o85h1s80t^EJvzkv6~ zEBs%-F9~#xyD?*(0`K*5rU#k3cP(9Vv@|X`^hkYI)^f(AnrPV$w(w7{B6dw(r`=L@ z=i*XR|IB4wOYh{wY@By8U+eH?%hw0n-}l#U`grDl?}VQxf5Of)%DEI-}e4Mi^j*_ z`_e+B8M`V{dG40{-*R>~gK2AXz!ia{%{GyCPnRg~UCd?8xus7}dcvD8a;#^QxqDQ6 zyuUYD_kV~lon6WJS?KwPjgt-JfdMV6%pzeR)*v!#m!pF3-|X{%*hr($CMx_@9M^nTh3tfjEe-z#?G4XTZb8mC)wFmOkN^fx8;LAOAOhJu4mWvg@j-WQ4g+*V5>v7J)n3mX#PEvFq7rspKbd@s#TM zXG%Invoas^$_Q~u*@=BS@qWth>u!COr_$E)t0-$W3YOo?`R^8cHrZKX%NC;<%l=92 z;rV*zh35x-mg{Dxu8|JH*d9&aq@!sAz~Y+6i0uPLcaFYCXO^_%?EZ>!4tBXNqH_R`AM+)>eM%bmRpF6XX(xbLOEs!hY1<|bX8hPWj+ zlKvIg2V8!2N1Wx)Vdn|cHD5hfww)jFvY~WRcx0xU%~$vN-tiH?-&_>Ruy8&N0PL-J AO#lD@ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..80545971141725598750df419c4964478a8f23e0 GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pV#K>sC%f_kI=F#?@mywa1mBGNxklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6f+P3DPR`n4N5J`&rVHIC@xKMb~KO^ z=QT7iFa$yiV*>+&C~;n614AQY7}p?{M0<1%v?2DWc;=NQ=47TQ!0dB&M0S<}$el(8 zO^iy&K4WBMU~XdMX8?+GF*PwVGTi*y7s#1%@0vT)MTfJ7pQ8=rp0&;}Q|y_0Fi7%3 z-RA(sd2Y=AgbIKD3+R3m+sf#;fP2LZ%YNIOxwoEwSd*+QzUG~h+Zvy5uDUfzovsEm zro4C;;mBui&g$16UA8Udn_tFp4u@5~)w7-S?Pl@$FfnT_y0xI^OVgT7=M>d4MG7Tf zgtKf|pw4jMy|w8|F@GziYMp)-#me2&@0nDjN(WEL`B~}kx6NMm;WoujU5hW-*XW4e za}3_wx=7#U&{}CPVU30QJZslY+h=xgo1OnsIqS5zl5`%O%M%Q1nj3d?m&BqM* zK>GO^8UM4eFf*}yFc1gv6<7oe_zZa1xDwht7*l~s%>X^20i%PFq3E|@Is4AO;_s?L zN9&iZ(%17i(ILIlqn&vf+i4y>jr_USFAF-oaDMS4GMgM<3{daX2^p76h#b2kmzf0qNjjtkuwd-HrUI}yMcA2-;X?-sHy+z)7 z&-`C=>kHol>BGOpEK7IKJvvve(SOVCB|9f%ZfH6ETy)Mo(g%bMNy#JLdjp&a<46{qq0- DtJ_%q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..455cb0240c4aeaa4776fddc59b4922895df41b03 GIT binary patch literal 903 zcmXqLVs18QV#;2?%*4pV#K>>J%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXAeKZMbPcp2HmG>!l_ln6rYHoZmgQ%srYN|&B0ER{KQXd0FgG#sGXTZ8n3@i=bpcb;;eSZ!a3~Sj{`Vv-gF^*-o=-j!R8lLK6@5z1Ckh_o}=an{aF` zYf4Fz(PM_Fhf~YKb}k566&7>W`{s^@#-~XyAF{nU=@QcE7(Y+j`1PNbyVh|60$JyH z?!3Ek*GJ%_<9Y6uqi4>VPxEliexMNzob$KA_WhTA&wAb^2T$2^W$FGj#^;xM`!$~3FTa0m z*|pf2cLWad?B2n~kaTao>HYASvu8iO=z7g|O@67MF%vT*1LNXsgG>W?V6e(6vq%_- zHHbtowx~$&(GHs8WxG_MNF?y4~K8_Huax!;Kqf%5N4^th*yJJMC{XTLEi3`?5)f?1opbdHdPLzEk6J&Dv{rYUXjx z1YX8NB1(pl85NN)YiCRmZ+NC6HRX%Gwepc*&O4GiV!q88SC%_f{nxyGRpFHN&3WlA zTMjb@zWB`h)xGx4`o&K7(hJuYMZQ{A_jY$riqSUdkR0ZjhXWZhf|k~tF!K!xFlXQM zIAF5px6RBqH`kx-7pYvxw0+sGmi`aCUHR*J3dBNMJa)<`x<~jqZ`qJL&&eb1b%N}K z)X2;oPqH`MUOlVxl**%*w*s#3IWh6YM87u^j6Pqx;GrpEw#vWfl9c$N312r#bI#Y2 Hzq%a&MBP{F literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt b/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2e85ce5c21c86011f2e868184a413e49ec630dc8 GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iILTSmyJ`a&7Bg4jugte!mE+w(Csy?;+KKBo|`1+`iGA|Z|d^)-CAA_FTyqUZK273&b@9Bxv zcJX?zVd>mZ*)H03B(AN><-wZOvdb=fm{D+6%JZCu*v!Z`B4u1Hkw5>^p*T6TD z@kNBp8iVC7d%p8GxLtU~f8qWtySm7tIqb?o!7`Z{ zF>O&_svZhQA9uJA=6}t1v(KN%%An(3ld31grwZ%}Zm^bJA+J?c`?f}=j_0)C)Hrvm zJtuF(YO8VoNfLN5hW zjhMxY!SOH4$0Eiea(&g~Hx+%CIkw(ZIpV*v*KMMd#UulMVC>5ZGcx{XVKra|QU-z` z0R+*Z+ zi<W39;MHvtRpte$w&q*N=>_2Gu(FCULu=5%el_{!_p1Lgbe$2uQ9 zmJeEx$GDH3ea|w-9rt)1zT?m;TP`A4A}R8id+MBDOeJ9z`Sxi|Yt^H7#t1!RdAD+5 zVa@!KKij?6JpA9jHF$B!^@(L$wmNvUuPr*4Ra}+On#8tkPKWZ`YV#Q!vk$L&vn@r7 zA;8MhdwE9P_Z2c(KiDQSH*DY99Pb&ycC+o{g};fPeP*4Rd;itCUjcB(+$<$iUFhP{lwAq<~piIx{aLGbyvgF|RTpKPNM} z(omteGzo~D9gPg+#CZ)33=DzL!q~vTAWEFq*uc=p7{)ayBGFbS0|$t$mY#WKi8+}m z3c;y4X}X@p#igk!3g|9TaCJp?xdO;576wg>O30pPWMyD(V&rE4igPhFF)}jTIu<9- z^sBaeO6W`7*?ejY9s+x15+vtXZR^&2cV!>%Le=vQ{HOk(KiWPsMAd5@WVl zZ#5SL)%R89`1W**AK(q=c6;*V|JJTqYUNSyDsId(=59GD_%ZNu=Bw1qvh`vn3{{8N z{!Bf5rYiiQ@6oe|Ufj>Pe%~qe(%k}2)r6g2W}NxCdCxtac^~&_f3-T$BX)JhzkGws z^-o((jlOB-FBaN&{bTvH?j2gDZqv$E>P!?+VL7YLt+CEcQSR%;yeV3;$%35hS)SVL z$uT;ya+iYcL~O8HZ?)j*gS{3Rju#&s-JttsYLnXN8JHiof zckFjrp320`$iTQb+aS|G9vIfL$}AEFVhtjKwFl;OmHqTI{=THqyU(C>s`ZNwa2k>2 zV-aH!ng87A>!h^yt%@4Xrzc9(TVB8M*v^0tq@SOW@jnX-GZV`P191>vfknW8&wz)G zE1}JUF%_5^4bamfFgh3+X1u0<4*3ZKI3#@e9-`vk~{<8GIv2Y&l16A$eD|WU1 z{nqi|uD{;d--YwpqtBHlmC7s%{%Cf+;QZ&4JqxD&v0YmrR{Csm<)kA=#b)i1U!oVp zaPmyJSe$~_Ntcy-(xu{#nm71lZbi|F4gmsxImTxLApQ@zRi{QqlyA30MG z-xGa%!GP7_LvGO5&$B%@OtN_wEFQGRr)-0hRNIzmOSUQ>bLDKkdeOM4^2v#HPiCxP z&inZAqFO||{K``%a>wso`x7t3g_%}gGI?zNq)uI;ZeGXx gJDNYIUw9^cCLrD1!ns6vB(+$<$iUFhP~AWkq<~piE;BD9GbytqAU`KFxzabW zpdd3Z-B2OGP@%Xq$=T6BPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZauO|eH*kemZ0DI* zmY9>7q7a;#lcwugTwI!(qJYgY3a+lm9#8=J2$m_2e#^aPYwLQ1;iiIp>R=(a_H9;(2+r<-*p3e}6SpehXHa zz#TN%)8xzTYZnrq^2+Vo^en-l@cxX+q91hYqO>!6XWrq|40>g5;#8(7`DU%cH*?jf zoyvEjvJ`SOwlEz1-+Qy9_uTnQ3tgK{KY!XH8B*$>_@T1<_%z2CPityo**=*Z|L0V@ zN_g#=2X4D0m!o7B07H6(5?@8Z@BYno-i2hz{a$oQXyg_()vgMm1RufQT; zz-Pe2#+A_K!I%n6l?Ken(E&`8!02FPm}T?Y{oUy!$}`$l%$j@fXmiJb*fV<+nOzSb zHeY^cno0K>yVxrS4czLZtmf67&zrv{;@7K3=?Df&B6BeCf4*5`IW^iJ)(Z|nMISQQLt_Ai$mZpw5{4rlC=_7_t1h%jEZo$KhV ot#6C2Red^}@h0TW5tp^$S8sB0Ph69f8-9O5U*W8M)0}kL0l&|4761SM literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt b/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..103e0940fe5c2648487c6b00e493c7c6db0032d9 GIT binary patch literal 952 zcmXqLV%}oV#589CGZP~d6CB(+$<$iUFhP~AWkq<~piE;BD9GbytqAU`KFxzabW zpdd3Z-B2OGP@%Xq$=T6BPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZauO|eH*kemZ0DI* zmY9>7q7a;#lcwugTwI!(qJYgY3a+lm9#8=J$k5QBiBSnT5Exk*n41{+8GzzkOihf8 z3~$|D_eb{HKaOEJ({}6BZ~5htuXUgHzx^n^NS^EXIo}LbuS)3~8c$7n>dnmAl4>K& zo;~7Y-+pc5ZqCWE)@yyGt|^F1G)ynJu#LCf{k5ELhIRX~SigI-Ib-J(HBQd5b~>{< zUUiR4kN&Lod%Sx(?G(ycc5e!*zhL|D`CV_xWqdzjN&i^|xUM zukzkmAv!}ojdz1EXZs^JzwIvjuU|bhA#HEd%Eskw@_LOk=lzk;;0ns#V`H+m^WHM% zkIAa_F(${W1M4-^RRgrk;`gb4^Wl&@v*h!Qz03TBXYCV5j1^Y6jJDOEc&o{ z3ID$c(RY0pz8q0%o||m+J4MuVrczd)#vUQZ)+yql5h?p4-FC%PO`1L7(Et0=2M=C+ zEnV5XUg}8tmM1*7PrvMH=$fCuyC?6jr%ORh(z$Pb0$Z6{!nU0|$+d5iuHX8$5Cv(j zc}L`~w{)r|*Y8`vSNDtIrMCC0SZ=w-)z6RIEb&>TaD9&5T9Lz#raA2LU9|qcOI~?c zzW;0O#phl&>i%0gWfI3VomY#le|l$e)K*vO+@}!hN3XYBmSlH}|9$@SWsR?G+^?TM nU-q&!KjZ0-3HgSs+>=b3KH0?feO;>YeP>q6ru8Ro?$!nX&B(+$<$iUFhP|H9Aq<~piF*7eCGbytqAU`KFxzabW zpdd3Z-B2OGP@%Xq35c8>4dldm4GjzofzZO(z`!6%oY&aE(8w6ZH7Fy|ZZ`uLh~2iH zd1Z+?nJEgvsX1x7p2fwbsVNHB+@s*?itGmkkf$sRni!RkgMpEifw_s1p8+V&#ni;e z$gu4S>s3ki+42Y2S-Rv7%c!01-6&u1&R5SZK|evXV)62hdsgD!D#~U%c#a#KyU@9R zoo7pl^@q9VFMBzE&iuwbx4l2S>0-~>pE&4cPHr?!V&a#cNMnAD%5_dAvY3`O!W%-M-(~k0czeu`+$+>{-0=z--r^PiNK^ zvU&zDvXj-%ePb?gw(y(!Dz&8rg=&jfy~0yEA+`Mj35_Rl}D0|!Ve1(@SrzaUY*6^JA zEqmcd{y!frbN<&%%!~|-i?aKfziRpAaVElwJqEwXQPEWcb{O=eeB$Jd~4LMUM;)s ze}|?gnyq|&e}>hie^2=jSzL+PyhioKCXwc+{{m`GT-c-K@@0YhR$Hs@kC;AuHF>Ug z_onNG*;*^iB8Bz8_WEy-5c3t65U}5W(O<+_ynlUGk&OA;vPpUVuM!V^iMf&eUOiT% zHz?mlwcvTK|Bf2w6Y-pESvjgK{g&@f|FS$C@q8h(;JJ#vLx!u?l-|lx@!F+3FQevZ zwdz7oV=;m?Tzd nw<%l^^sJf{uwVVu!TV?X`ChcM++aN|zsO>eUhJ&@AI|{*=&)$x literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt b/pki/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1a1da9fe7a00073b510775d7f09abd840bf333c5 GIT binary patch literal 954 zcmXqLV%}!Z#58XKGZP~d5E<~YacZ@Bw0-AgWaMULFo-hbHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1}` zGV{_66#@(uic6D#$l1|APMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZG7{}}GjM^}ZR?p= zmY9>7q7a;#lcwugTwI!(qJYgk3a+lmeoz2;%F>{TQ3*L17+D#Zn;7{SfZ|+CO^l2T z58s$|1aDE=HbeD5ib04(MYF|%W>MbM?jPnCT6eCGF}5w(vR|peU3)_9ZSReS+^vUK zJ#&BRqUrqWwb9p|hKFr<0)}MK|wyWRt<3!hAdP@~}JuBV|-V;+}ou|L>&V`jn@&Plj z%vkznioew9ogueQ6alKdMlvfknW8 z&wz)GE1}JUF%_6D4bW31Fgh3+Vjup>z7WXBsP{7d+49Ua%iWh2q*Z8!HE!{o%Noo) zd9Q=WXLpVdxdJNc%FY{Ky#BPTV$E~QeV=1yeCc2ItSnUD(&Pe%b*z)@k)vx3A9jD; z{73UnsE^ovmEx)8R~Q2L>})P{9qlRI={vD{+L4yK4__WxsrufFtMlgE+@m2m8!yg| zpY&0TA>h=7`H`HB(+$<$iUFhP{}|6q<~pivLLY}!zVS*IX|zsq$n{n zuf#y1xHQSx(a1nfoY&C6zz_&6j13G7qQrTP4GfKpVO)a}676&`aDv!r?U`4Wn3I{J z5S*Hmrt4W;T$-AqfZ+}WS65_*D}a1rXlBsFsD$i!Mpg#qCPsb+pg0#(6C)$TQ3ll| zjceF4QdX@pS(9==T;%t{PvQroc|E6E-2ClWkX^ORvgQA~jym0|5gdx_H+ER<(0b_h znSb%e$^vu6t$(&8E!lcNBKYz)@%PnjTF1PZjRJLh7V5wLD0}<&ws$INKKI0n!f#d2 z6)x0&YSVYRAj9Fl*q`p0i{UpO9#r03{WD}u-G{d&cfCF9Y^Q$ci7bA!h4oT}>TY?r zNGFauy~W>8dQH^KIMY%{Q|7IeJCEdji^(jTytMe<1IKBPnl3o^EO;sW zv%Vrg$dQSek%4h>wn3(WJTSCnm02VV#2Q47acW8b-tp2dBcbZ}^mCgd0;|jJfzyaA zABz}^$oJ#3`#vra@L~SFsAS{k>d+}KJHHz6f%Nk;GX7^_VP<0aU?2|SE3gO{@EP#1 zaV4~QFs1@iqXBwa1V#rVgWJ?s5$SV;*FDOSN_*^j(=&F(@$N0(V%mB27KU!A=Q#aE z=&EO2!zUlk`9i#QyJ9$=S-xm|T-#DpXd9E0;=tmyPsCc*BqC6^@=8=$|FVtKYG>Jt z?)CCsC@=LYba_U3&%!-*N18te&39eoTm0j;z>F<>RQ(@m9BbGm9OaH#D?`)_n+7lJ@Y4>dNOsmrj+8U`XDeWs_ zk{_KtKJ!ZUnu6d(&ko$M3gbM!yRDsT$DM^AoeSc_4)@!{X{+yI7G1nC@FPdV`IDB0 fS&LYAzpSZL*qd~&Y{t)5uaEy`Yrd0l__rSb4gYk1 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt b/pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..d4050e6f4f04742b459745405aa43aaec4be9acf GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iILHOmyJ`a&7$+jq3LKYu5E%zhe6LLBo=Be??0F+P_r1xGg>R+T%D? zt^>CPiZ3}x2dTbZziRij`&J*T?{M#4!F@x%O)-c2C8OAc6#E>-iYqnGOt&|Cy?PRB z@?^y+_m^R7q;6#7C@058^ z>RhPgH7)gf8}a>TA7@OSqew2-WhqYo=w#zIulX_GzCSrPq2Wb>eU@>WTgbtMJlmGt zemvdy`~UI<+baWmSkD>ge3LxRdF0q0iOU-&1W5iWV>aUrmUts@btU7Ty6uOvJ2}!{ z-#laQxLBKsnUR5UagafPfjlt4WtCYZ48$5l6w3ek81z2c94Onr;k!(|Z1W60cW_FP z6(!hK4rC~hpxK)VRp-Hp{txddwCac58kLF=PR$fV4wVT z&ClCQYjzj=KUCjyt16Lqq4UjWQ}_y}6$C7P?Wb8Mnfq%~Zcl7l6l=rjg%|9z=0AV& zkjH=01+G<7-l$HpGYD}_U3lSgz?^x(^Hki^rYIH*Z~okTkk3L-dDD=yVMJX0)yLvdDrg%KH_;5YqS?=+>&lmG7?fB+#UE^wvn)2D0^0qfE M^XylgIk0>R0F6CoApigX literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt b/pki/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..77b6a3c1472506bd34f9922e5a5bd84720dd3705 GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iILfWmyJ`a&7l5?D=P68$kMLT2uVm&!rL7Es9sGy9p6euTd4DV0 z+4iOxFNc`3>i)jNVGY-gY;EAKedHthD1Iv2%I*`>7w-KWFJE(mC+V=cgTR&FRe7gd zcKdm*S;)l9$iTQb$RNN#9vI-V$}AEFVhtjmT|E^GYBjXSaoL+IHkz) zv52vVoY0$^u;sxc_Jl=0%}&Wy>72>izuJHgq@SOW@jnX-GZV`Pc<+tdD>6@_42;M^zvDD57b*_;Iyxz-r~`tGXOM@&9_r$(U04xyCx@Sdzx| zvs=I4*8H%;;X>2a2`_b*EO$OMHTK}@!*Zzwf)^P**Zfu4_r%rl=DQdB(l5>W$Fc9P zOrzCe`LNv!j^28AK|8S~K{spOxg`uY3%AYL#`Nn?{9+@^}T>j`hO8t4$@UjqNAf#ebzNT6KCBd&TR__=P^J&RtHA-xdC9>UYMK z2{&!7XP^DRv&8Q|kM)YlR&DcJzg*&x*WWGD$h=~y^MP<{3;A~nZh_Cem=s>b{&#B) N)+zgR<#VA%69A=7Yk&X% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt b/pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2cbab480b15658e146597a5ba91db56583ea2942 GIT binary patch literal 960 zcmXqLV%}rW#I$4qGZP~d5E<~YacZ@Bw0-AgWaMULFo-kcHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1drL-5ghK1Mggt`{Aq$w8IQ^S%dN+{A3U$4umBDbohME&h5(_15iPZ?@F7GGXem zScj|YSoi&DY7a0yx3Bf|4{fPaP67K9^`GqjFR_~YT7LKj&6M9y+Y4tg{=Tp*{MP$O zPEl*)88_-DOh4VUbz$_)%}3bhue@!)p-_zN=TCq49hPA+mwTQsn!U399)H)8FHgTH z3tnY9+U9k#Q;ADO%YJ|KC5yt{>8uHdcyzqa_oyB)-K?Z&=N(ska?!^1-{W&PyjkAy z?|Q32l6>sv3ua=1o9(@VPgZ=W->jG5x&FVLD!b~XV|?ig+a0WKERk|%VrFDuT%2u? zX&?^_aam;+2?MbPkq@c2?4`t`?p@vHG1FRHMBuuQ$P#dxk>z6%V-ZnXX@1e>TGc~u z4GR->r?exLS86U9@PYL6Gcx{XVPR%s`CuRp;w!KS81NbJuyG}{c`&8|Q>OtVa&!RG zCNMe}8Pa5*F1K;?T>tp^Q?A11PaFDz?p%M({hu{?#hDo!_HIlUTiRuKGqda3JNtjNWKluTgjFv%8!g;|6}-`YW7SF;+>pSi7bkov3`;_Rfm8 zC+v85I=?Jvy6Gh@Ef}i%d)C{1O2zKotHSgJgBz}-XnV&BS^2qco5MRtCDOI!^VPNL T=fs4V-f>RkyXP=(>FiAaT;XQ> literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt b/pki/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e703d679051ee41644b792eb30c0422831b403e8 GIT binary patch literal 960 zcmXqLV%}rW#I$4qGZP~d6CB(+$<$iUFhP|rXIq<~piH8`~(u?Q%EtVkg-FGayQ z$Vb6DwX#^j+0n>APMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z3KH%2FmQv|Z||8`mY9>7 zqCnUkuC6F<1o_O!(4dJ?2{|wrSs9p{82K51;#^EkjEoFBs!o}SUd?;3SXxRh($iy# z$?99hOmmO*Z#Lr(TEkwvtbX>(zdq|)8a4=Rjlz#T0y%xI{%xJA_@%q8 zz(Re!rR|XoSrRURm$&5mv@hGfr=m{z+;(7Zua?>L+Wh&Rm!_3D-6m>p z)4#l&{6(YT(GlH;Cp`nRygWbJ-nuMkzFF8wWrhRan%nayH!ybwMr$9a){0r#op4`$ z{T$8{YBTNMs=d0$H?!$Pa;W#6>2sQID>$4oihq*+PxI&LldBV~OvHqjGchwVFfPtE z$TW}#hPbRUi-dt#gNVgqu||tN2|w3*_HTlV9yz4XE_nb>GqQXvVk{yOF*WA`R9MB= zFD-wm9m+a)ujI~J13r*`en!UsEG*1SEFTQSL3{-k0Ruh*9yYFoHV?*BVCpnLPn*E# zU}Ol^J^x59YuY@%ysb-*e3I}FFI(CoBj^A8&$eE_mJRi{-sp(xb_8a}WJRCd_$lDk zo4|7qb|iJqnlACbrXXbftYEL=r{|x%5Po-}c-6_PPT2>a)xElB{+mO8sjGkgOewAk z$@Ep5WwzH%QkyD!w#^~l>Cdwa)?+4&-WU0zPjKEzb$94iEz(!XOIz==a;5&~*{;?X z3a&Ov>fUVqztipft=QG6j%DkrLc$OrBM@06B;*sO8=hw zZFhA=cB}%(^~RTp`&YBis`Kql&st!*W5cQE**|?xW*(es$yvfLd54LAVy(iYb8Z>R+<6n~ zgSj8E@)uRuJb8ER(E-2bK4B-CjXl)PlvF)7x0Mu`aBKP{zH`MgA!{dIzmvLp%W;wU z_1@Qm=Z9>0zx)OFRLkj-b=}&cDIY!mE)>>Td%2liH1Pi(BjHOq%dR;rJj&mjuxrH| z-jat?UaPH>>lgHY6IFF%;;KD{-Ch-IL~cAO44d=xZ)}yMgHryRjWRtl>nFUhDAU?; z-u0%8*E3_Dm_IjXgh{Sq>@QxO*qN-TFmtZG=4QuN%nMv|L?7;b&>F_f#LURRxVUkl zLE}6Fd0;5ZDziu!h&71((pc*#c26rq`~<&@vb`GfJth$*aLSP7V-aH!S>*I!s-)4| zr*GGDGL)sRzocG-Xrq@SOW@jnX-GZV`P191>vfknW8&wz)GE1}JUF%_5w4HylK zK@x&2ItE&88W|-e1y=g{z~ohujFi^&((}voGa=Efmr;_NgB**%WDAT%Muv!AucN*) zFVuQ<+31&Zz)pVs#w(9m+Zpcto3MYvw{N>VES4SE^49$EbL zyy*9lyhnF-=RaF)Qj_x0`qiX+;lA(Rm#Q+&{=W3jncY5f7jYll!oUAd@0_&%o;>#| z^_k7g1wRYTHjxlc=G9stKI4ep;#I0`u6O-B_jKRgF4uRau_14r#I<=!-O9>B!ZQQs zmWE#~f3x}Ndrq;VyQ;I7ZTn^Bv}^h`)eWarDkd6jmzUA15-`BJn K)^49G+W`PX*mcza literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt b/pki/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e64db473af5f954231c13a9fbd8d72bf11a7ce2f GIT binary patch literal 987 zcmXqLV!m$B#I%0_GZP~d5E<~YacZ@Bw0-AgWaMULFbFW@HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1 zZFhA=cB}%(^~UA~O^iy&9%f`^U~XdMX8?+GF*PwVGMwEwch}`@Y})C&-!~ae{I%ns zdk8J#Ib+D`M)73(j&DwX4?qPfN{nnY7#;rL^ zS$eY9E5BNP{w>#xAN!wiEi=w#Eqkl{>*1X%f>A4*E`R%U!f4&@XIT^8Fs6SEi+3^F zc#HkFt?8v5(FvXzOMk%4h> z<3fYRc?R;pP?l9@kuVTz5b=H8S$O{g3*)9=WmXXzcO~5IxqKL$GGzH!#8^bO%nvZD zxe*dw`JqpwZ0<_cPfK`B*k;?#DYS4q-8Zo%RpJf-U3bY7=< zOb2U(m?g|@H!Pc;*Sz9Q^uR`)3_>H!K)^|Tc*axzwVH3V}E9-alv)Z3Rf8p J7xAk{Y5~)zfZ6~6 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt b/pki/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..8630e99cb240db1beee14ca11d97b9de02f75624 GIT binary patch literal 946 zcmXqLVqRy^#58RIGZP~d6CB(+$<$iUFhP~AWkq<~piE;KJYFTXrb!8yoB!8Na> zs8YeTq9ir1I5Qt8=4c=%&TD93UO?0rU72IeM4eg>d87gG}>Bg3aDDhz@bdN@qnZW;aT z{<-ZS-x={h1-96_j(KZ-&fXYRJL8#~p5uY4&kN0dFXs%}WBM>@Zp?2Jw~lOS#?lRZ zE06G1+kXGJXP(8P%gi+zo+ih&-HcE8_CMdPE1fU6<=+b42H*ehj?50NmbLvicjo$C z_ZG(gSlrrden30xKacdq?ib6l&1(+zd}b<(QE*qhv`}n|b@{DpmrEm@ehbdoD7E3i z3)9|o@;odTD?B&0n_r4+ z_lg~znW?86`sD>AD%bMGnTAOm_MfW1?~rL)9JfNe6j$;7Hy~W@KPo zoNbV4AP)>`S!EUp1F;4XhGmkc7wYU&r2O;C`8%CQSH9m~EZiL2pU@C;Hm+~yy4NT87&C(dUYszy zHa%iXVBx~>hb8~|{-^wXlRoX^uiBzd-B}DLsyOR4xx_h=ZFjABB=)Lm_ea%f6-{Yp zN(2^#Z?bXtpq1+_cBDybqv$QW?e9(-KjkqJ*E&^f*p+zhtYdfk!QYV@{fiHN`LWoE zS770%_T@vb#0&gIcEOe8Ee*frP?bLyYQ5} TcC$|U*1rAtE#d2_iNZMmqaI~X literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt b/pki/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..42fda8fc122d290ed37e5a8e26a3dca7bddd31a5 GIT binary patch literal 935 zcmXqLVqR>}#MHfjnTe4JhzxkyIJMe5+P?ELGIFyr7z7$}8*s8QhqABU%)%0(dD(gS<#`IuK|Ttu6(y;8 z#hLj)o}+=BIIp3BfguoD7#kQEM2Yhn8yFfH!?*@HBwA@>UqGB7tW@-qO%xtN+585!2(|CPEGyD~uGaBlPO9XziL!u4i8 zPLg}C%KEr4MuX+Smvown$IsFko6I0o&`y$s<@<+SVtfzw2Z*D)i0S;Hhu2G0w5`PTksdORnO6 zLqNnc#?( zRc4Ve5NitsrNhgE_YSko4Ay~JqMd_WECwac-21Ty7Sfl4el(< zek`^0TD;r&V|wecmH*yfPyOe*M6kJF(!nXER?p8m3xp(C%D3j18rW)!GTn`xEUb6? z8vo|{kL_Cd?NzL<3nD);-IF=@V?(N>@}tFX+n$Hs-ekp@6We=j#MHHbnTe5!iILHOmyJ`a&7GZoFdOV4P_z zF;8;EJEy!Sd!|$*+b_&Get6N&n2;}8H#U@S30d{HM07J(V^iv~2PNJbtgD=Nhu%Nb z<*UW}!?;$t+MT=!^IbSkDvRl*cv;_ag|7{ln9sQRPo|)KFg~I z*M5#UzF_*2LsNtTR^F2jJ1TVaT5?#~LA7@u1B0a5W#@fnZ~GCbp8bC1)Bh5AqG|a8 z@=JBU9GbxHrRUt*WGbKT`AW^Jb3*y%s3rcM#bVW)!%gN$xmC1HUp>Fay!)!rPL};k z@-v^F6uM$?Q-8zxHt$BeANdwLZ^mSD=6he$bpNq=mu^(|kF9-P97)!nD|PK&*xK#e z(aOYFmVRZ5!6m!=`!ADicC0&6^ZMf^FQ@l+=dI8=f7RiEexs~3-)h6ukYg=KUDf~q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..9200cccb39a7cbfafb3eb1d101cc859ed36263b4 GIT binary patch literal 954 zcmXqLV%}!Z#58XKGZP~d6JxvqFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgHjT$aW!y;SYzXvSC*KQnW7Mymz|eio~Phklvx6F zP!6)&6kIDxQuB&4^Yav3UBMCxAmYLNot*vfJZ1b$@w#=L?*j(uwZ+K*u>ptuLZ%H1X6TKf_cTE&J?>yB(uJ4od zf_XFJ+?2%St(VR*xWe{(+g#ziEt~zD%dG2HBy~%6i0eW=aoyZ$;brUi^8~<441Wi~^_MN8Xp*bl$N3|BHXV zhn8&7R}=Qn6Ylf7<~O^#{>T2nGp`@{Z)?eYD7jhjyKK$I={jD=lAf~X`1bdui1oj0UTk<|CnU(NH zY<6X0W@KPo+}L1HXCMy@Z&_s)2?MbPktenB7h|TjapZ4|HMm^4bWj34t-!b0o zFObmts;TT%_^)49nyN-mX01Pbda<7V4bMq)6&Wi&^gP%PcR~_uZR! zs_$KgmPyd6!>3wHQ^K}f)=YWep;1-kQ+M>X!%>B^`p+)&`8_H=aI>d~UFhGE3Gxq% v|Jv9JE>5%&SZUgQ)^CUR9If56Vq|u|Z*Y;?9{E1y@?zJMUh^;eH+=;F6$Ea# literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt b/pki/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..148f9fb23aba366169f5d012191e13b030930b1c GIT binary patch literal 910 zcmXqLV(v0%Vk%m|%*4pV#K>sC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`|deOIL6X@={YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C3umYxE6tA=apQ=9MMpWTq$}taEimc9#Okp=Jh6 zj7rE}V`ODuZerwT0E%-lH8C3iJTb0w8bTm9B9{dal$>##bhdqQt{v-*VUzet#6 zcz$?icw1RaMtQ=s+w*PCIi&d+PG7BiM?d?zx%kYd&l7)l+_Zb>e#>)3vc>m192YJ* z{(oDgB>OY++@*vbqm|4@Eb2-ad8e$A?nys)or#%|fpKxRL8gH`FkoesStJa^8bo+h z-5zvS1+sgsH(h^r!jU4r?JL;8DL|HwMT|wHxiM|C$0ohnHOBipzTLF`#8a?mp#dLA zKR+Yme-;*ICYBEd;vl{Pi+};20S_BjLYoI;Dln}XprK7Esy%vc-^F)&Ou;)R?iC41r zoRRKr-M#n3twUixZb$NX-)$^Dsa0^o)9byefx~ybz#nF{nUd-0pPSTeEerK(-IKXW znkwd9ZrPjaRVlvqQqR{wb&lkSm@8Iu(~l|ix|APWaz#MHHbnTe5!iILHOmyJ`a&76^m3?T*{yR=n4L||hDx54 zNa;HAUue3JwjN*8JD#+pS--AkM)j_4`MfbVD_Cv{v%vBy&mbMv53h{wFN*qKFW;=1 zC|Li+nZK{#_<`o;d7niSb(i0dh?iuW@#w#urP+#J^>3a(x;E4v(ENS+VZqs55~4q* zyIXUJ-tSddbmR7wvV)KJr{0^^aFO@=&ANudDd{N{5AGDKR6T0s@;+y2I1@7?1LNXs zgG>W?V7$sIvq%_-HHZ}4chP5_DI;Di@yX0a#N-0!#ZPa+DMOZzMT|wHW=HjmH*88B zr}`%b+&XeduclEV$bb)|pP!NOKMM;p6Uzq!aS&gDMZkd1fQOAMq0NIa6_^GM&{H5V zIv5#}b_85_vG!u{?%QD*Rd4?86`7hp%jIP9lDN}3756k)1R4(B?|xnN*|c%8N6%58 z6V(-;x4!lXjd+yqWp;>9khx^zj?ZcwS2syMk$YD1tZn5lyGgSD7N*`dKG5<@MDN14 zOE>SAU$-jO;#iWk+wQrSdGqOep$mR~&57Us$*oF>Lp$(k`Mvi&SJF4>u6WNiFEQkT z?33U}o;sq&_miEs@v*n@MjtxReExdCTW?7PHZS!fQca#tTJxCZ@_enGW9y%DF)4Fv zf`Y6=#FmHFJ_j1#N%kpTI=jqj>KvwXOLuD~J?J~Gwx{6k&E968mhvP18jqX8HkNfV Ryvs{4_;c7}f^%9_GXQK~WM}{Y literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f791140cedab3a687f15ad38f9a2a3f8d71e8c90 GIT binary patch literal 938 zcmXqLVqRv@#MHNdnTe5!iILHOmyJ`a&7OBoQtW6k&)rCR=uU^ z)m?%jVlPd2b5}RcRNZN6+!wv^XT+Zd$BXy50&iq&%@DH6wR)2DeS>U?_@qeX-`rtS z-^p*O^5t_c^a&m4U^Y1R*)&|_(33SOySzFpf__pHK~L-~bx@z&hb z|7(BLw{OheHM48aAw{jZCGxc#cfWqj2xvI9aaQ;8mF`ahY|E-cdG1=Avsu;g_8Ff_ z`}2CXJ}ztyy*O*$d05{!PknP%U(S%ayRN~_f9>Hb?bHpWHGN7 z@KbocbMX0nx`7Itf|$i&)J z^4AX?WMXDyU|gJSkZB+f3|CoY76}8f1`*2(v$y+en(w>3p{wjw*1WUt-S$O*Q->@c zix`VY|BvX5za5&nC--}C_RapZw)Butxd9(YKR+Yme-;*ICYBEd;vl{Pi+};20S_Bj zLYoI;Dli=ypr=A$bTBgHZgb?eRLgANw&<|S2PKvN9eualPANCZZ&EywbnV5VC7+Kg z%ioDJ_SvDsGaf1=|Ln0I4_zIxo?;=|gf`>#CbD2z`% dU%XG+Yu1YPB(+$<$iUFhP{KeAq<~qNKQk{SvnVyW#5u@E!P(Ks zKu(<3(7?bD2rY~a3=E>gd5sMWjf`Pjg9H+7GBD7C*re{6SC*KQnWB&! z;OdI(GzE}bjm!<27?qH{$H>aS+{DPw02Jq9YGPz$*nN^QMD?icT($DHZc?4@-6OvbEAY5KHMch}Sy6Xg$X+}> zy5Pv8D_fbnH_c?9Hn%rUqVnPSX;x;ZW^nG@KV4v^!xq1PUe9Om$@ZzMcF3zRzG!D? ztSO`(e|>Ka_oO|iKd+bEoqv6zY~^>m$?JobMI`x5H~-#zBUrjbr{Dcdx!<&-ZzEU? z+RW0oJBsgG`A>bZ>#lqc|lTUxGykLlS=Re7d=H z{m%5DD|O$e{EUqMSy-5vSUwntgZK(80tS2rJZxMEZ61uNz!Yb|Xb=dJ zkZ18S@Gx*&g@Ip;|y@rOi$ouPa-& zrmdWRv2**o%XjZ`XO^sW{;~6I>mHl07aaTc`}ppW)ZCf9X@T}E>7{kO-RzHN=q_#! z&NDuJV&8IB6}88#Q@9eI+oo*r-6tn5wcqaMG>c1XS#Ab*NWR;(Qz?A<;T1cwTe4i9 z$R0?&RKm<n ztxYc*s=Dx7yM|XrtV(@0XPv~%9OfVUB&>@(u9U6*`Cx0@-f1rOC&C1|8|Hk*3_J|E4LI4DLs{5_nL>jNSW?}x!yp+tM)Z`N9ARh&1M>7LC zab80M14AIRFg7qSh!W>DHZU|YhH(uNNVLhoKo4S*x@TTlVoqj?LUNFgXK`_9YLSAg zE3(rRKyC$E)WoQS>^(+S2IeM4eg>d87gG}>Bg6B^sVzyWZhXt9&Jc}F4$)lUq%9e> zTkpJ^N49a;vC#X$avM30WqXG0*rgNj@s9q!rP9vpkKZx6UM5xRzU=k&z=AL3(!$%B z5|yg{-0r{T#d7h1`=XBOPj$I1pEp~~)VW}OHQ|p&%(?CCZ@wDb-*Cx#Qpq*;rzg!E zAN0KlH8~b(7F4OWGb2OkgIPde;g>B6`#Y~+On)ZF|K#brxt{*#u8AujwSV39Iem|? zx0Xqw-bTLsc}Ms69lEsJY|g89j!Ju<_2jWiuw|+=mu>m$YZ%l}Vs7)4dD+UH`=kz@ z5&pn-N-VXRJ+tS(T!|{1kXVDj`Nvzc-n_bgyk7nJ5|gdRZY3>bVrFDuT-?Oy4h#`z z19@QR$||z}BeX$8{-i=L_u?Gga)04_PG7jU-P0;F1g8X9J{B<+k%_C`vX=5s@|`RY zwt4#PA`7;aiq8!AK>GO^8UM4eFf*}yFc1gv6<7oe_zZa1xDwht7*m01&VbRN@j6IG zo~7};LE{;N#*+&w7nCn4H7F)AJwQ_)H+sr5HPkdv2igEklM1jjsQ^lpY57HP0cav! z(!+$4`_F>+!9<|SZaV`SJAdy-c)>U!|BZOVtGzHa(vB=SyU-O7!dE&pASc$l|l z+c%Sgk={Q!|NlEwk}P&)_k-8nNA;WHTqN|h zzeUqA^3=*ZFIFVgt^B$qTlKMN?vtZS@7%BcdUNi{3eJbmydw8+SjPI+m2Vb9*t>5B z(r%}Byf8f%5bibEpI2FC|1vD%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDPR`n&&*57EJ{r-aSrlPaCS5^ zkQ3)MG%zp(LJMO91A{1WUSk78BV!oXAb~`i3=H%jHmQ5&l_ln6rYIx_`FIu=m!=je zxVj=cO#$RqV!#>lhCuM8RS3Vxdb9?T!m<8KqUwksn zdQ+h|{VCTxnFp&^axP@LTr}JChSMEEzdwslq}1=K|8M2)_l~RK_nsXu-DO`?EbD5! zQN1j-C^@u3^=`|Rs^?cYx@zv+75Ta6<~5q(s{7iY8t2mZ2+c81z4I?042(_{35sj zG?6ayS>i=*lE<_dIk5rr5-_nbGStmDx$sbGO`UCOajkNIie{$cX0gVbN2}MFU*x)Y zw)9n*sdW22zB!9HH~klQ&~f(W4H>RLwZG0rc8Qj(&53J$bbaP#O}cz|O? zPu-mLqR%t!_gVaU)ACH>SoQa+WWC)nP32d;lke}|TeiS-_uO>zmpP|fc|We_3w_nc z)xO(t#?z3U-$SGReh$-*{`)!4f1+@JKW_`{T#ag#Vk%&}O5IBE0n iw206Il`Cd}lirx5G`(S6X3Q3}pZSsA1k0NYbJPIaAd)Kp literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt b/pki/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..8b9041f5ba49f59d530a7507b5eef3d75679160f GIT binary patch literal 1044 zcmXqLVi7QCV*0UwnTe5!iILlYmyJ`a&7 zAScdiXkcIngcimI1_n{$yv7EGM#eC%K>~?385rn+Y+@Ex_slCx%*jkqNDlJxEG{lh zEmClGMRuA3$gRdE22G4g$lhaQWngY%_SuD3ob~!@kv`XBrC+#y&)jrHi9o*SatLed59!<YMXaB`~VxCy*(L3k1IZVB?A?XmaMV!dmjphqcDCrb0u7wEQ9k^kj*e-hl~%ks&u^ zPI&R0vh3@}ZwqWvw-?M$u-`KyYAc`T^^(^oKCBZx7@v80twCW!%A_C6ZpV*n^ytrd zm~nmj{M}D(rvw}~y7ez)jf#A%Tg$||^7S!F`|90p<%(^7awb`dZ+e!0_st0st7O`F zAKKZ+9$&pqASK%PGxx&ya<7-)YnC`KxFhW?6Y;>R>PC9i-g|oYU%rUHcT#?W121>f ziOv{3Uv{5eH?KOI7ks+3;oB7UD5jhByZ)TH^)qp5nd{-F+Q*hMerIF2v}mHmuIcZC zmORo7u&J-yyjbuhFLSoTRpkp@zow{Xp8qd7%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDc~07&&*57EJ{r-aSrlPaCS5` zkQ3)MG%zp(LJMO91A{1WUSk78BV!oXAb~`i3=H%@HZcpUd*+oT=47TQBnSC;78jSM z7Ad&8B0Eh1e|UjE;{Ixc^nO@x$>amuz&Z%*rdxuN-?M12c8r}+Pg9_bNN|D`#x zwXK)F>MUui=sPPv^YHEno9o)y*?Wzge~U}LU^#c~(iR4RV^P{1UQYj|gmYi2t2&qd zt2Gc`W#DP8mcF>YG2n;CCh?1`C6UL9OC8)6-#F%X(b;fEW>Mk7>)&5TGchwVFfMLl zvv51&hF3FmC zxN&OlZ(+q&*_C43WOjcy-~;LBXJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`ra1#f zgU0h98F`k*;|7gK3>ptEC|r=gB-bFD#PonOAF$l(3-$m1mi(~LRAd|xRf2Hg$qSr>Hp>`9|+shslk8(+@I z{OEAXFqvQWdCnd7^f^6h-#Fl*t&hMSYmKL$8=0-RSJ*LaS;%{` z|KIHA6Q5e@GknoH_)BzdySt zcJG$|-e+79V5=9uc;B3aDQ`E`9`J~GD?4}QX}@l_hc*d(_U$LC^}c_5ar}6tQqnZ> zq}-id+^aUv_z|Qr<@&>g1?_s8|Ml`spG-R)8z*GlqA g!ZqP`=QsBrG4&Ru;!E5N>0!ERTXrl^yc@O*03G6%HUIzs literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt b/pki/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..10da321247087ff41d7254d275ab8a9182513d62 GIT binary patch literal 942 zcmXqLVqRs?#58FEGZP~d6CB(+$<$iUFhP}M*gq<~piCM7keB+)s@$1^Vlq#(aY z!7pFIDX}7 zqJZ0aS65_rD}X#=Xwbx{gzR-jRtDxKMt%mMI2ThBBO}A?cHRjqUOX!HJhS+f-DUUC zKkBQBW<6qmCS6{4SFQP_$+zVfe*}n)=0Odi=46D`tHE_59(vj+BL`_RfC0 zT6A9IP206UCD)r*_Fh+PF8$kg_S%o{8y21YSjMaKM6a7!RI_x_^uV7lf9()g`M;A# zD0;cihe;b5kcCD*P5dTWN}Z;d<5{K8F)raY~VsO@t==uluu9!}K{5Gb01z z;%tLV19@OT%PO--7>G59e6c7~UA^S7%z+c7J-x!&$;#Wh8o?<Il%&GRP)d?5Y&jEw(TSeThuJ{X9D_zEln27CrQY+MO#9*n8Lv}k~y z5`odd$l&?+X}-1kd)vIpirbt%*UkAV-u0sJn$$_zJ9VzJgfcBsoKG!U9ieBD#vh#F zu5RcSyC>!M1>?(_3$Jc{pJ;8u9u<0?cV?!-7p3aVJpGRSucRf`cd`|%eVp^he(f8t zi}GBr&PobDSZO~sV6NE3Gdi(Os>@GD?zdr>_1z+6O8*C;?$fR7n@Zj=n+Q8Q8<>`z z`J=SN;Y3T4%-pblbzj#x?Y=FrvTbLH;2}vj|5-{7XV<)2EKp|56W!M3`9?>rcHW+l z+&iT&pHI$OxaWYUQp*4Pp9BS0$O*5wW2f$3HoHl*tpDK8X~#VpQaJdegzwJ$@!6tD T?NnC9=_bY*>zvPQlH>#c>UnDx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt b/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..d60812c6a416207a0793a59133ab1231d17142a6 GIT binary patch literal 1094 zcmXqLVsSEPV%A!~%*4pV#K>sC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNHjoqN zH8e0V1VRgA0|SF7ab9BsLnC7t*C3umYxE6tA=apQ=9MMpWTq&mRR+{DPw02Jq9YGPz$*u(6gCtGo=(s{n9G;0h`>Oc06hErZYS7$HTKY3mF zg3?JGEmATw_k<}QuH5Z(vp4l~^oF(vbMX%}RZ*EUzBu+N^N&++sPm`5munC3`~u{XX-} z_4C$~x1tvCbuH`g`M6E~;P=M9)ne-nmq&%#&pFS;%*epFxQS5_7$UL;^1#5ARc4Ve z5Ni;5pL}_R-^QQ!6Cd#&W?ei(;?m@q&%vocmXAe@MMUUs=l* z{*>JYd?5Y&jEw(TSeThuJ{X9D_zEln27CrQY+MO#9*n8L^k%?l5CM{qX9+a$H}GBH zy})ycJGD|A*knCgn2ef3fXRrFVU_#z&0jgQPV1zy+An^`Y^S*Xnu)c-)EkrDZrZk9 z{8dE-*Rz;!4dG_RuYX2l*_d@d`%xKUIJ;`@=A|o+F>z=rZj$-P7@TSR|L(yF#ed%H zF_=83UwZ4^_;}rmm#P^#qU~fFxLl=|b4#wdt81bvecEMLN2vmbfq(F1v9c#qR&nK~ zXi9ynn0kKs)U9SWp6{>9R(yDWeNRNrixLsW6H~OzUT*)JlUR4{@#W@(LqXpRKg#eG znr~*B=;Eh$^!+ixYqNq5n>baS#c=RT9WPiN5bf5gO51W3TShm6b kbkBT6rCx_iC)jcyTP#+4RkKszj?<-ShPCeJ*X+Fp0H5-RHvj+t literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt b/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b3c374331d8ded6af9043666fcc7dbbe6c88d87 GIT binary patch literal 1093 zcmXqLVsSKRV%A*1%*4n9L*3|tMl4LI4DLs{5_nL>jNFo+W8H8wCbGKO&t;z+bc&p-!ajjCr}Sz=CRiUQm^S65_bDS+H*Y|zB0 zgzPg$RtDxKMt%mMI2ThBBO}9>Z35qR6is*1ta7YRYPH=GJ}^b?}@Y$_bz5BL{zd3Yvr>V{}%}Z+8Z2h?@_gH>!wn#mj?DUFhdPJ>zozvRI z^-sbgjtK}0q&C*@-}3Wsx;b^#p*cC1CUdX4VjuL=@Wh#$6O*3Fhshm$VDaqShNKx9 z9aH1qy%c0oDYC3*kZY9?kz2FArrjEcYzku{J9hOMkJi-dt# zgGjlA^3$@G6CzXWn=UlID%tp8iM}y75y;!hpAvVkReQse~q4DVp&NpUC zE&6g);YbMEn#(m`jgmM{OkPzgDl=zW-`c98jUA56mnW6iwTH^J^-Q?EtKqcZN$qk^ z?S1Pr6GYxW<_u03V-~Bd6!$<;R^sLc1`aj*`~xBum(+F_I5NaO)~Nc$_3UNWL)MxHBD|ksw~PP2 zrgt|m_<&2i#NtbmrJ{Q+ORx8Zu8C(_!+B%fc8y!H&G%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNG>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C38WYxE3sAl9gQ=9MMpWTq&fmV?;~Os(b9Li@QF?yC67Y$_>3>gTG!if0SrI7l=vWCq$;$H(h9aRkHEH5`ANEB9P@{5n~ZKakSOA>(}9keQc_tRsIRH%pS~P zG~fg2=VxU6&%(mY#PY#F9K=^(5isC0;9=uRX!Br91tvEGMuP~Dggi^2fxm(80`CQ$ zOWdiI;J_y9(ZXcZ3<69>j0_QNWpiW`bN;Aj?lHG9i%q&vy@12&+v6XsuT8UpO``Tc zI}kpt{>WAFkL$wj?-cy&p`DSCFE?X3!=cyvwsAFH;m}py^mgjDlopScCtF3%8C-gK zZeCWtgxQs9+tukFss)j!qKmaw)INX7;x=1q-h9Jb@Av(8iadE}^WJIM7xOCLJ?ixQ zrM>IdjhIf`AHN++;*YQJa8f=hw)0bt!S%Mj+6u4A>!&^Dz6`#p3!d8oZ?9gqds@hcl-GT0x!)@MG$?bLC!+h}n9!8q&2Q#!EqJ-r<+34@e7oW2 h72kW@!_TrG_yE%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNG>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C38WYxE3sAl9gQ=9MMpWTq&3xZBb}JTG{o2Wpw|Du}H}Y%ji2TpAjA>shGcK@gj{tmUHV$-o;jDzvu8PUwg_x;=z_Lcg~AgElFa1 zc+ROW(KzdH&c*E-dot2oKYe+Bd};g9Z1&muH;Wl6RCyzr|4V8aSzi9*{?PfH`@XFY z17?Uds5$lP1wLg7@llA9e3`iWl|YTO*^0WrnM}-#42+AL7!`pbB5NQI3|m=c76}8f z29a_J<)>vWCq$;$H(h9aRkHEH5`ANEB9P@{5n~bAG)eR8j@LrZIXN#Mdyt*I!J@^& z-hdCJpP!NOKMM;p6Uzq!aS&gDMZkd1fQOAMq0NIa6`0%%7!4vo67np82L1-V3%nP2 zE^((;f&-hZM+=itGYBvlF)~P+8c7wsU-FdY!P(|try{ehFJ8*4V0UmY3Nu}EYyE!b zn>RTu+VoTZ?tH6ItMw$FZ%Hk;=lmaB?3{J!Pu(srIO;3-F7MaLwoLg)+uyAyU^lN- zvU{7F@Rd8f>)@hep0|6#a!qY_JYG?__0TIe<2cLPja`e@|7!NLEnb{f@@lHLVElEb zhsq&qgMa1rmn3@IM#QadmV2x;<9q9o{!ez(Ljx}Fm=LFxw&S-sSE>G-qw})Dmui_g zK4PiOc)6C+>gv`!etJlOGDa0L65F8~^|S literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt b/pki/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..de4da9d69b05c15760888de2b9e1d8fe535f0bdb GIT binary patch literal 1093 zcmXqLVsSKRV%A*1%*4n9L*3|tMl4LI4DLs{5_nL>jNFo+W8H8wCbGKO&t;z+bc&p-!ajjCr}Sz=CRiUQm^S65_bDS+H*Y0$)| zgzPg$RtDxKMt%mMI2ThBBO}8d;aK@R?ZY42o(mY*ZRq9uS=JGBdP&gyTPJ_~j}}z_ zc6VNo4)0U9W6$?{sUPny2srB`mhEQq=5)+7lbNacryToC0#9-or|-Huqp~=jdLOxrKm>TX}!b-1a)tIc-)E`#mj$7e)MIT=u6ZxX+1jhfjck(8bz zpN|G<{HWGY6i-i|!E;w_)3uLIi#;rk+Gt%)e(NCRb0SOqrG|0o$~z(McYkGZnIHYo zwae^c%S+|lXASZ)jG-6!Q#sN$Okdn8Sv9dQ<(D6;?ELyNaQ^KZ=%4_@uc#LURRxVVW?5f~z}2J*nLl~rbuFc51H zsk!lOAG6Q7^V{tgO71pZz4dzU?<3$uAj`)h#v(GMe2MeM(Dlr-7xCWA%A2XOQ(8gG zfDfdfpONuD3kx$7%LfB-5MO~sz<|$yhm9+t&4V!&nA{8)4I)4i@+^S{{sz7aycc*b zai>;-1DmWz3zJbZ2rwBjGI&|QHvRFOFSNWdT z!rqxF?ocZ{@3zPHvFl55CND_~mp*M9^|MB;3vLRvcl6b#eBfPiYX*OF7iOQEyQ*MajL3ZdG6{T>@P7$MgN{Sd4eis f2Uk@$*LN4EtF7)1w-)3(*4Ezka4LI4DLs{5_nL>jN2B7{LH)( zLj`9?137VCLjwatAha+xFffP`=QTDkG%|*94bn-p&)mQiWFNDzo@ZWJVoqj?0*1W` zuCB-qRRFo%$e@W)3E8iVtPIRejQk8haW1ANMn;Cq3Gdf+S#nR<5%5x=-~Pwl-f8ov z@i3+T%UAtx{!-R%&ZbkR!*+HHM7m7NWYIGJ*uAApR7m7n6>AQMl-+Vc+}+n=t;8%~Bkn<*oJaG*|s^++^0g z&FzVqoVv_9*KfY>i@!|@zq3`dqlPtL*_O+{AAJe?AaNpi*VdVuuEBC5_s`4{PW-;k z^nuNEk*Ft1xApeqvsH_wSGoqs+6$!27QgW9vs!&_(T#cYzSS}^c16g2eRl7Up`Qq+ zxEA~SE)g}4={LQMzXqh~-_)xu+~s4$JGZsz-`<9IE*+L}=S9t#m>C%u7dQSgX#8#< z4-8^iWflnou?7)AgW|ot1sYA4^3Pu~e|z?|^2FQk!HGhak420{#QFNAgMF)XmMmgW zn*4Ly9*$Ti`4I-T3M>K!dRFxRqRs&sMuH|vPkw_ZH^y=dcW(Slk2Zm#PWl^r{~p{wt;!9LgH zvki71>9=C&+2T>J%bs;&o8H~vABwU8h8A}Pwl3|g+aoi(=A`=8<_b;G6ZsGQT-B84 zd#>SCTT`O*G1lbP&MC7ct_UP3{i@o3`(1%Kua$yOfN^i`DWrLB4N{>ZjFDXE4XR9<}dW@Q>lQ-k%tUs{*C*m)lc{oarj5wkHG8|H?53r&G%f_kI=F#?@mywa1mBGNzklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrxY4Dc}|sP01`SDauSLEy>K!3&_vR zD=}1Xb~KO^=QT7iFa$yiV*>+&C~;n614AQY7}p@3MElGQOhNWB3+s92l_ln6rYK<8 ztKjO2>`(=e%Z&}17?qIy%E-#V+{DPw02Jq9YGPz$IK=Pc-v95%@`_9~C-*hy&ihYW z-)8)B!I$snzm~6Zv|7%-^*~@nL{=V$b1B#1r6*h#UD+l4>`yf7W0mLU4YFVUZ`&LE zbdUNC_fKaxomMe>XX3}ZmwUN+*{6L4A%|mR1Wvwrn81IgFCdV=VEY@ZQ}^S~PGqup zaC@nozRuc%TCDk(A00Yyy|K@x{Zv4J~&o0Wo_0M$u>yr*F z5S;UQ(aFEr@0eviZ0{4P;qN})ztTd%%rXJPrCSiw}`~fsJyQg+j8HtrdIy=v@)G2XkYjR}{=By*KHU^{LAT)_#?J^Fe9t(&`JV(qu)>Fe+wkju3j2 zdEA}layQGa8+`%_SF>9EgBr{uE0$;G?VWo5xy~ZfT~k+hN~_v%Eq}as`C@Yc=X^)5 zEsJuVzdrW3l9_Y*#o+s^RhU-r2o^HkTqWj{_O_STaN`p8Ee$ia9;mwT_|kn>k(F`h S5+wrS*>4&PZ_Qh{(ggqxW|DsZ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt b/pki/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a47f7b208569dc79eef9376e6566d6640d90f3b5 GIT binary patch literal 984 zcmXqLV!mR~#I$DtGZP~d5E<~YacZ@Bw0-AgWaMULFz_?vHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1F zj1-(54dldm4GjzofzZO(z`!6%oY&aE(8w6ZHApAXK63+8kbTU;dY*Y@i8+}m3K;e( zxVj=cQ~~62GlM2ZC1k%cvNA9?G4eA2#krW87#SI+KIl-Es*7BE^>E)g;mzXH6&cF> zn4em{KVKleiqlEeK8zu1`}z&P>+N+XtWT71UCh>Zv27cd%GQaK)`~bSPM5!a?pm~h z&OMzuMj{>ue^jI}H~n*5sM))GUneDef#=?RzJ4P` z&GY`0t&Izwv=`OVEaHj_dO_(1yk85#exurM>Rd@v9P@fBDE4EPLq*tinfJQ!1f$a>0oTHO&I!k&(gomCG}=3s0o(S|%xW9V&bh zzFqpDsDpvdv!dR0Q?~KMtd@{?a=F$_=J2egaylP_HMmbLoye~8QZ&KFwB*jmzzJ3x zvfHj3Yoxo}y0QA}#-HYM≶syjNF2lIsVP!^-k+jkB+I9ADA(Xw&}s2bIECKI%Co z?c8=dJZ;+fLs#r(T={*uFetCQOVB#zhSk>@E-QWGUx)0Pyd~{%xA>a*$xa`BbTw=f z(?0*9_Uud^U#Cbz;pHp79?QziU*7wAsqV^)d4-cXR(=1>`=;koc0_sN##e`)^>F>V yC2Z&BW7hY|QR>7VSJ%$o!cUK9uK4{|Kd)n2$6=ObvtRx=Z>d%#xJ)W4&Km#{}Vh-&TD93US8-&v`P+9usa+wP}MH*cQbGYPe zKSP$ywR)4iclA1sx}%W>d?5Y&jEw(TSeThuJ{X9D_zEln27CrQY+MO#9*n8LP~GCjI; z*O`fKzvdr_D7op_$sc8XMJKU}uU1N^?5yO8=tEOPD;EhLztE!Kw84wlb4uxITedp~ zIBz_z*z(5aqIaUKW5?>B9ja3rcF&q{FiBuRXWX8Be4J4#UnjV)z5Vxz*xu@C-C~BE z_3zfr%;Wl^J<~)cPfS(byz|$&qj~!~1iIBP?kXyuel*T|!+SU7M`{KWc#oCX)oU4E z%n)6C>G+lNA)X~QH+`S|j^($~(CrjY~eyo=-m-e$FG< pTw%Xn{fP;EUtQE!ug&uIPo41Q>g8W;U8Yx;n8q$x*dZ%+2mrlFh4lac literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt b/pki/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3456831e0b94209de85a52b6373284fe3293de6e GIT binary patch literal 927 zcmXqLVxDc##MHcinTe5!iILTSmyJ`a&7}Vh-&TD93UZr&??awj1)ZuK&=9<|W@cG@p_FDS^peEN0C+eRj4Mh3>k*#?;g z^1uL=Rc4Ve5Ni-|$$57>zy7tKXMM%Lvri=!yxEtD4LEjdY1QMT=Z^(5hXWT{%iXx}ZT0Dg z)1Jq_)y(`Dw6izswYb>3vn_la^6w;{pWJVyThe(*`KQ<2dF#(jQ1_R7yy4WkjViv2 zB4*2_wkSoET`>7Kb)I*3oKV7>2~%w(Oj3*69Da2&$wr7gwm#j(m;01Y*L#zVf_jbC zZQUIfQ%a|NH;q$-!?Wvptq< zxFPhY^VXTqvg(o-HU#$X+nToeq=D$GOQCw{hb^_97OmiIdiEkXd%p2Mu46lOAM~C0 z76uXFNzxY{uWMhbVsd}~=Tr6K^@96%&5TuD`+eC`mzdjIe{z11*Ge|Kb)bKd zbUeG!hQ1TqZVFhI&Rag!XMvT}$)-Qw`S*X9wt7A9{(PZ3^8$5N{XTi|zv=ZK)6R9@ zV7i$tY4m4e{;t61@4a{bn$TOKS~_jUuUoGLzpCkqs;w85|wRmAN#w^*}w@xmXAe@MTBL^=6Z(obq_T> z>}K?eX?zQ^_&eQz52T-;k?}tZ3o{eT2LnM6Ux9_ofWv@|jRnYLK#mAtk^@ErBZEuA z_ep|pC;Pp)948gJ^1Gkam*URp?=626aqb9XU-|pPxvh>e;eBe?>u;ntEe-dyboq&=M)hSJ9f*Lx6mEC2hN2r${ZFyELb6=G!NB^s=w9Ijrgr3?@7ad(b zPjsqt=iq9vTDDbody4t(}%ns+%oa=r+s;R8^0X>c>QU%)%0xc^R2WnI(>Sl>zxVnaP!g z3dN;K&W?r#a^k#(1_p*eXklz%U=StFYiwX>WDMgPq>*T)nSlw!N?p&qvc#Os6a{pv z6hs2_f~#!S|}8<#xZTOTJ#2ym;vn(;2DvP2FC;NIF{* zaQzbZW7(XIoa+{?iNCz`pTdJX-`eIKJicP`6T6u=8+3fWtPs7c;~&Ri8*Fe-j5+6e zZ*ShlI8KkZ!QEEr6&0MqA=3WLKC)I>>tddKU2Zbrg-q&`O-FzII^Nn<6v-X3V-f!c zmFKGKJ=iG#%xc9yU++-K?_sBE4t2GN&|ieGT$B+A8iW-u$if-?7N& zIoTT$*1l5ZNnf!~fKg+G)`ynMZ2wI{JZz?$SMK;0<`my}vi+)?yf70pBLm~&RD)!2 zl*%fzNEnDUh?Fe28gWxQ_>%U9v$2K87VdXmenJ$SC}jCq#8^axRE}@p_-fHy*W2sg zc$q8CBHd||0Ut1aWce8x|Ff_#GqHRy5CriRShx&04A|IMfJ_GDhyW%#U_>x7R74A? zg@%1AS8l${KS6TmwrI7GA6%Ql_boTM`RV8?#hw4^uW#_-U|~MkQDZkxulIkf!B@>v z&p9a;7kKpL_I#R|mOHa_)B1IhK`-9U{Ig(p+%>nIWqJ`?A9&y8FKiZhC*xxTG z{neGs7hkgPvYN#<$vXzmg#Cg_nWx>8-Y%{@Gb+lq?fWFHxyf9UY!eLd}}m^(8CY#&vtPoH=vr>R%f}j$P5pN*j&d8XWOWPrh|s Ks(p3Uxg`Km&R>%N literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2fc212d33ed9861b28f4d231358c99a4c5fe6897 GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iILHOmyJ`a&7A-4f18*?ZNn=n&ou%Wzx zEQrG;EEbYlT%zEdT2zvmmYJMbl3J`_WMF7$sBEAJQot-Mm6?~3nUq=Lm{%E)pOcwf zX{u0Mngm47js|k#yoLq_hCpaxY+zszCC+PXU}$6v;~J!qXsMZj3B*!e&%Cn4oXivj zbjuZ7U6CED0CK&lK@+1AvVR#_8JL?G`5A!XTue=jj11TBx%S-oCaIP6`g6QGH^;Ts zSvF?>eOjW7ezUZ-|KNM~e_r8DokA{-$~z~u4esg|tYDkpFkzLL^1475-r`MtZnZ1# zJW-y@H}UwhSE44atzMd8J63J!Qq+^J*!8*m5}VUuJLzJ+cZZWKclex-3`-VYp`Kh- zH#6{%t6bf>c@L)f3M(5=;aRV~?|o9B^TE%jE*^^9@jyo)-E) z@2OqR@EYB_O)|XKX7|uGpBO0fXO*Ov6WRvmX|tfs50|Ut#rzL;(v9O z<5_S1ovUvi(_>~zS@T;wq52AUh}qS%|JHG@uMvHCUE`GK=6%Oa76w>NZSaxz{2knV zj%9OdhNMoID74&m8LOCIbtX4YUkRIH-p)zY@U=cyd;Ce>2@e>J&H2d=JcKkCsH zyHh;9EB0>qj9Q8M-w&CzSSRfNcBt=_Y5Eac!JKxhM@8SC>=K=FFlgdC5mvpKcIg7= ze%?2_<@F$A`~Jp1c~@3yosLzyzqrvW;e5a0*%!yAE(w3aUSe>Aw1fs NZH`mB9`hC~1OQKuVaWgh literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..9aafebfc25f67c64c9d4b2f12ae6144e23830302 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!iILHOmyJ`a&7arhK&4$Z>ujw%+_K_(tWKZpdW8G=jrBCz9D}MEsyy%F1)un^y%3P zPjdeWhgPp#`>CMl%ySphbUmAP~e|9oX*xF=uY=qj>u-&PVY65RpIA-Ww zt9eu6ROa4$&&k9!TfEKw@srq)l27aIzHxZE#QukfT;(p-4_33Y8MaL{|9$nC#it{C z1T@%kE9XAE>~TY8X3wFko7QU_zE|~fmS@`W%K|(mrF@rz@BgS>E#}F0nkQ(#`L(jP zr9w|1ah84WVNX1)f6HdcEyWG|Iy2g@Utsa#a%ago@>tK1f%TZzmi3#yo{^na`?8gb z;YIQx(cZm#yk@Qb@+anSOyrUmxi5V;7%OPlyQO~H${G3a+8*Y;@8s`%TePNVS^JAV Qe=fb2*KZEp*6zFv0AL$qZvX%Q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..65ca6340ea6e3a706e2f767597c7c92d362a734e GIT binary patch literal 950 zcmXqLV%}uX#58LGGZP~d6CB(+$<$iUFhP{lwAq<~piIx{aLGbytqAU`KFxzabW zpdd3Z-9VwZG|Ab~Ku(<3(7?bD2rY~a3=E>gd5sMWjf`PjgDetlwKA}P*lOsRSC*KQ znWBKrb_G{gWEU%dykKb1#HfVqX+~BC<|amd2B0_>QxhX2!`TaM6E{!YCiTe9m5ae= z=l#{$>$b05)3?EWY308E4o@0x_x!#7Lh2Z^K7&_H=J!=x42xGhdgT$ZMmzBTlP;xK zmp)s!|LDJy_+nyuY)2mdmF)8$HN_tO-+A}{Ss@mShA%qNN|o8|hP@Lew@ zqW*fyw}tORk4~Octs~mCCWCh-7sKt!EnEHueq^0w_50}&*Eol?&Aj)&HF9P@yMJfq z?$44YyK`T(_pM*B+k8cai|4gA)w0=7zKO}-=w|zIY^t)dcmLg=eO=yR4s1_nm!1v3 zQK_N!Q6@UOe$tKSOfxDSEY4nM^>GXg^8K34Wao7K@Pj8871$1+IqXRd@xW2@fBF)3}g&=*tinfJQ!1fsnCEC zg~x;(IlvSNj2uRWHsQQ=yt;SoblRWXo0U`IbME}4b0z^X&wETZ$^Ln*F3LTnv9Ts8 zx8c*J=Cb=I)6yE0_sdO=Vvq|t{M%QC|CF(|Wybo%G_CMpW+CM>`O8!*>doP+j{AcgcbyFkscc4>DPP{Ddky%0; ze;i(rXLn(X&(oI?vL8IA-gHmcqGWr>;(VLflL%d<^J#-X?8Oy2Z=+tn=>9U@L< z+?#yx$jb*$d?x10gnzK)H@|Ui(R>B(H4%-M0)8F-)qe0Lvv1YJs;K{Em-3~ZUdpYv ZFL8^@JQ1ZKsdlX?LuY{?L!@NXMF6(3YF_{V literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..c8b06f07e40055a97af55ce08ae5c43faaa1f530 GIT binary patch literal 943 zcmXqLVqR^~#58#UGZP~d6CB(+$<$iUFhP}@Kgq<~piDKjr4GbytqAU`KFxzabW zpdd3Z-B2OG&`6=UGzo~D9S!8fc?}H=41v(X*ucObN}Si&z|hDT#x=+y(Q+#T3y9^0 zo_S@7IhiR6*c_qY>Wb`e1&~jS4VoC0kp0fc%D~*j$j<;2=VEGNWMtSscS0hsW2B?@ zrXAZKFMn6!v9NFnufp{y*O$)U5Pd08{`;cW-*+eJO<3yJQS@w?@ zV;6U&{1?+rxFxs!YwSI_dNs>+@!w@G=9Mx}-u+o_k>N)-z2!0Ii(XYU?X-9x^(0v- zL%7s}Q^wgrcIx4kzTvBM${*{Q>!gTIdTyn@Q}$$eQ0q16&X{Kfz0Z^jkGZW_uxRO= z7ZriBlI0Os+8>D8=R7%QV{Ua(@WUtW>E-Xg3D>VYBlg=Ni1B5c!-T6(u2=I+FD%rVzEO*3ExF<5|QO&5n~al zz0TF~ku%(WJ7>zSkb{h~A6xb)8SsJh^D{F3XJKJxV)2ZpZ(eP@cB`l4P>eEykVa!`uFr?Myowanzn?ap-03 zmOVbp{cUaM@7eoWCPseKkL0Yh9cMSx{yn%uHdfmud8Sfq^ZJGlwU;)AMdmGu*EyLZ zTyN}Wrz6c8I5EU(YSt8!&A%2K`EVtrCSUO1SQwSamT~OqKQ4WP@>+}TM8=md-#_GE z{)%7sM^lm4yic-9lP}#%=)9kCW#3toCJo2Hnzj29YiC%lJ>Kx8Y5xh?T&t7wrDM{f cPS+*=djIc!iqfauR>HGtkIs12=J)9g0HarIKL7v# literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f3526efb69fb232df87f46012b797102811817b5 GIT binary patch literal 942 zcmXqLVqRs?#58FEGZP~d6CB(+$<$iUFhP|H9Aq<~piF*7eCGbytqAU`KFxzabW zpdd3Z-Bh8tGzo&79S!8fc?}H=41v(X*ucObN}Si&z|hDT#x=+y(QYdP3y9r@o_S@7 zIhiR6*xaDt>Wb`c1&~Kf4VoC0kiE{x%D~*j$j<;2=VEGNWMtUVUH#Dl= z|17pkDipWe!uRdYlHdOdj)w?#)a`SzbKv-!yYbp%mqY6S7c_}^srM5hTiM2&?{Bxu&xX*b+-J$v$l*|o#{$2T~%+9URGgX1FG zEmxI&nd`Z1L-XD6lNHu^eDeyd1i6ZzEAijvy1CP}X@kupwx`C7Vl)5m^^OfZvyh3I zk%4h>wn3(WJTQ!9m02VV#2Q4_C7-_j=y2iVFX!_9n0}dk$=B|VI5>sK^0A1qi11AH z)BWtafN}Q0J?~ylnD9D!ZQy(ZK9GKXM#ldvEX+(S9}L7nd<7N(13m*DHm-y=55`nr zS~Ornjt*c-1V#rVgI><{pbdHp9u_z-K3nhnzCw2g%M&Z3Kc})|TiV|-PT_GlnXy%A z74xJ=nyr`E9rtJdu;t3(uW8V+Q))Qwao|1AduAbFHnV7jUfK1P8kw8-ZduBCOnJ$# z>6^Cst(|crBKD-G#t9b3(6bpr#_cn!c#Cv#t^c%HW0mq1wWBMa z$4E$CJj|_9YxG`ly7T5c!Rrs%F<&^4;>BUNU6kGH^Ou7^^3)t{3=*UTRvmio9De1> atXB)Kx@X?MC0iNmWSf53+o<>-(>4HDh-vWv literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt b/pki/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..733c152685dd340ff3020482e9fd611ee93edb13 GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d6CB(+$<$iUFhP~Sioq<~piEi*48GbytqAU`KFxzabW zpdd3Z-B2OG&`6=UGzo~D9X$hlO%3G4c?}H=41v(X*ucObN}Si&z|hDT#x=+y(E(Nl z77zy*dghfS=47TQU~`Cqt1GhO6+pf*GiYK|LiRr+D+6;ABR>OBoQtW6k&)rjml*$F zj+0JHCI5KBvP-PfOl0n>Z8o2NRdR|2RXBc6*ynUW{Ez(K1+zQrUp@|cyUS&^OVYK2 z!S@f`TNgPcKlQ{9k2i^m0t$PRc0}#r-NrTbK(fod=o*GcHFqwCFm2i=!t5-c_4e#G zn=U3l1;+^&YMt!W*o{4`tZzs&C|7kbq#S)E6tsa=fAzj1gQLwG-yOPp=z@jh*=Z^F zEf;-G+TpH#VJ=_#ql4}(6A$tIm~mf3Kl=3k2E7*#_QXYPJ{hT@e#jpuDNjgHZ~`sDThi;B9u^Q;cu*&W{SJFBlc_T7Z=EdPMY zs>3taH)!V+&SYBo*N$QDfq?y{lg@7l;&7aAFopHzU%k`+r+&Pl=(gPD-RFyex{D*~ j9(C8p8C;T%e5GD?nPL9E5V@Buli7AD-s|vLsL2cfx0r8V literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt b/pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..cfddd3a4359dc1a7353f3f26d3440b14355c9206 GIT binary patch literal 954 zcmXqLV%}!Z#58XKGZP~d6CB(+$<$iUFhP}@Kgq<~piDLb_?v^X(6Rl&I^vjnIl zMn#bf@_X`i>sRZcK+jI>+k&h@peIm z?O%_aR3n*u&udqUzX)G@yYu3gS66)%w!W(^cFI|k@6-0p@vyB5_l`3Y&wu588{)IN z_>)WbL93Y!OSslOX=h_Lb=clBz3+~D-u+I`&oOMfqWHueW$aa6vboIMCOv>+j z7b$%Cbv_|x?fZr$Um{j7J-@(v+9t6i?{(>`6RsSdz?&NSB0S0`vSR(mL$-A`9jO*E zOLG?WuaSKqa&P{sS;2nJ|813Cs2*T=?DqF+zVNj}`75O#9Iws&zjuw_tI9L39C8(^ zOw5c7jEl1kG7aQ`!7Z!IB4HrbAadwb=GQIjg>}Eo`6L*6TFYSbr6^BuYLVq*5n~at zyE5Zp$dVI@$KM>k9P}-qD{8}SB?CT?ett&A|12!bOe`M^#6f%o76Ai310FW6gf5^b|__uTMlvT#ZL@^q6fgB9O19w*Ealh~*iqmfnksfBOQMJ2QO8=n zdkKZ&7g}svUMups)bFx-5!mK4cd~QzjMv)*PkXe=2Wl!w+&wVq8kg>uHEI39HGdXn zX&O(T`oe1Kg>7%5R@}RO-r<={vDgBZ55_a6U96A09=K~!vis8usv)eC)MmPwa>r}z z_eq%RSUG$5ogXHAE#b>dU(W5W;mK*Peq(*>d!F}SS^p}(e%>V)lXff#zH{k^rmPVA Y!8gC_fBY1^9OH03e8X!m>7R^@0702@u>b%7 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt b/pki/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..16c103f7446fea365a2a9b11fd3cff873ff93a1e GIT binary patch literal 962 zcmXqLV%}%a#I$SyGZP~d6CB(+$<$iUFhP~Sioq<~piEjzU`v^X(6Rl&I^vjnIl zM*%1T(h!`Po~PiJm{Satax{<==QT7iFa$yiV*>+&C~;n614AQY7}ubZL0in%==azG&=q1cI;d`_a_<;)n6>~6zr^)zofKg!|R!TOcuLePyZOd zvEsbcjrHYsy`Ptr{5f;bj_d8ZBXZ4loI5T(JhbcoiK-;c`_q(eefq7I9e>B<%88jv z4l%Qx+#S34&7T`z&wqZEDZ6fW>Wx6Zo6HWr;ZN2--EvZK{qz;vmtEo(Zr86=i7a#o zSDoVe>S7+3%Wa{O_c*t+P2IOLTBW~HB{TZ&#)yg%R?|s^(P#7mDp#)G(k&HM zJVz={diC}qTXtUM0N=pxJfAwURv)+}7r*q_Bo+PCIa}{H{k2$sUio(k>(R-pQ+m@m z|7tQZGcqtP&Nj$2kOv02tTKy)fmnlxNho*vADNAJ4i#~Ud`NzIW%h^UpWsv@%f}+d zBGMwQBK)YHW7qZYPwTGE*{Y$HA}4FW2hz{a$oQXyg_()vgMm1RufQT;z-Pe2#+A_K z!I%n6p9biu6Br$g3^Nz6P2M6E!p8Az$zHB!t3-8VzN}h0X@POXHdC!SqoU0FMj5i} zQz(Cvs1rpV>oIS7~JWdY-_S@hmWX-O48L`rCpait&Yz>)S>vp_38n( z$q&>Sz8`%$g>m`AHP+KBAL$oPY%wlb-?r!CoEd!cYc==CjcTTb!q?r literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..5583f19690c7c83a5403e68ed46b9ee7c0e23c71 GIT binary patch literal 962 zcmXqLV%}%a#I$SyGZP~d6CB(+$<$iUFhP~Sioq<~piEjzU`v^X(6RlzSGsIVxr z1gI=WAvwq=I5Ry@!7VYTI90*f(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!Tsy9pGu; z4sn2kXI@!iPG*V%F%EHcMfQsV$aAI!O^iy&!NJJNz}&>h&j1wXVrpV!WZ1WaA(=tq z=D82rCvW^Xka%zXz3JS0ew^yxA>Q5D*YD$59QE?$|3AxR_6M$wveB8?k)?j{yUp5Z z|7TvQlUWt)Gvj8nhS=?8)4x|uTr)|3@BXWuZ;f`ZJ->F*36oZ?b9}6oMhr8ww>Qsc zZ4J-K*uY)FU%W?V35lyvq%_-HHiGI3tCW_#=_ykky^|tbWmdB8^QUXv58m9T`pl|kVVB$g zrQ3FH*x@?+rNqmyjP&-Nj3ni}^BEIfylHu}QP2Hm(jlg3fir8$yXUSh{U=&o%DXuA eo>IE?^^Ee1+Hsq{o==HidA*XwdFPrna+3ie9(4Ht literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt b/pki/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f3062e9e4803a52b6171e860e177ba1ea89be7b5 GIT binary patch literal 963 zcmXqLV%~4i#I$??GZP~d6CB(+$<$iUFh(AdBbq<~piD?7C^v^X(6RlzSGsIVxr z1gI=W0VoR66r7o!r{I>DQ=F>c>}Vh-&TD93UI(Lg0?2np22G4g$l<}r%D~*j$j<;2=VEGNWMr80!8kY9 zKO%FFJ5%c_ca=g}tB)c3B@QauK0J1Zbu+`G+bX;6ei2$;-ybj|N9*vHMMm@23(LM) z8Di+Be|AH2{n=Y#KK6amA66f~)!k{fGMP8vVb=t`j~0)1)f)XS`dg-~y6pJt<7q)9 z#`_|-w=eW~vG=|N-{!Z{u2w!3YZ^KJZes2D)TCfHMX;}#BR|Z6`;(5rH&K&G|Fh#{ zr>$6f<2T!qo!49&*)Ff+VZ6T6qg1{zZr5@K!>)s3@^e!E{bS7AQ8sI_j&t0iGn*!D zo9qb?8L@-F*wcEC9zu{v2i>i5w zX@N~1&XL-aYddhHQ@(W+_l>8ALZ6|a8YIQZb4xW(V=@j8XiYGVs# e9Jx6$=5w^*-vv9g9%!>d3`*qR) literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..279306ed188999946349868615fc5330f78a79e8 GIT binary patch literal 945 zcmXqLVqR;|#58pQGZP~d6CB(+$<$iUFhP|ZLEq<~piHa{gd5sMWjf`PjgF+JRbu_St*lXdLSC*KQ znWBJZe`Zl>63l*AS7etffV^U8V$j5>gzS4pRtDxKMt%mMI2ThBBO}AQCHXTQ!nXck zEZ?(;_mWybeIvuNJ$Xy()IW46i?U8v?wx6VT3{Vlvhl_#|4gJ?9~a7=p6T&PW%*@> zB)1iUYB{UVMs@pHb}b9k@MfCV^k;2yt;JNYgCa|0i|%QDo7mcA^I~Frzbx0p=jWyQ z*d8<)=H1Mj8ZPs19iQh~8I6mIYfQxWvwKR76J^WA7d^w;JK z8$|2PH2&_ZY*`t`A<32{dZI=-lEh6DRFqb(XUjgD36FPL`0kb^T! z>B0;5|E}T}Bm_$y>DRHB*-Cc5dbn7fz2ej&%Z&8XmWI{&Qjb@Z`&)_osun(--0IK7 z%*epFINKo8Kpq&>vdSzH24W2&zU=?L>F(JoDHY&*exd-X5BRkm@YCnix zu{qAt7wx_vxTEguO{KT<9N2W#16wB;#!44-{M^1i`(v|N@`uBv*WH@#_)R!hpdRxs zBT%2$?nd0^>-#hB+Uq9YoIb}nxc>9jOHZRqPv222{A%Q%Xu4m|jLE0%=i>(^d6NIa zonxNfSfV+9L(8=$t+ZJV3G&uqjo+Qz*8REgw^&m~-Y{n=ci7^#ER&}*x9xbl+Brny Xw6$E=lD*}##J(BwXNs6Re+&TtiM3q~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f206348963c0c5963b07796860d87586801ed035 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!iILHOmyJ`a&771Wel9-uS?Cc0qS*+mf zXdoxfYiM9#2!s~K1_lOE;=INNhDOFPu0a-w7FrotfLz2ZZ0MO+mY9>7qJYg}S65`W zDu5hsXk^gDsD$iaMpg#qCPsb+pg0#(6C)$T`F~uOjoC5;8PB>!zIyOv-9qd4MN6{| zwY=?I`TJ&piv7FWLHl0sUZav&Ifp&|qfy5FJ9nE+lHz8ZWL_OGqBM~ip=>h=jP+bhfc zWA^T4WiD-kXVzz|Ht?CM9PK9U_49&=YI^<0M{jp*S5ECbvaEA4*Vom@XV|UDo1d(C zA+%pV>mt*xSH08E6l+PmcaQgrpM2TZ|IwA3Ho=;21RUZ^`&%x}-w?Z7*l?@xW5<$r z*R32c_nnJfc<+w`|IfQ7o>7v|dSB%%`F=|E^hU< zS!EUp1F;4XRg1&xPU)6bMf+Ykz&xo#Sm}692sl~D^0A1qh`2xf`;jHE%9&x2v+DUr zmu84QcXT)41L@~yWc<&Y1XBphKEtlcRvw}zb{fA_bY%o zkD0C07kzMa$?h(bn@MlJ zUC8=m@0+$FJodTNTjA8059SSnTU6={1#3;unMgE|3Ll3 ztmZhaaI@Mwg1tv${?u2W`C%2y`_p~u>LW%j7Y^)a-rjz5`cxLRt-M>mdQF~xLZqg% z#QwZL_rbuJ^-Inky!NZBxk{OB#VP%(DpE{kA{_JXdf)i1cWJHiqOwPp&%)Ht%eDj` L@lt3|oF)eVTT5k~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ecf51285fa49fbb3a50db4bffc73271a5d0f4e43 GIT binary patch literal 952 zcmXqLV%}oV#589CGZP~d6CB(+$<$iUFhP|-jhq<~piB0n#u(m6k`Br!9uIJ7vm z2&A@H!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z91^XxF|dMIY3!L-mY9>7qJZ6M zS65{BDu6s-XlT&HsD$iiMpg#qCPsb+pg0#(6C)$Tv&N0#KW8#W3JN9HuG{mxZ%u&l z**YCJ`Cpqg9x=dQkQo!him+tfAe;5ElH`}C(ApMTde%wbjbmwT;GxEm7W3|41X zpWYw5<&#Om$G_id?>KX8V7SGiW68vRot-n&bk_1sZ=UodWd@3E4`*U#WMEueV^9T- zSXpHj2?MbPk-2*qR^DMe`%iXSNA1>m{xk2XTw(<$4Ou=GF&2^bb(->wUco;m?7cC$ z%wm#=SJ8hS194z1$tti281NbJuyG}{c`&8|6P*F00Y6AWn33^63#$P$kTT!{3Gjmi zSb!?NA;%9eO#Vx0x|qG&=cKC#&nK+Mm`p0_@8b)X>j|6bYK1a`^DExuk2zwv^n7{ z|2Y=JlEs=Y70=wgW4-sP=#n4#4?L#sd=)Nl%k`PJ|9Pi%O?=}$Iksed8@*-g1=q#% z9{F4?V)1I}t|ZA#>0izsozs1+Q{nf6F4<24Vmtjb(pY{T^$ z;OuBxB3ACfKW($d?>vTv2&I0Ni(5B{ zc299`&OY|xgQ&s}zH6?P`g(7bW>qix!uXggH21~}{->YLWvJcqiB8r_erZ~|Ofd99 za_IWaw{O2=^?1F0g;wRml2z8f=Ea80xzx)1cUtjWp2N2bC)^9tFIkaX`~2a#pq3+! z9XTI0uCcMCH=KBJ?q7zBezS{x={8s#D=JT0&;r+y<*<1LTm>C%u7iSw}8ps2~ zS5}!t!a%G+Bp~A=r=xoNb1uK_6=A={``)pz7lPA+EFX&)i^#Ht1>zq&j>c?fjF0Ac z=@GlzlgrV752T-;k?}tZ3o{eT2Lo{sUx7uyfX{%3jVqzegE1AD@(j?^9WXi=8B`;g zWPZ-5`Ez3RhGyYOCp~BHc1!=-ofZ*T?_F|ify_7N{5tuyQVw#jjHa>e+^+lfgWeHU z);|n$`W`UP*IHqH?#&Xd%q2oMlia@@pV^c9J?c)u>AOwa->EE;D>iXG7S7qQB}K5s z?&#u;Uxa@MhE~3u^mni2=96sEZS8+<7^phL{%PX%INoDwv}Wspgo=6Q1|ESN3X;;B z*Sy(rE9%^nZ>b;q8yRkS#T$K@m358V?Xlst3B8%S7Vhe|QdzD2{=rTDB{yc=QEuFL z?)5~i4R;>D+Il#p(lUMf$=-Djp9@57?9yLd@AK{jdtr&nHp5kajD;6#U!T7Aw+4%F N@8nNcg?8J!0RSAdWxoIb literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..af5aa4b0d4123d842b2bda5d0bfe627c159820a2 GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe4JhzxkyIJMe5+P?ELGIFyr82A`+8*s8QhqABZwq>W}jE#QNws%dO++|y@zadBF zwgu0%GjicE#mBxBg}>_5v)}Zmz1=nYL_ye$l2|Ub=!xu`URXRim$2k9?`@91?pr*1 zB>TdS?Y~}PkatE$`tz5(q&oW zaga&q!PKtJJJkNH@0|O|?8*FzTQ`Nwb3f}VG$Diii|3^&u2VRJ7wp`*ZtlVBH_s*U zmZAm#^Quac5G;Z2KIq zV{Scnjr1oh>N)hmASOP$a}GyCz4E!e3VVL7b1`ize}DZ;c{UR>BLm~&Y=cY#d0_a; zDziu!h&6}=WL)HQRBwOI<+r^e?6-K|I~MjraC(sCV-aH!SvgZV>C*Gxj0KL<4*2`F zGX=~`PBGvE>E~x;{LjL|%*67+KpezZU=c9jGvHz4N@(+7Oa-Pq14iWN0H!-&bTBd$ zD$Kv=WAjffka5Gx<=JLa8D}kQ(oR+Veo`uQ!N!dLLDM$;FPI~B`+l;gUytoSh49n` zi_@C2l=yz>OT-xdTxa`X^eM6FyQbu%h$gnckpJA1LmDhyTQ+ZSQ{|IT71&AHBVRsA+JbuQ`Hz*jNeO0B6ovi2wiq literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..59722f96227983015b5b6e438c9b72a017fc689d GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iILHOmyJ`a&7$ z;OuB*AScdiXkcIngcimI1_n{$yv7EGM#eC%K^lp+nHiWsY}573D@)ADOi@6$)zuZ* zkqRJJ8=4z5F)AT@l#!KzxrvdV0VvMJ)WpchF!y9m(U$AVcc0qXrrt_c?VIY_-<-F_ z`Q4FIOo|Gpy`$MSi|R(H1%6{}e%LqX+wR`K7QIPbM*AlB z+B999Pj7F6r`xS9SKq9uu)Lklkdid(bc)ow^yH8ok*l3c*?gxODVUwqNw^c!TeIN1 zsOyAHe`?j!_p#ly%)AzQubgw$?{Am>w|oA|*l#zte!-%^8SD0}=C=GlVba>^!Tu79 zU-pT=4^#Hx34T|3Xa8M^_nn&W_NTFES1q?9XLJ6^0A1qh!pp`zZH5d@!S2?6`?;X zOOLbN?n*Y`1L@~yWc<&zC7X_L6M(62`&7bke?MYRq{r7YQwz$b;fq_{C3vLRp+N~N}qUD z@ygbWz&q}X;w~TUeqA_0+KzeF1feO1b$2o>Ft>jqsFWHf@b8h2ObfsMeQ|5EtM?@K zzY_mcEy&q^We(e^8>aJ@PKosF%kus%zRUY%#Sf+Le=Q!hDmP}9K4U!h#K70A(M(c( Kx_$A%zX1U6i(R(> literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4a0f1916509cf731ab5ab50dbe3d559edf41e2c5 GIT binary patch literal 1153 zcmXqLVyQJ~VoqJa%*4n9L*415f^4LI4DLs{5_nL>jNDHZU|YhH(wjNVLt&zyxF)v#_pbURh#JW{Lv3t*)-f zj#L1-+Q`75iBSpJql~N!%uS5^3_x)%rY1&4hDR=^`CV@M?P4}6P>5XTTt9muzp*IS z?Z;=gKM^|KB4(?5ZmQD9vmS~3Yv%kmmNVAOlg!oj`x(^{-u8dZO|8ybYbx6hbIrNl z+aZ!NGx%z&zrRlUAN&5ZY%Z@h@_)*mA0#Lwx6S*|yokvP*KPb8riptuY*v2Ew%MUX z{n{j^3c;zzcFjpH%RZXn@K?W_Z;$EiqNj5E{ysV0+sl>pZ(7-cZQQFlLrvf5|4Z1bg3WkuFSYK=V;$kjx^Ej_wH2qoS7i> zV(n4=?C#>J)dhj7TuqsCOS7il-@Nju(*kLc0-Ji1$!%|!{AFThWMEv}#OMbM5ibLI zU>M6Pvq%_-HHhp>yCcWLX8rAQhsnfXwMO0y@w}7ZG$G5!BE}*j!7%Bv_@uw#cQ*P9 z1eEWeu`=hvL<2sMett&A|12!bOe`M^#6f%o76Ai310FW6gfHNzjnjfE#EDFv+ku2l*H_GO;EYWYFFsqef=-`3=Zv z4w$)sX^xR$TK}TR=1QsGr-PF7|2*#UpLF^mOS{)W9oO4hPbcLV&waVVH0|<-w^HS@ zU7j}{&tKeB0dG#L7O))On&-e=mhCvcZ$r$o$rAC0mgY^8 z-gO}B)f>60X+1~IDaJfBsFT_H?R=Bn{PRk4Zu^@rPYRM($ZkHiZ2{+kQVClbeo>JR zzd3f81zvKTp&+qP)1>f8|DNWS*$MkgBs>k@FABSH{F>&Yw}DGSzpQZDGO39@jPaO2 zjIY6V9?!$CXMQks_jz3?AZ)9>tNz4O|0@nZ=bo7JWkPeK<657$PlV37-K*fxa*uj{ W;)TKe1%j_P?AYWIeWAlSZ3O_a@s$Vw literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt b/pki/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..59a02de9d7807fddb20803b2880dad3e0f826ef3 GIT binary patch literal 1153 zcmXqLVyQJ~VoqJa%*4pV#K>&G%f_kI=F#?@mywa1mBGNrklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrfM3Dc}|s&dN9zVCJ?&iKfYVpf?PoLh@ z7O`m4=Z6pTs~;>Zwvw3ia^fQksTnJ!;-#Z@n(vvh;zHVc=NHcY0xQBgy_E~>pK6U3O2a7^R&l5h1_g^gs_bxkik#w9#`0Z)G8 zQqcyE-BuR!3QynAd-cFjU9vt-MzdC6_NQZ_XX-yXC!8rZmt?u@w6ZnxVp74JvnMa+ z&*ZI1_!9b1>LvUChD|G-&l^u&q*;<#D*H4qI%}fNMC;8d^R~EYGBGnUFfMLl^aF;7 zmw`MmjAfNsBn-qFME0fKk>g>r{&u;;WMZ&dBX5Ry-brwpkmX|$V-Zm|PksOL&bNsN zZC}q?S@nk{bC;@=0Ut;|KO^IR78YhEmJbHvAie^NfB~NY4;xoPn+IbmF!dQQ8Z_Pm z$;h)bUNdOCY>>VnaY6i&Sc7O169wKRXvk~84YUN9WLTVod<+|zSQ88~Xm62GBQyK_ z2IMpc%v``U$H<^NZ}a~a#?{a7^l+;@PPeH4x1USfHFBC=>E7hDH;dW z#)_@qcVx3G_G`KEmpXJ5>?z6r+jm?*x8&eSg`lNuHr`k3zW!`?^bGqxH|Fea&mAc> zFA8^l=N79u_jO&JT>Y9q3qIO0I6Kz3oqs)H@{7u{Z_7hVubSBi9B1NUwioiMd66G_ zxpT_Gb&_1=UX813X6*l8^KaG}p1PS2S|>l}{kU}D%URqZrl;dLtJf|t(A^xs(-qkq YzMWmy_k7>{&$bs2Xz+Z=d};I$0FWb`O1&|MbZfIguLiRKxD+6;ABR>OBoQtW6k&$8gs!#D3)!v>CQ<80~wyEKr zaPsMt3*x^ty^dIJzklP1|D1cx%*BUQuD5$WxjgI6feovKy;YCpEs9Kkc<<0|9{m2xo^)hc@MASvj% zSRKfg~zkt_e; zAF-k*Ta;&Lq|R!+rrgo2Cv9V7y!6EaMb7o&_b!*nCtXyTQ+n>nwJ`B0K_+HK2FArT z22}>~zz~*IW|1%uYY^GB^HIn5E0L;Qk2UZ6FJQB{TUgQrP8+g(EMhDoH^h%j77_gI z@a&6Pji|Eth4t&IE*pr0^eeCk81NbJuyG}{c`&8|Q=I{$0Y6AWn33^63#$P$kTT!{ z3GjmiSb!?NA;%9eQ3B(Kk>TrVuB79I?4C8P0ZUY@QdqkzwIlETYLs4)tRs`pJWuof zn{B7oz5MSL=w4%XTk#yLb5@we#FwcPGbcEnW%;<>Bl(VHbpM0))e13Jw;hb~d-m_r z=1%uJM=!ryd|{5X_trUE9w_*JvnW;YHhH!*dC#8-Cpc6rO7E@O#r|<+Qu>ssZmlev z)~c$!oz5hZd;C`8VS{f<`?EEL{w;VF_Iz=hc7p$(eeox9{0vwOl(+i6|6!`HeEVah z+wNuUY$x~5W%0Kbu>T>qa(+<8ufmz16 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt b/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..c28c455abbec7238869de6fe616d60e0ee8fb4f7 GIT binary patch literal 940 zcmXqLVqRg;#57?6GZP~d6CB(+$<$iUFhP|H9Aq<~piu^_P|!zVS*IX|zsq$n{n zuf$BDxHJiZoE;4fBMjukc?}H=41v(X*ucObN}Si&z|hDT#x=+w(QXR^Gl<>#o_S@7 zIhiR67;aE-bwzfx0>~GJh6YWHO2{5(WMyD(V&rE4igPhFF)}h-Jz4Yr#>zkQ4{T3a z<5}OK;wXAbd}7@LVJ5Rur>+aV#ec$SZ@3JelyWDo{{L{CO zpB^~0_IBbc?~DDx+H#Y=9V{pfnPyy_S*u%V`Mpuv-D4N?Ohe6mi;o5bH3m*_+gzB? z7kGQ$mxb&x;&T|EZggw^u5ecHmF^wCS@(OiEl*bHa7F%D14CF=nMJ}ttU;vt){d>m=AP*0sOh$UD^;ZWXub3+aQcwtV-aH!u?+ty zklR1u_x8xf#a8+oODt~hTyDSz($CMx_@9M^nTh3tfjEe-z#?G4XTZb8mC)wFmmtwtRB=bev1Xb>_N+OY{5!9o{eev-laO(KCIa z`){9q$W9bnR20VXDvODGn%%x^`=^~2O?o@MCfD~^J~BT#{nc*whqWoEIZke5k~;QG z;*9$@hN7144QH?J-fj>X`R9z>dFI@fISx5XdJ6hBel1fC^3o|W+B+qr<2B34Zkg^G z`?D=lb@z7s<|@)uidnZ$TJ!Qt?%sNjZ~^(KKefIB(!0JtP>(D2{jlKt>lgm&qFx*u WG^3V1lUn5Rao?Il5rK;mm@)vW0c-&P literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt b/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..dc6d0dda96abdd606821e34a0bb530edfe508d6d GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d5E<~YacZ@Bw0-AgWaMULFo-hbHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1gd5sMWjf`PjgA5YwwlFY**sbrGSC*KQ znWBK<1_f7FWJfE2d|_y0(8Q>O>~Tg`2IeM4eg>d87gG}>Bg4$d+|9)mJBst)1@`$j zc4x$|-SGSFwbzea&#zLv`10K{UyG|HK3d&tt3Nx=p?Rx-_(UUxabZ zmk?$-yZMOA!m`EsRS^{rnYXS8J^0dD`IOaD{#G}eb;9CFEk`TGmT0U?5o>#`;rC@m zzwV~=b1ZzEDvKF)HS<1cKQPkZx}x$gPw?r^H8;8PYKo02_4!v!_tk$cBBI4Fr&gx- z`+;NKP1XsfwhpEHZzldKe9=(MbNWlG=ymQU$M#dTo~l82?yOW;VWHY9?524qt*5)W*}w2 z2NK{139tZFd_#^OV8R5(45UV#%42H3 zm}sow@LIIiz4xAVjOEPMSBGYJrA)S4w|Z|56Te7T&~d>tj0N*MVy3KUbyBM?+}5R8 z&C+TuCS-7r?e#A!=V`mNG_4K)U+_97>$BP2&Ynv^^5Yw>Lplj!U#;eybb6G%j6b=~$J<<9%_m@?NG^6>3u^DSC7-97u>77NqN3|Gw?X$23I)*aY!==7wg gv5G#=PNd4-y(0Cf>#9wdsMej|PaAk%`>tpK0GFIuEC2ui literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b8830a2405533a0bda0b7229832ca714cb379870 GIT binary patch literal 930 zcmXqLVxDKv#MHKcnTe5!iILHOmyJ`a&7@71^x{Ajg{;G%+e6dzX=wfw_s1p8+V&#ni;e$Z)<{s!nc(YQ0r$Y^~Qd&funq zOG|QnzFu6(6q@p8?O%zb1(PxlY*k2f42YFJ*lbqyebRy^^-brkHV5+_37qgw_`SHJ zen{4AKRc9o$fRaLaNi9m4^jHl#ADxr+DtGuRba>r}1OlcJ(*+zZ^*FPI`Zs zB{I@n~{!{u4p zcS@GzBpis*V`ER=*|$JjL0#7?n%mKAmeadkB8rzT$Rxe@R`})fFTUsH+2(0NbDck# zYkmIMqZJh_a@Bdo^bc=V6msUASyiW-_QO;lUAD7vnexuP3fnV;A4smfcj!cvEkn?T Nd-rc&V3E~O1OS=;RgeGx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt b/pki/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b96d3c626fdb7b9f6a6d2badd6d1c450dd4a7968 GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d5E<~YacZ@Bw0-AgWaMULFbFi{HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;11n>lbjt5Tb)!S$JZ;{oo=;q!Uck}M{!hnOZN45*jPf2;ZmRs)W zE#pYGw|cT~>^|AfarEn7@@~?#OA~EP*~PXL`UT*P`T8tUEq!PoF9D{`1L|H;Oq7F0DAFVC2?e+`-!XbZgAAlCn%y zh50dS{|N*hGv|tVEH7ZfqSDS&#{KGA^RxAHANc+;<~q8-FPA&~(_$uOMh3>kH3n7S zIF(gqkuVTz5D`gA7pT2tezb_~!oB*fVzQ?e7sr89g)AS77>mf?&X|fG& z#p&6a!+X>j4a9*FB&)z8V8CaOm7B^2K*oiVMfOPEUX61K+1p*B)|_6 zU;(Q5h8#b@UCTaqcv$k$qnY_gFaG6)`yN+GWWk|gG*Rf;afe+#zRw!&=$i3_9?gd7PlQQ@2 z4}4rSHKW72Vf*T&LpvhQ*7#b4hd#Yq>QfVTM&R=*G3SNtttNI4I)COdvFZvKCSS!*X}kk|Z_nUC{+Y`P-K`_z4&+N4L{ZcB`4+B<>R!t?#_Q@W!&FU%E-J#pW6fA&3fr<|i~w}#MHfjnTe5!iILHOmyJ`a&7*v##4-yehovUir!O zF$R364H5#?_Z{0GwfFKY$3rdOqPkY=aJp?c`n<_KdY!0#_>bM?oF;xTOH8B-*Y$b% z9yR{AWy|BUN`e8;HWn+_Fli-e?EP>+aM}IE`llx++9dSt-~PPy2OJt~R`!2hYPflq$*v3$wF`H>{E}LYwfMiy{H0-6qI2)VtLI1G z-uGUdJ+Jz7#FEA@%x6C+nXgW`mZe-NcV)`EuC%u z7iSw}8ps0!SXP-u!a%G+WY^9|9pA4+s&+lryzjq&&EjrhNfS6}$nvp>v4~VEA5-G_ z`oG1)V*anB&i>miNRd@v9P@fBDE4EPLq*tinfJQ!1fiO>K& z2?C>oks;v9+B3CG>(*vyZ=0kQ>c?s!$)BM9)8&BbE}efbf7m6tOv{;B6)w|bo;cxP zv*2{q!p{LQ_gME#(tH2Z@!RZqYsCw;CPhgo{eGmfYCn&?lvb|y1^M2xiP!Gsr^J7E ze{$#a_N!4RShgKmzSO?mMJzJ;luEk9&$-Es7fc`J-oCQ=)caqh6Tf^tx%Ypeb=ow= z-G|M^Ha=I=o>P2D>*jhLz4&EMvrx(NNSfFMiaCm1U{5###Dt<{v{!gtqc_Ffa_tNe@Y+%%bH?EL8ZF=P2HRr8b0=c{ye U6Zy8eU6pOH+7TkAo@iSG089^PDF6Tf literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt b/pki/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3e1ba073e1338a36347ac1bfc007f7d533a06701 GIT binary patch literal 937 zcmXqLVqR*{#MHZhnTe5!iILHOmyJ`a&7@@MrD@)ADOi{pL zx2r3%ixog#Ff=k~VpKx*H6tqna}y&!15licsfm%1;baq6x}UnF`TM^|6jFO^3!db- zXc>Hpu9%+gedVbC^0^Yx$G4qY_0aCbd5@`jZ;vrE{J5_6Amh=JHP7jO-vUo z@?T^e$n-N`-5r(O{^El(Q?+mI=3`6-KNyy8*d3{Jaod?o(i3afU1efsWMEvJZIEdo z4-95mWflnou?7*j74CBq8!|LDI?dATd8WavIf?lUIC04Gv52vVXz26>3jEnVr$a0I zolds>kLsk#76U$zett&A|12!bOe`M^#6f%o76Ai310FW6gfeS3*wwz3Rh++O zrnb_@Qzg-uCwuyxM9CdLd%ngl?mYPZufp>C-Y=aDEK9X4zxFXl1!%{u1( z+_K!oyXJ7?Me$|%ughiK1p=-pzP#AHIK)g~J^P&KV+MAo?wKAr`C@v--^922t?|yh zGt85x_8ZWOXX1dZ#DP N?@$Sq%%qUly8$WnV66ZE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt b/pki/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4a7e31caf02fa84e04869fb54f73b5dfb8afbf50 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!iILramyJ`a&7d9><+t{ctCT!3Br3Pg}BQYPJa8f6LIOC}O?M;OHkgtBV#14^o|u<=DFP zH7d-$6{mA++wr$?0is`G>W_bSWp(a3wNSMBgktK>-P)$hntE22I_vX(Y_3_OpD8;1 z&pEfOj(cs-s)VF&<+=ovl=t@UQ|^7ORv5C;`m#yV8sUwn{bq9WFt{I@9r1H^?wk2* z49^w(oBE+bQ$klgZ|a&07o0Zqn5RYRF$(`Zq|-iOqCw*yl_!&qFDNO##UF228NWkk z#{u^A9Ht}#rjjJ(M=y4Lm?b`UWr+CP_~{C-h57w$!)x|jzpKf8PvVCjtL~1;Ow5c7 zjEl1kG7aQ`VJ)l7B4HrbAQHjYq9VOVJ7|iR?NWgvk-)F(txkedge)J67>meNrq+4E z25Rmd)9U<{CyS*_`7E&>oE~KP85#exurM>Rd@v9PnWw-4Oeh9CY+MO#9*n8Lv}eGG z938-v2aFCz28nKsS;v2=@lLQgGMicZOZ)8U9WuAx9J1WgJaOBEzwYafZdhOIx&3(b zjl4VCWiE0pe;uJBdO*OUOmgFutA{?f{9kKoCa`OT*cpGTltAp1u&>P4vE*-G}TuV+u+HQ#h{$>R3f4fdPzFS;gQ z)t;8582d(bs_g1Qhqtn}vhtHp)^A&F*Erd&z275rUh;z93c`7@zZbHXw)8(0IB&&Z z`Z6u+6L&bX%?EGe*_J-;A&%O6e*!s^!W2Z*;Yi94} Yzg-h_`h{k1uY}^7yK!qidtaRk0Ph-BApigX literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt b/pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e9b7cf2510f60e8e77970b35924220ddb67fe9f1 GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iILHOmyJ`a&7B=D zBs#%7hG9gNKS94X#>^}sHlqn4b-Qhzp<>^fRMDWsc4%Jo4?+-ITwOX`PH z?p2<@eS5;mlYDwntzXYp@!#|83oUq?p!YkVZe~!h(wVn>9zQpHGd|k=UT3G^4BzJq zW@s*)cYMV$#((KA3V*e~cYd?BOmXTJ-3c0xHeHbxubwyia7%P%Y4~%otoxM@L;3#p zT)ukt(+Yua+YXg|+{~AG?MYyZj*Fo{;@8VdG&eF#+bI$4bt&_|d8H+X#?9MbnV1Ly?nvX4f_8c&0;L7GvEX1=VxU6&%(mY#PR_-)PYG380w4+;kLi_{Qe(!X4}Uaz}te1;-McN6EQMP8q{-R7pIexvc+GY4E0GB-->I`r`#4f^x!IGfW{n-_;SPOM4W^Cr9e`LBobC8w=6DerpMl&aO_oS5A9e1FW5t49-zTGdMx zTG_=5r!FcweAMYkw{FkhtUiW8M>$lLW11$CsU`Sv)P%`kUt@ E0QdNDWB>pF literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt b/pki/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..971d0a5de61b21859b64d4de8a9ca424eb48ee11 GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iILHOmyJ`a&7eodXrUn{y6&U<_9+!;Gr-WpE6-D!N&R=j;8 zJZZX#wDY`&zyCgEy(~WALh#*2hD|#(7%USd_?ki<8QML|d2hS%*PEKzXBeNig>EBsEYgveZ3CMB&J%>rhffBfTPBt_eR-YUxOd@$Cobz`ZF!39k3HoW z-Nlc3g*`OG8JDr|*}#4Mp!}o6`hv|z&+eF-B9JDKFo#>y_wAJn3`y0GPnRil?q=NS HEUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0*bJseo`IMbtv3Oe7ukH|`(08lSv$E97O=Y?!t35Hi#!?Y|>Tbq9P6?yR#|NjM zzm#&hJk9vh2GfIig7-M0_q;k+J%#PM_FYS2?MbP zktenB7h|Tjap$Bs8Au_=4=|+x z+}`8%~+u&SO0}{cd-A=q6{an3b2pU702})SkCYT)pL%l%Y?F^v<)( zZ#3*+S$9x&r7EBHjX-7YOKy)ZKWY6ddT5P`y2OMev$%C`moD?BaQnUA_x(vUPiMxi ztV<~iw<(JIdMK-D-2Zvyg%*p|ujk7q2%OsYelMf?mcEGPE^AIcI@I&6Cw>pdPx)=u zH+g4NUeZVuFO%u43Nfg4FP*1%khdY-ihavR)n%H+j%ULwOC{Bh9qF#$*eG&0pz@K$ RzphG&`+pDmng_<#0s!tzQ}X}- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/Mapping1to2CACert.crt b/pki/testdata/nist-pkits/certs/Mapping1to2CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..4b70c9a4fc00fdc74f469f344c92b933a13eecc4 GIT binary patch literal 960 zcmXqLV%}rW#I$4qGZP~d6Qh9vFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj0}m3dkuVU0Si|p|SWu9em#$z~l5eEo>}b%$sD$hX zMpg#qCPsb+pg0#(6C)$TgY06<`sXF{>={Y}_hp?-%?R1ERY!4yoBQV3@!pHs3q)ob ztHw$+?F?VyUgG<}HLCVpu5eabIzOBD(QjL|T{PDjbWi>rw_~0Bl+Qi~VnaO}elaQL zFvu({+T;;+VPDoAi$gzWbF7>+t7rd1Cp*5Go0jgG-GAYC><5WQr>`A*bAx-4%-c88 zC%#8L)-ufde)`ay=!Q>;M_-kjhhV`HyFqR!%$Y41sIqOB2Q}L zFUCx5hhbhE7HJ`Ez8Fu#v(HFXhr5}TjR1rGuOC0-N5&6=a<{Z4fsI% z`577iv#6gOZr;0H+vgA}qFFas%|G*CbV#A{$= zFi->W6hYE522utR$Xb!uOvv#HOq;-XWn@^qWUsA?#)4=6cYB|0W%;pA)#U3j=KV1u zS}xs(C;m{_Tv#DHq0{~8J15Nyfi!#hbNi<*y=ts~*Uv8Z&x=>Tk2C(XTO4iKt84w( z$-86CPGd#h%G~2yeg{g-StuILzl9}PegpIDxI=C_Hfh2EH(cG4*yS76Pjf#caxrFe z&e_&UzQq?WwcfXj*_pJkU`}Wwlb!aZb*qC8DJ?zOQ62hDqQR$M3u; oyA*tXUfEik=w;oTSU>HWc=WECHnWdO*-NwOd8JZoM4Dx)0X1PB(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgCG*EQ8G|~SR?71SWu9em#*Mel%K1Rm{%E)pOcwf zso?Br(8Q>O>>EZ_2IeM4eg>d87gG}>Bg5+DiG+wGd&}?bFJ{3e`hD(jA7mI=tsp_Ua6T)VN3IW zi0}Qnd}EH^5spcYy+2DhUmdNi)QZ$8^n17Oh+eKin&}eu4OSl)Eoq1=mXtnTv^j9Q zpq5JOhVJc&`?>kjG}cnV zhWC@2->R(C@vLN1{a~}1^{?YI!>J2bMlZN<((_&F(yN}vOw5c7jEfsr88j|8kOzjQ ztTKy)fmnmcliK);F;m+(bXeEzE8Uj5{ATQmG;p-b^0A1qh-4ItJm5AtU*vFW%Cu{u ztE-me>-8A$f%Nk;GX7^_0VX6i1AY)+7{q5aU+cgR+Vs zHDU%L20{=~Hm-y=55`oWAqI>PQ&ga)G%zwCM<+0G0;7|Wfy;Z!R6jqx0{^ci7j&jO zJv>&XA9OoI`@me6=BHClgB1?glqu0y!&)Ro!9_NjZ38qE*<${kC1w&R}F#UWj$;ti7QT2(oPCJat z)NI}=Wxk$tQPV-A#U?wv(2R3$wmh4a{UoO|H4kE3_;Z-teRphlwpgKvKkU!K+~f;} zYd)`dDf-uSzXUs>|Ry;+x7DtCyO8dk1RjCy{6W7dT&$KQFpD`T52*|yhUrbyUv y$*#Aiy%Qp8tX5_yR~TlBbKJiFjZ^2;x#J6@k50*HpIy5@PBA-VnO=>gdB(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pjg8&k(Q818$SR?M6SWu9em#z?!uaKBm8IYfonOv#h z>}b%$sD$hnMpg#qCPsb+pg0#(6C)$TyZHVGZ3{d9D?E6{lr;J3!JVC}Hg2gaxcINx zacbnD>yGt1X3WrDw)NeGsRdsz%RcyS9{P6QkD2H8DcaTS6F=}GglEPE5&rqJ0=~8@ zHtkk7{5^Tryk3dyx<@Y8Zmh3n=3xJMq+oXc&!aPRG^gw+bqzYHo^vy@bju#EH-=y5 z?YOj0z1cd_s(taJnzH)2Up+2powtASVa@lDX;HOPZvRr&`e5C`Aed?#CZo5ikY&w+ z18)LOa~#=kkmqr4Yv=D!9`oA$iZcWIxBY$d?B27V(}S+7hdjQ#Eva98!|I}2dxZ)N zt?h25JiGB~fy9eP`570wnZp$2h4Vcarp{g}8@pKURD0lECT2zk#>I^r3>w!O$OFSt zR+&Y@K&(OJNp1Yan5k_XI;`vVm2OL2elvDO8aUEr`B=nQL_~DnPW~t-RUkU0TX*u7 z8JD)Ra;!1n1L@~yWc<&<0!&712I3&T0*inFp8*dWS3;WyV=7SGfYE>-Bq0n^$ZEh0 zqzn{50*W93F#{0;A!NmDEI>0DAX-$QS{fJ`kRuhCK!K6U$YA*HM&`)|huE{yb++nH zPFo)+x;eG#TFMsJg?Im~VLo)(p;y&LxMJ7Y0Bydli!ZIUeytOB-n_iH^;zuoea<_& z0zd7wYd?SN__L{RCY+qUvU~QLN#;{Io_S>hD!DY3XSj*XrF@WkDHd7EEVCUbE=f1Px2(IMXIad^E z4k5NxH`hDGGxIF5On;@4FyE4Kjz#l7W5pDSqF;Sm_CyuEF#h&KdDUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAcRC~R1B0L)=2wi78hscr7I*Q7H1|q=jRod6eVWn zl@u#DI~p`GDk1xak(GhDiIJZHD9**y#K_37C9Eu}dCJyR8)Y?SzvgU8DHLwuopVz2 zOo;3RzMY)KX7)yVe;-$V=`~C4puUl}GA%6S%Cz?9?o9_Lm00AL*-m3{&MYavU+?u**uyLG)&KJ|3r=*ZY~OdW_s8rJT($SVa=JUoq1D2$ zRL;z-B4F9tvtn~&qjt_nC#Vs-bw>;kbVUg0Ruh*9yYFoHV?*BV1hDWG~feC@G~<0XJG*fupvhWFnIx^gOMRZ zUB>Rr`M}M;OImjP)_(Itx9@|-Gs%l775Y;cSmIx=$vv~g?Q2dmS6z9^Ogo<0g)LUi z0UM+)2YvtUBKM0s_U-R!4%zoSTWG08;Z>82|tP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/NameOrderingCACert.crt b/pki/testdata/nist-pkits/certs/NameOrderingCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..f1c4a55fbf53a95eef94eaf74b8d5ee766f2dfdb GIT binary patch literal 980 zcmXqLV!mL|#I$1pGZP~d6C;}eFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgT~1u+M{fs2(pJ;SjxXBJuxq{DzPLpKQA#yAv7;iq!wl7r7Ji)8ZOBoQtW6 zk&$7CvZdLsZhOBNABUdH`3~zEC9bK?5Ed!-NEYP1v2GsM^ve@{KZ!2l*tB5JgE=y< z4ov>{>cyf5Yv)Ka?`t;r;*(Qb|K)(tqS&^Qs4VB7r+T?kPg?H!xS99W=IytiPpZv- zr=xME(e~MncIFLBwPNS_-~HBR@3bJQ*uVbgt_f*+3La;BO76%lN~x*0s9_IMFz4>e zx%mBp_d2r~j~)NW*8Hx#Q*fLw@IZ)(f`9$DLp%OYOqibdY|$G1*ALoUXDIg9W)+kK z6x~(5dc9|rbk%33;u#CAFRUn1wAT3X+(|vGptHFA+m^qTZzjt1_MSQ}?dreDDL?ny zHqn{q9bN*~z&BV;ez__@^pvpiV7=*IQED{D{4I)o!<1fZcZR5~kUAM1vTk7(g zu`ANR$wrosMT|vczgKtTY~LOc!=C7uXYT61s1yneFyI5}=VxU6&%y#sh-}~}kyT(3 zFyJ%bVdF|@^I%K`iW@K*@PiZzgA}qFFas&%_yML@VEiyL$OhJ262EbQ|3|@|4}G4k zH8uyVY}ar3@;vko`=hC?TjjNPa|vIaZna+V*qI6WOK*8IoKXt<7;!<)EB=r5RyOCl zj>uOYm-}wKX6QD^=2N)s_#|+%-3haI8A6}##C&$MIj!TnChPN-Nq#mSpANf!s?Dnk z*SJ@m^Y`^X7r#rM29erVX5Ln`n!C2>>(4WuKJ{J=Q^Q4WyuS6pn7wW4rNBGoL4ixZ z9Ae*jar*;qw-xtKIu%z>_V{RA&3C-FA?;&;z>gc8AqIN0Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAc#b3lnfLg)=2uLrYDwUmZd5Lrxs-<<|z1;<|d^U zDL6YCG%+e6`-YK~fw_s1p8+V&#ni;e$T02vw$u(iDVr4z8>EdcTi&eQzNSA_zfzE0 zenXPwe($@y+5r#VhLs4-Om)mJ>_6WrUS;z0>hh8+8$P|C#vT!})H9_)kYV?iW3vux zOzH1nu@^Xf{P_)qOTIIv{chzdu5RD8kw+onvD(GCbFQyp+Q9Sf#^3E42U(-)7KXAe z{&MGR?=_)S4qo~%&&?}jak)Bwqs3X3iYXtBZ#=s2@ibrW=SzpzcQ0k^+GBbw^ZVvQ z+c#}mSs1X+AoAU@>HEWP86Wi7qvp4h!|bP$M3Yp`%Hz!rd;I=q^iE4=@La;m`rBK% zJ#?Ao#O3E|3oo9v;a%};?Jg$K%FcbS`l2gV)Ktpn1bpY(&cw{fz__@^pvpiV7?!fi zED{D{4I)o!<1fZcZR5~kUAM1vTk7(gu`ANRkuJ-}BE}+;^hD3}82`~16EAQd?7g>b z{jH9h_6B?){rrrK|5;do$%xHB9K=^(5isC0;9=uRX!Br91&SLm8t{W8gh2{f4VZxx za{K^O8!&zt8JH4;QXNXXmfdD{S-W?CoP9#ZW2vZ(5BvY=AG@vNRl|2h{_@>dyXIIv z$htCnn~|<{ux-HQ>;G;Dt*tpe(JOaqI22dWb($=*n2V$ikF=2x7JGzQsPgUkRZVMr%6~KkUMTgMxS!Bi0hBo z1@HKKAB4VV?yd9BExjt2zRSts@kgGulZ95!6I+yTljdiU$;I%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz==d_gbV~A)^PgeD>w)FC^$PBG%+e6yPlDifw_s1 zp8+V&#ni;e$na_3C2@J)6#0k!9}7>EY!PHVeR5Xc+>i**JWI}{!l$lo&yic09$CA< z_3Gi0pS!M#-IaXk|0-^I01N;5y|G2C4XK;h9&mi;y!^zb@@b3bqov!wTwmx}{$zS@ zyKPo+n5NTlx%Y>6Ipwmxug*`fTgd;B^$?rZ?&^l=DZ7@a`1)8Xa!6f_J*})c*ZTS| z-=AVDro{_w^-S_oQkegZy`tNm`}+mWa0mHqE~}THuCs5qWqRtWb4}vufz|3#cW!N; z`|n5To-p~iaJPp-2I(9Jm*)w;-4&`9Gc!$7V0qy8#6ID#{~{F^1v@-*zpokBvEj;* zMavJ^J2LEyGBQXp(lVcE)?UrT%*epFxW=H$Kpq%&vdSzH24W2&Pio^Y#!PMF&|zJ- zuXJ1L@|&?M(!h}{%f}+dB9gbx_43cZXVz6^*8knXcFBkR4U?DwA4oqxBjbM-7GSbr zGY|*y6<7oe_zZa1xDwht7*m1b28;&$APHfRLRJH2AcY)1z|;kdA4Z1sn_CZy`bhLD zB<_~JeMCQCPd%T_{&RKio4TU3+MWh{d^W>rx5PMK#C#*UrS2Q%&N6W5MHG<)7WN%i``@KCeE2pgtpRy!&yTzXa7H)g0Hwk`< zFRm$8oz>xZWKEl|_q#*0p8qu2ksA8C&w$F zX5TOInUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@0>E#0^9t*6{h|D+J`{WF}_}nyT9$tk6SARTUy`j-sR2qi|d6_ zV8McOJd%d9T4h#wZmQ4U714a^z2AcLMNE2OGu5uz#v1PU86H|4;c)rJW34oS=U+k= zL}%RO{NMX)Z4c*>rjE{?R&II1yaip$0_5es`fU{V{BvMQ-h#J3Z%$6r@>X>?VXI(r z_=d{8=A(?x6FsJy{(JfOiWZN>_y50FuZZ37c+IZb+CSyiXVM=lzkItQ%00&E=cVH+ zXO{X{`?-EwBicNFM|Roi>m}?WrtGO^8UM4e z0Mibe0Y8W@4C1pIFas&Hlmv_hMh3Z%hSs{@b8fBl7v{bhq_j@Y*UIiCzbTKvZ_#z< zqXfNI#K&m0)rAB+SNI|tCi7$JvejR*lg<|ze)`pBzk+}9thz(9HPvIUil+&ze7802 z@PZ2`N}mJ@ukd(3ed)}~h`UPPFD_q`!~de(|9!*k@EN8H3_2e~hUxQ33b|z*ne>o% zqG`3sev_ZdE$Oz$49;xP5stY0UXo!_vyaTTNd_O3oUY%Ht)0B$03qY&z|==@79L`P1tRGq3%@VW`<9m-{;G* jo7@PM&~swCwKio{!24hkqauaWM{6W>e|!@4S}FtpH7!u7 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt b/pki/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c4f182ad7f9771eec58373f4320d23f4db7e3ef1 GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iP6V^myJ`a&72-Vi+xYiuWk{QW`Cs__HD&x_FJwKcJ_+@+VK7SC)=>v#R|NZvt(ahOFP@VC|b`t zVOK@Q``MW{&T{O1=eg_gE3K)fC*D^b(zKfvY1JOH^UH#@3s}B?-)J&xbC&AvuZ_Ex zWqvt(sCR4V&&Zy4Q8lv@Idv{(D?9WUY?xd5%t$DxtR-rh%d@kqDq^DKWV6VzkC;%nr_C-|Lpej=!f<{T2#W1Z#`XS8JKCpy{F*eGZC>BM;@6@TrJuyY;+>w z+0QxKmME{Z&uD+tKOsDpXU6{Hrt<4P8f5(}{j=-bnXNxBIX=Cwd+8TvWlv(HP|M%O zkH^o}UF|=&EB~k5hBXrHU)~GmF@@gsh;8MmU-Y+GHFdS=)P>#)a-613Kf$v4kb8g0 fQr3T$E-JNfOYUfy;?;jiX|7;ZB=ebFyXOD^C$VM| literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt b/pki/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..2666670afb5e8eaf3032e9ede9a7768e2f17dfa5 GIT binary patch literal 910 zcmXqLV(v0%Vk%m|%*4pV#K>pB%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0QxhX2!~R$ep~s8m=dG=}eQW*e63+0zto7a96N|!=H96k= zwm;Hz|LXbDOJ`oSs0M~CvRR^c%WP}&7Vb8mAA!r~FZ*%-)S5W=4qN|eQh(#jR_r#) zRqOQsr?T`phcVj^u6>d$UH^kJ9CxqD2`OFsBjo4W)$-vzdF86o4(lcr?d=o2^J_=o zopkx=FsI*MPjxtsUr|2u?~Rd(d~W->H^GgbSAG?1uCrRkP_jiya)piM9%ixm)la8L zpK-f=)j@coH0P3PhGU%{Jg0p!SEyz=Ed62g>&68c&%6K17>C9G*_P5fO*Y4EsqX(- zmmX-Hy|X?{_>g9gw#r}k&$DOyO$?M=arSUs;)|P1%!~|-i)#$34CH~~D67mOVIbBZ z@}xHYV$9Sw4jtBY`%1T^F25POA`KkjvV1IJEF$M_$=`}P(>MK>f~cndnrXdSXDfsa z_(1yk85#exumF<~n}IlpufQT;z-Pe2#+A_K!I%mZH()g22T2Hn6tWsH11aSA0j4xy z{4g@?RM|H5c)@2z(Wt}K9$vkFK1S5Gnf^QEZIgNAev$5~CyM+H(%;`nzw1?8y)zUe z*LS|y!~1tjI9}V7-*oB(+$<$iUFhP~AWkq<~piE+9WAGdU9|9$;u>Y@$$H zngm47jvyWo8_0?C8X6cF0-=Smfq_AkIIpn*PzuI1NFvcdGB;;o;VgH}(& zvxipVo>N&ny_l?orYK($WY{NsMQ_SV?y9U#$%E&T_PmsPe8$t(U-Fn~V-~O8N8`n^ zlkB&wd9-Z4smIBKtZR>O%S)&xWc;ybS+MP+*56Nhm75|pyoCN4tX{9`Hpf-s!PF^c ze9|i(HhYA;yD%a7TS%A1!|zSFR{~Xtpl8%WVR-VYj%*epF zxW=H$Kpq&jvdSzH24W2&eqZ7i{^T&IPF*wUfFQTd>T#_DA0Hh+Iblagcrm76Ai310FW6gf{dSkN^u%#W&>m0j5V_{4g>kO;Ek%@u(wF+wiUlzZTm|V;7#i+rM>n+p;Pb?3n#W zC-n2rJ+70eCe)&X|IeM{Q&%EaUbn8{qp~W8V zlRuoy(qXe&%fc#|`fq<|sAcTE#(C4K?-}?W7gtcrh9&w-U$Wv>SCV~U6<QQkt4o9c?Dk|*qf hK6B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj10NEtkui{hSR))@Xr$nqSWu9em#$z~l5ecw>}b%$ zsD$hfMpg#qCPsb+pg0#(6C)$TrhL)h z_(1yk85#exumF<~n*l$FFAUZ;(Oa^KoWr`qEfH7?#fvggV&5Rt&z|;ziWk!Yx-EA5#HSTfdru>V$d~D9or5v|r zOl7W-Tu`)c{inK#HOh5YZt=u!y?#wXx7+ue(@{Ga&YMeQ9e*eGR$R|D-?qn7d#%=8 zyG5@J_D=4)&;NamuEUY}XB3Q8o^(HE>wM=UdC8$kU#E3V?CIGr7qUpNbz72mNBiP( z!)F%eqU?8@IBbk^zE!<0D3r3^uk(BT{&mqcKdajx$u9dX{riagZi)L`8cW*mv6bAd z4OqISt((7ejp@%D?^s$t2oy{E*4A2ojegnVEKZrj$r)=jN{^#t>+4U^t uvpJUgUgu_!XE@^QkaPE3*88ew+q-WU-Z%L9>!GZP~d6CB(+$<$iUFhP{u$Cq<~piIKa?I!8fs>ATuvr!LTIX zSi#xRKu(<3(7?bD2rY~a3=E>gd5sMWjf`Pj1Ah{2gF1&iZEPAS&ACRacEXt(UiXQIKO zk2>d`P&9vkVseVJ(zDk^`F3lW+M}<3x%T{{xAX7ZvoTE1CwSJ+ca{^&$mp+U+uqXa zzcBr9O8U*}Wzv5>Z;P+cD9n>7547X{U=+c~#LURRxVZ7GLE|X{d0@oJDziu!h&71(`O=$c zY}8OwYubJ5VPt3+b6pvbTy$*?2GI4}(ZW1Nv8r&jX3dGULrl?)T_UVPmbv7`UuY?IIL>&hRw z{pS{4>m#MonEJ&2DQn(ZgHx*}929i8^ddIb-|(;U0`?V)#a61Y8x@~r`=O}sWTn1+ zU+PzBgP7-iDptRWj27^ID)D+}^Knzz%?7T=e>QZf`NYnDBD&+~nR`<+y@Pr-eqs;$ zzb$QHz=5x|Szq1#ri#VrX2|gfE4aH}lfC5iXURt{ze}2Xj_EgUyuVax-U-F|nihgC z+6{C53twM)t8cxxom2kpFUqo6!HrM6n77A9?QD^E4JgWTPvYV?=oGy7Q2+B!o3pn$ lt~an-*%b%Xr|slm)$Vy7WPNti%vHzxH$K$=E@r5~2mmf+VE_OC literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt b/pki/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..91fc36a7273717ff4e09012fc0052f4d0e81351e GIT binary patch literal 980 zcmXqLV!mL|#I$1pGZP~d6CB(+$<$iUDLrhr*kEWpr6!8fs>ATuvr!LTIXSfRKy z$=T6BPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZAQCN9GEe}yh*?+?n}rZNn;4al{l&=2 zz}&>h&tTBR$i>ve$jGo&u{D@Osx!6q=~rceJ*@7JgdDdwGWBQ zGefWaZ7)zv*hf)TY^r9XDV`v`%79UIB4Z)9Vq*m_}JcQ#)6wA(eAVP zD>sJcC?9XSaOieWqZn@>`^_2qyl_nDcIer$OZB&} z_nq&x{+V^1b;Bv++^nztDpxTT}EH+V<$ zv|W9^BGngCP8}9b6)s=Hv@!H=bwrRh6EhlwW)vQaff`7eB1oT% zfs}y+l1dgNHV1ON0@EunUKttG7r)yuXU)2^TJKrKWGB`aiBx@OQ{46YqPNb>{hRV8 z9`fRRWIgTMiidCA^|%8vgmyPv`_z%Z?pEOx~&Y4+ou?HO(s8T4TYnMu$gN zW=**7ab4`*uiE?W(JRxnyrgz~kyu>e9G#He`K&1KWx4LrOIZ&zeAgX= zZ}t1VenoXAomuuhuy&)c(q;jq?gi}EKdMQyJ6!1 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt b/pki/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3500737ab8e8ede4abbef3afc4fb43cefc3f9d93 GIT binary patch literal 1017 zcmXqLV*YB-#B_H7GZP~d6QhvB(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj178xYku{KpSR)c(sNkDeP>`9Iu3%V_Z)9wu;OuD7 z#HfVq5k^)9<|amd2B0_>QxhX2!wcur)pf5d4Q2V)gg7{TdYdl%fA3Ba#*5qh&plqK zFkdBFw>Q+E|L5b|0WuD9Y}E%R{y2Q~+)kBZei4_dKU}=DT&1jY*lt!>_TCzphmkBpnNzXL~_P|Js@P#rCXz z8EXoci~GEhZL7@xTNw4zC3uB-^{Q`+I-kkijl1^Fw(wFXhl_JznruSHQWM5w2dczx zG^JkkKm6cN;Eu%-kq^H=o%w?!`=!;E^sib8_ogy2GcqtPZhUUg_{2aS7?85cED{D{ z4I)o!<1fZcZR5~kUAM1vTk7(gu`ANRF)qu;BE}*zm78&;XT_?rTlJj0YdS=Je*Nw~ z$$$@}pP!NOKMM;m4Y3)BgZK(80tS2rJZxMEZ61uNKyd>`1AdT%Fi0V*0W**SN&^K{ zK)eP<27@RNPZ1;?VBlvUfvgpY&4g2i8K(>ja#{c;YG7JmWN_s=<(XHw^ecl&NY(=50$^%eH%aY#-E= z-8tN6tY3DlVMf)AvytC#8eUm&)S0m&VX8NO$6MoLpVQ4B$v<~{`9Stqr4{3jB(+$<$iUFhP}V>iq<~piB*0L?H?g1~GcR4iuq5Be z*hInE(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!R1-ty3_NgIFhyXo*g-J zHR#0mS`Nt|_U8ABTb?hfvDh{%JoOh-8JowGdL>J>W0g&94F^ppKB$*myr99+YwN6q zJ?{!Oue6hicC}(OUe6aECiG@@=ZR~+R$gJ80q5qJibySsRAKJ>vS`Z9t-JoE&YF2j zv2u5|BezfhQ&!fc#`1!r%}S}?Zi#-}xlPGMK?oyddM z0f{@R56rat_^qhLKE3u=#nrt^Nj>{QDnD-PuC%_J@JsB_RQ}~GmtUhVdF|@^I%K`Dl}k1;jtJvfRrhM z^qCo$7)T(iL}Ig|$gm*Eup!4dFckx19O%iMc=_~avrb&(*Ip#CnDH)OmXo>0bT3J_ z9mlTasWf&)FPK{;f^ z*T%d|Yx1ew*(X2SS3AFUn$K^&^~d&-ii9P{8^Zb-S6fI|dr#Ug{X3YkMC#|ak~x?E zMPz=z^rg7kuTu5Mq@oTr(<3J@9ph%Rypb={+BfZ!)$zox=Waiu=Sv=9w|_r1{Qv2Q z1vc9g9vJSE>j}^7k_Zbw@~39^`cs}$)dYSx9<4}!a@jY(+{vIJdlqkOM)9e|^B$dJ n(+l3+JI7S#AbXoU&s*M0N*mdD_`g;QuiN%xK>&-*arYJg&KqdS literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt b/pki/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3818b6a7f5193ef14738d6989e2c355159b95d7d GIT binary patch literal 1329 zcmXqLV%0ThVi8@y%*4pV#As%~%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAcRC~R1B0L)<_2!CgxQJ78GRWr7IYg zfKE9N{7DL z_wTWaKVQ#$e(AIWs_QRg9cwNg`(wD&d{_Ri#6C-&e#)#T&C zGT#qpmHzjSOPld**`l9UC%hGwJ5;F=zwF~x%LR_bldtbun)CeA4$d3KQBt|Jb)T0W zIlOh(H@&9(^Pm4lGQCs%iHBK+Iv{FzA$;d2L z0HTtNRE5&w)FOqv{F2P%RE4yn{9J{?(!?BKk_3ucDkK&c=OzK!$e9ON7yvU5BLnASYol+AzFv4#^fx5s$_2~AZ`BKIQ!ID=69uZ;IF2ON*%x>mK(zOGc&U)XX>;n^#X`KEF3 zb!E8inY(hnpJQo}V%W`ToEI}*zX~o^one&QvFFui!6mwL(!ZxZe>vsZJ+97$<{@Iw c4c_Y2oNFm%FOIG#ed3^Sx46Y$e`z-x04;>%ivR!s literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt b/pki/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..db220487cc05a1fb94077b7a3943f3693b342098 GIT binary patch literal 965 zcmXqLVm@fl#I$k&GZP~d6QijCFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgJ2S^Q8rM7SR)mXm{%E)pOcwfso`9Iu3%V_ zZ=~StXwbx{gzOzgRtDxKMt%mMI2ThBBO}8*?Mf}KrB-=Qnq`0AQ_m^goENG5ZIfQ# ztDvq_jn9ANkGQ`%wQ-mExc0MXUcJgDF7*SJO}mzxDTb_i<;QSjtC2M~&ukqd?K7useP-@u zWn21LYe#A)=NEl%pUwpIm^V%$iTR`ajik)Dg$|7 zaLOvPNEnDUh&-u{zZf&MjYEfZ-M-RosmpK1u1EvNyDT4z7>kHIv%0>s?NR-klhz!+ zRCdAm*w6Ca27Dm>{EUqMSy+H6iOql?#1{tfSq+$hlmQP&Kn28WU}P{51o0GDxC}T9 z*w|QrOa=orkdPushm3)gfdm^@LYoI;D$p9a*P5KC@@AD8GN1z*VxClQrPlcYE*{GJ}X!eDrU^_D@@eYX2CKeYazms&RS z6vLsLvJukL-kKlee4x^{JndM#7mv#8GVz`2dqcAog5Bi1Z`3`#bnJ=ssh6`Re%WzT z&*G2Ep6G|^t)_e5DQR7=td5cs_xmB=QZe~)dtq*UUO?e*pIM!&e?98mSby2z$gXn$ DomXZP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP1234CACert.crt b/pki/testdata/nist-pkits/certs/PoliciesP1234CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..36cf4ce24ea9f01fb8f333080559a460cf69a341 GIT binary patch literal 964 zcmXqLVm@Hd#I#}oGZP~d6Qi;LFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj11}P-kus2gSR)vapOcxK3A8={Xr76Jv!g*1qY|<& z7+D#Zn;7{SfZ|+CO^l2TPiGr+{z$%g<#(jN*=zgYhhbqS&*?N>)D#SQ6TU&(;4!Ov z#`5x(`dXDw>-p|&wo3Hd zuyp&wv-gP1i<1BAKFw4`W)!I_Ac~0Mqo==g6k0MQYa%wzGKJy*S7Uy)loDNA;@N`L_$ zNIyR#<9`+wU;<(@;0N)AL3~yNW*}w20}@aH@fsKz3>-l`1r{p<3!ns7LYoI;Do~pN zBMOfRg~yD-V?mBtVEP2cEF*)B&ZFL?`(GOFIy*DRGqKEN)f-pE-7AjXy0Y#_#Hl5m zA3yxR!dAVf$Fd5^m*-AO+$}R&yzS=QKPRo*>ez(3j&q*85PojW0-c1uZ|#g5Pan7zXPaSV zJfyPkaaJIyw$GOd8eRHkU^72ETP(mj4%&C}eJWkd32UpZVi iL$q!aW2*9dRvBB{G^TA?Z(L`xt4)nu+gWml%?bc&uWg+G literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt b/pki/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..1ab7ab104f656479536dad0124973f23ede123e1 GIT binary patch literal 948 zcmXqLV%}iT#57|8GZP~d6CB(+$<$iUFhP|838q<~piFd#oCGdU9|9$;u>Y@*=o zXdoxfYiM9#2!s~K1_lOE;=INNKsgxKAdp166bd9`<{= zA|IXRZe6|F_{Mg*C7GA@?)*I2TH#Xp!Ou;0dow#;tv&r(JuuEB_tdPYXDi;M{#i1w z>p$bQ7s8s-`{i#xH)ISDx3;>wT%qj$r<}yYQ}V6gF4n+Wf>?`sxqZ!+#yt~~W;w(7d{Ugnv4J?E+EQE}!4jz2Z;7-=<@FozLx+nV1d%*Mv zj6FsMe);xyH(M3orz@;aJDRAHdscnLqLXiJ?p6K0E+p|K^`q(mwuE*64oQg4neSG# z$=8R==Gpn#o-&IZ)P+2GCa70js#W`DaYChS(oXG1X6?+I+4;)aFC1?_^`HNLXTE6F z$Hje8hjXqYzmMUfAb*r-p5Bf zRO%K@43hdJu_G$y1n(BZo6Ec1IlbO*`5+;AB%Appcfj?|H@{yp9o`e9D&H*kxoh&F S7d;n$Wz~1&Oty@++YJEsNn4u$ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt b/pki/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..df834464bbad670ff2ad805f1f60e742a0388525 GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d6CB(+$<$iUFhP|-jhq<~piA|O8}GdU9|9$;u>Y@$$H zn&j*VVj9Sa^BNi$7y_Y%v4Md>lsK=k0Z<&qH3%osN_7KOh?R1fR>Exs+HBCosD$i2 zMpg#qCPsb+pg0#(6C)$Tq8E4Fw#EI)-G6juiFxLv$wzJOUrEp2;`g`4R3_8*WV3RX zd*lPtf|?oneZP0C*V8oIVV#nkF-`Q+!aVtKcaD#t0jf^j3x2;*o^3UWF?!;oXia&U zb!y9g+}h(*yWQ)YWyL|ipBYM1{zoqTrM^Vw$61a$X36}ABhT8r4L@__YQXV>2g)8M z2u)z*NZ-FwdCkOipIrY6)g1}k%65PH%q>66PuJMxt1rFA((Ow&53ZeCd4QA4YKF@t9eFkn z_O}^E&op)(-shoyU*r39fzhxe z#mKN{&x&iu`JR8vnt4BXRmoD>_Oz=T_Fq_>d^mNMpk%et`v$op3#0trPA)Ue7;LV?XJ95Hw~6!kdzUk8{~XpiNhP&B=r;1*WgsK` zXQI02r)8Ycm*ySaczW@RQlUQQPO;myt$m$sWojET(@yXI#NM?1()C02TvLue&Ripy z(SGkS*Po-h<%cc^UuC-f^k&cd9~ze#oc_41??1F`NAD7@t*dl(RW5ElZ^xG>@ghuJ zX4AzDAMd|9+}p7?Fs<&xy*!B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj15XmIku(s8SR)XSpOcxK3A8={Xr6+zqd^m+60#>4 zSs9p{82K51;#^EkjEoHPYaSfylB$pw@2~E+TfgC5#+UsnH@g$lO#j!j7Cg#ddtdX~ zH4mW~`|~*7yqF#~Kjo*$_oKON6Fbg1FaCQ~ewNr#CdnN$wnlTBW;kbhx)q+R26i&W2^$G89hy>;LTh)riyWOw5c7jEftW8#FF4kOu~$tTKy)fmnmcliK); zF;m+(bXeEzE8Uj5{ATQmG;nOo^0A1qi1cW1-QwjGNqT2%J8ehdWTDPiFOm)TK>GO^ z8UM4e0Mief0Y8W@4C1pIFas$A9*}?vh}Xc#U|GR^@fD^FaZ|^M?;wzk4mHS@y;FPu@qnXgSx6`+dhH bx|N^ltoPt&d%{1l%Rs|Z>1)F6xcPmvYv_IUU`-!zvqQ+@bRI_C>-=2TJ z0_rZQ?ltGUpD!VBenINo>kbiYHmU2E?UyaOeCf!weQ6VaR{T7c_-?`^-Iw~6va1i@ zeEy~F#lAv?FO}cwox-1=TW)6b|IYoZ?DzPJ%5S>9JvP6Ued>h5gX<F9JM>?7F}pEMC++od8(;G_(@j&ieJon_GN9pK=+#ts8{V64e1vq%_-HHh?RaNXkN z6iIq#YddX6;bfuCS1*#m@h;29BE}+ej^WndRg)cl99U4f_F%<1+3V`x<{9vT^z$<^ z{%2tUrX)54eh^<6#Ah{N22uv9AOQsyIRhC39yYFoHV?*Bph5#i6dn_Dd;yamFuoWW z!o%mTnyj`wDPDT-8Oy^T?wj9V$j0XR_sY~w@vpW$+j^j&W6k5FkKfo<-{p7yd|1A} zebvRiHtSZzO`pIeYuIZ3xGdd!+ppW)smEO(E|_x6^TqN*hghAC=4oEJU&TOQxhX2!%dDS7WOOEQtzHS)t>&c;Y)zn`$ZT3S{hz|Zg{FVeBMOI9)sFL zt{lpj&G$4vu6Vd`yMKjf@fO~=smo6@aXIglViAuBW;=50oB00f!!~PGCdwYTwy(&B z$M5dyt)7jrDi=9P(U(ML|^h|tX-Ic6*-@#VtWuWYsj&HP7PLw=RmdgX*;*=&rYno@%Ex|J?q1du|g_`4ER9$`577i zv#6gOZr;0H+vgA}qFFas&%_yMLoVEiyLbQaZj z@x@<0acOg{!YlfeNwS<)4U$`%l9H13Uj}QD{a_vzw_NL zHj@w6Yi3;XD5|M!c(PzBTUBBr?}9Dm>{`O1$_!_A_qx^>|% z7n|+4SG!Srjve3Bd2_3utCX5K8gu?mZ09}fx-EhAPgChlNilCB!`Z98dWu%LZ?gJe zdi||^rG-)D@_p<*>Lp+EQdzrM*3SIz$oy;CvYhB?y#d^NPiU&d?|GuFmAmoU{q(K} zNjw2L0@-c3`70#OOnrGFVGa9{{j+|!bj>bSd&QdCaW%FvB>193mdD{sqKhj}C0`1; z`1#_m+z0F-8RsTm-S_aIumY>}y9xT%X_4XDwq?mSy5hgqo-`6Pw=OQ@T0U=uh|`$~ zb8kuWeqMF*+@)l7i^z_1QZX8?Ow5c7jEidwstn|Tp((4(B4HrbAaai3*56f=9ex~G zP`UPC#W~sQ>fh#p6M!rqix`W@%Rk%V!bJSoWG@>1?MTQL_`xcjX}|~4&(FyCpM?dO zq}UAjL408lpVfdFNEwKO1Qb{V4EPLq*tinfJQ!1f3JuUx9x#3w8GPq-cwSw)OH4uN zMhlyrwy}EihK%dI`(!hwdU5`HS9Bz{xOx9si3>0E!)6vv)9AZm|7MSZ`;M?bkFK^o zU8Hg8T0z&oyHY0?#f$3mh!%NlyI*%HGGcx2(o>F|e{(MQ`C2Y1@v}A9bwTy=?4X5{ z*gtUGTqByJr>c9Q{D#&!^)1|YRP+wz8lRD_|6`gtZO?Q0h@Ej8rfSS)K67||?WH_b zn+9Y(!d3-s$KziR3BVUnK z$uDpE|C%#X(e}rNJ5LWgzw+Btcgd5sN#s$g7$ND^(;G*E}ws({T_gv9}d22G4g z$bMvGWngY%#rDziu!h&713 z{Ie}COvH~(_M*|>j)ZK1AFR@u;G`hS$0Eie(y1Wc@_Ws0&g=K$;^t+1vkZ`T=rG^| z>E~x;{LjJyOk8XR;vl{Pi+};20S_BjLYoI;Dp1^j(SRQ$Aq-N;YQPMnkmCoK27&Rz z$WUy*;vHK{1jm~{;?_-z{(N|9v_IzNl&uM(2@k)|TJdVhUq%7#Nuj%EvMyy}Phra)Tp-)rpO7ZaeDSJErpM=*qGu3v@2LtY6Ub=3{Zw7t{Tm z?|hhjr(C*F)Euye&o99?+GOXmwCHh-5KyAR*>#g?D{HRI{zuhaOy-*P^2U3l#x z`8E2v_unbnH-BYMUcZUEdF`X;59DurJ9t5~&0RI?_w&d4MdfAx<`m9ev~)S^3;~O8 S=J(<*@3+3mz3tReJ3jzeB5(Zw literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP12CACert.crt b/pki/testdata/nist-pkits/certs/PoliciesP12CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..dc1b60de0e85926c5f12a4279ca12d9841517ac7 GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iBZ*nmyJ`a&7A1X>?pXr$omXwbx{gzN`K zRtDxKMt%mMI2ThBBO}9=+!J2=*2TBByzi9_@>99n*I{tYJU!#R+jTd#OD^XZp1OT= zmS`?FyYs&7R4vII|+h z0{=yk0gatZDR;uAU(exii`nH?ZZISK;_8W4msdP`enVG(%L3cw3V#3BYFwF@ao3ow z#_sP*|0}IC_XW*Wp4OeYBg+1eZmd$tC*P#g2U*VPRMy@|=rezD;a$$WZ3dg3JigTZ zO>P_W)~=te@~ixXH#SYR5cjOmV6{SoLr3vLte#X-I^@4H~Bz$OFSrR+$ADm<=LNYU3}) zOl{-PVO_VcbX)53o3Sg>z>zJ>$0EieawFdK(X4~!T59K-&lK|&h-z6qGBn@=>E~x; z{LjJyOg?M|{2;zCh|g-k45SQrKmsZtUIQb8fhvfnz#?ZL1C-!OX!Br91!^;3MBy%^Lx5EotuJ%qU+*0SxCKmbNh_Y?#?6+OUS0bz)h|2Bwz3jsx z_8+T^RKhszQY>C%Y2JIaVuQpt?@GzA590iX4+Nir#M?&s>y}mZe=H;)0!79_w zpPit;am$`pOJaOWC8HQ`&VT#lr=iR)^~R=u;r|j=Rk<#{qs#Jmy2)el2F4?1kDqUB z?bQ4^-R9fhr|ZpcY!TwyrzbG$aSmsHl783jg}+$+R*LVa*m2@yIPV=9nF9ec*a9<{ XO0G6LEZ2Qfv6)#})3ZIe^3N*(v2a;C literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt b/pki/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..081f951b80d946602710464608e74347c20d5215 GIT binary patch literal 912 zcmXqLV(u|$Vk%j{%*4pV#K>sC%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDPR`n56I8SOwI&~2N)VDI6E51 ziSrs77#ISfg|UHwL6kVJv4NqHF^p^AOQKD(2GS6lL{MxhE=_WF3@|ikVpKx*3nME7 za}y&!15licsfm%1;c%Z>?Umr>MfpEGofbrOZGEzP;ftG|ybC7Y{@8n3B$H`|EyYHHBgmPH#>1zgjApQJ|jQ?3! zfQg9BKpezZU=c9jGvHz4N@(+7Oa+P?FdFcKB!oclz_H6TFr9V%Yy?f7`nXF4U?#oMR^2*|>*#6SZZsEFfQ`VfGuXoZU J!z5*1EC3t^T8RJv literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt b/pki/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..e8d0bb8ba8df7afcbc10f400388b5bf1418a2ba0 GIT binary patch literal 922 zcmXqLVxDHu#8kI{nTe5!iILHOmyJ`a&7wY+_{=5IfpU~gOrDqze`m)n*Jql^?|RixqPPUh*W-GbMiLp?2r36r(SIiWb1F5 z>Dm5~bx!5n1KWfv?y6p~JLo*qY^R@q_@R?b%!~|-i)#$34CH}fDXYvPVIbBZqBQS1 z-wuy+oP1WX`>y#$D2Mf)z6OqbSw0pq7Lnsi&6i*JrSi1q{_Rh(nYZ7a`Zn{O0Ut;| zKO^IR78YP~Vl&_e@r6NrRs&`rWgrd`P+$=-;4|Q1<4S1rU`z!nG+;uGA7H8j#t$Qd z_kQnL?97{^oEE!y&$|)v^2$?=w5{huu3ES_?)(=Tp{HiORMv1-X_k;&la&njq|WnN zz9;RLD5UhixZY@f>#%sVTC%Lq?asO3KE+OfY}djiUVdMz^sVWyf6})Cj+J6TTP`y^ zzajQu`0i&=hE2D1S zygW5{Rv9Db$K>O4zSl=<%YEGQ$mT%hwcabM(kr*;+~+_OxR{Q`2L}iKq literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt b/pki/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c734009d050a16df7d6c8242d37decabbe8cfeb6 GIT binary patch literal 918 zcmXqLVxDBs#8kC_nTe5!iBZUamyJ`a&7A1lk;6q)=R%O>;pzt z2IeM4eg>d87gG}>Bg28KHD3~AIPTV5wCt!!IHbzDMt}bXv!C{#?l5^ie$y_J&5@YA z+<4Pl!Hq_WToc~5gqYoGTcYb=jxX&jI-I#u;#3q)w7U) zlYNV~?lWQ*{i@^r^j3lRIlGeGt7Jpp&Tc&06xX*uX=C64sp9i$+|%7}9-AW(IH~c$ zT))W1t`^@2f>in6Q85tNCH+CB|b{NP5gHcwQMZ!R=K_r5)MMZj# zcF+_r+ob|UB7tAmTb%?)wJaZt7>kIw&MW2}?B$KNsY~}8%b%&bG~>@ca74@UGcx{X zVF4x{HUoZ;dBPw*s{u2RG7tv|D6jyNgaHp5S3;WyV=7Rg0TYl1lu!XFYhYwRjxS(} z1I8C4gH!jcCA*dt|BT)jG(Se zuj(9=tvmkaERoCEpfUBV=!18R_O(|U@)u8!xtSVTw^!QfRqWT)Ej*^uXMQr{W7Arb@8qJa?ZsLEXT=r}h%Z}hl z$G$R|${baj;w{2??03*+rS|o5&O7rJP0K|ke;j{QDYUNg7pGpN*^YH==hs;`EHr4} zZC&b6zwVXGGjU(mpBGDdmhQb+%n`Sq|IKrey*zp*E}j=wel;yvc~ZjHm~}h5X}ACK SiE6w4&h>q7x967?-(~=dM@wq} literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/PoliciesP2subCACert.crt b/pki/testdata/nist-pkits/certs/PoliciesP2subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..0f3fbbb01a192281454dcfd134ec032ea8a04e88 GIT binary patch literal 901 zcmXqLVs12OV#-{=%*4pV#3*3E%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXz>7p1qzoh=HV6jf=VT^l0&Na3QYbD>0@~HYsD$hRMpg#q zCPsb+pg0#(6C)$T0)wk2Rzy3B>aLrqi%li8A`t+jH-F8=w{SJ0K zd_3_&wpDhg)c(irSCp#X9sPEFdclIZidJ?{=Ttpgb;mt%+Jan_Rb96mJS>YGUFWgl8Kp-fpKw-L6w0#FbrjtStJa^8bl%(TU4a?Xa`O4 zvRx`rBog>_z12x@Jj?R2h_Q&o*|ZeTGbku3oUyLaO!Br8U(I@Ea4gI6Gcx{XVF9Kb zHUoZ;dBPw*s{u2RG7tv|D6jz2g8>g4S3;WyV=7Rg0TXik023H6ei#`_vVB>3H$LT^ zyNUPE-Wu|S*5P0ul-QaK{e&u z!?T+!E_<~IntR`nDq5j+-*Sz658uyOE$=K0+4|A~x8C`qI`wJM^ZQJ@x2blWO`Eqa z=U&5$Gso7wWQ$aaxVwF+i{-25YYOkIZ&VY?F_nAJkvjd)(PN7qNzGYXV<|ED*!nuX z;N|zqe$LXGTYojR-L6r^dO}0T$rYdOf2wTlzEU}LGWU@KMb%$gZ;I*bC@b&(P_V96 zubDqEwA1X>?ptl;cu(8Q>O>;*d87gG}>Bg2D|o43|nSlT-Ie45oC=C*$iUY$JmPVxNhX%`M(lHbx?Zk8O* zb@P+Vfc+#C?YqRY4e?B(j>7Bm@d?5Y& zjEw(TSb(XA&43@o7Y6ZJ4VZzH0S`z(1;lG$WH1m1@f27D4ETT&TnTL+jHy6v2F%Fu z1x#|l_+n&;E!g8c!T7))9d6CH*Q27|+^kTJb3Wr<^*TB%arMpqStb_sb2V@8nUE4C zKmBBPcjC3yx$0BvPH%3F(|&&B-~5zgMHiG3b!TL7<@&wXYus>--{4_jei=32 zd*5TJD*0GB?DX;Cnr2`eAF#ZOVcaD4Ln1~~wa`(W1q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt b/pki/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..9c648a30be041dfd3e995e0d272db04c3576a297 GIT binary patch literal 980 zcmXqLV!mL|#I$1pGZP~d6Jvq_FB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgT~1u+9PZr$i~GvNv(78C!G{VNipX1{4zrY1345y z0id%=l9AkKC}_YBavp~;hi_t0WlmyViXo2y7f6UznAzCG6y^#&VJ2rsgC<5L3cV`IY8H!3Z1iFUIB&u;fA_}9MZTk{#OEoGOV`TnSyr9Rt& z@9a^tBIQ{#1gAW{w#etz3Z+`9JL^6xb^kq>n5TLvaRIZm{k`(QtSZ%Ydq12yxyFA> z?(M|2oU3Q_>|7qt%KN&UvB+jy&%Jf4%^c3GiFS#SDt~CDadg>Q@xAjMRweFTIcM%) z0W*P>zKoOmrS587>^so^dDH7la+%wdj-P+_YBHbZymHN0Bgt1`otsRoH`cToyPw&{ zyKaB5LW`i^8S_m?7|SN|=RDLmtn*~zWnyMzU|d{dP-P$w3_@9D76}8f29YPV@fTyJ zwsGjNuG?3-Ep_?L*cEBuWFyPRBE}-}Ay6Xe{W-_u+c%__WHaqC;xeB3+JFzFpP!NO zKMM;mA+i~WgZK(80tS2rJZxMEZ61uNKyd>`aP-LvgA}qFFas&%_yML@VEiyLsHaA9 z*q23ZkmEjoD9=llQCd=?CC?|JT;ZQ9Q{=Z6073-_+BE)DBf@Tg|*JY3ZIq33tU z>!75xe@naza+K#Phpp99aFa<8zUn(k|9+j}yk*WO!uBVxiw(RHa+TLWL&nwQX6WK{ zPd-VPo&w#V=*v8*DV&xzo9(nVZBX0YG@UzVrI6n8`-OT(;_CSCFRk=`WGrvP;Qagl zp$)R8x*LjK?YD87Tv^t1Pb2xEUh@8h8tM7_T;uj{dK;f?^wfLWM83uAT9jocX->82 z3%qQZ`t7li*c2!8G!B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgU0#f*~2c(QxhX2!~U9+&gUmN|KH50mRaCG%Q950%iN?k z>*n99=bo(ny)*9W>wkSYNr}o|R(w1Xv1^*Wly<^`zps0L&3qEJej(rF`x092uOlaQ zcufw9AG^}+VUU&%8t$bFKILHr?OU80aGC}yS8x5yIHKv zGsJ#g=u4O+A!K^tWzFfc^H_zXH!tI~bnQKO*mUaV_i?+w9OXDFv*cMIlbz_Le-cNw zmg4ynOqvh`et>Bg7(a{*9KSjY4*e8b%IYmtI(^UoiCVi;jWZ*@*`GfD-;86k=%h7sSSMyw zY`0LB-+M3jZAarg&mX#z_wpv6{J`hFMQ=*Gl~?Ygv*G@FKc+r-#_)+t>FU+4dYKpB%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXz>P#3#0*3rHt+_emgQ%srYIDbCIRhfVpKwQJR>Uua}y&! z15licsfm%1VX4H@MVvhHYmV&Y4f$GgQ!^iEwWn783i zKta)$vO^c1Jm2)_qE1Cc+=|K#OUes0o;dMO&B$7rKF#${om*VG*W(~XuicqvWzI6B z{Pa1^dG6ZcUvq^|+`076W4(Y&Ve#9Y3jFbt)*H6GJl3#qy6}8o$=gKUrlK2?MbPkqE{X73n?NK~ubJ zmkJb#1b$s_brKxMvV1IJEF#nLC(T^&vaDox{FNWSC2yXWWnJ(d9K*8wjEw(TSb(X9 z%|IMvo&pOn>J50j>tx z2NW!NzVbT9909w!ldg_|?~3VW4X=q?&;M-;w&^|1p7%B&Ec2`+2XjZ%lC39e E04AhSdjJ3c literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt b/pki/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..32ddfe3e3152533d593e864cf9e96bc475a59f0c GIT binary patch literal 935 zcmXqLVqR>}#MHfjnTe5!i80xLmyJ`a&7ZZvtkDa~&&kOzOD$4JE6UGR2q?oO>?UZ4?!avQn-FJSH?l!@FlNh+4NZkq$J#1jGNitdU7aRYwJbiC=Mr$t~ zUHe};%{~uz2TW+IIyu|=u0$Tw#ea79{jc~MT=>G`Ge_Zt<1V)fF^^M`zW+2LF7zDR zJJ+#=t2z9XnYyNdM8DtljqoOQNlggvcD0Qd%MDp!?0o zWMEueV^C!v4-8;gWflnou?CSRwec5YrnYhDu&&!zx-E72&Da%b;FKWC$0EievNhLV z!~Xd0jWd?4TzX+ebevbo=H~`{ApQJ|jQ?3!fN6`(KpezZU=c9jGvHz4N@(+7Oa+P? zFdFcKB!ochj!giKnvjU#~TiKYPzYv2upw{v*HY4qdZ(dgRH|ppCD? z{x`{8;4OGuHtlfM-`TUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAdW<9^bB+$)~E)j791l1802`|1fX%Jt_U}Vg{F-MqANUvozcSJGS)I?zBBneQicSk)V#wn^%{Z42+Aj4KfYnf#E8v z%pzeR)*$kvHvVGF)HV(s)^+8M`74oB(9`Sj1RFgj;M|`sG&DG?vF3-aVV} zdHVF58x6!k`W09N4EPLq*tinfJQ!1fNy~uIfDa_W&&c?ng$0z>kfQ^b(16jw$j~x7 zGxPMunFqg5TeYN=S)yr!Ku{-(^+Xj75wMg&+Xq-o*I8y_+^uEZ;v@g z!N0>w>6co(Bw9}|^XJItS)Arx^66^$litGoGs=6@OV7%zTjBP8Z=n zq&p02&ad%b`(oSAuP2XHo;`E@X~1>i$h0LBcCdaecb+@-lf(pd$wjR(`Kw|KlC2Gm``!E?xU6rqudHp@rJ9^)^U^4&! literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt b/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..d747ea1fe5127cd7d6a7095cb11f985e532fc0cc GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!i80-PmyJ`a&7(VtL4>>DV~A9@wAHz?;p-~YkwQB%qQim;Tmmpl|!n! zdYf(KHu(?!k3SWd@7=iXziClqL!GF(^%CaK6WS%BE^5oPclV?6b)lSP<>51r|3;b!4hl55(tgVOcD**>!o<_SK8N99ygr;qHG%;A!RQEGco(1DrWc XmOek#xC8&^x9%1#5y`9Z;T8k{J=an+ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt b/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3c1730f41ab288d013ce177500700713bceb08cf GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pV#F%El%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAdW<9^bB+$)~E)j79gs*~|^A^ZxHTnD)i~ zfqRJh?#*jF@A&&2m0Eu+T5);DPaT`NW;0JHJxC2K7cIH0^!1YV>>0BgJB#kr+cRdS zEDZTxU=%Rz-;V`zU2lE1`+2AO*z_ZBpMT2zD4JWh|5@CNUCUCWe!Bt>xT z#Mw3>R$M_hGeN_3{~`H1%WIX(dsa1ESNk`QM=r-R<8cg|L+R;_2Q#-TW!!QoxU#zT z1c#$^iJFzu>57HNp0w!)7v#*ach$0-=_1>q6K+KGuHK>-@`}2&NugeR`XIA`>$s1LNXsgG>W?V7SUE zvq%_-HHbW^jlUQ(wT(lEb=|(wZK=y|#;!;MCjePK7BLo)qAq7{mS|hsBcTtQkIlb7 z;nb_|aR%Zb{R%7s27CrQY+MO#9*n8Lq-DTpzz34xXJq`(!U9Tb$k72zXu#-TWKjHa z@KNdG3A%So+^VEJ*baQti`|{HUG%EK+j@)pp9J}=d1T+a1X^P+V0l*y}#UNpUp@(QkgaCNFt|9t(4C(F*7 zyer=J>VLuM?9HmtIj`Q*rj=2*A67ZeZe0_X!F6S&>q)_y&995H LBLCYxHqQY7Aq8Lu literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt b/pki/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..e75eb4cd707fb21af5418a9c50746af77d37cad0 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe5!i80lHmyJ`a&7`#y#3?cP+* zai=)0WAaB9{}W{oP1B5@oHo8VLF|l`u~2Bnr-|z~@;fuEE}ddl62kmBS@-E@&OBYm z?Qabde&^fY{L;QwO>p;&;)7`-U*|3rTlPgcN~ohuB|B`P(fZEd&vpuD1C(k`Hpmh&48%eD6<7oe_zZa1xDwht7*l~s%Ye~M4ngc W$npNbsaN)V@;3_6FXWmumlXi;D^IBa literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt b/pki/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt new file mode 100644 index 0000000000000000000000000000000000000000..04efaa0659ba5a46a9131e8283db71b06ccf8b25 GIT binary patch literal 843 zcmXqLVssC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!nsTGli%Dj|D-k(GhDiIJbdpox)-sfm%1Vdu=iPC@qv zXI*!;s5c2SiJf(^T(#yl=iz&gbo_2F37#(;syo-e zXN3GyoGP=?{_y9fXa)|&EyuIPvn7tQy|Ls}U(xX{=hf0P{reRd7GK`(QE_tp>kZGo ztd^C!x2?2nSFQ9S>0_IMs~#M)59pXU=VL*62J`!6pZKkKu4x(R3M`%a!SmS>=ks^6 z1B#Ox4MfVqp60JvJ?FNsTBf$kGyO?&Yjj+$v|p5HchLTQPd+vDzGTGCw>s9xBR(-) zdCJ_&#LURRxY)_S0UV98d@N!tB2Q}LFUCx5hhbhE7A=3fRQN6&&c?n zg$0-}*bMkVd|?ou)qojDA%`+BnE*qXkzvNd^?B~|yi_eU4=X=v=@6G&_dor3;k{+4 z98(O0XH8(8dSc_hIPRlSe>tA}6gNG{t}y0GU$t@t-~%3 z&+fna<1XdobF*F^<&0U;7SS_h>eiF&R~oK~Y>eBHy3dOFyg&r+BZ(_d8$CAouD+&c z*DWcxtLx*jLtFWO+{ld)Ff4jCKPp-6wx7)$J?8TZ7l(f$NY9jV?I;vcU&zO otJ5y6(^M<1Jo9;L!CzBPwtyUSeJgLCX`9a%B~G3HcWKR00Js}O*Z=?k literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/TwoCRLsCACert.crt b/pki/testdata/nist-pkits/certs/TwoCRLsCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..28eb60a0713091407e817db77094bfc1ca4787fa GIT binary patch literal 900 zcmXqLVs0>KV#-*+%*4pV#K>*H%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=cF>L=1!=)^LZE=PNh|`4lTSI~p`GDj~a{k(GhD ziIJZHD9**y#K_37H?-hh67QaT5AL%)nNdzXm(ITWa_Pd+@6X(J#L7E&>^M31bUB;J z`9*Oto{}O`_oVpuKRVfGC|@))gEv5F;rVqLQTK(i?kxCV@MuB&xq#)2oX-0b+==L-1jea%G3up&4fsJ4!XSmL2FySTIeviY3m89)3{ByyH?XR_ z_Yl2o)&Fr*Dwm4f(_Na`R*P-D=YC4vAjxy2oXbVHNlV^K*Fh|E){95|p3{Ea4ihS# z-a9c!DtvzMmLu0*?pS?nUVK;jT6M>jg=c=WJ@`ID@#*yoo9a|9o+#6v_m9hGldn$8 z21XN;38{7RrRtVB{D0-m04nAM_mo+|EBq%C;-JJCjc}uzHPCj>g`ec2}oJvupd3z=;P>lWgKeN>Tm;*Dt;JdAN+N&3z^j2E!f2~1rVUB9nVmB0J+ He8)5Z8#zn& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UIDCACert.crt b/pki/testdata/nist-pkits/certs/UIDCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ec04d7445577067c6176d2b20e4eca2dd540e380 GIT binary patch literal 900 zcmXqLVs0>KV#-*+%*4pV#Kip4fR~L^tIebBJ1-+6H!FjIt0A`mCmVAp3!5-gXt1HY zfh>r_B`g+_T3n*woLW?pnU%o9>n3RK~kmz{QXnpj#_Z-Gn;!LxH@sWHt)9?|KGX4ZBx9otZc>9)vHPw z^O{qb{#xs;ii$pXEsguFa*@q1@s0kLTJ~iwx3BSRd353h^Af=w3ObW4Q=Go6+ox*r zK~3^d=*i}D&)ip6p0G5X^w-zZo%<5sc@zCl3dfR6);zI)5o+0PFR)%#?eDrzJ6FE% zaf;rS^(rE+kInV=uC$HT-Av4k42(@otO|>345|#|fq^Hh%pzeR)*$kvHvVGF)HV(s z)^+8M`749LutNEMhDo0`^B)3_jj)Hfybn>FMpB`%YhGr2!vEKR+Yme-;*C z!eKKI2k{kH1Pu5Lc-XiS+B_Ijf#L>?2K*oiVUR*r17;wF97n+91&kv`25zed^WN;y zIIrzdv-jG~!;vLhvs*t;U*i8}nRncEj_o14&L@P4|4o)!uz#P3@Heiz?+wKoW(eM6 zROkH>#vk*~x47X-hoy5&!|nw|Q7n;>tLJikJIYaGswAH_XXCB2t2wG1g?IkC9@YMm z*DYoF>X^FxA3|YX@3^(>+nDafy?(40P|H#NTlBy;Ka*b*13&m%M~1vn*PUlm z*E4qZHy+PBGfUF8>kD_q`KPHRb6Cui*DPC}(6y}Sd$vq!V2{j8Lq_|sbsrAy&*VF~ zWv<68+2bdjr9PXy^w`w>tM7s*$KR#9K2GRd|GSy_&-#VAH?8Vb; literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt b/pki/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..2d653ef65b16141e574f4d3d97a9f41f935e581d GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!i7~~1myJ`a&7%QY?wptG*&GYcR!tG< z`ZULP@%*3j4;VWi{b0H8f8T}+^*U30=FGFIb-yXPx}47L$87Te_I2+Gc02N6 ztH`4J|GZe$)h&1~JDt9EqE+~ULErRTwt2y+X>Dtg+)NXV!+$(-ySa#AmB_Qj+Lt#n zF*7nSF0L`CGLQ!btE@7Mgn?Lt$dlUmi!oE%ICNOo?JM1uy8LGBiZpQi%kr^^v4|wx zm$-OpWxymsaYdI)$Bs8Au_=4=~{YG6ruU{*va7Np` zW`9ikzQ5NmtLGkyEzD&`Ndl*Z4t}@@s&eGdfoWNkmaBNCcKsu|$&u4R=Ox-wd zMQp3u1?RJEO|QH2EH{L&yjGFjd$8_O&X%=rW9Qvnv8Xqps%hKm+$(X(?iTAaWU7=M zo^tumh)UOw`g$Sr$S;BUudjQnWMyvPxg#02VzN-f2eZV+6?SU>Doh?rYSgW`uK~1AA|C4PxB1Ay7JVjjmNW= m$S3A>)(9AsF(-Ghte^U4rJ&8{&%U{Nrss=dOr_7RSqcCJcVS=v literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt b/pki/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ae2ce8a7b49e84c1ecdb18c515713d8ee17ef09e GIT binary patch literal 902 zcmXqLVs0{MV#->;%*4pV#F%8j%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXzzw@KJh-e8GY|n=!^0aI;${(CQk0pOuHfuw(8Q>O z>;pzt2IeM4eg>d87gG}>Bg0FP;~51v#AMTs|5uZav%53P<;<)NkH2oc?9LRBa<=2| zcj3z4QQsX}1vbv+t({nQLA@`ebCu6rjuj8voTk?tVU3ya)OfLg?mz89E<=I;BFah2 z=I)diGJkU-p>VDuYvfyl)cM9wpRU$dVomL|IG$EiJU!~&nKxF|yY4M6edfUF`Y%h@ z#E3QQz4R*2HBY2?;yt`}FkIF69hkdv*RqO>->%>G`E)SHN1%QBUFNNFeHwG7e&{}1 zuXEz&9qntYF6v2E+3`=~loMt=p1kD!zIXTA7J454UcaI;L1Lrnzr8LB9qzsElk{(? zA2sOOD=}R@t<+Y$#?MUeq|mGXXEp>K3!1Q&iJ6gsadC}7m4Q4k{A86`Bn-qFM4r^f zUyPaB#-YQyZeQuP)a5s0SEPX>T9%JRj77vcJ=*0H?{bgYV$Gh(^RKEr7D`Yv-~;LB zXJq`(!U9Y>YzE>Wz5+-s};-TOPuzy9g3_$#Waxfho$I;41Tes-sc?xoW_Z6Xq@wd`dsv8sc?^=Zmmf8|}cR3hX$TW{`@+gsVL=Qy9y6Hj%& zvv~TPcwLUVh_8VP=VP5Ye_vmFVv5Gg(|(M9^JDBwtfpN0+Os^Kb4Q5QM3U%^nH>Fj!QI literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt b/pki/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..69128811ba375190c43d5f707d12cc8fbf8186bf GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iIK;EmyJ`a&7ifw_s1p8+V&#ni;e$S`Z0Z^SW0X14E5f)^Njr`FGn5jwo$ zSOHH{AtP@{-hwZ(+!khn`%O&mh5N2*?$t98+_Jpw`{o_Xh4s(s-m%+uLwF+J^)&IX zVzQ2F%*EQJkDNC>e>de+L1tpZhBHT! z{5L$<-!1KVSE5dYj1cW=fRbQ|HHb7r9M7koE2UcD~P_pKV_5J7H0$THept zYNw3m4J*$!>PkfIwH8#`@v7#`vyAI4ECIHj(xP%#1glv?mYPahzy909Cd+T&_euNI zCgsK;^G6rT-|2c#F%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAdp0B6b-56VOyvTc2Tg2^Ys%HJmqs5l!J)3Rfl2!L<_s?Z%Q+Fpz%@q8~&9>-C zyTNStSCuce>MU-)QtvV?>6xh3nLGb4sT3UE8dA`y{dv|^hN34jlVh#*7&@C<46Bk> zM+jw2JlD16#nT*-%NuxJKHRo!DetZw|AjmLIyY^56w1WR$iTR`#-Iuul(Nb!5(Z)o zB2Q}LFUCx5hhbhE7HJmF3ZOv#v=0f|369J+dOlRF1pba_IkrjfyBp# z27JJ%kmYA&{LjJyOhs%4;vl{Pi+};20S_BjLYoI;Dp1^j(SRQ$Aq-N;YQPMnkmCoK z*nsiF$Y62IW#vn+tDA1FGBanI|7hR+&-LDgPN|WLdYXj7IZ_U;54iP`<*7PTumAMx z|CL>4DrFn@yoq?lvO8d&aI$9a{55}HpQ*SZv2u&*&e#5Tdt4k=$8UYYILG&1%d7s` z47us|XHON-Wa)QxTJ)XKWlH??)6V&gKGSao2YXnQvi;ng_4xFWFtu&B>KOgZr z+WR*3J=n%2n7QuJlgnmhx2_7becU+j(~r20t_nN98adBw-8W2Acze5+OrP;Wb9x`^ zl=Nx4Evk=2%D+4s8uYCF`P>UqKOXVkGhZ^P@%W2{8^VvDed$)W<15=1u}sm{g>p~h U1Lrn6yh-}ur`B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgA@|2F)=WLSfd?UoLZ#dmtT^ZoT?C5nwSH04p6|= z71?bHAjcY-8Zi9yQ)24Y?G7jJ-eR2m zY7d)Q_pwaQEj!PDS@1mX&CBBB5~0buN$a#P^nOV-l6U`GGI#k-mYafVM|7tI-^h2f zD(lx=9Jl?((^+pnP4vIDKa_XD<`wGy|Fo7Q-nlkUdAa>P{ob2T4&Po~p)`~A=bPWh z+Wezsyr z?&X$S>Ag!cl3v-Y{$4O?x8{|IWA_tWgTv?D@UVBaae45NVWndQ12+>hBLm~&#+wF> z*9_!=;VY}mB4HrbAo8R({$kA3HVz%ub^A)Ur7pi2yCMyo5M=pS#8^c7*YvL5zF($o z?t%T2T~2x$FOlLuZomi9&(FyCpM`~)iRFVqV>3uVfu+Wv%AkUcE1}JUF%_8R3>Xcv z3^Ld_wAmP0S=pJG3}U3B3Jt9k6hbmGixq&VBqLR!6copKkT^~&%Fk6Ogh#ZY9#m;E zA}NBjrR5hX025`2LP2R!L4GkXdFJQkR3gVdFm(fCpOInVdWDLw`UgWR*FV4V)ZQpF zjAz=L-@1kAw>0Z6|dTUntHHylLXa8>;HLSIwpB=xMIxfc6{atYIa$ zY|2Xo?z@Dq$(9aQoL#eY&Be0R>WfQHPPHqlcTf^L_<5bb>8F=wxfUyXr}IeoB!r({ zmRE6mvh(*q=I5<~%On#2OWawjALDm%*Wa=`S{HUn!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXAcaI5Obm=5HfV%A&0qw~w=dAnAOkX$Iz`pPB-OCa_{LyD5PW693s}Qoi zVfPQUCGXzP^FA7o+-H^WW_69g(ZgPwW4fmmg(=Rh(=I4~SZ?SmaFzf5+~rA5vlu)Z zLS<}9Hl8Yw)voVK5jgKVv98OqkZ+QAO6cB-$QN=FH7ECeXJTe#U|ih97y=BD00Vho z2+Jz7NEnDUh(s{9s7UY84w~X+yHub^B=GBctCQeVAj`)h#v;PR_fElT|7)?Qy0@}c zslO>Xe(rDsI1R}1Gcx{XVPR%s`C!oa7i6FUOXF9A#!m(nY+MO#9*n8LBxk^AkY$j; z#-Yu|$jZvj#AFa76;)_xrJxX!ky)$&L?s!i3Z>m$t*6&NvupwK~8zVOa)ANj0_$|O(DN+;y12%e1Bs4P5uWpZ@={M-t>D? zd}!sINz-)7m3DH|UT@@$gIkVE zt(d%}SN)ozm@)74Nh=yZyL9&FZnQb`+W2zVQj<B<&5>@+`h~tImf(@m2A7eHrf<#{I>9)vdWP)ex0wr nYDdo9RK&Tu{(xrr+GT8AG4B0_$ydK;9<+8mp4;HQ^RFiWC}*HA literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt b/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..5fefe19944457f517d6214bd7418958626564d1f GIT binary patch literal 1014 zcmXqLV*X^%#B^%`GZP~d6QhU$FB_*;n@8JsUPeZ4Rt5tHLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP{4o>q<~qN-90})MZww8Ku(<3(7?bD z2rY~a3=E>gd5sMWjf`PjgA@{NFflNK*q|L+oLZ#dmtT^ZoT?C5nwSH02~fb*71>z| zAa@#?8#FO0A$yIHm4Ug5k)Hu5&c)Qk$jGpbr(VLPzgd3%EtMzIW}7;C?l^?|%XP}d z&#|n&Z@K#N3>L--?uWjg53XEp#jCw(?x{!jed>RnO0^aLa-inK=g=2NcXeF8mF^4xjRpJ3U&9oy^WIHPKm{B5^j~ zu~5^gPqB$l*VOuS-g>`nyZo-c`d#Sg-^~}hKKl7u$2lc$nV1* zS!EUp1F;5?2*wr_={?#(Q@m`K3KWS1eqC>M5}XEP`B=nQME>bC8pd2Qp4*%->FSrw zWtu$cYP#SQAj{9l_@9M^nTh3tK`qEU1(q^{5`!W(79f+sAj=?wjYFG_k(HI5iOC>F zDyq=fNPD&eX9RHe6?9I;6l;JyK`#I=# zb9d>rIR{rH2#Q7>sJFS-vCP!@BEwte+e^C-x-bW9RDHs!apaEhd)YhxuTG1zf2n`w z%Isgiu3MeuiQ$W5%K2rrKiYDoUCdMFRDD&hoh`}>CrTe!QGMpq!v<-4y?55zV)x!( z=cvfW7sJG(o#pVC{npcECfd3sZ0-xDJ#u~h(&$HP^=4M9YYIzdxE$i_y3g#*d#u0N j^8K>~>*VYH%wHj{KWY8N7mnqZ?nM0l(K~zAT^3dVu$z9n literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt b/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1168b580e8c60c937fce1cf6bfd49fd6eb5cb7ea GIT binary patch literal 1240 zcmXqLV!2|_#Jpz#GZP~d6C<+$FB_*;n@8JsUPeZ4Rt5tPLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP{KeAq<~qNKOjFRGdU9|9$;vs;OuB1 zC(dhVU|^udKdkrlNni!Rky~xPQz}&>h&j1wXVrpV!WZ3h8!)cT7?h77jHFLQaOyJM( znNlDY!~>Q)GI2=;XJ+abozd!N|iJt->{{HMYC&oFC~O|p4r)| z^31FG-}8U^rz^PUJrc6znj*r}bo5wu_t~)N7A5^jYb=8u1Nzh2FBJ)8df1Y$z1d8Qf4H6N=VoGNWMEv}#JCz5 zBFhcrfgvob%mR$m29X=_rjKSFG}lr)*LX9KhHOTU@h_Q$~u;%zABQ<%& zvmQn*&a!N-eAbLY13r*`en!UsEG*1SEFXYo27^QtSeh8UfE+i2#<^@<32h#XsleoC zz-Z9eXVBQq#-Yu|$jZvj#AHw}RaPJP@qyWsh>d3`r+#jXe~cCDMf#`CMLn?Z({9NW*X2XmkH zxm90E3E9qVCw@uxQGVV%wKW!-w$eIwvY({01OekxBvhE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt b/pki/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3cb86cd1ce612a789334692feca12cc08da4ceac GIT binary patch literal 1263 zcmXqLVtH-Q#C&-HGZP~d6Qia9FB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgA@|2F)=WLSfd?UoLZ#dmtT^ZoT?C5nwSH04p6|= z71?bHAjcY78Zl`BidT7qT-*Z8cPXn->$9k-qEW z{cE15r?xLzQTN|zsyM6r*_qD$atmEA90<=5k}sIRyson%a~Jm)tBsHNTg!Ex-01ng zr?mcs6!YRP$BjjHg4%6=bYI$@>6jrqhvoX*C*M9#Yx&|*C@r;X$*FFChW2+qpYq(= z_j$SYyQLr8r54QFvPpC1-OCwfnIX}RY=^54&QSaLTl7)Lx>wup6)sL{)hk-Bo3&Cb zGf;mDyVaVDk7NEvi#lw7V_m=6&yV-qgG(PT?DG)Sa_8RDrTrn%lZly;fpKvY<56IU z95j#zhOn$Mi-dt#gUFNG_=_=9+c%fhc+7{D=Rw_6Od;m)x>C4XlA9L5S*G^l9`{UV4`QFXQ*eYke{XyI;12ilvOR+^JjsgRMFmy(l; z>b~;Kk_?61{GwElWAf143bqkwJ-Uzb%YX?U)msWV`FZKcNgbG#fk~Z_AzO!c-%j?F z-}Nc!sxH!v2fw_s1p8+V&#ni;e$Z+BNiZ}Nc`ftpz zDYQQm%X{%nQy#b~h@7|31ZmvH?kz<0vy$wMOx1N4eJvKo?zVMT5quZ)Okx2_! zx}WgP&8w`u7xMCl%8oR($)br`jx^e8z8YOq1oHKbF7xF9+4BD{1 ze2Q>m>)XFwn$K1XmZjdfz4nZVR%ySEhP~H=zgr%EHGMrvUDIj3=i!2|D7>kI} z-VM14nJH!Rm8R1DZ!L zOqm9Z$k72zm%!*?WKh3)Fpcf~lIt$lm!DhZr!cq6t@G!J)0^dFszcnAR#_|NT~%cH z{?p!dR_BFV+l6;$idKq06}!L8_p!?hE{~*ULBGtBswoY^2Gd`q`!v{ZbUxT~R3&qY z_04@^+noRHkbAnypm%HEZq8GFC!X$J#BzSc|NYNJ9xLxXYR}ftZ6R}Pf%^BoD-Afl zNVqNKT0N0fZI{2Q;GIXc^7G%Bp7!6}Zyw(kv0r^-pIoBJSI;#TvqV|@a~&-HNNn53 zcy?chfCuNjtv08<-(70C^7#3d?)&R5id|s%y84Wo^{bMEoz@&-pFjS&k*#{3eUHTA d>(hCCuc=2J;r7@#apFv|aQ7n*c1JD^1pwUoYZw3k literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt b/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..34197f036016d13e4aba0e5cee865c8737cb95cd GIT binary patch literal 945 zcmXqLVqR;|#58pQGZP~d5E<~YacZ@Bw0-AgWaMULFbFl|HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1hIm# zFF7JMUuIKw<&CMA$}3T5bg-D(}DK=l={T{a!T(QY1(k`d2?G3d(ciTr-_Q~nfthVf0ORud|37U6bLE`^9*26oF zD~gKWF~6|qi0ylitP-QT4|gv;=@!kMy!`A;3BA&};SaMN&RmL#bSpSpo57OIvT**( zPjNe@{N5BFGJQMaiCj;HEeqZSzG_~|wu@_b{EGkAYVLL1Dd_N({_tnr-VGV=<75w2 zUyx^FW@KPooNbV4AP)>{S!EUp1F;5?j`)4{rj}{5Ui%(WlUCcPrM{Iz3!F$~`B=nQ zMATj_O5c*SfB%&;e^YLET*_DPel2Ri2hz{a$oQXyg_()vgMm1RufQT;z-Pe2#+A_K z!I%n6js}d#(E&`1!02FPFn;trrtw(V`nOZgXrK9T-a9HNQt?!zufdtdP0U&X3K8Fp z-y7NbXRw8=+5K8^vXr*Cr}R|Y{8zztt2{sdusXDGlIGS>E)Z{p@ESbAPqmF0}+5N!Feh>?`&sYP?nw4_*GYg7w$z``5hB z-YVR==lG2m^ZswX-nnfKCzpBqB7>t>7yi%BpL9R-dT-CRYGVUYt+mE;eyim77DX@n fm%aX?TIk}$mbT^VSl#9F?zKD@NRyw=BNz$*kWp*P literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt b/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..9a7919b00acb49d393bfbdfbfdb6ca353e2ad9ae GIT binary patch literal 945 zcmXqLVqR;|#58pQGZP~d6C<+$FB_*;n@8JsUPeZ4RtAGmLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}M*gq<~pi#woElGg%=xH78Biv$(i4 zHATTcCq=7 zqJU|+UuwBRcxFik*cGm>$WB)P`NhPbiBSpJ_l&Fz%uS5^3_x)%rY1&4hOKR{Tvb}? zYJ@%>&;75pd+%%i`Ww%`t$i_d)mc4>*PCN}?y&w*_?qrFYvPe>H?*6I?=>Il?`4$j zE;JE2R{HMDtz!?0BNsS-&fk~nxX$X#V(GUb&t_H6E4y|2ZgN72m)~*axgt^3`ubj7 zhpQWZPm{bHWIn0Y^!fQPz7%Eo4~NdiZup&aFFCJ9Xz@kaJ+mL)G~b=to9y>xcW>e{ z(aDofE}!aJ`sBd<q|i^eR4$YpsIw zOB~rUnV1V|b(2>)k4hKZqM8pgh?pqH|B(i)g zVk{yhN9tVF#@B5k)hLTj-=`w?fg|sZ#f=zO3-tc{C+Vxhwe0E5qzGF=BJ=}sS|HDb3fDa345IbzcOS*M4&Imcy1N;YT2>sQCZ-%Bi8mVNcD z_ROhg*ZIV~t=&`Hw(ah}pGE8cEi}-Y{@x=s&{S+`%YVBA)g4_sZ{GBm{17Hz^X+oV h+N8LUE$5D&Ibhl^qWf~~p0~H3$CowPUSoEt0RRxGZhrs( literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt b/pki/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..038e4d7a80a7434a14deb1eda6bf448908e4c7ff GIT binary patch literal 945 zcmXqLVqR;|#58pQGZP~d5E<~YacZ@Bw0-AgWaMULFbFl|HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1Z#lbeu})ePbFca$?6hCoXnzjtSn`Um4yNu&UT?e~>J3&YYv4YeL=4 z1+%p;91B#D7B^2mzVwzs?)9}svX;>WUs-P+sBC>I=JusqHcMiA=E0WzV(%vxt4`}; zy7cd{$qeV;lcv4)*cltcR6RRWKBbn)g}K@*i~SqRf1^bX78x(a1zeWTO|58>pSkT9 zKNB+}1LNXsgG>W?U|7p4vq%_-HHehe+(=>s93_!BR1P?MbmX~B9Y}|5n~Zy zzPsXy(s$dYDc*w4<$6cXt3UhiY`_Q7&(FyCpM`~)iRFWVIEb&nB4EI0z{AFs(B{FI z3QUd$jL6XeOpL(jU}R7z{8v_e--3JpyOvay^i{&viaDHf_B@Q)@#^&=PD%Z=f3n>T z3|C79&p5RSv($-i-ymGso45T<-5>qyVNUPnesXn0LtTHuK)l5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt b/pki/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..69ba3019d4b6bfd8b1fd4289b7b21bbd5efd3e8e GIT binary patch literal 893 zcmXqLVy-l3VoF@V%*4pV#K>sC%f_kI=F#?@mywa1mBGNlklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6foceDPR_6chApHQE+xNkQ3)MG%zp( zLJMO91A{1WUSk78BV!oXAeclOlnoRiHb{jf=47TQxVj=cLjmM2LxUzpC1js4vNA9? zG4eA2#krW87#SIE-YJ(55Rgc4{QbN_fd5BJdBJ<#yijYwWix~9bHD6eIQ^HIT%L=Q z;ECXWrERn0%!N7@)!r=RxZ-JAc+Ty7^o7X2RQcCVwx{^+_)NGFl6gMPVv|C`-R3~O z`?s$~TTG17JwMBMOa8P8Ps>D-oHJVl&WAYuG<`MiO4RhZaRQNhA3Ql6*?Ilmr^*fO z*-Qr_7iuvyiRNbu3Ni$nl-PcGcqS}q(Ua5{${U+yBZ4_L8S75l_q5h{o@#x-|&g5*AQXRY4x{q6na zE$60W?2nsv!DZUVA784hxGF`1nV1mdX8_v1u-)^|?T6E!$L{V6WL+;e6;OLg+XJq`(!otkN z^1(nHWS#;GFdZ21uyG}{c`&8|la>K`!U9GIBZFMjP5$*sOLqqC+4F`cu|t?~6&F9R z`{H>kH;GICSbS6GQm@56>rLmc7zyoaU$EI%imi5bUp6(Ix&2OJp zNhV6<^;~?ycWZWTPA}VpcRCjuo$Yv8;?ci}$Kn~(MN+GUe(CRBvEQUm_q@1I zM6?0FUS^uBnwsK_%bzE#(`=9OJGS?QMjiixDbN1LY>n~1+m#r}$9n1i(aZyvJH0L* zdV1o^368^mwUqr^7-Do>bep>l*(x2kN%+)N@mSg|_14V(AIS%=R4pi2R<&GU_S`k~ s`$RstD7Qzf5fFXxdBJ`;)zfCHnKGl+{XdYm!Fe9XJV~4726?@Q0AB}AlmGw# literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt b/pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e5235c7ff251f29bc6d9ae78703ab5275a7140b1 GIT binary patch literal 976 zcmXqLVm@Qg#I$7rGZP~d6CB(+$<$iUFhP{BYBq<~piJTEaf)j2<}xTGjCGq0pr z!No7wP{G;JKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgA5XFv@kG(*r*?tn3I_TvPS{k zZdX@irz(Kl4z#<8Q3=_*jI0dIO^o~uKyfanCPqevBX^%45$5;vX)~<$JKyzY@^t|r z<#@Y1{{?n}8IPCkkhK2F+T?v+XlcY1mCC)FWNx@;Wvsb;%WOi$9&PD_JuaFa-EP)Z z+RIwb9{;xBOnU+`j` zrc?XIuvxp_N&e-!&-Y;GMH4q;;iSCJGA};Q!0D=TQ}@leXCc^&aW-sM(D{;%NVKKRXhQIz3$t$@iH+pGB7S~oMF&7 z)j%E?#%bMBm{?EI`{@4?oE@b&w#8^aJC!Nn1p1d{B ztm)`a=XfMv#67tV=eS)+ZwQ*Tq&{FF0BQ+8UXsGa`yl%eLGl;QGURcbY?u5J${n*mPQaHIeL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt b/pki/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..8bc3e87b9fc4a186c0856c941e317c78db671ceb GIT binary patch literal 976 zcmXqLVm@Qg#I$7rGZP~d6CB(+$<$iUFhP{BYBq<~piJTEaf)j2<}xTGjCGq0pr z!No7wNWt0BKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgA5XFv@kG(*r*?tn3I_TvPS{k zZdX@irz(KlZfs=G#HfVqT}D<0<|amd2B0_>QxhX2!(;2(fZY-5$|odth+JOz?%caI zr>=hS<*003FQvatP-c?+v)elVyjglUMa#FgF0gv1@b}*ysl9gh-^#Z$*`(Y|>HBe0 zdRbJ4(S<5&d2bfy5_!G?+0a*WTMTsqSu%d5s~of3we4!b6gAP7w@ZEm*qAiVcRM^; zr`-6jQLf}J!@7B%uZ`tAioAUf+p(>k-ydTr`+q}7T9=N{o$L3@zHIAISbXWc&yv*L z?v@g>x^ws4<+4xT;q}pXN!jr`Zlc#@y&e^|1)nl!Y_g5NSh~S3f6}vd@q-JL1CtIM zFTT>2EmXMM#xqk=?%k{2;)6EF6dCjD)*ZOl_~YNDtYxhRvS!QW!F85kEg&M;`4 zY9J2`V_9Vu2?MbP5jT%HPMm$Q!38(ORd@v9P@fBDE4EPLq*tinfJQ!1fDbRq?Kno-x z$f9hZ*dz~3RVBr#MP;c)dLU*pQfkvn&o4ucJYZS{Mjp_;KmRO=E^eM^GsXXF7X0{(fUNihtvjeadmkjr{#7N=a+W9W^GNms=WjRlB44lcmL*CA&)< zrf0qh`%*5tOHaT?+m)F|{DPDV^YLiM&99Dq=bhTubc>;62EWrw73b{Ipp#X+xA}5h zdQ8qQ75=<^rh0Y#$?2^W7nS^sP2isX>9 z?dNSwie;S@?!-4={%GH$#=Jl}&4WAJ!a#Cal;2;&iQ9|biuGSAxE?F=RBQ5$eKXT$ w9e%ZLHjoqNH8e0V1VRgA0|SF7 zab9BsLnC7t*PyYFiY{_8aDceTGAuDCGX>}lg~YrRg&;R)3nL>1bXU5%B70Z?6aq%( z22G4g$brVl%D~*j$j<;2=VEGNWMp{Q!^ygIUB|U^ai?y|%9V6BXZ%_G{UNK$YL%99 z)qq$r<;J7AI`48^)Z4GGYOLb)yS?BeQ}?86?RU@E*|Zsp>8v?>fO}a~)`d2Y+&~V0 z0p137(TX*p+iF(s>oZ+ub0<+ZT~5W}dyMCe%U$mE`sNM#5`4@Ts+Od`W0ZB=Hh&wd z@bf>L*)(=_UYV`Vy20$S;^OtcvKQRSm5z;z`O)r?@Zdpz@Us4(M=aTI^p;iL%sd-7 z{pqEY{)FuwM~viaBdn6H&$4owq#OOM|Cn0Uu1;CT+a^4YN|Pt$K*cw?fh{KYu1>Mh3>kjnfPoCmYBELt9pvMZ!R= zK}6m23Cm5_UpX_TBTv3xKP2k{kvDVWcIhm9+t&4V!&n2rq?4KzR!f-H&#@{O{Pcye`h z04CCsWTX_Um!4mS9Cg6-4vacRhDz<}PVwyXrTU)URH)f(BDcYdXVEbaFQ=W3LTbka zpV%BX+f@1MnyD+#(|rAt>n!#sdR#u(@$jHo>7j2qD;LMH3Vsn(o|vqc&l9G)vaHRr zu5QZ{gLL)@E9ZO29FRXV<@`kA# zh{x7HI79A4w=OS{*ypk0$m59~3<|o&zn(q*aMn?E@2ZmKCD;CL*{u0z{k63n_y2jw zNFDGBstu{ue%K+h&(O>G(2AP1GnIKb>)0n`Ivt+%RPANnhVHkwuG_x36|+C7)AL!) kHS>is($yPXv%)_-uueU(UYqyXqB;DPH#g7EIzEjH05r;e3IG5A literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt b/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f8fe1223249f3321656ed8569cbdb0e13af4aec1 GIT binary patch literal 985 zcmXqLV!mq7#I$z-GZP~d5E<~YacZ@Bw0-AgWaMULFz`3zHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1GCJO>b)2}}*GzbheBZkDac|qzEPuwC=uleNCO6)$}5JlJv9ZBhI4px6JG@YD)ce>yR=W z90uW+W^^(wWn)f}aOukA-?{Oa$%)LB`n~S1*BA2mOyvEuP|`B?qeb5YgD_=h3w~FH zlGQBRVt2jVkXXt0t%>XRcP3^=2FAtN2AKx(zyOw2W|1%uYY^ErpYzlN%Q=4KQLlds zOkHz%xmT<@I5Elcv52vV2%b)}O=wM_xmCm&{+wER}LiVny=}PDAMuC4!Fs7K&nk?Pt2E{db1@s=PkLeoUOk? z>d?<6j#Ix0-{D&H^Gfv5?d1y&uiO&W$mhK}eY&cB}5 z>SA1k&d>kz%{1E@S`TfH4L+lMJjLUFzL+ahVjjbf^y_sYto=p8zm`9&*^&3L`om}S s*U#$`FLkCGFZaFkY!a`H!G!xCne*gdg literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt b/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4364e1bcbf58b2ef518d5e3b9233c05f64e173b9 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe4JhzxkyIJMe5+P?ELGIFyr7~~sr8*s8QhqAB;*z4o%)F9f1s6XFo+W8 zH8wCbGKO&t7z~;im5^P@$jZRn#K;d4=VEGNWMsJXjT(r=aMQ8VuXtihD?H&If zSuBZ~(6sxK`b*CoyX0*_cML9w)bCd)_xPTtzW2?-d)+ryCN9hMb@=OI+oY);)cMKc zeX8ZD+XDXDFsA(wft^kS&$ z7{~(yTvnMy!a%G+WRZSEbF|OY>D%9ZYu_@R??L^8>7wB1l;vX)V-bnhn<{Sb(MPYL z?z7aZwXv0pK3Hrw-~;LBXJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`CL9As14odA zAV{IPfoY?0SYl3Qii;mwJcH7Vp^2-j12DOiBqOCAz4ZJt50nYYoD6# zFI7A6VvbW+g3J$nkLME4lDW%k0)Fqg^zV6)L+NQ_sg(B(muH>bE@0omw_^L|61M{{ zHr2N7?%MZ$!`*UO&!qV!u|HI!qr&?mWSjOd7;}B7h`-Mlz+-nV@z%n2?Tz9s^Kv|` zgf}?xhj4LsGn{&@7{igXuKV4S#eya$4;dRtOEdR1T_h5q3In%v7w`YIYYp_{6_vF%(-~0rOm3JI}+$}s?_Ik~;hvtvx J^X>?B1pwJ8Z`c3; literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt b/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3b5ac8be530528ff89cf455c7bd7a2f5eba846a4 GIT binary patch literal 932 zcmXqLVqRd-#MH5XnTe4JhzxkyIJMe5+P?ELGIFyr7z7(~8*s8QhqAB=O7>wlWvz3eT%*zHb{Z1`)X|C`OX z|FEc?n;LVsd(Q%{zg^|M)2o;tT`+3nys+;S)3jr!qb}S|x|5a3Z`k_LQ8lZ-_Uy_u zq3dya3|}t&Gq~jHb||yesJ28+XzrnuZ(hIm@?D?t&U)Fyw#MH|dzB6B`W?U;xW1vq%_-HHe&Hd7GsnTX!$z6+?&Cn^M93OZC#h=|Yx|MT|vc3)7^9=cQJa zgnzEFaOZn&s?~bE!hjE?pP!NOKMM;p6Uzq!aS&gDMZkd1fQOAMq0NIa6_^4I7?Gm` znErs#!N?G#)|UG4HQODdXBLx=7$1y}>3;mkD&XJoofk@Pb!>X^jq7H2*$ltS_KVy3 z?=T*^(9y~%;5)_NQR8rognyBaWL#NqeE9x%{EIJ5Rp1T!m~X8Rl*%S4ZufKZO!XPs zj90bR|EP6+dAinU?;kh89Jf2ATylKRKHn>>IlH7|*>|_frppi0QrR{!>HUgaboA5P z>hc?ri@$R(xL)+26M|JWqI%h5Ma;eqsw!5@|OXA6$HK*m@Jb!d@i$|U7Pa|;?ZS_YB V6pT9l)_;FG$4xx<&!ro!F91rqZ2ABI literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt b/pki/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..20fa140e19dd01b73b0fefe1439fe0cb65f48970 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d6C;NKFB_*;n@8JsUPeZ4Rt5uqLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt!| z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#%2<2lroS2If+|XupqT4H?yQ9H6^$- zsiY`1)zHw~z!W6MEUXunn3I_Tbb|uAvs_(~eW3vImZ7CV6QdGxNHDT8FgG#sGXTZ8 zn3@ND@Ct+wC~3}gDGEc+?mStfV<=EzRLOeGMSU#7yXW! zTT-x)A$kv2{m#7>zS)JJ`u|j2xm2Wbf|YNEx!2lFveTm9yjeDD?FIcgcf!pMOp1|{ z4|O*8S-ekk{?Anb+a}#u+v>b>jqIva-*QHUjR%_d8}_QOU7pA5Ej9JEeZz)3TfKEG z->xr<-Pzy!xMKsahU>z^sUO%ra$h+1b?zovk;MuP#_u_n9a(4cuyKjP)edHprQRFQ zKHM5nb>rBdwz=HOeRk|Cy;gIU@<#04B(LzN(fi-V?zm!Mx997xEatvav0iTDt7Y>S z1na%}BcgYbd(S=ND}EiGtW3;|42+Aj4KfYnfdMS5%pzeR)*#|KSNh%2|BsIxH?Z)D zJ{}t~v*^GMaDtKLV-aH!iF6jc{%Gr@t{q!7*FKB-Y;R)qOVWT3q@SOW@jnX-GZV`P z191>vfknW8&wz)GE1}JUF%_6J4H%K51DG&@(ZR^je4xzo?=$f)UO`7K&dwCQs%CNT zLs8uU`6*vs^LY8ab=>=Yqx{WvtevqJ-+5kZP4o%liKq(v^<_eTgS6-Km+@TPoKo*g z?*z}@Yw41?PHfXH9`pNw2MRA+?4S5_f69ejf;pcrYnPjzd}EZl|NosZ{)s;K|5~k5 z4>0+E-|33o`I6_a)pKZtr`TA$NRsQGxR7w7MUdK}t?_ZWa%=5giV@8qku~MHE z@>|1#9>3qZH;(J$+T#HVg82*w?H78RZPTeOV7qtuwXvM$E#B(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt!| z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#wHSNlroS2If+|XupqT4H?yQ9H6^$- zsiY`1)zHw)zyu`6EUX)rn3I_Tbb|uAvs_(~eW3vImZ3otqY`pJFtRc*H!<=v0L8hO zniv@wj)cmeJwCgy)7E#-?xp)#Wp90-dCR5mq0deYkB7-|p328hCmXdpT{$OkG%Le! z#y5so*763U$$UR$^~LV*k^bm$)VpMLEZ?q`F%s<#&F4?{TK#tOT={C}Df6w+mxaZ5c*W8aS zn)jXM;j*Tc0xkbLez!%2^MqK>3YRv?tV!C}ek{r2{7Gi1wAO1=t`zJ_{U^bzwKqzg1eC z`#cw|-+tTThCP$-(SuCPj0}v6vkfv0S8#ukl^0A1qh{XQm{K~fCQ?J65Kr2g=ldfDd=T0)<1L@~yWc<&N(ReK-SWXO6jTfvFpeR-J8q{Gv;O>nh;KB4^E zdBEFyduoT!=IT>d`n$Jm-8Mt7>;Eb_ z?ql2=zt)&)zxtpRT6@I$h0Cs9qazb5lpLzB{`CA86MOhz)aT>fF}LG>O#EVb#^Asf9y^sK3F{a?>oVN= ot@^#z_LrAT{4=&|vwRj-SUtF1p2)W(ZH@iq9n2yRj+`$B026aB(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt!| z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#wHSNlroS2If+|XupqT4H?yQ9H6^$- zsiY`1)zHw)zyu`6EUX)rn3I_Tbb|uAvs_(~eW3vImWe?VqY`pJFtRc*H!<=v0L8hO zniv@w&M;(42b@rPz5knpg!QqX0avxTPfEUi;`3<#oJU?yvc)+!Dll`&`%0XjaP(kV z-3zbh%JG&yT9y5K7cKnx{=UPq-mr){D^>|vbxwM)DyZpkp+L{IV1ai=%MUMkFe$Z3 zwD|H}&O;w^y!K2h)7>)bRxj7hKuc$?77ZEa{ODZIjpbW@emiv8wBW`8cGk#8V$wQx zS8^7|*K*jOe0NugL&$oW%(iXT*SM$42Ri5TJbUeOv3is4G26oPL6hbFWX=(2&lfzv z@}Pb-*Fv#ip(RlK%w9>2xpHDc+uNC#85tNCH!d@1Tx=i@3}IPi76}8f1`)>!C%3bHE1I4^w7ma) zrPu+kKkwVXDMpr$MT|v+x^i8Vzyks%*4pV#K>sC%f_kI=F#?@mywa1mBGN@klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7lRDPR^B%S+5nb1C4VHx9$Z*RKOUe%jtV+4%16q96C?a)hp3^si%8@vZyyfj(2;OM88^T`g!4 zyuy7I@1t4u4BwlovKh2Gmz9UOe_mkL%F}!2bcub(4JI|Mu%Fjmh2?L?J@Av>d1>b= zgX>SXel5RUIJanxg=V(%ic0gvyoTOAf(!wh+ShI@UGrPQOjsqzakqY*;;It&>`j|y z?`7xp;+^=ERb?ty)fZhRW=00a#Z8P%295s>J`*D%woU?($CMx_@9M^nTh3t zfjEe-z#?G4XTZb8mC)wFmL zChQSCS{Sx--tzlfKJrS=w+vNTSSuR2E?O?^=u;IBLHErr4jt1ixgPiL-Rl^%Zr{A7 zDV_bkJByX}9^7%!XuA2U<#(k66fRahO>^q!iRpeMeMm1QB*m~(+oLW#*F)vU!A(Zy znRhdGM5ueezm;mn{VT!i@XQS#PbV|hd$c!%_?$gv^iS*UY~zKs>kPOwx2V0(aa{a( z^0B?&r?762Nbj=Y5Zm!Y#rTo(qtGWllWnC~UT3{&vHf#nJO2z;eYbf6f}0&>oD{!S zP82BbW;UI4Eqklv+ux!~N<&sQzFbh|qUHPWB(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt#5 z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z#wHSNlroS2If+|XupqT4H?yQ9H6^$- zsiY`1)zHw)zyu`6EUX)rn3I_Tbb|uAvs_(~eW3vImYG2lqY`pJFtRc*H!<=v0L8hO zniv@w&j09E{C-a2%aWFDlA#M1n`j<+_wb^)NobGS3X!-w0uwL4;5J`a6eYN1Q$xo* z(Wy-aD?eBJ{b4Ps;@UOq_Kk2o`=pw)dp_m`Hz^C>E&n-FckY>%+C>qQjB4t#ZSFk$ zZ@Z$JZ%S{dWTBJyyVWN%Hd=Xqiwk|*)h!Y~SDo?H$;y6_S$RE-Z|8M2RhR#d=J>=| z-f`iq{mp&l6+Ew0Jr}93*tc3|f!XAje;z39dwKA~&1WI(I&FV0u2EeS6F;3xrsm?u z3q=9*FS0$gaNRw?XSn!@8M*AI;~!SEGK(hu zQ$HMC^u^2lorDj=%Sa|>Mh3>k*#?;g^1$$wRc4Ve5Ni-&yA!?dxR80|k}ijm8qT?{ zHeL&FgVT#FABz}^$kc_~-M;bhmoJof+N1krL;t?=8{!6hApQJ|jQ?3!n3-5U7>I-T z3M>K!dG zKHPcuI)WagJ=>)&Q&vcK}HJ$-M^+4>_2 z=YuyC9SRSzT`;-ywtzHGUuc(RHQ&}!~kwJ$l7C8g6WXH=|eNU&6Uy>ac6@8$r5-)I;B literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt b/pki/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..d8b6ce36d0de3b3e2936a752c5700c036674070e GIT binary patch literal 574 zcmXqLVzM%5V*Is$nTe5!iILHOlZ{=g&EuQ}3$sCpAvciA9LmBb%oG}IC~qJO;&2Iz zg`^gjC^)AUm1L%6CMTAp7AqJT7#bR?7$|`hFbhk&1Uo7OBo-y+rk11@6)Sk=Wuz8m zmZYXAI6E51iSrs77#ISfg|UHwL6kVJv4NqHF^p@FOQNl|2G$T;O~Mj$GE)>#?1ovL zn3tTY;OdI(Xa$fjObr?*A-v4U+}Ogv)Yy>TUmoCmvV5X*%xsGtbIyyexp=&4*4+GK zH*D;z^A3OYZI;`=dU@9M>Ef2<|CEE8`zNjR+bpF;efr~9N_UX@(AJ+yMlIt_=K zWFhsK8;i3IG7aQ`zLHgDkuVTz5J_#EUtra<_M5ZpiRb;HeJ{Lkw?6{MhAbb87>fv7 z{`!K;Z@E2I3(73M>K!d zlsK=kfuWHxjBAiYq6J0<1`rE0!xD2cQxrhf1ZSq_C6<&H0UhD$itH!_kSk3Lni#hM zu{O+Cj6jYYQ)45;lkW8nJ)+lbYu+(W6UsQK!1_Y`)Vz{Z?^z+!wJMBnEj?QF%4GAD z45zEof6G6taGIAgdBV0sOond4Rm_=ZX6S~^jZ==-*uS=(|3c=}q!=l7t+<|I&$_=t zN`0YE!(Of{(wx@Lp?5j;H^bxtD*Yrtn0+8%*o|Wv>qi zTct0zRqMn%C3n?|Y{k1G_UAqbG=85ZJI8T%oXezGy<>7a&SswIx3{*t;J@hHP3FcH z2B0%^M0U)5Bh_S*xIH;f%=WFmnyQTWi9^M9SAR$}eYh}Jza=t(JxIVUSk`n!aEiq> zsSmz}aZ@)Q_u+s1v?ez)Tyev}^I7|9cE%rxPZayYbaK7Ny%l$NJ)S>oPASHWdeFg&^CXvdmmwu-*-oJhI mKxLBtl}#x&Y}Z(rM7-O1O8q5vPigB(+$<$iUFhP{TkCq<~pi-aR!hwJ5VHH6O90H8249rc8{0u;GE~X|%Muwetw=MX5kl$vh zQlZG|3k!BuKi6HmGxOSpFEJS#GcwOr+Eq8$*zDuWn|3O_!1&wZZ6&h~2S)2U{+*>?CX^vF=U zcaZCO@h7L%_t!?LFPOND@$BEIJ^pjT?q5B?q<)1>a6%M;NZf zGchwVFfPtE$TW}#2DYp+i-dt#gGilL>3bftmf` z`_-HG`t!*=+3{;*Z|uFBD>)S}81RAg^D{F3XJKJxV)!!Z*5t7eeY1)L#^qR6oytB(gB$h;U-1A=~Ag^R*w3Hp?xpx8P6^ znkM>V$HMitPj8!*SN@)NnTxSO{7&D#?g_uVb>);-)!wnYBD(!TLd?7QI+1TDXuqFp za9C9Ay6Y~cW!jg1mF!mEr<=LuZSI-SUd!ihK6_=k9xR&kz1@C=q}*$=YQ(9 ztVwGR%QspWlvJ#{Hq&YMlHCESYyKb7>}Wf$!teTvK|UciHI?n?QNx$(#W;PPe#gs4 z_uHGOygXK~VpXU2=^De~UovZNhTgu#7;5{(B<&T`9=o1t8~F6I4$o%SIoqJ^<){;) X=abwkc{^3Ovfq26dF5jD@Kb^S&;?}Z literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt b/pki/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f97ed0a3e958fba32d059c05f1510bc25b706bbf GIT binary patch literal 925 zcmXqLVxDQx#MHQenTe5!iIKyAmyJ`a&7^ zOB~ZmQi~K^fbLRobwzfj0?6GK22G4g$UbFcWngY%SmGw)VToO;oDLi_#Qp%D`nUt6!ipn8jKxzocCuY}+&(?r))O?bUJ zCv4is>Lm|3*KgK8adz#>Wvl{A6F95XT6?pO_P&ku`a3_lL*RAwwZ6L7d;N@-R}@YP z6o}Vf=DyTfkj>!qZeH2CC23FAi@rM9pw?q(S!{mY;nDH6Nu5)x)%Vw(ZdCiyzFh1i z6Eh9 z`|Ko-`|AV2cN-2_>n>X)DeoE&8N85#exurM>Rd@v9PnWw-4OeY3BY+MO#9*n8L zq-Vg0938-f2aFCzh5|!Y(#2U`|zf4$`7t`h#T z`;YRhH!qjk{`_amVivYVCw?dF4Uc=v8aLB8={8rn%wNgl@ofDZQ$$KxD;yqw`MJjG z-^`|3C-)1I|7*^hH2iTluW2bef4%B_r|aLlXM$y;dcP{U{dvl?i-_d3B*PK{z?*8eHb-O*eE^lfJ zf8wU3{(VE0Slr(!Su#Ig_MMU1TmJ0)rH}7Tdic23e$hO)%J=flJ14wdCA=-~rcW-M zvGdGsCT2zk#>LqNnFjK}u$EP3kuVTz5Q$)HQIX!G9W=$ucBw#-NZ{A?RwuzJLY9w3 zj78+^>wASa&Ru=rw#qj9ywSmzQx4m`2d4*Fen!UsEG*1SEFTQSLFOs2027J<4;xoP zn+IbmFzp#IB1Z=>o2d9Yr_?aChvwwQD}FF$l|A3$=C6ONt4+84 z+S-n3jiuVWyP9Nzo*rN={G(#6qG0M(BsM=q)3#6e?J?u^pX-lIJ?(#6WZ%U4e?@EN z?!NQ<%Wut1H`MIAww(Fj`a5FF5|5nz^H%$q(xt|-L$DAV+2l^2~BY(7hG z3xq38H3)wFR*Z|C^Ufa2mFL%7&kW!Rtnt5VUiq)-{dRxLW|?CJ%{Mb0m5L`VTFus0 e&&&I7hGRFgh}u&t+sUt7V&@+d>Ed{{P8a|oPGrIW literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt b/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..66296ac7e75436772e5b8a4f6f8c39a7c1e10f8b GIT binary patch literal 923 zcmXqLVxDf$#8kh4nTe5!iILHOmyJ`a&77K*e6-aRHN_jg*q-RgL|&}RP-l^<0LjDFu;Tv)?oS@Kcp>*`gP znWil9+U2xSZd%jo#P0Jc)dCmtqSYDhc$B>?TbZ|d?LLX0EZNJ27qIeFuPBxKTUGz+ zRgJZMS$H4a=e(U|Sr&WqPE`}{$Go7@RkMEl3T)rq+QJ^Y%;Z=u6Eh(I}QgM@PYL6Gcx{XVPR%s`CuRp;w!KS81NbJuyG}{c`&8|6P^KjvI9m3BSX;1 zg|DSGDx#j8+cy958R_b&e(MfCJ-hc!>pOWBo1_i3jF(jzGLP=Mc`Pf?@lV{tbV0V_ zYxfVv%RZA!cYJtZ_Eu4G_T6vhT>J2{?cdpgTZcn8GBI3P^x^QYT1THEt9v3Y{+mjBPE9?1>aDp=2U^$gc5kr_Y!T%5Sd)nG=-ir*WAW*s&@TE}!>7J*ymXnZ~MIA N*3>$K+XB)7+X2S@UHAY1 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt b/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..0a1b85dc68062b841567516aaee37b7deebca480 GIT binary patch literal 1016 zcmXqLV*X;##B^r?GZP~d6CB(+$<$iUFhP{KeAq<~qNKQk{SvnVyW#5u@E!P(Ks zKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgG>@_vNSM<*kllvn3I{J;OP>eP@Y+mp@3|$ zt1Ge_6+n(QGBIdkR6_PABP#=Q6C*zZP@IdYiII`vT7%E-+~{wv;px*(Mep{l|6UzF zJ>SKkaodSs2Q>Gu4{X^J;O|ku8EV0oJD0&jV)2YU3tsG7YrJ%B>y-!d*Z-LQa=nvr zZQYsqYKo5~pUCd}cXqb_)Xklm@~zij@Vf9!>%M&^=GM=|<2(0np4Rr$vt+Wgq`|)1 zJw*rg`O_VheLB78oiJYEW^sDomRUdNp5-dIo#GxlQ;YxTjeg#1b{Qu%=I>7uR=m?c zHEf@VX5PV@e=jx#Z#q|L5;K+6c=CteOW%oZFneLRpP6$9L*<5A)3opzU!wL3Keoy$ zoZ9p*S#WcQLULp;@0VEl)#v(K7M`5y-%|2bB=yro-Gfr|x4z2Y;r`3S%*epFxbe6_ z;}HXSU?9sXvjF3@L8L?Z;pWYsa{d{v+}EAB%6d{e>ypLb1R=}EBE}+;y!q*~IfDL4 z@-n?|()xK;1>XMWX}|~4&(FyCpM`~)iRFWVIEb&nB4EI0z{AFs(B{FI3QT$ij0TY) z33-+vg8&1+MLtWssFw5$k>eVerh#$I$e=pCL%>tXS17VvigCAb?0OY#M4`N3P?Y+UeI3q7^^WByErQEA=JkzAfoCzoT2{ z#jw&RA--c;v2nwkbCdKUYBKc9%>j%iPi z7EV9Ye6v=pKG7-KP2~I%+u(&vvb(?AWbrA!oaj~gpmwSA>m5qBCfJI3UYH%3e>6W* n)MIPA@s;WlR;R<;Wo9qh?)br2W&P21jvJfX&+8V>vfBy(dct=p literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt b/pki/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6f69c0c8bca864b23b8ec3fac90b7d060b022bef GIT binary patch literal 1016 zcmXqLV*X;##B^r?GZP~d5E<~YacZ@Bw0-AgWaMULFz_(sHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;148%YRn1%T>^HMU4Qj<%ZgM1X69gPg+ z#CZ)33=DzL!q~vTAWEFq*uc=p7{)coB+({I19ON?24RUgnJEgME&&SVnI#zt$QHZ0 zBD+xmPf`pZI56s~lZ%%PKMCLR<8| zR}ThsQB2sKfem!-1qL!f)xE@MFmIdE-4=i zYkS_uv~zc+%d5b$YpeI&jyq`a{?84zj)IU2+>au+uDN9Jt9p5u-HYalc}vU^%a;ku zMQ&?3bGkh=d}-Z9lk8Bv?ry=LJ7r6BcAMRdR(WQWclDB`y}*XTTjnwAVqYy+syVs% z!?V=eq0fIO{(j1lQefeHI@!@bc#B_6!wT+8WgJnfKDX8knYmam~o!xAt+*JlC^-n|!kSKX)1hD_T!J^W*Y_3gf*7 za>8dfZ<}(<{C;Z7vAWJZp!026Rrr~!pTcG4PoLiP zcz;P$ns@I!4PWgxKhX&y&F@*J+19?_vGvx}Zjo6R{Z9Ben@X+KJlG(}Y~*gh|Shwlsy_3h+9DmgE nd#AN85K^Mn-N{ z1_M7sZUas>=1>+kVW!YvLwN&P5Qj@xEF`tKM8P?=s3bEjGdZy&wOGN(z|hc8&OipF zfLU17CqFM;Avm=tGciZOuQWF)wMfC)(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!VBH z?K3wph1jPTmY9>7qJYI#S65_rDu5hrXlBsFsD$iSMpg#qCPsb+pg0#(6C)$TYtOo1 zDSM&g0Gt z_glWXue~VtcIw{4CvqE?^hArZ6eTv5Ke6(fx?FL`^cHEU|EpC?Chp^Vn4&A{^K<9r zh>qhHGWV60CWd~P$vE*)sJ_^Xmc8G+?U!77+N}LJ@2UI}y9HB@UNT+%C$(BkH}{#= z)DN>CNA_P{o#}q$=!-_yC7~``*e&ANf0VP{5IC{+l}*XNA7RDW?Hk{25HxO?^8cVs zrHr$VYd8}#BLm~&Y=cY#d0+s`Dziu!h&70CCvSIOcZl6cx<3E0)s9!(|F5Sk0VfGr zJ{B<+k-FBcZM=~OJj?x5p48ox`?_hr&MpH!kbZtf#{VoV%uFmF48%cv1r`AVJ_8;$ zu7oxZ##CT>G+;!I4q(y)Mh7E<3AeAzSEK!Z6L-u$!XR+^0)VfGIwKZt*$rM_p#@wh|GNZ ijcKLluk-~G&(?XDPRa29lfcWxv&FgUq-2tU&Qbs)wq+s! literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt b/pki/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..96186587225d25f35abd8be7b50210b726c18da2 GIT binary patch literal 946 zcmXqLVqRy^#58RIGZP~dlSmyS6Eh1d8#@Ol7dHd#AN85K^Mn-N{ z1_M7sZUas>=1>+kVW!YvLwN&P5Qj@xEF`tKM8P?=s3bEjGdZy&wOGN(z|hc8&OipF zfLU17CqFM;Avm=tGciZOuQWF)wMfC)(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!VBH z?K3wph1jPTmY9>7qJYI#S65_rDu5hrXl~HNsD$iSMpg#qCPsb+pg0#(6C)$To~w-$ z65l+0v%Pzdx}eKO{j!_?*$ul)XY1axTjW~o`$&ygDcl@{k+A38@GD0Jt;ipTKKhc>2YPaVVkPxvxT~+R ztUuwX?yTEg_sb-}aDLb!gH82SPcQSYXUZ{-zp0Q@Agb1AecjYu-mdLf(CHmhvlG{7 z|FdgYd|P>*DsR-0lJ%c*CUnIg;OVpT_FFW2CR4OXJOAY@PI#l1%QiV!n4)VT#w_Nq|*{UCz zf2?id>gC^>_j?*|O$}){%xKMhs(fYboQEg(|77ByvD(om<5cNg=8Ck}Y#T1s>xCWr zv+ud%i$~259Fh%w8MJ5GtTHZKaxoz_vUl#6#10$JK;B1HUp38t2n(-Y!T7JFvf#>+2I2hPLY%mW?%*jkq@Jq~1RdCKo%*@NoOIL7CEXXVY zidQ9;Waj57xVj>{Q32#=Q-dZ(C1h_hvNA9?G4eA2#krW87#SJfJ#fs`)7jEnr8ZAL zBB}D)9sX^)Nh-VQX56{ZuN)=($LYu150C5RoqluKI5{4QPugkiVSQpTLyBjID#N^T z>mT1c-+JF*7c|{^LLs*5$h#>gH}l)x-Dss!v&&oX-+%4;lj0v1Khw&c{g(gTl!qJE z^#3;(<$f5|bhq8Tzt;Cy$6A94XUj9}SF+sMpK;7x;pJ{M<8}MnwzY22O-y{Tuq9%W z=>1a;tM6|uKhH4R?qu7^pb~@K1$yT%+|k;2E~;!tmz*d|MRnpoMfD5Kk6vDVq@|)> zCS28YcVGY;K%Ny;;Cr>b+G+xaj+N`CqznPqrOAARGMNhF4hQITJG@ z1LNXsgG>W?U`WdBTv3xKP2brh90!$MuxnV(VzHv4o|ryfB1Ul=fY!Wm>$QtHj9NF@4oBcv)1%^LrDPRTK3;x z;}0Ec`KR^t_4Pf%n{EZiEo6Oe@g_^^U8Zuc?op#F)7SPohy9&*`}MDi&BgJx9q|{9 zwN`ApwWV)6hmxB70nLxcn?!w|{ruB$(%eI!LT4`PulHu9vu3gOMP1%?Wk#&y+d65k zZ*r%(W<6nfqnu}ccYEgjSH&N%)LJeGS}l^5cZ-2t?)d81)rb6AL^sVk^~uC){eMH5 z&XeBzy0pvB_&4cv@U?VGy^=ItVrNm-dT&}r%>T0zd3yPNywaQR?%@5lUG~^|#V7d0g=^U#Q*>R literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt b/pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..fc0f65d0796a9fd82dbcecc735aa9588a3f277ff GIT binary patch literal 923 zcmXqLVxDf$#8kh4nTe5!iILlYmyJ`a&7BVs^i{-nv$(LlfPui$rOfWc2{fhegE8Ux+eIxy?2&tz{4}If3z1b{F|KjDl*TkPIb$M)8*IP208 zAvVino=fwwQ>-dtjho~jaywjCJ<%JTf8$Mbhuyw?{k|P6YVA+9ZehHe!{kzTfTwlW z%U?n3zcMj1GB7UAHpn!P2Zpk&GK++PSc6CeV~dLP9_^qhUbagGibMjxuD3b~jwe|@ z7BLo)^ELpA?wp`x6eJvZD%Cmv6Kb(njx&GBC+ zEG}{U4`F)Wp7<+FN_t}4-821W1<5yCKAi1&|KY)jW4=EEdVZggjPCATb1+@l>EyS# z1dC5iNz5Kb&qUbsX4i>MKHU8;uv=qS`L)f~0%D4jX7Bj$!~gV&DKXp^e=UAmu>7|3 iOMCuPx6c@wZ>>LZ_+NLKsO5d>^1b)g?br5rdJO<0I$an5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt b/pki/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a8ffc872cae3fcb86bf3917a93d68206152a7d09 GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iIK;EmyJ`a&7h&j1wXVrpV!WZ0p* z{`2$18GD5Ld7=-@{jj)A`^J*WXv6G~cc<@sy5QozcCEncs7D3cFX`SbSn+_p;}p+X z)_?E&lHwvCD>~kHQc}zH^Rqi)`}g3fUoOW!zmzL2-e7pIm&YMd(c|3CJC@Uq&I~(q z`nvcVJF%84q7N=;Of>#=s$D(MCi$ec?^^bJvG1{)g4ALvU4w)Udu7{n<}wHFNzrPV z)t3;n)tNW{`O%NApE;IAui5&=^6icM3vc?mI14viv+L$KKK+N??#=Gc`U% zeYwf~@z-M}W=00a#n}d#2J*mAmQ`kvFc51HiC}C|k=~;nG{wtysX&oP;Met5C&BR~ z%f}+dA~IWhjo4pNj!NmZ{}{TTPWL!)Ze^MQA4oqxBjbM-7G@@v4+i2Oz5KXAG&=vldI&4Egl{EPR(Opl*_ zTx`Cz>;1aLQ&soxG%=B6nOatAEq3NtKwW}v?v=}u4+LBMZ{L`18nnKshkN@K<~fCa z-bw;I-#$IQUzhaK#Z@nb;YIT7UAal?ewOU6-*U@k=aU&{`ZEG~J}6|RoLm|@^=IFo zpvW>Q&o2jN_M5HFub6 k`)}mWWBTVZUHin|TZ}sdtTN5-KJr_(=g%2wW@$Yw070B#k^lez literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt b/pki/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..7d0b70611374532bab250dea312061181daa4ef0 GIT binary patch literal 901 zcmXqLVs12OV#-{=%*4pV#K>sC%f_kI=F#?@mywa1mBGN?klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWWb_X1(4g!44N2~kbT3* z%D~*j$j<;2=VEGNWMtUKVS3r`s^^5eoV&H9Bu?aNY<~ZB1NU=|^I2Nf4<>h(|C#)v zx+-#|@ix6Rl1X)`WubrfS}}Vi$M^Pj=kvB+5ese4sQ4UPJ#}(kkF0yjx%q+&5;IKB zU0BNC;M~AubyU;hty2jcYSH7DRTW3chgqlF0_4Lq@P z6VI!BTRtsmt`egT+o#8gR;CpvCv96*{4aHfe)q2Xn{Nb4MD4h0E;jRrlHlS8ivr%9 zJlg;L?MHLhxIorP%Fp)A{<+qyID zdqmEpb8IX>YqzJtZTq?F&(r_%NU!~Mi|y)8y-@bXRm(5Fj{U#O=wi33&s;fo=ltVZ zC(oMfTj88yo^W;AR*jWsSpNLq+rcZRUnP|)ysUoCD~ow^4?7%BsAx&4TX%1R?8}c^ z<2?jUoxa7>S!j4*ZTW(z2)1d*>fPM`dmhq%G|OV@A)cGhB~zy-t>cldT=wtS^eXc& zi`dwIaz0$SfQ4`A&NIa?B#*t#sx)J{=rnP;*X+zK4UgvX?7Mh2lbND` z!)8}kWcMn7JYZ;I(8Q>O>}N(+2IeM4eg>d87gG}>Bg0cg)8z-xNj(n`I9?xZtNs0C z<%($Tn(tNT7;Pt?bencz7WczAvu{<~G}g&^@4aDtfp>16!6YTt<;*(o7PhQuFF$_e zrG3+OvGWt`Bb}V?C?|xrslJrH$z;~s5oUYuL(;eCgu`}L^IkfwJbqug`}M8%Pg1El z$;%GBcV6g!$16!utGRw~UrHz9LE zh|@Q#&um+G_~sR!$%<{deC_Jwt*hRBbF(j$ek~E>uFTJJ*K%p~{j;t2bq-E$-?D70 z)k15N&u`Q&RtlO)Zn~H6m1*g@VEfAb(h83Qe=R>dhhuBnlZ{zE-!6KwGBGnUFfPtE z$TW}#2C}R&i-dt#gGka7J=0_SM_)|5z zFbM*qgOR~Xd2`{LLk_#FmlfGLPOp$>Nv~kop49d5&>`imTFrk&%_J&Jqg*O%{ET-c z#Hck01T;UJv@c_udFH;o8}*m?Ow(KGeKNx~(#>h|cB6pqq}$JLuieeyfxaOvt6w}MIlDo9?4 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt b/pki/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..89eac753f30a25f86e1cdaf7205892c355025fb3 GIT binary patch literal 1069 zcmXqLV$n2cVisJ$%*4pV#K>sC%f_kI=F#?@mywa1mBAp~klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWR5wrsDc}~C^UGJrEG{n1%u9F4EG{X^ zOe!tO%+CwR&&&hrb2N|>=QT7iFa$yiV*>+&C~;n614AQY7}ubHM2j5^>_8SX3!8@} z=47TQ;IrP<71`wqAg=)3(!{8Q?0ZI52IeM4eg>d87gG}>Bg2h33G5a-loQi9*f$ik z>noJD`YRU|AG7Q{)7op@-5=JoZ12GZAJk41O~^f@tQ$0O+L^dn+mzE(r#Pxyj6Qo+ zU1^U$&yC(}^(`fxT%TJfyn0q({NZGfw*DQac*AY!U*i3zuFsI;?fGP}sP((lse-iC zxz+BzYp1s#@x0^Z9Go<{`JsK9Q&1x7Oa{O7-*djNKKCMf_G}CJY1&Pn4z7Ol%Wlud zXob`B-h7>6?c&vLvwySO#;d=D56tVCYE!wW$IYZR!`iCrPZEbt!`o*<4>OD>nH^TV z+;GFJ?(_81p@%v)ZP~ZEt$GKfu*hCBvbK-+*xh}k*F2RSJKGXgLvFfwR9 zi{f*ev~A(E`Lh`GHun`~auf2B{z+0eL1bj=3~o(JyitG=Co`|4~;i|^Z3F-_G? zOsgyyg0DGdg>~j@=w2?FRw2rk(#$_0MsVgQ#=JMZS!J_t&CZB2aO1n`?Ifz+7;)qA z8iw!l^A4|bWOyXLb4!)jwaJrvVQpWuKM{>qqvXjKR+%w)pkJ9IzsX1ga>El?@o=gNxzT~ ze%ag2Hf8Dp)`ZpPP1BF8OU!?u_@yoDuhoa&FOJ^JnaomG%@BKO-}h`I$*F4YlN2o% Nty5U`$IQ+>8vrE$k0Jm7 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..865c97542eecbae607874bf26cee1212e9e74a2b GIT binary patch literal 936 zcmXqLVqRj<#MHBZnTe4JhzxkyIJMe5+P?ELGIFyr7(^R#8*s8QhqAB5Mh0@?yoLq_hCpaxY+zszCC+PXU}$6v;~FHBXgN?f#B!~$ z#GK3&1vEQdU6CEE0P=yMp+OU)60)ZmSs9p{82K51;#^EkjEoHXuHK*9B64`WM~Xw{ zV)MGRD;}4;<}I0eV#Q^@+d+531q`!ig>$cTn|?^{;faHg^lM{Q zo3h0J6YtX9IX}64K4bept%Qh$TN~>|F zndR4a32GuizwIVY(3|pnO1kfg_N9G-{TUA%e_lT1@yw>RLg!pAo0fj#o(Fd(aNAe; zK98BaPB7@Zo;_dVYOR+>O9M6qtX4_0w|=`geWqAMD z>B~JEM0T!{U`y<@NEgbJk*415f^4LI4DLs{5_nL>jN#Dap%ymSS_l6+$Y zXGa4$ab80M14AIRFg7qSh!W>DHZU|YhH(v&Nwf{98)BPQSYl3Qib6nsPG)i?+*(&x zWEU!coNQ=h(8Q>O>`O*g2IeM4eg>d87gG}>Bf}c^*UN4lD@)|{S1~rU71vqsf9}@Z zA3Rg9@A=)Q&K}Dw{NnWadPW(8L`#M*U*CRN!L{tg{?k22H4aKMzh}>#bb;T-P+91$ z{%J$ORo8WY-{PvA$QNVZn5!{|BewSV$GV+MaNj_xJy@INfrUpS6CKl7>uc zc4?3C={IM(eqEZd)jN0UE3duAwk|@`GG5BeUu|<+sq{iZuKbHHTQ=LJ@_hWr=Iq%X z^i1j5$)|Sq(f0Fr7d{DW&F$~9$)A*;xpzsGuc+y+fd z><03{0G3r|kuVTz5c%_^H__Orp{CZf{a$>~@63;~2Zg{1LY9w3j73ELD)Y9F%RMr) zuV1xXk`I1dx^q6g5{!EH2JZ&IG2(6ovB4k_-hu&)^VUUtEbB?gTr z*jRvGWiV*mZ_v00*;DJK8rKwB5br4q3{NHIRYFobNq)fy3L_%Df?6y9GYlg`9jhAC zcN^W+jPPR|k+?4;ewP+RJ zw!JG1y~Q{ZTBKTAj#XDI<@KD~en;n`WM|X7^S=BK!e>o6_;vpN-#$^oAt(6%=3ZDe z{oJRPD<2oR+?|v$)4VO^V26oWUzwQpyx*D|4}Gk3U;O>$ha>i0iKi^8R{iTumX?iY KuYJRQ=^FrQB=G3~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2d1b18c33f4194b5cf566fee2876161f2e986639 GIT binary patch literal 929 zcmXqLVxDWz#MHWgnTe5!iILHOmyJ`a&7lbKwp;G0-b zkeQdRU|5oGq~PpmAScdiXkcIngcimI1_n{$yv7EGM#eC%K{AQ90(C=d)e1|@$xKl| zv)0uW*`*2~ryCj@G%+e6`<9WFfw_s1p8+V&#ni;e$guO}=D%ro!}@k6g={un`Ga%X zToaE2)3=`#z3^XK-^}SvURG9HhKy71-7Wm| z{*Ql8PUXFsr%LTE&$)c4=Ir#F>+Yrgx)gqK!uCmlkENE^7P78buOs|PK-Qw%=9uHs zyDh?%wu|Bq-?uxmx*b2pR=-dU%5DQE3RylDF%}UU2O;P4FS*`K zT~sK!h`I3YvYgrg13r*`en!UsEG*1SEFTQSL3{-k0Ruh*9yYFoHV?*BVDd9yLXHk# z;sZtpBZJr5mD}IdM7o^j>-qL|X`QMw$K!;qP>_R5p zkOfhef>}pa)rCr!Pi!x4I4b8dq3m(az49m8CpjaP+PY`W_msH*`h4@(2ALBHHz%L| zRWM=I=7}!SXIhum|7Ez&uu}QbfnzLReT6C;HrA{Uc+Kc@@Iwy!zb~K7yw7*1y3XU@ z(ORDKI6|Yiu;N?Z(|L!Qzit*4Snz@Gg^axH)!HYQ9|bW<>^`A$>B;h$FN{Unx0P0z z|D3t6fL-?QJK@hyVk~Cwn5lMWw@gO9CA0g5Z3?A&dq>| UC+CI4ZXGV}$a&f~?avQx0H(}of&c&j literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2487d626f7f9d9f3fdcf942ec67f36b7c743519e GIT binary patch literal 929 zcmXqLVxDWz#MHWgnTe4JhzxkyIJMe5+P?ELGIFyr7=##d8*s8QhqAB$iVkUgi}?(*rMFLIBk2j0B-+*PCG*Hx}J`?dEDA~cz?;O*wrDguiJ9T6g$s)`Q(i4!wdgEEaxsQyL^MiJ#M;s z_WnX{Med1rUhAvQN&l&KSiVrZfBqG{sA|sb>m`JO+fHBQnz3$vZsQe=+NB4UxXFE( z^3rE|qv7(*eRd@N!tBL8k@oH}HD&sM~U7jBcHm)<^1L@~yWc<&d{ZEkP;+5uK;!b_IxrzO5|1BefYQ`(`CNGSbdT37# z1lPDZx)yu2cPxtZv4gPe0434{UVzMA0~B#S#6%qeA=XL&*$lT|NVEZQTnv= z@;lK7p1xk*Gt~L+X}Rhz{`*9NmoajlnTe5!iILHOmyJ`a&7^cRIa}5oe7?qGc$jHjT+{DPw02Jq9YGPz$xVFY({)+_Zc}LjOmT2U=tMiInXNoz< zG(YNJS*2N*S!Yjkyl<8!ubTZM+rwWEUQ$kB5O&wR%yZXz(v-N4t51ZN#64vX7n{#~ z?(pi0x-T3C?tH;7_sf=KGc92B-C?HkZI4ge?CN{fsdbHO`okOKr@wq_C7%-U;2B3# z5wGB`={LT(yWh~2{m;wt@2~?~e&D^EBHPR(c9pzW^l>;bTdK!qqiMBS+Ul3Do}9im z)j;*&7MD3&AFz9Dm1c|5cZs<2O2Kirp`U=1#IIge(S575*zfR9S;gAY`ea>YmGKR> zoOuFo4tsdNPu4$^yNBgr;;QR$Zj-0oV~?FzRJZhH9_tOBzf8=G42+Aj4KfYnfnh7F z%mR$g29cRZD>6^p8kZfKxyI$`2EKngzuZ0!P6x7lEMhDoQy1CHKX|?`gLhZWDhGS^ z@Q8a|p$2>){rrrK|5;d=nOHs;h=ceFECL3620UzB32h#XslXIxz=Rwf!1M-;4n~I6 zdlzbdSQW_1WjDWEMP()<@W)XM*Q-}>~*+Zv|+87dkITEUNe1W$)n8hl-CX9b@WaU$o8S2q zM}A>a7tx$D^UQ-^UM-TEw&I-s--o&TDL7Xk-lI8YGcur;&jH#7@ny#GK3&g@F8= z%;ZYA<*u&C?o!h-QPv#^ft#x>fUMG>399Y;l%X|4*#uxHFr_C-r1v)H(edtJhncnpB^6ZtVuXZ z>7;98?p@&pMWzOvIee+_AM9o;d{n%CU2W!*iDtF8R%cImP$74Q{rR3x-9KI}7qyuc zV=r3pM`PJdp#`eR(p7!`7w?Im6Qo?qnHJx_-f3PYTc*y`;<@fJB`JO##UaVo^=6!g zEB@qd;w`G#nSb4A^7Io5^$|aJmc6|1=c*gP6%okm?WAs|mfE;w-rO36>#>Z7E(G-W z#&}9LKNo(rF6$8AW5@Hsrq@1{`zQuanRJ8o#N~gUKVQD@w|9SZguUnhBNHW?VA#qkvq%_-HHa|8TH5hHU8NPL`)yr@)>`A)wzG@DDMFTyMT|uxyl8*inq$2c z(i0BMpW?RUpIq>sC<8u_ett&A|12!bOe`M^#6f%o76Ai310FW6gf8U6kk6l|dP~dfojEdbd8B-_UN+Klt5B_wn8@E{cMG4lAZ4ZRFs&dG)%| zD#K;E`)Uebrt5`zjHlVZ?Ro1LxGkjkowR_iBi(PjFvS6fplxp2?&QGOrZ2 z@80ln)7x#Q;`iKRx%ai$v!Gs8EB4lg8(jZSYpq?`SLp6$bx$Bs;Ev3N;8jyuvd)SZ zc0T=LdFx_B!lOuc|D8{ty}W3uV7EF;F=687WL|y#?|hw#2AZL*W>f#So^lrt_!OF3 V-uCc|^2R;cJ&s;qmvWXp1^~x6TiO5s literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..d084fc7215863e33f2c18b8ba9da9b9ba8f96030 GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iILHOmyJ`a&7ALlagybWA6NeTIcv!$rF!VE zxAW<}pPYm|Z3@%>x$TxW*d7$bcUJ7iz0wDtZ)+)S-fHpp*+7>>1XVdk%TRlkm3j^n_Ni3!7%huKE);n{&IMXR8mHdNSa{q^%&(E|iCVnV0 zdp7a2pndm&yc}j5zXBu0(qHZRwSF<1Vimq^Juf?5u0Vaore@93kM zFSizGeyW-C@fG*EY(DklscC;_@&A9OsKshHZ*SfA6O-PbVR+``SF&VtK>tbmj2Y~g zUz?{JDcqm@Q)21_G11kw|7LD|Ip4O@~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..97dd2e72c11b23225a0dd30e764770eeeb2d1b8a GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe4JhzxkyIJMe5+P?ELGIFyr7z7w{8*s8QhqAB zO1RywuE?%b06E*tpovil*`tiC49rc8{0u;GE~X|%Muzomk2Z!cUe79Vpl#pJPeRkW z^Ezt6%QBJ|lo-yv{5R<_*R}sYFWr?_3)7s_=D2#NOz9L^t`iOsGZ;Rvfu< z^_uIys$PyS=N`Se+fW}GR>D4^|8m66)&8emukO>Ct~@XI!@St(Q>ByM@}8cZ+3q>5 zk5}dMk?V6_$9yQ%@7%H^v|skgl>(pU1GAR~8K%X5_ULu2KCS&+FUp&z(AC?(A~)z< zyVr@EA)9V4H|;j&Jnq3fPqUg^Q*hxAl_T@hXPK+2pK{+~8soDhZQ1#`Ow5c7jEl1k zG7aQ`VJoZ5B4HrbAi^yEbSlGNEz64ar`^6e%t+;8db=B(9%T7g#8^Z&$KQ5jn#XxN zu{EUqMSy-5vSUwntgZK(80tS2rJZxMEZ61uNz?5geiX0ul zbO($MMuyCwN)49+mb3`BT?sD}REiI-vsRfkW1Hm3&SR^UBm?bcS}lK+a&$(iqVjyJ z+xNRKXzJXMw|<&^BX6QX{uLjp0DdM+qmNGt8Njl zYg&nllR1qh*65vI`L+L4da;GvR^5u#H#mELI~!TfUVE3Ot`U=h4P4~B~jP(-ydv9UGu65VUoOpuIFx++BpS~!X)pBEObD^3= U-nqx8WwtM`h*jCq|6++g0H&2+4*&oF literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt b/pki/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ef1ac897e08a3bb4831ce3972b28f6a785f8ae75 GIT binary patch literal 927 zcmXqLVxDc##MHcinTe5!iILHOmyJ`a&7A-4f18*?ZNn=n&ou%Wzx zEQrG;EEbYlT%zEdT2zvmmYJMbl3J`_WMF7$sBEAJQot-M6_A)$8IYfonOv#hn^;hg znU}6$Sdwp~;OuB1C(dhVU|ok?-MgJ9cPP%&c9!AtkwAMf4`_?wSdX-iaXZ`8h^9W z7X7D?vFBCY62EC3S0gT0FSaVlRNvCNuYax0GMP6H?^o~1lKF8hxVYFj|E`DpIgNMg z#0kxzFwOZ= zyhrctakWFXwO;16EvL(uw}qsOT)iiGP*(8xde5K_ob$RSKB%j^-^j$w$iTQb+aS|G z9vHT=$}AEFVhtkh%E~x;{LjL|%*67+KpezZU=c9jGvHz4N@(+7Oa&%B1N5W^j1EQy zAI~Lo8CLLg?mIqhmd0ZJ=G_}-R$o#{)~b#1NZQ5LCwIlT#MatYPbJXf@izN^ZU(X{ za^E~B6umV4VmM2z-LB=~%)jxB%Z?@=*qlDAZS&;6vBCP!T{74p52%DHBN zlw9S>kFQdf#Oz-Be)>+;?>{8h2_2{@?4P1?=sU0M%Ub0hPx=*&+xTCubGlPN2^UDks z4CGJ*1%S#+l9BWp3L5Z(%;gZ~@J%eL%t_2kG2}7e0tvASGaH+j!d#&z%;fB7AScdi zXkcIngcimI1_n{$yv7EGM#eC%K`Bf*k&bpXa0Xe$ENl~&n3I{J5ai};Y-C}e;0ts| zVo82crGjHgNl|7}X-TR=NM!-gudc4hepdhmhPgo#qY`rXF|sl+H!<=v0L8hOniv@w z?xq>EtUma6W{h#Px96nad^`M6&{oyXIre#^gXmrdBGGF z{trJYf8W%S(>&++JV!t0bMmzZWv8O=g(^Ldi%nqzu4ImP^4&W;DKRn5+PaoM8d z@A6~zcZw@jj-JxL?~y(^Giz4Xcaf_%6z1*cZ{NzqxFF49i8)iN+=`~B`@ZB(-Q~Dd zxR&qywo_|3_paTr`|#SQm!^o7knR~ycBGGDsnt+h4_nZZv zs*4ZFZPt2Iu>9j$CT2zk#>LqNnFjK};FeWpkuVTz5cv=&k@WtYsIbby^w(Cp;RiHC0;l@s{2>}u5qlZ-9LMZHetKleOY=dPg3b2vCbsHbNZSL1d` zt5s*B4$aB+deO0NX#w}KAQe8tXZ!p%#;Dy9dG}a}jrF<0S?0?NzI>jrtLRt8rfKT3 zuT3?!`IP?sX)B-GyGXBTrTMH&;qzu%LAtwNL{RXkMn-cQ{6plkGp5aaQGVm0MW5_sQ>@~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt b/pki/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..60a20316813bbcb0fbcad39e79b5c5538e0dad23 GIT binary patch literal 1022 zcmXqLV*X{&#PnzZGZP~d6CiMYb`dW8OZte{W~0=p^|>$^IX@p z7HfQ%b5C_}=xuuJYBFEpXtAR)>w)&L)j3?XzXbXemsQN}PY67@;l$$P-2CL@uWcD~ zS>oqOS? zHK)|R4|Dh$goA$1YQH7E@!hpvr|EN}j`ke$WnyMzU|gJSkZB+f3~gCu76}8f29eo$ z`SxAQzdYaCV;FsIruRgdnwq`f1SiYKBE}*TWxAz1HUDGZ+Tes$y~^{Jriy4d8}Nbj z^D{F3XJKJxV)ha~XNMBUH~*X Bbx{BS literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt b/pki/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..576a1b81716124a048d3486659d8348acdb18fb9 GIT binary patch literal 991 zcmXqLV!mzA#B_K8GZP~d6CB(+$<$iUFhP}x8cq<~piDlaiN)j2<}xTGjCGq0pr zA;`_y!pKO$+0oEIPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZY!WTCHn4+uE-8n0Qtbk(4dJ?3E9((tPIRejQk8haW1ANMn;C6r~b}xX;gIlTh!D4?}Omq za~=Ppe6*J}B~4oU@JoZ>UB=SMT+#m~-sl z-}cX*H#F?$Xn0xfiD>(_^4Yt*HH))FcbWUS3btLG3}qk?w|>b z@~o@Wdl;71AD{5UgqN2y?u0t0p8opR9Sv$XX7AhPpm6+S_eTNK#r=PZ{zy25?wfda zpTU`lwmi0WpPyylb@gg%z7Tad`1K)IUH6LZCw=DLd?>X<`EuCW;LhyTAwP19cLeHK zM7r@@@u>f@`f{y|G59oXG0i$nU*sX~&M`{S$A$GWL3L^$|FA$nvp>v52H`F4kw| zesTSjuE3jjOpBaOrYB!9-~;LBXJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`rb7cp z17nbcAd8NHR-*8&IgDe>v0=a(VJA~5L!W08@;R)1pk z`5D)jyy5nHv)|>k*5%e!veyC^Ex35==)0M#cT6`wmTt?SSeYSxz#_r^;nAp2zEwgO zEN+@>9hLauGG}>yRu!`zGh;}^+%&m_y45|w?b$UhpG^;~b!A&tCSjlVa>``p*2VTa zWzPonU0!}!sxfN)pYDIIt^(Z~AAkC~;K^LACN58=sWy_YHrXAuxl&P)TDZ5VH_74t z1^Hd2JGeB(+$<$iUFhP}x8cq<~piDlaiN)j2<}xTGjCGq0pr zA;`_y!pKO$+0n>APMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZY!WTCHn4+uE-8n0Qtbk*r16~3E9((tPIRejQk8haW1ANMn;C?-#5>0dOJC0j}H4whN+jc z?!6Q^QEq-&_gD1xT)&FGBiSrQZ#5aRnmKkH-^0#hRzBPPr~qf%hv-=v)AZF^6$d^HX?H!xP`&X?I?VNuT>NIdex4i|}T*Q(XI&*BtY1zsfFCvTBl0Kcg9AfWz)j z3)_BPa!Shnw)3Yf|1`_HnRApknJkv`;SpYB^Xo-Ytk2a~5_c?KUCArE<&??9%*epF zxN(|6<75MQU@*%nvq%_-HHZW@oc-ll2J(%vka%)+bpR%^l4PV5rzppUFOvex1z(6wF78gQ zlhaf*7JIQl~|mSX4+Oxe4${NrLppQzWHYDk9|s( zryg5<-F+w2YGGzS$JNI2eCI&@es#}7dt^>AitoNW;|VKMdXinC?Wya|IzM;5Te4&G z{*8wUxhJ@6h`k_Jd495PheSb_^_~@TJ}#^eZT0L6W7(W|=~SxlQR%^&3_z0szC8 BcB(+$<$iUFhP}x8cq<~piDlaiN)j2<}xTGjCGq0pr zA;`_y!pKO$+0ocQPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZY!WTCHn4+uE-8n0Qtbk)S!t`3E9((tPIRejQk8haW1ANMn;CO4}95sKAiV+bT%+@Ys~80 zddIm@zWDdIXH8u(<~$EtIG*-~YKu74M|5l`T3zJSd3we5u&q~LEB}?;!Kf(Ik-%xB z|5|EkYvk(F@&-TV`reVStF=r#mG-FZ<>l}VZl4qv&wVa!yO{Groy$Istua#XR$t%_ zp31)I#e3T$=~E_OUhsUUc1Tc((Y9?H&esczo?TUJ{>#Hw^Ih7H^Bu9lnL?H|?lmW_ zDW2$JPV}GlaKh{rFM?-?vdvi@clC1EmJ{wZLC2!lZu{M@NLia9!+2nk`854+haRS- zzZaUZ_n+!wjVS@YPk)`~t-qaB_2d7;y!GbWil_KanO1Lf>r+v4?JottR3>Id2FAsW z3k@3Q8OQ^JSyq`v!a%G+WY#WA-&=~M>t8t@w#f;+vBGs_{bF$HkmX|$V-Zp5-uyUf zo~G$b#$4;PSJskSKPOos-H z2F4%>K^7eYtws$@-O%b%Cdx_}16!S^Oq%_@j8xCjFW1 zzGE%wr@ylmR;`+R>iPpV(c_`_r~RC~RMPp$2M*H{S<9z;sA<;B@ieL2!62~ThUNSf zo|}_90=KV6YJPk;(fcOcL}lim=m)``7Ixd-szsM7NUS~D?0T|N>uH|mH}ke{5nB#g K>MCU}y8{5^S9oUt literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt b/pki/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..0a4e150700fa7c754cca75eaf6a32664a1be50f2 GIT binary patch literal 965 zcmXqLVm@fl#I$k&GZP~d6CB(+$<$iUFh(A>Zjq=1=6FDO4JC%-JUNFl8#KUX23 zC^N4lF)1fCxCF>bS18F>2n}(wfbyIj4dldm4GjzofzZO(z`!6%oY&aE(8w6ZH7Fs` zAua|^5QkWYCFW$ND8QYA-zBcDU{5K4ya#ko6QdGxh%mA;FgG#sGXTZ8n3@ zwJ)DdVf(#C*LSDN)^B|so{=l0mD@N=SDCzW5!-H)a$$4k4-bYx2yZ*fnDF# zj@AlF%w9f=J0)4Z?4^bv@0EWQ4^vH3R!doz-Ha{0_5At5_~(aNy)HkF;k8<+hfgl_@TW4A4oqxBjbM-7G@@v4+i2Oz5uD>YI({J5d$%QW_NNnx9RH=6O z;XK6|o41yA#jIQr{=}_j6N8A4o_FmVsjTA*_cr$wcr>u>c0ZN3Pk(jej3nom_UQY&=I#zQaSt-^X+IpXEc3l~9=B@?kAv>zOt)L- fSLpCx=S?`6BqDn2{sb95tN*Dh@5>((EYt-61aE3G literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt b/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..16968ab59b17dcdfcefe4c9fc7bb1f7546f092bc GIT binary patch literal 939 zcmXqLVqR|0#MHllnTe5!iILHOmyJ`a&7eGujZa` z+8lC;Q(gV&wekqdCHsz@J1ir}2P{fSq0{-r-xy4O}bxi+z{XNN{$_@=im6Lqz|DEyoFd!Y&2ElVHaTPK9C7z%{U zlU&xvXE|TMNVX?vv;C>BKN6NU2G%T}nE6BW#r5LPRgxNW>aBJ7!rOPh`S5l6g$3uH zn{J-GDJt#j)_oS2_OJNs9SDtBN>^ir(*1b~^ala5>uv!|CGZCscSD zUeju2VrFDuT%2u?365M@Wflnou?CSI);ss>Qf?>hyX_sA(vy{TBWCepaPpAlV-aH! zxw&+~(U;pVp8Mu3blp#2a?Iz507e5oU`)yKGcx{XVPR%s`CuRp;w!KS81NbJuyG}{ zc`&8|6QTinG6Y5kBZKnv^Aqf+X1ouwb!E8S#ZwsrDfMt+p1oC zC$hTw_@vWc*aH5^Jqt^j`>ELM{G};N)}Am6>k8k=>GAr_WZuJ%5A{y4+kN*_ype0y z+B45*T@}?h`9x~LDH-AWl4{q@Q;&2fywUBo(p~oAT7pZMhOW*TSBd$2EX{gC*S(A) zf)y24%r4D&nQ_nZbn9W;o%{YWL@>FQ{r$Qj^l-6gzV`3;TCPP*K__>~${**edAa&U z;BE)esXLlZ7k6&h{5x&No-6^cc@kN-A0=?zkZm0NDI+1poj5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt b/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1516f1ee703deb808b4090602849b568994e0187 GIT binary patch literal 939 zcmXqLVqR|0#MHllnTe5!iIK&CmyJ`a&7TRNw#~7Jv+^IyUER|& zFF2-Z@!@;xo)^BnxhqX>>eI>#3dN7DKEFP7*FXM|>)k_JH3iNVnm!3Ad>QK6m44&l zezwi>pVuf)*tYN8ZW&drh^r}`_fE#1J9g9N_eH(LVwEHf+oe-_LXMiwJI?lR6@PzS z=HKsm8{c=iP3*aG_ekZYWCJ}hjlS>KGUev&}HR?ZZ@`eoI$-*+u4|6iz9%{AZy#*{2SBjbM-7G@@v4+i2Oz5r1}?-p3b0 z5`Xq~GS<&ZUGevW>CHaJ0}o=DxvfhKO5}U@?2^t(5Nta3qL|M~{B-G$bD#a5{0lGJ zykX(X(%5Q6t6ng$v?MkYn{19<5&utlS<3ALpI#KOe?Nmba2ss6mVJK z{%nrTjY{^%PXF_BFJKFeap-z{dBOS>wp0BJl5ZOvpQ=~RZ-3*puIoE}U&ey(7jCUy g^6$alP>v;MCRWWa-YIzR`=*b&#h*`BNxbs`0KN8hng9R* literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt b/pki/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a4385c1d959fb0db9d56ebcdaf99f6e63bdee257 GIT binary patch literal 949 zcmXqLV%})b#58jOGZP~d6CB(+$<$iUFhP~AWkq<~piE;BD9GbytqAU`KFxzabW zpdd3Z-B2OGP@%Xq$=T6BPMp`!z`zg)EsPBe45Gw&jSUQqjA2}Z5)v(TF>r!dY#o-E zlbNCroSKuS>see}nwp}3%_$15uE@?;0QtwO z794$2J9AnY@9(D@Zu3n2b;>Z z`*JJQgNl)UPycRWFrBk>QNiu|9+&F(z5A!{v?=#a>6)ht4m?u-b9kzb)AwsO`#N$v zf}Wjna^c?QyIz<_mC$>#q%$o-z447SXsF3 zzPI{DldDVPnYEdi85tNCXB%W1$OA)LR+&Y@K&(OJ^I3NLW`oPenUZcjJC(z@bmO*$ z)8K?6%f}+dBBI;U@;@g=n!m}#F1XG8a)8m3zgrCWK>GO^8UM4eFf*}yFc1gv6<7oe z_zZa1xDwht7*l~s(trs$I)Dih7#)lZE=v#ZcgpGEvD@_RsA$m1sM@1h_2G{+^KTYE zF3tfOaQvyY|=wEO-&?YcKM`e4-#ZZog# zH%lKnF>k-VASuwg=SP9+CYQ$(l9P{nZRRrJC_9;$^?cRR{*K<6xBtBUZ1mx9{JC(Y z)e|)J4nOp1OLFIK=-@m&@o7k3uilmKO6s=+0;ik#J=7}np4)e`^tH*6!}9~2{PS-I mUe9Z0^llN!}Vh-&TD93U6<%}LYs zEG{lhO;Nybfr6_mvXd1+elRpOXkt`C_BJCc19KB2KLb#li>Zl`kzvbuwkt2&J@prT znSDPhFzJ3=v+}<3japx%Q#~SPKJ}R)B^Sb-=vH9-W4k5avlF|*>WtEVeOS@Vd(tm@ z;`XOIZ{3Oy`yY5V#d3?E9vou|JFNd+4v+=X*|f?NR=j zOw5c7jEl1kG7aQ`VJ)l7B4HrbAky%Fcku$gOQ~!@fg&@0;c~o)1_nS-+k0 z(K&5*DtZb>wZ-l(o8GO7kER>V)AsIZpXI~k9J*lRzu(78Z9CX5H%c6x>7HsnS5o7f zlSN~3+DYdh!H!zuy_K%oZtKF5`4$OnOwya#n5`?3aCc$<{%gzk>`lm;U%t~+>D{8` z<@yzeU-4%5o~`t7o2&XgzHCAyzqG?8vXV|;1qL)xiS-j*+Y~b c&6SEanw*h;s_^Hh9X_iWCRE%M^Z2m=0B|{EL;wH) literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt b/pki/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..ed346760878c83be35ac86cafdb712f0b6890a87 GIT binary patch literal 941 zcmXqLVqR&`#58dMGZP~d5E<~YacZ@Bw0-AgWaMULFbFi{HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1At?lbjt5-bIbwzfy0>~SN<_1lSO2|HEWMyD(V&rE4igPhFF)}hNtG^yA?A*Mv zVMop9SldIt>)$2?Tx~qFi$(PN%^!AepOo~5I=qvav^i_`ql1kN3F&QBLT4C#RZA+UprT=2|JM|!r@Y6hI-m1%YF*Do?*>;Zi$IKH^yh)}O zSEeTfynZ)h_Q&s zJ-;u&^Wj42O3qvRbT4l+n{@E!WCK26T*>k?GX7^_VP<0aU?2|SE3gO{@EP#1aV4~Q zFs1^Nq5&gvbN~|~Fgh3+#KO81pQeA?$L^WHHf!Zt_5Y7}TT-4d+a>nR>D(72?tFJe z(fRhNnU7P~ztj=(i4)DAD)Z#cLe>_wT+@gX+V}F9Ro`D#tC?wE|4A!Q@<(g(lcwg@ zKRH>KH$*WCGt|8gi%QnBVt;PyuXgmB#{bTvYyGdxWp)U#e%CD^dvx}zeAhrrErBEJ zUxZ0EnsWPoED>lrWdAdEBlo+P&EgfazPN8;aXw>e`R?&9<5f5Om&iXl@b2DiW=Yrc z*I1A16nvc+yiZ`myA>C^ETm*LCjX7=e)QaQdEw6T)vntY82{Rl!~OT^$?h2rhPC=k dipux?dTrmZusk|`(|JRta2FoO_2q4P^#JtKZJ+=E literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt b/pki/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..44e5c1e25329a02e2df3503fbcd12389e4f5db1c GIT binary patch literal 920 zcmXqLVxD5q#8k6@nTe4JhzxkyIJMe5+P?ELGIFyr7z7z|8*s8QhqABsee}nwp}3)fEb^uE3aDe zYrV_=z11@Ikj$~C8rv?Ke0=k1yHfaqs7E|@agKoOr5%O@2p!dd2~DqKJENk?*63uQ=QM{1?ES6w6)>-d64~>zit0@ zCT2zk#>GJf0S5BG;FeWpkuVTz5P84)){Tb^hRdDB-W@69UH>NcQ^G=UB9Y}|5n~bA z+f@I1cL7(wq{gWrrYX7y7&KnbG2jE~=VxU6&%(mY#PR_-)PZRZ80w4+w#P#jNFA_V zaESc@muWS#^NU-}Z&RM~bUgfWA=gaw{N*cMO!q3bw43LvF?FnY-x1YfsH?XxXNyf; zdDfvJf_#%$uJ!Jp8(#g^ z&Zv&v<#Fym0SI$#yJXi#QN9uac(c!-*Nk)QC4@IBERBEt&M#j_RnWY;gC71 z;KKGV{APb(gr+!6eaYU)f`<=Gzy%Q;_%MxO73Rx-9-3 F9{`9B(+$<$iUFhP|rXIq<~piH8`~(u?Q%EtVkg-FGayQ z$Vb6DwX#^j+0oEIPMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZG7{}~GjM^}ZyT1FlbNDG z*cGm>C@uu~%h1xGiBSnTC>U88n41{+8GzzkOihf83@`ZKW{7Wpl>cPI;tjJ6U1ArO z);;i8$ZXD#SZkUc`E23W7xVQ08?4e#I(a@as4~61@cSRnW9ON;wbov>ouxLdE#040 zKzLKJO!BJ-k7w-2?pgb5hTE!*+j$=@%@y5x@%5Wk-!y-7Uesg}ZU40)`_P3I^Ru&l zHJ4u7A;_f1ac}FD1DXexU3YN4^4#axqE*4?N>XR;t#ORIH8VzXuJ1E-&zWu(3)1>C zx5%mg%9fRjbQ2A~wJKhFwHD{wBYq}6qUAPgcr%y(D*T#Q`P6ImcD+~uW2X9?%pW4)@p{3&CKp@gQN=cn?2z@_V#fy zeg#+O)^waoWxjfS-z)D4&Nu&QMrRnjH#qfruf;)O!+RGD>Q3c6iu93aoFu_HbB;~u z!pe!AQ^T^ePl=qIBW=7m=4a$V>0FKLm)$B#xr!&WR`x|1Jl#2C$Eo}I!6Bc2H-C`b zU0gWp&&An~*0!!o%-zVb%67l_!jewuw9}ub^tUYj(Z6wn-IgsC%f_kI=F#?@mywa1mBGNpklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6fqD2DPR`n4k^!9a1Qb*R&aJSkQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAcjO+bPTj0wkU@s=47TQ!0mE%MRt<{$dTp-O^iy& z-eP2BU~XdMX8?+GF*PwVGVD})rNw1Ar&iU8XTIk4Raf3Kt_!`pxXIMZZd#!IrbP)a zudWYEDlmMIve^IY(+2{%%~StM^SY4kHYq0&~ z{J%%DCI2jyHe^nU3fcSgNvUU>^od&i90fzKHQ7^BFFxtuVmcZA>D-jh_k1JH{5dp9 z`dr==zfHT9qCP8iI`ki6_j|L9SFTG)rTKpC$-8WiYG*HR*zi`&qO`_KbFWfCPg}Ri zpT7$o9-R1I&C|-Oe5F5ixy|%T6*CWP=J2_AY}uKG%Ppn{^WFTW{dntf*8K^xE3eur z{LT9t5;te-wSs5zHxJe=yVY-VEjGuimf41riJ6gsadEamrhz;#RArS}Bn-qFLkInjqJ|Ic!>jdKY2a)z_3iyd`9km13r*` zen!UsEG*1SEFTQSL3{-k0Ruh*9yYFoHV?*BU^+8EPi4U9U}Tt?{)7KqW!3q#hdkd8 z#BSYQd_w<1{lTMeU1vp#)^1N{eJ=b|ZDn(Koq?F!yWfXeulT8a|NorJdy3eP(2U6f z0e?PhT)E8k%+GCG53dqCaXsu##%adAX`A{y)%0JNYIe$&@dZk@GN?Y>aQx+i5{<`_ z8tay?T^YwBq^Glk&FZE^OHYWay}YGb`msn!-rFZ4ir8#f>Um5ng%<@ohe?|!W;9>f zd#&O6$C>OLQ=d(BOUOKuu4#5c;lSHRjgcF4of$+|_oPnNKE+hnEtNl2WXmI?Fpl^8 zVp-0f*H!l48TWdQ&zd$1)slTDV>gtwsMbWTK5AxK^m$g={6n9546jY=t(!Cp09A-q AqyPW_ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt b/pki/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..be8ef42f19a6dee9e656112ba1eb9aacce842772 GIT binary patch literal 994 zcmXqLV!mh4#B^){GZP~d6CB(+$<$iUFhP{BYBq<~piJTEaf)j2<}xTGjCGq0pr zAvDO-P{G;JKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgA5XFv@kG(*r*?tn3I_TvPS{k zZdX@irz(KlZfs)E#HfVqT}D<0<|amd2B0_>QxhX2!?`E%-w!4fAAQa6wEyxSp&!e_ zXRYa&6r=I&&%9}j-EpgG)z6a~O#(_es7HQeW%=x5rD@lIk%JaTP5~}9! z=gP@5wrMu{&;DfCG$S@E_~Y(I>GiE2L|^YeyV_EJmP)GG+Eo#E4ZUA|d-zLNf!nc7 z{>fy^iPM<&u9+_9V)~_Vb>LP{$paUfnU8?5!+&YxkxvurS}x_Ub}Okhj)+!^w7hi|o0M9}UiDVrFDuT->b=yQh^Qeu7^{*vfknW8&wz)GE1}JUF%_5s4Hyk< zKoWv1rUu4sh8ZO#1y=g{z{FKjoLW?tTBHYJCL<*}z4ZJt{mi_S)C#?flH45R=me%- zV01Dv1h5~_5w3bLRXXqB=7|%Eo+@zg*t4r>#T*M(P+uzYP*U*u6{Cin533$L@0_CF zVpNy5=D`HPh=2Z9M9VX6Cj81>;$j{6@1V_ppC7qLPJek;7g4zL#kUoyO8Yp)>=Jx^ znG4J%CcZmx?n>WrmGAufZ(KYTVx<+Ft;;xbg6-T3wI?!9C@@_)%a_S_+bivqrEi^Z z{c-c;qm^MRlFYyRIh8)&xbhRLwqRS`;*2jZ4(aE38HX$L9&1uvQJ&Xbetn|O$>a$) z7_P}KSLW1G{IYh>WaG#{*?*U>^v_=^Ui3|9(Vq|g#T_Sh$E1C2o3Q#@gYWMvw|E&V SKZUqB(+$<$iUFhP{BYBq<~piJTEaf)j2<}xTGjCGq0pr zAvDO-NWt0BKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgA5XFv@kG(*r*?tn3I_TvPS{k zZdX@irz(KlZfs`I#HfVqT}D<0<|amd2B0_>QxhX2!crS1=ueogOXl&Ze@iLdILr=y3velx06OBG>xtVg8{r-pi zF3uktQWw_uB^k&iD27yjKDx?c&A)vm$NMebS0CGcI>GHy+uIz)=F64l*)i|#IR1)X z7Vc17$yk_hkb`eB>->vr?#jCTR(U7y5zKx|*rnl7;VrE?xu-MhO^p@T&)R%vP5b7i zo@quNTvh!t@7FTuxE>X-y(_Nw$SdId+sFdrx)nxlet{dmtLrHg{GBJy9%|fjFVG{W z@z@%r&P`9Bo3}U%9PvxtJu%?y#aNY=uJCsW-|Kd+m;F;Z-)vHFlPnW6BLm~&#wP@e8#NSjuick-2aTOeLv{`G*>eJ%|E-+AYDccErm}7eH$Bu9FtEu zGzZ>)amG$nsej6mHR24O?aynBVs<{?H8YQ^_(s;2Gg_?kodS~oKHep9Q9$p-gUb`S z-p0g>RekOGdL%QzBlCVo)Y7jxq?eA^doF?MK|e&(>(UL$?O z1eLW`hVB_c7c}Kt^wtZnd&II^%Xj(#Us3k|vg$t#6dk6yUNK#M|5yHdp`W|@S5`!Y T>m`>{YLH8e0V1VRgA0|SF7ab9BsLnC7t*Psm5 z4e|!E5I2a0fL!2=?gB$M0~d(>wqc1mnJEgPA#N7I5LY;ZT;Yl22w$)xTwRfkQ2?21 zXlT&HsDvCGjI0dIO^o~uKyfanCPqevyL-<}+SL-|_N+kfRFk;JX6sm$Fzbm<-JDxH z?@fK;baU>C3FedECT}aYykhCDx#G1e)4Y=}Z+0eJd8YU|asHl#yBnu$IV!{OzpQfa zqnjH$@>b=4>K5KU_1iN?v9H+z59*$W9`yWB%9$T$dcM9(j1VohF^% zL+czX`c-$bemhl}QXI0@M}3M>=?(w9={Hh$U&~dTKPAU2hCN%$Otv&cr@L~IP20lN zPJ$}8%{|p@i#i=`ME|U8ala}x{aW+`q4njuTzTg&DJ2)r;Jp>na`JDp&IwRt8KG6jyY)RQ@$TcLlwUxnhUIwy#k~$ahRN15^`iBYo!IYlo*%p;Iul0BIt#NVO zw#Z8Pez)q{BF?o*pPRZDbHp9~(f;uV>x!N47Oj}@QuTfEpIN)y4FV)zh}&kHk&=??L5Cq zq4w%wxAO;YJWzWUG`aqpZ^drc`(8#SAI~p}W!}TWcYBuLwjFww8nM%!+5K`|#akI_ z_}b(29M8u;zb{YS9{yzKD;tAF{=05()!=Q_^6p;hbYtUv&zLCPzMoz*8Y0g|%qhrz IxcJ;$0Gw=jI{*Lx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt b/pki/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b14d789b5dc1666a530f10a0b886505bf1b452b4 GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iILHOmyJ`a&7}Vh- z&TD93UQxhX2!y{+Kdp|h~4sUW3pVy~XdNq6f z`2(gq=bTy4YMRXcKPYr_>&?S`TSE3P$+30ZZgHD!vFGeAdv6!E86{qBsi&lh!{-5G~^7#4#7bU0HEYdZtV)(tNt;t50MdpkC495?~ zZfpKkUz?lK5Ov~2PTK^|ZEUqmF9+JGif{kye7NIMPE}nEL(Y9!r6po{j0}v6vkfv0 ze)i>cQx;(d_zPl8W=z9M%_#yI;-^NgLm$kuxy%6sRD^E}so_f+(f&+B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgK`qBaW`;D$B{41PpTwu)Ggu#c z5^#8*ZK~b6mK*!E7KSCQPX4E)mGQCW#*DdIE^1Z3X8OC%-O_&W$LR>3)&{m5!@nCc zT6fDQGBGnUFfOh&s5X!X2Dq#;i-dt#gUFNG_=_=9+cTlQ|Y9RlX;aAQs zA6?10QzT1GdG4%VSY2-)cQm&DWRmwA-#xo*3JT5E#U=1+x!AU>(B^u&E?jQKyH#0Q z)Bndu#!kOl5VFH|!`r{VlPa8Ff82C1d76hp;J42&H(Gx%`e4xYj-&g*(cMjJPHlR4 x?B%wFug?8We4=rY#lwxAv455Ity$9;Za>SYwOMt&?98fp0WTM9=K68*6#xnEZ^-}v literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt b/pki/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..4059c017a744057b8083a7834941abc563b98b98 GIT binary patch literal 948 zcmXqLV%}iT#57|8GZP~d6CB(+$<$iUFhP}4viq<~piAt|vqGub&muehWrF*C2E zSivtJsG%sc1gJbm!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZLK3ZZG_Z$QZ4s83 zlbJ%m0j{pdu2%qg$HbtCQ3*K!7+D#Zn;7{SfZ|+CO^l2T`=)$7|6~cvjvb|uFJc%C$Dn_r<2bj!2B?c~lJt8EP5Hy=5Yc4rIc+N-&L zCOU63=vKMCcUeudi^{LNk_))iEZ7oHrIkF|;>XN1Gq5Yy%Xh*bx0Me>PG;Xv-C@Of zz1+c|=qq1Td8nc3{T4o#JGcI@-_V_UYPF7K`t$E4*|%S+I`y*NS=cn~i1Irz4|6vbI-oG(UlmB+bwc^F|6TD2!j0}v6 zvkfv0J@9lVpf%Nk;GX7^_VP<0aU?2|SE3gO{@EP#1aV4~QFs1@iqyc(* z1V#rVgOF@=aYYG3s`{k0lQ=Dv-E-eA>`0Y!ufA5*UYc3;=EIk?l|8+se7{p$=C}KZ z>Nx&ox^ORIYPVR*lDX@#ovxTI&kv3@rQ|R&g$Ie%WtLy z&r5Edbuq!bzD7-JIhTzR>w@lJfOni)TQ zP|Fh7eoZeX$c16jo1*ZD*HMoQnJTY;=(e52_B!Kwc=V&&78`l{1Rnifb@OvcR)}c6 zT*7|^r41{#`MUO3-*5kN*JAe3PpcbUe!Lb=oGsF6f2K2w*3_J|E4LI4DLs{5_nL>jNSZejk+yp+tM)Z`N9ARh&1M`Hsy zab80M14AIRFg7qSh!W>DHZU|YhH(wzNVG}MKnG+Kv#@GdVoqj?LUNFgXK`_9YLSAg zE3(5BKrS`1Flb^_LiQXZD+6;ABR>OBoQtW6k&)p*5$nzAGGF(dn!SE{biMxl#@0Tr z&wgpS+w`sq$*WIyk3O+%kzMrtV@vICbWO59VU%}7Q`NX|!z`w3r^wwp>#BoZOiRwY zx1eaMNupHV#rRVe=d@Xze{1c#xFPhb$dt%sh4Jx7EH=@-3S;7Y3wq z>K1AKUf8sH(RZ%N0>yh69nx8KrmYrZX`!GB7S~VvGfb zNTh*0Fl=R&S%A^mAmTAOr1nUz!GGOw*Fu&1KCJV-7<9quK$ee1j76lmdS-B1%Eq0U zr{2tBoO?sTqCoPr0Ut;|KO^IR78YhEmJbHvAie^NfB~NY4;xoPn+IbmFvS@#8Z^EI z$;h)bJ~e23WYBnjL1W8;#>OS}2DK!n2PFdqph>`#CyAEw5Glh@(?A`hhFMqvrbYpj zJk#=v-~!O(x+rW(h(Qqboq(JKf%yxV1Q{7}S8QnzE?DzrqgP-xPy zFQp3>_fCs+{h{BKALnt}k&E|}TT#=4rh*44eDUv#!v4I-|HQO^+rhNA2iGo5<-IDW zC;siUee-njz|!9p7CB}rYW$0O6dKZh*}L(5d{w$igI6o&d)t4Z-LwTmb1Y+I$YuIbr{WfvXhq)*x1 z+06B)I8u@Gz}mYVi?;BsWoDnPWHwc?yJ*73Wh$ydvsU@!&yLzI|MKU>XUtnn-tKT+ pq39^n**xieRjJj>HBT>HN!icZDL(7VgBuU+cQ!9QbYI0F4giw4m#hE) literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt b/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..b10632b2093202d3c7f20951127be77e600a6f50 GIT binary patch literal 1065 zcmXqLVo^0{V&+}I%*4pV#K>&G%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDc~07&&*57EJ{r-aSrlPaCS5{ zkQ3)MG%zp(LJMO91A{1WUSk78BV!oXAdWBFBpdKINFaU^wc1`JkufMR^gu`zKyZ<`ggeDE~J6M#G|MUp8#)-+S=z z#0Tfi_I0q#+P-e)4J!frj%9y;+X$P?+Q^h3Ror{rhvCqdfLX~4EagT0{=AWodsBNe z;laXtor6K^;4Ys z@mp2PYp0&QvdFum>PW0w{UgQ3fE@dnMV(CVlIQrW=KIo}ercI~Ia}_A{}M~Jl>RNe zeTb(yvZM3GM8n>*|8}g#9vHN;$}GUxY!LC798!BE*WkZyxND)xeIM5OUJSb6WFX7OBE}-}f6ts$rJSb*uf{@b*FcSdN2_u8FQHQm-y9&$6bAC#~hrK;s_0HV!g?+D8zrx+$M_Gy& zXFlO!T4P^UlG{}~ebSkB?(6J7A0)*8pT%~6=j=0Y0~gNv+z_)SP*wT=GIk!tGBy4+ zhGu1VKR*eINfy0#%zU+^!oHanmg!3-R^7BR%HQ;nwM#5BbJ4ynzP3Mjje1Nv4xRs# zeQCm{o8E5W53Q;b7rLKHdXtbERq+1A*MmF0w?vk$c8i`I(ZQy#AQSi~OzfqA->r8q zwiX}f<#bCk`2Fl($B~K8kGdSvzq9m@iF1A*OX{i~p7U8ej$B8!oHjVUOWrwa&0;V1 h$8oRQIQ^2Z3D{X4(r}%d$i3m6ZRV$v*L#-j0|0N#gY5tS literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt b/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..593ef98e3508a0ead415308724ce1d0e45e4f010 GIT binary patch literal 1156 zcmXqLVrejFV$N8=%*4n9L*3_J|E4LI4DLs{5_nL>jNSZejk+yp+tM)Z`N9ARh&1M-u}% zab80M14AIRFg7qSh!W>DHZU|YhH(wzNVG}MKnG+Kv#@GdVoqj?LUNFgXK`_9YLSAg zE3(5BKrRK^*u^VkO2IeM4eg>d87gG}>Bg3V0U7YXoRCm3O-F=1A!BRTeN%d2e zh#%Xj$y2=cC_Q3%wDNHBv{o0UmxBEE0#j^$=DxVTX5GHyY8!ZzmsYRSYs|cO-TLpz zsp6ZmCnPYfF6*+RZ z^!{7D@X5PZzR9XdyQVB%V#>7N((J3{jl$v_dVgJyn)T+T{m+1&V26oXjzP{5?8VNm zTA3S{e?L~k#m~ix`W@l8vt0I9EOFc8d#r zdRew+g-43cX#+lxett&A|12!bOe`M^#6f%o76Ai310FW6gfJ4g1Ob<#13P6*9DNhnDN^2B2?FyMFbOg;*m=)m5&63OlGB9m=brZD7?=IZTYTZ=r5!CI zt4izkO=D20)>V;o{5ff^!HM+?-X!mlsCx1{xy1YCVvj(sd~u)M5*d%9C71g*Tu*a2 zyq^Ei3WbZ+S;@(K9;f-O=5TtgYu*3h(7#8aqGHXrvZS)UF4)Duy*@o!eaDH7GyG@p z?YZuo9;?3Kd{<+oeM6dF+9Qj}?OuZ79#)I{Cl<`@`qw zB_+ni>C4!4x9#=L)&JNoVJ@0&z^$|1ZK;6a|NI4IH}!RI?Nohx{HVBxYTzF~m7B%~ m*~^0J?;dz+?$vA5VQX_Q>-ssv?#$QX*2_h2I6f-Aun+(!=982F literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt b/pki/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2ae810abf9d9921c4f6b0766a07288a82dd30912 GIT binary patch literal 1134 zcmXqLV#zXSVh&os%*4pV#K>;I%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDPR`n&&*57EJ{r-aSrlPaCS5^ zkQ3)MG%zp(LJMO91A{1WUSk78BV!oXAdWC=~IAmmP zU|*co7c=RY*X+`C}CaD~P9f2*w*8=N>J!Rj&d=Hcy^C2GztzN+=F6#P{&bo~(I~PF75LHa#na_t~D$O^$^#Qa)Bb)n;O5WMEv}#OMwT z5oZH=VA#qkvjC&BK}7zfLNE8?9Nlt%;d@SBxVPQYDl-J916e*6F&2?&FN#lJtYrMx z*{`@z=cvRCj?>NR27Dm>{EUqMSy-5vSUwntgZK(80tS2rJZxMEZ61uNz!Yb|XwY~a zBqPt#c;2A#j6vhc1(gfRmy{Y5lb9Ny>5dyc-I*F{8mI$p0H#OBDerF zi7xV4;ze$P$FvwZu>o@uFtIT*)O}meG1;w5^PBrdhNGq1ob?|{1`BJS@%Z`m+|q`0!inYA){fEjtSS%S{#5PiXNIY3FCX zzhbS{g5_V=Gxy14_j^6c;@Nwc|AI?s<)y9f!d>3AsXDsHANYQ5Z@KJ?d5dRuE=}#X z&@S_DI(FyYx9vtoJ7-D#kY2De(sBJQZ{;W7cr7?bApP1__Lj;Uo}4*< zBEES4a+SZhA?y jQOzI`!DPAcaNA$?JN_QO#}Rerr|nP16}Ic;ABY10wd0vL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt b/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a2eb9a7dc42e66e2f8a8a9213daff833a2350eb8 GIT binary patch literal 1091 zcmXqLVzD=9VpdsC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNG>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C2*OYjg~>Al4{{CFW$ND8MaqbwzfR0?3s{22G4g z$o^tvWngY%*&1ygO-7F!GGsxcF`Pn_KLmsbn$uarFh9cEUa{A zPr$W=^Bii-x5QW07p&Z(w))dtC)*IyRaRd*%6+VNE$Il`d^=La^n&^X0|${ypZ3Ha zJ@R?)(HZS)6Qt`RyJ4SnADxdXi0!R=zd`xrg6*zOJGATmglc`w6cILUJ(yNI z{f=(JkHymO)%d4)eRNtF+Muqp^>};qjhAZ|y#1VTsnq4RqL0K8rO>2(QXO9w{E>Iu zcCGbJ_W}2el{=Qsxf&bxOWSX$go&A`e)>H}CT2zk#>GvHiog(&HIN5}tgJGNgn?Lt zNV$aa)3TNmB2(;}E;PO>+4x|IzA-on$nvp>v55SVUn<2X>~QnltNSwgPw$>=_fX+B z-~;LBXJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`CN={`g9wm>JWHT~zk%-p?**Pq z+^Ln^z$WX_!erF!0Zc}W42$0{-klS0#WJT?eBQH=A8vW8bXnq!4*18+7HthEmDl6F zv3L5zyKaXTE%>~`A$G$#6U(UI_d|}DT&|rJx5RA5GXH0_XETmz%%542a?E*KVi4Qm zOs!P!r{)*Tq!;gc(a>D~$nVDnpS5q9X2=E!DlMF)Cib7rKlp!i!*jkFSF|MGyqp$v zRfpxL^UoqDN0EC!)vI!oRkb@;I`(L+UDUm^r0!u*mY4qe$A|WR_Dg-{XusI(aKepe zUDX#NgC3guSD*3zKF8swLeMWA-&a%fcrV=JE7w||zDW5s&%+XzRWDVlBsM0Vy28nG f+RJ=rt5WULSl45QvD~*j4}Cant@(HNFL7Z2BAA2< literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt b/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1a3f7f51427177e38c7c70f0744a55fc8d0249f2 GIT binary patch literal 1091 zcmXqLVzD=9Vpda6%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNG>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C2*OYjg~>Al4{{CFW$ND8MaqbwzfR0?3u722G4g z$o^tvWngY%-RzIF&D<|$^aU-9oT^V7a5Np?W-Y7rn^L(KubBGwGVjv^`VUX*o;$yWF=EF8Cg-WOI~w#@qgB4n zn!LZFFe--UqdUhumD`-xI?tT6we`HDrzFPD#LURRxVVW?5f~z}2J*m=l~rbuFc51H zDVI=wTGnzxWQu*$g~nGU8y_suHwGsGSw0pq77@?XpB?#;?vs0Vzy3Y-#e`0gs6$Z( zd?5Y&jEw(TSeThuJ{X9D_zEln27CrQY+MO#9*n8L#Ad)~5CM{qX9+a$H}GBHy})yc zJGGJ<*knCgn2ee|fXRrFq2}eCEoGV?#9TbieH4v8d-=yb4x^hKyBD^Vn;m)i{n9$; zw#qEdFZ=HuYY0EII>2c5_n1YRg^Bi#5q1|A{uT|qc=Xv*#n5>xqSqdBe|6?%!=A{_ zd)#I*AC9G7zGQMK$*JPhv{tEr!bQilL{3-Cb9{c5(ewU>pOMO43vaI9GR^dN>1&z3 z&HRtg91BSQ_NK>N`p5ZmH*$6y^;&ss{u-5w_bU6&{{9$#=i#38xhD+vp7i|iE%|Xs z`cgilBd;EwyL{xJYoKQ1x*68TJQ^ZqR?76~#81x^S^J$?K>El_@x1gyf;yo_M>lN` ipFaQR-7Fo3)ml3x%kPA%9#WZjXYV!T=_ihfZ3X~NHHRhu literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt b/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..43b44bc5d892f132ce185b259ccdfd123bb40ba4 GIT binary patch literal 1091 zcmXqLVzD=9VpdmA%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNG>{YL zH8e0V1VRgA0|SF7ab9BsLnC7t*C2*OYjg~>Al4{{CFW$ND8MaqbwzfR0?3u-22G4g z$o^tvWngY%z z*8iG~u71juYR-i-&csZyqD5D_K_*lt!}F7w-x5_!_rx?bH?yzvYGI zGw1jf3yI`3eH4(t)BktLe)iNH=bM@TK0TP}`*`**27{U<2m>!uf)I-T3M>K!d2B-&3Ln7RlP-~Ff3E(Dr_{?<^JR}bEBG5% zyS?FYS*FpI(7KAp8^1BfqXFl literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt b/pki/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..8be24581eb99dcf4aee80acc097c2b2ab68964b0 GIT binary patch literal 1091 zcmXqLVzD=9VpdsC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`nNlDEqNpueKQE+xNGLRGJ zH8e0V1VRgA0|SF7ab9BsLnC7t*C2*OYjg~>Al4{{CFW$ND8MaqbwzfR0?3sX22G4g z$o^tvWngY%o;GXM^j+UYU~VM_G>w=gj`Hmi?>N)Iei~qKbd4 zKmQA}Jp60;%W!U%_S~(Dv)SitR}E)Y+wfi7D*Dnk+lrSwJ94JaIQr}3x-CzEL&Q`odZ{25X+Ko+`G&>b60_%RIKC;iG*1~pT#a0 z2h4U(kh`n-+1@0BkKsgi)vCX@-|SN_eJoo$ea51R)oZ6bx7+jIyxsRpYhuLhgqU!r zmFkQ9rw8tOWoVPP>Z`@9B(B3!ie8gm{WLRXVrFDuT-?N{2n-Qf19@P`$||!+7>G59 z)ZF;CkJ;zk`R(=#C3hRI-g>?F_YrUskmX|$V-YdU?K&oO->vb}tQyYQ=2h`ka(>$l z_(1yk85#exurM>Rd@v9P@fBDE4EPLq*tinfJQ!1fiOqn~AOa*I&k|_hZ{WMYdx7T? zcWNa!u*rI~Fc~#_0Fx0TL+LCH_4`w2DSe+-e`;=#{Td4$C+|CTWnU9c-1I(tC30Jn z$N!(ebP=n|8 z#D5*`3#YGq#E8!H0>3U)eJ9ozXt!t?#gj8?|GzRSAZ3hy(mTi?$a zc#?Zw)lB1QIXlvhsjXF>dzHoR*hK|T5g&U4Tdk)v(zc7vG5>4*fAJDdzS_%fKd$;H zF5+77a9>#CJ@G`V_?Tmh7jR#(QK?wFKJIAX!H~JrBR@zfon*B9!_sBsC%f_kI=F#?@mywa1mBGNzklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrxY4Dc}|sP01`SDauSLEy>K!3&_vR zD=}1Xb~KO^=QT7iFa$yiV*>+&C~;n614AQY7}p?`MEgt)j6wD>3+sd>=47TQVA!hQ z>Wb`41(3T94VoC0kbTO?%D~*j$j<;2=VEGNWMsH>`10hC75=*BPuST~Pxil$*~!Z^ z#eKea2-8iCkPMTLhCK`3{f}sPEcVbL?v2Ao!=TA4uSqt|cX}>bFzJWd(qETaE$8m* z*=^>ay5#$E-;%!_f846yZf5oirjcgL3H06gU&xZ zEGxG}z1{cX%+A-#wutXDd!TB~lAGqlUnLMyVY~iaP81L0pBXX!THk-&+ny>c{L$k2 z3eWW2nSTq?*QoJq|Fh7DW#04fxtflwvAMy=>%SOwrNtglSw5{;FE3$B*@BrOQ)E;* zy!_f$3%M7WTr0>tvGdcUlGbPCF*XcRLZ{=l%DgzRseOK!op9zvCT2zk#>I`l3>v>1 z$O8jdR+&Y@K&(MT(4cs4Z-GYBrTp`k%-^1UtvvDedvKDF| zJWFG zygB6whpNJ_C9fKnU5I_+vRZ*<`jbF;rrGz-tg_l1Z0v4+^V(eYic=aXl6OrS7K^T^ z+Q4=G;q0}cQ_A)wudFMq%9eiCWyu+QPV0`9^`FT`fqtBM@6*#gpX$m^G`O+t%M1B0 z4=?YJbdlMwY|Osx0_RiK1pZFRNzqbLySjFJd|mpWX40-bPgJbt@_cm8Xi?*gj6A$% zZhm#8vtZ{wpZ_bYK6cvl?W@?K*SKWD<~?r1S`kj{kQXb4nIFr zH^Zs8sI+zY+Ww=S2Nj+sANzQYdq(^|p|4BMNZ%3)=Jff=6B(+$<$iUFhP|iRGq<~vkG$pgRq$o3~v?Mb>FCafN zuf$Nn+0j5woY&C6zz_&6j13G7qQrTP4GfKpVO)b$674fJFb3JjEUXijn3I{JfMKhG zt1GfI6+rGbF=%2`LiQ;mD+6;ABR>OBoQtW6k&)rle(ltN@2}Qci1^wiNS^Lmd#ik5 z^15i5epG`G}dM+^M-Bv0&~hkG)wx>&N$xIIq_Uw5R z?FB3B(1LNYx#RiQF z4CH|UEUU~SVIbBZB4|*&x3@r}=~DjrOXhFSzE+-i`#m^G$nvp>v52hQv(EZGuadda zOjkiWVXg^Hg;)Cw_(1yk85#exurM>Rd@v9P@fBDE4EPLq*tinfJQ!1fiO+!1z!W4Q z&!T6bW1zJ_W1*UX3QzzTwX)7ZK86bUX_%1w7$Nk31n@TI}-5b{5 zv)Wy{@z!Bs&22RY(!0zp^$gqFlIE-4nVb>6s?2iT<}m%WvVY$exm;d2qiB*!mEM(@ yC5ekH(k?5s%N8Zy%=~{k@Y4dNHT`AB<}G$ixiQo8^|wdv30syn>ze=Yr~?4DJ8o_O literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt b/pki/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..a93d666384140850ebdc012e838fef322246838c GIT binary patch literal 982 zcmXqLV!mY1#I$PxGZP~d6CB(+$<$iUFhP|iRGq<~vkG$pgRq$o3~v?Mb>FCafN zuf#~f+0j5woY&C6zz_&6j13G7qQrTP4GfKpVO)b$674fJFb3JjEUXijn3I{JfMKhG zt1GfI6+rGbHE3c~LiQ;mD+6;ABR>OBoQtW6k&$8H34O-I^4lgMTnjsXSYKG0{!h{W z%(+RNhn>q#8tk1vC1B+%@0zl6yIJ~95dXne`!n4mN=SYTV&(^mZLP}mUN)XtH-lnJF!W1CJN_F zKGEII>F}%Rhp3_fA4oqxBjbM-7G@@v4+i2Oz5u=BF&ePlD zJkyr*&XU>-YkvxuGRhoX{8~C;;b+l+g{RCB#nyR6!t)i6 z)c73OQoQ+1x5^WTZ+UX5>-alTY~HVuY0Zp&wu7O~QIqT2_DrT9xqhc>O4n8&G%f_kI=F#?@mywa1mBGNzklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrxY4Dc}|sP01`SDauSLEy>K!3&_vR zD=|`Vb~KO^=QT7iFa$yiV*>+&C~;n614AQY7}p?`MEgt)j6wD>3+sd>=47TQVA!hQ z>Wb`41(3VV4VoC0kbTO?%D~*j$j<;2=VEGNWMo(+vvuE0AJJXKg-2~gyM5BUq^+9Y z2zSrFbY5h^q5s<$4{xe@a!Fd!-s-^w8`-DpLY{4Xz5VQ^i_;uiziU5SyT0*U`e*47 z_6kSk{(Z*XRne>R9(K2v3r8N=k~3(}0U&;GGi@LgK5%X(j|M0m${*`Oy^+E2}p=b9P z3%;K*bpL!mZprq5YxBhgr*@Ujd~U^`=sqX=>Z}Rjntpuh*2+S!EUp1F;4Xmz;OE^Xp&xdDd6_JNr~(!JFL)+2AB0%f}+dBBD?+A$@n^hAj8( z(i8tK$e(O@;`I6 zqVyG>l(#&ZTybH_r|B{AHxs^x~}*D>uw| z`Ms*T;L@2Ha%T(pMB1Zbu7qv7H`}t+W#N=Rm%r+q`(oJeF6amQHs_`+DHx#9!|+B3>~1{|>bNnh+z*x^87J(~&w= z2j)i#iCcDq-KmfP*`c^R2WnI(>Sl>zxVnaPy~ z3eJuOa^k#(1_p*eXklz%U=StFYiwX>WDMgPq>yNxiGdNsI_?Lech;@Tf*D3rud+ZDL0QGOQM?2mOX3x4?g?0 zI#vIV@yn`^ztT44To3h*ebu+@J7UqwsO^IRMZNuum)ZAPm#bZS&)2g`Us`u76793q9cV+21lcl#mWDB@Ba#@Ssby>Uh z(9YeyT03@075Q$weIw)H76z{T?~kmmU+Ysl(!!h&dq3rv$qePrmwDQ1Yvn)9ETm>C%u7Z)288ps1fS5}!t z!a%G+L}I~$s;vK6b6cBK&K_24{jtBxoDG~DWcgUcSVYbpRO6X{qN{xMYROLZ65*$@ z6Ln4*@PYL6Gcx{XVPR%s`2aCb0c4&58yicgtOA1p4;xoPn+IbmFaa7cB1a1_`2nMa zkzxM1BT-V%Y%a69Z49~@aw*pB|DDIrkB4`&->nJj?@FHjp}?^3WA?%$(K_d>x3Fr& zr&WFE-+z4V`733~we2Vw>A%BU#XlX5vD(od zv0ilha+k>ty)UK9m^?*<-<@9bWbZ8r@8HQR&uh=SJ9U@Jr~A8n^#o-XYTbQp^K$RY z$)ZOtesSQO8OXHdPS<9s{ZqP_9ysv*(LDFcvTJhac~7Y~dKcp7-JVgRfA-o@F|i*K z$09}L^|zVq=2_~!?^|lpSyr(*x3ZphPKq??`Mmya=uhRjF&S8cC literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt b/pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..f13524a0dce9bcce2e6535b5b88b107abf5cc16e GIT binary patch literal 938 zcmXqLVqRv@#MHNdnTe5!iILHOmyJ`a&7`9IZm1AoXrxeFn&j+gAScdiXkcIngcimI1_n{$yv7EGM#eC%K?aF7TNs!@Y}OA; z%*jkqz-GUKt1Ggb6+oUaGH7B{LiRQzD+6;ABR>OBoQtW6k&)rUMYDEgqgkEaN3RRj zc2)LYdZ&8&)8(jZNA|==FJoB{wCMV&ofjgfGKPD;W)acVXb#J{bf(4UrU-NBqTlX1 zzt%Qhyd2yH?V3}-e9-GAjZ$`4#VQT zNmn-T=a@eJ`Yp&VMQKfc`j%(&{avzCOal(dDtO7w;#5%lBa!<-LO65k4uku*yT5Dg zpZzDVFfZJ}uR+n=+WocI8>P95Tg%r+S`?mI8CG8_e#$H+eyXZT?6J2ew~02LX;>)q zH)@^QU7OfksGeg93y;CYlU(u@ zop*K}|MuB>OId2A_tSuOo0-LY6P60R{*#hEd)MUhAB@&_bZ#A6lYPv#u;XcJ^NeLv zT6NzwDXXcy)G-Z`-&SUO%r;^De&*G);v-e3ckygddbS{5BPTTT?aJf}H7|EYh1Pg& zS9TB7Njk~(c)?|c6(@Elhd*Om{(5@6m>BDHbIv_3*N%E#;%B}xjk|yPs@)pj&9YJ# zFZo)$V#{qiZoZo}*Iq7gR&T#D`BBftFW(!t-qQ1a?jpDE)`VB;&qOND-|lQr|MrD- Ybpr3Il4ku*%dYeNUYbv;o(FFL0C6c{v;Y7A literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt b/pki/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..75daa870284699a2fe11cf97455de1633fdfd3e2 GIT binary patch literal 941 zcmXqLVqR&`#58dMGZP~d5E<~YacZ@Bw0-AgWaMULFo-tfHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1}` zGV{_66#@*66pBlefXLa=Ku(<3(7?bD2rY~a3=E>gd5sMWjf`PjgA5Waw=gh+Sgs$I zn3I{JfXxXCuCB<=Rsi|K#Gr{$3EAh2tPIRejQk8haW1ANMn;BZ+^=)iy?=fw*>drv z+7GWDF7CJfb)!Y}kJ4WjhpBy?$|83{eqDcd=cG07zLUoa&j>83>Fwj%E4e1)%9QHA zPqjnc9x(czJu%~OdvnX@X6{S1bt-TJ2mBcvJFfT75(+7}d;WJ_(uaiju3E0gJDHdn z85kF58)O>D14CF=nMJ}ttU=^@LyT~DpJUlBuC2v|FBUsAl<-{yClFaa7BLo)a{Vfv z;x;Cuz`|FV#j7n2U0lw&$bb)|pP!NOKMM;p6Uzq!aS&gDMZkd1fQOAMq0NIa6_^wa zSdgOwm=J-{!N{;v_T}P^C!1UIdvX%~&GneRmFN1S3RkP9jN^SX!nj=e#q%IP=xXV9q>8e*Zd21Y3SNJ^tZycChE_Hdq`gT|Kvxm!f7nEo=3+Z#LTeeB+ z&bN+}7Z(K{`{vSdHtg}25A%=IT{|9jWKEps_u`A1B|U-%L;DY{Oq%nwqN04K_i-j& Z^|dM|!``erIL~F`+vJE(hWx?5Lji*2ZH52< literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt b/pki/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..6da79065ea1d448cfce6652d78426a593899969b GIT binary patch literal 932 zcmXqLVqRd-#MH5XnTe5!iILHOmyJ`a&7?gZ-BbL<&)3b?4+`%c%*oP0E}02YsxoKl9T4QEsEe%9*Dh*eAW35*EBvrdK4auJz9u zpUI^f{(3SVLEZ0#S=P?Hd%~0Zfy$yIIZQD>9Qm0e?Q@Tw6#RQNOmgETkF$PDr>p#* z{$u*FN4gHPH40qJu9q`A--0$-!o-1xbhiJ6gsadEamCOB4Q zm02VV#2Q2nP7w6ExkdYELEX6?>!gUMyQgaxgVTj9ABz}^$ULjcBZK+P zCEYA@&m|g9DmYoR=uUZnfeyPX_p!{&ysPBDGcTE>m{brve^2Bq?E|)vUYbV255&2@ z^VKSar#nPy&XI#v9BUGEasRg5-M&*)s)S+sR=)kZOE#)}$`9s%p0Ngd!mo5uFU zRiH-iM_6Fe{@06Z*15W>hAmW4mlw#nP;w#rU$kXj4? literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt b/pki/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..3eec5cc6fe8aefb9fa4b857c5b709979c0152ad4 GIT binary patch literal 946 zcmXqLVqRy^#58RIGZP~d5E<~YacZ@Bw0-AgWaMULFz`3zHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1*|W^QU#FH z4UG+&7?qHH%gD;W+{DPw02Jq9YGPz$xcc=;_H>J^iC1`j{x3AjewXqu+c+d8SAdW4 z*eQKkuD1`G_^+IJ;kKb_!``-IRymLU9C*NE>%Hh>z?7)NK|jAO2~$0u?Q`{r?kl)W>hx=9{@4W(Ct>9WYn6?!o<3mUzyAG!&W;(W2MfPES*zn0 zwb{Pjzq5Mf^pfq%mO9v!dMz_EZPU5WAR@4f{mf)<<5hW)E8X6@wdDBpWk!o{z3Fh( z{P>(HrJNx@AKcE>4P>+3yYSv7Bh8|X3d=V&9!q+Y!=An{+Fa!to2`+>A?^bfoUTW@ zf{V{S{b;-Ofxyqh>oOcK+z36Aaex2zyd^~u+})?EW>nTQF*7nSF0L`CGLQ#`u&gqR zgn?Lth^ocmb*FSotD=3c9AKW*A*^&fCj^`*WcgUcSVXLy{kID*bAPg^O!Zu!itgnW zKjnM_agcrm76Ai310FW6gf{dSkN^u%#W&>m z0j5S^{4g@qC5tSOK6!fP&8Lr;roPni->MWaKjD=AyCZDsS1wm9Uh8UPt9o*EZcV|j zW<}SK(p_vDS#Nzi9J6}C7twVp{o9Xh?l|hr?EHxTzsI{{@BO+sq+k9oZVu9#St}u+ zYx%pGUr0SrW4C1c;~CQ?tnE=&{@!{{G`;5&<4Gln!0Wq=-v;jbbZMH=FO84pFCJCT zm}FuxCx)TmP)E_FUyq{=!;M*HSm=M3TcLLT(ORu8k1aEo1Z5|PDOvj4OB#1S+UdvQ z#{G!(+JjFyS4!`1-?ue-L*~KzK_L^Y>N$ z;OuB@AScdiXkcIngcimI1_n{$yv7EGM#eC%K?;esnHU&>Y-1MI4ol3*Oi@6$)72H( zi3%V$8(J7NF)AT@laZByxrvdV0VvMJ)Wpch@L1mX*yLkP1zA&C+c$mNnZ)Pu_O5Ed z(p0s7nm#9<3zoIzHOBZn$oo0TUO+wkn$TtD_ntZ)>(@@T{k~*cW5RD0jaN^d&YiKn z_45ZaS7&7M*{@$+l%fzO?vN+$Yv@4daor(1j53Lo$HlM`;w{@ z>3cP5WCN;J<(zX+h<@lNG;iW9wb`>T8S9RI*%4vc?B1|NQ<`#(Ew9(g~@ ze9MXDd&Op->e@VmrFII-nFW6QQrXLIbj(=xMCDupZH|&j*J<1SMTQvY210mVZjgE>wdKc zjA~blRpxN-?Jq0h-uZ7$!KCf;lpPDE#8l)JGrr(r3O{jHDv%-M$ZP#JF3G^wMD?(3 z;Tk$~R-jH?`&pA@>cJ(GGaXCHT6gy+LpHn~=Fwp-JVE;+NZ(k|op%_1lJwj=;Q CxOrXx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt b/pki/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..912968e9502997f5bede84fb17247000e69e2257 GIT binary patch literal 1151 zcmXqLVyQN0VoqMb%*4pV#K>sC%f_kI=F#?@mywa1mBGNrklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrfM3Dc}|s&d>FSE? zL=IghiHRn9L7K9{=?amWcpY*j^ z*6$w6I~#!|4t@ctVcYKgGB2_6zLk4v$)WOzNqKfo49x8-@|9E+yJm77>HDs?S@VaJ z$iw}o%3}j}sLnjGpvdOHqh~b-u3T@7UDFb#dqiF2f649jhlHKK-HyM1&zOJDp4%R& zm#vJ{r+@$cA$#f)hgl0Pd-_%8`_?{6JE-}%d}-6OOond)Q5U7U?|0VBl4x)_pJRQh zde`4Met8cyO-%2XB+gC!d6?~yi|q01r`-N@8vIU-o9?~M?vcgHvU~e-9_#-%-}wLC z+}Sn1AIo*CiY6+>|BW+pdlL4~(ZS-Qp~{@5h0Eg1<|cWh?On>m%*epFxQWpZ7$RN< z^1u+5Rc4Ve5Nivht2xi)-|YgJ;yg7oi^ zZ%-#>-EkGDGJo;;=ld6eIfDI@o;@hua_FLK>uvjGKejh+Rbh0fXEYYf}8#;wYOV}@66L*i2X;u%j;xhrnY@B6#LL1^{E`^jH^W-jgA(-E0>B=))E X%&N@^FDwFTZv4ra{hVFyH>VN+DgC4E literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt b/pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..1ad52efdb6ce887c43c590d03c7af0c13dd2e750 GIT binary patch literal 938 zcmXqLVqRv@#MHNdnTe5!iILHOmyJ`a&7Z!@woFgG#sGXTZ8n3@sW z`}dx7D|Z!Hzy5%Q3NKTj_rICtx6AjppV3-%%2vr$>t06mqS(b24varvRo!o{&2mWl z>Y!V(ZKC)TshXt1g*U!L=Uxh^KNNlB@Y2?VTITc3lRXSPqo$;Lp67|#X0gS*z(u&p z@={p{3sm0b+n9Db25w&nIr%!~|- zi?aRVIbBZvheMq&!!=A24?Q2l=2t3iFM zzcVJ3Cms37pVA~LxRKX!@5Sj~A{J+SIFnwRVmH-P@TJ?XJ1M=sTW8yCoLY4I(aIVJ zfo|UUy|)qtKI@<2>8XV+PYwC73+ZrSX3^W&3qUix7>f|@q&UwN8MsdVz5*uc4QCLRB-7Ikyw_$;?S zRjJF&(Rc6e!~gvY55{=37Bn7>PrYOK<;cD{9N)fnzWert#U${=ah9~dCEr_nj&0_7 UJ$*`|yw2hV?#IVjW*z+s0E`Z3SpWb4 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt b/pki/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..76800f5159cec3c9101a09521d7de3507684935e GIT binary patch literal 955 zcmXqLV%~1h#58{aGZP~d5E<~YacZ@Bw0-AgWaMULFo-hbHsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1gd5sMWjf`PjgESKDHZw4R*sU9un3I{J zfZ+lKS65^wD}el9XkyUBsD$ioMpg#qCPsb+pg0#(6C)$T9{v2868Xp6Dt?H5N=^To z6n2VNET3=fZ03VoHay%NY-#EFf6Et_4`!|hpB#Ch zrv2i9abdm7JcEzi`bRE^CdR5=;q2OamLqrW$49O4|Fny|PiXW7FI7txvfc3iz=vAy z>zX|pl2@OuyW1bb74chRuA70tp_?mRKm40J)oWAH#y2bWb2~pfaD7_Wx1;t<%!~|- zi)#$34CH~~E33>RVIbBZvheMq&!!4H3jnn%B--Q|jagcrm76Ai310FW6gf{dSkN^u%#W&>m0VYde{4g?vNwQ}@J7V&=?!J(eNJ8c}b%T4{35R8Wv}bBfJ1cb7 zCiU^LgA!59?$_API(|w2=2ExwjLpJo=Py3N4(frwi|;N_syn&Her3nIX_|Z`vrl(E zc~==F)Df?LYQ?!}uRl(lesA(K_jmtacFwi`5u-bMO=iyX`O-_4Wcf&y#-?0bVaD@x zLe3TY{4F=yniGTSMEANKd$Xc$TV!zE?GK?3X1mQ2_{@1G@vwtd%w+THEdJ zl$@D)`0Vl(3qzi&3)|)NES_|9TkW;hx><%&PN5T(9gnHr(5g=V@7QRW_)6pKkMByl iKbD%+Ips;mC(l^!f9(b{!)%dBr6~iJ5sN z1`5uO26E!Oh6V&TDL7Xk-lI8l;kFpQ(W{#6F#{#GK3&1q@piTwRf! zsQ_}fxj_@760%PjSs9p{82K51;#^EkjEoEqV*b6aJneHu_ zoscQTm^10KiRR;ndMm1}nXY|_TNXQKW$c+}I|AFJW!m%KCrOqoeG82;_gHmac5>PW zl{;47L~1sioTT3RVb=C@(X%zu4;*VvcyTA^WvR|p(?e&|V#`)Ynd#~LxS)B|(Mj;- zItqG!=?^)$#w4Pc{$dZ`Cl-4RL}?ZSEbE*~Dbp8uq28tK{Zk&Am%< zEzCD$n@q7gxX;va^=t7MX=N7)-qqVwmu#E5dy>n(>dBstfr@T9$v?Q9_HQiJec||m zUGMqg*M9w`yTZ#V7-daF-yGAkTK;pVV|VubXQ3BPZmhAG&&15gz_>WuAk#n|7`(E| zED{D{4I;C(H+k7iIGPv0cv5L^@;T0rJ+{BV2||{SMT|wHGCE$}jD7h!cfMB(?`l1t zWTfqCYQP85&(FyCpM`~)iRFWVIEb&nB4EI0z{AFs(B{FI3QT$ijL6XeOnAWPU}VVK zon68rvg@5umaF#TEViu8Q$7`yt?^+EeCh5PdS%Apx^-vx^P5-CkWyav@@U%meMdOe z^{0j|NO*AS`TVTajbdMKu-`4^x8G|0?o7ef2QC`lZhmraa5yv9(JM>##M6y=DV674 z>z7|o)%<_UkfBB(+$<$iUFhP|iRGq<~piv>>r0!zVS*IX|zsq$n{n zuf#yX+0j5woY&C6zz_&6j13G7qQrTP4GfKpVO)b$674fJFoxKt6PB2hnWBJUtAeX5 zvNIJx?zS*!VpKx*DI+Tba}y&!15licsfm%1Vedoxu+=w=MP_tNQ(9s=b=#SJx>^#m zO}AX=sIXh{rHz+#{GjKV}i}6 zWMNIQ-GX{Px~I35l}2{Yg_RiuQhJ+jS|1^^#VXqBgs_>e8EniJ2ca ztU3A1N-wJFQx@N&sUNF#|Grq$c1q=Vsc*xaijNYMc}(-7a90(R{*Fw_H{`#{X670EdHY=D(#i}cb*;}Rko?5)y6(7AVZ^cVy3&rKu8Yp+)yii{F zZ9>_{ypn&9_FD#I1eUpXHhsVCd+coMF1Nk{+eo)#KUC-1GchwVFfOh!s4|cT2Cu9# zi-dt#gUD>{ObbKe2(*DkL@pTf{^875n~bgz4{8HcF(7fwm`Et9D&P@ zW~dhX7>I-PE3gO{@EP#1aV4~QFs1^NngOE$KS)BDk?}tZs{u2RGT;LV@PhIF!+N*dCB=XFrfm?kXZrq}chkkSdYlheb&F=)Nvz^i`z&;>cI!#$ zYgW@Yty?Bz<7?2@7$?20U(VsY?#U^uUj^NKqkF`CQ9(aH+qBKT(-i$r{Mn?CeA)lA z+voFg))%->WHO1|nbRJ^wWfn9)8t8y=Hc`P`Jm)(7CC1d{)?xicZckWKH&dZVbN>X z{j1!14!z2dH2$Ubcz%xK=?9K3nmt;NQyaeDo%BL7B4+cE=!>Sde+2B8?rQ!1S8HQl z(gCgATReAZ+r8f!$vJ0N-}XIE+vC`iukb&-9`6u#^BAwjWX(4r46io4{Ob~vk~-bh XvuJ%{Nc!B%Yt?4D{7ndI?pq1~Q5jvm literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt b/pki/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..15b2928401a98eb97ca5c5df99017b45acabc797 GIT binary patch literal 920 zcmXqLVxD5q#8k6@nTe5!iIK&CmyJ`a&7b^4qJNk-AJ4MHD zesYXl{Pc3xlzAfVmV#!VLRzb3ijO?+IUj#v-s_#5%I-U^$|Y_r;S{vnHFbVs~C-S}WeA@nC*}wblEu+ue#zj>)ONH!rzwn3(WJTRPPm02VV#2Q2*7+X}N_h<)A@v>biP$Uxgb-mR|a9WV%V-aH!amb&r zg1L9ig;#$9ZpQu&D^*Q6G8>!{Wce8x|Ff_#GqHRy5C@s3zyeGn20UzB32h#XslZfc zz=#|jz%&Pp4n_un=UYzQ;*PmA$y8wGwTH?tOZyM$yy5cg-E01*LhI9v!$xIKe&?Ynu8d7BN`Wv;$8SuWCj@t&J<{!Hs6fgVNHCn_^|ZgSuJl*{<^e1uBh zs!10#Z=Lb4H+sj$cYk*CJhmlP^~tF-c4_mi2$wDqQcJz&T5PyYPdnO9P4)M*-NtuQ zTwK0xD!qPUahY!Cd!MTn_*JDboC*=Fze@@x@90^W)~5Z9OwtA-Brk zOnpN@`3vVYBW&UUWk@41ShvS;VD>E*f YW<7FjqGr>sYGJ|jHf^0Zj9#Tz0EtUgk^lez literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt b/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..7cf888e16ad1989713b2325eea52e7ca3794da5f GIT binary patch literal 918 zcmXqLVxDBs#8kC_nTe5!iILHOmyJ`a&7Yg8LJG>*DrdO8-g{*0xaP%`@(4|S?J!*;@_nh2)Rd_WF$V2T5VIwONSgGAsh!OfRyuiyC> z&70CY<5c`Z`TB>F-#^{RtyHg@@p_5WU!KF?#S0I9-L$$fw(TI_N_V@q+pVI@3;%?6 z9{>8{_SGm`{UZ+YEv7Hir`$jMdVYXP&JTyhODC90waff_Q~ccbk-wp9tfCKx->tV? zd-fRE8I^iAURydhd_h_EuHEecaW{Jl>)uG|A6>QWm}KONY1u1YtUJwRSRuw~qr_4z z{bMdt>opsHw*vq^ CerZ1d literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt b/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..23889360cc222fee606b87b3972c8d6b0d1f05c5 GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!iILHOmyJ`a&77 zqJY&23a+lm?p6SK#K@qDQ3=`WjI0dIO^o~uKyfanCPqeva|L-)ho3HFbb7v`fL9{Z`Tb9b$#+#k2l0@aXExq!A((|Dk>N|==0n|9 zqJmbQE4MJPUiV^jZz{Ow!fO({sYfnV+oBxsYS#aR*jeI6%Mh3>k zK?VT^^1vXLRc4Ve5NiP zZkf@GS2}L4^UmGh{FB2<@otN(*iZiNcWWKA)YnZHUfQPV{#n_o#3232w5FrsDtSxJ z7;c|-W~#|$BjZOcy~j(}Cvt6CwfX89tM0owzW!o|6isewgx`*n0|4XU BYk&X% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt b/pki/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..e93a0e1fe91fed010b8098517ebb537f53a59cc0 GIT binary patch literal 942 zcmXqLVqRs?#58FEGZP~d6CB(+$<$iUFhP}@Kgq<~pisVKFuG_xqxwW1&=GdZ&) zARkCo8YmQ(CP9$1qk)__uc3i~ArM*^8yFZwiSrs87#bPFxCWUdT5f4z4zb)IEHNiD zMFFc56kJ`A-K_xfh>1ZHqY|>$8Ce;an;7{SfZ|+CO^l2T_xMHcIP2K#ob&kGQ9kFt zI;n!({^c80vg7f{K~m2&(Bo2|Ld5oNdDUBF6Ho&=f@awWPimzE0?bj zu6;E5ZSko;H9F}_?8sc~<=U(;Vpt2!_H84nDMj>YqorHD1mDxTG6RAKc( zTEQYnZ@JG2(So(>ZLE{t^?vG|8n@0ttA2h!{o*Uzj*3rzzH$wVRpZy1xAX1qtd;#& zcVTXamF5ACU;*_*?RqM&>iialM(4ME;kx!|dFFi|C68O_f+}5=SC)GMh3>k z*#?;g^1vXLRc4Ve5Nig`v}9)!;4m5=H@lv1L@~yWc<&-MYctiC>P-&L+n2K{=|&;K!-|GW2;vEYe4TcsDgWBjmm?*BYXhK?0d zOk4Ktby%=hX3v{VNuSnv?%3b|**4P!!wIjV=D(i)z9UaNH!dPZPOoC+-0p_=2`4XDFD)+pvUz2|i!C$$8i<%5 zUhpc(j9%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!ns0&BvH^7GOaoP&H6oE;6C7?qGcz{twL+{DPw02Jq9 zYGPz$*nX*Osa@^2dx}o&pLHv)R5u;ETCybcwqt_L^zNlBi*x_RZ@K@uZ&G8pNPFdW z?Y(~AvKKwk-X+nuHg)UAt$kfnJLg6H_wM|nx=B{CJ+I|J^FO_lO3e$l=6}z*C;a34 zd;QoZ_TBj>QXV~&tUkTy1csJXW%E=gOEKWvl7#3|=K8C*M67X31PqFvXL z2$pH9bQyp4hFp95``Q6!CT2zk#>F)TRR;3FSdvv{kuVTz5P4D?e=%li8;1_-x_zbF zQkUP1U6BTkXIVZLF%}UXRksJ7Re|hY>rL06op7XxZ~F>113r*`en!UsEG)p3!)723 z;w!KS81NbJuyG}{c`&8|#SIt@_(2lFAcd?3%s>h`et-!K7(a{*<{mwh?%Pbzz4rIf z%MC|zd9E4Ex-62?H+f62^MdW+(>eTlCC*ybYJK8cUr~~jY8@NXZ*Jc-A#v}Gr0sV4 z{RfvR_J$uib7#S^hrj%SmOuV%wWnXqH}n1KyclsKZqtHZ=H-I2s@1OhyLLZldLMOv z+VY9tyzV_$`6XTP@~fxe%!TjRC0eX*mb=${m{qWiW95sNDHFasHu%eO25U@ey`_GJ zAyy!(b#340788+x^{3@$SWTOz5u3PQING*+#wJN10wpZxa5;91PS z4t`Sj!*wQOd+r&BvriUjJTG~eaK^Bw)hPaei|vc6r+>`K-PO*2*l3!y(W8oE5{Ci$ C>RY7% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/anyPolicyCACert.crt b/pki/testdata/nist-pkits/certs/anyPolicyCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..df54668adbd2773cf297e6cf6709611da8b9c9c2 GIT binary patch literal 911 zcmXqLV(vC*Vk%z1%*4pV#HeP#%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!ns0&5cUDg*L!GLtJ6oE;6C7?qGcz{twL+{DPw02Jq9 zYGPz$*!M#HuD{9I1A9Kk*=cUp;e5XTLEu4_)hm}Doc;4*W$Ed#%WG?{tngb9wx};p zyzAJ>#-oOU=PiXJd#5-q7JRt)%QWMp>h(MPEcSP*8A}|T;bi9%-otX;r1iw2usQMq zf|>SFapuo$xYL-rJ$~PfG+g+|?N!Zt4R*QP&3CvntDSxGs%AS|u4K-ieQ5O`D=WR< zy-HUuUiD*jo}Af!r$pM`qKvz$jHBzJ-G2_gIgy1oSthXc1gxKPwz}NHS$(znYE9*t zA6*N}%yiY7=kf9OulDL)xkv0?=;_yw&&vO~^1A%>om-oqZl5o&a_Mod-xMdV578l0 zT+GAsPqH%dmPIc(Sk1)D$iTR`vDKil$v_?$PqNA^5(Z)oB2Q}LFUCx5hhbhE7HI*Ez8Fu#v-!&IzQ=dCMny{#E9dpcTm4v!h13r*`en!UsEG)pZ!)Cw_ z;tPZLtOm?L%76zXpaSAGFftejf_MrnTm~ElY-}t*CIfOz0h1aqrWhG)OBFu&HI^;y zIb+H6vmr+4n9iSybE5x)QhvU<8Fsh-agNz9V+qx?{Wmt&Oj&$5@6J!zm7Dj@X8&A! zvU^>1``Rmucivq*RW?*`&cAnW&hz{^|M~X5Lk1>+onBdj?;AocR$i5S65;!@@6m~W z(J#7oNbYOM6Y^d?KlY;N#f`xW8(13``vhChwy56y@XW$P4jZ5NZur{#@pQD?ytfPE zIc>k#P4o{EaIfcNes(?V|EW1uW^XS3ifddkb<3L%!s{;{@?Q9u;l*at3u=9ztPU1Q z-TeKl>#lL}rO)1a;l5d~H>5=;TZyk?2rgTY-=TNrz=r?j)#8sge7$#J^@PQl+os(= IIQ!270JslhApigX literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt b/pki/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..4b678fee0c56878812687ebca4ca5681126a2901 GIT binary patch literal 923 zcmXqLVxDf$#8kh4nTe5!iBa5umyJ`a&7*-^nQF{e0H!P(KEiBSpJXN;^2%uS5^3_x)%rY1&4hEo@P zSL~mYyjt#apYBb=y{UdT|FNz7>(C|j{^qo(?HA5e&U^apBvZ8fE$-#VW*uqtT;rR1 zbI*roO}>ie-`gjAN%75jWPfLmi7DeF_2&yOZS-#ynLjQ4cIuLcJGqa}&J^Wjv9S6O zD71}h*B$HF_ZIga*(}lLcNJbfXVO8*&s**-cp81|u+=B4FZcg2o}AP?Nr&gb#sxBk zMYSvmvT1iGoC@ZXSv}dIcmKxniM-vG-)`EMzP+*JdQ$Vmgai90s{dR2X%@qibS7p- z2FAse2IU6wz;KmSW|1%uYY=%-8-FooY8!_R>$-iV+ftX`j9rliP5`oeEMhDo1@~R_ znPup& zfjppuFi0Vj0RwX60Fxasau^xBpXYJr6$S)+`}S`Ci7UZ2`A39avF`p*cg)Hu%`J@C z%i)mAzUM@tuV#xbl|^X;Bl#SA}tH8#$Bbj)t$+^?K}GEC>2zEk;FA$suTs$cc1|6OB?&FB9faDDPONsf>m z$4^8be=E92oi8@6jA?4y#Cm0o!p&{5kHuC5SnBM0$(h`nn-wnnc*5TA(^GCqZJrSK i|Hj0Bt8c8G%`McncSR6Gt-}_+@{LRFmd>wG+X?_jZ(@}I literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt b/pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..d6c7fb805fa6a7d9d7a4f057a863df9d2aaaca01 GIT binary patch literal 918 zcmXqLVxDBs#8kC_nTe5!iBZykmyJ`a&7C>@^&XNr+?|Y*v*-P2_|!7tdXPlc!@CzZcZ8Tm|Gwz&md|SN zJ-MaxZM{m&+V(=L=mgI4XG>(}?)q|wHQiV4&5`S+;<@o5nu40ImI(b$dVP7~jPQgl z>HB#0HO@|(`qE`)1&@E~hEL&LQHh=FT~k^c|7}R~PFZ0%BlL&pWAV_V4VQf1$+X^c zv{n4X6cTpo?iqot%%}2mEpnA?XV&sDaYZ(#PTjF@W-#|HPPOp3d2z|g(Pq3ocj9(_ zt7!aPc`>h>aaE;P*#1v_rixeh8-Ci(f2db~yZ+VX_kB10=~yhy#LURRxVX}w+&~@} zq_WB^5(Z)oB2Q}LFUCx5hhbhE7HJmFU!Xw#v;PCWT%1i8s`%xOv2~i zhrZZfFyC#x0Ut;|KO^IR78YP?Vlxm2@fBDE4EPLq*tinfJQ!1f;s%UB9#BGUq!GZ!^+!Q zwf_GbJ+$=K?>#pyZJ}fK>aDupZ!+$TVZISQPfu+cf3nE@Mcwmnc8S*Wv#Sc2ulyph zsIx1QWxi>M?&PeL=|Xa6uDUKWysh~BKjY*!*H(v$UjodsmsVY{tX=ptq1@=>ht-!} Zsvi2H(sgA=_6fz}rLPuu*ms5X0swRhRR910 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt b/pki/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..27e670ec162ba97bd78c99b01fe34566db49cd76 GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iBZCUmyJ`a&7*E(N=|!x7T@WSp5Ua|b)D~4!QyFWBkYd~?t8QQ&!Q8@*zYfU zaay9WfXOnt?q2u60oOF zYyXjcRhJIkZS!1Daxz4dE5W%#fDX}tQTL@y}7$JQb_Hy-ks~b*P4E{ zE|B88vd^$V>Acc&-^~%M`e&oxEmX?s)$M*3+pzG_)~pL(E(^?l_I2MShnn^iQ7_EP z_U@OGzy0jO>P0WRas^mc>{uh>Truf&w1t|j7kufedmk-63w7u|ou|vg@E1!v( zk%4h>nL&wxJTPo!m02VV#2Q4N)W%9*A6H)B_%ffIo&ABz}^h~GO^8UM4e0FxD)fjEe-z#?G4XTZb8mC)wFmzykPUsbSuVPae>xN`E;XWc@Rk0}2X7hJsY zUaaw#6_@viTz<57^IgO9%o`R3B|V5#YImRK_ICNUHB5VUa|k@?G^l&$@knT=#ElgP z)XxR~5DC3evANA*cZgWz|7pjYG(UV<*Atn(b&qCfw}K8EL)3?78`9I>tT1V3QuTKK z_NZbP$J`5&GuAXr(}`gTE}I{{u`?|tzKTor|CE!bfaPl7G6_1{@M;BC2CMa`=J_G<2PF-#Q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt b/pki/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..6815e4f888f14686ac1ae266de7da251a1c53d43 GIT binary patch literal 901 zcmXqLVs12OV#-{=%*4pV#29VB%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!ns0&7xIb4n7OgM1X69Ssed7?qGcz{twL+{DPw02Jq9 zYGPz$IP0wKE-=wKmq$QQIXbscSuA(evWGHtP326gUBSj__Vywz}icjpqhSuRapBK2@+UjPGrx^e&@!l^<^(%aM7ae(45>W6m85zGX5q z?w@&R+qVBw-{FN)9E@F>8J| zeX(Z7EcMr0doC$uDtuYT(J7s25}(|m>JqbJLg{p8)~l~epEO)$ILdKann6oGVy41_ zqPp0(@8dQp9#}q4b53T|$=&PS*u}IbJ`GO^8UM4e082XTQ}xPgVffJdu)@R8u|nr zO_w>*yi(p?`JaKn!H{;LS}w83%<7zlYH#K5Da8cN4lCMM&|LiPLc$qY`MGKz76*x6 z<=ZiNf=rUaidhbgl3TZL;x*dGXYWy18EJfY-}y%(3lHgs^%w7`F!*;_)PKK>94~vu z;x3JQdrEh1ZRGmoAol;nd9Rt7@!MP`yYf$&*Zk+d^c`K6ueYp@-P(1+UGT++Z@UG! ze*Bg=z4^>i_mvsp-1m%2-H%z@{i}M+-Bc7Z^P|M6FA`sFNIu`c+biYK_WK4x0PWFD AjsO4v literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt b/pki/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..2f64a74e135563594b0d369d826403970bbcd314 GIT binary patch literal 901 zcmXqLVs12OV#-{=%*4pV#2911%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!ns0&7xIb4n7OgM1X69gPf{7?qGcz{twL+{DPw02Jq9 zYGPz$_}Nyi)irkxr)aSyA4?gl?aNiG?f8TWoHnOjFFVYaWtk|Jd&v3A1Hn3`?zHLXXLo&Fxa*4U`hXcV{pVh-IDNX%)jX$2p50$9q}onVz;tU#Ra^MhhQ-1A z_O00>KK0c0?I+SW&%Liaa8_2}vTEQj)qe~nZD&N*?zzvI^do2cpBMd4Ufysolyb-_ zx^H&=vlUB4nq@-d*DBpuQNf1ZGhfWhBR)5<>dM^q5ni-H_VJgZI+jHZPsQdK^a^x# z8K=#i{>fl(V`}AM%{TLYeGX606mm&xu$+AC+J$FjrbRE_$Q(PcWPcW4JX>`%i-XLI z?o$jFg*D4Q6r5|=&&15gz__@^pvpiV7)!FsED{D{4I)o!<1fZcZR5~kUAM1vTk7(g zu`ANR@hr>7BE}+8bK~1SW}kECx7#n2+--FB>M-2Et`uQ0d|Ff_FQx2PfIEb&n zB4EI0z{AFs(B{FI3KTbBG~fqG2!j-|8ZZMXtW3bRuOg-jOz{Qt~4d>aM8TOC`Rc{xaT&(xlmiw@i0`Lt#2rFJP(o0O$* zKeEaD=&DGsn5fjqa`5s|!HFl@T@rHENLtBtI`kY@Xxp|e{nPUGx&@pEjh#Hztz{l~ zKjIPIzEJ!Ie_SRj_lcL6r@2{vi#xGM{n&~1l|O8qzPnj)?^GUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!ns0&7xIb4n7OgM1X69gPi|7?qGcz{twL+{DPw02Jq9 zYGPz$xVj{~`^&s5i@plZS5!RTcx!UTB)_)crhi#~5BGmo_PuuGfFS>JSB@8*JpY@o zyfYW^JQmcx;%Jb;Tr*YksP`&9i(|{2$~K*J$eQ{f)Yti==CtV9Qto$dW#5~*?B%31 z4#B)`vB0v6Ru4O>3~axj>VNm?@6rPXCt7Ojmn;ieqI~k~ZH8ktFK3<;e7U8mX^Kxe z@1^p~wS{wc}1@f96 z-oG1RO@u>RE-w%uEqm>C%u7uOh68OQ@;NmiLf!a%G+h`et-!K7(a{*=|xXpP7d19WRkzu zV`q+!MCVkyg|)`BcdriJT{>%-!I=wOFH@iFTu?RZq6+V0uMdsf^-pGAe8c>xw|&;y zX>~8H+~W>Of4=3@y!vDN$6baV7dg83tg=b`?YcJ38=F!)mfo-uE-U%J z<4rGvwp`3KiHsVXulv65J@oLw#JSaVKTFrghsMTOu1`JhvG0{BkGp{4W|^y}&dj{T zxQzF4SJBrH6O|nd&0?M@V(~L`!_Owm?>hE}U2t~2-ZXLfUEhz^O8=R)xo*n-YX?*T DZ$w~Z literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt b/pki/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..7cd82a4363c5af9eab44debf5723fdd9f6cb0487 GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!i80E6myJ`a&7QEtA}sfU7}vpV=_hMEIXCuQD2Uz_pDh~wtt2egHJQCU?zlkD`k$4v-v2dt zv)8FAz0;9*@vJG2g&gnIf84kHnQ4ch`mJATovh_icP1`;>l*gBqun6J6m{UB4^ng1Qi@pfCC_fFVwPW00cxvUbNJzx4hyvF)TRR;3F;FMKn zkuVTz5P4D?e=%li8;1_-x_zbFQkUP1U6BTkcUe9bF&2?87G8 zxK_V}@&1O_zUr*@Ps;4}${h(8ey+&PKBu$)$Hw|~`#5fjIqh$={a~;^d*!9tiCQ|h z)Q^}5PLa&{Wwgd{OCZ1WvV>23Z)5#l-d+6az^Ul2<5_X4)8+3}TgJ92?SHACB{2VA zk(IH-B_%dR^nf3BUfed_FM8(5QLWwDrq=OTOA7_Off&rrwoL zGq{55yGo?Z4L+^l*EDxgXqDCDK3a72NgsRC-P6G-)3bJbds&t7e_>+F?#+^mO4qMA WyVG#$OHr1Tl37M^vRNe`8uI~7wOQ!^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/distributionPoint1CACert.crt b/pki/testdata/nist-pkits/certs/distributionPoint1CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..23250812d93bea78c4fb47d628c1e0fb35f43120 GIT binary patch literal 910 zcmXqLV(v0%Vk%m|%*4pV#OP(f%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0|Sul^7~G zI~p`GDk1xXk(GhDiIJZHD9**y#K_2SkT+TL!s~^0YHX%Q-muKe%#42`>v5A?Q9HZi z^6l@>w><3lwV;WE=M&$*s<*Q@rNn>YmHoLSL5IP&>Do@^i_@&vZo87jx#HIAggeD7 zp|><5CkTf=`JK0Y@dm+j;#Hk0-}hPwXR)4~^ZTu!Tbga-mo|%YOo@C49fO*^qo;p= z^3gS|#@a$muep2wNe9-J3IF_GUVrNJmcwZd&-JBCoVD^}KfJ%1^;#}-nUCI|slgTE zJ}YjX5Esth9{+cn&fFLOZgNVu@~jg3wJP+U)jl(!pt)Z*>OPzGg*9vA0EXq{kN^jB8z{we%j^l@{M1%M{FNg%dJ;c_tr8oGcqtPt}&=GkOzjNtTKy) zfmnmcliK);F;m+(bXeEzE8Uj5{ATQmG;oB=^0A1qhzJ@K@9iznXu6bt{*w9Iv#*sW z-hOYu2hz{a$oQXy1(<}`48%cv1r`AVJ_8;$u7oxZ##ErV0iyvwNJ1E-kkx=0NFm1$ zFr@+Ghmm2`N3(Wrf#WaSR#&PU&0u=F?%m`<`Q25o+AS{MJlb4yZGlLR(DHmofu*UI zYgYbHiwz9RS#`FlOZ)Htx3^4}@$8L~nyC8giBrYTe??1ppY*r}IGJSrPnU}P#jxp3 z-?c}!{?lHyZC@Z0mAdNljh3wzFQ-0Xi=Vb`*OHp4f2I|7-Q9Hddhy Xg@b=H*PSx{82Tb@YrUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0|Sul^7{F zI~p`GDk1xXk(GhDiIJZHD9**y#K_37#Y{);g@V22bGDyv?#R~6{ra@=xm$=BhvEXg zq;?InkLGb{fB$l8cJNNPJ@wx9*y)T<+}TX(4sH0-fzS`RXM(?MgSJ?5QhNJ`!G&dEZt%ZF+OL_3^19+m_#xR?c3ju}I;~ zqh0E`hdv+a;Fq+zB(ZJ#R~G#vu0j>gWvegB20Z(=?97Fx>djn>&%aM}J^W;)XGh{S zxAV)lSqT`vOl$aYDcLLOpym5I4*s@3rygB@IMajqVl@*pBLm~&8iOhWd0;roDziu! zh&6~jsg1uFGqsIFhjrb)(ru~BZ^o`j14pR&slDcH>Qdyu^U+Ftph5c$`J zy%94jGI`m$dIZGoS1ezBezMY(lGNIyvef#^n|OaEZD^mhF(x=6!>i@w_pYr!OrJ{B zUunzE=Ks8zYs&s<7bYo1RZg19tzlDYRABRc{)F$P*MjGsWU;YM+k8zRb-kY8`8cWH zqOM;Wo&;F$Uyw8NSykZ8vT6Tb-z;l+wS7iT{qtGf^ObT=?kxDud&RkW7K^yVKet-V UML7+peA#VyXVe`2(wE=`06ZI9wg3PC literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..046deefaec87e8b260943886eaf9a534281e0e1f GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#28}0%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K30Wz>0dO1&`_k+08?O&+nXYssCoE z;3cD=l7`fMf!C%PpO~TbIqGP-;$lakO@3mb#_jo0jt)i^g=|+|%%5n`d8H>LWE00k zxo^+YVrpJ~5ENPeEx7AW;68=yYoDhG-(_NEWMEueV^C!v4-7$BWfoviHi$f_jlUQ( zwT(lEb=|(wZK=y|#;!;MN3|>;ix`WD>W}q*)^A%WC0*%#`*eyu8>Px7MYNl$Klz7!+d@Fsq3*X+4% z6W=a=>ix4!dQ))YnLN(-oL$d46mm;TYJNC>@>$}sY|q34GSzk8dju4HCw${O`nd07 z@JjRDwjM%ZUn_m46eV!6Hf?t>($w^e{kSpZY0M858{WNJey>}(?)QR-KfdkX6nP_^ zRy!-LxEER(SX)|W<#)q#z5lcFj783QuY;bq96jV$`XO{mt=%>Gc}8;nJgWloWIQeQ KyT0qWPy_%haa5lG literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..de9a0be510efb643e22d5d712171375f8abc485d GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#29M8%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K3>4BR(?B9Rlf9CNuOkZWzeK-EqI|I(FyLoj+hp5qxh4ueGFWAex_ph?7%M!nW z(~C>rn)81DZxQzA!h?A6#;*-)YEq7`Xgj#5p_=1WZt82LAP4ggEE=t`k^-j^=8N@6 zOZP4Aims4d`Sg$}gZBB9jL`h!HY~OQ((SW99(Xl-4ws0+1@G)unc)W%9*A6H)B_%fumZMk420{q(k}P=FOjS{u!>^*PXb^dQv;bXm>3_Npw*e1B)hJC?>{A%x{Z&en;73_A2Xe}JO21Y7k% z2Dj-7$}A;i-27*^pXy#~Z|ur3r8Q;+x0Z;e;i4pN&zehe?8@u)Li(F_)-3H;?Md#4 zcAT((7TY_n*MIWP1Wz~XRKDY2Tlyl*YU`zUyEYb`pY7wKK8ttngsMZW+m~<&@lCPK zzjYckSmZR%)*b8g8y}-}P+nX_xpXY0Mtq4(x0x zR%SW%($aK+bC}BJ8GP%sdE&1{z4>aA^>yQcKkLrsdy6Ownpi*g*;u2jW0uUZVa|!! NN1kgM-0M`(0|5VmR4xDj literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..03bb3eb2da91023c0267415b2c20535445090165 GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#29A4%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K3_fw_s1p8+V&#ni;e$Z(@qyV6hNv~_i%`Wx$c&%#bG_g~h=)w}(}YH{|A;(W*S z;yvc7=PQkCn^Yq8-*{YH{$F%zQ1*54x64#`+OJ&~a1ywn6(zPh=cyH!kV|M}^hu%g zwNh^aKXO@lKX|s`z~_G-zr3;i*L0pOVGWz+GCKK@ z?;w-s-7os)+?bxejL&5H%M0Q%6Pfrrm%O~n#LURRxVXlk%0M0%g0jjiz@Tgpc~TpH zF=lEThYstyeWlw{m*0$Ckp_-xSw0pq77>rhA+<+x4gTwfyB4b4_hFsy#h`1z2hz{a z$oQXy1(>e+Or%UohE?RpLap|{T%XsyiHmNLINHQ~zGlr+ zt&g`Ze=TsB(+$<$iUFhP{KeAq<~wPKQk{SvnVyW#5u@E!P(K+ zKu(<3(7?bD2rY~a3=E>gd5sMWjf`PjgCG)ZQZi70*d&Q&lR|Qkk7sdlX=;%{6QdHc zhZtEIn41{+8GzzkOihf83`d0cpItw^Wa-AV#skl8S-mW&b5LOWaw~G8*Cpx1X?gFQ zsv|zR2^>3CZKnO*!r}tc`J3z6lr>m*Zg050C+*b-?MvE+67Q{G z?wmJ#Yb*=D{bsdUerew)AtlkviRzkPBqFRc+bK!=kfy+5A^D?Txv0 z?h$WZhRk`HQ?u4s*fV5*x^47(r}wW}l1(Avj_-L_U+`J9z-#Tp=4~GelD>BIik~YM z%Q^G=X|YL)+_5Va|1QKCF&wBgJ6Le9{E}(Qlg(GJ+=}JI^{3>vQ*$OA)DR+$ADfej)a zlS68cBgiyC8Z=q(L}| zagQ^V8S)x%1C3{47G?paJ458i2c~9VN$&;+iZLCyV;dxjx>1Hbe?q7nx-bFfAT}~goP@V)tNUv ztXL%HM3t>yl`ik-*y+o0Nb*0ggsuPd{$q-Z?I*IY+;ly1XMxJIqRqmsLOQEY?loCH zagkeko5gFJkcOu-Gg>=m;5%e&@z0RRwDZomKl literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..f1cb26b375bc0be054f41653d15200436ccfbee7 GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#29YC%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K3_fw_s1p8+V&#ni;e$Z$xeAas9l#Pph3-gBSTuhiFk=PsCXkdGq6D#rF-GH?R7xT@TqadK!qJn?>>QrxA6w9ZK$@7>MW%rBjAIj7_7 zG->Xl@ZDd-EZUe>S!j1mV~cRPb>*IRhm7kjwF~_djgHFI+fL5r$(d@@=)W&H*Vb6~ zTvx&BS%;P=1)9uLkMby=oWgdzT)AWF`;|=0j0}v6YYeIksC%f_kI=F#?@mywa1mBGNnklTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlrRtjDc~07&&*57EJ{r-aSrlPaCS5? zkQ3)MG%zp(LJMO91A{1WUSk78BV!oXAc#bplnfLgHc6t{q>vos<5^r>np$Mg#HfVq zAx2gP<|amd2B0_>QxhX2!``Eh*KL_O@Ao-Ri<~R^jDav#oclJ!o-iU z=F$~^4lIn`*FD=)%5{F6{j!xd;i^;I%vbeis(U_@{hQ?R@L$TClo#I`{+>GA!O#1y zNkQU9*91n70)ORSK~e#&#s2dWUwY478jvLS=Gv-fXG3C_-1*l2;NPN&9wp~Q=k*-d?347-zNGPN3S`)%x}^e%H$zH5j!y^kRM%mN%uGyz7x9ccDgV!?Q!n zRL!2hx4vyNFJ|6M&b>AhW@$az{c-s$hO`8~u!izl9X};c^P@X-Bm_MI4bHn#8k(NXM=lwb-l_{n4ieF@z>6-pEH?F(AyEbL+WrG_F-Ii^6 zv6w|S(%RzY-|r?Gdu$_DE-jiMyFtn(vfM|gq|P_?;?3pDma)mqTHvbo_TLJVr5tB KS(;LP@ihQdE|tCj literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c4f9f17874606dc83d1c86f797e561aa76519dd8 GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#28_~%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K3_fw_s1p8+V&#ni;e$Z%n~$ef985BELqiaMvaPxxQ*oBPL%AASlyc+caau6Sp7 z$(w>q-%E3rG0m9lW4u{-8voo$no&D{Z}*KAU%6kovGn|pw96qyPhRf1yx79IP2S?> z!OA(|r_+9AzOHHE35?3&TpGU1^T@ii{qHY16v?!nZeV+vSHhkJY~O0`tmtFQx7|@iJi2~XA#3$KXv8v z2kc5Wp3#vqTv70T-GR-%Dd$6;l$?GbzWZO$#P9a24is-Kpo{+cBsHLetB=7h7dyN-b3ZAqtWnyMzU|d{dP-P$w3_)3C7GO{|h&-u{ zzZf&MjYEfZ-M-RosmpK1u1Et%wJaZt7>h{b_f>m6N+TOKoWHLuG55w~w z{EUqMSy+IHhs{77#8+SuFyJ%bVdF|@^I%K`iW@K*@Pj0TK?+$7n1K{>`~cG!Fn$;r zI?rvF{`T+Wm*Z^LXSW{PRY( zf7iD^F;&=jW7-X)y5PQt7HcNN?E9Rm@S`Cq$Ez{(i3$hMT%TEp49nQ0Gi=o06P5-?jTU{O=HsW?UaL=kvXGi=UgFO#V z?b-F!^~3&&)~CDT9{)J$=EIusE6m_kli#_;%6Il({I=rzj1Aq60ijV0=iUcDT74jk zeO}kzM0j8+~hSkLSz2s+U6ZTaN6y$oezc@$!|n!?qUP PX5I%?Zu%L$`MMqeEe>Kj literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt b/pki/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..46443aab941682033e3bf50d0b6c603aa967d238 GIT binary patch literal 904 zcmXqLVs0^LV#-;-%*4pV#29J7%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=K3xbus_*q{wsyBvz`=Auexn3zpv}b+er~Br=H}p!a+b)>i zUC8sc>1}_oSIzk{i|r!X?Gh|G>^4!K({;nnyK}9nZxrA6LMKd~@11F}zP_X1&ZQDx z3MN1Ic(O5-bI!?d^AtvRuAh8Qde-sPxv{YIO%84N*krl&!L{qApSuUB+=n;i0T?%w7_n+#4GysbKHEMaGQ{Yc@7m5m3Bm^#lnXCGYnE37?UV)N_O zFT(yjtGv5mSIYCo-rfCQ6Bbm;Je(~0RIfnvWBStRs|+-D-}v?Ukj<($3zo14-RPNk zr_R;UVZ+@UJ8rM~bN+=wt-ZU^*{N@93YnN085kGW7*rX^14B?&nFSb>4I)o!<1fZc zZR5~kUAM1vTk7(gu`ANRQ7y~IBE}*je^Q~BdvT6#xxer|r!U;w?rD`78t{Si^D{F3 zXJG**9ySAU5MO~sz<|$yhm9+t&4V!&C~m-Lzz>oT1}S7UUWA3Ymg3D&iKkxc{)wFiQJWGica;KShzIHXN=Y5sRz9z;bq>G)Wz4cVwoi*B@ zxFdEE3+IL$%)imO#AflXPnG+;UH>1;xU1)y_hI$z!)I=Nei-nki)n*!YE>L> z=->0_csDG4m!`vQ)d}wa>#=X^B?! L@83-BI{OU)@%>mP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..cf3611025edc9692e7b233366569673d91e347c1 GIT binary patch literal 940 zcmXqLVqRg;#57?6GZP~d6Qi{OFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj178xYku{KpSR;~|mywy2S>l*i8IYfonOte0;OuD7 z#HfVq5k^)9<|amd2B0_>QxhX2!=b#3GZtr^x$1cBRUZG>!xOGZR@Z(Bd*rl-xpvi6 z=^1YrIe9x~>mIwE?YG#&WaC}dDb{O>oUh#6el>c2MD~;kap4zMm*~B{x%#2b^LV8X zJ&q}=Z^{!Q_Ft6fF7r9`Kh5itrodL;&bq>w3!`a`1&^!Gb01z;>KA9jnfU}fdMJ2%pzeR z)*$kvHvVGF)HV(s)^+8M`749OJTlEMhDo5(^eoW&O{Z+uEdZ_OM#(kNsWd zYzBNF{rrrK|5;doX^7209K=^(5isC0;9=uRX!Br91&SLm8t{W8gh2{f4VZxxP#P$p z0^&6=G63TX$TI^;1C@ig$mtLmeT)nV44a&Dl5YQqTGo~O_K@9ykHu;?zg6m-wSSp% zQd09{*jv%OCHE)sGkU)Bes+ibZqt0H4+m9GoHRgyc;|8^AQ-CVI$L_gtTuei>^riCjz8hIO&I1ipPlQn#qk+(hh zcW7}f&z+3&|KBoZnWjeZmf7r*sQg-f?C)g%-(8Q*zAu};d9LD`#iyB)B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj178xYku{KpSR;~|mywy2S>l*i8IYfonOte8;OuD7 z#HfVq5k^)9<|amd2B0_>QxhX2!)t?l$>}j64)XtJr$~e!og*4F>xJ46eVbze>%Ue1 za?-i)5@@@tP{D{{OS~yxWkdYNfWyDe>-TKkH9bnA{J$*w$;a=NPyd`%v(11v-}%{7 zJ`efbzCYK$_#BkDaqnz3pS`^rT}K!Cwj|!X^k|J_TlzK4ow1gym`;R7#Fl-%b*J0x z_y3PUz7NzVS@}C%`x3N7wO8fd&LUY}&ud;!^;L>DPg%b~MZj^oh(PcK)_CPhRYr$( z3XMWM3@UjS{P}fcvOp$RyalWJ^us&+PQKdoF`t=J(pSFwc6Td_$GP;AH`w!LY>k*< z9lK`YrhnW?S7trV)2rw`e&gZ(so(5g+;min^{-}PW@KPo+&Igiak_y#Fd$`>StJa^ z8bqGd#$Sw?+Qy;7x^7?Tw$$Y}V^^esV_cSxMT|w{#^>`as(275g{WslOv#7g8V)a*{ z%_SFC1w@9Xao=L<6ESFuian!u)78CG!7W*{prmkzUp!B7tcOVb;wwq-|GOx>xWYVD ztVd1d?QxC;CFXl0xi(D;23xi`vOfjB3~CTlwCI=|w8gcwaqstU6;F4Z2m=7b9#(V! literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..6512e9d2e9c981f0473f264cd2240a2ebe5d41bf GIT binary patch literal 917 zcmXqLVxDNw#8kO}nTe5!iILfWmyJ`a&7 zBf}xFxAN*DFZZ=A{dRv@^w;lJhm2nbO-sG3HzCI;J*#cb(@eEHHy88BEl;Z7^Q`Cu z%k~PTlRpeC*WEf45czas+u@5#e4f1iuFL)FKWiMLQrXgnrjxGnmsYdkqc3vS}vfrzB@{-W2Y-^{**zP&5cIHd# z;VHV}uay#3KfKr{`_5|n4QeJ$ z4{j>o{pVsorKaBMXMV##np#IM(fOB-eiSxsPj#bjZSto}Y^T0@NOl|@(BH;ByM;a_0Y=PaX^<{@{C z>9{(_v4VbE$1%IWM>G98MIdpN}6t}Lb`OVdboAf(p2GuSPuy@|aX%--N|L}#9 zBq_!^J{9{%DbpJM6|hAl223^lgG(iUtzz~`nU>lg$h*AeL90>G8AAZE237R{ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..42e00344afc25505e87ba1d008b04711c0356ab3 GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iILfWmyJ`a&7Bf}(zu=dxXAKyHlJzd+5zhS1J+zIZh^W<)wiBC>=v9e^Z=Q56$No>=PN(C-m zcO%{9@F@kq-jhL_Jnnuw%qo=gb7AWqkz0O-f1Muv5m4$8_I8znuQqsh8>6AO33nr4B?XPx(oA9$XbVy5>>*w5gX_2F}Kjcy(4n$y)a z;oL8`WyZ6tX{QtLV%rl#m4ttkK%{J3K+v~k5TmHMI=1g$=ba^4;ly5w% zKN~c^+@s8_`cUlgw1cMIOw5c7jEl<*O2DxvtIQ%{Al4w#!+Pg_UCQmGeYd>>Q+l$} zZp18J432+UJ{B<+k&|cae?@;-cRS|UDY$Mukt)Svp+ZPdB5V* z4#E5>7vrwpY2Z=u*-_Q&`0ihxta>5m{~eoEJ}tdawRUsJtfsAnQl(r1pLX&|RB0`~ zKJhC5x8>#|C=a7j;^@b4hYG}a@F>UyUqR;3F6VE$9JDKp~O^zb=avWp*X{}HLz|Cd|r zntY|_=dN#dx3(-_-?X$V+0(7!%bqW{I8HL&Z`*p~_Us??S$sMYYRY3CpNsMfJIOk2 w_fxg^!O^cK*c~uW*)froE%}O~VsPZosC%f_kI=F#?@mywa1mBGN*klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlr@kBDPR^B$;`{hOv)^A%&QE@&&f=# zG*obQG>{YLH8e0V1VRgA0|SF7ab9BsLnC7t*C3EY>l6*-A=XJ?T31|}O z>?uZ82IeM4eg>d87gG}>Bg4rU2B}o;)WWN2lQ(DFoN<2D^;8ATsciq8ZudTp3R(3h z_O4XYdgYGPVtH@1WhG~I_w|L=Rmjc%q&#n%X5{B%Z1NguS2=Dkxvtw4C26?+>()>Nz1vA(~133D;tArytBB+3;749A9=jIGdFVkp6=Iy^7Tg@C(af+ zlV9k0O3m6pijC1Hdb6S^^Ka$(DOo!VPqV!@Z_#|hSu3_v$LM_2g)2+GOnA0VGUiLV z#J>YEn%;KGzSlOhRxk@07Oa{bxJdi+$(kSioUsND)lX{{D;%vn@$8-6FYW62Y55Fq zR~?yUb>vlV>C=_Dtk*Z3b2&0A(f*LE^a4pHW=00a#bpL1;GmRMW|1%uYY@4yY@Ygb z!NYx5Bo(hK?3wd+VfClW;JBCNV-aH!DOqqe;-+@+CG8DoV+)Th-0!^ngs1@@Fe+sE z85#exumDpNn*l$FFAU z-*riJ{_3x;m$?rquK)3+Xp_L%Q+w_)G)|n!6SS?@>h#@5v+jvsixu0=vuwfJmlK8j z@Ap)dba~zjB`$n*-OGD$HaHeRAA^Z?V9EqdgxjKI%m+)UbDA+;?gB z;-?!X7FKoZe`GniO?NKK2DWv{8mr3xEXx11LeNxM_Un2M$B!97d)uq^oMop>o%Y0g zyVByt7HKE4JJW7={cqkmY0|~uwUed3Jy@I(5o;7*x+?MUj-zS+kHuY7`FQ=vrl8|n zR!H5G(|Ph@!u}ra6%f_kI=F#?@mywa1mBGN*klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kWlr@kBDPR^B$;`{hOv)^A%&QE@&&f=# zG*obQG>{YLH8e0V1VRgA0|SF7ab9BsLnC7t*C3EY>l6*-A=XJ?T31|}O z>?uZ82IeM4eg>d87gG}>Bg1v3nR$x#r;fbHzIY(qFtH;dr2ovvo1ZQ|)TvAI%e-)R zX^mbnUjp7qx-@v^7t|Ll*98~ezVsci@dU7*%1Q=jxDhsE1H)6zw~C}gCC~*0@q(i zwte^Ad1l+H>$L}C6;dus-R4R+&+OcK%d_~RMR8xP*Z1s8&+GN&os4qVKD0jAyWn~2 z%c;(jpZA*TDrSrS+u_=^0A1qi1e`DxnGxZJ89o-@4%Fvth5_3ix(U40i!~e zpONuD3kxtcu^I4#_`)DQs{u2RG7tm_D6nuDa2T+$u>hG2$T0&N{4KMs87e6=pX%ao=%mDc@U`POjLs z`dB#@q1}u(SK7R3m2LhueVwGl*H2vLTZ57>*{)u9U`NE<_%O*#>sGdz)AHMs`93;% z1RoBv()px0d!O4^_x0Y_RVFN%sgaeim>M)O zDk1xek(GhDiIJZHD9**y#K_37J67QT_S7kDcliQdI9A+#vF&c)ti9U7o`F*(wM9ON zKT40pyex3wtp}Q}==I>J4@ciGtB|Fl(lQz|S5i468|Jb=xn|H<}yNh<4%q25VAKRV$ zH?sPBYTw#b{abHO`D$)>p6Ajd*5m2^-%dy8F@0rXW@KPo+}LB#*l8dS3{P2Q76}8f z29X=f=BZB?JluChQt`UNo;hz9R)4w-P5`oeEMhDooh%_GYzdpcGvqBu>=XUHFNldv z&43T2pP!NOKMM;mNwFD-gZK(80tS2rJZxMEZ61uNKyd>`1AdT%Fi0V*0W**S#t=}z z3?u+lz=|AUz=Q~lFh&NY(|R9s9vtBOHbvpRGk>1d>+?S&=alyDUcTYly1w_H^P1oA z2i{>V-L%|;Q~c4^$NJhkw*6{ z^Gc`vUVbN9;>6iQ#kW|x!Vi{gisbIE<@O2Ydi_cs6b6n~Ft zJ-Oj&?q+t%O1@S?dm`6Q?zg?=w^9lNFaESEa=sjVX4>{?O!IkrBUMWdILU%)%0xc^R2WnI(>Sl>zxVnaP!g z3dN;K&W=U~a^k#(1_p*eXklz%U=StFYiwX>WDMgPgpg>Zih&ZuN@=WCLTzngR6_O} zBP#=Q6C*!^K@%evQxhX2!v?9RH}-Du>%GE!SoKt6cigUyheoY8mIXYiiAuWQ5Wkt> zDpNQ61Bu;}dHtLj)z)PnUQsG^yVU7aV`Em$^P{56zuK0oFekTdP%6Bc@7-}?AWSqqw!B%$d(_$CU)P`2FHRJneAYGRkiheok@L+fHMZQCeUwMkSmw_1u0t#Se!V4? zp7w+zPGakgTLp7OKcC<2EZZm(CjMv9GGo_DMq~Y(2EuQu7Tz{6zrJ!xQ8Huf>g~B5 zaj}yP_s&)b?3nW-pw!hvOzHhnSFhH?GfUj6qJusKKE06j{)}#NeWp{1A6Kr{@85iu z3CA`r_;~W2(!7nox+jMJ^Eg?=)V#OWZ9_2=Gb01z;xdC0a0JRKvq%_-HHh@E-nn0w zayx0?ZSTO8o~*PRF^d<2lYlHAix`WDVC{i9U1dK#jlVBx^zJh#oofA}!+;MM8?yY2 zjQ?3!fQgFDfFHyc2Ju-9n1PgmAV@%gh0B1$fQ^j>$Yel{8DOdd#tb9F=C$WHC~!J{ zTvMWAFsfL5W6rsYGZr-!_H0kR`fS6=%iqpMX085kb4JzCl|MEn&UTbGnIZ75;+XEK HDN^?U2A61= literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..fc9b42329920c2e51f653146aee2994c1527470a GIT binary patch literal 940 zcmXqLVqRg;#57?6GZP~d6QivGFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj178xYku{KpSR;~|mywy2S>l*i8IYfonOteA;OuD7 z#HfVq5k^)9<|amd2B0_>QxhX2!(9(v^<~o9?`A|S5Y>C`%iVwA`@B-Nx26iO6awFG z5x;a||F#SEaxeB+%#`6ve!F@5UfHC-fkzw8WbfLLb~5#*!n*iGC#}?bX-_B2o+&Gj()wI<^&H;u)dn_Q>a6g)aA)2yJZ`qb*$ys0tk*KuxsdcDg-c)#Dg`c3Ee zJapB~XMF!s=u4l3)b4vT7&RihxepsC9G+)wETj0vEq+z zn{$@H$F!c92Kg^1oyDa?ALs<___FbDb-Yn_+047zwH{@ACwcCkzUI}boQa>-v9K}i p?42lnI&=Rvsr&pUQuDv;-_rH!%)}Raj+FmleWIM3#Az}?69CYcVkQ6p literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..11ceeb78cc9c157ba47f1850ea675598dcb13ca1 GIT binary patch literal 937 zcmXqLVqR*{#MHZhnTe5!iILHOmyJ`a&78 z7+D#Zn;7{SfZ|+CO^l2TJD;x&yQAxLGvnFLzP8P!(f5;nbf^D$!y{iW`TNWUwNL(* zwW7y0Z5OyFoI0p%KjU`A>c87oo;aYv-O~2&SbB!)jMr7Od*Twk_Py+{a?-mHw(ju( znc&|_dW#+Ba-F;sGC%U5o~BsPnTox}hEvo#N+O!`nwG#c%`|#c*)P*QnQ|h@p;c#wNuzFQE7AOs@Uo;YTSyi zJ8C_Y>@M!OcgQke+3e+-Kfdgm=45K-w(x3K{jA;{?wo}o{Hj;J{rmo8_QzSiKU0$T zv`suab-lNPYNe9*8kK8N$21O|ILmV>H|91IGb01z;>I3>#!dryU|7m3vq%_-HHaKg zYkZ!0ZEnqny;tY13g%1wIp;JNIPzurSj1RFa%QgF#`=0+fv1^I#4M#3A|0*zw+;9} z`uQ0d|Ff_FlM|bPIEb&nB4EI0z{AFs(B{FI3KTbBG~fqG2!j-|8ZZMXUJ_ z1?Y(o7-5VIMZ`t-902fDX}{0&#TsbvMcY4TR%gY z{<@>jueouZ3T+XUViV}y;xqTx1?9;Jagz^()U_RdQqabILw&JiO$1HX@v3jRB WB+p-U-t@@aEyo_QItk4Af{Y)935ktceh; z+8?sSb-Ieyi@QBa#}BVsaa8S{#S*9c&+Hf1-kl&{zP|xfsHh<*nWUqAD0AGC)?@oob<%M!T(Q@ zo=7w6vp4rzkFsrUxDv~2aFl(``nL=r>deMdN;&0&?xwY=y7=tSRC3-rt@4Ndzrz=u&_klCPfhjp!d;&-F*7nSF0L`CGLQ!brmQlHgn?LtNY2ca z+gM-kEATY)iI}DILZqWr|28-Q$nvp>v4|KxwEvTo*N}R4Wu*Xvc3x-H3)aI1d?5Y& zjEw(TSb#~2%|IN)S6~q^;4|Q1<4S1rU`z#y8!#I1gCvAO3Rw-9ffRE508<_?ei#{I z{5PiUy7n)@Mtf#&9FzUD74Fx~-8ru}vwdyS(5PG~9pS5}t=C>UBfDru?yo5;DvH-` zT&Awzxoyh1GZuRK=YEG8ns47{f8L*`;;~}aot_}qZu70_Yl>7HRIi_0(@+>RgKzJ$ z%chsi{_jxwuv{fl=+LrWsZOa!!AH0F*zoY*bP+h>dDC%0PPdw{w9zNIO;dAx-v}5P zX7L?AC{VpI@$3G@&+Z=hSXN^B?sTc$Szi4qH9@Vbn!jE9xA2|n=Uu1RnM?H(IgTiE z&wP8$n5XrK@4m-px$kc5U8WFZAa|?(A-P literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt b/pki/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt new file mode 100644 index 0000000000000000000000000000000000000000..2c8fd4f6d125298052ef3a02be336a70f2f4deb0 GIT binary patch literal 921 zcmXqLVxDTy#8kV0nTe5!iILHOmyJ`a&7xVs?JC|6?{}-@P*?zxqp?C7C`AG?JC!=24eR*F|?19Cr@w+Iaq{ zj}l|&EoQd%_=UHMSxq>yn>lqn!&L>A9M*0LIlyXGVPoE^{Bq(_Rv*jlKH@iT&vj($ z(97)7T5HNB<$u9oUEgoBy~pM<<-akmTxr#sJ@Z_~ocM~(HjG!f&aT;Y-u&s(%(~rW z@z4If?s_2hzCT>d@=n9H*(xC`D|XH@^6^tR^>~u&#&G$JLsyGsZ)@aMd}>W{d@RVw z;Wwr0^hf_nW~0NmK8y6dz5VjQiodp(CR8LHI&0g(Taeq%#LURRxH#J&6C9PY$}AEF zVhtiC3$8}o)DFI+z2R(Z;jxALotK{w1t$hsJ{B<+kp*^fx!T-sxgYyGGS2;&yp`eZ z!AS;uz<816XJq`(!otkN^1(nH#8+SuFyJ%bVdF|@^I%K`COZT4LrD5-@L~6)5}c~C$FCUU-rh@^XArK(Oc&n zsIO~#@??`%ote%D-AzmP#osqnnNq=EsKYEO+|};kGnen(E>)N4)l;-i_{tv;I-{AB zvu0`8rPL@Vqg8+22uz$ZCuQ19n{YYKs$VZuq;Bt9op$NmwX4!n*~Z1`3g#D+7(APV z7>_>G3rb{udO38e&+@JIA4ROSPsVS}txlQi;E-;rY0}}#MHfjnTe5!iP7AEmyJ`a&7qE^tdYpf%g9X1ED6ZZ$xN>FO)MzL%u6>= zaCS6kVpKx*3?nN8a}y&!15licsfm%1;db?$!z>r>-mm;vJ0Uvp43iCan@LdYy@v~D z&G-{9ZL&f$f=j{m>4{|@Bo|~(J#ov*#BlmzzV}_hXWaP$4Bxc5f8DVu@x!{ZB@^x) zu4}rp>gL_U3>>RI>v4bR;)#(pZQZ{m?zHFcm)0xy@Uu&BR=qA;c#}!@LvJ?M%9a0j z-8#0!Fh|IhJLS=m`Qm9CKP&wFJmLSv-UxR2x9gi_RyxV=SGKVgzRagrDX!_t@?35; zNA>OV3GM1d-yAEmGA9+klj>3k5SqKpT;$UR`{yEmcXlXrPUp1voGh2vX{+5W@ITk> z-_lB%G{?$Fv&aiaEy9&<_%N!ozE~8WZZ7l!-JhA585tNCH%>HY>;ng;tTKy) zfmnmcliK);F;m+(bXeEzE8Uj5{ATQmG;plT^0A1qh(wsHu}^GCSo7|igWXc?KmVu8 z&b@8G2aF6^en!UsEG)ou#AYB4;w!KS81NbJuyG}{c`&8|#SIt@_(2lFAcd?3%s|RO z2qd5a65udkYhYw(WMn{&HDD41#u_6-%#q1PZ7(`(M7LG0Ncw-*ZRaYr!!OqC`DC54 zd$(Ci-g@VcP5-Ab6lRM#-T9qmQ|z~_ruOS4v6GwT?3mJ*?VmUMomPhAGSBet|FTgz z+j!0tvMruH=Ou&3UXg>l@-GPsyIhf+*w*W^yjH?qPW|OyrMt2YJYOy!X}C zot$-K2kX!BWj?pMOnG9$KCoIDmDjzSbuGkyeb~bN$`5S6vh89NHfk35K3&V$LHX${ zlT=ZGjU`)Rv_tu)IX^UfYMUNX=rl__@Y~+#MB(+$<$iUFhP|-jhq<~piA~P=|GbytqAU`KFxzabW zpdd3Z-9W+F(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!Ro2tyD2kf>Xw&b*Q=^ ziR&lV+*>#0V}7z+c>Owf3|QN4G)diRZRg>s*T*XHG2 z)vmR+UsC;0`>F1eSB0A+K6)po@7ePy{atMWSFzdQ)o&R&P9=*jHEz$~%$s*TwdxJu z+Ows6U0x@qJZx&7oaD9TTb{n8dtB^cflZqWue|G;xHez(25%^R=u@%!~|-iyN03G%f;1p{z2Cgn?Lt zNQAi>`^1)nHSfMT*e%um^MAVR+}q$pAj`)h#v<~6OL0?2K*oiVUR*r17;v)pav39 z1PRC(NEt{VD@I~7A;%;zl>%dukzrrTahFrBahyNb?Uso$oPDn2(0P5$S7+zT2Yk8d z^h#j1XH3|ezfPj;YEg#%YrgRox!d(_+7OX2eTwE;)d$bwtdgzPlur+_Jry8w`|9nR zxo5W}H+?=UHfR5-s+jo2+f+`xlYFxO-3g|ot*0;XDI9IQlr;I@lY%pmKPB>2l9dE@ zY+UO@Ol;fzh0=xM%3W*! zOCLPzHlsZG&+-ZW6&uw0lcqMeaQ1KEOZwxvCC)vI<;7z2mH+S^WZPaRCY(WmAs+UQj)!(6yZz>% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..5baaf35e0f1f8c36b2d683ea1310e8f67751c60d GIT binary patch literal 953 zcmXqLV%}=d#58vSGZP~d6QhLzFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgHRH!Q8iG8SR<2}mywy2SrU++lbKxUn^;hgnU`*; z5MXGe;OuD7#HfVqAx2gP<|amd2B0_>QxhX2!&l`w9}6E#F50-MkGDXnZBOpUdHzxJ zWxI}qeq&x!qt`ss!aLmHT%etI{?_b{%?ulkt-fI3#<_fV`MwRd%s*_E&C|Uc?iX?i z{@eYDL3y%nKHtN#vzui7ONth|<~gc7nX{htV)veD6|CX*VUMDYUO3TS6T)Ema&nG% z&&N)$&I&K{n5FxkJ^m)e7c0wne)YY5Ay;#LvfS#pzH9IOb*fSj1RFeADZC?^;T(f1!4d zkI|%JW2wNcB?f#T{rrrK|5;doX^G8%AH)|1@mUR+fs}y|NI(T7z+u4Fz{t?Z$Y`Jn z5>sH2GmtUhVdF|@^I%K`YBpd*;V~h{Auv$_5|Phi7rK%xlOLD3{K1XYEJk(Qn=>RU-6=rHR$#>n|HB6HTU1nxN@L)g~_uu zi3#Fs`(0R1O{lAIR{3&S_>1q(9_I~56b0lTm@WI2@@MOtgE=#_zgt}LWly{*%X##X zt$O1EmeUQM#;k8H9Nrf9E%QpocbSvBFS_nL(iL>%Ns{HZSx<$wesjO*baH{A+J%#z z9ByH|Jbrwcym{W&gs7`ha{o&HwK(3;Q2pNQQFK0)>9{WQcY{Z|E1ksWR^Jl}GW1%y uF0zt!!l$jZMpKUp&d+iaU!wk8rEbZ3+fB(+$<$iUFhP}M*gq<~piCNnQ1GbytqAU`KFxzabW zpdd3Z-B2OG&`81A(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!RP_t<^A4gIFt%+uGvN zB%sYrj7rFUWMpMvZerwT0E%-lH8COR$}PG5_R({*4;3{OxiLC-RavVVe*U&= zV+HrJ`iPK+l^+bNX0QLY>`$}j+KrR+mbPZIwcczinD=4!<3CHPk~Ss&JLI{<=4rMb z!x@p_R9VlcHPM+r7_DYFW}9j{_ay|2h7?5Z?*8$RkDImArbcY*vzQ%v9i3GxPA$8g z`>CgQ(uJ0G;rjk}#WE{6LYrosy{meD^_H$9*`43#~4o*S}D^$H!<=v9VO())H`HkmX|$V-Z=UHbpjtzm9cJY(g)4_@9EQ zX*tgg_(1yk85#exumF=6n*l$FFAUym zI>S2i7oRUnFwTFkT+whvolW-20*^jn+54Zk=aqyVy02-@dQ|p7&YMIHu~)6L)kVvn z_5Tj)dsU^hoz-m7dBy9B#d|F{6Yif0Tyi65iC{My$LZpwsU?aD1@o`Jd)50n#kpox z@-?RRs*5})lftea;Bu{b+_Bi_&6Jq`7vp|KOz1fi?Qwfew8!FEp05weFPU1w!?%g~ z)-4vEbw^Dc%}P{6&F3xTK?W@-M$&Yb^0$COi`M-vXN{1C7yZP_SYZUr^t{301HTTX8-^I literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..4ad9f1e174dd639b81beacd13ca3ab855cbdc92a GIT binary patch literal 973 zcmXqLVm@im#I$h%GZP~d5E<~YacZ@Bw0-AgWaMULFbFl|HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1}` zGV{_66#@*66r3Fm+GyLj zg{d1p`?M4)+soVteB1N$#M7s1W(j0E&%Z39-|<$c?p9HBqki(@pz<&Cx~KbzIfhOY z-BGmwG^s6Yi88CeZfK`Injn3@UBwn%<13|cZEZ6P>;BV=4l3JjsFho;`)GDmmdKX{e%nNy zOx1%9P8Qq3`C-M5Jul3^XL|@e-EcZP>A~xc%+(K)SRWj7Snlw^Blxf5!FP%o@s7fr zM=qq9+CLZF;rZ%~XU8syl`B=V-Y&hlyhU-{_VVCMheG2{eB&!IOxh#&=)GUuz2wus z#8$sZ4mdVx>cUs5J+r@i%s6nK_i~N-W}5}vvktzUysP=e+wJT77k^s+r;uwt``P~) hdw1Px>3#6}&z{>)Wn&#Lh(6G9*H-xJ^}` zGV{_66#@*66pBleoE;71#CZ)33=DzL!q~vTAWEFq*uc=p7{)b-CedbX15Jp{N_cIC zSl+~_gzQsBRtDxKMt%l^CPpr%CPqev$03esM}yMtSmwtbpK>DqP>$@2h5Pqd-maYa zQRMLY0Ds~46F&bB{^Fssq+2%lN3Lt>%5%Hs)S3OA{%e)Vk<$9DH|Jf9br9TB?z+38 zCdlW*v$*nanhPb`*TsKYWWL6A_LnwaHtSA5HXipyj}~A0dfTVDwg2x6{-`})QbU%x zEcA62bT<0+;L^fX%I9xM3Ml;LyC**J^UYUH%%=aNjJPlA-POo1^o}*z@YOKf|40kx zeQl@ja*LibdWI{y{;9jMQ;>__eERm5+ZS9`>#h5{#4y-O)#~BuZ67oXHE!^w9C`lh zQ`e5=g_gIL zh7!Ju27Dm>{EUqMSy+IHjLm=_#1{tfSq+$hlz}QpK!HWhK*oTFjVqzegE1AT(100* z#{y1RvWg&mG6qrx638l%*sRF$3QWPkcx7Y=Ry%*F@#(1_7c7=J`&vzYwb-EcNw4sR zkmJWVLaa(eqz>GS$fQ0-`Mv*j=pczL~o;nt7oAx7es)+j%iF>ymxY$aq ziU0p5AyDmtc=Jp7g}eI}^xMoxORal!MW*Gr|55(;+Z@=dG9C(BWGgP8WnHcpB&&Uh zHAgLf>E(jIbqzBV_J#+DO$jQyxAgb^?MdG!SxLkne)CW7)3rlZ4Q&r%_kHgDwrbAK zlqdaLO%I)U`jl(7&2;HKCf-6$GDQW?Lkt3EpStlZxYGOJwmA>3Iu`DGe*VjRZSU6_ qEw|Uiv}LvmrWPx+&gXPHxaF}$Zns;LZQthNJ+1=9X0vVzT?7DYL~(ck literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..b1e9ff8d06883a9c034880c4da3054cbb0fd4d2e GIT binary patch literal 1006 zcmXqLVt!@N#B^x^GZP~d6CB(+$<$iUFhP{%+Eq<~piIWsRKGbytqAU`KFxzabW zpdd3Z-B2OG&`6=UG|Ab~Gr-r>Ku(<3(7?bD2rY~a3=E>gd5sMWjf`PjgLo2c*Ei6G z*sg}xc7y|(7?qHH%*e{X+{DPwV9>shGov-x-EwelnXm!E~NR2pV1RyuyA+V)#f zyAKPpQKW%PdAmM z>bI-Axv$zHA%3#F)|7uP+fk3(&C+=q%sVtLmOb3Me`A50K;ZuM%2U&b(OV|0P20g_;ks+-t(LNu zDL?1TUgNiTTOIrKMn~O!d((`#73DR<(Lk@Z}F*7nSE^gdx(73@s z9vHN;$}AEFVhtj)Ea%JA+545O4}EFUd-v?Fa6@%4IBCf8v52vV2(?R_rhnM8aDmw_ z(G{AKZ>45O7Z~t?^z$<^{%2tUCN?$$eh^<6#Ah{N22uv9AOQsyIRhC39yYFoHV?*B zph5#i6dsd-8c3NUNS};>lz{}YN+dQja=ZdlGB92l8C1OU6@2Ekm@d+o{i4Ti=gVtH z??$TZiCD3>)0W*m@6oPT*PkC>KWW;t7hcvA_g&(=z?AlFbHW9~gcl3+KYVrGymN)Y z1iKkGvJE8ietcza5qKrRdV0zO4mDPem!HgP@~3W|%Xo?}(j@IduJziGb?KE7bKjZ$ z+k07j!*BB$D@($*%AM)kzuwZ-_Ik*JTEnt)t{TZp*$(%<;)-(}EcKPz+5Zl8~BA3S}QE@V2AS!JcOa@7M~ue6*uk3Y>Z+j_|9!Fn~e wKff%ZOnkgn@XL8y&Sd28-XoB4DY!!B#_L_KPCuSkbe%X{sbDMZ+L-FO)MzL%u6>^ z2ryJ|b~I>WR6_O-BP#=Q6C*zZP@IdYiII`va&eKw)R^e)Hut8=R+hin{`7_F+<-C&X?`t4jQxl8N_9+&(7XXO z+9rqhTX1eYl4Yyz&y0`A=q<9XFhowYvV#?1OIUn(EoN&G!b% z_4fsI%`577iv#6gOZr;0H+vgA}qF zFas$AA&`IyNPxqDt$~rDk&zKO)_|!H7;B6SBAwA`wJ`^}7RWVfE9eV*r>u#tiMe?~ zZmJ~DN`TH{@Na1&3dES=! z^#U`D(_X!tF820dT|?>WNvByiOq;Ad`DfLIhTi)s_Z`*NO|yKx(VVOL%B!T=MN%vq zk8R|St-kP&r)I_qkL2PbF4{BmQ)isrCh+l0XZ03y*`}jATo?Ga4!2g~d~=l+c^pj&i*g$xm*dwe5K}Kg6$&E#J25EJIPUV>wgC0pC~c(RvPC pNr|⋙hA6FR<#jv>V*tk&}F5Vzm6sB_ZiA7i^!tSNF%n&j7&ax literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..65155c7b5a037643975bf327eb5af00cff66486d GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!iILHOmyJ`a&7`9IZm1AosNn2qAScdiXkcIngcimI1_n{$yv7EGM#eBMjcjdVR6_P1BP#=Q6C*!^ zK@%evQxhX2!#+h3rd>z7j?M8`Td`+H?`k9dCD&K_aOmEtH5N$|t1t_RVsML>lQW#Q zyV-QV!>Up8aG3AhtudcD%w+S;hnsm)RbD6Q+B*wm{ zUv|-TkKg5tZ3z|CZT}4$c{Q3gyb(`RbleoH@#$TG@2kyAm04`pMQ(QIefaP9ylI*R zuNf9s{fvBb`qlpD$6qPG5Nr6i$lmy_z>%B-7bV%g&3mWnac`DSY4f%Tna=u~N)Mkb zp1a&YXDUO{^}BIC%u7uOh68OQ_UP*#~m!a%G+WZ$;Ado}B&7T)ZB zxTGPYS!1o&2S#uzkmX|$V-cBt#wqUl4^fxy&C>%X-OXXNR+PA5zz5RL&&c?ng$0$Bs8Au_=4>0)wLm5{Gs)wk0Uz;~^yIAg-3xO|mCx$sq zJF4NTap;|E^27xaKcDZsYJ5cb8}qvr@d5{0LQ~F8b;#0m-C}j#-yvx7<*onzIdi37 z-N5OZ%yZq{Jk~AaQOAx--+c{*ch{+LY|S%aN>Ywamvd=6!Q4|l)w0K2b_7mG1e~ksQw|Y*^wfULpl6cmj F2mp+0T(AHD literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ae1891624b9422d3bad407133bba7072186abd67 GIT binary patch literal 979 zcmXqLVm@!s#I$_@GZP~d6C<+$FB_*;n@8JsUPeZ4RtAG`Lv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP~AWkq<~piE;BD9GbytqAU`KFxzabW zpdd3Z-B2OGP@%Xq$=T6BPMp`!z`zg)EsPBe45Gw&jSUQqjA2~bS=_{^gzQO1RtDxK zMt%l^CPpr%CPqev)mzW~fBa39@5^c?qf2}*f6nz++_*30#WjU=-cCLv@8yYBtDebt zzhnu>Vb5$dc256OetTde$n}G@22+#1OL^_S4syP2ERXTdA<6v-QQBfXJ!k!^o)1aWGN&qSu{WK z`-7(r3^Ku9<{6QValdkUFA6-^@J|2qQOW%0O2%RRhg(dRIiI+8Aw@MrRrG3f=o)P+ zpG&$PYn-m%R(W>R(1t4`WSeT&7s<4PY=U1E^<=~3^e0^s(7DXC%u-nI7i-9SFZrup zbLU)p=ykB@*X-y$uO}>jee=POC9+J+j0}v68i-dt#gUIKz?DowD zmya_g-FkK^hjHn~Z4IZvsX>;HMT|uxa%WD;tIzAEz1kKSquOtM{_WSvd5I*PAH)|1@mUR+fs}zbNI-!_z<|$yhm9+t&4V!&sL+7PKn*0J2vR9yAY~wd zEQiEKPp-h2WMuG}Qqxiu;{8$W%cSaO=J6KIOJ@iu^j%S2apL%;ZE64HuV3Z}`d_FT ztDoil_l?yHSIuV(nQHrPRiE0o@aoKm7d@C8G$($3!dAUUWzi)0F89Pjqj_P*>00YK zey@J6RlfXqrqrd}>E|7c_5N*0du6*JVcU1NKks%N%oK82kh^P=NvOljS*L5H`EUDd z`f%y9Yz@b}H6o9K>@TM;*{x$d`&nSwhx3lv)$USi+=r&g%2#aBX5AJYx#8UE-??HM z_7(4+p0r>7^273OQBLNmO6CG?jZ&tb2NJW_%snRWpu(QLx0}~aI>}` zGV{_66#@(uoE;71#CZ)33=DzL!q~vTAWEFq*uc=p7{)aSC(%}Q167EvayV@*E=>Yj z+{CDa>_bLY2IeM4eg>d87gG}>Bg5N`-+%ZVk~_v>ZkR4_bjkjQ-r0b~yuVJf_1I=6 zIiFhksC>%I=}P`n=P&GCcYEiv2?3UJ3eHmZc@5l4OD0GO6sAvm@Osfn|EW9bu3l7} zzR$up>qSPwbV0LLnc#?f#-A6LUJd?Ym!z|;?$VZYlc^as->p{vymeeJE-$em@Y1@w ze^)hyOL#p^zq0T6?y{Q5`;3owt=_&qi78-1+$Ys*XC2hvBo)M;&px`Z_=93$%gp~$ zW}A1fV&`uTs%8qB`TFh41g9T4yEg=77Z%Q$??01ETkNnjhkZwt{+IPX|beDUEQ#8R;cbrCT2zk#>I_G4H_32$OD5^R+&Y@ zK&(Mz`WdIV>pw(Yx;IY`oOCyb(OOaB1~@6m^0A1qhK!d>Sw&n(z}p<1}%qN?qrUEQ@(^IyvbzrT1=-TCh&9vO)(1(P&mZ?m^gSU&Sm z$EmOk*6CTP!e*-?zAfZa>1^P-VV!g7|MtFl5>FR)%X~fP%xsXj#QW8Wv;U{4Ej-7< zDm%gB{HN|I5h72`j%XiXctA4IusRQ*c}k`q_o!xK|g8JTChDm`i@ jdxu8n#xvatvP)C7V!J9rf4R8MQZHHm)9;je_^j0cNWg31 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3a72ec12fb8bebaece28b7d617ddb9f715e1744d GIT binary patch literal 982 zcmXqLV!mY1#I$PxGZP~d5E<~YacZ@Bw0-AgWaMULFbFr~HsEAq4rO5zW(o~9lsAwC zakzxVLQ;!M6r59wN;1}` zGV{_66#@(uic6E69S!8fc?}H=41v(X*ucObN}Si&z|hDT#x;l{(PAwF4T!~x_$-Fl z-NdMb>`z8k2IeM4eg=akMlPl%Mn;B7+0Jvmjrm(M4S6-D z*Y?N<`5i8Pa^+O0sL=YQt-m<`$jp*oH(Q`|s^3cHB`*>f9|Udv@AAnkXM<$v62Z-; z5!2`OY98Nl^=pGj@)RxY1CRQjoWJ}m<*VjY{^N~_lh5vo`P6eH`_N;d-nto2XE7d= z-}G{$+Ufo8M193f@r6NrRs&`rWgrd`P+$=-;4|Q1<4S1rU`z!nG+;7N z14$@?RLU4g8Au?@A+ec}V-lERficO*Q2JxN*p9hAzSk8eL{xS5-zZF++K$L zk3Wm$U79+*>>cZK!NRnp^S9-*j22Fvb6ruVZ~4W=ksp6qcKe^2@%6~*S4wug9^U(0 zb7t+Cb0?%NH#B1kONz`{*~iCN-n`JcX1Mie^>_C*Hg{Qfdrw|g^?1XI>lYSW-eh6% zcWWa<^}Np6$D;oWl-*`sadqPT20Ol96N9NgW(WnBUU!;utW&2%eeu8h7qeZyUsgRH pqR@URs3*_IwCJJF}#MHfjnTe5!iP6%4myJ`a&7qE^tdYpf%g9X1ED6ZZ$xN>FO)MzL%u6>_ zaCS6kVpKx*3?nN8a}y&!15licsfm%1;aa+i;rWEj=4q0Tb8DxSpJ=u`!+%f6<5ijF zqNASzujs@TnDO%8X*K%U)0;Ev@PpVZTjgI{-s#vmfAWjWWz*fOCobce|I^-Vfzdb9 zqf3LN&mZ_c@6WSavtI5FeR`wI*JInf6#bu>-NA|LMCqF z!+X~+xj$n$&2!iM!E8;b`BNma7glaaW!aK&)NV@rs@(6QbJy}OxbbKce|M<;JF8!B zCOl2b{kHq@svmOQGw$&};}G=>-Ea4>OS;-DlPKTXlbrlc?#Cj=sVPY- z>wj(8JJ;~&QEgqJ=Jo(Q8ELww9ZM@ zO`FpDb(U{k6Q26&c9|@{+a&!5#@}XePU0~9yHakAdha8-*+;G8m>jNZ)Na3Y)r{lt z>3yb*oA3HC)g@~?aLxF4z3Y>(tl+)FS6K~Q76f&ln6u%F664KK_DxP_6@;=DssB4r zI!8zD-!Ude_oC9DeGEs~PQ)zpTzz5n(e|&Lr|0+AUshVaW==xro2;Abs$vWtIo0@Y ojGmsfUvJ07e)$>y;$qY{=FZ<>C7I3gIBuUar?%s4S>3rz00@p>u>b%7 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..93857ab656577dab046109c44f79b411adbcfd19 GIT binary patch literal 947 zcmXqLVqS01#58>YGZP~d6CB(+$<$iUFhP|-jhq<~piA~P=|GbytqAU`KFxzabW zpdd3Z-BiKZ(Lhd|*U-Sg5C|=d4GavT#CeSk42_IoT!Ro2tyD2kf>3U`2`$ZSA`V zIOp$_vV;|#f=l;bw$0>z(ZL@2>1lOc*>96K1$vXhyqUhte{sL>Q-q&Y<)5O&mbR51 zHkDN?O2lhjA7&*w^`zwgO516gxMfDfOW9VVBYD5m8tz7Jl)kByBq_jni#h$2!-|5) zXHm!ZWm!I&INxGR%7m^5f*}+8a`!36Ojj<%NvuSPLkLN6py`0pJHZrW^{Bccx zU$mEUQ|lmy-UPiJ6gsadBgxL1Q;K3T2g9Bn-qFL~b{* z?@ZD;did{W=SOLQs=IH0kvR)a1hRZAVk{yz-sJAvo_|U>`IP#ZInj$U&9;5YFyI5m zhb%uM<9`+wV6tK}5C`!USOg6C40zbM652c%Q-R_Jj0XH531N^zRs&`r1rbnz3N&IQ zM_`mOGB{3~DY0x@*Qd3~XJjHz-|{~3?+;I5Ou)Rpkh6&s#Htpol;B#%99MBE?X2~J z)ZlA1Ykw7dUl`bYAZ5neLWi<5Vl6_A32nb48=0@Uf42O)vfrce^Y)k1?j60WI{#^t zd&8^ZsJZ!n8Dnopg)!A;@Rd}wpUQi2t|RtDkIEo&Ixkh*9L-C-D;lnGW#DCKWeDUpTdVLVWp&ZKo5jo_nO$aVJdX53|p@ Tn1*@RJRdgkee>~J{J#VMAOc{< literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..134b7f8cb186c381c2bc376d7f5b845b75f83e4f GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iILHOmyJ`a&7`9IZmLjRn&j+gAScdiXkcIngcimI1_n{$yv7EGM#eC%K{$!FsvD?6Y?Z@lE5za^ zMkQn)GO{u-H!<=v7&I|*F*PwVGCXnMik-})yWS-^^0MttnSxiZ3%B(1h*(JZ1V_82 zoIS$4(28@eU-@Z=jp_HIZ;SLF+BW-j<=m5NT5Jt_-Mgn>3gvRDjyuM2|D1#-^Ih|M z)7qc+PTe|DO8;8^;w4NvE7uM;@GU2ZHs86x;=X2<=h z{2v%b{c6wD!c^SG){E`Oj>9^(G+VyWqVe zf)P?58@6Rntx%5{nCY98}b)5Fjih~|8Q}2%7L)&J(7zJcQq_|X#8~2u3K`7 zNn2)!&x!8XU|XBWn{={vPw~?2OFt$TuB|s@P+4Ub2?MbP zksEJv_ifKVC7gUp{mh)`MVV&XK4pLtf-E147>kJM@+%L$OZ-At6mD^V=Y}3NuY)i(Kz!r-{6K zw#Rgm$z#{-cbfP1-DmD&D5x#e4GNxZpxF1|nQnma^j7|&=t&bNJjh5msbj07+uE3P z`0j#}nZ3BX$Lgk)BZK}U&FxcGUApU1;M(-+PvHTtaP$002M;f{ UaQv;h-f?olDkHW9%YIn{04-!`Q2+n{ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt b/pki/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..dfb268d1d33d1692801e094b18a4cddbfb4c1c41 GIT binary patch literal 982 zcmXqLV!mY1#I$PxGZP~d6CB(+$<$iUFhP~AWkq<~piE;BD9GbytqAU`KFxzabW zpdd3Z-Bh8tGzo~D9S!8fc?}H=41v(X*ucObN}Si&z|hDT#x;l{(PAwF4T!~x_$-Fl z-NdMb>`z8k2IeM4eg=akMlPl%Mn;CiQ>y0%@EBI;wEQW#WF5TW?;kDOH$1Cvm^R(p z8?I}TC-TMh^to$|m$_3G8#n|O1qB*bR;S5Vnzt#$ALU6ge1CCSva#9;v#oLtexKiG zUH*3BgXXt%AFh=@v{jcFoO}CDXkA{u`rX*p@aHo_l&zfKFs+yPtT(5gt$^Fe)Be}x zgi8sn&qXx+bhj`piws>=VE*HZ@v$TGn-1Gwd(iv)W$NMo>Yv2iz6iM(_`ZL)P1VkM zQ^m>5;^v!cZ#MM*-XxyE@yOFd$aKZ5OLp#3%3Q`=7IC{H=E&{e{`hxyoEz(o2AxYe zTNLJ0pYFZ5Hre6Al#_pxBiLW$&764tzWc;H?&*vhnV1xS!EUp z1F;4X)8$tldYAZxt|;8%RB!Z;Md~Eu4se2ysT(!j4eB#E_V&^wo zUu8aDzb0mTO~Jk!4?kDzkn)Oubm5RlyZj=qu2SwN>-XI)Uc--ry84%s zWurU)^i4dj(!O-Zx5w)@sr_5>=k>JSr~}g^ns<795GlSIR(*VORBB<-`}Z5w+lBrl o?p#U9wfe?8*Vvjw{^h=oh&<(Z`c07j>C^Z)<= literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt b/pki/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..2467c945add087449d1d45dd05e8440fb01b121a GIT binary patch literal 923 zcmXqLVxDf$#8kh4nTe5!iBZ9TmyJ`a&7QxhX2!_}B5&$M0lg-a6Wb*N{!?)<_2 z&!O=q|5Wx37f(KaS5|hCfp_k1%K%|<&%&CCPMdx$_$^q%&8lvbz_3qUc;(KYo0rCS z{Z`r{v_S2e{<{?RSq1i47h^V^E>Jipb-^=o(&g9p9%O`ze^mK>?|Sf)b9EIek9T(_ z^Q`)IXs)x_n*B|@@>^zxtex1fQFkkILWBE0gS_mdZS8CB*ZEK3{Tsuk+}R`4UCLbE zFyYibhGP4UIbnM*S*+R3`7CE+e-_{OH&=tibHd$uZZ$Z}>fqZsHz91A^Tq7uD>F*w zsdL=vefvb`{fW)oCysvcxcKG*hm3vdkMEo3om5mm5ij$^zM*4I;pf*(%!~|-i)#$3 z4CH}s0po{}!E(M!v>UJA^{Y=d?l%_Ho4MGq@AcM=B72oNW8_r)?$fd=NQTndU_dQO9>yin<@MXlsCCh3T$S8W}sjl*gZmVo7}-a{txViPNUt zlCGB6>7QEn{`OVleJNkJhDX3q@7l_ssejC3cU^Mjx%?{9Iqb`7QCqHiOlKKozqeoYz0^Nv z`|JIh7EkvtOrId2{k?6r>yh@BPYjdJA6GHn=b%+U8C$L}`jJIXZMUNv_we6st~ gvlEwJcy6|ch^!ZWGO>H+{+*&4j;~{!^l!TW0K&>*D*ylh literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt b/pki/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..aa19cec73d2a0d7d5023b1cd681dc0df7835f855 GIT binary patch literal 927 zcmXqLVxDc##MHcinTe5!iBZ;omyJ`a&70fQlkGS>J z9t+>BWXJk$6xo!sKwjVytiYaTi+zkFiGjEegy!T)VOJ>J+RezDiY z_|`iGNxr06r3L~w1&h8%tq;uRIcgs8oTYlUnV>VrXO;Z#4x(I{nw34S|AO}zE9XjE zFrFz>l;2?N6&HP5F*D=n$*D5CuFkhH9I0eY^v52vVn1pht|B=~v=TH%s z$cN;YS7v`m{%If%(yzcGV8CaOj`zw2K*oiVMfOPEUX61K+1p*B)|_6 zU;(8*dhwSsC*$3er!_GGi`P#6ZLsBW+hYE| z>GFX!C+<|`OujuwU9;udyV|^`=6?^q-Ia8{kt@qcWsjs~%75vXE0^%Rlb7T^(zwm7 z<(8R0!+ACNMc=nB=ZR!$cqqJn;pE1zkAH|CU{RX8YgOul`a1!+#@kys9xChX^nT?V c#qR5F7js!`;-Xv2o=P|zIP~YQxIXg}04s)8ApigX literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt b/pki/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..bab8307e33090b6af0528075dc045f51b760290c GIT binary patch literal 910 zcmXqLV(v0%Vk%m|%*4pV#3*mT%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAdp0B6bCa#4d=qUE;Q88@ zCuc4-FK**g->bV5dDCD2Il%f#BvSRiN{{s^@y3@$f?|b<8`$Z;ZMh3>kl?LVDpp;c+kuVTz z5P4D?e=%li8;1_-x_zbFQkUP1U6BTkb6GwXF&2@769m0(ZqYtkP z=Q$l)H!fSbtI@#VYU{($yAKS`8Gc@P?c%wEd*;uWJwbfe)3+Cwv@(}eFJM>o=IvrK z@9tr*4_seY6~5k7*nGui|!jsO4v literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt b/pki/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..a6d878c8dff5008c174150662c1ac9d2d647716a GIT binary patch literal 924 zcmXqLVxD2p#MH2WnTe5!iBZvjmyJ`a&7uQ9SRFgG#sGXTZ8n3@@b5bBS_d z>}Th`8GmowV_kE;T;^l8!S)Sl<*%;Z{T%h%-+ZZr$(o6a4RcPN`<9fXbD%8xb9KYC ztG=3(qZV`&erq^gzaX#F-zQn~YEbc-NndBHZhLf7Yq4qGU73Hk7b!e?>a$Pr&LXX! zMn09dq*e;>-JS5v`Qr@(agcrm76Ai310FW6gfpsV_ zUiFL48pgKLKMU&SGL-L2D63p3>3ZUML;CDw{?dzA6I)dj*&}(c&M2O`rRYWRG~PzH znE7}7-YmM-v0KnCulMA=1A=C;{}TlQ58f*jsoGX@DrM5Wbo1CVnYX`Mgzde?_c3h7 zJ1yVk-%tN)k34>#|Fg!1dHV59r{ba?Hg}(Ke(77avT%mZykDmyR6M&a6en!F@@x5@ zL&2Nn%nHh1yKGxAGv=JswprWE7p;na9PsRyV(Onq*Jd}qD_mZAhCe2rBdpDL(HT3{ iwL%iCD<>LTT>j&}z3%!9?X8(xeY>-lRByL=5di??4PXTT literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt b/pki/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ef1056f1c39c7f1e1a3f6067c4d270ccc07cc69d GIT binary patch literal 928 zcmXqLVxD8r#MH8YnTe5!iBZmgmyJ`a&73Irni8;lo3eJuOO^iy&-eY8CU~XdMX8?+GF*PwVGVGpqdrIu|u&vjG1Rc~* zM&u}@-17V&lRWR|+}{(QImoW_W1Va_N$0!xHLl02Rw(@M4VmK9hF%q`ZvC;?w&~e=#l6p`{&T-3;&G;ZvDU&u1&hlMnHT+X zj%C{QzhJWIylpOR#V%`$YF1dqmHu80daa z?se?(#?{3YFIdao9a(DFkaMe~AoES%mvy51ulM%5FkR7bQc3Glz0Fp+f~Tv`cxTGi zrivGwMb8|kuPoV~<|!s9c(H171^cZ7A9QCgn{n(YZ@JIHqbr}tTXE_y$=JO%kcpX* zfpKxALAilEFmPp+StJa^8bqGd#$Sw?+Qy;7x^7?Tw$$Y}V^^esQ-LfWix`W@Ce=$C z1{Xpz@_e=)^7wpew&*7ZR|9d7egzf*13m*DHm-y=55`nr`Z8cN;0H+vGcx{XVKra| zQU=^00e%)1Q1U~L9AMf5Mh+u`PDH^8wXj8rPY$#?q@T3A!`1$AtJ9z9y#J4^z531m zg238WlkSN;?bfY|pYk(*&jm}*X(x5ekK7IJOWLM&V50hL{pv5hmACisOP=^?{o)QE zZ$pHX&-SQ(+vWGSDo!{q_cp+F!^bK58yuwa3s%&3mHsh3q_TMB@t!wvd;VJlq ztzP|m{^Q%fJM5G?u4YSq40vxCz&7EWP5xumct;-ddh^%G%l3YC2(jkwusveOu=>xX zr{-BJboY7jMXk1WzqfE*p;+~;nf)0~%@;Ed+a{jkof9{cv1XswB)#H5v)B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj1Ah{&fx3fPSS&9wH`O^muehWrF*C2ESi!~5P{G;J zpovil*(;2!49rc8{0u;GE~X|%Muroj6Bc^6ZoT;M!}4l1qphF(q8AxVdA-{GkB(0T z|Jqm6emyp;U^}AtmgS{uPUH6-Yq)Orbjj;zimd&UQ}l`V|2Dn0mZYBYTgN|Dt-P1? z>axTs`mTMSia!z7! z5BI1IZJU_%LxQc~jqiP)^+qc$ZcblvLMb5IO+`MH-QiiwyHdrMQO9&SSndJ z!PMl(rM#v`COf!V{2zfzPHnpAOy72!Ez=QF_6)`Ap1=42+8#?;14TGLQ$xn5;63 zgn?Lt$dlUmi!oE%ICNOo?JM1uy8LGBiZpPX%kr^^v4}WUIJuqmTha9Vq2>MWE5#0Q z{dwPJzz5RL&&c?ng$0<3*bKx$d<7N(13m*DHm-y=55`oWxB;U9KS)9tq>$Bs8Aut# zfdu400wD%L3jz%MmiQQWk(d;u3?zW2uy6|t7Ni#CW|owsrUaKJl@z6>8X~6vU}6TQ z07iyPK_BhCjBnT7UU4F?uYgI7#YSffTvC*nnO9P*;NoYf z;OuB1C(dhVU|`LiQ9RD+6;ABR_*d6C)Q>6C)$T zDWwK+Gu^U}vPCMEpL|w6{AE~DzWG9xNngOC)5oU1arc|>e3$YA2c_>j9+ns#`ca{_ ztn7%VLCcRruPm~1zTDrRi&X5-JUTH$fmKW0 z{Kk?WEJw^ga-NrXlBIfb_rtKr2XeK~R<3`#%KV9v)zlpMEDyI!zy7RFn`b8zG|yk4 z*J#Jqz$Xz(lG`s9v4{rzFFsaZeK6~k3wydkoX{NUr^i-!pI>8p#FppoteS)DwE;70 zYq}r&J=R~$V9LbI$iTR`#-PeT9vHQ<$}AEFVhtjW6;5tv{Z=$Re`tCC`%19`Tz}rT zf#Y75k420{#C5LpyQBXfA31Jd;S+s4He_befgJ{XApQJ|jQ?3!fT@YiKpezZU=c9j zGvHz4N@(+7Oa+P?FdFcKB!ocWzzJQ2xsLmv7OXoAXXg6LRdbPyF9ulk;njcWBF}#oS)qjcUxB z&9dKi&&YmWHlcdA(}LE7)4vWa4qeBuo%R0<$GRz-{)tSxaopwB^u9M8y+z!~KVmEX yf40l`WOZZ3#E6f~4%0WEyY;zv@q$$`u>q$hJA^*Ck)Y0Y>M+kL);IlIF8}}*S6~AG literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..645f0ae7c4b41d1a613f823715fc47b3b3294b6a GIT binary patch literal 1079 zcmXqLVlg&oVwPUO%*4pV#K>yE%f_kI=F#?@mywa1mBGN@klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7lRDPR^B%S+5nbG*mWF1j#WAOJQ?NacPpXqoF|)qY|>G8Ce;an;7{SfZ|+CO^l2T%O@|mqv#k= z&mP#>e$8EvCGEWQwp-Jj{&qc>UHD5}lu_z(wfgtgg5|CgVx~oh9^Yx^J4MENrQ9TD zog;3ZU9OF{bNU~~H{0F+^Jto9_8mKocD;F1KVLh|P{TNDe`-w}llysz*tgE7yGstV zg#^BG+O`p4Wa@EGkcN@OCpS#hu`*xp&Q741` zyPa!({atnScg6lKB1aSqCIzPad{Xu9UD&%wm!P(!2j>}FgRtEStJa^8bll`oZQa(t!R4w(DMHGm0}0D{=9Dkrw&;@ z7BLo)hZcMy5+cqq=bn2f9hW*d>04UUD+4}|ett&A|12!P^u}f&4&p1Y2pI4g@UU?u zw0SV50>up&4fsJ4!XSmL2FyUppb8`)2NEbS$Xk$OkhLVkAdQMi1$QzsLQWmPECEa% zj0^&4wr?drR2{delzK36=bD5!w^!ZQvR$gU@5kg~&P{LDmbA*P+!)KX@pp;G2d48= z_DV4G3Wi2aT`80MZJM8A=3#DG)6%mis~V5zSUtNM`$MC|=vG?EnXU2VrtxzmW+^V_ zN}0J)P;Sck-(#Df z^d7I%%E@wTkkVd0%l}*tGbih0Ro_>+i>eQrsTC%%e0#+_b5WM>lKmc<{B<(M7Js_T P?wy*mNd50}UYR!lnL&gr literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..6cfc5926a505818cb241274bb2cd45db5b422524 GIT binary patch literal 1051 zcmXqLVi7lJV*0;;nTe5!iIL5KmyJ`a&7YSffTvC*nnO9P*;NoYf z;OuB1C(dhVU|8 zQk0r%XsB$U2$EwKmcr(k;?g8%MDyLRdz$Ut=^wIz8#hf{A%E+`g;R4i?ta*|>S)hfJGM*T zBI{o7*81D;?5jArYOaCE98T}de+NX~eLj$AafT;;QSu4JAmeMhuGQS1y!GEq!IgzN z^Hv5hPLKO;FMPCKwM9Nr(3d+`v?;;(@-Mt`PBPe^e?(*BY7uD^0b8p`D?OE|qX~T^7DwC?p zK21N$#LURRxVZ7ILE|k0d0=qLDziu!h&6~fRyetx^;^;O{GsLj?<>U)aQ%7T22LHa zd@N!tB8&7RnxlQDPT&6STl<#jd=Kg$Ocyoa1L@~yWc<&<0!(jg2I3&T0*inFp8*dW zS3;WyV=7SGfYE>-Bq0n^$ZEh0qzvLf0&*aM5QCrv0S10cdeXSGsn; z?)!PWWPBC|@9(&j6do$IUyctO<%T_#*LX>g+(5Z)H2q zmrh7qyWPS^e05prtbf(IO)NF{{%zT2*OB(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt!| z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}Zd=f2`GLQhdh+9~&Ahjqrv!o<7CAc)H zq$oAj&`{Yx5hTYfEQQT6#idEkj>ZN}j7rF!W@KexZerwT0E%-lH8C<{R7WrT0?!B8M68ib(*AveRzt}IY(BQV>)Xh22SH{ABT|Qgku1LDry4jQ2 zbSI>Tum~Ml&~bOi-{o8G+zY6S{FyoHYeieE=1S?-z3aRR6XZ=^$g;mWRC35=Rg^iC zzBGfiqxlib6wgV9dM=YItG{SH{Gg%#XeFoVsU0WQ^IEPFouGPPf@|WZMPGE3I%nK9 zJ+(&XrsU1gv$Y0n+WVJxZ*J-{731^c@XWoWZpFXh&BxokJO#WFGJCwbtSpWvY^nVn zT<7k+>whAP*KVna>$2WISIG-2l#sVw!NNPC+ z=}gRw42+8#ml`xKGLQ!br>ruIgn?Lth+~D5+gZOAP0t@%-v7Q*>;TuF_if#v*{Q*!>i$Bs8AutZfdu400x||t3xE!26al8Wl4PU=sF$8!h8&Z?>n*(Ep~q9 zQsyVym&~>8Tyr92LN@P1!M2JSi@zRh5?mnc`%Pz?@3NfUNj=+Rd9A%@G5`in=*yjjAou|p5Kc7HQ#Ffu9)K=>LM?0zN7m)(JD|RYW6SN zfBKaMI%|&jvnsl?GTUT-4mGw`oqp<2lX=<(XR&J&lb5cuJn;CHaFejEd)eYM`&qy3 zS@PtY0l!puR~6e%<7mbY_NNncFJH6SzwbLYgTd!&u7%U@^_!c_{=fU@=R~z3%*4pV#At88%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@J2GpzdH67RyV_O?A%CD=sNY%*-n(R&en%QgC)O zXkt`C_6j2_19KB2KLb#li>Zl`kzwDCi%v7=3Bkt!KUSN!xw$Ai<43#(TAYhrQ>AA8YWquHNt{`?0Yf8^6k|!{4eKa-3q< zew)yey>`zBCBuFdi&R6Wr%6j=`xf@{UQ3r7nNjE)uDobZhyyE9O`=`d&U zifRKskbZtf#{VoVz;wiBAP(Xyum~9N8St=iCA4`krUJzc7!CMA62c&btOm?L%Aj#0 zNJI`K(zwi^aq)u21qOagdr&AL8OwMgG<05_Rk}T;?yHh&a4T=+D?fq9d7q}t?q5A+ z-Nm^pJ_o07JP~gua4q@3e%l2S=T9mAUZ!{~{RiJnVMe8|?(R0Rd!-rmABmc?&cEO< zJW=wU=P{;;r`vbis1_;h%QyUY(III1#k_Bx?(+e2Kfb~-FS zAJ4TXa_8YGHXpL~YVJH|l(cKjZ0UnF#&uuke}2bo_Usk+EAbNkQ2Vf6Ym=KsxAY!# zHmweFZWPRa5?b2PaNg?VZ2^YYMjh=dRZX|&2R>^SWt&vHrNaGf{TK1YD_Hq|nM|J^ Y7^}Ve#)_K2n=&fzq^8)HuaLC>0GiZ;Y5)KL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..87ba14d13a64bbe1fa889a798e69d9de51ab6732 GIT binary patch literal 1008 zcmXqLVt!-L#B^l=GZP~d6QhFxFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pj1Ah{&fx3fPSS&9wH`O^muehWrF*C2ESi!~5Si#xR zpovil*(;2!49rc8{0u;GE~X|%Muua>(wh`Mn<>ezxe#{h!`lSDyT%dSEk};*n(24x z^n-)|g}pPj%omtG>Z4QMS1=-G(aliA;YRA|7pP~nMOKU`bEM;?G zTN8eAdGQ0~mNlwfD{N%=rp!JweW`R8+uuyDUpvz|k6dbG59JgJSp7&EnvLx*+UzS3=}%WuZ6NCU^YEFX&)iwN7D=zYh9%p;d{Ih53J&ULl% zT6o)l52T-;k?}tZ3osS28Hj`U3M>K!d_i&x=~TuuI3m_H##ZTKKG6ViO5B)w5mi+2bItmnnSPdR{;N?Xh~@ zhJB%Tzcswqblx1n&Xv|6HL-C+SIfuW!9fan5#P2mN-nnK;db!**mVDFwXt%KVNPX!$OrwY O!mhdEf+@$MmIDA~)pcM1 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..7eed575fb4806c8efb91446898073a4ab52fd240 GIT binary patch literal 1022 zcmXqLV*X{&#PnzZGZP~d6C<+$FB_*;n@8JsUPeZ4Rt5uqLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt#5 z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZU=l4V#+L#TjZ#yi`57Z-4ZvqbECUn|C~kX1}fSL1)Xm;*R^f&Rs8G`hRYECiDE)e=of$ zlVE+>{c4ivsp>toH`30|Pko{I>HWD=Jcrl(Wb!a;+qyFE=R+RG1DiO^ZqGg+!?TXt zo;R!Tfs9b+g@5{C$E;FriEa6HFYxy5$vFqOnV1qS!EUp1F;4X zwmZ@LjtiMbF6nY8so|XKYU8!=HaG>y^0A1qh&1duuJ^r9s{W%z^%v9EcV9*vvk5TZ z1L@~yWc<&<0!&kE2I3&T0*inFp8*dWS3;WyV=7SGfYE>-Bq0n^$ZEh0qzqy~0&*aM zV1vMg{sz8FybU}_Ob(J@`&hVz1yU=Lb4pWEQ-VvAN{UibjgS)nFl7T103$;|hXUv0 zKcXha|2!qNnAd6=cK6x2WFFA?|MioH$Tz{Bro3Zpi)z;HjXJw!&-B&1By;bs__JuU z>ihL+j`~GkK4qxLI3>8rn`-iDN;Ld($xvkfa3k_p(b3mFJ2EcJbNEqF6yUa_LuYZw zl}RFk7wdPjtSf9-?ta_#rqX&hk)FLAD@~TXl>K72>&AljOcHw{)rzmAKk`|@Eb*d$ zkwMvtR<_F;6(4uH-$}VwBDu-r{L{psA8&e#|3v5P0%H8z!^dDKwiu!J^^U)k^8Be&35sI{Q9o9nJr= JD(3IoZ2*)LdBFex literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..08f2245ef6cde76df2b473062101201986e19d39 GIT binary patch literal 995 zcmXqLV!m(C#B_WCGZP~d6C;ZOFB_*;n@8JsUPeZ4Rt5uqLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUDLrhr*kEH5!P)j2<}xTGjCGq0pr!Nt#5 z!P(J3PMp`!z`zg)EsPBe45Gw&jSUQqjA2}ZU=l4N_snRW}$&%MO`de8k!Ws6>V_~u;_d6M;6UhtlUUF6xY%*)Tbd9Q3YKEW@bBi;5& z+E9>Z!RDEJrUX5xyDTdz%5nK~mt|CmVGI-dqgPQ&x!g{F?_>PQ!_J?sV#)OUSCixK zM{fc&tc85KH(&UYR&n8S#zjN_4cAW{n^pJsde(jWvJZk&Pc2nYj}F?fK>fJP60fC& z*O%5aYHd6B=vr&Dm2K;-<+`_z2`$Um_webm%)?B~j0}v68xI;Z?lX`F2B)kti-dt# zg9zK5=zYh9%p;d{Ih53J&ULl%T6i0r0%ZAE#8^bmu)NLEkgdCy@`|BD>rJWP{-t{9 z27Dm>{EUqMSy+H+ip@YA#8+SuFyJ%bVdF|@^I%K`iW@K*@Pj0TK?+$7n1Pgm6G%V~ zBw%4+w!p-|Xo-P=9%;z|IhKLR7Z}To43myNvdwu_)VMw3)GLNhK`DA`{`7Cv$>6 zLru4hOW1N1WB#NSUmrCp79^M`S1z9J-83WZ%7oL|XUr}iN;z=utdp>F+LDtDdB@}a zFHO;(_DClAi(KT*1M_!(>#Uq+<)pLnqM)hzI{CLRbJQk_t$wgBy2jA$`HZ6<6J4bJ ziY5nCeKS7Y71N&i%02OJ_TlHNgzuEjeB0u2sN&-8Z!_y6j=Ly$F7Mj3H!$zjB6E%$ zU0(LJoC061MQVe7G&e0{yx*RwT0ZSnSp4a~(?mHZu6P^H{=dj1%|W>-|MV3(DfSnu nuPJryHqzNt8u)2~R>hkAylyf~VvWa2l6Xo*6!%v8Y?T85ndWgj literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3b11463186944707a91f6c695581e17986b2eb74 GIT binary patch literal 1093 zcmXqLVsSKRV%A*1%*4pV#OP?i%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@J2GpzdH67RyV_O?A%CD=sNY%*-n(R&en%QE&!& ziBSpJD~zlR%uS5^3_x)%rY1&4h9m0&|83If-Kib-yL^JwxjX(z2YY|s&9VOPskA=Z z@UTQ>c_06?4-YF}&s7lRf8X7B)%=inO+$~_)b6)MllRRr5?9Z$({t`zc6;rmpHsQk zH7xiTc2DC1Q;Fh1<37C)m(Da~%wmd5{nJ%!VH(4%^+x4)@eL7~1r|TQbFVMi8hCZ} zGMmcRS{uGCE3ZACax3fhqHZB4);%fwGVfm9GCtPy_4v!$<$dBCv~9L_b)9Uemrvlm z{jxfC#Wq)~(@vA^RsSgmvo8DB%hLF8d%?~HCU@DIGQFxo>G2yQR&<%*epFxQWpK7$Q0b^1wKgRc4Ve z5Ni;5QX79UW@;OU4(qyorQ1@M-;7<6299-EJ{B<+ksMF6wR#bqLS})E)*(S^Dh!uT zl^XDY^z$<^{%2tUrXw~3aS&gDMZkd1fQOAMq0NIa6)0}NXuuDW5C$n^HDCr(294`M zB61*+#w7-g3l}!dGw@yFZQw~_f{+B;$-*rxkXn(PQ<{>R5?q>8Qk0r%NL}NMkW&>f zg8)+%BSY?{mi1iSr!wDc60EJw;(W{dLsBbz;_v4xcJnMyI?0fUXhr&tqWi0o(@-Jn~ShKV~(dWNc?fXBW zwS6l>f?xNneBAP?*IcxI*TL$U4?>$?{fO3)O1P1@JA^%*4pV#OP$e%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@J2GpzdH67RyV_O?A%CD=sNY%*-n(R&en%Rd9AR zXkt`C_6j2_19KB2KLb#li>Zl`k>MTF?-)5hx0COM_Fh+6uw;G89^syAf1fFwv(yU7 z(ztqjatznAcZ&{*&tG`w=s8y9H{bVJ@i^@jD%EK4`#T{Z`Uao(ftb}ZrM9+w_F{Z} z_rt4*6W3I8{4aP}A9XBMaoy_H{`6Z|;B6bhdu<;LWlru{`6pug<)~w9*M;tA?AV;X zV$tqt+XJOjJwC?C#N`$?zZP$6Qop)2`lheXB$LTL`jU?_hZuzgZUStJtJM)*ThuaWnyMzU|ih9=m!iDF9UgCoXIM) zNEnDUh&-u{zZf&MjYEfZ-M-RosmpK1u1EvNx-1`y7>mfR`JAUFSkCb)k9z%EVCtI7 z%e`XN4fsI%`577iv#6gOZr;0H+vgA}qFFas%r z#A%n*K3jz%MmiQQWk(eH&3?zW&uy6|t7Ni#CW|owsrUaKJl@z6>8ZOK> z$Xt?ckV-uh4JE-I1llH$T9KSnnu4$lIn4pH4=~L!GBA9c_m;m!VVzpkWqICBsfCx$ z?qNRoDf$+_vZe2SnRy2e=&~O^%^H79Fv0Zj-xDA0O+IS8Qs?t)@)Dk-|N6&)yAO4) zD4)7g9#vM%8^UNG`a-IuiXz+dsQT=$t z=3iy(z1i1)|BfnLad6Gj#yz`aLM^X)q;9-wxQ6{w%1-XIo7S%%&)+T1bG7UBo^?%( zTcUi8TDv_=?L6`v*&jq{eEFKg-~0ZyionOE<@dIpo2m8qU3uD3sSN#TVXc>3m(7pU w&e+|~y2wyr+K#N~$tp7!A6}Lan*LJm@O~@H*~gsAdbPheXo^_Z#TmT@0GS4qrT_o{ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..a7ec3bd1ebb5da702bd6b791dcd4673787bcc93d GIT binary patch literal 954 zcmXqLV%}!Z#58XKGZP~d6Qi2}FB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pjg8&k(Q818$SR}b%$sD$hnMpg#qCPsb+pg0#(6C)$TaWxOCI|tHl{(BKs6~MJTXj;T-?L(T{m$$oa zjpkicy5XegnF~cr|4wE2^zVP~f=o@v9j{Vv9q`LioA=_8euF^R%#y3I;VPd#c|P@9 zX{FV==TTkHJ{K{qjpZA5I2>HA+bVIa^?Z?s_Q~1Wzb04+`bi)EeC~gON#mCrESe?y zoiEJ4`^f5T*XXh{JT4Kss8-uRY(cw3-h;~WmLFbqU5nHn9O~LC#P-Czy=(P?f{H~y zs-j{7gu80nFA;%;zRRUv@k-@B(Y0|zkyDdeFpK#VxwliJr zHx<3c(A98k-u{ih*Pr+`TV;h{#_@LnGWYKk-v4O%Fj+e~fNR|~--Sw|ne!f4&f50S z!RR`(PVV)2{F`drr*GyKzOjGa`&;&0ylz+Qt-_x%tQ85CkUp{8IPX%AX7m9?_3AZW z{(h}q7Fe+N$)PtJ{}uJ|MhWkl>hiOx;LNVI2CH4)IL}{x=YsZ&OSPub>$0|-&d{p+ z7y6tvS-Eua|IMZT)46KCJa<>n@SGAfbIR3Fv4rz`SW?xN8tlyGSp7F>%lXT$({I(E wykFVB(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pjg8&k(Q818$SR}b%$sD$hnMpg#qCPsb+pg0#(6C)$T-XD8RYyIp!?%v#c+pEdQNGJ4#|Ne>nSF&Y8 zU8Hkfx^9~;+mz%Nml0q8&7^#~?2bI`a+hNF$(!zE)`d;l8zDT!Z@G@kAwfRL%u{dD zd9Ivv-8XqJo89vJceL*=s5N+a$x=6|^_%UtH0yxoqKI4K=Ukcp|5#sNxbD#N-&4ci z_tt1^W7oN+VR@TnvbHy?#Wh*3Yd%H0RmB+m+VZo~j~|=zWGYjS*XoIh%VjlY)gDgh zyl!TAUY;rDklo?m2OX35y2=>tUbuWy>r(rP9TR*G7%p_LjC=)Xy1LNYx6$Xt<4dj7gDXYvP zVIbBZ@}xHYV$9Sw4jtBY`%1T^F25POA`KkrvV1IJEFx|mbDTK)VuK5Ah{-)Tcv3>t zl#9)P52T-;k?}tZ3ose68Hj`U3M>K!dMFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgJ2S^Q8rM7SR<8}n49XHpI2N`l$e=UQmhc<=4@eP zq~PpmXwbx{gzOzgRtDxKMt%mMI2ThBBO}A=+qc)>>{*igKaY31L*~Y*Q(9I&%CssG z+2JMh@WdQ(DW{CZTvi*qr_B*wlM(pmV!MUU73*Ey(JHr?b97tZYP3$$Ic9xKW9=uS zpUXvVJu;B4n|WW!hNa}x!9=!XBc(aAYG-|K8Khe<`$s#qTHQL@RL(xfc~)P)>Ln{T z) z^o#rH_fba=7)-34l_@F8rMH;Zuftul$)YQg`Cs$zr)yobnV1q zS!EUp1F;5?C$;exW2Uxo=&-KaSGp~A`OVlBY2bL5!aZkom;7W4?*`(+lAWmvfFD z+;`l9<;Ktc)S46XjVuk6f*w|dzuac~SXFpaR0fl(=W!;X^v2n>_kG@%uity7Xr`(! z!$&^G`d<}q7foIBVxmedf6axE=R2nhziI1w8vk{v_@(z8uP$A5XKAToUi*RP#fpqx z=UVNVRbqdA*TA^qMg>%1-WI;l0CIHV` BWS0N{ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..58308f8939d67eabfe05f5b8da73d1802b750587 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d6Qhd(FB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgJ2S^Q8rM7SR<8}n49XHpI2N`l$e=UQmhc<=4@eP zq~PpmWYEN@gzOzgRtDxKMt%mMI2ThBBO}Apv^&8MeMNhp|9up5&CfDm#haTa6H^%ub&ECT{j5vG)m^#OysyRBm1Da z)l<5GjhMF#S~ z;FMKnkuVTz5P4D?e=%li8;1_-x_zbFQkUP1U6BTkcUe9bF&2@)hO@ssi#%-J^7(O} zJ16guDpat*fDfdfpONuD3kxtMu^EVi_zEln27CrQY+MO#9*n6#aRWvJevpJPNFl2M zGmtV+0}0511Y``P762X4C<07PCCNxhOD{dY3^^u&2@@ETj0`GYlIQ+>!6mO}%2#qO z@8qhDXFq6aKfbD(etqNJ>mZi(~`oEr5}TD#04l%cHiV3^3K69 zWcy8yx$3jGuTJ<~BEfDxxoH13oq$Jnj7N($Y!;sCy{jYh1E;p^mVHrbS5|#u;7ajt zSDmBUDffM%^0DVbl*wcoQruiIA`8cUAtM`Jmbpqn=;dzmpBHs znU|kl_WO*>`*5xji?atWWpDVy+Pdq}a-+HmzuS@V`cL1vT)kY*Y!q@ohVA<6=K!Ou BZj1l` literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ff6ba166ba488ac41f7fb2bd281cc74dbe228ea4 GIT binary patch literal 957 zcmXqLV%}-c#I$e$GZP~d6QipEFB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`PjgJ2S^Q8rM7SR<8}n49XHpI2N`l$e=UQmhc<=4@eP zq~PpmY|zB0gzOzgRtDxKMt%mMI2ThBBO}9_l70VbxF0m~A7;Jx@cG*c*REx2^Ykm4 z_k`&uuy=Q31peenPJW$|MjM@vtv@n~SUH{~FU z#h+rw)^pDp&aN=H(tP&Lg~tnuVv@rrHa|PHoa>@xO_8V73#h-rs3)L?&XVJ=HHUZV7a&WQqlYjFf%Nk;GX7^_0j4B2191>vfknW8&wz)GE1}JUF%>9oz-Yh^k`M+dWHn$0 zQU+=u0XdL>jDgfbpaU93fT^h@87XP$rRSF+$0RUe0%MYqA+h{u|0~V|M$7I>-jw>v zbm80Gjq&ou%U9o($*fo~HI1Kl#nN96@f?B0l@o59mUy$^{tV^(!&RSNIJ(TeIJc|j ze#AxdhpQfIyk8d*F_Xj2@6pMrlcHZL_qYa5?mMCxqY}1%+lo0Qn_XXBuv`21$IBb% z>z*=3UpI>}@a>wK9N%MJAF)Gc$?;#B3unY~-;-jm`(tFBH!=Fh&&!4H1B#!;FP8I= zI4`&OKCg$tv1?tq2ltEUooLX!rO7!bo8v^2>(p?&-&xQ12IiX1n7!=k)qU@N&%DNH z?Oh|afHTC^)b>q>*s0WCV%OB=w*EI#QLL7hS`zp%UfSeU{JZ7+ A+5i9m literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt b/pki/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..5f638c093c03d1ccd3e5692b760e894f969df9b4 GIT binary patch literal 955 zcmXqLV%~1h#58{aGZP~d6QhR#FB_*;n@8JsUPeZ4Rt5uCLv903Hs(+kHesgFU_*HW zSrCUySS%#9xJ1D@wWuUBEi*Z>B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pjg8&k(Q818$SR}b%$sD$hnMpg#qCPsb+pg0#(6C)$T^5;5tS6f-`yv@YtA>=uIgZ*`#Bqpi2RiOvD z*q8S(J8?4|oNG{$b#jNq?TJ&IUs<{SzASs;$Ax=Mt1K<|y{~(_K(udD$Xi;umWv}!?k$L`s4vuZZ~`ms>)rqUE18NT%MkEb?CR;;-ix6({< zPR-BAX;J0O=Rf@3pSNvNZbxUAr19HOMvskBQc5p6`zs7wuDyG;So%GS!zq<{I{p9Z zx_cU$_IH}Ja_`&EoM~I_md+jkS(q_p~y^Pw>kq+p96( zV-jI9-~;LBXJq`(!U9Z2YzE>Wz5~6h0a*j-1(F8hZK8U>v{aIel(6*D^UIK<5|}K3QOU><{c_iq`pWay8dZH_7k|&` z6}cP6-T2PTk9IN{pOas+&U=X-QE&E_w28#>GLN}I<=L%m1TkT(N)v*LISdXoLM+`cgrHn z{HWC#OX@oQW@~&et(wIBs7A|)LH4z6wA$91;?$budY2>o{^zgJOAV>WSnX;wcfP`1 zxy46Kwd*3nZmtXGy{vZRsaXBto$~}AT2@J|lnwNLs#%B(+$<$iUFhP}D#eq<~qNC#0wpsKPNXIU~QwKu(<3 z(7?bD2rY~a3=E>gd5sMWjf`Pjg8&k(Q818$SR}b%$sD$hnMpg#qCPsb+pg0#(6C)$TzW4@p(KT0-`F>?w-1hJ9Tow*3g&(P}E-}|1 z(OvkbC8G7c#Tn-rExMc26gFOypZzMMG_AuV`q(SEr{Be_CzK?}I{dvD@%bd1pFzE^ zhVBmqx01Niv-SIa%;A3GxJdEU;kxVFe!R*FFnxCD%dBUUe|>Y=^GUNh>RC+Aw1fht zvXZ(t56@~iw?r;kmb7)vr>fmErmg4j=G8S;ozlwF!FKayrsNNil*}|4+4;rBOQd;X z9O4D7nloDdtDQe9)1P@kGFC72W3Rc=6XWeF_B$(ljQdjWEol_|FVwr!P(eE_GhmyI zx>BL^LCvWzKY0Ybx}NX+H|%i8jF(S7C|_st(%ILi&&15gz__?^g+b#|19@Or$||!+ z7>G59JgJSp7&EnvLx*+UzS3=}%WuZ6NCQW@EFX&)i-_;*&cgd2SQt0`Dzl2%xGUjq z&*j4gd?5Y&jEw(TSb)ih%|IN)S6~q^;4|Q1<4S1rU`z#y8!#I1gCvAO3Rw-9fs}zJ zNI(uG08Cj6r41z8#542C5_2+Bl97^@UV45Ra%2J%CNMG?8Pe8rr0(9-5vn_XC ze=XP}_x0!edn~2l6ZE`HPIheMebd^&_eivW`8E@W`NQ`C`FSsEgO{f#rP)*(b_T0T zU9h;q7Jk6s_a(NFdukmHOZ{gYJAFdTegARuxXUW(PB~kCXkSgL4~xIPJN=mxlV9;{ zr}NX#+j7SVPnFvIugTiHLH}zY)ACOn-Y2(j`F-@a)y-|Mj-(589p9C+Crhg;_Q}#| zthKQ`$FkWD8h6Smzh*Z+?*6dG`S``)M^hg&n@8D)U*r2Km~pkw?qaLb2fcm(Y|&|` literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt b/pki/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..e8d2b7224a82bb589492df7708e3daa4ffebcdb7 GIT binary patch literal 918 zcmXqLVxDBs#8kC_nTe5!iP7JHmyJ`a&7zLe(bdjAgB z=5m!Qm)W9%`0n44?~Ug9b@q3^eQ3~c-kVBu&N$rfsylKa&}qH)edRqRfdOpMhnj6% ztwhBH z{9UrTtm?>oQNwtToA+*A@4WHGPUgk8Z5+1mpQc~D;%rn<$i&RZz__@^pvpiV7@o4q zED{D{4I)o!<1fZcZR5~kUAM1vTk7(gu`ANR5iiTfBE}-(%l_}1?w+lZQUSjAXR=h~ z8W&9PGvEX1=VxU6&%y#sN^Az=Aie^NfB~NY4;xoPn+IbmP~3pgfFC3w3{uEyzzn32 z;|G}Hfbqk~Ain2#-_D6n0=G(9?=0h)bS`3@E0cNB6jPh_LwkhYE#c*Vt&u3HdG~Mk z3Fq0i_PeehZG3lCR!8x{*4z+g(=D^^GBUiox}cn z=kLGjNOvutpSB=LE35yG{T{9ZyJ~sV92wVsD%o?RdT&hpyLZ>4Z=d_rEBfQpgD=)$ z9!I`Z?>*eStvp_hzd>J{QDZy1^|WTEHGZ8!CRbcfuHG{v&x(;_!=9^W4(c6TI&YN{ ze?=Sn^j}+jPHc4jDHE7*D}N7nUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz@J2GpzdH67R%4esdUcID@n}ED|U7SIjC5{+0meh zQ3=^AjI0dIO^o~uKyfanCPqev6KkgbSDeIdq{zE>hyAfGuipv1jJ>IkQ@62qPdxjn zcyg`Nry~+G19!TFbiVh=edTwd>QU9b0KR8mW4ExSq)*)v`SpUV^IPvHk0ZMhmkQ0^ zr5GZ`yM~YJnUcL^PQwpYUHwJuysswq%-x~(nPpDm;oHlb`8Q8zjz~>r2tU2OH2uEo z{2niPIgg`PZ#VeZKcBX{!TRz_k(m$H@Rt7VT+LK8_j}gjhXsql_2b)KlKb-DhHEWMEueV^C!v4~#EaWflnou?CSR zwec5YrnYhDu&&!zx-E72&Da%b;24+XV-aH!QMEX{?v!q6RkZJw1I&{;gq4oxgc$IF z^z$<^{%2tUrXe;1aS&gDMZkd1fQOAMq0NIa6)0}NXuuDW5C$n^HDCr($ngVAYQXqm zWN=bCeZAq7WX0Dg2TumM_>LXFm(-|&K>c`X z_wkfxhWj2dXm+PO3@@>&41e16>sv3+??A8jJ@MJOdz_BOF(pFC3{tT<98S1!8a z-4*uZ`xLL|vsz3E*Z;A9agDRkUZ$+6S65}d$TobpeADtt=6T9H9%=FzeXu)b^P?k1 zY0`|;1n-qIS2uskIBI(?TRY*c^2`5I`faax$whD9v^vV~+Rt|1IVsjMMn8PFz3llR PB5(7+MRVi6IrTRIeKA>E literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt b/pki/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..0d0b95030b17b3cbf7e8e987f766118d0b5ce2ed GIT binary patch literal 913 zcmXqLV(v9)Vk%w0%*4pV#OQ0l%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAdp0B6b%CfsnnKkeAk_p29v(zx}r zS0LxmuZQ6pp7;6xhMZ3~xyg4~>)GC9=ASR(Zhv!bNGPa&us*OhE%I^TT~T50wf*b7 zE0)Psa>*_BWxRLw?E?{ZzlCO8&dcsP7%RxDfBCcf)>pTxEv9{Hrv%SM1l22XR%PlO z=Vdn&Jb&9va${U;w=dA!&E_d4+4 z-kkc6RntB0zhZWGowdc|k&gOpZ-u*?8XPx!IqhO^ddkGi$iTR`#-Iuul(Nb!5(Z)o zB2Q}LFUCx5hhbhE7HJmF3ZOv#v(Fz55vkkjA#GJPV1=MI?sRRJ(WwW z27JJ%kmYA&{LjJyOhs%4;vl{Pi+};20S_BjLYoI;Dp1^j(SRQ$Aq-N;YQPMnkmCoK z*nsiF$S~oP32o@8*lay7kthG0U+B!-;p To!gfAnq2DneCEZ3S<2D?A#_}c literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt b/pki/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..ca247b06b402a65037fa98a127ed5dc40b2ece86 GIT binary patch literal 908 zcmXqLV(u_#Vk%g`%*4pV#28?}%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=uR@WDKMr)(Ge4w0aP)51MZB{-8$l(S3AFWGO_1W*u@@+=j zg9lE}^*h`j{oM2Z$qMxi?!^=BURAs8c(ca&-KwCd?;2a>=Q*|;U36RgzUcI_4L!$8 zi>ugKerLNk$t~!4x^`K+bMOnLmRzng2Hwsc%RRQbG20#DFIv4(Y4gurjb*zY3M!YH zE}tqcTxD?dIn$&s#y>B!o!=tBpfvgB;fU55>r$g5YP}BZy<#uC=v-T9d8O1`+iupB zQp+xz-%oeOgf@$?1ixH0FXP+w*n;Gvo2Log>Y2{O%*epFxW=H$Kpq&1vdSzH24W2& zPio^Y#!PMF&|zJ-uXJ1L@|&?M(!kLz%f}+dA`*~sk<(GV{W+K4_KL9I;(hN}*b5E# zK>GO^8UM4e022_KfjEe-z#?G4XTZb8mC)wFm%Zg%B*m|srC1(w*atduqy-fV=9w|J`CvJyG|IW8PS*TIG;e;eIsfZ`aDj_cLzA z*#&ps(-WF_H1~r+hckC!-pBmv=zUexccg{l4-uNy|~q`^&7ukE?xLGm*bdQ z)1Okis{hH;-yVPYD)?XG>y_r*^%Yg+8(rTlVQp`iy6Nq=UX^b~CbJ%yJ!4)m@A$#B R&;0X?W(e(^^SN=x6#&E+UH$+7 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt b/pki/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c1cce6e0cecefd5a5b3bff0ae2332efca4c6066c GIT binary patch literal 908 zcmXqLV(u_#Vk%g`%*4pV#29G6%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=uR@WDKMr)(Ge4|!sn-}l88ZWqL z{46b7cOhD0F0^eQ^)R9AZP!!VAi6$)miv)ukq3_kw0-M07gnWq0YcPD)b z6k}NDDiP1gzAW2#<|+N68IlQ}I_GwpuI6IBbLyL*QHC#9QDv)h_>AQLljfKQ{5(I~ z_tJz}Ia9Wo)QbH~c=65dUf7Lv{*{v})68obS(%s_85kGW7*rX^14B_(nMJ}ttU=^S zZT!WUscjrOtn2obZcAN$Gj>H9IJ#x|Sj1RF5|ZyE~x;{LjJyOh9Y~;vl{Pi+};20S_BjLYoI;Dp1^j(SRQ$Aq-N;YQPMnkmCoK&Vcd5 z$WYk4ahm$w2^{H(zmLA3Ggo6xk(^6U^or?^vTW_0qQ490=pWZS%4j~RW%Uk@y_Wme z@1Iz_lk4{-({h>kuaiD{NXYNF{^6*{*G;vFw?CflR1IGtXl zoM*76P3uxf+@eh{HqNP8wkR-AvN@Rjhxyf|D&Ir|H!bLYU-D=2_B$dBG9nW`e!FCM zzy9^sx3LG^OFnR&&1G`4`SRH>fnDZ#_!%CDr~hxOEv{!?q_Fg_(zK&(&2bOj`(C)i zcVg{^N2?bF{rh@Jc!BtuXK@Gj#jjatD}MNqz;CHsM)x}{YjSoZedTlQ+Z5eas&H3I SUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=uR@WDKN0)^H08=jY{A2IuFd2Bjtz=jRnGI6E2} zG%+e6`-72{fw_s1p8+V&#ni;e$Z+k=;+oeF3`_KTzMG1+%YI(db0a@a^XV2py;_Zs zUDt1D9XNBAQJrV6u=*P&+^uqM_QC;H}fIk&%Cw~+7Kiwh=BtehhbhE7HKxEz8Fu#v-DtvVD5H&bwPO`|eF|kzT(*RBT_i z0Ut;|KO^IR78YOvVlxm2@fBDE4EPLq*tinfJQ!1f;s%Tc{2&QokU~}iW*~(eKfrVb zj2}jZu#&6GE_TdJk$85KqXy}Q18NIMp&{#6;g>CM;{^iE*$Bs7k_-&XpvwEdM z>-8$LbKiC1tu6f=7TdBexxQMf{;K}=S1i;2@hw&oxaYFt?ee*iXP@bxt4vz3`KjLh TgQA;SmP}UARTEL0cJcuL2&!Cc literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt b/pki/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..f205db0a3bef4d2628d7c0e2ac48e6ace3610ff1 GIT binary patch literal 908 zcmXqLV(u_#Vk%g`%*4pV#29SA%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz=uR@WDKN0)^H08=jY{A2IuFd2Bjtz=jRnGI6Imc zG%+e6`-72{fw_s1p8+V&#ni;e$S@~}H(1{O-M6jwpcCh@O1#BJZQzTk4L zakK2Ak_Fpm+)xZ+auYI$KeOS|BRi{#pzvE$9&{C~UAJRV<67N)j}EVyxaH^dd5m`R zSlm7eHoI&*JIBWN?{!s0|0U)V>z|1CoAhcIO%yiNid^$p_tJC)uZdgidBcp7?_bte zxbrABV5y5;eQvk=^9c1T6P=p(9|_zW_EK|kn(7PN@-ltT#!GX}Y`tyIZIbr+F!%9- zaLy#}xs`@4_AHAx%&VyQ?n-1tgrL}4*MbhUPnBNd;(sEnIeC}(W3?N850l<9op%?u`D*cM z&ZINJLb>54c}yz}G|4f6Ym}JyY9Kdoaf6k)~{TpvMtw- zp84UG|Hp>({)befo+&1=~ zVp_D=f7xC8hTD(MGpcR>SG4Km^i|v&i@xZ4=6&Zn`+Tk8?ti}~I@=~_oMAkWezX0A z;K$?pZm}ioX3#(7XeQkDpJDH@XI1x&yLo0sepC#(y<7X-gX3{^AAJ7u6);L~n5g>T Tb^Em1=ePHXC>(b====@Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?02QONY2S;4Nd#gX4OvB-h0j}<4L8x$>%sf_SpV1 z-~;LBXJq`(!U9Y}YzE>Wz5%#1xeXW@mt z@3{W$eYV;Agrfcw|Clu$6NH}kN=vOh!+hdCm*bYD8@==Q-+XasY4NffYuZ$<%T7tx zING!RZo|6(zzr5dEY7|la@W+i`G5J%IJPyRV W7HwM=8=rMX)S`MdV~_lw&piOXmtKAV literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..6e8f97c2035ca23229aee64f24964c3fb9476954 GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iIK&CmyJ`a&7}Vh-&TD93U zBO}AQ{RW5sG5pf|dLvI{@0=sAtH1lQH2Iy9tJZ(E@DZO%>}jEt`!`zeyq%=Iz37UD zSL^Il<=s5zN{;d`&Ymk@e}Fyt)3MoN;nR(`_{1di<}CQT+WqjV+Liu7)eAJOS$5nh z`%+)jx{NU`<5$Bj@$a%}4-f3QWGU11)FS>!4v%TzIh36k8P}!+>U+wEhMehiqF2L zo_+1^g*`bZrmu|VJ6U+rSuxN=cx!!&Tv?bB>z;i^bAtPRJa?TLcl}0O(T}jZa~!o! z1uS@OX7;^{@luP;O(teW2FArT22}>~z<85YW|1%uYY>^Oy~)dF!qL0{#*<2Wlh1K} z?6Lg?j(J%=7BLo)hS$aWd}q#^vRB+Y>ihZd@{+^xgWp+9YhgT`AV=DGuenw+{#z+5}FI!ibij{9Z7PP5( z`Ppnmopb9`UztvvWmt80ll$Rw9Ko@7`0FO-9!unJe!d|qyW_LDpzr6!n?)J_E`PpK zA!LpE_t2_U-sOQ{l}ZxIrqO*WIyzu6X?RGHkD^<#6F`bfh}>a zPdIHG{~wiJy_bJ>)S+qCr%&FS@Nu@h12XfA)3G}Vh-&TD93UP)#=$fzY6lO%X( zUg-`askO%okBA%YzFGQn3wL*$b*7VzL|e~S=ikRmXML8Q|9b20#N4N=LpMe(+u!RQ z(79r2k7)ZLMT5SHnLpSXj2qXzu5i#XNGrBFZtPx?xb>u5BFlX-+pY4i;?AgZUN96& zn-KPqfq$>$-nuntyNraY!BG!e&4yb&W*^C4{%N1Cv2ksrBWxkcu)1}8?VgM%M9*+s`|+6wd#i4&HMzT z*pJQ?>-}@|KI|-9U3GZN0lkpLX5Z>Vv|oMHUpP7c{_|%yWQDJaI?0^Mxc%Nes@NxU z)!esNj}$At-Tpm8|EpxQ$@73SD}L<#b}@wW-LGr=7wl&dYCUi@R`Ar8wbGq;s#%rh zcH}<4y1ykSZo}n2X?Bw|?I(SW339BfikWij=X)znmK$%@&smp#(C7N5-~F1GrhPlP z*fL14Sj1A=J8gg5;~O29zJz>!n04TwrqRJz*?xJyf)wkR`pd!Fk536?eI|cr`jS~) RyH`7{3B3KWZ+gAvLjbcPXQKcB literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..b156179e3a730a4f5072fe175202723f9b19566b GIT binary patch literal 922 zcmXqLVxDHu#8kI{nTe5!iILHOmyJ`a&7}Vh-&TD93U zUoo;WFgG#sGXTZ8n3@ZZd-XCX)-l~1}uZ$#kZysSZe(}O*$ETU| z=JH9s`#+)iYHOx^j@w@K9f|_rYq881XfG z+?X2YKJdOP(Q1@F=SoFOWMZ1~6n)P7>CTMYx25IlKiQ{RCUcGhM!KP&&l;hUN z9^UgxC%u7uOh6frC<3nMJ}ttU+Y9_9icz z2}kn+7*8tgO+Lr@vB&loIPzurSj1RFM3T}4YA=}|En>THuYRkT?5V}YaRz+AsF3An zWc<&<0!&V92I3&T0*inFp8*dWS3;WyV=7SGfYE>-Bq0n^$ZEh0q>$qWnCgJ>!^ogF zQtx;rOFESKGs6 zz~l02vft~aRZe>9(X20JWYlvXh%S%)t@miRFn+XRJK=d zy0Iy;IqeFcy^KN9jN{)|Pyciz<;l-iK{6>4Ci|z&o-R-mx8cCGnsNu@-j(-OvDsV^ z3Ds(tm3Ko&DP>#r+mQIahc%yXuKcL@{E%L*9cO4tfajz8yKiiN9LH>abKPrht|Qjb Mt^7-rBup5b0gjtf!vFvP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..a424261672868de229f240d691ce44485a41faf3 GIT binary patch literal 913 zcmXqLV(v9)Vk%w0%*4pV#3*CH%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0u)I(I#gZTb8c!$dAfOX z+OdCaCkq)Bg!ZO7&QUuf%_VTMHIL)bqbQeKsWJ&a%YUbBj|^J9)j-(8Q*YxkBN4zZQyNNzqH6^QuoC3n*{Dm zxcHn=yf8hWcD7&i?9OJT6?51Hy;s|Q51jq?%oSVVt^8f?J7nBFAAMI^JblV`Suxw| z-LWzDXUmVRVz}!zWsTtE*B*M;CT1+i3+(>=FaK^;@=m9pH=m0?e8H&MTQg<G59 zJgJSp7&EnvLx*+UzS3=}%WuZ6NCQW>EFX&)i^%6Eg$e(~Meg;gwHnvS{5j~J{_CIt zA4oqxBjbM-7GM%$GY|*y6<7oe_zZa1xDwht7*m1b28;$mAPHfRLJk8qAjQPUh#W=0 z#0HEaMg}uKtqvs(2d^gU>i;jo`n;~65R6cov0`0F!A8$3v3vc0-g}vv;5u5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..87590c3d2620218727dccd8680c9f1c23c3a486b GIT binary patch literal 919 zcmXqLVxDZ!#8kb2nTe5!iILHOmyJ`a&7}Vh-&TD93U zBO}A^`rk)#*e*ZoTK;)or%vhzvu!okqn34iP2aNT|7MO0>dh6a-b=?6PAENi=CRlL z5_`YP5*IWsc^K~%-NCij{q^!a)23H1vlCXkDRwRLmL>x$PxjHfKitIF4+s1Rt|&jU zbb05E=7S&8-|>EH+Uu$2S;@UPUf_bt=jes)>le(qKcoF##VyHGnI|+1UHX`h)pOiE zv0mdwa=4TI@d@^t1&KfB{HidC%w%9pTX@T!%O-h6n^O!L{>6g68HPI~X3JgqT+ zam$_?VJ=%;oxgCsE-%~m^T_l%fd#B_e>Xh+vek?$+H%P^m#|KOzrGWLswQzw=hmFo zv*gx>f8qTSCwVtC2Qo1;GB7T#F{m<-2gaMMGK++PScAytCxr?B#YOJ*sGU`-8>UE z*O+|!p5$N4Xtu%nt$DxNqomc^>vQbZr*)PJ9=drYgK?tfM3$J!B^_6Gg*UiN`EHkD zHZ_7n|B2hJWf7l`mGA$Y_~)YZY(>dv|49oTpAxrLcRpEaHBEE*;YCNY*1Ygl%L-io zd-tIY{}(cTls)k(ZaPBf~PcdsEKOf6{4l;*hSfu5|j1bI$)t48%iNJ*Jm`c+M?Sp~Ks+#+U6aW|394 zdWkk0{Q$l#W7bmXxcZm z(~p`w=I!}@QY&Id;e&-cC*9forusR1_mm2Su5)4?nI@;cNBwsXIwUoH%8PxI**EVv zq(4ddb;@idt<#G|Eb=}Gco=6NV3K(9tH9M&@=#Iy_Tt43o?qrqD^$8CGcx{XVF9KnHUn`G zUx7uyfX{%3jVqzegE18-Zop{350VfDDP%QZ22#lJ159|p_+ez=oWG>!gVWsJ{H=D| zX4lHg?K#I5q$s|jP$I-zC~9A^ZA|8x7xtkBdwQq*xwN_OdU8UG$dg5;()ZnGi?Cez zdpfI^O?yjE_vY8NGv$6dUE^F^Z}wwmlWjpt`yB08w)cHfV_&W~vQ7AzPqQG)EzP1M zvstI6@JXc3nO(HuwPerZ!p?=EAs*$i#tc;}Hb0iV;m;?#Hez+emT6P=-?4ZiC%Vky z_1~}O7&lM(Ff*^i<;IP~o9CD8+Z(Umkr@#eoHSiov~cZ>%$A)$I0Y`eRG&G$=l0#4 z*DQ;!6>Lg-FxlSHaALmGoA4#l*)D6N=GuOr>DK)^>!kLSO(A!<%F{a3B{T2r+7AGx C#9p-k literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..05a2bac1da8277d987f78747196c54d7b74e3766 GIT binary patch literal 922 zcmXqLVxDHu#8kI{nTe4JhzxkyIJMe5+P?ELGIFyr82A}-8*s8QhqAB)%dBr6~iJ5sN zh6>J(26E!Oh6V&TDL7Xk-lI8U&JPpQ3?0#6Afu_7#^V0j+FeR6_O@ zBP#=Q6C*zZP@IdYiII_EpYR*2`~~kn%{sm4?Yl{;i`E{wDE#x1T2(Ns_67}m!?w(d zW|?K@ZR5=hSzQ#==JC#NihOUkMa50%c4~c%>#~@0%{x?$J=Tg%oYwl@#_Fm;e}}j9 zl7p+>hTXgra!0?-5c3& zxol6C*l3*l`nT4NuX--gryMt42wx$kDBb`4+LfE-E)yqxUB1Yv__SD0vI&dr9^)SN zH!f#3iY88A-&>l$wQ(au&4xAKBy+f5&&r*@UH6U7U4{R@JNIs$dBg4WYu|v~!3@jy zw6++gzHQfW7U6Sq|9Fpi|Gf5fFU!Xw#v<}`=CrNHYeSvZHufD?{U&jC&D;r<27JJ%kmYA& z{LjJyOipYD;vl{Pi+};20S_BjLYoI;Dp1^j(SRQ$Aq-N;YQPMnkmCoK>VWaX$l&c@ zbE{VAfnxE8zh3e>{Tc5Bv`_!J-?D|NmiKt#{xj|Z#wk-1EUs$q%z2mWduL5<#>w?p zzigTK-T!QZ{_bsS1WGPuoZa)hx#PEihvgiT>38iP9@tp=cV2*2;w+|l?fOpX1@1yi zT{=Gb+<$+aSu*5ic3b35-;Ux|nU$4mD^nyDa*E#Zg->?R*8917=Al1ZqYQ5^h*Xd} z^0>WY=hYvzH-GJ^eY$MtzsKrVjsBTGk@)?b>E8?c{gUw(?yW7Vb3R7otv2l45*d~r z7 LnYj8~^{Gz)n8sfJ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c254a2376d3db5e7a1fb83ca4251b57b9604c625 GIT binary patch literal 913 zcmXqLV(v9)Vk%w0%*4pV#3*gR%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXz>h?0MlMXBe}S7kc`zGFK~ zW?qulPT;s=pV`>T+dkvE=&JMA4+p=V{$!JTy~*cGIqv-hK94TWILEf~RzS$UEqrEA zIi^ioo?8BE-}=V?S0~ojFWCG->%mS{W|J>pv)$G9M^~2xJ;^}FBh zac%XyIU&ok<9$n-^y^o5zm;!d`*Uc1+`aVtyyR1pnV1-LpyOI?05c10RE!e#kb#8^bu?`d84&u87k-s#F6CzftZ;NInT z!+;N@pP!NOKMM;m39%W7gZK(80tS2rJZxMEZ61uNKyd>`10j%vFi0VX0UMA4DMn3f zz$jv5Fqp9Vy)$E#rtJ=|mWO|Lm&*42bB=^HzY?!7Lyx%?1f-T8D<$Ci`hW4D+VjIJI9({-T7uK48TbusvyM9qcSoxJtjIm~G z3pQlUzb4~e^gUCz=yI^r^;`C9+dFRj>tNsCX?$1l^1GK`C*28{oRXLyy~9=^+IgkN zx8@&e}Vh-&TD93U;OkF|^MY>OHxTq}q!Qhkcvb_iMxFxJq6J8vAuX(F6|G&3*z2Ve? znTM9G_Pxmz$g#P7!~f?8ZM%9F%L$3}9f;<+&cw{fz__^Hpw>Vh7?!fiED{D{4I=CJ zw66Q-v+iNJH_b$#&uX!DG;L4S^9tM0M z{rrrK|5;do>50ui9K=^(5isC0;9=uRX!Br91&SLm8VG?Tgh2{94A_7a6C(q16aiBn zFp3x%9O|PEa_wb2;5I$h^6ryIJ)f7c)qGA>Gh_SrrRlZ7j_^5C)n81V?`6B#Q*$9- zM(?V(x2NS?4Kc_M0wtkPRnKiK;F zfX&yu>lZf9oOMHYWs&!TGvbTI*pJTl+L62RLYMr`y9aJHw&q#SX5M2_pth`VKIiEJ zd7qVnt**W4;xlb`G!-cH5%g% zEzS4IJIDLokR?I*vCFK>sSPY|U)h_B&M|()_U4*wv30s{XUt3EwB^e3*KRCJNjx8Y UB`s^S(!*x&{U`N4byoQR03iNmM*si- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..bd686290efec31105e4734066354faa98f27aa87 GIT binary patch literal 926 zcmXqLVxDEt#MHEanTe4JhzxkyIJMe5+P?ELGIFyr82A}-8*s8QhqAB)%dBr6~iJ5sN zW(v-Z26E!Oh6V&TDL7Xk-lI8U&GOpOS$B#6C$Z_7#^VIXfB}G%+e6 zdyA2kfw_s1p8+V&#ni;e$Z&i5|Bq451<$X{<}2m5@8a&s4!jh6^V=?y~Y*Qa)8{F-uYU&I0=oi}KFp1{ZVx z-*kU884R*9%SN#V)*{-pItv$iTR`-k{b%9vGIg$}AEFVhtke_q4A2 z=dGO^ z8UM4e0MiqjfjEe-z#?G4XTZb8mC)wFm`T-c`yQEpyRk4_ zs#Q?<{F=3qdPchU)<-J7Sa><>S>*Nos}?*^Na19(tX~Sn@2oD}Tm8U4T*Z6xg=)_&Odl^gT{hUi&FPmwXM2qDk3Dsc7i6cMI`BKmZ2gNx zosCJi-o;k_ofC8H>DM=YZYjA}r(Zvj`d6!VN!8p5JTafWEm}Vh-&TD93U!k^U#Usj~<7SGHo+!=f^?EFdN!{P~#?Cv$5NHe%G z-@_*_O$pX-EyoYL03@@?JiRr*toR@H01X!O2WQa_bvUGv=s z7Jt_GNlRRBFjJXwmZ4>dN_4!C;sKVQIYxIb`A=SwZP3}#$(GLdZ%KPypKH&8=ce49 zSA88hRrgE@Z8-I&0=%kKs__GS54#8^Z;TW@>+7EHc5lSyL>chx*$@hH)913r*` zen!UsEG)qE#AYB4;w!KS81NbJuyG}{c`&8|#SIt@gg_F)AcY(TY(R>Mkp(%5fGH0c zMT`s+(mYvP(>SJYYP@>X|8V!w;y)9&Z8SW+e!kMFxqli@)xB%B_u7(Gb}{bGDk;~! z-YgYf+T1$F-{noZDq>=*ymczNd`^}-eN&%E7l;=$B+!Z|c| zk(-!H+0m>CT2F4X%>P!;EO4y-Cg)Bi!_PlAKN6SiSbaa2^ S=lH~VHWE3L<)=u89|HhTAzvH- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..e2fd7ae3cd6556128bde8234d193165328f07dd7 GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iILHOmyJ`a&7anD z^Z(mW`)-=_vkwyz9)7QjRjt^+RLCXq$ls}#zJDm+S8KU$N!Z%M+v->CV)MFYaz`R3 z=eA`_@{`Zqxkl{&WZiiqoch=7oOrfZedY)5do8(j#t}c`d7ntcuoQ_eQi;n{ReF7L z$@WeA|HPcIIJQ%~JLlAkMM8l-iO-INPc~hW&cw{fz__^Hpw>Vh7@o4qED{D{4I<~u z%9@KOs2uNIoSRB->*cfc0Ja-@4tY};%;F{lK~${ zKR+Yme-;*Cx?(dB2k{kH1Pu5Lc-XiS+B_Ijf#L>?20|bSVUR)&12!PV#K?dgMZgpY zj3Pz`r!MQRG`&KjaIu#&t}fP+z9`@o#sA;vyzix7F%et0IyzNuvR`t;S)sUZ(^qG& z^5q;(-{V>FzvwW>bjKvJ2uH%AXaLmI)9XW|X?w?^eA}M$RslzvJn@rCxg5L|p`&i^2_4jt4)feh~S# SOX}jI0EX#P4BCrpmjM9HXJj(~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..44c0162e945b26d1fbb1158b27d624f228c5d7f7 GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iILHOmyJ`a&72QsKfe5ARf*YO z71bv@RBa!wyMr2%Zzut%nEZno-)bg+8T}Z`8>URrb$WS)Lb|Peb48%cv1r`AVJ_8;$u7oxZ##ErV0i%HsNJ1E-ki&otNMWWxU=%Sj z__sa3vR(VDv&EBF{sNkR-Mc0VJ!5>7AiMapyV=j{j#+a5cyBG9v(?>s=Jsg~ho>an zAJ(7V&GgNGzA5WQ4 z&*?Q~&U!W3Shnc*%^QyU{5vE6sato}x@XT89^SA;$Rlim{ulG9@=E(T9_}{x_)vXc QbnesCKdW_1TVC@508toayZ`_I literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..284f4a9e4830501c6734e7c24756b38343e6a54c GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iILHOmyJ`a&7m1eILmxuZ`o-t3`hQ17db_s7Zq|SEuPHMzGcqtPt~aPPkOzjRtTKy)fmnlx zXX|b6--5|EXEJGQ;jWq|EFL9V4o(HKd@N!tA}&$O*w26aeB!v<`;>)WqYv6Q?Fl#F z1L@~yWc<&<0!&wI2I3&T0*inFp8*dWS3;WyV=7SGfYCq*Bq0n^$YH<+q%cz;Fp3x% zw%f0sXzaY~=b0Xb&$GU!Zd1B1>k@po{#e(<6%)75O+N2nc4cd+WUsiwCFOvJ*LVMs zJGxC$&O}6s|3T;MW1n9Kuy8OcPYslNq_ak-|9;?s^>)7BYYQC;pB{IZTe(jotMhU< zqn4(N@k+K9{`E(v+E~ncSmgU!G{(21`Mt9z!p!>cnM(*y!ffB4_!! N#xG#~$!(Ui7XUL7RVV-e literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt new file mode 100644 index 0000000000000000000000000000000000000000..9766cf01596982582ec6f65d0047d97e1bfead66 GIT binary patch literal 939 zcmXqLVqR|0#MHllnTe5!iILHOmyJ`a&7&TDL7Xk-lI8bpz3uaOBoQtW6k&)qCugHRnZvJ&;rbwnVEUEecptR+G(ny(&jor`Te4%_U-(xE2c3Et0`{!KGm3E*1h=s z>-q1V-nK&Y-4c2BNi2)Eh*UfM%30t%FIG+K+4}>bJ#5B|`#k=H)%URc^3Thz)XoVg zxa_zh{rtsPsB%{|f0QPXYzR;oz#(R%4u z27Dm>{EUqMSy+JSi_JhB#8+SuFyJ%bVdF|@^I%K`iW@K*@Pj0TK?+$7n1K{>`~Z_7 zFn$;re7n~^*?M!8l~K)0iFTFM6|bB>-^*LgxB2MZqap1tBr5Y}CmPMV@$F#l<)hyn zc@<~r1f4K1vGshT-|l{kYgOUaqzc8FHHwBW{+|DQ{P)NCRg?C)Fg(g%yz<4|x-+_- z9Di5nZ00YpKc%%Qcj~(k*L!-GuJ-)8w4yX(v6p+->IL)VE*@DUF1|~a`y)TUd&#t@ z>>De8HLrI%b}rWWlZfUE=PQ})g$XgeO*%5x_L|QoR$qQ-IOj88I^Xjtf@j}ytyO%X zRH0rl{liHI?fCtoH$t+_IP;|HZFwY literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt b/pki/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt new file mode 100644 index 0000000000000000000000000000000000000000..e14753174b412891f3217bb38d462dded15b81ac GIT binary patch literal 939 zcmXqLVqR|0#MHllnTe5!iILHOmyJ`a&7&TDL7Xk-lI8bpz3uaOBoQtW6k&)q*u=xsI8(&+kE`?IY(m)A$?(CR5HUUCQ+DiPR z0%z{N5V~g1zjy`4qea{Pb%j`H_EubvIq_KKbVDlVuC9=O6}s2fY}w43D!^|b?!!_n zDC%e?%3-Aca-+6sOVI-%XQ(Y4)kU%>SRDgvT= z>z^O-*?i;FyBPPX+f%nk%&SbSui4_Co+4fUYnjpXl^HD8UH|d!d{^DWd-SA(^gh;v zo0Sh;#T|sIdA_>|rW7~-EIasMNAZoHRxKCK9Q|2+Y2!-XBEI&kYKm=ac|C!xh#Q9%!~|-i)#$34CH}fDyz&QVIbBZ z;u5ut{rtDjCyu+lPg(di`k;N&o^Wt#kmX|$V-Z>ScF||kkfrnYBtLV{3RcPS;wjQG z-~;LBXJq`(!U9ZRYzE>Wz5aWVqM#gEykpVd0$}9aUL;nOZT9_YXD6&#ZZyzcIf#Z?}fizhlPsi{CiyGw)Mf zdv@c*Mt&i2=K5czKMXlf3a{Iex!1OhbGu%WN`%_>+rG>5xi7BS%b_4=Jr}@@v8aU)(NT~R!LoJKYFOjcw@tY>934B{x0=%_gTiD zd5?41%9Ql|Ueose_;9Ss{qbIH(H!q<@6x4%dH(jc>FH(sn#KJuY}$jx!6`3T=4pJK R_QA7b`@{U7n`SPS1OWRgSCjw% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt b/pki/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..30aff16129db1b6ad06f689ffdb132782a2f0cf6 GIT binary patch literal 914 zcmXqLV(v3&Vk%p}%*4pV#K>>J%f_kI=F#?@mywa1mBGN(klTQhjX9KsO_(V(*iha; z7R2Ea77Ix&E>Un!Eh@=O%S=uzNi9||GB7kW6g3bADPR`n2`MTCs&LFp&d4t^kQ3)M zG%zp(LJMO91A{1WUSk78BV!oXAc#b3lnfLg)<_lrRv-49l~zlN=zjCfOC>^9KjgaC_I*p#J_}nMi?Ip(vba4y zsn0WTL7b<*#Eo}G{>GD#zjRT={!4kcx#l)JO?vsVaZzpR z`_ePX1$RW}mgV>_iBK)bE}BPL~=M`Si@s25&BZ zG);MT;@Hg8XR{B_>df(8$eH@^@m#F~-U^dGRHlc%VJj(`*ksRn-EF;Ed*`gY11!_s z89z^RJ9+Ip|Es;{{+G!#KGK=Fe`cWc{DlJH%m2mZoz(2OtTImu7OCT`*U6~H}dE#nI2L)pmyJ`a&7ba~tdT5AEiBC}N_DL$$jMC3ED6X5Qk4b@ z&W;96j7rG9VPs`sZerwT0E%-lH8CAyDImu1;F9R+PwQeWiYIo?501Pa`r<~<<-^>k zuD;%^%l9eVxoJrb%kru9#b=l3sc!kh_*9PPC%u7dQ49GH9IND|TSj1RFcD}j4D@bX_j(u6*7YSWe zSGbnWVrsw#($CMx_@9LZn2^{E#6f%o76Ai310FW6gf~Vl>Ot~zb8!M&FM8)eOJHB)S2vF z`seJ7S2vDC{z?A2%Yh@eb8QGeL&jbzzs)i%Zct@Zr7bJ4UV_U|>;e)oLV^WESEM{evqy{$C?QXGetsGva8rw^>Rs2=7%SjMdR~+zqH?7wM>#J3jn6`Y*PRL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..b7a1518eb86a3f7b9cafebdf5ba73a4d16541b68 GIT binary patch literal 930 zcmXqLVxDKv#MHKcnTe5!iILHOmyJ`a&7npu?UT2YXbnVeY? zkPoCP4HTRm4dldm4GjzofzZO(z`!6%oY&aE(8w6ZH3%iqPE`YCh@CPx>?|%#0$SU| zsD$i0Mpg#qCPsb+pg0#(6C)$THK**CzP9II{mGQy>h{BfslWLGV_8|>1CBEd?Iz#P zKe{Nx?!NNzhGj>ke8dF>L(7Z~tcc(=YdW}Vmh0zrlcq)PVl{qi7@qhn%HUFdAG>Lz zK~c$sPfxd1wAHhxg$Uk!VquW4XvHtM`~J@DG8{7h&c3?1Q^WU!{Igg2$D8GL{+-#a z7jf%#@?87#myh|c`f+>iJP(zK#;8RLtL%k8rI`O*tG7X1?GbyT`4N|^ts)I!k5;Kx zOje5D=u~d?`Qt5dU%vjOs<-}LpRKQ{d%^Df10R-+3Y+?E9;h&J^E+!M8dfH^`8=Gn zv9R@qy5Zu7kCi68-L2o-t<<I23P zBg0nDzCTJo3lIKY{_>sR?q%_*yLMcep8hrAjK|x?rLXex#in~$w(a+H+x6wJ29wu{ zOIOk-&X<_{tE=SWE9H$Iztz8YU-d6jpUUibFSjxJEDyszwyXWy6f)-iuzAEF@pRXV zg&NEEHmbdQx-#+pm5ga0`v3f%GPCsOU8Vf_tL_*lsm=LsBEI)&;i2@!uhjpW{_*Gb-g8gO8N@zeNov^CsN8p}NTSdtQIx>Q22Cw_nx# ToUYIw{BrS*b5maT%rF7~kLznx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..db57e9b337f313eda09e3d954c93feca961de871 GIT binary patch literal 936 zcmXqLVqRj<#MHBZnTe5!iILHOmyJ`a&7lM%Cb9Y)F zMEx?%m~HE8RKoYxD7dw8#g)Lb}8l{jMQ%%#Z$k zvo&oK|B@YLvWX@E3GxYFzr8wEmi~hG0l$~JVo;j=8Nz4n`7@BGQj7k6p!H=h)l&*j2&Vy5ezBZawp_OS^aXpt#By2f#7b-a|5 zf@XeLYglZEmtU>IrZ<1OTTB0X{+shQhu>YoTk5dS>M3{U$E?3;JEMsIL(bEjJv-_x zJ8w6+aZb$sdc8`Rd-LXS8-KDkTII;``DteqI4Q{Tv52vVyuLBLs=i9uRPxFB=_=|;z=~ z302t|-Hkt^)?F$dFY=c63P;AAbz7c0?e_o1zxw9&i|d~CR`taAFH>vrKDhS6h6S9C zViO|QJ04K(U*vP3!s)KbTXWlp{Lk{`vJ)2mOgc4DqU-xx=~X=W&+cWsl74$_qV(b` QJ`oqTsT`N+DNzjs0C107IRF3v literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..4952094eef3e7f9ccccd5ee22c85c7695880aa8e GIT binary patch literal 942 zcmXqLVqRs?#58FEGZP~d6CB(+$<$iUFhP{TkCq<~piz9_Y@G_xqxwW1&=GdZ&) zARkCo8YmQ(CIOMNqk)__uc3i~ArM*^8yFZwiSrs87#bPFxCYTA+N^D$39(rTugwt4 zn;4aleagtnz}&>h&tTBR$i>ve$jI>UzQ~@t7iLI1YBB|hXu4jn6I=Jccf+?!A8(5v zecEBOVl)4HBc6Zd?(7BYPg<{jVpd;qv$S-@zWFy@noj@bV*jcV?QtdZgz?+F-Akrd z_-8ur4baZ4(CQa7`}yDe2@`h ztKi?Ur?x8cZc}8}w(tiUS(CF^PiH1YFLv!&Ch~{nLG}zO#g?w$+OJDKoN0QWeMooe z;fGhAg#Vu}_QJhnasS)GvsFgt%Jl_8H|(DDWU}3Z#md`u3R!1*#%RXmf(+bq{kC~)XUIUcWA?9zGboL=@W z13r*`en!UsEG)nz#%3T6;w!KS81NbJuyG}{c`&8|#SIt@_(2lFAcd?3%s>h`et;7*$#uK%y8pDK3T(*9QAw?Ish$2{4`W{cC_d-xeS3Fg?W3Y}!{I=KcoFr|GNh58YooX^GIaqat#_9y8|O54yZr z?B~XIGo}m47DDT*65P(-T-)>7%HT@)Uh$;=JY4sgDwF^0+V*VYl-a3475c|Fo_3au SwE8p2Y1f`dk7nM9I|Kk^i(_;E literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..3a54e7f2b82d31a19135360321e675935ff682f4 GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iBZddmyJ`a&7tn3tdS~8EiBC}N_DL$$jMC3ED6X5Qk8}V z3eJuOO^iy&-eF{AU~XdMX8?+GF*PwVGJL+}+gkar*T-$?qtbu!iO3bLjjrlfD0K4$Vr>-+x=`-{qU4&9igeW_%2I>(r^^usZDd=9$e3 zoW5I?uYIiw`EW3JUZKd-S<1iSHYsoYwKn{`wB^i6Q&(t&I~+1R<0fq$rCI;ZX4`MB zhll(1TXP5f2QW2jn9U;N7{Z%Z}%+Nb&DbGLdUQD zz15#TZ1Q=LF*`>*cvHh-E|q;>3O~;3xS6t-X~*i@`{m^g)|8pav1oqEnbYF^GFEe5 z?jC0E_G8PqPi6#3XRziU-^1E^=1oh}bFmdC+b>=f>M*)@m5G^=fpKwTpFv}{fjlrc zWtCYZ48$5lp47%)jG5ZTp~JdvU+K2g33E+J&;uuHJL|v98>FyM>A;t6gsC#inj@ zJbcc&=YMIiLgYiXhDSCh+rJw>4mFXK{#x?=i%0z5$kSq)GhgjWyP5vk?d|NX4zrG4 ze>mm(u5%HgMqK5N(c(f3=$Sp@2&;b^U3Em0OP&OH`ySdttfc@Uag8-!{GOSsk;3-}l{fH!-v9 ie}x7s>eud>p|&IRi=RhrL%l=ln))+OXLf!1G8X`5YHU9M literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..650a53f4c2e4d892d736fce3c4ca82ff0f87fd55 GIT binary patch literal 932 zcmXqLVqRd-#MH5XnTe5!iILHOmyJ`a&7A-4f18*?ZNn=n&ou%Wzx zEQrG;EEbYlT%zEdT2zvmmYJMbl3J`_WMF7$sBEAJQot-MRg_v-npu?UT2YXbnVeY? zkPoCP4Gk2W9S!8fc?}H=41v(X*ucObN}Si&z|hDT#x)2d(NZ-76^Ny>xGXI$O#<56 z#HfVqKSovt<|amd2B0_>QxhX2!_|0)u4#2f=kECT#C{P~`l?y9N&2lCx8nN5MZ(*j zSsmyJ66~vQmP?(kl^k_CMP$;hFUAwHVC!VB3Ag$EpX?IZY`ob$UMK9q z?a=m~`92xBOL}UHb}TZ{Nr(Zep%+lZp(_~_1WMEueV^C!v4-8LPWflnou?7*z z&ps>{jBiQ(4#`)~|;A9}n$0Eiek|(h&QH4L_wjP_{G&S?}Co43=*bMkU z`uQ0d|Ff_F6Be6+IEb&nB4EI0z{AFs(B{FI3KTbBG~fqG2!j-|8ZZMX3?<@H(eM3}pli!ayU-tE~X|%MuzRqif4YLG;X1k{L9e?YY`Tg0kgD3mF_PqYMHGD6} zqS;O-U;h_R|M);U+P3PlZqeB<545-!++VhVY1Tisz3+7vXg_`xcp{3G`PVrMlLuTM z7!L0gTd8HbySMP(t#8}*B*strw2?*c;RLmv9$Xhf_e%zb=8{m&Z(&Z|!O zsyo%<%Re-ydFRxwf9SFBV8qw;%*$MTe$LtxYP>|B%bjt?{{=@&)>=(nng7N!Z$nM* zy6J-RU9P3&&)@T9Yk0lEsj~i$`8M1q;-`0AGPGYCv5|?Hk%4h>jX{-xJTORQm02VV z#2Q5MB$g$r@MqlCV-uXFX1@Mpg=QEVI5Eibv52vVLrpA^z$<^{%2tUCNDMvaS&gDMZkd1fQOAMq0NIa6)0}NXuuDW5C$n^HDCr($ngVA zg~0e>WH=Whe@3vSY4SovC^c2lZtMeF(%GcWEvbSGJyVkg5lJmRQwQ<)!p5Uku zJ&|+tn9Ql*9Oh|GZ=)72c^{T_WI}!GTsH3uQDVMJo^08#dj9pbA1?xgwuU)x397YP VrFuWx$$4X8c9gR2$y1Huh5)AJZ|DF3 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..a7c216c1640d0889a8c3ce4a6c733ce3447a472b GIT binary patch literal 944 zcmXqLVqRm=#583AGZP~d6CB(+$<$iUFhP}4viq<~pip(wSmG_xqxwW1&=GdZ&) zARkCo8X71RmnH#`v!j8WIIp3BfguoD7#kQEM2Yhn8yFfH!?*@9BwDRwparp78NbyK z+nX4bkp0TY%D~*j$j@NV#K^_e#K_37jpw~gYN8pRrft({^0y~#zmEo zmksVq<1#!Z|IaFxOZsJ|;}CpKG5N*c*s#oF4iD#EQ@s51-5IkhYQeU(p0%rt8aQLJ zp0DUm<(E%-y07rql85utX028Jx9Q6AH}AK^ zOse?AS$U@|ev~u&;Dl}3Q<~SSDL-9V`uOzBgd+zwRVx1e!c^=0Rn~A*Ecd~)Gb_Z7 zR(JjSq&|0X=OoJsqWwN0r?x*clJ#8X{QAPrmZ$4j-U>1?GcqtPt}&=GkOzjUtTKy) zfmnk`M1Vivr+-B%OD>e#FPNrNzE$OgA~;FN^0A1qh)nA#{3E);`rOSUKMr4r&n&EY z!QgGc2hz{a$oQXy1(?X#48%cv1r`AVJ_8;$u7oxZ##ErV0iyvwNJ1E-kkx=0NFm1$ zFf9V(hmk?EJ~jWvboa^16T(sV zUUe-0`Qg%5?}n^`C;CZc{CC?Y%@9;tb3(Uaiit={wYy`&!j2-|-nWq}Z68(l{JOoa zFl(*To5t6MeeFlq7Vn-h=~VQs3r#0k?3SLtdQ)#fgRa01Mw8#_?^GO@a%%~GE)ZH@ z)-kJbPU^L)tE;-+?)mb=W1XJHOK3@3GCp%N1Fcb}J5~C$Cri6;khAGBMYA+w)IbD(hZP{_=X! W6%X}8O$}QNIhKa7?NQX#dkO$Rr*NGB literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..f7ca7ae7e2a271af99274c581a8fd476b092d2bf GIT binary patch literal 933 zcmXqLVqR#_#MHTfnTe5!iBaExmyJ`a&7ba~tdT5AEiBC}N_DL$$jMC3ED6X5Qk6yu z&W;96j7rG9VPs`sZerwT0E%-lH8C!`B0M z7G-aIvG*4D&D)pqH_W!?-6i$UMPu`+8j*t%=l-gCo)O7=5?OSGNpSX}105GPy-9he zaeUX7cHJ{3hnF1t|Kr4~b&vQ|n>%A?{z-l=GW8*shN#wOCT2zk#>I_&294bY^1#rP zRc4Ve5Ni;5QX79UW@;OU4(qyorQ1@M-;7<6299=FJ{B<+5wn#yf3LF8U+~?>`ey6g zS)z+|R~|Ru1L@~yWc<&<0!&D32I3&T0*inFp8*dWS3;WyV=7SGfYE>-Bq0n^$ZEh0 zq#yz+P=N+UCgdmsCO}}6F*3+q_-oLenWyIZ$wDJUyX&2FUkv{uj;i@>2U2frtJb>t zL0mC?Yw^)Tjy8*~T3ujS-_UXXfQ!5P&8b1mPb(f h8$E}7Uh1gJW*t*kyFIh>t#xnP6)x5%=Aut80{|eMXubdd literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..9d1626909055a69fe657c6b1fa487487c954d4f2 GIT binary patch literal 927 zcmXqLVxDc##MHcinTe5!iILHOmyJ`a&7npu?UT2YXbnVeY? zkPoCPjTD?64dldm4GjzofzZO(z`!6%oY&aE(8w6ZrHP$Qj7rE}V`ODuZerwTFlb`r zVrpV!WOyPop-*}75&sow6-(0+_pMyPw>aNcZ2oljTerBYzC?YV`p2R{;q9^?pH)`x zO^Yol?>+xOVZXqNo=fkiZi%&$DOUBH+qce9(>Lp*%hV5P?ZWB_7xqs){J&`Cy+;a+ z0-Mc?PItKae0fzE?ssH~qvEY^$M4*;SpI&x=&nV1Oj{o7_(c3k~={`uQ0d|Ff_F(-fP5 zIEb&nB4EI0z{AFs(B{FI3KTbBG~fqG2!j-|8ZZMX zchBGE$iMl$Z3)lW=(>e#)}HlgVy=Db*~9HkDv!pU9KD_9~09L-q!yZU0aE-P5$(7CQa-t}itKGyMOEuZlkYHoZCI z#@}>l?#r$Vd8K|Ve7pFgYMR5Tl`&2mO;q11iJTX`cPXCx!tw7S&VdHZ>$s&NjxEk{ zpY`*gL+deX;WoXL^A$V`^U;@t2(ay7iD%)9aJx zqb8oK;|yCc@4^|K%okm469dh+M2RX)+WhhEkDLV=r{n{Vd=HRwd~>(xQ|TI4?vwHW Dyjfrb literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..b53bec1560d18fef7ff01047f704ef91cbcefb98 GIT binary patch literal 933 zcmXqLVqR#_#MHTfnTe4JhzxkyIJMe5+P?ELGIFyr7=#*f8*s8QhqAB%)&B7sfDGPMX9b81v#0?nI!@F zK&sM6p|~{3+0j5woY&C6zz_&6j13G7qQrTP4GfKpVO&~S+r+4Z>_J9W2IeM4eg=ak zMlPl%Mn;B1HJ5^B1pk%iHJjeF=G@QNY4^_UIl5l&XyMdpvWh7t%luCpb#~M=JbF6u z)+OTyWh+c&zh>@Pv@L46_NiNuM>6un?DvPsWZf2Hi?`q{pVDPrt=G@Gi7}#Kc6ceX zu<%VPQ;Mw<`VwnaY^#6dWYUF*JpmtWF0oHrvCU$|p1fDrE7IEe z53B6t{U7(OiL253eBVx8CT2zk#>F)TRR;3FSd>*}kuVTz5K$=q=VQ?OXmg-!|Ay}} z^|H+~_}sziK$ee1j77wgD?KsHz4ub&^z}+<27%=PtL`i^-~;LBXJq`(!U9ZLYzE>W zz5+%E z&1UxUY*W_t;H|HU_WtP2zVTBl#`WSO=be5Rd%A++uT8zIbTc&L-x(X<)T7INXKZ-t z*%BxsHak?`^qu-2vn>0^Prth+%BAS_O*rdrEq!KXTdob;mbt;-8aX!n-&ZKQuW0U> z*#7O;*c95iSsI%DzVA-oQ8G#YbFguw%kHJF%>OL?+`Rh3QXRfY&d7CGXzN+QCB87> z$f9MMG1oF27=G4$Z`tV))pN4WB0e6p?0{~TZ BUHt$6 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..36fc0d8df48dfedacc6a41638c29145a468b87fa GIT binary patch literal 930 zcmXqLVxDKv#MHKcnTe5!iILfWmyJ`a&7npu?UT2YXbnVeY? zkPoCPjTD?64dldm4GjzofzZO(z`!6%oY&aE(8w6ZH3%iqPE`YCh@CPx>?|%#0$SU| zsD$i0Mpg#qCPsb+pg0#(6C)$TCjB*H_g{u^v+Ky});zzU!ZexpYR05Jfeii;lVr?h z%vrXCBkjK;89^YS+my57_AJ>WQ+^? z#1MS(yz4BDRMkCK6)Pl_93Hs@oL(9eC%WyhYg!aj@$}0Yo4a18a+DRHiTJ1!?0@-X zR>^&pA2SwK%#6Ep^gtj#8(-_b?+0}Fza6xHVyzh5JuBY(b=to(TKk;!y!QDEG_QHM z=ut`RvKUjJR|=08cNA}ZC!Bfr&-2ZXZb%FF=`yIq@4Z&MkmbeEx@Cv`W1qXHD(hWp zei!o5*XOR?kFETrIv@W=x|py0Qhz~kYRut=SSDsh2FArT22}>~z~GcsW|1%uYY=(A z`qqty4Tj5|#oiq$<6ZwI_fx_`a3YZ9V-aH!Q7HfCW6=9(bD(VhhVL@Rab*`*q7WD?Q*_{vRHJ6^yH%PiT!luxY`Xl}an5CT;pM zH!|_4yi0w>HFqDz|HW?WA8&iew0EuK#GS6IYo8r2+xPt6dDGW?!PgX~aJ%Sxdd{rQ zJiB=Nmd`tym76_%=SAK)*tm0fiS>fzKlg8+8&rCvrcPqw#6>3rB|qg>S9pJPf1_T! zX2uJh%&F-X3mn(RR{!f!)?UU~<5@5KY}%TPnfmMa4L5Cm&}JAE|4%4AWuBTtZLrK# z-kOO;$5ZpomT2`adphOa->pYCF!U&$`Ss(~;@xREf{f8-av}ba~tdT5AEiBC}N_DL$$jMC3ED6X5Qk5nO z&W;96j7rG9VPs`sZerwT0E%-lH8CCuI%W(EOkS(`5$k|sY|wXs4(2r z@vvWG;(LDm|ECJ92M*?itgCTp75w&a)|zXIHX+A5SM1vT^i#<-ukRwPWgdR~|Go-M zF?A5#Z_pyx*PY}W&5@*T%@}u;#o^WZXvyF6%~x*7`@@iM=&SOAm0vvT&rJ@qo>(4h z*0E&X!f4eOf5J+>96BQ>bs%NM&N3zSoVt~>58tr6cHjuF+bY8}QBKW&>Ymr5jV~*G zw`O~L=ZaG>_l?*)Z1X0h?5u7M@TpQtocwwL$2XP*VN0J~e-ZQkG|RM|uI`(HO_$Bv z706J~buM^6`GhNi4C zi-dt#gUFNG_=_=9+coT1}S7UU75~ zebbejOMEgobdIy#HCDf`+E*lyzW?~6BNq1m`orR%1g|=<^xPfxHBQU5EyMplYA`Im zwZy3G%2V4L-Up6)?!L0}@bdx{ldqn0^CJh3>WkLFoI|s=#_Tq0zO`JkLEs|Gr@Pw% z7fd`B;JR#ek!rv?);^Z|h8al(Yv#|sc)WP#Qsabsj2j4zkn}sui5lsi7^c fUNAvF=fUBOj!SAynnpu?UT2YXbnVeY? zkPoCPO%$9R4dldm4GjzofzZO(z`!6%oY&aE(8w6ZH3%iqPE`YCh@CPx>?|%#0$SU| zsD$i0Mpg#qCPsb+pg0#(6C)$TCL4#Dft}i4?q6AYr}cnq&BOIR*P3j)E^hh7v-8S@ z(4|uYwq2cI88GFxb+F@!7P*XmwfDj7T}d-n8TbSlhA(>jsq>H;-=yE(dO_XyCmp@~ zGGTx1tGvv_7QbVBeA6Y*#+9Dlr~C8y^TM*fyHZP4HthE^S=adcbF%MqsU@F;zjZ4t z+_*nZBPe5PmFc3H_3C@e?u&~EF;BQ+$n5*pMN@EPF^8U!e}QGr&-n5u>D%vKOqW?@ zwlV(uu365BewB~qG^@@3eiv0iDDYqe^X(6TKQNL}ZYYI=>UP@f@9P3>q!H4`%<1LNWvgDL}gU~tMRvq%_-HHe(O zc<0O&!(?`yShJ1%z4J=a^>W&9L!-GEmHo) zFZEd0WcSUPR$kXrTo*NM0$1n61HqAEHf!@6FBYkqIWg?*JZGo>$4B~JrX{CY3VZR= zb(h2^$A4T>^46j}eTBT&W*zgQiMzH08)g~zY-@{CUcF`^7o%wWAGS~1irPFQ4qjfq z_nDr`;~#S00=pzWehpo5d%0Tes~4Zcd=Ieya7bRY_gal-Zs*%fP@zT`#9 QoUpnw@8yf#d;2Z`02ggz6#xJL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..1a37158581b428fd827767b79c3a13775d87c636 GIT binary patch literal 936 zcmXqLVqRj<#MHBZnTe5!iILHOmyJ`a&7IXYI*kIYZQecZOT{{fR4H%_s^yGs`(UJ*(;JGo=^YQ;ru^Y~1JfcUk4fjdQego0Kv{ zrX*b2uCY+NW@8$&)t_0SW)Xj!6d$r({yk%R9^W5zCT2zk#>F)TRR;3F5S3MCkuVTz z5UG97H${B+x8>8H-B9vy_E@v|-L776Qjq0i5n~Zq`Rdu_c^f#VuYdkePEWvSp+LG% zn*kq4KR+Yme-;*C;$kxp2k{kH1Pu5Lc-XiS+B_Ijf#L>?2K*oiVUR*r17;wF96!J` z2#g;_hE>z{zfD~}%y+ny>HX^p7h;R;nywQ|Pkot4~SHTHra2A;V1H z^L*~FMYopKJB(+$<$iUFhP{TkCq<~piz9_Y@G_xqxwW1&=GdZ&) zARkConkW>PCIOMNqk)__uc3i~ArM*^8yFZwiSrs87#bPFxCYTA+N^D$39(rTugwt4 zn;4aleagtnz}&>h&tTBR$i>ve$jES$_41MZD-JlVvhls1u)SC3--0~zfA4$Ub~SW- zWBdNi<4e#??xhu5r){ckdgapU`dj$=iZ=yK>Zc5ky>ZC?vS6d{VS_z8mUx-UH^18@ zq-(F$cxFyofA;FN4;CAxnnv^<@8CG0m|L*Uw$`q%q|Eg5%g?MW&k`3&B|LFH^|JVn z)`}w&mI(daE^gdk{AYKte3~S^NZ(pO>7A9?h811c*^n+ zbF28;=CYH#&rAJNY*%8$ zMvqOMyDG(IoZSC(Q{3sfY8%ejPoIDBcK?>0-!{gWWHT`{GB7T#F{m<-2L`IFGK++P zScAyQSI;ib+rT+}{quivdIClZ1=4-mzzIT@k420{L}d3xwJ-A;ZMyk{&flyS-K2A8 zv7!MVNIyR#<9`+wU=m|95C`!USOg6C40zbM652c%Q-R_Jj0XH531N^zRs&`rg&aS? zln9I;MurMsne&VPu}7bYDoS0oVVP;$u`MV1YnNZhFesS2DD{|e!2DOCb_YaPy6zFW z85z6IuW3b9P#~|;;i&yT6Dms2zFKPZ<3-KKwrLB~SC>EhIz>co!R7YTx7sEaALi}% zpPP{H8rOUMYeb{X1pX`h88^$`?GbDcGvZL#H#u0U>NWeR{pIHTf>nwZQ5Le|-QU|y za=7NJG3>p?xnK6r%^p6L|6BGjd|n^6ZQ_B>vK5teY0@W_ie=Bcba~tdT5AEiBC}N_DL$$jMC3ED6X5QkA9( z&W;96j7rG9VPs`sZerwT0E%-lH8C`oO(pe?%>aNwZA82!}MfkCOy zpr%2^{y?zwJ%*LO`C=c}PJf)dD870N?}MYuR-e`>IB(do^Ux)(iC>q@(GJyK-+r<1 z=!Zogf;n&ebtz=Lxv=E=&M8di((HFEZq6|-+hOx!;>N8N9c$Sh7+${n>#)$~^UIXW z7fFSc)IMMeY*zZ`U}@%1f(u{5>)A zRM!!~izjxc3%t#ldsMLe9bbQbm3Ug!hfhq2`&TAa-8sq1#LURRxVW*;pt0LP9vGUk z$}AEFVhtisYU3})Ol{-PVO_VcbX)53o3Sg>z|k(t$0EievU_6l>UHbx#oT!CX@X76 zulafpEi(-GK>GO^8UM4e0230MfjEe-z#?G4XTZb8mC)wFmB`P(6CoOP>6mwa$q1oO82UUZY zW~+I9pS$Cke`e~8SU0I#Y1jI^WB2)2+NlO?T#s4EqaCI&O_@eeKk^t@7wx84s<6FPawbVJi6l!TjG| z(@C#hCx-iHmc+dXP))s7*O)$S;m=9eoPNJ|d0!!D{^-*tk-jEn+vVIRq=hopn58c@ gne+SomuLHHPkmx4blju<+auTVRtJZZys_O&07ph^Qvd(} literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..16958532f00d75e104be1dd1f6992219ddff5f7a GIT binary patch literal 930 zcmXqLVxDKv#MHKcnTe5!iILHOmyJ`a&7npu?UT2YXbnVeY? zkPoCPO%?|%#0$SU| zsD$i0Mpg#qCPsb+pg0#(6C)$TWfj+sKQX-PM2ieLjEp}XPl-y*{3c^OeML_Ai+y!V z?D=(<9@Ftj%rq~ExU=uS!mU8ZNBv!~V)2)pPHxyXQNKpu>)whrH;#F1Xx#L`bjGTR zJ?aa;8Sj!`xct;fJMkz8u~$=3uM2W(|TvpBe``x$(w9S;!WQ^%zOBBk#7Fw4R`Yj_+($Xvo5e> zuvK#vaDP~t!WOminTtpI?ps^VckTP}p?Q_dvK1+xAKvM5SDbXay&{&$^M%A!h5NTn zg$>wVs8o4(ofGZqRFGUbZ~MdxOlof{H+Q_zd&|Vk$iTR`#-PeT9vGam$}AEFVhtj@ zCpNEMx9(odjR&75*u?yrulLY01DptC`B=nQM9eSmzjr6#`1%uFFD7j`;*t2liiOdD z52T-;k?}tZ3ou!+8Hj`U3M>K!dM=u|LxWIR9{s*0)wMbn$7PiMH$*%$UIU*|>ZqrQ{s|GR29efVR;_RW_qeD=uuZQYFe zxP|xbW;EB=$o}1OVqc~qx58F^^Ha~PZJn%)>!zz_rl>vh(6TvH&Rb~9XyTqwdRb+T POXOFTsJ_VM`6}-LwtQnh literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..093963aeca5a65ea853aa93e8a6292afb6f2a55a GIT binary patch literal 936 zcmXqLVqRj<#MHBZnTe5!iILHOmyJ`a&7PQz_1(2F-^p=}%1y^}S;<`Q1Vt*?wizsQg)dJGa>;^L)pr$)-K))@{<*CHI9r zVAl@yfM?ePI{e+ex3=tipJsPs$I8$-O0OQ)EPS)KL2tF0-9zW>dHn(BZz`|vj#&RB z{7AX<>6FuP(MPl`*xp}#w(Y~U_ulcH94QWh?B2W<{m;{bBK%#Xi;}j!U~)L(vyAJ9 zlFs7uU+fj0rrcWh@l#U%;;(^`PV>)WW~t`~EVs$85j;&)^afF>L!? z+jMZsmdjR(&TqZsdGb`k8%m$0g#W)*(bE}vEtH9wk%4h>jX{-xJTOFMm02VV#2Q4* zFYmv1C*b({6J0MRZ8+kQ_`!;W5u6lc`B=nQM1C~sSN`8p$H8GO^8UM4e023FRfjEe-z#?G4XTZb8mC)wFm^g8+X#{JpB^;v6YXjQ6AzHfUif-iBZft#w!tmzM0g;uvp{q1q~$-Zm9 zPp;&l+A)qD1qL@>_NHEn;P;<3^TGUgane(nUZ&o4exBOC&!;i|XCOn$DyBP==YQb0 zYY4Ra@0hcAd-tBcLw7s9KL`o*X3B?a#>XE2byu@ZxSJL$EL*LzuBc_* R^i^k_e=Xt@Uia;}JOFRcXNUj* literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt new file mode 100644 index 0000000000000000000000000000000000000000..58da176c46551762236de081b98466d220136e2e GIT binary patch literal 942 zcmXqLVqRs?#58FEGZP~d6CB(+$<$iUFhP{TkCq<~piz9_Y@G_xqxwW1&=GdZ&) zARkConkp2RCIOMNqk)__uc3i~ArM*^8yFZwiSrs87#bPFxCYTA+N^D$39(rTugwt4 zn;4aleagtnz}&>h&tTBR$i>ve$jC6&{A)D}XPS`WgP)y01HSvSGi^`bG2>T|eCPLw zgB~rLpFBKtVg0(N4=p~YXe2!AG+ih5$8GcU-hbUWd$$^#shu|~_)G?cwF?&YyeXQuwt`6IL9v=C-gkcz;0HtE8R((85C7Yp=E>PYSu? zXUu)!LXooKOYUPjhoARnq?LT}th*7vZC)0`Y@R7*!H4;CJ#%%{i*|pX-}*bUz~BFn z;NG3P-(8KeQNPJK*|?Nl^x7M@y%xJ~OusPi`n=DE&6gWrhujX{-xJTOpYm02VV z#2Q3?H0f9V-%`iHbUS*z(cCAdiCc4|!3jc^k420{)T%_vLr7?~|`IZ@TkG zSi^u1q@SOW@jnX-Fp04lh=ceFECL3620UzB32h#XsX%c9MgxA3gfK`Us{u2RLXIC` zN(9CaBSZh8k{Uq?uF8osLIh+(70h=Zx|}Ug>TB32a!c4a$ynr&<#EZji6xD5S^4!8 zdl{b0*roHsZ_TCDPJuno1VXe7xS~=mmOpxD7Ox;J^25n5vu@qO?>cKF=O$OAFc)jI zMT+?|MZB2r_uyrQ(*m!97oB}FZ&zsARi5V!n-F-Te6Lx3b*%06bqViXrb@^+COu0w zdsD=*xc7(YiD$PrEfLn&eX!cjv!q8xc&&Fsf|mB(Mgba~tdT5AEiBC}N_DL$$jMC3ED6X5QkCWk z&W;96j7rG9VPs`sZerwT0E%-lH8Cg*`lViViN2g1C za?SA9dGtef;i*dpL-sVz?+9RLSh)Rcuc7CPoeDoJRzG>)yw-De`TAz1JthK^{#(zx z&3#YVr`MD#Zi98S=-mGF?m4Zz6DM@|CmD!!I+rr8Nfz2&75ped^g_&$s(W8n6`J{< zSk0I*_xJv3Uk~kfT^*?rcl0mEgWBe;O=>w8b*07bFMedSJC*r%;?C3VcORx(Y`S=3 z$EvEo!P#%B+*J27$80kCEg!OKid9LeCh?t#nUR5UaburBW4D1kFf?VA zStJa^8bqGd#$Sw?+Qy;7x^7?Tw$$Y}V^^esqg|GdMT|ux$8b8MslvV6rcb#tBO*Ie z&M2PqGT;O0=VxU6&%y#sNNfh;Aie^NfB~NY4;xoPn+IbmP~3pgfFC3w3{uEyzzn1y z0xD2}21a(|C<7)yV3aX3l!$0{PmT#)X?KL9BmKws6R{=c*ORAd3av_eb&%`4yy1G| z)$5Lh2qxVq)c9#5o^e<2PF~jC*UXdOZdp{F`}Rzfzntldop-P4@A`SI>z;Z?-f!{S ziuUzuKF*X;P;aOVG)()h^-!ho`G+Z+OcuLV*WMQ?ofB}DXQ%i@lXZUYu5D;u_*7xn z|JKd#t)1S8ZabN-V9ZgFrSDTKsrT|ku;11!=T`JCHFyUElV_WPcqrQayN2cf!ZZM5v0st^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..c57e9e4a5bdd40e5fc9aab879d69e001a40f52b5 GIT binary patch literal 952 zcmXqLV%}oV#589CGZP~d6CB(+$<$iUFhP{}|6q<~pivM9B%G_xqxwW1&=GdZ&) zARkConkzUv8pw(B8X6cF0-=Smfq_AkIIppRp^-6+YY;)Aof-ye5If~@*jZef&Dr?uz4I7+h zb^J2xe0?yp@n%48T#WFd>#pTmk^3U&J&_cezP>D(Tfp<;1L?rkf7`B}FXhUfWO(WI z9$|Xz4)H-9z6TW zyr}=kyL%@d-Y#M1)_$rnRe5q^fxhJ|z8~oy772Zue3hMvnUR5UaburBW4D1kFid5Y zStJa^8bopor!$%=+`Dc1lq)kLvLoe;;yEvHN|5Da5n~Z~9;4b_48r5-#2t zBJ%%eeSo;^g)IVH>(`X9EQw?mF-X#r=A5zA)8Y0G|7+sk-`|e3s12-ePu;ugm(7wj zN@t~h{yltT_2=rX+4)yHlBOQ`Dro=YrWA{!cfy8O_crgCaK-3_b#(de^~p`TA{;); z-1fZwGx^%LqDvF5>92omKCdx;V^5sve$(m6QlD@8mClpx7LM6=jH!|Du>B$y-U};( z#cVq~o~M+tMW0hv`q=CIKxn#r;N9drr+fiFndmYH&K9F%c2W{^CR(367A_`zK}w!0 eTKJIp#FEFFRWlseg#G=3ufM;yc-5Jm2~GedqGoyk literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt b/pki/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt new file mode 100644 index 0000000000000000000000000000000000000000..343efa5ec2d0aa5aa4d9410cd6c1f5467b54a0b6 GIT binary patch literal 964 zcmXqLVm@Hd#I#}oGZP~d6CB(+$<$iUFhP{TkCq<~piz9_Y@G_xqxwW1&=GdZ&) zARkConky8SCOJC>xf&VBiSrs77#ISfg|UHwL6kVJv4NqHF^p>vN21Mo209R%RdL%4 zvpmSv#Gr{$3E8uZtPIRejQk8haW1ANMn;AWi$1Sx#FS1lczVHoFnz)3yb9B#?%Jg;~H}o zrQJ?QslLoqYG#v@9mTHs?t@5rRpMpF>taWHZf!gqz3fDv@t%~LsObkT9Te#bV*Pi_ zsle;1pWl6+8~ZhF59;eQ&*ayUi3nIN^tbz>!UkQKi;A_XjHq-%Zz#Td$FJ=y7h^o`bT!rr&2CSFc>b(~_|K z*Y|(rdsZBtdf-szly$}r^zZF0e7=6_vL`R@Z&(+v8B(bKzM6@dk%4h>W1m4|w}Ct` zWM!3EBn-qFM4rc}_SLQODQ~Vm{3`R>@kJ&NO(MamLY9w3j722xe=kRO+P~RLtAD2$ zr@msI>M>=80Ut;|KO^IR78YPSV>1v3@fBDE4EPLq*tinfJQ!1f;s%Tc{2&QokU~}i zW*`L-P=N|GFtQ*=88CeUql}S(P3VjBU$6T=a>^IaeQCHP>*b8c8zR``tz4=LnHsxd zpX)5T#&^x#GiHm9!%LPWyXu>#JieIpEote`Z7f^YAAeH#f&2PnwRgXE1vtcB)c>G6 z^RB`C>wSM-X2rjFrM-AXqe|qosP`Tbu7~TKKTpWE@ZVt6FuTd(v)Dw9SK6FWTWmNE z9+a5%;q)BKQ%18gCPbhA;Fz+#=1B52j&dFsm*jtwbzjVWHmCi{GI8OpyG!_fXB(+$<$iUFhP|rXIq<~piwJ5c)G_xqxwW1&=GdZ&) zARkConky8SCIOMNW00#+kgJJ-oH(zcfq@|qS{NG`7(|Kl8XFiI8N;{+i6q)@XrK?V zUjwiG$WCZtR6_POBP#=Q6C*!^K@%evQxhX2!|oMP6He$(xzO-yLuUljpFK&nQ{P!f zc-X!Dz_+BphjI34$&PikhTY$7ZEn;pjXB1d7N5WUuZ0|kzu?BW$dC2j#}=MnU_EK} zB=#RWwr&4BSz*R1{hbL`#{9hh)J=o9Z&bgVS6lUv@4?o>DRT^UADoDjT~xYF&FI`h zwlzz(Udey7EP55U!^zb$o5b!+OU_N_<(rpyQ_Eq7$9e5zi>FNU;9R1#^-Hak(ZVy#_tc*Mc*^^1s&m@R z;spNlHv3doJ2;BnXZk1}>p4m1YO`HiMNo;nn(J@-r1+0flMLFKm>C%u7uOh68OQ^J zR#urs!a%G+B=3JOM|ax4*-NW`rx>TcVxHv4~Xb1ST4au3e*(y>g$m zwS?59RrM|gd?5Y&jEw(TSb)im%|IN)S6~q^;4|Q1<4S1rU`z#y8!#I1gCvAO3Rw-9 zffRE508=F}ei#|%%;d>0&i%Y`Uf9NkySlC$hGh%#K5C7!l=ERZbm-ZfH&2chDRJJq zZMNaSbN@N(mNFKa)tZM1#P!P0$>5zhrD;icZLWj$zWbf}(gMF~wktFK&#iU)-22fe z#rZ(p&Y;dxXWigi7X%CbC2wys=rs#^^Z84Ln6zY8u;|>Ms>`;!O(f)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG+4nmz-Zzl$s1w738DfSzKJ2TBP8Y zn42ojYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wb8M4YO5(Z)oB7#MqOk-KD@_8w+ zvpZ`1ol?LcQ)s{iQXs;@jOk+LCPqevCYAs1_LVJS{;#x5v*A`4>%;#_*HYf;g-7nP zYzbO>{np1-Gm3baTG~1k>#Uvz99ojRP3Q3R@UVK0=d0DYrQrI!+Rd@#Vq2;S z%a3AT?wPZ4j-TJD8pX!obCxYQxk5qb*01A%yGtw6ene&bT7Tc$@?hA(Rv8W5<#Ug! z6ePtSFV{72Jvr&oDIwuixf}P|7@dp1;(Fi)+x)eWmdoGHap1ir+_LW6#NH{_i?{3- zTKrFJk#}%j=+i|P~r%?a^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BadCRLSignatureCACRL.crl b/pki/testdata/nist-pkits/crls/BadCRLSignatureCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..7b801c20c3d4dc30220f104668b3e1612f02fb95 GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG*)bn4;huQ zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbc3EW>2?MbP5yNiN-gz#G1|s*KbL)vn zdZ^s~xz~UTq(Fp)8Pl=MO^l3;Ikq396;JgjzbsZuGylHi#G%@CIh+Db`IW(Y%Q(6> zTy|T>XV}yE?106#vwAE`wrQWeU3KT#=8qn)=0zQjZ;UD6__Utw-}?u@xt(NA-FUNN zZk*H1o27Y*Mzj9g ztDibQFuwVYd$m!KNTC#CDI@dTKlj!w`ys@*=E#X#O;O?oWt-<2KRm+ofz{%nLtDbi zUltF=ILd?*S6%z|QBvo#R){0t=B;hrm%moz3$C5i*A*Rc?7pS^2V0Ae0-YTWrW;;g i@zyFi{pWdlV8#4}%AN|7w%2~X?2+dnP#7|M#XkV$F|B+6 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BadSignedCACRL.crl b/pki/testdata/nist-pkits/crls/BadSignedCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f7d0c8030a775c01d0d81fb12b638dec12fa39ac GIT binary patch literal 452 zcmXqLVmx5bxRQyH(SVnYQ>)FR?K>|cBR4C9ftw+>0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*AAOcdrEX?ban4%DznVy%LqTuW(&TD93U1opgvh;76}8f29fH!0@hv+PTX~A_3N;S>OMPDY4Uml zE|3Bd7G_LWGB+_YGC1UZnepi7s%(biFJk2;+LO=HlNLN%_Tbe27`@!r9+Mk*Cv14tworso zI$f)86Z?6`mZC4t^O}!bDPG9GE-cY+TXB7+!VL57mpQ@blkUy$ty~cPOYOi}gYE2| zoXqFaldQ$Wd3ZNG^YCA9`lVRx%(AplH5HYOmpYrjxJhXBs)kD*v}#BRF7^ud+%I>3 zCG!a{cdm2gm;W9&=B~SN>%qDuJ#7z9zU>tEICqo1V+pI9$CM+@0?d_0_wFysuZ-lY bEDLAsF3Oy->zz>1sqP<-zoc0erz{2lO{1zK literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BadnotAfterDateCACRL.crl b/pki/testdata/nist-pkits/crls/BadnotAfterDateCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..21f7c815e5fa241f479e69173ece196cca600829 GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG*)bn4*xEU*ecnl3JwT0#u>k>?qD_ zXkcIngcimI1_n{$yv7EGM#eDi0(}Er19_l!S!EUp1F;4X9lpQc-`RX#lJ@2~>->(* zkIt94-7w$+DG*^{#&j%m6C)!-OyWGf0)|xiWhHT!e3;U;<5w4+aoZ3zW69Y+x0XGL zyV&6UqVbuo)U;o}9BbwBJ$d_CwjNdCj|-cW+#@kh{HoCQ`OKTX9KBZEZ!lrW)r`U# zt0VtJH|>>uJ7??mkLTt+ex;^zKYq~_rRn@@R@W}RuA)3wjw|?Sq0zZDO=rVyRxXR0 za{lKRgXr5!7z;NaWKLt? iS%)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG+7jn4*xEU*eRSmS2>r-~v>l;Or>Q zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2WbepzJ}2?MbPkz~6)QuBT<{1mxR-+Su6 zXZON(v^f}XffR_aFk`xwxrvdHVa~nw`*UY->xq0$jy?aPbwW?DZsdlJ6I(8dCav7_ z$h7EE;aBN zaJzi@LGY%#!b#U$j&g}dhVOK`Gda7R*L~~e&nKj=i+`8ad@#?@K`udTtsjTgoJ6hP zW+G3vp82-%>IUDyydj#Fvyvx$zi23&ellHF6ndx=!oLk!;*RTdv*|Gq>Evr?d znG>(GUXa>rb5(V9#0`$Ob2?fhIM*sy+xK*z*17ugq-!XzA~Q$t=g7VY_pgE{|LKJ( js;t)8W6N(oGg8yfY?`~o(Y1&44~6Q_lyvv|Rb~nRkU^{e literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl b/pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..4adc345354ca3ec70a537778bb2e01edb39c5d37 GIT binary patch literal 511 zcmXqLV*G8;_=Jg((SVnYQ>)FR?K>|cBR4C9L98LS0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTwpbb*MEUe;`Se%)x5S*Hmrt4W;T$-Aq;2h+m z5S*EwmzkHY;GJ5j;Or>QYiM9#2!s~K1_lOE;=INNhDOFPu7Q$)0uv)Mnj!-p11_Ky zvZ5@^T#Sqh^bK?ky(q zVq|0x?y&znL;Os$t#4}~V@*Qwp$%C-bHnO3h-l`Wp7Y^IO7XNw;XPC5Y)h(3kLnK# z`mcSgFZ!9-FZb@}<{YMO?8mf<9Cp`5@0urKv3~Ug#)fs&V4Nt{R7Qs3v~c}-Nf9d-Y6*SwIO)!QsI^E_V962AHLN5{{8Q@P$1w}0`!?1`7I z+A(p%hbs;@ZuNaQvL|RI!^@pBr(Tzx`23FgL}9h}+DG3=t{@Le;oh^rN6%b literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl b/pki/testdata/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f687137caf9926dbeb04c7b4608c4dddaffcace0 GIT binary patch literal 618 zcmXqLVoEb;V)SETWHjJqlsK=kfuWHxjJu$5k3r*319_l%%;wL^C>Q5j_}o+-&`i@2pcqZf>g*bGX7_&H>h1uy`XYQxj`w34tF(h zhB({?#mPVqD!2qFq~#YW5aS^OE|611SeP+`lDUbIkwJawQ9sv@|3wYoaK+~IeLS(} zi*VUyj`vkzTqoQeG7&PPO7053J0#YKlmm7*k*@o%jd6b=jME0<-}N< ze@ml8=iJoPclw1FP9)0&h);_}(x_+BSdrcE?+#o3eW5>=3CF zow#JdzniStA#1sU7SAsECt=~?@yj{thFeg|j``Qs`did()vJW(-TkFg(z-8WC4&NQ wd-wN0QRdsvDOV*pjo;4p)_8nSJd4>70O@?*D*ylh literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl b/pki/testdata/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..5a098acdf4d13d25cb3301356d0ac94bd0a2430f GIT binary patch literal 503 zcmXqLV*G5-c!!CR(SVnYQ>)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG*-cSe%)x5S*Hmrt4W;T$-Aq;Fnsi z;GJ5j;Or>QYiM9#2!s~K1_lOE;=INNhDOFPu7Q$)0uv)Mnj!-p11_M^vZ5@^T#Sqh z^bK?kEV;V|t9aiII_^K(E^Q z>*1>j+kdWaQ;(}sdV1^SvziH8R2FowKA#pB%aoXxT&VS?MMtuv#OK+IoR1<*rjjR> zb`(3N(=o4Yjs$D^Ll6PgsX7v%+QsJYpmaN@hTGi%X_Sx)(t zj;&Yk8!J^v@7MhLrRR69y_#wO@A0H9!7G{WJb19^zci!tpZEMuJpRi$=lr}pE$Hh1 LmtnUJ3Vr|pe;T?G literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl b/pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f5783829b673c636e5d05ee48c20188f172e054a GIT binary patch literal 503 zcmXqLV*G5-c!!CR(SVnYQ>)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG*-cSe%)x5S*Hmrt4W;T$-Aq;GdJC z;GJ5j;Or>QYiM9#2!s~K1_lOE;=INNhDOFPu7Q$)0uv((nj!-p11_M^vZ5@^T#Sqh z^bK?kFxh~rGI&-E=-My`Iqiq<(f>_P-16euL=QD0v@bgTIScicy&#^t{owVkB_c!?6 zXmcZEc4g4)U6;@Iol`oKZy;Rp!OqWZX7Z`URyWfNRlAm#epyr6`fd}4<@qILRs3Dc zUai^mUvkZoeb?{inef|HO}&$M$B>Dq>o9}H-Fff*1qI$^o@#dZ=#_hHW`&xqV}1R; zgZuVvZU0f@GTFf1`*zVHGa=ot-g~=ev)<)n%m`k!r0SV$+wnEOdFu9G`yI1&FS``) z)Z}ef`zC!!k`Z5MaWl2-+LVo7r*E#S`8!8``YL`NR$d7YH?cLn+H-P!&WTpZ+`ZYj J=Fx_2#sEFhv4H>p literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl b/pki/testdata/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f29c23f04719cda5f694b8b122500e815f0b9868 GIT binary patch literal 602 zcmXqLVhS^8VzgsoWHjJqlsK=kfuWHxjJu$5i$UW?19_l9vdSzH24W2&cX>;D zgENGVoECLBAkroxX0UMIdV|JBkO~<_#{Vqk2Biy%7ZfhZH^?Q?!L|n05C@weI~C+H z1(yJYwEQ9kd>%320y#m1g&8yGn41_G84fIH=-6g$QXBDpw#h+Jf9JblrGKZ~S**a> znP#`(uOgGSzGW&`ecZW--)~fxal9}s8PqWvk{NU>NbcH(otIz7}8_$1S@1t-x;feg_+tXVU|8Z};VEbM##@6ZD zm1h3?)8{(ASgX!Cai-)FpB$-=HS@TWm%kMXN|6E|BY8cVGZ;K)J`L(j`0L$&w?Z5MpFPx@ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/DSACACRL.crl b/pki/testdata/nist-pkits/crls/DSACACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..369b5976278e6f4c8e75dca4c8ce7410079b7520 GIT binary patch literal 225 zcmXqLyl2ojkBO1dfRl|~tIgw_1q-u*y&*S{%N)wWCd?EXY$$Ia3*vAIi-n{Xmnb-= z7L{bCWhN(lsK=kfuWHxjJrVJK-WMXXo{>di-dt#gGg%Q`~s_k>x2`U- UJ>wX;QuAI)#l@2a+eN1U0IZTmX#fBK literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl b/pki/testdata/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..31360af09e88c77e1bad459eed0abf294b94b279 GIT binary patch literal 472 zcmXqLV!UF|xR;5M(SVnYQ>)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG+MynwMIXS(Ta+l9`*T;2h+mke6Cf z5?YV~RIK3aD9&qWU|VSaT<{MzC=HXk3;YEN@bBhG0R|7vVMEUO4+u3CGy=acsv z{ZcjW>f{CM8`eiGoh_%ob5g*Pr-vLT+SPfA1qkh6@Qs;}jJ-PU>JM)6qTiAarPtw2m_j}(p z4X%TZfHYwgTF1~%UL!*19#_0?x6W<@xWA{{D6%!LizhFULE>%IOl>a!%0O0<01etZ>oL( literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/GoodCACRL.crl b/pki/testdata/nist-pkits/crls/GoodCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..d46110c5cf0fda6490ae6ca601c45d1aa423be0a GIT binary patch literal 516 zcmXqLVq!38e96SfXu!+HsnzDu_MMlJk(-slz`>B)fRl|ml!Z;0DKywn-ar<_;Sv@L zNi8l>a84~M$xO>kPAo|+RxmO!G&B@2-~%aO7G`(P&reZsb`<9|G%zp(LJMO91A{1W zUSk78BV!oXz{Nm;iIERYkpYhZ7tj=0Q5I${pp$?q_)%0CMxm-$pl_gSAP>@^%pzeR z)*uqW*rFo6M>}YWm+ex4B9Xwa>#a^gj1*yE#`Gm~6C)#o?ViuvU7CkKgwd9(Y- zw_dNy-ND^9HD2>}I<8^GX$n{)X;T*G)_e(^q@q`fM4~(Y0*8leQ}* ytW__)zac$d$H_T;%h&e;0dmiI_OyD>UVYy*=*Upa|+Zu0On@P2$b%mo1Fm9J_5 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/GoodsubCACRL.crl b/pki/testdata/nist-pkits/crls/GoodsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..199966e4f618159cdf757bf1e5d5e4a95262ca4e GIT binary patch literal 449 zcmXqLV%%%cxQvOB(SVnYQ>)FR?K>|cBR4C9fwLjE0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*GAP7>xEX?JepP!;oT$<$UD9&qWU|5Da&Y!Zg z^XD60kqg(SN&RK6YID1mb8+>AJ9~E8e(F84cJ_h~48@tAnd{|^r2f1*JZ<(Vy913+ z-!Gs3=E5wylk4O@F3e_^|1&v*e^1K$C(N_5^VjNx=!Cr7Ve6uDg*jzfev?x0=4aCH z(^y^xmMu#Dke#41^~b$4qQ&n2_qhk<@!M?7ezJq(KZjqV+-woud;ez&mvV)&Gd7xi YF0$~d$>F=&(KUPHD;1UASGVr~0N7-vhyVZp literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl b/pki/testdata/nist-pkits/crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..7364f4da3ba8430579714278f34351bb3af75273 GIT binary patch literal 473 zcmXqLV!Ue5xQ~gE(SVnYQ>)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUe_7pP!;oT$<$Us1T5tR~e9>lbKwp z;G0-bkeQdRU|5oGB+hGSU|u`jz+d{C9JH^`g^WJ#7F4~%S&S7f9``L3cPus1K&{|)*Wy6273l)~vuTOn*{>tWx`i?&*YSbpo zPuV~1(xSNwHrGm|^~pcmAt?6Y=$XCJ31^NM_MZ*ewOr;`-G^KK8!pJ6%&hGxYTRU%6)ylSQ-1B?twuryRW-Sx; zEd0Ztx(N literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/LongSerialNumberCACRL.crl b/pki/testdata/nist-pkits/crls/LongSerialNumberCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..9998cc473001418c164acbd78af6b6e911ca9b8d GIT binary patch literal 515 zcmXqLV*GE=_=1U%(SVnYQ>)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG+7ipO>x>oLZEbn4{oVnwykbq~Po* z&TD93U(^+AWf2Pc=IH*-~VV*rmzqo*i-f(tlxZhm^0`z1<6%4o&(|FH~{E<5cIN zxl!M0eyQ-8Sj5bzIkD-JXAz&im+PF1dWVwPwM#ds|5^JA>6338CLdeBL4LxLk16KCs;4K$ygQoixaNw9G~0p_j*8t;c6Z;e&7N8xbwxOJ z$?W$5CQ_eXrOjEs`&Sr`icOt|-kxRWpHEoluwnVUmj-j9t)FR?K>|cBR4C9frlZt0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*5AO=#vEX?nlSWu9em#$z~l5eEo>?qD_XkcIn zgcimI1_n{$yv7EGM#eDi0(}Er19_lMS!EWW5e*_Uk5*)!wlyw0G;@v1(+zz8c7C~i z+<*(DK!k-E)1AysjEoF22EIu_^TKvtSm<9+vLlT@qvO|P*9jL&tUq|h_SGJme^@kr z!D$U6;b^8+HGDQFy4+vyJ+BqMzJ5kd{^^VDGk4qE65aTEc3Xt)fr)3=d`XPlohEkT z=d*pYTEpBYB!qqpnfPIm#5I9uHC~)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG+4pSWu9em#*Mel%K1Rm{%E)pOcwf zso?A=&TD93U1opc%5tED{D{4I&xEA`iGt&KEh{ znlkO0=<2E^`FcGDTp$G^EXJ zvm5K1cZ=qPyt-$2JU?ea^X#X|OwUVi-(Ru&!W7Y|>bE|BXq{IVy{vkX%#}s`0+op? zqP(9b|C#cq{KrbU3D%+vK3V_kZ*O0ATRP0ZOGx0?Oa60vE0kD*i!HDDtysNI`A_}2 z(odFJ7E7DzU7w5ONA8VWnrt23<)GLx)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG+JuSWu9em#z?!uaKBm8IYfonOv#h z>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&B06s;f0UCd5S`Mk zJ9*2DOWRpF));Vs6o{}eW4f2QiII_kr*!J<+8zzwJKB?M<*w{_zvo9s>;|91(!H&P zTXoo0WgD}ym-IaT*Wo-`9f?^DWu4t?!&s{o1+o z`2I7ZD`K}U4Dt`JVQ|qp#*kddw`f)%|28Jyyr!(e%|Z9S)E`~F$KvR-)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG+GtSzMf%m#&bMSe%*coS#=*Qk0mP zS5mCt>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&24QINqv* zd5_(cgB$&hFa0HOT=G&f!@ltM0%t61pVZc$coy|e_~j{Xv9{RM@}-YbGQ;B!|JpoJ z?*H8^&TDL7Xk-lI zF3>m7HIN5tl~rbuFc51H+3(feINP^J#IPs&<(a$sFDius0}Qx83Pf0#G5yTk#K_1X zX_R@yXn_dJ(>CuLYbRX%xBY#-b=O8-rAKj5v;P_$y}of;y!rnt70*8?-h9Y#gz0$T zJi!ff89s1Lkny-P^BZGy;cD&B4{;w?dQ4f`Qt*nm@sh@lH9#R`w#z72f;*>=)4k@GXd4~y+I*d#n* Q)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG+4lnx0saS(d60oLZEbn4{oVnwykb zq~Po*&TD93UFh%IL|4i z?bS#SS$n5Br_Uj0saptg|UfEuSw^#joN))~r z+sRlges|sUxtEo_``+JgnVP1)bGgEmuq5l=${$(=Szo&ny+3OPxLIG4kj&UW-FMIW zZTjZPC(p0i>T$j_upsZ4PJvqD-aFFl|34dhe~R*JH=bhD^1=Mc9oOtLQ(I>&R=<^z z%z_`)? literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/NoPoliciesCACRL.crl b/pki/testdata/nist-pkits/crls/NoPoliciesCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..376e255f29de70f6634ede23fa36b857d05f0b27 GIT binary patch literal 453 zcmXqLVmxTjxQdC9(SVnYQ>)FR?K>|cBR4C9fx98M0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*IAPQ2zEX?PZuMm)*lbM_elyY_y=QT7iFa$yi zV*>+&C~;n614AQY79-|Tykhl9 zk{?ra7p1M$6j;|=y@==Ocd4T{yze#~nRIxWp{w7SoWpA3nc>`zq&<)4GGxdGN*)vc zu-z(cMM>KAnEvgJ&X$Rq{wq>m@W?KHcfo=C$?@%nmLFT|tNSGP>(Q6zuKo{*Z+!G_ z+o`}8t5;lou;^)&x1cn)i})S;TN)Gg`x~FXyUB~`NBW1^EJx(y_dZ&^WU)q{kV_z$gUFoaPBZmR$l4R&9bxdR^M3Cvptn7;hls}XXEkZ70-87?|!pu c`Zk^vw|zWns+&CimL1C3`N1>ydfBNm0HMXLi~s-t literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/NoissuingDistributionPointCACRL.crl b/pki/testdata/nist-pkits/crls/NoissuingDistributionPointCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..c9d965a23c7c989752bd7182386d060c15cbae2c GIT binary patch literal 469 zcmXqLV!UY3xQmIA(SVnYQ>)FR?K>|cBR4C9LAW8e0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTzpbApJEiC7kuaH?>T$-7e?vhztQk0ogT9TQc z7m%Ns2h`^%&TD93U1oph2?AED{D{4I-OQhwRUq z`)B@fL%vBo%iXhQGR!wL-~uTSVPVE}HggjrBg3lFhy6ltIDf`_B)w1awenuT|NZ5W z9nsM%3(o(v6LFLNW;?Iu?!Sl49!JXKFQu*NJ+>|7)zJF=#Axbk()o@4aC>7l~d*H%T&+oS{H=IBFd>y+}>M<1&0l_PL tR?FX3oqJ>XL}J473dR#_eM7Bv1P}O4u-tDP@WA`QTH!M(H7hT^0swUYwa@?n literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/OldCRLnextUpdateCACRL.crl b/pki/testdata/nist-pkits/crls/OldCRLnextUpdateCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..552b999a56d3736c3c29c4bc2314436331f12613 GIT binary patch literal 460 zcmXqLVmx8cxRHsG(SVnYQ>)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG+7ulcL}pQ zYiM9#2!s~K1_lOEP_7Y_yFlMS*FYYqUsjn#!a%G+QP#_b#8%Yxu=o zNKi2SaMPo-_!$hAMe7Bxk;R-!8i$cY(0kdk@xa(T%Z|r}NIukvkSRzpAq5!5qE# z8x8_}k25Cr)FR?K>|cBR4C9fsY}#0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*7AO%vuEG!&gXr$nqSWu9em#$z~l5ecw>?qD_ zXkcIngcimI1_n{$yv7EGM#eDi0(}Er19_lsS!EUp1F;5?KVNzijg1;=YE9ek#RvV) z{3v@+$bbu^K!k-E)2+-+jEoGXt>Sm~glI3H#r69CZB7o`T8+5Yg`fNc<3wItobP+* z`@ikGzm$xg!cy178z-gOdtQ3)VO})ZbH%ddBJGT;9CFVr^{a9}bVO5K!I5KD!S6|x zBJ-z;WXu;_^Z%}q+OEBu=ewBCl9Yd--ZIzPJyYw-M{k3aD#O0U2Yftfou4kpAGFD1 zshg4>o%f|m?3aieNAcW>JvE)LXWM9gHM|^7JiAfI!OQ;n z2j6X10uOD@eQQ~eyywlYmgZhZP3NZFTerV+x}?>Sxh?FNsr5<8$j${np9%-fjL~b9 g)O(=PdCV!9e}?TT?ev#>=j>)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG!maXr$nqSWu9em#$z~l5ea~T$<$UD9&qW zU|VX+2afSaJ&O+JU%ll1jRS!x##73kFA_d)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG!vdXr$nqSWu9em#$z~l5ea~T$%(# z&W_@|h6V&TDL7Xk-lIF3>m7HIN6IA*;+HVIbBZ!Vqg|$NzMdR-Ep) zbs1V~jc41=E;ir-DG*^{#&j`r6C)#o)M`Dh=xz32^PY0ubMd`DTcEmVtr&+`6|ax= zh7_mU^Uex<&oVOLc@SNd)ilH7&*7H4Q*17GxMpUqQ+epMw9tsx@Mg>hwoB*EarDl9 zaN|s#>%nEOAFck_{&dTed1}7JrQG+P#>a2pH`yb3=8ClfkG9-!dp)^p`gWlj&cNHB zd}Z~TlFvOYIU`pyuRtjyfbr<8g+@;tlpB~mzujd%@aNPIA%4EPUv?R%%6%S|&pOb` z^Gr;F&0Ccr<5VlbO% m^qwa|UhIoX+L0>@OFeQQD6V@dYrcEIF}9Z97k^66&j0`(c&bYP literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/P1Mapping1to234CACRL.crl b/pki/testdata/nist-pkits/crls/P1Mapping1to234CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..823347c2c005b5cafb345c3214efb28d0c51d4f0 GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG!aWsNkDeP>`9Iu3%V_Z)9wu;Or>Q zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbc3EW>2?MbPk*VB_D?KY#mEEf6 z6<>0PUD0=5xoO3+?2_ba2X&Pak=Caxr+r+#{Mlcjc#&Wyg9p3vpKTl(6esJQ2Qjz%7yWNp#7>GUtHNm7fq zCVF$8|6E@_L1ai8bS#3H427suw0tmJeSW zeV}22yQrWE*JiF|il$nJ<$ukQXs^GQT(57H!M0B*R9Ld*jET`yF;Bw{)iLT>I|?(k im_r5MEj+&JKy}Ekvj@(^xVskI-v8H7#$ok@8`lARdZv2- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/P1Mapping1to234subCACRL.crl b/pki/testdata/nist-pkits/crls/P1Mapping1to234subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..62829b6a172cdc1e2da0f2273b2fc4ea0438e971 GIT binary patch literal 462 zcmXqLVmxKgxS5HO(SVnYQ>)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG!;isNkDeP>`9Iu3%V_Z)9wuP+Xei z>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&%;Ha{GW^xDtXO~A z?VH1lR4%5syA8NN3Pf0#G2P4D#K_2SC@9}=tN!bd)SoXGX1ZPP>T$FQS#*xGNUqR5 z>ggLJdA?byQXwq~3A>FKC$BX!KCy~My5G{f^?J8{D)Zjczpi!0n|~aM z-eOIg)o)!rxZLUaY1LWlW#eyLna48ijl+r!AHSa7tidz)K8NSNdCUQ9n&0A&r8hnJ zY$g|HueoXNerfB#lpj5|VvE9xtY*Ca6aMhu1FjVL%VFL&{o7nj9$dZ^D)VGb8t-N% z8CT7v_uNiOUDud#*Wj>-_ScXjufA&M&WjFAV9O~z>oNJON8J2xm!77+trK-ym7Dc= mJ!{|QtK9F8vNa~}D7D;rCfDp$dBMhCVR;h&{?+Zy-Uk3ah_E04 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/P1anyPolicyMapping1to2CACRL.crl b/pki/testdata/nist-pkits/crls/P1anyPolicyMapping1to2CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..5391d2d9e83ad0b650a01c44dac2d647269d5b75 GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG!*hn3z`?ke`#8T&dujSWu9em#$z~ zl5eEo>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&@=O{UMtxo_ zKX!CGevGYtp&FFkX21nfAi~0o>1O68Mn(oU(VW>_N3AcJ{`{$&GuhhmOXdf$v!W6u zMq>Xb>vc7^S|zhuq#}8f$uXjoQ&wlR>vDcPn zHIJ><;9tAKsCVuTrPuPU%1`~5{1v;AUvoEa{jQ_?#Pqyt4Rk+8tUbF;HB4!Lz})FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG!j}m{%E)pOcwfso`9Iu3%V_ zZ=~StD9&qWU|%Bhd2&t#*QatX zo4nMduJDyRv{HWUVhDJ8de6cKkIR-GcCWKKeBg1Nmygh?%`*b8MIGt!YPrC=^Oe<% z+zZR9bZcX`&5}I#aE;jO4C~ev>??A&mGv`xG*1>-(LDKC=jM8ysk%N_HSY9omOdAv zrBeN7*8Kc9qu|Z^*G5(y66TqivTn(dQ#MjAr2<=jC+=@Kcw{an7G_4g z5xTVV;g(%7|2A%nvDmHr`k=N;!{-Be+ayn`gqm&k>|!tySY!ERWu+wZy&BGaGq~)I qPxzZT;n45N%sHhNoF~rPn_YjVCBw$^eT~~@nY~V`o8+hMOauVTxw0<+ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP1234CACRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP1234CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..7cee15b532b5fa2b1abc113d1a6f9c17e9991eb4 GIT binary patch literal 456 zcmXqLVmxBdxR!~L(SVnYQ>)FR?K>|cBR4C9ftMk-0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*9AOTXqEG!t1pOcxK2^0@7G%_|(aCQ{uH8e0V z1VRgA0|SF7ab9BspbU(=K;J;uKpv=9R+&Y@K&(OJ+uxNvYC2oaU%UMJirm^sS+cuT z0t~o73Pf0#F1En}`|8uGzjy0JW0FMX#+Ro|mF7*_r%s|;f5E%1H* ddd3GHslD@xC)7#!&rY4Eb2BvG%+%Q80RYtas4f5i literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP1234subCAP123CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP1234subCAP123CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..a0fd524128c5c9db94c0dde57dfaa090bd36b041 GIT binary patch literal 463 zcmXqLVmxioxP^(4(SVnYQ>)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG!X_pOcxK2^0@7G%_|(C@xKMb_6lS zc?}H=41v(X*ucObN}Si&04NIMF3>m71sfr&%pzeR)*!NTRY2o1leEB$xlZpiJF?!$ zoT&M3zy-8JR)mEa)4|M5jEoGmvFlD0%x_YCeaLq!iW({>gZu zh2e&SYq#wes21x^-gQ6u&|bB7Zy)C?%xaAAJjD2cNjN~GF8yZRVcC0)JWkxV3;I}c z&+30Yb)Mr^(O#|uvlp5XZwQBJmz!zkrnMz%*K52 z&Theci9ZwcMG{iZDee_hxZL6%q5Y$X@46g|V{>7W|E+UOERU3$&0Qu%x~jhYzKf@f zN$9=Q$Mfgr^qqD7ICayKNnVV7S1ltwOZEp}>R{V%we(}0@$74_dx8$W+q&K7d5~3@ gi^|+XEgE;tEiIXvxf4asv6;_$x7OC|j4c;C0CCZ$n*aa+ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP1234subsubCAP123P12CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP1234subsubCAP123P12CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..3759346c7c8aec011a62e994dca3153ec3e770d2 GIT binary patch literal 469 zcmXqLV!UY3xQmIA(SVnYQ>)FR?K>|cBR4C9LAW8e0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTzpbApJEG!q0pOcxK2^0@7G%_|(C@xI`B4zr%X>{p)tjJ(4xm!a4Q9qAAOZbUsYD-gbn$c4g*I)hj}#yo&j`+M&n%kN9Z4 z>5u)!yJxLR_Yv?vk2=V`(8iE&#tL{=6*&ws@f^t{E_+$n2b`78jQ+qEqK literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP123CACRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP123CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..24b15c090c3eb35a3cd93b3d1e3ea007818b957f GIT binary patch literal 455 zcmXqLVmxfnxQ2<5(SVnYQ>)FR?K>|cBR4C9fu|w20Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*DAP!Q%EG!U^pOcxK2^0@7G%{9jb`<9|G%zp( zLJMO91A{1WUSk8G1dO{t-$2(u9;j7TnMJ}ttU;tlgXO}I|x$6Vg8gWFjKf33$ z&f>z(>(4~ie^36-;Mq`mq2+B};~lxs+qxCsE?0X@oF3*T{qW6yk)P}LD0k;6w%zy? z*TAWM!OWD4d;1>d2M_!-S=qC;N!;$qoEt8-UUg%wZoA}drN}?4OM`{{tt97kb=>p0 z7WVCG|NWqrqShHLJS(JUrlc^ft<2p#an~%*3))xCaujr?v;MfM7kv18?9=)wy>~WG cDmmQud|^4qTi)lQPb^ASd!BQ)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG!m~pOcxK2^0@7G%{8wE=_WF1hT|=4Gjzo zfzZO(z`!6%oY&X@C=KH-&^OREkO$fztIQ%{Al4vqj^WndRg)cl99U4f_F%<1+3V`x z<{5B-6o{}eV>*|)iII`PA&%$D({2{V(5Dlfi=A~`+3yPn$$rrOr0pZNH^HD^B2(|) z%4S`~nfFThUR>cV$=r4PWu0pGe-WPjyBFVQ@;zR1!?u0hcRRS@~Z+7tK_u zs!?tXI_I9aCZ@Y**{pCGv96|1jxHb8o7As1n{vfx$&VE)&n!)RyjNvMw@-oP)eBG0 d**yxpT3~)k+&k4*%IJ>l?V~fV_Nkrt0ssy*uk`=` literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP12P1CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP12P1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..2529aeccb1c06b0959ddb8c12ef82b2efa8a8186 GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG!+6pOcxK2^0@7G%{8wE=>X=XGb6> zz)+mm(7?bD2rY~a3=E>gd5sN#YGB+2`UbiN@<3B$m02VV#2Q4NNZYw>e|BQ!jkgz# z>scRuj1^KjWWWVdAi~0o>1O68Mn;A--mKQg`YxHW{|vHASBcFP`_kdvpU&^mKhx^r z^bS?ep300<8j+{j4s0>#I3IL;5u_^!n literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP2P2CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP123subsubCAP2P2CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f49e81b193f6b814f7a3909b9984ef033a833f26 GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG!+6pOcxK2^0@7G%{8wE=>X=XGb6> zz(}0e(7?bD2rY~a3=E>gd5sN#YGB+2`UbiN@<3B$m02VV#2Q3i{@E56CgR5?d(r4` zM?$v14_4_+11^vP5f)}lH#0XeGBP9{Xq>!d(WmM^f&K?Cf0Hh{apHueO~`Anmd0qe zmv6HI?f!<_7w>z0vDc|Kh~tlOgXn>p_epD=o^F~xt7d0p=%IwC`T<_EZGXNJj{LDP1|aIuUyV< zp!4v({ZZXH);D!eu9ZB%wL!j8hyVFno&9H&?7y=x{goBw<9-sOZB zcPjJeno4#jPx~CexFxczwWU*7Ax6vU(gN$554}^KaBs9a^dZ~B{o%EJ|2scgZSPsz k@o7fB>yoWmKP5sFj(d7r)f6X8dAEc2!nc+0j!66g0O%mDkpKVy literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP123subsubsubCAP12P2P1CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP123subsubsubCAP12P2P1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..a354659c0863d786e9a16ae3cb1f73ae333f89f6 GIT binary patch literal 471 zcmXqLV!Uk7xQB_6(SVnYQ>)FR?K>|cBR4C9L8KwK0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTupbk>NEUXZapOcxK2^0@7G%{8wE=__UXGb7E zz$m~_oY&C6zz_&6j13G7qQrTP4S)(^+y(jux(4z73TYj(E&3XM^ zT->~jZmZenC)5cPi5RrW5%?`_2Y?Ozj5><`%3u(eJjsi*3~ zHX+X{zv%(RK9>yxw8}5s{d4oi1;OTK_tO`xLc{qLrR15JKG-b(*>z9)ZJf-5Cr0a! z7tfEGD7y8{hLg(`;tt1^KXDDnUi6lG+2QvI0$0N8+716+O!jq9mVPW^Rq^tue^k(d zRT|3dm_7TnAwl@96x}#Pd$5t%&d)KDb6)FR?K>|cBR4C9frlZt0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*5AO=#vEX*H}pOcxK2^0@7G*WPO6z4TGFfar{ z3u6NVgD7!cV*^7YV;FaVzJacRJW!{sG7Hd%29X=_rjKSFG}lr)*LXD%V z7f68!3p1uWnVT3H8G;npyK1x2j>Iss3&y=qy|(i9hHG-%wHw~{3%T#I_SnqWx9R?J zlehQYeho-)|9@frsgkR=YCnWM%HU88F7pta?=Sx2x!H#Gf0|!$?X^)`uton;q^{7x ze2aiBkN*|0-_x4#XU&SFE<0NWz85#1B!uO!ll&StukDWmr_HIB552|P*6lUADXh6R zGPnJK-tv@;E4yAv=H89C?Ow8b{?`v@CT*X1sAkOy#Shj`Z>#UvcTqJkf1SDbkvfyY zYMb8@o2UNUb?}mCWkSRHBcTsBADtDjyN0nm$Y6(2qp2&`?5Jl-&HG*7ifsFKZn|m4 cDrVQ+%bwhjSjDuYmBlaTpoj4qv+43m01Z{HkpKVy literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP12subCAP1CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP12subCAP1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..0c0a57ffcde801b0c34ca7f27d6202bca06094dc GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG!a`pOcxK2^0@7G*T!oO>%Y&FcjxC zG%zp(LJMO91A{1WUSk78BV!nMfxdyRfjm&VtTKy)fmnlx(!A?@J3P*D@>#|1yXG6A z9M*gKngJI`fd~sTrem3#7#SJ*=P6(G?a?=R8z(yBmix}uWH!HTD|JxO{t=m&P&;Hc%+$`uc!akxy^BgeW{Yz z{3-JnF)%FTd2;AMI``v^%N-c3I^#Nzoso5E&qihRe3nXPgFByy_u47P{XKe9@oG7AuJQ3H~!?al&fFkA(gH(U-{f}DG3wF zH9{garZvoWq*ou&sx~@NYO5ymcq^MocTrNx+s3R!huBXkJTIIge+oX)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG!w2pOcxK2^0@7G*T!oO#&ik#{k0s zBXM3s0|P@Kv@kX>Fo+W8H8wCbGKO&%=o{!7$OFxgRc4Ve5Ni-QzSMmAgAILbKE@k=7`YwT$aL$fgxn4@rYAw4p5?s# z>#bDUwQ;S|?!C3O)7RDL+xiNg+V+g~vs(B$>0=&@o_v2*KXeBftaxhX7^(iMC_T3M zi@LjwgU`pLFc$6)$9WA!rd|A&)}&|EWvpn|E6;Ct`|CkAv$fulr?0y`JoM*coYpas zg}rPSgmlH?WS5$p{`pPIA#c~o?=mqh>rHYdT=BMf^5o9$lD`5qb9Y@l>ME&PAeAyn z`@xDIy2sY?u_wf+l^HnfpP^8s&6spZF0kQ`>oum}JE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP2subCA2CRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP2subCA2CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..821ceda6d20df7d939b6816249d5e459a4638c31 GIT binary patch literal 457 zcmXqLVmxZlxQ>aD(SVnYQ>)FR?K>|cBR4C9fwv*I0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*HAPG{yEG!g|pOcxK2^0@7QYbD>a&|Nl=QT7i zFa$yiV*>+&C~;n614AQY7S<&CzfOZOYgpQ*Yu zv{Xf8$L_Vc+6-6^JA1&j-}dTm4fnDfU7_nrw@r_}BQ07!|k=l}o! literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP2subCACRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP2subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..8017295e1bab1e7b646c50ee686ea4c59ab7a577 GIT binary patch literal 456 zcmXqLVmxBdxR!~L(SVnYQ>)FR?K>|cBR4C9ftMk-0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*9AOTXqEG!t1pOcxK2^0@7QYbD>a&{EwH8e0V z1VRgA0|SF7ab9BsLnC7tcY(fvu7NyIudFhQgn?LtNSsYe@jQcqqQV*L8qFkcEAiE= zXExvhDG*^{#&juj6C)!7N0Yflr>%F$Q!Rn_LAo;xznltu7+v0Iwq5l^r~Gqcz8AZb zxP@PzSNr@uE45&wpLeZl^92cph$I=qjSSlsYaF{}zPiZsx%$)Nlbb?sGuOww_tx$N%^P9Nz-%Ib3Nxe_aW932=Ui26zWkh7Z4U*A%yDup|bJc><#y8=h4r{j2 dP3KrDdFvai-lrqY@BGgGxNz4|+0JTyKLFVwry2kN literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/PoliciesP3CACRL.crl b/pki/testdata/nist-pkits/crls/PoliciesP3CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..8585ce40c73ad02a6cc4bf489c35a03eeefd953e GIT binary patch literal 453 zcmXqLVmxTjxQdC9(SVnYQ>)FR?K>|cBR4C9fx98M0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*IAPQ2zEX)^>pOcxK2^0@7R&aI{=QT7iFa$yi zV*>+&C~;n614AQY7yk+VV{$TfQPoRbTeJS5zCgykqQ<2~A#42@PBzS5`cA3zT+`8JhST>#R(iUI?_D{s cJWY5?U`?Ol&Gn6bzini$Ouw@$dq>Lx0F(~1egFUf literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl b/pki/testdata/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f68a34557c4b5f3ca679e12f741b3c9c09ea6621 GIT binary patch literal 530 zcmXqLV&XGs{LaM4Xu!+HsnzDu_MMlJk(-slpmDMxw*e;`b0`a&FjHu-p}c`Ch{Gi; z7LrbMhyh6h=ug=JfnBLj?ml6hQ%? z@{(jEy@rAY{2+5VggJZ@iz;&x^HL0X47fl-tisI3CZ;e~=m|49JBsrf8W_WoonGh>x_K6A(W*8T4rMCafBc#QXjT--t}$pi^A?p>k3r?Tk# zFLa8ETc5tm*NJ7qsi5F(R-x%;i@bso<+tTrSfgP2-$k}L*``H`Yr_J`*_8$@e>X`N zOT6%O?tk0q@tEO99CL>^s~_tuF2nQNA4i&YR1_#Xx61v!9#XZTif5;5xI&WXoYf!y zGK%W+*Ux%VaF-?JkbT#m40YzmYYqz?2uuv}wL7!q;mLy=<^Rl+XWaQ`k8O6t+Wl*; zPML7wv%+@v*ZUS9GJc~z{r}8{yH`3^KV`{X>b2!#%k!l+*)L3Iy?!}gh7#f5nHON8DwHN0RX_~yW;== literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl b/pki/testdata/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..102aad68b778e7530ada927d0339a2ffb34133fd GIT binary patch literal 543 zcmXqLVv;s!Vq|7wWHjJqUn!Eh@=O%S=uzNi9||GB7kW6g3bADPR}oaZk)F$w)0KPAV-*H{>&TDL7Xk-lIF3>m7HIN5tmQ`kvFc51HnVpw! z-?jY9^Q}FG(dTA*Pn4;t*$XyZR)htM|CyT@85tb!r)f{>Pye_gUo;|TspQ6uhpkx- zdh-aMVplX)>s+31?X~xhXwKX{{PVgl`xso5QsO>Zc+tq_2mjoZ7WQkrwMR7q zZYHkU$#m%U(mC~waWN{F{x0jUP+YfmQ?rXyP|L(;={ZLO=WL1A-Y=5hZOG+W|7Ydt z>BR}}E7p|pSl+llxohj&``Nm?i%+zrN;I!aDNkjYv2|xqmt~@->{%}bxBEA*n=?GW q$apM$Z(41EQ0DBpq1=VOc25-sxh4DRfo=dB`?Jgd literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/RevokedsubCACRL.crl b/pki/testdata/nist-pkits/crls/RevokedsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..d5346166d8a4323f7b528601234e10d111e2506a GIT binary patch literal 452 zcmXqLVmx5bxRQyH(SVnYQ>)FR?K>|cBR4C9ftw+>0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*AAOcdrEX*5}T9%)knxar#n&j*#&TD93U1opgvh;76}8f29as`lV&b>Syr+;{>qQvk~h!GvMzXU zzy(qu!orN{O6Dd;Mh5v-yR{1TCiPQq>IA*rbmgKO+s&l7Reye`sqE1GJhyLF(Er6L zc|489^|Na^+Ri;auAY?>yDs;RmC%0ww(OHdg@12|xSU`Rk-Pi(OxYprqg}JvGisXl zZ;86T-t}BX^8J}VmwjqH>Eh1ooc=aL`_ua`dm;|}S)26Kb8_`9Q4Rh6@svr1X8iyf4C!&~W8XLoJl?E;2HO20SH bT$^{WFh*9m?#v+_&+Zw4@sl1@&0Yxr2#c&I literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl b/pki/testdata/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..17a3f7412405aef437e62eca1df839185bf46520 GIT binary patch literal 485 zcmXqLVti=Oc#4UU(SVnYQ>)FR?K>|cBR4C9LAoKg0Vf-CC<~h~Q)sZEyn!r;!^I;O zl3HA%;G9}il9`s7oLG`ttYBndXlQ6|U&TDL7Xk-lIF3>m7HIN4yEUU~S zVIbBZvNhLV!~Xd0jWd?4TzX+ebevbo=H~`nAO#{U%$VL_ZenC)2tKUyUS912`y0Q{ z9i`Lz4ZY7b9?RK!sjFd|k4c?a?n8z*vR*S%w|U+;sN--^r>koBp5h~+R&V9Yw+C@9 zeI~k$`-`H5tf0bm!`z+9Z-gQhcg|3Ha(7Ob@s5S13MI33HiU1t{&CGmVx!7q*R%$` zM>9TlN6s;AIQ7i($1{Vnr^4xdKZ0kU!k-K3|$-Gkf!epfk#0 z&o%pgtM1P_pW7;?K*Dc)FR?K>|cBR4C9L7XAC0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTspaW9CEUX%wT98--lt5ObkeHXE;2h+m;GJ4o ztl;cuB+hGSU|>?*b^3nQ#EJs-@TyGf7rU0&vya~CYbRxjhM==Dmf zWDH&SCSlE|={_<+FU3|qysjtcH@kw#jFtOM%=HsO>&`T5X8%rb6FteeTcW^L#aZpH zR#21d!OwfUf0a-5HP*KNc3dm2!Xa_xwQFlKwg*oXb^PyZb|N7=Gy2Hc54$&8^%c+l zvMo;TZqyal!}0T5g!z6}+Wva6ce=mI-y56vmVa6M=an>|eGi!B5mD4zUt)zd_r}(SVnYQ>)FR?K>|cBR4C9L7XAC0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTspaW9CEUX%wT98--lt5ObkeHXE;2h+m;GJ4o ztl;cuD9&qWU|QMX!78t}r)9TWN;X()?e^fFyyt_Tt(2|2_SMM56MhU_%y$_smU8|6 z^We%6uclRNrW(&OEm+m|e)+x=PFwa=8SG|CsPhgxd#o#U{zkhGUK1;d7Fjr}-_)7# zR@#2wmve6}7rmEX!duI$wN|aKMEyzI@mv$1vm%c--EWHPb@Sj;-*eyMcNo{#{R=n# zJXbiW;od9`(f>TBlk_fi_jx)vf6)07}NW#{d8T literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/TrustAnchorRootCRL.crl b/pki/testdata/nist-pkits/crls/TrustAnchorRootCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f6245e4a62debdc00aa8db3d963cc6cd56571e5a GIT binary patch literal 487 zcmXqLVtj1Sc!r6Q(SVnYQ>)FR?K>|cBR4C9fvX|60Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*EAPiE#EX)&9R0>q#n3tT9UnI_JXkcIngcimI z1_n{$yv7EGM#eC%fs%m&6JrLNA_E=+E}&7eqAbi@jEoEP4Rj6UL40Kv2?MbPktenB z7h|TjapZxm*YaZ<=l~^kzKQXaSMAJF% z#}k34f!17an_=J@IpY*SoQ-%qh2NN+DZBkVE>1Y3!Smoo~)E u^HN$k?T3PFgT|-E!o6z#B{w$B5dLf~>G985M_(!A)t%!h-Cp0zp8)_wTD4jL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/TwoCRLsCABadCRL.crl b/pki/testdata/nist-pkits/crls/TwoCRLsCABadCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..daaaeef5324f2922413237f5d47f8d8ed0318bd1 GIT binary patch literal 498 zcmXqLVti-Nc%6xn(SVnYQ>)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG+Jnn4;huyrf z^BNi$7y_Y%v4Md>lsK=kfuWHxjBB7|pa66Qnj!-p11_McvZ5@^T#Sqh^bK?ky%I|=)J zw&sVFxSC$}y^DPFc9Z>r9rH^+cnY-~E!yewM&ax7;OKc(`h8Lt7c9(`jec|T^WWQB z_RH5sA5~&cDq|=ELU@hWZOTz z$YJru>&3#Y`mtL~f=~JgCRv2MnwcVJ@nLUSYkQ$sDr@hBt={kQ&fGX19`MsEDUj`> zR?ONDLAR$hHg^Z=O4%I#F)i7xT=qyrlD&K9jF7usChl%!SyPwghNd046ma^*0RZ6N BwVD6` literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/TwoCRLsCAGoodCRL.crl b/pki/testdata/nist-pkits/crls/TwoCRLsCAGoodCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..074e99bc5ce21b3520b96be093e061f3478147e7 GIT binary patch literal 450 zcmXqLV%%rYxSWZR(SVnYQ>)FR?K>|cBR4C9fr}xx0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*6AOuptEX*BJp0D5>?qD_XkcIngcimI z1_n{$yv7EGM#eDi0(}Er19_k>S!EUp1F;4XfrX6MX3lMRocs6ryK?XNkDfPef(^Jp z3Pf0#G2O`A#K_1X)}$fe;C=Ad#ae+~5z4;S>bYls*062j%RhgHOtaN<$2n^nUZyCXZ~Y&qqP6AdnQ?#{V2c8c4O;7-9Tw4kJ1@a+H^i1;n8o>NjxGQsrqN9p7=`5TY)hW zS{H+5uZlljdScSUxtb3RRhC_g-5>a6QVd7FrBnT~+WMIn%hoo$aa)$XS^ZPA&>Da5 ZHzv0y_9;xcm1M)FR?K>|cBR4C9fxRKO0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlTd}Gytf8S(q)<(?!AAQJmM%z`zg)EsPBe45Gw& zjSUQqjA7gb`UbiN@<0u;$}AEFVhth!_D5L^KHhLPYpsmw>Fu8TPG4rF0T)Pt2n#c& z^O&0$85vxr{CQnxW^&q9(tgjbZzt9By3MuXR#nQ~*fnYH@8#}!HS3gK)XexMJnO5e z-jT!8lq0XX-;vm`n5AA(x^-2=*XcW$*%$py2#q#-l+E26a-^YH;@Gw`)xq)NyRN$& z`hMt@-1tbe@lTjnK)VEJ9!uj+|w z)P~E5&6dwJ+IjV|T5^hK@!Ys@RoiQ&2XE&-li1%qbA} zMXxQm)Y31%ak{J3&XDbSkwcirchZwN4x&3Z#w&*=X(Y29>P!o1QJymE#5=i(Msm^t Ut{xTEe3QyLHecJvE8}GX0HTPZPXGV_ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl b/pki/testdata/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..4b18abe0f5aa81ab134b858f38314cd9a250b37a GIT binary patch literal 475 zcmXqLV!Uq9cz}tK(SVnYQ>)FR?K>|cBR4C9L98LS0Vf-CC<~h~Q)sZEyn!r;!^I;O zl3HA%;G9}il9`s7oLG`ttYBndXlSTwpbb*M%%c(-;${(CQk0pOuHc+loT}iNSDczx zoLQ1tma5>JSdyHf;Or>QYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbak9!R5(Z)o zA_?~;E}mK$FiB8c(dAP4*Q~Y6_Ei{gffR_aFk?ENxrvdHp{{80Z!Y zTbYa9Y+rtIx!*SF%jYSNG*nN`eDEdw&D=fwH{&+usePQkyE`c%GA_UVDw@gk#y4q+ihOvtZC~`Y7qtuuRu}8LC-L>L3BR&Q zj|gNv#dg2U^lp?KZ%w$mWAgo7Cj|AUvcF7MoA6hs+GnqjH_xf52b&L8UyT6(1#7c& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl b/pki/testdata/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..4411276786efc6adf1ff438f14b0e5ce752dd23d GIT binary patch literal 452 zcmXqLVmx5bxRQyH(SVnYQ>)FR?K>|cBR4C9ftw+>0Vf-CC<~h~Q)sZEyn!r;!^I;O zl3HA%;G9}il9`s7oLG`ttYBndXlN*AAOcdr%)=WR;${(CQk0pOuHft_&TD93U1opgvh;76}8f1`+G@XqQjC%ROp~HG3w{zpC&#ikkO@89bkG~4->%k;yomwC1oIEWybfeXJSH)(rcU^5}?m}jFC91cj zzYc!mAN4-o%J=e=e8Jx~s;v?Ag~lj~+FBvwd?@_aooZwT`hYwd?DSN33i<@=mB*xXpC&++S9y z%Pop*tmbb$tkx)&uKAi}&vNlyv2N~C_g0Cu{=At#?a_v_5=>v`8h%pQBd?`3Mdz-x bzM<6<&wZ=rH@o%o)qluzFj*3Jp`Hr>O(LoJ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl b/pki/testdata/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..53f90a872617be0100b05a208a57f6af390e1bb5 GIT binary patch literal 526 zcmXqLV&XDr{LIA2Xu!+HsnzDu_MMlJk(-slAl#7KfRl|ml!Z;0DKywn-ar<_;Sv@L zNi8l>a84~M$xO>kPAo|+RxmO!G&EElsK=kfuWHxjB8+SUiU>#px__CQ7#SH9k{B+wznfkcQW&AW;-jmY()AE|v6!@{mFgRF*!~LfIB`wC zZ@E}6Yh9_~p*lBf%~O`kFDk0%RmEu~N6+j|ce4CqEu8tcXJa84~M$xO>kPAo|+RxmO!G&EE+kOwJX7M2Lj%g)O$&r@&?@=ny_f$y&{@1E8lhpsH|H|6+ z*H(&&N9?dP(`B}a!DkaZo;xpQ_e^8CsS}*|NZzVMT1}Dp#qIRMt8ANE-`?Wi+c4#D zY4GFeXZ|ja`0C)E`SSdAA=?Flfz1=nE@IaI?$FsgY1Of7wE^1{_yTz|(wbCW+&osp zebIUTJ=1CPeb>F8eb&-BHdlD%=r)LE(GN>-aeR8a*p?Glo=ZUxX8BO literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/WrongCRLCACRL.crl b/pki/testdata/nist-pkits/crls/WrongCRLCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f6245e4a62debdc00aa8db3d963cc6cd56571e5a GIT binary patch literal 487 zcmXqLVtj1Sc!r6Q(SVnYQ>)FR?K>|cBR4C9fvX|60Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*EAPiE#EX)&9R0>q#n3tT9UnI_JXkcIngcimI z1_n{$yv7EGM#eC%fs%m&6JrLNA_E=+E}&7eqAbi@jEoEP4Rj6UL40Kv2?MbPktenB z7h|TjapZxm*YaZ<=l~^kzKQXaSMAJF% z#}k34f!17an_=J@IpY*SoQ-%qh2NN+DZBkVE>1Y3!Smoo~)E u^HN$k?T3PFgT|-E!o6z#B{w$B5dLf~>G985M_(!A)t%!h-Cp0zp8)_wTD4jL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/anyPolicyCACRL.crl b/pki/testdata/nist-pkits/crls/anyPolicyCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..cd2add46a6a6a9026061b33aa54acb8d9580bc0f GIT binary patch literal 451 zcmXqLV%%@gxPpn1(SVnYQ>)FR?K>|cBR4C9fvX|60Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*EAPiE#EXlbKwp;Or>QYiM9#2!s~K z1_lOE;=INNhDOFP?gD)ST?2WbHd$pB2?MbPk=-ZnosgOO-09JTMSbg-V^*sq)U_IL zffR_aFk?EBxrvdHA$rHIvzIwuYr8G;-ZQaj{>{|FZ?`%OBI@>imufmX@&7G;v$-j8 z?D6}5$Ghsgs*0GqhDmAm&W%3JvCVN~ aUjB1Q_eA~ag_%X`+`MmuEh%}rC>8)}rlaZr literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl b/pki/testdata/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..3dee2bcb21f0ad57e59858da97de24070e5de384 GIT binary patch literal 476 zcmXqLV!UC{c#w&a(SVnYQ>)FR?K>|cBR4C9L7XAC0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTspaW9CEUcQ8Se%*coS#=*Qk0mPS5mCtT$EV? zRGOoZ?5NQYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbd9unZ5(Z)o zA_ezd^qFVMh!;zIGP4mexxjhx(^~^BkOC1FW=z*JH!(6Ygmpbwrnn}{e(|OL;Lpob zGE~jGU+sFp{&IbI-!_qY8n z`5(8`m@>b3V&JPjVXsudVkg$16DKd234H&tm6=zaZL^DL^L;M1& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl b/pki/testdata/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..b4ee320e65b646682d3a4404da4350e4c1be35cf GIT binary patch literal 471 zcmXqLV!Uk7xQB_6(SVnYQ>)FR?K>|cBR4C9L8KwK0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTupbk>NEUb`}Se%*coS#=*Qk0mPS5mCtmk-oX zlvx5)o}=LGD9&qWU|$M!X$kDedvq*1@qn38*qUXh_EnYI-I$Qk&z+d@6;tzC7Xg5Rxgz~_bKbxJ+;gQjj*(osgP3dAuj>K-`z~K+ zcMIn5&{;7r?e4zfDg0b2r>{voSas-Plie(_b4%ZKJ4_dBvRzO;VQcqO9j8>utjSaM zmUYz6x^vaiySa1e(UuARH=gUp-eTsi=w5Enb>+#@ZTyR(A8)9d@5;MBW7FN|S9<4k z<}bai@usaIx@^VbdRg^jMXD1DOn3zE-dyykiLdM9^%pVB&BC#*LA+1vuWmTrn=8G4 thOK+WH`Qv<#RbRTgv!(|jOGYy`O)FR?K>|cBR4C9L6RZ20Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlQ6;U;t9UEUcN7Se%*coS#=*Qk0mPS5mCtmk-oX zlvx5)o}-ZLsNj~EQ=F>c>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_mCvdSzH z24W2&mKSDk_t!MvcX>ls*{iI1XWzT+i!k5b$_pT z5UfAp`E60nTkrol9{X@&bDRDCH*Gs+ny$*pWW_F|vHk?-`J6+?Zs~{LReqcF zlsK=kfuWHxjBAi)puoh)gr>-V$AAlHl&mNVGZ)ZZKou+4x|IzOg|BNP!+ppn<=E?*i`yo=e=R z6buj#iLfwZ1~hXMBO^mg&@yX()AZCd)l<72Hyd=ciJWTN_f~!?`@Xgmv-7HFANZ`g z%AEGSYO!bI+m!WB<=1|?xU}L%`Xg<L_ zx8Y>Hxr4Kz?~dWm4Lg_#TJFrW$+d@49VDpl<>t;=4jdS?H|qJ8pxe^iRM zPFH6+b6US4ZUw@I^N0%>H;E-`hy!e*?r7L7(_T;)q0sx6izRUms literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/deltaCRLCA2CRL.crl b/pki/testdata/nist-pkits/crls/deltaCRLCA2CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..8e13c071e0bcab38e49443746e4410469108b545 GIT binary patch literal 580 zcmXqLVsbEOV$@(_WHjJqC!v zSQr}^7(|Kl8XFiI8N;{+N(Kr{j7(rfhHym&JO*4qqhv){n7J4k7c_PmG`1VagG7{B zBn-qFL~3q)+sEv4?)-N9g_66CS8u)E`}>GN1W17%OQ3S3&l!BEP>bL1;@bP>^4V_F?nwut4&1SOxIk^+ z)_UEYWk+AEkp9gjqY&bE&hPclNt(7Vgw9Nn(aaL%0z2k~-!MvlRKD+K`mfnmlA0?y zm#>ZDu?sk^Ep7g<%>9bsfA)lIp6+MadH;`^KhCaubTC>k@A|(v%>_R-zjc1Il;)CX zaFg15VL_3u0$chm4*!jIv!1res618sH?4s6(Ta2xyUmv#E~<04%(l$%J#`>F=-DsR Za}&z!&Ij%9o_qW8*88*Awml5+0RR+;$@u^P literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/deltaCRLCA2deltaCRL.crl b/pki/testdata/nist-pkits/crls/deltaCRLCA2deltaCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..c692f3a7a664fc6ce813850b83eef5944669685f GIT binary patch literal 502 zcmXqLV*F&#c$)FR?K>|cBR4C9fvX|60Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*EAPiE#EX}Vv;YiMWyf)>UG z1_n{$yv7EGM#eC%fs%m&6C)E)kpYq-10Dk|pi#1-EX-Vtj0@}xYz*W87M|R5Oz2{vLEV>6 zckbmgiCH-uPPADRQ#HvwEc3yI%Y1CLhYcoG&ucrW!C?C=+UAe&zd1Lq%608_D|)oo zCO_uIVu^%K1`YE~_jYi|tUGw@Y{7IFH7Ao@2h(-D7(V7lO7~s$Ht%yQ|1OkZp*T^n zRqt$a{oX4I7xRylaJ<#~bTriFYtOXnz8BMk<}%pwcZs$<)SJ6v`@U1p-6qsuU=PqdMGH7f!kOyj%Rc4Ve5Ni;5pL}_R-^QQ!6Cd#&W?ei(;?m@q&kZ6# z3iMb44g3v!7kDr5T;fh8=NWK;Ocr5b#tZ=FCPqev7}=)++@`#VUTb|1p8Xl*cXJWv zI)FR?K>|cBR4C9fvX|60Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*EAPiE#EX}V{`YiM9#W?*Pw zVQgSv5GBrQY+z_)4C5}aGq5p`2Wpd5W|1%uYY=&#e0hc6#-H~SAMqY$T|7hL(&U-X zfer&IkY;53&%(^a$Yj6;;);OS%xG?AZenC)IK5|S*15__tBmJGP4m9a_mckz_jdoz zNv#icUf$2^UZHI<@orV$ z!kHlD@b$`rb?OGw^W+{bUNn>ASaA(Y^8J{!dlu85UI@5gd`^F&K<9%uTDNOY?r~z~ z@Q9t*&3BONU#VBWnM>((yZchNRaQ;kp4FY=T=3faZ@~_cJipY_8fHbWi)0z!PxhN{ zw2SlUS4P)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG(0fnp2YK9OUDfmjY6dU!>rdui%te zoT}jLD9&qWU|?!sXkcM%U|&TDL7Xk-lIF0eDOF^~ruBdg3JVIbBZ^2MS|b@h_R zG6znS_Vfy8Co6C3Y6LnIs6d*L@jnYQ$lY8Zt_X_>p zSAM%^fwh$1n~IwXbCqA%%I;w5HJA(i5te)gu9 z0gIvwgZ-B&YX$9YZwgS47E@{8az!<7+DC!4N(T%KZgxpHPVj%VO8R^eN57C{FPC0i zaEDv#kqPpte+C?=Q=Pi&~ETJy^X?)%w!Tnw7z`e@(D4 zSof#!@)}#~)EV5zv(_okmOg5HxqtfhWlOozmH!^I$5!DzO<&|b&ju%qDgvr zN4GuewpdeH$Zy{~vp~j0r{mNX!}AvfeJswmtZ)eU`uXR!w)^K_tl+&Ja`K1FDgdvj Btlt0t literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/distributionPoint1CACRL.crl b/pki/testdata/nist-pkits/crls/distributionPoint1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..aa785bc6ef07008669f3c450f86c078ee16e406b GIT binary patch literal 641 zcmXqLVyZQ0VoYUXWHjJq~1*ch3vNPr@yr!RT8simzyq_K68%C zo%waq&lVk+wZA1(DxBAjr!H#4&b=zlY)fCwFPQc4=e~2Y#rIYJy8Tmseebhsnqk!b zi!E*YrjkgoN+DHof0s!Hwt*Q)fea(#e-<4Btpyqj)eKZX&SDmp zbq?||RLD6)aR1{9Aufs;%Ib zWYV$d^>ULKo!R8&Q_F1p`+6?P#R%5!a1ed6y3uw2jkWKNP0)FR?K>|cBR4C9frlZt0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*5AO=#vEX<#omy%hOnq1->Q96v!|#{%2t|U~Xaj4>3W6g&EUx%uS4p4BV?! z9i}GkV2czC+3pl#HD&9sn2hzD`i5EyS=AnX*_ZrsZvE{B=krTHE>SB;U-&0euimO6 zpWASfkN4-O$@^X(p4}??Y@Kkj?XAr0V&U%_Omj}3*l|FVZT?~JEve?=o2ON~`yQUo zbxc0*=8RK|cfQvP_uC?KlDVq8=e*Lor3v9L{)8Sm?(7`Z?ZEb#)At;Qe~sLg L_iwtKIo*>0e5$p* literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/indirectCRLCA3CRL.crl b/pki/testdata/nist-pkits/crls/indirectCRLCA3CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..cd2639c848b7e52669fa5bfce555913a6925ead1 GIT binary patch literal 566 zcmXqLVlpylVw7THWHjJqI!sa0~Ni=A~p7r6!j+2l*&CI~t4g8X6cF z0-=Smfq_AkIIppRp^-6+yP$EdLE|g~d7xfdWfq_z4I&B#nk?}uEqCxzE*agu`A`QZ+sA z&(8cRD!ZfSKHc*(o4@4G)7{?>S5N=wmc-;zaX?|~O|j>*+mCGHmWq zYcS4#a%X?uAxXvB1c}g%g+>w#HmmOYUVY%XR8 O@prK&N%tr zKP0tFB1pGJNQf(^yw{*{21tbrBjbOTMj)?iL1W8;#>OS}2DQ|8v7x4cI>=Yd!U`~7 zDS*6{mR|%HfO@lq@xK8V$Ymld%$UK++{DPpV8VCv@xIwB52x4f5$jGm@+L>;&YkbU z54Sw+syK4!&LcJrE&FS~GTv|8`dK|&IrzZ0>ZrNo7%5M8z&}JXn4u@?UmlMTIMnr|AHMxE;_e&DBnFZdvf8< z8pmZz{0hSvZ(qyp|IhG!zokH^-#-5*&L4uGrta!=ohYlsf6+sPH_q%vO7|%)_ouJ< zw%6DDHXIY$_?71tpK{lKex?S&zmm;z+@Gds$$aqb;?0;WcG~{A@4PnQ-~%UIB=sB4 rzWsCUOK`ge$FenM-|~1)pR>q5dNn@d=4ZV&sg4aRuYLOHXK)Ar>7Cvy literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl b/pki/testdata/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..2f73d9cd4a93b313cb4755b13ccefb2aa9981171 GIT binary patch literal 622 zcmXqLV#+dTVhmzpWHjJq4=k7eZ zKw!x&7T5pltK8QM9@uHnI0K|YhLQ0}3sqbP#O#^k1ub71u zV7^iSc`Gfy2rdBiW((tg11^xuL|B+HgOj<5k&!`D_|uv$r!Q5rnXi1>vd?hWsjw+; zIofT7PjuVlCi2*-E$8=+l{&m)ejfRY*WOCJ{t%$s<>&gYO6S_eK-OlFG}jaJrdp^vmQ4NG8}aARtLgfU za#Q;z^&Oo1r7Fn%Mfu`A`;|YmdTt5LJ8I!sa0~Ni=A~p7r6!j+2l*&CJDQ5~8X6cF z0-=Smfq_AkIIppRp^-6+YtY1W&p-iaKbkTF9s@3*d9tD`%v?anRWUI#p{qzkQ4s-B zEz8LGpT*C>XNecN?q^1KzZuAN%;W+U@{~<+* z2n#c2Nyyy9$jGpL_S7ynrd8hs@7*eBIAPGW%GF!_`MIWoEitkE{MLK*CRm6rIzQ=b zx={7((y4D)*AI zIa71WFWnHK9S3%8>;I(Y@Jsta_vd)_%3z7cmvX19DlH{sIrn7$zdMu9Hh9vr#Hw4T ztaVKIGm=g!IoNa@ZQrF;zOp5tv~T}^3(4j=9)Co`w(ZV!Z literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy0CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy0CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..1f14141335f32cf69e916d24071c5fdf8c4bca25 GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG&|lmywy2S>l*i8IYfonOte0;Or>Q zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbc3EW>2?MbP5s3v0sG z^~e4$b2bAmkOC1FW=zL2H!(6Y)Kz>|zn^+x!LdlSt*_^JMs+bLBvnn^DxoK5`Bb%X zR^1)*Y5x0cRro!Y8fx8MpZDB2@BU(g8Nu_o6cyTU+kTW-t0?!%OEuuZC6#reW%Czj zXWZw%b}MY>3Ym*PRURFh-S{dqt|@ozYmIu=-(F7-_h-Fqx%95vhjm$h<5z#9n{r!o zS4>j&N)Yu6Rd;$=y>aIhN#Ux`pWaXY%FZ`CcAmkdkbhGjiW$$!;?4?=$z9>#cW3jO zoHNUInz*UF7hRYhVJ^PE_jz~+GlR#>!UrN6mxP>W$8DJQ?DIoihT54_;i-=jKLG&Sm#Iqt literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..8538d385887e6c6beab88708f01287540698b23c GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG&|lmywy2S>l*i8IYfonOte8;Or>Q zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbc3EW>2?MbPksHhAsZSR?+;>G%@w&pE zId2zMf4XeI1yUfw!i?!y<|al)2A^A7lI7jK;v0XS~^{?5-s0F;?Uvf0mlx5F-V2W9OVZ;36O8N>Z-HxUz_aA(k?9<|{f9SkR?cE3S zlymkO&U?&K^RGuy!SZQESJ0Q_jNlo?6C@XCHX`Pp*B#xFylQ?yU;n{Vfe!|9f6+Qxix}&|bl$F5Y&+cb4$tBH`~$udJ3% iJb&qR#^bNgtqM;CuDt$3!)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_kmywy2S>l*i8IYfonOte8P+Xei z>}V*?YiM9#2!s~K1_lOE;=INNhDOFP?gD)SU9b_d$}AEFVhtiC3$8}o)DFI+z2R(Z z;jxALotK{wHQ)l;AuGbdjOk$JCPqev!rR7LS+@cgWZvhqzWZdMSpzrg+^GKAc-9}Y zk4}ESEryN7Vf86}=^1at)0w6SAAWu1_=K>FHyVr**^X;{iPtGgD9FpIpD1~-2Vsl4ZT`j^N5&F8P^O)$E{ zZ>h9fX6~)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_kmywy2S>l*i8IYfonOte8P+Xei z>}Vv;YiM9#2!s~K1_lOE;=INNhDOFP?gD)SU9b_d$}AEFVhtiatat9$rQA;1ciTHK zr6()xM$F>H23$ZpWJOq*F&)g@#K_37Y4dmYZiJ zbK%cE`F%$M<>vX{f4iqC!snXta=y=k4i$Ubr>;2Ul-B&#KCgSy-!Cj1R3cpLCoZ;q zpDQID<-Q@6X{nCp+?kRU9wE{HPwY|q8@T;{#sQWexAOJM*jZ#3I$l?aKH;?H^z7ml z_Z{|j@fs=~dYJQRzNvEZ^d0>FSNZ#|0Ej>06I_8NRnpouD1V^q+N2@mbSV@zc#&UOxAK+86kJ nOV`Ptjz#@llaIHYb6r{``$13E;)kL}|D^~62fHf`>puekqK&h- literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subCAIAP5CRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subCAIAP5CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..a2856f6c2f58844abeed9cc0d988f62177d367fc GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG(Uwmywy2S>l*i8IYfonOte8P+Xei z?C9wjU@FdQXkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&oh%_GYzdpc zGvqBu>=XUHFNldv&43G}K!k-E)6L9HjEoEt&lc@EohfG-xM2INi^40F{PUmn&ux=w zzJ1nN=HH&e6)`f7%xniEfBSRARb;&TbnW>>vsuM6ml^y^;IT9g)!aF=OOEk!a~x~! zjO;XX4LwVl0DZ+N%5!c`Ke6oZ_MaLRWmoFEIKvlDTE(Xj-K8sPSDu^hY!b(EU-$j? zeRES6erCPV`*_0f3tl{}MjB4%xF>RPyuQUR%y{&xw%Ejz3_s1TFJ0Pu|DE-O#ao>3 zu)DUY#r74A>Q literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subsubCA2CRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy1subsubCA2CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..4e07e80da57cebcf01d76e8cb064709054f64c32 GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG(Uwmywy2S>l*i8IYfonOte8P+Xb> zM9z*z;=G0i28KXrVQgSv5GBrQY+z_)4C5})H_$bZ2bvRhHie* zrTaW;&J|lucg;L}QEvSPYnh<39qqX*Cbai|VU*KxUca=?uiNdanW)L(#oLbj6)yfT ze^+Om9OI8vrx>laU;h(c#%!5&(%Dx(=EjHqbKWoGH@@~*@gnp68ShS6g?9D6EY2tL z_p`IFPyVLR6!`wS_2-g?!;3fkRD8C$jeCW{_pcu|ILx^sCV!`Jb8svN_lF(p_9U!l zF-*#G_?d9VX`&iW=*P;__1_o-H*tP?q;>N0`)zB2Oe3#$iFo!*c>nZ^T$^jdVpFE@ oLS0Vz!`IsW9`5_9A^5;U#Nebl*SbxvkB0KTWQ^#A|> literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy5CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy5CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..227d712f153b03d9b516e013a76cddf3a47b24dc GIT binary patch literal 459 zcmXqLVmxlpxPgh0(SVnYQ>)FR?K>|cBR4C9fv+LA0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*FAPrK$EG&|lmywy2S>l*i8IYfonOteA;Or>Q zYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2Wbc3EW>2?MbPkppUt&oi&ht@*I`>fBYq ze5pU@oaQp%0x1w-Va9YUa}y&Y!*s>t7jy*uinuFhZ?T=a@T=JO$Np@ko3own-aUIp zaH6WzibsKt8~2{y&*=Sqp~0d_YH95k*_C}~U3a+R*XljJsB^(%3wynK|<8?@iC`xGN;FGjn0sI|@xsubDFK#-+~n@|&I=t2a(DTokq;d}aB^GYd8zC2b_dhv|uMu&$5hi^BA0RTU)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG(Xxmywy2S>l*i8IYfonOteAP+Xei z>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&IWt#oV|~4^z|+hp zVwTbik&agV+Xh@91tKiWnC@k6Vq|2PUocI&$ANkXRCfI-&m0LT(?*)p+NkxoYv+gw=20H z8Ly1@+mvK}dvlCa-m@>)8PbG**R9!qH1%TC4E=TOrT1BVtoCRfHv67yUYq_rw`I((C3O4PJ9t0znb=-Vuh?g4C^NtHwPF5@J7P*ME4+o~WXt*ZmN9o->u$PG l-Qg5y&*#=WpFg{Qak}yy)l_4qylkOKwR^&LGOXwO1OPUVuNVLT literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitAnyPolicy5subsubCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitAnyPolicy5subsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..78628f83f0def528d5ceea41cf0f9818d5c1937a GIT binary patch literal 465 zcmXqLVmxcmxQ&UC(SVnYQ>)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6omywy2S>l*i8IYfonOteAP+Xb> zM9z-lyoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;8X~LAB4HrbAY%B?{!da~L+aU; zl>!Xfd7V)&SPvU;ffR_aFk?EIxrvdH!O@hXaIu}ond2HW78h1(K8w6zz@heO4ohWX zknW>jlg@6glV5Ot`&Q|!6`2iF4piPslx$uUmfxN5e4%Es#PVgXw-k?Z@0t1dcl2V5 z^0sA`PjVyc)6EL2nUt?{{Caxuo~229NW#$tfeTnBzxc98mMK55*u=lYh-t<*flZI6 zef;?2)ycQzZ)UuC+EK4r8=kI_^YYe=NgXp{yHx9|Sijw2eZQA$=j4*xms-UZ&tqgd zWq$MNr&CjA+nRlJEX`Wo_IP8oz4(rjV~l~*nRX<6dsZ|p%Q)ovboW2gKdqV*T9@*& oJF`OZ{4U|WT&y!@$r|fCh`N38!IrSO5#RRDJ@tZlzuK>l03t!Q$N&HU literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping0CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping0CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..69c39da01c7b4d1935feca31b7df1d60ae725982 GIT binary patch literal 463 zcmXqLVmxioxP^(4(SVnYQ>)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_kmywy2SrU++lbKxUn^;hgnU`*$ z;Or>QYiM9#2!s~K1_lOE;=INNhDOFP?gD)SU9b_d$}AEFVhth@=4$K{TN2j1`{rP` zRQu2W>9TWg8*l;bkQHHJ#&j@q6C)$TUfpW3pC!jV158$He|h(8^1REfW_(5-K{{K# z6SQ6&Uww}K4|jA9x5}!M|9}1uiE5E5=aRW$a3WT>LpX8vtrn^I-JY8^n12rbJNbG`yHtq9^U&pon=V^Tzg*KiSAK2js<>z;{^E_ZHL_A~ zT}-QUzS_-v>+%f-0p3KrR~F7MzCSda8NcR@yt9|2YJCfz$Ak-a9hpQ0kDMv4i@H|% z+;y(txs$V=DqGF`wriH+k~?;u-<|Ku9~Cs(oS+at-}ThIU!As3H+K0)`mCLI@7{%5 m5gVr*E6of0{QKcGGX^8+MwL64>wGz;{`;!?e$`P{R|f!nSg{8H literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping0subCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping0subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..b96ccff84247914df3a6a1392c4f7b4da5f12abe GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG(Uwmywy2SrU++lbKxUn^;hgnU`*$ zP+Xei>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&|F;w;1@*>E zvx=IqPHN8%o65#yIRh?`0udHwOgA$(F)}i&+rOkiVq)8dzs&A!EqYrPcu)S-zT^0g zvk}+Ve#~DGyu8IT_E(JJg7&(LwX?ln`I+oeefBfi=c&c&drG$!x(2@9=c<_U{Nwd` z)7F_@vQ%+3J97TSl9i4B4KkJr2_30jrd!FqXVStJzkp|=JLmN6m>BiaM>2TMd!-(w zO>HhqXDpn0_Q!#WbCz<;IX$;N|CM%!H~Wc7f^)pC_LiF4`wabOt*SB7Tdifbv})<% zt6kBK#eJ7oem%P_x5n&JbCT&@JC5$UOp}%Kr+G5%oo&1R#+5a4>yCYB?@O5HxO3^@ q&E@g+YT0Lb{6v>cG})znDKGd#QHOEkTiNJtDJ?BW!S0iF#Q^|BJGEE< literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..00074f5b05074bef1a130a9bd3b83dee6a90e0bc GIT binary patch literal 467 zcmXqLVmxoqxPyt2(SVnYQ>)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG(0mmywy2SrU++lbKxUn^;hgnU`*; z5MXGe;Or>QYiM9#2!s~K1_lOE;=INNhDOFP?gD)ST?2WbF|x`m5(Z)oBEIQ$y>~4o z*S}D^$H!<=v9VO())E6QkOC1FW=uyjH!(6YJUKAq+Jl~q3-4Y%zO+Vct}>JCo7S&Z zrZevzztOso<62bJto_v+xMwuHe)nV3jqp!qm5tpl)6Td3zkA)|$Bm-t+6!6hZvPTI z!FoXY)SG2#vrbk$PM$pX@{Ls@Qk$pD6>M1OG~+{Wn%UOdw^}TJxpxJ=K6)jOFX_Y! z`HcOE{x6UIFEnPas9A9_?UB&yWF8gKb55-Nac^H;Sv%!=vZ+8(U9jbreQfg2yHDSr z7IUsQ_;L2Ur+b-ot9laC0ev^SsQ>@~ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..9b90c9925ac04686bc692207676f4b7bf8f1a832 GIT binary patch literal 470 zcmXqLV!UL~xSNTQ(SVnYQ>)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG(aymywy2SrU++lbKxUn^;hgnU`*; z5MXGeP+Xei>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_lHvdSzH24W2&tJJ2* zrtsIX?ukw4We@*TFf}dbxd9hQfd~sTrn{M&7#SHdirr)O8a}i6r)9P2U?fNBbmdcj zteRgmdNBN)x&CI8gEWVkX#WZRn>S`_zTIdWy@CC+-LnfS6W27aUv$Ptrsv|U)mQdJ zr)LDr|EbHGX(MJ-ZWTED!jkA`s>?<0CQF9vOkSGuCLo7P`t4QOFja-Tx3@#Nwk$ZA z&~N*B#~JqhJu4pzH$R>*A)kR;Hb5iHZBzO}p=r0)9b^cyT;ky8cG)fNV99lzO*?9R zjfE0BV&*1ZC~x1YneM5(U($)FR?K>|cBR4C9L5v}{0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTopaoLEEUcWFmywy2SrU++lbKxUn^;hgnU`*; z5MXGeP+Xei?C2TbYbwrbXkcIngcimI1_n{$yv7EGM#eDi0(}Er19_lnvdSzH24W2& zvMlGz)Y&54IcSZCDTiL^+lIX=J1w(51$Ynj)JlK)A!{WR4nQNDUEQ*^6@?zzNe z8RH0C##Qo2XI)Ci)40sbLExg6m{&-cU1KK~`&pIqGHpVn=r^fobMbKS3_HXTQOs`tN9YF=&5|MbxFkh=akDNfV6 z_vHT$V$!>L>S7f?tBvp3{f|B#p1ICKp<|V5_03iRw(QN5f0q7P>uT!S`+n{Nj$c!| yemy!lg@Yl8H^aMF$;@Jt?z3wfu1G96_<4=gk24!Z6Wkuw-}OE1QvUB#uMYsPM7tgU literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..7e96d0933974422774d55f01edc6d8883d3478a5 GIT binary patch literal 473 zcmXqLV!Ue5xQ~gE(SVnYQ>)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUc87mywy2SrU++lbKxUn^;hgnU`*; z5MXGeP+Xb>M9z-lyoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;8YZjEB4HrbAacDS zM!37rv1}LD*5bk!iyazD_%0f7ffR_aFk?EMxrvdHL0 z&85B3TIm-ZGg%D%pI&mXZaA8I_2{FY&)@&LW!m@Wz5TK8A0EC?XKH!8#r)iwLMI`= z15-N0_gIXbDW=W y`NQp--^5Zk)@rt~iCvs9|G7=Z+~*#Lr2mFk?e_itDqyL|cE6cM{|$2|{Q>}oI>2WD literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCAIPM5CRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P12subsubCAIPM5CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..b5c88aa6410f5c6fadef76e3be85efc9a957ac6a GIT binary patch literal 477 zcmXqLV!Ub4c!-IS(SVnYQ>)FR?K>|cBR4C9LA)Wi0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlST!pbJvKEUcE9mywy2SrU++lbKxUn^;hgnU`*; z5MXGeP+Xb>M9z+$0luc1Ru+~hCrMj_G=gleqd81{*;%mCQ z4vRQ5%WZ$4VBDI;mf4*xocyzDI-gKQg>-*W?&oJa*9%6AeCnRCzC|K;-PM->r6jfx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1CACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..134a20392436b98f2bcb2b36147ff1d1939b232b GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG(Uwmywy2SrU++lbKxUn^;hgnU`*; z5MZd_>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&`?k&9t649# z@MibJB@G$P8f(2iFdA@y6o{}eW4f8SiII^Z=>K}Ppsu$@OHaJN{9o(-?F9u(%664Z zyjZp3bo=uCoh8$46|V1l@VftXFGJIh#iwoJ=j?8uzi4kG^T`?8rd1uGi&!zPre;Km4^inqj~A z?2k`9g=f?%FX>g7V%(>=go95)ylT6P(X$G%DRY@rb^BM$vF)6lku32ueNVjK=k40x zT)DaGwtSqd!0vKho_oLdRG!aVU(OfC7ffbaTd`Q;<(z99p1-^z@64>U>(JWnHm};UW_`&LSKliV4idKmdU!$&YVH~yFHjDPkzvQDyaeh$m_Hl literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..42a66d51883f4a267e0ca8a4eaeae078ca0318e6 GIT binary patch literal 469 zcmXqLV!UY3xQmIA(SVnYQ>)FR?K>|cBR4C9LAW8e0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTzpbApJEG(Cqmywy2SrU++lbKxUn^;hgnU`*; z5MZcKT$<$UD9&qWU|2WZAAT1YIS*d_ z*)Y3X&3yYhm#Zhrwnc^B-N79YEpEmz&phscXoP>;T+W+srY??qbZh16f`#qhbZ5G6 zeV%{JPxYu_*o!A2k!>dHwT}je_`LU=yEVT`X+`(X^5!3JD;I|TGLgFS{;h=F@n@Sp zUYycYv6VlrT*o2t>-H5pUu&(F{Qv1;{L!wg*@D^Lr%#vcPdPSymT2v_oU?KsFC6Yg zSS(O~)}L?qTIuK8?VSb{M^g@0?qR*0Qsz}LWvgS^k{i}#S8}gv{8@GH-=k#5=7wDp vqz-BB`K|w}di}vGj|-VUY&ay)J0W{@js|1*Q}G#vpW0t7*c|rym*_PB%D}-0 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subsubCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping1P1subsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..bf0a11951d7e47950704a2ca2b5ad9d8f9e13c02 GIT binary patch literal 472 zcmXqLV!UF|xR;5M(SVnYQ>)FR?K>|cBR4C9L6jl40Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTqpaD|AEUcKBmywy2SrU++lbKxUn^;hgnU`*; z5MZcKT$%(#&W_@|h6V&TDL7Xk-lIF3>m7HIN6IC9BLLVIbBZV&_`2 zsQc2#upT$Yw2A_iV@d~^=NWK;6o{}eW4fHViII_^(a-d{0@)3YZM^wfEGfss=kLQ~TT1tQoAg7?=Jml{b)GfX z*1LFX^^X!i7XACZ!ZLim!PKQU6JDSD^e@a;(anBw$Uc7F)hSJFYfr6=K6PyVnKdDE zCj9%+cz1EtwAtz^_hMIEGB~!}|Bc~MqqdJpJx(_!l$NWeB`RcwDI8gvpfG!`c;6-+ zkE+HPMGcmkqn8-h|J=N7JI~K0Tzl{2o-b?PvAAIN%Zy7`79WwjvdAo7;dt!Z-*Ya; vy4bjS^4{Gi_~Pegzpv*acq*4I6x|xfazn~lFFR1&{n(wJw3n)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_kmywy2SrU++lbKxUn^;hgnU`*= z;Or>QYiM9#2!s~K1_lOE;=INNhDOFP?gD)SU9b_d$}AEFVhtj<8`yUy=^Q=$_p|e( zv_RF}x4+1oHQ)l;AuGbdjOk$JCPqdE(@9p3CWYE=+!U;zxaPyRoVP5KB_r-GazA3J z@#0&5DZf=o#IyL*!5p^wv+~&&%SkIAzbU)p4Bv{dBU^3EZk$!wGBbXX#9O7P%;n6I zOJZMz^QgY&VFB_bFMiN~}El z@BS2aX}M$T7q82FZ?JQl((Y{&zkZnE(yltiEmTy*w%+aFvp!yi3nIqdtKQCfy;3D= z*W&t)J5GX+CWRI0?wolbwJPe&&FKdf=0^OO=oSC_-Ia%{8WJT|D_DJwJ}_;v#w0!U ngV&!_C^@OjI={?PT4gr#s-snz(_YrCczpj*$E-gE{qr>d=aRIa literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..10b9eb22bfcf1818d9857fa6f35bc64668cbe766 GIT binary patch literal 466 zcmXqLVmxQixSffS(SVnYQ>)FR?K>|cBR4C9L5Lx@0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTnpafFDEG(Uwmywy2SrU++lbKxUn^;hgnU`*= zP+Xei>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_k+vdSzH24W2&H{Rs#+n#?) zIQf+NnK{vmGR?Mq$}r#pDG*^{#&k1t6C)#oWkc`6_0P6P?pI_k`sOgTLP<9-c(bua zQ&EMz!hyN2{8{fDr2Z8@{%^#)B7x^Ys>EZ3$^(@<&j$7De=y{3o16J|dh;x^xJ9*V zg=}**I5+nz$)+7$esaovYc019$?}f~7@uWnKpR4C5pSM#u9lE}wRWbKbjf>vjvS;)FR?K>|cBR4C9LAW8e0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTzpbApJEG(Cqmywy2SrU++lbKxUn^;hgnU`*= zP+Xb>M9z-lyoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;8YHXCB4HrbAY!`w%0urG zzt9zhTb$~R{;^1%WZYrE1yUfw!i?!`<|al)hTJs^r_`ECduy3XEDBcGv*NdGt7G|$ zQkS-_%{P@d_!@j(p>q1v^0#7T{tWZubMlXx7u=h->f53hrEamyY#g_1B{=-&Ti~|k z^RbjIOY}uHh|YEU5|@)!_BF|+k6Sg^{`D8JOVinAi-+ehoz|cAztCRLaaEk2*`{-X z-&Pu5y1Te%Yn4J+`5a&0uCjCQSFk)#IL(yMcERlA0eom9s1zgKEGJCT%OBDXM zm~Xjf&3xNJt4(&lypODS+^{`sXZZRSbq?u^m$(w7^JD&atO(0oknF0(J%h{obDvLG q!>t_lk~6pV^7u%9O+0wnEVX3*x(Azb85lLoV$+M0Rv9o{nF9czNUB=^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subsubsubCACRL.crl b/pki/testdata/nist-pkits/crls/inhibitPolicyMapping5subsubsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..9400ea8c23997d44b2792987f20e4c83c0b4ef53 GIT binary patch literal 472 zcmXqLV!UF|xR;5M(SVnYQ>)FR?K>|cBR4C9L6jl40Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTqpaD|AEUcKBmywy2SrU++lbKxUn^;hgnU`*= zP+Xb>LC%iiyoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;nkB2uB4HrbAhIs`^z}!F z3m<9041K*^_*I_a$o1|ML%aTei68*6?FV!+I4POLv_RI zIzy$7&%)ExcFg_%yLFm&w9V((WwT%G5e{OU^gkPF~VG*~T%Ym6ClcpV+UiFWA=c0-CgdT5tvSeYnsThOk s*;C8H{kxNy%)~Cv-L-4W`w!ub3#B-@lQu23-2J1aV)n-$f6_V)0neDWH~;_u literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl b/pki/testdata/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..89dd9a8351cee42813c70c17b93715105c18684c GIT binary patch literal 473 zcmXqLV!Ue5xQ~gE(SVnYQ>)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUc8BS{YiLn4YTOT$EV?RFb2R9OM(6 znVzTMmY7ov6m}HnH8e0V1VRgA0|SF7ab9BsLnC7tcY(fvu7NzzFj-|52?MbPkwd34 zziwGCtovooC&AFuS_YdhMR^)A61{=whXZDD!CEj&w&GrQI!j5T;0$NLqjc+Tn wpS|s=xgkeMeWnzPQso_SzH_%UbIv~N%V~GuK4n{-yYZ9JZtJE$i=;jP0D&8`)Bpeg literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl b/pki/testdata/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..6266447c3542a0a15b5cd1fcf9f1643e3ac1d2e1 GIT binary patch literal 477 zcmXqLV!Ub4c!-IS(SVnYQ>)FR?K>|cBR4C9LA)Wi0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlST!pbJvKEUcEDS{YiLn4YTOT$EV?RFb0r6ai@n z&P>l!a7)Z721+@K^BNi$7y_Y%v4Md>lsK=kfuWHxjJp76oPj*hKv`uL2?MbP5tC5v z^gl8i?;I-P68Vt)^2+QF$v+LaKng@ym@%Et+{DPpP@el^jd3XBE*`JM_QEtbg{9JO z*2#+q8DHf;^JRN}-N`qL?DC|=Qf?}*6E*vyS`>e>-%Yk?rI>`%T=^|Q?{5Y<3FItO zkV#~h^}f0}b8fE4#rZ+1lA`f#oFcEG}B;mJ*}4W2A{->|A~ z_NEsTrA{T>FUvZiEXSGh{Mq806N=b-Z)S=9ZNx-#)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_oS{YiLn4YTOmk(4}lvx5)mZRY8 zD9&qWU|tUUjoQT5g5wG%roZ8~^0{2^oVm)7e+ zdpHjA-F^0G(b}mj6FMKOsE5j*`lR~Hwq}d-Be(BXZs%U7@0Tg*v`%=lm2Iv$d-sA3 zJ#9j%hbJxJEn=+Ye)VkfYvp}&W&1<3ZmX|YlCnKuig2^&WcPDQ%av~2`Tb^l@P?>+ lw%@lz+|u%xl_B*{sHW@p{-Xw;%br=68U20v@ZNmSZvd+7v%~-Z literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl b/pki/testdata/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..ae04987076e146fb60f6bea62624545d7d3f9266 GIT binary patch literal 477 zcmXqLV!Ub4c!-IS(SVnYQ>)FR?K>|cBR4C9LA)Wi0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlST!pbJvKEUcEDS{YiLn4YTOmk(4}lvx5)mZOjy zQYiM9#2!s~K1_lOE;=INNhDOFP?gF532J%1yWtCYZ48$5l ze%1vos7zzwaN$U;6yUo%;hFQt8wOk;1tKiWn9gTzVq|2PbtmZ6vFkxMu1`9ctiS8V zoRT?m#&3cyPKm$oxG(DP+gUB?`TNSFJW^Gs#WY1MW$?-7xbLWNq-DwbE6u7edn|rS zdOZ@q!d`3c;eUip^O#S*{PWfM3Dw{4_B>K)tvopCiqRACgP#JIBs1sScFq%<^j&nR zq0+B+h9YIm8tbQ(d;JzSesy;7t-oQ3mHBCbz6^|4XO`6bUiUfI@9o7T-nWq{{wlXF z#<^ceA3bg_N literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl b/pki/testdata/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..4e91c590d0ecac97b0fed100466117b44823da46 GIT binary patch literal 481 zcmXqLV!Uh6c#MgW(SVnYQ>)FR?K>|cBR4C9L9!vY0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlQ6`U+&C~;n(Ax6e9?gD)ST?2Wbp|Z*>5(Z)o zBAZk%X&77x&B*iFddTDRsoA2R99#{!Kng@ym@&P;+{DPpu%*3AbZRY&93R`d?VDP! ztYc%IcFH)Tq_neyN*A$(rWUn{T@p%F-`rJs~YlsbI~)K zu>V=x+fK4QJ=opHzgV^GdhTgQ_b2>$28Wr1e3MdaB|j!;9_x)>lpXQM$u6aU)%^ZO zAHTzC7f)EKmCV=q_3+~v8#4hL!?hFEPHv{Rd7i=9?bG%wv yUv@X#`iAe!sOps~r!(*0)FLAv!L+=!Bw+r8Uyr|Kg$vqFZTfBZDSLgi&u;*YNwanU literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN1CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..d03eab299b80ed93e7d2193ff76bc77a21b3c443 GIT binary patch literal 461 zcmXqLVmxWkxQU68(SVnYQ>)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9nn49XHpI2N`l$e=UQmo+OXQ<%pD9&qW zU||o=Ic_3Ra`#dtGwCbtv+egvMdS@&-damT+YT;u#7i_{b8D~iN>NYNz?7dyq zgt>Ljwe3phvKt+5ugrFFP}t+J+kVQyi{+)u_qIIf;i?Y{eY1Fx-yCb9#M2v9XGk7+ z{e9(zZLVCe`2X)0N>^OJQ@^(PY!=I+++#yq#5{u(LE#_POO< zD^Wek761Nkuj8yav#_7x`1*}h>>WBk8+&rH79a&w8i>fl&i gwIDd~uBMhi^Jeov`6!_Oz9aHD=603KqhrvLx| literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..441164e02ccb35864931bd04103828512c2d843a GIT binary patch literal 493 zcmXqLVti@Pc!`OT(SVnYQ>)FR?K>|cBR4C9LB1ik0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*9AOTXqEi71&T9lhvQj(eyT$)r;l$vU2sBEAJ zl4BN@%1g{mbC)E+3x7`-O|sJfzHe29LtUn2T*9w*o58tV=6iuC&hN zs^!A}UjNcMw4&#RetH*v*?-nOP2Z{0KE;~t$`ow=eVd{Eyku5L>+7HKrB(G0(w}a7 z5XgO`>tVp2Iq$YhFY(aiJ*V;d^?iZtSuMK*KP&9;yT)Q@Cp~}dkK-%(vW{?`?2J^~ z@i55#b7S4>=H`u;J~=c@Hb1`Zj+{H!>n-WO7<;a!y#KfK+&P0cQ=(rgUTQs_yjFcv zMYYL~{Wce8KNR3q5f^B=)NUANcK5-Y!)FR?K>|cBR4C9LB1ik0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*9AOTXqEi71&T9lhvQj(eyT$)r;l$vU2sBEAJ zl4BN@%1g{mbd9zDvqK zqt+jv$SwC+@Bp{+yRSE1L_P3lwy3mW$(4xU7B*e)7iwp(`}b#MTyx<6?ps_5H{5T} zS354gP}6Z^QHtG8L%FKgl@^oCE`ROdnEpcb9P8oErtT_Lh?rT^fv(G&HWn$TEgO$BY8q$_LT=j32dfw%u|Ba&ipWk6! Q{^aeKX-XS<(|9$-0h(IDX8-^I literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..230bff5d6f7d3e2195e35059bbbdd57f636436af GIT binary patch literal 493 zcmXqLVti@Pc!`OT(SVnYQ>)FR?K>|cBR4C9LB1ik0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*9AOTXqEi71&T9lhvQj(eyT$)r;l$vU2sBEAJ zl4BN@%1g{mb~LQvz4L?D*X%DcL0>oXv&U{MeWAoQ!!kH&%U*-8sw#c%PXcc2{;*_bin;CzvHNx# zHz+MM=xb6x6>qU++nM7o_4gA52HPO7=R_YY&-EZrBI!xAh#wO2oH`KR2dGz3( z*_}09JX~9t{WaoWZQUl&c&t$38^gM-E7vh?JFd)F^`<(~MDzEZD37ORjh+qKJdgA4 zDupjn literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN2CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN2CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..8d7a0cef94c8a1069f8360f0b5e696ebcfd2a8c1 GIT binary patch literal 461 zcmXqLVmxWkxQU68(SVnYQ>)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9nn49XHpI2N`l$e=UQmo+OXQbflD9&qW zU|${MNr}sPE z^-kwFZ)sj1y=On`tVNQGH?;ds3kUM^9$ZN~JBnCVaTWkUJ#tVPp{XJr-zopFup zI4#q^wx7Xurq1WH_usxrZ+(_D=X&t#VEc?!EuDf>oeEpTZ_Oz?GRb(>;w8ncVNx4c ztm(cie5A!!baLWBdj;c-#gRdqn>NXRW>aRCGheKCZ|>bc^+t_FEoc8dNR-v?2;IHx zT)|Y9LLR*nT;7=v|IRi)S-qSu_>jSTvz%AFTlXpj9L<#a8tPirHu;04$lsNz0dJ=r gjt#nbaOp;=teU+Y)dwGYHSL_=xqI^;bM_TK08bvTmjD0& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN3CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN3CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..19907d7902466600a35165944ac9838f1a9031d9 GIT binary patch literal 461 zcmXqLVmxWkxQU68(SVnYQ>)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9nn49XHpI2N`l$e=UQmo+OXRP4tD9&qW zU|_4!+AtqGkwZ>az`5oVE zrkZM7?fT^W?cc4x7b~w=z4`h4yr0YbsP*a_qJ=7(V=Sc>{3y}q4WHH=@wK6>CiJkw zbKdBa(_>@L1!iSV*|5V%`9jC%O{aAD5?0%oD(e_MzrX$a(-M#P{m0lV6uq``>K&5x z+iK_X`lWM6-**F11M>@(k1x%2?_KgvX#KY}_X2N;%`WKoj=1tkPWR0G{l|P$n=9Y) h+hr^XF!*7XQaDfCy_UiHnC_IDw>~pz|8TF_2LMj}u_yol literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..784ceaa33782669398a1d9fdd632c78f8b0872ab GIT binary patch literal 465 zcmXqLVmxcmxQ&UC(SVnYQ>)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6mn49XHpI2N`l$e=UQmo+OXRJ_M zn&j+gD9&qWU|*7Ff)1PXGZLeI}cggCCmnFaZ z&u3R!#jR%C%eY`Zx3EZ?$DuL5{h}^S|da@I8~r z<+Zi!>8x|P2j`x>u)EX4qLlw?;JVpQEDH7)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6mn49XHpI2N`l$e=UQmo+OXRJ_M zn&j+gB+hGSU|}Vsg3JYpKSWZl&_VN&ym6z8Zsw0t6x#h2B_uLTAkW6ANeqLGo-%Rt^ez}YHR{ZT)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9nn49XHpI2N`l$e=UQmo+OXQJTjD9&qW zU|2WNCZ}W?gP+KjG{P<+Ut1r#AVW zn{|18>#4N|PFGf$KAL`GwwnN#>)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9nn49XHpI2N`l$e=UQmo+OXR6@rD9&qW zU|gI@lR{}@c)aG0pT9y5ZGU$oa<*So_v@!hs&?1Tt~zt^8dtFHqEAXLUqvNM zwu?jscTG-9?nuy{CgD1--Ldvaf#k!xU;2aQu&TSCdGzg*+T}imH;Ig;ug@~IcJJ~z zDwe!z|IR;;M9eo&tkl-q?Hj=(k@jWBMw#VHcRkc}`o|USs{MQK%V`DrOa7X9s%Q2l gNU^UB`gCe4ciH6^&#c~`{us9V=+RR@xbqyD0QC5-r~m)} literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsDNS1CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsDNS1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..7608ab1f5f5ecd33d348f9b89383d82dac74352b GIT binary patch literal 462 zcmXqLVmxKgxS5HO(SVnYQ>)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG(Xvn49XHpI2N`l$e=UQmo+O7i_5D z>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&8&`>cczpiMrRAN= zn%VFE&%4F`*wcUuq(Fp)8PmPYO^l2TrZ2LU>tyA)d`*t-ntmkXgUy7=Gp-9f5fNmx z{Hjsr%a^Mvt3A_{k$du;|Hcs?K5b-JrzIBUbU|QwsPoaaJz)}wCw_-o*5W|_eS9eAA9>1-O^W0k2 z(7@nyv}Dd4rhIvaNY#Yv?PqFzv}EEX+rMf{wy~ahm?(KvT=DAM+efySo9!vy^7Y;) zx#M4Uzx-?5ve!I$>xT48J{q%mojJoh%P$->E%bZZef@+%$i3IRGm3pC`)GGZy-+t* k2-SVrqQ0Q~W$!T)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG(Xvn49XHpI2N`l$e=UQmo+O7i^^9 z>?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&ZXR=-IQwFQ3vP(X zJvew$Le!Lt&43G}K!k-E)4j}1jEoFwZLZxGZ_YX_5c>3V_xmP=e|sCQ-txJ1Ag?Fv zP!)glblxTZmbfqIJi49P?A8wsmd-;j+`>LBes$)1=Q1PJU2o0&^IZBxT&2{ORk|H_ z_MOi7;{G;?kU2J1QxogVe{*QI9-44(@-C&OZ+YByKhuMWuOcimT0hXB-~5 zrCZr(QQWn*!w=6LQT{Z=fg`+lKG&8i@pAp6e2)v0JK7#tjF4tzFQ0vdA^$=ugRy4SLVMoB#lWX0I#& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..af2d043280ca7872aadc8e12ca291c00017996e1 GIT binary patch literal 465 zcmXqLVmxcmxQ&UC(SVnYQ>)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6mn49XHpI2N`l$e=UQmhc<=4@eP zq~PpmD9&qWU|WWWVdAi~0o>15_6Mn(n}IjJSzR(;)5J8AE8^Lt(rrVJ@Sh^mab1$n?C38y~29qjgPw;Oj|m>MZD7A z@;|Qm{AZ7wi(5i?A0CmM1)wcO|9X-xr@1ktyu)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6mn49XHpI2N`l$e=UQmhc<=4@eP zq~PpmB+hGSU|w13k4UW9N`{x_B^1Z2#oViu4wtejWU-hrVUkDl&mWz8Vo%%-oTG8g$LtHs zvgb}urJbdiU9&eAFWk0d?q2zVmoE%2yfwOcK>d8}n&o%cd9I8A!;^4z_?9pX`c zg|ALoFMsZ9AeWQ)ypyKBpNsm_W1H)glSJqKV7q)M{76#H;o>vRF;S2H-a4ozaM}OQ z{&j6r#FsGrPhWg@*Ur7imnVEkW|tS<(Vg+!ds~64ow=*tvtXOXHr3}Hd*AhDI2hP1 o?Mu1J)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG(6mn49XHpI2N`l$e=UQmhc<=4@eP zq~PpmEY53aU|Bn z%JHyGPT-9dt}E*o8*qUXh_EnYI+?kNk&%I+ZJoj$gVMx(&4B@1uUkF7hpAF=5#49sdbK4H+9y!L4%S9I6QHqpQNRnKmoiK*yXx^IbsnpU05 p`4juA%xs&5EFXW4{NnJs=tlB^%8h-0qrLynQdoNV^qaoxdja&Tw=Dnw literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsURI1CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsURI1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..2ee9a8f5993dc870c4e4f33c745870be60478ea5 GIT binary patch literal 462 zcmXqLVmxKgxS5HO(SVnYQ>)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG(Xvn49XHpI2N`l$e=UQmhaf?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&zcki5irv%75I?~$ zqinCne2+rr2dh<3y!-BE(J=JC(ky$&QPCVD0Un^!#YjrOlFp z9kUJxUKQ+q`(VSRc4N&-(>L2pn`%xbMiqoA^zUk1%Y7i>t7mph_ub&v77|m-jpb|a zZPHI#yW0NhKh3Ku%*M)g^B(x$qdzyQRETZq=N*O1Iqt zPnIud&g)wz`dMM&k^AZFF#=gna=Pz0Wi2^*V8g3p-7}TNLn=aBoW3|Hz4~KPo|v}L kr0LVK%x6b@uNm(#W0?>hYIKY@;-gx5`pqBlvMS3M0q$6+#Q*>R literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/nameConstraintsURI2CACRL.crl b/pki/testdata/nist-pkits/crls/nameConstraintsURI2CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..192b5d85e668d262ee9aaaf6a19e2fe4caea8ba4 GIT binary patch literal 462 zcmXqLVmxKgxS5HO(SVnYQ>)FR?K>|cBR4C9L4YB*0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTlAO}*wEG(Xvn49XHpI2N`l$e=UQmhaf?qD_XkcIngcimI1_n{$yv7EGM#eDi0(}Er19_kcvdSzH24W2&zOOqA?|)!n-1Mu= zDq`cVgu6YL4;yfS6o{}eW4f2QiII^Z<;z31XzrVrBE-(E;M8xP`OVg@&VZ*(?~l_{ zSFh~zHZQhM*#5$5^J9aX8@hWZDcdm$E4;m=S~zX}yrfkp%xCR4TNv9HTX50)Y}a=^ zn-e#-xhFgScFX3)`#%x=n!5^2(Q!nc>isl0V{*4xKp z)pvXURL;34jnBR@F-|QwJ~Pcf{_(=MV(XtA`qjGB@Y%}j_uF(6byt>Tim&xnSE={S zpHU)py)jyyQET&x?86e?<_inTzx|qW_urmv4|bmMnh)FR?K>|cBR4C9L6{-80Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTrpaN3BEG(O!ms9DSpI4HYnOE#sQc{$eR9cb> z(on46>?qD_XkcIngcimI1_n{$yv7EGM#eDi0tW*-19_l1vdSzH24W2&zU=?L>F(Jo zDHY&*e<+<+XcPKV)FR?K>|cBR4C9fxjWQ0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXb4llEG(9vms9DSpI4HYnOE%W2vS+B;Or>QYiM9# z2!s~K1_lOE;=INNhDOFP?g9q`I|F&34YJBC5(Z)oBB~aL*PYTWt%~-&a)5bKhp^J| zoDc(kkOCP-#{Vp=2Fy*2{|&f60wOHTnC=HkGcp)dHaKfLTNX=>BW zo-<_ukE?(<6O(dM>d7~X_0m@2ADQ07N+cDZuT!weGJPpEFQ$O|YCxAjfP{Fbd-C!x zjx$$AF4j4J_*jZ0v(f403s0qgGAjIkVAZ323F^l#Kl`Y-E;1-%*IVJ|@1B3if3L=; z^*F^nk;QtQR$luWCFMu=zcaftTP~A2@@r47#JU+KE$jm4q~yN~cYQuldR)oh^~H28 zqr#8gFaH?{_O3csW>Na>+tyRZxNFX=T=}q^yXf|v`T4trF5M4|jlcWmz&6|Kx3p(6 sXzD-cn;B8u6(OwAH?xk%wJorGuCR}Txm)qC?^~~LHfuJXw;-AY0E8Z}v;Y7A literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/onlyContainsUserCertsCACRL.crl b/pki/testdata/nist-pkits/crls/onlyContainsUserCertsCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..3e8c024c0851a5e712aaf22882670395b6cd7d1e GIT binary patch literal 480 zcmXqLV!UI}c$A5e(SVnYQ>)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG&_qms9DSpI4HYnO7WIoLU4@Tdd&h zD9&qWU|5wglG5(Z)oB6IgJth~c`_Mhyuj@qsB z{Ab=%xx{L~541y8hLQ0<3#$QhBjbMqE|7o-3p1t%T>&uLiYvp(yn{KmV>KJK0Tz*1<* z5B7V1_N9APFRzoCEA>){S8KyP=Yp`nXQ8J}KWofBY2xkw`eoG{0ejn6zjyb`mu+X* z=$=rQYyJ2~&2^=z4wL3@@NfUFFnw|B$7!Ey|JNPfebYDUX2|vGeEz^YZz9g!n^5+% zDd14j!l_kne{b6R%HO%}$yt+_SYq7IA6mj){$*d9)b5NLaf6%T#b37V@XI#R zbc*-ARn@hz#qyodJs**PJMy_xR_-yVeR}qrNc|y|ZO}D$!u%Qgz0_1$0Lg8< ALI3~& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl b/pki/testdata/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f78c17c43e87882c2a999cab5ed55d642a999dc0 GIT binary patch literal 512 zcmXqLV*F#!_>_r}(SVnYQ>)FR?K>|cBR4C9fsY}#0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*7AO%vuEG(R#ms1&>pPL$#npm8lSFGUdXeiEW zXkcIngcimI1_n{$yv7EGM#eC%fs%m&&;@9U40sH?n?QJ}^_zxg;>T zuJ3b#w^EYP@yDrK%%AVht-oya{%hIIBc75>(SVnYQ>)FR?K>|cBR4C9fsY}#0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*7AO%vuEG(R#ms1&>pPL$#npm8lSFGUdXeiEW zXkcIngcim?I!c_^*uc=p7{WD(GEg#5U}9uKQ3Mp_G2jB4C@ads%*DvIz{$YDKpwNP-nlm?<0a?gk2xwIeP?x8pIXUL zb^hBQqv%qum#IoZJ$JR*&RVt2`*&&H^~i(P|F5;rDBb1xGO*R>)byjC3VbCMx$7s- TztJ;+Rca#l?Y`p5e;Hx`H)gz9 literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl b/pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl new file mode 100644 index 0000000000000000000000000000000000000000..c2e7a0170d7a35318ee5f9cafc021308ac33d34e GIT binary patch literal 476 zcmXqLV!UC{c#w&a(SVnYQ>)FR?K>|cBR4C9fsY}#0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*7AO%vuEG(R#ms1&>pPL$#npm8lSFGUdXe7>S zXkcIngcimI1_n{$yv7EGM#eDi0!IUT19_lsS!EUp1F;5?gyj2|l$U5;b6m3KR9oeY zWvPrF>kI@y3S<}=|Ff_eurxCw6srh(Qd`0sy8i{_XX>2x4Y`3ZnNe7U6w1_%xBtSXWQ>zTgbeTdC~zj=BN#m z7O(JP(V09oA%5j_USFnkH#X7l)3=`}Tb1nD(%853=bEn#Ce+wx{zuD!ra8dq)0^M3yqi~la@xLf?SG!033sIhw=7s` z>HPZq(iVYPXBrnB+x#v$Xy?4YUj(#VI7=9f)%+*AO}&`$o+Fh{X2t={%P()-b+5cT z??9sGwflFrzM8Yrs(XLPmHHXyWyP~NPcrXelS;h*tVz%{;FeJe-`VB=H^l+~o&~Wq literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl b/pki/testdata/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl new file mode 100644 index 0000000000000000000000000000000000000000..7d1f1a6ab15616667cf22b4d6fa56b65a96c853d GIT binary patch literal 476 zcmXqLV!UC{c#w&a(SVnYQ>)FR?K>|cBR4C9fsY}#0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*7AO%vuEG(R#ms1&>pPL$#npm8lSFGUdXe7>S zXkcIngcim?I!c_^*uc=p7{WD(THt74Zy*oUEvw8TVIbBZl8}7=lJXMGYmQ6SoNB9_ zu`HF*W1WEjNP!F^<9`-51D0kcMm7U3kcbEiGp6gAn;01x`u=Qh;lHEAvb3o^`^t$^ zR$tR!X36+nX;PZ|pzMvtx&#{owdxD@JnNrKG0WKbC(YCIvHGLF=Zcm|DjdG~DL1rl z>c>5Z>R0Pzmw!{3`Sl{peDa0?6P=jBue=jWydr6v~V=M^hBI~t4g z8X6cF0-=Smfq_AkIIppRp^-6+yP$E2LE}OLd7yq-Wflnou?7)cmF?5pb>7{Q*>`Vx zi}d;hqGJ294T?YtWEdI$vt$^gEl5}pw?pm-dReVLw1mA{DKjn|B zY+L5fb@Ee126KdsyVRAIH(ws^eO&%9;IG!{l*?VMOXmOaS$oj-*se3)!TFvxdR~Ex zte4sAcS+o~y}$6tgd9Ouw$@2?`rRHH8{SpEa0?6P=jBue=jWydr6v~V=M^hBI~t4g z8X6cF0-=R5kd6}PH8wCbGKO#sq82nRHE3L9AP>|ptIQ%{Al4wFtFnE1yUx2?GW+gL zZ;@WVKvZmBwm~sSfea(#f0j&x^aTkE;+Di1L{Zb3hCBvbAWtw0Gdldkx;>rw{t0W5cG==v$KLwa?BDcf-i6f)?Qb`v zo_!lU=gnRLF7xFtCi5}yNoFqE!Fo5%+hMxVfr+ZxHP$n}+a&Dw)KXu^q`mZyZ*1Po aXCE)vdf8?0YiXRS3Ca5Z;z7aE2pa%VxXxw( literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl b/pki/testdata/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..0f742ced57eba4d0bb3af7241b2297f6265d5973 GIT binary patch literal 614 zcmXqLVoEY-V)SBSWHjJqa0?6P=jBue=jWydr6v~V=M^hBJDP~| z8X6cF0-=Smfq_AkIIppRp^-6+YoKJHz{JRerpSQDfD34%tSAdJ7bD|>#-#?0iwxvJ zBFZch24W2&`_k^n@vvEcyWC+iF<7mUH$yz{q(L!Afea(#f0j&x^aY6v;+Mo4L{rl% zhP(#cAdfN&vp5I&7&bGpCP3UN!orLhjLc1pj0{X3=HBjk$BmC3elPd(eTok|$CQ%V zpj-QIy2kBRjyM;vamAO4=dmVc>;Lp0(ffEsKglWVt%%0%f+^Qh8JZthtk{0QBmUKr zsW;PXO!GH8AB&y*=AF_(`)&Od?>FoYnSS^C^jCH=uI^U%7nhX!=&)?^>V)SNWWHjJqa0?6P=jBue=jWydr6v~V=M^hBJDP~| z8X6cF0-=Smfq_AkIIppRp^-6+YoKJHz{JRmrpSQDfD34%tSAdJ7bEk6#$^VLiw)#K zBFZch24W2&`_k^n@vvEcyWC+iF<7mUH$yz{q(KQtfea(#f0itRj0K4c;+Mo4L{rl% zhP(#cAdfN&vp5I&7&SAq&u@S@RD^{YGaQ+l7#SI?Lf&o8+x$8!N%GlsyYd|AYfH;2 zYqwvPIF$a<_RRY8k>1B1Z}UrZxKrr5Fw}$n`^}5{y5_cqWs9$OS6c3Q{MgoC-j5#7 zoTqm1Z0+Ky+tt1mR^BLkrsTC=e-qHSDJnC3f;~8cj^z*|MTalO%O^i z4VSkq&D!_mcX`+1iOuJoU({T=k{BxdQRuaI^;)+ZlZEEil_hRmJ^jVW-6=xMDeF3} zHywVpa!ZgpgXo->^W%~=r#8QmeRFr>f+YbS?g2|2>M~CnUC{n)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG$}(Sd!tBn&+IKS6ot*n3-2%py2E% z&TD93U1opnh3p76}8f29ep?o4jl$9L)=0JgKxd z`5foR9@}3ATp$G^EXMKCG)1YWtY*aQ{|Ua6x$OnJeT}=L5OqvL3dj& z!*dog-jbqwRp;D^d-1)dOj`HtcL)B38~BaZJ#F$n@olS-;tlh@`ehS%W=TAoY1Spf z8pL+MvqRD78;?hbN7{nNYzc8Z4y)Ytvksi;5_%c-JYtviD(7mE2SFd#M|_C8o_i?u zbwbI;=z>-=Uu)K{ch?yTa|DIjr#}-4|GK%xPi5MM&&gR40wQl7F8QN!;$n%xk&g#f zm94PXQT)cyt$$ouX~ph$iziI3nl$70r-q~VHyqKwvQt(+RMX>j)CD`)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`&Sd!tBn&+IKS6ot*n3-2%pio?z z1opc%5tED{D{4I;-lwWNRVcxjiB zP<4Fzxy=!Q)n)e#xIhX-SeP+g%-qDt$S|wrxLPn<^I`UcrfQEnZkJ@FxCB&{r8d4h zUiXdR7OUe~{%t2k{;XDCq5Wre@<~RQ6q}{$@88NXxW#bY`hB2Y?o068vP~y0@n)ql z7Ht=La78uxYTeFu>vfx7?1;P~YIv{0cye^Q;LP_ms;dk#1;u3V#@bfgivO}Rajt+= z_P>}-=OjGSALvWHaEY3}j-k&@zj4F6`8QY>Yjid0hX!+AUzGXH@9x2cuJ1(pb^m^q z&`x*D|FyIlan}*qjxjxvEHhiy9AVywNmG;)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG$uwSd!tBn&+IKS6ot*n3-2%pio?z z-QW(q&Pb#eKn>S9d|3=-SQT=+tFTlbfxIwjE?~En6sY% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint1CACRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint1CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..dcffee381f8a3be173178e6cbdd3c1ec1cee3696 GIT binary patch literal 460 zcmXqLVmx8cxRHsG(SVnYQ>)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG$}(Sd!tBn&+IKS6ot*n3-2%sNn1< z&TD93U1opnh3p76}8f29eKC3KRZ|i`?r~Yc;Nu z`E$@c{ntSQE|3Bd7G_M>GB+_YG9)@4xN}9)QF2w^0>zt0SJZDznf{FH)-sDF@i!JP z`u2lmRUuo;>t{>{zJ?ST<(OL?eZQznPVIN#F4;MZe+vYXn!_uzefdQ0r$3N4m0fq} zqL0_M86i!1A3_{bH1wcr%T7M^@1#hWId9~v*Y^(Im%*y1OzPY{a(1vwe ju6&i0+_E=Z-0$b6%%12Iy{@7zJiNzO%*nrzT+#^u&Y7z( literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint1subCACRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint1subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..f7ddec3508cb7509a8ed4671333e09fe84f31a37 GIT binary patch literal 463 zcmXqLVmxioxP^(4(SVnYQ>)FR?K>|cBR4C9L7*YG0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTtAP-W&EG$uwSd!tBn&+IKS6ot*n3-2%s8C#* z1eO4UBr3K-S&od=+SAl(_Bwq zd@1?(`3vWz%XF+t!}kCcov%t!n?c zd@=Gq?mo?1zF~K%}tLaw$!!wItOcB>*EiaUOQS#@= n1OBgX#YC*N^!>Z;2hE&3+jVx)OsgFym8I{@*u5`1vPB;N#1FAJ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6CACRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..a211973079491b5ec7a3d677d244392020ab3576 GIT binary patch literal 460 zcmXqLVmx8cxRHsG(SVnYQ>)FR?K>|cBR4C9fuA9_0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlN*BAOljsEG$}(Sd!tBn&+IKS6ot*n3-2%rr_)- z&TD93U1opnh3p76}8f29fo9TG##aS@*Dax^l;f zr5h8tclq5g-~uTSVPVE}EprniBg2exp=nPx_W!O@VfddBP$HeQyrOaHf%9{I-Y7g9 z!TtG{I@el#jSc0j%ikzZx{xULbLj)&YY7uAEw3t+ZkfOA$VGt(%7SZ8Z%h2=uIzT* z`|IhSs`aIdew+-;do%a!b@w?U)%|;x3U8Nvx^C^!$A4~Lu}YiS{K944f8&OR#mCB% zR$YGT@Z;4VAr77=zeTlY90+23x}BfxPfM@J#CHLF)u-OQLB9Y7c1vayt>vv{HKKK>3!y3Tmk05w15Br literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..71f4e104c2b6ca55076bcc5d412f742a4741b41e GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`&Sd!tBn&+IKS6ot*n3-2%rchj( z1opc%5tED{D{4I<~u%9@KOs2uNI zoSRd~;Jn$=daY z-`MxnasIy|asT0pt#hY+>tWw~^ex-{*=zqY_=!ZF^F6VI>C3m~B{8NqKZvL*@3Iwr z?%^!_U8efM2BwG0Jgg_Io$F|C@JU~a$+gt;UTh>AU$(+OYw;Y_M2))pf!WKyG{3JB nw71M#l5DW=)&Gh+bI(?Vh@3sT`AjU6{DBV!i4uR()s&e47G1LL literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..ab792d4da0683606f4004d4ed0eb4a09987862f7 GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`&Sd!tBn&+IKS6ot*n3-2%rchj( z1opc%5tED{D{4I(zPrp}uj7nbxg z+G0Y^EUUapx4&~6aDfzvurOn~n7N6OkzpeD!=IB<4eV-Sx4Yyl-<`%{nPQg^?0NPZ zfAc}vu9VXs7{mpIQgaq9{5?1Q6zjtzQIDu-we$UXXv6z) z(?&lHQyx9FzMbYD85jiPe;#EIx}>Kb^Y8Nc;B%j&=dC#NXA*nnPsYb0Yn-jx=B|#= z{k`dvr1XrNny&9A&3ySzs3fs`&HOjsmVK9*xhEX8xV%r$jhE4?@8qW*`>4mFvpM!< pg>X)v6X+KDwY;(XQrk|ZM`3H8G#@^9T+{sGf!~M3zgo3?0|0FkvXuY; literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..27865650bad3507f6457c5e93c6197bd751d6c0f GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`&Sd!tBn&+IKS6ot*n3-2%rchj( z1opc%5tED{D{4I-Ycx4nN0Cf}UN zq_Ks&YM!uolxVpD7f68!3p1vRnVT3H8Md=eS+8=?r^0Z;ihsvb+kDM9|380}tS`ZH z{hY~RvF5EmZojxv^z&F+t;T}Mo}Keq%I#MPGt8*{s=SnwG19N>s?6$CCs*;sA71)N zY*O=+)Lo$I&A)Ql*4&64axtR7Df~X2`cu=2X~D%0&k9*W^(UNry5fxa2lxL% zxpFV2&Y$qubn-*BXwxgkbDwYdEG9U0b=>)uS7-L@-!n&9=i$t1zRO;R3psZh9P>$F z{PE22Ns!|#b(J3{pVTL+)~UPPS4gsoFtM_~A7}QnXu+&UPwF;s&9I7hWHYvM{Tgkx o!}Cpaqtr5%8CqZXKL&sBUL$$6l}Bnm-_f literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..64d154cd2f05c7145942feca36c7a157cbd83cbc GIT binary patch literal 468 zcmXqLV!U9`xRZ&I(SVnYQ>)FR?K>|cBR4C9L6{-80Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTrpaN3BEG%1)Sd!tBn&+IKS6ot*n3-2%rchj( z1Vqk`1_t81h6V&TDL7Xk-lIF3>m7HIN6IBdg3JVIbBZvTNs~j_+3@ zRl6Q*-uGX?W^uQ$q{)B_q(Fp)8PnCwO^l2Td$(EIURQf0X8o`tK${USNI8C_P*nB0=VE51Y<))$ZSFtbrr(kFf#Xj^ZsCrd z#f%qRauZifW81Xm!qqq>wi5w!r*G<;%O!4KS<*3I<~H}$CePEGn>!S(TsF>%J8Sj8 zh@-jmQ|g`Ht&>}GQZBy9QAxV8NulW3BZdD*rZ)vIXLu1D`?Kt)*f}Au>rH`oRd;Rt rs><{{ApUya-HyfF6U53dytiGv`aPrDCWT2KCM=&>y!FW{8{Z@VPHwyV literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..54db33e52a9d2cd2f0f5dca4631bf21fcd42e84d GIT binary patch literal 468 zcmXqLV!U9`xRZ&I(SVnYQ>)FR?K>|cBR4C9L6{-80Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTrpaN3BEG%1)Sd!tBn&+IKS6ot*n3-2%rchj( z1Vqk`hKAz2h6V&TDL7Xk-lIF3>m7HIN6IBdg3JVIbBZa(S6+9Mjx% zvDzsO{KY$4jzw=Z+-JZAQXs;@jOl9TCPqevg)B}Xn$a#k7Og=%j{AjI&s@A%d2%7I zwbqGq&*XOU->+3`f3f&8AG7*TzLpxNi|1I_7=F+063KH|I%}DUZisKDr>pGc{JM*s zM*J%2OYdCwdQ~VW6HneRj5!bH}Tkzue?GxXX_s)-=9hGZdw0c*6&!r{X zeG*@4|Lxi1p2NCmruO64BIfGCJA&C;_gGfnd?NkpV&a-v8M`Dy_Q&26Up~vJ)vLZc zLsQ~nY$D4VL6!XQBk`sj9^Mz^Pe`AQ*t2#~+aJ~0fghbFh%Q=r_dwhJ4VR_ULgT{@ p`3g-rKYhxQfb@37;`ik)M+8_DcIh*ht&!Z6v6Y|c&J{}oGXU8fsS*GH literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..9fe269d34f28cc305b00ee7cf9b6d4e622962a8e GIT binary patch literal 468 zcmXqLV!U9`xRZ&I(SVnYQ>)FR?K>|cBR4C9L6{-80Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTrpaN3BEG%1)Sd!tBn&+IKS6ot*n3-2%rchj( z1Vqk`CWhj?h6V&TDL7Xk-lIF3>m7HIN6IBdg3JVIbBZ;u5ut{rtDj zCyu+lPg(di`k;N&o^S&$kOC1FW=vNzH!(6YINiACRu*S{=lt@Hs@Ym{ww5~%#~v&R z-L~w(ou=xkbyw{AQ+7r=7$;tMlJe)|3Cq@vMWTvvQ`MJTzq3-jwdDU3B^lM?&uRCi z?^&N)el~leeQ~zAbB(9W-=w4`3uhlT*_V*T)O29aJxP;CuY$Q&iKWjxaQvQ^_2iOs zQg8po5^DNFSXaDQ>Xo+vdgv9{i)wEgw literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..c10a7ad3463c210a8da62b37175d13cb853c8a93 GIT binary patch literal 472 zcmXqLV!UF|xR;5M(SVnYQ>)FR?K>|cBR4C9L6jl40Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTqpaD|AEUZ|NSd!tBn&+IKS6ot*n3-2%rchj( z1VPS@hK3R1yoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;nkB2uB4HrbAkutm$JS$W zPjqwCblbm`DpGy4Uiy^*7f68!3p1w6nVT3H8D^}R8zt)WTsvlY!{f8UhZN_go%rt~ znO|L|Hd%36YiXPD^Gq`dyLB>x+}Ad6^W@FDVKL=r+q2prci}0~RWb$JG*?6&Jhvt3 zoXM9nEPvP*B%TOXDHE16S=4iG-K?k2u9=@cy|(kv>60uLGoK2tTix?^0ZT^V4QW<; zaf|8CmmE9uK6v(WrC*l8Yu>P*{=N7QYsy5Hy)Koer*3FV&lB_Js4r9gyJFT^sSk14 z2Oe$XSL!)&EcjBj>4TH=YmZ&@w|DoKwESf<;a2mj#64#7(kcbzJG3hU(m${~Efoyb s)c*8nf38vS<~ypkOEoe}E6dV4=UvuGEzy`dB~rNPTA$4RWn1R~0E7~=NdN!< literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl b/pki/testdata/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..23a21b42edc2d62ad9cb3010bd75703fc597d2b9 GIT binary patch literal 472 zcmXqLV!UF|xR;5M(SVnYQ>)FR?K>|cBR4C9L6jl40Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTqpaD|AEUZ|NSd!tBn&+IKS6ot*n3-2%rchj( z1VPS@CWaB>yoLq_hCpaxY+zszCC+PXU}$6v<1WxQ&^3?;nkB2uB4HrbAhPi7qR*xw zOXu%Ne&(JPtdir!Q>0_S1yUfw!i?#1<|al)2KJkK%L6QnmYnq5?#1W*L-WT06>Bc5 zHS?#3aL3v1FbfAbEtU(bI=VWnWyFy{?HhbxU+$ZnToNl7|^{%&acS79(~pzwV7?5;ekV rN9znlHg4{Ys@T-_K#d_K`4}UgLfH{-Rf|XijSfxMuV1d(aijtOr|7T) literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl b/pki/testdata/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..436ffad9fbf59e72e3504a127e19e9aabe9f08c9 GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`2lxk#PV4&a}QYiVI%2viKzU|mWBo3wDWesw6x!PFHed7!P|GvDO*g6mbml>Vpo+&dEgCCVPvs8^i&SiO(q<`9FDdP|CF|B_Rh{=;ygDLA?g;nx{PHc|Z%MCKvD}>>#dWK9qs^L6Gju8@&GM-G zvM2Z4|9=rrsuLe1^!~6GdcQzNf7`kZ7TjNz9Bp^!E;1IFDRsVT)|&mAkCskkJ?#{_ hIW+gw0}sBJ{*_Yu<_T9%cGu(0cm26U&TXrpCIE%KsE7an literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy0CACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy0CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..3c73231310f4880f8b68fbc70792acae9d5cb63d GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`+T3DJ{lrb%kr`ET#rrAO#{U%$P1_ZenC)@Vc4x^T?9@7*en$(B*88h(R``oN6E@}J63)OzPR9n`GYMPHj!)h0hADwCy!~2?!&774p zmo~5APC2Nx=|p{z|0m6N#;&F9kLJ%}xurkXywNGzMEunL&6nclM&7aCWYHWcc-7I8 nLHc8bTmLHeWmmVYFWCO^>&k8GjD=SzKkm>ozsV>a`Y#Ot+H)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG$!$T3DJ{l%Dn% zxQ#zq8?AEW`24gp%76=`K!k-E)6vXLjEoGDi;^3=zs?g@xV@dZ>YMAUe$IcrY@7Dn zKcUR6S9Gd#?ft3`^4`pm$3w1mdl~sAF=jckb$*{Cb^lZ}D-YY8^S8A26r^*isat>h z9+~uh-G39sMH%6Xg1;^h|!@BQvyx63qN3Hp`r-+y9A z-keC~51bB4C1Exn{?Er)i{iIm zJL&e)-hDw^1F}l_#LvFm;2k@20^^4Nzm4Ypt~p|1T^#)C?P>X~yg_0Q^(Tt0$Su>H osXAqqMB1~Nf(|nNC$(SlsWDlpNN-a4#K3uDvbskFr}&lM0Jxp2x&QzG literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..671e072afb2f6250b59a6f7383bd58f4f414b851 GIT binary patch literal 470 zcmXqLV!UL~xSNTQ(SVnYQ>)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG%D?T3DJ{l9~WUVnC9a@x6V`<59jJMS*5dN1zgqMXH@%a*wF)}Nq9o0WDief9pr`G{S2 zHP3$h9rE!%V@U@?)A9`^8P|`_+gQiNf1Q(SURZSE{Db_@1D}b-x9;(_o`}Xm)33-S^n1_GO+~d* literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubsubCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy0subsubsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..1bddb2a0bed40bae426db5660cd959107da28f6a GIT binary patch literal 473 zcmXqLV!Ue5xQ~gE(SVnYQ>)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUZ+NT3DJ{lQLmqWGo70r`7i54_(Auo z*~+ZTSQ;4oqLQW`-|zZm@i}Mzn_8z@GIncN%Nf-jeQ}z7N>+{G;plgJCKTSavsD$H zeZxhUopI5z?BK7LOHar9%kG~%bAGp^*H1UC^Oe?X!jHX`h@B)VcXYu7QH2F;JOOTk zPve#U9GkLfi>~l%eg(yv5GSLZJq`uyPftw}n_HkQFkg=2{$%kPSEZjPWVFP-SzhH= z#<+;9&S@6A7VFxg9HE`7E_KPS{v*HK@yw-rJMt4cC+ug~<=SpgQpd>_TbTVk=jL(U rnIA7#TPE=Mom6@wJLmq|fBvi|-u7SJwf2=_)5p?-VcoKyE588%9J8<% literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy10CACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy10CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..751e35c529285beb3fef9a55a0504c8d54defc8a GIT binary patch literal 465 zcmXqLVmxcmxQ&UC(SVnYQ>)FR?K>|cBR4C9L9ijW0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTxpa@dHEG$)&T3DJ{l{+(`t=Bca8-Hs{4mEDyQX;!S%1=$Z_BL(zR>c?Pg0}qE<*FNQzq6cvGVb6?R>MRe o)^97m&N5HhTb)^H&8sE)g;87Wk>RPC8mBC~p9nBLV%W7G0LHnqOaK4? literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy10subCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy10subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..78a021691b6be1eaa6ad83e8d0c0f1f764f192ac GIT binary patch literal 468 zcmXqLV!U9`xRZ&I(SVnYQ>)FR?K>|cBR4C9L6{-80Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTrpaN3BEG%1;T3DJ{l3d!a%G+Bu`>lq6&Y; zZ9O)@X=>){PgZD#u^DiI6o{}eW4fBTiII_E=KmIn<7QFZ6Fdq_{q{TGy0Gd(Nvh!s z_T7_;{7e6T{Lyv3n2|m8!JkrAiMc7i1zz7#5ed3e*6~^3%dgrKqOx__Y7=(GPT^!( zcQfsPXic50fM)f~Fw3wU>Dv$9#?C2--?O``BV$jYU-&tRz0a=1bbbCN-eP{X;*H=g zXE$}hyLDo#WTG=_V=paT+g|9ym2-h*+dCn~qdT8YEm{3_>()FR?K>|cBR4C9L8KwK0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTupbk>NEUZwJT3DJ{lX{(WlaT)Xfpx%<)2#qQj5 zzP0}UuXB5*m*m&U5sRHmALDAjg88M@Z?<)w<>;r%XVVT@kk|^}VjGA@{F#W9+>sspL(Qp9;Gz7I%5V z_BvO4U(W-kjKcJ3>jU(bu-x8~YPavlKII9&lQy``-?dTvLjIW(t6oq1kx+TIPNTIm sIwAPs^mOsJ?_Z>ac8EWH!c|}q)FR?K>|cBR4C9L5v}{0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTopaoLEEUa9VT3DJ{lthr|)x~tAiE|ZU8e(~8$ zy4_m2eX5NdTPvq*FmK$kZe5G?`sG}S8UFv4*k0p1)2Q=)^>@(&+H*Z$byz4x2D9X8 z&ECbZlI#7(`4PPPCG;e>bmYkNG+g-0R<|rqYe#O>@f~tD2)Z z_2*efAN$mC)A_~f$Pdr=+A^=cc745X_O(Wp&7DOgcQDKed?^MEoNtK6=8mnmHzc-!T!!p`8^Lq=iKXyw~5g#VO@RshJ^B} sw%?O?tlsT$a=+}yOQO~fV>IKJP2A?ZBzoW7(21gbY!f72eLvj^0Iw&tlK=n! literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy2CACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy2CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..69c8132fb8a683687124a9751bea5e9e7c1d894c GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`+T3DJ{lWS27ku}z zzS%l=mgr*LmB$UZKng@ym@!?<+{DPpU@swP=;t*ttkvvznGO4|=9rGUL#}3TUV3tH zvgXWbt~hpI?ZNMdi?7B7U+S&sepa|>mYP5Nda;LEk$DlJLVuc7e)>&vE)goL@!m2$ zpW7+8gC+3mrHM~l|4Tc$t1jTX>vU=N!CC$Oa^`n!bW&!{dK!QE zO6`kKl_W9C&8vMbZ9J{3%PGaME?Kk6)x7!7^JQjo0yTV_U)-NI>x0N)vx`wT_cs`C mY~|YbkzM9Tp?2c2crX5#hFKFO_j-O<*jE0&Y{%LHxhw#C8n8nE literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy2subCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy2subCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..6c62766150d3c2f6f271983c9f1699ed8dda260d GIT binary patch literal 467 zcmXqLVmxoqxPyt2(SVnYQ>)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG$!$T3DJ{lfqe)f5%8(;ifE|k0$k~qsUkIP}j>TNH5a~01V zKY#F;-;@R%reV~;mEi;@?suhRJ(rQUw6NI`M7;-vHX4{vV${4!>F(cxW> zBsjOXmzFH4dEUmZ_OMX1dPV!9U#z(|r)}PQ?9!LTdL^IuQX0bylmsJh>b)+#Ah@YV zB`cNVbYc1REwNGJnoF+Dzh^#$+i-E@^V=&VZs_!is4cvA{L1#t%e{WyS1`@v_kXW? q#qF5=vR_KdH-2uf)^D8J#XU#QFR6OYkq^_B&E(Zx9>HV&*AM{VPqZZf literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy4CACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy4CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..1cd554bd7e9423e345c3a7b3b2f802efd3256645 GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`+T3DJ{li%uN zb^7Cm*Kyu|=k5G(`}dATZ!cBayLspt@|Ydz3=vp;=&Jr12X;;-1uwgjhPNMPf3Hfs zJoiP)(~LETem_4v&CmL}w5DdqWa(q+Q-b^_=FuEM3I6MUdGdyZx);%+s0yb6TftGTbJ-joEJb mpCADP#%GtZKds|jma1*=p)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG$!$T3DJ{l-0eVz6B zUAM{MCAW%Ox9t2>AHH>$r0H5SV%U=3>{LH_pFuhe^59tjJ>9&`*WcK z+twKZ*|LE}CY!>q&2gH=n|9)VY@BUsU&scR(uAYm6hn_ceNy+WV21r!6JCK`S$$D` p6V4mNJz9C}V2;|vM$4b&=ggZbA{Se0&zT{ADAo4#H~IE&#{e;cv(o?o literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..fb3a9e7ec22bba6b044054f86d442091401ed09f GIT binary patch literal 470 zcmXqLV!UL~xSNTQ(SVnYQ>)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG%D?T3DJ{l(?$c(#1yUfw!i?!|<|al)23s2qb-xb9$;Oj!oCvg&m5j&`FAXc~ z5L1w@Q4eMcRMUQc_Snj7maNU!ZK|yO!ymoBzA5{I^5jR~Uc5OiT%S==`udY&TQJQIHp&wrS0C-#0b8Pk4Q2TDE=P z^iTKL6%;4T%KrUF)&2ZDzpXq=Cn?U6H~jX}woO-pMeMFtg5XE3IS>86ope6BeDyqW r#ro~S+hr>!n>HQw>@xY0uP5ZfWD%nNM)0Jy+70>TtG7#VwO#=L;DfO& literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubsubCACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy4subsubsubCACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..94e259b854f399d74f8078f85f5d06cad0ab08c4 GIT binary patch literal 473 zcmXqLV!Ue5xQ~gE(SVnYQ>)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUZ+NT3DJ{lvc7AqQXffR_aFk?EMxrvdHL6_6i`T3toaR%AzuAcs4>stPzt~ky2 zvu4#UU%MvP)!}l71gCHNu!QB-O|1$SD z-SIr+eCliP)nAtKjCuKmrp2l=v%k15+}R<&LYJ%5RY^EYZM%AISBawJC6h(%n}VmF zfAve?;D1I9HNM800F&8)!tv9-FIiNpDzM(~zWEOEpt(Jb(+rj$;qM8{j-T!>wnD8{ z``6kV=e~I!`NzHCc3?5HW96E2?LD_Qu6_GzQFZmcn3u}84d2GRc5kYAmp+?MB(G0d qe}3S+S8I4}GKA*d=l`>t;ge_X%r`3EOZPr{_d{y=2M2A}?UDd!v$T)^ literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy5CACRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy5CACRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..786949ba0c09206cce5f6066598dc4750ce44b99 GIT binary patch literal 464 zcmXqLVmxEexRr^K(SVnYQ>)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`+T3DJ{l)FR?K>|cBR4C9L8u|O0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTvpbS#LEG$!$T3DJ{lx<{E9_8c3s>eJVmzd z$_7`Zo0@OLUzD>oNJ>t#Zk+mRhUa;Sm)&7qA=ypMyPqC5+4ry7WLAJwlkmr-FAK^) zHE^B&%2aiGZb&s_e(~!cD_t7CXouE)a7ycScfLF!Ij*N!)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG%D?T3DJ{l+WP8gUmri8t+v6hW4l?Wb&XcY zmy?HI3E8Z$JHlYSQrknH`^WbnOYI+>f2WlG4`0Xi1xe9$|Nc3JlraBGVU=Ez zra4L9#d3;L@)F7QjZ^aeo{LV({npWbayt)8V{t{zjdBN&;3g4j;7DE^zJ*=g%`H+{aqLK$zo4f z&b@Qr(yyG#`QdT@!KTX82UVV0TN-^I@oqXQ!|9`$zN%DVuKl(&_a(7^WoMa2d*`Ic qHAk&Hr#~}nGw;X099?1D_w9@tu4TX4SekhHPrgau)FR?K>|cBR4C9L9`*a0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTypb1jIEUZ+NT3DJ{ly>X}K-bMa`Cf;)HoW9Rrdfk+5 z2%XCL>s!6`JEQ8FQkQng`=`Xj&%BnLwekh~i_MFoQ?^WDNXgDi(>N@8$iMpPeFaMo zagT-7j3<1%+LsqqTs!#B;Hb;xpKCYGIWWm>W!3$;V#i}1FFI3vW@gI4jVJz2)2@=~ zxzH9WI6v&Tec~MFxOXfmGnT3*hQ{uAdo%a(!w0Uf6uw;8!=Ja&HatD6J(son)FR?K>|cBR4C9L69N00Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTppa4?9EG$`+T3DJ{l&s?M>|f|IU}~9rD6V$lfNIjNpnux zzj@E5d$viL>5V6Z950%3rE`m%=ic=9@1-pU+w!V~&qwK$tn}O(zK3Oh+Mh|!RT35p zcIxwG?~37C!MXU{*7NLt8Qx`_K3H0)BNoiGC}B=x*sq0F@2~9eSai+mxYdgi*Ns=y zMEA(CDVF|?^UpbNzTr;q&s|1rxdl(VZf$T9(_L}r*ZBqF;n9vp>-a62pQmj$d?B{? z6W_5F8)ekJerS1!JbO{XdF>YS@kom~v5o)I*%oYDBCVXr^Hx1Q?~6e7diiz7Uuj3$ nd!#HdH`eQSDmRs>ziJ1Sq|4Z<=t@NRTQXdO4)FR?K>|cBR4C9L4+Z<0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTmpaxRFEG%D?T3DJ{lUcg)xuN_}x^3WvGfD5ERgoPQ?-ONplj0_q~nfVG|Cq9_4e|>>W&wB@rFY=6S z(aU=qPkr}u>0lAK^J=lWAYMH_&mi^_s_2}Nc@mgIM>R1j@$oVob_#Q`>$O%d~w$72f{C` zrB`QeE3un%iR0tRQm)-kMgMC~XqmWpO?D6ara+@C)uTgh}D0Bh^7)FR?K>|cBR4C9L7XAC0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBndXlSTspaW9CEUa3TT3DJ{lqz`zg)EsPBe45Gw&jSUQqjA7gb`UbiN@<8)sm02VV#2Q5M z{`Ycpr~R9~wEB07aq27PsUA~i7;u3Uh_EnYx}Ld-k&(e#v?=LvP{86zYkKZ`WW3_O z#rjL~P9smwUeok2G0vd>#@kbh=C*%7acI}ZX;WO7R>jmbmIbccyl3~Ww@ZrFU24_i zJay>hp46T#^2l+cGhS)Cahc71(hacgzAhwF7Y$;_D@ zomUS}IPhU@`J?vS2WJ+n*ww%BwutRH_Z`Q7yq2ENtQmQ;sKtEd)Y6B~zMYP{T;IRc z{j2HR?k{g&+gg0nizra~Hht2nFQ@906D}^MFiuqXzdJVB{fB>!<6qC}Z*zY-W=hz9b6LT-yLnP&{+f*&4{iYfn`gjx literal 0 HcmV?d00001 diff --git a/pki/testdata/nist-pkits/crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl b/pki/testdata/nist-pkits/crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl new file mode 100644 index 0000000000000000000000000000000000000000..0d42a6735911037fadb05f355fa869c3a5cb2449 GIT binary patch literal 479 zcmXqLV!Un8c!Y_O(SVnYQ>)FR?K>|cBR4C9L82kI0Vf-CC<~h~Q)sZEyn!r;!zC;h zl3HA%;G9}il9`s7oLG`ttYBnd2m}WDAO+0A8bzsvrI|&kt`!A2naP;s&_Hq0x1w-VaD_Ta}y&Y!-6fp(uG1!-8}qFD))xXv7gsN zX1%Lf`5`-7cKg)nIZJ=vF<5xx_2tsJ1 z&Hb;#PM!U5lj7^&LifK(Zk(z+W%rX)SIR^}a_mDcz0mo!x;i@R;R=iBUH5LzeZV4C zW393!)14=2lIgnn^*_G$CH4O;a5$=+^K?Vo=A>BO$%l$Ri%vZg{G;(-VC=r6DpN`2 zd4F=3_6L3ynd8FawW3Qc@$8X5GhPac1~{e|Snn)(>9pH%{)P<&ufvwz6PytDiF*!1 wsi%06_3Yj$lb*QAyRc82!Yj)3q-JiN+9ZFoFHJsowHPM$y6Oa3=@ +''' + +import os +import re +import subprocess +import sys +import tempfile + + +def sanitize_name(s): + return s.translate(str.maketrans('', '', ' -')) + + +def finalize_test_case(test_case_name, sanitized_test_names, output): + output.write('\nWRAPPED_REGISTER_TYPED_TEST_SUITE_P(%s' % test_case_name) + for name in sanitized_test_names: + output.write(',\n %s' % name) + output.write(');\n') + + +def bool_to_str(b): + return "true" if b else "false" + + +def make_policies_string(policies): + return '"' + ','.join(policies) + '"' + + +def output_test(test_case_name, test_number, raw_test_name, subpart_number, + info, certs, crls, sanitized_test_names, output): + '''Writes a test case to |output|, and appends the test name to + |sanitized_test_names|.''' + sanitized_test_name = 'Section%s%s' % (test_number.split('.')[1], + sanitize_name(raw_test_name)) + + subpart_comment = '' + if subpart_number is not None: + sanitized_test_name += "Subpart%d" % (subpart_number) + subpart_comment = ' (Subpart %d)' % (subpart_number) + + sanitized_test_names.append(sanitized_test_name) + + certs_formatted = ', '.join('"%s"' % n for n in certs) + crls_formatted = ', '.join('"%s"' % n for n in crls) + + output.write(''' +// %(test_number)s %(raw_test_name)s%(subpart_comment)s +WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) { + const char* const certs[] = { + %(certs_formatted)s + }; + const char* const crls[] = { + %(crls_formatted)s + }; +''' % vars()) + + default_info = TestInfo(None) + + if info.include_subpart_in_test_number: + test_number = "%s.%d" % (test_number, subpart_number) + + output.write('''PkitsTestInfo info; + info.test_number = "%s"; + info.should_validate = %s; +''' % (test_number, bool_to_str(info.should_validate))) + + # Output any non-default inputs/outputs. Only properties that differ from + # the defaults are written, so as to keep the generated file more readable. + if info.initial_policy_set != default_info.initial_policy_set: + output.write(''' info.SetInitialPolicySet(%s); +''' % make_policies_string(info.initial_policy_set)) + + if info.initial_explicit_policy != default_info.initial_explicit_policy: + output.write(''' info.SetInitialExplicitPolicy(%s); +''' % bool_to_str(info.initial_explicit_policy)) + + if (info.initial_policy_mapping_inhibit != + default_info.initial_policy_mapping_inhibit): + output.write(''' info.SetInitialPolicyMappingInhibit(%s); +''' % bool_to_str(info.initial_policy_mapping_inhibit)) + + if (info.initial_inhibit_any_policy != + default_info.initial_inhibit_any_policy): + output.write(''' info.SetInitialInhibitAnyPolicy(%s); +''' % bool_to_str(info.initial_inhibit_any_policy)) + + if (info.user_constrained_policy_set != + default_info.user_constrained_policy_set): + output.write(''' info.SetUserConstrainedPolicySet(%s); +''' % make_policies_string(info.user_constrained_policy_set)) + + output.write(''' + this->RunTest(certs, crls, info); +} +''' % vars()) + + +# Matches a section header, ex: "4.1 Signature Verification" +SECTION_MATCHER = re.compile('^\s*(\d+\.\d+)\s+(.+?)\s*\ufffd?$') +# Matches a test header, ex: "4.1.1 Valid Signatures Test1" +TEST_MATCHER = re.compile('^\s*(\d+\.\d+.\d+)\s+(.+?)\s*\ufffd?$') + +# Matches the various headers in a test specification. +EXPECTED_HEADER_MATCHER = re.compile('^\s*Expected Result:') +PROCEDURE_HEADER_MATCHER = re.compile('^\s*Procedure:') +PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:') + +# Matches the Procedure text if using default settings. +USING_DEFAULT_SETTINGS_MATCHER = re.compile( + '^.*using the \s*default settings.*') + +# Matches the description text if using custom settings. +CUSTOM_SETTINGS_MATCHER = re.compile( + '.*this\s+test\s+be\s+validated\s+using\s+the\s+following\s+inputs:.*') + +# Match an expected test result. Note that some results in the PDF have a typo +# "path not should validate" instead of "path should not validate". +TEST_RESULT_MATCHER = re.compile( + '^.*path (should validate|should not validate|not should validate)') + +# Matches a line in the certification path, ex: +# "\u2022 Good CA Cert, Good CA CRL" +PATH_MATCHER = re.compile('^\s*\u2022\s*(.+)\s*$') +# Matches a page number. These may appear in the middle of multi-line fields and +# thus need to be ignored. +PAGE_NUMBER_MATCHER = re.compile('^\s*\d+\s*$') +# Matches if an entry in a certification path refers to a CRL, ex: +# "onlySomeReasons CA2 CRL1". +CRL_MATCHER = re.compile('^.*CRL\d*$') + + +class TestSections(object): + def __init__(self): + self.description_lines = [] + self.procedure_lines = [] + self.expected_result_lines = [] + self.cert_path_lines = [] + + +def parse_main_test_sections(lines, i): + result = TestSections() + + # Read the description lines (text after test name up until + # "Procedure:"). + result.description_lines = [] + while i < len(lines): + if PROCEDURE_HEADER_MATCHER.match(lines[i]): + break + result.description_lines.append(lines[i]) + i += 1 + + # Read the procedure lines (text starting at "Procedure:" and up until + # "Expected Result:". + result.procedure_lines = [] + while i < len(lines): + if EXPECTED_HEADER_MATCHER.match(lines[i]): + break + result.procedure_lines.append(lines[i]) + i += 1 + + # Read the expected result lines (text starting at "Expected Result:" and up + # until "Certification Path:". + result.expected_result_lines = [] + while i < len(lines): + if PATH_HEADER_MATCHER.match(lines[i]): + break + result.expected_result_lines.append(lines[i]) + i += 1 + + # Read the certification path lines (text starting at "Certification Path:" + # and up until the next test title. + result.cert_path_lines = [] + while i < len(lines): + if TEST_MATCHER.match(lines[i]) or SECTION_MATCHER.match(lines[i]): + break + result.cert_path_lines.append(lines[i]) + i += 1 + + return i, result + + +def parse_cert_path_lines(lines): + path_lines = [] + crls = [] + certs = [] + + for line in lines[1:]: + line = line.strip() + + if "is composed of the following objects:" in line: + continue + if "See the introduction to Section 4.4 for more information." in line: + continue + + if not line or PAGE_NUMBER_MATCHER.match(line): + continue + path_match = PATH_MATCHER.match(line) + if path_match: + path_lines.append(path_match.group(1)) + continue + # Continuation of previous path line. + path_lines[-1] += ' ' + line + + for path_line in path_lines: + for path in path_line.split(','): + path = sanitize_name(path.strip()) + if CRL_MATCHER.match(path): + crls.append(path) + else: + certs.append(path) + + return certs, crls + + +ANY_POLICY = 'anyPolicy' +TEST_POLICY_1 = 'NIST-test-policy-1' +TEST_POLICY_2 = 'NIST-test-policy-2' +TEST_POLICY_3 = 'NIST-test-policy-3' +TEST_POLICY_6 = 'NIST-test-policy-6' + +# Note: This omits some outputs from PKITS: +# +# * authorities-constrained-policy-set +# * explicit-policy-indicator +class TestInfo(object): + """This structure describes a test inputs and outputs""" + + def __init__(self, should_validate, + # These defaults come from section 3 of PKITS.pdf + initial_policy_set = [ANY_POLICY], + initial_explicit_policy = False, + initial_policy_mapping_inhibit = False, + initial_inhibit_any_policy = False, + # In all of the tests that are not related to policy processing, + # each certificate in the path asserts the certificate policy + # 2.16.840.1.101.3.2.1.48.1 + user_constrained_policy_set = [TEST_POLICY_1], + include_subpart_in_test_number = False): + self.should_validate = should_validate + self.initial_policy_set = initial_policy_set + self.initial_explicit_policy = initial_explicit_policy + self.initial_policy_mapping_inhibit = initial_policy_mapping_inhibit + self.initial_inhibit_any_policy = initial_inhibit_any_policy + self.user_constrained_policy_set = user_constrained_policy_set + self.include_subpart_in_test_number = include_subpart_in_test_number + + +TEST_OVERRIDES = { + '4.8.1': [ # All Certificates Same Policy Test1 + # 1. default settings, but with initial-explicit-policy set. The path + # should validate successfully + TestInfo(True, initial_explicit_policy=True, + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-explicit-policy set and + # initial-policy-set = {NIST-test-policy-1}. The path should validate + # successfully. + TestInfo(True, initial_explicit_policy=True, + initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 3. default settings, but with initial-explicit-policy set and + # initial-policy-set = {NIST-test-policy-2}. The path should not validate + # successfully. + TestInfo(False, initial_explicit_policy=True, + initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[]), + + # 4. default settings, but with initial-explicit-policy set and + # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path + # should validate successfully. + TestInfo(True, initial_explicit_policy=True, + initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.2': [ # All Certificates No Policies Test2 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[]), + + # 2. default settings, but with initial-explicit-policy set. The path + # should not validate successfully + TestInfo(False, initial_explicit_policy=True, + user_constrained_policy_set=[]), + ], + + '4.8.3': [ # Different Policies Test3 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[]), + + # 2. default settings, but with initial-explicit-policy set. The path + # should not validate successfully. + TestInfo(False, initial_explicit_policy=True, user_constrained_policy_set=[]), + + # 3. default settings, but with initial-explicit-policy set and + # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path + # should not validate successfully. + TestInfo(False, initial_explicit_policy=True, + initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2], + user_constrained_policy_set=[]), + ], + + '4.8.4': [ # Different Policies Test4 + # Procedure: Validate Different Policies Test4 EE using the default + # settings or open and verify Signed Test Message 6.2.2.69 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set if the application can process the policyConstraints + # extension. If the application can process the policyConstraints extension + # then the path should not validate successfully. If the application can + # not process the policyConstraints extension, then the path should + # validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.5': [ # 4.8.5 Different Policies Test5 + # Procedure: Validate Different Policies Test5 EE using the default + # settings or open and verify Signed Test Message 6.2.2.70 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set if the application can process the policyConstraints + # extension. If the application can process the policyConstraints extension + # then the path should not validate successfully. If the application can + # not process the policyConstraints extension, then the path should + # validate successfully + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.6': [ # Overlapping Policies Test6 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[]), + ], + + '4.8.7': [ # Different Policies Test7 + # Procedure: Validate Different Policies Test7 EE using the default + # settings or open and verify Signed Test Message 6.2.2.72 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. If the + # explicit-policy-indicator will be set if the application can process the + # policyConstraints extension. If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. If the application can not process the policyConstraints + # extension, then the path should validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.8': [ # Different Policies Test8 + # Procedure: Validate Different Policies Test8 EE using the default + # settings or open and verify Signed Test Message 6.2.2.73 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set if the application can process the policyConstraints + # extension. If the application can process the policyConstraints extension + # then the path should not validate successfully. If the application can + # not process the policyConstraints extension, then the path should + # validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.9': [ # Different Policies Test9 + # Procedure: Validate Different Policies Test9 EE using the default + # settings or open and verify Signed Test Message 6.2.2.74 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set if the application can process the policyConstraints + # extension. If the application can process the policyConstraints + # extension, then the path should not validate successfully. If the + # application can not process the policyConstraints extension, then the + # path should validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.10': [ # All Certificates Same Policies Test10 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1, TEST_POLICY_2]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_2]), + ], + + '4.8.11': [ # All Certificates AnyPolicy Test11 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[ANY_POLICY]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.12': [ # Different Policies Test12 + # Procedure: Validate Different Policies Test12 EE using the default + # settings or open and verify Signed Test Message 6.2.2.77 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set if the application can process the policyConstraints + # extension. If the application can process the policyConstraints + # extension, then the path should not validate successfully. If the + # application can not process the policyConstraints extension, then the + # path should validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.8.13': [ # All Certificates Same Policies Test13 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_2]), + + # 3. default settings, but with initial-policy-set = {NIST-test-policy-3}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_3], + user_constrained_policy_set=[TEST_POLICY_3]), + ], + + '4.8.14': [ # AnyPolicy Test14 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[]), + ], + + '4.8.15': [ # User Notice Qualifier Test15 + # Procedure: Validate User Notice Qualifier Test15 EE using the default + # settings or open and verify Signed Test Message 6.2.2.80 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same + # as the initial-explicit-policy indicator. If the initial-policy-set is + # any-policy or otherwise includes NIST-test-policy-1, then the + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the + # user-constrained-policy-set will be empty. If the initial-explicit-policy + # indicator is set and the initial-policy-set does not include + # NIST-test-policy-1, then the path should be rejected, otherwise it should + # validate successfully. If the path validates successfully, then the + # application should display the user notice. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.16': [ # User Notice Qualifier Test16 + # Procedure: Validate User Notice Qualifier Test16 EE using the default + # settings or open and verify Signed Test Message 6.2.2.81 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same + # as the initial-explicit-policy indicator. If the initial-policy-set is + # any-policy or otherwise includes NIST-test-policy-1, then the + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the + # user-constrained-policy-set will be empty. If the initial-explicit-policy + # indicator is set and the initial-policy-set does not include + # NIST-test-policy-1, then the path should be rejected, otherwise it should + # validate successfully. If the path validates successfully, then the + # application should display the user notice associated with + # NIST-test-policy-1. The user notice associated with NIST-test-policy-2 + # should not be displayed. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.17': [ # User Notice Qualifier Test17 + # Procedure: Validate User Notice Qualifier Test17 EE using the default + # settings or open and verify Signed Test Message 6.2.2.82 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same + # as the initial-explicit-policy indicator. If the initial-policy-set is + # any-policy or otherwise includes NIST-test-policy-1, then the + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the + # user-constrained-policy-set will be empty. If the initial-explicit-policy + # indicator is set and the initial-policy-set does not include + # NIST-test-policy-1, then the path should be rejected, otherwise it should + # validate successfully. If the path validates successfully, then the + # application should display the user notice associated with anyPolicy. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.18': [ # User Notice Qualifier Test18 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully and the qualifier associated with + # NIST-test-policy-1 in the end entity certificate should be displayed. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should validate successfully and the qualifier associated with + # anyPolicy in the end entity certificate should be displayed. + TestInfo(True, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_2]), + ], + + '4.8.19': [ # User Notice Qualifier Test19 + # Procedure: Validate User Notice Qualifier Test19 EE using the default + # settings or open and verify Signed Test Message 6.2.2.84 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same + # as the initial-explicit-policy indicator. If the initial-policy-set is + # any-policy or otherwise includes NIST-test-policy-1, then the + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the + # user-constrained-policy-set will be empty. If the initial-explicit-policy + # indicator is set and the initial-policy-set does not include + # NIST-test-policy-1, then the path should be rejected, otherwise it should + # validate successfully. Since the explicitText exceeds the maximum size + # of 200 characters, the application may choose to reject the certificate. + # If the application accepts the certificate, display of the user notice is + # optional. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.8.20': [ # CPS Pointer Qualifier Test20 + # Procedure: Validate CPS Pointer Qualifier Test20 EE using the default + # settings or open and verify Signed Test Message 6.2.2.85 using the + # default settings. (If possible, it is recommended that this test be run + # with the initial-explicit-policy indicator set. If this can not be done, + # manually check that the authorities-constrained-policy-set and + # user-constrained-policy-set are correct.) + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same + # as the initial-explicit-policy indicator. If the initial-policy-set is + # any-policy or otherwise includes NIST-test-policy-1, then the + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the + # user-constrained-policy-set will be empty. If the initial-explicit-policy + # indicator is set and the initial-policy-set does not include + # NIST-test-policy-1, then the path should be rejected, otherwise it should + # validate successfully. The CPS pointer in the qualifier should be + # associated with NIST-testpolicy-1 in the + # authorities-constrained-policy-set (and in the user-constrained-policy-set + # if NIST-test-policy-1 is in that set). There are no processing + # requirements associated with the CPS pointer qualifier. + TestInfo(True, initial_explicit_policy=True, + initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.9.1': [ # Valid RequireExplicitPolicy Test1 + # Procedure: Validate Valid requireExplicitPolicy Test1 EE using the + # default settings or open and verify Signed Test Message 6.2.2.86 using + # the default settings. + # + # Expected Result: The path should validate successfully since the + # explicit-policy-indicator is not set. + TestInfo(True, user_constrained_policy_set=[]), + ], + + '4.9.2': [ # Valid RequireExplicitPolicy Test2 + # Procedure: Validate Valid requireExplicitPolicy Test2 EE using the + # default settings or open and verify Signed Test Message 6.2.2.87 using + # the default settings. + # + # Expected Result: The path should validate successfully since the + # explicit-policy-indicator is not set + TestInfo(True, user_constrained_policy_set=[]), + ], + + '4.9.6': [ # Valid Self-Issued requireExplicitPolicy Test6 + # Procedure: Validate Valid Self-Issued requireExplicitPolicy Test6 EE using + # the default settings or open and verify Signed Test Message 6.2.2.91 using + # the default settings. + # + # Expected Result: The path should validate successfully since the + # explicit-policy-indicator is not set. + TestInfo(True, user_constrained_policy_set=[]), + ], + + '4.10.1': [ # Valid Policy Mapping Test1 + # The errors in subparts 2 and 3 vary slightly, so we set + # include_subpart_in_test_number. + + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1], + include_subpart_in_test_number=True), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[], + include_subpart_in_test_number=True), + + # 3. default settings, but with initial-policy-mapping-inhibit set. The + # path should not validate successfully. + TestInfo(False, initial_policy_mapping_inhibit=True, + user_constrained_policy_set=[], + include_subpart_in_test_number=True), + ], + + '4.10.2': [ # Invalid Policy Mapping Test2 + # 1. default settings. The path should not validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + + # 2. default settings, but with initial-policy-mapping-inhibit set. The + # path should not validate successfully. + TestInfo(False, initial_policy_mapping_inhibit=True, + user_constrained_policy_set=[]), + ], + + '4.10.3': [ # Valid Policy Mapping Test3 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_2]), + ], + + '4.10.4': [ # Invalid Policy Mapping Test4 + # Procedure: Validate Invalid Policy Mapping Test4 EE using the default + # settings or open and verify Signed Test Message 6.2.2.97 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should be rejected, otherwise + # it should validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.10.5': [ # Valid Policy Mapping Test5 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_6], + user_constrained_policy_set=[]), + ], + + '4.10.6': [ # Valid Policy Mapping Test6 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. + # The path should not validate successfully. + TestInfo(False, initial_policy_set=[TEST_POLICY_6], + user_constrained_policy_set=[]), + ], + + '4.10.7': [ # Invalid Mapping From anyPolicy Test7 + # Procedure: Validate Invalid Mapping From anyPolicy Test7 EE using the + # default settings or open and verify Signed Test Message 6.2.2.100 using + # the default settings. + # + # Expected Result: The path should not validate successfully since the + # intermediate certificate includes a policy mapping extension in which + # anyPolicy appears as an issuerDomainPolicy. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.10.8': [ # Invalid Mapping To anyPolicy Test8 + # Procedure: Validate Invalid Mapping To anyPolicy Test8 EE using the + # default settings or open and verify Signed Test Message 6.2.2.101 using + # the default settings. + # + # Expected Result: The path should not validate successfully since the + # intermediate certificate includes a policy mapping extension in which + # anyPolicy appears as an subjectDomainPolicy. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.10.9': [ # Valid Policy Mapping Test9 + # Procedure: Validate Valid Policy Mapping Test9 EE using the default + # settings or open and verify Signed Test Message 6.2.2.102 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and + # the application can process the policyConstraints extension), then the + # path should be rejected, otherwise it should validate successfully. + TestInfo(True), + ], + + '4.10.10': [ # Invalid Policy Mapping Test10 + # Procedure: Validate Invalid Policy Mapping Test10 EE using the default + # settings or open and verify Signed Test Message 6.2.2.103 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should be rejected, otherwise + # it should validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.10.11': [ # Valid Policy Mapping Test11 + # Procedure: Validate Valid Policy Mapping Test11 EE using the default + # settings or open and verify Signed Test Message 6.2.2.104 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and + # the application can process the policyConstraints extension), then the + # path should be rejected, otherwise it should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.10.12': [ # Valid Policy Mapping Test12 + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. + # The path should validate successfully and the application should display + # the user notice associated with NIST-test-policy-3 in the end entity + # certificate. + TestInfo(True, initial_policy_set=[TEST_POLICY_1], + user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. + # The path should validate successfully and the application should display + # the user notice associated with anyPolicy in the end entity certificate. + TestInfo(True, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_2]), + ], + + '4.10.13': [ # Valid Policy Mapping Test13 + # Procedure: Validate Valid Policy Mapping Test13 EE using the default + # settings or open and verify Signed Test Message 6.2.2.106 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and + # the application can process the policyConstraints extension), then the + # path should be rejected, otherwise it should validate successfully. If + # the path is accepted, the application should display the user notice + # associated with NIST-testpolicy-1 in the intermediate certificate. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + + # While not explicitly divided into sub-parts, the above describes what + # should happen given various values of initial-policy-set. Test some + # combinations, as these cover an interesting interaction with anyPolicy. + # + # These extra tests are a regression test for https://crbug.com/1403258. + TestInfo(True, initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2], + user_constrained_policy_set=[TEST_POLICY_1]), + TestInfo(False, initial_policy_set=[TEST_POLICY_2], + user_constrained_policy_set=[]), + ], + + '4.10.14': [ # Valid Policy Mapping Test14 + # Procedure: Validate Valid Policy Mapping Test14 EE using the default + # settings or open and verify Signed Test Message 6.2.2.107 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and + # the application can process the policyConstraints extension), then the + # path should be rejected, otherwise it should validate successfully. If + # the path is accepted, the application should display the user notice + # associated with anyPolicy in the intermediate certificate + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.11.1': [ # Invalid inhibitPolicyMapping Test1 + # Procedure: Validate Invalid inhibitPolicyMapping Test1 EE using the + # default settings or open and verify Signed Test Message 6.2.2.108 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty. The explicit-policy-indicator + # will be set. The path should not validate successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.2': [ # Valid inhibitPolicyMapping Test2 + # Procedure: Validate Valid inhibitPolicyMapping Test2 EE using the default + # settings or open and verify Signed Test Message 6.2.2.109 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set. If + # the initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.11.3': [ # Invalid inhibitPolicyMapping Test3 + # Procedure: Validate Invalid inhibitPolicyMapping Test3 EE using the + # default settings or open and verify Signed Test Message 6.2.2.110 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.4': [ # Valid inhibitPolicyMapping Test4 + # Procedure: Validate Valid inhibitPolicyMapping Test4 EE using the default + # settings or open and verify Signed Test Message 6.2.2.111 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-2} and the explicit-policy-indicator will be set. If + # the initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-2, then the path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_2]), + ], + + '4.11.5': [ # Invalid inhibitPolicyMapping Test5 + # Procedure: Validate Invalid inhibitPolicyMapping Test5 EE using the + # default settings or open and verify Signed Test Message 6.2.2.112 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.6': [ # Invalid inhibitPolicyMapping Test6 + # Procedure: Validate Invalid inhibitPolicyMapping Test6 EE using the + # default settings or open and verify Signed Test Message 6.2.2.113 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set and the + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.7': [ # Valid Self-Issued inhibitPolicyMapping Test7 + # Procedure: Validate Valid Self-Issued inhibitPolicyMapping Test7 EE using + # the default settings or open and verify Signed Test Message 6.2.2.114 + # using the default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set. If + # the initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.11.8': [ # Invalid Self-Issued inhibitPolicyMapping Test8 + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test8 EE + # using the default settings or open and verify Signed Test Message + # 6.2.2.115 using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.9': [ # Invalid Self-Issued inhibitPolicyMapping Test9 + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test9 EE + # using the default settings or open and verify Signed Test Message + # 6.2.2.116 using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.10': [ # Invalid Self-Issued inhibitPolicyMapping Test10 + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test10 EE + # using the default settings or open and verify Signed Test Message + # 6.2.2.117 using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.11.11': [ # Invalid Self-Issued inhibitPolicyMapping Test11 + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test11 EE + # using the default settings or open and verify Signed Test Message + # 6.2.2.118 using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set. The path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.1': [ # Invalid inhibitAnyPolicy Test1 + # Procedure: Validate Invalid inhibitAnyPolicy Test1 EE using the default + # settings or open and verify Signed Test Message 6.2.2.119 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.2': [ # Valid inhibitAnyPolicy Test2 + # Procedure: Validate Valid inhibitAnyPolicy Test2 EE using the default + # settings or open and verify Signed Test Message 6.2.2.120 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1} and the path should validate successfully. If not, + # then the user-constrained-policy-set will be empty. If the + # user-constrained-policy-set is empty and the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.12.3': [ # inhibitAnyPolicy Test3 + # 1. default settings. The path should validate successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + + # 2. default settings, but with initial-inhibit-any-policy set. The path + # should not validate successfully. + TestInfo(False, initial_inhibit_any_policy=True, + user_constrained_policy_set=[]), + ], + + '4.12.4': [ # Invalid inhibitAnyPolicy Test4 + # Procedure: Validate Invalid inhibitAnyPolicy Test4 EE using the default + # settings or open and verify Signed Test Message 6.2.2.122 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.5': [ # Invalid inhibitAnyPolicy Test5 + # Procedure: Validate Invalid inhibitAnyPolicy Test5 EE using the default + # settings or open and verify Signed Test Message 6.2.2.123 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.6': [ # Invalid inhibitAnyPolicy Test6 + # Procedure: Validate Invalid inhibitAnyPolicy Test6 EE using the default + # settings or open and verify Signed Test Message 6.2.2.124 using the + # default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.7': [ # Valid Self-Issued inhibitAnyPolicy Test7 + # Procedure: Validate Valid Self-Issued inhibitAnyPolicy Test7 EE using the + # default settings or open and verify Signed Test Message 6.2.2.125 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1} and the path should validate successfully. If not, + # then the user-constrained-policy-set will be empty. If the + # user-constrained-policy-set is empty and the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.12.8': [ # Invalid Self-Issued inhibitAnyPolicy Test8 + # Procedure: Validate Invalid Self-Issued inhibitAnyPolicy Test8 EE using + # the default settings or open and verify Signed Test Message 6.2.2.126 + # using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], + + '4.12.9': [ # Valid Self-Issued inhibitAnyPolicy Test9 + # Procedure: Validate Valid Self-Issued inhibitAnyPolicy Test9 EE using the + # default settings or open and verify Signed Test Message 6.2.2.127 using + # the default settings. + # + # Expected Result: The authorities-constrained-policy-set will be + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if + # the application can process the policyConstraints extension). If the + # initial-policy-set is any-policy or otherwise includes + # NIST-test-policy-1, then the user-constrained-policy-set will be + # {NIST-test-policy-1} and the path should validate successfully. If not, + # then the user-constrained-policy-set will be empty. If the + # user-constrained-policy-set is empty and the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(True, user_constrained_policy_set=[TEST_POLICY_1]), + ], + + '4.12.10': [ # Invalid Self-Issued inhibitAnyPolicy Test10 + # Procedure: Validate Invalid Self-Issued inhibitAnyPolicy Test10 EE using + # the default settings or open and verify Signed Test Message 6.2.2.128 + # using the default settings. + # + # Expected Result: The authorities-constrained-policy-set and + # user-constrained-policy-set will be empty and the + # explicit-policy-indicator will be set (if the application can process the + # policyConstraints extension). If the application can process the + # policyConstraints extension, then the path should not validate + # successfully. + TestInfo(False, user_constrained_policy_set=[]), + ], +} + + +def parse_test(lines, i, test_case_name, test_number, test_name, + sanitized_test_names, output): + # Start by doing a coarse level of parsing that separates out the lines for + # the main sections. + i, test_sections = parse_main_test_sections(lines, i) + + certs, crls = parse_cert_path_lines(test_sections.cert_path_lines) + + # Most tests have a formulaic specification: they use the default + # settings, and have one expectation. These are easily parsed and are handled + # programmatically. In contrast, many of the policies tests have a more + # complicated specification which involves multiple subtests having various + # settings, as well as expectations described in terms of supported + # extensions. Rather than try to handle all the nuanced language, these are + # handled manually via "overrides". + overrides = TEST_OVERRIDES.get(test_number, None) + + if overrides is None: + # Verify that the test description doesn't include numbered subparts (those + # are not handled here). + if CUSTOM_SETTINGS_MATCHER.match(" ".join(test_sections.description_lines)): + sys.stderr.write('Unexpected custom settings for %s\n' % test_number) + sys.exit(1) + + # Verify that the test is using only default settings. + if not USING_DEFAULT_SETTINGS_MATCHER.match( + " ".join(test_sections.procedure_lines)): + sys.stderr.write('Unexpected procedure for %s: %s\n' % + (test_number, " ".join(test_section.procedure_lines))) + sys.exit(1) + + # Check whether expected result is validation success or failure. + result_match = TEST_RESULT_MATCHER.match( + test_sections.expected_result_lines[0]) + if not result_match: + sys.stderr.write('Unknown expectation for %s:\n%s\n' % ( + test_number, " ".join(test_sections.expected_result_lines))) + sys.exit(1) + # Initializes with default settings. + info = TestInfo(result_match.group(1) == 'should validate') + + # Special case the 4.9 test failures (require explicit policy) to set + # user_constrained_policy_set to empty. This is only done for the 4.9 + # tests, because the other policy tests are special cased as overrides and + # hence set this manually on a per-test basis. + # + # user_constrained_policy_set enumerates the subset of the initial policy + # set (anyPolicy in the default case) that were valid for the path. For + # non-policy tests the expectation for user_constrained_policy_set is + # [TEST_POLICY_1] since each policy asserts that. However for these tests, + # the expectation is an empty user_constrained_policy_set since there was + # no valid policy for the path (in fact, that is why the path validation is + # expected to fail). + if test_number.startswith('4.9.') and not info.should_validate: + info.user_constrained_policy_set = [] + + output_test(test_case_name, test_number, test_name, None, info, certs, + crls, sanitized_test_names, output) + else: + # The overrides may have a series of inputs (settings) and outputs + # (success/failure) for this test. Output each as a separate test case. + for subpart_i in range(len(overrides)): + info = overrides[subpart_i] + # If the test has only 1 subpart, don't number it. + subpart_number = subpart_i + 1 if len(overrides) > 1 else None + output_test(test_case_name, test_number, test_name, subpart_number, info, + certs, crls, sanitized_test_names, output) + + return i + + +def main(): + pkits_pdf_path, output_path = sys.argv[1:] + + pkits_txt_file = tempfile.NamedTemporaryFile() + + subprocess.check_call(['pdftotext', '-layout', '-nopgbrk', '-eol', 'unix', + pkits_pdf_path, pkits_txt_file.name]) + + test_descriptions = pkits_txt_file.read().decode('utf-8') + + # Extract section 4 of the text, which is the part that contains the tests. + test_descriptions = test_descriptions.split( + '4 Certification Path Validation Tests')[-1] + test_descriptions = test_descriptions.split( + '5 Relationship to Previous Test Suite', 1)[0] + + output = open(output_path, 'w') + output.write('// Autogenerated by %s, do not edit\n\n' % sys.argv[0]) + output.write(""" +// This file intentionally does not have header guards, it's intended to +// be inlined in another header file. The following line silences a +// presubmit warning that would otherwise be triggered by this: +// no-include-guard-because-multiply-included +// NOLINT(build/header_guard)\n\n""") + output.write('// Hack to allow disabling type parameterized test cases.\n' + '// See https://github.com/google/googletest/issues/389\n') + output.write('#define WRAPPED_TYPED_TEST_P(CaseName, TestName) ' + 'TYPED_TEST_P(CaseName, TestName)\n') + output.write('#define WRAPPED_REGISTER_TYPED_TEST_SUITE_P(CaseName, ...) ' + 'REGISTER_TYPED_TEST_SUITE_P(CaseName, __VA_ARGS__)\n\n') + + test_case_name = None + sanitized_test_names = [] + + lines = test_descriptions.splitlines() + + i = 0 + while i < len(lines): + section_match = SECTION_MATCHER.match(lines[i]) + match = TEST_MATCHER.match(lines[i]) + i += 1 + + if section_match: + if test_case_name: + finalize_test_case(test_case_name, sanitized_test_names, output) + sanitized_test_names = [] + + test_case_name = 'PkitsTest%02d%s' % ( + int(section_match.group(1).split('.')[-1]), + sanitize_name(section_match.group(2))) + output.write('\ntemplate \n') + output.write('class %s : public PkitsTest {};\n' % + test_case_name) + output.write('TYPED_TEST_SUITE_P(%s);\n' % test_case_name) + + if match: + test_number = match.group(1) + test_name = match.group(2) + if not test_case_name: + output.write('// Skipped %s %s\n' % (test_number, test_name)) + continue + i, parse_test(lines, i, test_case_name, test_number, + test_name, sanitized_test_names, output) + + if test_case_name: + finalize_test_case(test_case_name, sanitized_test_names, output) + + +if __name__ == '__main__': + main() diff --git a/pki/testdata/nist-pkits/pkits_testcases-inl.h b/pki/testdata/nist-pkits/pkits_testcases-inl.h new file mode 100644 index 0000000000..7fab820e98 --- /dev/null +++ b/pki/testdata/nist-pkits/pkits_testcases-inl.h @@ -0,0 +1,4201 @@ +// Autogenerated by generate_tests.py, do not edit + +// This file intentionally does not have header guards, it's intended to +// be inlined in another header file. The following line silences a +// presubmit warning that would otherwise be triggered by this: +// no-include-guard-because-multiply-included +// NOLINT(build/header_guard) + +// Hack to allow disabling type parameterized test cases. +// See https://github.com/google/googletest/issues/389 +#define WRAPPED_TYPED_TEST_P(CaseName, TestName) \ + TYPED_TEST_P(CaseName, TestName) +#define WRAPPED_REGISTER_TYPED_TEST_SUITE_P(CaseName, ...) \ + REGISTER_TYPED_TEST_SUITE_P(CaseName, __VA_ARGS__) + +template +class PkitsTest01SignatureVerification : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest01SignatureVerification); + +// 4.1.1 Valid Signatures Test1 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1ValidSignaturesTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidCertificatePathTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.1"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.1.2 Invalid CA Signature Test2 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1InvalidCASignatureTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "BadSignedCACert", + "InvalidCASignatureTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "BadSignedCACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.1.3 Invalid EE Signature Test3 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1InvalidEESignatureTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "InvalidEESignatureTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.1.4 Valid DSA Signatures Test4 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1ValidDSASignaturesTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", + "ValidDSASignaturesTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.1.5 Valid DSA Parameter Inheritance Test5 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1ValidDSAParameterInheritanceTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", + "DSAParametersInheritedCACert", + "ValidDSAParameterInheritanceTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL", + "DSAParametersInheritedCACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.5"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.1.6 Invalid DSA Signature Test6 +WRAPPED_TYPED_TEST_P(PkitsTest01SignatureVerification, + Section1InvalidDSASignatureTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", + "InvalidDSASignatureTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; + PkitsTestInfo info; + info.test_number = "4.1.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P(PkitsTest01SignatureVerification, + Section1ValidSignaturesTest1, + Section1InvalidCASignatureTest2, + Section1InvalidEESignatureTest3, + Section1ValidDSASignaturesTest4, + Section1ValidDSAParameterInheritanceTest5, + Section1InvalidDSASignatureTest6); + +template +class PkitsTest02ValidityPeriods : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest02ValidityPeriods); + +// 4.2.1 Invalid CA notBefore Date Test1 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2InvalidCAnotBeforeDateTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BadnotBeforeDateCACert", + "InvalidCAnotBeforeDateTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "BadnotBeforeDateCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.2.2 Invalid EE notBefore Date Test2 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2InvalidEEnotBeforeDateTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "InvalidEEnotBeforeDateTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.2.3 Valid pre2000 UTC notBefore Date Test3 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2Validpre2000UTCnotBeforeDateTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "Validpre2000UTCnotBeforeDateTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.3"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.2.4 Valid GeneralizedTime notBefore Date Test4 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2ValidGeneralizedTimenotBeforeDateTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidGeneralizedTimenotBeforeDateTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.2.5 Invalid CA notAfter Date Test5 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2InvalidCAnotAfterDateTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BadnotAfterDateCACert", + "InvalidCAnotAfterDateTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "BadnotAfterDateCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.5"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.2.6 Invalid EE notAfter Date Test6 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2InvalidEEnotAfterDateTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "InvalidEEnotAfterDateTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2Invalidpre2000UTCEEnotAfterDateTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "Invalidpre2000UTCEEnotAfterDateTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.7"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.2.8 Valid GeneralizedTime notAfter Date Test8 +WRAPPED_TYPED_TEST_P(PkitsTest02ValidityPeriods, + Section2ValidGeneralizedTimenotAfterDateTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidGeneralizedTimenotAfterDateTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.2.8"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest02ValidityPeriods, + Section2InvalidCAnotBeforeDateTest1, + Section2InvalidEEnotBeforeDateTest2, + Section2Validpre2000UTCnotBeforeDateTest3, + Section2ValidGeneralizedTimenotBeforeDateTest4, + Section2InvalidCAnotAfterDateTest5, + Section2InvalidEEnotAfterDateTest6, + Section2Invalidpre2000UTCEEnotAfterDateTest7, + Section2ValidGeneralizedTimenotAfterDateTest8); + +template +class PkitsTest03VerifyingNameChaining : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest03VerifyingNameChaining); + +// 4.3.1 Invalid Name Chaining EE Test1 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3InvalidNameChainingEETest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "InvalidNameChainingTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.3.2 Invalid Name Chaining Order Test2 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3InvalidNameChainingOrderTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "NameOrderingCACert", + "InvalidNameChainingOrderTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "NameOrderCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.3.3 Valid Name Chaining Whitespace Test3 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidNameChainingWhitespaceTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidNameChainingWhitespaceTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.3"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.4 Valid Name Chaining Whitespace Test4 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidNameChainingWhitespaceTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidNameChainingWhitespaceTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.5 Valid Name Chaining Capitalization Test5 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidNameChainingCapitalizationTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidNameChainingCapitalizationTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.5"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.6 Valid Name Chaining UIDs Test6 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidNameChainingUIDsTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", "UIDCACert", + "ValidNameUIDsTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "UIDCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.6"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.7 Valid RFC3280 Mandatory Attribute Types Test7 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidRFC3280MandatoryAttributeTypesTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "RFC3280MandatoryAttributeTypesCACert", + "ValidRFC3280MandatoryAttributeTypesTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "RFC3280MandatoryAttributeTypesCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.8 Valid RFC3280 Optional Attribute Types Test8 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidRFC3280OptionalAttributeTypesTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "RFC3280OptionalAttributeTypesCACert", + "ValidRFC3280OptionalAttributeTypesTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "RFC3280OptionalAttributeTypesCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.8"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.9 Valid UTF8String Encoded Names Test9 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidUTF8StringEncodedNamesTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UTF8StringEncodedNamesCACert", + "ValidUTF8StringEncodedNamesTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "UTF8StringEncodedNamesCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.9"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.10 Valid Rollover from PrintableString to UTF8String Test10 +WRAPPED_TYPED_TEST_P( + PkitsTest03VerifyingNameChaining, + Section3ValidRolloverfromPrintableStringtoUTF8StringTest10) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "RolloverfromPrintableStringtoUTF8StringCACert", + "ValidRolloverfromPrintableStringtoUTF8StringTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "RolloverfromPrintableStringtoUTF8StringCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.10"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.3.11 Valid UTF8String Case Insensitive Match Test11 +WRAPPED_TYPED_TEST_P(PkitsTest03VerifyingNameChaining, + Section3ValidUTF8StringCaseInsensitiveMatchTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UTF8StringCaseInsensitiveMatchCACert", + "ValidUTF8StringCaseInsensitiveMatchTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "UTF8StringCaseInsensitiveMatchCACRL"}; + PkitsTestInfo info; + info.test_number = "4.3.11"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest03VerifyingNameChaining, + Section3InvalidNameChainingEETest1, + Section3InvalidNameChainingOrderTest2, + Section3ValidNameChainingWhitespaceTest3, + Section3ValidNameChainingWhitespaceTest4, + Section3ValidNameChainingCapitalizationTest5, + Section3ValidNameChainingUIDsTest6, + Section3ValidRFC3280MandatoryAttributeTypesTest7, + Section3ValidRFC3280OptionalAttributeTypesTest8, + Section3ValidUTF8StringEncodedNamesTest9, + Section3ValidRolloverfromPrintableStringtoUTF8StringTest10, + Section3ValidUTF8StringCaseInsensitiveMatchTest11); + +template +class PkitsTest04BasicCertificateRevocationTests + : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest04BasicCertificateRevocationTests); + +// 4.4.1 Missing CRL Test1 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4MissingCRLTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "NoCRLCACert", + "InvalidMissingCRLTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL"}; + PkitsTestInfo info; + info.test_number = "4.4.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.2 Invalid Revoked CA Test2 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidRevokedCATest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "RevokedsubCACert", "InvalidRevokedCATest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "RevokedsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.3 Invalid Revoked EE Test3 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidRevokedEETest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "InvalidRevokedEETest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.4 Invalid Bad CRL Signature Test4 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidBadCRLSignatureTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BadCRLSignatureCACert", + "InvalidBadCRLSignatureTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "BadCRLSignatureCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.4"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.5 Invalid Bad CRL Issuer Name Test5 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidBadCRLIssuerNameTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BadCRLIssuerNameCACert", + "InvalidBadCRLIssuerNameTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "BadCRLIssuerNameCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.5"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.6 Invalid Wrong CRL Test6 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidWrongCRLTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", "WrongCRLCACert", + "InvalidWrongCRLTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "WrongCRLCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.7 Valid Two CRLs Test7 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidTwoCRLsTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", "TwoCRLsCACert", + "ValidTwoCRLsTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "TwoCRLsCAGoodCRL", + "TwoCRLsCABadCRL"}; + PkitsTestInfo info; + info.test_number = "4.4.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.8 Invalid Unknown CRL Entry Extension Test8 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidUnknownCRLEntryExtensionTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UnknownCRLEntryExtensionCACert", + "InvalidUnknownCRLEntryExtensionTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "UnknownCRLEntryExtensionCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.8"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.9 Invalid Unknown CRL Extension Test9 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidUnknownCRLExtensionTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UnknownCRLExtensionCACert", + "InvalidUnknownCRLExtensionTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "UnknownCRLExtensionCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.9"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.10 Invalid Unknown CRL Extension Test10 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidUnknownCRLExtensionTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UnknownCRLExtensionCACert", + "InvalidUnknownCRLExtensionTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "UnknownCRLExtensionCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.10"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.11 Invalid Old CRL nextUpdate Test11 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidOldCRLnextUpdateTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "OldCRLnextUpdateCACert", + "InvalidOldCRLnextUpdateTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "OldCRLnextUpdateCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.11"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.12 Invalid pre2000 CRL nextUpdate Test12 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4Invalidpre2000CRLnextUpdateTest12) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pre2000CRLnextUpdateCACert", + "Invalidpre2000CRLnextUpdateTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "pre2000CRLnextUpdateCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.12"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidGeneralizedTimeCRLnextUpdateTest13) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "GeneralizedTimeCRLnextUpdateCACert", + "ValidGeneralizedTimeCRLnextUpdateTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "GeneralizedTimeCRLnextUpdateCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.13"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.14 Valid Negative Serial Number Test14 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidNegativeSerialNumberTest14) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "NegativeSerialNumberCACert", + "ValidNegativeSerialNumberTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "NegativeSerialNumberCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.14"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.15 Invalid Negative Serial Number Test15 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidNegativeSerialNumberTest15) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "NegativeSerialNumberCACert", + "InvalidNegativeSerialNumberTest15EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "NegativeSerialNumberCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.15"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.16 Valid Long Serial Number Test16 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidLongSerialNumberTest16) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "LongSerialNumberCACert", + "ValidLongSerialNumberTest16EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "LongSerialNumberCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.16"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.17 Valid Long Serial Number Test17 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidLongSerialNumberTest17) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "LongSerialNumberCACert", + "ValidLongSerialNumberTest17EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "LongSerialNumberCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.17"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.18 Invalid Long Serial Number Test18 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidLongSerialNumberTest18) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "LongSerialNumberCACert", + "InvalidLongSerialNumberTest18EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "LongSerialNumberCACRL"}; + PkitsTestInfo info; + info.test_number = "4.4.18"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.19 Valid Separate Certificate and CRL Keys Test19 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4ValidSeparateCertificateandCRLKeysTest19) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "SeparateCertificateandCRLKeysCertificateSigningCACert", + "SeparateCertificateandCRLKeysCRLSigningCert", + "ValidSeparateCertificateandCRLKeysTest19EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "SeparateCertificateandCRLKeysCRL"}; + PkitsTestInfo info; + info.test_number = "4.4.19"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.4.20 Invalid Separate Certificate and CRL Keys Test20 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidSeparateCertificateandCRLKeysTest20) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "SeparateCertificateandCRLKeysCertificateSigningCACert", + "SeparateCertificateandCRLKeysCRLSigningCert", + "InvalidSeparateCertificateandCRLKeysTest20EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "SeparateCertificateandCRLKeysCRL"}; + PkitsTestInfo info; + info.test_number = "4.4.20"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.4.21 Invalid Separate Certificate and CRL Keys Test21 +WRAPPED_TYPED_TEST_P(PkitsTest04BasicCertificateRevocationTests, + Section4InvalidSeparateCertificateandCRLKeysTest21) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "SeparateCertificateandCRLKeysCA2CertificateSigningCACert", + "SeparateCertificateandCRLKeysCA2CRLSigningCert", + "InvalidSeparateCertificateandCRLKeysTest21EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "SeparateCertificateandCRLKeysCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.4.21"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest04BasicCertificateRevocationTests, + Section4MissingCRLTest1, + Section4InvalidRevokedCATest2, + Section4InvalidRevokedEETest3, + Section4InvalidBadCRLSignatureTest4, + Section4InvalidBadCRLIssuerNameTest5, + Section4InvalidWrongCRLTest6, + Section4ValidTwoCRLsTest7, + Section4InvalidUnknownCRLEntryExtensionTest8, + Section4InvalidUnknownCRLExtensionTest9, + Section4InvalidUnknownCRLExtensionTest10, + Section4InvalidOldCRLnextUpdateTest11, + Section4Invalidpre2000CRLnextUpdateTest12, + Section4ValidGeneralizedTimeCRLnextUpdateTest13, + Section4ValidNegativeSerialNumberTest14, + Section4InvalidNegativeSerialNumberTest15, + Section4ValidLongSerialNumberTest16, + Section4ValidLongSerialNumberTest17, + Section4InvalidLongSerialNumberTest18, + Section4ValidSeparateCertificateandCRLKeysTest19, + Section4InvalidSeparateCertificateandCRLKeysTest20, + Section4InvalidSeparateCertificateandCRLKeysTest21); + +template +class PkitsTest05VerifyingPathswithSelfIssuedCertificates + : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates); + +// 4.5.1 Valid Basic Self-Issued Old With New Test1 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5ValidBasicSelfIssuedOldWithNewTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedNewKeyCACert", + "BasicSelfIssuedNewKeyOldWithNewCACert", + "ValidBasicSelfIssuedOldWithNewTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedNewKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.1"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.5.2 Invalid Basic Self-Issued Old With New Test2 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5InvalidBasicSelfIssuedOldWithNewTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedNewKeyCACert", + "BasicSelfIssuedNewKeyOldWithNewCACert", + "InvalidBasicSelfIssuedOldWithNewTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedNewKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.5.3 Valid Basic Self-Issued New With Old Test3 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5ValidBasicSelfIssuedNewWithOldTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedOldKeyCACert", + "BasicSelfIssuedOldKeyNewWithOldCACert", + "ValidBasicSelfIssuedNewWithOldTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedOldKeySelfIssuedCertCRL", + "BasicSelfIssuedOldKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.3"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.5.4 Valid Basic Self-Issued New With Old Test4 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5ValidBasicSelfIssuedNewWithOldTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedOldKeyCACert", + "BasicSelfIssuedOldKeyNewWithOldCACert", + "ValidBasicSelfIssuedNewWithOldTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedOldKeySelfIssuedCertCRL", + "BasicSelfIssuedOldKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.5.5 Invalid Basic Self-Issued New With Old Test5 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5InvalidBasicSelfIssuedNewWithOldTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedOldKeyCACert", + "BasicSelfIssuedOldKeyNewWithOldCACert", + "InvalidBasicSelfIssuedNewWithOldTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedOldKeySelfIssuedCertCRL", + "BasicSelfIssuedOldKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.5"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5ValidBasicSelfIssuedCRLSigningKeyTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedCRLSigningKeyCACert", + "BasicSelfIssuedCRLSigningKeyCRLCert", + "ValidBasicSelfIssuedCRLSigningKeyTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL", + "BasicSelfIssuedCRLSigningKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.6"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5InvalidBasicSelfIssuedCRLSigningKeyTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedCRLSigningKeyCACert", + "BasicSelfIssuedCRLSigningKeyCRLCert", + "InvalidBasicSelfIssuedCRLSigningKeyTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL", + "BasicSelfIssuedCRLSigningKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.7"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 +WRAPPED_TYPED_TEST_P(PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5InvalidBasicSelfIssuedCRLSigningKeyTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "BasicSelfIssuedCRLSigningKeyCACert", + "BasicSelfIssuedCRLSigningKeyCRLCert", + "InvalidBasicSelfIssuedCRLSigningKeyTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL", + "BasicSelfIssuedCRLSigningKeyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.5.8"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest05VerifyingPathswithSelfIssuedCertificates, + Section5ValidBasicSelfIssuedOldWithNewTest1, + Section5InvalidBasicSelfIssuedOldWithNewTest2, + Section5ValidBasicSelfIssuedNewWithOldTest3, + Section5ValidBasicSelfIssuedNewWithOldTest4, + Section5InvalidBasicSelfIssuedNewWithOldTest5, + Section5ValidBasicSelfIssuedCRLSigningKeyTest6, + Section5InvalidBasicSelfIssuedCRLSigningKeyTest7, + Section5InvalidBasicSelfIssuedCRLSigningKeyTest8); + +template +class PkitsTest06VerifyingBasicConstraints + : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest06VerifyingBasicConstraints); + +// 4.6.1 Invalid Missing basicConstraints Test1 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidMissingbasicConstraintsTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "MissingbasicConstraintsCACert", + "InvalidMissingbasicConstraintsTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "MissingbasicConstraintsCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.2 Invalid cA False Test2 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidcAFalseTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "basicConstraintsCriticalcAFalseCACert", + "InvalidcAFalseTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "basicConstraintsCriticalcAFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.3 Invalid cA False Test3 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidcAFalseTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "basicConstraintsNotCriticalcAFalseCACert", + "InvalidcAFalseTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "basicConstraintsNotCriticalcAFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.4 Valid basicConstraints Not Critical Test4 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidbasicConstraintsNotCriticalTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "basicConstraintsNotCriticalCACert", + "ValidbasicConstraintsNotCriticalTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "basicConstraintsNotCriticalCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.5 Invalid pathLenConstraint Test5 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest5) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "pathLenConstraint0CACert", + "pathLenConstraint0subCACert", "InvalidpathLenConstraintTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL", + "pathLenConstraint0subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.5"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.6 Invalid pathLenConstraint Test6 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest6) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "pathLenConstraint0CACert", + "pathLenConstraint0subCACert", "InvalidpathLenConstraintTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL", + "pathLenConstraint0subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.7 Valid pathLenConstraint Test7 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidpathLenConstraintTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint0CACert", + "ValidpathLenConstraintTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.8 Valid pathLenConstraint Test8 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidpathLenConstraintTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint0CACert", + "ValidpathLenConstraintTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.8"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.9 Invalid pathLenConstraint Test9 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest9) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "pathLenConstraint6CACert", + "pathLenConstraint6subCA0Cert", "pathLenConstraint6subsubCA00Cert", + "InvalidpathLenConstraintTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA0CRL", + "pathLenConstraint6subsubCA00CRL"}; + PkitsTestInfo info; + info.test_number = "4.6.9"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.10 Invalid pathLenConstraint Test10 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest10) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "pathLenConstraint6CACert", + "pathLenConstraint6subCA0Cert", "pathLenConstraint6subsubCA00Cert", + "InvalidpathLenConstraintTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA0CRL", + "pathLenConstraint6subsubCA00CRL"}; + PkitsTestInfo info; + info.test_number = "4.6.10"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.11 Invalid pathLenConstraint Test11 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint6CACert", + "pathLenConstraint6subCA1Cert", + "pathLenConstraint6subsubCA11Cert", + "pathLenConstraint6subsubsubCA11XCert", + "InvalidpathLenConstraintTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA1CRL", + "pathLenConstraint6subsubCA11CRL", + "pathLenConstraint6subsubsubCA11XCRL"}; + PkitsTestInfo info; + info.test_number = "4.6.11"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.12 Invalid pathLenConstraint Test12 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidpathLenConstraintTest12) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint6CACert", + "pathLenConstraint6subCA1Cert", + "pathLenConstraint6subsubCA11Cert", + "pathLenConstraint6subsubsubCA11XCert", + "InvalidpathLenConstraintTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA1CRL", + "pathLenConstraint6subsubCA11CRL", + "pathLenConstraint6subsubsubCA11XCRL"}; + PkitsTestInfo info; + info.test_number = "4.6.12"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.13 Valid pathLenConstraint Test13 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidpathLenConstraintTest13) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint6CACert", + "pathLenConstraint6subCA4Cert", + "pathLenConstraint6subsubCA41Cert", + "pathLenConstraint6subsubsubCA41XCert", + "ValidpathLenConstraintTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA4CRL", + "pathLenConstraint6subsubCA41CRL", + "pathLenConstraint6subsubsubCA41XCRL"}; + PkitsTestInfo info; + info.test_number = "4.6.13"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.14 Valid pathLenConstraint Test14 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidpathLenConstraintTest14) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint6CACert", + "pathLenConstraint6subCA4Cert", + "pathLenConstraint6subsubCA41Cert", + "pathLenConstraint6subsubsubCA41XCert", + "ValidpathLenConstraintTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint6CACRL", + "pathLenConstraint6subCA4CRL", + "pathLenConstraint6subsubCA41CRL", + "pathLenConstraint6subsubsubCA41XCRL"}; + PkitsTestInfo info; + info.test_number = "4.6.14"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.15 Valid Self-Issued pathLenConstraint Test15 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidSelfIssuedpathLenConstraintTest15) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint0CACert", + "pathLenConstraint0SelfIssuedCACert", + "ValidSelfIssuedpathLenConstraintTest15EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.15"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.6.16 Invalid Self-Issued pathLenConstraint Test16 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6InvalidSelfIssuedpathLenConstraintTest16) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "pathLenConstraint0CACert", + "pathLenConstraint0SelfIssuedCACert", "pathLenConstraint0subCA2Cert", + "InvalidSelfIssuedpathLenConstraintTest16EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint0CACRL", + "pathLenConstraint0subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.6.16"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.6.17 Valid Self-Issued pathLenConstraint Test17 +WRAPPED_TYPED_TEST_P(PkitsTest06VerifyingBasicConstraints, + Section6ValidSelfIssuedpathLenConstraintTest17) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "pathLenConstraint1CACert", + "pathLenConstraint1SelfIssuedCACert", + "pathLenConstraint1subCACert", + "pathLenConstraint1SelfIssuedsubCACert", + "ValidSelfIssuedpathLenConstraintTest17EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "pathLenConstraint1CACRL", + "pathLenConstraint1subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.6.17"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest06VerifyingBasicConstraints, + Section6InvalidMissingbasicConstraintsTest1, + Section6InvalidcAFalseTest2, + Section6InvalidcAFalseTest3, + Section6ValidbasicConstraintsNotCriticalTest4, + Section6InvalidpathLenConstraintTest5, + Section6InvalidpathLenConstraintTest6, + Section6ValidpathLenConstraintTest7, + Section6ValidpathLenConstraintTest8, + Section6InvalidpathLenConstraintTest9, + Section6InvalidpathLenConstraintTest10, + Section6InvalidpathLenConstraintTest11, + Section6InvalidpathLenConstraintTest12, + Section6ValidpathLenConstraintTest13, + Section6ValidpathLenConstraintTest14, + Section6ValidSelfIssuedpathLenConstraintTest15, + Section6InvalidSelfIssuedpathLenConstraintTest16, + Section6ValidSelfIssuedpathLenConstraintTest17); + +template +class PkitsTest07KeyUsage : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest07KeyUsage); + +// 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 +WRAPPED_TYPED_TEST_P(PkitsTest07KeyUsage, + Section7InvalidkeyUsageCriticalkeyCertSignFalseTest1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "keyUsageCriticalkeyCertSignFalseCACert", + "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "keyUsageCriticalkeyCertSignFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.7.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 +WRAPPED_TYPED_TEST_P(PkitsTest07KeyUsage, + Section7InvalidkeyUsageNotCriticalkeyCertSignFalseTest2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "keyUsageNotCriticalkeyCertSignFalseCACert", + "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "keyUsageNotCriticalkeyCertSignFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.7.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.7.3 Valid keyUsage Not Critical Test3 +WRAPPED_TYPED_TEST_P(PkitsTest07KeyUsage, + Section7ValidkeyUsageNotCriticalTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "keyUsageNotCriticalCACert", + "ValidkeyUsageNotCriticalTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "keyUsageNotCriticalCACRL"}; + PkitsTestInfo info; + info.test_number = "4.7.3"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.7.4 Invalid keyUsage Critical cRLSign False Test4 +WRAPPED_TYPED_TEST_P(PkitsTest07KeyUsage, + Section7InvalidkeyUsageCriticalcRLSignFalseTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "keyUsageCriticalcRLSignFalseCACert", + "InvalidkeyUsageCriticalcRLSignFalseTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "keyUsageCriticalcRLSignFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.7.4"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 +WRAPPED_TYPED_TEST_P(PkitsTest07KeyUsage, + Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "keyUsageNotCriticalcRLSignFalseCACert", + "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "keyUsageNotCriticalcRLSignFalseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.7.5"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest07KeyUsage, + Section7InvalidkeyUsageCriticalkeyCertSignFalseTest1, + Section7InvalidkeyUsageNotCriticalkeyCertSignFalseTest2, + Section7ValidkeyUsageNotCriticalTest3, + Section7InvalidkeyUsageCriticalcRLSignFalseTest4, + Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5); + +template +class PkitsTest08CertificatePolicies : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest08CertificatePolicies); + +// 4.8.1 All Certificates Same Policy Test1 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePolicyTest1Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidCertificatePathTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.1"; + info.should_validate = true; + info.SetInitialExplicitPolicy(true); + + this->RunTest(certs, crls, info); +} + +// 4.8.1 All Certificates Same Policy Test1 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePolicyTest1Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidCertificatePathTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.1"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + info.SetInitialExplicitPolicy(true); + + this->RunTest(certs, crls, info); +} + +// 4.8.1 All Certificates Same Policy Test1 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePolicyTest1Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidCertificatePathTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.1"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetInitialExplicitPolicy(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.1 All Certificates Same Policy Test1 (Subpart 4) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePolicyTest1Subpart4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "ValidCertificatePathTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.1"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1,NIST-test-policy-2"); + info.SetInitialExplicitPolicy(true); + + this->RunTest(certs, crls, info); +} + +// 4.8.2 All Certificates No Policies Test2 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesNoPoliciesTest2Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "NoPoliciesCACert", + "AllCertificatesNoPoliciesTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "NoPoliciesCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.2"; + info.should_validate = true; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.2 All Certificates No Policies Test2 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesNoPoliciesTest2Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "NoPoliciesCACert", + "AllCertificatesNoPoliciesTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "NoPoliciesCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.2"; + info.should_validate = false; + info.SetInitialExplicitPolicy(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.3 Different Policies Test3 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest3Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "PoliciesP2subCACert", + "DifferentPoliciesTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "PoliciesP2subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.3"; + info.should_validate = true; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.3 Different Policies Test3 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest3Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "PoliciesP2subCACert", + "DifferentPoliciesTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "PoliciesP2subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.3"; + info.should_validate = false; + info.SetInitialExplicitPolicy(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.3 Different Policies Test3 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest3Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "PoliciesP2subCACert", + "DifferentPoliciesTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "PoliciesP2subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.3"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-1,NIST-test-policy-2"); + info.SetInitialExplicitPolicy(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.4 Different Policies Test4 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "GoodsubCACert", "DifferentPoliciesTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "GoodsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.4"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.5 Different Policies Test5 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "PoliciesP2subCA2Cert", + "DifferentPoliciesTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "PoliciesP2subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.5"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.6 Overlapping Policies Test6 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8OverlappingPoliciesTest6Subpart1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "PoliciesP1234CACert", + "PoliciesP1234subCAP123Cert", "PoliciesP1234subsubCAP123P12Cert", + "OverlappingPoliciesTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP1234CACRL", + "PoliciesP1234subCAP123CRL", + "PoliciesP1234subsubCAP123P12CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.6"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.8.6 Overlapping Policies Test6 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8OverlappingPoliciesTest6Subpart2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "PoliciesP1234CACert", + "PoliciesP1234subCAP123Cert", "PoliciesP1234subsubCAP123P12Cert", + "OverlappingPoliciesTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP1234CACRL", + "PoliciesP1234subCAP123CRL", + "PoliciesP1234subsubCAP123P12CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.6"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.6 Overlapping Policies Test6 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8OverlappingPoliciesTest6Subpart3) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "PoliciesP1234CACert", + "PoliciesP1234subCAP123Cert", "PoliciesP1234subsubCAP123P12Cert", + "OverlappingPoliciesTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP1234CACRL", + "PoliciesP1234subCAP123CRL", + "PoliciesP1234subsubCAP123P12CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.6"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.7 Different Policies Test7 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP123CACert", "PoliciesP123subCAP12Cert", + "PoliciesP123subsubCAP12P1Cert", + "DifferentPoliciesTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP123CACRL", + "PoliciesP123subCAP12CRL", + "PoliciesP123subsubCAP12P1CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.7"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.8 Different Policies Test8 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", "PoliciesP12subCAP1Cert", + "PoliciesP12subsubCAP1P2Cert", + "DifferentPoliciesTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL", + "PoliciesP12subCAP1CRL", + "PoliciesP12subsubCAP1P2CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.8"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.9 Different Policies Test9 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest9) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "PoliciesP123CACert", + "PoliciesP123subCAP12Cert", "PoliciesP123subsubCAP12P2Cert", + "PoliciesP123subsubsubCAP12P2P1Cert", "DifferentPoliciesTest9EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "PoliciesP123CACRL", "PoliciesP123subCAP12CRL", + "PoliciesP123subsubCAP2P2CRL", "PoliciesP123subsubsubCAP12P2P1CRL"}; + PkitsTestInfo info; + info.test_number = "4.8.9"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.10 All Certificates Same Policies Test10 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest10Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", + "AllCertificatesSamePoliciesTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.10"; + info.should_validate = true; + info.SetUserConstrainedPolicySet("NIST-test-policy-1,NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.8.10 All Certificates Same Policies Test10 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest10Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", + "AllCertificatesSamePoliciesTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.10"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.10 All Certificates Same Policies Test10 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest10Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", + "AllCertificatesSamePoliciesTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.10"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.8.11 All Certificates AnyPolicy Test11 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesAnyPolicyTest11Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "anyPolicyCACert", + "AllCertificatesanyPolicyTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "anyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.11"; + info.should_validate = true; + info.SetUserConstrainedPolicySet("anyPolicy"); + + this->RunTest(certs, crls, info); +} + +// 4.8.11 All Certificates AnyPolicy Test11 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesAnyPolicyTest11Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "anyPolicyCACert", + "AllCertificatesanyPolicyTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "anyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.11"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.12 Different Policies Test12 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8DifferentPoliciesTest12) { + const char* const certs[] = {"TrustAnchorRootCertificate", "PoliciesP3CACert", + "DifferentPoliciesTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP3CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.12"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.13 All Certificates Same Policies Test13 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest13Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP123CACert", + "AllCertificatesSamePoliciesTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP123CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.13"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.13 All Certificates Same Policies Test13 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest13Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP123CACert", + "AllCertificatesSamePoliciesTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP123CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.13"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.8.13 All Certificates Same Policies Test13 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePoliciesTest13Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP123CACert", + "AllCertificatesSamePoliciesTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP123CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.13"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-3"); + info.SetUserConstrainedPolicySet("NIST-test-policy-3"); + + this->RunTest(certs, crls, info); +} + +// 4.8.14 AnyPolicy Test14 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AnyPolicyTest14Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", "anyPolicyCACert", + "AnyPolicyTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "anyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.14"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.14 AnyPolicy Test14 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8AnyPolicyTest14Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "anyPolicyCACert", + "AnyPolicyTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "anyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.14"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.8.15 User Notice Qualifier Test15 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest15) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UserNoticeQualifierTest15EE"}; + const char* const crls[] = {"TrustAnchorRootCRL"}; + PkitsTestInfo info; + info.test_number = "4.8.15"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.8.16 User Notice Qualifier Test16 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest16) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "UserNoticeQualifierTest16EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.16"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.8.17 User Notice Qualifier Test17 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest17) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "UserNoticeQualifierTest17EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.17"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.8.18 User Notice Qualifier Test18 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest18Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", + "UserNoticeQualifierTest18EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.18"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.8.18 User Notice Qualifier Test18 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest18Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PoliciesP12CACert", + "UserNoticeQualifierTest18EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "PoliciesP12CACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.18"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.8.19 User Notice Qualifier Test19 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8UserNoticeQualifierTest19) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "UserNoticeQualifierTest19EE"}; + const char* const crls[] = {"TrustAnchorRootCRL"}; + PkitsTestInfo info; + info.test_number = "4.8.19"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.8.20 CPS Pointer Qualifier Test20 +WRAPPED_TYPED_TEST_P(PkitsTest08CertificatePolicies, + Section8CPSPointerQualifierTest20) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "CPSPointerQualifierTest20EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.8.20"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + info.SetInitialExplicitPolicy(true); + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest08CertificatePolicies, + Section8AllCertificatesSamePolicyTest1Subpart1, + Section8AllCertificatesSamePolicyTest1Subpart2, + Section8AllCertificatesSamePolicyTest1Subpart3, + Section8AllCertificatesSamePolicyTest1Subpart4, + Section8AllCertificatesNoPoliciesTest2Subpart1, + Section8AllCertificatesNoPoliciesTest2Subpart2, + Section8DifferentPoliciesTest3Subpart1, + Section8DifferentPoliciesTest3Subpart2, + Section8DifferentPoliciesTest3Subpart3, + Section8DifferentPoliciesTest4, + Section8DifferentPoliciesTest5, + Section8OverlappingPoliciesTest6Subpart1, + Section8OverlappingPoliciesTest6Subpart2, + Section8OverlappingPoliciesTest6Subpart3, + Section8DifferentPoliciesTest7, + Section8DifferentPoliciesTest8, + Section8DifferentPoliciesTest9, + Section8AllCertificatesSamePoliciesTest10Subpart1, + Section8AllCertificatesSamePoliciesTest10Subpart2, + Section8AllCertificatesSamePoliciesTest10Subpart3, + Section8AllCertificatesAnyPolicyTest11Subpart1, + Section8AllCertificatesAnyPolicyTest11Subpart2, + Section8DifferentPoliciesTest12, + Section8AllCertificatesSamePoliciesTest13Subpart1, + Section8AllCertificatesSamePoliciesTest13Subpart2, + Section8AllCertificatesSamePoliciesTest13Subpart3, + Section8AnyPolicyTest14Subpart1, + Section8AnyPolicyTest14Subpart2, + Section8UserNoticeQualifierTest15, + Section8UserNoticeQualifierTest16, + Section8UserNoticeQualifierTest17, + Section8UserNoticeQualifierTest18Subpart1, + Section8UserNoticeQualifierTest18Subpart2, + Section8UserNoticeQualifierTest19, + Section8CPSPointerQualifierTest20); + +template +class PkitsTest09RequireExplicitPolicy : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest09RequireExplicitPolicy); + +// 4.9.1 Valid RequireExplicitPolicy Test1 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9ValidRequireExplicitPolicyTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy10CACert", + "requireExplicitPolicy10subCACert", + "requireExplicitPolicy10subsubCACert", + "requireExplicitPolicy10subsubsubCACert", + "ValidrequireExplicitPolicyTest1EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "requireExplicitPolicy10CACRL", + "requireExplicitPolicy10subCACRL", "requireExplicitPolicy10subsubCACRL", + "requireExplicitPolicy10subsubsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.1"; + info.should_validate = true; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.2 Valid RequireExplicitPolicy Test2 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9ValidRequireExplicitPolicyTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy5CACert", + "requireExplicitPolicy5subCACert", + "requireExplicitPolicy5subsubCACert", + "requireExplicitPolicy5subsubsubCACert", + "ValidrequireExplicitPolicyTest2EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "requireExplicitPolicy5CACRL", + "requireExplicitPolicy5subCACRL", "requireExplicitPolicy5subsubCACRL", + "requireExplicitPolicy5subsubsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.2"; + info.should_validate = true; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.3 Invalid RequireExplicitPolicy Test3 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9InvalidRequireExplicitPolicyTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy4CACert", + "requireExplicitPolicy4subCACert", + "requireExplicitPolicy4subsubCACert", + "requireExplicitPolicy4subsubsubCACert", + "InvalidrequireExplicitPolicyTest3EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "requireExplicitPolicy4CACRL", + "requireExplicitPolicy4subCACRL", "requireExplicitPolicy4subsubCACRL", + "requireExplicitPolicy4subsubsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.3"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.4 Valid RequireExplicitPolicy Test4 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9ValidRequireExplicitPolicyTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy0CACert", + "requireExplicitPolicy0subCACert", + "requireExplicitPolicy0subsubCACert", + "requireExplicitPolicy0subsubsubCACert", + "ValidrequireExplicitPolicyTest4EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "requireExplicitPolicy0CACRL", + "requireExplicitPolicy0subCACRL", "requireExplicitPolicy0subsubCACRL", + "requireExplicitPolicy0subsubsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.9.5 Invalid RequireExplicitPolicy Test5 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9InvalidRequireExplicitPolicyTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy7CACert", + "requireExplicitPolicy7subCARE2Cert", + "requireExplicitPolicy7subsubCARE2RE4Cert", + "requireExplicitPolicy7subsubsubCARE2RE4Cert", + "InvalidrequireExplicitPolicyTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "requireExplicitPolicy7CACRL", + "requireExplicitPolicy7subCARE2CRL", + "requireExplicitPolicy7subsubCARE2RE4CRL", + "requireExplicitPolicy7subsubsubCARE2RE4CRL"}; + PkitsTestInfo info; + info.test_number = "4.9.5"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.6 Valid Self-Issued requireExplicitPolicy Test6 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9ValidSelfIssuedrequireExplicitPolicyTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy2CACert", + "requireExplicitPolicy2SelfIssuedCACert", + "ValidSelfIssuedrequireExplicitPolicyTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "requireExplicitPolicy2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.6"; + info.should_validate = true; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.7 Invalid Self-Issued requireExplicitPolicy Test7 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9InvalidSelfIssuedrequireExplicitPolicyTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy2CACert", + "requireExplicitPolicy2SelfIssuedCACert", + "requireExplicitPolicy2subCACert", + "InvalidSelfIssuedrequireExplicitPolicyTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "requireExplicitPolicy2CACRL", + "requireExplicitPolicy2subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.7"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.9.8 Invalid Self-Issued requireExplicitPolicy Test8 +WRAPPED_TYPED_TEST_P(PkitsTest09RequireExplicitPolicy, + Section9InvalidSelfIssuedrequireExplicitPolicyTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "requireExplicitPolicy2CACert", + "requireExplicitPolicy2SelfIssuedCACert", + "requireExplicitPolicy2subCACert", + "requireExplicitPolicy2SelfIssuedsubCACert", + "InvalidSelfIssuedrequireExplicitPolicyTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "requireExplicitPolicy2CACRL", + "requireExplicitPolicy2subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.9.8"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest09RequireExplicitPolicy, + Section9ValidRequireExplicitPolicyTest1, + Section9ValidRequireExplicitPolicyTest2, + Section9InvalidRequireExplicitPolicyTest3, + Section9ValidRequireExplicitPolicyTest4, + Section9InvalidRequireExplicitPolicyTest5, + Section9ValidSelfIssuedrequireExplicitPolicyTest6, + Section9InvalidSelfIssuedrequireExplicitPolicyTest7, + Section9InvalidSelfIssuedrequireExplicitPolicyTest8); + +template +class PkitsTest10PolicyMappings : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest10PolicyMappings); + +// 4.10.1 Valid Policy Mapping Test1 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest1Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "Mapping1to2CACert", + "ValidPolicyMappingTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "Mapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.1.1"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.10.1 Valid Policy Mapping Test1 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest1Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "Mapping1to2CACert", + "ValidPolicyMappingTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "Mapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.1.2"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.1 Valid Policy Mapping Test1 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest1Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "Mapping1to2CACert", + "ValidPolicyMappingTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "Mapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.1.3"; + info.should_validate = false; + info.SetInitialPolicyMappingInhibit(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.2 Invalid Policy Mapping Test2 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidPolicyMappingTest2Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "Mapping1to2CACert", + "InvalidPolicyMappingTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "Mapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.2"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.2 Invalid Policy Mapping Test2 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidPolicyMappingTest2Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "Mapping1to2CACert", + "InvalidPolicyMappingTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "Mapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.2"; + info.should_validate = false; + info.SetInitialPolicyMappingInhibit(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.3 Valid Policy Mapping Test3 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest3Subpart1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P12Mapping1to3CACert", + "P12Mapping1to3subCACert", "P12Mapping1to3subsubCACert", + "ValidPolicyMappingTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P12Mapping1to3CACRL", + "P12Mapping1to3subCACRL", + "P12Mapping1to3subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.3"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-1"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.3 Valid Policy Mapping Test3 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest3Subpart2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P12Mapping1to3CACert", + "P12Mapping1to3subCACert", "P12Mapping1to3subsubCACert", + "ValidPolicyMappingTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P12Mapping1to3CACRL", + "P12Mapping1to3subCACRL", + "P12Mapping1to3subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.3"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.10.4 Invalid Policy Mapping Test4 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidPolicyMappingTest4) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P12Mapping1to3CACert", + "P12Mapping1to3subCACert", "P12Mapping1to3subsubCACert", + "InvalidPolicyMappingTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P12Mapping1to3CACRL", + "P12Mapping1to3subCACRL", + "P12Mapping1to3subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.4"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.5 Valid Policy Mapping Test5 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest5Subpart1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P1Mapping1to234CACert", + "P1Mapping1to234subCACert", "ValidPolicyMappingTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P1Mapping1to234CACRL", + "P1Mapping1to234subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.5"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.10.5 Valid Policy Mapping Test5 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest5Subpart2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P1Mapping1to234CACert", + "P1Mapping1to234subCACert", "ValidPolicyMappingTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P1Mapping1to234CACRL", + "P1Mapping1to234subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.5"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-6"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.6 Valid Policy Mapping Test6 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest6Subpart1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P1Mapping1to234CACert", + "P1Mapping1to234subCACert", "ValidPolicyMappingTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P1Mapping1to234CACRL", + "P1Mapping1to234subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.6"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.10.6 Valid Policy Mapping Test6 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest6Subpart2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "P1Mapping1to234CACert", + "P1Mapping1to234subCACert", "ValidPolicyMappingTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P1Mapping1to234CACRL", + "P1Mapping1to234subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.6"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-6"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.7 Invalid Mapping From anyPolicy Test7 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidMappingFromanyPolicyTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "MappingFromanyPolicyCACert", + "InvalidMappingFromanyPolicyTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "MappingFromanyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.7"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.8 Invalid Mapping To anyPolicy Test8 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidMappingToanyPolicyTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "MappingToanyPolicyCACert", + "InvalidMappingToanyPolicyTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "MappingToanyPolicyCACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.8"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.9 Valid Policy Mapping Test9 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "PanyPolicyMapping1to2CACert", + "ValidPolicyMappingTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "PanyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.9"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.10.10 Invalid Policy Mapping Test10 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10InvalidPolicyMappingTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "GoodsubCAPanyPolicyMapping1to2CACert", + "InvalidPolicyMappingTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "GoodsubCAPanyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.10"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.11 Valid Policy Mapping Test11 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", "GoodCACert", + "GoodsubCAPanyPolicyMapping1to2CACert", + "ValidPolicyMappingTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL", + "GoodsubCAPanyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.11"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.10.12 Valid Policy Mapping Test12 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest12Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P12Mapping1to3CACert", + "ValidPolicyMappingTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P12Mapping1to3CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.12"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1"); + + this->RunTest(certs, crls, info); +} + +// 4.10.12 Valid Policy Mapping Test12 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest12Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P12Mapping1to3CACert", + "ValidPolicyMappingTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "P12Mapping1to3CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.12"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.10.13 Valid Policy Mapping Test13 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest13Subpart1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P1anyPolicyMapping1to2CACert", + "ValidPolicyMappingTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "P1anyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.13"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.10.13 Valid Policy Mapping Test13 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest13Subpart2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P1anyPolicyMapping1to2CACert", + "ValidPolicyMappingTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "P1anyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.13"; + info.should_validate = true; + info.SetInitialPolicySet("NIST-test-policy-1,NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.10.13 Valid Policy Mapping Test13 (Subpart 3) +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest13Subpart3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P1anyPolicyMapping1to2CACert", + "ValidPolicyMappingTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "P1anyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.13"; + info.should_validate = false; + info.SetInitialPolicySet("NIST-test-policy-2"); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.10.14 Valid Policy Mapping Test14 +WRAPPED_TYPED_TEST_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest14) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "P1anyPolicyMapping1to2CACert", + "ValidPolicyMappingTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "P1anyPolicyMapping1to2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.10.14"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P(PkitsTest10PolicyMappings, + Section10ValidPolicyMappingTest1Subpart1, + Section10ValidPolicyMappingTest1Subpart2, + Section10ValidPolicyMappingTest1Subpart3, + Section10InvalidPolicyMappingTest2Subpart1, + Section10InvalidPolicyMappingTest2Subpart2, + Section10ValidPolicyMappingTest3Subpart1, + Section10ValidPolicyMappingTest3Subpart2, + Section10InvalidPolicyMappingTest4, + Section10ValidPolicyMappingTest5Subpart1, + Section10ValidPolicyMappingTest5Subpart2, + Section10ValidPolicyMappingTest6Subpart1, + Section10ValidPolicyMappingTest6Subpart2, + Section10InvalidMappingFromanyPolicyTest7, + Section10InvalidMappingToanyPolicyTest8, + Section10ValidPolicyMappingTest9, + Section10InvalidPolicyMappingTest10, + Section10ValidPolicyMappingTest11, + Section10ValidPolicyMappingTest12Subpart1, + Section10ValidPolicyMappingTest12Subpart2, + Section10ValidPolicyMappingTest13Subpart1, + Section10ValidPolicyMappingTest13Subpart2, + Section10ValidPolicyMappingTest13Subpart3, + Section10ValidPolicyMappingTest14); + +template +class PkitsTest11InhibitPolicyMapping : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest11InhibitPolicyMapping); + +// 4.11.1 Invalid inhibitPolicyMapping Test1 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidinhibitPolicyMappingTest1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitPolicyMapping0CACert", + "inhibitPolicyMapping0subCACert", "InvalidinhibitPolicyMappingTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping0CACRL", + "inhibitPolicyMapping0subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.1"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.2 Valid inhibitPolicyMapping Test2 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11ValidinhibitPolicyMappingTest2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitPolicyMapping1P12CACert", + "inhibitPolicyMapping1P12subCACert", "ValidinhibitPolicyMappingTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P12CACRL", + "inhibitPolicyMapping1P12subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.2"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.11.3 Invalid inhibitPolicyMapping Test3 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidinhibitPolicyMappingTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P12CACert", + "inhibitPolicyMapping1P12subCACert", + "inhibitPolicyMapping1P12subsubCACert", + "InvalidinhibitPolicyMappingTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P12CACRL", + "inhibitPolicyMapping1P12subCACRL", + "inhibitPolicyMapping1P12subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.3"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.4 Valid inhibitPolicyMapping Test4 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11ValidinhibitPolicyMappingTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P12CACert", + "inhibitPolicyMapping1P12subCACert", + "inhibitPolicyMapping1P12subsubCACert", + "ValidinhibitPolicyMappingTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P12CACRL", + "inhibitPolicyMapping1P12subCACRL", + "inhibitPolicyMapping1P12subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.4"; + info.should_validate = true; + info.SetUserConstrainedPolicySet("NIST-test-policy-2"); + + this->RunTest(certs, crls, info); +} + +// 4.11.5 Invalid inhibitPolicyMapping Test5 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidinhibitPolicyMappingTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping5CACert", + "inhibitPolicyMapping5subCACert", + "inhibitPolicyMapping5subsubCACert", + "inhibitPolicyMapping5subsubsubCACert", + "InvalidinhibitPolicyMappingTest5EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "inhibitPolicyMapping5CACRL", + "inhibitPolicyMapping5subCACRL", "inhibitPolicyMapping5subsubCACRL", + "inhibitPolicyMapping5subsubsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.5"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.6 Invalid inhibitPolicyMapping Test6 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidinhibitPolicyMappingTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P12CACert", + "inhibitPolicyMapping1P12subCAIPM5Cert", + "inhibitPolicyMapping1P12subsubCAIPM5Cert", + "InvalidinhibitPolicyMappingTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P12CACRL", + "inhibitPolicyMapping1P12subCAIPM5CRL", + "inhibitPolicyMapping1P12subsubCAIPM5CRL"}; + PkitsTestInfo info; + info.test_number = "4.11.6"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.7 Valid Self-Issued inhibitPolicyMapping Test7 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11ValidSelfIssuedinhibitPolicyMappingTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P1CACert", + "inhibitPolicyMapping1P1SelfIssuedCACert", + "inhibitPolicyMapping1P1subCACert", + "ValidSelfIssuedinhibitPolicyMappingTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P1CACRL", + "inhibitPolicyMapping1P1subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidSelfIssuedinhibitPolicyMappingTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P1CACert", + "inhibitPolicyMapping1P1SelfIssuedCACert", + "inhibitPolicyMapping1P1subCACert", + "inhibitPolicyMapping1P1subsubCACert", + "InvalidSelfIssuedinhibitPolicyMappingTest8EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "inhibitPolicyMapping1P1CACRL", + "inhibitPolicyMapping1P1subCACRL", "inhibitPolicyMapping1P1subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.8"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidSelfIssuedinhibitPolicyMappingTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P1CACert", + "inhibitPolicyMapping1P1SelfIssuedCACert", + "inhibitPolicyMapping1P1subCACert", + "inhibitPolicyMapping1P1subsubCACert", + "InvalidSelfIssuedinhibitPolicyMappingTest9EE"}; + const char* const crls[] = { + "TrustAnchorRootCRL", "inhibitPolicyMapping1P1CACRL", + "inhibitPolicyMapping1P1subCACRL", "inhibitPolicyMapping1P1subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.9"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidSelfIssuedinhibitPolicyMappingTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P1CACert", + "inhibitPolicyMapping1P1SelfIssuedCACert", + "inhibitPolicyMapping1P1subCACert", + "inhibitPolicyMapping1P1SelfIssuedsubCACert", + "InvalidSelfIssuedinhibitPolicyMappingTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P1CACRL", + "inhibitPolicyMapping1P1subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.10"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11 +WRAPPED_TYPED_TEST_P(PkitsTest11InhibitPolicyMapping, + Section11InvalidSelfIssuedinhibitPolicyMappingTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitPolicyMapping1P1CACert", + "inhibitPolicyMapping1P1SelfIssuedCACert", + "inhibitPolicyMapping1P1subCACert", + "inhibitPolicyMapping1P1SelfIssuedsubCACert", + "InvalidSelfIssuedinhibitPolicyMappingTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "inhibitPolicyMapping1P1CACRL", + "inhibitPolicyMapping1P1subCACRL"}; + PkitsTestInfo info; + info.test_number = "4.11.11"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest11InhibitPolicyMapping, + Section11InvalidinhibitPolicyMappingTest1, + Section11ValidinhibitPolicyMappingTest2, + Section11InvalidinhibitPolicyMappingTest3, + Section11ValidinhibitPolicyMappingTest4, + Section11InvalidinhibitPolicyMappingTest5, + Section11InvalidinhibitPolicyMappingTest6, + Section11ValidSelfIssuedinhibitPolicyMappingTest7, + Section11InvalidSelfIssuedinhibitPolicyMappingTest8, + Section11InvalidSelfIssuedinhibitPolicyMappingTest9, + Section11InvalidSelfIssuedinhibitPolicyMappingTest10, + Section11InvalidSelfIssuedinhibitPolicyMappingTest11); + +template +class PkitsTest12InhibitAnyPolicy : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest12InhibitAnyPolicy); + +// 4.12.1 Invalid inhibitAnyPolicy Test1 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidinhibitAnyPolicyTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitAnyPolicy0CACert", + "InvalidinhibitAnyPolicyTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy0CACRL"}; + PkitsTestInfo info; + info.test_number = "4.12.1"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.2 Valid inhibitAnyPolicy Test2 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12ValidinhibitAnyPolicyTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitAnyPolicy0CACert", + "ValidinhibitAnyPolicyTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy0CACRL"}; + PkitsTestInfo info; + info.test_number = "4.12.2"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.12.3 inhibitAnyPolicy Test3 (Subpart 1) +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12inhibitAnyPolicyTest3Subpart1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1subCA1Cert", "inhibitAnyPolicyTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.3"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.12.3 inhibitAnyPolicy Test3 (Subpart 2) +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12inhibitAnyPolicyTest3Subpart2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1subCA1Cert", "inhibitAnyPolicyTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.3"; + info.should_validate = false; + info.SetInitialInhibitAnyPolicy(true); + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.4 Invalid inhibitAnyPolicy Test4 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidinhibitAnyPolicyTest4) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1subCA1Cert", "InvalidinhibitAnyPolicyTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.4"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.5 Invalid inhibitAnyPolicy Test5 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidinhibitAnyPolicyTest5) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy5CACert", + "inhibitAnyPolicy5subCACert", "inhibitAnyPolicy5subsubCACert", + "InvalidinhibitAnyPolicyTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy5CACRL", + "inhibitAnyPolicy5subCACRL", + "inhibitAnyPolicy5subsubCACRL"}; + PkitsTestInfo info; + info.test_number = "4.12.5"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.6 Invalid inhibitAnyPolicy Test6 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidinhibitAnyPolicyTest6) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1subCAIAP5Cert", "InvalidinhibitAnyPolicyTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCAIAP5CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.6"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.7 Valid Self-Issued inhibitAnyPolicy Test7 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12ValidSelfIssuedinhibitAnyPolicyTest7) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1SelfIssuedCACert", "inhibitAnyPolicy1subCA2Cert", + "ValidSelfIssuedinhibitAnyPolicyTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidSelfIssuedinhibitAnyPolicyTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1SelfIssuedCACert", + "inhibitAnyPolicy1subCA2Cert", + "inhibitAnyPolicy1subsubCA2Cert", + "InvalidSelfIssuedinhibitAnyPolicyTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA2CRL", + "inhibitAnyPolicy1subsubCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.8"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +// 4.12.9 Valid Self-Issued inhibitAnyPolicy Test9 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12ValidSelfIssuedinhibitAnyPolicyTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1SelfIssuedCACert", + "inhibitAnyPolicy1subCA2Cert", + "inhibitAnyPolicy1SelfIssuedsubCA2Cert", + "ValidSelfIssuedinhibitAnyPolicyTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.9"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10 +WRAPPED_TYPED_TEST_P(PkitsTest12InhibitAnyPolicy, + Section12InvalidSelfIssuedinhibitAnyPolicyTest10) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "inhibitAnyPolicy1CACert", + "inhibitAnyPolicy1SelfIssuedCACert", "inhibitAnyPolicy1subCA2Cert", + "InvalidSelfIssuedinhibitAnyPolicyTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "inhibitAnyPolicy1CACRL", + "inhibitAnyPolicy1subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.12.10"; + info.should_validate = false; + info.SetUserConstrainedPolicySet(""); + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest12InhibitAnyPolicy, + Section12InvalidinhibitAnyPolicyTest1, + Section12ValidinhibitAnyPolicyTest2, + Section12inhibitAnyPolicyTest3Subpart1, + Section12inhibitAnyPolicyTest3Subpart2, + Section12InvalidinhibitAnyPolicyTest4, + Section12InvalidinhibitAnyPolicyTest5, + Section12InvalidinhibitAnyPolicyTest6, + Section12ValidSelfIssuedinhibitAnyPolicyTest7, + Section12InvalidSelfIssuedinhibitAnyPolicyTest8, + Section12ValidSelfIssuedinhibitAnyPolicyTest9, + Section12InvalidSelfIssuedinhibitAnyPolicyTest10); + +template +class PkitsTest13NameConstraints : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest13NameConstraints); + +// 4.13.1 Valid DN nameConstraints Test1 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "ValidDNnameConstraintsTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.1"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.2 Invalid DN nameConstraints Test2 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "InvalidDNnameConstraintsTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.3 Invalid DN nameConstraints Test3 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "InvalidDNnameConstraintsTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.4 Valid DN nameConstraints Test4 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "ValidDNnameConstraintsTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.5 Valid DN nameConstraints Test5 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN2CACert", + "ValidDNnameConstraintsTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.5"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.6 Valid DN nameConstraints Test6 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN3CACert", + "ValidDNnameConstraintsTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.6"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.7 Invalid DN nameConstraints Test7 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN3CACert", + "InvalidDNnameConstraintsTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.7"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.8 Invalid DN nameConstraints Test8 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN4CACert", + "InvalidDNnameConstraintsTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN4CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.8"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.9 Invalid DN nameConstraints Test9 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN4CACert", + "InvalidDNnameConstraintsTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN4CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.9"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.10 Invalid DN nameConstraints Test10 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN5CACert", + "InvalidDNnameConstraintsTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN5CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.10"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.11 Valid DN nameConstraints Test11 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN5CACert", + "ValidDNnameConstraintsTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN5CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.11"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.12 Invalid DN nameConstraints Test12 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest12) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA1Cert", "InvalidDNnameConstraintsTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.12"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.13 Invalid DN nameConstraints Test13 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest13) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA2Cert", "InvalidDNnameConstraintsTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.13"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.14 Valid DN nameConstraints Test14 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest14) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA2Cert", "ValidDNnameConstraintsTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.14"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.15 Invalid DN nameConstraints Test15 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest15) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN3CACert", + "nameConstraintsDN3subCA1Cert", "InvalidDNnameConstraintsTest15EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL", + "nameConstraintsDN3subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.15"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.16 Invalid DN nameConstraints Test16 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest16) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN3CACert", + "nameConstraintsDN3subCA1Cert", "InvalidDNnameConstraintsTest16EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL", + "nameConstraintsDN3subCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.16"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.17 Invalid DN nameConstraints Test17 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNnameConstraintsTest17) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN3CACert", + "nameConstraintsDN3subCA2Cert", "InvalidDNnameConstraintsTest17EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL", + "nameConstraintsDN3subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.17"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.18 Valid DN nameConstraints Test18 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest18) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN3CACert", + "nameConstraintsDN3subCA2Cert", "ValidDNnameConstraintsTest18EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN3CACRL", + "nameConstraintsDN3subCA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.18"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.19 Valid Self-Issued DN nameConstraints Test19 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidSelfIssuedDNnameConstraintsTest19) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "nameConstraintsDN1CACert", + "nameConstraintsDN1SelfIssuedCACert", "ValidDNnameConstraintsTest19EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.19"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.20 Invalid Self-Issued DN nameConstraints Test20 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidSelfIssuedDNnameConstraintsTest20) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "InvalidDNnameConstraintsTest20EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.20"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.21 Valid RFC822 nameConstraints Test21 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidRFC822nameConstraintsTest21) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA1Cert", + "ValidRFC822nameConstraintsTest21EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.21"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.22 Invalid RFC822 nameConstraints Test22 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidRFC822nameConstraintsTest22) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA1Cert", + "InvalidRFC822nameConstraintsTest22EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.22"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.23 Valid RFC822 nameConstraints Test23 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidRFC822nameConstraintsTest23) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA2Cert", + "ValidRFC822nameConstraintsTest23EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.23"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.24 Invalid RFC822 nameConstraints Test24 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidRFC822nameConstraintsTest24) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA2Cert", + "InvalidRFC822nameConstraintsTest24EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA2CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.24"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.25 Valid RFC822 nameConstraints Test25 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidRFC822nameConstraintsTest25) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA3Cert", + "ValidRFC822nameConstraintsTest25EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA3CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.25"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.26 Invalid RFC822 nameConstraints Test26 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidRFC822nameConstraintsTest26) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsRFC822CA3Cert", + "InvalidRFC822nameConstraintsTest26EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "nameConstraintsRFC822CA3CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.26"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.27 Valid DN and RFC822 nameConstraints Test27 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNandRFC822nameConstraintsTest27) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA3Cert", + "ValidDNandRFC822nameConstraintsTest27EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA3CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.27"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.28 Invalid DN and RFC822 nameConstraints Test28 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNandRFC822nameConstraintsTest28) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA3Cert", + "InvalidDNandRFC822nameConstraintsTest28EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA3CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.28"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.29 Invalid DN and RFC822 nameConstraints Test29 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNandRFC822nameConstraintsTest29) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDN1CACert", + "nameConstraintsDN1subCA3Cert", + "InvalidDNandRFC822nameConstraintsTest29EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", + "nameConstraintsDN1subCA3CRL"}; + PkitsTestInfo info; + info.test_number = "4.13.29"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.30 Valid DNS nameConstraints Test30 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNSnameConstraintsTest30) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDNS1CACert", + "ValidDNSnameConstraintsTest30EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDNS1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.30"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.31 Invalid DNS nameConstraints Test31 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNSnameConstraintsTest31) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDNS1CACert", + "InvalidDNSnameConstraintsTest31EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDNS1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.31"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.32 Valid DNS nameConstraints Test32 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidDNSnameConstraintsTest32) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDNS2CACert", + "ValidDNSnameConstraintsTest32EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDNS2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.32"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.33 Invalid DNS nameConstraints Test33 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNSnameConstraintsTest33) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDNS2CACert", + "InvalidDNSnameConstraintsTest33EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDNS2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.33"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.34 Valid URI nameConstraints Test34 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidURInameConstraintsTest34) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsURI1CACert", + "ValidURInameConstraintsTest34EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.34"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.35 Invalid URI nameConstraints Test35 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidURInameConstraintsTest35) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsURI1CACert", + "InvalidURInameConstraintsTest35EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.35"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.36 Valid URI nameConstraints Test36 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13ValidURInameConstraintsTest36) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsURI2CACert", + "ValidURInameConstraintsTest36EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.36"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.13.37 Invalid URI nameConstraints Test37 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidURInameConstraintsTest37) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsURI2CACert", + "InvalidURInameConstraintsTest37EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.37"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.13.38 Invalid DNS nameConstraints Test38 +WRAPPED_TYPED_TEST_P(PkitsTest13NameConstraints, + Section13InvalidDNSnameConstraintsTest38) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "nameConstraintsDNS1CACert", + "InvalidDNSnameConstraintsTest38EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDNS1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.13.38"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest13NameConstraints, + Section13ValidDNnameConstraintsTest1, + Section13InvalidDNnameConstraintsTest2, + Section13InvalidDNnameConstraintsTest3, + Section13ValidDNnameConstraintsTest4, + Section13ValidDNnameConstraintsTest5, + Section13ValidDNnameConstraintsTest6, + Section13InvalidDNnameConstraintsTest7, + Section13InvalidDNnameConstraintsTest8, + Section13InvalidDNnameConstraintsTest9, + Section13InvalidDNnameConstraintsTest10, + Section13ValidDNnameConstraintsTest11, + Section13InvalidDNnameConstraintsTest12, + Section13InvalidDNnameConstraintsTest13, + Section13ValidDNnameConstraintsTest14, + Section13InvalidDNnameConstraintsTest15, + Section13InvalidDNnameConstraintsTest16, + Section13InvalidDNnameConstraintsTest17, + Section13ValidDNnameConstraintsTest18, + Section13ValidSelfIssuedDNnameConstraintsTest19, + Section13InvalidSelfIssuedDNnameConstraintsTest20, + Section13ValidRFC822nameConstraintsTest21, + Section13InvalidRFC822nameConstraintsTest22, + Section13ValidRFC822nameConstraintsTest23, + Section13InvalidRFC822nameConstraintsTest24, + Section13ValidRFC822nameConstraintsTest25, + Section13InvalidRFC822nameConstraintsTest26, + Section13ValidDNandRFC822nameConstraintsTest27, + Section13InvalidDNandRFC822nameConstraintsTest28, + Section13InvalidDNandRFC822nameConstraintsTest29, + Section13ValidDNSnameConstraintsTest30, + Section13InvalidDNSnameConstraintsTest31, + Section13ValidDNSnameConstraintsTest32, + Section13InvalidDNSnameConstraintsTest33, + Section13ValidURInameConstraintsTest34, + Section13InvalidURInameConstraintsTest35, + Section13ValidURInameConstraintsTest36, + Section13InvalidURInameConstraintsTest37, + Section13InvalidDNSnameConstraintsTest38); + +template +class PkitsTest14DistributionPoints : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest14DistributionPoints); + +// 4.14.1 Valid distributionPoint Test1 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValiddistributionPointTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint1CACert", + "ValiddistributionPointTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.1"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.2 Invalid distributionPoint Test2 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvaliddistributionPointTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint1CACert", + "InvaliddistributionPointTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.3 Invalid distributionPoint Test3 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvaliddistributionPointTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint1CACert", + "InvaliddistributionPointTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.4 Valid distributionPoint Test4 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValiddistributionPointTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint1CACert", + "ValiddistributionPointTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint1CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.4"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.5 Valid distributionPoint Test5 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValiddistributionPointTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint2CACert", + "ValiddistributionPointTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.5"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.6 Invalid distributionPoint Test6 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvaliddistributionPointTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint2CACert", + "InvaliddistributionPointTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.7 Valid distributionPoint Test7 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValiddistributionPointTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint2CACert", + "ValiddistributionPointTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.8 Invalid distributionPoint Test8 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvaliddistributionPointTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint2CACert", + "InvaliddistributionPointTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.8"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.9 Invalid distributionPoint Test9 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvaliddistributionPointTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "distributionPoint2CACert", + "InvaliddistributionPointTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "distributionPoint2CACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.9"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.10 Valid No issuingDistributionPoint Test10 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidNoissuingDistributionPointTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "NoissuingDistributionPointCACert", + "ValidNoissuingDistributionPointTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "NoissuingDistributionPointCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.10"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.11 Invalid onlyContainsUserCerts CRL Test11 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlyContainsUserCertsCRLTest11) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlyContainsUserCertsCACert", + "InvalidonlyContainsUserCertsTest11EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlyContainsUserCertsCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.11"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.12 Invalid onlyContainsCACerts CRL Test12 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlyContainsCACertsCRLTest12) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlyContainsCACertsCACert", + "InvalidonlyContainsCACertsTest12EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "onlyContainsCACertsCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.12"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.13 Valid onlyContainsCACerts CRL Test13 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidonlyContainsCACertsCRLTest13) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlyContainsCACertsCACert", + "ValidonlyContainsCACertsTest13EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "onlyContainsCACertsCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.13"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.14 Invalid onlyContainsAttributeCerts Test14 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlyContainsAttributeCertsTest14) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlyContainsAttributeCertsCACert", + "InvalidonlyContainsAttributeCertsTest14EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlyContainsAttributeCertsCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.14"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.15 Invalid onlySomeReasons Test15 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlySomeReasonsTest15) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA1Cert", + "InvalidonlySomeReasonsTest15EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA1compromiseCRL", + "onlySomeReasonsCA1otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.15"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.16 Invalid onlySomeReasons Test16 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlySomeReasonsTest16) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA1Cert", + "InvalidonlySomeReasonsTest16EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA1compromiseCRL", + "onlySomeReasonsCA1otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.16"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.17 Invalid onlySomeReasons Test17 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlySomeReasonsTest17) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA2Cert", + "InvalidonlySomeReasonsTest17EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "onlySomeReasonsCA2CRL1", + "onlySomeReasonsCA2CRL2"}; + PkitsTestInfo info; + info.test_number = "4.14.17"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.18 Valid onlySomeReasons Test18 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidonlySomeReasonsTest18) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA3Cert", + "ValidonlySomeReasonsTest18EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA3compromiseCRL", + "onlySomeReasonsCA3otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.18"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.19 Valid onlySomeReasons Test19 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidonlySomeReasonsTest19) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA4Cert", + "ValidonlySomeReasonsTest19EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA4compromiseCRL", + "onlySomeReasonsCA4otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.19"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.20 Invalid onlySomeReasons Test20 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlySomeReasonsTest20) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA4Cert", + "InvalidonlySomeReasonsTest20EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA4compromiseCRL", + "onlySomeReasonsCA4otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.20"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.21 Invalid onlySomeReasons Test21 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidonlySomeReasonsTest21) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "onlySomeReasonsCA4Cert", + "InvalidonlySomeReasonsTest21EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "onlySomeReasonsCA4compromiseCRL", + "onlySomeReasonsCA4otherreasonsCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.21"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.22 Valid IDP with indirectCRL Test22 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidIDPwithindirectCRLTest22) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA1Cert", + "ValidIDPwithindirectCRLTest22EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.22"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.23 Invalid IDP with indirectCRL Test23 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidIDPwithindirectCRLTest23) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA1Cert", + "InvalidIDPwithindirectCRLTest23EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.23"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.24 Valid IDP with indirectCRL Test24 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidIDPwithindirectCRLTest24) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA2Cert", "indirectCRLCA1Cert", + "ValidIDPwithindirectCRLTest24EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.24"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.25 Valid IDP with indirectCRL Test25 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidIDPwithindirectCRLTest25) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA2Cert", "indirectCRLCA1Cert", + "ValidIDPwithindirectCRLTest25EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.25"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.26 Invalid IDP with indirectCRL Test26 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidIDPwithindirectCRLTest26) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA2Cert", "indirectCRLCA1Cert", + "InvalidIDPwithindirectCRLTest26EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA1CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.26"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.27 Invalid cRLIssuer Test27 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidcRLIssuerTest27) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA2Cert", "GoodCACert", + "InvalidcRLIssuerTest27EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "GoodCACRL"}; + PkitsTestInfo info; + info.test_number = "4.14.27"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.28 Valid cRLIssuer Test28 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidcRLIssuerTest28) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "indirectCRLCA3Cert", + "indirectCRLCA3cRLIssuerCert", "ValidcRLIssuerTest28EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA3CRL", + "indirectCRLCA3cRLIssuerCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.28"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.29 Valid cRLIssuer Test29 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidcRLIssuerTest29) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "indirectCRLCA3Cert", + "indirectCRLCA3cRLIssuerCert", "ValidcRLIssuerTest29EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA3CRL", + "indirectCRLCA3cRLIssuerCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.29"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.30 Valid cRLIssuer Test30 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidcRLIssuerTest30) { + const char* const certs[] = { + "TrustAnchorRootCertificate", "indirectCRLCA4Cert", + "indirectCRLCA4cRLIssuerCert", "ValidcRLIssuerTest30EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "indirectCRLCA4cRLIssuerCRL"}; + PkitsTestInfo info; + info.test_number = "4.14.30"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.31 Invalid cRLIssuer Test31 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidcRLIssuerTest31) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA5Cert", "indirectCRLCA6Cert", + "InvalidcRLIssuerTest31EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA5CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.31"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.32 Invalid cRLIssuer Test32 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidcRLIssuerTest32) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA5Cert", "indirectCRLCA6Cert", + "InvalidcRLIssuerTest32EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA5CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.32"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.33 Valid cRLIssuer Test33 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14ValidcRLIssuerTest33) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA5Cert", "indirectCRLCA6Cert", + "ValidcRLIssuerTest33EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA5CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.33"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.14.34 Invalid cRLIssuer Test34 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidcRLIssuerTest34) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA5Cert", + "InvalidcRLIssuerTest34EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA5CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.34"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.14.35 Invalid cRLIssuer Test35 +WRAPPED_TYPED_TEST_P(PkitsTest14DistributionPoints, + Section14InvalidcRLIssuerTest35) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "indirectCRLCA5Cert", + "InvalidcRLIssuerTest35EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "indirectCRLCA5CRL"}; + PkitsTestInfo info; + info.test_number = "4.14.35"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest14DistributionPoints, + Section14ValiddistributionPointTest1, + Section14InvaliddistributionPointTest2, + Section14InvaliddistributionPointTest3, + Section14ValiddistributionPointTest4, + Section14ValiddistributionPointTest5, + Section14InvaliddistributionPointTest6, + Section14ValiddistributionPointTest7, + Section14InvaliddistributionPointTest8, + Section14InvaliddistributionPointTest9, + Section14ValidNoissuingDistributionPointTest10, + Section14InvalidonlyContainsUserCertsCRLTest11, + Section14InvalidonlyContainsCACertsCRLTest12, + Section14ValidonlyContainsCACertsCRLTest13, + Section14InvalidonlyContainsAttributeCertsTest14, + Section14InvalidonlySomeReasonsTest15, + Section14InvalidonlySomeReasonsTest16, + Section14InvalidonlySomeReasonsTest17, + Section14ValidonlySomeReasonsTest18, + Section14ValidonlySomeReasonsTest19, + Section14InvalidonlySomeReasonsTest20, + Section14InvalidonlySomeReasonsTest21, + Section14ValidIDPwithindirectCRLTest22, + Section14InvalidIDPwithindirectCRLTest23, + Section14ValidIDPwithindirectCRLTest24, + Section14ValidIDPwithindirectCRLTest25, + Section14InvalidIDPwithindirectCRLTest26, + Section14InvalidcRLIssuerTest27, + Section14ValidcRLIssuerTest28, + Section14ValidcRLIssuerTest29, + Section14ValidcRLIssuerTest30, + Section14InvalidcRLIssuerTest31, + Section14InvalidcRLIssuerTest32, + Section14ValidcRLIssuerTest33, + Section14InvalidcRLIssuerTest34, + Section14InvalidcRLIssuerTest35); + +template +class PkitsTest15DeltaCRLs : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest15DeltaCRLs); + +// 4.15.1 Invalid deltaCRLIndicator No Base Test1 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, + Section15InvaliddeltaCRLIndicatorNoBaseTest1) { + const char* const certs[] = {"TrustAnchorRootCertificate", + "deltaCRLIndicatorNoBaseCACert", + "InvaliddeltaCRLIndicatorNoBaseTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", + "deltaCRLIndicatorNoBaseCACRL"}; + PkitsTestInfo info; + info.test_number = "4.15.1"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.15.2 Valid delta-CRL Test2 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15ValiddeltaCRLTest2) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "ValiddeltaCRLTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.2"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.15.3 Invalid delta-CRL Test3 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15InvaliddeltaCRLTest3) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "InvaliddeltaCRLTest3EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.3"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.15.4 Invalid delta-CRL Test4 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15InvaliddeltaCRLTest4) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "InvaliddeltaCRLTest4EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.4"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.15.5 Valid delta-CRL Test5 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15ValiddeltaCRLTest5) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "ValiddeltaCRLTest5EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.5"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.15.6 Invalid delta-CRL Test6 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15InvaliddeltaCRLTest6) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "InvaliddeltaCRLTest6EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.6"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.15.7 Valid delta-CRL Test7 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15ValiddeltaCRLTest7) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA1Cert", + "ValiddeltaCRLTest7EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA1CRL", + "deltaCRLCA1deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.7"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.15.8 Valid delta-CRL Test8 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15ValiddeltaCRLTest8) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA2Cert", + "ValiddeltaCRLTest8EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA2CRL", + "deltaCRLCA2deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.8"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.15.9 Invalid delta-CRL Test9 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15InvaliddeltaCRLTest9) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA2Cert", + "InvaliddeltaCRLTest9EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA2CRL", + "deltaCRLCA2deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.9"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +// 4.15.10 Invalid delta-CRL Test10 +WRAPPED_TYPED_TEST_P(PkitsTest15DeltaCRLs, Section15InvaliddeltaCRLTest10) { + const char* const certs[] = {"TrustAnchorRootCertificate", "deltaCRLCA3Cert", + "InvaliddeltaCRLTest10EE"}; + const char* const crls[] = {"TrustAnchorRootCRL", "deltaCRLCA3CRL", + "deltaCRLCA3deltaCRL"}; + PkitsTestInfo info; + info.test_number = "4.15.10"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest15DeltaCRLs, + Section15InvaliddeltaCRLIndicatorNoBaseTest1, + Section15ValiddeltaCRLTest2, + Section15InvaliddeltaCRLTest3, + Section15InvaliddeltaCRLTest4, + Section15ValiddeltaCRLTest5, + Section15InvaliddeltaCRLTest6, + Section15ValiddeltaCRLTest7, + Section15ValiddeltaCRLTest8, + Section15InvaliddeltaCRLTest9, + Section15InvaliddeltaCRLTest10); + +template +class PkitsTest16PrivateCertificateExtensions + : public PkitsTest {}; +TYPED_TEST_SUITE_P(PkitsTest16PrivateCertificateExtensions); + +// 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 +WRAPPED_TYPED_TEST_P( + PkitsTest16PrivateCertificateExtensions, + Section16ValidUnknownNotCriticalCertificateExtensionTest1) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "ValidUnknownNotCriticalCertificateExtensionTest1EE"}; + const char* const crls[] = {"TrustAnchorRootCRL"}; + PkitsTestInfo info; + info.test_number = "4.16.1"; + info.should_validate = true; + + this->RunTest(certs, crls, info); +} + +// 4.16.2 Invalid Unknown Critical Certificate Extension Test2 +WRAPPED_TYPED_TEST_P(PkitsTest16PrivateCertificateExtensions, + Section16InvalidUnknownCriticalCertificateExtensionTest2) { + const char* const certs[] = { + "TrustAnchorRootCertificate", + "InvalidUnknownCriticalCertificateExtensionTest2EE"}; + const char* const crls[] = {"TrustAnchorRootCRL"}; + PkitsTestInfo info; + info.test_number = "4.16.2"; + info.should_validate = false; + + this->RunTest(certs, crls, info); +} + +WRAPPED_REGISTER_TYPED_TEST_SUITE_P( + PkitsTest16PrivateCertificateExtensions, + Section16ValidUnknownNotCriticalCertificateExtensionTest1, + Section16InvalidUnknownCriticalCertificateExtensionTest2); diff --git a/pki/testdata/nist-pkits/test_bundle_data.filelist b/pki/testdata/nist-pkits/test_bundle_data.filelist new file mode 100644 index 0000000000..a4aea263ef --- /dev/null +++ b/pki/testdata/nist-pkits/test_bundle_data.filelist @@ -0,0 +1,584 @@ +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# NOTE: this file is generated by build/ios/update_bundle_filelist.py +# If it requires updating, you should get a presubmit error with +# instructions on how to regenerate. Otherwise, do not edit. +certs/AllCertificatesNoPoliciesTest2EE.crt +certs/AllCertificatesSamePoliciesTest10EE.crt +certs/AllCertificatesSamePoliciesTest13EE.crt +certs/AllCertificatesanyPolicyTest11EE.crt +certs/AnyPolicyTest14EE.crt +certs/BadCRLIssuerNameCACert.crt +certs/BadCRLSignatureCACert.crt +certs/BadSignedCACert.crt +certs/BadnotAfterDateCACert.crt +certs/BadnotBeforeDateCACert.crt +certs/BasicSelfIssuedCRLSigningKeyCACert.crt +certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt +certs/BasicSelfIssuedNewKeyCACert.crt +certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt +certs/BasicSelfIssuedOldKeyCACert.crt +certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt +certs/CPSPointerQualifierTest20EE.crt +certs/DSACACert.crt +certs/DSAParametersInheritedCACert.crt +certs/DifferentPoliciesTest12EE.crt +certs/DifferentPoliciesTest3EE.crt +certs/DifferentPoliciesTest4EE.crt +certs/DifferentPoliciesTest5EE.crt +certs/DifferentPoliciesTest7EE.crt +certs/DifferentPoliciesTest8EE.crt +certs/DifferentPoliciesTest9EE.crt +certs/GeneralizedTimeCRLnextUpdateCACert.crt +certs/GoodCACert.crt +certs/GoodsubCACert.crt +certs/GoodsubCAPanyPolicyMapping1to2CACert.crt +certs/InvalidBadCRLIssuerNameTest5EE.crt +certs/InvalidBadCRLSignatureTest4EE.crt +certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt +certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt +certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt +certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt +certs/InvalidCASignatureTest2EE.crt +certs/InvalidCAnotAfterDateTest5EE.crt +certs/InvalidCAnotBeforeDateTest1EE.crt +certs/InvalidDNSnameConstraintsTest31EE.crt +certs/InvalidDNSnameConstraintsTest33EE.crt +certs/InvalidDNSnameConstraintsTest38EE.crt +certs/InvalidDNandRFC822nameConstraintsTest28EE.crt +certs/InvalidDNandRFC822nameConstraintsTest29EE.crt +certs/InvalidDNnameConstraintsTest10EE.crt +certs/InvalidDNnameConstraintsTest12EE.crt +certs/InvalidDNnameConstraintsTest13EE.crt +certs/InvalidDNnameConstraintsTest15EE.crt +certs/InvalidDNnameConstraintsTest16EE.crt +certs/InvalidDNnameConstraintsTest17EE.crt +certs/InvalidDNnameConstraintsTest20EE.crt +certs/InvalidDNnameConstraintsTest2EE.crt +certs/InvalidDNnameConstraintsTest3EE.crt +certs/InvalidDNnameConstraintsTest7EE.crt +certs/InvalidDNnameConstraintsTest8EE.crt +certs/InvalidDNnameConstraintsTest9EE.crt +certs/InvalidDSASignatureTest6EE.crt +certs/InvalidEESignatureTest3EE.crt +certs/InvalidEEnotAfterDateTest6EE.crt +certs/InvalidEEnotBeforeDateTest2EE.crt +certs/InvalidIDPwithindirectCRLTest23EE.crt +certs/InvalidIDPwithindirectCRLTest26EE.crt +certs/InvalidLongSerialNumberTest18EE.crt +certs/InvalidMappingFromanyPolicyTest7EE.crt +certs/InvalidMappingToanyPolicyTest8EE.crt +certs/InvalidMissingCRLTest1EE.crt +certs/InvalidMissingbasicConstraintsTest1EE.crt +certs/InvalidNameChainingOrderTest2EE.crt +certs/InvalidNameChainingTest1EE.crt +certs/InvalidNegativeSerialNumberTest15EE.crt +certs/InvalidOldCRLnextUpdateTest11EE.crt +certs/InvalidPolicyMappingTest10EE.crt +certs/InvalidPolicyMappingTest2EE.crt +certs/InvalidPolicyMappingTest4EE.crt +certs/InvalidRFC822nameConstraintsTest22EE.crt +certs/InvalidRFC822nameConstraintsTest24EE.crt +certs/InvalidRFC822nameConstraintsTest26EE.crt +certs/InvalidRevokedCATest2EE.crt +certs/InvalidRevokedEETest3EE.crt +certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt +certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt +certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt +certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt +certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt +certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt +certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt +certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt +certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt +certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt +certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt +certs/InvalidURInameConstraintsTest35EE.crt +certs/InvalidURInameConstraintsTest37EE.crt +certs/InvalidUnknownCRLEntryExtensionTest8EE.crt +certs/InvalidUnknownCRLExtensionTest10EE.crt +certs/InvalidUnknownCRLExtensionTest9EE.crt +certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt +certs/InvalidWrongCRLTest6EE.crt +certs/InvalidcAFalseTest2EE.crt +certs/InvalidcAFalseTest3EE.crt +certs/InvalidcRLIssuerTest27EE.crt +certs/InvalidcRLIssuerTest31EE.crt +certs/InvalidcRLIssuerTest32EE.crt +certs/InvalidcRLIssuerTest34EE.crt +certs/InvalidcRLIssuerTest35EE.crt +certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt +certs/InvaliddeltaCRLTest10EE.crt +certs/InvaliddeltaCRLTest3EE.crt +certs/InvaliddeltaCRLTest4EE.crt +certs/InvaliddeltaCRLTest6EE.crt +certs/InvaliddeltaCRLTest9EE.crt +certs/InvaliddistributionPointTest2EE.crt +certs/InvaliddistributionPointTest3EE.crt +certs/InvaliddistributionPointTest6EE.crt +certs/InvaliddistributionPointTest8EE.crt +certs/InvaliddistributionPointTest9EE.crt +certs/InvalidinhibitAnyPolicyTest1EE.crt +certs/InvalidinhibitAnyPolicyTest4EE.crt +certs/InvalidinhibitAnyPolicyTest5EE.crt +certs/InvalidinhibitAnyPolicyTest6EE.crt +certs/InvalidinhibitPolicyMappingTest1EE.crt +certs/InvalidinhibitPolicyMappingTest3EE.crt +certs/InvalidinhibitPolicyMappingTest5EE.crt +certs/InvalidinhibitPolicyMappingTest6EE.crt +certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt +certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt +certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt +certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt +certs/InvalidonlyContainsAttributeCertsTest14EE.crt +certs/InvalidonlyContainsCACertsTest12EE.crt +certs/InvalidonlyContainsUserCertsTest11EE.crt +certs/InvalidonlySomeReasonsTest15EE.crt +certs/InvalidonlySomeReasonsTest16EE.crt +certs/InvalidonlySomeReasonsTest17EE.crt +certs/InvalidonlySomeReasonsTest20EE.crt +certs/InvalidonlySomeReasonsTest21EE.crt +certs/InvalidpathLenConstraintTest10EE.crt +certs/InvalidpathLenConstraintTest11EE.crt +certs/InvalidpathLenConstraintTest12EE.crt +certs/InvalidpathLenConstraintTest5EE.crt +certs/InvalidpathLenConstraintTest6EE.crt +certs/InvalidpathLenConstraintTest9EE.crt +certs/Invalidpre2000CRLnextUpdateTest12EE.crt +certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt +certs/InvalidrequireExplicitPolicyTest3EE.crt +certs/InvalidrequireExplicitPolicyTest5EE.crt +certs/LongSerialNumberCACert.crt +certs/Mapping1to2CACert.crt +certs/MappingFromanyPolicyCACert.crt +certs/MappingToanyPolicyCACert.crt +certs/MissingbasicConstraintsCACert.crt +certs/NameOrderingCACert.crt +certs/NegativeSerialNumberCACert.crt +certs/NoCRLCACert.crt +certs/NoPoliciesCACert.crt +certs/NoissuingDistributionPointCACert.crt +certs/OldCRLnextUpdateCACert.crt +certs/OverlappingPoliciesTest6EE.crt +certs/P12Mapping1to3CACert.crt +certs/P12Mapping1to3subCACert.crt +certs/P12Mapping1to3subsubCACert.crt +certs/P1Mapping1to234CACert.crt +certs/P1Mapping1to234subCACert.crt +certs/P1anyPolicyMapping1to2CACert.crt +certs/PanyPolicyMapping1to2CACert.crt +certs/PoliciesP1234CACert.crt +certs/PoliciesP1234subCAP123Cert.crt +certs/PoliciesP1234subsubCAP123P12Cert.crt +certs/PoliciesP123CACert.crt +certs/PoliciesP123subCAP12Cert.crt +certs/PoliciesP123subsubCAP12P1Cert.crt +certs/PoliciesP123subsubCAP12P2Cert.crt +certs/PoliciesP123subsubsubCAP12P2P1Cert.crt +certs/PoliciesP12CACert.crt +certs/PoliciesP12subCAP1Cert.crt +certs/PoliciesP12subsubCAP1P2Cert.crt +certs/PoliciesP2subCA2Cert.crt +certs/PoliciesP2subCACert.crt +certs/PoliciesP3CACert.crt +certs/RFC3280MandatoryAttributeTypesCACert.crt +certs/RFC3280OptionalAttributeTypesCACert.crt +certs/RevokedsubCACert.crt +certs/RolloverfromPrintableStringtoUTF8StringCACert.crt +certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt +certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt +certs/SeparateCertificateandCRLKeysCRLSigningCert.crt +certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt +certs/TrustAnchorRootCertificate.crt +certs/TwoCRLsCACert.crt +certs/UIDCACert.crt +certs/UTF8StringCaseInsensitiveMatchCACert.crt +certs/UTF8StringEncodedNamesCACert.crt +certs/UnknownCRLEntryExtensionCACert.crt +certs/UnknownCRLExtensionCACert.crt +certs/UserNoticeQualifierTest15EE.crt +certs/UserNoticeQualifierTest16EE.crt +certs/UserNoticeQualifierTest17EE.crt +certs/UserNoticeQualifierTest18EE.crt +certs/UserNoticeQualifierTest19EE.crt +certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt +certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt +certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt +certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt +certs/ValidCertificatePathTest1EE.crt +certs/ValidDNSnameConstraintsTest30EE.crt +certs/ValidDNSnameConstraintsTest32EE.crt +certs/ValidDNandRFC822nameConstraintsTest27EE.crt +certs/ValidDNnameConstraintsTest11EE.crt +certs/ValidDNnameConstraintsTest14EE.crt +certs/ValidDNnameConstraintsTest18EE.crt +certs/ValidDNnameConstraintsTest19EE.crt +certs/ValidDNnameConstraintsTest1EE.crt +certs/ValidDNnameConstraintsTest4EE.crt +certs/ValidDNnameConstraintsTest5EE.crt +certs/ValidDNnameConstraintsTest6EE.crt +certs/ValidDSAParameterInheritanceTest5EE.crt +certs/ValidDSASignaturesTest4EE.crt +certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt +certs/ValidGeneralizedTimenotAfterDateTest8EE.crt +certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt +certs/ValidIDPwithindirectCRLTest22EE.crt +certs/ValidIDPwithindirectCRLTest24EE.crt +certs/ValidIDPwithindirectCRLTest25EE.crt +certs/ValidLongSerialNumberTest16EE.crt +certs/ValidLongSerialNumberTest17EE.crt +certs/ValidNameChainingCapitalizationTest5EE.crt +certs/ValidNameChainingWhitespaceTest3EE.crt +certs/ValidNameChainingWhitespaceTest4EE.crt +certs/ValidNameUIDsTest6EE.crt +certs/ValidNegativeSerialNumberTest14EE.crt +certs/ValidNoissuingDistributionPointTest10EE.crt +certs/ValidPolicyMappingTest11EE.crt +certs/ValidPolicyMappingTest12EE.crt +certs/ValidPolicyMappingTest13EE.crt +certs/ValidPolicyMappingTest14EE.crt +certs/ValidPolicyMappingTest1EE.crt +certs/ValidPolicyMappingTest3EE.crt +certs/ValidPolicyMappingTest5EE.crt +certs/ValidPolicyMappingTest6EE.crt +certs/ValidPolicyMappingTest9EE.crt +certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt +certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt +certs/ValidRFC822nameConstraintsTest21EE.crt +certs/ValidRFC822nameConstraintsTest23EE.crt +certs/ValidRFC822nameConstraintsTest25EE.crt +certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt +certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt +certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt +certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt +certs/ValidSelfIssuedpathLenConstraintTest15EE.crt +certs/ValidSelfIssuedpathLenConstraintTest17EE.crt +certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt +certs/ValidSeparateCertificateandCRLKeysTest19EE.crt +certs/ValidTwoCRLsTest7EE.crt +certs/ValidURInameConstraintsTest34EE.crt +certs/ValidURInameConstraintsTest36EE.crt +certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt +certs/ValidUTF8StringEncodedNamesTest9EE.crt +certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt +certs/ValidbasicConstraintsNotCriticalTest4EE.crt +certs/ValidcRLIssuerTest28EE.crt +certs/ValidcRLIssuerTest29EE.crt +certs/ValidcRLIssuerTest30EE.crt +certs/ValidcRLIssuerTest33EE.crt +certs/ValiddeltaCRLTest2EE.crt +certs/ValiddeltaCRLTest5EE.crt +certs/ValiddeltaCRLTest7EE.crt +certs/ValiddeltaCRLTest8EE.crt +certs/ValiddistributionPointTest1EE.crt +certs/ValiddistributionPointTest4EE.crt +certs/ValiddistributionPointTest5EE.crt +certs/ValiddistributionPointTest7EE.crt +certs/ValidinhibitAnyPolicyTest2EE.crt +certs/ValidinhibitPolicyMappingTest2EE.crt +certs/ValidinhibitPolicyMappingTest4EE.crt +certs/ValidkeyUsageNotCriticalTest3EE.crt +certs/ValidonlyContainsCACertsTest13EE.crt +certs/ValidonlySomeReasonsTest18EE.crt +certs/ValidonlySomeReasonsTest19EE.crt +certs/ValidpathLenConstraintTest13EE.crt +certs/ValidpathLenConstraintTest14EE.crt +certs/ValidpathLenConstraintTest7EE.crt +certs/ValidpathLenConstraintTest8EE.crt +certs/Validpre2000UTCnotBeforeDateTest3EE.crt +certs/ValidrequireExplicitPolicyTest1EE.crt +certs/ValidrequireExplicitPolicyTest2EE.crt +certs/ValidrequireExplicitPolicyTest4EE.crt +certs/WrongCRLCACert.crt +certs/anyPolicyCACert.crt +certs/basicConstraintsCriticalcAFalseCACert.crt +certs/basicConstraintsNotCriticalCACert.crt +certs/basicConstraintsNotCriticalcAFalseCACert.crt +certs/deltaCRLCA1Cert.crt +certs/deltaCRLCA2Cert.crt +certs/deltaCRLCA3Cert.crt +certs/deltaCRLIndicatorNoBaseCACert.crt +certs/distributionPoint1CACert.crt +certs/distributionPoint2CACert.crt +certs/indirectCRLCA1Cert.crt +certs/indirectCRLCA2Cert.crt +certs/indirectCRLCA3Cert.crt +certs/indirectCRLCA3cRLIssuerCert.crt +certs/indirectCRLCA4Cert.crt +certs/indirectCRLCA4cRLIssuerCert.crt +certs/indirectCRLCA5Cert.crt +certs/indirectCRLCA6Cert.crt +certs/inhibitAnyPolicy0CACert.crt +certs/inhibitAnyPolicy1CACert.crt +certs/inhibitAnyPolicy1SelfIssuedCACert.crt +certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt +certs/inhibitAnyPolicy1subCA1Cert.crt +certs/inhibitAnyPolicy1subCA2Cert.crt +certs/inhibitAnyPolicy1subCAIAP5Cert.crt +certs/inhibitAnyPolicy1subsubCA2Cert.crt +certs/inhibitAnyPolicy5CACert.crt +certs/inhibitAnyPolicy5subCACert.crt +certs/inhibitAnyPolicy5subsubCACert.crt +certs/inhibitAnyPolicyTest3EE.crt +certs/inhibitPolicyMapping0CACert.crt +certs/inhibitPolicyMapping0subCACert.crt +certs/inhibitPolicyMapping1P12CACert.crt +certs/inhibitPolicyMapping1P12subCACert.crt +certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt +certs/inhibitPolicyMapping1P12subsubCACert.crt +certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt +certs/inhibitPolicyMapping1P1CACert.crt +certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt +certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt +certs/inhibitPolicyMapping1P1subCACert.crt +certs/inhibitPolicyMapping1P1subsubCACert.crt +certs/inhibitPolicyMapping5CACert.crt +certs/inhibitPolicyMapping5subCACert.crt +certs/inhibitPolicyMapping5subsubCACert.crt +certs/inhibitPolicyMapping5subsubsubCACert.crt +certs/keyUsageCriticalcRLSignFalseCACert.crt +certs/keyUsageCriticalkeyCertSignFalseCACert.crt +certs/keyUsageNotCriticalCACert.crt +certs/keyUsageNotCriticalcRLSignFalseCACert.crt +certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt +certs/nameConstraintsDN1CACert.crt +certs/nameConstraintsDN1SelfIssuedCACert.crt +certs/nameConstraintsDN1subCA1Cert.crt +certs/nameConstraintsDN1subCA2Cert.crt +certs/nameConstraintsDN1subCA3Cert.crt +certs/nameConstraintsDN2CACert.crt +certs/nameConstraintsDN3CACert.crt +certs/nameConstraintsDN3subCA1Cert.crt +certs/nameConstraintsDN3subCA2Cert.crt +certs/nameConstraintsDN4CACert.crt +certs/nameConstraintsDN5CACert.crt +certs/nameConstraintsDNS1CACert.crt +certs/nameConstraintsDNS2CACert.crt +certs/nameConstraintsRFC822CA1Cert.crt +certs/nameConstraintsRFC822CA2Cert.crt +certs/nameConstraintsRFC822CA3Cert.crt +certs/nameConstraintsURI1CACert.crt +certs/nameConstraintsURI2CACert.crt +certs/onlyContainsAttributeCertsCACert.crt +certs/onlyContainsCACertsCACert.crt +certs/onlyContainsUserCertsCACert.crt +certs/onlySomeReasonsCA1Cert.crt +certs/onlySomeReasonsCA2Cert.crt +certs/onlySomeReasonsCA3Cert.crt +certs/onlySomeReasonsCA4Cert.crt +certs/pathLenConstraint0CACert.crt +certs/pathLenConstraint0SelfIssuedCACert.crt +certs/pathLenConstraint0subCA2Cert.crt +certs/pathLenConstraint0subCACert.crt +certs/pathLenConstraint1CACert.crt +certs/pathLenConstraint1SelfIssuedCACert.crt +certs/pathLenConstraint1SelfIssuedsubCACert.crt +certs/pathLenConstraint1subCACert.crt +certs/pathLenConstraint6CACert.crt +certs/pathLenConstraint6subCA0Cert.crt +certs/pathLenConstraint6subCA1Cert.crt +certs/pathLenConstraint6subCA4Cert.crt +certs/pathLenConstraint6subsubCA00Cert.crt +certs/pathLenConstraint6subsubCA11Cert.crt +certs/pathLenConstraint6subsubCA41Cert.crt +certs/pathLenConstraint6subsubsubCA11XCert.crt +certs/pathLenConstraint6subsubsubCA41XCert.crt +certs/pre2000CRLnextUpdateCACert.crt +certs/requireExplicitPolicy0CACert.crt +certs/requireExplicitPolicy0subCACert.crt +certs/requireExplicitPolicy0subsubCACert.crt +certs/requireExplicitPolicy0subsubsubCACert.crt +certs/requireExplicitPolicy10CACert.crt +certs/requireExplicitPolicy10subCACert.crt +certs/requireExplicitPolicy10subsubCACert.crt +certs/requireExplicitPolicy10subsubsubCACert.crt +certs/requireExplicitPolicy2CACert.crt +certs/requireExplicitPolicy2SelfIssuedCACert.crt +certs/requireExplicitPolicy2SelfIssuedsubCACert.crt +certs/requireExplicitPolicy2subCACert.crt +certs/requireExplicitPolicy4CACert.crt +certs/requireExplicitPolicy4subCACert.crt +certs/requireExplicitPolicy4subsubCACert.crt +certs/requireExplicitPolicy4subsubsubCACert.crt +certs/requireExplicitPolicy5CACert.crt +certs/requireExplicitPolicy5subCACert.crt +certs/requireExplicitPolicy5subsubCACert.crt +certs/requireExplicitPolicy5subsubsubCACert.crt +certs/requireExplicitPolicy7CACert.crt +certs/requireExplicitPolicy7subCARE2Cert.crt +certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt +certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt +crls/BadCRLIssuerNameCACRL.crl +crls/BadCRLSignatureCACRL.crl +crls/BadSignedCACRL.crl +crls/BadnotAfterDateCACRL.crl +crls/BadnotBeforeDateCACRL.crl +crls/BasicSelfIssuedCRLSigningKeyCACRL.crl +crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl +crls/BasicSelfIssuedNewKeyCACRL.crl +crls/BasicSelfIssuedOldKeyCACRL.crl +crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl +crls/DSACACRL.crl +crls/DSAParametersInheritedCACRL.crl +crls/GeneralizedTimeCRLnextUpdateCACRL.crl +crls/GoodCACRL.crl +crls/GoodsubCACRL.crl +crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl +crls/LongSerialNumberCACRL.crl +crls/Mapping1to2CACRL.crl +crls/MappingFromanyPolicyCACRL.crl +crls/MappingToanyPolicyCACRL.crl +crls/MissingbasicConstraintsCACRL.crl +crls/NameOrderCACRL.crl +crls/NegativeSerialNumberCACRL.crl +crls/NoPoliciesCACRL.crl +crls/NoissuingDistributionPointCACRL.crl +crls/OldCRLnextUpdateCACRL.crl +crls/P12Mapping1to3CACRL.crl +crls/P12Mapping1to3subCACRL.crl +crls/P12Mapping1to3subsubCACRL.crl +crls/P1Mapping1to234CACRL.crl +crls/P1Mapping1to234subCACRL.crl +crls/P1anyPolicyMapping1to2CACRL.crl +crls/PanyPolicyMapping1to2CACRL.crl +crls/PoliciesP1234CACRL.crl +crls/PoliciesP1234subCAP123CRL.crl +crls/PoliciesP1234subsubCAP123P12CRL.crl +crls/PoliciesP123CACRL.crl +crls/PoliciesP123subCAP12CRL.crl +crls/PoliciesP123subsubCAP12P1CRL.crl +crls/PoliciesP123subsubCAP2P2CRL.crl +crls/PoliciesP123subsubsubCAP12P2P1CRL.crl +crls/PoliciesP12CACRL.crl +crls/PoliciesP12subCAP1CRL.crl +crls/PoliciesP12subsubCAP1P2CRL.crl +crls/PoliciesP2subCA2CRL.crl +crls/PoliciesP2subCACRL.crl +crls/PoliciesP3CACRL.crl +crls/RFC3280MandatoryAttributeTypesCACRL.crl +crls/RFC3280OptionalAttributeTypesCACRL.crl +crls/RevokedsubCACRL.crl +crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl +crls/SeparateCertificateandCRLKeysCA2CRL.crl +crls/SeparateCertificateandCRLKeysCRL.crl +crls/TrustAnchorRootCRL.crl +crls/TwoCRLsCABadCRL.crl +crls/TwoCRLsCAGoodCRL.crl +crls/UIDCACRL.crl +crls/UTF8StringCaseInsensitiveMatchCACRL.crl +crls/UTF8StringEncodedNamesCACRL.crl +crls/UnknownCRLEntryExtensionCACRL.crl +crls/UnknownCRLExtensionCACRL.crl +crls/WrongCRLCACRL.crl +crls/anyPolicyCACRL.crl +crls/basicConstraintsCriticalcAFalseCACRL.crl +crls/basicConstraintsNotCriticalCACRL.crl +crls/basicConstraintsNotCriticalcAFalseCACRL.crl +crls/deltaCRLCA1CRL.crl +crls/deltaCRLCA1deltaCRL.crl +crls/deltaCRLCA2CRL.crl +crls/deltaCRLCA2deltaCRL.crl +crls/deltaCRLCA3CRL.crl +crls/deltaCRLCA3deltaCRL.crl +crls/deltaCRLIndicatorNoBaseCACRL.crl +crls/distributionPoint1CACRL.crl +crls/distributionPoint2CACRL.crl +crls/indirectCRLCA1CRL.crl +crls/indirectCRLCA3CRL.crl +crls/indirectCRLCA3cRLIssuerCRL.crl +crls/indirectCRLCA4cRLIssuerCRL.crl +crls/indirectCRLCA5CRL.crl +crls/inhibitAnyPolicy0CACRL.crl +crls/inhibitAnyPolicy1CACRL.crl +crls/inhibitAnyPolicy1subCA1CRL.crl +crls/inhibitAnyPolicy1subCA2CRL.crl +crls/inhibitAnyPolicy1subCAIAP5CRL.crl +crls/inhibitAnyPolicy1subsubCA2CRL.crl +crls/inhibitAnyPolicy5CACRL.crl +crls/inhibitAnyPolicy5subCACRL.crl +crls/inhibitAnyPolicy5subsubCACRL.crl +crls/inhibitPolicyMapping0CACRL.crl +crls/inhibitPolicyMapping0subCACRL.crl +crls/inhibitPolicyMapping1P12CACRL.crl +crls/inhibitPolicyMapping1P12subCACRL.crl +crls/inhibitPolicyMapping1P12subCAIPM5CRL.crl +crls/inhibitPolicyMapping1P12subsubCACRL.crl +crls/inhibitPolicyMapping1P12subsubCAIPM5CRL.crl +crls/inhibitPolicyMapping1P1CACRL.crl +crls/inhibitPolicyMapping1P1subCACRL.crl +crls/inhibitPolicyMapping1P1subsubCACRL.crl +crls/inhibitPolicyMapping5CACRL.crl +crls/inhibitPolicyMapping5subCACRL.crl +crls/inhibitPolicyMapping5subsubCACRL.crl +crls/inhibitPolicyMapping5subsubsubCACRL.crl +crls/keyUsageCriticalcRLSignFalseCACRL.crl +crls/keyUsageCriticalkeyCertSignFalseCACRL.crl +crls/keyUsageNotCriticalCACRL.crl +crls/keyUsageNotCriticalcRLSignFalseCACRL.crl +crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl +crls/nameConstraintsDN1CACRL.crl +crls/nameConstraintsDN1subCA1CRL.crl +crls/nameConstraintsDN1subCA2CRL.crl +crls/nameConstraintsDN1subCA3CRL.crl +crls/nameConstraintsDN2CACRL.crl +crls/nameConstraintsDN3CACRL.crl +crls/nameConstraintsDN3subCA1CRL.crl +crls/nameConstraintsDN3subCA2CRL.crl +crls/nameConstraintsDN4CACRL.crl +crls/nameConstraintsDN5CACRL.crl +crls/nameConstraintsDNS1CACRL.crl +crls/nameConstraintsDNS2CACRL.crl +crls/nameConstraintsRFC822CA1CRL.crl +crls/nameConstraintsRFC822CA2CRL.crl +crls/nameConstraintsRFC822CA3CRL.crl +crls/nameConstraintsURI1CACRL.crl +crls/nameConstraintsURI2CACRL.crl +crls/onlyContainsAttributeCertsCACRL.crl +crls/onlyContainsCACertsCACRL.crl +crls/onlyContainsUserCertsCACRL.crl +crls/onlySomeReasonsCA1compromiseCRL.crl +crls/onlySomeReasonsCA1otherreasonsCRL.crl +crls/onlySomeReasonsCA2CRL1.crl +crls/onlySomeReasonsCA2CRL2.crl +crls/onlySomeReasonsCA3compromiseCRL.crl +crls/onlySomeReasonsCA3otherreasonsCRL.crl +crls/onlySomeReasonsCA4compromiseCRL.crl +crls/onlySomeReasonsCA4otherreasonsCRL.crl +crls/pathLenConstraint0CACRL.crl +crls/pathLenConstraint0subCA2CRL.crl +crls/pathLenConstraint0subCACRL.crl +crls/pathLenConstraint1CACRL.crl +crls/pathLenConstraint1subCACRL.crl +crls/pathLenConstraint6CACRL.crl +crls/pathLenConstraint6subCA0CRL.crl +crls/pathLenConstraint6subCA1CRL.crl +crls/pathLenConstraint6subCA4CRL.crl +crls/pathLenConstraint6subsubCA00CRL.crl +crls/pathLenConstraint6subsubCA11CRL.crl +crls/pathLenConstraint6subsubCA41CRL.crl +crls/pathLenConstraint6subsubsubCA11XCRL.crl +crls/pathLenConstraint6subsubsubCA41XCRL.crl +crls/pre2000CRLnextUpdateCACRL.crl +crls/requireExplicitPolicy0CACRL.crl +crls/requireExplicitPolicy0subCACRL.crl +crls/requireExplicitPolicy0subsubCACRL.crl +crls/requireExplicitPolicy0subsubsubCACRL.crl +crls/requireExplicitPolicy10CACRL.crl +crls/requireExplicitPolicy10subCACRL.crl +crls/requireExplicitPolicy10subsubCACRL.crl +crls/requireExplicitPolicy10subsubsubCACRL.crl +crls/requireExplicitPolicy2CACRL.crl +crls/requireExplicitPolicy2subCACRL.crl +crls/requireExplicitPolicy4CACRL.crl +crls/requireExplicitPolicy4subCACRL.crl +crls/requireExplicitPolicy4subsubCACRL.crl +crls/requireExplicitPolicy4subsubsubCACRL.crl +crls/requireExplicitPolicy5CACRL.crl +crls/requireExplicitPolicy5subCACRL.crl +crls/requireExplicitPolicy5subsubCACRL.crl +crls/requireExplicitPolicy5subsubsubCACRL.crl +crls/requireExplicitPolicy7CACRL.crl +crls/requireExplicitPolicy7subCARE2CRL.crl +crls/requireExplicitPolicy7subsubCARE2RE4CRL.crl +crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl diff --git a/pki/testdata/nist-pkits/test_bundle_data.globlist b/pki/testdata/nist-pkits/test_bundle_data.globlist new file mode 100644 index 0000000000..e74c3d71ea --- /dev/null +++ b/pki/testdata/nist-pkits/test_bundle_data.globlist @@ -0,0 +1,9 @@ +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# See build/ios/update_bundle_filelist.py for details on how .globlist +# files are used to update their .filelist counterparts. + +certs/*.crt +crls/*.crl diff --git a/pki/testdata/ocsp_unittest/annotate_test_data.py b/pki/testdata/ocsp_unittest/annotate_test_data.py new file mode 100755 index 0000000000..8e9262b5d0 --- /dev/null +++ b/pki/testdata/ocsp_unittest/annotate_test_data.py @@ -0,0 +1,217 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# TODO(svaldez): Deduplicate various annotate_test_data. + +"""This script is called without any arguments to re-format all of the *.pem +files in the script's parent directory. + +The main formatting change is to run "openssl asn1parse" for each of the PEM +block sections, and add that output to the comment. It also runs the command +on the OCTET STRING representing BasicOCSPResponse. + +""" + +import glob +import os +import re +import base64 +import subprocess + + +def Transform(file_data): + """Returns a transformed (formatted) version of file_data""" + + result = '' + + for block in GetPemBlocks(file_data): + if len(result) != 0: + result += '\n' + + # If there was a user comment (non-script-generated comment) associated + # with the block, output it immediately before the block. + user_comment = GetUserComment(block.comment) + if user_comment: + result += user_comment + + generated_comment = GenerateCommentForBlock(block.name, block.data) + result += generated_comment + '\n' + + + result += MakePemBlockString(block.name, block.data) + + return result + + +def GenerateCommentForBlock(block_name, block_data): + """Returns a string describing |block_data|. The format of |block_data| is + inferred from |block_name|, and is pretty-printed accordingly. For + instance CERTIFICATE is understood to be an X.509 certificate and pretty + printed using OpenSSL's x509 command. If there is no specific pretty-printer + for the data type, it is annotated using "openssl asn1parse".""" + + # Try to pretty printing as X.509 certificate. + if "CERTIFICATE" in block_name: + p = subprocess.Popen(["openssl", "x509", "-text", "-noout", + "-inform", "DER"], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(block_data) + + # If pretty printing succeeded, return it. + if p.returncode == 0: + stdout_data = stdout_data.strip() + return '$ openssl x509 -text < [%s]\n%s' % (block_name, stdout_data) + + # Try pretty printing as OCSP Response. + if block_name == "OCSP RESPONSE": + tmp_file_path = "tmp_ocsp.der" + WriteStringToFile(block_data, tmp_file_path) + p = subprocess.Popen(["openssl", "ocsp", "-noverify", "-resp_text", + "-respin", tmp_file_path], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(block_data) + os.remove(tmp_file_path) + + # If pretty printing succeeded, return it. + if p.returncode == 0: + stdout_data = stdout_data.strip() + # May contain embedded CERTIFICATE pem blocks. Escape these since + # CERTIFICATE already has meanining in the test file. + stdout_data = stdout_data.replace("-----", "~~~~~") + return '$ openssl ocsp -resp_text -respin <([%s])\n%s' % (block_name, + stdout_data) + print 'Error pretty printing OCSP response:\n',stderr_data + + # Otherwise try pretty printing using asn1parse. + + p = subprocess.Popen(['openssl', 'asn1parse', '-i', '-inform', 'DER'], + stdout=subprocess.PIPE, stdin=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(input=block_data) + generated_comment = '$ openssl asn1parse -i < [%s]\n%s' % (block_name, + stdout_data) + + # The OCTET STRING encoded BasicOCSPResponse is also parsed out using + #'openssl asn1parse'. + if block_name == 'OCSP RESPONSE': + if '[HEX DUMP]:' in generated_comment: + (generated_comment, response) = generated_comment.split('[HEX DUMP]:', 1) + response = response.replace('\n', '') + if len(response) % 2 != 0: + response = '0' + response + response = GenerateCommentForBlock('INNER', response.decode('hex')) + response = response.split('\n', 1)[1] + response = response.replace(': ', ': ') + generated_comment += '\n%s' % (response) + return generated_comment.strip('\n') + + + +def GetUserComment(comment): + """Removes any script-generated lines (everything after the $ openssl line)""" + + # Consider everything after "$ openssl" to be a generated comment. + comment = comment.split('$ openssl', 1)[0] + if IsEntirelyWhiteSpace(comment): + comment = '' + elif not comment.endswith("\n\n"): + comment += "\n\n" + return comment + + +def MakePemBlockString(name, data): + return ('-----BEGIN %s-----\n' + '%s' + '-----END %s-----\n') % (name, EncodeDataForPem(data), name) + + +def GetPemFilePaths(): + """Returns an iterable for all the paths to the PEM test files""" + + base_dir = os.path.dirname(os.path.realpath(__file__)) + return glob.iglob(os.path.join(base_dir, '*.pem')) + + +def ReadFileToString(path): + with open(path, 'r') as f: + return f.read() + + +def WrapTextToLineWidth(text, column_width): + result = '' + pos = 0 + while pos < len(text): + result += text[pos : pos + column_width] + '\n' + pos += column_width + return result + + +def EncodeDataForPem(data): + result = base64.b64encode(data) + return WrapTextToLineWidth(result, 75) + + +class PemBlock(object): + def __init__(self): + self.name = None + self.data = None + self.comment = None + + +def StripAllWhitespace(text): + pattern = re.compile(r'\s+') + return re.sub(pattern, '', text) + + +def IsEntirelyWhiteSpace(text): + return len(StripAllWhitespace(text)) == 0 + + +def DecodePemBlockData(text): + text = StripAllWhitespace(text) + return base64.b64decode(text) + + +def GetPemBlocks(data): + """Returns an iterable of PemBlock""" + + comment_start = 0 + + regex = re.compile(r'-----BEGIN ([\w ]+)-----(.*?)-----END \1-----', + re.DOTALL) + + for match in regex.finditer(data): + block = PemBlock() + + block.name = match.group(1) + block.data = DecodePemBlockData(match.group(2)) + + # Keep track of any non-PEM text above blocks + block.comment = data[comment_start : match.start()].strip() + comment_start = match.end() + + yield block + + +def WriteStringToFile(data, path): + with open(path, "w") as f: + f.write(data) + + +def main(): + for path in GetPemFilePaths(): + print "Processing %s ..." % (path) + original_data = ReadFileToString(path) + transformed_data = Transform(original_data) + if original_data != transformed_data: + WriteStringToFile(transformed_data, path) + print "Rewrote %s" % (path) + + +if __name__ == "__main__": + main() diff --git a/pki/testdata/ocsp_unittest/bad_ocsp_type.pem b/pki/testdata/ocsp_unittest/bad_ocsp_type.pem new file mode 100644 index 0000000000..cfc977247c --- /dev/null +++ b/pki/testdata/ocsp_unittest/bad_ocsp_type.pem @@ -0,0 +1,146 @@ +Has an invalid OCSP OID + +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 311 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 304 cons: cont [ 0 ] + 11:d=2 hl=4 l= 300 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :OCSP Nonce + 26:d=3 hl=4 l= 285 prim: OCTET STRING + 0:d=0 hl=4 l= 281 cons: SEQUENCE + 4:d=1 hl=3 l= 133 cons: SEQUENCE + 7:d=2 hl=2 l= 33 cons: cont [ 1 ] + 9:d=3 hl=2 l= 31 cons: SEQUENCE + 11:d=4 hl=2 l= 29 cons: SET + 13:d=5 hl=2 l= 27 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 20 prim: UTF8STRING :Test Intermediate CA + 42:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20170302000000Z + 59:d=2 hl=2 l= 79 cons: SEQUENCE + 61:d=3 hl=2 l= 77 cons: SEQUENCE + 63:d=4 hl=2 l= 56 cons: SEQUENCE + 65:d=5 hl=2 l= 7 cons: SEQUENCE + 67:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 74:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 96:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 118:d=5 hl=2 l= 1 prim: INTEGER :04 + 121:d=4 hl=2 l= 0 prim: cont [ 0 ] + 123:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20170301000000Z + 140:d=1 hl=2 l= 11 cons: SEQUENCE + 142:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 153:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQIEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/bad_signature.pem b/pki/testdata/ocsp_unittest/bad_signature.pem new file mode 100644 index 0000000000..dbbc6495b8 --- /dev/null +++ b/pki/testdata/ocsp_unittest/bad_signature.pem @@ -0,0 +1,133 @@ +Has an invalid signature + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + de:ad:be:ef +-----BEGIN OCSP RESPONSE----- +MIG2CgEAoIGwMIGtBgkrBgEFBQcwAQEEgZ8wgZwwgYWhITAfMR0wGwYDVQQDDBRUZXN0IEludGV +ybWVkaWF0ZSBDQRgPMjAxNzAzMDIwMDAwMDBaME8wTTA4MAcGBSsOAwIaBBREmxxbMcbpmQlmUj +5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQelK78+UBDGmYCAQSAABgPMjAxNzAzMDEwMDAwMDBaMAsGC +SqGSIb3DQEBBQMFAN6tvu8= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/bad_status.pem b/pki/testdata/ocsp_unittest/bad_status.pem new file mode 100644 index 0000000000..d06d87f28e --- /dev/null +++ b/pki/testdata/ocsp_unittest/bad_status.pem @@ -0,0 +1,115 @@ +Has an invalid status larger than the defined Status enumeration + +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: ENUMERATED :11 +-----BEGIN OCSP RESPONSE----- +MAMKARE= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/good_response.pem b/pki/testdata/ocsp_unittest/good_response.pem new file mode 100644 index 0000000000..12ce77ce1b --- /dev/null +++ b/pki/testdata/ocsp_unittest/good_response.pem @@ -0,0 +1,142 @@ +Is a valid response for the cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: + 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: + 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: + 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: + 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: + 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: + 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: + 1b:74 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/good_response_next_update.pem b/pki/testdata/ocsp_unittest/good_response_next_update.pem new file mode 100644 index 0000000000..e6a8eef740 --- /dev/null +++ b/pki/testdata/ocsp_unittest/good_response_next_update.pem @@ -0,0 +1,143 @@ +Is a valid response for the cert until nextUpdate + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + Next Update: Jun 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 84:66:89:45:61:e1:78:07:e2:e0:09:4f:f1:14:d1:6a:72:09: + 41:f9:4d:d9:51:55:2f:62:82:f7:09:59:e6:fd:17:35:2c:b1: + 8d:02:4b:9c:39:1a:0b:f0:c0:0b:80:c5:55:eb:6f:c9:82:ab: + ac:c7:fe:40:c5:b4:1b:37:b6:4d:8c:50:97:e4:41:a2:c0:7d: + c7:de:12:fd:7c:8c:d6:2a:43:c8:cd:1e:c1:00:92:30:ed:84: + 97:12:2c:a7:a4:20:99:44:d6:da:4f:7a:45:33:62:bb:9a:72: + 33:2f:78:af:d1:09:0e:e7:0f:64:d4:d0:09:40:34:ca:1d:44: + 3e:cd +-----BEGIN OCSP RESPONSE----- +MIIBSgoBAKCCAUMwggE/BgkrBgEFBQcwAQEEggEwMIIBLDCBmKEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowYjBgMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqgERgPMjAxNzA2MDEwMDAwMDBaMAsGCSqGSIb3DQEBBQOBgQCEZolFYeF4B+LgCU/xFNFqcglB ++U3ZUVUvYoL3CVnm/Rc1LLGNAkucORoL8MALgMVV62/Jgqusx/5AxbQbN7ZNjFCX5EGiwH3H3hL +9fIzWKkPIzR7BAJIw7YSXEiynpCCZRNbaT3pFM2K7mnIzL3iv0QkO5w9k1NAJQDTKHUQ+zQ== +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/good_response_sha256.pem b/pki/testdata/ocsp_unittest/good_response_sha256.pem new file mode 100644 index 0000000000..7bd7cfe523 --- /dev/null +++ b/pki/testdata/ocsp_unittest/good_response_sha256.pem @@ -0,0 +1,142 @@ +Is a valid response for the cert with a SHA256 signature + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha256WithRSAEncryption + a0:b9:3b:45:a8:56:72:66:22:34:df:68:6c:39:46:e2:b1:f9: + 2c:8f:3e:22:8b:c3:96:79:42:7e:29:f5:22:c9:e8:78:fc:2b: + 31:7a:02:ad:6d:a5:5b:52:ac:1e:a2:81:72:c4:d3:d6:d5:75: + f9:11:ac:c1:21:79:cb:2c:9a:6b:d9:a9:9b:64:44:2c:ee:b3: + 07:ce:ff:40:5a:45:26:ea:83:79:e3:63:9f:f9:56:04:58:2a: + 93:7d:cc:03:46:08:a8:b4:9f:21:0c:f7:64:0b:2c:05:4f:b6: + df:5f:8f:1b:34:4b:8e:30:23:ca:8c:69:3d:95:6b:43:ab:20: + 31:88 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQELA4GBAKC5O0WoVnJmIjTfaGw5RuKx+SyPPiKLw5Z5Qn4p9SLJ6Hj8KzF6 +Aq1tpVtSrB6igXLE09bVdfkRrMEhecssmmvZqZtkRCzuswfO/0BaRSbqg3njY5/5VgRYKpN9zAN +GCKi0nyEM92QLLAVPtt9fjxs0S44wI8qMaT2Va0OrIDGI +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_critical_ct_extension.pem b/pki/testdata/ocsp_unittest/has_critical_ct_extension.pem new file mode 100644 index 0000000000..babfd33ac3 --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_critical_ct_extension.pem @@ -0,0 +1,146 @@ +Has a critical CT extension in the SingleResponse + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + Response Single Extensions: + CT Certificate SCTs: critical + DEADBEEF + + Signature Algorithm: sha1WithRSAEncryption + 3f:34:0c:f8:fc:b6:07:21:92:44:93:03:c9:a4:61:01:ba:eb: + c9:82:1e:75:e5:60:12:18:70:ac:51:c6:a8:94:a1:6e:25:18: + 2a:e1:7d:1f:93:4a:04:b0:60:d1:14:2c:85:04:e3:7f:2b:d8: + eb:10:24:bd:c1:60:3a:fc:b3:4b:40:e8:46:6e:65:09:0f:d7: + d0:30:85:d1:58:c5:a1:56:57:2b:a6:a2:2d:f1:a5:78:27:1f: + cf:b5:4f:46:90:50:62:24:c3:9f:8a:30:42:9e:ea:12:70:51: + 32:86:be:69:34:3b:d9:4b:2c:be:81:70:e3:0a:99:ae:ec:82: + 53:0f +-----BEGIN OCSP RESPONSE----- +MIIBVgoBAKCCAU8wggFLBgkrBgEFBQcwAQEEggE8MIIBODCBpKEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowbjBsMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqhHTAbMBkGCisGAQQB1nkCBAUBAf8ECERFQURCRUVGMAsGCSqGSIb3DQEBBQOBgQA/NAz4/LYH +IZJEkwPJpGEBuuvJgh515WASGHCsUcaolKFuJRgq4X0fk0oEsGDRFCyFBON/K9jrECS9wWA6/LN +LQOhGbmUJD9fQMIXRWMWhVlcrpqIt8aV4Jx/PtU9GkFBiJMOfijBCnuoScFEyhr5pNDvZSyy+gX +DjCpmu7IJTDw== +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_critical_response_extension.pem b/pki/testdata/ocsp_unittest/has_critical_response_extension.pem new file mode 100644 index 0000000000..fae7bcc00e --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_critical_response_extension.pem @@ -0,0 +1,146 @@ +Has a critical extension in the ResponseData + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Response Extensions: + 1.2.3.4: critical + DEADBEEF + Signature Algorithm: sha1WithRSAEncryption + 83:54:d0:3f:1a:22:0b:1c:2f:7c:bc:11:ec:74:f9:8f:a4:48: + cf:6a:18:95:3c:3f:ba:88:ac:31:cc:fd:e4:b2:0d:6a:d5:ad: + 97:9f:03:0e:e0:3d:08:4e:4b:ff:77:9d:1d:06:ae:bc:90:09: + 28:71:78:47:a3:63:e1:75:d3:a6:92:43:8d:60:cf:cc:cf:0b: + 5f:fe:b1:91:96:1f:81:5a:50:77:b0:c7:e3:be:98:9e:6c:64: + 44:9d:67:82:d9:87:d8:f6:93:0b:4d:8f:44:d2:51:2d:d1:61: + d7:ec:5c:46:ad:9c:6d:f1:c8:61:91:83:2b:d0:83:e8:9c:22: + df:e1 +-----BEGIN OCSP RESPONSE----- +MIIBTwoBAKCCAUgwggFEBgkrBgEFBQcwAQEEggE1MIIBMTCBnaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqhFjAUMBIGAyoDBAEB/wQIREVBREJFRUYwCwYJKoZIhvcNAQEFA4GBAINU0D8aIgscL3y8Eex0 ++Y+kSM9qGJU8P7qIrDHM/eSyDWrVrZefAw7gPQhOS/93nR0GrryQCShxeEejY+F106aSQ41gz8z +PC1/+sZGWH4FaUHewx+O+mJ5sZESdZ4LZh9j2kwtNj0TSUS3RYdfsXEatnG3xyGGRgyvQg+icIt +/h +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_critical_single_extension.pem b/pki/testdata/ocsp_unittest/has_critical_single_extension.pem new file mode 100644 index 0000000000..6777d1c7fd --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_critical_single_extension.pem @@ -0,0 +1,146 @@ +Has a critical extension in the SingleResponse + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + Response Single Extensions: + 1.2.3.4: critical + DEADBEEF + + Signature Algorithm: sha1WithRSAEncryption + 5e:15:92:5e:47:1d:c2:7f:86:2f:46:d2:54:24:5f:0e:ad:a0: + 04:9f:0b:10:e9:46:95:5d:90:10:50:d8:40:5b:2e:25:64:cb: + 43:34:c9:90:49:a8:27:39:1d:f4:e8:42:d7:50:70:54:d4:fd: + 8f:3a:b6:fe:52:00:4d:b9:52:f8:c8:7f:d0:94:2f:03:21:d9: + 0f:5a:21:94:77:3c:86:f9:c3:34:ec:7e:4c:56:10:dd:0c:af: + 87:3e:da:68:c6:98:72:97:62:5a:71:1a:84:a0:a1:79:9f:ff: + ec:76:c1:0e:24:03:21:9f:76:42:39:83:25:af:a1:93:a0:62: + 20:b6 +-----BEGIN OCSP RESPONSE----- +MIIBTwoBAKCCAUgwggFEBgkrBgEFBQcwAQEEggE1MIIBMTCBnaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowZzBlMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqhFjAUMBIGAyoDBAEB/wQIREVBREJFRUYwCwYJKoZIhvcNAQEFA4GBAF4Vkl5HHcJ/hi9G0lQk +Xw6toASfCxDpRpVdkBBQ2EBbLiVky0M0yZBJqCc5HfToQtdQcFTU/Y86tv5SAE25UvjIf9CULwM +h2Q9aIZR3PIb5wzTsfkxWEN0Mr4c+2mjGmHKXYlpxGoSgoXmf/+x2wQ4kAyGfdkI5gyWvoZOgYi +C2 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_extension.pem b/pki/testdata/ocsp_unittest/has_extension.pem new file mode 100644 index 0000000000..e2712df944 --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_extension.pem @@ -0,0 +1,145 @@ +Includes an x509v3 extension + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Response Extensions: + 1.2.3.4: + DEADBEEF + Signature Algorithm: sha1WithRSAEncryption + 25:fb:96:d4:5f:c8:d9:d5:27:92:8d:4b:4f:90:82:9b:22:0d: + fa:d5:c5:c5:75:f4:a0:a4:41:b6:8c:80:a7:0a:b4:f4:5c:53: + ff:cd:ef:77:06:4b:5a:50:17:b9:dc:8b:7f:af:7c:24:09:4a: + fc:46:72:8c:44:af:f2:a2:a3:7f:4e:62:85:1a:28:6c:8a:4d: + 0d:f1:9a:a5:fc:df:1c:7a:8f:57:7a:ff:0e:17:7a:9a:4e:af: + 9c:74:97:c6:a9:20:b9:d3:ee:a6:d5:44:73:62:61:db:3c:5d: + 0d:7a:d9:5a:72:cf:e2:ba:b8:b3:cc:7b:98:c0:e5:97:32:4d: + 8a:9d +-----BEGIN OCSP RESPONSE----- +MIIBTAoBAKCCAUUwggFBBgkrBgEFBQcwAQEEggEyMIIBLjCBmqEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqhEzARMA8GAyoDBAQIREVBREJFRUYwCwYJKoZIhvcNAQEFA4GBACX7ltRfyNnVJ5KNS0+Qgpsi +DfrVxcV19KCkQbaMgKcKtPRcU//N73cGS1pQF7nci3+vfCQJSvxGcoxEr/Kio39OYoUaKGyKTQ3 +xmqX83xx6j1d6/w4XeppOr5x0l8apILnT7qbVRHNiYds8XQ162Vpyz+K6uLPMe5jA5ZcyTYqd +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_single_extension.pem b/pki/testdata/ocsp_unittest/has_single_extension.pem new file mode 100644 index 0000000000..f192e23f61 --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_single_extension.pem @@ -0,0 +1,145 @@ +Has an extension in the SingleResponse + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + Response Single Extensions: + 1.2.3.4: + DEADBEEF + + Signature Algorithm: sha1WithRSAEncryption + b5:45:44:44:cf:bf:a5:c6:87:89:f4:98:8d:23:21:f2:d3:60: + 2f:2e:f9:30:91:fe:c3:ec:8d:29:4a:30:b9:cd:7b:08:ee:98: + ee:bf:df:8c:ec:06:35:1e:42:75:00:c3:db:0f:da:4d:ef:14: + d1:e2:aa:df:ce:15:92:5d:77:0b:8e:a0:a1:a1:6c:c0:05:80: + e2:45:51:86:2c:ec:84:d9:08:b1:bf:78:18:69:64:eb:cf:8a: + aa:95:4c:a3:a8:7b:25:73:39:39:0a:59:07:e8:5b:86:17:2c: + 86:cd:eb:b4:3d:a7:af:b6:68:79:3d:b3:3e:21:bc:7a:8b:cb: + 99:11 +-----BEGIN OCSP RESPONSE----- +MIIBTAoBAKCCAUUwggFBBgkrBgEFBQcwAQEEggEyMIIBLjCBmqEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowZDBiMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FqhEzARMA8GAyoDBAQIREVBREJFRUYwCwYJKoZIhvcNAQEFA4GBALVFRETPv6XGh4n0mI0jIfLT +YC8u+TCR/sPsjSlKMLnNewjumO6/34zsBjUeQnUAw9sP2k3vFNHiqt/OFZJddwuOoKGhbMAFgOJ +FUYYs7ITZCLG/eBhpZOvPiqqVTKOoeyVzOTkKWQfoW4YXLIbN67Q9p6+2aHk9sz4hvHqLy5kR +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/has_version.pem b/pki/testdata/ocsp_unittest/has_version.pem new file mode 100644 index 0000000000..c4afd4156c --- /dev/null +++ b/pki/testdata/ocsp_unittest/has_version.pem @@ -0,0 +1,142 @@ +Includes a default version V1 + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: + 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: + 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: + 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: + 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: + 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: + 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: + 1b:74 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/make_ocsp.py b/pki/testdata/ocsp_unittest/make_ocsp.py new file mode 100755 index 0000000000..7319e5791f --- /dev/null +++ b/pki/testdata/ocsp_unittest/make_ocsp.py @@ -0,0 +1,446 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""This script is called without any arguments to re-generate all of the *.pem +files in the script's parent directory. + +""" + +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, rfc2459 +from pyasn1.type import univ, useful +import hashlib, datetime +import subprocess +import os + +from OpenSSL import crypto + +import base64 + +NEXT_SERIAL = 0 + +# 1/1/2017 00:00 GMT +CERT_DATE = datetime.datetime(2017, 1, 1, 0, 0) +# 1/1/2018 00:00 GMT +CERT_EXPIRE = CERT_DATE + datetime.timedelta(days=365) +# 2/1/2017 00:00 GMT +REVOKE_DATE = datetime.datetime(2017, 2, 1, 0, 0) +# 3/1/2017 00:00 GMT +THIS_DATE = datetime.datetime(2017, 3, 1, 0, 0) +# 3/2/2017 00:00 GMT +PRODUCED_DATE = datetime.datetime(2017, 3, 2, 0, 0) +# 6/1/2017 00:00 GMT +NEXT_DATE = datetime.datetime(2017, 6, 1, 0, 0) + +sha1oid = univ.ObjectIdentifier('1.3.14.3.2.26') +sha1rsaoid = univ.ObjectIdentifier('1.2.840.113549.1.1.5') +sha256oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.1') +sha256rsaoid = univ.ObjectIdentifier('1.2.840.113549.1.1.11') + + +def SigAlgOid(sig_alg): + if sig_alg == 'sha1': + return sha1rsaoid + return sha256rsaoid + + +def CreateCert(name, signer=None, ocsp=False): + global NEXT_SERIAL + pkey = crypto.PKey() + pkey.generate_key(crypto.TYPE_RSA, 1024) + cert = crypto.X509() + cert.set_version(2) + cert.get_subject().CN = name + cert.set_pubkey(pkey) + cert.set_serial_number(NEXT_SERIAL) + NEXT_SERIAL += 1 + cert.set_notBefore(CERT_DATE.strftime('%Y%m%d%H%M%SZ')) + cert.set_notAfter(CERT_EXPIRE.strftime('%Y%m%d%H%M%SZ')) + if ocsp: + cert.add_extensions( + [crypto.X509Extension('extendedKeyUsage', False, 'OCSPSigning')]) + if signer: + cert.set_issuer(signer[1].get_subject()) + cert.sign(signer[2], 'sha1') + else: + cert.set_issuer(cert.get_subject()) + cert.sign(pkey, 'sha1') + asn1cert = decoder.decode( + crypto.dump_certificate(crypto.FILETYPE_ASN1, cert), + asn1Spec=rfc2459.Certificate())[0] + if not signer: + signer = [asn1cert] + return (asn1cert, cert, pkey, signer[0]) + + +def CreateExtension(oid='1.2.3.4', critical=False): + ext = rfc2459.Extension() + ext.setComponentByName('extnID', univ.ObjectIdentifier(oid)) + ext.setComponentByName('extnValue', 'DEADBEEF') + if critical: + ext.setComponentByName('critical', univ.Boolean('True')) + else: + ext.setComponentByName('critical', univ.Boolean('False')) + + return ext + + +ROOT_CA = CreateCert('Test CA', None) +CA = CreateCert('Test Intermediate CA', ROOT_CA) +CA_LINK = CreateCert('Test OCSP Signer', CA, True) +CA_BADLINK = CreateCert('Test False OCSP Signer', CA, False) +CERT = CreateCert('Test Cert', CA) +JUNK_CERT = CreateCert('Random Cert', None) +EXTENSION = CreateExtension() + + +def GetName(c): + rid = rfc2560.ResponderID() + subject = c[0].getComponentByName('tbsCertificate').getComponentByName( + 'subject') + rn = rid.componentType.getTypeByPosition(0).clone() + for i in range(len(subject)): + rn.setComponentByPosition(i, subject.getComponentByPosition(i)) + rid.setComponentByName('byName', rn) + return rid + + +def GetKeyHash(c): + rid = rfc2560.ResponderID() + spk = c[0].getComponentByName('tbsCertificate').getComponentByName( + 'subjectPublicKeyInfo').getComponentByName('subjectPublicKey') + keyHash = hashlib.sha1(encoder.encode(spk)[4:]).digest() + rid.setComponentByName('byKey', keyHash) + return rid + + +def CreateSingleResponse(cert=CERT, + status=0, + next=None, + revoke_time=None, + reason=None, + extensions=[]): + sr = rfc2560.SingleResponse() + cid = sr.setComponentByName('certID').getComponentByName('certID') + + issuer_tbs = cert[3].getComponentByName('tbsCertificate') + tbs = cert[0].getComponentByName('tbsCertificate') + name_hash = hashlib.sha1( + encoder.encode(issuer_tbs.getComponentByName('subject'))).digest() + key_hash = hashlib.sha1( + encoder.encode( + issuer_tbs.getComponentByName('subjectPublicKeyInfo') + .getComponentByName('subjectPublicKey'))[4:]).digest() + sn = tbs.getComponentByName('serialNumber') + + ha = cid.setComponentByName('hashAlgorithm').getComponentByName( + 'hashAlgorithm') + ha.setComponentByName('algorithm', sha1oid) + cid.setComponentByName('issuerNameHash', name_hash) + cid.setComponentByName('issuerKeyHash', key_hash) + cid.setComponentByName('serialNumber', sn) + + cs = rfc2560.CertStatus() + if status == 0: + cs.setComponentByName('good') + elif status == 1: + ri = cs.componentType.getTypeByPosition(1).clone() + if revoke_time == None: + revoke_time = REVOKE_DATE + ri.setComponentByName('revocationTime', + useful.GeneralizedTime( + revoke_time.strftime('%Y%m%d%H%M%SZ'))) + if reason: + ri.setComponentByName('revocationReason', reason) + cs.setComponentByName('revoked', ri) + else: + ui = cs.componentType.getTypeByPosition(2).clone() + cs.setComponentByName('unknown', ui) + + sr.setComponentByName('certStatus', cs) + + sr.setComponentByName('thisUpdate', + useful.GeneralizedTime( + THIS_DATE.strftime('%Y%m%d%H%M%SZ'))) + if next: + sr.setComponentByName('nextUpdate', next.strftime('%Y%m%d%H%M%SZ')) + if extensions: + elist = sr.setComponentByName('singleExtensions').getComponentByName( + 'singleExtensions') + for i in range(len(extensions)): + elist.setComponentByPosition(i, extensions[i]) + return sr + + +def Create(signer=None, + response_status=0, + response_type='1.3.6.1.5.5.7.48.1.1', + signature=None, + version=1, + responder=None, + responses=None, + extensions=None, + certs=None, + sigAlg='sha1'): + ocsp = rfc2560.OCSPResponse() + ocsp.setComponentByName('responseStatus', response_status) + + if response_status != 0: + return ocsp + + tbs = rfc2560.ResponseData() + if version != 1: + tbs.setComponentByName('version', version) + + if not signer: + signer = CA + if not responder: + responder = GetName(signer) + tbs.setComponentByName('responderID', responder) + tbs.setComponentByName('producedAt', + useful.GeneralizedTime( + PRODUCED_DATE.strftime('%Y%m%d%H%M%SZ'))) + rlist = tbs.setComponentByName('responses').getComponentByName('responses') + if responses == None: + responses = [CreateSingleResponse(CERT, 0)] + if responses: + for i in range(len(responses)): + rlist.setComponentByPosition(i, responses[i]) + + if extensions: + elist = tbs.setComponentByName('responseExtensions').getComponentByName( + 'responseExtensions') + for i in range(len(extensions)): + elist.setComponentByPosition(i, extensions[i]) + + sa = rfc2459.AlgorithmIdentifier() + sa.setComponentByName('algorithm', SigAlgOid(sigAlg)) + # TODO(mattm): If pyasn1 gives an error + # "Component value is tag-incompatible: Null() vs Any()", try hacking + # pyasn1_modules/rfc2459.py's AlgorithmIdentifier to specify univ.Null as the + # type for 'parameters'. (Which is an ugly hack, but lets the script work.) + sa.setComponentByName('parameters', univ.Null()) + + basic = rfc2560.BasicOCSPResponse() + basic.setComponentByName('tbsResponseData', tbs) + basic.setComponentByName('signatureAlgorithm', sa) + if not signature: + signature = crypto.sign(signer[2], encoder.encode(tbs), sigAlg) + basic.setComponentByName('signature', + univ.BitString("'%s'H" % (signature.encode('hex')))) + if certs: + cs = basic.setComponentByName('certs').getComponentByName('certs') + for i in range(len(certs)): + cs.setComponentByPosition(i, certs[i][0]) + + rbytes = ocsp.componentType.getTypeByPosition(1) + rbytes.setComponentByName('responseType', + univ.ObjectIdentifier(response_type)) + rbytes.setComponentByName('response', encoder.encode(basic)) + + ocsp.setComponentByName('responseBytes', rbytes) + return ocsp + + +def MakePemBlock(der, name): + b64 = base64.b64encode(der) + wrapped = '\n'.join(b64[pos:pos + 64] for pos in xrange(0, len(b64), 64)) + return '-----BEGIN %s-----\n%s\n-----END %s-----' % (name, wrapped, name) + + +def WriteStringToFile(data, path): + with open(path, "w") as f: + f.write(data) + + +def ReadFileToString(path): + with open(path, 'r') as f: + return f.read() + + +def CreateOCSPRequestDer(issuer_cert_pem, cert_pem): + '''Uses OpenSSL to generate a basic OCSPRequest for |cert_pem|.''' + + issuer_path = "tmp_issuer.pem" + cert_path = "tmp_cert.pem" + request_path = "tmp_request.der" + + WriteStringToFile(issuer_cert_pem, issuer_path) + WriteStringToFile(cert_pem, cert_path) + + p = subprocess.Popen(["openssl", "ocsp", "-no_nonce", "-issuer", issuer_path, + "-cert", cert_path, "-reqout", request_path], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate() + + os.remove(issuer_path) + os.remove(cert_path) + + result = None + if p.returncode == 0: + result = ReadFileToString(request_path) + + os.remove(request_path) + return result + + +def Store(fname, description, ca, data): + ca_cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, ca[1]) + cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, CERT[1]) + + ocsp_request_der = CreateOCSPRequestDer(ca_cert_pem, cert_pem) + + out = ('%s\n%s\n%s\n\n%s\n%s') % ( + description, + MakePemBlock(encoder.encode(data), "OCSP RESPONSE"), + ca_cert_pem.replace('CERTIFICATE', 'CA CERTIFICATE'), + cert_pem, + MakePemBlock(ocsp_request_der, "OCSP REQUEST")) + open('%s.pem' % fname, 'w').write(out) + + +Store( + 'no_response', + 'No SingleResponses attached to the response', + CA, + Create(responses=[])) + +Store( + 'malformed_request', + 'Has a status of MALFORMED_REQUEST', + CA, + Create(response_status=1)) +Store( + 'bad_status', + 'Has an invalid status larger than the defined Status enumeration', + CA, + Create(response_status=17)) +Store( + 'bad_ocsp_type', + 'Has an invalid OCSP OID', + CA, + Create(response_type='1.3.6.1.5.5.7.48.1.2')) +Store( + 'bad_signature', + 'Has an invalid signature', + CA, + Create(signature='\xde\xad\xbe\xef')) +Store('ocsp_sign_direct', 'Signed directly by the issuer', CA, + Create(signer=CA, certs=[])) +Store('ocsp_sign_indirect', 'Signed indirectly through an intermediate', CA, + Create(signer=CA_LINK, certs=[CA_LINK])) +Store('ocsp_sign_indirect_missing', + 'Signed indirectly through a missing intermediate', CA, + Create(signer=CA_LINK, certs=[])) +Store('ocsp_sign_bad_indirect', + 'Signed through an intermediate without the correct key usage', CA, + Create(signer=CA_BADLINK, certs=[CA_BADLINK])) +Store('ocsp_extra_certs', 'Includes extra certs', CA, + Create(signer=CA, certs=[CA, CA_LINK])) +Store('has_version', 'Includes a default version V1', CA, Create(version=1)) +Store( + 'responder_name', + 'Uses byName to identify the signer', + CA, + Create(responder=GetName(CA))) + +# TODO(eroman): pyasn1 module has a bug in rfc2560.ResponderID() that will use +# IMPLICIT rather than EXPLICIT tagging for byKey +# (https://github.com/etingof/pyasn1-modules/issues/8). If using an affected +# version of the library you will need to patch pyasn1_modules/rfc2560.py and +# replace "implicitTag" with "explicitTag" in ResponderID to generate this +# test data correctly. +Store( + 'responder_id', + 'Uses byKey to identify the signer', + CA, + Create(responder=GetKeyHash(CA))) +Store( + 'has_extension', + 'Includes an x509v3 extension', + CA, + Create(extensions=[EXTENSION])) + +Store( + 'good_response', + 'Is a valid response for the cert', + CA, + Create(responses=[CreateSingleResponse(CERT, 0)])) +Store('good_response_sha256', + 'Is a valid response for the cert with a SHA256 signature', CA, + Create(responses=[CreateSingleResponse(CERT, 0)], sigAlg='sha256')) +Store( + 'good_response_next_update', + 'Is a valid response for the cert until nextUpdate', + CA, + Create(responses=[CreateSingleResponse(CERT, 0, next=NEXT_DATE)])) +Store( + 'revoke_response', + 'Is a REVOKE response for the cert', + CA, + Create(responses=[CreateSingleResponse(CERT, 1)])) +Store( + 'revoke_response_reason', + 'Is a REVOKE response for the cert with a reason', + CA, + Create(responses=[ + CreateSingleResponse(CERT, 1, revoke_time=REVOKE_DATE, reason=1) + ])) +Store( + 'unknown_response', + 'Is an UNKNOWN response for the cert', + CA, + Create(responses=[CreateSingleResponse(CERT, 2)])) +Store( + 'multiple_response', + 'Has multiple responses for the cert', + CA, + Create(responses=[ + CreateSingleResponse(CERT, 0), + CreateSingleResponse(CERT, 2) + ])) +Store( + 'other_response', + 'Is a response for a different cert', + CA, + Create(responses=[ + CreateSingleResponse(JUNK_CERT, 0), + CreateSingleResponse(JUNK_CERT, 1) + ])) +Store( + 'has_single_extension', + 'Has an extension in the SingleResponse', + CA, + Create(responses=[ + CreateSingleResponse(CERT, 0, extensions=[CreateExtension()]) + ])) +Store( + 'has_critical_single_extension', + 'Has a critical extension in the SingleResponse', CA, + Create(responses=[ + CreateSingleResponse( + CERT, 0, extensions=[CreateExtension('1.2.3.4', critical=True)]) + ])) +Store( + 'has_critical_response_extension', + 'Has a critical extension in the ResponseData', CA, + Create( + responses=[CreateSingleResponse(CERT, 0)], + extensions=[CreateExtension('1.2.3.4', critical=True)])) +Store( + 'has_critical_ct_extension', + 'Has a critical CT extension in the SingleResponse', CA, + Create(responses=[ + CreateSingleResponse( + CERT, + 0, + extensions=[ + CreateExtension('1.3.6.1.4.1.11129.2.4.5', critical=True) + ]) + ])) + +Store('missing_response', 'Missing a response for the cert', CA, + Create(response_status=0, responses=[])) diff --git a/pki/testdata/ocsp_unittest/malformed_request.pem b/pki/testdata/ocsp_unittest/malformed_request.pem new file mode 100644 index 0000000000..1e068d8a01 --- /dev/null +++ b/pki/testdata/ocsp_unittest/malformed_request.pem @@ -0,0 +1,115 @@ +Has a status of MALFORMED_REQUEST + +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: ENUMERATED :01 +-----BEGIN OCSP RESPONSE----- +MAMKAQE= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/missing_response.pem b/pki/testdata/ocsp_unittest/missing_response.pem new file mode 100644 index 0000000000..aaa510e1b0 --- /dev/null +++ b/pki/testdata/ocsp_unittest/missing_response.pem @@ -0,0 +1,133 @@ +Missing a response for the cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Signature Algorithm: sha1WithRSAEncryption + c1:0e:9e:f8:b0:8d:a9:05:76:b8:69:f6:96:ae:25:06:11:c9: + 04:d6:75:18:7c:bf:ca:b4:78:f3:99:80:ac:6f:19:36:52:de: + 2f:f0:b1:48:e3:06:ec:f7:27:07:5d:2f:03:88:00:b3:12:17: + bb:18:27:4f:0b:fa:d8:01:82:59:c8:11:19:52:7d:e4:d6:cb: + 75:f4:2d:61:51:5c:6c:51:04:f6:a3:de:00:44:98:ab:2f:d7: + 82:6d:30:92:ce:ce:0c:5a:3b:7a:65:8c:89:c7:4e:b4:74:76: + 02:c5:a5:33:a4:c6:0c:a1:73:85:20:4d:0d:fc:12:73:c7:e1: + 70:8b +-----BEGIN OCSP RESPONSE----- +MIHjCgEAoIHdMIHaBgkrBgEFBQcwAQEEgcwwgckwNqEhMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJ +tZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowADALBgkqhkiG9w0BAQUDgYEAwQ6e+LCNqQV2uG +n2lq4lBhHJBNZ1GHy/yrR485mArG8ZNlLeL/CxSOMG7PcnB10vA4gAsxIXuxgnTwv62AGCWcgRG +VJ95NbLdfQtYVFcbFEE9qPeAESYqy/Xgm0wks7ODFo7emWMicdOtHR2AsWlM6TGDKFzhSBNDfwS +c8fhcIs= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/multiple_response.pem b/pki/testdata/ocsp_unittest/multiple_response.pem new file mode 100644 index 0000000000..d19c415976 --- /dev/null +++ b/pki/testdata/ocsp_unittest/multiple_response.pem @@ -0,0 +1,152 @@ +Has multiple responses for the cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: unknown + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 6a:73:cb:79:3c:ed:91:58:af:ba:c7:75:65:4e:6e:91:0e:e1: + e6:61:0d:ba:ab:56:53:ce:65:2b:e4:b3:b1:71:4d:b2:3a:67: + 6e:8b:e2:4d:c5:16:70:a0:a5:2a:04:be:d2:5b:f8:68:c4:58: + 7a:d0:fd:d5:3d:03:1a:24:d4:bd:d6:3c:a7:ec:9c:97:ed:c7: + bc:58:66:e0:ed:11:75:9e:61:f1:84:85:d9:b5:ab:25:d2:23: + 82:8b:34:ed:d3:60:cc:16:a9:7e:89:0e:b6:6f:88:19:8f:0f: + 82:2b:f9:5f:e8:62:db:3f:5f:05:5f:a4:dc:fe:cd:aa:47:db: + b0:a3 +-----BEGIN OCSP RESPONSE----- +MIIBhwoBAKCCAYAwggF8BgkrBgEFBQcwAQEEggFtMIIBaTCB1aEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowgZ4wTTA4MAcGBSsOAwIaBBREmxxbMc +bpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQelK78+UBDGmYCAQSAABgPMjAxNzAzMDEwMDAwM +DBaME0wODAHBgUrDgMCGgQURJscWzHG6ZkJZlI+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlA +QxpmAgEEggAYDzIwMTcwMzAxMDAwMDAwWjALBgkqhkiG9w0BAQUDgYEAanPLeTztkVivusd1ZU5 +ukQ7h5mENuqtWU85lK+SzsXFNsjpnboviTcUWcKClKgS+0lv4aMRYetD91T0DGiTUvdY8p+ycl+ +3HvFhm4O0RdZ5h8YSF2bWrJdIjgos07dNgzBapfokOtm+IGY8Pgiv5X+hi2z9fBV+k3P7Nqkfbs +KM= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/no_response.pem b/pki/testdata/ocsp_unittest/no_response.pem new file mode 100644 index 0000000000..bbf4469225 --- /dev/null +++ b/pki/testdata/ocsp_unittest/no_response.pem @@ -0,0 +1,133 @@ +No SingleResponses attached to the response + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Signature Algorithm: sha1WithRSAEncryption + c1:0e:9e:f8:b0:8d:a9:05:76:b8:69:f6:96:ae:25:06:11:c9: + 04:d6:75:18:7c:bf:ca:b4:78:f3:99:80:ac:6f:19:36:52:de: + 2f:f0:b1:48:e3:06:ec:f7:27:07:5d:2f:03:88:00:b3:12:17: + bb:18:27:4f:0b:fa:d8:01:82:59:c8:11:19:52:7d:e4:d6:cb: + 75:f4:2d:61:51:5c:6c:51:04:f6:a3:de:00:44:98:ab:2f:d7: + 82:6d:30:92:ce:ce:0c:5a:3b:7a:65:8c:89:c7:4e:b4:74:76: + 02:c5:a5:33:a4:c6:0c:a1:73:85:20:4d:0d:fc:12:73:c7:e1: + 70:8b +-----BEGIN OCSP RESPONSE----- +MIHjCgEAoIHdMIHaBgkrBgEFBQcwAQEEgcwwgckwNqEhMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJ +tZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowADALBgkqhkiG9w0BAQUDgYEAwQ6e+LCNqQV2uG +n2lq4lBhHJBNZ1GHy/yrR485mArG8ZNlLeL/CxSOMG7PcnB10vA4gAsxIXuxgnTwv62AGCWcgRG +VJ95NbLdfQtYVFcbFEE9qPeAESYqy/Xgm0wks7ODFo7emWMicdOtHR2AsWlM6TGDKFzhSBNDfwS +c8fhcIs= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/ocsp_extra_certs.pem b/pki/testdata/ocsp_unittest/ocsp_extra_certs.pem new file mode 100644 index 0000000000..e51ca9b788 --- /dev/null +++ b/pki/testdata/ocsp_unittest/ocsp_extra_certs.pem @@ -0,0 +1,250 @@ +Includes extra certs + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: + 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: + 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: + 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: + 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: + 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: + 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: + 1b:74 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN=Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +~~~~~BEGIN CERTIFICATE~~~~~ +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0 +IENBMCIYDzIwMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNV +BAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDF+4GnG2phOBxq3t3bImFkeiKjOx3lklQXrTku/oH/Rgpw1oSl1b0F0/Kl +mJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+8fkZgPNq1BAoUTgml+2t +BpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQABMA0GCSqG +SIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8D +JyEQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh +9t5dzznmkiKFMR/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +~~~~~END CERTIFICATE~~~~~ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN=Test OCSP Signer + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:ae:c4:41:84:d9:d0:fd:63:70:db:d6:95:08:b6: + 9c:99:5c:34:87:6b:c9:36:d0:21:14:27:60:0d:84: + 66:8a:fc:9e:60:19:53:c2:db:39:82:d2:f8:ae:d9: + d5:9d:46:7a:e8:cd:c2:93:69:34:11:9b:59:c5:5b: + 8b:8c:ba:48:21:99:9d:1e:3f:d3:f9:54:7a:c7:4b: + fb:31:2e:ca:75:8c:4f:7a:af:3b:cd:fd:cf:d4:92: + 65:b6:06:80:58:c9:29:55:75:23:aa:ad:5b:ce:54: + 3c:99:95:88:f2:47:f9:ec:14:dc:8c:58:04:df:1d: + d7:ef:13:3d:7a:66:f9:bc:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 10:11:34:a4:b3:90:09:21:00:b4:ee:30:16:06:6d:11:f6:f3: + f2:42:77:fe:d7:7a:95:4d:77:b4:b5:75:c0:6f:5a:9d:98:83: + 34:f0:5b:66:8a:54:93:b8:3b:e8:35:bd:15:5f:6c:79:92:0d: + 80:da:92:db:a5:c2:80:d9:04:b6:47:2b:fc:73:b3:a8:24:02: + 20:aa:65:e0:d7:6e:6c:7c:a0:52:25:8c:5f:90:25:7f:5f:23: + 19:14:a5:0a:ba:05:6a:c3:1b:ff:53:1e:ae:8f:64:12:cf:95: + c9:7b:f4:d8:33:ef:98:2e:69:79:be:9d:18:58:57:73:f1:f3: + c7:62 +~~~~~BEGIN CERTIFICATE~~~~~ +MIIByzCCATSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 +IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw +MDAwWjAbMRkwFwYDVQQDDBBUZXN0IE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCuxEGE2dD9Y3Db1pUItpyZXDSHa8k20CEUJ2ANhGaK/J5g +GVPC2zmC0viu2dWdRnrozcKTaTQRm1nFW4uMukghmZ0eP9P5VHrHS/sxLsp1jE96 +rzvN/c/UkmW2BoBYySlVdSOqrVvOVDyZlYjyR/nsFNyMWATfHdfvEz16Zvm85wID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOBgQAQ +ETSks5AJIQC07jAWBm0R9vPyQnf+13qVTXe0tXXAb1qdmIM08FtmilSTuDvoNb0V +X2x5kg2A2pLbpcKA2QS2Ryv8c7OoJAIgqmXg125sfKBSJYxfkCV/XyMZFKUKugVq +wxv/Ux6uj2QSz5XJe/TYM++YLml5vp0YWFdz8fPHYg== +~~~~~END CERTIFICATE~~~~~ +-----BEGIN OCSP RESPONSE----- +MIIEuwoBAKCCBLQwggSwBgkrBgEFBQcwAQEEggShMIIEnTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0oIIDgDCCA3wwggGpMIIBEqADAgECAg +EBMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzAxMDEwMDAwMDBaG +A8yMDE4MDEwMTAwMDAwMFowHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAMX7gacbamE4HGre3dsiYWR6IqM7HeWSVBetOS7+gf9GCnD +WhKXVvQXT8qWYkP3k/9jSz3zR8ngNSqGAyGpwdYQEwcJLrxeboikrp77x+RmA82rUEChROCaX7a +0GloWnt3x4OJBE39cQ5FKiSSJsmHFR9bITan8INHzQxplveZj5AgMBAAEwDQYJKoZIhvcNAQEFB +QADgYEAfWcPOU5847ryY7ntbuxh8opPHoLiS0QE+KWhWryMcpFtvwMnIRCeXIrPS4eD4MLXclXV +QtPRK3azQoTg6DuAsl9V5+D2tiHG/ZG1ybr62Lpci+H23l3POeaSIoUxH8PtGdsKC/nvpzZN4VS +vjsBZJUPlaUfE4AAeIevmtBOPMAEwggHLMIIBNKADAgECAgECMA0GCSqGSIb3DQEBBQUAMB8xHT +AbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMCIYDzIwMTcwMTAxMDAwMDAwWhgPMjAxODAxM +DEwMDAwMDBaMBsxGTAXBgNVBAMMEFRlc3QgT0NTUCBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAK7EQYTZ0P1jcNvWlQi2nJlcNIdryTbQIRQnYA2EZor8nmAZU8LbOYLS+K7Z1Z1 +GeujNwpNpNBGbWcVbi4y6SCGZnR4/0/lUesdL+zEuynWMT3qvO839z9SSZbYGgFjJKVV1I6qtW8 +5UPJmViPJH+ewU3IxYBN8d1+8TPXpm+bznAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJM +A0GCSqGSIb3DQEBBQUAA4GBABARNKSzkAkhALTuMBYGbRH28/JCd/7XepVNd7S1dcBvWp2YgzTw +W2aKVJO4O+g1vRVfbHmSDYDaktulwoDZBLZHK/xzs6gkAiCqZeDXbmx8oFIljF+QJX9fIxkUpQq +6BWrDG/9THq6PZBLPlcl79Ngz75guaXm+nRhYV3Px88di +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/ocsp_sign_bad_indirect.pem b/pki/testdata/ocsp_unittest/ocsp_sign_bad_indirect.pem new file mode 100644 index 0000000000..557dac40da --- /dev/null +++ b/pki/testdata/ocsp_unittest/ocsp_sign_bad_indirect.pem @@ -0,0 +1,195 @@ +Signed through an intermediate without the correct key usage + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test False OCSP Signer + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 99:5b:54:5b:da:7b:f5:e1:1d:50:73:1d:0c:5b:d8:f2:2c:e2: + da:91:7d:c6:16:fb:0d:aa:cd:cf:c1:94:7e:1e:42:38:49:5f: + d5:26:7c:9a:30:b7:4e:5f:fb:14:2e:a8:f3:67:03:17:5f:c1: + c2:ca:af:6b:bf:2a:32:99:3b:51:50:5f:6d:b0:ad:e3:e7:b5: + c5:e4:41:73:11:7f:ef:85:35:78:24:91:a3:2c:c0:4e:41:fe: + bc:4c:c6:ef:05:ac:22:81:9a:bd:93:89:9f:c5:54:94:db:08: + 0f:55:8f:88:13:f9:7d:ac:ae:e8:56:0b:ea:d9:04:25:db:de: + 4c:96 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN=Test False OCSP Signer + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:9d:a4:70:41:77:2a:fa:11:c5:10:ea:13:ef:e4: + 1d:9f:7a:ff:89:38:6a:79:61:21:ba:87:65:95:27: + 8a:cc:6e:d8:56:e6:a1:e2:2f:61:2f:d1:d0:da:1d: + b7:c0:ac:83:b1:a5:e0:45:30:eb:0d:50:ea:55:21: + a6:ac:cc:6b:e0:b1:5d:3a:d8:55:b3:fe:4b:a1:2a: + 19:c0:e6:b5:24:93:7c:8d:8f:fc:60:4b:fc:90:4c: + 40:47:67:51:3d:9f:a5:9d:74:89:40:c7:6a:ec:16: + 49:bd:77:71:64:db:40:d2:3b:e3:6f:86:90:33:d1: + 60:98:12:29:e1:07:5f:d0:03 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 60:5d:f1:ba:17:d5:98:98:99:54:ca:d3:57:b6:2f:01:32:aa: + e5:dc:5a:43:1a:48:b6:9c:26:cb:fd:b1:b5:bb:01:17:c5:2e: + 62:c1:98:f5:b3:19:8f:5e:1c:b6:7e:d0:d4:f2:d5:6d:75:5c: + b1:bb:c1:36:ae:be:37:73:58:72:30:3e:62:96:aa:cf:f1:bc: + 3a:12:bf:6c:d8:dc:49:24:80:8a:7c:f0:67:0a:c3:e1:cc:24: + 60:92:21:59:3b:7e:ab:87:ba:83:b8:0e:31:e9:23:4c:a4:23: + 41:5c:b5:78:60:d5:72:f5:e7:4d:f5:f3:0f:bf:01:ab:1e:83: + 86:41 +~~~~~BEGIN CERTIFICATE~~~~~ +MIIBuDCCASGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 +IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw +MDAwWjAhMR8wHQYDVQQDDBZUZXN0IEZhbHNlIE9DU1AgU2lnbmVyMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQCdpHBBdyr6EcUQ6hPv5B2fev+JOGp5YSG6h2WV +J4rMbthW5qHiL2Ev0dDaHbfArIOxpeBFMOsNUOpVIaaszGvgsV062FWz/kuhKhnA +5rUkk3yNj/xgS/yQTEBHZ1E9n6WddIlAx2rsFkm9d3Fk20DSO+NvhpAz0WCYEinh +B1/QAwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGBd8boX1ZiYmVTK01e2LwEyquXc +WkMaSLacJsv9sbW7ARfFLmLBmPWzGY9eHLZ+0NTy1W11XLG7wTauvjdzWHIwPmKW +qs/xvDoSv2zY3EkkgIp88GcKw+HMJGCSIVk7fquHuoO4DjHpI0ykI0FctXhg1XL1 +50318w+/Aaseg4ZB +~~~~~END CERTIFICATE~~~~~ +-----BEGIN OCSP RESPONSE----- +MIIC/QoBAKCCAvYwggLyBgkrBgEFBQcwAQEEggLjMIIC3zCBh6EjMCExHzAdBgNVBAMMFlRlc3Q +gRmFsc2UgT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWz +HG6ZkJZlI+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwM +DAwWjALBgkqhkiG9w0BAQUDgYEAmVtUW9p79eEdUHMdDFvY8izi2pF9xhb7DarNz8GUfh5COElf +1SZ8mjC3Tl/7FC6o82cDF1/Bwsqva78qMpk7UVBfbbCt4+e1xeRBcxF/74U1eCSRoyzATkH+vEz +G7wWsIoGavZOJn8VUlNsID1WPiBP5fayu6FYL6tkEJdveTJagggHAMIIBvDCCAbgwggEhoAMCAQ +ICAQMwDQYJKoZIhvcNAQEFBQAwHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwIhgPM +jAxNzAxMDEwMDAwMDBaGA8yMDE4MDEwMTAwMDAwMFowITEfMB0GA1UEAwwWVGVzdCBGYWxzZSBP +Q1NQIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnaRwQXcq+hHFEOoT7+Qdn3r +/iThqeWEhuodllSeKzG7YVuah4i9hL9HQ2h23wKyDsaXgRTDrDVDqVSGmrMxr4LFdOthVs/5LoS +oZwOa1JJN8jY/8YEv8kExAR2dRPZ+lnXSJQMdq7BZJvXdxZNtA0jvjb4aQM9FgmBIp4Qdf0AMCA +wEAATANBgkqhkiG9w0BAQUFAAOBgQBgXfG6F9WYmJlUytNXti8BMqrl3FpDGki2nCbL/bG1uwEX +xS5iwZj1sxmPXhy2ftDU8tVtdVyxu8E2rr43c1hyMD5ilqrP8bw6Er9s2NxJJICKfPBnCsPhzCR +gkiFZO36rh7qDuA4x6SNMpCNBXLV4YNVy9edN9fMPvwGrHoOGQQ== +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/ocsp_sign_direct.pem b/pki/testdata/ocsp_unittest/ocsp_sign_direct.pem new file mode 100644 index 0000000000..24cbeed9a2 --- /dev/null +++ b/pki/testdata/ocsp_unittest/ocsp_sign_direct.pem @@ -0,0 +1,142 @@ +Signed directly by the issuer + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: + 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: + 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: + 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: + 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: + 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: + 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: + 1b:74 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/ocsp_sign_indirect.pem b/pki/testdata/ocsp_unittest/ocsp_sign_indirect.pem new file mode 100644 index 0000000000..e1a3a1d886 --- /dev/null +++ b/pki/testdata/ocsp_unittest/ocsp_sign_indirect.pem @@ -0,0 +1,198 @@ +Signed indirectly through an intermediate + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test OCSP Signer + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 7d:ed:91:a9:c8:03:55:eb:cf:5b:b4:99:f9:74:49:39:6f:f5: + 8c:7c:f9:9c:26:2e:c3:26:22:b1:d7:aa:10:6f:1f:e0:77:76: + 8a:19:dd:59:fc:09:81:36:aa:2a:42:96:2a:a8:0a:ee:b4:74: + cc:65:74:10:7d:ef:a5:69:ed:31:c1:c1:f2:2f:a1:1b:eb:12: + f2:86:0d:07:4f:0a:8e:9a:9f:8d:e8:40:61:98:49:b7:ce:56: + 8a:f1:4d:94:4d:5e:52:22:7f:c5:d0:94:be:88:5b:ed:65:da: + 00:9f:ba:ec:ba:ad:c4:81:19:16:ee:8f:93:32:88:a1:56:40: + 7b:14 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN=Test OCSP Signer + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:ae:c4:41:84:d9:d0:fd:63:70:db:d6:95:08:b6: + 9c:99:5c:34:87:6b:c9:36:d0:21:14:27:60:0d:84: + 66:8a:fc:9e:60:19:53:c2:db:39:82:d2:f8:ae:d9: + d5:9d:46:7a:e8:cd:c2:93:69:34:11:9b:59:c5:5b: + 8b:8c:ba:48:21:99:9d:1e:3f:d3:f9:54:7a:c7:4b: + fb:31:2e:ca:75:8c:4f:7a:af:3b:cd:fd:cf:d4:92: + 65:b6:06:80:58:c9:29:55:75:23:aa:ad:5b:ce:54: + 3c:99:95:88:f2:47:f9:ec:14:dc:8c:58:04:df:1d: + d7:ef:13:3d:7a:66:f9:bc:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 10:11:34:a4:b3:90:09:21:00:b4:ee:30:16:06:6d:11:f6:f3: + f2:42:77:fe:d7:7a:95:4d:77:b4:b5:75:c0:6f:5a:9d:98:83: + 34:f0:5b:66:8a:54:93:b8:3b:e8:35:bd:15:5f:6c:79:92:0d: + 80:da:92:db:a5:c2:80:d9:04:b6:47:2b:fc:73:b3:a8:24:02: + 20:aa:65:e0:d7:6e:6c:7c:a0:52:25:8c:5f:90:25:7f:5f:23: + 19:14:a5:0a:ba:05:6a:c3:1b:ff:53:1e:ae:8f:64:12:cf:95: + c9:7b:f4:d8:33:ef:98:2e:69:79:be:9d:18:58:57:73:f1:f3: + c7:62 +~~~~~BEGIN CERTIFICATE~~~~~ +MIIByzCCATSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 +IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw +MDAwWjAbMRkwFwYDVQQDDBBUZXN0IE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCuxEGE2dD9Y3Db1pUItpyZXDSHa8k20CEUJ2ANhGaK/J5g +GVPC2zmC0viu2dWdRnrozcKTaTQRm1nFW4uMukghmZ0eP9P5VHrHS/sxLsp1jE96 +rzvN/c/UkmW2BoBYySlVdSOqrVvOVDyZlYjyR/nsFNyMWATfHdfvEz16Zvm85wID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOBgQAQ +ETSks5AJIQC07jAWBm0R9vPyQnf+13qVTXe0tXXAb1qdmIM08FtmilSTuDvoNb0V +X2x5kg2A2pLbpcKA2QS2Ryv8c7OoJAIgqmXg125sfKBSJYxfkCV/XyMZFKUKugVq +wxv/Ux6uj2QSz5XJe/TYM++YLml5vp0YWFdz8fPHYg== +~~~~~END CERTIFICATE~~~~~ +-----BEGIN OCSP RESPONSE----- +MIIDCgoBAKCCAwMwggL/BgkrBgEFBQcwAQEEggLwMIIC7DCBgaEdMBsxGTAXBgNVBAMMEFRlc3Q +gT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWzHG6ZkJZl +I+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwMDAwWjALB +gkqhkiG9w0BAQUDgYEAfe2RqcgDVevPW7SZ+XRJOW/1jHz5nCYuwyYisdeqEG8f4Hd2ihndWfwJ +gTaqKkKWKqgK7rR0zGV0EH3vpWntMcHB8i+hG+sS8oYNB08KjpqfjehAYZhJt85WivFNlE1eUiJ +/xdCUvohb7WXaAJ+67LqtxIEZFu6PkzKIoVZAexSgggHTMIIBzzCCAcswggE0oAMCAQICAQIwDQ +YJKoZIhvcNAQEFBQAwHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwIhgPMjAxNzAxM +DEwMDAwMDBaGA8yMDE4MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQVGVzdCBPQ1NQIFNpZ25lcjCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsRBhNnQ/WNw29aVCLacmVw0h2vJNtAhFCdgDYR +mivyeYBlTwts5gtL4rtnVnUZ66M3Ck2k0EZtZxVuLjLpIIZmdHj/T+VR6x0v7MS7KdYxPeq87zf +3P1JJltgaAWMkpVXUjqq1bzlQ8mZWI8kf57BTcjFgE3x3X7xM9emb5vOcCAwEAAaMXMBUwEwYDV +R0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADgYEAEBE0pLOQCSEAtO4wFgZtEfbz8kJ3 +/td6lU13tLV1wG9anZiDNPBbZopUk7g76DW9FV9seZINgNqS26XCgNkEtkcr/HOzqCQCIKpl4Nd +ubHygUiWMX5Alf18jGRSlCroFasMb/1Mero9kEs+VyXv02DPvmC5peb6dGFhXc/Hzx2I= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/ocsp_sign_indirect_missing.pem b/pki/testdata/ocsp_unittest/ocsp_sign_indirect_missing.pem new file mode 100644 index 0000000000..f73b7ed769 --- /dev/null +++ b/pki/testdata/ocsp_unittest/ocsp_sign_indirect_missing.pem @@ -0,0 +1,142 @@ +Signed indirectly through a missing intermediate + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test OCSP Signer + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 7d:ed:91:a9:c8:03:55:eb:cf:5b:b4:99:f9:74:49:39:6f:f5: + 8c:7c:f9:9c:26:2e:c3:26:22:b1:d7:aa:10:6f:1f:e0:77:76: + 8a:19:dd:59:fc:09:81:36:aa:2a:42:96:2a:a8:0a:ee:b4:74: + cc:65:74:10:7d:ef:a5:69:ed:31:c1:c1:f2:2f:a1:1b:eb:12: + f2:86:0d:07:4f:0a:8e:9a:9f:8d:e8:40:61:98:49:b7:ce:56: + 8a:f1:4d:94:4d:5e:52:22:7f:c5:d0:94:be:88:5b:ed:65:da: + 00:9f:ba:ec:ba:ad:c4:81:19:16:ee:8f:93:32:88:a1:56:40: + 7b:14 +-----BEGIN OCSP RESPONSE----- +MIIBMwoBAKCCASwwggEoBgkrBgEFBQcwAQEEggEZMIIBFTCBgaEdMBsxGTAXBgNVBAMMEFRlc3Q +gT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWzHG6ZkJZl +I+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwMDAwWjALB +gkqhkiG9w0BAQUDgYEAfe2RqcgDVevPW7SZ+XRJOW/1jHz5nCYuwyYisdeqEG8f4Hd2ihndWfwJ +gTaqKkKWKqgK7rR0zGV0EH3vpWntMcHB8i+hG+sS8oYNB08KjpqfjehAYZhJt85WivFNlE1eUiJ +/xdCUvohb7WXaAJ+67LqtxIEZFu6PkzKIoVZAexQ= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/other_response.pem b/pki/testdata/ocsp_unittest/other_response.pem new file mode 100644 index 0000000000..f276d7e418 --- /dev/null +++ b/pki/testdata/ocsp_unittest/other_response.pem @@ -0,0 +1,153 @@ +Is a response for a different cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 00F1CA5C7F4C394343B0D13EB6F6941F464C16C4 + Issuer Key Hash: 92F96376150C28908A351475F732D1FC649AE0BD + Serial Number: 05 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 00F1CA5C7F4C394343B0D13EB6F6941F464C16C4 + Issuer Key Hash: 92F96376150C28908A351475F732D1FC649AE0BD + Serial Number: 05 + Cert Status: revoked + Revocation Time: Feb 1 00:00:00 2017 GMT + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 88:bd:5f:27:0c:2a:24:c8:59:cf:b3:73:5d:33:69:76:ce:70: + 57:2f:b5:9e:e7:fb:54:16:5f:15:ac:31:23:54:e3:d5:bf:b6: + 52:dd:91:58:3d:c7:1f:cc:37:3c:c8:26:32:12:c4:be:30:6b: + c5:7f:d9:09:d3:e8:23:d8:72:49:bb:51:94:2b:10:8d:ab:de: + 4a:33:23:21:62:55:4a:ae:af:27:42:d3:ed:65:f6:08:64:2c: + 29:be:a5:20:e1:d9:8d:65:fe:29:9e:59:f1:35:d6:91:b8:25: + af:f5:db:b6:41:dc:03:2a:a8:6e:a6:0a:b7:25:68:fa:9f:1e: + da:3c +-----BEGIN OCSP RESPONSE----- +MIIBmAoBAKCCAZEwggGNBgkrBgEFBQcwAQEEggF+MIIBejCB5qEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowga8wTTA4MAcGBSsOAwIaBBQA8cpcf0 +w5Q0Ow0T629pQfRkwWxAQUkvljdhUMKJCKNRR19zLR/GSa4L0CAQWAABgPMjAxNzAzMDEwMDAwM +DBaMF4wODAHBgUrDgMCGgQUAPHKXH9MOUNDsNE+tvaUH0ZMFsQEFJL5Y3YVDCiQijUUdfcy0fxk +muC9AgEFoREYDzIwMTcwMjAxMDAwMDAwWhgPMjAxNzAzMDEwMDAwMDBaMAsGCSqGSIb3DQEBBQO +BgQCIvV8nDCokyFnPs3NdM2l2znBXL7We5/tUFl8VrDEjVOPVv7ZS3ZFYPccfzDc8yCYyEsS+MG +vFf9kJ0+gj2HJJu1GUKxCNq95KMyMhYlVKrq8nQtPtZfYIZCwpvqUg4dmNZf4pnlnxNdaRuCWv9 +du2QdwDKqhupgq3JWj6nx7aPA== +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/responder_id.pem b/pki/testdata/ocsp_unittest/responder_id.pem new file mode 100644 index 0000000000..1a337c1a16 --- /dev/null +++ b/pki/testdata/ocsp_unittest/responder_id.pem @@ -0,0 +1,142 @@ +Uses byKey to identify the signer + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: 7F765910653BB5704124C41E94AEFCF940431A66 + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 80:88:aa:9f:d7:41:82:86:1e:76:7b:2d:69:ae:cc:1f:05:56: + a6:ef:06:9f:80:85:4b:c5:22:42:52:99:8b:3c:bc:df:37:b2: + 55:10:31:a1:b3:ab:5e:7d:4c:30:ec:fa:80:f8:94:3b:27:2b: + 21:8b:66:db:a2:62:01:d6:f1:e7:b3:af:02:46:f5:ab:f0:f1: + 33:02:7f:68:47:a3:3f:73:09:a7:3f:9f:51:2c:56:99:6c:1d: + 08:b2:b9:f3:3a:40:2c:1a:a9:e9:a8:63:05:e8:93:ee:b3:2c: + 74:c4:9e:c7:e0:72:8e:40:e5:4c:ce:ec:26:3f:8c:1d:94:98: + 1b:1f +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB6ohYEFH92WRBlO7VwQSTEHpSu/Pl +AQxpmGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxumZCWZSPknD93PAJB +kKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwMFowCwYJKoZIhvcNA +QEFA4GBAICIqp/XQYKGHnZ7LWmuzB8FVqbvBp+AhUvFIkJSmYs8vN83slUQMaGzq159TDDs+oD4 +lDsnKyGLZtuiYgHW8eezrwJG9avw8TMCf2hHoz9zCac/n1EsVplsHQiyufM6QCwaqemoYwXok+6 +zLHTEnsfgco5A5UzO7CY/jB2UmBsf +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/responder_name.pem b/pki/testdata/ocsp_unittest/responder_name.pem new file mode 100644 index 0000000000..ee734d80c6 --- /dev/null +++ b/pki/testdata/ocsp_unittest/responder_name.pem @@ -0,0 +1,142 @@ +Uses byName to identify the signer + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: good + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: + 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: + 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: + 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: + 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: + 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: + 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: + 1b:74 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN +HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa +TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0 +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/revoke_response.pem b/pki/testdata/ocsp_unittest/revoke_response.pem new file mode 100644 index 0000000000..971879acb3 --- /dev/null +++ b/pki/testdata/ocsp_unittest/revoke_response.pem @@ -0,0 +1,143 @@ +Is a REVOKE response for the cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: revoked + Revocation Time: Feb 1 00:00:00 2017 GMT + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 68:51:72:4b:89:96:67:7c:49:22:e4:9b:b6:72:3f:6d:4c:61: + ad:fc:e0:78:85:d4:78:96:87:1a:61:a3:fc:37:ed:43:d9:96: + 9f:d9:a8:bb:3f:51:5e:d3:10:09:22:80:0d:4e:a0:2e:0d:f3: + 80:ca:c9:15:0e:1e:5f:0b:6a:aa:26:e9:1a:89:97:4b:4f:68: + 08:e7:e7:c1:0b:93:58:26:01:b1:9b:0a:ae:38:97:b1:7a:9f: + 63:47:c4:cb:8a:43:54:85:a3:9e:fb:e9:44:4c:a2:a5:25:ca: + bc:13:f3:1f:be:68:bd:3a:2e:d0:c1:71:69:57:5f:10:00:6f: + 53:6f +-----BEGIN OCSP RESPONSE----- +MIIBSAoBAKCCAUEwggE9BgkrBgEFBQcwAQEEggEuMIIBKjCBlqEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowYDBeMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBKERGA8yMDE3MDIwMTAwMDAwM +FoYDzIwMTcwMzAxMDAwMDAwWjALBgkqhkiG9w0BAQUDgYEAaFFyS4mWZ3xJIuSbtnI/bUxhrfzg +eIXUeJaHGmGj/DftQ9mWn9mouz9RXtMQCSKADU6gLg3zgMrJFQ4eXwtqqibpGomXS09oCOfnwQu +TWCYBsZsKrjiXsXqfY0fEy4pDVIWjnvvpREyipSXKvBPzH75ovTou0MFxaVdfEABvU28= +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/revoke_response_reason.pem b/pki/testdata/ocsp_unittest/revoke_response_reason.pem new file mode 100644 index 0000000000..e446fcba9c --- /dev/null +++ b/pki/testdata/ocsp_unittest/revoke_response_reason.pem @@ -0,0 +1,145 @@ +Is a REVOKE response for the cert with a reason + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: revoked + Revocation Time: Feb 1 00:00:00 2017 GMT + Revocation Reason: keyCompromise (0x1) + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + b6:ce:d1:6e:78:bd:54:e6:a7:c4:b3:3c:af:1c:5c:14:27:9b: + 54:a4:9d:b2:cb:90:99:37:26:1e:3e:2f:ce:81:44:56:66:7d: + 8f:cd:be:b0:0d:ad:7f:c5:a1:86:92:a8:15:3d:1a:e4:ba:16: + f8:b4:35:25:88:68:9d:bd:6d:93:b1:c9:1b:13:f0:ef:4c:0b: + a0:30:54:ee:1a:9c:4d:43:41:51:00:fe:36:50:84:41:cd:c1: + 9d:14:d7:98:6f:88:5e:ba:8f:33:33:55:c9:a2:44:0d:f0:6d: + c8:95:7d:1c:22:9e:f2:07:1d:66:72:03:67:ad:ab:ad:4b:82: + 78:cf +-----BEGIN OCSP RESPONSE----- +MIIBTQoBAKCCAUYwggFCBgkrBgEFBQcwAQEEggEzMIIBLzCBm6EhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowZTBjMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBKEWGA8yMDE3MDIwMTAwMDAwM +FqgAwoBARgPMjAxNzAzMDEwMDAwMDBaMAsGCSqGSIb3DQEBBQOBgQC2ztFueL1U5qfEszyvHFwU +J5tUpJ2yy5CZNyYePi/OgURWZn2Pzb6wDa1/xaGGkqgVPRrkuhb4tDUliGidvW2TsckbE/DvTAu +gMFTuGpxNQ0FRAP42UIRBzcGdFNeYb4heuo8zM1XJokQN8G3IlX0cIp7yBx1mcgNnrautS4J4zw +== +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/ocsp_unittest/unknown_response.pem b/pki/testdata/ocsp_unittest/unknown_response.pem new file mode 100644 index 0000000000..d58c516d83 --- /dev/null +++ b/pki/testdata/ocsp_unittest/unknown_response.pem @@ -0,0 +1,142 @@ +Is an UNKNOWN response for the cert + +$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) +OCSP Response Data: + OCSP Response Status: successful (0x0) + Response Type: Basic OCSP Response + Version: 1 (0x0) + Responder Id: CN = Test Intermediate CA + Produced At: Mar 2 00:00:00 2017 GMT + Responses: + Certificate ID: + Hash Algorithm: sha1 + Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A + Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 + Serial Number: 04 + Cert Status: unknown + This Update: Mar 1 00:00:00 2017 GMT + + Signature Algorithm: sha1WithRSAEncryption + 66:e7:9d:45:af:e5:6e:eb:92:f5:b6:89:58:b5:3d:cb:97:0c: + ee:ba:c1:2b:19:cf:af:61:c6:f5:12:5f:29:7f:fb:e9:d3:3a: + 5a:bb:fe:cd:17:2b:8c:4e:c8:b8:26:63:af:8f:7b:8f:67:8a: + d2:0e:33:0d:57:3d:49:ad:10:58:64:b5:81:f4:ac:0f:74:1a: + 1a:2b:1f:02:ab:de:80:48:fb:3c:30:66:11:65:aa:3b:6a:39: + 96:f8:50:00:31:1b:59:15:ba:18:29:be:ea:4f:4d:d9:68:b4: + 75:6d:41:be:a5:59:f7:8c:9c:20:f3:73:8f:f0:c8:0a:59:32: + 49:d7 +-----BEGIN OCSP RESPONSE----- +MIIBNwoBAKCCATAwggEsBgkrBgEFBQcwAQEEggEdMIIBGTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q +gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu +mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIIAGA8yMDE3MDMwMTAwMDAwM +FowCwYJKoZIhvcNAQEFA4GBAGbnnUWv5W7rkvW2iVi1PcuXDO66wSsZz69hxvUSXyl/++nTOlq7 +/s0XK4xOyLgmY6+Pe49nitIOMw1XPUmtEFhktYH0rA90GhorHwKr3oBI+zwwZhFlqjtqOZb4UAA +xG1kVuhgpvupPTdlotHVtQb6lWfeMnCDzc4/wyApZMknX +-----END OCSP RESPONSE----- + +$ openssl x509 -text < [CA CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: + 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: + 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: + 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: + c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: + a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: + ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: + e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: + 34:7c:d0:c6:99:6f:79:98:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: + 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: + 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: + 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: + fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: + 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: + 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: + 30:01 +-----BEGIN CA CERTIFICATE----- +MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI +wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW +RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO +x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ +8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA +BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy +EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM +R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB +-----END CA CERTIFICATE----- + +$ openssl x509 -text < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN = Test Intermediate CA + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Jan 1 00:00:00 2018 GMT + Subject: CN = Test Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: + 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: + 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: + f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: + a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: + ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: + 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: + 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: + 95:c1:35:46:9e:db:9b:ce:9b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: + ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: + 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: + a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: + 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: + 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: + 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: + 0a:53 +-----BEGIN CERTIFICATE----- +MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV +kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA +lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu +sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j +7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM +BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 +yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL +odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [OCSP REQUEST] + 0:d=0 hl=2 l= 66 cons: SEQUENCE + 2:d=1 hl=2 l= 64 cons: SEQUENCE + 4:d=2 hl=2 l= 62 cons: SEQUENCE + 6:d=3 hl=2 l= 60 cons: SEQUENCE + 8:d=4 hl=2 l= 58 cons: SEQUENCE + 10:d=5 hl=2 l= 9 cons: SEQUENCE + 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 19:d=6 hl=2 l= 0 prim: NULL + 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A + 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 + 65:d=5 hl=2 l= 1 prim: INTEGER :04 +-----BEGIN OCSP REQUEST----- +MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ +elK78+UBDGmYCAQQ= +-----END OCSP REQUEST----- diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/empty_sequence.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/empty_sequence.pem new file mode 100644 index 0000000000..b57cc811dd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/empty_sequence.pem @@ -0,0 +1,6 @@ +Generated by generate.py. Do not edit. + +SEQUENCE {} +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAA= +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_extension_sequence.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_extension_sequence.pem new file mode 100644 index 0000000000..2fd305ec15 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_extension_sequence.pem @@ -0,0 +1,11 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + } + INTEGER {`1234`} + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAaABN6tsA8CAhI0 +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_issuer_and_serial.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_issuer_and_serial.pem new file mode 100644 index 0000000000..f39422975c --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/extra_contents_after_issuer_and_serial.pem @@ -0,0 +1,24 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + INTEGER {`1234`} + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MB2hE6QRMA8xDTALBgNVBAMMBFJvb3SCAidPAgISNA== +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/generate.py b/pki/testdata/parse_certificate_unittest/authority_key_identifier/generate.py new file mode 100755 index 0000000000..9ee2460ca4 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/generate.py @@ -0,0 +1,180 @@ +#!/usr/bin/env python +# Copyright 2019 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""This script is called without any arguments to re-generate all of the *.pem +files in the script's directory. + +The https://github.com/google/der-ascii tools must be in the PATH. +""" + +import base64 +import subprocess +import os + + +HEADER = "Generated by %s. Do not edit." % os.path.split(__file__)[1] + + +def Ascii2Der(txt): + p = subprocess.Popen(['ascii2der'], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(txt) + if p.returncode: + raise RuntimeError('ascii2der returned %i: %s' % (p.returncode, + stderr_data)) + return stdout_data + + +def MakePemBlock(text, der, name): + b64 = base64.b64encode(der) + wrapped = '\n'.join(b64[pos:pos + 64] for pos in xrange(0, len(b64), 64)) + return '%s\n\n%s\n-----BEGIN %s-----\n%s\n-----END %s-----' % ( + HEADER, text, name, wrapped, name) + + +def Generate(path, dertext): + der = Ascii2Der(dertext) + data = MakePemBlock(dertext, der, 'AUTHORITY_KEY_IDENTIFIER') + with open(path, "w") as f: + f.write(data) + + +Generate('empty_sequence.pem', 'SEQUENCE {}') + +Generate('key_identifier.pem', """ + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + } +""") + +Generate('issuer_and_serial.pem', """ + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + } +""") + +Generate('url_issuer_and_serial.pem', """ + SEQUENCE { + [1] { + [6 PRIMITIVE] { "http://example.com" } + } + [2 PRIMITIVE] { `274f` } + } +""") + +Generate('key_identifier_and_issuer_and_serial.pem', """ + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + } +""") + +Generate('issuer_only.pem', """ + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + } +""") + +Generate('serial_only.pem', """ + SEQUENCE { + [2 PRIMITIVE] { `274f` } + } +""") + +Generate('invalid_contents.pem', """ + SEQUENCE { + INTEGER {`1234`} + } +""") + +Generate('invalid_key_identifier.pem', """ + SEQUENCE { + # Tag and Length for [0 PRIMITIVE], but no data. + `8004` + } +""") + +Generate('invalid_issuer.pem', """ + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + # Tag and Length for [1] {...}, but no data. + `a104` + } +""") + +Generate('invalid_serial.pem', """ + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + [1] {} + # Tag and Length for [2 PRIMITIVE], but no data. + `8204` + } +""") + +Generate('extra_contents_after_issuer_and_serial.pem', """ + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + INTEGER {`1234`} + } +""") + +Generate('extra_contents_after_extension_sequence.pem', """ + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + } + INTEGER {`1234`} +""") diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_contents.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_contents.pem new file mode 100644 index 0000000000..df1412c77f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_contents.pem @@ -0,0 +1,10 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + INTEGER {`1234`} + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAQCAhI0 +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_issuer.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_issuer.pem new file mode 100644 index 0000000000..9da0d0d26f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_issuer.pem @@ -0,0 +1,12 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + # Tag and Length for [1] {...}, but no data. + `a104` + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAiABN6tsA+hBA== +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_key_identifier.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_key_identifier.pem new file mode 100644 index 0000000000..7866072dde --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_key_identifier.pem @@ -0,0 +1,11 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + # Tag and Length for [0 PRIMITIVE], but no data. + `8004` + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAKABA== +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_serial.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_serial.pem new file mode 100644 index 0000000000..4b9669f5b8 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/invalid_serial.pem @@ -0,0 +1,13 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + [1] {} + # Tag and Length for [2 PRIMITIVE], but no data. + `8204` + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAqABN6tsA+hAIIE +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_and_serial.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_and_serial.pem new file mode 100644 index 0000000000..9d9b27855b --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_and_serial.pem @@ -0,0 +1,23 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MBmhE6QRMA8xDTALBgNVBAMMBFJvb3SCAidP +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_only.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_only.pem new file mode 100644 index 0000000000..1da21dbffe --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/issuer_only.pem @@ -0,0 +1,22 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MBWhE6QRMA8xDTALBgNVBAMMBFJvb3Q= +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier.pem new file mode 100644 index 0000000000..32aa4530bf --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier.pem @@ -0,0 +1,10 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MAaABN6tsA8= +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier_and_issuer_and_serial.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier_and_issuer_and_serial.pem new file mode 100644 index 0000000000..83520973e1 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/key_identifier_and_issuer_and_serial.pem @@ -0,0 +1,24 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [0 PRIMITIVE] { `DEADB00F`} + [1] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + UTF8String { "Root" } + } + } + } + } + } + [2 PRIMITIVE] { `274f` } + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MB+ABN6tsA+hE6QRMA8xDTALBgNVBAMMBFJvb3SCAidP +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/serial_only.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/serial_only.pem new file mode 100644 index 0000000000..47913539e4 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/serial_only.pem @@ -0,0 +1,10 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [2 PRIMITIVE] { `274f` } + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MASCAidP +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier/url_issuer_and_serial.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier/url_issuer_and_serial.pem new file mode 100644 index 0000000000..c69fd326cd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier/url_issuer_and_serial.pem @@ -0,0 +1,13 @@ +Generated by generate.py. Do not edit. + + + SEQUENCE { + [1] { + [6 PRIMITIVE] { "http://example.com" } + } + [2 PRIMITIVE] { `274f` } + } + +-----BEGIN AUTHORITY_KEY_IDENTIFIER----- +MBqhFIYSaHR0cDovL2V4YW1wbGUuY29tggInTw== +-----END AUTHORITY_KEY_IDENTIFIER----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/authority_key_identifier_not_sequence.pem b/pki/testdata/parse_certificate_unittest/authority_key_identifier_not_sequence.pem new file mode 100644 index 0000000000..b49ade2168 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/authority_key_identifier_not_sequence.pem @@ -0,0 +1,20 @@ +This cert has an invalid authorityKeyIdentifier that is an INTEGER rather than +being a SEQUENCE. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN AUTHORITY_KEY_IDENTIFIER----- + INTEGER {42} +#-----END AUTHORITY_KEY_IDENTIFIER----- + +-----BEGIN CERTIFICATE----- +MIICQzCCAaygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABozswOTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wCgYDVR0jBAMCASowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed parsing authority key identifier + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGF1dGhvcml0eSBrZXkgaWRlbnRpZmllcgo= +-----END ERRORS----- + diff --git a/pki/testdata/parse_certificate_unittest/bad_key_usage.pem b/pki/testdata/parse_certificate_unittest/bad_key_usage.pem new file mode 100644 index 0000000000..58fd40bae0 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/bad_key_usage.pem @@ -0,0 +1,33 @@ +The key usage is a BIT STRING with zero elements. + +-----BEGIN CERTIFICATE----- +MIIE3zCCA8egAwIBAgIRAPxXDO2Kl3vyiauoCpbPKXEwDQYJKoZIhvcNAQEFBQAwRDELMAkGA1U +EBhMCVFcxEjAQBgNVBAoMCeihjOaUv+mZojEhMB8GA1UECwwY5pS/5bqc5oaR6K2J566h55CG5L +it5b+DMB4XDTA5MDkyMjAzNTAwMVoXDTE0MDkyMjAzNTAwMVoweTELMAkGA1UEBhMCVFcxEjAQB +gNVBAoMCeihjOaUv+mZojEeMBwGA1UECwwV5ZyL5a6256eR5a245aeU5ZOh5pyDMRswGQYDVQQD +ExJuc2NudDY3Lm5zYy5nb3YudHcxGTAXBgNVBAUTEDAwMDAwMDAwMTAwMTM4MDQwggEiMA0GCSq +GSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJUSNzArlrLNzFXKEKfKP5c26i9A9dLq3K5p3id3ZTLC +Obyj1t+RTp8twEjGT3LYmS9E2G9PeLw9KyICJUT2cWoqOQJcbr7j7qGs1YK2S8lyuwe8mNJTxRY +0PyCaaxLAHEti7qSwx7tjTuqWNDOmdg34nE87grq9mZrnk7jcWKWu3nnKChRLNs5Mx4dh0OjuZ1 +QRqYiHLg8zoCV8T46dihJOVEyPa0wvSLjHPcMRC2G9CcDuOd7Oqc9O5f9DcfdFpGK2P4iZBj8ah +EOSKzjHhmJPlVW93IluhbSeV17dHtM3rhLt15EcImxgBk5ecqe8/rN3p4FmsxPbzq9glZU4/BAg +MBAAGjggGVMIIBkTAfBgNVHSMEGDAWgBTk3BdvIqrO+MghGtKrzlOOTtoYfDAdBgNVHQ4EFgQUb +GN4+YLDJejbL2XL5pzlY9NnGVYwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2djYS5uYXQuZ292 +LnR3L3JlcG9zaXRvcnkvR0NBNC9DUkwvY29tcGxldGUuY3JsMIGXBggrBgEFBQcBAQSBijCBhzB +FBggrBgEFBQcwAoY5aHR0cDovL2djYS5uYXQuZ292LnR3L3JlcG9zaXRvcnkvQ2VydHMvSXNzdW +VkVG9UaGlzQ0EucDdiMD4GCCsGAQUFBzABhjJodHRwOi8vZ2NhLm5hdC5nb3YudHcvY2dpLWJpb +i9PQ1NQL29jc3Bfc2VydmVyLmV4ZTANBgNVHQ8BAf8EAwMBADAUBgNVHSAEDTALMAkGB2CGdmUA +AwMwJQYDVR0RBB4wHIYaaHR0cHM6Ly9uc2NudDY3Lm5zYy5nb3YudHcwIAYDVR0JBBkwFzAVBgd +ghnYBZAIBMQoGCGCGdgFkAwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBcYE7dSwNTEe/BI5tCilGOJf +CppEtjZKDNbHhPCJZu4vTGjLVD6hYOeYFekNZmrv97VY/G6V5cI//lC0JHcNTOZ4Xi42brfZI7l +pKT9eFXsbArk4yF5rFSCzXYmSAqfGKP8QmVXJNfvSYNALg5q+epxWBjUPwiyNrWUnZ35LIHA+n/ +TZSlpOh3YCSyp+QCLMMFtxL4uvJljfbCChR64ZQ9i4Z3mZ6nGhT9sf+jVYqctGx+gkWQVGSsxaH +fWHM1C3vLHDudzW3RMhxx5JOKySvJd7nQXst5c2Vo8vseB//seT4u0FQjkJKOaI6mrLqD4OeJ3U +scmJZRKwPFCI5ckAFK +-----END CERTIFICATE----- + +ERROR: Failed parsing key usage + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGtleSB1c2FnZQo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/bad_policy_qualifiers.pem b/pki/testdata/parse_certificate_unittest/bad_policy_qualifiers.pem new file mode 100644 index 0000000000..ee61eb5058 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/bad_policy_qualifiers.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA8agAwIBAgIEBAAD+TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzEYMBYGA1U +EChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIE +luYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MB4XDTA2MDIyNDE2MDgwM +FoXDTEzMDIyNDIzNTkwMFowXzELMAkGA1UEBhMCQkUxEzARBgNVBAoTCkN5YmVydHJ1c3QxFzAV +BgNVBAsTDkVkdWNhdGlvbmFsIENBMSIwIAYDVQQDExlDeWJlcnRydXN0IEVkdWNhdGlvbmFsIEN +BMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSKhEB1KRmBuBZGb34PC7RKyWnz4q+ +H4UFwoLH5+ADiTsItK8cJMPBAsPO+w7KFpL7n8zAgUa41PGPOD0vqpNwggqlyqgGCi1aUiAM9a5 +bSX37oevlyOFxlm/a+ffHuJsg4k2MerY8SVMo1I5mNZfQS4M6i9111kvGO1900o/fkGcjFcukWU +ZaPStFjsO2FYRKMvYrObgLSC/dXHzFEl5ZU/Ry8we6zIeG7i4W0n6z3MAYLoNXeNq1i7VdHVpIF +WjRzQFLGwBt6gkSLz8Kg0F0fG4D72DFqsflBLzeFpbgb8Bn5qTbSVmaBZXDVm7NlJ1BfgYLBdpd +ca4ipuZvKvHQIDAQABo4IBijCCAYYwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3d3dy5wdWJsa +WMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMTgvY2RwLmNybDAdBgNVHQ4EFgQUZWWjPdc7EaMK +ByU3yUJKW3Z3UOEwbgYDVR0gBGcwZTBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDo +vL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1sMBkGCSsGAQQBsT4BMjAMMA +oGCCsGAQUFBwIBMIGJBgNVHSMEgYEwf6F5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dUR +SBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMw +IQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwDgYDVR0PAQH/BAQDAgEGMBI +GA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEFBQADgYEAMqxlFJFL0X02ys+k1oJjZsQH49 +jr/a+66npWEWLdJRS+jYpciCP7Bs4CQ3KqoEmRagV0Q/kk923429y/2YCfLa+E7PWy57z6glaV1 +xcGy1rNRBQkfkzAR96isuvSTTV+GpXi/VbYaQFOwhkmyrr0udUT5RuPk7+4ca2ebEJYHZ0= +-----END CERTIFICATE----- + +ERROR: PolicyQualifierInfo is missing qualifier +ERROR: Failed parsing policy qualifiers +ERROR: Failed parsing certificate policies + +-----BEGIN ERRORS----- +RVJST1I6IFBvbGljeVF1YWxpZmllckluZm8gaXMgbWlzc2luZyBxdWFsaWZpZXIKRVJST1I6IEZhaWxlZCBwYXJzaW5nIHBvbGljeSBxdWFsaWZpZXJzCkVSUk9SOiBGYWlsZWQgcGFyc2luZyBjZXJ0aWZpY2F0ZSBwb2xpY2llcwo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/bad_signature_algorithm_oid.pem b/pki/testdata/parse_certificate_unittest/bad_signature_algorithm_oid.pem new file mode 100644 index 0000000000..967d4f277e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/bad_signature_algorithm_oid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFzzCCA7+gAwIBAgIJANb2NXTvIp24MAUGAQAFADCBpTEyMDAGA1UEAxMpa2FyYXRlZ2lybHM +uZXUgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAgTAkJZMQswCQYDVQQGEwJERT +EoMCYGCSqGSIb3DQEJARYZcG9zdG1hc3RlckBrYXJhdGVnaXJscy5ldTEXMBUGA1UEChMOa2FyY +XRlZ2lybHMuZXUxEjAQBgNVBAsUCUhlbGxvIElUITAeFw0xNTA5MjAyMjQ5MzVaFw0yNTA5MTcy +MjQ5MzVaMIGlMTIwMAYDVQQDEylrYXJhdGVnaXJscy5ldSBSb290IENlcnRpZmljYXRlIEF1dGh +vcml0eTELMAkGA1UECBMCQlkxCzAJBgNVBAYTAkRFMSgwJgYJKoZIhvcNAQkBFhlwb3N0bWFzdG +VyQGthcmF0ZWdpcmxzLmV1MRcwFQYDVQQKEw5rYXJhdGVnaXJscy5ldTESMBAGA1UECxQJSGVsb +G8gSVQhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxpf2WWNVlcVVXt9mbbd84zgk +cPusOri9oWn50/It7Td4HzcgunO7zCikcYRn6grWCgjMaQofwskU57WGscfvsHXzEh3kYBCGDpF +tn7YEerDiOQjdSdvAJaU82qNspuv1UkaaAlHUI1UNZe+we+x27V6Cr9fVu3zFDW7ajbBUTihcth +ijNjFw+mS+ZnWGK1654/faS95OOtlUDLUdVaf+tfEWvt/aKw1AiRo0v6UYAjeFn/38xTff1sz1U +z1pS0MUEnVt6bjsbALgPaPwKaYOlgoz4bWW4PPyG9/dIGXv2Uuz02ieoemUZc/L9IJgtdNmqfiV +GfwFxVT1OFxP5fThcrpbqUBcX25FO5r7MdT0jlOsJxCUgGdwK5P2FFb33erqEY+r5i1iIAy85p7 +60FSHMX+gWKaMLPqchAjjdi9rE0PfVhCCMMa8K8XRn2Fc5pgx9Qw3HyzIsjbWBuTKerx80uF3R7 +DRN1S8kZ5iXIW/2e71Fn8iSZRYoBeRUvJmiOlCgD51eiBEo6lw3HyhzmldBwt7JaqQ2gwLbzqFV +ozRtRSLzzhPgZNU+yOYTP/A0IaGersengZ0prfhBk69yLq+Nk7HxyBiAHj1q3XxOk4tgacfROJ7 +lyCfulhP6PJIGiR08J3ZG47riMZzYSM5cEM3fsH+gzniLw9tOZH2MogKdHkCAwEAAaMQMA4wDAY +DVR0TBAUwAwEB/zAFBgEABQADggIBAAFVYTukHGpqbu4eGz6zl8tN46BueHNqnR0DAUx01TtK/n +hfDKMgV6Hvc755FNbkU+1yFYnNvDqYKPUYZBpsvYFMzXLCmdVmtVvXMkmJJHpfVOLUIe1eDUChj +JtGJrOtkJ0UbGHF/jQmKvk7dcPPocE8tr0+TEC43nrfxMU6vqgCx95TB19j06fQiXolCxhLh5mZ +y9vuYWfAixh+0kyfD6Qv/6cKbiWvFZ8bs+NnBeN7N7ZlEt5X64uS8HKyCK+b5Q0r1GgWnGyMvkV +1EPzYrYcL6N690bgJg62ZmpFcN/p4dkCDvj5p+R3hcy6KJpnn7uYe1b2SrokczGX4R4CXDOhgWt +dsIGrm2dbmZ3an2AHI7h+nx1CIEE4bgJ4p5a5wu4DuVSpLEke3us+TYhfAuD5qrCMekBcuBT3ox +nHF8jNehLagvK4lPRirNwxVdLzUii1GC/MIs+WEtK3gqOEUFp1SDrNmon9h2opRtilExZRevvKV +1h8PL6BRxIP7I+S2+Rsal4REROcwD0ZUuRoAwGc6U9nfPQg8/SD7j9FQdiO5odyrzcx2S77M+io +BbQP5bbaaTHbOvl8KykClRHpEgGEvl/0me6eTeu6DdlEqwI8qHFIAyJviQZ/KJhrPHTJ1ZsPPqg +vJCmRSboYFe73e46wc+rTNbqrumAGFnKu+4gz/ +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/bad_validity.pem b/pki/testdata/parse_certificate_unittest/bad_validity.pem new file mode 100644 index 0000000000..62ab294e38 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/bad_validity.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIFhDCCA2ygAwIBAgIEGZ34ZzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEqMCgGA1U +EChMhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNlcyBMaW1pdGVkMSowKAYDVQQDEyFDZXJ0aWZpY2 +F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wGhcLMDkwODA4MDEwMFoXCzI0MDgwODAxMDBaMF8xC +zAJBgNVBAYTAkNOMSowKAYDVQQKEyFXb1NpZ24gZUNvbW1lcmNlIFNlcnZpY2VzIExpbWl0ZWQx +JDAiBgNVBAMTG1dvU2lnbiBDbGFzcyAxIERWIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQA +DggEPADCCAQoCggEBAOKmTysCbxBSQu/1kMrMfwKdJSJ3iDLA/dI6QkifIZ6MZHWFy6du2VGA3K +nR8yz+7x6rYuThPFJ9r9eZ6uOyLrxDbFRwMuTxdfrKEXsjEhWKUBSe9an2N3AcBODBK5n+fAEte +y0ufAiIk0aIREVUGGxRolv1rhxmsMgLOVpx4jiaRBXpl7Z9OTEjorED4Zohta3UTqvDhhzHVitS +QgDvzhEG7LNsvCDvH36TVDJlmhv1/0wtuJtyTO21Ud0oPHhlAU3ALv+rZB1/2aGGxEI2lCB/Bda +dudblZ1FrQSi/427IFCrHaaGHM2wk4V6lQQQgOB1p6YTZaBrc329stzPmhzcCAwEAAaOCAUQwgg +FAMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQM0OG+tz4Xq +LbhdSNmMXOdfV3a+TAfBgNVHSMEGDAWgBThZs8O0fGzS7cGIBT+hxLV9v77PjBjBggrBgEFBQcB +AQRXMFUwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLndvc2lnbi5jb20vY2EwLAYIKwYBBQUHMAK +GIGh0dHA6Ly9haWEud29zaWduLmNvbS93b3NpZ24uY2VyMC4GA1UdHwQnMCUwI6AhoB+GHWh0dH +A6Ly9jcmxzLndvc2lnbi5jb20vY2EuY3JsMEUGA1UdIAQ+MDwwOgYLKwYBBAGCm1EBAQAwKzApB +ggrBgEFBQcCARYdaHR0cDovL3d3dy53b3NpZ24uY29tL3BvbGljeS8wDQYJKoZIhvcNAQELBQAD +ggIBADAegtXeC2KIvmSrZc9Ohs3p7ZT0er/Yop/4eXqSMk38bFu6Rr4SNXNbUwQQhIeaUbqhKk8 +RAYE5kBK/97PPsoZlTK1B7hEDQHxtVjmoAoWepahP1Zzd86roXRI42JiKOwkZYN/PW1t/KlPkNE +De6C5H3EOnRWH7EynXUbhIKOi76M10o13yyUJmWVueLFZP7fM6S7AlIocweZTEnAAPQ3RNpMFJH +f6KJowFLkqWeu4OBmmnVxmUaiSlIW66W8WFEIUMUkQf+DRCZxYtJvsVT6Es3vDvh0bu7RuCh4iz +RChmyodDbTY6TGKncmt6/zuPpIYitB2rN5URoJbQXiTHHXJE/JqvMEY5iOz6LXcroo9XIA+5VDu +Or4PbM5n4a4EgER2bg/u4dk8XdwimiPMGXtcmcTpporPBEThs6538gVYbt1M4s8aANKhqw0aTyl +A/2do3vrwyAOhnDZJM3EIg33AeHngWyf1d97LqSOgzsX9/7x2RAb7reCcQpjkhymwZfeR0XuR8H +epESDfB70pn0iBeS4Vgc+QSws+xGE/C9A+zMO8+UhTqVX+1bYhwst8wIuQbmO8jQ8mbUYjt7wuF +qum+1NGXG2V8I0pPXpomDgc96DF0DTCP1KLDJX1D8LOJpLbmJSYzj5I1ALSQYosLaeoNJzvXYn+ +d0kE3yBtDBWJR +-----END CERTIFICATE----- + +ERROR: Failed parsing validity +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIHZhbGlkaXR5CkVSUk9SOiBGYWlsZWQgcGFyc2luZyBUQlNDZXJ0aWZpY2F0ZQo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_ca_false.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_false.pem new file mode 100644 index 0000000000..7344f20f22 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_false.pem @@ -0,0 +1,10 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `00` } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEBADANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_ca_no_path.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_no_path.pem new file mode 100644 index 0000000000..da74e9129e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_no_path.pem @@ -0,0 +1,10 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_ca_path_9.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_path_9.pem new file mode 100644 index 0000000000..e37e9d8c6d --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_ca_path_9.pem @@ -0,0 +1,11 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } + INTEGER { 9 } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICWzCCAcSgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1MwUTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDwYDVR0TBAgwBgEB/wIBCTANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_negative_path.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_negative_path.pem new file mode 100644 index 0000000000..ad75612c6a --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_negative_path.pem @@ -0,0 +1,17 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } + INTEGER { -1 } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICWzCCAcSgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1MwUTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDwYDVR0TBAgwBgEB/wIB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed parsing basic constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGJhc2ljIGNvbnN0cmFpbnRzCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_not_ca.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_not_ca.pem new file mode 100644 index 0000000000..a115745cc3 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_not_ca.pem @@ -0,0 +1,8 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE {} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICVTCCAb6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo00wSzAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_path_too_large.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_path_too_large.pem new file mode 100644 index 0000000000..b2e823b7a9 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_path_too_large.pem @@ -0,0 +1,17 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } + INTEGER { `0fffffffffffffffffffffffffffffffffffffffffffffff` } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2owaDAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wJgYDVR0TBB8wHQEB/wIYD///////////////////////////////MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing basic constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGJhc2ljIGNvbnN0cmFpbnRzCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_255.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_255.pem new file mode 100644 index 0000000000..33aae650a7 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_255.pem @@ -0,0 +1,11 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } + INTEGER { 255 } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICXDCCAcWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1QwUjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wEAYDVR0TBAkwBwEB/wICAP8wDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_256.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_256.pem new file mode 100644 index 0000000000..420ae62cdf --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_256.pem @@ -0,0 +1,17 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + BOOLEAN { `ff` } + INTEGER { 256 } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICXDCCAcWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1QwUjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wEAYDVR0TBAkwBwEB/wICAQAwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- + +ERROR: Failed parsing basic constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGJhc2ljIGNvbnN0cmFpbnRzCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem new file mode 100644 index 0000000000..3aeb8b8392 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem @@ -0,0 +1,10 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + INTEGER { 1 } +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwIBATANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/basic_constraints_unconsumed_data.pem b/pki/testdata/parse_certificate_unittest/basic_constraints_unconsumed_data.pem new file mode 100644 index 0000000000..6924bbe576 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/basic_constraints_unconsumed_data.pem @@ -0,0 +1,16 @@ +#-----BEGIN BASIC_CONSTRAINTS----- +SEQUENCE { + NULL {} +} +#-----END BASIC_CONSTRAINTS----- + + +-----BEGIN CERTIFICATE----- +MIICVzCCAcCgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo08wTTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wCwYDVR0TBAQwAgUAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing basic constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGJhc2ljIGNvbnN0cmFpbnRzCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_algorithm_not_sequence.pem b/pki/testdata/parse_certificate_unittest/cert_algorithm_not_sequence.pem new file mode 100644 index 0000000000..89631f9958 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_algorithm_not_sequence.pem @@ -0,0 +1,19 @@ +This is a synthesized Certificate, where the signature algorithm is an INTEGER +rather than a SEQUENCE. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 12 cons: SEQUENCE + 2:d=1 hl=2 l= 2 cons: SEQUENCE + 4:d=2 hl=2 l= 0 prim: NULL + 6:d=1 hl=2 l= 2 prim: INTEGER :0500 + 10:d=1 hl=2 l= 2 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MAwwAgUAAgIFAAMCAKs= +-----END CERTIFICATE----- + +ERROR: Couldn't read Certificate.signatureAlgorithm as SEQUENCE + +-----BEGIN ERRORS----- +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlQWxnb3JpdGhtIGFzIFNFUVVFTkNFCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_data_after_signature.pem b/pki/testdata/parse_certificate_unittest/cert_data_after_signature.pem new file mode 100644 index 0000000000..db0f00d3b7 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_data_after_signature.pem @@ -0,0 +1,21 @@ +This is an otherwise "valid" input to ParseCertificate(), however there is a +trailing NULL after the signature field. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 14 cons: SEQUENCE + 2:d=1 hl=2 l= 2 cons: SEQUENCE + 4:d=2 hl=2 l= 0 prim: NULL + 6:d=1 hl=2 l= 2 cons: SEQUENCE + 8:d=2 hl=2 l= 0 prim: NULL + 10:d=1 hl=2 l= 2 prim: BIT STRING + 14:d=1 hl=2 l= 0 prim: NULL +-----BEGIN CERTIFICATE----- +MA4wAgUAMAIFAAMCAKwFAA== +-----END CERTIFICATE----- + +ERROR: Unconsumed data inside Certificate SEQUENCE + +-----BEGIN ERRORS----- +RVJST1I6IFVuY29uc3VtZWQgZGF0YSBpbnNpZGUgQ2VydGlmaWNhdGUgU0VRVUVOQ0UK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_empty_sequence.pem b/pki/testdata/parse_certificate_unittest/cert_empty_sequence.pem new file mode 100644 index 0000000000..9e084ba4fd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_empty_sequence.pem @@ -0,0 +1,15 @@ +This is an empty SEQUENCE. It will fail to be parsed as a Certificate since it +contains no fields. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 0 cons: SEQUENCE +-----BEGIN CERTIFICATE----- +MAA= +-----END CERTIFICATE----- + +ERROR: Couldn't read tbsCertificate as SEQUENCE + +-----BEGIN ERRORS----- +RVJST1I6IENvdWxkbid0IHJlYWQgdGJzQ2VydGlmaWNhdGUgYXMgU0VRVUVOQ0UK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_missing_signature.pem b/pki/testdata/parse_certificate_unittest/cert_missing_signature.pem new file mode 100644 index 0000000000..55cee1dda7 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_missing_signature.pem @@ -0,0 +1,19 @@ +This is an otherwise "valid" Certificate input for ParseCertificate(), however +it is missing the final field (signature). + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 8 cons: SEQUENCE + 2:d=1 hl=2 l= 2 cons: SEQUENCE + 4:d=2 hl=2 l= 0 prim: NULL + 6:d=1 hl=2 l= 2 cons: SEQUENCE + 8:d=2 hl=2 l= 0 prim: NULL +-----BEGIN CERTIFICATE----- +MAgwAgUAMAIFAA== +-----END CERTIFICATE----- + +ERROR: Couldn't read Certificate.signatureValue as BIT STRING + +-----BEGIN ERRORS----- +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlVmFsdWUgYXMgQklUIFNUUklORwo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_not_sequence.pem b/pki/testdata/parse_certificate_unittest/cert_not_sequence.pem new file mode 100644 index 0000000000..fef89382a4 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_not_sequence.pem @@ -0,0 +1,15 @@ +This is an otherwise valid input for ParseCertificate(), however the SEQUENCE +tag was changed to be an INTEGER. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 16 prim: INTEGER :300605003002050030020500030200AC +-----BEGIN CERTIFICATE----- +AhAwBgUAMAIFADACBQADAgCs +-----END CERTIFICATE----- + +ERROR: Failed parsing Certificate SEQUENCE + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIENlcnRpZmljYXRlIFNFUVVFTkNFCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_signature_not_bit_string.pem b/pki/testdata/parse_certificate_unittest/cert_signature_not_bit_string.pem new file mode 100644 index 0000000000..7cf80d3369 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_signature_not_bit_string.pem @@ -0,0 +1,20 @@ +This is an otherwise valid input to ParseSignature(), however the signature was +changed from a BIT STRING to an OCTET STRING. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 12 cons: SEQUENCE + 2:d=1 hl=2 l= 2 cons: SEQUENCE + 4:d=2 hl=2 l= 0 prim: NULL + 6:d=1 hl=2 l= 2 cons: SEQUENCE + 8:d=2 hl=2 l= 0 prim: NULL + 10:d=1 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0102 +-----BEGIN CERTIFICATE----- +MAwwAgUAMAIFAAQCAQI= +-----END CERTIFICATE----- + +ERROR: Couldn't read Certificate.signatureValue as BIT STRING + +-----BEGIN ERRORS----- +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlVmFsdWUgYXMgQklUIFNUUklORwo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/cert_skeleton.pem b/pki/testdata/parse_certificate_unittest/cert_skeleton.pem new file mode 100644 index 0000000000..a3049adad5 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_skeleton.pem @@ -0,0 +1,35 @@ +This is a valid certificate from the perspective of ParseCertificate(). + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=2 l= 16 cons: SEQUENCE + 2:d=1 hl=2 l= 6 cons: SEQUENCE + 4:d=2 hl=2 l= 0 prim: NULL + 6:d=2 hl=2 l= 2 cons: SEQUENCE + 8:d=3 hl=2 l= 0 prim: NULL + 10:d=1 hl=2 l= 2 cons: SEQUENCE + 12:d=2 hl=2 l= 0 prim: NULL + 14:d=1 hl=2 l= 2 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MBAwBgUAMAIFADACBQADAgCs +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 6 cons: SEQUENCE + 2:d=1 hl=2 l= 0 prim: NULL + 4:d=1 hl=2 l= 2 cons: SEQUENCE + 6:d=2 hl=2 l= 0 prim: NULL +-----BEGIN TBS CERTIFICATE----- +MAYFADACBQA= +-----END TBS CERTIFICATE----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 2 cons: SEQUENCE + 2:d=1 hl=2 l= 0 prim: NULL +-----BEGIN SIGNATURE ALGORITHM----- +MAIFAA== +-----END SIGNATURE ALGORITHM----- + +-----BEGIN SIGNATURE----- +rA== +-----END SIGNATURE----- diff --git a/pki/testdata/parse_certificate_unittest/cert_version3.pem b/pki/testdata/parse_certificate_unittest/cert_version3.pem new file mode 100644 index 0000000000..dd8468eaf4 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/cert_version3.pem @@ -0,0 +1,252 @@ +This is a valid real-world certificate. + + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l=1367 cons: SEQUENCE + 4:d=1 hl=4 l=1087 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 7 prim: INTEGER :2B63A42A705076 + 22:d=2 hl=2 l= 13 cons: SEQUENCE + 24:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 35:d=3 hl=2 l= 0 prim: NULL + 37:d=2 hl=3 l= 202 cons: SEQUENCE + 40:d=3 hl=2 l= 11 cons: SET + 42:d=4 hl=2 l= 9 cons: SEQUENCE + 44:d=5 hl=2 l= 3 prim: OBJECT :countryName + 49:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US + 53:d=3 hl=2 l= 16 cons: SET + 55:d=4 hl=2 l= 14 cons: SEQUENCE + 57:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 62:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 71:d=3 hl=2 l= 19 cons: SET + 73:d=4 hl=2 l= 17 cons: SEQUENCE + 75:d=5 hl=2 l= 3 prim: OBJECT :localityName + 80:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 92:d=3 hl=2 l= 26 cons: SET + 94:d=4 hl=2 l= 24 cons: SEQUENCE + 96:d=5 hl=2 l= 3 prim: OBJECT :organizationName + 101:d=5 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. + 120:d=3 hl=2 l= 51 cons: SET + 122:d=4 hl=2 l= 49 cons: SEQUENCE + 124:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 129:d=5 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository + 173:d=3 hl=2 l= 48 cons: SET + 175:d=4 hl=2 l= 46 cons: SEQUENCE + 177:d=5 hl=2 l= 3 prim: OBJECT :commonName + 182:d=5 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority + 223:d=3 hl=2 l= 17 cons: SET + 225:d=4 hl=2 l= 15 cons: SEQUENCE + 227:d=5 hl=2 l= 3 prim: OBJECT :serialNumber + 232:d=5 hl=2 l= 8 prim: PRINTABLESTRING :07969287 + 242:d=2 hl=2 l= 30 cons: SEQUENCE + 244:d=3 hl=2 l= 13 prim: UTCTIME :120419135324Z + 259:d=3 hl=2 l= 13 prim: UTCTIME :130419135324Z + 274:d=2 hl=2 l= 79 cons: SEQUENCE + 276:d=3 hl=2 l= 20 cons: SET + 278:d=4 hl=2 l= 18 cons: SEQUENCE + 280:d=5 hl=2 l= 3 prim: OBJECT :organizationName + 285:d=5 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 298:d=3 hl=2 l= 33 cons: SET + 300:d=4 hl=2 l= 31 cons: SEQUENCE + 302:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 307:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated + 333:d=3 hl=2 l= 20 cons: SET + 335:d=4 hl=2 l= 18 cons: SEQUENCE + 337:d=5 hl=2 l= 3 prim: OBJECT :commonName + 342:d=5 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 355:d=2 hl=4 l= 290 cons: SEQUENCE + 359:d=3 hl=2 l= 13 cons: SEQUENCE + 361:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 372:d=4 hl=2 l= 0 prim: NULL + 374:d=3 hl=4 l= 271 prim: BIT STRING + 649:d=2 hl=4 l= 442 cons: cont [ 3 ] + 653:d=3 hl=4 l= 438 cons: SEQUENCE + 657:d=4 hl=2 l= 15 cons: SEQUENCE + 659:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints + 664:d=5 hl=2 l= 1 prim: BOOLEAN :255 + 667:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 + 674:d=4 hl=2 l= 29 cons: SEQUENCE + 676:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 681:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 + 705:d=4 hl=2 l= 14 cons: SEQUENCE + 707:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage + 712:d=5 hl=2 l= 1 prim: BOOLEAN :255 + 715:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 + 721:d=4 hl=2 l= 51 cons: SEQUENCE + 723:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points + 728:d=5 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C + 774:d=4 hl=2 l= 83 cons: SEQUENCE + 776:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies + 781:d=5 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F + 859:d=4 hl=3 l= 128 cons: SEQUENCE + 862:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access + 872:d=5 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 + 990:d=4 hl=2 l= 31 cons: SEQUENCE + 992:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 997:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 + 1023:d=4 hl=2 l= 39 cons: SEQUENCE + 1025:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name + 1030:d=5 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 + 1064:d=4 hl=2 l= 29 cons: SEQUENCE + 1066:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 1071:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 + 1095:d=1 hl=2 l= 13 cons: SEQUENCE + 1097:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 1108:d=2 hl=2 l= 0 prim: NULL + 1110:d=1 hl=4 l= 257 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIFVzCCBD+gAwIBAgIHK2OkKnBQdjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDA +OBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY2 +9tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9za +XRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTER +MA8GA1UEBRMIMDc5NjkyODcwHhcNMTIwNDE5MTM1MzI0WhcNMTMwNDE5MTM1MzI0WjBPMRQwEgY +DVQQKEwtrdGh1bGh1Lm5ldDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEg +YDVQQDEwtrdGh1bGh1Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK80JLhGb ++cZDSye0QoAGJh+LxvOxRTxZuSfvTm3pzQBapvFeQuCM15tfrO66NLJ3Szsgx+SDTQLSpLqqe5K +rm5dW2z92ePkWtxDb+3KcEG0I6Gmo0SghkVC7P4xTAgAEoov/t45JLnzYpru3AXw1zkkEdmEGS+ +M4Q1u7LP88E1bKWJ8b1O6A3KjiMAphcEPxb2EwMRdbqMygbCXy/OeL9DCiOxhMsp+lvI2e3/HEn +PGob6ywGLf3rQMa5h3DFFSW1voMV4sCbB349N0tf0cqR02+IEahM96V+sJfLKrST9C+Zl7kIBEq +BAGeEqz2C8V8raq1Nci4t9sYFsB7tQO3yECAwEAAaOCAbowggG2MA8GA1UdEwEB/wQFMAMBAQAw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDA +qMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtNjguY3JsMFMGA1UdIARMMEowSA +YLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5L +mNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz +cC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5 +jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u +6FX5q653aZaMznMCcGA1UdEQQgMB6CC2t0aHVsaHUubmV0gg93d3cua3RodWxodS5uZXQwHQYDV +R0OBBYEFKMeGrGp5PVQvD4F4XTPAdCeNeAXMA0GCSqGSIb3DQEBBQUAA4IBAQC3hBvUM0guBBJc +qsVDNehFGtd+wsbgqEHMDGSMIK5ahg4rgqUevqe98xVb9n3fMF0zCs/3LYA6mbzKQo8i2Xdbbyc +rA0Lc+k2LST1+i19rr0idYb6Dl8mzyObf0RQQHZ5wjj+GShOk4SGXuId1hJyEJZoNUjdu3yHyPf ++K6UaDtp4B3ECZZPyz19SFsYTsBX7Pm1u0tA6kDpNaNQxOlEEQQ+ogKFeqSJ7d0/3D83WFmIxtH +KV7jpWcZcSVDjacjFZIsVTgjQgkgIkkUrAvqsFPFTcUnXogk6qtGxH4C17wXoQO7Tsa+j3McYP1 +HZmCxBi7r3fZJEu5k5TpvDU4Kemf +-----END CERTIFICATE----- + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=4 l=1087 cons: SEQUENCE + 4:d=1 hl=2 l= 3 cons: cont [ 0 ] + 6:d=2 hl=2 l= 1 prim: INTEGER :02 + 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076 + 18:d=1 hl=2 l= 13 cons: SEQUENCE + 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 31:d=2 hl=2 l= 0 prim: NULL + 33:d=1 hl=3 l= 202 cons: SEQUENCE + 36:d=2 hl=2 l= 11 cons: SET + 38:d=3 hl=2 l= 9 cons: SEQUENCE + 40:d=4 hl=2 l= 3 prim: OBJECT :countryName + 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US + 49:d=2 hl=2 l= 16 cons: SET + 51:d=3 hl=2 l= 14 cons: SEQUENCE + 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 67:d=2 hl=2 l= 19 cons: SET + 69:d=3 hl=2 l= 17 cons: SEQUENCE + 71:d=4 hl=2 l= 3 prim: OBJECT :localityName + 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 88:d=2 hl=2 l= 26 cons: SET + 90:d=3 hl=2 l= 24 cons: SEQUENCE + 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. + 116:d=2 hl=2 l= 51 cons: SET + 118:d=3 hl=2 l= 49 cons: SEQUENCE + 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository + 169:d=2 hl=2 l= 48 cons: SET + 171:d=3 hl=2 l= 46 cons: SEQUENCE + 173:d=4 hl=2 l= 3 prim: OBJECT :commonName + 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority + 219:d=2 hl=2 l= 17 cons: SET + 221:d=3 hl=2 l= 15 cons: SEQUENCE + 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber + 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287 + 238:d=1 hl=2 l= 30 cons: SEQUENCE + 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z + 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z + 270:d=1 hl=2 l= 79 cons: SEQUENCE + 272:d=2 hl=2 l= 20 cons: SET + 274:d=3 hl=2 l= 18 cons: SEQUENCE + 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 294:d=2 hl=2 l= 33 cons: SET + 296:d=3 hl=2 l= 31 cons: SEQUENCE + 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated + 329:d=2 hl=2 l= 20 cons: SET + 331:d=3 hl=2 l= 18 cons: SEQUENCE + 333:d=4 hl=2 l= 3 prim: OBJECT :commonName + 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 351:d=1 hl=4 l= 290 cons: SEQUENCE + 355:d=2 hl=2 l= 13 cons: SEQUENCE + 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption + 368:d=3 hl=2 l= 0 prim: NULL + 370:d=2 hl=4 l= 271 prim: BIT STRING + 645:d=1 hl=4 l= 442 cons: cont [ 3 ] + 649:d=2 hl=4 l= 438 cons: SEQUENCE + 653:d=3 hl=2 l= 15 cons: SEQUENCE + 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints + 660:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 + 670:d=3 hl=2 l= 29 cons: SEQUENCE + 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 + 701:d=3 hl=2 l= 14 cons: SEQUENCE + 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage + 708:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 + 717:d=3 hl=2 l= 51 cons: SEQUENCE + 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points + 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C + 770:d=3 hl=2 l= 83 cons: SEQUENCE + 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies + 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F + 855:d=3 hl=3 l= 128 cons: SEQUENCE + 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access + 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 + 986:d=3 hl=2 l= 31 cons: SEQUENCE + 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 + 1019:d=3 hl=2 l= 39 cons: SEQUENCE + 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name + 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 + 1060:d=3 hl=2 l= 29 cons: SEQUENCE + 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 +-----BEGIN TBS CERTIFICATE----- +MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U +ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE +luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye +TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD +VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo +TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA +MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL +J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b +bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7 +ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr +LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S +rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA +moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk +gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL +3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv +ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9 +yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr +rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF +gQUox4asank9VC8PgXhdM8B0J414Bc= +-----END TBS CERTIFICATE----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN SIGNATURE ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END SIGNATURE ALGORITHM----- + +-----BEGIN SIGNATURE----- +t4Qb1DNILgQSXKrFQzXoRRrXfsLG4KhBzAxkjCCuWoYOK4KlHr6nvfMVW/Z93zBdMwrP9y2AOpm +8ykKPItl3W28nKwNC3PpNi0k9fotfa69InWG+g5fJs8jm39EUEB2ecI4/hkoTpOEhl7iHdYSchC +WaDVI3bt8h8j3/iulGg7aeAdxAmWT8s9fUhbGE7AV+z5tbtLQOpA6TWjUMTpRBEEPqIChXqkie3 +dP9w/N1hZiMbRyle46VnGXElQ42nIxWSLFU4I0IJICJJFKwL6rBTxU3FJ16IJOqrRsR+Ate8F6E +Du07Gvo9zHGD9R2ZgsQYu6932SRLuZOU6bw1OCnpnw== +-----END SIGNATURE----- diff --git a/pki/testdata/parse_certificate_unittest/crldp_1uri_noissuer.pem b/pki/testdata/parse_certificate_unittest/crldp_1uri_noissuer.pem new file mode 100644 index 0000000000..420a508ea1 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/crldp_1uri_noissuer.pem @@ -0,0 +1,28 @@ +Simple CRLDP with a single URI and no cRLIssuer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.example.com/foo.crl + +#-----BEGIN EXTENSION----- +SEQUENCE { + # cRLDistributionPoints + OBJECT_IDENTIFIER { 2.5.29.31 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + [0] { + [0] { + [6 PRIMITIVE] { "http://www.example.com/foo.crl" } + } + } + } + } + } +} +#-----END EXTENSION----- + +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4GBMH8wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3d3dy5leGFtcGxlLmNvbS9mb28uY3JsMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/crldp_3uri_noissuer.pem b/pki/testdata/parse_certificate_unittest/crldp_3uri_noissuer.pem new file mode 100644 index 0000000000..3292068fcb --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/crldp_3uri_noissuer.pem @@ -0,0 +1,32 @@ +Simple CRLDP with a single URI and no cRLIssuer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.example.com/foo1.crl + URI:http://www.example.com/blah.crl + URI:not-even-a-url + +#-----BEGIN EXTENSION----- +SEQUENCE { + # cRLDistributionPoints + OBJECT_IDENTIFIER { 2.5.29.31 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + [0] { + [0] { + [6 PRIMITIVE] { "http://www.example.com/foo1.crl" } + [6 PRIMITIVE] { "http://www.example.com/blah.crl" } + [6 PRIMITIVE] { "not-even-a-url" } + } + } + } + } + } +} +#-----END EXTENSION----- + +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4G0MIGxMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MGEGA1UdHwRaMFgwVqBUoFKGH2h0dHA6Ly93d3cuZXhhbXBsZS5jb20vZm9vMS5jcmyGH2h0dHA6Ly93d3cuZXhhbXBsZS5jb20vYmxhaC5jcmyGDm5vdC1ldmVuLWEtdXJsMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/crldp_full_name_as_dirname.pem b/pki/testdata/parse_certificate_unittest/crldp_full_name_as_dirname.pem new file mode 100644 index 0000000000..4009e94b0f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/crldp_full_name_as_dirname.pem @@ -0,0 +1,52 @@ +CRLDP extension taken from NIST PKITS (BasicSelfIssuedCRLSigningKeyCRLCert.crt): + + X509v3 CRL Distribution Points: + + Full Name: + DirName: C = US, O = Test Certificates 2011, CN = Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA + +#-----BEGIN EXTENSION----- +SEQUENCE { + # cRLDistributionPoints + OBJECT_IDENTIFIER { 2.5.29.31 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + [0] { + [0] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Test Certificates 2011" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + PrintableString { "Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA" } + } + } + } + } + } + } + } + } + } +} +#-----END EXTENSION----- + +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4HdMIHaMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MIGJBgNVHR8EgYEwfzB9oHugeaR3MHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/crldp_issuer_as_dirname.pem b/pki/testdata/parse_certificate_unittest/crldp_issuer_as_dirname.pem new file mode 100644 index 0000000000..e0b945ea35 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/crldp_issuer_as_dirname.pem @@ -0,0 +1,90 @@ +CRLDP extension taken from NIST PKITS (ValidcRLIssuerTest28EE.crt) + + X509v3 CRL Distribution Points: + + Full Name: + DirName: C = US, O = Test Certificates 2011, OU = indirectCRL CA3 cRLIssuer, CN = indirect CRL for indirectCRL CA3 + CRL Issuer: + DirName: C = US, O = Test Certificates 2011, OU = indirectCRL CA3 cRLIssuer + + + +#-----BEGIN EXTENSION----- +SEQUENCE { + # cRLDistributionPoints + OBJECT_IDENTIFIER { 2.5.29.31 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + [0] { + [0] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Test Certificates 2011" } + } + } + SET { + SEQUENCE { + # organizationUnitName + OBJECT_IDENTIFIER { 2.5.4.11 } + PrintableString { "indirectCRL CA3 cRLIssuer" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + PrintableString { "indirect CRL for indirectCRL CA3" } + } + } + } + } + } + } + [2] { + [4] { + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Test Certificates 2011" } + } + } + SET { + SEQUENCE { + # organizationUnitName + OBJECT_IDENTIFIER { 2.5.4.11 } + PrintableString { "indirectCRL CA3 cRLIssuer" } + } + } + } + } + } + } + } + } +} +#-----END EXTENSION----- + +-----BEGIN CERTIFICATE----- +MIIDTDCCArWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wge0GA1UdHwSB5TCB4jCB36CBhKCBgaR/MH0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM6JWpFQwUjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/extended_key_usage.pem b/pki/testdata/parse_certificate_unittest/extended_key_usage.pem new file mode 100644 index 0000000000..9ad94bc1e6 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extended_key_usage.pem @@ -0,0 +1,21 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # extKeyUsage + OBJECT_IDENTIFIER { 2.5.29.37 } + OCTET_STRING { + SEQUENCE { + # serverAuth + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.3.1 } + # clientAuth + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.3.2 } + OBJECT_IDENTIFIER { 1.3.6.1.4.1.311.10.3.3 } + OBJECT_IDENTIFIER { 2.16.840.1.113730.4.1 } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4GHMIGEMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/extension_critical.pem b/pki/testdata/parse_certificate_unittest/extension_critical.pem new file mode 100644 index 0000000000..20482b0c3c --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extension_critical.pem @@ -0,0 +1,17 @@ +This is an unknown extension, which is marked as critical. + +#-----BEGIN EXTENSION----- +SEQUENCE { + # https://davidben.net/oid + OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 } + BOOLEAN { `ff` } + OCTET_STRING { + SEQUENCE {} + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/extension_critical_0.pem b/pki/testdata/parse_certificate_unittest/extension_critical_0.pem new file mode 100644 index 0000000000..475fd02c50 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extension_critical_0.pem @@ -0,0 +1,26 @@ +This is an unknown extension, where the critical field (BOOLEAN) is 0. + +This is not valid because the critical field has a default of FALSE, so under +DER-encoding it should be omitted. + +#-----BEGIN EXTENSION----- +SEQUENCE { + # https://davidben.net/oid + OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 } + BOOLEAN { `00` } + OCTET_STRING { + SEQUENCE {} + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAQAEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing extensions + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGV4dGVuc2lvbnMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extension_critical_3.pem b/pki/testdata/parse_certificate_unittest/extension_critical_3.pem new file mode 100644 index 0000000000..a35370643f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extension_critical_3.pem @@ -0,0 +1,26 @@ +This is an unknown extension, where the critical field (BOOLEAN) is 3. + +This is not valid because BOOLEANs in DER-encoding should use an octet of +either all 0 bits or all 1 bits. + +#-----BEGIN EXTENSION----- +SEQUENCE { + # https://davidben.net/oid + OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 } + BOOLEAN { `03` } + OCTET_STRING { + SEQUENCE {} + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAQMEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing extensions + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGV4dGVuc2lvbnMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extension_not_critical.pem b/pki/testdata/parse_certificate_unittest/extension_not_critical.pem new file mode 100644 index 0000000000..dc358f8424 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extension_not_critical.pem @@ -0,0 +1,17 @@ +This is an unknown extension, where the critical field is absent (in other +words, FALSE). + +#-----BEGIN EXTENSION----- +SEQUENCE { + # https://davidben.net/oid + OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 } + OCTET_STRING { + SEQUENCE {} + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2QwYjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zASBgwqhkiG9xIEAYS3CQAEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/extensions_data_after_sequence.pem b/pki/testdata/parse_certificate_unittest/extensions_data_after_sequence.pem new file mode 100644 index 0000000000..a327c84990 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extensions_data_after_sequence.pem @@ -0,0 +1,24 @@ +#-----BEGIN EXTENSIONS----- +SEQUENCE { + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `03b8` } + } + } + NULL {} +} +#-----END EXTENSIONS----- + + +-----BEGIN CERTIFICATE----- +MIICHDCCAYWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABoxQwEjAOBgNVHQ8BAf8EBAMCA7gFADANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed parsing extensions + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGV4dGVuc2lvbnMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extensions_duplicate_key_usage.pem b/pki/testdata/parse_certificate_unittest/extensions_duplicate_key_usage.pem new file mode 100644 index 0000000000..b4205df72b --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extensions_duplicate_key_usage.pem @@ -0,0 +1,31 @@ +#-----BEGIN EXTENSIONS----- +SEQUENCE { + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `03b8` } + } + } + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `03b8` } + } + } +} +#-----END EXTENSIONS----- + + +-----BEGIN CERTIFICATE----- +MIICKjCCAZOgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABoyIwIDAOBgNVHQ8BAf8EBAMCA7gwDgYDVR0PAQH/BAQDAgO4MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing extensions + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGV4dGVuc2lvbnMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extensions_empty_sequence.pem b/pki/testdata/parse_certificate_unittest/extensions_empty_sequence.pem new file mode 100644 index 0000000000..edc6dabfeb --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extensions_empty_sequence.pem @@ -0,0 +1,14 @@ +#-----BEGIN EXTENSIONS----- +SEQUENCE {} +#-----END EXTENSIONS----- + + +-----BEGIN CERTIFICATE----- +MIICCjCCAXOgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABowIwADANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed parsing extensions + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGV4dGVuc2lvbnMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extensions_not_sequence.pem b/pki/testdata/parse_certificate_unittest/extensions_not_sequence.pem new file mode 100644 index 0000000000..2ed56f47fd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extensions_not_sequence.pem @@ -0,0 +1,15 @@ +#-----BEGIN EXTENSIONS----- +NULL {} +#-----END EXTENSIONS----- + + +-----BEGIN CERTIFICATE----- +MIICCjCCAXOgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABowIFADANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed reading extensions SEQUENCE +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCByZWFkaW5nIGV4dGVuc2lvbnMgU0VRVUVOQ0UKRVJST1I6IEZhaWxlZCBwYXJzaW5nIFRCU0NlcnRpZmljYXRlCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/extensions_real.pem b/pki/testdata/parse_certificate_unittest/extensions_real.pem new file mode 100644 index 0000000000..9b2c15235a --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/extensions_real.pem @@ -0,0 +1,85 @@ +A real world extensions sequence (taken from Google's GAI2). + +#-----BEGIN EXTENSIONS----- +SEQUENCE { + SEQUENCE { + # authorityKeyIdentifier + OBJECT_IDENTIFIER { 2.5.29.35 } + OCTET_STRING { + SEQUENCE { + [0 PRIMITIVE] { `c07a98688d89fbab05640c117daa7d65b8cacc4e` } + } + } + } + SEQUENCE { + # subjectKeyIdentifier + OBJECT_IDENTIFIER { 2.5.29.14 } + OCTET_STRING { + OCTET_STRING { `4add06161bbcf668b576f581b6bb621aba5a812f` } + } + } + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `0106` } + } + } + SEQUENCE { + # authorityInfoAccess + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.1.1 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + # ocsp + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.48.1 } + [6 PRIMITIVE] { "http://g.symcd.com" } + } + } + } + } + SEQUENCE { + # basicConstraints + OBJECT_IDENTIFIER { 2.5.29.19 } + BOOLEAN { `ff` } + OCTET_STRING { + SEQUENCE { + BOOLEAN { `ff` } + INTEGER { 0 } + } + } + } + SEQUENCE { + # cRLDistributionPoints + OBJECT_IDENTIFIER { 2.5.29.31 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + [0] { + [0] { + [6 PRIMITIVE] { "http://g.symcb.com/crls/gtglobal.crl" } + } + } + } + } + } + } + SEQUENCE { + # certificatePolicies + OBJECT_IDENTIFIER { 2.5.29.32 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 1.3.6.1.4.1.11129.2.5.1 } + } + } + } + } +} +#-----END EXTENSIONS----- + + +-----BEGIN CERTIFICATE----- +MIIC8DCCAlmgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBRK3QYWG7z2aLV29YG2u2IaulqBLzAOBgNVHQ8BAf8EBAMCAQYwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH/BAgwBgEB/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/failed_signature_algorithm.pem b/pki/testdata/parse_certificate_unittest/failed_signature_algorithm.pem new file mode 100644 index 0000000000..90057cd842 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/failed_signature_algorithm.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIFWjCCBD2gAwIBAgIQGERW2P+5Xt15QiwP1NRmtTANBgkqhkiG9w0BAQsFADCBkDELMAkGA1U +EBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMB +gGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhb +GlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNDA1MjEwMDAwMDBaFw0xNTA1MjkyMzU5NTla +MFQxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmV +TU0wxGTAXBgNVBAMTEHZpZGVvbWFnaWNhbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwgg +EKAoIBAQDOMDIDA7wjsHNDp+cYa9On4oodRjnAxvgJQ852ahkZul+e816WzUTTBs8m0LFiXjRZt +sl6AHOTVbSSK3iFrke6pVdwatVP95NsR4qQaU6ITfkD9hT01vOmFrPv77X7RF6C0Pb8tH9ro8pr +pqJdTlMnjnPTQQy/ljrUaWyIQm0G1ujCApPQhQ7hXRZYPAk0B5jSalA1q0tjjWKohlQaQMqXpHt +bofvL9hUlWw6shJdd08tUH5o0UcW3so0zHvVfwi4Gw6DiMc/a8aSmNJPO09Rf+xOYGB+wyMezH9 +00OnuhMg6EZgMiRwfJO6+c6QyhLBt2Vq2Wtl8HvgwBSiCelq6FAgMBAAGjggHkMIIB4DAfBgNVH +SMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU95g8ikB6kbC9vYcLhM386Qm3 +MyUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCs +GAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEWHWh0dHBzOi +8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwO +i8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy +Q0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2E +uY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQ +UHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAxBgNVHREEKjAoghB2aWRlb21hZ2ljYWwuY +29tghR3d3cudmlkZW9tYWdpY2FsLmNvbTASBgkqhkiG9w0BAQsfgeCB/FAAA4IBAQAaAf/vb3fp +7PubQlrlDZbOYmCPmqvyf8LqEs0OxdS+GFOHdn+7KoggtC/SBJRoIynklTSP2Ej8pJ+1vimqmGC +KGJlA7A1kV5+BfZRnsOxwqEUCioN12quQp/F5ODWC6Ip/kydQd0G5ShDCddjym43LT43r8GFa4T +aLifggKOS6QmK/VJizd8y9aQEVkQQJqgdOy24i26OXFzmO15GyOxZSesd32y1nNfNH/ofIvkMrE +OoFkxYIZ0laVI3btEm3CaVnsUoEy5bZXjJpL58OI4/5HTJw/EyrAOao7t3bD2IUWsu+qIxRCJXN +jDxMb93KiEfgMzGbmmPCNkzQ6AninOSC +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/inhibit_any_policy.pem b/pki/testdata/parse_certificate_unittest/inhibit_any_policy.pem new file mode 100644 index 0000000000..67c983ccb2 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/inhibit_any_policy.pem @@ -0,0 +1,14 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # inhibitAnyPolicy + OBJECT_IDENTIFIER { 2.5.29.54 } + OCTET_STRING { + INTEGER { 3 } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICZDCCAc2gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1wwWjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAKBgNVHTYEAwIBAzANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/issuer_bad_printable_string.pem b/pki/testdata/parse_certificate_unittest/issuer_bad_printable_string.pem new file mode 100644 index 0000000000..25eb56ff2e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/issuer_bad_printable_string.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIFXzCCBEegAwIBAgIRAN2LedoIuu0gCGHl3DFFvAswDQYJKoZIhvcNAQEFBQAwfTELMAkGA1U +EBhMCVVMxITAfBgNVBAoTGE1hc3RlckNhcmQgSW50ZXJuYXRpb25hbDEnMCUGA1UECxMeR2xvYm +FsIFRlY2hub2xvZ3kgJiBPcGVyYXRpb25zMSIwIAYDVQQDExlNYXN0ZXJDYXJkIFJvb3QgUHVib +GljIENBMB4XDTA1MTIyMjE0MDAyNVoXDTA3MTIyOTA5MjcyNVowgaQxCzAJBgNVBAYTAlVTMREw +DwYDVQQIEwhNaXNzb3VyaTEUMBIGA1UEBxMLU2FpbnQgTG91aXMxITAfBgNVBAoTGE1hc3RlckN +hcmQgSW50ZXJuYXRpb25hbDEpMCcGA1UECxMgR2xvYmFsIFRlY2hub2xvZ3kgYW5kIE9wZXJhdG +lvbnMxHjAcBgNVBAMTFU1hc3RlckNhcmQgU1NMIFN1YiBDQTCCASIwDQYJKoZIhvcNAQEBBQADg +gEPADCCAQoCggEBAMj9Oi1tX6fQpUK4tcKCHnCXpUEzECY6Tptw0K+eto5aiMOGcvsp0xEGbcf3 +j1UR7NThjPMXb738eWvsbUunZIi4wuLuWtrixngmi5uLSQ+TrW5x+oD/rbeQFptRYNsOtVqASMW +wGjjy+G5oJN0OSh0tR+91LmA8Q+moJkiay7meIEMEXbUDEFd0oUDMMN2QCHeZq/lTpSWKA/v9N4 +4q1ABfC/r82Jk0CnkfzGkc2k43Wt1Gbein5Q+exneT34e4BPemLG6EIX4RK6GVtQim3zZKDQrOr +mPzbRza1INMerTqU+879mWfCGrcX1h3W9YV3xCXGlO5fanidiZ5FbZ6gKMCAwEAAaOCAbAwggGs +MB8GA1UdIwQYMBaAFIRFFtELrADagkAyfwIwJblLumCjMB0GA1UdDgQWBBQShztay2XL5l/MjCV +gdrcKBLYd2zASBgNVHRMBAf8ECDAGAQH/AgEAMIH4BgNVHSAEgfAwge0wgeoGCSqGSIb3DQUGAT +CB3DAzBggrBgEFBQcCARYnaHR0cDovL2NlcnRpZmljYXRlcy5tYXN0ZXJjYXJkLmNvbS9DUFMvM +IGkBggrBgEFBQcCAjCBlzAfFhhNYXN0ZXJDYXJkIEludGVybmF0aW9uYWwwAwIBARp0VGhlIE1h +c3RlckNhcmQgSW50ZXJuYXRpb25hbCBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudCB +nb3Zlcm5zIHRoaXMgY2VydGlmaWNhdGUsIGFuZCBpcyBpbmNvcnBvcmF0ZWQgaGVyZWluLiAwOA +YDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NlcnRpZmljYXRlcy5tYXN0ZXJjYXJkLmNvbS9DUkwvM +A4GA1UdDwEB/wQEAwIBhjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQEFBQADggEBAFwu +6kX3w0XMDdVI0BgCfIU9/bYkpKeZ8JyDEBtO+8iXYtgwykG0mVJ/Rtfte1x9tWy7XCnzs926TpR +3Cn3xPM0EP90KO6linyr+Q4Xg+A6KYU8zJHVGKAqyb9PlifED/jZpeTjenJbRhJtizAPjAwbRIK +T+bC2nBRj/EJK4jgyeizZ35t1y3aKwHTQGvH8ytbC+WRRY/23w3Y+CpY2VG0xUJSc8I5c3BZwc5 +elHjEl4lEkW7E1IVakxl1vodCKr7h7lMRtFdjPmVSk1a09cslA6okhRAYaCzRY1UbLnBHRu7PLv +oYKdg4y8LbPbJQzhe4+umtixF2YRm1srd+H9L7U= +-----END CERTIFICATE----- + +ERROR: Failed normalizing string + tag: 19 +ERROR: Failed normalizing issuer + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBub3JtYWxpemluZyBzdHJpbmcKICB0YWc6IDE5CkVSUk9SOiBGYWlsZWQgbm9ybWFsaXppbmcgaXNzdWVyCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/key_usage.pem b/pki/testdata/parse_certificate_unittest/key_usage.pem new file mode 100644 index 0000000000..be8e7f29ea --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/key_usage.pem @@ -0,0 +1,15 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `05a0` } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICaDCCAdGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2AwXjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/name_constraints_bad_ip.pem b/pki/testdata/parse_certificate_unittest/name_constraints_bad_ip.pem new file mode 100644 index 0000000000..b1e902d044 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/name_constraints_bad_ip.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIIvjCCB6agAwIBAgIKYRLqTgAEAAAAJTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzE +cMBoGA1UEChMTQmVjaHRlbCBDb3Jwb3JhdGlvbjEdMBsGA1UECxMUSW5mb3JtYXRpb24gU2VjdX +JpdHkxJTAjBgNVBAMTHEJlY2h0ZWwgRXh0ZXJuYWwgUG9saWN5IENBIDEwHhcNMTUwOTE4MTE1M +zMyWhcNMjIwMzE4MTc0MTEwWjCBkTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQH +Ew1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNCZWNodGVsIENvcnBvcmF0aW9uMR0wGwYDVQQLExR +JbmZvcm1hdGlvbiBTZWN1cml0eTEgMB4GA1UEAxMXSUVYVENBLVNTTC5pYmVjaHRlbC5jb20wgg +EiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcQUE1KJ5wk8mrOxhGGbaYStjs6CxWvPzz5 +NJiQQDAGXJr5v3nkZQLrCWbwQq7GFIaYAmlMiY2uh1V2ti5gS75nlAZwT+z4Znpm+cZbg1Qo1vu +4f97eWHQ6Y7Y82Vf8/b6cKvxSuBhblTemOTVPldOiJMtZRB8dXGIJOd8NwICUwF5erCyou5L8C+ +yvWoEMPcM2SmziEmW1rE7tVIg6PS/4PUdQB/xhs8d68f8wdp8X6tcwVmVh3IehhNt5/VXKNqDul +MT9zKs3HDXx7hIXYRexk9tmzt5zuAJ5ZUVpls6slAiOf4Ot4hI3U5JhjOzqtJVTAYhm/HUo2AFX +vnae8ePAgMBAAGjggU1MIIFMTALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwIAAjAjBgkr +BgEEAYI3FQIEFgQUquPdgZTFk2VlKmW0fHvHLpeVo6AwHQYDVR0OBBYEFNlE6y08wJ/KGT48biO +g75Ynn9tCMCUGA1UdIAQeMBwwDAYKKwYBBAH9UgIFATAMBgorBgEEAf1SAgUCMBkGCSsGAQQBgj +cUAgQMHgoAUwB1AGIAQwBBMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUB4hB4Wgda +xVk7nxNoY36Z8NTWTcwYQYDVR0fBFowWDBWoFSgUoZQaHR0cDovL2NlcnRhdXRoLmJlY2h0ZWwu +Y29tL0NlcnREYXRhL0JlY2h0ZWwlMjBFeHRlcm5hbCUyMFBvbGljeSUyMENBJTIwMSg0KS5jcmw +wdwYIKwYBBQUHAQEEazBpMGcGCCsGAQUFBzAChltodHRwOi8vY2VydGF1dGguYmVjaHRlbC5jb2 +0vQ2VydERhdGEvcG9sZXh0Y2EwMV9CZWNodGVsJTIwRXh0ZXJuYWwlMjBQb2xpY3klMjBDQSUyM +DEoNCkuY3J0MIIDQgYDVR0eBIIDOTCCAzWgggMjMBKgEAYKKwYBBAGCNxQCA6ACDAAwAoEAMAyC +CmJlY3Bzbi5jb20wDYILLmJlY3Bzbi5jb20wC4IJbXlwc24uY29tMAyCCi5teXBzbi5jb20wDoI +MaWJlY2h0ZWwuY29tMA+CDS5pYmVjaHRlbC5jb20wDYILYmVjaHRlbC5jb20wDoIMLmJlY2h0ZW +wuY29tMA6CDGJlY2h0ZWwuYXNpYTAPgg0uYmVjaHRlbC5hc2lhMA+CDWJlY2h0ZWwuY28udWswE +IIOLmJlY2h0ZWwuY28udWswEIIOYmVjaHRlbC5jb20uYXUwEYIPLmJlY2h0ZWwuY29tLmF1MA2C +C2JhY3NybXAuY29tMA6CDC5iYWNzcm1wLmNvbTATghFjbnN0cmFuc2l0aW9uLmNvbTAUghIuY25 +zdHJhbnNpdGlvbi5jb20wEYIPdHpicGFydG5lcnMuY29tMBKCEC50emJwYXJ0bmVycy5jb20wE4 +IRY3RpLW1vdGl2YWNlcC5jb20wFIISLmN0aS1tb3RpdmFjZXAuY29tMByCGmJlY2h0ZWx0cmFuc +2l0cGFydG5lcnMuY29tMB2CGy5iZWNodGVsdHJhbnNpdHBhcnRuZXJzLmNvbTAMggpiZWNodGVs +LmNsMA2CCy5iZWNodGVsLmNsMAyCCmJlY2h0ZWwuYWUwDYILLmJlY2h0ZWwuYWUwC4IJYmJlaGM +uY29tMAyCCi5iYmVoYy5jb20wYqRgMF4xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNRTEQxETAPBg +NVBAcTCEJyaXNiYW5lMS4wLAYDVQQKEyVCZWNodGVsIEF1c3RyYWxpYSBQcm9wcmlldGFyeSBMa +W1pdGVkMDikNjA0MQswCQYDVQQGEwJHQjEPMA0GA1UEBxMGTG9uZG9uMRQwEgYDVQQKEwtCZWNo +dGVsIEx0ZDBUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJ +hbmNpc2NvMRwwGgYDVQQKExNCZWNodGVsIENvcnBvcmF0aW9uMAKGADAChwChDDAKhwgAAAAAAA +AAADAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBggrBgEFBQcDDjANB +gkqhkiG9w0BAQsFAAOCAQEAhR+UtU6Uj9juxQFqjxmClGFgjbWn2dXb+jM6jOvQLhJ0FnUaC4oV +J56WVyw+VPmXS6HE++hfLGCAuByTtCZ0TQTZ2d966KTU5fZWmQOhDC5V/gGmx3Elw3WP+l1td+x +oaqv6Ps2t67ZolBMiD7Ai/WboeayzBTBXNmxncBc/qfpLb8sIrIFnd0H3Oymlc+Q95A/FCLD5Aj +tsz8lJYK6q2P1RTSq8dNxWxf2tv5ePRZmKK2ymPJvXh8fHL34MbobGRzVAaaeiQncf3QPIekS4n +lmoHocw4H33JODg0nJbhwFg8VuEHq4d9i1pncDOPTUX34hlqh6ZPhU230Tmj/PW9g== +-----END CERTIFICATE----- + +ERROR: Failed parsing iPAddress +ERROR: Failed parsing GeneralName +ERROR: Failed parsing name constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGlQQWRkcmVzcwpFUlJPUjogRmFpbGVkIHBhcnNpbmcgR2VuZXJhbE5hbWUKRVJST1I6IEZhaWxlZCBwYXJzaW5nIG5hbWUgY29uc3RyYWludHMK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/policies.pem b/pki/testdata/parse_certificate_unittest/policies.pem new file mode 100644 index 0000000000..ddf5e5dece --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policies.pem @@ -0,0 +1,27 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # certificatePolicies + OBJECT_IDENTIFIER { 2.5.29.32 } + OCTET_STRING { + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 1.2.392.200222.1.2.2.1 } + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.2.1 } + IA5String { "https://repo1.secomtrust.net/spcpp/cps/index.html" } + } + } + } + SEQUENCE { + OBJECT_IDENTIFIER { 1.2.392.200091.100.901.1 } + } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICwjCCAiugAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo4G5MIG2MB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MGYGA1UdIARfMF0wTQYKKoMIjJweAQICATA/MD0GCCsGAQUFBwIBFjFodHRwczovL3JlcG8xLnNlY29tdHJ1c3QubmV0L3NwY3BwL2Nwcy9pbmRleC5odG1sMAwGCiqDCIybG2SHBQEwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/policy_constraints_empty.pem b/pki/testdata/parse_certificate_unittest/policy_constraints_empty.pem new file mode 100644 index 0000000000..4d08ce294e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policy_constraints_empty.pem @@ -0,0 +1,21 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # policyConstraints + OBJECT_IDENTIFIER { 2.5.29.36 } + OCTET_STRING { + SEQUENCE { + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICYzCCAcygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1swWTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAJBgNVHSQEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing policy constraints + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIHBvbGljeSBjb25zdHJhaW50cwo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit.pem b/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit.pem new file mode 100644 index 0000000000..86731b9013 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit.pem @@ -0,0 +1,16 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # policyConstraints + OBJECT_IDENTIFIER { 2.5.29.36 } + OCTET_STRING { + SEQUENCE { + [1 PRIMITIVE] { `01` } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICZjCCAc+gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo14wXDAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAMBgNVHSQEBTADgQEBMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit_require.pem b/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit_require.pem new file mode 100644 index 0000000000..0035c82f17 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policy_constraints_inhibit_require.pem @@ -0,0 +1,17 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # policyConstraints + OBJECT_IDENTIFIER { 2.5.29.36 } + OCTET_STRING { + SEQUENCE { + [0 PRIMITIVE] { `05` } + [1 PRIMITIVE] { `02` } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICaTCCAdKgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2EwXzAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAPBgNVHSQECDAGgAEFgQECMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/policy_constraints_require.pem b/pki/testdata/parse_certificate_unittest/policy_constraints_require.pem new file mode 100644 index 0000000000..abcd64e901 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policy_constraints_require.pem @@ -0,0 +1,16 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # policyConstraints + OBJECT_IDENTIFIER { 2.5.29.36 } + OCTET_STRING { + SEQUENCE { + [0 PRIMITIVE] { `03` } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICZjCCAc+gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo14wXDAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAMBgNVHSQEBTADgAEDMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/policy_qualifiers_empty_sequence.pem b/pki/testdata/parse_certificate_unittest/policy_qualifiers_empty_sequence.pem new file mode 100644 index 0000000000..8591815b03 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/policy_qualifiers_empty_sequence.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQAQDAcAAAATLYgzMYAALgTzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQ +GEwJUVzESMBAGA1UECgwJ6KGM5pS/6ZmiMSEwHwYDVQQLDBjphqvkuovmhpHorYnnrqHnkIbkuK +3lv4MwHhcNMTExMDA2MDkxNDI5WhcNMjExMDA2MDkxNDI5WjCBgjELMAkGA1UEBhMCVFcxEjAQB +gNVBAoMCeihjOaUv+mZojESMBAGA1UECwwJ6KGb55Sf572yMRgwFgYDVQQLDA/lnIvmsJHlgaXl +urflsYAxFjAUBgNVBAMTDTExNy41Ni4xMS4xNTMxGTAXBgNVBAUTEDAwMDAwMDAwMTAyNDc1ODU +wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQgLueRmpfJhhqGjkL2AvgVjX4/ZpBMB +ZXGNo8lEMPZLO5FBPJzMD7F5iuerQFVyLIHuZ/0G6UFRCkfeFfp14y/q6q9BBD9RYUWd0wc848D +bZwjGbhr2Wfbh2Ayjmv6qCX8zVK+4cOOFIVaadLSueNhxKlaZ0DVWxQSH1Ski5YgSXjCt1Ul9lg +R/hpNl63WWp9sn7h6a6XN60/BktF52Qzm7PdFFNmAcDCwcBLHVdU3oIiXzDlSroh1B7wefj8FKk +pdFW9CTL1qm8E+nsYmp7CaCdVJuPlnDRBRmQqTafPbApQGjkr1tccRCQB7ywwsFG8tr9/IAMiMr +vOD6QqOjjDAgMBAAGjggGAMIIBfDAdBgNVHQ4EFgQUUq3vWpAqYE7Ao3OA+6k3fAX6YkQwHwYDV +R0jBBgwFoAUs8hWcmjGhSILqXm8HRA/dnGxlNAwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cDovL2hj +YW9jc3AubmF0Lmdvdi50dy9yZXBvc2l0b3J5L0hDQS9DUkwvY29tcGxldGUuY3JsMA4GA1UdDwE +B/wQEAwIEMDCBowYIKwYBBQUHAQEEgZYwgZMwQgYIKwYBBQUHMAGGNmh0dHA6Ly9oY2FvY3NwLm +5hdC5nb3YudHcvY2dpLWJpbi9PQ1NQL29jc3Bfc2VydmVyLmV4ZTBNBggrBgEFBQcwAoZBaHR0c +DovL2hjYW9jc3AubmF0Lmdvdi50dy9yZXBvc2l0b3J5L0hDQS9DZXJ0cy9Jc3N1ZWRUb1RoaXND +QS5wN2IwFgYDVR0gBA8wDTALBgdghnZlAAMDMAAwIAYDVR0JBBkwFzAVBgdghnYBZAIBMQoGCGC +GdgFkAwMBMA0GCSqGSIb3DQEBBQUAA4IBAQAIEyLl8bJHKIp3hgku0p1vPW03g2/IISMagCMWjp +r+04hWJ4gfLCz6jaPASU22jL21vxHnNmqa9LJiaGJScRCaO2+tRoigxSPpVCA96C1T6uSD88ej2 +h0z+d65qIo9eLMKLAPhHe0ZkkBT2/wb4QF+ZpKpY0dcLypJ2zB7doydO7bDbUyB28XF6p8JdS4q +fPNvc1LnlFg2LWvsRTckLmZq1cnNbMNighC+tB18x/dUKLrxMG9Qkq9Y3Yl5lLlLnJyB/hj3D5E +vwIkguOIzHWgl8maJOgjsdSrFQKckZ0k2rZfp/ZtNR69kUQoP3dtynyinEIjxCynHjRa/dIxAiH +SN +-----END CERTIFICATE----- + +ERROR: The policy qualifiers SEQUENCE is empty +ERROR: Failed parsing policy qualifiers +ERROR: Failed parsing certificate policies + +-----BEGIN ERRORS----- +RVJST1I6IFRoZSBwb2xpY3kgcXVhbGlmaWVycyBTRVFVRU5DRSBpcyBlbXB0eQpFUlJPUjogRmFpbGVkIHBhcnNpbmcgcG9saWN5IHF1YWxpZmllcnMKRVJST1I6IEZhaWxlZCBwYXJzaW5nIGNlcnRpZmljYXRlIHBvbGljaWVzCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/rebase-errors.py b/pki/testdata/parse_certificate_unittest/rebase-errors.py new file mode 100755 index 0000000000..412c985ec9 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/rebase-errors.py @@ -0,0 +1,149 @@ +#!/usr/bin/env python3 +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Helper script to update the test error expectations based on actual results. + +This is useful for regenerating test expectations after making changes to the +error format. + +To use this run the affected tests, and then pass the input to this script +(either via stdin, or as the first argument). For instance: + + $ ./out/Release/net_unittests --gtest_filter="*ParseCertificate*" | \ + net/data/parse_certificate_unittest/rebase-errors.py + +The script works by scanning the stdout looking for gtest failures having a +particular format. The C++ test side should have been instrumented to dump +out the test file's path on mismatch. + +This script will then update the corresponding .pem file +""" + +import sys +import os + +script_dir = os.path.dirname(os.path.realpath(__file__)) +sys.path += [os.path.join(script_dir, '..')] + +import gencerts + +import os +import sys +import re + +# Regular expression to find the failed errors in test stdout. +# * Group 1 of the match is file path (relative to //src) where the +# expected errors were read from. +# * Group 2 of the match is the actual error text +failed_test_regex = re.compile(r""" +Cert errors don't match expectations \((.+?)\) + +EXPECTED: + +(?:.|\n)*? +ACTUAL: + +((?:.|\n)*?) +===> Use net/data/parse_certificate_unittest/rebase-errors.py to rebaseline. +""", re.MULTILINE) + + +# Regular expression to find the ERRORS block (and any text above it) in a PEM +# file. The assumption is that ERRORS is not the very first block in the file +# (since it looks for an -----END to precede it). +# * Group 1 of the match is the ERRORS block content and any comments +# immediately above it. +errors_block_regex = re.compile(r""".* +-----END .*?----- +(.*? +-----BEGIN ERRORS----- +.*? +-----END ERRORS-----)""", re.MULTILINE | re.DOTALL) + + +def read_file_to_string(path): + """Reads a file entirely to a string""" + with open(path, 'r') as f: + return f.read() + + +def write_string_to_file(data, path): + """Writes a string to a file""" + print("Writing file %s ..." % (path)) + with open(path, "w") as f: + f.write(data) + + +def replace_string(original, start, end, replacement): + """Replaces the specified range of |original| with |replacement|""" + return original[0:start] + replacement + original[end:] + + +def fixup_pem_file(path, actual_errors): + """Updates the ERRORS block in the test .pem file""" + contents = read_file_to_string(path) + + errors_block_text = '\n' + gencerts.text_data_to_pem('ERRORS', actual_errors) + # Strip the trailing newline. + errors_block_text = errors_block_text[:-1] + + m = errors_block_regex.search(contents) + + if not m: + contents += errors_block_text + else: + contents = replace_string(contents, m.start(1), m.end(1), + errors_block_text) + + # Update the file. + write_string_to_file(contents, path) + + +def get_src_root(): + """Returns the path to the enclosing //src directory. This assumes the + current script is inside the source tree.""" + cur_dir = os.path.dirname(os.path.realpath(__file__)) + + while True: + parent_dir, dirname = os.path.split(cur_dir) + # Check if it looks like the src/ root. + if dirname == "src" and os.path.isdir(os.path.join(cur_dir, "net")): + return cur_dir + if not parent_dir or parent_dir == cur_dir: + break + cur_dir = parent_dir + + print("Couldn't find src dir") + sys.exit(1) + + +def get_abs_path(rel_path): + """Converts |rel_path| (relative to src) to a full path""" + return os.path.join(get_src_root(), rel_path) + + +def main(): + if len(sys.argv) > 2: + print('Usage: %s [path-to-unittest-stdout]' % (sys.argv[0])) + sys.exit(1) + + # Read the input either from a file, or from stdin. + test_stdout = None + if len(sys.argv) == 2: + test_stdout = read_file_to_string(sys.argv[1]) + else: + print('Reading input from stdin...') + test_stdout = sys.stdin.read() + + for m in failed_test_regex.finditer(test_stdout): + src_relative_errors_path = m.group(1) + errors_path = get_abs_path(src_relative_errors_path) + actual_errors = m.group(2) + + fixup_pem_file(errors_path, actual_errors) + + +if __name__ == "__main__": + main() diff --git a/pki/testdata/parse_certificate_unittest/regenerate_pem_from_ascii.py b/pki/testdata/parse_certificate_unittest/regenerate_pem_from_ascii.py new file mode 100755 index 0000000000..38316fbe12 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/regenerate_pem_from_ascii.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +""" +Given a path to a XXX.pem file, re-generates a CERTIFICATE. + +The .pem file is expected to contain comments that resemble: + +#-----BEGIN XXX----- + +#-----END XXX----- + +These are interpreted as substitutions to make inside of the Certificate +template (v3_certificate_template.txt) +""" + +import sys +import os +import re +import base64 +import subprocess + + +def read_file_to_string(path): + """Reads a file entirely to a string""" + with open(path, 'r') as f: + return f.read() + + +def write_string_to_file(data, path): + """Writes a string to a file""" + print "Writing file %s ..." % (path) + with open(path, "w") as f: + f.write(data) + + +def replace_string(original, start, end, replacement): + """Replaces the specified range of |original| with |replacement|""" + return original[0:start] + replacement + original[end:] + + +def apply_substitution(template, name, value): + """Finds a section named |name| in |template| and replaces it with |value|.""" + # Find the section |name| in |template|. + regex = re.compile(r'#-----BEGIN %s-----(.*?)#-----END %s-----' % + (re.escape(name), re.escape(name)), re.DOTALL) + m = regex.search(template) + if not m: + print "Couldn't find a section named %s in the template" % (name) + sys.exit(1) + + return replace_string(template, m.start(1), m.end(1), value) + + +def main(): + if len(sys.argv) != 2: + print 'Usage: %s ' % (sys.argv[0]) + sys.exit(1) + + pem_path = sys.argv[1] + orig = read_file_to_string(pem_path) + + cert_ascii = read_file_to_string("v3_certificate_template.txt") + + # Apply all substitutions described by comments in |orig| + regex = re.compile(r'#-----BEGIN ([\w ]+)-----(.*?)#-----END \1-----', + re.DOTALL) + num_matches = 0 + for m in regex.finditer(orig): + num_matches += 1 + cert_ascii = apply_substitution(cert_ascii, m.group(1), m.group(2)) + + if num_matches == 0: + print "Input did not contain any substitutions" + sys.exit(1) + + # Convert the ascii-der to actual DER binary. + cert_der = None + try: + p = subprocess.Popen(['ascii2der'], stdout=subprocess.PIPE, + stdin=subprocess.PIPE, stderr=subprocess.STDOUT) + cert_der = p.communicate(input=cert_ascii)[0] + except OSError as e: + print ('ERROR: Failed executing ascii2der.\n' + 'Make sure this is in your path\n' + 'Obtain it from https://github.com/google/der-ascii') + sys.exit(1) + + # Replace the CERTIFICATE block with the newly generated one. + regex = re.compile(r'-----BEGIN CERTIFICATE-----\n(.*?)\n' + '-----END CERTIFICATE-----', re.DOTALL) + m = regex.search(orig) + if not m: + print "ERROR: Cannot find CERTIFICATE block in input" + sys.exit(1) + modified = replace_string(orig, m.start(1), m.end(1), + base64.b64encode(cert_der)) + + # Write back the .pem file. + write_string_to_file(modified, pem_path) + +main() diff --git a/pki/testdata/parse_certificate_unittest/serial_37_bytes.pem b/pki/testdata/parse_certificate_unittest/serial_37_bytes.pem new file mode 100644 index 0000000000..766f6b32cd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_37_bytes.pem @@ -0,0 +1,21 @@ +This cert has an invalid serial number which has is 37 bytes long (should be +<=20 bytes long). + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIlAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE0MDQyMzIwNTA0MFoXDTE3MDQyMjIwNTA0MFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CvIpjLkYv9N89CtWYtFp73xR78JWHsivTWulyWGlKCAwLQfdpFnRjHQEIS3Ih5wI5FyyOlteTqFd4APxJUWdcVKcUzIYz+j8mOcKk+a+svBcW4ohSigJx5lHK4H1VtvLUPtK5CxjK8kba7pFzoFwb+4HK5lOxtYwtmu1qpniPECAwEAAaNQME4wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- + +ERROR: Serial number is longer than 20 octets + length: 37 +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IFNlcmlhbCBudW1iZXIgaXMgbG9uZ2VyIHRoYW4gMjAgb2N0ZXRzCiAgbGVuZ3RoOiAzNwpFUlJPUjogRmFpbGVkIHBhcnNpbmcgVEJTQ2VydGlmaWNhdGUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/serial_negative.pem b/pki/testdata/parse_certificate_unittest/serial_negative.pem new file mode 100644 index 0000000000..6192ada565 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_negative.pem @@ -0,0 +1,18 @@ +This cert has an invalid serial number which is negative. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `8001` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUTCCAbqgAwIBAgICgAEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDA0MjMyMDUwNDBaFw0xNzA0MjIyMDUwNDBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +WARNING: Serial number is negative + +-----BEGIN ERRORS----- +V0FSTklORzogU2VyaWFsIG51bWJlciBpcyBuZWdhdGl2ZQo= +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/serial_not_minimal.pem b/pki/testdata/parse_certificate_unittest/serial_not_minimal.pem new file mode 100644 index 0000000000..b70ad81b56 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_not_minimal.pem @@ -0,0 +1,19 @@ +This cert has an invalid serial number, as it is a non-minimal DER encoding of 1. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER {`0001`} +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUTCCAbqgAwIBAgICAAEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDA0MjMyMDUwNDBaFw0xNzA0MjIyMDUwNDBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Serial number is not a valid INTEGER +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IFNlcmlhbCBudW1iZXIgaXMgbm90IGEgdmFsaWQgSU5URUdFUgpFUlJPUjogRmFpbGVkIHBhcnNpbmcgVEJTQ2VydGlmaWNhdGUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/serial_not_number.pem b/pki/testdata/parse_certificate_unittest/serial_not_number.pem new file mode 100644 index 0000000000..fcdd90e3f3 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_not_number.pem @@ -0,0 +1,19 @@ +This cert has an invalid serial number - it is NULL rather than being an INTEGER. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + NULL {} +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICTzCCAbigAwIBAgUAMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Failed reading serialNumber +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCByZWFkaW5nIHNlcmlhbE51bWJlcgpFUlJPUjogRmFpbGVkIHBhcnNpbmcgVEJTQ2VydGlmaWNhdGUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/serial_zero.pem b/pki/testdata/parse_certificate_unittest/serial_zero.pem new file mode 100644 index 0000000000..0f29f23ce2 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_zero.pem @@ -0,0 +1,19 @@ +This cert has an invalid serial number of 0. According to RFC 5280 serial +numbers should be positive. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `00` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE0MDQyMzIwNTA0MFoXDTE3MDQyMjIwNTA0MFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CvIpjLkYv9N89CtWYtFp73xR78JWHsivTWulyWGlKCAwLQfdpFnRjHQEIS3Ih5wI5FyyOlteTqFd4APxJUWdcVKcUzIYz+j8mOcKk+a+svBcW4ohSigJx5lHK4H1VtvLUPtK5CxjK8kba7pFzoFwb+4HK5lOxtYwtmu1qpniPECAwEAAaNQME4wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- + +WARNING: Serial number is zero + +-----BEGIN ERRORS----- +V0FSTklORzogU2VyaWFsIG51bWJlciBpcyB6ZXJvCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/serial_zero_padded.pem b/pki/testdata/parse_certificate_unittest/serial_zero_padded.pem new file mode 100644 index 0000000000..4f09e7c79e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_zero_padded.pem @@ -0,0 +1,13 @@ +This cert has a valid serial number which has a preceding zero padding byte due +to the asn.1 encoding. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `008001` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUjCCAbugAwIBAgIDAIABMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/serial_zero_padded_21_bytes.pem b/pki/testdata/parse_certificate_unittest/serial_zero_padded_21_bytes.pem new file mode 100644 index 0000000000..d90fd3f5ca --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/serial_zero_padded_21_bytes.pem @@ -0,0 +1,22 @@ +This cert has an invalid serial number which has a preceding zero padding byte +due to the asn.1 encoding, and thus the encoded form is 21 bytes long (1 byte +too long). + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `00800102030405060708090a0b0c0d0e0f10111213` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICZDCCAc2gAwIBAgIVAIABAgMEBQYHCAkKCwwNDg8QERITMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- + +ERROR: Serial number is longer than 20 octets + length: 21 +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IFNlcmlhbCBudW1iZXIgaXMgbG9uZ2VyIHRoYW4gMjAgb2N0ZXRzCiAgbGVuZ3RoOiAyMQpFUlJPUjogRmFpbGVkIHBhcnNpbmcgVEJTQ2VydGlmaWNhdGUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/signature_algorithm_null.pem b/pki/testdata/parse_certificate_unittest/signature_algorithm_null.pem new file mode 100644 index 0000000000..bbdf494eab --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/signature_algorithm_null.pem @@ -0,0 +1,16 @@ +#-----BEGIN INNER_SIGNATURE_ALGORITHM----- + SEQUENCE { + NULL {} + } +#-----END INNER_SIGNATURE_ALGORITHM----- +#-----BEGIN OUTER_SIGNATURE_ALGORITHM----- + SEQUENCE { + NULL {} + } +#-----END OUTER_SIGNATURE_ALGORITHM----- + + +-----BEGIN CERTIFICATE----- +MIICQjCCAbagAwIBAgIJAPuwTC6rEJsMMAIFADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE0MDQyMzIwNTA0MFoXDTE3MDQyMjIwNTA0MFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CvIpjLkYv9N89CtWYtFp73xR78JWHsivTWulyWGlKCAwLQfdpFnRjHQEIS3Ih5wI5FyyOlteTqFd4APxJUWdcVKcUzIYz+j8mOcKk+a+svBcW4ohSigJx5lHK4H1VtvLUPtK5CxjK8kba7pFzoFwb+4HK5lOxtYwtmu1qpniPECAwEAAaNQME4wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wAgUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + diff --git a/pki/testdata/parse_certificate_unittest/subject_alt_name.pem b/pki/testdata/parse_certificate_unittest/subject_alt_name.pem new file mode 100644 index 0000000000..71033d8cd5 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_alt_name.pem @@ -0,0 +1,16 @@ +#-----BEGIN EXTENSION----- +SEQUENCE { + # subjectAltName + OBJECT_IDENTIFIER { 2.5.29.17 } + OCTET_STRING { + SEQUENCE { + [2 PRIMITIVE] { "emergencysupport.us" } + } + } +} +#-----END EXTENSION----- + + +-----BEGIN CERTIFICATE----- +MIICeDCCAeGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo3AwbjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAeBgNVHREEFzAVghNlbWVyZ2VuY3lzdXBwb3J0LnVzMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/subject_blank_subjectaltname_not_critical.pem b/pki/testdata/parse_certificate_unittest/subject_blank_subjectaltname_not_critical.pem new file mode 100644 index 0000000000..2c69cff939 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_blank_subjectaltname_not_critical.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGjjCCBHagAwIBAgIDDSi6MA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjA +cBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIE +F1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMB4XDTEzMDQyNzE2N +TIzMloXDTEzMTAyNDE2NTIzMlowADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANVK +XjXY7x9gYgsvFMmA7ZrfznjFNR2eMJfQcK0fZGX8ROWdpaxjdtz523AIXDmfUNilb6c8xh4AQYY +vIpENlEGYdV2tofhuuhVMw+8rNwwYIcaJ98A5rzb6iGGuexgwA47ic4IS2y8THt/a1F12UJlINa +0tLK6VAv+fPOEV4n1mUi1hbbbXztDDEroX440K2scXSnd7hZCsQazFLnrV2Wf0B/iEAET9oGEHj +THm2BxUJ3j3kQM7Ruk//Y6gDCl2Vo8xbEuWsR4cXzReVMP9bk3FuU5HD4FWLVTeYA3Ac7WmwBvP +yqc2Ywd/bGLwBlU+VJMWUDmGF8ZHPQbzqdjkKD4sBZz9o+us1mnLF3gT/rpB6tM+MKgXwBbEreJ +nT4Br3NssuaNfKulYwPq+4iffbiHzNpAQyA4g34sLEq5UgZjK68uCAb7EXsblkIcLU3GWCL9FwH +P6mRdvuCw0t9S9JJ21k10WV0EcSIZmeKbT7wzGed5pkZ018h23jR2O3Zbq064qzf88a0eaitqGa +P7eI6GKIAClPz08faCwNtTSkChi85QKisUY33lFdS+J99nF9b1sOs6tJHLIY7ZWYtOQcfLHuhhk +EAcqyYZgAnb2hQMo6xpfbk9hjEa9K1JyaLO8snfyPGh38j8FnnSaIZP2Zflh3Rv/+7N6T+2Uf+T +DDtV3AgMBAAGjggGWMIIBkjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELT +ArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggrBgEFBQcBA +QQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMDEGA1UdHwQqMCgwJqAk +oCKGIGh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMIHTBgNVHREEgcswgciCDGphbW1 +tLmV1Lm9yZ6AaBggrBgEFBQcIBaAODAxqYW1tbS5ldS5vcmeCE2RhaG1lci5qYW1tbS5ldS5vcm +egIQYIKwYBBQUHCAWgFQwTZGFobWVyLmphbW1tLmV1Lm9yZ4IQd3d3LmphbW1tLmV1Lm9yZ6AeB +ggrBgEFBQcIBaASDBB3d3cuamFtbW0uZXUub3JnghFtYWlsLmphbW1tLmV1Lm9yZ6AfBggrBgEF +BQcIBaATDBFtYWlsLmphbW1tLmV1Lm9yZzANBgkqhkiG9w0BAQUFAAOCAgEAebY2DhMT6pfvEV3 +mu5lfHw/5XxFLV2z3225NEohgGrILK7tDLmQ5RvWWI+fk8R1FkmfMizHuF+SADs3OgdBBlKlcs9 +4QYDp+f45i72mTijeKjnMJfujvKBObfMbYRNEYfiCG+s+Wg+5bKhWeN+vvXuKTshMX9w+sCTpdp +HVjqHbMl6ntx3xs0EBhz0lRv9tu1KLwHU9AvuWytzk9tLVXuIGXK98aRqa6u4f8nZrvGcxwTrqf +jri1XSbtX3+/UqDBxBqZIgGws8LlUoOOaRezCo2W0VHDgpPIfJ+vcc3ncMxoK+HnPExWklB9P1o +xKcdVZ7/hEQddYMbbEmpSN7Sb1PMzHtFm28QyDYOIL3wvjN0KYQyo5KTeJvfHS6CoW2EVnnkdJY +yrGiy0tvVVxUwjQi+vSqixvdwhKPCa/DqkVWjjhoWmVBzu9ixgpenuZZVqhcR4rUFkBitY17fU/ +8HhUyTmh/p9Qd/9ig8FCdenzqCMQMaU5BTX8kyfHx1yG32/uvg5hTzbLein9ktNTMqk+eAwOc2/ +Ws5VYzTdD7X7AqTXa+4+RMWtsPCk+VYPFKEzZlS1WXo7EgvGMZtZTD03r5CV+kiVQiW9IAkU0UJ +bQrjmFaazx/ojU7RsuznUwE48+/i6mOzTNPzLtsg/Hj44a8k+FRGcljrcEvlYuXeBhd8= +-----END CERTIFICATE----- + +ERROR: Empty subject and subjectAltName is not critical + +-----BEGIN ERRORS----- +RVJST1I6IEVtcHR5IHN1YmplY3QgYW5kIHN1YmplY3RBbHROYW1lIGlzIG5vdCBjcml0aWNhbAo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subject_key_identifier_not_octet_string.pem b/pki/testdata/parse_certificate_unittest/subject_key_identifier_not_octet_string.pem new file mode 100644 index 0000000000..db64f3bf69 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_key_identifier_not_octet_string.pem @@ -0,0 +1,19 @@ +This cert has an invalid subjectKeyIdentifier - it is INTEGER rather than being +an OCTET_STRING. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT_KEY_IDENTIFIER----- + INTEGER {42} +#-----END SUBJECT_KEY_IDENTIFIER----- + +-----BEGIN CERTIFICATE----- +MIICRTCCAa6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABoz0wOzAKBgNVHQ4EAwIBKjAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- + +ERROR: Failed parsing subject key identifier + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIHN1YmplY3Qga2V5IGlkZW50aWZpZXIK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subject_not_ascii.pem b/pki/testdata/parse_certificate_unittest/subject_not_ascii.pem new file mode 100644 index 0000000000..a1862bf55c --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_not_ascii.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIC1jCCAj+gAwIBAgIDCKiOMA0GCSqGSIb3DQEBCwUAMIHEMQswCQYDVQQGEwJa +QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb +BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 +aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB +MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMjAy +MjgxMzQ0MTFaFw0wMzAyMjgxMzQ0MTFaMHQxCzAJBgNVBAYTAkRFMRswGQYDVQQI +ExJTY2hsZXN3aWctSG9sc3RlaW4xEjAQBgNVBAcWCUJvcm5o9nZlZDEYMBYGA1UE +ChMPQW5kcmVhcyBXaWxrZW5zMRowGAYDVQQDExFzc2wuY29tcGFuaXR5LmNvbTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqXXB8IbIwL4+m3r6FWgMHWkuk3AG +wmVjKSMZ1DDTVgQUjioJd0YSWKnoEQ+3GsF1pNkt3x3yY78ONOUSjBcIfSS3CmQd +bF+VALnpZXnaRkqpXGxMffLSdxeXFVE6hOw06wi38CBkQq4JZ7SxFGp2C366gKl9 +YG/4GhL3U8zwEPUCAwEAAaMlMCMwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T +AQH/BAIwADANBgkqhkiG9w0BAQsFAAOBgQDIW1sU+Suy7d9bJNsXWEnp7Ysqyo81 +Oc4bnpgOR6JbxgWkIqosAbCRlAslQmm0t0w4DKImlCmp6bZ7GC0QWGAcju2qiQvo +BthG62X9/TpXuV414WXGvAd5pI0sZRH4ThD7y7bmBU0xw06x2N/DrO9IbWo/iJsg +gdsaP4vvjY8igg== +-----END CERTIFICATE----- + +ERROR: Failed normalizing string + tag: 22 +ERROR: Failed normalizing subject + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBub3JtYWxpemluZyBzdHJpbmcKICB0YWc6IDIyCkVSUk9SOiBGYWlsZWQgbm9ybWFsaXppbmcgc3ViamVjdAo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subject_not_printable_string.pem b/pki/testdata/parse_certificate_unittest/subject_not_printable_string.pem new file mode 100644 index 0000000000..7f5f672cdb --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_not_printable_string.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIGmjCCBIKgAwIBAgIMAw3eHfKZAAAAAADuMA0GCSqGSIb3DQEBBQUAMIHCMSowKAYDVQQKEyF +Tb3V0aCBBZnJpY2FuIFBvc3QgT2ZmaWNlIExpbWl0ZWQxGjAYBgNVBAsTEVNBUE8gVHJ1c3QgQ2 +VudHJlMRYwFAYDVQQHEw1Tb21lcnNldCBXZXN0MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxCzAJB +gNVBAYTAlpBMRQwEgYDVQQDEwtTQVBPIFNTTCBDQTEmMCQGCSqGSIb3DQEJARYXc3NsY2FAdHJ1 +c3RjZW50cmUuY28uemEwHhcNMTUwNjIyMTA1MjAyWhcNMTYwNjIxMTA1MjAyWjCBszELMAkGA1U +EBhMCWkExEDAOBgNVBAgTB0dhdXRlbmcxETAPBgNVBAcTCFByZXRvcmlhMUEwPwYDVQQLEzhDaG +llZiBEaXJlY3RvcmF0ZSBJbmZvcm1hdGlvbiAmIENvbW11bmljYXRpb24gVGVjaG5vbG9neTEaM +BgGA1UEChMRTmF0aW9uYWwgVHJlYXN1cnkxIDAeBgNVBAMTF3dlYm1haWwudHJlYXN1cnkuZ292 +LnphMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlICC/t3jY8ugEu5a0zbmVT7iZgM +2unUzUceyi/dIC2fzY0KNCb0T9lKkSV7lRzCwIwM+XsHeImiIdOa60gC9s2AxHpiKNMskKWV4Du +eQ7d+iRIkKgnOCceEpoMG0bucs+E9QU7PlrYmGnGXmoHiDwDobNLzK4ZeCGocUp658rZuWQ1nbP +p6GSQFLtWnExQVjt0IV+hA0qmsCLQucLH5UDYV7/0dCyudg7Q2iQygumRwcBHeNM8unZFTTEgCZ +SpLmp9Ynjy1rc7/Z+fVIh0GuScqTkXtzftDKDXaNCHR17pXupHdctnYsYKM+Yx3nJaK3arZTpuH +Q1Qawfnuuvg0CqQIDAQABo4IBmzCCAZcwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8CBvqzCIKsqGGp +tSE/ZM0teS738wgfsGA1UdIwSB8zCB8IAUjE3ze7f6GwW3GvDBdDVlAO2ZwOqhgdSkgdEwgc4xC +zAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdl +c3QxKjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgGA1UECxM +RU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgMyBSb290IENBMSkwJwYJKo +ZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56YYIBCDBBBgNVHR8EOjA4MDagNKAyh +jBodHRwczovL3BraS50cnVzdGNlbnRyZS5jby56YS9jcmwvc2Fwb19zc2xjYS5jcmwwCwYDVR0P +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOCAgE +AE5aN2sDvH0kx3r7NQxrKRgLXy8joEgAsY9qGXJrgR5wKlMOH53Yz71z+O+ZWImQm1PCQBgcs4t +yFmgPotVaQmHqMLs5c0j7htHGDzdYwPUuflIU1KVgbJfWzBqCincee+9hOm0a8g94jJUsPW/E1p +WUrNt240pqZxnsTsXL9lIEAEX6GGFUkxjh08cWsm3VIeEfneW6JFLfxHQTJKP/jzZm7LsZKwwFZ +3W+3Q8SXUDvUGzD+JyjIGlVolXXT3zcN/HqgwWGvS7O4WLYW/KaRO6mh43Mr8I4fDHlnNEirgh/ +kkDXX19Q1KHdOMplQib8okTw8dK2+pFO9Vrxw1Uz02mu92qXbczDlIXJrTb9+w9tBtIAykmnam0 +zF5jT7oqOTj9CHrtEP1u7vi1WzhVNvY8kCj2bV9gplUKbMzVtfLZh6gT8+/Vlrg1QBXayX/i8e6 +mq85N7Csz9XEijb5Ud3Sj8jmTNUKjm4FSPxMguvD3v6JjdlzNkwimA7djf9AoFoNiI/blMm7AeW +2czh6Krsix20f8jeqiEvCavwtNWBeQ3r0YqB11ajAEyhR8X0GxqFXG95QimrNjT0aK7QmAguaWW +eVmsMa/BpLRMTZ0fKbRRsNto24vbqcrO/bVPj/4LXkyn7mslPopv5QQr4Rn0ExMuUtBG+BKjfpq +IDwvaMwZM= +-----END CERTIFICATE----- + +ERROR: Failed normalizing string + tag: 19 +ERROR: Failed normalizing subject + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBub3JtYWxpemluZyBzdHJpbmcKICB0YWc6IDE5CkVSUk9SOiBGYWlsZWQgbm9ybWFsaXppbmcgc3ViamVjdAo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem b/pki/testdata/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem new file mode 100644 index 0000000000..ecd5498391 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem @@ -0,0 +1,71 @@ +Test client certificates for invalid PrintableString testing. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `00fbb04c2abcdefeab109b0c` } +#-----END SERIAL----- + +#-----BEGIN VALIDITY----- + SEQUENCE { + UTCTime { "140423205040Z" } + UTCTime { "370422205040Z" } + } +#-----END VALIDITY----- + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Blar" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + # invalid PrintableString. Contains @#_ chars and some UTF-8. + PrintableString { "Foo@#_ Clïênt Cërt" } + } + } + } +#-----END SUBJECT----- + +#-----BEGIN BASIC_CONSTRAINTS----- + SEQUENCE {} +#-----END BASIC_CONSTRAINTS----- + +#-----BEGIN EXTENSION----- + SEQUENCE { + # extKeyUsage + OBJECT_IDENTIFIER { 2.5.29.37 } + OCTET_STRING { + SEQUENCE { + # clientAuth + OBJECT_IDENTIFIER { 1.3.6.1.5.5.7.3.2 } + } + } + } + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { `ff` } + OCTET_STRING { + BIT_STRING { `05c0` } + } + } +#-----END EXTENSION----- + +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIMAPuwTCq83v6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMzcwNDIyMjA1MDQwWjA8MQswCQYDVQQGEwJBVTENMAsGA1UEChMEQmxhcjEeMBwGA1UEAxMVRm9vQCNfIENsw6/Dqm50IEPDq3J0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo3IwcDAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBcAwDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/subject_t61string.pem b/pki/testdata/parse_certificate_unittest/subject_t61string.pem new file mode 100644 index 0000000000..5ebda13dbd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_t61string.pem @@ -0,0 +1,35 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # All valid ISO 8859-1 (latin1) characters, bytes 32-126, 160-255. + T61String { `202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7ea0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjCB7zELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxgcowgccGA1UEChSBvyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+oKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/subject_t61string_1-32.pem b/pki/testdata/parse_certificate_unittest/subject_t61string_1-32.pem new file mode 100644 index 0000000000..5644e263cf --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_t61string_1-32.pem @@ -0,0 +1,35 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # Bytes 1-31 are control characters. 32 is space. + T61String { `0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICYDCCAcmgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBNMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEpMCcGA1UEChQgAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/subject_t61string_126-160.pem b/pki/testdata/parse_certificate_unittest/subject_t61string_126-160.pem new file mode 100644 index 0000000000..0a82375208 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_t61string_126-160.pem @@ -0,0 +1,36 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # Bytes 126-160. 127-160 are control characters in ISO-8859-1, but + # some of them are valid characters in CP1252. + T61String { `7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICYzCCAcygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBQMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEsMCoGA1UEChQjfn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/subject_t61string_actual.pem b/pki/testdata/parse_certificate_unittest/subject_t61string_actual.pem new file mode 100644 index 0000000000..1fc879bf30 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subject_t61string_actual.pem @@ -0,0 +1,44 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # If anyone actually implemented real TeletexString processing, this + # would probably be a valid TeletexString representing a Japanese + # character. + # + # switch to JIS X 0208-1978 (2-bytes per char) (See + # https://en.wikipedia.org/wiki/ISO/IEC_2022): + # ESC $ @ + # + # Character 'あ' (See https://www.itscj.ipsj.or.jp/iso-ir/042.pdf): + # 100100 100010 + T61String { `1B24402422` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICRTCCAa6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjAyMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEChQFGyRAJCIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE-----: diff --git a/pki/testdata/parse_certificate_unittest/subjectaltname_bad_ip.pem b/pki/testdata/parse_certificate_unittest/subjectaltname_bad_ip.pem new file mode 100644 index 0000000000..6c8332bc7c --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subjectaltname_bad_ip.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGCTCCBPGgAwIBAgIDAkO6MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRcwFQYDVQQ +KEw5DeWJlcnRydXN0IEluYzERMA8GA1UECxMIU2VydmljZXMxDDAKBgNVBAsTA1BLSTEnMCUGA1 +UEAxMeQ3liZXJ0cnVzdCBQdWJsaWMgSXNzdWluZyBDQSAxMB4XDTEyMDgxNDIxMDQ0NFoXDTEzM +DgxNDIxMDQ0NFowgbYxEzARBgoJkiaJk/IsZAEZFgNnb3YxEjAQBgoJkiaJk/IsZAEZFgJ2YTEd +MBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWExGDAWBgNVBAcTD1dhc2hpbmd0b24gRC5DLjE +ZMBcGA1UEChMQVmV0ZXJhbnMgQWZmYWlyczEgMB4GA1UECwwXVkEgUGF5cm9sbCAmIEhSIFN5c3 +RlbXMxFTATBgNVBAMTDHZhdGFzLnZhLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCg +gEBAPTUSKkSrbMZFm7XzsVxMCw+RZKryxJyL4q2aZMtcmHdV+ODdYIXm8FsM3x5Ah/irwn0/nsB +p84GMEDlAUDqJaMnA+GDrduM/kNVvyrzaf+zf+6hVfa+G9tRqc8CUIIHnO5H/WW6lWORBFJl6Ke +tXKSO1RbC0UYQ9sX6wdCV2okf3VDTRfH6RRteHdgH/7EdG7MQ9FkhrwiSvA0Iz82iICWZrxir16 +dfX1nX6KuvcHOrAjdYkt8Mq9OVnq8n5rWyk2lqhHFltfd8h5XMzLTJHN6M8M44jK0VZ6Ozp1OAV +qwb0TsP9N5Ij9zLKBfnofkdSAUhrQwy2ZASebFz2fG9V/ECAwEAAaOCAmMwggJfMCQGA1UdEQQd +MBuHCAAAAAD///8AgQ9mc2N2YXRhc0B2YS5nb3YwgdMGCCsGAQUFBwEBBIHGMIHDMEAGCCsGAQU +FBzAChjRodHRwOi8vYWlhMS5jb20tc3Ryb25nLWlkLm5ldC9DQS9DVC1QVUJMSUMtSUNBLTEucD +djMH8GCCsGAQUFBzAChnNsZGFwOi8vZGlyMS5jb20tc3Ryb25nLWlkLm5ldC9jbj1DeWJlcnRyd +XN0IFB1YmxpYyBJc3N1aW5nIENBIDEsb3U9UEtJLG91PVNlcnZpY2VzLG89Q3liZXJ0cnVzdCwg +Yz1VUz9jQUNlcnRpZmljYXRlMA4GA1UdDwEB/wQEAwIFoDAjBgNVHSUEHDAaBgRVHSUABggrBgE +FBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUVJyBRgoWyv9g+eqKRQp1XE6y3oowgesGA1UdHw +SB4zCB4DA8oDqgOIY2aHR0cDovL2NkcDEuY29tLXN0cm9uZy1pZC5uZXQvQ0RQL0NULVBVQkxJQ +y1JLUNBLTEuY3JsMIGfoIGcoIGZhoGWbGRhcDovL2RpcjEuc3NwLXN0cm9uZy1pZC5uZXQvY24l +M2RDeWJlcnRydXN0JTIwUHVibGljJTIwSXNzdWluZyUyMENBJTIwMSxvdSUzZFBLSSxvdSUzZFN +lcnZpY2VzLG8lM2RDeWJlcnRydXN0JTIwSW5jLGMlM2RVUz9jZXJ0aWZpY2F0ZVJldm9jYXRpb2 +5MaXN0MB0GA1UdDgQWBBSCsXVLx618OiTXr15yOk0OFuaK3jANBgkqhkiG9w0BAQUFAAOCAQEAd +ly8iRPQU62yQFrvKqMQc3Zhxz4vu8NQ902U5Er8OSbx4CcgVne2I515qikJbEwYhiMUKwRjr8vv +Zs3zFhca/Z5uC28YGgPNNhNH+CzjmZKnstOArg/EWcRzgnFGN2V8RBDGbgR+zjOe15hsHkL6qOv +HY0PSXED4V1hRzqdbXVC2NqrrjnnHkkGtvQzxRGgoduHJyRcwZNmDNxbcKjgfTNKXlpganJK9Qx +zPmOzvl57VQbiHma4NzC0UWfqRbx2txz94TOtanIPhC/NwQuOhfbaKB7GHHQOEnvxs1+pDacElr +lVLkS7zRBTl4F5vBi7hoWpP/DE8Wrl5/ddmJlEGig== +-----END CERTIFICATE----- + +ERROR: Failed parsing iPAddress +ERROR: Failed parsing GeneralName +ERROR: Failed parsing subjectAltName + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIGlQQWRkcmVzcwpFUlJPUjogRmFpbGVkIHBhcnNpbmcgR2VuZXJhbE5hbWUKRVJST1I6IEZhaWxlZCBwYXJzaW5nIHN1YmplY3RBbHROYW1lCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subjectaltname_dns_not_ascii.pem b/pki/testdata/parse_certificate_unittest/subjectaltname_dns_not_ascii.pem new file mode 100644 index 0000000000..15c4e992d3 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subjectaltname_dns_not_ascii.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIFKzCCBBOgAwIBAgIQNRSLLSvkxwFw/aIrlQyZODANBgkqhkiG9w0BAQUFADCBtTELMAkGA1U +EBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdC +BOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY +29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENB +IC0gRzMwHhcNMTMxMjE4MDAwMDAwWhcNMTQxMjE5MjM1OTU5WjBpMQswCQYDVQQGEwJKUDEOMAw +GA1UECAwFVG9reW8xEzARBgNVBAcMClNoaWJ1eWEta3UxGjAYBgNVBAoMEVZhbHVlSFIgQ28uLC +BMdGQuMRkwFwYDVQQDDBDlgaXoqLrkuojntIQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AM +IIBCgKCAQEAp3/vC986ouUtYVdGRKNnGvRRNTuQs8sdRlFt9D1PK4ejXP66dWziqiXqu8t7BmmG +MWgqDmEE7tplDRPmA7/ODbD5It1XxU4WF8ieUsmc2rBs4LIiFqHU+wa4CWtR9rS7X047jkunlM3 +OtLr9g2gL35VXGeZlKX0OH0/nsNwPdlRL6snIUx8G4mVKuJKyIa3izfyeEonE41DVjzxa9LrsLA +Rbpj4g0VeWZkUHsMSAB8C3rDRkE9k2bB7yOpYdZc/RNeYCQkaKKoFEukS7VSvgEjp+IuvffHMSx +EZE5WYATAwrx6SdWWdqkwYqPNI+bq5KU7Y96aDF1WtIlzO/tu9FJwIDAQABo4IBgDCCAXwwGwYD +VR0RBBQwEoIQ5YGl6Ki65LqI57SELmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgN +VHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2MCowKA +YIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcF +lNEwYJ+HSCrJfQBY9i+eaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1j +cmwudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQU +HMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDovL1NWUlNlY3 +VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjANBgkqhkiG9w0BAQUFAAOCA +QEAVZOUBsznX7qfPH5RNIlbUNyRwJThpilC9rlZIX6tg7E6Agwh7ZJYkt5ok1ggMXwiqJzY7Uhb +WRRKDISjBLjv6pUKxWpfNG401d8b3ATg9deBlc/5kNuc6lr+VgFcFW09/sL910LpzUzByhxOd+k +sb89UJlcevWn9dIeE0eZK+tckl7MsnNWZwPCXxHOaNkQ28zGzPw37L26vXnWdYWgXIKFWkofMmY +zBey/Zh5w37Ips96Fejbo/nXbsrM9UWSywhyQrgy+Vds+tAebJ1e3ERa6qy8sia+G3Lf+JcMExW +RfoTg4AxT0HlL8DdRjE4ur9NTW2npYQlNM7A0JkU8h7QQ== +-----END CERTIFICATE----- + +ERROR: dNSName is not ASCII +ERROR: Failed parsing GeneralName +ERROR: Failed parsing subjectAltName + +-----BEGIN ERRORS----- +RVJST1I6IGROU05hbWUgaXMgbm90IEFTQ0lJCkVSUk9SOiBGYWlsZWQgcGFyc2luZyBHZW5lcmFsTmFtZQpFUlJPUjogRmFpbGVkIHBhcnNpbmcgc3ViamVjdEFsdE5hbWUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subjectaltname_general_names_empty_sequence.pem b/pki/testdata/parse_certificate_unittest/subjectaltname_general_names_empty_sequence.pem new file mode 100644 index 0000000000..ca1513324e --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subjectaltname_general_names_empty_sequence.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIGaTCCBVGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChM +eQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW +1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0xMDAyM +jMwODQ2MzdaFw0yMjAyMjAwODQ2MzdaMIGwMQswCQYDVQQGEwJFUzEbMBkGA1UEChMSQUMgQ0FN +RVJGSVJNQSBTLkEuMTswOQYDVQQHEzJNQURSSUQgKFZlciBlbiBodHRwczovL3d3dy5jYW1lcmZ +pcm1hLmNvbS9hZGRyZXNzKTEWMBQGA1UECxMNQUMgQ0FNRVJGSVJNQTESMBAGA1UEBRMJQTgyNz +QzMjg3MRswGQYDVQQDExJBQyBDQU1FUkZJUk1BIEFBUFAwggEgMA0GCSqGSIb3DQEBAQUAA4IBD +QAwggEIAoIBAQDcNq5DM3X0DUeai9Ks7lY6iimhIO3vifminrDdlCkoomMhFq7oE9Q6X5lko95+ +mpClRm/nD1XqBOTa04WAYyvcrGXRH0F6vEIp86ew3I8CLUtWdeG255m2xcCcSKOreGDdcd/z+Us +gdauerhvbJG1CmbAr1oWlmVCvr9zN2Frn9NvkF/espf8TKkAAXH8za5yuC2i5mTXH6LWxTCm03k +frVJRpU329JdNRRIGjtgj+yTHqig50TDZ9Snu3yKn/s+KwqK9l+wUHIWqgOmEghrYTjzXCGEpPv +2TyEAXOhszX3vzNwStgf8Slz9d4H1TfEsUh02bmXb7e8G5UuybNY0vNAgEDo4ICvjCCArowEgYD +VR0TAQH/BAgwBgEB/wIBAjBuBgNVHR8EZzBlMDCgLqAshipodHRwOi8vY3JsLmNhbWVyZmlybWE +uY29tL2NoYW1iZXJzcm9vdC5jcmwwMaAvoC2GK2h0dHA6Ly9jcmwxLmNhbWVyZmlybWEuY29tL2 +NoYW1iZXJzcm9vdC5jcmwwHQYDVR0OBBYEFOVGUOhDoLL3HOS2/9gABCD3H6QLMIGrBgNVHSMEg +aMwgaCAFOOU9bFN6duhKVtXi012Bnbh0aKKoYGEpIGBMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQK +Ex5BQyBDYW1lcmZpcm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2h +hbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290ggEAMHUGCC +sGAQUFBwEBBGkwZzA9BggrBgEFBQcwAoYxaHR0cDovL3d3dy5jYW1lcmZpcm1hLmNvbS9jZXJ0c +y9ST09ULUNIQU1CRVJTLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AuY2FtZXJmaXJtYS5j +b20wDgYDVR0PAQH/BAQDAgEGMAkGA1UdEQQCMAAwJwYDVR0SBCAwHoEcY2hhbWJlcnNyb290QGN +oYW1iZXJzaWduLm9yZzCBqwYDVR0gBIGjMIGgMIGdBgsrBgEEAYGHLgEDATCBjTApBggrBgEFBQ +cCARYdaHR0cHM6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wYAYIKwYBBQUHAgIwVBpSQ2VydGlma +WNhZG8gcmHtei4gQ29uc3VsdGUgbGFzIGNvbmRpY2lvbmVzIGRlIHVzbyBlbiBodHRwczovL3Bv +bGljeS5jYW1lcmZpcm1hLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEADuarT/NOdigXhtxzdHZQOjp +bY8s/ED8oeSGCil8vypvYJhGLQ+NDrlI4wXOm/gPJ+fU3YUndDiL5Fli2Id4nch+b8pFes5MlXq +SVPsEdi4jWYMh73x8bEDTGO+FnzxtgVW+/g5V9sYIJ3Ir9CtRVBoCj1Z4DUb35hFoBAxHJkj2G5 +aPoDFNZUCbkTvQKaUFh920JNaDxvjS/Kx+ICG8dsUHofYLZ6ZdC4lxIAtOIgXw5zAkdv757VSq5 +7OTMW3pjNXwHjaOVzuyZe8jNNlW4dpefTN+udKyeoZEEklGgVs2w72Dw4D7ji2xAvhNieH+uwl8 +XMLVICk48tHn5NpLFng== +-----END CERTIFICATE----- + +ERROR: GeneralNames is a sequence of 0 elements +ERROR: Failed parsing subjectAltName + +-----BEGIN ERRORS----- +RVJST1I6IEdlbmVyYWxOYW1lcyBpcyBhIHNlcXVlbmNlIG9mIDAgZWxlbWVudHMKRVJST1I6IEZhaWxlZCBwYXJzaW5nIHN1YmplY3RBbHROYW1lCg== +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/subjectaltname_trailing_data.pem b/pki/testdata/parse_certificate_unittest/subjectaltname_trailing_data.pem new file mode 100644 index 0000000000..7eb4f4a43f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/subjectaltname_trailing_data.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGTDCCBTSgAwIBAgITVwAAAF+93qVAMVthkAAAAAAAXzANBgkqhkiG9w0BAQsFADB+MRMwEQY +KCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLc2FucGFvbG9pbWkxFDASBgoJkiaJk/ +IsZAEZFgRjb3JwMTQwMgYDVQQDEytJbnRlc2EgU2FucGFvbG8gQ0EgU2Vydml6aSBFc3Rlcm5pI +EVuaGFuY2VkMB4XDTE1MDEyODA5NDY0OVoXDTE3MDEyNzA5NDY0OVowgZExCzAJBgNVBAYTAklU +MQswCQYDVQQIEwJJVDEPMA0GA1UEBxMGTWlsYW5vMR8wHQYDVQQKExZJbnRlc2EgU2FucGFvbG8 +gUy5wLkEuMR8wHQYDVQQLExZJbnRlc2EgU2FucGFvbG8gUy5wLkEuMSIwIAYDVQQDExlicm9rZX +JzLmV1cml6b25jYXBpdGFsLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Lf/j +B9UTcZEHnAFVEYg8/4sim4fKdI+wB39KP/yqtAcphIsCYRokeB8H8pWIfpAckwEIlMY/GsitHfh +rB2p6dV6tMPl9wJRKGno8R4K0OfPi0/XmlEW3JGMNgVE+jZbAAbL+IHpEMG2dEUj3HAjgE/V6tj +KJd7sfScFXjqPaTSyLzZkjX9Dfh84fS7GmCaY16716yPPfoVkf3OyhCsIRl0k+v7tEU+6IfndK7 +8K+jCeSMJalrhSLxmfBylHrXWnuFot4I9YvQsJCp50tbhyfBp0FcvDTLz9o4mEIdNd9Nba2D83S +EMzFGj8JP+avM6GRJEEeLs5C41pmipQrAa6FwIDAQABo4ICrTCCAqkwCwYDVR0PBAQDAgWgMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQM +CAgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQ +MEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBSPr9bdPGzza +G7TnSCxkoQSwBviMDAfBgNVHSMEGDAWgBRU/O09Y+2DXOk8duLzoFKHyjUMpTBKBgNVHR8EQzBB +MD+gPaA7hjlodHRwOi8vY2EuaW50ZXNhc2FucGFvbG8uY29tL3BvcnRhbENhaXMwL2NybC9zZXJ +2ZXh0Mi5jcmwwgYEGCCsGAQUFBwEBBHUwczBFBggrBgEFBQcwAoY5aHR0cDovL2NhLmludGVzYX +NhbnBhb2xvLmNvbS9wb3J0YWxDYWlzMC9jcnQvc2VydmV4dDIuY3J0MCoGCCsGAQUFBzABhh5od +HRwOi8vb2NzcC5pbnRlc2FzYW5wYW9sby5jb20wPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUI +htj1fYPzgAWCjZEahYDRPIXS0n+BFoHA9D2HsdxNAgFkAgENMCcGCSsGAQQBgjcVCgQaMBgwCgY +IKwYBBQUHAwEwCgYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgsrBgEEAYGcVAMBATBHMEUGCCsGAQ +UFBwIBFjlodHRwOi8vY2EuaW50ZXNhc2FucGFvbG8uY29tL3BvcnRhbENhaXMwL2Nwcy9jcHMyM +DQ4Lmh0bQAwJQYDVR0RBB4wG4IZYnJva2Vycy5ldXJpem9uY2FwaXRhbC5pdAAwDQYJKoZIhvcN +AQELBQADggEBAAqADst5FmJpBNaVO878BAI/XqP5j9EZvQcTFkycTQyCl82mQpiZMdIBogcSDWH +QuT0BxkDQW39BjklXAL5wV4sb+znYOtt7iu0H/PhCLUNjZOybEfkQLVBzdZMtlwRZ5eFI+K8Vh2 +kcxC3+k2/6VvhUV7WkTejELk7opAR8AZkDg3btRmiYggfBMg1HiI+yqCMUSEMe5kJBPomsxKsu3 +uuG6E6c8aHK0byhxj4QYdt/+dGZnWNdhmfOKZSQtMAhgrjCO679BodahltomZtuY/NFWU3tsIv5 +uMIekmLLvcrjZ+8t8pGsFsBeUxg2UeLw4mC/etSiDjRATUZPemqCDO0= +-----END CERTIFICATE----- + +ERROR: GeneralNames contains trailing data after the sequence +ERROR: Failed parsing subjectAltName + +-----BEGIN ERRORS----- +RVJST1I6IEdlbmVyYWxOYW1lcyBjb250YWlucyB0cmFpbGluZyBkYXRhIGFmdGVyIHRoZSBzZXF1ZW5jZQpFUlJPUjogRmFpbGVkIHBhcnNpbmcgc3ViamVjdEFsdE5hbWUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_explicit_v1.pem b/pki/testdata/parse_certificate_unittest/tbs_explicit_v1.pem new file mode 100644 index 0000000000..b7d763c1f5 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_explicit_v1.pem @@ -0,0 +1,30 @@ +This is an otherwise valid v1 certificate, except the version has been encoded +explicitly as 0. Instead it should have been omitted. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 60 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :00 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDygAwIBAAIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfM= +-----END TBS CERTIFICATE----- + +ERROR: Version explicitly V1 (should be omitted) + +-----BEGIN ERRORS----- +RVJST1I6IFZlcnNpb24gZXhwbGljaXRseSBWMSAoc2hvdWxkIGJlIG9taXR0ZWQpCg== +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/tbs_v1.pem b/pki/testdata/parse_certificate_unittest/tbs_v1.pem new file mode 100644 index 0000000000..198cd2afd2 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v1.pem @@ -0,0 +1,65 @@ +This is a TBSCertificate which omits the version field (meaning it is v1). + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 55 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: INTEGER :01 + 5:d=1 hl=2 l= 3 cons: SEQUENCE + 7:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 15:d=1 hl=2 l= 30 cons: SEQUENCE + 17:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 32:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 47:d=1 hl=2 l= 3 cons: SEQUENCE + 49:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDcCAQEwAwQBATADBAEFMB4XDTEyMTAxODAzMTIwMFoXDTEzMTAxODE0NTk1OVowAwQBgzADBAH +z +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v1_extensions.pem b/pki/testdata/parse_certificate_unittest/tbs_v1_extensions.pem new file mode 100644 index 0000000000..2358cd1641 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v1_extensions.pem @@ -0,0 +1,31 @@ +This is an otherwise valid TBSCertificate, however it lacks a version (making +it v1). As such extensions are not allowed. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 62 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: INTEGER :01 + 5:d=1 hl=2 l= 3 cons: SEQUENCE + 7:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 15:d=1 hl=2 l= 30 cons: SEQUENCE + 17:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 32:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 47:d=1 hl=2 l= 3 cons: SEQUENCE + 49:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 57:d=1 hl=2 l= 5 cons: cont [ 3 ] + 59:d=2 hl=2 l= 3 cons: SEQUENCE + 61:d=3 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN TBS CERTIFICATE----- +MD4CAQEwAwQBATADBAEFMB4XDTEyMTAxODAzMTIwMFoXDTEzMTAxODE0NTk1OVowAwQBgzADBAH +zowUwAwQB3Q== +-----END TBS CERTIFICATE----- + +ERROR: Unexpected extensions (must be V3 certificate) + +-----BEGIN ERRORS----- +RVJST1I6IFVuZXhwZWN0ZWQgZXh0ZW5zaW9ucyAobXVzdCBiZSBWMyBjZXJ0aWZpY2F0ZSkK +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/tbs_v2_extensions.pem b/pki/testdata/parse_certificate_unittest/tbs_v2_extensions.pem new file mode 100644 index 0000000000..844a038e6b --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v2_extensions.pem @@ -0,0 +1,33 @@ +This is a v2 certificate which contains extensions. This is invalid since v2 +does not have extensions defined. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 67 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :01 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 5 cons: cont [ 3 ] + 64:d=2 hl=2 l= 3 cons: SEQUENCE + 66:d=3 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN TBS CERTIFICATE----- +MEOgAwIBAQIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOjBTADBAHd +-----END TBS CERTIFICATE----- + +ERROR: Unexpected extensions (must be V3 certificate) + +-----BEGIN ERRORS----- +RVJST1I6IFVuZXhwZWN0ZWQgZXh0ZW5zaW9ucyAobXVzdCBiZSBWMyBjZXJ0aWZpY2F0ZSkK +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_and_subject_unique_id.pem b/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_and_subject_unique_id.pem new file mode 100644 index 0000000000..eff7abccdf --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_and_subject_unique_id.pem @@ -0,0 +1,78 @@ +This is a version 2 certificate containing both the issuer unique ID and +subject unique ID fields. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 68 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :01 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 2 prim: cont [ 1 ] + 66:d=1 hl=2 l= 2 prim: cont [ 2 ] +-----BEGIN TBS CERTIFICATE----- +MESgAwIBAQIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOBAgC5ggIAyg== +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- + +-----BEGIN ISSUER UNIQUE ID----- +uQ== +-----END ISSUER UNIQUE ID----- + +-----BEGIN SUBJECT UNIQUE ID----- +yg== +-----END SUBJECT UNIQUE ID----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_unique_id.pem b/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_unique_id.pem new file mode 100644 index 0000000000..1ba13b1724 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v2_issuer_unique_id.pem @@ -0,0 +1,72 @@ +This is a version 2 certificate containing the issuer unique ID field. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 64 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :01 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 2 prim: cont [ 1 ] +-----BEGIN TBS CERTIFICATE----- +MECgAwIBAQIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOBAgC5 +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- + +-----BEGIN ISSUER UNIQUE ID----- +uQ== +-----END ISSUER UNIQUE ID----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v2_no_optionals.pem b/pki/testdata/parse_certificate_unittest/tbs_v2_no_optionals.pem new file mode 100644 index 0000000000..9ea675c016 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v2_no_optionals.pem @@ -0,0 +1,67 @@ +This is a version 2 certificate with none of the optional fields. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 60 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :01 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDygAwIBAQIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfM= +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_all_optionals.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_all_optionals.pem new file mode 100644 index 0000000000..5b989c84f3 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_all_optionals.pem @@ -0,0 +1,87 @@ +This is a version 3 TBSCertificate containing all the possible optional fields. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 75 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 2 prim: cont [ 1 ] + 66:d=1 hl=2 l= 2 prim: cont [ 2 ] + 70:d=1 hl=2 l= 5 cons: cont [ 3 ] + 72:d=2 hl=2 l= 3 cons: SEQUENCE + 74:d=3 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN TBS CERTIFICATE----- +MEugAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOBAgC5ggIAyqMFMAMEAd0= +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- + +-----BEGIN ISSUER UNIQUE ID----- +uQ== +-----END ISSUER UNIQUE ID----- + +-----BEGIN SUBJECT UNIQUE ID----- +yg== +-----END SUBJECT UNIQUE ID----- + +$ openssl asn1parse -i < [EXTENSIONS] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN EXTENSIONS----- +MAMEAd0= +-----END EXTENSIONS----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_data_after_extensions.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_data_after_extensions.pem new file mode 100644 index 0000000000..25331dd45c --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_data_after_extensions.pem @@ -0,0 +1,34 @@ +This is an otherwise valid TBSCertificate, except there is a NULL after the +extensions. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 69 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 5 cons: cont [ 3 ] + 64:d=2 hl=2 l= 3 cons: SEQUENCE + 66:d=3 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD + 69:d=1 hl=2 l= 0 prim: NULL +-----BEGIN TBS CERTIFICATE----- +MEWgAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOjBTADBAHdBQA= +-----END TBS CERTIFICATE----- + +ERROR: Unconsumed data inside TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IFVuY29uc3VtZWQgZGF0YSBpbnNpZGUgVEJTQ2VydGlmaWNhdGUK +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_extensions.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_extensions.pem new file mode 100644 index 0000000000..927a7831d2 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_extensions.pem @@ -0,0 +1,79 @@ +This is a very basic TBSCertificate. It is valid from the perspective of +ParseTbsCertificate(), however its sub-fields are mainly bogus. This +TBSCertificate contains extensions. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 67 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 5 cons: cont [ 3 ] + 64:d=2 hl=2 l= 3 cons: SEQUENCE + 66:d=3 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN TBS CERTIFICATE----- +MEOgAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOjBTADBAHd +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- + +$ openssl asn1parse -i < [EXTENSIONS] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:DD +-----BEGIN EXTENSIONS----- +MAMEAd0= +-----END EXTENSIONS----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_extensions_not_sequence.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_extensions_not_sequence.pem new file mode 100644 index 0000000000..7122fbd3e0 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_extensions_not_sequence.pem @@ -0,0 +1,26 @@ +This is an otherwise valid TBSCertificate, except the extensions is an OCTET +STRING rather than a SEQUENCE. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 67 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 + 62:d=1 hl=2 l= 5 cons: cont [ 3 ] + 64:d=2 hl=2 l= 3 prim: OCTET STRING [HEX DUMP]:0401DD +-----BEGIN TBS CERTIFICATE----- +MEOgAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfOjBQQDBAHd +-----END TBS CERTIFICATE----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_no_optionals.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_no_optionals.pem new file mode 100644 index 0000000000..119ca262a5 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_no_optionals.pem @@ -0,0 +1,70 @@ +This is a very basic TBSCertificate. It is valid from the perspective of +ParseTbsCertificate(), however its sub-fields are mainly bogus. This +TBSCertificate contains no optional fields (no issuerUniqueID, subjectUniqueID, +extensions) + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 60 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDygAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfM= +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v3_real.pem b/pki/testdata/parse_certificate_unittest/tbs_v3_real.pem new file mode 100644 index 0000000000..f4080d402b --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v3_real.pem @@ -0,0 +1,251 @@ +This is a real-world certificate (in fact the same as cert_version3.pem) + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=4 l=1087 cons: SEQUENCE + 4:d=1 hl=2 l= 3 cons: cont [ 0 ] + 6:d=2 hl=2 l= 1 prim: INTEGER :02 + 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076 + 18:d=1 hl=2 l= 13 cons: SEQUENCE + 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 31:d=2 hl=2 l= 0 prim: NULL + 33:d=1 hl=3 l= 202 cons: SEQUENCE + 36:d=2 hl=2 l= 11 cons: SET + 38:d=3 hl=2 l= 9 cons: SEQUENCE + 40:d=4 hl=2 l= 3 prim: OBJECT :countryName + 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US + 49:d=2 hl=2 l= 16 cons: SET + 51:d=3 hl=2 l= 14 cons: SEQUENCE + 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 67:d=2 hl=2 l= 19 cons: SET + 69:d=3 hl=2 l= 17 cons: SEQUENCE + 71:d=4 hl=2 l= 3 prim: OBJECT :localityName + 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 88:d=2 hl=2 l= 26 cons: SET + 90:d=3 hl=2 l= 24 cons: SEQUENCE + 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. + 116:d=2 hl=2 l= 51 cons: SET + 118:d=3 hl=2 l= 49 cons: SEQUENCE + 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository + 169:d=2 hl=2 l= 48 cons: SET + 171:d=3 hl=2 l= 46 cons: SEQUENCE + 173:d=4 hl=2 l= 3 prim: OBJECT :commonName + 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority + 219:d=2 hl=2 l= 17 cons: SET + 221:d=3 hl=2 l= 15 cons: SEQUENCE + 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber + 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287 + 238:d=1 hl=2 l= 30 cons: SEQUENCE + 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z + 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z + 270:d=1 hl=2 l= 79 cons: SEQUENCE + 272:d=2 hl=2 l= 20 cons: SET + 274:d=3 hl=2 l= 18 cons: SEQUENCE + 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 294:d=2 hl=2 l= 33 cons: SET + 296:d=3 hl=2 l= 31 cons: SEQUENCE + 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated + 329:d=2 hl=2 l= 20 cons: SET + 331:d=3 hl=2 l= 18 cons: SEQUENCE + 333:d=4 hl=2 l= 3 prim: OBJECT :commonName + 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 351:d=1 hl=4 l= 290 cons: SEQUENCE + 355:d=2 hl=2 l= 13 cons: SEQUENCE + 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption + 368:d=3 hl=2 l= 0 prim: NULL + 370:d=2 hl=4 l= 271 prim: BIT STRING + 645:d=1 hl=4 l= 442 cons: cont [ 3 ] + 649:d=2 hl=4 l= 438 cons: SEQUENCE + 653:d=3 hl=2 l= 15 cons: SEQUENCE + 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints + 660:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 + 670:d=3 hl=2 l= 29 cons: SEQUENCE + 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 + 701:d=3 hl=2 l= 14 cons: SEQUENCE + 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage + 708:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 + 717:d=3 hl=2 l= 51 cons: SEQUENCE + 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points + 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C + 770:d=3 hl=2 l= 83 cons: SEQUENCE + 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies + 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F + 855:d=3 hl=3 l= 128 cons: SEQUENCE + 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access + 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 + 986:d=3 hl=2 l= 31 cons: SEQUENCE + 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 + 1019:d=3 hl=2 l= 39 cons: SEQUENCE + 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name + 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 + 1060:d=3 hl=2 l= 29 cons: SEQUENCE + 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 +-----BEGIN TBS CERTIFICATE----- +MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U +ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE +luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye +TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD +VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo +TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA +MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL +J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b +bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7 +ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr +LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S +rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA +moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk +gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL +3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv +ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9 +yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr +rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF +gQUox4asank9VC8PgXhdM8B0J414Bc= +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +K2OkKnBQdg== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN SIGNATURE ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=3 l= 202 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SET + 5:d=2 hl=2 l= 9 cons: SEQUENCE + 7:d=3 hl=2 l= 3 prim: OBJECT :countryName + 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US + 16:d=1 hl=2 l= 16 cons: SET + 18:d=2 hl=2 l= 14 cons: SEQUENCE + 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 25:d=3 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 34:d=1 hl=2 l= 19 cons: SET + 36:d=2 hl=2 l= 17 cons: SEQUENCE + 38:d=3 hl=2 l= 3 prim: OBJECT :localityName + 43:d=3 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 55:d=1 hl=2 l= 26 cons: SET + 57:d=2 hl=2 l= 24 cons: SEQUENCE + 59:d=3 hl=2 l= 3 prim: OBJECT :organizationName + 64:d=3 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. + 83:d=1 hl=2 l= 51 cons: SET + 85:d=2 hl=2 l= 49 cons: SEQUENCE + 87:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 92:d=3 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository + 136:d=1 hl=2 l= 48 cons: SET + 138:d=2 hl=2 l= 46 cons: SEQUENCE + 140:d=3 hl=2 l= 3 prim: OBJECT :commonName + 145:d=3 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority + 186:d=1 hl=2 l= 17 cons: SET + 188:d=2 hl=2 l= 15 cons: SEQUENCE + 190:d=3 hl=2 l= 3 prim: OBJECT :serialNumber + 195:d=3 hl=2 l= 8 prim: PRINTABLESTRING :07969287 +-----BEGIN ISSUER----- +MIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTE +aMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZX +MuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZ +mljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4Nw== +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=4, day=19, hours=13, minutes=53, seconds=24 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR +zPTI0 +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=4, day=19, hours=13, minutes=53, seconds=24 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR +zPTI0 +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 79 cons: SEQUENCE + 2:d=1 hl=2 l= 20 cons: SET + 4:d=2 hl=2 l= 18 cons: SEQUENCE + 6:d=3 hl=2 l= 3 prim: OBJECT :organizationName + 11:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net + 24:d=1 hl=2 l= 33 cons: SET + 26:d=2 hl=2 l= 31 cons: SEQUENCE + 28:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 33:d=3 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated + 59:d=1 hl=2 l= 20 cons: SET + 61:d=2 hl=2 l= 18 cons: SEQUENCE + 63:d=3 hl=2 l= 3 prim: OBJECT :commonName + 68:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net +-----BEGIN SUBJECT----- +ME8xFDASBgNVBAoTC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF +0ZWQxFDASBgNVBAMTC2t0aHVsaHUubmV0 +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=4 l= 290 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=4 l= 271 prim: BIT STRING +-----BEGIN SPKI----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNLJ7RCgAYmH4vG87FFPF +m5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1bbP3Z4+Ra3ENv7cpwQb +QjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7ss/zwTVspYnxvU7oDc +qOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvrLAYt/etAxrmHcMUVJb +W+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4SrPYLxXytqrU1yLi32x +gWwHu1A7fIQIDAQAB +-----END SPKI----- + +$ openssl asn1parse -i < [EXTENSIONS] + 0:d=0 hl=4 l= 438 cons: SEQUENCE + 4:d=1 hl=2 l= 15 cons: SEQUENCE + 6:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints + 11:d=2 hl=2 l= 1 prim: BOOLEAN :255 + 14:d=2 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 + 21:d=1 hl=2 l= 29 cons: SEQUENCE + 23:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 28:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 + 52:d=1 hl=2 l= 14 cons: SEQUENCE + 54:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage + 59:d=2 hl=2 l= 1 prim: BOOLEAN :255 + 62:d=2 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 + 68:d=1 hl=2 l= 51 cons: SEQUENCE + 70:d=2 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points + 75:d=2 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C + 121:d=1 hl=2 l= 83 cons: SEQUENCE + 123:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies + 128:d=2 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F + 206:d=1 hl=3 l= 128 cons: SEQUENCE + 209:d=2 hl=2 l= 8 prim: OBJECT :Authority Information Access + 219:d=2 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 + 337:d=1 hl=2 l= 31 cons: SEQUENCE + 339:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 344:d=2 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 + 370:d=1 hl=2 l= 39 cons: SEQUENCE + 372:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name + 377:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 + 411:d=1 hl=2 l= 29 cons: SEQUENCE + 413:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 418:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 +-----BEGIN EXTENSIONS----- +MIIBtjAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgN +VHQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZH +MxLTY4LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6L +y9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAk +BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8 +vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydD +AfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAnBgNVHREEIDAeggtrdGh1bGh1Lm5ld +IIPd3d3Lmt0aHVsaHUubmV0MB0GA1UdDgQWBBSjHhqxqeT1ULw+BeF0zwHQnjXgFw== +-----END EXTENSIONS----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_v4.pem b/pki/testdata/parse_certificate_unittest/tbs_v4.pem new file mode 100644 index 0000000000..0f152fa2bd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_v4.pem @@ -0,0 +1,30 @@ +This is a very basic TBSCertificate which would be valid except the version +number is v4 (3). + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 60 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :03 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDygAwIBAwIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfM= +-----END TBS CERTIFICATE----- + +ERROR: Failed parsing version + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIHZlcnNpb24K +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/tbs_validity_both_generalized_time.pem b/pki/testdata/parse_certificate_unittest/tbs_validity_both_generalized_time.pem new file mode 100644 index 0000000000..2b7022a2f9 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_validity_both_generalized_time.pem @@ -0,0 +1,69 @@ +SEQUENCE (2 elem) + GeneralizedTime 2014-01-31 00:00:00 UTC + GeneralizedTime 2016-02-29 00:00:00 UTC + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 64 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 34 cons: SEQUENCE + 22:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20140131000000Z + 39:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160229000000Z + 56:d=1 hl=2 l= 3 cons: SEQUENCE + 58:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 61:d=1 hl=2 l= 3 cons: SEQUENCE + 63:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MECgAwIBAgIBATADBAEBMAMEAQUwIhgPMjAxNDAxMzEwMDAwMDBaGA8yMDE2MDIyOTAwMDAwMFo +wAwQBgzADBAHz +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2014, month=1, day=31, hours=0, minutes=0, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDE0LCBtb250aD0xLCBkYXk9MzEsIGhvdXJzPTAsIG1pbnV0ZXM9MCwgc2Vjb25kcz0 +w +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2016, month=2, day=29, hours=0, minutes=0, seconds=0 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDE2LCBtb250aD0yLCBkYXk9MjksIGhvdXJzPTAsIG1pbnV0ZXM9MCwgc2Vjb25kcz0 +w +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_validity_both_utc_time.pem b/pki/testdata/parse_certificate_unittest/tbs_validity_both_utc_time.pem new file mode 100644 index 0000000000..71bddb30b6 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_validity_both_utc_time.pem @@ -0,0 +1,69 @@ +SEQUENCE (2 elem) + UTCTime 2012-10-18 03:12:00 UTC + UTCTime 2013-10-18 14:59:59 UTC + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 60 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 30 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 52:d=1 hl=2 l= 3 cons: SEQUENCE + 54:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 57:d=1 hl=2 l= 3 cons: SEQUENCE + 59:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MDygAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG +DMAMEAfM= +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_validity_generalized_time_and_utc_time.pem b/pki/testdata/parse_certificate_unittest/tbs_validity_generalized_time_and_utc_time.pem new file mode 100644 index 0000000000..25fc37bd31 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_validity_generalized_time_and_utc_time.pem @@ -0,0 +1,69 @@ +SEQUENCE (2 elem) + GeneralizedTime 2014-01-31 00:00:00 UTC + UTCTime 2013-10-18 14:59:59 UTC + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 62 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 32 cons: SEQUENCE + 22:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20140131000000Z + 39:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z + 54:d=1 hl=2 l= 3 cons: SEQUENCE + 56:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 59:d=1 hl=2 l= 3 cons: SEQUENCE + 61:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MD6gAwIBAgIBATADBAEBMAMEAQUwIBgPMjAxNDAxMzEwMDAwMDBaFw0xMzEwMTgxNDU5NTlaMAM +EAYMwAwQB8w== +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2014, month=1, day=31, hours=0, minutes=0, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDE0LCBtb250aD0xLCBkYXk9MzEsIGhvdXJzPTAsIG1pbnV0ZXM9MCwgc2Vjb25kcz0 +w +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 +kcz01OQ== +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/tbs_validity_relaxed.pem b/pki/testdata/parse_certificate_unittest/tbs_validity_relaxed.pem new file mode 100644 index 0000000000..87f0b59abd --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_validity_relaxed.pem @@ -0,0 +1,147 @@ +This certificate comes from the CT database. The encoding of validity fails to be parsed using the strict rules. + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=4 l=1276 cons: SEQUENCE + 4:d=1 hl=2 l= 3 cons: cont [ 0 ] + 6:d=2 hl=2 l= 1 prim: INTEGER :02 + 9:d=1 hl=2 l= 3 prim: INTEGER :2821D5 + 14:d=1 hl=2 l= 13 cons: SEQUENCE + 16:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 27:d=2 hl=2 l= 0 prim: NULL + 29:d=1 hl=3 l= 220 cons: SEQUENCE + 32:d=2 hl=2 l= 11 cons: SET + 34:d=3 hl=2 l= 9 cons: SEQUENCE + 36:d=4 hl=2 l= 3 prim: OBJECT :countryName + 41:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US + 45:d=2 hl=2 l= 16 cons: SET + 47:d=3 hl=2 l= 14 cons: SEQUENCE + 49:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 54:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 63:d=2 hl=2 l= 19 cons: SET + 65:d=3 hl=2 l= 17 cons: SEQUENCE + 67:d=4 hl=2 l= 3 prim: OBJECT :localityName + 72:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 84:d=2 hl=2 l= 37 cons: SET + 86:d=3 hl=2 l= 35 cons: SEQUENCE + 88:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 93:d=4 hl=2 l= 28 prim: PRINTABLESTRING :Starfield Technologies, Inc. + 123:d=2 hl=2 l= 57 cons: SET + 125:d=3 hl=2 l= 55 cons: SEQUENCE + 127:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName + 132:d=4 hl=2 l= 48 prim: PRINTABLESTRING :http://certificates.starfieldtech.com/repository + 182:d=2 hl=2 l= 49 cons: SET + 184:d=3 hl=2 l= 47 cons: SEQUENCE + 186:d=4 hl=2 l= 3 prim: OBJECT :commonName + 191:d=4 hl=2 l= 40 prim: PRINTABLESTRING :Starfield Secure Certification Authority + 233:d=2 hl=2 l= 17 cons: SET + 235:d=3 hl=2 l= 15 cons: SEQUENCE + 237:d=4 hl=2 l= 3 prim: OBJECT :serialNumber + 242:d=4 hl=2 l= 8 prim: PRINTABLESTRING :10688435 + 252:d=1 hl=2 l= 28 cons: SEQUENCE + 254:d=2 hl=2 l= 11 prim: UTCTIME :1401070000Z + 267:d=2 hl=2 l= 13 prim: UTCTIME :160401070000Z + 282:d=1 hl=3 l= 235 cons: SEQUENCE + 285:d=2 hl=2 l= 19 cons: SET + 287:d=3 hl=2 l= 17 cons: SEQUENCE + 289:d=4 hl=2 l= 11 prim: OBJECT :1.3.6.1.4.1.311.60.2.1.3 + 302:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US + 306:d=2 hl=2 l= 24 cons: SET + 308:d=3 hl=2 l= 22 cons: SEQUENCE + 310:d=4 hl=2 l= 11 prim: OBJECT :1.3.6.1.4.1.311.60.2.1.2 + 323:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 332:d=2 hl=2 l= 29 cons: SET + 334:d=3 hl=2 l= 27 cons: SEQUENCE + 336:d=4 hl=2 l= 3 prim: OBJECT :businessCategory + 341:d=4 hl=2 l= 20 prim: PRINTABLESTRING :Private Organization + 363:d=2 hl=2 l= 20 cons: SET + 365:d=3 hl=2 l= 18 cons: SEQUENCE + 367:d=4 hl=2 l= 3 prim: OBJECT :serialNumber + 372:d=4 hl=2 l= 11 prim: PRINTABLESTRING :R-1724741-6 + 385:d=2 hl=2 l= 11 cons: SET + 387:d=3 hl=2 l= 9 cons: SEQUENCE + 389:d=4 hl=2 l= 3 prim: OBJECT :countryName + 394:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US + 398:d=2 hl=2 l= 16 cons: SET + 400:d=3 hl=2 l= 14 cons: SEQUENCE + 402:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 407:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona + 416:d=2 hl=2 l= 19 cons: SET + 418:d=3 hl=2 l= 17 cons: SEQUENCE + 420:d=4 hl=2 l= 3 prim: OBJECT :localityName + 425:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale + 437:d=2 hl=2 l= 36 cons: SET + 439:d=3 hl=2 l= 34 cons: SEQUENCE + 441:d=4 hl=2 l= 3 prim: OBJECT :organizationName + 446:d=4 hl=2 l= 27 prim: PRINTABLESTRING :Starfield Technologies, LLC + 475:d=2 hl=2 l= 43 cons: SET + 477:d=3 hl=2 l= 41 cons: SEQUENCE + 479:d=4 hl=2 l= 3 prim: OBJECT :commonName + 484:d=4 hl=2 l= 34 prim: PRINTABLESTRING :valid.sfi.catest.starfieldtech.com + 520:d=1 hl=4 l= 290 cons: SEQUENCE + 524:d=2 hl=2 l= 13 cons: SEQUENCE + 526:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption + 537:d=3 hl=2 l= 0 prim: NULL + 539:d=2 hl=4 l= 271 prim: BIT STRING + 814:d=1 hl=4 l= 462 cons: cont [ 3 ] + 818:d=2 hl=4 l= 458 cons: SEQUENCE + 822:d=3 hl=2 l= 12 cons: SEQUENCE + 824:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints + 829:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 832:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 + 836:d=3 hl=2 l= 14 cons: SEQUENCE + 838:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage + 843:d=4 hl=2 l= 1 prim: BOOLEAN :255 + 846:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 + 852:d=3 hl=2 l= 29 cons: SEQUENCE + 854:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 859:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 + 883:d=3 hl=2 l= 45 cons: SEQUENCE + 885:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name + 890:d=4 hl=2 l= 38 prim: OCTET STRING [HEX DUMP]:3024822276616C69642E7366692E6361746573742E737461726669656C64746563682E636F6D + 930:d=3 hl=2 l= 29 cons: SEQUENCE + 932:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 937:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:041470EF9012A65C1E984F5BDB33C30F6DCBED401A64 + 961:d=3 hl=2 l= 31 cons: SEQUENCE + 963:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 968:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014494B5227D11BBCF2A1216A627B51427A8AD7D556 + 994:d=3 hl=2 l= 56 cons: SEQUENCE + 996:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points + 1001:d=4 hl=2 l= 49 prim: OCTET STRING [HEX DUMP]:302F302DA02BA0298627687474703A2F2F63726C2E737461726669656C64746563682E636F6D2F736673332D302E63726C + 1052:d=3 hl=3 l= 141 cons: SEQUENCE + 1055:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access + 1065:d=4 hl=3 l= 128 prim: OCTET STRING [HEX DUMP]:307E302A06082B06010505073001861E687474703A2F2F6F6373702E737461726669656C64746563682E636F6D2F305006082B060105050730028644687474703A2F2F6365727469666963617465732E737461726669656C64746563682E636F6D2F7265706F7369746F72792F73665F696E7465726D6564696174652E637274 + 1196:d=3 hl=2 l= 82 cons: SEQUENCE + 1198:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies + 1203:d=4 hl=2 l= 75 prim: OCTET STRING [HEX DUMP]:30493047060B6086480186FD6E010717033038303606082B06010505070201162A687474703A2F2F63657274732E737461726669656C64746563682E636F6D2F7265706F7369746F72792F +-----BEGIN TBS CERTIFICATE----- +MIIE/KADAgECAgMoIdUwDQYJKoZIhvcNAQEFBQAwgdwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwd +Bcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG +9naWVzLCBJbmMuMTkwNwYDVQQLEzBodHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY +29tL3JlcG9zaXRvcnkxMTAvBgNVBAMTKFN0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxETAPBgNVBAUTCDEwNjg4NDM1MBwXCzE0MDEwNzAwMDBaFw0xNjA0MDEwNzAwMDB +aMIHrMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRgwFgYLKwYBBAGCNzwCAQITB0FyaXpvbmExHTAbBg +NVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRQwEgYDVQQFEwtSLTE3MjQ3NDEtNjELMAkGA1UEB +hMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJDAiBgNVBAoTG1N0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIExMQzErMCkGA1UEAxMidmFsaWQuc2ZpLmNhdGVzdC5zdGF +yZmllbGR0ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3UsdA7Nr22Qr +HAYv7/IqL8V7kczSyO9wziJzVdWu+l7Brg//TgjMZKMgY7cJdpICvFAxLOxO3Z1w721InVmTxz0 +1lczx5WrH3aJMwR/05By5tanNaas9zdMAWFtWd8SYKm2xcSC3FsAhue2s14OT+EE92XgNgVhF2b +dlOTgkwh/+q4Nl7k62LncnRSzFZdJKiorI811vrvVD45NB9IOPuRUXj5GLcUh4BXXp3ZSekFbVu +A2oDnIhNGyQcThtf3wcM0dRMeKgemAD59d96NaQYH/QVA3gdtlzKxgeF/UvlxYG3P3DknTRiaMz +l/Na9NzdRQX2i7ubskThqoRs05Zv0CAwEAAaOCAc4wggHKMAwGA1UdEwEB/wQCMAAwDgYDVR0PA +QH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAtBgNVHREEJjAkgiJ2YWxp +ZC5zZmkuY2F0ZXN0LnN0YXJmaWVsZHRlY2guY29tMB0GA1UdDgQWBBRw75ASplwemE9b2zPDD23 +L7UAaZDAfBgNVHSMEGDAWgBRJS1In0Ru88qEhamJ7UUJ6itfVVjA4BgNVHR8EMTAvMC2gK6Aphi +dodHRwOi8vY3JsLnN0YXJmaWVsZHRlY2guY29tL3NmczMtMC5jcmwwgY0GCCsGAQUFBwEBBIGAM +H4wKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBQBggrBgEFBQcw +AoZEaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmX2l +udGVybWVkaWF0ZS5jcnQwUgYDVR0gBEswSTBHBgtghkgBhv1uAQcXAzA4MDYGCCsGAQUFBwIBFi +podHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8= +-----END TBS CERTIFICATE----- + +ERROR: Failed parsing validity + +-----BEGIN ERRORS----- +RVJST1I6IEZhaWxlZCBwYXJzaW5nIHZhbGlkaXR5Cg== +-----END ERRORS----- \ No newline at end of file diff --git a/pki/testdata/parse_certificate_unittest/tbs_validity_utc_time_and_generalized_time.pem b/pki/testdata/parse_certificate_unittest/tbs_validity_utc_time_and_generalized_time.pem new file mode 100644 index 0000000000..2f98b8786f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/tbs_validity_utc_time_and_generalized_time.pem @@ -0,0 +1,69 @@ +SEQUENCE (2 elem) + UTCTime 2012-10-18 03:12:00 UTC + GeneralizedTime 2016-02-29 00:00:00 UTC + + +$ openssl asn1parse -i < [TBS CERTIFICATE] + 0:d=0 hl=2 l= 62 cons: SEQUENCE + 2:d=1 hl=2 l= 3 cons: cont [ 0 ] + 4:d=2 hl=2 l= 1 prim: INTEGER :02 + 7:d=1 hl=2 l= 1 prim: INTEGER :01 + 10:d=1 hl=2 l= 3 cons: SEQUENCE + 12:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 + 15:d=1 hl=2 l= 3 cons: SEQUENCE + 17:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 + 20:d=1 hl=2 l= 32 cons: SEQUENCE + 22:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z + 37:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160229000000Z + 54:d=1 hl=2 l= 3 cons: SEQUENCE + 56:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 + 59:d=1 hl=2 l= 3 cons: SEQUENCE + 61:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN TBS CERTIFICATE----- +MD6gAwIBAgIBATADBAEBMAMEAQUwIBcNMTIxMDE4MDMxMjAwWhgPMjAxNjAyMjkwMDAwMDBaMAM +EAYMwAwQB8w== +-----END TBS CERTIFICATE----- + +-----BEGIN SERIAL NUMBER----- +AQ== +-----END SERIAL NUMBER----- + +$ openssl asn1parse -i < [SIGNATURE ALGORITHM] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 +-----BEGIN SIGNATURE ALGORITHM----- +MAMEAQE= +-----END SIGNATURE ALGORITHM----- + +$ openssl asn1parse -i < [ISSUER] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 +-----BEGIN ISSUER----- +MAMEAQU= +-----END ISSUER----- + +VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 +-----BEGIN VALIDITY NOTBEFORE----- +eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR +zPTA= +-----END VALIDITY NOTBEFORE----- + +VALIDITY NOTAFTER: year=2016, month=2, day=29, hours=0, minutes=0, seconds=0 +-----BEGIN VALIDITY NOTAFTER----- +eWVhcj0yMDE2LCBtb250aD0yLCBkYXk9MjksIGhvdXJzPTAsIG1pbnV0ZXM9MCwgc2Vjb25kcz0 +w +-----END VALIDITY NOTAFTER----- + +$ openssl asn1parse -i < [SUBJECT] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 +-----BEGIN SUBJECT----- +MAMEAYM= +-----END SUBJECT----- + +$ openssl asn1parse -i < [SPKI] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 +-----BEGIN SPKI----- +MAMEAfM= +-----END SPKI----- diff --git a/pki/testdata/parse_certificate_unittest/v1_explicit_version.pem b/pki/testdata/parse_certificate_unittest/v1_explicit_version.pem new file mode 100644 index 0000000000..3b9a1e8d12 --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/v1_explicit_version.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcGgAwIBAAIBADANBgkqhkiG9w0BAQQFADAsMQswCQYDVQQGEwJhdTEdMBsGA1UEChM +UU2VjdXJlTmV0IENBIENsYXNzIEIwJhcROTkwNjMwMDAwMDAwKzEwMDAXETA5MTAxNTIzNTkwMC +sxMDAwMCwxCzAJBgNVBAYTAmF1MR0wGwYDVQQKExRTZWN1cmVOZXQgQ0EgQ2xhc3MgQjCCASIwD +QYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZj2cYVWnbnRmXHNJH5e91Wu/iWNS4pyqd9Ch73 +MVLoWsjTzzkBTlvwH7G4StKzR0NmPwFATjBJ4Q/96xJjeMz2FmIY9W9p/X5uM3Yho8CID+rmJfy +pl8wYcscxtgubzcLFeGFjRaw0pid4aMS9UmjOhE3SJKUobIDmyubP5pqeUHjO8zbSo0NaHAavyy +Du0CzERBiQbLGRZGW5t4WDS6iRmcXgnPe4UNfTsE+a7WP7TfTUKCQ6gFt7k4zFBYSvO4b+gTHHt +p1fGuqQe7BGXrIIUgBXDVVSg3iVSv1oj57ZULZLU/ryhQKVTjj1g6eW1DE/P6fKN1PcxS9tGnSm +zL8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAS0amIlrp0aXkEI9MU2DjTVSG3rocqipaNggdSgt +Joe+qvbwmMqT/c0AwJA/sqxHVy6/ES5vnHhzDUIW6TwgrLz8UI6r2g5mGvkZ4ERUrmuSjv33pjX +75Z98+f+atRudgZWdf5YDzLLtTZ3Nv4K6XEm1JGBxoTLMs81rBNTH27Ok+p8vNVFCHWEXAFNVIt +vMojjoYKeiamfHg9aPLCLR9eCUT4TTOaJvatyIhGzRSy+9T4vPXDGLasUVBRbiXWCwIYkUjDlmV +NRoORMdRcE4/BK0mwh3tD0gtVRMdcaKnDrMvh2+w7uXHNosscVFAhxrOVhQ5Ke8lCoAKGZ31Vp/ +dig== +-----END CERTIFICATE----- + +ERROR: Version explicitly V1 (should be omitted) +ERROR: Failed parsing TBSCertificate + +-----BEGIN ERRORS----- +RVJST1I6IFZlcnNpb24gZXhwbGljaXRseSBWMSAoc2hvdWxkIGJlIG9taXR0ZWQpCkVSUk9SOiBGYWlsZWQgcGFyc2luZyBUQlNDZXJ0aWZpY2F0ZQo= +-----END ERRORS----- diff --git a/pki/testdata/parse_certificate_unittest/v3_certificate_template.pk8 b/pki/testdata/parse_certificate_unittest/v3_certificate_template.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..17c580a9a04bf77b38b990b91659d57f7430d010 GIT binary patch literal 636 zcmV-?0)zc9f&zE~0RS)!1_>&LNQUpVlaXNUIGCC0)c@5*el4UGUQ_a zP4m#LS&K!dz41rC30Qj~y)~|vC5DusfWWjLc9CaBG0+f%w;~>JBaw2*>1}yBg?E4t z#FZ9x#Y%BZ$YVdF@?)GTPn!D6!EtUVg(#pW9%US^2i03|Eko@qkg<%fByFzg7di#O zzqlN(Wjh;K!r89Ys%MDt0s{d60Rn-60DyAS(Ouv(s{DxQ@OO&1BMMA_~W zsPI)?uUV2O^`an{J1>$jo{Ot2X8GHVS1`>g0m>N7@sOYXEqNS3mJCs0>I-x~ob)nq zp~E(2y{lFHRl-k5{#s#;2lym<5~CS%%W^c^>C{+Ml!9gzZaA{sZDJMINFace0Rlk) z@h>bH?jFx9nVW~buijwl&Nq*Ee?A=AQ911e%eKM_o(mM)55R zBxuQU{4=LHro7tPfEhPx3`Sr`*@AeYq@G~{Knv-ej|NcXK)JDz>Ccw;NP)Qm<1W!@ z|Jb2-Y(GAL@T_)Pp+*&PJ{3vwP@)gy?nuPo#us5?{CGm3-DK84(E>pLhvWx?H&!VA0k<2f3Gmcrj@GIow5D3`n};B! WJRg+W+?Uci19bs1x+4S#HawxwJtqbL literal 0 HcmV?d00001 diff --git a/pki/testdata/parse_certificate_unittest/v3_certificate_template.txt b/pki/testdata/parse_certificate_unittest/v3_certificate_template.txt new file mode 100644 index 0000000000..7aa270fd4f --- /dev/null +++ b/pki/testdata/parse_certificate_unittest/v3_certificate_template.txt @@ -0,0 +1,141 @@ +# This is cert.pem from BoringSSL's tests. +# https://boringssl.googlesource.com/boringssl/+/5acc423517ec9d53e6cf2cd1b968405e0972c745/ssl/test/runner/cert.pem + +# This file is itself valid ascii-der, however uses comments to name various +# sections (using BEGIN and END). These named sections can be overlapping, and +# are replaced for generating various test data. + +SEQUENCE { + SEQUENCE { + [0] { + INTEGER { 2 } + } +#-----BEGIN SERIAL----- + INTEGER { `00fbb04c2eab109b0c` } +#-----END SERIAL----- +#-----BEGIN INNER_SIGNATURE_ALGORITHM----- + SEQUENCE { + # sha1WithRSAEncryption + OBJECT_IDENTIFIER { 1.2.840.113549.1.1.5 } + NULL {} + } +#-----END INNER_SIGNATURE_ALGORITHM----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "Internet Widgits Pty Ltd" } + } + } + } +#-----BEGIN VALIDITY----- + SEQUENCE { + UTCTime { "140423205040Z" } + UTCTime { "170422205040Z" } + } +#-----END VALIDITY----- +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "Internet Widgits Pty Ltd" } + } + } + } +#-----END SUBJECT----- + SEQUENCE { + SEQUENCE { + # rsaEncryption + OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 } + NULL {} + } + BIT_STRING { + `00` + SEQUENCE { + INTEGER { `00d82bc8a632e462ff4df3d0ad598b45a7bdf147bf09587b22bd35ae97258694a080c0b41f7691674631d01084b7221e70239172c8e96d793a8577800fc4951675c54a714cc8633fa3f2639c2a4f9afacbc1716e288528a0271e651cae07d55b6f2d43ed2b90b18caf246daee9173a05c1bfb81cae653b1b58c2d9aed6aa6788f1` } + INTEGER { 65537 } + } + } + } + [3] { +#-----BEGIN EXTENSIONS----- + SEQUENCE { + SEQUENCE { + # subjectKeyIdentifier + OBJECT_IDENTIFIER { 2.5.29.14 } + OCTET_STRING { +#-----BEGIN SUBJECT_KEY_IDENTIFIER----- + OCTET_STRING { `8b75d5accb08be0e1f65b7fa56be6ca775da85af` } +#-----END SUBJECT_KEY_IDENTIFIER----- + } + } + SEQUENCE { + # authorityKeyIdentifier + OBJECT_IDENTIFIER { 2.5.29.35 } + OCTET_STRING { +#-----BEGIN AUTHORITY_KEY_IDENTIFIER----- + SEQUENCE { + [0 PRIMITIVE] { `8b75d5accb08be0e1f65b7fa56be6ca775da85af` } + } +#-----END AUTHORITY_KEY_IDENTIFIER----- + } + } + + SEQUENCE { + # basicConstraints + OBJECT_IDENTIFIER { 2.5.29.19 } + OCTET_STRING { +#-----BEGIN BASIC_CONSTRAINTS----- + SEQUENCE { + BOOLEAN { `ff` } + } +#-----END BASIC_CONSTRAINTS----- + } + } +#-----BEGIN EXTENSION----- +# (For adding in another extension at the end of the list) +#-----END EXTENSION----- + } +#-----END EXTENSIONS----- + } + } +#-----BEGIN OUTER_SIGNATURE_ALGORITHM----- + SEQUENCE { + # sha1WithRSAEncryption + OBJECT_IDENTIFIER { 1.2.840.113549.1.1.5 } + NULL {} + } +#-----END OUTER_SIGNATURE_ALGORITHM----- + BIT_STRING { `003be8786d95d63d6af713192c1bc288ae22abf48d32f57c7167cf2dd11cc2c387e2e9be895ce434ab4891c23f95ae2b479e25786b4f9a10a472fdcff7020cb00a08a45ae2e5747e111d39606ac91f69f32e6326dc9eef6b7a0ae1545798aa729178047e1f8f654d1f0b12ac9c240f84141a552d1fbbf09d09b2085c5932658026` } +} diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/generate-certs.py b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/generate-certs.py new file mode 100755 index 0000000000..105744fd22 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/generate-certs.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python +# Copyright 2019 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +""" +A chain with target using authorityKeyIdentifier:issuer and multiple +intermediates with different serial numbers and issuer names, for testing +path bulding prioritization. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +DATE_A = '150101120000Z' +DATE_B = '150102120000Z' +DATE_C = '150103120000Z' +DATE_Z = '180101120000Z' + +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(DATE_A, DATE_Z) + +root2 = gencerts.create_self_signed_root_certificate('Root2') +root2.set_validity_range(DATE_A, DATE_Z) + +# Give the certs notBefore dates in reverse priority order so we can test that +# the issuer/serial key id didn't affect prioritization. +int_matching = gencerts.create_intermediate_certificate('Intermediate', root) +int_matching.set_validity_range(DATE_A, DATE_Z) + +int_mismatch = gencerts.create_intermediate_certificate('Intermediate', root2) +int_mismatch.set_key(int_matching.get_key()) +int_mismatch.set_validity_range(DATE_C, DATE_Z) + +int_match_name_only = gencerts.create_intermediate_certificate( + 'Intermediate', root) +int_match_name_only.set_key(int_matching.get_key()) +int_match_name_only.set_validity_range(DATE_B, DATE_Z) + +section = int_matching.config.get_section('signing_ca_ext') +section.set_property('authorityKeyIdentifier', 'issuer:always') +target = gencerts.create_end_entity_certificate('Target', int_matching) +target.set_validity_range(DATE_A, DATE_Z) + +gencerts.write_chain('The 1st root', [root], out_pem='root.pem') +gencerts.write_chain('The 2nd root', [root2], out_pem='root2.pem') + +gencerts.write_chain( + 'Intermediate with matching issuer name & serial', + [int_matching], out_pem='int_matching.pem') + +gencerts.write_chain( + 'Intermediate with different issuer name & serial', + [int_mismatch], out_pem='int_mismatch.pem') + +gencerts.write_chain( + 'Intermediate with same issuer name & different serial', + [int_match_name_only], out_pem='int_match_name_only.pem') + +gencerts.write_chain('The target', [target], out_pem='target.pem') + diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_match_name_only.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_match_name_only.pem new file mode 100644 index 0000000000..4bc1e7f60d --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_match_name_only.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with same issuer name & different serial + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 27:4f:b6:81:70:40:f1:c5:b2:96:9c:1c:da:b0:bc:27:d5:3e:73:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e2:a1:85:d1:32:c8:5d:6a:2e:8a:5d:64:ff:87: + f5:84:7f:4c:9c:14:e8:04:f3:c3:e9:db:fd:bd:87: + 86:1a:82:dd:10:8a:85:57:9a:ab:5e:6a:94:a7:8d: + 5e:49:0a:0e:3e:2d:2d:5c:a7:78:78:3d:67:95:e0: + 73:a8:4a:6b:be:0f:61:ba:dc:40:c4:65:41:f0:fa: + a2:28:c7:b3:6d:0f:55:dd:e4:45:8d:e3:f4:3f:ca: + 54:e6:a0:a9:d0:2a:5b:99:42:7f:cf:1a:84:6f:bc: + 77:0a:14:53:dd:cb:77:38:9f:1d:7c:1c:89:13:53: + d7:43:c0:31:9a:56:8a:17:5e:2b:87:07:61:84:8d: + 8b:7e:b9:6b:f5:51:34:79:26:7b:5c:46:28:14:e5: + 6f:51:16:fa:14:8e:e2:be:03:67:bd:eb:cd:89:d6: + 93:95:66:d5:da:fa:8a:fb:79:e6:9b:a1:2f:a6:2d: + 59:aa:29:f7:74:29:07:07:b3:8c:1b:65:7c:18:24: + 89:fc:cb:fa:fd:17:5e:1c:cb:a8:22:f7:80:cc:57: + c3:72:8d:51:ef:4d:14:83:da:1e:5d:66:5f:c1:66: + c1:64:61:d5:a5:08:08:40:5d:99:90:51:e6:6f:bc: + b5:32:55:ef:f8:6d:4a:44:4e:f8:67:93:f6:a2:e2: + b8:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BD:F9:13:D6:3D:BB:66:4C:4C:F9:8E:E7:B2:8B:17:04:F8:73:D9:2E + X509v3 Authority Key Identifier: + keyid:0F:65:16:31:5F:9E:C8:16:9C:4F:54:54:37:82:56:28:FE:18:9D:71 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 91:2a:4e:b9:b4:67:69:68:8a:44:11:63:2d:96:ba:2a:fb:04: + d4:1d:49:60:14:5e:69:1f:8d:10:24:8f:62:fe:c3:cc:1e:0b: + a4:a9:35:ec:fa:f9:b9:09:d9:55:13:70:36:dc:9b:a2:d0:ed: + c6:75:2a:3b:29:8d:92:81:c9:f3:84:bd:f8:45:34:45:8a:5f: + 3e:c8:42:33:36:ef:6a:44:e2:ed:87:34:4a:b1:2f:32:eb:45: + 15:93:21:2f:08:32:c3:a4:76:75:96:bf:84:97:66:e8:d5:b1: + d2:8c:d1:7f:2f:74:1a:a5:1d:21:d5:34:cf:89:95:ca:37:91: + 31:bb:02:60:96:f8:b4:4b:c9:7e:39:ad:e9:43:2f:fd:04:a6: + ad:71:e4:52:eb:f7:3f:d9:1a:25:91:21:82:ad:36:13:17:b7: + 76:fc:55:85:be:e7:d5:38:97:fd:67:6b:54:97:9b:c7:00:07: + 5f:df:b7:cb:0b:21:7e:44:23:cb:ba:84:e8:4d:21:f8:0e:b7: + 64:de:34:2f:d2:80:ca:65:89:93:95:38:99:7e:73:2e:61:c6: + ee:b2:51:9b:71:d3:01:65:ca:60:2b:f7:2e:36:e8:2f:8e:bc: + a4:f4:0c:b5:3d:43:6e:d9:29:19:bf:85:6a:8c:42:76:87:de: + f5:b9:0f:45 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUJ0+2gXBA8cWylpwc2rC8J9U+c/gwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOKhhdEyyF1qLopdZP+H9YR/TJwU6ATzw+nb/b2HhhqC3RCK +hVeaq15qlKeNXkkKDj4tLVyneHg9Z5Xgc6hKa74PYbrcQMRlQfD6oijHs20PVd3k +RY3j9D/KVOagqdAqW5lCf88ahG+8dwoUU93LdzifHXwciRNT10PAMZpWihdeK4cH +YYSNi365a/VRNHkme1xGKBTlb1EW+hSO4r4DZ73rzYnWk5Vm1dr6ivt55puhL6Yt +Waop93QpBwezjBtlfBgkifzL+v0XXhzLqCL3gMxXw3KNUe9NFIPaHl1mX8FmwWRh +1aUICEBdmZBR5m+8tTJV7/htSkRO+GeT9qLiuNkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUvfkT1j27ZkxM+Y7nsosXBPhz2S4wHwYDVR0jBBgwFoAUD2UWMV+eyBacT1RU +N4JWKP4YnXEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCRKk65tGdpaIpEEWMtlroq+wTUHUlgFF5pH40Q +JI9i/sPMHgukqTXs+vm5CdlVE3A23Jui0O3GdSo7KY2SgcnzhL34RTRFil8+yEIz +Nu9qROLthzRKsS8y60UVkyEvCDLDpHZ1lr+El2bo1bHSjNF/L3QapR0h1TTPiZXK +N5ExuwJglvi0S8l+Oa3pQy/9BKatceRS6/c/2RolkSGCrTYTF7d2/FWFvufVOJf9 +Z2tUl5vHAAdf37fLCyF+RCPLuoToTSH4Drdk3jQv0oDKZYmTlTiZfnMuYcbuslGb +cdMBZcpgK/cuNugvjryk9Ay1PUNu2SkZv4VqjEJ2h971uQ9F +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_matching.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_matching.pem new file mode 100644 index 0000000000..c0883e1192 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_matching.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with matching issuer name & serial + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 27:4f:b6:81:70:40:f1:c5:b2:96:9c:1c:da:b0:bc:27:d5:3e:73:f7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e2:a1:85:d1:32:c8:5d:6a:2e:8a:5d:64:ff:87: + f5:84:7f:4c:9c:14:e8:04:f3:c3:e9:db:fd:bd:87: + 86:1a:82:dd:10:8a:85:57:9a:ab:5e:6a:94:a7:8d: + 5e:49:0a:0e:3e:2d:2d:5c:a7:78:78:3d:67:95:e0: + 73:a8:4a:6b:be:0f:61:ba:dc:40:c4:65:41:f0:fa: + a2:28:c7:b3:6d:0f:55:dd:e4:45:8d:e3:f4:3f:ca: + 54:e6:a0:a9:d0:2a:5b:99:42:7f:cf:1a:84:6f:bc: + 77:0a:14:53:dd:cb:77:38:9f:1d:7c:1c:89:13:53: + d7:43:c0:31:9a:56:8a:17:5e:2b:87:07:61:84:8d: + 8b:7e:b9:6b:f5:51:34:79:26:7b:5c:46:28:14:e5: + 6f:51:16:fa:14:8e:e2:be:03:67:bd:eb:cd:89:d6: + 93:95:66:d5:da:fa:8a:fb:79:e6:9b:a1:2f:a6:2d: + 59:aa:29:f7:74:29:07:07:b3:8c:1b:65:7c:18:24: + 89:fc:cb:fa:fd:17:5e:1c:cb:a8:22:f7:80:cc:57: + c3:72:8d:51:ef:4d:14:83:da:1e:5d:66:5f:c1:66: + c1:64:61:d5:a5:08:08:40:5d:99:90:51:e6:6f:bc: + b5:32:55:ef:f8:6d:4a:44:4e:f8:67:93:f6:a2:e2: + b8:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BD:F9:13:D6:3D:BB:66:4C:4C:F9:8E:E7:B2:8B:17:04:F8:73:D9:2E + X509v3 Authority Key Identifier: + keyid:0F:65:16:31:5F:9E:C8:16:9C:4F:54:54:37:82:56:28:FE:18:9D:71 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 16:cb:0b:89:93:42:ae:5c:b4:4a:04:49:7c:4c:fd:bd:7e:75: + d6:38:b8:e5:c7:52:06:51:84:c6:11:86:8f:ab:70:59:83:23: + b0:15:68:b6:5d:84:1b:63:75:28:1e:a5:2f:11:80:12:f0:ac: + 0f:77:b5:db:22:0b:c0:ef:12:28:b8:72:fb:26:70:7c:2b:2c: + 8f:4a:65:c4:69:0c:19:d1:58:2d:73:69:07:1c:09:23:0d:3c: + c9:80:44:66:8f:d0:b1:b4:46:6f:1e:70:a3:9a:64:47:07:12: + 1a:66:2a:c5:59:65:b3:a5:47:07:34:85:81:f6:77:49:0c:bc: + 8f:e5:36:1f:3c:22:6f:e6:1c:d1:6d:39:8b:2a:09:db:20:6f: + 48:dd:39:14:cf:16:0f:2e:43:34:c3:6c:a4:9e:3c:b3:50:38: + d0:f0:d3:c3:44:e1:34:73:d2:5f:d1:33:34:b5:b2:40:89:53: + 85:8f:dd:34:a4:3f:3a:66:7b:1b:e0:47:a4:1e:2a:1c:56:78: + 2b:05:87:69:22:52:68:d9:e8:99:40:79:c2:dd:0c:cd:ff:a0: + 31:3b:51:a6:ed:14:af:88:9c:2e:52:28:4f:32:7d:ce:d1:4c: + f4:a2:2c:a5:bd:d5:14:76:82:6d:ab:4b:c2:b8:88:b1:bc:23: + 25:a2:c7:aa +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUJ0+2gXBA8cWylpwc2rC8J9U+c/cwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOKhhdEyyF1qLopdZP+H9YR/TJwU6ATzw+nb/b2HhhqC3RCK +hVeaq15qlKeNXkkKDj4tLVyneHg9Z5Xgc6hKa74PYbrcQMRlQfD6oijHs20PVd3k +RY3j9D/KVOagqdAqW5lCf88ahG+8dwoUU93LdzifHXwciRNT10PAMZpWihdeK4cH +YYSNi365a/VRNHkme1xGKBTlb1EW+hSO4r4DZ73rzYnWk5Vm1dr6ivt55puhL6Yt +Waop93QpBwezjBtlfBgkifzL+v0XXhzLqCL3gMxXw3KNUe9NFIPaHl1mX8FmwWRh +1aUICEBdmZBR5m+8tTJV7/htSkRO+GeT9qLiuNkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUvfkT1j27ZkxM+Y7nsosXBPhz2S4wHwYDVR0jBBgwFoAUD2UWMV+eyBacT1RU +N4JWKP4YnXEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAWywuJk0KuXLRKBEl8TP29fnXWOLjlx1IGUYTG +EYaPq3BZgyOwFWi2XYQbY3UoHqUvEYAS8KwPd7XbIgvA7xIouHL7JnB8KyyPSmXE +aQwZ0Vgtc2kHHAkjDTzJgERmj9CxtEZvHnCjmmRHBxIaZirFWWWzpUcHNIWB9ndJ +DLyP5TYfPCJv5hzRbTmLKgnbIG9I3TkUzxYPLkM0w2yknjyzUDjQ8NPDROE0c9Jf +0TM0tbJAiVOFj900pD86Znsb4EekHiocVngrBYdpIlJo2eiZQHnC3QzN/6AxO1Gm +7RSviJwuUihPMn3O0Uz0oiylvdUUdoJtq0vCuIixvCMloseq +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_mismatch.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_mismatch.pem new file mode 100644 index 0000000000..4b6fce08e5 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/int_mismatch.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with different issuer name & serial + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 28:91:93:c8:61:2d:bb:b9:e0:39:3e:3f:37:ee:56:60:5e:6f:b6:82 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root2 + Validity + Not Before: Jan 3 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e2:a1:85:d1:32:c8:5d:6a:2e:8a:5d:64:ff:87: + f5:84:7f:4c:9c:14:e8:04:f3:c3:e9:db:fd:bd:87: + 86:1a:82:dd:10:8a:85:57:9a:ab:5e:6a:94:a7:8d: + 5e:49:0a:0e:3e:2d:2d:5c:a7:78:78:3d:67:95:e0: + 73:a8:4a:6b:be:0f:61:ba:dc:40:c4:65:41:f0:fa: + a2:28:c7:b3:6d:0f:55:dd:e4:45:8d:e3:f4:3f:ca: + 54:e6:a0:a9:d0:2a:5b:99:42:7f:cf:1a:84:6f:bc: + 77:0a:14:53:dd:cb:77:38:9f:1d:7c:1c:89:13:53: + d7:43:c0:31:9a:56:8a:17:5e:2b:87:07:61:84:8d: + 8b:7e:b9:6b:f5:51:34:79:26:7b:5c:46:28:14:e5: + 6f:51:16:fa:14:8e:e2:be:03:67:bd:eb:cd:89:d6: + 93:95:66:d5:da:fa:8a:fb:79:e6:9b:a1:2f:a6:2d: + 59:aa:29:f7:74:29:07:07:b3:8c:1b:65:7c:18:24: + 89:fc:cb:fa:fd:17:5e:1c:cb:a8:22:f7:80:cc:57: + c3:72:8d:51:ef:4d:14:83:da:1e:5d:66:5f:c1:66: + c1:64:61:d5:a5:08:08:40:5d:99:90:51:e6:6f:bc: + b5:32:55:ef:f8:6d:4a:44:4e:f8:67:93:f6:a2:e2: + b8:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BD:F9:13:D6:3D:BB:66:4C:4C:F9:8E:E7:B2:8B:17:04:F8:73:D9:2E + X509v3 Authority Key Identifier: + keyid:08:D2:FA:18:64:5B:EC:E9:49:1A:79:FD:B3:78:0E:51:7E:1A:CF:F5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root2.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8c:6f:af:93:10:11:6e:97:08:e9:39:d3:8f:47:27:a5:9d:c9: + 0c:ae:45:bf:e6:52:e3:36:eb:41:40:c4:07:df:2f:b8:7c:8d: + de:02:f9:15:82:3f:b3:b4:30:54:8c:45:1f:50:99:bb:f3:d7: + 54:f4:06:a8:2f:86:78:94:d0:0a:ee:3c:55:a7:c4:c6:a9:5b: + de:78:94:b6:61:cc:2a:68:e0:99:37:ff:bb:cf:60:59:5d:85: + ec:93:f8:f5:e9:ec:7a:89:e6:2a:b8:0d:ca:87:14:d9:8c:fd: + 71:b8:5b:38:b4:26:e6:d7:21:78:c4:4e:a0:5f:e3:d7:dc:19: + 19:0f:7d:2f:e8:bd:64:94:ec:5f:aa:1f:f7:81:21:f4:a4:c8: + 05:0a:85:25:6b:ab:72:0d:5c:ff:8f:aa:d8:51:3b:dc:f1:d0: + 5c:0f:84:27:f4:60:dc:ca:e6:d7:72:c6:18:4e:28:3b:39:67: + 1d:f2:5d:33:f2:ab:2e:8d:a2:48:57:d9:4e:22:30:ca:fb:4f: + 9b:22:7d:12:aa:f8:ea:26:3f:18:68:69:66:43:e9:c6:12:92: + 5a:73:12:7b:5b:00:cf:e1:80:c6:28:a7:33:01:41:a6:67:08: + 7e:cf:5c:59:67:e9:47:57:0c:5b:d5:58:0f:36:22:a0:74:56: + ed:92:6d:40 +-----BEGIN CERTIFICATE----- +MIIDgzCCAmugAwIBAgIUKJGTyGEtu7ngOT4/N+5WYF5vtoIwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDIwHhcNMTUwMTAzMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDioYXRMshdai6KXWT/h/WEf0ycFOgE88Pp2/29h4Yagt0Q +ioVXmqteapSnjV5JCg4+LS1cp3h4PWeV4HOoSmu+D2G63EDEZUHw+qIox7NtD1Xd +5EWN4/Q/ylTmoKnQKluZQn/PGoRvvHcKFFPdy3c4nx18HIkTU9dDwDGaVooXXiuH +B2GEjYt+uWv1UTR5JntcRigU5W9RFvoUjuK+A2e9682J1pOVZtXa+or7eeaboS+m +LVmqKfd0KQcHs4wbZXwYJIn8y/r9F14cy6gi94DMV8NyjVHvTRSD2h5dZl/BZsFk +YdWlCAhAXZmQUeZvvLUyVe/4bUpETvhnk/ai4rjZAgMBAAGjgc0wgcowHQYDVR0O +BBYEFL35E9Y9u2ZMTPmO57KLFwT4c9kuMB8GA1UdIwQYMBaAFAjS+hhkW+zpSRp5 +/bN4DlF+Gs/1MDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAoYcaHR0cDovL3Vy +bC1mb3ItYWlhL1Jvb3QyLmNlcjAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vdXJs +LWZvci1jcmwvUm9vdDIuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCMb6+TEBFulwjpOdOPRyelnckMrkW/5lLj +NutBQMQH3y+4fI3eAvkVgj+ztDBUjEUfUJm789dU9AaoL4Z4lNAK7jxVp8TGqVve +eJS2YcwqaOCZN/+7z2BZXYXsk/j16ex6ieYquA3KhxTZjP1xuFs4tCbm1yF4xE6g +X+PX3BkZD30v6L1klOxfqh/3gSH0pMgFCoUla6tyDVz/j6rYUTvc8dBcD4Qn9GDc +yubXcsYYTig7OWcd8l0z8qsujaJIV9lOIjDK+0+bIn0SqvjqJj8YaGlmQ+nGEpJa +cxJ7WwDP4YDGKKczAUGmZwh+z1xZZ+lHVwxb1VgPNiKgdFbtkm1A +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Intermediate.key b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Intermediate.key new file mode 100644 index 0000000000..0e484018a7 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4qGF0TLIXWouil1k/4f1hH9MnBToBPPD6dv9vYeGGoLdEIqF +V5qrXmqUp41eSQoOPi0tXKd4eD1nleBzqEprvg9hutxAxGVB8PqiKMezbQ9V3eRF +jeP0P8pU5qCp0CpbmUJ/zxqEb7x3ChRT3ct3OJ8dfByJE1PXQ8AxmlaKF14rhwdh +hI2Lfrlr9VE0eSZ7XEYoFOVvURb6FI7ivgNnvevNidaTlWbV2vqK+3nmm6Evpi1Z +qin3dCkHB7OMG2V8GCSJ/Mv6/RdeHMuoIveAzFfDco1R700Ug9oeXWZfwWbBZGHV +pQgIQF2ZkFHmb7y1MlXv+G1KRE74Z5P2ouK42QIDAQABAoIBADtf+gEu/tOKiBr0 +EQvpgOdvupCB4a+6da+FVVsccIPtmSFGSV0ERrV70up63SLhoY2kpGfL8IIABG19 +2o9SwBuRSBd+sPFDXh1WbLmmaFnAVMzHi3l7KXi0971chmDlWA41H+sQlXX4uG9J +mBdZwShyd3UWvMr1gkZbyiMXXSJ1qVPray741cjXW2FYR6G6GGoz/7hhNOSwn1M8 +JSNJ4GXHJ/FuZAByqkAkACopSrB/E+TwCDIr9Ut/Bag2qst8CRj9U/tSsWXHxQcM +zxoFPMxBjDqPl927dCXByJj37+KA+swAB2veky24HCiHQQ34U1XKvyLXlRFTMw13 +OrmeYgkCgYEA9H2GftNzwE1Op91YJ5T2NbvjeeKhKVYYEXG7iVfgnCPBUTkWUwpA +OCKdEW3FQTyBcgSKy+0G4aZBFkzdxiXpbhzYyzTpD/1VpwzwF/d995n9hGzUz5Fe +TMbfbZGSaPddoIADl7xMU1HlWIpyuy4rLUJAuFsJ2hdrDwq553ywHVMCgYEA7UzD +1/Ny4goguJKnt9ifaC7MCKITaP1yui3w9FHIr4R2zDkKH5SfnO7PzEzTnZ8mWtbd +IcoTjqQQiYk9j0wv6rhBYibhkLp/n4WtQFSuIA+T8Ikyhin/VPHwi/U9PmixK+kg +fo8n2Kadj1lf/sbuKRw25j5feToYqBP4Bl6hH6MCgYEAjs9XpXNMFJLTk/gVyyEW +4/I5AHQhoSyZ6G6fla0QFQRJonEPGjhNpLyLNKgC5YU7M2d1z4JHV70uHaGOlXSF +sn0FIUVpsZ5PzsEe6VD2co+vZw/PCuOlyoEL90tl0wxS0zKTZqllh/G5XouYUr+4 +FrqxZT5ANfUh4upoBtBtauMCgYBNXeTQKIBBMBog8zeZWhgGyJMfEXCQn2ljSA0y +KuPqTZ7J0KL7TuKHMNkw+69WyYegwELSfGbJ77Wwkb0vViCdPzuZ+6E5JYTshpHI +0pL+wvVxy9lcIp8rm8HYb7lq+okhDt3YRWYxXYkrLnF8yHDnmFpR0O4hwQ4+5lvL +/9g6TwKBgHhsgF80iElv/rQD7HhTy7IHlVRQuJUH9f2NabgrnsNaYIKX/m9c0Hg9 +tAPfNjOmLG8VwObyRL6IX67NmMIQcCttuhxiqdFDUivkh1RkTCpzYBukXPoY7aPz +7+wcqI9HiJpD7IKZ6Ca15st8teg8xlyMu4ic4xqWSlntnoFKrol9 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root.key b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root.key new file mode 100644 index 0000000000..c4fd60e700 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA1cJvC/RWxo/Fs91KfR7QlA67tHGYg9TUkhEnGtzzXOhX27nu +Ah6+yrSB8W2SpkDD4IIf638gadoSkcaWSHMY+EM1N8ldlzNcqpkymJO1UQXqT5JX +qXDUBXaIDmoW0uBgkV8vDah9SFS8mkFgm/IS3U+xgeL8+JooI7Xbu84RnX6YII+Q +KSKsXCjFGh+XflpVvivDs4NHWgp9a7PI/70XaBmksTPomUquXlyuBn3QhWzRT0Bo +eqLLL5vrbYI5B5GHA56DljnIBjRNYecHRPXqJIqxQ+MU/VlMolSPnHsKZQ8+ez84 +29h2eChC27Wk/Y8PUWbUPeKz1i4+n5TdTTm68QIDAQABAoIBAB0iFshmUL1XMvbE +njZXUM4dA/Af2018YExYEiBTJMfw0qibupiHYDF4UI17BZWrFgcvNPJ/rQdANW+w +xSKyrSCI6GPmCd9lnKeToZWx6/BTAhA+PbxWKE9mTDzKsLmk4wRtGJif8hM9mUbc +yjH22CNZjTPKn/ex6u6TBpOeDkCMlHWcdhX9pvIQqpSuZuukPlaOQbahdy3smQEE +eJLK4g4oi2aqi8L38NF30Ht+MZo11+oo4DOoeWKsTFljU+WIdhwGxBMnMISuPYSu +ayR6X3lqWPIC4g61Q0Pkm4+Jf+RtwK95RX3eTStwJLY2pn07uF4zlxOzlpT6ACd+ +dcVXdxECgYEA/B+XHmarDgrMo56D2LASU+Z1ABtTxRjt/KV7DUL6j4SsVPzCix0t +BwFfSsUXyWxwn3P8knnV+yAwVJSZUn+azrFF8GUOQsWQO4Onvc+/IdcOCZz5S73c +ZCSXh2MUi0nitmbR5jpZKTOkGLIe4GtX/LA42NbQ6S3OL8chbeDC2j8CgYEA2QvV +1KCKR0+mvtmz8lZF4wmugICXqxXIRTpQTe31Ldzusx+xnGGG5y33ttnMX5dWs9zY +64p31OZUWDQPnQUHspNS9Frr5wwrZrxQfRRL4NeyAuX46ssHdMhCuQBG/FtT0pAv +uzX3l0cdjdXNbtIfhl1tHT4uCxJKIOqauM0wPs8CgYAtQLJMF5tuOsv+Ni5uDzRK +8NthOIZxowbcSQtsFvCIIAUaf/+fHo59amajMfsSAS+5vwS/ebTJjT5/f+iBITw1 +CyaFfm3v2CwKMphB/m7M8R+o5A7u5FYRd2vnNgZy9cEGgi/8hc6JEabLc/UMzNeP +GEYrzWrT34/ZjYFXincO2wKBgQCOvTXXK+1EkKF8iffJu+siMM/OOsOEBEM9I+iE +F6ZSjyV8L6/CxHDPwG9UlU/O3dxrVSZjYSEFpqR5jWNnRFOXoUPA57qUrHAulFHq +sFpmd/Pd7BgTcYppxvn6aLBGblll9OUvHYLCvkY1bRI5e364AuErhiUJqvGNTDyM +pITCCQKBgAGKrwzm670pS9TS40seZUiZ5o8MVAMOR0EwBZJmwwbQ2nNAeIGW8mwU +H7HHiR9EnN9BYJJ7VQSoSSLng8IBx//TxPKDCrWLLLaDyq6FWIAV1XlH3qcku0nV +K7yT0PbJly142ADQXpN+0z7M+9UzwGWrLo7YL+0eTS8oxK3622Ko +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root2.key b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root2.key new file mode 100644 index 0000000000..247761a883 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Root2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA9mCR4DTnFrl7N7F3y69vfKq6pID+pcZO8WSiJMp8iiybTDXB +8vK7a3TPRGo+Ubc9/P4icQD/FCAUMEMMr8xCHBYU0FJbREWWe3+/QKY+TctyHYBf +yCsuv7PYEMeGChBA5rHIlDoCCmlxcuzfkySVobgJzU0lpc4epZfXG2ubVmDCFwSm +T8kYeER7TB/un2/+gd4KNFVme+ylFLq/bT5b8pf2brqR4cqox3uKCgsRuA8FOSR1 +b0FX46BdlJr3bJnvkDYA0/ONu3IspJe4QV8rC5hPxvCVabERMnoKWTvnobCPRTMp +SX+g8GfFo0dpATRWrYJ3j2T524vpe2rw65JuXQIDAQABAoIBAQDCLLvra2ZRd5+P +9jNG+Z4xL9Fngy6u8ksXXsuXmWpr79n5R0jzM7DYcLhF4EH7XyLguF3ml/VxJBMl +MkLWbnIP9qsywCWj+gAulzDhP+RMpbHrZFiYxsfSWGhKWSXf2o18A9PkVo9zK0U5 +YUyXiDbRvN0ky8+HDJsEwVXMC5Pij1WmHwe/z45zFPLwWiLCLO8kZZbnQgjRBQSY +Gbe6yaYPvhnrTXbEEw9bCvbmOd8ONBx2Lm99RitA9c5Q7EDF26N6lmShXbsJ/Ptu +/CJtTk+fhFts2ekF4wlEbA2Etudv9MXXTi1MBVT24s/W99LK2DyjMfFbKN31NZ5J +5CQkVi+VAoGBAP2JdTf4A4nqWsdb1+/8f7tL5yIhof29dxrmpx1iH1qBY6r7571h +M71jTEME6rgZW5O8N4zhl6loffS7+r6YetA3uZZ5EV2n0L4Ta/qUR1bsYVu5Zzth +q8YI+2RsWmajP/Evh2AnN9VJ0eCDm8i8ZzaDfQ99tUOn6Gc3cZR68Hp7AoGBAPjF +TkuhIkst/GNgcV/nNChrjcQj7KZKo+IrWWJpUw2McYq6piIqXrALKYiG7JbwfVs+ +Exa32lcesD0lwO4uOxRZ8uF/KslJ25o2eNHlVYAuo46V6yQT3bTfpgqcDkOLvoHn +Cqv+ndAZtmj0HaIMuuONB/TQVf3PgLzWSHvlP68HAoGAAx85MUo9iOo42fGYlBzw +2baSjwoI+53kpJEoh6UYq72iI43cialzwKZDXyPlXAT76rLLoFF605w0yNmzubsY +8A1vnJm7DAMv/9cvYjOHOVvJyx5aVhHa0qJzrgXjixYBiI/EQ/vXpSm2iuQz++HO +B47Q8Grk24NqyjKVlHV7FpcCgYEAhO2RH7JzS66/3S4shq1ZXnvSHcuAaX8awQCe +24oiGexAw3tmyHzRacodIFnQU/sfUMEDnDETl1fLnnDs/Zhwczh5Ius7pqEzmdyf +hLDBliPVu5v6MKX44uxaofKvYIJsgqc9OZhtJUSIBt7icrPQrUSvyq4ENQJK7Ryn +UKS3+cMCgYByOYdbC+KB4A70d+20w9s309/yqOhxO4yppRujGmiDhP0yVVSAmNh5 +02kBceW9ZlOKrQfE9ZfWq+OY2FFqOw+8e7nHTPfWyqCIuUdYZzYA9vEPWdj6zS3/ +8Y1Q3mpvNIirPkFw/btbzv8kZGHijHh+KKQgsG8tx3Dv666FDszJTA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Target.key b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Target.key new file mode 100644 index 0000000000..60f9196156 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEoQIBAAKCAQEAwPpmpYvozhjRusB7Tzdx6zE8jQH7ew/I6sRILUBVhH0X8GqJ +OqrK2WmeQXlEz7voR3rDm1klUeynksnHmeLZ3P9vS2A4w6ChUmvkBSvPHEsC8B6w +vnQDrmeVLCmhqFlIg8DcSeKhJ76wazgN+nzwOW79d8NdQ08gSYU3PdzCjQhe2XjH +BxalGA8liPid75cd0g7/WMejLvpXrzBt1e8ORibXKwn3g2MjTpsu6ZZmdWHBU8dY +RcXdwfYzSbwLAnWvrip2lL0KlFWJSq60qF5NnDBkg5LO3bOFq/q1nPznt3SzjCdn +jxYMWSM23DMxcqvDYNwvT7bysW3cSlSAYR95vwIDAQABAoH/OgsW1LRAUb0lWAaN +EEac/SDSFZeDDICy7eoby4COOEtn5+gjXoIAgWRDNW5ERDdApj9GlnM5xmpn/L60 +SpTw8ofh8cn/SNgHrcLF0shagygMuiyA/MfoU4zUUXQ0K26vYPGhUJfZ4Rp59cXm +bnEl0CCSHHOmmZgzHenzs6ey3Lgg07BklpBvPGk1VC5fZSHAbSgPGpe2NBk3cBrb +fAW97t9h9A2GkdTm3i6klXmlGr8HBbmOwZko4LsVazfNSMYZO0/umfyeofv4PPyr +TKnGZsJaYWBqgG8BGagM4eErv69VmiDPO1ok6HHPLMKmbopkqVM1VPBZOSpIqapd +hw+JAoGBAP8phRFid7Su1jPOspfVOijKQoK/4I6qwX5WaGOUxVIUPezgAF2mr21o +wq6fw3e0VYmOsI4Cz26zryahwgsb4HXjT0O1Ax/CDEpVHCilJXzVNp+4cEvf3Ds2 +GypvWOkjy8BMD3xKKWY8my5CL86Jdhy7SuWXjT7PIJWogZrx/nLDAoGBAMGcnImA +MSZFKiscuA4pTyuxqaBNl+amGYfFbUrJ39bwsquz+rW28U/U8WZ3+hFl+yfqe+07 +y34YnZ5xx2VLu9lbxrTSsohYlwkGVwK/n6IEXlNKXwhiFMcF9lDeFNs9sqXUKn+u +xtPKyCR232WYyIS6c8yFzayyDGvGkE8uizVVAoGAQftHmLZAxC1N4Lm7fv25e2DK +ECtz8xB+1p+bgNywpcfsN3u5PH5k8MLdTPCtSCAO2nJWf3KEl1jJmxDLL7o2seVk +0tpVA3pXWUVm8a+64Ov1oxm7mDM8LOeR4MhIUolaH9DLVFWNHQ3hBvZAjIUJUOax +uGsXMD25bFnVoe6f4KcCgYEAqbM+1ZqB+fxXqLAkd20n0rGHb1VzlhvydrnKQOpP +A1O4F53KWyn9uy53ZIw2qLdNe8AgXWCyzVSAGxe5YQUPosW5llazW6TixWtEKsmQ +/u57St/+ChgGBCgqrNjrSPt8MbOUiJPF/G9aG/QBfUh8QTI4O4TwMLVjA7hoVq8C +H30CgYADVzRsfD1QWMLoh6H7rDWNwGsd0cuP5DAaOKlsDxlEiOgwtStilCFitqJg +BasclPlr3/AmZR5mvx9upzZrfuUCN6wlptnZ0YAlsYjHbt062GAOsVAOYxnKyyqi +IJScZtEjsTfoLdFXGWR6mAql0UTQkCxenT2Z4XjXb7fj3sSBmw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root.pem new file mode 100644 index 0000000000..66aa989563 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +The 1st root + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 27:4f:b6:81:70:40:f1:c5:b2:96:9c:1c:da:b0:bc:27:d5:3e:73:f6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d5:c2:6f:0b:f4:56:c6:8f:c5:b3:dd:4a:7d:1e: + d0:94:0e:bb:b4:71:98:83:d4:d4:92:11:27:1a:dc: + f3:5c:e8:57:db:b9:ee:02:1e:be:ca:b4:81:f1:6d: + 92:a6:40:c3:e0:82:1f:eb:7f:20:69:da:12:91:c6: + 96:48:73:18:f8:43:35:37:c9:5d:97:33:5c:aa:99: + 32:98:93:b5:51:05:ea:4f:92:57:a9:70:d4:05:76: + 88:0e:6a:16:d2:e0:60:91:5f:2f:0d:a8:7d:48:54: + bc:9a:41:60:9b:f2:12:dd:4f:b1:81:e2:fc:f8:9a: + 28:23:b5:db:bb:ce:11:9d:7e:98:20:8f:90:29:22: + ac:5c:28:c5:1a:1f:97:7e:5a:55:be:2b:c3:b3:83: + 47:5a:0a:7d:6b:b3:c8:ff:bd:17:68:19:a4:b1:33: + e8:99:4a:ae:5e:5c:ae:06:7d:d0:85:6c:d1:4f:40: + 68:7a:a2:cb:2f:9b:eb:6d:82:39:07:91:87:03:9e: + 83:96:39:c8:06:34:4d:61:e7:07:44:f5:ea:24:8a: + b1:43:e3:14:fd:59:4c:a2:54:8f:9c:7b:0a:65:0f: + 3e:7b:3f:38:db:d8:76:78:28:42:db:b5:a4:fd:8f: + 0f:51:66:d4:3d:e2:b3:d6:2e:3e:9f:94:dd:4d:39: + ba:f1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 0F:65:16:31:5F:9E:C8:16:9C:4F:54:54:37:82:56:28:FE:18:9D:71 + X509v3 Authority Key Identifier: + keyid:0F:65:16:31:5F:9E:C8:16:9C:4F:54:54:37:82:56:28:FE:18:9D:71 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 1d:1b:35:fa:ae:d4:94:be:d2:76:bc:5b:80:f6:db:48:c3:c7: + eb:78:9d:ff:b6:fa:cf:15:e7:97:fc:74:d0:16:a4:20:5d:db: + ab:87:8a:a3:ad:c7:79:cb:be:67:21:19:83:5b:0f:29:4e:1c: + 40:d6:fd:4a:b1:58:94:6d:5f:66:1e:3b:ab:62:5e:6f:e0:c0: + 95:a3:aa:cb:63:5a:7d:a8:dd:1b:4c:0b:49:24:b6:a1:b7:5a: + c0:2c:8e:ca:5b:d8:df:3e:bf:c9:53:fd:22:26:d7:3d:7a:18: + 2e:04:ce:41:e1:9a:d6:ef:8e:20:c6:f7:e5:8a:7e:f0:07:e5: + 4f:76:d2:cb:0e:8a:6b:1c:c4:72:bf:06:d7:31:92:8e:3a:0b: + 0b:de:a3:56:29:3a:c7:f3:69:f4:87:b6:7d:45:10:f6:f7:75: + 35:fb:5e:3e:70:66:40:19:ef:48:1a:04:db:d5:d5:85:a3:0e: + a7:27:93:af:3b:fd:6d:02:57:6c:d4:85:8a:1c:20:61:67:62: + a1:24:a2:6d:04:df:cf:a9:22:30:6d:f6:20:3f:20:99:7d:7a: + 12:44:69:40:53:0f:72:b8:68:a3:2a:f0:d9:27:23:9d:18:0c: + 09:4c:6c:70:f4:00:62:6c:ec:f6:7b:63:a9:87:5e:73:1e:62: + a4:96:ca:dc +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUJ0+2gXBA8cWylpwc2rC8J9U+c/YwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDVwm8L9FbGj8Wz3Up9HtCUDru0cZiD1NSSESca3PNc6Ffbue4CHr7KtIHx +bZKmQMPggh/rfyBp2hKRxpZIcxj4QzU3yV2XM1yqmTKYk7VRBepPklepcNQFdogO +ahbS4GCRXy8NqH1IVLyaQWCb8hLdT7GB4vz4migjtdu7zhGdfpggj5ApIqxcKMUa +H5d+WlW+K8Ozg0daCn1rs8j/vRdoGaSxM+iZSq5eXK4GfdCFbNFPQGh6ossvm+tt +gjkHkYcDnoOWOcgGNE1h5wdE9eokirFD4xT9WUyiVI+cewplDz57Pzjb2HZ4KELb +taT9jw9RZtQ94rPWLj6flN1NObrxAgMBAAGjgcswgcgwHQYDVR0OBBYEFA9lFjFf +nsgWnE9UVDeCVij+GJ1xMB8GA1UdIwQYMBaAFA9lFjFfnsgWnE9UVDeCVij+GJ1x +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAHRs1+q7UlL7SdrxbgPbbSMPH63id/7b6zxXnl/x00BakIF3b +q4eKo63Hecu+ZyEZg1sPKU4cQNb9SrFYlG1fZh47q2Jeb+DAlaOqy2NafajdG0wL +SSS2obdawCyOylvY3z6/yVP9IibXPXoYLgTOQeGa1u+OIMb35Yp+8AflT3bSyw6K +axzEcr8G1zGSjjoLC96jVik6x/Np9Ie2fUUQ9vd1NftePnBmQBnvSBoE29XVhaMO +pyeTrzv9bQJXbNSFihwgYWdioSSibQTfz6kiMG32ID8gmX16EkRpQFMPcrhooyrw +2ScjnRgMCUxscPQAYmzs9ntjqYdecx5ipJbK3A== +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root2.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root2.pem new file mode 100644 index 0000000000..c3e05dc2b5 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/root2.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +The 2nd root + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 28:91:93:c8:61:2d:bb:b9:e0:39:3e:3f:37:ee:56:60:5e:6f:b6:81 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root2 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f6:60:91:e0:34:e7:16:b9:7b:37:b1:77:cb:af: + 6f:7c:aa:ba:a4:80:fe:a5:c6:4e:f1:64:a2:24:ca: + 7c:8a:2c:9b:4c:35:c1:f2:f2:bb:6b:74:cf:44:6a: + 3e:51:b7:3d:fc:fe:22:71:00:ff:14:20:14:30:43: + 0c:af:cc:42:1c:16:14:d0:52:5b:44:45:96:7b:7f: + bf:40:a6:3e:4d:cb:72:1d:80:5f:c8:2b:2e:bf:b3: + d8:10:c7:86:0a:10:40:e6:b1:c8:94:3a:02:0a:69: + 71:72:ec:df:93:24:95:a1:b8:09:cd:4d:25:a5:ce: + 1e:a5:97:d7:1b:6b:9b:56:60:c2:17:04:a6:4f:c9: + 18:78:44:7b:4c:1f:ee:9f:6f:fe:81:de:0a:34:55: + 66:7b:ec:a5:14:ba:bf:6d:3e:5b:f2:97:f6:6e:ba: + 91:e1:ca:a8:c7:7b:8a:0a:0b:11:b8:0f:05:39:24: + 75:6f:41:57:e3:a0:5d:94:9a:f7:6c:99:ef:90:36: + 00:d3:f3:8d:bb:72:2c:a4:97:b8:41:5f:2b:0b:98: + 4f:c6:f0:95:69:b1:11:32:7a:0a:59:3b:e7:a1:b0: + 8f:45:33:29:49:7f:a0:f0:67:c5:a3:47:69:01:34: + 56:ad:82:77:8f:64:f9:db:8b:e9:7b:6a:f0:eb:92: + 6e:5d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 08:D2:FA:18:64:5B:EC:E9:49:1A:79:FD:B3:78:0E:51:7E:1A:CF:F5 + X509v3 Authority Key Identifier: + keyid:08:D2:FA:18:64:5B:EC:E9:49:1A:79:FD:B3:78:0E:51:7E:1A:CF:F5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root2.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c9:83:91:ee:f4:25:4a:fa:fb:ef:df:cc:8f:64:bf:3c:d5:22: + fe:35:6e:27:a8:99:a8:cc:e9:e2:35:3d:d3:5a:f1:8e:24:2a: + 76:69:03:62:17:c7:bf:03:97:f6:74:d3:6f:bf:67:bf:2a:93: + c1:92:0a:1c:95:d8:02:7e:d6:ab:92:da:67:98:13:61:7b:57: + ae:60:a0:67:a5:22:73:6d:4d:0c:ae:f2:4f:c5:dc:5c:da:7f: + 0b:2f:48:31:1f:db:fc:df:2e:4f:a9:d5:24:ad:ba:f3:7a:99: + f1:0a:ae:09:2a:75:e2:d2:0d:1b:d9:93:aa:92:69:ba:e6:f4: + ef:7d:18:0e:3a:16:a5:5c:de:66:3e:42:61:55:48:07:7b:b2: + c9:d4:4a:77:02:ea:74:11:c5:35:61:92:42:af:c3:0b:46:ee: + 21:50:fb:90:a5:92:e5:34:c8:1f:c6:c8:2c:d7:f4:35:dd:99: + ed:6d:94:be:83:db:d1:90:03:ea:7f:02:97:34:4f:7a:91:96: + f9:17:42:34:f4:44:97:18:3e:c3:93:61:ad:e0:14:09:1f:ce: + 75:5d:5d:7b:76:94:ae:80:5b:62:a4:ae:17:f8:1a:0c:b8:82: + d5:29:9f:bd:75:a9:6d:98:53:73:25:d4:6c:f6:2d:2e:3a:a2: + 2a:35:ce:97 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUKJGTyGEtu7ngOT4/N+5WYF5vtoEwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDIwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjAQMQ4wDAYDVQQDDAVSb290MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPZgkeA05xa5ezexd8uvb3yquqSA/qXGTvFkoiTKfIosm0w1wfLyu2t0 +z0RqPlG3Pfz+InEA/xQgFDBDDK/MQhwWFNBSW0RFlnt/v0CmPk3Lch2AX8grLr+z +2BDHhgoQQOaxyJQ6AgppcXLs35MklaG4Cc1NJaXOHqWX1xtrm1ZgwhcEpk/JGHhE +e0wf7p9v/oHeCjRVZnvspRS6v20+W/KX9m66keHKqMd7igoLEbgPBTkkdW9BV+Og +XZSa92yZ75A2ANPzjbtyLKSXuEFfKwuYT8bwlWmxETJ6Clk756Gwj0UzKUl/oPBn +xaNHaQE0Vq2Cd49k+duL6Xtq8OuSbl0CAwEAAaOBzTCByjAdBgNVHQ4EFgQUCNL6 +GGRb7OlJGnn9s3gOUX4az/UwHwYDVR0jBBgwFoAUCNL6GGRb7OlJGnn9s3gOUX4a +z/UwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzAChhxodHRwOi8vdXJsLWZvci1h +aWEvUm9vdDIuY2VyMC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly91cmwtZm9yLWNy +bC9Sb290Mi5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAMmDke70JUr6++/fzI9kvzzVIv41bieomajM6eI1PdNa +8Y4kKnZpA2IXx78Dl/Z002+/Z78qk8GSChyV2AJ+1quS2meYE2F7V65goGelInNt +TQyu8k/F3FzafwsvSDEf2/zfLk+p1SStuvN6mfEKrgkqdeLSDRvZk6qSabrm9O99 +GA46FqVc3mY+QmFVSAd7ssnUSncC6nQRxTVhkkKvwwtG7iFQ+5ClkuU0yB/GyCzX +9DXdme1tlL6D29GQA+p/Apc0T3qRlvkXQjT0RJcYPsOTYa3gFAkfznVdXXt2lK6A +W2Kkrhf4Ggy4gtUpn711qW2YU3Ml1Gz2LS46oio1zpc= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/target.pem b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/target.pem new file mode 100644 index 0000000000..e853dd6eb4 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_name_and_serial_prioritization/target.pem @@ -0,0 +1,95 @@ +[Created by: ./generate-certs.py] + +The target + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5b:3e:0e:db:9f:cd:52:41:f6:1b:73:c6:d3:42:52:13:8c:53:2e:68 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c0:fa:66:a5:8b:e8:ce:18:d1:ba:c0:7b:4f:37: + 71:eb:31:3c:8d:01:fb:7b:0f:c8:ea:c4:48:2d:40: + 55:84:7d:17:f0:6a:89:3a:aa:ca:d9:69:9e:41:79: + 44:cf:bb:e8:47:7a:c3:9b:59:25:51:ec:a7:92:c9: + c7:99:e2:d9:dc:ff:6f:4b:60:38:c3:a0:a1:52:6b: + e4:05:2b:cf:1c:4b:02:f0:1e:b0:be:74:03:ae:67: + 95:2c:29:a1:a8:59:48:83:c0:dc:49:e2:a1:27:be: + b0:6b:38:0d:fa:7c:f0:39:6e:fd:77:c3:5d:43:4f: + 20:49:85:37:3d:dc:c2:8d:08:5e:d9:78:c7:07:16: + a5:18:0f:25:88:f8:9d:ef:97:1d:d2:0e:ff:58:c7: + a3:2e:fa:57:af:30:6d:d5:ef:0e:46:26:d7:2b:09: + f7:83:63:23:4e:9b:2e:e9:96:66:75:61:c1:53:c7: + 58:45:c5:dd:c1:f6:33:49:bc:0b:02:75:af:ae:2a: + 76:94:bd:0a:94:55:89:4a:ae:b4:a8:5e:4d:9c:30: + 64:83:92:ce:dd:b3:85:ab:fa:b5:9c:fc:e7:b7:74: + b3:8c:27:67:8f:16:0c:59:23:36:dc:33:31:72:ab: + c3:60:dc:2f:4f:b6:f2:b1:6d:dc:4a:54:80:61:1f: + 79:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 58:92:31:C9:C0:FE:40:35:B6:54:A4:F0:43:3B:F6:35:36:9D:39:08 + X509v3 Authority Key Identifier: + DirName:/CN=Root + serial:27:4F:B6:81:70:40:F1:C5:B2:96:9C:1C:DA:B0:BC:27:D5:3E:73:F7 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 0a:50:cc:c6:52:ae:d8:48:b6:9c:03:31:7b:63:10:19:17:f5: + fc:69:ab:ec:60:d3:06:5f:b6:72:be:58:8a:d5:e9:80:87:f2: + f9:c4:3a:2f:ab:28:16:5a:ba:6c:1c:92:c9:b5:25:0d:f3:f5: + ea:7f:62:5a:9a:08:d3:13:a4:26:dd:40:10:78:64:e0:56:f3: + 67:14:92:74:09:3d:32:82:28:c4:bd:14:aa:df:63:bf:87:a6: + ee:c6:b0:28:bf:2b:9f:89:af:66:c7:38:5a:96:2a:e6:4a:25: + 74:6f:0c:3e:ba:c1:76:57:52:d8:ad:15:df:1a:3c:16:e5:52: + 1e:a9:ad:b7:19:80:6a:5e:89:2c:ed:48:f6:39:f2:b3:c7:c5: + 96:f9:a3:ef:13:a2:17:c7:0f:8c:af:5e:39:c3:b0:d5:81:6f: + fc:42:f5:69:72:50:5b:f7:80:d0:67:63:cb:d7:42:27:01:c4: + cd:6d:af:55:df:97:f3:ae:d0:b9:cb:54:5f:c5:b9:ae:8f:bb: + 94:c4:07:0b:d0:b6:81:27:29:bb:d9:9f:49:72:47:48:51:47: + 36:e2:c7:a4:93:68:39:52:d4:0b:c9:45:63:41:27:15:1c:10: + 98:4c:38:47:2c:3d:28:4e:7f:72:b0:c4:5d:c5:de:7a:69:73: + bb:95:65:23 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUWz4O25/NUkH2G3PG00JSE4xTLmgwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE4 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwPpmpYvozhjRusB7Tzdx6zE8jQH7ew/I6sRILUBVhH0X +8GqJOqrK2WmeQXlEz7voR3rDm1klUeynksnHmeLZ3P9vS2A4w6ChUmvkBSvPHEsC +8B6wvnQDrmeVLCmhqFlIg8DcSeKhJ76wazgN+nzwOW79d8NdQ08gSYU3PdzCjQhe +2XjHBxalGA8liPid75cd0g7/WMejLvpXrzBt1e8ORibXKwn3g2MjTpsu6ZZmdWHB +U8dYRcXdwfYzSbwLAnWvrip2lL0KlFWJSq60qF5NnDBkg5LO3bOFq/q1nPznt3Sz +jCdnjxYMWSM23DMxcqvDYNwvT7bysW3cSlSAYR95vwIDAQABo4H+MIH7MB0GA1Ud +DgQWBBRYkjHJwP5ANbZUpPBDO/Y1Np05CDA0BgNVHSMELTAroROkETAPMQ0wCwYD +VQQDDARSb290ghQnT7aBcEDxxbKWnBzasLwn1T5z9zA/BggrBgEFBQcBAQQzMDEw +LwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2Vy +MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlh +dGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwDQYJKoZIhvcNAQELBQADggEBAApQzMZSrthItpwDMXtjEBkX9fxpq+xg +0wZftnK+WIrV6YCH8vnEOi+rKBZaumwcksm1JQ3z9ep/YlqaCNMTpCbdQBB4ZOBW +82cUknQJPTKCKMS9FKrfY7+Hpu7GsCi/K5+Jr2bHOFqWKuZKJXRvDD66wXZXUtit +Fd8aPBblUh6prbcZgGpeiSztSPY58rPHxZb5o+8TohfHD4yvXjnDsNWBb/xC9Wly +UFv3gNBnY8vXQicBxM1tr1Xfl/Ou0LnLVF/Fua6Pu5TEBwvQtoEnKbvZn0lyR0hR +Rzbix6STaDlS1AvJRWNBJxUcEJhMOEcsPShOf3KwxF3F3nppc7uVZSM= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/generate-certs.py b/pki/testdata/path_builder_unittest/key_id_prioritization/generate-certs.py new file mode 100755 index 0000000000..0c11378663 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/generate-certs.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python +# Copyright 2019 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +""" +A chain with multiple intermediates with different subjectKeyIdentifiers and +notBefore dates, for testing path bulding prioritization. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +DATE_A = '150101120000Z' +DATE_B = '150102120000Z' +DATE_C = '150103120000Z' +DATE_Z = '180101120000Z' + + +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(DATE_A, DATE_Z) + +int_matching_ski_a = gencerts.create_intermediate_certificate('Intermediate', + root) +int_matching_ski_a.set_validity_range(DATE_A, DATE_Z) + +int_matching_ski_b = gencerts.create_intermediate_certificate('Intermediate', + root) +int_matching_ski_b.set_validity_range(DATE_B, DATE_Z) +int_matching_ski_b.set_key(int_matching_ski_a.get_key()) + +int_matching_ski_c = gencerts.create_intermediate_certificate('Intermediate', + root) +int_matching_ski_c.set_validity_range(DATE_C, DATE_Z) +int_matching_ski_c.set_key(int_matching_ski_a.get_key()) + +# For some reason, OpenSSL seems to require disabling SKID and AKID on the +# parent cert in order to generate an intermediate cert without a SKID. +root2 = gencerts.create_self_signed_root_certificate('Root') +root2.set_key(root.get_key()) +section = root2.config.get_section('signing_ca_ext') +section.remove_property('subjectKeyIdentifier') +section.remove_property('authorityKeyIdentifier') + +int_no_ski_a = gencerts.create_intermediate_certificate('Intermediate', root2) +int_no_ski_a.set_validity_range(DATE_A, DATE_Z) +int_no_ski_a.set_key(int_matching_ski_a.get_key()) +section = int_no_ski_a.config.get_section('req_ext') +section.remove_property('subjectKeyIdentifier') + +int_no_ski_b = gencerts.create_intermediate_certificate('Intermediate', root2) +int_no_ski_b.set_validity_range(DATE_B, DATE_Z) +int_no_ski_b.set_key(int_matching_ski_a.get_key()) +section = int_no_ski_b.config.get_section('req_ext') +section.remove_property('subjectKeyIdentifier') + +int_no_ski_c = gencerts.create_intermediate_certificate('Intermediate', root2) +int_no_ski_c.set_validity_range(DATE_C, DATE_Z) +int_no_ski_c.set_key(int_matching_ski_a.get_key()) +section = int_no_ski_c.config.get_section('req_ext') +section.remove_property('subjectKeyIdentifier') + +int_different_ski_a = gencerts.create_intermediate_certificate('Intermediate', + root) +int_different_ski_a.set_validity_range(DATE_A, DATE_Z) + +int_different_ski_b = gencerts.create_intermediate_certificate('Intermediate', + root) +int_different_ski_b.set_validity_range(DATE_B, DATE_Z) +int_different_ski_b.set_key(int_different_ski_a.get_key()) + +int_different_ski_c = gencerts.create_intermediate_certificate('Intermediate', + root) +int_different_ski_c.set_validity_range(DATE_C, DATE_Z) +int_different_ski_c.set_key(int_different_ski_a.get_key()) + +target = gencerts.create_end_entity_certificate('Target', int_matching_ski_a) +target.set_validity_range(DATE_A, DATE_Z) + + +gencerts.write_chain('The root', [root], out_pem='root.pem') + +gencerts.write_chain( + 'Intermediate with matching subjectKeyIdentifier and notBefore A', + [int_matching_ski_a], out_pem='int_matching_ski_a.pem') + +gencerts.write_chain( + 'Intermediate with matching subjectKeyIdentifier and notBefore B', + [int_matching_ski_b], out_pem='int_matching_ski_b.pem') + +gencerts.write_chain( + 'Intermediate with matching subjectKeyIdentifier and notBefore C', + [int_matching_ski_c], out_pem='int_matching_ski_c.pem') + +gencerts.write_chain( + 'Intermediate with no subjectKeyIdentifier and notBefore A', + [int_no_ski_a], out_pem='int_no_ski_a.pem') + +gencerts.write_chain( + 'Intermediate with no subjectKeyIdentifier and notBefore B', + [int_no_ski_b], out_pem='int_no_ski_b.pem') + +gencerts.write_chain( + 'Intermediate with no subjectKeyIdentifier and notBefore C', + [int_no_ski_c], out_pem='int_no_ski_c.pem') + +gencerts.write_chain( + 'Intermediate with different subjectKeyIdentifier and notBefore A', + [int_different_ski_a], out_pem='int_different_ski_a.pem') + +gencerts.write_chain( + 'Intermediate with different subjectKeyIdentifier and notBefore B', + [int_different_ski_b], out_pem='int_different_ski_b.pem') + +gencerts.write_chain( + 'Intermediate with different subjectKeyIdentifier and notBefore C', + [int_different_ski_c], out_pem='int_different_ski_c.pem') + +gencerts.write_chain('The target', [target], out_pem='target.pem') + diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_a.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_a.pem new file mode 100644 index 0000000000..92410f8122 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_a.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with different subjectKeyIdentifier and notBefore A + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e6:0c:06:e3:3d:b8:99:af:6c:31:37:eb:ff:4b: + 5b:ba:44:3d:bc:4b:33:fe:a6:db:2e:d0:c6:24:73: + e6:ad:1d:92:8b:f3:65:f9:c7:87:a2:58:6a:b1:73: + ce:60:67:7f:f6:d5:09:4e:26:07:7c:84:72:19:00: + 22:90:21:1b:ae:89:1e:ed:ef:07:17:b1:1c:09:cb: + 32:d5:32:86:6c:cd:93:5e:23:50:3e:c9:69:22:48: + 4a:bf:a0:7b:59:f8:94:72:82:93:45:3f:89:19:49: + d3:5e:45:de:fc:3f:d1:1a:3a:f2:2f:46:b1:dd:4b: + e2:43:fd:f5:62:57:d7:94:37:87:7d:96:a0:de:eb: + 5d:b4:7b:fd:63:60:47:d2:e7:12:3d:f9:a6:3b:cc: + 8a:ae:3f:8a:5c:f3:6a:52:9f:e0:ee:bd:38:00:34: + a4:17:f6:2f:07:49:58:5e:26:f3:31:42:2f:60:68: + 2f:94:07:e9:61:12:e8:43:f9:66:df:a8:d6:9d:fc: + cc:25:0d:6a:ec:ff:a6:39:cf:40:93:39:ca:91:cd: + 88:d2:1d:48:e1:33:08:8d:35:18:76:87:aa:71:0a: + 35:f4:d2:d8:fd:f7:87:3f:32:68:15:bf:30:8a:c6: + 52:83:ac:75:cd:3a:4c:0d:b9:b3:57:68:70:c0:72: + f0:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7B:CC:78:52:6F:4B:49:86:29:2C:3E:20:93:A4:7E:2E:B8:44:16:A9 + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + ea:88:21:5a:39:57:39:b1:cb:d8:69:c9:20:9b:a1:cd:82:f2: + 16:40:e3:06:c4:db:83:2a:0e:67:e9:60:12:ee:39:c6:3b:54: + 17:9a:90:a8:50:2b:96:85:3d:4e:d8:a7:e5:01:fa:d2:40:2f: + 20:36:18:a9:c4:31:73:9a:e9:65:58:4a:d2:4f:64:a6:1d:87: + 51:f1:ed:21:4e:fe:70:26:e8:0c:5b:2c:c8:71:9b:8b:4a:67: + 47:54:a7:02:5e:25:67:7a:75:57:ad:72:a4:03:f1:22:99:96: + ae:f7:ca:fe:58:45:92:4b:8f:64:09:87:e4:d5:77:af:bc:cd: + 04:51:9d:4e:c7:d5:47:93:bf:e2:09:38:26:60:25:25:58:4b: + 4d:d7:31:a6:9c:7c:41:58:4b:7c:1c:d7:b2:8b:17:a0:3d:81: + d5:b3:4c:5c:da:71:80:4a:48:29:be:5a:67:67:86:24:20:4c: + d5:da:fc:e0:77:2a:72:88:79:d0:76:c1:c7:26:49:09:9c:54: + 4f:29:eb:19:08:1b:cd:82:4e:51:85:3c:fe:5b:0a:94:f8:39: + d7:51:ea:41:00:ff:e5:c0:2b:32:6f:d7:0c:7b:48:16:c6:95: + e2:43:c0:82:20:75:77:40:b9:a1:b7:b8:ef:5b:b9:d2:c1:61: + c1:88:61:9f +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDj0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOYMBuM9uJmvbDE36/9LW7pEPbxLM/6m2y7QxiRz5q0dkovz +ZfnHh6JYarFzzmBnf/bVCU4mB3yEchkAIpAhG66JHu3vBxexHAnLMtUyhmzNk14j +UD7JaSJISr+ge1n4lHKCk0U/iRlJ015F3vw/0Ro68i9Gsd1L4kP99WJX15Q3h32W +oN7rXbR7/WNgR9LnEj35pjvMiq4/ilzzalKf4O69OAA0pBf2LwdJWF4m8zFCL2Bo +L5QH6WES6EP5Zt+o1p38zCUNauz/pjnPQJM5ypHNiNIdSOEzCI01GHaHqnEKNfTS +2P33hz8yaBW/MIrGUoOsdc06TA25s1docMBy8I0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUe8x4Um9LSYYpLD4gk6R+LrhEFqkwHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQDqiCFaOVc5scvYackgm6HNgvIWQOMGxNuDKg5n +6WAS7jnGO1QXmpCoUCuWhT1O2KflAfrSQC8gNhipxDFzmullWErST2SmHYdR8e0h +Tv5wJugMWyzIcZuLSmdHVKcCXiVnenVXrXKkA/EimZau98r+WEWSS49kCYfk1Xev +vM0EUZ1Ox9VHk7/iCTgmYCUlWEtN1zGmnHxBWEt8HNeyixegPYHVs0xc2nGASkgp +vlpnZ4YkIEzV2vzgdypyiHnQdsHHJkkJnFRPKesZCBvNgk5RhTz+WwqU+DnXUepB +AP/lwCsyb9cMe0gWxpXiQ8CCIHV3QLmht7jvW7nSwWHBiGGf +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_b.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_b.pem new file mode 100644 index 0000000000..faa1c9502b --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_b.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with different subjectKeyIdentifier and notBefore B + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e6:0c:06:e3:3d:b8:99:af:6c:31:37:eb:ff:4b: + 5b:ba:44:3d:bc:4b:33:fe:a6:db:2e:d0:c6:24:73: + e6:ad:1d:92:8b:f3:65:f9:c7:87:a2:58:6a:b1:73: + ce:60:67:7f:f6:d5:09:4e:26:07:7c:84:72:19:00: + 22:90:21:1b:ae:89:1e:ed:ef:07:17:b1:1c:09:cb: + 32:d5:32:86:6c:cd:93:5e:23:50:3e:c9:69:22:48: + 4a:bf:a0:7b:59:f8:94:72:82:93:45:3f:89:19:49: + d3:5e:45:de:fc:3f:d1:1a:3a:f2:2f:46:b1:dd:4b: + e2:43:fd:f5:62:57:d7:94:37:87:7d:96:a0:de:eb: + 5d:b4:7b:fd:63:60:47:d2:e7:12:3d:f9:a6:3b:cc: + 8a:ae:3f:8a:5c:f3:6a:52:9f:e0:ee:bd:38:00:34: + a4:17:f6:2f:07:49:58:5e:26:f3:31:42:2f:60:68: + 2f:94:07:e9:61:12:e8:43:f9:66:df:a8:d6:9d:fc: + cc:25:0d:6a:ec:ff:a6:39:cf:40:93:39:ca:91:cd: + 88:d2:1d:48:e1:33:08:8d:35:18:76:87:aa:71:0a: + 35:f4:d2:d8:fd:f7:87:3f:32:68:15:bf:30:8a:c6: + 52:83:ac:75:cd:3a:4c:0d:b9:b3:57:68:70:c0:72: + f0:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7B:CC:78:52:6F:4B:49:86:29:2C:3E:20:93:A4:7E:2E:B8:44:16:A9 + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 57:c5:70:66:8e:87:9c:d5:2e:b3:b3:24:a4:d0:0d:91:46:70: + 2d:52:10:7d:3c:53:62:3a:9c:be:96:91:a4:bc:d2:19:90:7c: + 14:3e:6e:96:34:2f:80:60:51:86:24:c8:d0:29:1c:1d:e4:11: + 67:98:c6:7a:8a:77:4a:c6:bd:30:30:fc:ac:64:9c:8e:cf:34: + 78:a2:52:8d:fc:7f:f9:9a:75:96:20:d4:d9:8d:ac:4f:78:76: + 5f:5d:44:a7:3d:83:f8:47:42:c0:dd:ee:5c:5f:d9:6e:c3:b8: + 2a:97:b8:a0:cf:f6:c0:91:ee:77:44:d8:78:a9:4a:7e:6d:ef: + 06:75:c5:af:bf:85:e9:ef:2b:c7:92:33:76:8c:ad:d3:a6:d9: + c9:1a:5d:ed:48:d0:83:d6:6a:72:8c:93:88:d7:29:1e:5f:c6: + 1c:11:ef:45:6d:6b:be:17:b4:de:50:c6:79:7a:b2:cf:1d:74: + 98:35:d2:3f:f1:a3:ed:67:f3:84:4a:dc:69:75:dc:b9:12:f5: + de:2f:3d:f6:2d:ec:c7:4c:a2:52:d3:93:af:be:90:6a:f6:d5: + b9:8c:d8:80:42:ff:83:6b:4d:a3:2d:65:e7:45:90:1f:27:ff: + 0a:f1:e9:c1:2d:ce:f9:e5:03:31:32:21:07:94:20:49:c3:28: + 7e:3f:6c:d7 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDj4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOYMBuM9uJmvbDE36/9LW7pEPbxLM/6m2y7QxiRz5q0dkovz +ZfnHh6JYarFzzmBnf/bVCU4mB3yEchkAIpAhG66JHu3vBxexHAnLMtUyhmzNk14j +UD7JaSJISr+ge1n4lHKCk0U/iRlJ015F3vw/0Ro68i9Gsd1L4kP99WJX15Q3h32W +oN7rXbR7/WNgR9LnEj35pjvMiq4/ilzzalKf4O69OAA0pBf2LwdJWF4m8zFCL2Bo +L5QH6WES6EP5Zt+o1p38zCUNauz/pjnPQJM5ypHNiNIdSOEzCI01GHaHqnEKNfTS +2P33hz8yaBW/MIrGUoOsdc06TA25s1docMBy8I0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUe8x4Um9LSYYpLD4gk6R+LrhEFqkwHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBXxXBmjoec1S6zsySk0A2RRnAtUhB9PFNiOpy+ +lpGkvNIZkHwUPm6WNC+AYFGGJMjQKRwd5BFnmMZ6indKxr0wMPysZJyOzzR4olKN +/H/5mnWWINTZjaxPeHZfXUSnPYP4R0LA3e5cX9luw7gql7igz/bAke53RNh4qUp+ +be8GdcWvv4Xp7yvHkjN2jK3TptnJGl3tSNCD1mpyjJOI1ykeX8YcEe9FbWu+F7Te +UMZ5erLPHXSYNdI/8aPtZ/OEStxpddy5EvXeLz32LezHTKJS05OvvpBq9tW5jNiA +Qv+Da02jLWXnRZAfJ/8K8enBLc755QMxMiEHlCBJwyh+P2zX +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_c.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_c.pem new file mode 100644 index 0000000000..c4c7b926d0 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_different_ski_c.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with different subjectKeyIdentifier and notBefore C + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 3 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e6:0c:06:e3:3d:b8:99:af:6c:31:37:eb:ff:4b: + 5b:ba:44:3d:bc:4b:33:fe:a6:db:2e:d0:c6:24:73: + e6:ad:1d:92:8b:f3:65:f9:c7:87:a2:58:6a:b1:73: + ce:60:67:7f:f6:d5:09:4e:26:07:7c:84:72:19:00: + 22:90:21:1b:ae:89:1e:ed:ef:07:17:b1:1c:09:cb: + 32:d5:32:86:6c:cd:93:5e:23:50:3e:c9:69:22:48: + 4a:bf:a0:7b:59:f8:94:72:82:93:45:3f:89:19:49: + d3:5e:45:de:fc:3f:d1:1a:3a:f2:2f:46:b1:dd:4b: + e2:43:fd:f5:62:57:d7:94:37:87:7d:96:a0:de:eb: + 5d:b4:7b:fd:63:60:47:d2:e7:12:3d:f9:a6:3b:cc: + 8a:ae:3f:8a:5c:f3:6a:52:9f:e0:ee:bd:38:00:34: + a4:17:f6:2f:07:49:58:5e:26:f3:31:42:2f:60:68: + 2f:94:07:e9:61:12:e8:43:f9:66:df:a8:d6:9d:fc: + cc:25:0d:6a:ec:ff:a6:39:cf:40:93:39:ca:91:cd: + 88:d2:1d:48:e1:33:08:8d:35:18:76:87:aa:71:0a: + 35:f4:d2:d8:fd:f7:87:3f:32:68:15:bf:30:8a:c6: + 52:83:ac:75:cd:3a:4c:0d:b9:b3:57:68:70:c0:72: + f0:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7B:CC:78:52:6F:4B:49:86:29:2C:3E:20:93:A4:7E:2E:B8:44:16:A9 + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 09:76:b2:55:86:b6:95:7f:f8:9c:48:3e:3c:5a:a9:c1:87:1f: + 29:89:67:9b:ce:ab:00:0a:11:82:ee:40:1b:5c:3f:17:39:7e: + 9b:26:a7:13:4d:dd:d6:15:32:53:5a:3e:ac:53:2d:ef:2e:77: + e9:f7:ca:df:03:7e:22:ef:cf:ae:72:95:eb:e8:67:7a:d8:52: + ac:17:31:d6:e0:ad:97:aa:18:9e:e6:78:b7:cf:ca:5b:62:67: + d3:d0:87:56:0e:e2:70:15:09:62:28:d0:c1:c8:0f:46:6c:23: + 9e:e7:1e:7f:59:80:f4:14:dd:b4:2f:8c:48:c4:cb:5f:4e:54: + 7b:42:d9:7d:11:44:00:59:91:87:02:47:87:77:aa:6a:ee:95: + e3:9d:87:61:4e:f9:ca:1d:9c:74:de:71:0d:dc:8a:5e:9f:d7: + 37:1f:03:c7:04:36:9b:52:b4:4f:fc:6b:28:ba:86:84:92:24: + d7:8e:da:3b:4d:ff:af:b7:09:0d:59:42:fc:32:e8:4d:5c:68: + aa:2a:0e:86:71:0e:91:d2:51:a2:bb:61:64:48:a2:cc:99:c4: + 97:b9:b1:3b:bf:96:d9:ac:39:15:10:66:ab:a8:2e:7b:51:5f: + 68:54:46:56:e9:55:99:52:b7:74:32:9a:3d:d3:6a:aa:f7:56: + 39:12:b8:8d +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDj8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDMxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOYMBuM9uJmvbDE36/9LW7pEPbxLM/6m2y7QxiRz5q0dkovz +ZfnHh6JYarFzzmBnf/bVCU4mB3yEchkAIpAhG66JHu3vBxexHAnLMtUyhmzNk14j +UD7JaSJISr+ge1n4lHKCk0U/iRlJ015F3vw/0Ro68i9Gsd1L4kP99WJX15Q3h32W +oN7rXbR7/WNgR9LnEj35pjvMiq4/ilzzalKf4O69OAA0pBf2LwdJWF4m8zFCL2Bo +L5QH6WES6EP5Zt+o1p38zCUNauz/pjnPQJM5ypHNiNIdSOEzCI01GHaHqnEKNfTS +2P33hz8yaBW/MIrGUoOsdc06TA25s1docMBy8I0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUe8x4Um9LSYYpLD4gk6R+LrhEFqkwHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAJdrJVhraVf/icSD48WqnBhx8piWebzqsAChGC +7kAbXD8XOX6bJqcTTd3WFTJTWj6sUy3vLnfp98rfA34i78+ucpXr6Gd62FKsFzHW +4K2Xqhie5ni3z8pbYmfT0IdWDuJwFQliKNDByA9GbCOe5x5/WYD0FN20L4xIxMtf +TlR7Qtl9EUQAWZGHAkeHd6pq7pXjnYdhTvnKHZx03nEN3Ipen9c3HwPHBDabUrRP +/GsouoaEkiTXjto7Tf+vtwkNWUL8MuhNXGiqKg6GcQ6R0lGiu2FkSKLMmcSXubE7 +v5bZrDkVEGarqC57UV9oVEZW6VWZUrd0Mpo902qq91Y5EriN +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_a.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_a.pem new file mode 100644 index 0000000000..754cd0a595 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_a.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with matching subjectKeyIdentifier and notBefore A + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:36 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E8:21:00:1D:6B:A1:AB:30:01:FB:6E:A8:8D:FA:B9:69:48:C2:89:1F + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a5:7b:64:8d:cf:66:45:51:ee:f8:89:56:70:33:53:15:c9:16: + 95:d4:2f:78:c5:83:d7:ff:b0:8e:a0:bf:59:cd:87:7b:80:6a: + b9:59:26:e6:a5:7d:0b:5d:ac:2b:90:01:f8:27:57:21:82:9a: + 6e:5b:9e:b6:23:f3:3a:34:de:a9:4e:85:cf:37:5f:fc:b4:6b: + ad:74:37:21:54:ae:b6:76:cf:04:e5:cf:e0:87:d6:33:14:f3: + 80:46:ec:f5:fa:9b:f0:2b:c5:2a:80:7b:fe:68:fe:a3:1f:cb: + 53:80:f1:a5:98:e7:02:e8:1d:97:03:5c:40:eb:fb:18:f7:f2: + 0d:b2:cc:c5:82:b4:47:4a:78:82:6f:af:4a:5d:5e:eb:ce:f6: + c9:16:cd:9a:ac:3e:09:24:81:e8:d7:0a:3c:af:dd:90:3c:b2: + 8d:e1:a9:e8:d4:50:af:e4:47:c0:5a:f2:47:c7:1d:80:3c:83: + b3:b1:10:e9:1f:ff:e1:5b:ce:53:26:73:9b:df:f1:96:a7:bc: + a2:a8:48:59:fa:fc:8e:19:8f:f2:4e:8d:9d:e0:a9:83:fd:b6: + 54:b6:48:89:27:97:ed:6f:43:a3:f9:79:6e:58:e7:b9:61:5e: + c9:dd:9b:77:f4:9e:61:ac:c3:f1:7d:c0:88:e6:0b:16:3a:a7: + 81:8a:7d:f0 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOByzCByDAdBgNVHQ4E +FgQU6CEAHWuhqzAB+26ojfq5aUjCiR8wHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCle2SNz2ZFUe74iVZwM1MVyRaV1C94xYPX/7CO +oL9ZzYd7gGq5WSbmpX0LXawrkAH4J1chgppuW562I/M6NN6pToXPN1/8tGutdDch +VK62ds8E5c/gh9YzFPOARuz1+pvwK8UqgHv+aP6jH8tTgPGlmOcC6B2XA1xA6/sY +9/INsszFgrRHSniCb69KXV7rzvbJFs2arD4JJIHo1wo8r92QPLKN4ano1FCv5EfA +WvJHxx2APIOzsRDpH//hW85TJnOb3/GWp7yiqEhZ+vyOGY/yTo2d4KmD/bZUtkiJ +J5ftb0Oj+XluWOe5YV7J3Zt39J5hrMPxfcCI5gsWOqeBin3w +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_b.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_b.pem new file mode 100644 index 0000000000..c9c3c15e8f --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_b.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with matching subjectKeyIdentifier and notBefore B + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:37 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E8:21:00:1D:6B:A1:AB:30:01:FB:6E:A8:8D:FA:B9:69:48:C2:89:1F + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + e5:76:8b:8d:2b:67:a9:d8:c3:61:a9:16:e8:9a:e7:74:b0:e3: + 74:bd:ef:1f:6c:b4:83:01:45:fc:b6:bc:a0:d0:66:28:dd:b2: + 83:d7:3d:9f:da:e7:61:35:8c:c1:e5:ce:99:96:28:0e:79:8f: + ce:8a:94:ac:75:55:fe:a8:5d:50:e5:8d:b5:59:94:ff:34:ab: + 2b:cb:9c:f7:77:97:96:33:cc:88:c9:a0:b9:6c:09:49:c2:30: + c8:26:66:f7:60:66:e2:cc:f5:0a:9a:ef:1a:e8:db:03:98:d8: + 4f:8a:bd:f5:a9:d5:d2:1d:3d:ca:98:0d:71:23:3d:d5:b5:a5: + 15:0f:d0:bc:1a:42:d8:b8:25:62:d5:b6:70:e3:e9:04:f2:8c: + 07:c6:22:3b:78:94:7b:ec:29:35:22:90:24:1d:64:e8:5b:96: + e1:f2:b1:c4:60:ec:03:49:b6:5b:88:b5:7f:28:7e:29:ff:f4: + ac:74:97:d5:b2:2c:4e:c2:48:5d:9e:50:5d:3f:82:6d:28:51: + e5:1d:44:fa:8c:53:02:c6:42:84:f6:62:25:c1:30:ad:37:20: + 8e:e8:52:93:45:32:7b:90:64:95:e4:93:6d:75:1b:92:5a:48: + f3:bb:d6:ba:e5:22:5a:f2:22:3d:a3:77:db:5b:d2:42:cc:e8: + 5d:60:ff:73 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOByzCByDAdBgNVHQ4E +FgQU6CEAHWuhqzAB+26ojfq5aUjCiR8wHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQDldouNK2ep2MNhqRbomud0sON0ve8fbLSDAUX8 +tryg0GYo3bKD1z2f2udhNYzB5c6ZligOeY/OipSsdVX+qF1Q5Y21WZT/NKsry5z3 +d5eWM8yIyaC5bAlJwjDIJmb3YGbizPUKmu8a6NsDmNhPir31qdXSHT3KmA1xIz3V +taUVD9C8GkLYuCVi1bZw4+kE8owHxiI7eJR77Ck1IpAkHWToW5bh8rHEYOwDSbZb +iLV/KH4p//SsdJfVsixOwkhdnlBdP4JtKFHlHUT6jFMCxkKE9mIlwTCtNyCO6FKT +RTJ7kGSV5JNtdRuSWkjzu9a65SJa8iI9o3fbW9JCzOhdYP9z +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_c.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_c.pem new file mode 100644 index 0000000000..4cbce0d411 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_matching_ski_c.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with matching subjectKeyIdentifier and notBefore C + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:38 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 3 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E8:21:00:1D:6B:A1:AB:30:01:FB:6E:A8:8D:FA:B9:69:48:C2:89:1F + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + af:7c:8b:d8:22:8a:1e:e4:5e:0e:2a:d9:27:31:7b:2e:f8:24: + 14:66:df:56:16:5e:f1:4c:23:bf:09:e4:d3:25:18:81:75:53: + 62:70:bc:99:9a:51:1d:dd:a7:10:17:7b:04:95:ce:b6:16:c6: + f5:51:b1:c4:85:be:7b:26:1f:f7:8b:33:df:c1:e9:6c:a9:05: + ff:0a:9e:91:fe:19:a0:39:20:4a:fb:50:d9:83:83:8b:32:c3: + 65:db:a2:6a:74:7b:7a:8c:ad:46:f3:cb:c3:ce:55:c6:77:0c: + 58:13:65:cf:9f:e3:3c:21:28:e3:e0:1b:e4:df:2f:a3:e6:66: + 57:8d:63:27:2f:69:4c:f3:a2:60:1b:ac:68:06:f9:9d:5b:b2: + c9:49:da:aa:f3:82:5f:bb:51:4e:fa:bc:79:79:e3:0e:d4:53: + 73:56:a2:cb:1a:33:02:bf:c0:c4:f4:74:f6:a1:ed:26:61:dc: + 8c:57:e8:ae:1f:fc:9d:9c:30:13:47:ac:8c:c5:21:8e:f3:ce: + 81:a7:d1:1b:af:d9:5b:6e:0e:71:c6:35:08:3c:44:a3:bc:2d: + 72:5d:50:ce:c8:73:24:ea:c9:ae:9e:2b:21:68:45:a2:e2:59: + 72:1a:c1:5f:9c:0f:21:1d:67:03:73:70:49:63:5b:8e:34:9b: + 52:c8:93:22 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDMxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOByzCByDAdBgNVHQ4E +FgQU6CEAHWuhqzAB+26ojfq5aUjCiR8wHwYDVR0jBBgwFoAU7nLXPIl/B91rkiUJ +jKxInwO6CQowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCvfIvYIooe5F4OKtknMXsu+CQUZt9WFl7xTCO/ +CeTTJRiBdVNicLyZmlEd3acQF3sElc62Fsb1UbHEhb57Jh/3izPfwelsqQX/Cp6R +/hmgOSBK+1DZg4OLMsNl26JqdHt6jK1G88vDzlXGdwxYE2XPn+M8ISjj4Bvk3y+j +5mZXjWMnL2lM86JgG6xoBvmdW7LJSdqq84Jfu1FO+rx5eeMO1FNzVqLLGjMCv8DE +9HT2oe0mYdyMV+iuH/ydnDATR6yMxSGO886Bp9Ebr9lbbg5xxjUIPESjvC1yXVDO +yHMk6smunishaEWi4llyGsFfnA8hHWcDc3BJY1uONJtSyJMi +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_a.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_a.pem new file mode 100644 index 0000000000..678751136a --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_a.pem @@ -0,0 +1,87 @@ +[Created by: ./generate-certs.py] + +Intermediate with no subjectKeyIdentifier and notBefore A + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:1c:63:2a:1f:62:a2:35:1e:18:8f:bb:06:06:81:fa:09:d5: + 3c:27:21:70:f0:6e:0b:a4:28:d4:2c:68:cf:97:ca:98:43:a2: + be:44:c0:00:f5:59:73:66:83:6f:68:6b:b6:38:76:51:2b:b5: + 77:98:6f:41:25:1d:42:62:60:c4:bd:09:d1:8d:e5:84:7b:17: + 58:f4:12:c3:ac:ca:2e:ff:95:5d:5f:b6:08:1c:a0:45:a3:00: + ce:bf:8c:20:48:d6:08:3c:14:8c:b4:19:76:fc:b3:40:85:f1: + 91:e9:df:ce:1a:63:21:50:89:c5:37:60:ba:84:11:58:d6:5a: + 72:fe:58:89:91:92:5e:b0:d7:3a:cc:27:f3:35:93:26:19:10: + ae:cb:50:fb:10:d4:c3:57:18:80:c8:aa:b8:c5:6e:33:a5:bb: + 90:d5:89:16:fe:ed:63:d1:b1:c6:62:37:b7:78:c7:51:5c:82: + d3:85:28:34:e6:46:d9:8e:31:07:f5:cf:b9:ec:ef:db:0f:5e: + ec:1c:6e:81:fe:a7:18:c6:29:6b:d5:bf:c0:ff:ea:d3:71:94: + 5c:9e:33:e9:a1:82:38:c2:0e:5f:90:fd:eb:cf:ef:c1:6a:0a: + 21:5b:ca:f3:a1:1b:0e:6e:32:7c:0f:17:b8:11:52:d8:3b:2a: + 7e:59:a8:08 +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOBizCBiDA3BggrBgEF +BQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNl +cjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmww +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAG8cYyofYqI1HhiPuwYGgfoJ1TwnIXDwbgukKNQsaM+XyphDor5EwAD1WXNm +g29oa7Y4dlErtXeYb0ElHUJiYMS9CdGN5YR7F1j0EsOsyi7/lV1ftggcoEWjAM6/ +jCBI1gg8FIy0GXb8s0CF8ZHp384aYyFQicU3YLqEEVjWWnL+WImRkl6w1zrMJ/M1 +kyYZEK7LUPsQ1MNXGIDIqrjFbjOlu5DViRb+7WPRscZiN7d4x1FcgtOFKDTmRtmO +MQf1z7ns79sPXuwcboH+pxjGKWvVv8D/6tNxlFyeM+mhgjjCDl+Q/evP78FqCiFb +yvOhGw5uMnwPF7gRUtg7Kn5ZqAg= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_b.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_b.pem new file mode 100644 index 0000000000..5a9705c46a --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_b.pem @@ -0,0 +1,87 @@ +[Created by: ./generate-certs.py] + +Intermediate with no subjectKeyIdentifier and notBefore B + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 19:62:8a:71:aa:81:e8:d7:2f:a6:e8:ba:75:59:64:52:9c:00: + 75:67:a2:7c:30:16:1e:bd:db:bf:91:fa:ae:02:37:27:74:5a: + 10:d0:bf:4c:d8:c1:54:b6:20:e3:d7:40:d9:3f:60:17:fe:a1: + 1d:3d:68:54:8f:06:59:12:bd:5c:53:7b:cb:cf:9c:53:9d:aa: + 67:d0:2f:44:29:2d:8d:78:8c:11:cc:52:b0:c7:24:5a:ed:62: + ec:fe:d3:a8:01:64:68:3c:35:bd:ec:48:b7:ce:16:1f:78:d6: + 1e:5f:50:a9:6d:cc:a1:d3:fd:8d:cf:f4:89:d8:a3:ad:13:62: + f9:00:3a:9e:82:14:d0:ed:72:22:d2:c2:c7:14:52:4e:86:88: + 22:2a:4a:99:04:d5:ab:71:e8:35:c1:80:f1:a8:6b:0f:3d:f8: + 73:31:fe:d0:aa:59:ca:a1:5c:02:88:8c:7d:7e:85:5d:86:c4: + d1:fa:58:0f:eb:c8:4d:f4:b9:4d:0b:47:68:a9:e7:2d:7e:32: + 7a:eb:6d:cc:ae:54:eb:a0:b2:47:c5:0c:fc:9b:9b:db:f0:f6: + a6:5a:cc:86:05:28:c2:8a:ab:3a:49:c2:34:01:d0:ae:bd:52: + 15:34:4d:dd:1d:ab:45:9f:21:bc:cd:be:0d:73:b0:ff:1e:0c: + 9a:56:27:51 +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOBizCBiDA3BggrBgEF +BQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNl +cjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmww +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBABliinGqgejXL6bounVZZFKcAHVnonwwFh6927+R+q4CNyd0WhDQv0zYwVS2 +IOPXQNk/YBf+oR09aFSPBlkSvVxTe8vPnFOdqmfQL0QpLY14jBHMUrDHJFrtYuz+ +06gBZGg8Nb3sSLfOFh941h5fUKltzKHT/Y3P9InYo60TYvkAOp6CFNDtciLSwscU +Uk6GiCIqSpkE1atx6DXBgPGoaw89+HMx/tCqWcqhXAKIjH1+hV2GxNH6WA/ryE30 +uU0LR2ip5y1+MnrrbcyuVOugskfFDPybm9vw9qZazIYFKMKKqzpJwjQB0K69UhU0 +Td0dq0WfIbzNvg1zsP8eDJpWJ1E= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_c.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_c.pem new file mode 100644 index 0000000000..4b1bf5a6d0 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/int_no_ski_c.pem @@ -0,0 +1,87 @@ +[Created by: ./generate-certs.py] + +Intermediate with no subjectKeyIdentifier and notBefore C + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:3c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 3 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e3:d0:27:bf:09:20:d9:b7:33:f4:81:16:0f:cb: + 3b:48:7a:22:c0:13:61:5c:d8:aa:7c:7e:bf:e1:c5: + bc:72:ad:d0:6a:5d:c4:58:9a:3c:ac:84:20:d8:69: + a2:c3:94:0d:9b:33:60:04:c5:64:76:56:52:e7:7f: + ee:f4:66:33:89:2a:59:4d:62:5c:1d:ee:bd:3e:d3: + a0:35:fd:58:b0:db:9f:ea:69:18:75:94:f2:b9:1e: + 65:32:28:54:b5:72:1c:fa:47:da:32:8d:8a:45:5b: + 48:0e:ab:1a:f7:9f:b4:47:b1:c2:1b:bf:22:37:8d: + e0:84:10:ec:91:5d:9f:31:29:be:94:5a:77:d1:de: + 52:df:48:59:77:02:c9:93:59:90:73:79:cf:c6:d1: + b6:7f:01:1a:2b:2d:cc:b8:fd:ba:72:b8:52:5c:75: + 15:7e:33:bd:dc:c7:e6:fb:ca:a2:b4:ab:ca:cc:db: + a0:23:f4:ea:7d:76:91:b3:ea:63:2a:df:b1:96:36: + ed:c2:9e:91:9f:db:45:b3:34:75:d9:41:4d:4f:1f: + c0:ef:02:6b:35:4c:19:a7:ec:f1:38:a9:67:85:6b: + 06:26:22:89:9b:37:05:d1:d2:f9:45:0b:60:d5:7e: + 5d:c2:98:a3:9d:96:57:be:4d:f0:9c:f0:71:b2:3b: + a4:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8d:92:cd:22:62:7e:2f:a9:54:84:4d:8b:4c:b0:1e:77:5a:01: + 58:cc:b1:a7:06:4e:06:11:6e:df:7e:e4:88:69:cd:cf:86:3e: + 79:3e:d5:ca:8f:51:27:25:7d:4d:40:d9:b2:b1:e8:b5:3c:8c: + e9:f8:2c:b4:e4:07:b0:8c:e5:0c:f0:2e:73:f0:dc:80:51:3f: + f7:51:15:10:6b:b4:e5:c9:f2:74:19:98:d2:03:b8:24:cf:d1: + 5d:83:a9:13:a5:a2:c5:32:7b:7a:a9:c8:dd:66:64:1a:a6:6d: + d4:c1:7e:3e:57:95:ee:42:96:c8:3e:33:74:1d:94:73:95:d8: + f2:e3:8b:c6:d2:4e:18:6a:fc:ed:e7:71:e4:ee:04:cd:93:6e: + c5:28:98:e5:7f:dd:ee:db:a9:c6:c5:ff:1f:5d:67:35:4b:49: + da:94:18:a7:2b:c3:6e:3d:a6:84:be:34:70:3a:e3:5b:06:3a: + 5a:75:a0:79:b7:a8:18:d6:2f:a4:65:05:39:88:b0:05:1e:f1: + dc:2c:fe:ce:0e:49:a2:e8:82:db:7f:24:a7:21:d7:74:3e:84: + 8d:ef:d2:76:1c:de:e2:5d:90:08:7d:a4:48:c7:45:96:2a:5c: + 86:07:60:6c:18:ab:3e:8c:dc:de:1c:04:0c:62:52:e4:dc:12: + 3d:89:c2:04 +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDMxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOPQJ78JINm3M/SBFg/LO0h6IsATYVzYqnx+v+HFvHKt0Gpd +xFiaPKyEINhposOUDZszYATFZHZWUud/7vRmM4kqWU1iXB3uvT7ToDX9WLDbn+pp +GHWU8rkeZTIoVLVyHPpH2jKNikVbSA6rGveftEexwhu/IjeN4IQQ7JFdnzEpvpRa +d9HeUt9IWXcCyZNZkHN5z8bRtn8BGistzLj9unK4Ulx1FX4zvdzH5vvKorSryszb +oCP06n12kbPqYyrfsZY27cKekZ/bRbM0ddlBTU8fwO8CazVMGafs8TipZ4VrBiYi +iZs3BdHS+UULYNV+XcKYo52WV75N8JzwcbI7pB0CAwEAAaOBizCBiDA3BggrBgEF +BQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNl +cjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmww +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAI2SzSJifi+pVIRNi0ywHndaAVjMsacGTgYRbt9+5Ihpzc+GPnk+1cqPUScl +fU1A2bKx6LU8jOn4LLTkB7CM5QzwLnPw3IBRP/dRFRBrtOXJ8nQZmNIDuCTP0V2D +qROlosUye3qpyN1mZBqmbdTBfj5Xle5Clsg+M3QdlHOV2PLji8bSThhq/O3nceTu +BM2TbsUomOV/3e7bqcbF/x9dZzVLSdqUGKcrw249poS+NHA641sGOlp1oHm3qBjW +L6RlBTmIsAUe8dws/s4OSaLogtt/JKch13Q+hI3v0nYc3uJdkAh9pEjHRZYqXIYH +YGwYqz6M3N4cBAxiUuTcEj2JwgQ= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate.key b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate.key new file mode 100644 index 0000000000..b3e69cadbd --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA49Anvwkg2bcz9IEWD8s7SHoiwBNhXNiqfH6/4cW8cq3Qal3E +WJo8rIQg2Gmiw5QNmzNgBMVkdlZS53/u9GYziSpZTWJcHe69PtOgNf1YsNuf6mkY +dZTyuR5lMihUtXIc+kfaMo2KRVtIDqsa95+0R7HCG78iN43ghBDskV2fMSm+lFp3 +0d5S30hZdwLJk1mQc3nPxtG2fwEaKy3MuP26crhSXHUVfjO93Mfm+8qitKvKzNug +I/TqfXaRs+pjKt+xljbtwp6Rn9tFszR12UFNTx/A7wJrNUwZp+zxOKlnhWsGJiKJ +mzcF0dL5RQtg1X5dwpijnZZXvk3wnPBxsjukHQIDAQABAoIBAQC5F4NjjEgbe+UD +j+nb1TSKc2lOg7CEXilOUzEVf7HXvu7prNt9XXtUc1m4W0N6Ag13/qrR1YsFNqfP +HTuJaIwQss6xt+u+Ch3KMOknVHq93wMz0kWkKut2ioKP2QLSFTAEDWLz1dn09fA6 +sryLWj+ATKW4I3fqiSRUSOfcR6OyrX6GT0xxxA099YvbCBWuXEHD0g2RhlIJO57O +mizlQa2j5l8/rNqZUiiFrQpfMcg/3PKGCrrzIa0xhTEVA72RVFAt+Eg+vZymo61B +vj3ElavFegaGHkp810AaPTQPGpkRaMY4ENsmCcGFZ3CUQ3DvRhhPfZWunuYyKDVk +MiJSk39FAoGBAPWo1ieA6RrTfJtGaG2TtCnEKiS8oABc2ZCfCMuIQDcfXO93355e +fGFseUThGRlMuWLKvcvWsm5TOsHc+AD2mTLDyVpMCBYuUVxlghM4rM+mVYCgh9IA +rn+ATLEd/CcdmhrosGtTWz8MBTez7Ef6GtIE3SlcdccSJ8EMs4WzGzWDAoGBAO1n +AqnXdnxZpjlQe9Eg5GgQdA0ykgrUV5YJeBchi4DAK+TxdWah4iHCsMxdEaqNd0R6 +kwTgH/Vx9YdgMMzdUU0ETT9Z2PtH/3ZN256BFQevbP6gcprh//0ouvTJ779Ias7m +HyUAou+oQ9DsozRTQZ/IL1leQThwlCu5kWWcYC3fAoGBAPVRg3qzixVU+Ox+5S34 +AERtNsC09PsnvcRkbH4ENExXr5EcHl2icYdAseGNAGl5avAzElIKtujhiJ2sMqWT +nO1LAzp/DtxHqMwiOkFDqZ87tcrbhIa8U4XT88Iz9WiCcTBKClNDTK2rLVKxBFXk +dwAgB1OUl7ESekyYiHYNpDBNAoGAHDUwKNQUHQRd7tN0Us3wtbi2wVav6Z9/ZLFt +VnpC5CJxVLun8nDruI00iqPIVJaIhFd4Ho0u3vASd2pjggQOA/Ot5ggb8weEAB+S +J8w4nngmoD6aP3L5ArCTPkC8PuMw5bKMIs5njchVfn6PickWtBCKJ7k+UKF3yZY8 +A3HIL8sCgYEAmpULNXzw0nBvaRWv0mse+p8Hckwg8W2Zz7klb2eWm1qz/wAOcxou +ef/rbIIg5KWGveh3Vf+IV5dhtXctwSmNiWQtOkuh7Npf2EFGrypRVnff5Wtxm45K +7xs7LiGdIGYm+BFQxJaf0gtfoEpx95FDT03Q/q8tuBKcjG1VbHRW4NQ= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate_1.key b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate_1.key new file mode 100644 index 0000000000..e2c1c72a52 --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5gwG4z24ma9sMTfr/0tbukQ9vEsz/qbbLtDGJHPmrR2Si/Nl ++ceHolhqsXPOYGd/9tUJTiYHfIRyGQAikCEbroke7e8HF7EcCcsy1TKGbM2TXiNQ +PslpIkhKv6B7WfiUcoKTRT+JGUnTXkXe/D/RGjryL0ax3UviQ/31YlfXlDeHfZag +3utdtHv9Y2BH0ucSPfmmO8yKrj+KXPNqUp/g7r04ADSkF/YvB0lYXibzMUIvYGgv +lAfpYRLoQ/lm36jWnfzMJQ1q7P+mOc9AkznKkc2I0h1I4TMIjTUYdoeqcQo19NLY +/feHPzJoFb8wisZSg6x1zTpMDbmzV2hwwHLwjQIDAQABAoIBAQDhegpKMpW79Ke7 +ug8S497dO8OyyZcF0q9kPHbpBbykEycvCvr5jisP4U957ILsFKXk3bvIIBgYYIyg +mnRGBl1mfbmWBkFSZGKR6ttBAcul2vzFOSGO2MS2OFsjZX1hmvaNIhSMvBB5e9Wz +QhKj9TzTU9FKqyTsPVNhxwn7QRPojYT3far5R6QLt7d1R858xLCjTj2jaurRYnQ5 +fEx5sjCwgrSYWQGpCNAQsjwtHf1yFV+nLEe2qKFdkYg4O8UDxWnXdKWUj+lYLo/m +83R/kYDuoMJpq13jFjM6HXrr8Vu/ZSisCekRFcBRY950fOgvFhPBpC/re+M3qvnN +I6/jV1c1AoGBAPZCQrozo9GEkO2l/TxqvhBFnvzw/cvzt+Ie0xYhDFypI0UV2+cR +uyTGU1oBpY+MWLvlK6loyZR6XbQbiRP5I5iXvqrK9b1ghn7U2L9SIP7vhlR8g579 +B8gL/Fm9HumAPPwqtsygDNQdUOUt9boAmjwdno6/vRZVmGKsm2nY1IRTAoGBAO8l +mNSBBCZX/O9mB9UYk2EmDw4diR2ii34gJXI9Rk17dUFUzinF2mYEzfofnchgxVY1 +72ZVhNUqWhNAcVK7Hj32DVx4UtI1sTlCPKtiLOZNrpe3Owt6qPcRtE2dJ+ObOGRY +LXW/eKgo+mSB8oyrpfPg50g4oac5aSEpQjNbgBufAoGAQ6LPUPT9+X2/kIYWl5F5 +wl5c3HwUOQAncSOmNl29V3XdCgyG6WAlVmRiYEYzgsm5VWIMK+tr8ivpsJ4feCzl +afPDmoVEGU95oTw0i9ey2FJRQsMwI2q7yGYCWWNoKhnepiPVMT6ER34FyexloUCp +G/nGos5m0MuRnwhpZxj2xaECgYEAvAymZsOkzbn2rRFgK1MN4SCaShEzltgQNHd2 +uqQwOhFQnLThALwSBpLUnVBrM/vUcPwsah3pO+33spfEBLgbCcIHs6TyC1YpK8tI +BcRHZjnDho2QonArmUyUqUtg6HtQFqe355VOfXzrmEkOv0riTimV9JaDlwlv/6F/ +6v6SeCUCgYB8+js8D/GygmRKcg4OxrM5mbw/Qhf+GlnIinGdlKu+ZVO51id6IBud +ix3S3OxOgD2HhEF7PnlOmmEe2A+oma+UUekcfOp+CtyzO+UxhmNZ0GuptloGJBt7 +dWuVzifb0lGeCC/na4GkrpTTkVD6TX4MDBqNl6rIlZ4C9XjNYLNjxg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Root.key b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Root.key new file mode 100644 index 0000000000..868c412d0e --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA6rIOdleg56JXzQFKEMx1zjyW5pc3kwHYvrAvOrWGMKnAmLOB +MywFPPO3Q8AUtqwVIj8odEB22Q6oWELnAlHo8RrxvX0ULpnkzsGMYNJPdMPnEv6P +4K6+pZo74fxyq939Oiooxpv0+o6aSVGaaECujYGP0Bfz2KF8wMdCrqoCc+sJX4QA +S0ijleqO0M8f2sZtQ9/BXQtKiEsY5SeSAjWU5+Vq+3k7Zk4W63fOvRCpN/cf3IQ0 +7c3MyA7B1JU9kLgpAvGn/4BQRMxpD2G52nIN6+L3ITBe6iWvbwkZCuP6VyPCsiEb +odwqfDGMGs/jc2LQNwj/I3+zQb4p0bVTMijL8wIDAQABAoIBAQDXBkOR0T8ueeKP +hLrjITBdv81RfwH/whVev/TFiUJkm2JFhVC+HXq/GVuyyu0vYAIM2mip+dXpkDBU +jRcxXPJa1CDfRxWSjJTBiTqgCo+Zn1K6aFhRtkgdWW274pr9M+mpvK6XKJQOa1CY +FBevpHNIWof0U72poGq4BNfnRwPwRomT2jWBklYQY8m0MrEIlRvxl6P+F58jVy4Z +bhtg59gXbRVjqYA29gm+baRkjbMw3OQUGNv2C1uhMfCS+xrWxolBTCBOisv5glsv +n8NWefEjQQIqC/OxC+8Gcm6aOQjz04oqn0rmJg7cHFeCZpBlODQPzSDJ1LtVZB9N +LrZe+OqBAoGBAPpUa8OBOA+XCvvHwgs7VVH+TfSQs05Rcomxg8BtCwlsrt0sS5lb +RgRONKhNQjs1IDkBnPwk0rkiPesObENXFpCXbqYtiNBl3ZtqDZBRkL2gVO/dwnwa +1u/1VmZRl9h9aK02l/NkPofWkHvoTLbtxR9FEB7e5Mdjo8EYu4q1LY+jAoGBAPAC ++lGUSy2Baj/28Bmsh8CQ82CMTpVHngpY4qSL/o7TuBxlXKbeETGVKgjN5v0iv1iR +aa+WyxRGv8tYBpJJ/1MuSAtGHATOhEwPUykU7GaHVmihLxop0M171zTlOv8ObRHX +Py/S2kaP9OuSAcFJSvkZ8SpA3SNAHaEdd6CxlFdxAoGAbUfha43DrXqgvt2rpj+W +tZ6w5W0t+aiwuc+W1rBDuy+I/uDRd/dSj5qcfkSL/1Dn6jr8D0779vot0amQNa2V +GjYhhcYnDeMKZUhc933EFCQkMDq9JnSJFGQj/bLs+QN2aPeGSiie66oNlSoKI2mV +Pltl+DQR58FlwWxMovcJFsUCgYBZxbNdSitoZOyZ6kJaSAcqxszRgwltmrEJS7/S +Li7Tu2s069Dg9VTXB+UGEAXjDtklRpaSP8PL3L6mT1F97EGdGkWGOf4G6jvfuyeu +yQ23N83hKtDUZ2mbQkP3m/oaJoozTyBqQeK02+mPJziS1Fg/ni1vUX2lTrkGZ2A0 +cdd7cQKBgQDGa+julyHqKBuoHVQg1gfpnnOazOfqhcqeCTzsbsgx11ZyxJRadzIH +9k+pE49HQRCrPBCRkxFiD/yoEG/paz97CN2HyMngQV42hGaHrKHguEyyEFWkPRqn +ybMgDallw2slw8+ICJzIOSyTWuFK55xwyiBixss4YMOp2lBiAYxg8g== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Target.key b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Target.key new file mode 100644 index 0000000000..248d7ca89c --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApfkMgUiTKxV7HMFKehCTLBTz7mYuqsk7oQQFcgk/rHMWpOsa +4w6feaUXDO0eJQoKEOi1Fc2Ryryodye0q7vXrUbH7ynE6BO+ofEIIVEov8Syau1b +0nd9uc85m3rTd3IpkbPJ4JAAlO97mf2rIGQleCah/aBYzatDSVJOpzE0ovrfP7+8 +ph5rGmSsHdBmeNyOjc1CYjGeC5/5+ivLyxmQfBkYcP8iH66C6gnK4hcm/TWwAHsC +NRpy1fatQr1pO+26xpk6suu9gTlThfJwGUSD0H96YTjB/q+bwMHi1TZxoj6JPR0g +P0w9TvVP6LgChN4m6T5741blvXX0v+9lhIHDvwIDAQABAoIBACLTt8QJLpiD0Wmf +RbmHcNp3KxiDaJd90n1fEqVzO2E8ZSwGCYZLszsbYVLdDs5G5QXXTuhcUpNwMwmN +02OV7xP1Hk8ZPLBWNFJW+ZXEKgDTjXzSgcoQONmcmkH97BHMatygFWSB0x1tg0o0 +6IvLd/FWafeGhhviLCRemRKMSLdKBpdfUeXjegMMfOGgE26EuvBGoo4wWfDcyYXO +a42JM28CS8MVWS3Cp4GQXpsFKcA4kETJcvH3cWtmSGZNoYcBwATwHn8/m82jAjJ4 +OKsyLvaFmMJSXMW9i6yS4Tfyhjhpd1oU1gVBVkzMbfTqzTe0KbgAkHLhfWemW+J5 +4V/eQAECgYEA2nIMsEb+dW5+8LAtmNkwYy4IzcI8csg+mKqiMOCu/v0ML26YBU4K +Fx/KY+jjSKVjvRcq0GIVCzzSac9ZCZk4L6UOuRWW1JhCYRERbWT4TwgyWE48L51h +kstjwlCFy/9KYuS32gFJP5VU/c5eS8Q2EBq5z7NLcHBpRHjiydUul78CgYEAwoGj +Yz8BlL/hkEaGj/7U8op6r4JEiv+kzFav2m64lhvo0a1YvI5oAkYBcmCibhproQ14 +QpbPuqUPpCp0wiMFPF/wAiXH+Jkp4dL0Kc7AxfhRnTxUTgWsbSUM2xE0VGsc9ZTH +3Ctofa9y2QC4sAEdaiBiQ0f8Qz3KDclAEGiX1AECgYEAwzhToKIBvF7gcSdxyHyp +Iqm8Um446XeNgZBU3IufuN/aqPUURQFmQR43GKzDmmO8S/vNVmehWOalQMx+TPay +YNoI212w6xOblvXS9knbI342x/Y7EW58Cd1crQabXCEtkE3JBLpLhNhnGV/5o4qZ +qjDISBd63uSHHxtNyoSLXC8CgYEAwZ523JadpksT6KCr1q9fn0iGNCvCu3Mbw2UP +jKrnCFYj/oVGbfx8QLcbPZZAWsXmGd3ktrSVeEBTP6IbtB1UWvNNYXXmh+s/q9Jo +xy1O7ELyS0kAyuIO8F8PWwrXQqmVnElMYji7vVFnS+jR8DJL65bs+fiwfucFOY/6 +O9tCOAECgYB14My0vSQQtlduACoc54flIXRpLhTfuAzcraGFAvhfJJfrna6hek0S +RH3OQWu4UIT54BohqPMMy1ijPCE5Os/qrBwazHJyH9EtUUzjHuyCQ9DiEQtY8woL +NNQyHNqAViYqeebHDY/xcCCdGuvXCJCom1RxDWKAQ0XSKsEZgnsDuQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/root.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/root.pem new file mode 100644 index 0000000000..b682d6fcaf --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/root.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +The root + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2b:cd:8e:76:ab:60:d4:bd:ab:bb:10:92:c3:00:e7:42:21:18:0e:35 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ea:b2:0e:76:57:a0:e7:a2:57:cd:01:4a:10:cc: + 75:ce:3c:96:e6:97:37:93:01:d8:be:b0:2f:3a:b5: + 86:30:a9:c0:98:b3:81:33:2c:05:3c:f3:b7:43:c0: + 14:b6:ac:15:22:3f:28:74:40:76:d9:0e:a8:58:42: + e7:02:51:e8:f1:1a:f1:bd:7d:14:2e:99:e4:ce:c1: + 8c:60:d2:4f:74:c3:e7:12:fe:8f:e0:ae:be:a5:9a: + 3b:e1:fc:72:ab:dd:fd:3a:2a:28:c6:9b:f4:fa:8e: + 9a:49:51:9a:68:40:ae:8d:81:8f:d0:17:f3:d8:a1: + 7c:c0:c7:42:ae:aa:02:73:eb:09:5f:84:00:4b:48: + a3:95:ea:8e:d0:cf:1f:da:c6:6d:43:df:c1:5d:0b: + 4a:88:4b:18:e5:27:92:02:35:94:e7:e5:6a:fb:79: + 3b:66:4e:16:eb:77:ce:bd:10:a9:37:f7:1f:dc:84: + 34:ed:cd:cc:c8:0e:c1:d4:95:3d:90:b8:29:02:f1: + a7:ff:80:50:44:cc:69:0f:61:b9:da:72:0d:eb:e2: + f7:21:30:5e:ea:25:af:6f:09:19:0a:e3:fa:57:23: + c2:b2:21:1b:a1:dc:2a:7c:31:8c:1a:cf:e3:73:62: + d0:37:08:ff:23:7f:b3:41:be:29:d1:b5:53:32:28: + cb:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + X509v3 Authority Key Identifier: + keyid:EE:72:D7:3C:89:7F:07:DD:6B:92:25:09:8C:AC:48:9F:03:BA:09:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a0:fb:e5:58:57:68:8c:59:99:c9:60:4b:92:0b:a4:b8:47:23: + ef:58:4e:13:ef:a1:75:af:25:53:d5:69:73:1d:46:71:21:8a: + b7:4d:20:bf:d2:29:17:0c:fd:4a:87:73:94:78:4f:5e:45:ed: + 14:5a:28:e8:fe:8b:1c:c8:e9:a4:24:69:cf:4f:6a:7c:60:6e: + fd:e7:e2:df:42:ab:68:23:d6:fe:72:55:84:1d:5b:c0:c7:26: + a1:48:50:5f:f2:fb:81:30:68:90:3a:9b:62:77:63:3d:e0:fe: + 5e:2d:df:5a:8f:8b:52:49:6c:7a:b3:8c:31:29:e5:3f:f0:dc: + 64:7f:6a:43:ca:4e:7a:d1:b7:e0:43:cf:b6:d1:c8:c3:6f:f1: + d0:03:26:99:cb:3c:6f:cc:d9:06:f8:c5:dd:c1:18:39:f2:5e: + a2:9c:62:63:66:20:1c:f3:dd:ab:5b:10:10:48:48:6e:cf:61: + bd:98:89:a5:58:d6:b9:99:35:83:4d:5a:69:06:c5:eb:92:4a: + 50:80:26:dd:cb:6f:68:60:8a:48:97:5b:7e:fe:22:81:42:93: + 2a:dc:b8:bb:95:aa:42:8b:fa:97:5d:1a:a5:4b:ce:2f:3a:72: + d2:8d:02:3e:de:a8:86:08:c0:cc:66:cc:1a:90:5b:fe:b8:2e: + f1:dd:a3:52 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUK82Odqtg1L2ruxCSwwDnQiEYDjUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDqsg52V6DnolfNAUoQzHXOPJbmlzeTAdi+sC86tYYwqcCYs4EzLAU887dD +wBS2rBUiPyh0QHbZDqhYQucCUejxGvG9fRQumeTOwYxg0k90w+cS/o/grr6lmjvh +/HKr3f06KijGm/T6jppJUZpoQK6NgY/QF/PYoXzAx0KuqgJz6wlfhABLSKOV6o7Q +zx/axm1D38FdC0qISxjlJ5ICNZTn5Wr7eTtmThbrd869EKk39x/chDTtzczIDsHU +lT2QuCkC8af/gFBEzGkPYbnacg3r4vchMF7qJa9vCRkK4/pXI8KyIRuh3Cp8MYwa +z+NzYtA3CP8jf7NBvinRtVMyKMvzAgMBAAGjgcswgcgwHQYDVR0OBBYEFO5y1zyJ +fwfda5IlCYysSJ8DugkKMB8GA1UdIwQYMBaAFO5y1zyJfwfda5IlCYysSJ8DugkK +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAoPvlWFdojFmZyWBLkgukuEcj71hOE++hda8lU9Vpcx1GcSGK +t00gv9IpFwz9SodzlHhPXkXtFFoo6P6LHMjppCRpz09qfGBu/efi30KraCPW/nJV +hB1bwMcmoUhQX/L7gTBokDqbYndjPeD+Xi3fWo+LUklserOMMSnlP/DcZH9qQ8pO +etG34EPPttHIw2/x0AMmmcs8b8zZBvjF3cEYOfJeopxiY2YgHPPdq1sQEEhIbs9h +vZiJpVjWuZk1g01aaQbF65JKUIAm3ctvaGCKSJdbfv4igUKTKty4u5WqQov6l10a +pUvOLzpy0o0CPt6ohgjAzGbMGpBb/rgu8d2jUg== +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/key_id_prioritization/target.pem b/pki/testdata/path_builder_unittest/key_id_prioritization/target.pem new file mode 100644 index 0000000000..29cb8faf2c --- /dev/null +++ b/pki/testdata/path_builder_unittest/key_id_prioritization/target.pem @@ -0,0 +1,94 @@ +[Created by: ./generate-certs.py] + +The target + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:02:f3:04:d9:5e:03:7a:c8:2e:74:12:5f:24:4a:0c:d0:f5:81:65 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:f9:0c:81:48:93:2b:15:7b:1c:c1:4a:7a:10: + 93:2c:14:f3:ee:66:2e:aa:c9:3b:a1:04:05:72:09: + 3f:ac:73:16:a4:eb:1a:e3:0e:9f:79:a5:17:0c:ed: + 1e:25:0a:0a:10:e8:b5:15:cd:91:ca:bc:a8:77:27: + b4:ab:bb:d7:ad:46:c7:ef:29:c4:e8:13:be:a1:f1: + 08:21:51:28:bf:c4:b2:6a:ed:5b:d2:77:7d:b9:cf: + 39:9b:7a:d3:77:72:29:91:b3:c9:e0:90:00:94:ef: + 7b:99:fd:ab:20:64:25:78:26:a1:fd:a0:58:cd:ab: + 43:49:52:4e:a7:31:34:a2:fa:df:3f:bf:bc:a6:1e: + 6b:1a:64:ac:1d:d0:66:78:dc:8e:8d:cd:42:62:31: + 9e:0b:9f:f9:fa:2b:cb:cb:19:90:7c:19:18:70:ff: + 22:1f:ae:82:ea:09:ca:e2:17:26:fd:35:b0:00:7b: + 02:35:1a:72:d5:f6:ad:42:bd:69:3b:ed:ba:c6:99: + 3a:b2:eb:bd:81:39:53:85:f2:70:19:44:83:d0:7f: + 7a:61:38:c1:fe:af:9b:c0:c1:e2:d5:36:71:a2:3e: + 89:3d:1d:20:3f:4c:3d:4e:f5:4f:e8:b8:02:84:de: + 26:e9:3e:7b:e3:56:e5:bd:75:f4:bf:ef:65:84:81: + c3:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 69:49:B6:6A:E7:D6:FA:2B:5E:FC:24:DE:73:E4:A7:F0:4E:11:FF:FD + X509v3 Authority Key Identifier: + keyid:E8:21:00:1D:6B:A1:AB:30:01:FB:6E:A8:8D:FA:B9:69:48:C2:89:1F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 36:fd:c3:90:5e:a6:e7:a8:ac:8a:6f:60:41:56:d0:ac:2b:de: + b0:f4:1f:74:ac:fd:19:78:06:44:7f:8b:1f:00:72:64:6d:c2: + 42:ff:1b:43:64:2a:94:4c:ea:b2:9f:70:67:f2:b2:9c:cd:8d: + 86:dc:87:2b:75:a6:90:54:5f:3d:00:49:61:65:91:ab:77:86: + 06:2d:d0:ed:89:0d:87:5c:bc:ee:b3:29:c4:fa:65:27:e8:68: + ce:50:e4:7c:6e:15:a1:96:f5:d1:3f:93:0d:e0:09:1b:8c:85: + 9a:66:b7:4b:45:27:cf:2f:bb:e4:ef:aa:07:9d:2a:62:62:06: + e7:59:0b:9b:5f:a7:1d:95:94:b4:0a:06:db:0f:37:e6:0b:87: + 7e:31:96:00:b8:fc:c0:8d:fb:24:a7:67:ec:74:47:94:6d:22: + ba:f6:0c:9a:63:ed:99:ea:92:fd:51:ac:7c:5e:f5:6d:25:fd: + 69:b9:f5:d7:ad:a7:5f:9a:18:aa:25:7b:11:ee:3d:7c:c9:91: + 48:36:9d:ff:b0:45:b4:be:80:6e:3b:99:aa:b8:bb:12:ea:ab: + 90:f3:68:3d:41:c7:fd:f7:13:94:8d:54:99:3d:0d:6c:65:dc: + f3:ff:0b:1c:4f:f5:1e:02:3d:1e:2a:46:fe:43:7b:1c:af:c9: + 11:ea:9d:05 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUVwLzBNleA3rILnQSXyRKDND1gWUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE4 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEApfkMgUiTKxV7HMFKehCTLBTz7mYuqsk7oQQFcgk/rHMW +pOsa4w6feaUXDO0eJQoKEOi1Fc2Ryryodye0q7vXrUbH7ynE6BO+ofEIIVEov8Sy +au1b0nd9uc85m3rTd3IpkbPJ4JAAlO97mf2rIGQleCah/aBYzatDSVJOpzE0ovrf +P7+8ph5rGmSsHdBmeNyOjc1CYjGeC5/5+ivLyxmQfBkYcP8iH66C6gnK4hcm/TWw +AHsCNRpy1fatQr1pO+26xpk6suu9gTlThfJwGUSD0H96YTjB/q+bwMHi1TZxoj6J +PR0gP0w9TvVP6LgChN4m6T5741blvXX0v+9lhIHDvwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRpSbZq59b6K178JN5z5KfwThH//TAfBgNVHSMEGDAWgBToIQAda6GrMAH7 +bqiN+rlpSMKJHzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBADb9w5BepueorIpvYEFW0Kwr3rD0H3Ss/Rl4BkR/ix8AcmRtwkL/G0NkKpRM +6rKfcGfyspzNjYbchyt1ppBUXz0ASWFlkat3hgYt0O2JDYdcvO6zKcT6ZSfoaM5Q +5HxuFaGW9dE/kw3gCRuMhZpmt0tFJ88vu+TvqgedKmJiBudZC5tfpx2VlLQKBtsP +N+YLh34xlgC4/MCN+ySnZ+x0R5RtIrr2DJpj7Znqkv1RrHxe9W0l/Wm59detp1+a +GKolexHuPXzJkUg2nf+wRbS+gG47maq4uxLqq5DzaD1Bx/33E5SNVJk9DWxl3PP/ +CxxP9R4CPR4qRv5DexyvyRHqnQU= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/generate-certs.py b/pki/testdata/path_builder_unittest/self_issued_prioritization/generate-certs.py new file mode 100755 index 0000000000..c51be1a337 --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/generate-certs.py @@ -0,0 +1,38 @@ +#!/usr/bin/env python +# Copyright 2021 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +""" +A chain with a self-signed Root1 and a Root1 cross signed by Root2. The +cross-signed root has a newer notBefore date than the self-signed one. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +DATE_A = '150101120000Z' +DATE_B = '150102120000Z' +DATE_Z = '180101120000Z' + +root1 = gencerts.create_self_signed_root_certificate('Root1') +root1.set_validity_range(DATE_A, DATE_Z) + +root2 = gencerts.create_self_signed_root_certificate('Root2') +root2.set_validity_range(DATE_A, DATE_Z) + +root1_cross = gencerts.create_intermediate_certificate('Root1', root2) +root1_cross.set_key(root1.get_key()) +root1_cross.set_validity_range(DATE_B, DATE_Z) + +target = gencerts.create_end_entity_certificate('Target', root1) +target.set_validity_range(DATE_A, DATE_Z) + +gencerts.write_chain('Root1', [root1], out_pem='root1.pem') +gencerts.write_chain('Root2', [root2], out_pem='root2.pem') +gencerts.write_chain( + 'Root1 cross-signed by Root2, with a newer notBefore date' + ' than Root1', [root1_cross], + out_pem='root1_cross.pem') +gencerts.write_chain('Target', [target], out_pem='target.pem') diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root1.key b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root1.key new file mode 100644 index 0000000000..b412eace95 --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApagcdbTZPBEtn/K19fdd4vQFel9Ucoq/qsAPfGjPD9xQrgX7 +A0wY1+ibbMODr6iVSuwVs4AjyXypZ0vKNGtxLwg7xpO+9dfxunto5FMlEVtpklB4 +2HneSpG4p1OTutyQOytX1a4NblVqNF6BDIkKeTv/0ivoAVzJcbvun+xkQZ/waVQB +OB+GYY9PXCzdHJVKXBVFfVON7Qjk3R5JJW4oZAkMSrHFRUR7O3UgOcmeu7D0TyVZ +LayeUojZJKUnP1hHFwHAIZefZ5Dw2Dd0aZhNjWzhADlTADkjXcEYspunNvyEE7kn +5voz8c8T3JceOeMZIlGtO31KVea/0a5MFPrd6QIDAQABAoIBADqb/u26PX2eCklj +4vMSQPpyIZoJLmSUKHnuF8yJfHD9HuJjJUsmWkfReWQCzI2SlLd8TbVDaeX4oCr2 +yqS/Or1MKXH5hf+PFmxHC3Z04FGCyRhGNmtIutghNHanAEaFkNYOYLYuLXxS5g9/ +PCNGPRllm/4tIJmSzYba2fNk/Jemv9uO0joh/IrQVGkYE2UD+pqmTJ+mpOrQtZB6 +uOa3DHvvZEXrxYuTK2g6z4FbGnDSGOpkD33jGXCeVd3bQSINO9+ccsApGltRxpC9 +/GTLgfoSM8e1hC6n/f77uTJj4pWzFMc39fLUxCvEZcg3XU1qsuK0Q7r8UsWf6jZO +H1YSD4ECgYEA1tc218pKJKCgDWdSsJTzNKoXH++LZZHNKHfKHamHRDEYeFhsoqjy +uwo1CROn3GaluJOqi0oR1TEQYgE59JfGFYJ0wFWH2g8wIVmrlUUPGB/mUlOMFXJp +yhOplJzt+B1hs9s1D29bfgBBkZtzF6n081sGuiJqBgsUavv9zc0f+TECgYEAxWSv +YwdaBy2e0BbfzJ5W9QqElf4Ye7gqsiuJ7DSAoWoF5Sh33KcyknUgQIcNGrEHXzvW +uuv6XHMTG0+c+vkdB+ocxyEypIRDa+mtzyWvbxvjkMjFnpPTP/7aUMcGGRKsxXEX +XX7umdmnjDTUKam10JK8zqZiWo/XHSHSev0KAjkCgYBJV500W62mBWO+T6iN+btx +HiPY1ikLWpPkHcjVCXvRDsWgx+cGPJDow1pJp/klJ7GpalfNR1MBKcfC/VIwquOH +kkqTIl/HVGoE6JzHz5SQkstJDZaD99QflUjOICipDDa/dLUPeN+OCz5XG+9Vg8LI +lSmdv4PcXknxH+eMK1uf8QKBgQCYN55wNTkdk/aF7T3D4s6Xw/aeXAWxUkHKh3yi +Y5JV5xaIsn5L77s16ZBncj2Oubk/nTtnhZXZOPwg8XHSr8vNUKHEhTsyVrRPQTJB +LYRtoAoKmmiactBS50qfQ/rV1urYju8/sCR7C7cCjbKWNkL4hk+G5BOwVn/B/VT8 +dqkDMQKBgQDCV+v1Xvz6i6qQ2AwrxSRJoRadfciOvA6SIrpac2esbpcfhPhqW3lF +jcRDcxNrkd6iEnAO3K8TnYvdYWse1Kti8u1CRqRemM+cfv6eXtVXW+Vh5/z5s7jI +msx+4VDZmGdNaNyp6Q4vKtmlF2m55zx+vmGpJ8chf1hadTeUBRnxHw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root2.key b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root2.key new file mode 100644 index 0000000000..eb255446a3 --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Root2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1jB4sg1hvS7dGxGRVu0T+YaHnCwv0HPRmknV4jUmJ5/MxmjG +yCu+J+gws6kSKo+564+jm+OaVJRuKSBWsLsRBgg4pufzdXp1/cNW4Izv8WZbf0pZ +Z1pn3HtrytBTV/r9/Fw4V3uhuFoYOjaQP/wOBBcOcHK0TWytK+YXyHRmhKIRc3/O +UjvN+8fs4SnEX0342qo4Kn9gFQNdyD3p3V9VXjOOxcEQpEN7UpGkJ5lXeqmXKCuh +uZHCWL9wP1in/uFvhmcmmTCtHDKvogMRtJMIL88X/DqZLwZFtqQxJqqdsm2tInCI +0ed9Tc41c8W8s+uycLniLyvf3onD4qSqVeWA2QIDAQABAoIBAE6ZxxEAHCgCtJ0k +W0OdCMF+/vDuvjUu63JFOjoi6veLiugctyXp94RJjuW/W61GxSGOuqmQYqg7OBnb +hjSg0WR3S+LkJ9GquPYA4zbQQZVCzLzvmdN1t7uPh0UMIimdL+uWJA7mjbhLR6zF +LTZt1u7lTyUw0r2+7eW4MG4dWSm+a+8xoEhcO4g1ZFicx7kD/nkQmUBJf1utf7hz +Kq/8W43tWZy0f9tsHIyQO39+i1LQx1IELkss99/uDRLV6WXMK7+HUT5yvLHnu7y7 +ONHi0lEfp6rcpkRJn0nj60RZh1CfVtG7lJFnV14v9fS8U5+/WPEQ+8zPtBdZjC65 +xxnAowECgYEA64c6vWE/gyv/V6q1CY2bwwyEWKPsgGRUvaMkzNddL3R8+H7d7hyl +lGJEK/ldgPnVvvTgigQyxGodXz+n9Lt+RQlOwcWpYWUMXFM8F5q9H6cuhCH8ieNc +hSWGJg/6unld801aMMnAtm/0bzsmVEnWqX1XuB1ZPkjsB2drtdbD0XECgYEA6M5t +ZKDkEQdWgrZpfFEdG4twKxeWF5qTNjYkIQN2wLO8bNOgpLZz8RuNspm4qvPqJ2h/ +8ymCo8j5QWETq5S8tlbT4LAle2VaVpTOy3dcpOYxUBsACG43Xvu9ssdw5aXyllUN +FHivnTr50Aydh9YMrq5YFd5Z7zFexLeep4VJcekCgYEAqPL5JM30hEB0SsuOT4r/ +95sr+HWl+bd+vgWgKTw3gQn7dzlyMxLjh5wxsKWQ+Cq+s9rukrJORGymIyQDc99m +xVjW4NLMHKwigLvIOFpsXZ9ME8ZZZAPu4ye2oekGfur+hL+w+ZxPm86VNZDlfsL0 +s+HQoaaT1MT0Yp9COU8UalECgYEA4AOyc7/1dQVQk1qfSkZq8dRMzMpXXMMaoHGc +dj/1BxxsVXOWAqimC/1tbcxJTAaE7AK8C+mHkb6TSfv1h4cJx5LpMi2NA53VPbbW +/iYO+YWfMeupLnOPyFAIi30p/3Cda1bPzUEMCwly1GUvOEQZ1ARjMjfQ5j7lZ/kg +KyYwM/ECgYEAuQqeDFhgdnFtYRN/AO/N9Q/S3gHVAtYcqyfZOC/5o03MLcXqbcmU +IZZZWN9Evkf/G86yKOziqv6xGSxp5aK1yxYhXiNs9tXUIRGpq0Ee3bxhYVoz06eX +xmgPLn63FXtj5PYOGHX4LNIlO6O7VT3c28CPHrnRouz3I5IlPYTdBMU= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Target.key b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Target.key new file mode 100644 index 0000000000..21edd91e8a --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAyWgiFJQW8rTfUvY1f9wFEjzBI0t7yfxXvdoPRUXgyDEPIMDj +SV0Ch0TWolpl+c4pw7DdpS79xQH6jZVOCU5OsXmHMjkxTxC3t7WLfyT8E8wdFCO9 +hR9+UnMxfVjiJ0mVPb02WoPu0DGVd6wDHXC3ki9oatjODgcOivDSdPBVW/bHr2Dq +ZnXpfRZWT6tLx+gPgvnnEMFzVefuygaGWkKprbm0nX2eLoTthrR5L7NDaelKLPBi +xVY2F804pzW8oBMGNx4Sk/pw5m9EiUlRTe190usBTINEKw/U43Yf1WCiVodYzAX6 +WJcWMxgvA6pM9tLu+ISVoTLdIm98a8TahDm8KQIDAQABAoIBAQCjoNJvXZD3RjNZ +t2Xnpt0H4AwZnK3JgBXYzFwzr33bpt/fgFYnuEThmO+3nzHSLciIkBzCotbRQ7ZH +aNGphdExJsbL6uNAlRhtTDU06ttRSjclsZO7n8aFPckrSRcTTBjPu/V4vE89HcuN +Gla9iGHbhmCSzek6RElwYA7bqpXuy7JF9/rqOGDs2GsO45XNtFrxgcNKYwHR5HxM ++GmvL1GhL9nzdr7X1KWuaZ5PlNoN77tDO0Z4Wvg386JJSysh1taobY4OKTK/7Ojt +CaAPL2pjyUxxoOcGLf0tKBbzVcKrj5s1uAHRSc7R9RgqxmI0UQDyKEuwERtoQ3H9 +Y/OTdxjxAoGBAO1UkC18vWpL9wSwe4BR8MPXfI44/klk+Z9zkHJ8AP9nYFFhsXrK +kLYugcMtLtnx8MF9s+EAYX3Hk19+3u7VoBj52yMejkPnDPUiyfH6GxrkLRwFQWAq +Jtd1hCJkw46Vvcuju7+pUNh4xOc1J8zgWVd/3ziXKJ+pL6iMKEBNTBcTAoGBANlA +ISTBn/rZYOaxrOWhMIv5NCBMpQuRs3y87VLk4wT9oAMw8nT6979l0V+OJaqOZ/+B +kR7XM0yAtgoFrPZO6TPTNsm1C9tBWibPoLc75kPWgrx5Bh0grUbrfLE0x1vxx7EY +lLywLhqrK7WpZgguYmkqBMjpNPAsOtXtZFMFC9tTAoGBANVpWUzOArX3IWVCHYxC +IrK4rvRlI6Rz/FP540ZPY8ZG+0GzC5lTVdW89ErB8oNhIBGeK4aEhSZJtKgGugki +aBiNdRSbgWpl9izo35eMQ5tm23l68FK9FLhioDMdUQyCcm0QCuBKLLy7vLP8BJIi +m7Qm9F867fjEdmqlvfw0hdupAoGBAJgV693mao9aVBrLsUUDxY+HwnUGEth5hFRD +kkRglYit4LG7N1CrTHrB1YP2Z+nxTV6yHpyffHsG8+kqNf4sGdc8+nLUeltgcbMP +0OvVVAqThexZMO19LbCjNCR91T5JkUkp8x3wnCXxRGUlFJePmTcTwku/7l5gKEQQ +rxXrR3SfAoGAdZs2nKv7b/0LvikwA6iZYAY9882gI7VcPJ1HRtRTzsvQC1HJg9DU +xUbJ5KfY1/RHS1ExuJG1Cdp4rrUlfCZXyu5nDm9Qdm7+FZ0MNfQuD9c16/j+yaff +aRkMdQxI79qunpJFVIr2hmSoNS6i52SSWVEgdmg+ZL0OCNfSrn6TqBs= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/root1.pem b/pki/testdata/path_builder_unittest/self_issued_prioritization/root1.pem new file mode 100644 index 0000000000..0bf1ac170f --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/root1.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Root1 + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1d:33:87:4d:4c:f3:d4:64:de:94:46:a2:5e:14:0b:00:c1:88:83:5b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root1 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:a8:1c:75:b4:d9:3c:11:2d:9f:f2:b5:f5:f7: + 5d:e2:f4:05:7a:5f:54:72:8a:bf:aa:c0:0f:7c:68: + cf:0f:dc:50:ae:05:fb:03:4c:18:d7:e8:9b:6c:c3: + 83:af:a8:95:4a:ec:15:b3:80:23:c9:7c:a9:67:4b: + ca:34:6b:71:2f:08:3b:c6:93:be:f5:d7:f1:ba:7b: + 68:e4:53:25:11:5b:69:92:50:78:d8:79:de:4a:91: + b8:a7:53:93:ba:dc:90:3b:2b:57:d5:ae:0d:6e:55: + 6a:34:5e:81:0c:89:0a:79:3b:ff:d2:2b:e8:01:5c: + c9:71:bb:ee:9f:ec:64:41:9f:f0:69:54:01:38:1f: + 86:61:8f:4f:5c:2c:dd:1c:95:4a:5c:15:45:7d:53: + 8d:ed:08:e4:dd:1e:49:25:6e:28:64:09:0c:4a:b1: + c5:45:44:7b:3b:75:20:39:c9:9e:bb:b0:f4:4f:25: + 59:2d:ac:9e:52:88:d9:24:a5:27:3f:58:47:17:01: + c0:21:97:9f:67:90:f0:d8:37:74:69:98:4d:8d:6c: + e1:00:39:53:00:39:23:5d:c1:18:b2:9b:a7:36:fc: + 84:13:b9:27:e6:fa:33:f1:cf:13:dc:97:1e:39:e3: + 19:22:51:ad:3b:7d:4a:55:e6:bf:d1:ae:4c:14:fa: + dd:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 86:77:D5:7B:44:F7:3E:30:B9:FB:61:E3:20:24:5D:95:D0:6C:81:87 + X509v3 Authority Key Identifier: + keyid:86:77:D5:7B:44:F7:3E:30:B9:FB:61:E3:20:24:5D:95:D0:6C:81:87 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root1.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 95:df:96:7a:9e:70:f7:00:6c:48:df:a8:3c:64:42:51:f1:81: + 13:3d:ec:c9:73:41:5f:21:36:fb:45:e9:36:f4:ec:12:a0:9b: + 19:70:6e:72:ee:d3:34:e1:3f:5f:b7:d4:58:03:fe:a3:6f:0b: + e1:6f:6b:f6:8d:34:cd:fb:96:83:84:47:d4:65:12:3b:8a:d7: + f3:4d:f5:c7:69:59:b0:53:a7:be:a6:73:64:4b:50:63:f8:32: + 88:f7:ff:13:bc:31:5b:3d:d4:4f:73:32:94:98:e7:e7:a6:84: + 39:7e:b3:eb:d8:2f:da:08:36:d0:60:52:b6:6a:f2:df:8d:f2: + 6f:53:56:1d:19:e9:c1:b9:a0:62:da:cd:41:1d:15:bc:29:02: + eb:9b:1a:c3:80:f3:58:a1:ed:14:43:3e:fc:ec:38:cd:5b:bf: + 58:20:30:96:1e:ef:da:30:7f:b6:10:f3:fa:e8:77:0a:28:80: + 79:b0:aa:c3:02:26:da:36:6e:50:f8:c6:c3:b0:5f:57:48:f3: + b6:be:5e:1f:c4:ef:84:46:5e:93:cb:35:a2:3f:b9:56:7a:77: + 47:bd:78:68:03:ab:31:9d:3b:b5:2f:da:b2:87:9a:fa:b0:93: + fa:de:5f:93:bb:f3:b4:96:c5:b6:f1:ba:85:0c:66:b4:81:f8: + df:5c:52:c0 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUHTOHTUzz1GTelEaiXhQLAMGIg1swDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDEwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjAQMQ4wDAYDVQQDDAVSb290MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKWoHHW02TwRLZ/ytfX3XeL0BXpfVHKKv6rAD3xozw/cUK4F+wNMGNfo +m2zDg6+olUrsFbOAI8l8qWdLyjRrcS8IO8aTvvXX8bp7aORTJRFbaZJQeNh53kqR +uKdTk7rckDsrV9WuDW5VajRegQyJCnk7/9Ir6AFcyXG77p/sZEGf8GlUATgfhmGP +T1ws3RyVSlwVRX1Tje0I5N0eSSVuKGQJDEqxxUVEezt1IDnJnruw9E8lWS2snlKI +2SSlJz9YRxcBwCGXn2eQ8Ng3dGmYTY1s4QA5UwA5I13BGLKbpzb8hBO5J+b6M/HP +E9yXHjnjGSJRrTt9SlXmv9GuTBT63ekCAwEAAaOBzTCByjAdBgNVHQ4EFgQUhnfV +e0T3PjC5+2HjICRdldBsgYcwHwYDVR0jBBgwFoAUhnfVe0T3PjC5+2HjICRdldBs +gYcwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzAChhxodHRwOi8vdXJsLWZvci1h +aWEvUm9vdDEuY2VyMC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly91cmwtZm9yLWNy +bC9Sb290MS5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAJXflnqecPcAbEjfqDxkQlHxgRM97MlzQV8hNvtF6Tb0 +7BKgmxlwbnLu0zThP1+31FgD/qNvC+Fva/aNNM37loOER9RlEjuK1/NN9cdpWbBT +p76mc2RLUGP4Moj3/xO8MVs91E9zMpSY5+emhDl+s+vYL9oINtBgUrZq8t+N8m9T +Vh0Z6cG5oGLazUEdFbwpAuubGsOA81ih7RRDPvzsOM1bv1ggMJYe79owf7YQ8/ro +dwoogHmwqsMCJto2blD4xsOwX1dI87a+Xh/E74RGXpPLNaI/uVZ6d0e9eGgDqzGd +O7Uv2rKHmvqwk/reX5O787SWxbbxuoUMZrSB+N9cUsA= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/root1_cross.pem b/pki/testdata/path_builder_unittest/self_issued_prioritization/root1_cross.pem new file mode 100644 index 0000000000..fc4801e701 --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/root1_cross.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Root1 cross-signed by Root2, with a newer notBefore date than Root1 + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:47:37:3c:b9:4f:bb:12:00:66:59:ff:23:75:4d:4e:db:ec:3b:b0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root2 + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:a8:1c:75:b4:d9:3c:11:2d:9f:f2:b5:f5:f7: + 5d:e2:f4:05:7a:5f:54:72:8a:bf:aa:c0:0f:7c:68: + cf:0f:dc:50:ae:05:fb:03:4c:18:d7:e8:9b:6c:c3: + 83:af:a8:95:4a:ec:15:b3:80:23:c9:7c:a9:67:4b: + ca:34:6b:71:2f:08:3b:c6:93:be:f5:d7:f1:ba:7b: + 68:e4:53:25:11:5b:69:92:50:78:d8:79:de:4a:91: + b8:a7:53:93:ba:dc:90:3b:2b:57:d5:ae:0d:6e:55: + 6a:34:5e:81:0c:89:0a:79:3b:ff:d2:2b:e8:01:5c: + c9:71:bb:ee:9f:ec:64:41:9f:f0:69:54:01:38:1f: + 86:61:8f:4f:5c:2c:dd:1c:95:4a:5c:15:45:7d:53: + 8d:ed:08:e4:dd:1e:49:25:6e:28:64:09:0c:4a:b1: + c5:45:44:7b:3b:75:20:39:c9:9e:bb:b0:f4:4f:25: + 59:2d:ac:9e:52:88:d9:24:a5:27:3f:58:47:17:01: + c0:21:97:9f:67:90:f0:d8:37:74:69:98:4d:8d:6c: + e1:00:39:53:00:39:23:5d:c1:18:b2:9b:a7:36:fc: + 84:13:b9:27:e6:fa:33:f1:cf:13:dc:97:1e:39:e3: + 19:22:51:ad:3b:7d:4a:55:e6:bf:d1:ae:4c:14:fa: + dd:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 86:77:D5:7B:44:F7:3E:30:B9:FB:61:E3:20:24:5D:95:D0:6C:81:87 + X509v3 Authority Key Identifier: + keyid:1D:72:01:C8:EE:64:3A:DC:AA:28:84:0B:52:D4:11:A4:CC:29:44:15 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root2.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 80:ac:8a:c3:4b:66:3a:07:1b:a1:a1:26:fd:62:13:c2:c9:52: + 3f:0a:49:de:47:46:16:f8:14:e3:30:6b:21:9b:d4:59:63:94: + 63:9b:43:05:b5:20:da:8a:26:a3:f7:6b:b4:a4:27:72:6a:48: + be:6a:30:f4:ac:64:c6:7d:45:47:28:7f:fc:4d:2f:eb:45:d8: + 7d:92:49:14:5e:61:72:d2:d7:2c:cc:d5:f6:fc:60:41:6c:0a: + 0c:4c:ce:99:f1:b4:15:c5:73:c1:83:cb:66:6f:12:b3:fc:bc: + 9e:2b:32:34:b6:32:f8:49:7e:6a:a4:73:ee:e4:30:0b:12:b6: + 5b:90:a3:23:7d:cf:51:0b:89:4f:cb:f5:f3:23:ee:87:bb:76: + bd:72:33:88:f0:51:6b:40:77:d4:89:e3:34:dc:00:35:5a:d5: + ec:c9:01:b3:e9:b1:31:6b:a2:b8:74:30:8a:d6:db:eb:9c:e6: + 31:af:42:46:b9:c0:c0:2d:4b:0d:1a:40:fb:a5:4e:fc:ff:68: + 32:34:2e:88:49:e3:8c:d0:70:48:3b:56:fc:bf:d6:d9:0e:e6: + 36:8d:36:d2:d0:45:e6:33:8b:b0:be:6a:6b:7c:5f:3b:bf:49: + 4f:2a:d5:fe:85:7d:59:15:be:34:0b:90:8f:53:1b:cd:8d:14: + ee:2a:9b:a3 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUC0c3PLlPuxIAZln/I3VNTtvsO7AwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDIwHhcNMTUwMTAyMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjAQMQ4wDAYDVQQDDAVSb290MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKWoHHW02TwRLZ/ytfX3XeL0BXpfVHKKv6rAD3xozw/cUK4F+wNMGNfo +m2zDg6+olUrsFbOAI8l8qWdLyjRrcS8IO8aTvvXX8bp7aORTJRFbaZJQeNh53kqR +uKdTk7rckDsrV9WuDW5VajRegQyJCnk7/9Ir6AFcyXG77p/sZEGf8GlUATgfhmGP +T1ws3RyVSlwVRX1Tje0I5N0eSSVuKGQJDEqxxUVEezt1IDnJnruw9E8lWS2snlKI +2SSlJz9YRxcBwCGXn2eQ8Ng3dGmYTY1s4QA5UwA5I13BGLKbpzb8hBO5J+b6M/HP +E9yXHjnjGSJRrTt9SlXmv9GuTBT63ekCAwEAAaOBzTCByjAdBgNVHQ4EFgQUhnfV +e0T3PjC5+2HjICRdldBsgYcwHwYDVR0jBBgwFoAUHXIByO5kOtyqKIQLUtQRpMwp +RBUwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzAChhxodHRwOi8vdXJsLWZvci1h +aWEvUm9vdDIuY2VyMC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly91cmwtZm9yLWNy +bC9Sb290Mi5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAICsisNLZjoHG6GhJv1iE8LJUj8KSd5HRhb4FOMwayGb +1FljlGObQwW1INqKJqP3a7SkJ3JqSL5qMPSsZMZ9RUcof/xNL+tF2H2SSRReYXLS +1yzM1fb8YEFsCgxMzpnxtBXFc8GDy2ZvErP8vJ4rMjS2MvhJfmqkc+7kMAsStluQ +oyN9z1ELiU/L9fMj7oe7dr1yM4jwUWtAd9SJ4zTcADVa1ezJAbPpsTFrorh0MIrW +2+uc5jGvQka5wMAtSw0aQPulTvz/aDI0LohJ44zQcEg7Vvy/1tkO5jaNNtLQReYz +i7C+amt8Xzu/SU8q1f6FfVkVvjQLkI9TG82NFO4qm6M= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/root2.pem b/pki/testdata/path_builder_unittest/self_issued_prioritization/root2.pem new file mode 100644 index 0000000000..4c2474dccd --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/root2.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Root2 + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:47:37:3c:b9:4f:bb:12:00:66:59:ff:23:75:4d:4e:db:ec:3b:af + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root2 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d6:30:78:b2:0d:61:bd:2e:dd:1b:11:91:56:ed: + 13:f9:86:87:9c:2c:2f:d0:73:d1:9a:49:d5:e2:35: + 26:27:9f:cc:c6:68:c6:c8:2b:be:27:e8:30:b3:a9: + 12:2a:8f:b9:eb:8f:a3:9b:e3:9a:54:94:6e:29:20: + 56:b0:bb:11:06:08:38:a6:e7:f3:75:7a:75:fd:c3: + 56:e0:8c:ef:f1:66:5b:7f:4a:59:67:5a:67:dc:7b: + 6b:ca:d0:53:57:fa:fd:fc:5c:38:57:7b:a1:b8:5a: + 18:3a:36:90:3f:fc:0e:04:17:0e:70:72:b4:4d:6c: + ad:2b:e6:17:c8:74:66:84:a2:11:73:7f:ce:52:3b: + cd:fb:c7:ec:e1:29:c4:5f:4d:f8:da:aa:38:2a:7f: + 60:15:03:5d:c8:3d:e9:dd:5f:55:5e:33:8e:c5:c1: + 10:a4:43:7b:52:91:a4:27:99:57:7a:a9:97:28:2b: + a1:b9:91:c2:58:bf:70:3f:58:a7:fe:e1:6f:86:67: + 26:99:30:ad:1c:32:af:a2:03:11:b4:93:08:2f:cf: + 17:fc:3a:99:2f:06:45:b6:a4:31:26:aa:9d:b2:6d: + ad:22:70:88:d1:e7:7d:4d:ce:35:73:c5:bc:b3:eb: + b2:70:b9:e2:2f:2b:df:de:89:c3:e2:a4:aa:55:e5: + 80:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1D:72:01:C8:EE:64:3A:DC:AA:28:84:0B:52:D4:11:A4:CC:29:44:15 + X509v3 Authority Key Identifier: + keyid:1D:72:01:C8:EE:64:3A:DC:AA:28:84:0B:52:D4:11:A4:CC:29:44:15 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root2.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + bb:6b:16:f0:c6:62:c7:c6:9a:9b:08:18:fe:2d:61:7e:65:38: + 6d:ab:53:bf:02:d1:bf:c7:1b:8b:fa:7b:71:34:da:28:88:5a: + 19:36:f3:d1:d2:49:6b:0b:73:8c:81:a1:94:f5:18:31:91:27: + 26:87:b2:62:6f:b3:6d:02:64:bb:47:6b:2d:10:2e:7b:65:08: + 9c:09:08:9b:b3:3e:22:09:90:bf:82:c6:09:ae:c1:13:4f:6e: + 05:b0:99:ca:a3:5f:48:77:63:68:f0:71:75:0c:24:f0:cc:2c: + bd:a4:97:77:00:7b:cf:0c:da:de:6b:77:a4:03:d3:27:18:53: + 32:50:50:78:85:e0:7a:35:3a:59:88:21:da:61:37:d5:d7:cd: + 7c:8f:04:d4:89:9a:62:4d:52:97:f9:a4:98:cf:6c:3c:40:60: + 28:5f:ac:2f:c3:7b:f0:16:0a:12:79:ef:92:d1:e8:0a:04:69: + a0:f1:1b:0b:c4:a0:82:33:a5:3b:39:7d:37:70:a1:79:f3:d8: + f8:2d:27:2c:c8:84:34:03:52:39:e1:8e:24:2e:a4:97:64:d5: + 5d:38:20:6c:45:21:71:59:f5:3a:58:d0:08:0a:fd:68:6d:41: + fb:dc:f0:2b:13:23:0d:42:0a:1d:fa:57:bb:9c:94:de:ef:17: + e0:d0:97:4f +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUC0c3PLlPuxIAZln/I3VNTtvsO68wDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDIwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjAQMQ4wDAYDVQQDDAVSb290MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANYweLINYb0u3RsRkVbtE/mGh5wsL9Bz0ZpJ1eI1JiefzMZoxsgrvifo +MLOpEiqPueuPo5vjmlSUbikgVrC7EQYIOKbn83V6df3DVuCM7/FmW39KWWdaZ9x7 +a8rQU1f6/fxcOFd7obhaGDo2kD/8DgQXDnBytE1srSvmF8h0ZoSiEXN/zlI7zfvH +7OEpxF9N+NqqOCp/YBUDXcg96d1fVV4zjsXBEKRDe1KRpCeZV3qplygrobmRwli/ +cD9Yp/7hb4ZnJpkwrRwyr6IDEbSTCC/PF/w6mS8GRbakMSaqnbJtrSJwiNHnfU3O +NXPFvLPrsnC54i8r396Jw+KkqlXlgNkCAwEAAaOBzTCByjAdBgNVHQ4EFgQUHXIB +yO5kOtyqKIQLUtQRpMwpRBUwHwYDVR0jBBgwFoAUHXIByO5kOtyqKIQLUtQRpMwp +RBUwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzAChhxodHRwOi8vdXJsLWZvci1h +aWEvUm9vdDIuY2VyMC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly91cmwtZm9yLWNy +bC9Sb290Mi5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBALtrFvDGYsfGmpsIGP4tYX5lOG2rU78C0b/HG4v6e3E0 +2iiIWhk289HSSWsLc4yBoZT1GDGRJyaHsmJvs20CZLtHay0QLntlCJwJCJuzPiIJ +kL+CxgmuwRNPbgWwmcqjX0h3Y2jwcXUMJPDMLL2kl3cAe88M2t5rd6QD0ycYUzJQ +UHiF4Ho1OlmIIdphN9XXzXyPBNSJmmJNUpf5pJjPbDxAYChfrC/De/AWChJ575LR +6AoEaaDxGwvEoIIzpTs5fTdwoXnz2PgtJyzIhDQDUjnhjiQupJdk1V04IGxFIXFZ +9TpY0AgK/WhtQfvc8CsTIw1CCh36V7uclN7vF+DQl08= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/self_issued_prioritization/target.pem b/pki/testdata/path_builder_unittest/self_issued_prioritization/target.pem new file mode 100644 index 0000000000..0c1eb612f2 --- /dev/null +++ b/pki/testdata/path_builder_unittest/self_issued_prioritization/target.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Target + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1d:33:87:4d:4c:f3:d4:64:de:94:46:a2:5e:14:0b:00:c1:88:83:5c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root1 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c9:68:22:14:94:16:f2:b4:df:52:f6:35:7f:dc: + 05:12:3c:c1:23:4b:7b:c9:fc:57:bd:da:0f:45:45: + e0:c8:31:0f:20:c0:e3:49:5d:02:87:44:d6:a2:5a: + 65:f9:ce:29:c3:b0:dd:a5:2e:fd:c5:01:fa:8d:95: + 4e:09:4e:4e:b1:79:87:32:39:31:4f:10:b7:b7:b5: + 8b:7f:24:fc:13:cc:1d:14:23:bd:85:1f:7e:52:73: + 31:7d:58:e2:27:49:95:3d:bd:36:5a:83:ee:d0:31: + 95:77:ac:03:1d:70:b7:92:2f:68:6a:d8:ce:0e:07: + 0e:8a:f0:d2:74:f0:55:5b:f6:c7:af:60:ea:66:75: + e9:7d:16:56:4f:ab:4b:c7:e8:0f:82:f9:e7:10:c1: + 73:55:e7:ee:ca:06:86:5a:42:a9:ad:b9:b4:9d:7d: + 9e:2e:84:ed:86:b4:79:2f:b3:43:69:e9:4a:2c:f0: + 62:c5:56:36:17:cd:38:a7:35:bc:a0:13:06:37:1e: + 12:93:fa:70:e6:6f:44:89:49:51:4d:ed:7d:d2:eb: + 01:4c:83:44:2b:0f:d4:e3:76:1f:d5:60:a2:56:87: + 58:cc:05:fa:58:97:16:33:18:2f:03:aa:4c:f6:d2: + ee:f8:84:95:a1:32:dd:22:6f:7c:6b:c4:da:84:39: + bc:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9D:45:8A:F1:72:8E:7E:99:87:E6:1C:D0:CA:8D:6D:1B:FA:56:F1:54 + X509v3 Authority Key Identifier: + keyid:86:77:D5:7B:44:F7:3E:30:B9:FB:61:E3:20:24:5D:95:D0:6C:81:87 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root1.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 14:03:0f:eb:1c:a6:6c:22:49:f0:3d:6b:97:2c:ff:0c:d4:68: + 8e:6e:22:d3:e0:de:b5:40:f7:87:da:20:9d:62:91:29:c0:24: + 95:82:39:23:08:39:ac:61:64:5d:2c:84:99:2d:48:55:33:fc: + 4d:45:e7:6f:76:39:78:f5:59:a7:c7:ae:6b:a8:44:17:e5:3b: + c9:e6:1c:93:cd:9f:5e:8f:e9:f0:d6:82:39:e3:fc:38:fa:0d: + 37:a2:23:d8:c8:e2:50:6b:95:61:3d:1e:03:04:25:f6:03:1c: + 45:1a:79:0d:f2:e7:70:0f:2b:44:17:c4:d6:e1:a1:87:ad:e5: + 0d:53:84:3d:8d:7c:42:99:f8:91:cc:38:1b:cd:98:b5:a2:2a: + 47:0f:55:39:fc:ac:ba:07:40:e0:09:ec:26:ba:49:05:fe:e2: + 69:af:d0:f9:7e:ba:bb:05:cd:f6:f3:e4:3b:2c:4e:15:ee:68: + cb:b9:ac:99:7a:3a:2e:22:f7:22:ff:52:e3:b4:0f:18:e0:ef: + b8:eb:97:46:90:ed:e6:b6:dc:4a:f4:3e:dd:84:21:0e:4c:ca: + a2:de:76:ee:25:e3:f8:e7:a2:75:2d:a1:6a:3d:d7:24:b2:64: + 94:a3:34:76:24:95:cf:52:6c:1f:3a:96:36:38:94:91:85:70: + af:66:18:9b +-----BEGIN CERTIFICATE----- +MIIDizCCAnOgAwIBAgIUHTOHTUzz1GTelEaiXhQLAMGIg1wwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFUm9vdDEwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIw +MDAwWjARMQ8wDQYDVQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDJaCIUlBbytN9S9jV/3AUSPMEjS3vJ/Fe92g9FReDIMQ8gwONJXQKH +RNaiWmX5zinDsN2lLv3FAfqNlU4JTk6xeYcyOTFPELe3tYt/JPwTzB0UI72FH35S +czF9WOInSZU9vTZag+7QMZV3rAMdcLeSL2hq2M4OBw6K8NJ08FVb9sevYOpmdel9 +FlZPq0vH6A+C+ecQwXNV5+7KBoZaQqmtubSdfZ4uhO2GtHkvs0Np6Uos8GLFVjYX +zTinNbygEwY3HhKT+nDmb0SJSVFN7X3S6wFMg0QrD9Tjdh/VYKJWh1jMBfpYlxYz +GC8Dqkz20u74hJWhMt0ib3xrxNqEObwpAgMBAAGjgdswgdgwHQYDVR0OBBYEFJ1F +ivFyjn6Zh+Yc0MqNbRv6VvFUMB8GA1UdIwQYMBaAFIZ31XtE9z4wufth4yAkXZXQ +bIGHMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAoYcaHR0cDovL3VybC1mb3It +YWlhL1Jvb3QxLmNlcjAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vdXJsLWZvci1j +cmwvUm9vdDEuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBABQDD+scpmwiSfA9a5cs/wzU +aI5uItPg3rVA94faIJ1ikSnAJJWCOSMIOaxhZF0shJktSFUz/E1F5292OXj1WafH +rmuoRBflO8nmHJPNn16P6fDWgjnj/Dj6DTeiI9jI4lBrlWE9HgMEJfYDHEUaeQ3y +53APK0QXxNbhoYet5Q1ThD2NfEKZ+JHMOBvNmLWiKkcPVTn8rLoHQOAJ7Ca6SQX+ +4mmv0Pl+ursFzfbz5DssThXuaMu5rJl6Oi4i9yL/UuO0Dxjg77jrl0aQ7ea23Er0 +Pt2EIQ5MyqLedu4l4/jnonUtoWo91ySyZJSjNHYklc9SbB86ljY4lJGFcK9mGJs= +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/generate-certs.py b/pki/testdata/path_builder_unittest/validity_date_prioritization/generate-certs.py new file mode 100755 index 0000000000..b21cd77dcc --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/generate-certs.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +""" +A chain with four possible intermediates with different notBefore and notAfter +dates, for testing path bulding prioritization. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +DATE_A = '150101120000Z' +DATE_B = '150102120000Z' +DATE_C = '180101120000Z' +DATE_D = '180102120000Z' + + +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(DATE_A, DATE_D) + +int_ac = gencerts.create_intermediate_certificate('Intermediate', root) +int_ac.set_validity_range(DATE_A, DATE_C) + +int_ad = gencerts.create_intermediate_certificate('Intermediate', root) +int_ad.set_validity_range(DATE_A, DATE_D) +int_ad.set_key(int_ac.get_key()) + +int_bc = gencerts.create_intermediate_certificate('Intermediate', root) +int_bc.set_validity_range(DATE_B, DATE_C) +int_bc.set_key(int_ac.get_key()) + +int_bd = gencerts.create_intermediate_certificate('Intermediate', root) +int_bd.set_validity_range(DATE_B, DATE_D) +int_bd.set_key(int_ac.get_key()) + +target = gencerts.create_end_entity_certificate('Target', int_ac) +target.set_validity_range(DATE_A, DATE_D) + + +gencerts.write_chain('The root', [root], out_pem='root.pem') +gencerts.write_chain('Intermediate with validity range A..C', + [int_ac], out_pem='int_ac.pem') +gencerts.write_chain('Intermediate with validity range A..D', + [int_ad], out_pem='int_ad.pem') +gencerts.write_chain('Intermediate with validity range B..C', + [int_bc], out_pem='int_bc.pem') +gencerts.write_chain('Intermediate with validity range B..D', + [int_bd], out_pem='int_bd.pem') +gencerts.write_chain('The target', [target], out_pem='target.pem') + diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ac.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ac.pem new file mode 100644 index 0000000000..bf80f1a24d --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ac.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with validity range A..C + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:7f:a5:4d:e2:fa:3e:e7:33:f3:bb:f6:5a:0e:91:e9:b4:8a:75:7d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:16:8c:a1:af:8d:dd:0d:3a:6c:d7:a5:5d:70: + 64:e2:d2:15:be:7b:cb:ea:db:57:17:af:d8:f1:2c: + b6:e2:17:ae:11:2d:33:04:e5:ee:44:5c:2c:62:05: + ff:19:9e:0d:27:e3:21:c6:2b:3c:7e:db:56:5b:de: + 23:a5:26:e1:99:67:d4:4f:6a:3c:9a:85:5b:10:b7: + da:21:99:ba:c6:ea:a1:74:cb:b7:ca:d9:cc:c3:9e: + e7:eb:dd:d2:1e:f0:75:5d:2e:3e:0b:8b:c0:0d:f5: + 72:17:0f:2b:3a:41:ea:c0:ef:2d:8a:ee:aa:73:cb: + 6c:97:63:30:be:4a:f8:75:58:05:28:05:b2:3d:91: + 91:c9:d4:39:a6:25:a4:88:b9:2e:e6:af:9d:f6:ac: + 9d:4e:46:4b:76:e6:df:d8:aa:3c:6a:6e:5d:d4:67: + fb:61:86:bd:33:44:f0:7f:c2:13:9f:f2:72:85:fe: + 15:b6:51:20:0d:ee:28:e3:33:4d:4a:16:91:81:58: + 6a:a1:17:5e:33:f2:e9:4c:f2:64:9b:f1:d2:8c:8e: + 52:17:cd:26:f8:d1:6f:50:14:98:da:23:56:54:f6: + 62:5b:e6:cf:34:74:d3:40:fc:fd:31:38:5a:fb:0d: + 83:45:4a:7f:2e:fd:93:ef:93:4f:85:12:9e:f2:a3: + 91:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A5:15:6F:A5:45:D1:4A:85:AB:82:EC:DB:97:58:AA:6E:41:D1:44:A7 + X509v3 Authority Key Identifier: + keyid:08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 13:c3:c2:2d:1d:0c:3f:55:d9:e5:ee:f3:03:0a:b4:91:5a:f1: + 2d:8f:07:1d:48:b7:fa:7b:0b:8f:b0:65:37:07:c8:56:75:1d: + 49:b7:78:dd:cb:97:8e:85:b8:be:85:34:a7:39:60:40:b6:c9: + 25:06:ba:b6:11:8a:5e:28:cb:c5:fc:da:83:04:96:06:cd:38: + 1b:a0:ba:85:17:f5:66:01:fe:1e:73:94:c9:09:83:64:40:c6: + 76:ce:0f:db:d3:33:77:55:27:68:b3:c8:a0:a9:9f:1f:c0:c8: + c6:79:f4:9e:10:62:13:e0:f3:6a:f9:78:7f:b3:02:91:1f:75: + ce:e8:ef:8e:90:9f:eb:24:f3:42:ed:86:b2:de:30:c4:0d:9a: + 10:1a:3e:94:67:75:bd:d0:28:02:f1:6f:e6:6a:3f:ef:a6:d3: + f2:5d:6a:ef:5a:34:81:d2:8b:a9:a0:db:df:79:5b:58:c8:b8: + cd:09:bf:05:ce:d2:ce:ee:00:03:11:9c:27:01:1c:9d:b8:06: + 9a:42:8d:3f:3b:58:69:f4:c3:8c:3c:a9:e3:a7:1b:ad:f1:b0: + d0:e9:07:2a:a2:8e:bd:4b:69:38:1c:01:ce:ae:3a:98:8c:89: + 5b:96:93:e6:f7:5e:fd:d1:97:92:91:8f:05:c9:54:7a:74:ba: + 74:82:a4:22 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDn+lTeL6Pucz87v2Wg6R6bSKdX0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALoWjKGvjd0NOmzXpV1wZOLSFb57y+rbVxev2PEstuIXrhEt +MwTl7kRcLGIF/xmeDSfjIcYrPH7bVlveI6Um4Zln1E9qPJqFWxC32iGZusbqoXTL +t8rZzMOe5+vd0h7wdV0uPguLwA31chcPKzpB6sDvLYruqnPLbJdjML5K+HVYBSgF +sj2RkcnUOaYlpIi5LuavnfasnU5GS3bm39iqPGpuXdRn+2GGvTNE8H/CE5/ycoX+ +FbZRIA3uKOMzTUoWkYFYaqEXXjPy6UzyZJvx0oyOUhfNJvjRb1AUmNojVlT2Ylvm +zzR000D8/TE4WvsNg0VKfy79k++TT4USnvKjkQ0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUpRVvpUXRSoWrguzbl1iqbkHRRKcwHwYDVR0jBBgwFoAUCDyxVrqRP4ByMI9O +hXomLzSJdLUwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQATw8ItHQw/Vdnl7vMDCrSRWvEtjwcdSLf6ewuP +sGU3B8hWdR1Jt3jdy5eOhbi+hTSnOWBAtsklBrq2EYpeKMvF/NqDBJYGzTgboLqF +F/VmAf4ec5TJCYNkQMZ2zg/b0zN3VSdos8igqZ8fwMjGefSeEGIT4PNq+Xh/swKR +H3XO6O+OkJ/rJPNC7Yay3jDEDZoQGj6UZ3W90CgC8W/maj/vptPyXWrvWjSB0oup +oNvfeVtYyLjNCb8FztLO7gADEZwnARyduAaaQo0/O1hp9MOMPKnjpxut8bDQ6Qcq +oo69S2k4HAHOrjqYjIlblpPm91790ZeSkY8FyVR6dLp0gqQi +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ad.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ad.pem new file mode 100644 index 0000000000..5014f48fd8 --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_ad.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with validity range A..D + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:7f:a5:4d:e2:fa:3e:e7:33:f3:bb:f6:5a:0e:91:e9:b4:8a:75:7e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 2 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:16:8c:a1:af:8d:dd:0d:3a:6c:d7:a5:5d:70: + 64:e2:d2:15:be:7b:cb:ea:db:57:17:af:d8:f1:2c: + b6:e2:17:ae:11:2d:33:04:e5:ee:44:5c:2c:62:05: + ff:19:9e:0d:27:e3:21:c6:2b:3c:7e:db:56:5b:de: + 23:a5:26:e1:99:67:d4:4f:6a:3c:9a:85:5b:10:b7: + da:21:99:ba:c6:ea:a1:74:cb:b7:ca:d9:cc:c3:9e: + e7:eb:dd:d2:1e:f0:75:5d:2e:3e:0b:8b:c0:0d:f5: + 72:17:0f:2b:3a:41:ea:c0:ef:2d:8a:ee:aa:73:cb: + 6c:97:63:30:be:4a:f8:75:58:05:28:05:b2:3d:91: + 91:c9:d4:39:a6:25:a4:88:b9:2e:e6:af:9d:f6:ac: + 9d:4e:46:4b:76:e6:df:d8:aa:3c:6a:6e:5d:d4:67: + fb:61:86:bd:33:44:f0:7f:c2:13:9f:f2:72:85:fe: + 15:b6:51:20:0d:ee:28:e3:33:4d:4a:16:91:81:58: + 6a:a1:17:5e:33:f2:e9:4c:f2:64:9b:f1:d2:8c:8e: + 52:17:cd:26:f8:d1:6f:50:14:98:da:23:56:54:f6: + 62:5b:e6:cf:34:74:d3:40:fc:fd:31:38:5a:fb:0d: + 83:45:4a:7f:2e:fd:93:ef:93:4f:85:12:9e:f2:a3: + 91:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A5:15:6F:A5:45:D1:4A:85:AB:82:EC:DB:97:58:AA:6E:41:D1:44:A7 + X509v3 Authority Key Identifier: + keyid:08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:6a:28:e5:77:fe:bd:b2:3c:b5:ef:4e:7f:d2:20:c5:de:c8: + d9:60:36:1e:00:c5:9c:ea:a2:f8:3f:ac:c1:98:b9:a3:99:39: + ac:e3:68:91:a1:88:08:9e:f7:b9:8a:9e:04:59:72:22:09:fd: + 11:18:99:83:cf:79:29:b9:18:9b:34:66:6d:5e:0c:90:f8:98: + ae:c4:5a:57:fb:db:1c:d7:f9:56:c2:bb:bf:ae:36:bb:00:73: + 04:7e:f7:72:93:4f:6c:c0:3c:a1:8b:82:7b:a2:11:f5:87:65: + fe:e4:af:f4:4e:3d:6a:f0:e6:39:1e:58:5c:c9:10:35:c3:62: + 77:a5:1e:d6:0c:e2:12:74:d3:4c:ff:a9:10:c3:d0:af:d9:31: + 8f:69:04:d8:61:29:5a:1d:b7:90:95:4f:c0:d1:88:87:03:43: + fd:bd:e3:55:92:20:61:77:ce:89:64:a3:41:d2:72:b5:60:ff: + 47:61:22:8c:10:61:f4:d8:cb:6c:e3:5e:3f:ef:18:1e:3d:e1: + 9b:d0:64:7c:ff:8a:8a:d4:9f:06:b7:11:84:67:5d:dc:46:e6: + 6f:c4:35:59:42:c2:7f:f2:1b:7a:30:8f:88:4b:f2:8f:26:8d: + c5:aa:da:89:5d:a7:af:4e:13:da:ca:72:15:64:7d:e5:10:ee: + ee:72:d5:1b +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDn+lTeL6Pucz87v2Wg6R6bSKdX4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDIxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALoWjKGvjd0NOmzXpV1wZOLSFb57y+rbVxev2PEstuIXrhEt +MwTl7kRcLGIF/xmeDSfjIcYrPH7bVlveI6Um4Zln1E9qPJqFWxC32iGZusbqoXTL +t8rZzMOe5+vd0h7wdV0uPguLwA31chcPKzpB6sDvLYruqnPLbJdjML5K+HVYBSgF +sj2RkcnUOaYlpIi5LuavnfasnU5GS3bm39iqPGpuXdRn+2GGvTNE8H/CE5/ycoX+ +FbZRIA3uKOMzTUoWkYFYaqEXXjPy6UzyZJvx0oyOUhfNJvjRb1AUmNojVlT2Ylvm +zzR000D8/TE4WvsNg0VKfy79k++TT4USnvKjkQ0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUpRVvpUXRSoWrguzbl1iqbkHRRKcwHwYDVR0jBBgwFoAUCDyxVrqRP4ByMI9O +hXomLzSJdLUwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBvaijld/69sjy1705/0iDF3sjZYDYeAMWc6qL4 +P6zBmLmjmTms42iRoYgInve5ip4EWXIiCf0RGJmDz3kpuRibNGZtXgyQ+JiuxFpX ++9sc1/lWwru/rja7AHMEfvdyk09swDyhi4J7ohH1h2X+5K/0Tj1q8OY5HlhcyRA1 +w2J3pR7WDOISdNNM/6kQw9Cv2TGPaQTYYSlaHbeQlU/A0YiHA0P9veNVkiBhd86J +ZKNB0nK1YP9HYSKMEGH02Mts414/7xgePeGb0GR8/4qK1J8GtxGEZ13cRuZvxDVZ +QsJ/8ht6MI+IS/KPJo3FqtqJXaevThPaynIVZH3lEO7uctUb +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bc.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bc.pem new file mode 100644 index 0000000000..b054d7a7de --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bc.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with validity range B..C + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:7f:a5:4d:e2:fa:3e:e7:33:f3:bb:f6:5a:0e:91:e9:b4:8a:75:7f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:16:8c:a1:af:8d:dd:0d:3a:6c:d7:a5:5d:70: + 64:e2:d2:15:be:7b:cb:ea:db:57:17:af:d8:f1:2c: + b6:e2:17:ae:11:2d:33:04:e5:ee:44:5c:2c:62:05: + ff:19:9e:0d:27:e3:21:c6:2b:3c:7e:db:56:5b:de: + 23:a5:26:e1:99:67:d4:4f:6a:3c:9a:85:5b:10:b7: + da:21:99:ba:c6:ea:a1:74:cb:b7:ca:d9:cc:c3:9e: + e7:eb:dd:d2:1e:f0:75:5d:2e:3e:0b:8b:c0:0d:f5: + 72:17:0f:2b:3a:41:ea:c0:ef:2d:8a:ee:aa:73:cb: + 6c:97:63:30:be:4a:f8:75:58:05:28:05:b2:3d:91: + 91:c9:d4:39:a6:25:a4:88:b9:2e:e6:af:9d:f6:ac: + 9d:4e:46:4b:76:e6:df:d8:aa:3c:6a:6e:5d:d4:67: + fb:61:86:bd:33:44:f0:7f:c2:13:9f:f2:72:85:fe: + 15:b6:51:20:0d:ee:28:e3:33:4d:4a:16:91:81:58: + 6a:a1:17:5e:33:f2:e9:4c:f2:64:9b:f1:d2:8c:8e: + 52:17:cd:26:f8:d1:6f:50:14:98:da:23:56:54:f6: + 62:5b:e6:cf:34:74:d3:40:fc:fd:31:38:5a:fb:0d: + 83:45:4a:7f:2e:fd:93:ef:93:4f:85:12:9e:f2:a3: + 91:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A5:15:6F:A5:45:D1:4A:85:AB:82:EC:DB:97:58:AA:6E:41:D1:44:A7 + X509v3 Authority Key Identifier: + keyid:08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0a:b8:fe:ed:58:f8:43:b8:b0:63:1e:1b:e8:50:d0:7b:7c:2a: + 21:9f:9f:e7:9a:15:8b:f2:08:ed:34:04:90:d4:d0:d1:74:19: + 20:81:5f:31:e1:33:b9:03:25:fd:9c:2b:cc:62:8b:63:79:2a: + e7:04:d0:3e:45:4b:c4:f3:1f:7b:ea:68:b3:db:ae:f9:11:b2: + 18:a2:f6:b4:ea:b4:7b:2c:5b:fc:e9:53:4f:de:d8:fa:bc:fc: + cf:6e:89:c3:53:12:a7:4c:76:bd:1a:80:17:bc:c9:6d:80:5b: + dd:f3:3f:8a:fa:9b:b4:41:44:70:c3:2d:ec:10:82:d5:b6:07: + b2:ac:84:49:76:59:9b:8e:59:f6:bf:ef:54:c9:33:7c:15:67: + 3b:68:1b:b1:64:00:aa:8d:e8:c0:c0:27:8d:1f:ea:d0:da:bb: + 60:11:91:d8:dd:f4:82:88:c7:1b:2b:24:cc:1f:6c:6e:d4:a7: + 87:06:3f:fe:52:b4:ca:63:29:62:7e:45:ef:3c:25:35:78:e2: + 2f:a7:e7:d6:81:48:c4:29:0b:e2:28:5a:9f:79:72:c6:e9:6b: + 01:4f:22:1a:f4:ff:09:6b:96:f3:0b:4a:9d:c3:d7:87:93:be: + 3c:21:d8:84:37:10:4d:55:a4:c4:f9:07:b3:36:64:44:f0:a7: + fe:47:b1:42 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDn+lTeL6Pucz87v2Wg6R6bSKdX8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALoWjKGvjd0NOmzXpV1wZOLSFb57y+rbVxev2PEstuIXrhEt +MwTl7kRcLGIF/xmeDSfjIcYrPH7bVlveI6Um4Zln1E9qPJqFWxC32iGZusbqoXTL +t8rZzMOe5+vd0h7wdV0uPguLwA31chcPKzpB6sDvLYruqnPLbJdjML5K+HVYBSgF +sj2RkcnUOaYlpIi5LuavnfasnU5GS3bm39iqPGpuXdRn+2GGvTNE8H/CE5/ycoX+ +FbZRIA3uKOMzTUoWkYFYaqEXXjPy6UzyZJvx0oyOUhfNJvjRb1AUmNojVlT2Ylvm +zzR000D8/TE4WvsNg0VKfy79k++TT4USnvKjkQ0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUpRVvpUXRSoWrguzbl1iqbkHRRKcwHwYDVR0jBBgwFoAUCDyxVrqRP4ByMI9O +hXomLzSJdLUwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAKuP7tWPhDuLBjHhvoUNB7fCohn5/nmhWL8gjt +NASQ1NDRdBkggV8x4TO5AyX9nCvMYotjeSrnBNA+RUvE8x976miz2675EbIYova0 +6rR7LFv86VNP3tj6vPzPbonDUxKnTHa9GoAXvMltgFvd8z+K+pu0QURwwy3sEILV +tgeyrIRJdlmbjln2v+9UyTN8FWc7aBuxZACqjejAwCeNH+rQ2rtgEZHY3fSCiMcb +KyTMH2xu1KeHBj/+UrTKYylifkXvPCU1eOIvp+fWgUjEKQviKFqfeXLG6WsBTyIa +9P8Ja5bzC0qdw9eHk748IdiENxBNVaTE+QezNmRE8Kf+R7FC +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bd.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bd.pem new file mode 100644 index 0000000000..1800f362f4 --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/int_bd.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +Intermediate with validity range B..D + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:7f:a5:4d:e2:fa:3e:e7:33:f3:bb:f6:5a:0e:91:e9:b4:8a:75:80 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 2 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:16:8c:a1:af:8d:dd:0d:3a:6c:d7:a5:5d:70: + 64:e2:d2:15:be:7b:cb:ea:db:57:17:af:d8:f1:2c: + b6:e2:17:ae:11:2d:33:04:e5:ee:44:5c:2c:62:05: + ff:19:9e:0d:27:e3:21:c6:2b:3c:7e:db:56:5b:de: + 23:a5:26:e1:99:67:d4:4f:6a:3c:9a:85:5b:10:b7: + da:21:99:ba:c6:ea:a1:74:cb:b7:ca:d9:cc:c3:9e: + e7:eb:dd:d2:1e:f0:75:5d:2e:3e:0b:8b:c0:0d:f5: + 72:17:0f:2b:3a:41:ea:c0:ef:2d:8a:ee:aa:73:cb: + 6c:97:63:30:be:4a:f8:75:58:05:28:05:b2:3d:91: + 91:c9:d4:39:a6:25:a4:88:b9:2e:e6:af:9d:f6:ac: + 9d:4e:46:4b:76:e6:df:d8:aa:3c:6a:6e:5d:d4:67: + fb:61:86:bd:33:44:f0:7f:c2:13:9f:f2:72:85:fe: + 15:b6:51:20:0d:ee:28:e3:33:4d:4a:16:91:81:58: + 6a:a1:17:5e:33:f2:e9:4c:f2:64:9b:f1:d2:8c:8e: + 52:17:cd:26:f8:d1:6f:50:14:98:da:23:56:54:f6: + 62:5b:e6:cf:34:74:d3:40:fc:fd:31:38:5a:fb:0d: + 83:45:4a:7f:2e:fd:93:ef:93:4f:85:12:9e:f2:a3: + 91:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A5:15:6F:A5:45:D1:4A:85:AB:82:EC:DB:97:58:AA:6E:41:D1:44:A7 + X509v3 Authority Key Identifier: + keyid:08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 1a:d1:52:17:ec:4a:e3:2a:db:a7:33:f8:ca:77:89:d7:ed:f8: + 74:44:2f:f7:b0:90:93:8f:02:a3:7f:81:a7:9c:e5:70:9b:cf: + 91:d8:9c:12:62:75:0c:d1:fe:c0:f5:e6:e4:07:89:4f:06:88: + b0:1b:19:e8:e0:0a:22:bc:f0:0f:e8:2c:21:d2:58:0b:99:8f: + f1:32:69:46:e3:6a:02:f3:c9:df:03:f9:5e:2b:af:18:61:35: + b4:05:2a:3e:64:9c:55:5c:d1:26:a1:8e:62:fe:ab:5e:6e:7b: + 47:9f:d2:f3:64:16:9e:a8:72:15:42:0c:33:29:dd:31:68:bf: + 33:db:eb:7e:47:7b:c3:c7:bb:a0:ec:35:75:12:82:ce:28:f5: + 7e:c8:98:b8:60:9f:a6:78:95:9f:16:0a:ba:c4:45:4e:f5:80: + e5:38:bb:07:b5:a5:d5:d3:09:bf:9c:92:c1:0d:d2:fd:13:32: + 92:7a:be:10:07:ff:52:f1:39:89:be:7e:9a:7a:e9:e3:6a:43: + 07:30:a4:19:e7:ac:96:c3:40:2b:3a:7c:d0:06:6d:2d:17:cc: + e9:11:e2:a8:9c:25:83:33:6f:fc:8e:47:63:ad:3e:05:95:f7: + e7:3e:d5:1d:ba:30:08:d5:94:1c:91:40:38:96:f6:29:03:10: + ee:42:ed:92 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDn+lTeL6Pucz87v2Wg6R6bSKdYAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xODAxMDIxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALoWjKGvjd0NOmzXpV1wZOLSFb57y+rbVxev2PEstuIXrhEt +MwTl7kRcLGIF/xmeDSfjIcYrPH7bVlveI6Um4Zln1E9qPJqFWxC32iGZusbqoXTL +t8rZzMOe5+vd0h7wdV0uPguLwA31chcPKzpB6sDvLYruqnPLbJdjML5K+HVYBSgF +sj2RkcnUOaYlpIi5LuavnfasnU5GS3bm39iqPGpuXdRn+2GGvTNE8H/CE5/ycoX+ +FbZRIA3uKOMzTUoWkYFYaqEXXjPy6UzyZJvx0oyOUhfNJvjRb1AUmNojVlT2Ylvm +zzR000D8/TE4WvsNg0VKfy79k++TT4USnvKjkQ0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUpRVvpUXRSoWrguzbl1iqbkHRRKcwHwYDVR0jBBgwFoAUCDyxVrqRP4ByMI9O +hXomLzSJdLUwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAa0VIX7ErjKtunM/jKd4nX7fh0RC/3sJCTjwKj +f4GnnOVwm8+R2JwSYnUM0f7A9ebkB4lPBoiwGxno4AoivPAP6Cwh0lgLmY/xMmlG +42oC88nfA/leK68YYTW0BSo+ZJxVXNEmoY5i/qtebntHn9LzZBaeqHIVQgwzKd0x +aL8z2+t+R3vDx7ug7DV1EoLOKPV+yJi4YJ+meJWfFgq6xEVO9YDlOLsHtaXV0wm/ +nJLBDdL9EzKSer4QB/9S8TmJvn6aeunjakMHMKQZ56yWw0ArOnzQBm0tF8zpEeKo +nCWDM2/8jkdjrT4FlffnPtUdujAI1ZQckUA4lvYpAxDuQu2S +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Intermediate.key b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Intermediate.key new file mode 100644 index 0000000000..15762e3d08 --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuhaMoa+N3Q06bNelXXBk4tIVvnvL6ttXF6/Y8Sy24heuES0z +BOXuRFwsYgX/GZ4NJ+Mhxis8fttWW94jpSbhmWfUT2o8moVbELfaIZm6xuqhdMu3 +ytnMw57n693SHvB1XS4+C4vADfVyFw8rOkHqwO8tiu6qc8tsl2Mwvkr4dVgFKAWy +PZGRydQ5piWkiLku5q+d9qydTkZLdubf2Ko8am5d1Gf7YYa9M0Twf8ITn/Jyhf4V +tlEgDe4o4zNNShaRgVhqoRdeM/LpTPJkm/HSjI5SF80m+NFvUBSY2iNWVPZiW+bP +NHTTQPz9MTha+w2DRUp/Lv2T75NPhRKe8qORDQIDAQABAoIBAQCMU+bXIri7IneV +joUQUmpxtXVaQKbEw4UIwr25GTwMgUjtgQVBQ1cLS+rYPKdjnRFUq+5TL1WeYC7e +dkSxDQIBGhA7luR+reO/VrVysyfrSxJYLiu6F8ZXGmTQNGV4mWIX04BMWqWIoTfY +9cJmW0D5HyRb6aC2U4ffHZirV4PHkECCCNETWR+n5pWW9oOloCqT7pSvWAYJbPLN +5c8Ive4m2hx/V6v/x4j5VQBL5UfrSV2JpoWcjfyMJsxGZPAYJKNVOl9Rf5dBE62j +El4kBDY7ECbx1fre/NS23H2eCGpM3UT+LNIuuyZsOcf38E7YoTd6qvjEm6n7ZoxM +6DXM82WhAoGBAN+2Wvd8CjzirprhFVnToG2RF2lpCCUseWfr5sG8qExc61tQCsFS +oLsQXKh/O6/pZWjj7cxQSvJf+xi64LZ3Gl02+PZ2zbWEw6lAgOI8mNqTbKYrmJX6 +CjCCGVjiIZFq3IkO/VxU5kyK4NSxFKKtKnhZUmk1Gok27LOyg98aBaIlAoGBANTy +ERHkj1G07P7Ie102+wgKZq0ffIZBafMv9DGSq7ujPOL2ojzqSz9KvIMnH4q4efXt +pk7c7sj8LQET3E6OysTql1/BuEiwyRjiUIb3EUQaGvak3fK93+ilxKZ+VYce+FnB +rhmL+IX/8HLQZZL+PoqVQ6Dj0rYluRZU+gNJ6ZrJAoGAF9VPn6ohVRc5TtrH8Yfw +QXwBqIM+EOfKD148eUtmCqyjjljarHnnEcbOeE0FyNnuqdwOi4PKWEQNdjcCla3e +qyueHnPNupboWXG7yV53UmH+Yz2lxeSbjUtu898zgFCIKjnkmB+bYXAyP7aV4jbc +nXG2q+qyZwfo88QC9JPLIdkCgYEArT460PnH98tgPHBSnSWL2aDMo/BH2NoDHoxW ++LXA7akCcgwBNdnPWjCtaW485RjscD3l3ac0xWMUIhpMU8UsBkRs3sS17r2U/Z+x +r/v1mhg684px33jGX3ntoR6K6qExn6RIxhPwHuR4dJBC8vHRY+HH4W84EGRkTlzY +AjDx0rECgYB11T7Bmr9Ie8ms9DrRr9M+caaO80dtKyf95o4VzuriX0b5PzsXpZj1 +81VMEMf9wEDv7bqj2XjV9TIfGmOjtB6zMFPy690p69tDBGMaROkg1/11Yl9Wz9Bz ++jMk1EokjzDwY5+rCHiBe+9uXxAO4opPgrhXPjZYBlo2Fw7dlvN/Bg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Root.key b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Root.key new file mode 100644 index 0000000000..412cb8f272 --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsnrNJskwSJ4vfL1vdmxyisJiIiEM25Wxxgknffo0QSu4FyaP +k/DHiqSlEjSNxXOcYD0ulTCE/HigGT/JUEEPqSAQZCDUxsjKuKbFddNeNtvpSDTX +4nsxEyUON0JwmSAG2QgTajdpJaJPB4l7JBsJdXBBm8QO1jWgmEygk/nOxXFo0dW7 +WOy7IkLd6nX6fggYbzCYJW0+gaRKHlKp3ZMuWqXAWjLWxLJL/q2m4IqFTAClsFhn +UrZxae/xYYWM2fcYwOfmlDmsAe3/Pt4CQHqZlcaoasSwpMsvF7gGu1nWIYDDU5RC +e1u8g5qWw6CwnjG8Y2LLeL/i7D/Ufp1qR3nQcQIDAQABAoIBAHaFyDDGkBLZQU3D ++v4YfGQbO9HQQtqbaQfK0nf9LLBOmRx+lgA3eDtgpOIXFkKWSLU8S+/03YtPi3nY ++xYZbo3wZhIoH0S22LCQxzY8nCcwGJXDyc1z454EEJGvxFhbhVCg5Uu26lN8mqC1 +spnCfqCHYHpRU0z7Jd+dm1FJJf/E+U2pv8W8MbvhK5oQtSXBYqn+46/XZMDebfyj +HwL7g0zg+w85wuJF5fmVi567+lCbyGPaImpTmGE45yiyuFsqi0dQ/lgD88E8wtnJ +ZPGSFNG6Gj8Z3t19d6ItDNHkO5l40sassxUWZUC/bxz0xsO3dAxAkQvrWiQv/5G2 +KFoPV3UCgYEA2tYEMQbJ6thuJ0WQRkhPNOj6GvdGJMR5zR4X6gonRvZz+PupEEIj +kmHzQUS6yyQmTS/aPf0m7Zvss3iXKEPGexvNn6nNo6sc1bU8WBvRm4Km9qjNP0rx +ZonEe01yefNDQ6NNn6tpRypidrpGknhVPORn+ZWP/pb1VmkbVaKM5zMCgYEA0MpH +NiY7N1gsHU+b85IEV+hXtq+5yy4sj0bMPf4xo4soF1S4yRSPszWjoauaBzKQWPB5 +s3+5amaH8ULUcjXni1Wb1zrgkopssYaAL0ONqtMmNkbnbPp2dJ+MAwJe4ML8vW/q +cIVFAGW9CmG9JwVxcWvt9aeD+NRbmvYm0VIrmcsCgYAFB1n9TmyhauvNFzojg1He +o2Pr7ra77Y/m+MQP6r/QT6WGmTHfX8W1fW67lzq7pE8FAw5+0ixs1WJxFVpT4IrV +FWR6QMqq8imtd4a1d54vdqcjj+l3hN9bPds4AiWZS8/F5CDKhIPc0MqGc+1fPEip +J46EG729Wfa1T6EDLMMUJQKBgAsjPzk8QNxq76+Al6kemOy3kDZGmXqlM+tQs4R7 +EtrOiYz1EAZp+mBs9BWjucu4fsq/yT4yCgoK/iV4kyykg32DS5TnpyMqDzJJIn1i +9SOvr9IlZiMCGV+PQ0DF15nVzPWuCquF8HBc/QCYxiZWu/5463C3Rur3KQvTJa70 +2y6RAoGBALEuXmr0Q69YaTxAQQGKIMAidNzib5kbC8iCvDfcSIkgZgZ+HVESsf2C +Y1tIZMqqCLwUESl3LEil6B9O1TCkkMw7V3PYWKE37AVHGVpmjHOjiS32ivCpwdIX +9iCh/W2KliZ/eldCwzXkJhdCyoYaYvQftabGUb8bjNKV20l4mai0 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Target.key b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Target.key new file mode 100644 index 0000000000..f74c13bf39 --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEArUwLhI2Ff8XIUiFYgK/A+/D32/VuTgCHJHypXQAl6Mq2hymY +poZiqNq8nEq3V3r3AZP1fPq6IDy0ewMdZEmk7wV6YZ5dV2MFg+BZtVDLmHJ3JFCu +zki9gK/NBjhYj5NuWmsrUYI3eTF2zv0/P+pBCMEcWdRnIi+XDtjBJseR+zjIneK5 +LdMnLBjQCUGOtCTk3onZxTVBGDawwfD20bx6fn7CQtaoztyPXWsioxv+ZTA8FRg4 +z4mATxrGwro6BgAZo6qre/KSU4wgFGpA33+KQxW5gP+f/knRkJtvGD/CNLaDdShB +/s+SdvJuYO3N5wlnwB5ywyE0Qn4UKaxT2KGyjQIDAQABAoIBADD3adG8g1pFMoMy +dOV3w9nsjrySLubPc2A18U0b+5o5nTW35TA4jKwVknG/EusfDahefGEiH3F4da7E +hIuP25DGRXxL2SgWDLrkq7R17fFXdp7GRX54Q0OXaSE2zp9TEz1tRsIzPyV5eo6m +NDcFI/crSa2APNwGAnLpgDpK7c7EF6Ooh+IRGIG8BxgwreEpdwNP6wMZr/IhRDvV +Zk5xnXNqMRMpxSJrq8BDVsOOoqg1UQFAw+GcvVzpnhran4iQcc0Lp4l22CV01qBm +w9+0b8yWXetMAHVoDHMGr32Yqb88TPUFYTdUSo4TDaIEj/syRMU3X5lwCflgvj/3 +jVDgaYECgYEA2ZhusN+/iPHmw2j1SyqL65katwGJGqu99EbcruhfAmD0J8h2I6lm +cGDQwoeSR0HnwmjNJxF943DjSy1MS7qXdYouIob3SK1+SRNzkNRsKDQj3qCafQOj +s8kk9QtquHNuBFFfeYOzXGEXffIApY3C9HcfmzSEs/1aP4g4KRP9QvECgYEAy+IW +jusp1vqRez7zH4p9yuS7xhJS1IC/wswRSvuWNLiZxp1JJxw3MKe73x0YNtX6PXlI +0GcxJXUxcPXGfAiN6BE6HVUccab7AoiPxm6pjOZaowfZ2HI5Cz1Xa4fW5k+JFN4F +lFpolCtJ16w/qVx6n8BhglwoRhPVEHr/QBRUcV0CgYBiMCO60qx2Wln8Ua9mhMNw +w7zHWf0JOPhVc2h/0MGWrDNghFezDez4xudM8Ko0V2wCURJKD92TtUwLj1w/S+qu +knTxBaAufoNe7FUYxJItriGFg0lTIkJLjXeMz+MPap75edKwXZqhE/rqzTo3enm/ +oMV1XsSHB8siohBdkPSWsQKBgDyx47FMRLphAapFBS+glO4vxc6jadElOvEMuyEt +YHv1cKH19O8VsUBkzsMO8ERy0vo1/v07mx/hkYRlRl9qVIR/jGNrEPqskREiAls6 +WnM9qEHcdne/GUhFTJ8QY2NQzihOKC8P8w4ZDPSNrK4If+DK7rxWHw8tnEI5u38i +DjlpAoGAKkDmAghbddnwzMBCw4tm8fmMP+1RrjtfS2s2Jz1R0yFJhYkEJNvFlD/0 +dKzlT13n7AeTj5M6iztF1XHnOifhLXM94jHKQ30kbnzWjbXC6sBUHAxyYdxR3oTR +CPKmxqtIZeLp87f+CFFp777qfyBbyqVVAHFBjISg8cGsIb0yVUM= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/root.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/root.pem new file mode 100644 index 0000000000..7587dd0d2b --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/root.pem @@ -0,0 +1,93 @@ +[Created by: ./generate-certs.py] + +The root + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:7f:a5:4d:e2:fa:3e:e7:33:f3:bb:f6:5a:0e:91:e9:b4:8a:75:7c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 2 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:7a:cd:26:c9:30:48:9e:2f:7c:bd:6f:76:6c: + 72:8a:c2:62:22:21:0c:db:95:b1:c6:09:27:7d:fa: + 34:41:2b:b8:17:26:8f:93:f0:c7:8a:a4:a5:12:34: + 8d:c5:73:9c:60:3d:2e:95:30:84:fc:78:a0:19:3f: + c9:50:41:0f:a9:20:10:64:20:d4:c6:c8:ca:b8:a6: + c5:75:d3:5e:36:db:e9:48:34:d7:e2:7b:31:13:25: + 0e:37:42:70:99:20:06:d9:08:13:6a:37:69:25:a2: + 4f:07:89:7b:24:1b:09:75:70:41:9b:c4:0e:d6:35: + a0:98:4c:a0:93:f9:ce:c5:71:68:d1:d5:bb:58:ec: + bb:22:42:dd:ea:75:fa:7e:08:18:6f:30:98:25:6d: + 3e:81:a4:4a:1e:52:a9:dd:93:2e:5a:a5:c0:5a:32: + d6:c4:b2:4b:fe:ad:a6:e0:8a:85:4c:00:a5:b0:58: + 67:52:b6:71:69:ef:f1:61:85:8c:d9:f7:18:c0:e7: + e6:94:39:ac:01:ed:ff:3e:de:02:40:7a:99:95:c6: + a8:6a:c4:b0:a4:cb:2f:17:b8:06:bb:59:d6:21:80: + c3:53:94:42:7b:5b:bc:83:9a:96:c3:a0:b0:9e:31: + bc:63:62:cb:78:bf:e2:ec:3f:d4:7e:9d:6a:47:79: + d0:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + X509v3 Authority Key Identifier: + keyid:08:3C:B1:56:BA:91:3F:80:72:30:8F:4E:85:7A:26:2F:34:89:74:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 16:dc:08:df:95:7c:81:dd:02:d0:4b:ac:7b:49:c6:77:da:05: + c4:92:35:2d:a7:e6:b6:e1:9a:6d:42:f8:48:48:e4:2f:05:21: + eb:6f:00:e7:2e:f1:37:da:e3:9a:6d:21:05:61:1e:51:09:6b: + 95:12:1f:e2:45:d4:5d:0e:5a:20:4a:10:0b:bb:42:09:69:38: + 5e:55:ba:07:a1:2c:e6:ac:26:9d:50:d8:f6:e8:5d:ce:dc:96: + 97:8f:89:c4:e1:b9:0f:12:c8:a9:bc:22:d3:aa:ce:a2:0d:c3: + 07:ed:b9:e7:e0:67:2e:6d:7f:89:1d:21:75:4a:68:e2:7c:3d: + aa:6d:53:8c:42:e5:af:07:8f:a5:fc:61:af:08:52:f7:7f:b3: + 59:1f:ca:a8:1c:95:14:76:24:24:86:6c:5e:24:68:76:5c:23: + 80:b7:76:3d:28:a0:f2:88:8c:18:d7:56:06:24:4c:e4:04:0b: + 6e:ce:35:48:6f:dd:51:c6:d6:4e:b5:56:b6:8c:83:75:24:fb: + be:bd:2d:c5:0b:f0:f5:dc:04:62:c6:c5:90:6e:c5:de:1a:58: + a2:bc:9f:2d:f3:7e:6e:74:7d:8b:f1:c7:a0:54:2f:9a:81:cf: + 74:86:41:da:df:8e:8a:b8:f0:de:9c:24:ae:d7:54:ef:aa:81: + 06:0f:1e:f6 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUDn+lTeL6Pucz87v2Wg6R6bSKdXwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xODAxMDIxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCyes0myTBIni98vW92bHKKwmIiIQzblbHGCSd9+jRBK7gXJo+T8MeKpKUS +NI3Fc5xgPS6VMIT8eKAZP8lQQQ+pIBBkINTGyMq4psV101422+lINNfiezETJQ43 +QnCZIAbZCBNqN2klok8HiXskGwl1cEGbxA7WNaCYTKCT+c7FcWjR1btY7LsiQt3q +dfp+CBhvMJglbT6BpEoeUqndky5apcBaMtbEskv+rabgioVMAKWwWGdStnFp7/Fh +hYzZ9xjA5+aUOawB7f8+3gJAepmVxqhqxLCkyy8XuAa7WdYhgMNTlEJ7W7yDmpbD +oLCeMbxjYst4v+LsP9R+nWpHedBxAgMBAAGjgcswgcgwHQYDVR0OBBYEFAg8sVa6 +kT+AcjCPToV6Ji80iXS1MB8GA1UdIwQYMBaAFAg8sVa6kT+AcjCPToV6Ji80iXS1 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAFtwI35V8gd0C0Euse0nGd9oFxJI1LafmtuGabUL4SEjkLwUh +628A5y7xN9rjmm0hBWEeUQlrlRIf4kXUXQ5aIEoQC7tCCWk4XlW6B6Es5qwmnVDY +9uhdztyWl4+JxOG5DxLIqbwi06rOog3DB+255+BnLm1/iR0hdUpo4nw9qm1TjELl +rwePpfxhrwhS93+zWR/KqByVFHYkJIZsXiRodlwjgLd2PSig8oiMGNdWBiRM5AQL +bs41SG/dUcbWTrVWtoyDdST7vr0txQvw9dwEYsbFkG7F3hpYoryfLfN+bnR9i/HH +oFQvmoHPdIZB2t+Oirjw3pwkrtdU76qBBg8e9g== +-----END CERTIFICATE----- diff --git a/pki/testdata/path_builder_unittest/validity_date_prioritization/target.pem b/pki/testdata/path_builder_unittest/validity_date_prioritization/target.pem new file mode 100644 index 0000000000..63f0281d4f --- /dev/null +++ b/pki/testdata/path_builder_unittest/validity_date_prioritization/target.pem @@ -0,0 +1,94 @@ +[Created by: ./generate-certs.py] + +The target + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 54:f0:81:fd:d4:7b:6a:f2:04:73:10:a8:d7:2d:23:d1:af:ac:79:03 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 2 12:00:00 2018 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:4c:0b:84:8d:85:7f:c5:c8:52:21:58:80:af: + c0:fb:f0:f7:db:f5:6e:4e:00:87:24:7c:a9:5d:00: + 25:e8:ca:b6:87:29:98:a6:86:62:a8:da:bc:9c:4a: + b7:57:7a:f7:01:93:f5:7c:fa:ba:20:3c:b4:7b:03: + 1d:64:49:a4:ef:05:7a:61:9e:5d:57:63:05:83:e0: + 59:b5:50:cb:98:72:77:24:50:ae:ce:48:bd:80:af: + cd:06:38:58:8f:93:6e:5a:6b:2b:51:82:37:79:31: + 76:ce:fd:3f:3f:ea:41:08:c1:1c:59:d4:67:22:2f: + 97:0e:d8:c1:26:c7:91:fb:38:c8:9d:e2:b9:2d:d3: + 27:2c:18:d0:09:41:8e:b4:24:e4:de:89:d9:c5:35: + 41:18:36:b0:c1:f0:f6:d1:bc:7a:7e:7e:c2:42:d6: + a8:ce:dc:8f:5d:6b:22:a3:1b:fe:65:30:3c:15:18: + 38:cf:89:80:4f:1a:c6:c2:ba:3a:06:00:19:a3:aa: + ab:7b:f2:92:53:8c:20:14:6a:40:df:7f:8a:43:15: + b9:80:ff:9f:fe:49:d1:90:9b:6f:18:3f:c2:34:b6: + 83:75:28:41:fe:cf:92:76:f2:6e:60:ed:cd:e7:09: + 67:c0:1e:72:c3:21:34:42:7e:14:29:ac:53:d8:a1: + b2:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AC:D9:32:20:3D:CB:6D:E1:C6:10:69:C5:6E:11:B9:F5:95:BF:F6:13 + X509v3 Authority Key Identifier: + keyid:A5:15:6F:A5:45:D1:4A:85:AB:82:EC:DB:97:58:AA:6E:41:D1:44:A7 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 97:a1:11:70:fb:ab:15:a1:6c:67:bf:ff:e1:08:53:f3:c5:9c: + 73:7e:4a:bf:9d:4e:7a:bb:65:73:a8:c4:1f:e9:02:c2:e3:09: + 54:b3:9e:df:45:e0:02:ef:f7:4a:67:e2:f2:ee:39:28:91:b8: + e2:74:88:d7:a4:f8:e9:13:2b:90:73:89:7b:54:09:1b:f0:ac: + fb:4b:7c:a1:3a:d7:f4:2f:4b:7e:2a:c9:f5:4b:8e:fb:77:9e: + 66:0e:59:57:3a:b2:f9:a8:2c:90:b8:af:27:88:b3:6f:3c:ab: + ea:14:a9:ec:2e:54:80:1a:ed:b1:3f:09:54:f1:12:6b:d4:c4: + 23:2e:e5:d2:7d:71:18:d0:b9:ad:02:c4:75:bc:60:50:ae:2f: + 6e:65:ff:1d:21:f0:dd:56:cb:51:15:30:e4:ea:40:ca:9a:e3: + 6d:e9:21:8e:5d:11:ef:e4:9b:72:1a:cf:a0:ff:e3:fc:44:9f: + 34:83:3b:e4:a2:d8:e8:99:a3:8a:8d:ff:75:50:ed:d4:32:b7: + 49:04:61:be:89:52:ed:61:e5:32:88:71:43:72:fc:f7:03:a4: + dc:dc:96:b6:70:bc:00:52:08:8c:a6:e5:fe:12:1d:99:d4:76: + bd:1e:50:bf:07:4f:ca:fd:dd:71:d4:eb:e1:42:d8:84:3c:d5: + 8c:06:f1:e9 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUVPCB/dR7avIEcxCo1y0j0a+seQMwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE4 +MDEwMjEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArUwLhI2Ff8XIUiFYgK/A+/D32/VuTgCHJHypXQAl6Mq2 +hymYpoZiqNq8nEq3V3r3AZP1fPq6IDy0ewMdZEmk7wV6YZ5dV2MFg+BZtVDLmHJ3 +JFCuzki9gK/NBjhYj5NuWmsrUYI3eTF2zv0/P+pBCMEcWdRnIi+XDtjBJseR+zjI +neK5LdMnLBjQCUGOtCTk3onZxTVBGDawwfD20bx6fn7CQtaoztyPXWsioxv+ZTA8 +FRg4z4mATxrGwro6BgAZo6qre/KSU4wgFGpA33+KQxW5gP+f/knRkJtvGD/CNLaD +dShB/s+SdvJuYO3N5wlnwB5ywyE0Qn4UKaxT2KGyjQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBSs2TIgPctt4cYQacVuEbn1lb/2EzAfBgNVHSMEGDAWgBSlFW+lRdFKhauC +7NuXWKpuQdFEpzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAJehEXD7qxWhbGe//+EIU/PFnHN+Sr+dTnq7ZXOoxB/pAsLjCVSznt9F4ALv +90pn4vLuOSiRuOJ0iNek+OkTK5BziXtUCRvwrPtLfKE61/QvS34qyfVLjvt3nmYO +WVc6svmoLJC4ryeIs288q+oUqewuVIAa7bE/CVTxEmvUxCMu5dJ9cRjQua0CxHW8 +YFCuL25l/x0h8N1Wy1EVMOTqQMqa423pIY5dEe/km3Iaz6D/4/xEnzSDO+Si2OiZ +o4qN/3VQ7dQyt0kEYb6JUu1h5TKIcUNy/PcDpNzclrZwvABSCIym5f4SHZnUdr0e +UL8HT8r93XHU6+FC2IQ81YwG8ek= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem b/pki/testdata/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000000..99b3a7a0c8 --- /dev/null +++ b/pki/testdata/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:9f:47:a7:c7:70:ba:de:3c:27:a1:38:8c:be:b4: + 25:fe:9d:68:cd:56:69:96:f3:5c:1b:4a:9e:bd:14: + f2:1c:fd:dd:59:ef:1c:9e:52:8a:55:78:ed:63:e1: + 19:a0:a3:92:bb:30:1a:1e:32:83:06:94:a9:80:e3: + 54:79:2e:79:4b:05:ba:6e:53:b0:e7:17:20:1f:cb: + c3:a4:30:a2:80:e3:9a:ac:8c:80:3f:be:97:24:fd: + ad:bd:98:9e:2b:8e:1b:cf:92:2a:02:25:a5:0f:d8: + 1c:1d:fa:e6:ce:76:75:2c:d1:0c:f1:1c:73:85:1c: + 9a:bb:cb:73:fa:95:bd:98:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4F:B4:7F:BD:2E:4A:D8:3A:50:56:3A:5B:24:8A:28:DB:E3:BD:59:FF + X509v3 Authority Key Identifier: + keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 6e:db:0b:81:ea:0e:a3:bc:55:ba:09:f8:ec:b6:1e:b0:97:d6: + 53:b2:6b:44:b5:4e:d0:84:86:d1:37:5e:f6:24:28:8d:bf:f4: + 03:9e:e2:d2:9f:6d:19:17:97:51:c5:fe:f2:b8:95:67:bb:49: + 4d:d6:6e:0e:6e:9c:40:81:68:c1:44:fb:c3:30:13:e6:91:73: + 6e:09:a7:27:c8:7b:33:68:d4:ed:b2:81:33:21:63:a9:4f:25: + 05:2f:d5:20:d5:58:3c:6a:af:27:59:8e:ab:c7:b9:c9:89:d7: + cb:94:bd:ba:34:0d:e3:0a:68:1c:c2:d0:1d:b4:d0:8b:89:39: + 4b:a4 +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ9Hp8dwut48 +J6E4jL60Jf6daM1WaZbzXBtKnr0U8hz93VnvHJ5SilV47WPhGaCjkrswGh4ygwaU +qYDjVHkueUsFum5TsOcXIB/Lw6QwooDjmqyMgD++lyT9rb2YniuOG8+SKgIlpQ/Y +HB365s52dSzRDPEcc4UcmrvLc/qVvZjjAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAA +MB0GA1UdDgQWBBRPtH+9LkrYOlBWOlskiijb471Z/zAfBgNVHSMEGDAWgBSrkeYr +ycEue6Bl8dSKzgNN9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBu2wuB6g6jvFW6Cfjs +th6wl9ZTsmtEtU7QhIbRN172JCiNv/QDnuLSn20ZF5dRxf7yuJVnu0lN1m4ObpxA +gWjBRPvDMBPmkXNuCacnyHszaNTtsoEzIWOpTyUFL9Ug1Vg8aq8nWY6rx7nJidfL +lL26NA3jCmgcwtAdtNCLiTlLpA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem b/pki/testdata/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000000..7bf1bb9869 --- /dev/null +++ b/pki/testdata/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:e3:7f:ce:bc:d2:a2:33:36:a5:0b:f1:a3:08:f9: + 7d:82:62:0d:ad:f3:63:a7:49:50:ea:7b:eb:24:b6: + 9e:0e:8f:9a:63:87:fd:81:cb:17:65:30:f8:8a:27: + 59:dd:7b:f2:55:dc:1d:f1:ad:c6:33:ae:eb:d7:4e: + 57:47:0c:91:fb:3a:fe:85:13:14:d7:fb:b6:9e:68: + 15:d6:38:0e:3b:9e:51:ed:b9:7c:4d:4a:56:24:46: + 5a:13:f4:df:3a:16:91:b0:70:c4:dc:86:22:a7:f7: + 91:b6:93:35:f4:33:21:7c:eb:f4:90:e4:56:9c:20: + c6:02:6a:93:5d:a2:30:b0:77 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + F1:0B:57:46:80:DA:DF:AE:5F:99:7C:8E:C3:FA:3E:DC:4D:3D:75:6D + X509v3 Authority Key Identifier: + keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 6e:bf:10:0e:c0:2e:0c:7d:b6:4c:ed:e7:72:a4:2c:0d:07:e6: + d1:00:79:17:a0:5e:00:5e:94:54:10:2b:ba:94:b9:8e:f9:a5: + fa:6a:37:86:bd:b4:5b:47:b1:e7:8b:7a:86:2f:68:ad:af:db: + 71:bb:60:21:e4:69:19:72:26:90:61:48:d4:62:bf:e1:c0:45: + 96:29:f8:1c:c7:11:7d:d4:15:90:fb:7e:5f:56:5c:c4:6c:eb: + 3a:0f:82:fd:d4:d1:cc:42:b1:e9:fc:63:d4:ea:fb:52:0e:3d: + 54:a1:34:9a:73:66:f9:e7:3b:ca:6e:16:89:31:2a:ec:84:21: + ca:e8:4b:02:e8:90:d6:e0:1f:d1:4c:3e:1e:e1:d7:0a:1f:dd: + f3:32:b5:7e:c1:97:5c:ce:d7:8b:e1:1e:90:65:76:44:dd:59: + 8c:2b:67:6f:f0:2e:ee:79:f2:69:6a:75:81:03:85:24:de:d7: + 9f:12:28:e7:77:f4:49:cb:3a:9f:ec:3c:12:ac:d3:6c:71:31: + e7:32:4e:1f:94:1e:cc:0f:7a:02:5e:ce:94:c5:a9:e0:96:94: + 50:05:ac:df:3b:57:c5:0d:96:5a:b5:14:43:be:31:60:ef:b6: + ad:ec:a6:75:20:80:8b:8f:14:d9:6c:96:73:ca:05:10:3f:d5: + be:30:ae:37 +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAON/zrzSojM2 +pQvxowj5fYJiDa3zY6dJUOp76yS2ng6PmmOH/YHLF2Uw+IonWd178lXcHfGtxjOu +69dOV0cMkfs6/oUTFNf7tp5oFdY4DjueUe25fE1KViRGWhP03zoWkbBwxNyGIqf3 +kbaTNfQzIXzr9JDkVpwgxgJqk12iMLB3AgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAA +MB0GA1UdDgQWBBTxC1dGgNrfrl+ZfI7D+j7cTT11bTAfBgNVHSMEGDAWgBRcwnF2 +wSaxDDFzyJLTHgESS8xaFDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAbr8QDsAuDH22TO3n +cqQsDQfm0QB5F6BeAF6UVBArupS5jvml+mo3hr20W0ex54t6hi9ora/bcbtgIeRp +GXImkGFI1GK/4cBFlin4HMcRfdQVkPt+X1ZcxGzrOg+C/dTRzEKx6fxj1Or7Ug49 +VKE0mnNm+ec7ym4WiTEq7IQhyuhLAuiQ1uAf0Uw+HuHXCh/d8zK1fsGXXM7Xi+Ee +kGV2RN1ZjCtnb/Au7nnyaWp1gQOFJN7XnxIo53f0Scs6n+w8EqzTbHEx5zJOH5Qe +zA96Al7OlMWp4JaUUAWs3ztXxQ2WWrUUQ74xYO+2reymdSCAi48U2WyWc8oFED/V +vjCuNw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem b/pki/testdata/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000000..17c5f65826 --- /dev/null +++ b/pki/testdata/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:df:d6:fb:c9:3c:e5:fd:2a:2a:4c:dd:75:6e:22: + c9:12:91:d5:b9:c2:a8:bd:7e:5c:97:90:3f:73:e9: + 9b:a6:96:91:83:4f:8e:09:5f:b0:ab:13:06:1c:c5: + 60:f9:1e:fc:c7:e2:69:02:ae:6e:7a:2a:50:3b:26: + 06:2b:40:91:16:a5:e0:e0:b1:aa:60:54:8c:25:69: + 58:54:d6:b4:8c:0b:43:41:b0:ca:2f:71:6d:f1:0c: + 03:8c:84:b0:aa:1c:ac:94:c0:e9:ca:0d:a8:18:9c: + e8:fa:84:f1:1a:67:e8:63:ae:d8:7f:06:94:17:11: + 29:41:62:a2:a5:0c:d0:0c:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 02:4E:E8:A0:0B:C1:19:46:8E:1E:C9:9B:D8:AD:92:42:13:62:A3:AF + X509v3 Authority Key Identifier: + keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 65:e4:d9:6c:3e:76:68:02:02:8e:88:2c:de:36:11:d3:e0:b6: + 3a:6d:43:a1:d4:97:21:ad:7a:fa:b5:dd:a6:05:39:61:b3:04: + c2:3c:ea:4a:fb:4e:a2:c5:46:f8:a0:fd:d9:4e:c0:fa:dd:87: + c3:f8:dc:84:51:a8:72:61:bc:62:35:97:92:84:d1:54:c5:8b: + 9a:e9:5e:72:4c:2c:23:03:ab:c3:32:b4:a2:39:31:d1:4f:67: + f4:9e:7d:2f:d9:23 +-----BEGIN CERTIFICATE----- +MIICXTCCAeegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg +cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy +MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA39b7yTzl/Soq +TN11biLJEpHVucKovX5cl5A/c+mbppaRg0+OCV+wqxMGHMVg+R78x+JpAq5ueipQ +OyYGK0CRFqXg4LGqYFSMJWlYVNa0jAtDQbDKL3Ft8QwDjISwqhyslMDpyg2oGJzo ++oTxGmfoY67YfwaUFxEpQWKipQzQDG0CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFAJO6KALwRlGjh7Jm9itkkITYqOvMB8GA1UdIwQYMBaAFJ7jp4Ow +WW+Rn8fVNGFKGrNmx0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP +BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA2EAZeTZbD52aAICjogs3jYR +0+C2Om1DodSXIa16+rXdpgU5YbMEwjzqSvtOosVG+KD92U7A+t2Hw/jchFGocmG8 +YjWXkoTRVMWLmuleckwsIwOrwzK0ojkx0U9n9J59L9kj +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/pki/testdata/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000000..45f0faa5cf --- /dev/null +++ b/pki/testdata/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d0:22:14:bb:ad:90:dc:97:5c:0a:7e:a0:43:58: + 30:59:7b:41:33:a9:48:e4:06:c9:dd:5b:0c:3b:4a: + 2f:75:4a:5d:5b:44:b5:24:e7:ec:36:99:98:e0:56: + d2:9d:3f:d4:36:29:2f:87:27:05:3d:73:b9:9d:97: + 4c:39:79:3e:95:31:bc:e0:12:f3:26:ca:c7:33:86: + 27:a9:5f:b1:a2:66:25:3c:61:95:0c:8b:c8:03:b0: + 6a:62:bd:55:f8:07:d0:84:16:75:eb:71:ea:bd:b7: + 56:b9:14:e0:f2:41:72:92:72:36:4b:7c:23:d4:b5: + 99:85:cc:34:b8:19:69:1c:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 44:AD:EF:D9:05:03:83:91:FE:A0:F3:3F:1E:C2:CE:ED:99:FD:78:75 + X509v3 Authority Key Identifier: + keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:56:76:a2:15:cf:3a:d3:54:7c:1b:7d:05:85:ea: + 58:2a:91:02:64:52:63:67:44:c2:ea:b3:74:02:c7:29:1c:ed: + 02:20:77:82:bf:d2:78:24:dc:a3:5a:77:be:5b:05:44:d2:6d: + f9:d4:78:ac:38:d9:69:8a:90:2c:f2:8f:41:d9:62:ad +-----BEGIN CERTIFICATE----- +MIICRjCCAe2gAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1 +NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX +DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ +BgNVBAMMCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0CIU +u62Q3JdcCn6gQ1gwWXtBM6lI5AbJ3VsMO0ovdUpdW0S1JOfsNpmY4FbSnT/UNikv +hycFPXO5nZdMOXk+lTG84BLzJsrHM4YnqV+xomYlPGGVDIvIA7BqYr1V+AfQhBZ1 +63HqvbdWuRTg8kFyknI2S3wj1LWZhcw0uBlpHGkCAwEAAaOBgDB+MAwGA1UdEwEB +/wQCMAAwHQYDVR0OBBYEFESt79kFA4OR/qDzPx7Czu2Z/Xh1MB8GA1UdIwQYMBaA +FA1rttfdf81OrQZrIuERCFgQqxYqMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFZ2ohXPOtNU +fBt9BYXqWCqRAmRSY2dEwuqzdALHKRztAiB3gr/SeCTco1p3vlsFRNJt+dR4rDjZ +aYqQLPKPQdlirQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/1024-rsa-intermediate.pem b/pki/testdata/ssl/certificates/1024-rsa-intermediate.pem new file mode 100644 index 0000000000..d84308ed0a --- /dev/null +++ b/pki/testdata/ssl/certificates/1024-rsa-intermediate.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: CN=1024 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cf:5f:2c:84:5d:36:f4:64:c4:92:14:fd:35:63: + e9:92:ff:93:bd:0d:18:5f:b3:1d:8c:2f:28:8f:f3: + 2f:8f:a1:4c:f1:1c:e4:15:66:3e:79:e7:aa:39:a0: + 46:32:4b:69:67:6b:cb:72:aa:90:e3:d0:d1:36:55: + c6:b5:49:39:7c:d2:16:97:8b:f2:6c:1b:83:ea:f3: + e2:18:6a:06:9f:49:4f:72:fd:4a:b8:42:c5:aa:0a: + 0d:2c:5c:74:97:d7:ee:4d:fc:3c:bf:1d:3f:ab:16: + 23:7a:28:32:b8:5d:c8:29:72:55:d5:ea:f1:52:37: + f1:9c:a7:6c:f4:6f:3b:79:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 10:3b:22:dc:6a:83:3f:41:ba:27:2c:2a:ba:71:6b:9f:a5:db: + ad:5b:4f:e9:fc:27:c3:e7:76:8f:8a:39:c6:37:a0:15:c4:d4: + df:97:d5:af:61:4d:ea:82:59:da:83:a9:5d:7c:91:36:13:c0: + 6c:a8:b0:be:03:35:ef:2b:28:d3:40:fb:03:ba:f5:ff:d2:40: + 64:5d:b6:5d:30:a7:fa:3c:58:60:3f:64:96:bf:8a:b4:a8:06: + 06:e2:3f:86:0e:ea:d7:de:18:64:72:8e:c1:62:1f:a3:d0:fb: + c5:19:9b:62:0d:ae:61:36:7d:46:15:01:98:00:b2:c7:25:51: + 4d:f5:86:eb:a7:4b:15:4f:16:d2:04:f9:c4:b6:33:7a:9c:1d: + 77:a4:88:72:8d:9b:84:24:e6:9e:d7:e9:56:3e:23:39:74:6d: + cd:90:2f:d7:83:0d:87:c4:a6:5b:71:bc:bc:a2:55:9d:2d:a9: + 3b:05:ab:ac:82:fb:b9:8c:7d:97:24:97:aa:d9:9f:f9:25:ba: + 4e:90:1f:66:0f:cd:7e:8b:ea:df:73:83:9e:f6:cc:fc:03:47: + fc:43:cf:d6:a1:51:4e:dd:eb:c4:38:ca:22:b5:b8:75:0f:6d: + 88:9e:03:e3:5e:7f:85:8a:b4:e2:05:43:06:09:10:1e:24:93: + ae:e6:10:ac +-----BEGIN CERTIFICATE----- +MIICgTCCAWmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx +WjAoMSYwJAYDVQQDDB0xMDI0IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz18shF029GTEkhT9NWPpkv+TvQ0YX7Md +jC8oj/Mvj6FM8RzkFWY+eeeqOaBGMktpZ2vLcqqQ49DRNlXGtUk5fNIWl4vybBuD +6vPiGGoGn0lPcv1KuELFqgoNLFx0l9fuTfw8vx0/qxYjeigyuF3IKXJV1erxUjfx +nKds9G87eWkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUq5Hm +K8nBLnugZfHUis4DTfR6GBMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA +A4IBAQAQOyLcaoM/QbonLCq6cWufpdutW0/p/CfD53aPijnGN6AVxNTfl9WvYU3q +glnag6ldfJE2E8BsqLC+AzXvKyjTQPsDuvX/0kBkXbZdMKf6PFhgP2SWv4q0qAYG +4j+GDurX3hhkco7BYh+j0PvFGZtiDa5hNn1GFQGYALLHJVFN9Ybrp0sVTxbSBPnE +tjN6nB13pIhyjZuEJOae1+lWPiM5dG3NkC/Xgw2HxKZbcby8olWdLak7Bausgvu5 +jH2XJJeq2Z/5JbpOkB9mD81+i+rfc4Oe9sz8A0f8Q8/WoVFO3evEOMoitbh1D22I +ngPjXn+FirTiBUMGCRAeJJOu5hCs +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/10_year_validity.pem b/pki/testdata/ssl/certificates/10_year_validity.pem new file mode 100644 index 0000000000..c69664d6bd --- /dev/null +++ b/pki/testdata/ssl/certificates/10_year_validity.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:6f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 30 00:00:00 2008 GMT + Not After : Oct 29 00:00:00 2018 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:ea:65:cb:12:00:be:84:08:b3:8e:d0:cc:b0: + 6c:cb:d7:22:2b:f8:f6:7c:e2:17:c9:fd:75:7b:52: + ce:57:24:36:2f:04:37:11:4a:9e:a0:f3:93:a9:5d: + 5e:40:23:97:c1:d0:50:10:c7:7d:c6:3d:9e:e2:96: + fb:63:ee:66:91:f1:df:6c:5e:ec:9d:22:5c:76:34: + 83:ed:ff:cc:f0:96:19:78:07:d2:e0:91:50:97:1e: + e7:af:94:19:3b:d8:00:d7:22:31:46:37:b2:56:19: + 6e:31:48:ef:f8:d7:ae:d2:0c:50:22:6f:7d:ea:a7: + cc:a1:ff:40:6e:60:91:1f:88:c8:a3:b3:a3:a1:08: + 67:7e:7e:c4:77:75:46:90:e9:d1:3b:2c:ed:cd:a9: + da:ff:8a:1e:ca:e4:ae:62:f2:a3:6b:e3:d8:50:4d: + 45:d7:fa:d0:93:9d:21:3d:7f:ea:c8:ef:ab:d8:2a: + 77:f1:84:98:2b:39:41:6c:72:4e:4f:0d:92:99:81: + fc:80:4b:94:79:61:69:7c:cf:96:fc:e6:fa:53:d5: + 9e:60:3f:51:d4:2b:52:1c:02:19:80:ae:a5:fb:2f: + 02:06:f2:70:95:d8:c6:4a:38:c8:78:4a:6e:a0:07: + cd:31:3b:8d:e0:1f:60:aa:c9:70:57:93:d2:4b:d4: + e8:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 9E:E1:B0:0F:6C:05:2E:6C:E6:37:0E:C9:A4:40:73:64:D5:E5:F6:13 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + ad:41:57:17:1a:be:16:cd:fd:74:01:b2:f1:f6:8c:5f:ee:7f: + e8:a0:fc:33:d5:9e:c0:40:5d:56:79:90:1f:a4:3f:56:2c:79: + 16:b8:9f:9a:17:77:9e:02:06:8c:d3:3e:fc:2e:0e:8c:13:f9: + 6c:d4:cc:1a:24:dc:04:b5:1a:45:57:c3:cf:13:04:97:51:fc: + 9b:ae:54:76:e6:24:c9:52:17:e9:24:36:ca:5f:7e:4d:13:f4: + 14:f3:09:6b:ef:59:2f:9d:94:43:50:64:81:b0:ab:52:60:f5: + 22:a9:2e:cf:a1:07:9b:52:e9:79:61:04:0d:2a:3f:5b:cb:32: + 32:b9:ce:00:74:b1:8a:85:b2:2d:99:42:45:d8:e5:2a:e3:d9: + 21:ff:26:5d:74:7d:f2:af:ae:28:02:0e:7a:36:70:5d:57:12: + 71:1c:12:b7:5f:27:ce:df:0a:db:51:fb:ce:fb:1c:41:8f:52: + 6d:e1:b9:69:a1:b9:7e:69:2a:85:1a:68:85:99:58:ec:ee:fd: + 2a:55:62:2a:38:06:fa:20:3c:e5:28:9c:b9:d6:93:fd:48:b2: + 15:24:e7:3e:84:7e:08:eb:1c:e8:47:cb:f7:e8:cc:7a:ed:79: + 0a:9c:6c:14:43:7f:92:56:bf:ed:b7:bd:89:bc:85:be:db:89: + ca:38:91:7b +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwm8wDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0wODEwMzAwMDAwMDBaFw0xODEwMjkwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB6mXLEgC+hAizjtDMsGzL1yIr+PZ84hfJ +/XV7Us5XJDYvBDcRSp6g85OpXV5AI5fB0FAQx33GPZ7ilvtj7maR8d9sXuydIlx2 +NIPt/8zwlhl4B9LgkVCXHuevlBk72ADXIjFGN7JWGW4xSO/4167SDFAib33qp8yh +/0BuYJEfiMijs6OhCGd+fsR3dUaQ6dE7LO3Nqdr/ih7K5K5i8qNr49hQTUXX+tCT +nSE9f+rI76vYKnfxhJgrOUFsck5PDZKZgfyAS5R5YWl8z5b85vpT1Z5gP1HUK1Ic +AhmArqX7LwIG8nCV2MZKOMh4Sm6gB80xO43gH2CqyXBXk9JL1Og7AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSe4bAPbAUubOY3DsmkQHNk1eX2EzAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEArUFXFxq+Fs39dAGy8faMX+5/6KD8M9WewEBdVnmQH6Q/Vix5Frifmhd3ngIG +jNM+/C4OjBP5bNTMGiTcBLUaRVfDzxMEl1H8m65UduYkyVIX6SQ2yl9+TRP0FPMJ +a+9ZL52UQ1BkgbCrUmD1Iqkuz6EHm1LpeWEEDSo/W8syMrnOAHSxioWyLZlCRdjl +KuPZIf8mXXR98q+uKAIOejZwXVcScRwSt18nzt8K21H7zvscQY9SbeG5aaG5fmkq +hRpohZlY7O79KlViKjgG+iA85SicudaT/UiyFSTnPoR+COsc6EfL9+jMeu15Cpxs +FEN/kla/7be9ibyFvtuJyjiRew== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/11_year_validity.pem b/pki/testdata/ssl/certificates/11_year_validity.pem new file mode 100644 index 0000000000..837af75874 --- /dev/null +++ b/pki/testdata/ssl/certificates/11_year_validity.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:70 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 30 00:00:00 2014 GMT + Not After : Oct 30 00:00:00 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9f:1f:36:a1:2e:5f:5a:92:b2:a7:41:8e:72:0f: + e5:c3:aa:1c:80:cf:b9:81:fc:e5:be:d5:80:9b:ee: + ae:c5:dc:69:d4:e4:e9:89:0a:1d:7a:f1:88:05:94: + 56:f6:03:b7:8a:5d:6b:77:0b:23:53:0d:a0:0f:ba: + 22:ee:70:9e:7e:f7:fb:76:27:94:9f:e6:13:c1:49: + bf:08:f1:5c:78:39:d0:22:33:00:f7:9c:55:58:d3: + e6:4d:8f:2b:90:26:f6:24:3f:40:8e:ee:04:01:64: + 36:8b:63:3e:51:99:f2:bd:6e:8a:cb:77:9f:e5:e8: + 25:46:ea:13:9c:3e:da:57:79:c1:fe:14:19:68:d2: + 20:72:56:30:1b:f7:11:be:5f:0c:ce:5f:25:e3:28: + 1d:bd:1d:50:5a:87:5f:f2:6d:e9:d6:76:0a:51:1c: + ed:29:c0:a3:39:42:fa:cb:77:f0:f2:03:07:d1:a6: + 52:fe:63:42:d4:a5:b5:53:fa:e2:88:85:9a:3f:58: + 5b:cf:5e:09:be:c4:08:72:5c:01:0c:ef:57:9f:a6: + b1:46:a0:52:43:ec:3c:4d:30:2c:64:37:07:4d:2b: + 4e:d0:0c:d8:30:e4:88:cf:11:63:9e:3b:17:3b:67: + be:22:99:36:d6:8e:96:84:ed:1d:8c:45:40:8f:63: + 91:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 1C:D3:60:F9:10:20:E7:CD:03:D7:36:7B:EC:A5:7B:4D:CB:C4:F2:1A + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7c:16:35:6d:b3:80:02:dc:0f:c8:28:bb:44:52:8c:0b:9b:5c: + c6:36:8b:ce:f9:de:ab:99:ca:f6:b1:d6:f5:b6:ef:af:b9:40: + 9c:ee:fb:98:d4:17:e2:18:15:5f:39:8f:e9:02:d5:5d:f6:c4: + cb:bd:03:cb:54:3f:77:64:d8:fb:d4:60:b1:b9:9a:7d:b9:a0: + 1b:22:5f:2d:46:fa:f7:93:96:7e:13:ae:89:b1:68:c2:a5:e6: + 82:1f:af:08:67:36:d9:38:46:ef:33:3f:78:11:43:3b:04:9e: + 9a:68:97:a3:dd:29:73:6c:60:28:9d:d5:1a:ca:e3:20:39:b3: + eb:aa:ff:09:9d:7b:bc:18:a9:97:e1:58:7f:6b:1c:3b:50:8e: + 4d:9c:25:8b:b0:26:34:5f:69:8b:04:56:7c:4d:d9:53:31:ea: + c3:a2:30:20:4c:2a:8c:2f:f8:5b:b6:c2:3a:4f:b6:54:d7:6d: + e5:21:f6:81:59:1b:f4:4d:82:30:c9:a4:ce:fe:c8:97:d0:fe: + 48:c1:2d:89:96:96:23:e5:37:83:01:40:24:6d:7c:ab:29:9e: + 75:e8:ba:c0:c6:4b:1d:85:06:87:83:cd:3b:ae:c8:c3:b3:a6: + a8:77:54:b4:fb:32:42:22:b0:1d:08:ae:ba:a0:82:6a:56:db: + 4c:fd:05:ba +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnAwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNDEwMzAwMDAwMDBaFw0yNTEwMzAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfHzahLl9akrKnQY5yD+XDqhyAz7mB/OW+ +1YCb7q7F3GnU5OmJCh168YgFlFb2A7eKXWt3CyNTDaAPuiLucJ5+9/t2J5Sf5hPB +Sb8I8Vx4OdAiMwD3nFVY0+ZNjyuQJvYkP0CO7gQBZDaLYz5RmfK9borLd5/l6CVG +6hOcPtpXecH+FBlo0iByVjAb9xG+XwzOXyXjKB29HVBah1/ybenWdgpRHO0pwKM5 +QvrLd/DyAwfRplL+Y0LUpbVT+uKIhZo/WFvPXgm+xAhyXAEM71efprFGoFJD7DxN +MCxkNwdNK07QDNgw5IjPEWOeOxc7Z74imTbWjpaE7R2MRUCPY5EVAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQc02D5ECDnzQPXNnvspXtNy8TyGjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAfBY1bbOAAtwPyCi7RFKMC5tcxjaLzvneq5nK9rHW9bbvr7lAnO77mNQX4hgV +XzmP6QLVXfbEy70Dy1Q/d2TY+9RgsbmafbmgGyJfLUb695OWfhOuibFowqXmgh+v +CGc22ThG7zM/eBFDOwSemmiXo90pc2xgKJ3VGsrjIDmz66r/CZ17vBipl+FYf2sc +O1COTZwli7AmNF9piwRWfE3ZUzHqw6IwIEwqjC/4W7bCOk+2VNdt5SH2gVkb9E2C +MMmkzv7Il9D+SMEtiZaWI+U3gwFAJG18qymedei6wMZLHYUGh4PNO67Iw7OmqHdU +tPsyQiKwHQiuuqCCalbbTP0Fug== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2029_globalsign_com_cert.pem b/pki/testdata/ssl/certificates/2029_globalsign_com_cert.pem new file mode 100644 index 0000000000..cd0d988238 --- /dev/null +++ b/pki/testdata/ssl/certificates/2029_globalsign_com_cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFTjCCBDagAwIBAgILAQAAAAABJbCbWRgwDQYJKoZIhvcNAQELBQAwcDEmMCQG +A1UECxMdRXh0ZW5kZWQgVmFsaWRhdGlvbiBTSEEyNTYgQ0ExEzARBgNVBAoTCkds +b2JhbFNpZ24xMTAvBgNVBAMTKEdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlv +biBTSEEyNTYgQ0EwHhcNMDkxMjIxMDkwNTA4WhcNMTExMjIxMDkwNTA4WjCB4TEb +MBkGA1UEDxMSVjEuMCwgQ2xhdXNlIDUuKGIpMRcwFQYDVQQFEw4wMTEwLTAxLTA0 +MDE4MTETMBEGCysGAQQBgjc8AgEDEwJKUDELMAkGA1UEBhMCSlAxDjAMBgNVBAgT +BVRPS1lPMRAwDgYDVQQHEwdTaGlidXlhMRkwFwYDVQQJExAyMC0xIHNha3VyYWdh +b2thMRIwEAYDVQQLEwlUZWNobmljYWwxGDAWBgNVBAoTD0dsb2JhbFNpZ24gSy5L +LjEcMBoGA1UEAxMTMjAyOS5nbG9iYWxzaWduLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAK1O+qRY8VTYBzAU+RkWEli4/0uTMtYJmR138O7iOrog +3rRPfAZouTz9zZf8aKCp2S1VAHufuxzn1GhQRdlI6fnyDEjJoUpDo4mJbJFUghLt +bwnFIsScSHdqaTKx0N99xRR9SJbEshfeIszBWTdLsUdBDzj64YiBg9qJMfPynPGC +dbbf4crM/28jXaiaB/AJ8lv1AAstW8bps+y6ZHrZqG9i3llfetpe+4Dg9XqUQAD4 +0OBNIn8fD2CXk916wiN2JfnZjSOStTKSsy5zXlx5mgMFkSMtOkqbJDgbjcYmajA2 +YDnzlSbz9oYL4jv/NZ+A2aJzoqbP7tef88P/cN+/XXECAwEAAaOCAXUwggFxMB0G +A1UdDgQWBBRZvNlp97Blu8g0xdLC7xd4pkceizAfBgNVHSMEGDAWgBSK/BQbPaNZ +Z6U74XOSpmKRf+R4MDBUBggrBgEFBQcBAQRIMEYwRAYIKwYBBQUHMAKGOGh0dHA6 +Ly9zZWN1cmUuZ2xvYmFsc2lnbi5uZXQvY2FjZXJ0L1NIQTI1NmV4dGVuZHZhbDEu +Y3J0MD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQv +U0hBMjU2RXh0ZW5kVmFsMS5jcmwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBPAw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwQAYJKwYB +BAGgMgEBMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv +cmVwb3NpdG9yeS8wEQYJYIZIAYb4QgEBBAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IB +AQBCfnYnxZkYxp3amwmrrCAwac5SYVK4bDwxKtAHa9NbOGV6jAXFNIknttAuwy9I +w7h4E5HHnZeDVZpWQ1ncmMqkMPfYruThLGx8GOMThigkMHOZLPx+WmB4alDKj9Ra +SOISmiIHMfw7RKPZuL3dttzr477DVukILeUjfKeQ9dlQwAyeMNH840jrOmyVl54R +nfFnOL7O46NqJBrC0cNp5bdyzVJ77qZ29r7e3+uJ61OeCzovImyPrgGDy96rhxaB +ZjdXGKH2nlFQ3SpsH5QMVr8kn8a1etoIGexJ8L7FdSu3ywvyjaIPOANI/Y0gTlax +vIkF1Dc5EejvaEMyVwrVTbzJ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem b/pki/testdata/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000000..1627541e3a --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,73 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d6:a4:94:54:db:41:d7:ce:11:35:61:ec:32:eb: + 6b:d7:17:92:f3:30:4c:43:67:f6:d1:7a:06:6c:7c: + 15:79:35:78:38:ac:5e:4d:87:b7:34:cb:99:f8:4f: + 15:f9:68:38:48:de:2e:dc:1e:67:82:f9:b6:f2:82: + bc:13:68:8f:14:fa:11:45:db:f6:fb:43:14:59:c3: + 16:e2:df:02:8a:a0:d3:9c:52:05:ff:1c:d1:2a:ab: + e2:bd:a3:f6:6b:1c:cd:e1:2c:97:7b:7c:d1:21:7e: + f1:0b:1c:39:4d:2f:63:fc:ae:f3:4a:8a:a1:04:67: + 9b:3c:bd:2d:4d:05:41:d9:16:6f:54:21:56:4c:d3: + 57:70:8b:4f:ad:68:96:f2:cb:84:81:c5:b1:e9:91: + 5d:22:64:d7:1c:37:b9:f7:ee:52:66:3a:51:5f:80: + e1:22:74:04:3f:6a:8b:c4:e5:be:f0:4e:26:96:44: + e9:e8:62:3a:86:4b:60:b7:31:a6:85:11:b8:6d:e6: + 14:3f:1e:ac:6c:7a:2a:64:12:e0:39:64:e3:c8:73: + 4b:9b:3d:a3:11:71:8b:c0:9d:2e:43:f2:6b:1f:4c: + 51:fb:8d:e7:25:a3:7b:9b:cb:4d:25:9b:d6:b3:44: + 36:1c:85:9a:d0:7b:82:73:a5:12:03:1c:0a:0c:72: + 5e:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 36:3E:3F:89:C5:E9:92:06:AE:84:D9:26:55:01:41:CC:51:2F:AF:D2 + X509v3 Authority Key Identifier: + keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 1f:19:60:43:08:f6:5f:a8:4a:b3:22:3f:5a:b7:d9:50:e9:18: + 3e:3e:f4:a4:84:43:63:61:92:8d:47:c4:6b:6b:a8:2e:c7:72: + e8:9b:35:5f:28:88:02:23:ff:e3:69:3e:c7:e4:b5:f8:e2:fd: + 8e:c4:2c:79:c3:d2:51:d6:83:75:d0:85:29:5a:68:0f:32:3d: + be:bb:06:9b:8b:ab:2a:61:44:f3:da:65:4c:ba:0d:c7:fa:52: + 7d:5b:70:44:b6:e4:84:78:bd:9f:ae:25:d3:b9:1f:4f:86:4d: + 74:2d:cf:1d:80:dc:7b:c1:a1:91:d7:1e:1a:a5:01:59:e3:2a: + 35:8a +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWpJRU +20HXzhE1Yewy62vXF5LzMExDZ/bRegZsfBV5NXg4rF5Nh7c0y5n4TxX5aDhI3i7c +HmeC+bbygrwTaI8U+hFF2/b7QxRZwxbi3wKKoNOcUgX/HNEqq+K9o/ZrHM3hLJd7 +fNEhfvELHDlNL2P8rvNKiqEEZ5s8vS1NBUHZFm9UIVZM01dwi0+taJbyy4SBxbHp +kV0iZNccN7n37lJmOlFfgOEidAQ/aovE5b7wTiaWROnoYjqGS2C3MaaFEbht5hQ/ +HqxseipkEuA5ZOPIc0ubPaMRcYvAnS5D8msfTFH7jeclo3uby00lm9azRDYchZrQ +e4JzpRIDHAoMcl7jAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ2 +Pj+JxemSBq6E2SZVAUHMUS+v0jAfBgNVHSMEGDAWgBSrkeYrycEue6Bl8dSKzgNN +9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocE +fwAAATANBgkqhkiG9w0BAQsFAAOBgQAfGWBDCPZfqEqzIj9at9lQ6Rg+PvSkhENj +YZKNR8Rra6gux3LomzVfKIgCI//jaT7H5LX44v2OxCx5w9JR1oN10IUpWmgPMj2+ +uwabi6sqYUTz2mVMug3H+lJ9W3BEtuSEeL2friXTuR9Phk10Lc8dgNx7waGR1x4a +pQFZ4yo1ig== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem b/pki/testdata/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000000..6a59709c77 --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:72:22:05:11:c8:e7:3b:0d:1a:c2:7d:ce:14: + 07:8f:89:df:ea:29:77:b5:55:dc:eb:69:23:46:81: + fc:9f:8f:8b:ad:a1:f8:3b:a2:55:1e:d8:8d:ef:81: + fd:5d:ae:2e:9c:bb:69:e4:78:80:4a:9b:52:83:e7: + 4c:d0:32:f2:13:c8:ca:bc:71:4b:46:75:a7:b1:a1: + aa:f3:0e:1c:06:3a:27:0e:2e:3c:43:7d:38:e7:4f: + 03:bf:2b:a1:e3:60:31:bc:ff:31:88:d7:dc:83:8d: + e7:3d:18:5e:b1:10:7f:fe:43:b6:83:c6:c4:3a:56: + d0:f4:26:86:17:47:99:a0:4f:85:05:4e:5c:a5:66: + 42:4c:14:28:57:ff:d3:04:d9:2b:88:aa:5a:05:99: + 90:e7:50:af:4f:92:00:36:34:47:85:d0:82:63:80: + 2e:1a:bf:c4:9f:6b:23:3b:b4:2b:23:7f:bf:09:31: + da:23:06:0c:ab:73:e1:8d:38:a7:64:0d:1c:ef:18: + ed:33:3b:8c:48:e7:ef:67:3d:08:cc:66:27:80:1c: + 67:12:a2:a0:ec:fa:3f:84:d7:9b:60:73:fe:cb:6d: + 73:c6:fc:f7:4c:75:50:3e:d9:9a:c4:9a:41:c5:af: + c9:1c:d3:a1:b6:02:1f:61:cf:59:21:de:bb:92:3b: + dc:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 22:2C:2F:EC:CC:84:35:E7:25:3D:64:7C:7D:31:75:BD:B5:B1:B3:2A + X509v3 Authority Key Identifier: + keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + b3:02:f9:ad:d2:ce:96:da:ae:ab:a5:f7:08:0f:c1:53:78:6a: + da:c1:2c:5b:97:df:ce:59:cb:98:a6:5a:a9:24:02:58:b8:c1: + a5:72:a6:e5:8e:25:2b:9b:09:c6:97:f8:2b:ed:1f:70:e5:e2: + 7b:f7:8d:42:0b:cb:8d:1b:d7:85:7c:ec:14:ac:27:6a:69:7c: + d7:e0:4c:af:8f:1a:47:0b:e1:fb:34:8c:dc:09:30:a6:ff:01: + 92:43:51:71:e2:a7:3b:55:ff:55:a3:a7:df:28:ef:d7:86:36: + e1:8d:c9:5e:69:e7:54:85:9c:09:cc:c6:66:64:b4:41:e9:1d: + 2d:7c:f2:91:dc:16:1b:f8:e6:b5:8d:14:1c:be:89:6f:da:85: + b0:fd:15:d5:a1:d4:21:1d:0f:b5:7e:91:84:68:ab:4d:ff:90: + b1:f0:ca:dc:6c:41:a7:f6:7d:3e:f5:e8:1f:24:78:ad:79:ce: + 03:69:bd:81:e3:d9:c8:8e:48:93:6a:24:7d:57:46:f4:6d:54: + 69:45:5a:86:8e:91:20:1f:e5:64:0d:f6:f4:b2:d2:df:c8:6d: + 1c:cb:f0:e5:65:b0:3d:cd:56:66:66:ce:d6:0d:5b:09:99:5e: + 34:58:6e:81:c7:fd:55:c8:c1:19:e8:cd:bd:df:74:1d:2a:96: + 5a:d9:27:4d +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ciIF +EcjnOw0awn3OFAePid/qKXe1VdzraSNGgfyfj4utofg7olUe2I3vgf1dri6cu2nk +eIBKm1KD50zQMvITyMq8cUtGdaexoarzDhwGOicOLjxDfTjnTwO/K6HjYDG8/zGI +19yDjec9GF6xEH/+Q7aDxsQ6VtD0JoYXR5mgT4UFTlylZkJMFChX/9ME2SuIqloF +mZDnUK9PkgA2NEeF0IJjgC4av8SfayM7tCsjf78JMdojBgyrc+GNOKdkDRzvGO0z +O4xI5+9nPQjMZieAHGcSoqDs+j+E15tgc/7LbXPG/PdMdVA+2ZrEmkHFr8kc06G2 +Ah9hz1kh3ruSO9yrAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQi +LC/szIQ15yU9ZHx9MXW9tbGzKjAfBgNVHSMEGDAWgBRcwnF2wSaxDDFzyJLTHgES +S8xaFDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocE +fwAAATANBgkqhkiG9w0BAQsFAAOCAQEAswL5rdLOltquq6X3CA/BU3hq2sEsW5ff +zlnLmKZaqSQCWLjBpXKm5Y4lK5sJxpf4K+0fcOXie/eNQgvLjRvXhXzsFKwnaml8 +1+BMr48aRwvh+zSM3Akwpv8BkkNRceKnO1X/VaOn3yjv14Y24Y3JXmnnVIWcCczG +ZmS0QekdLXzykdwWG/jmtY0UHL6Jb9qFsP0V1aHUIR0PtX6RhGirTf+QsfDK3GxB +p/Z9PvXoHyR4rXnOA2m9gePZyI5Ik2okfVdG9G1UaUVaho6RIB/lZA329LLS38ht +HMvw5WWwPc1WZmbO1g1bCZleNFhugcf9VcjBGejNvd90HSqWWtknTQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem b/pki/testdata/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000000..0035d83cc4 --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:3a:68:2e:28:8c:de:30:76:83:38:b6:db:fc: + 25:57:b3:f7:7d:49:63:3d:5a:0f:e4:d7:0a:d7:73: + 62:2c:a7:1e:4b:a3:f6:82:d7:68:b0:77:83:f7:77: + 1d:21:16:cf:86:8a:d3:ee:05:e8:85:0b:63:49:f5: + 72:aa:80:00:43:36:12:6c:c2:31:07:e5:b8:d8:83: + 4b:a7:ff:8a:06:58:c2:00:06:6b:b1:1e:b6:05:ae: + 02:8a:0b:71:5a:37:70:70:10:7a:3a:fe:20:e6:6a: + 24:fc:a5:93:78:fd:1d:26:bc:68:25:4a:19:41:9d: + 33:bb:65:c1:71:aa:b5:0a:cf:44:7a:88:66:2b:98: + d4:30:bd:dc:13:81:fe:c1:6e:04:38:d5:6c:cf:68: + 68:fc:d9:16:0d:7a:4d:4b:df:60:2b:af:87:33:48: + 6a:8a:11:f9:d8:a2:75:a8:d7:96:19:a2:68:3e:70: + 2b:4b:b8:32:a0:f1:6d:91:11:ea:1c:de:43:bb:b6: + 7b:ad:c5:bb:c2:76:9e:c2:39:60:fe:0b:c2:45:51: + 5e:8f:15:10:9f:31:d6:41:18:37:3f:55:99:81:7c: + 2b:49:f9:bd:b2:28:b5:fd:f2:88:11:2f:ba:83:2f: + 44:55:14:94:f7:15:36:4c:c4:57:9f:8e:b9:52:d1: + 28:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 2D:03:2A:82:88:41:B4:78:09:AD:65:4D:E4:95:80:A0:48:F7:06:45 + X509v3 Authority Key Identifier: + keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 89:8c:20:d3:4b:32:9a:6b:de:02:e8:73:5d:90:5c:1f:63:80: + 65:7e:08:9e:af:05:b0:41:d3:d9:44:5c:10:c4:4c:c9:93:d0: + ce:55:da:1a:06:30:0a:d3:ff:42:87:2d:83:98:e4:64:68:5b: + 5b:b5:df:2e:4f:1c:b8:7a:85:a9:3e:38:a8:b0:9a:fc:87:ec: + 97:27:43:ff:35:0f:13:9f:84:22:a0:27:a7:d4:9a:df:f6:b5: + b2:76:d3:71:02:f0 +-----BEGIN CERTIFICATE----- +MIIC4TCCAmugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg +cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy +MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALo6aC4o +jN4wdoM4ttv8JVez931JYz1aD+TXCtdzYiynHkuj9oLXaLB3g/d3HSEWz4aK0+4F +6IULY0n1cqqAAEM2EmzCMQfluNiDS6f/igZYwgAGa7EetgWuAooLcVo3cHAQejr+ +IOZqJPylk3j9HSa8aCVKGUGdM7tlwXGqtQrPRHqIZiuY1DC93BOB/sFuBDjVbM9o +aPzZFg16TUvfYCuvhzNIaooR+diidajXlhmiaD5wK0u4MqDxbZER6hzeQ7u2e63F +u8J2nsI5YP4LwkVRXo8VEJ8x1kEYNz9VmYF8K0n5vbIotf3yiBEvuoMvRFUUlPcV +NkzEV5+OuVLRKI8CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC0D +KoKIQbR4Ca1lTeSVgKBI9wZFMB8GA1UdIwQYMBaAFJ7jp4OwWW+Rn8fVNGFKGrNm +x0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/ +AAABMA0GCSqGSIb3DQEBCwUAA2EAiYwg00symmveAuhzXZBcH2OAZX4Inq8FsEHT +2URcEMRMyZPQzlXaGgYwCtP/Qoctg5jkZGhbW7XfLk8cuHqFqT44qLCa/IfslydD +/zUPE5+EIqAnp9Sa3/a1snbTcQLw +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/pki/testdata/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000000..8c9bee9653 --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cf:f1:3b:6f:93:35:88:59:85:00:af:e7:96:90: + e2:58:0b:8f:f3:5f:b9:0c:10:47:8d:1d:18:0f:09: + 1d:4e:45:cf:36:25:5c:f8:43:06:30:ce:af:39:5b: + de:e9:c6:66:8b:e2:82:37:fc:8a:74:83:8b:8a:9f: + 88:2d:39:15:f4:b2:56:de:50:3a:c2:d4:aa:7c:d6: + a9:b4:1b:e4:4d:25:27:3a:40:bc:8d:07:c1:30:36: + fe:22:4a:68:1f:04:75:46:58:1a:a4:18:ae:57:34: + 93:57:04:65:fb:13:80:bd:04:91:8a:41:82:32:fd: + d7:b5:b6:f1:cb:33:16:20:98:47:a5:b4:0e:69:3e: + e2:07:70:d5:b6:47:9b:5a:49:44:6e:83:85:3f:b0: + 7c:db:c7:46:5b:99:66:f9:10:5b:8e:88:ea:66:3e: + 37:f2:0f:c9:06:8b:0e:3c:b7:fe:59:16:75:ff:3f: + ec:61:94:73:31:84:67:4f:b4:06:70:58:3a:ea:32: + 07:02:29:75:8c:d0:52:db:e3:0b:46:54:c6:5b:42: + 43:34:a5:92:d8:10:81:15:ad:fd:cf:41:f6:f5:ef: + 7d:8f:a0:40:f3:dc:64:17:d4:a3:83:63:9b:3f:af: + af:28:ed:e7:ed:5d:6d:2b:16:61:4d:d3:c3:d6:15: + 78:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 52:FC:90:06:58:27:74:55:A2:49:6E:4E:BE:2B:81:E5:D1:E2:1A:14 + X509v3 Authority Key Identifier: + keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:72:99:1c:a8:f4:a6:3d:cc:36:4c:ad:46:1e:bb: + e3:1e:d0:d5:a4:ec:99:e3:4a:f8:47:bd:7c:dd:12:cb:c0:d1: + 02:20:64:c7:e9:b1:8e:bd:3d:59:31:17:a1:dd:b3:f9:11:ff: + 83:f6:be:1d:46:d9:50:cf:b4:47:94:49:4a:06:94:2d +-----BEGIN CERTIFICATE----- +MIICyjCCAnGgAwIBAgIBAzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1 +NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX +DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ +BgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AM/xO2+TNYhZhQCv55aQ4lgLj/NfuQwQR40dGA8JHU5FzzYlXPhDBjDOrzlb3unG +Zovigjf8inSDi4qfiC05FfSyVt5QOsLUqnzWqbQb5E0lJzpAvI0HwTA2/iJKaB8E +dUZYGqQYrlc0k1cEZfsTgL0EkYpBgjL917W28cszFiCYR6W0Dmk+4gdw1bZHm1pJ +RG6DhT+wfNvHRluZZvkQW46I6mY+N/IPyQaLDjy3/lkWdf8/7GGUczGEZ0+0BnBY +OuoyBwIpdYzQUtvjC0ZUxltCQzSlktgQgRWt/c9B9vXvfY+gQPPcZBfUo4Njmz+v +ryjt5+1dbSsWYU3Tw9YVeI0CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0O +BBYEFFL8kAZYJ3RVokluTr4rgeXR4hoUMB8GA1UdIwQYMBaAFA1rttfdf81OrQZr +IuERCFgQqxYqMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREE +CDAGhwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIHKZHKj0pj3MNkytRh674x7Q1aTs +meNK+Ee9fN0Sy8DRAiBkx+mxjr09WTEXod2z+RH/g/a+HUbZUM+0R5RJSgaULQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-intermediate.pem b/pki/testdata/ssl/certificates/2048-rsa-intermediate.pem new file mode 100644 index 0000000000..bfb349b36c --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-intermediate.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: CN=2048 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:7e:77:f6:cb:2f:92:95:d0:ee:f8:6e:01:9c: + 60:80:9c:49:fc:44:ff:d4:86:11:9a:18:4c:ce:d4: + 43:93:80:6a:f5:f3:a7:d6:88:a4:31:19:56:e1:17: + 06:dc:ed:6f:7b:12:cf:2e:77:f1:fc:44:a7:46:86: + 58:76:2c:86:e5:1f:8f:3c:60:cf:04:14:b5:58:04: + 64:81:9e:9c:36:97:0e:a1:ad:fd:a0:58:80:c0:b7: + 8e:49:16:d3:2e:9c:51:01:5a:13:0a:88:c5:35:b1: + 2d:1f:11:fd:b2:b4:ce:b6:b3:90:c8:8e:5d:2e:45: + ed:71:09:80:2e:99:76:f7:92:91:a8:ca:82:96:97: + 85:8a:ea:d6:9b:ac:36:a9:6a:52:9d:f3:28:b4:3c: + ff:22:75:fc:ad:3b:fc:6b:ee:9b:25:52:ec:63:6f: + ce:eb:64:6d:3f:39:ab:76:bf:76:b1:df:80:eb:28: + c5:b4:c8:cf:9a:2c:2a:76:c9:15:75:24:6a:fb:bf: + 4d:43:38:d8:ca:0d:12:64:7c:84:99:82:4c:ff:15: + 3b:e9:ef:d6:47:b4:99:93:c5:cb:47:45:df:a7:d5: + f9:c5:b9:d1:ec:e4:4e:bd:13:89:3b:2f:36:32:ff: + 0d:ed:a7:b3:88:ca:63:5b:57:58:9e:88:d6:97:6f: + 1b:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 6c:e3:16:4f:09:81:d2:61:e3:c1:39:35:9d:f3:1e:2c:4f:77: + 40:26:e7:24:83:55:89:60:3d:6c:65:d4:9e:47:99:5f:09:ea: + 1a:1a:16:59:8d:82:85:c8:e5:52:cc:e2:89:b1:3f:d7:e2:51: + 43:5f:d1:ab:bc:5c:0d:22:c7:85:7f:95:db:a1:55:ee:7d:98: + c9:41:ee:8b:69:c0:e6:8c:29:3d:fb:d1:66:1f:5a:79:2d:6a: + 0e:6f:9d:84:60:56:3e:1f:7e:0a:b2:40:af:97:1d:a8:dd:92: + d8:b9:57:ee:62:98:f9:f1:0f:32:3c:a0:bd:30:6d:cf:b7:7b: + 17:83:fe:e8:09:7d:ca:a7:13:61:de:47:55:a5:d0:0d:0c:73: + 75:8a:34:e3:91:19:1f:e7:09:07:2b:8d:67:5c:1a:bf:83:9f: + d3:ca:dd:c5:28:3f:1e:0a:6b:7d:eb:da:60:bb:9a:6c:a2:30: + 8d:f7:3a:01:56:ba:9e:e1:5b:7a:bb:8d:ba:ff:3c:67:a7:b0: + 8c:09:42:52:03:ea:33:ff:e9:c4:c0:4f:7b:ad:48:26:f0:f1: + 11:a8:ba:1d:30:6e:9b:6e:31:b7:70:8a:5d:e7:37:21:c4:f3: + 38:96:8e:60:fb:19:d3:92:63:b8:8f:14:41:25:fb:62:29:34: + 11:c5:a0:a2 +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx +WjAoMSYwJAYDVQQDDB0yMDQ4IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJ+d/bLL5KV0O74bgGcYICcSfxE +/9SGEZoYTM7UQ5OAavXzp9aIpDEZVuEXBtztb3sSzy538fxEp0aGWHYshuUfjzxg +zwQUtVgEZIGenDaXDqGt/aBYgMC3jkkW0y6cUQFaEwqIxTWxLR8R/bK0zrazkMiO +XS5F7XEJgC6ZdveSkajKgpaXhYrq1pusNqlqUp3zKLQ8/yJ1/K07/GvumyVS7GNv +zutkbT85q3a/drHfgOsoxbTIz5osKnbJFXUkavu/TUM42MoNEmR8hJmCTP8VO+nv +1ke0mZPFy0dF36fV+cW50ezkTr0TiTsvNjL/De2ns4jKY1tXWJ6I1pdvGxMCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXMJxdsEmsQwxc8iS0x4B +EkvMWhQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBs4xZPCYHS +YePBOTWd8x4sT3dAJuckg1WJYD1sZdSeR5lfCeoaGhZZjYKFyOVSzOKJsT/X4lFD +X9GrvFwNIseFf5XboVXufZjJQe6LacDmjCk9+9FmH1p5LWoOb52EYFY+H34KskCv +lx2o3ZLYuVfuYpj58Q8yPKC9MG3Pt3sXg/7oCX3KpxNh3kdVpdANDHN1ijTjkRkf +5wkHK41nXBq/g5/Tyt3FKD8eCmt969pgu5psojCN9zoBVrqe4Vt6u426/zxnp7CM +CUJSA+oz/+nEwE97rUgm8PERqLodMG6bbjG3cIpd5zchxPM4lo5g+xnTkmO4jxRB +JftiKTQRxaCi +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/2048-rsa-root.pem b/pki/testdata/ssl/certificates/2048-rsa-root.pem new file mode 100644 index 0000000000..da02ecef74 --- /dev/null +++ b/pki/testdata/ssl/certificates/2048-rsa-root.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14510385134211580431 (0xc95f3e6676ca420f) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Apr 22 20:28:40 2016 GMT + Not After : Apr 20 20:28:40 2026 GMT + Subject: CN=2048 RSA Test Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a0:0b:c9:40:3e:46:2d:4d:a1:38:35:9d:68:a5: + 9d:3e:8f:59:39:ba:8f:a5:42:74:7d:e8:17:3b:da: + 75:13:98:6b:73:f1:4b:a9:6d:5e:70:67:5c:7a:08: + 92:58:b2:64:a1:05:2d:53:41:bd:ab:a8:31:73:d4: + 56:07:ab:68:b9:39:39:52:65:6a:d7:1e:16:38:16: + c5:12:3c:f0:2a:50:59:43:31:4a:d0:fa:51:13:17: + 2a:89:84:42:91:1b:50:19:e8:ce:33:d8:a9:0a:ea: + c1:9a:00:9e:c1:14:58:40:51:a4:20:50:1b:a1:93: + b2:20:82:fe:80:b5:52:35:e7:e6:0b:72:b6:f5:a9: + 39:67:67:45:4b:be:c6:c0:2a:cd:b7:ef:77:2d:14: + c8:98:a5:8d:24:32:ed:db:1e:e4:6c:95:ee:a5:f0: + ca:39:c2:df:dd:1c:8e:9f:cb:9c:c1:00:9c:ef:48: + 09:97:a6:5a:d8:a8:3d:b9:15:95:35:6a:10:bf:40: + 58:0e:4a:f4:d8:9a:8a:4f:3e:ee:48:4a:fe:5f:f6: + 68:e2:75:3e:5a:32:73:c7:97:e7:0c:25:6f:a3:7d: + db:08:3d:b4:d3:5d:2f:49:e7:59:1f:5a:b9:7e:dc: + cb:e4:97:44:60:a1:d1:6b:2d:3c:79:1c:9f:b8:7b: + 6a:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + FD:5B:72:5F:28:F3:AB:A1:0F:21:EF:C3:F9:99:17:60:DC:BD:1F:BD + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 54:78:5d:70:a0:c3:44:48:93:2b:af:9e:41:26:b0:3e:7d:c7: + f0:ae:b1:37:d0:93:33:33:30:a6:d0:8c:20:cd:fe:fd:8b:1b: + bf:1d:72:25:fd:56:11:56:63:c0:3c:b3:6b:db:db:65:28:4f: + 6a:19:0b:2d:7c:1d:f1:46:50:14:9d:33:2e:75:dd:a7:45:15: + 44:54:61:6e:96:8f:a2:c4:60:8d:4e:49:08:07:32:d2:a9:c3: + c8:68:96:b2:50:85:3b:c2:4a:f9:e4:16:87:16:ea:47:4e:00: + 50:43:4d:78:99:c7:aa:ea:23:2a:b8:b8:7a:97:de:ba:97:8d: + e7:4b:74:e4:ed:53:5e:d1:5b:ed:5a:e2:95:a3:94:ad:d8:c4: + b1:62:25:29:93:8b:77:27:8f:71:51:64:b7:56:d5:33:82:5e: + 6f:39:56:cf:14:fd:1f:e2:46:9d:dd:2f:74:53:f1:27:87:f7: + fe:b0:6c:47:db:ff:fa:7b:17:97:a8:b9:ba:07:1e:dc:b5:47: + de:84:38:57:a4:47:6c:39:16:7f:1f:dd:63:99:1b:e1:28:90: + aa:42:07:2c:b2:e7:be:ef:8c:ca:a5:1e:33:5c:e5:73:cf:ba: + b3:33:d1:06:fb:c4:fa:f2:bc:f1:5c:92:69:fb:71:15:05:e3: + 99:a6:ba:cb +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIJAMlfPmZ2ykIPMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV +BAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTAeFw0xNjA0MjIyMDI4NDBaFw0yNjA0 +MjAyMDI4NDBaMCAxHjAcBgNVBAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKALyUA+Ri1NoTg1nWilnT6PWTm6 +j6VCdH3oFzvadROYa3PxS6ltXnBnXHoIkliyZKEFLVNBvauoMXPUVgeraLk5OVJl +atceFjgWxRI88CpQWUMxStD6URMXKomEQpEbUBnozjPYqQrqwZoAnsEUWEBRpCBQ +G6GTsiCC/oC1UjXn5gtytvWpOWdnRUu+xsAqzbfvdy0UyJiljSQy7dse5GyV7qXw +yjnC390cjp/LnMEAnO9ICZemWtioPbkVlTVqEL9AWA5K9Niaik8+7khK/l/2aOJ1 +Ployc8eX5wwlb6N92wg9tNNdL0nnWR9auX7cy+SXRGCh0WstPHkcn7h7ahsCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU/VtyXyjzq6EPIe/D+ZkX +YNy9H70wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBUeF1woMNE +SJMrr55BJrA+fcfwrrE30JMzMzCm0Iwgzf79ixu/HXIl/VYRVmPAPLNr29tlKE9q +GQstfB3xRlAUnTMudd2nRRVEVGFulo+ixGCNTkkIBzLSqcPIaJayUIU7wkr55BaH +FupHTgBQQ014mceq6iMquLh6l966l43nS3Tk7VNe0VvtWuKVo5St2MSxYiUpk4t3 +J49xUWS3VtUzgl5vOVbPFP0f4kad3S90U/Enh/f+sGxH2//6exeXqLm6Bx7ctUfe +hDhXpEdsORZ/H91jmRvhKJCqQgcssue+74zKpR4zXOVzz7qzM9EG+8T68rzxXJJp ++3EVBeOZprrL +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/398_days_1_second_after_2020_09_01.pem b/pki/testdata/ssl/certificates/398_days_1_second_after_2020_09_01.pem new file mode 100644 index 0000000000..3fa2461017 --- /dev/null +++ b/pki/testdata/ssl/certificates/398_days_1_second_after_2020_09_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:80 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Sep 2 00:00:00 2020 GMT + Not After : Oct 5 00:00:01 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:2b:e0:a9:cb:53:7c:f1:9e:96:4e:70:a3:8d: + 32:7b:bc:e0:2f:71:83:08:9f:e3:56:5c:dd:38:65: + 2f:53:c0:0f:41:ef:cd:93:a9:bb:13:20:89:15:90: + 3a:38:68:d3:2f:c7:15:b4:7c:ba:77:76:ac:f8:da: + a9:bd:04:1b:5a:f6:b1:6c:36:71:fe:08:93:88:b3: + 47:35:39:2b:19:be:e4:f4:1a:bb:30:ea:95:12:1c: + cc:9f:17:be:6d:ab:0a:4e:91:61:78:46:da:3d:0a: + 47:fb:64:a8:74:de:e4:71:f8:e9:da:80:66:d2:8b: + 54:c4:39:2f:18:b2:03:a7:21:77:d0:a6:1f:c6:0c: + 12:13:58:fb:ed:7b:b3:d8:8e:bc:79:b4:ff:7a:c7: + 28:88:a0:c5:fb:35:05:29:54:9f:ed:a2:9d:d1:1b: + 35:74:67:28:17:ba:2c:63:42:2e:ce:5e:0a:07:13: + a6:d4:65:99:6b:b5:32:5f:05:74:ba:9c:f4:ef:b6: + 00:79:db:0d:e4:06:a3:a4:c6:45:b8:46:26:aa:2e: + 0a:42:53:e7:e6:23:7f:65:07:97:bc:c5:5c:df:b3: + b1:9f:f9:a3:35:93:7e:68:20:74:89:5f:bb:b7:ed: + af:b5:49:a7:fb:93:19:aa:e7:cc:39:5a:a9:4f:31: + 3b:b7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + DC:18:E7:85:9D:70:27:B8:2C:64:7D:A1:29:D9:F0:7C:BF:13:AA:A1 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4b:d2:23:be:c9:f4:62:68:87:bf:f1:bd:1d:0f:05:ea:5f:95: + f0:34:85:1b:8f:4e:fd:86:34:f9:96:d7:5a:9c:5e:01:53:2a: + 47:d1:30:c5:1b:b7:29:f2:66:48:70:07:ac:75:77:ab:e7:b3: + 84:62:9e:35:7d:8b:37:b2:20:d2:7f:82:88:ee:f9:71:e4:ea: + bc:1d:4a:e7:22:a3:1c:c2:1a:33:e1:9b:fe:6e:0d:81:15:ef: + 2f:9d:75:75:0c:cd:00:b3:e6:47:52:32:bd:a0:5c:66:95:1c: + c6:5d:12:dd:f7:24:6e:fb:e9:2f:22:56:6d:3e:7d:41:9b:85: + 63:94:f7:0d:0d:1b:f9:18:8a:f4:e1:fa:f0:d3:b7:a7:38:ca: + e8:fc:09:c5:89:26:7d:95:db:66:23:38:3e:84:1b:23:08:8a: + af:4d:0e:89:12:6a:d3:d6:9f:7c:2c:ce:da:c3:c8:67:ff:d7: + 49:15:2f:26:0b:85:86:48:dc:2a:77:99:6f:47:86:3b:cb:30: + 36:95:ea:58:b4:c2:cd:b2:86:10:5f:03:a3:3d:de:ad:3e:7b: + 5f:7e:32:ae:67:fc:b8:23:10:ff:05:73:93:c5:a7:62:47:fa: + a0:a1:80:04:13:94:0c:29:ca:97:71:87:9f:78:2e:88:29:c8: + 3c:d6:a3:66 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwoAwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMDA5MDIwMDAwMDBaFw0yMTEwMDUwMDAwMDFaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzK+Cpy1N88Z6WTnCjjTJ7vOAvcYMIn+NW +XN04ZS9TwA9B782TqbsTIIkVkDo4aNMvxxW0fLp3dqz42qm9BBta9rFsNnH+CJOI +s0c1OSsZvuT0Grsw6pUSHMyfF75tqwpOkWF4Rto9Ckf7ZKh03uRx+OnagGbSi1TE +OS8YsgOnIXfQph/GDBITWPvte7PYjrx5tP96xyiIoMX7NQUpVJ/top3RGzV0ZygX +uixjQi7OXgoHE6bUZZlrtTJfBXS6nPTvtgB52w3kBqOkxkW4RiaqLgpCU+fmI39l +B5e8xVzfs7Gf+aM1k35oIHSJX7u37a+1Saf7kxmq58w5WqlPMTu3AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTcGOeFnXAnuCxkfaEp2fB8vxOqoTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAS9Ijvsn0YmiHv/G9HQ8F6l+V8DSFG49O/YY0+ZbXWpxeAVMqR9EwxRu3KfJm +SHAHrHV3q+ezhGKeNX2LN7Ig0n+CiO75ceTqvB1K5yKjHMIaM+Gb/m4NgRXvL511 +dQzNALPmR1IyvaBcZpUcxl0S3fckbvvpLyJWbT59QZuFY5T3DQ0b+RiK9OH68NO3 +pzjK6PwJxYkmfZXbZiM4PoQbIwiKr00OiRJq09affCzO2sPIZ//XSRUvJguFhkjc +KneZb0eGO8swNpXqWLTCzbKGEF8Doz3erT57X34yrmf8uCMQ/wVzk8WnYkf6oKGA +BBOUDCnKl3GHn3guiCnIPNajZg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/398_days_after_2020_09_01.pem b/pki/testdata/ssl/certificates/398_days_after_2020_09_01.pem new file mode 100644 index 0000000000..dd0eb1dc1f --- /dev/null +++ b/pki/testdata/ssl/certificates/398_days_after_2020_09_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Sep 2 00:00:00 2020 GMT + Not After : Oct 5 00:00:00 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:66:84:1c:5d:7d:8a:59:9e:47:64:b9:09:e4: + 1a:6b:6b:e6:4f:ba:59:2e:a4:3c:57:cb:1a:11:85: + bd:38:08:e0:95:30:c9:02:64:16:35:f0:57:b5:6d: + 2a:7e:54:0c:74:cf:0d:ae:19:ec:f5:01:47:57:0d: + ef:70:f7:a2:35:49:65:e5:95:78:ad:18:00:7f:ec: + 94:94:95:c8:b2:86:7c:ec:b4:d3:b2:dd:c2:91:03: + 31:ee:46:d7:d8:ee:fd:ce:6f:cc:33:fa:ba:bb:2d: + a2:a2:0c:1b:1b:84:2e:3c:8d:a1:5b:24:25:72:5b: + d9:b4:67:98:0e:42:6b:39:f7:5a:da:c8:8f:6d:96: + a2:1a:ce:35:a8:d5:e8:1b:14:97:f2:5b:12:eb:94: + 53:a1:7a:8e:3e:67:2f:d7:91:72:8b:12:cf:ba:d5: + 54:9e:64:92:4c:f2:fc:00:ee:86:4e:df:55:71:25: + c0:88:9d:86:9e:9a:46:b8:f1:31:da:dc:78:fd:46: + 27:1c:ec:6b:84:14:25:8a:b2:c0:ce:75:8f:e9:84: + 27:97:75:f4:91:96:e7:c0:c9:8d:de:f2:f4:fb:fd: + 69:5e:6b:59:50:63:bb:d5:91:cc:7c:1b:0f:c2:b2: + d3:56:b4:e8:77:c6:57:fb:af:7a:af:16:f9:5b:32: + 42:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4A:78:19:FB:FB:DF:5F:98:EC:91:7A:31:C5:98:4C:B6:8D:50:DE:AD + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3f:f0:e3:6b:61:f7:d4:c3:61:1f:94:8a:b9:bc:a0:1a:0c:26: + 2b:df:86:c5:39:93:a0:d0:77:9f:61:a8:ab:c1:1d:10:29:4b: + 2e:33:e2:97:46:00:c6:27:69:4c:fc:29:b6:4d:72:ab:4c:9a: + 96:e9:07:d2:d1:29:8e:39:ab:7c:00:c2:fb:7d:d7:04:f4:3e: + 00:f7:cd:16:38:21:82:79:ac:ce:f1:4c:56:fd:cc:64:8c:88: + 32:45:cb:3f:40:bb:86:0e:a3:9e:c1:f8:9a:16:57:ec:27:0e: + ee:cc:01:6f:d7:1d:2d:54:a9:99:6d:83:b0:b3:41:e6:57:31: + e1:65:a9:d2:a9:ea:ed:6f:e7:05:73:f1:27:ee:4b:da:56:c6: + af:ef:83:53:4e:7a:f9:54:00:58:11:c2:b2:bb:d8:7a:6c:1d: + 3a:0c:92:cf:23:12:ee:41:d3:32:24:36:0e:0e:e4:5a:d2:1b: + 6d:dc:85:93:ae:78:40:b3:11:81:d7:c9:e4:56:42:de:94:79: + da:6a:a6:fa:e3:71:96:17:51:f3:80:b2:d1:50:3a:98:9c:89: + 20:cc:4e:0a:69:ac:34:5c:53:aa:f7:4c:c3:cb:4b:fc:f7:bd: + 7c:82:53:9f:0c:3e:b8:ff:cb:72:44:2d:7e:19:24:a1:39:d0: + 6c:ab:db:38 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwn8wDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMDA5MDIwMDAwMDBaFw0yMTEwMDUwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrZoQcXX2KWZ5HZLkJ5Bpra+ZPulkupDxX +yxoRhb04COCVMMkCZBY18Fe1bSp+VAx0zw2uGez1AUdXDe9w96I1SWXllXitGAB/ +7JSUlciyhnzstNOy3cKRAzHuRtfY7v3Ob8wz+rq7LaKiDBsbhC48jaFbJCVyW9m0 +Z5gOQms591rayI9tlqIazjWo1egbFJfyWxLrlFOheo4+Zy/XkXKLEs+61VSeZJJM +8vwA7oZO31VxJcCInYaemka48THa3Hj9Ricc7GuEFCWKssDOdY/phCeXdfSRlufA +yY3e8vT7/Wlea1lQY7vVkcx8Gw/CstNWtOh3xlf7r3qvFvlbMkL/AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRKeBn7+99fmOyRejHFmEy2jVDerTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAP/Dja2H31MNhH5SKubygGgwmK9+GxTmToNB3n2Goq8EdEClLLjPil0YAxidp +TPwptk1yq0yalukH0tEpjjmrfADC+33XBPQ+APfNFjghgnmszvFMVv3MZIyIMkXL +P0C7hg6jnsH4mhZX7CcO7swBb9cdLVSpmW2DsLNB5lcx4WWp0qnq7W/nBXPxJ+5L +2lbGr++DU056+VQAWBHCsrvYemwdOgySzyMS7kHTMiQ2Dg7kWtIbbdyFk654QLMR +gdfJ5FZC3pR52mqm+uNxlhdR84Cy0VA6mJyJIMxOCmmsNFxTqvdMw8tL/Pe9fIJT +nww+uP/LckQtfhkkoTnQbKvbOA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/399_days_after_2020_09_01.pem b/pki/testdata/ssl/certificates/399_days_after_2020_09_01.pem new file mode 100644 index 0000000000..2f6b7e1837 --- /dev/null +++ b/pki/testdata/ssl/certificates/399_days_after_2020_09_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7e + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Sep 2 00:00:00 2020 GMT + Not After : Oct 6 00:00:00 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:19:fd:7b:2a:81:6b:16:2b:d8:73:ac:db:4e: + bb:d0:06:76:4f:f7:fc:73:62:d9:28:03:00:f2:75: + 28:56:b1:fe:d1:3f:08:11:f3:d8:77:62:38:85:89: + 72:4a:e1:7d:4b:72:c6:5f:01:49:ae:c3:b9:55:47: + 2e:45:78:43:20:ae:ed:b6:5d:7a:66:33:f1:98:3e: + fe:6b:a9:08:35:3c:54:a2:03:73:58:87:06:58:72: + fc:26:65:26:fe:78:fe:69:2e:26:55:63:e3:db:74: + 52:e0:6e:a4:b6:64:ab:76:54:77:88:c5:62:47:ff: + 44:0c:84:43:07:9b:86:de:3b:cc:2e:fb:46:f7:33: + ab:bd:00:b0:2e:1b:e3:55:15:ea:e6:c8:f5:3b:1a: + e2:79:12:38:32:4a:17:73:71:b9:dc:ea:43:57:98: + 9a:87:c0:fb:2d:b4:16:26:b4:a9:83:5e:b4:7e:73: + 21:93:6d:f2:35:b2:29:9d:eb:6f:90:54:45:1a:97: + 59:b5:6f:33:bb:17:79:b0:52:80:6a:2a:b9:6a:32: + 90:24:cf:9b:f1:32:82:cf:c8:fb:20:f2:a6:52:31: + dc:43:3a:ef:18:7f:3a:3c:65:b5:d5:9a:27:3c:10: + 2b:95:8a:d4:ec:e6:24:f0:29:bb:4c:d2:f3:a7:c7: + d1:33 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + CE:66:88:69:91:5E:F1:19:19:04:4B:56:72:0D:A7:79:68:0A:FB:B5 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a9:34:16:bb:1e:64:c5:e7:34:0a:cd:73:cc:e5:2f:82:4d:ab: + d5:3e:e5:c5:ca:f3:7f:93:6a:bb:1e:1c:99:b8:6d:20:e8:2b: + 49:98:f5:1a:ae:09:fa:cf:fc:ed:ed:b9:4e:84:4d:44:01:ce: + 66:bb:cc:e8:26:04:94:ed:67:d9:fc:d9:68:41:09:ab:86:4d: + 6f:81:0f:75:6a:c9:b4:26:8d:01:32:4b:2c:03:1b:bd:40:75: + 1c:93:b3:cc:e8:66:28:e2:c9:a9:55:14:29:88:54:a3:b4:70: + 89:0a:a0:75:a4:36:b0:b2:7b:30:cd:74:9f:d5:83:32:f7:85: + 95:c0:c1:e4:da:e2:84:fe:52:ce:2d:6d:31:16:a9:d3:90:c4: + a5:3c:cc:ba:94:6b:b1:c2:02:d5:b7:c3:b1:3e:2c:05:ab:f6: + 6e:58:bb:e3:43:5f:f1:06:e6:44:d8:d7:48:2b:c5:b2:5f:6d: + ea:81:51:2f:15:6f:8a:15:4c:84:70:71:0b:db:8b:a8:72:49: + 4a:c2:d5:87:7f:98:c8:b4:ef:3c:34:c9:f4:8d:04:9f:1a:22: + 31:7f:e4:70:15:04:e2:ee:6b:38:cf:75:c3:a8:e8:66:87:0a: + a5:31:a0:4c:ea:d0:04:b3:0b:12:fe:25:53:b9:83:f7:13:55: + 00:03:17:84 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwn4wDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMDA5MDIwMDAwMDBaFw0yMTEwMDYwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzGf17KoFrFivYc6zbTrvQBnZP9/xzYtko +AwDydShWsf7RPwgR89h3YjiFiXJK4X1LcsZfAUmuw7lVRy5FeEMgru22XXpmM/GY +Pv5rqQg1PFSiA3NYhwZYcvwmZSb+eP5pLiZVY+PbdFLgbqS2ZKt2VHeIxWJH/0QM +hEMHm4beO8wu+0b3M6u9ALAuG+NVFermyPU7GuJ5EjgyShdzcbnc6kNXmJqHwPst +tBYmtKmDXrR+cyGTbfI1simd62+QVEUal1m1bzO7F3mwUoBqKrlqMpAkz5vxMoLP +yPsg8qZSMdxDOu8Yfzo8ZbXVmic8ECuVitTs5iTwKbtM0vOnx9EzAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTOZohpkV7xGRkES1ZyDad5aAr7tTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAqTQWux5kxec0Cs1zzOUvgk2r1T7lxcrzf5Nqux4cmbhtIOgrSZj1Gq4J+s/8 +7e25ToRNRAHOZrvM6CYElO1n2fzZaEEJq4ZNb4EPdWrJtCaNATJLLAMbvUB1HJOz +zOhmKOLJqVUUKYhUo7RwiQqgdaQ2sLJ7MM10n9WDMveFlcDB5NrihP5Szi1tMRap +05DEpTzMupRrscIC1bfDsT4sBav2bli740Nf8QbmRNjXSCvFsl9t6oFRLxVvihVM +hHBxC9uLqHJJSsLVh3+YyLTvPDTJ9I0EnxoiMX/kcBUE4u5rOM91w6joZocKpTGg +TOrQBLMLEv4lU7mD9xNVAAMXhA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/39_months_after_2015_04.pem b/pki/testdata/ssl/certificates/39_months_after_2015_04.pem new file mode 100644 index 0000000000..d138fef448 --- /dev/null +++ b/pki/testdata/ssl/certificates/39_months_after_2015_04.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:71 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Apr 2 00:00:00 2015 GMT + Not After : Jul 2 00:00:00 2018 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b1:08:9f:8e:29:52:ed:20:71:ae:d9:44:93:65: + c3:11:58:97:29:dc:e2:4a:54:65:ec:d9:0d:e3:75: + 9c:52:7d:2e:35:2a:cb:88:70:de:8f:ce:f4:23:13: + 16:1d:de:7d:e4:fb:7b:8a:1e:ba:a4:6a:38:bb:c5: + 89:69:49:17:9b:74:88:a8:c5:ee:65:4c:f1:96:82: + 8e:30:42:e7:9a:9b:9b:e1:e6:5e:b0:c5:3f:46:09: + fe:26:3a:02:b7:f9:a6:4b:43:0e:ed:80:d8:76:12: + e3:34:38:ad:b6:a8:cb:58:9f:0e:77:67:ff:91:77: + d5:63:0f:4c:2b:d4:35:22:68:08:8e:9b:5c:a6:77: + 51:ef:e7:3e:e0:8f:53:8f:13:c7:21:fa:c5:98:15: + 26:89:08:c0:c8:57:05:56:f5:52:b5:d3:6c:a6:a3: + 5f:3c:3c:b1:91:98:ec:0d:85:8c:d5:ad:18:30:9d: + 2e:91:f3:92:62:ae:9e:6d:64:4e:9d:ac:c8:88:30: + 64:d7:2f:d2:c3:46:fb:fd:f3:a2:69:9f:f0:ee:ef: + 6a:eb:e4:58:a2:37:16:46:e2:d0:53:ed:33:1e:ad: + 6a:5f:b2:7e:c8:e9:1d:c8:12:ed:ac:35:9d:ba:26: + 82:ea:04:be:e1:a5:34:fc:ee:ed:25:a6:6d:cb:fa: + e5:3f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 1C:10:69:49:A1:B6:07:E4:28:8A:C2:C9:80:88:80:93:91:5C:71:2E + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 36:a1:f7:1b:af:3c:49:fd:af:13:19:74:79:cf:77:20:92:bb: + e7:76:5e:ca:12:be:e2:8d:15:6c:45:5d:70:2a:84:05:c8:b8: + f8:3d:34:76:0b:e7:25:5e:f0:dd:fd:08:00:b9:31:b5:72:9b: + 18:e2:da:7a:bc:da:1a:b8:aa:80:37:ad:51:03:9f:c6:fb:e5: + 06:13:3e:41:d5:e2:9b:dd:16:43:ad:35:3a:c3:7a:7f:2c:35: + 6a:cb:bd:74:b9:57:93:1f:24:57:78:3c:9a:5c:f1:51:bd:5d: + cf:ae:f2:a9:cb:81:b4:20:93:b4:fd:bf:a3:68:68:ff:15:12: + 2f:05:1e:54:02:ce:4b:ee:38:c7:5b:fa:01:75:f7:bc:2f:08: + ae:6e:d1:ba:20:5b:03:74:80:89:75:80:9f:b5:50:3d:14:b6: + 94:73:84:2d:38:68:0b:d8:89:8f:42:bc:9b:e1:ed:e6:df:2f: + 15:ba:ec:41:c9:1e:dc:94:cc:4a:af:68:34:76:92:50:d8:45: + 47:57:6a:9e:c5:6f:20:59:9e:e6:f1:d8:56:bd:ee:9a:71:7e: + 4f:08:3c:dc:9b:51:cd:62:a8:c7:7f:df:21:76:6a:90:0c:15: + de:6f:b0:04:3b:16:4f:cc:19:7c:06:d0:55:0a:dd:cb:0d:08: + 59:d6:ac:a3 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnEwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNTA0MDIwMDAwMDBaFw0xODA3MDIwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxCJ+OKVLtIHGu2USTZcMRWJcp3OJKVGXs +2Q3jdZxSfS41KsuIcN6PzvQjExYd3n3k+3uKHrqkaji7xYlpSRebdIioxe5lTPGW +go4wQueam5vh5l6wxT9GCf4mOgK3+aZLQw7tgNh2EuM0OK22qMtYnw53Z/+Rd9Vj +D0wr1DUiaAiOm1ymd1Hv5z7gj1OPE8ch+sWYFSaJCMDIVwVW9VK102ymo188PLGR +mOwNhYzVrRgwnS6R85Jirp5tZE6drMiIMGTXL9LDRvv986Jpn/Du72rr5FiiNxZG +4tBT7TMerWpfsn7I6R3IEu2sNZ26JoLqBL7hpTT87u0lpm3L+uU/AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQcEGlJobYH5CiKwsmAiICTkVxxLjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEANqH3G688Sf2vExl0ec93IJK753ZeyhK+4o0VbEVdcCqEBci4+D00dgvnJV7w +3f0IALkxtXKbGOLaerzaGriqgDetUQOfxvvlBhM+QdXim90WQ601OsN6fyw1asu9 +dLlXkx8kV3g8mlzxUb1dz67yqcuBtCCTtP2/o2ho/xUSLwUeVALOS+44x1v6AXX3 +vC8Irm7RuiBbA3SAiXWAn7VQPRS2lHOELThoC9iJj0K8m+Ht5t8vFbrsQcke3JTM +Sq9oNHaSUNhFR1dqnsVvIFme5vHYVr3umnF+Twg83JtRzWKox3/fIXZqkAwV3m+w +BDsWT8wZfAbQVQrdyw0IWdasow== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/39_months_based_on_last_day.pem b/pki/testdata/ssl/certificates/39_months_based_on_last_day.pem new file mode 100644 index 0000000000..84b9ce1296 --- /dev/null +++ b/pki/testdata/ssl/certificates/39_months_based_on_last_day.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:75 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Feb 28 00:00:00 2017 GMT + Not After : May 30 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a6:fd:ce:a0:e7:68:1f:ec:48:5a:cd:9f:73:ee: + 17:d1:c5:ba:eb:d4:56:72:9a:d4:1d:94:fc:36:3c: + cb:05:d2:e8:7d:93:3a:49:34:03:3c:d2:72:98:3f: + 95:45:78:1a:0f:c9:be:70:f7:ab:91:9a:24:83:e8: + 46:10:80:52:af:06:a8:3c:8a:f5:f7:ea:4c:25:81: + f1:7a:62:ff:91:14:34:e7:ae:26:2d:c3:55:a8:46: + 34:33:1f:ee:87:4d:93:ae:7d:9b:8a:4c:85:02:c0: + 7e:b0:4c:a1:eb:cb:71:a3:9d:e2:0e:2b:b9:cb:80: + 76:3d:58:4c:1d:5f:0a:de:cc:14:f8:69:2f:ce:b5: + 43:55:f4:c6:8b:24:d6:55:4d:0d:74:62:d1:7f:e1: + 95:4c:c8:fc:99:ae:9a:1b:e7:07:d8:48:7c:f7:3c: + 1d:8a:8c:f0:20:99:88:ed:ca:aa:cc:c1:44:1e:10: + e8:95:05:ca:a2:0d:93:c0:40:bf:1f:bc:5b:b5:da: + 19:63:96:04:57:32:99:0f:f3:f7:f1:a3:ed:df:6c: + 32:df:94:71:41:fe:e7:9a:d8:c5:ab:24:6d:26:82: + eb:aa:2b:aa:6d:67:90:d4:cf:d9:11:e6:87:e1:b6: + e7:24:c0:47:7a:ee:55:ba:87:a9:2f:b0:93:79:a4: + 08:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E7:91:F7:13:99:EC:1E:9C:81:43:8A:DA:A5:63:5B:93:3C:79:07:B6 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7e:4c:5b:7e:32:78:be:ee:68:bc:8c:de:1d:0e:d1:86:44:8d: + 40:d5:42:2e:79:89:18:88:b7:9c:b5:f8:b4:89:ef:f7:8a:dc: + 32:3d:6c:a9:b7:ef:2a:86:1f:72:fb:aa:7d:86:10:4f:b0:3e: + 7b:39:6f:ab:2b:f2:20:d9:dc:44:82:8b:d7:54:9c:a4:6f:9f: + bd:12:35:5d:29:56:53:b1:83:92:aa:bd:ea:3c:89:16:76:e9: + 15:64:5d:c5:cb:60:b2:ba:7c:88:c6:66:b3:8a:13:1a:f1:a8: + 03:c4:7b:8c:eb:11:86:e6:2f:28:87:55:6f:7d:94:e5:e7:a6: + 8f:1d:3a:b7:fa:de:da:53:54:27:8f:0f:14:f6:34:91:11:8a: + 29:18:a7:01:3c:b3:a0:94:57:6b:d2:c3:b7:e8:51:60:43:c3: + 40:20:5c:ee:be:04:27:4f:b9:0f:16:84:5d:91:43:ae:03:6d: + cd:81:f9:e4:ad:ff:ed:09:86:6f:4c:bb:3b:5f:6a:ef:2e:e9: + 2f:fc:ae:d8:b7:cd:f2:0e:49:ef:46:ef:7e:42:33:3b:c2:00: + a1:59:8e:07:6b:17:51:c2:62:1b:3e:92:70:58:7d:c9:22:4a: + 2d:f6:b9:49:87:93:b5:10:61:34:1c:65:ef:6b:de:30:7d:3f: + 68:45:cf:7a +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnUwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNzAyMjgwMDAwMDBaFw0yMDA1MzAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm/c6g52gf7EhazZ9z7hfRxbrr1FZymtQd +lPw2PMsF0uh9kzpJNAM80nKYP5VFeBoPyb5w96uRmiSD6EYQgFKvBqg8ivX36kwl +gfF6Yv+RFDTnriYtw1WoRjQzH+6HTZOufZuKTIUCwH6wTKHry3GjneIOK7nLgHY9 +WEwdXwrezBT4aS/OtUNV9MaLJNZVTQ10YtF/4ZVMyPyZrpob5wfYSHz3PB2KjPAg +mYjtyqrMwUQeEOiVBcqiDZPAQL8fvFu12hljlgRXMpkP8/fxo+3fbDLflHFB/uea +2MWrJG0mguuqK6ptZ5DUz9kR5ofhtuckwEd67lW6h6kvsJN5pAgJAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTnkfcTmewenIFDitqlY1uTPHkHtjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAfkxbfjJ4vu5ovIzeHQ7RhkSNQNVCLnmJGIi3nLX4tInv94rcMj1sqbfvKoYf +cvuqfYYQT7A+ezlvqyvyINncRIKL11ScpG+fvRI1XSlWU7GDkqq96jyJFnbpFWRd +xctgsrp8iMZms4oTGvGoA8R7jOsRhuYvKIdVb32U5eemjx06t/re2lNUJ48PFPY0 +kRGKKRinATyzoJRXa9LDt+hRYEPDQCBc7r4EJ0+5DxaEXZFDrgNtzYH55K3/7QmG +b0y7O19q7y7pL/yu2LfN8g5J70bvfkIzO8IAoVmOB2sXUcJiGz6ScFh9ySJKLfa5 +SYeTtRBhNBxl72veMH0/aEXPeg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/40_months_after_2015_04.pem b/pki/testdata/ssl/certificates/40_months_after_2015_04.pem new file mode 100644 index 0000000000..c07d1217f7 --- /dev/null +++ b/pki/testdata/ssl/certificates/40_months_after_2015_04.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:72 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Apr 2 00:00:00 2015 GMT + Not After : Aug 1 00:00:00 2018 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a5:0f:16:e1:16:18:40:db:ce:15:87:a1:aa:d3: + 1f:49:59:b6:38:e8:5d:f3:ed:f3:b0:29:04:c3:57: + ea:5a:7c:22:6b:ce:77:db:de:4d:d9:04:51:5c:f8: + 06:74:fb:ec:d2:87:b2:96:fe:b4:b3:34:81:ae:9f: + a1:a1:c0:49:4b:d7:e8:bf:68:91:d4:57:f2:8d:1d: + 0d:f5:92:c5:b5:fd:0b:bb:5f:51:8a:94:26:11:36: + 3c:56:5e:c4:86:2b:1a:f5:df:1e:02:f5:e4:50:da: + 76:b2:66:89:10:42:45:76:4a:32:09:fc:f7:13:2e: + cb:ff:e3:94:3e:80:64:0e:c7:84:b2:a1:8e:01:a0: + 30:4f:c0:bd:f3:20:36:7b:f6:b1:26:d7:c5:4f:17: + c9:be:fc:2a:aa:e7:bc:0c:57:71:82:a0:3e:39:15: + 0d:c5:95:79:44:1a:dd:ec:d3:e0:cc:ae:32:c8:00: + 26:ed:da:f3:74:6e:5e:02:7e:02:bb:c1:a7:9c:d9: + 3d:03:dc:b9:97:99:24:f3:72:58:8b:1d:0f:87:c2: + b2:15:2f:f9:27:77:6b:4d:d4:7d:1d:12:56:07:b9: + ad:bf:e8:93:af:92:fb:b3:83:76:f8:a8:7f:e3:d4: + 28:a8:20:55:3c:66:39:8a:e9:0e:71:a1:78:9a:3b: + da:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 0C:63:B5:F8:FD:66:75:20:B7:40:9F:23:75:69:F4:49:D2:0E:BE:10 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 38:26:c3:05:63:87:a9:a0:3f:de:4a:c5:05:59:9a:3c:fe:7a: + b4:9b:83:a3:97:7a:55:9f:c1:41:8a:e6:dc:ee:5f:38:73:c6: + ab:23:ce:20:1b:a0:02:b4:1f:d3:02:41:d4:7d:0f:c5:ee:ad: + c2:e0:ba:3a:1a:1e:55:c6:24:6a:ac:f7:6a:fd:01:92:f6:fe: + 7e:e2:d1:d8:0a:8c:4e:fe:50:54:66:00:6f:fa:c7:fb:4d:29: + f7:8c:ac:37:0b:a4:24:94:ce:e4:65:6b:85:0f:c2:df:92:bb: + 7f:39:62:c3:49:30:c9:59:e4:6b:8b:97:9c:71:17:58:c0:fd: + b9:3b:cc:f5:d0:d9:cd:e7:6d:ac:7a:b4:5e:df:45:23:e9:77: + 4a:f5:dc:79:7f:a4:89:e9:26:bc:49:81:f1:52:76:b0:f5:2e: + 64:3f:ab:cc:e7:8b:92:6e:3d:d5:05:90:13:fc:8f:1f:26:4e: + 2f:2b:e9:a2:3f:39:88:98:36:b0:62:7c:65:3c:58:5c:c0:0f: + 98:97:fa:ac:6d:f2:27:94:20:1c:d8:5b:e2:17:95:8b:5b:c1: + c4:74:b2:90:b3:98:6e:be:79:bf:b1:c6:94:4a:7c:56:de:f3: + 99:04:cf:5c:5b:2a:79:8a:87:6e:68:17:4c:b4:19:42:8b:b6: + cd:2f:ea:cf +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnIwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNTA0MDIwMDAwMDBaFw0xODA4MDEwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQClDxbhFhhA284Vh6Gq0x9JWbY46F3z7fOw +KQTDV+pafCJrznfb3k3ZBFFc+AZ0++zSh7KW/rSzNIGun6GhwElL1+i/aJHUV/KN +HQ31ksW1/Qu7X1GKlCYRNjxWXsSGKxr13x4C9eRQ2nayZokQQkV2SjIJ/PcTLsv/ +45Q+gGQOx4SyoY4BoDBPwL3zIDZ79rEm18VPF8m+/Cqq57wMV3GCoD45FQ3FlXlE +Gt3s0+DMrjLIACbt2vN0bl4CfgK7waec2T0D3LmXmSTzcliLHQ+HwrIVL/knd2tN +1H0dElYHua2/6JOvkvuzg3b4qH/j1CioIFU8ZjmK6Q5xoXiaO9rlAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQMY7X4/WZ1ILdAnyN1afRJ0g6+EDAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAOCbDBWOHqaA/3krFBVmaPP56tJuDo5d6VZ/BQYrm3O5fOHPGqyPOIBugArQf +0wJB1H0Pxe6twuC6OhoeVcYkaqz3av0Bkvb+fuLR2AqMTv5QVGYAb/rH+00p94ys +NwukJJTO5GVrhQ/C35K7fzliw0kwyVnka4uXnHEXWMD9uTvM9dDZzedtrHq0Xt9F +I+l3SvXceX+kiekmvEmB8VJ2sPUuZD+rzOeLkm491QWQE/yPHyZOLyvpoj85iJg2 +sGJ8ZTxYXMAPmJf6rG3yJ5QgHNhb4heVi1vBxHSykLOYbr55v7HGlEp8Vt7zmQTP +XFsqeYqHbmgXTLQZQou2zS/qzw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/60_months_after_2012_07.pem b/pki/testdata/ssl/certificates/60_months_after_2012_07.pem new file mode 100644 index 0000000000..4ca5f5234e --- /dev/null +++ b/pki/testdata/ssl/certificates/60_months_after_2012_07.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:73 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 30 00:00:00 2014 GMT + Not After : Sep 30 00:00:00 2019 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d4:fa:d1:99:fe:2d:7a:82:e4:72:af:58:76:bb: + bb:bc:04:03:a2:57:54:75:1b:f3:48:11:aa:eb:97: + 05:02:8c:71:49:ec:b5:5f:a6:d0:18:c5:60:e1:04: + 59:3f:64:a2:96:ca:45:8b:37:82:14:7f:d9:07:fb: + 97:0d:64:9d:7f:ce:19:56:0e:dc:2c:e0:40:7f:86: + a0:ad:9b:bf:f9:84:1e:7f:23:22:e8:35:0a:fb:ee: + 9a:ce:2b:00:48:53:71:86:b2:31:3e:b2:30:0d:79: + d7:05:56:72:e3:95:98:c3:1e:bf:cc:cf:90:54:8e: + 2d:39:c8:2f:bb:3c:05:41:36:4a:2c:b7:c1:0d:4a: + f6:44:02:da:d4:bf:84:9f:66:d7:30:bd:82:b1:92: + f1:73:4f:53:4d:c8:d3:74:73:42:69:bc:0b:18:e0: + 03:51:b7:85:ca:71:74:a1:17:5d:37:22:43:86:c0: + 92:25:98:a9:83:49:b9:d2:97:f8:15:eb:58:d2:13: + bd:4a:39:33:07:50:db:cb:fc:49:8b:ae:ab:df:42: + 14:c1:92:dd:93:da:c4:7a:c9:f8:4d:c2:d8:87:b6: + e4:f5:0e:92:09:4a:6d:f5:30:53:14:07:ea:c5:7c: + ef:93:84:09:25:e0:c7:8a:17:84:a6:76:91:1d:64: + 24:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 29:81:75:1D:D1:AE:EE:50:EB:91:E2:57:31:51:5D:3A:0E:99:10:1C + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 8d:b4:56:2d:06:e1:b6:68:00:d4:02:56:5f:a2:6e:b1:1a:58: + b7:66:98:05:9b:9a:56:20:db:17:f1:7a:5e:32:e5:7a:88:ef: + dd:ec:92:b3:41:02:f9:d6:ae:17:85:49:8d:e9:df:e4:69:ee: + c5:74:40:d4:3a:63:4d:99:cb:65:3c:f3:cc:83:82:c0:fe:3c: + bf:80:df:bf:7b:33:f1:b5:2e:04:b0:9f:31:9f:40:23:1c:5b: + 8f:dd:b1:7a:e9:4e:2c:81:ff:77:00:e8:04:f4:99:54:0d:be: + 0d:a8:44:71:9f:b7:62:ce:99:b3:10:c3:47:34:e1:42:e4:d6: + 07:e1:66:91:ae:0a:62:f8:b5:35:0b:ab:08:c8:da:be:5b:74: + 03:5c:ad:1e:2c:82:bf:9a:b1:3e:88:ed:47:26:18:ba:07:31: + 93:aa:ed:00:3f:89:c3:61:a6:7d:23:49:f3:47:4b:c5:72:cc: + ff:64:21:c7:5e:81:65:f7:6b:8f:03:a2:e9:b9:b7:b6:be:ed: + bf:51:4b:64:96:98:37:15:06:5f:17:33:85:46:15:e1:d7:04: + 65:e4:65:f1:ef:60:01:ca:82:70:7f:69:71:2f:fc:ca:8e:64: + b3:a4:0e:74:31:e7:61:28:89:48:b3:29:b6:66:52:69:f7:e1: + 1e:51:8d:09 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnMwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNDEwMzAwMDAwMDBaFw0xOTA5MzAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU+tGZ/i16guRyr1h2u7u8BAOiV1R1G/NI +EarrlwUCjHFJ7LVfptAYxWDhBFk/ZKKWykWLN4IUf9kH+5cNZJ1/zhlWDtws4EB/ +hqCtm7/5hB5/IyLoNQr77prOKwBIU3GGsjE+sjANedcFVnLjlZjDHr/Mz5BUji05 +yC+7PAVBNkost8ENSvZEAtrUv4SfZtcwvYKxkvFzT1NNyNN0c0JpvAsY4ANRt4XK +cXShF103IkOGwJIlmKmDSbnSl/gV61jSE71KOTMHUNvL/EmLrqvfQhTBkt2T2sR6 +yfhNwtiHtuT1DpIJSm31MFMUB+rFfO+ThAkl4MeKF4SmdpEdZCRzAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQpgXUd0a7uUOuR4lcxUV06DpkQHDAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAjbRWLQbhtmgA1AJWX6JusRpYt2aYBZuaViDbF/F6XjLleojv3eySs0EC+dau +F4VJjenf5GnuxXRA1DpjTZnLZTzzzIOCwP48v4Dfv3sz8bUuBLCfMZ9AIxxbj92x +eulOLIH/dwDoBPSZVA2+DahEcZ+3Ys6ZsxDDRzThQuTWB+Fmka4KYvi1NQurCMja +vlt0A1ytHiyCv5qxPojtRyYYugcxk6rtAD+Jw2GmfSNJ80dLxXLM/2Qhx16BZfdr +jwOi6bm3tr7tv1FLZJaYNxUGXxczhUYV4dcEZeRl8e9gAcqCcH9pcS/8yo5ks6QO +dDHnYSiJSLMptmZSaffhHlGNCQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/61_months_after_2012_07.pem b/pki/testdata/ssl/certificates/61_months_after_2012_07.pem new file mode 100644 index 0000000000..8f9d360a9b --- /dev/null +++ b/pki/testdata/ssl/certificates/61_months_after_2012_07.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:74 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 30 00:00:00 2014 GMT + Not After : Nov 3 00:00:00 2019 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a0:11:b9:0c:12:b6:cc:db:8a:b7:7f:a4:c9:26: + b9:44:ef:2f:8f:9a:57:00:d2:21:c0:a3:6d:0d:88: + 59:12:62:19:ba:71:6c:c6:98:cc:44:d3:de:aa:88: + bc:64:38:cc:78:13:a5:5d:76:7a:4b:c8:d2:8e:67: + 64:61:81:61:4f:1e:69:11:ca:ec:c1:80:d0:ea:21: + a4:ab:56:8b:e5:74:e8:0d:05:f8:6a:dd:3b:c6:73: + c4:3f:b7:f1:ab:c1:55:f7:df:3f:7f:ba:36:d9:c1: + 6b:2d:6e:d7:93:96:87:9e:ee:00:57:d5:59:50:6d: + 82:9b:ab:2a:52:7e:c0:b8:be:34:8f:08:6b:ad:c6: + b5:90:0c:80:ff:3f:68:05:c9:a5:5c:9a:ba:8c:49: + 4a:d4:b9:87:42:1d:47:42:ff:17:8f:df:55:e1:b9: + f9:14:6b:08:8f:4f:de:65:59:71:1c:51:1a:58:56: + 96:de:ca:d1:09:0d:c1:0a:b0:19:74:45:46:38:16: + 7b:1a:0a:32:e0:35:34:60:83:c4:63:cb:53:34:2d: + 4b:f7:c8:8e:88:75:13:95:70:9f:ff:cf:f0:10:64: + b3:6c:22:ca:13:3e:65:fb:a2:fb:0c:01:80:b7:64: + d8:ee:0b:4c:18:fc:02:9d:fd:6c:ba:ba:46:cb:f8: + 05:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 60:ED:A6:AB:09:02:D8:2C:54:39:D5:78:E5:E1:A1:09:44:B0:55:21 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + bc:7e:07:ce:f1:cf:0a:be:b5:27:bf:42:34:cf:8e:c4:19:e0: + 60:c2:f9:e2:a8:e8:73:b9:75:30:5b:34:6a:3d:5a:95:b8:e7: + 58:88:5e:48:62:70:06:7c:51:d8:17:d2:fb:4d:2c:48:4f:23: + 2a:c3:b9:ca:0c:6a:f6:a9:d8:8c:b1:78:a6:45:9d:d3:d7:03: + 1a:b5:64:c9:fc:92:05:ea:ea:da:e7:97:b8:67:53:d0:3b:46: + d8:00:28:16:ff:15:84:18:ac:c2:96:cf:df:f8:c6:bb:39:d2: + 79:9a:69:26:1e:c5:99:4b:ca:b4:bc:ca:a0:53:e0:11:43:e9: + b7:b6:8c:d8:8b:88:cd:4d:10:9b:12:18:0e:80:d1:ab:b3:24: + a4:f3:3b:ea:21:14:79:4b:64:17:49:0a:cd:1c:e4:fd:1b:11: + 79:46:ac:fe:c6:aa:73:12:95:fd:61:0d:b0:64:53:5c:6f:ce: + 0a:fe:07:2d:4d:42:5b:9e:dc:4a:19:dd:19:28:ee:bf:05:e2: + 62:61:6f:8b:83:50:17:6e:3f:31:5c:f2:d2:7d:fa:60:c3:03: + b9:ca:b5:16:d8:de:bb:00:09:9c:50:88:f4:00:f1:2b:00:f8: + 1b:34:40:94:94:2c:25:63:b1:84:96:00:3d:76:48:2d:f4:77: + 34:36:37:87 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnQwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNDEwMzAwMDAwMDBaFw0xOTExMDMwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgEbkMErbM24q3f6TJJrlE7y+PmlcA0iHA +o20NiFkSYhm6cWzGmMxE096qiLxkOMx4E6VddnpLyNKOZ2RhgWFPHmkRyuzBgNDq +IaSrVovldOgNBfhq3TvGc8Q/t/GrwVX33z9/ujbZwWstbteTloee7gBX1VlQbYKb +qypSfsC4vjSPCGutxrWQDID/P2gFyaVcmrqMSUrUuYdCHUdC/xeP31XhufkUawiP +T95lWXEcURpYVpbeytEJDcEKsBl0RUY4FnsaCjLgNTRgg8Rjy1M0LUv3yI6IdROV +cJ//z/AQZLNsIsoTPmX7ovsMAYC3ZNjuC0wY/AKd/Wy6ukbL+AXVAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRg7aarCQLYLFQ51Xjl4aEJRLBVITAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAvH4HzvHPCr61J79CNM+OxBngYML54qjoc7l1MFs0aj1albjnWIheSGJwBnxR +2BfS+00sSE8jKsO5ygxq9qnYjLF4pkWd09cDGrVkyfySBerq2ueXuGdT0DtG2AAo +Fv8VhBiswpbP3/jGuznSeZppJh7FmUvKtLzKoFPgEUPpt7aM2IuIzU0QmxIYDoDR +q7MkpPM76iEUeUtkF0kKzRzk/RsReUas/saqcxKV/WENsGRTXG/OCv4HLU1CW57c +ShndGSjuvwXiYmFvi4NQF24/MVzy0n36YMMDucq1FtjeuwAJnFCI9ADxKwD4GzRA +lJQsJWOxhJYAPXZILfR3NDY3hw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem b/pki/testdata/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000000..725ca3a554 --- /dev/null +++ b/pki/testdata/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (768 bit) + Modulus: + 00:a0:a2:fc:c2:cd:0e:5f:d9:64:7d:c9:6e:26:bc: + 04:5f:cb:c4:fb:01:66:5d:76:82:4b:60:11:12:0f: + 44:b4:e8:1e:41:86:df:63:22:34:1c:4f:da:80:40: + 51:fb:9d:a0:77:1e:af:dd:dd:dc:36:e4:67:d9:2f: + 45:56:48:38:58:d8:df:59:21:c6:64:01:eb:7a:e3: + 4f:ce:cc:e3:fe:53:98:12:86:c6:76:d1:c2:fb:06: + 0e:0c:b0:80:d1:c6:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 85:06:8C:BA:66:3C:B8:5C:2D:85:7B:B2:22:A5:73:48:0F:1B:B7:55 + X509v3 Authority Key Identifier: + keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 4b:ce:06:5e:cf:bb:09:25:5f:43:b4:9d:08:f5:0e:85:99:d7: + b9:d7:c0:51:3e:8e:d2:ad:66:41:6a:a1:c1:cf:f4:0b:de:3c: + 9b:00:58:7a:7f:da:3f:18:8c:68:c3:35:29:42:94:31:2c:03: + a9:88:33:2b:cf:8b:5a:1e:36:8e:a9:ad:30:1f:14:2e:3a:81: + eb:c2:48:97:e4:8e:4c:63:8f:51:c2:12:4c:5b:17:bd:b5:18: + 26:d2:92:35:06:bb:3a:40:1b:b2:3a:35:a5:21:77:15:b4:2a: + a6:89:9f:54:7c:73:21:f0:e0:ab:44:46:e6:c2:0a:ed:c8:22: + 79:ad +-----BEGIN CERTIFICATE----- +MIICWzCCAcSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAoKL8ws0OX9lkfclu +JrwEX8vE+wFmXXaCS2AREg9EtOgeQYbfYyI0HE/agEBR+52gdx6v3d3cNuRn2S9F +Vkg4WNjfWSHGZAHreuNPzszj/lOYEobGdtHC+wYODLCA0ca/AgMBAAGjgYAwfjAM +BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFBoy6Zjy4XC2Fe7IipXNIDxu3VTAfBgNV +HSMEGDAWgBSrkeYrycEue6Bl8dSKzgNN9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBL +zgZez7sJJV9DtJ0I9Q6Fmde518BRPo7SrWZBaqHBz/QL3jybAFh6f9o/GIxowzUp +QpQxLAOpiDMrz4taHjaOqa0wHxQuOoHrwkiX5I5MY49RwhJMWxe9tRgm0pI1Brs6 +QBuyOjWlIXcVtCqmiZ9UfHMh8OCrREbmwgrtyCJ5rQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem b/pki/testdata/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000000..c661a13283 --- /dev/null +++ b/pki/testdata/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (768 bit) + Modulus: + 00:c3:4d:cf:b1:46:75:00:21:75:d4:6b:10:dd:a8: + 51:9e:90:ea:3a:5f:58:b5:23:a4:d9:30:bc:cb:08: + 31:bc:2d:88:64:37:56:67:f8:4b:c5:0f:9f:49:11: + bd:d7:c1:9e:07:46:cb:3b:fa:70:7a:7d:6f:51:3c: + 10:81:33:f8:59:98:ed:81:1c:5a:bd:6b:ee:71:97: + c8:0f:c7:a7:9a:d5:e0:3c:fb:ee:3a:0c:7f:69:63: + 61:cf:e2:de:44:b1:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 9B:F2:E7:0F:32:A4:54:B7:06:99:EC:CF:8B:5F:E1:BE:E7:09:32:8C + X509v3 Authority Key Identifier: + keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 4f:8d:a9:be:61:eb:90:8f:59:29:fe:15:40:1d:2d:27:0b:74: + 84:c0:0b:d6:c0:2a:23:bb:ed:4f:4d:8e:fa:f9:3e:8c:6d:c0: + ba:41:0c:b0:77:c8:eb:b5:72:ac:3e:42:07:f2:a5:8e:98:81: + 82:91:d2:80:63:5c:32:fb:4c:45:8f:70:d2:52:07:26:9a:3f: + 28:40:10:4d:71:28:eb:78:03:d1:ed:1e:14:c4:fd:74:49:4a: + 37:ad:59:e6:29:ef:bc:ae:8a:e1:8d:24:7c:34:7b:63:d4:53: + 6f:68:f7:08:b3:fe:d3:a1:05:d6:44:d2:37:fe:98:83:3d:15: + 70:a7:c6:d2:05:ea:72:21:eb:46:3f:3a:d8:6f:0e:7d:7d:75: + fc:ad:59:7c:28:d3:98:4b:ae:7b:d5:2e:b9:9c:ab:c5:ca:98: + 13:bd:1a:0d:63:9c:74:a6:f1:2e:16:2d:ba:b6:71:3e:22:6f: + b5:b9:e4:63:c4:c3:98:1d:31:76:ef:18:48:52:16:d1:8a:89: + 5f:a6:25:d6:c0:58:05:0d:57:6d:fa:03:54:87:ae:3f:d5:f0: + a0:a2:30:e1:67:da:09:5c:8b:43:14:6a:b8:31:43:c9:7f:1f: + 7b:73:3e:52:b2:d5:a7:cf:ce:ea:e8:88:ea:4c:0c:d3:41:7c: + c2:66:d6:3c +-----BEGIN CERTIFICATE----- +MIIC3DCCAcSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAw03PsUZ1ACF11GsQ +3ahRnpDqOl9YtSOk2TC8ywgxvC2IZDdWZ/hLxQ+fSRG918GeB0bLO/pwen1vUTwQ +gTP4WZjtgRxavWvucZfID8enmtXgPPvuOgx/aWNhz+LeRLHXAgMBAAGjgYAwfjAM +BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSb8ucPMqRUtwaZ7M+LX+G+5wkyjDAfBgNV +HSMEGDAWgBRcwnF2wSaxDDFzyJLTHgESS8xaFDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA +T42pvmHrkI9ZKf4VQB0tJwt0hMAL1sAqI7vtT02O+vk+jG3AukEMsHfI67VyrD5C +B/KljpiBgpHSgGNcMvtMRY9w0lIHJpo/KEAQTXEo63gD0e0eFMT9dElKN61Z5inv +vK6K4Y0kfDR7Y9RTb2j3CLP+06EF1kTSN/6Ygz0VcKfG0gXqciHrRj862G8OfX11 +/K1ZfCjTmEuue9UuuZyrxcqYE70aDWOcdKbxLhYturZxPiJvtbnkY8TDmB0xdu8Y +SFIW0YqJX6Yl1sBYBQ1XbfoDVIeuP9XwoKIw4WfaCVyLQxRquDFDyX8fe3M+UrLV +p8/O6uiI6kwM00F8wmbWPA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem b/pki/testdata/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000000..f9af743b7d --- /dev/null +++ b/pki/testdata/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,55 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (768 bit) + Modulus: + 00:b8:74:88:ef:f9:04:6b:00:fc:af:a5:c7:f2:10: + 0d:be:09:a7:f7:07:4a:a9:08:6d:99:84:84:41:c4: + cc:85:18:a2:c2:2c:ab:91:79:ed:05:42:e7:d2:8c: + b6:2e:19:80:b2:13:4e:fb:eb:8b:96:58:82:0d:02: + c5:9a:0f:54:f5:d5:61:04:6f:f2:8c:e3:48:b6:b6: + c1:28:43:60:0a:5b:ae:fb:8c:82:ca:ae:8a:51:b4: + 58:58:44:84:92:ea:63 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + D4:57:45:F6:6C:FA:DE:15:8B:2A:A1:D2:B1:2B:3F:5C:D3:8E:FA:3A + X509v3 Authority Key Identifier: + keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + c5:bc:64:9f:b6:c6:f5:d6:e8:cf:46:7b:bc:52:ae:6b:54:97: + ce:05:8d:94:81:a9:cb:4f:8d:9e:45:43:22:0a:54:8a:8f:eb: + 97:10:cf:c1:44:22:b7:e8:e0:a8:d2:ab:1c:be:eb:b8:b2:b1: + 36:10:62:d8:a4:4e:db:3b:1c:d3:0e:b2:03:ae:34:04:54:f0: + ea:2f:0b:e8:45:1d:14:af:8f:be:53:fd:9c:b4:32:92:2f:4a: + d3:3e:53:e1:c1:fc +-----BEGIN CERTIFICATE----- +MIICOTCCAcOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg +cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy +MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQC4dIjv+QRrAPyvpcfy +EA2+Caf3B0qpCG2ZhIRBxMyFGKLCLKuRee0FQufSjLYuGYCyE07764uWWIINAsWa +D1T11WEEb/KM40i2tsEoQ2AKW677jILKropRtFhYRISS6mMCAwEAAaOBgDB+MAwG +A1UdEwEB/wQCMAAwHQYDVR0OBBYEFNRXRfZs+t4Viyqh0rErP1zTjvo6MB8GA1Ud +IwQYMBaAFJ7jp4OwWW+Rn8fVNGFKGrNmx0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA2EAxbxk +n7bG9dboz0Z7vFKua1SXzgWNlIGpy0+NnkVDIgpUio/rlxDPwUQit+jgqNKrHL7r +uLKxNhBi2KRO2zsc0w6yA640BFTw6i8L6EUdFK+PvlP9nLQyki9K0z5T4cH8 +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/pki/testdata/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000000..f7b3887048 --- /dev/null +++ b/pki/testdata/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (768 bit) + Modulus: + 00:c4:7b:c8:e7:66:93:0b:ef:8d:13:38:7a:cb:2b: + d3:c5:6a:69:06:c6:66:fd:ed:f3:ae:38:ef:4f:81: + 84:79:08:93:6d:65:c3:ce:dc:17:23:7c:19:31:ea: + 97:ef:54:d7:46:2d:9c:f1:da:94:eb:5b:7b:98:eb: + ed:51:b8:a9:5e:50:6e:d6:2e:48:25:de:5f:26:6b: + dd:a5:a5:99:8c:af:15:a8:db:a7:9e:32:ba:c6:2c: + 17:52:59:27:29:67:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 36:C8:ED:4D:53:9C:76:E1:7D:E1:84:A4:DA:DF:AD:6D:68:D0:B3:86 + X509v3 Authority Key Identifier: + keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:12:3c:ec:48:76:df:9f:27:f2:73:60:05:9d:c0: + 24:0d:16:5e:33:43:bb:69:58:4b:c4:1c:0a:7a:e9:44:91:e8: + 02:21:00:f5:98:73:6a:f3:93:47:a8:89:99:d4:61:41:37:d6: + 09:e8:4f:a9:e3:72:eb:b4:0a:75:d7:c5:35:5b:8f:90:19 +-----BEGIN CERTIFICATE----- +MIICIzCCAcmgAwIBAgIBATAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1 +NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX +DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ +BgNVBAMMCTEyNy4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQDEe8jnZpML +740TOHrLK9PFamkGxmb97fOuOO9PgYR5CJNtZcPO3BcjfBkx6pfvVNdGLZzx2pTr +W3uY6+1RuKleUG7WLkgl3l8ma92lpZmMrxWo26eeMrrGLBdSWScpZ20CAwEAAaOB +gDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDbI7U1TnHbhfeGEpNrfrW1o0LOG +MB8GA1UdIwQYMBaAFA1rttfdf81OrQZrIuERCFgQqxYqMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0gA +MEUCIBI87Eh2358n8nNgBZ3AJA0WXjNDu2lYS8QcCnrpRJHoAiEA9ZhzavOTR6iJ +mdRhQTfWCehPqeNy67QKddfFNVuPkBk= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/768-rsa-intermediate.pem b/pki/testdata/ssl/certificates/768-rsa-intermediate.pem new file mode 100644 index 0000000000..6d4a98c310 --- /dev/null +++ b/pki/testdata/ssl/certificates/768-rsa-intermediate.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: CN=768 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (768 bit) + Modulus: + 00:c6:10:85:d9:ce:e4:cf:8a:1c:1e:51:62:dc:5e: + f4:0f:7a:25:67:90:e5:45:12:29:55:b0:b7:c0:b0: + 1b:37:33:02:5d:17:eb:44:bb:43:23:5f:c9:06:86: + 3f:e6:b1:71:76:0b:e1:42:0f:ac:98:e3:12:2a:b4: + 15:34:b8:dd:e8:2a:35:3f:62:d0:af:54:b7:e8:e5: + 3d:70:f9:fd:61:68:60:52:7b:15:b3:c5:17:75:0c: + a3:bb:df:b7:ca:8e:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 29:62:c0:b7:c7:f2:25:3e:62:fe:ca:3d:46:40:25:ad:df:43: + 0d:4f:ee:7f:15:e7:ab:12:45:34:8a:e4:32:a7:4a:33:b8:ab: + 36:06:69:c5:4f:5a:29:05:5f:aa:11:61:16:cd:ba:18:b0:3c: + e5:0b:b7:75:07:b0:8d:46:01:19:2f:18:e1:91:f6:94:45:05: + 8b:ce:18:b1:b0:5b:19:fa:57:f2:ea:24:f7:6e:75:af:2b:4d: + 7c:c2:d0:2e:46:74:b9:de:fe:4a:b0:dd:29:74:ba:27:c9:45: + 01:55:65:d4:5b:61:b3:ce:95:8d:7c:73:84:21:50:20:b1:ac: + 98:0b:d7:c8:61:82:f1:d7:86:6c:cb:da:b4:ef:92:3e:83:90: + c4:5e:f3:1a:23:e3:8f:1e:75:d6:58:66:10:05:3c:9b:22:47: + 01:36:8e:4f:62:19:66:f2:ed:9c:50:f0:28:78:f5:21:ea:b1: + 6a:d7:7e:d8:24:4e:5e:be:51:3a:8d:1c:b3:d0:97:d0:a6:0a: + db:fa:19:0a:b4:ed:bd:22:d0:3f:91:f0:e8:4a:12:82:d1:6d: + 44:1a:26:ed:2e:aa:af:55:64:c9:bf:d3:0a:81:c2:34:54:5d: + 32:05:50:50:ea:fe:d8:52:04:5f:08:17:b2:f1:d6:90:87:15: + e0:c6:7c:c1 +-----BEGIN CERTIFICATE----- +MIICXDCCAUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx +WjAnMSUwIwYDVQQDDBw3NjggcnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMHwwDQYJ +KoZIhvcNAQEBBQADawAwaAJhAMYQhdnO5M+KHB5RYtxe9A96JWeQ5UUSKVWwt8Cw +GzczAl0X60S7QyNfyQaGP+axcXYL4UIPrJjjEiq0FTS43egqNT9i0K9Ut+jlPXD5 +/WFoYFJ7FbPFF3UMo7vft8qOCQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0G +A1UdDgQWBBSe46eDsFlvkZ/H1TRhShqzZsdEoDAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBACliwLfH8iU+Yv7KPUZAJa3fQw1P7n8V56sSRTSK5DKn +SjO4qzYGacVPWikFX6oRYRbNuhiwPOULt3UHsI1GARkvGOGR9pRFBYvOGLGwWxn6 +V/LqJPduda8rTXzC0C5GdLne/kqw3Sl0uifJRQFVZdRbYbPOlY18c4QhUCCxrJgL +18hhgvHXhmzL2rTvkj6DkMRe8xoj448eddZYZhAFPJsiRwE2jk9iGWby7ZxQ8Ch4 +9SHqsWrXftgkTl6+UTqNHLPQl9CmCtv6GQq07b0i0D+R8OhKEoLRbUQaJu0uqq9V +ZMm/0wqBwjRUXTIFUFDq/thSBF8IF7Lx1pCHFeDGfME= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/825_days_1_second_after_2018_03_01.pem b/pki/testdata/ssl/certificates/825_days_1_second_after_2018_03_01.pem new file mode 100644 index 0000000000..11d7cd7b3c --- /dev/null +++ b/pki/testdata/ssl/certificates/825_days_1_second_after_2018_03_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Mar 2 00:00:00 2018 GMT + Not After : Jun 4 00:00:01 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a1:4f:d4:c4:81:eb:6b:72:1f:2c:7c:77:49:e6: + c8:29:76:f1:2a:36:d6:0c:dd:80:ed:07:83:bd:ff: + 76:de:d6:79:9b:ff:0f:6d:24:e3:cd:17:4d:ba:82: + e9:2d:37:bf:ec:78:b4:7d:b4:6d:d1:af:84:40:ea: + 50:a6:87:c3:4c:1c:11:f3:c9:54:f1:d9:d7:8a:4b: + a4:82:28:55:e4:b5:8a:fb:cb:c7:fa:da:07:d4:fd: + f9:3a:94:ab:89:cc:e1:22:ba:12:93:78:a3:dc:6d: + be:06:f7:b1:25:29:fe:0e:9f:37:08:35:5a:09:9f: + 4f:3e:27:b4:b9:d7:ec:10:74:c8:fe:a3:b3:97:1d: + 29:c2:33:eb:90:de:55:2e:77:ee:9f:60:c9:c9:1d: + 2a:eb:71:24:8c:fe:75:f6:88:d9:8a:00:4f:b6:9c: + 65:c1:8e:36:39:a4:c4:37:f3:fa:b3:5b:db:50:39: + 0d:8f:0b:c9:33:e2:bb:10:5c:11:3a:8a:aa:aa:16: + 22:f4:fe:ba:6d:ee:da:66:d9:6a:e3:b0:0b:79:78: + 06:5d:b7:60:9c:30:07:94:3d:45:d5:9e:95:14:49: + d0:b6:c1:4c:e6:5e:81:48:3e:eb:22:9d:e8:86:d1: + 5e:69:7b:43:8a:e7:05:93:f5:ad:c0:3d:63:c4:70: + d0:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + A6:14:80:2C:A5:12:49:3A:D8:66:20:1C:05:B8:44:46:E2:C0:80:12 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 18:c9:d9:fd:1f:2c:5c:c8:1d:d7:02:7f:b7:a9:52:3c:b4:46: + e6:80:aa:0c:95:3c:1e:8c:84:63:f9:37:3d:5e:c1:f3:f5:78: + 01:16:3e:fe:ef:6f:bc:38:a4:5b:28:b1:62:5d:8b:fc:68:e4: + 00:c2:b3:cc:4f:e0:6e:3e:6e:01:ee:47:5d:ec:04:a0:cf:ac: + 00:13:72:d1:5e:8c:a1:d8:14:9f:0a:9d:fd:91:76:40:0c:b5: + fb:a5:ad:d1:17:a8:cc:5a:79:dc:0d:65:4d:61:8d:1f:c1:99: + 08:db:23:d1:6d:48:21:19:15:56:91:32:eb:a9:11:3e:91:46: + 2d:1e:9a:af:f5:49:ae:d0:2a:19:55:51:3f:4a:a7:06:e2:d3: + b7:41:61:88:22:69:0a:1e:1e:d4:95:d7:53:5b:72:66:d0:08: + 48:26:bd:12:0f:29:34:57:9b:3a:0e:75:87:74:1d:f4:71:36: + 6c:cf:ae:2d:34:bc:a5:25:d3:07:d1:0f:60:85:e8:9c:23:fd: + 3c:6f:8a:b3:44:71:af:e8:5f:8c:a7:3c:bf:69:e8:7e:bf:0b: + 30:17:b7:78:55:e8:b0:a8:0a:6c:7b:f6:e4:95:b9:9d:d3:0e: + 6f:c6:18:da:d9:3b:67:ab:7b:dc:31:6f:96:ee:23:94:e0:87: + 40:73:c0:51 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnwwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xODAzMDIwMDAwMDBaFw0yMDA2MDQwMDAwMDFaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChT9TEgetrch8sfHdJ5sgpdvEqNtYM3YDt +B4O9/3be1nmb/w9tJOPNF026guktN7/seLR9tG3Rr4RA6lCmh8NMHBHzyVTx2deK +S6SCKFXktYr7y8f62gfU/fk6lKuJzOEiuhKTeKPcbb4G97ElKf4OnzcINVoJn08+ +J7S51+wQdMj+o7OXHSnCM+uQ3lUud+6fYMnJHSrrcSSM/nX2iNmKAE+2nGXBjjY5 +pMQ38/qzW9tQOQ2PC8kz4rsQXBE6iqqqFiL0/rpt7tpm2WrjsAt5eAZdt2CcMAeU +PUXVnpUUSdC2wUzmXoFIPusineiG0V5pe0OK5wWT9a3APWPEcNAZAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSmFIAspRJJOthmIBwFuERG4sCAEjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAGMnZ/R8sXMgd1wJ/t6lSPLRG5oCqDJU8HoyEY/k3PV7B8/V4ARY+/u9vvDik +WyixYl2L/GjkAMKzzE/gbj5uAe5HXewEoM+sABNy0V6ModgUnwqd/ZF2QAy1+6Wt +0ReozFp53A1lTWGNH8GZCNsj0W1IIRkVVpEy66kRPpFGLR6ar/VJrtAqGVVRP0qn +BuLTt0FhiCJpCh4e1JXXU1tyZtAISCa9Eg8pNFebOg51h3Qd9HE2bM+uLTS8pSXT +B9EPYIXonCP9PG+Ks0Rxr+hfjKc8v2nofr8LMBe3eFXosKgKbHv25JW5ndMOb8YY +2tk7Z6t73DFvlu4jlOCHQHPAUQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/825_days_after_2018_03_01.pem b/pki/testdata/ssl/certificates/825_days_after_2018_03_01.pem new file mode 100644 index 0000000000..3d15cfc060 --- /dev/null +++ b/pki/testdata/ssl/certificates/825_days_after_2018_03_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7b + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Mar 2 00:00:00 2018 GMT + Not After : Jun 4 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9a:39:94:e3:67:d8:e3:a9:27:4d:88:89:70:99: + fd:9d:b8:a3:d5:6a:ff:f4:f0:6b:76:4f:d5:b1:a3: + 6c:9d:10:c1:e6:6c:ac:2e:71:86:b2:e3:91:25:d7: + 7e:f0:32:55:a4:b5:e2:f8:ac:d2:69:cb:c9:6e:25: + 12:32:f8:82:5a:8e:2d:46:30:c2:6c:d9:8e:cb:4c: + 69:1e:e8:c2:1e:8f:94:76:76:6a:c6:8c:a5:e7:b8: + 8e:79:e5:4b:6a:b1:98:cc:2f:2b:ba:35:6f:63:65: + 23:1c:6e:c3:9a:65:7f:fa:1e:6e:fe:a0:7d:8f:10: + 40:b7:30:1e:2e:41:0e:be:3b:8e:1f:ed:da:29:c0: + 44:63:10:e7:0f:b1:ed:7b:e9:0e:b7:2d:a0:ec:83: + 19:8e:a4:de:e5:2e:24:f8:4b:b8:92:63:37:ab:67: + d7:69:1c:8a:de:1c:d5:e4:59:42:b7:d8:ea:54:64: + cc:28:14:47:f6:a4:84:f1:7a:a4:9c:26:a1:95:4f: + 29:6e:c4:06:6c:b2:4e:9a:c5:ca:c7:ff:e9:6a:d9: + bb:95:0c:9b:5e:d1:cf:d2:0c:fc:1c:6a:f5:bb:46: + f5:e5:67:4f:2b:f8:a3:3e:3c:74:3c:cf:a8:a1:2d: + 53:ba:82:e3:f6:67:4c:44:71:1a:79:ff:91:40:41: + c7:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 21:4C:BB:C1:C9:E7:EC:9E:70:89:0F:F4:C5:25:86:86:B0:C8:31:B7 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 68:f9:e3:09:b5:35:6d:e8:fe:00:c8:92:6a:9c:16:c8:99:d4: + ba:bc:14:89:6c:a9:40:33:0e:33:f8:15:73:62:19:03:37:a1: + e0:af:ba:d2:9b:06:f9:33:16:c0:38:a8:40:2f:1d:8e:04:55: + 2d:3b:ae:7b:a2:91:9b:50:eb:fa:83:42:ec:ba:9a:7e:54:28: + 4b:95:5e:9d:64:c5:79:59:34:77:c7:d4:e4:c5:65:07:f0:63: + 36:c7:7a:2c:ee:00:75:63:e0:eb:5f:af:5c:41:f3:11:80:63: + 81:85:53:df:72:22:fc:4c:b8:c8:99:dc:86:e3:1e:b6:a9:37: + de:c9:df:23:30:2b:f3:d8:48:50:ae:40:3f:5a:92:83:64:03: + 41:b9:f7:43:ad:2e:2f:be:7f:60:98:af:92:65:7c:7a:05:6a: + bd:0a:7d:c4:83:1c:a5:8b:6a:18:c5:17:8c:2d:41:d7:97:29: + e3:5c:79:07:9d:11:43:c5:09:a5:fa:48:9b:be:39:41:7b:34: + 97:40:e3:84:8b:c7:bb:24:b5:9a:38:47:ca:43:56:ad:52:25: + 22:a8:aa:2e:64:26:a1:71:cf:0b:f0:47:d9:07:f4:cc:16:99: + b8:17:23:ea:d3:ad:e6:6e:08:e5:85:04:0c:c3:46:66:80:ec: + 28:cf:e1:db +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnswDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xODAzMDIwMDAwMDBaFw0yMDA2MDQwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaOZTjZ9jjqSdNiIlwmf2duKPVav/08Gt2 +T9Wxo2ydEMHmbKwucYay45El137wMlWkteL4rNJpy8luJRIy+IJaji1GMMJs2Y7L +TGke6MIej5R2dmrGjKXnuI555UtqsZjMLyu6NW9jZSMcbsOaZX/6Hm7+oH2PEEC3 +MB4uQQ6+O44f7dopwERjEOcPse176Q63LaDsgxmOpN7lLiT4S7iSYzerZ9dpHIre +HNXkWUK32OpUZMwoFEf2pITxeqScJqGVTyluxAZssk6axcrH/+lq2buVDJte0c/S +DPwcavW7RvXlZ08r+KM+PHQ8z6ihLVO6guP2Z0xEcRp5/5FAQcdDAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQhTLvByefsnnCJD/TFJYaGsMgxtzAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAaPnjCbU1bej+AMiSapwWyJnUurwUiWypQDMOM/gVc2IZAzeh4K+60psG+TMW +wDioQC8djgRVLTuue6KRm1Dr+oNC7LqaflQoS5VenWTFeVk0d8fU5MVlB/BjNsd6 +LO4AdWPg61+vXEHzEYBjgYVT33Ii/Ey4yJnchuMetqk33snfIzAr89hIUK5AP1qS +g2QDQbn3Q60uL75/YJivkmV8egVqvQp9xIMcpYtqGMUXjC1B15cp41x5B50RQ8UJ +pfpIm745QXs0l0DjhIvHuyS1mjhHykNWrVIlIqiqLmQmoXHPC/BH2Qf0zBaZuBcj +6tOt5m4I5YUEDMNGZoDsKM/h2w== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/826_days_after_2018_03_01.pem b/pki/testdata/ssl/certificates/826_days_after_2018_03_01.pem new file mode 100644 index 0000000000..1fb6bbdf0e --- /dev/null +++ b/pki/testdata/ssl/certificates/826_days_after_2018_03_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Mar 2 00:00:00 2018 GMT + Not After : Jun 5 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:48:5e:83:86:48:ec:31:7d:cc:2c:20:88:c3: + 5e:36:b5:bd:ba:4a:ed:1b:08:4c:30:4f:7c:f0:db: + 7f:c8:8a:31:ee:b5:58:18:8f:05:f5:85:fd:e0:e0: + 9c:3a:40:de:45:31:5f:94:1a:f7:67:26:9d:21:94: + 1f:73:96:30:0e:91:0c:96:2e:3f:40:9c:40:76:8e: + 27:de:23:24:a9:9f:6e:69:30:22:a7:62:ee:0f:72: + 5a:bb:1a:08:c8:49:f0:5b:53:e2:6a:e6:3e:5a:88: + 73:6d:03:c2:ec:43:8f:f2:dd:30:5f:b3:69:e6:7d: + 21:0c:a4:50:0a:78:3d:ba:2f:9f:dc:eb:a9:74:40: + 54:46:ef:c7:49:fc:24:25:ee:e9:18:3a:0d:37:86: + 90:5c:19:2b:17:4c:93:d2:11:45:78:20:c5:2b:ac: + 8c:23:d9:fe:2a:a5:3d:72:f0:a8:0d:29:76:23:73: + a8:a7:c8:ed:e1:52:4c:b9:ba:0a:ce:e5:07:e2:30: + 26:d2:07:8d:27:02:08:bd:41:6a:0f:bf:3f:43:11: + fa:17:01:0e:b1:b0:7b:df:8a:63:3d:59:41:6e:0f: + f5:53:cb:f9:be:ac:c4:a6:c3:6a:19:0b:36:38:ce: + 34:e3:9f:36:de:ed:bd:4a:d7:75:34:2a:b6:ed:53: + 7b:5d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 56:75:5B:1E:72:EB:8C:14:EE:D6:78:E4:67:7B:7D:2D:D0:8F:6D:A1 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3c:6f:26:8e:d6:8c:6b:01:bf:b0:8c:fc:06:9f:8c:b7:03:50: + 6d:45:42:de:e7:d0:a0:75:f2:b8:7e:12:13:96:9c:27:c1:ee: + 6e:b3:48:23:5b:1b:51:45:e7:89:71:62:de:4c:df:66:d3:81: + 87:64:72:55:d3:ec:da:3d:bb:5c:92:8a:1f:73:fa:5b:bb:b8: + 83:a9:52:b2:ce:4a:f7:19:68:f5:df:2b:cd:47:07:b7:75:4f: + 68:15:63:db:25:d3:6a:80:48:92:f2:e2:d4:9f:ae:73:86:c6: + 85:c9:35:66:65:8e:c4:b2:79:ea:64:ca:d2:d3:73:09:b9:22: + d5:b7:2a:28:d9:82:e4:85:cb:c8:82:1b:6c:95:80:62:18:21: + a7:2d:ae:8f:06:09:80:10:24:48:e0:2a:d5:4d:62:00:3e:ed: + 2c:7c:1e:9d:80:84:b1:de:3a:ab:95:78:b3:65:3a:1d:16:4f: + 82:b1:63:96:4c:75:3e:2a:0c:26:fc:60:fd:4c:b0:06:36:9a: + 1d:47:4a:51:47:b0:19:3c:79:f5:93:97:24:61:79:91:fe:7e: + 72:c6:cb:0a:74:00:a5:d2:ad:b8:bd:b3:45:0d:80:65:53:e5: + 90:98:14:d2:4b:b3:70:e1:96:c2:bf:7a:1b:66:ce:d4:e7:ae: + 8c:51:bc:c6 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnowDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xODAzMDIwMDAwMDBaFw0yMDA2MDUwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGSF6DhkjsMX3MLCCIw142tb26Su0bCEww +T3zw23/IijHutVgYjwX1hf3g4Jw6QN5FMV+UGvdnJp0hlB9zljAOkQyWLj9AnEB2 +jifeIySpn25pMCKnYu4Pclq7GgjISfBbU+Jq5j5aiHNtA8LsQ4/y3TBfs2nmfSEM +pFAKeD26L5/c66l0QFRG78dJ/CQl7ukYOg03hpBcGSsXTJPSEUV4IMUrrIwj2f4q +pT1y8KgNKXYjc6inyO3hUky5ugrO5QfiMCbSB40nAgi9QWoPvz9DEfoXAQ6xsHvf +imM9WUFuD/VTy/m+rMSmw2oZCzY4zjTjnzbe7b1K13U0KrbtU3tdAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRWdVsecuuMFO7WeORne30t0I9toTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAPG8mjtaMawG/sIz8Bp+MtwNQbUVC3ufQoHXyuH4SE5acJ8HubrNII1sbUUXn +iXFi3kzfZtOBh2RyVdPs2j27XJKKH3P6W7u4g6lSss5K9xlo9d8rzUcHt3VPaBVj +2yXTaoBIkvLi1J+uc4bGhck1ZmWOxLJ56mTK0tNzCbki1bcqKNmC5IXLyIIbbJWA +Yhghpy2ujwYJgBAkSOAq1U1iAD7tLHwenYCEsd46q5V4s2U6HRZPgrFjlkx1PioM +Jvxg/UywBjaaHUdKUUewGTx59ZOXJGF5kf5+csbLCnQApdKtuL2zRQ2AZVPlkJgU +0kuzcOGWwr96G2bO1OeujFG8xg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/900_days_after_2019_07_01.pem b/pki/testdata/ssl/certificates/900_days_after_2019_07_01.pem new file mode 100644 index 0000000000..b2ab8c6775 --- /dev/null +++ b/pki/testdata/ssl/certificates/900_days_after_2019_07_01.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:86 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:31 2022 GMT + Not After : Mar 21 17:20:31 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c5:28:61:1e:94:d2:ed:5e:b3:fb:6c:35:e1:c5: + 1c:bb:78:67:d7:11:55:1c:38:db:67:4d:84:fa:39: + 73:81:ff:73:e4:10:a5:df:f4:21:43:14:c8:9f:4e: + f0:a7:45:82:2b:2c:79:34:df:db:3c:d0:07:fd:33: + eb:8a:be:49:dd:cf:22:7f:11:37:3f:3c:e3:be:fb: + ba:a0:b1:45:b4:bd:7c:d9:5b:7b:58:75:3e:fc:b8: + 9f:44:4f:cf:97:bf:70:1c:42:8b:1c:77:07:1e:5f: + 47:a8:78:5b:9f:0b:60:db:9b:58:63:81:db:1a:f1: + 37:bb:de:91:09:05:b0:3b:f2:e4:d9:a6:62:4b:ac: + 29:91:6e:04:c9:3d:85:8f:57:d6:d9:b6:be:fe:7a: + c8:e6:40:89:99:a4:c7:58:94:75:59:03:d8:bc:b1: + 8e:f0:d2:34:d7:c0:15:63:5c:bd:00:68:c1:2b:f4: + a6:c4:0d:94:df:38:cb:22:75:0c:2a:82:23:0e:13: + 82:76:bb:ff:73:66:c8:9c:b7:55:92:68:a4:04:73: + 92:ac:69:9c:3c:69:29:19:ad:57:e4:a9:59:c5:5d: + eb:ca:ba:6c:e2:86:01:6b:5c:ae:dc:35:c7:37:67: + 19:67:ee:37:f1:41:98:bd:02:54:87:f6:0a:c0:fd: + 82:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 84:86:46:35:36:B9:69:FE:CE:F1:0D:AF:A7:AE:1B:7E:07:F4:D5:38 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4c:83:4a:91:36:3f:73:ff:1d:38:3e:9e:fb:44:87:42:80:82: + 2c:d9:3a:d7:4f:d9:a6:21:19:24:b5:b7:b8:42:71:23:2a:c8: + 81:17:28:95:95:c3:9f:72:b4:5d:c8:6e:6c:91:73:1a:88:68: + bd:d3:67:6c:72:97:fd:48:0f:2a:8c:06:8a:ed:ac:e2:a6:b2: + d4:e9:73:65:4f:71:f6:d8:62:a5:68:2d:2e:86:8e:ff:da:df: + ee:4b:bb:0e:50:89:a4:9d:27:62:fd:90:16:89:e9:12:7b:df: + a2:71:87:6e:99:28:3c:07:b7:81:86:73:7d:93:a0:3c:f0:a5: + e3:60:55:e0:0f:9f:c0:08:ad:ef:02:9a:ec:b5:ed:2b:e7:cd: + ec:c3:59:2b:20:24:05:da:f8:fd:97:67:27:bd:7d:58:ac:e4: + dd:1a:c0:28:9e:1a:4d:57:88:f2:39:bc:92:6a:43:75:4d:fd: + 59:9a:d9:f5:1c:49:57:ec:07:66:b2:06:e0:97:dc:44:fa:19: + 6f:3a:84:f7:ff:7a:c7:e7:2e:37:60:4a:23:fc:ef:00:98:4c: + 2b:d2:a1:8c:35:d3:d8:5a:2f:6e:f6:69:5c:f7:55:f1:49:f1: + e7:d4:9c:db:7c:6f:48:0d:5b:7a:1a:0d:6f:83:de:fd:29:d1: + d5:79:fc:c7 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwoYwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMzFaFw0yNTAzMjExNzIwMzFaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFKGEelNLtXrP7bDXhxRy7eGfXEVUcONtn +TYT6OXOB/3PkEKXf9CFDFMifTvCnRYIrLHk039s80Af9M+uKvkndzyJ/ETc/POO+ ++7qgsUW0vXzZW3tYdT78uJ9ET8+Xv3AcQoscdwceX0eoeFufC2Dbm1hjgdsa8Te7 +3pEJBbA78uTZpmJLrCmRbgTJPYWPV9bZtr7+esjmQImZpMdYlHVZA9i8sY7w0jTX +wBVjXL0AaMEr9KbEDZTfOMsidQwqgiMOE4J2u/9zZsict1WSaKQEc5KsaZw8aSkZ +rVfkqVnFXevKumzihgFrXK7cNcc3Zxln7jfxQZi9AlSH9grA/YKbAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSEhkY1Nrlp/s7xDa+nrht+B/TVODAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEATINKkTY/c/8dOD6e+0SHQoCCLNk610/ZpiEZJLW3uEJxIyrIgRcolZXDn3K0 +XchubJFzGohovdNnbHKX/UgPKowGiu2s4qay1OlzZU9x9thipWgtLoaO/9rf7ku7 +DlCJpJ0nYv2QFonpEnvfonGHbpkoPAe3gYZzfZOgPPCl42BV4A+fwAit7wKa7LXt +K+fN7MNZKyAkBdr4/ZdnJ719WKzk3RrAKJ4aTVeI8jm8kmpDdU39WZrZ9RxJV+wH +ZrIG4JfcRPoZbzqE9/96x+cuN2BKI/zvAJhMK9KhjDXT2FovbvZpXPdV8Unx59Sc +23xvSA1behoNb4Pe/SnR1Xn8xw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/BUILD.gn b/pki/testdata/ssl/certificates/BUILD.gn new file mode 100644 index 0000000000..c0855965f3 --- /dev/null +++ b/pki/testdata/ssl/certificates/BUILD.gn @@ -0,0 +1,13 @@ +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +action_foreach("generate_fuzzer_cert_includes") { + script = "//net/data/ssl/scripts/generate-fuzzer-cert-include.py" + sources = [ + "spdy_pooling.pem", + "wildcard.pem", + ] + outputs = [ "$target_gen_dir/{{source_name_part}}.inc" ] + args = [ "{{source}}" ] + rebase_path(outputs, root_build_dir) +} diff --git a/pki/testdata/ssl/certificates/README b/pki/testdata/ssl/certificates/README new file mode 100644 index 0000000000..c56b7e18ff --- /dev/null +++ b/pki/testdata/ssl/certificates/README @@ -0,0 +1,325 @@ +This directory contains various certificates for use with SSL-related +unit tests. + +===== Real-world certificates that need manual updating +- google.binary.p7b +- google.chain.pem +- google.pem_cert.p7b +- google.pem_pkcs7.p7b +- google.pkcs7.p7b +- google.single.der +- google.single.pem : Certificates for testing parsing of different formats. + +- mit.davidben.der : An expired MIT client certificate. + +- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity + created for testing. + +- google_diginotar.pem +- diginotar_public_ca_2025.pem : A certificate chain for the regression test + of http://crbug.com/94673 + +- salesforce_com_test.pem +- verisign_intermediate_ca_2011.pem +- verisign_intermediate_ca_2016.pem : Certificates for testing two + X509Certificate objects that contain the same server certificate but + different intermediate CA certificates. The two intermediate CA + certificates actually represent the same intermediate CA but have + different validity periods. + +- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. + This is an X.509 v1 certificate that omits the version field. Used to + test that the certificate version gets the default value v1. + +- ct-test-embedded-cert.pem +- ct-test-embedded-with-intermediate-chain.pem +- ct-test-embedded-with-intermediate-preca-chain.pem +- ct-test-embedded-with-preca-chain.pem + Test certificate chains for Certificate Transparency: Each of these + files contains a leaf certificate as the first certificate, which has + embedded SCTs, followed by the issuer certificates chain. + All files are from the src/test/testdada directory in + https://code.google.com/p/certificate-transparency/ + +- leaf_from_known_root.pem : A certificate issued by a public trust anchor, + used for CertVerifyProcInternalTest.TestKnownRoot. Using for other + purposes is not recommended. This needs to be updated periodically so the + server name the cert is valid for may change. + +- treadclimber.pem: A chain where the leaf does not contain embedded SCTs, + and which has a notBefore date after 2018/10/15. Expires 2020/02/07. +- treadclimber.sctlist: The TLS encoded SignedCertificateTimestampList for the + treadclimber.pem leaf certificate. +- lets-encrypt-dst-x3-root.pem: A chain that ends in the Lets encrypt DST X3 + root (https://crt.sh/?id=8395). Has the same leaf as + lets-encrypt-isrg-x1-root.pem. +- lets-encrypt-isrg-x1-root.pem: A chain that ends in the Lets encrypt ISRG X1 + root (https://crt.sh/?id=9314791). Has the same leaf as + lets-encrypt-dst-x3-root.pem. + +===== Manually generated certificates +- client.p12 : A PKCS #12 file containing a client certificate and a private + key created for testing. The password is "12345". + +- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same + as the one in client.p12) but no private key. The password is "12345". + +- client-empty-password.p12 : A PKCS #12 file containing an unencrypted client + certificate and a encrypted private key. The password is the empty string, + encoded as two zero bytes. (PKCS#12 passwords are encoded as + NUL-terminated UTF-16.) + +- client-null-password.p12 : A PKCS #12 file containing an unencrypted client + certificate and a encrypted private key. The password is the empty string, + encoded as the empty byte string. + +- unittest.selfsigned.der : A self-signed certificate generated using private + key in unittest.key.bin. The common name is "unittest". + +- unittest.key.bin : private key stored unencrypted. + +- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A + certificate with all of the AttributeTypeAndValues stored within a single + RelativeDistinguishedName, rather than one AVA per RDN as normally seen. + +- unescaped.pem : Regression test for http://crbug.com/102839. Contains + characters such as '=' and '"' that would normally be escaped when + converting a subject/issuer name to their stringized form. + +- websocket_cacert.pem : The testing root CA for testing WebSocket client + certificate authentication. + This file is used in SSLUITest.TestWSSClientCert. + +- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate + and a private key created for WebSocket testing. The password is "". + This file is used in SSLUITest.TestWSSClientCert. + +- no_subject_common_name_cert.pem: Used to test the function that generates a + NSS certificate nickname for a user certificate. This certificate's Subject + field doesn't have a common name. + +- ct-test-embedded-with-uids.pem: A certificate with embedded SCT and + issuer/subject unique IDs. This certificate should only be used in parsing + tests and otherwise kept fixed. The signature, etc., are intentionally + invalid. + +- name_constrained_key.pem + The private key matching the public_key_hash of the kDomainsTest constraint + in CertVerifyProc::HasNameConstraintsViolation. + +===== From net/data/ssl/scripts/generate-quic-chain.sh +- quic-chain.pem +- quic-leaf-cert.key +- quic-leaf-cert.key.pkcs8.pem +- quic-root.pem + These certificates are used by integration tests that use QUIC. + +- quic-leaf-cert.key.sct + This isn't generated and just contains a simple text file (the contents + don't actually matter, just the presence of the file). + +===== From net/data/ssl/scripts/generate-test-certs.sh +- expired_cert.pem +- ok_cert.pem +- root_ca_cert.pem + These certificates are the common certificates used by the Python test + server for simulating HTTPS connections. + +- intermediate_ca_cert.pem +- ok_cert_by_intermediate.pem + These certificates simulate a more common chain of root (root_ca_cert.pem) + to intermediate (intermediate_ca_cert.pem) to leaf + (ok_cert_by_intermediate.pem). + +- wildcard_.pem + A certificate and private key valid for *.example.org, used in various + net unit tests. + +- test_names.pem + A certificate and private key valid for a number of test names. See + [test_names] in ee.cnf. Other names may be added as needed. + +- bad_validity.pem + A certificate and private key only valid on 0001-01-01. Windows refuses to + parse this certificate. + +- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling + +- subjectAltName_sanity_check.pem : Used to test the handling of various types + within the subjectAltName extension of a certificate. + +- policies_sanity_check.pem : Used to test the parsing of various types of + certificatePolicies extension policyQualifiers. + +- punycodetest.pem : A test self-signed server certificate with punycode name. + The common name is "xn--wgv71a119e.com" (日本語.com) + +- sha1_2016.pem + Used to test the handling of SHA1 certificates expiring in 2016. + +- 10_year_validity.pem +- 11_year_validity.pem +- 39_months_after_2015_04.pem +- 40_months_after_2015_04.pem +- 60_months_after_2012_07.pem +- 61_months_after_2012_07.pem +- pre_br_validity_bad_121.pem +- pre_br_validity_bad_2020.pem +- pre_br_validity_ok.pem +- start_after_expiry.pem + Certs to test that the maximum validity durations set by the CA/Browser + Forum Baseline Requirements are enforced. + +- pre_june_2016.pem +- post_june_2016.pem +- dec_2017.pem + Certs to test that policies related to enforcing CT on Symantec are + properly gated on the issuance date. See + https://g.co/chrome/symantecpkicerts. (Note, however, that the leaf and + root do not actually form a chain.) + +- may_2018.pem + An 825-day certificate issued on May 1, 2018, the official start of + enforcement requiring Certificate Transparency for new certificates. This + certificate does not have any embedded SCTs. + +- x509_verify_results.chain.pem : A simple certificate chain used to test that + the correctly ordered, filtered certificate chain is returned during + verification, regardless of the order in which the intermediate/root CA + certificates are provided. + +- ev_test.pem +- ev_test_state_only.pem + Certificates for testing EV display (including regression test for + https://crbug.com/1069113). + +===== From net/data/ssl/scripts/generate-weak-test-chains.sh +- 2048-rsa-root.pem +- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem +- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- + {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem + Test certificates used to ensure that weak keys are detected and rejected + +===== From net/data/ssl/scripts/generate-cross-signed-certs.sh +- cross-signed-leaf.pem +- cross-signed-root-md5.pem +- cross-signed-root-sha256.pem + A certificate chain for regression testing http://crbug.com/108514 + +===== From net/data/ssl/scripts/generate-redundant-test-chains.sh +- redundant-validated-chain.pem +- redundant-server-chain.pem +- redundant-validated-chain-root.pem + + Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same + public key) to test that SSLInfo gets the reconstructed, re-ordered + chain instead of the chain as served. See + SSLClientSocketTest.VerifyReturnChainProperlyOrdered in + net/socket/ssl_client_socket_unittest.cc. These chains are valid until + 26 Feb 2022 and are generated by + net/data/ssl/scripts/generate-redundant-test-chains.sh. + +===== From net/data/ssl/scripts/generate-client-certificates.sh +- client_1.pem +- client_1.key +- client_1.pk8 +- client_1_ca.pem +- client_2.pem +- client_2.key +- client_2.pk8 +- client_2_ca.pem +- client_3.pem +- client_3.key +- client_3.pk8 +- client_3_ca.pem +- client_4.pem +- client_4.key +- client_4.pk8 +- client_4_ca.pem +- client_5.pem +- client_5.key +- client_5.pk8 +- client_5_ca.pem +- client_6.pem +- client_6.key +- client_6.pk8 +- client_6_ca.pem +- client_root_ca.pem + This is a set of files used to unit test SSL client certificate + authentication. + - client_1_ca.pem and client_2_ca.pem are the certificates of + two distinct signing CAs. + - client_1.pem and client_1.key correspond to the certificate and + private key for a first certificate signed by client_1_ca.pem. + - client_2.pem and client_2.key correspond to the certificate and + private key for a second certificate signed by client_2_ca.pem. + - each .pk8 file contains the same key as the corresponding .key file + as PKCS#8 PrivateKeyInfo in DER encoding. + - client_3.pem is nearly identical to client_2.pem, except it is used + to test wifi EAP-TLS authentication so it uses a different set + of X509v3 extensions. Specifically it includes two Subject + Alternative Name fields recognized by Chrome OS. + - client_4.pem is similar to client_2.pem but is a P-256 ECDSA key rather + than RSA. + - client_5.pem is similar to client_2.pem but is a P-384 ECDSA key rather + than RSA. + - client_6.pem is similar to client_2.pem but is a P-521 ECDSA key rather + than RSA. + - client_root_ca.pem is the CA certificate which signed client_*_ca.pem. + +===== From net/data/ssl/scripts/generate-bad-eku-certs.sh +- eku-test-root.pem +- non-crit-codeSigning-chain.pem +- crit-codeSigning-chain.pem + Two code-signing certificates (eKU: codeSigning; eKU: critical, + codeSigning) which we use to test that clients are making sure that web + server certs are checked for correct eKU fields (when an eKU field is + present). Since codeSigning is not valid for web server auth, the checks + should fail. + +===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh +- multi-root-chain1.pem +- multi-root-chain2.pem + Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the + same public key) to test that certificate validation caching does not + interfere with the chain_verify_callback used by CertVerifyProcChromeOS. + See CertVerifyProcChromeOSTest. + +===== From net/data/ssl/scripts/generate-multi-root-keychain.sh +- multi-root.keychain: An OSX Keychain containing the generated + certificates multi-root-*-by-*.pem + +===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh +- duplicate_cn_1.p12 +- duplicate_cn_1.pem +- duplicate_cn_2.p12 +- duplicate_cn_2.pem + Two certificates from the same issuer that share the same common name, + but have distinct subject names (namely, their O fields differ). NSS + requires that certificates have unique nicknames if they do not share the + same subject, and these certificates are used to test that the nickname + generation algorithm generates unique nicknames. + The .pem versions contain just the certs, while the .p12 versions contain + both the cert and a private key, since there are multiple ways to import + certificates into NSS. + +===== From net/data/ssl/scripts/generate-self-signed-certs.sh +- self-signed-invalid-name.pem +- self-signed-invalid-sig.pem + Two "self-signed" certificates with mismatched names or an invalid + signature, respectively. + +===== From net/data/ssl/scripts/generate-key-usage-certs.sh +- key_usage_rsa_no_extension.pem +- key_usage_rsa_keyencipherment.pem +- key_usage_rsa_digitalsignature.pem +- key_usage_rsa_both.pem + Self-signed RSA certificates with various combinations of keyUsage + flags. Their private key is key_usage_rsa.key. + +- key_usage_p256_no_extension.pem +- key_usage_p256_keyagreement.pem +- key_usage_p256_digitalsignature.pem +- key_usage_p256_both.pem + Self-signed P-256 certificates with various combinations of keyUsage + flags. Their private key is key_usage_p256.key. diff --git a/pki/testdata/ssl/certificates/bad_validity.pem b/pki/testdata/ssl/certificates/bad_validity.pem new file mode 100644 index 0000000000..4b17a76d2f --- /dev/null +++ b/pki/testdata/ssl/certificates/bad_validity.pem @@ -0,0 +1,112 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDgU/TzmMEUMwLI +pG3+qir3lD2mbwDfO95Mn6PqB9Ss5VsN0azg7fnFmB01LeWzSZcUhUQP3EzSZwiI +AaXYp+uT0Wqh91HnhH5SKn28bw7Y27amPt7c9aRolkQRhQLtRxLfuGBxlXtih2h6 +RFYJ1bTI8fbJRpKLaOiD1dWGcSPDgB6/bAHH0qS8QG3g48AuMHi9rd0lZtP1BwdW +187icsUlfQzhp28AqNqrS1RDCWSktlI4L7fMAd0cAycDR7/f5jew7RjcUQvUdSLf +UHs86zc5HJtvCHunBayMQ/fx2lEGs4JFPsiBc56wpc92lq+BLKwBKkpYSx2+/x+F +wife8XgLAgMBAAECggEAO0gUmHdKtvLQDoPdiYogtrKXJC97dILWuTsKzyLoohQu +XtWFMR/SfNQ5C7+oTxvocATTurlGF+ggigidckbV64dQ/aJlI6CQ3VfbSHu02bwe +ZYqBzLShkP382QBkiJ3asAKCgiG1rJEKHB2I+ypdjyjaRdB/k5XStFxDBDdL8zKe +kL1hytf1ALxYBQJ3TXcoIqlpzz6v+JnZTAuu4vrySfffyFTrytIwf/KGlBACBqXe +oV+DK586PiyC0m1Hhy1rLTi2/IT4t4j3KO+c/OnpWkMEg1G/Ojy1zPMsMHr1VO9t +UWxhEIYOLQVUOT+2ltO4bRJcgEPHSxlIY23qalJgqQKBgQD9oZwHPhLZg439Zr9O +Zgl5fFkPe4SxqLY+ggE5O81+3RgL8GyAuy9oDtUGcw8L9tpKcBflqH4jEvUvT1/m +8BGKIQteqcKbY0C+KfPvq77R4k2KqmxpKF5f4BS/9O7cgzJZwhSFKDLtcKtDIPUK +3eoERuPB4/cmhQyb+/TKofZpfwKBgQDibEm1+nYj3tIXDxK3hZHjPz0s9vYV84py +zg3HjuEmdacnhNPQQQpNG83RMjEnnBvHWH2vxRWyD+57r/FWeA60aUJo5WIP0rj8 +z6GqFT9IWaBrJtBU1YoxuyTH64yih6ljvm2skIEGlQYS+GBL9K/Tx4mh4lAKVzD5 +GXVqtyM/dQKBgFD0Ik8VewK+QLXe87TcUK3cCLkuXZ4vEWxGJonUErUpcKFu7dLw +7CK0iT3zv5u8ANS9joMZEpmzVVryZNPbUF3cSjq+yIS8W0/XKCsZkGCBcOqPlubB +oc3MQhM65HqxzYJkthQCTq8GxUM547zCNA2FavDaCGrdELdA5lM++t2VAoGAMLem +AH68bqlhwM5gc5ZMtn2D1ynn9v8oudz2AAsRDKph5dHhlTx5T+/8j9dh1ijznSfA +G1KngWGGKZzIq5c3ar//Jvy75bWsUdEG8saRkCqgpo16Y9ZyXpLqrg1TfCD+ZFSz +2l5ZNKZZ4TkJ1y31qvaS+X7tQ9xQ0DgXGHgBIIUCgYABBBddUXpOyG54HvFHIgxS +esBBkpM0uy3vOkyfMown2GCjKZaXS5kEmRwU9WQQKLPf2ieALgYEf87YGWmPNZNF +tG5DoNhTMsrYORB11tuuBR1e6lrG/aoOkP/4udWC8d4Yp9wnkEu0l6X/kMfq2lb1 +67bBVmHqKJ0t8rytHzkP0Q== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:6b + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Jan 1 00:00:00 1 GMT + Not After : Jan 1 00:00:00 1 GMT + Subject: CN=Leaf Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e0:53:f4:f3:98:c1:14:33:02:c8:a4:6d:fe:aa: + 2a:f7:94:3d:a6:6f:00:df:3b:de:4c:9f:a3:ea:07: + d4:ac:e5:5b:0d:d1:ac:e0:ed:f9:c5:98:1d:35:2d: + e5:b3:49:97:14:85:44:0f:dc:4c:d2:67:08:88:01: + a5:d8:a7:eb:93:d1:6a:a1:f7:51:e7:84:7e:52:2a: + 7d:bc:6f:0e:d8:db:b6:a6:3e:de:dc:f5:a4:68:96: + 44:11:85:02:ed:47:12:df:b8:60:71:95:7b:62:87: + 68:7a:44:56:09:d5:b4:c8:f1:f6:c9:46:92:8b:68: + e8:83:d5:d5:86:71:23:c3:80:1e:bf:6c:01:c7:d2: + a4:bc:40:6d:e0:e3:c0:2e:30:78:bd:ad:dd:25:66: + d3:f5:07:07:56:d7:ce:e2:72:c5:25:7d:0c:e1:a7: + 6f:00:a8:da:ab:4b:54:43:09:64:a4:b6:52:38:2f: + b7:cc:01:dd:1c:03:27:03:47:bf:df:e6:37:b0:ed: + 18:dc:51:0b:d4:75:22:df:50:7b:3c:eb:37:39:1c: + 9b:6f:08:7b:a7:05:ac:8c:43:f7:f1:da:51:06:b3: + 82:45:3e:c8:81:73:9e:b0:a5:cf:76:96:af:81:2c: + ac:01:2a:4a:58:4b:1d:be:ff:1f:85:c2:27:de:f1: + 78:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E2:E0:A4:73:95:9B:E9:6E:FD:CE:29:C4:6F:07:81:0B:96:BD:47:BA + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + bf:da:fe:8f:5a:ca:5d:f5:9a:90:19:34:84:15:ab:46:80:62: + ed:95:c4:2e:04:ae:7b:0d:b7:a9:be:f6:28:8e:eb:a2:84:3e: + 04:a6:b5:d4:61:a3:69:5c:ce:02:1e:4b:9a:40:58:19:c9:5f: + 86:c2:a4:39:d9:c9:8e:ab:3a:b7:97:86:4e:96:73:dd:7c:84: + 05:e8:2b:0c:83:a4:d0:69:1a:bf:c0:c1:a9:ed:c6:71:ec:bd: + 94:56:4c:d4:0a:72:f2:62:69:57:67:b9:93:03:c5:43:a2:1b: + c2:20:36:6f:f1:ae:47:5d:7f:4f:65:a9:ad:30:60:93:50:34: + fe:8d:38:2a:b8:b3:a6:19:0c:de:30:e7:bd:61:cd:ff:b9:5e: + 5d:06:85:52:95:d5:a0:76:14:02:58:43:e6:83:72:31:b1:41: + 7d:20:7b:a8:db:7f:b2:36:ea:35:c0:70:c0:c1:c5:6f:fd:48: + 41:bf:ff:67:c9:16:c4:a4:77:99:94:0b:ec:55:bc:91:b9:3d: + dc:68:52:b0:ad:a4:e3:c7:55:e5:67:37:52:c0:ce:1f:3d:19: + bb:00:91:4a:44:bb:40:eb:f5:7e:a7:7c:49:fd:26:16:a7:cd: + 69:3d:d4:4b:37:5e:d9:cf:30:8a:8d:83:84:d5:5b:f7:4d:4d: + 85:11:26:78 +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIRALBrk5LjXI1+7Z3IllnFwmswDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAiGA8wMDAxMDEwMTAwMDAwMFoYDzAwMDEwMTAxMDAwMDAwWjAbMRkwFwYD +VQQDDBBMZWFmIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA4FP085jBFDMCyKRt/qoq95Q9pm8A3zveTJ+j6gfUrOVbDdGs4O35xZgd +NS3ls0mXFIVED9xM0mcIiAGl2Kfrk9FqofdR54R+Uip9vG8O2Nu2pj7e3PWkaJZE +EYUC7UcS37hgcZV7YodoekRWCdW0yPH2yUaSi2jog9XVhnEjw4Aev2wBx9KkvEBt +4OPALjB4va3dJWbT9QcHVtfO4nLFJX0M4advAKjaq0tUQwlkpLZSOC+3zAHdHAMn +A0e/3+Y3sO0Y3FEL1HUi31B7POs3ORybbwh7pwWsjEP38dpRBrOCRT7IgXOesKXP +dpavgSysASpKWEsdvv8fhcIn3vF4CwIDAQABo4GAMH4wDAYDVR0TAQH/BAIwADAd +BgNVHQ4EFgQU4uCkc5Wb6W79zinEbweBC5a9R7owHwYDVR0jBBgwFoAUmyYLipip +ux25HxzjGkAz7Y4XiKswHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G +A1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAL/a/o9ayl31mpAZNIQV +q0aAYu2VxC4ErnsNt6m+9iiO66KEPgSmtdRho2lczgIeS5pAWBnJX4bCpDnZyY6r +OreXhk6Wc918hAXoKwyDpNBpGr/AwantxnHsvZRWTNQKcvJiaVdnuZMDxUOiG8Ig +Nm/xrkddf09lqa0wYJNQNP6NOCq4s6YZDN4w571hzf+5Xl0GhVKV1aB2FAJYQ+aD +cjGxQX0ge6jbf7I26jXAcMDBxW/9SEG//2fJFsSkd5mUC+xVvJG5PdxoUrCtpOPH +VeVnN1LAzh89GbsAkUpEu0Dr9X6nfEn9JhanzWk91Es3XtnPMIqNg4TVW/dNTYUR +Jng= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension.pem b/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension.pem new file mode 100644 index 0000000000..0bf4751f15 --- /dev/null +++ b/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIUZCoefl8RYqHLu2ziqedCbSAfH/4wDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMzBaFw0yMzEwMDMxNzIwMzBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHxaeis59fd/yaGhvGCkW7F+eUhXvZqOgc +SVvcudUmtxV5JAbLwXiQwKL820Wmm9VJ5gXoPtFdTNZYhbJkd324bSu/H71QDtgm +7ngGeipmAIYEvHpscBhRStIyBtcWrYNvdOXqmAQLJirtyxaAX5NkVrURkoaoJzv9 +yYKOfbZR9hPtLIL6mfT2NiLlLtUN6icLmJX6z4t2Eu55sAnJjCwKnvg9E976yoOn +wDXJDY3OnC3V/eYZZO9bBdlalXZ16l8xUXXhL8+xSrOgnleD2QHFLoSXecx5FEeZ +7gGdiWi8oXzkD6MiY1xOTwFlvgNNegjnWOlqpT0OJhYD2atYMH51AgMBAAGjRDBC +MA8GA1UdEQQIMAaHBH8AAAEwEAYKKwYBBAHWeQIBFgQCBQAwHQYDVR0OBBYEFJ4m +W3kENeZsH6FrlzETjZb0qj98MA0GCSqGSIb3DQEBCwUAA4IBAQDFl5sdC5X3jc3h +gFvu9w/Gg/8B4y2wyVQYk7FOWvFwQXOJ6fKo0gP01RtQ1BCUTTa4UC6yGxZSmI7D +Vubi8wLv9ut9Trjz0ZN/s+18OKWWPpknm6RPrtgz3lcSJUPijQBDj62ocWLr51uj +JS7k7OsvAQQ2BBh2auZDZQ6RmEJvce7Pl0wG3e7lrHo5sRU46bERvpiMctHy/x9M +IBryGjz58SvWECsFQC49nb1jLkYbPqDsU/GlemVPffiSUVjERZMLx8FmpKnZRy2a +tT7RY3/C0G9pNrp6ymYlhkSMOiXcjRJwPCOsXlczwQo1ACtmxXSifjSaC/3Rx/0Q +0jufLLMb +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension_invalid.pem b/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension_invalid.pem new file mode 100644 index 0000000000..dd49c6d66c --- /dev/null +++ b/pki/testdata/ssl/certificates/can_sign_http_exchanges_draft_extension_invalid.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIUKI4gpE2u/33EvFq/n6Lu6en7OtEwDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMzBaFw0yMzEwMDMxNzIwMzBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYzHvl9+jL2fcnXxtL+Co0+pBwhi/JvBkl +XF9S5SNEualXFq4ajs1Mp6QEevTqSQYArAxHGtoVGBMSVeGsxQuD9mw5gizO/FTR +dcm6fpWhp6l8W66v49Gc9zm/vte51n27iqa3LATIUzW/P6eDbLR3adQCB2n36miE +kCvAbzwddPC6VkSeV+u/SOhccFvY5aluRuKWCOyfNi6lu4q5NCqNMF1+OplVTutW +aGo8xMRcNqnQ9u/rwPV9NzVnhlW6Rn1eQrSMnWTnlBytyZGkHvF0ZuJ7sk3/sF7M ++KRQQ32SIeZV3n6Ctw/GOtQz/yw1g+2Sp2cBZB+fNXb4EaOojLvLAgMBAAGjRDBC +MA8GA1UdEQQIMAaHBH8AAAEwEAYKKwYBBAHWeQIBFgQCMAAwHQYDVR0OBBYEFPPi +QMbqtGksJRPMpYH2NFpHtVnlMA0GCSqGSIb3DQEBCwUAA4IBAQBkJakWGDFVcOkh +MXRQBikBmnxalzrmB8ayHK6q4v65nyhi912e3wJ7RGih00ESsJtuSTZDaxhz/STI +jo88gWHKG2EUdwh4S9c9HpPcFvGmbVZx1x2gkvIfbQMPMYEyiSsD8FYUWOrc3NGS +gRj7/4t/IL+oeOjnKgzm2uVCIQHgGPMQWQUtsVszVcaBvegpR7SKA9ew3RdXi+WY +ObEXIonrWg6STiVENMpLFX6flNIXJxw2IwSjerf25FxGloNLjW2zJLPh9UeiCud6 +f3+EBU7p52j5jkEjcYTZt+L/350riO+lMDHKd+u8p9qXxnS9Q52oWZSx8KTcd1oh +24PS0WnY +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client-empty-password.p12 b/pki/testdata/ssl/certificates/client-empty-password.p12 new file mode 100644 index 0000000000000000000000000000000000000000..e0b514c4bfc3f0cc44e37395f03cc6df985ccfa9 GIT binary patch literal 2367 zcmcIkXIPV463&-|gh1#JKnU$FCDbobL@6SI0s>-Cq$yRJ7a~OLTx2#!#TtABgoNN$K6fX=4Az+qpm;kqlYp}a3 zNh-kAKR`-f50nt*!XL%s4}PPXmG!Do$98rqIaOGVS*wg=Zj?>jGy(UPlu9NV z3K>%Brm>vymw0%ok#UY|SuOk`-pc!qnPgKJQ}N%}^iPA$Ue=+{ zlt%3P5ADdCx}@oSuSW`GC)KMF)ZX2WuVpwKE7h!Yb6Ke7jIT&i7?FEJC6W?e+0>%K zHVf-@ELOXHXaBLfw%hdZ%3Td841fUH@}Mlp&0-SE0{{nbI1GxUfC7K}vT!uWfnZlc z0BmeX81z>vS&zq}5`a9iKGAu^$>%q$AzmgW(r3MO;;jaYB zqpgfXn^dMWxqhhq#)T^N7Ox6bAto{~sJZIBII-(;oFa$U%4EL?vUS>3BzSIp{|qY2 zUNcsN9QHIYpsc@6PPUMd^d)sRmuu@)e7~XOtqE0xyV$XQmm#^iqRQiGiaJIIyuC?6 z5WVuPc-m}9fvis|epkH_7cauy!8uiz;+U2Oyx%e-J@DD4_~5fw)3~A?_?qf=EFESf@WrOF>*% zmLJRVgt)Q91>*E~45YGI|2k*TOe%Z>q{7!h`Ja=91^`eLF8Ce2awj_#eXY~^Y>|;I zW4d+}l@0{}I2GP%nZe0Zlzd$s=3ngDdCxw�S~7YoU0e;}mDnAA9~)ZFuo?i&OJ~ z9dTD4M_6XvxMWk-u`julOdqetCGrNZoyw%#=`A?mPDx(Il+fdsqXh~UY3Ub}g8I45 zl+_#IADrN(DtphWX0!vaKG-~34(Bvka>8%wfTFI}tR1bRVvmH_5 zdyMPA5*<0-CqPS)-mM%*syl1nzfKrc9nL1Xw{VZ!6+AmKIhVyD>*d(d2-~-MtUa~8 zan*V>e#qX&PxxH>$;Q`#hn) zIy&=nUmTB9lkf7hpE!*tx%+c?Jl6TCR1NUE$a9elvpO@8Cn6?-O|xmG%lh2KVdJ>P zdK7*}Vk7@m;6a<@YdDZ+J@q90qiycMhe?cIkfW|~`*)J`g#QJBbcs*loDmkhJzR|{ zwR#@}A2?pEOBkE)iE%qX!DY1HeO!!R)1K_mPr5%D_a;e9D234V?)uzlLsxaR?=I|l z5m7bjjW;>?xou>Q*{r!zsN=fYbpJHJ{NeJety{RM((*|!95ykI*f4&VF&NI+ z!P^Scy+=y=)|=Ysmu{%0&@0Z2jxK=WK!x{rM1#} z<~BI1D>fq$;%Azcc703d%F9px|9#`y=bjr1gO zJdd++$N3=H%#No^2VLvr{!Md|wmC`V*ZuNW$iq*J#8r)D-Qy94uFxyGeEK0YwYFWW z;FjpLCY?0>6*qdd{{^9ZMp|IQOF{ED!V#pqqNBPO#ceO&i^05%{Q!z85VNQuJoeqbpK(xp9eHfZk@1cEi$HA>=7TNV>D$Gm>q|Aa9p155Mllb`$2Rd z;x)T>vHh)vgR+zNL_WGxQs?9t6ovYaLsLs;ctH(sl~ByhS}*;W6N%AEzn}m7jnBhk zUl}{GzGHk~tngRAc4wpBpP^#X22qA3DR*e4RW1>U$uCK-gQjkuZq158^Eh1?awDRa z7DAw7zQks&vs;d~+s3mQq5(dqubChD=Mn4f9y&s7&ayV%b_xgH`j$mLftwiQbXB2W zl1-qg*L2|kFzQ~j^g06)f-`T3EEtM~X|#Lo{XcfAHYg3E5Nt}^Fz6vR e2wYG!+hHnS%-O&fv%u^bkBl|qt~>ajd-Y$_)CL6r literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client-nokey.p12 b/pki/testdata/ssl/certificates/client-nokey.p12 new file mode 100644 index 0000000000000000000000000000000000000000..bd6bd7c80d0be1bb8fea2c484d8756e17133b8d8 GIT binary patch literal 895 zcmV-_1AzQ6f&+U30Ru3C13?A}Duzgg_YDCD0ic2dG6aGHE--=vDlmcrCI$&AhDe6@ z4FLxRpn?MzFoFXU0s#Opf&&Z&2`Yw2hW8Bt2LUh}1_~;MNQUW!^wk3E&N#R4Y>*n5np-RMW~$pI@&IHZT+%DDM$c30tT75=f^_Yp`KZc zkafl}cIaYcd7)#>Vdd&EA~I9eD2-4g@0nzjzKJki-3fHlX1Aod1o+`O}BF8-hbEj|-P&{bv9F*IAOqiF@I$vg8RXbyjD z-0);U$A3}ze|*W>q{c}~PFdPa?e-}e*k9Xfv-fjU#0acz;MhA?jX1ey!(JtejC7U= zE4o9ZS{JOdsi6>Tyvxp5qn`VQTX%5}!mxL$8Yj>&MdlY+DGyDlfRa!H4e)_356TBF zlVkR?i^51qC71kEk<`NuOI<)A#O8)HGl~bjA7~(baAw#=xIUm2=;|E6G1&0;!VdXn zzmy+Q6i!{xG(J+_jevj7@TW2@FzylAf9+-jBaeRwN%Mo=|tyubC%yC4DSp2Lvs( zC{fcO0-nI~-YNgDg^561>GhpAraw^;Mmt2c&3rvTxja&u$ZI~m&$yM`8xq;wF)$%82?hl#4g&%j1povTE6g?>;&s8lgA!gH^BpnO Vp8`te1PIQ?%Kg#e4NL+82mn*=lcoRw literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client-null-password.p12 b/pki/testdata/ssl/certificates/client-null-password.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a8c45a7e7fc922be458fe53717ba162f816a22ff GIT binary patch literal 2364 zcmcIkc{r497oTSqTWIV%gJd7iq_IWWiEI^F$2MclE?#2dNxZlu`>v5S%S)0bOYxF@ zt1M}(B@`tTd3pKfy}qu#zCXS{zdz2o&-tC}ocmnA`#uMRnAP9_0)&{h8JOkbjpKLO z07ifUF)bk>rUg1YLzmb89qOltp3~t@5JC_cj{V4DWdRTr2mu2j_yGgU50IIcUJJgC zgy5@mdPj^*ur$F2f7nHzZK+%7v^8K3XP6`h7_V9Lh4JFYV zkofgR00l!pz;Sxh01F%f0N7)mmpC&l?en?h>TBqRr2LvdBMjsB(hc1!16$EBcM}#- z+PA8e6E@t@ul`W>9{pTNIiNx9268XArG;B5PqbU1E1lHEtGt`0%y8X460` zM!ZE}=FLaOD={h0nK-MwTsYa!*0D!4IY%#2B)k9kp58c)MO3~Coq_doxCgmr74P=1e`sbvv0stt0_KV zg5UsvgpeIG=*roO5Nu;Z7Ecw6nr^7$4OYV#sCu{ zx4jJ`(u_SCqoc)Yn)6B~#pIoMj$GS>siT!onedj&Wy=zIN*7Dew!74C1hGG-*mvf= z)i{goTHOyG-L%WZcbRg#W(@@Ro^uTf6S2BmZQ=7;Sbxh2lnT~}2L;*TQU`K(mQWVQ9kqO_gwh44uqJ^}X%EY8hz8O^ZW+qn%NBlD(P*s2 znq+@9|8DmAVl~vqHg+9$EpH!5nw*Bx^o8n>^5U?V$UJrNzdlJ$DPC7m80HNbI-`a? zde--)uxL+kj2x$^?DSoJ-;CTiGVYjPW-R(vhU2K_y<>C6#0Xx0Nl2R~e9W=XzkcJ{ z(Q4(}uKgUB;p_*pM8j@@(wn<<05aLD8<+ttBD>YA6hpro89IgZ=h)UsR)#}1j#3;yw9v$ zRQhBl5m84_VU{Rtx-aT{(9<{UWN`sOULrpM!2EQoL3PxFSi^#ngz_R{wtBpHIYshr zETo=A!$8RY;sA%08(o?IR@TPsEtmYd!|L}nxCfH2RA%bj$8ePy_B@N z9w+Z{zxyvOWkv?wg^fgs(VZ)0{)N(#E*d8DixBS(o#lzi{qm@!HcQX88$0a@6fXJ2 zKYlNp6iP|x-1H-3ojaYe_OpG_TQW?lcw(YXh{^keRA#bda4Jo;|J; ziHC`M$=sRD>A2yfY5h@aT^nkTxq}$y^(hzM+(p3$XEco0K$5i>TW8^mRY~qmh>=Kp zJ+!Bdo{Ti*RSeKTbyKg;HLVQfsCT`U%8nYmnUT14r*1UO*s{}ew}Gk)J}pn{H;Oc! zxgxnq{K(l%Qo4x>+W6{E9uC51A%yWwm56o&|A`tdC~kw>cTOs^o-A;pPR}1*aLc*1 z!pr)uuV)QaL~ebpBy59I;(Lbhgk6&CrhC4H+*6ooYOYp8vPi=rL2dMU%t0X+dS2UB zN8#{%`v;3%$*IjK!PBa?R=V(Tl^(t3Pf<%**{`S!6q9`EvCIh)0@`c%^Cwbz&G z;{}|q;_i9`T)0ITHZd3LbmKE3`r=vTg`JMvD6fuO5BamE(3C^tlcuLlIYXNx58iHM zm_`YOc@;b`?+m-8J3Do=Ezt%5_I5e>1;UxrV%X^e~T zn>7$=fAf)f{bi5sXKi+?&t^St=qG0h-!*`aoq7_>$b!MZW&QnfNaJP9`7=u46QF>D z4JrLMsvhryi!SeD{j$wvu>rJJRtw8YD~G~ V^YIm^{+VhoL1c(q&i`Dh{{ml(;1~b^ literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client.p12 b/pki/testdata/ssl/certificates/client.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ea1657a7834b546542196e32cb07c873968bc42b GIT binary patch literal 1701 zcmY+Dc{CJ?9>-@hX0ePVhFp?cX;3qWlr8sJvX_xvmL6HMi<@N_LzadNV;x;&EYF%r zmZUHk$6ABoVaifTmaCD`$#QkheXsZa_?_Q5pYQqo{`!8fL}(cZ2*whjzEC(O#Vmy{ z3={;G5}}R|A{2jwZLvhK&Cdv0N(37oAzcs{11Okh<$&B4P z_l61r!2k(FFf97r^e1%Pl?*O_rvlqwzgw4|o&FdXb`N#gxMTt@m`1o1582CFpF&3l zTc1{y@y7gHbtW{KWH|Avu^a5C-T;hGyqw5Y{$p<{b#r4OA27V+$!S&MjOA>2*`qur zXV9j+ZH`al6V(r!qidmF((|m$pdt<^VN0Ezq_O_GFb%@Qe?!}&$gnfFcTyD-0%!C< zU(qZv69*y2-7fE4;dg@EW~*OJO`nEb!pvRe)V;8zx#gS?6OZ<7spakZZaUMLLgveX zc1?~CQtMHhYJCy)y^GTHa~EHVCVUBlsPqVsTo^hJyY~}i0CE0cdE_n2hRwk6+8Nuh zg;|ut$Bjr);mS6b(GByp+dC?lDau<`MRL+rVFhm!INj*-!oydT$DOC4K{iHcb5Z6Q zqhjx9|59YDVGNF}D!(kO@e0uw;K)=Ow0MM5A@s$WvrWH|Ggh~zjieU|gC}YcH86`w zbaS-c`GVyjlP0<@@q4?LpMu=5Mf|$0om%ogNj)X)AyW`ah>xnV2s5HB_AM%8>_v@h z&7(sS`XzUyVWPjKy9H<2tdRKH;MbRq1I;8%@1~pCzUCDQM%+BE*X}d_U9OebQ)_&B zsCjl8^(2iprhOA{;9Y&4aX&N$JW(c|x=S9)f+oq`gym|nauPgWYq_`G8>Tt8QkU1M zqSZB7x`%Xi54QsCkRF#ma&u}45ul;Ue|`7|dmdHL$tSRhQC+#9d=GIsF+a-;-6~jA zV9}~VfT|~}1nxBHjE9)Lowv3=`9(T7{i5so&IvGZyW(mczu^1prr?BbWtPnV-8-Dj z=H6w1hlkS4-?L$6C1~Xrl~xYx_qkSpaqCmD+v3{5BJJTrFUFbVUEgpoFBL1{sIhHMfkKlHNKV|3^))^G9DgOJ zgLMsI5NUs*w#`S{aIGxM>(Qc6SZh6cs7tRyh`scC7=Wv0^rZE=yQ&2WquJqP(xs

_xLl}_LO%+&O zu1AfMP58m=_A|;Q-1f1uSL}~YWiR-d@5L1Ln3Fyi_YV5>_b1nh`QCbQ$T_qmOHQu9 zt_iX~mOAw;4&@G~E?}`=44Qd@ar{E!hP9AJ5x{$5C^_3ECY@l9VMfM-B94x*g zkVOd}I%oS#Ni%9{;gfvCN({3<&<|VkT&C)H>9Od5foHd?8;h%=6iE*A!q7n^Pd}>S zf%=ncxiS^czMu`kH7=PFiK=`_o4}dE6z8xQO%r;~9eKXWdkW<{W(mbvD4X9S8xP*u zPNSxgz7m*Dkq-HP`ck}>I-~Gj=S>37F8K*;&^W7QHwX+H9+HRujTiUZXwk7O1<9Hb z(1D6NZ>-)S&`Z!p}&bcdCi=JTw80W}$hS3`WJ+BNk)B5+n^^L8K zRmh(D9E;2FOmxJZ!Yci@)$n6DDTpNPJR$o+tDWYGyPn;LSwGX(rn@3o999tvhYF~O rfI+eX0EncQ=);O*x^Z3Iq!{}Ve`>@*aU1~xqZR18yQU*}Kid5ls7efx literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_1.key b/pki/testdata/ssl/certificates/client_1.key new file mode 100644 index 0000000000..5ceb7e9503 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_1.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDa+Dq7TTFSw1Ax +RkaftrCM8tuPbYH7NTxLdHil0F2y4G+PvrlqN0qB43tRaKJPQEYhG+RnppXeOk6/ +AbgOFXBQCPoVJWOjxwMX3ea3rSLM5C9xUP9Rsnf/fkngD6G6pOo2nYinfgpINQDh +GB/r8BJs69RNhvgdbN4aV7Bz8WGYqKF3DVhV+Di5zIOPNC9zoZQPey4duMS06OER +G7Op8fFws3QoCzEywVdAbe/R+m5oeg875vLVvmONwDi52mqv4rgbfl+aPhyyPzoR +3hdIPEi13AQB5hmyLAcTDtvcib3beNLw586NXcYgQZdcbLmDkjVRDK4uniE4QaRU +GeRJD2+xAgMBAAECggEABMvoYMcg2WGDuESZZ5u6nn0eZUlT4329H6ECQzg/KTEv +OGydhqUF6eD4B/vnsZ6POrVFSaZK76EtgukbJUcqcee0b1yljrDyvCXaoojgHjFc +aa90HE/Gvvm++AcXoZfwX826cILQtQK2OCK4EPTDY+U+6LYtaVruZZDTVxgr7V+v +4v1EDKEjQc+Ttupwo6aXSeiTKuqNsXuodoDvcv/uJgzMDCxi14TZTjaWOz7Xw2JZ ++NLbTrsiqTyzmyJousV6/+4sfTYt8/tz0gMt3Qaddvs+BpTTrYIKTpsGYwPkKDqU +dEkC87OQ6a2mXB1lpA7FMpZiiyJ1HpIXHkd+eLoNkQKBgQDlQtZdTlHu0YLM2WlO +RFYP8zyx/9k6rXZVVZLNBcZazEUkcgXJ7MS8pXieiXo6UJEf0PNCCY21ooOMPq6L +I0NNF/yDbvT9Ri7eRNZRZosXIDaB17S93vgZ4Ukri7JJv3Bx+V2Wwl3P2/g080sh +qx8ZZsg1aQqpKov9qsavyXAuGQKBgQD0gh2P+rt0jQ9SnJ8ETGzFAXmhZyt4my+v +BuFX8tFvByxMiUIxzsmHxCA6td/6KCWPwoo3xhe7r/+NHEFe6k9NR3KgrHOrHFcC +qOAHWYPuPCKaG0ycbEF3tjzuDbZUJzH4WBgQDEsPlwDYEpkR17FX6sIMaAPMRvlO +cZQZqnXRWQKBgQC6t0+c2E+UYB/WNG82ZiNthB13nrbNuj54y2PvBHgCtQDO6Opc +BTBJr75n5/GbEsjPD78+lkdKmdvnWZmQCh0i6ZkndjOjHwjGz2t5CjnXkM2zu/kg +9jo74aZVB8Yhl/+9Y2lcglojErS4czlKZ3LBnlsKXM1o7xTqeK6utjFd6QKBgQCA +aH0CClm8IgC0EBDq/v/4jofEHhyUYFuwfdqGh705o/i90S/0XHc2V+fdLXsNM1xW +nYJdPClmpk19XCNwp3kySp2GiErOyDlh6jKNaZOB4A8EA+Y+GBRhvFFPa+AfXd4+ +YHVyqCIbc+A7mbjNyAsY8u8p+M5Vz8hKTBfNStpJMQKBgH6YBNtXqyPDXgqyvRkj +Zt01I2ZYn2iIHBhHyDWE5j0QjhzF2kLpKIASO1uOTsaurAhPuyUTR+8EXu2OSP3R +oaJ5buwUb8yL2b8Q075WCSp+eXdU6ZmEYdfnKX+63I9QIWvTFsREZybFR4tPgsQJ +Gq/L8jNIxDxG9D0P1I2Zxrfd +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_1.pem b/pki/testdata/ssl/certificates/client_1.pem new file mode 100644 index 0000000000..2778fcc9dc --- /dev/null +++ b/pki/testdata/ssl/certificates/client_1.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert A + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:da:f8:3a:bb:4d:31:52:c3:50:31:46:46:9f:b6: + b0:8c:f2:db:8f:6d:81:fb:35:3c:4b:74:78:a5:d0: + 5d:b2:e0:6f:8f:be:b9:6a:37:4a:81:e3:7b:51:68: + a2:4f:40:46:21:1b:e4:67:a6:95:de:3a:4e:bf:01: + b8:0e:15:70:50:08:fa:15:25:63:a3:c7:03:17:dd: + e6:b7:ad:22:cc:e4:2f:71:50:ff:51:b2:77:ff:7e: + 49:e0:0f:a1:ba:a4:ea:36:9d:88:a7:7e:0a:48:35: + 00:e1:18:1f:eb:f0:12:6c:eb:d4:4d:86:f8:1d:6c: + de:1a:57:b0:73:f1:61:98:a8:a1:77:0d:58:55:f8: + 38:b9:cc:83:8f:34:2f:73:a1:94:0f:7b:2e:1d:b8: + c4:b4:e8:e1:11:1b:b3:a9:f1:f1:70:b3:74:28:0b: + 31:32:c1:57:40:6d:ef:d1:fa:6e:68:7a:0f:3b:e6: + f2:d5:be:63:8d:c0:38:b9:da:6a:af:e2:b8:1b:7e: + 5f:9a:3e:1c:b2:3f:3a:11:de:17:48:3c:48:b5:dc: + 04:01:e6:19:b2:2c:07:13:0e:db:dc:89:bd:db:78: + d2:f0:e7:ce:8d:5d:c6:20:41:97:5c:6c:b9:83:92: + 35:51:0c:ae:2e:9e:21:38:41:a4:54:19:e4:49:0f: + 6f:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + 90:E3:67:93:7D:10:6E:6D:4D:49:29:65:38:E5:F5:9C:66:62:DD:69 + X509v3 Authority Key Identifier: + 6F:C5:EC:40:44:0F:5C:78:04:8E:66:11:4E:A1:EE:1E:38:38:FD:72 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3e:f3:8a:9f:b7:8a:87:4f:64:56:08:e6:a0:07:e4:b9:f1:8a: + 88:50:a0:cc:95:bd:ab:7e:02:97:0f:ce:1b:fe:56:fc:44:3c: + fa:b2:98:f9:cf:b4:a6:07:9e:b4:c5:64:9a:49:90:4b:81:5c: + ed:ee:cc:3a:4f:ca:36:e8:dd:3c:e7:c1:2b:6b:b9:62:29:f8: + 6d:ca:61:53:40:20:32:1b:85:f9:55:0e:85:55:cf:bf:e9:b8: + 5d:ec:16:aa:8d:1d:85:d8:18:1a:6a:aa:e2:91:cf:ba:8b:46: + 2d:e8:d4:a9:24:98:20:b5:f7:e0:b9:fe:2e:ef:e9:94:17:c3: + 54:57:8f:7f:f8:04:91:6a:d3:0c:3a:1f:50:1c:18:c1:08:fe: + c9:83:4f:23:2f:c4:b8:8d:db:d3:f2:45:54:27:29:2b:f3:50: + 7d:79:1f:38:17:09:8a:38:90:63:8b:29:8c:12:7f:1b:da:0e: + 01:b5:c7:7d:9b:65:99:5b:3e:de:0b:b0:83:d7:81:b0:0d:b4: + 09:b4:63:6d:2a:b0:25:f5:1f:cf:df:b1:fc:8a:c4:29:29:3b: + d3:2c:ba:ad:83:21:56:dc:1e:7b:81:b8:77:4a:cb:09:e2:15: + 32:3b:78:69:33:97:ff:2f:e0:94:83:9d:6d:27:d0:8f:f4:ae: + 9d:7b:35:18 +-----BEGIN CERTIFICATE----- +MIIDEjCCAfqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa+Dq7 +TTFSw1AxRkaftrCM8tuPbYH7NTxLdHil0F2y4G+PvrlqN0qB43tRaKJPQEYhG+Rn +ppXeOk6/AbgOFXBQCPoVJWOjxwMX3ea3rSLM5C9xUP9Rsnf/fkngD6G6pOo2nYin +fgpINQDhGB/r8BJs69RNhvgdbN4aV7Bz8WGYqKF3DVhV+Di5zIOPNC9zoZQPey4d +uMS06OERG7Op8fFws3QoCzEywVdAbe/R+m5oeg875vLVvmONwDi52mqv4rgbfl+a +PhyyPzoR3hdIPEi13AQB5hmyLAcTDtvcib3beNLw586NXcYgQZdcbLmDkjVRDK4u +niE4QaRUGeRJD2+xAgMBAAGjbzBtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSQ42eTfRBubU1JKWU45fWcZmLd +aTAfBgNVHSMEGDAWgBRvxexARA9ceASOZhFOoe4eODj9cjANBgkqhkiG9w0BAQsF +AAOCAQEAPvOKn7eKh09kVgjmoAfkufGKiFCgzJW9q34Clw/OG/5W/EQ8+rKY+c+0 +pgeetMVkmkmQS4Fc7e7MOk/KNujdPOfBK2u5Yin4bcphU0AgMhuF+VUOhVXPv+m4 +XewWqo0dhdgYGmqq4pHPuotGLejUqSSYILX34Ln+Lu/plBfDVFePf/gEkWrTDDof +UBwYwQj+yYNPIy/EuI3b0/JFVCcpK/NQfXkfOBcJijiQY4spjBJ/G9oOAbXHfZtl +mVs+3guwg9eBsA20CbRjbSqwJfUfz9+x/IrEKSk70yy6rYMhVtwee4G4d0rLCeIV +Mjt4aTOX/y/glIOdbSfQj/SunXs1GA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_1.pk8 b/pki/testdata/ssl/certificates/client_1.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..a65d7c5745ca8cbc833adea849b01a629aa2f8c5 GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0NVIEyG=1t z!%#6sMxVB@jPl!$ZGrnWJWF(VrO;in;BSwNcH-r+x}ZH2~olAM5ZE zZ0pobhWH(9-Wpf1bMaxAsG)ZaSXKBqxy*x)G%s_Zln;9@9k|4_=;09?v#Ig%aI&<{7dq z2NMq4+=;#0c+&9a&W&BhAVHU0Y`KGyHBk(%E}kJcL8Md}2u>u1D009Dm0RRNc z=wQbn*=(a6sTJB|#(^nWP?O(6r{X`6*BSFuTw(4-Brk6?RlPcTgxO9umODPz!(v(Z(%VkEBB?yHn<8ks#d`nlEPXaD^ZRqs11;SKop$>^ z29(pSf(lNX24e%{C_0pMNdoh;km;?aTpeYk4#hH-Vv8bm9+DRxM}By^4UqzYfdJ(~ z)?H3f?$LtG*=bHhRuA($vH#gRt#(yalFbFiTFgZxas|ok#Jr_=o{4%oP>~WC?$`=iZ{j=yRZL^96?^{PfbU1psaJN99IIU;0IZQ z?mQxz8%&&RL3g%1?hUq7Co%X~7!V9g50?Pg5}6U#u~+KC3}^$)M)^*0lo_gZ(OCk4 zfdIOM*x;}WzWA6lb0<{3n=;~YrFiEezXXo*o63EXF zzdn{nN}1c|S(%Uu9U|$OCw4QV9|*?JYk3Me*O1M#yZIpYIy>Q}RR_i)m;b$EX1Tk3S7--?-c5IuCBH*UFiaWfdGJLeF6$uydnU!5D@DA|M-rF#2y@! zU|X<#+J=X{IivW!(J%B|cQ#k&-7R|!Gh9}kf?Yf*W~NPjTqAI&c`{0!hKNee$T?x^ zGL31If#44W1Li&$6k)tkPix>GUEV%mb#ka88*|`0nYhi!3mEe6DfrG+&&Wzl7tKoA zNihO}fPR<++gGb2!(Ixqy%{5B-8Ca-Sf6N!92iH)HH79p5RM$h+Cu3lfD$`fj!wp| ztO!rLB@;*Q1YYfqNd3{FqIquY6mQIn*}o9ezE%k;etCCP>6wIK*XJpJy4;UYA#2kX g#6)K%#Yc-zg2V|Lugmf?NW?rw^gR#MjhV)`-LyzP8~^|S literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_1_ca.pem b/pki/testdata/ssl/certificates/client_1_ca.pem new file mode 100644 index 0000000000..bb2748fdc5 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_1_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=B CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:95:90:e0:38:21:62:04:9f:f1:97:f7:39:cc:d9: + 47:2b:99:0e:af:49:ea:ae:5b:cc:78:3b:b5:c6:63: + 5c:2d:44:7c:81:ed:a2:2d:f3:64:87:e7:e8:47:f9: + f4:a3:41:38:1d:fa:48:6c:3f:90:ad:39:4f:e2:32: + 57:f1:89:5f:d1:d2:af:e7:92:c3:0d:43:d3:70:c6: + 78:b2:2c:ac:e2:cd:34:49:7d:04:20:89:08:77:b4: + 37:c9:bc:a3:f7:84:48:31:2b:63:ed:01:ce:59:78: + c9:41:0f:2e:79:c4:34:41:8a:9f:7c:d0:61:ad:20: + db:75:ef:af:08:f5:78:a0:68:69:fe:88:27:35:b0: + 2f:5c:a6:eb:fb:1f:ab:e0:68:4c:bb:3a:be:9b:d1: + e6:ab:bf:3a:d5:df:d1:80:ee:89:63:dd:0e:03:f2: + 57:72:d0:0d:05:6e:71:b3:e1:a2:35:85:ae:c0:33: + e5:a8:43:a9:ed:4a:56:3f:f0:e8:1b:97:a7:65:69: + f9:3b:f1:42:31:09:db:c2:6b:8f:e3:7d:ec:02:58: + 76:29:32:64:c3:9f:78:d3:f4:96:f4:03:8c:14:84: + 50:43:4a:df:10:74:87:a1:31:29:a2:b6:3e:de:22: + 2b:6b:67:e8:ef:f0:9b:b5:64:a0:cf:c4:6c:c8:22: + d4:cb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 6F:C5:EC:40:44:0F:5C:78:04:8E:66:11:4E:A1:EE:1E:38:38:FD:72 + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 00:fc:20:17:c8:1d:50:93:79:fc:1b:63:80:ee:95:a3:26:0d: + b8:29:f4:35:89:db:0d:15:ef:b8:b7:1b:e5:1d:0e:29:dd:9c: + c3:d9:37:37:2c:f8:9e:89:f5:3b:ff:70:0c:c1:54:cc:5f:50: + e4:27:92:9b:3c:73:8c:04:83:b9:2f:18:3e:cf:85:c3:5b:8c: + a9:76:56:4a:3d:e9:19:4a:ac:67:68:45:fd:b0:fe:f2:21:90: + e5:11:e5:bd:7a:a9:8d:3f:76:51:d7:dc:71:68:1e:fd:4e:97: + 56:7a:02:34:b8:ab:27:61:b8:a9:8a:20:ce:d7:ab:7e:ca:87: + 7d:fd:cc:ee:21:f0:f8:68:ce:1e:bb:e2:01:c8:a3:b7:8a:f4: + f1:af:97:63:e4:55:c9:23:bf:b6:54:95:a1:77:c6:27:af:6e: + fc:c3:dc:ff:12:8b:05:67:ef:ad:82:7f:4c:36:32:73:09:dd: + a5:f3:28:93:e8:16:00:2a:0f:2a:2a:64:d7:8c:fe:d2:4e:3a: + 6d:7e:f5:ca:3c:48:86:ef:18:20:a3:97:a6:03:32:76:34:4d: + cd:20:3f:6b:0a:d7:1a:3a:be:b6:90:08:3e:97:7b:71:b5:5b: + b5:98:df:f4:1e:59:f8:05:f7:e8:0c:7e:af:3d:a4:db:d0:92: + 4a:4a:65:c8 +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWQ4DghYgSf +8Zf3OczZRyuZDq9J6q5bzHg7tcZjXC1EfIHtoi3zZIfn6Ef59KNBOB36SGw/kK05 +T+IyV/GJX9HSr+eSww1D03DGeLIsrOLNNEl9BCCJCHe0N8m8o/eESDErY+0Bzll4 +yUEPLnnENEGKn3zQYa0g23Xvrwj1eKBoaf6IJzWwL1ym6/sfq+BoTLs6vpvR5qu/ +OtXf0YDuiWPdDgPyV3LQDQVucbPhojWFrsAz5ahDqe1KVj/w6BuXp2Vp+TvxQjEJ +28Jrj+N97AJYdikyZMOfeNP0lvQDjBSEUENK3xB0h6ExKaK2Pt4iK2tn6O/wm7Vk +oM/EbMgi1MsCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFG/F7EBED1x4BI5mEU6h7h44OP1yMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQAA/CAXyB1Qk3n8 +G2OA7pWjJg24KfQ1idsNFe+4txvlHQ4p3ZzD2Tc3LPieifU7/3AMwVTMX1DkJ5Kb +PHOMBIO5Lxg+z4XDW4ypdlZKPekZSqxnaEX9sP7yIZDlEeW9eqmNP3ZR19xxaB79 +TpdWegI0uKsnYbipiiDO16t+yod9/czuIfD4aM4eu+IByKO3ivTxr5dj5FXJI7+2 +VJWhd8Ynr278w9z/EosFZ++tgn9MNjJzCd2l8yiT6BYAKg8qKmTXjP7STjptfvXK +PEiG7xggo5emAzJ2NE3NID9rCtcaOr62kAg+l3txtVu1mN/0Hln4BffoDH6vPaTb +0JJKSmXI +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_2.key b/pki/testdata/ssl/certificates/client_2.key new file mode 100644 index 0000000000..9ab337c613 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_2.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCn6fF3nDenhKvP +6hqMzFxkp8LTIiQ61/u/hSAoEdZ5agEwSGQ75tg5SirIBsmCxe8D1Kxx0FjPgqpk +u8q19nkDhqQ5WvroYvjvZkcCge/0Xn5ZbRXhcGTFyUmYR7vgjwTZ0nHJMGilJoK/ +bLxrb0+uQEHwXCMFAtorL4M0nQfyrpwGqD3+Oaffnxy/9Zr0OiNlmEewVzshVpfp +JGQoMiIVfewrJ6Jdpv29DTh7OWY+XvG65IoRlRNZiDjteoP0ISmyHncuno6QEIL+ +3/hf+1f3VC4EzihOIunWC0eeZjbR1pg2lSLOx1AuP9Jm7glux6oqe9QQvLqmkGrL +m/X+fRGLAgMBAAECggEACh0txbobohP8M1hTBBMVJ5zxP71pOEAlMkqG/tLgO8z2 +SF27593GPWEpxYWfIqjgdjcbsflOOCWTNOEY2y/+5wb3olrIDTJU8zqSYWTJOsts +Sd+ntz4JW959d9YuS17h+GrUHr2zN+tjabtXeBMq1gCZ2Cv8kgMzd/FzMjqZLXVc +6IPAYXw2YIz6gaECpGSG3FHRXHf2h4KbyP9kgJRtlPwq4L8do0UynsXSpVib/vAK +VYd4FkD9DtzhXSGtGgajkcWhJ3HBkriyvdDiKPcHztz3rgEH7wv+yu8yTMxZE51i +kkdNbspS1tgLqdNTUO7fCztG07Ii1irhwhF4vAVoOQKBgQDkxeSXTpWZXRTrxtPm +h8N4sNIxT+rdFEJNRN6Uj/u/yOGL2sQe/qUnFF0QX9sXP37h0lPj2rMxnj5jB4+Y +lr0ei+GpcIAUytuny4ZlBZ3FD70KPndLshBiK5nng58oMnSmduiDR/ABwDlW0gtK +5/Qa57vaz60S5E9VwugeJuQmswKBgQC75dUioj43gt+YumMW8FwgUt6Ol5czo+G4 +jrsHh89Cl7mJJLY9A9ZMTQZRFPbIr49WVRLlM+0+L8Pe6WJ1GHiHxERUyllsm2Rt +TzIEl8y2B0jk3vgV9ykTfU6h5X4j3R+W6f908icx0c5rHiTZz+8XJlMFF10/ZMHR +CnBH8BoVyQKBgF+y5J/i0LO5+2Fx5/x8eGmJVjQooS/gJKgcEhwFayNcDfWqCvaI +QV/qpc+OuaCtAA/JIyyitOkhsClO5WPIUs5vZ3OwyvNntKEpg0vJIKlpnwOlA9RX +ZYEbiiMNrUtsZ92myjb4pc6lsZa/ANhR1YxXuf6bd2P6u7E9ekn6rN//AoGACsb4 +/Z6OsQJprsnqCxPIRPZb25PoUUbyGHLfWWQ5yBkJxEr9xOwma4Pze80XBpXDQ/Fn +PwxGbE2zD2MViZ/YsfjY7oAYtvkGvppPRSIr1LkAPlhnpGLj0UFbtD+Eh6wUNsS/ +KUcGZn4hN9WnyXJ6xTomguE/MPang0T1AbtM07kCgYBednwjjC5zSCjXDmYgB+ZW +rkI/wguNXjvrjLiA+eTsQgzk5gYiU8iMRahqmXjOF29O9pkKFUbNz6nDQTDkRUdK +q4utJx4nubsFKQn0VZbz9z2jiEgpxRVc2vIrfYNuG+a8WAbGsFO8mT+35kyLWiyN +hR3+Y4J+ghZQsZmtdctL9g== +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_2.pem b/pki/testdata/ssl/certificates/client_2.pem new file mode 100644 index 0000000000..fdae132c03 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_2.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert D + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a7:e9:f1:77:9c:37:a7:84:ab:cf:ea:1a:8c:cc: + 5c:64:a7:c2:d3:22:24:3a:d7:fb:bf:85:20:28:11: + d6:79:6a:01:30:48:64:3b:e6:d8:39:4a:2a:c8:06: + c9:82:c5:ef:03:d4:ac:71:d0:58:cf:82:aa:64:bb: + ca:b5:f6:79:03:86:a4:39:5a:fa:e8:62:f8:ef:66: + 47:02:81:ef:f4:5e:7e:59:6d:15:e1:70:64:c5:c9: + 49:98:47:bb:e0:8f:04:d9:d2:71:c9:30:68:a5:26: + 82:bf:6c:bc:6b:6f:4f:ae:40:41:f0:5c:23:05:02: + da:2b:2f:83:34:9d:07:f2:ae:9c:06:a8:3d:fe:39: + a7:df:9f:1c:bf:f5:9a:f4:3a:23:65:98:47:b0:57: + 3b:21:56:97:e9:24:64:28:32:22:15:7d:ec:2b:27: + a2:5d:a6:fd:bd:0d:38:7b:39:66:3e:5e:f1:ba:e4: + 8a:11:95:13:59:88:38:ed:7a:83:f4:21:29:b2:1e: + 77:2e:9e:8e:90:10:82:fe:df:f8:5f:fb:57:f7:54: + 2e:04:ce:28:4e:22:e9:d6:0b:47:9e:66:36:d1:d6: + 98:36:95:22:ce:c7:50:2e:3f:d2:66:ee:09:6e:c7: + aa:2a:7b:d4:10:bc:ba:a6:90:6a:cb:9b:f5:fe:7d: + 11:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + D7:3C:2C:3F:BC:E3:23:9B:41:9E:BA:E7:65:C6:54:51:9F:FA:D6:F2 + X509v3 Authority Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 07:c9:48:cf:dd:91:07:75:be:03:de:3d:66:44:18:89:0c:ec: + 38:d7:9c:6b:6f:ce:f5:24:9f:33:cf:b9:88:2e:0b:94:ee:c5: + 9c:23:1d:c0:b3:41:34:6b:89:90:c0:2c:ef:e6:ac:a1:53:2a: + a0:01:c8:4e:26:d6:18:8b:d2:f2:f5:cc:06:fe:05:65:8b:1e: + 62:56:eb:39:dc:ac:95:70:d7:b7:52:c0:4c:57:a5:5b:01:a6: + 5f:75:76:8b:15:3e:f0:56:83:b7:62:d1:40:11:52:68:fb:fc: + 46:ec:a0:06:0e:a0:ba:e6:3f:7e:b6:01:bd:df:a8:37:1a:2a: + 08:00:b2:7b:1a:ca:2a:7f:47:d9:c9:7d:ac:fb:fb:84:fd:c0: + f1:d7:53:26:01:c3:04:38:ca:30:c6:01:e5:6a:24:e0:72:2b: + be:98:3b:af:ca:bb:b4:af:d0:ad:29:27:5d:63:99:0d:d5:0b: + 8a:43:8c:f4:32:5d:a2:24:44:de:af:b9:fb:fe:b7:92:17:a5: + a5:51:bb:30:b4:0b:1a:43:df:2b:80:d6:61:47:b0:31:36:38: + d9:39:e4:f0:2c:cf:01:e2:6a:9e:f5:77:72:ca:42:ef:64:11: + 5d:39:af:7e:25:52:a5:3f:dd:96:9a:79:f0:cf:1a:b4:34:80: + a1:e8:eb:31 +-----BEGIN CERTIFICATE----- +MIIDEjCCAfqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwERSBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6fF3 +nDenhKvP6hqMzFxkp8LTIiQ61/u/hSAoEdZ5agEwSGQ75tg5SirIBsmCxe8D1Kxx +0FjPgqpku8q19nkDhqQ5WvroYvjvZkcCge/0Xn5ZbRXhcGTFyUmYR7vgjwTZ0nHJ +MGilJoK/bLxrb0+uQEHwXCMFAtorL4M0nQfyrpwGqD3+Oaffnxy/9Zr0OiNlmEew +VzshVpfpJGQoMiIVfewrJ6Jdpv29DTh7OWY+XvG65IoRlRNZiDjteoP0ISmyHncu +no6QEIL+3/hf+1f3VC4EzihOIunWC0eeZjbR1pg2lSLOx1AuP9Jm7glux6oqe9QQ +vLqmkGrLm/X+fRGLAgMBAAGjbzBtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTXPCw/vOMjm0GeuudlxlRRn/rW +8jAfBgNVHSMEGDAWgBT3lQK4R6uv75hNqPnIJNSlT0ZHyzANBgkqhkiG9w0BAQsF +AAOCAQEAB8lIz92RB3W+A949ZkQYiQzsONeca2/O9SSfM8+5iC4LlO7FnCMdwLNB +NGuJkMAs7+asoVMqoAHITibWGIvS8vXMBv4FZYseYlbrOdyslXDXt1LATFelWwGm +X3V2ixU+8FaDt2LRQBFSaPv8RuygBg6guuY/frYBvd+oNxoqCACyexrKKn9H2cl9 +rPv7hP3A8ddTJgHDBDjKMMYB5Wok4HIrvpg7r8q7tK/QrSknXWOZDdULikOM9DJd +oiRE3q+5+/63khelpVG7MLQLGkPfK4DWYUewMTY42Tnk8CzPAeJqnvV3cspC72QR +XTmvfiVSpT/dlpp58M8atDSAoejrMQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_2.pk8 b/pki/testdata/ssl/certificates/client_2.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..c2a578f66f1871b217a207c6f05f07ada7ffd277 GIT binary patch literal 1216 zcmV;x1V8&Qf&{z*0RS)!1_>&LNQUrrZ9p8q5=T`0)hbn0H^8kcbqq; zgsac$8jQ?bWT(Q@A|yK3`@e-CC=u3qY5_1vWIN{AIZ7(X2FZfO?*r7VanM-Lf~sV@ z%C+`+1BRqITKec>`0r*%0)g-JUVd3^72$AX#mPySN4wyU1liJY$uMZ8CW60gylZby zu0TQXTq6Yn+AA-EG@S?XuABy_J^neT-=7@6^_uiLBW0LJuva@FR+s4{WGFHs6@Bb0 zC!$@Z{k;u1dpTx4Uh%r*iV>9)S%^68dV};KDY71SE}o8%5Q6^S_+R^1_f#$f&L~bI z>DCKJo@O@D)|fVxBF@K9E0`e30vNMch)XTUg7v^)E>RFH|t|* zyH|J!12cE=b22)aEp=SzgTP^YHeihUfuRDVWQN>P(Oh@-hk~2P|73ua zZIt{f;J+QCMKYen(xq6N{_qM_hjXgLCbfdJ&i z+Qc6Ir6&|!5MSFDKYroTQ{&pR zF`hnS2alMRy&j9LjbTp&{3j+d7+qv5!Y zy9bBQLYKLTB(^;R)=W(XQ55#bua8z$66G`PJ}<-G>0)&lc!$J9RLWUwn`CWIG6a{* zwg*V$-uM;wDHDB8q2+!f-5-|e|8(*vG11Oz9wgb%?-wRh1s7dEWWmu2a7XYO70CjD zfM2rYpW@K7x%**p=lpzlX^B=eD4{RlB&Zw`90hA5Tn+WA3igOWU+SgLj=7+%01wF{ zETXjOA+RY<To{q5sX|BoY3lqph_FLPN=ut-U z7;@iPWI4zg3B*eM#Ox+(gY$dM7Y3EXL-A)n3`T5CvkzkxiJ#c9_}K1%7`FKazM4-( zA}iFn06th}q+;XIL0hyxgomsYHpIUvM+RnoAve{h$#QzdIwpeQKQQ*EgGBWKyG+x$ z0)c>Dc6=j@E^|mI*A8YN2j*6;LO;R_jb1zJjJSaL)UfC%L-?DGBsdmh<;Lqlic;#T8uI@+*CVZX4#jSO&(h eQ@oi!x8_WXS}cu)9sXm2eu5TIv6-!P%S-m((oi=5 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_2_ca.pem b/pki/testdata/ssl/certificates/client_2_ca.pem new file mode 100644 index 0000000000..9709d4649d --- /dev/null +++ b/pki/testdata/ssl/certificates/client_2_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=E CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:49:c7:44:8c:f4:90:52:36:4f:46:d7:68:0a: + 3d:dc:3a:13:3c:61:45:fb:cf:5e:8e:06:c1:35:5d: + 75:f1:33:d7:f0:5b:0e:34:99:19:9d:df:b5:81:40: + aa:1d:eb:f7:45:6e:7f:e2:b5:6e:70:42:5f:a5:bd: + 47:dd:d8:f9:4e:33:03:81:ea:40:c4:0f:ed:53:35: + ab:78:61:e5:aa:80:46:b6:1f:b9:a1:aa:80:c6:cd: + 4c:3c:a6:63:fd:ed:bf:fd:f2:df:1a:b9:de:e9:40: + 1b:cb:00:39:e9:dc:cd:78:70:3d:1b:20:32:49:6b: + 0b:eb:c5:31:27:50:4f:5f:fd:a7:7b:77:1e:d0:a1: + 20:01:56:5c:a6:2c:1d:4b:48:8d:8d:03:94:73:e6: + f6:94:39:59:3c:fc:07:ae:cb:dc:02:7f:2d:04:42: + 5c:d6:ff:86:76:a3:bc:7f:1e:0e:a0:4c:12:ce:58: + f7:42:2d:5b:9d:6b:ef:47:e2:ce:71:89:08:15:fd: + 2c:47:a5:a0:7e:73:ed:0c:b0:fc:b8:7c:0e:cf:fd: + e4:38:5f:ce:8e:80:f2:99:db:fc:fc:ad:9d:b4:be: + 28:4f:e5:5d:5c:93:36:75:4c:64:25:9f:53:64:a5: + 37:66:49:5b:bf:82:f4:01:77:d8:ef:cc:ce:bb:13: + 4c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 79:d6:b7:44:92:09:42:bc:96:d8:da:92:c1:cb:9b:19:eb:38: + 98:66:ec:3f:b6:14:a2:31:37:9b:0d:3f:83:cb:fa:80:75:19: + fa:1e:78:7b:05:55:43:a1:17:2d:9a:ad:f9:f2:1f:56:01:c1: + c8:78:02:1c:60:7b:40:95:a9:b3:82:52:65:d8:74:f4:46:b4: + 03:a0:98:db:b4:75:4d:f4:dd:73:84:33:9b:7d:91:78:7a:5b: + 50:08:12:d5:f1:d3:c0:90:fd:2b:14:61:76:96:a3:03:f2:ac: + 7a:b3:f6:9e:ab:a2:07:d1:ae:4d:be:e7:d1:1e:d6:a3:32:be: + 70:70:54:fc:d1:c9:3e:bd:7c:0e:1a:03:17:12:c6:78:3b:df: + 91:61:a9:0f:0a:65:bc:b2:c0:41:da:c3:32:8a:0e:ef:75:89: + 1b:11:27:0a:bb:47:91:c2:e4:71:ea:91:d4:4d:66:c1:a1:3b: + 06:8d:54:b6:da:6f:54:e6:d7:4f:f2:18:b8:d5:59:cb:47:0d: + 9f:d8:1c:6a:20:9c:e2:93:07:a3:dd:94:13:2c:ab:1d:1a:71: + eb:5b:62:12:20:e5:e1:cd:d1:e0:63:fd:94:34:b2:a5:b8:84: + ee:af:2d:11:3d:f2:91:74:f2:ef:bd:55:c6:cf:72:ff:b1:74: + e5:6e:6c:3e +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwERSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhJx0SM9JBS +Nk9G12gKPdw6EzxhRfvPXo4GwTVddfEz1/BbDjSZGZ3ftYFAqh3r90Vuf+K1bnBC +X6W9R93Y+U4zA4HqQMQP7VM1q3hh5aqARrYfuaGqgMbNTDymY/3tv/3y3xq53ulA +G8sAOenczXhwPRsgMklrC+vFMSdQT1/9p3t3HtChIAFWXKYsHUtIjY0DlHPm9pQ5 +WTz8B67L3AJ/LQRCXNb/hnajvH8eDqBMEs5Y90ItW51r70fiznGJCBX9LEeloH5z +7Qyw/Lh8Ds/95Dhfzo6A8pnb/PytnbS+KE/lXVyTNnVMZCWfU2SlN2ZJW7+C9AF3 +2O/MzrsTTAECAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFPeVArhHq6/vmE2o+cgk1KVPRkfLMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQB51rdEkglCvJbY +2pLBy5sZ6ziYZuw/thSiMTebDT+Dy/qAdRn6Hnh7BVVDoRctmq358h9WAcHIeAIc +YHtAlamzglJl2HT0RrQDoJjbtHVN9N1zhDObfZF4eltQCBLV8dPAkP0rFGF2lqMD +8qx6s/aeq6IH0a5NvufRHtajMr5wcFT80ck+vXwOGgMXEsZ4O9+RYakPCmW8ssBB +2sMyig7vdYkbEScKu0eRwuRx6pHUTWbBoTsGjVS22m9U5tdP8hi41VnLRw2f2Bxq +IJzikwej3ZQTLKsdGnHrW2ISIOXhzdHgY/2UNLKluITury0RPfKRdPLvvVXGz3L/ +sXTlbmw+ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_3.key b/pki/testdata/ssl/certificates/client_3.key new file mode 100644 index 0000000000..0d632994da --- /dev/null +++ b/pki/testdata/ssl/certificates/client_3.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfzCuI/9Gc9CqR +sv/uuBw1erHiCSrkvF80sO9WW9Y11byU6Iek160lKYXjfTI17mv4tMRsvwehSy+k +ira0sXi0V1l7hUvyHFSVwH0U1e7jmS3Fzat0i+3gU3qdG5WX15dwtkp4RuRc7QAn +selsyir6a4Kg3JivNCgH/VDlnnQwOB3QkBRsCpDNffMeHk7oj1JN/uJGZ536cpPI +u8DrubVYe0dhHeKClG2+PYATq4BE7Ix7A3KNGhv7en9CzLOA40OD5XCDb2jWCkJL +D0ME+1/TXDI7IuVXtHRl/ULwiWYcqZwQ1nF/qHWVCQVdQtP0RdQdJMgfm/vEiH56 +CP9SGHDnAgMBAAECggEAEcSK5q3DKdeAUDj9+hYglNWyp7ZrPYmwcFRoGEsX016T +nF8KjgqpJuOqDnRiO9rpyHqZCJppB8crYflGfWrqR+saeQCGREJgKVKA1es/p7Dl +hQPsV4YjifjePk/N31dKcG7kcuE3DRoRFVjT4pPMGZIQsUA1/e0nslO5Rf7LXn0B +4IeVYiAeY46+RJ+oDA0OBCaAuPxB/VL7tLKSbGNxuGEiszHy5uSdy6mGl4rRCXoI +y8G8oo7L3x3lwNCEyWJoKSAzrOgHK9BpJTNP1X2dI4o3tk85oOo3XJSlduWnHQyT +R5h/AmSNhmLsxWtFszDyGNrvuh5KC584XN9JXSp4GQKBgQDMclgNL9T10okUmyus +FdSJVk5PsJfRCUrofXiam41xjCjkHdH8cTogt0ey+Tc/cym8a7e2rk51qwnVET+n +/OJW4YFDUFhSMAcqLOU0qcESaIcfS61+9YpgoVGPFpKUaEXzYlprTeW+nDyBOJcD +/jeejm5W9HnOrDONI+717ffZmwKBgQDIF5bZnDR2j45l5MpaLrL7y4MDF8MefvHh +5hw4Xzax57GpDoHATrVfHCIFsnOrtn8tBhugLTpeH3m7su3YVUXDFzl21JkbFJ6M +8TcxoocuoxmJGQVVhABC9NXJuA79LBd7tTPPAeRxhRi1vHiNTR9pzemJjCo3JUks +omIwBPaQpQKBgFbFRPe70E/Q3ls/jGaKEV2EotIRqi2PGxrXfeNol7yUdxpySZgx +2jDeePDN8xPb5d/Re/RtwGESiabDnlfG7a1gIkOWixW+ypus2E7kqUwNzyOKNAWJ +YwSmEv5+3xFbvCyTFrsqIZMnrkpN4VJRh/ukidIgCr6buXlywc3hBOt3AoGBALY4 +5WRgYVbn/eLFrZLbnJy7BiE27rdDHL2BdonQDFuQibdQQtID3CE12bYegkEK/l7e +hSImjlVRjOdnWDv/zHyTFf4mNxj2ej4ZHw7Q2ROb7ZFxe+4ZPLO9jUUbnmrqUKiU +qQ4Ixyaq84nujksAxW7x25EsWPXHuxAvAgSBQJsRAoGBAJ1s8TSniokwMUBydO2F +Kupa3h85153Bu1X1nyehLQZw54jd8DkwDZnQSUx8YhcdMmiUp8He7G9egeE5w8qb +PeDQcp6JXH3Z9UuonIwxz086RUXf1C1xu2xLoH07SWjzBZCuJcbGI4+jF6RQCvEl +OwlLBF0aS7GzeQykN7zOf4E5 +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_3.pem b/pki/testdata/ssl/certificates/client_3.pem new file mode 100644 index 0000000000..63d9cc08a4 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_3.pem @@ -0,0 +1,77 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4099 (0x1003) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert F + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9f:cc:2b:88:ff:d1:9c:f4:2a:91:b2:ff:ee:b8: + 1c:35:7a:b1:e2:09:2a:e4:bc:5f:34:b0:ef:56:5b: + d6:35:d5:bc:94:e8:87:a4:d7:ad:25:29:85:e3:7d: + 32:35:ee:6b:f8:b4:c4:6c:bf:07:a1:4b:2f:a4:8a: + b6:b4:b1:78:b4:57:59:7b:85:4b:f2:1c:54:95:c0: + 7d:14:d5:ee:e3:99:2d:c5:cd:ab:74:8b:ed:e0:53: + 7a:9d:1b:95:97:d7:97:70:b6:4a:78:46:e4:5c:ed: + 00:27:b1:e9:6c:ca:2a:fa:6b:82:a0:dc:98:af:34: + 28:07:fd:50:e5:9e:74:30:38:1d:d0:90:14:6c:0a: + 90:cd:7d:f3:1e:1e:4e:e8:8f:52:4d:fe:e2:46:67: + 9d:fa:72:93:c8:bb:c0:eb:b9:b5:58:7b:47:61:1d: + e2:82:94:6d:be:3d:80:13:ab:80:44:ec:8c:7b:03: + 72:8d:1a:1b:fb:7a:7f:42:cc:b3:80:e3:43:83:e5: + 70:83:6f:68:d6:0a:42:4b:0f:43:04:fb:5f:d3:5c: + 32:3b:22:e5:57:b4:74:65:fd:42:f0:89:66:1c:a9: + 9c:10:d6:71:7f:a8:75:95:09:05:5d:42:d3:f4:45: + d4:1d:24:c8:1f:9b:fb:c4:88:7e:7a:08:ff:52:18: + 70:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:santest@example.com, othername: UPN::santest@ad.corp.example.com + X509v3 Subject Key Identifier: + 07:70:4F:5A:12:6A:60:B9:06:FE:53:36:97:23:3B:7F:AA:29:C7:59 + X509v3 Authority Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 90:82:56:b7:4b:e1:92:3a:b3:50:00:a9:ac:c2:92:45:b5:4a: + c1:2a:c7:b8:03:a2:c1:72:2f:eb:7e:48:4d:52:19:66:e0:2c: + fa:24:88:7b:b2:6b:58:3e:f7:79:14:04:b6:c6:46:9e:2c:da: + 93:ac:9e:89:4f:da:91:a5:b9:fc:9b:23:4b:cd:63:9e:bc:7f: + 64:cc:c3:66:09:39:2d:6e:26:84:a1:50:4e:e4:08:68:76:92: + 89:ff:07:6a:5e:6d:44:58:8c:d8:37:60:73:ae:b3:27:b4:9f: + e0:fe:48:4a:a7:78:c2:b0:5b:de:c6:bb:ec:b0:9e:43:00:e7: + dc:d3:8a:0e:ea:b8:de:b8:7c:f4:3a:2b:fd:9a:a0:1e:05:ac: + f2:ae:8d:42:15:c3:24:d2:7e:e4:bd:85:65:72:1b:2e:7f:3d: + 4f:cd:1c:43:2f:dd:94:e5:14:29:fb:af:75:7f:5b:7b:46:4e: + 05:df:b0:8f:be:5a:1b:a2:77:40:ba:ad:ad:87:1b:73:25:36: + 0f:b7:5a:c5:82:d6:20:69:fe:b9:bf:4c:4e:c9:d1:85:94:c3: + 43:e1:f3:1e:51:b8:6b:76:62:ab:fd:02:cf:c6:9e:2a:42:3c: + 58:75:b0:60:7f:e6:6b:26:d4:70:06:55:4e:af:33:6e:99:40: + 67:62:50:69 +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwERSBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfzCuI +/9Gc9CqRsv/uuBw1erHiCSrkvF80sO9WW9Y11byU6Iek160lKYXjfTI17mv4tMRs +vwehSy+kira0sXi0V1l7hUvyHFSVwH0U1e7jmS3Fzat0i+3gU3qdG5WX15dwtkp4 +RuRc7QAnselsyir6a4Kg3JivNCgH/VDlnnQwOB3QkBRsCpDNffMeHk7oj1JN/uJG +Z536cpPIu8DrubVYe0dhHeKClG2+PYATq4BE7Ix7A3KNGhv7en9CzLOA40OD5XCD +b2jWCkJLD0ME+1/TXDI7IuVXtHRl/ULwiWYcqZwQ1nF/qHWVCQVdQtP0RdQdJMgf +m/vEiH56CP9SGHDnAgMBAAGjgZAwgY0wSwYDVR0RBEQwQoETc2FudGVzdEBleGFt +cGxlLmNvbaArBgorBgEEAYI3FAIDoB0MG3NhbnRlc3RAYWQuY29ycC5leGFtcGxl +LmNvbTAdBgNVHQ4EFgQUB3BPWhJqYLkG/lM2lyM7f6opx1kwHwYDVR0jBBgwFoAU +95UCuEerr++YTaj5yCTUpU9GR8swDQYJKoZIhvcNAQELBQADggEBAJCCVrdL4ZI6 +s1AAqazCkkW1SsEqx7gDosFyL+t+SE1SGWbgLPokiHuya1g+93kUBLbGRp4s2pOs +nolP2pGlufybI0vNY568f2TMw2YJOS1uJoShUE7kCGh2kon/B2pebURYjNg3YHOu +sye0n+D+SEqneMKwW97Gu+ywnkMA59zTig7quN64fPQ6K/2aoB4FrPKujUIVwyTS +fuS9hWVyGy5/PU/NHEMv3ZTlFCn7r3V/W3tGTgXfsI++Whuid0C6ra2HG3MlNg+3 +WsWC1iBp/rm/TE7J0YWUw0Ph8x5RuGt2Yqv9As/GnipCPFh1sGB/5msm1HAGVU6v +M26ZQGdiUGk= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_3.pk8 b/pki/testdata/ssl/certificates/client_3.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..cf052efe0fc70f7abb20830f3faf143d4948bd5c GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0H4e&i2u=? z^eU0E|L(XPHF~k)2`c2gUo^1qR$JCJ)x4DGhosl7B`JmDeKIxfYxuOpY`+JgOE08~ zwzRQ$v{zYsg-h}rRF%Me6xHtInJvZ5t8|O);8S{?81@g> z`fGxq+?cO4CEW+Udx8nFyL` z2gfU6`9^(e>PPDuc>sn)LSQLUfYs|ir?BOP1MF9ZBZ>IlK2OcxS4wbh?2!Mvi5%ikU4z|e%rVrVHKGpy(bE6`~rGf&lhog<1j zwof^r>Ni}JrFP|~9SoC4n12FfjfP_E#cM^gF!C7M@46mJ3!gY#-$`96co_nLfdI^M zSPd`K_0owHn=7mp)QMJ3Pq3HK2}!Fb66uly@3(NtiL(Fy46Z&GQr6<=@eJ z^liXl5{ah6o>#{0tzaTUmWvg>%A2g%PUNXf4bLNrGzE!c1f~-He%}#WyeyLzyDA}* zC$36O;ZjkD`=p7|APT;lxp{KI&EW*=cLITd0Jb>gWME-d=l$Zvt&-cEoVx}gHtx4W z9KC^diO>vNkcqcYLec}=AvM{y9)dv%{$AdNA|{SiQHXo9&Ttd+r%Lv%QT)8=h+FP^grt4hY94s`H8Nj!OW=Zt>fZELio&yAUq|1c5-C z5dwjM0G({{G^dJ*Ffl-KbnS&I>RR3(IoF-RyH)j{C!s9{aOa5K@HsFInb1j0d}0?J zGH8^i!QSj|UV-5`!^)dI;LviOiClfz^-HLnj4{toIz>g_)GcwlY)hbhJ4tBs1(2>K g#>OL$qZg!53h^a72}=ZB8cVUWc?_gCyv~1tIiOHTt^fc4 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_3_ca.pem b/pki/testdata/ssl/certificates/client_3_ca.pem new file mode 100644 index 0000000000..9709d4649d --- /dev/null +++ b/pki/testdata/ssl/certificates/client_3_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=E CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:49:c7:44:8c:f4:90:52:36:4f:46:d7:68:0a: + 3d:dc:3a:13:3c:61:45:fb:cf:5e:8e:06:c1:35:5d: + 75:f1:33:d7:f0:5b:0e:34:99:19:9d:df:b5:81:40: + aa:1d:eb:f7:45:6e:7f:e2:b5:6e:70:42:5f:a5:bd: + 47:dd:d8:f9:4e:33:03:81:ea:40:c4:0f:ed:53:35: + ab:78:61:e5:aa:80:46:b6:1f:b9:a1:aa:80:c6:cd: + 4c:3c:a6:63:fd:ed:bf:fd:f2:df:1a:b9:de:e9:40: + 1b:cb:00:39:e9:dc:cd:78:70:3d:1b:20:32:49:6b: + 0b:eb:c5:31:27:50:4f:5f:fd:a7:7b:77:1e:d0:a1: + 20:01:56:5c:a6:2c:1d:4b:48:8d:8d:03:94:73:e6: + f6:94:39:59:3c:fc:07:ae:cb:dc:02:7f:2d:04:42: + 5c:d6:ff:86:76:a3:bc:7f:1e:0e:a0:4c:12:ce:58: + f7:42:2d:5b:9d:6b:ef:47:e2:ce:71:89:08:15:fd: + 2c:47:a5:a0:7e:73:ed:0c:b0:fc:b8:7c:0e:cf:fd: + e4:38:5f:ce:8e:80:f2:99:db:fc:fc:ad:9d:b4:be: + 28:4f:e5:5d:5c:93:36:75:4c:64:25:9f:53:64:a5: + 37:66:49:5b:bf:82:f4:01:77:d8:ef:cc:ce:bb:13: + 4c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 79:d6:b7:44:92:09:42:bc:96:d8:da:92:c1:cb:9b:19:eb:38: + 98:66:ec:3f:b6:14:a2:31:37:9b:0d:3f:83:cb:fa:80:75:19: + fa:1e:78:7b:05:55:43:a1:17:2d:9a:ad:f9:f2:1f:56:01:c1: + c8:78:02:1c:60:7b:40:95:a9:b3:82:52:65:d8:74:f4:46:b4: + 03:a0:98:db:b4:75:4d:f4:dd:73:84:33:9b:7d:91:78:7a:5b: + 50:08:12:d5:f1:d3:c0:90:fd:2b:14:61:76:96:a3:03:f2:ac: + 7a:b3:f6:9e:ab:a2:07:d1:ae:4d:be:e7:d1:1e:d6:a3:32:be: + 70:70:54:fc:d1:c9:3e:bd:7c:0e:1a:03:17:12:c6:78:3b:df: + 91:61:a9:0f:0a:65:bc:b2:c0:41:da:c3:32:8a:0e:ef:75:89: + 1b:11:27:0a:bb:47:91:c2:e4:71:ea:91:d4:4d:66:c1:a1:3b: + 06:8d:54:b6:da:6f:54:e6:d7:4f:f2:18:b8:d5:59:cb:47:0d: + 9f:d8:1c:6a:20:9c:e2:93:07:a3:dd:94:13:2c:ab:1d:1a:71: + eb:5b:62:12:20:e5:e1:cd:d1:e0:63:fd:94:34:b2:a5:b8:84: + ee:af:2d:11:3d:f2:91:74:f2:ef:bd:55:c6:cf:72:ff:b1:74: + e5:6e:6c:3e +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwERSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhJx0SM9JBS +Nk9G12gKPdw6EzxhRfvPXo4GwTVddfEz1/BbDjSZGZ3ftYFAqh3r90Vuf+K1bnBC +X6W9R93Y+U4zA4HqQMQP7VM1q3hh5aqARrYfuaGqgMbNTDymY/3tv/3y3xq53ulA +G8sAOenczXhwPRsgMklrC+vFMSdQT1/9p3t3HtChIAFWXKYsHUtIjY0DlHPm9pQ5 +WTz8B67L3AJ/LQRCXNb/hnajvH8eDqBMEs5Y90ItW51r70fiznGJCBX9LEeloH5z +7Qyw/Lh8Ds/95Dhfzo6A8pnb/PytnbS+KE/lXVyTNnVMZCWfU2SlN2ZJW7+C9AF3 +2O/MzrsTTAECAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFPeVArhHq6/vmE2o+cgk1KVPRkfLMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQB51rdEkglCvJbY +2pLBy5sZ6ziYZuw/thSiMTebDT+Dy/qAdRn6Hnh7BVVDoRctmq358h9WAcHIeAIc +YHtAlamzglJl2HT0RrQDoJjbtHVN9N1zhDObfZF4eltQCBLV8dPAkP0rFGF2lqMD +8qx6s/aeq6IH0a5NvufRHtajMr5wcFT80ck+vXwOGgMXEsZ4O9+RYakPCmW8ssBB +2sMyig7vdYkbEScKu0eRwuRx6pHUTWbBoTsGjVS22m9U5tdP8hi41VnLRw2f2Bxq +IJzikwej3ZQTLKsdGnHrW2ISIOXhzdHgY/2UNLKluITury0RPfKRdPLvvVXGz3L/ +sXTlbmw+ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_4.key b/pki/testdata/ssl/certificates/client_4.key new file mode 100644 index 0000000000..54ae5fcdc2 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_4.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAK4v0jF1vvMR4iTvXwB4m/KSIllNDTEufAy/oXSanFHoAoGCCqGSM49 +AwEHoUQDQgAEhWRFJ+xiDW79ytVAhbV0/BaTIytPuMebZAU78Qlb0qU7LC4uzWAe +kl7i52305fpCCcx13l3AKDqmYZzU2NoxqA== +-----END EC PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_4.pem b/pki/testdata/ssl/certificates/client_4.pem new file mode 100644 index 0000000000..0b141717b5 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_4.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4100 (0x1004) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert G + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:85:64:45:27:ec:62:0d:6e:fd:ca:d5:40:85:b5: + 74:fc:16:93:23:2b:4f:b8:c7:9b:64:05:3b:f1:09: + 5b:d2:a5:3b:2c:2e:2e:cd:60:1e:92:5e:e2:e7:6d: + f4:e5:fa:42:09:cc:75:de:5d:c0:28:3a:a6:61:9c: + d4:d8:da:31:a8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + F4:DC:DA:D1:28:7E:11:52:81:D1:FF:8D:A0:F8:85:87:78:5F:6B:DC + X509v3 Authority Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 84:c0:ba:64:eb:32:97:8f:1c:d4:88:0a:94:0a:d3:12:e2:3f: + b1:8d:70:85:ad:7f:28:11:00:4f:76:04:66:e0:3f:dd:56:44: + 98:f5:f0:b6:c8:22:ff:04:77:70:f9:18:f2:9b:1e:6f:fd:2a: + 5c:fc:40:3a:8a:b2:af:8d:df:33:6b:46:26:4d:5a:23:29:cd: + 07:ef:06:f7:b2:13:61:f0:20:26:14:7b:79:c5:cf:76:04:01: + d6:f8:22:b1:05:22:6d:78:1d:8d:1b:f3:52:9c:4d:2b:c9:bf: + 3d:9c:48:88:9a:99:1f:1f:ea:27:b3:8b:81:62:f0:59:66:a8: + 7e:3f:fb:a6:05:a4:d3:5d:e3:d4:2e:b0:ba:f2:d9:dd:80:1b: + 08:fd:2b:e3:c5:76:9d:6e:62:d0:0d:41:dd:44:5b:b7:cc:14: + 44:5f:4e:58:e1:28:aa:63:3d:69:05:82:55:b5:51:2c:6d:bd: + ca:a5:ce:a6:5d:d6:02:cc:ca:77:e9:3e:a4:f8:05:61:eb:ef: + 23:eb:ac:b9:93:1e:b5:49:e9:40:9c:b1:3c:b7:c0:ea:20:bd: + 0f:58:64:82:ea:42:35:21:39:e8:c9:d0:66:d2:1d:e1:22:fa: + 7e:2c:b3:48:a0:ee:3b:55:f6:78:7b:ec:3e:66:75:6c:ae:48: + dd:3e:cd:f6 +-----BEGIN CERTIFICATE----- +MIICRzCCAS+gAwIBAgICEAQwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwERSBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASFZEUn7GINbv3K +1UCFtXT8FpMjK0+4x5tkBTvxCVvSpTssLi7NYB6SXuLnbfTl+kIJzHXeXcAoOqZh +nNTY2jGoo28wbTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQU9Nza0Sh+EVKB0f+NoPiFh3hfa9wwHwYDVR0jBBgw +FoAU95UCuEerr++YTaj5yCTUpU9GR8swDQYJKoZIhvcNAQELBQADggEBAITAumTr +MpePHNSICpQK0xLiP7GNcIWtfygRAE92BGbgP91WRJj18LbIIv8Ed3D5GPKbHm/9 +Klz8QDqKsq+N3zNrRiZNWiMpzQfvBveyE2HwICYUe3nFz3YEAdb4IrEFIm14HY0b +81KcTSvJvz2cSIiamR8f6iezi4Fi8FlmqH4/+6YFpNNd49QusLry2d2AGwj9K+PF +dp1uYtANQd1EW7fMFERfTljhKKpjPWkFglW1USxtvcqlzqZd1gLMynfpPqT4BWHr +7yPrrLmTHrVJ6UCcsTy3wOogvQ9YZILqQjUhOejJ0GbSHeEi+n4ss0ig7jtV9nh7 +7D5mdWyuSN0+zfY= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_4.pk8 b/pki/testdata/ssl/certificates/client_4.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..5342e8264047418f0fe3e77f12a2ea0bde8185f9 GIT binary patch literal 138 zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$idxW7on*89vy zh?Bj10pf4UNQq@MG{m{^GX90qYH>%QL<2$q1chWpC+uPkZvD#DK!vq*{1%fVD^Iw` sn`8w$@d;bfr8_JxF3n&bl3wEHZS>{(LJ7=u-d(^bI;LTq)Y#fFsD1Q01ONa4 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_4_ca.pem b/pki/testdata/ssl/certificates/client_4_ca.pem new file mode 100644 index 0000000000..9709d4649d --- /dev/null +++ b/pki/testdata/ssl/certificates/client_4_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=E CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:49:c7:44:8c:f4:90:52:36:4f:46:d7:68:0a: + 3d:dc:3a:13:3c:61:45:fb:cf:5e:8e:06:c1:35:5d: + 75:f1:33:d7:f0:5b:0e:34:99:19:9d:df:b5:81:40: + aa:1d:eb:f7:45:6e:7f:e2:b5:6e:70:42:5f:a5:bd: + 47:dd:d8:f9:4e:33:03:81:ea:40:c4:0f:ed:53:35: + ab:78:61:e5:aa:80:46:b6:1f:b9:a1:aa:80:c6:cd: + 4c:3c:a6:63:fd:ed:bf:fd:f2:df:1a:b9:de:e9:40: + 1b:cb:00:39:e9:dc:cd:78:70:3d:1b:20:32:49:6b: + 0b:eb:c5:31:27:50:4f:5f:fd:a7:7b:77:1e:d0:a1: + 20:01:56:5c:a6:2c:1d:4b:48:8d:8d:03:94:73:e6: + f6:94:39:59:3c:fc:07:ae:cb:dc:02:7f:2d:04:42: + 5c:d6:ff:86:76:a3:bc:7f:1e:0e:a0:4c:12:ce:58: + f7:42:2d:5b:9d:6b:ef:47:e2:ce:71:89:08:15:fd: + 2c:47:a5:a0:7e:73:ed:0c:b0:fc:b8:7c:0e:cf:fd: + e4:38:5f:ce:8e:80:f2:99:db:fc:fc:ad:9d:b4:be: + 28:4f:e5:5d:5c:93:36:75:4c:64:25:9f:53:64:a5: + 37:66:49:5b:bf:82:f4:01:77:d8:ef:cc:ce:bb:13: + 4c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 79:d6:b7:44:92:09:42:bc:96:d8:da:92:c1:cb:9b:19:eb:38: + 98:66:ec:3f:b6:14:a2:31:37:9b:0d:3f:83:cb:fa:80:75:19: + fa:1e:78:7b:05:55:43:a1:17:2d:9a:ad:f9:f2:1f:56:01:c1: + c8:78:02:1c:60:7b:40:95:a9:b3:82:52:65:d8:74:f4:46:b4: + 03:a0:98:db:b4:75:4d:f4:dd:73:84:33:9b:7d:91:78:7a:5b: + 50:08:12:d5:f1:d3:c0:90:fd:2b:14:61:76:96:a3:03:f2:ac: + 7a:b3:f6:9e:ab:a2:07:d1:ae:4d:be:e7:d1:1e:d6:a3:32:be: + 70:70:54:fc:d1:c9:3e:bd:7c:0e:1a:03:17:12:c6:78:3b:df: + 91:61:a9:0f:0a:65:bc:b2:c0:41:da:c3:32:8a:0e:ef:75:89: + 1b:11:27:0a:bb:47:91:c2:e4:71:ea:91:d4:4d:66:c1:a1:3b: + 06:8d:54:b6:da:6f:54:e6:d7:4f:f2:18:b8:d5:59:cb:47:0d: + 9f:d8:1c:6a:20:9c:e2:93:07:a3:dd:94:13:2c:ab:1d:1a:71: + eb:5b:62:12:20:e5:e1:cd:d1:e0:63:fd:94:34:b2:a5:b8:84: + ee:af:2d:11:3d:f2:91:74:f2:ef:bd:55:c6:cf:72:ff:b1:74: + e5:6e:6c:3e +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwERSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhJx0SM9JBS +Nk9G12gKPdw6EzxhRfvPXo4GwTVddfEz1/BbDjSZGZ3ftYFAqh3r90Vuf+K1bnBC +X6W9R93Y+U4zA4HqQMQP7VM1q3hh5aqARrYfuaGqgMbNTDymY/3tv/3y3xq53ulA +G8sAOenczXhwPRsgMklrC+vFMSdQT1/9p3t3HtChIAFWXKYsHUtIjY0DlHPm9pQ5 +WTz8B67L3AJ/LQRCXNb/hnajvH8eDqBMEs5Y90ItW51r70fiznGJCBX9LEeloH5z +7Qyw/Lh8Ds/95Dhfzo6A8pnb/PytnbS+KE/lXVyTNnVMZCWfU2SlN2ZJW7+C9AF3 +2O/MzrsTTAECAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFPeVArhHq6/vmE2o+cgk1KVPRkfLMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQB51rdEkglCvJbY +2pLBy5sZ6ziYZuw/thSiMTebDT+Dy/qAdRn6Hnh7BVVDoRctmq358h9WAcHIeAIc +YHtAlamzglJl2HT0RrQDoJjbtHVN9N1zhDObfZF4eltQCBLV8dPAkP0rFGF2lqMD +8qx6s/aeq6IH0a5NvufRHtajMr5wcFT80ck+vXwOGgMXEsZ4O9+RYakPCmW8ssBB +2sMyig7vdYkbEScKu0eRwuRx6pHUTWbBoTsGjVS22m9U5tdP8hi41VnLRw2f2Bxq +IJzikwej3ZQTLKsdGnHrW2ISIOXhzdHgY/2UNLKluITury0RPfKRdPLvvVXGz3L/ +sXTlbmw+ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_5.key b/pki/testdata/ssl/certificates/client_5.key new file mode 100644 index 0000000000..9ccea65ec6 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_5.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDBVFmKcwJaBTkzJWeFwUnFoOqLyFfsT+DKZ2XJRoD6GZC+1gGQ2xh43 +iyjP7j6robegBwYFK4EEACKhZANiAATLes9eGzHc4cqU0Q4XfaZCTEzPz/c/YAgY +xr14uQqfnx2Jbz8MoOnC73hBk+kYphb7lnS5p4mbOhrDQLqU8qRG1ADaBwVcUlre +QKOiBjp9CzKlRQ/e9pdVmVEx5IOQ/wY= +-----END EC PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_5.pem b/pki/testdata/ssl/certificates/client_5.pem new file mode 100644 index 0000000000..015af895c6 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_5.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4101 (0x1005) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert H + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:cb:7a:cf:5e:1b:31:dc:e1:ca:94:d1:0e:17:7d: + a6:42:4c:4c:cf:cf:f7:3f:60:08:18:c6:bd:78:b9: + 0a:9f:9f:1d:89:6f:3f:0c:a0:e9:c2:ef:78:41:93: + e9:18:a6:16:fb:96:74:b9:a7:89:9b:3a:1a:c3:40: + ba:94:f2:a4:46:d4:00:da:07:05:5c:52:5a:de:40: + a3:a2:06:3a:7d:0b:32:a5:45:0f:de:f6:97:55:99: + 51:31:e4:83:90:ff:06 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + C0:0A:7F:F5:B4:49:4C:A5:97:C3:76:A2:A5:1D:F8:A5:C8:4D:65:94 + X509v3 Authority Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 93:d5:04:f0:17:b1:15:e9:40:5a:b0:1f:e1:11:0b:6b:a7:36: + 38:80:91:87:dd:eb:f0:dd:ed:7e:7c:77:09:12:e0:5b:09:ac: + 6a:66:a6:ce:44:38:21:41:b1:7a:56:df:b3:9c:75:88:dc:0d: + ad:5e:7d:b6:f4:84:4c:d0:ec:14:23:bc:09:81:6a:be:98:82: + e3:27:f3:ce:f5:0b:28:8f:01:46:b4:d4:d1:9a:ea:78:7f:9e: + 78:17:42:ca:59:bb:f1:43:8b:39:f0:7d:54:8d:a5:40:60:9f: + bc:90:cc:b2:72:76:4e:5a:55:b0:95:64:8d:dd:be:b4:35:16: + 68:af:95:3d:20:cf:07:42:dd:ec:a7:08:99:70:25:0f:4c:b8: + 1a:ef:34:72:0a:a3:ac:79:d7:02:94:2d:9b:e2:cd:ca:24:93: + 93:9a:92:e3:6f:51:89:35:74:7b:8b:bf:74:02:8c:66:57:eb: + 82:10:6e:9c:25:5e:d0:5b:55:4e:48:ff:27:a8:1b:5c:97:e7: + 99:03:d0:60:4a:e0:e6:f5:08:a4:c8:46:a6:3a:72:14:21:cb: + c1:40:e9:99:11:ef:e6:a2:6a:4e:e4:d7:99:d8:94:3f:13:f8: + 5e:b0:a9:29:e9:03:ea:41:38:5f:2a:9c:bd:1f:9b:f1:3d:66: + ee:9b:5a:3e +-----BEGIN CERTIFICATE----- +MIICZDCCAUygAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwERSBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATLes9eGzHc4cqU0Q4X +faZCTEzPz/c/YAgYxr14uQqfnx2Jbz8MoOnC73hBk+kYphb7lnS5p4mbOhrDQLqU +8qRG1ADaBwVcUlreQKOiBjp9CzKlRQ/e9pdVmVEx5IOQ/wajbzBtMAwGA1UdEwEB +/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTA +Cn/1tElMpZfDdqKlHfilyE1llDAfBgNVHSMEGDAWgBT3lQK4R6uv75hNqPnIJNSl +T0ZHyzANBgkqhkiG9w0BAQsFAAOCAQEAk9UE8BexFelAWrAf4RELa6c2OICRh93r +8N3tfnx3CRLgWwmsamamzkQ4IUGxelbfs5x1iNwNrV59tvSETNDsFCO8CYFqvpiC +4yfzzvULKI8BRrTU0ZrqeH+eeBdCylm78UOLOfB9VI2lQGCfvJDMsnJ2TlpVsJVk +jd2+tDUWaK+VPSDPB0Ld7KcImXAlD0y4Gu80cgqjrHnXApQtm+LNyiSTk5qS429R +iTV0e4u/dAKMZlfrghBunCVe0FtVTkj/J6gbXJfnmQPQYErg5vUIpMhGpjpyFCHL +wUDpmRHv5qJqTuTXmdiUPxP4XrCpKekD6kE4XyqcvR+b8T1m7ptaPg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_5.pk8 b/pki/testdata/ssl/certificates/client_5.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..1a4f31a661ce59afa96fe239ff7e2315fa196770 GIT binary patch literal 185 zcmV;q07m~Xfwlqx05A{+2P%e0&OHJF1_djD1OOrgfu1mdn*sp=1Ta+=Vw}L1flf@x zS>bR}acDZC@)i3N_%fN=nThL1B rfI&k$H{UHl?NCtg6r=o0JspRVj0*S?hx|2P;r7Q0S_d>S$=YEf*}Q87 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_6_ca.pem b/pki/testdata/ssl/certificates/client_6_ca.pem new file mode 100644 index 0000000000..9709d4649d --- /dev/null +++ b/pki/testdata/ssl/certificates/client_6_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=E CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:49:c7:44:8c:f4:90:52:36:4f:46:d7:68:0a: + 3d:dc:3a:13:3c:61:45:fb:cf:5e:8e:06:c1:35:5d: + 75:f1:33:d7:f0:5b:0e:34:99:19:9d:df:b5:81:40: + aa:1d:eb:f7:45:6e:7f:e2:b5:6e:70:42:5f:a5:bd: + 47:dd:d8:f9:4e:33:03:81:ea:40:c4:0f:ed:53:35: + ab:78:61:e5:aa:80:46:b6:1f:b9:a1:aa:80:c6:cd: + 4c:3c:a6:63:fd:ed:bf:fd:f2:df:1a:b9:de:e9:40: + 1b:cb:00:39:e9:dc:cd:78:70:3d:1b:20:32:49:6b: + 0b:eb:c5:31:27:50:4f:5f:fd:a7:7b:77:1e:d0:a1: + 20:01:56:5c:a6:2c:1d:4b:48:8d:8d:03:94:73:e6: + f6:94:39:59:3c:fc:07:ae:cb:dc:02:7f:2d:04:42: + 5c:d6:ff:86:76:a3:bc:7f:1e:0e:a0:4c:12:ce:58: + f7:42:2d:5b:9d:6b:ef:47:e2:ce:71:89:08:15:fd: + 2c:47:a5:a0:7e:73:ed:0c:b0:fc:b8:7c:0e:cf:fd: + e4:38:5f:ce:8e:80:f2:99:db:fc:fc:ad:9d:b4:be: + 28:4f:e5:5d:5c:93:36:75:4c:64:25:9f:53:64:a5: + 37:66:49:5b:bf:82:f4:01:77:d8:ef:cc:ce:bb:13: + 4c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 79:d6:b7:44:92:09:42:bc:96:d8:da:92:c1:cb:9b:19:eb:38: + 98:66:ec:3f:b6:14:a2:31:37:9b:0d:3f:83:cb:fa:80:75:19: + fa:1e:78:7b:05:55:43:a1:17:2d:9a:ad:f9:f2:1f:56:01:c1: + c8:78:02:1c:60:7b:40:95:a9:b3:82:52:65:d8:74:f4:46:b4: + 03:a0:98:db:b4:75:4d:f4:dd:73:84:33:9b:7d:91:78:7a:5b: + 50:08:12:d5:f1:d3:c0:90:fd:2b:14:61:76:96:a3:03:f2:ac: + 7a:b3:f6:9e:ab:a2:07:d1:ae:4d:be:e7:d1:1e:d6:a3:32:be: + 70:70:54:fc:d1:c9:3e:bd:7c:0e:1a:03:17:12:c6:78:3b:df: + 91:61:a9:0f:0a:65:bc:b2:c0:41:da:c3:32:8a:0e:ef:75:89: + 1b:11:27:0a:bb:47:91:c2:e4:71:ea:91:d4:4d:66:c1:a1:3b: + 06:8d:54:b6:da:6f:54:e6:d7:4f:f2:18:b8:d5:59:cb:47:0d: + 9f:d8:1c:6a:20:9c:e2:93:07:a3:dd:94:13:2c:ab:1d:1a:71: + eb:5b:62:12:20:e5:e1:cd:d1:e0:63:fd:94:34:b2:a5:b8:84: + ee:af:2d:11:3d:f2:91:74:f2:ef:bd:55:c6:cf:72:ff:b1:74: + e5:6e:6c:3e +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwERSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhJx0SM9JBS +Nk9G12gKPdw6EzxhRfvPXo4GwTVddfEz1/BbDjSZGZ3ftYFAqh3r90Vuf+K1bnBC +X6W9R93Y+U4zA4HqQMQP7VM1q3hh5aqARrYfuaGqgMbNTDymY/3tv/3y3xq53ulA +G8sAOenczXhwPRsgMklrC+vFMSdQT1/9p3t3HtChIAFWXKYsHUtIjY0DlHPm9pQ5 +WTz8B67L3AJ/LQRCXNb/hnajvH8eDqBMEs5Y90ItW51r70fiznGJCBX9LEeloH5z +7Qyw/Lh8Ds/95Dhfzo6A8pnb/PytnbS+KE/lXVyTNnVMZCWfU2SlN2ZJW7+C9AF3 +2O/MzrsTTAECAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFPeVArhHq6/vmE2o+cgk1KVPRkfLMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQB51rdEkglCvJbY +2pLBy5sZ6ziYZuw/thSiMTebDT+Dy/qAdRn6Hnh7BVVDoRctmq358h9WAcHIeAIc +YHtAlamzglJl2HT0RrQDoJjbtHVN9N1zhDObfZF4eltQCBLV8dPAkP0rFGF2lqMD +8qx6s/aeq6IH0a5NvufRHtajMr5wcFT80ck+vXwOGgMXEsZ4O9+RYakPCmW8ssBB +2sMyig7vdYkbEScKu0eRwuRx6pHUTWbBoTsGjVS22m9U5tdP8hi41VnLRw2f2Bxq +IJzikwej3ZQTLKsdGnHrW2ISIOXhzdHgY/2UNLKluITury0RPfKRdPLvvVXGz3L/ +sXTlbmw+ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_7.key b/pki/testdata/ssl/certificates/client_7.key new file mode 100644 index 0000000000..a22d48d79e --- /dev/null +++ b/pki/testdata/ssl/certificates/client_7.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMS7Gq6DrnR7aoa7 +zDPgE3BVNyjLeWYsSOKkPrSO7G8IGAQKGvOld8k5K/SWkZAg5Rj1nHFtYEXavNd2 +QCHqeUO6gVJu2JAKcjkbjx1rsXBCzv4wAJnf4eoS7b/fFIZyZEmxEHKHx6sIn4Gd +ExEUjgzqqTJ5ogMyctqOVy5S/kAjAgMBAAECgYAzhsH1RV4S+iQrh9JzH9RXjqo0 +0B5KyXyJh/U4e1qnthn8LN1kRUl7dbLyi+EyO7tlbyb7emdFxIXDdSBVAcGiqw2n +M3la/jA290ADLxdl+sUdPymFJxM2l/ao9UL/5PknXTFAmkhqylQ5JS4csgAE0q3b +oMmfCvOG/yTs9jBEcQJBAOKBdeuBv5S0NW1bUOFPBnwc5UtQKlXBHdd+tJtGhHI/ +mz1Ay8Onv9TRIpiLgeK7oXg3KvaopLSmI80KO1nsFPkCQQDeWRp21TQ96nDrSmrK +zfUdpLByKuPzLWe1bVR+fgGknWu07oL+g1HniQ7z9MbloVcUNUtvgezDWbKGPfV6 +DzD7AkEAnbpzKBWJGH9JOSa+srb6GBFzJrfjUyYQptCH6hz3/CsI6mWlv1CgSA1+ +XuW/A+mO7ozUMUGMuHN9OLooTF0W2QJBANudEKmM3kPFevC7mQ1lLhSwZOLvACVh +lIy7RviFRuQr5IVaC6KNXGmfk1hcTdPjbtnz5eVmY89zmgRD0GFV/d8CQQDAT+wP +dsU8Qe1vAoxC6mRMfjQH0ght2efyVeBSfQE+n0a92DcbTiNPcEKRlAb1PagCC0PY +r7YlZqtIqBttWdgv +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/client_7.pem b/pki/testdata/ssl/certificates/client_7.pem new file mode 100644 index 0000000000..d4ac032135 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_7.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4103 (0x1007) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=Client Cert J + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c4:bb:1a:ae:83:ae:74:7b:6a:86:bb:cc:33:e0: + 13:70:55:37:28:cb:79:66:2c:48:e2:a4:3e:b4:8e: + ec:6f:08:18:04:0a:1a:f3:a5:77:c9:39:2b:f4:96: + 91:90:20:e5:18:f5:9c:71:6d:60:45:da:bc:d7:76: + 40:21:ea:79:43:ba:81:52:6e:d8:90:0a:72:39:1b: + 8f:1d:6b:b1:70:42:ce:fe:30:00:99:df:e1:ea:12: + ed:bf:df:14:86:72:64:49:b1:10:72:87:c7:ab:08: + 9f:81:9d:13:11:14:8e:0c:ea:a9:32:79:a2:03:32: + 72:da:8e:57:2e:52:fe:40:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Key Identifier: + 45:86:46:CC:D4:64:F8:33:5A:7A:14:24:23:39:A7:65:D5:FE:D8:07 + X509v3 Authority Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a0:3f:52:d0:e5:5c:4e:6a:51:fa:80:16:d1:3c:e4:7e:bf:ed: + 6c:32:d4:73:d2:89:71:ca:96:d3:3a:38:e1:ca:55:dc:23:31: + 5c:e9:9e:b4:1c:48:4c:9c:2e:f8:05:9f:61:f5:3d:24:ef:95: + 41:73:c2:f2:b6:51:c2:7f:6f:5c:d2:70:c2:6e:dd:0a:79:3f: + bf:18:48:ef:2d:23:3b:68:f2:a0:23:4c:4c:fa:ff:48:ab:26: + 11:20:9f:e2:3b:68:67:96:08:ce:56:69:ba:68:09:a0:0a:34: + fa:a1:4f:47:a0:be:2b:94:ad:57:02:43:09:13:52:28:1f:6a: + a2:59:58:7b:84:5e:c5:09:42:a1:7a:d4:88:88:46:54:5c:73: + 51:3a:ac:ca:b2:30:3e:1f:9b:06:f3:28:1b:f0:71:8d:97:42: + c9:42:1f:14:49:b5:57:f3:b2:35:64:44:9f:f7:14:2b:a6:0a: + 4e:cc:8a:c8:5d:5f:53:36:51:d7:55:0d:0a:bd:e4:d8:0d:b2: + 37:46:08:93:0c:cd:9d:10:32:58:37:52:10:15:f8:5a:98:ad: + 15:c7:e0:ba:40:43:a5:8c:44:dd:72:f8:cc:8c:a3:7f:33:6a: + d9:a5:dc:2d:0b:97:07:ad:1e:dd:0a:1c:12:6a:9d:92:13:f6: + 09:0d:16:4e +-----BEGIN CERTIFICATE----- +MIICjjCCAXagAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwERSBD +QTAeFw0yMjEwMTkxNjU4NTVaFw0zMjEwMTYxNjU4NTVaMBgxFjAUBgNVBAMMDUNs +aWVudCBDZXJ0IEowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMS7Gq6DrnR7 +aoa7zDPgE3BVNyjLeWYsSOKkPrSO7G8IGAQKGvOld8k5K/SWkZAg5Rj1nHFtYEXa +vNd2QCHqeUO6gVJu2JAKcjkbjx1rsXBCzv4wAJnf4eoS7b/fFIZyZEmxEHKHx6sI +n4GdExEUjgzqqTJ5ogMyctqOVy5S/kAjAgMBAAGjbzBtMAwGA1UdEwEB/wQCMAAw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRFhkbM1GT4 +M1p6FCQjOadl1f7YBzAfBgNVHSMEGDAWgBT3lQK4R6uv75hNqPnIJNSlT0ZHyzAN +BgkqhkiG9w0BAQsFAAOCAQEAoD9S0OVcTmpR+oAW0Tzkfr/tbDLUc9KJccqW0zo4 +4cpV3CMxXOmetBxITJwu+AWfYfU9JO+VQXPC8rZRwn9vXNJwwm7dCnk/vxhI7y0j +O2jyoCNMTPr/SKsmESCf4jtoZ5YIzlZpumgJoAo0+qFPR6C+K5StVwJDCRNSKB9q +ollYe4RexQlCoXrUiIhGVFxzUTqsyrIwPh+bBvMoG/BxjZdCyUIfFEm1V/OyNWRE +n/cUK6YKTsyKyF1fUzZR11UNCr3k2A2yN0YIkwzNnRAyWDdSEBX4WpitFcfgukBD +pYxE3XL4zIyjfzNq2aXcLQuXB60e3QocEmqdkhP2CQ0WTg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_7.pk8 b/pki/testdata/ssl/certificates/client_7.pk8 new file mode 100644 index 0000000000000000000000000000000000000000..d13e5824c2b32b6484f6bb6bc05abb17cf516c37 GIT binary patch literal 636 zcmV-?0)zc9f&zE~0RS)!1_>&LNQUpVlaXNUIGCC0)c@5#Jd` zA?kTUx`9$|*pLcxIUA21Yq4-b&i*g}ncv~+679d=6oztSNwE-ehsUc3pMjkd5fqLL z>Zvk$q60E=+KyK)QvN_A0s{d60Rn-5Gls$SMP3s6BrAu~b05@Kj;b`!9!kl4iHG$# zds?Tq8T>5WWJO7Pb+Yn{;W9hBWp5_?dS^w%g~N3qRRO`Gs|}|!d0PH3HupdSFBfI{ z#T`E>g(nj>m-eXjLjUCXCtWc>nn-HOR5>Ls9I^le(yiN|$)5`IhW{k&_Ao?o0zm-c zfpzPFzm&8!ZCg;`PX>G(=gL|K>*%a8g|t*J?e1lN@~i@^&O4nqe@QtezOuIZ7!h+Ox8qYL z5T?+F>Kym{D+uakrN2<1NDY2o<-Y^zj_!=qF+q&DbA33vC`?@z*#bcT+no@pjNU`V zdholM4P`DAuw>%z03~6RjJrnog+}BnpOaWzP1ECU+4JS)W@FEDngm18 zVO9O#0zm-4PwWqN#XLdnZvu=$>SRoQGzZcMZQ1AYRp3&60Y0Bbz1TM!P9slnLXngP W^*yKp3q#niwk2k(NT?faS=cWHW+W5< literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/client_7_ca.pem b/pki/testdata/ssl/certificates/client_7_ca.pem new file mode 100644 index 0000000000..9709d4649d --- /dev/null +++ b/pki/testdata/ssl/certificates/client_7_ca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C Root CA + Validity + Not Before: Oct 19 16:58:55 2022 GMT + Not After : Oct 16 16:58:55 2032 GMT + Subject: CN=E CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:49:c7:44:8c:f4:90:52:36:4f:46:d7:68:0a: + 3d:dc:3a:13:3c:61:45:fb:cf:5e:8e:06:c1:35:5d: + 75:f1:33:d7:f0:5b:0e:34:99:19:9d:df:b5:81:40: + aa:1d:eb:f7:45:6e:7f:e2:b5:6e:70:42:5f:a5:bd: + 47:dd:d8:f9:4e:33:03:81:ea:40:c4:0f:ed:53:35: + ab:78:61:e5:aa:80:46:b6:1f:b9:a1:aa:80:c6:cd: + 4c:3c:a6:63:fd:ed:bf:fd:f2:df:1a:b9:de:e9:40: + 1b:cb:00:39:e9:dc:cd:78:70:3d:1b:20:32:49:6b: + 0b:eb:c5:31:27:50:4f:5f:fd:a7:7b:77:1e:d0:a1: + 20:01:56:5c:a6:2c:1d:4b:48:8d:8d:03:94:73:e6: + f6:94:39:59:3c:fc:07:ae:cb:dc:02:7f:2d:04:42: + 5c:d6:ff:86:76:a3:bc:7f:1e:0e:a0:4c:12:ce:58: + f7:42:2d:5b:9d:6b:ef:47:e2:ce:71:89:08:15:fd: + 2c:47:a5:a0:7e:73:ed:0c:b0:fc:b8:7c:0e:cf:fd: + e4:38:5f:ce:8e:80:f2:99:db:fc:fc:ad:9d:b4:be: + 28:4f:e5:5d:5c:93:36:75:4c:64:25:9f:53:64:a5: + 37:66:49:5b:bf:82:f4:01:77:d8:ef:cc:ce:bb:13: + 4c:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:95:02:B8:47:AB:AF:EF:98:4D:A8:F9:C8:24:D4:A5:4F:46:47:CB + X509v3 Authority Key Identifier: + 33:7A:38:92:82:9E:B6:FD:44:FB:B5:BA:A7:C7:0B:4D:59:28:60:9A + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 79:d6:b7:44:92:09:42:bc:96:d8:da:92:c1:cb:9b:19:eb:38: + 98:66:ec:3f:b6:14:a2:31:37:9b:0d:3f:83:cb:fa:80:75:19: + fa:1e:78:7b:05:55:43:a1:17:2d:9a:ad:f9:f2:1f:56:01:c1: + c8:78:02:1c:60:7b:40:95:a9:b3:82:52:65:d8:74:f4:46:b4: + 03:a0:98:db:b4:75:4d:f4:dd:73:84:33:9b:7d:91:78:7a:5b: + 50:08:12:d5:f1:d3:c0:90:fd:2b:14:61:76:96:a3:03:f2:ac: + 7a:b3:f6:9e:ab:a2:07:d1:ae:4d:be:e7:d1:1e:d6:a3:32:be: + 70:70:54:fc:d1:c9:3e:bd:7c:0e:1a:03:17:12:c6:78:3b:df: + 91:61:a9:0f:0a:65:bc:b2:c0:41:da:c3:32:8a:0e:ef:75:89: + 1b:11:27:0a:bb:47:91:c2:e4:71:ea:91:d4:4d:66:c1:a1:3b: + 06:8d:54:b6:da:6f:54:e6:d7:4f:f2:18:b8:d5:59:cb:47:0d: + 9f:d8:1c:6a:20:9c:e2:93:07:a3:dd:94:13:2c:ab:1d:1a:71: + eb:5b:62:12:20:e5:e1:cd:d1:e0:63:fd:94:34:b2:a5:b8:84: + ee:af:2d:11:3d:f2:91:74:f2:ef:bd:55:c6:cf:72:ff:b1:74: + e5:6e:6c:3e +-----BEGIN CERTIFICATE----- +MIIDAjCCAeqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS +b290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAxNjE2NTg1NVowDzENMAsGA1UE +AwwERSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhJx0SM9JBS +Nk9G12gKPdw6EzxhRfvPXo4GwTVddfEz1/BbDjSZGZ3ftYFAqh3r90Vuf+K1bnBC +X6W9R93Y+U4zA4HqQMQP7VM1q3hh5aqARrYfuaGqgMbNTDymY/3tv/3y3xq53ulA +G8sAOenczXhwPRsgMklrC+vFMSdQT1/9p3t3HtChIAFWXKYsHUtIjY0DlHPm9pQ5 +WTz8B67L3AJ/LQRCXNb/hnajvH8eDqBMEs5Y90ItW51r70fiznGJCBX9LEeloH5z +7Qyw/Lh8Ds/95Dhfzo6A8pnb/PytnbS+KE/lXVyTNnVMZCWfU2SlN2ZJW7+C9AF3 +2O/MzrsTTAECAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFPeVArhHq6/vmE2o+cgk1KVPRkfLMB8GA1UdIwQYMBaAFDN6 +OJKCnrb9RPu1uqfHC01ZKGCaMA0GCSqGSIb3DQEBCwUAA4IBAQB51rdEkglCvJbY +2pLBy5sZ6ziYZuw/thSiMTebDT+Dy/qAdRn6Hnh7BVVDoRctmq358h9WAcHIeAIc +YHtAlamzglJl2HT0RrQDoJjbtHVN9N1zhDObfZF4eltQCBLV8dPAkP0rFGF2lqMD +8qx6s/aeq6IH0a5NvufRHtajMr5wcFT80ck+vXwOGgMXEsZ4O9+RYakPCmW8ssBB +2sMyig7vdYkbEScKu0eRwuRx6pHUTWbBoTsGjVS22m9U5tdP8hi41VnLRw2f2Bxq +IJzikwej3ZQTLKsdGnHrW2ISIOXhzdHgY/2UNLKluITury0RPfKRdPLvvVXGz3L/ +sXTlbmw+ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/client_root_ca.pem b/pki/testdata/ssl/certificates/client_root_ca.pem new file mode 100644 index 0000000000..97ddcb1020 --- /dev/null +++ b/pki/testdata/ssl/certificates/client_root_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+DCCAeCgAwIBAgIUP1wLVZUv7x3bRdFOcu0C/oeN2WwwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJQyBSb290IENBMB4XDTIyMTAxOTE2NTg1NVoXDTMyMTAx +NjE2NTg1NVowFDESMBAGA1UEAwwJQyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAjec2+ZmcF1eiwxrtvoNJpiFY4ywRYD3RfHOcxEM+soBv +/6yP4hRK43YeQOPSOSHf8RSeD+kTy40wPFx4Z80XyIwIpv8xtlsPNNV0SKZfn7g+ +gt6HsfEqGq0iJPDoTQB7YY7ygvM5sOLbK4XvqQJsE7uWfxFC+3esFlxhGGd69HaK +ebUF0gEtom/0KoDNy0Md5Rdr4i2j4v032lkF+sLpWiz1BfIt10ewzknfI/Hpy39q +jdeq4LFou+UDKN7cK3zSEc7pJ2hbn5vMFpdzoUcmOi59V30Q9SvmDiOiAYdRecLM +F5IirvMzrYA740xxEFxYr9fLiMK2g5QjrbICYczsqQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUM3o4koKetv1E+7W6 +p8cLTVkoYJowDQYJKoZIhvcNAQELBQADggEBABm+LYzj/+CGE6RHYWJxoGov5Qpn +tztPE7g66UU8TDgmC0TysRPk8WpFMTpXLdway7gdNFfhrUv179JJrP6vm7SyxAW1 +KXyfUIRJiBuKbPq4rSgs7O/QvChV33s6wWt6k8zPkgi3P2XhWLwMcYYh/gwAixrO +PXzonHNrAxb62kWgPucNblQIqy+HpelSHShssWtXlXWp1kmelR44eLsaIeXybIgA +9eRCtOolBlp6oLhiTFnbDUqyHCdSleNwlBGSQCTEO95zqPzfc9CzQX1h/SL6aWJG +pP6mw+rKwh8WG9fK2MnBQYzNCj/7WU+XGLdhwc63xrUiBzKB57S8PyvWPKM= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/common_name_only.pem b/pki/testdata/ssl/certificates/common_name_only.pem new file mode 100644 index 0000000000..01d325848c --- /dev/null +++ b/pki/testdata/ssl/certificates/common_name_only.pem @@ -0,0 +1,111 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJABG+o501DlYn +pIeZGdbtxuX0hUvuhTCO/+u+ZajABJAsejJ8tm5qRURXOguSG2u3nKqR9cA3r/47 +aQHvkkYfLpF4lnL5X7lRmkOq8vWObvwaUuvwcsA3qwxWSd5u4sVOl/eSj0yzJDq0 +Lb6QVPWlbWgrZyEdDuAxg7glVTWeJagK5IMI8b2yiis7oxLXFudztUg2E3UVkIMz +Gw55unskWdOnViQ0N3kFyXfbFcnojWNm2iJfQtHxjfHN+ydGaH/z4SpYh/0SHqnC +rj46J2fojyH/LFgn2MnskeK3kOLShpEcAbnRibrbrNMcDUi5vANq3s2+bhoinS0U +fs2v53/nAgMBAAECggEAFTIjrOXWCyVC4pVQE04NQy/JShrQYgu7jijgtEhGHlGc +3oPYVRxr0lsRlN0zISoxFsC3oAK5TWYKujsdkCTtrhYcEwpSf4efpEJPRnSufmGn +xiLebJG9QWGRQHwzr5/MTLhrzBG+ddmpMxzrzo6XBOXfqUwLyuOpsq8AOTeeGtoP +kTWtvOS2ODx6ID27GNcSNGO3haeLKCZaXnlE9RKRLFnBD4IEMycivA63uEpMBe13 +PHjqc6cm5tL76TKmfZ5MCC9XRtK6NbqQpJwjet/oqr0TjM6Shz0HCSUufOqNsBjy +cnpCwb/GOvtDoV3ygUNvmUc3xZDf6e2eUc0eu1aYqQKBgQD+aXgQwUYklYreU5uK +dfOWvmR05E2ekJdsxyzxsuwpR0MaPPXiJlPYnChlvdSc+0SUDVmrv0xLrh0D0J54 +khDI3dOxTncNGEEzj0+/f9fHxpSH8CxHxsvfbzRNyLS/8QgN/24PfXTVw8o3xftn +1IsLg0mWk9m70BTKqDEZyKTZ7QKBgQDKQUCgj8/uuF1DeJL8HaP2O9HPdAjaymia +X39NeYQdYKqCGf28b6GyACcZMGemo8+s3Y1k3EheHEEnnvUMok+ULKJ6LnqLRyTU +IjoBQ8LOq8lAKTjDcvVYy6pF6wGG1YsDJsY4M1ED9Wrc87Ns1WnVZEY9P9FlhBNl +OQVD3sP2owKBgQDTr+hycI8vs6qX8ZNzc0+a95LY3HplXMRSg6w29HyioCQKefzS +DrgnfU/z0C9P65cVZcJeMM+IDTkhSn4Bru/+Yu1ZFAPlRnBCOZXOrs5Z8Tb3oXUG +yDgtEve/XShgqWrdUtM+WlJT6BSjsb3NmEGV88jQXPeH2czjD23DmXrpxQKBgG2x +ZjOuy79VDoABbPZ/vOVXHDu/Wu4OyRywnoKOXTDxtIhLQGpqwO+hVZM7xXuDbKb8 +oisJrdYczNmIRK9NeIuMibJqctwHAdprlboJ3iXo1YWO1dJrDtXR38973aAbQQG8 +jdT9P/s9p2+eXLmyJWwurkmZyx+bukkz278rmmyxAoGARoR/vqPlOj3TAcFsks1c +HeI3bqblWu/dpeZ7MhYM90Xf3e0RxigcPNkVm9H1wEragh/WVRQpunysxaTVcnAL +xKf++lCNDCPFOXAhOxTGBGpS/IbrnLfAhDCdqBX2xkyJWNGu00JGe6gfJyIQiX1Z ++919aWiM78TlJC8psjZviRs= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:83 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Dec 20 00:00:00 2017 GMT + Not After : Dec 20 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c9:00:11:be:a3:9d:35:0e:56:27:a4:87:99:19: + d6:ed:c6:e5:f4:85:4b:ee:85:30:8e:ff:eb:be:65: + a8:c0:04:90:2c:7a:32:7c:b6:6e:6a:45:44:57:3a: + 0b:92:1b:6b:b7:9c:aa:91:f5:c0:37:af:fe:3b:69: + 01:ef:92:46:1f:2e:91:78:96:72:f9:5f:b9:51:9a: + 43:aa:f2:f5:8e:6e:fc:1a:52:eb:f0:72:c0:37:ab: + 0c:56:49:de:6e:e2:c5:4e:97:f7:92:8f:4c:b3:24: + 3a:b4:2d:be:90:54:f5:a5:6d:68:2b:67:21:1d:0e: + e0:31:83:b8:25:55:35:9e:25:a8:0a:e4:83:08:f1: + bd:b2:8a:2b:3b:a3:12:d7:16:e7:73:b5:48:36:13: + 75:15:90:83:33:1b:0e:79:ba:7b:24:59:d3:a7:56: + 24:34:37:79:05:c9:77:db:15:c9:e8:8d:63:66:da: + 22:5f:42:d1:f1:8d:f1:cd:fb:27:46:68:7f:f3:e1: + 2a:58:87:fd:12:1e:a9:c2:ae:3e:3a:27:67:e8:8f: + 21:ff:2c:58:27:d8:c9:ec:91:e2:b7:90:e2:d2:86: + 91:1c:01:b9:d1:89:ba:db:ac:d3:1c:0d:48:b9:bc: + 03:6a:de:cd:be:6e:1a:22:9d:2d:14:7e:cd:af:e7: + 7f:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + ED:8D:2E:41:6F:59:A4:A8:A8:08:80:22:DA:52:E2:83:F8:05:A4:BE + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 86:c1:24:8e:a7:4d:26:27:8a:f6:12:62:6d:7f:de:aa:69:07: + 97:e4:3a:78:a6:37:73:fc:63:cb:68:1d:ab:90:32:7c:b2:bd: + b5:7c:c6:ba:a9:bf:55:22:4e:a2:ca:1e:25:a4:4b:3e:78:f7: + 5b:46:b7:04:83:99:57:82:82:fc:2f:c5:96:96:a3:da:8d:db: + df:26:e9:62:1a:24:22:9b:95:4c:cc:79:54:c9:bb:e3:1c:bc: + 87:bb:26:74:8f:89:c2:64:57:12:ca:7e:e9:e7:cb:aa:38:9f: + b0:96:4c:63:64:41:cc:03:e8:5e:13:2e:9c:79:73:bc:e7:b1: + 5b:54:80:51:48:eb:71:68:c7:21:fd:f9:2c:ee:a0:3f:52:06: + ae:96:1e:62:13:46:37:0e:a4:58:b2:45:1e:7d:ea:7f:7d:70: + 47:92:7c:7b:7c:90:a8:87:7c:1a:12:51:75:75:59:92:1c:4d: + a2:7f:7e:ad:fa:89:de:8f:ae:2f:d6:ca:c5:3b:55:a0:fb:f5: + e0:3e:0b:60:c5:2d:d1:7e:e9:c1:cb:3c:24:77:56:8f:af:4e: + cb:99:39:b7:53:99:07:8c:71:59:20:9c:bd:db:38:bb:cc:b8: + 5c:9a:51:66:18:46:39:96:c4:1a:ce:89:39:d3:6e:5f:79:17: + 84:92:74:16 +-----BEGIN CERTIFICATE----- +MIIDvTCCAqWgAwIBAgIRALBrk5LjXI1+7Z3IllnFwoMwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNzEyMjAwMDAwMDBaFw0yMDEyMjAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJABG+o501DlYnpIeZGdbtxuX0hUvuhTCO +/+u+ZajABJAsejJ8tm5qRURXOguSG2u3nKqR9cA3r/47aQHvkkYfLpF4lnL5X7lR +mkOq8vWObvwaUuvwcsA3qwxWSd5u4sVOl/eSj0yzJDq0Lb6QVPWlbWgrZyEdDuAx +g7glVTWeJagK5IMI8b2yiis7oxLXFudztUg2E3UVkIMzGw55unskWdOnViQ0N3kF +yXfbFcnojWNm2iJfQtHxjfHN+ydGaH/z4SpYh/0SHqnCrj46J2fojyH/LFgn2Mns +keK3kOLShpEcAbnRibrbrNMcDUi5vANq3s2+bhoinS0Ufs2v53/nAgMBAAGjbzBt +MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO2NLkFvWaSoqAiAItpS4oP4BaS+MB8G +A1UdIwQYMBaAFJsmC4qYqbsduR8c4xpAM+2OF4irMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAhsEkjqdNJieK9hJibX/e +qmkHl+Q6eKY3c/xjy2gdq5AyfLK9tXzGuqm/VSJOosoeJaRLPnj3W0a3BIOZV4KC +/C/Flpaj2o3b3ybpYhokIpuVTMx5VMm74xy8h7smdI+JwmRXEsp+6efLqjifsJZM +Y2RBzAPoXhMunHlzvOexW1SAUUjrcWjHIf35LO6gP1IGrpYeYhNGNw6kWLJFHn3q +f31wR5J8e3yQqId8GhJRdXVZkhxNon9+rfqJ3o+uL9bKxTtVoPv14D4LYMUt0X7p +wcs8JHdWj69Oy5k5t1OZB4xxWSCcvds4u8y4XJpRZhhGOZbEGs6JOdNuX3kXhJJ0 +Fg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/crit-codeSigning-chain.pem b/pki/testdata/ssl/certificates/crit-codeSigning-chain.pem new file mode 100644 index 0000000000..55d1e8c933 --- /dev/null +++ b/pki/testdata/ssl/certificates/crit-codeSigning-chain.pem @@ -0,0 +1,110 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDo54gDQT1qecev +bDsUAnrPdTnIFp0Da4tLIr+UCTyfMoF5ZEVfH7PDaS5pydczRr3O5SR7+VUNOaQc +nU3E2IWgb0tD/AeI6x6Q/rjFMM7DsNvHjvzuX9xjhwGeM5KVNb9jv59g7TmwYvoF +y6QUwEpV+gySaAfGQi0GsviEIyZR3kWqzalHk8EetSsEql7BEVjeAEoz5raMLukF +qfJ9lOVkvzPMUXQVEROlCzWePHe7lXkep9LUNIdguu92Qt2458BUgNR703RsJxy3 +HU0dz1pe83Pu4MrQk65Di851HAOYykkZ0NugmWFZn4zHit3KDJZJZ4cBiaq8ftgh +xPvpH2m1AgMBAAECggEAATjJG+r0Wmlf1MOlZbIhLEQil0XvZ3jXxGuj0s2khllu +SZtReuyxsJzI/fiLD/h0nK/6gyKZmjOBU3lByP6KQYkrUQcaGfC90x3nSCp3zksV +a3bu6g+Hri7BA+tBukH4CmnOW9Dt2qmcG/CFNC+958iPr6FmKLv8hkC937Uf9cL6 +nD29wvDuzRibDRV/yDk/dhbc2QTpDp8kkjDBI/Hpibj6GeQra5YDDafqs78w0jQh +jOl6+E4sn79+X4ZccOCXfgcXsa8gZcskIXdVGhtWnYGWdxcyXDhJrZzKr2tEhzAw +QFhpHjlGL9l6P/lDyn0qMxp9IEFLcWJk2YTrcaV4wQKBgQD4VLNJj+l2x4O7qGpb +X5GRYLBCqI76iXLxUaEQJxZpd5qngWKaSJyS9IO82k7fcCgsbhQQnXC59UIlUQ6A +YLPO4Nj/D6V8ewttCIbiRtddTZBj9wIHJFhOfcRoDBSTskhaJ4kVB1Nh+YchQf+8 +P6/wwkTcn9FRohdeHikYDnpqIQKBgQDwGN6pGMbrnIKv/+HHC55QPshUYjKIjU98 +Bd7TU3Kj8tSpxiKKXY9RtkAfzoSrgPzu5SJ3bSgXBXz+xOtN9b9z5beQHJyufHaO +NaVQ4ZStMjo3afXMNj7UUd9ZbFuH2K+K1FjXy99Ab5wN/u5snRiErh2KS/w3mxze +6kOComAVFQKBgQC7vP0WHhB4VfmHg5l0ntmkOJ7IpjoBuqwFOJs1ZPeSoHNxM2Xi +EgcdKnH18m0yis40WLwem4g/beWl5JO8Bl+phV9H5QJNC5Dly059/uSOizcf+/uy +fo2sOXSk3I0p49zDG6SNG060gTrhr82w+cz/jT8WNFTBDHPyGYcjwr5VQQKBgEHU +f9BbU8csHYUGIrCBlgGohSLl3bclD6MQtPy6R5d+MCLwiW3oozAjSUevRx8C+dbC +ioW2LyTIw3HTKjUw6TJszLy9q5QH2jW5rb8UasBmIiIpclRwlx9950BMfngryE3H +VSit5GN1dpM7z8GF/T/7wWu208unQu43yxTZUoDVAoGBANzJZijbb2JYdvDSi5aX +Akv5droXiJ9DG7wew7xGJcGRdmpRw+mas2j5hdIXwfKeN7yr8KFaYxv/DDqlTsv+ +sZPysvWc4TZ8NrNOL9VyAD/3QCjo9uBdd2rSssYMKHI8RXD+Jiold59AW3oMDwVk +OW8+EuyR+eoq9HueaKbjlJ5O +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Feb 17 17:08:51 2023 GMT + Not After : Feb 14 17:08:51 2033 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:e7:88:03:41:3d:6a:79:c7:af:6c:3b:14:02: + 7a:cf:75:39:c8:16:9d:03:6b:8b:4b:22:bf:94:09: + 3c:9f:32:81:79:64:45:5f:1f:b3:c3:69:2e:69:c9: + d7:33:46:bd:ce:e5:24:7b:f9:55:0d:39:a4:1c:9d: + 4d:c4:d8:85:a0:6f:4b:43:fc:07:88:eb:1e:90:fe: + b8:c5:30:ce:c3:b0:db:c7:8e:fc:ee:5f:dc:63:87: + 01:9e:33:92:95:35:bf:63:bf:9f:60:ed:39:b0:62: + fa:05:cb:a4:14:c0:4a:55:fa:0c:92:68:07:c6:42: + 2d:06:b2:f8:84:23:26:51:de:45:aa:cd:a9:47:93: + c1:1e:b5:2b:04:aa:5e:c1:11:58:de:00:4a:33:e6: + b6:8c:2e:e9:05:a9:f2:7d:94:e5:64:bf:33:cc:51: + 74:15:11:13:a5:0b:35:9e:3c:77:bb:95:79:1e:a7: + d2:d4:34:87:60:ba:ef:76:42:dd:b8:e7:c0:54:80: + d4:7b:d3:74:6c:27:1c:b7:1d:4d:1d:cf:5a:5e:f3: + 73:ee:e0:ca:d0:93:ae:43:8b:ce:75:1c:03:98:ca: + 49:19:d0:db:a0:99:61:59:9f:8c:c7:8a:dd:ca:0c: + 96:49:67:87:01:89:aa:bc:7e:d8:21:c4:fb:e9:1f: + 69:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + CB:86:F3:FC:03:8D:82:4B:C6:63:57:8A:E6:9F:86:55:10:D9:00:B7 + X509v3 Extended Key Usage: critical + Code Signing + X509v3 Authority Key Identifier: + D5:28:55:87:C7:A3:BF:D7:C4:CE:BE:3D:01:D2:BE:8B:7C:E4:E2:E2 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 64:ff:92:1d:66:c5:2b:6c:b8:d6:82:39:80:8e:ef:55:cd:bb: + 6f:1c:16:20:a5:6b:90:fa:f3:20:c7:37:0d:7d:4f:da:f5:1f: + 9c:dc:28:3e:39:56:a7:17:eb:3b:09:53:d7:1e:1b:a1:eb:24: + f7:7f:04:38:77:e1:e4:39:60:bf:24:13:37:05:8b:9f:36:94: + 91:e4:fc:43:97:d6:0e:11:cb:ee:a9:f9:c1:05:6e:2f:ea:76: + af:f5:69:ae:06:97:5a:2d:97:0b:cd:3a:1d:01:30:26:ac:da: + f6:03:e4:df:32:08:64:81:ea:36:85:0c:03:41:6a:ef:10:6b: + 2a:a4:cb:f6:59:9b:bf:fa:1b:5a:9e:05:33:b0:54:30:d1:79: + dd:77:6b:e0:c8:be:52:37:58:7e:b0:53:23:fe:62:ce:5c:bb: + b5:06:85:18:e0:08:08:cd:48:bc:1d:d7:cb:92:55:33:57:fe: + 42:4a:81:0d:d3:ee:02:0a:e1:4b:d2:f1:de:81:5e:bb:fa:8b: + 9f:3f:ec:0a:1a:30:0b:de:15:d3:75:5e:11:f8:a9:7e:4f:7d: + 40:03:06:e4:2f:3b:e5:5e:ff:42:f5:e6:99:02:f3:26:c0:f7: + e2:b2:62:53:d3:e2:5b:2a:17:e3:78:5c:84:cc:14:bf:fa:0d: + ac:d7:d0:49 +-----BEGIN CERTIFICATE----- +MIIDdDCCAlygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMjMwMjE3MTcwODUxWhcNMzMwMjE0MTcwODUx +WjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAu +MC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6OeIA0E9annHr2w7 +FAJ6z3U5yBadA2uLSyK/lAk8nzKBeWRFXx+zw2kuacnXM0a9zuUke/lVDTmkHJ1N +xNiFoG9LQ/wHiOsekP64xTDOw7Dbx4787l/cY4cBnjOSlTW/Y7+fYO05sGL6Bcuk +FMBKVfoMkmgHxkItBrL4hCMmUd5Fqs2pR5PBHrUrBKpewRFY3gBKM+a2jC7pBany +fZTlZL8zzFF0FRETpQs1njx3u5V5HqfS1DSHYLrvdkLduOfAVIDUe9N0bCcctx1N +Hc9aXvNz7uDK0JOuQ4vOdRwDmMpJGdDboJlhWZ+Mx4rdygyWSWeHAYmqvH7YIcT7 +6R9ptQIDAQABo3kwdzAPBgNVHREECDAGhwR/AAABMAwGA1UdEwEB/wQCMAAwHQYD +VR0OBBYEFMuG8/wDjYJLxmNXiuafhlUQ2QC3MBYGA1UdJQEB/wQMMAoGCCsGAQUF +BwMDMB8GA1UdIwQYMBaAFNUoVYfHo7/XxM6+PQHSvot85OLiMA0GCSqGSIb3DQEB +CwUAA4IBAQBk/5IdZsUrbLjWgjmAju9VzbtvHBYgpWuQ+vMgxzcNfU/a9R+c3Cg+ +OVanF+s7CVPXHhuh6yT3fwQ4d+HkOWC/JBM3BYufNpSR5PxDl9YOEcvuqfnBBW4v +6nav9WmuBpdaLZcLzTodATAmrNr2A+TfMghkgeo2hQwDQWrvEGsqpMv2WZu/+hta +ngUzsFQw0Xndd2vgyL5SN1h+sFMj/mLOXLu1BoUY4AgIzUi8HdfLklUzV/5CSoEN +0+4CCuFL0vHegV67+oufP+wKGjAL3hXTdV4R+Kl+T31AAwbkLzvlXv9C9eaZAvMm +wPfismJT0+JbKhfjeFyEzBS/+g2s19BJ +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/crlset_blocked_interception_by_intermediate.raw b/pki/testdata/ssl/certificates/crlset_blocked_interception_by_intermediate.raw new file mode 100644 index 0000000000000000000000000000000000000000..5bac40adb2e1b4ec9ad7396a29e6ac410859ff23 GIT binary patch literal 224 zcmcb|P^}b}T2!2wpQmJ{V4$O*x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*s79xp{N(J^l;8kwPmoY_EKre8W^QH)P^>g5D>WIcvbq*1?46fi zp63a)rzknKpaf_)iYBN*Sml*mEK3bi3)0I1B6Hj=BQwJa%)_)jeM7V>GC~WSOr0`{ SgY`ZAvRopPO(JcTVrv0x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*s79xp{N(J^l;8kwPmoY_EKre8W^QH)P^>g5D>WIcvbq*1?46fi zp63a)rzknKpaf_)iYBN*Sml+%DhmRP!@_;c{SymAyv%bwol-NxBXi0uvNHlo-8>4y SGgA|bqCAZvvpj8;Vrv1407+8- literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/crlset_by_intermediate_serial.raw b/pki/testdata/ssl/certificates/crlset_by_intermediate_serial.raw new file mode 100644 index 0000000000000000000000000000000000000000..852f28f7f23b81c3c485b535bb08abfd6404f1a5 GIT binary patch literal 231 zcmdnMP^}b}T2!2wpQmJ{V4$O*x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*sDM*WesXqdN^pR;CrBtd7O2Q4GdHsYC{~)3m6{AzSzQYh_Rh;M z&+`P@Q4Ne(}e`Nk+c_HJnpr literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/crlset_by_leaf_spki.raw b/pki/testdata/ssl/certificates/crlset_by_leaf_spki.raw new file mode 100644 index 0000000000000000000000000000000000000000..2d072ffdcafebdd5f9347a384d19d316a375d628 GIT binary patch literal 224 zcmcb|P^}b}T2!2wpQmJ{V4$O*x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*s79xp{N(J^l;8kwPmoZwQc$VBfkjZMk-2G9PMV2PagwK5PGP2z ze`sl*agj-6dQp+LewmlCc4Sqytx_z|NT1By%o3mprAb+-$zXG UC8rjY09^{V0;CCQEq3`@0Q^5lXaE2J literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/crlset_by_leaf_subject_no_spki.raw b/pki/testdata/ssl/certificates/crlset_by_leaf_subject_no_spki.raw new file mode 100644 index 0000000000000000000000000000000000000000..7fcdc37be95f3e0dba6010f5415a5759eaa71b82 GIT binary patch literal 228 zcmaFFP^}b}T2!2wpQmJ{V4$O*x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*s79xp{N(J^l;8kwPmoY_EKre8W^QH)P^>g5D>WIcvRbJs&pjf* zGPJzP)5Ec#qSB(gw8|^0)YvE2q9iq>u)@f^#NRkg+dI76IoTF$PA$+N@4Wo-JWrs@ Tijq?cN`S6Ku?A{2cKKQWr>RP; literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/crlset_by_root_serial.raw b/pki/testdata/ssl/certificates/crlset_by_root_serial.raw new file mode 100644 index 0000000000000000000000000000000000000000..c530e91517d7d5afb711700cbd8fc98777f18b02 GIT binary patch literal 231 zcmdnMP^}b}T2!2wpQmJ{V4$O*x@(E5YQ36T?rxuo`<|Ttf z4S`(0(%gW=BB07*sDM*WesXqdN^pR;CrBtd7O2Q4GdHsYC{~)3m6{AzSzQYh_Rh;M z&+`P@Q?MTL107n7x@(E5YQ36T?rxuo`<|Ttf zjeuOg(%gW=BB07*s79xp{N(J^l;8kwPmoY_EKre8W^QH)P^>g5D>WIcvRcV8AS&F@ z)5{~h)H$fswtsv7c(LKl1%qYh(sn|Hv%qt|&(ZCjLPA$+N@4Wo-JWrs@ Tijq?cN`S6Ku?A{2cKKQWAgD<@ literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/crlset_known_interception_by_root.raw b/pki/testdata/ssl/certificates/crlset_known_interception_by_root.raw new file mode 100644 index 0000000000000000000000000000000000000000..f2a12d05859be958fad4687aa6aaa07ae50f3f33 GIT binary patch literal 224 zcmZvV%?g4*6oq>fnRSbP7DmuUA)1sLQWOgpHeK*{)Nw3CeAS+%Ye=h>_q*qu?>*~@ z2eL^@LAKgrt`V~o3WRdI3Xl-..!.....:.r.....jh.S.}.A.}....Q..... + Signature Algorithm: sha1WithRSAEncryption + 8a:0c:4b:ef:09:9d:47:92:79:af:a0:a2:8e:68:9f:91:e1:c4: + 42:1b:e2:d2:69:a2:ea:6c:a4:e8:21:5d:de:dd:ca:15:04:a1: + 1e:7c:87:c4:b7:7e:80:f0:e9:79:03:52:68:f2:7c:a2:0e:16: + 68:04:ae:55:6f:31:69:81:f9:6a:39:4a:b7:ab:fd:3e:25:5a: + c0:04:45:13:fe:76:57:0c:67:95:ab:e4:70:31:33:d3:03:f8: + 9f:3a:fa:6b:bc:fc:51:73:19:df:d9:5b:93:42:41:21:1f:63: + 40:35:c3:d0:78:30:7a:68:c6:07:5a:2e:20:c8:9f:36:b8:91: + 0c:a0 +-----BEGIN CERTIFICATE----- +MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ +BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk +EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw +FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q +Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD +VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w +DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK +BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L +vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw +KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG +SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE +oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr +5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d5:8a:68:53:62:10:a2:71:19:93:6e:77:83:21: + 18:1c:2a:40:13:c6:d0:7b:8c:76:eb:91:57:d3:d0: + fb:4b:3b:51:6e:ce:cb:d1:c9:8d:91:c5:2f:74:3f: + ab:63:5d:55:09:9c:d1:3a:ba:f3:1a:e5:41:44:24: + 51:a7:4c:78:16:f2:24:3c:f8:48:cf:28:31:cc:e6: + 7b:a0:4a:5a:23:81:9f:3c:ba:37:e6:24:d9:c3:bd: + b2:99:b8:39:dd:fe:26:31:d2:cb:3a:84:fc:7b:b2: + b5:c5:2f:cf:c1:4f:ff:40:6f:5c:d4:46:69:cb:b2: + f7:cf:df:86:fb:6a:b9:d1:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 06:08:cc:4a:6d:64:f2:20:5e:14:6c:04:b2:76:f9:2b:0e:fa: + 94:a5:da:f2:3a:fc:38:06:60:6d:39:90:d0:a1:ea:23:3d:40: + 29:57:69:46:3b:04:66:61:e7:fa:1d:17:99:15:20:9a:ea:2e: + 0a:77:51:76:41:12:27:d7:c0:03:07:c7:47:0e:61:58:4f:d7: + 33:42:24:72:7f:51:d6:90:bc:47:a9:df:35:4d:b0:f6:eb:25: + 95:5d:e1:89:3c:4d:d5:20:2b:24:a2:f3:e4:40:d2:74:b5:4e: + 1b:d3:76:26:9c:a9:62:89:b7:6e:ca:a4:10:90:e1:4f:3b:0a: + 94:2e +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +OwqULg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-chain.pem b/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-chain.pem new file mode 100644 index 0000000000..22244617bc --- /dev/null +++ b/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-chain.pem @@ -0,0 +1,188 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency Intermediate CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:bb:27:2b:26:e5:de:b5:45:9d:4a:cc:a0:27:e8: + f1:2a:4d:83:9a:c3:73:0a:6a:10:9f:f7:e2:54:98: + dd:bd:3f:18:95:d0:8b:a4:1f:8d:e3:49:67:a3:a0: + 86:ce:13:a9:0d:d5:ad:bb:54:18:4b:dc:08:e1:ac: + 78:26:ad:b8:dc:9c:71:7b:fd:7d:a5:b4:1b:4d:b1: + 73:6e:00:f1:da:c3:ce:c9:81:9c:cb:1a:28:ba:12: + 0b:02:0a:82:0e:94:0d:d6:1f:95:b5:43:2a:4b:c0: + 5d:08:18:f1:8c:e2:15:4e:b3:8d:2f:a7:d2:2d:72: + b9:76:e5:60:db:0c:7f:c7:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:B1:48:E6:58:E7:03:F5:F7:F3:10:5F:20:B3:C3:84:D7:EF:F1:BF + X509v3 Authority Key Identifier: + keyid:96:55:08:05:02:78:47:9E:87:73:76:41:31:BC:14:3A:47:E2:29:AB + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:09 + + X509v3 Basic Constraints: + CA:FALSE + 1.3.6.1.4.1.11129.2.4.2: + .z.x.v........RG.ah2].\yY..........?t.d...=.'.......G0E.!...E..9-...W.....E.L..8V.......u.. ^&...."...)....4...O.......f...? + Signature Algorithm: sha1WithRSAEncryption + 0f:95:a5:b4:e1:28:a9:14:b1:e8:8b:e8:b3:29:64:22:1b:58: + f4:55:84:33:d0:20:a8:e2:46:cc:a6:5a:40:bc:bf:5f:2d:48: + 93:3e:bc:99:be:69:27:ca:75:64:72:fb:0b:dc:7f:50:5f:41: + f4:62:f2:bc:19:d0:b2:99:c9:90:91:8d:f8:82:0f:3d:31:db: + 37:97:9e:8b:ad:56:3b:17:f0:0a:e6:7b:0f:87:31:c1:06:c9: + 43:a7:3b:f5:36:af:16:8a:fe:21:ef:4a:df:ca:e1:9a:3c:c0: + 74:89:99:92:bf:50:6b:c5:ce:1d:ec:aa:f0:7f:fe:eb:c8:05: + c0:39 +-----BEGIN CERTIFICATE----- +MIIDZjCCAs+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJHQjEx +MC8GA1UEChMoQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IEludGVybWVkaWF0ZSBD +QTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4wHhcNMTIwNjAxMDAw +MDAwWhcNMjIwNjAxMDAwMDAwWjBSMQswCQYDVQQGEwJHQjEhMB8GA1UEChMYQ2Vy +dGlmaWNhdGUgVHJhbnNwYXJlbmN5MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMH +RXJ3IFdlbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuycrJuXetUWdSsyg +J+jxKk2DmsNzCmoQn/fiVJjdvT8YldCLpB+N40lno6CGzhOpDdWtu1QYS9wI4ax4 +Jq243Jxxe/19pbQbTbFzbgDx2sPOyYGcyxoouhILAgqCDpQN1h+VtUMqS8BdCBjx +jOIVTrONL6fSLXK5duVg2wx/x38CAwEAAaOCATowggE2MB0GA1UdDgQWBBSxsUjm +WOcD9ffzEF8gs8OE1+/xvzB9BgNVHSMEdjB0gBSWVQgFAnhHnodzdkExvBQ6R+Ip +q6FZpFcwVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5z +cGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQkw +CQYDVR0TBAIwADCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd +3Fx5Wej3xtOI/AAuC70/dNdkAAABPdsn4qQAAAQDAEcwRQIhAKbTRRfzOS2exdJX +rfHFl9xFvUzTtzhWxhap+5nlrnWoAiBeJsjRx+Ii/ozaKbrrBKg07pfTT9gXGPGq +4M1m9LipPzANBgkqhkiG9w0BAQUFAAOBgQAPlaW04SipFLHoi+izKWQiG1j0VYQz +0CCo4kbMplpAvL9fLUiTPryZvmknynVkcvsL3H9QX0H0YvK8GdCymcmQkY34gg89 +Mds3l56LrVY7F/AK5nsPhzHBBslDpzv1Nq8Wiv4h70rfyuGaPMB0iZmSv1Brxc4d +7Krwf/7ryAXAOQ== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency Intermediate CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d7:6a:67:8d:11:6f:52:2e:55:ff:82:1c:90:64: + 25:08:b7:07:4b:14:d7:71:15:90:64:f7:92:7e:fd: + ed:b8:71:35:a1:36:5e:e7:de:18:cb:d5:ce:86:5f: + 86:0c:78:f4:33:b4:d0:d3:d3:40:77:02:e7:a3:ef: + 54:2b:1d:fe:9b:ba:a7:cd:f9:4d:c5:97:5f:c7:29: + f8:6f:10:5f:38:1b:24:35:35:cf:9c:80:0f:5c:a7: + 80:c1:d3:c8:44:00:ee:65:d1:6e:e9:cf:52:db:8a: + df:fe:50:f5:c4:93:35:0b:21:90:bf:50:d5:bc:36: + f3:ca:c5:a8:da:ae:92:cd:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 96:55:08:05:02:78:47:9E:87:73:76:41:31:BC:14:3A:47:E2:29:AB + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 22:06:da:b1:c6:6b:71:dc:e0:95:c3:f6:aa:2e:f7:2c:f7:76: + 1b:e7:ab:d7:fc:39:c3:1a:4c:fe:1b:d9:6d:67:34:ca:82:f2: + 2d:de:5a:0c:8b:bb:dd:82:5d:7b:6f:3e:76:12:ad:8d:b3:00: + a7:e2:11:69:88:60:23:26:22:84:c3:aa:5d:21:91:ef:da:10: + bf:92:35:d3:7b:3a:2a:34:0d:59:41:9b:94:a4:85:66:f3:fa: + c3:cd:8b:53:d5:a4:e9:82:70:ea:d2:97:b0:72:10:f9:ce:4a: + 21:38:b1:88:11:14:3b:93:fa:4e:7a:87:dd:37:e1:38:5f:2c: + 29:08 +-----BEGIN CERTIFICATE----- +MIIC3TCCAkagAwIBAgIBCTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMGIxCzAJBgNVBAYTAkdCMTEwLwYDVQQKEyhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgSW50ZXJtZWRpYXRlIENBMQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UE +BxMHRXJ3IFdlbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA12pnjRFvUi5V +/4IckGQlCLcHSxTXcRWQZPeSfv3tuHE1oTZe594Yy9XOhl+GDHj0M7TQ09NAdwLn +o+9UKx3+m7qnzflNxZdfxyn4bxBfOBskNTXPnIAPXKeAwdPIRADuZdFu6c9S24rf +/lD1xJM1CyGQv1DVvDbzysWo2q6SzYsCAwEAAaOBrzCBrDAdBgNVHQ4EFgQUllUI +BQJ4R56Hc3ZBMbwUOkfiKaswfQYDVR0jBHYwdIAUX52IDchz5lTU+A3Y5rDBJLRH +w1WhWaRXMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuggEA +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAIgbascZrcdzglcP2qi73 +LPd2G+er1/w5wxpM/hvZbWc0yoLyLd5aDIu73YJde28+dhKtjbMAp+IRaYhgIyYi +hMOqXSGR79oQv5I103s6KjQNWUGblKSFZvP6w82LU9Wk6YJw6tKXsHIQ+c5KITix +iBEUO5P6TnqH3TfhOF8sKQg= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d5:8a:68:53:62:10:a2:71:19:93:6e:77:83:21: + 18:1c:2a:40:13:c6:d0:7b:8c:76:eb:91:57:d3:d0: + fb:4b:3b:51:6e:ce:cb:d1:c9:8d:91:c5:2f:74:3f: + ab:63:5d:55:09:9c:d1:3a:ba:f3:1a:e5:41:44:24: + 51:a7:4c:78:16:f2:24:3c:f8:48:cf:28:31:cc:e6: + 7b:a0:4a:5a:23:81:9f:3c:ba:37:e6:24:d9:c3:bd: + b2:99:b8:39:dd:fe:26:31:d2:cb:3a:84:fc:7b:b2: + b5:c5:2f:cf:c1:4f:ff:40:6f:5c:d4:46:69:cb:b2: + f7:cf:df:86:fb:6a:b9:d1:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 06:08:cc:4a:6d:64:f2:20:5e:14:6c:04:b2:76:f9:2b:0e:fa: + 94:a5:da:f2:3a:fc:38:06:60:6d:39:90:d0:a1:ea:23:3d:40: + 29:57:69:46:3b:04:66:61:e7:fa:1d:17:99:15:20:9a:ea:2e: + 0a:77:51:76:41:12:27:d7:c0:03:07:c7:47:0e:61:58:4f:d7: + 33:42:24:72:7f:51:d6:90:bc:47:a9:df:35:4d:b0:f6:eb:25: + 95:5d:e1:89:3c:4d:d5:20:2b:24:a2:f3:e4:40:d2:74:b5:4e: + 1b:d3:76:26:9c:a9:62:89:b7:6e:ca:a4:10:90:e1:4f:3b:0a: + 94:2e +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +OwqULg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-preca-chain.pem b/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-preca-chain.pem new file mode 100644 index 0000000000..597cebc294 --- /dev/null +++ b/pki/testdata/ssl/certificates/ct-test-embedded-with-intermediate-preca-chain.pem @@ -0,0 +1,188 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency Intermediate CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d4:49:70:56:cd:fc:65:e1:34:2c:c3:df:6e:65: + 4b:8a:f0:10:47:02:ac:d2:27:5c:7d:3f:b1:fc:43: + 8a:89:b2:12:11:0d:64:19:bc:c1:3a:e4:7d:64:bb: + a2:41:e6:70:6b:9e:d6:27:f8:b3:4a:0d:7d:ff:1c: + 44:b9:62:87:c5:4b:ea:9d:10:dc:01:7b:ce:b6:4f: + 7b:6a:ff:3c:35:a4:74:af:ec:40:38:ab:36:40:b0: + cd:1f:b0:58:2e:c0:3b:17:9a:27:76:c8:c4:35:d1: + 4a:b4:88:2d:59:d7:b7:24:fa:37:7c:a6:db:08:39: + 21:73:f9:c6:05:6b:3a:ba:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 32:DA:55:18:D8:7F:1D:26:EA:27:67:97:3C:0B:EF:28:6E:78:6A:4A + X509v3 Authority Key Identifier: + keyid:96:55:08:05:02:78:47:9E:87:73:76:41:31:BC:14:3A:47:E2:29:AB + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:09 + + X509v3 Basic Constraints: + CA:FALSE + 1.3.6.1.4.1.11129.2.4.2: + .z.x.v........RG.ah2].\yY..........?t.d...=.'.......G0E.!.......!...<..p.3..7K ...e.^..C.0. .v.GQ8..v.810M..C....n..O..|.... + Signature Algorithm: sha1WithRSAEncryption + 88:ee:4e:9e:5e:ed:6b:11:2c:c7:64:b1:51:ed:92:94:00:e9: + 40:67:89:c1:5f:bb:cf:cd:ab:2f:10:b4:00:23:41:39:e6:ce: + 65:c1:e5:1b:47:bf:7c:89:50:f8:0b:cc:d5:71:68:56:79:54: + ed:35:b0:ce:93:46:06:5a:5e:ae:5b:f9:5d:41:da:8e:27:ce: + e9:ee:ac:68:8f:4b:d3:43:f9:c2:88:83:27:ab:d8:b9:f6:8d: + cb:1e:30:50:04:1d:31:bd:a8:e2:dd:6d:39:b3:66:4d:e5:ce: + 08:70:f5:fc:7e:6a:00:d6:ed:00:52:84:58:d9:53:d2:37:58: + 6d:73 +-----BEGIN CERTIFICATE----- +MIIDZjCCAs+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJHQjEx +MC8GA1UEChMoQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IEludGVybWVkaWF0ZSBD +QTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4wHhcNMTIwNjAxMDAw +MDAwWhcNMjIwNjAxMDAwMDAwWjBSMQswCQYDVQQGEwJHQjEhMB8GA1UEChMYQ2Vy +dGlmaWNhdGUgVHJhbnNwYXJlbmN5MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMH +RXJ3IFdlbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1ElwVs38ZeE0LMPf +bmVLivAQRwKs0idcfT+x/EOKibISEQ1kGbzBOuR9ZLuiQeZwa57WJ/izSg19/xxE +uWKHxUvqnRDcAXvOtk97av88NaR0r+xAOKs2QLDNH7BYLsA7F5ondsjENdFKtIgt +Wde3JPo3fKbbCDkhc/nGBWs6ut8CAwEAAaOCATowggE2MB0GA1UdDgQWBBQy2lUY +2H8dJuonZ5c8C+8obnhqSjB9BgNVHSMEdjB0gBSWVQgFAnhHnodzdkExvBQ6R+Ip +q6FZpFcwVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5z +cGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQkw +CQYDVR0TBAIwADCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd +3Fx5Wej3xtOI/AAuC70/dNdkAAABPdsn474AAAQDAEcwRQIhANn2Ggf+4CHjFZ88 +ovVw2DP/ATdLIJbLpWWMXhb7Q+swAiALdv5HUTjYz3aDODEwTavwQ+sSE8luE/9P +o39808jcHzANBgkqhkiG9w0BAQUFAAOBgQCI7k6eXu1rESzHZLFR7ZKUAOlAZ4nB +X7vPzasvELQAI0E55s5lweUbR798iVD4C8zVcWhWeVTtNbDOk0YGWl6uW/ldQdqO +J87p7qxoj0vTQ/nCiIMnq9i59o3LHjBQBB0xvaji3W05s2ZN5c4IcPX8fmoA1u0A +UoRY2VPSN1htcw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency Intermediate CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d7:6a:67:8d:11:6f:52:2e:55:ff:82:1c:90:64: + 25:08:b7:07:4b:14:d7:71:15:90:64:f7:92:7e:fd: + ed:b8:71:35:a1:36:5e:e7:de:18:cb:d5:ce:86:5f: + 86:0c:78:f4:33:b4:d0:d3:d3:40:77:02:e7:a3:ef: + 54:2b:1d:fe:9b:ba:a7:cd:f9:4d:c5:97:5f:c7:29: + f8:6f:10:5f:38:1b:24:35:35:cf:9c:80:0f:5c:a7: + 80:c1:d3:c8:44:00:ee:65:d1:6e:e9:cf:52:db:8a: + df:fe:50:f5:c4:93:35:0b:21:90:bf:50:d5:bc:36: + f3:ca:c5:a8:da:ae:92:cd:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 96:55:08:05:02:78:47:9E:87:73:76:41:31:BC:14:3A:47:E2:29:AB + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 22:06:da:b1:c6:6b:71:dc:e0:95:c3:f6:aa:2e:f7:2c:f7:76: + 1b:e7:ab:d7:fc:39:c3:1a:4c:fe:1b:d9:6d:67:34:ca:82:f2: + 2d:de:5a:0c:8b:bb:dd:82:5d:7b:6f:3e:76:12:ad:8d:b3:00: + a7:e2:11:69:88:60:23:26:22:84:c3:aa:5d:21:91:ef:da:10: + bf:92:35:d3:7b:3a:2a:34:0d:59:41:9b:94:a4:85:66:f3:fa: + c3:cd:8b:53:d5:a4:e9:82:70:ea:d2:97:b0:72:10:f9:ce:4a: + 21:38:b1:88:11:14:3b:93:fa:4e:7a:87:dd:37:e1:38:5f:2c: + 29:08 +-----BEGIN CERTIFICATE----- +MIIC3TCCAkagAwIBAgIBCTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMGIxCzAJBgNVBAYTAkdCMTEwLwYDVQQKEyhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgSW50ZXJtZWRpYXRlIENBMQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UE +BxMHRXJ3IFdlbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA12pnjRFvUi5V +/4IckGQlCLcHSxTXcRWQZPeSfv3tuHE1oTZe594Yy9XOhl+GDHj0M7TQ09NAdwLn +o+9UKx3+m7qnzflNxZdfxyn4bxBfOBskNTXPnIAPXKeAwdPIRADuZdFu6c9S24rf +/lD1xJM1CyGQv1DVvDbzysWo2q6SzYsCAwEAAaOBrzCBrDAdBgNVHQ4EFgQUllUI +BQJ4R56Hc3ZBMbwUOkfiKaswfQYDVR0jBHYwdIAUX52IDchz5lTU+A3Y5rDBJLRH +w1WhWaRXMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuggEA +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAIgbascZrcdzglcP2qi73 +LPd2G+er1/w5wxpM/hvZbWc0yoLyLd5aDIu73YJde28+dhKtjbMAp+IRaYhgIyYi +hMOqXSGR79oQv5I103s6KjQNWUGblKSFZvP6w82LU9Wk6YJw6tKXsHIQ+c5KITix +iBEUO5P6TnqH3TfhOF8sKQg= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d5:8a:68:53:62:10:a2:71:19:93:6e:77:83:21: + 18:1c:2a:40:13:c6:d0:7b:8c:76:eb:91:57:d3:d0: + fb:4b:3b:51:6e:ce:cb:d1:c9:8d:91:c5:2f:74:3f: + ab:63:5d:55:09:9c:d1:3a:ba:f3:1a:e5:41:44:24: + 51:a7:4c:78:16:f2:24:3c:f8:48:cf:28:31:cc:e6: + 7b:a0:4a:5a:23:81:9f:3c:ba:37:e6:24:d9:c3:bd: + b2:99:b8:39:dd:fe:26:31:d2:cb:3a:84:fc:7b:b2: + b5:c5:2f:cf:c1:4f:ff:40:6f:5c:d4:46:69:cb:b2: + f7:cf:df:86:fb:6a:b9:d1:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 06:08:cc:4a:6d:64:f2:20:5e:14:6c:04:b2:76:f9:2b:0e:fa: + 94:a5:da:f2:3a:fc:38:06:60:6d:39:90:d0:a1:ea:23:3d:40: + 29:57:69:46:3b:04:66:61:e7:fa:1d:17:99:15:20:9a:ea:2e: + 0a:77:51:76:41:12:27:d7:c0:03:07:c7:47:0e:61:58:4f:d7: + 33:42:24:72:7f:51:d6:90:bc:47:a9:df:35:4d:b0:f6:eb:25: + 95:5d:e1:89:3c:4d:d5:20:2b:24:a2:f3:e4:40:d2:74:b5:4e: + 1b:d3:76:26:9c:a9:62:89:b7:6e:ca:a4:10:90:e1:4f:3b:0a: + 94:2e +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +OwqULg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ct-test-embedded-with-preca-chain.pem b/pki/testdata/ssl/certificates/ct-test-embedded-with-preca-chain.pem new file mode 100644 index 0000000000..7c9a8cf8b9 --- /dev/null +++ b/pki/testdata/ssl/certificates/ct-test-embedded-with-preca-chain.pem @@ -0,0 +1,126 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:af:ae:ea:ca:c5:1a:b7:ce:bd:f9:ea:ca:e7:dd: + 17:52:95:e1:93:95:5a:17:98:9a:ef:8d:97:ab:7c: + df:f7:76:10:93:c0:b8:23:d2:a4:e3:a5:1a:17:b8: + 6f:28:16:2b:66:a2:53:89:35:eb:ec:dc:10:36:23: + 3d:a2:dd:65:31:b0:c6:3b:cc:68:76:1e:bd:c8:54: + 03:7b:77:39:92:46:b8:70:a7:b7:2b:14:c9:b1:66: + 7d:e0:9a:96:40:ed:9f:3f:3c:72:5d:95:0b:4d:26: + 55:98:69:fe:7f:1e:91:9a:66:eb:76:d3:5c:01:17: + c6:bc:d0:d8:cf:d2:10:28:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 61:2C:64:EF:AC:79:B7:28:39:7C:9D:93:E6:DF:86:46:5F:A7:6A:88 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:FALSE + 1.3.6.1.4.1.11129.2.4.2: + .z.x.v........RG.ah2].\yY..........?t.d...=.'.[.....G0E. z....t..r{.O....y......C.*)|.:5\.!...... dL..Ri..c..5l.P"O.......#. + Signature Algorithm: sha1WithRSAEncryption + a3:a8:6c:41:ad:00:88:a2:5a:ed:c4:e7:b5:29:a2:dd:bf:9e: + 18:7f:fb:36:21:57:e9:30:2d:96:1b:73:b4:3c:ba:0a:e1:e2: + 30:d9:e4:50:49:b7:e8:c9:24:79:2e:bb:e7:d1:75:ba:a8:7b: + 17:0d:fa:d8:ee:78:89:84:59:9d:05:25:79:94:08:4e:2e:0e: + 79:6f:ca:58:36:88:1c:3e:05:35:53:e0:6a:b2:30:f9:19:08: + 9b:91:4e:4a:8e:2d:a4:5f:8a:87:f2:c8:1a:25:a6:1f:04:fe: + 1c:ac:e6:01:55:65:38:27:d4:1f:ad:9f:06:58:f2:87:d0:58: + 19:2c +-----BEGIN CERTIFICATE----- +MIIDWTCCAsKgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvrurKxRq3zr356srn3RdSleGTlVoXmJrv +jZerfN/3dhCTwLgj0qTjpRoXuG8oFitmolOJNevs3BA2Iz2i3WUxsMY7zGh2Hr3I +VAN7dzmSRrhwp7crFMmxZn3gmpZA7Z8/PHJdlQtNJlWYaf5/HpGaZut201wBF8a8 +0NjP0hAosQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFGEsZO+sebcoOXydk+bfhkZf +p2qIMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD +VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w +DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK +BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L +vT9012QAAAE92yfgWwAABAMARzBFAiB6p5YExHSA83J7CE+Qs5ifeQkYheAEhEMa +Kil8vzo1XAIhALSf2BILDWRM1+dSabTaYxepNWy5UCJPwRzClrLjmyOGMA0GCSqG +SIb3DQEBBQUAA4GBAKOobEGtAIiiWu3E57Upot2/nhh/+zYhV+kwLZYbc7Q8ugrh +4jDZ5FBJt+jJJHkuu+fRdbqoexcN+tjueImEWZ0FJXmUCE4uDnlvylg2iBw+BTVT +4GqyMPkZCJuRTkqOLaRfiofyyBolph8E/hys5gFVZTgn1B+tnwZY8ofQWBks +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C=GB, O=Certificate Transparency CA, ST=Wales, L=Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d5:8a:68:53:62:10:a2:71:19:93:6e:77:83:21: + 18:1c:2a:40:13:c6:d0:7b:8c:76:eb:91:57:d3:d0: + fb:4b:3b:51:6e:ce:cb:d1:c9:8d:91:c5:2f:74:3f: + ab:63:5d:55:09:9c:d1:3a:ba:f3:1a:e5:41:44:24: + 51:a7:4c:78:16:f2:24:3c:f8:48:cf:28:31:cc:e6: + 7b:a0:4a:5a:23:81:9f:3c:ba:37:e6:24:d9:c3:bd: + b2:99:b8:39:dd:fe:26:31:d2:cb:3a:84:fc:7b:b2: + b5:c5:2f:cf:c1:4f:ff:40:6f:5c:d4:46:69:cb:b2: + f7:cf:df:86:fb:6a:b9:d1:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 06:08:cc:4a:6d:64:f2:20:5e:14:6c:04:b2:76:f9:2b:0e:fa: + 94:a5:da:f2:3a:fc:38:06:60:6d:39:90:d0:a1:ea:23:3d:40: + 29:57:69:46:3b:04:66:61:e7:fa:1d:17:99:15:20:9a:ea:2e: + 0a:77:51:76:41:12:27:d7:c0:03:07:c7:47:0e:61:58:4f:d7: + 33:42:24:72:7f:51:d6:90:bc:47:a9:df:35:4d:b0:f6:eb:25: + 95:5d:e1:89:3c:4d:d5:20:2b:24:a2:f3:e4:40:d2:74:b5:4e: + 1b:d3:76:26:9c:a9:62:89:b7:6e:ca:a4:10:90:e1:4f:3b:0a: + 94:2e +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +OwqULg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ct-test-embedded-with-uids.pem b/pki/testdata/ssl/certificates/ct-test-embedded-with-uids.pem new file mode 100644 index 0000000000..fa666e3c26 --- /dev/null +++ b/pki/testdata/ssl/certificates/ct-test-embedded-with-uids.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C = GB, O = Certificate Transparency CA, ST = Wales, L = Erw Wen + Validity + Not Before: Jun 1 00:00:00 2012 GMT + Not After : Jun 1 00:00:00 2022 GMT + Subject: C = GB, O = Certificate Transparency, ST = Wales, L = Erw Wen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: + 00:be:ef:98:e7:c2:68:77:ae:38:5f:75:32:5a:0c: + 1d:32:9b:ed:f1:8f:aa:f4:d7:96:bf:04:7e:b7:e1: + ce:15:c9:5b:a2:f8:0e:e4:58:bd:7d:b8:6f:8a:4b: + 25:21:91:a7:9b:d7:00:c3:8e:9c:03:89:b4:5c:d4: + dc:9a:12:0a:b2:1e:0c:b4:1c:d0:e7:28:05:a4:10: + cd:9c:5b:db:5d:49:27:72:6d:af:17:10:f6:01:87: + 37:7e:a2:5b:1a:1e:39:ee:d0:b8:81:19:dc:15:4d: + c6:8f:7d:a8:e3:0c:af:15:8a:33:e6:c9:50:9f:4a: + 05:b0:14:09:ff:5d:d8:7e:b5 + Exponent: 65537 (0x10001) + Issuer Unique ID: + 12:34:56 + Subject Unique ID: + 12:34:56 + X509v3 extensions: + X509v3 Subject Key Identifier: + 20:31:54:1A:F2:5C:05:FF:D8:65:8B:68:43:79:4F:5E:90:36:F7:B4 + X509v3 Authority Key Identifier: + keyid:5F:9D:88:0D:C8:73:E6:54:D4:F8:0D:D8:E6:B0:C1:24:B4:47:C3:55 + DirName:/C=GB/O=Certificate Transparency CA/ST=Wales/L=Erw Wen + serial:00 + + X509v3 Basic Constraints: + CA:FALSE + CT Precertificate SCTs: + Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: + 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 + Timestamp : Apr 5 17:04:16.275 2013 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: + D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: + E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: + F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: + 05:51:9D:89:ED:BF:08 + Signature Algorithm: sha1WithRSAEncryption + 8a:0c:4b:ef:09:9d:47:92:79:af:a0:a2:8e:68:9f:91:e1:c4: + 42:1b:e2:d2:69:a2:ea:6c:a4:e8:21:5d:de:dd:ca:15:04:a1: + 1e:7c:87:c4:b7:7e:80:f0:e9:79:03:52:68:f2:7c:a2:0e:16: + 68:04:ae:55:6f:31:69:81:f9:6a:39:4a:b7:ab:fd:3e:25:5a: + c0:04:45:13:fe:76:57:0c:67:95:ab:e4:70:31:33:d3:03:f8: + 9f:3a:fa:6b:bc:fc:51:73:19:df:d9:5b:93:42:41:21:1f:63: + 40:35:c3:d0:78:30:7a:68:c6:07:5a:2e:20:c8:9f:36:b8:91: + 0c:a0 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ +BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk +EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw +FAn/Xdh+tQIDAQABgQQAEjRWggQAEjRWo4IBOjCCATYwHQYDVR0OBBYEFCAxVBry +XAX/2GWLaEN5T16QNve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NV +oVmkVzBVMQswCQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNw +YXJlbmN5IENBMQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJ +BgNVHRMEAjAAMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3c +XHlZ6PfG04j8AC4LvT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/W +ZA89v5pBQpSVkkUwKI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EF +UZ2J7b8IMA0GCSqGSIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJp +oupspOghXd7dyhUEoR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4l +WsAERRP+dlcMZ5Wr5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgda +LiDInza4kQyg +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/dec_2017.pem b/pki/testdata/ssl/certificates/dec_2017.pem new file mode 100644 index 0000000000..b033f8d456 --- /dev/null +++ b/pki/testdata/ssl/certificates/dec_2017.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:84 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Dec 20 00:00:00 2017 GMT + Not After : Dec 20 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bb:d6:9f:20:ad:98:2d:32:9a:c8:58:d2:8f:c0: + e0:b0:1b:ff:5f:f9:20:93:f3:83:39:a6:5f:bd:cc: + 3f:84:de:cc:66:92:aa:ae:c3:6d:9e:c5:88:54:ca: + a5:3f:7f:4c:42:bc:42:fe:93:f5:d2:96:e3:d7:fa: + 5d:d5:bd:eb:4f:ec:a5:c2:86:95:86:de:08:c2:a9: + df:f8:ca:89:df:be:43:33:e6:4f:94:9e:a1:f2:57: + 85:f2:e5:58:bc:40:24:8e:86:4b:4a:c9:37:65:ee: + b9:7b:2d:a0:7a:89:03:62:de:b6:93:52:63:3a:16: + b2:81:17:3e:40:a9:1d:88:86:25:33:75:fa:75:c3: + 1b:d0:19:34:7f:20:ac:a3:cb:3b:30:14:d3:2a:f9: + 78:fa:33:f2:1d:4f:57:7b:c7:d6:67:f1:38:ff:97: + a1:7d:6a:42:25:15:b2:5b:d0:46:6f:6d:b7:86:e0: + 2f:70:dc:0c:f9:bd:75:08:2f:a3:28:3f:ee:4e:3b: + c8:00:92:96:e2:92:5b:91:56:ba:5a:11:be:f9:4f: + 30:64:e2:ab:52:26:b1:68:1e:34:d9:bb:6b:18:50: + 8a:b8:d4:1f:ee:2d:9f:55:ec:b0:88:93:db:3b:5a: + f6:f9:38:17:fe:59:dc:66:87:ef:2d:97:8d:db:7a: + 0f:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4F:93:BD:50:76:80:83:8F:B4:15:05:76:1D:40:1D:55:A4:4C:2C:53 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4a:73:ad:73:ac:c9:a6:45:53:69:ea:d9:6b:30:9c:36:9a:6d: + ad:b4:ab:44:fe:8a:43:ad:df:df:95:28:8e:f3:73:f3:0c:4a: + 8c:d7:a0:48:3e:ed:d5:eb:79:74:60:cf:4b:2d:57:e8:f5:f3: + f0:8c:e1:45:8b:05:cf:2d:18:97:4d:ea:22:3c:a1:4b:01:89: + a3:d9:4f:c5:6d:86:0a:83:d3:4e:c2:d4:b7:0e:47:98:fa:81: + 13:fe:a9:5f:a5:79:73:34:4f:28:29:c6:a9:81:25:6d:db:18: + d8:f6:44:39:11:83:a9:d3:11:b5:b3:8d:85:b7:0b:a5:88:9a: + 3f:21:41:df:93:b8:73:b2:49:f1:c3:bd:94:57:df:bc:08:3d: + a2:e9:20:ed:13:ee:1f:62:f7:84:e5:0e:7f:79:2f:a0:d6:72: + 79:83:1c:5f:d4:6a:5d:c8:eb:a2:7b:b1:c2:6d:e2:cc:b2:fd: + 90:d0:5c:c1:e8:74:dc:20:e6:55:f7:6c:72:dc:05:a0:83:17: + 96:f9:85:c2:71:55:4c:4c:71:91:7d:a8:90:dd:88:eb:78:03: + 39:4e:24:e4:d4:66:ba:e4:50:5c:4d:f3:0b:aa:3a:1b:b3:e8: + 53:be:b5:10:76:ae:a2:e4:a0:d5:30:62:5b:9d:2c:1e:1e:2d: + 7c:2b:1d:d6 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwoQwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNzEyMjAwMDAwMDBaFw0yMDEyMjAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC71p8grZgtMprIWNKPwOCwG/9f+SCT84M5 +pl+9zD+E3sxmkqquw22exYhUyqU/f0xCvEL+k/XSluPX+l3VvetP7KXChpWG3gjC +qd/4yonfvkMz5k+UnqHyV4Xy5Vi8QCSOhktKyTdl7rl7LaB6iQNi3raTUmM6FrKB +Fz5AqR2IhiUzdfp1wxvQGTR/IKyjyzswFNMq+Xj6M/IdT1d7x9Zn8Tj/l6F9akIl +FbJb0EZvbbeG4C9w3Az5vXUIL6MoP+5OO8gAkpbikluRVrpaEb75TzBk4qtSJrFo +HjTZu2sYUIq41B/uLZ9V7LCIk9s7Wvb5OBf+Wdxmh+8tl43beg+7AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRPk71QdoCDj7QVBXYdQB1VpEwsUzAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEASnOtc6zJpkVTaerZazCcNpptrbSrRP6KQ63f35UojvNz8wxKjNegSD7t1et5 +dGDPSy1X6PXz8IzhRYsFzy0Yl03qIjyhSwGJo9lPxW2GCoPTTsLUtw5HmPqBE/6p +X6V5czRPKCnGqYElbdsY2PZEORGDqdMRtbONhbcLpYiaPyFB35O4c7JJ8cO9lFff +vAg9oukg7RPuH2L3hOUOf3kvoNZyeYMcX9RqXcjronuxwm3izLL9kNBcweh03CDm +VfdsctwFoIMXlvmFwnFVTExxkX2okN2I63gDOU4k5NRmuuRQXE3zC6o6G7PoU761 +EHauouSg1TBiW50sHh4tfCsd1g== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/diginotar_cyber_ca.pem b/pki/testdata/ssl/certificates/diginotar_cyber_ca.pem new file mode 100644 index 0000000000..0abbd7ce31 --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_cyber_ca.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFWjCCBMOgAwIBAgIEBycQDTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU +cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds +b2JhbCBSb290MB4XDTA2MTAwNDEwNTQxMVoXDTExMTAwNDEwNTMxMVowYDELMAkG +A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy +IEN5YmVyIENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANLOFQotqF6EZ639vu9Gx8i5z3P8 +9DS5+SxD52ATPXrjss87Z2yQrcC5P4RS8DVC3HTcKDu9UrSnrHJFF8bwieu0qiXy +XUte0dmHutZ9fPXOMp8QM8WxSrtekTHC0OlBwpFkfglBO9uLCDdqqspS3rU5HsCI +A6U/i5kTYUO1m4Kz7iBvz6FEouova0CfjytXraFTwoUiaZ2gP1HfC0GRDaXhqKpc +SQhdvd5wQbEPyWNr0380dAIvNFp4dRxoeoFnivPaQPBgY/SSINcDpj2jHmfEhBtB +pcmM5r3qSLYFFgizNxJa92E89zhvLpfgb1Y4VNMota0Ubi5LZLUnZbd1JQm2Bz2V +VgIKgmCyc0XgMyZRdJq51FAc9k1bW1JSE1qmf6cO4ehBVGeYjIfVydNsy9NUkgYJ +NEH3gW8/nsl8dVWw58Gzd+jDxAA1lUBwEEoF3iW7n1mlZLxHYL9g43aLE1Xd4XR6 +uc8kpmp/3mQiRFhogmoQ+T3lPhu5vfwi9GAEibtVbShV+t6OjRshFNc3izR7Tfay +shDPM7F9HGKZSMsrbHaWVb8ZDR0fu2WqG46ZtcYokOWCLXhQIJr9eS8kf/CJKWn0 +fc1zvrPtTsHR7VJej/e4142HrbLZG1ES/1az4a80fVykeIgQnp0DxqWqoiRR90kU +xbHuWUOV36toKDA/AgMBAAGjggGGMIIBgjASBgNVHRMBAf8ECDAGAQH/AgEBMFMG +A1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cu +cHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDAOBgNVHQ8BAf8EBAMC +AQYwgaAGA1UdIwSBmDCBlYAUpgwdn2H/Bxe1vzhG20Mw1Y6wUgaheaR3MHUxCzAJ +BgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdU +RSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVy +VHJ1c3QgR2xvYmFsIFJvb3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93 +d3cucHVibGljLXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYD +VR0OBBYEFKv5aN/PSjfXe0WMX3LeQETDZbvCMA0GCSqGSIb3DQEBBQUAA4GBAI9o +a6VbB7pEZg4cqFwwezPkCiYE/O+eGjjWLqEf0JlHwnVkJP2eOyh2uSYoYZEMbSz4 +BJ98UAHV42mv7xXSRZskCSpmBU8lgcpdvqrBWSeuM46C9990sFWzjvjnN8huqlZE +9r1TgSOWPbT6MopTZkQloiXGpjwljPDgKAYityZB +-----END CERTIFICATE----- + diff --git a/pki/testdata/ssl/certificates/diginotar_pkioverheid.pem b/pki/testdata/ssl/certificates/diginotar_pkioverheid.pem new file mode 100644 index 0000000000..b41fa3e5d2 --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_pkioverheid.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO +TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN +MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy +IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp +ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc +vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5 +AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn +UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT +Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+ +ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H +aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw +NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92 +ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME +eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc +BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy +IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0 +cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O +BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca +v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi +D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm +cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU +5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv +BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR +RKwa/fHuhR/3Qlpl +-----END CERTIFICATE----- + diff --git a/pki/testdata/ssl/certificates/diginotar_pkioverheid_g2.pem b/pki/testdata/ssl/certificates/diginotar_pkioverheid_g2.pem new file mode 100644 index 0000000000..12570d21ae --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_pkioverheid_g2.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGnDCCBISgAwIBAgIEATE0vzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMTIwMAYDVQQDDClTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xMDA1MTIw +ODUxMzhaFw0yMDAzMjMwOTUwMDRaMFoxCzAJBgNVBAYTAk5MMRcwFQYDVQQKDA5E +aWdpTm90YXIgQi5WLjEyMDAGA1UEAwwpRGlnaU5vdGFyIFBLSW92ZXJoZWlkIENB +IE9yZ2FuaXNhdGllIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCxExkPJ+Zs1FWGS9DsiYpFkXisR71HK+T8RetPtCZzWzfTw3/2497Xo/gtaMUI +PkuU1uSHJTZrhLUYdPMoWHMvm2rPvAQe9t7dr/xLqvXbZmIlASWC3vKXWhBu3V2p +IrEEqSNzOvhxrR3PhETrR9Gvbch8KKvH8jd6dF9fxQIUiqNa4xtsAeNdjtlo1vQJ +GzLckbUs9SDrjANtJkm4k8SFXdjSm69WaswFM8ygQp40VUSca6DUEtArVM23iQ3l +9uvo+4UBM096a/GdcjOWDveyhKWlJ8Qn8VFzKXe6Z27+TNy04qGhgS85SY1DOBPO +0KVcwoc6AGdlQiPxNlkKHaNRyLyjlCox3+M88p0aPASw77EKMBNzttfzo0wBdRSF +eMDXijlYhVD6LubFvs+LP6+PNtQlCS3SD6xyk/K/i9RQs/kVUJuZ9RTZ+4uRozIm +JqD43ztggYaDeVsr6xM9KTrBbd29no6H1kquNJcF7hSm9tw4fkrpJFQHPZdoN0Zr +DceoIa8TVOQJavFNRgrJXfubT73e+7dUy7g4nKc5+2otwHuNq6WnV+xKkoozxeEg +XHPYkJIrgNUPhhhpfDlPhIa890xb89W0yqDC8DciynlSH1PmqvOQsDvd8ij9rOvF +BiSgydQvD1j9tZ7sD8+yWdCiBHo4aq5y+73wJWKUCacFCwIDAQABo4IBYTCCAV0w +SAYDVR0gBEEwPzA9BgRVHSAAMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZGln +aW5vdGFyLm5sL2Nwcy9wa2lvdmVyaGVpZDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjCBhQYDVR0jBH4wfIAUORCLSZJc22ESIM1JnRqO2pxnQLmhXqRc +MFoxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x +KzApBgNVBAMMIlN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENBIC0gRzKCBACY +lvQwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5wa2lvdmVyaGVpZC5ubC9E +b21PcmdhbmlzYXRpZUxhdGVzdENSTC1HMi5jcmwwHQYDVR0OBBYEFLxdlDvZq3sD +JXNhwtst7vyrj2WhMA0GCSqGSIb3DQEBCwUAA4ICAQCP/C1Mt9kt1R+978v0t2gX +dZ1O1ffdnPEqJu2forYcA9VTs+wIzzTi48P0tRYvyMO+19NzqwA2+RpKftZj6V5G +uqW2jhW3oyrYQx3vXcgfgYWzi/f/PPTZ9EYIP5y8HaDZqEzNJVJOCrEg9x/pQ9lU +RoETmsBedGwqmDLq/He7DaWiMZgifnx859qkrey3LhoZcfhIUNpDjyyE3cFAJ+O1 +8BVOltT4XOOGKUYr1zsH6zh/yIZXl9PvKjPEF1DVZGlrK2tFXl0vF8paTs/D1zk8 +9TufRrmb5w5Jl53W1eMbD+qPAU6aE5RZCgIHSEsaYKt/T+0L2FUNaG9VnGllFULs +wNzdbKzDFs4LHVabpMTE0i7gD+JEJytQaaTcYuiKISlCbMwAOpZ2m+9AwKRed4Qy +bCYqOWauXeO5ubIsaB8empADOfCqs6TMSYsYNOk3yXspx4R8b0QVL+xhWQTJRcui +1lKifH8pktZKxYtCqNT+6tjHhyMY5J16fXNAUpigrm7jBT8FD+Clxm1N7YM3iJzH +89xCmmq21yFJNnfy7xhPxXDZnunetyuL9Lx+KN8NQMmFXK6dxTH/0FwOtah+8Okv +uq+IruW10Vilr5xxpykBkINpN4IFuvwJwQhujHg7wzMCgD9EhQgd31VWCK0shS1d +sQPhrqp0xaTzTro3mHuCuQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/diginotar_public_ca_2025.pem b/pki/testdata/ssl/certificates/diginotar_public_ca_2025.pem new file mode 100644 index 0000000000..c81461a59d --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_public_ca_2025.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp +Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww +HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES +MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB +IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72 +Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA +SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU +Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s +xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad +6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB +sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh +dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM +100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB +AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv +Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv +dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv +IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0 +hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM +LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV ++m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ +ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE +wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4 +a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC +4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr +asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG +yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ +Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G +fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC +hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY +MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1 +hOiR4IX9Tg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/diginotar_root_ca.pem b/pki/testdata/ssl/certificates/diginotar_root_ca.pem new file mode 100644 index 0000000000..b972b4bc50 --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_root_ca.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp +Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww +HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES +MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg +MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B +8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY +tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl +HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj +zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU +JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM +ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv +a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p +K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi +puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT +yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO +owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC +jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy +fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo +Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo +M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM +Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed +2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH +/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl +nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE +O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU +9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9 +j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/diginotar_services_1024_ca.pem b/pki/testdata/ssl/certificates/diginotar_services_1024_ca.pem new file mode 100644 index 0000000000..d32de7afda --- /dev/null +++ b/pki/testdata/ssl/certificates/diginotar_services_1024_ca.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzTCCAzagAwIBAgIERpwssDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u +ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc +KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u +ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3 +MjYxNTU5MDBaFw0xMzA4MjYxNjI5MDBaMGgxCzAJBgNVBAYTAk5MMRIwEAYDVQQK +EwlEaWdpTm90YXIxIzAhBgNVBAMTGkRpZ2lOb3RhciBTZXJ2aWNlcyAxMDI0IENB +MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA2ptNXTz50eKLxsYIIMXZHkjsZlhneWIrQWP0iY1o2q+4 +lDaLGSSkoJPSmQ+yrS01Tc0vauH5mxkrvAQafi09UmTN8T5nD4ku6PJPrqYIoYX+ +oakJ5sarPkP8r3oDkdqmOaZh7phPGKjTs69mgumfvN1y+QYEvRLZGCTnq5NTi1kC +AwEAAaOCASYwggEiMBIGA1UdEwEB/wQIMAYBAf8CAQAwJwYDVR0lBCAwHgYIKwYB +BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwMwYI +KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l +dDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L3NlcnZl +cjEuY3JsMB0GA1UdDgQWBBT+3JRJDG/vXH/G8RKZTxZJrfuCZTALBgNVHQ8EBAMC +AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowGQYJKoZIhvZ9B0EA +BAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAY3RqN6k/lpxmyFisCcnv +9WWUf6MCxDgxvV0jh+zUVrLJsm7kBQb87PX6iHBZ1O7m3bV6oKNgLwIMq94SXa/w +NUuqikeRGvWFLELHHe+VQ7NeuJWTpdrFKKqtci0xrZlrbP+MISevrZqRK8fdWMNu +B8WfedLHjFW/TMcnXlEWKz4= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/duplicate_cn_1.p12 b/pki/testdata/ssl/certificates/duplicate_cn_1.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7d603dc876c2efa586d1aaa6a9f977ff1f6d6b71 GIT binary patch literal 2405 zcmY+Ec{CJ?9>-_5hHPV)>`Q~0W~i}m*>@8&QnF=duED!5O{9rTgt1G}C?+CV2iFp^ z7ZRR5RAfs^Woz=f=e+msdw=}S@0`!~obP|1FP6sR4FZC(G#(WgkLpdUo4dz=TtFs` zM*>3Q5&eaQurzSr-w}*S12_Fb^&lYN*L(7J0>mO=y#H?C2g0xd5N_K`c*)AaSuzO3 z4Tz_K>X}oPY+mjUKR9unx-J7~tudS9HGc$1p_YBW zS}$-fJ5*e61pg&mvfU|5tcspM9qxc3W)# z(U-Kb8SF+?+f;eu!hzyr+0H$_@!APX>)E9h37!9( z4I!~UZqZS1p6<>sNVyXT3^iQ*rkQ$Lyhm70Wg6TNa;Yv=i7O&U@btuqy#4~@j*K@s zDCsK7y)gWN{_x9N)jib1$jv&oAwm)ewJ){#2Q!6q!&CL49n*Q%Q%vXuihiMhGT0{{ z&S_h2xYi*#Jw4kQl$v)50kpQQjut+Twd{A!bc!dn;<xIeJEX04dmah@{}vJI#A*8}5K8(Y2n!x38C< zj>{verIs31;sN>7EXok~F0ZmNZsGZaX>FZFi7#u?<@j#Y-JS8+!=eK!8hZl&J%KjzV?P*PWBH9J@xu3?wlb9* z+uIz80-R`>CUB5|^k|vUN1Y%8pGWFFs=gyzt9=v8=Bzl;C>d6P&~hMmt55&h#+8+J zE+gPx_>Gc$g&2wf|4ayW(ZM5;P}=a7>T*^bW0l49xVVMzr~pY<1s0P^cGcn!38F33 zy$j&y({`6Bys0DHGKeqh(mIWS<@L<6!qye!!&qTI3vLW0zf-L!w(dCJj5m*QSq?H* zweR(_KZsWp2PQH%80XspalzPI2N8b6?bJi#SEK2?zRM2&qgwZt#ilK=%u%wvRQ@$r z4m_URQTq6+9^vqp&QO#85td1VYCvdE%rC6^>y%-9|IwEh2x8J8TUZ)o{r{{6|7G>C z&r-)-h0XrItcK7a{W*M9gi1OiGb0O_-!?}(IODxyg-tHES-p)HwA(z#M zX5F5EzKUC*AG??`vNRz zuDLI(eHswwF9Mq)yKCt5c}1387ka>9LS zPcbH2BW&$k7vC>4MVOiM_dtZ=H%nw9J>PMD+L?&H}Oq2 zVF5gXIIQ&$Oz%-m;vC#JBobkZ_ITCzXmu>JkmRs{(0LJH*>M$ZJ2LV8Mg06dh|xL6 zStj?IqGZ*L@xhQxFUwa!eEal_F0Oj7JvA)pM@E*bU62IE*b6}+I3X@Hrj+|DKbDVw ztKQ>qTMqvw_}GX|A$Bp9VH!hwSNj32>tRF37N!4I73uL{FcA;CA!O&iZKur&$L{^f zNttY}uqRV1-#Lg*HM^W4wfj|}yaH!+EQMr0bLI8vwo==>R)%|4c&xr=zro+UW;_^! zyw~wbRyT6s$2mjx@ufRISTCBZIJ)oiS@Ids>;!B}s85IrX6LO||B{UA3|Zk~Nwtnj zuBi;PSI@@&;nRpLA?2uT>y^qBoT>9$CEj(HvSObJ3_(RXBXh-#-S085kEs?^lX7Sp zT=iOhAQPP7rjnSeugP98I&b~>_RN_{q6}A{>i5BnlMlZxxkRNv(QjPW2n>h-f6I$Y2tSpH{1QbIg_`{1O% z;>g9^L|W}A?isGh@5GxZ%S-(CpWRD(zmch5a^_Em0n<#?%goaZYciBDaxDApo`%_mMU+Z9=({}OfH<)&RSd^ku<`X zrTouLPc6UfQ-F;6!fHgq@B1qT4pzb&O1a%W;hHCP)oZMxYvP_^#n3+wKy*=&9Bad2 z`Z3X}oZkVL&n3UJKjxiB6wE4dv6n+~MnB})fs@khJSXUn+FD9y05LDQQ@#2yb>^=` zv~o9l3@%m7V31EP2+Vfxu`RNag*+SP^;3SA)hK7dD`5I2G1pm|$h&JvI~Xv4Go&^v z=)B)_TqxtFwVA=gNwZAIec~T)qN&qsilj!hj26+IkfO#B&K}aNB&2&qQ_y@lsJP;k z6U+-$+X_bu+r5+w%UK!VKi1||Q*ccJJTR!502m|*1wceMp4Q0Dt**~khn75rinw!k UMfOl3+-VFcrd#+p`>&P!7cFc?(f|Me literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/duplicate_cn_1.pem b/pki/testdata/ssl/certificates/duplicate_cn_1.pem new file mode 100644 index 0000000000..f68db184c7 --- /dev/null +++ b/pki/testdata/ssl/certificates/duplicate_cn_1.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B Root CA + Validity + Not Before: Aug 14 02:46:40 2014 GMT + Not After : Aug 11 02:46:40 2024 GMT + Subject: O=Foo, CN=Duplicate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:fc:af:a7:fa:a6:12:6f:5d:06:26:96:7c:33: + d1:9f:53:a3:6e:e3:ea:e4:ba:d4:28:3c:f5:c3:60: + 31:80:39:9b:df:ca:4f:08:0b:16:ee:fc:63:06:ae: + ad:dd:77:3a:3e:63:28:be:c3:96:f7:9a:64:6f:b9: + 6e:42:67:5b:12:3d:a3:97:d9:6f:5f:f4:06:a0:58: + 52:57:34:d3:4e:48:91:a6:89:87:1e:0f:d1:f7:ea: + 0e:40:67:bb:ac:c2:5f:bf:df:74:7a:55:42:e7:d5: + 3a:0d:83:15:48:f5:a7:dc:2f:e2:ad:14:32:a4:b0: + b0:c2:4f:1b:12:d4:d6:48:74:15:53:37:02:1b:5d: + b6:9b:00:2c:2c:5e:0a:38:5c:5b:54:71:05:8e:5c: + 76:7e:08:96:2f:44:5b:bd:4b:2e:c1:ce:b3:75:ce: + 87:d8:2c:bb:fa:7d:01:3b:7d:39:e5:c4:7b:98:1a: + a8:39:40:6a:f4:e8:5e:b0:f0:6b:3b:0e:5c:35:31: + ae:47:d7:f0:5d:a7:92:6d:92:19:03:4c:97:56:fc: + ce:7a:96:d6:14:e3:d2:23:53:76:99:2c:4a:5c:af: + 8b:7d:e0:3e:69:0f:5f:29:84:6d:91:89:10:66:83: + 03:4b:c2:86:20:95:68:b7:96:98:90:bd:56:ff:c9: + 84:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + D0:52:53:5F:31:41:A7:B9:87:82:9A:D8:41:83:68:CA:C6:09:DA:0E + X509v3 Authority Key Identifier: + keyid:BC:94:98:39:BF:60:C1:09:AB:08:89:D8:FA:2D:82:FF:15:2D:71:EC + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 48:bc:05:2b:d3:f8:4c:bf:c3:d8:13:73:df:3d:d6:89:61:f5: + 40:61:e8:2a:cf:8d:f4:0e:6f:62:56:b3:66:70:05:11:2b:d9: + 22:b7:6e:5c:d5:a3:00:14:ba:ac:f1:bd:3b:34:58:bc:b5:36: + 8f:46:c6:73:38:3d:b5:52:62:7f:9d:cb:c4:9e:9f:ce:27:50: + 7a:e4:d0:7d:7c:d6:73:ec:da:3a:08:1f:65:85:6c:19:2b:b2: + 8a:09:3a:ba:78:09:73:c0:4f:00:a9:59:a3:11:91:42:9b:a7: + 21:52:2d:69:c3:bd:63:84:52:4d:06:9c:d9:6f:3a:e6:4d:e2: + aa:6f:e0:de:14:4b:62:33:bf:23:01:4f:68:09:5b:b4:4d:f5: + 5c:f6:c2:2a:40:db:cb:6f:d7:7d:41:5c:a3:49:8f:ff:bc:02: + c6:34:b2:73:ec:e5:7b:90:dd:ee:2e:82:1d:ea:d8:9c:e9:72: + cb:1c:9b:fe:1c:b7:61:dd:eb:49:dd:56:f4:f8:b8:b9:13:05: + 9e:ca:91:cb:e6:58:14:b5:69:e8:a7:66:e9:b9:7c:c1:a4:bf: + c9:4f:09:b1:be:5b:ab:53:6e:99:2a:9d:61:dc:a8:4c:ae:c1: + 40:68:8d:9c:c5:86:e3:bd:5d:78:0f:c0:31:1e:c5:08:b5:85: + 2d:c3:ea:8f +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlCIFJv +b3QgQ0EwHhcNMTQwODE0MDI0NjQwWhcNMjQwODExMDI0NjQwWjAiMQwwCgYDVQQK +DANGb28xEjAQBgNVBAMMCUR1cGxpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK78r6f6phJvXQYmlnwz0Z9To27j6uS61Cg89cNgMYA5m9/KTwgL +Fu78Ywaurd13Oj5jKL7DlveaZG+5bkJnWxI9o5fZb1/0BqBYUlc0005IkaaJhx4P +0ffqDkBnu6zCX7/fdHpVQufVOg2DFUj1p9wv4q0UMqSwsMJPGxLU1kh0FVM3Ahtd +tpsALCxeCjhcW1RxBY5cdn4Ili9EW71LLsHOs3XOh9gsu/p9ATt9OeXEe5gaqDlA +avToXrDwazsOXDUxrkfX8F2nkm2SGQNMl1b8znqW1hTj0iNTdpksSlyvi33gPmkP +XymEbZGJEGaDA0vChiCVaLeWmJC9Vv/JhJsCAwEAAaNvMG0wDAYDVR0TAQH/BAIw +ADAdBgNVHQ4EFgQU0FJTXzFBp7mHgprYQYNoysYJ2g4wHwYDVR0jBBgwFoAUvJSY +Ob9gwQmrCInY+i2C/xUtcewwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC +MA0GCSqGSIb3DQEBCwUAA4IBAQBIvAUr0/hMv8PYE3PfPdaJYfVAYegqz430Dm9i +VrNmcAURK9kit25c1aMAFLqs8b07NFi8tTaPRsZzOD21UmJ/ncvEnp/OJ1B65NB9 +fNZz7No6CB9lhWwZK7KKCTq6eAlzwE8AqVmjEZFCm6chUi1pw71jhFJNBpzZbzrm +TeKqb+DeFEtiM78jAU9oCVu0TfVc9sIqQNvLb9d9QVyjSY//vALGNLJz7OV7kN3u +LoId6tic6XLLHJv+HLdh3etJ3Vb0+Li5EwWeypHL5lgUtWnop2bpuXzBpL/JTwmx +vlurU26ZKp1h3KhMrsFAaI2cxYbjvV14D8AxHsUItYUtw+qP +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/duplicate_cn_2.p12 b/pki/testdata/ssl/certificates/duplicate_cn_2.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1966cfacad4a1ea99517a61e4b425266098a2870 GIT binary patch literal 2405 zcmY+EcQhM{9>--NL`2QndsGplZdIwhN2w8wy;E9LXlxB~?OE+@8?#FER%_L&qQ{_N;I7g+GeDziovPF#9y`^oU zG*lN+EROsXvOv1k%dFZym5g0w^D7CgVe}93_*ki=dFRh#ppI0Ay0Ieh^MMhnNAac^ zE}Io?B6b`~%0BDSiUXk~H_$yFYocBWkAH0_C_Z84Rtd6s;#JnC<2Tg9#1tQ?$6v&A z0pCiQ?!*up=@^LJ6T|36pJZGjW=*1V&@@w45FV^C8CDv+oy<^$M+(~`*Tx?lzpFLGTOOs$YW<;S-a=&T==< zWfJ-|xL9#}_$d2=bxXFEKjo%m{oLK9px)m3Cds41h%F6+oBW@;X(`O**GfgKw~kYv zn%TOOi$4~$RNt*r805{eBl)=1gGmMIMlGqcrwC)66bkst^ND_y@1UX!wZoA&aCQMFnVWFeETZ zIRF-D$UW(fBj4UIj^`b(<_@x4jkR;`>$+!OIa#yAsy*Zi+c?Qky!&g>c2BE+-~He; zhKE*+s{{1Ts|jCggYF~o5Z(U~wipjl0plTxKk=oXC(X$EAAMN>z+yaj3yBA>|DV;M zzpY*ibxW!_-C_CLYA_z$7k_Dxq}K>T8ODl6`q8z3fYvxbax(o&eW0W@11GA&QuKur zZ?KZ^(yb+^ENfkzrOWo_3zoC*j@qe~_|gDlQy~tAvy_thUlRauN7E3?pCy^Lp=-^C9y4b%8DID!!Pa+d5LwrcUl!nM(F7z55(7zL;s3p#Abwne`R3xoF?p&A9w=sAu28!+_%olDAF24 zp_vQJ)uK2B$I$P)kVpQy&JAhizSsX+jq+83Z_u9<$>zd@x%@KUL(#*)XjI}zHYX~^ zr1??igvw4IZYR0g!fGb;B^Ol00nxJZB2PQ+7!na7=GWJvyP(-A|JRsZnjcLc*7jK|7iI>z#IMPR!wAUNO5|8IQ5(%D4$UR;1}bBR zvC5SUJuI=(mdx(GVdkXiE&&G=^s;TPtREtA&Ee_5VVpwU00-nZkexR-=s~H#(GIpM7=Svj639vvvGMVJ{2*qwIC56 z>=~x1j3soMW*YpVTI)7xFrwZ&kyK^t+SQn8OF*PdmBZEvU`IX<)07TA>5Nnp*M8eL zdn$Ld!=1*w;PMNbhO?2tU6IS@U4rDd3E{0e%{7ioJKdhO+=AOq59-)QPq3W&%})kV zbXTJ{d^lE|9ed%-=Os7P(PRA$`L|Cecl-*$8%_Y30PV`Q^D~j0 z9>jvKQLirvD8v-hs+?QH(FSwrQ9_t z2CpFEN+1FaKOAXezrh#*7})4a=@?D?t>_yEHlC=w5zABNENm!_O`SOO_`8y?dj4VC&F$Gt8^Tld+3NJJ=E&lj+^#qW!KE}j# zm2Y`iDJs>}6E5Oi2|2V3YRmTevP-}OncjHo;?`LKxhNwsHmfX!l=$yDLb;WBz+9oU zGY;B_2Gz!C5>Nym1Mn^$3L}+~Vn`?>L>>+T@yLc%5UN!if T^bE}GoS9ny(Y~eg_e%Z?cT8dH literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/duplicate_cn_2.pem b/pki/testdata/ssl/certificates/duplicate_cn_2.pem new file mode 100644 index 0000000000..aad7daf7ee --- /dev/null +++ b/pki/testdata/ssl/certificates/duplicate_cn_2.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B Root CA + Validity + Not Before: Aug 14 02:46:40 2014 GMT + Not After : Aug 11 02:46:40 2024 GMT + Subject: O=Bar, CN=Duplicate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:fc:af:a7:fa:a6:12:6f:5d:06:26:96:7c:33: + d1:9f:53:a3:6e:e3:ea:e4:ba:d4:28:3c:f5:c3:60: + 31:80:39:9b:df:ca:4f:08:0b:16:ee:fc:63:06:ae: + ad:dd:77:3a:3e:63:28:be:c3:96:f7:9a:64:6f:b9: + 6e:42:67:5b:12:3d:a3:97:d9:6f:5f:f4:06:a0:58: + 52:57:34:d3:4e:48:91:a6:89:87:1e:0f:d1:f7:ea: + 0e:40:67:bb:ac:c2:5f:bf:df:74:7a:55:42:e7:d5: + 3a:0d:83:15:48:f5:a7:dc:2f:e2:ad:14:32:a4:b0: + b0:c2:4f:1b:12:d4:d6:48:74:15:53:37:02:1b:5d: + b6:9b:00:2c:2c:5e:0a:38:5c:5b:54:71:05:8e:5c: + 76:7e:08:96:2f:44:5b:bd:4b:2e:c1:ce:b3:75:ce: + 87:d8:2c:bb:fa:7d:01:3b:7d:39:e5:c4:7b:98:1a: + a8:39:40:6a:f4:e8:5e:b0:f0:6b:3b:0e:5c:35:31: + ae:47:d7:f0:5d:a7:92:6d:92:19:03:4c:97:56:fc: + ce:7a:96:d6:14:e3:d2:23:53:76:99:2c:4a:5c:af: + 8b:7d:e0:3e:69:0f:5f:29:84:6d:91:89:10:66:83: + 03:4b:c2:86:20:95:68:b7:96:98:90:bd:56:ff:c9: + 84:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + D0:52:53:5F:31:41:A7:B9:87:82:9A:D8:41:83:68:CA:C6:09:DA:0E + X509v3 Authority Key Identifier: + keyid:BC:94:98:39:BF:60:C1:09:AB:08:89:D8:FA:2D:82:FF:15:2D:71:EC + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 39:4e:04:66:dd:24:5b:71:c4:aa:9b:e2:97:f1:02:63:43:aa: + 3c:b5:a0:cb:9a:da:40:f5:b7:30:6d:04:14:c4:7a:e6:9f:8a: + 89:23:3a:71:60:7e:8a:d8:07:aa:2c:fb:b3:27:1a:e6:cd:78: + 1f:03:7b:6d:be:d1:67:4e:39:77:43:a6:e4:b1:ab:89:31:14: + b5:b7:b0:88:fd:1f:e2:a8:9e:1f:b6:bf:f2:6e:a1:6b:13:3d: + 57:98:1e:7c:a9:39:c7:27:99:97:3f:d4:e1:11:43:26:aa:05: + 71:c2:9f:3f:92:b9:17:d5:3a:e1:ab:ca:59:06:fb:fd:18:b1: + a8:b9:76:69:da:40:d7:f9:e9:86:d7:9c:94:bc:5d:5c:4f:9a: + c6:80:15:05:da:d9:c8:9a:ad:7a:81:3f:a8:1f:63:db:14:04: + 9e:2b:10:4e:14:99:02:6f:72:73:f4:b4:8c:18:3d:52:9f:35: + 6d:48:c7:8d:55:8f:9b:68:c8:7e:a4:56:0b:e6:6a:19:b0:ab: + ab:76:19:d4:02:01:eb:dd:9b:e1:78:b0:1f:11:83:38:b0:bf: + 25:5a:0b:d7:c8:6f:f0:6f:1e:91:9a:62:8a:22:79:7d:1f:6e: + b6:e3:1a:5c:f9:aa:8e:f0:a4:d2:55:fc:ea:e5:48:3c:1e:6a: + e5:a4:4e:01 +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlCIFJv +b3QgQ0EwHhcNMTQwODE0MDI0NjQwWhcNMjQwODExMDI0NjQwWjAiMQwwCgYDVQQK +DANCYXIxEjAQBgNVBAMMCUR1cGxpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK78r6f6phJvXQYmlnwz0Z9To27j6uS61Cg89cNgMYA5m9/KTwgL +Fu78Ywaurd13Oj5jKL7DlveaZG+5bkJnWxI9o5fZb1/0BqBYUlc0005IkaaJhx4P +0ffqDkBnu6zCX7/fdHpVQufVOg2DFUj1p9wv4q0UMqSwsMJPGxLU1kh0FVM3Ahtd +tpsALCxeCjhcW1RxBY5cdn4Ili9EW71LLsHOs3XOh9gsu/p9ATt9OeXEe5gaqDlA +avToXrDwazsOXDUxrkfX8F2nkm2SGQNMl1b8znqW1hTj0iNTdpksSlyvi33gPmkP +XymEbZGJEGaDA0vChiCVaLeWmJC9Vv/JhJsCAwEAAaNvMG0wDAYDVR0TAQH/BAIw +ADAdBgNVHQ4EFgQU0FJTXzFBp7mHgprYQYNoysYJ2g4wHwYDVR0jBBgwFoAUvJSY +Ob9gwQmrCInY+i2C/xUtcewwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC +MA0GCSqGSIb3DQEBCwUAA4IBAQA5TgRm3SRbccSqm+KX8QJjQ6o8taDLmtpA9bcw +bQQUxHrmn4qJIzpxYH6K2AeqLPuzJxrmzXgfA3ttvtFnTjl3Q6bksauJMRS1t7CI +/R/iqJ4ftr/ybqFrEz1XmB58qTnHJ5mXP9ThEUMmqgVxwp8/krkX1Trhq8pZBvv9 +GLGouXZp2kDX+emG15yUvF1cT5rGgBUF2tnImq16gT+oH2PbFASeKxBOFJkCb3Jz +9LSMGD1SnzVtSMeNVY+baMh+pFYL5moZsKurdhnUAgHr3ZvheLAfEYM4sL8lWgvX +yG/wbx6RmmKKInl9H2624xpc+aqO8KTSVfzq5Ug8HmrlpE4B +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/eku-test-root.pem b/pki/testdata/ssl/certificates/eku-test-root.pem new file mode 100644 index 0000000000..c233e40956 --- /dev/null +++ b/pki/testdata/ssl/certificates/eku-test-root.pem @@ -0,0 +1,77 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 55:72:d4:d8:57:fc:9c:cf:51:b8:6c:e7:a7:d1:a6:f3:b3:f1:25:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = 2048 RSA Test Root CA + Validity + Not Before: Feb 17 17:08:50 2023 GMT + Not After : Feb 14 17:08:50 2033 GMT + Subject: CN = 2048 RSA Test Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:bc:d5:52:0a:01:4c:04:65:37:00:73:17:af: + 1a:53:d5:0a:b1:9c:c0:5b:20:ff:c0:b4:bd:f2:d4: + b2:1d:2c:a5:c3:d7:eb:68:b7:f7:ab:2d:b3:6c:00: + c2:7a:b0:f7:5e:b1:8b:29:92:79:08:37:f6:ec:46: + 2d:66:29:7c:66:8c:d4:54:f0:35:4d:ad:1e:e6:ef: + 4f:43:9d:96:2f:78:49:66:eb:ea:4f:b9:e9:eb:27: + 33:6e:03:1f:3b:c1:e4:6d:bb:a9:68:62:1c:fd:78: + 0d:57:f2:58:89:16:4f:8d:1d:2d:94:2a:ea:b8:1a: + 1b:57:b8:ad:8f:67:44:23:04:7f:c9:1a:1c:4a:f3: + 19:15:1a:39:a6:fc:c9:17:ae:5e:40:97:e2:b3:ec: + 02:4c:1b:65:0e:99:6a:d4:fe:c7:04:56:14:0c:8e: + 0f:ee:e8:fb:4e:63:c4:cf:4a:36:ac:f5:a6:f7:1d: + 26:07:e9:33:a9:f3:31:ee:1d:27:fc:15:10:a5:83: + 7e:59:26:6e:24:32:87:af:19:31:6c:99:24:05:d9: + 55:71:03:b8:b3:b6:75:f8:ee:04:ff:04:7f:b0:b6: + 57:ad:24:e3:a6:f9:46:2c:f7:b5:53:31:d6:49:c6: + c3:1e:7f:a4:f0:6d:47:32:c9:8a:ff:f3:b6:7b:fd: + d3:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D5:28:55:87:C7:A3:BF:D7:C4:CE:BE:3D:01:D2:BE:8B:7C:E4:E2:E2 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 17:28:d3:4e:0f:70:db:86:b8:08:e2:0d:92:d1:4c:f6:32:70: + 52:6b:3f:1f:96:a0:bd:a4:d4:f8:ed:b5:a4:9e:0a:ef:45:09: + e4:1f:8a:af:50:2d:03:4e:1c:ed:46:71:3d:91:d6:a9:0f:8f: + bb:4f:38:a4:3c:18:2f:ff:1f:07:9e:17:06:a6:9a:f9:4d:01: + f6:79:c9:aa:fe:01:90:79:dd:d3:eb:6d:ea:0b:b9:6c:df:9c: + 1f:4f:31:25:70:71:58:9c:62:6a:5a:85:7d:8f:20:ae:97:d4: + e0:69:8a:79:4d:48:34:fe:c0:99:98:c3:33:ce:f3:07:80:c2: + 4b:95:a3:2e:ba:cb:ee:d7:4d:a3:e1:88:9e:71:8b:64:47:83: + 02:02:72:b0:46:ca:4f:e3:b1:f4:2c:f1:65:58:09:7a:81:18: + b7:35:55:50:6a:37:0a:0f:87:d3:d2:b2:2f:6f:93:e1:7d:e2: + ca:50:1f:a9:a4:6d:bc:40:1a:6e:d4:55:5e:99:e0:9c:77:7c: + b0:06:d3:7b:0b:cb:a2:9a:3a:9a:06:b6:59:3d:50:d5:d0:7b: + e0:51:c4:88:38:24:ba:80:3c:f0:42:07:24:c3:5c:e2:b5:6e: + bf:8b:37:b1:df:e9:7e:6e:33:d6:b2:af:d5:51:62:eb:b0:5a: + 52:54:52:a3 +-----BEGIN CERTIFICATE----- +MIIDEDCCAfigAwIBAgIUVXLU2Ff8nM9RuGznp9Gm87PxJfowDQYJKoZIhvcNAQEL +BQAwIDEeMBwGA1UEAwwVMjA0OCBSU0EgVGVzdCBSb290IENBMB4XDTIzMDIxNzE3 +MDg1MFoXDTMzMDIxNDE3MDg1MFowIDEeMBwGA1UEAwwVMjA0OCBSU0EgVGVzdCBS +b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LzVUgoBTARl +NwBzF68aU9UKsZzAWyD/wLS98tSyHSylw9fraLf3qy2zbADCerD3XrGLKZJ5CDf2 +7EYtZil8ZozUVPA1Ta0e5u9PQ52WL3hJZuvqT7np6yczbgMfO8HkbbupaGIc/XgN +V/JYiRZPjR0tlCrquBobV7itj2dEIwR/yRocSvMZFRo5pvzJF65eQJfis+wCTBtl +Dplq1P7HBFYUDI4P7uj7TmPEz0o2rPWm9x0mB+kzqfMx7h0n/BUQpYN+WSZuJDKH +rxkxbJkkBdlVcQO4s7Z1+O4E/wR/sLZXrSTjpvlGLPe1UzHWScbDHn+k8G1HMsmK +//O2e/3TfwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVKFWH +x6O/18TOvj0B0r6LfOTi4jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQAD +ggEBABco004PcNuGuAjiDZLRTPYycFJrPx+WoL2k1PjttaSeCu9FCeQfiq9QLQNO +HO1GcT2R1qkPj7tPOKQ8GC//HweeFwammvlNAfZ5yar+AZB53dPrbeoLuWzfnB9P +MSVwcVicYmpahX2PIK6X1OBpinlNSDT+wJmYwzPO8weAwkuVoy66y+7XTaPhiJ5x +i2RHgwICcrBGyk/jsfQs8WVYCXqBGLc1VVBqNwoPh9PSsi9vk+F94spQH6mkbbxA +Gm7UVV6Z4Jx3fLAG03sLy6KaOpoGtlk9UNXQe+BRxIg4JLqAPPBCByTDXOK1br+L +N7Hf6X5uM9ayr9VRYuuwWlJUUqM= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ev_test.pem b/pki/testdata/ssl/certificates/ev_test.pem new file mode 100644 index 0000000000..36fc814ce2 --- /dev/null +++ b/pki/testdata/ssl/certificates/ev_test.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 05:1a:d9:14:e2:4e:b8:9f:be:d0:25:9e:80:e4:f8:22:bc:71:9d:be + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test Org + Validity + Not Before: Oct 3 17:20:32 2022 GMT + Not After : Oct 2 17:20:32 2024 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test Org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9f:e4:ed:a7:ff:2d:7e:3b:26:5a:d2:5f:5e:81: + 5d:b7:b0:c7:b6:7c:dc:0b:5c:b2:f5:0f:f6:ee:7b: + 34:cc:4b:91:c4:bf:36:ea:0c:4c:c2:b6:d8:8f:5d: + 35:cc:1e:63:43:a8:3f:e6:36:47:1a:fa:c7:30:89: + 8d:5f:cd:74:66:69:1c:50:69:6d:b6:ac:25:95:ef: + 49:fb:1b:7f:13:45:1b:8a:2d:88:06:4c:b4:36:20: + a2:6e:44:e5:f9:fe:e4:84:de:93:64:7f:22:22:46: + 3e:5c:f6:c3:6b:a2:66:05:27:a6:29:91:3d:70:8b: + b9:f3:07:85:01:e7:79:25:aa:8f:88:b4:8f:6a:17: + a7:5f:23:5a:50:5e:f0:ce:52:f5:1c:a5:b0:d2:76: + 8a:f7:75:7f:0e:57:e9:c3:74:2c:f1:ad:25:9a:4c: + 4b:ad:f9:91:a7:e2:18:db:19:79:7c:6f:1d:8f:c0: + ad:f7:39:ae:6b:1c:75:9e:30:70:04:81:f9:33:25: + 38:aa:df:0d:ad:73:2e:b1:5c:03:99:a0:7f:01:db: + 62:c9:77:ed:da:9b:e6:92:0c:a8:f9:51:f0:66:0b: + 8c:0f:00:a5:fa:5d:9b:14:e0:5f:57:0a:75:a5:cc: + a2:ba:f9:06:9b:bd:6b:d9:d7:c1:e0:02:b4:d0:c2: + b9:1f + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 42:f5:17:0a:da:d7:5c:2c:1f:af:04:99:e9:d9:d6:4c:0c:d6: + cb:ac:6d:0d:4c:0f:b0:3a:18:36:ab:68:d2:5f:8e:d9:e0:13: + a2:64:bf:72:33:7f:86:c2:26:d8:40:5c:af:38:0b:5b:22:30: + dc:88:4f:5f:73:b0:0b:60:b9:30:be:8d:b9:54:9e:f9:2d:c8: + fb:d1:07:49:56:16:7a:8f:f2:7e:c4:c0:9b:be:f4:2d:a7:4c: + de:eb:cc:d5:fe:6f:ab:cf:65:15:f6:ab:1f:ed:1f:5d:09:4a: + 65:aa:3e:5c:55:af:21:d9:ea:2c:4e:d4:f9:37:70:84:12:f5: + 99:fb:89:d0:eb:9d:d2:62:b6:03:43:0f:e7:72:22:16:58:58: + a3:7c:b8:ee:f1:fd:76:73:5d:31:08:82:68:78:9b:9c:88:3e: + 53:b8:76:0e:a4:9e:36:95:7f:f5:18:d5:32:fb:08:54:1c:89: + 8e:73:80:13:99:39:32:79:ba:c1:00:aa:d3:ab:05:a6:d1:27: + fb:22:95:68:2f:c1:7a:5a:92:73:6a:de:0e:b4:c5:c8:9f:e6: + 4e:8b:68:d2:23:5d:3c:16:54:02:dd:90:12:4e:fb:2c:a5:3b: + 42:46:bb:67:e6:bb:1b:f6:94:75:30:91:28:cd:a1:db:6e:1d: + be:db:be:f8 +-----BEGIN CERTIFICATE----- +MIIDITCCAgkCFAUa2RTiTrifvtAlnoDk+CK8cZ2+MA0GCSqGSIb3DQEBCwUAME0x +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3Vu +dGFpbiBWaWV3MREwDwYDVQQKDAhUZXN0IE9yZzAeFw0yMjEwMDMxNzIwMzJaFw0y +NDEwMDIxNzIwMzJaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh +MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MREwDwYDVQQKDAhUZXN0IE9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/k7af/LX47JlrSX16BXbewx7Z8 +3AtcsvUP9u57NMxLkcS/NuoMTMK22I9dNcweY0OoP+Y2Rxr6xzCJjV/NdGZpHFBp +bbasJZXvSfsbfxNFG4otiAZMtDYgom5E5fn+5ITek2R/IiJGPlz2w2uiZgUnpimR +PXCLufMHhQHneSWqj4i0j2oXp18jWlBe8M5S9RylsNJ2ivd1fw5X6cN0LPGtJZpM +S635kafiGNsZeXxvHY/Arfc5rmscdZ4wcASB+TMlOKrfDa1zLrFcA5mgfwHbYsl3 +7dqb5pIMqPlR8GYLjA8ApfpdmxTgX1cKdaXMorr5Bpu9a9nXweACtNDCuR8CAwEA +ATANBgkqhkiG9w0BAQsFAAOCAQEAQvUXCtrXXCwfrwSZ6dnWTAzWy6xtDUwPsDoY +Nqto0l+O2eATomS/cjN/hsIm2EBcrzgLWyIw3IhPX3OwC2C5ML6NuVSe+S3I+9EH +SVYWeo/yfsTAm770LadM3uvM1f5vq89lFfarH+0fXQlKZao+XFWvIdnqLE7U+Tdw +hBL1mfuJ0Oud0mK2A0MP53IiFlhYo3y47vH9dnNdMQiCaHibnIg+U7h2DqSeNpV/ +9RjVMvsIVByJjnOAE5k5Mnm6wQCq06sFptEn+yKVaC/BelqSc2reDrTFyJ/mToto +0iNdPBZUAt2QEk77LKU7Qka7Z+a7G/aUdTCRKM2h224dvtu++A== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ev_test_state_only.pem b/pki/testdata/ssl/certificates/ev_test_state_only.pem new file mode 100644 index 0000000000..48f154b6f6 --- /dev/null +++ b/pki/testdata/ssl/certificates/ev_test_state_only.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 08:e7:72:d8:3b:cb:68:18:0b:32:f6:09:9f:39:d9:79:bd:af:c7:e0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, O = Test Org + Validity + Not Before: Oct 3 17:20:32 2022 GMT + Not After : Oct 2 17:20:32 2024 GMT + Subject: C = US, ST = California, O = Test Org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:1f:f6:07:e1:9b:b1:eb:c6:5a:45:70:e2:80: + c0:71:48:d3:2e:d8:1e:38:a0:4a:5e:d0:28:d0:81: + e8:3d:ec:bf:c9:94:c2:e8:1d:7c:c2:fd:30:e6:d3: + 72:f3:e5:83:95:df:ba:94:82:db:7b:c7:af:2e:c4: + 6e:96:fa:8b:75:7c:78:33:3b:69:8f:89:aa:68:14: + e5:d8:a8:22:51:85:90:65:9b:98:27:8d:f0:a7:ad: + 3f:b0:46:47:67:8c:a0:6f:65:de:c4:5c:f0:e3:4c: + ed:d4:63:21:dc:d4:77:f6:98:40:95:f3:38:c7:12: + fe:5a:b0:0e:78:3d:c4:ea:c6:b8:56:51:55:9f:64: + 08:22:63:a1:52:01:7c:a5:95:b4:17:61:27:a0:e0: + aa:28:df:21:22:c5:22:66:e9:a8:0e:7a:81:d1:c0: + b8:8d:95:17:9a:71:2c:67:2d:ef:51:cf:31:3b:19: + e2:b0:5f:3f:05:41:ac:7c:ee:4b:64:db:0e:56:97: + 93:f5:ce:9a:62:28:ef:e9:a2:15:91:10:0a:a6:67: + 08:ad:e3:e2:b4:9e:50:d7:c2:52:76:0d:ca:a4:36: + 8b:0b:41:f9:0d:c6:13:cb:6b:97:52:f3:02:19:aa: + 4f:96:83:9f:c6:ff:60:ef:ca:4e:59:ba:cd:c1:56: + 1e:55 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7a:50:d2:45:b9:8c:3c:1d:90:a4:fb:cf:15:fd:88:76:39:ed: + 9d:70:d5:81:58:1f:eb:ad:2f:dd:5d:cd:3b:be:bb:90:0f:5b: + c9:89:8d:d4:43:60:a9:2e:c1:38:f0:11:44:ab:c6:89:21:d3: + 46:75:1a:d9:bd:95:15:09:a0:82:b3:e2:86:e9:30:c1:41:4f: + 56:6c:3f:2d:b7:f8:15:7c:2e:67:b1:91:41:2b:63:77:2c:8e: + ee:66:00:c6:1f:5f:d2:38:49:2a:f3:38:6c:42:c6:26:b7:36: + a8:63:ac:89:ef:46:0a:c3:79:fd:b9:94:d9:37:7a:c2:2d:33: + 61:2b:6d:58:33:cb:bd:98:3c:70:37:e5:12:b9:b5:7a:8f:85: + 73:f5:fc:6a:7e:06:8c:91:2d:97:db:84:f6:ba:9f:39:5f:84: + f8:37:73:0f:29:35:bb:0c:bd:49:6e:b3:67:4c:f2:e2:c7:7b: + 27:45:78:19:fa:2b:ba:f8:fc:ce:31:9e:b5:91:61:27:b7:01: + 5f:ac:7a:41:c0:5b:da:f3:cc:72:21:3a:11:dd:08:8b:c3:d2: + d3:1e:6d:0e:e0:e9:3d:8b:aa:67:a2:6f:c6:02:ac:e8:b2:7e: + 69:60:e2:7e:40:56:32:d6:76:42:ed:e5:56:db:07:e6:4f:39: + 74:3f:de:8b +-----BEGIN CERTIFICATE----- +MIIC8TCCAdkCFAjnctg7y2gYCzL2CZ852Xm9r8fgMA0GCSqGSIb3DQEBCwUAMDUx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhUZXN0 +IE9yZzAeFw0yMjEwMDMxNzIwMzJaFw0yNDEwMDIxNzIwMzJaMDUxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhUZXN0IE9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQf9gfhm7HrxlpFcOKAwHFI0y7Y +HjigSl7QKNCB6D3sv8mUwugdfML9MObTcvPlg5XfupSC23vHry7Ebpb6i3V8eDM7 +aY+JqmgU5dioIlGFkGWbmCeN8KetP7BGR2eMoG9l3sRc8ONM7dRjIdzUd/aYQJXz +OMcS/lqwDng9xOrGuFZRVZ9kCCJjoVIBfKWVtBdhJ6DgqijfISLFImbpqA56gdHA +uI2VF5pxLGct71HPMTsZ4rBfPwVBrHzuS2TbDlaXk/XOmmIo7+miFZEQCqZnCK3j +4rSeUNfCUnYNyqQ2iwtB+Q3GE8trl1LzAhmqT5aDn8b/YO/KTlm6zcFWHlUCAwEA +ATANBgkqhkiG9w0BAQsFAAOCAQEAelDSRbmMPB2QpPvPFf2IdjntnXDVgVgf660v +3V3NO767kA9byYmN1ENgqS7BOPARRKvGiSHTRnUa2b2VFQmggrPihukwwUFPVmw/ +Lbf4FXwuZ7GRQStjdyyO7mYAxh9f0jhJKvM4bELGJrc2qGOsie9GCsN5/bmU2Td6 +wi0zYSttWDPLvZg8cDflErm1eo+Fc/X8an4GjJEtl9uE9rqfOV+E+DdzDyk1uwy9 +SW6zZ0zy4sd7J0V4Gforuvj8zjGetZFhJ7cBX6x6QcBb2vPMciE6Ed0Ii8PS0x5t +DuDpPYuqZ6JvxgKs6LJ+aWDifkBWMtZ2Qu3lVtsH5k85dD/eiw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/expired_cert.pem b/pki/testdata/ssl/certificates/expired_cert.pem new file mode 100644 index 0000000000..0918e4675e --- /dev/null +++ b/pki/testdata/ssl/certificates/expired_cert.pem @@ -0,0 +1,113 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDRq7weUiGT7XM +lZAosAKK0m8PeYfDwrrz6wqTSmXpJS8BzINzyIBa6zoIETKvhcG84QeDdAoCAft9 +nV6uPLxzzmuRhWwiAarYIuSg7qiiNgD66IjA05sWPMHBuWSD7Eb2UyxLCME9kxH+ +LFcxDGBOrTf8NSKpr7hMaZkhpY8MyKqWKbaF1oXUH7CqQ+95HDgc2a05d9+xV2cy +EVTTG8VAvf8j0nVSxCcSrOfqH9+v488diuGdJqxt7yH3jvX9BfqzKlUEv7J2GIiB +F3zztOZUj8RLzbLy18eKMeCfjxjzxnxYmfT6chQadzaAUwxHlPSKskKIuFj8T/Fl +G4EBfabrAgMBAAECggEAOq5M97qajrH5Ycc4EOIDgZAHC9FreOpVn+LrxKNAyLUB +0TqR7gM8fxXc1HvGjXRWadn9lgUS1NOfrXnS7+0UfIB1Vr+PZRC3NEgYCDxvtH8i +AERMhBWSrzYGy55YlEQ2duM7ljjFSSme6JCOixC7CCmJf2LATdmeOmgpOjE0MZS9 +Cz6W1AEw949YIsNCyBuG54Pf50RR/uwk8a9bctOlL7fmMoHETslgmwVYHGoY2TQH +WsLHcjEpVPmyigbkGQs6xteCeKLo+SN+3cdlzZVkhrRm85zXoY9Fk08Ll21cRHOF +waGoGg9GYQDrE1aWXKZqMoAL26TvsFa4KRUcm7/ZEQKBgQDsBRjBzhprehSVaFeM +8JXL0DKAk8bLm+kFo2CoLmNphUNk43q7MnfM1Dp3HM4UEq2AIA8oKtrI1aqc7ChT +JDMKA57nNQ1SSlFhnR0maFRD32h8BlFW6qNpl1S0vh/clDT3keTXVXpiNtV4z0uL +r5kKE/j4ya91nJRoFuZZaQz0hQKBgQDTzpuTN+dMcI2r1GcTA6wonRshypRi8d1K +DsBPcGX/SuT8iyorGvJh1IG9FSYM+0liN99fA3xu3PC8NyL2WkaN+KWKJaCf0BqN +fLYZb9s2b4ae3qrTzGyIjS26DmX1ZuBkp2nvCLqlfBDaukn03ZiRQOe9zeUmYS7h +x0nnp+CArwKBgAzQQgXTkK+hExkBby9hqGBGT1eXrkVDk6UQt6Cp1A/Ygk4p43Hi +TYq7QulQkQeZ8/1uwCPoH7SjlP2r/Ix2/KZgh/H5eV2sVzq7cuew5lJBAMUq+qOD +XZfP9XNSlxw8l5uROiFOrLREUdabOni88cwQRYYMPRBfjdcQ1zSndWKZAoGBAIBy +i2Z8QIjauQ+7f8bIM19t50ZW1CYtB0YiK/4A69omUTfWLXx2mwc5GHTSnoDA43/s +4kl8k7mnw1ZhGZLMrHzsjXd52i8QxQmI1+YVL5uThtBRuMc48ZjeBR0QHkT0XqCr +5lJPuOEinBYJY1BcEmoEMoWol47u4L+LXAZgiIWBAoGAEm+mJyT22ajB4JK+Zizm +qyY2YF9+XU4aRN+zuAYX6yVulK6wLF4g3YWEEP2YdFICMZa7AbuQK9t6RXMXH9/C +n64w/TBNvihKkAb9NqFFjqAE1DqTPeeusoaJ7kHfdF12F7bUNFbvixk+x8bt9CQC +9p8zmBjX4cGflRSpat09lr4= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:65 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Jan 1 00:00:00 2006 GMT + Not After : Jan 1 00:00:00 2007 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:46:ae:f0:79:48:86:4f:b5:cc:95:90:28:b0: + 02:8a:d2:6f:0f:79:87:c3:c2:ba:f3:eb:0a:93:4a: + 65:e9:25:2f:01:cc:83:73:c8:80:5a:eb:3a:08:11: + 32:af:85:c1:bc:e1:07:83:74:0a:02:01:fb:7d:9d: + 5e:ae:3c:bc:73:ce:6b:91:85:6c:22:01:aa:d8:22: + e4:a0:ee:a8:a2:36:00:fa:e8:88:c0:d3:9b:16:3c: + c1:c1:b9:64:83:ec:46:f6:53:2c:4b:08:c1:3d:93: + 11:fe:2c:57:31:0c:60:4e:ad:37:fc:35:22:a9:af: + b8:4c:69:99:21:a5:8f:0c:c8:aa:96:29:b6:85:d6: + 85:d4:1f:b0:aa:43:ef:79:1c:38:1c:d9:ad:39:77: + df:b1:57:67:32:11:54:d3:1b:c5:40:bd:ff:23:d2: + 75:52:c4:27:12:ac:e7:ea:1f:df:af:e3:cf:1d:8a: + e1:9d:26:ac:6d:ef:21:f7:8e:f5:fd:05:fa:b3:2a: + 55:04:bf:b2:76:18:88:81:17:7c:f3:b4:e6:54:8f: + c4:4b:cd:b2:f2:d7:c7:8a:31:e0:9f:8f:18:f3:c6: + 7c:58:99:f4:fa:72:14:1a:77:36:80:53:0c:47:94: + f4:8a:b2:42:88:b8:58:fc:4f:f1:65:1b:81:01:7d: + a6:eb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + F3:9E:DE:55:DE:AD:DA:14:A3:B8:AA:E5:3A:D3:84:E6:88:B1:7E:C6 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 36:3c:43:bc:10:33:eb:68:3a:c5:9c:24:4c:b4:ce:59:6f:88: + 13:02:e4:a4:31:e4:f2:8d:cb:b3:f1:bb:56:a3:c5:bb:f9:e9: + 28:3b:88:97:c4:4a:fa:79:df:23:60:8b:7f:32:14:21:43:de: + 60:87:21:e9:de:9a:b6:42:8c:e5:fc:c5:bd:f2:08:f8:3a:82: + 00:b7:ed:14:3a:76:c1:4b:ca:6d:17:32:27:e3:4e:32:d7:08: + 17:03:79:77:3f:81:a1:39:c9:d3:4e:32:83:65:18:ca:f7:fb: + 1a:6c:54:27:2c:e2:1e:82:dd:c1:ef:a9:cf:01:d7:4e:e2:ca: + e1:2e:3f:64:7d:ce:4a:45:22:60:c3:cf:bd:96:91:54:99:9b: + 99:12:d7:1c:7d:3e:54:8a:00:f7:00:c4:e9:6b:61:2b:87:f0: + 6a:51:c0:62:ce:24:58:6a:af:bb:76:34:cd:6a:25:84:94:2b: + c2:66:9f:e2:50:f6:d0:6a:1b:6a:be:de:ed:db:ce:69:1b:17: + 87:91:36:46:8d:cf:6a:82:38:06:b2:99:c4:da:10:17:77:90: + 15:e1:c0:78:76:72:fd:12:65:06:1e:b6:26:eb:bb:99:a4:42: + b3:ef:14:73:2d:5d:03:ee:f7:b4:17:9d:c6:18:dd:71:d3:81: + 88:11:ba:7e +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwmUwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0wNjAxMDEwMDAwMDBaFw0wNzAxMDEwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDRq7weUiGT7XMlZAosAKK0m8PeYfDwrrz +6wqTSmXpJS8BzINzyIBa6zoIETKvhcG84QeDdAoCAft9nV6uPLxzzmuRhWwiAarY +IuSg7qiiNgD66IjA05sWPMHBuWSD7Eb2UyxLCME9kxH+LFcxDGBOrTf8NSKpr7hM +aZkhpY8MyKqWKbaF1oXUH7CqQ+95HDgc2a05d9+xV2cyEVTTG8VAvf8j0nVSxCcS +rOfqH9+v488diuGdJqxt7yH3jvX9BfqzKlUEv7J2GIiBF3zztOZUj8RLzbLy18eK +MeCfjxjzxnxYmfT6chQadzaAUwxHlPSKskKIuFj8T/FlG4EBfabrAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTznt5V3q3aFKO4quU604TmiLF+xjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEANjxDvBAz62g6xZwkTLTOWW+IEwLkpDHk8o3Ls/G7VqPFu/npKDuIl8RK+nnf +I2CLfzIUIUPeYIch6d6atkKM5fzFvfII+DqCALftFDp2wUvKbRcyJ+NOMtcIFwN5 +dz+BoTnJ004yg2UYyvf7GmxUJyziHoLdwe+pzwHXTuLK4S4/ZH3OSkUiYMPPvZaR +VJmbmRLXHH0+VIoA9wDE6WthK4fwalHAYs4kWGqvu3Y0zWolhJQrwmaf4lD20Gob +ar7e7dvOaRsXh5E2Ro3PaoI4BrKZxNoQF3eQFeHAeHZy/RJlBh62Juu7maRCs+8U +cy1dA+73tBedxhjdcdOBiBG6fg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/foaf.me.chromium-test-cert.der b/pki/testdata/ssl/certificates/foaf.me.chromium-test-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..da0afc624c6931a74c447994809b75b073edb4a2 GIT binary patch literal 990 zcmXqLV!mb2#O%C)nTe5!iHY^H0WTY;R+~rLcV0$D7FGs>LPKr?PB!LH7B*ofcPB%B zpgfSnAZ)K0^qvs9f4^f7}VN#W5K@8(y&IN?ynQWkmW=zOi8hvoDt4`%K^ zkQ1XN7j-LP^3v^%2Wo=F|F27RT2SAwda-?~j`J#ML)D-w$I{)|jyPRQzQ(vsbl&+@ R*0;};etqxEHhbZ5Rsh9oSo{D0 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/google.binary.p7b b/pki/testdata/ssl/certificates/google.binary.p7b new file mode 100644 index 0000000000000000000000000000000000000000..052e3885ef9e2980022ec2964fc4a2ca3b9281f6 GIT binary patch literal 1661 zcmXqLVyk51)N1o+`_9YA&a|M3Ez6*ZEscqh(U8G_8zI98l<_fWVpcS0V(MDJ%*4pV zB%ptP&$o3GgL3(2ExzwyVmHfx7p|U>m6gH3$B^5AlZ`o)g-w_#%F$5OKpDj05|# zv@igJC~;mxLlD=<*woV0GRhzW$+pm7Ltz6!kTD#>T+WF(nQ8e&d6|hYv)M&>ee+B6 zN)j{k6v8r7%VCPSM7Z4Z^V4%u6+H8j4aE&a!447OD=#nCO9xBnCFkcFG|or%DI+Tb zb7L=qL1QOVVPC& zjZX}CfX8fY)jT%g{jno&|xV5P60T$H0%0*(=o@AM&| z4h(c>M?IjFfd)vQDvP3lJR65L8!%$onHk|MCN|E5HV?+OA5JWc21PJoMn;x2gA@ZL z7~g=gO$=&TesXaEl5GZda5YSAMo=}N;6`##QEEYcab`(=Q63md8oeY{LG61 z|20()n3;(h2Nmoy?4SRl{<$De@BWqrPErk>8w?{H+2etkL>ZV#dLWsE#eji<3C)!T z@u*1^n$Wm}`NC3*GJ`YI^K?K7P|wiZz!a1MxrOzda}tY-6^s=EN|SOjlNADrGIJA) zDixeli%K%nGLsWaGV}8k97{_w@{2M{D#3Zh#K6?h7?D>%Tq9Usp>EE^mmjWNPQTDA zTEFhB;lEnhi3{zy3vJe%Ig#=^`Hzt|`;@);4ZHLovP?c;{D;$6`6YLWcHt4`W0%f8 z(*MeteD=S`QilBxo`3Gxu4{B}hS@W&wG7oqQoO8NN|`?uOseHe`l`4()2zj?bi$AQ z$8$QQ*{0TKy7^gH zfF&9mu*86+W?%}22!T_-ASm@Oku{Julr#_r#R#*o05A&55=&Bj5|dJMjCBo74Gcjh z$+Kt~Xc(w1P+6eVrht^c%777D42)QC4l77bGzMoaBUs`GTBl~9LR5w^0a>HU0?foP z%{a0n8y6&Jx-xPwq9s63HVIvm{OaDqyO$=!&*wf@wof>)fAURM?Gw`F-fJ@h7QVZ8 z=kIOymoF@*+*u9GcWnDtHx?XO@%B})$=mmG!8h5ChiPAo`Es$VZ;SRu^9ddtPO3-k zx=z=>&S$xpd$eTH_eC|;2{z?t`ObMT)idgEn{EC;OUvxe)z)ikp4x}xPm^O^zmUO@ F0RTF@5l;XB literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/google.chain.pem b/pki/testdata/ssl/certificates/google.chain.pem new file mode 100644 index 0000000000..e78af71619 --- /dev/null +++ b/pki/testdata/ssl/certificates/google.chain.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBM +MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg +THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wOTEyMTgwMDAwMDBaFw0x +MTEyMTgyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw +FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA6PmGD5D6htffvXImttdEAoN4c9kCKO+IRTn7EOh8rqk41XXGOOsKFQebg+jN +gtXj9xVoRaELGYW84u+E593y17iYwqG7tcFR39SDAqc9BkJb4SLD3muFXxzW2k6L +05vuuWciKh0R73mkszeK9P4Y/bz5RiNQl/Os/CRGK1w7t0UCAwEAAaOB5zCB5DAM +BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl +LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF +BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw +Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 +ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF +AAOBgQCfQ89bxFApsb/isJr/aiEdLRLDLE5a+RLizrmCUi3nHX4adpaQedEkUjh5 +u2ONgJd8IyAPkU0Wueru9G2Jysa9zCRo1kNbzipYvzwY4OA8Ys+WAi0oR1A04Se6 +z5nRUP8pJcA2NhUzUnC+MY+f6H/nEQyNv4SgQhqAibAxWEEHXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi +bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw +MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh +d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD +QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx +PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g +5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo +3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG +A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX +BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov +L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF +BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB +BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc +q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR +bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pki/testdata/ssl/certificates/google.pem_cert.p7b b/pki/testdata/ssl/certificates/google.pem_cert.p7b new file mode 100644 index 0000000000..ba80fb0733 --- /dev/null +++ b/pki/testdata/ssl/certificates/google.pem_cert.p7b @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGeQYJKoZIhvcNAQcCoIIGajCCBmYCAQExADALBgkqhkiG9w0BBwGgggZMMIID +ITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBMMQsw +CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk +LjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wOTEyMTgwMDAwMDBaFw0xMTEy +MTgyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw +FAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcwFQYD +VQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +6PmGD5D6htffvXImttdEAoN4c9kCKO+IRTn7EOh8rqk41XXGOOsKFQebg+jNgtXj +9xVoRaELGYW84u+E593y17iYwqG7tcFR39SDAqc9BkJb4SLD3muFXxzW2k6L05vu +uWciKh0R73mkszeK9P4Y/bz5RiNQl/Os/CRGK1w7t0UCAwEAAaOB5zCB5DAMBgNV +HRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3RlLmNv +bS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMC +BglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRwOi8v +b2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0ZS5j +b20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUFAAOB +gQCfQ89bxFApsb/isJr/aiEdLRLDLE5a+RLizrmCUi3nHX4adpaQedEkUjh5u2ON +gJd8IyAPkU0Wueru9G2Jysa9zCRo1kNbzipYvzwY4OA8Ys+WAi0oR1A04Se6z5nR +UP8pJcA2NhUzUnC+MY+f6H/nEQyNv4SgQhqAibAxWEEHXzCCAyMwggKMoAMCAQIC +BDAAAAIwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl +cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDUxMzAwMDAwMFoXDTE0MDUxMjIz +NTk1OVowTDELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5n +IChQdHkpIEx0ZC4xFjAUBgNVBAMTDVRoYXd0ZSBTR0MgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANTTZ9CNFX+uzTH+fR2RoT8LcTyszMhk+2P8MksHlL1v +gLov4QSTwDP8CTMj6Qt0K3HEA8bSzeIv9Qljzf9IpQC/4OfziLctMt6YNuYKrQB7 +xGRKO4R1A/Jwkn0OYvUhq2k2hDF1kPi/x2yIGwaVfMnlqN51oSx6aN/VyhyHWGAZ +AgMBAAGjgf4wgfswEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwEQYJ +YIZIAYb4QgEBBAQDAgEGMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBQcml2YXRl +TGFiZWwzLTE1MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24u +Y29tL3BjYTMuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov +L29jc3AudGhhd3RlLmNvbTA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIG +CWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQBVrGPq3qHd +0pBfnwvOdr4TUY+T2QUryBt3S61pUKHu3tz92wfp6DmU3KtyeS8Gv6uBcMSo7epT +NO3vHlPZBsdWK9Fc9NGKjrQrsTeQSAhCJcU+ist/628E0W3FdKL3onx7YDx3zQ7O +SAJ/AS+2mzfgKio23NWF1qzlP1Rvlh4Fr6EAMQA= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/google.pem_pkcs7.p7b b/pki/testdata/ssl/certificates/google.pem_pkcs7.p7b new file mode 100644 index 0000000000..49e2eec66d --- /dev/null +++ b/pki/testdata/ssl/certificates/google.pem_pkcs7.p7b @@ -0,0 +1,37 @@ +-----BEGIN PKCS7----- +MIIGeQYJKoZIhvcNAQcCoIIGajCCBmYCAQExADALBgkqhkiG9w0BBwGgggZMMIID +ITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBMMQsw +CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk +LjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wOTEyMTgwMDAwMDBaFw0xMTEy +MTgyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw +FAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcwFQYD +VQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +6PmGD5D6htffvXImttdEAoN4c9kCKO+IRTn7EOh8rqk41XXGOOsKFQebg+jNgtXj +9xVoRaELGYW84u+E593y17iYwqG7tcFR39SDAqc9BkJb4SLD3muFXxzW2k6L05vu +uWciKh0R73mkszeK9P4Y/bz5RiNQl/Os/CRGK1w7t0UCAwEAAaOB5zCB5DAMBgNV +HRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3RlLmNv +bS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMC +BglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRwOi8v +b2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0ZS5j +b20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUFAAOB +gQCfQ89bxFApsb/isJr/aiEdLRLDLE5a+RLizrmCUi3nHX4adpaQedEkUjh5u2ON +gJd8IyAPkU0Wueru9G2Jysa9zCRo1kNbzipYvzwY4OA8Ys+WAi0oR1A04Se6z5nR +UP8pJcA2NhUzUnC+MY+f6H/nEQyNv4SgQhqAibAxWEEHXzCCAyMwggKMoAMCAQIC +BDAAAAIwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl +cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDUxMzAwMDAwMFoXDTE0MDUxMjIz +NTk1OVowTDELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5n +IChQdHkpIEx0ZC4xFjAUBgNVBAMTDVRoYXd0ZSBTR0MgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANTTZ9CNFX+uzTH+fR2RoT8LcTyszMhk+2P8MksHlL1v +gLov4QSTwDP8CTMj6Qt0K3HEA8bSzeIv9Qljzf9IpQC/4OfziLctMt6YNuYKrQB7 +xGRKO4R1A/Jwkn0OYvUhq2k2hDF1kPi/x2yIGwaVfMnlqN51oSx6aN/VyhyHWGAZ +AgMBAAGjgf4wgfswEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwEQYJ +YIZIAYb4QgEBBAQDAgEGMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBQcml2YXRl +TGFiZWwzLTE1MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24u +Y29tL3BjYTMuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov +L29jc3AudGhhd3RlLmNvbTA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIG +CWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQBVrGPq3qHd +0pBfnwvOdr4TUY+T2QUryBt3S61pUKHu3tz92wfp6DmU3KtyeS8Gv6uBcMSo7epT +NO3vHlPZBsdWK9Fc9NGKjrQrsTeQSAhCJcU+ist/628E0W3FdKL3onx7YDx3zQ7O +SAJ/AS+2mzfgKio23NWF1qzlP1Rvlh4Fr6EAMQA= +-----END PKCS7----- diff --git a/pki/testdata/ssl/certificates/google.single.der b/pki/testdata/ssl/certificates/google.single.der new file mode 100644 index 0000000000000000000000000000000000000000..f73df1704f0a6b11dd439370caab73e802e268ea GIT binary patch literal 805 zcmXqLVpcS0V(MDJ%*4pVB%ptP&$o3GgL3(2ExzwyVmHfxmyJ`a&7D}#ZL zA-4f18*?ZNn=n(9qoJySGKj+^EEAHESYDE<;GCaVT$)ponU}7h5l~X8so+zRqGu>( zAOcdxEX)g47VPe<;OuB1C(dhNX=r3pDloD*|0)AEb*G818Dvy1Th=9lJ`BxdF*gk`3d!xVFgaJlE_r{|<9c;+P=iW`W6 z9U{V4US6)34wleM&d)VyoR92NMpg#q#$E=4#!jZjMurzZ+xRE^YP)`aZ;{%z>n=>q z6~#B1G~Rc(TK*PzQL}EP#nsYd7O%NP*=IMuINNmf@psV-*M;1Yt$QB5Z+U+A)Ab!Q z4lUfh^&rihzk7bV zDF;mdyylOJn|6%#c2_25Mh3>kjn54lpBV4}oi8iQ$oQXy$$-JY48)UX(KpaF&|aXq zK)p>hqokz3N?$*@C`YdZ93vp#=|e&t80gN9dO#@y4Uj%n7DWSjHV$nzV8pUBGs0O+ zY@7*g9*k{2oLCqQieSQwj4WveDF#X~z5!#K7}T=-D}zCeA-4f18*?ZNn=n&oFpR?? z%;X}4=$>||Zwcd_ltj~ zZjYSgc2h6@O5Y<+otMj&GB~e0)|kJ*WFBjM_T=MBe>5NYCvxu8_n9q6E*F~2R+L$} zVPV-BVdd?AtF0Wj8#L@J3Hb2rtYv;%0eBBZ1_C$2j z-M0bKDPbA=*FFuh($(v-PG(|eWMEv}#As;H#Hb67NLgVPCIbcoT{g~yHV?+OA5M(C zEDBj;o6%q zH)pf0F8ClIeof^{he6|dki0TW<8p(>B@H6yKLv+}rkrqjIODBHE}Y$s&_XG+8%M#Kp5m;RTdrtE;bHrHega`XJ#_s1_|=BurM>RHz3C;Fe5Mn zBh#-tYGK9W5Z4Q~zmHs5b9`&{BhTmawa%$XKUaG5-swPN$L^Bw=_gLI?AkH?zU_%L zxl&Pv+qd#pGInNgnQp3TKghdmm)ZZehfDNDLN@u`>2UGl`W5)$`m&dQT`e_SO^3ufGVG2Vx~*Vlz{|#|)#lOmotKf3m6gFD z$B^5AlZ`o)g-w_#G}utgKm^3$5a#twEG|w=&L}NTEh#BB)HBcliE|07qKGSa<`tJ@ zmXwyHD&(grgrp{CLb(QwE9mJQLrDX1kSm#m1zZx#GE)>B6`WG@vJ!JM^9-^;RX4yTrI`SR`$2DHm^quVU)Oq8l^L_iDd5BIo*YD# zH2L`LcL8oQZP;V}taz|{)A7}FjxgjLn{+g1@7{l!6$g!Nf7(e0`_C3;bmQdzUUqvE z--TxWj-yu&&w3H2*y*jC*nP}InRoxE&0Zp67kv({V!B+sxAx&2!*g{fzp_s0kooRY zt>;$qrRK#Hqj{}&&!|dBm@hna(>7CJPtm)hny+e&kGTeD1T8qw9G`E}yrSUzWLcF@ zN|vlaqKQRG_RGC(ehVk}K7IYo)!Y1s@te~fj@4|N5)ZskGuiz3`rflYGlPFkI?Tk( z$iTR`aiKxuJa7V&6=q>FU@#D5<4kDtU~K#0#K_3P!py|F02t8Bp|Ywhprps4%?3=B z?94217Lx%tNSYt4_5nmKABz}^h}Qa*wf5WJP4`jU%$v)>xVmieyBY&ykXm^b9Rn=` zjRk58RN9m>N=gc>^!1Yy^>Q;y^ioqwflPfMGZ~yL^^%KnkYf>;BbXZ-86>Q-SZs3g zni@p{9R4@^ZGCoprI7uHNAkKk>sPLdo@z29@r~m|yG^1uw;lX*)PDZ5JKOSB&9vP* z^Ylfor!K!MR6P~=++}(c>`FFoEjF>8c&;wRCa70=Z%EoZ8NK+;c9%~XR43Y+9sSLE ckF&Z~=1Ot=g_RG3Zd+Yay0`j`{jcn603TsZ6aWAK literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/multi-root-A-by-B.pem b/pki/testdata/ssl/certificates/multi-root-A-by-B.pem new file mode 100644 index 0000000000..451345d70b --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-A-by-B.pem @@ -0,0 +1,109 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApBiGPwljnNTABkWlkX/np7g9x/8N6Dn1QyenRCo7UwPjzRMj +Rl/gJ/CjeiWCsFK7A0+Z4ywbb1QFD39PdPmtsoiFQ2MGrJHxGbfaekJoamil4AJE +I+vRBQ09WDHuuiCeFhH1rrXDIcyE5xrSwox+RJM2vWwMBzXyTlc/s88hWv8WAulh +9MxKWiTaVfzG2kTWtypOMb+ggCRV7Vy8a4QSpAPMssLb7x4IvaO/7/w9Uzi5AIrW +QBrM8mqr50tnHK7/bUMSCMaXS3Pfhc8qpW7OIgLLY2w/AKo7sIeb1RMJMky9cXn/ +BLGajS2gCmXVHlPE6w4UwLnzj29ktB0Rp0DnYQIDAQABAoIBAGRqPXxFmpdV+Uvd +QrwOsQuJSwUfprr8/IDjuw+TaEocj0Hm/CcMdHb8Yo1Uduy/M4GLLHg/fWpa193r +4guK3ifqMuJRrrvbctZyE1fNW2gCMb8qo9f3bijROUDHDXcIjrSiuNz4jTgZlxp0 +55P1tS7xhwXTIGkpMeWOroSxs4+incyXj7yD5Wr9xk/01A+W463jPZM69aRzvOAb +mfxh67PYu6InLbTkNm3iWo7jXSEQbIFv6bPeboOXaxsa9Beo5NTPMaV7ex2mR0m0 +yvZStCXtvwu9wkgvyameX9L2eBJWaMdL9LM9S5LVNrkFngJTbCd+qSYBd4axQ1dP +nYhuv4ECgYEA2sSzTLywORnUyM4mRZnrQVakqaPy9AuZLIHHcs5mQifgezb99qm+ +GBQTV+xQwwPPPLLxuBICIlYUVl4TP82EUffRog0+eAPkqRuUv9jX8MTLFVzjicD/ +O2LTRW9wyvpu7wOKL2f6Tf+kYjBxKmHAxAZTncBsFkXOyjZDS4DIwdUCgYEAwAXZ +kpAtavvCmpwKXRFMVhMCRpmXthxXeSmm/piY/O16mHLQfR5zBJ3DNyKUKlyaX1YM +DNgZKXLiREJZtbgT+Z1aHAybRMFyr37VU0nSMGU5G/I6ysLYsc3iCI/gk6YHM7Xc +OgqZleJ0s+EGwDx9DeWhLrYWN4W6e0kudrB6CV0CgYBAaI8ddaQwe5FxOXh9H27r +ArZiF5ntDgkf2Gm/PFNRAOqPfEZTO/ByqF51kWbJs7Js/YY7Glo0f8FnGDV0oG5n +r52xp1KQBR1qSGuH/DC/e0ELXhjDsuWyN0tacw/zQr4sco9Zm7RPCIf+PKLkxnj5 +fZ9an49zE0RptoYjkZwJrQKBgE29EIxJWlnJestlCL0M176xC2bRn53Wc4NV3YmM +9cLP0aYONWGyBhaEWBfmI93Sh5y5FT/N7MHfBMNlqTPsRgn0LhrU77cyKd/qlSqW +5EU7dZdexXZ404mINE4LEXw05w2EPpgw2mTXvS9llnoVAvuxT0O969imhwyKYAkl +AQLxAoGBAKHMhs0tYdyWuH2J1zokddjOH0uGFkoZxhQmgVPC/WlTg05ClPVSNX5p +pZcX9Ouk+kvSb8UCWf/ovAwSN66Ri6AmbLt+W8Ibt9+Q9NMeb6XVppWaRTa2b9PX +WKNuu7TLrunx6XJw9NqXhAecreu7s4FMyn9GnhQ2H5LeJTb1C80D +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA - Multi-root + Validity + Not Before: Feb 28 23:46:47 2017 GMT + Not After : Feb 26 23:46:47 2027 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:18:86:3f:09:63:9c:d4:c0:06:45:a5:91:7f: + e7:a7:b8:3d:c7:ff:0d:e8:39:f5:43:27:a7:44:2a: + 3b:53:03:e3:cd:13:23:46:5f:e0:27:f0:a3:7a:25: + 82:b0:52:bb:03:4f:99:e3:2c:1b:6f:54:05:0f:7f: + 4f:74:f9:ad:b2:88:85:43:63:06:ac:91:f1:19:b7: + da:7a:42:68:6a:68:a5:e0:02:44:23:eb:d1:05:0d: + 3d:58:31:ee:ba:20:9e:16:11:f5:ae:b5:c3:21:cc: + 84:e7:1a:d2:c2:8c:7e:44:93:36:bd:6c:0c:07:35: + f2:4e:57:3f:b3:cf:21:5a:ff:16:02:e9:61:f4:cc: + 4a:5a:24:da:55:fc:c6:da:44:d6:b7:2a:4e:31:bf: + a0:80:24:55:ed:5c:bc:6b:84:12:a4:03:cc:b2:c2: + db:ef:1e:08:bd:a3:bf:ef:fc:3d:53:38:b9:00:8a: + d6:40:1a:cc:f2:6a:ab:e7:4b:67:1c:ae:ff:6d:43: + 12:08:c6:97:4b:73:df:85:cf:2a:a5:6e:ce:22:02: + cb:63:6c:3f:00:aa:3b:b0:87:9b:d5:13:09:32:4c: + bd:71:79:ff:04:b1:9a:8d:2d:a0:0a:65:d5:1e:53: + c4:eb:0e:14:c0:b9:f3:8f:6f:64:b4:1d:11:a7:40: + e7:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 28:6F:58:36:8F:1B:C5:99:18:5B:DC:A5:86:AF:89:F2:B4:3E:AF:51 + X509v3 Authority Key Identifier: + keyid:D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 07:8f:f9:c6:33:3c:bc:74:20:21:92:46:7a:c5:df:76:18:47: + 63:0c:5e:e8:f3:97:ec:37:83:0b:4d:a4:1c:6b:0b:a2:28:db: + 5c:17:d9:91:77:00:4a:db:46:f9:68:ec:2a:f8:b5:82:0c:00: + d1:88:0c:7c:b4:2d:e9:48:f5:a2:9d:a9:d5:bb:db:9d:56:96: + c5:6c:46:da:23:a3:66:80:a5:9b:93:d0:df:9c:00:75:ac:48: + ea:48:b4:22:ee:ff:db:eb:bb:8f:f0:de:16:a1:99:98:85:4c: + b3:66:dd:22:96:96:97:48:ae:8a:2d:e9:a5:1c:5c:d9:dd:31: + 3f:58:7c:bb:2b:db:86:6a:53:e5:af:6d:85:3a:ca:92:5d:56: + e2:02:90:d7:eb:98:0f:d8:ba:2a:d1:26:bb:82:5b:80:d5:2d: + 52:d7:40:4d:0d:0d:1e:fe:c2:89:be:e2:80:4d:cd:91:dc:f3: + fa:19:25:3e:ba:a8:cf:48:d3:b6:35:a5:96:6e:a5:12:d1:65: + 65:a9:92:6b:d0:fc:05:25:7c:fb:76:48:38:15:7e:4f:95:03: + b0:c3:55:89:bc:59:be:de:3c:fb:4b:5a:f1:3b:00:c1:03:59: + 6c:b3:8b:21:7e:84:75:30:19:8c:19:f6:99:40:ec:87:43:3b: + 89:d0:f5:6d +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQiBD +QSAtIE11bHRpLXJvb3QwHhcNMTcwMjI4MjM0NjQ3WhcNMjcwMjI2MjM0NjQ3WjBg +MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91 +bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAuMC4x +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBiGPwljnNTABkWlkX/n +p7g9x/8N6Dn1QyenRCo7UwPjzRMjRl/gJ/CjeiWCsFK7A0+Z4ywbb1QFD39PdPmt +soiFQ2MGrJHxGbfaekJoamil4AJEI+vRBQ09WDHuuiCeFhH1rrXDIcyE5xrSwox+ +RJM2vWwMBzXyTlc/s88hWv8WAulh9MxKWiTaVfzG2kTWtypOMb+ggCRV7Vy8a4QS +pAPMssLb7x4IvaO/7/w9Uzi5AIrWQBrM8mqr50tnHK7/bUMSCMaXS3Pfhc8qpW7O +IgLLY2w/AKo7sIeb1RMJMky9cXn/BLGajS2gCmXVHlPE6w4UwLnzj29ktB0Rp0Dn +YQIDAQABo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKG9YNo8bxZkYW9yl +hq+J8rQ+r1EwHwYDVR0jBBgwFoAU0I0fsrwplnPvDHrCpAaWz9WMMdswHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI +hvcNAQELBQADggEBAAeP+cYzPLx0ICGSRnrF33YYR2MMXujzl+w3gwtNpBxrC6Io +21wX2ZF3AErbRvlo7Cr4tYIMANGIDHy0LelI9aKdqdW7251WlsVsRtojo2aApZuT +0N+cAHWsSOpItCLu/9vru4/w3hahmZiFTLNm3SKWlpdIroot6aUcXNndMT9YfLsr +24ZqU+WvbYU6ypJdVuICkNfrmA/YuirRJruCW4DVLVLXQE0NDR7+wom+4oBNzZHc +8/oZJT66qM9I07Y1pZZupRLRZWWpkmvQ/AUlfPt2SDgVfk+VA7DDVYm8Wb7ePPtL +WvE7AMEDWWyziyF+hHUwGYwZ9plA7IdDO4nQ9W0= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-B-by-C.pem b/pki/testdata/ssl/certificates/multi-root-B-by-C.pem new file mode 100644 index 0000000000..98685b3418 --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-B-by-C.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C CA - Multi-root + Validity + Not Before: Jan 4 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=B CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ca:6c:54:ab:3c:54:33:6c:d7:04:c4:4b:c4:39: + 32:db:7a:49:e4:e1:e7:60:c7:35:33:08:59:ba:62: + bf:49:d6:05:1f:07:b8:b6:bd:38:2f:6b:a7:e5:8d: + de:79:27:d8:36:58:92:69:cc:db:8e:6a:89:b4:79: + ab:cf:98:53:08:12:17:9e:51:15:bc:e7:8f:e5:93: + d9:1a:2e:68:a9:93:3c:d3:7a:75:a4:5c:c2:fc:16: + 9b:ba:df:49:5d:73:65:ec:b0:cc:1e:ba:cc:98:39: + d1:4e:b2:d6:5f:e8:7f:24:1a:fa:56:b0:0d:33:46: + 22:56:4f:5c:f3:16:ad:55:8a:62:3c:bc:50:c2:3a: + 58:3e:70:4d:5a:df:99:ec:c7:a6:2c:8f:2a:a5:2e: + 11:b8:58:c5:d5:e8:43:2f:40:a5:20:80:32:2a:76: + 5e:06:07:48:6d:44:60:ba:21:72:61:e2:1a:ec:64: + 5d:72:72:f1:21:9d:04:2f:61:35:0b:2f:f0:c0:fe: + 52:b8:c4:41:9c:b6:13:58:21:81:e3:28:27:4d:6c: + 24:a3:20:fb:0f:9c:d4:4f:34:3a:d0:d1:08:84:c4: + 40:71:44:4f:e8:be:c5:1f:5d:1c:34:64:0b:6c:1c: + 24:fa:a9:83:49:c6:f5:4d:7f:63:c0:1a:a9:77:8a: + c0:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 1e:16:7c:d7:d1:ee:63:a9:a2:b1:87:2c:8b:1e:d3:cf:51:14: + ed:12:0b:ec:67:2b:7f:3b:0e:8e:3c:50:bb:d1:dc:3b:40:1a: + ec:44:30:c4:f6:65:c2:c3:5d:d8:cb:c2:6c:13:2e:5a:2d:76: + c6:6b:5d:65:a5:7e:c2:bf:cb:fc:b1:50:b0:43:47:fc:a3:7b: + 07:d1:77:50:4f:d2:53:98:8f:a2:00:97:13:d9:b7:83:2e:d9: + c4:2a:e6:b1:fc:2d:6c:ce:d1:61:73:aa:40:e0:ce:87:74:43: + a2:f7:b5:d9:5f:46:79:97:28:c4:de:15:60:3b:3e:3f:3d:1d: + 14:f4:87:ef:b9:08:09:2a:fb:d0:d5:1b:4f:77:f9:0d:c9:4b: + 23:32:1c:06:04:a6:83:aa:00:9c:70:c2:2b:01:42:1e:f6:d6: + d3:5c:f9:a8:b7:84:9e:44:12:9a:9f:a8:2a:89:56:69:a6:2f: + e9:ee:67:e9:7e:32:b5:ef:6b:4e:f0:12:23:fa:85:3e:03:59: + 94:db:88:99:04:55:c4:d1:df:df:c6:e2:fd:61:c5:f6:af:dc: + 4c:e4:52:8f:f2:c8:07:39:dd:99:33:49:85:1e:df:e1:1f:08: + 6b:e0:d2:1b:93:db:32:05:4b:39:ee:b3:f1:b6:af:18:07:a7: + 24:9c:1e:75 +-----BEGIN CERTIFICATE----- +MIIC9jCCAd6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQyBD +QSAtIE11bHRpLXJvb3QwHhcNMTYwMTA0MDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAc +MRowGAYDVQQDDBFCIENBIC0gTXVsdGktcm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMpsVKs8VDNs1wTES8Q5Mtt6SeTh52DHNTMIWbpiv0nWBR8H +uLa9OC9rp+WN3nkn2DZYkmnM245qibR5q8+YUwgSF55RFbznj+WT2RouaKmTPNN6 +daRcwvwWm7rfSV1zZeywzB66zJg50U6y1l/ofyQa+lawDTNGIlZPXPMWrVWKYjy8 +UMI6WD5wTVrfmezHpiyPKqUuEbhYxdXoQy9ApSCAMip2XgYHSG1EYLohcmHiGuxk +XXJy8SGdBC9hNQsv8MD+UrjEQZy2E1ghgeMoJ01sJKMg+w+c1E80OtDRCITEQHFE +T+i+xR9dHDRkC2wcJPqpg0nG9U1/Y8AaqXeKwEMCAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU0I0fsrwplnPvDHrCpAaWz9WMMdswDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAeFnzX0e5jqaKxhyyLHtPPURTtEgvs +Zyt/Ow6OPFC70dw7QBrsRDDE9mXCw13Yy8JsEy5aLXbGa11lpX7Cv8v8sVCwQ0f8 +o3sH0XdQT9JTmI+iAJcT2beDLtnEKuax/C1sztFhc6pA4M6HdEOi97XZX0Z5lyjE +3hVgOz4/PR0U9IfvuQgJKvvQ1RtPd/kNyUsjMhwGBKaDqgCccMIrAUIe9tbTXPmo +t4SeRBKan6gqiVZppi/p7mfpfjK172tO8BIj+oU+A1mU24iZBFXE0d/fxuL9YcX2 +r9xM5FKP8sgHOd2ZM0mFHt/hHwhr4NIbk9syBUs57rPxtq8YB6cknB51 +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-B-by-F.pem b/pki/testdata/ssl/certificates/multi-root-B-by-F.pem new file mode 100644 index 0000000000..bcaa0dab72 --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-B-by-F.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=F CA - Multi-root + Validity + Not Before: Jan 5 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=B CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ca:6c:54:ab:3c:54:33:6c:d7:04:c4:4b:c4:39: + 32:db:7a:49:e4:e1:e7:60:c7:35:33:08:59:ba:62: + bf:49:d6:05:1f:07:b8:b6:bd:38:2f:6b:a7:e5:8d: + de:79:27:d8:36:58:92:69:cc:db:8e:6a:89:b4:79: + ab:cf:98:53:08:12:17:9e:51:15:bc:e7:8f:e5:93: + d9:1a:2e:68:a9:93:3c:d3:7a:75:a4:5c:c2:fc:16: + 9b:ba:df:49:5d:73:65:ec:b0:cc:1e:ba:cc:98:39: + d1:4e:b2:d6:5f:e8:7f:24:1a:fa:56:b0:0d:33:46: + 22:56:4f:5c:f3:16:ad:55:8a:62:3c:bc:50:c2:3a: + 58:3e:70:4d:5a:df:99:ec:c7:a6:2c:8f:2a:a5:2e: + 11:b8:58:c5:d5:e8:43:2f:40:a5:20:80:32:2a:76: + 5e:06:07:48:6d:44:60:ba:21:72:61:e2:1a:ec:64: + 5d:72:72:f1:21:9d:04:2f:61:35:0b:2f:f0:c0:fe: + 52:b8:c4:41:9c:b6:13:58:21:81:e3:28:27:4d:6c: + 24:a3:20:fb:0f:9c:d4:4f:34:3a:d0:d1:08:84:c4: + 40:71:44:4f:e8:be:c5:1f:5d:1c:34:64:0b:6c:1c: + 24:fa:a9:83:49:c6:f5:4d:7f:63:c0:1a:a9:77:8a: + c0:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + b3:af:8e:08:79:4f:56:93:22:e0:3b:9e:1f:22:0d:5d:12:69: + 3c:13:26:4c:bb:41:9f:89:4b:b6:28:0d:85:37:75:c7:dc:e5: + b4:56:ba:3a:34:a7:40:30:ea:dc:7f:36:25:69:b9:c6:be:dd: + 04:89:6a:f0:5e:14:42:45:bb:fc:fc:be:e6:c3:a2:0d:80:26: + 30:11:df:21:54:cd:ea:59:25:5e:20:e8:2d:9d:97:64:fc:46: + 1e:cb:f8:47:9c:90:d9:8e:db:f6:92:ec:76:ff:33:a4:28:16: + 69:60:94:96:5b:e0:a0:32:ef:6f:8d:2a:06:65:67:6e:06:6a: + 35:9f:10:04:37:2d:67:ad:9e:c3:2b:2a:fd:cb:1e:0f:d6:6b: + 25:9d:11:eb:ae:a7:36:8b:b7:1c:11:7d:41:44:8e:37:07:03: + 54:8d:43:ef:19:af:48:75:9d:78:2c:24:32:ba:72:c6:29:fa: + 45:f9:9a:3b:59:9a:c9:2e:01:b5:9f:13:70:c9:dd:59:cf:8f: + 7b:a9:24:c9:dc:c9:b6:52:62:7a:66:7b:2a:60:ee:a4:36:e9: + 3b:95:04:31:fe:6a:74:e4:e2:3a:98:bc:70:26:1e:6e:03:9d: + f6:5c:3b:1b:5e:77:7a:01:71:56:1c:f9:98:e6:3e:ec:aa:c1: + e3:bd:35:36 +-----BEGIN CERTIFICATE----- +MIIC9jCCAd6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRRiBD +QSAtIE11bHRpLXJvb3QwHhcNMTYwMTA1MDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAc +MRowGAYDVQQDDBFCIENBIC0gTXVsdGktcm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMpsVKs8VDNs1wTES8Q5Mtt6SeTh52DHNTMIWbpiv0nWBR8H +uLa9OC9rp+WN3nkn2DZYkmnM245qibR5q8+YUwgSF55RFbznj+WT2RouaKmTPNN6 +daRcwvwWm7rfSV1zZeywzB66zJg50U6y1l/ofyQa+lawDTNGIlZPXPMWrVWKYjy8 +UMI6WD5wTVrfmezHpiyPKqUuEbhYxdXoQy9ApSCAMip2XgYHSG1EYLohcmHiGuxk +XXJy8SGdBC9hNQsv8MD+UrjEQZy2E1ghgeMoJ01sJKMg+w+c1E80OtDRCITEQHFE +T+i+xR9dHDRkC2wcJPqpg0nG9U1/Y8AaqXeKwEMCAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU0I0fsrwplnPvDHrCpAaWz9WMMdswDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCzr44IeU9WkyLgO54fIg1dEmk8EyZM +u0GfiUu2KA2FN3XH3OW0Vro6NKdAMOrcfzYlabnGvt0EiWrwXhRCRbv8/L7mw6IN +gCYwEd8hVM3qWSVeIOgtnZdk/EYey/hHnJDZjtv2kux2/zOkKBZpYJSWW+CgMu9v +jSoGZWduBmo1nxAENy1nrZ7DKyr9yx4P1mslnRHrrqc2i7ccEX1BRI43BwNUjUPv +Ga9IdZ14LCQyunLGKfpF+Zo7WZrJLgG1nxNwyd1Zz497qSTJ3Mm2UmJ6ZnsqYO6k +Nuk7lQQx/mp05OI6mLxwJh5uA532XDsbXnd6AXFWHPmY5j7sqsHjvTU2 +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-C-by-D.pem b/pki/testdata/ssl/certificates/multi-root-C-by-D.pem new file mode 100644 index 0000000000..ea171e2f23 --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-C-by-D.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=D Root CA - Multi-root + Validity + Not Before: Jan 3 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=C CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:c4:16:dc:07:88:ec:7e:a6:b3:25:c8:7b:9c: + e0:07:1e:40:a9:40:c0:4d:c8:73:27:ea:88:d8:58: + 1a:1a:12:e3:9a:62:41:4c:a1:e9:b1:ce:c6:b2:f6: + 3a:f6:89:3f:40:e6:0f:fb:15:4b:cb:d2:8d:8e:b6: + 44:aa:63:fa:3b:c5:cc:af:86:05:70:aa:ec:f4:b3: + 79:04:e6:3e:25:ec:ec:29:d6:c9:8b:7b:13:05:a7: + ff:51:5b:ab:4c:bc:d0:e4:bd:61:1a:d2:27:f1:2e: + 5f:f4:51:81:c4:23:ba:20:c3:14:08:b4:be:78:49: + b5:13:1f:69:fd:f6:a7:59:91:84:a9:99:10:c8:9c: + 63:9e:99:c2:f2:3d:61:9d:6a:6e:d4:26:9b:88:aa: + da:66:b3:0d:c6:99:03:16:13:3a:a4:9a:ff:08:3e: + 59:df:a7:44:b7:17:99:3f:63:7f:3a:05:7e:ce:64: + 78:34:e6:00:77:69:e6:03:24:a7:12:f3:e8:a8:50: + 2b:55:16:fa:6e:65:c6:28:58:82:a4:20:7e:68:22: + e9:81:9e:a2:e8:0f:d6:87:c2:73:dd:c2:0c:cc:a3: + 47:54:11:f5:3d:dc:51:52:57:b2:ce:77:8b:7a:ac: + a7:f0:2a:26:36:e6:26:b9:6a:83:da:b2:6f:c0:f6: + 1e:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:D1:05:98:4C:68:53:C2:DC:00:EE:AC:E5:A8:B8:FC:B9:72:D9:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 7e:5b:a7:f2:c7:15:33:73:ce:e4:1e:77:ba:35:8b:44:01:57: + b1:db:55:d3:54:95:c6:44:27:89:3f:e5:46:98:de:4a:7e:d9: + e7:6c:e8:0d:d5:e2:98:31:07:21:9c:bd:01:47:be:0c:e1:b3: + 22:1e:ea:da:d4:fc:b5:37:5d:94:de:06:9b:69:a5:77:22:d0: + 96:80:35:9f:02:a0:cd:41:35:b3:21:94:ca:9b:03:4f:68:18: + 5e:6d:0d:95:95:17:ab:bd:00:9b:d0:78:f7:38:5e:37:df:33: + 15:2f:3e:64:27:c8:67:5e:c4:14:92:08:90:55:34:8d:73:d9: + 66:0c:30:dd:42:ab:71:73:b4:26:28:b1:13:90:7b:0a:10:f2: + 7c:75:07:36:1f:a5:b6:a5:97:ac:20:c7:83:0c:15:cf:5c:34: + df:3f:8d:81:3e:c0:43:2a:ca:6f:c4:86:cc:2f:93:e1:5d:18: + 68:a4:bd:cc:5b:39:fa:40:fa:d4:a7:8b:7a:5d:b7:59:77:48: + 9b:ab:e0:71:b2:04:1f:79:ea:d1:cd:d3:24:52:5b:4b:21:2f: + 84:2e:b4:d6:87:1d:4f:fe:e7:6c:94:ff:d0:02:50:6b:bc:2a: + 1e:21:a5:ac:3e:73:b5:2f:ba:11:c5:6f:8f:f7:8e:eb:08:11: + 00:cb:e3:2d +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRCBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDMwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMBwxGjAYBgNVBAMMEUMgQ0EgLSBNdWx0aS1yb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAssQW3AeI7H6msyXIe5zgBx5AqUDATchzJ+qI2Fga +GhLjmmJBTKHpsc7GsvY69ok/QOYP+xVLy9KNjrZEqmP6O8XMr4YFcKrs9LN5BOY+ +JezsKdbJi3sTBaf/UVurTLzQ5L1hGtIn8S5f9FGBxCO6IMMUCLS+eEm1Ex9p/fan +WZGEqZkQyJxjnpnC8j1hnWpu1CabiKraZrMNxpkDFhM6pJr/CD5Z36dEtxeZP2N/ +OgV+zmR4NOYAd2nmAySnEvPoqFArVRb6bmXGKFiCpCB+aCLpgZ6i6A/Wh8Jz3cIM +zKNHVBH1PdxRUleyzneLeqyn8ComNuYmuWqD2rJvwPYe8wIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTj0QWYTGhTwtwA7qzlqLj8uXLZZzAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAH5bp/LHFTNzzuQed7o1i0QB +V7HbVdNUlcZEJ4k/5UaY3kp+2eds6A3V4pgxByGcvQFHvgzhsyIe6trU/LU3XZTe +BptppXci0JaANZ8CoM1BNbMhlMqbA09oGF5tDZWVF6u9AJvQePc4XjffMxUvPmQn +yGdexBSSCJBVNI1z2WYMMN1Cq3FztCYosROQewoQ8nx1BzYfpball6wgx4MMFc9c +NN8/jYE+wEMqym/Ehswvk+FdGGikvcxbOfpA+tSni3pdt1l3SJur4HGyBB956tHN +0yRSW0shL4QutNaHHU/+52yU/9ACUGu8Kh4hpaw+c7UvuhHFb4/3jusIEQDL4y0= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-C-by-E.pem b/pki/testdata/ssl/certificates/multi-root-C-by-E.pem new file mode 100644 index 0000000000..1f8b76c50a --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-C-by-E.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E Root CA - Multi-root + Validity + Not Before: Jan 5 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=C CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:c4:16:dc:07:88:ec:7e:a6:b3:25:c8:7b:9c: + e0:07:1e:40:a9:40:c0:4d:c8:73:27:ea:88:d8:58: + 1a:1a:12:e3:9a:62:41:4c:a1:e9:b1:ce:c6:b2:f6: + 3a:f6:89:3f:40:e6:0f:fb:15:4b:cb:d2:8d:8e:b6: + 44:aa:63:fa:3b:c5:cc:af:86:05:70:aa:ec:f4:b3: + 79:04:e6:3e:25:ec:ec:29:d6:c9:8b:7b:13:05:a7: + ff:51:5b:ab:4c:bc:d0:e4:bd:61:1a:d2:27:f1:2e: + 5f:f4:51:81:c4:23:ba:20:c3:14:08:b4:be:78:49: + b5:13:1f:69:fd:f6:a7:59:91:84:a9:99:10:c8:9c: + 63:9e:99:c2:f2:3d:61:9d:6a:6e:d4:26:9b:88:aa: + da:66:b3:0d:c6:99:03:16:13:3a:a4:9a:ff:08:3e: + 59:df:a7:44:b7:17:99:3f:63:7f:3a:05:7e:ce:64: + 78:34:e6:00:77:69:e6:03:24:a7:12:f3:e8:a8:50: + 2b:55:16:fa:6e:65:c6:28:58:82:a4:20:7e:68:22: + e9:81:9e:a2:e8:0f:d6:87:c2:73:dd:c2:0c:cc:a3: + 47:54:11:f5:3d:dc:51:52:57:b2:ce:77:8b:7a:ac: + a7:f0:2a:26:36:e6:26:b9:6a:83:da:b2:6f:c0:f6: + 1e:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:D1:05:98:4C:68:53:C2:DC:00:EE:AC:E5:A8:B8:FC:B9:72:D9:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 0d:37:a8:9e:12:c9:fb:45:a2:b9:82:07:4a:2a:34:d2:3b:1d: + 84:70:b1:4a:85:37:7e:64:31:45:c3:02:9d:32:4e:92:a4:97: + 72:ed:1d:f2:c3:26:c8:3f:90:e4:24:f4:6e:4b:33:71:98:bc: + 68:25:26:cc:de:c1:46:a6:a8:83:60:fc:6e:c0:72:98:8f:ce: + 38:6e:69:9d:ab:d1:5a:f0:a6:c8:07:a1:09:b3:8c:03:09:7b: + 44:62:73:15:85:71:5f:2c:0a:33:78:f2:a3:10:85:1e:6b:46: + d1:a5:f1:9c:13:ba:f7:95:41:a0:fb:de:c9:09:e1:72:a4:92: + ff:33:e4:81:25:10:af:90:17:79:df:54:ea:b9:87:0e:f8:6d: + 09:55:10:46:4c:87:36:37:2f:c0:86:03:ee:7a:b4:d3:27:22: + 22:d5:9c:2e:e6:38:f0:f4:84:5c:ca:b7:9b:4d:6a:1c:57:7e: + 24:07:35:13:a0:f9:d6:a3:aa:29:cb:e0:8a:b0:86:1c:41:24: + b1:ed:04:30:71:2b:99:d7:0a:a4:51:53:b1:76:2e:be:63:5b: + 7c:8e:d5:8f:fa:f3:99:58:7d:ce:30:07:5d:1e:ed:e6:bc:0a: + d1:a7:cc:17:94:e7:d1:67:07:7c:37:6d:3f:c2:8b:04:9e:77: + fb:5b:9c:2d +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRSBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDUwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMBwxGjAYBgNVBAMMEUMgQ0EgLSBNdWx0aS1yb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAssQW3AeI7H6msyXIe5zgBx5AqUDATchzJ+qI2Fga +GhLjmmJBTKHpsc7GsvY69ok/QOYP+xVLy9KNjrZEqmP6O8XMr4YFcKrs9LN5BOY+ +JezsKdbJi3sTBaf/UVurTLzQ5L1hGtIn8S5f9FGBxCO6IMMUCLS+eEm1Ex9p/fan +WZGEqZkQyJxjnpnC8j1hnWpu1CabiKraZrMNxpkDFhM6pJr/CD5Z36dEtxeZP2N/ +OgV+zmR4NOYAd2nmAySnEvPoqFArVRb6bmXGKFiCpCB+aCLpgZ6i6A/Wh8Jz3cIM +zKNHVBH1PdxRUleyzneLeqyn8ComNuYmuWqD2rJvwPYe8wIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTj0QWYTGhTwtwA7qzlqLj8uXLZZzAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAA03qJ4SyftFormCB0oqNNI7 +HYRwsUqFN35kMUXDAp0yTpKkl3LtHfLDJsg/kOQk9G5LM3GYvGglJszewUamqINg +/G7AcpiPzjhuaZ2r0VrwpsgHoQmzjAMJe0RicxWFcV8sCjN48qMQhR5rRtGl8ZwT +uveVQaD73skJ4XKkkv8z5IElEK+QF3nfVOq5hw74bQlVEEZMhzY3L8CGA+56tNMn +IiLVnC7mOPD0hFzKt5tNahxXfiQHNROg+dajqinL4IqwhhxBJLHtBDBxK5nXCqRR +U7F2Lr5jW3yO1Y/685lYfc4wB10e7ea8CtGnzBeU59FnB3w3bT/CiwSed/tbnC0= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-D-by-D.pem b/pki/testdata/ssl/certificates/multi-root-D-by-D.pem new file mode 100644 index 0000000000..7fd6fa9acf --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-D-by-D.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=D Root CA - Multi-root + Validity + Not Before: Jan 2 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=D Root CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:b2:8e:83:7f:3b:8b:0f:9f:71:37:18:78:d0: + f5:bc:07:ac:d8:eb:bf:f6:7c:c0:65:dc:00:bf:83: + f7:e4:5e:97:9f:db:24:e4:c1:f9:31:70:b2:51:44: + 2c:27:05:6a:1f:1e:35:9c:ea:c4:eb:f8:0a:c4:4b: + 14:30:89:e8:75:93:fb:96:32:bc:0e:64:ca:11:74: + 4a:ac:26:a0:9c:09:cd:6e:43:cf:6c:56:03:44:ab: + 53:81:66:8d:5a:ad:75:1b:31:23:9f:fd:5e:8c:10: + cd:e9:e9:05:80:41:5e:b8:f1:96:3d:5b:17:b2:e1: + a8:47:44:eb:82:30:5e:7a:fe:8f:11:bb:b8:31:8e: + 98:4c:a9:f3:2c:91:59:78:f4:63:1c:47:ad:6a:96: + 5e:87:39:f3:17:9b:d6:9c:e9:e1:3c:0e:ef:8a:d8: + 7e:c3:2d:33:d9:eb:26:29:1d:8a:66:ef:b9:8d:c3: + b1:51:3a:75:56:1b:b8:a9:08:e7:10:db:37:70:c4: + 6c:32:c0:e1:2b:f4:84:12:a5:cf:49:83:e1:5a:40: + ab:db:f9:23:c5:7d:c0:03:ac:0e:3e:be:7c:42:92: + fb:b7:71:91:37:04:92:4e:d5:92:31:cf:1b:cd:e4: + 27:e5:85:98:ac:20:95:5d:6d:4e:90:fa:c7:6c:2b: + fd:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 69:E7:FF:33:A6:6B:A0:AD:5A:F1:D3:15:4F:9E:F7:C5:16:2E:C4:B6 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 55:ec:3a:cd:87:dc:96:54:23:68:65:f7:a6:91:3c:37:f0:44: + 94:2e:2f:3a:af:2c:0d:f4:09:f6:52:69:4f:ad:ac:83:6c:76: + 76:72:2b:c0:48:ea:c9:76:c0:f5:7a:1e:73:ba:3c:f3:41:93: + b4:4b:a5:6a:a3:87:f5:c7:6f:e9:55:ce:e0:8b:8c:83:e6:f0: + e0:1c:e8:6a:8f:3b:67:b6:cd:35:6d:0b:1c:16:bf:38:fd:9d: + d8:95:a9:3c:b9:4c:05:19:71:f4:a0:2c:1f:83:18:5a:f3:5a: + ea:80:49:70:cc:49:84:63:7c:a9:4d:cb:1f:df:96:f2:c4:2c: + 2c:e8:b0:75:69:8c:a9:71:7e:27:6a:fe:22:c6:77:e0:77:f4: + 98:05:29:45:18:75:a3:f0:43:40:b2:8d:52:cb:2e:46:fb:37: + bb:c6:68:20:c2:2e:01:82:51:f0:00:3a:89:40:9b:ab:9c:c3: + 5c:f2:a3:3b:f7:00:98:4d:bd:a7:74:37:f6:74:c7:6e:42:4b: + aa:8c:cc:c7:85:b2:4b:78:cb:8c:03:7c:e5:85:75:32:a9:89: + 49:da:ed:3d:9e:5b:a2:c9:b2:2a:08:06:6d:cf:df:83:d4:a9: + 3d:e9:44:de:70:9c:43:e3:35:24:dd:85:ed:7c:37:4e:02:44: + d2:5d:7a:ad +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRCBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMCExHzAdBgNVBAMMFkQgUm9vdCBDQSAtIE11bHRpLXJvb3QwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0so6DfzuLD59xNxh40PW8B6zY67/2fMBl +3AC/g/fkXpef2yTkwfkxcLJRRCwnBWofHjWc6sTr+ArESxQwieh1k/uWMrwOZMoR +dEqsJqCcCc1uQ89sVgNEq1OBZo1arXUbMSOf/V6MEM3p6QWAQV648ZY9Wxey4ahH +ROuCMF56/o8Ru7gxjphMqfMskVl49GMcR61qll6HOfMXm9ac6eE8Du+K2H7DLTPZ +6yYpHYpm77mNw7FROnVWG7ipCOcQ2zdwxGwywOEr9IQSpc9Jg+FaQKvb+SPFfcAD +rA4+vnxCkvu3cZE3BJJO1ZIxzxvN5CflhZisIJVdbU6Q+sdsK/1BAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGnn/zOma6CtWvHTFU+e98UWLsS2 +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAVew6zYfcllQjaGX3 +ppE8N/BElC4vOq8sDfQJ9lJpT62sg2x2dnIrwEjqyXbA9Xoec7o880GTtEulaqOH +9cdv6VXO4IuMg+bw4Bzoao87Z7bNNW0LHBa/OP2d2JWpPLlMBRlx9KAsH4MYWvNa +6oBJcMxJhGN8qU3LH9+W8sQsLOiwdWmMqXF+J2r+IsZ34Hf0mAUpRRh1o/BDQLKN +UssuRvs3u8ZoIMIuAYJR8AA6iUCbq5zDXPKjO/cAmE29p3Q39nTHbkJLqozMx4Wy +S3jLjAN85YV1MqmJSdrtPZ5bosmyKggGbc/fg9SpPelE3nCcQ+M1JN2F7Xw3TgJE +0l16rQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-E-by-E.pem b/pki/testdata/ssl/certificates/multi-root-E-by-E.pem new file mode 100644 index 0000000000..4ccd307eda --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-E-by-E.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E Root CA - Multi-root + Validity + Not Before: Jan 2 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=E Root CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:14:71:12:fe:4f:36:78:5f:3a:b4:1e:d5:bb: + 22:92:3e:57:bf:4d:e0:cf:1e:a1:fb:19:6d:88:3a: + 59:93:79:57:42:bc:ab:7c:a0:0d:73:35:db:db:ba: + 80:ef:a9:80:5b:b0:90:f5:2f:ea:17:7d:2b:92:a4: + 5e:88:0a:16:f3:dc:f5:25:3d:7a:8d:8e:9b:e9:22: + 74:dc:49:6e:87:ff:67:ae:3a:b8:09:63:63:e7:c2: + bd:77:d7:1b:cb:93:c6:4a:1d:7b:51:25:05:31:cb: + 32:66:43:ea:2d:54:59:59:cd:de:d2:84:6f:d8:5a: + c1:5b:6c:2d:67:d5:57:23:25:a0:04:dc:45:64:02: + f0:de:1a:4a:62:c9:76:b5:f6:36:46:74:af:1f:18: + 6c:f7:38:cf:34:e3:e1:3f:ad:51:41:cf:92:ed:d5: + 27:f7:4a:e3:3c:d5:42:26:51:e3:b2:69:20:b1:1f: + 0a:f6:fd:19:3c:8e:98:94:64:eb:fe:e6:67:a0:12: + f6:78:98:0f:44:b8:24:60:7c:de:e2:67:b9:0d:6e: + 8c:06:80:43:8e:41:76:1d:09:40:0e:3b:e7:8d:0a: + d9:66:d7:34:6c:ce:7e:f9:25:6a:15:cf:9a:3e:ec: + 30:e0:a3:b1:d2:a3:b1:31:f1:62:50:5c:b4:fe:dd: + 54:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 15:FA:C3:A2:2A:E0:2C:25:C5:BE:D7:BE:91:51:DD:45:F0:F1:5D:64 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bb:14:68:d2:09:0e:65:58:4d:d7:35:a0:a3:9b:e6:b4:2a:b4: + 80:32:3e:61:6d:87:19:a6:a8:d2:01:78:cd:07:0b:09:a9:de: + 5f:aa:86:43:dd:6f:d6:e0:3b:ab:60:71:d2:f0:aa:8f:14:93: + 42:37:12:55:02:e1:a7:ed:8e:db:c0:83:10:19:f0:f5:1e:35: + 77:84:9a:c1:79:9c:60:39:6f:50:00:66:73:6e:f0:b8:f7:75: + 67:3e:fa:3e:0c:d0:d6:54:4a:ae:da:38:06:92:57:39:cc:d9: + b1:fa:60:5e:99:07:e6:97:3b:69:4d:e3:02:50:8d:60:76:8e: + 7e:e3:60:d4:65:41:9b:6c:b8:cc:b2:c4:7a:61:32:cb:67:49: + b4:76:25:0c:7e:20:85:24:74:0a:90:0a:ce:73:f9:8e:ba:ce: + de:6e:0a:cf:6d:1c:50:67:fa:a2:4e:32:d0:ad:91:35:5e:aa: + b3:75:7e:23:14:29:a8:66:2a:82:ed:6c:ed:a9:9d:f6:77:20: + 3a:e1:0b:ab:1e:ee:1d:8a:20:ff:7f:4f:36:5a:0a:30:5a:c6: + 9c:aa:53:eb:3f:04:28:8a:6d:70:97:2a:99:d6:0c:db:a5:22: + 0b:e5:6b:24:cf:6e:2a:c7:4a:6b:cd:82:8e:13:84:18:b6:47: + 1b:9d:8b:83 +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRSBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMCExHzAdBgNVBAMMFkUgUm9vdCBDQSAtIE11bHRpLXJvb3QwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAFHES/k82eF86tB7VuyKSPle/TeDPHqH7 +GW2IOlmTeVdCvKt8oA1zNdvbuoDvqYBbsJD1L+oXfSuSpF6IChbz3PUlPXqNjpvp +InTcSW6H/2euOrgJY2Pnwr131xvLk8ZKHXtRJQUxyzJmQ+otVFlZzd7ShG/YWsFb +bC1n1VcjJaAE3EVkAvDeGkpiyXa19jZGdK8fGGz3OM804+E/rVFBz5Lt1Sf3SuM8 +1UImUeOyaSCxHwr2/Rk8jpiUZOv+5megEvZ4mA9EuCRgfN7iZ7kNbowGgEOOQXYd +CUAOO+eNCtlm1zRszn75JWoVz5o+7DDgo7HSo7Ex8WJQXLT+3VRhAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBX6w6Iq4Cwlxb7XvpFR3UXw8V1k +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAuxRo0gkOZVhN1zWg +o5vmtCq0gDI+YW2HGaao0gF4zQcLCaneX6qGQ91v1uA7q2Bx0vCqjxSTQjcSVQLh +p+2O28CDEBnw9R41d4SawXmcYDlvUABmc27wuPd1Zz76PgzQ1lRKrto4BpJXOczZ +sfpgXpkH5pc7aU3jAlCNYHaOfuNg1GVBm2y4zLLEemEyy2dJtHYlDH4ghSR0CpAK +znP5jrrO3m4Kz20cUGf6ok4y0K2RNV6qs3V+IxQpqGYqgu1s7amd9ncgOuELqx7u +HYog/39PNloKMFrGnKpT6z8EKIptcJcqmdYM26UiC+VrJM9uKsdKa82CjhOEGLZH +G52Lgw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-F-by-E.pem b/pki/testdata/ssl/certificates/multi-root-F-by-E.pem new file mode 100644 index 0000000000..2e1124d756 --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-F-by-E.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E Root CA - Multi-root + Validity + Not Before: Jan 2 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=F CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:5d:d7:fd:02:9d:bb:14:27:d9:65:9e:e0:7e: + 5c:68:0b:74:71:bb:88:1e:8e:e4:54:57:fd:f6:3f: + 06:3a:3c:b1:5c:62:1f:cc:d8:b1:c6:90:c5:22:fc: + f4:2b:47:cf:83:fc:08:d9:fd:f3:aa:b6:e4:22:0c: + 88:4a:74:63:2b:13:f1:6a:37:04:0e:de:3b:66:20: + b9:f5:e2:b8:cd:e6:8a:b6:fd:9d:93:b6:6d:8e:72: + 71:b3:a1:03:7d:60:7a:94:a5:e9:93:c1:75:99:26: + 26:63:3b:33:3a:3e:af:21:96:78:ff:2a:84:55:1d: + 21:59:db:6a:cc:ba:d8:c1:cb:8d:ed:e6:ef:b6:67: + aa:85:6d:55:6c:39:8e:32:59:8b:df:ed:f6:40:ce: + 46:b7:b6:fe:e6:75:39:ea:59:05:4c:2a:b4:82:95: + db:9e:26:71:71:b5:4c:dc:07:06:6f:31:dd:de:93: + f0:be:eb:55:39:ae:9a:7f:b0:3f:74:06:3c:e6:55: + e5:09:aa:d5:84:56:be:f5:67:c4:3c:47:69:16:a0: + a4:96:72:08:01:28:0b:ce:ba:a8:16:a9:88:79:b9: + ae:40:ed:1a:8b:5e:d8:ab:22:a0:3e:09:08:c5:77: + 94:35:af:f5:de:f0:e6:b8:3d:86:02:4e:79:b2:9b: + 84:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 02:E9:36:9C:1C:59:BF:B9:1B:DE:86:93:68:BB:A6:2B:07:FA:05:B7 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 28:0a:35:5a:36:47:b7:fd:96:b0:42:62:5e:0a:fe:f8:10:70: + da:65:67:9c:5a:33:68:4c:ba:5c:e8:3f:f3:04:3f:8f:e5:11: + 5f:0b:e2:70:2f:9f:6e:10:c4:18:cf:ea:a0:10:cf:52:71:08: + 34:12:b0:ea:77:f8:ec:f3:72:36:6f:c5:34:e7:9e:67:32:96: + 14:4f:d4:f9:cb:75:34:64:09:78:6e:95:91:f2:af:ef:46:73: + 42:01:91:49:db:c9:1c:a6:92:89:f4:8f:02:97:15:2e:20:f7: + 66:71:d9:28:b8:ad:4b:6b:74:e7:33:b6:25:c8:ea:1d:22:2a: + 2b:bb:ba:d6:77:5f:db:fb:bf:23:ab:7f:6d:97:89:f3:29:f4: + 68:31:6c:4b:02:75:61:ec:28:4a:fc:b4:3d:eb:88:4f:73:3e: + bb:5e:9d:1b:c6:71:7b:2c:09:0b:03:b1:85:4b:fc:8d:4c:c4: + 96:b1:1c:ec:9a:85:94:4f:f2:14:b8:14:50:d1:21:0d:dd:4b: + af:4a:ab:8a:3c:9b:d4:98:08:d3:2d:56:4c:3b:1e:46:cb:2c: + f6:04:bc:ff:d7:85:10:6e:3b:5d:30:a3:29:88:a9:cd:17:de: + 23:92:2f:1f:52:7c:dc:69:5b:8f:b8:e7:0a:9b:f2:cf:0f:1d: + 94:b4:ff:1b +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRSBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMBwxGjAYBgNVBAMMEUYgQ0EgLSBNdWx0aS1yb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAw13X/QKduxQn2WWe4H5caAt0cbuIHo7kVFf99j8G +OjyxXGIfzNixxpDFIvz0K0fPg/wI2f3zqrbkIgyISnRjKxPxajcEDt47ZiC59eK4 +zeaKtv2dk7ZtjnJxs6EDfWB6lKXpk8F1mSYmYzszOj6vIZZ4/yqEVR0hWdtqzLrY +wcuN7ebvtmeqhW1VbDmOMlmL3+32QM5Gt7b+5nU56lkFTCq0gpXbniZxcbVM3AcG +bzHd3pPwvutVOa6af7A/dAY85lXlCarVhFa+9WfEPEdpFqCklnIIASgLzrqoFqmI +ebmuQO0ai17YqyKgPgkIxXeUNa/13vDmuD2GAk55spuEfQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQC6TacHFm/uRvehpNou6YrB/oFtzAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBACgKNVo2R7f9lrBCYl4K/vgQ +cNplZ5xaM2hMulzoP/MEP4/lEV8L4nAvn24QxBjP6qAQz1JxCDQSsOp3+OzzcjZv +xTTnnmcylhRP1PnLdTRkCXhulZHyr+9Gc0IBkUnbyRymkon0jwKXFS4g92Zx2Si4 +rUtrdOcztiXI6h0iKiu7utZ3X9v7vyOrf22XifMp9GgxbEsCdWHsKEr8tD3riE9z +PrtenRvGcXssCQsDsYVL/I1MxJaxHOyahZRP8hS4FFDRIQ3dS69Kq4o8m9SYCNMt +Vkw7HkbLLPYEvP/XhRBuO10woymIqc0X3iOSLx9SfNxpW4+45wqb8s8PHZS0/xs= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-chain1.pem b/pki/testdata/ssl/certificates/multi-root-chain1.pem new file mode 100644 index 0000000000..fb53c3350a --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-chain1.pem @@ -0,0 +1,305 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA - Multi-root + Validity + Not Before: Feb 28 23:46:47 2017 GMT + Not After : Feb 26 23:46:47 2027 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:18:86:3f:09:63:9c:d4:c0:06:45:a5:91:7f: + e7:a7:b8:3d:c7:ff:0d:e8:39:f5:43:27:a7:44:2a: + 3b:53:03:e3:cd:13:23:46:5f:e0:27:f0:a3:7a:25: + 82:b0:52:bb:03:4f:99:e3:2c:1b:6f:54:05:0f:7f: + 4f:74:f9:ad:b2:88:85:43:63:06:ac:91:f1:19:b7: + da:7a:42:68:6a:68:a5:e0:02:44:23:eb:d1:05:0d: + 3d:58:31:ee:ba:20:9e:16:11:f5:ae:b5:c3:21:cc: + 84:e7:1a:d2:c2:8c:7e:44:93:36:bd:6c:0c:07:35: + f2:4e:57:3f:b3:cf:21:5a:ff:16:02:e9:61:f4:cc: + 4a:5a:24:da:55:fc:c6:da:44:d6:b7:2a:4e:31:bf: + a0:80:24:55:ed:5c:bc:6b:84:12:a4:03:cc:b2:c2: + db:ef:1e:08:bd:a3:bf:ef:fc:3d:53:38:b9:00:8a: + d6:40:1a:cc:f2:6a:ab:e7:4b:67:1c:ae:ff:6d:43: + 12:08:c6:97:4b:73:df:85:cf:2a:a5:6e:ce:22:02: + cb:63:6c:3f:00:aa:3b:b0:87:9b:d5:13:09:32:4c: + bd:71:79:ff:04:b1:9a:8d:2d:a0:0a:65:d5:1e:53: + c4:eb:0e:14:c0:b9:f3:8f:6f:64:b4:1d:11:a7:40: + e7:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 28:6F:58:36:8F:1B:C5:99:18:5B:DC:A5:86:AF:89:F2:B4:3E:AF:51 + X509v3 Authority Key Identifier: + keyid:D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 07:8f:f9:c6:33:3c:bc:74:20:21:92:46:7a:c5:df:76:18:47: + 63:0c:5e:e8:f3:97:ec:37:83:0b:4d:a4:1c:6b:0b:a2:28:db: + 5c:17:d9:91:77:00:4a:db:46:f9:68:ec:2a:f8:b5:82:0c:00: + d1:88:0c:7c:b4:2d:e9:48:f5:a2:9d:a9:d5:bb:db:9d:56:96: + c5:6c:46:da:23:a3:66:80:a5:9b:93:d0:df:9c:00:75:ac:48: + ea:48:b4:22:ee:ff:db:eb:bb:8f:f0:de:16:a1:99:98:85:4c: + b3:66:dd:22:96:96:97:48:ae:8a:2d:e9:a5:1c:5c:d9:dd:31: + 3f:58:7c:bb:2b:db:86:6a:53:e5:af:6d:85:3a:ca:92:5d:56: + e2:02:90:d7:eb:98:0f:d8:ba:2a:d1:26:bb:82:5b:80:d5:2d: + 52:d7:40:4d:0d:0d:1e:fe:c2:89:be:e2:80:4d:cd:91:dc:f3: + fa:19:25:3e:ba:a8:cf:48:d3:b6:35:a5:96:6e:a5:12:d1:65: + 65:a9:92:6b:d0:fc:05:25:7c:fb:76:48:38:15:7e:4f:95:03: + b0:c3:55:89:bc:59:be:de:3c:fb:4b:5a:f1:3b:00:c1:03:59: + 6c:b3:8b:21:7e:84:75:30:19:8c:19:f6:99:40:ec:87:43:3b: + 89:d0:f5:6d +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQiBD +QSAtIE11bHRpLXJvb3QwHhcNMTcwMjI4MjM0NjQ3WhcNMjcwMjI2MjM0NjQ3WjBg +MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91 +bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAuMC4x +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBiGPwljnNTABkWlkX/n +p7g9x/8N6Dn1QyenRCo7UwPjzRMjRl/gJ/CjeiWCsFK7A0+Z4ywbb1QFD39PdPmt +soiFQ2MGrJHxGbfaekJoamil4AJEI+vRBQ09WDHuuiCeFhH1rrXDIcyE5xrSwox+ +RJM2vWwMBzXyTlc/s88hWv8WAulh9MxKWiTaVfzG2kTWtypOMb+ggCRV7Vy8a4QS +pAPMssLb7x4IvaO/7/w9Uzi5AIrWQBrM8mqr50tnHK7/bUMSCMaXS3Pfhc8qpW7O +IgLLY2w/AKo7sIeb1RMJMky9cXn/BLGajS2gCmXVHlPE6w4UwLnzj29ktB0Rp0Dn +YQIDAQABo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKG9YNo8bxZkYW9yl +hq+J8rQ+r1EwHwYDVR0jBBgwFoAU0I0fsrwplnPvDHrCpAaWz9WMMdswHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI +hvcNAQELBQADggEBAAeP+cYzPLx0ICGSRnrF33YYR2MMXujzl+w3gwtNpBxrC6Io +21wX2ZF3AErbRvlo7Cr4tYIMANGIDHy0LelI9aKdqdW7251WlsVsRtojo2aApZuT +0N+cAHWsSOpItCLu/9vru4/w3hahmZiFTLNm3SKWlpdIroot6aUcXNndMT9YfLsr +24ZqU+WvbYU6ypJdVuICkNfrmA/YuirRJruCW4DVLVLXQE0NDR7+wom+4oBNzZHc +8/oZJT66qM9I07Y1pZZupRLRZWWpkmvQ/AUlfPt2SDgVfk+VA7DDVYm8Wb7ePPtL +WvE7AMEDWWyziyF+hHUwGYwZ9plA7IdDO4nQ9W0= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C CA - Multi-root + Validity + Not Before: Jan 4 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=B CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ca:6c:54:ab:3c:54:33:6c:d7:04:c4:4b:c4:39: + 32:db:7a:49:e4:e1:e7:60:c7:35:33:08:59:ba:62: + bf:49:d6:05:1f:07:b8:b6:bd:38:2f:6b:a7:e5:8d: + de:79:27:d8:36:58:92:69:cc:db:8e:6a:89:b4:79: + ab:cf:98:53:08:12:17:9e:51:15:bc:e7:8f:e5:93: + d9:1a:2e:68:a9:93:3c:d3:7a:75:a4:5c:c2:fc:16: + 9b:ba:df:49:5d:73:65:ec:b0:cc:1e:ba:cc:98:39: + d1:4e:b2:d6:5f:e8:7f:24:1a:fa:56:b0:0d:33:46: + 22:56:4f:5c:f3:16:ad:55:8a:62:3c:bc:50:c2:3a: + 58:3e:70:4d:5a:df:99:ec:c7:a6:2c:8f:2a:a5:2e: + 11:b8:58:c5:d5:e8:43:2f:40:a5:20:80:32:2a:76: + 5e:06:07:48:6d:44:60:ba:21:72:61:e2:1a:ec:64: + 5d:72:72:f1:21:9d:04:2f:61:35:0b:2f:f0:c0:fe: + 52:b8:c4:41:9c:b6:13:58:21:81:e3:28:27:4d:6c: + 24:a3:20:fb:0f:9c:d4:4f:34:3a:d0:d1:08:84:c4: + 40:71:44:4f:e8:be:c5:1f:5d:1c:34:64:0b:6c:1c: + 24:fa:a9:83:49:c6:f5:4d:7f:63:c0:1a:a9:77:8a: + c0:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 1e:16:7c:d7:d1:ee:63:a9:a2:b1:87:2c:8b:1e:d3:cf:51:14: + ed:12:0b:ec:67:2b:7f:3b:0e:8e:3c:50:bb:d1:dc:3b:40:1a: + ec:44:30:c4:f6:65:c2:c3:5d:d8:cb:c2:6c:13:2e:5a:2d:76: + c6:6b:5d:65:a5:7e:c2:bf:cb:fc:b1:50:b0:43:47:fc:a3:7b: + 07:d1:77:50:4f:d2:53:98:8f:a2:00:97:13:d9:b7:83:2e:d9: + c4:2a:e6:b1:fc:2d:6c:ce:d1:61:73:aa:40:e0:ce:87:74:43: + a2:f7:b5:d9:5f:46:79:97:28:c4:de:15:60:3b:3e:3f:3d:1d: + 14:f4:87:ef:b9:08:09:2a:fb:d0:d5:1b:4f:77:f9:0d:c9:4b: + 23:32:1c:06:04:a6:83:aa:00:9c:70:c2:2b:01:42:1e:f6:d6: + d3:5c:f9:a8:b7:84:9e:44:12:9a:9f:a8:2a:89:56:69:a6:2f: + e9:ee:67:e9:7e:32:b5:ef:6b:4e:f0:12:23:fa:85:3e:03:59: + 94:db:88:99:04:55:c4:d1:df:df:c6:e2:fd:61:c5:f6:af:dc: + 4c:e4:52:8f:f2:c8:07:39:dd:99:33:49:85:1e:df:e1:1f:08: + 6b:e0:d2:1b:93:db:32:05:4b:39:ee:b3:f1:b6:af:18:07:a7: + 24:9c:1e:75 +-----BEGIN CERTIFICATE----- +MIIC9jCCAd6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQyBD +QSAtIE11bHRpLXJvb3QwHhcNMTYwMTA0MDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAc +MRowGAYDVQQDDBFCIENBIC0gTXVsdGktcm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMpsVKs8VDNs1wTES8Q5Mtt6SeTh52DHNTMIWbpiv0nWBR8H +uLa9OC9rp+WN3nkn2DZYkmnM245qibR5q8+YUwgSF55RFbznj+WT2RouaKmTPNN6 +daRcwvwWm7rfSV1zZeywzB66zJg50U6y1l/ofyQa+lawDTNGIlZPXPMWrVWKYjy8 +UMI6WD5wTVrfmezHpiyPKqUuEbhYxdXoQy9ApSCAMip2XgYHSG1EYLohcmHiGuxk +XXJy8SGdBC9hNQsv8MD+UrjEQZy2E1ghgeMoJ01sJKMg+w+c1E80OtDRCITEQHFE +T+i+xR9dHDRkC2wcJPqpg0nG9U1/Y8AaqXeKwEMCAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU0I0fsrwplnPvDHrCpAaWz9WMMdswDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAeFnzX0e5jqaKxhyyLHtPPURTtEgvs +Zyt/Ow6OPFC70dw7QBrsRDDE9mXCw13Yy8JsEy5aLXbGa11lpX7Cv8v8sVCwQ0f8 +o3sH0XdQT9JTmI+iAJcT2beDLtnEKuax/C1sztFhc6pA4M6HdEOi97XZX0Z5lyjE +3hVgOz4/PR0U9IfvuQgJKvvQ1RtPd/kNyUsjMhwGBKaDqgCccMIrAUIe9tbTXPmo +t4SeRBKan6gqiVZppi/p7mfpfjK172tO8BIj+oU+A1mU24iZBFXE0d/fxuL9YcX2 +r9xM5FKP8sgHOd2ZM0mFHt/hHwhr4NIbk9syBUs57rPxtq8YB6cknB51 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=D Root CA - Multi-root + Validity + Not Before: Jan 3 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=C CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:c4:16:dc:07:88:ec:7e:a6:b3:25:c8:7b:9c: + e0:07:1e:40:a9:40:c0:4d:c8:73:27:ea:88:d8:58: + 1a:1a:12:e3:9a:62:41:4c:a1:e9:b1:ce:c6:b2:f6: + 3a:f6:89:3f:40:e6:0f:fb:15:4b:cb:d2:8d:8e:b6: + 44:aa:63:fa:3b:c5:cc:af:86:05:70:aa:ec:f4:b3: + 79:04:e6:3e:25:ec:ec:29:d6:c9:8b:7b:13:05:a7: + ff:51:5b:ab:4c:bc:d0:e4:bd:61:1a:d2:27:f1:2e: + 5f:f4:51:81:c4:23:ba:20:c3:14:08:b4:be:78:49: + b5:13:1f:69:fd:f6:a7:59:91:84:a9:99:10:c8:9c: + 63:9e:99:c2:f2:3d:61:9d:6a:6e:d4:26:9b:88:aa: + da:66:b3:0d:c6:99:03:16:13:3a:a4:9a:ff:08:3e: + 59:df:a7:44:b7:17:99:3f:63:7f:3a:05:7e:ce:64: + 78:34:e6:00:77:69:e6:03:24:a7:12:f3:e8:a8:50: + 2b:55:16:fa:6e:65:c6:28:58:82:a4:20:7e:68:22: + e9:81:9e:a2:e8:0f:d6:87:c2:73:dd:c2:0c:cc:a3: + 47:54:11:f5:3d:dc:51:52:57:b2:ce:77:8b:7a:ac: + a7:f0:2a:26:36:e6:26:b9:6a:83:da:b2:6f:c0:f6: + 1e:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:D1:05:98:4C:68:53:C2:DC:00:EE:AC:E5:A8:B8:FC:B9:72:D9:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 7e:5b:a7:f2:c7:15:33:73:ce:e4:1e:77:ba:35:8b:44:01:57: + b1:db:55:d3:54:95:c6:44:27:89:3f:e5:46:98:de:4a:7e:d9: + e7:6c:e8:0d:d5:e2:98:31:07:21:9c:bd:01:47:be:0c:e1:b3: + 22:1e:ea:da:d4:fc:b5:37:5d:94:de:06:9b:69:a5:77:22:d0: + 96:80:35:9f:02:a0:cd:41:35:b3:21:94:ca:9b:03:4f:68:18: + 5e:6d:0d:95:95:17:ab:bd:00:9b:d0:78:f7:38:5e:37:df:33: + 15:2f:3e:64:27:c8:67:5e:c4:14:92:08:90:55:34:8d:73:d9: + 66:0c:30:dd:42:ab:71:73:b4:26:28:b1:13:90:7b:0a:10:f2: + 7c:75:07:36:1f:a5:b6:a5:97:ac:20:c7:83:0c:15:cf:5c:34: + df:3f:8d:81:3e:c0:43:2a:ca:6f:c4:86:cc:2f:93:e1:5d:18: + 68:a4:bd:cc:5b:39:fa:40:fa:d4:a7:8b:7a:5d:b7:59:77:48: + 9b:ab:e0:71:b2:04:1f:79:ea:d1:cd:d3:24:52:5b:4b:21:2f: + 84:2e:b4:d6:87:1d:4f:fe:e7:6c:94:ff:d0:02:50:6b:bc:2a: + 1e:21:a5:ac:3e:73:b5:2f:ba:11:c5:6f:8f:f7:8e:eb:08:11: + 00:cb:e3:2d +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRCBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDMwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMBwxGjAYBgNVBAMMEUMgQ0EgLSBNdWx0aS1yb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAssQW3AeI7H6msyXIe5zgBx5AqUDATchzJ+qI2Fga +GhLjmmJBTKHpsc7GsvY69ok/QOYP+xVLy9KNjrZEqmP6O8XMr4YFcKrs9LN5BOY+ +JezsKdbJi3sTBaf/UVurTLzQ5L1hGtIn8S5f9FGBxCO6IMMUCLS+eEm1Ex9p/fan +WZGEqZkQyJxjnpnC8j1hnWpu1CabiKraZrMNxpkDFhM6pJr/CD5Z36dEtxeZP2N/ +OgV+zmR4NOYAd2nmAySnEvPoqFArVRb6bmXGKFiCpCB+aCLpgZ6i6A/Wh8Jz3cIM +zKNHVBH1PdxRUleyzneLeqyn8ComNuYmuWqD2rJvwPYe8wIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTj0QWYTGhTwtwA7qzlqLj8uXLZZzAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAH5bp/LHFTNzzuQed7o1i0QB +V7HbVdNUlcZEJ4k/5UaY3kp+2eds6A3V4pgxByGcvQFHvgzhsyIe6trU/LU3XZTe +BptppXci0JaANZ8CoM1BNbMhlMqbA09oGF5tDZWVF6u9AJvQePc4XjffMxUvPmQn +yGdexBSSCJBVNI1z2WYMMN1Cq3FztCYosROQewoQ8nx1BzYfpball6wgx4MMFc9c +NN8/jYE+wEMqym/Ehswvk+FdGGikvcxbOfpA+tSni3pdt1l3SJur4HGyBB956tHN +0yRSW0shL4QutNaHHU/+52yU/9ACUGu8Kh4hpaw+c7UvuhHFb4/3jusIEQDL4y0= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=D Root CA - Multi-root + Validity + Not Before: Jan 2 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=D Root CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:b2:8e:83:7f:3b:8b:0f:9f:71:37:18:78:d0: + f5:bc:07:ac:d8:eb:bf:f6:7c:c0:65:dc:00:bf:83: + f7:e4:5e:97:9f:db:24:e4:c1:f9:31:70:b2:51:44: + 2c:27:05:6a:1f:1e:35:9c:ea:c4:eb:f8:0a:c4:4b: + 14:30:89:e8:75:93:fb:96:32:bc:0e:64:ca:11:74: + 4a:ac:26:a0:9c:09:cd:6e:43:cf:6c:56:03:44:ab: + 53:81:66:8d:5a:ad:75:1b:31:23:9f:fd:5e:8c:10: + cd:e9:e9:05:80:41:5e:b8:f1:96:3d:5b:17:b2:e1: + a8:47:44:eb:82:30:5e:7a:fe:8f:11:bb:b8:31:8e: + 98:4c:a9:f3:2c:91:59:78:f4:63:1c:47:ad:6a:96: + 5e:87:39:f3:17:9b:d6:9c:e9:e1:3c:0e:ef:8a:d8: + 7e:c3:2d:33:d9:eb:26:29:1d:8a:66:ef:b9:8d:c3: + b1:51:3a:75:56:1b:b8:a9:08:e7:10:db:37:70:c4: + 6c:32:c0:e1:2b:f4:84:12:a5:cf:49:83:e1:5a:40: + ab:db:f9:23:c5:7d:c0:03:ac:0e:3e:be:7c:42:92: + fb:b7:71:91:37:04:92:4e:d5:92:31:cf:1b:cd:e4: + 27:e5:85:98:ac:20:95:5d:6d:4e:90:fa:c7:6c:2b: + fd:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 69:E7:FF:33:A6:6B:A0:AD:5A:F1:D3:15:4F:9E:F7:C5:16:2E:C4:B6 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 55:ec:3a:cd:87:dc:96:54:23:68:65:f7:a6:91:3c:37:f0:44: + 94:2e:2f:3a:af:2c:0d:f4:09:f6:52:69:4f:ad:ac:83:6c:76: + 76:72:2b:c0:48:ea:c9:76:c0:f5:7a:1e:73:ba:3c:f3:41:93: + b4:4b:a5:6a:a3:87:f5:c7:6f:e9:55:ce:e0:8b:8c:83:e6:f0: + e0:1c:e8:6a:8f:3b:67:b6:cd:35:6d:0b:1c:16:bf:38:fd:9d: + d8:95:a9:3c:b9:4c:05:19:71:f4:a0:2c:1f:83:18:5a:f3:5a: + ea:80:49:70:cc:49:84:63:7c:a9:4d:cb:1f:df:96:f2:c4:2c: + 2c:e8:b0:75:69:8c:a9:71:7e:27:6a:fe:22:c6:77:e0:77:f4: + 98:05:29:45:18:75:a3:f0:43:40:b2:8d:52:cb:2e:46:fb:37: + bb:c6:68:20:c2:2e:01:82:51:f0:00:3a:89:40:9b:ab:9c:c3: + 5c:f2:a3:3b:f7:00:98:4d:bd:a7:74:37:f6:74:c7:6e:42:4b: + aa:8c:cc:c7:85:b2:4b:78:cb:8c:03:7c:e5:85:75:32:a9:89: + 49:da:ed:3d:9e:5b:a2:c9:b2:2a:08:06:6d:cf:df:83:d4:a9: + 3d:e9:44:de:70:9c:43:e3:35:24:dd:85:ed:7c:37:4e:02:44: + d2:5d:7a:ad +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRCBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMCExHzAdBgNVBAMMFkQgUm9vdCBDQSAtIE11bHRpLXJvb3QwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0so6DfzuLD59xNxh40PW8B6zY67/2fMBl +3AC/g/fkXpef2yTkwfkxcLJRRCwnBWofHjWc6sTr+ArESxQwieh1k/uWMrwOZMoR +dEqsJqCcCc1uQ89sVgNEq1OBZo1arXUbMSOf/V6MEM3p6QWAQV648ZY9Wxey4ahH +ROuCMF56/o8Ru7gxjphMqfMskVl49GMcR61qll6HOfMXm9ac6eE8Du+K2H7DLTPZ +6yYpHYpm77mNw7FROnVWG7ipCOcQ2zdwxGwywOEr9IQSpc9Jg+FaQKvb+SPFfcAD +rA4+vnxCkvu3cZE3BJJO1ZIxzxvN5CflhZisIJVdbU6Q+sdsK/1BAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGnn/zOma6CtWvHTFU+e98UWLsS2 +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAVew6zYfcllQjaGX3 +ppE8N/BElC4vOq8sDfQJ9lJpT62sg2x2dnIrwEjqyXbA9Xoec7o880GTtEulaqOH +9cdv6VXO4IuMg+bw4Bzoao87Z7bNNW0LHBa/OP2d2JWpPLlMBRlx9KAsH4MYWvNa +6oBJcMxJhGN8qU3LH9+W8sQsLOiwdWmMqXF+J2r+IsZ34Hf0mAUpRRh1o/BDQLKN +UssuRvs3u8ZoIMIuAYJR8AA6iUCbq5zDXPKjO/cAmE29p3Q39nTHbkJLqozMx4Wy +S3jLjAN85YV1MqmJSdrtPZ5bosmyKggGbc/fg9SpPelE3nCcQ+M1JN2F7Xw3TgJE +0l16rQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-chain2.pem b/pki/testdata/ssl/certificates/multi-root-chain2.pem new file mode 100644 index 0000000000..ea5a7f0902 --- /dev/null +++ b/pki/testdata/ssl/certificates/multi-root-chain2.pem @@ -0,0 +1,305 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA - Multi-root + Validity + Not Before: Feb 28 23:46:47 2017 GMT + Not After : Feb 26 23:46:47 2027 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:18:86:3f:09:63:9c:d4:c0:06:45:a5:91:7f: + e7:a7:b8:3d:c7:ff:0d:e8:39:f5:43:27:a7:44:2a: + 3b:53:03:e3:cd:13:23:46:5f:e0:27:f0:a3:7a:25: + 82:b0:52:bb:03:4f:99:e3:2c:1b:6f:54:05:0f:7f: + 4f:74:f9:ad:b2:88:85:43:63:06:ac:91:f1:19:b7: + da:7a:42:68:6a:68:a5:e0:02:44:23:eb:d1:05:0d: + 3d:58:31:ee:ba:20:9e:16:11:f5:ae:b5:c3:21:cc: + 84:e7:1a:d2:c2:8c:7e:44:93:36:bd:6c:0c:07:35: + f2:4e:57:3f:b3:cf:21:5a:ff:16:02:e9:61:f4:cc: + 4a:5a:24:da:55:fc:c6:da:44:d6:b7:2a:4e:31:bf: + a0:80:24:55:ed:5c:bc:6b:84:12:a4:03:cc:b2:c2: + db:ef:1e:08:bd:a3:bf:ef:fc:3d:53:38:b9:00:8a: + d6:40:1a:cc:f2:6a:ab:e7:4b:67:1c:ae:ff:6d:43: + 12:08:c6:97:4b:73:df:85:cf:2a:a5:6e:ce:22:02: + cb:63:6c:3f:00:aa:3b:b0:87:9b:d5:13:09:32:4c: + bd:71:79:ff:04:b1:9a:8d:2d:a0:0a:65:d5:1e:53: + c4:eb:0e:14:c0:b9:f3:8f:6f:64:b4:1d:11:a7:40: + e7:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 28:6F:58:36:8F:1B:C5:99:18:5B:DC:A5:86:AF:89:F2:B4:3E:AF:51 + X509v3 Authority Key Identifier: + keyid:D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 07:8f:f9:c6:33:3c:bc:74:20:21:92:46:7a:c5:df:76:18:47: + 63:0c:5e:e8:f3:97:ec:37:83:0b:4d:a4:1c:6b:0b:a2:28:db: + 5c:17:d9:91:77:00:4a:db:46:f9:68:ec:2a:f8:b5:82:0c:00: + d1:88:0c:7c:b4:2d:e9:48:f5:a2:9d:a9:d5:bb:db:9d:56:96: + c5:6c:46:da:23:a3:66:80:a5:9b:93:d0:df:9c:00:75:ac:48: + ea:48:b4:22:ee:ff:db:eb:bb:8f:f0:de:16:a1:99:98:85:4c: + b3:66:dd:22:96:96:97:48:ae:8a:2d:e9:a5:1c:5c:d9:dd:31: + 3f:58:7c:bb:2b:db:86:6a:53:e5:af:6d:85:3a:ca:92:5d:56: + e2:02:90:d7:eb:98:0f:d8:ba:2a:d1:26:bb:82:5b:80:d5:2d: + 52:d7:40:4d:0d:0d:1e:fe:c2:89:be:e2:80:4d:cd:91:dc:f3: + fa:19:25:3e:ba:a8:cf:48:d3:b6:35:a5:96:6e:a5:12:d1:65: + 65:a9:92:6b:d0:fc:05:25:7c:fb:76:48:38:15:7e:4f:95:03: + b0:c3:55:89:bc:59:be:de:3c:fb:4b:5a:f1:3b:00:c1:03:59: + 6c:b3:8b:21:7e:84:75:30:19:8c:19:f6:99:40:ec:87:43:3b: + 89:d0:f5:6d +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQiBD +QSAtIE11bHRpLXJvb3QwHhcNMTcwMjI4MjM0NjQ3WhcNMjcwMjI2MjM0NjQ3WjBg +MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91 +bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAuMC4x +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBiGPwljnNTABkWlkX/n +p7g9x/8N6Dn1QyenRCo7UwPjzRMjRl/gJ/CjeiWCsFK7A0+Z4ywbb1QFD39PdPmt +soiFQ2MGrJHxGbfaekJoamil4AJEI+vRBQ09WDHuuiCeFhH1rrXDIcyE5xrSwox+ +RJM2vWwMBzXyTlc/s88hWv8WAulh9MxKWiTaVfzG2kTWtypOMb+ggCRV7Vy8a4QS +pAPMssLb7x4IvaO/7/w9Uzi5AIrWQBrM8mqr50tnHK7/bUMSCMaXS3Pfhc8qpW7O +IgLLY2w/AKo7sIeb1RMJMky9cXn/BLGajS2gCmXVHlPE6w4UwLnzj29ktB0Rp0Dn +YQIDAQABo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKG9YNo8bxZkYW9yl +hq+J8rQ+r1EwHwYDVR0jBBgwFoAU0I0fsrwplnPvDHrCpAaWz9WMMdswHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI +hvcNAQELBQADggEBAAeP+cYzPLx0ICGSRnrF33YYR2MMXujzl+w3gwtNpBxrC6Io +21wX2ZF3AErbRvlo7Cr4tYIMANGIDHy0LelI9aKdqdW7251WlsVsRtojo2aApZuT +0N+cAHWsSOpItCLu/9vru4/w3hahmZiFTLNm3SKWlpdIroot6aUcXNndMT9YfLsr +24ZqU+WvbYU6ypJdVuICkNfrmA/YuirRJruCW4DVLVLXQE0NDR7+wom+4oBNzZHc +8/oZJT66qM9I07Y1pZZupRLRZWWpkmvQ/AUlfPt2SDgVfk+VA7DDVYm8Wb7ePPtL +WvE7AMEDWWyziyF+hHUwGYwZ9plA7IdDO4nQ9W0= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C CA - Multi-root + Validity + Not Before: Jan 4 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=B CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ca:6c:54:ab:3c:54:33:6c:d7:04:c4:4b:c4:39: + 32:db:7a:49:e4:e1:e7:60:c7:35:33:08:59:ba:62: + bf:49:d6:05:1f:07:b8:b6:bd:38:2f:6b:a7:e5:8d: + de:79:27:d8:36:58:92:69:cc:db:8e:6a:89:b4:79: + ab:cf:98:53:08:12:17:9e:51:15:bc:e7:8f:e5:93: + d9:1a:2e:68:a9:93:3c:d3:7a:75:a4:5c:c2:fc:16: + 9b:ba:df:49:5d:73:65:ec:b0:cc:1e:ba:cc:98:39: + d1:4e:b2:d6:5f:e8:7f:24:1a:fa:56:b0:0d:33:46: + 22:56:4f:5c:f3:16:ad:55:8a:62:3c:bc:50:c2:3a: + 58:3e:70:4d:5a:df:99:ec:c7:a6:2c:8f:2a:a5:2e: + 11:b8:58:c5:d5:e8:43:2f:40:a5:20:80:32:2a:76: + 5e:06:07:48:6d:44:60:ba:21:72:61:e2:1a:ec:64: + 5d:72:72:f1:21:9d:04:2f:61:35:0b:2f:f0:c0:fe: + 52:b8:c4:41:9c:b6:13:58:21:81:e3:28:27:4d:6c: + 24:a3:20:fb:0f:9c:d4:4f:34:3a:d0:d1:08:84:c4: + 40:71:44:4f:e8:be:c5:1f:5d:1c:34:64:0b:6c:1c: + 24:fa:a9:83:49:c6:f5:4d:7f:63:c0:1a:a9:77:8a: + c0:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D0:8D:1F:B2:BC:29:96:73:EF:0C:7A:C2:A4:06:96:CF:D5:8C:31:DB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 1e:16:7c:d7:d1:ee:63:a9:a2:b1:87:2c:8b:1e:d3:cf:51:14: + ed:12:0b:ec:67:2b:7f:3b:0e:8e:3c:50:bb:d1:dc:3b:40:1a: + ec:44:30:c4:f6:65:c2:c3:5d:d8:cb:c2:6c:13:2e:5a:2d:76: + c6:6b:5d:65:a5:7e:c2:bf:cb:fc:b1:50:b0:43:47:fc:a3:7b: + 07:d1:77:50:4f:d2:53:98:8f:a2:00:97:13:d9:b7:83:2e:d9: + c4:2a:e6:b1:fc:2d:6c:ce:d1:61:73:aa:40:e0:ce:87:74:43: + a2:f7:b5:d9:5f:46:79:97:28:c4:de:15:60:3b:3e:3f:3d:1d: + 14:f4:87:ef:b9:08:09:2a:fb:d0:d5:1b:4f:77:f9:0d:c9:4b: + 23:32:1c:06:04:a6:83:aa:00:9c:70:c2:2b:01:42:1e:f6:d6: + d3:5c:f9:a8:b7:84:9e:44:12:9a:9f:a8:2a:89:56:69:a6:2f: + e9:ee:67:e9:7e:32:b5:ef:6b:4e:f0:12:23:fa:85:3e:03:59: + 94:db:88:99:04:55:c4:d1:df:df:c6:e2:fd:61:c5:f6:af:dc: + 4c:e4:52:8f:f2:c8:07:39:dd:99:33:49:85:1e:df:e1:1f:08: + 6b:e0:d2:1b:93:db:32:05:4b:39:ee:b3:f1:b6:af:18:07:a7: + 24:9c:1e:75 +-----BEGIN CERTIFICATE----- +MIIC9jCCAd6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRQyBD +QSAtIE11bHRpLXJvb3QwHhcNMTYwMTA0MDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAc +MRowGAYDVQQDDBFCIENBIC0gTXVsdGktcm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMpsVKs8VDNs1wTES8Q5Mtt6SeTh52DHNTMIWbpiv0nWBR8H +uLa9OC9rp+WN3nkn2DZYkmnM245qibR5q8+YUwgSF55RFbznj+WT2RouaKmTPNN6 +daRcwvwWm7rfSV1zZeywzB66zJg50U6y1l/ofyQa+lawDTNGIlZPXPMWrVWKYjy8 +UMI6WD5wTVrfmezHpiyPKqUuEbhYxdXoQy9ApSCAMip2XgYHSG1EYLohcmHiGuxk +XXJy8SGdBC9hNQsv8MD+UrjEQZy2E1ghgeMoJ01sJKMg+w+c1E80OtDRCITEQHFE +T+i+xR9dHDRkC2wcJPqpg0nG9U1/Y8AaqXeKwEMCAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU0I0fsrwplnPvDHrCpAaWz9WMMdswDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAeFnzX0e5jqaKxhyyLHtPPURTtEgvs +Zyt/Ow6OPFC70dw7QBrsRDDE9mXCw13Yy8JsEy5aLXbGa11lpX7Cv8v8sVCwQ0f8 +o3sH0XdQT9JTmI+iAJcT2beDLtnEKuax/C1sztFhc6pA4M6HdEOi97XZX0Z5lyjE +3hVgOz4/PR0U9IfvuQgJKvvQ1RtPd/kNyUsjMhwGBKaDqgCccMIrAUIe9tbTXPmo +t4SeRBKan6gqiVZppi/p7mfpfjK172tO8BIj+oU+A1mU24iZBFXE0d/fxuL9YcX2 +r9xM5FKP8sgHOd2ZM0mFHt/hHwhr4NIbk9syBUs57rPxtq8YB6cknB51 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E Root CA - Multi-root + Validity + Not Before: Jan 5 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=C CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:c4:16:dc:07:88:ec:7e:a6:b3:25:c8:7b:9c: + e0:07:1e:40:a9:40:c0:4d:c8:73:27:ea:88:d8:58: + 1a:1a:12:e3:9a:62:41:4c:a1:e9:b1:ce:c6:b2:f6: + 3a:f6:89:3f:40:e6:0f:fb:15:4b:cb:d2:8d:8e:b6: + 44:aa:63:fa:3b:c5:cc:af:86:05:70:aa:ec:f4:b3: + 79:04:e6:3e:25:ec:ec:29:d6:c9:8b:7b:13:05:a7: + ff:51:5b:ab:4c:bc:d0:e4:bd:61:1a:d2:27:f1:2e: + 5f:f4:51:81:c4:23:ba:20:c3:14:08:b4:be:78:49: + b5:13:1f:69:fd:f6:a7:59:91:84:a9:99:10:c8:9c: + 63:9e:99:c2:f2:3d:61:9d:6a:6e:d4:26:9b:88:aa: + da:66:b3:0d:c6:99:03:16:13:3a:a4:9a:ff:08:3e: + 59:df:a7:44:b7:17:99:3f:63:7f:3a:05:7e:ce:64: + 78:34:e6:00:77:69:e6:03:24:a7:12:f3:e8:a8:50: + 2b:55:16:fa:6e:65:c6:28:58:82:a4:20:7e:68:22: + e9:81:9e:a2:e8:0f:d6:87:c2:73:dd:c2:0c:cc:a3: + 47:54:11:f5:3d:dc:51:52:57:b2:ce:77:8b:7a:ac: + a7:f0:2a:26:36:e6:26:b9:6a:83:da:b2:6f:c0:f6: + 1e:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:D1:05:98:4C:68:53:C2:DC:00:EE:AC:E5:A8:B8:FC:B9:72:D9:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 0d:37:a8:9e:12:c9:fb:45:a2:b9:82:07:4a:2a:34:d2:3b:1d: + 84:70:b1:4a:85:37:7e:64:31:45:c3:02:9d:32:4e:92:a4:97: + 72:ed:1d:f2:c3:26:c8:3f:90:e4:24:f4:6e:4b:33:71:98:bc: + 68:25:26:cc:de:c1:46:a6:a8:83:60:fc:6e:c0:72:98:8f:ce: + 38:6e:69:9d:ab:d1:5a:f0:a6:c8:07:a1:09:b3:8c:03:09:7b: + 44:62:73:15:85:71:5f:2c:0a:33:78:f2:a3:10:85:1e:6b:46: + d1:a5:f1:9c:13:ba:f7:95:41:a0:fb:de:c9:09:e1:72:a4:92: + ff:33:e4:81:25:10:af:90:17:79:df:54:ea:b9:87:0e:f8:6d: + 09:55:10:46:4c:87:36:37:2f:c0:86:03:ee:7a:b4:d3:27:22: + 22:d5:9c:2e:e6:38:f0:f4:84:5c:ca:b7:9b:4d:6a:1c:57:7e: + 24:07:35:13:a0:f9:d6:a3:aa:29:cb:e0:8a:b0:86:1c:41:24: + b1:ed:04:30:71:2b:99:d7:0a:a4:51:53:b1:76:2e:be:63:5b: + 7c:8e:d5:8f:fa:f3:99:58:7d:ce:30:07:5d:1e:ed:e6:bc:0a: + d1:a7:cc:17:94:e7:d1:67:07:7c:37:6d:3f:c2:8b:04:9e:77: + fb:5b:9c:2d +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRSBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDUwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMBwxGjAYBgNVBAMMEUMgQ0EgLSBNdWx0aS1yb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAssQW3AeI7H6msyXIe5zgBx5AqUDATchzJ+qI2Fga +GhLjmmJBTKHpsc7GsvY69ok/QOYP+xVLy9KNjrZEqmP6O8XMr4YFcKrs9LN5BOY+ +JezsKdbJi3sTBaf/UVurTLzQ5L1hGtIn8S5f9FGBxCO6IMMUCLS+eEm1Ex9p/fan +WZGEqZkQyJxjnpnC8j1hnWpu1CabiKraZrMNxpkDFhM6pJr/CD5Z36dEtxeZP2N/ +OgV+zmR4NOYAd2nmAySnEvPoqFArVRb6bmXGKFiCpCB+aCLpgZ6i6A/Wh8Jz3cIM +zKNHVBH1PdxRUleyzneLeqyn8ComNuYmuWqD2rJvwPYe8wIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTj0QWYTGhTwtwA7qzlqLj8uXLZZzAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAA03qJ4SyftFormCB0oqNNI7 +HYRwsUqFN35kMUXDAp0yTpKkl3LtHfLDJsg/kOQk9G5LM3GYvGglJszewUamqINg +/G7AcpiPzjhuaZ2r0VrwpsgHoQmzjAMJe0RicxWFcV8sCjN48qMQhR5rRtGl8ZwT +uveVQaD73skJ4XKkkv8z5IElEK+QF3nfVOq5hw74bQlVEEZMhzY3L8CGA+56tNMn +IiLVnC7mOPD0hFzKt5tNahxXfiQHNROg+dajqinL4IqwhhxBJLHtBDBxK5nXCqRR +U7F2Lr5jW3yO1Y/685lYfc4wB10e7ea8CtGnzBeU59FnB3w3bT/CiwSed/tbnC0= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=E Root CA - Multi-root + Validity + Not Before: Jan 2 00:00:00 2016 GMT + Not After : Jan 2 00:00:00 2026 GMT + Subject: CN=E Root CA - Multi-root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:14:71:12:fe:4f:36:78:5f:3a:b4:1e:d5:bb: + 22:92:3e:57:bf:4d:e0:cf:1e:a1:fb:19:6d:88:3a: + 59:93:79:57:42:bc:ab:7c:a0:0d:73:35:db:db:ba: + 80:ef:a9:80:5b:b0:90:f5:2f:ea:17:7d:2b:92:a4: + 5e:88:0a:16:f3:dc:f5:25:3d:7a:8d:8e:9b:e9:22: + 74:dc:49:6e:87:ff:67:ae:3a:b8:09:63:63:e7:c2: + bd:77:d7:1b:cb:93:c6:4a:1d:7b:51:25:05:31:cb: + 32:66:43:ea:2d:54:59:59:cd:de:d2:84:6f:d8:5a: + c1:5b:6c:2d:67:d5:57:23:25:a0:04:dc:45:64:02: + f0:de:1a:4a:62:c9:76:b5:f6:36:46:74:af:1f:18: + 6c:f7:38:cf:34:e3:e1:3f:ad:51:41:cf:92:ed:d5: + 27:f7:4a:e3:3c:d5:42:26:51:e3:b2:69:20:b1:1f: + 0a:f6:fd:19:3c:8e:98:94:64:eb:fe:e6:67:a0:12: + f6:78:98:0f:44:b8:24:60:7c:de:e2:67:b9:0d:6e: + 8c:06:80:43:8e:41:76:1d:09:40:0e:3b:e7:8d:0a: + d9:66:d7:34:6c:ce:7e:f9:25:6a:15:cf:9a:3e:ec: + 30:e0:a3:b1:d2:a3:b1:31:f1:62:50:5c:b4:fe:dd: + 54:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 15:FA:C3:A2:2A:E0:2C:25:C5:BE:D7:BE:91:51:DD:45:F0:F1:5D:64 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bb:14:68:d2:09:0e:65:58:4d:d7:35:a0:a3:9b:e6:b4:2a:b4: + 80:32:3e:61:6d:87:19:a6:a8:d2:01:78:cd:07:0b:09:a9:de: + 5f:aa:86:43:dd:6f:d6:e0:3b:ab:60:71:d2:f0:aa:8f:14:93: + 42:37:12:55:02:e1:a7:ed:8e:db:c0:83:10:19:f0:f5:1e:35: + 77:84:9a:c1:79:9c:60:39:6f:50:00:66:73:6e:f0:b8:f7:75: + 67:3e:fa:3e:0c:d0:d6:54:4a:ae:da:38:06:92:57:39:cc:d9: + b1:fa:60:5e:99:07:e6:97:3b:69:4d:e3:02:50:8d:60:76:8e: + 7e:e3:60:d4:65:41:9b:6c:b8:cc:b2:c4:7a:61:32:cb:67:49: + b4:76:25:0c:7e:20:85:24:74:0a:90:0a:ce:73:f9:8e:ba:ce: + de:6e:0a:cf:6d:1c:50:67:fa:a2:4e:32:d0:ad:91:35:5e:aa: + b3:75:7e:23:14:29:a8:66:2a:82:ed:6c:ed:a9:9d:f6:77:20: + 3a:e1:0b:ab:1e:ee:1d:8a:20:ff:7f:4f:36:5a:0a:30:5a:c6: + 9c:aa:53:eb:3f:04:28:8a:6d:70:97:2a:99:d6:0c:db:a5:22: + 0b:e5:6b:24:cf:6e:2a:c7:4a:6b:cd:82:8e:13:84:18:b6:47: + 1b:9d:8b:83 +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWRSBS +b290IENBIC0gTXVsdGktcm9vdDAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAw +MDBaMCExHzAdBgNVBAMMFkUgUm9vdCBDQSAtIE11bHRpLXJvb3QwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAFHES/k82eF86tB7VuyKSPle/TeDPHqH7 +GW2IOlmTeVdCvKt8oA1zNdvbuoDvqYBbsJD1L+oXfSuSpF6IChbz3PUlPXqNjpvp +InTcSW6H/2euOrgJY2Pnwr131xvLk8ZKHXtRJQUxyzJmQ+otVFlZzd7ShG/YWsFb +bC1n1VcjJaAE3EVkAvDeGkpiyXa19jZGdK8fGGz3OM804+E/rVFBz5Lt1Sf3SuM8 +1UImUeOyaSCxHwr2/Rk8jpiUZOv+5megEvZ4mA9EuCRgfN7iZ7kNbowGgEOOQXYd +CUAOO+eNCtlm1zRszn75JWoVz5o+7DDgo7HSo7Ex8WJQXLT+3VRhAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBX6w6Iq4Cwlxb7XvpFR3UXw8V1k +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAuxRo0gkOZVhN1zWg +o5vmtCq0gDI+YW2HGaao0gF4zQcLCaneX6qGQ91v1uA7q2Bx0vCqjxSTQjcSVQLh +p+2O28CDEBnw9R41d4SawXmcYDlvUABmc27wuPd1Zz76PgzQ1lRKrto4BpJXOczZ +sfpgXpkH5pc7aU3jAlCNYHaOfuNg1GVBm2y4zLLEemEyy2dJtHYlDH4ghSR0CpAK +znP5jrrO3m4Kz20cUGf6ok4y0K2RNV6qs3V+IxQpqGYqgu1s7amd9ncgOuELqx7u +HYog/39PNloKMFrGnKpT6z8EKIptcJcqmdYM26UiC+VrJM9uKsdKa82CjhOEGLZH +G52Lgw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/multi-root-crlset-C.raw b/pki/testdata/ssl/certificates/multi-root-crlset-C.raw new file mode 100644 index 0000000000000000000000000000000000000000..c8ff83b9e099e3cd1b137cec3a9c5b6266f89a98 GIT binary patch literal 155 zcmbQqP_5*gpI4HaR}xZLkg8;*pyV9n6P#M2q@$n|oLX3#nwJa`H2`w`N^=7ei-0PN zp#n}h`N`R-DZv5Wo*a&~G;aDcZbNGLiMC>EAlRGgWg2i4+|np2YKR+OI$;@9S8XI^eJV3q$+ zYbw(DRsTEt{5h-HuRYn#^!{(^A7qt; z0b#-G4rn4F%U@w&s4pQ56$f%@t;2g2LqS?aqWswG9n5E%kEFdLry-+zG8C)J8 c5)W&NHbtlAumxIYCF%MzxUqOn%cAA)A9wvfO8@`> literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/multi-root-crlset-E.raw b/pki/testdata/ssl/certificates/multi-root-crlset-E.raw new file mode 100644 index 0000000000000000000000000000000000000000..02051b8f54ae2d8b9b8991cccca6c4a5d154156c GIT binary patch literal 155 zcmbQqP_5*gpI4HaR}xZLkg8;*pyV9n6P#M2q@$n|oLX3#nwJa`H2`w`N^=7ei-0PN zp#n}h`N`R-DZv5Wo*ZGRyMRv^?)(55v-6bH`GB m%czuqU=srqTcuc_kzuJt#hLkeQ1e_;b4n83it=+o{8|9IRxi8& literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/multi-root-crlset-unrelated.raw b/pki/testdata/ssl/certificates/multi-root-crlset-unrelated.raw new file mode 100644 index 0000000000000000000000000000000000000000..83fd62c643fde0ee9645108f700aa657742eec54 GIT binary patch literal 148 zcmd01s8({$&nrpID+#GANL8{@P;w6P2~I6h(os+fPAx1=%}WM}8UVR|rMUr#ML?Cs zKmkLbfKyI>a&~G;aDcZbNGLiMC>EAlRGgWg2i4+|np2YKR+OI$;@9S8XI^eJV3q$+ kYbw(DRsTEt{5h-HuRYn#^!{(^04dTQ~7pvbu$jniHfBJ6b5~OF?~dh z_JD6)KzoW3MN?GcWQq!UNKri?P4GmD>IJ7lvH|ZYD$Epcg`)EMLfRH^0t0db!M3HX zDw~=L_F0M&Kt6&2fPBCPzy*pDiUIzBnE=qEJQ%K`bc_LCRscK3H1Q4%4I1ndIM~N) zaHzMxZ;sNg#>tohxvxWdDOsksx&aZVNH#I9zMQ( zX#qG7b)rPIXy7@^ni@SlLqY?3bR8TN>=Pd73uznx&_?WK$%7M2z;tQ=)-vZQ>Vru! zojO2OIub91G#aYY<-sXR-N(yIo-`B>={D1ZZ^EY|;lm1m{Z?SS15z9u z%ajfP$AWU8>y$@N9m=|=bgRKF!2G|;4 zYk;i@wkFt`U~7V{1-2I0T3~B|tqry|*xF!ggRKL$4%j+i>wv8bwl3JZVC#Y{0b2sL z1Z)Y|dSL5;tp~Oq*!94!2X;NM>w&Egwm#VUVC#cz0JZ_x24EY2Z3wm@*oI&mf^7u0 z5!gmx8-Z;MwlUboU>k#7AME;I*9W^k*d}0`fNcV{3D^z5ZUA-zup59)d0>M>s6NhG zLYx!81<(P|IS)QCL`FrWD~@Q62OJ}pGe0deN>+`}=3i9hFJkg1d1C%-zC{&Z%;c}k zhc@9(AzcRPrOEqf@K3ADeGd$xlm*i>bzE^Hr+&YAo%~ z=BHHg)tUM$w?CVIQpML`>aWa4zl64OP{r3|>aWZveyA=!od-+*OMu8Fe>zQCbV4GN z5!xOAJpgxpYG(ER$Lk4aesX%09MWST`Qx>OGe0stCz)n{=i@bmGe0>gwYvW>A{1~=6`~D@Y(!NPvGOYP!2WLFL{bRUMi~Q{eLeYa^}aS zrDZS~;aK(ngaA16(-McKLV65@kIyN%@&!!!kxTetJov&$d0ZO9CH!z6d{J7)(D-Wn z-aPnXru~%5--icZjcGq+eqSDZ^|aw}(bdWy!Go_6n>;*6iO*b1oU<8?mC%(ND9Sk* zYz&Mo{0!T?Fi%B=fTyt6?*k|Rz_FSKU?$)ixW*QMk$?-Zzi$gj2b99zzCHlzsks3F z94$zvB?o}51-3TW+F)z%gMED{lMeVqor!?su&)ocF4($Y>w+x-TLQKOYzf$UVC#Xc z2e#f7*k*uy>qP@r0`9`TKG^zT>w~QiwgK1%U>ksK0Jb66hF}|lZ3wmz*hXL*l_+i% zjiG+Vc>t&f-ul%CyFS?U!NyxT6R=IdHUYbVE?@v)E#N)eYWV=>0&c-=Q(Hhj;4It% zK^~2=0motc#25hiHQoh}r8EJ+Hv_)eYk0&2+D#?`E>M&?aLj>Y4*6I>J{Elekj?_q zS^5BG0w5nNXiKX+0OVtB21o{!QIrkjV>1M>nWAjPfG_~?ZGms+0hkK7KvDLV0N~gI zrzzyq6!K}h5&-EOAf3ZZz%`0$2Kh9D@-#a|QI3$0V=Q1FMK#w4Kt9bk06tSxi=KcY z0PtG^zvWcG6^d$Q36KMT(;7IfA)nTePwPsGl0rJ^Ou#jG4B`Mt2S9n8%_xcjJv!hV zQVvdF;JpB@hjC4a0j~|pK|4eyk4%qCN(}I!qtS1n9+{8IX=~FXdFv9r9+6eg6;Ka# zNgAT5N>AB$swy8|_xb3Nv^t*Y>8Wu;Gty;>3S(Z-&Xky=9`UWDj7C*@SYf}U)PzXr z8by7>;2YNmByWtzz*g^G5RaNzFAS0&bQN*W^BesR7_q zPOKM(@0vf>9s67pz(uqAdWEge13?Sd8eH_q`j4d52uO^UWqnV(RTj|&0L{AgKP z6r{)ev9CM;xNzXikBdr3hxE#PvIh*&RY7?il1N4UQ`1u+0{I9JfGL1;{&35I(^Z+@ zkPkmCDm9tmW1cux$sRBqRt4qqS6#pJ6sOT&W67Y@c^(rk5VoRB%uS{H;J;CNU)UoY|o=q z@}n}+s^`!4JW3@$IW?*J*s_H3aIQb|JQvGP+Rus)pLridnQzU9A0ta7?ML#r;lUTO z_y$`(d=}qe$A{128|?Y;S$soNKK!Vfz5&+TocmwM;v1Ur;j{P#$2$1Rz5&NgUB00? zM?Lfns8^eBXiqS$solKKZlw1}Psti*LZP za;`t~u9C8EaOT5j-t|!Cx8cKQ-t|B}!UND2z`6X)yHd*eh-dDwTW|-`0sw`B{7$`mWmgU)i@| zy1IND+p{a>`Vc+zZKzk9Z)1CorK|;XI-qY8u=q9)I9prYXfk}zd=}s4$%oJ4+r0Sj zS$vx}A3lq3^Wnp1-eXgq+rGT`iuc%*`F?!(EWWKPA3pOQn{xjCeE7_JY{*A=0Pr4{ z^Y~%jVfJQs*o5Tqsd@W@ql ze}d(!t!_jQ+W_@Y3sL?41j~kba?v7X!+UB)*<`R?mncib1wRvqkS|*2A))CKo+YHoOO*+buA1s7ww9 z1dIy<^a60v!gSaN=zCF1&oen$9;et_3X6<^7=h%cz; zDbI?`N&7(+HL;BSIBJqI>O*?u>iA}-r$$DllSxO)*q@^wDWd_Sr{6=CDNFrP6g9C= z25{6QePYOHLZ3vX<|NY|i)anxsbxg8d}KAW2JzG~X0+6OWZ?Y1`zpNl4d$rj3+b?5 zaSsveBo2*>!F^X!zaenUWsH!v!o5V~s>2p;+^`%tQrI{)A^}{q$k@PrMby&4GKI*Z zlAuSyq~p+^3X3HB zJxIFU!V|L;N(vjbuxGiH3AJ!OVL&amwZt%p=c0vufLfRqwN$Mo@Cw95kCY9y5NvCS zSdLnxY;~CnL<`bm`)RPOC6YL5k@|93OW@q)Qa+-|Wi64yQIoWxE~Ljgt6EE-^W#!R zGG-)<9@|<1mr`7`NZIOIOW;M3iymn|E^CPlj+&&5IJU9(VM1YUW$^am+dZEJ}U9JTP8h<%`HE%6ga9a5&+))FH*YLT%~*IMFd zj(TKla9K;_a?~X4rfMxQilYu`x7yYcc|5dm{A0j5#kQ6h4e?yY81?~bVOrY1sd#QW zhNB+Vlgv%jV_Qp%<)}rdR#ilm$k%Hj+&$m>sm`pUsB0}zz)_Ek4K8bm zg&Z|WyQx}BEaIp`+O4*=#A49GF|8b&z;FR{08~9k$b)4e^S2h5UejBan$Bzxqumow z2;ia>L~F?sai0d$>!KFy%fXI)BJM>Hy(N6~S`pV5eF4ik>V;#QF@H;fdd5sW;nqJO8lDirvzRK~FgU-0 zqi!$MW&XwlbtOGBhQhNGkoAvD!_6iLSXNwbU~mB7IuL^;gC_7z*0@YMK{mwUH3x$w z1Eq8VtUF%Qv8)pTMSxv^vw(*RIe{sBO9B3XArRjdfC2Nue6U=&w!&jA0IoYw6R+zM z00z*gDjV{Ug8}2Qz8EkbuM-$Bp41QH(dT2pcwDbyz<6W&ND+@~PYf83z8C|hCwXB! z`c@1Wk7dSy@#rTpU_90X1ID9`0l%?s7%(1v76y#R`eML%^g$5lcGp)NQ#I+(_ifl~gM1wF6*;X4~J6R;Lg3b+EO1Uk-pDF6c! zH0UzH?_S~iaQNN_zPo|%Uoh`bU^*-h@-PUhm9xrUDE)R8rmylB%zJjo#d!3Y7zE5a zCU}hT=tnUKlzzhsRw2}r@W8Q9{rilk&biGEhtqWv($4g!t_1lGz$7N}98F@ky&#A^%32n5th)A3!jq6#mRs{5{*HR{2d zU7e48lRWJ3#=GenA4j)P(Vf#qHhzO|HLYAR!fwpwkiDYdg?CysP6|`2H!3*&!^W)> z$9YGoZ;m$utc*VxYuDT`kv3YV%P13oq)8Bh6mzo&7`E~nYt5f+88l68hHP>fO zyZv%q4VRZa`gGY=Zq@IbiSSY6>r>tO+5Q>+`RJcMmv%b#aQdw%&o=zofPKUB4Ofaz zZ9P=+++1`2ir=1p?i|{FH#PZ^N260Ok+$rjd1%=aJ>$~duVy4gmozb05>Og5J{)b+XxRh*IDjR zF`&WKSy@!K3cnArPaWTHAEQg1o2Waoq~#<3H_Mk4U))=7RG8WyocZAc@5M>!C>p{>lqFJ?q-5 zj}7hI_pB}V|6_;Cs`-hl4A04A#j}T>{j6p;@>8aN`}(=T^F*5uhfmrUao|R$Pu=^y zaH9^2BIMhqSmowtNE=RV_;#Vk(+S>glg_?LP)t(vId~oTKByJ()$O7G{%oQ%Hm`lo z(`mp_(1CUAz!??sqDnYN`&b2C_)+mKg8NfZXMiUl0s#I=G!L*Fa1d}6eAHW*(>FNz zDQ{Lk)lTXpZ7Zb%`YAM>8MF2p*Xd(^mxrzI6xK$5SzOk=tb=pKh=9Ad9}GF>(nd34 z&(PljE~!~)?Ao!vee29N%b-g*%M;T8+Nr&@@PHyTbBQy}}E@Z9ASl zrV5l@W2s^fo5%^b>wEYAB)EZ9DNfsDypTT|ck*N#k5r&*1Z+ z1v8dY3yiMr9NX$@ndAK}pIge$oQq6b=W*-Igmmxa@3vnZ?3c5^q3lNeA#UznIyW(X zJ>mIoO)bYyXD>Dm&iWuZ(cQ+`OkKQs>^iD2`A~C#m-*XEe+>Arc4z)lAHzk<);dn= z9k;smqrYPwF^BwPfnRU~@G~fMH&Ucsp&iDUq^L^W<>6$sgz2{ipa$9O) zEg5JS*U88}aIfdGN!@oiNXEHl9J_X}r1zeVZP$26A72~Q&Mt2E(F51Tlj17}8GHHe z{rvgB{lm*8dG=C+n^s|`A4k{?vV7Qb$%5$5eNcP*TGb$Z3y*-taSwOQ$45;tV- z{QkF!oS!F6b5xhbB&x@|EYlaewv5@h^l)>>FDK3GT^eq;#Nf%VYuZiOX=d=Vr_Xd( z4N=%M@8=CS`DZN2Zei=ZC-rEvkG>xkxkW5G(Mqs=nNjkI>k;KMek!&-aqYy8kf9@n z{p2|0@0INyxy=(heT`4Q`&Y+;eaZIbiJ~QM2e>sJlr=(-(%bAq!F~6q>ki)8@6wK* zZ~wXZUSsai`Tx`T{vO!4mSOIPgx_ej@7H!;I6V*mUQM(RfY;->FaGd;`{D)PoFlsbYjX+Mrv!m_3FPqaNpUx`y(5jZ~CIu;McuIm)Y#GJZ!94 zav(ckyOBlQm$z#oX5|+z)IVMrwRGX3mz^V*#3x>`Up#T$pTo9EjxH3L79h4r)|3$&)>Jy$x4Un@JAUk+Ta!xPn!n<7k-u|J ztspQq^w2fx?+y3X?)tnt^=b@#8&}6gKDYmxm&fY2Njr1bJZq236dysKEfwK^gv~qZ z({xgodwvBsy5(MdAb%*i_*a3GhE?HyLDvJix3^iFKmPN==k2Zo=iX3X9JeaV`t1BX zmu14D)1EHdtmgi{SQH#Dlev){EJzaW8tp7r?O3&7gXOWYy7kKkw7uD7+GzJuZ^z%0 z%Eq5+J?Hj7)7X{!PxbHc(c|NVHB&|m+!>MOzj*zvl&xZmoX6)*|6v=_zq?iI{8lBG zCNv5D`anMS+gV}H;rkrTtyXPtPut#lkHL|o8Skb)(KMh=-f4-`q-xIB7@LYoWS}CR z%k|ra!~DTqg!)(txSq3hr0RGP&U-O{+3)z5=Dlz2^PbDazD67Vci#U`&U=aL+NFjk zKKU-+Jw~IOW83p?P4bhsbQ|ZI8|~zKSh&Qw$Ly60QlB+>dD#AVmzj5MUnh2NlTxrR z*3SOaje~xx*Nz?XIk7agV8)sDiE&HTpX*n-`nbj~THB_Iw0`m#npS^Y%HS5-ZL(jk z&>v?$-0$3~7llT9-p%tY`gG%j*6q}lv%j^uJK9cv)651rH^Uz9o}l+WK`UI}FK|LT z*Vd)uMSqVd`J<_|^~J(g_uE&#&L8mm&c#9TW_@yPHC&8}K3rO{uGz_3lQ)ky^R(Ua zOe{@lzVNd4%3h&cGFu&p>OXS&#Tg%8E$sXA8L7rV^Jn+>X`fqjs=?d`=VCNQx+Ziv zG)25L>r?;2|M0wLpFc2d|LMFJy4djjxU9{`X6Mgxig=Kxm$FJRvh z_vjvy>wS%VM;_OEau;9yrk;aDUAu=RTc?j5vJ_X-?6Yt7X>7RizjOZvTW_!J>holb zbkK;eGYt0ba++QcSp2HRtcdK_QD$8?#?K!#p~I^Ni!T*Ey4^|d`Q$6Phg-I}`oz9j zlgY!L@1AyeORtU@y&LZ;)_kB};hJ0~cP_o%{B^$Js`7xbxBGdlulQhdizlaxe%ym^ZB`F2+Su>K zAN7NmzB^*ls%!_Bi+=dij;AMFn;&KqD|@$kRwvg=pSi7CcihxM@>=U{NL=v74P)h* znW@c7{U4vmEPXS=JZ(>>SDtf9y03~~G2zXzq(|XrZcUjw_I~9pvxo6B++uc|c1h4N zGx@FkmnB!`6?fVlsMav$bx{k8v8MfA^?RHbkbEj2KWb!g&`FD%^Iw*=Xz_4!M%>im zl-#EAU#*X3-O74hpw`USG-E}jx5w6LAtzh;eRAD8|U+r zuJk+DU*0n2Vjmm3BJnlfXkq1zM%{*<$lU(6onQJU3sd>K_T_Ew-0rfmmuLCxXBV5k z>vpHpMKAkacech^Zn4mQ`=w#0=>>D6pM1R^Q)KuyyP%%WF54j^Z~PUrTaq|cJ!n*zXXM6S8eL9@Fy5-}LK?^nRFK~+sx+Cm4ZAj+y z+&e=q$UGOzcb(c=HX_pbWK2Lwrk!rCk=ysEC3}sV zUX?Aql{+9-Cp~5FMDyu)!}@%A+eN)&r!519TAaGF<><^K)}LQD?^-_gv*y(=uh#9j zYppx6TY6M;qZje6V!az~!z_2d`D@qd`;&KkSu$rw!t~UXZNG?q9x`I?sz-AUW-PR~ zk8*3%(S4KE{OoUz`Qc5hA}Zof?YVOBbPix)9{N4xN z#FTaF8fQ|pa(=3&z(MECp0y^$6LWU|>hY}6ltEY4TNk-&X&%X%>$2(1jmrDGI*%9j z$l1C$|7T810pX)|g=P`I?QVQy{G8amtD9?lRNKkL1vqHC^lR63=a>1Ly@n3b{`y`& z`A=C)VZS!9fqMo#?D9(7WyU>&!8(5>w_cX0UuIhVxJbV|Bt^5W;pWF#@1MR(ZI^VU z?SrK;&hw3fFMK$e(KcEuJ8|Bumz$pZrFjWv1yr0cTRnTy>lwlY^;=oK8`@Bi5oai8~!H`R>UIugpDA|C($MZ5>FybHf440{1KGvT*`kHhZ- zZ-CeM`oix3!{b6nf4I#c@3PT##dlEg9Z2TgMc`Zc0I~tVv$_RZrhuM+iGWhb0|Ro& zGX=8OD26!nJ5uKSk8M)py#+{x_dN8M3QmoU0uCJZwkP@EdqG(CANzuRFB3ES=RC~i z`|nZxm>;|E#Pqf2R~zr2=BF5I1(3Hw0lt~{l3^^^K)>6-*s&P`hy^4AU~Jgr0bo4P z0ePr`;{eA1-izWo6vqPEc>W)L3)%x$Q9{sR-XX?vJp_D)@ofr#KDC8%+R6b_0Wfaq zP+Pfh*j0bF4_cI}XLxm}z-3P+1Bj7yJouo$v*l2(|>&WnortY(7xEt7zE$1wGNx1U-kix1F(;70iFWh z!}S{b1Ow?SG7pKL#kr{oAlHn4c8uyoNBNlcy0rggo+CoJ75}#d3?p z0lbFw1^87*9Aj8E!ozZtI*_uPLY#_q4DHuc+}kM5vArt?dbB3{-iYFyiuWdHUTx=8 zJcprq?B@jSp*+|I7zE7UTR^)x76G8W9IpVNz3Bgo0otp%KOh>?{vU5Q>R}$02hBi_ z7fblQ1;Bvg#}ZHqz@QkZig&B2k2f^nU3@w!8_um=@aW|b+m!-u_o*6cW42t+p&68* z1*UMaJNe?CUqIoWy|GP3ZJt_wPWz+3&87QZX`|n#uep2PKfb>3V2I>z(@aUs&aMwH zN)%jLoa9M=<44!m4_~+)d8X@e`;n`}7S4XxRKOFy6ebML+ U;>THM9^5XqI|&pR19Z^-e`o(AH2?qr literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/multivalue_rdn.pem b/pki/testdata/ssl/certificates/multivalue_rdn.pem new file mode 100644 index 0000000000..6ffe16111f --- /dev/null +++ b/pki/testdata/ssl/certificates/multivalue_rdn.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ef:6c:2f:57:d9:fd:5a:0f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Chromium, DC=Chromium, CN=Multivalue RDN Test, OU=Chromium net_unittests + Validity + Not Before: Dec 2 03:47:39 2011 GMT + Not After : Jan 1 03:47:39 2012 GMT + Subject: C=US, O=Chromium, DC=Chromium, CN=Multivalue RDN Test, OU=Chromium net_unittests + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9d:23:10:ed:87:82:b0:eb:a4:fb:49:f5:db:c1: + 7b:4d:f0:ed:1b:f5:f8:f2:c1:b5:d2:84:de:eb:94: + 82:f0:de:8b:04:b7:e8:ed:86:22:41:99:56:54:71: + 33:8e:c1:69:6a:2b:f4:77:1e:24:70:81:5b:56:08: + 57:02:4c:bf:af:9a:a0:33:55:e2:00:6b:b3:cc:5c: + 3b:47:6e:dc:05:30:bd:0c:f9:51:c0:70:2b:3f:70: + a2:10:a3:b7:8b:3f:22:fa:ab:bd:c7:48:a5:ff:d3: + 7b:d0:b7:12:48:0b:bf:90:62:f1:8a:40:db:1d:1a: + 0c:f5:dd:92:2a:1c:b6:2c:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8D:5E:71:FA:2A:73:BA:9F:8E:63:32:1C:5D:AB:87:D0:AB:47:AB:B7 + X509v3 Authority Key Identifier: + keyid:8D:5E:71:FA:2A:73:BA:9F:8E:63:32:1C:5D:AB:87:D0:AB:47:AB:B7 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 18:ac:0d:d3:50:38:ee:7c:55:1c:e9:30:c0:57:5b:4f:cb:7d: + 14:59:18:de:92:20:e6:67:a8:a8:ed:da:01:33:5a:48:4c:e4: + 66:85:25:8d:6b:56:81:67:f3:af:e9:f8:12:5c:19:07:17:98: + bf:d7:0f:ba:b5:64:6b:ec:17:ca:0c:d6:ce:c3:b3:09:43:0a: + 04:8f:da:4b:c8:a3:45:ea:ef:ca:f8:7a:2e:91:a8:8c:f1:a7: + d4:7b:6d:9d:73:4b:9a:1c:be:04:b1:02:b3:b7:2a:e9:fd:19: + 86:f2:26:ac:45:a1:0f:9b:99:1a:53:b1:69:99:3e:6c:51:23: + 40:70 +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIJAO9sL1fZ/VoPMA0GCSqGSIb3DQEBBQUAMHExbzAJBgNV +BAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21pdW0w +GgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0gbmV0 +X3VuaXR0ZXN0czAeFw0xMTEyMDIwMzQ3MzlaFw0xMjAxMDEwMzQ3MzlaMHExbzAJ +BgNVBAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21p +dW0wGgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0g +bmV0X3VuaXR0ZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnSMQ7YeC +sOuk+0n128F7TfDtG/X48sG10oTe65SC8N6LBLfo7YYiQZlWVHEzjsFpaiv0dx4k +cIFbVghXAky/r5qgM1XiAGuzzFw7R27cBTC9DPlRwHArP3CiEKO3iz8i+qu9x0il +/9N70LcSSAu/kGLxikDbHRoM9d2SKhy2LGsCAwEAAaNQME4wHQYDVR0OBBYEFI1e +cfoqc7qfjmMyHF2rh9CrR6u3MB8GA1UdIwQYMBaAFI1ecfoqc7qfjmMyHF2rh9Cr +R6u3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAGKwN01A47nxVHOkw +wFdbT8t9FFkY3pIg5meoqO3aATNaSEzkZoUljWtWgWfzr+n4ElwZBxeYv9cPurVk +a+wXygzWzsOzCUMKBI/aS8ijRervyvh6LpGojPGn1HttnXNLmhy+BLECs7cq6f0Z +hvImrEWhD5uZGlOxaZk+bFEjQHA= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/name_constrained_key.pem b/pki/testdata/ssl/certificates/name_constrained_key.pem new file mode 100644 index 0000000000..f7a9d3732b --- /dev/null +++ b/pki/testdata/ssl/certificates/name_constrained_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwOdQrS3Jk6jJb +Na2O4BadbxtUobCnikBNFFHn+Lof7YXQmy0DMiHL0iOhzt9ZcuRTLFzoYUvJk3Tm +S8h7Vdj4sIvF1k8E0MCWwY2rsFbgZilV276UQr+hzMncbzU5cfgMcOlHfpycBg8U +i4ygVUgttEWzilGA6NH9Vi7e4cb9DJyAI4AZXJI+B7d2n9HYxAuF1V417dpADz5g +CznwFQI+i9uzITlAwWaIsZJ6GvvpSfnOFFFppbRLCLr8MTRLYv8efWYh9HcG0LFe +vxuhtzYIIi40tzXTEYYnFhrx+HpuAR/pza/ewtvX2sVkXhr4n1B2m4+XfWHoVE4Y +D725dY55AgMBAAECggEAVcLu5FsFQuNOumC3JC8eEmP98wP1SrPXcyuOaMv9GIip +dMnv7/w3wk90E8zvmUJ2p5uRY23mSiU+4MzEtnEi9HRGsXMIZZmKAFQVtBZPUUmm +mCgm6VRKml1lZ6efSWOTicpxXN/bK3svX5pCR8z5IXT37tZDr+6eMyH8EW/jPUZU +wA/LVpmfRkcLg8VF6J70yj60peU3234b5Z9QLkR80g9U9Sj1QQhuDRAO97zireru +QwFixeazgXzWPTk3iol6GiDbus9T0WGeUAWYZ8XyJ1voNHRNg9dfvpLAc0UBQ5Ho +7Au6fYWQ8cEmYFIC5X46k/fZhZNgludUlQLfMsI1AQKBgQDin873bebHXpoFGXR3 +Sn8obsieSWwHCDU2gp+K8JwPtip1PrVfA1KW/wBo938zqpBZDAOOFGGl4x08wLmm +WnlrPOsrcehDbiGTPheBPvOS11/v6IxoOVLLUnDaQIX9j8eOGG/WM0pan8wNG9Vz +WHQduZcBQlKoyXjjJ84avorh8QKBgQDHEaAJab8sK//lCYrCpTfbS2tYCfc9b7Nx +m/6GCJnxqVYfal9ocGd7U7RO7okDQAMyvwSpI9ejTDF8tO4BNHCgvi6rKK3Fj/CJ +bgw8rCP1BOKLvDK/7A7/v1KqvYHtODnCH0iTVK/R/Oq2Jws0m88uSkANm1w2t+SG +JVk/ymBtCQKBgC0L/RTbyKrKmCz5UVhA+6Oq2b/08j83l3Q9ZL82cp8A49GoZF79 +hxYym/9Bawx3E/hPVgmQ7ZQO4AnqeTyi8U2qr0hUfQmiQ5REHGH5hGsk2pISlI5H +DrkRqxMHDltHkDAjlV9rlJUM/H+Cj9w8seASuvxqFYotehUVHXfddjfRAoGAYUXj +hbX+jH8Tk7+N5n8FREseMO7tuT+T17f6L1SUpNmyE7fO1yHV7xV/zfIRUV0+MtXU +WTICdPEOXXmrszsErgdAlrJR92/WgdEcealECL5SVSWpRs76pU2//16K1nfbAVh4 +BkYjg+CqcEez2gkou93cXsnDzZkeOc6WRe2GIMECgYEApyMBng9jXOD1Qw2CpWeC +kO/GL98UXAvQAnQB1YepWDmbW2OxpXZ5TI5wQkJxE7z7EJkIm6Vq0fcHtDNwGWBq +2zLyUW+QdR53eGEkhHNzq0hFWVMCaDbO6UNa1OFZqN/WSBFB3z4F0XAZ1ZX+PaFm +NqcJRJ7sL5XqgAdRqcTTFcA= +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/ndn.ca.crt b/pki/testdata/ssl/certificates/ndn.ca.crt new file mode 100644 index 0000000000..6da9fb204b --- /dev/null +++ b/pki/testdata/ssl/certificates/ndn.ca.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGBjCCA+4CCQDbt8YGR683ojANBgkqhkiG9w0BAQUFADCBxDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMR8w +HQYDVQQKExZOZXcgRHJlYW0gTmV0d29yaywgTExDMREwDwYDVQQLEwhTZWN1cml0 +eTEwMC4GA1UEAxMnTmV3IERyZWFtIE5ldHdvcmsgQ2VydGlmaWNhdGUgQXV0aG9y +aXR5MSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGRyZWFtaG9zdC5jb20wHhcNMDYw +ODIyMjExMjU4WhcNMTYwODE5MjExMjU4WjCBxDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMR8wHQYDVQQKExZO +ZXcgRHJlYW0gTmV0d29yaywgTExDMREwDwYDVQQLEwhTZWN1cml0eTEwMC4GA1UE +AxMnTmV3IERyZWFtIE5ldHdvcmsgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQwIgYJ +KoZIhvcNAQkBFhVzdXBwb3J0QGRyZWFtaG9zdC5jb20wggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHykL2vz70nbj827iARXxgBK41yXUy7oBcoG5TA+MD +GjXVqV+szQWgQz6C6uPPp+O4cUVxnAIfXvCo7VjsYYsDcmCWAlV27ZRN3Ek7HvIv +4rHaht0y/E/DgKOZiiy7kJMvqDZSuD9NxSlIOTDBS6aDyORNZKubWdg0l+Axk3Yn +YhmVhPtqupO8HzQjR0s2wgwKdz3m96RqjJDBng0wLEv/iCGN0ogBBV1TePuKcodF +TQivkjvVcITRVWIBKNfg0uDeM+cHIYGp44WM3gBX0W3AaG9JH/1tYWmgVrk/cmwK +oMq3PKVr/Usp7nR3PTyn1rpcJjPZDSNOleO+KilI4vbwFgnydbm97eTf/BFy548j +SPi9HINufNDSajXCRvyQ04CQVpAzH2mPVcykoL6++M2u2nNO5tLWa2ix96RNPrV/ +K00KbmIODPoqRVmoL7UvD4w2AM26l7Ol20cLqU8G4bZGe1DoKpF1CxwQlBzY6iJN +PiEY+eAII54w7cnHdAp2mOKvJBVUzCROc7g4W0n3/JCHEaXDnfXlqevCckAaDbes +AM7w9epOd7rUWpbSxOuKsgIyXvhM9VwxI7L5TdgULqKXq57jMAK8irsOalEt+5pJ +8RGFDOgJsbR+eJ3En//11OJzgz1bdW0lSUD72hoNdLyJtP7dn8+FrIfGBw9mwWMG +MwIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAVUa0xn7/bDpyxdqJrr3np5HKDKaL6 +CL4KNgBS1hKHLIqxwKGTO+nCm1sVgK9fIh7hF5sG7f5hc5ZPp9usOeqwewB5drYZ +jPyk2e5WX0fjdB2pFPxhPS8vzNJRBtpPnUoiOuwXI4K12V7xj3SC/S4tqNfBM/p9 +sk15XfWiS8rMqDGg6oMFeM4BZ7YaZOXY/upqofg+MEbVdLBngwUPI/a1rR8OYUBr +NhsSZpXwg22IwDE45M7wxgRvj0hojRAAxVS75ogitx040tf2Lp8DJgtSGvOHtuW9 +87MXd8Ev8xf/7d9EXw4ghwKvyWglrw0Bpoh9OP9DOwoRFIzdBz5aUmAx6PNIvZ0Y +xQ+QRUxj+Kx2Xl6hpsk8URsfxKDHR2sZwcSqjD+JJGJee26An7btAst1/grAYw5X +tEfcXyXiDBHXPY6t0NZOzfQUggwIU0fiWhvT43Skob6pCc0dUBeEhFK0dpyDE3AM +4LwF/ECGfPn/UzzB/Lax4WaY2yGccBrikRfIkZARrJbvBCAxchH+HCeBV0B0BlOi +2R0RxwH0gKBEHxhMaq5J/rTaE7V5wd8OsxzcxUgW+te6hc0bbuhPiYhtvQ0N7+oF +z89JuuwocsTbNekeBwHB5wpsCPA29mYId8uvVl7LThvut9+szsWetmVua7P9t10h +GX3cdJCMZUwypA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/nist.der b/pki/testdata/ssl/certificates/nist.der new file mode 100644 index 0000000000000000000000000000000000000000..8add89d6e9e087f6cc8e75bdd3db2ebf50c992a5 GIT binary patch literal 1322 zcmXqLVpTI}V&PlB%*4pVBvAG4Z-0A~Xkz&+q1+5r$y@_oHcqWJkGAi;jEt_C*_cCF*o2uvgAK(EL_r)bVZN}`qRimT^gJB}&%9(kLwN&PkOa4|7)(MTq^PvG zM8Pk$q&&YU+tAv;5~9E;B(*5FSRp@6p|m(vA+bauqokyu*h*i&yu4hm3}|XG&{VzT z{9OH_f1P%B>7H|l2_$C%r<|O8&7>XJQgM`>c zc-#{+OEOZ6ijzu<(hbcGOhLk2B6@y_C7Jnoi8;UkC@#q?DJ@9_c`CRBs5!AHrC0$- zD}*_z`=9@&FU?`Ha+3_ zf2^zwVu4wk2`GYr@f#c#1c@wNcVpe; zq8!x7hReDe>j5PVTtLPsu-F=a5)OAln+Idt4_8KZab^Q80}VC~Z8l)~WM^U&lfjpK zz=={;l|{@z1g3?V5zb;VkOx_!%pzeR)*!;`5+fGuaS8TCl?o>_{G2hu8Ik}?-MfWXFgo$xx<|d}6>ZfO>87Laa8?dvnYV$EONwJ7{XYbUQ#>TVzLXgF5%{AWa z-HNOd25Mp|P*(!eU_PpyWyK&dLp_jDsM(&miII^({p*gXM+ZOEG)>>|T;=Y@%R0u^ z&+Rs?Y@F>E_hxa;-Y*W)K37+s-na4B8?y@mC1E8Ijvs_yCE6dF!t+!-FLBRXDPKu$ zMqjhq&^bHeOqcD_eJihc{cPUkde@c4K_BI!D^gubj6zFh{$Im%@KEeRXCb}S;i-o+ zcc1l0l+EH_zgy+Xzs>jV2McakyS!qhjH1<&)f0{Pa6I1OzB7B~3D$!83z}`W4_y6e zvXkxF_3tX}6V@&`*U)I=&r)c4bKhm1_9(To%J0tqpZi!C@_Z@`U02OmeBI-3*Re)( vo)sbO>kA+M{P^RP%a#wi!cTK+@1Eb8u_7(vP{q9e?5n-FneVZ^e*6OfW9zyD literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/no_subject_common_name_cert.pem b/pki/testdata/ssl/certificates/no_subject_common_name_cert.pem new file mode 100644 index 0000000000..f9d582e84c --- /dev/null +++ b/pki/testdata/ssl/certificates/no_subject_common_name_cert.pem @@ -0,0 +1,109 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f0:1e:87:f4:fe:b6:f0:10:dc:7e:65:da:f4:fb:8f:e3 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Client Authentication and Secure Email CA + Validity + Not Before: Apr 25 00:00:00 2012 GMT + Not After : Apr 25 23:59:59 2013 GMT + Subject: emailAddress=wtc@google.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f6:50:cf:80:32:ee:05:1b:6a:07:c5:5f:71:bc: + 67:81:40:63:46:35:a4:23:6c:77:32:57:ec:c8:b0: + 0b:16:0e:5f:b7:42:6e:de:6f:de:84:9f:cf:81:73: + ee:30:a9:ac:47:8c:47:27:78:89:eb:d1:14:e9:a9: + fd:08:74:01:2c:dc:ea:4f:0a:30:82:cd:b5:02:65: + 54:42:9c:af:14:18:a7:56:c7:c4:00:7d:c0:f6:4d: + 97:58:80:57:f5:fc:2c:36:78:69:d6:e3:7f:05:05: + ff:08:26:1e:f5:d5:60:3f:15:5d:06:16:28:11:a5: + 5d:b5:d0:59:d1:27:ab:38:8e:6b:68:b6:3d:c3:cb: + f5:0d:42:35:a1:6e:f5:3f:73:12:33:9f:47:a5:43: + 2f:f3:dc:00:61:18:3f:4a:74:e4:d2:e8:37:e7:19: + 18:84:34:49:78:d2:b5:4d:90:65:4e:6f:a0:13:5b: + 2f:47:3e:0c:04:2f:fe:bd:9c:c1:d1:d1:f2:36:fe: + df:07:e6:ec:b8:48:c7:1f:24:f6:af:9a:35:2a:a8: + 12:db:a9:a2:50:cc:0c:28:a4:fc:66:f2:28:a8:c2: + d1:fb:ea:1e:58:c3:14:70:e0:18:a4:2a:04:54:8c: + d3:f3:09:2e:b7:76:a3:eb:07:7a:f4:e8:3a:e3:2e: + 6b:b7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:7A:13:4E:00:74:5B:C6:78:63:64:27:C1:2F:E2:A0:5B:BC:79:C5:7B + + X509v3 Subject Key Identifier: + D7:D3:09:C6:62:34:E3:2A:2D:5D:F3:E9:B4:B0:DA:73:55:E9:75:28 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + E-mail Protection, 1.3.6.1.4.1.6449.1.3.5.2 + Netscape Cert Type: + S/MIME + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6449.1.2.1.1.1 + CPS: https://secure.comodo.net/CPS + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crl + + Authority Information Access: + CA Issuers - URI:http://crt.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crt + OCSP - URI:http://ocsp.comodoca.com + + X509v3 Subject Alternative Name: + email:wtc@google.com + Signature Algorithm: sha1WithRSAEncryption + 62:4c:6b:d9:de:0e:56:66:74:ac:b2:08:ef:d4:9f:f7:02:d7: + f0:80:7a:ad:91:19:d4:4e:1e:76:1d:34:fb:f9:c5:c3:5b:55: + 83:af:5f:da:12:43:bf:e2:d2:4a:3b:aa:91:d6:0e:07:4b:ab: + 57:c9:b8:d7:6b:cc:f9:33:85:d4:ea:40:06:09:30:15:8f:e9: + 1a:0f:9d:b7:a4:4b:b5:a1:f5:3a:90:71:93:ae:ab:e1:84:1c: + d8:d5:1c:2c:87:df:3a:5e:e8:5a:75:21:d8:45:41:5e:db:ba: + 9c:f3:50:c9:08:1f:e5:d5:e7:55:0a:25:cd:86:88:41:83:2f: + b3:ee:39:02:a6:34:52:fe:64:0a:72:6e:65:41:eb:f9:10:34: + 65:40:3d:93:3e:68:6a:ea:68:c5:cb:09:09:78:be:a7:1e:fa: + 6f:21:d8:0e:e3:8d:74:08:57:ef:17:f1:6d:50:66:a2:73:78: + 10:81:65:bf:96:e4:82:8d:46:7b:e8:a1:fa:6f:33:90:d8:4f: + ec:1f:fe:6f:4b:bf:b1:67:2d:cc:e3:90:ef:87:d3:af:ef:d7: + 3b:d7:14:56:b7:7a:1a:96:e4:8c:de:2b:a3:95:9d:a9:e5:31: + 7b:c9:2c:ec:1f:82:06:7c:80:fa:14:da:71:3b:d1:47:84:8f: + 01:e6:5a:8a +-----BEGIN CERTIFICATE----- +MIIFHjCCBAagAwIBAgIRAPAeh/T+tvAQ3H5l2vT7j+MwDQYJKoZIhvcNAQEFBQAw +gZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYD +VQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h +aWwgQ0EwHhcNMTIwNDI1MDAwMDAwWhcNMTMwNDI1MjM1OTU5WjAfMR0wGwYJKoZI +hvcNAQkBFg53dGNAZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPZQz4Ay7gUbagfFX3G8Z4FAY0Y1pCNsdzJX7MiwCxYOX7dCbt5v3oSf +z4Fz7jCprEeMRyd4ievRFOmp/Qh0ASzc6k8KMILNtQJlVEKcrxQYp1bHxAB9wPZN +l1iAV/X8LDZ4adbjfwUF/wgmHvXVYD8VXQYWKBGlXbXQWdEnqziOa2i2PcPL9Q1C +NaFu9T9zEjOfR6VDL/PcAGEYP0p05NLoN+cZGIQ0SXjStU2QZU5voBNbL0c+DAQv +/r2cwdHR8jb+3wfm7LhIxx8k9q+aNSqoEtupolDMDCik/GbyKKjC0fvqHljDFHDg +GKQqBFSM0/MJLrd2o+sHevToOuMua7cCAwEAAaOCAd4wggHaMB8GA1UdIwQYMBaA +FHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MB0GA1UdDgQWBBTX0wnGYjTjKi1d8+m0sNpz +Vel1KDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr +BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/ +MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJl +LmNvbW9kby5uZXQvQ1BTMFcGA1UdHwRQME4wTKBKoEiGRmh0dHA6Ly9jcmwuY29t +b2RvY2EuY29tL0NPTU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1h +aWxDQS5jcmwwgYgGCCsGAQUFBwEBBHwwejBSBggrBgEFBQcwAoZGaHR0cDovL2Ny +dC5jb21vZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1 +cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu +Y29tMBkGA1UdEQQSMBCBDnd0Y0Bnb29nbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IB +AQBiTGvZ3g5WZnSssgjv1J/3AtfwgHqtkRnUTh52HTT7+cXDW1WDr1/aEkO/4tJK +O6qR1g4HS6tXybjXa8z5M4XU6kAGCTAVj+kaD523pEu1ofU6kHGTrqvhhBzY1Rws +h986XuhadSHYRUFe27qc81DJCB/l1edVCiXNhohBgy+z7jkCpjRS/mQKcm5lQev5 +EDRlQD2TPmhq6mjFywkJeL6nHvpvIdgO4410CFfvF/FtUGaic3gQgWW/luSCjUZ7 +6KH6bzOQ2E/sH/5vS7+xZy3M45Dvh9Ov79c71xRWt3oaluSM3iujlZ2p5TF7ySzs +H4IGfID6FNpxO9FHhI8B5lqK +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/non-crit-codeSigning-chain.pem b/pki/testdata/ssl/certificates/non-crit-codeSigning-chain.pem new file mode 100644 index 0000000000..6c539a6a0d --- /dev/null +++ b/pki/testdata/ssl/certificates/non-crit-codeSigning-chain.pem @@ -0,0 +1,110 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgluiYfh9lhgwx +d5rJhUpPoY+WJ67pPa1tdCTkeD3jowQ/MhNatUxMy/7O76pvBegUtrq29MPLcmvA +LeJYDcIJmh48pY/KrEUADZcDmrogQXQViCuaH/7ceKRxZu0FO7qBreyxgcu9nHkD +SP1X7ZefhEhOOKDsRXiQWpXTyDC/PeL/BMXkdoPGROEAx2RSyXETTCtby7HGsZ+w +nwXvdHUObpGmLErqiARhG39w7ZF40yV1hqy0DGw6CIV1q+JqLFMhZus+xSWkmFB4 +V06haO2D0Xgl7t2prN9c7OQHJ+fQP/D+cL2kzbdJO7MGq5biEoXMCsnpm0hCAu+v +Hl/kE5xJAgMBAAECggEAHjVtITx+evpdolORwE1s1nB5ooEqB9G0pVWXGAxfdgol +Ix8wIVzf8sVgFDzk5ngpuXXLR13hVAzc5JytCqvh360IeZeaZkGERFeKHCE32Jf/ +dop0S0ywBHjEVFnMhfK/qaPWVejo8uzznbDWCXuWDWmUsXQ5H2ENJjiIHTv4IY09 +0DXiySiaeI1iiyToiv6Dt9dVpPuleJbY0LlRfZ1WrkcEB9r1kQqzJOdqM5iuDYWa +dCO9u8fbWPGRacL3ystrZqB0Od3s9G6h09D5Iv8QXpYHWp4E/Oea3kYKyFUDgPpH +1wH6fE9fER6RKOKyG1HBZL12HlNZnPv1v033Rs6WRQKBgQC3LnaYo1TkHX0j4t1X +iQisRWtE8espt1ZsxIErqiz+fJlHhQCJq2Lqz/uLHmqaM6M2ffVuXoFM8vZzlyXw +v23EPc8HGEhvw6iTm3uCdTQ2nXZbb4Gbw5lYOF6PDJfAhnn3XwaUUVCL67PAZvwq +j4hWKzmrfrrv8KRgvso9NB6fHQKBgQDgbVxLGofqhoE/tuoCfZMCC0vI3PZ5503B +XvTXg/J9lKsycwx74qKWBDchqG+MF1GQOwufDvx44QAcW/gNsdd6SJ/yLlf69m6V +HSGh3S3pUfFwT4wzY/rKbh0g8DSXm6J7BrMwID+RAwMjKzst1tqjCBH6HnNEHIfP +HRrJAwgOHQKBgQCcFUkUckeJP987TrlPNwJe15+5VXENUJyhfSabMBu6lCx/FkMJ +CzHz5lftiHNJBSrS6azQ6FHAYV3BzE6VvmcnSYs3/mbqZIslitxIotlkl/Mbof2L +3bSxyQY5WX+MmokeUKfohQje0G2PSbEgCsEeuyIekJN0k1Vc4fStBdX5uQKBgAuG +0mSxGiX7fovtMxupo3FJbz0DzEz6ik3SOLUQ+9VjW1+d9RgvzbXyxXofEouZbwD/ +Z1tmA6WZuM28E4NwjOak8EIaCz7ChW93LZEIsSD4qnPgQg0pp2naOfjFHY5j2faD +o5RnM5yZEQIvaDy0ekpBUdsM0VLAPGFw1z1XwIQpAoGBALaN5OhHVZfy+RqTy+k/ +Sa+eO/vghkdapdZwfnFYhJzD+sZKRBUiNwzZrAcNfijN/sTIcnMWbMcD6TSdh1qZ +RLd2m/U0T9avw0/aog+IXldkm7VjKf7+V+RIzoGOxmtCI1zVP9uldDYJDKAMabiu +kdec1ozHgh6Pg2G2d5nkPgI9 +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Feb 17 17:08:50 2023 GMT + Not After : Feb 14 17:08:50 2033 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a0:96:e8:98:7e:1f:65:86:0c:31:77:9a:c9:85: + 4a:4f:a1:8f:96:27:ae:e9:3d:ad:6d:74:24:e4:78: + 3d:e3:a3:04:3f:32:13:5a:b5:4c:4c:cb:fe:ce:ef: + aa:6f:05:e8:14:b6:ba:b6:f4:c3:cb:72:6b:c0:2d: + e2:58:0d:c2:09:9a:1e:3c:a5:8f:ca:ac:45:00:0d: + 97:03:9a:ba:20:41:74:15:88:2b:9a:1f:fe:dc:78: + a4:71:66:ed:05:3b:ba:81:ad:ec:b1:81:cb:bd:9c: + 79:03:48:fd:57:ed:97:9f:84:48:4e:38:a0:ec:45: + 78:90:5a:95:d3:c8:30:bf:3d:e2:ff:04:c5:e4:76: + 83:c6:44:e1:00:c7:64:52:c9:71:13:4c:2b:5b:cb: + b1:c6:b1:9f:b0:9f:05:ef:74:75:0e:6e:91:a6:2c: + 4a:ea:88:04:61:1b:7f:70:ed:91:78:d3:25:75:86: + ac:b4:0c:6c:3a:08:85:75:ab:e2:6a:2c:53:21:66: + eb:3e:c5:25:a4:98:50:78:57:4e:a1:68:ed:83:d1: + 78:25:ee:dd:a9:ac:df:5c:ec:e4:07:27:e7:d0:3f: + f0:fe:70:bd:a4:cd:b7:49:3b:b3:06:ab:96:e2:12: + 85:cc:0a:c9:e9:9b:48:42:02:ef:af:1e:5f:e4:13: + 9c:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 01:1C:A6:B0:CB:64:17:AB:8E:90:63:E0:B6:16:19:C6:06:C1:C2:C7 + X509v3 Extended Key Usage: + Code Signing + X509v3 Authority Key Identifier: + D5:28:55:87:C7:A3:BF:D7:C4:CE:BE:3D:01:D2:BE:8B:7C:E4:E2:E2 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + bc:03:2d:ad:04:e4:0e:64:20:1e:bd:fb:04:6a:63:d5:8c:51: + a0:d6:2d:4d:7d:97:f5:0f:42:56:09:58:d6:f4:df:46:01:01: + f3:62:78:a7:57:76:28:5a:85:fd:b1:34:37:06:7f:1f:7e:d1: + d9:1a:54:78:a2:4a:ec:90:69:bf:08:3e:c7:df:63:1c:89:d3: + ca:30:61:e3:f6:0a:92:66:68:8f:6b:6a:0b:01:4c:ca:90:e5: + 13:b4:89:92:2e:56:bd:84:6f:9c:ff:19:5b:75:27:7f:9e:cc: + 62:1c:06:e6:94:30:fe:d3:59:1b:2c:10:79:7c:0e:1a:29:be: + c9:14:02:56:f9:eb:cd:a6:33:10:75:fa:d7:61:23:d0:16:cf: + c9:e9:58:7b:51:8c:1f:84:3f:32:ca:89:91:90:da:5f:7d:35: + 0c:f5:1c:c3:b6:03:ad:f9:5f:49:79:54:55:86:98:fa:69:b5: + fb:47:5b:b1:99:c8:f0:5f:b8:af:a6:b4:63:1b:53:e6:47:78: + e3:40:df:63:21:f2:51:88:c4:24:b5:51:33:bc:b1:f5:7e:42: + 89:b3:ff:3a:d7:e4:02:e2:23:c4:82:98:74:d2:2c:ee:8e:71: + 58:80:b7:0f:24:dc:11:83:02:13:91:7d:0f:8f:b4:81:20:c5: + ee:55:8c:7b +-----BEGIN CERTIFICATE----- +MIIDcTCCAlmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMjMwMjE3MTcwODUwWhcNMzMwMjE0MTcwODUw +WjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAu +MC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJbomH4fZYYMMXea +yYVKT6GPlieu6T2tbXQk5Hg946MEPzITWrVMTMv+zu+qbwXoFLa6tvTDy3JrwC3i +WA3CCZoePKWPyqxFAA2XA5q6IEF0FYgrmh/+3HikcWbtBTu6ga3ssYHLvZx5A0j9 +V+2Xn4RITjig7EV4kFqV08gwvz3i/wTF5HaDxkThAMdkUslxE0wrW8uxxrGfsJ8F +73R1Dm6RpixK6ogEYRt/cO2ReNMldYastAxsOgiFdaviaixTIWbrPsUlpJhQeFdO +oWjtg9F4Je7dqazfXOzkByfn0D/w/nC9pM23STuzBquW4hKFzArJ6ZtIQgLvrx5f +5BOcSQIDAQABo3YwdDAPBgNVHREECDAGhwR/AAABMAwGA1UdEwEB/wQCMAAwHQYD +VR0OBBYEFAEcprDLZBerjpBj4LYWGcYGwcLHMBMGA1UdJQQMMAoGCCsGAQUFBwMD +MB8GA1UdIwQYMBaAFNUoVYfHo7/XxM6+PQHSvot85OLiMA0GCSqGSIb3DQEBCwUA +A4IBAQC8Ay2tBOQOZCAevfsEamPVjFGg1i1NfZf1D0JWCVjW9N9GAQHzYninV3Yo +WoX9sTQ3Bn8fftHZGlR4okrskGm/CD7H32McidPKMGHj9gqSZmiPa2oLAUzKkOUT +tImSLla9hG+c/xlbdSd/nsxiHAbmlDD+01kbLBB5fA4aKb7JFAJW+evNpjMQdfrX +YSPQFs/J6Vh7UYwfhD8yyomRkNpffTUM9RzDtgOt+V9JeVRVhpj6abX7R1uxmcjw +X7ivprRjG1PmR3jjQN9jIfJRiMQktVEzvLH1fkKJs/861+QC4iPEgph00izujnFY +gLcPJNwRgwITkX0Pj7SBIMXuVYx7 +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ok_cert.pem b/pki/testdata/ssl/certificates/ok_cert.pem new file mode 100644 index 0000000000..15a299a0f5 --- /dev/null +++ b/pki/testdata/ssl/certificates/ok_cert.pem @@ -0,0 +1,113 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDgU/TzmMEUMwLI +pG3+qir3lD2mbwDfO95Mn6PqB9Ss5VsN0azg7fnFmB01LeWzSZcUhUQP3EzSZwiI +AaXYp+uT0Wqh91HnhH5SKn28bw7Y27amPt7c9aRolkQRhQLtRxLfuGBxlXtih2h6 +RFYJ1bTI8fbJRpKLaOiD1dWGcSPDgB6/bAHH0qS8QG3g48AuMHi9rd0lZtP1BwdW +187icsUlfQzhp28AqNqrS1RDCWSktlI4L7fMAd0cAycDR7/f5jew7RjcUQvUdSLf +UHs86zc5HJtvCHunBayMQ/fx2lEGs4JFPsiBc56wpc92lq+BLKwBKkpYSx2+/x+F +wife8XgLAgMBAAECggEAO0gUmHdKtvLQDoPdiYogtrKXJC97dILWuTsKzyLoohQu +XtWFMR/SfNQ5C7+oTxvocATTurlGF+ggigidckbV64dQ/aJlI6CQ3VfbSHu02bwe +ZYqBzLShkP382QBkiJ3asAKCgiG1rJEKHB2I+ypdjyjaRdB/k5XStFxDBDdL8zKe +kL1hytf1ALxYBQJ3TXcoIqlpzz6v+JnZTAuu4vrySfffyFTrytIwf/KGlBACBqXe +oV+DK586PiyC0m1Hhy1rLTi2/IT4t4j3KO+c/OnpWkMEg1G/Ojy1zPMsMHr1VO9t +UWxhEIYOLQVUOT+2ltO4bRJcgEPHSxlIY23qalJgqQKBgQD9oZwHPhLZg439Zr9O +Zgl5fFkPe4SxqLY+ggE5O81+3RgL8GyAuy9oDtUGcw8L9tpKcBflqH4jEvUvT1/m +8BGKIQteqcKbY0C+KfPvq77R4k2KqmxpKF5f4BS/9O7cgzJZwhSFKDLtcKtDIPUK +3eoERuPB4/cmhQyb+/TKofZpfwKBgQDibEm1+nYj3tIXDxK3hZHjPz0s9vYV84py +zg3HjuEmdacnhNPQQQpNG83RMjEnnBvHWH2vxRWyD+57r/FWeA60aUJo5WIP0rj8 +z6GqFT9IWaBrJtBU1YoxuyTH64yih6ljvm2skIEGlQYS+GBL9K/Tx4mh4lAKVzD5 +GXVqtyM/dQKBgFD0Ik8VewK+QLXe87TcUK3cCLkuXZ4vEWxGJonUErUpcKFu7dLw +7CK0iT3zv5u8ANS9joMZEpmzVVryZNPbUF3cSjq+yIS8W0/XKCsZkGCBcOqPlubB +oc3MQhM65HqxzYJkthQCTq8GxUM547zCNA2FavDaCGrdELdA5lM++t2VAoGAMLem +AH68bqlhwM5gc5ZMtn2D1ynn9v8oudz2AAsRDKph5dHhlTx5T+/8j9dh1ijznSfA +G1KngWGGKZzIq5c3ar//Jvy75bWsUdEG8saRkCqgpo16Y9ZyXpLqrg1TfCD+ZFSz +2l5ZNKZZ4TkJ1y31qvaS+X7tQ9xQ0DgXGHgBIIUCgYABBBddUXpOyG54HvFHIgxS +esBBkpM0uy3vOkyfMown2GCjKZaXS5kEmRwU9WQQKLPf2ieALgYEf87YGWmPNZNF +tG5DoNhTMsrYORB11tuuBR1e6lrG/aoOkP/4udWC8d4Yp9wnkEu0l6X/kMfq2lb1 +67bBVmHqKJ0t8rytHzkP0Q== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:66 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Oct 2 17:20:08 2024 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e0:53:f4:f3:98:c1:14:33:02:c8:a4:6d:fe:aa: + 2a:f7:94:3d:a6:6f:00:df:3b:de:4c:9f:a3:ea:07: + d4:ac:e5:5b:0d:d1:ac:e0:ed:f9:c5:98:1d:35:2d: + e5:b3:49:97:14:85:44:0f:dc:4c:d2:67:08:88:01: + a5:d8:a7:eb:93:d1:6a:a1:f7:51:e7:84:7e:52:2a: + 7d:bc:6f:0e:d8:db:b6:a6:3e:de:dc:f5:a4:68:96: + 44:11:85:02:ed:47:12:df:b8:60:71:95:7b:62:87: + 68:7a:44:56:09:d5:b4:c8:f1:f6:c9:46:92:8b:68: + e8:83:d5:d5:86:71:23:c3:80:1e:bf:6c:01:c7:d2: + a4:bc:40:6d:e0:e3:c0:2e:30:78:bd:ad:dd:25:66: + d3:f5:07:07:56:d7:ce:e2:72:c5:25:7d:0c:e1:a7: + 6f:00:a8:da:ab:4b:54:43:09:64:a4:b6:52:38:2f: + b7:cc:01:dd:1c:03:27:03:47:bf:df:e6:37:b0:ed: + 18:dc:51:0b:d4:75:22:df:50:7b:3c:eb:37:39:1c: + 9b:6f:08:7b:a7:05:ac:8c:43:f7:f1:da:51:06:b3: + 82:45:3e:c8:81:73:9e:b0:a5:cf:76:96:af:81:2c: + ac:01:2a:4a:58:4b:1d:be:ff:1f:85:c2:27:de:f1: + 78:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E2:E0:A4:73:95:9B:E9:6E:FD:CE:29:C4:6F:07:81:0B:96:BD:47:BA + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 77:ef:82:85:f1:18:e6:5a:a4:fc:19:da:1a:f4:44:fc:83:03: + 99:0f:76:fa:40:9d:cf:91:9d:08:df:19:20:54:4e:a9:33:a5: + 49:5e:7f:3a:8f:6d:4a:73:bd:0f:98:83:b4:61:43:63:7c:87: + 2b:3a:59:f8:2e:22:3b:7b:39:00:83:0d:90:87:ea:06:78:59: + 73:37:d5:02:fe:94:af:f7:31:13:c6:44:21:72:dd:e8:69:34: + ab:83:ee:ac:58:ee:22:fa:aa:64:bc:65:31:e9:d1:4a:ec:e5: + 7d:6e:b9:1f:0f:5a:50:14:cc:d2:c5:32:fd:ba:74:dc:2d:a6: + 1a:ac:e7:2e:ce:68:22:c0:16:81:29:3f:4e:a2:84:8f:64:3b: + d6:e9:29:00:4a:62:e1:3c:cf:14:20:cd:c5:d5:06:9a:77:3e: + 27:ba:f3:b5:4c:c0:8c:e5:79:2d:df:8d:89:55:fa:e5:c3:ee: + a4:3c:61:1a:b4:68:17:4e:15:d6:be:6f:b6:d0:42:2c:18:69: + 17:2f:34:2d:0e:87:43:1c:51:e1:ca:b0:c4:ce:3b:c1:a8:89: + 56:97:fe:30:40:5f:0c:f4:2f:e3:ab:e1:4b:b9:55:71:44:82: + c2:d7:ec:58:63:20:55:c2:e5:fa:eb:8f:29:44:8d:65:fa:29: + 48:75:57:66 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwmYwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0yNDEwMDIxNzIwMDhaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgU/TzmMEUMwLIpG3+qir3lD2mbwDfO95M +n6PqB9Ss5VsN0azg7fnFmB01LeWzSZcUhUQP3EzSZwiIAaXYp+uT0Wqh91HnhH5S +Kn28bw7Y27amPt7c9aRolkQRhQLtRxLfuGBxlXtih2h6RFYJ1bTI8fbJRpKLaOiD +1dWGcSPDgB6/bAHH0qS8QG3g48AuMHi9rd0lZtP1BwdW187icsUlfQzhp28AqNqr +S1RDCWSktlI4L7fMAd0cAycDR7/f5jew7RjcUQvUdSLfUHs86zc5HJtvCHunBayM +Q/fx2lEGs4JFPsiBc56wpc92lq+BLKwBKkpYSx2+/x+Fwife8XgLAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTi4KRzlZvpbv3OKcRvB4ELlr1HujAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAd++ChfEY5lqk/BnaGvRE/IMDmQ92+kCdz5GdCN8ZIFROqTOlSV5/Oo9tSnO9 +D5iDtGFDY3yHKzpZ+C4iO3s5AIMNkIfqBnhZczfVAv6Ur/cxE8ZEIXLd6Gk0q4Pu +rFjuIvqqZLxlMenRSuzlfW65Hw9aUBTM0sUy/bp03C2mGqznLs5oIsAWgSk/TqKE +j2Q71ukpAEpi4TzPFCDNxdUGmnc+J7rztUzAjOV5Ld+NiVX65cPupDxhGrRoF04V +1r5vttBCLBhpFy80LQ6HQxxR4cqwxM47waiJVpf+MEBfDPQv46vhS7lVcUSCwtfs +WGMgVcLl+uuPKUSNZfopSHVXZg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/ok_cert_by_intermediate.pem b/pki/testdata/ssl/certificates/ok_cert_by_intermediate.pem new file mode 100644 index 0000000000..25be4eb757 --- /dev/null +++ b/pki/testdata/ssl/certificates/ok_cert_by_intermediate.pem @@ -0,0 +1,195 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDgU/TzmMEUMwLI +pG3+qir3lD2mbwDfO95Mn6PqB9Ss5VsN0azg7fnFmB01LeWzSZcUhUQP3EzSZwiI +AaXYp+uT0Wqh91HnhH5SKn28bw7Y27amPt7c9aRolkQRhQLtRxLfuGBxlXtih2h6 +RFYJ1bTI8fbJRpKLaOiD1dWGcSPDgB6/bAHH0qS8QG3g48AuMHi9rd0lZtP1BwdW +187icsUlfQzhp28AqNqrS1RDCWSktlI4L7fMAd0cAycDR7/f5jew7RjcUQvUdSLf +UHs86zc5HJtvCHunBayMQ/fx2lEGs4JFPsiBc56wpc92lq+BLKwBKkpYSx2+/x+F +wife8XgLAgMBAAECggEAO0gUmHdKtvLQDoPdiYogtrKXJC97dILWuTsKzyLoohQu +XtWFMR/SfNQ5C7+oTxvocATTurlGF+ggigidckbV64dQ/aJlI6CQ3VfbSHu02bwe +ZYqBzLShkP382QBkiJ3asAKCgiG1rJEKHB2I+ypdjyjaRdB/k5XStFxDBDdL8zKe +kL1hytf1ALxYBQJ3TXcoIqlpzz6v+JnZTAuu4vrySfffyFTrytIwf/KGlBACBqXe +oV+DK586PiyC0m1Hhy1rLTi2/IT4t4j3KO+c/OnpWkMEg1G/Ojy1zPMsMHr1VO9t +UWxhEIYOLQVUOT+2ltO4bRJcgEPHSxlIY23qalJgqQKBgQD9oZwHPhLZg439Zr9O +Zgl5fFkPe4SxqLY+ggE5O81+3RgL8GyAuy9oDtUGcw8L9tpKcBflqH4jEvUvT1/m +8BGKIQteqcKbY0C+KfPvq77R4k2KqmxpKF5f4BS/9O7cgzJZwhSFKDLtcKtDIPUK +3eoERuPB4/cmhQyb+/TKofZpfwKBgQDibEm1+nYj3tIXDxK3hZHjPz0s9vYV84py +zg3HjuEmdacnhNPQQQpNG83RMjEnnBvHWH2vxRWyD+57r/FWeA60aUJo5WIP0rj8 +z6GqFT9IWaBrJtBU1YoxuyTH64yih6ljvm2skIEGlQYS+GBL9K/Tx4mh4lAKVzD5 +GXVqtyM/dQKBgFD0Ik8VewK+QLXe87TcUK3cCLkuXZ4vEWxGJonUErUpcKFu7dLw +7CK0iT3zv5u8ANS9joMZEpmzVVryZNPbUF3cSjq+yIS8W0/XKCsZkGCBcOqPlubB +oc3MQhM65HqxzYJkthQCTq8GxUM547zCNA2FavDaCGrdELdA5lM++t2VAoGAMLem +AH68bqlhwM5gc5ZMtn2D1ynn9v8oudz2AAsRDKph5dHhlTx5T+/8j9dh1ijznSfA +G1KngWGGKZzIq5c3ar//Jvy75bWsUdEG8saRkCqgpo16Y9ZyXpLqrg1TfCD+ZFSz +2l5ZNKZZ4TkJ1y31qvaS+X7tQ9xQ0DgXGHgBIIUCgYABBBddUXpOyG54HvFHIgxS +esBBkpM0uy3vOkyfMown2GCjKZaXS5kEmRwU9WQQKLPf2ieALgYEf87YGWmPNZNF +tG5DoNhTMsrYORB11tuuBR1e6lrG/aoOkP/4udWC8d4Yp9wnkEu0l6X/kMfq2lb1 +67bBVmHqKJ0t8rytHzkP0Q== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 9c:ac:13:39:97:f9:d0:e4:e8:7f:a3:f1:71:92:32:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Intermediate CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Oct 2 17:20:08 2024 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e0:53:f4:f3:98:c1:14:33:02:c8:a4:6d:fe:aa: + 2a:f7:94:3d:a6:6f:00:df:3b:de:4c:9f:a3:ea:07: + d4:ac:e5:5b:0d:d1:ac:e0:ed:f9:c5:98:1d:35:2d: + e5:b3:49:97:14:85:44:0f:dc:4c:d2:67:08:88:01: + a5:d8:a7:eb:93:d1:6a:a1:f7:51:e7:84:7e:52:2a: + 7d:bc:6f:0e:d8:db:b6:a6:3e:de:dc:f5:a4:68:96: + 44:11:85:02:ed:47:12:df:b8:60:71:95:7b:62:87: + 68:7a:44:56:09:d5:b4:c8:f1:f6:c9:46:92:8b:68: + e8:83:d5:d5:86:71:23:c3:80:1e:bf:6c:01:c7:d2: + a4:bc:40:6d:e0:e3:c0:2e:30:78:bd:ad:dd:25:66: + d3:f5:07:07:56:d7:ce:e2:72:c5:25:7d:0c:e1:a7: + 6f:00:a8:da:ab:4b:54:43:09:64:a4:b6:52:38:2f: + b7:cc:01:dd:1c:03:27:03:47:bf:df:e6:37:b0:ed: + 18:dc:51:0b:d4:75:22:df:50:7b:3c:eb:37:39:1c: + 9b:6f:08:7b:a7:05:ac:8c:43:f7:f1:da:51:06:b3: + 82:45:3e:c8:81:73:9e:b0:a5:cf:76:96:af:81:2c: + ac:01:2a:4a:58:4b:1d:be:ff:1f:85:c2:27:de:f1: + 78:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E2:E0:A4:73:95:9B:E9:6E:FD:CE:29:C4:6F:07:81:0B:96:BD:47:BA + X509v3 Authority Key Identifier: + 17:5C:45:F3:D0:AC:1C:10:4C:8B:43:44:20:C4:DD:93:C5:C5:19:3B + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 93:a1:82:4b:78:ce:18:3a:0a:ae:c8:3b:04:4a:1e:2a:e0:e8: + c3:dd:15:cb:ed:4f:23:09:b8:d4:49:4f:3b:2c:98:bf:bd:7a: + 4e:de:6b:48:93:0c:17:50:d5:df:b0:8a:95:3a:f4:d2:3c:c4: + 71:cd:fc:d3:72:b1:99:dd:5c:82:74:df:42:d9:51:85:26:92: + 2b:c8:0d:1b:aa:e5:98:9f:9d:25:cd:82:f1:a5:42:20:9c:7f: + e9:b3:b8:1e:75:70:2a:07:ee:33:db:6d:b6:6a:cb:e0:80:e9: + fe:12:15:0f:4e:e6:78:99:a3:22:68:1a:bc:ce:77:45:f0:9f: + ce:23:25:bd:32:b6:8d:f4:1a:3a:8e:e9:a7:bd:da:e7:d5:ba: + 84:38:4f:db:bb:29:7f:ec:4f:56:1a:c4:43:1a:0e:a5:c9:db: + b1:69:9d:00:82:b6:b2:4b:67:e7:58:45:37:dc:30:81:93:5a: + 56:de:5e:0f:9c:d6:1a:73:9c:9e:f4:f1:8e:20:11:fc:f3:3f: + 77:7f:9a:f1:93:42:31:2b:5a:e2:70:f2:7a:f0:07:7e:28:c3: + 21:6a:c5:b3:fe:08:76:4b:a3:58:70:f6:44:22:a5:e1:b9:17: + ce:a4:90:35:5c:c7:9a:e0:12:b7:5f:24:d5:60:0c:bd:9d:b6: + 1b:78:17:16 +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgIRAJysEzmX+dDk6H+j8XGSMvowDQYJKoZIhvcNAQELBQAw +azELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExHTAbBgNVBAMMFFRlc3QgSW50 +ZXJtZWRpYXRlIENBMB4XDTIyMTAwMzE3MjAwOFoXDTI0MTAwMjE3MjAwOFowYDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50 +YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4wLjAuMTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOBT9POYwRQzAsikbf6qKveU +PaZvAN873kyfo+oH1KzlWw3RrODt+cWYHTUt5bNJlxSFRA/cTNJnCIgBpdin65PR +aqH3UeeEflIqfbxvDtjbtqY+3tz1pGiWRBGFAu1HEt+4YHGVe2KHaHpEVgnVtMjx +9slGkoto6IPV1YZxI8OAHr9sAcfSpLxAbeDjwC4weL2t3SVm0/UHB1bXzuJyxSV9 +DOGnbwCo2qtLVEMJZKS2Ujgvt8wB3RwDJwNHv9/mN7DtGNxRC9R1It9QezzrNzkc +m28Ie6cFrIxD9/HaUQazgkU+yIFznrClz3aWr4EsrAEqSlhLHb7/H4XCJ97xeAsC +AwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOLgpHOVm+lu/c4pxG8H +gQuWvUe6MB8GA1UdIwQYMBaAFBdcRfPQrBwQTItDRCDE3ZPFxRk7MB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3 +DQEBCwUAA4IBAQCToYJLeM4YOgquyDsESh4q4OjD3RXL7U8jCbjUSU87LJi/vXpO +3mtIkwwXUNXfsIqVOvTSPMRxzfzTcrGZ3VyCdN9C2VGFJpIryA0bquWYn50lzYLx +pUIgnH/ps7gedXAqB+4z2222asvggOn+EhUPTuZ4maMiaBq8zndF8J/OIyW9MraN +9Bo6jumnvdrn1bqEOE/buyl/7E9WGsRDGg6lyduxaZ0AgrayS2fnWEU33DCBk1pW +3l4PnNYac5ye9PGOIBH88z93f5rxk0IxK1ricPJ68Ad+KMMhasWz/gh2S6NYcPZE +IqXhuRfOpJA1XMea4BK3XyTVYAy9nbYbeBcW +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Sep 30 17:20:08 2032 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9d:e9:bd:e4:3d:4a:2f:fb:c2:f9:e6:22:2a:42: + 15:46:1c:8c:8f:47:4c:e9:c5:57:95:1f:66:70:93: + 22:f0:94:c3:bb:b5:5b:ef:a4:6f:c8:c7:89:95:75: + ba:0c:36:bf:4e:6b:a9:35:47:08:43:9e:29:6a:e2: + c3:fb:03:b7:1f:b6:e1:51:6b:ed:7b:19:c7:f9:ce: + 3b:dc:65:e9:66:c7:83:94:c4:d1:4e:ee:ed:64:4b: + 81:f1:1a:ea:5a:64:18:1b:6a:4e:93:d0:13:6c:90: + 60:ca:d2:4e:b7:24:16:f8:b2:08:58:9d:8d:a7:33: + 45:15:34:81:ad:2d:2d:9c:60:ef:f9:2b:98:fe:79: + d3:8d:2c:48:db:12:91:f4:2e:fa:bf:f5:26:c1:82: + 05:80:dd:4c:a8:70:bf:a7:bc:10:34:77:39:db:47: + 04:0f:ed:44:b2:65:46:22:20:88:59:28:0f:c7:0c: + a2:b4:91:a5:a2:aa:ca:05:9f:8a:9b:6e:a3:cb:d4: + a4:e8:24:75:9d:20:81:22:5b:5f:77:3e:c9:f1:1e: + ae:eb:8a:33:8c:27:5b:1e:be:6d:21:1b:42:72:95: + e3:9e:13:03:75:a7:58:d4:be:68:12:fe:63:8e:4b: + 11:7a:34:e7:a3:6b:dd:73:ae:3e:19:9a:ec:91:8b: + 73:af + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 17:5C:45:F3:D0:AC:1C:10:4C:8B:43:44:20:C4:DD:93:C5:C5:19:3B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 25:54:8b:68:3b:3c:92:ed:1b:c7:a1:62:b3:7c:ff:7e:8c:57: + 7c:67:5c:ea:74:9f:e8:f1:b5:c8:e4:88:0e:c9:a3:f3:28:c4: + 05:af:8f:ad:51:32:66:ae:5d:7a:b1:77:7e:99:06:c8:30:26: + 5a:9f:1e:34:ea:aa:3e:0a:73:a2:40:e3:8f:1a:01:96:a2:6d: + 2f:6c:d9:36:65:98:c8:86:41:0e:ee:0d:aa:da:62:54:62:23: + c6:23:b0:f1:ca:35:7b:e5:4b:d1:ab:80:80:d6:00:2b:19:85: + 9d:e0:3c:3f:13:1e:90:d2:df:c3:31:90:0f:a8:40:08:33:4e: + f7:a4:d0:ed:3e:a4:41:cf:e8:37:49:d1:58:e8:07:3d:4b:a1: + c9:fe:12:07:9a:de:e0:c8:f3:68:d6:31:5d:03:77:2f:fa:b0: + e6:2c:f3:80:59:d0:9b:1b:59:22:cd:7e:58:c6:cf:82:92:c3: + 76:95:78:b2:75:c8:fa:59:9f:0e:c0:e3:6d:70:f9:82:ba:db: + 89:89:81:b7:b9:e1:41:63:51:56:8a:5a:d2:52:c2:19:2f:d9: + c0:9d:19:82:59:79:f9:56:1c:25:81:4d:0a:cd:77:1b:de:85: + 6e:51:04:08:0b:0c:33:65:52:f6:90:a8:82:25:77:a0:fa:5e: + 9c:2a:91:66 +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIRALBrk5LjXI1+7Z3IllnFwmQwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0zMjA5MzAxNzIwMDhaMGsxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMR0wGwYDVQQDDBRUZXN0IEludGVybWVkaWF0ZSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3pveQ9Si/7wvnmIipC +FUYcjI9HTOnFV5UfZnCTIvCUw7u1W++kb8jHiZV1ugw2v05rqTVHCEOeKWriw/sD +tx+24VFr7XsZx/nOO9xl6WbHg5TE0U7u7WRLgfEa6lpkGBtqTpPQE2yQYMrSTrck +FviyCFidjaczRRU0ga0tLZxg7/krmP55040sSNsSkfQu+r/1JsGCBYDdTKhwv6e8 +EDR3OdtHBA/tRLJlRiIgiFkoD8cMorSRpaKqygWfiptuo8vUpOgkdZ0ggSJbX3c+ +yfEeruuKM4wnWx6+bSEbQnKV454TA3WnWNS+aBL+Y45LEXo056Nr3XOuPhma7JGL +c68CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUF1xF89CsHBBM +i0NEIMTdk8XFGTswDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJsmC4qYqbsd +uR8c4xpAM+2OF4irMA0GCSqGSIb3DQEBCwUAA4IBAQAlVItoOzyS7RvHoWKzfP9+ +jFd8Z1zqdJ/o8bXI5IgOyaPzKMQFr4+tUTJmrl16sXd+mQbIMCZanx406qo+CnOi +QOOPGgGWom0vbNk2ZZjIhkEO7g2q2mJUYiPGI7DxyjV75UvRq4CA1gArGYWd4Dw/ +Ex6Q0t/DMZAPqEAIM073pNDtPqRBz+g3SdFY6Ac9S6HJ/hIHmt7gyPNo1jFdA3cv ++rDmLPOAWdCbG1kizX5Yxs+CksN2lXiydcj6WZ8OwONtcPmCutuJiYG3ueFBY1FW +ilrSUsIZL9nAnRmCWXn5VhwlgU0KzXcb3oVuUQQICwwzZVL2kKiCJXeg+l6cKpFm +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/policies_sanity_check.pem b/pki/testdata/ssl/certificates/policies_sanity_check.pem new file mode 100644 index 0000000000..0366c54bf9 --- /dev/null +++ b/pki/testdata/ssl/certificates/policies_sanity_check.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:da:e4:08:b7:6c:7c:c7:71:61:c1:d6:0f:c0:95:bc:69:fb:bb:12 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Validity + Not Before: Oct 3 17:20:09 2022 GMT + Not After : Sep 30 17:20:09 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:cd:2c:e1:f6:f0:26:79:e1:27:a7:a6:45:21: + e1:8f:2a:40:82:18:cf:e0:2b:63:fa:7a:d9:eb:34: + 7a:1a:0c:eb:63:b9:73:5d:64:e0:3e:95:c7:6a:08: + ee:c5:85:d1:07:f2:9f:36:0e:79:13:bb:fd:26:80: + b7:1e:fc:63:2b:d8:a0:04:be:38:ac:e9:74:76:32: + 13:4d:0d:5b:b1:ba:4a:46:f1:3e:ae:1d:42:36:93: + 7f:1b:72:da:be:3b:c8:c6:d9:ac:57:2a:bb:69:60: + d7:45:3d:4d:5b:ee:ef:ce:c8:4a:1c:21:24:69:15: + c5:28:02:ec:48:1d:39:25:3b:09:d7:cb:9f:4c:c2: + 7a:c0:db:0b:c8:a3:86:ae:54:8c:1d:8b:a3:34:f8: + 4d:49:8b:9c:2b:98:00:9a:08:7b:b8:4c:6a:60:75: + cd:38:ac:f0:d2:b8:67:1b:88:cf:4c:2f:be:1c:e7: + 30:55:2e:db:ab:ec:01:f8:12:af:87:ee:16:f9:47: + 02:68:c6:2a:cb:a3:89:1d:39:bf:dc:9b:92:5f:60: + 6f:5b:8a:60:f7:2f:4c:0c:23:9b:f5:3c:f9:0f:3c: + 3c:46:88:35:12:5d:1f:34:52:e6:8b:f1:fc:6d:57: + ac:86:1f:f4:d2:21:eb:68:c3:0f:b4:62:9e:0f:4b: + ad:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 1.2.3.4.5 + Policy: 1.3.5.8.12 + CPS: http://cps.example.com/foo + User Notice: + Organization: Organization Name + Numbers: 1, 2, 3, 4 + Explicit Text: Explicit Text Here + User Notice: + Explicit Text: Explicit Text Two + User Notice: + Organization: Organization Name Two + Number: 42 + X509v3 Subject Key Identifier: + 84:A7:AA:E2:63:F0:DF:98:C6:90:F3:67:27:49:0D:A8:F5:E2:EE:DF + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 91:ba:b8:c9:e1:a5:45:bf:dc:3e:30:39:e2:68:25:34:8b:d8: + 90:5a:30:11:7d:68:ce:8c:97:23:fb:fc:91:a5:37:a9:c1:24: + f2:7d:92:da:69:7b:f6:3c:2f:60:ed:b8:9b:cf:93:66:54:62: + 03:ee:3d:8c:6a:b4:4a:70:9a:ef:b1:9c:a2:a9:bb:79:9a:84: + 72:da:b3:44:64:8e:97:76:c6:1e:85:fa:10:3f:76:fd:14:17: + 11:7b:83:cf:82:68:5b:86:81:d8:a6:5d:26:b2:e2:cb:68:fe: + 96:27:bc:a6:99:71:30:35:df:de:67:ea:14:81:44:42:de:d8: + 55:17:ae:2e:c5:1a:a5:44:3c:f9:cd:02:55:93:c8:b4:88:80: + 05:f9:15:93:8e:f3:2a:0d:3d:32:f0:a1:60:d6:f3:02:df:cd: + fc:cb:d7:29:34:16:cc:c8:ac:48:2b:a4:03:c0:bb:df:a8:df: + b8:54:0f:8e:e9:7f:fa:91:fb:33:14:0f:d6:08:ae:b2:81:fe: + f3:63:1f:8b:0b:81:b9:44:70:c0:cd:34:58:a2:4b:d8:0f:8b: + 6f:15:5a:d2:10:34:c8:1d:18:f8:ba:d9:ea:b9:ce:8d:d4:a9: + e4:52:b5:cf:8a:3d:5a:eb:68:f3:db:c2:83:c2:98:d9:bc:d0: + 80:cf:1e:b8 +-----BEGIN CERTIFICATE----- +MIIETTCCAzWgAwIBAgIUP9rkCLdsfMdxYcHWD8CVvGn7uxIwDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMDlaFw0zMjA5MzAxNzIwMDlaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkzSzh9vAmeeEnp6ZFIeGPKkCCGM/gK2P6 +etnrNHoaDOtjuXNdZOA+lcdqCO7FhdEH8p82DnkTu/0mgLce/GMr2KAEvjis6XR2 +MhNNDVuxukpG8T6uHUI2k38bctq+O8jG2axXKrtpYNdFPU1b7u/OyEocISRpFcUo +AuxIHTklOwnXy59MwnrA2wvIo4auVIwdi6M0+E1Ji5wrmACaCHu4TGpgdc04rPDS +uGcbiM9ML74c5zBVLtur7AH4Eq+H7hb5RwJoxirLo4kdOb/cm5JfYG9bimD3L0wM +I5v1PPkPPDxGiDUSXR80UuaL8fxtV6yGH/TSIetoww+0Yp4PS633AgMBAAGjgf4w +gfswgdkGA1UdIASB0TCBzjAGBgQqAwQFMIHDBgQrBQgMMIG6MCYGCCsGAQUFBwIB +FhpodHRwOi8vY3BzLmV4YW1wbGUuY29tL2ZvbzBDBggrBgEFBQcCAjA3MCEaEU9y +Z2FuaXphdGlvbiBOYW1lMAwCAQECAQICAQMCAQQaEkV4cGxpY2l0IFRleHQgSGVy +ZTAfBggrBgEFBQcCAjATGhFFeHBsaWNpdCBUZXh0IFR3bzAqBggrBgEFBQcCAjAe +MBwaFU9yZ2FuaXphdGlvbiBOYW1lIFR3bzADAgEqMB0GA1UdDgQWBBSEp6riY/Df +mMaQ82cnSQ2o9eLu3zANBgkqhkiG9w0BAQsFAAOCAQEAkbq4yeGlRb/cPjA54mgl +NIvYkFowEX1ozoyXI/v8kaU3qcEk8n2S2ml79jwvYO24m8+TZlRiA+49jGq0SnCa +77Gcoqm7eZqEctqzRGSOl3bGHoX6ED92/RQXEXuDz4JoW4aB2KZdJrLiy2j+lie8 +pplxMDXf3mfqFIFEQt7YVReuLsUapUQ8+c0CVZPItIiABfkVk47zKg09MvChYNbz +At/N/MvXKTQWzMisSCukA8C736jfuFQPjul/+pH7MxQP1giusoH+82MfiwuBuURw +wM00WKJL2A+LbxVa0hA0yB0Y+LrZ6rnOjdSp5FK1z4o9Wuto89vCg8KY2bzQgM8e +uA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/post_june_2016.pem b/pki/testdata/ssl/certificates/post_june_2016.pem new file mode 100644 index 0000000000..0a74d9f770 --- /dev/null +++ b/pki/testdata/ssl/certificates/post_june_2016.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:81 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Jun 1 00:00:00 2016 GMT + Not After : Jul 3 00:00:00 2017 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:bd:50:56:9a:11:59:5d:a3:61:c3:5b:0f:7b: + b7:73:68:87:c8:7a:2a:f6:97:e1:09:1f:35:bb:b4: + 30:ad:75:ab:6d:ae:ad:5e:81:b8:36:19:68:3b:63: + 1e:b8:08:67:b8:bf:fe:49:8c:5e:a6:20:f7:86:d1: + d4:42:db:4a:93:61:28:76:ed:86:2b:51:79:a8:bc: + 0e:68:8c:d2:2b:9b:5b:ef:a0:20:85:4c:94:36:6f: + 58:41:a5:5c:f3:2e:8d:8f:72:0b:f9:73:14:26:bf: + b7:cd:62:fd:3b:7d:cf:2a:7a:64:47:69:85:c1:97: + 08:b6:84:47:92:fc:32:8f:2c:c6:ad:5b:66:d5:d9: + 1d:a2:5b:46:08:15:4d:fb:22:e4:97:a2:f9:1a:f1: + 98:c2:56:05:f3:90:22:9d:3a:9e:bd:b0:62:b0:92: + 48:a5:fe:51:50:00:d2:c0:79:c9:b0:d7:8a:99:16: + 7c:e1:cb:03:75:7f:6f:ff:33:1d:55:37:fb:0b:13: + 0f:f1:9e:0b:42:06:9d:4e:45:49:5a:17:98:3b:e1: + a0:46:5a:55:8c:d6:f3:fa:4f:f0:e3:d1:52:2f:46: + e2:5e:b1:cc:c7:0e:05:dc:7d:73:66:f7:92:9c:62: + 02:87:fe:ca:bf:43:4a:be:a0:0f:41:4d:2d:47:ea: + 9a:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 77:54:D3:17:CC:0A:33:63:BC:8C:17:18:29:3D:27:8F:27:44:AC:23 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 51:f6:3a:89:7e:50:32:e0:d6:d3:9a:0a:6a:5d:65:22:97:e6: + fd:c6:cd:39:08:e8:ea:6d:68:f5:04:31:ba:70:26:15:9b:25: + 4c:24:55:33:6e:69:95:2a:22:07:2c:8a:b7:b5:43:f9:73:c5: + 8f:70:79:de:a9:f6:36:bb:f8:ba:c3:7c:d1:bf:d9:29:da:be: + 16:46:d6:5d:45:f1:b1:54:db:58:08:72:25:3e:be:15:1f:8b: + c7:91:a4:f2:9b:49:11:8b:1f:d0:99:fd:47:60:1b:ec:0e:2a: + 6b:e0:2b:2f:8d:a8:cd:2e:b1:af:72:fa:7d:15:8c:95:79:be: + c2:3e:83:60:84:f2:0e:3f:41:b5:3f:81:a5:04:ec:93:36:40: + 48:54:fd:8e:d8:ba:7d:6c:bc:e0:25:25:b8:74:d6:3f:e6:03: + 70:17:dc:ba:b6:48:fb:f0:e3:25:91:94:66:99:d9:4d:ad:c4: + 0e:bc:0b:03:63:f5:44:0b:cb:47:a4:ad:c3:c7:5e:30:d5:f4: + fc:f8:32:39:88:d5:79:65:49:3f:45:2f:1c:9c:b7:4d:08:12: + f3:c8:d8:87:fa:44:78:a1:41:ab:54:98:ad:43:48:8e:b3:0a: + 01:23:21:e3:84:0a:f8:5a:a8:ab:13:fb:f0:c9:54:74:ad:72: + 61:52:e9:d9 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwoEwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNjA2MDEwMDAwMDBaFw0xNzA3MDMwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsvVBWmhFZXaNhw1sPe7dzaIfIeir2l+EJ +HzW7tDCtdattrq1egbg2GWg7Yx64CGe4v/5JjF6mIPeG0dRC20qTYSh27YYrUXmo +vA5ojNIrm1vvoCCFTJQ2b1hBpVzzLo2Pcgv5cxQmv7fNYv07fc8qemRHaYXBlwi2 +hEeS/DKPLMatW2bV2R2iW0YIFU37IuSXovka8ZjCVgXzkCKdOp69sGKwkkil/lFQ +ANLAecmw14qZFnzhywN1f2//Mx1VN/sLEw/xngtCBp1ORUlaF5g74aBGWlWM1vP6 +T/Dj0VIvRuJesczHDgXcfXNm95KcYgKH/sq/Q0q+oA9BTS1H6poJAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR3VNMXzAozY7yMFxgpPSePJ0SsIzAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAUfY6iX5QMuDW05oKal1lIpfm/cbNOQjo6m1o9QQxunAmFZslTCRVM25plSoi +ByyKt7VD+XPFj3B53qn2Nrv4usN80b/ZKdq+FkbWXUXxsVTbWAhyJT6+FR+Lx5Gk +8ptJEYsf0Jn9R2Ab7A4qa+ArL42ozS6xr3L6fRWMlXm+wj6DYITyDj9BtT+BpQTs +kzZASFT9jti6fWy84CUluHTWP+YDcBfcurZI+/DjJZGUZpnZTa3EDrwLA2P1RAvL +R6Stw8deMNX0/PgyOYjVeWVJP0UvHJy3TQgS88jYh/pEeKFBq1SYrUNIjrMKASMh +44QK+FqoqxP78MlUdK1yYVLp2Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/pre_br_validity_bad_121.pem b/pki/testdata/ssl/certificates/pre_br_validity_bad_121.pem new file mode 100644 index 0000000000..c0ac13425c --- /dev/null +++ b/pki/testdata/ssl/certificates/pre_br_validity_bad_121.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:78 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Jan 1 00:00:00 2008 GMT + Not After : May 1 00:00:00 2018 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:d0:97:d7:72:13:ea:8f:1a:c0:2b:11:e7:a9: + d1:dd:7c:88:d2:a6:68:c0:51:1d:ff:b3:0b:88:de: + f3:95:12:5a:74:7e:21:25:aa:04:cf:e2:9f:8f:9c: + 0a:38:e5:df:77:7a:47:73:46:2b:c7:bf:b9:5a:6b: + 5a:0d:75:d4:32:59:6d:45:ba:02:10:34:ec:6b:6a: + 86:26:67:78:19:e7:a5:87:a4:88:4c:a9:a4:ec:94: + 19:d0:ee:b6:49:37:df:eb:63:e8:4d:f2:09:41:56: + be:7c:57:17:66:06:76:e9:35:1b:c2:9e:0e:b7:72: + 35:e7:82:6f:85:20:4a:75:6f:ff:84:09:fa:73:47: + e7:40:8c:3f:05:f6:73:8c:f7:56:fb:1e:53:a7:ba: + 6c:3f:12:e0:34:21:8e:e0:b4:19:36:6e:73:86:22: + 5e:b2:89:17:50:c3:a6:03:d1:e0:8e:d3:bf:4e:e9: + 11:08:21:61:f0:f1:42:ef:56:f1:ad:e4:d7:b3:4d: + 6a:8a:b2:0c:ea:99:ab:a2:e5:64:f5:d0:ef:7b:1d: + 98:f8:8d:20:29:46:91:0b:bc:a8:1b:b7:50:a3:2e: + 0f:c9:0a:a1:61:cb:7f:77:9d:a0:96:ee:b1:b1:ca: + 2d:cc:f3:f6:16:21:16:2a:ee:e8:10:7a:e9:e2:7d: + 4d:21 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 41:16:79:6C:BA:A5:55:A1:5B:53:B3:80:E8:62:C8:1B:CF:E9:A5:6C + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7e:9b:7f:2c:42:3f:7e:34:6b:dc:31:35:cd:e6:b4:b0:ac:99: + 80:fb:90:37:73:b8:fb:50:8d:e5:d5:6f:e4:80:22:3e:89:d3: + fd:78:9e:8c:9e:6e:6d:32:3c:b7:97:ef:32:dd:86:a1:ed:44: + 91:fc:60:55:bd:46:c4:67:f4:00:ce:a7:e5:65:fb:58:b0:75: + 8e:81:51:b3:46:a5:b0:5f:fe:aa:69:17:5b:ce:da:7b:90:7b: + 07:4d:f6:eb:0b:3f:b6:bd:81:d5:e5:55:43:1e:de:82:30:5d: + ff:1c:49:df:4b:7f:e5:5c:5a:e7:d1:6a:6f:8f:ab:53:fc:18: + 38:8f:8e:07:ae:24:24:7f:10:73:2b:63:3e:9e:f7:dd:90:de: + 84:df:70:e2:bb:73:f5:77:04:aa:ab:b5:bb:e6:fa:5c:4a:2b: + 67:4a:61:2c:bb:58:9d:d3:42:6b:0d:90:b1:14:6a:ee:13:c2: + 9f:21:45:ba:c7:7c:7b:a0:20:0b:13:b5:81:36:ff:8f:32:2e: + f0:2b:4e:e7:6d:cd:28:9a:49:40:69:52:c5:5f:89:eb:04:10: + 07:3a:17:1e:f6:95:35:13:67:94:fe:65:17:4f:6e:bc:23:96: + d8:11:21:ce:70:af:97:ef:f5:c8:fa:e3:e3:01:72:1a:f7:4e: + 73:8d:10:a6 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwngwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0wODAxMDEwMDAwMDBaFw0xODA1MDEwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC60JfXchPqjxrAKxHnqdHdfIjSpmjAUR3/ +swuI3vOVElp0fiElqgTP4p+PnAo45d93ekdzRivHv7laa1oNddQyWW1FugIQNOxr +aoYmZ3gZ56WHpIhMqaTslBnQ7rZJN9/rY+hN8glBVr58VxdmBnbpNRvCng63cjXn +gm+FIEp1b/+ECfpzR+dAjD8F9nOM91b7HlOnumw/EuA0IY7gtBk2bnOGIl6yiRdQ +w6YD0eCO079O6REIIWHw8ULvVvGt5NezTWqKsgzqmaui5WT10O97HZj4jSApRpEL +vKgbt1CjLg/JCqFhy393naCW7rGxyi3M8/YWIRYq7ugQeunifU0hAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRBFnlsuqVVoVtTs4DoYsgbz+mlbDAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAfpt/LEI/fjRr3DE1zea0sKyZgPuQN3O4+1CN5dVv5IAiPonT/XiejJ5ubTI8 +t5fvMt2Goe1EkfxgVb1GxGf0AM6n5WX7WLB1joFRs0alsF/+qmkXW87ae5B7B032 +6ws/tr2B1eVVQx7egjBd/xxJ30t/5Vxa59Fqb4+rU/wYOI+OB64kJH8QcytjPp73 +3ZDehN9w4rtz9XcEqqu1u+b6XEorZ0phLLtYndNCaw2QsRRq7hPCnyFFusd8e6Ag +CxO1gTb/jzIu8CtO523NKJpJQGlSxV+J6wQQBzoXHvaVNRNnlP5lF09uvCOW2BEh +znCvl+/1yPrj4wFyGvdOc40Qpg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/pre_br_validity_bad_2020.pem b/pki/testdata/ssl/certificates/pre_br_validity_bad_2020.pem new file mode 100644 index 0000000000..54ee311214 --- /dev/null +++ b/pki/testdata/ssl/certificates/pre_br_validity_bad_2020.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:79 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: May 1 00:00:00 2012 GMT + Not After : Jul 3 00:00:00 2019 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:01:53:38:ac:8f:22:51:a3:e6:99:dc:5c:61: + 81:49:da:e3:d6:19:94:5e:20:32:1e:d9:0d:8a:ad: + d7:f6:76:fc:91:1a:1a:a0:82:77:6b:9c:22:7d:80: + 9a:bc:09:06:c6:16:4c:96:47:35:de:4a:63:0a:b2: + f4:b2:9d:c8:8e:9c:ba:de:0b:05:cb:16:53:c6:eb: + b1:97:d2:fd:ce:a9:9b:87:c6:f3:65:83:6f:02:d0: + a2:f6:70:93:0e:e4:b4:5a:ea:83:93:5d:db:16:da: + 54:e2:78:40:43:e6:c2:74:33:2a:f2:0f:18:a5:1f: + 78:95:36:b4:ab:b0:58:dc:e8:e8:2a:74:ae:45:d3: + 55:48:d2:64:39:d0:7d:f9:8f:96:d9:d1:77:a8:bb: + 54:1d:d0:01:12:f3:68:48:83:65:6a:22:86:4a:3c: + f2:28:a6:d4:a6:6c:27:1b:44:4e:67:60:36:64:10: + 54:e2:ad:f4:fb:b7:9a:a5:93:13:2d:9e:44:22:7b: + 84:f6:61:6a:6e:22:ff:cd:06:84:c8:e4:e2:14:fe: + d3:33:1a:f6:94:a3:6d:9d:af:e7:7e:da:02:31:1c: + c6:54:60:72:46:b7:5b:56:e5:31:f5:d8:57:33:d7: + 2e:2e:00:ae:2a:c9:be:f0:51:c4:8b:eb:59:43:12: + 90:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 55:1A:0A:BD:6F:54:C0:58:F3:8A:C4:A3:2E:4D:39:9B:BB:E4:48:AD + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 8e:83:f2:8f:31:70:5a:ce:64:82:b3:9e:89:e8:0f:5a:d1:bc: + 55:c1:0d:40:7b:1b:21:94:ba:5a:e3:fc:16:28:b8:92:2b:aa: + 85:2b:66:8a:43:2e:05:f1:38:b2:20:f5:8e:e5:7a:ef:62:29: + 70:c5:03:c9:48:3f:1c:59:83:7d:8b:64:e6:db:0e:4c:c2:18: + a0:85:a7:3c:18:db:ac:92:46:96:c0:f2:83:3e:e7:53:ce:5a: + 13:90:4b:22:86:42:6b:a1:c4:1d:e6:b8:50:aa:51:c1:74:07: + 16:d8:fe:e2:3a:9a:79:52:4a:a7:40:bb:14:d4:56:ff:01:d5: + 0e:5c:c5:ec:1b:fa:4e:32:4a:1a:12:6d:d6:3f:0b:1c:e7:86: + 73:e2:24:97:90:ad:50:4e:c8:af:f6:b5:75:ce:91:91:e5:bd: + 92:c3:d4:d9:be:c0:82:8c:de:3c:98:eb:12:5b:a6:7b:d5:94: + 7d:69:2c:c2:fa:52:62:65:a7:67:76:4f:c7:73:6f:5d:47:b9: + 8d:39:1d:2f:80:bf:ee:5c:48:83:42:a9:09:5b:7d:a1:0a:4f: + c2:b6:4c:0d:ba:4a:01:25:95:f8:98:4b:93:be:dc:63:bf:aa: + f9:8f:77:11:ea:56:ea:12:d4:6d:57:7e:b1:e8:3b:6a:3f:69: + ee:ec:ea:66 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnkwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xMjA1MDEwMDAwMDBaFw0xOTA3MDMwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoAVM4rI8iUaPmmdxcYYFJ2uPWGZReIDIe +2Q2Krdf2dvyRGhqggndrnCJ9gJq8CQbGFkyWRzXeSmMKsvSynciOnLreCwXLFlPG +67GX0v3OqZuHxvNlg28C0KL2cJMO5LRa6oOTXdsW2lTieEBD5sJ0MyryDxilH3iV +NrSrsFjc6OgqdK5F01VI0mQ50H35j5bZ0Xeou1Qd0AES82hIg2VqIoZKPPIoptSm +bCcbRE5nYDZkEFTirfT7t5qlkxMtnkQie4T2YWpuIv/NBoTI5OIU/tMzGvaUo22d +r+d+2gIxHMZUYHJGt1tW5TH12Fcz1y4uAK4qyb7wUcSL61lDEpD7AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRVGgq9b1TAWPOKxKMuTTmbu+RIrTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAjoPyjzFwWs5kgrOeiegPWtG8VcENQHsbIZS6WuP8Fii4kiuqhStmikMuBfE4 +siD1juV672IpcMUDyUg/HFmDfYtk5tsOTMIYoIWnPBjbrJJGlsDygz7nU85aE5BL +IoZCa6HEHea4UKpRwXQHFtj+4jqaeVJKp0C7FNRW/wHVDlzF7Bv6TjJKGhJt1j8L +HOeGc+Ikl5CtUE7Ir/a1dc6RkeW9ksPU2b7AgozePJjrElume9WUfWkswvpSYmWn +Z3ZPx3NvXUe5jTkdL4C/7lxIg0KpCVt9oQpPwrZMDbpKASWV+JhLk77cY7+q+Y93 +EepW6hLUbVd+seg7aj9p7uzqZg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/pre_br_validity_ok.pem b/pki/testdata/ssl/certificates/pre_br_validity_ok.pem new file mode 100644 index 0000000000..94a52685b8 --- /dev/null +++ b/pki/testdata/ssl/certificates/pre_br_validity_ok.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:77 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Jan 1 00:00:00 2008 GMT + Not After : Jan 1 00:00:00 2015 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:59:8b:7c:51:b9:fa:d1:33:7f:52:6a:0e:e4: + f8:aa:d2:bc:ca:87:8e:ad:c5:23:5e:4f:64:c0:44: + 5a:68:c9:e3:b9:10:a0:ce:95:c5:96:14:3f:92:7b: + 19:d1:f4:a0:b5:1e:20:ad:10:6b:35:9d:87:06:a2: + d5:52:26:d8:12:9d:e4:9b:11:25:7c:7d:b8:16:b4: + 97:35:c8:31:e2:bc:6b:79:5b:d8:58:12:5a:ba:0a: + ab:98:d7:6e:96:56:cd:54:53:ea:49:12:be:7e:ef: + b5:a6:9e:f2:5a:7a:27:2e:71:40:38:94:dd:7a:e3: + a4:0e:ba:54:6d:6a:fd:00:c2:dd:15:81:74:83:56: + 5e:27:7e:3f:2e:47:0e:3b:ec:85:4b:f9:7a:f8:7b: + 1a:96:4c:d8:c9:ee:bb:20:8a:25:83:38:26:f1:d0: + 0c:f0:22:46:4b:9b:87:91:22:eb:a2:e3:84:57:e0: + a3:cc:90:de:3a:43:41:40:a0:8e:bd:c8:2d:24:ea: + 2a:92:11:bf:b7:7c:77:e9:9a:d3:22:da:83:d1:6b: + a6:29:f4:3b:cd:d9:6b:25:d7:2f:d4:67:60:65:da: + d5:ba:9e:36:1d:33:b2:e6:e2:b8:84:ea:99:1d:5d: + 69:43:99:af:35:63:4c:99:bc:d4:39:80:b4:88:f3: + 59:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 7C:9E:00:01:F2:2E:C7:FF:98:BA:C8:E9:DA:7D:77:F8:9D:91:B1:E9 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + c6:7c:e6:21:ca:91:23:8e:0c:28:5c:52:c8:99:9e:4a:0c:f0: + f9:53:ad:ce:30:0c:d3:46:f3:0a:03:11:3c:e8:80:38:4c:40: + ca:a3:de:21:9c:0f:c9:5d:35:ce:ca:b4:88:15:56:f3:3f:6b: + 7c:ac:2f:0b:54:69:2f:43:50:56:b9:6c:72:5e:d5:03:77:fe: + 18:25:bd:9b:5c:6f:70:20:52:aa:66:49:00:12:4c:89:54:eb: + da:c4:7e:55:1d:d7:46:db:d3:98:29:eb:56:f0:0b:e8:f8:03: + 4a:3f:21:25:e6:b9:e4:52:78:20:57:7c:33:2f:e2:24:e7:ae: + 1a:e9:45:ae:3f:17:d7:0b:38:2f:0e:c3:bf:b6:39:37:e8:f9: + ca:fe:d2:12:d4:d2:88:f8:d9:9e:3b:9b:fa:2e:18:3b:8b:ac: + ef:2e:2a:35:d5:5e:b8:f9:4f:ec:6f:0c:af:d6:f3:8e:ef:78: + b7:d1:29:0f:7f:f8:08:85:a6:56:83:84:a3:df:c4:41:95:84: + 3a:0d:10:31:36:d3:01:f9:ee:42:87:61:85:06:7f:e2:b6:2c: + d1:7b:ba:24:b9:34:a4:b1:ec:2a:6f:06:b3:b0:db:2b:c1:aa: + 82:a7:ae:9b:09:bb:36:22:76:76:55:0f:e5:2b:25:d8:34:1c: + b3:0a:f0:ec +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwncwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0wODAxMDEwMDAwMDBaFw0xNTAxMDEwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6WYt8Ubn60TN/UmoO5Piq0rzKh46txSNe +T2TARFpoyeO5EKDOlcWWFD+SexnR9KC1HiCtEGs1nYcGotVSJtgSneSbESV8fbgW +tJc1yDHivGt5W9hYElq6CquY126WVs1UU+pJEr5+77WmnvJaeicucUA4lN1646QO +ulRtav0Awt0VgXSDVl4nfj8uRw477IVL+Xr4exqWTNjJ7rsgiiWDOCbx0AzwIkZL +m4eRIuui44RX4KPMkN46Q0FAoI69yC0k6iqSEb+3fHfpmtMi2oPRa6Yp9DvN2Wsl +1y/UZ2Bl2tW6njYdM7Lm4riE6pkdXWlDma81Y0yZvNQ5gLSI81kHAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR8ngAB8i7H/5i6yOnafXf4nZGx6TAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAxnzmIcqRI44MKFxSyJmeSgzw+VOtzjAM00bzCgMRPOiAOExAyqPeIZwPyV01 +zsq0iBVW8z9rfKwvC1RpL0NQVrlscl7VA3f+GCW9m1xvcCBSqmZJABJMiVTr2sR+ +VR3XRtvTmCnrVvAL6PgDSj8hJea55FJ4IFd8My/iJOeuGulFrj8X1ws4Lw7Dv7Y5 +N+j5yv7SEtTSiPjZnjub+i4YO4us7y4qNdVeuPlP7G8Mr9bzju94t9EpD3/4CIWm +VoOEo9/EQZWEOg0QMTbTAfnuQodhhQZ/4rYs0Xu6JLk0pLHsKm8Gs7DbK8Gqgqeu +mwm7NiJ2dlUP5Ssl2DQcswrw7A== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/pre_june_2016.pem b/pki/testdata/ssl/certificates/pre_june_2016.pem new file mode 100644 index 0000000000..3d16179bf0 --- /dev/null +++ b/pki/testdata/ssl/certificates/pre_june_2016.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:7d + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: May 1 00:00:00 2016 GMT + Not After : Jul 3 00:00:00 2017 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:8d:70:9b:0b:12:3d:e5:81:70:33:5f:fd:28:2d: + 06:31:54:c4:f3:b4:27:c0:34:e6:d1:04:c3:e3:62: + fc:1e:b1:54:81:07:f7:dd:a6:5d:31:74:6d:2d:a9: + f1:1b:e2:23:49:65:fe:1f:76:ab:5c:19:c2:ec:ae: + f0:98:5d:f6:38:06:79:70:e5:d2:d5:e3:b3:a4:35: + d5:cf:1b:fe:40:14:34:ec:4e:f3:3a:9f:95:de:d9: + a2:fe:b5:ae:55:66:96:6f:a2:e8:5b:8e:77:d6:e4: + 6f:58:46:dd:f7:4e:c9:94:fc:2c:68:e9:93:b3:e3: + 29:dc:b3:93:43:51:57:55:4d:83:97:46:76:6c:e5: + 6c:a8:04:cf:ab:7f:a4:dc:95:6b:53:7a:c4:03:bb: + 31:5a:1a:cc:21:94:c9:24:c4:de:7c:f5:97:9b:97: + 37:50:33:6c:26:30:f6:90:cb:46:e4:b2:c6:9b:d2: + 9c:19:2e:ce:25:78:df:ad:84:6c:d4:04:cf:7f:20: + 47:ad:d8:c1:b2:2b:4a:29:71:f0:f6:fa:fb:31:ca: + ca:f4:4c:a8:81:dd:8c:d4:e6:a0:ac:2a:22:9a:01: + 32:34:27:e3:8c:61:b1:1c:a9:d3:39:48:4c:13:42: + 44:2e:63:a2:f3:cf:54:e5:6b:af:ba:6e:06:49:a1: + 94:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 35:B7:03:06:47:D2:88:52:F9:CD:7F:E1:27:C4:4D:B9:22:04:19:75 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3e:e6:74:d5:4a:48:14:04:4e:4a:c4:a2:40:28:27:87:55:72: + e5:e8:76:a7:2a:fa:7e:fe:e0:fc:20:60:97:7a:b5:80:4f:97: + 6e:bf:a8:21:05:61:6c:7b:ec:6c:b7:09:75:d4:45:ad:00:ae: + c8:ab:a9:8a:cd:53:c1:af:5b:61:1f:0d:7f:98:24:1f:28:cf: + 8f:78:ad:f0:41:02:9e:05:98:d8:2d:dc:c3:43:06:98:10:45: + 69:b9:fd:7e:f4:7a:19:62:26:b6:b3:be:8f:ef:33:1e:93:cc: + e7:3d:85:2c:05:5b:d6:69:e5:44:25:c4:cb:ed:40:14:e1:52: + c1:c9:b5:a9:3c:50:76:76:ca:82:b3:97:53:bc:87:3b:3c:1a: + 07:78:d0:e5:1d:57:1e:4d:a5:77:a9:97:f7:9b:ce:e1:ae:b7: + 38:3e:13:4c:3b:58:34:cf:7e:86:c1:37:a8:59:4f:09:64:7f: + d7:bc:d7:a9:a4:0f:1c:16:19:11:ec:ca:7b:f1:bc:4d:a6:aa: + 1f:f4:1b:a1:40:3d:bc:d4:35:f1:5b:ce:cd:66:aa:92:57:b4: + b1:61:da:3c:2e:9e:5c:68:fc:47:a6:4e:39:63:85:ba:d7:8e: + 1f:89:ca:7c:6b:a2:92:36:1b:c9:0b:86:aa:2d:1f:b4:79:cf: + af:0d:b4:48 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwn0wDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xNjA1MDEwMDAwMDBaFw0xNzA3MDMwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNcJsLEj3lgXAzX/0oLQYxVMTztCfANObR +BMPjYvwesVSBB/fdpl0xdG0tqfEb4iNJZf4fdqtcGcLsrvCYXfY4Bnlw5dLV47Ok +NdXPG/5AFDTsTvM6n5Xe2aL+ta5VZpZvouhbjnfW5G9YRt33TsmU/Cxo6ZOz4ync +s5NDUVdVTYOXRnZs5WyoBM+rf6TclWtTesQDuzFaGswhlMkkxN589ZeblzdQM2wm +MPaQy0bkssab0pwZLs4leN+thGzUBM9/IEet2MGyK0opcfD2+vsxysr0TKiB3YzU +5qCsKiKaATI0J+OMYbEcqdM5SEwTQkQuY6Lzz1Tla6+6bgZJoZQPAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ1twMGR9KIUvnNf+EnxE25IgQZdTAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAPuZ01UpIFAROSsSiQCgnh1Vy5eh2pyr6fv7g/CBgl3q1gE+Xbr+oIQVhbHvs +bLcJddRFrQCuyKupis1Twa9bYR8Nf5gkHyjPj3it8EECngWY2C3cw0MGmBBFabn9 +fvR6GWImtrO+j+8zHpPM5z2FLAVb1mnlRCXEy+1AFOFSwcm1qTxQdnbKgrOXU7yH +OzwaB3jQ5R1XHk2ld6mX95vO4a63OD4TTDtYNM9+hsE3qFlPCWR/17zXqaQPHBYZ +EezKe/G8TaaqH/QboUA9vNQ18VvOzWaqkle0sWHaPC6eXGj8R6ZOOWOFuteOH4nK +fGuikjYbyQuGqi0ftHnPrw20SA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000000..728be76d5e --- /dev/null +++ b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,55 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:ff:00:45:d3:4d:47:ed:e4:11:26:af:71:52:b5: + e5:75:df:a6:54:84:39:14:97:6f:76:af:ef:3f:c3: + 77:a5:1f:69:30:b8:7b:ce:ef:fc:89:5e:f4:3f:80: + 77:66:35:24:67:16:bc:0f:94:51:99:e4:47:74:d3: + 53:5c:df:64:c7 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 2F:C0:D5:37:41:1C:7D:F1:C6:A4:61:44:77:D1:8F:63:EA:00:E2:12 + X509v3 Authority Key Identifier: + keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 10:cc:07:af:a0:dc:50:d7:9e:27:01:1c:39:69:1b:9b:a6:8e: + c6:18:75:4a:30:49:a8:7f:a7:4e:72:6a:e2:ef:72:b1:b2:40: + 32:11:9d:f0:71:df:64:7e:3d:8c:63:4a:a2:01:f8:4e:e4:15: + db:e3:5a:03:cf:d2:10:cf:19:36:e0:cd:2c:c3:56:45:78:86: + 5f:4e:54:36:fe:94:00:59:d8:8b:6b:6d:02:8f:f4:4b:d4:98: + 8a:6f:20:4c:5f:b5:72:0c:5f:f4:f8:c4:19:a7:1c:36:de:3b: + be:de:ef:2e:4f:96:7a:6a:f4:47:23:7f:cc:c6:8f:27:fe:81: + a6:85 +-----BEGIN CERTIFICATE----- +MIICODCCAaGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/AEXTTUft5BEm +r3FSteV136ZUhDkUl292r+8/w3elH2kwuHvO7/yJXvQ/gHdmNSRnFrwPlFGZ5Ed0 +01Nc32THo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL8DVN0EcffHGpGFE +d9GPY+oA4hIwHwYDVR0jBBgwFoAUq5HmK8nBLnugZfHUis4DTfR6GBMwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI +hvcNAQELBQADgYEAEMwHr6DcUNeeJwEcOWkbm6aOxhh1SjBJqH+nTnJq4u9ysbJA +MhGd8HHfZH49jGNKogH4TuQV2+NaA8/SEM8ZNuDNLMNWRXiGX05UNv6UAFnYi2tt +Ao/0S9SYim8gTF+1cgxf9PjEGaccNt47vt7vLk+Wemr0RyN/zMaPJ/6BpoU= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000000..49bbf6085d --- /dev/null +++ b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:36:60:16:6f:f7:3e:5f:1f:63:7e:43:cb:a5:a9: + 77:57:77:86:b7:94:b0:83:03:b4:7f:47:25:88:cf: + c3:12:53:85:40:65:49:6e:27:e7:93:0e:f9:88:df: + 8c:ac:1c:07:ef:21:c6:5f:8a:83:ad:de:a3:5a:eb: + 84:fc:8f:fa:56 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 18:19:4D:A1:C8:87:B6:49:A4:29:F5:DA:95:72:F3:64:41:24:96:C4 + X509v3 Authority Key Identifier: + keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 5d:97:40:70:07:0c:8a:2a:f8:5c:10:88:28:7d:a7:1a:db:19: + 2a:d1:dc:04:09:9e:ca:57:30:80:79:4f:81:d7:05:82:39:97: + 69:b8:19:7a:55:26:6f:43:d9:74:42:87:b5:1b:7b:d8:48:b1: + dd:68:36:a5:2c:04:29:5d:9b:9d:3d:53:98:b1:e9:f4:4d:89: + 8c:24:1a:24:e6:ca:c3:e3:67:a5:8d:19:b6:9b:52:4a:04:79: + db:ad:47:8c:f9:4f:61:6c:7f:ce:0e:50:1c:a9:d6:b2:a2:77: + b0:80:e1:f3:d0:a8:8e:e9:20:fa:c5:f5:70:29:3f:a4:0e:f3: + 07:29:94:93:d7:34:17:a3:17:39:50:e7:d9:7d:6c:f3:2c:a8: + 0f:87:19:cb:08:13:d8:e1:40:8c:91:95:4d:44:4b:e2:6b:97: + 74:65:62:fd:53:3b:73:ec:2a:86:f1:05:9e:17:14:60:22:d7: + 64:3f:f1:ff:1f:8b:7d:8e:b1:37:07:5b:a2:03:e1:18:61:89: + 3f:38:d2:07:4e:ae:d4:75:22:df:52:58:18:e1:e9:10:a1:8c: + 76:e3:63:43:96:df:59:74:09:57:54:a7:72:0c:48:d7:52:65: + ee:eb:bd:62:80:f7:90:12:91:ec:6b:2c:ea:1e:5c:20:77:96: + f8:2b:25:a5 +-----BEGIN CERTIFICATE----- +MIICuTCCAaGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4 +IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0 +MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ2YBZv9z5fH2N+ +Q8ulqXdXd4a3lLCDA7R/RyWIz8MSU4VAZUluJ+eTDvmI34ysHAfvIcZfioOt3qNa +64T8j/pWo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUGBlNociHtkmkKfXa +lXLzZEEklsQwHwYDVR0jBBgwFoAUXMJxdsEmsQwxc8iS0x4BEkvMWhQwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI +hvcNAQELBQADggEBAF2XQHAHDIoq+FwQiCh9pxrbGSrR3AQJnspXMIB5T4HXBYI5 +l2m4GXpVJm9D2XRCh7Ube9hIsd1oNqUsBCldm509U5ix6fRNiYwkGiTmysPjZ6WN +GbabUkoEedutR4z5T2Fsf84OUByp1rKid7CA4fPQqI7pIPrF9XApP6QO8wcplJPX +NBejFzlQ59l9bPMsqA+HGcsIE9jhQIyRlU1ES+Jrl3RlYv1TO3PsKobxBZ4XFGAi +12Q/8f8fi32OsTcHW6ID4RhhiT840gdOrtR1It9SWBjh6RChjHbjY0OW31l0CVdU +p3IMSNdSZe7rvWKA95ASkexrLOoeXCB3lvgrJaU= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000000..65b81e5c87 --- /dev/null +++ b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:b8:18:a6:f0:2e:2c:00:5c:33:a0:02:29:f4:8e: + 97:f8:c7:72:82:79:11:09:11:d5:30:95:7e:29:24: + 68:4b:71:90:3d:74:6b:cb:77:cb:ba:fd:5f:86:91: + 10:cf:29:28:8f:f1:1c:f6:ac:18:c4:86:ef:15:bb: + fb:dd:6d:c7:d7 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 16:7F:A6:9F:9D:78:A2:C0:63:49:1C:FF:FF:30:57:23:90:C1:99:10 + X509v3 Authority Key Identifier: + keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + bc:f2:7a:f2:cb:90:e4:e5:dc:ed:bb:69:e5:24:cd:a9:46:a4: + f9:ee:19:d1:73:08:6c:be:cb:90:7f:d1:1e:b8:09:07:83:4a: + 42:b7:12:11:ea:3e:ab:8b:e4:f7:cd:d9:94:db:c5:01:1b:d4: + f5:f9:be:22:b0:39:72:b6:89:6d:99:cc:43:fd:09:bb:00:a5: + 51:b0:ee:97:94:e9:d2:86:96:e4:52:f7:76:77:d2:40:37:96: + 38:cd:f3:59:38:54 +-----BEGIN CERTIFICATE----- +MIICFjCCAaCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg +cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy +MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLgYpvAuLABcM6AC +KfSOl/jHcoJ5EQkR1TCVfikkaEtxkD10a8t3y7r9X4aREM8pKI/xHPasGMSG7xW7 ++91tx9ejgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQWf6afnXiiwGNJHP// +MFcjkMGZEDAfBgNVHSMEGDAWgBSe46eDsFlvkZ/H1TRhShqzZsdEoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG +9w0BAQsFAANhALzyevLLkOTl3O27aeUkzalGpPnuGdFzCGy+y5B/0R64CQeDSkK3 +EhHqPquL5PfN2ZTbxQEb1PX5viKwOXK2iW2ZzEP9CbsApVGw7peU6dKGluRS93Z3 +0kA3ljjN81k4VA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000000..763bec712b --- /dev/null +++ b/pki/testdata/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,50 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:f5:4f:70:de:c3:d2:11:bb:c8:08:6e:4c:63:d8: + 13:80:10:b0:b8:e9:df:9c:fa:d0:f4:e3:61:5e:1e: + 1f:fe:65:8e:4b:a9:3f:d4:47:9f:71:e9:89:82:82: + d8:10:63:fa:af:37:5b:3b:d1:da:56:05:da:a2:20: + e1:20:37:c3:c0 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 7E:DD:18:69:14:9C:D6:E5:9C:DD:47:DB:87:60:79:AD:01:07:9A:66 + X509v3 Authority Key Identifier: + keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:25:fd:ba:76:81:1b:d3:25:17:82:31:ad:73:72: + 50:94:ac:e3:69:a6:b1:58:fe:b7:5e:48:ed:23:0d:a2:05:40: + 02:21:00:d5:0e:02:63:c9:1c:7a:5a:10:13:1e:b8:05:87:71: + 9c:b5:e2:66:cb:27:c8:17:b3:b1:68:29:c4:5e:b9:ac:5f +-----BEGIN CERTIFICATE----- +MIICADCCAaagAwIBAgIBBDAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1 +NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX +DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ +BgNVBAMMCTEyNy4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPVPcN7D +0hG7yAhuTGPYE4AQsLjp35z60PTjYV4eH/5ljkupP9RHn3HpiYKC2BBj+q83WzvR +2lYF2qIg4SA3w8CjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR+3RhpFJzW +5ZzdR9uHYHmtAQeaZjAfBgNVHSMEGDAWgBQNa7bX3X/NTq0GayLhEQhYEKsWKjAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATAK +BggqhkjOPQQDAgNIADBFAiAl/bp2gRvTJReCMa1zclCUrONpprFY/rdeSO0jDaIF +QAIhANUOAmPJHHpaEBMeuAWHcZy14mbLJ8gXs7FoKcReuaxf +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/prime256v1-ecdsa-intermediate.pem b/pki/testdata/ssl/certificates/prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000000..79470bef7b --- /dev/null +++ b/pki/testdata/ssl/certificates/prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Apr 22 20:28:41 2016 GMT + Not After : Apr 20 20:28:41 2026 GMT + Subject: CN=prime256v1 ecdsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:d5:c1:4a:32:95:95:c5:88:fa:01:fa:c5:9e:dc: + e2:99:62:eb:13:e5:35:42:b3:7a:fc:46:c0:fa:29: + 12:c8:2d:ea:30:0f:d2:9a:47:97:2c:7e:89:e6:ef: + 49:55:06:c9:37:c7:99:56:16:b2:2b:c9:7c:69:8e: + 10:7a:dd:1f:42 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 58:01:f0:a4:cb:85:85:72:db:7c:15:af:95:9d:b0:8e:a9:1a: + 43:ef:d3:a8:15:1b:37:2c:c3:5b:9a:b3:c2:24:88:1b:58:7e: + 9c:9b:3e:8f:02:06:47:35:85:b7:65:8d:25:72:2d:d3:e9:5f: + 3a:f9:62:b1:af:43:bc:3d:d8:f9:ef:9d:c4:c7:65:96:db:67: + 20:ef:b7:3d:40:a0:d3:a4:ad:3e:f9:d1:2e:d7:fd:9d:25:72: + 82:f5:7f:ce:75:f7:86:77:c7:52:6d:c9:10:13:46:04:88:09: + cf:1a:f0:f2:e1:9c:2f:d7:c8:17:32:57:8a:5b:78:36:1c:76: + 31:24:be:3d:29:5b:3e:92:ca:d5:e0:2c:3e:1c:72:a9:b6:f3: + a9:28:72:8c:e4:cf:ea:fe:ca:af:21:8a:dc:6f:f9:84:7c:16: + 34:5b:d8:21:b5:ec:b5:84:dc:b7:ef:41:e8:5b:74:0b:19:c9: + d5:e1:ef:f2:05:33:de:92:24:27:9b:70:ad:e2:9d:8e:42:ca: + 98:30:5f:f4:32:81:aa:11:bb:10:dc:e6:86:f5:6f:75:70:22: + 62:29:47:84:36:17:e6:ee:ae:e9:7e:86:ae:dc:bf:81:52:7a: + 30:7e:f9:35:31:11:cb:ec:1c:8e:ed:32:9e:96:32:9f:05:6f: + 9c:cb:c9:db +-----BEGIN CERTIFICATE----- +MIICQjCCASqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4 +IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx +WjAwMS4wLAYDVQQDDCVwcmltZTI1NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRl +IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1cFKMpWVxYj6AfrFntzimWLr +E+U1QrN6/EbA+ikSyC3qMA/SmkeXLH6J5u9JVQbJN8eZVhayK8l8aY4Qet0fQqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUDWu2191/zU6tBmsi4REIWBCr +FiowDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYAfCky4WFctt8 +Fa+VnbCOqRpD79OoFRs3LMNbmrPCJIgbWH6cmz6PAgZHNYW3ZY0lci3T6V86+WKx +r0O8Pdj5753Ex2WW22cg77c9QKDTpK0++dEu1/2dJXKC9X/OdfeGd8dSbckQE0YE +iAnPGvDy4Zwv18gXMleKW3g2HHYxJL49KVs+ksrV4Cw+HHKptvOpKHKM5M/q/sqv +IYrcb/mEfBY0W9ghtey1hNy370HoW3QLGcnV4e/yBTPekiQnm3Ct4p2OQsqYMF/0 +MoGqEbsQ3OaG9W91cCJiKUeENhfm7q7pfoau3L+BUnowfvk1MRHL7ByO7TKeljKf +BW+cy8nb +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/punycodetest.pem b/pki/testdata/ssl/certificates/punycodetest.pem new file mode 100644 index 0000000000..59d3172d18 --- /dev/null +++ b/pki/testdata/ssl/certificates/punycodetest.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:ff:47:5b:37:71:65:69:6a:02:40:fd:0c:fb:7b:a0:70:f4:8d:5d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = xn--wgv71a119e.com + Validity + Not Before: Oct 3 17:20:10 2022 GMT + Not After : Sep 30 17:20:10 2032 GMT + Subject: CN = xn--wgv71a119e.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b1:2e:20:9b:56:83:a2:e8:0e:6a:06:53:ea:8b: + a3:2e:a1:ca:a7:ad:f5:6f:66:3d:13:77:52:66:9d: + ec:63:1d:66:7e:58:90:56:7e:7d:32:a0:ec:43:14: + 29:90:9b:00:53:37:a9:bf:bc:bf:86:f0:89:5b:4f: + 64:98:4b:71:d8:b3:2d:75:10:28:67:b1:e4:80:f0: + 4e:3c:28:79:56:83:ab:a9:65:e7:fa:b8:d6:f6:b9: + 21:61:a2:a1:eb:a4:80:43:4e:ab:93:d1:95:00:03: + 91:c1:36:b0:66:47:f9:60:0a:70:37:08:cb:a4:cc: + 6e:85:1c:4e:c1:98:88:a8:18:5d:75:4e:7b:63:1d: + 4b:e9:1c:5f:f4:e0:72:be:c6:b0:cd:02:e8:25:4a: + 98:be:bf:9a:0d:93:74:4a:0b:bd:45:71:87:92:4a: + 39:d3:a3:96:d8:7f:2e:d4:e9:5a:3b:54:de:0f:87: + dc:d1:c6:cb:f7:73:d7:0f:3d:d1:ce:7c:5a:fc:64: + 91:15:ff:37:1b:25:05:83:0c:d3:d2:07:0a:7c:43: + 54:47:99:d2:fd:79:1e:35:a4:16:a4:b8:f1:f6:8b: + 37:b4:26:9d:07:63:33:d0:c9:18:50:d1:3a:ad:2c: + 62:90:d1:b8:36:58:51:77:6b:8a:ff:f1:bd:4e:fc: + 74:83 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Alternative Name: + DNS:xn--wgv71a119e.com, DNS:*.xn--wgv71a119e.com, DNS:blahblahblahblah.com + X509v3 Subject Key Identifier: + C6:0C:83:61:1D:BC:65:F4:0D:48:28:F5:00:9F:B3:84:0D:A4:B6:86 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 93:15:4f:06:9c:44:ae:f9:ce:f4:02:aa:81:94:7e:4e:38:4c: + 5d:cb:98:c2:e6:92:9f:bd:74:2a:43:af:d7:b6:68:cb:ff:49: + d5:ec:6f:4c:3b:1a:92:1f:8d:42:d0:98:2e:20:33:be:bb:06: + 9a:62:fa:6f:d5:de:a4:f6:d7:ad:64:c0:ef:c2:e6:7b:f9:59: + c3:97:be:95:ee:c8:ab:84:f0:a4:f5:99:aa:63:4b:bd:a6:0b: + 13:87:c8:17:5e:99:51:93:ec:88:38:4b:c3:91:92:af:5d:5d: + 05:5b:70:0c:de:fd:1a:89:ed:53:14:b3:05:04:bf:2c:5a:12: + c6:20:7e:c0:31:42:b2:98:84:3f:71:89:85:ba:8c:8f:8e:40: + c7:00:e6:b4:63:90:1e:0a:a1:e8:72:96:8a:ca:6b:a0:92:ec: + a6:b9:4f:ca:24:27:74:84:f6:f4:ac:e6:f1:12:6e:36:3c:1a: + a0:79:aa:ab:48:b3:db:a4:56:86:d8:30:14:e9:bc:2c:99:37: + a4:60:ea:2f:6d:5b:66:13:a3:20:f4:84:07:de:24:20:61:5c: + 51:b8:bf:28:89:a8:0d:c7:10:34:52:8e:53:49:af:92:b0:e0: + bf:31:9a:40:7d:dd:af:03:72:12:84:82:27:75:cf:0d:d7:bf: + 84:b9:b2:7c +-----BEGIN CERTIFICATE----- +MIIDRTCCAi2gAwIBAgIURP9HWzdxZWlqAkD9DPt7oHD0jV0wDQYJKoZIhvcNAQEL +BQAwHTEbMBkGA1UEAwwSeG4tLXdndjcxYTExOWUuY29tMB4XDTIyMTAwMzE3MjAx +MFoXDTMyMDkzMDE3MjAxMFowHTEbMBkGA1UEAwwSeG4tLXdndjcxYTExOWUuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsS4gm1aDougOagZT6ouj +LqHKp631b2Y9E3dSZp3sYx1mfliQVn59MqDsQxQpkJsAUzepv7y/hvCJW09kmEtx +2LMtdRAoZ7HkgPBOPCh5VoOrqWXn+rjW9rkhYaKh66SAQ06rk9GVAAORwTawZkf5 +YApwNwjLpMxuhRxOwZiIqBhddU57Yx1L6Rxf9OByvsawzQLoJUqYvr+aDZN0Sgu9 +RXGHkko506OW2H8u1OlaO1TeD4fc0cbL93PXDz3Rznxa/GSRFf83GyUFgwzT0gcK +fENUR5nS/XkeNaQWpLjx9os3tCadB2Mz0MkYUNE6rSxikNG4NlhRd2uK//G9Tvx0 +gwIDAQABo30wezAPBgNVHRMBAf8EBTADAQH/MEkGA1UdEQRCMECCEnhuLS13Z3Y3 +MWExMTllLmNvbYIUKi54bi0td2d2NzFhMTE5ZS5jb22CFGJsYWhibGFoYmxhaGJs +YWguY29tMB0GA1UdDgQWBBTGDINhHbxl9A1IKPUAn7OEDaS2hjANBgkqhkiG9w0B +AQsFAAOCAQEAkxVPBpxErvnO9AKqgZR+TjhMXcuYwuaSn710KkOv17Zoy/9J1exv +TDsakh+NQtCYLiAzvrsGmmL6b9XepPbXrWTA78Lme/lZw5e+le7Iq4TwpPWZqmNL +vaYLE4fIF16ZUZPsiDhLw5GSr11dBVtwDN79GontUxSzBQS/LFoSxiB+wDFCspiE +P3GJhbqMj45AxwDmtGOQHgqh6HKWisproJLsprlPyiQndIT29Kzm8RJuNjwaoHmq +q0iz26RWhtgwFOm8LJk3pGDqL21bZhOjIPSEB94kIGFcUbi/KImoDccQNFKOU0mv +krDgvzGaQH3drwNyEoSCJ3XPDde/hLmyfA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/quic-chain.pem b/pki/testdata/ssl/certificates/quic-chain.pem new file mode 100644 index 0000000000..ab0893b282 --- /dev/null +++ b/pki/testdata/ssl/certificates/quic-chain.pem @@ -0,0 +1,147 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Intermediate CA + Validity + Not Before: Dec 18 23:44:03 2017 GMT + Not After : Dec 16 23:44:03 2027 GMT + Subject: CN=test.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:56:6f:7e:d4:b4:b6:4e:e3:15:8e:8a:e9:46: + 06:15:63:4c:6d:3a:32:67:c7:14:a4:17:fc:b7:04: + 98:fb:b5:11:ae:93:1c:20:73:15:cd:b3:bc:ee:61: + 82:8e:cb:b8:78:ca:6d:e6:57:73:f3:45:6e:1e:c3: + 27:5d:af:5e:52:6d:12:47:44:72:3d:7d:8a:c1:47: + 50:19:4a:21:a4:08:b4:cc:2e:9c:a2:2a:ce:1b:87: + 82:ae:3a:23:b0:dd:d2:3e:64:fe:ce:a6:35:34:93: + 07:f8:88:6e:c8:be:b2:0b:5f:9c:96:0e:79:1c:a3: + 2b:c9:23:5a:8a:1f:1e:17:e2:a9:d4:3c:49:22:29: + 43:fa:63:55:3c:72:62:4a:d1:72:5a:ae:75:a8:14: + 67:eb:58:88:ce:11:0c:bf:09:67:f2:bb:c8:80:3e: + 4a:f0:35:ad:d2:dc:43:a3:2f:da:c6:3b:1c:6e:76: + 70:31:73:cc:33:5b:4f:36:dc:f3:8f:9f:a6:07:6d: + 61:e0:66:6f:2c:76:bd:85:a3:8b:d0:8a:ce:c4:bc: + 97:e0:ed:e1:29:df:a1:62:b9:ad:d8:0f:1a:f8:ae: + 44:fe:a6:28:95:c4:cc:df:b5:f7:6d:46:ae:ef:9b: + af:73:50:1d:9f:f0:c7:a0:ef:37:4b:13:73:96:24: + 95:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example.com + Signature Algorithm: sha256WithRSAEncryption + bd:55:54:e5:ac:2b:e6:6f:c9:45:b7:77:97:af:37:e6:6b:60: + cb:51:0f:b0:2c:40:71:39:73:7a:0b:6f:37:a5:cc:40:4f:d1: + 43:3d:8e:1d:37:ba:ff:2d:7b:80:21:fd:ec:e4:7c:20:6a:ce: + 6e:28:9b:c1:4e:9e:1e:17:1f:cb:04:61:c1:d0:72:0c:31:f6: + ee:2b:a9:9c:29:6b:45:bd:97:57:a6:25:f3:f0:6b:08:3f:4e: + 00:33:cf:47:3b:50:4a:15:a7:a0:c8:e0:8b:86:7b:48:3e:39: + 15:00:0a:aa:79:3c:8d:fd:d7:4a:68:2f:05:2b:60:2a:d1:7e: + 1c:bc:06:e9:b7:51:35:71:d7:6b:f4:b8:f3:17:d7:f1:d4:8d: + f8:0e:4a:11:34:4d:d9:19:70:33:0a:66:e6:4c:11:93:90:5c: + 5d:a1:f3:8a:1c:ce:0c:12:5e:a9:6b:e1:1f:eb:b3:65:b8:bc: + 1a:48:af:cc:af:fc:db:3e:0b:32:47:8d:fc:ed:b3:50:9a:65: + b8:19:eb:db:18:21:5f:e4:1d:c5:87:57:9b:5a:8a:59:16:84: + 8d:27:3e:f9:7a:c0:fa:e7:84:90:da:1a:03:98:b5:c6:a9:52: + ed:df:0e:7a:02:c7:e6:82:d2:06:cb:97:75:90:89:d6:d1:cf: + 43:74:09:f7 +-----BEGIN CERTIFICATE----- +MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 +IEludGVybWVkaWF0ZSBDQTAeFw0xNzEyMTgyMzQ0MDNaFw0yNzEyMTYyMzQ0MDNa +MBsxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCyVm9+1LS2TuMVjorpRgYVY0xtOjJnxxSkF/y3BJj7tRGu +kxwgcxXNs7zuYYKOy7h4ym3mV3PzRW4ewyddr15SbRJHRHI9fYrBR1AZSiGkCLTM +LpyiKs4bh4KuOiOw3dI+ZP7OpjU0kwf4iG7IvrILX5yWDnkcoyvJI1qKHx4X4qnU +PEkiKUP6Y1U8cmJK0XJarnWoFGfrWIjOEQy/CWfyu8iAPkrwNa3S3EOjL9rGOxxu +dnAxc8wzW0823POPn6YHbWHgZm8sdr2Fo4vQis7EvJfg7eEp36Fiua3YDxr4rkT+ +piiVxMzftfdtRq7vm69zUB2f8Meg7zdLE3OWJJUPAgMBAAGjTDBKMAwGA1UdEwEB +/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKC +EHRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAL1VVOWsK+ZvyUW3 +d5evN+ZrYMtRD7AsQHE5c3oLbzelzEBP0UM9jh03uv8te4Ah/ezkfCBqzm4om8FO +nh4XH8sEYcHQcgwx9u4rqZwpa0W9l1emJfPwawg/TgAzz0c7UEoVp6DI4IuGe0g+ +ORUACqp5PI3910poLwUrYCrRfhy8Bum3UTVx12v0uPMX1/HUjfgOShE0TdkZcDMK +ZuZMEZOQXF2h84oczgwSXqlr4R/rs2W4vBpIr8yv/Ns+CzJHjfzts1CaZbgZ69sY +IV/kHcWHV5tailkWhI0nPvl6wPrnhJDaGgOYtcapUu3fDnoCx+aC0gbLl3WQidbR +z0N0Cfc= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Root CA + Validity + Not Before: Dec 18 23:44:03 2017 GMT + Not After : Dec 16 23:44:03 2027 GMT + Subject: CN=Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:cd:89:4c:65:4f:4d:68:bd:2a:7a:4f:0b:10: + 3f:02:d6:2a:5b:5b:76:c8:97:59:67:19:6e:95:45: + c3:38:a4:c7:29:f5:f7:95:52:97:a3:01:19:b2:b3: + ec:09:97:08:4f:f1:db:43:67:50:59:ac:ca:9a:05: + 56:fc:73:42:f3:90:e1:e5:3e:03:75:35:33:d2:df: + aa:3d:f8:ca:16:5e:7e:ef:01:9c:2a:30:eb:c7:cc: + 06:04:90:14:c0:54:f5:96:22:26:30:39:73:c5:c0: + 9d:0d:b0:9f:b0:e5:cf:f6:b1:0c:10:ab:f0:c9:54: + a6:30:d5:b4:fd:a7:23:7f:1e:57:7b:72:d7:af:0d: + a2:3e:4d:b2:c5:51:70:2a:06:2f:66:21:ca:7f:7d: + 6b:60:24:5e:ed:5f:74:ee:4b:b1:f1:ec:54:a0:fb: + 89:05:69:94:78:9b:a4:85:8c:ea:e6:b5:d6:fd:c5: + 6d:98:28:e4:1d:81:1b:26:3b:21:c2:e4:df:bd:a1: + 0d:51:35:40:43:a0:a4:00:66:fa:97:46:d6:9d:95: + ca:da:62:f8:c7:60:6c:e4:89:c2:d0:74:30:fe:2a: + db:54:95:5b:68:5f:ca:bd:e9:af:27:13:fc:c4:6f: + e6:5d:05:92:cc:bc:e4:76:8a:2e:34:0b:5e:39:11: + 75:57 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 60:4e:38:f3:7b:00:46:75:8f:d0:4e:08:76:2d:ed:9f:bf:cc: + 50:1b:bf:e4:6d:76:50:fe:fa:7d:46:90:1c:75:f1:3f:47:19: + eb:02:38:cb:3e:56:0f:8f:09:ae:a8:42:d0:e6:5a:31:54:24: + b2:fe:4b:a2:e4:44:14:64:44:d8:50:12:62:4a:06:60:29:22: + 95:bb:c8:7e:dd:d4:7d:a6:dd:3c:0d:fb:71:67:6f:9b:49:05: + 09:7c:5c:63:2b:df:71:aa:ae:92:28:98:73:c2:60:b6:54:10: + f6:f5:54:d6:93:0a:22:56:0a:fd:45:8a:a4:d7:a7:21:df:f5: + 53:07:1c:3b:63:c1:7c:4e:f0:3d:5c:c4:c9:cc:55:ae:ec:fb: + 2e:4f:b0:f9:5b:1d:c3:46:ba:38:f6:ff:8d:b3:3b:d0:7d:15: + 3f:fd:6a:bd:a1:59:18:ff:57:fc:d6:c0:3d:7e:75:61:ff:13: + 09:81:5f:38:82:22:78:78:97:5e:e6:7c:fb:16:a8:92:40:97: + eb:7c:a5:37:da:ca:5f:28:69:e4:63:b7:07:61:ad:e8:5a:e8: + 06:55:c0:34:7c:30:66:1e:9a:7e:ed:cb:c8:14:c1:e3:b3:ac: + 8d:89:9c:6b:b1:ea:eb:71:94:c0:1d:63:b7:d9:82:74:13:0c: + ee:8a:ca:dc +-----BEGIN CERTIFICATE----- +MIIC1DCCAbygAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IFJvb3QgQ0EwHhcNMTcxMjE4MjM0NDAzWhcNMjcxMjE2MjM0NDAzWjAfMR0wGwYD +VQQDDBRUZXN0IEludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAOTNiUxlT01ovSp6TwsQPwLWKltbdsiXWWcZbpVFwzikxyn195VS +l6MBGbKz7AmXCE/x20NnUFmsypoFVvxzQvOQ4eU+A3U1M9Lfqj34yhZefu8BnCow +68fMBgSQFMBU9ZYiJjA5c8XAnQ2wn7Dlz/axDBCr8MlUpjDVtP2nI38eV3ty168N +oj5NssVRcCoGL2Yhyn99a2AkXu1fdO5LsfHsVKD7iQVplHibpIWM6ua11v3FbZgo +5B2BGyY7IcLk372hDVE1QEOgpABm+pdG1p2Vytpi+MdgbOSJwtB0MP4q21SVW2hf +yr3prycT/MRv5l0Fksy85HaKLjQLXjkRdVcCAwEAAaMjMCEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGBOOPN7AEZ1 +j9BOCHYt7Z+/zFAbv+RtdlD++n1GkBx18T9HGesCOMs+Vg+PCa6oQtDmWjFUJLL+ +S6LkRBRkRNhQEmJKBmApIpW7yH7d1H2m3TwN+3Fnb5tJBQl8XGMr33GqrpIomHPC +YLZUEPb1VNaTCiJWCv1FiqTXpyHf9VMHHDtjwXxO8D1cxMnMVa7s+y5PsPlbHcNG +ujj2/42zO9B9FT/9ar2hWRj/V/zWwD1+dWH/EwmBXziCInh4l17mfPsWqJJAl+t8 +pTfayl8oaeRjtwdhreha6AZVwDR8MGYemn7ty8gUweOzrI2JnGux6utxlMAdY7fZ +gnQTDO6Kytw= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/quic-ecdsa-leaf.key b/pki/testdata/ssl/certificates/quic-ecdsa-leaf.key new file mode 100644 index 0000000000000000000000000000000000000000..b3e47c7bc58f745b3ea0b1bb5523c4b9cc3bf1a2 GIT binary patch literal 138 zcmXqLY-eI*Fc4;A*J|@PXUoLM#sOw9GqSVf8e}suGO{R~Rp4=5x+c2n>cYNLCSFOA zE}cc~);3c=*}qahZGDSRd7%rl69bD=SE+R;llbB3H%)EU%yL`e_DlRsESFE#;*OgC qE=Q-W&$SjWyBHawd`66Qn&v#6FUw~iak5tQTeG)6e3JIR{#F1im^2Uo literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/quic-leaf-cert.key b/pki/testdata/ssl/certificates/quic-leaf-cert.key new file mode 100644 index 0000000000000000000000000000000000000000..e509d72513b8a7e580d061b4dd75f1fd62706e38 GIT binary patch literal 1219 zcmV;!1U&mNf&{+;0RS)!1_>&LNQUrsW5^Br2+u}0)hbn0J2tZe$=$K zPU97his?oM6=O_oIx=U+6r>mYw*;8`wGpn993XQQ&9l7jVS6f2(-*DoT4hu8;63fIwP>%(mrJV&ZadqlLz>SZpgl} z3tya;4tX4-E6F2TiXR>q;;Ga;Ng^pj`eRi*a$-u+a$2r+s1#@GScuLM48I9y^1H}@ zK1%R4tqc7UVI~;Cya4~btGh0tK-1Cp0rUz|d;AU?ucD;q8i_nVB#Jrc_?cpik zp<=nM*bf@`u0;N(D3!#_-?jH`My~IhuX9ixpYX?^?>9>mbCx8P4*~-L009Dm0RUPN zb8sK$Ki*!K2KU{I4DvKmwMr=Dl@^N*yvm`>0&>^VhRyV|1x_@^b)?|ID(#cxvDb_g-b26O zxRg+)clTXPR67yMo=F<7*pPyJ0sX*Uh80EMVx>EWaFe&MI+GY%f>*dxn)9z+x(6m> z%D@W0lczM{1C-dj51JrJfA5axr19eSVws_%Rh)bpz-hQT|Eiey)kHv$NAeAV-4acjZ}7ZrQHqzcoMdiL3-H?rEmUHF)%uw~C( zJ}pYw%J6#A2EY8tH=Ull1;t{^QSy+IUFs3nVSH+e9|(g&P$sbT+95EbbW~^YzAu3l zIl;e?FT(Q08>e{snyg8CUonF4h0_9ofdIz30L$|i^SY$d-E-jyIg~G1z&myC()3$a z?D5gDUK;QZ9brIkVQmsc+~SbJJ-@r&uR+KhE|E}locdyD{N*HZjG@3lHyC=h^S@lj zADIcEL+!F&1;lT^(Q0K2b~*cYQ9jaNB)lRw?6v{^Q|j5rK-T&0gBbzmm*um8f>i>6 zfdIGW$?`!BiYxGhR&4C5)M?77BOITDLsdzNJMk3Ujr<0f?_4uZ1)ys+hD4UjH2LqZV zJShT!fdHj7VE(6<8V}8x;Q)DK`BQE=rWc9J9$X(Tm5BOsd+JNYGIH2}mOP=D0l*e) z5<~{_%0Hdx!4}3ZAUBcaZrnjqeh@zf2wzU%e*05Ie6E{|<36>XE-PGjJ^HW#XmCd- hR)z8%(v`=DRoXBV6*$|t)Ok{YH`ON=jxer>BQQ;^P_h63 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/quic-leaf-cert.key.pkcs8.pem b/pki/testdata/ssl/certificates/quic-leaf-cert.key.pkcs8.pem new file mode 100644 index 0000000000..00983fc3aa --- /dev/null +++ b/pki/testdata/ssl/certificates/quic-leaf-cert.key.pkcs8.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCyVm9+1LS2TuMV +jorpRgYVY0xtOjJnxxSkF/y3BJj7tRGukxwgcxXNs7zuYYKOy7h4ym3mV3PzRW4e +wyddr15SbRJHRHI9fYrBR1AZSiGkCLTMLpyiKs4bh4KuOiOw3dI+ZP7OpjU0kwf4 +iG7IvrILX5yWDnkcoyvJI1qKHx4X4qnUPEkiKUP6Y1U8cmJK0XJarnWoFGfrWIjO +EQy/CWfyu8iAPkrwNa3S3EOjL9rGOxxudnAxc8wzW0823POPn6YHbWHgZm8sdr2F +o4vQis7EvJfg7eEp36Fiua3YDxr4rkT+piiVxMzftfdtRq7vm69zUB2f8Meg7zdL +E3OWJJUPAgMBAAECggEAWhFzcB/nQOfoonuCRrxZ2DV1ZPjueiE+mH2Q4bINvZo+ +WufrXawiB+jN86sFsC7NdRvvk1T5t5SKQDkZyaQHRCPYBmxYMhwUlvb4Sj15bgoD +ndewvepWe+rdoja0zd/KDj8dvaqN1oankOr+4J4G992LDPI0UrVKKOSVFosOvMqh +zAJy19KGzfSzBU40xnWk4MEq7ZPksdeMFN5Dv+C4lFCmd/ddTFQ7EcqeSRqv2JCC +fAH9wF6GFUXfYqU7h3CTt686kxhbgle4U5rzr126ByZjysAKv5OnNOEDlNi8D5og +SX/vjuek8eL3Ypmho1Wch+f3w315gs8KWQjx0lcv+QKBgQDlvCRPat/qu0v/hsE7 +iopkV5I3AghzfNXzaHFrwgkXFXu+pArTk3r22aY3strAXfiYp7Blz10+LUrZyvB6 +0wa//Mk3nZ67BcViy1HykJJd6hHXYXxqih8Ig0JQJrD12iEwo3RUZ/G+L4EVOcG/ +kS/C8sUbp3j6mqxJe18xgvCF0wKBgQDGugDL8xfzuqTT3XPhCTmUL1nAO3Xv0vRb +Vuzx0bFeGvAPHWFAb2FtEkXc4pDCPb+73q9ByBwukVB0nPpiaPzlJHGMocBANxh6 +tvO/XMcfmQmhQ+2yXgXEb7/RamULdjn7dlE+0l8kvCI37LYB/lPq2cdA1vnugxkB +55fls4GCVQKBgQC35snyQQ2KK/CEVmzsqtRpyqgjHJ+DQ1VJijvxFNyN/AaY71wz +TgXLASPLxoLSJudP3Dya40oy8bLPcWLcD32BxmuU97oO4GnH0haBZDWmtC8gCMu9 +xV9eQyScYLybsceL1ezTfHnJ0uE0Co4MOb7QAeLDZmazxYlRMU9cpQLBPQKBgQCT +yYwCIHy1kx41OUGOH3AklbonTZD9k2KJ8vEvPQSsuVfBxdWnN626kZZHGG8TJRzL +uGWZhBoBP6wXrQ4/1VgNiLaxITF6D/8yc5B9xZ+IDiWtOnkw5t9fIMQEFx2iEoA4 +U9tD3utGxGqmMHGCtgLuaprVy4n/KJuWYQcDmiU8KQKBgQClNWD+p5caD82Z4QB5 +Y/lTbjmmF4nLHlwfLpWI+nJ76kvFMnLYgJY8oZgBwBZsEkQG8so/nejBFsYvIDeR +5W7cQVJ+ED8GCF9O4H77U0R8rpuL4z61ni4rXHc9+rABaHBHJ1aF8h3SlceHVdow +FBU427jUeVKBN9UnFo4wrogjMA== +-----END PRIVATE KEY----- diff --git a/pki/testdata/ssl/certificates/quic-leaf-cert.key.sct b/pki/testdata/ssl/certificates/quic-leaf-cert.key.sct new file mode 100644 index 0000000000000000000000000000000000000000..0d19282b53503cbc3933342c9bc2462cd7c4e5d0 GIT binary patch literal 33 ocmZROXOK-x%uZD(PA*YM%P&$WNi8nXORY%EEyzjLOU};)0H*K@3;+NC literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/quic-root.pem b/pki/testdata/ssl/certificates/quic-root.pem new file mode 100644 index 0000000000..f25cd2eeed --- /dev/null +++ b/pki/testdata/ssl/certificates/quic-root.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCAbygAwIBAgIJANU1FI5oBbmLMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV +BAMMDFRlc3QgUm9vdCBDQTAeFw0xNzEyMTgyMzQ0MDNaFw0yNzEyMTYyMzQ0MDNa +MBcxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqSSRbDX0cmxTOeBh4qqMtw8BA7J8l6CYZqeUgigR67xAvJGEqx +WhYDBjodWIYucrwqkRuju1ufRXVNAD8rqs47db5NPDHH+FqN33RkSa9XIdOGdnHX +NfCQ13Vpq9tnvZ3zCzvSWXDVYz6GcCBJ51tjWNZtX8O8N179HcVef3LhBGweAJJv ++FkOLiClZ1y2A5hfdmuYmIYy2Iwc7we/R6jm+Ns0pVA8NrLicEHzrxJLMlMD5+zd +WjkY6Bv9OdPipmEr1/EP3957bZ7uIUZWEq79SnQ90sKkMVS+q7Ckz7PdMBJI+fZc +HsjucLXL0tysbcF+CtYqHsbrazye0yERUFECAwEAAaMjMCEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAJZRG2cJGaGF +Tl8H6+SltT9dlZ//Z7ZNsWEfv8xehGrRHsV2kxXvuVf1K4EpP3FAEvDJgOvP1MkA +rmcpI9SsY4cr0Zy/s+Ez8SwespXkSKvtCXCmq9/kpadFPDWwR1NAXVzSEuhXJxDR +bA+boLCu6rMFbkoRi/aFYzro+9m8RsXlyYGVGspov411lu56huoJ3ooGTIfQM8or +N6ZNWkb+RTUUj29o3qr3kiQv73mB6h47/3IkYC5mITl+vK3OtwIRwjLzXZuS40/W +RlI+SRYG4/yTzgV1DB4JlVJl4qMsF3z1zY1P7WeCU4YqZoIam/Ig/ZzxfOFTczk8 +vw1/E4YbkfE= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/quic-short-lived.pem b/pki/testdata/ssl/certificates/quic-short-lived.pem new file mode 100644 index 0000000000..ef24357aa6 --- /dev/null +++ b/pki/testdata/ssl/certificates/quic-short-lived.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 14:95:0e:b4:a9:33:04:9b:ed:a5:47:b9:c8:0f:12:14:57:d1:66:ff + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Short-lived Certificate + Validity + Not Before: Jun 5 19:49:12 2020 GMT + Not After : Jun 19 19:49:12 2020 GMT + Subject: CN = Short-lived Certificate + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:42:8a:75:3b:89:02:17:c3:97:d9:35:3c:ac:9a: + 46:a4:46:fa:17:cc:5d:0a:4c:6a:a3:88:7c:ff:44: + c5:96:af:6d:3b:17:76:d1:59:54:23:cc:16:05:96: + 29:9e:2c:f4:a7:9b:c4:42:3b:21:4e:ac:bd:8f:57: + 92:2b:fe:8f:85 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + DNS:example.org + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:73:ca:c3:64:38:04:ad:5e:f7:87:a6:1f:ac:62: + 03:7b:3a:11:5b:51:2a:11:b2:25:e3:24:1e:62:ec:72:39:be: + 02:21:00:f7:df:1b:83:07:a2:fd:d1:1f:c9:92:57:1f:ee:2c: + f2:27:b5:99:91:8f:8b:9d:02:a3:f7:5d:17:9e:d6:19:a6 +-----BEGIN CERTIFICATE----- +MIIBazCCARGgAwIBAgIUFJUOtKkzBJvtpUe5yA8SFFfRZv8wCgYIKoZIzj0EAwIw +IjEgMB4GA1UEAwwXU2hvcnQtbGl2ZWQgQ2VydGlmaWNhdGUwHhcNMjAwNjA1MTk0 +OTEyWhcNMjAwNjE5MTk0OTEyWjAiMSAwHgYDVQQDDBdTaG9ydC1saXZlZCBDZXJ0 +aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEKKdTuJAhfDl9k1PKya +RqRG+hfMXQpMaqOIfP9ExZavbTsXdtFZVCPMFgWWKZ4s9KebxEI7IU6svY9Xkiv+ +j4WjJTAjMAkGA1UdEwQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZI +zj0EAwIDSAAwRQIgc8rDZDgErV73h6YfrGIDezoRW1EqEbIl4yQeYuxyOb4CIQD3 +3xuDB6L90R/Jklcf7izyJ7WZkY+LnQKj910XntYZpg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/redundant-server-chain.pem b/pki/testdata/ssl/certificates/redundant-server-chain.pem new file mode 100644 index 0000000000..755b84dcac --- /dev/null +++ b/pki/testdata/ssl/certificates/redundant-server-chain.pem @@ -0,0 +1,333 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDsdrSxnyz5qQNr +JRBll0qjD5zDYW41+A+X2rDMDONOaLlO9OODtjvoCRBg5KUJ2y9a/Vsui77szkLD +7h4lJPTlxGyFNxgtfyzSuXEb5ZBP0kYD+RXfafIeTmQECIFwsmnc3ytonl+Hzr+g +6G2w12qNWOL3DqrxgOc/9UeZKuTf4ERM7x1cfBmA3keW0M8PqJ9rVSG7zzLreago +Q81pmlWVttFrZWt2PAq6DH7BEdN+cbIEa6bSFOmBW24r+TJxxDc9X95xXNdC/LYn +fb9tN+1gPDd1bcjeEdPIg0EMqb0BtfcaUjZojownuIt04fcaet4OaVoo/HNhy9XM +GqqoHQeHAgMBAAECggEAIBGZP92Og+1gAU/tgVmbTbH4WKcGA1u5AacvAv1cdm3N +c9/SWzKDvVw9VGat20BWk8h4bT+WjRcMBvZsMC1q6R5SeV6XcNQmiA2OQXJIuAqU +ZEWLqdj8dQ+8kK92nooTwVii0nVoD0sCwhfDiJAuayz62vaqSEZrFkl1hFhE4feN +jpNOjzU54nbtmAnT1umyO13pJxTcRjetTJioIsl/uvTGuIhBsY6gqYchtPtZ0c35 +0/YNOMtAWKERDgpyFwBNmUA9YunmS603ThA5SB7rbaMbANyxXoGRcRjNavI67ues +fgvRY/GghnY2sKroyc9CIsnghrGAITW6miQw3uWRQQKBgQD4mTh7g0DP3bfHUIqm +af7UmPV7gPrJItlvgrYRYy4zjnxvNk/kcfgrJATMAnqGX5KrbXFX6AdfanRRnJcP +gCojd1C3v3cotUVky9r91v/1Hn1fe2hDzy/qrbwh2WBATPKCJjL0PuXNhGsfqoKG +SMhvqy95sfFnqvy4f4pUPh6pIwKBgQDzgP7WUAVWUcmjjxq6QM8WfDD5RMuPfAL4 +skkpm3WB/H+xUeqax+KSKNDDrWTfhWpTucZt0v84aG6NQz4vzkc5DrRnWltkqFgR +NLU1esrgn1bnh/iNQt+bmw8OgH0puJsI82wBa7QjGYu3ocW043Avp1DS2ocMGMzu +S+hFvBG4TQKBgFDI8drpVzl1cpBZswTLMx2BK1zcGCMeqQwcrO/PjCcC6Zr2SlYR +VzUluk1VjN1312DP6uJHK4YtQOl4enp2CruFvXxIwv8+kPNlb5/Hq1vLcbCCmOpY +PNkFZjqVujqLBs+WfD505ha4LluW/F2I72GifoYMdkdbAE8wWxJvMWWDAoGADRQg +m+IwZzJ9YguNo/NXLB3/g2PuiwZeIn1w8IspBJJLSXrc3vNdd/w5OklV4auIynZv +8fYjPyRcy7mQ3YB20tm3VtXDkuR31nS+RuERhH8Ka+UhtHSjDfiGFoFQN61ypkhs +xKbERh5ZIsPNmqmcnPKfpLOYDU5Hs4TgNN6lFQECgYA/0Y25oCHqLH9MfPGs2gMJ +BTeMxzAIsA2lwhr2/WOANHA9cWnHtI3d1eNequZpNgxtKbw2mxbM+IfnO50czV7g +5PJPvU79T6d64u1AOtoKbCxgm9wTL8UmEPvEInnT8SfnECPxW9Pwey2rC39527jl +i5FkIsSiwU8YIZk73YCqDg== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ec:76:b4:b1:9f:2c:f9:a9:03:6b:25:10:65:97: + 4a:a3:0f:9c:c3:61:6e:35:f8:0f:97:da:b0:cc:0c: + e3:4e:68:b9:4e:f4:e3:83:b6:3b:e8:09:10:60:e4: + a5:09:db:2f:5a:fd:5b:2e:8b:be:ec:ce:42:c3:ee: + 1e:25:24:f4:e5:c4:6c:85:37:18:2d:7f:2c:d2:b9: + 71:1b:e5:90:4f:d2:46:03:f9:15:df:69:f2:1e:4e: + 64:04:08:81:70:b2:69:dc:df:2b:68:9e:5f:87:ce: + bf:a0:e8:6d:b0:d7:6a:8d:58:e2:f7:0e:aa:f1:80: + e7:3f:f5:47:99:2a:e4:df:e0:44:4c:ef:1d:5c:7c: + 19:80:de:47:96:d0:cf:0f:a8:9f:6b:55:21:bb:cf: + 32:eb:79:a8:28:43:cd:69:9a:55:95:b6:d1:6b:65: + 6b:76:3c:0a:ba:0c:7e:c1:11:d3:7e:71:b2:04:6b: + a6:d2:14:e9:81:5b:6e:2b:f9:32:71:c4:37:3d:5f: + de:71:5c:d7:42:fc:b6:27:7d:bf:6d:37:ed:60:3c: + 37:75:6d:c8:de:11:d3:c8:83:41:0c:a9:bd:01:b5: + f7:1a:52:36:68:8e:8c:27:b8:8b:74:e1:f7:1a:7a: + de:0e:69:5a:28:fc:73:61:cb:d5:cc:1a:aa:a8:1d: + 07:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E7:8D:C4:21:0B:CE:12:A1:F7:05:E6:52:AF:3B:A6:10:BA:71:68:3D + X509v3 Authority Key Identifier: + keyid:77:3C:D2:AA:A1:C9:7D:FE:B6:90:3F:CB:1B:F6:38:37:0C:28:1A:F7 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 17:ff:16:47:18:ed:d0:b5:54:fb:b6:02:c7:e4:c1:9a:4d:99: + 54:cb:ca:df:75:25:d4:e5:b5:20:74:3d:ac:f9:e2:a1:87:a5: + d1:a2:da:48:c0:71:12:9f:84:9e:10:70:9c:bd:4c:74:85:90: + b8:15:9c:b2:fb:f2:4c:03:7c:7a:a6:6e:c4:91:19:93:79:a4: + 47:96:fa:30:15:a3:02:20:d0:07:23:70:16:db:73:aa:6e:61: + b9:b1:0f:a9:e5:f8:d4:4f:34:19:a1:2e:fa:d6:f0:97:76:8c: + ff:08:54:8e:dc:a3:49:c9:a3:d8:e0:c3:71:e9:8f:98:3d:dd: + 25:73:c4:da:c3:fa:43:19:48:39:5c:43:8c:30:7a:cf:de:5a: + c9:ee:8e:2e:88:b0:e7:84:74:5f:d4:91:a6:65:8d:bc:fd:10: + 51:3c:53:32:fe:dd:03:84:9b:b0:64:58:9d:99:b4:bc:5f:ce: + 30:af:67:58:f5:6c:02:67:20:f9:aa:dc:d6:96:fc:00:e8:6d: + 72:48:12:a9:f9:dc:4b:00:26:fb:ab:1f:00:ac:e2:11:f9:36: + 2c:bd:a9:1c:86:b5:77:c6:97:6d:29:ec:3f:d3:94:95:46:54: + a4:2d:66:7e:9d:d7:1b:ea:21:f7:39:a3:b4:fb:e9:b6:38:4d: + eb:49:1d:83 +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD +QTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0MTBaMGAxCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAw +DgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDsdrSxnyz5qQNrJRBll0qjD5zDYW41+A+X2rDM +DONOaLlO9OODtjvoCRBg5KUJ2y9a/Vsui77szkLD7h4lJPTlxGyFNxgtfyzSuXEb +5ZBP0kYD+RXfafIeTmQECIFwsmnc3ytonl+Hzr+g6G2w12qNWOL3DqrxgOc/9UeZ +KuTf4ERM7x1cfBmA3keW0M8PqJ9rVSG7zzLreagoQ81pmlWVttFrZWt2PAq6DH7B +EdN+cbIEa6bSFOmBW24r+TJxxDc9X95xXNdC/LYnfb9tN+1gPDd1bcjeEdPIg0EM +qb0BtfcaUjZojownuIt04fcaet4OaVoo/HNhy9XMGqqoHQeHAgMBAAGjgYAwfjAM +BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTnjcQhC84SofcF5lKvO6YQunFoPTAfBgNV +HSMEGDAWgBR3PNKqocl9/raQP8sb9jg3DCga9zAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA +F/8WRxjt0LVU+7YCx+TBmk2ZVMvK33Ul1OW1IHQ9rPnioYel0aLaSMBxEp+EnhBw +nL1MdIWQuBWcsvvyTAN8eqZuxJEZk3mkR5b6MBWjAiDQByNwFttzqm5hubEPqeX4 +1E80GaEu+tbwl3aM/whUjtyjScmj2ODDcemPmD3dJXPE2sP6QxlIOVxDjDB6z95a +ye6OLoiw54R0X9SRpmWNvP0QUTxTMv7dA4SbsGRYnZm0vF/OMK9nWPVsAmcg+arc +1pb8AOhtckgSqfncSwAm+6sfAKziEfk2LL2pHIa1d8aXbSnsP9OUlUZUpC1mfp3X +G+oh9zmjtPvptjhN60kdgw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN=B CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:96:bf:0b:a1:79:f7:12:d1:8c:ec:e3:63:4a:c7: + 30:53:10:0d:60:41:84:27:99:f0:9f:a4:9e:ec:19: + 24:28:80:0b:8e:55:0c:13:ab:16:72:2b:43:aa:ac: + fa:0f:b2:47:ae:a3:a2:8d:66:85:2b:2f:b1:c6:f2: + bd:b6:5e:3b:d1:2b:0d:c2:bc:96:4f:d9:5f:2c:74: + 7b:7f:2a:2c:52:84:f6:71:a7:87:df:d3:4e:be:e7: + 53:70:cd:f0:47:5b:e4:5b:5b:64:49:37:5b:93:99: + 09:78:22:f2:04:9e:af:aa:91:f6:22:a5:59:5d:9e: + c7:cd:c5:11:1a:9e:99:3b:19:ad:51:59:f5:0e:ec: + 30:f2:7e:64:33:91:cd:f0:26:12:fe:cb:f2:6e:67: + a2:ec:94:6e:b2:97:3e:51:c0:ca:0a:e4:8a:f3:c6: + fa:cd:55:95:11:57:5e:bd:9b:b9:70:d4:04:af:f2: + c8:5e:1e:fb:b3:d7:03:0a:0e:be:cf:fa:c7:97:63: + 7a:e0:b4:22:07:a7:18:b6:a7:1a:d5:23:26:c1:c4: + 39:83:3c:45:53:9d:fd:a4:17:62:8d:bd:f2:4b:40: + d3:85:1d:06:3a:24:4f:8f:65:77:cd:c9:e8:64:a4: + 55:16:20:8f:17:5c:f1:6b:75:db:8e:ac:eb:2c:97: + 28:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 77:3C:D2:AA:A1:C9:7D:FE:B6:90:3F:CB:1B:F6:38:37:0C:28:1A:F7 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 8c:35:9a:a4:61:08:6e:60:d9:9e:af:ab:22:89:ca:ca:39:03: + 9c:5d:4e:5f:dc:e5:dc:33:ce:19:af:19:fd:db:c9:a7:ca:d8: + 65:73:42:73:35:70:57:99:f0:e0:b5:c8:79:31:72:f4:85:d8: + 3d:20:04:cb:28:dc:22:bf:ce:43:7f:72:39:7e:b4:aa:c2:a4: + e4:25:dd:af:0e:8c:a9:fc:23:a8:4e:3d:52:fe:d4:27:dd:08: + de:4c:b6:6c:9c:9c:11:87:11:6e:cb:f0:43:38:4b:62:71:e7: + 09:d0:01:3f:5c:51:03:41:06:03:76:27:17:15:19:26:a4:6d: + 17:63:3e:00:d3:d4:02:17:33:17:87:57:9d:33:b5:7e:76:98: + 3c:a5:68:da:e6:08:76:c5:3b:ea:6a:58:4c:16:da:92:d4:b3: + a6:d0:2e:4d:07:7d:ed:57:fa:e1:2a:09:bc:1e:4c:94:3e:f2: + 11:41:4c:03:a8:08:a4:4c:7a:f1:42:f2:8f:ae:d5:15:5a:c5: + 22:d3:b0:d8:d5:1d:10:6a:ee:ed:a1:4d:b4:2c:33:e2:0b:c3: + 92:91:c7:c9:f4:f4:2c:53:8a:f6:1a:80:ff:dc:b3:91:2d:51: + 0d:cf:e8:d3:89:3f:b1:90:76:44:8f:b1:f9:c1:60:4d:03:28: + 74:72:ba:26 +-----BEGIN CERTIFICATE----- +MIIC3DCCAcSgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQyBD +QTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0MTBaMA8xDTALBgNVBAMMBEIg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWvwuhefcS0Yzs42NK +xzBTEA1gQYQnmfCfpJ7sGSQogAuOVQwTqxZyK0OqrPoPskeuo6KNZoUrL7HG8r22 +XjvRKw3CvJZP2V8sdHt/KixShPZxp4ff006+51NwzfBHW+RbW2RJN1uTmQl4IvIE +nq+qkfYipVldnsfNxREanpk7Ga1RWfUO7DDyfmQzkc3wJhL+y/JuZ6LslG6ylz5R +wMoK5IrzxvrNVZURV169m7lw1ASv8sheHvuz1wMKDr7P+seXY3rgtCIHpxi2pxrV +IybBxDmDPEVTnf2kF2KNvfJLQNOFHQY6JE+PZXfNyehkpFUWII8XXPFrdduOrOss +lygJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHc80qqhyX3+ +tpA/yxv2ODcMKBr3MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA +jDWapGEIbmDZnq+rIonKyjkDnF1OX9zl3DPOGa8Z/dvJp8rYZXNCczVwV5nw4LXI +eTFy9IXYPSAEyyjcIr/OQ39yOX60qsKk5CXdrw6MqfwjqE49Uv7UJ90I3ky2bJyc +EYcRbsvwQzhLYnHnCdABP1xRA0EGA3YnFxUZJqRtF2M+ANPUAhczF4dXnTO1fnaY +PKVo2uYIdsU76mpYTBbaktSzptAuTQd97Vf64SoJvB5MlD7yEUFMA6gIpEx68ULy +j67VFVrFItOw2NUdEGru7aFNtCwz4gvDkpHHyfT0LFOK9hqA/9yzkS1RDc/o04k/ +sZB2RI+x+cFgTQModHK6Jg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4099 (0x1003) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=D Root CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN=C CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:97:21:4e:ff:ff:22:dd:de:6d:cc:05:75:3b:37: + 80:28:9f:61:8b:a2:ac:9b:3b:b1:e6:3a:a4:35:ce: + 7b:95:ce:d2:2f:95:f1:c2:51:c2:9d:21:71:dd:06: + 3a:eb:67:68:59:2d:f6:19:b1:7d:98:06:c2:c4:19: + 34:2a:00:0a:f1:0a:0b:76:39:ba:0f:e9:69:bc:14: + c9:fa:38:b4:f6:38:55:45:3d:21:c7:b8:20:e3:47: + ac:5b:9e:ec:7f:a9:8b:72:00:79:5c:25:13:01:86: + a9:6a:d9:12:b1:d2:3a:a1:cc:e5:e0:63:b2:0d:ea: + aa:a7:42:f9:de:cf:de:e0:15:9b:6e:cd:86:81:d8: + 5f:3f:a1:7b:bc:97:31:40:0e:17:a3:aa:c4:48:5a: + 5c:c8:e5:89:92:68:85:08:6c:cb:31:35:9c:fb:1e: + d3:66:35:ee:d9:d7:ea:b8:5c:3e:d0:60:94:4c:3d: + 2b:21:6b:72:b8:3a:16:e4:f1:ea:97:74:0c:cf:27: + a5:03:c1:b7:c3:d9:4d:5a:3d:c5:8e:3f:ca:99:b4: + b6:59:c6:9f:22:38:0d:4d:c7:f7:11:f8:d0:71:99: + 5d:4b:e2:30:62:00:fb:01:c9:ca:3e:ed:6a:d8:6d: + 2d:0f:1a:77:33:02:b4:41:b3:ba:f6:1c:38:be:54: + c9:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 63:B1:47:26:FC:DB:79:3F:76:96:69:4D:EA:7E:D0:B7:6A:D2:3F:A8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + b2:52:23:e9:38:02:24:58:bf:cb:b4:62:f3:97:74:9a:24:4a: + aa:c6:bd:59:5b:d7:33:a4:7e:8f:10:3a:09:44:a3:a1:90:f2: + 32:c2:e9:a7:e5:16:ca:c9:6c:a1:4e:94:8a:e6:f0:dd:f2:59: + 2c:7c:62:84:c8:28:e2:5f:f1:6f:c7:04:21:49:3f:24:8f:fb: + 4c:38:1c:3a:5d:18:e9:f2:5d:28:5c:a8:ce:01:12:aa:17:f2: + c0:bb:87:43:70:d7:8a:59:e7:80:38:ef:df:72:b3:1c:70:88: + a8:65:66:40:b3:25:1d:57:f4:a8:c1:34:e6:30:1e:2d:b5:b7: + fb:1f:99:4b:e1:fa:03:af:79:4e:5f:3c:39:02:14:e6:8b:06: + 1b:5b:34:c7:c1:c0:30:48:2e:1c:16:ab:6b:4f:25:37:1e:a7: + f1:fd:09:29:23:ae:89:21:31:fd:64:7c:67:37:ca:bc:26:47: + fd:aa:d5:45:84:e1:27:47:fb:cb:05:10:cc:5b:55:f2:fb:c1: + 08:55:89:43:0c:36:5e:4f:16:3b:35:3c:1c:61:59:90:ae:8a: + a3:53:4d:23:da:22:80:36:5c:e9:ff:49:9e:94:eb:4f:6c:15: + d0:4c:6c:8b:21:eb:18:24:44:d8:72:4e:de:5f:47:d2:6c:55: + dd:4f:c6:81 +-----BEGIN CERTIFICATE----- +MIIC4TCCAcmgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJRCBS +b290IENBMB4XDTE5MTAxODIyMjQxMFoXDTI5MTAxNTIyMjQxMFowDzENMAsGA1UE +AwwEQyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJchTv//It3e +bcwFdTs3gCifYYuirJs7seY6pDXOe5XO0i+V8cJRwp0hcd0GOutnaFkt9hmxfZgG +wsQZNCoACvEKC3Y5ug/pabwUyfo4tPY4VUU9Ice4IONHrFue7H+pi3IAeVwlEwGG +qWrZErHSOqHM5eBjsg3qqqdC+d7P3uAVm27NhoHYXz+he7yXMUAOF6OqxEhaXMjl +iZJohQhsyzE1nPse02Y17tnX6rhcPtBglEw9KyFrcrg6FuTx6pd0DM8npQPBt8PZ +TVo9xY4/ypm0tlnGnyI4DU3H9xH40HGZXUviMGIA+wHJyj7tathtLQ8adzMCtEGz +uvYcOL5UyXMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUY7FH +JvzbeT92lmlN6n7Qt2rSP6gwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA +A4IBAQCyUiPpOAIkWL/LtGLzl3SaJEqqxr1ZW9czpH6PEDoJRKOhkPIywumn5RbK +yWyhTpSK5vDd8lksfGKEyCjiX/FvxwQhST8kj/tMOBw6XRjp8l0oXKjOARKqF/LA +u4dDcNeKWeeAOO/fcrMccIioZWZAsyUdV/SowTTmMB4ttbf7H5lL4foDr3lOXzw5 +AhTmiwYbWzTHwcAwSC4cFqtrTyU3Hqfx/QkpI66JITH9ZHxnN8q8Jkf9qtVFhOEn +R/vLBRDMW1Xy+8EIVYlDDDZeTxY7NTwcYVmQroqjU00j2iKANlzp/0melOtPbBXQ +TGyLIesYJETYck7eX0fSbFXdT8aB +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 37:4c:99:18:7e:b3:0c:6e:53:25:45:1c:0c:89:17:9a:88:0c:86:44 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = D Root CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN = D Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:dc:15:a5:eb:d7:9f:c0:de:cc:53:f2:2e:f2:d6: + e4:22:66:16:f9:39:25:0c:f9:c4:51:19:1c:7f:ca: + 16:64:fb:c1:8f:18:b4:77:cc:c1:6f:99:ce:54:59: + 2a:e8:5f:14:fc:2f:58:51:ed:01:bb:31:93:13:9a: + f5:49:07:f7:e8:ae:fa:34:78:1b:d2:1e:3a:c8:4a: + a4:30:c5:5c:22:09:ad:3d:b8:cc:0c:56:24:ba:fd: + ab:b8:2d:dd:92:e3:f4:88:a3:64:f0:e6:b6:f9:f2: + ac:86:3c:77:e0:19:26:4b:0e:dc:f1:97:05:9e:13: + de:0c:1d:72:47:ec:ed:1c:09:18:f8:f3:7d:55:ba: + 59:06:9f:3a:5f:08:ee:cd:35:b2:3c:29:e1:fb:4a: + a3:4d:1c:fa:59:62:da:ac:13:bc:ad:d2:da:9c:e8: + ee:10:e8:36:e2:97:04:e3:04:ca:af:d6:97:7e:e9: + 44:86:8d:46:9f:7d:58:2f:be:0a:1d:34:7c:e3:f0: + 0b:9a:50:78:ff:d2:ee:6d:4c:2a:b0:e6:a5:80:45: + 4c:9c:dd:a6:df:93:6d:ae:e7:98:c2:4b:c4:c5:d6: + 55:9a:d4:df:ba:00:a5:0f:1d:23:b4:63:75:cc:c7: + ff:08:8e:1c:77:bb:6b:cb:cc:b4:e0:81:ff:56:fa: + 45:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + EE:13:A0:76:5C:58:BE:8C:5A:67:31:CA:23:35:67:55:0D:51:0E:12 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 3d:ad:ea:a5:49:bb:c6:f0:0a:5c:2a:2a:8c:be:7f:24:9d:55: + 83:85:78:cb:c5:02:5a:eb:cd:f5:36:aa:df:32:8b:3f:19:f6: + c0:9e:66:20:12:81:e9:e1:39:48:31:e8:92:c8:b1:af:fa:1f: + b7:07:8b:54:2e:d2:55:79:c8:c8:44:75:b0:fe:d7:d2:8d:93: + 58:82:eb:ff:49:69:93:63:de:df:19:ba:e0:a3:79:41:48:2c: + 18:f4:33:a5:de:d9:00:da:e7:05:7e:88:74:8c:df:01:ec:17: + f8:37:81:eb:00:4e:03:9b:0a:09:15:4d:b1:f5:72:fe:8a:1f: + c0:f9:c6:26:3b:13:52:c3:59:c7:bf:cc:1e:79:a6:93:62:65: + 56:25:e2:58:8b:df:db:2a:4f:a7:6a:33:f7:f9:d1:99:42:be: + ee:dc:e4:a1:34:23:9b:40:77:d5:e4:45:b3:b1:93:9a:d0:48: + 0a:34:31:c8:f1:60:1c:fe:10:76:74:7e:f5:96:47:19:ef:3a: + 84:b2:0e:f3:74:23:91:9b:3f:51:7c:e4:3a:b5:40:50:ba:c6: + 58:f9:ea:c8:b6:5c:1d:76:ac:ac:23:d0:f1:13:86:fb:4d:19: + 1d:99:32:21:f7:56:8a:7f:c3:90:ca:51:3a:73:a1:27:64:6b: + 1d:9b:53:1d +-----BEGIN CERTIFICATE----- +MIIC+DCCAeCgAwIBAgIUN0yZGH6zDG5TJUUcDIkXmogMhkQwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJRCBSb290IENBMB4XDTE5MTAxODIyMjQxMFoXDTI5MTAx +NTIyMjQxMFowFDESMBAGA1UEAwwJRCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3BWl69efwN7MU/Iu8tbkImYW+TklDPnEURkcf8oWZPvB +jxi0d8zBb5nOVFkq6F8U/C9YUe0BuzGTE5r1SQf36K76NHgb0h46yEqkMMVcIgmt +PbjMDFYkuv2ruC3dkuP0iKNk8Oa2+fKshjx34BkmSw7c8ZcFnhPeDB1yR+ztHAkY ++PN9VbpZBp86XwjuzTWyPCnh+0qjTRz6WWLarBO8rdLanOjuEOg24pcE4wTKr9aX +fulEho1Gn31YL74KHTR84/ALmlB4/9LubUwqsOalgEVMnN2m35NtrueYwkvExdZV +mtTfugClDx0jtGN1zMf/CI4cd7try8y04IH/VvpFswIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBTuE6B2XFi+jFpnMcojNWdVDVEOEjAOBgNVHQ8B +Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAD2t6qVJu8bwClwqKoy+fySdVYOF +eMvFAlrrzfU2qt8yiz8Z9sCeZiASgenhOUgx6JLIsa/6H7cHi1Qu0lV5yMhEdbD+ +19KNk1iC6/9JaZNj3t8ZuuCjeUFILBj0M6Xe2QDa5wV+iHSM3wHsF/g3gesATgOb +CgkVTbH1cv6KH8D5xiY7E1LDWce/zB55ppNiZVYl4liL39sqT6dqM/f50ZlCvu7c +5KE0I5tAd9XkRbOxk5rQSAo0McjxYBz+EHZ0fvWWRxnvOoSyDvN0I5GbP1F85Dq1 +QFC6xlj56si2XB12rKwj0PEThvtNGR2ZMiH3Vop/w5DKUTpzoSdkax2bUx0= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/redundant-validated-chain-root.pem b/pki/testdata/ssl/certificates/redundant-validated-chain-root.pem new file mode 100644 index 0000000000..6fadba06fe --- /dev/null +++ b/pki/testdata/ssl/certificates/redundant-validated-chain-root.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7d:19:e5:55:d1:85:7c:54:62:f6:56:00:7a:cf:78:a9:38:29:81:ff + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = C CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN = C CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:97:21:4e:ff:ff:22:dd:de:6d:cc:05:75:3b:37: + 80:28:9f:61:8b:a2:ac:9b:3b:b1:e6:3a:a4:35:ce: + 7b:95:ce:d2:2f:95:f1:c2:51:c2:9d:21:71:dd:06: + 3a:eb:67:68:59:2d:f6:19:b1:7d:98:06:c2:c4:19: + 34:2a:00:0a:f1:0a:0b:76:39:ba:0f:e9:69:bc:14: + c9:fa:38:b4:f6:38:55:45:3d:21:c7:b8:20:e3:47: + ac:5b:9e:ec:7f:a9:8b:72:00:79:5c:25:13:01:86: + a9:6a:d9:12:b1:d2:3a:a1:cc:e5:e0:63:b2:0d:ea: + aa:a7:42:f9:de:cf:de:e0:15:9b:6e:cd:86:81:d8: + 5f:3f:a1:7b:bc:97:31:40:0e:17:a3:aa:c4:48:5a: + 5c:c8:e5:89:92:68:85:08:6c:cb:31:35:9c:fb:1e: + d3:66:35:ee:d9:d7:ea:b8:5c:3e:d0:60:94:4c:3d: + 2b:21:6b:72:b8:3a:16:e4:f1:ea:97:74:0c:cf:27: + a5:03:c1:b7:c3:d9:4d:5a:3d:c5:8e:3f:ca:99:b4: + b6:59:c6:9f:22:38:0d:4d:c7:f7:11:f8:d0:71:99: + 5d:4b:e2:30:62:00:fb:01:c9:ca:3e:ed:6a:d8:6d: + 2d:0f:1a:77:33:02:b4:41:b3:ba:f6:1c:38:be:54: + c9:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 63:B1:47:26:FC:DB:79:3F:76:96:69:4D:EA:7E:D0:B7:6A:D2:3F:A8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 8e:4d:6c:49:c9:9c:f9:cb:a0:81:9b:65:31:c7:bc:8c:c0:75: + 4d:60:16:ef:bb:b6:b4:2a:5d:68:34:d7:e0:53:1f:3e:84:b6: + aa:7d:fd:a1:c9:29:88:83:2e:ab:f3:87:43:a8:d8:5c:a8:1b: + e0:58:50:84:03:05:15:03:01:07:30:d0:4a:f9:95:f1:86:be: + 45:5b:31:f0:88:12:22:d7:7a:fb:0b:9f:95:41:ba:df:40:e3: + b2:71:e7:4e:09:91:1c:5f:51:b3:ce:a5:00:0b:82:d1:04:f2: + 1c:5a:14:4b:1b:3f:2d:41:11:7c:33:37:89:56:b4:b7:fa:d8: + b9:20:8d:bd:a6:68:60:2a:3c:aa:61:38:74:d4:0a:16:41:70: + d8:75:c4:6d:04:a8:b6:a5:0f:e7:02:52:0b:7d:44:d6:1b:2f: + ca:06:aa:61:3d:8d:82:3f:34:c5:bb:08:69:6f:6c:b7:53:e5: + 52:3d:dd:7b:1c:1f:d3:7d:38:43:ca:c7:75:9a:a8:a1:93:27: + 13:b0:57:1a:ff:22:90:1f:b2:69:da:7a:a4:2f:16:51:fa:81: + 6c:ed:c0:19:42:58:b5:21:67:c1:54:93:db:55:86:c7:97:09: + 76:18:32:55:2a:b4:b1:ac:12:bc:3f:00:3d:b5:1c:ef:55:c4: + f0:6c:a1:17 +-----BEGIN CERTIFICATE----- +MIIC7jCCAdagAwIBAgIUfRnlVdGFfFRi9lYAes94qTgpgf8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEQyBDQTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0 +MTBaMA8xDTALBgNVBAMMBEMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCXIU7//yLd3m3MBXU7N4Aon2GLoqybO7HmOqQ1znuVztIvlfHCUcKdIXHd +BjrrZ2hZLfYZsX2YBsLEGTQqAArxCgt2OboP6Wm8FMn6OLT2OFVFPSHHuCDjR6xb +nux/qYtyAHlcJRMBhqlq2RKx0jqhzOXgY7IN6qqnQvnez97gFZtuzYaB2F8/oXu8 +lzFADhejqsRIWlzI5YmSaIUIbMsxNZz7HtNmNe7Z1+q4XD7QYJRMPSsha3K4Ohbk +8eqXdAzPJ6UDwbfD2U1aPcWOP8qZtLZZxp8iOA1Nx/cR+NBxmV1L4jBiAPsByco+ +7WrYbS0PGnczArRBs7r2HDi+VMlzAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFGOxRyb823k/dpZpTep+0Ldq0j+oMA4GA1UdDwEB/wQEAwIBBjAN +BgkqhkiG9w0BAQsFAAOCAQEAjk1sScmc+cuggZtlMce8jMB1TWAW77u2tCpdaDTX +4FMfPoS2qn39ockpiIMuq/OHQ6jYXKgb4FhQhAMFFQMBBzDQSvmV8Ya+RVsx8IgS +Itd6+wuflUG630DjsnHnTgmRHF9Rs86lAAuC0QTyHFoUSxs/LUERfDM3iVa0t/rY +uSCNvaZoYCo8qmE4dNQKFkFw2HXEbQSotqUP5wJSC31E1hsvygaqYT2Ngj80xbsI +aW9st1PlUj3dexwf0304Q8rHdZqooZMnE7BXGv8ikB+yadp6pC8WUfqBbO3AGUJY +tSFnwVST21WGx5cJdhgyVSq0sawSvD8APbUc71XE8GyhFw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/redundant-validated-chain.pem b/pki/testdata/ssl/certificates/redundant-validated-chain.pem new file mode 100644 index 0000000000..8239cdc184 --- /dev/null +++ b/pki/testdata/ssl/certificates/redundant-validated-chain.pem @@ -0,0 +1,259 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDsdrSxnyz5qQNr +JRBll0qjD5zDYW41+A+X2rDMDONOaLlO9OODtjvoCRBg5KUJ2y9a/Vsui77szkLD +7h4lJPTlxGyFNxgtfyzSuXEb5ZBP0kYD+RXfafIeTmQECIFwsmnc3ytonl+Hzr+g +6G2w12qNWOL3DqrxgOc/9UeZKuTf4ERM7x1cfBmA3keW0M8PqJ9rVSG7zzLreago +Q81pmlWVttFrZWt2PAq6DH7BEdN+cbIEa6bSFOmBW24r+TJxxDc9X95xXNdC/LYn +fb9tN+1gPDd1bcjeEdPIg0EMqb0BtfcaUjZojownuIt04fcaet4OaVoo/HNhy9XM +GqqoHQeHAgMBAAECggEAIBGZP92Og+1gAU/tgVmbTbH4WKcGA1u5AacvAv1cdm3N +c9/SWzKDvVw9VGat20BWk8h4bT+WjRcMBvZsMC1q6R5SeV6XcNQmiA2OQXJIuAqU +ZEWLqdj8dQ+8kK92nooTwVii0nVoD0sCwhfDiJAuayz62vaqSEZrFkl1hFhE4feN +jpNOjzU54nbtmAnT1umyO13pJxTcRjetTJioIsl/uvTGuIhBsY6gqYchtPtZ0c35 +0/YNOMtAWKERDgpyFwBNmUA9YunmS603ThA5SB7rbaMbANyxXoGRcRjNavI67ues +fgvRY/GghnY2sKroyc9CIsnghrGAITW6miQw3uWRQQKBgQD4mTh7g0DP3bfHUIqm +af7UmPV7gPrJItlvgrYRYy4zjnxvNk/kcfgrJATMAnqGX5KrbXFX6AdfanRRnJcP +gCojd1C3v3cotUVky9r91v/1Hn1fe2hDzy/qrbwh2WBATPKCJjL0PuXNhGsfqoKG +SMhvqy95sfFnqvy4f4pUPh6pIwKBgQDzgP7WUAVWUcmjjxq6QM8WfDD5RMuPfAL4 +skkpm3WB/H+xUeqax+KSKNDDrWTfhWpTucZt0v84aG6NQz4vzkc5DrRnWltkqFgR +NLU1esrgn1bnh/iNQt+bmw8OgH0puJsI82wBa7QjGYu3ocW043Avp1DS2ocMGMzu +S+hFvBG4TQKBgFDI8drpVzl1cpBZswTLMx2BK1zcGCMeqQwcrO/PjCcC6Zr2SlYR +VzUluk1VjN1312DP6uJHK4YtQOl4enp2CruFvXxIwv8+kPNlb5/Hq1vLcbCCmOpY +PNkFZjqVujqLBs+WfD505ha4LluW/F2I72GifoYMdkdbAE8wWxJvMWWDAoGADRQg +m+IwZzJ9YguNo/NXLB3/g2PuiwZeIn1w8IspBJJLSXrc3vNdd/w5OklV4auIynZv +8fYjPyRcy7mQ3YB20tm3VtXDkuR31nS+RuERhH8Ka+UhtHSjDfiGFoFQN61ypkhs +xKbERh5ZIsPNmqmcnPKfpLOYDU5Hs4TgNN6lFQECgYA/0Y25oCHqLH9MfPGs2gMJ +BTeMxzAIsA2lwhr2/WOANHA9cWnHtI3d1eNequZpNgxtKbw2mxbM+IfnO50czV7g +5PJPvU79T6d64u1AOtoKbCxgm9wTL8UmEPvEInnT8SfnECPxW9Pwey2rC39527jl +i5FkIsSiwU8YIZk73YCqDg== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=B CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ec:76:b4:b1:9f:2c:f9:a9:03:6b:25:10:65:97: + 4a:a3:0f:9c:c3:61:6e:35:f8:0f:97:da:b0:cc:0c: + e3:4e:68:b9:4e:f4:e3:83:b6:3b:e8:09:10:60:e4: + a5:09:db:2f:5a:fd:5b:2e:8b:be:ec:ce:42:c3:ee: + 1e:25:24:f4:e5:c4:6c:85:37:18:2d:7f:2c:d2:b9: + 71:1b:e5:90:4f:d2:46:03:f9:15:df:69:f2:1e:4e: + 64:04:08:81:70:b2:69:dc:df:2b:68:9e:5f:87:ce: + bf:a0:e8:6d:b0:d7:6a:8d:58:e2:f7:0e:aa:f1:80: + e7:3f:f5:47:99:2a:e4:df:e0:44:4c:ef:1d:5c:7c: + 19:80:de:47:96:d0:cf:0f:a8:9f:6b:55:21:bb:cf: + 32:eb:79:a8:28:43:cd:69:9a:55:95:b6:d1:6b:65: + 6b:76:3c:0a:ba:0c:7e:c1:11:d3:7e:71:b2:04:6b: + a6:d2:14:e9:81:5b:6e:2b:f9:32:71:c4:37:3d:5f: + de:71:5c:d7:42:fc:b6:27:7d:bf:6d:37:ed:60:3c: + 37:75:6d:c8:de:11:d3:c8:83:41:0c:a9:bd:01:b5: + f7:1a:52:36:68:8e:8c:27:b8:8b:74:e1:f7:1a:7a: + de:0e:69:5a:28:fc:73:61:cb:d5:cc:1a:aa:a8:1d: + 07:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E7:8D:C4:21:0B:CE:12:A1:F7:05:E6:52:AF:3B:A6:10:BA:71:68:3D + X509v3 Authority Key Identifier: + keyid:77:3C:D2:AA:A1:C9:7D:FE:B6:90:3F:CB:1B:F6:38:37:0C:28:1A:F7 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 17:ff:16:47:18:ed:d0:b5:54:fb:b6:02:c7:e4:c1:9a:4d:99: + 54:cb:ca:df:75:25:d4:e5:b5:20:74:3d:ac:f9:e2:a1:87:a5: + d1:a2:da:48:c0:71:12:9f:84:9e:10:70:9c:bd:4c:74:85:90: + b8:15:9c:b2:fb:f2:4c:03:7c:7a:a6:6e:c4:91:19:93:79:a4: + 47:96:fa:30:15:a3:02:20:d0:07:23:70:16:db:73:aa:6e:61: + b9:b1:0f:a9:e5:f8:d4:4f:34:19:a1:2e:fa:d6:f0:97:76:8c: + ff:08:54:8e:dc:a3:49:c9:a3:d8:e0:c3:71:e9:8f:98:3d:dd: + 25:73:c4:da:c3:fa:43:19:48:39:5c:43:8c:30:7a:cf:de:5a: + c9:ee:8e:2e:88:b0:e7:84:74:5f:d4:91:a6:65:8d:bc:fd:10: + 51:3c:53:32:fe:dd:03:84:9b:b0:64:58:9d:99:b4:bc:5f:ce: + 30:af:67:58:f5:6c:02:67:20:f9:aa:dc:d6:96:fc:00:e8:6d: + 72:48:12:a9:f9:dc:4b:00:26:fb:ab:1f:00:ac:e2:11:f9:36: + 2c:bd:a9:1c:86:b5:77:c6:97:6d:29:ec:3f:d3:94:95:46:54: + a4:2d:66:7e:9d:d7:1b:ea:21:f7:39:a3:b4:fb:e9:b6:38:4d: + eb:49:1d:83 +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD +QTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0MTBaMGAxCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAw +DgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDsdrSxnyz5qQNrJRBll0qjD5zDYW41+A+X2rDM +DONOaLlO9OODtjvoCRBg5KUJ2y9a/Vsui77szkLD7h4lJPTlxGyFNxgtfyzSuXEb +5ZBP0kYD+RXfafIeTmQECIFwsmnc3ytonl+Hzr+g6G2w12qNWOL3DqrxgOc/9UeZ +KuTf4ERM7x1cfBmA3keW0M8PqJ9rVSG7zzLreagoQ81pmlWVttFrZWt2PAq6DH7B +EdN+cbIEa6bSFOmBW24r+TJxxDc9X95xXNdC/LYnfb9tN+1gPDd1bcjeEdPIg0EM +qb0BtfcaUjZojownuIt04fcaet4OaVoo/HNhy9XMGqqoHQeHAgMBAAGjgYAwfjAM +BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTnjcQhC84SofcF5lKvO6YQunFoPTAfBgNV +HSMEGDAWgBR3PNKqocl9/raQP8sb9jg3DCga9zAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA +F/8WRxjt0LVU+7YCx+TBmk2ZVMvK33Ul1OW1IHQ9rPnioYel0aLaSMBxEp+EnhBw +nL1MdIWQuBWcsvvyTAN8eqZuxJEZk3mkR5b6MBWjAiDQByNwFttzqm5hubEPqeX4 +1E80GaEu+tbwl3aM/whUjtyjScmj2ODDcemPmD3dJXPE2sP6QxlIOVxDjDB6z95a +ye6OLoiw54R0X9SRpmWNvP0QUTxTMv7dA4SbsGRYnZm0vF/OMK9nWPVsAmcg+arc +1pb8AOhtckgSqfncSwAm+6sfAKziEfk2LL2pHIa1d8aXbSnsP9OUlUZUpC1mfp3X +G+oh9zmjtPvptjhN60kdgw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=C CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN=B CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:96:bf:0b:a1:79:f7:12:d1:8c:ec:e3:63:4a:c7: + 30:53:10:0d:60:41:84:27:99:f0:9f:a4:9e:ec:19: + 24:28:80:0b:8e:55:0c:13:ab:16:72:2b:43:aa:ac: + fa:0f:b2:47:ae:a3:a2:8d:66:85:2b:2f:b1:c6:f2: + bd:b6:5e:3b:d1:2b:0d:c2:bc:96:4f:d9:5f:2c:74: + 7b:7f:2a:2c:52:84:f6:71:a7:87:df:d3:4e:be:e7: + 53:70:cd:f0:47:5b:e4:5b:5b:64:49:37:5b:93:99: + 09:78:22:f2:04:9e:af:aa:91:f6:22:a5:59:5d:9e: + c7:cd:c5:11:1a:9e:99:3b:19:ad:51:59:f5:0e:ec: + 30:f2:7e:64:33:91:cd:f0:26:12:fe:cb:f2:6e:67: + a2:ec:94:6e:b2:97:3e:51:c0:ca:0a:e4:8a:f3:c6: + fa:cd:55:95:11:57:5e:bd:9b:b9:70:d4:04:af:f2: + c8:5e:1e:fb:b3:d7:03:0a:0e:be:cf:fa:c7:97:63: + 7a:e0:b4:22:07:a7:18:b6:a7:1a:d5:23:26:c1:c4: + 39:83:3c:45:53:9d:fd:a4:17:62:8d:bd:f2:4b:40: + d3:85:1d:06:3a:24:4f:8f:65:77:cd:c9:e8:64:a4: + 55:16:20:8f:17:5c:f1:6b:75:db:8e:ac:eb:2c:97: + 28:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 77:3C:D2:AA:A1:C9:7D:FE:B6:90:3F:CB:1B:F6:38:37:0C:28:1A:F7 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 8c:35:9a:a4:61:08:6e:60:d9:9e:af:ab:22:89:ca:ca:39:03: + 9c:5d:4e:5f:dc:e5:dc:33:ce:19:af:19:fd:db:c9:a7:ca:d8: + 65:73:42:73:35:70:57:99:f0:e0:b5:c8:79:31:72:f4:85:d8: + 3d:20:04:cb:28:dc:22:bf:ce:43:7f:72:39:7e:b4:aa:c2:a4: + e4:25:dd:af:0e:8c:a9:fc:23:a8:4e:3d:52:fe:d4:27:dd:08: + de:4c:b6:6c:9c:9c:11:87:11:6e:cb:f0:43:38:4b:62:71:e7: + 09:d0:01:3f:5c:51:03:41:06:03:76:27:17:15:19:26:a4:6d: + 17:63:3e:00:d3:d4:02:17:33:17:87:57:9d:33:b5:7e:76:98: + 3c:a5:68:da:e6:08:76:c5:3b:ea:6a:58:4c:16:da:92:d4:b3: + a6:d0:2e:4d:07:7d:ed:57:fa:e1:2a:09:bc:1e:4c:94:3e:f2: + 11:41:4c:03:a8:08:a4:4c:7a:f1:42:f2:8f:ae:d5:15:5a:c5: + 22:d3:b0:d8:d5:1d:10:6a:ee:ed:a1:4d:b4:2c:33:e2:0b:c3: + 92:91:c7:c9:f4:f4:2c:53:8a:f6:1a:80:ff:dc:b3:91:2d:51: + 0d:cf:e8:d3:89:3f:b1:90:76:44:8f:b1:f9:c1:60:4d:03:28: + 74:72:ba:26 +-----BEGIN CERTIFICATE----- +MIIC3DCCAcSgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQyBD +QTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0MTBaMA8xDTALBgNVBAMMBEIg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWvwuhefcS0Yzs42NK +xzBTEA1gQYQnmfCfpJ7sGSQogAuOVQwTqxZyK0OqrPoPskeuo6KNZoUrL7HG8r22 +XjvRKw3CvJZP2V8sdHt/KixShPZxp4ff006+51NwzfBHW+RbW2RJN1uTmQl4IvIE +nq+qkfYipVldnsfNxREanpk7Ga1RWfUO7DDyfmQzkc3wJhL+y/JuZ6LslG6ylz5R +wMoK5IrzxvrNVZURV169m7lw1ASv8sheHvuz1wMKDr7P+seXY3rgtCIHpxi2pxrV +IybBxDmDPEVTnf2kF2KNvfJLQNOFHQY6JE+PZXfNyehkpFUWII8XXPFrdduOrOss +lygJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHc80qqhyX3+ +tpA/yxv2ODcMKBr3MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA +jDWapGEIbmDZnq+rIonKyjkDnF1OX9zl3DPOGa8Z/dvJp8rYZXNCczVwV5nw4LXI +eTFy9IXYPSAEyyjcIr/OQ39yOX60qsKk5CXdrw6MqfwjqE49Uv7UJ90I3ky2bJyc +EYcRbsvwQzhLYnHnCdABP1xRA0EGA3YnFxUZJqRtF2M+ANPUAhczF4dXnTO1fnaY +PKVo2uYIdsU76mpYTBbaktSzptAuTQd97Vf64SoJvB5MlD7yEUFMA6gIpEx68ULy +j67VFVrFItOw2NUdEGru7aFNtCwz4gvDkpHHyfT0LFOK9hqA/9yzkS1RDc/o04k/ +sZB2RI+x+cFgTQModHK6Jg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7d:19:e5:55:d1:85:7c:54:62:f6:56:00:7a:cf:78:a9:38:29:81:ff + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = C CA + Validity + Not Before: Oct 18 22:24:10 2019 GMT + Not After : Oct 15 22:24:10 2029 GMT + Subject: CN = C CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:97:21:4e:ff:ff:22:dd:de:6d:cc:05:75:3b:37: + 80:28:9f:61:8b:a2:ac:9b:3b:b1:e6:3a:a4:35:ce: + 7b:95:ce:d2:2f:95:f1:c2:51:c2:9d:21:71:dd:06: + 3a:eb:67:68:59:2d:f6:19:b1:7d:98:06:c2:c4:19: + 34:2a:00:0a:f1:0a:0b:76:39:ba:0f:e9:69:bc:14: + c9:fa:38:b4:f6:38:55:45:3d:21:c7:b8:20:e3:47: + ac:5b:9e:ec:7f:a9:8b:72:00:79:5c:25:13:01:86: + a9:6a:d9:12:b1:d2:3a:a1:cc:e5:e0:63:b2:0d:ea: + aa:a7:42:f9:de:cf:de:e0:15:9b:6e:cd:86:81:d8: + 5f:3f:a1:7b:bc:97:31:40:0e:17:a3:aa:c4:48:5a: + 5c:c8:e5:89:92:68:85:08:6c:cb:31:35:9c:fb:1e: + d3:66:35:ee:d9:d7:ea:b8:5c:3e:d0:60:94:4c:3d: + 2b:21:6b:72:b8:3a:16:e4:f1:ea:97:74:0c:cf:27: + a5:03:c1:b7:c3:d9:4d:5a:3d:c5:8e:3f:ca:99:b4: + b6:59:c6:9f:22:38:0d:4d:c7:f7:11:f8:d0:71:99: + 5d:4b:e2:30:62:00:fb:01:c9:ca:3e:ed:6a:d8:6d: + 2d:0f:1a:77:33:02:b4:41:b3:ba:f6:1c:38:be:54: + c9:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 63:B1:47:26:FC:DB:79:3F:76:96:69:4D:EA:7E:D0:B7:6A:D2:3F:A8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 8e:4d:6c:49:c9:9c:f9:cb:a0:81:9b:65:31:c7:bc:8c:c0:75: + 4d:60:16:ef:bb:b6:b4:2a:5d:68:34:d7:e0:53:1f:3e:84:b6: + aa:7d:fd:a1:c9:29:88:83:2e:ab:f3:87:43:a8:d8:5c:a8:1b: + e0:58:50:84:03:05:15:03:01:07:30:d0:4a:f9:95:f1:86:be: + 45:5b:31:f0:88:12:22:d7:7a:fb:0b:9f:95:41:ba:df:40:e3: + b2:71:e7:4e:09:91:1c:5f:51:b3:ce:a5:00:0b:82:d1:04:f2: + 1c:5a:14:4b:1b:3f:2d:41:11:7c:33:37:89:56:b4:b7:fa:d8: + b9:20:8d:bd:a6:68:60:2a:3c:aa:61:38:74:d4:0a:16:41:70: + d8:75:c4:6d:04:a8:b6:a5:0f:e7:02:52:0b:7d:44:d6:1b:2f: + ca:06:aa:61:3d:8d:82:3f:34:c5:bb:08:69:6f:6c:b7:53:e5: + 52:3d:dd:7b:1c:1f:d3:7d:38:43:ca:c7:75:9a:a8:a1:93:27: + 13:b0:57:1a:ff:22:90:1f:b2:69:da:7a:a4:2f:16:51:fa:81: + 6c:ed:c0:19:42:58:b5:21:67:c1:54:93:db:55:86:c7:97:09: + 76:18:32:55:2a:b4:b1:ac:12:bc:3f:00:3d:b5:1c:ef:55:c4: + f0:6c:a1:17 +-----BEGIN CERTIFICATE----- +MIIC7jCCAdagAwIBAgIUfRnlVdGFfFRi9lYAes94qTgpgf8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEQyBDQTAeFw0xOTEwMTgyMjI0MTBaFw0yOTEwMTUyMjI0 +MTBaMA8xDTALBgNVBAMMBEMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCXIU7//yLd3m3MBXU7N4Aon2GLoqybO7HmOqQ1znuVztIvlfHCUcKdIXHd +BjrrZ2hZLfYZsX2YBsLEGTQqAArxCgt2OboP6Wm8FMn6OLT2OFVFPSHHuCDjR6xb +nux/qYtyAHlcJRMBhqlq2RKx0jqhzOXgY7IN6qqnQvnez97gFZtuzYaB2F8/oXu8 +lzFADhejqsRIWlzI5YmSaIUIbMsxNZz7HtNmNe7Z1+q4XD7QYJRMPSsha3K4Ohbk +8eqXdAzPJ6UDwbfD2U1aPcWOP8qZtLZZxp8iOA1Nx/cR+NBxmV1L4jBiAPsByco+ +7WrYbS0PGnczArRBs7r2HDi+VMlzAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFGOxRyb823k/dpZpTep+0Ldq0j+oMA4GA1UdDwEB/wQEAwIBBjAN +BgkqhkiG9w0BAQsFAAOCAQEAjk1sScmc+cuggZtlMce8jMB1TWAW77u2tCpdaDTX +4FMfPoS2qn39ockpiIMuq/OHQ6jYXKgb4FhQhAMFFQMBBzDQSvmV8Ya+RVsx8IgS +Itd6+wuflUG630DjsnHnTgmRHF9Rs86lAAuC0QTyHFoUSxs/LUERfDM3iVa0t/rY +uSCNvaZoYCo8qmE4dNQKFkFw2HXEbQSotqUP5wJSC31E1hsvygaqYT2Ngj80xbsI +aW9st1PlUj3dexwf0304Q8rHdZqooZMnE7BXGv8ikB+yadp6pC8WUfqBbO3AGUJY +tSFnwVST21WGx5cJdhgyVSq0sawSvD8APbUc71XE8GyhFw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/root_ca_cert.pem b/pki/testdata/ssl/certificates/root_ca_cert.pem new file mode 100644 index 0000000000..de3ce07afb --- /dev/null +++ b/pki/testdata/ssl/certificates/root_ca_cert.pem @@ -0,0 +1,108 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGgR+Sc7ZYhdmN +rLcg/ce/QLLq+uULUgGPmsHreoDB84mkPtUbYcy1z4CxGtu7JeAYv5JpJlDN5z// +DTy0HxQSq2c33gcDbBJ0gjasw9TTZJ+R7Vv2qXqknJjoZWyU4ctVc674HVCweOV0 +/7E3LMsZPaSM53ZOhlw/37PtRSNPVJszxoleEx3dfVmlBzQohicf+p5TTyq2Qq03 +EmL1cja2AhJARP7HnpWJQ1FetG7HZ4BYQ77MByi9Wf8cTI2QQvTP/VQAT0hyK+Fn +PIQXaJW/ygd734adVuMy43CHt/g69+NuZRR8u3a3F/FCjG8qNGQQNRSMhfZXv/Nc +VZ2tAxDzAgMBAAECggEAFRDg897ZzB0wUEuzB4pHJ3HLSwqjQgdK6R2IVOAkR/D7 +e3W7kfNYETdbNfBev0auuJGkDQqm6qMO9JdICOl/bNfJ1XD3l5JhhwHGoaEKtgBo +usjQyKWFwXBo/ci9tDMeLAxh1izuQjwiRb9Y5D0ZtK0JCHcL5Bt4MMMhyh1bOPDW +xHm4VS7xa6sY9CRAjaDDHMv121xTkt4/fobClhky4TqklxnsGY0TzzRi1QSEYlVZ +pgu/lv9Wp5nsAxwdXuRvY2U360yDHE5sW14r/VEZ6YB3ZTtMNFBVuydr+EAjUxf9 +BFconwqwPcnp3rONY79JuUUGo49k3KAs+2tOqV/0+QKBgQDo3R95iOHhVJ/AkprA +ohmhVLsgfySVMGYYrik6ROxQ90NyqI8StD6Abwggk207znC+a3v2Kj8xA/8rRfiF +7jXK+oPW6/2H+ASs9k1l3FqHQ7Wzt/bwZEQBUso+7zYpIchuMcPI7kmNJmG0zl6t +033onQWflytl/1u6eilpMyQZjQKBgQDaOhJT24zK7CeYlaxvVVjgbn0xzu7PajBE +tNmomkyDtaJAROkT9UvvZpBc8uhUeS0WPNLEE73SSt9jNBLcpBVAOCviuWM4emQi +cx+B7PtQF1vP7hCnnFNCCW2geUDI5/YkzJRzVqtb++Ql+nBf3CdkWcwKrAfqC7gM +byx1rMD0fwKBgQCNvFm2Ddz+3BVIj3NmIMRc8Efd5cWMkSLzjr5FW0JDnd0N4w8C +oXcRkYNu4I0yQ9tX6/BNyzUfToF4A2TbkDxpycWJgaaVph6icGB3yYHIpyvnsee6 +Ni02aP/1AoEC1C8880lp+bAHG/+In7v9LaeLeFe95bNip+VbQZQHFju42QKBgQCq +OIHzR14bKvn320gVz8zzwzuEjpVY1MuxzB+7lB/63MMivp3QI5aHtskEt7Thr2Or +5OXCbGO0lRKKnyPXV2X8IdSZlWH/u/g/puz8u42Me6vyFRCIrTeEWzZX5jzSeZ1W +Nv3UudYQefsMZL0jCObxL9oouOezeFCn4lAbuhUIoQKBgAHbFk6ubgUTr+XAMqUy +Jkwyr7dhZ+gpZODQGxx8KBw4ky6eERf3DelbVOmrojg36XzU1UpufChQ0iZ8j4k3 +tVfGZH7DV96J6ulZIVevCwMh2nHngpVyG6g3v9xozRbW0QWtwwoPsQK8k7ogr++8 +H4w57rdYCq9osKtxR3XaqTgM +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:cc:00:80:c9:a0:0b:a1:c7:09:7c:9f:71:0d:90:92:cf:ee:c7:f4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Sep 30 17:20:08 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = Test Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:81:1f:92:73:b6:58:85:d9:8d:ac:b7:20:fd: + c7:bf:40:b2:ea:fa:e5:0b:52:01:8f:9a:c1:eb:7a: + 80:c1:f3:89:a4:3e:d5:1b:61:cc:b5:cf:80:b1:1a: + db:bb:25:e0:18:bf:92:69:26:50:cd:e7:3f:ff:0d: + 3c:b4:1f:14:12:ab:67:37:de:07:03:6c:12:74:82: + 36:ac:c3:d4:d3:64:9f:91:ed:5b:f6:a9:7a:a4:9c: + 98:e8:65:6c:94:e1:cb:55:73:ae:f8:1d:50:b0:78: + e5:74:ff:b1:37:2c:cb:19:3d:a4:8c:e7:76:4e:86: + 5c:3f:df:b3:ed:45:23:4f:54:9b:33:c6:89:5e:13: + 1d:dd:7d:59:a5:07:34:28:86:27:1f:fa:9e:53:4f: + 2a:b6:42:ad:37:12:62:f5:72:36:b6:02:12:40:44: + fe:c7:9e:95:89:43:51:5e:b4:6e:c7:67:80:58:43: + be:cc:07:28:bd:59:ff:1c:4c:8d:90:42:f4:cf:fd: + 54:00:4f:48:72:2b:e1:67:3c:84:17:68:95:bf:ca: + 07:7b:df:86:9d:56:e3:32:e3:70:87:b7:f8:3a:f7: + e3:6e:65:14:7c:bb:76:b7:17:f1:42:8c:6f:2a:34: + 64:10:35:14:8c:85:f6:57:bf:f3:5c:55:9d:ad:03: + 10:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 39:9a:f6:0e:eb:08:4d:a0:f0:59:b9:91:fe:b5:d8:2e:4d:6b: + 69:69:c5:d2:86:fc:a3:c2:a2:6c:ca:8d:98:1b:d2:fc:64:9b: + 96:b4:47:f9:f4:ed:6f:52:3c:b5:13:f6:1e:71:51:3b:da:54: + 93:c4:1d:94:17:23:76:9a:98:f5:9b:b8:b1:c5:ab:cd:ab:bd: + 1a:c9:00:13:e0:e3:c7:5a:a7:21:71:eb:08:2b:ec:85:5c:08: + 80:33:25:0f:1f:52:41:c4:9b:22:58:01:24:55:ef:9a:a6:ce: + e4:85:a3:19:33:4d:7e:3f:04:32:15:d5:fc:63:5f:8b:dc:99: + 2b:10:63:56:ac:60:6e:f9:db:9f:63:7b:a8:df:ab:72:28:8a: + a9:e2:8e:9d:e6:6c:7e:5b:16:ba:94:b2:23:f2:d7:31:5b:de: + 58:a0:8b:be:f4:6a:d2:d3:b4:e6:40:06:78:7a:2d:20:4c:cd: + 9d:20:dd:3b:fc:b9:f3:94:13:b0:6b:18:d7:6b:e8:bf:14:cc: + 87:30:8b:64:3f:ad:59:93:e5:f6:7c:d1:2b:f0:8e:4a:9c:c3: + 34:18:4d:62:33:bd:a6:3a:b6:3f:1f:49:5b:63:b4:01:a8:5c: + f0:98:93:35:53:2e:b2:f2:19:7f:87:0d:db:b1:80:61:38:c8: + 47:01:85:b0 +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUC8wAgMmgC6HHCXyfcQ2Qks/ux/QwDQYJKoZIhvcNAQEL +BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3Qg +Um9vdCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0zMjA5MzAxNzIwMDhaMGMxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRAwDgYDVQQKDAdUZXN0IENBMRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGgR+Sc7ZYhdmNrLcg/ce/QLLq ++uULUgGPmsHreoDB84mkPtUbYcy1z4CxGtu7JeAYv5JpJlDN5z//DTy0HxQSq2c3 +3gcDbBJ0gjasw9TTZJ+R7Vv2qXqknJjoZWyU4ctVc674HVCweOV0/7E3LMsZPaSM +53ZOhlw/37PtRSNPVJszxoleEx3dfVmlBzQohicf+p5TTyq2Qq03EmL1cja2AhJA +RP7HnpWJQ1FetG7HZ4BYQ77MByi9Wf8cTI2QQvTP/VQAT0hyK+FnPIQXaJW/ygd7 +34adVuMy43CHt/g69+NuZRR8u3a3F/FCjG8qNGQQNRSMhfZXv/NcVZ2tAxDzAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJsmC4qYqbsduR8c4xpA +M+2OF4irMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAOZr2DusI +TaDwWbmR/rXYLk1raWnF0ob8o8KibMqNmBvS/GSblrRH+fTtb1I8tRP2HnFRO9pU +k8QdlBcjdpqY9Zu4scWrzau9GskAE+Djx1qnIXHrCCvshVwIgDMlDx9SQcSbIlgB +JFXvmqbO5IWjGTNNfj8EMhXV/GNfi9yZKxBjVqxgbvnbn2N7qN+rciiKqeKOneZs +flsWupSyI/LXMVveWKCLvvRq0tO05kAGeHotIEzNnSDdO/y585QTsGsY12vovxTM +hzCLZD+tWZPl9nzRK/COSpzDNBhNYjO9pjq2Px9JW2O0Aahc8JiTNVMusvIZf4cN +27GAYTjIRwGFsA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/salesforce_com_test.pem b/pki/testdata/ssl/certificates/salesforce_com_test.pem new file mode 100644 index 0000000000..1522d0b92e --- /dev/null +++ b/pki/testdata/ssl/certificates/salesforce_com_test.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 30:88:41:0a:28:b4:3e:3d:9a:f3:b3:90:a0:24:bc:d6 + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign + Validity + Not Before: Sep 18 00:00:00 2010 GMT + Not After : Sep 18 23:59:59 2012 GMT + Subject: C=US, ST=California, L=San Francisco, O=Salesforce.com, Inc., OU=Applications, CN=prerelna1.pre.salesforce.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b8:0d:04:b7:23:60:d2:ff:12:bb:29:43:81:30: + 0f:dd:8b:cd:cc:2c:8d:d0:14:de:5c:7b:a3:33:ea: + f2:7e:88:6e:04:42:17:70:67:91:a8:20:87:81:a8: + be:c4:57:d5:f5:3c:cf:34:96:cb:fb:7c:c3:db:ba: + 36:c2:08:9f:c1:1d:91:fa:b7:21:03:50:32:bb:30: + be:ff:f8:bf:8d:c0:7d:16:e4:d2:81:ef:e2:1a:89: + 13:7c:40:6d:dd:1f:32:9d:3f:ca:a2:ab:e6:ae:9f: + 96:91:66:32:e9:e5:ca:e3:9d:fc:62:31:aa:de:a6: + 50:21:ba:e2:8e:77:00:41:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 CRL Distribution Points: + URI:http://SVRIntl-crl.verisign.com/SVRIntl.crl + + X509v3 Certificate Policies: + Policy: 2.16.840.1.113733.1.7.23.3 + CPS: https://www.verisign.com/rpa + + X509v3 Extended Key Usage: + Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication + Authority Information Access: + OCSP - URI:http://ocsp.verisign.com + CA Issuers - URI:http://SVRIntl-aia.verisign.com/SVRIntl-aia.cer + + 1.3.6.1.5.5.7.1.12: + 0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0&.$http://logo.verisign.com/vslogo1.gif + Signature Algorithm: sha1WithRSAEncryption + b8:e3:37:ba:5a:37:37:bf:e5:bc:88:fe:1e:fa:b4:4f:7d:52: + ca:26:b6:83:a1:de:28:6b:01:a8:cd:5d:f2:9a:2c:f0:6e:89: + 69:ab:94:b5:14:f2:c3:ca:d8:5d:2f:6d:13:9a:83:f1:ed:4e: + 85:87:93:69:19:53:3a:a4:f1:98:96:b7:28:13:32:7e:d2:e4: + 7a:7a:f2:8d:80:7d:af:89:64:43:7b:f6:05:3d:16:7c:f1:2a: + 6f:bb:9b:3a:57:a5:f1:f7:77:a0:07:68:92:39:bd:45:c7:c8: + 75:ed:ac:c6:ac:45:02:18:0b:41:ba:01:68:3e:c2:3b:f6:8b: + 4e:50 +-----BEGIN CERTIFICATE----- +MIIEhzCCA/CgAwIBAgIQMIhBCii0Pj2a87OQoCS81jANBgkqhkiG9w0BAQUFADCB +ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy +aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy +dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg +SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x +MDA5MTgwMDAwMDBaFw0xMjA5MTgyMzU5NTlaMIGXMQswCQYDVQQGEwJVUzETMBEG +A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEdMBsGA1UE +ChQUU2FsZXNmb3JjZS5jb20sIEluYy4xFTATBgNVBAsUDEFwcGxpY2F0aW9uczEl +MCMGA1UEAxQccHJlcmVsbmExLnByZS5zYWxlc2ZvcmNlLmNvbTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAuA0EtyNg0v8SuylDgTAP3YvNzCyN0BTeXHujM+ry +fohuBEIXcGeRqCCHgai+xFfV9TzPNJbL+3zD27o2wgifwR2R+rchA1AyuzC+//i/ +jcB9FuTSge/iGokTfEBt3R8ynT/Koqvmrp+WkWYy6eXK4538YjGq3qZQIbrijncA +QRcCAwEAAaOCAa0wggGpMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50 +bC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxo +dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIE +AQYIKwYBBQUHAwEGCCsGAQUFBwMCMHEGCCsGAQUFBwEBBGUwYzAkBggrBgEFBQcw +AYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMDsGCCsGAQUFBzAChi9odHRwOi8v +U1ZSSW50bC1haWEudmVyaXNpZ24uY29tL1NWUkludGwtYWlhLmNlcjBuBggrBgEF +BQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7ko +lgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNs +b2dvMS5naWYwDQYJKoZIhvcNAQEFBQADgYEAuOM3ulo3N7/lvIj+Hvq0T31Syia2 +g6HeKGsBqM1d8pos8G6JaauUtRTyw8rYXS9tE5qD8e1OhYeTaRlTOqTxmJa3KBMy +ftLkenryjYB9r4lkQ3v2BT0WfPEqb7ubOlel8fd3oAdokjm9RcfIde2sxqxFAhgL +QboBaD7CO/aLTlA= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/self-signed-invalid-name.pem b/pki/testdata/ssl/certificates/self-signed-invalid-name.pem new file mode 100644 index 0000000000..cbec01786d --- /dev/null +++ b/pki/testdata/ssl/certificates/self-signed-invalid-name.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 18181326976980170770 (0xfc510c8e88213812) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Michigan, L=Ann Arbor, O=Test Self-Signed, CN=SS A + Validity + Not Before: May 27 18:37:25 2016 GMT + Not After : May 25 18:37:25 2026 GMT + Subject: C=US, ST=Michigan, L=Ann Arbor, O=Test Self-Signed, CN=SS B + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b0:5a:83:9c:fe:1b:46:24:0b:d9:b0:0a:f2:f1: + 47:bf:05:f1:68:49:6b:d2:50:f7:29:f5:f1:59:a8: + 28:04:e2:7e:c9:d5:e0:86:b5:8f:2f:f9:45:a5:88: + 02:04:cb:9a:c3:19:56:68:c8:eb:fe:c3:46:1a:44: + be:e2:c5:e5:34:5a:18:66:1b:8e:d7:d9:19:f2:22: + 43:6d:4c:28:56:25:48:42:b5:76:e5:d9:c0:86:40: + f7:e7:87:0c:2d:07:e6:bd:84:9e:60:36:97:a8:d3: + de:8a:37:a6:70:68:de:f1:d3:0a:db:fe:11:e8:f9: + 0b:bc:56:47:d3:d4:5a:e5:ce:af:e6:d8:30:de:11: + a3:7a:4d:c7:b5:0a:9c:9a:f6:4d:df:a1:46:6c:91: + 03:e3:c6:be:61:38:b5:cb:1a:b5:82:6d:4d:d2:c6: + 8b:32:25:b3:6d:01:d7:e7:da:2e:fe:a0:95:cf:9c: + a1:e0:89:9e:2b:2b:f3:3a:98:7b:2e:b1:77:b3:88: + 12:71:63:53:bf:b1:df:1e:de:da:13:e8:bd:d4:30: + ec:c2:c4:e7:f9:0a:31:b2:b4:5e:36:9a:90:74:ef: + 6a:45:e5:77:f3:97:8b:68:81:43:05:bc:e5:07:a6: + 2f:9b:b1:c0:59:43:ac:28:bb:36:6c:98:02:72:c4: + 77:3b + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 9d:33:a4:6d:41:ba:9c:83:24:92:be:82:61:d0:fd:d8:f6:3d: + 68:38:49:80:15:09:56:27:8b:ad:ef:7b:b4:43:1f:bf:9a:cd: + 72:da:6c:99:5c:c9:65:88:fd:8e:fa:65:df:27:80:22:ae:85: + 15:b8:ec:b4:e1:92:57:f0:19:7c:8a:79:d4:54:87:97:a8:4f: + 64:18:7c:89:0d:85:3b:6b:db:21:90:00:0c:17:32:19:11:a5: + 79:1f:ec:43:3e:3e:ce:96:53:d1:c1:eb:96:c6:05:3d:52:19: + 6c:a1:9f:a7:96:6e:a1:6f:d5:f9:37:04:89:99:a5:55:59:83: + 1a:6a:e7:08:5e:20:41:13:9c:86:0f:b6:ae:5c:9f:e9:5b:41: + ad:9e:af:96:1b:5c:37:d0:88:45:a0:35:d0:10:e7:9e:f6:38: + cc:c2:4f:65:70:e7:cb:73:ae:6b:e6:60:73:be:31:ef:d6:24: + 3f:12:e5:24:8f:2b:db:e2:b1:de:3d:b4:c5:8b:1b:88:2c:ac: + a3:e2:f3:34:15:df:ca:e5:25:8a:0c:96:a9:16:28:0a:a7:48: + 4a:95:00:3a:45:d1:0c:ad:58:10:71:0d:2a:77:99:78:4d:a0: + fb:ba:36:8b:62:54:53:7d:81:21:11:46:fc:46:a4:99:42:32: + c8:1f:ed:6f +-----BEGIN CERTIFICATE----- +MIIDODCCAiACCQD8UQyOiCE4EjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJV +UzERMA8GA1UECAwITWljaGlnYW4xEjAQBgNVBAcMCUFubiBBcmJvcjEZMBcGA1UE +CgwQVGVzdCBTZWxmLVNpZ25lZDENMAsGA1UEAwwEU1MgQTAeFw0xNjA1MjcxODM3 +MjVaFw0yNjA1MjUxODM3MjVaMF4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNaWNo +aWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRkwFwYDVQQKDBBUZXN0IFNlbGYtU2ln +bmVkMQ0wCwYDVQQDDARTUyBCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAsFqDnP4bRiQL2bAK8vFHvwXxaElr0lD3KfXxWagoBOJ+ydXghrWPL/lFpYgC +BMuawxlWaMjr/sNGGkS+4sXlNFoYZhuO19kZ8iJDbUwoViVIQrV25dnAhkD354cM +LQfmvYSeYDaXqNPeijemcGje8dMK2/4R6PkLvFZH09Ra5c6v5tgw3hGjek3HtQqc +mvZN36FGbJED48a+YTi1yxq1gm1N0saLMiWzbQHX59ou/qCVz5yh4ImeKyvzOph7 +LrF3s4gScWNTv7HfHt7aE+i91DDswsTn+QoxsrReNpqQdO9qReV385eLaIFDBbzl +B6Yvm7HAWUOsKLs2bJgCcsR3OwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCdM6Rt +QbqcgySSvoJh0P3Y9j1oOEmAFQlWJ4ut73u0Qx+/ms1y2myZXMlliP2O+mXfJ4Ai +roUVuOy04ZJX8Bl8innUVIeXqE9kGHyJDYU7a9shkAAMFzIZEaV5H+xDPj7OllPR +weuWxgU9UhlsoZ+nlm6hb9X5NwSJmaVVWYMaaucIXiBBE5yGD7auXJ/pW0Gtnq+W +G1w30IhFoDXQEOee9jjMwk9lcOfLc65r5mBzvjHv1iQ/EuUkjyvb4rHePbTFixuI +LKyj4vM0Fd/K5SWKDJapFigKp0hKlQA6RdEMrVgQcQ0qd5l4TaD7ujaLYlRTfYEh +EUb8RqSZQjLIH+1v +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/self-signed-invalid-sig.pem b/pki/testdata/ssl/certificates/self-signed-invalid-sig.pem new file mode 100644 index 0000000000..fd9b5a9d9f --- /dev/null +++ b/pki/testdata/ssl/certificates/self-signed-invalid-sig.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 14998008630224366850 (0xd023a162e6c42d02) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Michigan, L=Ann Arbor, O=Test Self-Signed, CN=SS A + Validity + Not Before: May 27 18:37:25 2016 GMT + Not After : May 25 18:37:25 2026 GMT + Subject: C=US, ST=Michigan, L=Ann Arbor, O=Test Self-Signed, CN=SS A + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b0:5a:83:9c:fe:1b:46:24:0b:d9:b0:0a:f2:f1: + 47:bf:05:f1:68:49:6b:d2:50:f7:29:f5:f1:59:a8: + 28:04:e2:7e:c9:d5:e0:86:b5:8f:2f:f9:45:a5:88: + 02:04:cb:9a:c3:19:56:68:c8:eb:fe:c3:46:1a:44: + be:e2:c5:e5:34:5a:18:66:1b:8e:d7:d9:19:f2:22: + 43:6d:4c:28:56:25:48:42:b5:76:e5:d9:c0:86:40: + f7:e7:87:0c:2d:07:e6:bd:84:9e:60:36:97:a8:d3: + de:8a:37:a6:70:68:de:f1:d3:0a:db:fe:11:e8:f9: + 0b:bc:56:47:d3:d4:5a:e5:ce:af:e6:d8:30:de:11: + a3:7a:4d:c7:b5:0a:9c:9a:f6:4d:df:a1:46:6c:91: + 03:e3:c6:be:61:38:b5:cb:1a:b5:82:6d:4d:d2:c6: + 8b:32:25:b3:6d:01:d7:e7:da:2e:fe:a0:95:cf:9c: + a1:e0:89:9e:2b:2b:f3:3a:98:7b:2e:b1:77:b3:88: + 12:71:63:53:bf:b1:df:1e:de:da:13:e8:bd:d4:30: + ec:c2:c4:e7:f9:0a:31:b2:b4:5e:36:9a:90:74:ef: + 6a:45:e5:77:f3:97:8b:68:81:43:05:bc:e5:07:a6: + 2f:9b:b1:c0:59:43:ac:28:bb:36:6c:98:02:72:c4: + 77:3b + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + aa:73:51:c6:c4:9b:8e:2d:a1:04:08:19:f9:c5:58:62:58:55: + c8:71:9c:4b:af:01:cd:c6:34:6d:02:36:d8:34:0d:7b:6b:e6: + 41:f6:eb:6c:be:a5:42:85:a9:fd:38:ee:a3:21:ba:b0:97:e6: + f1:8e:2f:8e:68:ac:87:94:bb:90:8c:e5:b7:02:04:a2:75:35: + df:1b:ea:51:ec:df:85:fb:9f:46:a2:03:5b:f0:02:92:72:f0: + a6:d3:c7:d5:84:78:3a:c2:77:82:eb:ed:e0:59:37:c7:f6:6e: + 2c:34:3a:4e:3c:7a:f2:71:92:51:81:1b:77:0b:27:67:cd:33: + a6:59:a8:c8:c3:38:cd:ad:e3:48:bb:fd:e4:92:4a:e5:73:93: + 15:1a:c9:fd:94:eb:11:6b:cd:45:dd:04:92:da:bb:e8:53:1d: + 65:76:13:ea:a9:3a:e2:7b:f7:a6:66:f7:02:fb:d4:7a:ac:2f: + 72:32:66:0e:b5:97:a0:10:d2:0e:31:fc:e5:3a:74:79:bc:cc: + 97:85:31:85:f3:89:8f:f5:7a:66:53:eb:77:98:51:c3:3f:ed: + 29:b7:e6:bc:30:83:b2:aa:b0:82:98:50:32:a1:4c:da:1e:6f: + a8:c8:49:51:f5:6b:c4:15:18:e6:32:33:d6:31:f6:0d:62:f6: + d2:db:de:ad +-----BEGIN CERTIFICATE----- +MIIDODCCAiACCQDQI6Fi5sQtAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJV +UzERMA8GA1UECAwITWljaGlnYW4xEjAQBgNVBAcMCUFubiBBcmJvcjEZMBcGA1UE +CgwQVGVzdCBTZWxmLVNpZ25lZDENMAsGA1UEAwwEU1MgQTAeFw0xNjA1MjcxODM3 +MjVaFw0yNjA1MjUxODM3MjVaMF4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNaWNo +aWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRkwFwYDVQQKDBBUZXN0IFNlbGYtU2ln +bmVkMQ0wCwYDVQQDDARTUyBBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAsFqDnP4bRiQL2bAK8vFHvwXxaElr0lD3KfXxWagoBOJ+ydXghrWPL/lFpYgC +BMuawxlWaMjr/sNGGkS+4sXlNFoYZhuO19kZ8iJDbUwoViVIQrV25dnAhkD354cM +LQfmvYSeYDaXqNPeijemcGje8dMK2/4R6PkLvFZH09Ra5c6v5tgw3hGjek3HtQqc +mvZN36FGbJED48a+YTi1yxq1gm1N0saLMiWzbQHX59ou/qCVz5yh4ImeKyvzOph7 +LrF3s4gScWNTv7HfHt7aE+i91DDswsTn+QoxsrReNpqQdO9qReV385eLaIFDBbzl +B6Yvm7HAWUOsKLs2bJgCcsR3OwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCqc1HG +xJuOLaEECBn5xVhiWFXIcZxLrwHNxjRtAjbYNA17a+ZB9utsvqVChan9OO6jIbqw +l+bxji+OaKyHlLuQjOW3AgSidTXfG+pR7N+F+59GogNb8AKScvCm08fVhHg6wneC +6+3gWTfH9m4sNDpOPHrycZJRgRt3CydnzTOmWajIwzjNreNIu/3kkkrlc5MVGsn9 +lOsRa81F3QSS2rvoUx1ldhPqqTrie/emZvcC+9R6rC9yMmYOtZegENIOMfzlOnR5 +vMyXhTGF84mP9XpmU+t3mFHDP+0pt+a8MIOyqrCCmFAyoUzaHm+oyElR9WvEFRjm +MjPWMfYNYvbS296t +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/sha1_2016.pem b/pki/testdata/ssl/certificates/sha1_2016.pem new file mode 100644 index 0000000000..081eba9018 --- /dev/null +++ b/pki/testdata/ssl/certificates/sha1_2016.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:6e + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 30 00:00:00 2008 GMT + Not After : Dec 30 00:00:00 2016 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c5:5d:b5:e9:b8:f3:a2:a8:01:b7:3b:c0:e3:89: + 89:cc:60:04:36:1a:ea:d1:52:9a:4b:6b:6f:5c:80: + 09:e9:b9:89:49:53:4f:7c:c9:d3:04:2e:7c:91:4f: + b7:31:de:38:fc:18:37:53:9e:7f:4e:6a:03:68:df: + 53:1b:95:06:10:88:5c:12:61:a1:73:4e:c9:a4:e0: + 54:66:15:6f:f1:13:a8:ab:82:1d:f5:30:a4:f5:4c: + 3d:52:49:4a:8e:d4:65:16:f1:7e:c5:9a:2f:08:de: + 95:b5:02:54:24:ce:36:70:6c:48:07:a8:3b:ad:2e: + a0:41:d2:c6:84:06:62:c7:ec:e0:d0:9c:bf:a1:13: + 7c:51:df:ab:7c:da:1d:02:f7:70:9e:e6:7b:8a:af: + 75:f4:99:27:17:32:9f:b2:95:dc:3c:f8:80:4f:a3: + 1e:82:0b:48:79:6a:ba:11:e0:65:2e:07:fe:74:db: + 28:c0:99:f6:72:be:03:2a:5e:22:4d:25:43:6d:39: + 97:76:ae:d4:58:8d:0a:23:4c:5a:89:48:55:7d:2b: + 8e:7d:cc:95:5a:47:30:34:b3:4c:98:00:4f:30:28: + d9:c5:2d:2b:0f:79:b5:1a:19:73:58:fe:74:d2:50: + d8:5e:a0:40:0e:44:c3:ec:6d:5f:6e:ac:86:ab:43: + af:a7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 89:46:0C:BD:AB:A9:64:95:21:BF:40:3B:0A:35:60:B7:EA:20:4F:F9 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + Signature Value: + 17:78:1c:ee:69:6f:a9:3a:14:f6:48:e8:2f:c9:23:3c:f1:83: + c0:99:20:b6:21:cc:10:e1:22:06:cd:de:cc:e3:3c:fc:60:23: + 47:fa:df:03:7f:6a:1e:3b:6a:8c:fd:66:64:9d:3f:57:89:62: + 41:23:a7:30:c7:f2:58:40:aa:b9:dc:69:74:3e:b4:cd:fc:54: + 1e:2a:b5:6a:02:62:11:b6:d7:f9:6a:0f:31:37:45:9d:24:34: + a6:40:d5:82:1f:0c:a3:ec:53:32:b6:57:64:9d:49:60:bc:3c: + 4d:57:b1:f5:a0:3e:c0:50:c5:12:56:70:66:4b:bb:f6:19:3b: + a3:23:58:c3:c5:8e:51:5a:71:f6:a8:c6:e9:82:c8:d7:77:13: + 6d:27:d0:28:67:de:64:c9:df:db:2a:f1:0f:0d:e4:ba:5b:bc: + 46:5e:bb:a9:7a:50:b3:54:83:e4:fa:b2:3e:18:03:06:d1:d5: + 5c:50:45:25:47:9b:33:7e:3c:f3:c4:f4:c6:79:ad:e8:63:28: + f1:2c:05:08:de:83:db:3e:41:df:5d:eb:6e:53:12:51:f8:fb: + c4:e4:c5:dd:b1:72:e2:ae:f7:25:6c:e1:f4:aa:50:b8:b5:7c: + cf:78:f3:9b:dc:e3:7d:86:f3:54:79:2e:7e:b9:e4:3b:ce:e3: + 37:4b:9f:72 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwm4wDQYJKoZIhvcNAQEFBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0wODEwMzAwMDAwMDBaFw0xNjEyMzAwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFXbXpuPOiqAG3O8DjiYnMYAQ2GurRUppL +a29cgAnpuYlJU098ydMELnyRT7cx3jj8GDdTnn9OagNo31MblQYQiFwSYaFzTsmk +4FRmFW/xE6irgh31MKT1TD1SSUqO1GUW8X7Fmi8I3pW1AlQkzjZwbEgHqDutLqBB +0saEBmLH7ODQnL+hE3xR36t82h0C93Ce5nuKr3X0mScXMp+yldw8+IBPox6CC0h5 +aroR4GUuB/502yjAmfZyvgMqXiJNJUNtOZd2rtRYjQojTFqJSFV9K459zJVaRzA0 +s0yYAE8wKNnFLSsPebUaGXNY/nTSUNheoEAORMPsbV9urIarQ6+nAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSJRgy9q6lklSG/QDsKNWC36iBP+TAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOC +AQEAF3gc7mlvqToU9kjoL8kjPPGDwJkgtiHMEOEiBs3ezOM8/GAjR/rfA39qHjtq +jP1mZJ0/V4liQSOnMMfyWECqudxpdD60zfxUHiq1agJiEbbX+WoPMTdFnSQ0pkDV +gh8Mo+xTMrZXZJ1JYLw8TVex9aA+wFDFElZwZku79hk7oyNYw8WOUVpx9qjG6YLI +13cTbSfQKGfeZMnf2yrxDw3kulu8Rl67qXpQs1SD5PqyPhgDBtHVXFBFJUebM348 +88T0xnmt6GMo8SwFCN6D2z5B313rblMSUfj7xOTF3bFy4q73JWzh9KpQuLV8z3jz +m9zjfYbzVHkufrnkO87jN0ufcg== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/sha1_leaf.pem b/pki/testdata/ssl/certificates/sha1_leaf.pem new file mode 100644 index 0000000000..159eacdacd --- /dev/null +++ b/pki/testdata/ssl/certificates/sha1_leaf.pem @@ -0,0 +1,113 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC9o+TdWyQ2AkBd +6MXG42PIyEXvsufPWoZG2ZReNf3amGoh0CmUXffA7jFiJUDqBy/K/Cyuf7IBGgfG +SA9KM2kTUbvMMR0uXqrx0hlPDaZRg0DFwBBFl7WrRUjE6ivlI8XadwBKTc8EIZOr +xtm22PA2z1HCbE7pLvuA0s4kJ1kbhYkUQneEhqiahC2tsuOMj90lI0T6ChgjCb1r +8Odgr0MOH3hkhyo+NlRSKpI0ZKlwuAA4UdBxyII5YmCcd3U9dHYviEezZ4AQwWEd +CjUaNkrfNewDatDf97LTrPo9VY6BTq3g77LLlpW93roTiVhEQb8YjrKS4jjmIQEN +tzTnh7GxAgMBAAECggEBAJQqbTIVd6FK+QdmSsAuAVRqRVoWKc90Jt1MOgOxo3kb +BDEO9q2ZDW2LrMHF4YX3v3uUs0RTOLxrng9pVajfqgUSIuxSoz4LcPwm7uc4/u1I +416dxRjag3IhW82eOFV7MaaSu4NSb6AGq93WK1wU+vmX2YVSIgVGU/I+whi1NYWt +4Cq72f0E30F72G1+OrBZpdJpojSVOfRZY+VK8CIphNLtXlCzNv2omfTfvmyfEi02 +vsxFylck6ULmQNFbuIaVrAJx5giAW8VFnvs/6NatyO+xOdelrgYJ/q+UQwvtstD2 +qVoxV2a3mDQ0djoK6GZmFFwGy2BDlnFrEpugXjqgEdECgYEA+5SQuBLX1Xd4W7H6 +WLxljobf7ACLd9vpgPmhtEpWTHFRdvdYrhc8Gs/FIEIGNoIFimZJZ0+DzOfULep8 +2WYMheIahYOK+4nZfHyZbf2pdiXaNukX0C/wwTsACuTBOWC4GH0v1LYkYykDlCyf +MrFKuS9WjGFPB893s5M7lClpn3sCgYEAwPjDyGYmRif4ZGe4GfL1+vbmHJu0bd+3 +n4FfwEpvaBn2xrNjcT+tc9uANN6knAccT9krWtmthJ+SYQ21hlTinbpzYC6/4Olf +BcKA4EbQTr9EV3IeqI5PRkMMJ4VKzfbskLSrcO6YGZq7dVfhULRFGms7wHx+ijJP +xP7gsNOQdcMCgYEA9McvK7pBwBP2yhjYAQCFO3ClbEV3bY5NmkzIddeiMcxLvBmb +cf9vXpLrNKCo1N4bL/an0tn93h9uRaKSCSAObTF6Jo+/aVBNiJ7e1bLp7+eScrzG +i6wpbojOWMsL6ZzeYg1jvW3e55AfSEtGNhdkIdwaNIn1UB8fU1ycqmLEvwMCgYBj +ZwF7Flt64hYKqn7kJwpcp5grfm1397jf2kXXiMBQkKdU/Y0pBhM0TgqBsXp7wRHt +c8Hof57pZUWC5wvt0YYWl7fdANfoZG6FSgcXAINHPTFYFjoCu6PMXrdBGGFLLXn4 +pIh3mQASmGkd7hHrf6DlFf3mjnqkd3wtztkxXRnZ/wKBgQCBEMMJa19ONAdVWtP9 +G2QeqthDPoMJDbvUAbjPoxUwBhN8vIObeamWsaKU9zbuDPpNaKw5pq6PdEFPOttu +i4du0hSRW/tH8XBa8lKdbGak8/KMLesfd3BKKLhwLe8Zr7l7n0br920MTWKbKuqM +ZAEGf9m7isatL4lNdngVXV2aUA== +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:82 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:30 2022 GMT + Not After : Oct 2 17:20:30 2024 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:a3:e4:dd:5b:24:36:02:40:5d:e8:c5:c6:e3: + 63:c8:c8:45:ef:b2:e7:cf:5a:86:46:d9:94:5e:35: + fd:da:98:6a:21:d0:29:94:5d:f7:c0:ee:31:62:25: + 40:ea:07:2f:ca:fc:2c:ae:7f:b2:01:1a:07:c6:48: + 0f:4a:33:69:13:51:bb:cc:31:1d:2e:5e:aa:f1:d2: + 19:4f:0d:a6:51:83:40:c5:c0:10:45:97:b5:ab:45: + 48:c4:ea:2b:e5:23:c5:da:77:00:4a:4d:cf:04:21: + 93:ab:c6:d9:b6:d8:f0:36:cf:51:c2:6c:4e:e9:2e: + fb:80:d2:ce:24:27:59:1b:85:89:14:42:77:84:86: + a8:9a:84:2d:ad:b2:e3:8c:8f:dd:25:23:44:fa:0a: + 18:23:09:bd:6b:f0:e7:60:af:43:0e:1f:78:64:87: + 2a:3e:36:54:52:2a:92:34:64:a9:70:b8:00:38:51: + d0:71:c8:82:39:62:60:9c:77:75:3d:74:76:2f:88: + 47:b3:67:80:10:c1:61:1d:0a:35:1a:36:4a:df:35: + ec:03:6a:d0:df:f7:b2:d3:ac:fa:3d:55:8e:81:4e: + ad:e0:ef:b2:cb:96:95:bd:de:ba:13:89:58:44:41: + bf:18:8e:b2:92:e2:38:e6:21:01:0d:b7:34:e7:87: + b1:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 1F:90:87:C1:2E:EE:B4:70:94:B3:39:33:71:D2:37:34:19:46:7C:40 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + Signature Value: + 08:e7:3e:ac:bf:41:a5:98:43:ca:44:41:ad:8f:8c:1b:fe:b7: + 77:1e:cb:d4:fb:5b:a2:d9:ce:88:07:9e:ef:7b:91:3b:67:a2: + e4:3b:a4:11:b3:8a:54:40:42:ef:38:97:2b:ac:a8:8d:d4:0a: + 7c:e6:d4:a5:3b:d6:48:8d:af:29:e1:fb:e7:72:1b:7b:35:a6: + c3:1d:a5:89:9c:2d:e2:31:31:83:4c:eb:ed:8a:c5:42:71:6c: + 8e:50:4b:76:98:11:4d:48:3d:ad:14:d1:44:05:3d:70:91:83: + 13:d5:9d:85:fa:de:ea:a0:99:e8:3e:f0:fa:aa:59:93:ef:78: + 6e:c8:e8:ee:94:3c:8b:35:35:7a:2a:75:3a:53:55:2c:de:68: + 73:9a:7f:f3:b8:da:e4:4a:13:18:f6:46:53:7f:ad:65:29:13: + bb:23:84:56:08:77:f6:b7:84:fe:ca:2c:24:0d:4a:68:81:bf: + d2:44:bf:f6:1d:74:5d:dc:77:b1:1c:23:25:62:f0:b9:7a:62: + a7:15:4b:18:c4:19:9f:3c:4d:ef:33:49:17:a6:09:66:80:de: + 7b:50:f5:33:0a:7f:28:23:99:a3:ca:82:a1:a7:ba:f2:44:a9: + 17:a3:9c:75:86:f2:cd:3b:8c:af:61:28:cd:57:f0:ab:83:c8: + 12:87:59:f3 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwoIwDQYJKoZIhvcNAQEFBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMzBaFw0yNDEwMDIxNzIwMzBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9o+TdWyQ2AkBd6MXG42PIyEXvsufPWoZG +2ZReNf3amGoh0CmUXffA7jFiJUDqBy/K/Cyuf7IBGgfGSA9KM2kTUbvMMR0uXqrx +0hlPDaZRg0DFwBBFl7WrRUjE6ivlI8XadwBKTc8EIZOrxtm22PA2z1HCbE7pLvuA +0s4kJ1kbhYkUQneEhqiahC2tsuOMj90lI0T6ChgjCb1r8Odgr0MOH3hkhyo+NlRS +KpI0ZKlwuAA4UdBxyII5YmCcd3U9dHYviEezZ4AQwWEdCjUaNkrfNewDatDf97LT +rPo9VY6BTq3g77LLlpW93roTiVhEQb8YjrKS4jjmIQENtzTnh7GxAgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQfkIfBLu60cJSzOTNx0jc0GUZ8QDAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOC +AQEACOc+rL9BpZhDykRBrY+MG/63dx7L1PtbotnOiAee73uRO2ei5DukEbOKVEBC +7ziXK6yojdQKfObUpTvWSI2vKeH753IbezWmwx2liZwt4jExg0zr7YrFQnFsjlBL +dpgRTUg9rRTRRAU9cJGDE9Wdhfre6qCZ6D7w+qpZk+94bsjo7pQ8izU1eip1OlNV +LN5oc5p/87ja5EoTGPZGU3+tZSkTuyOEVgh39reE/sosJA1KaIG/0kS/9h10Xdx3 +sRwjJWLwuXpipxVLGMQZnzxN7zNJF6YJZoDee1D1Mwp/KCOZo8qCoae68kSpF6Oc +dYbyzTuMr2EozVfwq4PIEodZ8w== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/spdy_pooling.pem b/pki/testdata/ssl/certificates/spdy_pooling.pem new file mode 100644 index 0000000000..b5eb200758 --- /dev/null +++ b/pki/testdata/ssl/certificates/spdy_pooling.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:30:58:00:41:4d:22:20:68:ab:c8:5e:5f:9d:57:82:9c:c3:a2:1e + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Validity + Not Before: Oct 3 17:20:09 2022 GMT + Not After : Sep 30 17:20:09 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ec:e4:cc:ed:ab:60:cd:e3:0f:5c:3c:29:73:cf: + 6e:a4:52:c4:dc:49:d6:2f:d5:cd:26:56:3d:3d:aa: + c6:69:d7:ad:7a:47:ea:84:73:aa:85:b8:95:13:85: + ea:9b:01:5c:ef:53:62:4f:92:61:9a:bd:64:7d:fa: + ce:ea:08:06:b5:c0:48:9f:db:a6:90:c1:26:26:bc: + c2:44:47:18:37:16:d8:63:5a:e9:bf:23:f9:46:d6: + 65:0c:53:3b:b3:0e:d1:de:f7:d6:81:fe:0e:75:c4: + 5d:38:45:28:17:98:c8:99:bf:9a:60:ec:b0:36:38: + 9b:9e:36:57:e9:8a:51:d3:ee:1b:23:9b:18:db:31: + dc:3f:1c:02:b6:c5:73:2f:f5:90:71:7f:a1:ab:f3: + 24:d6:d5:b4:5c:4f:37:eb:ca:44:55:9a:86:65:24: + 78:56:04:b9:3a:63:f9:f7:26:2f:8d:bc:98:9c:19: + 68:4d:f8:30:df:6c:30:32:31:75:3b:54:e7:7c:d3: + b0:05:c5:98:66:1c:f9:73:c4:b0:c2:83:67:c3:30: + 79:6f:60:1f:0b:0c:67:6b:22:2c:cb:16:3d:73:1b: + 8c:a0:a3:30:f1:db:9a:fc:0e:45:bb:7e:b4:03:a2: + 33:d2:d3:cb:98:95:ec:66:f6:2e:51:e9:85:14:8d: + 13:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:www.example.org, DNS:mail.example.org, DNS:mail.example.com, DNS:example.test + X509v3 Subject Key Identifier: + 21:E7:36:0A:62:36:97:A3:5E:52:97:4A:73:AE:2B:1C:3E:25:C7:6C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4b:83:37:e0:92:ee:31:5c:ed:d7:4f:c8:10:7c:82:49:82:72: + fd:d5:b0:b1:be:fb:a5:62:f8:9b:17:68:82:b9:f1:2a:d5:80: + 3a:e5:73:2c:f9:bc:86:c0:8c:3a:69:36:63:60:c5:fb:d3:b9: + 3b:87:8b:05:14:58:88:f5:87:50:e8:7c:c2:21:a7:66:ed:b4: + 7f:12:86:71:6b:93:cb:a8:68:4b:5b:a6:a9:1b:8a:f0:f2:41: + b5:eb:eb:62:a3:f8:b6:e4:97:f2:4b:5b:47:45:3f:a5:50:74: + a9:07:1d:2a:d7:7b:d5:57:91:6d:c2:ed:fa:2e:42:6d:19:2b: + eb:4b:d6:3c:2b:c9:ac:1d:5e:11:1e:b8:cb:d7:fa:b3:4f:39: + b6:1b:9f:b0:e0:27:96:a3:cc:7b:03:f0:0e:dc:34:3f:b6:fb: + 66:7b:d1:1b:a7:49:ec:f3:d5:fd:60:7c:54:ed:c1:ac:3c:a0: + 54:6f:62:d4:5b:99:39:09:e5:c2:9b:21:5e:8d:76:59:0f:b5: + 6d:8d:cb:b6:bb:21:ea:cb:33:9a:2c:14:ca:51:8b:26:3a:ce: + 9f:2d:5f:d2:ad:9d:8d:c7:2b:30:7e:40:40:43:94:83:c4:09: + 25:79:c0:fb:43:05:02:a8:93:b3:60:3f:fa:63:21:27:a3:eb: + 8b:0f:06:33 +-----BEGIN CERTIFICATE----- +MIIDvTCCAqWgAwIBAgIUCjBYAEFNIiBoq8heX51XgpzDoh4wDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMDlaFw0zMjA5MzAxNzIwMDlaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs5Mztq2DN4w9cPClzz26kUsTcSdYv1c0m +Vj09qsZp1616R+qEc6qFuJUTheqbAVzvU2JPkmGavWR9+s7qCAa1wEif26aQwSYm +vMJERxg3FthjWum/I/lG1mUMUzuzDtHe99aB/g51xF04RSgXmMiZv5pg7LA2OJue +NlfpilHT7hsjmxjbMdw/HAK2xXMv9ZBxf6Gr8yTW1bRcTzfrykRVmoZlJHhWBLk6 +Y/n3Ji+NvJicGWhN+DDfbDAyMXU7VOd807AFxZhmHPlzxLDCg2fDMHlvYB8LDGdr +IizLFj1zG4ygozDx25r8DkW7frQDojPS08uYlexm9i5R6YUUjROJAgMBAAGjbzBt +MEwGA1UdEQRFMEOCD3d3dy5leGFtcGxlLm9yZ4IQbWFpbC5leGFtcGxlLm9yZ4IQ +bWFpbC5leGFtcGxlLmNvbYIMZXhhbXBsZS50ZXN0MB0GA1UdDgQWBBQh5zYKYjaX +o15Sl0pzriscPiXHbDANBgkqhkiG9w0BAQsFAAOCAQEAS4M34JLuMVzt10/IEHyC +SYJy/dWwsb77pWL4mxdogrnxKtWAOuVzLPm8hsCMOmk2Y2DF+9O5O4eLBRRYiPWH +UOh8wiGnZu20fxKGcWuTy6hoS1umqRuK8PJBtevrYqP4tuSX8ktbR0U/pVB0qQcd +Ktd71VeRbcLt+i5CbRkr60vWPCvJrB1eER64y9f6s085thufsOAnlqPMewPwDtw0 +P7b7ZnvRG6dJ7PPV/WB8VO3BrDygVG9i1FuZOQnlwpshXo12WQ+1bY3Ltrsh6ssz +miwUylGLJjrOny1f0q2djccrMH5AQEOUg8QJJXnA+0MFAqiTs2A/+mMhJ6Priw8G +Mw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/start_after_expiry.pem b/pki/testdata/ssl/certificates/start_after_expiry.pem new file mode 100644 index 0000000000..bd6eacc037 --- /dev/null +++ b/pki/testdata/ssl/certificates/start_after_expiry.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:76 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Sep 1 00:00:00 2018 GMT + Not After : Apr 2 00:00:00 2015 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e7:1f:c0:bc:e7:c2:07:2d:13:9c:c8:c9:8a:89: + a7:fd:63:87:c5:2a:b0:f5:e4:e0:08:af:e2:c3:f1: + 8c:02:f1:20:7a:9d:09:c0:c7:24:ef:61:04:e3:c9: + da:36:60:d5:8e:84:c9:4f:cc:ba:88:eb:00:a7:92: + 46:47:69:e2:89:50:90:63:55:49:9e:4c:fb:3a:c6: + 92:90:4d:69:b5:d8:85:3b:d6:dd:c5:62:e8:da:51: + 62:4e:0f:61:82:e1:72:6b:37:ac:34:f4:92:fb:17: + d9:d4:52:ec:c5:e5:96:f7:e3:8f:f1:c7:a0:f4:de: + bf:5d:d7:74:72:6f:41:60:9f:51:ed:93:08:48:7c: + c8:44:1d:6b:30:d4:1f:67:88:1b:1e:8e:bf:83:18: + d2:cd:46:78:62:e4:1c:ac:be:48:0b:56:db:7c:b9: + b9:4f:97:3a:51:c1:14:37:c9:87:56:c2:19:5e:93: + d6:fc:75:99:88:fd:9b:f5:bc:ab:0c:2f:77:86:bf: + 4d:2c:05:84:2e:82:61:f7:7d:0a:c3:fd:80:46:bd: + 1b:46:b8:15:6a:91:2f:de:5f:bd:c2:cb:76:77:59: + 03:90:c9:6d:e3:19:df:d2:f0:cc:6c:ef:ff:92:e9: + 27:39:5a:0f:e2:a6:49:5f:f9:0f:e4:10:d0:76:9b: + 5c:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + F1:42:EA:7F:63:33:BE:07:0C:EE:F1:61:42:F0:3F:7D:1E:D5:26:52 + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + ac:f3:da:f2:75:15:ff:95:c9:14:47:22:c3:b6:fc:b2:93:3b: + 33:7a:c0:81:71:f3:95:33:90:55:08:89:c1:1b:b7:06:f5:9c: + 43:59:90:2a:b0:9c:4b:91:f1:40:c0:c5:71:80:64:1e:f1:b3: + 1c:45:b9:d3:05:f8:1a:2d:76:a5:47:5c:f9:bc:66:66:0c:11: + 04:af:f2:3b:ef:ff:50:46:1e:70:45:d3:14:b0:a4:4a:d3:8c: + 99:e4:e3:a1:c8:7d:83:18:29:b8:3d:ca:ad:5c:b0:cf:ea:47: + 73:eb:85:c2:85:99:b7:68:c5:c5:bd:f2:c6:75:b7:65:e7:74: + da:39:fa:b7:dc:9f:a9:f6:fd:e7:d4:70:91:b3:42:8a:71:38: + 2e:e3:c3:2a:35:6f:08:56:21:35:81:89:46:ca:e1:05:a7:f6: + 60:f5:b0:b3:44:3a:23:43:f3:e8:99:a3:7b:f8:42:2e:60:e5: + a6:ab:3f:06:20:70:2f:69:d7:bb:95:87:01:5d:16:31:c0:b7: + 97:09:0c:02:c4:20:b1:ab:15:ef:be:05:98:eb:41:a6:eb:eb: + e1:90:43:e6:b1:5f:d6:61:a4:18:bd:8a:6e:00:47:a7:58:a0: + 67:df:ea:09:a7:81:c3:5a:58:a9:ee:ac:f6:8b:2a:38:57:25: + b7:a6:38:36 +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIRALBrk5LjXI1+7Z3IllnFwnYwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0xODA5MDEwMDAwMDBaFw0xNTA0MDIwMDAwMDBaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnH8C858IHLROcyMmKiaf9Y4fFKrD15OAI +r+LD8YwC8SB6nQnAxyTvYQTjydo2YNWOhMlPzLqI6wCnkkZHaeKJUJBjVUmeTPs6 +xpKQTWm12IU71t3FYujaUWJOD2GC4XJrN6w09JL7F9nUUuzF5Zb344/xx6D03r9d +13Ryb0Fgn1HtkwhIfMhEHWsw1B9niBsejr+DGNLNRnhi5BysvkgLVtt8ublPlzpR +wRQ3yYdWwhlek9b8dZmI/Zv1vKsML3eGv00sBYQugmH3fQrD/YBGvRtGuBVqkS/e +X73Cy3Z3WQOQyW3jGd/S8Mxs7/+S6Sc5Wg/ipklf+Q/kENB2m1z/AgMBAAGjgYAw +fjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTxQup/YzO+Bwzu8WFC8D99HtUmUjAf +BgNVHSMEGDAWgBSbJguKmKm7HbkfHOMaQDPtjheIqzAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEArPPa8nUV/5XJFEciw7b8spM7M3rAgXHzlTOQVQiJwRu3BvWcQ1mQKrCcS5Hx +QMDFcYBkHvGzHEW50wX4Gi12pUdc+bxmZgwRBK/yO+//UEYecEXTFLCkStOMmeTj +och9gxgpuD3KrVywz+pHc+uFwoWZt2jFxb3yxnW3Zed02jn6t9yfqfb959RwkbNC +inE4LuPDKjVvCFYhNYGJRsrhBaf2YPWws0Q6I0Pz6Jmje/hCLmDlpqs/BiBwL2nX +u5WHAV0WMcC3lwkMAsQgsasV774FmOtBpuvr4ZBD5rFf1mGkGL2KbgBHp1igZ9/q +CaeBw1pYqe6s9osqOFclt6Y4Ng== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/subjectAltName_sanity_check.pem b/pki/testdata/ssl/certificates/subjectAltName_sanity_check.pem new file mode 100644 index 0000000000..429273a99c --- /dev/null +++ b/pki/testdata/ssl/certificates/subjectAltName_sanity_check.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1a:3e:ff:08:8f:68:f4:e8:be:f8:a2:78:86:91:fa:b1:0b:a3:8c:1f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Validity + Not Before: Oct 3 17:20:09 2022 GMT + Not After : Sep 30 17:20:09 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:41:20:46:ee:74:19:2c:9b:0c:2e:e8:63:1b: + 40:7a:76:f9:3b:33:9f:bb:61:3b:dc:a1:71:fb:3d: + e4:df:7b:2f:0f:17:91:88:3f:9d:33:93:bc:12:29: + ab:7e:6f:4b:04:68:3c:33:b4:79:02:d8:3d:df:fb: + 9a:ee:29:de:24:7f:6d:49:00:76:5d:12:fe:d4:1b: + f8:3d:e5:08:e3:ea:22:ef:85:7e:5d:55:e1:e3:7b: + a1:84:c8:87:06:7b:08:97:ff:b9:cb:94:b9:c4:34: + fb:77:29:df:23:e3:19:96:8f:5f:5d:cd:95:5e:f0: + a5:ff:cf:91:b6:4d:a6:8a:f3:7d:7f:f8:22:8c:c9: + 27:0b:a5:37:37:a2:99:e4:79:ee:6d:73:1d:c9:a8: + 78:ba:f8:2a:aa:a0:3e:8b:8d:59:87:39:05:f1:eb: + 48:49:47:28:12:30:28:50:80:2a:67:3b:af:68:88: + bd:c0:f1:38:da:4f:d3:7b:15:86:6f:c8:b7:61:5f: + c5:af:ca:34:a2:72:b0:59:03:2c:8d:4d:f2:e7:ad: + d0:d7:1a:cc:8f:2d:5c:d1:41:ea:21:1a:e9:90:2e: + 63:99:90:28:1e:86:73:95:7d:7b:d7:eb:e7:af:2a: + 16:60:38:d7:b0:34:71:65:a6:d3:bd:53:91:99:20: + e0:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Alternative Name: + IP Address:127.0.0.2, IP Address:FE80:0:0:0:0:0:0:1, DNS:test.example, email:test@test.example, othername: 1.2.3.4::ignore me, DirName:/CN=127.0.0.3 + X509v3 Subject Key Identifier: + 67:95:3C:20:E0:D7:34:9E:D5:30:BE:B9:73:91:6F:0D:9B:96:3F:05 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 77:e7:81:56:2c:c2:10:36:0f:45:13:2c:9e:6d:9b:ef:ab:6d: + 50:e9:5f:3e:5f:93:9e:9a:81:24:76:5f:13:d3:b5:87:d5:c5: + d6:e4:55:3b:c1:18:35:a1:27:aa:91:fc:90:dd:8a:c8:2e:1f: + 1e:17:4b:20:92:6e:fb:13:40:54:02:ea:cb:be:27:cf:c5:c0: + a7:29:47:74:07:ff:10:a6:98:00:cd:38:19:b4:14:43:3f:ec: + a1:8b:ff:47:6b:2c:ae:4b:08:d5:a0:9b:95:e3:76:56:1e:05: + 6f:26:3e:00:92:4b:4b:b8:e0:db:71:7a:61:93:72:ed:a2:f6: + 91:13:59:cf:62:d5:03:a2:09:96:ba:27:3c:82:38:dc:2d:8c: + 83:f9:ff:df:19:6b:a5:1a:b2:98:74:48:9f:e2:46:c7:70:3f: + c9:f0:ef:3b:35:3b:03:bb:f0:a6:84:6c:c1:8b:67:fc:de:c7: + ce:1d:2c:15:5f:46:4e:0f:b3:78:51:a1:7c:48:08:2b:c1:63: + e8:95:ba:41:23:96:ef:f2:9c:53:be:ed:97:19:bd:f0:2f:bc: + d1:16:e8:be:c4:6e:08:8f:a1:3d:95:48:c8:ea:68:4c:82:4b: + 4c:21:da:07:60:d6:b7:6d:09:35:7d:53:83:cf:e6:49:28:00: + 16:12:ed:17 +-----BEGIN CERTIFICATE----- +MIID8jCCAtqgAwIBAgIUGj7/CI9o9Oi++KJ4hpH6sQujjB8wDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMDlaFw0zMjA5MzAxNzIwMDlaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkQSBG7nQZLJsMLuhjG0B6dvk7M5+7YTvc +oXH7PeTfey8PF5GIP50zk7wSKat+b0sEaDwztHkC2D3f+5ruKd4kf21JAHZdEv7U +G/g95Qjj6iLvhX5dVeHje6GEyIcGewiX/7nLlLnENPt3Kd8j4xmWj19dzZVe8KX/ +z5G2TaaK831/+CKMyScLpTc3opnkee5tcx3JqHi6+CqqoD6LjVmHOQXx60hJRygS +MChQgCpnO69oiL3A8TjaT9N7FYZvyLdhX8WvyjSicrBZAyyNTfLnrdDXGsyPLVzR +QeohGumQLmOZkCgehnOVfXvX6+evKhZgONewNHFlptO9U5GZIOA5AgMBAAGjgaMw +gaAwDwYDVR0TAQH/BAUwAwEB/zBuBgNVHREEZzBlhwR/AAAChxD+gAAAAAAAAAAA +AAAAAAABggx0ZXN0LmV4YW1wbGWBEXRlc3RAdGVzdC5leGFtcGxloBIGAyoDBKAL +DAlpZ25vcmUgbWWkFjAUMRIwEAYDVQQDDAkxMjcuMC4wLjMwHQYDVR0OBBYEFGeV +PCDg1zSe1TC+uXORbw2blj8FMA0GCSqGSIb3DQEBCwUAA4IBAQB354FWLMIQNg9F +EyyebZvvq21Q6V8+X5OemoEkdl8T07WH1cXW5FU7wRg1oSeqkfyQ3YrILh8eF0sg +km77E0BUAurLvifPxcCnKUd0B/8QppgAzTgZtBRDP+yhi/9HayyuSwjVoJuV43ZW +HgVvJj4AkktLuODbcXphk3LtovaRE1nPYtUDogmWuic8gjjcLYyD+f/fGWulGrKY +dEif4kbHcD/J8O87NTsDu/CmhGzBi2f83sfOHSwVX0ZOD7N4UaF8SAgrwWPolbpB +I5bv8pxTvu2XGb3wL7zRFui+xG4Ij6E9lUjI6mhMgktMIdoHYNa3bQk1fVODz+ZJ +KAAWEu0X +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/subjectAltName_www_example_com.pem b/pki/testdata/ssl/certificates/subjectAltName_www_example_com.pem new file mode 100644 index 0000000000..7ece351744 --- /dev/null +++ b/pki/testdata/ssl/certificates/subjectAltName_www_example_com.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:cb:fb:30:6a:43:63:80:cb:8a:91:20:df:86:df:d9:df:c5:35:d0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Validity + Not Before: Oct 3 17:20:09 2022 GMT + Not After : Sep 30 17:20:09 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = 127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:d7:35:26:24:ab:bd:83:85:71:3e:dc:9e:41: + a6:d4:bf:b9:20:c6:ca:37:f5:0e:dc:4a:23:f3:74: + 24:c9:7a:e2:68:0c:13:2d:11:95:cd:f9:77:61:39: + db:42:c8:2c:b0:b3:eb:64:09:5c:a4:66:58:08:99: + 85:3c:45:a7:75:f3:08:87:90:78:bc:09:e9:29:62: + 54:da:15:57:4f:50:f1:6e:14:9e:f3:58:1e:d1:be: + 4e:a2:6f:0a:fa:1c:f5:7b:5f:05:28:74:69:6e:2a: + 10:fb:9b:aa:e2:30:fa:62:9a:ec:e1:28:ce:d8:38: + 79:99:f6:86:09:44:e4:4f:f4:39:26:04:b5:3d:4a: + e4:d0:58:71:e7:24:c7:94:7d:84:68:d8:48:b3:6f: + e6:99:41:e4:d7:b3:9a:d2:41:f6:14:5f:46:33:58: + cb:d4:ce:2c:46:17:2a:9e:17:9c:e4:c1:bd:57:33: + 5a:7c:b5:31:09:59:8c:a2:de:5b:ee:9d:1b:6a:b8: + ab:c0:b4:90:65:f9:2d:de:9e:d5:34:37:16:2f:84: + c7:23:1e:46:0b:66:d4:7a:73:80:bc:6c:f8:20:7b: + c3:6e:25:fb:27:4b:1f:82:3f:68:c6:fd:9f:a7:88: + be:3e:4a:e6:53:02:04:b6:dd:5c:3c:75:b2:5b:de: + 7f:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Alternative Name: + DNS:www.example.com + X509v3 Subject Key Identifier: + BF:A7:72:AF:07:02:68:D6:D1:00:15:E6:D3:03:9A:0E:91:38:27:2F + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 24:e4:5a:62:e3:13:50:78:d2:ff:c2:27:51:47:99:62:ac:93: + 43:b1:51:6f:e5:b6:49:86:50:88:9c:88:8e:a5:00:a9:48:39: + b7:c5:99:41:96:83:66:1a:40:6e:06:90:48:33:9a:74:fe:d4: + be:29:7e:d9:4d:e3:58:0e:17:47:1b:35:14:12:a9:09:ca:07: + 38:74:fd:59:e4:7a:b7:d8:70:91:6b:02:c9:01:97:77:59:ac: + 27:b5:7c:38:6c:59:83:2e:15:eb:25:27:b7:63:28:39:c8:9a: + 14:5a:4a:c9:35:b4:dd:1c:d8:a1:2d:89:12:94:ad:c2:11:70: + 2e:cb:3f:3d:c0:ad:66:f1:da:8f:d8:db:98:02:6f:e0:46:c6: + c1:cb:f3:86:ed:6f:7a:b6:6d:86:7e:12:8b:74:a5:06:87:3d: + d8:c4:08:9d:1b:e9:55:5c:49:80:33:b5:36:ec:3e:87:7b:4e: + 63:45:a0:28:c7:c8:ce:41:22:2b:d3:f9:3a:a5:20:ff:24:d6: + 19:41:a6:ee:20:40:12:ad:c9:e0:be:56:0a:b7:8f:60:db:47: + 80:50:46:f6:cf:d9:39:73:1a:25:e1:4a:62:2f:f5:5b:89:75: + 85:f6:ea:8a:18:59:8a:9d:1b:cf:5c:d4:9c:f2:9c:cd:1b:d0: + e9:d8:62:5f +-----BEGIN CERTIFICATE----- +MIIDnDCCAoSgAwIBAgIUPMv7MGpDY4DLipEg34bf2d/FNdAwDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w +LjAuMTAeFw0yMjEwMDMxNzIwMDlaFw0zMjA5MzAxNzIwMDlaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD1zUmJKu9g4VxPtyeQabUv7kgxso39Q7c +SiPzdCTJeuJoDBMtEZXN+XdhOdtCyCyws+tkCVykZlgImYU8Rad18wiHkHi8Cekp +YlTaFVdPUPFuFJ7zWB7Rvk6ibwr6HPV7XwUodGluKhD7m6riMPpimuzhKM7YOHmZ +9oYJRORP9DkmBLU9SuTQWHHnJMeUfYRo2Eizb+aZQeTXs5rSQfYUX0YzWMvUzixG +FyqeF5zkwb1XM1p8tTEJWYyi3lvunRtquKvAtJBl+S3entU0NxYvhMcjHkYLZtR6 +c4C8bPgge8NuJfsnSx+CP2jG/Z+niL4+SuZTAgS23Vw8dbJb3n/zAgMBAAGjTjBM +MA8GA1UdEwEB/wQFMAMBAf8wGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29tMB0G +A1UdDgQWBBS/p3KvBwJo1tEAFebTA5oOkTgnLzANBgkqhkiG9w0BAQsFAAOCAQEA +JORaYuMTUHjS/8InUUeZYqyTQ7FRb+W2SYZQiJyIjqUAqUg5t8WZQZaDZhpAbgaQ +SDOadP7Uvil+2U3jWA4XRxs1FBKpCcoHOHT9WeR6t9hwkWsCyQGXd1msJ7V8OGxZ +gy4V6yUnt2MoOciaFFpKyTW03RzYoS2JEpStwhFwLss/PcCtZvHaj9jbmAJv4EbG +wcvzhu1verZthn4Si3SlBoc92MQInRvpVVxJgDO1Nuw+h3tOY0WgKMfIzkEiK9P5 +OqUg/yTWGUGm7iBAEq3J4L5WCrePYNtHgFBG9s/ZOXMaJeFKYi/1W4l1hfbqihhZ +ip0bz1zUnPKczRvQ6dhiXw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/test_names.pem b/pki/testdata/ssl/certificates/test_names.pem new file mode 100644 index 0000000000..eb8f77ccf2 --- /dev/null +++ b/pki/testdata/ssl/certificates/test_names.pem @@ -0,0 +1,114 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/YhJcAr1m0ACU +h3Byf5G1zDF+1LurMi7E8SLbzYbBxv5nlPVQC2dEtmqcY2C8xgHaQ52lxWVH8sBJ +YzBpglpaBzt9YlbSvE7qXXWmErE/2Nb0EcRE9c5aJMd69b35l7TeebpO/Txba271 +ufRzbmi9EdsjL07f+ZGbzD2h/thmATcRIHvcDaNlmk8gpiRJlZn1KNdNYS5Ma5s8 +W9ddGkLFqRt9PbbWkBK7EdYV2g+1Cvdi2GjCtEX194n3Adx+UePAoXAdjGkAIRZS +supd8RcJkpyt+M3WCPhgHAZitf1ati/ngcTIH/xhe53LR4w7zUB6WqSTN4/3sYoU +9aikl9yZAgMBAAECggEADm3JbpByUScLdCdF7gv6I1eyv5owT/bnmceIVkQHjeJ/ +2bVcTV2euop6PTIs3+6Zwyfn4dChEyyVHLNSuhGu2CzFam2YmCjEVl0Xep7cKDEj ++6C/SGez2A3/0CBo40FxzHgm+L+U5luSMQqFCJLhaKfI+r0dWDuLo9BhMS5yiDYb +3Wgt6HfTdATZ0xiGGacN9iK1VZk/a0BBjtjonJWOcoTRqakFNpU0rd322Y30t87d +rZVwB/fk5a5OEOqDtYknlrD/cK3j9qLtxfidNgK7FzwdTgGTl5S7rGRpiBKAi/9c +7LqdmKNnYJFpOoAHSbrwx1r2Ep4Si1JtswMXKGVzpQKBgQDdw7BLE2AeF2jx1UUM +vh7ljqG8LOa1hS6Bwa0LF84PoHmWL7sOYiyRazO6u9TsbJeQ6WKbVE2oktK1RsfD +/qq60fNzXbRFJeY55BP5pXP8M9dXl4f6ucQbcEOWEStICP7KbTjPlp6Jq2LKVSb4 +hZbiDhpsjFT7eh9H/Xzw16P3RwKBgQDc7bBD0SMIcrQ/gXPJJSDSSSr2A5bdDytx +Fj+I/nZ56mrwXz8M/UCsn11eyH3ypPSk/MvHCZRsSsg0hymJFQg/em+0BeBK/ptq +jk8xc9d1ZyfJaFxUAktuDdb98hqBK8uOF9C9EYm8sw0TTDLTWUA9Cn8LO1zLcSNU +M+1I5ic9HwKBgArwmWTKuuYhH4M2kyZyxpFqfN4MlQEFZeruw/uVHAw3TWg0SJUI +EMzHrhCbLYDQRpXWfY/OE9qqC4z3xekMSh3XN5xMVhVHLllSwA2DtPoPEKN4jTO4 +ME1uN1dS14DBONiBlNjgxEdkVgZHNxnxdSUHrxQFxDd3qc1iWuSCrssHAoGBALM9 +G45JtHR8KwSC0B9WwgQZXINvcgwy7Hm5JR7N4+0RZGVTwOGW7cufF694VcZwUhMx +DVqTyRj6qucC6Y3PxHtLqCiTw97UJd8TSejDJQCZCkx7ILz/h5boH46zxxEZKPJF +HBLokajIU0levrV9aYKca2n/ZU+goJsF7fMA1sDdAoGAMwYcQQ9XJLIVR3c1+cPm +ZXwod+8SRf8cr9G9YxVg74+DzPoC4D6nLLoMztsIEbqs32BROhFAIPkxUx8t3B+w +BAD+gaC3vgesecqPKWY8a7OhyNYKxSAaMp9EH1ywNX456OabzXIrXi8h0UVeEjmL +lrUqZQ2VvXn8/MApYF+5AJg= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:6c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Oct 2 17:20:08 2024 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:62:12:5c:02:bd:66:d0:00:94:87:70:72:7f: + 91:b5:cc:31:7e:d4:bb:ab:32:2e:c4:f1:22:db:cd: + 86:c1:c6:fe:67:94:f5:50:0b:67:44:b6:6a:9c:63: + 60:bc:c6:01:da:43:9d:a5:c5:65:47:f2:c0:49:63: + 30:69:82:5a:5a:07:3b:7d:62:56:d2:bc:4e:ea:5d: + 75:a6:12:b1:3f:d8:d6:f4:11:c4:44:f5:ce:5a:24: + c7:7a:f5:bd:f9:97:b4:de:79:ba:4e:fd:3c:5b:6b: + 6e:f5:b9:f4:73:6e:68:bd:11:db:23:2f:4e:df:f9: + 91:9b:cc:3d:a1:fe:d8:66:01:37:11:20:7b:dc:0d: + a3:65:9a:4f:20:a6:24:49:95:99:f5:28:d7:4d:61: + 2e:4c:6b:9b:3c:5b:d7:5d:1a:42:c5:a9:1b:7d:3d: + b6:d6:90:12:bb:11:d6:15:da:0f:b5:0a:f7:62:d8: + 68:c2:b4:45:f5:f7:89:f7:01:dc:7e:51:e3:c0:a1: + 70:1d:8c:69:00:21:16:52:b2:ea:5d:f1:17:09:92: + 9c:ad:f8:cd:d6:08:f8:60:1c:06:62:b5:fd:5a:b6: + 2f:e7:81:c4:c8:1f:fc:61:7b:9d:cb:47:8c:3b:cd: + 40:7a:5a:a4:93:37:8f:f7:b1:8a:14:f5:a8:a4:97: + dc:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 45:0D:FA:A4:6B:B9:A7:1C:93:E8:AE:AF:C4:13:39:12:D4:2F:E0:5D + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:a.test, DNS:*.a.test, DNS:b.test, DNS:*.b.test, DNS:c.test, DNS:*.c.test, DNS:d.test, DNS:*.d.test + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1c:4e:4c:06:fc:2a:0a:89:2e:de:21:c3:46:99:51:84:89:c0: + 4e:66:10:73:a2:b0:cb:6b:12:e4:eb:bb:a4:56:17:2f:73:7c: + ea:ae:7a:a7:0a:0b:6c:4a:24:2b:f2:82:51:2d:f8:b6:d7:3c: + 03:69:43:cd:cc:1b:85:4b:d9:c4:aa:5e:f7:c6:24:56:1a:61: + 0e:83:89:8f:08:08:93:a9:53:d1:f9:85:e5:d1:2d:05:40:4a: + 90:e1:36:90:3a:4b:4e:5d:ea:dd:e5:b7:ac:07:f1:62:34:6a: + 69:0f:f0:68:cc:6a:cf:47:bd:a7:55:fd:7e:8f:bc:d5:5a:a0: + 1e:b5:0a:e6:4b:53:8a:6f:e9:48:1b:0d:5c:ae:0a:57:07:64: + a6:9e:ea:68:49:76:a3:a0:20:cf:f2:cb:b6:19:2b:2f:69:3f: + 41:50:71:27:db:32:9c:d8:4c:db:bc:c4:c2:c9:12:a4:4a:80: + 65:71:cc:18:06:eb:3c:64:63:31:b5:d2:dc:34:d6:49:70:b0: + bb:98:7a:e3:e2:d4:00:4e:2a:41:7c:d4:70:93:6e:9a:12:26: + c8:4f:3a:e6:4a:b2:04:23:0e:c5:f6:10:d7:9b:ec:86:44:4f: + c0:9d:8d:d1:95:e6:4a:da:5e:81:d2:45:2f:b3:ae:97:fa:0a: + fd:16:c2:2f +-----BEGIN CERTIFICATE----- +MIIEEjCCAvqgAwIBAgIRALBrk5LjXI1+7Z3IllnFwmwwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0yNDEwMDIxNzIwMDhaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/YhJcAr1m0ACUh3Byf5G1zDF+1LurMi7E +8SLbzYbBxv5nlPVQC2dEtmqcY2C8xgHaQ52lxWVH8sBJYzBpglpaBzt9YlbSvE7q +XXWmErE/2Nb0EcRE9c5aJMd69b35l7TeebpO/Txba271ufRzbmi9EdsjL07f+ZGb +zD2h/thmATcRIHvcDaNlmk8gpiRJlZn1KNdNYS5Ma5s8W9ddGkLFqRt9PbbWkBK7 +EdYV2g+1Cvdi2GjCtEX194n3Adx+UePAoXAdjGkAIRZSsupd8RcJkpyt+M3WCPhg +HAZitf1ati/ngcTIH/xhe53LR4w7zUB6WqSTN4/3sYoU9aikl9yZAgMBAAGjgcMw +gcAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURQ36pGu5pxyT6K6vxBM5EtQv4F0w +HwYDVR0jBBgwFoAUmyYLipipux25HxzjGkAz7Y4XiKswHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMFEGA1UdEQRKMEiCBmEudGVzdIIIKi5hLnRlc3SCBmIu +dGVzdIIIKi5iLnRlc3SCBmMudGVzdIIIKi5jLnRlc3SCBmQudGVzdIIIKi5kLnRl +c3QwDQYJKoZIhvcNAQELBQADggEBABxOTAb8KgqJLt4hw0aZUYSJwE5mEHOisMtr +EuTru6RWFy9zfOqueqcKC2xKJCvyglEt+LbXPANpQ83MG4VL2cSqXvfGJFYaYQ6D +iY8ICJOpU9H5heXRLQVASpDhNpA6S05d6t3lt6wH8WI0amkP8GjMas9HvadV/X6P +vNVaoB61CuZLU4pv6UgbDVyuClcHZKae6mhJdqOgIM/yy7YZKy9pP0FQcSfbMpzY +TNu8xMLJEqRKgGVxzBgG6zxkYzG10tw01klwsLuYeuPi1ABOKkF81HCTbpoSJshP +OuZKsgQjDsX2ENeb7IZET8CdjdGV5kraXoHSRS+zrpf6Cv0Wwi8= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/treadclimber.pem b/pki/testdata/ssl/certificates/treadclimber.pem new file mode 100644 index 0000000000..bfbf85945f --- /dev/null +++ b/pki/testdata/ssl/certificates/treadclimber.pem @@ -0,0 +1,227 @@ +=========================================== +Certificate0: 2f3d743c3627324a11549a9e5cfd1845e6dfdd63771509f0903456411c60bda8 +=========================================== +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8c:7f:32:24:e1:a7:ab:96:00:00:00:00:50:ed:50:f3 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K + Validity + Not Before: Feb 7 17:50:22 2019 GMT + Not After : Feb 7 18:20:21 2020 GMT + Subject: C = US, ST = Washington, L = Vancouver, O = "Nautilus, Inc.", CN = Treadclimber.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c5:4a:d9:1b:cb:70:54:d7:7d:57:83:53:8e:22: + ad:aa:d2:41:4a:b7:39:4e:7f:99:66:a9:7e:4f:2b: + a7:ed:17:4c:da:3b:8d:07:bd:f1:90:0b:8d:05:4d: + e0:dc:3c:19:ef:2e:fe:a3:38:30:c4:9e:8d:56:34: + 91:fe:25:65:8d:ad:46:a2:f1:fb:d0:5f:63:73:8d: + 29:f8:09:f6:9c:4d:10:5e:63:5e:bf:66:24:0c:70: + 3b:88:8f:f4:c6:ee:8f:31:68:05:0e:89:7a:7a:96: + 3a:2b:50:71:97:d3:a0:f1:95:49:11:e2:f9:c8:78: + 54:63:e8:6a:db:96:87:2d:de:18:ea:f2:43:4c:8d: + 3f:a5:76:27:fa:d9:e3:25:ba:96:60:9c:9a:9a:a9: + d3:37:3c:9c:49:28:f4:54:ce:c0:2a:e1:ce:9f:de: + f8:b5:3f:d9:1c:aa:9c:3c:9c:d0:f7:67:84:3a:3a: + bf:19:bf:e2:44:b3:13:3a:d5:94:f3:db:eb:67:7e: + da:50:9a:4a:40:e9:46:f6:5f:65:b5:21:ae:e2:4e: + 4d:02:fe:33:7f:b3:aa:0c:9c:cf:97:44:fe:28:15: + 64:26:ca:fb:07:8c:4f:40:b9:df:f5:fb:7b:e4:81: + 0e:85:16:4b:7e:80:74:df:62:3a:dd:1e:30:e8:11: + 3a:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.entrust.net/level1k.crl + + X509v3 Certificate Policies: + Policy: 2.16.840.1.114028.10.1.5 + CPS: http://www.entrust.net/rpa + Policy: 2.23.140.1.2.2 + + Authority Information Access: + OCSP - URI:http://ocsp.entrust.net + CA Issuers - URI:http://aia.entrust.net/l1k-chain256.cer + + X509v3 Subject Alternative Name: + DNS:Treadclimber.com, DNS:www.Treadclimber.com, DNS:bowflexcatalog.com, DNS:www.bowflexcatalog.com, DNS:bowflexhomegyms.com, DNS:www.bowflexhomegyms.com, DNS:bowflexmaxtrainer.com, DNS:www.bowflexmaxtrainer.com, DNS:bowflexselecttech.com, DNS:www.bowflexselecttech.com, DNS:bowflexhvt.com, DNS:www.bowflexhvt.com, DNS:meethvt.com, DNS:www.meethvt.com, DNS:universalhomefitness.com, DNS:www.universalhomefitness.com, DNS:bowflexmaxtrainer.ca, DNS:www.bowflexmaxtrainer.ca, DNS:treadclimber.ca, DNS:www.treadclimber.ca + X509v3 Authority Key Identifier: + keyid:82:A2:70:74:DD:BC:53:3F:CF:7B:D4:F7:CD:7F:A7:60:C6:0A:4C:BF + + X509v3 Subject Key Identifier: + DB:F8:04:79:71:73:4C:9D:47:E0:52:C2:8A:24:7E:C4:A6:14:D2:90 + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha256WithRSAEncryption + 29:86:2a:a0:6f:bf:b7:3b:7e:9e:c3:e1:bb:28:9f:45:9f:0d: + 97:fc:24:a0:9c:28:6e:7c:50:3d:c2:ee:24:50:d1:c3:55:79: + 7b:10:94:50:4c:47:91:f5:f7:b3:d9:05:62:73:26:6f:8d:8e: + 18:b5:44:ae:55:32:0d:9d:12:36:a5:3b:df:d0:c1:07:7b:f4: + a5:8b:7a:64:b6:8b:d1:de:4f:fb:6e:64:a1:e8:95:f4:69:d7: + d3:f3:5c:75:ff:24:da:4e:e5:94:4d:e2:06:dc:87:de:2f:48: + fe:69:8e:77:ac:7f:3c:6b:cc:57:08:a7:9a:c7:9d:b3:37:9b: + 0a:a6:54:0c:a4:08:e8:95:63:73:95:c5:d5:5a:7e:41:57:d2: + a7:ca:45:ba:2c:4d:46:00:2d:3d:95:02:e2:34:08:91:43:7b: + c5:aa:e1:af:cd:f1:f4:f4:b6:e2:43:f6:8d:ff:2d:7a:26:13: + f8:99:be:77:92:90:b9:86:5f:93:2c:c6:61:37:56:0f:2a:1b: + ed:ad:68:fc:16:aa:ef:b6:3e:3e:3c:97:b6:8e:e2:72:ef:cc: + 47:9a:4c:e6:55:ea:b7:81:60:bf:d7:c4:23:a8:06:6e:02:0f: + 85:2b:70:8c:0a:3d:fc:5c:be:21:46:e8:33:0f:dd:18:d3:ad: + 8b:d0:b6:6a + +-----BEGIN CERTIFICATE----- +MIIG4zCCBcugAwIBAgIRAIx/MiThp6uWAAAAAFDtUPMwDQYJKoZIhvcNAQELBQAw +gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL +Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg +MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs +BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN +MTkwMjA3MTc1MDIyWhcNMjAwMjA3MTgyMDIxWjBqMQswCQYDVQQGEwJVUzETMBEG +A1UECBMKV2FzaGluZ3RvbjESMBAGA1UEBxMJVmFuY291dmVyMRcwFQYDVQQKEw5O +YXV0aWx1cywgSW5jLjEZMBcGA1UEAxMQVHJlYWRjbGltYmVyLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVK2RvLcFTXfVeDU44irarSQUq3OU5/ +mWapfk8rp+0XTNo7jQe98ZALjQVN4Nw8Ge8u/qM4MMSejVY0kf4lZY2tRqLx+9Bf +Y3ONKfgJ9pxNEF5jXr9mJAxwO4iP9MbujzFoBQ6JenqWOitQcZfToPGVSRHi+ch4 +VGPoatuWhy3eGOryQ0yNP6V2J/rZ4yW6lmCcmpqp0zc8nEko9FTOwCrhzp/e+LU/ +2RyqnDyc0PdnhDo6vxm/4kSzEzrVlPPb62d+2lCaSkDpRvZfZbUhruJOTQL+M3+z +qgycz5dE/igVZCbK+weMT0C53/X7e+SBDoUWS36AdN9iOt0eMOgROr8CAwEAAaOC +AzEwggMtMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s +ZXZlbDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG+mwKAQUwKDAmBggrBgEFBQcC +ARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUF +BwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYI +KwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNl +cjCCAcMGA1UdEQSCAbowggG2ghBUcmVhZGNsaW1iZXIuY29tghR3d3cuVHJlYWRj +bGltYmVyLmNvbYISYm93ZmxleGNhdGFsb2cuY29tghZ3d3cuYm93ZmxleGNhdGFs +b2cuY29tghNib3dmbGV4aG9tZWd5bXMuY29tghd3d3cuYm93ZmxleGhvbWVneW1z +LmNvbYIVYm93ZmxleG1heHRyYWluZXIuY29tghl3d3cuYm93ZmxleG1heHRyYWlu +ZXIuY29tghVib3dmbGV4c2VsZWN0dGVjaC5jb22CGXd3dy5ib3dmbGV4c2VsZWN0 +dGVjaC5jb22CDmJvd2ZsZXhodnQuY29tghJ3d3cuYm93ZmxleGh2dC5jb22CC21l +ZXRodnQuY29tgg93d3cubWVldGh2dC5jb22CGHVuaXZlcnNhbGhvbWVmaXRuZXNz +LmNvbYIcd3d3LnVuaXZlcnNhbGhvbWVmaXRuZXNzLmNvbYIUYm93ZmxleG1heHRy +YWluZXIuY2GCGHd3dy5ib3dmbGV4bWF4dHJhaW5lci5jYYIPdHJlYWRjbGltYmVy +LmNhghN3d3cudHJlYWRjbGltYmVyLmNhMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU +981/p2DGCky/MB0GA1UdDgQWBBTb+AR5cXNMnUfgUsKKJH7EphTSkDAJBgNVHRME +AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAphiqgb7+3O36ew+G7KJ9Fnw2X/CSgnChu +fFA9wu4kUNHDVXl7EJRQTEeR9fez2QVicyZvjY4YtUSuVTINnRI2pTvf0MEHe/Sl +i3pktovR3k/7bmSh6JX0adfT81x1/yTaTuWUTeIG3IfeL0j+aY53rH88a8xXCKea +x52zN5sKplQMpAjolWNzlcXVWn5BV9KnykW6LE1GAC09lQLiNAiRQ3vFquGvzfH0 +9LbiQ/aN/y16JhP4mb53kpC5hl+TLMZhN1YPKhvtrWj8Fqrvtj4+PJe2juJy78xH +mkzmVeq3gWC/18QjqAZuAg+FK3CMCj38XL4hRugzD90Y062L0LZq +-----END CERTIFICATE----- + +=========================================== +Certificate1: d6c3fc493bacd1df8a1ba30f4ae26254b2a4528e4876081eacc6a16a090aa36a +=========================================== +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1372455166 (0x51ce00fe) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) + Validity + Not Before: Oct 10 15:23:17 2014 GMT + Not After : Oct 11 06:22:47 2024 GMT + Subject: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:da:3f:96:d0:4d:b9:2f:44:e7:db:39:5e:9b:50: + ee:5c:a5:61:da:41:67:53:09:aa:00:9a:8e:57:7f: + 29:6b:db:c7:e1:21:24:aa:3a:d0:8d:47:23:d2:ed: + 72:16:f0:91:21:d2:5d:b7:b8:4b:a8:83:8f:b7:91: + 32:68:cf:ce:25:93:2c:b2:7d:97:c8:fe:c1:b4:17: + ba:09:9e:03:90:93:7b:7c:49:83:22:68:8a:9b:de: + 47:c3:31:98:7a:2e:7d:40:0b:d2:ef:3e:d3:b2:8c: + aa:8f:48:a9:ff:00:e8:29:58:06:f7:b6:93:5a:94: + 73:26:26:ad:58:0e:e5:42:b8:d5:ea:73:79:64:68: + 53:25:b8:84:cf:94:7a:ae:06:45:0c:a3:6b:4d:d0: + c6:be:ea:18:a4:36:f0:92:b2:ba:1c:88:8f:3a:52: + 7f:f7:5e:6d:83:1c:9d:f0:1f:e5:c3:d6:dd:a5:78: + 92:3d:b0:6d:2c:ea:c9:cf:94:41:19:71:44:68:ba: + 47:3c:04:e9:5d:ba:3e:f0:35:f7:15:b6:9e:f2:2e: + 15:1e:3f:47:c8:c8:38:a7:73:45:5d:4d:b0:3b:b1: + 8e:17:29:37:ea:dd:05:01:22:bb:94:36:2a:8d:5b: + 35:fe:53:19:2f:08:46:c1:2a:b3:1a:62:1d:4e:2b: + d9:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + Authority Information Access: + OCSP - URI:http://ocsp.entrust.net + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.entrust.net/2048ca.crl + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.entrust.net/rpa + + X509v3 Subject Key Identifier: + 82:A2:70:74:DD:BC:53:3F:CF:7B:D4:F7:CD:7F:A7:60:C6:0A:4C:BF + X509v3 Authority Key Identifier: + keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 + + Signature Algorithm: sha256WithRSAEncryption + 58:42:71:c1:3e:29:16:6e:75:58:77:b5:65:4d:9e:29:f5:ae: + 0b:1c:18:f9:a3:08:43:75:ef:7d:6d:f1:92:ea:fe:ce:68:5c: + e2:1f:be:a5:af:1a:4c:aa:83:3b:5f:a2:47:46:f7:7c:9e:c1: + 83:c4:7a:24:b0:e9:cc:e9:a2:9a:07:09:e8:1e:1d:77:56:49: + fc:53:73:a8:47:cc:c9:2d:5a:60:34:a7:1a:0b:e5:2b:b8:df: + ef:82:4a:dd:70:5e:10:18:08:3b:5d:dc:8a:84:3d:68:d8:00: + b4:c4:9e:43:78:4b:5e:f0:62:6a:8c:90:66:53:8a:ac:c5:7d: + 58:ff:4e:a9:ad:d7:a4:ca:12:47:29:e5:f3:22:21:40:32:60: + da:3a:fe:92:54:1e:43:a1:0d:a9:52:37:60:bf:87:c4:a1:c7: + 78:d5:87:1e:e5:77:e3:5f:5b:dc:71:6d:ba:44:87:31:05:80: + 58:0b:c5:de:74:28:81:83:08:84:d0:c8:46:5a:fe:8a:c6:bd: + a9:0e:3b:64:78:6d:26:dc:3c:4c:f7:81:5c:3c:11:7f:25:3a: + 93:62:a5:a3:91:05:25:23:73:b4:cd:ce:cc:39:a4:03:78:30: + 66:46:5e:a9:75:b0:b4:67:03:a9:b1:9f:57:f0:d3:76:cf:e1: + 93:e8:80:a2 + +-----BEGIN CERTIFICATE----- +MIIE/jCCA+agAwIBAgIEUc4A/jANBgkqhkiG9w0BAQsFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0xNDEwMTAxNTIzMTdaFw0yNDEw +MTEwNjIyNDdaMIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j +LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG +A1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz +ZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gTDFLMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2j+W0E25L0Tn +2zlem1DuXKVh2kFnUwmqAJqOV38pa9vH4SEkqjrQjUcj0u1yFvCRIdJdt7hLqIOP +t5EyaM/OJZMssn2XyP7BtBe6CZ4DkJN7fEmDImiKm95HwzGYei59QAvS7z7Tsoyq +j0ip/wDoKVgG97aTWpRzJiatWA7lQrjV6nN5ZGhTJbiEz5R6rgZFDKNrTdDGvuoY +pDbwkrK6HIiPOlJ/915tgxyd8B/lw9bdpXiSPbBtLOrJz5RBGXFEaLpHPATpXbo+ +8DX3Fbae8i4VHj9HyMg4p3NFXU2wO7GOFyk36t0FASK7lDYqjVs1/lMZLwhGwSqz +GmIdTivZGwIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI +MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz +cC5lbnRydXN0Lm5ldDAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmVudHJ1 +c3QubmV0LzIwNDhjYS5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUH +AgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxT +P8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAN +BgkqhkiG9w0BAQsFAAOCAQEAWEJxwT4pFm51WHe1ZU2eKfWuCxwY+aMIQ3XvfW3x +kur+zmhc4h++pa8aTKqDO1+iR0b3fJ7Bg8R6JLDpzOmimgcJ6B4dd1ZJ/FNzqEfM +yS1aYDSnGgvlK7jf74JK3XBeEBgIO13cioQ9aNgAtMSeQ3hLXvBiaoyQZlOKrMV9 +WP9Oqa3XpMoSRynl8yIhQDJg2jr+klQeQ6ENqVI3YL+HxKHHeNWHHuV3419b3HFt +ukSHMQWAWAvF3nQogYMIhNDIRlr+isa9qQ47ZHhtJtw8TPeBXDwRfyU6k2Klo5EF +JSNztM3OzDmkA3gwZkZeqXWwtGcDqbGfV/DTds/hk+iAog== +-----END CERTIFICATE----- + diff --git a/pki/testdata/ssl/certificates/treadclimber.sctlist b/pki/testdata/ssl/certificates/treadclimber.sctlist new file mode 100644 index 0000000000000000000000000000000000000000..268a0ace51f69c7bcb15a5f6129e3858bfe1b9ce GIT binary patch literal 484 zcmZR4#8A$#NsjeQ_oB013V!WrKecyusVbyr-}+VXe3NIe?)&ZuaSRNM87Hlx#2FY^ zm>E0_+?W&@{&C2BbkvDVv32hC$@)H#?U1#Spmf_UBcs#Hmr6UVwFN3!aeu8!;pOZ5 zvy&$Y%y)3uDYfXWtW%0oRT%dLH%g@p_=e z2cNUw-f+BKrFvpW^|!w#O)ED_t>n-tmykX3uXb*CyA4AbL)`M>pZCKKJl|^OQG3Dj zfl<}OSv)NZg@jrpN~bjzx<)`Oju8c0>~7!+G_}cWPyNhwu}k+&_3~YIG1T!u^OgYD zM@3IJwEo-Ty;z=|Ng=l0?9qq6udbWdPI{)?CDE_-wdlxVp45=f_ctq=l}v~N+WTSZ zlE_aC7n>XeboD29^sV*&C+q%r=EDmn%Qmc7)wih_8q&6KdllU8FxVApWlx)#l(FT^ znn`aK2r2c6eVk*g`1#K<)4sMxK$k6@eQsjh3jSh+qFp{0H(glEIF*0a|6Tvs@)Bon Jxvlp_699?k(24*6 literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/unescaped.pem b/pki/testdata/ssl/certificates/unescaped.pem new file mode 100644 index 0000000000..33dbb40ef0 --- /dev/null +++ b/pki/testdata/ssl/certificates/unescaped.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ed:cd:27:0f:4c:ca:cc:fc + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=127.0.0.1, L=Mountain View, ST=California/streetAddress=1600 Amphitheatre Parkway, C=US, O=Chromium = "net_unittests", OU=net_unittests, OU=Chromium + Validity + Not Before: Dec 2 03:56:43 2011 GMT + Not After : Jan 1 03:56:43 2012 GMT + Subject: CN=127.0.0.1, L=Mountain View, ST=California/streetAddress=1600 Amphitheatre Parkway, C=US, O=Chromium = "net_unittests", OU=net_unittests, OU=Chromium + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ac:25:6c:de:22:4f:be:77:07:3a:6c:f9:5f:e6: + 0a:ce:69:f7:ca:c5:b8:08:2b:b8:b0:04:12:55:fe: + 65:4c:c2:aa:b9:3d:b2:87:f5:59:c3:72:ac:a9:d4: + 1e:0b:ec:7f:2e:df:4c:ad:e7:cc:52:93:b4:ed:0a: + 99:40:7e:6a:35:c3:b0:8b:93:c7:e5:97:54:b9:7f: + 68:26:04:17:a6:b4:50:9e:d6:d7:6b:19:a1:ce:0b: + 5e:73:80:a6:b9:ef:5d:34:8e:6f:f7:8c:de:cf:78: + cd:16:93:30:23:c3:5c:8c:9f:78:ce:18:c6:0f:e1: + 32:76:8a:c4:c4:54:30:56:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 38:85:CF:3E:10:D5:47:FC:08:81:FA:85:7F:84:7A:2F:3D:69:2B:A6 + X509v3 Authority Key Identifier: + keyid:38:85:CF:3E:10:D5:47:FC:08:81:FA:85:7F:84:7A:2F:3D:69:2B:A6 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 32:0a:90:29:b1:9f:c0:c7:55:da:37:8f:5b:b8:09:a0:97:65: + 15:3a:79:d1:3e:24:f4:44:ad:3f:eb:84:b4:ae:e3:7a:ba:43: + 8c:d4:df:ef:ca:46:c5:99:c4:99:b5:ae:7e:2c:a9:85:05:d0: + 8f:07:d2:ee:9e:72:b0:e0:87:51:5c:e8:f4:5a:a1:44:25:a5: + 47:6a:67:b3:79:2e:66:7d:93:7d:f7:cf:31:13:c1:fc:af:62: + c6:ec:22:14:50:7f:d2:38:ff:5d:11:d5:58:c8:5e:43:08:bb: + ca:9c:45:78:f4:28:08:cc:98:75:1d:4c:d2:43:a5:34:f0:86: + 56:37 +-----BEGIN CERTIFICATE----- +MIIDVDCCAr2gAwIBAgIJAO3NJw9Mysz8MA0GCSqGSIb3DQEBBQUAMIHCMRIwEAYD +VQQDDAkxMjcuMC4wLjExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAgM +CkNhbGlmb3JuaWExIjAgBgNVBAkMGTE2MDAgQW1waGl0aGVhdHJlIFBhcmt3YXkx +CzAJBgNVBAYTAlVTMSMwIQYDVQQKDBpDaHJvbWl1bSA9ICJuZXRfdW5pdHRlc3Rz +IjEWMBQGA1UECwwNbmV0X3VuaXR0ZXN0czERMA8GA1UECwwIQ2hyb21pdW0wHhcN +MTExMjAyMDM1NjQzWhcNMTIwMTAxMDM1NjQzWjCBwjESMBAGA1UEAwwJMTI3LjAu +MC4xMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQIDApDYWxpZm9ybmlh +MSIwIAYDVQQJDBkxNjAwIEFtcGhpdGhlYXRyZSBQYXJrd2F5MQswCQYDVQQGEwJV +UzEjMCEGA1UECgwaQ2hyb21pdW0gPSAibmV0X3VuaXR0ZXN0cyIxFjAUBgNVBAsM +DW5ldF91bml0dGVzdHMxETAPBgNVBAsMCENocm9taXVtMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCsJWzeIk++dwc6bPlf5grOaffKxbgIK7iwBBJV/mVMwqq5 +PbKH9VnDcqyp1B4L7H8u30yt58xSk7TtCplAfmo1w7CLk8fll1S5f2gmBBemtFCe +1tdrGaHOC15zgKa57100jm/3jN7PeM0WkzAjw1yMn3jOGMYP4TJ2isTEVDBWOQID +AQABo1AwTjAdBgNVHQ4EFgQUOIXPPhDVR/wIgfqFf4R6Lz1pK6YwHwYDVR0jBBgw +FoAUOIXPPhDVR/wIgfqFf4R6Lz1pK6YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOBgQAyCpApsZ/Ax1XaN49buAmgl2UVOnnRPiT0RK0/64S0ruN6ukOM1N/v +ykbFmcSZta5+LKmFBdCPB9LunnKw4IdRXOj0WqFEJaVHamezeS5mfZN9988xE8H8 +r2LG7CIUUH/SOP9dEdVYyF5DCLvKnEV49CgIzJh1HUzSQ6U08IZWNw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/unittest.key.bin b/pki/testdata/ssl/certificates/unittest.key.bin new file mode 100644 index 0000000000000000000000000000000000000000..2ec712b3f1776a24343801e66db1b008efd6bb2e GIT binary patch literal 635 zcmV->0)+iAf&zB}0RS)!1_>&LNQUpVK9OMT>=3B0)c@5)T}d3M+NYa z?7Gw&TWbVtz=;YI&3<{9WgzNI$fmMV7`Uh&YG?>FGTjb;w6I-(KQ>JO4>ubl=;v-< zGS&o|9NqUL^N#hg1i%|h+0UXEMt!u7B12hJ*t9mPCA^*YP}@<|6}KmnP4&D_FgG}N zbA9$k1#`ZRXU{5Ck*SM;0s{d60Rn-5CEXIWSqH(e`AE6~wBPi_xACqGpoC}nt>=z&D!2e>$cIkymhWz zPTjhXL9Xp~=%PykK>*oUoZD5r43^CnEef^FtHvUS9qWXUG`c>xiSG6L5i30H#+Nw> zSF^55o4TWH`{jD%Z*JDReM&xy)nrEJ3F87m0GzPomHbPw3^mRg{Wi*K-ma|qf)eTd zvRes3>jk?Kn3aQEY?)o#-Yt@tT|;_s0;0c*k%abSW`(33t2Z5R9|AyEWV$W4o0YUp zV$E5xAWJc@P=rTcR$SdiyA3;d%`0jrWwfNZ+IQJl3@+j=G<8)V#Tm(mu6zQHgUgyW zs88VnK>&#ZwQ~?;R(43_%=Mm(`Bll5cJwQc+4k!~NiXVAUN`poFeRh+Zo!9zfuy@i VW<1wNXPx^ODUjCXsik7k3RtRaE`|UA literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/unittest.selfsigned.der b/pki/testdata/ssl/certificates/unittest.selfsigned.der new file mode 100644 index 0000000000000000000000000000000000000000..48c8d743b0a94a2278bae5492eb50741f8c13ad1 GIT binary patch literal 414 zcmXqLVw`2r#K^pWnTe5!iILHOmyJ`a&7D}#Zsp`Zaj8*?ZNvoJ?#US>&2 zYH^8yoH(zcfuWI+v4N41rHMrplxqUzV%O9-AK7e1RtDzAUIv54PNv32hAV4~{oGkU zOnkHJiga`~OU{8#F5$Cvl`~QmUiq9@wkb$r#|pWu3=R{cyL|OqHpDjAoB1;En@cOd zc%Bz;bd6<}%-!$GpZmUUWH})1ee?VxakttneM-)eAvd;|ty0}H_j|zYz$>EL)hGFW z-Q#ayZc$!b`^}BDcwb-od9BciE4v$+m>C(+z0M4Dm-NnU4Vw$rZPxlRv-+v>6W73i zGt8%Xn3y+4mFAtC#V~dInh9T9A52;nH_caS;iZ|IpHGUY-gMlNE9_ZuMn}iZ{pYpH zkA-v}*ga+a*;{iyWflnQ$*^{biWT}PoH_fws&=QNVDc%`8lefoNe|urzW==VMzx)b R@}B6x^FOon_v*Rc0|5GOomc<> literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/verisign_intermediate_ca_2011.pem b/pki/testdata/ssl/certificates/verisign_intermediate_ca_2011.pem new file mode 100644 index 0000000000..27dc85bd8a --- /dev/null +++ b/pki/testdata/ssl/certificates/verisign_intermediate_ca_2011.pem @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 25:4b:8a:85:38:42:cc:e3:58:f8:c5:dd:ae:22:6e:a4 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority + Validity + Not Before: Apr 17 00:00:00 1997 GMT + Not After : Oct 24 23:59:59 2011 GMT + Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d8:82:80:e8:d6:19:02:7d:1f:85:18:39:25:a2: + 65:2b:e1:bf:d4:05:d3:bc:e6:36:3b:aa:f0:4c:6c: + 5b:b6:e7:aa:3c:73:45:55:b2:f1:bd:ea:97:42:ed: + 9a:34:0a:15:d4:a9:5c:f5:40:25:dd:d9:07:c1:32: + b2:75:6c:c4:ca:bb:a3:fe:56:27:71:43:aa:63:f5: + 30:3e:93:28:e5:fa:f1:09:3b:f3:b7:4d:4e:39:f7: + 5c:49:5a:b8:c1:1d:d3:b2:8a:fe:70:30:95:42:cb: + fe:2b:51:8b:5a:3c:3a:f9:22:4f:90:b2:02:a7:53: + 9c:4f:34:e7:ab:04:b2:7b:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.16.840.1.113733.1.7.1.1 + CPS: https://www.verisign.com/CPS + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1 + X509v3 Key Usage: + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA + X509v3 CRL Distribution Points: + URI:http://crl.verisign.com/pca3.crl + + Signature Algorithm: sha1WithRSAEncryption + 08:01:ec:e4:68:94:03:42:f1:73:f1:23:a2:3a:de:e9:f1:da: + c6:54:c4:23:3e:86:ea:cf:6a:3a:33:ab:ea:9c:04:14:07:36: + 06:0b:f9:88:6f:d5:13:ee:29:2b:c3:e4:72:8d:44:ed:d1:ac: + 20:09:2d:e1:f6:e1:19:05:38:b0:3d:0f:9f:7f:f8:9e:02:dc: + 86:02:86:61:4e:26:5f:5e:9f:92:1e:0c:24:a4:f5:d0:70:13: + cf:26:c3:43:3d:49:1d:9e:82:2e:52:5f:bc:3e:c6:66:29:01: + 8e:4e:92:2c:bc:46:75:03:82:ac:73:e9:d9:7e:0b:67:ef:54: + 52:1a +-----BEGIN CERTIFICATE----- +MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT +LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw +HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx +BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg +MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g +TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx +veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O +OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB +4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw +KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV +HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI +ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk +oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB +BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv +1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw +E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/verisign_intermediate_ca_2016.pem b/pki/testdata/ssl/certificates/verisign_intermediate_ca_2016.pem new file mode 100644 index 0000000000..195133e798 --- /dev/null +++ b/pki/testdata/ssl/certificates/verisign_intermediate_ca_2016.pem @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:fc:eb:ba:b4:d0:2f:0f:92:60:98:23:3f:93:07:8f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority + Validity + Not Before: Apr 17 00:00:00 1997 GMT + Not After : Oct 24 23:59:59 2016 GMT + Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d8:82:80:e8:d6:19:02:7d:1f:85:18:39:25:a2: + 65:2b:e1:bf:d4:05:d3:bc:e6:36:3b:aa:f0:4c:6c: + 5b:b6:e7:aa:3c:73:45:55:b2:f1:bd:ea:97:42:ed: + 9a:34:0a:15:d4:a9:5c:f5:40:25:dd:d9:07:c1:32: + b2:75:6c:c4:ca:bb:a3:fe:56:27:71:43:aa:63:f5: + 30:3e:93:28:e5:fa:f1:09:3b:f3:b7:4d:4e:39:f7: + 5c:49:5a:b8:c1:1d:d3:b2:8a:fe:70:30:95:42:cb: + fe:2b:51:8b:5a:3c:3a:f9:22:4f:90:b2:02:a7:53: + 9c:4f:34:e7:ab:04:b2:7b:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.16.840.1.113733.1.7.1.1 + CPS: https://www.verisign.com/CPS + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1 + X509v3 Key Usage: + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA + X509v3 CRL Distribution Points: + URI:http://crl.verisign.com/pca3.crl + + Signature Algorithm: sha1WithRSAEncryption + 40:8e:49:97:96:8a:73:dd:8e:4d:ef:3e:61:b7:ca:a0:62:ad: + f4:0e:0a:bb:75:3d:e2:6e:d8:2c:c7:bf:f4:b9:8c:36:9b:ca: + a2:d0:9c:72:46:39:f6:a6:82:03:65:11:c4:bc:bf:2d:a6:f5: + d9:3b:0a:b5:98:fa:b3:78:b9:1e:f2:2b:4c:62:d5:fd:b2:7a: + 1d:df:33:fd:73:f9:a5:d8:2d:8c:2a:ea:d1:fc:b0:28:b6:e9: + 49:48:13:4b:83:8a:1b:48:7b:24:f7:38:de:6f:41:54:b8:ab: + 57:6b:06:df:c7:a2:d4:a9:f6:f1:36:62:80:88:f2:8b:75:d6: + 80:71 +-----BEGIN CERTIFICATE----- +MIIDgzCCAuygAwIBAgIQRvzrurTQLw+SYJgjP5MHjzANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT +LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw +HhcNOTcwNDE3MDAwMDAwWhcNMTYxMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx +BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg +MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g +TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx +veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O +OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB +4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw +KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV +HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI +ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk +oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB +BQUAA4GBAECOSZeWinPdjk3vPmG3yqBirfQOCrt1PeJu2CzHv/S5jDabyqLQnHJG +OfamggNlEcS8vy2m9dk7CrWY+rN4uR7yK0xi1f2yeh3fM/1z+aXYLYwq6tH8sCi2 +6UlIE0uDihtIeyT3ON5vQVS4q1drBt/HotSp9vE2YoCI8ot11oBx +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md2_ee.pem b/pki/testdata/ssl/certificates/weak_digest_md2_ee.pem new file mode 100644 index 0000000000..6475ccc80b --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md2_ee.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: md2WithRSAEncryption + Issuer: CN=Test Deprecated Digest Intermediate CA + Validity + Not Before: Oct 26 03:46:49 2011 GMT + Not After : Oct 23 03:46:49 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c7:48:eb:5c:00:17:94:01:09:d3:bd:47:41:38: + 74:b8:4f:cb:ea:f1:15:eb:cb:e7:b5:6c:bd:fe:d9: + 97:6d:1e:1b:ee:75:9e:c1:6f:4a:5c:8c:d7:19:cf: + 51:89:48:e8:7d:79:41:ab:e3:a7:77:d1:de:f2:13: + be:36:e7:44:c2:10:dd:56:83:03:f1:cd:e1:13:8d: + fe:45:d6:1a:98:d8:8d:08:b9:32:10:36:0d:ec:ee: + 2d:66:22:eb:6a:0d:0e:f4:15:91:dd:9d:3e:92:db: + 9e:26:c8:af:4b:b7:fb:93:f8:68:07:c3:53:02:57: + dc:d0:de:df:29:72:45:6f:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 35:5C:C8:0F:21:D0:A2:F5:69:44:5C:9E:B0:DC:0F:75:74:24:7A:FD + X509v3 Authority Key Identifier: + keyid:A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: md2WithRSAEncryption + 87:d2:29:b3:6b:ba:36:99:ac:56:47:d8:7d:63:9e:74:a2:b5: + 42:5e:2b:96:08:f8:ab:e2:ce:ea:99:21:47:25:2c:55:f2:db: + 9d:d7:ed:d9:68:ba:09:90:b1:43:64:be:af:ef:9a:b4:10:86: + 99:85:7f:68:fe:aa:fd:d4:6a:f1:68:e9:8f:61:d8:46:21:e4: + 17:4c:89:db:82:37:36:8d:7f:93:4a:63:b1:da:ba:6b:19:ad: + 34:8b:f8:11:c3:25:14:2a:4e:7b:75:6b:03:79:c1:e5:1a:5b: + ff:b4:91:47:4f:48:91:68:33:c7:3e:a5:95:45:81:2b:0d:35: + 42:c4 +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBBDANBgkqhkiG9w0BAQIFADAxMS8wLQYDVQQDDCZUZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IEludGVybWVkaWF0ZSBDQTAeFw0xMTEwMjYwMzQ2 +NDlaFw0yMTEwMjMwMzQ2NDlaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp +Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENB +MRIwEAYDVQQDDAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMdI61wAF5QBCdO9R0E4dLhPy+rxFevL57Vsvf7Zl20eG+51nsFvSlyM1xnPUYlI +6H15Qavjp3fR3vITvjbnRMIQ3VaDA/HN4RON/kXWGpjYjQi5MhA2DezuLWYi62oN +DvQVkd2dPpLbnibIr0u3+5P4aAfDUwJX3NDe3ylyRW/jAgMBAAGjgYAwfjAMBgNV +HRMBAf8EAjAAMB0GA1UdDgQWBBQ1XMgPIdCi9WlEXJ6w3A91dCR6/TAfBgNVHSME +GDAWgBSoHQaNrT8lUQDwO+k1xmV0ElEgGTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQIFAAOBgQCH0imz +a7o2maxWR9h9Y550orVCXiuWCPir4s7qmSFHJSxV8tud1+3ZaLoJkLFDZL6v75q0 +EIaZhX9o/qr91GrxaOmPYdhGIeQXTInbgjc2jX+TSmOx2rprGa00i/gRwyUUKk57 +dWsDecHlGlv/tJFHT0iRaDPHPqWVRYErDTVCxA== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md2_intermediate.pem b/pki/testdata/ssl/certificates/weak_digest_md2_intermediate.pem new file mode 100644 index 0000000000..2f2765d02c --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md2_intermediate.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: md2WithRSAEncryption + Issuer: CN=Test Deprecated Digest Root CA + Validity + Not Before: Oct 26 03:46:49 2011 GMT + Not After : Oct 23 03:46:49 2021 GMT + Subject: CN=Test Deprecated Digest Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ac:9b:c0:4b:fc:59:45:7a:d6:3f:a3:89:23:30: + 5b:70:ad:ab:78:62:4b:53:85:9f:f9:7d:7f:c1:26: + 08:23:80:61:0c:ba:6d:36:06:14:df:29:d4:9c:63: + 94:04:ee:14:b6:b9:81:06:2f:33:d8:35:9a:1a:89: + 17:ad:21:61:fa:24:75:b9:0c:ef:c1:15:6a:02:bd: + b2:a5:29:df:d8:5f:80:7c:4e:c9:c1:b4:bb:fd:78: + 44:63:34:b5:a5:51:aa:e9:23:77:44:53:f9:fa:58: + f6:46:6e:9d:d2:cd:00:a3:28:fe:51:e4:30:7e:49: + 62:d4:53:b0:d8:9c:34:47:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + X509v3 Authority Key Identifier: + keyid:79:82:C5:B4:EB:60:12:4B:B5:87:79:1B:E2:3A:9C:17:76:81:CB:43 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: md2WithRSAEncryption + 95:17:b3:5f:81:5b:9e:d6:e9:de:67:0e:a7:01:2f:b7:f8:db: + 13:25:6b:a3:15:2d:53:08:c6:20:65:9d:8f:e9:9e:e4:bc:87: + 78:59:f6:1f:f4:0e:85:c7:a8:c6:c8:6d:65:7e:b9:f4:73:9b: + 9f:70:2b:b2:0d:03:06:c5:52:5f:59:87:b5:2b:d0:5c:0d:ee: + 8f:40:cd:eb:95:f2:0e:f4:51:a8:e8:76:17:82:71:1a:d1:ea: + 99:54:e4:b7:75:27:54:76:36:6f:c0:4d:5d:fa:bb:98:08:1e: + d4:95:d1:9a:c7:35:83:d5:a1:79:2a:1f:78:b4:2b:de:17:93: + 0c:1b +-----BEGIN CERTIFICATE----- +MIICMzCCAZygAwIBAgIBBDANBgkqhkiG9w0BAQIFADApMScwJQYDVQQDDB5UZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IFJvb3QgQ0EwHhcNMTExMDI2MDM0NjQ5WhcNMjEx +MDIzMDM0NjQ5WjAxMS8wLQYDVQQDDCZUZXN0IERlcHJlY2F0ZWQgRGlnZXN0IElu +dGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJvAS/xZ +RXrWP6OJIzBbcK2reGJLU4Wf+X1/wSYII4BhDLptNgYU3ynUnGOUBO4UtrmBBi8z +2DWaGokXrSFh+iR1uQzvwRVqAr2ypSnf2F+AfE7JwbS7/XhEYzS1pVGq6SN3RFP5 ++lj2Rm6d0s0Aoyj+UeQwfkli1FOw2Jw0RwcCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUqB0Gja0/JVEA8DvpNcZldBJRIBkwHwYDVR0jBBgwFoAU +eYLFtOtgEku1h3kb4jqcF3aBy0MwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +AgUAA4GBAJUXs1+BW57W6d5nDqcBL7f42xMla6MVLVMIxiBlnY/pnuS8h3hZ9h/0 +DoXHqMbIbWV+ufRzm59wK7INAwbFUl9Zh7Ur0FwN7o9AzeuV8g70UajodheCcRrR +6plU5Ld1J1R2Nm/ATV36u5gIHtSV0ZrHNYPVoXkqH3i0K94Xkwwb +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md2_root.pem b/pki/testdata/ssl/certificates/weak_digest_md2_root.pem new file mode 100644 index 0000000000..140174d032 --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md2_root.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICEjCCAXugAwIBAgIJAMq0TW/f2gFbMA0GCSqGSIb3DQEBAgUAMCkxJzAlBgNV +BAMMHlRlc3QgRGVwcmVjYXRlZCBEaWdlc3QgUm9vdCBDQTAeFw0xMTEwMjYwMzQ2 +NDlaFw0yMTEwMjMwMzQ2NDlaMCkxJzAlBgNVBAMMHlRlc3QgRGVwcmVjYXRlZCBE +aWdlc3QgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFtzW+hj +BwMylx+rrgeKjltrzYabuJDdTDTYr1lViwO39m6CtHYdcFvZ1nU9oDjW4Lb1NQYv +HoR8+SD0X1R2Y0yF6AyS9NX5E9TQ8TJUSQEehfznbBovMkRaQQMRD6ksRIQr+s00 +P6n0lAYJyN32lmTCbJ+k1aGHPFtKhTNQF/cCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHmCxbTrYBJLtYd5G+I6nBd2 +gctDMA0GCSqGSIb3DQEBAgUAA4GBABnPJVnXJXtImcjcBj31JelbPkLgt8HHjxa+ +LOMNZKIc9d6KWdjMoTNz7Y9dAKiLAJmPp9QAKU4cu0voWRK27O8CjR9Ng7SpfuZ7 +bQ4P22TlcVViAq56+bz/DFRabwBAZtndoawyn04r4Lo/3n/nEONeVTIqsixjN5Au +0snKiMJj +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md4_ee.pem b/pki/testdata/ssl/certificates/weak_digest_md4_ee.pem new file mode 100644 index 0000000000..6ea4b257d5 --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md4_ee.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: md4WithRSAEncryption + Issuer: CN=Test Deprecated Digest Intermediate CA + Validity + Not Before: Oct 26 03:46:49 2011 GMT + Not After : Oct 23 03:46:49 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c7:48:eb:5c:00:17:94:01:09:d3:bd:47:41:38: + 74:b8:4f:cb:ea:f1:15:eb:cb:e7:b5:6c:bd:fe:d9: + 97:6d:1e:1b:ee:75:9e:c1:6f:4a:5c:8c:d7:19:cf: + 51:89:48:e8:7d:79:41:ab:e3:a7:77:d1:de:f2:13: + be:36:e7:44:c2:10:dd:56:83:03:f1:cd:e1:13:8d: + fe:45:d6:1a:98:d8:8d:08:b9:32:10:36:0d:ec:ee: + 2d:66:22:eb:6a:0d:0e:f4:15:91:dd:9d:3e:92:db: + 9e:26:c8:af:4b:b7:fb:93:f8:68:07:c3:53:02:57: + dc:d0:de:df:29:72:45:6f:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 35:5C:C8:0F:21:D0:A2:F5:69:44:5C:9E:B0:DC:0F:75:74:24:7A:FD + X509v3 Authority Key Identifier: + keyid:A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: md4WithRSAEncryption + a5:f6:ae:83:a1:44:5a:dd:c4:91:a2:d6:88:d8:c6:d1:e5:6d: + c8:71:7a:43:3e:e2:ce:42:a4:7d:94:16:5d:0a:df:33:e3:ea: + c9:22:e3:52:9d:f7:72:3e:24:d5:78:38:67:9f:2d:46:cb:73: + c5:1f:eb:4b:02:5c:25:41:e0:c5:07:03:4c:4c:55:87:db:32: + d0:2e:3e:aa:d4:a6:69:75:12:75:2e:b6:98:24:0e:18:c4:1c: + 60:aa:c5:19:c1:1c:ad:ba:f4:c8:c0:55:2b:61:7d:a4:f4:c6: + 73:0d:61:7e:04:42:e2:69:8d:9c:9d:83:22:e4:cc:cc:3f:b5: + 2a:6d +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBAzANBgkqhkiG9w0BAQMFADAxMS8wLQYDVQQDDCZUZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IEludGVybWVkaWF0ZSBDQTAeFw0xMTEwMjYwMzQ2 +NDlaFw0yMTEwMjMwMzQ2NDlaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp +Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENB +MRIwEAYDVQQDDAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMdI61wAF5QBCdO9R0E4dLhPy+rxFevL57Vsvf7Zl20eG+51nsFvSlyM1xnPUYlI +6H15Qavjp3fR3vITvjbnRMIQ3VaDA/HN4RON/kXWGpjYjQi5MhA2DezuLWYi62oN +DvQVkd2dPpLbnibIr0u3+5P4aAfDUwJX3NDe3ylyRW/jAgMBAAGjgYAwfjAMBgNV +HRMBAf8EAjAAMB0GA1UdDgQWBBQ1XMgPIdCi9WlEXJ6w3A91dCR6/TAfBgNVHSME +GDAWgBSoHQaNrT8lUQDwO+k1xmV0ElEgGTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQMFAAOBgQCl9q6D +oURa3cSRotaI2MbR5W3IcXpDPuLOQqR9lBZdCt8z4+rJIuNSnfdyPiTVeDhnny1G +y3PFH+tLAlwlQeDFBwNMTFWH2zLQLj6q1KZpdRJ1LraYJA4YxBxgqsUZwRytuvTI +wFUrYX2k9MZzDWF+BELiaY2cnYMi5MzMP7UqbQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md4_intermediate.pem b/pki/testdata/ssl/certificates/weak_digest_md4_intermediate.pem new file mode 100644 index 0000000000..2ba01dd82c --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md4_intermediate.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: md4WithRSAEncryption + Issuer: CN=Test Deprecated Digest Root CA + Validity + Not Before: Oct 26 03:46:49 2011 GMT + Not After : Oct 23 03:46:49 2021 GMT + Subject: CN=Test Deprecated Digest Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ac:9b:c0:4b:fc:59:45:7a:d6:3f:a3:89:23:30: + 5b:70:ad:ab:78:62:4b:53:85:9f:f9:7d:7f:c1:26: + 08:23:80:61:0c:ba:6d:36:06:14:df:29:d4:9c:63: + 94:04:ee:14:b6:b9:81:06:2f:33:d8:35:9a:1a:89: + 17:ad:21:61:fa:24:75:b9:0c:ef:c1:15:6a:02:bd: + b2:a5:29:df:d8:5f:80:7c:4e:c9:c1:b4:bb:fd:78: + 44:63:34:b5:a5:51:aa:e9:23:77:44:53:f9:fa:58: + f6:46:6e:9d:d2:cd:00:a3:28:fe:51:e4:30:7e:49: + 62:d4:53:b0:d8:9c:34:47:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + X509v3 Authority Key Identifier: + keyid:79:82:C5:B4:EB:60:12:4B:B5:87:79:1B:E2:3A:9C:17:76:81:CB:43 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: md4WithRSAEncryption + 7e:ca:14:3d:14:04:f4:a4:1a:cf:b5:c6:c7:c2:d3:e7:68:08: + 55:1f:fa:93:28:fa:34:aa:97:29:f7:31:6f:30:a4:25:bd:c5: + fe:28:3d:a9:92:b0:4f:ca:24:3f:7b:1a:16:2e:0d:08:73:8e: + ca:9f:50:da:e9:64:4f:bd:31:c4:72:89:98:8d:55:55:57:96: + 6a:e0:5e:00:12:07:8b:3a:30:06:9a:47:a5:94:39:74:a0:f7: + e1:00:48:2a:90:08:84:80:e3:6b:83:91:c6:74:d8:d9:c2:72: + c7:b9:6e:33:7f:38:46:c1:26:14:5c:1b:85:a3:aa:bb:72:a0: + 84:b2 +-----BEGIN CERTIFICATE----- +MIICMzCCAZygAwIBAgIBAzANBgkqhkiG9w0BAQMFADApMScwJQYDVQQDDB5UZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IFJvb3QgQ0EwHhcNMTExMDI2MDM0NjQ5WhcNMjEx +MDIzMDM0NjQ5WjAxMS8wLQYDVQQDDCZUZXN0IERlcHJlY2F0ZWQgRGlnZXN0IElu +dGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJvAS/xZ +RXrWP6OJIzBbcK2reGJLU4Wf+X1/wSYII4BhDLptNgYU3ynUnGOUBO4UtrmBBi8z +2DWaGokXrSFh+iR1uQzvwRVqAr2ypSnf2F+AfE7JwbS7/XhEYzS1pVGq6SN3RFP5 ++lj2Rm6d0s0Aoyj+UeQwfkli1FOw2Jw0RwcCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUqB0Gja0/JVEA8DvpNcZldBJRIBkwHwYDVR0jBBgwFoAU +eYLFtOtgEku1h3kb4jqcF3aBy0MwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +AwUAA4GBAH7KFD0UBPSkGs+1xsfC0+doCFUf+pMo+jSqlyn3MW8wpCW9xf4oPamS +sE/KJD97GhYuDQhzjsqfUNrpZE+9McRyiZiNVVVXlmrgXgASB4s6MAaaR6WUOXSg +9+EASCqQCISA42uDkcZ02NnCcse5bjN/OEbBJhRcG4WjqrtyoISy +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md4_root.pem b/pki/testdata/ssl/certificates/weak_digest_md4_root.pem new file mode 100644 index 0000000000..4d5fc291aa --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md4_root.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICEjCCAXugAwIBAgIJAPqB3U0Vl/N1MA0GCSqGSIb3DQEBAwUAMCkxJzAlBgNV +BAMMHlRlc3QgRGVwcmVjYXRlZCBEaWdlc3QgUm9vdCBDQTAeFw0xMTEwMjYwMzQ2 +NDlaFw0yMTEwMjMwMzQ2NDlaMCkxJzAlBgNVBAMMHlRlc3QgRGVwcmVjYXRlZCBE +aWdlc3QgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFtzW+hj +BwMylx+rrgeKjltrzYabuJDdTDTYr1lViwO39m6CtHYdcFvZ1nU9oDjW4Lb1NQYv +HoR8+SD0X1R2Y0yF6AyS9NX5E9TQ8TJUSQEehfznbBovMkRaQQMRD6ksRIQr+s00 +P6n0lAYJyN32lmTCbJ+k1aGHPFtKhTNQF/cCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHmCxbTrYBJLtYd5G+I6nBd2 +gctDMA0GCSqGSIb3DQEBAwUAA4GBAEvEn5YHixuMeYW3TpCVpyvNocToAlHiy5xt +iXVN9V31w8X7I7vcUAgqWQYtB0qngQ28akmiY+yyfYkWB3H8B0DCr0STFCbMq0c6 +Ydt5pV3lBQpHUKZFvv5moVVWPXr0f0smZI26KGalHgxdrFJnnP4bp6VhYt8G3KFA +h+nxg1RW +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md5_ee.pem b/pki/testdata/ssl/certificates/weak_digest_md5_ee.pem new file mode 100644 index 0000000000..c5a1eb4c5a --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md5_ee.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: md5WithRSAEncryption + Issuer: CN=Test Deprecated Digest Intermediate CA + Validity + Not Before: Oct 26 03:46:48 2011 GMT + Not After : Oct 23 03:46:48 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c7:48:eb:5c:00:17:94:01:09:d3:bd:47:41:38: + 74:b8:4f:cb:ea:f1:15:eb:cb:e7:b5:6c:bd:fe:d9: + 97:6d:1e:1b:ee:75:9e:c1:6f:4a:5c:8c:d7:19:cf: + 51:89:48:e8:7d:79:41:ab:e3:a7:77:d1:de:f2:13: + be:36:e7:44:c2:10:dd:56:83:03:f1:cd:e1:13:8d: + fe:45:d6:1a:98:d8:8d:08:b9:32:10:36:0d:ec:ee: + 2d:66:22:eb:6a:0d:0e:f4:15:91:dd:9d:3e:92:db: + 9e:26:c8:af:4b:b7:fb:93:f8:68:07:c3:53:02:57: + dc:d0:de:df:29:72:45:6f:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 35:5C:C8:0F:21:D0:A2:F5:69:44:5C:9E:B0:DC:0F:75:74:24:7A:FD + X509v3 Authority Key Identifier: + keyid:A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: md5WithRSAEncryption + 5c:36:ba:dd:8c:ae:4c:2d:00:32:d9:ed:4d:1d:4b:07:52:28: + 9c:16:18:3f:38:02:9d:d7:8e:16:e6:4b:2d:8c:84:cc:b1:90: + 6c:b4:42:55:56:7c:e6:ec:15:2b:90:0b:7e:89:08:15:5a:11: + 0e:5d:1b:a3:cc:81:79:1e:ea:96:82:75:d8:14:96:0f:17:a5: + cd:50:fd:50:f0:5b:7f:03:54:b3:e3:b5:66:03:c8:00:1d:61: + 36:f3:78:2d:07:82:61:0a:fd:d9:7c:8a:fe:cb:e1:09:df:fb: + b6:2f:09:7b:0b:62:d8:27:18:4e:6e:fe:92:1b:1a:2b:7d:56: + e0:87 +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAxMS8wLQYDVQQDDCZUZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IEludGVybWVkaWF0ZSBDQTAeFw0xMTEwMjYwMzQ2 +NDhaFw0yMTEwMjMwMzQ2NDhaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp +Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENB +MRIwEAYDVQQDDAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMdI61wAF5QBCdO9R0E4dLhPy+rxFevL57Vsvf7Zl20eG+51nsFvSlyM1xnPUYlI +6H15Qavjp3fR3vITvjbnRMIQ3VaDA/HN4RON/kXWGpjYjQi5MhA2DezuLWYi62oN +DvQVkd2dPpLbnibIr0u3+5P4aAfDUwJX3NDe3ylyRW/jAgMBAAGjgYAwfjAMBgNV +HRMBAf8EAjAAMB0GA1UdDgQWBBQ1XMgPIdCi9WlEXJ6w3A91dCR6/TAfBgNVHSME +GDAWgBSoHQaNrT8lUQDwO+k1xmV0ElEgGTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQQFAAOBgQBcNrrd +jK5MLQAy2e1NHUsHUiicFhg/OAKd144W5kstjITMsZBstEJVVnzm7BUrkAt+iQgV +WhEOXRujzIF5HuqWgnXYFJYPF6XNUP1Q8Ft/A1Sz47VmA8gAHWE283gtB4JhCv3Z +fIr+y+EJ3/u2Lwl7C2LYJxhObv6SGxorfVbghw== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md5_intermediate.pem b/pki/testdata/ssl/certificates/weak_digest_md5_intermediate.pem new file mode 100644 index 0000000000..6192ffe97a --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md5_intermediate.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: md5WithRSAEncryption + Issuer: CN=Test Deprecated Digest Root CA + Validity + Not Before: Oct 26 03:46:48 2011 GMT + Not After : Oct 23 03:46:48 2021 GMT + Subject: CN=Test Deprecated Digest Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ac:9b:c0:4b:fc:59:45:7a:d6:3f:a3:89:23:30: + 5b:70:ad:ab:78:62:4b:53:85:9f:f9:7d:7f:c1:26: + 08:23:80:61:0c:ba:6d:36:06:14:df:29:d4:9c:63: + 94:04:ee:14:b6:b9:81:06:2f:33:d8:35:9a:1a:89: + 17:ad:21:61:fa:24:75:b9:0c:ef:c1:15:6a:02:bd: + b2:a5:29:df:d8:5f:80:7c:4e:c9:c1:b4:bb:fd:78: + 44:63:34:b5:a5:51:aa:e9:23:77:44:53:f9:fa:58: + f6:46:6e:9d:d2:cd:00:a3:28:fe:51:e4:30:7e:49: + 62:d4:53:b0:d8:9c:34:47:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + X509v3 Authority Key Identifier: + keyid:79:82:C5:B4:EB:60:12:4B:B5:87:79:1B:E2:3A:9C:17:76:81:CB:43 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + a3:9d:4e:8b:42:7b:c2:3a:71:5c:7a:a9:ec:9b:da:04:a4:7d: + f2:53:ba:b5:97:97:21:ae:94:03:23:7e:75:0e:c7:cc:1f:57: + f2:76:ec:aa:bf:4f:2f:d1:2d:d2:3d:10:55:ce:a0:1c:93:b6: + 8a:b6:65:9b:67:7a:a6:2f:04:62:e9:31:69:f4:26:08:a3:41: + d0:11:3a:21:31:b6:32:5e:a0:4c:32:2d:ca:f8:a0:76:be:f2: + a1:bf:15:98:73:26:41:2d:d5:8e:63:e7:5e:ef:61:08:f0:9d: + fb:af:55:1e:37:9c:2a:13:f7:7e:ab:5c:f4:d5:f8:7c:a7:fb: + c0:42 +-----BEGIN CERTIFICATE----- +MIICMzCCAZygAwIBAgIBAjANBgkqhkiG9w0BAQQFADApMScwJQYDVQQDDB5UZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IFJvb3QgQ0EwHhcNMTExMDI2MDM0NjQ4WhcNMjEx +MDIzMDM0NjQ4WjAxMS8wLQYDVQQDDCZUZXN0IERlcHJlY2F0ZWQgRGlnZXN0IElu +dGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJvAS/xZ +RXrWP6OJIzBbcK2reGJLU4Wf+X1/wSYII4BhDLptNgYU3ynUnGOUBO4UtrmBBi8z +2DWaGokXrSFh+iR1uQzvwRVqAr2ypSnf2F+AfE7JwbS7/XhEYzS1pVGq6SN3RFP5 ++lj2Rm6d0s0Aoyj+UeQwfkli1FOw2Jw0RwcCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUqB0Gja0/JVEA8DvpNcZldBJRIBkwHwYDVR0jBBgwFoAU +eYLFtOtgEku1h3kb4jqcF3aBy0MwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BAUAA4GBAKOdTotCe8I6cVx6qeyb2gSkffJTurWXlyGulAMjfnUOx8wfV/J27Kq/ +Ty/RLdI9EFXOoByTtoq2ZZtneqYvBGLpMWn0JgijQdAROiExtjJeoEwyLcr4oHa+ +8qG/FZhzJkEt1Y5j517vYQjwnfuvVR43nCoT936rXPTV+Hyn+8BC +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_md5_root.pem b/pki/testdata/ssl/certificates/weak_digest_md5_root.pem new file mode 100644 index 0000000000..cea1d70046 --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_md5_root.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICEjCCAXugAwIBAgIJANhsW8HvYIVtMA0GCSqGSIb3DQEBBAUAMCkxJzAlBgNV +BAMMHlRlc3QgRGVwcmVjYXRlZCBEaWdlc3QgUm9vdCBDQTAeFw0xMTEwMjYwMzQ2 +NDhaFw0yMTEwMjMwMzQ2NDhaMCkxJzAlBgNVBAMMHlRlc3QgRGVwcmVjYXRlZCBE +aWdlc3QgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFtzW+hj +BwMylx+rrgeKjltrzYabuJDdTDTYr1lViwO39m6CtHYdcFvZ1nU9oDjW4Lb1NQYv +HoR8+SD0X1R2Y0yF6AyS9NX5E9TQ8TJUSQEehfznbBovMkRaQQMRD6ksRIQr+s00 +P6n0lAYJyN32lmTCbJ+k1aGHPFtKhTNQF/cCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHmCxbTrYBJLtYd5G+I6nBd2 +gctDMA0GCSqGSIb3DQEBBAUAA4GBAC1qyqlaaPzmY78GXsw1MY2VbSNmGyRxWw3W +dJVSkdKv8jeeZnVT6JaiHzmM0zQ9E8x0szILJlJ3r9CNKiuXgpCvbaWqiWwytFny +8Mea/xS8FwIfPoxiOt/MdjvnfUWi1ukZaOy88rg5V7/mVdObTzu4VouD4qxhpdTa +QRn7eFqR +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_sha1_ee.pem b/pki/testdata/ssl/certificates/weak_digest_sha1_ee.pem new file mode 100644 index 0000000000..5368e62c9c --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_sha1_ee.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test Deprecated Digest Intermediate CA + Validity + Not Before: Oct 26 03:46:48 2011 GMT + Not After : Oct 23 03:46:48 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c7:48:eb:5c:00:17:94:01:09:d3:bd:47:41:38: + 74:b8:4f:cb:ea:f1:15:eb:cb:e7:b5:6c:bd:fe:d9: + 97:6d:1e:1b:ee:75:9e:c1:6f:4a:5c:8c:d7:19:cf: + 51:89:48:e8:7d:79:41:ab:e3:a7:77:d1:de:f2:13: + be:36:e7:44:c2:10:dd:56:83:03:f1:cd:e1:13:8d: + fe:45:d6:1a:98:d8:8d:08:b9:32:10:36:0d:ec:ee: + 2d:66:22:eb:6a:0d:0e:f4:15:91:dd:9d:3e:92:db: + 9e:26:c8:af:4b:b7:fb:93:f8:68:07:c3:53:02:57: + dc:d0:de:df:29:72:45:6f:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 35:5C:C8:0F:21:D0:A2:F5:69:44:5C:9E:B0:DC:0F:75:74:24:7A:FD + X509v3 Authority Key Identifier: + keyid:A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + ab:a4:58:6a:d8:f4:87:00:11:45:23:ea:75:a9:0d:cd:87:73: + 0e:73:f2:97:d3:74:b0:cd:90:c9:45:83:03:c3:82:ee:2f:79: + 51:31:12:1c:39:a0:e2:45:f2:c2:4e:70:8c:e4:f3:af:15:4c: + be:5d:e7:c3:96:79:c8:a4:98:6d:37:8d:3f:9f:9e:89:32:ca: + a6:a7:e2:c8:f3:84:64:08:34:57:bd:10:22:96:78:39:b4:33: + dc:f2:db:83:ec:0c:20:58:ce:ba:98:44:dc:ca:a2:10:6c:5a: + d5:57:85:b9:3c:f0:48:99:98:e1:80:88:08:4c:cc:83:0d:40: + ff:8d +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDDCZUZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IEludGVybWVkaWF0ZSBDQTAeFw0xMTEwMjYwMzQ2 +NDhaFw0yMTEwMjMwMzQ2NDhaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp +Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENB +MRIwEAYDVQQDDAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMdI61wAF5QBCdO9R0E4dLhPy+rxFevL57Vsvf7Zl20eG+51nsFvSlyM1xnPUYlI +6H15Qavjp3fR3vITvjbnRMIQ3VaDA/HN4RON/kXWGpjYjQi5MhA2DezuLWYi62oN +DvQVkd2dPpLbnibIr0u3+5P4aAfDUwJX3NDe3ylyRW/jAgMBAAGjgYAwfjAMBgNV +HRMBAf8EAjAAMB0GA1UdDgQWBBQ1XMgPIdCi9WlEXJ6w3A91dCR6/TAfBgNVHSME +GDAWgBSoHQaNrT8lUQDwO+k1xmV0ElEgGTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOBgQCrpFhq +2PSHABFFI+p1qQ3Nh3MOc/KX03SwzZDJRYMDw4LuL3lRMRIcOaDiRfLCTnCM5POv +FUy+XefDlnnIpJhtN40/n56JMsqmp+LI84RkCDRXvRAilng5tDPc8tuD7AwgWM66 +mETcyqIQbFrVV4W5PPBImZjhgIgITMyDDUD/jQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_sha1_intermediate.pem b/pki/testdata/ssl/certificates/weak_digest_sha1_intermediate.pem new file mode 100644 index 0000000000..478d116d4c --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_sha1_intermediate.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Test Deprecated Digest Root CA + Validity + Not Before: Oct 26 03:46:48 2011 GMT + Not After : Oct 23 03:46:48 2021 GMT + Subject: CN=Test Deprecated Digest Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ac:9b:c0:4b:fc:59:45:7a:d6:3f:a3:89:23:30: + 5b:70:ad:ab:78:62:4b:53:85:9f:f9:7d:7f:c1:26: + 08:23:80:61:0c:ba:6d:36:06:14:df:29:d4:9c:63: + 94:04:ee:14:b6:b9:81:06:2f:33:d8:35:9a:1a:89: + 17:ad:21:61:fa:24:75:b9:0c:ef:c1:15:6a:02:bd: + b2:a5:29:df:d8:5f:80:7c:4e:c9:c1:b4:bb:fd:78: + 44:63:34:b5:a5:51:aa:e9:23:77:44:53:f9:fa:58: + f6:46:6e:9d:d2:cd:00:a3:28:fe:51:e4:30:7e:49: + 62:d4:53:b0:d8:9c:34:47:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + A8:1D:06:8D:AD:3F:25:51:00:F0:3B:E9:35:C6:65:74:12:51:20:19 + X509v3 Authority Key Identifier: + keyid:79:82:C5:B4:EB:60:12:4B:B5:87:79:1B:E2:3A:9C:17:76:81:CB:43 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 4e:30:a8:25:da:ac:90:a9:5e:6c:23:7f:76:1e:2d:64:79:78: + 61:84:dc:06:12:43:72:a6:18:f1:f2:23:fa:e9:1f:de:3a:52: + 1c:ce:cd:f7:7e:3c:92:ce:7f:f3:1f:f5:bc:18:17:95:cb:57: + 34:f1:88:b1:c8:1f:51:e1:d3:3d:dd:17:c6:d4:af:f1:42:ec: + 85:d7:bf:16:22:e0:88:82:92:cc:94:89:e5:eb:9d:cc:fe:31: + 50:6f:ea:d8:70:f9:ef:6b:ca:3e:af:bd:61:42:33:ce:23:bf: + 50:5f:55:14:64:2b:f7:fd:a6:29:41:a8:65:c3:fa:c4:f0:c7: + 71:a5 +-----BEGIN CERTIFICATE----- +MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQUFADApMScwJQYDVQQDDB5UZXN0 +IERlcHJlY2F0ZWQgRGlnZXN0IFJvb3QgQ0EwHhcNMTExMDI2MDM0NjQ4WhcNMjEx +MDIzMDM0NjQ4WjAxMS8wLQYDVQQDDCZUZXN0IERlcHJlY2F0ZWQgRGlnZXN0IElu +dGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJvAS/xZ +RXrWP6OJIzBbcK2reGJLU4Wf+X1/wSYII4BhDLptNgYU3ynUnGOUBO4UtrmBBi8z +2DWaGokXrSFh+iR1uQzvwRVqAr2ypSnf2F+AfE7JwbS7/XhEYzS1pVGq6SN3RFP5 ++lj2Rm6d0s0Aoyj+UeQwfkli1FOw2Jw0RwcCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUqB0Gja0/JVEA8DvpNcZldBJRIBkwHwYDVR0jBBgwFoAU +eYLFtOtgEku1h3kb4jqcF3aBy0MwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4GBAE4wqCXarJCpXmwjf3YeLWR5eGGE3AYSQ3KmGPHyI/rpH946UhzOzfd+ +PJLOf/Mf9bwYF5XLVzTxiLHIH1Hh0z3dF8bUr/FC7IXXvxYi4IiCksyUieXrncz+ +MVBv6thw+e9ryj6vvWFCM84jv1BfVRRkK/f9pilBqGXD+sTwx3Gl +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/weak_digest_sha1_root.pem b/pki/testdata/ssl/certificates/weak_digest_sha1_root.pem new file mode 100644 index 0000000000..a10f00911f --- /dev/null +++ b/pki/testdata/ssl/certificates/weak_digest_sha1_root.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICEjCCAXugAwIBAgIJAOojr7l1i8pcMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNV +BAMMHlRlc3QgRGVwcmVjYXRlZCBEaWdlc3QgUm9vdCBDQTAeFw0xMTEwMjYwMzQ2 +NDhaFw0yMTEwMjMwMzQ2NDhaMCkxJzAlBgNVBAMMHlRlc3QgRGVwcmVjYXRlZCBE +aWdlc3QgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFtzW+hj +BwMylx+rrgeKjltrzYabuJDdTDTYr1lViwO39m6CtHYdcFvZ1nU9oDjW4Lb1NQYv +HoR8+SD0X1R2Y0yF6AyS9NX5E9TQ8TJUSQEehfznbBovMkRaQQMRD6ksRIQr+s00 +P6n0lAYJyN32lmTCbJ+k1aGHPFtKhTNQF/cCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHmCxbTrYBJLtYd5G+I6nBd2 +gctDMA0GCSqGSIb3DQEBBQUAA4GBAFfvM72mFeBd4HfP/U0HTmeQsPTorL01BRGe +kIbHSBfliYF5fTXbHHjXqvnmNvCwfjO1+HyCxg3opwmDS5DiwkT2XtqYeF80h8/X +J+hsdo+wJJiD0G8V3wOkBjlS5N3WaH3vhPikLkvmr2UzeeO3ORaaDUlRpzzOS2Pn +28TAE0Wq +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/websocket_cacert.pem b/pki/testdata/ssl/certificates/websocket_cacert.pem new file mode 100644 index 0000000000..50c5baa37d --- /dev/null +++ b/pki/testdata/ssl/certificates/websocket_cacert.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 94:72:cf:87:d6:a3:b4:82 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=JP, ST=Tokyo, O=pywebsocket, CN=pywebsocket + Validity + Not Before: Oct 16 04:53:09 2012 GMT + Not After : Apr 29 04:53:09 2033 GMT + Subject: C=JP, ST=Tokyo, O=pywebsocket, CN=pywebsocket + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d8:f9:57:61:4a:d3:22:96:91:79:c5:1b:fa:43: + e1:f6:ac:ef:16:ca:5e:a3:b2:9e:11:3c:c7:bc:f7: + e3:86:2f:ef:1b:52:a0:86:79:b0:0e:89:b3:8b:f1: + 54:98:7c:b8:18:44:d5:0b:26:da:b7:31:de:9e:f1: + ba:01:99:f8:b1:e9:5c:aa:d9:ea:7f:46:6f:2d:03: + 8d:64:bb:e4:bc:c2:61:9b:47:bc:56:d1:aa:d1:b4: + e8:7c:7b:ad:83:c8:48:ef:56:c5:cf:01:22:56:75: + 48:07:a3:15:82:32:59:08:44:d1:eb:04:ea:02:34: + 22:7b:2b:41:6f:14:03:4e:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:BB:11:3D:8D:AF:1C:27:2B:F6:67:36:A7:53:4E:49:94:22:17:EB + X509v3 Authority Key Identifier: + keyid:33:BB:11:3D:8D:AF:1C:27:2B:F6:67:36:A7:53:4E:49:94:22:17:EB + DirName:/C=JP/ST=Tokyo/O=pywebsocket/CN=pywebsocket + serial:94:72:CF:87:D6:A3:B4:82 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 4f:be:f4:12:fe:89:ff:bb:3b:1b:f3:78:6a:8b:ae:9c:da:31: + f0:76:b9:22:19:8d:4c:89:be:59:97:ff:0f:9f:0d:74:88:e2: + ca:4d:b2:d7:8e:9f:1d:3e:86:9d:40:84:fe:1a:57:53:ba:4b: + 35:91:f4:49:ba:16:3f:a1:bf:b1:a3:d8:55:f6:4d:5c:a7:2a: + 2d:e0:e1:ca:2b:44:67:c4:33:4f:31:0b:8d:3e:83:99:79:d1: + e3:50:4d:30:ab:29:d7:46:83:07:b5:9a:84:e5:3d:cb:92:05: + 49:93:2d:4e:92:a6:4b:a3:af:24:03:42:82:c6:26:76:f7:91: + c9:02 +-----BEGIN CERTIFICATE----- +MIICvDCCAiWgAwIBAgIJAJRyz4fWo7SCMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV +BAYTAkpQMQ4wDAYDVQQIEwVUb2t5bzEUMBIGA1UEChMLcHl3ZWJzb2NrZXQxFDAS +BgNVBAMTC3B5d2Vic29ja2V0MB4XDTEyMTAxNjA0NTMwOVoXDTMzMDQyOTA0NTMw +OVowSTELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRQwEgYDVQQKEwtweXdl +YnNvY2tldDEUMBIGA1UEAxMLcHl3ZWJzb2NrZXQwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANj5V2FK0yKWkXnFG/pD4fas7xbKXqOynhE8x7z344Yv7xtSoIZ5 +sA6Js4vxVJh8uBhE1Qsm2rcx3p7xugGZ+LHpXKrZ6n9Gby0DjWS75LzCYZtHvFbR +qtG06Hx7rYPISO9Wxc8BIlZ1SAejFYIyWQhE0esE6gI0InsrQW8UA04HAgMBAAGj +gaswgagwHQYDVR0OBBYEFDO7ET2NrxwnK/ZnNqdTTkmUIhfrMHkGA1UdIwRyMHCA +FDO7ET2NrxwnK/ZnNqdTTkmUIhfroU2kSzBJMQswCQYDVQQGEwJKUDEOMAwGA1UE +CBMFVG9reW8xFDASBgNVBAoTC3B5d2Vic29ja2V0MRQwEgYDVQQDEwtweXdlYnNv +Y2tldIIJAJRyz4fWo7SCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +T770Ev6J/7s7G/N4aouunNox8Ha5IhmNTIm+WZf/D58NdIjiyk2y146fHT6GnUCE +/hpXU7pLNZH0SboWP6G/saPYVfZNXKcqLeDhyitEZ8QzTzELjT6DmXnR41BNMKsp +10aDB7WahOU9y5IFSZMtTpKmS6OvJANCgsYmdveRyQI= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/websocket_client_cert.p12 b/pki/testdata/ssl/certificates/websocket_client_cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1ec70b233180dd512c671e41497cc75c8a3e1a08 GIT binary patch literal 2550 zcmY+FcQ_l27RHl^*c7#@Myb(Q@gX#3P`i<;(b}!iYL&En_6%awj1j9Et2JAzM2pf= zYE`Md6|qN9tGN0+_ulW`Ki=n@=Y7v}{yOLR!LW1`5ReLnr6WP;pg29;J`<1zNW{_= zgRyjl=XNd(3vvG^f)KF~`*X`01O%KHvwspG>@tM@-y0Z#5EwI<)*=O0eXN(ME#YyJHiHhAPvlX+QFa*Uk+vP>bwKYa{_~`Rima`ZH4*LAn`&}|( zmqq8w-+gBl!&RBp6C25q`qD}zeIlr=B%EQ4@d58*_R!WI5-KKR{<_(jYmbh!7|qnF zb=v%)k}ckir8nW57;}NH!pdk9Er_xK$@{MME-~xtkf7{a^LSkouxWEE+!IoxJ zkcsDT1%bydU0An)ZoY4F4Q5Wr6uunzWc}45=LfFxzPURp*MR5}zs%ql4eRrJ< z!q6Q|IUVIlLZUR-6abpGge*limAm~$RiXJ}%LLw7_Gob>N@wmYPAV)Ge{RkE%ri#= za1>?WIA{{lt}ZEi=c>G7k(%Wdbfe-2r-lvO&tk8p3ggi%RQ^B!d^BU6_WRvw&Sv3r zPV&#ILfBdJe$?~X2mH#WM=gSY&yKZllwWmp7(1kSTftOoMqo=!A5>!4uy)2conraFY`K1+jaHW76-g;B! zaPkgI>OjJ5-?;g&re&f2+Bah~MV&AAvKfCO;8=X2NRXZA9*)Qk4nw0Gj%qt}1VViRyWGxp-o!*>H$9JmHXirOOY?W8wh*G;_sw>K zVGciW^{fQ(JsGWmZ+auCeG;$k1$rg2gaV<_qdV4`LWb9qbu(2(C3M&O9{LA0Bh#z#j^hPd9;yj zo5b}mC)8oiZ4Q2Q`%*tFR>>}Dv)P4%5^sH!gJ@oJj(^9UERdhoVJbjMa&%I&DcDZ3 z$c_}%uVC1*9{r6vU_gF3OJXR=>t=J{MdH%@ghBNbrEK+-&qA`-@evZQ&XJ-S2yluC zcZ-u|&b63O=C(NM(3y-DID_pf8ip#jS#LiU&-+N+-wMu%j%4>KD2u4)x}eiM+nDai z67t22-OA6M_1PVXfO^^+Q|z-rl|Qq6V9J$hFkDUX?u`L4;Le!E zqc)`RoxYA(dgD47*#w0R-$Th4cS>7GG3Zn_r|S8WwLt#ATjcob@hG&(#OaffQmGNMRj*guQtGLUo_5V|Lbmz+RMG_nmN1dDM02^Z7+hYI*WAaK3D6y z|LS<{LUHDmSvOMLqn4|J4y&Og6#J0<3w$qK3CM?oJ__ntgHLEq^re;Dip54>xT|@d8=nIUQ>PHlXCYCit<9I~HFNN{>0~#zV z>$-uGx@r`q%t}{cH+g96*OujR>6Yt4{&Jxs@P=c3I*exKsE=_(=8ppSHg>T+wsElpurmBKt}~Xwvkz zW^beKPkfs-1DS$?{ODP0U|1^X|A2*vrQ!u+skqK<_H(g782*D9dLW311-*h{L3#g2 zAF4m}0hh%+RTah^{-F;T3kor`%2hGU)aJ`)9E-p9NVoZCpoJp2()e&{X82PU&2K)j zHO^$GNMVF-|D8hZZz2W#!}f!H|P8BWd~$iNkKS_f5b)6T!Dz)8-CIP^Dc|BOu9kL##ZxwkC! z(X(O*Kw*Y26W|ju676=^Uk-YKrIPI}B^MsNYw0UhCCPfNTN?xe7AV+2ZEs@YR;wmA z_ib2Y!{hetwpgu{Bkobn+W216B_-)r@&|N=(eWC6Noa?iW+K%+-VLa;{ETfe+x4-Q zsd>odB*spALx+6ZrDjhzlCam?)H=L%;Sr&B>MKF#%Hlxt^^L=&Fte?$i69)MNWb-F zpAm-j@iQGnKv~TNGwf=)QZl@0IdA)0WU(eEjm_*$p2L1vlds%OQ`)irRsK*WZ& zTrhsjUA#2?rl^L(*lHH*=mVBckK7++QTDgS_3MwdsAbJz!vDQ$Iu2P*@Wnv}la6A5 za6tNJ&yT>nl_P$6Doik$e}*o~3h@g9FaTeGH^2#SAK(FS2RHy8pZA^syK_06JDxCE z*cBKZgj#}`3UrAY0KV8m51kQQJ{*nkrQ`I%7}Np#YvRGQsFdK7q<}{BpLh5doe{e{ literal 0 HcmV?d00001 diff --git a/pki/testdata/ssl/certificates/wildcard.pem b/pki/testdata/ssl/certificates/wildcard.pem new file mode 100644 index 0000000000..2c3692e299 --- /dev/null +++ b/pki/testdata/ssl/certificates/wildcard.pem @@ -0,0 +1,113 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtHZTAxIAlCLF+ +VUYlvmW9wv+VjrU1xuPIRo/NIzyEzuyB7yFVlI+/oaEnZNlW5f2g+nPEsFKCdre9 +A7K87eht+B8RYDowTdQqfgODOEIOWZ8MTL1WqenW+DKl6xNnVQKog6TdC9+hD/AY +YTin94DuHr2VC2zvEzrjspq7kf+FlTjU+MT86toS/t+cLhBpwBPbLmH18LEs5999 +aEdUtFZwcJMTQT1i9PqYpNwiDKT9fIhMDIoa9CumyY+gT7tQ+tGlojNQICswU99U +LiS2KIg1JxFQ/KJoproTnFuxgwQAg7iGmJx/OtcXdus7HdO6mIEF/Q4l75KHaDWp +bRTl92G9AgMBAAECggEAepmBeIdxLUkb0pl3pVFS4nIP6Y34fY5OUM7QFnqG6JNW +4apF1ELzDsbbx3dfiHA3D+NvS3OH64dCFqVg1vYx7neTIQ4iB4WG5VT7DdowxdLo +laBfUtnglnKOA/0Yb8y/pjIc9sLq7DjKU6m+ow3gjELPBpfh3OqkgQ9DD+WUrbfW +0zTRKPuKnz5xfs2Lv6kUz7AriePGt2pf860WMGqzRwGZ+968seXiKZLPWToDu7l5 +42YN8JAtDIwwe+87fp9Hxzv+sqembnl7Je8yklk6aCcNxg2zNfcWWCDvzV4YQ3FK +ocONxFXFipKk3dHx9G04AEC6uYqhMSyQlev9Rt/zoQKBgQDc2jbPmru5PmqGHtLa +Ih8KAvGcywSQsLqP2KbmDBR9Ajs9+yHa9IqNZPfE98fNtiiDSjEyOI0fZq3YHaLg +BZzFsrn4UuTJJYPX3rJBc1TmsS8aZ8RkqiVhWBdKasAPBDUUWEaWxbqAXhKjgrNw +K7xNmFASk7f1UjLvVE0LXd55dQKBgQDIqoMC6iXMQP7i/TW8P9jrvy3/dnVFdhN9 +d7sFasApdwGsJVb5XWWIqA62lcdi+0sNnMgw4SZbPJlWLgcDiahJJe8hhQbHgLYK +j90VIYYl1FXUvZ2RjpgiwTR2I+iPPAyNRiFxVLiYEn8sGckDDEDG+eiDg9jOZ0aB +0Q3cprJ2KQKBgQCgzen2wy1INeAOA8d2uD1tZrNRfKi4SVWtgwwSmF0aoFNOT9pY +uJFhXlDhg6Bhce6RmaW0cWSfpn2RzBJZlvyNHhM2cfTPWJdkyGt2KGl7ByvKyB9B +RHmvJRrgPlXVGTUkuRm8kf+3k8dycqoAVHfo76vtuszIvK8Ff5YRXqmsOQKBgGe8 +fm4LTe8BysLd0+G1wBZfhxAB1S5LlFfQhcaPIThOZXbw9r2DIvI6ryCE3ca10l7/ +Jh7exk10TnDW6plRmMX37l+Nvat1Rqa/KLO72PXFh3mrbMHKzatp5g0NEzS4/mQq +VS+ZdLRpG4VY7ym8M+CpYSJcDsDlcvW5dUkUhD3BAoGAWskpxGJtWs5MaxrCA7Cs +XFMA4kFzdavnEQXtdm3VkdlrpJW04Yt6YLSVzeLsfZdK8x7RAiIrsTwSRHnYjCBJ +PTUU5ibJPFj7pKEJkXnAYJy41fzbLHUuL+X8liKms1pXJmcbUVPZq+eem/J3omls +CgleVqA09PTkNcz+Xy6KQpY= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:67 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Sep 30 17:20:08 2032 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ad:1d:94:c0:c4:80:25:08:b1:7e:55:46:25:be: + 65:bd:c2:ff:95:8e:b5:35:c6:e3:c8:46:8f:cd:23: + 3c:84:ce:ec:81:ef:21:55:94:8f:bf:a1:a1:27:64: + d9:56:e5:fd:a0:fa:73:c4:b0:52:82:76:b7:bd:03: + b2:bc:ed:e8:6d:f8:1f:11:60:3a:30:4d:d4:2a:7e: + 03:83:38:42:0e:59:9f:0c:4c:bd:56:a9:e9:d6:f8: + 32:a5:eb:13:67:55:02:a8:83:a4:dd:0b:df:a1:0f: + f0:18:61:38:a7:f7:80:ee:1e:bd:95:0b:6c:ef:13: + 3a:e3:b2:9a:bb:91:ff:85:95:38:d4:f8:c4:fc:ea: + da:12:fe:df:9c:2e:10:69:c0:13:db:2e:61:f5:f0: + b1:2c:e7:df:7d:68:47:54:b4:56:70:70:93:13:41: + 3d:62:f4:fa:98:a4:dc:22:0c:a4:fd:7c:88:4c:0c: + 8a:1a:f4:2b:a6:c9:8f:a0:4f:bb:50:fa:d1:a5:a2: + 33:50:20:2b:30:53:df:54:2e:24:b6:28:88:35:27: + 11:50:fc:a2:68:a6:ba:13:9c:5b:b1:83:04:00:83: + b8:86:98:9c:7f:3a:d7:17:76:eb:3b:1d:d3:ba:98: + 81:05:fd:0e:25:ef:92:87:68:35:a9:6d:14:e5:f7: + 61:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E7:1B:C5:0D:E7:ED:C7:2B:2E:95:91:40:77:5A:57:DE:1C:F4:D7:FE + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:*.example.org + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3b:28:28:79:3c:bf:0e:3f:54:71:1e:0b:cb:1d:96:15:b4:9e: + 34:1a:ea:ce:ad:4a:63:41:6f:bc:c3:0b:c6:89:db:23:72:88: + 85:cf:cf:43:c3:ba:49:aa:dd:a9:4b:ed:da:ce:17:e0:c9:ee: + c2:f2:38:2e:0a:e5:b6:85:58:2a:89:25:36:da:ba:17:e7:1e: + eb:63:ee:be:83:ce:ce:05:f7:2a:96:18:a6:fd:20:50:5b:9a: + 8d:1c:6e:11:f2:8e:11:c3:ae:86:5f:4d:d0:68:45:be:99:a9: + 3b:87:eb:a8:e6:99:62:f9:ea:8f:03:12:91:47:df:58:46:11: + 66:c1:57:9c:a5:a5:d2:75:ce:c8:8c:63:79:19:17:30:03:2e: + 58:3a:cf:82:63:e9:7f:9a:c2:8d:e2:4a:dc:7f:5d:3b:40:10: + 38:a4:45:46:3f:95:5c:48:97:7e:4e:85:82:48:e9:aa:89:c0: + 77:d8:f3:16:b3:7a:4d:bb:82:84:e8:54:59:dc:5b:97:3f:83: + b3:bd:f1:84:31:ae:02:17:92:84:e9:db:06:c0:97:0c:02:2b: + 4b:d7:99:7f:d7:9e:9a:3d:99:06:5e:3d:74:f6:b4:1f:22:f0: + 27:cb:4c:1f:ae:c4:24:c8:1a:9a:8d:21:7b:db:32:88:5d:a6: + 72:b4:5e:70 +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIRALBrk5LjXI1+7Z3IllnFwmcwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0zMjA5MzAxNzIwMDhaMGAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtHZTAxIAlCLF+VUYlvmW9wv+VjrU1xuPI +Ro/NIzyEzuyB7yFVlI+/oaEnZNlW5f2g+nPEsFKCdre9A7K87eht+B8RYDowTdQq +fgODOEIOWZ8MTL1WqenW+DKl6xNnVQKog6TdC9+hD/AYYTin94DuHr2VC2zvEzrj +spq7kf+FlTjU+MT86toS/t+cLhBpwBPbLmH18LEs5999aEdUtFZwcJMTQT1i9PqY +pNwiDKT9fIhMDIoa9CumyY+gT7tQ+tGlojNQICswU99ULiS2KIg1JxFQ/KJoproT +nFuxgwQAg7iGmJx/OtcXdus7HdO6mIEF/Q4l75KHaDWpbRTl92G9AgMBAAGjgYow +gYcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5xvFDeftxysulZFAd1pX3hz01/4w +HwYDVR0jBBgwFoAUmyYLipipux25HxzjGkAz7Y4XiKswHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMBgGA1UdEQQRMA+CDSouZXhhbXBsZS5vcmcwDQYJKoZI +hvcNAQELBQADggEBADsoKHk8vw4/VHEeC8sdlhW0njQa6s6tSmNBb7zDC8aJ2yNy +iIXPz0PDukmq3alL7drOF+DJ7sLyOC4K5baFWCqJJTbauhfnHutj7r6Dzs4F9yqW +GKb9IFBbmo0cbhHyjhHDroZfTdBoRb6ZqTuH66jmmWL56o8DEpFH31hGEWbBV5yl +pdJ1zsiMY3kZFzADLlg6z4Jj6X+awo3iStx/XTtAEDikRUY/lVxIl35OhYJI6aqJ +wHfY8xazek27goToVFncW5c/g7O98YQxrgIXkoTp2wbAlwwCK0vXmX/Xnpo9mQZe +PXT2tB8i8CfLTB+uxCTIGpqNIXvbMohdpnK0XnA= +-----END CERTIFICATE----- diff --git a/pki/testdata/ssl/certificates/x509_verify_results.chain.pem b/pki/testdata/ssl/certificates/x509_verify_results.chain.pem new file mode 100644 index 0000000000..30c06eed2d --- /dev/null +++ b/pki/testdata/ssl/certificates/x509_verify_results.chain.pem @@ -0,0 +1,247 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 9c:ac:13:39:97:f9:d0:e4:e8:7f:a3:f1:71:92:32:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Intermediate CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Oct 2 17:20:08 2024 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e0:53:f4:f3:98:c1:14:33:02:c8:a4:6d:fe:aa: + 2a:f7:94:3d:a6:6f:00:df:3b:de:4c:9f:a3:ea:07: + d4:ac:e5:5b:0d:d1:ac:e0:ed:f9:c5:98:1d:35:2d: + e5:b3:49:97:14:85:44:0f:dc:4c:d2:67:08:88:01: + a5:d8:a7:eb:93:d1:6a:a1:f7:51:e7:84:7e:52:2a: + 7d:bc:6f:0e:d8:db:b6:a6:3e:de:dc:f5:a4:68:96: + 44:11:85:02:ed:47:12:df:b8:60:71:95:7b:62:87: + 68:7a:44:56:09:d5:b4:c8:f1:f6:c9:46:92:8b:68: + e8:83:d5:d5:86:71:23:c3:80:1e:bf:6c:01:c7:d2: + a4:bc:40:6d:e0:e3:c0:2e:30:78:bd:ad:dd:25:66: + d3:f5:07:07:56:d7:ce:e2:72:c5:25:7d:0c:e1:a7: + 6f:00:a8:da:ab:4b:54:43:09:64:a4:b6:52:38:2f: + b7:cc:01:dd:1c:03:27:03:47:bf:df:e6:37:b0:ed: + 18:dc:51:0b:d4:75:22:df:50:7b:3c:eb:37:39:1c: + 9b:6f:08:7b:a7:05:ac:8c:43:f7:f1:da:51:06:b3: + 82:45:3e:c8:81:73:9e:b0:a5:cf:76:96:af:81:2c: + ac:01:2a:4a:58:4b:1d:be:ff:1f:85:c2:27:de:f1: + 78:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E2:E0:A4:73:95:9B:E9:6E:FD:CE:29:C4:6F:07:81:0B:96:BD:47:BA + X509v3 Authority Key Identifier: + 17:5C:45:F3:D0:AC:1C:10:4C:8B:43:44:20:C4:DD:93:C5:C5:19:3B + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 93:a1:82:4b:78:ce:18:3a:0a:ae:c8:3b:04:4a:1e:2a:e0:e8: + c3:dd:15:cb:ed:4f:23:09:b8:d4:49:4f:3b:2c:98:bf:bd:7a: + 4e:de:6b:48:93:0c:17:50:d5:df:b0:8a:95:3a:f4:d2:3c:c4: + 71:cd:fc:d3:72:b1:99:dd:5c:82:74:df:42:d9:51:85:26:92: + 2b:c8:0d:1b:aa:e5:98:9f:9d:25:cd:82:f1:a5:42:20:9c:7f: + e9:b3:b8:1e:75:70:2a:07:ee:33:db:6d:b6:6a:cb:e0:80:e9: + fe:12:15:0f:4e:e6:78:99:a3:22:68:1a:bc:ce:77:45:f0:9f: + ce:23:25:bd:32:b6:8d:f4:1a:3a:8e:e9:a7:bd:da:e7:d5:ba: + 84:38:4f:db:bb:29:7f:ec:4f:56:1a:c4:43:1a:0e:a5:c9:db: + b1:69:9d:00:82:b6:b2:4b:67:e7:58:45:37:dc:30:81:93:5a: + 56:de:5e:0f:9c:d6:1a:73:9c:9e:f4:f1:8e:20:11:fc:f3:3f: + 77:7f:9a:f1:93:42:31:2b:5a:e2:70:f2:7a:f0:07:7e:28:c3: + 21:6a:c5:b3:fe:08:76:4b:a3:58:70:f6:44:22:a5:e1:b9:17: + ce:a4:90:35:5c:c7:9a:e0:12:b7:5f:24:d5:60:0c:bd:9d:b6: + 1b:78:17:16 +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgIRAJysEzmX+dDk6H+j8XGSMvowDQYJKoZIhvcNAQELBQAw +azELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExHTAbBgNVBAMMFFRlc3QgSW50 +ZXJtZWRpYXRlIENBMB4XDTIyMTAwMzE3MjAwOFoXDTI0MTAwMjE3MjAwOFowYDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50 +YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4wLjAuMTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOBT9POYwRQzAsikbf6qKveU +PaZvAN873kyfo+oH1KzlWw3RrODt+cWYHTUt5bNJlxSFRA/cTNJnCIgBpdin65PR +aqH3UeeEflIqfbxvDtjbtqY+3tz1pGiWRBGFAu1HEt+4YHGVe2KHaHpEVgnVtMjx +9slGkoto6IPV1YZxI8OAHr9sAcfSpLxAbeDjwC4weL2t3SVm0/UHB1bXzuJyxSV9 +DOGnbwCo2qtLVEMJZKS2Ujgvt8wB3RwDJwNHv9/mN7DtGNxRC9R1It9QezzrNzkc +m28Ie6cFrIxD9/HaUQazgkU+yIFznrClz3aWr4EsrAEqSlhLHb7/H4XCJ97xeAsC +AwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOLgpHOVm+lu/c4pxG8H +gQuWvUe6MB8GA1UdIwQYMBaAFBdcRfPQrBwQTItDRCDE3ZPFxRk7MB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3 +DQEBCwUAA4IBAQCToYJLeM4YOgquyDsESh4q4OjD3RXL7U8jCbjUSU87LJi/vXpO +3mtIkwwXUNXfsIqVOvTSPMRxzfzTcrGZ3VyCdN9C2VGFJpIryA0bquWYn50lzYLx +pUIgnH/ps7gedXAqB+4z2222asvggOn+EhUPTuZ4maMiaBq8zndF8J/OIyW9MraN +9Bo6jumnvdrn1bqEOE/buyl/7E9WGsRDGg6lyduxaZ0AgrayS2fnWEU33DCBk1pW +3l4PnNYac5ye9PGOIBH88z93f5rxk0IxK1ricPJ68Ad+KMMhasWz/gh2S6NYcPZE +IqXhuRfOpJA1XMea4BK3XyTVYAy9nbYbeBcW +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:6b:93:92:e3:5c:8d:7e:ed:9d:c8:96:59:c5:c2:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Sep 30 17:20:08 2032 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9d:e9:bd:e4:3d:4a:2f:fb:c2:f9:e6:22:2a:42: + 15:46:1c:8c:8f:47:4c:e9:c5:57:95:1f:66:70:93: + 22:f0:94:c3:bb:b5:5b:ef:a4:6f:c8:c7:89:95:75: + ba:0c:36:bf:4e:6b:a9:35:47:08:43:9e:29:6a:e2: + c3:fb:03:b7:1f:b6:e1:51:6b:ed:7b:19:c7:f9:ce: + 3b:dc:65:e9:66:c7:83:94:c4:d1:4e:ee:ed:64:4b: + 81:f1:1a:ea:5a:64:18:1b:6a:4e:93:d0:13:6c:90: + 60:ca:d2:4e:b7:24:16:f8:b2:08:58:9d:8d:a7:33: + 45:15:34:81:ad:2d:2d:9c:60:ef:f9:2b:98:fe:79: + d3:8d:2c:48:db:12:91:f4:2e:fa:bf:f5:26:c1:82: + 05:80:dd:4c:a8:70:bf:a7:bc:10:34:77:39:db:47: + 04:0f:ed:44:b2:65:46:22:20:88:59:28:0f:c7:0c: + a2:b4:91:a5:a2:aa:ca:05:9f:8a:9b:6e:a3:cb:d4: + a4:e8:24:75:9d:20:81:22:5b:5f:77:3e:c9:f1:1e: + ae:eb:8a:33:8c:27:5b:1e:be:6d:21:1b:42:72:95: + e3:9e:13:03:75:a7:58:d4:be:68:12:fe:63:8e:4b: + 11:7a:34:e7:a3:6b:dd:73:ae:3e:19:9a:ec:91:8b: + 73:af + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 17:5C:45:F3:D0:AC:1C:10:4C:8B:43:44:20:C4:DD:93:C5:C5:19:3B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 25:54:8b:68:3b:3c:92:ed:1b:c7:a1:62:b3:7c:ff:7e:8c:57: + 7c:67:5c:ea:74:9f:e8:f1:b5:c8:e4:88:0e:c9:a3:f3:28:c4: + 05:af:8f:ad:51:32:66:ae:5d:7a:b1:77:7e:99:06:c8:30:26: + 5a:9f:1e:34:ea:aa:3e:0a:73:a2:40:e3:8f:1a:01:96:a2:6d: + 2f:6c:d9:36:65:98:c8:86:41:0e:ee:0d:aa:da:62:54:62:23: + c6:23:b0:f1:ca:35:7b:e5:4b:d1:ab:80:80:d6:00:2b:19:85: + 9d:e0:3c:3f:13:1e:90:d2:df:c3:31:90:0f:a8:40:08:33:4e: + f7:a4:d0:ed:3e:a4:41:cf:e8:37:49:d1:58:e8:07:3d:4b:a1: + c9:fe:12:07:9a:de:e0:c8:f3:68:d6:31:5d:03:77:2f:fa:b0: + e6:2c:f3:80:59:d0:9b:1b:59:22:cd:7e:58:c6:cf:82:92:c3: + 76:95:78:b2:75:c8:fa:59:9f:0e:c0:e3:6d:70:f9:82:ba:db: + 89:89:81:b7:b9:e1:41:63:51:56:8a:5a:d2:52:c2:19:2f:d9: + c0:9d:19:82:59:79:f9:56:1c:25:81:4d:0a:cd:77:1b:de:85: + 6e:51:04:08:0b:0c:33:65:52:f6:90:a8:82:25:77:a0:fa:5e: + 9c:2a:91:66 +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIRALBrk5LjXI1+7Z3IllnFwmQwDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v +dCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0zMjA5MzAxNzIwMDhaMGsxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 +MRAwDgYDVQQKDAdUZXN0IENBMR0wGwYDVQQDDBRUZXN0IEludGVybWVkaWF0ZSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3pveQ9Si/7wvnmIipC +FUYcjI9HTOnFV5UfZnCTIvCUw7u1W++kb8jHiZV1ugw2v05rqTVHCEOeKWriw/sD +tx+24VFr7XsZx/nOO9xl6WbHg5TE0U7u7WRLgfEa6lpkGBtqTpPQE2yQYMrSTrck +FviyCFidjaczRRU0ga0tLZxg7/krmP55040sSNsSkfQu+r/1JsGCBYDdTKhwv6e8 +EDR3OdtHBA/tRLJlRiIgiFkoD8cMorSRpaKqygWfiptuo8vUpOgkdZ0ggSJbX3c+ +yfEeruuKM4wnWx6+bSEbQnKV454TA3WnWNS+aBL+Y45LEXo056Nr3XOuPhma7JGL +c68CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUF1xF89CsHBBM +i0NEIMTdk8XFGTswDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJsmC4qYqbsd +uR8c4xpAM+2OF4irMA0GCSqGSIb3DQEBCwUAA4IBAQAlVItoOzyS7RvHoWKzfP9+ +jFd8Z1zqdJ/o8bXI5IgOyaPzKMQFr4+tUTJmrl16sXd+mQbIMCZanx406qo+CnOi +QOOPGgGWom0vbNk2ZZjIhkEO7g2q2mJUYiPGI7DxyjV75UvRq4CA1gArGYWd4Dw/ +Ex6Q0t/DMZAPqEAIM073pNDtPqRBz+g3SdFY6Ac9S6HJ/hIHmt7gyPNo1jFdA3cv ++rDmLPOAWdCbG1kizX5Yxs+CksN2lXiydcj6WZ8OwONtcPmCutuJiYG3ueFBY1FW +ilrSUsIZL9nAnRmCWXn5VhwlgU0KzXcb3oVuUQQICwwzZVL2kKiCJXeg+l6cKpFm +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:cc:00:80:c9:a0:0b:a1:c7:09:7c:9f:71:0d:90:92:cf:ee:c7:f4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test CA, CN = Test Root CA + Validity + Not Before: Oct 3 17:20:08 2022 GMT + Not After : Sep 30 17:20:08 2032 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test CA, CN = Test Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:81:1f:92:73:b6:58:85:d9:8d:ac:b7:20:fd: + c7:bf:40:b2:ea:fa:e5:0b:52:01:8f:9a:c1:eb:7a: + 80:c1:f3:89:a4:3e:d5:1b:61:cc:b5:cf:80:b1:1a: + db:bb:25:e0:18:bf:92:69:26:50:cd:e7:3f:ff:0d: + 3c:b4:1f:14:12:ab:67:37:de:07:03:6c:12:74:82: + 36:ac:c3:d4:d3:64:9f:91:ed:5b:f6:a9:7a:a4:9c: + 98:e8:65:6c:94:e1:cb:55:73:ae:f8:1d:50:b0:78: + e5:74:ff:b1:37:2c:cb:19:3d:a4:8c:e7:76:4e:86: + 5c:3f:df:b3:ed:45:23:4f:54:9b:33:c6:89:5e:13: + 1d:dd:7d:59:a5:07:34:28:86:27:1f:fa:9e:53:4f: + 2a:b6:42:ad:37:12:62:f5:72:36:b6:02:12:40:44: + fe:c7:9e:95:89:43:51:5e:b4:6e:c7:67:80:58:43: + be:cc:07:28:bd:59:ff:1c:4c:8d:90:42:f4:cf:fd: + 54:00:4f:48:72:2b:e1:67:3c:84:17:68:95:bf:ca: + 07:7b:df:86:9d:56:e3:32:e3:70:87:b7:f8:3a:f7: + e3:6e:65:14:7c:bb:76:b7:17:f1:42:8c:6f:2a:34: + 64:10:35:14:8c:85:f6:57:bf:f3:5c:55:9d:ad:03: + 10:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 39:9a:f6:0e:eb:08:4d:a0:f0:59:b9:91:fe:b5:d8:2e:4d:6b: + 69:69:c5:d2:86:fc:a3:c2:a2:6c:ca:8d:98:1b:d2:fc:64:9b: + 96:b4:47:f9:f4:ed:6f:52:3c:b5:13:f6:1e:71:51:3b:da:54: + 93:c4:1d:94:17:23:76:9a:98:f5:9b:b8:b1:c5:ab:cd:ab:bd: + 1a:c9:00:13:e0:e3:c7:5a:a7:21:71:eb:08:2b:ec:85:5c:08: + 80:33:25:0f:1f:52:41:c4:9b:22:58:01:24:55:ef:9a:a6:ce: + e4:85:a3:19:33:4d:7e:3f:04:32:15:d5:fc:63:5f:8b:dc:99: + 2b:10:63:56:ac:60:6e:f9:db:9f:63:7b:a8:df:ab:72:28:8a: + a9:e2:8e:9d:e6:6c:7e:5b:16:ba:94:b2:23:f2:d7:31:5b:de: + 58:a0:8b:be:f4:6a:d2:d3:b4:e6:40:06:78:7a:2d:20:4c:cd: + 9d:20:dd:3b:fc:b9:f3:94:13:b0:6b:18:d7:6b:e8:bf:14:cc: + 87:30:8b:64:3f:ad:59:93:e5:f6:7c:d1:2b:f0:8e:4a:9c:c3: + 34:18:4d:62:33:bd:a6:3a:b6:3f:1f:49:5b:63:b4:01:a8:5c: + f0:98:93:35:53:2e:b2:f2:19:7f:87:0d:db:b1:80:61:38:c8: + 47:01:85:b0 +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUC8wAgMmgC6HHCXyfcQ2Qks/ux/QwDQYJKoZIhvcNAQEL +BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM +DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3Qg +Um9vdCBDQTAeFw0yMjEwMDMxNzIwMDhaFw0zMjA5MzAxNzIwMDhaMGMxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRAwDgYDVQQKDAdUZXN0IENBMRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGgR+Sc7ZYhdmNrLcg/ce/QLLq ++uULUgGPmsHreoDB84mkPtUbYcy1z4CxGtu7JeAYv5JpJlDN5z//DTy0HxQSq2c3 +3gcDbBJ0gjasw9TTZJ+R7Vv2qXqknJjoZWyU4ctVc674HVCweOV0/7E3LMsZPaSM +53ZOhlw/37PtRSNPVJszxoleEx3dfVmlBzQohicf+p5TTyq2Qq03EmL1cja2AhJA +RP7HnpWJQ1FetG7HZ4BYQ77MByi9Wf8cTI2QQvTP/VQAT0hyK+FnPIQXaJW/ygd7 +34adVuMy43CHt/g69+NuZRR8u3a3F/FCjG8qNGQQNRSMhfZXv/NcVZ2tAxDzAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJsmC4qYqbsduR8c4xpA +M+2OF4irMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAOZr2DusI +TaDwWbmR/rXYLk1raWnF0ob8o8KibMqNmBvS/GSblrRH+fTtb1I8tRP2HnFRO9pU +k8QdlBcjdpqY9Zu4scWrzau9GskAE+Djx1qnIXHrCCvshVwIgDMlDx9SQcSbIlgB +JFXvmqbO5IWjGTNNfj8EMhXV/GNfi9yZKxBjVqxgbvnbn2N7qN+rciiKqeKOneZs +flsWupSyI/LXMVveWKCLvvRq0tO05kAGeHotIEzNnSDdO/y585QTsGsY12vovxTM +hzCLZD+tWZPl9nzRK/COSpzDNBhNYjO9pjq2Px9JW2O0Aahc8JiTNVMusvIZf4cN +27GAYTjIRwGFsA== +-----END CERTIFICATE----- diff --git a/pki/testdata/test_certificate_data.h b/pki/testdata/test_certificate_data.h new file mode 100644 index 0000000000..7e35b37a59 --- /dev/null +++ b/pki/testdata/test_certificate_data.h @@ -0,0 +1,619 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_TEST_TEST_CERTIFICATE_DATA_H_ +#define NET_TEST_TEST_CERTIFICATE_DATA_H_ + +#include + +namespace { + +// This is the SHA1 hash of the SubjectPublicKeyInfo of nist.der. +static const char kNistSPKIHash[] = + "\x15\x60\xde\x65\x4e\x03\x9f\xd0\x08\x82" + "\xa9\x6a\xc4\x65\x8e\x6f\x92\x06\x84\x35"; + +// Certificates for test data. They're obtained with: +// +// $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null +// $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der +// $ xxd -i /tmp/host.der +// +// TODO(wtc): move these certificates to data files in the +// src/net/data/ssl/certificates directory. + +// Google's 2009 cert. Lacks a SubjectAltName, but contains www.google.com in +// the Subject CN field. + +[[maybe_unused]] unsigned char google_der[] = { + 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x10, 0x01, 0x2a, 0x39, 0x76, 0x0d, 0x3f, 0x4f, 0xc9, 0x0b, + 0xe7, 0xbd, 0x2b, 0xcf, 0x95, 0x2e, 0x7a, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, + 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, + 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, 0x29, 0x20, + 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x47, + 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x33, + 0x32, 0x37, 0x32, 0x32, 0x32, 0x30, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x31, + 0x30, 0x30, 0x33, 0x32, 0x37, 0x32, 0x32, 0x32, 0x30, 0x30, 0x37, 0x5a, + 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, + 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0d, 0x4d, + 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x17, 0x30, + 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0e, 0x77, 0x77, 0x77, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, + 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xd6, 0xb9, 0xe1, 0xad, 0xb8, 0x61, 0x0b, 0x1f, 0x4e, + 0xb6, 0x3c, 0x09, 0x3d, 0xab, 0xe8, 0xe3, 0x2b, 0xb6, 0xe8, 0xa4, 0x3a, + 0x78, 0x2f, 0xd3, 0x51, 0x20, 0x22, 0x45, 0x95, 0xd8, 0x00, 0x91, 0x33, + 0x9a, 0xa7, 0xa2, 0x48, 0xea, 0x30, 0x57, 0x26, 0x97, 0x66, 0xc7, 0x5a, + 0xef, 0xf1, 0x9b, 0x0c, 0x3f, 0xe1, 0xb9, 0x7f, 0x7b, 0xc3, 0xc7, 0xcc, + 0xaf, 0x9c, 0xd0, 0x1f, 0x3c, 0x81, 0x15, 0x10, 0x58, 0xfc, 0x06, 0xb3, + 0xbf, 0xbc, 0x9c, 0x02, 0xb9, 0x51, 0xdc, 0xfb, 0xa6, 0xb9, 0x17, 0x42, + 0xe6, 0x46, 0xe7, 0x22, 0xcf, 0x6c, 0x27, 0x10, 0xfe, 0x54, 0xe6, 0x92, + 0x6c, 0x0c, 0x60, 0x76, 0x9a, 0xce, 0xf8, 0x7f, 0xac, 0xb8, 0x5a, 0x08, + 0x4a, 0xdc, 0xb1, 0x64, 0xbd, 0xa0, 0x74, 0x41, 0xb2, 0xac, 0x8f, 0x86, + 0x9d, 0x1a, 0xde, 0x58, 0x09, 0xfd, 0x6c, 0x0a, 0x25, 0xe0, 0x79, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x28, + 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x04, 0x01, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, + 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, + 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, + 0x77, 0x74, 0x65, 0x53, 0x47, 0x43, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, + 0x30, 0x72, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, + 0x04, 0x66, 0x30, 0x64, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x02, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, + 0x72, 0x79, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x5f, 0x53, 0x47, + 0x43, 0x5f, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0c, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, + 0x00, 0x03, 0x81, 0x81, 0x00, 0x39, 0xb6, 0xfb, 0x11, 0xbc, 0x33, 0x2c, + 0xc3, 0x90, 0x48, 0xe3, 0x6e, 0xc3, 0x9b, 0x38, 0xb1, 0x42, 0xd1, 0x00, + 0x09, 0x58, 0x63, 0xa0, 0xe1, 0x98, 0x1c, 0x85, 0xf2, 0xef, 0x10, 0x1d, + 0x60, 0x4e, 0x51, 0x09, 0x62, 0xf5, 0x05, 0xbd, 0x9d, 0x4f, 0x87, 0x6c, + 0x98, 0x72, 0x07, 0x80, 0xc3, 0x59, 0x48, 0x14, 0xe2, 0xd6, 0xef, 0xd0, + 0x8f, 0x33, 0x6a, 0x68, 0x31, 0xfa, 0xb7, 0xbb, 0x85, 0xcc, 0xf7, 0xc7, + 0x47, 0x7b, 0x67, 0x93, 0x3c, 0xc3, 0x16, 0x51, 0x9b, 0x6f, 0x87, 0x20, + 0xfd, 0x67, 0x4c, 0x2b, 0xea, 0x6a, 0x49, 0xdb, 0x11, 0xd1, 0xbd, 0xd7, + 0x95, 0x22, 0x43, 0x7a, 0x06, 0x7b, 0x4e, 0xf6, 0x37, 0x8e, 0xa2, 0xb9, + 0xcf, 0x1f, 0xa5, 0xd2, 0xbd, 0x3b, 0x04, 0x97, 0x39, 0xb3, 0x0f, 0xfa, + 0x38, 0xb5, 0xaf, 0x55, 0x20, 0x88, 0x60, 0x93, 0xf2, 0xde, 0xdb, 0xff, + 0xdf}; + +// webkit.org's 2008 cert. Contains a SubjectAltName field with *.webkit.org and +// webkit.org. The Subject CN field contains *.webkit.org. + +[[maybe_unused]] unsigned char webkit_der[] = { + 0x30, 0x82, 0x05, 0x0d, 0x30, 0x82, 0x03, 0xf5, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0xca, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, + 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, + 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, + 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x33, 0x30, 0x31, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68, 0x74, 0x74, 0x70, 0x3a, + 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, + 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x27, + 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x53, 0x65, 0x63, + 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x05, + 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32, 0x38, 0x37, 0x30, 0x1e, + 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, + 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x33, 0x31, 0x38, 0x32, + 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, + 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, + 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0c, 0x4d, 0x61, + 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72, 0x67, 0x65, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0c, 0x2a, 0x2e, 0x77, + 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28, 0xf2, 0xc0, 0x4f, 0xe0, + 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5, 0xc9, 0x26, 0x3a, 0x1b, + 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0, 0xf0, 0x40, 0x9e, 0x27, + 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c, 0xb8, 0x9b, 0x01, 0x2f, + 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1, 0x7e, 0x8e, 0xcd, 0xa6, + 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff, 0x2a, 0x6d, 0x0e, 0xba, + 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39, 0xdc, 0x1e, 0x34, 0xd0, + 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca, 0x65, 0xf6, 0x85, 0x3a, + 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1, 0xce, 0x88, 0x47, 0xcd, + 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb, 0x57, 0xdc, 0xca, 0x99, + 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e, 0xe9, 0xb1, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30, 0x82, 0x01, 0xca, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57, 0x06, 0x03, 0x55, 0x1d, + 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0, 0x4a, 0xa0, 0x48, 0x86, + 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, + 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, + 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x6f, 0x64, 0x61, + 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x69, + 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, + 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b, 0x30, 0x49, 0x30, 0x47, + 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, 0x6d, 0x01, 0x07, 0x17, + 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, + 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x30, + 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, + 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, + 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, + 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48, 0xdf, 0x60, 0x32, 0xcc, + 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5, 0x9c, 0x16, 0x58, 0x32, + 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32, 0x93, 0x6c, 0x45, 0xd6, + 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76, 0x99, 0x68, 0xcc, 0xe7, + 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x1c, 0x30, 0x1a, 0x82, + 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1e, 0x6a, 0xe7, + 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f, 0x99, 0xb4, 0x18, + 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37, 0xf4, 0x7d, 0xd5, + 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82, 0x56, 0xe3, 0x94, + 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01, 0x64, 0xd3, 0x7c, + 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01, 0x74, 0xe8, 0x35, + 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98, 0x95, 0x24, 0x9e, + 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56, 0x8d, 0x23, 0x9c, + 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8, 0xa0, 0xe9, 0x7d, + 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff, 0x9a, 0x01, 0x31, + 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d, 0xbb, 0xbb, 0xcd, + 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84, 0x71, 0x08, 0xd2, + 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8, 0x12, 0x6a, 0x6f, + 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9, 0xe0, 0xb5, 0xb3, + 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2, 0xca, 0x20, 0xd3, + 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, 0x93, 0x8c, 0x64, + 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, 0xd3, 0xc1, 0x50, + 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, 0x7a, 0x21, 0x87, + 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, 0xbe, 0xcd, 0x70, + 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, 0x01, 0x6f, 0x37, + 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, 0x35, 0x52, 0xdd, + 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, 0x3c, 0xd8, 0x48, + 0x8a}; + +// thawte.com 2008 Extended Validation cert. Lacks a SubjectAltName, but +// contains www.thawte.com in the Subject CN field. + +[[maybe_unused]] unsigned char thawte_der[] = { + 0x30, 0x82, 0x04, 0xa5, 0x30, 0x82, 0x03, 0x8d, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x10, 0x17, 0x76, 0x05, 0x88, 0x95, 0x58, 0xee, 0xbb, 0x00, + 0xda, 0x10, 0xe5, 0xf0, 0xf3, 0x9c, 0xf0, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, + 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, + 0x54, 0x65, 0x72, 0x6d, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, + 0x20, 0x61, 0x74, 0x20, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x20, 0x28, 0x63, 0x29, 0x30, 0x36, + 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x74, + 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, + 0x65, 0x64, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, + 0x30, 0x38, 0x31, 0x31, 0x31, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x5a, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x31, 0x31, 0x37, 0x32, 0x33, 0x35, + 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xc7, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x3c, 0x02, 0x01, 0x03, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0b, 0x2b, 0x06, + 0x01, 0x04, 0x01, 0x82, 0x37, 0x3c, 0x02, 0x01, 0x02, 0x14, 0x08, 0x44, + 0x65, 0x6c, 0x61, 0x77, 0x61, 0x72, 0x65, 0x31, 0x1b, 0x30, 0x19, 0x06, + 0x03, 0x55, 0x04, 0x0f, 0x13, 0x12, 0x56, 0x31, 0x2e, 0x30, 0x2c, 0x20, + 0x43, 0x6c, 0x61, 0x75, 0x73, 0x65, 0x20, 0x35, 0x2e, 0x28, 0x62, 0x29, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x14, 0x0a, 0x54, + 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13, 0x07, 0x33, 0x38, 0x39, 0x38, + 0x32, 0x36, 0x31, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, + 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x14, 0x0d, + 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, + 0x77, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x14, 0x0e, + 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe7, 0x89, 0x68, 0xb5, 0x6e, + 0x1d, 0x38, 0x19, 0xf6, 0x2d, 0x61, 0xc2, 0x00, 0xba, 0x6e, 0xab, 0x66, + 0x92, 0xd6, 0x85, 0x87, 0x2d, 0xd5, 0xa8, 0x58, 0xa9, 0x7a, 0x75, 0x27, + 0x9d, 0xed, 0x9e, 0xfe, 0x06, 0x71, 0x70, 0x2d, 0x21, 0x70, 0x4c, 0x3e, + 0x9c, 0xb6, 0xd5, 0x5d, 0x44, 0x92, 0xb4, 0xe0, 0xee, 0x7c, 0x0a, 0x50, + 0x4c, 0x0d, 0x67, 0x98, 0xaa, 0x01, 0x0e, 0x37, 0xa3, 0x2a, 0xef, 0xe6, + 0xe0, 0x11, 0x7b, 0xee, 0xb0, 0xa2, 0xb4, 0x32, 0x64, 0xa7, 0x0d, 0xda, + 0x6c, 0x15, 0xf8, 0xc5, 0xa5, 0x5a, 0x2c, 0xfc, 0xc9, 0xa6, 0x3c, 0x88, + 0x88, 0xbf, 0xdf, 0xa7, 0x38, 0xf0, 0x78, 0xed, 0x81, 0x93, 0x29, 0x0c, + 0xae, 0xc7, 0xab, 0x51, 0x21, 0x5e, 0xca, 0x95, 0xe5, 0x48, 0x52, 0x41, + 0xb6, 0x18, 0x60, 0x04, 0x19, 0x6f, 0x3d, 0x80, 0x14, 0xd3, 0xaf, 0x23, + 0x03, 0x10, 0x95, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x49, + 0x30, 0x82, 0x01, 0x45, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x39, 0x06, 0x03, 0x55, 0x1d, + 0x1f, 0x04, 0x32, 0x30, 0x30, 0x30, 0x2e, 0xa0, 0x2c, 0xa0, 0x2a, 0x86, + 0x28, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, + 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, + 0x68, 0x61, 0x77, 0x74, 0x65, 0x45, 0x56, 0x43, 0x41, 0x32, 0x30, 0x30, + 0x36, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, 0x20, + 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, + 0x86, 0xf8, 0x45, 0x01, 0x07, 0x30, 0x01, 0x30, 0x28, 0x30, 0x26, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, + 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, + 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, + 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xcd, 0x32, 0xe2, + 0xf2, 0x5d, 0x25, 0x47, 0x02, 0xaa, 0x8f, 0x79, 0x4b, 0x32, 0xee, 0x03, + 0x99, 0xfd, 0x30, 0x49, 0xd1, 0x30, 0x76, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x6a, 0x30, 0x68, 0x30, 0x22, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, + 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x42, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x36, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, + 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, + 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x54, 0x68, 0x61, 0x77, + 0x74, 0x65, 0x5f, 0x45, 0x56, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x30, + 0x36, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0xb2, 0xa0, 0x96, 0xdd, 0xec, 0x04, 0x38, 0x6b, 0xc3, 0x7a, 0xad, + 0x23, 0x44, 0x91, 0xe5, 0x62, 0x8c, 0xb1, 0xf6, 0x9c, 0x03, 0x21, 0x1f, + 0xef, 0x03, 0xd9, 0xca, 0x63, 0xb2, 0xf8, 0xdb, 0x5a, 0x93, 0xc2, 0xcc, + 0xf1, 0x7c, 0x6f, 0xeb, 0x0f, 0x51, 0x7b, 0x4b, 0xe7, 0xb5, 0xfc, 0xbc, + 0x9b, 0x87, 0x48, 0xcc, 0x5b, 0xf9, 0xc8, 0x66, 0xa4, 0x40, 0xac, 0xe9, + 0x42, 0x5d, 0xed, 0xf3, 0x53, 0x13, 0xe7, 0xbd, 0x6e, 0x7f, 0x50, 0x53, + 0x64, 0xb3, 0x95, 0xf1, 0x42, 0x4f, 0x36, 0x54, 0xb4, 0x1e, 0x7f, 0x18, + 0x37, 0x39, 0x3b, 0x06, 0x5b, 0xe5, 0x13, 0xd9, 0x57, 0xbc, 0xd5, 0x68, + 0xe3, 0x71, 0x5f, 0x5f, 0x2b, 0xf5, 0xa6, 0xc2, 0x8f, 0x67, 0x81, 0x3a, + 0x44, 0x63, 0x8c, 0x36, 0xfa, 0xa8, 0xed, 0xfd, 0xd7, 0x5e, 0xa2, 0x9f, + 0xb0, 0x9d, 0x47, 0x86, 0xfb, 0x71, 0x60, 0x8e, 0xc8, 0xd3, 0x45, 0x19, + 0xb7, 0xda, 0xcd, 0x9e, 0xea, 0x70, 0x10, 0x87, 0x37, 0x10, 0xdd, 0x2c, + 0x11, 0xdf, 0xee, 0x02, 0x21, 0xa6, 0x75, 0xe6, 0xd6, 0x9f, 0x54, 0x72, + 0x61, 0xe6, 0x5c, 0x1e, 0x6e, 0x16, 0xf6, 0x8e, 0xb8, 0xfc, 0x47, 0x80, + 0x05, 0x4b, 0xf7, 0x2d, 0x02, 0xee, 0x50, 0x26, 0xd1, 0x48, 0x01, 0x60, + 0xdc, 0x3c, 0xa7, 0xdb, 0xeb, 0xca, 0x8b, 0xa6, 0xff, 0x9e, 0x47, 0x5d, + 0x87, 0x40, 0xf8, 0xd2, 0x82, 0xd7, 0x13, 0x64, 0x0e, 0xd4, 0xb3, 0x29, + 0x22, 0xa7, 0xe0, 0xc8, 0xcd, 0x8c, 0x4d, 0xf5, 0x11, 0x21, 0x26, 0x02, + 0x43, 0x33, 0x8e, 0xa9, 0x3f, 0x91, 0xd4, 0x05, 0x97, 0xc9, 0xd3, 0x42, + 0x6b, 0x05, 0x99, 0xf6, 0x16, 0x71, 0x67, 0x65, 0xc7, 0x96, 0xdf, 0x2a, + 0xd7, 0x54, 0x63, 0x25, 0xc0, 0x28, 0xf7, 0x1c, 0xee, 0xcd, 0x8b, 0xe4, + 0x9d, 0x32, 0xa3, 0x81, 0x55}; + +// DER-encoded X.509 DistinguishedNames. +// +// To output the subject or issuer of a certificate: +// +// openssl asn1parse -i -inform DER -in +// +// The output will contain +// SEQUENCE [This is the issuer name] +// ... +// SEQUENCE [This is the validity period] +// UTCTIME (or GENERALTIME) +// UTCTIME +// SEQUENCE [This is the subject] +// ... +// +// The OFFSET is the first column before the column, e.g. for '21:d=2', the +// offset is 21 for the SEQUENCE you're interested in. +// The LENGTH is 'hl + l'. +// +// To generate the table, then use the following for a DER-encoded +// certificate: +// +// xxd -i -s $OFFSET -l $LENGTH +// +// For PEM certificates, convert them to DER before, as in: +// +// openssl x509 -inform PEM -outform DER -in | +// xxd -i -s $OFFSET -l $LENGTH +// + +// 0:d=0 hl=2 l= 95 cons: SEQUENCE +// 2:d=1 hl=2 l= 11 cons: SET +// 4:d=2 hl=2 l= 9 cons: SEQUENCE +// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US +// 15:d=1 hl=2 l= 23 cons: SET +// 17:d=2 hl=2 l= 21 cons: SEQUENCE +// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 24:d=3 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc. +// 40:d=1 hl=2 l= 55 cons: SET +// 42:d=2 hl=2 l= 53 cons: SEQUENCE +// 44:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 49:d=3 hl=2 l= 46 prim: PRINTABLESTRING : +// Class 1 Public Primary Certification Authority +[[maybe_unused]] const uint8_t VerisignDN[] = { + 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, + 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, + 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79}; + +// 0:d=0 hl=2 l= 125 cons: SEQUENCE +// 2:d=1 hl=2 l= 11 cons: SET +// 4:d=2 hl=2 l= 9 cons: SEQUENCE +// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :IL +// 15:d=1 hl=2 l= 22 cons: SET +// 17:d=2 hl=2 l= 20 cons: SEQUENCE +// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 24:d=3 hl=2 l= 13 prim: PRINTABLESTRING :StartCom Ltd. +// 39:d=1 hl=2 l= 43 cons: SET +// 41:d=2 hl=2 l= 41 cons: SEQUENCE +// 43:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 48:d=3 hl=2 l= 34 prim: PRINTABLESTRING : +// Secure Digital Certificate Signing +// 84:d=1 hl=2 l= 41 cons: SET +// 86:d=2 hl=2 l= 39 cons: SEQUENCE +// 88:d=3 hl=2 l= 3 prim: OBJECT :commonName +// 93:d=3 hl=2 l= 32 prim: PRINTABLESTRING : +// StartCom Certification Authority +[[maybe_unused]] const uint8_t StartComDN[] = { + 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, + 0x74, 0x64, 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x13, 0x22, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, + 0x69, 0x74, 0x61, 0x6c, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x53, + 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79}; + +// 0:d=0 hl=3 l= 174 cons: SEQUENCE +// 3:d=1 hl=2 l= 11 cons: SET +// 5:d=2 hl=2 l= 9 cons: SEQUENCE +// 7:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US +// 16:d=1 hl=2 l= 11 cons: SET +// 18:d=2 hl=2 l= 9 cons: SEQUENCE +// 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName +// 25:d=3 hl=2 l= 2 prim: PRINTABLESTRING :UT +// 29:d=1 hl=2 l= 23 cons: SET +// 31:d=2 hl=2 l= 21 cons: SEQUENCE +// 33:d=3 hl=2 l= 3 prim: OBJECT :localityName +// 38:d=3 hl=2 l= 14 prim: PRINTABLESTRING :Salt Lake City +// 54:d=1 hl=2 l= 30 cons: SET +// 56:d=2 hl=2 l= 28 cons: SEQUENCE +// 58:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 63:d=3 hl=2 l= 21 prim: PRINTABLESTRING :The USERTRUST Network +// 86:d=1 hl=2 l= 33 cons: SET +// 88:d=2 hl=2 l= 31 cons: SEQUENCE +// 90:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 95:d=3 hl=2 l= 24 prim: PRINTABLESTRING :http://www.usertrust.com +//121:d=1 hl=2 l= 54 cons: SET +//123:d=2 hl=2 l= 52 cons: SEQUENCE +//125:d=3 hl=2 l= 3 prim: OBJECT :commonName +//130:d=3 hl=2 l= 45 prim: PRINTABLESTRING : +// UTN-USERFirst-Client Authentication and Email +[[maybe_unused]] const uint8_t UserTrustDN[] = { + 0x30, 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, + 0x65, 0x20, 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, + 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, + 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, + 0x6d, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, + 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, + 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x41, 0x75, 0x74, + 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x61, 0x6e, 0x64, 0x20, 0x45, 0x6d, 0x61, 0x69, 0x6c}; + +// 0:d=0 hl=3 l= 190 cons: SEQUENCE +// 3:d=1 hl=2 l= 63 cons: SET +// 5:d=2 hl=2 l= 61 cons: SEQUENCE +// 7:d=3 hl=2 l= 3 prim: OBJECT :commonName +// 12:d=3 hl=2 l= 54 prim: UTF8STRING : +// TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +// 68:d=1 hl=2 l= 11 cons: SET +// 70:d=2 hl=2 l= 9 cons: SEQUENCE +// 72:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 77:d=3 hl=2 l= 2 prim: PRINTABLESTRING :TR +// 81:d=1 hl=2 l= 15 cons: SET +// 83:d=2 hl=2 l= 13 cons: SEQUENCE +// 85:d=3 hl=2 l= 3 prim: OBJECT :localityName +// 90:d=3 hl=2 l= 6 prim: UTF8STRING :Ankara +// 98:d=1 hl=2 l= 93 cons: SET +//100:d=2 hl=2 l= 91 cons: SEQUENCE +//102:d=3 hl=2 l= 3 prim: OBJECT :organizationName +//107:d=3 hl=2 l= 84 prim: UTF8STRING : +// TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. +// (c) Kasım 2005 +[[maybe_unused]] const uint8_t TurkTrustDN[] = { + 0x30, 0x81, 0xbe, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x36, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, + 0x20, 0x45, 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, 0x6e, 0x69, 0x6b, 0x20, + 0x53, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, + 0x7a, 0x6d, 0x65, 0x74, 0x20, 0x53, 0x61, 0xc4, 0x9f, 0x6c, 0x61, 0x79, + 0xc4, 0xb1, 0x63, 0xc4, 0xb1, 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x54, 0x52, 0x31, 0x0f, 0x30, + 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x06, 0x41, 0x6e, 0x6b, 0x61, + 0x72, 0x61, 0x31, 0x5d, 0x30, 0x5b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x54, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, + 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, 0xb0, 0x6c, 0x65, 0x74, 0x69, + 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, 0x69, + 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, 0xbc, 0x76, 0x65, 0x6e, 0x6c, + 0x69, 0xc4, 0x9f, 0x69, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, 0x6c, + 0x65, 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, 0x9e, 0x2e, 0x20, 0x28, 0x63, + 0x29, 0x20, 0x4b, 0x61, 0x73, 0xc4, 0xb1, 0x6d, 0x20, 0x32, 0x30, 0x30, + 0x35, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x35, 0x31, 0x31, 0x30, 0x37, 0x31, + 0x30, 0x30, 0x37, 0x35, 0x37}; + +// 33:d=2 hl=3 l= 207 cons: SEQUENCE +// 36:d=3 hl=2 l= 11 cons: SET +// 38:d=4 hl=2 l= 9 cons: SEQUENCE +// 40:d=5 hl=2 l= 3 prim: OBJECT :countryName +// 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AT +// 49:d=3 hl=3 l= 139 cons: SET +// 52:d=4 hl=3 l= 136 cons: SEQUENCE +// 55:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 60:d=5 hl=3 l= 128 prim: BMPSTRING : +// A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH +//191:d=3 hl=2 l= 24 cons: SET +//193:d=4 hl=2 l= 22 cons: SEQUENCE +//195:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +//200:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 +//217:d=3 hl=2 l= 24 cons: SET +//219:d=4 hl=2 l= 22 cons: SEQUENCE +//221:d=5 hl=2 l= 3 prim: OBJECT :commonName +//226:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 +[[maybe_unused]] const uint8_t ATrustQual01DN[] = { + 0x30, 0x81, 0xcf, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x41, 0x54, 0x31, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x1e, 0x81, 0x80, 0x00, 0x41, 0x00, 0x2d, 0x00, 0x54, + 0x00, 0x72, 0x00, 0x75, 0x00, 0x73, 0x00, 0x74, 0x00, 0x20, 0x00, 0x47, + 0x00, 0x65, 0x00, 0x73, 0x00, 0x2e, 0x00, 0x20, 0x00, 0x66, 0x00, 0xfc, + 0x00, 0x72, 0x00, 0x20, 0x00, 0x53, 0x00, 0x69, 0x00, 0x63, 0x00, 0x68, + 0x00, 0x65, 0x00, 0x72, 0x00, 0x68, 0x00, 0x65, 0x00, 0x69, 0x00, 0x74, + 0x00, 0x73, 0x00, 0x73, 0x00, 0x79, 0x00, 0x73, 0x00, 0x74, 0x00, 0x65, + 0x00, 0x6d, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6d, 0x00, 0x20, + 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x6b, 0x00, 0x74, 0x00, 0x72, + 0x00, 0x2e, 0x00, 0x20, 0x00, 0x44, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, + 0x00, 0x6e, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6b, 0x00, 0x65, + 0x00, 0x68, 0x00, 0x72, 0x00, 0x20, 0x00, 0x47, 0x00, 0x6d, 0x00, 0x62, + 0x00, 0x48, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x0f, 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, 0x75, 0x61, + 0x6c, 0x2d, 0x30, 0x31, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x0f, 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, + 0x75, 0x61, 0x6c, 0x2d, 0x30, 0x31, 0x30, 0x1e, 0x17}; + +// 34:d=2 hl=3 l= 180 cons: SEQUENCE +// 37:d=3 hl=2 l= 20 cons: SET +// 39:d=4 hl=2 l= 18 cons: SEQUENCE +// 41:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 46:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Entrust.net +// 59:d=3 hl=2 l= 64 cons: SET +// 61:d=4 hl=2 l= 62 cons: SEQUENCE +// 63:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 68:d=5 hl=2 l= 55 prim: T61STRING : +// www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) +//125:d=3 hl=2 l= 37 cons: SET +//127:d=4 hl=2 l= 35 cons: SEQUENCE +//129:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +//134:d=5 hl=2 l= 28 prim: PRINTABLESTRING : +// (c) 1999 Entrust.net Limited +//164:d=3 hl=2 l= 51 cons: SET +//166:d=4 hl=2 l= 49 cons: SEQUENCE +//168:d=5 hl=2 l= 3 prim: OBJECT :commonName +//173:d=5 hl=2 l= 42 prim: PRINTABLESTRING : +// Entrust.net Certification Authority (2048) +[[maybe_unused]] const uint8_t EntrustDN[] = { + 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, + 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, + 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, + 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, + 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, + 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, + 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, + 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, + 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, + 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, + 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, + 0x34, 0x38, 0x29}; + +// 46:d=2 hl=2 l= 76 cons: SEQUENCE +// 48:d=3 hl=2 l= 11 cons: SET +// 50:d=4 hl=2 l= 9 cons: SEQUENCE +// 52:d=5 hl=2 l= 3 prim: OBJECT :countryName +// 57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :ZA +// 61:d=3 hl=2 l= 37 cons: SET +// 63:d=4 hl=2 l= 35 cons: SEQUENCE +// 65:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 70:d=5 hl=2 l= 28 prim: PRINTABLESTRING : +// Thawte Consulting (Pty) Ltd. +// 100:d=3 hl=2 l= 22 cons: SET +// 102:d=4 hl=2 l= 20 cons: SEQUENCE +// 104:d=5 hl=2 l= 3 prim: OBJECT :commonName +// 109:d=5 hl=2 l= 13 prim: PRINTABLESTRING :Thawte SGC CA +[[maybe_unused]] const uint8_t ThawteDN[] = { + 0x30, 0x4C, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x5A, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x13, 0x1C, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6F, 0x6E, + 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, + 0x29, 0x20, 0x4C, 0x74, 0x64, 0x2E, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x0D, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, + 0x53, 0x47, 0x43, 0x20, 0x43, 0x41}; + +// 47:d=2 hl=2 l= 108 cons: SEQUENCE +// 49:d=3 hl=2 l= 11 cons: SET +// 51:d=4 hl=2 l= 9 cons: SEQUENCE +// 53:d=5 hl=2 l= 3 prim: OBJECT :countryName +// 58:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US +// 62:d=3 hl=2 l= 22 cons: SET +// 64:d=4 hl=2 l= 20 cons: SEQUENCE +// 66:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName +// 71:d=5 hl=2 l= 13 prim: PRINTABLESTRING :Massachusetts +// 86:d=3 hl=2 l= 46 cons: SET +// 88:d=4 hl=2 l= 44 cons: SEQUENCE +// 90:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 95:d=5 hl=2 l= 37 prim: PRINTABLESTRING : +// Massachusetts Institute of Technology +// 134:d=3 hl=2 l= 21 cons: SET +// 136:d=4 hl=2 l= 19 cons: SEQUENCE +// 138:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 143:d=5 hl=2 l= 12 prim: PRINTABLESTRING :Client CA v1 +[[maybe_unused]] const uint8_t MITDN[] = { + 0x30, 0x6C, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x13, 0x0D, 0x4D, 0x61, 0x73, 0x73, 0x61, 0x63, 0x68, + 0x75, 0x73, 0x65, 0x74, 0x74, 0x73, 0x31, 0x2E, 0x30, 0x2C, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x13, 0x25, 0x4D, 0x61, 0x73, 0x73, 0x61, + 0x63, 0x68, 0x75, 0x73, 0x65, 0x74, 0x74, 0x73, 0x20, 0x49, 0x6E, + 0x73, 0x74, 0x69, 0x74, 0x75, 0x74, 0x65, 0x20, 0x6F, 0x66, 0x20, + 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x79, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0C, 0x43, + 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x43, 0x41, 0x20, 0x76, 0x31}; + +} // namespace + +#endif // NET_TEST_TEST_CERTIFICATE_DATA_H_ diff --git a/pki/testdata/verify_certificate_chain_unittest/README b/pki/testdata/verify_certificate_chain_unittest/README new file mode 100644 index 0000000000..539c1c5403 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/README @@ -0,0 +1,87 @@ +This directory contains test data for verifying certificate chains. + +Tests are grouped into directories that contain the keys, python to generate +chains, and test expectations. "DIR" is used as a generic placeholder below to +identify such a directory. + +=============================== +DIR/generate-chains.py +=============================== + +Python script that generates one or more ".pem" file containing a sequence of +CERTIFICATE blocks. In most cases it will generate a single chain called +"chain.pem". + +=============================== +DIR/keys/*.key +=============================== + +The keys used (as well as generated) by the .py file generate-chains.py. The +private keys shouldn't be needed to run the tests, however are useful when +re-generating the test data to have stable results (at least for signature +types which are deterministic, like RSASSA PKCS#1 which is used by most of the +certificates data). + +=============================== +DIR/*.pem +=============================== + +A sequence of CERTIFICATE blocks that was created by the generate-chains.py +script. (Although in a few cases there are manually created .pem files that +lack a generator script). + +=============================== +DIR/*.test +=============================== + +A sequence of key-value pairs that identify the inputs to certificate +verification, as well as the expected outputs. The format is essentially a +newline separated sequence of key/value pairs: + +key: value\n + +All keys must be specified by tests, although they can be in any order. +The possible keys are: + + "chain" - The value is a file path (relative to the test file) to a .pem + containing the CERTIFICATE chain. + + "last_cert_trust" - The value identifies the trustedness of the last + certificate in the chain (i.e. whether it is a trust anchor or not). This + maps to the CertificateTrustType enum. Possible values are: + "TRUSTED_ANCHOR" + "TRUSTED_ANCHOR_WITH_EXPIRATION" + "TRUSTED_ANCHOR_WITH_CONSTRAINTS" + "UNSPECIFIED" + "DISTRUSTED" + + "utc_time" - A string encoding for the generalized time at which verification + should be done. Example "150302120000Z" + + "key_purpose" - The expected EKU to use when verifying. Maps to + KeyPurpose enum. Possible values are: + "ANY_EKU" + "SERVER_AUTH" + "CLIENT_AUTH" + + "errors" - This has special parsing rules: it is interpreted as the + final key in the file. All lines after "errors:\n" are read as being the + error string (this allows embedding newlines in it). + +Additionally, it is possible to add python-style comments by starting a line +with "#". + +=============================== +pkits_errors/*.txt +=============================== + +These files contain the expected errors for PKITS tests +(third_party/nist-pkits). The file name correspond so the PKITS tests number. +They are baselined specifically for VerifyCertificateChain(). + +=============================== +generate-all.sh +=============================== + +Runs all of the generate-chains.py scripts and cleans up the temp files +afterwards. diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/chain.pem b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/chain.pem new file mode 100644 index 0000000000..a541c36ac7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/chain.pem @@ -0,0 +1,366 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate sets pathlen=0, and is followed by +a self-issued intermediate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:c3:57:03:79:49:32:ce:56:f8:86:e8:81:fd:69:ad:fa:5f:fe:8d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:be:6c:86:21:26:6b:16:22:36:2b:5b:b1:d4:52: + 28:74:2d:76:f3:1b:3b:01:17:dd:e1:18:e3:02:06: + a7:88:93:ad:32:59:53:ff:5d:c5:cd:1a:78:70:fb: + 2e:d9:ba:f9:fa:75:53:fc:02:a8:3c:9b:e0:f4:50: + 00:4f:30:0b:b3:d6:04:6a:b6:ef:85:0b:42:35:29: + 77:fa:91:16:0e:ed:34:8a:f3:d2:5e:e9:66:66:57: + 9b:6f:71:30:16:88:18:7a:f3:fc:61:79:06:d5:e8: + b9:18:d6:b9:20:bf:b9:9a:dd:c5:de:64:7d:44:fd: + 3f:2a:a0:23:31:4d:a7:4c:42:65:ad:9b:38:b6:35: + 51:f7:4a:58:84:b3:92:cb:98:36:a3:92:0c:33:85: + 64:18:f2:06:c4:11:a6:12:a9:7c:da:ea:36:59:90: + 9c:87:a4:60:39:9d:29:e3:21:91:c4:ae:9a:f9:f2: + ec:ad:f8:44:55:5c:3a:21:52:81:58:a1:e0:3a:5b: + 9e:2d:61:62:7f:51:58:44:87:80:41:00:e9:6c:ed: + a7:ff:a0:7c:b4:17:33:7c:78:54:ca:92:81:d1:56: + 75:b1:3a:b7:27:6a:77:e8:0c:30:71:bd:db:b1:06: + 19:e9:d6:99:d6:41:d2:c6:90:3d:72:31:fc:e7:03: + 38:35 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BF:95:3A:85:28:C1:82:8F:C9:0C:81:29:EA:8A:F8:1E:73:80:F8:7F + X509v3 Authority Key Identifier: + keyid:0C:50:93:FA:6E:53:C4:76:18:87:E2:39:87:0B:AA:8E:31:01:3D:69 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 9c:55:d5:9d:57:7c:98:5c:81:7d:0d:c6:8a:93:d7:86:87:a3: + 4a:d1:e8:51:05:b7:3f:b3:47:67:ed:75:01:93:13:db:a7:84: + d4:86:9f:5d:66:c0:b4:cc:65:8f:a0:b3:88:2c:6b:20:c4:55: + 81:3a:33:0c:cd:cc:6a:43:a0:e3:3f:98:f5:c0:73:f9:91:2d: + 7d:2c:58:9c:49:1f:b8:8f:b9:68:ef:18:eb:a7:43:84:c7:fd: + a8:bd:bc:cd:9c:64:dd:1b:c8:4e:b6:ab:29:64:fb:fb:93:f5: + 03:e1:67:fe:94:85:25:7a:92:de:a6:fb:b2:e5:8e:56:25:c0: + bb:0c:13:e6:f3:ae:83:ff:19:3a:e5:11:47:53:c5:8c:d8:3f: + 29:71:f8:82:a7:62:6a:e4:f3:82:6f:ae:19:d7:1e:3b:29:45: + 4f:54:9a:8e:cf:1b:1d:72:3c:f0:68:4c:d5:ae:ca:f2:34:22: + 6b:1a:30:56:76:15:2d:79:10:33:28:05:9e:4a:a3:02:fe:f0: + cd:cb:27:4c:63:26:e2:8c:4d:de:f2:cc:af:39:df:82:c8:51: + 9b:58:c5:15:37:03:c4:5c:86:a2:7c:43:8a:90:b5:19:f1:3b: + 0e:09:53:99:5d:d4:61:9d:79:8e:a1:f9:b2:8c:f5:d0:59:4e: + 0e:a0:15:40 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUV8NXA3lJMs5W+Ibogf1prfpf/o0wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvmyGISZrFiI2K1ux1FIodC128xs7ARfd4RjjAganiJOt +MllT/13FzRp4cPsu2br5+nVT/AKoPJvg9FAATzALs9YEarbvhQtCNSl3+pEWDu00 +ivPSXulmZlebb3EwFogYevP8YXkG1ei5GNa5IL+5mt3F3mR9RP0/KqAjMU2nTEJl +rZs4tjVR90pYhLOSy5g2o5IMM4VkGPIGxBGmEql82uo2WZCch6RgOZ0p4yGRxK6a ++fLsrfhEVVw6IVKBWKHgOlueLWFif1FYRIeAQQDpbO2n/6B8tBczfHhUypKB0VZ1 +sTq3J2p36Awwcb3bsQYZ6daZ1kHSxpA9cjH85wM4NQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBS/lTqFKMGCj8kMgSnqivgec4D4fzAfBgNVHSMEGDAWgBQMUJP6blPEdhiH +4jmHC6qOMQE9aTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAJxV1Z1XfJhcgX0NxoqT14aHo0rR6FEFtz+zR2ftdQGTE9unhNSGn11mwLTM +ZY+gs4gsayDEVYE6MwzNzGpDoOM/mPXAc/mRLX0sWJxJH7iPuWjvGOunQ4TH/ai9 +vM2cZN0byE62qylk+/uT9QPhZ/6UhSV6kt6m+7LljlYlwLsME+bzroP/GTrlEUdT +xYzYPylx+IKnYmrk84JvrhnXHjspRU9Umo7PGx1yPPBoTNWuyvI0ImsaMFZ2FS15 +EDMoBZ5KowL+8M3LJ0xjJuKMTd7yzK8534LIUZtYxRU3A8RchqJ8Q4qQtRnxOw4J +U5ld1GGdeY6h+bKM9dBZTg6gFUA= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:c3:57:03:79:49:32:ce:56:f8:86:e8:81:fd:69:ad:fa:5f:fe:8c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:cd:84:14:6c:0b:68:76:9e:7d:d5:f7:55:ac: + 5a:2b:6d:71:ad:aa:34:2a:dc:b4:b0:c2:37:23:5b: + 05:01:08:b6:9b:fb:97:ce:3c:eb:fe:2f:b2:5e:6b: + 07:bb:5f:29:fb:b1:25:55:5c:dd:9f:de:89:bd:29: + 37:e8:a7:8a:99:c3:50:82:32:10:bb:2d:19:bc:a8: + 47:21:3d:0a:66:b6:8d:ab:42:3a:94:50:7f:c3:19: + 7f:ea:28:89:c2:9d:a8:87:d5:1b:42:63:9a:9f:9e: + 06:72:41:ee:64:ee:ac:1e:21:f6:3e:3d:e5:f6:d1: + 04:dd:7e:61:cb:e5:65:99:c1:49:97:13:c4:11:96: + 3b:62:f0:46:ad:20:5d:52:5c:16:d6:59:29:e2:9e: + 91:15:f1:23:0d:fb:3c:86:90:50:05:2d:63:81:cc: + 39:25:62:cc:00:18:b4:0e:1a:a0:d8:ca:4b:e0:b6: + ea:33:83:8a:2e:ab:6c:6f:41:9e:ec:43:92:d1:83: + b6:d0:45:e7:a8:8d:28:6b:a4:b5:f7:53:8b:8a:dc: + 3e:b0:df:9f:d4:70:4e:c2:2c:1a:a5:4d:6c:5d:2e: + 94:35:84:b9:5d:e9:df:22:fd:55:6e:05:ff:eb:b6: + 10:0c:28:a3:5b:49:c1:98:63:8f:5d:fa:83:4e:11: + cd:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 0C:50:93:FA:6E:53:C4:76:18:87:E2:39:87:0B:AA:8E:31:01:3D:69 + X509v3 Authority Key Identifier: + keyid:4E:47:5F:93:57:FE:5F:F3:92:73:A6:6A:55:7C:1A:FB:F9:16:85:36 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + Signature Algorithm: sha256WithRSAEncryption + 82:27:3f:71:ed:f7:ca:7d:61:8f:ab:fc:5e:69:b4:c5:3c:d4: + fd:b0:c3:07:d3:31:57:37:de:f6:d7:8b:96:fa:43:af:53:ac: + 93:08:58:47:ad:b1:0e:ab:6b:ba:43:b3:30:41:09:bc:e1:32: + ee:dd:d1:5c:2c:2c:d8:60:98:d6:97:e9:e4:af:e1:4e:61:1f: + 64:e7:2a:7d:77:6f:ee:5f:e1:29:99:aa:06:fe:ba:d9:56:16: + ab:5d:94:53:54:15:6e:fa:aa:fd:d7:d7:89:cf:cb:cf:7d:ae: + 0b:b7:35:56:b8:84:7b:69:ad:97:43:08:db:ab:5a:dc:76:19: + 63:79:91:d4:0a:8f:10:15:19:06:e8:7a:9b:1d:f2:5b:56:d2: + 36:76:25:78:c8:8f:5d:17:24:ce:59:2a:fc:49:8b:b8:d2:97: + c9:57:2d:7b:bd:d6:94:a7:70:81:ef:07:55:65:a0:ee:4c:78: + c8:52:f6:d9:e5:f1:13:15:7b:79:d0:ba:a2:d2:da:e2:ec:3f: + e8:3a:0a:d8:8d:5c:b9:c5:bf:6e:98:c3:90:42:ca:2f:64:15: + 19:7d:21:b3:79:0f:ee:22:ec:2c:50:25:2b:b5:cc:4b:36:94: + 42:c8:cc:b6:6c:b2:2e:ab:be:7c:55:b1:8b:cb:37:26:88:60: + 34:b4:30:0d +-----BEGIN CERTIFICATE----- +MIIDmzCCAoOgAwIBAgIUV8NXA3lJMs5W+Ibogf1prfpf/owwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu82EFGwLaHaefdX3VaxaK21xrao0Kty0sMI3 +I1sFAQi2m/uXzjzr/i+yXmsHu18p+7ElVVzdn96JvSk36KeKmcNQgjIQuy0ZvKhH +IT0KZraNq0I6lFB/wxl/6iiJwp2oh9UbQmOan54GckHuZO6sHiH2Pj3l9tEE3X5h +y+VlmcFJlxPEEZY7YvBGrSBdUlwW1lkp4p6RFfEjDfs8hpBQBS1jgcw5JWLMABi0 +Dhqg2MpL4LbqM4OKLqtsb0Ge7EOS0YO20EXnqI0oa6S191OLitw+sN+f1HBOwiwa +pU1sXS6UNYS5XenfIv1VbgX/67YQDCijW0nBmGOPXfqDThHNEwIDAQABo4HeMIHb +MB0GA1UdDgQWBBQMUJP6blPEdhiH4jmHC6qOMQE9aTAfBgNVHSMEGDAWgBROR1+T +V/5f85JzpmpVfBr7+RaFNjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0 +dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB +/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQCC +Jz9x7ffKfWGPq/xeabTFPNT9sMMH0zFXN97214uW+kOvU6yTCFhHrbEOq2u6Q7Mw +QQm84TLu3dFcLCzYYJjWl+nkr+FOYR9k5yp9d2/uX+EpmaoG/rrZVharXZRTVBVu ++qr919eJz8vPfa4LtzVWuIR7aa2XQwjbq1rcdhljeZHUCo8QFRkG6HqbHfJbVtI2 +diV4yI9dFyTOWSr8SYu40pfJVy17vdaUp3CB7wdVZaDuTHjIUvbZ5fETFXt50Lqi +0tri7D/oOgrYjVy5xb9umMOQQsovZBUZfSGzeQ/uIuwsUCUrtcxLNpRCyMy2bLIu +q758VbGLyzcmiGA0tDAN +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:35:95:e6:ac:68:24:65:1f:52:3f:6e:18:3b:86:7c:da:73:de:30 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cf:6c:3c:e9:bb:09:74:83:4d:d6:c8:58:96:d9: + 3b:ee:6d:f2:fd:9e:11:e5:80:e5:35:50:51:70:0d: + 95:a9:f9:0e:96:df:33:db:94:6f:a3:7d:2a:80:d2: + a4:3b:fa:34:e0:bd:44:e5:07:a6:09:02:40:3b:6f: + 11:a7:54:88:0f:22:09:58:27:97:4a:7f:55:e3:03: + 5c:c2:13:fb:62:4b:0b:b0:fb:5b:20:c1:57:fc:a4: + 32:4d:97:71:f7:5c:f1:63:6c:21:7b:a8:6e:ce:9f: + e5:50:66:40:b1:e9:23:df:52:b4:b6:de:aa:99:75: + f0:d2:ec:26:60:37:89:c9:a2:dc:b0:f5:33:e9:0e: + 0f:0e:bd:f3:72:65:1e:4f:9c:c6:1b:32:34:98:de: + 04:c0:dd:28:24:ec:f7:dc:e5:54:7a:a5:1a:b0:1a: + 31:96:d3:43:f0:df:4b:52:41:9c:8e:34:22:50:fc: + 44:bb:a5:fb:c0:c5:59:8a:bb:32:42:29:fc:73:cb: + a1:85:54:7f:5a:db:bd:ec:0d:99:76:c0:c5:72:9f: + 0d:28:e9:ca:65:9f:a1:69:b6:07:20:01:64:c7:03: + 0f:ff:ab:a1:f1:df:5b:a4:da:7e:e5:79:68:19:a2: + 63:e0:87:37:05:5d:f7:88:5d:11:c6:1d:d8:18:0a: + 0c:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4E:47:5F:93:57:FE:5F:F3:92:73:A6:6A:55:7C:1A:FB:F9:16:85:36 + X509v3 Authority Key Identifier: + keyid:A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + Signature Algorithm: sha256WithRSAEncryption + 8d:b7:ee:8c:7d:30:ae:33:67:92:b4:d8:cd:32:d7:9e:45:fb: + cc:b3:fa:ae:ad:19:d0:ad:96:be:6c:be:1d:91:11:e2:b1:f4: + a7:76:56:52:23:5e:93:dd:ec:a5:fa:72:05:7c:f9:a2:8b:aa: + 66:c4:c5:e3:6f:0b:fe:6d:40:8e:01:ba:64:30:2f:6f:1b:7b: + 78:1d:c0:08:a2:e3:6d:03:d7:f8:53:80:e3:7d:62:27:0a:5b: + d2:59:bb:e7:93:41:62:ce:d3:85:0c:46:88:01:98:1f:2f:57: + 31:2b:aa:b5:63:64:37:40:d6:10:06:62:cc:e1:8b:f5:b3:28: + 0f:80:2f:7f:5f:cd:89:f9:b1:3e:c9:cf:91:45:e7:9d:4a:fc: + e2:b7:1c:61:42:75:ce:3a:cf:57:d3:e4:ed:c9:40:79:4a:9d: + 70:98:4c:b5:77:1a:26:de:32:88:0f:f5:9f:1e:96:24:b4:b1: + 2d:f5:52:16:35:49:20:77:c1:6d:05:ee:c4:c4:c5:81:dc:c0: + 34:d8:95:17:79:51:ef:1b:f9:e3:1c:36:db:b7:cf:ea:f3:a8: + 25:69:74:06:e4:76:e2:11:46:65:ca:d3:13:c6:3c:49:a5:e1: + d1:43:72:a6:d7:a0:fb:dd:a8:7e:3a:01:c9:ae:5a:cd:ef:d6: + 70:a0:6e:70 +-----BEGIN CERTIFICATE----- +MIIDgzCCAmugAwIBAgIUODWV5qxoJGUfUj9uGDuGfNpz3jAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAM9sPOm7CXSDTdbIWJbZO+5t8v2eEeWA5TVQUXANlan5Dpbf +M9uUb6N9KoDSpDv6NOC9ROUHpgkCQDtvEadUiA8iCVgnl0p/VeMDXMIT+2JLC7D7 +WyDBV/ykMk2Xcfdc8WNsIXuobs6f5VBmQLHpI99StLbeqpl18NLsJmA3icmi3LD1 +M+kODw6983JlHk+cxhsyNJjeBMDdKCTs99zlVHqlGrAaMZbTQ/DfS1JBnI40IlD8 +RLul+8DFWYq7MkIp/HPLoYVUf1rbvewNmXbAxXKfDSjpymWfoWm2ByABZMcDD/+r +ofHfW6TafuV5aBmiY+CHNwVd94hdEcYd2BgKDCMCAwEAAaOBzjCByzAdBgNVHQ4E +FgQUTkdfk1f+X/OSc6ZqVXwa+/kWhTYwHwYDVR0jBBgwFoAUoNShvEstPoPXDQzi +vuY6xUBNTtwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQCNt+6MfTCuM2eStNjNMteeRfvMs/qurRnQ +rZa+bL4dkRHisfSndlZSI16T3eyl+nIFfPmii6pmxMXjbwv+bUCOAbpkMC9vG3t4 +HcAIouNtA9f4U4DjfWInClvSWbvnk0FiztOFDEaIAZgfL1cxK6q1Y2Q3QNYQBmLM +4Yv1sygPgC9/X82J+bE+yc+RReedSvzitxxhQnXOOs9X0+TtyUB5Sp1wmEy1dxom +3jKID/WfHpYktLEt9VIWNUkgd8FtBe7ExMWB3MA02JUXeVHvG/njHDbbt8/q86gl +aXQG5HbiEUZlytMTxjxJpeHRQ3Km16D73ah+OgHJrlrN79ZwoG5w +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:35:95:e6:ac:68:24:65:1f:52:3f:6e:18:3b:86:7c:da:73:de:2f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:de:61:1e:7e:20:61:c0:eb:1c:13:ee:75:3c:36: + f0:5d:4b:ef:d2:83:20:1b:d5:bb:6e:70:cf:2f:4a: + 4e:13:b1:a7:66:9c:19:fe:7f:5c:69:85:0a:64:3e: + 05:4e:a3:71:bf:70:70:9a:dd:45:18:14:9b:b6:40: + 39:75:24:67:c3:bf:18:60:be:c9:b4:07:a9:81:f7: + 1b:d9:4c:96:66:eb:dc:ef:7b:fd:c5:27:68:fd:9b: + 94:7e:52:ac:ac:4e:65:60:7b:12:d4:6a:de:0f:81: + cc:3c:cd:cf:39:f5:f5:28:9f:e1:ee:65:02:66:f8: + 0d:df:b0:20:45:03:13:16:d2:c7:f2:f7:c9:c7:c9: + 0d:03:d0:ec:5c:79:a4:54:99:e5:62:52:6c:aa:83: + df:42:d5:f7:83:29:ce:90:32:06:71:80:78:e1:fb: + a6:d4:25:02:c5:b1:bd:43:68:fa:8d:c6:cc:10:18: + 02:58:3d:32:df:65:a8:47:75:cb:88:0e:fa:0e:33: + 60:bd:d1:fe:0c:e4:29:60:f3:28:fb:91:45:f3:ba: + b7:fc:ec:63:ba:b9:2d:4e:fc:95:8e:3d:fb:9d:87: + dd:0b:5c:ff:a8:75:3d:66:2c:cd:ec:4a:fd:c8:24: + 4b:0f:a9:0d:aa:81:69:56:00:c4:ef:97:e1:7d:38: + 6f:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC + X509v3 Authority Key Identifier: + keyid:A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 52:9f:87:f1:5d:10:cb:b1:55:03:b6:91:dc:36:92:a1:c0:74: + 7b:3d:4a:fc:6a:59:ca:b9:80:02:05:3d:4c:bb:f1:89:22:2a: + 1d:76:f5:ab:b4:73:de:fb:ff:52:1b:ed:c6:e5:86:9b:b6:21: + 85:0f:d0:0e:d9:1b:55:59:fb:ea:cc:e3:c4:a7:98:84:2d:1b: + 94:c6:01:2e:54:55:5e:27:ed:9e:6a:63:0e:50:b4:4e:6a:f8: + 84:5b:62:ed:a3:4c:a8:78:a3:59:d0:32:ac:47:c5:c1:2b:8f: + 3d:1e:93:05:31:e3:12:ce:97:53:18:47:00:de:fc:0e:2b:47: + 77:b7:19:8e:f9:5d:f0:99:a0:fc:f5:63:7f:2c:ae:60:21:09: + 50:1c:1f:c5:e3:32:18:70:f7:a0:fe:14:10:de:0a:72:8a:e9: + 5e:4e:45:74:dc:11:30:74:6a:88:f2:85:96:d3:f1:25:14:66: + 36:fa:97:06:8a:06:07:e8:4c:7f:22:e0:87:4f:d3:1b:39:29: + 74:11:a4:d0:21:e1:0d:38:14:c9:78:12:41:d4:01:8c:ea:e6: + f6:cf:ac:13:2e:53:5d:a3:62:43:69:07:08:e4:cf:0a:4f:e0: + 98:52:82:35:2a:16:c8:c9:5c:09:f7:ff:bc:f1:4d:89:42:ba: + 43:8b:29:81 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUODWV5qxoJGUfUj9uGDuGfNpz3i8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDeYR5+IGHA6xwT7nU8NvBdS+/SgyAb1btucM8vSk4TsadmnBn+f1xphQpk +PgVOo3G/cHCa3UUYFJu2QDl1JGfDvxhgvsm0B6mB9xvZTJZm69zve/3FJ2j9m5R+ +UqysTmVgexLUat4Pgcw8zc859fUon+HuZQJm+A3fsCBFAxMW0sfy98nHyQ0D0Oxc +eaRUmeViUmyqg99C1feDKc6QMgZxgHjh+6bUJQLFsb1DaPqNxswQGAJYPTLfZahH +dcuIDvoOM2C90f4M5Clg8yj7kUXzurf87GO6uS1O/JWOPfudh90LXP+odT1mLM3s +Sv3IJEsPqQ2qgWlWAMTvl+F9OG+1AgMBAAGjgcswgcgwHQYDVR0OBBYEFKDUobxL +LT6D1w0M4r7mOsVATU7cMB8GA1UdIwQYMBaAFKDUobxLLT6D1w0M4r7mOsVATU7c +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAUp+H8V0Qy7FVA7aR3DaSocB0ez1K/GpZyrmAAgU9TLvxiSIq +HXb1q7Rz3vv/UhvtxuWGm7YhhQ/QDtkbVVn76szjxKeYhC0blMYBLlRVXiftnmpj +DlC0Tmr4hFti7aNMqHijWdAyrEfFwSuPPR6TBTHjEs6XUxhHAN78DitHd7cZjvld +8Jmg/PVjfyyuYCEJUBwfxeMyGHD3oP4UEN4KcorpXk5FdNwRMHRqiPKFltPxJRRm +NvqXBooGB+hMfyLgh0/TGzkpdBGk0CHhDTgUyXgSQdQBjOrm9s+sEy5TXaNiQ2kH +COTPCk/gmFKCNSoWyMlcCff/vPFNiUK6Q4spgQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/generate-chains.py new file mode 100755 index 0000000000..f0cd0d87ff --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/generate-chains.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate sets pathlen=0, and is followed by +a self-issued intermediate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate with pathlen 0 +intermediate1 = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate1.get_extensions().set_property('basicConstraints', + 'critical,CA:true,pathlen:0') + +# Another intermediate (with the same pathlen restriction). +# Note that this is self-issued but NOT self-signed. +intermediate2 = gencerts.create_intermediate_certificate('Intermediate', + intermediate1) +intermediate2.get_extensions().set_property('basicConstraints', + 'critical,CA:true,pathlen:0') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate2) + +chain = [target, intermediate2, intermediate1, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate.key new file mode 100644 index 0000000000..485fb15bb5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAz2w86bsJdINN1shYltk77m3y/Z4R5YDlNVBRcA2VqfkOlt8z +25Rvo30qgNKkO/o04L1E5QemCQJAO28Rp1SIDyIJWCeXSn9V4wNcwhP7YksLsPtb +IMFX/KQyTZdx91zxY2whe6huzp/lUGZAsekj31K0tt6qmXXw0uwmYDeJyaLcsPUz +6Q4PDr3zcmUeT5zGGzI0mN4EwN0oJOz33OVUeqUasBoxltND8N9LUkGcjjQiUPxE +u6X7wMVZirsyQin8c8uhhVR/Wtu97A2ZdsDFcp8NKOnKZZ+habYHIAFkxwMP/6uh +8d9bpNp+5XloGaJj4Ic3BV33iF0Rxh3YGAoMIwIDAQABAoIBABZ6RkeV6zpjGEZU +Q7VlKSd3ZsOxI4NZan1SjOC1uChJQxl6aqY6+bYf1EFNklqljKFmIVcocwe65LcM +HD+j23K4X4bcE3sRPX9yV9T4UV+ffk7ZjlCIYz6PlJvv83u46Le7eg1qfUeK8FC8 +I/qjpy2GSuseSiKDM2vIB4iZvCbLe2dfuwJDAQJKImQw3kj3DkCuFa4svC5Z2BAK +v/1VFd4icgpbeT1mlQtsHK1nVUdCAErK1rc9TtcZOFtDiioOv9BUGLqI7+QyJJbW +mDMrWTvq9MBTfrLm5NlMVeyBD3iBHm7OuxgHzjlwopTBFaFNF7lRUPbs0O6R6mAS +wSpIFSECgYEA6p1o7GgmzQkdvyBNjgBtVE7mMJ722j8JFdW8eBAeBX/QXJpW9QsF +0Tl1QcoGMcyGrLQ8D6hu2xfK09jo0xDyG7T9JNS0jZNa/D2Q8bvFz2rk7lk5AigN ++x/wKBR815Rz8BKvYYufgE90l1T6hLzrvLr9KplCzx/Bj8eKmrFGyBsCgYEA4lRR +cCn1oWz3DRc4Id6sQ72T82K114/QPFfiIjiXCRQNVCcCnsbHzxEOMB544yEnYkNQ +xS9UnEipOMEuYd/LBef5fPSetBl4gn5JXC+kXROdjDOHlJuqBpi+VGGPgrAM9tXy +KYTIwEEJeztLZnv5u+T6pYmr/x8v1v3ito0knJkCgYBlF6SRUSN+77GonDOuv1Jc +pI6dXrHBQq4YgXtvRIqbFgLjFAHqHnDIQXjb+0AGDznsitDiclIqB6t28x0HbWLV +O3xkdV7DLj5jN+gPsTg/8rBoX3uoCThU/+MMch+FCMuYI4T8hBwbPqFfX9d+gKUX +Mn9J7rYR534RBQsdMsvsBwKBgAvF2QqdlCJWea9botbYL1vCs7x4SP8yguFwrNmc +2fZl7Z+P++noayJRP8yu+RjPc63/1Ga9ZIhQm0TRf6klq/jdrTObwdmabZNUIFrE +O6d/yrUtRQMs6bY4IcZf4MgqgjIgxNz2BD9D4stfNTfagQ4OBh+wPpshsypawH1A +cEQZAoGAL/XciLPh4VG14rE+vXEGw5Ua55DaypKWo+yfIUP6j6Q7Fjpn+scO8ZVQ +xHkr8FJTKxeqGH0tHz/PLernAaXo+vDGnpGZsb1UegjaCmM2/RpWxXsU6ihrJ31J +wo0G8tMaNNfiX2rxDdGnHoTk7RpMV6AFBlIQEntPYsA/5FC1oug= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate_1.key b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate_1.key new file mode 100644 index 0000000000..f0b56fdd41 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu82EFGwLaHaefdX3VaxaK21xrao0Kty0sMI3I1sFAQi2m/uX +zjzr/i+yXmsHu18p+7ElVVzdn96JvSk36KeKmcNQgjIQuy0ZvKhHIT0KZraNq0I6 +lFB/wxl/6iiJwp2oh9UbQmOan54GckHuZO6sHiH2Pj3l9tEE3X5hy+VlmcFJlxPE +EZY7YvBGrSBdUlwW1lkp4p6RFfEjDfs8hpBQBS1jgcw5JWLMABi0Dhqg2MpL4Lbq +M4OKLqtsb0Ge7EOS0YO20EXnqI0oa6S191OLitw+sN+f1HBOwiwapU1sXS6UNYS5 +XenfIv1VbgX/67YQDCijW0nBmGOPXfqDThHNEwIDAQABAoIBACVV/U0mEbqJ4oZ3 +1D0nD6IUlwYEkWx4BkAhzF5uCPekqNEn2o041V3qU5arxpS8nZcZJ6fp13GiB1Yg +7KmHLWnWR5oqo+LiW3yDI+j6vqee4VlLyGOWAWBjIGgH+SNEvq2Kc2nmbWYQP43V +h7RvMq6m59KF8cL42PPD3WNwzpsbVz5KplWCJwXOPGo+S5QxmJCaOn03n3al89Pe +oRep1XjBuVyp9Q5Xzytt6VFhQol7RXeYYDnyTIz5cJlbXaqK3qryRxeZXztGlvO9 +f215fYXweIqt+AHY/x4ubvmlkG25Lxjr8YXE8aBbi99QBiuG/Kf66nkWBj59j/8b +qo0LJLECgYEA+co7QHk9CS9gSRar236mm6aaQQcmjd2pbuSXZpakobBuuadlVqPK +nMJZWRIteFMYV6IKNt/IqsKHj1NnsRWSTkWDOfZjTwtyPzMhCd7wx0NuIqjYnIy8 +gaHhYy1T3vb9I6MyB3FPYELSje1NsGlm+xUBAvbqH3FuReYBCMVAuxkCgYEAwHjF +o6N/y3/pTudBXZrw5yanDfbqX3vX0OQoz/pa/KhsfcEbqAG+llUCesUEZ3EWb/lR +jgIemUCZaMYvQw5Oh7B4deXhmO9bbqCfbqevCsn5ho/8HTM1e12Ge/izdvmBX43N +lmcBHKCZ0/Z0psHPSNuTpRuQ8dEPDmRkQVLjOwsCgYEA3UjEmOdOpPZtbBJDiR13 +52f+OyFkjEUUNoMXhPBrRDoSvTGIWuqbMagSkw/BbFjgtbF9LwOst2nBwbz3nS8o +/2IhUJXvgDT5rvdSi3YPA9e+l8HQs08SKB0KmFutc1aHBq0qQuGkmfhYoxbYvjGB +42jGDqRC4DwSnqWVwPlN0PECgYB+KGt7mDay37PAmUo6Hc4b5TUIrTjwv081x+eM +c1BiXc9HGmWTWRlglnYanLsHRpPrb2Nqjq8ZysMDbywZau5EeIJs3PJjeTjYKYZ3 +VIgirULWVdhuF1vN8f6tkdWofWC0jlEcbYXICujpi5jomQ7SdcKwLYJzTpHs4Bbq +znbNAwKBgQDTNFEkbUlnGuEkO/VxdKo58CoKpsKwvCniNgI4lbog8+7h4fDX17r1 +NcLlBjIG9+1sg6l3cyqC/jAcoF5EMsASaPN4UFrClZXBJFtspzZGNZdIZAqYWd72 +Gexr/WBe/pOoYNkJXyLyu6dBEzSk89jXDQOq/dGbb7ePM/9aJgGoZA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Root.key new file mode 100644 index 0000000000..e67b78799d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3mEefiBhwOscE+51PDbwXUvv0oMgG9W7bnDPL0pOE7GnZpwZ +/n9caYUKZD4FTqNxv3Bwmt1FGBSbtkA5dSRnw78YYL7JtAepgfcb2UyWZuvc73v9 +xSdo/ZuUflKsrE5lYHsS1GreD4HMPM3POfX1KJ/h7mUCZvgN37AgRQMTFtLH8vfJ +x8kNA9DsXHmkVJnlYlJsqoPfQtX3gynOkDIGcYB44fum1CUCxbG9Q2j6jcbMEBgC +WD0y32WoR3XLiA76DjNgvdH+DOQpYPMo+5FF87q3/OxjurktTvyVjj37nYfdC1z/ +qHU9ZizN7Er9yCRLD6kNqoFpVgDE75fhfThvtQIDAQABAoIBAQCeFdJ0fRag60JJ +lQH4bWHQIRR6xUaFIxqcN0vB5YO9klRbqGr+NZH/XVl2y3RAZAaPviH+pX/hz3ym +Qd/Wu6ucRvPQirCe77d7saw1fLGKtu+Xu8A6cHq9luUoLCOeVhjRToyjPtlfkrkb +HH/NR2EhoQ8exuW/R2Wtd+poxPfEB35iTTMDmVcpx7pC+NZFSmNnJYW6//EmBZmd +sKhker3RQxj5MXOJ13QoSsBvO8Izk3EIRvr5a6x+GSduu5uQfLEC9i9p1xHbfvYd +QCaaylZcBTEkcx22AOhZBG+NOst0zuOWrcALNGSYpGSJLWm3EWojvX5cWknKZ5WO +ey0OOjohAoGBAPHyLZ0/q09bkemwrd3GOup7LY1wzzTsV1AnShE/Ah3r0Ug5A3qR +AvrYYoLofhM/NCtRgML5AwRJC0QXtPsdMV+AiIkGXyCuqQMHF5baKwIu4gVLapgM +Gj/v/M6piHbcBgMOJneYDHda0m6Lk7PEgBcNp5Q957RnUwgHB7cUGlu9AoGBAOtL ++mrF6M9nqmhALbsritd8UDoijsQ61yq734e/O2FCvxXdkcLdHYwTAp1YWbXiYu3f +M+Yr9lDBb0p3OX7/5VOmTiMGBFv410WaxytRBKtxqCIxCSkdtPy2kP9YC1P5hoJM +jSo77+jnToqJaqtdL1fEfMGk3TzgeO663/btU+dZAoGBAIjcRZE+AtnRIqjemHtr +NsiNBSeNOKjnSDy+/NbknX3vd2MzXRRoExdyb8c9XJPmnMwkPoIL+fjimMzb3DRw +Pw2W16UrRYRnSJO930ol/04s1w3Hq3R25CJmzsrYe6lArOXtizT7fZHGfmKp8dMu +xIZF4xWoLvmNuRpBX8vgQ0jBAoGBAKqvmf+cg474/3fSnpn5MyWwCy6w5OnaWT2p +vbRmd7fNSHqfGV7HMejr3Wiwr5sul19BHA/rcioQuB/HrxC+pufwaxwjAESLlfXr +GnIEuqN3tmTfN2r5HtJ3yWVBxC3tg7K/v2OUySslqCb9GkEnPvGnGm0KoGbJ21Aq +hc9FSCk5AoGAZ+x/GCqAq6dt3WYMrqcA5IozcGDZnh2raNEY8MnX0DyUBlZk/oR/ +VorR3/TLkpOvKjDW2B9A3+VVxeL5HEoFfp4raUyzi8pWPcwMdDRvcegPVa1bswTU +gXvTQ20P4v0ps11rqQH/8QisNkx0izDC9tsgtHrYCdsv5IcoxbTIoYc= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Target.key new file mode 100644 index 0000000000..707e8780f8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAvmyGISZrFiI2K1ux1FIodC128xs7ARfd4RjjAganiJOtMllT +/13FzRp4cPsu2br5+nVT/AKoPJvg9FAATzALs9YEarbvhQtCNSl3+pEWDu00ivPS +XulmZlebb3EwFogYevP8YXkG1ei5GNa5IL+5mt3F3mR9RP0/KqAjMU2nTEJlrZs4 +tjVR90pYhLOSy5g2o5IMM4VkGPIGxBGmEql82uo2WZCch6RgOZ0p4yGRxK6a+fLs +rfhEVVw6IVKBWKHgOlueLWFif1FYRIeAQQDpbO2n/6B8tBczfHhUypKB0VZ1sTq3 +J2p36Awwcb3bsQYZ6daZ1kHSxpA9cjH85wM4NQIDAQABAoIBAQCjBXGG68b9ueg6 +ElQZewSbAVk2IvfOpcoULSQa1euTZyn9UrAwjO0L/D9kKgYf7IyZuNxfgT7aNHDP +d7XsFSvPl8dMPLStZ8gUjx3h61fBC53R348YJiS+NP4i1/ndMEIU8M/9+oi5lHTy +KNFwkfKp/HarP8hmyY/MRDAcw2gYRb1yO3UeJQ9hGMA1FOK/DQqslojkja5Q2N4q +VZqhdbA+bt4T7+fOWAFPnkZiaiJdMucZDyQP1u03u9G5xxEeSFDV+MY7BqtEYVRW +2IFlGYq3mVlTzlwadQZmE6of2ELNEEbVijTszPfgkbe5AJ4+jL/810mtBJhvPriX +D/fvwul5AoGBAOJOW+HZ+hCePQwY8sQiI9bmd+3+FQ2cmQvuxJIbBYFSHLDv1EIo +576ibcDQzM040YJJ5Tt46wlfPyccXVPL258d61xv2q+SSyidEaTaUO96/PdXxcIO +Z3iDr4x2AtZ0U2YEJDuZD2jUt9Z8Y5yvaGR03YtuFMtJxiZ3qjoLu8VnAoGBANdo +4UHrO61d3qIqaLNXGN99SlldbKysqYIrVDphlk3+G2yGHcwS3hr9a8ayazs8miiv +XjO+hiq2/w24IDXIvcDZhbp2rh6/vYQOTUZDdVhmFx9vW/5PR7/iro4Ad5ou1OLh +JP/Tqj0NY/3HEOXqwtRI9qdlXS2mwLDv9dj/F9gDAoGBALUnPpvLLkaRNJLzgZmJ +LqE++a+0HUw5F7YampXONZjwjvD/+iw/rErIoQyg1+BLZEJkPrBdud9VtCrtpLOI +UzTK8XWcQDUc6TcIjHAnJnSdQdQJGc+eUiuBVkwcx2a91WirVgmzG0eyR7rU9bQe +IXWQqyuKofCdDJYMYmJ2tAdvAoGAbsAGqJyoBx+vGpNRV3udVzKUqlOlTzZKxJlA +ae/IlnriYK6n3UeKGDhZVERha4hh/i8D8PixBH8nrUcQkHaQUPnFjrP8G+UbLC0q +P8jpKTT8CHZ5xsu+KQMEGhBVbdlMLQXyvvF1ooQi99SEdKF54ClPX4t3F8SXZ6FI +NnQZLz8CgYEA0kzbldS6AWOVBEdzjZFfjynI/IBCn4Xqc6sX92EwDUtDgRT/dFd/ +lB5INkw2H9pbMifXh7FCgepRPwygQbEBhgKnGaPz3AKGwtIzL1lovaNMI9IQdSgE +QD4gl74a8dvYzH/9bvI+Mm5fH8HfNJRzs8eXUnmFa52FmEMHCZvvTF0= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/main.test b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/chain.pem b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/chain.pem new file mode 100644 index 0000000000..bd36d6338a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has a smaller validity range +than the other certificates, making it easy to violate just its validity. + + Root: 2015/01/01 -> 2016/01/01 + Intermediate: 2015/03/01 -> 2015/09/01 + Target: 2015/01/01 -> 2016/01/01 + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 73:60:af:38:91:cf:45:20:b2:11:f8:2c:36:b2:3d:e8:ed:26:6b:7c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e5:5d:52:78:e5:9d:90:f8:e6:89:33:f2:76:2f: + 04:9f:a8:f1:db:92:f1:b3:43:19:a3:7c:1f:a1:46: + 2f:aa:b4:48:fe:f2:35:cd:2d:61:76:e7:5c:52:c9: + 7b:d6:90:3a:91:11:44:a8:bd:39:d4:5d:10:e0:17: + 71:03:b9:e2:a5:fb:08:15:d2:50:dd:4d:67:ed:9c: + a9:9b:3e:bd:3a:91:57:49:53:73:8b:2b:3e:c0:e4: + aa:c9:c2:68:31:82:b4:0e:40:a9:e7:d1:c4:f6:5b: + 48:3d:88:74:1f:43:2e:f8:b3:66:d8:41:b4:0b:6a: + 21:38:05:65:05:99:8f:84:75:07:57:3a:1b:7b:2d: + 21:0a:fc:7a:22:d9:d3:89:43:0c:1a:18:f9:92:d9: + 42:0f:86:d8:28:d2:b4:ca:28:9a:85:29:1b:0a:d7: + 01:3b:bd:cb:83:36:a0:d3:d3:4c:5a:54:06:a0:a0: + c6:51:12:33:00:5f:85:2e:0a:b5:63:2e:e0:f3:95: + 03:f9:d8:17:24:19:85:a1:23:cc:45:ea:2f:2e:89: + 3c:05:52:f0:69:95:0e:fc:71:1a:8f:2c:90:54:6f: + 14:46:33:99:bd:8b:a7:5e:0b:ad:ad:00:4f:78:8b: + 69:36:a5:38:43:63:f4:6f:f1:a8:f6:21:22:38:56: + 9f:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6E:07:CA:2E:D6:33:0C:B0:73:89:52:A6:81:9F:EA:5A:7D:58:36:E5 + X509v3 Authority Key Identifier: + keyid:72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 14:34:ce:62:08:64:36:8e:3c:83:a8:5a:e9:42:34:8a:bf:29: + c6:98:10:f5:11:cb:e6:dd:09:a9:61:77:ef:62:d3:35:ba:3d: + 7b:f1:77:1a:c0:c2:05:b8:05:6a:f0:2d:82:a4:a5:58:ae:e4: + bc:86:d4:19:68:9b:61:1a:2b:3b:d8:f1:c4:fa:ce:75:ea:0e: + f8:79:00:0d:1c:42:28:de:2b:fb:d6:2c:55:25:d1:f9:91:ce: + fd:3b:8e:20:03:c1:46:a8:3f:06:c2:f6:31:70:f4:0e:ac:e5: + d3:7e:35:2a:33:b7:85:49:b5:90:34:86:fb:91:f8:a2:f9:96: + cb:6e:0b:22:7f:0e:10:d1:6b:ef:f8:50:51:6e:1b:4a:cd:ea: + a2:13:6c:f6:31:3e:fb:53:7a:33:b4:1b:22:83:c7:0a:b1:e4: + ab:7e:46:38:31:4e:59:c7:63:6a:61:a4:b1:b6:9d:76:10:b6: + 70:fa:4b:1c:a8:41:9e:7f:1b:c0:1c:c5:c3:77:94:3d:36:b8: + 2e:38:7a:cb:ac:10:91:ac:13:33:93:77:ca:ec:96:e1:45:ee: + 40:45:0a:11:af:b7:59:be:86:ba:1a:fd:03:ec:4b:5e:7f:0f: + 24:9f:8e:5a:a4:6e:11:da:68:56:b5:af:51:87:99:52:e7:09: + 48:6e:ee:61 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUc2CvOJHPRSCyEfgsNrI96O0ma3wwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI +/vI1zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFX +SVNziys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUH +Vzobey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQG +oKDGURIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8U +RjOZvYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRuB8ou1jMMsHOJUqaBn+pafVg25TAfBgNVHSMEGDAWgBRyQzYviTI8H0UF +ANFIto8DegFSODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBABQ0zmIIZDaOPIOoWulCNIq/KcaYEPURy+bdCalhd+9i0zW6PXvxdxrAwgW4 +BWrwLYKkpViu5LyG1Blom2EaKzvY8cT6znXqDvh5AA0cQijeK/vWLFUl0fmRzv07 +jiADwUaoPwbC9jFw9A6s5dN+NSozt4VJtZA0hvuR+KL5lstuCyJ/DhDRa+/4UFFu +G0rN6qITbPYxPvtTejO0GyKDxwqx5Kt+RjgxTlnHY2phpLG2nXYQtnD6SxyoQZ5/ +G8AcxcN3lD02uC44esusEJGsEzOTd8rsluFF7kBFChGvt1m+hroa/QPsS15/DySf +jlqkbhHaaFa1r1GHmVLnCUhu7mE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:83 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Mar 1 12:00:00 2015 GMT + Not After : Sep 1 12:00:00 2015 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:f3:7c:09:dc:05:78:96:43:d9:a5:90:a3:1d: + a4:d8:2e:f6:2d:c4:4e:8d:ee:37:1d:30:28:44:f6: + 50:f9:99:12:c4:b6:be:44:0f:07:48:22:67:d1:60: + 42:60:2a:27:62:15:d2:d1:2e:9a:16:02:4e:fb:44: + 37:8c:ba:7a:7d:72:af:55:cf:d6:f5:7c:1f:b3:dd: + fa:b8:57:e4:78:72:72:90:f5:85:cb:c3:7e:8d:1f: + 89:1f:50:43:ff:53:e4:a7:ff:65:b7:af:da:bd:b1: + 80:77:0d:d5:a2:e3:59:35:97:d0:fc:39:26:b5:9a: + af:3c:7c:ac:5a:05:af:ca:98:40:3f:20:1c:ae:3c: + b2:35:e7:52:ff:01:aa:83:1a:67:aa:77:83:67:2e: + 95:6e:79:49:e8:28:dd:74:82:b2:c0:17:81:9e:f7: + 2a:1d:c2:14:7c:2a:10:b4:16:19:e1:59:10:48:36: + 35:c8:f9:bc:35:36:91:2d:c9:81:a4:18:b4:2f:ff: + 79:6d:32:ca:23:52:c0:d3:39:2c:7e:c2:a1:99:53: + 9d:ee:1e:50:4b:5d:af:f3:ca:df:39:6b:dc:54:24: + 0c:14:7b:3e:f7:f8:5e:b8:af:ea:67:68:4b:08:1f: + 25:5b:14:ff:31:e7:7d:50:c7:15:b2:53:2a:a3:5a: + a5:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 + X509v3 Authority Key Identifier: + keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b0:33:01:a0:4a:ee:23:13:a3:e6:93:bc:54:f6:18:0d:e9:1f: + 71:f9:0d:3a:c0:8a:63:9b:66:d0:35:34:97:38:a9:32:fa:ef: + b0:c5:6b:b5:ea:6c:2e:db:bb:2d:2d:d1:5b:74:71:e3:17:a5: + ef:a3:4d:64:8f:98:b4:f4:e0:9e:3e:ad:f2:ac:a7:5d:1a:b4: + 09:68:54:4b:ef:c7:a1:3a:8f:3e:5f:13:21:04:f9:ed:8d:31: + 43:f2:1f:f2:87:d4:22:c9:70:9d:f4:a6:0c:ad:f5:27:49:59: + e9:95:41:d9:58:38:4c:c4:f9:6a:77:e0:15:a6:4c:6b:17:1e: + 25:b3:10:c3:0b:cd:47:d0:db:86:62:7b:50:e4:d5:54:e7:d3: + 89:82:8e:f2:c7:a5:57:00:7d:b3:1d:b4:ed:c7:4c:50:dd:a3: + 56:74:cc:15:30:fc:a9:c9:39:18:39:75:3a:ec:1f:28:1e:e3: + ba:01:de:98:e8:e9:fe:8b:16:99:c7:67:93:c9:c2:40:48:0f: + c6:e2:ba:51:0b:03:18:21:41:56:cc:ea:40:0e:b5:9d:8e:d6: + f8:01:df:0d:97:f2:8b:cc:54:e5:eb:46:59:19:4d:a3:f3:3a: + ce:3e:c7:f5:46:77:d7:41:c7:1b:4d:fd:58:27:4d:c7:32:ed: + 33:88:44:b3 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMLzfAncBXiWQ9mlkKMdpNgu9i3ETo3uNx0wKET2UPmZEsS2 +vkQPB0giZ9FgQmAqJ2IV0tEumhYCTvtEN4y6en1yr1XP1vV8H7Pd+rhX5HhycpD1 +hcvDfo0fiR9QQ/9T5Kf/Zbev2r2xgHcN1aLjWTWX0Pw5JrWarzx8rFoFr8qYQD8g +HK48sjXnUv8BqoMaZ6p3g2culW55Sego3XSCssAXgZ73Kh3CFHwqELQWGeFZEEg2 +Ncj5vDU2kS3JgaQYtC//eW0yyiNSwNM5LH7CoZlTne4eUEtdr/PK3zlr3FQkDBR7 +Pvf4Xriv6mdoSwgfJVsU/zHnfVDHFbJTKqNapcMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUckM2L4kyPB9FBQDRSLaPA3oBUjgwHwYDVR0jBBgwFoAUWivrfHsUq387WOzs +IV6l6+H0T18wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCwMwGgSu4jE6Pmk7xU9hgN6R9x+Q06wIpjm2bQ +NTSXOKky+u+wxWu16mwu27stLdFbdHHjF6Xvo01kj5i09OCePq3yrKddGrQJaFRL +78ehOo8+XxMhBPntjTFD8h/yh9QiyXCd9KYMrfUnSVnplUHZWDhMxPlqd+AVpkxr +Fx4lsxDDC81H0NuGYntQ5NVU59OJgo7yx6VXAH2zHbTtx0xQ3aNWdMwVMPypyTkY +OXU67B8oHuO6Ad6Y6On+ixaZx2eTycJASA/G4rpRCwMYIUFWzOpADrWdjtb4Ad8N +l/KLzFTl60ZZGU2j8zrOPsf1RnfXQccbTf1YJ03HMu0ziESz +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:82 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c5:99:c3:5a:ac:ee:dd:88:55:9e:e4:3b:02:e9: + 99:bf:7e:7c:20:2e:ad:35:96:06:74:f8:06:62:6c: + 30:55:b5:16:f9:e2:db:99:65:f8:b7:58:00:01:70: + 3f:7c:23:ff:a7:39:4b:3a:d8:f7:72:65:3e:fd:66: + c0:69:43:cc:85:22:3b:d7:22:5d:1f:aa:d4:39:83: + 58:08:cd:e3:c1:8b:f1:77:4a:92:6a:5c:83:df:1b: + 59:dd:b5:92:fd:b0:6a:b0:29:a6:13:7e:2b:0e:cb: + a7:0e:30:c4:b6:2f:f7:1b:e3:ce:3c:38:2c:18:bd: + 0c:21:dd:e1:dd:2a:18:77:94:31:12:89:0a:ee:80: + 30:98:2f:3a:fc:72:75:9c:f1:fb:39:31:c7:ac:63: + 24:d4:11:40:86:49:e4:72:ce:b9:df:f3:51:bd:d7: + f2:7b:49:cd:97:65:4a:8f:65:c0:87:61:99:9c:86: + c9:96:95:fc:bc:d2:c4:c2:cc:82:c4:1b:3d:18:ba: + dd:13:1c:80:cf:9a:34:e7:44:90:29:c5:e5:f9:53: + 2f:20:e2:1c:95:ff:01:bb:ea:89:d1:47:59:fd:5a: + 44:75:58:df:42:29:bc:50:89:bc:1d:6c:e3:35:f8: + 85:ce:57:c4:c5:47:58:37:5d:1f:1b:03:66:61:0d: + 2f:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F + X509v3 Authority Key Identifier: + keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 26:d5:ba:c9:fb:e4:0d:75:44:79:16:26:33:6c:08:5d:67:60: + 19:ef:e0:6d:49:72:30:4a:f1:88:b9:51:bc:c5:e4:e6:10:6c: + ce:0c:6b:37:b7:a7:d3:d9:03:41:7f:4e:e7:a0:4a:ec:52:af: + 35:10:03:90:a2:84:4f:9a:b7:c3:d3:f4:f0:14:f8:23:f5:b2: + 1c:55:b8:8f:6a:fd:9b:05:60:b8:48:95:e3:9b:15:99:f8:98: + 2f:1d:cd:89:ae:91:b5:3b:4b:22:29:44:d2:76:0d:1c:0a:e5: + 9d:98:8f:6e:c1:d4:8b:fb:b3:aa:9d:7f:56:cb:a4:9a:27:9a: + e3:52:50:82:01:fe:8f:ba:dc:fb:f5:7e:d0:ce:07:4b:5e:91: + fa:41:21:9f:a6:15:e0:01:0d:7b:c5:53:07:f5:3d:63:89:87: + b4:a9:a2:9a:49:f7:26:64:6e:1b:9a:ce:95:e9:51:98:31:25: + ea:cb:c8:dd:6a:3f:af:32:78:22:27:32:b7:61:64:c5:6c:b7: + 96:77:1c:ec:14:93:2d:14:e5:53:9d:d9:db:09:61:bf:7f:bf: + cd:d4:d3:09:03:8a:20:0a:b6:19:40:a2:58:8d:e9:65:54:56: + ca:6a:13:f3:e1:cf:da:e3:f9:eb:49:52:cf:89:2e:52:1d:ee: + 64:1e:40:91 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDFmcNarO7diFWe5DsC6Zm/fnwgLq01lgZ0+AZibDBVtRb54tuZZfi3WAAB +cD98I/+nOUs62PdyZT79ZsBpQ8yFIjvXIl0fqtQ5g1gIzePBi/F3SpJqXIPfG1nd +tZL9sGqwKaYTfisOy6cOMMS2L/cb4848OCwYvQwh3eHdKhh3lDESiQrugDCYLzr8 +cnWc8fs5McesYyTUEUCGSeRyzrnf81G91/J7Sc2XZUqPZcCHYZmchsmWlfy80sTC +zILEGz0Yut0THIDPmjTnRJApxeX5Uy8g4hyV/wG76onRR1n9WkR1WN9CKbxQibwd +bOM1+IXOV8TFR1g3XR8bA2ZhDS95AgMBAAGjgcswgcgwHQYDVR0OBBYEFFor63x7 +FKt/O1js7CFepevh9E9fMB8GA1UdIwQYMBaAFFor63x7FKt/O1js7CFepevh9E9f +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAJtW6yfvkDXVEeRYmM2wIXWdgGe/gbUlyMErxiLlRvMXk5hBs +zgxrN7en09kDQX9O56BK7FKvNRADkKKET5q3w9P08BT4I/WyHFW4j2r9mwVguEiV +45sVmfiYLx3Nia6RtTtLIilE0nYNHArlnZiPbsHUi/uzqp1/Vsukmiea41JQggH+ +j7rc+/V+0M4HS16R+kEhn6YV4AENe8VTB/U9Y4mHtKmimkn3JmRuG5rOlelRmDEl +6svI3Wo/rzJ4Iicyt2FkxWy3lncc7BSTLRTlU53Z2wlhv3+/zdTTCQOKIAq2GUCi +WI3pZVRWymoT8+HP2uP560lSz4kuUh3uZB5AkQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/generate-chains.py new file mode 100755 index 0000000000..4288b63e08 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/generate-chains.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate has a smaller validity range +than the other certificates, making it easy to violate just its validity. + + Root: 2015/01/01 -> 2016/01/01 + Intermediate: 2015/03/01 -> 2015/09/01 + Target: 2015/01/01 -> 2016/01/01 +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_validity_range(gencerts.MARCH_1_2015_UTC, + gencerts.SEPTEMBER_1_2015_UTC) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Intermediate.key new file mode 100644 index 0000000000..2c00e4218c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwvN8CdwFeJZD2aWQox2k2C72LcROje43HTAoRPZQ+ZkSxLa+ +RA8HSCJn0WBCYConYhXS0S6aFgJO+0Q3jLp6fXKvVc/W9Xwfs936uFfkeHJykPWF +y8N+jR+JH1BD/1Pkp/9lt6/avbGAdw3VouNZNZfQ/DkmtZqvPHysWgWvyphAPyAc +rjyyNedS/wGqgxpnqneDZy6VbnlJ6CjddIKywBeBnvcqHcIUfCoQtBYZ4VkQSDY1 +yPm8NTaRLcmBpBi0L/95bTLKI1LA0zksfsKhmVOd7h5QS12v88rfOWvcVCQMFHs+ +9/heuK/qZ2hLCB8lWxT/Med9UMcVslMqo1qlwwIDAQABAoIBAB6y2MV0sCfdAbI0 +MCJ/eIXSX1G1p+kRqfweqTiy0O18/UecvzlYZH0nbdG6prkd6jW32gq2m+z7UBSh +GV4/vyoh9Ro+MEtX0GYyflio/oE5BHFvODJuBm+Sl7Umno6GV2tc/FeAiaF1YhVd +SFbuFg4qae5N0ZqnURDlUP6cBqKQMLEcXOfnI3jnQoUEU+p1hoXkp4mMf/XmLgRZ +chTBlGvPidmiBcLP8dXB9b3J+FnT/n/cZH2h96c8JBQ1Im/n9r9tgtc8vSqD5FV6 +W1BwoId8IdOrjCsmlj70WeGMbXPnk7KzTFOIkkcn/6rehdNG8o5Py9jUvVKSbp/R +3Y33GoECgYEA4cyppwnECQzwctocSxJq7BKnmENyKht2DYk82ovPCGEwagDH7u/j +lvCt2+V1PsawrjCgCJ26eY27uoLtAZYJoTTg/UDKJ6iRaxxDqgwO3zfXhacnO9uo +3PXdCLjCT9SiIqXOCctUGgaJqLq+PiwvvOKxR+N5qr5W0etufklKEf8CgYEA3QaU +RrPZnnFUqEYQz2VWjZEvPPIGAbCHTl3xaI9PBbjmjhAya+C6p3mH0/hPVtesJUVb +U9D9pBAqx/k4BOQgX2YtHTJfZZLwmClMaSzy15y0ntS5KuS5J8p3V77RqRELcoEo +RUccyBOIHxK2Vj2nBxl45YeRZA17vsKD5RzTpD0CgYEA0QKZp70qcRZBHI840WTj +BFLgP9luu/tfc3gtlD8GDUOphPXkHBCCIx32US49MTbKJPNtr4wRKKNBuoumx2kS +0N4ZxVNLzRoEQZmQKL+wpH8USOtJLedOj/ol+ATOGQdCbb/80KQd3Vlf44e4weQ0 +7CsK3vh5jstRok7DoLJGlhECgYEAm8OJN5KD6P9hc/1810xJhRcuPTsrNIGduYLH +ILLuM9As2y1a+1+y61fge2fhMghoTxPj2tvMBJVIMQnXisribZjqbksTo9e8Kt/f +87czpPPQ7qZnoGz0d7BeDr5xrz5N3PJc2QXWqMHrCkr7qSdl0MEIzGmP8vz1mmgm +345DMNkCgYEApaV0NwADnH+nRv7igqe02y3rhA18OJp4qQYR7pwZUcqi4N3t4TrM +YXLs7zDh9SFeRTS5zXDVido71M9D1IXDM0Bv6IwZSXFLJrSpywU48fV3PBDDUJ6G +H5XB6l4zIYBa0ggoOrdkcgwtjjb7iVFWu5KUqEdjuGhSKu/47FSc64s= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Root.key new file mode 100644 index 0000000000..7d1e5c9115 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxZnDWqzu3YhVnuQ7AumZv358IC6tNZYGdPgGYmwwVbUW+eLb +mWX4t1gAAXA/fCP/pzlLOtj3cmU+/WbAaUPMhSI71yJdH6rUOYNYCM3jwYvxd0qS +alyD3xtZ3bWS/bBqsCmmE34rDsunDjDEti/3G+POPDgsGL0MId3h3SoYd5QxEokK +7oAwmC86/HJ1nPH7OTHHrGMk1BFAhknkcs653/NRvdfye0nNl2VKj2XAh2GZnIbJ +lpX8vNLEwsyCxBs9GLrdExyAz5o050SQKcXl+VMvIOIclf8Bu+qJ0UdZ/VpEdVjf +Qim8UIm8HWzjNfiFzlfExUdYN10fGwNmYQ0veQIDAQABAoIBAQCsw+e92/1sy8qw +hbPitAOtHhXAvY7Lj0RN+Jz8aMNJ7G8ORH7j+/gdtV8r4sxe6cqYlstjxFd1OXh9 +bd1FK/YhYPEZA/6PtXigYGoUKI+9pXGVbyncvM6/vtYvtpWyIRDmvUNrP6C96ulA +yvryn7VaOS8UD7jeWEvHQIw+JpQF141e9NLMxyYS6KmnsHbwezsNKMYGYfGD/xSu +xlY18QOj9EPC51bDxq4WkwE3ytCNGhRUn/tm06Wf99gXmrIdMXVMLNnkf9Qa35+t +VP+3GRNq35NqB7Je077fp5O5dF63sXbQt9xGKyrIC8kNsWP9SnQakZo4mFEg0blY +QflgU65BAoGBAPEuvnqVlv/d5a/TQXoiKjKR1f/6G/fhkJrTelscYIxaaWx2tBmB +4D3o0+alpPXPi7nok4Ce0zOCzjRxGafKt7N6R2Q31vGhodoQo8vAX9hnPUe2/A1y ++iS0xuDDWB8lhFBPmeSoQ7Op6i2uAhAEAQ6gZHVru0vKs4D4FRwYC8W9AoGBANG9 +ktWt16Vzb1sWM/kQFOqf3xS0p6273mB58zPJ4StxvPjHWX0IXSH3lVc2WPFa8uhX +ILHbcJiQ5jyUKnCAB53b/RqrzI2TtcrZQIKXybCNliu1en4fE/Tn8ZbJKsHEjWMG +vvl3W1DjbSNGZIt3q4IYEaIeJp+s3BxwVSEwltZtAoGAAxG3NtQkgckPHTexA57f +rpkQghtqs7LZJj8+tV4dFGwqH0k7bX+rnN4TpEHDYaVsf8cn6WEcCvHFMgGmc+4u +fEg4FFxpjdWiu6Wuj+84yQY3T2xStNEbwc/TIBUcT/koP+Vjbfd+NREae85VFGMY +qFj+Lkhar9I6io+dpSfhLnkCgYEAtNngCLvznEhjFomYmwQQ5RahRrtXcmjyIQJG +gLtsmwdhyKosMbHKjIVtklvcaZDgrxKhsHrlJcibnlSsG4FqD+Ym4p6MrO9W6+hU +xcaYNNKBUIMVcjbeAGkXWctwQNB4kZC5j2YpqR/RdX83J0My8eRLIB0bdMearDL4 +VLwO9CkCgYBXhGpo90TdZ/DxKbA1GX35u2oSM0JHxVUTXaU/tL8GJW99m+QOarQ2 +8n4T66yFxdFXZ2r9YvQG/uaLqXY+cbEropWSpklB8u7TCGaXoNG7VN1F7QZeBkUl +OHiA4gXzBFlZlAw6dwxl5VLoLraMXDsrHxM2c5VmwNK+MWH1MB+fUw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Target.key new file mode 100644 index 0000000000..91cb76dff9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI/vI1 +zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFXSVNz +iys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUHVzob +ey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQGoKDG +URIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8URjOZ +vYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABAoIBAQCA5KG9GOQkHQuI +nO2rZp7Fjm5kAz7ai2G0EsO/oK6W0nuW8cw0QkVcSYYDbACwwhp3fWnFHZmK8sXR ++Lpk6qgouFqB0M/qnV5DFF/nwykZ6aVQqpnq4mGAisBDY4GkGRxQShxxDtwNyZxe +H/mJu/qAfmjULJAePgTu83Ei5XnWZ9FGf/EeeKl7j4YO1okgrmU5SUbq39x99j7l +m4hJc/GJpaFgYD/IQImgNYZZBgqI++fsbOjJjxShQ0FGcQwdXmhfjLAr2kdLYWeT +ml1+fav0ZPFR0pLAorkvnFQu2lwySDtO7pZaPl6vkFt2MrR4ZAqRs5OxcLVLTjTl +QJUkA6OBAoGBAPkAun5XmHzKn2rQaQV7oe6DawNRhCCbTKAn+mFnPO6XzjlMGhPr +Vrl609+RRxSd6ACKhZQdK4SZZcgqRdu16Yw7TruUJFsmNebfgXR26JdWWD5ZSUR4 +I8zgBmh6ZzGP3Pr0SAbZgMqb43+S3drWf7sJ+fDQB4oHtY45FRkzhvPBAoGBAOvP +Ue1hA/aAZ0fRTpXMA8sTMKr+xViFe1K+t31e7djqy70iRcj2rSNHsd/x63wexrNm +wN9tK/J1IPBAwxoKZbQob6hIfZzMPzNQZSU0vZS+bnfKIvSfLjIg073B89Sjojii +IQhEbXMReZq8cLg+wNwPY+cttXCEXLekJSH50PI7AoGAaizGWOMvEV8w9NHjRkQ+ +ez6sXeDfbyvpU41YdToZQD+Y3tO1dvLtqu9V8sm2vnLKn5hxdwOtL8BdJynnWdVK +vdH4M4HqsrcrWsPJJokhio512DgoRrrXwR9xfBFdeUO33YZWRB1wjnREYHyWfx7h +njaVzfpWjKPW5csvVOykycECgYEAv4VG2TFucoqfV6kb1nY4rnsLkBYUWm0vWGkl +xmGPdBpfF2H6o9oVjQ3x3h0yUUD9yT+vbsfQZb/T3M38p+3B5Kzi4x7dRrhsrFSj +kbBgOarhNdGqyltuvbADyZ75Vr8ARlcH1RseedK7nX1nX304ToMBdQWe05/tXgmn +Tw0DM3kCgYEAiUinfK+KVtWHZPsoFFD+8ToP5Q8YMJhu4hkOci0wzZStfzPNlxG7 +Yo2eOCga+aR34THIxdTh0zvkON0S+yBhM2IOzHnm/D3WJ4n5AcAvL55ppeJvnBXi +Hcfo68KRoT65Mm42RT2IzedRXiuHf6WdNqPhw/Qr9FMSoibttJC5p6w= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-after.test b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-after.test new file mode 100644 index 0000000000..ac411b5f97 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-after.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 151102120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-before.test b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-before.test new file mode 100644 index 0000000000..05d54acea0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-intermediate/not-before.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150201120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Time is before notBefore + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/chain.pem b/pki/testdata/verify_certificate_chain_unittest/expired-root/chain.pem new file mode 100644 index 0000000000..10b006e87f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Certificate chain where the root has a smaller validity range than the other +certificates, making it easy to violate just its validity. + + Root: 2015/03/01 -> 2015/09/01 + Intermediate: 2015/01/01 -> 2016/01/01 + Target: 2015/01/01 -> 2016/01/01 + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:f7:2e:2d:8f:c5:f0:b0:65:49:87:7e:d7:10:b9:ab:3b:56:ba:be + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:7c:97:b3:0d:f9:56:4b:f9:6c:a3:4b:05:f3: + d6:34:aa:f9:3b:b9:59:7f:02:7b:89:b5:d0:9b:be: + 38:c9:e6:62:0e:79:38:c7:aa:bc:2c:0b:6b:3e:b5: + 22:ba:8a:23:2f:ee:c4:8b:5a:59:a7:9e:4d:a0:bb: + a2:13:61:9e:d6:b0:1f:34:74:b6:bc:ff:fd:ee:95: + 00:5b:3a:71:e1:c1:5c:89:5f:f4:70:60:f1:ca:1c: + 2d:33:49:03:a2:78:a1:b4:96:f1:ef:6a:ba:03:77: + 89:bc:64:34:99:b1:20:54:18:78:5b:d7:98:c9:c2: + d2:f1:c6:64:2f:18:2f:b8:e7:e7:25:78:91:7a:59: + 34:ca:2f:e2:c9:47:62:b6:ff:0d:39:11:03:f5:97: + e5:fd:33:14:52:4f:cc:46:6e:b1:8c:52:00:fb:dd: + be:e7:dd:fe:93:49:15:ae:98:86:bf:ea:13:ca:2b: + 29:4a:16:ab:83:4f:26:e5:bd:e8:23:40:55:a9:a3: + aa:f4:0c:56:54:13:a0:f1:dd:3b:6b:d1:7b:2b:a8: + 46:37:3a:fa:6b:2c:94:0e:17:0a:1b:f0:fa:37:1f: + e1:14:74:d8:50:43:f6:86:9c:99:bb:03:6e:46:1e: + e4:64:f5:4f:4f:67:b8:f6:8c:c2:5e:9d:ef:c1:0f: + ac:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CA:78:A4:F1:F5:90:DF:91:0F:99:E9:68:EC:EA:37:23:7B:83:C1:6D + X509v3 Authority Key Identifier: + keyid:56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 63:36:d1:99:49:b6:e8:c3:28:ee:2b:1d:ab:32:ac:94:27:2e: + 48:45:19:19:8a:82:f7:f3:47:e4:07:e6:26:95:3b:6b:c4:ab: + d7:b3:1b:3a:6e:3a:ee:bf:84:47:cf:d9:6b:a7:67:e6:ba:d5: + 4c:a8:3d:6f:ce:25:c1:ea:44:e6:15:ae:95:f3:e7:9b:3f:9b: + cb:53:e7:ce:e8:94:ee:fd:cd:b5:a4:e2:0a:e2:eb:b3:a0:90: + f0:c7:1e:59:e9:53:78:9c:57:45:a3:6d:a3:2a:ff:fa:77:a1: + 4c:d4:31:5e:df:0e:cc:4a:24:23:4b:0a:ec:8c:31:ca:cc:6a: + 67:74:34:be:d2:5b:78:75:5a:bb:b5:30:2c:b2:63:08:4c:ff: + 3e:ac:ad:1d:22:9b:67:87:0c:66:0e:6b:25:34:0d:7d:31:de: + 52:af:3d:a1:9c:ad:74:da:45:6c:f2:80:c3:1f:0d:31:c9:40: + 57:d1:d3:34:b9:b9:d2:50:31:55:43:bb:d1:d2:89:7e:35:27: + a5:99:5b:b5:d9:e8:4f:a6:67:e3:62:4a:70:f6:85:98:5a:2f: + e6:3e:10:e5:09:e4:15:d2:e8:64:2b:db:5c:64:08:6b:aa:a0: + c4:8b:fc:ba:4f:df:a1:49:a7:7d:e9:e8:91:de:1b:f8:8b:82: + d4:68:e0:75 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUPPcuLY/F8LBlSYd+1xC5qztWur4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyHyXsw35Vkv5bKNLBfPWNKr5O7lZfwJ7ibXQm744yeZi +Dnk4x6q8LAtrPrUiuoojL+7Ei1pZp55NoLuiE2Ge1rAfNHS2vP/97pUAWzpx4cFc +iV/0cGDxyhwtM0kDonihtJbx72q6A3eJvGQ0mbEgVBh4W9eYycLS8cZkLxgvuOfn +JXiRelk0yi/iyUditv8NORED9Zfl/TMUUk/MRm6xjFIA+92+593+k0kVrpiGv+oT +yispSharg08m5b3oI0BVqaOq9AxWVBOg8d07a9F7K6hGNzr6ayyUDhcKG/D6Nx/h +FHTYUEP2hpyZuwNuRh7kZPVPT2e49ozCXp3vwQ+swwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBTKeKTx9ZDfkQ+Z6Wjs6jcje4PBbTAfBgNVHSMEGDAWgBRWRB0MukdafSSr +rBOWJf+G0AiFjDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAGM20ZlJtujDKO4rHasyrJQnLkhFGRmKgvfzR+QH5iaVO2vEq9ezGzpuOu6/ +hEfP2WunZ+a61UyoPW/OJcHqROYVrpXz55s/m8tT587olO79zbWk4gri67OgkPDH +HlnpU3icV0WjbaMq//p3oUzUMV7fDsxKJCNLCuyMMcrMamd0NL7SW3h1Wru1MCyy +YwhM/z6srR0im2eHDGYOayU0DX0x3lKvPaGcrXTaRWzygMMfDTHJQFfR0zS5udJQ +MVVDu9HSiX41J6WZW7XZ6E+mZ+NiSnD2hZhaL+Y+EOUJ5BXS6GQr21xkCGuqoMSL +/LpP36FJp33p6JHeG/iLgtRo4HU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b8:ea:dc:cf:e7:81:3c:c1:99:70:bd:71:4c:93: + 94:33:49:be:87:bf:28:2b:d0:6c:38:90:66:7d:37: + d5:a3:f1:5c:a1:a5:41:35:0b:5c:a7:bc:8f:ac:b3: + 09:ef:62:68:9f:60:3e:9e:4c:cb:7f:a4:bf:4a:0f: + a7:b2:5a:93:ec:b8:14:30:3f:d9:86:b8:ad:31:8a: + bf:20:ab:c7:40:dc:28:5b:3e:dc:39:b2:00:44:34: + 01:d6:81:13:a7:e6:d1:d8:d3:68:22:95:ee:bf:bd: + e4:d1:9f:08:dd:a9:ff:65:ff:81:6a:68:1d:ee:d3: + d5:c4:76:85:54:43:73:bf:f0:3c:c1:66:bb:a4:eb: + 22:1e:81:29:dd:4f:41:c2:a4:73:63:43:24:60:ef: + e2:f0:ae:e6:a6:25:c8:a9:ee:1b:7f:ab:be:71:cb: + f7:15:cb:2d:b4:a7:56:4b:2b:35:08:9b:12:70:15: + 33:53:ca:a7:b4:97:37:34:d3:f7:d5:f8:19:54:03: + 50:b4:f5:47:1a:f1:10:03:b5:54:64:c1:9c:b5:6d: + 14:0a:5a:28:24:4b:11:b6:fe:70:c2:0f:80:82:cd: + 94:59:16:ff:75:8b:da:91:3d:5f:16:95:4d:61:77: + 67:28:37:3b:6e:a6:a4:88:33:01:12:a0:10:fc:59: + 49:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C + X509v3 Authority Key Identifier: + keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 14:86:d2:95:9b:c1:98:21:6d:4e:a8:ac:96:32:e2:52:08:9d: + f3:bf:2c:9c:83:9a:71:aa:39:f0:ee:89:b9:41:a3:23:c3:2a: + 84:1d:d0:07:65:4b:ce:42:66:eb:a6:3b:c7:23:83:31:f0:b4: + d4:b5:e4:cd:89:13:58:35:43:de:05:64:84:4b:ed:84:6f:ac: + dc:57:29:ae:5f:0b:81:56:9b:b2:60:c2:89:68:0c:18:ee:f2: + d2:42:6f:e3:61:ff:b8:02:f9:61:f7:20:41:dc:91:66:52:ee: + ba:a3:bc:66:84:fd:89:cd:38:25:5b:53:cf:f1:6e:f9:d2:95: + 9a:7f:61:39:d5:1c:28:16:4a:c2:12:0e:f4:4a:94:ef:85:db: + ee:4f:18:7f:92:ef:de:4f:fb:9f:f5:0a:d9:ea:be:55:80:2c: + 85:b5:09:fc:3e:c0:32:39:68:ae:00:20:95:25:78:ba:98:f0: + 85:ef:ad:1c:b1:9c:7a:47:49:09:ae:ec:e0:90:71:3c:55:b4: + 41:c4:5d:d0:65:58:30:2d:87:1b:90:27:f8:f6:ce:de:fd:8e: + ec:a0:c6:25:b8:7f:f8:d0:11:90:26:a6:6a:69:2d:bf:fe:6d: + d9:66:d8:97:79:5a:70:96:b0:49:e5:e2:17:2f:2c:8b:63:77: + 88:6c:ff:e5 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9cwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALjq3M/ngTzBmXC9cUyTlDNJvoe/KCvQbDiQZn031aPxXKGl +QTULXKe8j6yzCe9iaJ9gPp5My3+kv0oPp7Jak+y4FDA/2Ya4rTGKvyCrx0DcKFs+ +3DmyAEQ0AdaBE6fm0djTaCKV7r+95NGfCN2p/2X/gWpoHe7T1cR2hVRDc7/wPMFm +u6TrIh6BKd1PQcKkc2NDJGDv4vCu5qYlyKnuG3+rvnHL9xXLLbSnVksrNQibEnAV +M1PKp7SXNzTT99X4GVQDULT1RxrxEAO1VGTBnLVtFApaKCRLEbb+cMIPgILNlFkW +/3WL2pE9XxaVTWF3Zyg3O26mpIgzARKgEPxZSdMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUVkQdDLpHWn0kq6wTliX/htAIhYwwHwYDVR0jBBgwFoAUB3Ue42T5ygZHtGi5 +2DQ5RoeNJ6EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAUhtKVm8GYIW1OqKyWMuJSCJ3zvyycg5pxqjnw +7om5QaMjwyqEHdAHZUvOQmbrpjvHI4Mx8LTUteTNiRNYNUPeBWSES+2Eb6zcVymu +XwuBVpuyYMKJaAwY7vLSQm/jYf+4Avlh9yBB3JFmUu66o7xmhP2JzTglW1PP8W75 +0pWaf2E51RwoFkrCEg70SpTvhdvuTxh/ku/eT/uf9QrZ6r5VgCyFtQn8PsAyOWiu +ACCVJXi6mPCF760csZx6R0kJruzgkHE8VbRBxF3QZVgwLYcbkCf49s7e/Y7soMYl +uH/40BGQJqZqaS2//m3ZZtiXeVpwlrBJ5eIXLyyLY3eIbP/l +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Mar 1 12:00:00 2015 GMT + Not After : Sep 1 12:00:00 2015 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a9:91:e0:b0:cc:ae:f4:2a:c1:32:17:cf:cf:c8: + f1:19:d8:82:d0:ae:e4:22:4b:3b:94:af:4a:ee:7a: + 36:29:60:18:39:8f:f2:51:d7:1c:a0:18:29:f1:98: + cb:8d:fa:e0:09:d6:0d:7f:74:08:cb:58:2e:0f:8b: + 1c:9d:05:31:8a:e2:41:b6:18:0f:98:ee:70:78:d3: + 2b:50:d4:87:a7:f6:36:6b:71:40:37:97:a9:34:3f: + a1:40:37:f7:e3:5b:bc:4f:21:b6:80:ef:c9:cb:e8: + 94:da:fa:d0:23:33:e6:e1:7f:57:72:59:c6:ca:7f: + 93:2f:5c:5e:d9:a8:55:8e:f2:a0:45:77:03:29:6b: + 55:f6:38:c2:fa:42:bc:9a:73:4a:5b:2a:27:5a:dd: + ab:c0:68:d0:b3:51:5b:e7:b8:4e:02:8f:09:35:31: + 36:93:52:a3:bd:69:5f:58:f4:de:3f:44:4a:8d:ea: + 9a:08:8f:1e:f6:5c:b1:db:21:0b:07:0a:8f:9b:d1: + d4:7f:cb:05:96:d5:04:b1:d2:5e:d9:13:6a:33:5b: + d4:98:05:1c:c0:33:07:a7:84:7c:6a:ca:5d:65:5e: + ea:18:6c:ef:4c:d6:65:a6:c1:07:bb:11:78:c3:fb: + 91:be:36:09:08:98:42:9b:6f:eb:ad:80:e0:14:13: + 11:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 + X509v3 Authority Key Identifier: + keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 4a:c7:5d:18:0f:b3:5f:d3:48:b3:8a:a5:74:4f:1b:f6:79:4e: + ac:b4:39:2d:aa:ae:62:72:ef:23:42:7d:dd:1f:64:0f:9e:5e: + f9:b9:80:13:fd:b8:a7:f6:f2:c5:53:ba:b4:42:d3:b7:6f:36: + 5a:83:f4:ca:84:f4:02:3e:8c:dc:81:10:1f:a9:4e:91:72:39: + 6c:ab:6d:cd:6a:a9:ac:c6:ae:ae:02:07:fd:80:64:bc:5f:7e: + 31:59:53:2c:b9:ae:0c:21:bd:f0:e2:e5:90:49:5e:18:3e:47: + 60:d3:38:fe:2b:8c:ac:f4:1b:20:12:a7:a9:13:c0:72:2f:b7: + 1a:1c:92:87:3f:8f:53:7a:b8:0e:db:8f:35:a0:fe:2a:d8:f4: + 63:c5:e4:ca:a2:a6:59:4f:c1:a5:b8:46:10:a9:cc:1c:fa:72: + f5:f7:63:07:d3:73:c4:21:10:cb:23:07:56:d7:df:6e:02:62: + ed:fc:50:3f:16:05:3e:16:07:ef:0d:f0:f9:fa:b7:59:21:d5: + c1:fe:1c:d5:54:18:68:51:d6:45:51:68:ef:99:d8:d4:e1:6a: + 2a:b7:a7:f7:5c:21:60:16:73:50:87:9c:dc:ff:f3:95:33:62: + 31:30:b9:65:f3:23:a6:ed:6d:18:c4:d8:57:08:93:31:35:2a: + 31:e8:0b:d1 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9YwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCpkeCwzK70KsEyF8/PyPEZ2ILQruQiSzuUr0ruejYpYBg5j/JR1xygGCnx +mMuN+uAJ1g1/dAjLWC4PixydBTGK4kG2GA+Y7nB40ytQ1Ien9jZrcUA3l6k0P6FA +N/fjW7xPIbaA78nL6JTa+tAjM+bhf1dyWcbKf5MvXF7ZqFWO8qBFdwMpa1X2OML6 +Qryac0pbKida3avAaNCzUVvnuE4Cjwk1MTaTUqO9aV9Y9N4/REqN6poIjx72XLHb +IQsHCo+b0dR/ywWW1QSx0l7ZE2ozW9SYBRzAMwenhHxqyl1lXuoYbO9M1mWmwQe7 +EXjD+5G+NgkImEKbb+utgOAUExGFAgMBAAGjgcswgcgwHQYDVR0OBBYEFAd1HuNk ++coGR7Roudg0OUaHjSehMB8GA1UdIwQYMBaAFAd1HuNk+coGR7Roudg0OUaHjSeh +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEASsddGA+zX9NIs4qldE8b9nlOrLQ5LaquYnLvI0J93R9kD55e ++bmAE/24p/byxVO6tELTt282WoP0yoT0Aj6M3IEQH6lOkXI5bKttzWqprMaurgIH +/YBkvF9+MVlTLLmuDCG98OLlkEleGD5HYNM4/iuMrPQbIBKnqRPAci+3GhyShz+P +U3q4DtuPNaD+Ktj0Y8XkyqKmWU/BpbhGEKnMHPpy9fdjB9NzxCEQyyMHVtffbgJi +7fxQPxYFPhYH7w3w+fq3WSHVwf4c1VQYaFHWRVFo75nY1OFqKren91whYBZzUIec +3P/zlTNiMTC5ZfMjpu1tGMTYVwiTMTUqMegL0Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/expired-root/generate-chains.py new file mode 100755 index 0000000000..abd51dcb29 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/generate-chains.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root has a smaller validity range than the other +certificates, making it easy to violate just its validity. + + Root: 2015/03/01 -> 2015/09/01 + Intermediate: 2015/01/01 -> 2016/01/01 + Target: 2015/01/01 -> 2016/01/01 +""" + + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(gencerts.MARCH_1_2015_UTC, + gencerts.SEPTEMBER_1_2015_UTC) + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Intermediate.key new file mode 100644 index 0000000000..2a9120796b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuOrcz+eBPMGZcL1xTJOUM0m+h78oK9BsOJBmfTfVo/FcoaVB +NQtcp7yPrLMJ72Jon2A+nkzLf6S/Sg+nslqT7LgUMD/ZhritMYq/IKvHQNwoWz7c +ObIARDQB1oETp+bR2NNoIpXuv73k0Z8I3an/Zf+Bamgd7tPVxHaFVENzv/A8wWa7 +pOsiHoEp3U9BwqRzY0MkYO/i8K7mpiXIqe4bf6u+ccv3FcsttKdWSys1CJsScBUz +U8qntJc3NNP31fgZVANQtPVHGvEQA7VUZMGctW0UClooJEsRtv5wwg+Ags2UWRb/ +dYvakT1fFpVNYXdnKDc7bqakiDMBEqAQ/FlJ0wIDAQABAoIBADsvcN1aS5MWo/Xh +rJHF6nk/8Suhk0nyu7CfBy6s4ERIzE0wh15i9JT7VUEBTPzBkprwQxqHmdqQ8GjT ++eir9QyfHlcTGJx2H3jr36ClWnD4BjKuO+57enpZ6vys842Z4zBy+bGYK4JTVRmC +vWO1NXl//fwAtxPp2VG4XZRKwpF716ZsbyjTT1mWPPW/GIx5+mOU9ziHqfufTI14 +eCsKgFSFwpOEN42JS3uoSZMZ8YhmXq/ebe8kJEmyzFJZy7V3nXXzp6QwKoI+BlNo +Ab18eXRR+cAkh5lOT/LjJd9/Q8ReQWGMBg4Jko8DzcnXgNSmQR8s+Agc0bbRxt1k +N8X6xYECgYEA3nW+63NXvvsKGYAYB5qu3PyJlkV+g6wOD6mJwjt6uyrcdLP6IM+o +WNhs5zq1yZy3etZtLqbnsZSTf2X5fX1dnwWoCL6EbFKXnqmg0v63p003yA755z/w +bvSO0iSt3DEUmoZQHRZzYzd6TXaPyi4Vfp1j72UTkGL5hxUulESD4n8CgYEA1MwY +Bpwp11zOdyAk5Hx7EaWcIfUu8wxG6lulIk/0s7lMwrI3PiL6GubsEQADUy3kSWpv +nKArK3XY4VZ98XhkWh24dGOAff/lvOd5+8QuY7mxHz00Bx5G/umlzEaeVMy37eoL +uNns6d6p6v193UR61STq1jojQ41C4LZsvNZ1xq0CgYEAnnfoCdd/cSdpOWMbOweA +eyFWbXqRtgBxf8y4umkec4gDxQqUKp1ige+iHFGhP75ooZNv8WSp9cEuFPmycSdF +8srXuWrl8Dghk7+oNcWHVCFYlCW+9XGBt7h0qNPCGfHIiI8XMLFWfx38/INxyIdt +fmVl1Bn/hsJKmGSJassn28cCgYEAn0v5YFle6R1MYdjqRTD6YAd9jd4hO0ihfacF +Q15fbHr2f3kx6Y39dE4RwdgkpQvhrSPEUZeFOY+Kv4Uj2rOpS9ybzGUAN1JtBLCz +nEkMARNtCFmkrP95XjJCL11eAVUPC0b9Z2+b7qcExCjnI9CzswNj2OLEqzkAK3/k +fqh8mjECgYBZ3Qan4Q7g7rmOZNzPOC8w+1MHa9BL7UpAtPQmrEaLCXCyCYi1O7s9 +VIZxYIanyrtlFKVo/82MARLXYTFIdXOtJu6VeNvBYFhHPCSaTrJCcYGAJn8JNFHO +iLY+A+p4YACKiNXdVP9qFK5s3Txu7WKm3mHOpi0rKU6a23At79S7SA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Root.key new file mode 100644 index 0000000000..c35b3c47fa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqZHgsMyu9CrBMhfPz8jxGdiC0K7kIks7lK9K7no2KWAYOY/y +UdccoBgp8ZjLjfrgCdYNf3QIy1guD4scnQUxiuJBthgPmO5weNMrUNSHp/Y2a3FA +N5epND+hQDf341u8TyG2gO/Jy+iU2vrQIzPm4X9XclnGyn+TL1xe2ahVjvKgRXcD +KWtV9jjC+kK8mnNKWyonWt2rwGjQs1Fb57hOAo8JNTE2k1KjvWlfWPTeP0RKjeqa +CI8e9lyx2yELBwqPm9HUf8sFltUEsdJe2RNqM1vUmAUcwDMHp4R8aspdZV7qGGzv +TNZlpsEHuxF4w/uRvjYJCJhCm2/rrYDgFBMRhQIDAQABAoIBAEDbrjCRqZ10uP6b +Av574lQ7bxW4v0OquPhO7/81OYAr5DgoKcxJ1gYaF/jzs2/z9Dtu5yzHyhFVAhEp +6WDZurBfiDjJDTY2hUiBpMC++cAxuXDxGVnqJWr5p4izn5oT3Xv67h51GR9oL39u +javZT0cS+PShCBsuHrLvxsvDyi3pWf/xSH4QqFx4SIJNaW+8bxN7mOnEYP/SZqov +/970EBnWK2Hkgao6oMDE/cp1sDRoDOPlXQC24+FLjpszXWQw7//r0UeeTbcwG9qA +hMpbbgGmD8xRHuMtgSK8yWrS5F1tKXE1iWVsd38JNgsD/9Ph95giFYDWNnQkwBRQ +VmplI6UCgYEA2b3RgbVGqZi/+fBeR87eYPmG9kpwkJVama+c8AjPff5TL1W5DXH7 +kfzaMF1n0h3vvDwy8JdYHrshdYvp0MaaLtt9cSwaX+1yVva898JClm3LinzyOxEE +60rAg6TXukbl0XUaeiTLRO3OxWkqsMWVKzIJNjXQ9cdAOmonxxa2yTMCgYEAx11C +3h6ZyZJq7+wflwwBGJCJhfVB8y8GLswpZW/wjZ1zfLus3MNMmgFKIVV9G+CJ7JJ2 +gZ9WD8iHZGV//yffzlWRlHxutgHO5sW2DfmYW56M+dx7O24KOwnkDE3DLVqcHd+O +cMFThAj+89qeFt36HHbQRSouXO43WYFa2MPjamcCgYApiXJsAf7G36LPtTDnFemK +Kk+6sBylGDi+VKflimi6qkeIIhw5GmNZSBj/XPIvPRK8n+c/yj8/LYeGevhRoXFM +OwbFDhrB7fP/7vXBdcdqFuvbMVasOeTsVcg/1LRqjpfMy0APyPEV5x+ovRUtv6Nj +KBplwwJnwGjaO+H2sriPzQKBgQCiaPJJWupzkIj3TQdrGIdoCI9QBr2kK4HA6+cp +UKjJ5SOo0IcBDUTBDR3jy+3woNobVDGgZTpJ/1V0z08XgNdNEt5W9YuHUC/KRfSK +q/OXZ7F290uY3YsOD3+tGkhPEUqu92jlqEit/locM9On00umlpASWEuOvy1uB/gH +MIV6LwKBgFMqHo1bzlwgjv9odFzgnnp0Ix1IsCsyP8ARqLG65e3UMS55EFHOCJaD +D8eKjBC6g05x5Ob/8UtiaKJQmDn3wfNd6S8orxUqn83sznryJEAJTrNcZYwtvQK4 +hoGnDHHalBur+O0M8erDO1iJ1QLtsI2C+YFQu+9niY6KP9cwjAxK +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Target.key new file mode 100644 index 0000000000..73226c0163 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyHyXsw35Vkv5bKNLBfPWNKr5O7lZfwJ7ibXQm744yeZiDnk4 +x6q8LAtrPrUiuoojL+7Ei1pZp55NoLuiE2Ge1rAfNHS2vP/97pUAWzpx4cFciV/0 +cGDxyhwtM0kDonihtJbx72q6A3eJvGQ0mbEgVBh4W9eYycLS8cZkLxgvuOfnJXiR +elk0yi/iyUditv8NORED9Zfl/TMUUk/MRm6xjFIA+92+593+k0kVrpiGv+oTyisp +Sharg08m5b3oI0BVqaOq9AxWVBOg8d07a9F7K6hGNzr6ayyUDhcKG/D6Nx/hFHTY +UEP2hpyZuwNuRh7kZPVPT2e49ozCXp3vwQ+swwIDAQABAoIBAH8wk+jzX5CA6H8k +ZU8kb2vAYBeksgNips8pumtj1ZE5CFJYU05QocprgCErNxoS0tnw513k9uXhByyG +fP9Auk1HNLTJqrjiys1WWACIZoErc7JvXpsA1cQ79e0IUDb9wtDXxir2kYXri0Uq +aThr56+SSqExeOvfHoZmL161QGlUDPVTVUdfS7JvOKzLoDm1rtzs/wmIbEt+Dv6i +vQ8APg28NGc1PvuetxFMT+RdS/5ItFOMnZFUeyj3gz6OuBexDFHmNHNi4J4YUsSX +4iRomFncDjGy5ctTr4Vntp+Meoi3b2Sk+dJis0Vu0Kl6Bz4DSOnaGJNFTeY/z/0j +bW1otOECgYEA/CfipdEFTC9c/ruHh7aEXd5/X9fcXiR8c7933vCCSfGzed9ammSW ++1JG++Knls/H1w0v+/7BSM5Q6UKSn0ipDNvjju+Y3OVMQGvKDxT355ljZgVBJOKU +y8sS0GHCBn0NOYByKqHOkacxbVIebT20crhS5VhqM/W0glpOXPz/6nMCgYEAy4sN +hXvSeHCXepYIO9wI+CdC6718WJPttpG2UQkSrYaecNNkE//4QEdC+oHq432axiRP +/50s56CA+fNGbx5gEOu7pkGfD75i4qn0kS/jcRzSueYM4B3SvrrUOTCizm5hyXLe +r7rIPF0FFe8Zkflrbf3RVfBta50ReV2jPZ5GEHECgYBl4ffB5+KsFbcNddgdDbIN ++4ibwSxZHYTrf8F/Ys5B8lcCNyz0lRAsG+Jyg/ITDYFBcyKgPx75u+MVXMDBeypS +98XKSyUIm91jaioKTf6cpW10G0tnC+XzMeo4KEetN3nQcgWvFBHS6CsgcL26heQT +NkbIRCElPXHh+XsQN2lv4QKBgQC4LPGmOB2BN7gJh1qZ94byLGyEbWfnqqstSPok +p0YMWERjqRPkePiECTdU/1uwT0ZORitRC0LHsFckVHoGMAETLosUbEpmb4qAuPKA +sUlnX4JaDgzWeoXoaZuAyD549i5rnxJbBnMLE8x3RWvoxzzrQQE7dxs7hdt66zy7 +k8yoMQKBgQDmQSU9/MGG7ocSI4LmZRWG5QPT6TnL2KDpMp7gWWvBHIeMfeo8e73P +Q/c98fdRNnM87KlBZcRAL9pFxeJP1U8PLtXeKbZBe19joFsbJ1nURZgEh4MEoCzz +MDwnAqeG6/PpT77sg8P8wCXrk0ErHe42upqcmEBhtWa7OTcVsWit3A== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Root.key b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Root.key new file mode 100644 index 0000000000..bdb14f7e33 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxsUlVMX1wkKr3CKwUQso+cIMSC1nW/PE5DClRKoMBAu7LBh+ +QBKul7/2G4drCaabSEtJi+3lepRb/simQMfzzE86AV8TutgzM4l/qkQb3ZxK+HRi +T0iRRXRek5dm+/54Rg0j+rQYxy98ElMB1u7h2AaluFtub4xxKOzdRd+2UUpVnrDz +CZO8wQzH8xV4kkfDYfxB579i8pQtRoZ/zUykCdCvsw0xjVVIhsc/1mUGACwwchuA +gH2gNct21UHwTuUDNJ8qJEov3EcxcdohMZSkaVwRnDXLUv6HMgPDX+4rCCJlN9Nc +iSpoQ5XxO8/FhSaZD1NOEb2kgD6LNSCB7BQiVQIDAQABAoIBAGeIWKGHWzMMNyg6 +iUwtW/J7uJn/zE6A8pVJIUxapleVJLEbMOd+06IHQtGj/4TPWyKU1IImL9lhXWmg +abhkbgCFY9lDBKvV4RV/ERhG0Zzkw8gWFv7k9YYPzxNhUSsAqPUT8yGqnR1jBmUl +B1hEpS44iCk2tpczt91xQvAaToSYH0xqUDGaoNm5iSuysgxfh22m2xFxbD0xDoFx +GHF5OLIPQWR827oQeGatzAXFIefosxXScQHhfiqBSFeUZ9LxLJJt3cROL/ORJ0oN +KrHrw4MDmiyCgzNEs3HV6M80tTnkRYAuNCBG6GLm4+qdC8428rWLx+8rAOxqGtqK +UKIt5gECgYEA+P67CyPGr3rDT8G754oCuNwjLPbVf0to9j8PFnZp6pikd1LKIPbd +gmYf6ctGpUh1HdTZWHo5ErLFI7VBCBcG/12YAlHwBMO5HTOzrc9SbDImVoo5Fn40 +AlLb1TuZ0Xmjy9GTlCQZzfKLa+j6FgRHIqfyr4UXz6IRPjD6tLIQc5ECgYEAzFyx +mLwF6LRrpSZm16ddjPlKtSBWFAUFkfacWr3D3trDzW+xonHHfT1YTVE+mQPzGwZU +Kelzh1zAeAQCl2jQ4TIVIgu88t39xNhOAxRWGOhDQDLzDJ753W+N9mIF9nRyATfI +9bPgPdmn5bmKGnNaciuiJzJVMncFtZz6Ge1KmIUCgYAZLJf4nlteLolErQ+0by2r +RwZ/a01Wm2c3TlTWLo6y20/1iHdLMepfXrfnSVgRKew9YeG/okvW6iAoZhD3Imzg +sLPHuEUOFkPHAg0ui4GH0uIxabQv4/6aJYp4WphIp4W5+6xyE9xQCC+0b0+pnjEa +/eP5fvlTUs1vfkA6uK4VIQKBgQDEY3+4C1iSXG/l8ZV7QLdCNn94uG6AJqNHtfpj +qWGF1C2+SswmE7llvYISKzVAzu7c1aQj8ti3CIddzly/LFcvUnXElgsqSfMJK+Us +SGrE3M9j7pJrWos8JWwDjge05Ap66SUSGZ4xUe1rcnYpHRmaBhx6FoCRUpgGA6jF +Kag6EQKBgQDCNt7OGaTa4tXM18NVHimtnaNeWZKp5VLKTcOAvc8uqiFjdC33MGJy +2WiWkR9ZVEFhRCr5xOI4HGdwmULgMtwjVj21eu9oz8U0BvPejNMOdNlEjLfEOksJ +ZufkyF5TP2PaGe/89mITvhVaI0v7b6kbL6M9yeFbq1qIDPrq2YNrdw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Target.key b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Target.key new file mode 100644 index 0000000000..060a7e69f3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/keys/expired-unconstrained-root_Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzaPp5MQEjjqcrkJw7j/PVJzMjHoLX0jIWKhQSKzPuhrAhy+U +vCPmsSvI97Tmuc/s/5d95BzogrEJ81NFmgqk0aWi3sMJNRUPRDh6zHAkT/oZzgzd +Xiu875jZXPcEQWCMXCaWnwdPGr9dTjxBSG/vUDNDgH5AXlw/LFCSAyidwXHheitu +NB3lrDjSTWhWrMMHdWW90U0ckwKZMu4SkPKEvLsfmO5TI88XbbFi6ITsZ+cQBzCk +NN0hoYqmPPs2YJMZ0KI3L/ph8AfPtkMWiF4Rww088Dq137neo1ZFYsg/CYixjn16 +njuFTVryUHFubLlvG/DViXQG+9gTaxmdklTDQQIDAQABAoIBAFj0tTMu0EGufSSs +vSlzFP8nLRz/lnfLhk9D0CcACoQZGnvgS1jvttWheTgeW0i5923BXMYW80XFy+Yk +eZFfVVkTa9ctS4hY6de7DvPs9uhZ6lvGGOSpyvtihXS/rmmRmGYsky+L+944Neao +Dh2FvmJVKrgk5TdsdC95UxBmu4d4M2nERTS/8MDxJCOqqjDL+ZLeAxgJX4rLzdKg +z26Cx4rpVwJfvvws34hamrLyNdM4gpZU6UVDrk4crFR3cEnHw6EhcjkWK+hd68U2 +mMnb4tY1Ls2+EWMA2VtjP8072/7/E9131SXblLW2uIk9z5000yJYQ+W0nj/K4LPi +pQ3GKlkCgYEA6E9dMsT3KdqWDtdnbEVGU1yHsvFzRdKyFTlffB8nRAhHct+PR6Kt +2fS3MwkVbwRE/mCQbosRpVf1S+YxO7M55rkC9A+XrVspIs+gQf/IH1A1omv+HxVn +D8ARgI4+8aVPf2hCyNXFC5veWlr97WZqCC8+2/nHAQi8okAGEh9HUXMCgYEA4pxQ +uYUHla+zuulKh4NDCOGNrQ1uGNAkFRnObdoR/j88FjumJx5qVNlhUWVqB1q5+2lV +t0KONkC1BqzK6Vi8rd+3gShdUIZCx9FuKtaGxTnBJVprhETpkcnszlyMisBkTBi5 +IHBzM44Fpf3hznmCvlMCpYKrBNzBwHZyTABAm3sCgYBsC+WL5GIUfE7IjlTS3ZFs +2h9fEb+MXQdoqauIXjD0Cmm4utO3/KihM5k1SmdGoBS6vwzN7S6C2VsENwb0/lHS +xn/iJZJlFX4Xa7vclmtsbPDVHyctK9YoVCuPwBj0aO+FkWdmY05nLNKI8cMidDyi +m96/jveIupiJWf+41AVmkwKBgQDBOBd8l/lHoHDXRmPN+BYIVInArFrbvV2GwGJL +OE1vQ+uv6VxaroxrnI5mINqvOqSpwb7ca1tm1vWDo4HARXFbsA1/izNFnbUDO4d7 +7z8qm3wcpWRXe4rMTCgmLLOI+1KJr+rpxff0VXxrdHY8306jiZQQG8JGexSZTmVW +eECeUQKBgAyX3/PAn9i0MIuv6azCAoIOqpHJGD5+Mq7ZvERMMskSlmOCvE8m1u7C +I5wYTt2p5q7ZMJdc31tb1JPeT3G9fm1uVuw0v7kFYVeXHtuzLoceB0ljX7QonLjc +WZZdTMJVI3TgNvyLXn87uTSX6mJ7WiPT4LaAz0gPMH3reO6+wVul +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-constraints.test new file mode 100644 index 0000000000..0ff3957385 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: 151102120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration-and-constraints.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration-and-constraints.test new file mode 100644 index 0000000000..3f8eff4daa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration-and-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION_AND_CONSTRAINTS +utc_time: 151102120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration.test new file mode 100644 index 0000000000..26840ab4ef --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after-ta-with-expiration.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION +utc_time: 151102120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after.test new file mode 100644 index 0000000000..61732a00fd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-after.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 151102120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before-ta-with-expiration.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before-ta-with-expiration.test new file mode 100644 index 0000000000..78a9ae7e98 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before-ta-with-expiration.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION +utc_time: 150201120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Time is before notBefore + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before.test b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before.test new file mode 100644 index 0000000000..13f9230935 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-root/not-before.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150201120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/chain.pem b/pki/testdata/verify_certificate_chain_unittest/expired-target/chain.pem new file mode 100644 index 0000000000..ba2ed2df38 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate has a smaller validity range +than the other certificates, making it easy to violate just its validity. + + Root: 2015/01/01 -> 2016/01/01 + Intermediate: 2015/01/01 -> 2016/01/01 + Target: 2015/03/01 -> 2015/09/01 + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 41:12:68:d0:ed:0e:6e:55:d8:c9:2b:43:af:b7:eb:4e:6a:f7:e3:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Mar 1 12:00:00 2015 GMT + Not After : Sep 1 12:00:00 2015 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d1:ba:03:81:9f:9e:55:9e:1a:95:8f:fd:1b:45: + 51:fe:91:3c:ac:14:9b:08:b7:0e:db:f2:2f:3f:83: + b8:06:59:7b:5f:67:74:e4:a1:36:40:b1:a0:32:c5: + 13:d7:ad:cb:3c:a7:e8:5d:73:bd:40:8b:0d:f1:3c: + fc:38:a1:e7:a1:09:94:44:e6:7d:86:cf:fd:cd:eb: + 47:90:29:53:97:22:3f:40:d4:d4:73:a2:17:00:fc: + 81:a9:57:5f:d6:21:92:06:8e:72:5e:f0:f7:f5:90: + aa:a2:b5:c6:58:9c:90:14:6f:72:f5:f0:8a:27:f6: + 4e:22:b2:3a:29:47:e1:3f:b5:69:38:e1:f0:6e:81: + 7e:9e:b0:0e:d3:01:81:57:95:78:06:75:66:4c:1e: + 2b:2d:d1:68:47:b9:94:47:55:a8:08:a8:0d:64:95: + e6:a2:b5:ce:74:74:91:3f:20:db:05:77:6b:0c:ed: + b4:6e:95:7d:d1:8c:d0:6c:3f:2f:ab:0e:d0:a9:c1: + 4e:2f:02:1b:e5:37:02:61:ab:6d:0e:2f:a8:d5:ca: + 08:1c:3c:75:17:e0:56:fc:07:68:89:4a:e3:1c:f4: + af:f1:eb:a6:b3:5e:68:9d:2f:e7:08:23:a3:9d:e5: + a4:78:ae:cc:39:95:a7:e1:6e:31:73:51:99:19:b2: + 17:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 25:FF:8A:94:CE:C2:88:76:B1:E3:8A:B4:0E:F5:5F:B5:3A:2F:6C:B6 + X509v3 Authority Key Identifier: + keyid:83:98:28:40:CF:A4:63:D5:9B:A8:81:96:82:A5:40:A6:47:2C:F2:42 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 7b:93:fd:c4:48:b8:6b:24:b7:cf:2a:7e:e5:b1:80:9e:87:1f: + 64:ea:80:ef:54:45:e2:87:d6:93:70:0c:54:20:79:c3:be:f0: + 12:e5:f7:2e:0a:fa:2b:21:29:7f:be:f4:9f:44:ad:9f:7e:30: + 93:a3:1b:2c:a4:16:11:97:6e:7e:85:08:17:35:1f:2c:4b:3f: + aa:9b:a7:48:f5:87:66:03:e0:c0:d3:43:3e:01:57:c3:30:0d: + 89:71:fc:bc:c1:64:af:cb:72:a9:8f:8f:28:d1:6a:49:95:af: + 54:ab:93:cb:73:d4:a3:05:b4:88:c2:05:20:4b:88:39:1b:61: + fa:80:35:7a:4d:ef:3c:79:59:7e:73:ff:73:80:a3:d4:27:b0: + 49:4d:cd:40:ab:69:99:40:e6:c4:16:13:ca:53:b9:7a:39:60: + 54:ce:e2:2e:5e:05:4c:ff:de:e7:2d:d9:bd:98:e3:61:b8:7b: + a7:0a:f4:1f:06:b8:99:55:fb:6b:cb:c6:88:7c:e3:d0:d1:24: + e1:ca:9d:19:bc:b4:dc:9c:37:b0:19:18:00:cc:9d:ba:68:67: + 07:36:25:c4:60:a6:fe:31:a2:56:f0:d2:f8:15:4e:c2:2b:07: + 2b:cd:08:27:5d:77:7f:2f:ee:21:5f:65:aa:3d:b4:d8:ad:92: + b3:f1:e8:24 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUQRJo0O0OblXYyStDr7frTmr3404wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDMwMTEyMDAwMFoXDTE1 +MDkwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA0boDgZ+eVZ4alY/9G0VR/pE8rBSbCLcO2/IvP4O4Bll7 +X2d05KE2QLGgMsUT163LPKfoXXO9QIsN8Tz8OKHnoQmUROZ9hs/9zetHkClTlyI/ +QNTUc6IXAPyBqVdf1iGSBo5yXvD39ZCqorXGWJyQFG9y9fCKJ/ZOIrI6KUfhP7Vp +OOHwboF+nrAO0wGBV5V4BnVmTB4rLdFoR7mUR1WoCKgNZJXmorXOdHSRPyDbBXdr +DO20bpV90YzQbD8vqw7QqcFOLwIb5TcCYattDi+o1coIHDx1F+BW/AdoiUrjHPSv +8eums15onS/nCCOjneWkeK7MOZWn4W4xc1GZGbIXhwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBQl/4qUzsKIdrHjirQO9V+1Oi9stjAfBgNVHSMEGDAWgBSDmChAz6Rj1Zuo +gZaCpUCmRyzyQjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAHuT/cRIuGskt88qfuWxgJ6HH2TqgO9UReKH1pNwDFQgecO+8BLl9y4K+ish +KX++9J9ErZ9+MJOjGyykFhGXbn6FCBc1HyxLP6qbp0j1h2YD4MDTQz4BV8MwDYlx +/LzBZK/LcqmPjyjRakmVr1Srk8tz1KMFtIjCBSBLiDkbYfqANXpN7zx5WX5z/3OA +o9QnsElNzUCraZlA5sQWE8pTuXo5YFTO4i5eBUz/3uct2b2Y42G4e6cK9B8GuJlV ++2vLxoh849DRJOHKnRm8tNycN7AZGADMnbpoZwc2JcRgpv4xolbw0vgVTsIrByvN +CCddd38v7iFfZao9tNitkrPx6CQ= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:fe:73:9b:39:80:90:40:2b:a7:4b:81:15:15:0d:0f:11:a3:f7:a8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d7:e6:30:ab:6e:50:4c:37:97:12:0b:a3:87:eb: + 68:99:df:83:be:e5:70:ee:74:b8:64:27:a1:60:ce: + 02:49:6a:84:d8:88:70:ad:53:cf:76:94:38:7b:91: + ad:ed:a4:1d:58:9f:99:ff:c6:3e:5f:11:be:17:f1: + e3:a0:05:3e:10:00:b7:10:4c:04:1c:e6:fa:e4:70: + c9:01:af:bd:b4:bc:7c:a2:8e:24:79:72:79:f1:58: + 1a:d7:b9:d3:3c:fc:cc:16:f0:14:67:f2:e5:89:e5: + cf:37:eb:16:d2:8b:e6:21:aa:83:d4:d8:94:cf:3f: + a3:f4:0a:e1:dc:37:e8:e9:24:42:60:14:20:9c:2c: + 3b:25:ef:81:d4:5a:09:a8:86:d7:76:0c:31:12:96: + ca:24:01:6a:54:a8:d5:00:6a:74:5a:e7:21:39:0c: + a0:b5:63:fe:a9:11:ac:dd:ca:b2:30:7a:94:85:42: + ca:0c:fd:ad:ef:d1:94:57:25:93:d4:83:e5:de:e8: + c1:96:9b:43:52:5d:e1:a1:b8:dc:91:97:15:09:80: + 58:42:01:6e:2a:47:ca:e5:a1:ba:47:e1:d2:7a:c6: + 20:b3:bb:e9:79:65:88:94:58:7f:ae:96:01:d3:e3: + 17:90:d4:06:74:92:96:71:fc:47:36:84:6a:ad:85: + 71:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 83:98:28:40:CF:A4:63:D5:9B:A8:81:96:82:A5:40:A6:47:2C:F2:42 + X509v3 Authority Key Identifier: + keyid:03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 50:cd:6a:05:35:eb:43:48:84:21:c7:ad:cb:54:69:9d:68:7a: + f9:a7:b0:4f:c2:a6:7d:dc:33:b9:c4:45:9b:86:b4:31:17:42: + 23:98:7c:4e:6b:da:a9:2a:d7:34:8b:a9:b5:59:f1:df:c9:52: + 6f:85:1d:1c:b8:94:77:e6:68:52:a0:13:45:1a:4d:ba:00:20: + 05:fa:d4:eb:c3:2c:93:ee:8a:4c:c0:22:b7:d9:e6:14:95:bc: + 28:d4:6d:f2:92:83:f8:91:e6:c9:a3:40:be:82:35:c6:7d:9a: + b7:24:01:8e:2d:84:b3:31:b3:cd:6a:73:fe:8d:37:f7:6d:33: + 13:4f:1d:05:69:cc:4c:be:7e:76:9e:e0:bb:23:c2:b0:51:1d: + 2a:b6:61:f7:98:17:25:ca:33:f1:31:6b:65:2b:e1:fd:28:e6: + f8:54:3e:18:63:b4:d0:56:f1:a4:57:7f:e7:9e:52:9d:ed:1e: + 5f:d5:8c:bc:27:d0:76:65:b4:a0:df:6f:13:f0:df:7b:c6:b2: + 9c:1b:65:b3:f6:98:e7:27:3b:4c:66:bc:7e:9b:46:03:f5:eb: + d3:79:35:d5:c9:fc:64:27:4b:c4:eb:94:58:e5:ac:ef:e8:a4: + c4:3c:f2:e3:77:c1:47:8c:de:85:00:13:fb:12:78:ee:79:89: + 6b:38:e4:85 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUa/5zmzmAkEArp0uBFRUNDxGj96gwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANfmMKtuUEw3lxILo4fraJnfg77lcO50uGQnoWDOAklqhNiI +cK1Tz3aUOHuRre2kHVifmf/GPl8Rvhfx46AFPhAAtxBMBBzm+uRwyQGvvbS8fKKO +JHlyefFYGte50zz8zBbwFGfy5YnlzzfrFtKL5iGqg9TYlM8/o/QK4dw36OkkQmAU +IJwsOyXvgdRaCaiG13YMMRKWyiQBalSo1QBqdFrnITkMoLVj/qkRrN3KsjB6lIVC +ygz9re/RlFclk9SD5d7owZabQ1Jd4aG43JGXFQmAWEIBbipHyuWhukfh0nrGILO7 +6XlliJRYf66WAdPjF5DUBnSSlnH8RzaEaq2FcbkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUg5goQM+kY9WbqIGWgqVApkcs8kIwHwYDVR0jBBgwFoAUA3VbmE8koPJ8o6HD +ghI0daZmizAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBQzWoFNetDSIQhx63LVGmdaHr5p7BPwqZ93DO5 +xEWbhrQxF0IjmHxOa9qpKtc0i6m1WfHfyVJvhR0cuJR35mhSoBNFGk26ACAF+tTr +wyyT7opMwCK32eYUlbwo1G3ykoP4kebJo0C+gjXGfZq3JAGOLYSzMbPNanP+jTf3 +bTMTTx0FacxMvn52nuC7I8KwUR0qtmH3mBclyjPxMWtlK+H9KOb4VD4YY7TQVvGk +V3/nnlKd7R5f1Yy8J9B2ZbSg328T8N97xrKcG2Wz9pjnJztMZrx+m0YD9evTeTXV +yfxkJ0vE65RY5azv6KTEPPLjd8FHjN6FABP7EnjueYlrOOSF +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:fe:73:9b:39:80:90:40:2b:a7:4b:81:15:15:0d:0f:11:a3:f7:a7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a8:75:44:0e:b5:bf:02:84:f6:a2:71:18:fe:02: + cc:88:ee:9a:e6:c7:d2:42:52:e2:77:5a:89:e0:d8: + f3:db:39:4d:90:d8:f0:e8:91:d6:04:08:fc:ff:b6: + 28:84:7a:be:68:4c:be:b7:a5:34:14:8e:de:8d:9e: + 42:a9:83:4b:ce:9f:6f:fe:99:40:ff:90:67:96:22: + 72:3d:6d:e2:7c:f9:e4:28:d6:cb:48:1f:55:2c:68: + ea:83:74:2f:c4:d2:79:91:0c:51:4d:bb:a5:6d:e0: + 0b:27:29:71:c3:05:73:cb:81:04:43:da:5c:17:b4: + 94:d0:f6:71:72:d1:24:0f:c3:31:5f:f0:5c:69:62: + 14:6b:a3:55:2d:c4:d6:4c:10:31:f3:ab:40:3a:52: + d3:84:08:c3:57:df:29:26:f4:98:81:18:fc:48:f8: + 2b:2e:65:35:81:fa:09:3d:bf:63:b3:f2:e6:fd:23: + 3a:bc:4e:1a:47:f6:5c:31:82:e5:fe:a1:09:ce:c5: + 0c:29:55:39:52:e9:d9:62:86:c7:2c:c3:da:d9:bc: + f0:38:97:93:54:21:2e:69:e0:a0:49:d8:27:1b:e6: + a9:0a:74:64:34:f7:ed:20:61:9f:48:db:87:aa:43: + 41:09:fb:ec:f4:ae:a8:e8:f4:f2:7b:6a:de:dc:b6: + 52:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 + X509v3 Authority Key Identifier: + keyid:03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 66:f4:dc:40:f9:8d:5a:14:f5:41:d2:4b:a7:3d:5e:95:f5:76: + e3:7c:f9:9e:dd:80:c3:3d:2a:de:8b:98:b7:15:6a:95:26:d8: + 89:0d:0e:a0:b4:95:9b:79:c5:b4:bb:29:18:da:97:04:14:14: + bc:ea:a9:06:99:9e:41:32:a7:11:2c:d6:fd:28:14:ae:1a:b5: + b5:2a:63:50:1e:61:e9:90:4a:c1:98:0f:e6:4a:b1:7f:6d:ab: + ea:95:28:09:e4:83:98:5d:ac:b1:f1:02:9c:5f:d7:b4:d7:a8: + 67:86:25:82:1a:b4:cf:39:ab:c7:8a:99:a3:8d:9b:00:4c:46: + bf:94:1a:a5:f3:6e:a9:17:28:9a:e1:2e:ae:26:da:e4:3d:65: + 97:04:83:e1:4e:02:ec:3b:c1:84:4d:27:8a:dd:ff:6c:3a:4e: + 9f:2d:00:b6:03:2f:10:84:7e:c5:9e:6f:8d:77:34:17:68:35: + a8:1e:88:9d:bf:7b:cb:0f:63:c0:e6:71:f8:a2:ff:d1:53:47: + 0b:ba:5e:50:66:ec:02:b9:28:54:38:fa:54:ef:c2:0e:96:81: + 75:e0:41:41:d6:eb:2c:f9:78:62:a9:7d:85:2b:69:9e:96:6e: + de:32:92:60:9f:0a:0b:0c:50:b2:e4:8a:ad:92:d3:dc:77:eb: + 51:93:48:66 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUa/5zmzmAkEArp0uBFRUNDxGj96cwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCodUQOtb8ChPaicRj+AsyI7prmx9JCUuJ3Wong2PPbOU2Q2PDokdYECPz/ +tiiEer5oTL63pTQUjt6NnkKpg0vOn2/+mUD/kGeWInI9beJ8+eQo1stIH1UsaOqD +dC/E0nmRDFFNu6Vt4AsnKXHDBXPLgQRD2lwXtJTQ9nFy0SQPwzFf8FxpYhRro1Ut +xNZMEDHzq0A6UtOECMNX3ykm9JiBGPxI+CsuZTWB+gk9v2Oz8ub9Izq8ThpH9lwx +guX+oQnOxQwpVTlS6dlihscsw9rZvPA4l5NUIS5p4KBJ2Ccb5qkKdGQ09+0gYZ9I +24eqQ0EJ++z0rqjo9PJ7at7ctlKbAgMBAAGjgcswgcgwHQYDVR0OBBYEFAN1W5hP +JKDyfKOhw4ISNHWmZoswMB8GA1UdIwQYMBaAFAN1W5hPJKDyfKOhw4ISNHWmZosw +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAZvTcQPmNWhT1QdJLpz1elfV243z5nt2Awz0q3ouYtxVqlSbY +iQ0OoLSVm3nFtLspGNqXBBQUvOqpBpmeQTKnESzW/SgUrhq1tSpjUB5h6ZBKwZgP +5kqxf22r6pUoCeSDmF2ssfECnF/XtNeoZ4Ylghq0zzmrx4qZo42bAExGv5QapfNu +qRcomuEuriba5D1llwSD4U4C7DvBhE0nit3/bDpOny0AtgMvEIR+xZ5vjXc0F2g1 +qB6Inb97yw9jwOZx+KL/0VNHC7peUGbsArkoVDj6VO/CDpaBdeBBQdbrLPl4Yql9 +hStpnpZu3jKSYJ8KCwxQsuSKrZLT3HfrUZNIZg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/expired-target/generate-chains.py new file mode 100755 index 0000000000..e82ac83838 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/generate-chains.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate has a smaller validity range +than the other certificates, making it easy to violate just its validity. + + Root: 2015/01/01 -> 2016/01/01 + Intermediate: 2015/01/01 -> 2016/01/01 + Target: 2015/03/01 -> 2015/09/01 +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.set_validity_range(gencerts.MARCH_1_2015_UTC, + gencerts.SEPTEMBER_1_2015_UTC) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Intermediate.key new file mode 100644 index 0000000000..db734c20f8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1+Ywq25QTDeXEgujh+tomd+DvuVw7nS4ZCehYM4CSWqE2Ihw +rVPPdpQ4e5Gt7aQdWJ+Z/8Y+XxG+F/HjoAU+EAC3EEwEHOb65HDJAa+9tLx8oo4k +eXJ58Vga17nTPPzMFvAUZ/LlieXPN+sW0ovmIaqD1NiUzz+j9Arh3Dfo6SRCYBQg +nCw7Je+B1FoJqIbXdgwxEpbKJAFqVKjVAGp0WuchOQygtWP+qRGs3cqyMHqUhULK +DP2t79GUVyWT1IPl3ujBlptDUl3hobjckZcVCYBYQgFuKkfK5aG6R+HSesYgs7vp +eWWIlFh/rpYB0+MXkNQGdJKWcfxHNoRqrYVxuQIDAQABAoIBAQDMQCDRPkbHJFxO +nSYzo1lNIXExOz1wyonbbsa0n5D4RcayV7pJsB14sFcTSEoEpZuByVRW7wT4yf9O +BfBz5iHF3/dQeqn1cevwDGeNqeZOQ3eiDdmh79Q/qDuU1V9rtjmahby4bsoLgJde +7pCj1eh89yVLSy7VNv70FQuCXH6DeKT1jUwkXNCtYAXqAiT+T7gPaZKllzV4e4xR +CguewZ7FrdSRTbkzD6y+tSSC5oQLnisakmVRJfddC8Oza1EBfPSV8YidG4Tc66xw +2i6acYy4sGh8wh/PJy56Yeh7GBGFhY3A6Ers2n6TUhER/3+Pk8KSHU0BWRcgV4g/ +354gS5C1AoGBAP6us9LXAb6k/ptHMpo82RR0mos4zKgB42vdflb9vvEEh69H6k2j +P59xakW9Mdnvajjx4W5/QhuQSsyNmUYY6oE7COaPD+yC0vLAsS8vdfyJPVPMPkec +Tmb5QbAAig13OnFV1P6WozYY7TzrCQgHMzPm64QznHEWc+sClpXmi08XAoGBANkE +H6yicyXQtKMb1ZdDZMSyrmnhhyHh9yD+XQQCMbPF5uct4eGz5zCSJh+/7fnZ2vrG +/YULGntw2eGLA8o/KA1+nkf7Ykn/KOwggIOCRtq7D9WDUsySJgrgMGFL76WcUjmm +989P22Q5m9+l1QlLldsGw9wPadzDsPybe+m6XUevAoGBAI9UnMlUzZuQWeXjrNvW +0MjNUsh1f+Axp97luZuVlKcpyH7h90AYVs8R0iBLeMnRDrPblOZN4lOG4kG6kv87 +OIbgRYMUEn8lpTiPL2iBymIEjqohcQ92LT2Qm+JEe21Wo2JzTrq05kekwaceE2gc +PTnBhNxS+4E9hKFHRJ46MD6jAoGAcHQalbJ4SJglgn/h5kgd529Pwb4D8CLPlGE6 +geFBMA7U3+Z+rh4zJpAVAU7LWjTxrBGBPXfLeTu5K46FoD+p2ZRLILG69O0rn3AY +KA1R+fYE9nbeaPMyk2AoscJPpFmkogtLTjnrTbwscW/VPMPWG3Ed/OJf0O32wG8x +fqP7wjECgYBu7DoUo0xY8F/jmBx8Ya6S9mdbwI1+3CQxRxkd3sJdfEsMTIIjgMe3 +iaD9XxVVjKP4tgTUwpfWHdBW3zLSymNzaO7cNSAeAnrNvKPEPMd5WnITbA1z9778 +Hkszn0/mJoiHlxtk/K8ImAsGCn+x04rfkxG8pM6Mg+VuBCdldZrKFg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Root.key new file mode 100644 index 0000000000..8662db112f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAqHVEDrW/AoT2onEY/gLMiO6a5sfSQlLid1qJ4Njz2zlNkNjw +6JHWBAj8/7YohHq+aEy+t6U0FI7ejZ5CqYNLzp9v/plA/5BnliJyPW3ifPnkKNbL +SB9VLGjqg3QvxNJ5kQxRTbulbeALJylxwwVzy4EEQ9pcF7SU0PZxctEkD8MxX/Bc +aWIUa6NVLcTWTBAx86tAOlLThAjDV98pJvSYgRj8SPgrLmU1gfoJPb9js/Lm/SM6 +vE4aR/ZcMYLl/qEJzsUMKVU5UunZYobHLMPa2bzwOJeTVCEuaeCgSdgnG+apCnRk +NPftIGGfSNuHqkNBCfvs9K6o6PTye2re3LZSmwIDAQABAoIBABiMLgSuu0zUr1Pw +gyHQqplxm6TxjVQY2+NkkB7xvmc9rG3lDwX06mjgHm3sz26urDxqoogETNiKESg1 +3aTx+wP6+8jv8CbNliqsjlUhRBXOHE9PLYQu/KxiBXpuXd+ihBB86QQYyfx+32Ev +iuJOUxdej46LrUvPBriEkPeYPlcFcA/ZQRC6DuIX3Y8q6Q2KC8qGsZ5kaSdrT9D4 +tJGFcMTHZpIjiQsqXM1mJ0nVGpZxZ8rs4PRSEY3ylmlWcDE/Vadg6XyqVZWcCDnh +uZ0+0sZgnw9jjsT9qyFAauVRX1GWzjF5IcGsSxCrcYKycCdRXOaWnwd+BRH2Wqs5 +GrkeaPECgYEA0cEix3+McKyka05RS7CziAHZDtSTxhOcejIxcM6UoSI6yvUBrCyI +RYFCDMhGu6nmdwiz8wVcpungwMMbRO3BdYxKW7buztl5ir9aJnVqeeRewueVNgvi +YMexUoStORM0j2NeL2FTiWvKcwTCe0xVUV3EWdDEpChEWA5/NzOxr80CgYEAzZlM +nnT7jd47WCBPWNelipDgZXrQtASYe6SDDoxTQJl2QV7X579Yg+0f3m+rry6PFbdM +Ya8/yC6iK2/GpKqX3/7AXMTcaRT6ocr0xup72eBQd5+I+zXKdfPLlJl3XUEXwWYg +XBpozl5eLYyHoNOfOiRSceW/wbzKpFrprDYYlAcCgYBs9nTXyBWvzq+XItcuh7ur +0rHsd1fQ1Q07mWl/nYEud7atCjv1MikUWkJym3PLN0aG3ZmFjGqGNwbPfEtlMlGG +e/uAy3YhNG5kOmVdhy9p5M2pWF519hSCjBo8sLm/5Y8vUcJywI+B2uIPgBB7trq3 +iwteUQpl8JkYWWeSyKLsnQKBgBC6LDWoJt8/+WwOFOaRhPJlHxyihWBgD1ff5pnE +aPGUir5+zOoZ80WogTNDuqAiFZoas6gu7e2HfcIy8eJrzrd2rofdrGEQR+Pp80hL +w4/SZDmXTTnDApneH+4THlcD+L7PZEqaC3Te0KK8EDzRet7sHZkOrC9DAOmmS+Sq +8gz5AoGAAmuNtXb0QA++9fWvEdvn4ibWkDu2bJ6it96G0/9HUExK3Tr1uyDPZ8ZA +pPiPOJvhkFM4EiMoSsDN6WuBGp+uViVz9gvMmUgAKzc8snMtFFvBjmfPeNJM/oFo +WrCtKzqs2t6W4qq0foTFv0wF5Pw5FLiUQinyvBcj+i8vmz4ksog= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Target.key new file mode 100644 index 0000000000..5224a642ba --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA0boDgZ+eVZ4alY/9G0VR/pE8rBSbCLcO2/IvP4O4Bll7X2d0 +5KE2QLGgMsUT163LPKfoXXO9QIsN8Tz8OKHnoQmUROZ9hs/9zetHkClTlyI/QNTU +c6IXAPyBqVdf1iGSBo5yXvD39ZCqorXGWJyQFG9y9fCKJ/ZOIrI6KUfhP7VpOOHw +boF+nrAO0wGBV5V4BnVmTB4rLdFoR7mUR1WoCKgNZJXmorXOdHSRPyDbBXdrDO20 +bpV90YzQbD8vqw7QqcFOLwIb5TcCYattDi+o1coIHDx1F+BW/AdoiUrjHPSv8eum +s15onS/nCCOjneWkeK7MOZWn4W4xc1GZGbIXhwIDAQABAoIBADKdy0TYijUtsErS +corHYy+mS9dYLcafr6VjwQV6O8rEg+MVq/+V7OsWM4ytRcmy9y8PcyRCz7UpGldT +maftY2LZVgB/BGKqBh5Rn3bqknMSX+O8uf2ibBzf1EdTgBzFA2IztOS3EZEhth0I +8/Lk7l0QPNWglSdp6Ze0HhdicrmWFaZLqJyML1y8u9/ra6jrnuGJm02fpoqnzhcn +7KJVQb7GER2AjwFy6J63j65oVWzVwOKwUf2blxOaM3lQa2wNtYzy8/dpdlK9e3n8 +yNMNtqvjDdtvjGSqWYakjaRWIQJvwuV0t4bIZGZI8zFCamptCL+fV60gbsuv97dU +83HQekkCgYEA/NldfDKilkCFG5WNoqcJDsINiMVid0DAgWERDfbizne2+9FUXrSY +TzXFwAfMrtv+gU34N/evoN56Y2QXfTOK3E8AaE/fCuRITReJ907HP9DFYLGn3fW0 +rsYKAdYyi9eJYnX5pD1vd7ePAFXcBAAUd3Lhc4K77gKOdDsJ9jwcacsCgYEA1FcU +eIDfBb6+KPrxdP7MijOMk2UNf+86rgsXO/jKs5AirYaawFXMaJNYI7ZRJgqScQe5 +UKsuv/FRyhaDU0pr7Q+AMPLPpxGbNKSFNj1qnaj6VP5oomUVfx30I4AyVB9CI3bO +A6JUmMY1IgcUd7TfpH2WMvJgqaKOTicYvD9kgbUCgYAh380ScoYtsv8iLusGu3IP +NBg0Fp2WdGpV6vcp88V2+7rcCbNP7Mnq8r1HeMQHORnjoNp8RQaWerfS0PoEn/8e +fMcFMo4jG2pESb8GDtvKxOFsjuB6cAyAza9Rh6zF515UfpGvWzuvwju6Q8ZyEsCr +MAzcOMuMm3MSR0aSYoM7+QKBgH1LUOH2MSNDtRObV4TQoMLfvhBvLXMTJ43xL2mM +2Zbw8vVvmrrpJa+DWhvghaury1N02k2WZQSPkdJsTFuGa367icnYTN1pTyrV9WDX +BqU3Q1eJsxY4DWIvu5KDH69xrmYcwV11mPN46XtFsDcefGSkUk+Ho7AVImFNQpQ5 +18WNAoGALsz7V4ugxAJXn/PJNtwwIZHorc3d4dXOU12VE/Va6dMyzTVt9Mds/XSD +VtGGP38SI7Zh74R4O2qHUQ5UvC3UXMeK+Pam7bgFrAMuyLvLfEEMwUK0L9Pto7cQ +lSYs8uM9lrW/u7vc9DBlrEa1YQvT9qbHNU+00D1JZcVhLFY6roU= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/not-after.test b/pki/testdata/verify_certificate_chain_unittest/expired-target/not-after.test new file mode 100644 index 0000000000..5947765b56 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/not-after.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 151002120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/expired-target/not-before.test b/pki/testdata/verify_certificate_chain_unittest/expired-target/not-before.test new file mode 100644 index 0000000000..c74f543300 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/expired-target/not-before.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150201120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is before notBefore + diff --git a/pki/testdata/verify_certificate_chain_unittest/generate-all.sh b/pki/testdata/verify_certificate_chain_unittest/generate-all.sh new file mode 100755 index 0000000000..0b6db239f4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/generate-all.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +set -e + +for dir in */ ; do + cd "$dir" + + if [ -f generate-chains.py ]; then + python3 generate-chains.py + + # Cleanup temporary files. + rm -rf */*.pyc + rm -rf out/ + fi + + cd .. +done diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/chain.pem b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/chain.pem new file mode 100644 index 0000000000..6cce2cb1c7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the supposed root certificate is wrong: + + * The intermediate's "issuer" does not match the root's "subject" + * The intermediate's signature was not generated using the root's key + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:d4:ce:21:aa:ed:06:7b:56:9b:0b:40:d4:28:fb:ff:a9:d9:2b:9b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:d8:e1:c8:d6:ce:ed:3b:b7:8a:5b:17:c2:9e: + 0c:04:f4:4e:ba:ad:1b:cf:c0:63:b7:c9:01:e9:7a: + 28:d4:d8:0b:71:36:af:02:f6:44:fc:ce:5e:84:50: + fb:5f:ef:a0:b8:b5:77:62:c0:6c:9f:8f:4f:64:52: + 67:04:0b:d3:92:31:a5:79:f3:8d:11:03:03:a2:c0: + da:ef:8f:b5:68:f8:55:f0:ac:9b:05:3a:df:ea:7b: + 3b:06:f2:de:e3:b2:c5:27:3e:b9:39:90:c0:27:0d: + de:6c:a2:8e:e4:2e:f9:95:13:37:df:20:12:28:ae: + 82:5e:91:3a:cb:75:ae:55:fb:07:d6:40:48:cd:6f: + 9c:3e:07:0f:48:d1:8f:ba:db:fa:b2:7c:ce:29:10: + e0:6b:48:36:80:db:4c:10:19:a1:28:fb:e0:b5:4f: + b2:89:40:b7:6b:9a:af:a1:9b:b0:52:03:23:16:fb: + 0f:5d:c6:c9:f2:98:08:c5:07:85:76:30:57:46:be: + 85:46:ed:14:74:60:00:61:ce:f7:88:62:6c:0b:a2: + 41:9c:5a:27:3f:e5:29:9c:36:73:a3:04:8b:ab:74: + 2d:1e:f5:96:f7:b4:c2:51:77:a9:9c:ef:ac:fd:bc: + aa:cf:ba:98:cf:6c:1b:fc:e9:20:8c:dc:17:45:49: + 12:45 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 14:7E:08:D5:73:67:A9:9C:5B:C1:26:14:D1:96:8E:09:88:11:32:67 + X509v3 Authority Key Identifier: + keyid:3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 33:6d:f9:bc:77:a5:f0:77:f8:8c:5e:18:52:45:93:6e:ed:01: + 9f:9e:7d:4a:d0:d8:6b:6b:35:92:cb:64:2f:89:7d:ed:42:0d: + 90:ad:d8:18:01:66:13:6c:4d:7c:6d:14:62:26:60:b4:37:94: + c1:24:c5:cb:a1:a2:ab:b2:28:0e:47:3e:2c:6d:2b:7c:ed:55: + 3f:55:69:28:7f:97:a4:f6:b9:45:73:5d:3b:cf:b9:48:be:7c: + fe:40:0e:ac:08:4b:6b:e5:4f:31:14:3f:1b:04:48:85:d1:65: + 65:76:6a:5f:3b:f2:04:48:c2:e1:20:7c:91:a8:bf:84:44:1a: + 4f:28:52:e6:f9:cd:f2:5b:ad:5f:71:2e:69:57:cf:1e:c4:68: + 5d:d3:4d:f8:0e:a7:7b:4d:c7:dd:ce:d8:eb:80:f1:a3:31:d3: + ac:52:0a:ff:4c:58:a9:d6:4c:91:8b:79:66:30:6b:7d:1f:05: + 89:1b:dd:ba:16:58:1d:16:53:75:64:ef:2b:55:af:41:84:2a: + 0c:3d:0e:41:52:5c:8f:03:e1:b6:bd:c5:ad:11:a0:93:dc:de: + 8e:4b:e9:17:02:d9:3f:83:9b:4c:d7:b1:75:10:8c:ff:93:ca: + 4c:40:bb:38:80:4c:83:64:f2:10:f1:04:5e:7b:45:40:04:6e: + 64:76:a0:18 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUb9TOIartBntWmwtA1Cj7/6nZK5swDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAs9jhyNbO7Tu3ilsXwp4MBPROuq0bz8Bjt8kB6Xoo1NgL +cTavAvZE/M5ehFD7X++guLV3YsBsn49PZFJnBAvTkjGlefONEQMDosDa74+1aPhV +8KybBTrf6ns7BvLe47LFJz65OZDAJw3ebKKO5C75lRM33yASKK6CXpE6y3WuVfsH +1kBIzW+cPgcPSNGPutv6snzOKRDga0g2gNtMEBmhKPvgtU+yiUC3a5qvoZuwUgMj +FvsPXcbJ8pgIxQeFdjBXRr6FRu0UdGAAYc73iGJsC6JBnFonP+UpnDZzowSLq3Qt +HvWW97TCUXepnO+s/byqz7qYz2wb/OkgjNwXRUkSRQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBQUfgjVc2epnFvBJhTRlo4JiBEyZzAfBgNVHSMEGDAWgBQ/7lFpOiQJ1iY8 +pAgiHw13fdXnOzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBADNt+bx3pfB3+IxeGFJFk27tAZ+efUrQ2GtrNZLLZC+Jfe1CDZCt2BgBZhNs +TXxtFGImYLQ3lMEkxcuhoquyKA5HPixtK3ztVT9VaSh/l6T2uUVzXTvPuUi+fP5A +DqwIS2vlTzEUPxsESIXRZWV2al878gRIwuEgfJGov4REGk8oUub5zfJbrV9xLmlX +zx7EaF3TTfgOp3tNx93O2OuA8aMx06xSCv9MWKnWTJGLeWYwa30fBYkb3boWWB0W +U3Vk7ytVr0GEKgw9DkFSXI8D4ba9xa0RoJPc3o5L6RcC2T+Dm0zXsXUQjP+TykxA +uziATINk8hDxBF57RUAEbmR2oBg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:47:c8:ca:0d:d0:ba:cc:83:24:aa:c4:09:b2:53:44:d2:da:f7:4b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e4:40:ac:b5:f3:c7:b0:dc:ca:07:85:b4:fa:5f: + 0d:28:a4:0d:88:12:cb:05:a3:4f:bb:7d:01:88:de: + 0c:b3:b9:0c:cc:3f:b4:6e:9f:d6:b6:a7:2a:6b:03: + c5:bc:3b:10:17:69:fd:29:5c:d3:fd:38:fe:b6:5e: + b2:04:8f:10:93:92:aa:db:76:07:a2:60:0f:3e:07: + bb:8d:f1:ca:c8:f3:38:69:61:38:41:4e:69:2d:70: + c2:ed:af:85:81:99:dc:8e:65:03:45:32:9b:01:95: + 7c:d5:c0:90:bd:f4:08:a5:44:4b:e5:a2:e7:fe:17: + e4:f3:3d:59:35:8e:6d:3b:70:4d:b8:49:ac:63:ff: + 3e:d4:71:36:e9:2b:50:c9:5c:bc:bb:b0:c6:1b:c4: + 0a:01:ec:ae:3f:b7:bd:10:57:08:5e:ec:8a:07:ce: + e5:da:46:25:e8:ca:0a:e0:c2:cc:0d:44:84:db:0c: + 88:d5:0f:65:bc:ea:69:10:ba:dc:93:ef:34:f9:2f: + c7:9b:c5:49:27:72:9c:a3:fd:40:9c:49:e3:59:7c: + 24:cc:99:9a:01:b6:0d:fb:41:cb:36:80:41:88:c7: + 75:9f:d5:01:6f:63:d5:f5:75:85:cd:26:3e:a6:fe: + 8d:a9:ef:a8:b0:04:8b:7e:89:f3:5f:75:3a:56:69: + c7:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B + X509v3 Authority Key Identifier: + keyid:64:6F:C2:6E:64:18:20:24:F6:02:A9:AF:63:23:01:ED:CC:69:9B:E0 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 52:46:11:42:85:ea:0e:46:d3:2a:4b:17:f8:73:c9:7b:c8:93: + dd:7b:ef:d1:34:aa:c3:77:d7:12:65:f5:e4:c0:e1:0e:57:55: + 5a:d6:c0:b1:85:61:c0:3c:dc:77:93:24:f0:81:88:43:75:12: + 80:0d:b0:b7:17:69:0e:24:53:25:50:76:5d:2e:32:46:7f:8d: + 00:7f:f6:06:d1:47:cf:95:af:54:67:d2:19:ef:b0:c7:5e:39: + a2:4b:c7:b0:f3:f6:58:b3:50:fb:6a:e0:6d:df:52:46:77:cb: + c0:bd:9e:db:ca:b0:a7:9c:92:76:ad:19:54:74:3e:52:0f:bf: + 8e:73:eb:7f:e8:1f:34:48:a0:4a:92:a6:c3:f7:6e:d1:64:07: + c2:fe:5e:ae:1b:d9:08:1b:75:2e:80:4a:51:49:dd:ec:ca:70: + 72:d6:3c:94:04:39:84:61:c5:de:e9:c6:4c:f4:ad:b2:b3:0e: + 01:63:fd:9c:e9:16:4c:fd:7c:82:11:a2:e5:a8:1e:c3:91:b0: + 84:1a:36:18:55:06:18:9f:65:59:71:5f:96:6f:60:c9:4d:0e: + 92:64:ce:1e:20:77:57:35:67:77:dd:7a:b2:e0:b7:c0:37:8d: + 51:89:71:55:f7:a1:c0:4e:7f:91:80:44:32:86:ca:b3:24:7c: + 31:e2:ac:70 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUPkfIyg3QusyDJKrECbJTRNLa90swDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAORArLXzx7DcygeFtPpfDSikDYgSywWjT7t9AYjeDLO5DMw/ +tG6f1ranKmsDxbw7EBdp/Slc0/04/rZesgSPEJOSqtt2B6JgDz4Hu43xysjzOGlh +OEFOaS1wwu2vhYGZ3I5lA0UymwGVfNXAkL30CKVES+Wi5/4X5PM9WTWObTtwTbhJ +rGP/PtRxNukrUMlcvLuwxhvECgHsrj+3vRBXCF7sigfO5dpGJejKCuDCzA1EhNsM +iNUPZbzqaRC63JPvNPkvx5vFSSdynKP9QJxJ41l8JMyZmgG2DftByzaAQYjHdZ/V +AW9j1fV1hc0mPqb+janvqLAEi36J8191OlZpxwcCAwEAAaOByzCByDAdBgNVHQ4E +FgQUP+5RaTokCdYmPKQIIh8Nd33V5zswHwYDVR0jBBgwFoAUZG/CbmQYICT2Aqmv +YyMB7cxpm+AwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBSRhFCheoORtMqSxf4c8l7yJPde+/RNKrDd9cS +ZfXkwOEOV1Va1sCxhWHAPNx3kyTwgYhDdRKADbC3F2kOJFMlUHZdLjJGf40Af/YG +0UfPla9UZ9IZ77DHXjmiS8ew8/ZYs1D7auBt31JGd8vAvZ7byrCnnJJ2rRlUdD5S +D7+Oc+t/6B80SKBKkqbD927RZAfC/l6uG9kIG3UugEpRSd3synBy1jyUBDmEYcXe +6cZM9K2ysw4BY/2c6RZM/XyCEaLlqB7DkbCEGjYYVQYYn2VZcV+Wb2DJTQ6SZM4e +IHdXNWd33Xqy4LfAN41RiXFV96HATn+RgEQyhsqzJHwx4qxw +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 66:63:f9:27:23:34:d5:b4:a6:e3:b2:e1:3f:8c:39:ed:fb:cd:58:fc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=BogusRoot + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=BogusRoot + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b8:c8:2f:dc:30:b5:3e:65:02:31:fe:76:d5:cf: + 18:49:18:9a:99:63:02:ea:1f:9c:fc:34:05:04:f5: + dc:94:15:48:0c:0b:c0:18:b9:0f:a5:a0:8f:66:27: + 02:0b:a9:33:0f:a8:27:d7:61:d7:77:7e:d5:ab:db: + d4:a0:32:d0:40:9b:66:91:5b:ec:07:df:67:13:14: + 71:1f:21:98:d8:89:ae:15:dd:68:07:3d:3b:62:5c: + 34:f8:e8:39:da:2a:23:01:6a:09:a7:91:a1:c1:94: + ab:ba:42:7f:24:20:57:c8:67:2a:d6:cf:24:7b:b6: + 14:ad:69:61:c5:50:6b:6b:d2:77:0c:0c:6e:30:df: + 2b:e8:c4:de:89:a9:94:bf:8d:70:4e:ee:e1:5d:0f: + 11:0f:80:71:3d:67:90:59:c5:c7:d6:8b:6a:29:7d: + 8a:43:7a:98:0d:75:83:db:3c:09:27:19:12:77:99: + 2c:2b:a2:94:dc:7d:78:41:e2:4a:9a:31:f4:fa:8b: + ef:d3:d3:42:dd:1d:a5:be:5d:2f:1c:9c:33:4f:7d: + c8:bd:12:eb:18:cd:e0:80:d5:7a:1a:2d:93:fc:1f: + 59:8e:72:f8:e5:21:e1:f2:fe:b7:6a:c1:e1:39:20: + 26:60:98:fd:02:f0:5b:a2:6d:13:c7:15:20:9b:ef: + d5:31 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 + X509v3 Authority Key Identifier: + keyid:6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/BogusRoot.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/BogusRoot.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 24:98:cc:7e:a5:c1:32:61:f4:c3:e0:ab:4f:ce:e5:dd:13:e1: + 1c:02:d8:fe:b5:47:5d:db:fe:75:36:35:2a:bf:23:6a:8b:16: + 09:5b:db:32:28:ea:3d:77:b9:75:d2:bc:b7:27:ae:7e:be:42: + 88:1a:8f:24:ab:2a:9b:21:69:fb:39:30:1f:6f:67:7a:c9:e1: + fc:fb:63:83:ce:a6:d5:e2:6f:46:a4:de:c5:2c:cf:71:e9:b7: + 22:70:d3:0e:36:0c:38:f3:91:15:25:6f:27:61:0a:02:e3:06: + c8:9b:56:00:aa:19:fe:99:d5:21:d1:b2:1d:70:87:84:cd:dc: + 1b:22:4a:a3:9b:61:65:b8:f8:36:f0:46:22:6a:05:23:fc:cc: + d9:3a:83:8f:e9:dc:f9:fe:71:b7:fa:f0:db:32:a3:46:87:90: + 1c:c5:9b:3f:23:24:78:6c:cf:38:ef:64:43:58:99:4c:9f:c2: + e3:fa:b2:93:7d:90:a7:3d:e3:64:99:e1:df:2c:12:f2:93:f6: + 2a:a5:e5:b4:98:b5:2d:ac:c5:87:a4:c2:a4:aa:e4:1b:8b:0a: + f4:95:91:f5:b9:e8:82:95:e2:05:3b:19:5f:c7:90:f6:51:e9: + 12:bb:81:c0:33:c0:4c:8f:16:6c:b1:ee:ad:a4:4b:e1:d7:de: + 69:99:65:ca +-----BEGIN CERTIFICATE----- +MIIDjDCCAnSgAwIBAgIUZmP5JyM01bSm47LhP4w57fvNWPwwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJQm9ndXNSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAw +NTEyMDAwMFowFDESMBAGA1UEAwwJQm9ndXNSb290MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuMgv3DC1PmUCMf521c8YSRiamWMC6h+c/DQFBPXclBVI +DAvAGLkPpaCPZicCC6kzD6gn12HXd37Vq9vUoDLQQJtmkVvsB99nExRxHyGY2Imu +Fd1oBz07Ylw0+Og52iojAWoJp5GhwZSrukJ/JCBXyGcq1s8ke7YUrWlhxVBra9J3 +DAxuMN8r6MTeiamUv41wTu7hXQ8RD4BxPWeQWcXH1otqKX2KQ3qYDXWD2zwJJxkS +d5ksK6KU3H14QeJKmjH0+ovv09NC3R2lvl0vHJwzT33IvRLrGM3ggNV6Gi2T/B9Z +jnL45SHh8v63asHhOSAmYJj9AvBbom0TxxUgm+/VMQIDAQABo4HVMIHSMB0GA1Ud +DgQWBBRvvfg3ix21GpFM1gjoM4WMCOk+YzAfBgNVHSMEGDAWgBRvvfg3ix21GpFM +1gjoM4WMCOk+YzA8BggrBgEFBQcBAQQwMC4wLAYIKwYBBQUHMAKGIGh0dHA6Ly91 +cmwtZm9yLWFpYS9Cb2d1c1Jvb3QuY2VyMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6 +Ly91cmwtZm9yLWNybC9Cb2d1c1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkmMx+pcEyYfTD4KtPzuXd +E+EcAtj+tUdd2/51NjUqvyNqixYJW9syKOo9d7l10ry3J65+vkKIGo8kqyqbIWn7 +OTAfb2d6yeH8+2ODzqbV4m9GpN7FLM9x6bcicNMONgw485EVJW8nYQoC4wbIm1YA +qhn+mdUh0bIdcIeEzdwbIkqjm2FluPg28EYiagUj/MzZOoOP6dz5/nG3+vDbMqNG +h5AcxZs/IyR4bM8472RDWJlMn8Lj+rKTfZCnPeNkmeHfLBLyk/YqpeW0mLUtrMWH +pMKkquQbiwr0lZH1ueiCleIFOxlfx5D2UekSu4HAM8BMjxZsse6tpEvh195pmWXK +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/generate-chains.py new file mode 100755 index 0000000000..c7464c202c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/generate-chains.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the supposed root certificate is wrong: + + * The intermediate's "issuer" does not match the root's "subject" + * The intermediate's signature was not generated using the root's key +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate, which actually signed the intermediate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +# Self-signed root certificate that has nothing to do with this chain, but will +# be saved as its root certificate. +bogus_root = gencerts.create_self_signed_root_certificate('BogusRoot') + +chain = [target, intermediate, bogus_root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/BogusRoot.key b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/BogusRoot.key new file mode 100644 index 0000000000..7020d305d8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/BogusRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuMgv3DC1PmUCMf521c8YSRiamWMC6h+c/DQFBPXclBVIDAvA +GLkPpaCPZicCC6kzD6gn12HXd37Vq9vUoDLQQJtmkVvsB99nExRxHyGY2ImuFd1o +Bz07Ylw0+Og52iojAWoJp5GhwZSrukJ/JCBXyGcq1s8ke7YUrWlhxVBra9J3DAxu +MN8r6MTeiamUv41wTu7hXQ8RD4BxPWeQWcXH1otqKX2KQ3qYDXWD2zwJJxkSd5ks +K6KU3H14QeJKmjH0+ovv09NC3R2lvl0vHJwzT33IvRLrGM3ggNV6Gi2T/B9ZjnL4 +5SHh8v63asHhOSAmYJj9AvBbom0TxxUgm+/VMQIDAQABAoIBAAHSR1Z+TGsPB9SC +U52L6wtdaLi2VyMDqMJ7qMkBu2jiRNGJlB0qRdM2H/O70rNWuaAf4jSnTD5rS6Pk +CNaDabYZUguAwnTZaOSxQOQzqpQH12Vzx0C7A8jWa9dAQsG5xJqQ9wNl1hhYZNDz +MtmiT/szuSJg7FUj2FRVQ5d0UXrAlgZa9jJc+1ARYz5e34QLKwiYvxTO6/MSVJv0 +Niqzu1/xB1GRH38slTHgTHAz29mTYTyiKnyV7OmNjsML8f14Ftd8io9bmXoBHw2H +8eDxzRQWPNovUmVZG+G8Un+NwPNhpkfQ7mP46eqexyN3cNECk2fRI/vZArLtxyO6 +VhzHvNkCgYEA9QGLiNe1WEgTsowBXVVQvQaxtCW+nmvZIOAnvglnB3mJak2y4V4h +3v24pgrBjhdWiJzKWCaVWAbpFxaMXDbrIewCqTWVD+QcpfKNjNzZPivvW1ao6WRJ +Ntk+rXJT0FipAlXYLvu3ZvDBke1Dd2GSAt8vZFyaKSFulgJvBLSCV/cCgYEAwRLU +sIN+wpFbDfgQFo5snsTCdLlLZGAsl5UyTMzX++95LZd0pAXPdk3CSjKjrGzLujI6 +LH1b5qahun17kE3YiLku54y+Q8YK4jZpoE+9ZoVQPBfhdFy9PYfOL8apN7JIgXBl +msrIDDvSPsFs3WDpHpguO4cITw93ujMGEr5GAhcCgYEA8dUElZ3VMb5zMtlev3Fm +sC3bWaWn8VciioC2ua0uNQKR0IvA9RKk/CYUDFCxnD8M+utIDpqG7sxjZparFJpg +nKsINVzeNUFDxckUTuXuyJ81M0LmlviWC72DUFB4yj25FMUHDdkHvmQFrLQ007FL +HeqOLNH6mH6XWRot2scRoSECgYEAuR3I94TcYMjlOLuDEV11H7UfjLKsao0btCrE +k4ZD/7ZXxTLWDv3TMGbVxjZPX97gZqIJzOZU2w0hO6Fce7tnxY9oPXJgarLTdJkf +JSnPOyDPEQ8Eh4DzoK85Le2YCWLSyehuQr/ylmg06R6jto5YdZELot+RQ9xcuxZ4 +2De+//kCgYAHsqUCeb6TG9tjEopnoEpx2ZYFbo5hCshfOcAuyRaco98oAVFc2Mbl +c926rVcOPe1Byh/SeV5HmQ9CraguHSVkxc0xvKvreAcYGW91ECDz+ZtlDIlreQU2 +sQVzkzMz1aJw4n7+vurnTSuZt9+Mcy9C09S+0XiN1ZBGCUXI3CgJnw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Intermediate.key new file mode 100644 index 0000000000..726b1ea6c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA5ECstfPHsNzKB4W0+l8NKKQNiBLLBaNPu30BiN4Ms7kMzD+0 +bp/WtqcqawPFvDsQF2n9KVzT/Tj+tl6yBI8Qk5Kq23YHomAPPge7jfHKyPM4aWE4 +QU5pLXDC7a+FgZncjmUDRTKbAZV81cCQvfQIpURL5aLn/hfk8z1ZNY5tO3BNuEms +Y/8+1HE26StQyVy8u7DGG8QKAeyuP7e9EFcIXuyKB87l2kYl6MoK4MLMDUSE2wyI +1Q9lvOppELrck+80+S/Hm8VJJ3Kco/1AnEnjWXwkzJmaAbYN+0HLNoBBiMd1n9UB +b2PV9XWFzSY+pv6Nqe+osASLfonzX3U6VmnHBwIDAQABAoIBAQDRJV3cH3Nj4PuR +5vdMz1nMWn43qBi1os4FWubUFbsH11EdumXHU9i3ZvdcNYmzD1+QRML/apqoldf3 +HU/7E2g6AJNkIoOeSmzNBuLZjqukdBDFppqYZJPFWmSSzFkFxwksxOw5NMSJsANC +DX/TPk/Jt4nf8eSnlBdqtlUO2OHIKkVYOHUXYEtachJz9Mdsk2ZzbjX9KYSbMuT/ +NW3aT1ZJ7+VSz/NxE73AI5jUW0EqWpvOMG1MmBzHkbQf7C+oO2UXFZr9MRZiF7Fg +tiH6fhUJBq87ZbXWipGeNo7XnJWtrlbh3stndfhUAVLcsgu0ilzUp/YV3wceYEaA +BOGZw53RAoGBAPQ8FXunISScEmgHpkrBJjCbTb2d9O5+aBlvi19vBk9ropsngC/C +n5PyHdL58sMpPH4uRQ13fV/vvtxaoNfaoVNQ7mRNAWjaIWqDAr8/b6wxK3r1tO4e +CUbb1aarnJBCaFVymJPz1ZNL017X8IlgK1fIhROHdpmK8llNp/Wx1vTJAoGBAO8/ +f70bkccudhJtwXWHzFVir+gmgQW1oLmerovIb7vJ0kbjUf0ODKzQDn17svVjlSLq +B5Zji6F58ebeJbfRF38X+VnH2AD6PAGpGpYG+06leZeA9G5QGXNdB/t4vnzXs/Hv +QLX6lqnsEw0IwZkhKj9YKyZQ1MrtCLE/FzzhodVPAoGBAPKizmTuAMsyEkcvclFJ +2froDy+VwUM+aYT7f+brkcVNFVo2v+6y135PRrnWfwrL6MEijo92aiPpNiAMGUbY +ePUgrfUPW5sjOZdrWEtPZk4W+y9I8tqtFGJE+9h9HSlkD+rz0gkKcN/IsNDEjr6r +v+OR3kMsjPK1S1bVA0vfxcGhAoGAMrPxXWF3XpABI9yw0DisXDgi8X8fftdELbJs +aWFcFJ8r+iv41zlgBEu/lmZdwdWN6K1SWFPWZq1ST8wqkC823I93H8jThTmC+BMf +eEYYgk1dXHdO1gYRrro7k9a9//UyxIYg37Awt+g5DV0aslot+uizlFYzEqJzYiTt +xtBGnM8CgYEAyW13ewnz6UwCriBkaqxNda3lo7dK+uV5TGG+5TQpP+dUe4UfHLGt +Tsnn9Xvzp+0SmwMM4MNsWehPVMqV95E4JscYEfgvyEVBRlvd+aLMYa5+vp7Z/jSX +uZMtBCfSHsS3MQsOjxHC6vyRZHmk3yWAP4ea0X5nFj64WaSelyjXUlQ= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Root.key new file mode 100644 index 0000000000..94e442a372 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA6vikfz365oAynxvTIaGfnMdOEqLXFSCKUOSj36Bgx3C0WePQ +RzpjQ1LeexmdrgT/uIX34o7ArEOPzCTxcjZajev9AtUMIcElbKbu6vChc87kLCBe +PtE70Hsw4OzLxalKEJPx0kHHI6GqDPfCuJljDtHRrccnThd121lNQ//eKcuhLHs1 +QVLqXw82S5LPcSsmgUK+thdefHNVCUS2ILgtHCUJkrfYM+nc5vPZCQNBCMbgatlY +gw3eJQdVQC1cYxhUa/bGv1o+How9DWbaiMfO8R0Y/BtjaUxnOD5FjusnIE/xnzxF +ItFLSKNHP8RZsnCD2LPoas4tbUmSHfYuBZH+PQIDAQABAoIBAQDIO6qyY/bzhjud +KvD4r+p8h7sYVnxDHL/Bv5WGc/0E+B44m9JZYIBGVtAQxvt/1/KzJDbhchTut4RK +yxCV64uvdXLefv8fpKBnvrnKq9RqA9ydXdfyYAtA1joI8sGTZ3geOHTSYAt7acCn +3FqrRMsNTfAIzrXH7mYYzjjxwZFouuREHlVMzbxcA57GsyeaELkJNtsMjvyZiWBx +dDaRrdgEk/sdEAMdrCkujrt4g/xn5QLYRXbH3dsYBkjPYKe3/IuhfVlo866plREJ +7cvbLTa0RX5rhTNiBPmNq46FZJLZwpbTQ4Dx+kObTYFBssrWXJrWCzRtIVXOBi9x +SdKUs3thAoGBAPmGHGm/M2mjdcbe/XJYRWQHCVInaaEPnQ8lUfn1ZpWxyFdXD/FV +Hx94ohxPYd2BVELqAh6UaIJ6VzeAj2PnlxIUa1wAR8tUz/niZdW2SbKclPInTIua +gWWo6pa2gNvam9f2BRpIM+k+yaX7T4FWqv/vWMl/W6IIq8YBIJ1Bb1lDAoGBAPER +10oLoBDg224hSgM6vkmZ3zGl6zH2i7Y8vnEvzxu/+HBwxxumgV3am+nMFBKwQYl0 +69b4Mh/UVwB+7DsJjHbA+BivPlhlwNWQJdi9QVaX81Qdgokm8scYH3G/SArP9vxC +vwOXRa1VymP+btjUdU91vcqAakezjPoZth7o2hJ/AoGBAO3CU2qTzLp5De2sZxXA +dIZGiiQk9+qHRSG8butdYR18ZKiMhd1wPZKwUM/m+BqndBG6hsB6q0bAqkBxmLAa +aYHJwS7N+ZsOuomhp2VHJ9wwhWBj//T6CRhEJxvq1Mgo+tyCSQRtDkHPGTe2SmC0 +o4Xxm8mMOFUiLAMk6d3ODvqfAoGAads1uFQGg6LZeDCx+V0QNe2Vbo23C4eBrhJa +ZgViYoMXqvg61k91OytFj5KHtfUjsiJfdVQjXoq1cYhKX1pADd2Kk/xP2i1EUgMs +O1JPoKC0vtj+ew9ZSEe1dxNRpT3Q7NC6Y+9HL2geqW4OarRQlwXSw1tEUBvt6dzk +dgo1yC0CgYADV4MP479pDaG/2YyjJHp5EWMhE+EjUy6TFKntWCz9qkR7NFiWWMQ4 +qp2FFFIw5ARPcpdEwi+lao79f04KFVMSQJY4FTd6qTYeUxHc9tJaE3MGYChIcSw9 +TJrUQUGq6UdB1OJq4Vt5kjPm+5sdGaBdmuyHdDveaDIzwMwB3KOFcw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Target.key new file mode 100644 index 0000000000..c280e8a9be --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs9jhyNbO7Tu3ilsXwp4MBPROuq0bz8Bjt8kB6Xoo1NgLcTav +AvZE/M5ehFD7X++guLV3YsBsn49PZFJnBAvTkjGlefONEQMDosDa74+1aPhV8Kyb +BTrf6ns7BvLe47LFJz65OZDAJw3ebKKO5C75lRM33yASKK6CXpE6y3WuVfsH1kBI +zW+cPgcPSNGPutv6snzOKRDga0g2gNtMEBmhKPvgtU+yiUC3a5qvoZuwUgMjFvsP +XcbJ8pgIxQeFdjBXRr6FRu0UdGAAYc73iGJsC6JBnFonP+UpnDZzowSLq3QtHvWW +97TCUXepnO+s/byqz7qYz2wb/OkgjNwXRUkSRQIDAQABAoIBAQCrPRW95Mmhl/pq +AdHdvB41mWhc1fZlGQnZM8peQ7Ic9pfuc+KvL00AaH4V/gVakw600BOcMxs50XoG +S29KqvgHer3UH9FxIS2VCYtsDajtCYbKYY44rJYG7M6HDziqFM0jUNWLugc7KDlf +tmfXW+LHzkSkbiTcF0yKPj18+8/CjGk1cOfByDQmAdTCA7yIhJPKZ2/aAFtpTCVe +pTqCD+J4AqIqnR1At6DHTehjFTk+E43h+3hX8fWnJPPaNFNKnLidEXLoJb+iC1fS +/djeLoKwiu/hIzTUSItP/3ArJz7Y+dU1M61/HGaVc8RLWSy+Ci76EOUSjWvzkP7F +hj30bJUBAoGBAN+ZXCPIFekf3G7QTDO0ENn03/V7F9hMbJJMv2xudWaJzcAxzZun +auxoZsYfcTKJAPVIhr+LVq9DZPSnJ7XR69I0yfEAg5beFUTNEg8N6jcJze+YZnWJ +bhaeO514Kr98SzHBCZsy2Yey49EzMi6k3tznIVE8BQDxruWqTo8Z92RzAoGBAM3o +gEAen1IKxyLzCbKfVrIjxQrSy+oEcHSA/yagBgP54Am/YC+0EDUXwPnZWNlXRAiQ +tqHsyIhVSx+sSB/9muPhmjENVaKTnwp9BKu2CpU9o1m2J5d9wxaRO/OpkrukSzA2 +PPkykUs4EcU/3yJavdlxqGFsmULzFYbvqRY8/7hnAoGAfqY+I2JUzswmLno7f1mx +5dKm/EOxuOlo4eEo2AEk7GSHryJGhLDqhmeINxZeJrKlYUmoUVxaSEGTMGRxwLHb +siAGdkTFRDIct/C0FuTZ0jzycZDQECk8uwD7YXFMPVPov5DIoSjHP+6azccC2Jq4 +RUWBgKLPbr52Q04Y20No9nMCgYAgAZLl5JypOQmpMhQA0um7+Plo7ElMD/KW+XIv +w9ILjiy39ypxX9DhH9ccPx+jcQAfQLdSxiaJopBx1OrFJjuMToYUN9lm0wF2tOYj +9sEAX7tjd4AB+Ud424xxHJu1VR1m2hdyON0Czy1b9sitY2N9SEB/HE1abcSb2+bx +kPvC4wKBgAdO73Q3hIopDET07tWHyot3egIF8v0U8E+L9C9l1N5C4ncnDvjrEA75 +a2HRRhW30qU0tqK4g41Ga30FJh3JlmcKz+PpmvJEXDYHWxz+i0qj5/M4GZ2EidcR +24AsLr+5PsFF66aFDoP7tu55jPaTZwawnAHCzPEgOX1JDbDudsKj +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/main.test b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/main.test new file mode 100644 index 0000000000..38af04e381 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/incorrect-trust-anchor/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/chain.pem new file mode 100644 index 0000000000..424d4f5cfb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where both the intermediate and target certificates have +incorrect signatures. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:3d:2e:d4:5e:20:54:23:3a:0b:c1:18:e2:e3:1e:58:f9:35:fd:a2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b1:5e:cb:41:90:73:c4:13:ce:74:69:2e:d2:cb: + 92:f1:dd:1c:30:d5:bc:33:af:7d:e7:b2:5a:4a:c2: + 7e:61:cb:44:97:9d:85:26:10:db:fc:07:c7:f2:6c: + 87:7a:f0:fb:4c:c8:1b:ed:7c:3e:19:4c:5e:b1:e8: + ba:10:8f:f3:2e:50:b4:56:ff:1f:7a:70:96:ee:f6: + d1:f9:f2:57:db:56:c7:d3:fd:cd:5a:ec:e0:e7:c8: + 39:ca:3a:99:c0:d4:38:77:08:94:e2:4c:a9:5b:b8: + bd:97:8a:df:45:7c:fd:b0:ed:c8:b2:09:35:53:4e: + 6f:58:42:60:c6:92:42:e8:f6:22:6a:8b:c4:e1:08: + 00:e6:a7:48:c9:64:4b:13:7e:ca:c8:05:17:b5:60: + 66:db:f0:25:eb:24:e4:9f:bf:6b:96:21:18:bf:a7: + 19:5c:2f:2f:63:9a:de:b6:83:c5:1a:fd:f0:25:18: + 7a:43:4a:15:d0:76:b0:3f:22:f3:6f:71:b1:23:74: + 7b:3c:14:ca:8a:b1:7f:07:6c:3a:f6:01:32:1b:38: + 4f:ba:14:50:00:9f:5e:09:0f:c3:b2:f2:25:bc:d0: + e0:f3:6f:af:58:22:5f:86:0f:b4:c6:fe:5e:41:b5: + da:2a:e0:5e:18:f1:7c:79:3c:57:b7:68:5d:27:4e: + 85:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 54:31:EB:0B:BA:22:61:28:F7:82:FB:D1:FA:BA:43:92:AD:92:66:23 + X509v3 Authority Key Identifier: + keyid:6D:10:36:87:AF:FA:A8:A3:9B:79:07:26:E8:A6:DA:49:43:67:94:CA + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 50:0b:0d:0d:ff:5f:c3:cd:dc:e2:2e:6d:33:d7:3c:56:6a:b2: + 05:90:77:97:00:c3:75:e8:c3:5b:59:84:28:00:ab:2f:dd:f9: + e3:39:1e:e0:14:d1:66:01:a2:69:66:14:60:9f:12:80:44:fb: + a3:d6:25:fb:0d:0f:79:d1:fe:44:5f:f4:95:b1:27:7f:c8:f5: + 4a:30:13:22:6a:e9:68:f6:e4:1c:99:19:e0:39:64:64:2b:91: + 7e:56:fd:a2:42:b0:b4:ba:9d:42:5e:7e:b4:42:09:dc:0b:64: + c6:9f:ae:ef:94:f9:38:7e:12:15:e1:e3:a3:68:49:c4:10:a7: + f4:ea:e6:3f:dd:0d:e4:75:43:d1:93:6b:e0:18:0d:5e:28:d9: + 0c:34:dd:9c:63:0c:48:c2:5b:78:1e:b3:ec:74:aa:44:f7:c3: + 4d:c2:bc:39:84:b5:c4:90:a2:67:d2:8b:95:d4:b9:c9:63:2b: + c0:f1:87:98:2c:67:63:b8:46:1d:14:2b:6d:52:63:fd:d6:e6: + 82:e9:b3:47:3e:ab:f3:1c:47:70:39:b3:44:fd:29:6d:ce:61: + dc:a2:4b:a8:f0:70:5a:59:95:4e:27:4e:7e:8d:78:90:a0:82: + 1e:6c:03:49:21:4f:ca:a7:ea:e5:3b:d3:b9:42:d1:08:53:22: + 43:74:17:4a +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUEj0u1F4gVCM6C8EY4uMeWPk1/aIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAsV7LQZBzxBPOdGku0suS8d0cMNW8M69957JaSsJ+YctE +l52FJhDb/AfH8myHevD7TMgb7Xw+GUxesei6EI/zLlC0Vv8fenCW7vbR+fJX21bH +0/3NWuzg58g5yjqZwNQ4dwiU4kypW7i9l4rfRXz9sO3Isgk1U05vWEJgxpJC6PYi +aovE4QgA5qdIyWRLE37KyAUXtWBm2/Al6yTkn79rliEYv6cZXC8vY5retoPFGv3w +JRh6Q0oV0HawPyLzb3GxI3R7PBTKirF/B2w69gEyGzhPuhRQAJ9eCQ/DsvIlvNDg +82+vWCJfhg+0xv5eQbXaKuBeGPF8eTxXt2hdJ06FFwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRUMesLuiJhKPeC+9H6ukOSrZJmIzAfBgNVHSMEGDAWgBRtEDaHr/qoo5t5 +ByboptpJQ2eUyjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAFALDQ3/X8PN3OIubTPXPFZqsgWQd5cAw3Xow1tZhCgAqy/d+eM5HuAU0WYB +omlmFGCfEoBE+6PWJfsND3nR/kRf9JWxJ3/I9UowEyJq6Wj25ByZGeA5ZGQrkX5W +/aJCsLS6nUJefrRCCdwLZMafru+U+Th+EhXh46NoScQQp/Tq5j/dDeR1Q9GTa+AY +DV4o2Qw03ZxjDEjCW3ges+x0qkT3w03CvDmEtcSQomfSi5XUucljK8Dxh5gsZ2O4 +Rh0UK21SY/3W5oLps0c+q/McR3A5s0T9KW3OYdyiS6jwcFpZlU4nTn6NeJCggh5s +A0khT8qn6uU707lC0QhTIkN0F0o= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:76:3e:27:78:9f:9e:db:6e:36:c5:5a:8a:59:bc:82:3a:8c:7a:a2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b6:52:3d:81:21:43:60:33:fc:4e:76:28:8c:26: + 3c:d9:1b:05:4b:b7:ba:5d:41:f7:9e:08:72:b2:0f: + a9:bb:37:1b:b8:6d:10:62:cf:c2:29:97:7b:97:49: + f4:3b:87:d9:29:64:72:f0:99:04:23:23:84:83:04: + 3c:01:15:95:1a:f8:02:ba:0e:9c:d2:f6:45:54:f9: + a8:e9:e7:7c:2e:f5:e7:b4:38:4a:bb:d0:40:f8:51: + 50:63:b0:fc:2e:39:f9:6b:a3:c9:dd:39:df:47:b6: + d4:81:2b:19:43:99:a7:f1:1c:4e:53:79:f0:40:4c: + 46:fa:e9:df:da:df:75:7a:8b:25:9d:f0:d6:85:16: + 88:f2:eb:65:19:b9:42:1f:07:bd:7e:8d:3d:73:8d: + 6f:f5:b6:e4:bc:af:4d:0e:f6:f4:37:e1:58:fb:a1: + 6d:06:d5:80:00:16:f3:57:6f:ea:07:f3:c1:a0:ad: + ab:5e:4d:c8:f7:e8:fa:c1:b6:c6:01:fb:6a:22:4d: + 1d:f7:44:7e:69:16:48:f0:93:0c:b4:45:c7:4f:15: + 84:29:f6:c3:a3:c3:1e:9c:8c:46:2a:47:fc:61:86: + d6:62:82:74:06:98:57:b4:4e:11:c8:b2:44:b1:76: + e4:38:3b:5f:19:df:f5:15:80:40:f0:75:4c:2c:c1: + 9d:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DB:88:D7:0B:35:2B:9E:30:59:D2:1A:51:1D:AC:7D:E3:C0:41:85:34 + X509v3 Authority Key Identifier: + keyid:6E:7B:C8:25:11:11:8C:B7:37:E8:5A:B8:3B:F5:25:A1:06:7D:A6:A1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 06:a7:e1:26:c4:80:16:c5:8c:e8:06:e5:91:53:d4:47:cf:c0: + 24:4e:63:dc:d8:48:ad:18:0e:af:d2:cc:e2:94:de:46:82:d6: + 8b:78:6a:3a:1b:69:8e:fa:a0:59:8b:5b:89:e6:ad:f2:6d:72: + 8b:a7:6f:84:1b:0b:70:5e:3a:7b:28:53:15:bd:dd:02:44:53: + 11:28:f7:13:19:c5:d2:97:8a:71:ac:1b:bc:39:d3:bc:88:3f: + e8:18:7e:41:c8:3a:86:21:48:79:2c:f8:9a:8b:2a:c6:e6:b8: + 50:f3:03:72:0e:d2:69:d1:65:1a:3f:1f:77:56:5a:64:9b:81: + 3d:af:85:82:3d:0c:c2:57:7a:ad:71:66:9c:cc:aa:91:39:7d: + c1:cc:4e:ab:c4:87:37:d5:e7:1b:a2:c6:30:1c:10:51:94:c2: + 17:98:46:97:8e:0d:0e:1b:92:21:b7:cb:3f:83:d8:0e:b5:6b: + 19:b4:43:11:44:87:ef:b5:fa:61:7d:36:95:69:75:3a:b2:a5: + f8:3a:ad:a5:b8:31:1e:4a:07:ff:75:b9:42:3f:46:87:05:bc: + 9e:b4:a1:e0:02:11:a3:49:57:4f:34:5b:6d:81:3a:05:70:e1: + b2:94:55:c7:6d:4b:5e:bc:7d:17:25:aa:7a:9c:b8:fa:c8:6a: + 1f:cb:f4:a4 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcnY+J3ifnttuNsVailm8gjqMeqIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALZSPYEhQ2Az/E52KIwmPNkbBUu3ul1B954IcrIPqbs3G7ht +EGLPwimXe5dJ9DuH2SlkcvCZBCMjhIMEPAEVlRr4AroOnNL2RVT5qOnnfC7157Q4 +SrvQQPhRUGOw/C45+Wujyd0530e21IErGUOZp/EcTlN58EBMRvrp39rfdXqLJZ3w +1oUWiPLrZRm5Qh8HvX6NPXONb/W25LyvTQ729DfhWPuhbQbVgAAW81dv6gfzwaCt +q15NyPfo+sG2xgH7aiJNHfdEfmkWSPCTDLRFx08VhCn2w6PDHpyMRipH/GGG1mKC +dAaYV7ROEciyRLF25Dg7Xxnf9RWAQPB1TCzBnc0CAwEAAaOByzCByDAdBgNVHQ4E +FgQU24jXCzUrnjBZ0hpRHax948BBhTQwHwYDVR0jBBgwFoAUbnvIJRERjLc36Fq4 +O/UloQZ9pqEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAGp+EmxIAWxYzoBuWRU9RHz8AkTmPc2EitGA6v +0szilN5GgtaLeGo6G2mO+qBZi1uJ5q3ybXKLp2+EGwtwXjp7KFMVvd0CRFMRKPcT +GcXSl4pxrBu8OdO8iD/oGH5ByDqGIUh5LPiaiyrG5rhQ8wNyDtJp0WUaPx93Vlpk +m4E9r4WCPQzCV3qtcWaczKqROX3BzE6rxIc31ecbosYwHBBRlMIXmEaXjg0OG5Ih +t8s/g9gOtWsZtEMRRIfvtfphfTaVaXU6sqX4Oq2luDEeSgf/dblCP0aHBbyetKHg +AhGjSVdPNFttgToFcOGylFXHbUtevH0XJap6nLj6yGofy/Sk +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:76:3e:27:78:9f:9e:db:6e:36:c5:5a:8a:59:bc:82:3a:8c:7a:9f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f9:1b:7f:13:42:25:83:e6:a3:28:53:28:a2:42: + 76:db:ec:c0:1d:88:3c:ee:37:ad:fe:24:a4:37:32: + 4c:32:27:be:25:31:0a:07:48:7f:8e:44:24:de:ec: + ef:e3:cd:f8:fc:a1:7e:b5:95:0e:03:2a:ee:07:e6: + 8a:fb:92:8b:92:5c:9c:51:3d:95:72:eb:5e:b5:d0: + b4:03:1e:26:5e:4d:f0:a0:ef:41:7a:a0:27:6f:a4: + 73:b9:61:04:a4:21:a2:9d:67:3d:34:ad:6e:c4:24: + 95:85:bb:3c:33:34:0c:91:a5:1f:fe:5e:6b:a6:8f: + b8:0c:00:cf:e4:f1:c5:6f:b3:1d:49:0c:2b:fe:07: + ab:8c:c6:55:5c:ef:44:7c:f9:7e:7d:80:63:93:e6: + 75:dd:16:72:c9:1d:95:c7:14:b4:1d:18:9e:fe:0a: + c8:b2:7d:55:06:e6:8b:bb:50:b6:46:cf:63:59:bb: + 66:8b:ae:b7:4a:4d:3e:a4:75:d2:00:1b:af:87:38: + fd:01:6d:96:0a:0b:e8:2e:f2:ad:d5:a8:10:7c:ff: + da:a7:62:1f:eb:8b:d6:6b:96:c1:0f:9a:0b:1b:46: + 63:e0:aa:54:c5:b0:f1:31:ad:7c:24:a9:27:84:a2: + df:06:86:63:4a:b2:9c:bb:b3:3f:89:d4:9c:7a:fa: + 91:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 72:8E:C0:44:D5:12:7A:32:45:EA:BC:89:19:85:84:95:C9:20:AF:09 + X509v3 Authority Key Identifier: + keyid:72:8E:C0:44:D5:12:7A:32:45:EA:BC:89:19:85:84:95:C9:20:AF:09 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + bc:f2:1c:7b:37:75:b6:ae:df:8a:a3:b3:20:68:9d:e2:3f:2e: + 55:ea:9b:84:5d:57:68:4e:1d:19:27:25:85:6d:65:04:8c:2d: + 76:35:eb:09:0b:57:ae:5d:e2:20:6e:1e:b6:cd:08:3a:63:3a: + d0:4e:58:67:f6:1f:ea:9d:75:c2:5c:bd:4f:b0:75:03:2b:6f: + e2:49:a7:3e:23:9e:95:47:62:de:f6:7f:e4:58:5c:63:7c:78: + a8:fa:df:ba:76:b2:1d:cd:42:63:87:c0:bf:3a:34:66:0d:51: + 85:ed:ac:29:5f:29:ff:10:41:f2:de:9f:b5:08:80:6d:0f:50: + ef:6f:e0:d2:2a:b1:0c:55:ed:0b:95:41:12:85:86:08:a9:fd: + 3c:6a:21:69:71:a0:38:c2:f6:36:3e:25:2e:30:ef:c2:ba:0f: + 2e:17:d4:cd:00:35:f6:fa:8e:9f:3c:ad:6f:5a:ca:f7:b7:0b: + aa:f3:8b:3f:60:8c:87:42:5e:73:63:5f:e0:eb:a7:09:ec:0a: + ba:10:94:dc:57:93:d7:b0:4a:99:83:00:a4:e2:fd:f8:b1:54: + cc:17:7f:9f:7f:0c:f7:6c:6a:89:13:ef:fe:b6:42:61:56:0c: + 0d:cf:e5:41:51:1c:08:18:6c:9a:1e:c2:e5:ac:29:ce:2d:08: + 97:bc:6b:c3 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcnY+J3ifnttuNsVailm8gjqMep8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQD5G38TQiWD5qMoUyiiQnbb7MAdiDzuN63+JKQ3MkwyJ74lMQoHSH+ORCTe +7O/jzfj8oX61lQ4DKu4H5or7kouSXJxRPZVy61610LQDHiZeTfCg70F6oCdvpHO5 +YQSkIaKdZz00rW7EJJWFuzwzNAyRpR/+Xmumj7gMAM/k8cVvsx1JDCv+B6uMxlVc +70R8+X59gGOT5nXdFnLJHZXHFLQdGJ7+CsiyfVUG5ou7ULZGz2NZu2aLrrdKTT6k +ddIAG6+HOP0BbZYKC+gu8q3VqBB8/9qnYh/ri9ZrlsEPmgsbRmPgqlTFsPExrXwk +qSeEot8GhmNKspy7sz+J1Jx6+pElAgMBAAGjgcswgcgwHQYDVR0OBBYEFHKOwETV +EnoyReq8iRmFhJXJIK8JMB8GA1UdIwQYMBaAFHKOwETVEnoyReq8iRmFhJXJIK8J +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAvPIcezd1tq7fiqOzIGid4j8uVeqbhF1XaE4dGSclhW1lBIwt +djXrCQtXrl3iIG4ets0IOmM60E5YZ/Yf6p11wly9T7B1Aytv4kmnPiOelUdi3vZ/ +5FhcY3x4qPrfunayHc1CY4fAvzo0Zg1Rhe2sKV8p/xBB8t6ftQiAbQ9Q72/g0iqx +DFXtC5VBEoWGCKn9PGohaXGgOML2Nj4lLjDvwroPLhfUzQA19vqOnzytb1rK97cL +qvOLP2CMh0Jec2Nf4OunCewKuhCU3FeT17BKmYMApOL9+LFUzBd/n38M92xqiRPv +/rZCYVYMDc/lQVEcCBhsmh7C5awpzi0Il7xrww== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/generate-chains.py new file mode 100755 index 0000000000..762601b506 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/generate-chains.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python +# Copyright 2018 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where both the intermediate and target certificates have +incorrect signatures.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Actual root that was used to sign the intermediate certificate. It has the +# same subject as expected, but a different RSA key from the certificate +# included in the actual chain. +wrong_root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate to include in the certificate chain. +intermediate = gencerts.create_intermediate_certificate('Intermediate', + wrong_root) + +# Actual intermediate that was used to sign the target certificate. It has the +# same subject as expected, but a different RSA key from the certificate +# included in the actual chain. +wrong_intermediate = gencerts.create_intermediate_certificate('Intermediate', + root) + +# Target certificate, signed using |wrong_intermediate| NOT |intermediate|. +target = gencerts.create_end_entity_certificate('Target', wrong_intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate.key new file mode 100644 index 0000000000..9e0f55f804 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA5cQCexsMwEVDrluIzqAD/dlA2NIAS4zvWHx3s7u+N7MPtJ21 +WxFhdYCeZJdjk/w/Zr9hhsGUdFjzVtXkKDZM0R/J2/RGRzGzvWl3Cz84M1qKdkN/ +m1GIDWee/myO54lTHWoZY6K80nRD136VlcOQUvVMHSiRmb+O2RRhODIwjbRIoLhN +k1DwVFd+m/fKNFwY9/9ZxmqiuCn0j2++qtz/OxeSweeWg6OlKK9vXbR8x5NtbSrF +y9RyZT9fUdCXNQnnNMuXPAznziK7tFhPAvPzck/1sZsHHjjp/BRtoUJoJkU5N1Xj +cpQqIrPlDybYKmRRlHbrXa+4qm1jsUWcxO76LQIDAQABAoIBAQDfnq1rcyAt4TvF +7oBv2X0JCvD6FSkEXt5zmHBIFWlEfJnEh9mCEKBx5AREkrLvzIlITut0Y+NAeXIc +CYBNQsvwnKex00Sy9cShjIu3/oeMM4qfH4KKgAeSRE+R/8X1wsmJz0F2n2R2z4FX +snOTlwpYMzUpC9rpcG5vCE62iuKGhh+JZs/VIqCjnlzb1GcYsdvw1o7fqvvcYJVp +9u2TvDI91yLxF1Wqp4UlWwGQzoHbZucjLnWywA5vq+VZjSPy1kfjSpWFLdrox+zj +v5i8w5LMwVc9E7nuRe/uixj0F8n/bPPrHjisLHXAtMp6dcTJwGBmF+3oq8G+pgZc +FMGWFw4BAoGBAP+1B6XDcmZxSy8xpVKhvhhUZOHJx1uwLIKA5F+AIBFmmVJs/FkE +EKl7MdiA6OH7bzu+caEfxE0JxQxpWA2hWm2e9xyyqHtr4oicvVv/f9/U8IuVQ5uV +H9yg2mtsMjeyX0oMiujDFUv6AlyIl8/Gi/UZGZo0ipGAyv18R1Cr+8zRAoGBAOYH +X8UDx1VM6dLsIZYekt/YedDORA/fIV4bd3dl6Bc93gcEcjqRiLWQyPvsn9zFv69I +NfofqYXYFL60xDHbX94LyUUDU4i1dtt8YBvWfAJW0GNHKYJTD1zWtAW+ERBY9qY3 +d5QfLhNPRwyXICplC2epaBbhsoQz+WSPn20oW/6dAoGBAMl3JR5aPiEudBEr6ViQ +bMiYfZ9Trkm0JW1xBf2kYh+zmWtSyQONa19M2/n7nwClbH9Czh4nfC9CWkksGp8q +mKezzniC3rHXT3VZIOyCAoslJ5yiLtE/DgpzhYOLjIlLdT5PYYaAZaAly4SCbjHa ++dxTOVPAv8hiFAzhxQJvboVxAoGBAIdMxxQHCPQvbUlXAtpd2V444k3jRT1grSvB +VB+ynTUueq39+4Jfn93L76venpko53qeKsGYZgoH8wvJH62Dr3vXyucA8d1zfxnS +qmU1X3OwxJngfZXebSbaUsEd7sOC0HEsJvXE8UECXHQXYCAPlwm+Jy9uSaZhO8ve +fpOiLZoxAoGBAJFR1ivu2oeqz/BxIYh5CGDayndQpUAK72ienYLlNIwopxmM1gpq +pYjVOg6ESYI9UAOYbfPML97ZFB//nqtfrKOqAPMgZgMsxe6DV0KKQjLcPKiMttYr +8IZxHyYOh+KOhr4/txJ3HGRjzEHO6Ww8b+Uo7N46GW1ePYQkqfzJka7y +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate_1.key new file mode 100644 index 0000000000..5d9e5d989f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtlI9gSFDYDP8TnYojCY82RsFS7e6XUH3nghysg+puzcbuG0Q +Ys/CKZd7l0n0O4fZKWRy8JkEIyOEgwQ8ARWVGvgCug6c0vZFVPmo6ed8LvXntDhK +u9BA+FFQY7D8Ljn5a6PJ3TnfR7bUgSsZQ5mn8RxOU3nwQExG+unf2t91eoslnfDW +hRaI8utlGblCHwe9fo09c41v9bbkvK9NDvb0N+FY+6FtBtWAABbzV2/qB/PBoK2r +Xk3I9+j6wbbGAftqIk0d90R+aRZI8JMMtEXHTxWEKfbDo8MenIxGKkf8YYbWYoJ0 +BphXtE4RyLJEsXbkODtfGd/1FYBA8HVMLMGdzQIDAQABAoIBAEgXeM5okrWlmKyF +uD7Cl+jY8F0iRwS9IuZQPNn/q4OlpMZmCcaolAPSLEKEMZigfNQLLg/I0YP7dVhB +AmEDYbQKQTnEsWoRixSwq4Phzo7bGUV/xL1C+Y22yWzB/NVigyd22kkpqwo2VwzE +N/cs+OUz5hzH6KHkB2ULuUJYfaF4XQrklamTEZvH3EpuXEfrwfnqIjO2lMUTFbyN +bR9pVIbwDNEFRhYZvzZcTN74SZwjJx4wyHjQsawlD2McthkSjfEak3+uuAUbp/fb +e9IMBuR9ihDV6iLh0aFsr5069hna2b4OTvIKjEfGjrtl+r3Tqp3pbbgdmLPPW/My +KR5pc4ECgYEA2J71cdpRgVMMySbtIg+QnTBgi4ZmobTiWICzmas2Hfj/o0/BLgEX +AdITBodiw3TNj4vObbi4RmulsY0AQlbJLklJd1WbDLIXGmi/PmVCZffi+gnJD30L +8z5qR+3FUZkZqpBM5PaS8DdkHm7u24HAJ3XOhUoWULhsfI70FDozrT0CgYEA13cN +kJY25rg3XCDYldVCRoUZjHelIaJL1ia7c7jicf4cQQgGWQeaXOgjJlWfGEQcbEY6 +Rw4wducApeMsD3nf6dE5gRvwnT4fZVfXZ6wX0fREPKb3KbigUxF9XK3GgHQ1vDN+ +1IHeqANlXyYcGgT0Ry+Q6YYE8kstGUs3jxK229ECgYEAw6bnN3shrLYPUUuYWPBI +BMGiIcM1xY5z9c3g6cXLLk0s0BuD9wJC/oD4cCguGy3PUHzM6SszPV+TG4eoGUL7 +mJPXCDLIxTHBTjgXq8qXqzO2zXGzKQsflQblxavLUcT/ep+05ASVeOP+yMIXeSl7 +Hej4rEjbWPMKAYK4j+B1tl0CgYBy4NjspAp1jPaHOkP/7wo9Cy4KBKiYfC2u6ku7 +cXHakT+DNMIdqb4VlvdWswP2LipxWCguRlR0sMlZqPuO7M4DnjforHrne33FzMXe +UpUIrhHLvMG/Dt78KzEJvuU9C7iytUoEB5ItRlJAHtOQ099iLOw4deohPQ+4kq/2 +qmWwYQKBgGAKws3QE6Hjm8xePN4FXuAg10zhJYmfja4/Jtl+Pt7TLIufKnac3vKL +oZGxSP+Il3YMG+DLqCYkBeCKhSSjrdIheW8LxIja4Q62Ig6MRWbDeOnK0e4xR0g3 +Wi0NaVBxLxYIBGuQhJaVgFKprfIMrV7gXxWhPRod5PBAROEhrffz +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root.key new file mode 100644 index 0000000000..99d0c60bc3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA+Rt/E0Ilg+ajKFMookJ22+zAHYg87jet/iSkNzJMMie+JTEK +B0h/jkQk3uzv4834/KF+tZUOAyruB+aK+5KLklycUT2VcutetdC0Ax4mXk3woO9B +eqAnb6RzuWEEpCGinWc9NK1uxCSVhbs8MzQMkaUf/l5rpo+4DADP5PHFb7MdSQwr +/gerjMZVXO9EfPl+fYBjk+Z13RZyyR2VxxS0HRie/grIsn1VBuaLu1C2Rs9jWbtm +i663Sk0+pHXSABuvhzj9AW2WCgvoLvKt1agQfP/ap2If64vWa5bBD5oLG0Zj4KpU +xbDxMa18JKknhKLfBoZjSrKcu7M/idScevqRJQIDAQABAoIBADRnl20avj+oVmyW +SfcQmmabwLK1xXOr3PuZA77k4uiuOa8jSOPNWaA5L7SCDdlTrGyhIMHccI00C803 +r8dKxfftaakhln4Ni+gd1rDNN+8g4F1K1/CPHpy68OlvwoUw2j/YxyR808+JjrcK +c5il+3rsTPW7MVRh6asExLd6MTnU/zLpODXHDKk+eaGcPp1Ft7UJxtPghXR7YNnG +RXX9PrS7+OvBtVW+7StUM+NzEXCm/kKTRTnuHjU0mJfrDnB7WCUZerhfqG+YrtsW +pGiBlGEq8ovZ0jeOVzvWTyBVCck+jlXkpQs3pY1BCMSu1tidw1/vu7NWNd/7Vnsc +rPn6OyECgYEA/51bvULIBEUzSWduRKxf+T5MYXiEFmVZNFfuy9QV9LBSGOZIktKK +RFAO9E0q+2rL2MsAMeLbph2p5+Jnz1lhzZdorSAylarBknW+wAmcVoDKJ1e9yfDT +vWABAmu9XfP13AQIL4XEoQXomNjWkR1OpX3G21KpmVghZynXjXBqb90CgYEA+Xug +eu5JsNF1nk/lcvvgRAozUt3XvIgVFX8RzKyD/7oeOlbqgHR0BevdtwoyCu5G48ks +lkATJLh/W4B/MhCDZEvFP6wnzjI5HRz6rIIpwODyD82aFb6yQLQjGu5HxpF2dG5g +LH5t8TJGkWDi4W3ozsqDyQyXhTbfP11P0M6aNekCgYAsa68uo7VYsKHqBrRt8Lq4 ++K+TXLsvnSs0YneYKmIqZJ3Pv+0qvrXSi0sd/28RxAxqv1RoVvEu3AbTyk+aBAFw +FfjV5TuFMOh0yEt+2ey2R6lZzvCncFeLmGx0fD6rXiMCuhymDYwPI5S5Qy1+iGZL +ciElqibZBCzB3c6cwMVubQKBgA6xrV4QMt7rN1Y/tm/zTd40C5nR3ycHjNZbSZ0Y +fB3PxIADJoSyVzMSFVj2jMQADMTV0H54/6emBjpJczRrrJF3tQJvDVkjtCF213zZ +ncPye89aeLzXIoCVG4w2hJu5bZSl+5wjRi5ym51sa3CDnLaxTtnEmBgMh1GgGVdf +E84hAoGBAJn4Jclrc3U58ijwuK4D3P0/pK6kNNFL2E03HurDvk/Cv/xsVBkSiziz +PvU7yjyBSzB7m97eSPHJ2WEOYfmtFZMoX3kCyjFWmTO8c8My4cOCSchTMoueViBX +rdh1TmVbvy3tajuLNLMKsuab6W/GJwdXIiLJuvqM+ntNplWNvQE6 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root_1.key new file mode 100644 index 0000000000..6cd32ccc23 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Root_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2kLnRUOnAHui07b8j7hGYV7xTqCJWh+iD1pnpHBgonHQPZna +1Lzy8psSkai7HTfvGALYUrkQfte1fySiGmjTUPmq9uYGEkzzfcq1rqnfCy18qP2H +Ur11Fqwjw7kAkfAhACwLVkCpLBMslPfT1qSEZQzjyQ1CYzdP7FvQ0M+GekEleCle +V4ee45UntFmUKUuvCUKkXx0GlxcxyoLnshBi0LIxa9s1JCJyj3sfIOeEEPGZE2+a +DpWGfzwj6wea7EMmFqXEhLes9qG4BxohdmfEoXy2bKJgcifkNt/2N49rq1swO+nb +i5JmVz1w1GESm1vvrqpJr9z4vI7dtEyHtUFx1wIDAQABAoIBAFsTPdQORdqSvMAh +hEQofd3Vs1W+8XGU75f+fm8EoZ5HZcC+uay555rKkLYNNX8cvv1C+qeSJ8r2Efsq ++yWQBlWsyOVb2L68M4KTGrr2kWblpTYTDOu+uOQsEoRyZ0V+cRbUSirEspL8sUa8 +Hz5ayhAsj8RubvxdsVEMgxcO8auDTDTmxnLHCvoPHhOnCS4bM6E3h24YVAjZ51PH +4yg/ovX955KROBkWjijVe35Q14S7fv9IfE52Qid74boiEN3S2+HOqUuWby9Fky0C +NMTHa//IUrncDIby57Wd5H/7E/u9MajhT72U4M7DMVFTu6YyEQCuvIQN8JaHG+ZK +jEFjygECgYEA97kAw75FOsv0sHhA0gBkcSy4m/LVyiJfyxZtOkj0jQo339y3RSUF +gUTkULz/KfxSEDU9wTHZuCNH6lLAlrpftLJsRlx5nBfgbqDZ2fZCG8D3Qql2jwfO +U1dFB9wL+WOCzb2sPlZXRiN8tLyRRmz3m9bTDDgpsU58zExE4JHVdQECgYEA4Y3k +E6vAno1G8/SwShBfmcjGuYVqT66dqAKMSxuNp9WKi6s8NtH+1a5+sFL19IjXje81 +dHudkrZTkQmT3yKRGG92VudJrQbQUQrCweXmugGNyco0GVsnEy96e/JHc3PXUrzS +BTPDy5cCZxHp5/dB25no4lHeF0y/ZT3E9XH2LtcCgYEA5KBs8Ts436P+56OEh4xv +JviURPGgmFaTPHctRf6xHT5SBRzKVFlvtDel1FIp2VETV/wbS6O7gbOmGsBXGIVX +8Qg+381XO1XZ/6Aaj4w0xTKZwX9veWBF7yr6/d77eiZ6QXINdtbu4z+7R39FQM8u +0zg4Pe3TpN2AVnkJlI1jiQECgYEAsy9l4bqwa0UQ+P2Kj0wyppk6RmgW7PZriO19 +Rq28+3hJeGuwilyJdngJbUp62qlblQZUERWjOMpf2Pki4EE1w5PJD4Dupuai178U +ubVKdrqFSam5eetQP42YYJ845B9DEBexQTC+ex6cagVxLTbguvSqbiFbrmbqJiPM +NLE0QkECgYB38eysTh63xJSa+pbPLUfmi5NT/t0r8S/WHI5hrUI6op9PbOhWS5LI +4rcsAIBnWKJRbHviDLjCGSHqzVv/zJ2dzOhrzwt7InUHUbr98oyK0UGaK5CX0/DG +SkcX9bdWiFkDAmqDzTUnWeWsnBH8DKUzSbIGmKnMqwpbYMPRfriXEA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Target.key new file mode 100644 index 0000000000..59151daaf2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsV7LQZBzxBPOdGku0suS8d0cMNW8M69957JaSsJ+YctEl52F +JhDb/AfH8myHevD7TMgb7Xw+GUxesei6EI/zLlC0Vv8fenCW7vbR+fJX21bH0/3N +Wuzg58g5yjqZwNQ4dwiU4kypW7i9l4rfRXz9sO3Isgk1U05vWEJgxpJC6PYiaovE +4QgA5qdIyWRLE37KyAUXtWBm2/Al6yTkn79rliEYv6cZXC8vY5retoPFGv3wJRh6 +Q0oV0HawPyLzb3GxI3R7PBTKirF/B2w69gEyGzhPuhRQAJ9eCQ/DsvIlvNDg82+v +WCJfhg+0xv5eQbXaKuBeGPF8eTxXt2hdJ06FFwIDAQABAoIBABCiNSmG5HRk7x2X +p555HOS1uakSwj2OnZ4W6cTNDJEbQOl/CjeRqS+vgx7G8sWix85hjczts90nflHs +41YeSc30H5VxA4C2AlGSsApiob6eGstUp+d5A3Z5HoJKkJS20jzHfz7htZg2cQE/ +MsUPfbMT+ZhIqMmRN3vtbanxmXjDRFo6KvXonJbpmbwhJIWFpbMLdvKivPVN+a1L +tTT14wiGKMXCseVDsrMfHRovYSnJZg2j66pnOsGiqrj0aJaG3ddxQEyvxK8f9aZw +0JCtIx2KXk9k4P3DDk/niVAhY/wN9ZdQ4s5jhp45WIoMMQMHuVbN9+nH4uh2VtZ+ +jYzylwECgYEA4cx9ZuINFYq8isZattG1Nbml5odwNubowRhSg35O+7aOlNTWFPtJ +cHxUgpS4mDpvFAFkgLmDUZn2WCKTDBV2wfedhbvsD6waY3rnXvFq2kMWKlErXwA2 +x/qB3HWgzNkVmKOzgb6++CK9Q7B42vwRzO9S4yOsbg596yhjvmbkEUECgYEAyRgT ++4Ze3bd2a3d2hDwIQs3YJy2zjqyuIcrZmyrOqBaBN4de/DdYNb9LrqJl/ELWApVq +xwqH0mwXXQrapgAdkwWOfkrByikfXULGC9tc9C6LHkFfjayEaEggDhL4CcWTug38 +kZjKlAzvW97CXZEV6njPwxyZQA2OOAqA0+v6qFcCgYEA0TLzcFG5S58ZZf22aDFN +EbSp9za+ia9QMC7HrBpnNSEDYvL6UcArX3NhnQYLLMbeyQstQXIfL4hUy31k/coZ +GEbBA/mDEVYjsM1a9gT4ObX0IErJwx/goVD/5fB5hbEPKDdrBadjKWSOM9uZbVIj +b9q/0b/obqMwmKH4H50WasECgYAZIVct8abdUlYMLAu1jsMBhjPjAYUU6WOBeZYk +G/9jZhyT0ej+3/O4E8XjdwwDsF6KSB3l7dz3YOayi+6zHASWIPWjtrftCaKPxw50 +4N8G7OIZz9WfINYTKiBHYft5TSWe9KyBjXSTd+JZusbTZpQ0jxB3s5U7OfZx7m4X +DcBvVQKBgG1FMprXPZ8ZPIjjH1wMQzNofbcvz8WqvDlRDaHGbYBqy8Y1uk/yughH +0hRk7ht3oXLqiCACWCbBiB3StY7HyUlxqBqgxuRqLJnF+WSurSLWHxDL7e6KaL+0 +gnOFnq6hmiS/e9gJDGEpHSUCLnDTKwnH2IW2eZhYKuBhXFB3lBO5 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/main.test new file mode 100644 index 0000000000..38af04e381 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-and-target-wrong-signature/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/chain.pem new file mode 100644 index 0000000000..091d6bc03b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has a basic constraints extension +that indicates it is NOT a CA. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:89:40:ce:2b:53:75:88:ff:8e:84:70:5e:89:c5:8b:d1:5c:22:c2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:96:d4:6b:47:00:ed:9a:72:03:1f:bc:14:42:63: + 28:8d:c9:5a:08:27:59:06:2e:61:d9:28:aa:ed:58: + 17:5f:f2:bf:ee:33:ab:74:0b:1c:c3:00:b6:38:96: + 96:d0:dc:91:44:ab:1d:fa:e5:99:ed:fe:ee:43:dd: + 21:b0:b8:1a:31:70:bb:c6:a5:eb:6e:2e:79:cf:c3: + c9:32:f7:39:e5:ff:9f:1e:fd:c8:8c:8f:9d:42:e6: + 5d:cc:b1:75:fa:94:f3:f8:df:f8:47:ea:7a:4f:4c: + 1d:67:fd:37:2e:75:a3:13:84:00:92:c5:6c:86:66: + 80:39:7b:0f:2e:af:14:ce:82:1c:e4:78:7b:f3:d8: + f4:b3:b1:d1:7d:5f:ed:19:6f:1d:eb:7e:be:3a:33: + e1:b4:86:82:22:05:28:87:85:b8:2b:70:f1:88:45: + 6b:b4:fb:d0:f0:0a:e5:45:f6:a8:e2:18:88:74:56: + 4c:a7:4b:cb:13:8e:61:8b:1a:c2:a2:2b:2d:24:7a: + f0:4c:53:49:8b:98:be:52:31:72:5d:38:e7:8d:36: + 7b:bb:34:4d:66:2d:b3:8b:82:85:9f:e6:f9:d8:58: + da:0d:e9:d5:d2:be:53:4b:88:ad:58:8a:3b:3c:1d: + 53:60:ed:15:50:9c:fd:c3:bf:0c:fc:56:02:8f:06: + ab:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 69:F2:C8:4F:15:5E:61:18:40:61:41:B1:88:18:21:B5:77:6F:F9:DE + X509v3 Authority Key Identifier: + keyid:AF:9B:3A:70:86:45:08:AD:02:CD:FC:FD:46:48:82:7D:46:63:31:DB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 81:4c:16:39:06:21:f4:37:69:aa:a6:28:f9:7f:e4:66:af:a6: + 7a:fb:8f:24:7d:5b:f4:97:0f:78:ae:e0:19:e4:ac:96:01:5b: + 83:d4:90:dc:3d:95:e9:37:fb:f0:8b:cb:a1:4b:26:3a:91:ae: + 0f:7e:ad:47:e7:54:e7:92:60:7c:d8:c3:ba:39:0e:1f:f7:43: + 65:2e:cd:4b:33:5b:8c:30:65:4b:a3:13:da:4f:80:bb:5e:a0: + 2d:a7:6e:6a:4b:e7:28:36:da:5c:5e:ec:a8:2b:0b:57:e6:74: + d7:a0:10:7a:00:76:e9:3a:1e:7b:b0:a7:89:48:51:aa:c6:de: + 8f:cc:2f:fc:29:6d:f6:fb:7f:97:bc:4e:1a:0f:f4:72:52:21: + e5:70:26:9e:fa:95:50:20:35:68:db:ac:5c:04:1b:47:c5:e7: + c6:07:3b:5f:e6:39:f2:1e:d1:66:c5:80:7e:84:cb:b3:c1:21: + 0a:a0:ee:aa:1b:9e:4c:b6:00:bf:6b:98:bf:8a:8d:a2:8f:a7: + e4:98:6b:de:ad:f4:da:fe:54:13:99:1d:ec:c9:71:53:ba:c7: + 8d:41:42:ca:8e:3e:a1:16:d2:c0:01:af:98:d6:66:6f:83:42: + fe:c2:3e:c4:71:78:e9:00:04:47:20:1e:8c:83:c8:92:28:8a: + a7:a0:28:4c +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUXYlAzitTdYj/joRwXonFi9FcIsIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAltRrRwDtmnIDH7wUQmMojclaCCdZBi5h2Siq7VgXX/K/ +7jOrdAscwwC2OJaW0NyRRKsd+uWZ7f7uQ90hsLgaMXC7xqXrbi55z8PJMvc55f+f +Hv3IjI+dQuZdzLF1+pTz+N/4R+p6T0wdZ/03LnWjE4QAksVshmaAOXsPLq8UzoIc +5Hh789j0s7HRfV/tGW8d636+OjPhtIaCIgUoh4W4K3DxiEVrtPvQ8ArlRfao4hiI +dFZMp0vLE45hixrCoistJHrwTFNJi5i+UjFyXTjnjTZ7uzRNZi2zi4KFn+b52Fja +DenV0r5TS4itWIo7PB1TYO0VUJz9w78M/FYCjwarnQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRp8shPFV5hGEBhQbGIGCG1d2/53jAfBgNVHSMEGDAWgBSvmzpwhkUIrQLN +/P1GSIJ9RmMx2zA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAIFMFjkGIfQ3aaqmKPl/5Gavpnr7jyR9W/SXD3iu4BnkrJYBW4PUkNw9lek3 ++/CLy6FLJjqRrg9+rUfnVOeSYHzYw7o5Dh/3Q2UuzUszW4wwZUujE9pPgLteoC2n +bmpL5yg22lxe7KgrC1fmdNegEHoAduk6Hnuwp4lIUarG3o/ML/wpbfb7f5e8ThoP +9HJSIeVwJp76lVAgNWjbrFwEG0fF58YHO1/mOfIe0WbFgH6Ey7PBIQqg7qobnky2 +AL9rmL+KjaKPp+SYa96t9Nr+VBOZHezJcVO6x41BQsqOPqEW0sABr5jWZm+DQv7C +PsRxeOkABEcgHoyDyJIoiqegKEw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5e:d2:b9:cc:38:a5:71:aa:e1:ce:1e:c1:8b:50:10:aa:15:44:3f:ba + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:02:78:c1:e7:a0:b7:63:87:52:e4:d4:11:71: + 3e:cb:65:9c:d9:2f:cb:48:30:8e:62:29:ae:c9:22: + 36:a6:67:d2:ea:10:58:d2:82:ab:bc:1e:a3:12:64: + 6e:fd:79:af:2e:6c:c0:8b:fd:36:68:ea:e0:0a:09: + 53:99:89:75:92:61:13:ac:aa:d9:e2:f1:ac:93:72: + 94:65:99:9e:52:9d:8f:6d:1e:b1:3e:83:fb:fa:c4: + dd:b4:b3:d2:0b:bb:f8:21:10:a9:51:8e:9e:b4:c8: + a8:63:79:50:62:03:59:3f:53:19:02:7c:a4:d9:45: + dd:07:b7:76:89:ac:ac:6f:b1:1d:aa:8c:4a:e5:40: + a2:05:32:2f:ba:a8:a9:8a:f3:eb:f0:f3:d9:9e:97: + e6:89:42:dd:95:67:de:33:62:2c:10:59:0b:b6:de: + 9a:3e:54:10:b8:a4:a9:33:05:4d:fc:ea:8b:56:38: + 2a:11:88:cd:75:1f:74:ea:4e:ad:3c:ef:da:d4:00: + 72:57:1c:16:d3:20:b6:99:cc:7f:aa:58:fa:48:e8: + e9:a9:bd:00:2e:87:ce:39:9b:1c:17:23:ac:28:55: + 77:81:e7:ac:f6:d6:6d:77:27:fb:e7:a0:22:72:58: + 83:4d:1a:1a:be:b6:00:8e:d1:11:c7:71:28:93:09: + 74:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AF:9B:3A:70:86:45:08:AD:02:CD:FC:FD:46:48:82:7D:46:63:31:DB + X509v3 Authority Key Identifier: + keyid:6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha256WithRSAEncryption + 49:b5:b7:cf:f6:1f:c2:b8:de:b0:18:55:84:5b:30:90:ab:2b: + f6:19:57:db:34:dc:65:9b:50:b7:7d:f9:a3:2e:3f:60:ff:de: + 7e:8d:a3:20:c3:ee:0c:b2:b2:f0:68:ab:93:c3:f4:3d:ec:da: + 54:86:4a:c0:0a:5e:e9:c3:bf:4b:cd:1a:28:8e:b3:1f:b5:5b: + ce:d6:fc:1d:cc:7b:8d:a6:31:a7:ef:43:4c:3d:3c:d9:17:e0: + 3f:23:ca:1f:d6:cd:d2:ce:da:f3:a7:c8:f3:3b:ab:c9:e1:c1: + 56:37:f7:79:0f:ae:ad:52:43:35:95:8d:34:a4:d7:e0:21:a7: + f0:37:63:c3:63:8a:d3:ce:50:ff:e1:0d:30:6b:b3:75:e1:5d: + 43:31:9f:3a:b5:59:cd:aa:7a:06:bc:4b:4d:74:ed:59:ac:fc: + bc:4a:4e:a1:be:1e:2d:12:70:6e:36:e9:4e:5a:11:19:91:85: + da:b2:54:ec:9d:9a:2b:cd:c1:7e:7c:18:fd:ae:a2:9c:b2:17: + 68:8a:43:b2:25:16:a9:7b:bf:42:ed:fd:54:cb:84:f1:40:76: + 54:a4:3a:62:1e:f9:98:2a:ff:37:66:bf:05:1f:b7:55:7d:8b: + 03:e8:a3:12:b3:40:78:52:77:62:aa:71:2b:cb:86:50:d1:83: + 08:bd:b8:50 +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIUXtK5zDilcarhzh7Bi1AQqhVEP7owDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMICeMHnoLdjh1Lk1BFxPstlnNkvy0gwjmIprskiNqZn0uoQ +WNKCq7weoxJkbv15ry5swIv9Nmjq4AoJU5mJdZJhE6yq2eLxrJNylGWZnlKdj20e +sT6D+/rE3bSz0gu7+CEQqVGOnrTIqGN5UGIDWT9TGQJ8pNlF3Qe3domsrG+xHaqM +SuVAogUyL7qoqYrz6/Dz2Z6X5olC3ZVn3jNiLBBZC7bemj5UELikqTMFTfzqi1Y4 +KhGIzXUfdOpOrTzv2tQAclccFtMgtpnMf6pY+kjo6am9AC6HzjmbHBcjrChVd4Hn +rPbWbXcn++egInJYg00aGr62AI7REcdxKJMJdHsCAwEAAaOByDCBxTAdBgNVHQ4E +FgQUr5s6cIZFCK0Czfz9RkiCfUZjMdswHwYDVR0jBBgwFoAUbLj+pnREl3Dt/ssk +OJAqqWFI++swNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAMBgNVHRMBAf8EAjAAMA0G +CSqGSIb3DQEBCwUAA4IBAQBJtbfP9h/CuN6wGFWEWzCQqyv2GVfbNNxlm1C3ffmj +Lj9g/95+jaMgw+4MsrLwaKuTw/Q97NpUhkrACl7pw79LzRoojrMftVvO1vwdzHuN +pjGn70NMPTzZF+A/I8of1s3Sztrzp8jzO6vJ4cFWN/d5D66tUkM1lY00pNfgIafw +N2PDY4rTzlD/4Q0wa7N14V1DMZ86tVnNqnoGvEtNdO1ZrPy8Sk6hvh4tEnBuNulO +WhEZkYXaslTsnZorzcF+fBj9rqKcshdoikOyJRape79C7f1Uy4TxQHZUpDpiHvmY +Kv83Zr8FH7dVfYsD6KMSs0B4UndiqnEry4ZQ0YMIvbhQ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5e:d2:b9:cc:38:a5:71:aa:e1:ce:1e:c1:8b:50:10:aa:15:44:3f:b9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:74:06:fa:a6:03:d1:64:c6:fa:62:8c:f6:40: + 93:be:4e:7d:71:8b:3c:fb:57:b2:64:7a:08:9d:ce: + c3:40:ff:eb:84:43:e9:0c:e0:80:2c:e3:9c:38:43: + 90:9d:e1:a5:4e:a1:10:9f:ac:b4:bf:24:38:7a:d7: + 37:21:0d:ae:de:f0:99:37:43:6a:e7:7f:d0:4a:ba: + d3:a4:f4:df:ce:fa:d1:b0:03:f9:5d:79:a5:c5:82: + b0:cf:62:02:87:84:ec:73:d2:65:33:86:02:d7:f4: + 57:8d:98:a2:2a:8f:89:c6:23:29:68:ff:56:46:d2: + dc:9a:e3:d2:24:d8:e9:fe:18:0c:4f:67:b3:cd:5e: + 31:4a:70:2e:4c:b2:7e:10:e1:38:c7:a1:fa:bc:8f: + 9b:23:e9:19:56:c5:38:4a:e8:7d:31:e2:6e:03:70: + ce:f2:0b:52:7d:6d:d7:d7:53:d8:e0:1c:6e:95:f3: + 1c:b6:04:50:03:23:39:86:42:28:68:26:5f:ca:a7: + 13:e2:51:ed:f0:55:bb:ac:4e:9d:cf:e5:07:44:41: + 45:f8:5c:65:cf:d7:7f:0a:e0:ee:5e:5e:2c:0c:13: + 10:f6:d4:e3:ba:9f:16:f4:8c:85:b2:53:4c:e1:56: + 63:f0:08:11:84:df:dc:e1:a0:7f:fb:78:5d:eb:21: + f9:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB + X509v3 Authority Key Identifier: + keyid:6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0f:63:30:43:fc:d4:2f:ab:61:22:7e:19:62:9c:64:a4:5c:98: + b8:bd:d3:04:be:06:be:6d:7d:2f:a5:f8:c1:5d:29:90:fe:9a: + fb:e2:08:58:7f:60:ba:e8:63:a1:17:90:88:3b:35:1e:92:98: + 37:2a:79:4a:db:1b:23:07:c3:75:82:90:1b:97:1b:4e:e1:40: + a8:74:99:03:72:de:05:46:f5:4b:f2:ab:00:4f:27:e7:e8:c3: + 95:d9:ba:63:f0:42:99:ec:61:44:1a:03:e5:6d:58:28:c2:f9: + 8a:36:6d:10:fc:d4:4e:91:38:91:7b:4c:e2:69:e1:1b:c2:c9: + 51:50:cf:13:08:66:d1:27:5b:0d:c1:f0:fd:70:4e:63:17:0e: + 53:2b:36:72:18:b2:a1:fc:fc:e8:21:e3:15:2b:39:e3:01:18: + 11:52:c8:0e:20:e7:29:ae:2f:35:4e:dd:2a:f6:12:cd:55:38: + 89:f3:2a:11:43:d7:33:c2:47:c1:c7:78:f4:d0:a0:5a:cb:ec: + 86:88:5d:5d:54:d2:b2:0d:cb:5c:0e:05:28:80:e8:8c:09:45: + 1e:66:44:f7:6c:b4:07:a3:4e:8e:8c:33:38:c5:de:10:1f:f8: + 1e:a9:12:3b:f2:18:d8:84:95:79:50:66:49:49:58:b5:e0:89: + 9a:ac:59:e7 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUXtK5zDilcarhzh7Bi1AQqhVEP7kwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7dAb6pgPRZMb6Yoz2QJO+Tn1xizz7V7JkegidzsNA/+uEQ+kM4IAs45w4 +Q5Cd4aVOoRCfrLS/JDh61zchDa7e8Jk3Q2rnf9BKutOk9N/O+tGwA/ldeaXFgrDP +YgKHhOxz0mUzhgLX9FeNmKIqj4nGIylo/1ZG0tya49Ik2On+GAxPZ7PNXjFKcC5M +sn4Q4TjHofq8j5sj6RlWxThK6H0x4m4DcM7yC1J9bdfXU9jgHG6V8xy2BFADIzmG +QihoJl/KpxPiUe3wVbusTp3P5QdEQUX4XGXP138K4O5eXiwMExD21OO6nxb0jIWy +U0zhVmPwCBGE39zhoH/7eF3rIfnlAgMBAAGjgcswgcgwHQYDVR0OBBYEFGy4/qZ0 +RJdw7f7LJDiQKqlhSPvrMB8GA1UdIwQYMBaAFGy4/qZ0RJdw7f7LJDiQKqlhSPvr +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAD2MwQ/zUL6thIn4ZYpxkpFyYuL3TBL4Gvm19L6X4wV0pkP6a +++IIWH9guuhjoReQiDs1HpKYNyp5StsbIwfDdYKQG5cbTuFAqHSZA3LeBUb1S/Kr +AE8n5+jDldm6Y/BCmexhRBoD5W1YKML5ijZtEPzUTpE4kXtM4mnhG8LJUVDPEwhm +0SdbDcHw/XBOYxcOUys2chiyofz86CHjFSs54wEYEVLIDiDnKa4vNU7dKvYSzVU4 +ifMqEUPXM8JHwcd49NCgWsvshohdXVTSsg3LXA4FKIDojAlFHmZE92y0B6NOjowz +OMXeEB/4HqkSO/IY2ISVeVBmSUlYteCJmqxZ5w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/generate-chains.py new file mode 100755 index 0000000000..f130ad6e63 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate has a basic constraints extension +that indicates it is NOT a CA.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate with incorrect basic constraints. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('basicConstraints', + 'critical,CA:false') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Intermediate.key new file mode 100644 index 0000000000..db706599ef --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwgJ4weegt2OHUuTUEXE+y2Wc2S/LSDCOYimuySI2pmfS6hBY +0oKrvB6jEmRu/XmvLmzAi/02aOrgCglTmYl1kmETrKrZ4vGsk3KUZZmeUp2PbR6x +PoP7+sTdtLPSC7v4IRCpUY6etMioY3lQYgNZP1MZAnyk2UXdB7d2iaysb7EdqoxK +5UCiBTIvuqipivPr8PPZnpfmiULdlWfeM2IsEFkLtt6aPlQQuKSpMwVN/OqLVjgq +EYjNdR906k6tPO/a1AByVxwW0yC2mcx/qlj6SOjpqb0ALofOOZscFyOsKFV3gees +9tZtdyf756AicliDTRoavrYAjtERx3Eokwl0ewIDAQABAoIBAQCs98Ert1OdTLnw +WJ0Nc/Z1JoHBTJAjK082C02OetdYYsYy8iIOhHuR+4qNskcV67AYZtL/u+APiB/4 +Mrp674eH2s7MqYIaiDbBOm09a8kwhNLDiZKiVs+Hko7LNWq2FX6yFAWw9cNfEGq4 +TQcyayPdhjuM8Q2TvGrEH3gqZG1UIXlD5Hi5ZQ1AhtzHHFnJ8ws2vUrL1HYaQsOY +lMpW5YtGq5Jja/2ptVD9PS4MAr6AeWa5SrtY/fiom1A2n14unybN7H3X8poQFqrr +ZEmrGml81BniLtn3gUiW7Xx/eO3T+sxRl065kVFqX1ZmlT1HoXawfnQxPgTKN3q6 +ZtFCHGDBAoGBAO3gJ/ZR5mrUBShx1ShhtJqBDfDu07OMc6QKJl2X8UhaKetzNGAS +u7iWzVYGk/TNC91QCpjPUNJ/Wr5DbIkBIC4jbxhWCtpNltiPMoSby0SnJPalu1zg +Q1fxJjMFwJ1RvW7dBOH4FKTPrnHh7m9NJn1ARVXV928aShjCX/mpY5NhAoGBANDK +sgS2V9ephfcB+6WxGglDc3pZgArphw9B+Jrvsg62yhUOh7yQ5+3YmeNKKaGxjy29 +DhfWqbs8EED1mebwJukVGO4h7P9356Rh0iHcbz0e7ibs0R9GhkClKp4mmYjokEcE +CuB6Rb4R88kCZ8F39x1Po0vCwuEblXvvpgU6frFbAoGAJHlnh0R9oUnLVK1Hsv5w +U/SP766fNXvGy5Nm2JkQvTheDyVGFakpsZ8l8xflHfdG53N7fHzldrFid6QdA1Dx +30E9qqye02RsSd6DL4Q4AdnjOBKnjREyIkzuv4oVQ8oh0tr/AaspdzAFHp83EUfy +K+hr+UJqw1VzoSJE1yJbC2ECgYEAmLH0eR/FpFI1SA0qNeYMjYPH203DJ7fb71um +7eCojrw9lCK5QD2VcMu8143wXnFVrfSabvKt1OG7XVaAxHUTb9jfD6C+C6NsRDrK +C7uDmuaY8ty0n7PbEUH5pgnCtW6nvVgGgF7LzJKigHoC2WnbzpLkcM6x6SFcNHRy +LVa3OwsCgYBCkNi2hqgHPK3NBeNST05kWHi5RqF04J6RNS+7x+gzv+S0rU/aDma5 +dwCE9kNJN+wlokihqq+Sxbl89T8W/TVbBhqTxVWGsiV490bNI5WQTFNQIX8wmf3i +0ANSxBw3sB0RCdJKpDpSPzx7JHV0vhPXtGg0yyr9Ua2DtRBRnrdqbQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Root.key new file mode 100644 index 0000000000..852ce89cc9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu3QG+qYD0WTG+mKM9kCTvk59cYs8+1eyZHoInc7DQP/rhEPp +DOCALOOcOEOQneGlTqEQn6y0vyQ4etc3IQ2u3vCZN0Nq53/QSrrTpPTfzvrRsAP5 +XXmlxYKwz2ICh4Tsc9JlM4YC1/RXjZiiKo+JxiMpaP9WRtLcmuPSJNjp/hgMT2ez +zV4xSnAuTLJ+EOE4x6H6vI+bI+kZVsU4Suh9MeJuA3DO8gtSfW3X11PY4BxulfMc +tgRQAyM5hkIoaCZfyqcT4lHt8FW7rE6dz+UHREFF+Fxlz9d/CuDuXl4sDBMQ9tTj +up8W9IyFslNM4VZj8AgRhN/c4aB/+3hd6yH55QIDAQABAoIBAA+HRBC9cfGFrKoP +QeggX1zTebbPNwUHNcL3DQGtoCUhTixNx9+GNXgCfu12Q2OgzqXd19eyYeK3qGoc +q/dz/7l+KuMWFaQJxYJ7SY8Prf6ibn5rRdwFeMMM2YLEdrstOr05f6KuBkxHdH1J +WJ23+EzOmt6U0FvbmeTG3KCqy29+AAFSjkpWKzYwd/tJB/n1aPvZDU8Z5bVZrQhi +7d3Cf4NfPBSlL0+y5olSAEaGiNxfOVLSHhNKYkK4n5mFGGPAcPBCJxRXD/SC/R4o +YP+JpGPnCOK0h2dp7qSuAncj/o2HnxAjcOA1mPuhuiOiN96n3e/BYgOVcSAQvKc0 +ies74j0CgYEA8xvXW1WsowhzfsH2tNglXayTq0GFgnMXYgTfqb43ESdyrLf1VB67 +/sroGP42a4kBlaWG04Q5iYIZWLnRlgyrQIniZhDU0N1szQOhC38JaM1K1yUDCNJM +XHxSl7akTlYoaaQUbSTsOsgYQ6K8OYVnKqUHqablFJO26haNGldD1D8CgYEAxWSs +Cxe2k0lPnzDnfFBK7KKHNNTPrnDQGEQVE4n88zznRQCKtm8M1BZ2xQAe0tIIJD4E +mUpKZVB5qmA8PB6c5inY2FQBOcOBQfkxpJ2YPTUFZAofZ9asL/eJncGvsflWwAsZ +0dg1/JrbEKBWKvEwmUT/eTiuyJxKB3G2WeRqmNsCgYBL8M59AW5EH0e0uPJP25UQ +hfA69uS1sy4CuHMFmx2ohiIUQgKonFEtbkTCSebGAK42CNbtC8jNY453YNRPgvWb +23aVW3yfIgvynseXx78wtbBDNJSWFNs1qMBEFBGPRuqo1VBsJ7SDSC4MMrGJZlqr +v5F9NV0p6FqjFRhOuiO+EQKBgQC1jOtj5HKLMxFldEBkqSDQVogOwnElmyL6Ppw3 +9WFOgsSfRWlPdAITi3m/pWW0N3M/ij8GkjqsxoCwgITGMs3SL8j+5vydmUBoYn8T +TdN48Cw+H8VU5zBFieHr0/n5sj/ksBEWXUsCQ5eayi2Wn3E4dyqV3tl7L6wy/pZe +RWT5owKBgQCrqz+lwGA/vuYX+iL+ls+LpdJ0lRxjomVahv7+GJbpCkpJDEryrAMa +oSXHGtufOB68UJhznvr+7v+b6NxrSZTMLSVvVVYVeFdGk1ssrtPEezVKzRs6QTEO +UcBjwakKVtRG5OtT2IsqaIUmA7m+2jXTXZjVvhPy3MAcHeKHDLksRw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Target.key new file mode 100644 index 0000000000..59b04222e3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAltRrRwDtmnIDH7wUQmMojclaCCdZBi5h2Siq7VgXX/K/7jOr +dAscwwC2OJaW0NyRRKsd+uWZ7f7uQ90hsLgaMXC7xqXrbi55z8PJMvc55f+fHv3I +jI+dQuZdzLF1+pTz+N/4R+p6T0wdZ/03LnWjE4QAksVshmaAOXsPLq8UzoIc5Hh7 +89j0s7HRfV/tGW8d636+OjPhtIaCIgUoh4W4K3DxiEVrtPvQ8ArlRfao4hiIdFZM +p0vLE45hixrCoistJHrwTFNJi5i+UjFyXTjnjTZ7uzRNZi2zi4KFn+b52FjaDenV +0r5TS4itWIo7PB1TYO0VUJz9w78M/FYCjwarnQIDAQABAoIBAA31UIw8oMCHRpS8 +Qh+2r30XojZY9dsllbaUFeVrHpapj2uK6pYNpTbCrRpljUV89BCnyVl7wBgPXJt5 +LnH9R6dFqIsEtdn3gRxiIQ+PY5NOabpjgBjJ/aLAUPPthF6RRFbG22JEZ9dI0vvZ +qi6pglL/B1KN5LI3cCxhoBEQ8Nr/eS9/uoS9cSLaj84dFqKmDjZ9iA22GtNWbn8W +NozZanNmyQHi1GRWwjTrpKJa8QVivW5J0BdVqsPOwxbN7yoGs0Rjgxm6m1Dh2mZX +Ec09E0jf/qGo4IO5sgtjAjnN0C30nKGur4EM5fFLqOIJgk/otWoa2ddf3nPWKwGJ +bXxhtf0CgYEAxxK8uQV3f5I6AdmdXcdGgEkalNuI3YHJowtYaI0ctguNoWISmNV1 +B+LsHKURPRM/vAkykbQs/heljAv0AUZ3BFW3zWkYpYqlBtWFcne7zD4vjb1WAZlH +Qp1QWGp7Bq8GheL1rc7arYa573jlWkA2xri1rFz4tz/PtW4LTSr1z58CgYEAwfX+ +tG7+kO8qyxhDLrb3vj054xS14j5ABeY7DZk+3uMuTUr4RH5ldYhLKiHdIdfjx9vU +EKu2VAi4C1T7s/rBJcPMEGPE3+DS0t9sC97zkP2X5caCpvJ/92f3xm/LrnRLVuYj +l4BZCDwxSwjduFxj8J3n+WH9Qpox/071nQtKi0MCgYEAnqYzGuzdaCCb8/9+p075 +w6D++yTeNVGK5VJUWbYj7HzWmYe0NHLg+rEA5G80hs0BXRSjZXUG6lTkDPE1u5Jx +pVW+zof0KXGNxR2DZU9Arivc8AO1OD70iIUgk+YAN7pi426Vxrd0lRgqtEtP1RYZ +0VNBDaVmXXwQR5H0lcIn9hcCgYAswqwoz4SHxenGPK8kVK0PhemZ8emXcG4t7leq +Z7cOkLbat3ZbuB+J5A4UhwQVD1FNifmCb14APpLaap47hp6ULH8nOR7x21xLtaul +gaoLx7oKGKmGBWhqm9+eN6Z1d/j68Nk92SyyrdFiU4V3Sjr2CDrEXkyn1hW7qWkc ++MIXKQKBgAgmVY+lkzPk+sOUm1Efu0daXn7npryiWmwFk1MZ/35hvLgWXLfnmRwN +aU3j33s2Z4vVDBbs5x48QBPKz9akgztUMJj66/phsQHFjvVbiAj3ROFMpVa5HAqf +Zni+PDjAVeAteVAcpkDM9o2JVZrqQks2TEnx5VJcw9iIgeA5+0XY +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/main.test new file mode 100644 index 0000000000..2e6bd45e78 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Basic Constraints indicates not a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/chain.pem new file mode 100644 index 0000000000..f32f0f24d7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate's Basic Constraints extension is +not marked as critical. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4a:45:83:31:ef:c5:47:03:ae:f7:5a:80:bf:fb:8c:bc:23:1e:dc:c4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d8:cc:f6:ec:23:eb:20:d2:0e:7e:29:04:ec:8c: + b9:bd:ee:47:6e:0b:ac:a9:fa:22:a4:fc:41:74:04: + d0:b5:8a:37:56:29:d5:be:e7:e0:45:88:30:d9:5a: + e0:a7:69:fd:d1:c3:4d:1c:42:68:ae:7d:cf:54:db: + 84:b9:91:e6:68:c5:d1:6d:a4:34:4a:7f:8f:3e:a3: + a8:c4:0e:3f:90:42:a9:b8:84:c2:fd:51:ed:eb:e9: + 6d:cc:5a:22:f7:fb:eb:29:7d:5d:97:9d:26:eb:10: + 29:bf:2a:bd:b0:2f:33:9b:e7:a3:17:9b:db:b4:ce: + f8:5e:66:25:7c:8c:e3:c8:53:cf:c2:c3:80:cf:e6: + 68:98:ca:bd:e3:b8:d3:bc:e2:03:d0:31:5b:ef:21: + 6d:2d:42:5e:cb:9a:3a:4d:7a:bd:e7:75:75:ff:63: + 95:aa:08:20:fb:a8:6f:95:a9:ea:45:07:c4:a7:32: + 89:58:94:98:76:2f:5d:d4:85:90:e3:be:96:33:1c: + 53:d7:bd:58:87:75:4e:8c:c9:c9:6b:c8:b6:3f:d3: + 46:1a:9f:4c:de:a5:48:cd:ad:87:fe:7a:82:f2:0c: + 65:84:f5:09:ce:cf:fd:6c:66:57:91:dc:fb:85:d1: + ff:b2:4c:ce:2f:a3:73:b1:dc:1e:13:5c:03:1a:a6: + 99:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FD:20:6C:45:13:AE:E6:1F:25:FD:C9:1E:E3:09:32:CC:34:28:4E:CF + X509v3 Authority Key Identifier: + keyid:5A:44:77:BA:2D:5E:48:FE:11:68:59:58:40:91:67:E2:22:BF:31:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + da:44:ec:6a:27:0f:44:9c:43:dd:cd:b9:a1:e9:a6:fd:10:d9: + 2e:b6:70:7d:27:f3:af:2e:14:36:ba:13:0b:65:1d:69:c6:17: + 28:bc:8f:0f:bb:b6:ca:f7:77:9a:ac:d6:2f:60:4b:51:2d:0f: + 28:9e:3f:7c:0f:03:40:d4:bf:80:78:3c:55:fa:ef:94:e2:db: + 2c:9c:47:a2:ea:6d:da:60:40:2c:38:e0:c4:41:a4:9d:5a:9d: + 15:3e:04:36:e1:ac:6f:cd:b2:af:af:b0:79:e9:ee:37:78:00: + ad:22:ae:fb:9e:79:be:41:0a:26:d8:ed:4d:8e:3f:5e:66:fd: + 66:e5:9b:4d:02:87:00:d6:9a:5d:29:c9:6c:db:56:4f:f4:69: + cf:08:ad:4f:64:0e:ec:73:7a:54:90:17:cc:6e:29:6c:a3:0c: + db:cb:54:4d:e1:fc:3d:7c:82:38:18:40:5c:b3:cb:10:dd:b9: + e4:3f:2b:19:0f:a2:bb:f0:d6:bc:bc:30:03:96:c7:0c:73:f5: + b0:53:b3:5c:8c:8e:c0:d5:05:05:39:a6:62:52:9a:c1:8d:74: + 29:6a:93:ef:29:53:52:63:14:fc:f9:b9:1b:34:dc:7f:4f:ba: + 30:c9:4f:5e:61:73:f2:df:c3:ae:51:37:26:ee:8e:4b:91:16: + d5:c2:a5:ce +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUSkWDMe/FRwOu91qAv/uMvCMe3MQwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA2Mz27CPrINIOfikE7Iy5ve5HbgusqfoipPxBdATQtYo3 +VinVvufgRYgw2Vrgp2n90cNNHEJorn3PVNuEuZHmaMXRbaQ0Sn+PPqOoxA4/kEKp +uITC/VHt6+ltzFoi9/vrKX1dl50m6xApvyq9sC8zm+ejF5vbtM74XmYlfIzjyFPP +wsOAz+ZomMq947jTvOID0DFb7yFtLUJey5o6TXq953V1/2OVqggg+6hvlanqRQfE +pzKJWJSYdi9d1IWQ476WMxxT171Yh3VOjMnJa8i2P9NGGp9M3qVIza2H/nqC8gxl +hPUJzs/9bGZXkdz7hdH/skzOL6NzsdweE1wDGqaZEwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT9IGxFE67mHyX9yR7jCTLMNChOzzAfBgNVHSMEGDAWgBRaRHe6LV5I/hFo +WVhAkWfiIr8xODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBANpE7GonD0ScQ93NuaHppv0Q2S62cH0n868uFDa6EwtlHWnGFyi8jw+7tsr3 +d5qs1i9gS1EtDyieP3wPA0DUv4B4PFX675Ti2yycR6LqbdpgQCw44MRBpJ1anRU+ +BDbhrG/Nsq+vsHnp7jd4AK0irvueeb5BCibY7U2OP15m/Wblm00ChwDWml0pyWzb +Vk/0ac8IrU9kDuxzelSQF8xuKWyjDNvLVE3h/D18gjgYQFyzyxDdueQ/KxkPorvw +1ry8MAOWxwxz9bBTs1yMjsDVBQU5pmJSmsGNdClqk+8pU1JjFPz5uRs03H9PujDJ +T15hc/Lfw65RNybujkuRFtXCpc4= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:b0:5d:cd:6e:fd:4d:77:89:ef:99:fc:fd:05:d3:22:44:3f:93:ef + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:fb:af:dd:12:ab:aa:06:e0:72:bd:43:4c:3e:5b: + cd:02:9c:ca:c1:42:6d:cd:47:6e:6c:4c:6b:3f:2e: + c1:3f:2e:88:3d:77:4f:1c:34:60:ba:f7:fb:58:64: + 3c:c2:76:5d:30:88:48:22:81:2f:27:c8:1f:b4:ed: + 96:07:5d:f7:7c:4a:37:be:fe:4f:7b:1f:19:82:21: + 24:18:c9:ae:a7:a5:58:62:9d:6b:f9:9a:88:56:0f: + 7f:b4:0c:1a:d5:4f:ab:2c:c4:97:6e:ec:db:b1:a0: + 43:86:34:08:2e:21:16:f8:f6:3e:2a:e8:ca:9a:a4: + fb:91:7e:f9:43:19:42:08:10:7e:92:af:60:45:4e: + 30:e4:d3:d3:e9:bf:32:cf:c1:1b:a0:52:6e:a4:aa: + ed:13:6d:e8:7f:68:c6:88:84:67:20:8f:6b:82:9c: + 49:5d:b4:95:63:9d:0a:dc:9f:ab:7b:b3:eb:f7:ad: + 48:35:f5:44:ec:84:23:e1:5b:ca:49:16:e0:c2:5a: + 8f:3e:d2:2b:fa:50:08:bf:12:3b:da:8c:96:66:93: + 69:5b:27:4e:b8:e7:8d:11:14:e6:29:23:b5:d9:f7: + b0:f9:e2:90:e2:d8:be:8d:1d:dc:89:f5:eb:15:df: + 58:88:e8:91:14:94:9d:37:e3:10:1a:de:30:3c:18: + d7:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:44:77:BA:2D:5E:48:FE:11:68:59:58:40:91:67:E2:22:BF:31:38 + X509v3 Authority Key Identifier: + keyid:B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3c:1a:07:71:b2:e0:cd:a3:3f:a4:a3:32:26:a8:6b:f8:72:83: + 0c:f1:e9:88:03:59:53:33:1f:b3:9b:cd:93:c9:ed:e3:ca:a2: + ef:43:ac:87:8c:7f:9a:06:6b:85:41:a2:c3:25:6a:82:12:39: + 8c:57:22:37:86:6e:08:28:86:aa:ea:60:21:95:b5:ec:d5:2e: + 39:90:89:e1:76:5d:71:e0:3f:42:92:5e:17:2e:09:88:48:b3: + e3:83:e5:b6:ec:67:e0:03:1d:11:4a:df:4f:6e:f5:18:8b:7f: + 79:8c:89:69:59:45:9b:f7:f6:f3:ea:83:fe:05:49:bb:13:64: + d4:28:0c:78:83:1d:f6:17:86:16:5a:f7:81:06:11:ce:ef:35: + 8d:79:7d:f1:d1:ff:a7:a9:b3:1a:f4:a3:20:b0:0f:d0:d3:5b: + 1c:f6:1d:73:3d:96:8c:e6:19:70:a4:55:a5:ad:a8:f0:93:46: + f4:40:41:b2:3c:b3:78:1b:eb:74:29:6c:3f:7e:7f:f5:b0:c0: + e3:60:e1:8e:cc:a7:70:00:3d:de:66:f6:ee:e5:17:61:1f:c4: + d0:1c:f7:1c:19:5d:cd:e8:a6:45:14:d4:f0:78:87:7f:30:0f: + 91:f8:8e:4c:d8:37:cf:c7:c1:08:c4:76:0f:7d:b9:48:06:89: + 6a:05:b1:4d +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIULbBdzW79TXeJ75n8/QXTIkQ/k+8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAPuv3RKrqgbgcr1DTD5bzQKcysFCbc1HbmxMaz8uwT8uiD13 +Txw0YLr3+1hkPMJ2XTCISCKBLyfIH7Ttlgdd93xKN77+T3sfGYIhJBjJrqelWGKd +a/maiFYPf7QMGtVPqyzEl27s27GgQ4Y0CC4hFvj2Piroypqk+5F++UMZQggQfpKv +YEVOMOTT0+m/Ms/BG6BSbqSq7RNt6H9oxoiEZyCPa4KcSV20lWOdCtyfq3uz6/et +SDX1ROyEI+FbykkW4MJajz7SK/pQCL8SO9qMlmaTaVsnTrjnjREU5ikjtdn3sPni +kOLYvo0d3In16xXfWIjokRSUnTfjEBreMDwY128CAwEAAaOByDCBxTAdBgNVHQ4E +FgQUWkR3ui1eSP4RaFlYQJFn4iK/MTgwHwYDVR0jBBgwFoAUuBaSh+EMueVhw9ql +BRFqWN14ZY4wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQA8GgdxsuDNoz+kozImqGv4coMM8emIA1lTMx+zm82T +ye3jyqLvQ6yHjH+aBmuFQaLDJWqCEjmMVyI3hm4IKIaq6mAhlbXs1S45kInhdl1x +4D9Ckl4XLgmISLPjg+W27GfgAx0RSt9PbvUYi395jIlpWUWb9/bz6oP+BUm7E2TU +KAx4gx32F4YWWveBBhHO7zWNeX3x0f+nqbMa9KMgsA/Q01sc9h1zPZaM5hlwpFWl +rajwk0b0QEGyPLN4G+t0KWw/fn/1sMDjYOGOzKdwAD3eZvbu5RdhH8TQHPccGV3N +6KZFFNTweId/MA+R+I5M2DfPx8EIxHYPfblIBolqBbFN +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:b0:5d:cd:6e:fd:4d:77:89:ef:99:fc:fd:05:d3:22:44:3f:93:ee + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:aa:94:1d:65:8c:79:04:f0:c9:d1:3c:23:76:e9: + 3e:2c:c9:52:e1:fc:b9:bf:35:8d:66:e4:37:66:b5: + 4b:ff:1a:9b:cb:30:e1:d4:30:54:fb:6e:f2:43:fd: + 76:b8:84:51:79:12:5a:65:95:87:ec:3d:19:b0:ab: + 04:94:64:aa:bc:e5:bf:e2:77:fd:07:28:3c:b5:20: + da:55:2c:79:04:f2:71:6e:31:b4:63:14:80:4e:c3: + 83:1e:ea:7e:5a:c0:4d:48:4a:2e:9e:52:80:80:98: + 22:10:4a:05:d7:db:13:8f:37:67:20:63:19:01:92: + 07:46:94:b5:c9:ba:e7:68:af:06:57:35:69:50:50: + 22:23:0b:92:a1:98:32:08:88:5c:8b:4c:7c:a5:6a: + f3:31:ee:bf:4c:59:b0:a1:cb:e8:28:1d:fa:4c:d3: + 1b:e6:2b:03:1a:4f:b5:8d:93:5d:18:95:c7:93:c1: + 8b:6f:55:17:34:17:e9:d8:70:47:c8:4c:b2:5a:fa: + a7:aa:66:b7:a3:62:17:0a:7c:27:15:ef:c2:bc:5b: + 7a:7d:88:c7:2a:45:0c:d7:3b:91:7e:72:c6:30:cb: + 12:39:1e:a2:8a:88:39:30:f0:54:b4:19:6f:b6:5e: + e8:01:60:2c:2b:27:cb:e5:93:49:ab:b8:9e:f0:29: + e6:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E + X509v3 Authority Key Identifier: + keyid:B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 86:e3:13:ea:c4:23:12:a4:15:aa:2d:23:f7:2a:4f:97:f4:57: + 05:f5:d5:a8:aa:a1:dd:ad:a6:c2:6a:f4:d8:2d:f4:5c:2d:7a: + d4:6f:9c:ea:a9:09:e3:62:86:1f:aa:59:fe:d8:6b:35:0a:a1: + c4:87:8b:4d:b4:30:1f:9d:10:35:d8:94:82:bf:b4:42:dc:1d: + 94:af:01:45:40:6e:02:e6:fa:b5:78:f5:ed:97:23:4c:95:cc: + 89:33:69:83:59:04:fd:fa:48:5f:63:7d:08:9d:f1:26:a2:c1: + 71:74:68:00:13:1c:d4:70:45:52:f5:a2:57:5b:34:1d:6b:e9: + fe:8c:46:84:2a:99:2a:3a:58:31:d9:be:35:5e:c8:97:34:f3: + 6d:c3:d3:23:30:e2:fc:35:1f:82:68:02:ad:df:85:7b:4b:63: + 96:b1:fc:1f:3c:68:04:63:1d:bf:ab:e5:9e:1a:8c:4f:d1:d5: + 44:70:b4:4f:2b:30:a6:39:1c:4a:5e:4f:05:64:0d:83:3d:1d: + 3b:17:b3:0b:b7:f4:ee:f5:44:47:36:92:aa:dd:30:74:68:0f: + 07:da:14:c2:b3:b0:80:2a:0c:36:c0:a2:a6:77:f1:0c:e0:e2: + 80:5e:2d:98:f1:af:b0:24:81:4f:d3:1e:df:46:95:fe:5e:8b: + 44:84:a8:e0 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIULbBdzW79TXeJ75n8/QXTIkQ/k+4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCqlB1ljHkE8MnRPCN26T4syVLh/Lm/NY1m5DdmtUv/GpvLMOHUMFT7bvJD +/Xa4hFF5ElpllYfsPRmwqwSUZKq85b/id/0HKDy1INpVLHkE8nFuMbRjFIBOw4Me +6n5awE1ISi6eUoCAmCIQSgXX2xOPN2cgYxkBkgdGlLXJuudorwZXNWlQUCIjC5Kh +mDIIiFyLTHylavMx7r9MWbChy+goHfpM0xvmKwMaT7WNk10YlceTwYtvVRc0F+nY +cEfITLJa+qeqZrejYhcKfCcV78K8W3p9iMcqRQzXO5F+csYwyxI5HqKKiDkw8FS0 +GW+2XugBYCwrJ8vlk0mruJ7wKebHAgMBAAGjgcswgcgwHQYDVR0OBBYEFLgWkofh +DLnlYcPapQURaljdeGWOMB8GA1UdIwQYMBaAFLgWkofhDLnlYcPapQURaljdeGWO +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAhuMT6sQjEqQVqi0j9ypPl/RXBfXVqKqh3a2mwmr02C30XC16 +1G+c6qkJ42KGH6pZ/thrNQqhxIeLTbQwH50QNdiUgr+0QtwdlK8BRUBuAub6tXj1 +7ZcjTJXMiTNpg1kE/fpIX2N9CJ3xJqLBcXRoABMc1HBFUvWiV1s0HWvp/oxGhCqZ +KjpYMdm+NV7IlzTzbcPTIzDi/DUfgmgCrd+Fe0tjlrH8HzxoBGMdv6vlnhqMT9HV +RHC0TyswpjkcSl5PBWQNgz0dOxezC7f07vVERzaSqt0wdGgPB9oUwrOwgCoMNsCi +pnfxDODigF4tmPGvsCSBT9Me30aV/l6LRISo4A== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/generate-chains.py new file mode 100755 index 0000000000..1d2d85ba07 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate's Basic Constraints extension is +not marked as critical.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate with non-critical basic constraints. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('basicConstraints', 'CA:true') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Intermediate.key new file mode 100644 index 0000000000..e2c2a26ea7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA+6/dEquqBuByvUNMPlvNApzKwUJtzUdubExrPy7BPy6IPXdP +HDRguvf7WGQ8wnZdMIhIIoEvJ8gftO2WB133fEo3vv5Pex8ZgiEkGMmup6VYYp1r ++ZqIVg9/tAwa1U+rLMSXbuzbsaBDhjQILiEW+PY+KujKmqT7kX75QxlCCBB+kq9g +RU4w5NPT6b8yz8EboFJupKrtE23of2jGiIRnII9rgpxJXbSVY50K3J+re7Pr961I +NfVE7IQj4VvKSRbgwlqPPtIr+lAIvxI72oyWZpNpWydOuOeNERTmKSO12few+eKQ +4ti+jR3cifXrFd9YiOiRFJSdN+MQGt4wPBjXbwIDAQABAoIBAQDOnr+U1kzNPHG1 +oovzHZYeMO3a3lgaECw8yDe7NPz8i4zZORs/Alju5Sn4lMG0u0shzp+5g+hcdlRh +SjLCdYf5B0zghRJm908Pn3lsyBWUF4+J1caQsSZ/0FV8T/uvZqoWJIZVUCnDltgY +Uprsk8myNSUwQNAjSJImDeFADnpA9vjMKx9X8bYpOCcbxOFFkeN2Pe0USuFsLN+A +mJ4olqfVqOls77rNDbGFgkZspiqSUFd6g98U3hndMsV64YhySqEM2492qyjLXPP1 +AEbLMGV41ASk9IUN20aXE/tynTxnu2o7aHotu4oaucyHzaWP6C3ut7tpG4/SDIyh +sg6oTUmBAoGBAP5h3ormnN1fyTrdCromD6FYJPCq9sF2AbKy5QY97EZ19DSRiKLX +rIXvbtDZQ4BRzr6049FG1C0MIesKI8bG67ifwApIxNFc7sapFErHEnn3S3iSkBmv +jajrPVfVdYcRBZ0kcg63HVqBbYW9WQDvWi1xyfwbT0GL2gsRp9kUfnghAoGBAP1J +mzYFy5JoszxoeK88tMtBk4U3YS3ukUJJce7SGoJqyTO8Q9BpMcvkMHQpzaoja3Qu +rpUu4iOTUSpbwg+6c+wPjITudvNBQzpKzoXIEEa9GU2mM9PfX3JW/cpORZfLJQ6O +yVr2XZHT4qCLJiJgFgIgqA4L6xwiDjjNzFra2B2PAoGBAIAPBNkn/w/yiHr5i8zq +HDQ9C1uctVvu7CvpoyHhSnCuMKHGIeLYcCF8x2yb8z9F765Rod5YqbeDxA9uq1QG +D+SBh0umFm7POeUIeQ6r6ME9nOC155UGq2m+AsOU0fWMvCa/kiuWQ1Csl1YcXBH8 +bIk0H1qq5Ns6bCnmWXkOuBwBAoGBAJFDL6Lx++iB55mTiPNna4DOoR5bvn4rPl+3 +44HGObHmMHJdXL8gNZDr0+YrO2qCWdQOGc4xTzx79qbGbSu8EVOnLz3lzY6BNV8v +G/aZ4MvRE7v2v+6ZQxI+Vds6vKrrtNr+hPiIJu3FiUntw/cfCEA8HmW/7Bz8Yw+s +57CLpjp9AoGBAM1/xQ43uadmGBN72Fw/LythooJo0bicegEioaGOlY5VzDIW3oNi +JEH8Q5h/eYxyA0rl4SFMpWU7jLAD12bU3uu1bdM517WTTVD+MsK8nStLTefM15bl +IYUbc04iyQ7ne35tde/P/4+bRLhXFn10eKaBfr1D9BbDHVTITBqgU2D6 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Root.key new file mode 100644 index 0000000000..94d47bb683 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAqpQdZYx5BPDJ0Twjduk+LMlS4fy5vzWNZuQ3ZrVL/xqbyzDh +1DBU+27yQ/12uIRReRJaZZWH7D0ZsKsElGSqvOW/4nf9Byg8tSDaVSx5BPJxbjG0 +YxSATsODHup+WsBNSEounlKAgJgiEEoF19sTjzdnIGMZAZIHRpS1ybrnaK8GVzVp +UFAiIwuSoZgyCIhci0x8pWrzMe6/TFmwocvoKB36TNMb5isDGk+1jZNdGJXHk8GL +b1UXNBfp2HBHyEyyWvqnqma3o2IXCnwnFe/CvFt6fYjHKkUM1zuRfnLGMMsSOR6i +iog5MPBUtBlvtl7oAWAsKyfL5ZNJq7ie8CnmxwIDAQABAoIBABKWzZVRd6bILtY0 +fZDp3jK3RecGyZ9C0MQTvs3cmAmW9r9v9kxPcBNuhcxPBO8azF4rV9qWLxfZmMEe +AgPB7LFlQEIH3XU4N1Vt3R1HGXEmkqH1nLjndQwgVlu6JkbxifqEywvJ5eMdsSih +SH27jCghW4W2BvWa2lwgvKbdTXak3rlYOc96675dsjFv6x/D8h4Kp81nIQ1qZQSQ +RFszv6u2HOmZiMUOCcJEuW3Icayf1a3HS3Rub7BIVk18vD43MaDGnDP3eY2p7oN9 +BNFpgKZx7D1obQnO11HUWbmh2KXuGCH/cRPCNnebeWyYrn2jsoB0rizbQOPowXfQ +YMi85sECgYEA04Mllbwrmjy46sn49nOIplbD+0edPRtEHx7105pdd+ci3ZlI4BQY +wsTFHm4oHOblHfPuABePGYZbSL+Vek5bDX+oJxColPCWmZ8GcZI8fimCizHXE12I +6v4ArsDiBbpynMySoV0z9JFs7z7J+Rzizx57m9eIMzbTGWjmtnWYEfcCgYEAznTl +odZbVCqE0U8x0NlZ+M3rTD46KOoGOmq1oIr56ckNupHm6e5b/V2yURCVfqsTlP3r +KEduq39s0aL2ICvAeKA+CTfmOgcw2es5xDH2uX/mrKY2hnvyN3l3Q3Lz9XK8CCrS +3bhJgbVPBtOmGIhYLRjU/BdakcJDQfKbHdjHnbECgYEAyr5XdKQel4XFKynW/0XX +orpguaj3y+8q6TngIalCFwDzpr6b4E7jPS8oU/b7dFjPHlsHtAbhIHJtZdpfChG5 +rcLECE4rijjj4vVQU+T9H2HixFJN+z4ZVEeNl/VDsoH6AtsFYq/YcYJEjT/+kk9i +CW8KxWNgJtdSmnS3UgZ+chkCgYEAya1/tHxFcw6l+CG4tB/euCHPvQb8oYMa2m3r +Rwz73Ni+RIbKX7KswfCJhI8Cul48Hst8sDg3b+hmUNM0Q3D579v5PeARUpY7rmUO +ZQ25yrOajwU/NlhV4MMTMhxVHGwcKo5KtrSTedW3gR+3nTdzi3o6dJgLrV9rfDyW +Mq3VMcECgYEApnRlJ0TEoYGAaSRAl6fKUkkzkcTdcs8HzjpOIu2TSYyeBXxOCTnl +iSOhhq3DykvPVJXdN0tXPaKGsl8JV8lfNlxTsqzMObiqiqf4ICd1Uvda+/o6QyXX +kVbzmOVrenw/3DKenAws2QrMpu2+mI/y40IYLbCThbqtCzKVJNAnRgo= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Target.key new file mode 100644 index 0000000000..65d3032876 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2Mz27CPrINIOfikE7Iy5ve5HbgusqfoipPxBdATQtYo3VinV +vufgRYgw2Vrgp2n90cNNHEJorn3PVNuEuZHmaMXRbaQ0Sn+PPqOoxA4/kEKpuITC +/VHt6+ltzFoi9/vrKX1dl50m6xApvyq9sC8zm+ejF5vbtM74XmYlfIzjyFPPwsOA +z+ZomMq947jTvOID0DFb7yFtLUJey5o6TXq953V1/2OVqggg+6hvlanqRQfEpzKJ +WJSYdi9d1IWQ476WMxxT171Yh3VOjMnJa8i2P9NGGp9M3qVIza2H/nqC8gxlhPUJ +zs/9bGZXkdz7hdH/skzOL6NzsdweE1wDGqaZEwIDAQABAoIBADXg4jCXUJTMfzuN +OCMNag+wiuHnVta7SibUZfPOSowDOHNaXDtgZtUA3pr1wcT5S1H5Bk3Sly9eJsuA +7oArqSY6myxzVWd6QgAgLg3jOJrCZmlr3QWVedpaHaZedDhKzAt4k2zdalGap7VR +iuihImNJcreoTTanBQR4wDIu1WDwNb870FmiO1RXtA6o6Isq+FTVTnTLPRjh05op +mETd0u+fmlAv0Z1udW0akbn7yYhu2o7g33qrJz8mj5lMvdwkheCzQLPE1MiHdyKy +69jiRt2eEvvX2amJLXu27gxUI6YvKEjlzoRg8hDCxBXxc2xz7FCcXSQMR8PDoHwB +TUHSVpkCgYEA//EKUi8VsA4fWOLC0irdyHf2/w7wJQEJriemr7la0Jo3ec6sJg+f +st6Kb7hTnSjdYzo7wYyURj48LrvBr6OpcaICKk1Zd/5cDuwffBNa46BUuwziBqGu +7fcQ6bvfowEhip0ImO2wf/TLVQZ+LvXesx7nvrE6COZREif2Osw7rY0CgYEA2Nmi +7pHv19vWSGgqkGo12ItFLBnd6kFlFf2aohnuWvWnE7k5zfx0vVbxqVf+JW8mm75s +hNBQU9EoKGMnQz0PBze6LnXCebPM+V2ETZGL5TQT+yPzmo83qb6ioFCvdzzu1xHj +rfDtmBEYUROPED7rGRM0DjbTO+xTKjrO/rhlKR8CgYEAg07P48AiWVO1g227VAYI +COx7PPoV/HYe2Emhe/AVhoZIRebhbRmA7ky8K3se8rdfdaQPukn8XFlbmQJc6VaG +/TSH9dn/N8+4vTMpKAfqDnRYZCrE33AeBhpGhBQONVvEMJBGM+dmMQ+PLg0JueAM +pEsLzEqyopQ/LZhw/FOBnpUCgYB7JPSa6HM8sRH6InVxd29GnqhUiAf2vNZL663B +uloae4A6+ifyaxhcYaBw25Bu77UMItJ7hdToFFHqxYwJagY7whDPy336IPoY7ltw +tWOtcKqcJuly7zvcAG9X/Rn367lyly0lnTk/7w1RFXtb7W8S2U3peIbyc50y0Ry1 +mD+SXwKBgQCw00Y4YiTbX5weLqZzeC+/Yeez6MT85d2k5MmG1n3qPmM5oxDjmb5C +Kg1hSvr7eAfKw6K/uIsLhb5IyTUuckqOYMF5iuFkbRQqZnxE22zr37gjorC5dw0k +tAbYmeJXIK2jjI2lGMtCcwuY/WwGx4K0xV3b+lk5eZCHif3KaH31Fg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/any.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/chain.pem new file mode 100644 index 0000000000..dd92e8517f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate restricts the extended key usage to +clientAuth + any, and the target sets serverAuth + clientAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0f:19:5d:e8:71:6f:db:08:2d:79:97:74:46:0c:ac:d5:3d:49:b8:b2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ae:2e:8b:18:8d:f7:76:2c:94:0c:3f:a0:b6:ea: + 70:1f:5e:c8:48:c5:aa:ad:55:6b:bd:55:68:0d:8e: + ce:e5:99:27:c5:2c:b2:9a:29:a9:8f:8e:c3:c6:97: + 89:6d:31:d7:a4:8f:d8:36:37:4f:33:c7:d6:42:03: + 11:08:c4:7f:35:8c:ee:0f:1b:7a:31:74:04:aa:01: + d3:1e:8b:5b:01:9d:60:4b:9c:d1:8f:1e:ab:e5:dc: + 8f:17:77:49:e3:f6:d5:82:a5:2f:0a:e8:dc:9f:96: + 1e:2a:a1:41:d1:67:2c:9e:f3:7f:94:0c:6e:cf:5f: + 55:52:37:05:d0:39:37:1a:6e:11:ed:db:fa:aa:92: + a7:4f:50:29:07:69:af:1d:a7:99:fa:e1:56:f0:03: + 38:b0:ae:6b:e7:19:0b:dd:c3:07:31:8e:84:04:a5: + b4:eb:b8:bc:23:f3:40:b0:17:b4:ab:9e:3f:05:96: + 89:fc:84:23:cc:d1:06:c2:e4:8b:c6:65:f5:24:eb: + 72:31:bc:41:7d:3a:c9:55:08:0c:ee:a6:ae:1f:78: + 17:f8:a7:9d:7b:b1:82:f5:ce:82:6b:a8:b2:c6:8a: + b9:be:a5:d8:39:f4:49:e2:4c:53:32:85:26:53:4d: + 44:ce:d5:3b:a0:6b:e7:d9:02:a1:5a:ef:e1:a5:81: + a7:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EB:B0:1C:BD:B7:68:B8:D1:B9:8A:C2:9F:5D:CF:DD:AF:F2:62:70:8A + X509v3 Authority Key Identifier: + keyid:EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 7d:52:94:c4:f5:ef:51:88:eb:38:95:e1:ca:72:b3:12:9f:3f: + 92:8f:32:0d:cb:45:0d:13:f1:7b:72:27:36:e3:d8:e8:d0:1b: + bf:47:f0:d9:81:83:bf:ea:14:b2:b3:58:91:c1:71:b8:00:d2: + 1b:28:90:a3:8e:d0:9f:0e:01:7e:0a:f9:17:a2:14:ea:cc:8f: + 2e:bd:28:7d:1f:1a:91:1e:36:f9:6f:01:5c:c9:3b:e8:83:76: + 46:db:7a:f9:81:3c:85:cb:50:40:f1:f8:cb:c1:f8:cb:be:4f: + 84:3c:76:fa:1d:92:4a:b6:72:d2:ef:e0:4e:d9:13:be:8c:c8: + 3f:e5:0f:33:de:94:65:f7:2f:bc:57:86:0b:dc:a3:83:1d:7a: + 41:70:fa:7b:57:b7:d9:63:f9:14:9b:8d:c2:65:71:e6:27:94: + 06:6a:68:7a:88:69:13:34:ae:29:46:61:dc:64:44:de:f8:a2: + ad:fb:69:7d:e3:bc:5c:2f:45:c1:68:ff:8d:d8:b9:51:91:f3: + 12:6f:fd:2a:1f:90:05:21:08:19:5e:79:06:9d:2c:d7:ea:86: + 08:fd:94:70:e4:cc:1d:b9:ef:6d:fc:bd:9b:21:42:e6:84:9f: + c2:3e:6b:18:36:8c:ea:ff:8e:24:1b:e0:b1:05:09:d5:e8:93: + cd:fd:b0:51 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUDxld6HFv2wgteZd0Rgys1T1JuLIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5Zkn +xSyymimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1g +S5zRjx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R +7dv6qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/ +BZaJ/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5 +vqXYOfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABo4HpMIHmMB0GA1Ud +DgQWBBTrsBy9t2i40bmKwp9dz92v8mJwijAfBgNVHSMEGDAWgBTuxpplzPvOoD4X +AvloEoa2IglgtDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAH1SlMT171GI6ziV4cpysxKfP5KPMg3LRQ0T8XtyJzbj2OjQG79H8NmBg7/q +FLKzWJHBcbgA0hsokKOO0J8OAX4K+ReiFOrMjy69KH0fGpEeNvlvAVzJO+iDdkbb +evmBPIXLUEDx+MvB+Mu+T4Q8dvodkkq2ctLv4E7ZE76MyD/lDzPelGX3L7xXhgvc +o4MdekFw+ntXt9lj+RSbjcJlceYnlAZqaHqIaRM0rilGYdxkRN74oq37aX3jvFwv +RcFo/43YuVGR8xJv/SofkAUhCBleeQadLNfqhgj9lHDkzB257238vZshQuaEn8I+ +axg2jOr/jiQb4LEFCdXok839sFE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:ea + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d1:41:40:6f:cb:25:05:d9:29:d0:a3:c7:fe:2f: + f0:53:ad:46:36:19:aa:b1:1f:3f:7a:a2:e0:fb:03: + 2b:77:65:6a:79:eb:f3:a3:16:13:34:83:3b:42:de: + a2:bb:e2:bf:d8:d2:75:3d:48:38:86:bb:2a:7d:14: + a3:88:f7:7c:00:f4:0a:6b:6b:aa:9b:44:24:62:fe: + db:a3:42:55:15:67:2a:32:ff:b2:4d:80:93:d0:84: + ef:1b:dc:7c:ac:56:2d:54:08:02:f6:18:6e:b5:80: + a8:77:52:1f:b8:2c:09:6d:cc:f8:1c:04:91:62:6e: + 1e:dd:1d:89:b2:f1:23:0b:4d:4c:6c:da:49:3d:61: + 83:72:0f:66:36:12:3f:f3:ff:53:52:73:53:a1:ca: + 38:bd:c3:48:bf:7a:2f:13:19:d7:c2:28:e1:6f:32: + 00:5e:64:ac:4b:05:7a:77:62:57:55:a9:59:83:d5: + ed:a3:2e:28:34:71:79:2f:b9:c3:9e:df:b3:2a:b1: + 59:cd:04:00:1d:8b:11:56:ae:c6:67:f6:4f:1d:58: + 07:65:e0:b0:2f:ef:57:6d:de:c1:a0:7c:6e:38:a8: + 45:26:21:96:e0:f6:ef:0e:28:cf:01:70:57:dc:20: + 15:08:ad:e8:e3:98:74:8c:54:32:c1:28:17:e0:de: + a1:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication, Any Extended Key Usage + Signature Algorithm: sha256WithRSAEncryption + b8:a7:e9:54:83:94:a0:c7:37:16:41:dc:31:79:23:f9:84:53: + 05:28:be:08:e0:f4:de:d9:bd:67:70:da:b3:7e:00:30:80:d9: + 2c:7f:3d:1e:5f:16:75:40:a0:85:d8:4b:99:63:d7:ca:ac:b6: + 88:07:4b:21:9c:97:85:0d:e5:d5:4e:2c:4c:ca:2f:04:fd:39: + 52:b9:b7:eb:90:48:d1:2a:ed:a5:fc:e5:0d:d6:e3:8d:30:69: + 99:79:cc:8f:17:89:61:d2:6d:d8:58:21:ec:49:80:74:d2:64: + 98:97:04:bc:c8:61:ce:13:6a:b7:d7:ac:58:3a:27:3e:d8:c1: + 46:d0:f8:ee:e3:1b:0b:2f:ef:6f:e2:8f:34:ab:08:09:69:d2: + 62:58:70:84:dd:6c:e1:23:29:38:10:b4:8d:b4:e0:27:34:ad: + 12:72:8c:f0:8f:53:6e:c2:ea:b0:7c:29:59:16:39:1a:9e:b7: + 10:2d:64:45:9e:8f:79:ec:92:c7:cd:3b:c4:fe:7b:ff:5b:d8: + 41:22:e7:e6:23:7d:2f:44:04:57:82:ee:de:ce:5b:20:45:68: + 94:08:0b:83:5d:ef:e2:06:6f:3e:8a:d7:ab:58:3f:a6:16:6d: + 84:da:f7:dc:a1:ad:a6:24:7e:7e:cf:aa:13:32:f0:92:73:b0: + d9:d6:49:15 +-----BEGIN CERTIFICATE----- +MIIDmzCCAoOgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANFBQG/LJQXZKdCjx/4v8FOtRjYZqrEfP3qi4PsDK3dlannr +86MWEzSDO0Leorviv9jSdT1IOIa7Kn0Uo4j3fAD0CmtrqptEJGL+26NCVRVnKjL/ +sk2Ak9CE7xvcfKxWLVQIAvYYbrWAqHdSH7gsCW3M+BwEkWJuHt0dibLxIwtNTGza +ST1hg3IPZjYSP/P/U1JzU6HKOL3DSL96LxMZ18Io4W8yAF5krEsFendiV1WpWYPV +7aMuKDRxeS+5w57fsyqxWc0EAB2LEVauxmf2Tx1YB2XgsC/vV23ewaB8bjioRSYh +luD27w4ozwFwV9wgFQit6OOYdIxUMsEoF+DeoYsCAwEAAaOB5jCB4zAdBgNVHQ4E +FgQU7saaZcz7zqA+FwL5aBKGtiIJYLQwHwYDVR0jBBgwFoAUQnVBNMVZn5mjmxwM +V9tcx8FIt5EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBkGA1UdJQQSMBAGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQC4 +p+lUg5SgxzcWQdwxeSP5hFMFKL4I4PTe2b1ncNqzfgAwgNksfz0eXxZ1QKCF2EuZ +Y9fKrLaIB0shnJeFDeXVTixMyi8E/TlSubfrkEjRKu2l/OUN1uONMGmZecyPF4lh +0m3YWCHsSYB00mSYlwS8yGHOE2q316xYOic+2MFG0Pju4xsLL+9v4o80qwgJadJi +WHCE3WzhIyk4ELSNtOAnNK0Scozwj1NuwuqwfClZFjkanrcQLWRFno957JLHzTvE +/nv/W9hBIufmI30vRARXgu7ezlsgRWiUCAuDXe/iBm8+iterWD+mFm2E2vfcoa2m +JH5+z6oTMvCSc7DZ1kkV +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:e9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c3:96:66:c7:e7:fd:21:14:ec:df:4a:05:1a:8c: + 22:da:8f:3e:b7:8e:ca:a2:de:d7:e3:08:05:cd:28: + 1c:da:d4:99:ba:ad:de:92:07:44:18:55:e7:b5:41: + 6b:38:64:18:06:ab:6c:b8:ad:3d:b8:4e:c8:fa:8c: + fc:58:2c:2c:a8:42:08:28:b4:85:2a:aa:57:e2:a8: + 76:4a:6e:fe:38:2f:d1:14:c6:52:6f:05:a4:89:54: + c2:0f:f0:93:83:09:b7:55:56:94:7b:57:65:87:09: + dd:61:ea:1a:02:3c:24:a5:cc:2d:d3:7c:0a:dc:2e: + 67:a2:7f:91:ad:b4:76:76:02:ac:7f:85:5f:61:86: + 0c:60:15:a0:82:7f:85:16:f4:10:8d:49:27:e4:33: + 58:75:55:6b:5a:ab:c7:d1:bd:3d:a8:3b:68:1b:b4: + de:68:89:c4:87:fe:87:04:d4:52:f3:8f:fa:2e:44: + 79:c1:62:46:b7:88:4c:bb:75:61:fd:e6:c5:6a:fb: + a8:3b:ef:a7:e6:1a:1e:44:2d:61:a7:4e:63:5e:66: + b8:f7:85:60:74:8b:ea:20:82:84:84:71:f5:1d:c6: + 0c:c2:ee:11:78:01:ae:44:5a:e3:7b:97:2e:01:d0: + 18:91:77:01:23:7f:d2:21:73:f4:f3:9a:94:ad:93: + 2e:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 24:0b:85:25:5f:aa:41:4f:92:5b:42:99:84:9d:49:cd:6f:0b: + e0:a9:e5:0f:58:f5:9c:77:3c:73:57:76:9f:e5:15:99:44:e6: + 3b:b9:33:f6:fd:dd:b9:b5:d7:a0:63:3e:b7:b3:89:52:01:1e: + 76:af:d3:c6:86:44:5b:0a:ea:bd:54:25:82:1a:72:f8:48:af: + d6:cd:fe:dd:b0:7c:1b:cf:0b:c3:40:66:32:61:19:98:aa:2f: + 64:02:6a:32:f0:eb:eb:f3:ff:1c:fd:2f:94:ae:a5:af:cf:bd: + bf:17:f7:d3:2c:63:ad:99:3b:38:51:ae:d6:c7:4c:07:3c:a6: + a0:8c:ed:79:1d:d8:fe:90:79:53:3e:49:8f:9a:33:89:cb:c2: + 44:87:23:43:6f:4e:13:fc:f8:01:6d:11:c5:71:31:36:f8:bf: + d3:ab:9c:7b:21:a5:9a:14:e4:51:c9:53:f8:27:1d:5b:14:91: + d3:76:f8:8b:37:2f:ab:d8:fc:0a:5d:40:28:24:07:f4:53:05: + fa:cd:ae:6c:8f:b7:14:e1:3c:33:70:8e:9d:ff:dc:2b:42:b8: + b2:2d:66:33:c3:f5:05:29:4c:d9:67:cf:7c:68:72:9d:21:54: + 9f:75:d0:00:aa:83:20:cb:72:60:0b:28:8e:0c:aa:c0:d4:90: + 13:a7:f9:28 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDDlmbH5/0hFOzfSgUajCLajz63jsqi3tfjCAXNKBza1Jm6rd6SB0QYVee1 +QWs4ZBgGq2y4rT24Tsj6jPxYLCyoQggotIUqqlfiqHZKbv44L9EUxlJvBaSJVMIP +8JODCbdVVpR7V2WHCd1h6hoCPCSlzC3TfArcLmeif5GttHZ2Aqx/hV9hhgxgFaCC +f4UW9BCNSSfkM1h1VWtaq8fRvT2oO2gbtN5oicSH/ocE1FLzj/ouRHnBYka3iEy7 +dWH95sVq+6g776fmGh5ELWGnTmNeZrj3hWB0i+oggoSEcfUdxgzC7hF4Aa5EWuN7 +ly4B0BiRdwEjf9Ihc/TzmpStky6hAgMBAAGjgcswgcgwHQYDVR0OBBYEFEJ1QTTF +WZ+Zo5scDFfbXMfBSLeRMB8GA1UdIwQYMBaAFEJ1QTTFWZ+Zo5scDFfbXMfBSLeR +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAJAuFJV+qQU+SW0KZhJ1JzW8L4KnlD1j1nHc8c1d2n+UVmUTm +O7kz9v3dubXXoGM+t7OJUgEedq/TxoZEWwrqvVQlghpy+Eiv1s3+3bB8G88Lw0Bm +MmEZmKovZAJqMvDr6/P/HP0vlK6lr8+9vxf30yxjrZk7OFGu1sdMBzymoIzteR3Y +/pB5Uz5Jj5ozicvCRIcjQ29OE/z4AW0RxXExNvi/06uceyGlmhTkUclT+CcdWxSR +03b4izcvq9j8Cl1AKCQH9FMF+s2ubI+3FOE8M3COnf/cK0K4si1mM8P1BSlM2WfP +fGhynSFUn3XQAKqDIMtyYAsojgyqwNSQE6f5KA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test new file mode 100644 index 0000000000..8435244602 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test~ new file mode 100644 index 0000000000..39c290f687 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth-strict.test~ @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test new file mode 100644 index 0000000000..39c290f687 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/generate-chains.py new file mode 100755 index 0000000000..ebdd1e64fa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate restricts the extended key usage to +clientAuth + any, and the target sets serverAuth + clientAuth.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('extendedKeyUsage', + 'clientAuth,anyExtendedKeyUsage') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Intermediate.key new file mode 100644 index 0000000000..f6ce1db291 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0UFAb8slBdkp0KPH/i/wU61GNhmqsR8/eqLg+wMrd2Vqeevz +oxYTNIM7Qt6iu+K/2NJ1PUg4hrsqfRSjiPd8APQKa2uqm0QkYv7bo0JVFWcqMv+y +TYCT0ITvG9x8rFYtVAgC9hhutYCod1IfuCwJbcz4HASRYm4e3R2JsvEjC01MbNpJ +PWGDcg9mNhI/8/9TUnNToco4vcNIv3ovExnXwijhbzIAXmSsSwV6d2JXValZg9Xt +oy4oNHF5L7nDnt+zKrFZzQQAHYsRVq7GZ/ZPHVgHZeCwL+9Xbd7BoHxuOKhFJiGW +4PbvDijPAXBX3CAVCK3o45h0jFQywSgX4N6hiwIDAQABAoIBAQCfjcSHOXtyWSLE +Ho3Y6E60TvOxPqLjSTNK3DT10HXtJRwp+Nqd6LAeI04lb8LfxkaIGfkhEBdhzAba +tsj3H9WimHH1dHPyzeN8xF1Ov75GgpIvrr4S0E5k+Wekc9twQIlxgGZZpUmNBZvu +12SuNo299kLcgjMkvVi1OteK5MjWzOiqEw8BJPDBXJlmdPo0YIOxTR2+H+xHpuwo +aMf7siXmryJ1uh7gOo8N6U1X0GpQ5UzmirU1vfauV81YYjc7EreenqvDye2D50wA +tWTLpv36txOwWrpUJiEk2a2SlkTlAFOb3vDbYwrvf7XHkX4YKEt4d4jjbB9GlTOD +al4OsJZJAoGBAPs9xCqsnhecW4JlQYxpMZ4bPRCn2dxI14aDUoterDSg25r12E38 +Ph9fM9FGBB2pprLGj+nJxfHocLcmLCzBAfblky14wafm7F2Xp9IyprcB5Jri/FXI +FGckOD9iFzF+3UzzGnnUdpNJyqRhOpsrCk636Ut6T9DWhq8/szM9vP+/AoGBANU3 +5jq9pBBksCletuiuU+IdRSyjkTxabdOqsDnjK2ol7C8ajpvgW54tlKuumGAeQ8vL +a4bWEOYtWtjVZfsA//AeK+qG/6b1nEJK+Cat9T4Bg1LRQDb7IMihgVL2ZJWJRFWv ++refYKP3qnyzE5A/I0+8PNlld5KUmS6aylJEvhE1AoGBAKKqmxgGK1WeJqGGbao7 +caSsfh0KkEPP5btxyz/xTA3HGGh8RFA5wP8O5L3aV0/dR9D4PrVfromxtUjfrjpL +vLneaixGwxuyp9bxGfc+VDKpRxoBXN8tbAhbqw9esyWYvi/UNpAqv5sda9aCHS/Z +7hKJgMMdrg/I1eshkyTaFESBAoGBAL9H2MmV3BvA2LEkgV8ZFbPiom47h03nqmOb +22DzRb2Cq/JOFuYMTuUG6zth9N02CYhIw/xBCwQUaE3ilAyshu85ghhyZ+O2sCpg +62J36W1pGhEwHDW28WBMU6LD3NSyQpXEvF4DI0W2KEKavNBJdDpSGxzFBJKBsTK4 +Nw27EfCJAoGActUtucQW5DM9EG3IaHBMM8jl/TBX3Le8UrKbnDpzglkbBeqw8WIa +pwol7FbBpgkjF2F5fqF+Sd5OWCyHVglzrDSPPc72v8oDnJmX+708Z6YftHRLW4Z4 +m4YhijjwjfCLBFgtNLAh4dRM+t5qPjTA5hyyh8hb9UvuSv5Fd23aKTI= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Root.key new file mode 100644 index 0000000000..5b7e3bd29d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw5Zmx+f9IRTs30oFGowi2o8+t47Kot7X4wgFzSgc2tSZuq3e +kgdEGFXntUFrOGQYBqtsuK09uE7I+oz8WCwsqEIIKLSFKqpX4qh2Sm7+OC/RFMZS +bwWkiVTCD/CTgwm3VVaUe1dlhwndYeoaAjwkpcwt03wK3C5non+RrbR2dgKsf4Vf +YYYMYBWggn+FFvQQjUkn5DNYdVVrWqvH0b09qDtoG7TeaInEh/6HBNRS84/6LkR5 +wWJGt4hMu3Vh/ebFavuoO++n5hoeRC1hp05jXma494VgdIvqIIKEhHH1HcYMwu4R +eAGuRFrje5cuAdAYkXcBI3/SIXP085qUrZMuoQIDAQABAoIBAQClr91176LRyYY4 +Sd409Q35lGuO2Bn1C05bd0pi115KStvH9s6baihXbT6Sn86SwMhRrhq1/5xPa/55 +scF7eECEcRu0T+iXkiJNUmSS/Z/CPU+jh7YBcwhFhlW3ZxevZCW411WFfy30zXiL +H+PUjNqG0YbopyYUDAOi9uqT+lJ3+KGzDV2ZMEC5FvPAYqybS2HWUWMkDsQWypf/ +AmngsckZKf0LtL6d2x27YXlA0DBkPtE5BHbIO1IwY6qBaVIvoxK9HNe9M01yjv/a +mmnvYuK/oksi+cwkYuCxqSx9gLuKyYRQl6dDXMzZIEpmyevOh1qZ4Sc/b/E5QYaf +R1qeK6mhAoGBAP4jb1mz32vBwTmIWaVE/VF1/Zg/UsFDolUoOlq8gRv1AP+/qydF +31yxhAQgTuoH9incoIfKhKUuwKSYdeozE5AK4zdpF0UK61BO7QJR7PcDB8KxSyp3 +DeVDOAh8dJAXp6cOBehm6XO3BNmNIMRlPX4GVFudiY7IspQxci21wLK9AoGBAMUF +K7gW0A3ZgqEitu96y5vdCrjZ/3A0XvB9OWpWvfHcKR/M5o8IzGtLOfr7t7Yp60tt +YeDFV4TyW1GuuYv8DCnM9OdNLGN0zgPo8EP9kmblHAOmYiD4zXtlMxr94sZBkdFU +YxpJvx0BIA3T2H9bBl/Y9oD2sGbPVNeQlEZxhHu1AoGAPSQbSvJ6YvtXWFcUci15 +4FpJq5I4f6Sc7m3iNCg7y5UTK3RaYfVuemd+wltfgPBvabzZpjGz3eW0lSTU4YZu +Q25LIe6XmZW57TU/0hoRr4+8EzwCQHIqFqkoVupSRMRcIlW+WB5CNgOnGAvbAUT2 +GVa+ftgU2xQv2nVW6eZbOOUCgYEAlxZ6CnhkINrW1F9czpXqoqKGYG+89f0TeXVu +nF/c1icx2lM11Ca5LObJlfGHVskaygMd9lMf5LI+2YsWe4VUhpHIlcCW88ZVXqY5 +6soAhavZKetkgUiLu79Fy8M7LzKFcnQ2c6huSP3d6Py2oCPb5ZDqqMeFS7Jfq9gR +/Vt8b6kCgYBSLtyqxhc7YsQZMmLOSHG2VX+Arcn2D/mvHaY1bWYklM230/7zBNhu +Vqy9Iia4W884pSz/g/WpVRX3xWuCjg4Hx/VCEM+4EL8GNq3VDoJ+8c1F5vzBgELR +zaMgUu0rh3a1YBcDf3vTURmyphKjFj41gb2+WidlvrsnyJowGCm7wg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Target.key new file mode 100644 index 0000000000..01f91e8f32 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5ZknxSyy +mimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1gS5zR +jx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R7dv6 +qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/BZaJ +/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5vqXY +OfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABAoIBAAxviEDFigBm6F8D +f+7vR/gFZVlEu43KhnmrClXFd2IPEDbUnR/Cj7ePIs0f7pDcOSAnoPEl+8Kfpt1p +qKKunMJvAGQVuyCivt6AaNlKa8HuwXxEgvWr4+vyVkj/nEfpTI8aSgSGYZIHProe +bzuLGTVz/wzL4nFtxgKrqP+XxiZdzUKadOHgkRbqEIyLq5ONhyhuzr6ruXgoT4Kh ++mmnrKPjTrQPA/igUysw4X0gojeO34byUxLCCkkSX1J/MWVqFvwAS6E3aQ6fkwNP +vIH0BvqRPsCN/H0Vtmtux7fTfgZlb/tVpk+HQaFT81LyKVoyOBSRUS1Xlaus6tAj +LykCnDkCgYEA2E2iWRf2498AlB12t9BcltgPCDW9GGAim42+d1EQyidwfEC3i/uk +bB/jk3DYc3YmUBv1gTwcspTZS9GoQJnsOXd8HFN6Qj+lhxJXjCw2DtOeIubjYYvt +7mWS4vmKhIN4H5MaQbceJlEyy/yTPPbAEbKgzPqVRJkWW7FnL38DpccCgYEAziX1 +RMMPJ21LEeYNcLJlZkb9Bz8zIiBpQPNXyZYMHXCKxDrkCVVkCjqpYb5IbXX4OsEK +WtDdyHqgVS8kVd05pJV0m6dE/cLwC/3t9H5ZJ39837AQckMiiKDMxFf0K2xM9bd3 +JRUNVdDO3VV8z3aCPfR2Ne32bMvmciP7FWNmXC0CgYEAtgO+FZKg4ueIqRqSB+OB +xj1RiOsPkC91b8g6+lRw+GtvsF8VFOpQVdwPuMZAnghR/R9J29Ilo/C1WaO3HYVo +zoLJIVztiEnelGbO3NlnM9rHOz9nH3KMaQt4Kx8pfJDUyF0Uvy/EYyH4yMZlb+uD +fGEABvzmFq9rrQT/e2w6OYkCgYAMx7+n7qve1uDDkE6fAQBWUepX66wg3n+H/k4f ++kRwAs0nkzsV9QxJsg9UNvbIinrEMbmRncdSKYANJ+oJxLhRIs7i44DcdpxpMenx +sW+XikjUmVa7rrvSWp23QnipxIIU7bXeP6re+h4JDMa7Ge7DJoe5mjIf1phH1UE4 +tzveVQKBgQC6g1mIw/zEzE9C4M51bM+t9qyjDLHdJA+xBkdNoFhRUMf0+ZWqW/Qx +LxB9H0gaZQLTkb2Q1ctl3mnXfigXTw15H0Yho6wd7Pkrs1uH5EInM9vFPeRAWzky +YbjjCmkZnrhftpWrHISNdrcBR/Womab0AiIdZimr7thVvkvzLc0oNg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test new file mode 100644 index 0000000000..db61fe93f5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes anyExtendeKeyUsage +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test~ new file mode 100644 index 0000000000..dde5873fdf --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth-strict.test~ @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +DERP +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes any auth +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth.test new file mode 100644 index 0000000000..a29e14d891 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes anyExtendeKeyUsage + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/chain.pem new file mode 100644 index 0000000000..799d78cb12 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate restricts the extended key usage to +clientAuth, and the target asserts serverAuth + clientAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 56:4a:78:5b:dc:c1:19:20:fe:f3:13:be:99:46:f9:53:d1:a4:40:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:d3:3c:f5:4c:df:73:61:c9:d0:be:56:b8:7f: + e6:52:56:9c:3b:84:83:23:d8:ea:30:cb:cc:01:ba: + 1d:36:70:d3:4c:58:62:74:2f:96:57:7c:e5:b0:27: + 6f:fa:72:c0:5b:0b:0c:f6:ec:1e:3b:c7:04:45:b8: + 89:97:be:fa:49:27:b6:c2:0a:29:b8:98:cd:a4:a4: + 54:29:ce:55:c5:91:ff:89:d3:51:87:88:d0:c3:ef: + 0c:de:43:b0:e0:b9:d9:23:92:f0:04:42:b6:50:06: + 2b:1a:7b:97:3e:67:a4:ed:77:23:e5:83:76:76:63: + 09:6d:be:05:6e:fc:aa:a0:c8:91:97:97:2d:85:02: + 95:c2:fc:dd:dc:f4:4b:08:c3:be:3b:43:76:96:cc: + ec:55:7a:0f:00:fe:29:4b:87:ca:df:50:ba:5c:60: + e5:6f:8c:f0:56:7b:5b:20:3d:87:fd:81:7f:61:51: + 6c:44:61:55:3a:52:28:cf:49:4d:72:3f:34:b0:a3: + 04:18:e6:47:50:c7:f0:e1:a5:4f:8c:59:e3:73:ca: + b6:a6:0d:34:a3:40:fb:41:97:8c:66:93:64:29:20: + 13:1b:f5:ab:69:74:11:88:13:8d:dc:15:c8:22:a2: + 2b:16:74:f2:f1:8b:27:c1:5a:9c:c5:0e:95:78:ba: + fe:9f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6D:1B:79:D9:7C:01:F2:1D:99:D4:DD:54:90:BF:32:03:0F:28:4D:38 + X509v3 Authority Key Identifier: + keyid:3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + b5:18:18:ce:72:38:e6:68:49:dd:96:86:a6:9e:d1:d3:2d:95: + 1e:05:13:c8:ed:bf:b9:a0:e6:78:7e:dd:01:26:d2:fb:28:3a: + fa:30:f0:7f:0e:cc:e5:83:a5:fc:5f:bb:3d:23:c5:f2:b4:b3: + 07:b3:4c:ec:5e:14:67:9d:09:5c:2b:1e:54:b2:03:29:6b:21: + 3a:9e:cf:95:be:b7:1e:4f:ae:f3:99:15:5c:7b:48:42:fd:c8: + 4a:ba:8e:34:81:3f:c7:cb:a2:d0:b0:c0:fb:6f:7a:3f:45:f1: + 1b:1c:b1:3b:22:83:ce:10:05:5c:99:aa:5b:88:b2:cc:f8:f0: + bb:a6:48:d8:a5:a3:d0:90:00:66:25:73:5e:6d:80:ca:ec:97: + 36:1c:aa:70:90:41:58:b0:8e:23:77:33:d7:ab:ba:d7:65:47: + c5:be:62:ea:42:8a:c9:45:3d:a8:50:54:f3:f6:3b:9e:30:62: + 55:f1:66:f8:93:51:ad:5a:1a:70:26:ec:27:25:cf:37:6c:77: + 70:25:34:63:94:41:4c:d1:4c:69:0f:b9:3c:88:95:5c:92:6f: + 5f:a5:14:15:78:34:03:58:a8:0d:10:46:20:1d:83:a8:83:95: + b5:3d:94:62:40:c2:7f:d2:d4:49:a6:f9:e4:cc:42:f6:48:40: + dc:20:48:6d +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUVkp4W9zBGSD+8xO+mUb5U9GkQKEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAu9M89Uzfc2HJ0L5WuH/mUlacO4SDI9jqMMvMAbodNnDT +TFhidC+WV3zlsCdv+nLAWwsM9uweO8cERbiJl776SSe2wgopuJjNpKRUKc5VxZH/ +idNRh4jQw+8M3kOw4LnZI5LwBEK2UAYrGnuXPmek7Xcj5YN2dmMJbb4FbvyqoMiR +l5cthQKVwvzd3PRLCMO+O0N2lszsVXoPAP4pS4fK31C6XGDlb4zwVntbID2H/YF/ +YVFsRGFVOlIoz0lNcj80sKMEGOZHUMfw4aVPjFnjc8q2pg00o0D7QZeMZpNkKSAT +G/WraXQRiBON3BXIIqIrFnTy8YsnwVqcxQ6VeLr+nwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRtG3nZfAHyHZnU3VSQvzIDDyhNODAfBgNVHSMEGDAWgBQ6uUyW1z0UqCTI +3lUKVAVdXKLJmTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBALUYGM5yOOZoSd2Whqae0dMtlR4FE8jtv7mg5nh+3QEm0vsoOvow8H8OzOWD +pfxfuz0jxfK0swezTOxeFGedCVwrHlSyAylrITqez5W+tx5PrvOZFVx7SEL9yEq6 +jjSBP8fLotCwwPtvej9F8RscsTsig84QBVyZqluIssz48LumSNilo9CQAGYlc15t +gMrslzYcqnCQQViwjiN3M9erutdlR8W+YupCislFPahQVPP2O54wYlXxZviTUa1a +GnAm7Cclzzdsd3AlNGOUQUzRTGkPuTyIlVySb1+lFBV4NANYqA0QRiAdg6iDlbU9 +lGJAwn/S1Emm+eTMQvZIQNwgSG0= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:b7:9e:0a:83:55:83:77:1b:db:10:18:94:12:3f:c4:67:6e:66:e1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bd:9a:08:67:72:a5:4d:ba:39:c4:0a:d5:a9:42: + 46:7a:a0:f3:f2:2b:1f:83:91:58:a7:00:3b:b3:17: + 51:e5:1f:83:13:44:10:14:7f:84:6d:97:57:de:32: + 00:bd:15:18:e4:c7:89:8b:6e:5b:41:51:ad:d3:c9: + f7:3e:75:51:74:5c:71:40:2e:9b:95:be:8f:3b:17: + 33:a5:3a:33:17:97:05:d7:30:0c:40:94:c1:8d:e7: + 80:5f:f3:d4:3e:e4:46:8c:e3:80:ec:95:91:87:e0: + a0:a3:32:73:6c:44:c2:9c:12:a5:d3:6b:91:e0:60: + 3d:a1:61:9d:09:6f:5f:7b:b1:c5:98:6a:3a:cc:85: + 76:45:f2:44:0e:3f:cf:b9:56:5a:23:55:68:31:4b: + 17:30:ad:a0:e2:b1:85:3f:6e:2e:7e:a7:38:b9:dd: + cd:3d:fb:74:1a:83:87:c2:ec:ec:6a:63:0b:5e:c8: + 75:07:b5:4f:3f:93:58:a5:fe:3e:76:18:ee:16:df: + b1:52:b8:1a:f0:77:65:a3:b7:2d:16:a3:e6:c8:11: + 67:e1:20:ea:2f:ed:0b:93:e6:c8:2a:a0:fc:34:b7: + fa:4b:21:33:60:02:86:cf:b4:bd:f0:c7:ec:f5:7a: + b4:ff:84:18:f4:73:a1:28:7a:31:de:08:b6:fd:be: + 0a:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 + X509v3 Authority Key Identifier: + keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 24:78:e2:54:e9:1e:cb:af:11:8d:ec:44:39:bc:37:d8:2a:40: + d2:8d:11:c2:c8:5b:ca:43:07:4f:f0:14:33:15:be:8f:bd:7c: + 23:e1:f7:e7:38:0f:a8:f9:73:3d:52:90:4f:56:80:62:20:93: + c1:e5:10:6c:98:b6:0f:80:30:ae:38:66:6e:78:80:cb:3e:0b: + 44:f1:b7:d6:f2:f6:5c:1a:73:c6:ad:0a:fb:5f:61:59:e6:20: + b6:c4:8a:18:7b:cd:a7:37:b2:b9:1e:9c:77:dc:e9:93:4e:6d: + 53:65:80:fc:d4:53:44:d3:f1:49:7f:a1:f7:94:35:d1:ce:78: + 15:9b:c9:dd:23:63:9a:9e:bd:61:76:ce:00:2d:5e:81:53:12: + bb:75:2b:25:44:9d:d1:91:82:ac:ff:6e:7c:1f:6b:06:d5:0f: + a1:16:5c:f4:f0:5b:f4:b8:09:c3:d3:81:d6:03:7b:9d:71:78: + fb:c4:8b:99:61:f1:60:6c:ff:e7:74:3c:5b:ed:45:e0:3d:c0: + 75:80:b5:a4:35:af:a9:5e:dc:a7:ee:63:ff:9d:67:26:da:aa: + 8d:79:7d:d9:ac:56:ae:9c:2d:1d:0f:ca:66:3e:96:e9:0c:81: + 62:dc:1e:4e:84:dc:0a:1b:c0:25:19:7f:d5:21:a2:06:24:ab: + b2:a4:24:c9 +-----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIUa7eeCoNVg3cb2xAYlBI/xGduZuEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAL2aCGdypU26OcQK1alCRnqg8/IrH4ORWKcAO7MXUeUfgxNE +EBR/hG2XV94yAL0VGOTHiYtuW0FRrdPJ9z51UXRccUAum5W+jzsXM6U6MxeXBdcw +DECUwY3ngF/z1D7kRozjgOyVkYfgoKMyc2xEwpwSpdNrkeBgPaFhnQlvX3uxxZhq +OsyFdkXyRA4/z7lWWiNVaDFLFzCtoOKxhT9uLn6nOLndzT37dBqDh8Ls7GpjC17I +dQe1Tz+TWKX+PnYY7hbfsVK4GvB3ZaO3LRaj5sgRZ+Eg6i/tC5PmyCqg/DS3+ksh +M2AChs+0vfDH7PV6tP+EGPRzoSh6Md4Itv2+Cn0CAwEAAaOB4DCB3TAdBgNVHQ4E +FgQUOrlMltc9FKgkyN5VClQFXVyiyZkwHwYDVR0jBBgwFoAUrokBlEF3Z73vf5hP +KecbOhi53VEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAkeOJU6R7L +rxGN7EQ5vDfYKkDSjRHCyFvKQwdP8BQzFb6PvXwj4ffnOA+o+XM9UpBPVoBiIJPB +5RBsmLYPgDCuOGZueIDLPgtE8bfW8vZcGnPGrQr7X2FZ5iC2xIoYe82nN7K5Hpx3 +3OmTTm1TZYD81FNE0/FJf6H3lDXRzngVm8ndI2Oanr1hds4ALV6BUxK7dSslRJ3R +kYKs/258H2sG1Q+hFlz08Fv0uAnD04HWA3udcXj7xIuZYfFgbP/ndDxb7UXgPcB1 +gLWkNa+pXtyn7mP/nWcm2qqNeX3ZrFaunC0dD8pmPpbpDIFi3B5OhNwKG8AlGX/V +IaIGJKuypCTJ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:b7:9e:0a:83:55:83:77:1b:db:10:18:94:12:3f:c4:67:6e:66:e0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b6:30:63:d8:b0:11:71:5f:03:38:e5:24:a7:88: + 9c:fe:f5:a6:2a:59:63:7b:18:39:d5:34:2f:27:4c: + fe:18:27:eb:7e:71:25:4d:af:71:97:7f:f0:18:b0: + 19:a7:fd:ab:52:d9:01:aa:13:ff:3f:c9:c8:d4:87: + fa:69:53:28:b7:52:4f:91:ac:55:cb:38:7f:61:32: + b6:d9:20:f4:58:6f:c3:4c:4f:64:d7:14:34:8c:d3: + ac:f5:97:8a:9d:f6:d0:0b:64:b4:3a:55:71:0b:92: + b1:8e:df:2e:77:8a:fe:36:f6:0f:be:49:03:3d:42: + fc:4c:e4:50:f6:3e:86:d0:e4:0b:15:cd:27:49:ae: + 7a:be:d7:05:28:68:f7:e7:35:1b:fc:2a:50:c1:66: + f3:31:11:f3:f9:40:80:51:3a:60:9a:87:47:fc:46: + 99:e3:1a:c9:5c:76:d9:34:45:b0:82:d6:06:d7:ea: + 5d:13:ce:ca:4e:9d:2e:80:cd:b3:5c:47:11:dd:f1: + 8a:97:c7:8d:37:6a:1a:c7:97:13:ad:bf:9c:85:32: + df:20:0a:a9:27:3b:e6:26:c6:9d:98:d3:d1:d7:a0: + 16:4d:b1:a3:3b:1f:19:c3:c5:81:dd:35:25:3c:86: + 8e:8b:76:69:f2:e5:35:5e:3c:6c:3f:7e:47:57:7f: + eb:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + X509v3 Authority Key Identifier: + keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8b:5d:0a:24:04:16:0f:a6:8c:bc:d2:d2:f4:b6:a1:b5:34:39: + d1:be:3d:0f:d1:84:38:84:34:09:29:a9:f2:5f:3c:14:61:cb: + 45:cf:73:19:63:95:b6:59:0f:7f:17:20:f1:a9:1d:4a:92:f9: + 3e:99:ae:54:98:75:f0:3f:39:b6:79:ae:5b:91:19:e0:34:6d: + 02:0e:80:1e:42:2c:5d:e0:68:94:c1:45:f0:fa:f0:ae:f2:7a: + 4c:5a:a1:2b:35:c7:5e:d7:ed:ab:16:e5:7d:e5:65:9a:0f:87: + 74:42:a6:9e:89:9f:df:54:da:68:58:6f:dc:c4:c1:62:23:8c: + e1:d8:4e:64:43:5b:4e:02:86:4b:58:6d:91:02:d2:94:9c:84: + 3f:39:61:60:32:ea:56:60:f7:1d:b0:24:c7:62:f4:7e:59:32: + fa:5b:d4:dc:7f:6b:60:44:df:6d:d5:f9:29:3e:69:40:a0:8e: + a1:de:03:db:f2:86:83:75:8c:38:97:df:70:24:6e:d5:00:82: + 61:96:c8:3d:d8:c9:a9:88:b7:3b:6b:32:eb:78:8c:de:7b:e8: + 2f:d5:7a:1c:d2:99:2a:7e:dd:c1:cf:de:6c:11:5d:61:bc:59: + cf:18:a2:fc:14:1b:ff:57:dc:b5:9c:b6:9f:63:ae:88:ff:78: + 6e:46:40:3b +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUa7eeCoNVg3cb2xAYlBI/xGduZuAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC2MGPYsBFxXwM45SSniJz+9aYqWWN7GDnVNC8nTP4YJ+t+cSVNr3GXf/AY +sBmn/atS2QGqE/8/ycjUh/ppUyi3Uk+RrFXLOH9hMrbZIPRYb8NMT2TXFDSM06z1 +l4qd9tALZLQ6VXELkrGO3y53iv429g++SQM9QvxM5FD2PobQ5AsVzSdJrnq+1wUo +aPfnNRv8KlDBZvMxEfP5QIBROmCah0f8RpnjGslcdtk0RbCC1gbX6l0TzspOnS6A +zbNcRxHd8YqXx403ahrHlxOtv5yFMt8gCqknO+Ymxp2Y09HXoBZNsaM7HxnDxYHd +NSU8ho6Ldmny5TVePGw/fkdXf+sNAgMBAAGjgcswgcgwHQYDVR0OBBYEFK6JAZRB +d2e973+YTynnGzoYud1RMB8GA1UdIwQYMBaAFK6JAZRBd2e973+YTynnGzoYud1R +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAi10KJAQWD6aMvNLS9LahtTQ50b49D9GEOIQ0CSmp8l88FGHL +Rc9zGWOVtlkPfxcg8akdSpL5PpmuVJh18D85tnmuW5EZ4DRtAg6AHkIsXeBolMFF +8PrwrvJ6TFqhKzXHXtftqxblfeVlmg+HdEKmnomf31TaaFhv3MTBYiOM4dhOZENb +TgKGS1htkQLSlJyEPzlhYDLqVmD3HbAkx2L0flky+lvU3H9rYETfbdX5KT5pQKCO +od4D2/KGg3WMOJffcCRu1QCCYZbIPdjJqYi3O2sy63iM3nvoL9V6HNKZKn7dwc/e +bBFdYbxZzxii/BQb/1fctZy2n2OuiP94bkZAOw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth-strict.test new file mode 100644 index 0000000000..8435244602 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth-strict.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test new file mode 100644 index 0000000000..39c290f687 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/generate-chains.py new file mode 100755 index 0000000000..0c37a56064 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate restricts the extended key usage to +clientAuth, and the target asserts serverAuth + clientAuth.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('extendedKeyUsage', + 'clientAuth') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Intermediate.key new file mode 100644 index 0000000000..33a66f3b2c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvZoIZ3KlTbo5xArVqUJGeqDz8isfg5FYpwA7sxdR5R+DE0QQ +FH+EbZdX3jIAvRUY5MeJi25bQVGt08n3PnVRdFxxQC6blb6POxczpTozF5cF1zAM +QJTBjeeAX/PUPuRGjOOA7JWRh+CgozJzbETCnBKl02uR4GA9oWGdCW9fe7HFmGo6 +zIV2RfJEDj/PuVZaI1VoMUsXMK2g4rGFP24ufqc4ud3NPft0GoOHwuzsamMLXsh1 +B7VPP5NYpf4+dhjuFt+xUrga8Hdlo7ctFqPmyBFn4SDqL+0Lk+bIKqD8NLf6SyEz +YAKGz7S98Mfs9Xq0/4QY9HOhKHox3gi2/b4KfQIDAQABAoIBAQCOacZqPXjgm0KM +eD7odbmOnprdiXqQTnoyZkBxUtDWswa3T+ZsHyQPVSBQ62oWnGQoY6BytJ+ivoE8 +lXU62tAmANGoDdobbhkTn2fRcZey3mMqsRJi59lCh2Krr+/6lWhQpwnNqsK3Nwgx +zNFZv4QVywP3e9MEoAVq1HEqBxfHRgBRFPb/Z+GS4Qz/QgXfGx4x492tcJJlL5x+ +VOBk8klsozzvWnJAyrDTqMlz9pamqpXV/CFO+Sxvcvzo9VcO50tjOqO/nGNg/SdN +JV/xXQMHPkK6lgMLPG9Q6OhOMoJSKdEEh2zE1N7u0gFlVlw6oPEg5wt75Cu467Yi +SKUNpmVZAoGBAPwvtxk2ubZ9rwru38sO51hAYCs3zDy8XP9esMdLQBAdIyXr0Rzh +wUQSZElQ1CDNuGWYPUPxiszn33t7yA55F2JTVLhHIgdh5mGaX9Rq+f31VMjqZQc4 +GHO+Ew6OPpb3bzdeRVjdR7mCHU2/8P2fmu0gPrebMldGLVnnD9nxlv3vAoGBAMB4 +CNhxfeclaSgAOqmOtbTnSNKrZJ9zYPukApRHJTv6NaxCHhzWGfT2a+oUR5DEVwqp +kRJt2BLnKAKWhsY9cD4LdzdbPIdqvhzvWHbJvQuXqaujYwW2G/OYqv+v5x66Oxae +zq3bmQf3ZL4br2nQBHoNeK0QKJaV8waCX25mZ6pTAoGAMwwtkgsD2K7kSeBEqMPh +jHmrfdQToY+3e3HdctoGo7xiKwDrGV+RUYgviK+14NYDp30DmcdBA21ETaimvFdC +poKbuZmch8YHbmZjU4o8BG4utWTNAoMWYAdvsBiXDtQTTS/l9bEFHcX6zIw36f7u +y2UljOD7dbMc5v/gs4s1tz0CgYBdBGX5/PeFE357t4iiU3cbw79dGTobGY7gbsZU +VQH4t5bi9l1JQGvxCHrk+QIRQ+JxI7wZ9P49PHwIrCjce+rYAYCPP0fEhmD06POP +DTaQ+K4mZmM/6mAd3UWfJqsDHava5csrGPsfb3+/pO+kqsTPG92bfjivdi6qka1/ +VHx7QwKBgQCXy+GHOOXHBfudpPKaSvwEk/E8nVsvuv0NrvQNUs2zKcwgMlYc1Deo +wh/OBT77T8t/3UCUO2+PPgLhBTIpjF3qOzXQO48j+gWtq8vp+aYz09VVnY5d/z+b +xamk30UedaJvwPY8M0XG/m9vCF8Vz5FqGwiZToJSzreZURKMGeEGiw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Root.key new file mode 100644 index 0000000000..39d20f4c30 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAtjBj2LARcV8DOOUkp4ic/vWmKlljexg51TQvJ0z+GCfrfnEl +Ta9xl3/wGLAZp/2rUtkBqhP/P8nI1If6aVMot1JPkaxVyzh/YTK22SD0WG/DTE9k +1xQ0jNOs9ZeKnfbQC2S0OlVxC5Kxjt8ud4r+NvYPvkkDPUL8TORQ9j6G0OQLFc0n +Sa56vtcFKGj35zUb/CpQwWbzMRHz+UCAUTpgmodH/EaZ4xrJXHbZNEWwgtYG1+pd +E87KTp0ugM2zXEcR3fGKl8eNN2oax5cTrb+chTLfIAqpJzvmJsadmNPR16AWTbGj +Ox8Zw8WB3TUlPIaOi3Zp8uU1XjxsP35HV3/rDQIDAQABAoIBAGmzo4pJhKU5Eb6F +u4Fz0lpeHTz+xafaQ1t+PklX8ygCqS+f55utyYKzWJKKQShlFWwouT17AqF4qgsc +pV1MQRgzKjUDPnd8XPMAoHNTGlDg7vcsLP5YG7EE8pk+hc7mLogdsi8R+VdUka2p +sOTsgFdU5YdqBvYZEhZudMaZOlCgshYnbpz1QTs/9Y0ev+YSoS0+NDzN0EQaBAKf +m7pq+zSgyQ4tvg2wzIDrkydN0rw8kUa2kZtOumpdGC01TFKev56Ko9PfEKVCTyjD +QAbYSDuUeN9ceMPu/1lci6dK7d1gx8/Gnfy5jpPTDIY294McARfvgUCK5O0sbHvz +XDftiqECgYEA75t+bveSjrliAGhg3ELk08qGXem1crYqZFAgLq7NzKFFeELQrc/4 +3+eYZDC8gqL3mpZsAdiS7Regm/aR6zc675QcU7c7qGcxYr2ULg+j7aUKUGAtAuEf +J04PHMz6X8a9SdnTNTZHbtj5I55L8hkFsENRv2AoBO9EQsdaEEaKqHkCgYEAwqdD +8vsP4DH3VSVDdsOqH1OtwUhYfoV8jnpljK/48EThK+H//wZJj1VmRRxp4NgxAqFb +ExPAKjQPp/tXP3hYPwrHXNHPJNi2PeZFYmpg0kVMz34tumpj2S0NWj7cgE2+7NjR +LK6NOK4EdNv9ZKakCDvtC6+yFybHPndeRUb02jUCgYABUeDzaYe0I49Ho0uNSw0J +oZ7123i1Zg17uflDaJEXpHfGfs+5dWDQku0C+EXBjnZAsr1rkS7WAYBP+564Jfi8 +Ixu41lSMy+y4t4SecFWd1H/nC3CUCHtscwCgTvy+FFEsm/eO3nqsQKO2r4OJlNu0 +KdrEbBosVMkSeRik6E6ROQKBgFVrwc3nj1f7lWawK6L6yrVkq2Oes/cR7U85N0c+ +EiiekZIIY6cuwyk7eN3rUitxtFBLLwR4LmRW5Gf7TJZ14YQI3uREznqE/7S6UMiX +llWwQ7zqynZ8KcUsmCd6XpmPhLG7lE/faents9b0k4aP+nwCkEwIlkbCpb0r9RrB +wMHhAoGAOEKKGPSOR6B14ar4JQpifQXUhjTgAMsNzJKq/Y311YK81XdauLS5z/ze +Awd2zrs4ep8r056jSFp9UMFTTofBBxrx/V88yYDVdfxSpLtMkpON+5P7gyI5FsJa +8PqJwJCW/EK2n3+IWJR55zU9kkCAbTVTa7JETCAjgenrrKLX/Tc= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Target.key new file mode 100644 index 0000000000..ea50af8627 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu9M89Uzfc2HJ0L5WuH/mUlacO4SDI9jqMMvMAbodNnDTTFhi +dC+WV3zlsCdv+nLAWwsM9uweO8cERbiJl776SSe2wgopuJjNpKRUKc5VxZH/idNR +h4jQw+8M3kOw4LnZI5LwBEK2UAYrGnuXPmek7Xcj5YN2dmMJbb4FbvyqoMiRl5ct +hQKVwvzd3PRLCMO+O0N2lszsVXoPAP4pS4fK31C6XGDlb4zwVntbID2H/YF/YVFs +RGFVOlIoz0lNcj80sKMEGOZHUMfw4aVPjFnjc8q2pg00o0D7QZeMZpNkKSATG/Wr +aXQRiBON3BXIIqIrFnTy8YsnwVqcxQ6VeLr+nwIDAQABAoIBAQCW4tONm/vGDUC7 +WK0B+n1kl/9aMNHI8nDwUkfI+2KMYYbdRgORosj773H1WTkz0QuGGBKKKpT/IJnm +CKFALkOSkTzYFKH/kYFiSkDydLeix+6pIgHVB6vuOxPzWh216pbtZRU71vvuvYXS ++IY/s7NisNs9faak5FqmtohW6NOJ5TL/vfIr+cxqhPxW/vdBFE3HLDiTcgdLKOk0 +tYs7TWA/ZUV1RObhZWA6oZsvmUqZX0Yuyp5vNHAczHLwf7uA7Bbh3cjgb7OWE95S +aw0ngSHS+zi6NO+J8sXuE7keaWnpPY1qTGE6ihzD/XbZF0WchKvlqAmj/IT0WOhd +3bbbY6ABAoGBAPnXNuVS7q6BTSV+cCU2X9VvjVSjY0O9GETThwn+TUzGbRO7PG4R +7hQXOkTpA5g2BDAb+pnq3MK1O5KnGAxJfR33FwYsGORZA7Zr6yG5Tqq+sy7GJOGW +PYW1ooMAB4mXPIm2GdkOo0Zh5BCKjB9f3Lb8ZacFVDuxDlEy/xEl//4BAoGBAMB0 +oitIntAXFZDJ5xQfRyr8hWRurHmoIqxGcfLprke7HR8NE/3P2UewP9pD4spORLZn +X2SkqI7bdm/k9d+2PSs8Jl9C2JH4PGhUxbv9r7j6qMPK/aIP14q0P9hWY/rYByL5 +q1/MxqThhDMaxp8iVlCJN2ffRRO8wGNsEJVHNDyfAoGASsqtiVsZTq4wjQ/bvJgZ +ekiJs5Ox7J5X/IqiO1CgjWI9VxHPFlhRwDvv2p8yz0ckW86UZ61SZwtgCRfycAMz +7FuCzfs3fGxVWy/VVOQnc5/g/hidA9c5FaT5QGQq3Xqjycn01PC32iMF5hnDtsS4 +yyKlv6ktvSzUz2QHzXdlugECgYAVCyvIS9KBsmR7Rnhr7NedTatQRgG587aG29UN +2Jtj4IPYp1duQ1Hg0tbIiO+9az18LGVz3cVIiZqztXdlFMovdg5EEE0Z+OiyB8Lv +QVf7g/z8G7AMDmtlETyB7UBVZ1Wwb1hby0pVMQuBgwYA1IJXoAlc5D7rX5IxzNkr +WXPOxQKBgCvcgzMhBK7GPWRnVn/8eNrsUm/tmSQpuPbLbbLvpBOxNdUhVbkzl4Jo +mFan2qX7GEaK71kGtT9mXONCU9nYueCPDI5xAE9NXP8+C6oNKQr2L/SxE37CTjzA +B6ONmkgeSdBKDRW6AzXGwIz3KFi/qQ3vS5gDEWg9nIJtcxuko+pm +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth-strict.test new file mode 100644 index 0000000000..6143a86bc1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth-strict.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth.test new file mode 100644 index 0000000000..bd2d40c21a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py new file mode 100755 index 0000000000..b0591f46b3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Generates certificate chains where the intermediate contains netscape server +gated crypto rather than serverAuth.""" + +import sys +sys.path += ['../..'] + +import gencerts + +def generate_chain(intermediate_digest_algorithm): + # Self-signed root certificate. + root = gencerts.create_self_signed_root_certificate('Root') + + # Intermediate certificate. + intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + intermediate.set_signature_hash(intermediate_digest_algorithm) + intermediate.get_extensions().set_property('extendedKeyUsage', + 'nsSGC') + + # Target certificate. + target = gencerts.create_end_entity_certificate('Target', intermediate) + target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + # TODO(eroman): Set subjectAltName by default rather than specifically in + # this test. + target.get_extensions().set_property('subjectAltName', 'DNS:test.example') + + chain = [target, intermediate, root] + gencerts.write_chain(__doc__, chain, + '%s-chain.pem' % intermediate_digest_algorithm) + +# Generate two chains, whose only difference is the digest algorithm used for +# the intermediate's signature. +for digest in ['sha1', 'sha256']: + generate_chain(digest) diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate.key new file mode 100644 index 0000000000..f6ce1db291 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0UFAb8slBdkp0KPH/i/wU61GNhmqsR8/eqLg+wMrd2Vqeevz +oxYTNIM7Qt6iu+K/2NJ1PUg4hrsqfRSjiPd8APQKa2uqm0QkYv7bo0JVFWcqMv+y +TYCT0ITvG9x8rFYtVAgC9hhutYCod1IfuCwJbcz4HASRYm4e3R2JsvEjC01MbNpJ +PWGDcg9mNhI/8/9TUnNToco4vcNIv3ovExnXwijhbzIAXmSsSwV6d2JXValZg9Xt +oy4oNHF5L7nDnt+zKrFZzQQAHYsRVq7GZ/ZPHVgHZeCwL+9Xbd7BoHxuOKhFJiGW +4PbvDijPAXBX3CAVCK3o45h0jFQywSgX4N6hiwIDAQABAoIBAQCfjcSHOXtyWSLE +Ho3Y6E60TvOxPqLjSTNK3DT10HXtJRwp+Nqd6LAeI04lb8LfxkaIGfkhEBdhzAba +tsj3H9WimHH1dHPyzeN8xF1Ov75GgpIvrr4S0E5k+Wekc9twQIlxgGZZpUmNBZvu +12SuNo299kLcgjMkvVi1OteK5MjWzOiqEw8BJPDBXJlmdPo0YIOxTR2+H+xHpuwo +aMf7siXmryJ1uh7gOo8N6U1X0GpQ5UzmirU1vfauV81YYjc7EreenqvDye2D50wA +tWTLpv36txOwWrpUJiEk2a2SlkTlAFOb3vDbYwrvf7XHkX4YKEt4d4jjbB9GlTOD +al4OsJZJAoGBAPs9xCqsnhecW4JlQYxpMZ4bPRCn2dxI14aDUoterDSg25r12E38 +Ph9fM9FGBB2pprLGj+nJxfHocLcmLCzBAfblky14wafm7F2Xp9IyprcB5Jri/FXI +FGckOD9iFzF+3UzzGnnUdpNJyqRhOpsrCk636Ut6T9DWhq8/szM9vP+/AoGBANU3 +5jq9pBBksCletuiuU+IdRSyjkTxabdOqsDnjK2ol7C8ajpvgW54tlKuumGAeQ8vL +a4bWEOYtWtjVZfsA//AeK+qG/6b1nEJK+Cat9T4Bg1LRQDb7IMihgVL2ZJWJRFWv ++refYKP3qnyzE5A/I0+8PNlld5KUmS6aylJEvhE1AoGBAKKqmxgGK1WeJqGGbao7 +caSsfh0KkEPP5btxyz/xTA3HGGh8RFA5wP8O5L3aV0/dR9D4PrVfromxtUjfrjpL +vLneaixGwxuyp9bxGfc+VDKpRxoBXN8tbAhbqw9esyWYvi/UNpAqv5sda9aCHS/Z +7hKJgMMdrg/I1eshkyTaFESBAoGBAL9H2MmV3BvA2LEkgV8ZFbPiom47h03nqmOb +22DzRb2Cq/JOFuYMTuUG6zth9N02CYhIw/xBCwQUaE3ilAyshu85ghhyZ+O2sCpg +62J36W1pGhEwHDW28WBMU6LD3NSyQpXEvF4DI0W2KEKavNBJdDpSGxzFBJKBsTK4 +Nw27EfCJAoGActUtucQW5DM9EG3IaHBMM8jl/TBX3Le8UrKbnDpzglkbBeqw8WIa +pwol7FbBpgkjF2F5fqF+Sd5OWCyHVglzrDSPPc72v8oDnJmX+708Z6YftHRLW4Z4 +m4YhijjwjfCLBFgtNLAh4dRM+t5qPjTA5hyyh8hb9UvuSv5Fd23aKTI= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate_1.key new file mode 100644 index 0000000000..76fae46565 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAmiEQk5F7dQ2osFGhuCyHuRyfY2N69QOjiUxetQPpUDLC4jBo +nhbs7nAVdEcPzepdYSgdCz83OYOu8GQFgxXmLcvpaR2YvTrPJfYhos/oV6y7lzJm +UbvDP0z56KwnMADl4/Vk8eTyeZNqVvaZKIHyIxOsl+I50ICRjvLFMM1GcTyIygO1 +dKLc2+GucCpCsZm41UhgLx7a0x8ni2wSQD1d6w3o8OPwSovNdGLoBkTK2F4qbQlN +e45HHAQS2urlb2xBLCMdOYPQRKV8xhMObHMqBnFPZbqxXtvT7MquQF4kh2MtrkvV +9kwl/D/ZbpZlyLKLGqPtM7Q688xKxfxmgT+JWQIDAQABAoIBAEYA2oyLuS0TBRkA +GpmR8BsNev8jQcdi3bYQb7t7iU6Zn5YoMnwLIZWyZqwnUnBOEBd+pqJjFewTeTNJ +2o8NNTx7rwnFHYhk24z8W46dK4QWuiUUCRD6XNW1WpRpDGtrHP8Kh8yuFctOPzA8 +VJfnXVi9KNjbMTMYEgSBEzr1IRdwmKVelzMkizWd7Sdd8KjpyzwwuuuYCK8rFaT9 +aGUUIj1chMJ3SPK3H1mo+V6KHralgyf2+1j0hnDVvTEoP/a2sT0y+X2+4pIdrve+ +ZDP3E7gle6jWhDI6JE/nUUMfC0CkZT3lwJk4e90VV9CpreNNYL8S6myMhYuzJwAu +BSgUUTkCgYEAyKPvKtIDDznLAWqMS8GAexbNRk8GMBA+Z8L3XOzmEShQeGvOJFxm +KNnGUkv9jybGz+ZTsKocItVedzAuQ81YEUmNzqrPJegAl917tV0p1tI/b+qn+Hjf +uWmBvpTcTfc3c/5DpmUcWpIaFimv8/q7GnNr31O10gpqPc9K3D/X9GcCgYEAxKfZ +knsq8BFeQlTM3vyrIys99bMBOEvrQHqhWYmoHX9FlUUC++Lc2TbuFzyl07VFL9r+ +CLPK8AZ8ewvkVqV6nlC8S5NUWvRI03RjTHLMp/WFl1IMMbpTfxGJ+s/z/zG5W6Xt +MYUImg1N4nRGjt2S885AJJWtlRB1EZiuo4oz/D8CgYAbkyQ4n1paSlgTHsCfXL26 +rPyTUCMKkgDxo8L5W3mXHBJLKo3PQ3+q15tBDj6P4QVr5zzTR93MD8UG3nFNUjhr +T8+Uerczf3otZPwuhdpNMuITEI37QSmGQvDY736DnJlbcLN9d+H4tKGvMBWFk40J +apmFvOx9LH9DdWzVblTQuwKBgQCfcPM/Byt97qb8oqJkHHlojzOyFErl6O+4nHRb +EvfByqGQ754GuR2T4yxQnLRaHHsW3LfgOF1OFAQzAyZDdfEfkJfJso7PG4Y8Iv4r +SlxRxQdl83i9jLMLsB2tw5KxEhCVlMblwlWCCU1fUCSwykbN8yggQVa2J9yywpa9 +M10IowKBgQCPm3FySw0oH5VP0uj1J3kntDd1yNbzXfs+FC8bxIJ1P71AyOzdPAiK +vHwhGiMjGeMMwliHTIjmptiw5JMAGsek5OpSia6qxnCdXwrvWZ2n1CleXVp9RvyK +NUaWTRW0MUfoE2N1MrGwM20BswQSOZr7RCNPSnwDK2cE5BlPJFcZeQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root.key new file mode 100644 index 0000000000..5b7e3bd29d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw5Zmx+f9IRTs30oFGowi2o8+t47Kot7X4wgFzSgc2tSZuq3e +kgdEGFXntUFrOGQYBqtsuK09uE7I+oz8WCwsqEIIKLSFKqpX4qh2Sm7+OC/RFMZS +bwWkiVTCD/CTgwm3VVaUe1dlhwndYeoaAjwkpcwt03wK3C5non+RrbR2dgKsf4Vf +YYYMYBWggn+FFvQQjUkn5DNYdVVrWqvH0b09qDtoG7TeaInEh/6HBNRS84/6LkR5 +wWJGt4hMu3Vh/ebFavuoO++n5hoeRC1hp05jXma494VgdIvqIIKEhHH1HcYMwu4R +eAGuRFrje5cuAdAYkXcBI3/SIXP085qUrZMuoQIDAQABAoIBAQClr91176LRyYY4 +Sd409Q35lGuO2Bn1C05bd0pi115KStvH9s6baihXbT6Sn86SwMhRrhq1/5xPa/55 +scF7eECEcRu0T+iXkiJNUmSS/Z/CPU+jh7YBcwhFhlW3ZxevZCW411WFfy30zXiL +H+PUjNqG0YbopyYUDAOi9uqT+lJ3+KGzDV2ZMEC5FvPAYqybS2HWUWMkDsQWypf/ +AmngsckZKf0LtL6d2x27YXlA0DBkPtE5BHbIO1IwY6qBaVIvoxK9HNe9M01yjv/a +mmnvYuK/oksi+cwkYuCxqSx9gLuKyYRQl6dDXMzZIEpmyevOh1qZ4Sc/b/E5QYaf +R1qeK6mhAoGBAP4jb1mz32vBwTmIWaVE/VF1/Zg/UsFDolUoOlq8gRv1AP+/qydF +31yxhAQgTuoH9incoIfKhKUuwKSYdeozE5AK4zdpF0UK61BO7QJR7PcDB8KxSyp3 +DeVDOAh8dJAXp6cOBehm6XO3BNmNIMRlPX4GVFudiY7IspQxci21wLK9AoGBAMUF +K7gW0A3ZgqEitu96y5vdCrjZ/3A0XvB9OWpWvfHcKR/M5o8IzGtLOfr7t7Yp60tt +YeDFV4TyW1GuuYv8DCnM9OdNLGN0zgPo8EP9kmblHAOmYiD4zXtlMxr94sZBkdFU +YxpJvx0BIA3T2H9bBl/Y9oD2sGbPVNeQlEZxhHu1AoGAPSQbSvJ6YvtXWFcUci15 +4FpJq5I4f6Sc7m3iNCg7y5UTK3RaYfVuemd+wltfgPBvabzZpjGz3eW0lSTU4YZu +Q25LIe6XmZW57TU/0hoRr4+8EzwCQHIqFqkoVupSRMRcIlW+WB5CNgOnGAvbAUT2 +GVa+ftgU2xQv2nVW6eZbOOUCgYEAlxZ6CnhkINrW1F9czpXqoqKGYG+89f0TeXVu +nF/c1icx2lM11Ca5LObJlfGHVskaygMd9lMf5LI+2YsWe4VUhpHIlcCW88ZVXqY5 +6soAhavZKetkgUiLu79Fy8M7LzKFcnQ2c6huSP3d6Py2oCPb5ZDqqMeFS7Jfq9gR +/Vt8b6kCgYBSLtyqxhc7YsQZMmLOSHG2VX+Arcn2D/mvHaY1bWYklM230/7zBNhu +Vqy9Iia4W884pSz/g/WpVRX3xWuCjg4Hx/VCEM+4EL8GNq3VDoJ+8c1F5vzBgELR +zaMgUu0rh3a1YBcDf3vTURmyphKjFj41gb2+WidlvrsnyJowGCm7wg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root_1.key new file mode 100644 index 0000000000..07e17187a3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4rBTBYCEpGLXApaVVa1jyc3XRkEay7cNbHB1BebqqPZk3Z64 +96PaBVAUrQv9H41/0APO7H3e817ri/DbmHDMwsCp9yznJwSleRBHbaeAIroOCyjl +KvFpFKLdpKisZ3ag24t4wAt+LJxl9uVAt8DKs/AedGl3RTjhjN7JH/xnKO4irk09 +jGtjYp+/72d95u6k10HCYsXyPEmv+UR0tKcm+L3tV+ztFixCdz2FaehIftdwBSG5 +FZYLWl2s7mRGG0zrWLD9SP7BAufQwAtSqudRnJORRgXtIy7DCw5QDm44rDFpfXDS +QN19QT4IMXjG41cdxVPnkW3evN4/LnLe4qBjCwIDAQABAoIBAFQZypNN/Ofn65EA +QOMKcu0ZuvZLjR9rCEXk6uWHqCOLVhyKmGD3nxk9fo481mnwWyzXXNuMTzzHSGgg +sbe6kZznUadsN03YgXOKwJVEAVvg3vjw8SSfb7bCPayrD1tLPZ51/hRxrxvp4kJZ +B0uk8Q8U1Jen0SITWkqjFMcTI0qha6GSuZOvE96cVEnog82LO1p3R4Ue3JTeaX5O +ZqDPJwg0QFUbPsfnaLRgiDcLlPloZGZQ/R49oIw/vu/u3bKrdFD23kAFr+cBgNy4 +VbrrDve2RLnNBCIRogP426dUXDladWt0tVquCxUh+okavwTimoD3LmJwKivGJykF +cTDZqTECgYEA/rvAe9tBU85PuV0Z8c8c5o4QLg8h/QDCXMVYXY1lvcj0B3hoKxza +WWIjBsu0P2D9+BivTJcZxlgqtBvxplIa1SdUWvpc2xfsig7ulA2TUTcOHekAV5Pv +YaDXSMZ8xqGhgNPT1l2Qg7LovqohsHQZMPqP8sii/lZWzgwjGuHucO8CgYEA49Df +5uA4vixOT34ECZN1wNZLpi32yBD7OTW7/AoHkRO0f17RTdlUxJdq2FQqhGu6XjnB +tmTkbzBQClMSLuZZPm4PIOBabbvMFkGpYpQjfEru7LgJVUz7JvvMsLs8DtymHeBn +gnQvU/HiJYIlfsJG4YfY1NKUHqtM7vaW1WS196UCgYAmHFbu8N20OSCqXeh8yfzL +7aM0EOWH4a4yjP/sdzQqkb8YwwXqtVVhnBIbeSyNcuhsTt0jO1QK3bP94FRmCtCi +5VB0kBKGYOztttAw7FsHApKlHPAFKkfdNmAfLjsKyLHOAWMnJjZxzbmOlQuXR7dh +IYuZyjTAkpBIIX67DeRLlwKBgQCi6bHUFrA9Ps3ZhtI4Tt08Q4LhmakKtSoSZVzD +BiEXHDJNi2697xbxZx6fCMFG5QrnawId/tRktvXmDDXKmCtlu6rR5d6E7nEp0Vbi +CfG+Zo+pdIooF97ap+Je1+ZA8oVQhDNBVPirXSRNkl5h4Whyy4TB3LzTmchwcqK2 +g0iliQKBgQDkokLu+1M/pxz4blyTPELmbRELTMWIBOMV3JyxktooS3ZyG+gjeW8Z +rQcLWCrzPX1H9UInvldY96NniDPm9MZyjBfmybEIb8gtStNl61YrQEvxCKpcNhSD +My91SJQ9nnh0yXAD5DxwnVkVp0hv6tbM2F0vZhRr0cidombSBuzngw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target.key new file mode 100644 index 0000000000..01f91e8f32 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5ZknxSyy +mimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1gS5zR +jx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R7dv6 +qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/BZaJ +/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5vqXY +OfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABAoIBAAxviEDFigBm6F8D +f+7vR/gFZVlEu43KhnmrClXFd2IPEDbUnR/Cj7ePIs0f7pDcOSAnoPEl+8Kfpt1p +qKKunMJvAGQVuyCivt6AaNlKa8HuwXxEgvWr4+vyVkj/nEfpTI8aSgSGYZIHProe +bzuLGTVz/wzL4nFtxgKrqP+XxiZdzUKadOHgkRbqEIyLq5ONhyhuzr6ruXgoT4Kh ++mmnrKPjTrQPA/igUysw4X0gojeO34byUxLCCkkSX1J/MWVqFvwAS6E3aQ6fkwNP +vIH0BvqRPsCN/H0Vtmtux7fTfgZlb/tVpk+HQaFT81LyKVoyOBSRUS1Xlaus6tAj +LykCnDkCgYEA2E2iWRf2498AlB12t9BcltgPCDW9GGAim42+d1EQyidwfEC3i/uk +bB/jk3DYc3YmUBv1gTwcspTZS9GoQJnsOXd8HFN6Qj+lhxJXjCw2DtOeIubjYYvt +7mWS4vmKhIN4H5MaQbceJlEyy/yTPPbAEbKgzPqVRJkWW7FnL38DpccCgYEAziX1 +RMMPJ21LEeYNcLJlZkb9Bz8zIiBpQPNXyZYMHXCKxDrkCVVkCjqpYb5IbXX4OsEK +WtDdyHqgVS8kVd05pJV0m6dE/cLwC/3t9H5ZJ39837AQckMiiKDMxFf0K2xM9bd3 +JRUNVdDO3VV8z3aCPfR2Ne32bMvmciP7FWNmXC0CgYEAtgO+FZKg4ueIqRqSB+OB +xj1RiOsPkC91b8g6+lRw+GtvsF8VFOpQVdwPuMZAnghR/R9J29Ilo/C1WaO3HYVo +zoLJIVztiEnelGbO3NlnM9rHOz9nH3KMaQt4Kx8pfJDUyF0Uvy/EYyH4yMZlb+uD +fGEABvzmFq9rrQT/e2w6OYkCgYAMx7+n7qve1uDDkE6fAQBWUepX66wg3n+H/k4f ++kRwAs0nkzsV9QxJsg9UNvbIinrEMbmRncdSKYANJ+oJxLhRIs7i44DcdpxpMenx +sW+XikjUmVa7rrvSWp23QnipxIIU7bXeP6re+h4JDMa7Ge7DJoe5mjIf1phH1UE4 +tzveVQKBgQC6g1mIw/zEzE9C4M51bM+t9qyjDLHdJA+xBkdNoFhRUMf0+ZWqW/Qx +LxB9H0gaZQLTkb2Q1ctl3mnXfigXTw15H0Yho6wd7Pkrs1uH5EInM9vFPeRAWzky +YbjjCmkZnrhftpWrHISNdrcBR/Womab0AiIdZimr7thVvkvzLc0oNg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target_1.key new file mode 100644 index 0000000000..4c1818c509 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyK+l2RVW3eyxQd00NkirWj8uahQWOB/CrSdk8nJUoYFznP06 +Nyxk+eIKvQ90mnDqnG7JZOmSpL+aMCyaj0zrEh5YCPVqS3LgqKkigcrNfHjNJJuQ +in2sec9AqdD2pHjv/cOzndPqUe7H7fUrNlxQEb5EqSnN1nm8vVulRtGnhqWGKnP1 +uvn0XpyUnpWB7EL5g/FOpuvJoTzpl4DL7k0GRXWnONvyqRcSRvGZH0BIiaC9B0al +qxED+6Usosm89wfln84kJj6hqKz+rQlkANnaPMgJw7zHZLmTwrk5TjygfJwU/OW9 +Hx78Tejlqp3/M+33EA5y2oF56R7zZQOwE3cwpQIDAQABAoIBAF9f6qfSlmf91vgA +UpIB0z2ejUZoqW6e2XxFHpqCb2oaBYH0brhN5udC3+ud7sJ/K2CQ3jGRN9oIHRUL +/aBg487GkPwg9hVJUS+WwgmBAktHdecR742B0HhLYOXTo4Pi3dtyKGi3j8LEgku6 +moDJOlxUWnkyntpxHJu5dEDF3qIELMsNDVZbh4OMi+ayA/aR8jX9RF4yOxf9oQfP +QqYlW+gicJNTOQ7qFncYumVO4Kzfc+OVMou2g8V/vvjf8XfB8rDRkiI8rBlAhq8+ +p2lSsmb3g5Tc7SuNkMaPYWMRlQgmg2h+sBkXderF46CuKVeVuEwOAwLYSMWXPA5t +ADP4UgECgYEA6PVBKWO5gFbrTafn5+1gtAzXmg6uyMxuvlE4ez11ywa9cCqEj5/T +b06ifOYYpFDhV5ZL+tUBsKutOli6gP/fKaH8NPXM6UWpWNRkcPGU74x9iEq4nZSE +OBMMD2tbn0UPAqRdQV1hMSHDhYUzkHRQpoZvSWa/d61dq+TnYYKPU0ECgYEA3Ik8 +AC1LBj5VkfaUhvA4pnyta7W5czn2lVuu6/38z1Q8KakQavVhYRtUgZ3uGyyZL7pB +BiEYBpfCpfWSzo1IPmCEEqH2m6cMhnd20SnIsRLf6aRHXU/VH41quAL5yyLGudCq +mvWThXyhqlRRLrz99W+lYiifT0ySXbp1lJINWGUCgYAmGD0QpKMoDo6qA0QUFChV +KSh0o+QHKA8QBj4jQRirG64M0pcc2Xj84bIGlKYA8Mz4wrYoDX8aQeiw+uN8xtra +dwfELVHV77NSuGC4a3j8d0/r4rQv6KJ6fPri5p5z/BoJR5GMZ9XF8AyGIBMfkzXB +FYjLSwcSbgI8YtFHi88eQQKBgE2m9L2LNTOJl0/B5yJsS0Yz+ExIvHfaHP0SP1FR +KUdHfbedk+5VYGh02xiYp1JiLb4kcujZlkAcB6mwAnVAQgPUsCxvYwoDk+F1Bx02 +/Td8UeNOuOIeTgjCHqWURqhEIn0jAC938O27qKD093DhkvpsyWr6qr2dVJw0H1qk +4pYRAoGAKydTTMJl8lSxSH1+I3Onwx3O8qQ3D8xd6scv05G6P2CnxfQV5WqhEB5h +HoyJYqy5QOyYQGESESQ67O1Z8ikGJuHCb3I9mQ5O/7WBBspjBMMABI7tPjIQol7p +S2hx4D7ajXlCIxCQ/vKTv5aMNi4hAc+8ib6Ub0FRTPvLpIDhLoM= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem new file mode 100644 index 0000000000..97ca7d2989 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Generates certificate chains where the intermediate contains netscape server +gated crypto rather than serverAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 16:b5:13:fb:79:d7:bf:0c:f5:4b:2a:50:4c:9a:68:d0:89:a0:f2:9d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ae:2e:8b:18:8d:f7:76:2c:94:0c:3f:a0:b6:ea: + 70:1f:5e:c8:48:c5:aa:ad:55:6b:bd:55:68:0d:8e: + ce:e5:99:27:c5:2c:b2:9a:29:a9:8f:8e:c3:c6:97: + 89:6d:31:d7:a4:8f:d8:36:37:4f:33:c7:d6:42:03: + 11:08:c4:7f:35:8c:ee:0f:1b:7a:31:74:04:aa:01: + d3:1e:8b:5b:01:9d:60:4b:9c:d1:8f:1e:ab:e5:dc: + 8f:17:77:49:e3:f6:d5:82:a5:2f:0a:e8:dc:9f:96: + 1e:2a:a1:41:d1:67:2c:9e:f3:7f:94:0c:6e:cf:5f: + 55:52:37:05:d0:39:37:1a:6e:11:ed:db:fa:aa:92: + a7:4f:50:29:07:69:af:1d:a7:99:fa:e1:56:f0:03: + 38:b0:ae:6b:e7:19:0b:dd:c3:07:31:8e:84:04:a5: + b4:eb:b8:bc:23:f3:40:b0:17:b4:ab:9e:3f:05:96: + 89:fc:84:23:cc:d1:06:c2:e4:8b:c6:65:f5:24:eb: + 72:31:bc:41:7d:3a:c9:55:08:0c:ee:a6:ae:1f:78: + 17:f8:a7:9d:7b:b1:82:f5:ce:82:6b:a8:b2:c6:8a: + b9:be:a5:d8:39:f4:49:e2:4c:53:32:85:26:53:4d: + 44:ce:d5:3b:a0:6b:e7:d9:02:a1:5a:ef:e1:a5:81: + a7:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EB:B0:1C:BD:B7:68:B8:D1:B9:8A:C2:9F:5D:CF:DD:AF:F2:62:70:8A + X509v3 Authority Key Identifier: + keyid:EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example + Signature Algorithm: sha256WithRSAEncryption + ae:3a:23:25:7f:40:ed:93:24:d6:8d:66:f1:b5:aa:56:37:c1: + 28:89:e5:84:0b:42:14:28:29:45:93:24:6f:80:71:2f:d9:0e: + ab:c9:70:29:60:83:0a:87:3a:f1:9f:5e:35:dc:36:e9:83:b4: + ab:41:2d:7f:00:df:a6:ff:21:b0:89:cb:b1:7f:bf:7b:18:f6: + 62:51:0b:97:c7:5b:af:3f:a1:e7:a1:07:3c:d3:57:54:c3:33: + 58:78:8e:2b:40:6a:7b:c5:5a:f8:ee:12:2b:8e:12:da:65:b3: + 05:ea:49:e4:38:11:a5:73:f1:11:3e:41:77:d5:3b:af:a3:88: + c4:54:21:bc:3c:52:e9:2e:04:cb:9a:39:08:6b:c9:d5:4f:7b: + 39:3f:54:82:d0:93:53:72:51:bb:2e:39:75:7f:c9:df:78:f6: + bd:f4:39:e5:bd:49:89:6b:4d:9a:ca:af:94:2e:d7:a1:aa:a5: + 9e:6c:c3:af:cc:00:4b:1a:86:86:a6:80:b2:fe:cc:d2:1d:09: + c7:a3:3a:bc:aa:c0:d6:1a:ca:47:9a:96:9f:44:d1:90:7e:53: + 70:87:e7:20:c7:33:f6:f7:3b:76:32:68:29:62:48:24:65:d6: + bf:5d:ec:33:b1:13:9b:24:a6:e6:d1:22:b4:04:2c:9e:0d:63: + 65:7b:a5:69 +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIUFrUT+3nXvwz1SypQTJpo0Img8p0wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5Zkn +xSyymimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1g +S5zRjx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R +7dv6qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/ +BZaJ/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5 +vqXYOfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABo4IBAjCB/zAdBgNV +HQ4EFgQU67AcvbdouNG5isKfXc/dr/JicIowHwYDVR0jBBgwFoAU7saaZcz7zqA+ +FwL5aBKGtiIJYLQwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNodHRwOi8v +dXJsLWZvci1haWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmgJ6AlhiNo +dHRwOi8vdXJsLWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBcGA1UdEQQQMA6CDHRl +c3QuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEArjojJX9A7ZMk1o1m8bWqVjfB +KInlhAtCFCgpRZMkb4BxL9kOq8lwKWCDCoc68Z9eNdw26YO0q0EtfwDfpv8hsInL +sX+/exj2YlELl8dbrz+h56EHPNNXVMMzWHiOK0Bqe8Va+O4SK44S2mWzBepJ5DgR +pXPxET5Bd9U7r6OIxFQhvDxS6S4Ey5o5CGvJ1U97OT9UgtCTU3JRuy45dX/J33j2 +vfQ55b1JiWtNmsqvlC7XoaqlnmzDr8wASxqGhqaAsv7M0h0Jx6M6vKrA1hrKR5qW +n0TRkH5TcIfnIMcz9vc7djJoKWJIJGXWv13sM7ETmySm5tEitAQsng1jZXulaQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:e0:1e:36:75:40:12:16:19:8d:07:a8:3f:9b:ff:e1:59:bc:6a:9e + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d1:41:40:6f:cb:25:05:d9:29:d0:a3:c7:fe:2f: + f0:53:ad:46:36:19:aa:b1:1f:3f:7a:a2:e0:fb:03: + 2b:77:65:6a:79:eb:f3:a3:16:13:34:83:3b:42:de: + a2:bb:e2:bf:d8:d2:75:3d:48:38:86:bb:2a:7d:14: + a3:88:f7:7c:00:f4:0a:6b:6b:aa:9b:44:24:62:fe: + db:a3:42:55:15:67:2a:32:ff:b2:4d:80:93:d0:84: + ef:1b:dc:7c:ac:56:2d:54:08:02:f6:18:6e:b5:80: + a8:77:52:1f:b8:2c:09:6d:cc:f8:1c:04:91:62:6e: + 1e:dd:1d:89:b2:f1:23:0b:4d:4c:6c:da:49:3d:61: + 83:72:0f:66:36:12:3f:f3:ff:53:52:73:53:a1:ca: + 38:bd:c3:48:bf:7a:2f:13:19:d7:c2:28:e1:6f:32: + 00:5e:64:ac:4b:05:7a:77:62:57:55:a9:59:83:d5: + ed:a3:2e:28:34:71:79:2f:b9:c3:9e:df:b3:2a:b1: + 59:cd:04:00:1d:8b:11:56:ae:c6:67:f6:4f:1d:58: + 07:65:e0:b0:2f:ef:57:6d:de:c1:a0:7c:6e:38:a8: + 45:26:21:96:e0:f6:ef:0e:28:cf:01:70:57:dc:20: + 15:08:ad:e8:e3:98:74:8c:54:32:c1:28:17:e0:de: + a1:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + Netscape Server Gated Crypto + Signature Algorithm: sha1WithRSAEncryption + 7a:c0:60:a1:ed:92:ff:ee:fa:8d:8e:c6:9a:04:d1:e9:b2:6a: + 64:f0:ad:c0:9a:20:40:22:db:1f:b9:d7:34:c5:cb:df:fa:cf: + 52:37:4e:57:84:8f:e3:ba:fc:ad:b3:50:76:d5:58:9a:8a:49: + c9:6c:71:93:a9:f1:bf:6e:db:01:59:42:2f:97:69:01:8c:3a: + 15:41:41:39:78:6f:ad:f9:61:50:38:54:b0:18:9c:8c:10:c9: + ee:ef:f2:74:62:e3:bf:3a:db:69:27:bd:d2:db:70:da:73:2f: + 03:2d:74:06:a5:1f:47:45:78:ad:33:49:5e:e0:e9:b3:cf:e6: + 31:41:ff:9f:26:8f:28:22:bb:07:5e:b4:2a:ff:20:b0:e1:5e: + 43:79:44:e9:85:4b:17:44:6a:98:3f:76:b5:2f:af:2f:bb:08: + cb:58:7b:61:de:f6:29:87:97:57:dd:a2:09:62:b9:21:4c:69: + dc:c4:52:94:4b:9a:29:d2:19:15:c5:01:9a:d0:bd:c5:fe:03: + 5a:55:0d:01:3e:58:b0:06:49:92:ae:4c:11:19:4f:c0:04:50: + 81:9d:18:88:ea:f9:eb:23:a4:d3:bb:e5:c0:a1:75:db:f5:20: + e4:0d:34:16:39:2e:70:3a:60:26:fb:d5:ad:5a:4d:be:11:08: + 6f:69:c9:63 +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUQuAeNnVAEhYZjQeoP5v/4Vm8ap4wDQYJKoZIhvcNAQEF +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANFBQG/LJQXZKdCjx/4v8FOtRjYZqrEfP3qi4PsDK3dlannr +86MWEzSDO0Leorviv9jSdT1IOIa7Kn0Uo4j3fAD0CmtrqptEJGL+26NCVRVnKjL/ +sk2Ak9CE7xvcfKxWLVQIAvYYbrWAqHdSH7gsCW3M+BwEkWJuHt0dibLxIwtNTGza +ST1hg3IPZjYSP/P/U1JzU6HKOL3DSL96LxMZ18Io4W8yAF5krEsFendiV1WpWYPV +7aMuKDRxeS+5w57fsyqxWc0EAB2LEVauxmf2Tx1YB2XgsC/vV23ewaB8bjioRSYh +luD27w4ozwFwV9wgFQit6OOYdIxUMsEoF+DeoYsCAwEAAaOB4TCB3jAdBgNVHQ4E +FgQU7saaZcz7zqA+FwL5aBKGtiIJYLQwHwYDVR0jBBgwFoAUQnVBNMVZn5mjmxwM +V9tcx8FIt5EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBQGA1UdJQQNMAsGCWCGSAGG+EIEATANBgkqhkiG9w0BAQUFAAOCAQEAesBgoe2S +/+76jY7GmgTR6bJqZPCtwJogQCLbH7nXNMXL3/rPUjdOV4SP47r8rbNQdtVYmopJ +yWxxk6nxv27bAVlCL5dpAYw6FUFBOXhvrflhUDhUsBicjBDJ7u/ydGLjvzrbaSe9 +0ttw2nMvAy10BqUfR0V4rTNJXuDps8/mMUH/nyaPKCK7B160Kv8gsOFeQ3lE6YVL +F0RqmD92tS+vL7sIy1h7Yd72KYeXV92iCWK5IUxp3MRSlEuaKdIZFcUBmtC9xf4D +WlUNAT5YsAZJkq5MERlPwARQgZ0YiOr56yOk07vlwKF12/Ug5A00FjkucDpgJvvV +rVpNvhEIb2nJYw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:e0:1e:36:75:40:12:16:19:8d:07:a8:3f:9b:ff:e1:59:bc:6a:9d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c3:96:66:c7:e7:fd:21:14:ec:df:4a:05:1a:8c: + 22:da:8f:3e:b7:8e:ca:a2:de:d7:e3:08:05:cd:28: + 1c:da:d4:99:ba:ad:de:92:07:44:18:55:e7:b5:41: + 6b:38:64:18:06:ab:6c:b8:ad:3d:b8:4e:c8:fa:8c: + fc:58:2c:2c:a8:42:08:28:b4:85:2a:aa:57:e2:a8: + 76:4a:6e:fe:38:2f:d1:14:c6:52:6f:05:a4:89:54: + c2:0f:f0:93:83:09:b7:55:56:94:7b:57:65:87:09: + dd:61:ea:1a:02:3c:24:a5:cc:2d:d3:7c:0a:dc:2e: + 67:a2:7f:91:ad:b4:76:76:02:ac:7f:85:5f:61:86: + 0c:60:15:a0:82:7f:85:16:f4:10:8d:49:27:e4:33: + 58:75:55:6b:5a:ab:c7:d1:bd:3d:a8:3b:68:1b:b4: + de:68:89:c4:87:fe:87:04:d4:52:f3:8f:fa:2e:44: + 79:c1:62:46:b7:88:4c:bb:75:61:fd:e6:c5:6a:fb: + a8:3b:ef:a7:e6:1a:1e:44:2d:61:a7:4e:63:5e:66: + b8:f7:85:60:74:8b:ea:20:82:84:84:71:f5:1d:c6: + 0c:c2:ee:11:78:01:ae:44:5a:e3:7b:97:2e:01:d0: + 18:91:77:01:23:7f:d2:21:73:f4:f3:9a:94:ad:93: + 2e:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 33:ba:bf:f6:77:75:ff:00:54:82:6a:d9:2b:33:43:5c:ce:d1: + 5f:4b:2a:fe:00:65:0c:2b:89:75:ba:e7:b7:95:2e:2d:34:7c: + 2e:21:a8:f5:7f:9a:eb:67:6a:30:61:d7:bc:35:6b:7e:7a:8d: + 77:19:8d:8e:a0:e1:c8:00:9c:7f:0f:3d:3b:41:27:ac:34:c9: + 8e:77:2e:14:4e:e9:09:06:59:15:33:fb:92:af:2f:4c:c8:de: + 3c:3a:b3:68:f6:4d:34:87:b6:cd:bd:db:e4:d9:24:33:3a:c3: + 77:4e:1b:9e:e0:6d:8d:2d:7f:dd:65:de:18:38:ec:b0:0d:33: + 88:12:9d:85:68:dd:f5:b0:b9:23:c3:e6:50:72:eb:ae:dc:42: + 2e:36:29:bd:e8:c1:11:f7:02:6e:65:5f:81:1d:dc:06:20:3e: + 27:41:11:e5:20:dd:6a:47:c9:19:06:77:41:ff:f7:58:15:8c: + 88:c4:d6:44:c1:c2:87:09:09:dc:64:0f:a8:90:77:88:42:bc: + bc:d2:75:d7:3d:69:6e:93:fb:60:89:e0:30:b3:a9:94:f7:01: + 25:23:1b:59:9b:b2:0a:a5:17:28:5c:67:4d:be:d6:ea:ca:b8: + 2c:e3:8f:cc:0f:38:d6:75:ba:07:d4:d5:76:e0:33:c8:f0:9f: + 28:4d:2f:3e +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUQuAeNnVAEhYZjQeoP5v/4Vm8ap0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDDlmbH5/0hFOzfSgUajCLajz63jsqi3tfjCAXNKBza1Jm6rd6SB0QYVee1 +QWs4ZBgGq2y4rT24Tsj6jPxYLCyoQggotIUqqlfiqHZKbv44L9EUxlJvBaSJVMIP +8JODCbdVVpR7V2WHCd1h6hoCPCSlzC3TfArcLmeif5GttHZ2Aqx/hV9hhgxgFaCC +f4UW9BCNSSfkM1h1VWtaq8fRvT2oO2gbtN5oicSH/ocE1FLzj/ouRHnBYka3iEy7 +dWH95sVq+6g776fmGh5ELWGnTmNeZrj3hWB0i+oggoSEcfUdxgzC7hF4Aa5EWuN7 +ly4B0BiRdwEjf9Ihc/TzmpStky6hAgMBAAGjgcswgcgwHQYDVR0OBBYEFEJ1QTTF +WZ+Zo5scDFfbXMfBSLeRMB8GA1UdIwQYMBaAFEJ1QTTFWZ+Zo5scDFfbXMfBSLeR +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAM7q/9nd1/wBUgmrZKzNDXM7RX0sq/gBlDCuJdbrnt5UuLTR8 +LiGo9X+a62dqMGHXvDVrfnqNdxmNjqDhyACcfw89O0EnrDTJjncuFE7pCQZZFTP7 +kq8vTMjePDqzaPZNNIe2zb3b5NkkMzrDd04bnuBtjS1/3WXeGDjssA0ziBKdhWjd +9bC5I8PmUHLrrtxCLjYpvejBEfcCbmVfgR3cBiA+J0ER5SDdakfJGQZ3Qf/3WBWM +iMTWRMHChwkJ3GQPqJB3iEK8vNJ11z1pbpP7YIngMLOplPcBJSMbWZuyCqUXKFxn +Tb7W6sq4LOOPzA841nW6B9TVduAzyPCfKE0vPg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test new file mode 100644 index 0000000000..99ec89cc9d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test @@ -0,0 +1,5 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test new file mode 100644 index 0000000000..e2a5f54da9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test @@ -0,0 +1,8 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test~ new file mode 100644 index 0000000000..e564cba9db --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test~ @@ -0,0 +1,9 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include client auth or server auth +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test new file mode 100644 index 0000000000..140dc99bf3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test @@ -0,0 +1,8 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test new file mode 100644 index 0000000000..b6a8a00206 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test @@ -0,0 +1,9 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test~ new file mode 100644 index 0000000000..7c7b1834d0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test~ @@ -0,0 +1,9 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include client auth or server auth +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test new file mode 100644 index 0000000000..682897d3fc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test @@ -0,0 +1,8 @@ +chain: sha1-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem new file mode 100644 index 0000000000..accb1b1230 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Generates certificate chains where the intermediate contains netscape server +gated crypto rather than serverAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 16:b5:13:fb:79:d7:bf:0c:f5:4b:2a:50:4c:9a:68:d0:89:a0:f2:9e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:af:a5:d9:15:56:dd:ec:b1:41:dd:34:36:48: + ab:5a:3f:2e:6a:14:16:38:1f:c2:ad:27:64:f2:72: + 54:a1:81:73:9c:fd:3a:37:2c:64:f9:e2:0a:bd:0f: + 74:9a:70:ea:9c:6e:c9:64:e9:92:a4:bf:9a:30:2c: + 9a:8f:4c:eb:12:1e:58:08:f5:6a:4b:72:e0:a8:a9: + 22:81:ca:cd:7c:78:cd:24:9b:90:8a:7d:ac:79:cf: + 40:a9:d0:f6:a4:78:ef:fd:c3:b3:9d:d3:ea:51:ee: + c7:ed:f5:2b:36:5c:50:11:be:44:a9:29:cd:d6:79: + bc:bd:5b:a5:46:d1:a7:86:a5:86:2a:73:f5:ba:f9: + f4:5e:9c:94:9e:95:81:ec:42:f9:83:f1:4e:a6:eb: + c9:a1:3c:e9:97:80:cb:ee:4d:06:45:75:a7:38:db: + f2:a9:17:12:46:f1:99:1f:40:48:89:a0:bd:07:46: + a5:ab:11:03:fb:a5:2c:a2:c9:bc:f7:07:e5:9f:ce: + 24:26:3e:a1:a8:ac:fe:ad:09:64:00:d9:da:3c:c8: + 09:c3:bc:c7:64:b9:93:c2:b9:39:4e:3c:a0:7c:9c: + 14:fc:e5:bd:1f:1e:fc:4d:e8:e5:aa:9d:ff:33:ed: + f7:10:0e:72:da:81:79:e9:1e:f3:65:03:b0:13:77: + 30:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 63:59:54:71:BD:5B:C7:56:B3:FE:AE:DA:EF:DE:59:E2:60:69:B3:2C + X509v3 Authority Key Identifier: + keyid:34:04:CA:F4:40:13:44:0C:86:E8:1F:47:3F:F0:E8:23:D6:EE:02:09 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example + Signature Algorithm: sha256WithRSAEncryption + 71:2e:c0:82:88:b5:f6:f0:83:ff:a6:86:d9:b4:ac:cd:01:46: + 8f:28:b7:00:ac:f9:68:8f:7b:60:4f:97:6d:5d:16:56:cb:92: + 20:35:d7:c4:4f:33:57:ed:0a:49:ba:b6:09:92:47:9d:db:dc: + b0:3c:d7:75:c7:07:d5:61:fc:75:6c:af:11:81:6e:c9:af:c8: + a1:fc:ff:3d:5e:81:69:c7:e7:aa:dd:0a:9b:ac:50:50:7c:39: + 81:1a:bd:cc:53:94:31:e6:5a:a9:0b:21:d4:c0:d3:d9:90:2b: + 52:c1:19:ee:03:ba:ec:9a:94:70:52:eb:a1:08:76:d2:dd:59: + 4f:ea:0d:20:68:f0:8e:49:12:2b:b3:92:bf:d2:00:ee:0f:4a: + 47:e2:73:4e:50:0d:7a:d7:22:d8:29:91:de:a1:fc:d4:84:df: + d7:53:65:eb:20:f9:f9:24:15:ab:e6:fc:9b:17:c7:ab:9e:ee: + 9c:78:c8:9f:fd:8a:9a:7b:83:00:94:a4:ad:3b:a8:56:02:73: + 4d:21:57:7e:34:7f:b7:f3:d6:85:3e:23:55:9e:3d:31:38:d9: + 76:75:06:09:f0:ac:94:38:1f:a1:bd:4b:e8:c6:68:1c:78:a7: + 12:90:90:dc:66:10:3b:1f:82:0c:27:ec:9c:57:d5:9e:0b:f5: + c3:be:1a:66 +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIUFrUT+3nXvwz1SypQTJpo0Img8p4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyK+l2RVW3eyxQd00NkirWj8uahQWOB/CrSdk8nJUoYFz +nP06Nyxk+eIKvQ90mnDqnG7JZOmSpL+aMCyaj0zrEh5YCPVqS3LgqKkigcrNfHjN +JJuQin2sec9AqdD2pHjv/cOzndPqUe7H7fUrNlxQEb5EqSnN1nm8vVulRtGnhqWG +KnP1uvn0XpyUnpWB7EL5g/FOpuvJoTzpl4DL7k0GRXWnONvyqRcSRvGZH0BIiaC9 +B0alqxED+6Usosm89wfln84kJj6hqKz+rQlkANnaPMgJw7zHZLmTwrk5TjygfJwU +/OW9Hx78Tejlqp3/M+33EA5y2oF56R7zZQOwE3cwpQIDAQABo4IBAjCB/zAdBgNV +HQ4EFgQUY1lUcb1bx1az/q7a795Z4mBpsywwHwYDVR0jBBgwFoAUNATK9EATRAyG +6B9HP/DoI9buAgkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNodHRwOi8v +dXJsLWZvci1haWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmgJ6AlhiNo +dHRwOi8vdXJsLWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBcGA1UdEQQQMA6CDHRl +c3QuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEAcS7Agoi19vCD/6aG2bSszQFG +jyi3AKz5aI97YE+XbV0WVsuSIDXXxE8zV+0KSbq2CZJHndvcsDzXdccH1WH8dWyv +EYFuya/Iofz/PV6Bacfnqt0Km6xQUHw5gRq9zFOUMeZaqQsh1MDT2ZArUsEZ7gO6 +7JqUcFLroQh20t1ZT+oNIGjwjkkSK7OSv9IA7g9KR+JzTlANetci2CmR3qH81ITf +11Nl6yD5+SQVq+b8mxfHq57unHjIn/2KmnuDAJSkrTuoVgJzTSFXfjR/t/PWhT4j +VZ49MTjZdnUGCfCslDgfob1L6MZoHHinEpCQ3GYQOx+CDCfsnFfVngv1w74aZg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:e0:1e:36:75:40:12:16:19:8d:07:a8:3f:9b:ff:e1:59:bc:6a:a0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9a:21:10:93:91:7b:75:0d:a8:b0:51:a1:b8:2c: + 87:b9:1c:9f:63:63:7a:f5:03:a3:89:4c:5e:b5:03: + e9:50:32:c2:e2:30:68:9e:16:ec:ee:70:15:74:47: + 0f:cd:ea:5d:61:28:1d:0b:3f:37:39:83:ae:f0:64: + 05:83:15:e6:2d:cb:e9:69:1d:98:bd:3a:cf:25:f6: + 21:a2:cf:e8:57:ac:bb:97:32:66:51:bb:c3:3f:4c: + f9:e8:ac:27:30:00:e5:e3:f5:64:f1:e4:f2:79:93: + 6a:56:f6:99:28:81:f2:23:13:ac:97:e2:39:d0:80: + 91:8e:f2:c5:30:cd:46:71:3c:88:ca:03:b5:74:a2: + dc:db:e1:ae:70:2a:42:b1:99:b8:d5:48:60:2f:1e: + da:d3:1f:27:8b:6c:12:40:3d:5d:eb:0d:e8:f0:e3: + f0:4a:8b:cd:74:62:e8:06:44:ca:d8:5e:2a:6d:09: + 4d:7b:8e:47:1c:04:12:da:ea:e5:6f:6c:41:2c:23: + 1d:39:83:d0:44:a5:7c:c6:13:0e:6c:73:2a:06:71: + 4f:65:ba:b1:5e:db:d3:ec:ca:ae:40:5e:24:87:63: + 2d:ae:4b:d5:f6:4c:25:fc:3f:d9:6e:96:65:c8:b2: + 8b:1a:a3:ed:33:b4:3a:f3:cc:4a:c5:fc:66:81:3f: + 89:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 34:04:CA:F4:40:13:44:0C:86:E8:1F:47:3F:F0:E8:23:D6:EE:02:09 + X509v3 Authority Key Identifier: + keyid:4E:42:54:6A:32:D3:BE:9E:70:41:47:41:3E:90:BA:86:3F:D4:FD:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + Netscape Server Gated Crypto + Signature Algorithm: sha256WithRSAEncryption + 2a:ce:0f:b6:ca:5a:e5:cd:69:c9:1c:e7:55:f5:6e:08:2a:38: + 83:8b:66:35:20:fc:97:c4:af:e8:e8:5b:ca:c1:31:5a:55:83: + b9:f4:d5:6d:ed:cd:a6:99:e6:56:b6:6f:32:63:b3:ec:be:a3: + a7:9c:42:b9:f3:28:35:88:9c:dd:f7:cf:1c:c8:3f:f0:11:ac: + d7:58:03:3c:f6:16:4d:17:7a:df:52:c5:e8:eb:cd:82:56:d7: + 6b:9d:28:70:a8:a6:1b:73:c1:36:bc:b6:37:79:fe:ba:12:34: + 7b:8b:42:a7:08:5b:d9:52:f6:be:02:b5:c1:8e:74:e2:e8:5b: + f9:8a:f9:2e:d3:d6:c7:c7:14:0f:a2:43:a7:5c:f2:7c:eb:d8: + 70:f0:d8:89:a2:e8:de:b3:07:43:20:b0:c4:22:a7:a5:3d:0d: + 69:4c:78:da:80:eb:8f:54:e3:8a:a0:50:ff:7d:0d:88:84:a5: + 39:0b:de:74:5d:d7:7a:10:23:f3:ea:72:4f:29:eb:5f:5b:d8: + bb:5d:bf:d2:8e:c5:84:41:3c:5a:55:60:39:58:54:55:db:6c: + 52:ea:ec:13:4d:ff:63:af:30:85:60:5c:2d:cc:e3:d4:97:78: + 78:ea:90:db:d8:a3:94:c6:84:ce:ed:3d:37:bf:f0:4b:72:0b: + 6b:af:e2:ad +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUQuAeNnVAEhYZjQeoP5v/4Vm8aqAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJohEJORe3UNqLBRobgsh7kcn2NjevUDo4lMXrUD6VAywuIw +aJ4W7O5wFXRHD83qXWEoHQs/NzmDrvBkBYMV5i3L6WkdmL06zyX2IaLP6Fesu5cy +ZlG7wz9M+eisJzAA5eP1ZPHk8nmTalb2mSiB8iMTrJfiOdCAkY7yxTDNRnE8iMoD +tXSi3NvhrnAqQrGZuNVIYC8e2tMfJ4tsEkA9XesN6PDj8EqLzXRi6AZEytheKm0J +TXuORxwEEtrq5W9sQSwjHTmD0ESlfMYTDmxzKgZxT2W6sV7b0+zKrkBeJIdjLa5L +1fZMJfw/2W6WZciyixqj7TO0OvPMSsX8ZoE/iVkCAwEAAaOB4TCB3jAdBgNVHQ4E +FgQUNATK9EATRAyG6B9HP/DoI9buAgkwHwYDVR0jBBgwFoAUTkJUajLTvp5wQUdB +PpC6hj/U/WwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBQGA1UdJQQNMAsGCWCGSAGG+EIEATANBgkqhkiG9w0BAQsFAAOCAQEAKs4Ptspa +5c1pyRznVfVuCCo4g4tmNSD8l8Sv6OhbysExWlWDufTVbe3NppnmVrZvMmOz7L6j +p5xCufMoNYic3ffPHMg/8BGs11gDPPYWTRd631LF6OvNglbXa50ocKimG3PBNry2 +N3n+uhI0e4tCpwhb2VL2vgK1wY504uhb+Yr5LtPWx8cUD6JDp1zyfOvYcPDYiaLo +3rMHQyCwxCKnpT0NaUx42oDrj1TjiqBQ/30NiISlOQvedF3XehAj8+pyTynrX1vY +u12/0o7FhEE8WlVgOVhUVdtsUursE03/Y68whWBcLczj1Jd4eOqQ29ijlMaEzu09 +N7/wS3ILa6/irQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:e0:1e:36:75:40:12:16:19:8d:07:a8:3f:9b:ff:e1:59:bc:6a:9f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e2:b0:53:05:80:84:a4:62:d7:02:96:95:55:ad: + 63:c9:cd:d7:46:41:1a:cb:b7:0d:6c:70:75:05:e6: + ea:a8:f6:64:dd:9e:b8:f7:a3:da:05:50:14:ad:0b: + fd:1f:8d:7f:d0:03:ce:ec:7d:de:f3:5e:eb:8b:f0: + db:98:70:cc:c2:c0:a9:f7:2c:e7:27:04:a5:79:10: + 47:6d:a7:80:22:ba:0e:0b:28:e5:2a:f1:69:14:a2: + dd:a4:a8:ac:67:76:a0:db:8b:78:c0:0b:7e:2c:9c: + 65:f6:e5:40:b7:c0:ca:b3:f0:1e:74:69:77:45:38: + e1:8c:de:c9:1f:fc:67:28:ee:22:ae:4d:3d:8c:6b: + 63:62:9f:bf:ef:67:7d:e6:ee:a4:d7:41:c2:62:c5: + f2:3c:49:af:f9:44:74:b4:a7:26:f8:bd:ed:57:ec: + ed:16:2c:42:77:3d:85:69:e8:48:7e:d7:70:05:21: + b9:15:96:0b:5a:5d:ac:ee:64:46:1b:4c:eb:58:b0: + fd:48:fe:c1:02:e7:d0:c0:0b:52:aa:e7:51:9c:93: + 91:46:05:ed:23:2e:c3:0b:0e:50:0e:6e:38:ac:31: + 69:7d:70:d2:40:dd:7d:41:3e:08:31:78:c6:e3:57: + 1d:c5:53:e7:91:6d:de:bc:de:3f:2e:72:de:e2:a0: + 63:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4E:42:54:6A:32:D3:BE:9E:70:41:47:41:3E:90:BA:86:3F:D4:FD:6C + X509v3 Authority Key Identifier: + keyid:4E:42:54:6A:32:D3:BE:9E:70:41:47:41:3E:90:BA:86:3F:D4:FD:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a8:4b:3f:7e:08:b6:f1:fa:4d:96:d4:b5:49:10:15:b1:5d:bb: + 4a:ae:21:f9:e6:cc:22:50:d5:0b:24:5e:6a:e3:b1:5d:85:8b: + 91:39:61:41:dc:ac:80:b4:14:d2:32:11:dd:18:48:1d:cc:fd: + 63:72:22:d0:30:53:e5:c5:2d:00:fe:58:de:25:a2:99:ab:03: + 39:a8:f8:0e:32:02:8b:de:ea:bc:5b:e3:4f:ad:b9:05:8b:80: + f5:9d:ae:0f:59:80:10:e3:eb:50:6d:75:43:9b:f7:d0:4f:32: + 7c:a6:46:22:51:25:01:60:15:a6:ad:91:23:c7:e5:b5:d4:e5: + 37:cc:8b:4a:ea:ae:22:ca:64:b2:04:ed:bf:ff:93:8b:44:09: + f2:06:42:81:a2:46:cd:2e:bd:26:87:a6:60:47:e3:80:c4:e1: + 9c:ee:74:37:6c:56:34:32:c9:83:01:79:08:7a:d4:c3:75:38: + a0:6a:11:4b:b0:22:f1:bc:c9:27:a2:56:ab:2a:b5:eb:06:77: + cd:08:c0:94:73:43:85:9a:1f:8b:b6:78:b8:9c:d0:ef:79:19: + ee:9e:af:9d:6d:0d:c8:3c:b8:cb:c2:5b:9c:90:b8:ce:6c:61: + 03:75:e4:3a:7e:28:b6:be:10:5a:11:a3:28:43:90:18:80:b3: + 6f:71:9e:a1 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUQuAeNnVAEhYZjQeoP5v/4Vm8ap8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDisFMFgISkYtcClpVVrWPJzddGQRrLtw1scHUF5uqo9mTdnrj3o9oFUBSt +C/0fjX/QA87sfd7zXuuL8NuYcMzCwKn3LOcnBKV5EEdtp4Aiug4LKOUq8WkUot2k +qKxndqDbi3jAC34snGX25UC3wMqz8B50aXdFOOGM3skf/Gco7iKuTT2Ma2Nin7/v +Z33m7qTXQcJixfI8Sa/5RHS0pyb4ve1X7O0WLEJ3PYVp6Eh+13AFIbkVlgtaXazu +ZEYbTOtYsP1I/sEC59DAC1Kq51Gck5FGBe0jLsMLDlAObjisMWl9cNJA3X1BPggx +eMbjVx3FU+eRbd683j8uct7ioGMLAgMBAAGjgcswgcgwHQYDVR0OBBYEFE5CVGoy +076ecEFHQT6QuoY/1P1sMB8GA1UdIwQYMBaAFE5CVGoy076ecEFHQT6QuoY/1P1s +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAqEs/fgi28fpNltS1SRAVsV27Sq4h+ebMIlDVCyReauOxXYWL +kTlhQdysgLQU0jIR3RhIHcz9Y3Ii0DBT5cUtAP5Y3iWimasDOaj4DjICi97qvFvj +T625BYuA9Z2uD1mAEOPrUG11Q5v30E8yfKZGIlElAWAVpq2RI8fltdTlN8yLSuqu +IspksgTtv/+Ti0QJ8gZCgaJGzS69JoemYEfjgMThnO50N2xWNDLJgwF5CHrUw3U4 +oGoRS7Ai8bzJJ6JWqyq16wZ3zQjAlHNDhZofi7Z4uJzQ73kZ7p6vnW0NyDy4y8Jb +nJC4zmxhA3XkOn4otr4QWhGjKEOQGICzb3GeoQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test new file mode 100644 index 0000000000..70946f05ca --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test @@ -0,0 +1,5 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test new file mode 100644 index 0000000000..2abae80cb9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test @@ -0,0 +1,8 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test~ new file mode 100644 index 0000000000..caeec38f0d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test~ @@ -0,0 +1,9 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include client auth or server auth +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test new file mode 100644 index 0000000000..caeec38f0d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test @@ -0,0 +1,9 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include client auth or server auth +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test new file mode 100644 index 0000000000..acd23e6c01 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test @@ -0,0 +1,9 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test~ new file mode 100644 index 0000000000..fa7127fe7e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test~ @@ -0,0 +1,10 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include client auth or server auth +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test new file mode 100644 index 0000000000..1d3623a3d5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test @@ -0,0 +1,9 @@ +chain: sha256-chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes Netscape Server Gated Crypto +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/chain.pem new file mode 100644 index 0000000000..6d74fff9b3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/chain.pem @@ -0,0 +1,273 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate lacks a basic constraints +extension (yet is used to issue another certificate). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 49:69:f3:be:c4:d1:47:b6:f9:34:d0:0a:22:12:e6:60:9c:51:8b:6e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cd:97:c5:b2:49:20:8b:97:3c:5d:b5:01:5b:8d: + ac:af:2a:2a:b5:cf:1a:ba:d8:1c:2d:68:12:1f:1f: + 10:8c:50:4d:d6:75:72:cb:62:d5:5f:ff:6b:45:44: + a6:76:15:31:6e:7d:0e:21:2e:53:65:57:cf:7f:24: + ab:2d:05:db:7e:94:e7:7b:dc:ec:02:6d:58:3b:4e: + db:c0:95:02:bf:c4:ad:4c:26:20:49:11:a5:d1:b7: + 01:e9:27:15:85:ef:19:9a:7d:b9:32:6a:f8:0e:45: + 8b:ee:f4:31:ad:e6:ef:bf:be:d7:ac:44:2e:11:59: + 15:5b:82:81:37:88:46:58:98:96:5b:b4:33:c5:c3: + 14:11:7a:53:fc:e9:7a:c5:dd:61:ed:01:a4:83:fe: + 39:66:8d:34:8d:87:09:94:78:f4:fe:0c:0e:e8:ca: + f1:d0:7a:d6:d0:55:1d:4b:21:31:6c:54:39:ff:1d: + 38:c4:58:c0:10:02:78:ab:73:36:d3:2b:09:a4:62: + e9:e3:32:41:02:ea:d6:99:0a:0e:01:3c:df:68:3e: + 58:cb:7e:c2:61:84:c9:27:37:83:0b:5c:e8:60:5e: + 53:64:e6:50:cf:2a:22:cd:be:57:92:72:6c:6b:47: + 77:ee:bb:96:48:b0:4b:1b:eb:37:b8:0f:2b:c6:97: + 98:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A1:B6:F2:69:1D:9D:60:3D:20:03:B7:D6:19:26:AF:97:9F:7F:56:2A + X509v3 Authority Key Identifier: + keyid:45:32:A9:37:50:F0:A0:A1:8E:02:EB:8B:34:65:28:12:3F:FB:6A:18 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + ce:53:84:d8:c1:2d:3d:aa:6b:47:32:92:12:9a:77:80:e6:76: + 22:c5:6c:5c:d9:53:39:41:18:7a:e5:9d:54:9e:8e:3c:93:23: + f9:47:dd:f8:e1:83:90:9c:47:52:31:99:ec:d2:0d:96:0c:c7: + b4:4d:62:f6:0e:0b:7d:38:d8:3c:0e:06:ba:d9:d8:6e:e5:e7: + 33:08:eb:e7:e8:f5:72:cc:9e:13:34:64:8f:17:ee:cd:b8:fe: + db:80:14:ae:e3:ea:f5:45:01:4f:ac:14:7a:41:9f:ca:3d:2e: + 7b:bb:66:fa:e9:2c:f5:94:8b:ce:c5:34:0a:9e:bf:91:70:13: + a7:e7:cf:ff:71:8d:22:c9:22:de:ea:7a:27:51:08:80:00:f1: + 9b:82:04:7d:c4:c9:75:4a:f3:49:4f:2b:9a:40:1d:7d:2b:d3: + 76:de:da:99:9e:b6:5f:90:03:9c:25:8f:46:eb:b7:fb:26:b6: + dd:8c:66:12:df:c9:c3:9f:09:6f:10:88:45:37:8c:75:1c:bc: + a0:04:52:fd:77:23:fc:00:95:51:a0:4b:37:66:37:64:37:e5: + ed:09:67:51:30:5e:c2:63:c5:52:f1:88:2e:0b:51:3f:08:5f: + 76:6d:12:79:e5:a1:f4:e9:d3:55:1f:91:d0:43:3e:40:01:dc: + b3:8f:d2:ac +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUSWnzvsTRR7b5NNAKIhLmYJxRi24wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAzZfFskkgi5c8XbUBW42sryoqtc8autgcLWgSHx8QjFBN +1nVyy2LVX/9rRUSmdhUxbn0OIS5TZVfPfySrLQXbfpTne9zsAm1YO07bwJUCv8St +TCYgSRGl0bcB6ScVhe8Zmn25Mmr4DkWL7vQxrebvv77XrEQuEVkVW4KBN4hGWJiW +W7QzxcMUEXpT/Ol6xd1h7QGkg/45Zo00jYcJlHj0/gwO6Mrx0HrW0FUdSyExbFQ5 +/x04xFjAEAJ4q3M20ysJpGLp4zJBAurWmQoOATzfaD5Yy37CYYTJJzeDC1zoYF5T +ZOZQzyoizb5XknJsa0d37ruWSLBLG+s3uA8rxpeYswIDAQABo4HpMIHmMB0GA1Ud +DgQWBBShtvJpHZ1gPSADt9YZJq+Xn39WKjAfBgNVHSMEGDAWgBRFMqk3UPCgoY4C +64s0ZSgSP/tqGDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAM5ThNjBLT2qa0cykhKad4DmdiLFbFzZUzlBGHrlnVSejjyTI/lH3fjhg5Cc +R1IxmezSDZYMx7RNYvYOC3042DwOBrrZ2G7l5zMI6+fo9XLMnhM0ZI8X7s24/tuA +FK7j6vVFAU+sFHpBn8o9Lnu7ZvrpLPWUi87FNAqev5FwE6fnz/9xjSLJIt7qeidR +CIAA8ZuCBH3EyXVK80lPK5pAHX0r03be2pmetl+QA5wlj0brt/smtt2MZhLfycOf +CW8QiEU3jHUcvKAEUv13I/wAlVGgSzdmN2Q35e0JZ1EwXsJjxVLxiC4LUT8IX3Zt +EnnlofTp01UfkdBDPkAB3LOP0qw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:71:83:7d:9a:71:3e:fb:f4:b1:79:2c:b6:6c:11:29:14:74:0b:74 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d4:d2:58:5a:24:b9:9d:c4:07:62:ed:0a:24:09: + 46:d4:97:a8:e1:e6:fa:c2:8d:ba:31:da:ea:95:6f: + ca:79:cc:10:08:cd:8e:5d:33:eb:04:40:94:7a:15: + 94:71:fe:50:73:ea:a0:41:e6:bf:93:aa:7f:60:c2: + e6:55:1a:24:ce:b5:f9:5f:ad:f7:90:b5:49:1c:30: + 45:ad:ed:12:d3:b0:9d:de:03:33:01:a6:c0:12:4e: + 96:13:d7:9f:b0:69:67:b9:cf:d5:a9:ce:9d:7c:4e: + 5f:0d:7b:d1:a4:65:93:12:22:42:e8:02:9f:18:0b: + 03:af:1f:3c:b1:e0:ac:a7:a7:87:b1:22:c1:c9:fe: + 1d:81:13:dd:e7:d9:21:68:86:6a:06:13:82:73:e5: + 78:78:e0:99:76:75:38:68:73:cb:8b:33:25:53:72: + d1:58:f0:40:64:36:03:32:1d:72:c3:8c:ef:de:76: + 07:df:9a:b7:b9:4c:10:94:fb:c8:7b:69:ba:d3:a9: + 1a:21:8c:f7:c5:b3:b1:1b:72:44:10:8c:dd:c3:76: + 36:e5:ce:a8:a0:29:1b:fa:47:0c:e3:89:f2:44:84: + cc:88:0f:48:09:c9:0e:1e:a9:ee:a7:55:ba:5a:6f: + 78:66:d8:bd:4d:9c:d5:52:95:83:b1:80:b5:af:ce: + f5:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 45:32:A9:37:50:F0:A0:A1:8E:02:EB:8B:34:65:28:12:3F:FB:6A:18 + X509v3 Authority Key Identifier: + keyid:E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 75:42:84:61:76:99:df:4f:c9:9c:e5:a2:98:7e:95:fc:c3:d5: + 30:41:a8:99:80:99:4a:ac:e7:17:24:58:57:65:52:6a:ef:15: + 35:0e:1c:83:22:54:f0:10:27:ba:3f:cf:e7:bb:21:e3:6d:c5: + e4:09:ea:a6:5a:0a:40:28:b2:cd:96:78:db:28:0c:9c:86:97: + 3f:e9:31:91:60:89:ba:1a:03:6f:ce:eb:10:cb:17:4a:a4:98: + ae:c3:80:0a:ec:00:92:6a:2a:77:45:22:13:da:92:9e:29:65: + ec:a9:1a:8e:b4:ec:e4:b2:b8:40:6a:b6:c7:56:25:e5:80:c3: + 48:d3:99:af:49:c1:17:7e:8c:3a:48:63:7a:6f:dd:33:1d:7b: + 6b:43:8e:05:53:8c:04:14:3d:b4:04:bd:80:d6:f9:a8:c3:35: + a9:0f:5b:60:68:c6:10:93:1e:89:75:70:e4:55:f0:c1:b7:b0: + 5e:c2:41:3c:d2:e1:1a:07:86:94:18:d5:33:0f:fe:ce:13:b8: + 84:82:1f:51:aa:be:de:7a:06:a5:33:88:ef:01:cf:46:a0:11: + 85:2b:e2:8e:36:d8:f0:ed:cb:d7:03:45:9c:26:b1:2e:e6:41: + 10:bf:02:29:f6:18:d7:ed:1b:32:69:16:93:91:a3:aa:7d:e8: + 2e:24:60:04 +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIUfHGDfZpxPvv0sXkstmwRKRR0C3QwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANTSWFokuZ3EB2LtCiQJRtSXqOHm+sKNujHa6pVvynnMEAjN +jl0z6wRAlHoVlHH+UHPqoEHmv5Oqf2DC5lUaJM61+V+t95C1SRwwRa3tEtOwnd4D +MwGmwBJOlhPXn7BpZ7nP1anOnXxOXw170aRlkxIiQugCnxgLA68fPLHgrKenh7Ei +wcn+HYET3efZIWiGagYTgnPleHjgmXZ1OGhzy4szJVNy0VjwQGQ2AzIdcsOM7952 +B9+at7lMEJT7yHtputOpGiGM98WzsRtyRBCM3cN2NuXOqKApG/pHDOOJ8kSEzIgP +SAnJDh6p7qdVulpveGbYvU2c1VKVg7GAta/O9XMCAwEAAaOBujCBtzAdBgNVHQ4E +FgQURTKpN1DwoKGOAuuLNGUoEj/7ahgwHwYDVR0jBBgwFoAU5Tce4pMslLp/i24v +ddUN2ArSlhIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC +AQEAdUKEYXaZ30/JnOWimH6V/MPVMEGomYCZSqznFyRYV2VSau8VNQ4cgyJU8BAn +uj/P57sh423F5AnqploKQCiyzZZ42ygMnIaXP+kxkWCJuhoDb87rEMsXSqSYrsOA +CuwAkmoqd0UiE9qSnill7KkajrTs5LK4QGq2x1Yl5YDDSNOZr0nBF36MOkhjem/d +Mx17a0OOBVOMBBQ9tAS9gNb5qMM1qQ9bYGjGEJMeiXVw5FXwwbewXsJBPNLhGgeG +lBjVMw/+zhO4hIIfUaq+3noGpTOI7wHPRqARhSvijjbY8O3L1wNFnCaxLuZBEL8C +KfYY1+0bMmkWk5Gjqn3oLiRgBA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:71:83:7d:9a:71:3e:fb:f4:b1:79:2c:b6:6c:11:29:14:74:0b:73 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a9:f3:a8:48:50:46:fe:b1:fa:ee:af:1a:5c:c1: + f2:d0:e1:f9:d1:b4:8e:82:c7:91:d2:eb:1e:06:ba: + 27:e5:3e:d5:ae:c7:1c:3f:a6:b9:48:05:c4:90:57: + 23:ab:2a:01:cd:ca:7f:df:8c:b6:2e:6f:83:88:e9: + 8e:f3:b0:e8:97:9a:91:cd:ad:d0:ef:fb:4b:d7:61: + bd:f1:5d:00:97:70:5b:95:1e:6d:3c:a7:03:2b:ec: + 29:cc:b6:ed:b1:e2:9a:db:38:ce:73:02:19:3f:20: + 03:70:cd:88:29:f9:ad:40:f7:16:0b:b4:93:9b:ac: + 13:da:bb:39:e9:2f:2f:17:39:1a:27:47:75:cd:0a: + 81:a2:e5:a8:58:e7:08:15:a3:33:86:0e:b9:ba:90: + 23:3b:2a:2a:ed:04:d7:80:85:51:d8:dd:ba:d0:96: + 34:ef:8c:21:19:ce:cd:0a:9e:fc:ab:3d:ed:69:d1: + 4b:d2:2b:1f:77:5c:74:96:d7:25:ce:02:e0:49:ed: + 18:ee:c4:37:d1:e5:f5:a2:5c:ae:c9:fe:2b:cd:68: + a6:a5:31:9a:76:5e:a2:10:be:aa:14:ca:57:c3:31: + ac:92:bd:9b:53:df:69:8f:e2:26:85:36:20:27:f5: + 60:fb:66:6d:9b:a7:ec:f8:e4:1a:df:a2:38:ee:ef: + 3c:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 + X509v3 Authority Key Identifier: + keyid:E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 42:40:02:30:8f:45:00:28:39:8b:4e:d1:cf:70:53:b1:76:34: + 02:16:01:3e:8f:96:71:44:c4:85:be:44:16:c6:8e:77:0b:19: + cc:62:a7:56:e0:4c:94:85:6a:85:81:58:6c:24:93:9f:6e:ea: + b2:a6:3c:b3:c3:70:38:ea:2d:b5:f5:52:16:00:90:7c:2e:b4: + 59:67:57:46:8a:48:7d:93:15:d7:4e:2d:c6:15:4d:36:e1:b0: + 5b:7b:3d:19:fc:8c:b0:2e:b3:30:45:c3:70:99:5e:6b:b0:b3: + 1d:28:ca:61:97:f1:82:43:a4:73:e2:95:27:48:8d:49:4c:ad: + 18:a0:76:3e:9d:3a:26:25:bb:7a:af:c5:2a:5e:96:5e:aa:cc: + 08:38:c2:e5:3a:64:5a:7e:0e:4c:f7:80:fd:26:98:31:97:0d: + 9a:7a:fa:68:b9:79:aa:e6:b2:fd:2f:90:b8:db:b9:b6:f7:c8: + 77:b4:13:1a:ae:b8:0f:68:4a:d3:10:d7:5b:cb:7f:a3:c6:68: + 2d:05:40:a0:84:e0:69:7e:1c:55:8f:6a:47:dd:2b:67:e4:6b: + bc:a6:af:04:d9:d6:e3:e6:10:af:aa:98:20:3f:51:b8:31:04: + 70:99:dd:95:5a:7d:9b:cb:71:a6:05:cd:f2:7c:57:19:43:00: + 9a:c5:2c:97 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUfHGDfZpxPvv0sXkstmwRKRR0C3MwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCp86hIUEb+sfrurxpcwfLQ4fnRtI6Cx5HS6x4GuiflPtWuxxw/prlIBcSQ +VyOrKgHNyn/fjLYub4OI6Y7zsOiXmpHNrdDv+0vXYb3xXQCXcFuVHm08pwMr7CnM +tu2x4prbOM5zAhk/IANwzYgp+a1A9xYLtJObrBPauznpLy8XORonR3XNCoGi5ahY +5wgVozOGDrm6kCM7KirtBNeAhVHY3brQljTvjCEZzs0KnvyrPe1p0UvSKx93XHSW +1yXOAuBJ7RjuxDfR5fWiXK7J/ivNaKalMZp2XqIQvqoUylfDMaySvZtT32mP4iaF +NiAn9WD7Zm2bp+z45Brfojju7zzRAgMBAAGjgcswgcgwHQYDVR0OBBYEFOU3HuKT +LJS6f4tuL3XVDdgK0pYSMB8GA1UdIwQYMBaAFOU3HuKTLJS6f4tuL3XVDdgK0pYS +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAQkACMI9FACg5i07Rz3BTsXY0AhYBPo+WcUTEhb5EFsaOdwsZ +zGKnVuBMlIVqhYFYbCSTn27qsqY8s8NwOOottfVSFgCQfC60WWdXRopIfZMV104t +xhVNNuGwW3s9GfyMsC6zMEXDcJlea7CzHSjKYZfxgkOkc+KVJ0iNSUytGKB2Pp06 +JiW7eq/FKl6WXqrMCDjC5TpkWn4OTPeA/SaYMZcNmnr6aLl5quay/S+QuNu5tvfI +d7QTGq64D2hK0xDXW8t/o8ZoLQVAoITgaX4cVY9qR90rZ+RrvKavBNnW4+YQr6qY +ID9RuDEEcJndlVp9m8txpgXN8nxXGUMAmsUslw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/generate-chains.py new file mode 100755 index 0000000000..cf09dc15f9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate lacks a basic constraints +extension (yet is used to issue another certificate).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate that lacks basic constraints. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().remove_property('basicConstraints') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Intermediate.key new file mode 100644 index 0000000000..2455b35df6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1NJYWiS5ncQHYu0KJAlG1Jeo4eb6wo26MdrqlW/KecwQCM2O +XTPrBECUehWUcf5Qc+qgQea/k6p/YMLmVRokzrX5X633kLVJHDBFre0S07Cd3gMz +AabAEk6WE9efsGlnuc/Vqc6dfE5fDXvRpGWTEiJC6AKfGAsDrx88seCsp6eHsSLB +yf4dgRPd59khaIZqBhOCc+V4eOCZdnU4aHPLizMlU3LRWPBAZDYDMh1yw4zv3nYH +35q3uUwQlPvIe2m606kaIYz3xbOxG3JEEIzdw3Y25c6ooCkb+kcM44nyRITMiA9I +CckOHqnup1W6Wm94Zti9TZzVUpWDsYC1r871cwIDAQABAoIBAQCjdJbVTUWezXOa +4FIckV9sYrscHgpUqQPrzKbFdaH+X+OkzzPbk8eacXtYNQDZeKkUDo1dcDuNz7Kb +f7XmgPjqJsvMV9I/u2zWkKDDz8TY/9qQLMbdKtR0exU7Ui3dEWfQR7dj/0PnuE27 +DnFaoYUOtW/LwE+u6K7Aru4v9E7HSDbJvfBZ/3XR3/P8Qe5LOPRalD8BdCCRMWib +pHOzzu+ldcLPd+aPqQzIGw9q9/Nd2YdkyfaCKlr4B9ZS0n/K/b6H0wtk0+Qgu3kW +AhV5A9rJqms8uzvdk5jOKRsvEsZXZIpH9yltV9YzBXk6Ap2Xl/N9KBGHprMW4Gx4 +XlX+23QBAoGBAPOF2OB8vrAe80pTH7oJt6vyeA4L8zlypBNYvU++A+u0ZTGA74oL +pnMF4oBr6uszAbfxR6Mcz4L/4tVECcTb9gtiqh66PbUDbkxXaimYLxD3Ry1YwHNi +DQu4ZKmn5jMWkDEca8zkRPHNfzDJ+0d94wO9eCy7SQ/POaarObcfnzNzAoGBAN+5 +zsj0rBlh6jA2Cj3jhgVg57hi0vZqhAXX/sJU8xV1PTiNZYVH/aDKH4j9MySrerqJ +V7xN5P2sGNtnCND5h/M39vH2+GNplGTqdxIbwVE45PIwyhLrLmgP3qsGY+Vfu2b8 +snO2pD2gIKpJVqV8WcjDDZ63i3vsBPvd2vpI9LYBAoGAfdusRgFS0FV+qegiGpVR +HwX2tFPKxeMRF4qidOcgwZ3/OsGHi5IP2Zyt/m9H/3ziI34I5y1JtkunoU9DuUFx +fVrlz3Gz2KzIQZ5gGNU1ZhBW8gHPnRKM6YTIScKjv72mkis9L6y+UTZCySVqv/04 +6cLvrDazQP95rUELWDB4qC8CgYBoWdpBkR3UmP8KjaopQ753M8PhFPchSH1b3GtP +aSAYmh58CjeX+wQpwx0CYFdCe1k7OGRbyFlOmL7fVyedkUYAA9KC+ZbRh6VXjKUN +JTT+FXN0I52dRWTX1M8fJlPh4M0gNC1oG4Bv3gheZOatOVsHcTMhHKtKmcOZVtmU +dALwAQKBgQDZb+JbBsTe675CQCU4Hkgb1gNTTLMsi4Jvw4EusW8W6rK+cV0PsRtM +f45knS61UmzAsFqybyBiwXKydATuqzcge5SUDCK9OOkHeFrZnRfHoIAGahovnyCM +96EyEQBJmcDsiaS3WlYJ9EMvH/MJwJve7BAIwnuBDOwsqvufZlCJxQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Root.key new file mode 100644 index 0000000000..4ef859edb9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqfOoSFBG/rH67q8aXMHy0OH50bSOgseR0useBron5T7Vrscc +P6a5SAXEkFcjqyoBzcp/34y2Lm+DiOmO87Dol5qRza3Q7/tL12G98V0Al3BblR5t +PKcDK+wpzLbtseKa2zjOcwIZPyADcM2IKfmtQPcWC7STm6wT2rs56S8vFzkaJ0d1 +zQqBouWoWOcIFaMzhg65upAjOyoq7QTXgIVR2N260JY074whGc7NCp78qz3tadFL +0isfd1x0ltclzgLgSe0Y7sQ30eX1olyuyf4rzWimpTGadl6iEL6qFMpXwzGskr2b +U99pj+ImhTYgJ/Vg+2Ztm6fs+OQa36I47u880QIDAQABAoIBAHZK0mcC+WduGmro +FkFZ/djGcUw1kLwWjLlyTYQBLqOyCKmOjWsAcRZgbWDKRlls87R5rme7WVMY60Tw +zD9yc3KSc8nlofhnwXI45iyJv0+pNRWmCAKffOWli7Kh4PBf+cl80LXcUBZQAhUR ++iS9VIpTcVTUa6l/LJKinrxfyzcttS3PuIAW06ZQEmkTEvYzd4Vgz39peVFtNlaQ +8S/9gACek/wRhcIDB0RIQBbv5YruemnGNaopzZkS6bH3IX2Eky1wbupTc+2aWbzq +5YtV/4nVh7239tFySKj6E0v+ZKCgu8d/pc8vhQdJW6UZ9IenErURDlVIK8oLaXeD +u2SCZQECgYEA17zKySbEGg98+PJelYApsw7/zE+J7qFiEl3E1A61L/dCzuw/dFuV +jGbQK12uOjhCSM2tOTx6+IcTtU9UPTPF3lCOw746Rq18mbfAZ9o5URPnKnqafMVV +A+SE/J+DCvzDhmQDswncvuJAQlixHWt8pISDcT2l1P4jZhPoGVWv510CgYEAyath +QIosbvR0Ty5KsTUXMPLWD6DCitSmM0v0Rj7RY7XLS0g/ZVQSL18hclvyfEKP3IEz +Ejk0SK9FaMgAJoia1mnE5ZszHzM8sNHkMAEfwPR4rSzWNwzYQ8caXFdHNOVJ+5MM ++yb2EnDZ/tng55wUvQZa1yhGgo0qMYB/BfYbGAUCgYEAka/jfX1ZVoP5ECCUcP8Q +qePKKE3aRrTjBqYeAlpATzj5+8ScgVZLonnXwEFOI/DUClgiz5EhNe36CCmfKIlq +6Nub3WH79ri3eRMWsssyg6ceJ5iN9Q5JgAx1JigOFYBmBb5KpUBWuu0NGgDM8qIg +lPUL0pAgCbrpasisp1cvJ90CgYEAvptiodN2x6/4tlX0dqTNNJBwTfkNppXyOA2T +5Ui+M1XBvXedo7HgNjHdtO6+sz9eJXVfxduXVRODsNNHgSQf5IO3e6RCnzyYIi9f +Uxfc4UyvOk5kcUeMqBLpEVnUjWQhlsuXu1FJxogvIjbf4UieOUJmXXFNo1q1BHCE +nifL19kCgYBFbdWBDpgjfhR+2Ca50IGfi41jvvrClftF66lbCaFPpKBMooyVP0Cc +0grTw74/cYC9SZP9xoZVtv4TnxWvkzs9EzeTKMxraE/q2lYCdp9LkLZJxi67whIn +vLDW8oKfEv61K7M2if81GqBckOGwISPBBfZahBb/05RNEab5XtWp0Q== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Target.key new file mode 100644 index 0000000000..ff24922bc7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzZfFskkgi5c8XbUBW42sryoqtc8autgcLWgSHx8QjFBN1nVy +y2LVX/9rRUSmdhUxbn0OIS5TZVfPfySrLQXbfpTne9zsAm1YO07bwJUCv8StTCYg +SRGl0bcB6ScVhe8Zmn25Mmr4DkWL7vQxrebvv77XrEQuEVkVW4KBN4hGWJiWW7Qz +xcMUEXpT/Ol6xd1h7QGkg/45Zo00jYcJlHj0/gwO6Mrx0HrW0FUdSyExbFQ5/x04 +xFjAEAJ4q3M20ysJpGLp4zJBAurWmQoOATzfaD5Yy37CYYTJJzeDC1zoYF5TZOZQ +zyoizb5XknJsa0d37ruWSLBLG+s3uA8rxpeYswIDAQABAoIBAQC66jR73c4v+wSP +8WNVmF2aN0zzVGJp4tbjVU28a6LA3rWVt9vxG18A0xf0tvBcRPJXEG0LL7H0Xjww +zOavnTasQ7adPwJ3RnBEI3LZCOCh9q7Tn4oUxG2sV6TuE3GW/gWaFpmMRAJX/1S0 +n+CWyXHJMzmjzazQatxnASR3l3bVTen+c4rZ2Z8OczqNxevvBX+aKg63aH/n5aRf +WKRvnvLoG69Ha/guMV+ZMR6n5y1LjP0WzSlgt2HZh4OkDYryygBg+i5Gs59SL3im +XUXs1tzLKjVvxtC0F0EeC4uYmSXKxOHR5FPYGDHwc9QgKfmrdh4Csc4Kv6sUFjYY +x1hfTMFpAoGBAPrHBSTkTgWoAaC17VeKKA1eL+RjcXOK92ex/598nbV2JIvfi2nB +cwEeME9JVUlkxCL9suU4YF+BFzhj61Kd3kzTdZlXQq0o9lNJ9dBMREx9uslowj5s +xixIKlPVlZsVWqO/4WwJI6kUGXN14Ylx3HaPi141kF/NS4ZiBugD8AElAoGBANHf +25ygMONTfCRNPi9ja1U0LU0pt77SmC8DAnsVtxGzFyrS23v3s873D7AclyK0P2cS +fRjca2Ann+OnBk/9TabpmpaUnYJs7WYJkN1oin1mIRkpmZ8M4w8wDi2vJviVQoHl +ajLEPxG3YpfZJyvYh2uqGEV11rG2levvuuV+/yb3AoGAPo85hEuD/zs7NLlNvSHU +/gi6D9KS8c0ADRlFeKbgvOz9Dvu0TqyYoPXD/XOA2C9QEp6Ra0dWG10bytB6WwDQ +/P9ffeJb2tC2Km7v6IeuHhrbZvVAR8xg35kdHg7RJH/+PY1Xkdjx0XMXKkuE+QGz +iswia10XaB7RsXNw355j2BUCgYBwlTllp7kR+TLa9mSpXxewuTCj+AENaEMi1OZ7 +yIZQBFYlLr92nMXj/Dx6KJwajb6FODHLKFKhXiAzKuID/smtBBtdM5Pa5zviRLdl +TjMcWbDfoqU54NvcxdaVQyQQrWDj9YEmgoeipVFKS77rklfytWgXusLUyjFaQ1tq +yNluuQKBgHn+EGLg5FuCjM+VCLGuk5f8BxOXl0i24XjKvtRRYoyUzOE0Qq7N7Zts +ssAiLy95lDzFkmVECHtIJjYaw/2vZUa+zkbqQS9omjWLDQ6EiEupYVjPdqTv0uQk +S4u1hamDNCHvCtCyaynENvihaGwtxTAhNXjR+15bdVLJCeSQzbDM +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/main.test new file mode 100644 index 0000000000..02b1b03c26 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Does not have Basic Constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/chain.pem new file mode 100644 index 0000000000..90a78aecff --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/chain.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate lacks a keyUsage extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 53:ac:3f:b9:36:25:f6:73:c5:c7:47:1c:6a:5c:69:4c:10:a5:76:ee + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:f3:c9:3b:b8:fb:d0:c6:d9:9d:7e:a6:0c:37: + fb:1e:e7:a9:ec:90:b1:a2:06:2a:b0:f1:d3:81:53: + 8c:86:ea:c3:80:04:18:04:26:b0:70:4f:6b:7c:6b: + 5f:31:b8:8d:e7:8a:93:a1:9d:69:20:a9:5e:0a:13: + a1:a1:c7:7b:e9:e4:bf:d1:67:50:e4:7a:e4:db:00: + a6:cb:f6:2c:a8:47:9d:7b:9a:6e:69:86:06:a2:0d: + ad:68:86:67:ff:da:0e:a1:ae:30:57:28:27:15:f3: + 8b:b6:e2:3e:c8:30:26:6e:f4:05:ec:eb:b5:bc:cb: + 37:bc:5d:db:c2:6a:f8:4f:e5:7f:b8:f2:62:aa:59: + 3b:40:ce:40:67:7d:83:bb:66:20:a5:73:82:7e:40: + ce:87:ae:3d:36:dc:06:26:09:c9:3e:6b:13:ed:c8: + 44:ee:cf:f3:db:38:a1:ee:cd:02:94:18:7f:c6:d7: + 78:65:8d:34:bb:a3:d4:c5:27:e1:b9:b5:67:ad:fb: + 3c:ce:9a:3d:f6:c7:54:2e:7b:fa:f8:89:e9:56:2b: + e9:78:2e:02:14:2b:1a:18:e4:ce:f7:80:67:f7:0f: + 88:bc:78:70:8f:1c:d5:3f:22:3b:38:22:51:d8:fd: + 6d:93:de:05:0c:1c:a8:b7:b1:d3:a9:83:6b:8b:10: + ad:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C5:A1:CF:17:29:4F:62:DA:B7:74:71:6F:6A:89:D9:DE:45:66:A7:E4 + X509v3 Authority Key Identifier: + keyid:4C:E2:EE:E5:DC:2B:D0:74:49:43:BA:6D:6B:91:6F:A3:C0:53:89:92 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 12:ce:55:2d:ae:64:c8:29:65:70:19:2f:02:a9:b1:b9:7a:b3: + c5:cc:fe:b5:e0:50:58:a9:ec:d5:04:ef:b6:99:cc:57:e5:c5: + 6e:af:4d:9d:12:3d:ca:66:eb:bf:db:0a:e3:56:a8:0e:ea:8e: + db:28:64:39:db:4f:06:f6:c6:45:de:92:fb:39:7d:98:1d:16: + ba:3e:c9:f4:6c:3d:1f:c5:53:6e:01:65:65:ee:fd:55:f8:30: + 8e:f8:3b:42:d5:94:4c:63:74:9e:01:0e:c6:a6:ea:b6:20:07: + 81:6c:f4:52:0c:9c:8e:d8:7e:da:41:89:80:59:cc:09:06:30: + a7:bb:16:4f:4f:c4:11:fc:31:58:5a:2b:84:37:36:b8:be:02: + 4b:db:93:5e:00:12:27:84:ef:1f:83:8f:26:63:7a:3b:f6:b2: + 2f:9c:17:e1:85:39:44:22:d0:e6:b5:ff:88:f3:1b:ea:64:31: + a5:bc:79:66:cd:49:2b:b1:c3:aa:a2:f0:02:1f:68:23:3d:78: + a3:e8:c7:3d:bb:0f:6a:1e:d3:a3:3a:56:51:61:ad:16:77:7e: + 5a:dc:28:7a:06:e5:79:72:31:3e:ad:56:16:5d:41:e5:0f:d8: + 0e:f1:79:01:d9:7e:a1:8e:0a:88:00:41:d4:0a:74:5e:17:a6: + 43:6f:14:82 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUU6w/uTYl9nPFx0ccalxpTBCldu4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx/PJO7j70MbZnX6mDDf7Huep7JCxogYqsPHTgVOMhurD +gAQYBCawcE9rfGtfMbiN54qToZ1pIKleChOhocd76eS/0WdQ5Hrk2wCmy/YsqEed +e5puaYYGog2taIZn/9oOoa4wVygnFfOLtuI+yDAmbvQF7Ou1vMs3vF3bwmr4T+V/ +uPJiqlk7QM5AZ32Du2YgpXOCfkDOh649NtwGJgnJPmsT7chE7s/z2zih7s0ClBh/ +xtd4ZY00u6PUxSfhubVnrfs8zpo99sdULnv6+InpVivpeC4CFCsaGOTO94Bn9w+I +vHhwjxzVPyI7OCJR2P1tk94FDByot7HTqYNrixCtYQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBTFoc8XKU9i2rd0cW9qidneRWan5DAfBgNVHSMEGDAWgBRM4u7l3CvQdElD +um1rkW+jwFOJkjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBABLOVS2uZMgpZXAZLwKpsbl6s8XM/rXgUFip7NUE77aZzFflxW6vTZ0SPcpm +67/bCuNWqA7qjtsoZDnbTwb2xkXekvs5fZgdFro+yfRsPR/FU24BZWXu/VX4MI74 +O0LVlExjdJ4BDsam6rYgB4Fs9FIMnI7YftpBiYBZzAkGMKe7Fk9PxBH8MVhaK4Q3 +Nri+Akvbk14AEieE7x+DjyZjejv2si+cF+GFOUQi0Oa1/4jzG+pkMaW8eWbNSSux +w6qi8AIfaCM9eKPoxz27D2oe06M6VlFhrRZ3flrcKHoG5XlyMT6tVhZdQeUP2A7x +eQHZfqGOCogAQdQKdF4XpkNvFII= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:25:c9:a3:e4:54:8c:35:15:0b:cc:cf:a5:a6:2b:fd:97:e9:d0:de + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c9:5c:c0:66:3d:c7:72:ee:18:23:d7:56:80:3c: + b2:c2:57:81:a3:74:9c:05:07:e7:1a:70:ba:0c:08: + fc:14:db:52:16:03:2b:90:bb:01:1a:61:65:52:19: + 8a:9b:08:2e:ed:00:29:31:a3:8a:7b:30:32:89:cb: + 3d:4e:1e:a2:4c:f6:21:ff:5e:02:9c:7f:7a:e0:0d: + 1c:cb:d7:e9:ee:9e:64:3f:b3:ca:17:79:c1:36:9d: + 51:87:06:2d:c1:f4:28:f2:8b:49:a9:d2:12:89:b4: + 60:60:65:00:6f:09:83:f8:95:94:ca:8c:70:2d:1d: + e0:7b:42:fc:53:4b:40:8c:d3:67:a1:2c:0a:c7:53: + 8a:af:31:91:5b:12:cd:4b:d0:19:11:22:cc:82:94: + 10:89:f0:b2:ae:f0:11:6e:91:bb:a5:77:89:c9:fd: + 37:ea:b0:09:9a:7a:bf:7b:e9:d5:f5:56:13:af:b3: + d9:3f:c4:90:5a:b1:ed:ee:de:6f:86:16:61:f6:2d: + 15:c9:6e:94:f2:72:58:e7:5e:ab:f1:2a:42:b1:6c: + c7:cd:fd:b1:2d:48:e0:b3:c4:09:e6:bd:e1:f9:3b: + 1b:a5:5c:dc:0d:b9:40:2d:55:af:70:b2:01:cf:83: + 35:85:4f:b4:a9:fc:33:f3:3c:f7:30:0c:c0:c5:22: + 05:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4C:E2:EE:E5:DC:2B:D0:74:49:43:BA:6D:6B:91:6F:A3:C0:53:89:92 + X509v3 Authority Key Identifier: + keyid:CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 89:32:fa:0c:fa:ed:77:b4:36:bf:6a:e0:f8:e7:27:9c:45:e6: + ce:7c:00:cb:85:92:e4:a6:8e:da:42:35:49:2f:25:f8:0b:1c: + 66:fa:1a:36:30:87:e8:1e:e1:eb:c1:72:27:0e:06:22:e6:9b: + 40:ed:12:72:b5:c6:1f:1c:87:40:58:8c:ee:d6:3b:f1:4c:9e: + 88:8e:88:45:5b:a8:e1:de:c9:5d:16:d2:56:9c:49:27:4e:07: + a0:3a:f8:e9:ad:6f:78:8d:c2:ce:03:9f:49:50:be:1b:b6:a5: + f9:88:49:73:b2:f5:82:c0:e4:f2:8a:72:92:83:08:43:92:b1: + 1a:30:79:5f:4a:c6:45:7a:06:74:cf:e1:f4:3b:fe:ec:f9:6b: + e6:08:5f:58:e3:3b:86:c0:2f:14:66:2c:96:43:24:55:51:f7: + 2f:86:41:c5:62:1c:79:9d:a0:62:c4:4d:ea:c8:62:4c:2f:9c: + 57:30:d0:a4:52:09:06:13:64:a2:7f:db:de:e2:3d:f1:bd:3c: + 1c:79:aa:27:4b:86:26:09:d9:cf:c7:18:ff:3b:de:8f:45:a8: + 9e:cb:74:d2:71:3c:13:fd:fc:51:f7:de:95:38:5a:93:81:08: + 21:8b:25:2e:f2:69:ac:c2:9f:f6:dd:ea:02:57:6a:b0:f2:e3: + 83:b2:b5:43 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDSXJo+RUjDUVC8zPpaYr/Zfp0N4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMlcwGY9x3LuGCPXVoA8ssJXgaN0nAUH5xpwugwI/BTbUhYD +K5C7ARphZVIZipsILu0AKTGjinswMonLPU4eokz2If9eApx/euANHMvX6e6eZD+z +yhd5wTadUYcGLcH0KPKLSanSEom0YGBlAG8Jg/iVlMqMcC0d4HtC/FNLQIzTZ6Es +CsdTiq8xkVsSzUvQGREizIKUEInwsq7wEW6Ru6V3icn9N+qwCZp6v3vp1fVWE6+z +2T/EkFqx7e7eb4YWYfYtFclulPJyWOdeq/EqQrFsx839sS1I4LPECea94fk7G6Vc +3A25QC1Vr3CyAc+DNYVPtKn8M/M89zAMwMUiBYUCAwEAAaOByzCByDAdBgNVHQ4E +FgQUTOLu5dwr0HRJQ7pta5Fvo8BTiZIwHwYDVR0jBBgwFoAUzJRBz6n3x1h8N+PF +NymbErPf1TswNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIFoDAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCJMvoM+u13tDa/auD45yecRebOfADLhZLkpo7a +QjVJLyX4Cxxm+ho2MIfoHuHrwXInDgYi5ptA7RJytcYfHIdAWIzu1jvxTJ6IjohF +W6jh3sldFtJWnEknTgegOvjprW94jcLOA59JUL4btqX5iElzsvWCwOTyinKSgwhD +krEaMHlfSsZFegZ0z+H0O/7s+WvmCF9Y4zuGwC8UZiyWQyRVUfcvhkHFYhx5naBi +xE3qyGJML5xXMNCkUgkGE2Sif9ve4j3xvTwceaonS4YmCdnPxxj/O96PRaiey3TS +cTwT/fxR996VOFqTgQghiyUu8mmswp/23eoCV2qw8uODsrVD +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:25:c9:a3:e4:54:8c:35:15:0b:cc:cf:a5:a6:2b:fd:97:e9:d0:dd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cb:b8:41:ee:d5:da:d2:45:d6:49:60:20:14:fb: + 2c:a9:de:97:50:8e:1c:2f:82:c0:f5:ad:ae:58:ca: + 46:cb:e5:cc:19:4f:e3:4f:15:7f:41:d4:b7:34:f3: + 3d:da:86:6d:1a:d0:ab:f0:76:82:ea:a5:db:fb:c2: + e3:56:ac:4a:f0:33:57:d5:82:9e:72:db:2c:36:a3: + 1b:d9:b1:e6:27:1c:98:7e:42:37:b6:21:bd:5a:18: + 61:bc:6f:77:d7:0c:07:13:39:70:a1:46:08:9f:12: + 05:c9:ac:a4:57:78:b5:8f:bc:6d:ca:b2:b0:24:ff: + fd:9c:61:9f:28:2f:7e:bb:d2:e3:2a:81:ed:f5:b7: + 84:c9:be:fa:04:3c:29:e8:1f:ca:68:44:08:27:e3: + fc:ba:ce:74:19:59:c5:cd:9e:cb:a3:4a:e5:0f:d9: + 78:38:b4:8c:c8:5f:a6:93:48:13:83:cc:a9:d2:60: + 45:61:0d:00:22:84:88:ea:e3:dd:da:f0:05:c8:09: + 3a:b2:3e:5b:6e:3e:c6:18:47:ff:18:54:b6:c0:6e: + fc:df:75:4b:2f:23:30:a1:8e:e2:4b:8b:63:fc:80: + 83:62:eb:c9:a5:fe:ed:26:37:ad:59:ef:79:6a:2d: + 67:d6:f9:5c:88:5e:19:62:05:55:9a:26:e5:61:b3: + f6:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B + X509v3 Authority Key Identifier: + keyid:CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8a:5e:41:07:3f:f2:13:d9:65:64:7f:f6:68:72:42:6d:fa:5c: + 05:01:6b:1f:2f:2e:42:ca:f9:da:b7:95:03:fb:ea:75:d8:93: + 92:f3:60:84:40:d5:6c:cb:9b:43:a3:b5:b1:e2:2f:4d:25:3a: + 8b:84:12:54:58:0d:17:7e:33:28:7b:3c:5c:f1:6b:9f:77:39: + 98:8c:7d:31:95:7f:66:8d:9d:7d:86:35:6d:66:65:43:ce:d7: + ef:9f:4a:6c:2c:97:e7:e9:7a:7a:2d:46:62:6a:2f:e2:d8:72: + 10:60:e5:0b:76:c7:5f:8e:69:67:60:32:f2:02:32:d0:dd:01: + 90:53:49:fe:84:1f:1f:56:82:7e:1c:44:10:b9:cb:0c:46:3d: + 17:7c:6d:6c:f8:89:85:f3:64:36:9c:3d:a4:47:ac:a9:38:97: + 8c:86:b7:0c:12:76:7c:a8:63:19:c6:7d:3e:b8:dd:c3:e3:a2: + cc:e0:57:8a:79:a5:78:1b:6e:2c:e3:b7:09:b2:82:61:ff:db: + 0c:d6:1d:59:bf:d4:59:e3:ca:a4:7d:cc:22:82:45:65:6a:b1: + d2:ad:bf:d6:74:cb:bd:ad:99:4f:7e:08:7f:32:97:ab:1e:30: + 15:16:46:db:b7:6f:5a:4c:e7:ed:65:f9:f2:c6:a5:d1:ec:0c: + ea:92:dc:25 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUDSXJo+RUjDUVC8zPpaYr/Zfp0N0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDLuEHu1drSRdZJYCAU+yyp3pdQjhwvgsD1ra5YykbL5cwZT+NPFX9B1Lc0 +8z3ahm0a0KvwdoLqpdv7wuNWrErwM1fVgp5y2yw2oxvZseYnHJh+Qje2Ib1aGGG8 +b3fXDAcTOXChRgifEgXJrKRXeLWPvG3KsrAk//2cYZ8oL3670uMqge31t4TJvvoE +PCnoH8poRAgn4/y6znQZWcXNnsujSuUP2Xg4tIzIX6aTSBODzKnSYEVhDQAihIjq +493a8AXICTqyPltuPsYYR/8YVLbAbvzfdUsvIzChjuJLi2P8gINi68ml/u0mN61Z +73lqLWfW+VyIXhliBVWaJuVhs/ZlAgMBAAGjgcswgcgwHQYDVR0OBBYEFMyUQc+p +98dYfDfjxTcpmxKz39U7MB8GA1UdIwQYMBaAFMyUQc+p98dYfDfjxTcpmxKz39U7 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAil5BBz/yE9llZH/2aHJCbfpcBQFrHy8uQsr52reVA/vqddiT +kvNghEDVbMubQ6O1seIvTSU6i4QSVFgNF34zKHs8XPFrn3c5mIx9MZV/Zo2dfYY1 +bWZlQ87X759KbCyX5+l6ei1GYmov4thyEGDlC3bHX45pZ2Ay8gIy0N0BkFNJ/oQf +H1aCfhxEELnLDEY9F3xtbPiJhfNkNpw9pEesqTiXjIa3DBJ2fKhjGcZ9Prjdw+Oi +zOBXinmleBtuLOO3CbKCYf/bDNYdWb/UWePKpH3MIoJFZWqx0q2/1nTLva2ZT34I +fzKXqx4wFRZG27dvWkzn7WX58sal0ewM6pLcJQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/generate-chains.py new file mode 100755 index 0000000000..8324ed69f7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate lacks a keyUsage extension.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate that is missing keyCertSign. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('keyUsage', + 'critical,digitalSignature,keyEncipherment') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Intermediate.key new file mode 100644 index 0000000000..e7bce7e2da --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyVzAZj3Hcu4YI9dWgDyywleBo3ScBQfnGnC6DAj8FNtSFgMr +kLsBGmFlUhmKmwgu7QApMaOKezAyics9Th6iTPYh/14CnH964A0cy9fp7p5kP7PK +F3nBNp1RhwYtwfQo8otJqdISibRgYGUAbwmD+JWUyoxwLR3ge0L8U0tAjNNnoSwK +x1OKrzGRWxLNS9AZESLMgpQQifCyrvARbpG7pXeJyf036rAJmnq/e+nV9VYTr7PZ +P8SQWrHt7t5vhhZh9i0VyW6U8nJY516r8SpCsWzHzf2xLUjgs8QJ5r3h+TsbpVzc +DblALVWvcLIBz4M1hU+0qfwz8zz3MAzAxSIFhQIDAQABAoIBABN0frJiLa8RCgwM +djMVqj/UrJXaYmiqBs4rLg6Tn6d0OU4fKEpnhwfBeUShax7nf4EujsxY/LxCP9/I +Xzf5Bb1h2o8NyjrMplaXbbzUM6n2a8Er4c662MwqDwJ4ulsO+BXXF1rtDRV49Abc +O1p/FN0jtqiLQRta06GVK0Pw9V+lsXHzoFxaZgCHyMvG8txH5iuqxPO2FQtNdT/s +cFoZ7fE4dImIeQoUrhRCsM/8o784M0Csl6NHtWPFNkSNDEpXm9sBDxLwytnJi68P +c0X8CyL1kcXboycv6CW915gHAG4Q5a3RuhfX3/10rK9A4tWSbVBiGzmQKIljfVQn +Y5sVpoECgYEA41gSRaULN32+RYlTrb5T2JQbmEnuQXrJweLB7MMXLa2SforjoHDJ +RZcnbQs3xhtGP+VRp/Jroe2OK4W1Ydad07IX2BMHoY5YxktuwnKFtrVjj1g0WIl+ +l/Qsk29B64wTy1xplCBTgTUG4WdTCru+B0qnRZTPyN6CIaRADyvSub0CgYEA4r5N +lo9Urpt3H7Ael5QqfC4SVme/KwVZDQrb0UhA0cM9RWJ5tcal6QIpjirvr/Vk8+/o +kV4xSIZDNkqfjxWuUa18frkoIbMqAiuT9jZh36IXlXij8s4JYZYcgL26Cz6v0Grv +Zzy4ttSKjdZdv6uSm5lJXANo0OajmT1WU2D7I2kCgYA8brPkuXui05UZjOimfbpy +DuTK9ZQU6dvp4yojkrR9mu8fHjJl+rU1/3kmfl3kFmn1IDM1jrZXw/sPzKoriM5J +cMTv1hcoNduZUoHtxF2Q9OSzPQIlKt9w6yJSSrfeMk0suLMEAhfQd9UNY9bqOn/I +Fmsiju0w+xzibnPs1HxejQKBgQDE7G5KMpVjSBY/aSBImSAE1aaLcHMxE+XxU9rx +egUBqMUP+6Sk4K+7HGum01dzxHY2/cdIaTv4NtMs1caZ6ESLH1ceYASgsA/t7pcE +oNqD9SzyXeJVv+eZ31tF3IE1vu3G3vio+q2Z7CGhaenly0b66Dg0N6nStFylfAX7 +SCEU8QKBgQC96DF04JiF2BsWXk7khEQTXyOWX91YcAxLNRQhwNGO1vKDwz5nbLBd +WzwOW65ddih6TAFQ+jN9FRsLxEOL3zmTt30JPSE2e0jDghVrBrAO2Va/KW5Iu9vY +tcL4SWsrnHZOHjIpKFCKk3dw67n4gUxzWWVAqkUB8Ak/tmQcr6cmsw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Root.key new file mode 100644 index 0000000000..b37c528d6f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAy7hB7tXa0kXWSWAgFPssqd6XUI4cL4LA9a2uWMpGy+XMGU/j +TxV/QdS3NPM92oZtGtCr8HaC6qXb+8LjVqxK8DNX1YKectssNqMb2bHmJxyYfkI3 +tiG9WhhhvG931wwHEzlwoUYInxIFyaykV3i1j7xtyrKwJP/9nGGfKC9+u9LjKoHt +9beEyb76BDwp6B/KaEQIJ+P8us50GVnFzZ7Lo0rlD9l4OLSMyF+mk0gTg8yp0mBF +YQ0AIoSI6uPd2vAFyAk6sj5bbj7GGEf/GFS2wG7833VLLyMwoY7iS4tj/ICDYuvJ +pf7tJjetWe95ai1n1vlciF4ZYgVVmiblYbP2ZQIDAQABAoIBAB3SmYRXNjN2Gcqg +EdJAeudbOJeIVkP2Rj0w8cb5xadvupMyCLq5EOoYM8HCohlteGdmiOUo1D15jlyq +yREVI9tKCN+uwXda8nwFILybuG+dVg2VsAYvpkKcMyKcxtRqZFbCH+TcFcMDpmlB +psVPXHTwRrpXskWYXA4alGwTl9/y2oRXdrdhEfqTTIYQV/kFRTdCroxY26lgPbR6 +qChuYRi4X4zti1eDjxnHK3wB2aF4AMMrD33a9C+dqZH/04YMxNj5Lj1VQvkf+R4Q +UcOcyIWm3oFs5Ms/oImv4BJl1+EVw7XP+3/upNJF0htoF2Qb9UrhTFsBblaoMTdS +ch5R9gECgYEA5ygu+DYBTHDHdZCIg9tZyWCcunVFupBKC/lH85EI0ORIILuUgMjf +iQ4Q/5W5Dcn/KkwNVtwmhvv11e5k0O2R9Z8OG+AEgixEUxFiOsuo5dW9FWC3cDCD +2fgE+Naiu3QgJbkrHLlwqU5NNmTDk90Vuu0Fwugj/X3RbhZB6iQaH8ECgYEA4Z0x +2ClG3Gf7b+w75I8rIKmEdc1RQAZxpWykIrzrHKhzarEZJTJ9XrxT9I3hRSTCZEbE +2hvPNErZzsykeSh9azXlGdgpuUfgdAo4plzTn8EjduIuBsBiuDwgQJjhVvax45JH +jSxTOKpS1vwoPxhX8eUGrCLSKwuSvYdRpqJNP6UCgYEAwmhrSFmzMeTP+7I4/hxn +IRRd+/tRT5y2ied3egOKlJTJjK32MXG/fncUGMCFSHGQZrRbq6evx2r00J2UsJp9 +XUQOC6eWYxxzwiEmqihKvjHKusYCwRosag9LrzRk3J7HwrI+7gOQGvQ9v/dy/VK9 +Sd66L7gpPLKqhpm1igQe7IECgYBXs8egg8sr+q/fPjG6E31sYPlA4eNnxBmBeM4F +QvMSXNkg7F8d+paJsSPhuRWMz1FRscDsGEtfxIkOvrZg8sBuYLECbukpQSubcC29 +XfBV9bpXiGzj6v11KMpQ0h0mtRdJo5903XosWOmC8NqkTE5DlggV+iNA4GrWijfP +UuA8kQKBgQDEfNUkHeUaHz3mTfFd1shI9reCF5ubkXhF135hERs0MLNjAdyBMFjV +SYY1RMrpxekoWwbuhxBbkqrsKfGzL4TylCPAeW5dlWjep0flYS3y8HjQq4bgm0AO +r72qY/j95wfg5tj/YzA9EzG9nBEf+XCya7a1crendz7ufh7xFMjLag== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Target.key new file mode 100644 index 0000000000..24d4d1c7f3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAx/PJO7j70MbZnX6mDDf7Huep7JCxogYqsPHTgVOMhurDgAQY +BCawcE9rfGtfMbiN54qToZ1pIKleChOhocd76eS/0WdQ5Hrk2wCmy/YsqEede5pu +aYYGog2taIZn/9oOoa4wVygnFfOLtuI+yDAmbvQF7Ou1vMs3vF3bwmr4T+V/uPJi +qlk7QM5AZ32Du2YgpXOCfkDOh649NtwGJgnJPmsT7chE7s/z2zih7s0ClBh/xtd4 +ZY00u6PUxSfhubVnrfs8zpo99sdULnv6+InpVivpeC4CFCsaGOTO94Bn9w+IvHhw +jxzVPyI7OCJR2P1tk94FDByot7HTqYNrixCtYQIDAQABAoIBAQC2dHRZ9PCDkBAf +MOQgHi0eBFMANQCCUpI+KEzRpAWFT0/ZzuKDVzKFKVNxkyCoZDnI4KDaRqMZVLMl +CsjgsQEXas7GLDqaYrHWTX/medpCLCc+FKtPyybeVRC5Ynwf8UCMtEAUJ+WSmEwT +M9wKHDXV5QJLMMMDZYSUdCkF/Upcy/XpX2wBEsbBcIoWharvU1vLE2bSTwm8Utdk +TMvSCJLFCOxXgjNfiLyrGJQge4KrPgpjBxWieJ7nNDo2+4Xzzncpo45Uwjiarsa8 +l6dTyrgiqjINPyEldrhP3V1cXQ2a6y1j2BEalAxAGIz0NGsNvXBuMsOPmlCU2egt +eDr3bFUJAoGBAPevT+36qd+6K5TsAWXR3x4PlQGCRu/Zue5y75iRdmRKXIGcHtuE +fhpawkFZsuQQpdQaYR8iiZUa0qVtg1cRndcgZpcSqmqpff4PQN405mTl6gx/sMGf +ZBtGmdas9DJUOf70CVPWltoaf5NczJ2W9Fhsh56G8k/IOcu4WWgNr1zrAoGBAM6q +PocTDlT5spZ+TXnD5eBR8enUqW7832A1fgAMZuwKLD14yTBI9GqJKgl0htiulALR +R4XETTRaLeAKLbp+OV7Gia4dVMCKIuW6aqNYnmOmd8OLjh3ODLALNi+IHvAorsC+ +dBusa8Da7w4HC1vF9Xehbd5qQcM2xrdWXm8yLZvjAoGAWE+quRhhz0Jq3ZtUWEB/ +RBGcOECCGGzSDYHvib97rgCRgSjwG6be63imwHRCA20oIzsQm/BNi9tXdeJZLQc7 +9wM3cPAX0RYDtT0tDM1hxGHxlGlG1ZKGN+9xVIiwPO2pDA1o8fqWKMe/6wPwdNPo +5Uo1BMHqzaV/bfKZ9i7C8ucCgYBmTYwqXVqI4hpvuRItJrZStv3j3KwLDw6cl55J +89m3GsoPnA0r49FqM4AlshNWjAUk5+hZ5XS6Z7Gx6Bf+66EGs41QLaDYtwjTY9aK +CcJOXgeHOzwcsPVC6CnomZ+HDvyC2USstkuY6kfQT9hlk7cRg03Z/guT0TfJZe3V +aad+NQKBgCwzBQi29pTpYZdXtOq2VHF+8n0pUCY9RZzZko/U9PKbmSDUeQFd821Y +h+59Om3nqBoU7aZf0+pubhhHjGYQ4TX9SwSPYxoxJK3ECYqbLYUkUeOQB/ddM3fK +9eaphTdIrmCgecfBZPQMkF+DiVGzhkYHE+JfgP5rw7TgsClj4pdc +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/main.test new file mode 100644 index 0000000000..8364daa729 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: keyCertSign bit is not set + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/chain.pem new file mode 100644 index 0000000000..f96ae2be68 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/chain.pem @@ -0,0 +1,266 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has a valid signature, however uses +MD5 in the signature algorithm. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:a7:83:31:c0:be:2b:86:e1:e6:72:7f:d3:1f:63:e7:80:79:6e:d5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c7:dd:eb:5a:f4:88:03:0a:d7:b6:29:95:e0:58: + 03:c6:35:36:b0:9e:e8:09:94:21:ba:07:cf:70:cc: + 52:c7:2c:fd:fe:c0:86:50:b3:0c:7b:46:cf:eb:a3: + bd:5a:29:32:58:81:09:ff:85:f8:b3:77:75:58:61: + 22:f1:59:99:1f:0d:58:dd:ff:f5:a8:51:62:0a:58: + db:20:8e:fd:5a:43:96:8f:cd:8c:98:ca:f4:ef:4c: + f6:1e:48:dc:48:46:60:8c:67:0f:9a:41:2b:6b:72: + e2:ce:11:25:3d:21:99:fa:3f:ca:34:b8:ae:f1:29: + 7a:ce:bc:1c:ce:98:50:d6:70:93:0a:a5:c4:7e:05: + 34:46:f1:ef:36:59:90:62:c2:b8:b9:71:ed:df:c0: + f8:fd:ff:08:fa:db:05:7d:99:35:2a:65:08:e0:a1: + 66:cb:7d:55:bc:72:d8:1f:7d:0c:11:e2:8b:11:51: + 2e:88:b1:d1:72:5f:c5:6b:ac:f0:1e:3f:97:b8:0e: + d4:49:9d:a0:b5:be:23:79:b1:0f:19:90:c6:00:e1: + 62:b4:d5:db:25:8c:11:01:92:9d:17:16:fd:ee:bf: + 37:6a:2a:d9:b4:4d:83:0c:24:2c:f8:28:7f:52:9d: + 6b:b3:ac:b2:2b:86:e8:fe:f8:a5:3a:cc:9d:eb:08: + f0:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4A:A4:1B:84:D7:FB:A1:F1:FB:D4:71:87:01:11:63:87:06:5D:A6:D1 + X509v3 Authority Key Identifier: + A6:86:14:22:AB:40:E8:07:5F:13:64:F3:8D:60:DE:30:B4:0B:B3:31 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a5:7a:5a:3e:ea:47:b5:47:48:1e:41:61:22:65:0b:49:84:1f: + c7:08:08:21:a5:13:1a:ff:0a:d4:83:a6:b0:87:f4:89:5b:9d: + 5a:9a:ad:2a:fe:6c:b6:0a:24:cc:16:0b:79:7b:59:77:52:16: + 45:67:cb:8b:35:dc:ea:fd:6b:0c:9e:fa:c7:2d:2d:a3:53:ef: + 2a:0d:ae:b1:bb:50:5b:b6:59:08:13:4b:2a:39:3c:b5:09:e5: + 58:ad:4b:36:8a:82:3f:65:0b:1d:80:30:b1:af:ea:07:47:39: + 99:9d:2c:ea:13:c6:a6:c3:a0:b0:8e:6e:19:5a:8d:0b:3b:b1: + 17:6d:cd:71:68:69:32:40:42:ba:47:16:c1:a1:02:dd:95:da: + 69:dd:4f:5a:8c:d1:ba:c5:e9:a3:d6:67:50:83:19:8b:08:63: + cc:11:24:5b:63:df:84:c8:16:8a:57:22:cb:51:8d:ec:6f:35: + 32:fa:84:c3:2c:77:47:fe:a6:53:61:f0:1e:55:1d:b8:3a:0d: + 19:ed:ff:2a:d8:81:f6:e8:e0:18:f2:37:68:c8:4e:ef:18:a3: + 9e:e7:f5:f8:f9:51:e9:70:47:98:35:31:07:63:7d:4f:27:cb: + 29:30:5b:78:0a:61:44:15:af:c8:bd:c7:d2:e4:18:dc:5b:40: + 2c:66:b4:78 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUcKeDMcC+K4bh5nJ/0x9j54B5btUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx93rWvSIAwrXtimV4FgDxjU2sJ7oCZQhugfPcMxSxyz9 +/sCGULMMe0bP66O9WikyWIEJ/4X4s3d1WGEi8VmZHw1Y3f/1qFFiCljbII79WkOW +j82MmMr070z2HkjcSEZgjGcPmkEra3LizhElPSGZ+j/KNLiu8Sl6zrwczphQ1nCT +CqXEfgU0RvHvNlmQYsK4uXHt38D4/f8I+tsFfZk1KmUI4KFmy31VvHLYH30MEeKL +EVEuiLHRcl/Fa6zwHj+XuA7USZ2gtb4jebEPGZDGAOFitNXbJYwRAZKdFxb97r83 +airZtE2DDCQs+Ch/Up1rs6yyK4bo/vilOsyd6wjwbwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRKpBuE1/uh8fvUcYcBEWOHBl2m0TAfBgNVHSMEGDAWgBSmhhQiq0DoB18T +ZPONYN4wtAuzMTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAKV6Wj7qR7VHSB5BYSJlC0mEH8cICCGlExr/CtSDprCH9IlbnVqarSr+bLYK +JMwWC3l7WXdSFkVny4s13Or9awye+sctLaNT7yoNrrG7UFu2WQgTSyo5PLUJ5Vit +SzaKgj9lCx2AMLGv6gdHOZmdLOoTxqbDoLCObhlajQs7sRdtzXFoaTJAQrpHFsGh +At2V2mndT1qM0brF6aPWZ1CDGYsIY8wRJFtj34TIFopXIstRjexvNTL6hMMsd0f+ +plNh8B5VHbg6DRnt/yrYgfbo4BjyN2jITu8Yo57n9fj5UelwR5g1MQdjfU8nyykw +W3gKYUQVr8i9x9LkGNxbQCxmtHg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 33:57:99:fd:87:a4:e1:51:aa:94:8f:97:f1:9d:32:d1:b0:22:c3:6d + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:61:9e:9d:4b:23:cc:8e:39:d9:ac:07:05:da: + 32:34:de:2a:dd:2f:62:ed:87:ce:7c:59:c4:9d:8e: + 28:76:d1:f2:65:60:91:3f:7b:63:a4:2f:50:c4:da: + 12:5b:71:a0:97:4f:26:cf:e7:b2:01:84:67:57:f5: + 86:36:54:68:0f:28:f0:ea:7b:ca:1e:1a:bc:7e:67: + cf:fd:14:63:ee:c1:33:92:01:70:bc:12:6b:7d:2c: + 8d:02:34:8e:85:1a:e4:f5:99:b6:c8:d5:18:d9:04: + a6:f5:40:fc:96:50:e2:3f:87:a0:d6:72:be:a3:a3: + 45:89:07:74:d0:2e:9c:0d:88:12:02:a3:ef:17:ad: + 2c:2d:71:66:11:89:3f:cf:57:77:28:77:70:bb:0f: + 39:b0:b1:34:9d:e9:f7:a2:56:af:57:7e:ed:44:f8: + be:78:3d:28:c5:0d:37:15:2c:f6:99:4e:05:70:ae: + c5:99:45:a7:3f:bd:83:79:6a:a3:67:ff:71:2d:60: + e2:08:91:23:45:40:b1:40:52:e1:3b:1d:5d:d1:e9: + c2:b0:b1:c4:fb:7c:af:9c:c1:95:f1:a5:23:16:19: + 75:9f:ef:be:b8:79:a7:f4:c5:b2:47:ae:6d:1c:15: + 9c:26:0f:b2:0f:ec:92:8d:5a:79:c9:9e:16:e0:70: + bc:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A6:86:14:22:AB:40:E8:07:5F:13:64:F3:8D:60:DE:30:B4:0B:B3:31 + X509v3 Authority Key Identifier: + C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + Signature Value: + 10:e8:02:e9:1f:ed:c1:c6:ad:7b:2e:8f:07:ea:1a:0e:ca:5a: + e3:6e:bf:d6:ff:be:2a:f1:8e:01:88:32:ae:d2:b7:a0:98:f6: + ee:5e:24:ea:a6:5c:4b:dc:15:58:a0:1a:1a:e6:cd:b4:75:65: + fd:fc:6a:b7:f5:06:fa:df:36:c4:8e:e1:6a:73:93:62:f3:73: + 29:35:53:30:b0:15:76:9a:7e:6b:a7:ae:ae:eb:d1:56:54:34: + ec:77:1b:7f:05:7e:e4:b1:21:2d:65:1d:83:e3:43:ae:ad:d3: + bd:f5:19:60:a5:de:67:9b:eb:84:58:e2:8f:50:a8:2f:32:b1: + 73:fc:1d:41:47:0f:0d:c2:1d:7e:b5:5c:eb:0e:6c:9e:e5:6e: + c4:ec:a0:1c:f5:af:ca:6f:d4:28:53:8b:a8:09:83:6b:ef:13: + 3c:87:38:f2:63:0b:9c:20:cd:31:22:e6:08:0f:be:1c:04:e8: + 72:7d:a3:f2:cb:2d:2d:ef:fb:c4:8e:f1:3f:f9:77:2a:d6:66: + 54:11:f1:d7:7a:5a:04:5b:f0:f4:dc:13:b0:14:6c:e2:b3:95: + a0:1f:c3:9a:21:6c:4f:5f:bb:37:3c:f8:8b:d0:19:25:53:c9: + 79:d6:a1:53:9a:03:e2:ba:f3:72:f9:45:c4:2c:19:e4:73:ca: + 7d:b6:4e:2a +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUM1eZ/Yek4VGqlI+X8Z0y0bAiw20wDQYJKoZIhvcNAQEF +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOthnp1LI8yOOdmsBwXaMjTeKt0vYu2HznxZxJ2OKHbR8mVg +kT97Y6QvUMTaEltxoJdPJs/nsgGEZ1f1hjZUaA8o8Op7yh4avH5nz/0UY+7BM5IB +cLwSa30sjQI0joUa5PWZtsjVGNkEpvVA/JZQ4j+HoNZyvqOjRYkHdNAunA2IEgKj +7xetLC1xZhGJP89Xdyh3cLsPObCxNJ3p96JWr1d+7UT4vng9KMUNNxUs9plOBXCu +xZlFpz+9g3lqo2f/cS1g4giRI0VAsUBS4TsdXdHpwrCxxPt8r5zBlfGlIxYZdZ/v +vrh5p/TFskeubRwVnCYPsg/sko1aecmeFuBwvO8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUpoYUIqtA6AdfE2TzjWDeMLQLszEwHwYDVR0jBBgwFoAUxAEW5aAWECliZ3vR +IkJsbxUrr5YwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4IBAQAQ6ALpH+3Bxq17Lo8H6hoOylrjbr/W/74q8Y4B +iDKu0regmPbuXiTqplxL3BVYoBoa5s20dWX9/Gq39Qb63zbEjuFqc5Ni83MpNVMw +sBV2mn5rp66u69FWVDTsdxt/BX7ksSEtZR2D40OurdO99Rlgpd5nm+uEWOKPUKgv +MrFz/B1BRw8Nwh1+tVzrDmye5W7E7KAc9a/Kb9QoU4uoCYNr7xM8hzjyYwucIM0x +IuYID74cBOhyfaPyyy0t7/vEjvE/+Xcq1mZUEfHXeloEW/D03BOwFGzis5WgH8Oa +IWxPX7s3PPiL0BklU8l51qFTmgPiuvNy+UXELBnkc8p9tk4q +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 33:57:99:fd:87:a4:e1:51:aa:94:8f:97:f1:9d:32:d1:b0:22:c3:6c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cc:b2:cd:77:8f:be:c9:a5:17:ad:e5:ac:2d:b2: + c0:1f:33:5e:ed:d9:96:57:14:9b:a4:37:d8:a0:3d: + e4:2c:56:95:4d:75:68:4f:77:06:24:e0:0f:e9:b6: + de:6f:dd:a7:f6:93:dc:f3:48:10:fa:fb:90:b5:43: + 42:0b:9d:d7:e9:0c:2c:69:7b:3a:4f:73:31:00:0c: + ba:15:cc:dd:77:a6:a9:f9:21:b8:97:aa:b7:a4:99: + 6c:08:a0:8e:9f:b8:29:47:df:db:b9:b0:39:e5:4f: + be:47:2f:93:76:5b:6b:02:fe:ec:66:31:c2:de:8e: + 0a:67:89:a4:70:cb:32:40:db:63:00:57:40:b4:8e: + b8:24:e4:de:33:62:24:7a:e5:b2:18:41:54:f7:98: + d9:f5:c8:23:1e:88:5a:a6:1c:7e:92:0f:92:56:49: + 0e:5a:dc:49:4b:d1:f8:1b:73:b0:31:6f:37:7e:cf: + 91:f4:40:e6:8b:36:11:fb:0f:79:ea:d2:80:f5:8e: + c1:24:d2:fe:2f:c1:58:6d:32:2e:04:64:b2:20:d2: + cd:a1:79:8b:08:25:8f:1e:89:fe:43:3f:bf:de:49: + f2:fa:bb:d7:52:6e:19:8f:4c:b6:6e:4f:59:48:63: + e2:c9:55:0f:58:89:93:85:e0:58:ee:80:16:5f:c4: + 77:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 + X509v3 Authority Key Identifier: + C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 68:2f:fb:af:72:54:4d:44:20:01:20:d2:62:e6:b2:f7:d2:e3: + 6c:b9:6a:04:e2:1e:55:0f:23:aa:4e:e3:06:5e:38:d5:50:49: + da:09:64:d5:98:83:53:15:3f:58:94:93:1f:db:38:d3:8c:5b: + 56:7b:1b:6f:1d:e9:0c:df:54:7e:18:46:a5:8e:f0:8f:af:62: + 5a:5d:0a:5d:ea:2c:be:59:a1:ee:5b:36:26:74:29:c5:5a:48: + e4:04:cc:9c:0b:33:55:55:fa:b2:9b:16:f5:81:70:ec:f9:73: + 81:0e:b0:d4:68:26:d4:78:3f:e0:cb:e4:d3:3f:65:f8:ff:f1: + 5a:1d:42:c9:fa:be:8f:95:d2:5b:d2:a8:76:de:48:b5:7c:d1: + ba:e6:45:4f:ce:b2:ed:7e:bf:20:12:94:3c:43:cc:40:49:a1: + d8:04:f6:09:a4:3e:d1:40:cd:eb:04:70:ce:9c:1b:09:8c:4d: + 43:f6:9e:09:01:3f:cb:88:83:69:28:ea:9e:ae:3e:a9:c8:db: + b4:7c:18:88:ac:03:c6:bd:a7:9e:dc:d3:96:c0:27:26:b0:02: + 1a:68:7d:67:6e:72:35:8e:ff:b2:f7:53:de:96:54:6c:78:91: + 03:9a:9b:33:c2:79:94:b4:68:b7:ad:49:22:bb:e0:b2:80:ac: + 9d:18:05:f8 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUM1eZ/Yek4VGqlI+X8Z0y0bAiw2wwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMss13j77JpRet5awtssAfM17t2ZZXFJukN9igPeQsVpVNdWhPdwYk4A/p +tt5v3af2k9zzSBD6+5C1Q0ILndfpDCxpezpPczEADLoVzN13pqn5IbiXqrekmWwI +oI6fuClH39u5sDnlT75HL5N2W2sC/uxmMcLejgpniaRwyzJA22MAV0C0jrgk5N4z +YiR65bIYQVT3mNn1yCMeiFqmHH6SD5JWSQ5a3ElL0fgbc7Axbzd+z5H0QOaLNhH7 +D3nq0oD1jsEk0v4vwVhtMi4EZLIg0s2heYsIJY8eif5DP7/eSfL6u9dSbhmPTLZu +T1lIY+LJVQ9YiZOF4FjugBZfxHe5AgMBAAGjgcswgcgwHQYDVR0OBBYEFMQBFuWg +FhApYmd70SJCbG8VK6+WMB8GA1UdIwQYMBaAFMQBFuWgFhApYmd70SJCbG8VK6+W +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAaC/7r3JUTUQgASDSYuay99LjbLlqBOIeVQ8jqk7jBl441VBJ +2glk1ZiDUxU/WJSTH9s404xbVnsbbx3pDN9UfhhGpY7wj69iWl0KXeosvlmh7ls2 +JnQpxVpI5ATMnAszVVX6spsW9YFw7PlzgQ6w1Ggm1Hg/4Mvk0z9l+P/xWh1Cyfq+ +j5XSW9Kodt5ItXzRuuZFT86y7X6/IBKUPEPMQEmh2AT2CaQ+0UDN6wRwzpwbCYxN +Q/aeCQE/y4iDaSjqnq4+qcjbtHwYiKwDxr2nntzTlsAnJrACGmh9Z25yNY7/svdT +3pZUbHiRA5qbM8J5lLRot61JIrvgsoCsnRgF+A== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/generate-chains.py new file mode 100755 index 0000000000..9d0acc99a7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/generate-chains.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the intermediate has a valid signature, however uses +MD5 in the signature algorithm.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_signature_hash('sha1') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Intermediate.key new file mode 100644 index 0000000000..6d4ec3ce2e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA62GenUsjzI452awHBdoyNN4q3S9i7YfOfFnEnY4odtHyZWCR +P3tjpC9QxNoSW3Ggl08mz+eyAYRnV/WGNlRoDyjw6nvKHhq8fmfP/RRj7sEzkgFw +vBJrfSyNAjSOhRrk9Zm2yNUY2QSm9UD8llDiP4eg1nK+o6NFiQd00C6cDYgSAqPv +F60sLXFmEYk/z1d3KHdwuw85sLE0nen3olavV37tRPi+eD0oxQ03FSz2mU4FcK7F +mUWnP72DeWqjZ/9xLWDiCJEjRUCxQFLhOx1d0enCsLHE+3yvnMGV8aUjFhl1n+++ +uHmn9MWyR65tHBWcJg+yD+ySjVp5yZ4W4HC87wIDAQABAoIBAETCwrw+fBnAnqO4 +/mA2Sp5pHGp68lJjbu2ip65DHgz/7eixmhzKZeRLsjOfZOdzvS8Wf0cS70xEKpBm +eCuc4r0y/5XwTa4Xr2LZ3seW0k6n//GyHAXE98OcZSD0y4GUxrf8jIoEvnp/Qmq4 +7lDXFhDrBRBAevKAusp59CTwyMOmoeATOaE9Ng5MhFnlW/EVMT2qKJA7fuTy4VXz +G4Sy/d/7wyf8dbgbD7n8tllR1EzYoEZpf64IQMklTBhAIc5nhO0RN0zpGMFgQeSp +8XAP6bwzrViwKfSt79qDAzSVqn3Cac0of3g4Ku9qhW1QuT2uhAOPpcwvjSimrY+C +Gas2Y8kCgYEA/p0JeF9Eh+FgW7vAdqZlF8GalkVZKLSThOcBz9ETLGLTsJ6D9TeP +4V0qUWi4+/Ny9KMdJEO5c0/qj93gXQ9B2EJMnZ0MqBmLkpTOGuyd4JDSm5dugxOl +Y9wCMY9acp28ekSF/DwE7ApQkrsU5JqRr5BLnBzGE6awqzMwTb0l9WMCgYEA7KnF +SJ9CQuDAYyhI1bJWq0LSIFJGi5HvT0s7hX0D/RRIx5koE7Y0ABuKsX9BKJjfcy15 +KKy+uS4KiMY0vFSvRZrqD7vqdSyF4ziC6iR+NVOhoqyqMnM6d1oRkIrgW2hRiqc9 +W4PUIA/Fithto9ve6KqF9NEuhwc9IgLBzB2U5gUCgYBusEBstyXo2J72YlISgtYS +FNWqnG1dV9uF/JN6EA+AzVnwP4locoY3WDRMffVlevmvxrWljVey/LwhXTjr2/Up +GfGK17qn3asix1Quuk0MUolsoNGnZEQTfJLrjsGocFB+6wlAlasiHn3WvEQh+dx5 +8YYdURj/dAj79F38fc1htwKBgQCrQS7Bnn0UaA7PshcCjEqrI29qdB8YYEIL3yTz +M8PvHv6LcQjPOsnmSgfS6YL9HaKUdhN2m4pn9ikpUERZA+7RL4iwWgsPP2ijRAF3 +7XBmpl4QmWGPoFJui36qWdSAULyw2NRNpNebW85W6sZsDG8BbmQBBF3m2BYkxln2 +mnFlAQKBgCO2b5ie/kU6mO/il+mfC3jkCBtMPBkzM+lj4UA2v6ozheRmF7B6OBu5 +Yt6btEjGkm2oTVPuyuYXhvyEdi1ineycDGnOdacHLLxNQAO0z8JDVEKJLbMo4xrB +XDz2FX1tMbXcRp/4734+3vACSCHgG1BzVTbi3P8voR4tT8yh5eZq +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Root.key new file mode 100644 index 0000000000..24e21c30f4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzLLNd4++yaUXreWsLbLAHzNe7dmWVxSbpDfYoD3kLFaVTXVo +T3cGJOAP6bbeb92n9pPc80gQ+vuQtUNCC53X6QwsaXs6T3MxAAy6Fczdd6ap+SG4 +l6q3pJlsCKCOn7gpR9/bubA55U++Ry+TdltrAv7sZjHC3o4KZ4mkcMsyQNtjAFdA +tI64JOTeM2IkeuWyGEFU95jZ9cgjHohaphx+kg+SVkkOWtxJS9H4G3OwMW83fs+R +9EDmizYR+w956tKA9Y7BJNL+L8FYbTIuBGSyINLNoXmLCCWPHon+Qz+/3kny+rvX +Um4Zj0y2bk9ZSGPiyVUPWImTheBY7oAWX8R3uQIDAQABAoIBAFVU1EJbMfVtVQmx +DK2gLmbTS2drpTh35sn2Xd+u7UducJ7xqqI1w+HrZbbP/Lo1dKddzGW+TRXTeOeX +OhkNm8wSvxDZxd0I8AxNQeWEmW4flAu++ux+xj9flaGjDNGYO90yfK5TwE7Ph0q1 +kotsYJfHHVUcuVd9bujqgBplGnXePt3GAV8hULMJjp/hliOuUfwaZjVUkIRXH4uH +1o7le/BitASlm+ln0FetYfmiJSdC0bCOtsWT7W4LiZiHrTiVd53NcbhmpbJN90d8 +bbFzmMVeUvzJKrnsgIM3HdmqC6ZBO+FEEcqh4brrtv3ztVqBybLTt4IlV8Tio6BT +saxsi2ECgYEA/qsdkvziIllxzIPza+vSTFkkVXRQsHYHSxNpyCD0i2Ih2JKETxAX +Yq3uM5wXtKNYtoHVIEgqTXOgOwDlh47Bc9yq7bGZY3PsOv1/NhO0XW6Sqi2y6BEE +HhX+Xfk0wRwqLp6MALD576yGi3BUgqrB8aLPWyPxF42NOifft137vScCgYEAzcTM +1vlkUm/StPEsZZmalA0b7UybiqSjfy/bdeVfBX+Nbm6+q4LOjgPJSj3NfRQfamR/ +vDh4LBOtm0SqYU2Sz5i65oLQX6dVSZ0XmIgaTupBtZoLFS48Z9DGr/MC7J1FdCA3 +dL2bB1uQZrjpymnXRspXbfwaTYv64i17i5vs8B8CgYBfUQpbpny44INgSY7FONlY +LBEWTteYhESMi/KOrg75UDxcw9HziZFHJNQ/ys9wk6azgHqVf40dugYhr185UmwD +gncTSeKgP5YOKiz/v3ZFdgo82afZhezlmdO/tnNRR8pd8odyBss1MnyVGfD3ixPV +7drwQM6OwzM1rhDkn6+GBwKBgQC4xsf3J7659GavS39FwTi5SEhSwJ9QUeXr2arm +ZNH+WvtDNrmLxIv9pVLFk1gKwN4xKQw3ljH7yrP0ISYq+IEkYI89Xi0GKHqC/0lo +FJgjU2MsU6cuHvXpd+ZjrAJtPhFXZXLHJ1ims8epJtXyiTbi/+KhBmkMR+5D2vn9 +dUjAmwKBgQDzpPpqTv3kgwtqsd1mmp9niiCp3p8uf5LRzvdewgmg3ke+y5Qs3ZGu +d9UQSZ9eH3crpUlQWTt+1EM/XsHcNXFRef5AhIEwNZDeY93Vy568FNxtLs+tm+R+ +swQj6m2bDoJqFEuQ2cEwIuGeARwlyOLwgeDB6w0k08edlAGXXb1X6A== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Target.key new file mode 100644 index 0000000000..7c45d679f4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEoAIBAAKCAQEAx93rWvSIAwrXtimV4FgDxjU2sJ7oCZQhugfPcMxSxyz9/sCG +ULMMe0bP66O9WikyWIEJ/4X4s3d1WGEi8VmZHw1Y3f/1qFFiCljbII79WkOWj82M +mMr070z2HkjcSEZgjGcPmkEra3LizhElPSGZ+j/KNLiu8Sl6zrwczphQ1nCTCqXE +fgU0RvHvNlmQYsK4uXHt38D4/f8I+tsFfZk1KmUI4KFmy31VvHLYH30MEeKLEVEu +iLHRcl/Fa6zwHj+XuA7USZ2gtb4jebEPGZDGAOFitNXbJYwRAZKdFxb97r83airZ +tE2DDCQs+Ch/Up1rs6yyK4bo/vilOsyd6wjwbwIDAQABAoIBACgWifNnYrSBgzzF +YItr++3QlJSeetoY/R7MHD56rQvIKXXkdcxP7Wv4ixGvePZRlwiLcU7wNy8AAehl +K1YPa5f/3FhC06ocELcUlXcVVxm4vsU/LDklVDV/UUpHwO86NnlS3p1I/wWBOJ6u +b7KwP6sjClLCzEwQztIShxClGmm4NfbnHBB0t3Sh20i8mTFzvjVUWbOb4br7nHrY +P7MPaEwzTMPHTsgY7VdBUXVmnVrFs5YYNMtOe875QOH/TkZmIgNEarb2t/Mz6BVQ +TCRdwbxcNQgW7RK11UQzYtXkIyQLFJwA/TWsIHgyHM+k/kfyJbQEKo4kkuojsoT9 +KspAfFECgYEA5Nc4KHL+PAve98pUXB8KtViQPhzlPOKU+qbeNubr9Z/6BRYgBPu6 +zYcWa5nZqVdcyYF4UywMKCHUdvTNenPmxPkWIvVUoTeirGm0ES51No/N5F8qg+DY +gcMos2Y9fWvUZjl42uZ2EqFQKJjcYxYZDa4hfyCYuGygWPV08+/VhvkCgYEA35Zm +K7Mj80b8nFhLWtL/jUK5KIbnFQhwW1zVoco0q8V5bVMzGc3lXU0glSIPiRtBD3xW +TE6ykjVRGSf5w+ITo8OoFe4cQ/L16VuBVe7PVTV7xmL9t6NfIrBjgT2Tvdq54g3S +v446uGkQaMBnZXbCOhs91U2XVGlRhvmSK+QyBKcCf2FvQXn3fEgUxdq7Sy/uB6Ev +FDteEjzaPJR8eCDoMY9jjhCcWwXEKMVZvzIRT5vKlrc1aQYAuyxbOxtrIBIDRz6W +z9YSnvYFuj2uw/yMy1tv3zpdSrzb/1NAxROddJDyWH0t+0c42Q0VogunCi8mOYSZ +n6mBN4VOuvcli6ZRd5kCgYAcTmUm+Sn+/aizfnYjzHyv/JeGavXMcuIOnwUo03mx +mXGTBqp8hNWZ507Nsp82421sMXiXdosi+X8H6Ui0pOWJoRahmCCZ9aNuZLhOEcrL +5daCujuWyScdNCmUzh/rNEq+NLPOron+mMaMDHfKn6tdQd+lJoqXFDJPHT+FMQGo +FwKBgDAhLAVS3fwqk2x0lFmMdrRT3aqF7SLIJL3wCNRJGkAAEjvo2VLqNjg9a1gv +9TE9GkkXWsmCmlCRr0gKUv9FjDUIvxIRxVLu2XDOUDGt77XDoNZ9/pQErAgFYiSK +NbhYVKakLoPUT5PnZTq9v+bpmfwaDAxAqc/YWbVDcaxUOsg9 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/main.test new file mode 100644 index 0000000000..131458ff41 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-signed-with-sha1/main.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +digest_policy: STRONG +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unacceptable signature algorithm + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/chain.pem new file mode 100644 index 0000000000..938d947d11 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has an unknown critical +extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 73:54:1e:c7:2c:6e:fe:21:b3:a1:00:b5:73:46:4d:6e:2f:ca:28:8a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e4:56:5a:78:c6:79:63:15:7a:a6:5b:ac:09:02: + 26:d7:10:40:e3:ea:55:dc:1c:86:37:cd:9a:0c:7d: + 6c:5a:1f:d0:58:25:72:48:c5:7f:ae:7c:eb:9c:a6: + e8:45:7c:f5:00:36:16:a9:00:f9:8e:8a:df:70:2c: + bb:30:6c:74:6a:c7:30:69:a5:2c:1d:77:3f:b0:fa: + 89:e0:cb:07:39:ac:08:59:aa:4c:63:cc:62:fa:a9: + 8c:19:27:61:2d:0d:97:98:ad:50:b8:b9:e2:5a:21: + c1:70:cd:e7:2a:ad:6a:68:1f:52:bc:8c:80:f5:51: + a6:f1:3f:47:c7:50:81:27:e5:15:37:48:4f:4b:c3: + 1b:e9:01:b9:97:56:8b:b9:56:38:62:d0:c5:ca:52: + 21:6b:2d:42:03:7a:d9:83:d3:cd:57:b4:8c:ca:a5: + 91:bf:3f:e2:26:df:85:e6:6c:2c:80:56:26:21:95: + be:cf:a4:85:cf:5e:e4:18:05:e7:68:99:91:67:6d: + e3:16:92:c9:df:9f:89:3f:ae:ee:ee:a8:43:69:f6: + 6b:92:5d:72:6b:bd:53:1c:4e:25:23:4f:ee:5a:ab: + 3f:ba:01:42:94:02:db:cb:59:93:bb:b9:2a:ea:ad: + 5a:17:26:84:67:99:05:98:f0:b1:3c:e0:a4:2b:17: + ea:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F7:35:7C:CD:CE:17:42:80:4E:A2:57:94:36:6B:2A:70:19:25:20:CD + X509v3 Authority Key Identifier: + keyid:B7:0A:76:64:C2:EB:6F:75:8D:EE:42:82:82:B5:AE:9C:7B:B8:23:29 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 96:e4:7f:6d:16:9d:bf:f8:80:8c:21:b2:ff:75:e4:12:c4:f4: + c0:c5:a1:0f:78:1f:b4:2f:87:51:6a:71:af:03:86:8a:6d:3b: + 9b:9d:42:e9:b5:96:07:5f:74:ef:ee:03:a7:2f:5c:95:00:9e: + 77:4e:72:af:0d:6f:72:d2:6a:32:4c:f1:ae:1e:49:94:d8:bf: + 53:81:83:45:17:ef:4d:89:55:33:7a:d9:a2:88:fa:a6:c9:10: + 9b:03:4c:88:d9:20:df:f4:39:9d:a5:57:c9:f5:1d:3a:bb:5b: + 82:30:7d:6b:f9:34:81:84:25:bb:d7:32:d3:b4:28:52:49:81: + 55:93:1e:39:ca:a6:3a:29:5c:98:2f:30:3e:0c:ad:07:fd:f9: + ba:a1:e4:e8:26:c4:2b:f0:e3:87:46:8a:61:32:df:43:af:0d: + bd:de:63:00:15:e2:57:c4:ba:cf:b0:d0:2b:f4:49:2d:2d:c3: + e0:ff:90:e5:cf:a5:79:28:24:d8:7d:99:44:22:15:b8:b9:7c: + bc:cf:ee:5a:c9:97:5c:df:f6:29:94:ff:a9:56:29:e2:1e:f6: + e6:64:04:60:62:0f:8b:e6:02:34:44:11:a3:8a:fe:97:20:e8: + e2:87:7f:3c:8a:e0:04:ea:83:e9:17:62:25:df:5a:98:af:a0: + b0:34:ae:db +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUc1Qexyxu/iGzoQC1c0ZNbi/KKIowDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA5FZaeMZ5YxV6plusCQIm1xBA4+pV3ByGN82aDH1sWh/Q +WCVySMV/rnzrnKboRXz1ADYWqQD5jorfcCy7MGx0ascwaaUsHXc/sPqJ4MsHOawI +WapMY8xi+qmMGSdhLQ2XmK1QuLniWiHBcM3nKq1qaB9SvIyA9VGm8T9Hx1CBJ+UV +N0hPS8Mb6QG5l1aLuVY4YtDFylIhay1CA3rZg9PNV7SMyqWRvz/iJt+F5mwsgFYm +IZW+z6SFz17kGAXnaJmRZ23jFpLJ35+JP67u7qhDafZrkl1ya71THE4lI0/uWqs/ +ugFClALby1mTu7kq6q1aFyaEZ5kFmPCxPOCkKxfqGQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT3NXzNzhdCgE6iV5Q2aypwGSUgzTAfBgNVHSMEGDAWgBS3CnZkwutvdY3u +QoKCta6ce7gjKTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAJbkf20Wnb/4gIwhsv915BLE9MDFoQ94H7Qvh1Fqca8DhoptO5udQum1lgdf +dO/uA6cvXJUAnndOcq8Nb3LSajJM8a4eSZTYv1OBg0UX702JVTN62aKI+qbJEJsD +TIjZIN/0OZ2lV8n1HTq7W4IwfWv5NIGEJbvXMtO0KFJJgVWTHjnKpjopXJgvMD4M +rQf9+bqh5OgmxCvw44dGimEy30OvDb3eYwAV4lfEus+w0Cv0SS0tw+D/kOXPpXko +JNh9mUQiFbi5fLzP7lrJl1zf9imU/6lWKeIe9uZkBGBiD4vmAjREEaOK/pcg6OKH +fzyK4ATqg+kXYiXfWpivoLA0rts= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:03:de:56:53:4d:df:53:72:dc:6d:7a:68:da:5e:9a:7a:fb:e3:12 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:af:53:c1:dc:ae:32:12:ba:12:d0:12:d6:5e:18: + 4a:ca:26:ef:e5:b8:b4:b0:9e:f0:6f:99:7d:d7:f5: + c5:2c:e3:3a:d0:61:35:51:a0:ea:eb:76:02:27:9a: + 7e:19:b7:3f:9c:09:ee:e9:5d:60:64:82:19:94:74: + a2:b6:04:6b:ba:dd:51:c2:33:6c:9a:b9:eb:91:b9: + 3a:07:6d:9e:36:3e:17:b7:38:27:1e:11:1e:06:35: + 50:4c:02:11:48:17:28:87:14:0f:d7:28:65:4f:12: + 80:da:4f:74:36:63:de:50:97:2e:68:dc:82:bb:f1: + c0:6a:60:34:1f:86:2d:61:13:0e:39:9e:14:d8:ba: + df:55:8d:bb:7b:38:77:85:d8:37:52:97:20:c2:12: + 01:f0:e1:40:25:70:76:f4:89:5f:50:15:77:f9:74: + e9:53:e0:31:b8:e0:a7:f1:22:72:76:b1:07:13:b5: + e9:a8:f5:bf:29:0f:1f:95:bd:a1:79:74:56:7e:ba: + 28:18:aa:20:8a:af:7b:ae:cc:cd:55:b2:8b:b4:f3: + 5e:f2:bf:2e:09:9b:6a:b8:26:bf:79:58:c4:ca:2f: + fa:e0:28:7d:f7:85:71:c3:c2:03:b0:47:b9:11:d5: + 4f:dc:5c:31:78:06:0b:06:09:bc:ae:95:0d:ee:71: + 02:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:0A:76:64:C2:EB:6F:75:8D:EE:42:82:82:B5:AE:9C:7B:B8:23:29 + X509v3 Authority Key Identifier: + keyid:79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + 1.2.3.4: critical + .... + Signature Algorithm: sha256WithRSAEncryption + c0:47:ef:0f:90:1e:fc:8a:d5:24:05:4c:bd:c2:13:ab:52:af: + 9a:19:2b:84:eb:61:a2:6f:72:06:55:b1:3a:c6:3a:f0:be:b9: + 8c:88:31:d1:89:3d:41:8c:4c:11:79:d2:26:dd:52:8a:f0:39: + d5:4c:be:e4:ef:fa:2f:55:06:b9:a5:74:57:5e:e2:8d:07:ca: + 8b:24:4e:50:23:e4:e2:53:6f:8b:45:fa:b2:a8:c9:fa:cd:68: + 9e:8a:a8:8c:8b:99:a1:b3:f5:ab:77:b3:8b:d6:2f:e2:67:a5: + c6:05:d7:f2:b5:d8:ed:e7:06:64:4c:73:fe:29:a9:7c:42:d8: + 32:64:45:90:ec:29:a4:9c:ab:5e:20:51:c2:e1:a6:c8:2a:43: + 1f:f1:2a:45:3b:91:be:69:5c:61:83:7f:81:2a:07:41:0c:aa: + b1:bc:0e:43:99:e4:c1:c4:15:83:0f:09:02:11:31:70:f2:aa: + 62:35:45:3d:d4:45:56:c7:bf:9e:dd:63:41:3f:9c:ba:ec:3b: + 6e:8e:01:64:5a:09:a2:66:5f:fb:19:57:8d:32:4f:25:d7:04: + 73:60:25:35:22:84:11:b3:5b:a9:6c:25:59:c5:5b:c0:06:8d: + 36:9e:62:00:51:72:ff:23:28:cc:57:52:72:b0:cd:cc:0a:ed: + 22:7d:54:6b +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIUQgPeVlNN31Ny3G16aNpemnr74xIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK9TwdyuMhK6EtAS1l4YSsom7+W4tLCe8G+Zfdf1xSzjOtBh +NVGg6ut2Aieafhm3P5wJ7uldYGSCGZR0orYEa7rdUcIzbJq565G5OgdtnjY+F7c4 +Jx4RHgY1UEwCEUgXKIcUD9coZU8SgNpPdDZj3lCXLmjcgrvxwGpgNB+GLWETDjme +FNi631WNu3s4d4XYN1KXIMISAfDhQCVwdvSJX1AVd/l06VPgMbjgp/EicnaxBxO1 +6aj1vykPH5W9oXl0Vn66KBiqIIqve67MzVWyi7TzXvK/Lgmbargmv3lYxMov+uAo +ffeFccPCA7BHuRHVT9xcMXgGCwYJvK6VDe5xAiMCAwEAAaOB2zCB2DAdBgNVHQ4E +FgQUtwp2ZMLrb3WN7kKCgrWunHu4IykwHwYDVR0jBBgwFoAUeRl81mJ9tNjobnzT +6ccvPfKyQKMwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA4GAyoDBAEB/wQEAQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAwEfvD5Ae/IrVJAVM +vcITq1KvmhkrhOthom9yBlWxOsY68L65jIgx0Yk9QYxMEXnSJt1SivA51Uy+5O/6 +L1UGuaV0V17ijQfKiyROUCPk4lNvi0X6sqjJ+s1onoqojIuZobP1q3ezi9Yv4mel +xgXX8rXY7ecGZExz/impfELYMmRFkOwppJyrXiBRwuGmyCpDH/EqRTuRvmlcYYN/ +gSoHQQyqsbwOQ5nkwcQVgw8JAhExcPKqYjVFPdRFVse/nt1jQT+cuuw7bo4BZFoJ +omZf+xlXjTJPJdcEc2AlNSKEEbNbqWwlWcVbwAaNNp5iAFFy/yMozFdScrDNzArt +In1Uaw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:03:de:56:53:4d:df:53:72:dc:6d:7a:68:da:5e:9a:7a:fb:e3:11 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d4:ae:26:50:c5:ac:e1:7e:b7:9d:20:24:3c:b5: + 5d:00:3e:9e:20:03:93:41:ed:70:e7:cc:a7:8f:67: + 48:1c:79:41:b4:e1:e3:7c:e6:35:31:74:43:61:cc: + 7a:2d:15:b3:1c:fe:a1:75:1e:82:6e:39:30:10:39: + 7c:c2:a3:84:ea:99:b6:9e:3f:ce:41:46:9f:43:03: + d0:8a:0a:b4:fb:e7:ec:05:b7:73:1f:c5:06:85:0d: + 13:41:d5:f8:3b:b8:f0:65:2e:93:88:9f:c1:f8:81: + dc:c7:38:50:cb:fe:c6:cb:dd:6d:39:c4:4e:40:9a: + 64:4f:a7:72:fc:98:cd:b9:4b:32:99:0e:0f:33:2e: + b6:2e:80:f2:e4:51:bb:14:e4:67:43:54:2f:a8:1e: + c3:4b:4f:4c:dd:4a:df:84:1e:e9:e7:50:bf:83:2e: + a6:38:a6:c9:d8:60:98:94:b6:5c:4b:1e:80:c4:39: + 32:11:5e:ae:4d:c4:ac:10:be:cd:fe:a3:9c:38:2e: + 55:be:0f:92:cb:06:87:d0:a3:d4:f8:a2:e7:ca:05: + c0:41:91:a4:b9:93:da:fd:38:3f:ce:c2:45:2b:06: + da:d4:91:53:e8:8e:c2:c3:39:c1:c6:dd:ff:41:fa: + 94:66:c3:c9:ee:6a:e2:91:ac:ad:42:5e:7a:d4:8a: + 43:9f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 + X509v3 Authority Key Identifier: + keyid:79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 62:07:27:bb:c4:53:8b:a0:70:79:a1:2b:e2:2b:bb:26:53:6d: + ac:80:57:9f:71:54:d2:23:5f:74:b3:9a:4e:7e:7b:da:14:2f: + 27:d2:74:6c:d9:49:e2:30:60:55:97:cb:22:8c:75:49:fb:17: + 1d:8c:c5:f3:2a:0a:eb:e9:3d:7f:13:6f:83:9d:b0:5e:e1:71: + 1f:a3:c2:fd:66:09:3e:aa:82:cb:13:16:5f:05:79:9a:e9:2c: + bd:f9:3d:76:c2:b3:e4:2b:05:3a:3c:e2:86:25:75:9c:d5:c0: + fb:6c:65:7c:17:09:4d:ed:9f:04:72:3d:79:4e:e7:c1:1c:5d: + 85:cb:60:e0:e2:c1:4e:c6:6a:07:a7:0b:8d:4d:79:a5:32:84: + 9b:80:9e:93:8b:59:28:91:ed:fc:1a:6f:bf:37:55:8b:e6:9a: + 51:c2:c7:4d:b2:72:7f:ff:11:7b:53:f7:9d:05:66:27:2e:46: + 6b:dc:de:0a:c6:ce:82:7c:7d:85:d1:47:11:3b:e9:45:3d:4b: + b2:6a:e2:b3:e0:8c:33:8a:6f:5e:94:11:b6:b6:aa:e2:f9:71: + d9:ac:9d:94:c2:19:a0:de:0d:0d:09:16:fb:76:ee:9d:1b:52: + 61:bc:25:38:56:0d:03:59:ab:1f:39:da:40:df:d5:bf:44:c6: + a2:93:24:bb +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUQgPeVlNN31Ny3G16aNpemnr74xEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDUriZQxazhfredICQ8tV0APp4gA5NB7XDnzKePZ0gceUG04eN85jUxdENh +zHotFbMc/qF1HoJuOTAQOXzCo4TqmbaeP85BRp9DA9CKCrT75+wFt3MfxQaFDRNB +1fg7uPBlLpOIn8H4gdzHOFDL/sbL3W05xE5AmmRPp3L8mM25SzKZDg8zLrYugPLk +UbsU5GdDVC+oHsNLT0zdSt+EHunnUL+DLqY4psnYYJiUtlxLHoDEOTIRXq5NxKwQ +vs3+o5w4LlW+D5LLBofQo9T4oufKBcBBkaS5k9r9OD/OwkUrBtrUkVPojsLDOcHG +3f9B+pRmw8nuauKRrK1CXnrUikOfAgMBAAGjgcswgcgwHQYDVR0OBBYEFHkZfNZi +fbTY6G580+nHLz3yskCjMB8GA1UdIwQYMBaAFHkZfNZifbTY6G580+nHLz3yskCj +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAYgcnu8RTi6BweaEr4iu7JlNtrIBXn3FU0iNfdLOaTn572hQv +J9J0bNlJ4jBgVZfLIox1SfsXHYzF8yoK6+k9fxNvg52wXuFxH6PC/WYJPqqCyxMW +XwV5muksvfk9dsKz5CsFOjzihiV1nNXA+2xlfBcJTe2fBHI9eU7nwRxdhctg4OLB +TsZqB6cLjU15pTKEm4Cek4tZKJHt/BpvvzdVi+aaUcLHTbJyf/8Re1P3nQVmJy5G +a9zeCsbOgnx9hdFHETvpRT1Lsmris+CMM4pvXpQRtraq4vlx2aydlMIZoN4NDQkW ++3bunRtSYbwlOFYNA1mrHznaQN/Vv0TGopMkuw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/generate-chains.py new file mode 100755 index 0000000000..b4cd6e5293 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate has an unknown critical +extension.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate that has an unknown critical extension. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().add_property('1.2.3.4', + 'critical,DER:01:02:03:04') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Intermediate.key new file mode 100644 index 0000000000..6a7f0ee97c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAr1PB3K4yEroS0BLWXhhKyibv5bi0sJ7wb5l91/XFLOM60GE1 +UaDq63YCJ5p+Gbc/nAnu6V1gZIIZlHSitgRrut1RwjNsmrnrkbk6B22eNj4Xtzgn +HhEeBjVQTAIRSBcohxQP1yhlTxKA2k90NmPeUJcuaNyCu/HAamA0H4YtYRMOOZ4U +2LrfVY27ezh3hdg3UpcgwhIB8OFAJXB29IlfUBV3+XTpU+AxuOCn8SJydrEHE7Xp +qPW/KQ8flb2heXRWfrooGKogiq97rszNVbKLtPNe8r8uCZtquCa/eVjEyi/64Ch9 +94Vxw8IDsEe5EdVP3FwxeAYLBgm8rpUN7nECIwIDAQABAoIBAQCdZHJnOpXHC/Wx +hwecJvCU80lvD1ZeLACqHr/DLGXauw5kXK+x3OSnhiO/C8jiKwhWevBX3LSY5dYy +2FXtUqCneuFXljSL3hWklwSKAJUEGs/NcgJj0ngCmL/BzCVZczi1soPZ4fC4gGLe +GG+6GANOk7lc94ABWrAijsSb/Ccmuah78/NSlUmoBxd5dwj6KjnuujDPnyxr/kby +Ero4RSxeNEnbqnuc6UDQx6ch19dI0LECVlfcYnnxz5T7c5z97J1g3pb/EaIW7t3A ++LltCWE8MoX/y2ptU/fyBdnbCa4Q7s7On/is1mRtXpK+YmKFQTkzpsOyUpyag3OQ +73SGtCepAoGBAOEMwsrQLN3/tNYtFwX9McQVskGwY9391fuq5oWr3PqFP/NGdR9a +Mx6CRxwkFxSeg+yWabaEjpVhx2hoMz9CgRlSLrJSU29HjUMjmEdZx94RvwHNYlM+ +q4MWFMCCCFlDWFx7+e9qcGAKUyO7Ob4NJb6hjAwyMz+CCXf02cwDw7YNAoGBAMdw +bi3deWRemmisQFprN5U9NypHGeirwO4fCoflOiONOJ1VBc47xvmlGDrvKts7pIRW +yp4Bxzmz9CdyFGM1cSR6cAECVgIyw6fLTVUvbaEjWNXpGGzXQh8WCaRZyljq+84l +HFmFzEVWDcQyNiktr1N0c1XQwlI/rB9oNtG/izzvAoGBAJTAUIiprN5Xw/nE9/DX +eGt5Q8ezhW8X9rZQMeqsvHVCWhC8w3GjtyI1TjdFi5PvapeYm+suFuiaJqnWJfls +RdSsw3zOeaOWEcMM5fxTVY5tAGl6jcEkLU2J7NGJoWcO4nrO31bmbbytVmLJv9Lk +8cvdD6qIC+OwWf3V85er7VKJAoGAdMJ9vpxK1VgNTfqKMmVSxSxxf27g3DaxXLcP +kz/AKdAjtPhxzatxcfYVmWsry+2/AztMo/SmjkGsTuuaw/oloxWLPQwBDohpw3Ji +c9ywcgYfnBw7EH11WH2uZ2mp7SSlBqrzTfXnATDAHnzG+JSmcFVcsIDnQv/D5R89 ++M4K1kECgYEAuOvvvxxPoXqpJHlIELkVo1wQhvhM5IIUZJdvJxUKySr2fVamy+QX +AN9crar9/koPIWczcsRK8zabj0NhqjWxufKyeNbGACIVpOKX0InsTlaDYMvloKW8 +eMDD5T55tzj3HhtnQxak5Kg+xv0f3aYfzEhcpi76ARLmjOhIZx/V5b4= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Root.key new file mode 100644 index 0000000000..da4b0eef04 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA1K4mUMWs4X63nSAkPLVdAD6eIAOTQe1w58ynj2dIHHlBtOHj +fOY1MXRDYcx6LRWzHP6hdR6CbjkwEDl8wqOE6pm2nj/OQUafQwPQigq0++fsBbdz +H8UGhQ0TQdX4O7jwZS6TiJ/B+IHcxzhQy/7Gy91tOcROQJpkT6dy/JjNuUsymQ4P +My62LoDy5FG7FORnQ1QvqB7DS09M3UrfhB7p51C/gy6mOKbJ2GCYlLZcSx6AxDky +EV6uTcSsEL7N/qOcOC5Vvg+SywaH0KPU+KLnygXAQZGkuZPa/Tg/zsJFKwba1JFT +6I7CwznBxt3/QfqUZsPJ7mrikaytQl561IpDnwIDAQABAoIBAQDID0lbkZceRuTR +mPp9YN0q7bwwwSw0R/Z9FbZI3w6mOinkzNgBFUvUSVlZFc+XuWHTVHLsiNaIeKMN +oAYL0WWmiRGPqtWJ8bS+hUgVkhzNGUyb1AUnTV7kqXgD5hKrmzwG8dk2G5GLAh18 +CS13tyGpg5DLVi2F97WEeC9iDRr3wFxUmsyGvzmHXDCVTEcx63BmKFrwTtKiBl1g +t33uO4tZLq+7IC48H9BY2IdQ0DNQb9pFo9V+FIVir6gXpbZdoAFVQ/yzuKa07vul +r+CfjGWySKhde5EVx2A7lD3vxfUbBHBJBcxMJeyte8i5frbiFlfFb4ZCQk2lA55W +g0qh1ZIBAoGBAP0vd8HYaV+Pe2OovbaWZ5+bNjtRMR0jpnIzEEFg6y+EqgA7zVnz +DCOGGj7VvZJgdUr+8KYBov1yvy89vuqN8rNsIUOKBZ9oLSpWaVnHLbd+bWIL1aQ2 +97g4zITQo2sKf74spUYvggVJ0vUw1/LGUkH4LU2LUojBJvMPm8pvck1PAoGBANcL +aNnwWU2OyUOMpm+9EIlk6HbckYxwPje4bWKD9+QGUnZI+Zwmc3a2kKG64z6V70L4 +QIcjBrBtTiFNuf//DJpwvO8oDp/yAeRmtpF0HHeXvocczWppqLwaPrW6ImtuW5yz +IB8wXrFNHcEA1L9XQksCDuVsj4w2o1ivqgjOvDCxAoGAZ4ALHdRBJ055a4EkpMqR +a97AablEMZxMQ6z6PS/IlPFPqa7IwLepw6/jdMJdr8P8zv6vE73himhpHX/JVwtW +JuDSLFD1AXhN1lviz0+sMbHeN1GNMYdC9y1I9hZwZ6awF+caXTm4lj7anV8tOFK4 +d71jj6qfv8XuDTjZQAUVHeMCgYAuv404q5ZOVPcN1zqrWdeJdsVOaZ6+f/wWkuI8 +o2G1UWaFzlFtD7LUINYKQp16EpAj5+HnPscKfYiZltMTgreTr2RzPSsIvEyLAYU4 +05wIp5VEvA8vze5fjfkJ+n/XCPOjehFGlnZPZutL9MlLG0YPFlB0sYf3PD2AXxfA +uGiS0QKBgG0p4CYL2YmVvNPDGMKQGEjtP+RJkxx1rfU/ZhXujMjYX5/T+QJvl4oA +bYuI1G3fGYhL8I+c7RtXlfotDatywygRX1qsDHoAAZLW3QOLfoFtHWCoBYG9hP86 +2ghSnOAdOcFBwUtHPZyEXVNMnt7azUdAwUtflFcN1H+F4lY0AWvT +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Target.key new file mode 100644 index 0000000000..ed2fca3ea5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5FZaeMZ5YxV6plusCQIm1xBA4+pV3ByGN82aDH1sWh/QWCVy +SMV/rnzrnKboRXz1ADYWqQD5jorfcCy7MGx0ascwaaUsHXc/sPqJ4MsHOawIWapM +Y8xi+qmMGSdhLQ2XmK1QuLniWiHBcM3nKq1qaB9SvIyA9VGm8T9Hx1CBJ+UVN0hP +S8Mb6QG5l1aLuVY4YtDFylIhay1CA3rZg9PNV7SMyqWRvz/iJt+F5mwsgFYmIZW+ +z6SFz17kGAXnaJmRZ23jFpLJ35+JP67u7qhDafZrkl1ya71THE4lI0/uWqs/ugFC +lALby1mTu7kq6q1aFyaEZ5kFmPCxPOCkKxfqGQIDAQABAoIBAQCdKD4+0EQuCVOQ +epoO3TdEYMB43gnYZJ2QfOdhX1YbNbhdYvCk26JEw2AbQtmtMhMi4Rd5nN0m2bht +6auw6YS7FXvhyrhxU2k380jAupyvehOJO2g2bC9X3Sg7C9qberZzdB6R9gawCHmu +nVlVC2SoY567fW0o69keRHKv4V3zyTCerzHMzdj3xZ5HJo/frtwkNkIWlEkOoxq5 +KOqBrtyaMChYYRXu91VgWMOr7wkefFo4zwoAmHJAJlDmoJFOgg/H53cjTgoCkaVI +jSJk+dyVlxCJ3pUYX9kXn3GNsw+1CWuA49pyy1uBXSJI4XEfD/o3VLbalSf2kiSB +PkBMckLtAoGBAPLUFk09GwatVGCRc8/TkgbaTWAJHBqJDO2aZZ23hCkPaMqGX64d +GNAeT2UoaDvq5ScF13p9nFGB11IS41Bxj5cBS+XpyK+x0jAnEO5qX1VrCRsaecqZ +erNDtoYAyoUo8w0uZEHQ3FQKetL5/6jzMvH9wtzh5aPj2ygKMvea0TFzAoGBAPC5 +Cts+RPsCYAJFLbeWqJhUzW/dEFJWjltGtYl315Uz3aoe2kmhnKgwbRlpTl3ZYnDX +pIewfxZw88Ekp1INzns4IGqpCMBLU9az7u72TVYV7PqPbKjmX8mgKhpAF5WEu5gM +S48kljb0U0bGgT9bgDAzUg9C2DHh4pTxn2z+xeNDAoGBAPEK5MRxNsWvAwYE/IA9 +lUPmKU5+XH5esw2c6OfhRnh3yl7Xelzcl0fn/on8zVNE/Yl5/Aakb6pdB/95rlmp +EI8mA1BLfCIjkvCnpt/ziYTCBjz4UBNzvN/8BFAKsv3xwyq/dVf72uo1qOyKq2Tr +XRPoASm/t3OzeFXLogI1lRjPAoGAKcvHMcf/DCIeb2Z5iJ3VChX3UYvtkI5My1Zc +oNC5EsPdofMXbZ9s5tr5pmbdX3gmGnemrpSbjFbyS7/EeX/CMSzOnBZbWZ/6n5XA +T6deSCsoaVzLvgu55/UyOjqUnbZdKApCeEke9822Q9ylhk2p1TSj89hkV0zkHX5S +cwdNbqcCgYA4gBIDjYllCxvjwC9XDn2oMiniK6GGDsC8NvU58CANEAo4D5FwoJCO +5U1kEm53HEmp4C9Y+S+KLyqz1JR2EOilwhHUUYpKaiZt3n6Pizc4X9Aj4QuC5rFn +azKPHNeyqyBfQoqMQgDTdIxgDSd0e408NMvnOLaQDLuQi9tFGdSYCg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/main.test new file mode 100644 index 0000000000..63a8aae925 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/main.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/chain.pem new file mode 100644 index 0000000000..ebbb152665 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate contains an unknown non-critical +extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 15:0f:e8:d3:8e:fb:9a:03:b3:58:55:cb:3f:cf:6d:78:a5:26:b4:1f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:45:b7:c7:2a:57:db:f0:c6:44:38:af:69:b5: + 8a:33:9c:bf:ba:bf:19:8f:a4:96:5f:61:74:0c:3c: + 95:c0:24:0a:a9:55:c9:3b:a3:1c:93:b3:d8:d8:40: + 92:4f:c9:c0:9c:51:41:bb:ee:eb:ef:83:4b:d2:a5: + 2f:da:74:90:bc:45:3a:62:7b:5a:e2:0e:9e:b3:83: + c2:8e:67:02:a2:4f:4b:8a:5b:33:19:16:3e:0f:f6: + 01:f6:b6:c2:6c:17:8f:63:d2:91:3e:6a:2d:08:c8: + 7c:51:f8:24:2f:dc:f7:74:24:0e:b6:9b:85:c8:2b: + 82:81:0f:04:5f:d6:53:1e:53:2f:7e:1c:16:fc:3a: + 77:f3:7f:51:1a:16:e0:7a:a4:05:89:d3:4a:9d:91: + 03:db:a5:6d:6e:60:cb:f9:40:53:0f:5d:f8:b4:70: + 23:5a:c7:ff:bf:45:1c:f1:21:8c:4a:9b:11:f7:8c: + df:9f:8a:94:be:2b:16:f1:9b:07:90:0d:ff:28:1c: + 0e:4c:21:36:4e:18:86:50:2d:24:c0:d3:ce:f5:66: + a2:96:28:01:56:ba:97:d9:f9:fe:c6:0c:af:2f:34: + c3:b7:e1:b3:8a:85:3d:52:ef:fc:61:10:97:17:35: + 95:fb:c8:e2:ae:49:1f:b4:8a:a7:70:76:b7:c7:df: + 6b:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:9D:A7:97:77:91:95:74:7C:01:DC:46:BB:A1:09:4F:19:65:53:D1 + X509v3 Authority Key Identifier: + keyid:07:F3:ED:92:2A:F7:2C:67:60:A8:EF:86:B2:9B:CC:97:5C:FA:CF:5A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 33:e2:3f:e9:5d:75:96:92:fd:8a:2e:93:5d:79:9d:8e:a0:c4: + d9:e8:8e:06:c9:76:91:56:3b:53:be:af:b8:0a:02:1a:5e:4e: + f1:c1:68:5a:42:3b:1f:f8:2e:f8:f2:62:65:9f:e0:2d:5c:46: + bf:9f:87:e3:e6:3f:59:43:11:fe:68:9c:9f:81:aa:20:2c:42: + 56:1d:fc:d3:61:57:92:17:e4:cc:e1:e8:e0:1f:a8:d4:f0:f2: + ae:cc:cb:f7:e4:23:7e:2b:3d:b9:2c:8d:c3:1b:07:bb:02:42: + f4:d1:96:68:aa:68:50:ec:e7:e1:91:53:c3:54:b2:9c:2c:a7: + d9:27:b1:54:58:45:2f:ed:88:4b:3a:13:54:df:a3:45:3a:79: + f1:e0:b7:73:05:8e:df:0e:3e:74:5b:c5:ea:75:0a:75:25:71: + 86:20:60:d0:48:bc:b1:4c:d2:23:70:68:6d:80:1d:24:0f:da: + 4e:b5:5c:26:f8:5b:e3:d9:4c:2b:68:9f:b8:74:77:e4:ff:2a: + 6f:0f:29:64:ec:1a:68:89:a4:81:dc:3a:31:7a:70:a5:28:ff: + 78:8f:ec:aa:f8:3a:38:75:93:ee:52:ed:f5:b4:cb:2d:04:3b: + cd:52:f2:da:19:1c:08:f8:8c:bb:18:0e:52:0b:51:ce:ed:40: + 7e:fc:a3:2e +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUFQ/o0477mgOzWFXLP89teKUmtB8wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwUW3xypX2/DGRDivabWKM5y/ur8Zj6SWX2F0DDyVwCQK +qVXJO6Mck7PY2ECST8nAnFFBu+7r74NL0qUv2nSQvEU6Ynta4g6es4PCjmcCok9L +ilszGRY+D/YB9rbCbBePY9KRPmotCMh8UfgkL9z3dCQOtpuFyCuCgQ8EX9ZTHlMv +fhwW/Dp3839RGhbgeqQFidNKnZED26VtbmDL+UBTD134tHAjWsf/v0Uc8SGMSpsR +94zfn4qUvisW8ZsHkA3/KBwOTCE2ThiGUC0kwNPO9WailigBVrqX2fn+xgyvLzTD +t+GzioU9Uu/8YRCXFzWV+8jirkkftIqncHa3x99rcQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRJnaeXd5GVdHwB3Ea7oQlPGWVT0TAfBgNVHSMEGDAWgBQH8+2SKvcsZ2Co +74aym8yXXPrPWjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBADPiP+lddZaS/Youk115nY6gxNnojgbJdpFWO1O+r7gKAhpeTvHBaFpCOx/4 +LvjyYmWf4C1cRr+fh+PmP1lDEf5onJ+BqiAsQlYd/NNhV5IX5Mzh6OAfqNTw8q7M +y/fkI34rPbksjcMbB7sCQvTRlmiqaFDs5+GRU8NUspwsp9knsVRYRS/tiEs6E1Tf +o0U6efHgt3MFjt8OPnRbxep1CnUlcYYgYNBIvLFM0iNwaG2AHSQP2k61XCb4W+PZ +TCton7h0d+T/Km8PKWTsGmiJpIHcOjF6cKUo/3iP7Kr4Ojh1k+5S7fW0yy0EO81S +8toZHAj4jLsYDlILUc7tQH78oy4= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:7e:4d:0e:76:59:e5:dd:a7:55:bf:98:47:02:50:e5:71:03:33:72 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c9:47:61:13:ce:5c:97:1f:40:92:f1:86:de:28: + e0:4e:e8:70:01:3a:19:75:23:4f:bd:7b:ec:b6:45: + 5f:aa:5e:2c:58:bd:ed:17:3c:ad:fc:74:4e:97:48: + 71:a3:ce:04:90:0f:cf:78:62:89:58:18:66:c5:b7: + c9:a2:80:48:57:ee:64:a8:17:90:8c:e1:51:6d:a3: + 79:21:d0:67:9f:82:ba:89:70:6e:54:32:67:e2:f5: + d7:8c:de:f8:6f:21:86:26:11:89:e7:7a:52:ab:25: + a4:e9:53:0d:01:58:04:a1:8e:ce:93:52:36:33:82: + 17:6f:4c:cd:5c:9b:ee:42:96:2f:5c:ef:e4:c1:8b: + db:78:ad:af:e3:9f:b6:1c:be:f1:1d:36:9b:63:92: + 37:be:ea:27:49:b7:7b:89:73:93:2c:b2:cb:bb:74: + d4:a6:c2:fe:08:ae:e8:bc:e3:40:a7:4d:97:db:14: + 26:6b:c8:02:d3:95:4a:9b:7b:12:69:d3:3f:e9:88: + 07:d7:49:26:6f:87:85:aa:0f:be:88:3c:a7:f0:9f: + 7f:21:f0:96:35:26:71:f1:f9:33:3f:f8:c8:92:64: + c1:7a:6a:6b:52:a8:54:dc:88:5c:75:93:81:7f:4f: + cc:c5:cf:51:4b:87:ff:4e:3c:e2:76:08:2d:fc:4d: + cf:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 07:F3:ED:92:2A:F7:2C:67:60:A8:EF:86:B2:9B:CC:97:5C:FA:CF:5A + X509v3 Authority Key Identifier: + keyid:5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + 1.2.3.4: + .... + Signature Algorithm: sha256WithRSAEncryption + 74:bf:7a:bf:eb:53:13:85:45:70:1a:ab:4a:a0:0b:75:e4:4c: + 48:c0:b5:d8:b9:7c:47:cc:96:31:89:bc:7b:af:aa:02:99:de: + 6f:ce:d6:67:94:13:17:4f:7d:ee:43:da:a1:d3:06:9f:84:fc: + c1:98:26:5a:8e:85:fb:00:63:85:42:bd:83:f8:28:18:0d:17: + 48:30:95:eb:d1:67:eb:5d:c9:fc:26:ad:a0:c9:8e:d7:61:01: + 70:01:21:8e:ec:1c:fa:14:de:97:52:f2:c2:4f:bc:63:50:c9: + a6:26:35:41:d3:04:04:a1:f1:b4:51:46:49:ab:0d:bd:af:76: + c6:fe:12:35:42:15:8d:17:1b:69:c7:46:70:d4:9a:f5:bb:ee: + 95:44:3e:af:5f:ae:42:4d:ba:e8:65:9c:4d:ea:8a:d4:c9:e5: + 6e:c3:d4:29:93:78:d6:48:ea:e8:94:c6:27:a3:df:e5:d0:07: + 86:6d:16:81:62:5a:af:4c:a5:b3:21:f2:88:03:e5:be:5b:84: + 4d:96:0f:d0:cf:35:85:23:b7:a1:4b:cf:fc:f1:ca:a4:91:c7: + 12:44:d8:e6:fa:aa:84:f8:1e:74:59:d5:04:5a:8b:f2:b8:6b: + 59:8d:29:59:24:35:2d:e2:dc:e8:4b:6b:f7:e5:92:da:bd:4f: + b3:cb:dd:93 +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIUKX5NDnZZ5d2nVb+YRwJQ5XEDM3IwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMlHYRPOXJcfQJLxht4o4E7ocAE6GXUjT7177LZFX6peLFi9 +7Rc8rfx0TpdIcaPOBJAPz3hiiVgYZsW3yaKASFfuZKgXkIzhUW2jeSHQZ5+Cuolw +blQyZ+L114ze+G8hhiYRied6UqslpOlTDQFYBKGOzpNSNjOCF29MzVyb7kKWL1zv +5MGL23itr+Ofthy+8R02m2OSN77qJ0m3e4lzkyyyy7t01KbC/giu6LzjQKdNl9sU +JmvIAtOVSpt7EmnTP+mIB9dJJm+HhaoPvog8p/CffyHwljUmcfH5Mz/4yJJkwXpq +a1KoVNyIXHWTgX9PzMXPUUuH/0484nYILfxNzw8CAwEAAaOB2DCB1TAdBgNVHQ4E +FgQUB/Ptkir3LGdgqO+GspvMl1z6z1owHwYDVR0jBBgwFoAUXnNBCSdGFxJrYv8u +eCDeelntKYQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MAsGAyoDBAQEAQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAdL96v+tTE4VFcBqrSqAL +deRMSMC12Ll8R8yWMYm8e6+qApneb87WZ5QTF0997kPaodMGn4T8wZgmWo6F+wBj +hUK9g/goGA0XSDCV69Fn613J/CatoMmO12EBcAEhjuwc+hTel1Lywk+8Y1DJpiY1 +QdMEBKHxtFFGSasNva92xv4SNUIVjRcbacdGcNSa9bvulUQ+r1+uQk266GWcTeqK +1MnlbsPUKZN41kjq6JTGJ6Pf5dAHhm0WgWJar0ylsyHyiAPlvluETZYP0M81hSO3 +oUvP/PHKpJHHEkTY5vqqhPgedFnVBFqL8rhrWY0pWSQ1LeLc6Etr9+WS2r1Ps8vd +kw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:7e:4d:0e:76:59:e5:dd:a7:55:bf:98:47:02:50:e5:71:03:33:71 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d0:c9:04:2a:e3:2c:61:f5:b8:fe:95:cf:f0:4f: + 49:3a:13:bf:16:40:fd:16:d5:31:53:5b:2c:16:94: + 96:7b:63:43:b0:04:9f:0c:9f:f9:30:48:94:ad:03: + c7:84:48:a0:9e:eb:7a:a4:d7:09:f7:48:4d:1d:d8: + 05:59:46:52:33:43:a7:6c:c1:66:b4:8e:5a:3e:8a: + 5b:bc:18:09:ff:c3:5b:c2:d7:1f:00:e1:5d:85:b1: + b6:8b:aa:ac:7a:9e:30:37:d8:57:c6:d8:82:f5:23: + 80:16:2b:ff:95:5b:dc:24:61:0b:0f:62:14:e8:dd: + ee:5c:30:86:6d:4e:e9:99:b5:61:d1:94:cf:4c:f9: + c4:92:be:22:59:2d:be:ca:2c:d3:8d:9f:8e:ea:d3: + 88:dc:cd:69:21:18:64:d2:66:23:50:d4:ca:38:76: + 09:3d:f5:cc:42:91:a2:12:f1:f4:cb:86:83:7c:0d: + 87:f7:89:a7:eb:ff:99:19:c6:04:22:b5:05:18:ca: + 04:60:d3:61:b8:b2:b1:64:cf:c4:15:af:a4:62:f6: + a1:c6:cc:f9:f9:3d:3e:25:7c:03:a6:a6:17:d6:43: + 90:7d:d8:04:f6:27:c7:79:cf:c9:96:b4:b3:b7:0e: + 0a:fc:c4:ea:b4:ce:7e:67:e7:21:33:92:cc:11:af: + f2:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 + X509v3 Authority Key Identifier: + keyid:5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 44:c3:bb:ad:70:3c:de:02:bc:50:57:0c:f4:aa:02:d1:40:10: + fc:02:26:1c:39:9e:1e:cf:2e:cd:44:a1:c3:88:9b:53:9f:0f: + 20:83:0e:f4:96:3b:3d:5e:55:6c:ce:71:3d:ad:9c:43:77:ad: + 01:35:89:6d:a0:e7:07:34:7d:d7:d6:bd:a6:ae:33:53:01:0e: + 92:32:70:d8:87:33:ad:94:b5:2e:f9:f9:51:44:9b:bc:33:71: + 6c:ba:28:06:b4:19:63:06:e3:a2:73:bd:6e:b8:1e:55:9f:05: + 20:58:d6:af:d2:39:66:07:ce:df:63:e8:65:47:ee:10:78:aa: + f5:21:a0:99:f9:9c:a0:fc:3a:74:74:f1:76:6c:0f:74:ba:07: + a1:e7:65:05:ff:52:c5:e6:c8:ee:37:fa:36:af:7a:6f:47:a8: + 44:99:73:d3:fd:84:1d:90:e4:27:d7:4b:11:28:bb:91:b3:3a: + c0:ab:6f:5a:da:8f:b8:3b:d6:cf:65:a3:dc:c5:9b:48:97:d0: + e2:7f:20:3c:7f:48:3f:59:1a:31:bb:ce:14:60:12:38:74:dc: + 50:95:84:3b:d2:d7:9f:9f:0b:1e:74:5e:69:71:af:46:d9:9e: + 02:20:5b:a9:a2:8f:be:e1:9f:c2:91:7c:05:b0:8e:48:f8:b7: + ec:26:8c:70 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUKX5NDnZZ5d2nVb+YRwJQ5XEDM3EwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDQyQQq4yxh9bj+lc/wT0k6E78WQP0W1TFTWywWlJZ7Y0OwBJ8Mn/kwSJSt +A8eESKCe63qk1wn3SE0d2AVZRlIzQ6dswWa0jlo+ilu8GAn/w1vC1x8A4V2FsbaL +qqx6njA32FfG2IL1I4AWK/+VW9wkYQsPYhTo3e5cMIZtTumZtWHRlM9M+cSSviJZ +Lb7KLNONn47q04jczWkhGGTSZiNQ1Mo4dgk99cxCkaIS8fTLhoN8DYf3iafr/5kZ +xgQitQUYygRg02G4srFkz8QVr6Ri9qHGzPn5PT4lfAOmphfWQ5B92AT2J8d5z8mW +tLO3Dgr8xOq0zn5n5yEzkswRr/KbAgMBAAGjgcswgcgwHQYDVR0OBBYEFF5zQQkn +RhcSa2L/Lngg3npZ7SmEMB8GA1UdIwQYMBaAFF5zQQknRhcSa2L/Lngg3npZ7SmE +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEARMO7rXA83gK8UFcM9KoC0UAQ/AImHDmeHs8uzUShw4ibU58P +IIMO9JY7PV5VbM5xPa2cQ3etATWJbaDnBzR919a9pq4zUwEOkjJw2IczrZS1Lvn5 +UUSbvDNxbLooBrQZYwbjonO9brgeVZ8FIFjWr9I5ZgfO32PoZUfuEHiq9SGgmfmc +oPw6dHTxdmwPdLoHoedlBf9SxebI7jf6Nq96b0eoRJlz0/2EHZDkJ9dLESi7kbM6 +wKtvWtqPuDvWz2Wj3MWbSJfQ4n8gPH9IP1kaMbvOFGASOHTcUJWEO9LXn58LHnRe +aXGvRtmeAiBbqaKPvuGfwpF8BbCOSPi37CaMcA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/generate-chains.py new file mode 100755 index 0000000000..7450bda677 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate contains an unknown non-critical +extension.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Intermediate that has an unknown non-critical extension. +intermediate.get_extensions().add_property('1.2.3.4', 'DER:01:02:03:04') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Intermediate.key new file mode 100644 index 0000000000..d8700893ed --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyUdhE85clx9AkvGG3ijgTuhwAToZdSNPvXvstkVfql4sWL3t +Fzyt/HROl0hxo84EkA/PeGKJWBhmxbfJooBIV+5kqBeQjOFRbaN5IdBnn4K6iXBu +VDJn4vXXjN74byGGJhGJ53pSqyWk6VMNAVgEoY7Ok1I2M4IXb0zNXJvuQpYvXO/k +wYvbeK2v45+2HL7xHTabY5I3vuonSbd7iXOTLLLLu3TUpsL+CK7ovONAp02X2xQm +a8gC05VKm3sSadM/6YgH10kmb4eFqg++iDyn8J9/IfCWNSZx8fkzP/jIkmTBempr +UqhU3IhcdZOBf0/Mxc9RS4f/Tjzidggt/E3PDwIDAQABAoIBACVxwf2NRmxWxAyS +IiTyNch4NV4FEPdZulvl0gOWpFVtb5KSwqiwAS4V9Qjv0TRH/1FNn6slqadZ4sSl +jD1O4CZ7kv4yZBHRWPSslLxVqPFjwJAQ+nVvayQt2Au87zq9YddzK9SETRzJxAQk +DydQ2Iu1pXiCstKiQPnTr+CqoYiBU2nAtOD3+7Xftef0kRT3xuGgyeIgJLssad3R +Wf2Xc6OkI0pUFH/9yGIrKHYzMqTnMRabFuNHArP8mPZTfx9Pkoswf6uV6tpxlRg8 +25o7gp3SyqpGC4RrdVB7M4xmkPCKgLAm34by1RI7m5zp0G8949cIYskpy8HbBIoA +3RHyYQECgYEA8n6/X5lCVds2izXJmcNLETKPR+DWeyf0jbsM5myi9TMWARS3Cfe8 +8cAVuyC2XZSL90wJUCIDJh70AuBhUxMmPcWpqlK3s779VWNK3Kfw+RjseGlhssLU +oGx/U9zQqgIMl5GRRz/x+ldiPRWrPfbtkZjrHY9jjkwlkHdLHgHMLPMCgYEA1H0C +28yi9Ny4vmMIppBdHd8R601xApE5W4a0KUrPlVfadlurAK/7yxvXcXHvjpPkxud6 +w4JBCoA8OI0mED7Zpt6Y7g/fl00ry0hoacpPG9U76zvnH7MDVfle6U5zbglijXci +uPK/LA0ymSYCMDFn4LMElXdXvVyoUeO/mf+OrHUCgYEAiPEO/du83GNpUABWEyF4 +eQPGal8MgIw1zPw+8rmS5UmuOXoLS/O9ngBNxVlZ40sKJ+Omtrwebx63yhAQpiuA +Qw4nHGqOF1HaGqhyFF469VEf6XgJljv0e4wJ88AVjoyNs+Ke2k/ARRGoBrr/84RI +8RocXJsnK6rQ496aax20wgUCgYAueyok6p668Y14GDHMPcggwKsqzcXqydnCK7U9 +UyAViyI+wc6mV9i8lVqLdmDwz2k8GWbBXbzcjzCdLkMlSppR5l+Ns+s1Laxmy3AL +tDWZ4Qs6aeAlDwOryuD4KDEX4PWt/GGcE32+JSTsW2QfJq+Sd5aJG5IV2i73utou +1bhgAQKBgQCLt/cnb7AtyLVdNH4Oscd3U+i8QOjnxKud7mU+K5VsPS/2wzMOZY6p +hdMo2BwE3QU0K7jBQTfYhabWGWkm5NJ9iPDkHoIHITTII/+J8z9dWxRhIokVxmEa +kOgKdToAqlb3+IOFFxbN5K5m6rZU77ojFPEInUBSUsj+lDCBExuOMQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Root.key new file mode 100644 index 0000000000..e36703a9c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0MkEKuMsYfW4/pXP8E9JOhO/FkD9FtUxU1ssFpSWe2NDsASf +DJ/5MEiUrQPHhEignut6pNcJ90hNHdgFWUZSM0OnbMFmtI5aPopbvBgJ/8Nbwtcf +AOFdhbG2i6qsep4wN9hXxtiC9SOAFiv/lVvcJGELD2IU6N3uXDCGbU7pmbVh0ZTP +TPnEkr4iWS2+yizTjZ+O6tOI3M1pIRhk0mYjUNTKOHYJPfXMQpGiEvH0y4aDfA2H +94mn6/+ZGcYEIrUFGMoEYNNhuLKxZM/EFa+kYvahxsz5+T0+JXwDpqYX1kOQfdgE +9ifHec/JlrSztw4K/MTqtM5+Z+chM5LMEa/ymwIDAQABAoIBAHVq524bLqW05KJA +rJ3QaTVBT7D7QZqqsT/YwXW9gNfJnpKKNsyJ10GBQCQBQR6zHanicqnryc4JGl2T +VIa9lpMAFFOEfPdEK5qKg0bIGi99tchg5S3AkLEUnb30cWXQOvvdLphEwXmNyoYt +nmJoM+k9rlOrbGj+DwRHwgINZDCtnkdg4GFp+Dsvh2PX7tnFoc+VPnd1HCk7vycA +9mKbBSzcP8zEPaEXwXAIRuWYJx4K3Yhya239SSUIx/MFBVUg6Qh8gUYIGZFmBDW/ +LHQYuc5Nr2k87hVk+ehtiF1PVFJcVMZcVZs+mMFjLCJizO7OxAnHx5ulR9si+A9z +olK8a2kCgYEA7HoqVFy1Tmcp9t/CmpbeX/zedSilTO8dgiHScmLuoupE8mk+KGa2 +9kl29aOb+LSKrXVKbq9or4mIkVY7+BGIOWoYqTuj1pmHFrBYnEr2Fr/3A7zKh5Jk +rF1vHEG2UkKUpaogUfIh5tJIRTmqTfqBW7nAfA5l8BNMKxvganF/aT0CgYEA4gWY +ASK4EcEWh+YjaF5BdXQE8IYKSRTTvyo5m8+UV4aQpOWarAz5pwAWL+X0jTMGHmRk +LcaevHtttY/lz+bfpBa6ykC+cQCR93zzxmH0JDa17L34z5V3LIJovDo6rzTstLNp +fX6dQObnK6Qt+K1HJQtT05jIF2qHATd9W+SWGLcCgYEA02C7957K/eMfUqpe1Dop +Wlm5K7aCU4ulr821xEOEliGcMac7RXfS8cFnUVjGsYAIOdaPCvNGOypP5cHUZwCc +6N1aX+OMpuWjJ/fHrSUgZeN/1FpsGtUTojL+f56Jb2xOXOr+auFpxl6O9Tn/biaO +fMREN1/TZM6LFjmb1unO/u0CgYB+1rjI2l0FyaAFP8dbCJofea5T9ETNYly6CM4v +fDw5KhD+GMPGDboEV+4bjybAHoQuhhQaBD6Mc4/Ltic3ls6mXQMSAWdeLv27L2n2 +SH4j3HgXlTyN8cjhN4XjK6JHNKIpfg2TGXzSMUJFoWsTBNrKFSNDuZeAXI3KxwMY +kJ0S3QKBgQDE/XspOkVAYDtFxO226HVCMG4ko8a9yn58aoVF3e5TmFMixZ2xHc9C +ZWFtvnCzesP6YjKtMax4mlJdXvnxoZltiXzrZDo3CMl/zYe6C48TPq/qKvjnRlp4 +4MO1VSnJ4GU7niW9L8gojrfhOMDgt6oHtSsrO52uVXGI7kJ/KKeHMw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Target.key new file mode 100644 index 0000000000..f37e280137 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwUW3xypX2/DGRDivabWKM5y/ur8Zj6SWX2F0DDyVwCQKqVXJ +O6Mck7PY2ECST8nAnFFBu+7r74NL0qUv2nSQvEU6Ynta4g6es4PCjmcCok9Lilsz +GRY+D/YB9rbCbBePY9KRPmotCMh8UfgkL9z3dCQOtpuFyCuCgQ8EX9ZTHlMvfhwW +/Dp3839RGhbgeqQFidNKnZED26VtbmDL+UBTD134tHAjWsf/v0Uc8SGMSpsR94zf +n4qUvisW8ZsHkA3/KBwOTCE2ThiGUC0kwNPO9WailigBVrqX2fn+xgyvLzTDt+Gz +ioU9Uu/8YRCXFzWV+8jirkkftIqncHa3x99rcQIDAQABAoIBAQCEf4hDOQsslD9I +S9gtzzAkvARRQWuDp2ETmJrXPL2pEMxiVJZ1lRglRjmV34auvnCWebpn3Z7P/6H+ +khJhYGJNP+SL2Wdv7HfuN5ksyP/sSBJQkr9QJoh7prqn6ZkWQ3yhAZ1jPaUMDW31 +P/mG+qSGcaXImIw5s2Jvmdz02tj2wv0IDaxPaKlh2j2gRh5221Wf0oXsUE0IeH/x +kloJ8krzcadxiNcl8gh1S2lYPByNtRhZtT832Ah33mN6NgimMUM2Eyloiu3dDsQB +iEegOU5VOOesa/RgChueNkvdkClH6buYXWKf/SoL7tDkhhDWCdpz/jorPpH7H2uh +PsYJg0wBAoGBAOzeuRU50mYS9aqwBBlpC/66dMEj1u19zmQtdpT6P0U8AI01MlTD +Qr5Z1x74SOXLF/wCG4oV63EgBEV/7tnsz0MphN6WUojg9L1MtOpgaphGnIZn8kbn +2H3Y1OdSNmInGm5m5rhOEzoSGGx0MX6XZXoN/zNg2PFNYZ7FqDdldFhBAoGBANDh +nWh2lE28cCY56pSgI4rIjcSnk5LMUxOcpilddi+WSqbYVmmJF6vqi1OqGs3QgmhL +Usyz12vGuh+ZMiLeDalzoOpkN6z3Af2gRg02XGyk9ZRtOwRc92EhF+gBzijWmvXB +s58H6YCyfiKO6ecL+hDDC05rNJX7Ey8UGeTsAMcxAoGBAIHDlkORlLkEw/8JRIWj +LcYT4ah5eOJMXIg2+9KrsYO9VlQFg5g6DFN5pkc6H7174JzXjry8O2qS7qQgbPqI +KBeUJE1Irth73Lfj0OzheyQG8vMS+QBtPQXchu5e9Joa7/jxeI4Zf6D9jtHDaeX/ +DMGr71X3RYIUMVmo0PngI7fBAoGAecVtfH7UilT2lHJjHO4WikvMyf5fe87+B4rl +G2xPAAL/1jB8f93aHPEI9GdQZPfPbnmq9YdKaJxb2Rv4LHeDQ2wTPVHbW0xMrs0G +yaENVJD+Ud8z7qE73jXqt+iFhS1G/UpFKsr0B4EHI6JpHbbPu4HZT4gUCfNrBaEU +T25+LaECgYATmFhygnGkLyHqlzIj1vPxJQFcVAEDX1CCqvLjraRbBbE/Ue0VbOHY +pybCl7kWhmTGW+UlASf4o8/Sn57UTzGipjH0HgD/R9ei7EW1f6v7Y9Iwh3xxCsTa +/IrnRYTPUkfMkz9fxTzPV6ctPCtYIj0aXr1DFbkWDJVsQOSnoqvTgQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/chain.pem b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/chain.pem new file mode 100644 index 0000000000..4b2b4a4234 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate was signed by a different +certificate with a different key. The intermediate lacks an +authorityKeyIdentifier extension as some verifiers will not try verifying with +the bogus root if the authorityKeyIdentifier does not match the root's +subjectKeyIdentifier. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 79:09:02:a5:7e:5f:ed:29:b0:9c:e2:2b:f0:ed:48:a5:f4:32:81:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ab:12:e3:ca:56:56:53:39:63:22:cd:90:66:ef: + 33:38:2d:22:ef:23:1b:4c:81:d0:2e:d0:8e:f8:63: + f4:36:e4:45:45:5c:98:6d:46:f1:d4:98:49:15:44: + 6d:81:cd:55:14:95:f8:b0:80:e6:26:4e:ff:04:c7: + d7:71:ab:01:0c:0b:f1:7b:18:80:a2:e2:9c:29:0e: + 7d:d5:c0:a7:b5:4a:04:42:5e:d5:4d:9c:68:ed:b4: + 04:f2:3e:e3:ce:1e:89:2c:06:13:f3:85:ec:63:01: + a5:de:7c:01:ed:fd:35:60:d2:66:ac:d7:9b:3a:81: + 07:7c:90:7f:ae:e2:ac:b3:41:1c:58:7b:21:c6:7d: + 22:dc:e9:16:5c:53:a5:bc:4d:09:51:8b:6c:c8:93: + 9a:65:cc:16:20:01:3c:cf:99:8e:9e:17:57:0b:d7: + 9a:30:6f:db:ed:64:85:d1:ad:8b:a3:ad:f1:c0:6f: + de:3e:83:9a:33:fb:1c:d3:ed:a6:46:1c:3c:c0:41: + 95:7c:da:5b:a2:73:eb:99:58:4d:dd:ee:76:4a:d6: + 9c:0d:66:46:72:79:f0:95:94:aa:08:18:0e:12:b1: + 03:73:9c:a4:52:b2:54:c8:e4:cb:27:6b:aa:24:07: + 14:98:76:12:7d:01:5f:df:a7:e8:34:2a:46:61:b6: + 11:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:80:B5:C8:C1:DB:F2:5A:84:C6:36:8C:08:04:72:6B:FC:78:48:55 + X509v3 Authority Key Identifier: + keyid:9C:50:7F:A1:0F:62:41:B6:41:8A:7E:5C:6E:73:B4:3E:44:FE:E6:C2 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example + Signature Algorithm: sha256WithRSAEncryption + 8c:ed:0b:9b:5a:c2:d1:7e:0f:6f:a0:c0:0d:1f:08:e7:ee:b6: + b1:1a:f3:85:3b:97:2c:00:57:13:f0:37:64:53:eb:98:07:4e: + fd:62:53:d4:94:6c:28:16:1d:4e:a5:61:ff:6c:f2:a5:04:d0: + 2f:3b:e9:64:8d:cc:93:6a:47:44:e5:3a:cc:7f:ee:00:e3:6d: + 40:70:ed:b5:21:88:1f:c5:b3:d9:3b:8b:7a:87:23:17:1e:c5: + df:ae:e6:e7:b8:51:7f:a3:d5:41:ef:be:f9:fa:df:39:19:85: + 4e:3c:fc:a5:43:84:6f:ae:49:cd:4f:73:db:29:fe:94:1a:f0: + 11:b9:41:12:c3:3c:91:7f:c2:34:3f:9b:dc:69:c7:80:fa:af: + ba:f7:25:72:c8:d1:d2:5d:87:42:86:d0:03:49:76:bd:e4:1f: + 11:90:43:02:b4:7b:b4:23:c1:b1:ff:c5:83:4d:95:80:7f:fd: + bd:df:d6:5b:af:f9:3c:5b:c5:95:aa:79:ac:e6:11:fd:7f:5a: + ad:54:29:ac:9b:23:61:b5:3a:89:18:cf:55:84:30:87:1b:14: + 39:9b:19:5f:bd:38:43:da:6e:f1:54:33:13:d9:87:5b:45:b4: + 69:e6:89:85:e7:69:4b:d1:aa:12:1a:bd:ab:cd:ff:de:86:e6: + ec:14:bf:0f +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIUeQkCpX5f7SmwnOIr8O1IpfQygWQwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAqxLjylZWUzljIs2QZu8zOC0i7yMbTIHQLtCO+GP0NuRF +RVyYbUbx1JhJFURtgc1VFJX4sIDmJk7/BMfXcasBDAvxexiAouKcKQ591cCntUoE +Ql7VTZxo7bQE8j7jzh6JLAYT84XsYwGl3nwB7f01YNJmrNebOoEHfJB/ruKss0Ec +WHshxn0i3OkWXFOlvE0JUYtsyJOaZcwWIAE8z5mOnhdXC9eaMG/b7WSF0a2Lo63x +wG/ePoOaM/sc0+2mRhw8wEGVfNpbonPrmVhN3e52StacDWZGcnnwlZSqCBgOErED +c5ykUrJUyOTLJ2uqJAcUmHYSfQFf36foNCpGYbYR9QIDAQABo4IBAjCB/zAdBgNV +HQ4EFgQUO4C1yMHb8lqExjaMCARya/x4SFUwHwYDVR0jBBgwFoAUnFB/oQ9iQbZB +in5cbnO0PkT+5sIwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNodHRwOi8v +dXJsLWZvci1haWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmgJ6AlhiNo +dHRwOi8vdXJsLWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBcGA1UdEQQQMA6CDHRl +c3QuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEAjO0Lm1rC0X4Pb6DADR8I5+62 +sRrzhTuXLABXE/A3ZFPrmAdO/WJT1JRsKBYdTqVh/2zypQTQLzvpZI3Mk2pHROU6 +zH/uAONtQHDttSGIH8Wz2TuLeocjFx7F367m57hRf6PVQe+++frfORmFTjz8pUOE +b65JzU9z2yn+lBrwEblBEsM8kX/CND+b3GnHgPqvuvclcsjR0l2HQobQA0l2veQf +EZBDArR7tCPBsf/Fg02VgH/9vd/WW6/5PFvFlap5rOYR/X9arVQprJsjYbU6iRjP +VYQwhxsUOZsZX704Q9pu8VQzE9mHW0W0aeaJhedpS9GqEhq9q83/3obm7BS/Dw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:e9:3f:62:d9:75:26:c4:22:75:a1:77:c9:f1:44:79:41:3f:cb:10 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b1:5a:2a:19:91:cd:d4:28:05:9d:4e:95:4e:47: + cf:79:0a:12:27:4f:0c:29:93:3f:2a:9c:3a:b3:a3: + 07:43:a3:40:06:07:37:7c:1f:d8:6c:6a:af:38:06: + a8:3c:31:cf:c6:46:1e:ba:b8:70:95:5f:85:49:59: + 41:78:3b:f9:c2:03:d2:a1:9d:5a:82:f5:c7:ae:74: + 53:ec:d1:ae:07:26:0c:bd:67:47:bb:05:fd:d5:a6: + 24:d4:c0:39:db:3b:ff:1e:f0:8f:0d:bf:f2:0d:00: + e5:7d:63:13:2d:d0:9b:3f:96:46:5d:c9:06:34:40: + 15:94:a3:29:9f:fe:7d:ec:95:9f:e9:e5:c6:97:f6: + 10:3f:ea:09:40:84:ba:59:64:d6:83:06:bc:ec:ea: + 3f:7c:99:f3:b4:c7:13:9d:1a:74:bc:f5:4f:b5:d7: + c0:fc:0f:78:f9:87:fb:9a:f1:44:00:91:d2:d9:5d: + 12:67:a0:cd:75:a4:eb:c2:47:86:b8:bd:d5:4c:7e: + 6b:48:8e:a9:7d:0c:3f:4e:a0:2e:a1:fc:67:63:40: + fa:c4:56:b0:a3:ee:8a:73:55:69:fa:ec:5f:39:57: + 74:65:1d:ef:66:9e:ad:76:84:e3:a7:ec:7e:d8:c2: + fb:8b:16:0e:1e:65:79:1d:c7:8e:d9:df:1e:31:49: + 1e:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9C:50:7F:A1:0F:62:41:B6:41:8A:7E:5C:6E:73:B4:3E:44:FE:E6:C2 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7e:f8:bb:44:37:c0:8a:7d:19:4d:c1:36:97:e9:13:ee:87:62: + f7:39:10:53:39:e1:76:fa:89:44:b0:1a:8d:36:5e:79:45:48: + 8e:a8:a6:57:fe:cc:78:1f:91:a9:59:9c:64:ac:79:91:b0:f2: + b9:bd:1c:be:89:df:0c:c7:ee:71:bf:9b:29:38:8e:50:f8:9e: + 6a:16:6d:c5:69:f8:be:9f:3b:0c:15:1d:1e:be:b6:68:88:c6: + 03:c9:1f:e0:ed:9b:98:56:fe:d5:a3:0c:6b:76:bb:3e:9d:5d: + 29:cc:6a:50:ad:e8:6f:38:e7:ab:17:83:86:02:dc:d6:7d:de: + 93:e1:30:dc:00:60:6a:94:11:40:3d:52:ef:ad:55:59:94:5a: + dc:46:1d:3c:ad:ff:d8:fd:ad:09:ee:dd:88:84:48:5b:a0:18: + a8:a4:c8:29:85:1a:c1:5a:36:a9:64:1c:f3:66:0c:f5:ae:46: + a6:6e:3f:e7:c2:2a:50:9c:5f:46:dc:be:5d:fb:5b:a9:d4:85: + 6e:bc:92:28:dd:36:2c:11:df:80:2f:54:d7:5b:32:38:1b:e5: + 73:27:25:08:6a:c9:91:8c:9a:d1:0a:20:a0:30:72:e3:77:7d: + 4d:08:c7:57:9a:c6:1b:ea:0e:86:80:42:38:25:69:12:e9:98: + 48:e0:ef:06 +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIUcOk/Ytl1JsQidaF3yfFEeUE/yxAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALFaKhmRzdQoBZ1OlU5Hz3kKEidPDCmTPyqcOrOjB0OjQAYH +N3wf2GxqrzgGqDwxz8ZGHrq4cJVfhUlZQXg7+cID0qGdWoL1x650U+zRrgcmDL1n +R7sF/dWmJNTAOds7/x7wjw2/8g0A5X1jEy3Qmz+WRl3JBjRAFZSjKZ/+feyVn+nl +xpf2ED/qCUCEullk1oMGvOzqP3yZ87THE50adLz1T7XXwPwPePmH+5rxRACR0tld +EmegzXWk68JHhri91Ux+a0iOqX0MP06gLqH8Z2NA+sRWsKPuinNVafrsXzlXdGUd +72aerXaE46fsftjC+4sWDh5leR3HjtnfHjFJHoUCAwEAAaOBqjCBpzAdBgNVHQ4E +FgQUnFB/oQ9iQbZBin5cbnO0PkT+5sIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUF +BzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+g +HYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB++LtEN8CKfRlNwTaX +6RPuh2L3ORBTOeF2+olEsBqNNl55RUiOqKZX/sx4H5GpWZxkrHmRsPK5vRy+id8M +x+5xv5spOI5Q+J5qFm3Fafi+nzsMFR0evrZoiMYDyR/g7ZuYVv7Vowxrdrs+nV0p +zGpQrehvOOerF4OGAtzWfd6T4TDcAGBqlBFAPVLvrVVZlFrcRh08rf/Y/a0J7t2I +hEhboBiopMgphRrBWjapZBzzZgz1rkambj/nwipQnF9G3L5d+1up1IVuvJIo3TYs +Ed+AL1TXWzI4G+VzJyUIasmRjJrRCiCgMHLjd31NCMdXmsYb6g6GgEI4JWkS6ZhI +4O8G +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:e9:3f:62:d9:75:26:c4:22:75:a1:77:c9:f1:44:79:41:3f:cb:11 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9c:03:e4:44:d9:35:7b:d7:f5:f0:78:21:45:10: + 23:6f:06:36:12:ff:a2:76:ef:19:ec:6f:a5:07:40: + 3c:81:11:8d:0b:5a:6b:1f:fe:73:80:3e:62:0b:00: + de:05:eb:a6:e8:e6:70:33:d1:16:6c:56:d7:0e:a5: + a7:52:9b:9c:9b:33:ab:7e:98:d6:1f:42:36:65:d4: + 54:bf:85:fd:ba:23:40:84:c6:0f:48:e6:0a:14:2c: + 6e:12:b2:ce:c4:2b:47:aa:61:5c:ba:37:c3:c1:7b: + 39:04:1f:2d:5a:6a:b1:35:33:d9:02:66:92:36:0e: + 30:50:d6:57:4a:e0:07:d9:4c:39:f3:2f:8d:e3:e6: + 2b:ce:ab:37:6b:24:d6:99:fa:25:b2:f5:dc:6c:bd: + 85:a2:e5:bb:41:a6:a5:44:8c:12:3f:a8:89:90:8b: + 51:bf:25:40:f7:fa:f9:f3:4f:d7:0c:43:c8:ea:bf: + 4e:1f:08:90:e6:6e:cc:3f:ab:83:41:52:d4:96:9b: + df:18:90:f0:dc:51:05:10:e0:44:9e:9f:5a:f3:f5: + 9b:81:41:fe:64:40:00:54:db:22:c4:b1:dd:7b:1a: + c9:f9:54:21:fc:15:13:c2:b6:c5:8c:45:c8:f6:44: + c8:32:6e:9c:23:cd:2a:61:92:b1:11:b6:35:a2:e4: + e8:2b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A4:09:C4:04:3B:00:F6:3C:A0:27:CB:BE:2F:C5:65:78:EE:43:F1:56 + X509v3 Authority Key Identifier: + keyid:A4:09:C4:04:3B:00:F6:3C:A0:27:CB:BE:2F:C5:65:78:EE:43:F1:56 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 88:08:7b:8f:39:fe:18:2d:2a:ef:32:b8:63:40:62:49:72:b8: + 49:a2:9a:15:e9:4f:33:43:b4:1a:98:39:b6:e4:33:37:8f:3a: + 96:b5:12:c2:91:ef:32:a7:c0:64:b8:b9:38:90:ba:b5:5f:12: + 04:0c:d3:bf:e0:74:c2:5f:60:bf:54:2e:cd:26:2a:dd:3c:fd: + c1:55:96:4c:df:6b:26:23:41:26:a0:48:97:82:d4:b3:27:57: + ad:74:dd:ea:5a:20:cf:01:e7:6f:9c:34:a2:79:c4:6c:1a:9d: + f6:da:21:4b:1e:9e:70:9d:5b:1e:30:3f:7a:b0:5b:7b:bc:05: + 73:46:50:ee:97:44:3c:70:7a:e3:08:d0:c8:d6:57:96:32:19: + d4:91:d3:68:fd:21:b6:e8:e5:b1:01:db:27:6e:f5:1e:6c:d9: + e4:7f:49:f4:57:90:ad:d4:bd:f9:5d:2d:35:ca:a7:f1:66:f2: + f7:06:20:a5:09:4d:63:9e:d0:1e:77:84:ab:e9:06:51:6b:bd: + 33:d1:78:78:f1:6c:3b:3e:39:29:01:30:09:48:35:23:40:7e: + 4f:17:03:9b:3c:2c:8e:3b:cc:a1:3a:82:08:2f:b2:8b:f6:b6: + 1d:f2:22:41:12:c2:c1:04:c5:29:1e:4d:1a:11:0d:68:9b:0f: + 78:10:11:14 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcOk/Ytl1JsQidaF3yfFEeUE/yxEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcA+RE2TV71/XweCFFECNvBjYS/6J27xnsb6UHQDyBEY0LWmsf/nOAPmIL +AN4F66bo5nAz0RZsVtcOpadSm5ybM6t+mNYfQjZl1FS/hf26I0CExg9I5goULG4S +ss7EK0eqYVy6N8PBezkEHy1aarE1M9kCZpI2DjBQ1ldK4AfZTDnzL43j5ivOqzdr +JNaZ+iWy9dxsvYWi5btBpqVEjBI/qImQi1G/JUD3+vnzT9cMQ8jqv04fCJDmbsw/ +q4NBUtSWm98YkPDcUQUQ4ESen1rz9ZuBQf5kQABU2yLEsd17Gsn5VCH8FRPCtsWM +Rcj2RMgybpwjzSphkrERtjWi5OgrAgMBAAGjgcswgcgwHQYDVR0OBBYEFKQJxAQ7 +APY8oCfLvi/FZXjuQ/FWMB8GA1UdIwQYMBaAFKQJxAQ7APY8oCfLvi/FZXjuQ/FW +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAiAh7jzn+GC0q7zK4Y0BiSXK4SaKaFelPM0O0Gpg5tuQzN486 +lrUSwpHvMqfAZLi5OJC6tV8SBAzTv+B0wl9gv1QuzSYq3Tz9wVWWTN9rJiNBJqBI +l4LUsydXrXTd6logzwHnb5w0onnEbBqd9tohSx6ecJ1bHjA/erBbe7wFc0ZQ7pdE +PHB64wjQyNZXljIZ1JHTaP0htujlsQHbJ271HmzZ5H9J9FeQrdS9+V0tNcqn8Wby +9wYgpQlNY57QHneEq+kGUWu9M9F4ePFsOz45KQEwCUg1I0B+TxcDmzwsjjvMoTqC +CC+yi/a2HfIiQRLCwQTFKR5NGhENaJsPeBARFA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/generate-chains.py new file mode 100755 index 0000000000..7cb5552988 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/generate-chains.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python +# Copyright 2019 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate was signed by a different +certificate with a different key. The intermediate lacks an +authorityKeyIdentifier extension as some verifiers will not try verifying with +the bogus root if the authorityKeyIdentifier does not match the root's +subjectKeyIdentifier. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate, which actually signed the intermediate. +root = gencerts.create_self_signed_root_certificate('Root') +section = root.config.get_section('signing_ca_ext') +# Don't include authorityKeyIdentifier extension in the intermediate issued by +# the real root, otherwise the verifier might not even try to validate the +# signature against the bogus root. +section.remove_property('authorityKeyIdentifier') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +# TODO(eroman): Set subjectAltName by default rather than specifically in +# this test. +target.get_extensions().set_property('subjectAltName', 'DNS:test.example') + +# Self-signed root certificate that has nothing to do with this chain, but will +# be saved as its root certificate. +bogus_root = gencerts.create_self_signed_root_certificate('Root') + +chain = [target, intermediate, bogus_root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Intermediate.key new file mode 100644 index 0000000000..85b874083c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAsVoqGZHN1CgFnU6VTkfPeQoSJ08MKZM/Kpw6s6MHQ6NABgc3 +fB/YbGqvOAaoPDHPxkYeurhwlV+FSVlBeDv5wgPSoZ1agvXHrnRT7NGuByYMvWdH +uwX91aYk1MA52zv/HvCPDb/yDQDlfWMTLdCbP5ZGXckGNEAVlKMpn/597JWf6eXG +l/YQP+oJQIS6WWTWgwa87Oo/fJnztMcTnRp0vPVPtdfA/A94+Yf7mvFEAJHS2V0S +Z6DNdaTrwkeGuL3VTH5rSI6pfQw/TqAuofxnY0D6xFawo+6Kc1Vp+uxfOVd0ZR3v +Zp6tdoTjp+x+2ML7ixYOHmV5HceO2d8eMUkehQIDAQABAoIBAQCSrOgul3hsIuFp +1QkEYb2D9EFJQ0XiyIWwPt8JnCYw2T3k/mjz/f5mw+C/7DmM9wFIkMtvT4TE9Oft +3qSXxLptq+2yfcnSj2SislCKhmtwPBbDOjyHv4/L94l0broqx7baJseY7otIF9q0 +VZESDfmnoCf3/n5kDjAK6tpNGROZ6lB3hmon+EoTHy2YbXT05snQyOCxvwYtb6Nz +UQs2h7/9PzKPwk/YGDSsyAos6fhJuotRbnbEt2OTswIaKa6ze9UwBW+93/7Ayn4l +HZr9RLX2UZUt2emkk2BQ1tu7F6QsH+KyyUnAgh7tGQ6Etrx3acQPtFeV1wfqFADe +5l5r3BBNAoGBANo5XcVrP/fUOZRA/OEJh5ItByEidAzd+cVe9V/73PPtElUIs3uw +N7c3A0eAotXoMKJQfcY8twOfgMROdiyLAWR6lqHaxUEda1E91OGyvNqBGNl7ueRb +LNNu3W7EEI9rQuitEQb8S/f/8hfg3FgRZnlnQQtkPrcgZ5qSSmOOb0RDAoGBANAN +jfFvbbZ3EPFtTScAZMVhIK/zep0/XXsnJbNZNR8wZ03dlUAkMQ8KTWQLoEgOa1bl +cn04tXbAPyI8u4qV5ez/SsMDabkURjBbZJXhMFYACtbfeERIgZukGLP5oDayB3Vv +xtUgfIycjWxAtPXoUr0WZvgW+QZKdQnkrBHDYImXAoGBAJ52C56Ae6nVZJ4/9qDe +j6BYrBWmdAin42grxRgWxuIloys2L0bAtiSHgQ0Z3qRff3lN45bgnbC20QU7SFqd +8bvpvJn5R0U6PKR4tq3RYYt1NPsv+dNVVZ6OoaJ+ItxR8fsNOREOgYerRjuKn9Yf +hH7huHyyJUxK7pBybCwQ0MELAoGAUoht/I7liPKmx/9CEey4DQzAuMvvoh2W6dnX +vNPwnNTIxjzWjkFNLNg7ZyqthKgjsK8IweATLG6LHPvWsd1Q/rkvYTkjYYZHabt3 +pXVVhWgy5JZ10TCqKaHpIswt4ESzbMTQrY9bmTQpbf4lSz/EQrp2UohadUJoN2p9 +T/affzUCgYEAr7XL17DF9PRLWhGtNnJZfa7ZXPfBPhqY44SqUPZ/QJ2fnFKubA6i +lAGnCgvv1Z0TrKWfo53fR/vTg97QvXPf6zsPDOqCiLzNt8iP5K1DkFBk7vbROIgV +164d3hI9dkwiEbYJ5Sz0hQBu0oy2yZCatWh8l6Zb7lW4+EPw6uP9OtQ= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root.key new file mode 100644 index 0000000000..58910d2378 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAy7BlIMUWRBfF8WlFxYaV4xVRLZKYiYrZGBleujEql+umCKbb +i6ESttgcfxWAP8pOwmcIsepWEtizODX6pjyHc5Lj/NUslYOD9ypdVj/AKD56mqP/ +9RKBwJ7e9mIIZ1uenHkKf/RP/Ly36UvNPlIdSb/3gP+BEIMPUzN4Dkm4eenIeZ5o +dLNqS5w0/KaCdTmPH8BcIm+umf0u8Nt+JQ4tl4/DCFoCJuOjzhEZ6R63qmBkdu1S +EiueTmwx6Ng2Zb0Z7fbJcA77M663yQ8Jl85Fjs7IpL5TgcWZUdrS8o91x+B2iWR/ +LNi20syI8ZdMbfDpDaCIR1XDHVAdyM7F5XmxiwIDAQABAoIBACL7BTMOhddl2cmu +0ZutlFouVAWmkmm0nbnkyX7iaLU0dAwyU6v0GpmqHaK5l4/c94+tUDH105hi/Mxf +gM9Bv+VaSasnFQQMVQKClQr14dNHf5jFJ3T4G65v2kyn41eUxXWL2ADHfWEjK9Z1 +/SaBxaPfwuq1dn3WdDBOu4SAppzQ+YzZOzoeaVzu8f2h7UqB2QRWWnkI0gsrnIJ+ +zY8pHK7TWU4VO27KTUdbyJmUKDvbZHfH4sQzzHhWAM2QQ6pMhWzlLEOM/yaMl3vx +ToVw9Gkm1PHD96rQ1dezBTWhOwPLjtZUVUD7EoA3hCud/bpnwA5+5XyoH4s4fIpl +d7Q8x7ECgYEA/cvyxRrb4qze2HzSMkWmC/4S885Z2lIZ/eC6x2NONrvHOlrdEwu5 +fpqx/mx1je7GnLRzFAalGEk0+tLlGOOa9MhGsR9YUSYNTlrIKTcYLh/xqnluMGQQ +4FMucOrgd71wzeHx1ACjwNCTI0b0WE6YX6671o7CzvEs9OacpPB5MBMCgYEAzXUV +ssmB7X00tVpHSw7pHTpNYW2CDN8nDHC+SwkE0X0606jbxVJ80s04ZUPTUIlGBjEm +GDHQ4sXzKFtGuOpH0V3DuH64vauO2c3KLOYxiNEStDUSpXmhsUWemexsrLmncGJp +YA9hh/WrF8Km7RuazmuWG+39PRv28q8QWXaj16kCgYEAoMQSUn0DEIGE4AmhdKrd +1fbptnrePAeJ42H5rtfe8ZjdSL/KDoh8xg/j9FBr3q6ELTu5MdRLvCiTYNc6vBth +SvGaphQ+85hxEVM8O69kp8MgaGZnQEwCzLakUm7WJcNgs2oOr8Z/9GGq8su9eDrB +FssuvWjNSh1H5xI1491YRvUCgYEAg3Zdke6Z8inhJgFECOTbiFYb2TFGu5G13KHv +QPfeW2Tz1ScAqHulXwTtBu6lMa0EX0XniCen7tKWScZNtFhD59VFPLHo54P0fazN +pnkMTOzqOOCUs8jmCxXu67J5vvN0DdcKceqlj2dEOInWYXT+UwJIJErddNKF6rbV +kUj2gTECgYEA3S8LNC9fR9MB6H4zJ1O+2BvUsWW2GMQ/vKZwBS/bgZ5OsXQIESNR +oQKWgARDPTHLGPWPuW6Dj/XfpW9dYQLYKPKZdMRQJSLE3qh1BFB+uqRPgwSQHlbj +IevOSMecTK0Cg0iUvVcK4YC2YchlQECepbZeQe7oaL2mU1734/PSfJg= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root_1.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root_1.key new file mode 100644 index 0000000000..976d3aaed8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Root_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnAPkRNk1e9f18HghRRAjbwY2Ev+idu8Z7G+lB0A8gRGNC1pr +H/5zgD5iCwDeBeum6OZwM9EWbFbXDqWnUpucmzOrfpjWH0I2ZdRUv4X9uiNAhMYP +SOYKFCxuErLOxCtHqmFcujfDwXs5BB8tWmqxNTPZAmaSNg4wUNZXSuAH2Uw58y+N +4+Yrzqs3ayTWmfolsvXcbL2FouW7QaalRIwSP6iJkItRvyVA9/r580/XDEPI6r9O +HwiQ5m7MP6uDQVLUlpvfGJDw3FEFEOBEnp9a8/WbgUH+ZEAAVNsixLHdexrJ+VQh +/BUTwrbFjEXI9kTIMm6cI80qYZKxEbY1ouToKwIDAQABAoIBAQCXxBFiCAnHFyXf +bnyuuiw97ETd5l8cYytMnK5kh1BUHcaerK5YySWCMy0clxNjnwEWvlOXlGXDrhY1 +4V8LNOT69SB2Xias8bQJCqwGQ0m2sGQqxKBJwb08MpxBBD+vBIsKavvRCj4bEMs9 +/zYXJoKLxovrkevZOaQ2fssbwyLfdYpwdxhhxZNlmioC+nuRf9iEzMs6Rqhi1nir +rfqr6TE8MXxqPdi1xYkKXqH2Gma8kbWNxpKBgt1rLlgB9Lb4PLsSjYdMD/f9sn5T +2Ct39psoVjhklSHRqFKXuv4bA14wIzyX406gGIjsSWj0f9ui+5BbohM25rpQ6fSQ +K+6bjKSBAoGBAMpaa7jWq2LCbQCFF/KLCGB+5/d3JN26kBgsbsNJmOyrQbaLiph2 +yrOjXazzH5Hvd8trE+HMt/RlVYI7Y1LZxzLzvqkpN+ICRMiRTSDFCUpFosyH/nvl +7mvQOF4YpVlJR8MCcNbexNo2R5jx/Sy9zKwkhushppGFUe4RFu02Lq6TAoGBAMVg +inyTzqproWJf4WZvh24gmP5G9cYprih0gUL9FiyHcc709rBm2M5Z0ec+VPgEkrxi +a3ZP2hOIiVvP/xonieIlIGAj39YIbPJtC4NjOzRgIH+lp1OxY1Pym4yGx1C/zw6Q +u39FYEA2CsvaJNKxOnMEvWNcDzSiJ55Ox3GDkkcJAoGAQA8N6Q70ZKheL3ry0NKY +zUt/jcTHA/aKpUxzqBkFc27nt61HK+r3UpUWE6lHxkBD8T6tpZ7UYWcvAbJhSBov +SH8HTbABw+ep9MCi5QvbXArdddhbhMeOicz5+zfcKH7dW+vK4wrU0Ku8ULvSxTY0 +tA5AM/GMNKc6/52jX2b2skcCgYEAsPOrVKKi3pCd3/c7ub11elsJLrZpc548gBJr +LKZ/sa5Abx2Y6G9cIivOjnWIcc6Pywqlcy2FwotfMgvYlhcqe69zRh4Dd/yXyAPR +FZrqIjuoByh5SgQ3m7Rele7jVFaSCGnjXufQseCBb18EMkwnraRrMl//Vd2mjTvt +fKxLgRkCgYBmcsbLDJdap1zsJgO9feEz1nrmA1u5GXTCBlHyE8rieMpzJTjg2DzZ +MiA527T1iPYELt8g7mT0+9SB7mzShi1Anko6p9xjbtj2xg0jydGZXN97kWYTtEEi +N8pFNw9+Rz3r5CKXX6W7SU7YdMfuldc1u02+ZQG9c/UeMfcU4mfT7A== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Target.key new file mode 100644 index 0000000000..dfa711e7b6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqxLjylZWUzljIs2QZu8zOC0i7yMbTIHQLtCO+GP0NuRFRVyY +bUbx1JhJFURtgc1VFJX4sIDmJk7/BMfXcasBDAvxexiAouKcKQ591cCntUoEQl7V +TZxo7bQE8j7jzh6JLAYT84XsYwGl3nwB7f01YNJmrNebOoEHfJB/ruKss0EcWHsh +xn0i3OkWXFOlvE0JUYtsyJOaZcwWIAE8z5mOnhdXC9eaMG/b7WSF0a2Lo63xwG/e +PoOaM/sc0+2mRhw8wEGVfNpbonPrmVhN3e52StacDWZGcnnwlZSqCBgOErEDc5yk +UrJUyOTLJ2uqJAcUmHYSfQFf36foNCpGYbYR9QIDAQABAoIBAQCVzK2woNdoesjn +Uc+Pgwd7unJrqnceEFHmnHOE56mSY2KQ8Rr8HXJnMY5VVBz723wT0Zr5m3VsuCGw +4vkxrIb3MIIcwwDpILuTbAAeK1vvcEe4gmgPVNXAx7DJGu7Jr414Aj54MJ4kt+2x +my7pYZ7bEIId+ZIQsamHltRnpE+LihqjArW6a16wXEZAYom3dKZPtueBOI3ubEhp +qqYd4zRu+ix3/bCXda4To4yzaQ5HxkOgwl1bRE8nfroszopoJQi3p+dqq41HZbnJ +c/HMtip4Bkxl2LqzgxnC3nK4ELPnqT5y5yS7foCqR9m8vTlXIbOJUIy1mWzVMUF1 +kEt9QB8BAoGBANUlWS4pLljU/idO3zNx51Jkdisy8xoA0b/HAwTX5fQJydz8/IuX +BOCQwQdgnJfF4d1yt4RXkmQ/d+pbmQiO+HYW8dSwL1s8PmA172V6n+91yoH62BkZ +9TzmdIQx7NuMkkO3Rw9aMgkgYtS7EPcVRfJrlgYy7nXVG/rgA2J1c1i1AoGBAM14 +FXZPf+YxrT7EQZiB7OwYLLzTikNYuQQ3rItShBbDHPCUfKbpuPhZbIm+8SN4SBZT +BQ55RYC4q2RGKNuV6IIyPMITxD8KPgz5L+Qv70jot3L7m5RuvTvyt4FAmtrWiW1q +02ipa8dqJDPUdsIm4Qa3148IziWa+mLO8wb2DdxBAoGBAJgQgUNxleNCceBRYOQv +Cz249qVzQAT5OKt9rCW0chZdNWs4AmUEZTJhk5VT0+RkBPQcd9kvMP3cWg0VNGTq +u1Bkpjt7Rw3sOQQi9pyLk7cfbk61S5786f183PvDMpyf+WneRBAr5S6lsFzc6Qme +X7zIDMx3YbEnTUL6tu9zo8tRAoGAUA86TZ8sdsVke9B8vq/hYR0KUYkblqI7dSk8 +Ug0U6smbvSIeb+sh56LwZ7u+udNkQ06V6c3XBxDtt2SfBvCiaBirE/Qfw3B6PRPb +VU5YLlB/Ko5fULbVhUZNuk8yB5MQeVHmjiF1nX3+HTPsEjqT88ouc806heydI2L/ +zvaQ8AECgYAgd/0CzAQRmiqblR+sfYuYsQWwHBtMCInQiENOqxyM3icQUGGBwVzg +7FHnpWdZz3CHTtmeIQifJNHql0XMOGai9dzwbMQ4KgY47/NBgOgnIAy0CekD6sYk +UHd1PGf3YXIP0XAEsbnpr03cZ13aczq8wP1lLRMmRsbgyXC+n5sJsQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/main.test b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/main.test new file mode 100644 index 0000000000..38af04e381 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/intermediate-wrong-signature-no-authority-key-identifier/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.pem b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.pem new file mode 100644 index 0000000000..48a3d21cdf --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.pem @@ -0,0 +1,274 @@ +This is certificate chain where the issuer of the second certificate is not +byte-for-byte equal to the subject of the trust anchor. + +The names are equal when applying the comparison rules given in RFC 5280. The +difference in byte values is due to encoding some components as UTF8String +which were encoded in the other version as PrintableString. + +The verification should succeed. + +This certificate chain was obtained from the certificate transparency database. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16695415 (0xfec077) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, O=Government of Korea, OU=GPKI, CN=CA134040001 + Validity + Not Before: May 2 04:58:54 2012 GMT + Not After : Jul 23 02:59:59 2014 GMT + Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=*.daejin.or.kr + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:f1:3d:ac:1e:99:11:4f:45:7b:82:31:1f:e7:87: + cc:8d:8c:4a:04:e4:1f:64:ec:cb:31:96:3d:1d:1c: + 6d:06:cb:49:03:31:77:aa:df:c7:95:93:6c:6e:dc: + 80:b9:c9:fe:4a:74:ee:5e:15:46:8d:9c:f0:ea:6d: + 6b:b6:46:f3:2e:64:50:3f:5e:22:df:99:0a:15:7c: + 2f:23:aa:88:f3:36:da:58:03:29:ae:d3:13:2d:af: + 9f:03:58:a9:9e:07:26:d7:10:8a:74:55:6c:50:af: + ee:fa:17:d6:16:bb:5e:80:d5:89:45:58:7e:18:df: + 92:88:52:66:31:4d:7b:70:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:ldap://ldap.epki.go.kr:389/cn=GPKIRootCA,ou=GPKI,o=Government of Korea,c=KR + + X509v3 Authority Key Identifier: + keyid:FA:72:04:03:99:FD:EA:DB:7C:50:DD:BE:E5:72:A4:D2:77:25:15:C8 + DirName:/C=KR/O=Government of Korea/OU=GPKI/CN=GPKIRootCA + serial:47:FE:F6:00:02:07:86:D8:01:92:35:FF:9E:4A:20:02 + + X509v3 Subject Key Identifier: + B3:11:A0:4B:54:32:7E:40:C3:70:F9:D4:CB:A3:C4:23:E1:B6:35:8F + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://ldap.epki.go.kr:389/ou=dp1p20710,ou=CRL,ou=GPKI,o=Government of Korea,c=kr?certificateRevocationList + + Netscape Cert Type: + SSL Client, SSL Server + Signature Algorithm: sha1WithRSAEncryption + 4a:9f:a9:b7:98:72:b2:0e:89:67:9a:2c:ab:ad:c9:bb:b0:00: + a7:f4:49:2d:7a:53:63:a1:5b:00:d1:5c:f1:90:40:61:07:e8: + 20:ea:b3:0e:3e:13:16:3a:8c:b5:4e:68:ed:17:26:e6:88:ac: + 99:30:69:c2:c0:67:30:21:35:2e:30:91:cb:15:c3:f3:00:16: + 5e:4a:47:e9:52:ba:e4:ac:6e:dc:c2:f1:95:f5:95:92:9d:75: + 48:c5:f1:72:88:ca:4c:34:ec:0f:7b:ac:c4:45:1a:6d:ab:bb: + 9b:01:30:d5:63:30:9a:4d:8d:3d:99:07:68:56:1a:95:59:f9: + 63:16:fe:a4:3e:12:eb:65:46:1d:7a:23:f1:06:7e:8c:b2:23: + b8:fd:16:eb:10:15:bc:4a:d1:fe:86:d8:f4:61:6a:e8:82:62: + aa:5b:73:bc:6c:d9:bf:2a:80:be:a9:f8:5c:4c:4e:8a:44:f3: + 8d:7f:79:f1:a8:17:a5:bd:40:1f:80:7f:33:3f:3b:4c:78:9d: + f1:40:ac:3f:2e:7b:d1:07:5e:74:7c:94:8f:ec:51:f7:76:fb: + a3:e6:9f:21:32:86:73:74:56:6a:a9:e9:a8:38:b8:2a:01:d4: + cb:80:31:83:51:72:17:f8:4f:b1:89:79:0f:17:47:51:e9:b6: + 02:62:84:5c + +-----BEGIN CERTIFICATE----- +MIIEnDCCA4SgAwIBAgIEAP7AdzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJLUjEcMBoGA1U +ECgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTEUMBIGA1UEAwwLQ0ExMzQwND +AwMDEwHhcNMTIwNTAyMDQ1ODU0WhcNMTQwNzIzMDI1OTU5WjB+MQswCQYDVQQGEwJLUjEcMBoGA +1UECgwTR292ZXJubWVudCBvZiBLb3JlYTEYMBYGA1UECwwPR3JvdXAgb2YgU2VydmVyMR4wHAYD +VQQLDBXqtZDsnKHqs7ztlZnquLDsiKDrtoAxFzAVBgNVBAMMDiouZGFlamluLm9yLmtyMIGfMA0 +GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxPawemRFPRXuCMR/nh8yNjEoE5B9k7Msxlj0dHG0Gy0 +kDMXeq38eVk2xu3IC5yf5KdO5eFUaNnPDqbWu2RvMuZFA/XiLfmQoVfC8jqojzNtpYAymu0xMtr +58DWKmeBybXEIp0VWxQr+76F9YWu16A1YlFWH4Y35KIUmYxTXtwWQIDAQABo4IB0jCCAc4wZwYI +KwYBBQUHAQEEWzBZMFcGCCsGAQUFBzAChktsZGFwOi8vbGRhcC5lcGtpLmdvLmtyOjM4OS9jbj1 +HUEtJUm9vdENBLG91PUdQS0ksbz1Hb3Zlcm5tZW50IG9mIEtvcmVhLGM9S1IwgYYGA1UdIwR/MH +2AFPpyBAOZ/erbfFDdvuVypNJ3JRXIoVOkUTBPMQswCQYDVQQGEwJLUjEcMBoGA1UECgwTR292Z +XJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTETMBEGA1UEAwwKR1BLSVJvb3RDQYIQR/72 +AAIHhtgBkjX/nkogAjAdBgNVHQ4EFgQUsxGgS1QyfkDDcPnUy6PEI+G2NY8wCwYDVR0PBAQDAgW +gMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB8BgNVHR8EdTBzMHGgb6BthmtsZGFwOi +8vbGRhcC5lcGtpLmdvLmtyOjM4OS9vdT1kcDFwMjA3MTAsb3U9Q1JMLG91PUdQS0ksbz1Hb3Zlc +m5tZW50IG9mIEtvcmVhLGM9a3I/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDARBglghkgBhvhC +AQEEBAMCBsAwDQYJKoZIhvcNAQEFBQADggEBAEqfqbeYcrIOiWeaLKutybuwAKf0SS16U2OhWwD +RXPGQQGEH6CDqsw4+ExY6jLVOaO0XJuaIrJkwacLAZzAhNS4wkcsVw/MAFl5KR+lSuuSsbtzC8Z +X1lZKddUjF8XKIykw07A97rMRFGm2ru5sBMNVjMJpNjT2ZB2hWGpVZ+WMW/qQ+EutlRh16I/EGf +oyyI7j9FusQFbxK0f6G2PRhauiCYqpbc7xs2b8qgL6p+FxMTopE841/efGoF6W9QB+AfzM/O0x4 +nfFArD8ue9EHXnR8lI/sUfd2+6PmnyEyhnN0Vmqp6ag4uCoB1MuAMYNRchf4T7GJeQ8XR1HptgJ +ihFw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 47:fe:f6:00:02:07:86:d8:01:92:35:ff:9e:4a:20:02 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA + Validity + Not Before: Jun 9 14:09:21 2008 GMT + Not After : Jun 9 14:09:21 2018 GMT + Subject: C=KR, O=Government of Korea, OU=GPKI, CN=CA134040001 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2047 bit) + Modulus: + 66:f0:e5:31:3d:4f:c0:d8:44:91:e0:79:5a:fb:f2: + 0a:b4:17:7f:5d:1a:87:68:d6:34:3a:b7:03:ce:88: + 10:73:95:44:1d:ec:36:80:01:82:40:87:b9:ee:f4: + 8c:86:bf:10:8f:4f:46:97:68:a2:e3:d8:75:1f:83: + 24:f9:05:4b:d4:0b:8b:39:60:92:b3:c2:35:08:49: + aa:be:ef:b9:74:1d:fc:95:76:38:58:4a:86:ca:e5: + 22:b2:99:68:1d:45:53:49:dd:26:6c:de:cd:95:19: + 67:10:5f:b0:1c:fa:2c:08:d1:66:7e:04:54:f3:ea: + 41:8f:83:47:b7:d2:ae:08:7c:87:ac:86:3c:c8:4c: + b5:5f:1a:00:34:e9:32:42:e6:9d:f4:a3:60:92:ac: + 63:83:53:62:17:81:b1:74:3b:92:bd:9d:dc:22:b9: + 6b:b4:a7:dc:dc:de:e1:3b:c2:d3:90:f2:72:da:53: + 58:f2:4d:c8:53:b1:f0:08:72:8b:47:55:83:be:e6: + 34:dc:78:b8:f5:d0:86:58:a9:e2:7e:29:57:88:9b: + 2e:55:70:f8:ef:44:f7:fe:e5:50:31:b7:d7:21:ff: + c2:04:a5:e2:e9:30:71:08:c7:1d:72:36:75:a7:6f: + 3f:63:3a:de:d8:dd:1d:77:d9:54:70:47:63:72:20: + 2b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:16:67:32:F4:68:5E:68:31:47:DB:ED:EC:CE:61:2E:9A:24:46:C4:7D + + X509v3 Subject Key Identifier: + FA:72:04:03:99:FD:EA:DB:7C:50:DD:BE:E5:72:A4:D2:77:25:15:C8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.2.410.100001.5.3.1.3 + Policy: 1.2.410.100001.5.3.1.1 + Policy: 1.2.410.100001.5.3.1.7 + Policy: 1.2.410.100001.5.3.1.9 + Policy: 1.2.410.100001.5.3.1.5 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://cen.dir.go.kr:389/cn=GPKIRootCA,ou=GPKI,o=Government of Korea,c=KR?authorityRevocationlist;binary + + Signature Algorithm: sha1WithRSAEncryption + 21:6a:06:b3:c6:d3:18:fa:9f:a2:d4:5f:ce:c8:92:74:93:06: + 54:f0:fa:ca:21:22:54:64:ca:41:c4:c6:99:a5:f0:b3:51:64: + a7:68:ef:47:6b:a4:8f:9e:a9:bc:80:4e:f5:64:95:7e:29:48: + fa:96:5e:98:2f:75:44:c5:a1:94:d9:83:e9:35:4c:db:a3:89: + 85:b9:33:f9:40:1a:3e:77:5f:2c:11:90:08:b0:a3:c0:1b:66: + 57:c3:5c:14:07:1e:75:8d:db:8c:05:61:98:a3:8d:c9:15:2f: + 97:3e:5a:f1:ad:85:0b:3e:86:e9:ae:e7:6b:a9:3b:7e:11:f7: + c6:fb:e8:5e:cb:5f:15:06:4f:e6:3e:e6:f2:a2:f1:65:31:9e: + f8:7a:c5:7d:e8:87:a7:26:f1:b1:30:d8:6c:4b:e5:3e:44:81: + 35:42:82:c3:b1:c2:6b:95:e9:e6:8d:cb:5b:a3:03:59:f2:9a: + bd:d4:c2:70:e9:5f:0e:1b:4c:3d:10:b5:50:32:df:7c:ba:27: + 73:53:67:f3:17:85:b4:5f:11:e2:22:56:41:b6:9e:a2:98:e6: + 71:43:ec:6d:0a:22:5d:d3:f4:bf:8e:91:28:1c:15:3d:64:42: + 6b:05:1a:25:44:c7:6f:7f:93:a1:da:a4:cb:7a:8c:19:53:5e: + d1:b4:2f:13 +-----BEGIN CERTIFICATE----- +MIIEXjCCA0agAwIBAgIQR/72AAIHhtgBkjX/nkogAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQ +GEwJLUjEcMBoGA1UECgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTETMBEGA1 +UEAwwKR1BLSVJvb3RDQTAeFw0wODA2MDkxNDA5MjFaFw0xODA2MDkxNDA5MjFaMFAxCzAJBgNVB +AYTAktSMRwwGgYDVQQKDBNHb3Zlcm5tZW50IG9mIEtvcmVhMQ0wCwYDVQQLDARHUEtJMRQwEgYD +VQQDDAtDQTEzNDA0MDAwMTCCASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAZvDlMT1PwNh +EkeB5WvvyCrQXf10ah2jWNDq3A86IEHOVRB3sNoABgkCHue70jIa/EI9PRpdoouPYdR+DJPkFS9 +QLizlgkrPCNQhJqr7vuXQd/JV2OFhKhsrlIrKZaB1FU0ndJmzezZUZZxBfsBz6LAjRZn4EVPPqQ +Y+DR7fSrgh8h6yGPMhMtV8aADTpMkLmnfSjYJKsY4NTYheBsXQ7kr2d3CK5a7Sn3Nze4TvC05Dy +ctpTWPJNyFOx8Ahyi0dVg77mNNx4uPXQhlip4n4pV4ibLlVw+O9E9/7lUDG31yH/wgSl4ukwcQj +HHXI2dadvP2M63tjdHXfZVHBHY3IgKwIDAQABo4IBNDCCATAwHwYDVR0jBBgwFoAUFmcy9GheaD +FH2+3szmEumiRGxH0wHQYDVR0OBBYEFPpyBAOZ/erbfFDdvuVypNJ3JRXIMA4GA1UdDwEB/wQEA +wIBBjBPBgNVHSAESDBGMAwGCiqDGoaNIQUDAQMwDAYKKoMaho0hBQMBATAMBgoqgxqGjSEFAwEH +MAwGCiqDGoaNIQUDAQkwDAYKKoMaho0hBQMBBTASBgNVHRMBAf8ECDAGAQH/AgEAMHkGA1UdHwR +yMHAwbqBsoGqGaGxkYXA6Ly9jZW4uZGlyLmdvLmtyOjM4OS9jbj1HUEtJUm9vdENBLG91PUdQS0 +ksbz1Hb3Zlcm5tZW50IG9mIEtvcmVhLGM9S1I/YXV0aG9yaXR5UmV2b2NhdGlvbmxpc3Q7YmluY +XJ5MA0GCSqGSIb3DQEBBQUAA4IBAQAhagazxtMY+p+i1F/OyJJ0kwZU8PrKISJUZMpBxMaZpfCz +UWSnaO9Ha6SPnqm8gE71ZJV+KUj6ll6YL3VExaGU2YPpNUzbo4mFuTP5QBo+d18sEZAIsKPAG2Z +Xw1wUBx51jduMBWGYo43JFS+XPlrxrYULPobprudrqTt+EffG++hey18VBk/mPubyovFlMZ74es +V96IenJvGxMNhsS+U+RIE1QoLDscJrlenmjctbowNZ8pq91MJw6V8OG0w9ELVQMt98uidzU2fzF +4W0XxHiIlZBtp6imOZxQ+xtCiJd0/S/jpEoHBU9ZEJrBRolRMdvf5Oh2qTLeowZU17RtC8T +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 45:f8:e0:e4:01:c5:3e:71:e6:bd:71:6d:97:9c:41:23 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA + Validity + Not Before: Mar 15 06:00:04 2007 GMT + Not After : Mar 15 06:00:04 2017 GMT + Subject: C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2047 bit) + Modulus: + 5a:2b:41:15:9b:db:76:26:01:f0:54:72:0b:87:13: + 1f:a0:d0:3f:96:aa:0d:b3:34:81:de:48:5a:9f:f3: + 70:5a:c2:f1:3a:9e:04:f0:4e:94:79:97:e1:f4:b5: + 14:4c:d7:6f:c4:8b:18:b7:dc:12:2b:1d:0a:9b:ee: + 20:0c:5b:8f:ff:f9:af:82:9e:98:46:d0:3d:5d:28: + f3:97:16:c1:5c:e5:56:bf:44:a4:00:a1:7a:cb:9b: + 7a:5b:dc:d4:ed:fb:f2:a0:02:67:00:1e:44:e5:8a: + 01:dc:a5:a3:4e:fe:d6:0c:67:ca:49:b9:f0:d0:a0: + f9:4d:1f:03:d3:86:ef:0d:85:75:4d:f3:ed:fb:cd: + 6a:66:04:57:f4:57:9b:ac:66:8a:4f:c2:a8:4f:71: + 89:09:dd:4c:00:df:96:bb:d5:90:0a:b4:b6:6a:6d: + c6:bf:d3:99:29:ff:62:f0:10:da:45:ac:09:72:0b: + 82:10:e8:15:a8:8b:5f:e2:a2:5a:79:1e:c2:67:fd: + e9:44:57:0b:03:d0:21:15:51:b0:00:f3:8f:6d:e2: + 23:f0:49:21:d9:6d:cf:62:3d:ec:eb:fd:28:92:01: + 3f:7a:a3:72:7c:eb:f3:ae:e7:f8:0a:ec:6e:ad:7a: + 9b:55:c9:30:4b:9c:b6:61:46:6b:58:1a:fe:9f:48: + 1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:16:67:32:F4:68:5E:68:31:47:DB:ED:EC:CE:61:2E:9A:24:46:C4:7D + + X509v3 Subject Key Identifier: + 16:67:32:F4:68:5E:68:31:47:DB:ED:EC:CE:61:2E:9A:24:46:C4:7D + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 35:63:52:c6:60:18:1c:b7:c2:c1:5a:58:02:ec:07:d5:a1:90: + 93:fc:80:47:d0:52:78:ab:85:f8:76:d3:b8:b0:18:32:a0:b6: + 90:68:13:66:3d:6f:af:8e:dc:f6:a3:c4:ce:39:5f:af:ed:0a: + 66:e0:7c:11:c8:0c:cb:9e:1f:38:29:8a:8b:de:c8:63:2e:c7: + b4:d2:ce:36:91:94:e0:4f:84:92:b6:aa:22:a8:fd:31:a7:33: + 48:c9:5b:f6:13:d8:16:16:eb:1f:3f:a5:4e:06:93:3a:d9:06: + 65:30:96:fa:8d:06:db:a1:1a:f4:2b:fa:0f:68:f0:c1:2b:7c: + 9d:05:d7:09:42:3b:d2:2f:91:90:fc:0e:6b:38:5b:b2:75:a9: + 57:9c:57:64:f5:98:20:a4:ff:d4:30:04:e4:ce:1f:90:c9:2f: + c1:df:5a:56:b8:cb:aa:aa:b4:bf:eb:b8:f7:22:4a:4d:c1:35: + f4:65:bd:78:bc:6f:78:1b:56:3a:81:e8:0d:f5:c2:a5:17:30: + d3:8d:57:77:cb:a5:c1:4c:b1:30:dd:34:b8:ab:92:0a:22:02: + 36:8b:f6:6c:f7:61:b9:08:ee:30:ad:1a:a8:44:f1:2e:32:ec: + 83:a2:48:48:3a:67:5f:e9:6f:1b:17:33:08:2a:c1:c9:c3:67: + 9a:0e:85:67 +-----BEGIN CERTIFICATE----- +MIIDijCCAnKgAwIBAgIQRfjg5AHFPnHmvXFtl5xBIzANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQ +GEwJLUjEcMBoGA1UEChMTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECxMER1BLSTETMBEGA1 +UEAxMKR1BLSVJvb3RDQTAeFw0wNzAzMTUwNjAwMDRaFw0xNzAzMTUwNjAwMDRaME8xCzAJBgNVB +AYTAktSMRwwGgYDVQQKExNHb3Zlcm5tZW50IG9mIEtvcmVhMQ0wCwYDVQQLEwRHUEtJMRMwEQYD +VQQDEwpHUEtJUm9vdENBMIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBaK0EVm9t2JgH +wVHILhxMfoNA/lqoNszSB3khan/NwWsLxOp4E8E6UeZfh9LUUTNdvxIsYt9wSKx0Km+4gDFuP// +mvgp6YRtA9XSjzlxbBXOVWv0SkAKF6y5t6W9zU7fvyoAJnAB5E5YoB3KWjTv7WDGfKSbnw0KD5T +R8D04bvDYV1TfPt+81qZgRX9FebrGaKT8KoT3GJCd1MAN+Wu9WQCrS2am3Gv9OZKf9i8BDaRawJ +cguCEOgVqItf4qJaeR7CZ/3pRFcLA9AhFVGwAPOPbeIj8Ekh2W3PYj3s6/0okgE/eqNyfOvzruf +4CuxurXqbVckwS5y2YUZrWBr+n0gdAgMBAAGjYzBhMB8GA1UdIwQYMBaAFBZnMvRoXmgxR9vt7M +5hLpokRsR9MB0GA1UdDgQWBBQWZzL0aF5oMUfb7ezOYS6aJEbEfTAOBgNVHQ8BAf8EBAMCAa4wD +wYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEANWNSxmAYHLfCwVpYAuwH1aGQk/yA +R9BSeKuF+HbTuLAYMqC2kGgTZj1vr47c9qPEzjlfr+0KZuB8EcgMy54fOCmKi97IYy7HtNLONpG +U4E+EkraqIqj9MaczSMlb9hPYFhbrHz+lTgaTOtkGZTCW+o0G26Ea9Cv6D2jwwSt8nQXXCUI70i ++RkPwOazhbsnWpV5xXZPWYIKT/1DAE5M4fkMkvwd9aVrjLqqq0v+u49yJKTcE19GW9eLxveBtWO +oHoDfXCpRcw041Xd8ulwUyxMN00uKuSCiICNov2bPdhuQjuMK0aqETxLjLsg6JISDpnX+lvGxcz +CCrBycNnmg6FZw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.test b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.test new file mode 100644 index 0000000000..55cd0c3c6c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/anchor.test @@ -0,0 +1,5 @@ +chain: anchor.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 120502045854Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.pem b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.pem new file mode 100644 index 0000000000..abc8cd33aa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.pem @@ -0,0 +1,454 @@ +This is certificate chain where the issuer of the second certificate is not +byte-for-byte equal to the subject of the third certificate. + +The names are equal when applying the comparison rules given in RFC 5280. The +difference in byte values is due to encoding some components as UTF8String +which were encoded in the other version as PrintableString. + +The verification should succeed. + +This certificate chain was obtained from the certificate transparency database. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 966709257826132928 (0xd6a70f2b9cee3c0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Trend Micro Inc, CN=Trend Micro CA + Validity + Not Before: May 20 15:18:33 2013 GMT + Not After : May 21 15:18:33 2015 GMT + Subject: businessCategory=Business Entity/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C1919248, C=US, ST=California, L=Cupertino, O=Trend Micro, Inc., CN=community.trendmicro.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:84:0a:28:77:d4:40:6b:62:00:de:5f:a7:da: + de:c0:83:bb:81:56:f1:a5:1f:7b:ea:23:e2:f0:53: + 96:b4:e4:c9:dd:68:06:5b:f4:d6:c8:de:d5:a8:21: + e5:c3:b5:fc:a7:04:7c:ef:1f:ac:1b:06:6d:f3:e5: + 36:2f:a8:ea:7c:2b:c9:cf:43:a7:f6:5f:15:be:7b: + cb:d8:35:14:39:6a:47:f2:9b:e8:c7:07:48:97:a3: + 02:67:8c:bf:97:f8:51:ec:8f:fd:3a:74:05:01:f9: + 7c:1b:85:25:e4:f2:66:8d:11:de:d5:f0:12:97:3f: + a1:8f:23:36:b3:71:bd:ac:1e:e7:8f:fb:89:11:36: + a7:bd:32:7f:44:9a:e9:8d:54:f2:85:06:d2:4f:d1: + 3f:4a:a0:e2:0f:35:16:5f:ac:7b:2e:7e:da:d5:77: + 72:64:88:ea:2e:1f:c1:f2:eb:81:17:b5:89:2f:22: + e7:fc:c1:2b:22:6f:b8:ac:29:e6:61:95:3f:3b:4d: + b4:03:5a:f5:44:cb:00:e3:1a:16:36:53:eb:33:7a: + 88:73:51:22:3a:03:c9:a6:01:bc:1e:07:a5:0f:d4: + a3:57:5f:ce:3d:19:59:e6:97:60:e5:5b:8d:0e:66: + 6d:e2:5e:6f:39:48:d4:69:77:5b:c2:08:bc:c9:55: + 82:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://ocsp.trendmicro.com/tmca.crt + OCSP - URI:http://ocsp.trendmicro.com/tmca + + X509v3 Subject Key Identifier: + 58:E3:2D:66:53:0F:E5:F0:00:2C:A6:5E:CF:AD:D1:64:2D:1E:77:21 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Authority Key Identifier: + keyid:AD:31:C7:FA:02:CE:67:F7:65:1C:FB:BA:5F:C0:BB:C5:50:4C:67:C8 + + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.34697.2.2 + Policy: 2.16.756.1.89.1.2.1.1 + Policy: 1.3.6.1.4.1.34697.1.1 + CPS: http://ssl.trendmicro.com/resources/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.trendmicro.com/crl/trendmicroca.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:community.trendmicro.com + Signature Algorithm: sha1WithRSAEncryption + a7:ec:1b:48:20:53:62:a8:6b:e5:b0:ae:7c:c5:5b:37:ec:59: + de:39:b7:ef:e0:64:26:85:94:2f:22:91:d3:91:c6:07:93:8e: + 23:ea:41:84:5b:90:c5:d2:32:1c:8b:d4:83:8c:0c:c9:7a:b2: + de:a8:b6:e9:de:06:50:5c:ef:f7:73:d1:5f:66:31:53:e0:80: + 14:c8:1c:dc:81:e4:fe:05:f1:88:b5:ff:24:58:48:c5:4c:f5: + 4f:1a:a6:dd:1a:43:b1:91:74:75:99:7a:c9:22:04:12:9d:6c: + ef:b2:05:60:f5:ec:15:84:81:aa:ee:0b:d9:ba:75:74:4f:f6: + fb:d0:a9:99:d8:d4:11:d6:a6:c6:79:64:cd:de:19:6e:92:89: + f4:85:d0:b3:dc:94:00:93:27:29:b5:dd:30:71:67:e7:c3:e2: + cb:9a:d1:d7:da:56:7b:f7:33:4b:2b:6c:52:ca:1b:7b:51:9c: + 6b:7a:d2:2f:38:a0:d2:e5:7c:cf:f4:34:f8:1c:d7:4b:80:bd: + 8a:c0:e9:7d:dd:85:86:5d:12:05:60:19:0d:ff:72:15:30:ba: + cf:c0:2e:a4:1a:a1:7f:73:85:9f:4a:4e:2c:a6:98:47:20:e5: + fc:29:09:ed:21:97:28:49:5d:a3:cc:03:f0:ca:e3:c6:e3:56: + 9b:22:fd:36 + +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIIDWpw8rnO48AwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGDA +WBgNVBAoMD1RyZW5kIE1pY3JvIEluYzEXMBUGA1UEAwwOVHJlbmQgTWljcm8gQ0EwHhcNMTMwNT +IwMTUxODMzWhcNMTUwNTIxMTUxODMzWjCB1DEYMBYGA1UEDwwPQnVzaW5lc3MgRW50aXR5MRMwE +QYLKwYBBAGCNzwCAQMMAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNhbGlmb3JuaWExETAPBgNVBAUT +CEMxOTE5MjQ4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3V +wZXJ0aW5vMRowGAYDVQQKDBFUcmVuZCBNaWNybywgSW5jLjEhMB8GA1UEAwwYY29tbXVuaXR5Ln +RyZW5kbWljcm8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4QKKHfUQGtiA +N5fp9rewIO7gVbxpR976iPi8FOWtOTJ3WgGW/TWyN7VqCHlw7X8pwR87x+sGwZt8+U2L6jqfCvJ +z0On9l8VvnvL2DUUOWpH8pvoxwdIl6MCZ4y/l/hR7I/9OnQFAfl8G4Ul5PJmjRHe1fASlz+hjyM +2s3G9rB7nj/uJETanvTJ/RJrpjVTyhQbST9E/SqDiDzUWX6x7Ln7a1XdyZIjqLh/B8uuBF7WJLy +Ln/MErIm+4rCnmYZU/O020A1r1RMsA4xoWNlPrM3qIc1EiOgPJpgG8HgelD9SjV1/OPRlZ5pdg5 +VuNDmZt4l5vOUjUaXdbwgi8yVWCCQIDAQABo4IBvTCCAbkwbAYIKwYBBQUHAQEEYDBeMC8GCCsG +AQUFBzAChiNodHRwOi8vb2NzcC50cmVuZG1pY3JvLmNvbS90bWNhLmNydDArBggrBgEFBQcwAYY +faHR0cDovL29jc3AudHJlbmRtaWNyby5jb20vdG1jYTAdBgNVHQ4EFgQUWOMtZlMP5fAALKZez6 +3RZC0edyEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBStMcf6As5n92Uc+7pfwLvFUExnyDBmB +gNVHSAEXzBdMAwGCisGAQQBgo8JAgIwCwYJYIV0AVkBAgEBMEAGCisGAQQBgo8JAQEwMjAwBggr +BgEFBQcCARYkaHR0cDovL3NzbC50cmVuZG1pY3JvLmNvbS9yZXNvdXJjZXMvMD8GA1UdHwQ4MDY +wNKAyoDCGLmh0dHA6Ly9jcmwudHJlbmRtaWNyby5jb20vY3JsL3RyZW5kbWljcm9jYS5jcmwwDg +YDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAjBgNVHREEHDAag +hhjb21tdW5pdHkudHJlbmRtaWNyby5jb20wDQYJKoZIhvcNAQEFBQADggEBAKfsG0ggU2Koa+Ww +rnzFWzfsWd45t+/gZCaFlC8ikdORxgeTjiPqQYRbkMXSMhyL1IOMDMl6st6otuneBlBc7/dz0V9 +mMVPggBTIHNyB5P4F8Yi1/yRYSMVM9U8apt0aQ7GRdHWZeskiBBKdbO+yBWD17BWEgaruC9m6dX +RP9vvQqZnY1BHWpsZ5ZM3eGW6SifSF0LPclACTJym13TBxZ+fD4sua0dfaVnv3M0srbFLKG3tRn +Gt60i84oNLlfM/0NPgc10uAvYrA6X3dhYZdEgVgGQ3/chUwus/ALqQaoX9zhZ9KTiymmEcg5fwp +Ce0hlyhJXaPMA/DK48bjVpsi/TY= +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6555005306879019608 (0x5af80e98c1530a58) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Networking + Validity + Not Before: Oct 22 19:14:42 2011 GMT + Not After : Dec 31 14:08:24 2030 GMT + Subject: C=US, O=Trend Micro Inc, CN=Trend Micro CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:b7:3e:ea:50:16:fa:d4:31:c5:60:36:d1:8f: + af:67:8a:49:3f:e2:c6:d0:e7:73:67:3d:2a:ce:04: + 91:17:dc:4e:7d:30:03:e8:10:ef:db:89:8c:e8:30: + 5e:00:dd:47:41:2f:36:6c:46:9e:12:60:96:74:5b: + 26:f2:bd:a1:31:b3:d1:47:10:27:e9:71:7a:21:38: + 23:e4:1b:bb:b5:44:2e:04:b5:48:0c:8f:0d:e5:36: + fb:b7:80:3b:f2:8b:9b:ad:71:d2:88:e2:e3:b0:22: + 48:43:f2:86:e3:2a:ec:d2:95:4e:08:69:48:ec:4d: + a7:88:44:e2:90:1e:db:64:0c:cc:3b:77:c1:e1:39: + 1c:b7:42:74:d2:20:29:59:de:18:16:0c:96:59:1c: + ec:84:db:18:46:85:dc:86:fc:a7:cd:97:0f:ee:5e: + d2:7d:03:9f:d8:50:f1:e9:e1:d0:df:ad:05:76:3d: + 4a:fe:75:38:2c:dc:12:21:f6:be:dd:46:78:25:6b: + 80:6a:6e:f3:5a:1f:c6:30:dd:f1:49:f0:3a:98:d7: + 5f:09:1f:91:92:43:74:50:c0:7a:73:d9:fd:f8:9f: + 4c:b6:3d:34:8c:2d:09:4c:50:2d:a2:44:13:9d:f1: + d8:56:25:ee:51:19:b2:9f:bd:e1:d7:0d:f0:60:a9: + d0:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AD:31:C7:FA:02:CE:67:F7:65:1C:FB:BA:5F:C0:BB:C5:50:4C:67:C8 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.affirmtrust.com/resources/cps + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.affirmtrust.com/crl/AffirmTrustNetworking.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + b3:f0:b1:7c:b3:8b:9e:a1:a6:68:bf:4f:df:85:53:c9:96:6f: + 1f:97:22:1a:ff:3c:4a:c5:1e:cf:2b:6e:8b:5c:96:d5:ed:9e: + 02:2f:fe:d7:b6:9d:33:56:dc:c0:78:58:6e:0f:5d:58:4a:41: + ba:04:eb:c1:0e:fa:33:b7:8a:c7:94:bb:8e:8f:f4:7e:20:8d: + 74:b0:11:b8:47:76:75:89:45:1e:5d:52:c8:e5:ee:0b:d1:12: + fc:bd:bd:4f:34:18:21:51:61:7b:fb:75:b8:19:ef:c2:7c:78: + e7:a3:55:79:23:6f:77:93:ce:68:b6:98:e0:ab:43:20:26:ca: + f5:ea:87:bd:be:38:ce:91:74:99:68:6d:7e:35:7b:21:c1:aa: + 85:6c:31:48:ef:43:91:08:fd:07:98:a0:03:3c:01:a6:fb:eb: + 25:ea:15:62:b3:52:3d:7d:6a:3d:72:89:ec:89:84:53:1e:cd: + 9a:73:47:ff:6c:0b:b9:97:20:df:dc:e4:84:b5:c6:98:9a:f3: + 2e:cf:02:38:05:9e:f1:4e:63:db:c7:4a:45:37:e7:64:a5:2f: + 15:d9:53:b5:6c:84:eb:90:a0:64:5b:a2:ea:95:5c:83:63:c6: + a5:ed:0e:1e:6b:2f:21:48:52:5b:44:13:73:c8:f8:fe:a1:aa: + d9:eb:d1:df + +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIIWvgOmMFTClgwDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDA +SBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDT +ExMTAyMjE5MTQ0MloXDTMwMTIzMTE0MDgyNFowQDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1RyZ +W5kIE1pY3JvIEluYzEXMBUGA1UEAwwOVHJlbmQgTWljcm8gQ0EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDCtz7qUBb61DHFYDbRj69nikk/4sbQ53NnPSrOBJEX3E59MAPoEO/biYz +oMF4A3UdBLzZsRp4SYJZ0WybyvaExs9FHECfpcXohOCPkG7u1RC4EtUgMjw3lNvu3gDvyi5utcd +KI4uOwIkhD8objKuzSlU4IaUjsTaeIROKQHttkDMw7d8HhORy3QnTSIClZ3hgWDJZZHOyE2xhGh +dyG/KfNlw/uXtJ9A5/YUPHp4dDfrQV2PUr+dTgs3BIh9r7dRngla4BqbvNaH8Yw3fFJ8DqY118J +H5GSQ3RQwHpz2f34n0y2PTSMLQlMUC2iRBOd8dhWJe5RGbKfveHXDfBgqdBBAgMBAAGjgfowgfc +wHQYDVR0OBBYEFK0xx/oCzmf3ZRz7ul/Au8VQTGfIMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBB +gwFoAUBx/S55zawm6iQLSwelAQUHTEyL0wSQYDVR0gBEIwQDA+BgRVHSAAMDYwNAYIKwYBBQUHA +gEWKGh0dHA6Ly93d3cuYWZmaXJtdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwSQYDVR0fBEIwQDA+ +oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0FmZmlybVRydXN0TmV0d29ya2l +uZy5jcmwwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCz8LF8s4ueoaZov0/fhV +PJlm8flyIa/zxKxR7PK26LXJbV7Z4CL/7Xtp0zVtzAeFhuD11YSkG6BOvBDvozt4rHlLuOj/R+I +I10sBG4R3Z1iUUeXVLI5e4L0RL8vb1PNBghUWF7+3W4Ge/CfHjno1V5I293k85otpjgq0MgJsr1 +6oe9vjjOkXSZaG1+NXshwaqFbDFI70ORCP0HmKADPAGm++sl6hVis1I9fWo9consiYRTHs2ac0f +/bAu5lyDf3OSEtcaYmvMuzwI4BZ7xTmPbx0pFN+dkpS8V2VO1bITrkKBkW6LqlVyDY8al7Q4eay +8hSFJbRBNzyPj+oarZ69Hf +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 84:3c:74:b1:aa:34:86:b1:c4:c7:a0:df:55:b5:e9 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 + Validity + Not Before: Dec 1 12:00:00 2009 GMT + Not After : Nov 1 12:00:00 2019 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:84:cc:33:17:2e:6b:94:6c:6b:61:52:a0:eb: + a3:cf:79:94:4c:e5:94:80:99:cb:55:64:44:65:8f: + 67:64:e2:06:e3:5c:37:49:f6:2f:9b:84:84:1e:2d: + f2:60:9d:30:4e:cc:84:85:e2:2c:cf:1e:9e:fe:36: + ab:33:77:35:44:d8:35:96:1a:3d:36:e8:7a:0e:d8: + d5:47:a1:6a:69:8b:d9:fc:bb:3a:ae:79:5a:d5:f4: + d6:71:bb:9a:90:23:6b:9a:b7:88:74:87:0c:1e:5f: + b9:9e:2d:fa:ab:53:2b:dc:bb:76:3e:93:4c:08:08: + 8c:1e:a2:23:1c:d4:6a:ad:22:ba:99:01:2e:6d:65: + cb:be:24:66:55:24:4b:40:44:b1:1b:d7:e1:c2:85: + c0:de:10:3f:3d:ed:b8:fc:f1:f1:23:53:dc:bf:65: + 97:6f:d9:f9:40:71:8d:7d:bd:95:d4:ce:be:a0:5e: + 27:23:de:fd:a6:d0:26:0e:00:29:eb:3c:46:f0:3d: + 60:bf:3f:50:d2:dc:26:41:51:9e:14:37:42:04:a3: + 70:57:a8:1b:87:ed:2d:fa:7b:ee:8c:0a:e3:a9:66: + 89:19:cb:41:f9:dd:44:36:61:cf:e2:77:46:c8:7d: + f6:f4:92:81:36:fd:db:34:f1:72:7e:f3:0c:16:bd: + b4:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD + X509v3 Authority Key Identifier: + keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE + + Full Name: + URI:ldap://directory.swisssign.net/CN=5B257B96A465517EB839F3C078665EE83AE7F0EE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.affirmtrust.com/resources/cps + + Signature Algorithm: sha1WithRSAEncryption + 72:7a:80:2b:d3:9b:96:58:44:bb:91:8c:ed:b8:af:cc:0f:4d: + 8b:a9:52:c0:99:85:ce:e7:a4:9f:67:45:00:df:91:4a:ff:67: + 00:ff:88:de:06:6b:26:ce:ff:65:aa:8e:c2:e1:b5:d7:c4:3e: + 4e:a2:2e:2c:85:32:52:be:f1:0c:2e:e6:e3:10:b3:a4:99:3c: + 4d:8d:64:89:a6:c6:d3:61:b8:91:61:2a:e1:1a:f4:94:34:8b: + dd:39:cd:db:a3:cf:93:c2:27:58:13:2c:8d:98:64:d1:6f:6c: + 7d:4c:40:19:5c:9a:7e:21:9f:bb:68:de:bb:46:52:a4:52:ad: + c1:83:50:06:0f:06:50:56:53:13:ec:06:c2:81:ed:bf:e9:72: + 5b:e6:04:83:5b:2c:48:90:1a:8c:08:c3:93:9d:18:b7:28:5d: + 0d:68:eb:32:c8:4b:81:2a:4b:dd:76:56:ce:2f:f7:85:38:29: + 27:ac:68:9b:89:2f:8b:92:7e:8e:7f:e1:72:9e:5f:f1:15:73: + c2:70:a0:60:a1:3d:77:d5:5d:6e:78:20:48:66:4a:e8:bb:89: + 6f:0d:aa:49:e5:ce:31:e3:63:c1:ec:42:97:16:bc:c0:55:dc: + 6c:dd:c7:de:59:5a:52:a8:92:e7:13:75:67:7a:8e:ef:65:60: + 4c:44:73:1e:d5:c4:12:da:52:c6:e2:ae:84:af:67:ff:e7:9c: + 66:b8:bc:ca:b4:b2:f6:b8:07:14:fb:b4:c3:a6:a2:9b:52:f8: + b1:48:70:64:a4:65:ca:e5:17:fa:7a:56:ea:57:3f:72:02:da: + ca:64:3a:4f:dd:a0:b0:5d:50:14:35:14:70:4f:55:d8:c9:9f: + f5:b2:63:65:81:42:dc:ad:f1:e5:60:bd:56:f2:2c:e9:eb:49: + 1a:7d:de:f3:14:ff:cf:c7:bd:94:90:99:0a:3a:17:a7:5c:aa: + 06:21:4b:9b:cc:25:77:99:37:91:d3:7a:7b:15:e1:da:1f:84: + ae:35:23:ef:f0:f5:aa:95:09:84:38:e6:97:da:b1:c9:3d:a3: + d4:3b:42:0d:14:71:4f:b2:d7:b7:3e:13:5c:85:36:73:88:2d: + d0:a3:1f:4c:3c:11:bd:3b:10:95:da:2b:c4:b0:19:a3:cd:20: + 66:e6:62:c9:4d:ff:96:bd:93:76:dd:2f:86:4a:70:3d:f9:46: + 32:27:3e:d8:c4:25:e8:55:22:37:76:75:2c:cc:d1:12:06:39: + 02:5a:bb:ec:40:67:41:1f:8d:39:7d:f5:ed:64:1c:bc:89:96: + 29:d8:d4:13:b1:d1:42:88:8d:7b:79:ea:17:4d:5d:3e:ad:fd: + 8f:02:fa:d3:f1:4d:3d:23 + +-----BEGIN CERTIFICATE----- +MIIFxzCCA6+gAwIBAgIQAIQ8dLGqNIaxxMeg31W16TANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQ +GEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQS +AtIEcyMB4XDTA5MTIwMTEyMDAwMFoXDTE5MTEwMTEyMDAwMFowRDELMAkGA1UEBhMCVVMxFDASB +gNVBAoTC0FmZmlybVRydXN0MR8wHQYDVQQDExZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9 +nZOIG41w3SfYvm4SEHi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rn +la1fTWcbuakCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQ +ESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q +0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr2 +0FQIDAQABo4IBsjCCAa4wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBx/S55zawm6iQLSwel +AQUHTEyL0wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4wDgYDVR0PAQH/BAQDAgEGM +IH/BgNVHR8EgfcwgfQwR6BFoEOGQWh0dHA6Ly9jcmwuc3dpc3NzaWduLm5ldC81QjI1N0I5NkE0 +NjU1MTdFQjgzOUYzQzA3ODY2NUVFODNBRTdGMEVFMIGooIGloIGihoGfbGRhcDovL2RpcmVjdG9 +yeS5zd2lzc3NpZ24ubmV0L0NOPTVCMjU3Qjk2QTQ2NTUxN0VCODM5RjNDMDc4NjY1RUU4M0FFN0 +YwRUUlMkNPPVN3aXNzU2lnbiUyQ0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP +29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MEkGA1UdIARCMEAwPgYEVR0gADA2MDQG +CCsGAQUFBwIBFihodHRwOi8vd3d3LmFmZmlybXRydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSq +GSIb3DQEBBQUAA4ICAQByeoAr05uWWES7kYztuK/MD02LqVLAmYXO56SfZ0UA35FK/2cA/4jeBm +smzv9lqo7C4bXXxD5Ooi4shTJSvvEMLubjELOkmTxNjWSJpsbTYbiRYSrhGvSUNIvdOc3bo8+Tw +idYEyyNmGTRb2x9TEAZXJp+IZ+7aN67RlKkUq3Bg1AGDwZQVlMT7AbCge2/6XJb5gSDWyxIkBqM +CMOTnRi3KF0NaOsyyEuBKkvddlbOL/eFOCknrGibiS+Lkn6Of+Fynl/xFXPCcKBgoT131V1ueCB +IZkrou4lvDapJ5c4x42PB7EKXFrzAVdxs3cfeWVpSqJLnE3Vneo7vZWBMRHMe1cQS2lLG4q6Er2 +f/55xmuLzKtLL2uAcU+7TDpqKbUvixSHBkpGXK5Rf6elbqVz9yAtrKZDpP3aCwXVAUNRRwT1XYy +Z/1smNlgULcrfHlYL1W8izp60kafd7zFP/Px72UkJkKOhenXKoGIUubzCV3mTeR03p7FeHaH4Su +NSPv8PWqlQmEOOaX2rHJPaPUO0INFHFPste3PhNchTZziC3Qox9MPBG9OxCV2ivEsBmjzSBm5mL +JTf+WvZN23S+GSnA9+UYyJz7YxCXoVSI3dnUszNESBjkCWrvsQGdBH405ffXtZBy8iZYp2NQTsd +FCiI17eeoXTV0+rf2PAvrT8U09Iw== +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13492815561806991280 (0xbb401c43f55e4fb0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 + Validity + Not Before: Oct 25 08:30:35 2006 GMT + Not After : Oct 25 08:30:35 2036 GMT + Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:af:e4:ee:7e:8b:24:0e:12:6e:a9:50:2d:16:44: + 3b:92:92:5c:ca:b8:5d:84:92:42:13:2a:bc:65:57: + 82:40:3e:57:24:cd:50:8b:25:2a:b7:6f:fc:ef:a2: + d0:c0:1f:02:24:4a:13:96:8f:23:13:e6:28:58:00: + a3:47:c7:06:a7:84:23:2b:bb:bd:96:2b:7f:55:cc: + 8b:c1:57:1f:0e:62:65:0f:dd:3d:56:8a:73:da:ae: + 7e:6d:ba:81:1c:7e:42:8c:20:35:d9:43:4d:84:fa: + 84:db:52:2c:f3:0e:27:77:0b:6b:bf:11:2f:72:78: + 9f:2e:d8:3e:e6:18:37:5a:2a:72:f9:da:62:90:92: + 95:ca:1f:9c:e9:b3:3c:2b:cb:f3:01:13:bf:5a:cf: + c1:b5:0a:60:bd:dd:b5:99:64:53:b8:a0:96:b3:6f: + e2:26:77:91:8c:e0:62:10:02:9f:34:0f:a4:d5:92: + 33:51:de:be:8d:ba:84:7a:60:3c:6a:db:9f:2b:ec: + de:de:01:3f:6e:4d:e5:50:86:cb:b4:af:ed:44:40: + c5:ca:5a:8c:da:d2:2b:7c:a8:ee:be:a6:e5:0a:aa: + 0e:a5:df:05:52:b7:55:c7:22:5d:32:6a:97:97:63: + 13:db:c9:db:79:36:7b:85:3a:4a:c5:52:89:f9:24: + e7:9d:77:a9:82:ff:55:1c:a5:71:69:2b:d1:02:24: + f2:b3:26:d4:6b:da:04:55:e5:c1:0a:c7:6d:30:37: + 90:2a:e4:9e:14:33:5e:16:17:55:c5:5b:b5:cb:34: + 89:92:f1:9d:26:8f:a1:07:d4:c6:b2:78:50:db:0c: + 0c:0b:7c:0b:8c:41:d7:b9:e9:dd:8c:88:f7:a3:4d: + b2:32:cc:d8:17:da:cd:b7:ce:66:9d:d4:fd:5e:ff: + bd:97:3e:29:75:e7:7e:a7:62:58:af:25:34:a5:41: + c7:3d:bc:0d:50:ca:03:03:0f:08:5a:1f:95:73:78: + 62:bf:af:72:14:69:0e:a5:e5:03:0e:78:8e:26:28: + 42:f0:07:0b:62:20:10:67:39:46:fa:a9:03:cc:04: + 38:7a:66:ef:20:83:b5:8c:4a:56:8e:91:00:fc:8e: + 5c:82:de:88:a0:c3:e2:68:6e:7d:8d:ef:3c:dd:65: + f4:5d:ac:51:ef:24:80:ae:aa:56:97:6f:f9:ad:7d: + da:61:3f:98:77:3c:a5:91:b6:1c:8c:26:da:65:a2: + 09:6d:c1:e2:54:e3:b9:ca:4c:4c:80:8f:77:7b:60: + 9a:1e:df:b6:f2:48:1e:0e:ba:4e:54:6d:98:e0:e1: + a2:1a:a2:77:50:cf:c4:63:92:ec:47:19:9d:eb:e6: + 6b:ce:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + X509v3 Authority Key Identifier: + keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + + X509v3 Certificate Policies: + Policy: 2.16.756.1.89.1.2.1.1 + CPS: http://repository.swisssign.com/ + + Signature Algorithm: sha1WithRSAEncryption + 27:ba:e3:94:7c:f1:ae:c0:de:17:e6:e5:d8:d5:f5:54:b0:83: + f4:bb:cd:5e:05:7b:4f:9f:75:66:af:3c:e8:56:7e:fc:72:78: + 38:03:d9:2b:62:1b:00:b9:f8:e9:60:cd:cc:ce:51:8a:c7:50: + 31:6e:e1:4a:7e:18:2f:69:59:b6:3d:64:81:2b:e3:83:84:e6: + 22:87:8e:7d:e0:ee:02:99:61:b8:1e:f4:b8:2b:88:12:16:84: + c2:31:93:38:96:31:a6:b9:3b:53:3f:c3:24:93:56:5b:69:92: + ec:c5:c1:bb:38:00:e3:ec:17:a9:b8:dc:c7:7c:01:83:9f:32: + 47:ba:52:22:34:1d:32:7a:09:56:a7:7c:25:36:a9:3d:4b:da: + c0:82:6f:0a:bb:12:c8:87:4b:27:11:f9:1e:2d:c7:93:3f:9e: + db:5f:26:6b:52:d9:2e:8a:f1:14:c6:44:8d:15:a9:b7:bf:bd: + de:a6:1a:ee:ae:2d:fb:48:77:17:fe:bb:ec:af:18:f5:2a:51: + f0:39:84:97:95:6c:6e:1b:c3:2b:c4:74:60:79:25:b0:0a:27: + df:df:5e:d2:39:cf:45:7d:42:4b:df:b3:2c:1e:c5:c6:5d:ca: + 55:3a:a0:9c:69:9a:8f:da:ef:b2:b0:3c:9f:87:6c:12:2b:65: + 70:15:52:31:1a:24:cf:6f:31:23:50:1f:8c:4f:8f:23:c3:74: + 41:63:1c:55:a8:14:dd:3e:e0:51:50:cf:f1:1b:30:56:0e:92: + b0:82:85:d8:83:cb:22:64:bc:2d:b8:25:d5:54:a2:b8:06:ea: + ad:92:a4:24:a0:c1:86:b5:4a:13:6a:47:cf:2e:0b:56:95:54: + cb:ce:9a:db:6a:b4:a6:b2:db:41:08:86:27:77:f7:6a:a0:42: + 6c:0b:38:ce:d7:75:50:32:92:c2:df:2b:30:22:48:d0:d5:41: + 38:25:5d:a4:e9:5d:9f:c6:94:75:d0:45:fd:30:97:43:8f:90: + ab:0a:c7:86:73:60:4a:69:2d:de:a5:78:d7:06:da:6a:9e:4b: + 3e:77:3a:20:13:22:01:d0:bf:68:9e:63:60:6b:35:4d:0b:6d: + ba:a1:3d:c0:93:e0:7f:23:b3:55:ad:72:25:4e:46:f9:d2:16: + ef:b0:64:c1:01:9e:e9:ca:a0:6a:98:0e:cf:d8:60:f2:2f:49: + b8:e4:42:e1:38:35:16:f4:c8:6e:4f:f7:81:56:e8:ba:a3:be: + 23:af:ae:fd:6f:03:e0:02:3b:30:76:fa:1b:6d:41:cf:01:b1: + e9:b8:c9:66:f4:db:26:f3:3a:a4:74:f2:49:24:5b:c9:b0:d0: + 57:c1:fa:3e:7a:e1:97:c9 + +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRU +wEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHh +cNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU +3dpc3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1 +QiyUqt2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bb +qBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/W +s/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbL +tK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9 +VHKVxaSvRAiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3 +wLjEHXuendjIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc +3hiv69yFGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59 +je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kg +eDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDw +YDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwF +oAUWyV7lqRlUX64OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEF +BQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggI +BACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUD +Fu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFw +bs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS +2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V +9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4F +FQz/EbMFYOkrCChdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIh +id392qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG +2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPI +vSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0F +fB+j564ZfJ +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.test b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.test new file mode 100644 index 0000000000..218bdf5f20 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal/target.test @@ -0,0 +1,6 @@ +chain: target.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 130520151833Z +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.3.6.1.4.1.34697.2.2, 2.16.756.1.89.1.2.1.1, 1.3.6.1.4.1.34697.1.1 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/key-rollover/generate-chains.py new file mode 100755 index 0000000000..382b2b4066 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/generate-chains.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""A certificate tree with two self-signed root certificates(oldroot, newroot), +and a third root certificate (newrootrollover) which has the same key as newroot +but is signed by oldroot, all with the same subject and issuer. +There are two intermediates with the same key, subject and issuer +(oldintermediate signed by oldroot, and newintermediate signed by newroot). +The target certificate is signed by the intermediate key. + + +In graphical form: + + oldroot-------->newrootrollover newroot + | | | + v v v +oldintermediate newintermediate + | | + +------------+-------------+ + | + v + target + + +Several chains are output: + key-rollover-oldchain.pem: + target<-oldintermediate<-oldroot + key-rollover-rolloverchain.pem: + target<-newintermediate<-newrootrollover<-oldroot + key-rollover-longrolloverchain.pem: + target<-newintermediate<-newroot<-newrootrollover<-oldroot + key-rollover-newchain.pem: + target<-newintermediate<-newroot + +All of these chains should verify successfully. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# The new certs should have a newer notbefore date than "old" certs. This should +# affect path builder sorting, but otherwise won't matter. +JANUARY_2_2015_UTC = '150102120000Z' + +# Self-signed root certificates. Same name, different keys. +oldroot = gencerts.create_self_signed_root_certificate('Root') +oldroot.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) +newroot = gencerts.create_self_signed_root_certificate('Root') +newroot.set_validity_range(JANUARY_2_2015_UTC, gencerts.JANUARY_1_2016_UTC) +# Root with the new key signed by the old key. +newrootrollover = gencerts.create_intermediate_certificate('Root', oldroot) +newrootrollover.set_key(newroot.get_key()) +newrootrollover.set_validity_range(JANUARY_2_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Intermediate signed by oldroot. +oldintermediate = gencerts.create_intermediate_certificate('Intermediate', + oldroot) +oldintermediate.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) +# Intermediate signed by newroot. Same key as oldintermediate. +newintermediate = gencerts.create_intermediate_certificate('Intermediate', + newroot) +newintermediate.set_key(oldintermediate.get_key()) +newintermediate.set_validity_range(JANUARY_2_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', oldintermediate) +target.set_validity_range(gencerts.JANUARY_1_2015_UTC, + gencerts.JANUARY_1_2016_UTC) + +gencerts.write_chain(__doc__, + [target, oldintermediate, oldroot], out_pem="oldchain.pem") +gencerts.write_chain(__doc__, + [target, newintermediate, newrootrollover, oldroot], + out_pem="rolloverchain.pem") +gencerts.write_chain(__doc__, + [target, newintermediate, newroot, newrootrollover, oldroot], + out_pem="longrolloverchain.pem") +gencerts.write_chain(__doc__, + [target, newintermediate, newroot], out_pem="newchain.pem") diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Intermediate.key new file mode 100644 index 0000000000..69ee17c322 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAnSvThm72r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVB +ml3M7a8ue7bPvRR5j6VZFgL+I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9ca +epsNoXREiclYPdaZQmvl2vXxDDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxC +EiMX1kJabVUf+PETe3N9tv+3Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2 +o7JkIZI+HIw19TgWlhjxXN79ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq +43+0c2Rm/4EWuZOOYTB/FS4dbCOQdlayYBGRGQIDAQABAoIBAGDKpLGdlH4EUJ+C +iRdCx/0AwmrFvtsr5RmD7W/vz+hx0VaMbiJKsfGOeOnnY3fmLBaylXJg1XGhScax +CWKCBk+e9ov+VvM93NtF7TZXR8m0AhxoE/59jp9nou3X+WfbyPaGzD9URuZkeYV5 +tdgFTPeUrTKZ8h7DwQ4gCaXvrTK9Xa9AFclABI4DLI1VCi5beuCJKXWR8TGbAWQ2 +jT1CY6tatpK5SYyoMaxDwyVqfgLtC2E2uY7Rti+OBkryIji5d3C5lM0sGrMmuRU6 +Rs7SU8uY3yTsXfywnLV7BqeERkhvVxvHQgkJAR8SAmhmZlmOVQScSXZUpYJEKAKB +5x+ZcoECgYEAzuyibLZOXoxWGj1FaH6wEERnIgiki+ps2t+aTAyv6GNCdtTTCsXK +kjAIzXm+V7uxIbAM3CcXpVeCUNbYI2OHKl06VTN0ZmJi6maHujPPDZh7lCY0O6uZ +0ebdC/gCZSVGwJMv7T/ls9d7dvmM6+gsO7muHkGsxuyMbMQBnE1lzPUCgYEAwnJw +qH4/tGEQQyCtEyYv53vUoRsg0qpCggH7kuIlPs7sWSz8N3nyJlo8XRLESzvu1K7Y +G3dobUmarDaURkInJ1L+8v3SdnrKGckjZNgDgE5FF3Xmsugva8xKY+tV1QtPAeyq +LSII3OKgUIWRbb+qHDAnGm255G8wkqFFPnSAHRUCgYArT0ILyPiMN4lKAqsFXQbS +0M5ZRD/UfSN9iDGOW1VyKVxe7NqjNZTZli4xe5rIWCOR7nwylAgR9kfzTZR9i7Zd +upeb/6IMT+luMDmWUoOyz8iF0J08JAWU9mIrwCQYMX4mjmgIm0gjpSVVWJQTSEwB +0DJOaOaV2CroFPpVUanOBQKBgC7BtANgMFNgj7eEkPms0hIYvb1rt43QsSNv9J2S +UaBzw3OCFLgGU8sTIbbDv33T0I9F5+Na6Dp3W4ETsr3eRGn5VCL8E/K3fgeLTT5/ +jv/4Ujbc+/eDS3vhaPXz7fTHvlzZGua1a2op+KDELX81emNC1PRO9EdQ0V5A91SY +UQItAoGAQncUFbP1y1jrIPcg8+lbmnaFICd6MHDdmyYalUyyGc5S0uhe9+Yj9i1l +pJmJ0bdN7lYW/hRVBb9qRK1hTIwZdiefEtyTw1W5eSF7vf5CxJjmvIBHC1twvqsY +5HtmJySEfM+f66qJJnqZYk9PEhImvC6ihwfg2eYXkass+pkpluo= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root.key new file mode 100644 index 0000000000..376ccdee77 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxwQZyLL8KHflmY7wBYsNW+U48Y7RB9L22Gu9yMMs8wXpH0y2 +wTnUDwMvYrrnxH6cfBy+32vyNLJF7Ll2pTolHKG3eHYM6D120Ua9IOHvHIAiErWK +3nhP7QUlXbSDTJ6y7mS139nRt1886Yrh4Um91nz+SjjxlJq1zM+Fqr27LZO5qSvB ++YLAumilkE/h1DBvmcTZbOhqDHGo/8R/tZrmB6Dt9Dw6S6OIsUHP8bjq+LdDsJ+I +BevNqyf17WJVBT1iWbQcB8rEST0HgJMT/w8xTzRBnlupCnn6E5HafDXEe1acoYkF +fW4S5eSDvppeFM38J1iu9SaDNqQEYadKAS8aTwIDAQABAoIBAQDFlGSkxE1jP+VK +VoYkerCAk0m9R7RuuBspMY3xSxPNEgkncdnea7MEVH0u37BJfAmPjlpRJbIIbxTM +uDP6RYeirUqg5VJbHupfSoNpqeThvrQVLvb3dyqifYFjTlssLkImOwX1fyKdkoe+ +tIscR0GZN+6dcXsltZLYCw8BO+wgic8SVBvAe5+lsYq+cCf5t/KLmDLzKA+AgndD +MQm5uNWX2oCCq2jn1/VbvLIQj06QNi8olvkbwoe7kz6fR+GgO0fV9PKYfVUTZ5nu +3DQbzY69LFgIKFAfz9UM+1eWm+CwH8Fblj6UNupmZfzMXHM8CMuVivKtoTInwE02 +k3QkcL4BAoGBAPT0jw6G2bZPunHa1MB0aaxtqWvmUpbh4k9vifhYAmiFb1erWXO2 +zjrVtgNXyCh3fUm4lVCEABQWXvmUcySkOHBCJ+QWVZ8iyVnw4L4xrFgYWS/y5OXn +I30WOlyTgUvxTzMjP2o2AkPqeLPY41+4wl3/3xgu895KHcgY3hW4EgChAoGBAM/9 +R4BHuoJ+wgfUmZsmbRmX528eKko9iFzovWvH+hIbfB9Ya38VwiVVIeuVz8aRMq0j +nGtez1nGCM/UVDGzV9LUrCI7/qUZn1i81288RaDMGyqlAoSHx7jm/eQjPOzUcCkk +TBWupKEhkcKq+XFHcZqSiHHxtwEtq+TAhUxdngTvAoGAOScSdcY659GkY8o2F41R +1pxjijxcCr47amNQ4rPOJAr2FpNxNJFzfsC8Tf1eQyrV/axmkjmqNwWdNUhQsTzr +ui2FVy9q3M1mA2kzVs0KNCfCL3DRvV53pkjYZx83bLupyfmwYxyk3KnJbdTuADiA +iSQZLnBOEBBk8Hn030ZqVOECgYEAuOub0rXzYWqJ4KRpHcSAY6znG6haOT+UKebT +4ywdblP5e3UFviv+PWr/iZHc9dLKl519yQi2mj60PvOtF7M4dj6X/KgSs3+gaSkc +8c1IqrpNvRCQuHxwWjklqtyZoocOYcXfz7dCr/BExCt3M/wtSRzXK1eZOfb9SZjR +6x+hCwkCgYBAcS65HbyZgDNBEl6hvhUmgNQrc7CXcUwmFdMrxfjC3N/FzgT0A5Cm +atdAFvF47a9FlX1RXB8X2IGTyxbX6ywabBjCbvP9vRCtkyavdcs6Pdi16VXJPCnB +4Rb44dmUIxVSA38B5OwEbovYo6flgy4d0J0i9MrImO4uDdPwBbw1Gw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root_1.key b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root_1.key new file mode 100644 index 0000000000..4a93a23cfa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Root_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA718/VwCtLYKBVhnA2phyi39LTzfy2Q6zPHtz04qtWpScNwu8 +aEtArKnRHxs1anRQa5HCMOWmiIeQ9NyNCUlqPvD+z7uzOzPBKi65+5tq2yqmn4dG +arB9h8ZjJ81Y51V9xWzYrMcQ+25oQJ1pv4+gnDbYetz7FEj0ll3CDo/pLx0IEwSg +HQN4uKaXFRMPkU6eGACWn5TmrQIux2DI7VBUAi6ya27VeH96dCAg9pz6mBezj/2S +AT3/5lb6RShBsTy6Su+8/0we05a8XaYGfSfYZhPgQHSDjPSJyY2KE7eYiDJsUWwV +khwb5/cIpjWBtCS+RRAf/8nkTTW3TTyuVNLubwIDAQABAoIBAD5Rh8X40R02CsIF +tmWypq+Wll6rbDgCUbt/UGpUgklAw2K5VXW5kb7h/yWgCcoLOhynN+1O/Ioy8RQu +jzFJwbVdPJmMfl79XF7FB3pvveQNOI/zwetow2WjypDEL08avMG3Urm4ob0zw0R/ +Nta+Z8wDo1xpR5zCWZsEEc+Eu+qdnVMlmiJ97csUZOR9TyqAe/+GQncngAchYT1i +BYZS3aCR52m4YNitniTAdXaoZh9Rju5+9b2XLgmRuqUvTUG7ASXJpC57aKqrwced +YYpA5dsMKWMKffE3LmVNwVt7hXxTHxekMc4272ClsLtAEXFRriG2nTZe+BnQhD0P +B5vDj/ECgYEA/+huzZ9DYAMgcKwv5+QHy31NydFSiR7caUSwULS3wan7yFGohCq5 +lDNZyRhGblmq6epZhPwTxyvGto8HxJy/NY9AszCK2K6ktf7XgIXrDUVOGuXiZR/K +Ln7awErDd9tPmU/z1m/DD/wFTeQmri4YVhiZz86klOxN0Qw36Et4V3UCgYEA73VK +sUVN0iy2u9Zars6AQDlgwftFpguuRfbVCTcuA2TW4SnzxYJ9kTv25K4ln2xfT2w8 +m+k2powsolBHpIZ80KwJoi/82mI3Pz7M8g+RS4ECM2+UDfx/b4pA5ayNfCwzpSRK +OOqU2+owEN4S1kN5MeXfJeVIQzalIWBjYSMVVdMCgYAfdPrp28H0c23xa7kX0DgF +E4oUXN7AbEK7ze2+ffh4neSNYzxLwtS9GvLWfV1rAyq3Rk9qwXHM8dyjZEGYMYxv +kQRrAnSO3ijxFjp3Wf7iyronJEsIEzhPLtjE+mu8uAC439MhcOuRc3FTedAnaRMk +wjFmEgi5JbMLF21n6J8KYQKBgQC+4Y7i9M3uJnqcDWlIQ5B0ociBmV2R2WnYl8SG +jhf92Jp57slFvpl99oD/Fdsj1G29kBhYaHWKGd9SnBAgFJzWcu1S/lHfe79yiQsy +QjqeJ36rpdwtsgOb1GebLguy2kFo+R65dDWpgGtEZuI5LpwjrIxPVxBdk+faTU2r +Fx5gxQKBgQCe+ze4NdhMbnI/GtMw9v8ojlW9kLdB3eVdP/0AFizVixuWxM9Xwfp4 +Ss64poFtnQ9k6Lda+J5xIoNHQBoAengwI1fFB1Gd6O/Lglloa4ni36PSDbwWGNbJ +6y1tlYrcvpT8CLZdvav4XLNxM1yafAJxHPCg++WlmejFpFA7NFAa5g== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Target.key new file mode 100644 index 0000000000..3abcfb39cc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56KtLj +FZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60v7Qr +Va6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEHCcsY +VxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYzEwRc +ZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGyGBJq +KQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABAoIBABmFzEgtCoeTjkky +H04dbTaCMHTKNQU34EkgmsYL3A5mIj04Nt3Rplb6gMduaLxpl4V0eDVBVbQaLcuy +G/sVdd8iNuasI36zOUS2dHHlmro6YYdhI5FBSkdpr5enF0KIl4PqFR+IcfZ8RSCx +IiI+C5Qi88utL0B6C1pUvVzH4h7SYnptZEbj3zLOOn3uPMpPhRxBWU+7vVSR+eRa +EFPvJa7kGF5eToA//3pWSbqSNfzcqgfgsbTOeTJE6wSHbF4fvn5AmLd3qYVB5bpi +sXL7a99W6iqBjuvPMzhBKEZ8iBxnUr/XQABpEBDPbbHPSG9k6s9i55AT2vUAhay7 +VJ+3rQECgYEA/lM9FPPMlw26Db3xvX+Ij/OpSOL3TlxiApj0Oe1JEf7E7YpULTFc +wOT2LD9n52V5jI9rMSkNn/c+sjnfYvYjilBUL/8WesWQ97hAEq5VmAnwqUMPJAiW +7bUPrNA2ES5tRHboOL5wv2DwCMQp10C7DSTFACF8oEABzJJdlmecfoECgYEA8QtL +UjYnaRt6gJF7Eub1VN3DXJamQ6Ck0R5LRk5zfBGQHb9p5ujmM2aEK+zR83zkJaIH +IlAEt6PTtdRtfVFQtRHXv5G0/ayjNMcUwvYT5UlLErRy3Vc/8e8i02wtSDqTQ3ng +RpzP6Ut7njiozniMvEqcFzi7jFUX1WgOxYcpodMCgYEA5iEf9mOdT1oGbwTfR9+t +DMUo+2EU8v05WqxY4knKgtQMEf3HqZUvHwSPlP5S4Nm7oOrtzfAd+g/Z1Z/0eTHM +ew2xADVMfA9l3CIHKGBD522nLSIXAz4ahEIASxmksutVyEvoWeBJWYM38FbAnZxf +JceN00553O/OMPSIZt6ehwECgYBukj6//KWBeqBsP9AUMKwTfRLz8wtb9GIGp33i +R3SEUk4oxzieOvH2XC1/NMhuiDjj5nqdS9WOI/Gm9EYxeU6rcP7mGsHKqBnJyRUG +BfnEcSWl8+7JCBAGPCtejr4K5wvMpSizW5WoL/8J6nXNGNF+Qj9uC5FE43fmZjB4 +ffMkDwKBgQCksLccG3hYRq1+OFc9idOiovQoCOQUShbGR8y3Ikf7EazfguxD/9QW +NC5tBeI5D5ZcAauuzRY5//4sAyodMZJ1B+XwF+1/GJq61kS+69QBfWog4BQZbrCm +tjUPSwGX2C581+tjRZpO7SjCXnYxHbkRxVWNfa7DoWXkEwiWtK5Fvg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.pem b/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.pem new file mode 100644 index 0000000000..5ae7705c61 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.pem @@ -0,0 +1,486 @@ +[Created by: generate-chains.py] + +A certificate tree with two self-signed root certificates(oldroot, newroot), +and a third root certificate (newrootrollover) which has the same key as newroot +but is signed by oldroot, all with the same subject and issuer. +There are two intermediates with the same key, subject and issuer +(oldintermediate signed by oldroot, and newintermediate signed by newroot). +The target certificate is signed by the intermediate key. + + +In graphical form: + + oldroot-------->newrootrollover newroot + | | | + v v v +oldintermediate newintermediate + | | + +------------+-------------+ + | + v + target + + +Several chains are output: + key-rollover-oldchain.pem: + target<-oldintermediate<-oldroot + key-rollover-rolloverchain.pem: + target<-newintermediate<-newrootrollover<-oldroot + key-rollover-longrolloverchain.pem: + target<-newintermediate<-newroot<-newrootrollover<-oldroot + key-rollover-newchain.pem: + target<-newintermediate<-newroot + +All of these chains should verify successfully. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 + X509v3 Authority Key Identifier: + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: + 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: + 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: + 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: + 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: + 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: + e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: + a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: + 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: + 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: + 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: + 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: + 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: + 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: + bd:68:1c:bf +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 +KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 +v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH +CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz +EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy +GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ +CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 +3L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 +jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ +lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF +5YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe +8MSRmYtP8TVlwauiShIbz71oHL8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:95 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + X509v3 Authority Key Identifier: + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 58:20:51:07:c1:79:72:0f:8d:3b:34:8d:af:79:8a:f4:65:dd: + f6:62:8c:28:b1:e3:91:7a:c1:e0:75:11:6e:f4:cf:90:04:39: + 8f:08:19:c9:d5:3b:61:4a:30:5c:f1:dd:93:1d:b0:05:d0:2b: + f4:a0:ce:4a:8d:10:f9:ce:47:92:a1:84:8a:5d:42:62:e4:81: + 4d:8d:2a:49:cf:41:b7:1f:b8:ef:62:68:80:64:52:b5:b4:e8: + 9c:33:10:85:f6:2d:18:0c:a1:cd:a7:6d:2a:b6:73:a8:3d:4c: + 64:c3:3a:33:11:8b:6b:0c:68:86:ab:28:c8:e2:21:a0:26:78: + ed:15:f6:14:3c:d0:19:ea:d2:88:3b:ed:de:c8:99:4b:74:ff: + aa:d3:80:1b:5d:f0:f4:08:33:28:33:e9:0a:e8:07:0c:c4:ab: + f6:8c:3d:08:5a:4b:91:84:45:56:85:a0:92:59:e8:b4:e8:c6: + 92:0d:db:1a:fe:dc:4f:ac:b6:5c:7e:6f:e5:56:14:85:f4:74: + 33:f8:1e:eb:33:d0:0b:74:a6:ef:4e:3b:e7:77:c4:92:26:4e: + 5d:e2:cd:6e:dc:f7:25:ee:92:b9:b0:48:5d:46:e5:a9:50:a8: + bb:68:57:cb:f8:7f:07:f7:b2:54:97:f9:6e:54:1c:53:09:ce: + c0:6b:f1:f1 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F +QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX +GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs +QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg +9qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz +6uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAUAWtJHyGPgN3Ul8Co +uyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBYIFEHwXlyD407NI2veYr0Zd32YowoseOResHg +dRFu9M+QBDmPCBnJ1TthSjBc8d2THbAF0Cv0oM5KjRD5zkeSoYSKXUJi5IFNjSpJ +z0G3H7jvYmiAZFK1tOicMxCF9i0YDKHNp20qtnOoPUxkwzozEYtrDGiGqyjI4iGg +JnjtFfYUPNAZ6tKIO+3eyJlLdP+q04AbXfD0CDMoM+kK6AcMxKv2jD0IWkuRhEVW +haCSWei06MaSDdsa/txPrLZcfm/lVhSF9HQz+B7rM9ALdKbvTjvnd8SSJk5d4s1u +3Pcl7pK5sEhdRuWpUKi7aFfL+H8H97JUl/luVBxTCc7Aa/Hx +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:94 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + X509v3 Authority Key Identifier: + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2c:4d:7f:fd:1c:4e:6a:f0:7b:d1:a6:d2:92:35:0a:bb:00:96: + f6:87:a2:8f:c8:20:51:fe:34:1b:e2:72:e0:52:ce:33:14:b8: + 9a:fb:2d:71:5d:cb:77:1e:47:cb:00:f3:e8:12:54:1a:d4:02: + e7:ee:4b:21:d2:b0:7e:df:a3:47:f2:0a:15:fe:b8:e6:7f:85: + 97:eb:2f:8d:1d:9d:0d:ba:34:ce:10:a9:a8:36:b8:ea:95:83: + 28:10:4b:09:2f:c6:7d:b4:9c:d7:20:cc:af:9f:99:36:67:a9: + 09:27:99:98:e5:10:6e:1b:ad:a1:46:0f:2f:82:98:98:28:30: + 72:33:1f:7a:24:fd:61:17:5d:23:a3:ca:70:76:a4:95:b8:7c: + 84:d7:f8:68:bd:23:27:34:0b:0f:65:c0:74:2f:28:94:46:73: + e3:7c:1a:f6:11:36:13:9b:16:5a:92:84:85:6d:59:88:85:82: + b5:43:22:fd:f5:9f:2d:82:27:cb:40:a4:b9:6c:50:7d:31:af: + 3f:cf:83:57:72:e5:d4:6b:5e:9d:97:d1:bf:a5:0a:0d:00:88: + 3d:25:b4:5c:a5:62:00:69:22:4e:ef:07:39:cf:74:33:7e:bb: + 03:07:57:49:38:d7:5c:3c:43:bf:cd:fe:af:1a:75:24:4d:a5: + f9:63:2c:bf +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i +uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd +tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ +T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt +YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ +ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h +j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFAFrSR8hj4Dd1JfAqLsqftzz2v3h +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEALE1//RxOavB70abSkjUKuwCW9oeij8ggUf40G+Jy4FLOMxS4 +mvstcV3Ldx5HywDz6BJUGtQC5+5LIdKwft+jR/IKFf645n+Fl+svjR2dDbo0zhCp +qDa46pWDKBBLCS/GfbSc1yDMr5+ZNmepCSeZmOUQbhutoUYPL4KYmCgwcjMfeiT9 +YRddI6PKcHaklbh8hNf4aL0jJzQLD2XAdC8olEZz43wa9hE2E5sWWpKEhW1ZiIWC +tUMi/fWfLYIny0CkuWxQfTGvP8+DV3Ll1GtenZfRv6UKDQCIPSW0XKViAGkiTu8H +Oc90M367AwdXSTjXXDxDv83+rxp1JE2l+WMsvw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:96 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 92:e9:36:26:51:cb:1d:31:0c:a0:5e:86:32:26:b1:0a:2f:2a: + e7:a5:65:0d:6e:56:e2:6d:1e:41:52:23:03:38:63:72:20:10: + b8:0f:42:28:9a:53:6e:ea:3c:88:a4:b6:89:67:50:34:2b:84: + 15:a3:ee:e2:a6:88:74:80:c0:8d:f0:af:84:10:94:2f:50:6f: + b8:7f:55:a6:a2:18:d5:0e:98:1d:2e:62:29:15:eb:07:eb:01: + a8:33:f2:11:08:d3:b1:09:2a:2a:05:81:ec:7c:29:10:bd:6f: + 07:55:05:77:21:e1:84:25:b3:65:b2:be:e6:db:7b:3f:e2:46: + a6:03:75:07:d0:ec:b4:00:e8:46:bf:16:2d:b0:87:0e:06:84: + 7c:54:3b:a1:8c:0e:fa:d3:d1:d2:5d:40:c1:24:b9:00:31:b7: + bc:9a:3a:e9:68:5a:bc:20:7e:5a:5e:8b:a7:28:e2:a6:5c:9b: + ff:0f:c6:ae:39:04:1d:73:77:8f:e3:28:03:7e:c5:92:50:9a: + dc:15:67:b6:42:be:7f:b1:a6:5f:25:3c:61:6c:68:a0:b5:d0: + d9:d5:bd:45:29:06:bc:ab:ee:16:6f:63:55:6b:eb:d1:9c:a5: + a7:47:70:4b:43:3a:2a:b2:a1:b5:3a:a2:fe:57:78:db:16:66: + 9f:4c:3e:55 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i +uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd +tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ +T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt +YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ +ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h +j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAkuk2JlHLHTEMoF6GMiaxCi8q56VlDW5W4m0eQVIjAzhjciAQ +uA9CKJpTbuo8iKS2iWdQNCuEFaPu4qaIdIDAjfCvhBCUL1BvuH9VpqIY1Q6YHS5i +KRXrB+sBqDPyEQjTsQkqKgWB7HwpEL1vB1UFdyHhhCWzZbK+5tt7P+JGpgN1B9Ds +tADoRr8WLbCHDgaEfFQ7oYwO+tPR0l1AwSS5ADG3vJo66WhavCB+Wl6Lpyjiplyb +/w/GrjkEHXN3j+MoA37FklCa3BVntkK+f7GmXyU8YWxooLXQ2dW9RSkGvKvuFm9j +VWvr0Zylp0dwS0M6KrKhtTqi/ld42xZmn0w+VQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:92 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c3:93:57:64:ef:a6:14:46:fd:70:31:57:e2:2d:d1:84:90:c6: + 24:77:6a:9d:e4:a7:39:fc:ae:f6:22:f8:ae:04:d9:8b:9c:e7: + c1:52:b4:1a:39:85:62:30:25:49:40:86:87:48:5f:fb:f8:4e: + 19:fe:68:1f:07:17:e2:a7:09:86:f1:49:58:6e:3e:04:49:01: + 87:2a:92:c1:38:45:4a:fa:e9:36:f5:30:77:01:2a:03:2b:ae: + 9c:bd:bc:a4:61:43:4c:a4:90:97:f6:d8:40:8b:20:c2:7e:cf: + ed:83:08:b8:c5:68:4f:a4:69:83:16:c5:b5:e5:9a:a3:4d:f2: + 4f:f4:51:3a:19:3f:8b:83:3e:04:c3:bf:7a:bf:cf:37:86:0f: + a1:79:a7:bf:c9:9c:7b:52:b9:84:ca:97:51:89:f2:25:bd:15: + 4f:61:d5:bd:f0:86:e9:14:b3:77:92:11:d5:b9:7a:58:6c:b3: + 96:16:9b:ac:db:e1:97:f7:5e:f9:58:e7:b3:4b:35:05:e6:aa: + a4:ca:a5:1a:48:b0:28:84:81:7f:32:07:39:cd:31:32:b5:c8: + da:0c:07:c2:1a:01:26:41:76:26:68:36:50:2c:34:5c:3f:b7: + 05:4a:50:d3:37:ec:8c:d1:84:3c:25:f0:d9:ef:5e:0d:b9:b1: + f9:d9:d6:3a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDvXz9XAK0tgoFWGcDamHKLf0tPN/LZDrM8e3PTiq1alJw3C7xoS0CsqdEf +GzVqdFBrkcIw5aaIh5D03I0JSWo+8P7Pu7M7M8EqLrn7m2rbKqafh0ZqsH2HxmMn +zVjnVX3FbNisxxD7bmhAnWm/j6CcNth63PsUSPSWXcIOj+kvHQgTBKAdA3i4ppcV +Ew+RTp4YAJaflOatAi7HYMjtUFQCLrJrbtV4f3p0ICD2nPqYF7OP/ZIBPf/mVvpF +KEGxPLpK77z/TB7TlrxdpgZ9J9hmE+BAdIOM9InJjYoTt5iIMmxRbBWSHBvn9wim +NYG0JL5FEB//yeRNNbdNPK5U0u5vAgMBAAGjgcswgcgwHQYDVR0OBBYEFNJFZGiG +jgfyr78L891/YR1La0rNMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAw5NXZO+mFEb9cDFX4i3RhJDGJHdqneSnOfyu9iL4rgTZi5zn +wVK0GjmFYjAlSUCGh0hf+/hOGf5oHwcX4qcJhvFJWG4+BEkBhyqSwThFSvrpNvUw +dwEqAyuunL28pGFDTKSQl/bYQIsgwn7P7YMIuMVoT6RpgxbFteWao03yT/RROhk/ +i4M+BMO/er/PN4YPoXmnv8mce1K5hMqXUYnyJb0VT2HVvfCG6RSzd5IR1bl6WGyz +lhabrNvhl/de+Vjns0s1BeaqpMqlGkiwKISBfzIHOc0xMrXI2gwHwhoBJkF2Jmg2 +UCw0XD+3BUpQ0zfsjNGEPCXw2e9eDbmx+dnWOg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.test b/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.test new file mode 100644 index 0000000000..6298c8b9f3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/longrolloverchain.test @@ -0,0 +1,5 @@ +chain: longrolloverchain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150302120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.pem b/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.pem new file mode 100644 index 0000000000..cf4cded581 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.pem @@ -0,0 +1,306 @@ +[Created by: generate-chains.py] + +A certificate tree with two self-signed root certificates(oldroot, newroot), +and a third root certificate (newrootrollover) which has the same key as newroot +but is signed by oldroot, all with the same subject and issuer. +There are two intermediates with the same key, subject and issuer +(oldintermediate signed by oldroot, and newintermediate signed by newroot). +The target certificate is signed by the intermediate key. + + +In graphical form: + + oldroot-------->newrootrollover newroot + | | | + v v v +oldintermediate newintermediate + | | + +------------+-------------+ + | + v + target + + +Several chains are output: + key-rollover-oldchain.pem: + target<-oldintermediate<-oldroot + key-rollover-rolloverchain.pem: + target<-newintermediate<-newrootrollover<-oldroot + key-rollover-longrolloverchain.pem: + target<-newintermediate<-newroot<-newrootrollover<-oldroot + key-rollover-newchain.pem: + target<-newintermediate<-newroot + +All of these chains should verify successfully. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 + X509v3 Authority Key Identifier: + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: + 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: + 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: + 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: + 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: + 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: + e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: + a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: + 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: + 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: + 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: + 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: + 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: + 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: + bd:68:1c:bf +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 +KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 +v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH +CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz +EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy +GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ +CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 +3L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 +jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ +lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF +5YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe +8MSRmYtP8TVlwauiShIbz71oHL8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:95 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + X509v3 Authority Key Identifier: + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 58:20:51:07:c1:79:72:0f:8d:3b:34:8d:af:79:8a:f4:65:dd: + f6:62:8c:28:b1:e3:91:7a:c1:e0:75:11:6e:f4:cf:90:04:39: + 8f:08:19:c9:d5:3b:61:4a:30:5c:f1:dd:93:1d:b0:05:d0:2b: + f4:a0:ce:4a:8d:10:f9:ce:47:92:a1:84:8a:5d:42:62:e4:81: + 4d:8d:2a:49:cf:41:b7:1f:b8:ef:62:68:80:64:52:b5:b4:e8: + 9c:33:10:85:f6:2d:18:0c:a1:cd:a7:6d:2a:b6:73:a8:3d:4c: + 64:c3:3a:33:11:8b:6b:0c:68:86:ab:28:c8:e2:21:a0:26:78: + ed:15:f6:14:3c:d0:19:ea:d2:88:3b:ed:de:c8:99:4b:74:ff: + aa:d3:80:1b:5d:f0:f4:08:33:28:33:e9:0a:e8:07:0c:c4:ab: + f6:8c:3d:08:5a:4b:91:84:45:56:85:a0:92:59:e8:b4:e8:c6: + 92:0d:db:1a:fe:dc:4f:ac:b6:5c:7e:6f:e5:56:14:85:f4:74: + 33:f8:1e:eb:33:d0:0b:74:a6:ef:4e:3b:e7:77:c4:92:26:4e: + 5d:e2:cd:6e:dc:f7:25:ee:92:b9:b0:48:5d:46:e5:a9:50:a8: + bb:68:57:cb:f8:7f:07:f7:b2:54:97:f9:6e:54:1c:53:09:ce: + c0:6b:f1:f1 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F +QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX +GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs +QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg +9qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz +6uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAUAWtJHyGPgN3Ul8Co +uyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBYIFEHwXlyD407NI2veYr0Zd32YowoseOResHg +dRFu9M+QBDmPCBnJ1TthSjBc8d2THbAF0Cv0oM5KjRD5zkeSoYSKXUJi5IFNjSpJ +z0G3H7jvYmiAZFK1tOicMxCF9i0YDKHNp20qtnOoPUxkwzozEYtrDGiGqyjI4iGg +JnjtFfYUPNAZ6tKIO+3eyJlLdP+q04AbXfD0CDMoM+kK6AcMxKv2jD0IWkuRhEVW +haCSWei06MaSDdsa/txPrLZcfm/lVhSF9HQz+B7rM9ALdKbvTjvnd8SSJk5d4s1u +3Pcl7pK5sEhdRuWpUKi7aFfL+H8H97JUl/luVBxTCc7Aa/Hx +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:94 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + X509v3 Authority Key Identifier: + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2c:4d:7f:fd:1c:4e:6a:f0:7b:d1:a6:d2:92:35:0a:bb:00:96: + f6:87:a2:8f:c8:20:51:fe:34:1b:e2:72:e0:52:ce:33:14:b8: + 9a:fb:2d:71:5d:cb:77:1e:47:cb:00:f3:e8:12:54:1a:d4:02: + e7:ee:4b:21:d2:b0:7e:df:a3:47:f2:0a:15:fe:b8:e6:7f:85: + 97:eb:2f:8d:1d:9d:0d:ba:34:ce:10:a9:a8:36:b8:ea:95:83: + 28:10:4b:09:2f:c6:7d:b4:9c:d7:20:cc:af:9f:99:36:67:a9: + 09:27:99:98:e5:10:6e:1b:ad:a1:46:0f:2f:82:98:98:28:30: + 72:33:1f:7a:24:fd:61:17:5d:23:a3:ca:70:76:a4:95:b8:7c: + 84:d7:f8:68:bd:23:27:34:0b:0f:65:c0:74:2f:28:94:46:73: + e3:7c:1a:f6:11:36:13:9b:16:5a:92:84:85:6d:59:88:85:82: + b5:43:22:fd:f5:9f:2d:82:27:cb:40:a4:b9:6c:50:7d:31:af: + 3f:cf:83:57:72:e5:d4:6b:5e:9d:97:d1:bf:a5:0a:0d:00:88: + 3d:25:b4:5c:a5:62:00:69:22:4e:ef:07:39:cf:74:33:7e:bb: + 03:07:57:49:38:d7:5c:3c:43:bf:cd:fe:af:1a:75:24:4d:a5: + f9:63:2c:bf +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i +uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd +tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ +T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt +YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ +ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h +j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFAFrSR8hj4Dd1JfAqLsqftzz2v3h +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEALE1//RxOavB70abSkjUKuwCW9oeij8ggUf40G+Jy4FLOMxS4 +mvstcV3Ldx5HywDz6BJUGtQC5+5LIdKwft+jR/IKFf645n+Fl+svjR2dDbo0zhCp +qDa46pWDKBBLCS/GfbSc1yDMr5+ZNmepCSeZmOUQbhutoUYPL4KYmCgwcjMfeiT9 +YRddI6PKcHaklbh8hNf4aL0jJzQLD2XAdC8olEZz43wa9hE2E5sWWpKEhW1ZiIWC +tUMi/fWfLYIny0CkuWxQfTGvP8+DV3Ll1GtenZfRv6UKDQCIPSW0XKViAGkiTu8H +Oc90M367AwdXSTjXXDxDv83+rxp1JE2l+WMsvw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.test b/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.test new file mode 100644 index 0000000000..83e850f45c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/newchain.test @@ -0,0 +1,5 @@ +chain: newchain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150302120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem b/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem new file mode 100644 index 0000000000..9e0edda22f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem @@ -0,0 +1,306 @@ +[Created by: generate-chains.py] + +A certificate tree with two self-signed root certificates(oldroot, newroot), +and a third root certificate (newrootrollover) which has the same key as newroot +but is signed by oldroot, all with the same subject and issuer. +There are two intermediates with the same key, subject and issuer +(oldintermediate signed by oldroot, and newintermediate signed by newroot). +The target certificate is signed by the intermediate key. + + +In graphical form: + + oldroot-------->newrootrollover newroot + | | | + v v v +oldintermediate newintermediate + | | + +------------+-------------+ + | + v + target + + +Several chains are output: + key-rollover-oldchain.pem: + target<-oldintermediate<-oldroot + key-rollover-rolloverchain.pem: + target<-newintermediate<-newrootrollover<-oldroot + key-rollover-longrolloverchain.pem: + target<-newintermediate<-newroot<-newrootrollover<-oldroot + key-rollover-newchain.pem: + target<-newintermediate<-newroot + +All of these chains should verify successfully. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 + X509v3 Authority Key Identifier: + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: + 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: + 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: + 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: + 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: + 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: + e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: + a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: + 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: + 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: + 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: + 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: + 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: + 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: + bd:68:1c:bf +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 +KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 +v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH +CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz +EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy +GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ +CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 +3L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 +jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ +lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF +5YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe +8MSRmYtP8TVlwauiShIbz71oHL8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:93 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 5b:49:de:7d:16:a8:c3:64:98:51:6a:fb:78:1f:7d:f8:0b:d8: + 6b:50:2a:4e:e1:69:05:44:19:1e:5a:79:88:b4:8f:41:60:0d: + a7:b5:91:7a:0d:3a:55:bc:58:fc:c7:90:ef:27:66:3d:f9:74: + 85:51:5d:67:fd:c8:b6:8a:78:88:70:f4:21:41:c6:30:34:fa: + c0:5a:23:36:06:4a:e9:ed:00:6a:a8:39:54:ac:a9:83:77:01: + 8b:72:07:f6:a3:2c:67:d6:36:12:ad:f3:e9:93:52:7d:ee:5f: + 64:8d:91:b2:14:ea:ea:44:fe:49:b7:23:d6:8a:5c:ba:4a:9f: + dc:35:9b:ae:8f:f7:5a:1b:b4:d1:a9:2f:15:d5:83:4b:07:67: + ed:5f:65:d7:02:54:59:1f:ad:fd:f3:05:39:72:77:8e:dd:34: + bd:c4:51:b7:68:e6:df:f2:5d:4e:51:16:d2:a2:47:42:41:b3: + 56:49:36:28:5a:30:d6:e6:f5:6b:d9:5a:87:b1:54:a3:cd:1a: + 24:f8:b9:02:ca:fa:1c:36:00:00:95:47:1b:c6:62:39:59:be: + fe:1e:bf:56:a5:5b:0a:b3:25:79:8c:9d:b6:68:4e:fc:63:e0: + ef:12:c3:91:3f:fe:7d:6e:97:c4:e2:54:ce:06:bd:7e:29:b9: + 06:e7:be:35 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F +QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX +GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs +QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg +9qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz +6uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAU0kVkaIaOB/Kvvwvz +3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBbSd59FqjDZJhRavt4H334C9hrUCpO4WkFRBke +WnmItI9BYA2ntZF6DTpVvFj8x5DvJ2Y9+XSFUV1n/ci2iniIcPQhQcYwNPrAWiM2 +Bkrp7QBqqDlUrKmDdwGLcgf2oyxn1jYSrfPpk1J97l9kjZGyFOrqRP5JtyPWily6 +Sp/cNZuuj/daG7TRqS8V1YNLB2ftX2XXAlRZH6398wU5cneO3TS9xFG3aObf8l1O +URbSokdCQbNWSTYoWjDW5vVr2VqHsVSjzRok+LkCyvocNgAAlUcbxmI5Wb7+Hr9W +pVsKsyV5jJ22aE78Y+DvEsORP/59bpfE4lTOBr1+KbkG5741 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:92 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c3:93:57:64:ef:a6:14:46:fd:70:31:57:e2:2d:d1:84:90:c6: + 24:77:6a:9d:e4:a7:39:fc:ae:f6:22:f8:ae:04:d9:8b:9c:e7: + c1:52:b4:1a:39:85:62:30:25:49:40:86:87:48:5f:fb:f8:4e: + 19:fe:68:1f:07:17:e2:a7:09:86:f1:49:58:6e:3e:04:49:01: + 87:2a:92:c1:38:45:4a:fa:e9:36:f5:30:77:01:2a:03:2b:ae: + 9c:bd:bc:a4:61:43:4c:a4:90:97:f6:d8:40:8b:20:c2:7e:cf: + ed:83:08:b8:c5:68:4f:a4:69:83:16:c5:b5:e5:9a:a3:4d:f2: + 4f:f4:51:3a:19:3f:8b:83:3e:04:c3:bf:7a:bf:cf:37:86:0f: + a1:79:a7:bf:c9:9c:7b:52:b9:84:ca:97:51:89:f2:25:bd:15: + 4f:61:d5:bd:f0:86:e9:14:b3:77:92:11:d5:b9:7a:58:6c:b3: + 96:16:9b:ac:db:e1:97:f7:5e:f9:58:e7:b3:4b:35:05:e6:aa: + a4:ca:a5:1a:48:b0:28:84:81:7f:32:07:39:cd:31:32:b5:c8: + da:0c:07:c2:1a:01:26:41:76:26:68:36:50:2c:34:5c:3f:b7: + 05:4a:50:d3:37:ec:8c:d1:84:3c:25:f0:d9:ef:5e:0d:b9:b1: + f9:d9:d6:3a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDvXz9XAK0tgoFWGcDamHKLf0tPN/LZDrM8e3PTiq1alJw3C7xoS0CsqdEf +GzVqdFBrkcIw5aaIh5D03I0JSWo+8P7Pu7M7M8EqLrn7m2rbKqafh0ZqsH2HxmMn +zVjnVX3FbNisxxD7bmhAnWm/j6CcNth63PsUSPSWXcIOj+kvHQgTBKAdA3i4ppcV +Ew+RTp4YAJaflOatAi7HYMjtUFQCLrJrbtV4f3p0ICD2nPqYF7OP/ZIBPf/mVvpF +KEGxPLpK77z/TB7TlrxdpgZ9J9hmE+BAdIOM9InJjYoTt5iIMmxRbBWSHBvn9wim +NYG0JL5FEB//yeRNNbdNPK5U0u5vAgMBAAGjgcswgcgwHQYDVR0OBBYEFNJFZGiG +jgfyr78L891/YR1La0rNMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAw5NXZO+mFEb9cDFX4i3RhJDGJHdqneSnOfyu9iL4rgTZi5zn +wVK0GjmFYjAlSUCGh0hf+/hOGf5oHwcX4qcJhvFJWG4+BEkBhyqSwThFSvrpNvUw +dwEqAyuunL28pGFDTKSQl/bYQIsgwn7P7YMIuMVoT6RpgxbFteWao03yT/RROhk/ +i4M+BMO/er/PN4YPoXmnv8mce1K5hMqXUYnyJb0VT2HVvfCG6RSzd5IR1bl6WGyz +lhabrNvhl/de+Vjns0s1BeaqpMqlGkiwKISBfzIHOc0xMrXI2gwHwhoBJkF2Jmg2 +UCw0XD+3BUpQ0zfsjNGEPCXw2e9eDbmx+dnWOg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.test b/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.test new file mode 100644 index 0000000000..76f7dd5f04 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/oldchain.test @@ -0,0 +1,5 @@ +chain: oldchain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150302120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem b/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem new file mode 100644 index 0000000000..a2ca050a4b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem @@ -0,0 +1,396 @@ +[Created by: generate-chains.py] + +A certificate tree with two self-signed root certificates(oldroot, newroot), +and a third root certificate (newrootrollover) which has the same key as newroot +but is signed by oldroot, all with the same subject and issuer. +There are two intermediates with the same key, subject and issuer +(oldintermediate signed by oldroot, and newintermediate signed by newroot). +The target certificate is signed by the intermediate key. + + +In graphical form: + + oldroot-------->newrootrollover newroot + | | | + v v v +oldintermediate newintermediate + | | + +------------+-------------+ + | + v + target + + +Several chains are output: + key-rollover-oldchain.pem: + target<-oldintermediate<-oldroot + key-rollover-rolloverchain.pem: + target<-newintermediate<-newrootrollover<-oldroot + key-rollover-longrolloverchain.pem: + target<-newintermediate<-newroot<-newrootrollover<-oldroot + key-rollover-newchain.pem: + target<-newintermediate<-newroot + +All of these chains should verify successfully. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 + X509v3 Authority Key Identifier: + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: + 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: + 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: + 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: + 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: + 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: + e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: + a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: + 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: + 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: + 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: + 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: + 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: + 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: + bd:68:1c:bf +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 +MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 +KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 +v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH +CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz +EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy +GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ +CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 +3L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 +jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ +lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF +5YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe +8MSRmYtP8TVlwauiShIbz71oHL8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:95 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B + X509v3 Authority Key Identifier: + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 58:20:51:07:c1:79:72:0f:8d:3b:34:8d:af:79:8a:f4:65:dd: + f6:62:8c:28:b1:e3:91:7a:c1:e0:75:11:6e:f4:cf:90:04:39: + 8f:08:19:c9:d5:3b:61:4a:30:5c:f1:dd:93:1d:b0:05:d0:2b: + f4:a0:ce:4a:8d:10:f9:ce:47:92:a1:84:8a:5d:42:62:e4:81: + 4d:8d:2a:49:cf:41:b7:1f:b8:ef:62:68:80:64:52:b5:b4:e8: + 9c:33:10:85:f6:2d:18:0c:a1:cd:a7:6d:2a:b6:73:a8:3d:4c: + 64:c3:3a:33:11:8b:6b:0c:68:86:ab:28:c8:e2:21:a0:26:78: + ed:15:f6:14:3c:d0:19:ea:d2:88:3b:ed:de:c8:99:4b:74:ff: + aa:d3:80:1b:5d:f0:f4:08:33:28:33:e9:0a:e8:07:0c:c4:ab: + f6:8c:3d:08:5a:4b:91:84:45:56:85:a0:92:59:e8:b4:e8:c6: + 92:0d:db:1a:fe:dc:4f:ac:b6:5c:7e:6f:e5:56:14:85:f4:74: + 33:f8:1e:eb:33:d0:0b:74:a6:ef:4e:3b:e7:77:c4:92:26:4e: + 5d:e2:cd:6e:dc:f7:25:ee:92:b9:b0:48:5d:46:e5:a9:50:a8: + bb:68:57:cb:f8:7f:07:f7:b2:54:97:f9:6e:54:1c:53:09:ce: + c0:6b:f1:f1 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F +QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX +GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs +QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg +9qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz +6uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E +FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAUAWtJHyGPgN3Ul8Co +uyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBYIFEHwXlyD407NI2veYr0Zd32YowoseOResHg +dRFu9M+QBDmPCBnJ1TthSjBc8d2THbAF0Cv0oM5KjRD5zkeSoYSKXUJi5IFNjSpJ +z0G3H7jvYmiAZFK1tOicMxCF9i0YDKHNp20qtnOoPUxkwzozEYtrDGiGqyjI4iGg +JnjtFfYUPNAZ6tKIO+3eyJlLdP+q04AbXfD0CDMoM+kK6AcMxKv2jD0IWkuRhEVW +haCSWei06MaSDdsa/txPrLZcfm/lVhSF9HQz+B7rM9ALdKbvTjvnd8SSJk5d4s1u +3Pcl7pK5sEhdRuWpUKi7aFfL+H8H97JUl/luVBxTCc7Aa/Hx +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:96 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 2 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 92:e9:36:26:51:cb:1d:31:0c:a0:5e:86:32:26:b1:0a:2f:2a: + e7:a5:65:0d:6e:56:e2:6d:1e:41:52:23:03:38:63:72:20:10: + b8:0f:42:28:9a:53:6e:ea:3c:88:a4:b6:89:67:50:34:2b:84: + 15:a3:ee:e2:a6:88:74:80:c0:8d:f0:af:84:10:94:2f:50:6f: + b8:7f:55:a6:a2:18:d5:0e:98:1d:2e:62:29:15:eb:07:eb:01: + a8:33:f2:11:08:d3:b1:09:2a:2a:05:81:ec:7c:29:10:bd:6f: + 07:55:05:77:21:e1:84:25:b3:65:b2:be:e6:db:7b:3f:e2:46: + a6:03:75:07:d0:ec:b4:00:e8:46:bf:16:2d:b0:87:0e:06:84: + 7c:54:3b:a1:8c:0e:fa:d3:d1:d2:5d:40:c1:24:b9:00:31:b7: + bc:9a:3a:e9:68:5a:bc:20:7e:5a:5e:8b:a7:28:e2:a6:5c:9b: + ff:0f:c6:ae:39:04:1d:73:77:8f:e3:28:03:7e:c5:92:50:9a: + dc:15:67:b6:42:be:7f:b1:a6:5f:25:3c:61:6c:68:a0:b5:d0: + d9:d5:bd:45:29:06:bc:ab:ee:16:6f:63:55:6b:eb:d1:9c:a5: + a7:47:70:4b:43:3a:2a:b2:a1:b5:3a:a2:fe:57:78:db:16:66: + 9f:4c:3e:55 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i +uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd +tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ +T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt +YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ +ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h +j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAkuk2JlHLHTEMoF6GMiaxCi8q56VlDW5W4m0eQVIjAzhjciAQ +uA9CKJpTbuo8iKS2iWdQNCuEFaPu4qaIdIDAjfCvhBCUL1BvuH9VpqIY1Q6YHS5i +KRXrB+sBqDPyEQjTsQkqKgWB7HwpEL1vB1UFdyHhhCWzZbK+5tt7P+JGpgN1B9Ds +tADoRr8WLbCHDgaEfFQ7oYwO+tPR0l1AwSS5ADG3vJo66WhavCB+Wl6Lpyjiplyb +/w/GrjkEHXN3j+MoA37FklCa3BVntkK+f7GmXyU8YWxooLXQ2dW9RSkGvKvuFm9j +VWvr0Zylp0dwS0M6KrKhtTqi/ld42xZmn0w+VQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:92 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + X509v3 Authority Key Identifier: + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c3:93:57:64:ef:a6:14:46:fd:70:31:57:e2:2d:d1:84:90:c6: + 24:77:6a:9d:e4:a7:39:fc:ae:f6:22:f8:ae:04:d9:8b:9c:e7: + c1:52:b4:1a:39:85:62:30:25:49:40:86:87:48:5f:fb:f8:4e: + 19:fe:68:1f:07:17:e2:a7:09:86:f1:49:58:6e:3e:04:49:01: + 87:2a:92:c1:38:45:4a:fa:e9:36:f5:30:77:01:2a:03:2b:ae: + 9c:bd:bc:a4:61:43:4c:a4:90:97:f6:d8:40:8b:20:c2:7e:cf: + ed:83:08:b8:c5:68:4f:a4:69:83:16:c5:b5:e5:9a:a3:4d:f2: + 4f:f4:51:3a:19:3f:8b:83:3e:04:c3:bf:7a:bf:cf:37:86:0f: + a1:79:a7:bf:c9:9c:7b:52:b9:84:ca:97:51:89:f2:25:bd:15: + 4f:61:d5:bd:f0:86:e9:14:b3:77:92:11:d5:b9:7a:58:6c:b3: + 96:16:9b:ac:db:e1:97:f7:5e:f9:58:e7:b3:4b:35:05:e6:aa: + a4:ca:a5:1a:48:b0:28:84:81:7f:32:07:39:cd:31:32:b5:c8: + da:0c:07:c2:1a:01:26:41:76:26:68:36:50:2c:34:5c:3f:b7: + 05:4a:50:d3:37:ec:8c:d1:84:3c:25:f0:d9:ef:5e:0d:b9:b1: + f9:d9:d6:3a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDvXz9XAK0tgoFWGcDamHKLf0tPN/LZDrM8e3PTiq1alJw3C7xoS0CsqdEf +GzVqdFBrkcIw5aaIh5D03I0JSWo+8P7Pu7M7M8EqLrn7m2rbKqafh0ZqsH2HxmMn +zVjnVX3FbNisxxD7bmhAnWm/j6CcNth63PsUSPSWXcIOj+kvHQgTBKAdA3i4ppcV +Ew+RTp4YAJaflOatAi7HYMjtUFQCLrJrbtV4f3p0ICD2nPqYF7OP/ZIBPf/mVvpF +KEGxPLpK77z/TB7TlrxdpgZ9J9hmE+BAdIOM9InJjYoTt5iIMmxRbBWSHBvn9wim +NYG0JL5FEB//yeRNNbdNPK5U0u5vAgMBAAGjgcswgcgwHQYDVR0OBBYEFNJFZGiG +jgfyr78L891/YR1La0rNMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAw5NXZO+mFEb9cDFX4i3RhJDGJHdqneSnOfyu9iL4rgTZi5zn +wVK0GjmFYjAlSUCGh0hf+/hOGf5oHwcX4qcJhvFJWG4+BEkBhyqSwThFSvrpNvUw +dwEqAyuunL28pGFDTKSQl/bYQIsgwn7P7YMIuMVoT6RpgxbFteWao03yT/RROhk/ +i4M+BMO/er/PN4YPoXmnv8mce1K5hMqXUYnyJb0VT2HVvfCG6RSzd5IR1bl6WGyz +lhabrNvhl/de+Vjns0s1BeaqpMqlGkiwKISBfzIHOc0xMrXI2gwHwhoBJkF2Jmg2 +UCw0XD+3BUpQ0zfsjNGEPCXw2e9eDbmx+dnWOg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.test b/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.test new file mode 100644 index 0000000000..cae1a51f56 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/key-rollover/rolloverchain.test @@ -0,0 +1,5 @@ +chain: rolloverchain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: 150302120000Z +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/many-names/generate-chains.py new file mode 100755 index 0000000000..70e37b10e1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/generate-chains.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python +# Copyright 2018 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import sys +sys.path += ['../..'] + +import gencerts + +def add_excluded_name_constraints(cert, num_dns, num_ip, num_dirnames, num_uri): + cert.get_extensions().set_property('nameConstraints', '@nameConstraints_info') + constraints = cert.config.get_section('nameConstraints_info') + for i in range(num_dns): + constraints.set_property('excluded;DNS.%i' % (i + 1), 'x%i.test' % i) + for i in range(num_ip): + b,c = divmod(i, 256) + a,b = divmod(b, 256) + constraints.set_property('excluded;IP.%i' % (i + 1), + '11.%i.%i.%i/255.255.255.255' % (a, b, c)) + for i in range(num_dirnames): + section_name = 'nameConstraints_dirname_x%i' % (i + 1) + dirname = cert.config.get_section(section_name) + dirname.set_property('commonName', '"x%i' % i) + constraints.set_property('excluded;dirName.%i' % (i + 1), section_name) + for i in range(num_uri): + constraints.set_property('excluded;URI.%i' % (i + 1), 'http://xest/%i' % i) + + +def add_permitted_name_constraints( + cert, num_dns, num_ip, num_dirnames, num_uri): + cert.get_extensions().set_property('nameConstraints', '@nameConstraints_info') + constraints = cert.config.get_section('nameConstraints_info') + for i in range(num_dns): + constraints.set_property('permitted;DNS.%i' % (i + 1), 't%i.test' % i) + for i in range(num_ip): + b,c = divmod(i, 256) + a,b = divmod(b, 256) + constraints.set_property('permitted;IP.%i' % (i + 1), + '10.%i.%i.%i/255.255.255.255' % (a, b, c)) + for i in range(num_dirnames): + section_name = 'nameConstraints_dirname_p%i' % (i + 1) + dirname = cert.config.get_section(section_name) + dirname.set_property('commonName', '"t%i' % i) + constraints.set_property('permitted;dirName.%i' % (i + 1), section_name) + for i in range(num_uri): + constraints.set_property('permitted;URI.%i' % (i + 1), + 'http://test/%i' % i) + + +def add_sans(cert, num_dns, num_ip, num_dirnames, num_uri): + cert.get_extensions().set_property('subjectAltName', '@san_info') + sans = cert.config.get_section('san_info') + for i in range(num_dns): + sans.set_property('DNS.%i' % (i + 1), 't%i.test' % i) + for i in range(num_ip): + b,c = divmod(i, 256) + a,b = divmod(b, 256) + sans.set_property('IP.%i' % (i + 1), '10.%i.%i.%i' % (a, b, c)) + for i in range(num_dirnames): + section_name = 'san_dirname%i' % (i + 1) + dirname = cert.config.get_section(section_name) + dirname.set_property('commonName', '"t%i' % i) + sans.set_property('dirName.%i' % (i + 1), section_name) + for i in range(num_uri): + sans.set_property('URI.%i' % (i + 1), 'http://test/%i' % i) + + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Use the same keys for all the chains. Fewer key files to check in, and also +# gives stability against re-ordering of the calls to |make_chain|. +intermediate_key = gencerts.get_or_generate_rsa_key( + 2048, gencerts.create_key_path('Intermediate')) +target_key = gencerts.get_or_generate_rsa_key( + 2048, gencerts.create_key_path('t0')) + +def make_chain(name, doc, excluded, permitted, sans): + # Intermediate certificate. + intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + intermediate.set_key(intermediate_key) + add_excluded_name_constraints(intermediate, **excluded) + add_permitted_name_constraints(intermediate, **permitted) + + # Target certificate. + target = gencerts.create_end_entity_certificate('t0', intermediate) + target.set_key(target_key) + add_sans(target, **sans) + + chain = [target, intermediate, root] + gencerts.write_chain(doc, chain, '%s.pem' % name) + + +make_chain('ok-all-types', + "A chain containing a large number of name constraints and names,\n" + "but below the limit.", + excluded=dict(num_dns=170, + num_ip=170, + num_dirnames=170, + num_uri=1025), + permitted=dict(num_dns=171, + num_ip=171, + num_dirnames=172, + num_uri=1025), + sans=dict(num_dns=341, num_ip=341, num_dirnames=342, num_uri=1025)) + +make_chain('toomany-all-types', + "A chain containing a large number of different types of name\n" + "constraints and names, above the limit.", + excluded=dict(num_dns=170, num_ip=170, num_dirnames=170, num_uri=0), + permitted=dict(num_dns=172, num_ip=171, num_dirnames=172, num_uri=0), + sans=dict(num_dns=342, num_ip=341, num_dirnames=341, num_uri=0)) + +make_chain( + 'toomany-dns-excluded', + "A chain containing a large number of excluded DNS name\n" + "constraints and DNS names, above the limit.", + excluded=dict(num_dns=1025, num_ip=0, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + sans=dict(num_dns=1024, num_ip=0, num_dirnames=0, num_uri=0)) +make_chain( + 'toomany-ips-excluded', + "A chain containing a large number of excluded IP name\n" + "constraints and IP names, above the limit.", + excluded=dict(num_dns=0, num_ip=1025, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + sans=dict(num_dns=0, num_ip=1024, num_dirnames=0, num_uri=0)) +make_chain( + 'toomany-dirnames-excluded', + "A chain containing a large number of excluded directory name\n" + "constraints and directory names, above the limit.", + excluded=dict(num_dns=0, num_ip=0, num_dirnames=1025, num_uri=0), + permitted=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + sans=dict(num_dns=0, num_ip=0, num_dirnames=1024, num_uri=0)) + +make_chain( + 'toomany-dns-permitted', + "A chain containing a large number of permitted DNS name\n" + "constraints and DNS names, above the limit.", + excluded=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=1025, num_ip=0, num_dirnames=0, num_uri=0), + sans=dict(num_dns=1024, num_ip=0, num_dirnames=0, num_uri=0)) +make_chain( + 'toomany-ips-permitted', + "A chain containing a large number of permitted IP name\n" + "constraints and IP names, above the limit.", + excluded=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=0, num_ip=1025, num_dirnames=0, num_uri=0), + sans=dict(num_dns=0, num_ip=1024, num_dirnames=0, num_uri=0)) +make_chain( + 'toomany-dirnames-permitted', + "A chain containing a large number of permitted directory name\n" + "constraints and directory names, above the limit.", + excluded=dict(num_dns=0, num_ip=0, num_dirnames=0, num_uri=0), + permitted=dict(num_dns=0, num_ip=0, num_dirnames=1025, num_uri=0), + sans=dict(num_dns=0, num_ip=0, num_dirnames=1024, num_uri=0)) diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Intermediate.key new file mode 100644 index 0000000000..771102c22c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxLHa4GJxiOVbqt +EscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9WyNroD1cod26a +oEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luvC6DmdaXS4XJO +ImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf00YvmLxRmVvHa +8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9IbjmK6igvwa7QzMZ +PXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABAoIBAH0ZRQD0vic4r/2G +bLiyt3OvlvQ5AOIolQZiZV3zRFEi6xcEn1cIis11Sw0p39I1W5xEilhSlgPiKwn1 +JTl4HjuOzRxC7ASQxXk05jtVZ++4AGWsFMw8XNNXPiuR0zybVAchWiksVYQ9tBHd +MVHvhj3jn/IePMW/AqU3NQHEA7deawNUIkHJuqO7p/HwoHLo7HWmCfqPoX4C6AVk +lQ5qAg/20QiXYkHNXZIXtkdKGXNEuShmlE0VpGW15NDg0T4wd27SpdDG/q6lw/h+ +C29FsGmk9b1uzglNotAS0i22X0uJ0ajDg9hIi0UCBsZjwnrn+cy097wAIval/ce4 +4YFGj4ECgYEA6oKDfk+xrCl8KWx1orAE+UCzKtyxX9XvWzIOGwFdGbpKT7mqnUqB +GADkmTfEOqVLgDaHnzI1kd4M/arasQwWC+0vycbpqQ5mYoVyDCexE8092rWYS0MM +v5mJPnbHWpKQEtsLOcQyCPPKuazXogVCW0Y7B/mQos0lIXZYO99IhY0CgYEAzGRF +DENXG+hjQDl6M6oEM3EXoMoL5pBpT0g9FweofFLEUFY4O1bfWgslof8hTU945R1O +ZpGrt+Kq5oIdA6C9+Pf+LhBr5oXL/W1Hp+xxoFtB9ZHSO4HSI6PjZ9CEr3eMKlgt +OYI9XbyTbuu59BmUjonBwWi3sC8aBfvcgH3ocjkCgYEAim0B62Rlb0eJp/YCtkaK +mQrM98cP2I8y27T/SIeUiiRByy/Ae1pIO4ADcEHPzgJWP9dwVNNRdcoKBw58Srfk +p6OZatTEhmsempdEy9H+H78t/NTmkb6BXvPlZH6+jEMpUkgEJ1QdaNVnXBSfsF7E +XZZmL/3rl33aphbyXF0ftN0CgYAIrrnAK5wns1eEAu0OBMro5IT8b5jR0pCmrYrq +z4h4v4tXXlJFMwuJ569RkmT3w8h+8x/Be66vwRFBeYWCAfIQAXjqvAfZYxWnTl0c +5Q5uoXHL3MXxgTJMEUo3vsPkME/j/JrvNnkk4j3hGGJt3ChTZca1UJ18/oM8fdaA +HtkhAQKBgAeap19LsudhjxAu3qeXGIdGx8j91rMgbFpaz9fubriFvC+l+DeH8oF5 +XvoGXQAORIHuSXTLIXw0xyi/JxhJFbUlSS7sgTsnTeGhsmDbM9F5aUQLwL2MFM03 +n6H3CQplMZoQfCpsKfKED1m2zLKpum1zvJhjrFGEV1EKKBnUFg4C +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Root.key new file mode 100644 index 0000000000..f1663e4d69 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzHrP7L2gAcMmUdgoroC2C9J21wSGGKz98o9k55LW0EIyT83Q +TdCscZpzgAoEcCCjL6Cb9D4Zz2lUtb6F3W6yCxTfJ78sobuypyMM+654aWsabnw4 +fxVd5c8nMlYq8Yf+OhZz5t2D8vKuMciT0km3sXH1Vd67hc3LGXQdYUnag0TsTF6q +1YsyGtt31bGDjAC5VbdkeFyHyWhYvd6vUOK7vTLN+j3fOz2TEBa2bZAd133p6n4e +LsgQpBStYnKvZZUfp26BhJ/fhU7APn+MAgrwZViEfGrhU6888Xq5M8jn+e2SRgBQ +YvCJQVcegdEEErP8JWAXXAvrqUZKAzkWEU3hewIDAQABAoIBAH74l9oimZPekRHr +Tr+lDuXiZ4b2uSnjacFPx1GAvcEOCd3CKGHZfOsCBExya/UQXyR4775HPZGsjzxX +tRod3ZLCABvXOyimu7XLLwmtefnD1uLaYd6P7wF/k5BPL1VRo8yAGrI1xPR8OyyQ +pzHCMr2NzNDogLsCYeZJUuERkg1GB+jWaZwbDptpsw0V1ecTyyBBUJX2OCfWaEc2 +IW91kxuRFkJXSV61E36iXQ/dcQL3O8BDFH/yJgzKjzBRDPOeMxKbUakoxMEU9N6j +Tb6e462Oy7S/vfCzyxXN7wiqXcgH5LhVQ8RsrS/qYNBjRZ262428QJdvyBIW20id +TYgPWdECgYEA5yK3ppHRgEUiVHWEqSu9PZbYloebzElL/B7o0Vu0ZVo51dxoWZgg ++oDvxs+AWuyR0Yl3mh7HI/Md4rMA5cbzQ7x4FsX/tYw8rKR93uuQoxIbRt5DJJNV +tOtK0E8EcZlmVc3PxPV2/RUsRVIFxYUzCbYU9nKnbRixijQUHPx5MBkCgYEA4noD +mbDIdFce9nr2MxNPt67dMFGmVGIICsgGBhUX+gtnn6qne3I+JJknuwT7A/RjYZmB +IR9KzxGZERXXzVok+/0wx8fzuU61LQMkVEUYGJf8vy13lLB8e9qsnH1DmDmNmp1a +7KicYbAN+2jZmyIJZZNyhNQtj5HAZ4Qn1ZZDQLMCgYAD6xO/8CLkEMf3NJLOJ16q +556+Vogum2N9X6zEt9BEE5Z9aKIgOrL8bCkkbqoXYIFMUw9C/piTpHByQmSWgJvp +Hw3OHQcrtbflmVhE6itmiE0ME4KB4TmHuqFnDJ/fqSER/U4zYZHl0nEQr8ZHRe3K +kVqjnuf1soB3/lAE+ca4KQKBgQCd204HIiGWdeMvCiXxE9TMwyWJOGAnEO1qFmGc +e7dqoehochqrAMYv3FDFGoOcDgv3S3emDpmmGy4FqqPwjpSYz7Hgjo5i62l9JmN8 +GWziN44D8z0Wdq1N5u3JZcZnpDX/Pw7RRfU6YexdAIgsiVzjYBLCYuIe4AisHoFl +bocR4QKBgE2C5iMHYTDRTPYSIo6P0Q7xUNn8Ebh8ZVSwqHGlzSuuBWKfYk9JR1bZ +sOewIAJ+lZv+n1IXesHMsX/iz9DeXSxSYfUMnAHJzKKHnYGw3vCeZt87Jyr0ODzQ +CivwdPowyLq7JB6UU4E9Pkt3yl/gc9PRUe/tEO9VPC2ZbeslocQj +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/keys/t0.key b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/t0.key new file mode 100644 index 0000000000..ca819f7595 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/keys/t0.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA2yxTAc75GoM2UlEqW0Jj3jJ1EWp9sKHkd0ebceWmLWTXrlsE +7Xo/x/bKKyutzWyIpY42++eiIrV9VHnp1XpbyispbA2EChDEIbZYmLsNtgyNVlss +hVkHygZGNiUaKY7EObfDMc5uScIBz7A7J0OK49UGHy2Tnd16RWVt/bSxwBBZQvIe +j85DrJclwXziUeFENVuUqgNu2nEvJX9YMAHhEhce8qpsIoCxyWXqd5WzB8T3cjg0 +/qBDM0xmbaHooQS8bxQ5OUQuODd0yQohhZEht066sJlKdph7WMoc07BAw9kqdfvr +GerjGpgxUpfpf6R7IX8v3GKGj/39qIjoS0RSvQIDAQABAoIBAFAU7/d3Mpm3W7/U +HE/gADGN6iyE5owFez8CERAaww9PC2ePpktHIcrkp5YCjazDfWJQhlKgniNkgPi+ +2uu/m45RGv96KMasvZ07zT9xCV99Up89DRVkJG5ywHDEObz5h0U3mcC3FqEonBTQ +5axBB5ybl3MI6ikCZcy5dOkAfvoX0ZLTtWPVeMd0fGltyyx5PuB4craZG6EcQpiD +wXSyW+n7DjQhOwe9YUo8ujuvWo3bk+OOOclqkAQyL8WDWanUOpv/9Fxgfm5r5Aef +YeCf47Y1/lBD3ep8hTY+5yTgL4qW0B7Dwrof6rMSSTU9jGfc/aYsXAJMHR0wxOkh +p6Py3gECgYEA/w2heV0tPhSpKzBLt6G6zIPcvXIKmFhk4sDpKFUGbo8FNWJ65s/Y +3Z1tNm0De0HxLgstoZXBZP86M5s7M+PXblcf2du+ogOS6R88xztLvT5xYRL5JG9r +1LcVcx6NsYA3M3Z3DYqUEJJYcyl3PhdHkB64y/uxf+OONVFYV0r0n0ECgYEA2/yZ +BOfvNQzk2a7z7IIMIe93UrphHN86w2++eEp3j1+RAG2/BUfKF5zoeEEeoJJW4QnL +rbvpkJSmHZ1c/HuEBgOoVhUNAwit13c4TtnZlWnFwr7ZtJh/2Wz/zcfJanrV9Pit +n7ncJfO5FFqz/dFqm3sWlwlWGNrxSfS43Wa+kH0CgYBz23NAOA03KBd4YOXkMnky +Mavx+n3Jmk2pm0vOYGEdk6YgC+4cLsoqUTqtAHQWZ2vxKG6/+dDx2eZMTvVjqtnP +a5AyXFmKKulvMBthvRO4kUbbe8zkuiBXbhs2QejHeqCYpfWKlyqPJIs9NNbPw69k +TjBPqLOGjo2otpzUel4IgQKBgGdcu2UzuRBbG5gwfQnuXNcBFja3vfN767dyZLNO +gfjKtW3XIv7PKWSI5C3EoyhdOhcIrDvYZDj7r0WQ7+TuAC13QHwZ7gAz7sKjkMBz +2ak7hqEnXVFeqgu2DEdbDQdL6gXtZl77TDZE2vx2VcX3xLiDUCztRRfun5rZMpdM +tFNdAoGASvf9eR+2LZC4mpK01y+zonG69IuJ+dfX28rEtOet9ERjtvdRAjKddJ4p +y3E8Mz0XmUBHXhS9YtKHYd2KuabX+t2PkM4wb1RjAO77vmPMrElV5goDX4Otffi6 +5neL3h2AiIIC8b0xs+j0R13jWoSH49iEVX/OO2eSO+P/FlOZQes= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.pem new file mode 100644 index 0000000000..e97cc1162c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.pem @@ -0,0 +1,5095 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of name constraints and names, +but below the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, URI:http://test/0, URI:http://test/1, URI:http://test/2, URI:http://test/3, URI:http://test/4, URI:http://test/5, URI:http://test/6, URI:http://test/7, URI:http://test/8, URI:http://test/9, URI:http://test/10, URI:http://test/11, URI:http://test/12, URI:http://test/13, URI:http://test/14, URI:http://test/15, URI:http://test/16, URI:http://test/17, URI:http://test/18, URI:http://test/19, URI:http://test/20, URI:http://test/21, URI:http://test/22, URI:http://test/23, URI:http://test/24, URI:http://test/25, URI:http://test/26, URI:http://test/27, URI:http://test/28, URI:http://test/29, URI:http://test/30, URI:http://test/31, URI:http://test/32, URI:http://test/33, URI:http://test/34, URI:http://test/35, URI:http://test/36, URI:http://test/37, URI:http://test/38, URI:http://test/39, URI:http://test/40, URI:http://test/41, URI:http://test/42, URI:http://test/43, URI:http://test/44, URI:http://test/45, URI:http://test/46, URI:http://test/47, URI:http://test/48, URI:http://test/49, URI:http://test/50, URI:http://test/51, URI:http://test/52, URI:http://test/53, URI:http://test/54, URI:http://test/55, URI:http://test/56, URI:http://test/57, URI:http://test/58, URI:http://test/59, URI:http://test/60, URI:http://test/61, URI:http://test/62, URI:http://test/63, URI:http://test/64, URI:http://test/65, URI:http://test/66, URI:http://test/67, URI:http://test/68, URI:http://test/69, URI:http://test/70, URI:http://test/71, URI:http://test/72, URI:http://test/73, URI:http://test/74, URI:http://test/75, URI:http://test/76, URI:http://test/77, URI:http://test/78, URI:http://test/79, URI:http://test/80, URI:http://test/81, URI:http://test/82, URI:http://test/83, URI:http://test/84, URI:http://test/85, URI:http://test/86, URI:http://test/87, URI:http://test/88, URI:http://test/89, URI:http://test/90, URI:http://test/91, URI:http://test/92, URI:http://test/93, URI:http://test/94, URI:http://test/95, URI:http://test/96, URI:http://test/97, URI:http://test/98, URI:http://test/99, URI:http://test/100, URI:http://test/101, URI:http://test/102, URI:http://test/103, URI:http://test/104, URI:http://test/105, URI:http://test/106, URI:http://test/107, URI:http://test/108, URI:http://test/109, URI:http://test/110, URI:http://test/111, URI:http://test/112, URI:http://test/113, URI:http://test/114, URI:http://test/115, URI:http://test/116, URI:http://test/117, URI:http://test/118, URI:http://test/119, URI:http://test/120, URI:http://test/121, URI:http://test/122, URI:http://test/123, URI:http://test/124, URI:http://test/125, URI:http://test/126, URI:http://test/127, URI:http://test/128, URI:http://test/129, URI:http://test/130, URI:http://test/131, URI:http://test/132, URI:http://test/133, URI:http://test/134, URI:http://test/135, URI:http://test/136, URI:http://test/137, URI:http://test/138, URI:http://test/139, URI:http://test/140, URI:http://test/141, URI:http://test/142, URI:http://test/143, URI:http://test/144, URI:http://test/145, URI:http://test/146, URI:http://test/147, URI:http://test/148, URI:http://test/149, URI:http://test/150, URI:http://test/151, URI:http://test/152, URI:http://test/153, URI:http://test/154, URI:http://test/155, URI:http://test/156, URI:http://test/157, URI:http://test/158, URI:http://test/159, URI:http://test/160, URI:http://test/161, URI:http://test/162, URI:http://test/163, URI:http://test/164, URI:http://test/165, URI:http://test/166, URI:http://test/167, URI:http://test/168, URI:http://test/169, URI:http://test/170, URI:http://test/171, URI:http://test/172, URI:http://test/173, URI:http://test/174, URI:http://test/175, URI:http://test/176, URI:http://test/177, URI:http://test/178, URI:http://test/179, URI:http://test/180, URI:http://test/181, URI:http://test/182, URI:http://test/183, URI:http://test/184, URI:http://test/185, URI:http://test/186, URI:http://test/187, URI:http://test/188, URI:http://test/189, URI:http://test/190, URI:http://test/191, URI:http://test/192, URI:http://test/193, URI:http://test/194, URI:http://test/195, URI:http://test/196, URI:http://test/197, URI:http://test/198, URI:http://test/199, URI:http://test/200, URI:http://test/201, URI:http://test/202, URI:http://test/203, URI:http://test/204, URI:http://test/205, URI:http://test/206, URI:http://test/207, URI:http://test/208, URI:http://test/209, URI:http://test/210, URI:http://test/211, URI:http://test/212, URI:http://test/213, URI:http://test/214, URI:http://test/215, URI:http://test/216, URI:http://test/217, URI:http://test/218, URI:http://test/219, URI:http://test/220, URI:http://test/221, URI:http://test/222, URI:http://test/223, URI:http://test/224, URI:http://test/225, URI:http://test/226, URI:http://test/227, URI:http://test/228, URI:http://test/229, URI:http://test/230, URI:http://test/231, URI:http://test/232, URI:http://test/233, URI:http://test/234, URI:http://test/235, URI:http://test/236, URI:http://test/237, URI:http://test/238, URI:http://test/239, URI:http://test/240, URI:http://test/241, URI:http://test/242, URI:http://test/243, URI:http://test/244, URI:http://test/245, URI:http://test/246, URI:http://test/247, URI:http://test/248, URI:http://test/249, URI:http://test/250, URI:http://test/251, URI:http://test/252, URI:http://test/253, URI:http://test/254, URI:http://test/255, URI:http://test/256, URI:http://test/257, URI:http://test/258, URI:http://test/259, URI:http://test/260, URI:http://test/261, URI:http://test/262, URI:http://test/263, URI:http://test/264, URI:http://test/265, URI:http://test/266, URI:http://test/267, URI:http://test/268, URI:http://test/269, URI:http://test/270, URI:http://test/271, URI:http://test/272, URI:http://test/273, URI:http://test/274, URI:http://test/275, URI:http://test/276, URI:http://test/277, URI:http://test/278, URI:http://test/279, URI:http://test/280, URI:http://test/281, URI:http://test/282, URI:http://test/283, URI:http://test/284, URI:http://test/285, URI:http://test/286, URI:http://test/287, URI:http://test/288, URI:http://test/289, URI:http://test/290, URI:http://test/291, URI:http://test/292, URI:http://test/293, URI:http://test/294, URI:http://test/295, URI:http://test/296, URI:http://test/297, URI:http://test/298, URI:http://test/299, URI:http://test/300, URI:http://test/301, URI:http://test/302, URI:http://test/303, URI:http://test/304, URI:http://test/305, URI:http://test/306, URI:http://test/307, URI:http://test/308, URI:http://test/309, URI:http://test/310, URI:http://test/311, URI:http://test/312, URI:http://test/313, URI:http://test/314, URI:http://test/315, URI:http://test/316, URI:http://test/317, URI:http://test/318, URI:http://test/319, URI:http://test/320, URI:http://test/321, URI:http://test/322, URI:http://test/323, URI:http://test/324, URI:http://test/325, URI:http://test/326, URI:http://test/327, URI:http://test/328, URI:http://test/329, URI:http://test/330, URI:http://test/331, URI:http://test/332, URI:http://test/333, URI:http://test/334, URI:http://test/335, URI:http://test/336, URI:http://test/337, URI:http://test/338, URI:http://test/339, URI:http://test/340, URI:http://test/341, URI:http://test/342, URI:http://test/343, URI:http://test/344, URI:http://test/345, URI:http://test/346, URI:http://test/347, URI:http://test/348, URI:http://test/349, URI:http://test/350, URI:http://test/351, URI:http://test/352, URI:http://test/353, URI:http://test/354, URI:http://test/355, URI:http://test/356, URI:http://test/357, URI:http://test/358, URI:http://test/359, URI:http://test/360, URI:http://test/361, URI:http://test/362, URI:http://test/363, URI:http://test/364, URI:http://test/365, URI:http://test/366, URI:http://test/367, URI:http://test/368, URI:http://test/369, URI:http://test/370, URI:http://test/371, URI:http://test/372, URI:http://test/373, URI:http://test/374, URI:http://test/375, URI:http://test/376, URI:http://test/377, URI:http://test/378, URI:http://test/379, URI:http://test/380, URI:http://test/381, URI:http://test/382, URI:http://test/383, URI:http://test/384, URI:http://test/385, URI:http://test/386, URI:http://test/387, URI:http://test/388, URI:http://test/389, URI:http://test/390, URI:http://test/391, URI:http://test/392, URI:http://test/393, URI:http://test/394, URI:http://test/395, URI:http://test/396, URI:http://test/397, URI:http://test/398, URI:http://test/399, URI:http://test/400, URI:http://test/401, URI:http://test/402, URI:http://test/403, URI:http://test/404, URI:http://test/405, URI:http://test/406, URI:http://test/407, URI:http://test/408, URI:http://test/409, URI:http://test/410, URI:http://test/411, URI:http://test/412, URI:http://test/413, URI:http://test/414, URI:http://test/415, URI:http://test/416, URI:http://test/417, URI:http://test/418, URI:http://test/419, URI:http://test/420, URI:http://test/421, URI:http://test/422, URI:http://test/423, URI:http://test/424, URI:http://test/425, URI:http://test/426, URI:http://test/427, URI:http://test/428, URI:http://test/429, URI:http://test/430, URI:http://test/431, URI:http://test/432, URI:http://test/433, URI:http://test/434, URI:http://test/435, URI:http://test/436, URI:http://test/437, URI:http://test/438, URI:http://test/439, URI:http://test/440, URI:http://test/441, URI:http://test/442, URI:http://test/443, URI:http://test/444, URI:http://test/445, URI:http://test/446, URI:http://test/447, URI:http://test/448, URI:http://test/449, URI:http://test/450, URI:http://test/451, URI:http://test/452, URI:http://test/453, URI:http://test/454, URI:http://test/455, URI:http://test/456, URI:http://test/457, URI:http://test/458, URI:http://test/459, URI:http://test/460, URI:http://test/461, URI:http://test/462, URI:http://test/463, URI:http://test/464, URI:http://test/465, URI:http://test/466, URI:http://test/467, URI:http://test/468, URI:http://test/469, URI:http://test/470, URI:http://test/471, URI:http://test/472, URI:http://test/473, URI:http://test/474, URI:http://test/475, URI:http://test/476, URI:http://test/477, URI:http://test/478, URI:http://test/479, URI:http://test/480, URI:http://test/481, URI:http://test/482, URI:http://test/483, URI:http://test/484, URI:http://test/485, URI:http://test/486, URI:http://test/487, URI:http://test/488, URI:http://test/489, URI:http://test/490, URI:http://test/491, URI:http://test/492, URI:http://test/493, URI:http://test/494, URI:http://test/495, URI:http://test/496, URI:http://test/497, URI:http://test/498, URI:http://test/499, URI:http://test/500, URI:http://test/501, URI:http://test/502, URI:http://test/503, URI:http://test/504, URI:http://test/505, URI:http://test/506, URI:http://test/507, URI:http://test/508, URI:http://test/509, URI:http://test/510, URI:http://test/511, URI:http://test/512, URI:http://test/513, URI:http://test/514, URI:http://test/515, URI:http://test/516, URI:http://test/517, URI:http://test/518, URI:http://test/519, URI:http://test/520, URI:http://test/521, URI:http://test/522, URI:http://test/523, URI:http://test/524, URI:http://test/525, URI:http://test/526, URI:http://test/527, URI:http://test/528, URI:http://test/529, URI:http://test/530, URI:http://test/531, URI:http://test/532, URI:http://test/533, URI:http://test/534, URI:http://test/535, URI:http://test/536, URI:http://test/537, URI:http://test/538, URI:http://test/539, URI:http://test/540, URI:http://test/541, URI:http://test/542, URI:http://test/543, URI:http://test/544, URI:http://test/545, URI:http://test/546, URI:http://test/547, URI:http://test/548, URI:http://test/549, URI:http://test/550, URI:http://test/551, URI:http://test/552, URI:http://test/553, URI:http://test/554, URI:http://test/555, URI:http://test/556, URI:http://test/557, URI:http://test/558, URI:http://test/559, URI:http://test/560, URI:http://test/561, URI:http://test/562, URI:http://test/563, URI:http://test/564, URI:http://test/565, URI:http://test/566, URI:http://test/567, URI:http://test/568, URI:http://test/569, URI:http://test/570, URI:http://test/571, URI:http://test/572, URI:http://test/573, URI:http://test/574, URI:http://test/575, URI:http://test/576, URI:http://test/577, URI:http://test/578, URI:http://test/579, URI:http://test/580, URI:http://test/581, URI:http://test/582, URI:http://test/583, URI:http://test/584, URI:http://test/585, URI:http://test/586, URI:http://test/587, URI:http://test/588, URI:http://test/589, URI:http://test/590, URI:http://test/591, URI:http://test/592, URI:http://test/593, URI:http://test/594, URI:http://test/595, URI:http://test/596, URI:http://test/597, URI:http://test/598, URI:http://test/599, URI:http://test/600, URI:http://test/601, URI:http://test/602, URI:http://test/603, URI:http://test/604, URI:http://test/605, URI:http://test/606, URI:http://test/607, URI:http://test/608, URI:http://test/609, URI:http://test/610, URI:http://test/611, URI:http://test/612, URI:http://test/613, URI:http://test/614, URI:http://test/615, URI:http://test/616, URI:http://test/617, URI:http://test/618, URI:http://test/619, URI:http://test/620, URI:http://test/621, URI:http://test/622, URI:http://test/623, URI:http://test/624, URI:http://test/625, URI:http://test/626, URI:http://test/627, URI:http://test/628, URI:http://test/629, URI:http://test/630, URI:http://test/631, URI:http://test/632, URI:http://test/633, URI:http://test/634, URI:http://test/635, URI:http://test/636, URI:http://test/637, URI:http://test/638, URI:http://test/639, URI:http://test/640, URI:http://test/641, URI:http://test/642, URI:http://test/643, URI:http://test/644, URI:http://test/645, URI:http://test/646, URI:http://test/647, URI:http://test/648, URI:http://test/649, URI:http://test/650, URI:http://test/651, URI:http://test/652, URI:http://test/653, URI:http://test/654, URI:http://test/655, URI:http://test/656, URI:http://test/657, URI:http://test/658, URI:http://test/659, URI:http://test/660, URI:http://test/661, URI:http://test/662, URI:http://test/663, URI:http://test/664, URI:http://test/665, URI:http://test/666, URI:http://test/667, URI:http://test/668, URI:http://test/669, URI:http://test/670, URI:http://test/671, URI:http://test/672, URI:http://test/673, URI:http://test/674, URI:http://test/675, URI:http://test/676, URI:http://test/677, URI:http://test/678, URI:http://test/679, URI:http://test/680, URI:http://test/681, URI:http://test/682, URI:http://test/683, URI:http://test/684, URI:http://test/685, URI:http://test/686, URI:http://test/687, URI:http://test/688, URI:http://test/689, URI:http://test/690, URI:http://test/691, URI:http://test/692, URI:http://test/693, URI:http://test/694, URI:http://test/695, URI:http://test/696, URI:http://test/697, URI:http://test/698, URI:http://test/699, URI:http://test/700, URI:http://test/701, URI:http://test/702, URI:http://test/703, URI:http://test/704, URI:http://test/705, URI:http://test/706, URI:http://test/707, URI:http://test/708, URI:http://test/709, URI:http://test/710, URI:http://test/711, URI:http://test/712, URI:http://test/713, URI:http://test/714, URI:http://test/715, URI:http://test/716, URI:http://test/717, URI:http://test/718, URI:http://test/719, URI:http://test/720, URI:http://test/721, URI:http://test/722, URI:http://test/723, URI:http://test/724, URI:http://test/725, URI:http://test/726, URI:http://test/727, URI:http://test/728, URI:http://test/729, URI:http://test/730, URI:http://test/731, URI:http://test/732, URI:http://test/733, URI:http://test/734, URI:http://test/735, URI:http://test/736, URI:http://test/737, URI:http://test/738, URI:http://test/739, URI:http://test/740, URI:http://test/741, URI:http://test/742, URI:http://test/743, URI:http://test/744, URI:http://test/745, URI:http://test/746, URI:http://test/747, URI:http://test/748, URI:http://test/749, URI:http://test/750, URI:http://test/751, URI:http://test/752, URI:http://test/753, URI:http://test/754, URI:http://test/755, URI:http://test/756, URI:http://test/757, URI:http://test/758, URI:http://test/759, URI:http://test/760, URI:http://test/761, URI:http://test/762, URI:http://test/763, URI:http://test/764, URI:http://test/765, URI:http://test/766, URI:http://test/767, URI:http://test/768, URI:http://test/769, URI:http://test/770, URI:http://test/771, URI:http://test/772, URI:http://test/773, URI:http://test/774, URI:http://test/775, URI:http://test/776, URI:http://test/777, URI:http://test/778, URI:http://test/779, URI:http://test/780, URI:http://test/781, URI:http://test/782, URI:http://test/783, URI:http://test/784, URI:http://test/785, URI:http://test/786, URI:http://test/787, URI:http://test/788, URI:http://test/789, URI:http://test/790, URI:http://test/791, URI:http://test/792, URI:http://test/793, URI:http://test/794, URI:http://test/795, URI:http://test/796, URI:http://test/797, URI:http://test/798, URI:http://test/799, URI:http://test/800, URI:http://test/801, URI:http://test/802, URI:http://test/803, URI:http://test/804, URI:http://test/805, URI:http://test/806, URI:http://test/807, URI:http://test/808, URI:http://test/809, URI:http://test/810, URI:http://test/811, URI:http://test/812, URI:http://test/813, URI:http://test/814, URI:http://test/815, URI:http://test/816, URI:http://test/817, URI:http://test/818, URI:http://test/819, URI:http://test/820, URI:http://test/821, URI:http://test/822, URI:http://test/823, URI:http://test/824, URI:http://test/825, URI:http://test/826, URI:http://test/827, URI:http://test/828, URI:http://test/829, URI:http://test/830, URI:http://test/831, URI:http://test/832, URI:http://test/833, URI:http://test/834, URI:http://test/835, URI:http://test/836, URI:http://test/837, URI:http://test/838, URI:http://test/839, URI:http://test/840, URI:http://test/841, URI:http://test/842, URI:http://test/843, URI:http://test/844, URI:http://test/845, URI:http://test/846, URI:http://test/847, URI:http://test/848, URI:http://test/849, URI:http://test/850, URI:http://test/851, URI:http://test/852, URI:http://test/853, URI:http://test/854, URI:http://test/855, URI:http://test/856, URI:http://test/857, URI:http://test/858, URI:http://test/859, URI:http://test/860, URI:http://test/861, URI:http://test/862, URI:http://test/863, URI:http://test/864, URI:http://test/865, URI:http://test/866, URI:http://test/867, URI:http://test/868, URI:http://test/869, URI:http://test/870, URI:http://test/871, URI:http://test/872, URI:http://test/873, URI:http://test/874, URI:http://test/875, URI:http://test/876, URI:http://test/877, URI:http://test/878, URI:http://test/879, URI:http://test/880, URI:http://test/881, URI:http://test/882, URI:http://test/883, URI:http://test/884, URI:http://test/885, URI:http://test/886, URI:http://test/887, URI:http://test/888, URI:http://test/889, URI:http://test/890, URI:http://test/891, URI:http://test/892, URI:http://test/893, URI:http://test/894, URI:http://test/895, URI:http://test/896, URI:http://test/897, URI:http://test/898, URI:http://test/899, URI:http://test/900, URI:http://test/901, URI:http://test/902, URI:http://test/903, URI:http://test/904, URI:http://test/905, URI:http://test/906, URI:http://test/907, URI:http://test/908, URI:http://test/909, URI:http://test/910, URI:http://test/911, URI:http://test/912, URI:http://test/913, URI:http://test/914, URI:http://test/915, URI:http://test/916, URI:http://test/917, URI:http://test/918, URI:http://test/919, URI:http://test/920, URI:http://test/921, URI:http://test/922, URI:http://test/923, URI:http://test/924, URI:http://test/925, URI:http://test/926, URI:http://test/927, URI:http://test/928, URI:http://test/929, URI:http://test/930, URI:http://test/931, URI:http://test/932, URI:http://test/933, URI:http://test/934, URI:http://test/935, URI:http://test/936, URI:http://test/937, URI:http://test/938, URI:http://test/939, URI:http://test/940, URI:http://test/941, URI:http://test/942, URI:http://test/943, URI:http://test/944, URI:http://test/945, URI:http://test/946, URI:http://test/947, URI:http://test/948, URI:http://test/949, URI:http://test/950, URI:http://test/951, URI:http://test/952, URI:http://test/953, URI:http://test/954, URI:http://test/955, URI:http://test/956, URI:http://test/957, URI:http://test/958, URI:http://test/959, URI:http://test/960, URI:http://test/961, URI:http://test/962, URI:http://test/963, URI:http://test/964, URI:http://test/965, URI:http://test/966, URI:http://test/967, URI:http://test/968, URI:http://test/969, URI:http://test/970, URI:http://test/971, URI:http://test/972, URI:http://test/973, URI:http://test/974, URI:http://test/975, URI:http://test/976, URI:http://test/977, URI:http://test/978, URI:http://test/979, URI:http://test/980, URI:http://test/981, URI:http://test/982, URI:http://test/983, URI:http://test/984, URI:http://test/985, URI:http://test/986, URI:http://test/987, URI:http://test/988, URI:http://test/989, URI:http://test/990, URI:http://test/991, URI:http://test/992, URI:http://test/993, URI:http://test/994, URI:http://test/995, URI:http://test/996, URI:http://test/997, URI:http://test/998, URI:http://test/999, URI:http://test/1000, URI:http://test/1001, URI:http://test/1002, URI:http://test/1003, URI:http://test/1004, URI:http://test/1005, URI:http://test/1006, URI:http://test/1007, URI:http://test/1008, URI:http://test/1009, URI:http://test/1010, URI:http://test/1011, URI:http://test/1012, URI:http://test/1013, URI:http://test/1014, URI:http://test/1015, URI:http://test/1016, URI:http://test/1017, URI:http://test/1018, URI:http://test/1019, URI:http://test/1020, URI:http://test/1021, URI:http://test/1022, URI:http://test/1023, URI:http://test/1024 + Signature Algorithm: sha256WithRSAEncryption + 08:00:7f:e0:40:75:d2:43:36:3f:e3:6c:cf:c1:4a:69:b2:0c: + 1b:a8:a8:6b:7a:ee:ed:d0:2d:ee:e2:52:d9:2a:1f:5d:ac:29: + f5:12:e2:af:3b:db:a0:6d:3a:b4:09:ef:76:fa:52:68:5f:07: + 5f:9f:a4:52:8f:1d:da:da:b6:93:54:87:47:d0:3c:66:7e:ff: + 1b:e3:1e:da:52:4c:00:46:5b:0c:eb:9e:b8:5e:1e:db:f7:ce: + dd:2c:0f:4e:23:1d:63:98:ed:e5:18:e8:04:9c:a1:1e:cd:58: + de:09:43:4d:bf:8d:4b:6d:8e:32:e9:a6:53:40:17:0c:e2:59: + 43:55:2d:3f:ab:af:aa:13:48:ac:00:ac:5b:df:16:c7:20:2a: + ea:50:ef:79:78:c9:34:d5:c5:7f:8f:27:d0:5a:42:3a:e8:13: + 01:51:bc:a3:b9:53:6f:1d:e4:73:52:8d:f0:c7:9c:d1:46:19: + aa:28:63:3e:cc:4a:5f:63:0d:1d:28:4b:e0:b4:37:83:db:85: + 8c:84:86:7e:37:15:a8:ed:a8:00:da:14:97:fd:f1:c8:ea:6e: + 3a:b7:19:c1:6f:53:6b:0b:ff:29:60:30:7d:b6:35:d6:b8:58: + 6f:55:32:18:c6:44:c3:08:d8:c4:95:25:7b:ba:13:04:26:34: + 7c:d4:0e:a1 +-----BEGIN CERTIFICATE----- +MIJ2lTCCdX2gAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCc+IwgnPeMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgnL0BgNVHREEgnLrMIJy54IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0hwQKAAAAhwQK +AAABhwQKAAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQKAAAHhwQKAAAIhwQK +AAAJhwQKAAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQKAAAPhwQKAAAQhwQK +AAARhwQKAAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQKAAAXhwQKAAAYhwQK +AAAZhwQKAAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQKAAAfhwQKAAAghwQK +AAAhhwQKAAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQKAAAnhwQKAAAohwQK +AAAphwQKAAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQKAAAvhwQKAAAwhwQK +AAAxhwQKAAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQKAAA3hwQKAAA4hwQK +AAA5hwQKAAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQKAAA/hwQKAABAhwQK +AABBhwQKAABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQKAABHhwQKAABIhwQK +AABJhwQKAABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQKAABPhwQKAABQhwQK +AABRhwQKAABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQKAABXhwQKAABYhwQK +AABZhwQKAABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQKAABfhwQKAABghwQK +AABhhwQKAABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQKAABnhwQKAABohwQK +AABphwQKAABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQKAABvhwQKAABwhwQK +AABxhwQKAAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQKAAB3hwQKAAB4hwQK +AAB5hwQKAAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQKAAB/hwQKAACAhwQK +AACBhwQKAACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQKAACHhwQKAACIhwQK +AACJhwQKAACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQKAACPhwQKAACQhwQK +AACRhwQKAACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQKAACXhwQKAACYhwQK +AACZhwQKAACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQKAACfhwQKAACghwQK +AAChhwQKAACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQKAACnhwQKAACohwQK +AACphwQKAACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQKAACvhwQKAACwhwQK +AACxhwQKAACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQKAAC3hwQKAAC4hwQK +AAC5hwQKAAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQKAAC/hwQKAADAhwQK +AADBhwQKAADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQKAADHhwQKAADIhwQK +AADJhwQKAADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQKAADPhwQKAADQhwQK +AADRhwQKAADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQKAADXhwQKAADYhwQK +AADZhwQKAADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQKAADfhwQKAADghwQK +AADhhwQKAADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQKAADnhwQKAADohwQK +AADphwQKAADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQKAADvhwQKAADwhwQK +AADxhwQKAADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQKAAD3hwQKAAD4hwQK +AAD5hwQKAAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQKAAD/hwQKAAEAhwQK +AAEBhwQKAAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQKAAEHhwQKAAEIhwQK +AAEJhwQKAAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQKAAEPhwQKAAEQhwQK +AAERhwQKAAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQKAAEXhwQKAAEYhwQK +AAEZhwQKAAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQKAAEfhwQKAAEghwQK +AAEhhwQKAAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQKAAEnhwQKAAEohwQK +AAEphwQKAAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQKAAEvhwQKAAEwhwQK +AAExhwQKAAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQKAAE3hwQKAAE4hwQK +AAE5hwQKAAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQKAAE/hwQKAAFAhwQK +AAFBhwQKAAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQKAAFHhwQKAAFIhwQK +AAFJhwQKAAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQKAAFPhwQKAAFQhwQK +AAFRhwQKAAFShwQKAAFThwQKAAFUpA8wDTELMAkGA1UEAwwCdDCkDzANMQswCQYD +VQQDDAJ0MaQPMA0xCzAJBgNVBAMMAnQypA8wDTELMAkGA1UEAwwCdDOkDzANMQsw +CQYDVQQDDAJ0NKQPMA0xCzAJBgNVBAMMAnQ1pA8wDTELMAkGA1UEAwwCdDakDzAN +MQswCQYDVQQDDAJ0N6QPMA0xCzAJBgNVBAMMAnQ4pA8wDTELMAkGA1UEAwwCdDmk +EDAOMQwwCgYDVQQDDAN0MTCkEDAOMQwwCgYDVQQDDAN0MTGkEDAOMQwwCgYDVQQD +DAN0MTKkEDAOMQwwCgYDVQQDDAN0MTOkEDAOMQwwCgYDVQQDDAN0MTSkEDAOMQww +CgYDVQQDDAN0MTWkEDAOMQwwCgYDVQQDDAN0MTakEDAOMQwwCgYDVQQDDAN0MTek +EDAOMQwwCgYDVQQDDAN0MTikEDAOMQwwCgYDVQQDDAN0MTmkEDAOMQwwCgYDVQQD +DAN0MjCkEDAOMQwwCgYDVQQDDAN0MjGkEDAOMQwwCgYDVQQDDAN0MjKkEDAOMQww +CgYDVQQDDAN0MjOkEDAOMQwwCgYDVQQDDAN0MjSkEDAOMQwwCgYDVQQDDAN0MjWk +EDAOMQwwCgYDVQQDDAN0MjakEDAOMQwwCgYDVQQDDAN0MjekEDAOMQwwCgYDVQQD +DAN0MjikEDAOMQwwCgYDVQQDDAN0MjmkEDAOMQwwCgYDVQQDDAN0MzCkEDAOMQww +CgYDVQQDDAN0MzGkEDAOMQwwCgYDVQQDDAN0MzKkEDAOMQwwCgYDVQQDDAN0MzOk +EDAOMQwwCgYDVQQDDAN0MzSkEDAOMQwwCgYDVQQDDAN0MzWkEDAOMQwwCgYDVQQD +DAN0MzakEDAOMQwwCgYDVQQDDAN0MzekEDAOMQwwCgYDVQQDDAN0MzikEDAOMQww +CgYDVQQDDAN0MzmkEDAOMQwwCgYDVQQDDAN0NDCkEDAOMQwwCgYDVQQDDAN0NDGk +EDAOMQwwCgYDVQQDDAN0NDKkEDAOMQwwCgYDVQQDDAN0NDOkEDAOMQwwCgYDVQQD +DAN0NDSkEDAOMQwwCgYDVQQDDAN0NDWkEDAOMQwwCgYDVQQDDAN0NDakEDAOMQww +CgYDVQQDDAN0NDekEDAOMQwwCgYDVQQDDAN0NDikEDAOMQwwCgYDVQQDDAN0NDmk +EDAOMQwwCgYDVQQDDAN0NTCkEDAOMQwwCgYDVQQDDAN0NTGkEDAOMQwwCgYDVQQD +DAN0NTKkEDAOMQwwCgYDVQQDDAN0NTOkEDAOMQwwCgYDVQQDDAN0NTSkEDAOMQww +CgYDVQQDDAN0NTWkEDAOMQwwCgYDVQQDDAN0NTakEDAOMQwwCgYDVQQDDAN0NTek +EDAOMQwwCgYDVQQDDAN0NTikEDAOMQwwCgYDVQQDDAN0NTmkEDAOMQwwCgYDVQQD +DAN0NjCkEDAOMQwwCgYDVQQDDAN0NjGkEDAOMQwwCgYDVQQDDAN0NjKkEDAOMQww +CgYDVQQDDAN0NjOkEDAOMQwwCgYDVQQDDAN0NjSkEDAOMQwwCgYDVQQDDAN0NjWk +EDAOMQwwCgYDVQQDDAN0NjakEDAOMQwwCgYDVQQDDAN0NjekEDAOMQwwCgYDVQQD +DAN0NjikEDAOMQwwCgYDVQQDDAN0NjmkEDAOMQwwCgYDVQQDDAN0NzCkEDAOMQww +CgYDVQQDDAN0NzGkEDAOMQwwCgYDVQQDDAN0NzKkEDAOMQwwCgYDVQQDDAN0NzOk +EDAOMQwwCgYDVQQDDAN0NzSkEDAOMQwwCgYDVQQDDAN0NzWkEDAOMQwwCgYDVQQD +DAN0NzakEDAOMQwwCgYDVQQDDAN0NzekEDAOMQwwCgYDVQQDDAN0NzikEDAOMQww +CgYDVQQDDAN0NzmkEDAOMQwwCgYDVQQDDAN0ODCkEDAOMQwwCgYDVQQDDAN0ODGk +EDAOMQwwCgYDVQQDDAN0ODKkEDAOMQwwCgYDVQQDDAN0ODOkEDAOMQwwCgYDVQQD +DAN0ODSkEDAOMQwwCgYDVQQDDAN0ODWkEDAOMQwwCgYDVQQDDAN0ODakEDAOMQww +CgYDVQQDDAN0ODekEDAOMQwwCgYDVQQDDAN0ODikEDAOMQwwCgYDVQQDDAN0ODmk +EDAOMQwwCgYDVQQDDAN0OTCkEDAOMQwwCgYDVQQDDAN0OTGkEDAOMQwwCgYDVQQD +DAN0OTKkEDAOMQwwCgYDVQQDDAN0OTOkEDAOMQwwCgYDVQQDDAN0OTSkEDAOMQww +CgYDVQQDDAN0OTWkEDAOMQwwCgYDVQQDDAN0OTakEDAOMQwwCgYDVQQDDAN0OTek +EDAOMQwwCgYDVQQDDAN0OTikEDAOMQwwCgYDVQQDDAN0OTmkETAPMQ0wCwYDVQQD +DAR0MTAwpBEwDzENMAsGA1UEAwwEdDEwMaQRMA8xDTALBgNVBAMMBHQxMDKkETAP +MQ0wCwYDVQQDDAR0MTAzpBEwDzENMAsGA1UEAwwEdDEwNKQRMA8xDTALBgNVBAMM +BHQxMDWkETAPMQ0wCwYDVQQDDAR0MTA2pBEwDzENMAsGA1UEAwwEdDEwN6QRMA8x +DTALBgNVBAMMBHQxMDikETAPMQ0wCwYDVQQDDAR0MTA5pBEwDzENMAsGA1UEAwwE +dDExMKQRMA8xDTALBgNVBAMMBHQxMTGkETAPMQ0wCwYDVQQDDAR0MTEypBEwDzEN +MAsGA1UEAwwEdDExM6QRMA8xDTALBgNVBAMMBHQxMTSkETAPMQ0wCwYDVQQDDAR0 +MTE1pBEwDzENMAsGA1UEAwwEdDExNqQRMA8xDTALBgNVBAMMBHQxMTekETAPMQ0w +CwYDVQQDDAR0MTE4pBEwDzENMAsGA1UEAwwEdDExOaQRMA8xDTALBgNVBAMMBHQx +MjCkETAPMQ0wCwYDVQQDDAR0MTIxpBEwDzENMAsGA1UEAwwEdDEyMqQRMA8xDTAL +BgNVBAMMBHQxMjOkETAPMQ0wCwYDVQQDDAR0MTI0pBEwDzENMAsGA1UEAwwEdDEy +NaQRMA8xDTALBgNVBAMMBHQxMjakETAPMQ0wCwYDVQQDDAR0MTI3pBEwDzENMAsG +A1UEAwwEdDEyOKQRMA8xDTALBgNVBAMMBHQxMjmkETAPMQ0wCwYDVQQDDAR0MTMw +pBEwDzENMAsGA1UEAwwEdDEzMaQRMA8xDTALBgNVBAMMBHQxMzKkETAPMQ0wCwYD +VQQDDAR0MTMzpBEwDzENMAsGA1UEAwwEdDEzNKQRMA8xDTALBgNVBAMMBHQxMzWk +ETAPMQ0wCwYDVQQDDAR0MTM2pBEwDzENMAsGA1UEAwwEdDEzN6QRMA8xDTALBgNV +BAMMBHQxMzikETAPMQ0wCwYDVQQDDAR0MTM5pBEwDzENMAsGA1UEAwwEdDE0MKQR +MA8xDTALBgNVBAMMBHQxNDGkETAPMQ0wCwYDVQQDDAR0MTQypBEwDzENMAsGA1UE +AwwEdDE0M6QRMA8xDTALBgNVBAMMBHQxNDSkETAPMQ0wCwYDVQQDDAR0MTQ1pBEw +DzENMAsGA1UEAwwEdDE0NqQRMA8xDTALBgNVBAMMBHQxNDekETAPMQ0wCwYDVQQD +DAR0MTQ4pBEwDzENMAsGA1UEAwwEdDE0OaQRMA8xDTALBgNVBAMMBHQxNTCkETAP +MQ0wCwYDVQQDDAR0MTUxpBEwDzENMAsGA1UEAwwEdDE1MqQRMA8xDTALBgNVBAMM +BHQxNTOkETAPMQ0wCwYDVQQDDAR0MTU0pBEwDzENMAsGA1UEAwwEdDE1NaQRMA8x +DTALBgNVBAMMBHQxNTakETAPMQ0wCwYDVQQDDAR0MTU3pBEwDzENMAsGA1UEAwwE +dDE1OKQRMA8xDTALBgNVBAMMBHQxNTmkETAPMQ0wCwYDVQQDDAR0MTYwpBEwDzEN +MAsGA1UEAwwEdDE2MaQRMA8xDTALBgNVBAMMBHQxNjKkETAPMQ0wCwYDVQQDDAR0 +MTYzpBEwDzENMAsGA1UEAwwEdDE2NKQRMA8xDTALBgNVBAMMBHQxNjWkETAPMQ0w +CwYDVQQDDAR0MTY2pBEwDzENMAsGA1UEAwwEdDE2N6QRMA8xDTALBgNVBAMMBHQx +NjikETAPMQ0wCwYDVQQDDAR0MTY5pBEwDzENMAsGA1UEAwwEdDE3MKQRMA8xDTAL +BgNVBAMMBHQxNzGkETAPMQ0wCwYDVQQDDAR0MTcypBEwDzENMAsGA1UEAwwEdDE3 +M6QRMA8xDTALBgNVBAMMBHQxNzSkETAPMQ0wCwYDVQQDDAR0MTc1pBEwDzENMAsG +A1UEAwwEdDE3NqQRMA8xDTALBgNVBAMMBHQxNzekETAPMQ0wCwYDVQQDDAR0MTc4 +pBEwDzENMAsGA1UEAwwEdDE3OaQRMA8xDTALBgNVBAMMBHQxODCkETAPMQ0wCwYD +VQQDDAR0MTgxpBEwDzENMAsGA1UEAwwEdDE4MqQRMA8xDTALBgNVBAMMBHQxODOk +ETAPMQ0wCwYDVQQDDAR0MTg0pBEwDzENMAsGA1UEAwwEdDE4NaQRMA8xDTALBgNV +BAMMBHQxODakETAPMQ0wCwYDVQQDDAR0MTg3pBEwDzENMAsGA1UEAwwEdDE4OKQR +MA8xDTALBgNVBAMMBHQxODmkETAPMQ0wCwYDVQQDDAR0MTkwpBEwDzENMAsGA1UE +AwwEdDE5MaQRMA8xDTALBgNVBAMMBHQxOTKkETAPMQ0wCwYDVQQDDAR0MTkzpBEw +DzENMAsGA1UEAwwEdDE5NKQRMA8xDTALBgNVBAMMBHQxOTWkETAPMQ0wCwYDVQQD +DAR0MTk2pBEwDzENMAsGA1UEAwwEdDE5N6QRMA8xDTALBgNVBAMMBHQxOTikETAP +MQ0wCwYDVQQDDAR0MTk5pBEwDzENMAsGA1UEAwwEdDIwMKQRMA8xDTALBgNVBAMM +BHQyMDGkETAPMQ0wCwYDVQQDDAR0MjAypBEwDzENMAsGA1UEAwwEdDIwM6QRMA8x +DTALBgNVBAMMBHQyMDSkETAPMQ0wCwYDVQQDDAR0MjA1pBEwDzENMAsGA1UEAwwE +dDIwNqQRMA8xDTALBgNVBAMMBHQyMDekETAPMQ0wCwYDVQQDDAR0MjA4pBEwDzEN +MAsGA1UEAwwEdDIwOaQRMA8xDTALBgNVBAMMBHQyMTCkETAPMQ0wCwYDVQQDDAR0 +MjExpBEwDzENMAsGA1UEAwwEdDIxMqQRMA8xDTALBgNVBAMMBHQyMTOkETAPMQ0w +CwYDVQQDDAR0MjE0pBEwDzENMAsGA1UEAwwEdDIxNaQRMA8xDTALBgNVBAMMBHQy +MTakETAPMQ0wCwYDVQQDDAR0MjE3pBEwDzENMAsGA1UEAwwEdDIxOKQRMA8xDTAL +BgNVBAMMBHQyMTmkETAPMQ0wCwYDVQQDDAR0MjIwpBEwDzENMAsGA1UEAwwEdDIy +MaQRMA8xDTALBgNVBAMMBHQyMjKkETAPMQ0wCwYDVQQDDAR0MjIzpBEwDzENMAsG +A1UEAwwEdDIyNKQRMA8xDTALBgNVBAMMBHQyMjWkETAPMQ0wCwYDVQQDDAR0MjI2 +pBEwDzENMAsGA1UEAwwEdDIyN6QRMA8xDTALBgNVBAMMBHQyMjikETAPMQ0wCwYD +VQQDDAR0MjI5pBEwDzENMAsGA1UEAwwEdDIzMKQRMA8xDTALBgNVBAMMBHQyMzGk +ETAPMQ0wCwYDVQQDDAR0MjMypBEwDzENMAsGA1UEAwwEdDIzM6QRMA8xDTALBgNV +BAMMBHQyMzSkETAPMQ0wCwYDVQQDDAR0MjM1pBEwDzENMAsGA1UEAwwEdDIzNqQR +MA8xDTALBgNVBAMMBHQyMzekETAPMQ0wCwYDVQQDDAR0MjM4pBEwDzENMAsGA1UE +AwwEdDIzOaQRMA8xDTALBgNVBAMMBHQyNDCkETAPMQ0wCwYDVQQDDAR0MjQxpBEw +DzENMAsGA1UEAwwEdDI0MqQRMA8xDTALBgNVBAMMBHQyNDOkETAPMQ0wCwYDVQQD +DAR0MjQ0pBEwDzENMAsGA1UEAwwEdDI0NaQRMA8xDTALBgNVBAMMBHQyNDakETAP +MQ0wCwYDVQQDDAR0MjQ3pBEwDzENMAsGA1UEAwwEdDI0OKQRMA8xDTALBgNVBAMM +BHQyNDmkETAPMQ0wCwYDVQQDDAR0MjUwpBEwDzENMAsGA1UEAwwEdDI1MaQRMA8x +DTALBgNVBAMMBHQyNTKkETAPMQ0wCwYDVQQDDAR0MjUzpBEwDzENMAsGA1UEAwwE +dDI1NKQRMA8xDTALBgNVBAMMBHQyNTWkETAPMQ0wCwYDVQQDDAR0MjU2pBEwDzEN +MAsGA1UEAwwEdDI1N6QRMA8xDTALBgNVBAMMBHQyNTikETAPMQ0wCwYDVQQDDAR0 +MjU5pBEwDzENMAsGA1UEAwwEdDI2MKQRMA8xDTALBgNVBAMMBHQyNjGkETAPMQ0w +CwYDVQQDDAR0MjYypBEwDzENMAsGA1UEAwwEdDI2M6QRMA8xDTALBgNVBAMMBHQy +NjSkETAPMQ0wCwYDVQQDDAR0MjY1pBEwDzENMAsGA1UEAwwEdDI2NqQRMA8xDTAL +BgNVBAMMBHQyNjekETAPMQ0wCwYDVQQDDAR0MjY4pBEwDzENMAsGA1UEAwwEdDI2 +OaQRMA8xDTALBgNVBAMMBHQyNzCkETAPMQ0wCwYDVQQDDAR0MjcxpBEwDzENMAsG +A1UEAwwEdDI3MqQRMA8xDTALBgNVBAMMBHQyNzOkETAPMQ0wCwYDVQQDDAR0Mjc0 +pBEwDzENMAsGA1UEAwwEdDI3NaQRMA8xDTALBgNVBAMMBHQyNzakETAPMQ0wCwYD +VQQDDAR0Mjc3pBEwDzENMAsGA1UEAwwEdDI3OKQRMA8xDTALBgNVBAMMBHQyNzmk +ETAPMQ0wCwYDVQQDDAR0MjgwpBEwDzENMAsGA1UEAwwEdDI4MaQRMA8xDTALBgNV +BAMMBHQyODKkETAPMQ0wCwYDVQQDDAR0MjgzpBEwDzENMAsGA1UEAwwEdDI4NKQR +MA8xDTALBgNVBAMMBHQyODWkETAPMQ0wCwYDVQQDDAR0Mjg2pBEwDzENMAsGA1UE +AwwEdDI4N6QRMA8xDTALBgNVBAMMBHQyODikETAPMQ0wCwYDVQQDDAR0Mjg5pBEw +DzENMAsGA1UEAwwEdDI5MKQRMA8xDTALBgNVBAMMBHQyOTGkETAPMQ0wCwYDVQQD +DAR0MjkypBEwDzENMAsGA1UEAwwEdDI5M6QRMA8xDTALBgNVBAMMBHQyOTSkETAP +MQ0wCwYDVQQDDAR0Mjk1pBEwDzENMAsGA1UEAwwEdDI5NqQRMA8xDTALBgNVBAMM +BHQyOTekETAPMQ0wCwYDVQQDDAR0Mjk4pBEwDzENMAsGA1UEAwwEdDI5OaQRMA8x +DTALBgNVBAMMBHQzMDCkETAPMQ0wCwYDVQQDDAR0MzAxpBEwDzENMAsGA1UEAwwE +dDMwMqQRMA8xDTALBgNVBAMMBHQzMDOkETAPMQ0wCwYDVQQDDAR0MzA0pBEwDzEN +MAsGA1UEAwwEdDMwNaQRMA8xDTALBgNVBAMMBHQzMDakETAPMQ0wCwYDVQQDDAR0 +MzA3pBEwDzENMAsGA1UEAwwEdDMwOKQRMA8xDTALBgNVBAMMBHQzMDmkETAPMQ0w +CwYDVQQDDAR0MzEwpBEwDzENMAsGA1UEAwwEdDMxMaQRMA8xDTALBgNVBAMMBHQz +MTKkETAPMQ0wCwYDVQQDDAR0MzEzpBEwDzENMAsGA1UEAwwEdDMxNKQRMA8xDTAL +BgNVBAMMBHQzMTWkETAPMQ0wCwYDVQQDDAR0MzE2pBEwDzENMAsGA1UEAwwEdDMx +N6QRMA8xDTALBgNVBAMMBHQzMTikETAPMQ0wCwYDVQQDDAR0MzE5pBEwDzENMAsG +A1UEAwwEdDMyMKQRMA8xDTALBgNVBAMMBHQzMjGkETAPMQ0wCwYDVQQDDAR0MzIy +pBEwDzENMAsGA1UEAwwEdDMyM6QRMA8xDTALBgNVBAMMBHQzMjSkETAPMQ0wCwYD +VQQDDAR0MzI1pBEwDzENMAsGA1UEAwwEdDMyNqQRMA8xDTALBgNVBAMMBHQzMjek +ETAPMQ0wCwYDVQQDDAR0MzI4pBEwDzENMAsGA1UEAwwEdDMyOaQRMA8xDTALBgNV +BAMMBHQzMzCkETAPMQ0wCwYDVQQDDAR0MzMxpBEwDzENMAsGA1UEAwwEdDMzMqQR +MA8xDTALBgNVBAMMBHQzMzOkETAPMQ0wCwYDVQQDDAR0MzM0pBEwDzENMAsGA1UE +AwwEdDMzNaQRMA8xDTALBgNVBAMMBHQzMzakETAPMQ0wCwYDVQQDDAR0MzM3pBEw +DzENMAsGA1UEAwwEdDMzOKQRMA8xDTALBgNVBAMMBHQzMzmkETAPMQ0wCwYDVQQD +DAR0MzQwpBEwDzENMAsGA1UEAwwEdDM0MYYNaHR0cDovL3Rlc3QvMIYNaHR0cDov +L3Rlc3QvMYYNaHR0cDovL3Rlc3QvMoYNaHR0cDovL3Rlc3QvM4YNaHR0cDovL3Rl +c3QvNIYNaHR0cDovL3Rlc3QvNYYNaHR0cDovL3Rlc3QvNoYNaHR0cDovL3Rlc3Qv +N4YNaHR0cDovL3Rlc3QvOIYNaHR0cDovL3Rlc3QvOYYOaHR0cDovL3Rlc3QvMTCG +Dmh0dHA6Ly90ZXN0LzExhg5odHRwOi8vdGVzdC8xMoYOaHR0cDovL3Rlc3QvMTOG +Dmh0dHA6Ly90ZXN0LzE0hg5odHRwOi8vdGVzdC8xNYYOaHR0cDovL3Rlc3QvMTaG +Dmh0dHA6Ly90ZXN0LzE3hg5odHRwOi8vdGVzdC8xOIYOaHR0cDovL3Rlc3QvMTmG +Dmh0dHA6Ly90ZXN0LzIwhg5odHRwOi8vdGVzdC8yMYYOaHR0cDovL3Rlc3QvMjKG +Dmh0dHA6Ly90ZXN0LzIzhg5odHRwOi8vdGVzdC8yNIYOaHR0cDovL3Rlc3QvMjWG +Dmh0dHA6Ly90ZXN0LzI2hg5odHRwOi8vdGVzdC8yN4YOaHR0cDovL3Rlc3QvMjiG +Dmh0dHA6Ly90ZXN0LzI5hg5odHRwOi8vdGVzdC8zMIYOaHR0cDovL3Rlc3QvMzGG +Dmh0dHA6Ly90ZXN0LzMyhg5odHRwOi8vdGVzdC8zM4YOaHR0cDovL3Rlc3QvMzSG +Dmh0dHA6Ly90ZXN0LzM1hg5odHRwOi8vdGVzdC8zNoYOaHR0cDovL3Rlc3QvMzeG +Dmh0dHA6Ly90ZXN0LzM4hg5odHRwOi8vdGVzdC8zOYYOaHR0cDovL3Rlc3QvNDCG +Dmh0dHA6Ly90ZXN0LzQxhg5odHRwOi8vdGVzdC80MoYOaHR0cDovL3Rlc3QvNDOG +Dmh0dHA6Ly90ZXN0LzQ0hg5odHRwOi8vdGVzdC80NYYOaHR0cDovL3Rlc3QvNDaG +Dmh0dHA6Ly90ZXN0LzQ3hg5odHRwOi8vdGVzdC80OIYOaHR0cDovL3Rlc3QvNDmG +Dmh0dHA6Ly90ZXN0LzUwhg5odHRwOi8vdGVzdC81MYYOaHR0cDovL3Rlc3QvNTKG +Dmh0dHA6Ly90ZXN0LzUzhg5odHRwOi8vdGVzdC81NIYOaHR0cDovL3Rlc3QvNTWG +Dmh0dHA6Ly90ZXN0LzU2hg5odHRwOi8vdGVzdC81N4YOaHR0cDovL3Rlc3QvNTiG +Dmh0dHA6Ly90ZXN0LzU5hg5odHRwOi8vdGVzdC82MIYOaHR0cDovL3Rlc3QvNjGG +Dmh0dHA6Ly90ZXN0LzYyhg5odHRwOi8vdGVzdC82M4YOaHR0cDovL3Rlc3QvNjSG +Dmh0dHA6Ly90ZXN0LzY1hg5odHRwOi8vdGVzdC82NoYOaHR0cDovL3Rlc3QvNjeG +Dmh0dHA6Ly90ZXN0LzY4hg5odHRwOi8vdGVzdC82OYYOaHR0cDovL3Rlc3QvNzCG +Dmh0dHA6Ly90ZXN0Lzcxhg5odHRwOi8vdGVzdC83MoYOaHR0cDovL3Rlc3QvNzOG +Dmh0dHA6Ly90ZXN0Lzc0hg5odHRwOi8vdGVzdC83NYYOaHR0cDovL3Rlc3QvNzaG +Dmh0dHA6Ly90ZXN0Lzc3hg5odHRwOi8vdGVzdC83OIYOaHR0cDovL3Rlc3QvNzmG +Dmh0dHA6Ly90ZXN0Lzgwhg5odHRwOi8vdGVzdC84MYYOaHR0cDovL3Rlc3QvODKG +Dmh0dHA6Ly90ZXN0Lzgzhg5odHRwOi8vdGVzdC84NIYOaHR0cDovL3Rlc3QvODWG +Dmh0dHA6Ly90ZXN0Lzg2hg5odHRwOi8vdGVzdC84N4YOaHR0cDovL3Rlc3QvODiG +Dmh0dHA6Ly90ZXN0Lzg5hg5odHRwOi8vdGVzdC85MIYOaHR0cDovL3Rlc3QvOTGG +Dmh0dHA6Ly90ZXN0Lzkyhg5odHRwOi8vdGVzdC85M4YOaHR0cDovL3Rlc3QvOTSG +Dmh0dHA6Ly90ZXN0Lzk1hg5odHRwOi8vdGVzdC85NoYOaHR0cDovL3Rlc3QvOTeG +Dmh0dHA6Ly90ZXN0Lzk4hg5odHRwOi8vdGVzdC85OYYPaHR0cDovL3Rlc3QvMTAw +hg9odHRwOi8vdGVzdC8xMDGGD2h0dHA6Ly90ZXN0LzEwMoYPaHR0cDovL3Rlc3Qv +MTAzhg9odHRwOi8vdGVzdC8xMDSGD2h0dHA6Ly90ZXN0LzEwNYYPaHR0cDovL3Rl +c3QvMTA2hg9odHRwOi8vdGVzdC8xMDeGD2h0dHA6Ly90ZXN0LzEwOIYPaHR0cDov +L3Rlc3QvMTA5hg9odHRwOi8vdGVzdC8xMTCGD2h0dHA6Ly90ZXN0LzExMYYPaHR0 +cDovL3Rlc3QvMTEyhg9odHRwOi8vdGVzdC8xMTOGD2h0dHA6Ly90ZXN0LzExNIYP +aHR0cDovL3Rlc3QvMTE1hg9odHRwOi8vdGVzdC8xMTaGD2h0dHA6Ly90ZXN0LzEx +N4YPaHR0cDovL3Rlc3QvMTE4hg9odHRwOi8vdGVzdC8xMTmGD2h0dHA6Ly90ZXN0 +LzEyMIYPaHR0cDovL3Rlc3QvMTIxhg9odHRwOi8vdGVzdC8xMjKGD2h0dHA6Ly90 +ZXN0LzEyM4YPaHR0cDovL3Rlc3QvMTI0hg9odHRwOi8vdGVzdC8xMjWGD2h0dHA6 +Ly90ZXN0LzEyNoYPaHR0cDovL3Rlc3QvMTI3hg9odHRwOi8vdGVzdC8xMjiGD2h0 +dHA6Ly90ZXN0LzEyOYYPaHR0cDovL3Rlc3QvMTMwhg9odHRwOi8vdGVzdC8xMzGG +D2h0dHA6Ly90ZXN0LzEzMoYPaHR0cDovL3Rlc3QvMTMzhg9odHRwOi8vdGVzdC8x +MzSGD2h0dHA6Ly90ZXN0LzEzNYYPaHR0cDovL3Rlc3QvMTM2hg9odHRwOi8vdGVz +dC8xMzeGD2h0dHA6Ly90ZXN0LzEzOIYPaHR0cDovL3Rlc3QvMTM5hg9odHRwOi8v +dGVzdC8xNDCGD2h0dHA6Ly90ZXN0LzE0MYYPaHR0cDovL3Rlc3QvMTQyhg9odHRw +Oi8vdGVzdC8xNDOGD2h0dHA6Ly90ZXN0LzE0NIYPaHR0cDovL3Rlc3QvMTQ1hg9o +dHRwOi8vdGVzdC8xNDaGD2h0dHA6Ly90ZXN0LzE0N4YPaHR0cDovL3Rlc3QvMTQ4 +hg9odHRwOi8vdGVzdC8xNDmGD2h0dHA6Ly90ZXN0LzE1MIYPaHR0cDovL3Rlc3Qv +MTUxhg9odHRwOi8vdGVzdC8xNTKGD2h0dHA6Ly90ZXN0LzE1M4YPaHR0cDovL3Rl +c3QvMTU0hg9odHRwOi8vdGVzdC8xNTWGD2h0dHA6Ly90ZXN0LzE1NoYPaHR0cDov +L3Rlc3QvMTU3hg9odHRwOi8vdGVzdC8xNTiGD2h0dHA6Ly90ZXN0LzE1OYYPaHR0 +cDovL3Rlc3QvMTYwhg9odHRwOi8vdGVzdC8xNjGGD2h0dHA6Ly90ZXN0LzE2MoYP +aHR0cDovL3Rlc3QvMTYzhg9odHRwOi8vdGVzdC8xNjSGD2h0dHA6Ly90ZXN0LzE2 +NYYPaHR0cDovL3Rlc3QvMTY2hg9odHRwOi8vdGVzdC8xNjeGD2h0dHA6Ly90ZXN0 +LzE2OIYPaHR0cDovL3Rlc3QvMTY5hg9odHRwOi8vdGVzdC8xNzCGD2h0dHA6Ly90 +ZXN0LzE3MYYPaHR0cDovL3Rlc3QvMTcyhg9odHRwOi8vdGVzdC8xNzOGD2h0dHA6 +Ly90ZXN0LzE3NIYPaHR0cDovL3Rlc3QvMTc1hg9odHRwOi8vdGVzdC8xNzaGD2h0 +dHA6Ly90ZXN0LzE3N4YPaHR0cDovL3Rlc3QvMTc4hg9odHRwOi8vdGVzdC8xNzmG +D2h0dHA6Ly90ZXN0LzE4MIYPaHR0cDovL3Rlc3QvMTgxhg9odHRwOi8vdGVzdC8x +ODKGD2h0dHA6Ly90ZXN0LzE4M4YPaHR0cDovL3Rlc3QvMTg0hg9odHRwOi8vdGVz +dC8xODWGD2h0dHA6Ly90ZXN0LzE4NoYPaHR0cDovL3Rlc3QvMTg3hg9odHRwOi8v +dGVzdC8xODiGD2h0dHA6Ly90ZXN0LzE4OYYPaHR0cDovL3Rlc3QvMTkwhg9odHRw +Oi8vdGVzdC8xOTGGD2h0dHA6Ly90ZXN0LzE5MoYPaHR0cDovL3Rlc3QvMTkzhg9o +dHRwOi8vdGVzdC8xOTSGD2h0dHA6Ly90ZXN0LzE5NYYPaHR0cDovL3Rlc3QvMTk2 +hg9odHRwOi8vdGVzdC8xOTeGD2h0dHA6Ly90ZXN0LzE5OIYPaHR0cDovL3Rlc3Qv +MTk5hg9odHRwOi8vdGVzdC8yMDCGD2h0dHA6Ly90ZXN0LzIwMYYPaHR0cDovL3Rl +c3QvMjAyhg9odHRwOi8vdGVzdC8yMDOGD2h0dHA6Ly90ZXN0LzIwNIYPaHR0cDov +L3Rlc3QvMjA1hg9odHRwOi8vdGVzdC8yMDaGD2h0dHA6Ly90ZXN0LzIwN4YPaHR0 +cDovL3Rlc3QvMjA4hg9odHRwOi8vdGVzdC8yMDmGD2h0dHA6Ly90ZXN0LzIxMIYP +aHR0cDovL3Rlc3QvMjExhg9odHRwOi8vdGVzdC8yMTKGD2h0dHA6Ly90ZXN0LzIx +M4YPaHR0cDovL3Rlc3QvMjE0hg9odHRwOi8vdGVzdC8yMTWGD2h0dHA6Ly90ZXN0 +LzIxNoYPaHR0cDovL3Rlc3QvMjE3hg9odHRwOi8vdGVzdC8yMTiGD2h0dHA6Ly90 +ZXN0LzIxOYYPaHR0cDovL3Rlc3QvMjIwhg9odHRwOi8vdGVzdC8yMjGGD2h0dHA6 +Ly90ZXN0LzIyMoYPaHR0cDovL3Rlc3QvMjIzhg9odHRwOi8vdGVzdC8yMjSGD2h0 +dHA6Ly90ZXN0LzIyNYYPaHR0cDovL3Rlc3QvMjI2hg9odHRwOi8vdGVzdC8yMjeG +D2h0dHA6Ly90ZXN0LzIyOIYPaHR0cDovL3Rlc3QvMjI5hg9odHRwOi8vdGVzdC8y +MzCGD2h0dHA6Ly90ZXN0LzIzMYYPaHR0cDovL3Rlc3QvMjMyhg9odHRwOi8vdGVz +dC8yMzOGD2h0dHA6Ly90ZXN0LzIzNIYPaHR0cDovL3Rlc3QvMjM1hg9odHRwOi8v +dGVzdC8yMzaGD2h0dHA6Ly90ZXN0LzIzN4YPaHR0cDovL3Rlc3QvMjM4hg9odHRw +Oi8vdGVzdC8yMzmGD2h0dHA6Ly90ZXN0LzI0MIYPaHR0cDovL3Rlc3QvMjQxhg9o +dHRwOi8vdGVzdC8yNDKGD2h0dHA6Ly90ZXN0LzI0M4YPaHR0cDovL3Rlc3QvMjQ0 +hg9odHRwOi8vdGVzdC8yNDWGD2h0dHA6Ly90ZXN0LzI0NoYPaHR0cDovL3Rlc3Qv +MjQ3hg9odHRwOi8vdGVzdC8yNDiGD2h0dHA6Ly90ZXN0LzI0OYYPaHR0cDovL3Rl +c3QvMjUwhg9odHRwOi8vdGVzdC8yNTGGD2h0dHA6Ly90ZXN0LzI1MoYPaHR0cDov +L3Rlc3QvMjUzhg9odHRwOi8vdGVzdC8yNTSGD2h0dHA6Ly90ZXN0LzI1NYYPaHR0 +cDovL3Rlc3QvMjU2hg9odHRwOi8vdGVzdC8yNTeGD2h0dHA6Ly90ZXN0LzI1OIYP +aHR0cDovL3Rlc3QvMjU5hg9odHRwOi8vdGVzdC8yNjCGD2h0dHA6Ly90ZXN0LzI2 +MYYPaHR0cDovL3Rlc3QvMjYyhg9odHRwOi8vdGVzdC8yNjOGD2h0dHA6Ly90ZXN0 +LzI2NIYPaHR0cDovL3Rlc3QvMjY1hg9odHRwOi8vdGVzdC8yNjaGD2h0dHA6Ly90 +ZXN0LzI2N4YPaHR0cDovL3Rlc3QvMjY4hg9odHRwOi8vdGVzdC8yNjmGD2h0dHA6 +Ly90ZXN0LzI3MIYPaHR0cDovL3Rlc3QvMjcxhg9odHRwOi8vdGVzdC8yNzKGD2h0 +dHA6Ly90ZXN0LzI3M4YPaHR0cDovL3Rlc3QvMjc0hg9odHRwOi8vdGVzdC8yNzWG +D2h0dHA6Ly90ZXN0LzI3NoYPaHR0cDovL3Rlc3QvMjc3hg9odHRwOi8vdGVzdC8y +NziGD2h0dHA6Ly90ZXN0LzI3OYYPaHR0cDovL3Rlc3QvMjgwhg9odHRwOi8vdGVz +dC8yODGGD2h0dHA6Ly90ZXN0LzI4MoYPaHR0cDovL3Rlc3QvMjgzhg9odHRwOi8v +dGVzdC8yODSGD2h0dHA6Ly90ZXN0LzI4NYYPaHR0cDovL3Rlc3QvMjg2hg9odHRw +Oi8vdGVzdC8yODeGD2h0dHA6Ly90ZXN0LzI4OIYPaHR0cDovL3Rlc3QvMjg5hg9o +dHRwOi8vdGVzdC8yOTCGD2h0dHA6Ly90ZXN0LzI5MYYPaHR0cDovL3Rlc3QvMjky +hg9odHRwOi8vdGVzdC8yOTOGD2h0dHA6Ly90ZXN0LzI5NIYPaHR0cDovL3Rlc3Qv +Mjk1hg9odHRwOi8vdGVzdC8yOTaGD2h0dHA6Ly90ZXN0LzI5N4YPaHR0cDovL3Rl +c3QvMjk4hg9odHRwOi8vdGVzdC8yOTmGD2h0dHA6Ly90ZXN0LzMwMIYPaHR0cDov +L3Rlc3QvMzAxhg9odHRwOi8vdGVzdC8zMDKGD2h0dHA6Ly90ZXN0LzMwM4YPaHR0 +cDovL3Rlc3QvMzA0hg9odHRwOi8vdGVzdC8zMDWGD2h0dHA6Ly90ZXN0LzMwNoYP +aHR0cDovL3Rlc3QvMzA3hg9odHRwOi8vdGVzdC8zMDiGD2h0dHA6Ly90ZXN0LzMw +OYYPaHR0cDovL3Rlc3QvMzEwhg9odHRwOi8vdGVzdC8zMTGGD2h0dHA6Ly90ZXN0 +LzMxMoYPaHR0cDovL3Rlc3QvMzEzhg9odHRwOi8vdGVzdC8zMTSGD2h0dHA6Ly90 +ZXN0LzMxNYYPaHR0cDovL3Rlc3QvMzE2hg9odHRwOi8vdGVzdC8zMTeGD2h0dHA6 +Ly90ZXN0LzMxOIYPaHR0cDovL3Rlc3QvMzE5hg9odHRwOi8vdGVzdC8zMjCGD2h0 +dHA6Ly90ZXN0LzMyMYYPaHR0cDovL3Rlc3QvMzIyhg9odHRwOi8vdGVzdC8zMjOG +D2h0dHA6Ly90ZXN0LzMyNIYPaHR0cDovL3Rlc3QvMzI1hg9odHRwOi8vdGVzdC8z +MjaGD2h0dHA6Ly90ZXN0LzMyN4YPaHR0cDovL3Rlc3QvMzI4hg9odHRwOi8vdGVz +dC8zMjmGD2h0dHA6Ly90ZXN0LzMzMIYPaHR0cDovL3Rlc3QvMzMxhg9odHRwOi8v +dGVzdC8zMzKGD2h0dHA6Ly90ZXN0LzMzM4YPaHR0cDovL3Rlc3QvMzM0hg9odHRw +Oi8vdGVzdC8zMzWGD2h0dHA6Ly90ZXN0LzMzNoYPaHR0cDovL3Rlc3QvMzM3hg9o +dHRwOi8vdGVzdC8zMziGD2h0dHA6Ly90ZXN0LzMzOYYPaHR0cDovL3Rlc3QvMzQw +hg9odHRwOi8vdGVzdC8zNDGGD2h0dHA6Ly90ZXN0LzM0MoYPaHR0cDovL3Rlc3Qv +MzQzhg9odHRwOi8vdGVzdC8zNDSGD2h0dHA6Ly90ZXN0LzM0NYYPaHR0cDovL3Rl +c3QvMzQ2hg9odHRwOi8vdGVzdC8zNDeGD2h0dHA6Ly90ZXN0LzM0OIYPaHR0cDov +L3Rlc3QvMzQ5hg9odHRwOi8vdGVzdC8zNTCGD2h0dHA6Ly90ZXN0LzM1MYYPaHR0 +cDovL3Rlc3QvMzUyhg9odHRwOi8vdGVzdC8zNTOGD2h0dHA6Ly90ZXN0LzM1NIYP +aHR0cDovL3Rlc3QvMzU1hg9odHRwOi8vdGVzdC8zNTaGD2h0dHA6Ly90ZXN0LzM1 +N4YPaHR0cDovL3Rlc3QvMzU4hg9odHRwOi8vdGVzdC8zNTmGD2h0dHA6Ly90ZXN0 +LzM2MIYPaHR0cDovL3Rlc3QvMzYxhg9odHRwOi8vdGVzdC8zNjKGD2h0dHA6Ly90 +ZXN0LzM2M4YPaHR0cDovL3Rlc3QvMzY0hg9odHRwOi8vdGVzdC8zNjWGD2h0dHA6 +Ly90ZXN0LzM2NoYPaHR0cDovL3Rlc3QvMzY3hg9odHRwOi8vdGVzdC8zNjiGD2h0 +dHA6Ly90ZXN0LzM2OYYPaHR0cDovL3Rlc3QvMzcwhg9odHRwOi8vdGVzdC8zNzGG +D2h0dHA6Ly90ZXN0LzM3MoYPaHR0cDovL3Rlc3QvMzczhg9odHRwOi8vdGVzdC8z +NzSGD2h0dHA6Ly90ZXN0LzM3NYYPaHR0cDovL3Rlc3QvMzc2hg9odHRwOi8vdGVz +dC8zNzeGD2h0dHA6Ly90ZXN0LzM3OIYPaHR0cDovL3Rlc3QvMzc5hg9odHRwOi8v +dGVzdC8zODCGD2h0dHA6Ly90ZXN0LzM4MYYPaHR0cDovL3Rlc3QvMzgyhg9odHRw +Oi8vdGVzdC8zODOGD2h0dHA6Ly90ZXN0LzM4NIYPaHR0cDovL3Rlc3QvMzg1hg9o +dHRwOi8vdGVzdC8zODaGD2h0dHA6Ly90ZXN0LzM4N4YPaHR0cDovL3Rlc3QvMzg4 +hg9odHRwOi8vdGVzdC8zODmGD2h0dHA6Ly90ZXN0LzM5MIYPaHR0cDovL3Rlc3Qv +Mzkxhg9odHRwOi8vdGVzdC8zOTKGD2h0dHA6Ly90ZXN0LzM5M4YPaHR0cDovL3Rl +c3QvMzk0hg9odHRwOi8vdGVzdC8zOTWGD2h0dHA6Ly90ZXN0LzM5NoYPaHR0cDov +L3Rlc3QvMzk3hg9odHRwOi8vdGVzdC8zOTiGD2h0dHA6Ly90ZXN0LzM5OYYPaHR0 +cDovL3Rlc3QvNDAwhg9odHRwOi8vdGVzdC80MDGGD2h0dHA6Ly90ZXN0LzQwMoYP +aHR0cDovL3Rlc3QvNDAzhg9odHRwOi8vdGVzdC80MDSGD2h0dHA6Ly90ZXN0LzQw +NYYPaHR0cDovL3Rlc3QvNDA2hg9odHRwOi8vdGVzdC80MDeGD2h0dHA6Ly90ZXN0 +LzQwOIYPaHR0cDovL3Rlc3QvNDA5hg9odHRwOi8vdGVzdC80MTCGD2h0dHA6Ly90 +ZXN0LzQxMYYPaHR0cDovL3Rlc3QvNDEyhg9odHRwOi8vdGVzdC80MTOGD2h0dHA6 +Ly90ZXN0LzQxNIYPaHR0cDovL3Rlc3QvNDE1hg9odHRwOi8vdGVzdC80MTaGD2h0 +dHA6Ly90ZXN0LzQxN4YPaHR0cDovL3Rlc3QvNDE4hg9odHRwOi8vdGVzdC80MTmG +D2h0dHA6Ly90ZXN0LzQyMIYPaHR0cDovL3Rlc3QvNDIxhg9odHRwOi8vdGVzdC80 +MjKGD2h0dHA6Ly90ZXN0LzQyM4YPaHR0cDovL3Rlc3QvNDI0hg9odHRwOi8vdGVz +dC80MjWGD2h0dHA6Ly90ZXN0LzQyNoYPaHR0cDovL3Rlc3QvNDI3hg9odHRwOi8v +dGVzdC80MjiGD2h0dHA6Ly90ZXN0LzQyOYYPaHR0cDovL3Rlc3QvNDMwhg9odHRw +Oi8vdGVzdC80MzGGD2h0dHA6Ly90ZXN0LzQzMoYPaHR0cDovL3Rlc3QvNDMzhg9o +dHRwOi8vdGVzdC80MzSGD2h0dHA6Ly90ZXN0LzQzNYYPaHR0cDovL3Rlc3QvNDM2 +hg9odHRwOi8vdGVzdC80MzeGD2h0dHA6Ly90ZXN0LzQzOIYPaHR0cDovL3Rlc3Qv +NDM5hg9odHRwOi8vdGVzdC80NDCGD2h0dHA6Ly90ZXN0LzQ0MYYPaHR0cDovL3Rl +c3QvNDQyhg9odHRwOi8vdGVzdC80NDOGD2h0dHA6Ly90ZXN0LzQ0NIYPaHR0cDov +L3Rlc3QvNDQ1hg9odHRwOi8vdGVzdC80NDaGD2h0dHA6Ly90ZXN0LzQ0N4YPaHR0 +cDovL3Rlc3QvNDQ4hg9odHRwOi8vdGVzdC80NDmGD2h0dHA6Ly90ZXN0LzQ1MIYP +aHR0cDovL3Rlc3QvNDUxhg9odHRwOi8vdGVzdC80NTKGD2h0dHA6Ly90ZXN0LzQ1 +M4YPaHR0cDovL3Rlc3QvNDU0hg9odHRwOi8vdGVzdC80NTWGD2h0dHA6Ly90ZXN0 +LzQ1NoYPaHR0cDovL3Rlc3QvNDU3hg9odHRwOi8vdGVzdC80NTiGD2h0dHA6Ly90 +ZXN0LzQ1OYYPaHR0cDovL3Rlc3QvNDYwhg9odHRwOi8vdGVzdC80NjGGD2h0dHA6 +Ly90ZXN0LzQ2MoYPaHR0cDovL3Rlc3QvNDYzhg9odHRwOi8vdGVzdC80NjSGD2h0 +dHA6Ly90ZXN0LzQ2NYYPaHR0cDovL3Rlc3QvNDY2hg9odHRwOi8vdGVzdC80NjeG +D2h0dHA6Ly90ZXN0LzQ2OIYPaHR0cDovL3Rlc3QvNDY5hg9odHRwOi8vdGVzdC80 +NzCGD2h0dHA6Ly90ZXN0LzQ3MYYPaHR0cDovL3Rlc3QvNDcyhg9odHRwOi8vdGVz +dC80NzOGD2h0dHA6Ly90ZXN0LzQ3NIYPaHR0cDovL3Rlc3QvNDc1hg9odHRwOi8v +dGVzdC80NzaGD2h0dHA6Ly90ZXN0LzQ3N4YPaHR0cDovL3Rlc3QvNDc4hg9odHRw +Oi8vdGVzdC80NzmGD2h0dHA6Ly90ZXN0LzQ4MIYPaHR0cDovL3Rlc3QvNDgxhg9o +dHRwOi8vdGVzdC80ODKGD2h0dHA6Ly90ZXN0LzQ4M4YPaHR0cDovL3Rlc3QvNDg0 +hg9odHRwOi8vdGVzdC80ODWGD2h0dHA6Ly90ZXN0LzQ4NoYPaHR0cDovL3Rlc3Qv +NDg3hg9odHRwOi8vdGVzdC80ODiGD2h0dHA6Ly90ZXN0LzQ4OYYPaHR0cDovL3Rl +c3QvNDkwhg9odHRwOi8vdGVzdC80OTGGD2h0dHA6Ly90ZXN0LzQ5MoYPaHR0cDov +L3Rlc3QvNDkzhg9odHRwOi8vdGVzdC80OTSGD2h0dHA6Ly90ZXN0LzQ5NYYPaHR0 +cDovL3Rlc3QvNDk2hg9odHRwOi8vdGVzdC80OTeGD2h0dHA6Ly90ZXN0LzQ5OIYP +aHR0cDovL3Rlc3QvNDk5hg9odHRwOi8vdGVzdC81MDCGD2h0dHA6Ly90ZXN0LzUw +MYYPaHR0cDovL3Rlc3QvNTAyhg9odHRwOi8vdGVzdC81MDOGD2h0dHA6Ly90ZXN0 +LzUwNIYPaHR0cDovL3Rlc3QvNTA1hg9odHRwOi8vdGVzdC81MDaGD2h0dHA6Ly90 +ZXN0LzUwN4YPaHR0cDovL3Rlc3QvNTA4hg9odHRwOi8vdGVzdC81MDmGD2h0dHA6 +Ly90ZXN0LzUxMIYPaHR0cDovL3Rlc3QvNTExhg9odHRwOi8vdGVzdC81MTKGD2h0 +dHA6Ly90ZXN0LzUxM4YPaHR0cDovL3Rlc3QvNTE0hg9odHRwOi8vdGVzdC81MTWG +D2h0dHA6Ly90ZXN0LzUxNoYPaHR0cDovL3Rlc3QvNTE3hg9odHRwOi8vdGVzdC81 +MTiGD2h0dHA6Ly90ZXN0LzUxOYYPaHR0cDovL3Rlc3QvNTIwhg9odHRwOi8vdGVz +dC81MjGGD2h0dHA6Ly90ZXN0LzUyMoYPaHR0cDovL3Rlc3QvNTIzhg9odHRwOi8v +dGVzdC81MjSGD2h0dHA6Ly90ZXN0LzUyNYYPaHR0cDovL3Rlc3QvNTI2hg9odHRw +Oi8vdGVzdC81MjeGD2h0dHA6Ly90ZXN0LzUyOIYPaHR0cDovL3Rlc3QvNTI5hg9o +dHRwOi8vdGVzdC81MzCGD2h0dHA6Ly90ZXN0LzUzMYYPaHR0cDovL3Rlc3QvNTMy +hg9odHRwOi8vdGVzdC81MzOGD2h0dHA6Ly90ZXN0LzUzNIYPaHR0cDovL3Rlc3Qv +NTM1hg9odHRwOi8vdGVzdC81MzaGD2h0dHA6Ly90ZXN0LzUzN4YPaHR0cDovL3Rl +c3QvNTM4hg9odHRwOi8vdGVzdC81MzmGD2h0dHA6Ly90ZXN0LzU0MIYPaHR0cDov +L3Rlc3QvNTQxhg9odHRwOi8vdGVzdC81NDKGD2h0dHA6Ly90ZXN0LzU0M4YPaHR0 +cDovL3Rlc3QvNTQ0hg9odHRwOi8vdGVzdC81NDWGD2h0dHA6Ly90ZXN0LzU0NoYP +aHR0cDovL3Rlc3QvNTQ3hg9odHRwOi8vdGVzdC81NDiGD2h0dHA6Ly90ZXN0LzU0 +OYYPaHR0cDovL3Rlc3QvNTUwhg9odHRwOi8vdGVzdC81NTGGD2h0dHA6Ly90ZXN0 +LzU1MoYPaHR0cDovL3Rlc3QvNTUzhg9odHRwOi8vdGVzdC81NTSGD2h0dHA6Ly90 +ZXN0LzU1NYYPaHR0cDovL3Rlc3QvNTU2hg9odHRwOi8vdGVzdC81NTeGD2h0dHA6 +Ly90ZXN0LzU1OIYPaHR0cDovL3Rlc3QvNTU5hg9odHRwOi8vdGVzdC81NjCGD2h0 +dHA6Ly90ZXN0LzU2MYYPaHR0cDovL3Rlc3QvNTYyhg9odHRwOi8vdGVzdC81NjOG +D2h0dHA6Ly90ZXN0LzU2NIYPaHR0cDovL3Rlc3QvNTY1hg9odHRwOi8vdGVzdC81 +NjaGD2h0dHA6Ly90ZXN0LzU2N4YPaHR0cDovL3Rlc3QvNTY4hg9odHRwOi8vdGVz +dC81NjmGD2h0dHA6Ly90ZXN0LzU3MIYPaHR0cDovL3Rlc3QvNTcxhg9odHRwOi8v +dGVzdC81NzKGD2h0dHA6Ly90ZXN0LzU3M4YPaHR0cDovL3Rlc3QvNTc0hg9odHRw +Oi8vdGVzdC81NzWGD2h0dHA6Ly90ZXN0LzU3NoYPaHR0cDovL3Rlc3QvNTc3hg9o +dHRwOi8vdGVzdC81NziGD2h0dHA6Ly90ZXN0LzU3OYYPaHR0cDovL3Rlc3QvNTgw +hg9odHRwOi8vdGVzdC81ODGGD2h0dHA6Ly90ZXN0LzU4MoYPaHR0cDovL3Rlc3Qv +NTgzhg9odHRwOi8vdGVzdC81ODSGD2h0dHA6Ly90ZXN0LzU4NYYPaHR0cDovL3Rl +c3QvNTg2hg9odHRwOi8vdGVzdC81ODeGD2h0dHA6Ly90ZXN0LzU4OIYPaHR0cDov +L3Rlc3QvNTg5hg9odHRwOi8vdGVzdC81OTCGD2h0dHA6Ly90ZXN0LzU5MYYPaHR0 +cDovL3Rlc3QvNTkyhg9odHRwOi8vdGVzdC81OTOGD2h0dHA6Ly90ZXN0LzU5NIYP +aHR0cDovL3Rlc3QvNTk1hg9odHRwOi8vdGVzdC81OTaGD2h0dHA6Ly90ZXN0LzU5 +N4YPaHR0cDovL3Rlc3QvNTk4hg9odHRwOi8vdGVzdC81OTmGD2h0dHA6Ly90ZXN0 +LzYwMIYPaHR0cDovL3Rlc3QvNjAxhg9odHRwOi8vdGVzdC82MDKGD2h0dHA6Ly90 +ZXN0LzYwM4YPaHR0cDovL3Rlc3QvNjA0hg9odHRwOi8vdGVzdC82MDWGD2h0dHA6 +Ly90ZXN0LzYwNoYPaHR0cDovL3Rlc3QvNjA3hg9odHRwOi8vdGVzdC82MDiGD2h0 +dHA6Ly90ZXN0LzYwOYYPaHR0cDovL3Rlc3QvNjEwhg9odHRwOi8vdGVzdC82MTGG +D2h0dHA6Ly90ZXN0LzYxMoYPaHR0cDovL3Rlc3QvNjEzhg9odHRwOi8vdGVzdC82 +MTSGD2h0dHA6Ly90ZXN0LzYxNYYPaHR0cDovL3Rlc3QvNjE2hg9odHRwOi8vdGVz +dC82MTeGD2h0dHA6Ly90ZXN0LzYxOIYPaHR0cDovL3Rlc3QvNjE5hg9odHRwOi8v +dGVzdC82MjCGD2h0dHA6Ly90ZXN0LzYyMYYPaHR0cDovL3Rlc3QvNjIyhg9odHRw +Oi8vdGVzdC82MjOGD2h0dHA6Ly90ZXN0LzYyNIYPaHR0cDovL3Rlc3QvNjI1hg9o +dHRwOi8vdGVzdC82MjaGD2h0dHA6Ly90ZXN0LzYyN4YPaHR0cDovL3Rlc3QvNjI4 +hg9odHRwOi8vdGVzdC82MjmGD2h0dHA6Ly90ZXN0LzYzMIYPaHR0cDovL3Rlc3Qv +NjMxhg9odHRwOi8vdGVzdC82MzKGD2h0dHA6Ly90ZXN0LzYzM4YPaHR0cDovL3Rl +c3QvNjM0hg9odHRwOi8vdGVzdC82MzWGD2h0dHA6Ly90ZXN0LzYzNoYPaHR0cDov +L3Rlc3QvNjM3hg9odHRwOi8vdGVzdC82MziGD2h0dHA6Ly90ZXN0LzYzOYYPaHR0 +cDovL3Rlc3QvNjQwhg9odHRwOi8vdGVzdC82NDGGD2h0dHA6Ly90ZXN0LzY0MoYP +aHR0cDovL3Rlc3QvNjQzhg9odHRwOi8vdGVzdC82NDSGD2h0dHA6Ly90ZXN0LzY0 +NYYPaHR0cDovL3Rlc3QvNjQ2hg9odHRwOi8vdGVzdC82NDeGD2h0dHA6Ly90ZXN0 +LzY0OIYPaHR0cDovL3Rlc3QvNjQ5hg9odHRwOi8vdGVzdC82NTCGD2h0dHA6Ly90 +ZXN0LzY1MYYPaHR0cDovL3Rlc3QvNjUyhg9odHRwOi8vdGVzdC82NTOGD2h0dHA6 +Ly90ZXN0LzY1NIYPaHR0cDovL3Rlc3QvNjU1hg9odHRwOi8vdGVzdC82NTaGD2h0 +dHA6Ly90ZXN0LzY1N4YPaHR0cDovL3Rlc3QvNjU4hg9odHRwOi8vdGVzdC82NTmG +D2h0dHA6Ly90ZXN0LzY2MIYPaHR0cDovL3Rlc3QvNjYxhg9odHRwOi8vdGVzdC82 +NjKGD2h0dHA6Ly90ZXN0LzY2M4YPaHR0cDovL3Rlc3QvNjY0hg9odHRwOi8vdGVz +dC82NjWGD2h0dHA6Ly90ZXN0LzY2NoYPaHR0cDovL3Rlc3QvNjY3hg9odHRwOi8v +dGVzdC82NjiGD2h0dHA6Ly90ZXN0LzY2OYYPaHR0cDovL3Rlc3QvNjcwhg9odHRw +Oi8vdGVzdC82NzGGD2h0dHA6Ly90ZXN0LzY3MoYPaHR0cDovL3Rlc3QvNjczhg9o +dHRwOi8vdGVzdC82NzSGD2h0dHA6Ly90ZXN0LzY3NYYPaHR0cDovL3Rlc3QvNjc2 +hg9odHRwOi8vdGVzdC82NzeGD2h0dHA6Ly90ZXN0LzY3OIYPaHR0cDovL3Rlc3Qv +Njc5hg9odHRwOi8vdGVzdC82ODCGD2h0dHA6Ly90ZXN0LzY4MYYPaHR0cDovL3Rl +c3QvNjgyhg9odHRwOi8vdGVzdC82ODOGD2h0dHA6Ly90ZXN0LzY4NIYPaHR0cDov +L3Rlc3QvNjg1hg9odHRwOi8vdGVzdC82ODaGD2h0dHA6Ly90ZXN0LzY4N4YPaHR0 +cDovL3Rlc3QvNjg4hg9odHRwOi8vdGVzdC82ODmGD2h0dHA6Ly90ZXN0LzY5MIYP +aHR0cDovL3Rlc3QvNjkxhg9odHRwOi8vdGVzdC82OTKGD2h0dHA6Ly90ZXN0LzY5 +M4YPaHR0cDovL3Rlc3QvNjk0hg9odHRwOi8vdGVzdC82OTWGD2h0dHA6Ly90ZXN0 +LzY5NoYPaHR0cDovL3Rlc3QvNjk3hg9odHRwOi8vdGVzdC82OTiGD2h0dHA6Ly90 +ZXN0LzY5OYYPaHR0cDovL3Rlc3QvNzAwhg9odHRwOi8vdGVzdC83MDGGD2h0dHA6 +Ly90ZXN0LzcwMoYPaHR0cDovL3Rlc3QvNzAzhg9odHRwOi8vdGVzdC83MDSGD2h0 +dHA6Ly90ZXN0LzcwNYYPaHR0cDovL3Rlc3QvNzA2hg9odHRwOi8vdGVzdC83MDeG +D2h0dHA6Ly90ZXN0LzcwOIYPaHR0cDovL3Rlc3QvNzA5hg9odHRwOi8vdGVzdC83 +MTCGD2h0dHA6Ly90ZXN0LzcxMYYPaHR0cDovL3Rlc3QvNzEyhg9odHRwOi8vdGVz +dC83MTOGD2h0dHA6Ly90ZXN0LzcxNIYPaHR0cDovL3Rlc3QvNzE1hg9odHRwOi8v +dGVzdC83MTaGD2h0dHA6Ly90ZXN0LzcxN4YPaHR0cDovL3Rlc3QvNzE4hg9odHRw +Oi8vdGVzdC83MTmGD2h0dHA6Ly90ZXN0LzcyMIYPaHR0cDovL3Rlc3QvNzIxhg9o +dHRwOi8vdGVzdC83MjKGD2h0dHA6Ly90ZXN0LzcyM4YPaHR0cDovL3Rlc3QvNzI0 +hg9odHRwOi8vdGVzdC83MjWGD2h0dHA6Ly90ZXN0LzcyNoYPaHR0cDovL3Rlc3Qv +NzI3hg9odHRwOi8vdGVzdC83MjiGD2h0dHA6Ly90ZXN0LzcyOYYPaHR0cDovL3Rl +c3QvNzMwhg9odHRwOi8vdGVzdC83MzGGD2h0dHA6Ly90ZXN0LzczMoYPaHR0cDov +L3Rlc3QvNzMzhg9odHRwOi8vdGVzdC83MzSGD2h0dHA6Ly90ZXN0LzczNYYPaHR0 +cDovL3Rlc3QvNzM2hg9odHRwOi8vdGVzdC83MzeGD2h0dHA6Ly90ZXN0LzczOIYP +aHR0cDovL3Rlc3QvNzM5hg9odHRwOi8vdGVzdC83NDCGD2h0dHA6Ly90ZXN0Lzc0 +MYYPaHR0cDovL3Rlc3QvNzQyhg9odHRwOi8vdGVzdC83NDOGD2h0dHA6Ly90ZXN0 +Lzc0NIYPaHR0cDovL3Rlc3QvNzQ1hg9odHRwOi8vdGVzdC83NDaGD2h0dHA6Ly90 +ZXN0Lzc0N4YPaHR0cDovL3Rlc3QvNzQ4hg9odHRwOi8vdGVzdC83NDmGD2h0dHA6 +Ly90ZXN0Lzc1MIYPaHR0cDovL3Rlc3QvNzUxhg9odHRwOi8vdGVzdC83NTKGD2h0 +dHA6Ly90ZXN0Lzc1M4YPaHR0cDovL3Rlc3QvNzU0hg9odHRwOi8vdGVzdC83NTWG +D2h0dHA6Ly90ZXN0Lzc1NoYPaHR0cDovL3Rlc3QvNzU3hg9odHRwOi8vdGVzdC83 +NTiGD2h0dHA6Ly90ZXN0Lzc1OYYPaHR0cDovL3Rlc3QvNzYwhg9odHRwOi8vdGVz +dC83NjGGD2h0dHA6Ly90ZXN0Lzc2MoYPaHR0cDovL3Rlc3QvNzYzhg9odHRwOi8v +dGVzdC83NjSGD2h0dHA6Ly90ZXN0Lzc2NYYPaHR0cDovL3Rlc3QvNzY2hg9odHRw +Oi8vdGVzdC83NjeGD2h0dHA6Ly90ZXN0Lzc2OIYPaHR0cDovL3Rlc3QvNzY5hg9o +dHRwOi8vdGVzdC83NzCGD2h0dHA6Ly90ZXN0Lzc3MYYPaHR0cDovL3Rlc3QvNzcy +hg9odHRwOi8vdGVzdC83NzOGD2h0dHA6Ly90ZXN0Lzc3NIYPaHR0cDovL3Rlc3Qv +Nzc1hg9odHRwOi8vdGVzdC83NzaGD2h0dHA6Ly90ZXN0Lzc3N4YPaHR0cDovL3Rl +c3QvNzc4hg9odHRwOi8vdGVzdC83NzmGD2h0dHA6Ly90ZXN0Lzc4MIYPaHR0cDov +L3Rlc3QvNzgxhg9odHRwOi8vdGVzdC83ODKGD2h0dHA6Ly90ZXN0Lzc4M4YPaHR0 +cDovL3Rlc3QvNzg0hg9odHRwOi8vdGVzdC83ODWGD2h0dHA6Ly90ZXN0Lzc4NoYP +aHR0cDovL3Rlc3QvNzg3hg9odHRwOi8vdGVzdC83ODiGD2h0dHA6Ly90ZXN0Lzc4 +OYYPaHR0cDovL3Rlc3QvNzkwhg9odHRwOi8vdGVzdC83OTGGD2h0dHA6Ly90ZXN0 +Lzc5MoYPaHR0cDovL3Rlc3QvNzkzhg9odHRwOi8vdGVzdC83OTSGD2h0dHA6Ly90 +ZXN0Lzc5NYYPaHR0cDovL3Rlc3QvNzk2hg9odHRwOi8vdGVzdC83OTeGD2h0dHA6 +Ly90ZXN0Lzc5OIYPaHR0cDovL3Rlc3QvNzk5hg9odHRwOi8vdGVzdC84MDCGD2h0 +dHA6Ly90ZXN0LzgwMYYPaHR0cDovL3Rlc3QvODAyhg9odHRwOi8vdGVzdC84MDOG +D2h0dHA6Ly90ZXN0LzgwNIYPaHR0cDovL3Rlc3QvODA1hg9odHRwOi8vdGVzdC84 +MDaGD2h0dHA6Ly90ZXN0LzgwN4YPaHR0cDovL3Rlc3QvODA4hg9odHRwOi8vdGVz +dC84MDmGD2h0dHA6Ly90ZXN0LzgxMIYPaHR0cDovL3Rlc3QvODExhg9odHRwOi8v +dGVzdC84MTKGD2h0dHA6Ly90ZXN0LzgxM4YPaHR0cDovL3Rlc3QvODE0hg9odHRw +Oi8vdGVzdC84MTWGD2h0dHA6Ly90ZXN0LzgxNoYPaHR0cDovL3Rlc3QvODE3hg9o +dHRwOi8vdGVzdC84MTiGD2h0dHA6Ly90ZXN0LzgxOYYPaHR0cDovL3Rlc3QvODIw +hg9odHRwOi8vdGVzdC84MjGGD2h0dHA6Ly90ZXN0LzgyMoYPaHR0cDovL3Rlc3Qv +ODIzhg9odHRwOi8vdGVzdC84MjSGD2h0dHA6Ly90ZXN0LzgyNYYPaHR0cDovL3Rl +c3QvODI2hg9odHRwOi8vdGVzdC84MjeGD2h0dHA6Ly90ZXN0LzgyOIYPaHR0cDov +L3Rlc3QvODI5hg9odHRwOi8vdGVzdC84MzCGD2h0dHA6Ly90ZXN0LzgzMYYPaHR0 +cDovL3Rlc3QvODMyhg9odHRwOi8vdGVzdC84MzOGD2h0dHA6Ly90ZXN0LzgzNIYP +aHR0cDovL3Rlc3QvODM1hg9odHRwOi8vdGVzdC84MzaGD2h0dHA6Ly90ZXN0Lzgz +N4YPaHR0cDovL3Rlc3QvODM4hg9odHRwOi8vdGVzdC84MzmGD2h0dHA6Ly90ZXN0 +Lzg0MIYPaHR0cDovL3Rlc3QvODQxhg9odHRwOi8vdGVzdC84NDKGD2h0dHA6Ly90 +ZXN0Lzg0M4YPaHR0cDovL3Rlc3QvODQ0hg9odHRwOi8vdGVzdC84NDWGD2h0dHA6 +Ly90ZXN0Lzg0NoYPaHR0cDovL3Rlc3QvODQ3hg9odHRwOi8vdGVzdC84NDiGD2h0 +dHA6Ly90ZXN0Lzg0OYYPaHR0cDovL3Rlc3QvODUwhg9odHRwOi8vdGVzdC84NTGG +D2h0dHA6Ly90ZXN0Lzg1MoYPaHR0cDovL3Rlc3QvODUzhg9odHRwOi8vdGVzdC84 +NTSGD2h0dHA6Ly90ZXN0Lzg1NYYPaHR0cDovL3Rlc3QvODU2hg9odHRwOi8vdGVz +dC84NTeGD2h0dHA6Ly90ZXN0Lzg1OIYPaHR0cDovL3Rlc3QvODU5hg9odHRwOi8v +dGVzdC84NjCGD2h0dHA6Ly90ZXN0Lzg2MYYPaHR0cDovL3Rlc3QvODYyhg9odHRw +Oi8vdGVzdC84NjOGD2h0dHA6Ly90ZXN0Lzg2NIYPaHR0cDovL3Rlc3QvODY1hg9o +dHRwOi8vdGVzdC84NjaGD2h0dHA6Ly90ZXN0Lzg2N4YPaHR0cDovL3Rlc3QvODY4 +hg9odHRwOi8vdGVzdC84NjmGD2h0dHA6Ly90ZXN0Lzg3MIYPaHR0cDovL3Rlc3Qv +ODcxhg9odHRwOi8vdGVzdC84NzKGD2h0dHA6Ly90ZXN0Lzg3M4YPaHR0cDovL3Rl +c3QvODc0hg9odHRwOi8vdGVzdC84NzWGD2h0dHA6Ly90ZXN0Lzg3NoYPaHR0cDov +L3Rlc3QvODc3hg9odHRwOi8vdGVzdC84NziGD2h0dHA6Ly90ZXN0Lzg3OYYPaHR0 +cDovL3Rlc3QvODgwhg9odHRwOi8vdGVzdC84ODGGD2h0dHA6Ly90ZXN0Lzg4MoYP +aHR0cDovL3Rlc3QvODgzhg9odHRwOi8vdGVzdC84ODSGD2h0dHA6Ly90ZXN0Lzg4 +NYYPaHR0cDovL3Rlc3QvODg2hg9odHRwOi8vdGVzdC84ODeGD2h0dHA6Ly90ZXN0 +Lzg4OIYPaHR0cDovL3Rlc3QvODg5hg9odHRwOi8vdGVzdC84OTCGD2h0dHA6Ly90 +ZXN0Lzg5MYYPaHR0cDovL3Rlc3QvODkyhg9odHRwOi8vdGVzdC84OTOGD2h0dHA6 +Ly90ZXN0Lzg5NIYPaHR0cDovL3Rlc3QvODk1hg9odHRwOi8vdGVzdC84OTaGD2h0 +dHA6Ly90ZXN0Lzg5N4YPaHR0cDovL3Rlc3QvODk4hg9odHRwOi8vdGVzdC84OTmG +D2h0dHA6Ly90ZXN0LzkwMIYPaHR0cDovL3Rlc3QvOTAxhg9odHRwOi8vdGVzdC85 +MDKGD2h0dHA6Ly90ZXN0LzkwM4YPaHR0cDovL3Rlc3QvOTA0hg9odHRwOi8vdGVz +dC85MDWGD2h0dHA6Ly90ZXN0LzkwNoYPaHR0cDovL3Rlc3QvOTA3hg9odHRwOi8v +dGVzdC85MDiGD2h0dHA6Ly90ZXN0LzkwOYYPaHR0cDovL3Rlc3QvOTEwhg9odHRw +Oi8vdGVzdC85MTGGD2h0dHA6Ly90ZXN0LzkxMoYPaHR0cDovL3Rlc3QvOTEzhg9o +dHRwOi8vdGVzdC85MTSGD2h0dHA6Ly90ZXN0LzkxNYYPaHR0cDovL3Rlc3QvOTE2 +hg9odHRwOi8vdGVzdC85MTeGD2h0dHA6Ly90ZXN0LzkxOIYPaHR0cDovL3Rlc3Qv +OTE5hg9odHRwOi8vdGVzdC85MjCGD2h0dHA6Ly90ZXN0LzkyMYYPaHR0cDovL3Rl +c3QvOTIyhg9odHRwOi8vdGVzdC85MjOGD2h0dHA6Ly90ZXN0LzkyNIYPaHR0cDov +L3Rlc3QvOTI1hg9odHRwOi8vdGVzdC85MjaGD2h0dHA6Ly90ZXN0LzkyN4YPaHR0 +cDovL3Rlc3QvOTI4hg9odHRwOi8vdGVzdC85MjmGD2h0dHA6Ly90ZXN0LzkzMIYP +aHR0cDovL3Rlc3QvOTMxhg9odHRwOi8vdGVzdC85MzKGD2h0dHA6Ly90ZXN0Lzkz +M4YPaHR0cDovL3Rlc3QvOTM0hg9odHRwOi8vdGVzdC85MzWGD2h0dHA6Ly90ZXN0 +LzkzNoYPaHR0cDovL3Rlc3QvOTM3hg9odHRwOi8vdGVzdC85MziGD2h0dHA6Ly90 +ZXN0LzkzOYYPaHR0cDovL3Rlc3QvOTQwhg9odHRwOi8vdGVzdC85NDGGD2h0dHA6 +Ly90ZXN0Lzk0MoYPaHR0cDovL3Rlc3QvOTQzhg9odHRwOi8vdGVzdC85NDSGD2h0 +dHA6Ly90ZXN0Lzk0NYYPaHR0cDovL3Rlc3QvOTQ2hg9odHRwOi8vdGVzdC85NDeG +D2h0dHA6Ly90ZXN0Lzk0OIYPaHR0cDovL3Rlc3QvOTQ5hg9odHRwOi8vdGVzdC85 +NTCGD2h0dHA6Ly90ZXN0Lzk1MYYPaHR0cDovL3Rlc3QvOTUyhg9odHRwOi8vdGVz +dC85NTOGD2h0dHA6Ly90ZXN0Lzk1NIYPaHR0cDovL3Rlc3QvOTU1hg9odHRwOi8v +dGVzdC85NTaGD2h0dHA6Ly90ZXN0Lzk1N4YPaHR0cDovL3Rlc3QvOTU4hg9odHRw +Oi8vdGVzdC85NTmGD2h0dHA6Ly90ZXN0Lzk2MIYPaHR0cDovL3Rlc3QvOTYxhg9o +dHRwOi8vdGVzdC85NjKGD2h0dHA6Ly90ZXN0Lzk2M4YPaHR0cDovL3Rlc3QvOTY0 +hg9odHRwOi8vdGVzdC85NjWGD2h0dHA6Ly90ZXN0Lzk2NoYPaHR0cDovL3Rlc3Qv +OTY3hg9odHRwOi8vdGVzdC85NjiGD2h0dHA6Ly90ZXN0Lzk2OYYPaHR0cDovL3Rl +c3QvOTcwhg9odHRwOi8vdGVzdC85NzGGD2h0dHA6Ly90ZXN0Lzk3MoYPaHR0cDov +L3Rlc3QvOTczhg9odHRwOi8vdGVzdC85NzSGD2h0dHA6Ly90ZXN0Lzk3NYYPaHR0 +cDovL3Rlc3QvOTc2hg9odHRwOi8vdGVzdC85NzeGD2h0dHA6Ly90ZXN0Lzk3OIYP +aHR0cDovL3Rlc3QvOTc5hg9odHRwOi8vdGVzdC85ODCGD2h0dHA6Ly90ZXN0Lzk4 +MYYPaHR0cDovL3Rlc3QvOTgyhg9odHRwOi8vdGVzdC85ODOGD2h0dHA6Ly90ZXN0 +Lzk4NIYPaHR0cDovL3Rlc3QvOTg1hg9odHRwOi8vdGVzdC85ODaGD2h0dHA6Ly90 +ZXN0Lzk4N4YPaHR0cDovL3Rlc3QvOTg4hg9odHRwOi8vdGVzdC85ODmGD2h0dHA6 +Ly90ZXN0Lzk5MIYPaHR0cDovL3Rlc3QvOTkxhg9odHRwOi8vdGVzdC85OTKGD2h0 +dHA6Ly90ZXN0Lzk5M4YPaHR0cDovL3Rlc3QvOTk0hg9odHRwOi8vdGVzdC85OTWG +D2h0dHA6Ly90ZXN0Lzk5NoYPaHR0cDovL3Rlc3QvOTk3hg9odHRwOi8vdGVzdC85 +OTiGD2h0dHA6Ly90ZXN0Lzk5OYYQaHR0cDovL3Rlc3QvMTAwMIYQaHR0cDovL3Rl +c3QvMTAwMYYQaHR0cDovL3Rlc3QvMTAwMoYQaHR0cDovL3Rlc3QvMTAwM4YQaHR0 +cDovL3Rlc3QvMTAwNIYQaHR0cDovL3Rlc3QvMTAwNYYQaHR0cDovL3Rlc3QvMTAw +NoYQaHR0cDovL3Rlc3QvMTAwN4YQaHR0cDovL3Rlc3QvMTAwOIYQaHR0cDovL3Rl +c3QvMTAwOYYQaHR0cDovL3Rlc3QvMTAxMIYQaHR0cDovL3Rlc3QvMTAxMYYQaHR0 +cDovL3Rlc3QvMTAxMoYQaHR0cDovL3Rlc3QvMTAxM4YQaHR0cDovL3Rlc3QvMTAx +NIYQaHR0cDovL3Rlc3QvMTAxNYYQaHR0cDovL3Rlc3QvMTAxNoYQaHR0cDovL3Rl +c3QvMTAxN4YQaHR0cDovL3Rlc3QvMTAxOIYQaHR0cDovL3Rlc3QvMTAxOYYQaHR0 +cDovL3Rlc3QvMTAyMIYQaHR0cDovL3Rlc3QvMTAyMYYQaHR0cDovL3Rlc3QvMTAy +MoYQaHR0cDovL3Rlc3QvMTAyM4YQaHR0cDovL3Rlc3QvMTAyNDANBgkqhkiG9w0B +AQsFAAOCAQEACAB/4EB10kM2P+Nsz8FKabIMG6ioa3ru7dAt7uJS2SofXawp9RLi +rzvboG06tAnvdvpSaF8HX5+kUo8d2tq2k1SHR9A8Zn7/G+Me2lJMAEZbDOueuF4e +2/fO3SwPTiMdY5jt5RjoBJyhHs1Y3glDTb+NS22OMummU0AXDOJZQ1UtP6uvqhNI +rACsW98WxyAq6lDveXjJNNXFf48n0FpCOugTAVG8o7lTbx3kc1KN8Mec0UYZqihj +PsxKX2MNHShL4LQ3g9uFjISGfjcVqO2oANoUl/3xyOpuOrcZwW9Tawv/KWAwfbY1 +1rhYb1UyGMZEwwjYxJUle7oTBCY0fNQOoQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + URI:http://test/0 + URI:http://test/1 + URI:http://test/2 + URI:http://test/3 + URI:http://test/4 + URI:http://test/5 + URI:http://test/6 + URI:http://test/7 + URI:http://test/8 + URI:http://test/9 + URI:http://test/10 + URI:http://test/11 + URI:http://test/12 + URI:http://test/13 + URI:http://test/14 + URI:http://test/15 + URI:http://test/16 + URI:http://test/17 + URI:http://test/18 + URI:http://test/19 + URI:http://test/20 + URI:http://test/21 + URI:http://test/22 + URI:http://test/23 + URI:http://test/24 + URI:http://test/25 + URI:http://test/26 + URI:http://test/27 + URI:http://test/28 + URI:http://test/29 + URI:http://test/30 + URI:http://test/31 + URI:http://test/32 + URI:http://test/33 + URI:http://test/34 + URI:http://test/35 + URI:http://test/36 + URI:http://test/37 + URI:http://test/38 + URI:http://test/39 + URI:http://test/40 + URI:http://test/41 + URI:http://test/42 + URI:http://test/43 + URI:http://test/44 + URI:http://test/45 + URI:http://test/46 + URI:http://test/47 + URI:http://test/48 + URI:http://test/49 + URI:http://test/50 + URI:http://test/51 + URI:http://test/52 + URI:http://test/53 + URI:http://test/54 + URI:http://test/55 + URI:http://test/56 + URI:http://test/57 + URI:http://test/58 + URI:http://test/59 + URI:http://test/60 + URI:http://test/61 + URI:http://test/62 + URI:http://test/63 + URI:http://test/64 + URI:http://test/65 + URI:http://test/66 + URI:http://test/67 + URI:http://test/68 + URI:http://test/69 + URI:http://test/70 + URI:http://test/71 + URI:http://test/72 + URI:http://test/73 + URI:http://test/74 + URI:http://test/75 + URI:http://test/76 + URI:http://test/77 + URI:http://test/78 + URI:http://test/79 + URI:http://test/80 + URI:http://test/81 + URI:http://test/82 + URI:http://test/83 + URI:http://test/84 + URI:http://test/85 + URI:http://test/86 + URI:http://test/87 + URI:http://test/88 + URI:http://test/89 + URI:http://test/90 + URI:http://test/91 + URI:http://test/92 + URI:http://test/93 + URI:http://test/94 + URI:http://test/95 + URI:http://test/96 + URI:http://test/97 + URI:http://test/98 + URI:http://test/99 + URI:http://test/100 + URI:http://test/101 + URI:http://test/102 + URI:http://test/103 + URI:http://test/104 + URI:http://test/105 + URI:http://test/106 + URI:http://test/107 + URI:http://test/108 + URI:http://test/109 + URI:http://test/110 + URI:http://test/111 + URI:http://test/112 + URI:http://test/113 + URI:http://test/114 + URI:http://test/115 + URI:http://test/116 + URI:http://test/117 + URI:http://test/118 + URI:http://test/119 + URI:http://test/120 + URI:http://test/121 + URI:http://test/122 + URI:http://test/123 + URI:http://test/124 + URI:http://test/125 + URI:http://test/126 + URI:http://test/127 + URI:http://test/128 + URI:http://test/129 + URI:http://test/130 + URI:http://test/131 + URI:http://test/132 + URI:http://test/133 + URI:http://test/134 + URI:http://test/135 + URI:http://test/136 + URI:http://test/137 + URI:http://test/138 + URI:http://test/139 + URI:http://test/140 + URI:http://test/141 + URI:http://test/142 + URI:http://test/143 + URI:http://test/144 + URI:http://test/145 + URI:http://test/146 + URI:http://test/147 + URI:http://test/148 + URI:http://test/149 + URI:http://test/150 + URI:http://test/151 + URI:http://test/152 + URI:http://test/153 + URI:http://test/154 + URI:http://test/155 + URI:http://test/156 + URI:http://test/157 + URI:http://test/158 + URI:http://test/159 + URI:http://test/160 + URI:http://test/161 + URI:http://test/162 + URI:http://test/163 + URI:http://test/164 + URI:http://test/165 + URI:http://test/166 + URI:http://test/167 + URI:http://test/168 + URI:http://test/169 + URI:http://test/170 + URI:http://test/171 + URI:http://test/172 + URI:http://test/173 + URI:http://test/174 + URI:http://test/175 + URI:http://test/176 + URI:http://test/177 + URI:http://test/178 + URI:http://test/179 + URI:http://test/180 + URI:http://test/181 + URI:http://test/182 + URI:http://test/183 + URI:http://test/184 + URI:http://test/185 + URI:http://test/186 + URI:http://test/187 + URI:http://test/188 + URI:http://test/189 + URI:http://test/190 + URI:http://test/191 + URI:http://test/192 + URI:http://test/193 + URI:http://test/194 + URI:http://test/195 + URI:http://test/196 + URI:http://test/197 + URI:http://test/198 + URI:http://test/199 + URI:http://test/200 + URI:http://test/201 + URI:http://test/202 + URI:http://test/203 + URI:http://test/204 + URI:http://test/205 + URI:http://test/206 + URI:http://test/207 + URI:http://test/208 + URI:http://test/209 + URI:http://test/210 + URI:http://test/211 + URI:http://test/212 + URI:http://test/213 + URI:http://test/214 + URI:http://test/215 + URI:http://test/216 + URI:http://test/217 + URI:http://test/218 + URI:http://test/219 + URI:http://test/220 + URI:http://test/221 + URI:http://test/222 + URI:http://test/223 + URI:http://test/224 + URI:http://test/225 + URI:http://test/226 + URI:http://test/227 + URI:http://test/228 + URI:http://test/229 + URI:http://test/230 + URI:http://test/231 + URI:http://test/232 + URI:http://test/233 + URI:http://test/234 + URI:http://test/235 + URI:http://test/236 + URI:http://test/237 + URI:http://test/238 + URI:http://test/239 + URI:http://test/240 + URI:http://test/241 + URI:http://test/242 + URI:http://test/243 + URI:http://test/244 + URI:http://test/245 + URI:http://test/246 + URI:http://test/247 + URI:http://test/248 + URI:http://test/249 + URI:http://test/250 + URI:http://test/251 + URI:http://test/252 + URI:http://test/253 + URI:http://test/254 + URI:http://test/255 + URI:http://test/256 + URI:http://test/257 + URI:http://test/258 + URI:http://test/259 + URI:http://test/260 + URI:http://test/261 + URI:http://test/262 + URI:http://test/263 + URI:http://test/264 + URI:http://test/265 + URI:http://test/266 + URI:http://test/267 + URI:http://test/268 + URI:http://test/269 + URI:http://test/270 + URI:http://test/271 + URI:http://test/272 + URI:http://test/273 + URI:http://test/274 + URI:http://test/275 + URI:http://test/276 + URI:http://test/277 + URI:http://test/278 + URI:http://test/279 + URI:http://test/280 + URI:http://test/281 + URI:http://test/282 + URI:http://test/283 + URI:http://test/284 + URI:http://test/285 + URI:http://test/286 + URI:http://test/287 + URI:http://test/288 + URI:http://test/289 + URI:http://test/290 + URI:http://test/291 + URI:http://test/292 + URI:http://test/293 + URI:http://test/294 + URI:http://test/295 + URI:http://test/296 + URI:http://test/297 + URI:http://test/298 + URI:http://test/299 + URI:http://test/300 + URI:http://test/301 + URI:http://test/302 + URI:http://test/303 + URI:http://test/304 + URI:http://test/305 + URI:http://test/306 + URI:http://test/307 + URI:http://test/308 + URI:http://test/309 + URI:http://test/310 + URI:http://test/311 + URI:http://test/312 + URI:http://test/313 + URI:http://test/314 + URI:http://test/315 + URI:http://test/316 + URI:http://test/317 + URI:http://test/318 + URI:http://test/319 + URI:http://test/320 + URI:http://test/321 + URI:http://test/322 + URI:http://test/323 + URI:http://test/324 + URI:http://test/325 + URI:http://test/326 + URI:http://test/327 + URI:http://test/328 + URI:http://test/329 + URI:http://test/330 + URI:http://test/331 + URI:http://test/332 + URI:http://test/333 + URI:http://test/334 + URI:http://test/335 + URI:http://test/336 + URI:http://test/337 + URI:http://test/338 + URI:http://test/339 + URI:http://test/340 + URI:http://test/341 + URI:http://test/342 + URI:http://test/343 + URI:http://test/344 + URI:http://test/345 + URI:http://test/346 + URI:http://test/347 + URI:http://test/348 + URI:http://test/349 + URI:http://test/350 + URI:http://test/351 + URI:http://test/352 + URI:http://test/353 + URI:http://test/354 + URI:http://test/355 + URI:http://test/356 + URI:http://test/357 + URI:http://test/358 + URI:http://test/359 + URI:http://test/360 + URI:http://test/361 + URI:http://test/362 + URI:http://test/363 + URI:http://test/364 + URI:http://test/365 + URI:http://test/366 + URI:http://test/367 + URI:http://test/368 + URI:http://test/369 + URI:http://test/370 + URI:http://test/371 + URI:http://test/372 + URI:http://test/373 + URI:http://test/374 + URI:http://test/375 + URI:http://test/376 + URI:http://test/377 + URI:http://test/378 + URI:http://test/379 + URI:http://test/380 + URI:http://test/381 + URI:http://test/382 + URI:http://test/383 + URI:http://test/384 + URI:http://test/385 + URI:http://test/386 + URI:http://test/387 + URI:http://test/388 + URI:http://test/389 + URI:http://test/390 + URI:http://test/391 + URI:http://test/392 + URI:http://test/393 + URI:http://test/394 + URI:http://test/395 + URI:http://test/396 + URI:http://test/397 + URI:http://test/398 + URI:http://test/399 + URI:http://test/400 + URI:http://test/401 + URI:http://test/402 + URI:http://test/403 + URI:http://test/404 + URI:http://test/405 + URI:http://test/406 + URI:http://test/407 + URI:http://test/408 + URI:http://test/409 + URI:http://test/410 + URI:http://test/411 + URI:http://test/412 + URI:http://test/413 + URI:http://test/414 + URI:http://test/415 + URI:http://test/416 + URI:http://test/417 + URI:http://test/418 + URI:http://test/419 + URI:http://test/420 + URI:http://test/421 + URI:http://test/422 + URI:http://test/423 + URI:http://test/424 + URI:http://test/425 + URI:http://test/426 + URI:http://test/427 + URI:http://test/428 + URI:http://test/429 + URI:http://test/430 + URI:http://test/431 + URI:http://test/432 + URI:http://test/433 + URI:http://test/434 + URI:http://test/435 + URI:http://test/436 + URI:http://test/437 + URI:http://test/438 + URI:http://test/439 + URI:http://test/440 + URI:http://test/441 + URI:http://test/442 + URI:http://test/443 + URI:http://test/444 + URI:http://test/445 + URI:http://test/446 + URI:http://test/447 + URI:http://test/448 + URI:http://test/449 + URI:http://test/450 + URI:http://test/451 + URI:http://test/452 + URI:http://test/453 + URI:http://test/454 + URI:http://test/455 + URI:http://test/456 + URI:http://test/457 + URI:http://test/458 + URI:http://test/459 + URI:http://test/460 + URI:http://test/461 + URI:http://test/462 + URI:http://test/463 + URI:http://test/464 + URI:http://test/465 + URI:http://test/466 + URI:http://test/467 + URI:http://test/468 + URI:http://test/469 + URI:http://test/470 + URI:http://test/471 + URI:http://test/472 + URI:http://test/473 + URI:http://test/474 + URI:http://test/475 + URI:http://test/476 + URI:http://test/477 + URI:http://test/478 + URI:http://test/479 + URI:http://test/480 + URI:http://test/481 + URI:http://test/482 + URI:http://test/483 + URI:http://test/484 + URI:http://test/485 + URI:http://test/486 + URI:http://test/487 + URI:http://test/488 + URI:http://test/489 + URI:http://test/490 + URI:http://test/491 + URI:http://test/492 + URI:http://test/493 + URI:http://test/494 + URI:http://test/495 + URI:http://test/496 + URI:http://test/497 + URI:http://test/498 + URI:http://test/499 + URI:http://test/500 + URI:http://test/501 + URI:http://test/502 + URI:http://test/503 + URI:http://test/504 + URI:http://test/505 + URI:http://test/506 + URI:http://test/507 + URI:http://test/508 + URI:http://test/509 + URI:http://test/510 + URI:http://test/511 + URI:http://test/512 + URI:http://test/513 + URI:http://test/514 + URI:http://test/515 + URI:http://test/516 + URI:http://test/517 + URI:http://test/518 + URI:http://test/519 + URI:http://test/520 + URI:http://test/521 + URI:http://test/522 + URI:http://test/523 + URI:http://test/524 + URI:http://test/525 + URI:http://test/526 + URI:http://test/527 + URI:http://test/528 + URI:http://test/529 + URI:http://test/530 + URI:http://test/531 + URI:http://test/532 + URI:http://test/533 + URI:http://test/534 + URI:http://test/535 + URI:http://test/536 + URI:http://test/537 + URI:http://test/538 + URI:http://test/539 + URI:http://test/540 + URI:http://test/541 + URI:http://test/542 + URI:http://test/543 + URI:http://test/544 + URI:http://test/545 + URI:http://test/546 + URI:http://test/547 + URI:http://test/548 + URI:http://test/549 + URI:http://test/550 + URI:http://test/551 + URI:http://test/552 + URI:http://test/553 + URI:http://test/554 + URI:http://test/555 + URI:http://test/556 + URI:http://test/557 + URI:http://test/558 + URI:http://test/559 + URI:http://test/560 + URI:http://test/561 + URI:http://test/562 + URI:http://test/563 + URI:http://test/564 + URI:http://test/565 + URI:http://test/566 + URI:http://test/567 + URI:http://test/568 + URI:http://test/569 + URI:http://test/570 + URI:http://test/571 + URI:http://test/572 + URI:http://test/573 + URI:http://test/574 + URI:http://test/575 + URI:http://test/576 + URI:http://test/577 + URI:http://test/578 + URI:http://test/579 + URI:http://test/580 + URI:http://test/581 + URI:http://test/582 + URI:http://test/583 + URI:http://test/584 + URI:http://test/585 + URI:http://test/586 + URI:http://test/587 + URI:http://test/588 + URI:http://test/589 + URI:http://test/590 + URI:http://test/591 + URI:http://test/592 + URI:http://test/593 + URI:http://test/594 + URI:http://test/595 + URI:http://test/596 + URI:http://test/597 + URI:http://test/598 + URI:http://test/599 + URI:http://test/600 + URI:http://test/601 + URI:http://test/602 + URI:http://test/603 + URI:http://test/604 + URI:http://test/605 + URI:http://test/606 + URI:http://test/607 + URI:http://test/608 + URI:http://test/609 + URI:http://test/610 + URI:http://test/611 + URI:http://test/612 + URI:http://test/613 + URI:http://test/614 + URI:http://test/615 + URI:http://test/616 + URI:http://test/617 + URI:http://test/618 + URI:http://test/619 + URI:http://test/620 + URI:http://test/621 + URI:http://test/622 + URI:http://test/623 + URI:http://test/624 + URI:http://test/625 + URI:http://test/626 + URI:http://test/627 + URI:http://test/628 + URI:http://test/629 + URI:http://test/630 + URI:http://test/631 + URI:http://test/632 + URI:http://test/633 + URI:http://test/634 + URI:http://test/635 + URI:http://test/636 + URI:http://test/637 + URI:http://test/638 + URI:http://test/639 + URI:http://test/640 + URI:http://test/641 + URI:http://test/642 + URI:http://test/643 + URI:http://test/644 + URI:http://test/645 + URI:http://test/646 + URI:http://test/647 + URI:http://test/648 + URI:http://test/649 + URI:http://test/650 + URI:http://test/651 + URI:http://test/652 + URI:http://test/653 + URI:http://test/654 + URI:http://test/655 + URI:http://test/656 + URI:http://test/657 + URI:http://test/658 + URI:http://test/659 + URI:http://test/660 + URI:http://test/661 + URI:http://test/662 + URI:http://test/663 + URI:http://test/664 + URI:http://test/665 + URI:http://test/666 + URI:http://test/667 + URI:http://test/668 + URI:http://test/669 + URI:http://test/670 + URI:http://test/671 + URI:http://test/672 + URI:http://test/673 + URI:http://test/674 + URI:http://test/675 + URI:http://test/676 + URI:http://test/677 + URI:http://test/678 + URI:http://test/679 + URI:http://test/680 + URI:http://test/681 + URI:http://test/682 + URI:http://test/683 + URI:http://test/684 + URI:http://test/685 + URI:http://test/686 + URI:http://test/687 + URI:http://test/688 + URI:http://test/689 + URI:http://test/690 + URI:http://test/691 + URI:http://test/692 + URI:http://test/693 + URI:http://test/694 + URI:http://test/695 + URI:http://test/696 + URI:http://test/697 + URI:http://test/698 + URI:http://test/699 + URI:http://test/700 + URI:http://test/701 + URI:http://test/702 + URI:http://test/703 + URI:http://test/704 + URI:http://test/705 + URI:http://test/706 + URI:http://test/707 + URI:http://test/708 + URI:http://test/709 + URI:http://test/710 + URI:http://test/711 + URI:http://test/712 + URI:http://test/713 + URI:http://test/714 + URI:http://test/715 + URI:http://test/716 + URI:http://test/717 + URI:http://test/718 + URI:http://test/719 + URI:http://test/720 + URI:http://test/721 + URI:http://test/722 + URI:http://test/723 + URI:http://test/724 + URI:http://test/725 + URI:http://test/726 + URI:http://test/727 + URI:http://test/728 + URI:http://test/729 + URI:http://test/730 + URI:http://test/731 + URI:http://test/732 + URI:http://test/733 + URI:http://test/734 + URI:http://test/735 + URI:http://test/736 + URI:http://test/737 + URI:http://test/738 + URI:http://test/739 + URI:http://test/740 + URI:http://test/741 + URI:http://test/742 + URI:http://test/743 + URI:http://test/744 + URI:http://test/745 + URI:http://test/746 + URI:http://test/747 + URI:http://test/748 + URI:http://test/749 + URI:http://test/750 + URI:http://test/751 + URI:http://test/752 + URI:http://test/753 + URI:http://test/754 + URI:http://test/755 + URI:http://test/756 + URI:http://test/757 + URI:http://test/758 + URI:http://test/759 + URI:http://test/760 + URI:http://test/761 + URI:http://test/762 + URI:http://test/763 + URI:http://test/764 + URI:http://test/765 + URI:http://test/766 + URI:http://test/767 + URI:http://test/768 + URI:http://test/769 + URI:http://test/770 + URI:http://test/771 + URI:http://test/772 + URI:http://test/773 + URI:http://test/774 + URI:http://test/775 + URI:http://test/776 + URI:http://test/777 + URI:http://test/778 + URI:http://test/779 + URI:http://test/780 + URI:http://test/781 + URI:http://test/782 + URI:http://test/783 + URI:http://test/784 + URI:http://test/785 + URI:http://test/786 + URI:http://test/787 + URI:http://test/788 + URI:http://test/789 + URI:http://test/790 + URI:http://test/791 + URI:http://test/792 + URI:http://test/793 + URI:http://test/794 + URI:http://test/795 + URI:http://test/796 + URI:http://test/797 + URI:http://test/798 + URI:http://test/799 + URI:http://test/800 + URI:http://test/801 + URI:http://test/802 + URI:http://test/803 + URI:http://test/804 + URI:http://test/805 + URI:http://test/806 + URI:http://test/807 + URI:http://test/808 + URI:http://test/809 + URI:http://test/810 + URI:http://test/811 + URI:http://test/812 + URI:http://test/813 + URI:http://test/814 + URI:http://test/815 + URI:http://test/816 + URI:http://test/817 + URI:http://test/818 + URI:http://test/819 + URI:http://test/820 + URI:http://test/821 + URI:http://test/822 + URI:http://test/823 + URI:http://test/824 + URI:http://test/825 + URI:http://test/826 + URI:http://test/827 + URI:http://test/828 + URI:http://test/829 + URI:http://test/830 + URI:http://test/831 + URI:http://test/832 + URI:http://test/833 + URI:http://test/834 + URI:http://test/835 + URI:http://test/836 + URI:http://test/837 + URI:http://test/838 + URI:http://test/839 + URI:http://test/840 + URI:http://test/841 + URI:http://test/842 + URI:http://test/843 + URI:http://test/844 + URI:http://test/845 + URI:http://test/846 + URI:http://test/847 + URI:http://test/848 + URI:http://test/849 + URI:http://test/850 + URI:http://test/851 + URI:http://test/852 + URI:http://test/853 + URI:http://test/854 + URI:http://test/855 + URI:http://test/856 + URI:http://test/857 + URI:http://test/858 + URI:http://test/859 + URI:http://test/860 + URI:http://test/861 + URI:http://test/862 + URI:http://test/863 + URI:http://test/864 + URI:http://test/865 + URI:http://test/866 + URI:http://test/867 + URI:http://test/868 + URI:http://test/869 + URI:http://test/870 + URI:http://test/871 + URI:http://test/872 + URI:http://test/873 + URI:http://test/874 + URI:http://test/875 + URI:http://test/876 + URI:http://test/877 + URI:http://test/878 + URI:http://test/879 + URI:http://test/880 + URI:http://test/881 + URI:http://test/882 + URI:http://test/883 + URI:http://test/884 + URI:http://test/885 + URI:http://test/886 + URI:http://test/887 + URI:http://test/888 + URI:http://test/889 + URI:http://test/890 + URI:http://test/891 + URI:http://test/892 + URI:http://test/893 + URI:http://test/894 + URI:http://test/895 + URI:http://test/896 + URI:http://test/897 + URI:http://test/898 + URI:http://test/899 + URI:http://test/900 + URI:http://test/901 + URI:http://test/902 + URI:http://test/903 + URI:http://test/904 + URI:http://test/905 + URI:http://test/906 + URI:http://test/907 + URI:http://test/908 + URI:http://test/909 + URI:http://test/910 + URI:http://test/911 + URI:http://test/912 + URI:http://test/913 + URI:http://test/914 + URI:http://test/915 + URI:http://test/916 + URI:http://test/917 + URI:http://test/918 + URI:http://test/919 + URI:http://test/920 + URI:http://test/921 + URI:http://test/922 + URI:http://test/923 + URI:http://test/924 + URI:http://test/925 + URI:http://test/926 + URI:http://test/927 + URI:http://test/928 + URI:http://test/929 + URI:http://test/930 + URI:http://test/931 + URI:http://test/932 + URI:http://test/933 + URI:http://test/934 + URI:http://test/935 + URI:http://test/936 + URI:http://test/937 + URI:http://test/938 + URI:http://test/939 + URI:http://test/940 + URI:http://test/941 + URI:http://test/942 + URI:http://test/943 + URI:http://test/944 + URI:http://test/945 + URI:http://test/946 + URI:http://test/947 + URI:http://test/948 + URI:http://test/949 + URI:http://test/950 + URI:http://test/951 + URI:http://test/952 + URI:http://test/953 + URI:http://test/954 + URI:http://test/955 + URI:http://test/956 + URI:http://test/957 + URI:http://test/958 + URI:http://test/959 + URI:http://test/960 + URI:http://test/961 + URI:http://test/962 + URI:http://test/963 + URI:http://test/964 + URI:http://test/965 + URI:http://test/966 + URI:http://test/967 + URI:http://test/968 + URI:http://test/969 + URI:http://test/970 + URI:http://test/971 + URI:http://test/972 + URI:http://test/973 + URI:http://test/974 + URI:http://test/975 + URI:http://test/976 + URI:http://test/977 + URI:http://test/978 + URI:http://test/979 + URI:http://test/980 + URI:http://test/981 + URI:http://test/982 + URI:http://test/983 + URI:http://test/984 + URI:http://test/985 + URI:http://test/986 + URI:http://test/987 + URI:http://test/988 + URI:http://test/989 + URI:http://test/990 + URI:http://test/991 + URI:http://test/992 + URI:http://test/993 + URI:http://test/994 + URI:http://test/995 + URI:http://test/996 + URI:http://test/997 + URI:http://test/998 + URI:http://test/999 + URI:http://test/1000 + URI:http://test/1001 + URI:http://test/1002 + URI:http://test/1003 + URI:http://test/1004 + URI:http://test/1005 + URI:http://test/1006 + URI:http://test/1007 + URI:http://test/1008 + URI:http://test/1009 + URI:http://test/1010 + URI:http://test/1011 + URI:http://test/1012 + URI:http://test/1013 + URI:http://test/1014 + URI:http://test/1015 + URI:http://test/1016 + URI:http://test/1017 + URI:http://test/1018 + URI:http://test/1019 + URI:http://test/1020 + URI:http://test/1021 + URI:http://test/1022 + URI:http://test/1023 + URI:http://test/1024 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + URI:http://xest/0 + URI:http://xest/1 + URI:http://xest/2 + URI:http://xest/3 + URI:http://xest/4 + URI:http://xest/5 + URI:http://xest/6 + URI:http://xest/7 + URI:http://xest/8 + URI:http://xest/9 + URI:http://xest/10 + URI:http://xest/11 + URI:http://xest/12 + URI:http://xest/13 + URI:http://xest/14 + URI:http://xest/15 + URI:http://xest/16 + URI:http://xest/17 + URI:http://xest/18 + URI:http://xest/19 + URI:http://xest/20 + URI:http://xest/21 + URI:http://xest/22 + URI:http://xest/23 + URI:http://xest/24 + URI:http://xest/25 + URI:http://xest/26 + URI:http://xest/27 + URI:http://xest/28 + URI:http://xest/29 + URI:http://xest/30 + URI:http://xest/31 + URI:http://xest/32 + URI:http://xest/33 + URI:http://xest/34 + URI:http://xest/35 + URI:http://xest/36 + URI:http://xest/37 + URI:http://xest/38 + URI:http://xest/39 + URI:http://xest/40 + URI:http://xest/41 + URI:http://xest/42 + URI:http://xest/43 + URI:http://xest/44 + URI:http://xest/45 + URI:http://xest/46 + URI:http://xest/47 + URI:http://xest/48 + URI:http://xest/49 + URI:http://xest/50 + URI:http://xest/51 + URI:http://xest/52 + URI:http://xest/53 + URI:http://xest/54 + URI:http://xest/55 + URI:http://xest/56 + URI:http://xest/57 + URI:http://xest/58 + URI:http://xest/59 + URI:http://xest/60 + URI:http://xest/61 + URI:http://xest/62 + URI:http://xest/63 + URI:http://xest/64 + URI:http://xest/65 + URI:http://xest/66 + URI:http://xest/67 + URI:http://xest/68 + URI:http://xest/69 + URI:http://xest/70 + URI:http://xest/71 + URI:http://xest/72 + URI:http://xest/73 + URI:http://xest/74 + URI:http://xest/75 + URI:http://xest/76 + URI:http://xest/77 + URI:http://xest/78 + URI:http://xest/79 + URI:http://xest/80 + URI:http://xest/81 + URI:http://xest/82 + URI:http://xest/83 + URI:http://xest/84 + URI:http://xest/85 + URI:http://xest/86 + URI:http://xest/87 + URI:http://xest/88 + URI:http://xest/89 + URI:http://xest/90 + URI:http://xest/91 + URI:http://xest/92 + URI:http://xest/93 + URI:http://xest/94 + URI:http://xest/95 + URI:http://xest/96 + URI:http://xest/97 + URI:http://xest/98 + URI:http://xest/99 + URI:http://xest/100 + URI:http://xest/101 + URI:http://xest/102 + URI:http://xest/103 + URI:http://xest/104 + URI:http://xest/105 + URI:http://xest/106 + URI:http://xest/107 + URI:http://xest/108 + URI:http://xest/109 + URI:http://xest/110 + URI:http://xest/111 + URI:http://xest/112 + URI:http://xest/113 + URI:http://xest/114 + URI:http://xest/115 + URI:http://xest/116 + URI:http://xest/117 + URI:http://xest/118 + URI:http://xest/119 + URI:http://xest/120 + URI:http://xest/121 + URI:http://xest/122 + URI:http://xest/123 + URI:http://xest/124 + URI:http://xest/125 + URI:http://xest/126 + URI:http://xest/127 + URI:http://xest/128 + URI:http://xest/129 + URI:http://xest/130 + URI:http://xest/131 + URI:http://xest/132 + URI:http://xest/133 + URI:http://xest/134 + URI:http://xest/135 + URI:http://xest/136 + URI:http://xest/137 + URI:http://xest/138 + URI:http://xest/139 + URI:http://xest/140 + URI:http://xest/141 + URI:http://xest/142 + URI:http://xest/143 + URI:http://xest/144 + URI:http://xest/145 + URI:http://xest/146 + URI:http://xest/147 + URI:http://xest/148 + URI:http://xest/149 + URI:http://xest/150 + URI:http://xest/151 + URI:http://xest/152 + URI:http://xest/153 + URI:http://xest/154 + URI:http://xest/155 + URI:http://xest/156 + URI:http://xest/157 + URI:http://xest/158 + URI:http://xest/159 + URI:http://xest/160 + URI:http://xest/161 + URI:http://xest/162 + URI:http://xest/163 + URI:http://xest/164 + URI:http://xest/165 + URI:http://xest/166 + URI:http://xest/167 + URI:http://xest/168 + URI:http://xest/169 + URI:http://xest/170 + URI:http://xest/171 + URI:http://xest/172 + URI:http://xest/173 + URI:http://xest/174 + URI:http://xest/175 + URI:http://xest/176 + URI:http://xest/177 + URI:http://xest/178 + URI:http://xest/179 + URI:http://xest/180 + URI:http://xest/181 + URI:http://xest/182 + URI:http://xest/183 + URI:http://xest/184 + URI:http://xest/185 + URI:http://xest/186 + URI:http://xest/187 + URI:http://xest/188 + URI:http://xest/189 + URI:http://xest/190 + URI:http://xest/191 + URI:http://xest/192 + URI:http://xest/193 + URI:http://xest/194 + URI:http://xest/195 + URI:http://xest/196 + URI:http://xest/197 + URI:http://xest/198 + URI:http://xest/199 + URI:http://xest/200 + URI:http://xest/201 + URI:http://xest/202 + URI:http://xest/203 + URI:http://xest/204 + URI:http://xest/205 + URI:http://xest/206 + URI:http://xest/207 + URI:http://xest/208 + URI:http://xest/209 + URI:http://xest/210 + URI:http://xest/211 + URI:http://xest/212 + URI:http://xest/213 + URI:http://xest/214 + URI:http://xest/215 + URI:http://xest/216 + URI:http://xest/217 + URI:http://xest/218 + URI:http://xest/219 + URI:http://xest/220 + URI:http://xest/221 + URI:http://xest/222 + URI:http://xest/223 + URI:http://xest/224 + URI:http://xest/225 + URI:http://xest/226 + URI:http://xest/227 + URI:http://xest/228 + URI:http://xest/229 + URI:http://xest/230 + URI:http://xest/231 + URI:http://xest/232 + URI:http://xest/233 + URI:http://xest/234 + URI:http://xest/235 + URI:http://xest/236 + URI:http://xest/237 + URI:http://xest/238 + URI:http://xest/239 + URI:http://xest/240 + URI:http://xest/241 + URI:http://xest/242 + URI:http://xest/243 + URI:http://xest/244 + URI:http://xest/245 + URI:http://xest/246 + URI:http://xest/247 + URI:http://xest/248 + URI:http://xest/249 + URI:http://xest/250 + URI:http://xest/251 + URI:http://xest/252 + URI:http://xest/253 + URI:http://xest/254 + URI:http://xest/255 + URI:http://xest/256 + URI:http://xest/257 + URI:http://xest/258 + URI:http://xest/259 + URI:http://xest/260 + URI:http://xest/261 + URI:http://xest/262 + URI:http://xest/263 + URI:http://xest/264 + URI:http://xest/265 + URI:http://xest/266 + URI:http://xest/267 + URI:http://xest/268 + URI:http://xest/269 + URI:http://xest/270 + URI:http://xest/271 + URI:http://xest/272 + URI:http://xest/273 + URI:http://xest/274 + URI:http://xest/275 + URI:http://xest/276 + URI:http://xest/277 + URI:http://xest/278 + URI:http://xest/279 + URI:http://xest/280 + URI:http://xest/281 + URI:http://xest/282 + URI:http://xest/283 + URI:http://xest/284 + URI:http://xest/285 + URI:http://xest/286 + URI:http://xest/287 + URI:http://xest/288 + URI:http://xest/289 + URI:http://xest/290 + URI:http://xest/291 + URI:http://xest/292 + URI:http://xest/293 + URI:http://xest/294 + URI:http://xest/295 + URI:http://xest/296 + URI:http://xest/297 + URI:http://xest/298 + URI:http://xest/299 + URI:http://xest/300 + URI:http://xest/301 + URI:http://xest/302 + URI:http://xest/303 + URI:http://xest/304 + URI:http://xest/305 + URI:http://xest/306 + URI:http://xest/307 + URI:http://xest/308 + URI:http://xest/309 + URI:http://xest/310 + URI:http://xest/311 + URI:http://xest/312 + URI:http://xest/313 + URI:http://xest/314 + URI:http://xest/315 + URI:http://xest/316 + URI:http://xest/317 + URI:http://xest/318 + URI:http://xest/319 + URI:http://xest/320 + URI:http://xest/321 + URI:http://xest/322 + URI:http://xest/323 + URI:http://xest/324 + URI:http://xest/325 + URI:http://xest/326 + URI:http://xest/327 + URI:http://xest/328 + URI:http://xest/329 + URI:http://xest/330 + URI:http://xest/331 + URI:http://xest/332 + URI:http://xest/333 + URI:http://xest/334 + URI:http://xest/335 + URI:http://xest/336 + URI:http://xest/337 + URI:http://xest/338 + URI:http://xest/339 + URI:http://xest/340 + URI:http://xest/341 + URI:http://xest/342 + URI:http://xest/343 + URI:http://xest/344 + URI:http://xest/345 + URI:http://xest/346 + URI:http://xest/347 + URI:http://xest/348 + URI:http://xest/349 + URI:http://xest/350 + URI:http://xest/351 + URI:http://xest/352 + URI:http://xest/353 + URI:http://xest/354 + URI:http://xest/355 + URI:http://xest/356 + URI:http://xest/357 + URI:http://xest/358 + URI:http://xest/359 + URI:http://xest/360 + URI:http://xest/361 + URI:http://xest/362 + URI:http://xest/363 + URI:http://xest/364 + URI:http://xest/365 + URI:http://xest/366 + URI:http://xest/367 + URI:http://xest/368 + URI:http://xest/369 + URI:http://xest/370 + URI:http://xest/371 + URI:http://xest/372 + URI:http://xest/373 + URI:http://xest/374 + URI:http://xest/375 + URI:http://xest/376 + URI:http://xest/377 + URI:http://xest/378 + URI:http://xest/379 + URI:http://xest/380 + URI:http://xest/381 + URI:http://xest/382 + URI:http://xest/383 + URI:http://xest/384 + URI:http://xest/385 + URI:http://xest/386 + URI:http://xest/387 + URI:http://xest/388 + URI:http://xest/389 + URI:http://xest/390 + URI:http://xest/391 + URI:http://xest/392 + URI:http://xest/393 + URI:http://xest/394 + URI:http://xest/395 + URI:http://xest/396 + URI:http://xest/397 + URI:http://xest/398 + URI:http://xest/399 + URI:http://xest/400 + URI:http://xest/401 + URI:http://xest/402 + URI:http://xest/403 + URI:http://xest/404 + URI:http://xest/405 + URI:http://xest/406 + URI:http://xest/407 + URI:http://xest/408 + URI:http://xest/409 + URI:http://xest/410 + URI:http://xest/411 + URI:http://xest/412 + URI:http://xest/413 + URI:http://xest/414 + URI:http://xest/415 + URI:http://xest/416 + URI:http://xest/417 + URI:http://xest/418 + URI:http://xest/419 + URI:http://xest/420 + URI:http://xest/421 + URI:http://xest/422 + URI:http://xest/423 + URI:http://xest/424 + URI:http://xest/425 + URI:http://xest/426 + URI:http://xest/427 + URI:http://xest/428 + URI:http://xest/429 + URI:http://xest/430 + URI:http://xest/431 + URI:http://xest/432 + URI:http://xest/433 + URI:http://xest/434 + URI:http://xest/435 + URI:http://xest/436 + URI:http://xest/437 + URI:http://xest/438 + URI:http://xest/439 + URI:http://xest/440 + URI:http://xest/441 + URI:http://xest/442 + URI:http://xest/443 + URI:http://xest/444 + URI:http://xest/445 + URI:http://xest/446 + URI:http://xest/447 + URI:http://xest/448 + URI:http://xest/449 + URI:http://xest/450 + URI:http://xest/451 + URI:http://xest/452 + URI:http://xest/453 + URI:http://xest/454 + URI:http://xest/455 + URI:http://xest/456 + URI:http://xest/457 + URI:http://xest/458 + URI:http://xest/459 + URI:http://xest/460 + URI:http://xest/461 + URI:http://xest/462 + URI:http://xest/463 + URI:http://xest/464 + URI:http://xest/465 + URI:http://xest/466 + URI:http://xest/467 + URI:http://xest/468 + URI:http://xest/469 + URI:http://xest/470 + URI:http://xest/471 + URI:http://xest/472 + URI:http://xest/473 + URI:http://xest/474 + URI:http://xest/475 + URI:http://xest/476 + URI:http://xest/477 + URI:http://xest/478 + URI:http://xest/479 + URI:http://xest/480 + URI:http://xest/481 + URI:http://xest/482 + URI:http://xest/483 + URI:http://xest/484 + URI:http://xest/485 + URI:http://xest/486 + URI:http://xest/487 + URI:http://xest/488 + URI:http://xest/489 + URI:http://xest/490 + URI:http://xest/491 + URI:http://xest/492 + URI:http://xest/493 + URI:http://xest/494 + URI:http://xest/495 + URI:http://xest/496 + URI:http://xest/497 + URI:http://xest/498 + URI:http://xest/499 + URI:http://xest/500 + URI:http://xest/501 + URI:http://xest/502 + URI:http://xest/503 + URI:http://xest/504 + URI:http://xest/505 + URI:http://xest/506 + URI:http://xest/507 + URI:http://xest/508 + URI:http://xest/509 + URI:http://xest/510 + URI:http://xest/511 + URI:http://xest/512 + URI:http://xest/513 + URI:http://xest/514 + URI:http://xest/515 + URI:http://xest/516 + URI:http://xest/517 + URI:http://xest/518 + URI:http://xest/519 + URI:http://xest/520 + URI:http://xest/521 + URI:http://xest/522 + URI:http://xest/523 + URI:http://xest/524 + URI:http://xest/525 + URI:http://xest/526 + URI:http://xest/527 + URI:http://xest/528 + URI:http://xest/529 + URI:http://xest/530 + URI:http://xest/531 + URI:http://xest/532 + URI:http://xest/533 + URI:http://xest/534 + URI:http://xest/535 + URI:http://xest/536 + URI:http://xest/537 + URI:http://xest/538 + URI:http://xest/539 + URI:http://xest/540 + URI:http://xest/541 + URI:http://xest/542 + URI:http://xest/543 + URI:http://xest/544 + URI:http://xest/545 + URI:http://xest/546 + URI:http://xest/547 + URI:http://xest/548 + URI:http://xest/549 + URI:http://xest/550 + URI:http://xest/551 + URI:http://xest/552 + URI:http://xest/553 + URI:http://xest/554 + URI:http://xest/555 + URI:http://xest/556 + URI:http://xest/557 + URI:http://xest/558 + URI:http://xest/559 + URI:http://xest/560 + URI:http://xest/561 + URI:http://xest/562 + URI:http://xest/563 + URI:http://xest/564 + URI:http://xest/565 + URI:http://xest/566 + URI:http://xest/567 + URI:http://xest/568 + URI:http://xest/569 + URI:http://xest/570 + URI:http://xest/571 + URI:http://xest/572 + URI:http://xest/573 + URI:http://xest/574 + URI:http://xest/575 + URI:http://xest/576 + URI:http://xest/577 + URI:http://xest/578 + URI:http://xest/579 + URI:http://xest/580 + URI:http://xest/581 + URI:http://xest/582 + URI:http://xest/583 + URI:http://xest/584 + URI:http://xest/585 + URI:http://xest/586 + URI:http://xest/587 + URI:http://xest/588 + URI:http://xest/589 + URI:http://xest/590 + URI:http://xest/591 + URI:http://xest/592 + URI:http://xest/593 + URI:http://xest/594 + URI:http://xest/595 + URI:http://xest/596 + URI:http://xest/597 + URI:http://xest/598 + URI:http://xest/599 + URI:http://xest/600 + URI:http://xest/601 + URI:http://xest/602 + URI:http://xest/603 + URI:http://xest/604 + URI:http://xest/605 + URI:http://xest/606 + URI:http://xest/607 + URI:http://xest/608 + URI:http://xest/609 + URI:http://xest/610 + URI:http://xest/611 + URI:http://xest/612 + URI:http://xest/613 + URI:http://xest/614 + URI:http://xest/615 + URI:http://xest/616 + URI:http://xest/617 + URI:http://xest/618 + URI:http://xest/619 + URI:http://xest/620 + URI:http://xest/621 + URI:http://xest/622 + URI:http://xest/623 + URI:http://xest/624 + URI:http://xest/625 + URI:http://xest/626 + URI:http://xest/627 + URI:http://xest/628 + URI:http://xest/629 + URI:http://xest/630 + URI:http://xest/631 + URI:http://xest/632 + URI:http://xest/633 + URI:http://xest/634 + URI:http://xest/635 + URI:http://xest/636 + URI:http://xest/637 + URI:http://xest/638 + URI:http://xest/639 + URI:http://xest/640 + URI:http://xest/641 + URI:http://xest/642 + URI:http://xest/643 + URI:http://xest/644 + URI:http://xest/645 + URI:http://xest/646 + URI:http://xest/647 + URI:http://xest/648 + URI:http://xest/649 + URI:http://xest/650 + URI:http://xest/651 + URI:http://xest/652 + URI:http://xest/653 + URI:http://xest/654 + URI:http://xest/655 + URI:http://xest/656 + URI:http://xest/657 + URI:http://xest/658 + URI:http://xest/659 + URI:http://xest/660 + URI:http://xest/661 + URI:http://xest/662 + URI:http://xest/663 + URI:http://xest/664 + URI:http://xest/665 + URI:http://xest/666 + URI:http://xest/667 + URI:http://xest/668 + URI:http://xest/669 + URI:http://xest/670 + URI:http://xest/671 + URI:http://xest/672 + URI:http://xest/673 + URI:http://xest/674 + URI:http://xest/675 + URI:http://xest/676 + URI:http://xest/677 + URI:http://xest/678 + URI:http://xest/679 + URI:http://xest/680 + URI:http://xest/681 + URI:http://xest/682 + URI:http://xest/683 + URI:http://xest/684 + URI:http://xest/685 + URI:http://xest/686 + URI:http://xest/687 + URI:http://xest/688 + URI:http://xest/689 + URI:http://xest/690 + URI:http://xest/691 + URI:http://xest/692 + URI:http://xest/693 + URI:http://xest/694 + URI:http://xest/695 + URI:http://xest/696 + URI:http://xest/697 + URI:http://xest/698 + URI:http://xest/699 + URI:http://xest/700 + URI:http://xest/701 + URI:http://xest/702 + URI:http://xest/703 + URI:http://xest/704 + URI:http://xest/705 + URI:http://xest/706 + URI:http://xest/707 + URI:http://xest/708 + URI:http://xest/709 + URI:http://xest/710 + URI:http://xest/711 + URI:http://xest/712 + URI:http://xest/713 + URI:http://xest/714 + URI:http://xest/715 + URI:http://xest/716 + URI:http://xest/717 + URI:http://xest/718 + URI:http://xest/719 + URI:http://xest/720 + URI:http://xest/721 + URI:http://xest/722 + URI:http://xest/723 + URI:http://xest/724 + URI:http://xest/725 + URI:http://xest/726 + URI:http://xest/727 + URI:http://xest/728 + URI:http://xest/729 + URI:http://xest/730 + URI:http://xest/731 + URI:http://xest/732 + URI:http://xest/733 + URI:http://xest/734 + URI:http://xest/735 + URI:http://xest/736 + URI:http://xest/737 + URI:http://xest/738 + URI:http://xest/739 + URI:http://xest/740 + URI:http://xest/741 + URI:http://xest/742 + URI:http://xest/743 + URI:http://xest/744 + URI:http://xest/745 + URI:http://xest/746 + URI:http://xest/747 + URI:http://xest/748 + URI:http://xest/749 + URI:http://xest/750 + URI:http://xest/751 + URI:http://xest/752 + URI:http://xest/753 + URI:http://xest/754 + URI:http://xest/755 + URI:http://xest/756 + URI:http://xest/757 + URI:http://xest/758 + URI:http://xest/759 + URI:http://xest/760 + URI:http://xest/761 + URI:http://xest/762 + URI:http://xest/763 + URI:http://xest/764 + URI:http://xest/765 + URI:http://xest/766 + URI:http://xest/767 + URI:http://xest/768 + URI:http://xest/769 + URI:http://xest/770 + URI:http://xest/771 + URI:http://xest/772 + URI:http://xest/773 + URI:http://xest/774 + URI:http://xest/775 + URI:http://xest/776 + URI:http://xest/777 + URI:http://xest/778 + URI:http://xest/779 + URI:http://xest/780 + URI:http://xest/781 + URI:http://xest/782 + URI:http://xest/783 + URI:http://xest/784 + URI:http://xest/785 + URI:http://xest/786 + URI:http://xest/787 + URI:http://xest/788 + URI:http://xest/789 + URI:http://xest/790 + URI:http://xest/791 + URI:http://xest/792 + URI:http://xest/793 + URI:http://xest/794 + URI:http://xest/795 + URI:http://xest/796 + URI:http://xest/797 + URI:http://xest/798 + URI:http://xest/799 + URI:http://xest/800 + URI:http://xest/801 + URI:http://xest/802 + URI:http://xest/803 + URI:http://xest/804 + URI:http://xest/805 + URI:http://xest/806 + URI:http://xest/807 + URI:http://xest/808 + URI:http://xest/809 + URI:http://xest/810 + URI:http://xest/811 + URI:http://xest/812 + URI:http://xest/813 + URI:http://xest/814 + URI:http://xest/815 + URI:http://xest/816 + URI:http://xest/817 + URI:http://xest/818 + URI:http://xest/819 + URI:http://xest/820 + URI:http://xest/821 + URI:http://xest/822 + URI:http://xest/823 + URI:http://xest/824 + URI:http://xest/825 + URI:http://xest/826 + URI:http://xest/827 + URI:http://xest/828 + URI:http://xest/829 + URI:http://xest/830 + URI:http://xest/831 + URI:http://xest/832 + URI:http://xest/833 + URI:http://xest/834 + URI:http://xest/835 + URI:http://xest/836 + URI:http://xest/837 + URI:http://xest/838 + URI:http://xest/839 + URI:http://xest/840 + URI:http://xest/841 + URI:http://xest/842 + URI:http://xest/843 + URI:http://xest/844 + URI:http://xest/845 + URI:http://xest/846 + URI:http://xest/847 + URI:http://xest/848 + URI:http://xest/849 + URI:http://xest/850 + URI:http://xest/851 + URI:http://xest/852 + URI:http://xest/853 + URI:http://xest/854 + URI:http://xest/855 + URI:http://xest/856 + URI:http://xest/857 + URI:http://xest/858 + URI:http://xest/859 + URI:http://xest/860 + URI:http://xest/861 + URI:http://xest/862 + URI:http://xest/863 + URI:http://xest/864 + URI:http://xest/865 + URI:http://xest/866 + URI:http://xest/867 + URI:http://xest/868 + URI:http://xest/869 + URI:http://xest/870 + URI:http://xest/871 + URI:http://xest/872 + URI:http://xest/873 + URI:http://xest/874 + URI:http://xest/875 + URI:http://xest/876 + URI:http://xest/877 + URI:http://xest/878 + URI:http://xest/879 + URI:http://xest/880 + URI:http://xest/881 + URI:http://xest/882 + URI:http://xest/883 + URI:http://xest/884 + URI:http://xest/885 + URI:http://xest/886 + URI:http://xest/887 + URI:http://xest/888 + URI:http://xest/889 + URI:http://xest/890 + URI:http://xest/891 + URI:http://xest/892 + URI:http://xest/893 + URI:http://xest/894 + URI:http://xest/895 + URI:http://xest/896 + URI:http://xest/897 + URI:http://xest/898 + URI:http://xest/899 + URI:http://xest/900 + URI:http://xest/901 + URI:http://xest/902 + URI:http://xest/903 + URI:http://xest/904 + URI:http://xest/905 + URI:http://xest/906 + URI:http://xest/907 + URI:http://xest/908 + URI:http://xest/909 + URI:http://xest/910 + URI:http://xest/911 + URI:http://xest/912 + URI:http://xest/913 + URI:http://xest/914 + URI:http://xest/915 + URI:http://xest/916 + URI:http://xest/917 + URI:http://xest/918 + URI:http://xest/919 + URI:http://xest/920 + URI:http://xest/921 + URI:http://xest/922 + URI:http://xest/923 + URI:http://xest/924 + URI:http://xest/925 + URI:http://xest/926 + URI:http://xest/927 + URI:http://xest/928 + URI:http://xest/929 + URI:http://xest/930 + URI:http://xest/931 + URI:http://xest/932 + URI:http://xest/933 + URI:http://xest/934 + URI:http://xest/935 + URI:http://xest/936 + URI:http://xest/937 + URI:http://xest/938 + URI:http://xest/939 + URI:http://xest/940 + URI:http://xest/941 + URI:http://xest/942 + URI:http://xest/943 + URI:http://xest/944 + URI:http://xest/945 + URI:http://xest/946 + URI:http://xest/947 + URI:http://xest/948 + URI:http://xest/949 + URI:http://xest/950 + URI:http://xest/951 + URI:http://xest/952 + URI:http://xest/953 + URI:http://xest/954 + URI:http://xest/955 + URI:http://xest/956 + URI:http://xest/957 + URI:http://xest/958 + URI:http://xest/959 + URI:http://xest/960 + URI:http://xest/961 + URI:http://xest/962 + URI:http://xest/963 + URI:http://xest/964 + URI:http://xest/965 + URI:http://xest/966 + URI:http://xest/967 + URI:http://xest/968 + URI:http://xest/969 + URI:http://xest/970 + URI:http://xest/971 + URI:http://xest/972 + URI:http://xest/973 + URI:http://xest/974 + URI:http://xest/975 + URI:http://xest/976 + URI:http://xest/977 + URI:http://xest/978 + URI:http://xest/979 + URI:http://xest/980 + URI:http://xest/981 + URI:http://xest/982 + URI:http://xest/983 + URI:http://xest/984 + URI:http://xest/985 + URI:http://xest/986 + URI:http://xest/987 + URI:http://xest/988 + URI:http://xest/989 + URI:http://xest/990 + URI:http://xest/991 + URI:http://xest/992 + URI:http://xest/993 + URI:http://xest/994 + URI:http://xest/995 + URI:http://xest/996 + URI:http://xest/997 + URI:http://xest/998 + URI:http://xest/999 + URI:http://xest/1000 + URI:http://xest/1001 + URI:http://xest/1002 + URI:http://xest/1003 + URI:http://xest/1004 + URI:http://xest/1005 + URI:http://xest/1006 + URI:http://xest/1007 + URI:http://xest/1008 + URI:http://xest/1009 + URI:http://xest/1010 + URI:http://xest/1011 + URI:http://xest/1012 + URI:http://xest/1013 + URI:http://xest/1014 + URI:http://xest/1015 + URI:http://xest/1016 + URI:http://xest/1017 + URI:http://xest/1018 + URI:http://xest/1019 + URI:http://xest/1020 + URI:http://xest/1021 + URI:http://xest/1022 + URI:http://xest/1023 + URI:http://xest/1024 + + Signature Algorithm: sha256WithRSAEncryption + 37:a8:be:e4:03:62:63:15:b0:fe:be:49:7f:22:5e:7a:f8:b4: + 33:0c:fe:3b:41:0c:99:dc:bd:b0:a3:0c:3a:54:42:27:62:18: + 15:af:e6:d5:91:63:17:1d:1b:3f:ca:f6:2e:2f:6e:71:5e:66: + 86:27:69:91:31:5d:35:85:d4:46:77:69:45:50:05:9c:bc:39: + b8:0f:d0:96:a6:65:02:d3:80:53:ac:58:9c:f3:ec:27:27:b2: + 33:44:51:17:79:90:ea:b1:57:32:f7:e0:58:a4:99:64:78:55: + 61:16:d3:51:62:cf:26:02:8d:7d:df:2d:d8:c3:d2:00:5e:03: + 49:78:20:b7:78:9e:9e:b6:56:e9:48:4d:c5:5a:ea:28:e8:16: + 70:4a:39:bb:1d:88:40:5a:fd:67:82:73:f3:c6:f2:e9:ed:70: + 83:de:72:3f:7d:08:2f:1a:43:4d:c9:b2:e9:ce:e6:43:a9:74: + 25:cd:ba:95:cd:51:97:cb:56:d4:e6:e6:d9:69:0a:5f:48:17: + 2a:3b:41:ac:a5:ec:1f:30:c9:b2:f1:68:8f:a1:0f:1e:7d:9e: + e3:be:bb:8d:cb:6e:41:6a:16:7a:48:f5:ac:14:69:f7:de:63: + fc:94:80:e7:62:da:e6:99:12:ad:f1:d2:5d:76:6b:c3:11:6e: + 55:5d:7e:ec +-----BEGIN CERTIFICATE----- +MILWujCC1aKgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOC1AQwgtQAMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgtM0BgNVHR4EgtMrMILTJ6CCabEwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAqHCAoAAAD/////MAqHCAoAAAH///// +MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoAAAX///// +MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoAAAn///// +MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoAAA3///// +MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoAABH///// +MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoAABX///// +MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoAABn///// +MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoAAB3///// +MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoAACH///// +MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoAACX///// +MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoAACn///// +MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoAAC3///// +MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoAADH///// +MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoAADX///// +MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoAADn///// +MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoAAD3///// +MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoAAEH///// +MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoAAEX///// +MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoAAEn///// +MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoAAE3///// +MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoAAFH///// +MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoAAFX///// +MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoAAFn///// +MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoAAF3///// +MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoAAGH///// +MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoAAGX///// +MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoAAGn///// +MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoAAG3///// +MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoAAHH///// +MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoAAHX///// +MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoAAHn///// +MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoAAH3///// +MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoAAIH///// +MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoAAIX///// +MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoAAIn///// +MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoAAI3///// +MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoAAJH///// +MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoAAJX///// +MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoAAJn///// +MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoAAJ3///// +MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoAAKH///// +MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoAAKX///// +MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoAAKn///// +MAqHCAoAAKr/////MBGkDzANMQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwC +dDEwEaQPMA0xCzAJBgNVBAMMAnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTEL +MAkGA1UEAwwCdDQwEaQPMA0xCzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0 +NjARpA8wDTELMAkGA1UEAwwCdDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQsw +CQYDVQQDDAJ0OTASpBAwDjEMMAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0 +MTEwEqQQMA4xDDAKBgNVBAMMA3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAO +MQwwCgYDVQQDDAN0MTQwEqQQMA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UE +AwwDdDE2MBKkEDAOMQwwCgYDVQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODAS +pBAwDjEMMAoGA1UEAwwDdDE5MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAK +BgNVBAMMA3QyMTASpBAwDjEMMAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0 +MjMwEqQQMA4xDDAKBgNVBAMMA3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAO +MQwwCgYDVQQDDAN0MjYwEqQQMA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UE +AwwDdDI4MBKkEDAOMQwwCgYDVQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDAS +pBAwDjEMMAoGA1UEAwwDdDMxMBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAK +BgNVBAMMA3QzMzASpBAwDjEMMAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0 +MzUwEqQQMA4xDDAKBgNVBAMMA3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAO +MQwwCgYDVQQDDAN0MzgwEqQQMA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UE +AwwDdDQwMBKkEDAOMQwwCgYDVQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjAS +pBAwDjEMMAoGA1UEAwwDdDQzMBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAK +BgNVBAMMA3Q0NTASpBAwDjEMMAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0 +NDcwEqQQMA4xDDAKBgNVBAMMA3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAO +MQwwCgYDVQQDDAN0NTAwEqQQMA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UE +AwwDdDUyMBKkEDAOMQwwCgYDVQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDAS +pBAwDjEMMAoGA1UEAwwDdDU1MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAK +BgNVBAMMA3Q1NzASpBAwDjEMMAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0 +NTkwEqQQMA4xDDAKBgNVBAMMA3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAO +MQwwCgYDVQQDDAN0NjIwEqQQMA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UE +AwwDdDY0MBKkEDAOMQwwCgYDVQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjAS +pBAwDjEMMAoGA1UEAwwDdDY3MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAK +BgNVBAMMA3Q2OTASpBAwDjEMMAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0 +NzEwEqQQMA4xDDAKBgNVBAMMA3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAO +MQwwCgYDVQQDDAN0NzQwEqQQMA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UE +AwwDdDc2MBKkEDAOMQwwCgYDVQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODAS +pBAwDjEMMAoGA1UEAwwDdDc5MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAK +BgNVBAMMA3Q4MTASpBAwDjEMMAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0 +ODMwEqQQMA4xDDAKBgNVBAMMA3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAO +MQwwCgYDVQQDDAN0ODYwEqQQMA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UE +AwwDdDg4MBKkEDAOMQwwCgYDVQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDAS +pBAwDjEMMAoGA1UEAwwDdDkxMBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAK +BgNVBAMMA3Q5MzASpBAwDjEMMAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0 +OTUwEqQQMA4xDDAKBgNVBAMMA3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAO +MQwwCgYDVQQDDAN0OTgwEqQQMA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UE +AwwEdDEwMDATpBEwDzENMAsGA1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEw +MjATpBEwDzENMAsGA1UEAwwEdDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEw +DzENMAsGA1UEAwwEdDEwNTATpBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsG +A1UEAwwEdDEwNzATpBEwDzENMAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwE +dDEwOTATpBEwDzENMAsGA1UEAwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTAT +pBEwDzENMAsGA1UEAwwEdDExMjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzEN +MAsGA1UEAwwEdDExNDATpBEwDzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UE +AwwEdDExNjATpBEwDzENMAsGA1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDEx +ODATpBEwDzENMAsGA1UEAwwEdDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEw +DzENMAsGA1UEAwwEdDEyMTATpBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsG +A1UEAwwEdDEyMzATpBEwDzENMAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwE +dDEyNTATpBEwDzENMAsGA1UEAwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzAT +pBEwDzENMAsGA1UEAwwEdDEyODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzEN +MAsGA1UEAwwEdDEzMDATpBEwDzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UE +AwwEdDEzMjATpBEwDzENMAsGA1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEz +NDATpBEwDzENMAsGA1UEAwwEdDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEw +DzENMAsGA1UEAwwEdDEzNzATpBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsG +A1UEAwwEdDEzOTATpBEwDzENMAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwE +dDE0MTATpBEwDzENMAsGA1UEAwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzAT +pBEwDzENMAsGA1UEAwwEdDE0NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzEN +MAsGA1UEAwwEdDE0NjATpBEwDzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UE +AwwEdDE0ODATpBEwDzENMAsGA1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1 +MDATpBEwDzENMAsGA1UEAwwEdDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEw +DzENMAsGA1UEAwwEdDE1MzATpBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsG +A1UEAwwEdDE1NTATpBEwDzENMAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwE +dDE1NzATpBEwDzENMAsGA1UEAwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTAT +pBEwDzENMAsGA1UEAwwEdDE2MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzEN +MAsGA1UEAwwEdDE2MjATpBEwDzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UE +AwwEdDE2NDATpBEwDzENMAsGA1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2 +NjATpBEwDzENMAsGA1UEAwwEdDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEw +DzENMAsGA1UEAwwEdDE2OTATpBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsG +A1UEAwwEdDE3MTAPhg1odHRwOi8vdGVzdC8wMA+GDWh0dHA6Ly90ZXN0LzEwD4YN +aHR0cDovL3Rlc3QvMjAPhg1odHRwOi8vdGVzdC8zMA+GDWh0dHA6Ly90ZXN0LzQw +D4YNaHR0cDovL3Rlc3QvNTAPhg1odHRwOi8vdGVzdC82MA+GDWh0dHA6Ly90ZXN0 +LzcwD4YNaHR0cDovL3Rlc3QvODAPhg1odHRwOi8vdGVzdC85MBCGDmh0dHA6Ly90 +ZXN0LzEwMBCGDmh0dHA6Ly90ZXN0LzExMBCGDmh0dHA6Ly90ZXN0LzEyMBCGDmh0 +dHA6Ly90ZXN0LzEzMBCGDmh0dHA6Ly90ZXN0LzE0MBCGDmh0dHA6Ly90ZXN0LzE1 +MBCGDmh0dHA6Ly90ZXN0LzE2MBCGDmh0dHA6Ly90ZXN0LzE3MBCGDmh0dHA6Ly90 +ZXN0LzE4MBCGDmh0dHA6Ly90ZXN0LzE5MBCGDmh0dHA6Ly90ZXN0LzIwMBCGDmh0 +dHA6Ly90ZXN0LzIxMBCGDmh0dHA6Ly90ZXN0LzIyMBCGDmh0dHA6Ly90ZXN0LzIz +MBCGDmh0dHA6Ly90ZXN0LzI0MBCGDmh0dHA6Ly90ZXN0LzI1MBCGDmh0dHA6Ly90 +ZXN0LzI2MBCGDmh0dHA6Ly90ZXN0LzI3MBCGDmh0dHA6Ly90ZXN0LzI4MBCGDmh0 +dHA6Ly90ZXN0LzI5MBCGDmh0dHA6Ly90ZXN0LzMwMBCGDmh0dHA6Ly90ZXN0LzMx +MBCGDmh0dHA6Ly90ZXN0LzMyMBCGDmh0dHA6Ly90ZXN0LzMzMBCGDmh0dHA6Ly90 +ZXN0LzM0MBCGDmh0dHA6Ly90ZXN0LzM1MBCGDmh0dHA6Ly90ZXN0LzM2MBCGDmh0 +dHA6Ly90ZXN0LzM3MBCGDmh0dHA6Ly90ZXN0LzM4MBCGDmh0dHA6Ly90ZXN0LzM5 +MBCGDmh0dHA6Ly90ZXN0LzQwMBCGDmh0dHA6Ly90ZXN0LzQxMBCGDmh0dHA6Ly90 +ZXN0LzQyMBCGDmh0dHA6Ly90ZXN0LzQzMBCGDmh0dHA6Ly90ZXN0LzQ0MBCGDmh0 +dHA6Ly90ZXN0LzQ1MBCGDmh0dHA6Ly90ZXN0LzQ2MBCGDmh0dHA6Ly90ZXN0LzQ3 +MBCGDmh0dHA6Ly90ZXN0LzQ4MBCGDmh0dHA6Ly90ZXN0LzQ5MBCGDmh0dHA6Ly90 +ZXN0LzUwMBCGDmh0dHA6Ly90ZXN0LzUxMBCGDmh0dHA6Ly90ZXN0LzUyMBCGDmh0 +dHA6Ly90ZXN0LzUzMBCGDmh0dHA6Ly90ZXN0LzU0MBCGDmh0dHA6Ly90ZXN0LzU1 +MBCGDmh0dHA6Ly90ZXN0LzU2MBCGDmh0dHA6Ly90ZXN0LzU3MBCGDmh0dHA6Ly90 +ZXN0LzU4MBCGDmh0dHA6Ly90ZXN0LzU5MBCGDmh0dHA6Ly90ZXN0LzYwMBCGDmh0 +dHA6Ly90ZXN0LzYxMBCGDmh0dHA6Ly90ZXN0LzYyMBCGDmh0dHA6Ly90ZXN0LzYz +MBCGDmh0dHA6Ly90ZXN0LzY0MBCGDmh0dHA6Ly90ZXN0LzY1MBCGDmh0dHA6Ly90 +ZXN0LzY2MBCGDmh0dHA6Ly90ZXN0LzY3MBCGDmh0dHA6Ly90ZXN0LzY4MBCGDmh0 +dHA6Ly90ZXN0LzY5MBCGDmh0dHA6Ly90ZXN0LzcwMBCGDmh0dHA6Ly90ZXN0Lzcx +MBCGDmh0dHA6Ly90ZXN0LzcyMBCGDmh0dHA6Ly90ZXN0LzczMBCGDmh0dHA6Ly90 +ZXN0Lzc0MBCGDmh0dHA6Ly90ZXN0Lzc1MBCGDmh0dHA6Ly90ZXN0Lzc2MBCGDmh0 +dHA6Ly90ZXN0Lzc3MBCGDmh0dHA6Ly90ZXN0Lzc4MBCGDmh0dHA6Ly90ZXN0Lzc5 +MBCGDmh0dHA6Ly90ZXN0LzgwMBCGDmh0dHA6Ly90ZXN0LzgxMBCGDmh0dHA6Ly90 +ZXN0LzgyMBCGDmh0dHA6Ly90ZXN0LzgzMBCGDmh0dHA6Ly90ZXN0Lzg0MBCGDmh0 +dHA6Ly90ZXN0Lzg1MBCGDmh0dHA6Ly90ZXN0Lzg2MBCGDmh0dHA6Ly90ZXN0Lzg3 +MBCGDmh0dHA6Ly90ZXN0Lzg4MBCGDmh0dHA6Ly90ZXN0Lzg5MBCGDmh0dHA6Ly90 +ZXN0LzkwMBCGDmh0dHA6Ly90ZXN0LzkxMBCGDmh0dHA6Ly90ZXN0LzkyMBCGDmh0 +dHA6Ly90ZXN0LzkzMBCGDmh0dHA6Ly90ZXN0Lzk0MBCGDmh0dHA6Ly90ZXN0Lzk1 +MBCGDmh0dHA6Ly90ZXN0Lzk2MBCGDmh0dHA6Ly90ZXN0Lzk3MBCGDmh0dHA6Ly90 +ZXN0Lzk4MBCGDmh0dHA6Ly90ZXN0Lzk5MBGGD2h0dHA6Ly90ZXN0LzEwMDARhg9o +dHRwOi8vdGVzdC8xMDEwEYYPaHR0cDovL3Rlc3QvMTAyMBGGD2h0dHA6Ly90ZXN0 +LzEwMzARhg9odHRwOi8vdGVzdC8xMDQwEYYPaHR0cDovL3Rlc3QvMTA1MBGGD2h0 +dHA6Ly90ZXN0LzEwNjARhg9odHRwOi8vdGVzdC8xMDcwEYYPaHR0cDovL3Rlc3Qv +MTA4MBGGD2h0dHA6Ly90ZXN0LzEwOTARhg9odHRwOi8vdGVzdC8xMTAwEYYPaHR0 +cDovL3Rlc3QvMTExMBGGD2h0dHA6Ly90ZXN0LzExMjARhg9odHRwOi8vdGVzdC8x +MTMwEYYPaHR0cDovL3Rlc3QvMTE0MBGGD2h0dHA6Ly90ZXN0LzExNTARhg9odHRw +Oi8vdGVzdC8xMTYwEYYPaHR0cDovL3Rlc3QvMTE3MBGGD2h0dHA6Ly90ZXN0LzEx +ODARhg9odHRwOi8vdGVzdC8xMTkwEYYPaHR0cDovL3Rlc3QvMTIwMBGGD2h0dHA6 +Ly90ZXN0LzEyMTARhg9odHRwOi8vdGVzdC8xMjIwEYYPaHR0cDovL3Rlc3QvMTIz +MBGGD2h0dHA6Ly90ZXN0LzEyNDARhg9odHRwOi8vdGVzdC8xMjUwEYYPaHR0cDov +L3Rlc3QvMTI2MBGGD2h0dHA6Ly90ZXN0LzEyNzARhg9odHRwOi8vdGVzdC8xMjgw +EYYPaHR0cDovL3Rlc3QvMTI5MBGGD2h0dHA6Ly90ZXN0LzEzMDARhg9odHRwOi8v +dGVzdC8xMzEwEYYPaHR0cDovL3Rlc3QvMTMyMBGGD2h0dHA6Ly90ZXN0LzEzMzAR +hg9odHRwOi8vdGVzdC8xMzQwEYYPaHR0cDovL3Rlc3QvMTM1MBGGD2h0dHA6Ly90 +ZXN0LzEzNjARhg9odHRwOi8vdGVzdC8xMzcwEYYPaHR0cDovL3Rlc3QvMTM4MBGG +D2h0dHA6Ly90ZXN0LzEzOTARhg9odHRwOi8vdGVzdC8xNDAwEYYPaHR0cDovL3Rl +c3QvMTQxMBGGD2h0dHA6Ly90ZXN0LzE0MjARhg9odHRwOi8vdGVzdC8xNDMwEYYP +aHR0cDovL3Rlc3QvMTQ0MBGGD2h0dHA6Ly90ZXN0LzE0NTARhg9odHRwOi8vdGVz +dC8xNDYwEYYPaHR0cDovL3Rlc3QvMTQ3MBGGD2h0dHA6Ly90ZXN0LzE0ODARhg9o +dHRwOi8vdGVzdC8xNDkwEYYPaHR0cDovL3Rlc3QvMTUwMBGGD2h0dHA6Ly90ZXN0 +LzE1MTARhg9odHRwOi8vdGVzdC8xNTIwEYYPaHR0cDovL3Rlc3QvMTUzMBGGD2h0 +dHA6Ly90ZXN0LzE1NDARhg9odHRwOi8vdGVzdC8xNTUwEYYPaHR0cDovL3Rlc3Qv +MTU2MBGGD2h0dHA6Ly90ZXN0LzE1NzARhg9odHRwOi8vdGVzdC8xNTgwEYYPaHR0 +cDovL3Rlc3QvMTU5MBGGD2h0dHA6Ly90ZXN0LzE2MDARhg9odHRwOi8vdGVzdC8x +NjEwEYYPaHR0cDovL3Rlc3QvMTYyMBGGD2h0dHA6Ly90ZXN0LzE2MzARhg9odHRw +Oi8vdGVzdC8xNjQwEYYPaHR0cDovL3Rlc3QvMTY1MBGGD2h0dHA6Ly90ZXN0LzE2 +NjARhg9odHRwOi8vdGVzdC8xNjcwEYYPaHR0cDovL3Rlc3QvMTY4MBGGD2h0dHA6 +Ly90ZXN0LzE2OTARhg9odHRwOi8vdGVzdC8xNzAwEYYPaHR0cDovL3Rlc3QvMTcx +MBGGD2h0dHA6Ly90ZXN0LzE3MjARhg9odHRwOi8vdGVzdC8xNzMwEYYPaHR0cDov +L3Rlc3QvMTc0MBGGD2h0dHA6Ly90ZXN0LzE3NTARhg9odHRwOi8vdGVzdC8xNzYw +EYYPaHR0cDovL3Rlc3QvMTc3MBGGD2h0dHA6Ly90ZXN0LzE3ODARhg9odHRwOi8v +dGVzdC8xNzkwEYYPaHR0cDovL3Rlc3QvMTgwMBGGD2h0dHA6Ly90ZXN0LzE4MTAR +hg9odHRwOi8vdGVzdC8xODIwEYYPaHR0cDovL3Rlc3QvMTgzMBGGD2h0dHA6Ly90 +ZXN0LzE4NDARhg9odHRwOi8vdGVzdC8xODUwEYYPaHR0cDovL3Rlc3QvMTg2MBGG +D2h0dHA6Ly90ZXN0LzE4NzARhg9odHRwOi8vdGVzdC8xODgwEYYPaHR0cDovL3Rl +c3QvMTg5MBGGD2h0dHA6Ly90ZXN0LzE5MDARhg9odHRwOi8vdGVzdC8xOTEwEYYP +aHR0cDovL3Rlc3QvMTkyMBGGD2h0dHA6Ly90ZXN0LzE5MzARhg9odHRwOi8vdGVz +dC8xOTQwEYYPaHR0cDovL3Rlc3QvMTk1MBGGD2h0dHA6Ly90ZXN0LzE5NjARhg9o +dHRwOi8vdGVzdC8xOTcwEYYPaHR0cDovL3Rlc3QvMTk4MBGGD2h0dHA6Ly90ZXN0 +LzE5OTARhg9odHRwOi8vdGVzdC8yMDAwEYYPaHR0cDovL3Rlc3QvMjAxMBGGD2h0 +dHA6Ly90ZXN0LzIwMjARhg9odHRwOi8vdGVzdC8yMDMwEYYPaHR0cDovL3Rlc3Qv +MjA0MBGGD2h0dHA6Ly90ZXN0LzIwNTARhg9odHRwOi8vdGVzdC8yMDYwEYYPaHR0 +cDovL3Rlc3QvMjA3MBGGD2h0dHA6Ly90ZXN0LzIwODARhg9odHRwOi8vdGVzdC8y +MDkwEYYPaHR0cDovL3Rlc3QvMjEwMBGGD2h0dHA6Ly90ZXN0LzIxMTARhg9odHRw +Oi8vdGVzdC8yMTIwEYYPaHR0cDovL3Rlc3QvMjEzMBGGD2h0dHA6Ly90ZXN0LzIx +NDARhg9odHRwOi8vdGVzdC8yMTUwEYYPaHR0cDovL3Rlc3QvMjE2MBGGD2h0dHA6 +Ly90ZXN0LzIxNzARhg9odHRwOi8vdGVzdC8yMTgwEYYPaHR0cDovL3Rlc3QvMjE5 +MBGGD2h0dHA6Ly90ZXN0LzIyMDARhg9odHRwOi8vdGVzdC8yMjEwEYYPaHR0cDov +L3Rlc3QvMjIyMBGGD2h0dHA6Ly90ZXN0LzIyMzARhg9odHRwOi8vdGVzdC8yMjQw +EYYPaHR0cDovL3Rlc3QvMjI1MBGGD2h0dHA6Ly90ZXN0LzIyNjARhg9odHRwOi8v +dGVzdC8yMjcwEYYPaHR0cDovL3Rlc3QvMjI4MBGGD2h0dHA6Ly90ZXN0LzIyOTAR +hg9odHRwOi8vdGVzdC8yMzAwEYYPaHR0cDovL3Rlc3QvMjMxMBGGD2h0dHA6Ly90 +ZXN0LzIzMjARhg9odHRwOi8vdGVzdC8yMzMwEYYPaHR0cDovL3Rlc3QvMjM0MBGG +D2h0dHA6Ly90ZXN0LzIzNTARhg9odHRwOi8vdGVzdC8yMzYwEYYPaHR0cDovL3Rl +c3QvMjM3MBGGD2h0dHA6Ly90ZXN0LzIzODARhg9odHRwOi8vdGVzdC8yMzkwEYYP +aHR0cDovL3Rlc3QvMjQwMBGGD2h0dHA6Ly90ZXN0LzI0MTARhg9odHRwOi8vdGVz +dC8yNDIwEYYPaHR0cDovL3Rlc3QvMjQzMBGGD2h0dHA6Ly90ZXN0LzI0NDARhg9o +dHRwOi8vdGVzdC8yNDUwEYYPaHR0cDovL3Rlc3QvMjQ2MBGGD2h0dHA6Ly90ZXN0 +LzI0NzARhg9odHRwOi8vdGVzdC8yNDgwEYYPaHR0cDovL3Rlc3QvMjQ5MBGGD2h0 +dHA6Ly90ZXN0LzI1MDARhg9odHRwOi8vdGVzdC8yNTEwEYYPaHR0cDovL3Rlc3Qv +MjUyMBGGD2h0dHA6Ly90ZXN0LzI1MzARhg9odHRwOi8vdGVzdC8yNTQwEYYPaHR0 +cDovL3Rlc3QvMjU1MBGGD2h0dHA6Ly90ZXN0LzI1NjARhg9odHRwOi8vdGVzdC8y +NTcwEYYPaHR0cDovL3Rlc3QvMjU4MBGGD2h0dHA6Ly90ZXN0LzI1OTARhg9odHRw +Oi8vdGVzdC8yNjAwEYYPaHR0cDovL3Rlc3QvMjYxMBGGD2h0dHA6Ly90ZXN0LzI2 +MjARhg9odHRwOi8vdGVzdC8yNjMwEYYPaHR0cDovL3Rlc3QvMjY0MBGGD2h0dHA6 +Ly90ZXN0LzI2NTARhg9odHRwOi8vdGVzdC8yNjYwEYYPaHR0cDovL3Rlc3QvMjY3 +MBGGD2h0dHA6Ly90ZXN0LzI2ODARhg9odHRwOi8vdGVzdC8yNjkwEYYPaHR0cDov +L3Rlc3QvMjcwMBGGD2h0dHA6Ly90ZXN0LzI3MTARhg9odHRwOi8vdGVzdC8yNzIw +EYYPaHR0cDovL3Rlc3QvMjczMBGGD2h0dHA6Ly90ZXN0LzI3NDARhg9odHRwOi8v +dGVzdC8yNzUwEYYPaHR0cDovL3Rlc3QvMjc2MBGGD2h0dHA6Ly90ZXN0LzI3NzAR +hg9odHRwOi8vdGVzdC8yNzgwEYYPaHR0cDovL3Rlc3QvMjc5MBGGD2h0dHA6Ly90 +ZXN0LzI4MDARhg9odHRwOi8vdGVzdC8yODEwEYYPaHR0cDovL3Rlc3QvMjgyMBGG +D2h0dHA6Ly90ZXN0LzI4MzARhg9odHRwOi8vdGVzdC8yODQwEYYPaHR0cDovL3Rl +c3QvMjg1MBGGD2h0dHA6Ly90ZXN0LzI4NjARhg9odHRwOi8vdGVzdC8yODcwEYYP +aHR0cDovL3Rlc3QvMjg4MBGGD2h0dHA6Ly90ZXN0LzI4OTARhg9odHRwOi8vdGVz +dC8yOTAwEYYPaHR0cDovL3Rlc3QvMjkxMBGGD2h0dHA6Ly90ZXN0LzI5MjARhg9o +dHRwOi8vdGVzdC8yOTMwEYYPaHR0cDovL3Rlc3QvMjk0MBGGD2h0dHA6Ly90ZXN0 +LzI5NTARhg9odHRwOi8vdGVzdC8yOTYwEYYPaHR0cDovL3Rlc3QvMjk3MBGGD2h0 +dHA6Ly90ZXN0LzI5ODARhg9odHRwOi8vdGVzdC8yOTkwEYYPaHR0cDovL3Rlc3Qv +MzAwMBGGD2h0dHA6Ly90ZXN0LzMwMTARhg9odHRwOi8vdGVzdC8zMDIwEYYPaHR0 +cDovL3Rlc3QvMzAzMBGGD2h0dHA6Ly90ZXN0LzMwNDARhg9odHRwOi8vdGVzdC8z +MDUwEYYPaHR0cDovL3Rlc3QvMzA2MBGGD2h0dHA6Ly90ZXN0LzMwNzARhg9odHRw +Oi8vdGVzdC8zMDgwEYYPaHR0cDovL3Rlc3QvMzA5MBGGD2h0dHA6Ly90ZXN0LzMx +MDARhg9odHRwOi8vdGVzdC8zMTEwEYYPaHR0cDovL3Rlc3QvMzEyMBGGD2h0dHA6 +Ly90ZXN0LzMxMzARhg9odHRwOi8vdGVzdC8zMTQwEYYPaHR0cDovL3Rlc3QvMzE1 +MBGGD2h0dHA6Ly90ZXN0LzMxNjARhg9odHRwOi8vdGVzdC8zMTcwEYYPaHR0cDov +L3Rlc3QvMzE4MBGGD2h0dHA6Ly90ZXN0LzMxOTARhg9odHRwOi8vdGVzdC8zMjAw +EYYPaHR0cDovL3Rlc3QvMzIxMBGGD2h0dHA6Ly90ZXN0LzMyMjARhg9odHRwOi8v +dGVzdC8zMjMwEYYPaHR0cDovL3Rlc3QvMzI0MBGGD2h0dHA6Ly90ZXN0LzMyNTAR +hg9odHRwOi8vdGVzdC8zMjYwEYYPaHR0cDovL3Rlc3QvMzI3MBGGD2h0dHA6Ly90 +ZXN0LzMyODARhg9odHRwOi8vdGVzdC8zMjkwEYYPaHR0cDovL3Rlc3QvMzMwMBGG +D2h0dHA6Ly90ZXN0LzMzMTARhg9odHRwOi8vdGVzdC8zMzIwEYYPaHR0cDovL3Rl +c3QvMzMzMBGGD2h0dHA6Ly90ZXN0LzMzNDARhg9odHRwOi8vdGVzdC8zMzUwEYYP +aHR0cDovL3Rlc3QvMzM2MBGGD2h0dHA6Ly90ZXN0LzMzNzARhg9odHRwOi8vdGVz +dC8zMzgwEYYPaHR0cDovL3Rlc3QvMzM5MBGGD2h0dHA6Ly90ZXN0LzM0MDARhg9o +dHRwOi8vdGVzdC8zNDEwEYYPaHR0cDovL3Rlc3QvMzQyMBGGD2h0dHA6Ly90ZXN0 +LzM0MzARhg9odHRwOi8vdGVzdC8zNDQwEYYPaHR0cDovL3Rlc3QvMzQ1MBGGD2h0 +dHA6Ly90ZXN0LzM0NjARhg9odHRwOi8vdGVzdC8zNDcwEYYPaHR0cDovL3Rlc3Qv +MzQ4MBGGD2h0dHA6Ly90ZXN0LzM0OTARhg9odHRwOi8vdGVzdC8zNTAwEYYPaHR0 +cDovL3Rlc3QvMzUxMBGGD2h0dHA6Ly90ZXN0LzM1MjARhg9odHRwOi8vdGVzdC8z +NTMwEYYPaHR0cDovL3Rlc3QvMzU0MBGGD2h0dHA6Ly90ZXN0LzM1NTARhg9odHRw +Oi8vdGVzdC8zNTYwEYYPaHR0cDovL3Rlc3QvMzU3MBGGD2h0dHA6Ly90ZXN0LzM1 +ODARhg9odHRwOi8vdGVzdC8zNTkwEYYPaHR0cDovL3Rlc3QvMzYwMBGGD2h0dHA6 +Ly90ZXN0LzM2MTARhg9odHRwOi8vdGVzdC8zNjIwEYYPaHR0cDovL3Rlc3QvMzYz +MBGGD2h0dHA6Ly90ZXN0LzM2NDARhg9odHRwOi8vdGVzdC8zNjUwEYYPaHR0cDov +L3Rlc3QvMzY2MBGGD2h0dHA6Ly90ZXN0LzM2NzARhg9odHRwOi8vdGVzdC8zNjgw +EYYPaHR0cDovL3Rlc3QvMzY5MBGGD2h0dHA6Ly90ZXN0LzM3MDARhg9odHRwOi8v +dGVzdC8zNzEwEYYPaHR0cDovL3Rlc3QvMzcyMBGGD2h0dHA6Ly90ZXN0LzM3MzAR +hg9odHRwOi8vdGVzdC8zNzQwEYYPaHR0cDovL3Rlc3QvMzc1MBGGD2h0dHA6Ly90 +ZXN0LzM3NjARhg9odHRwOi8vdGVzdC8zNzcwEYYPaHR0cDovL3Rlc3QvMzc4MBGG +D2h0dHA6Ly90ZXN0LzM3OTARhg9odHRwOi8vdGVzdC8zODAwEYYPaHR0cDovL3Rl +c3QvMzgxMBGGD2h0dHA6Ly90ZXN0LzM4MjARhg9odHRwOi8vdGVzdC8zODMwEYYP +aHR0cDovL3Rlc3QvMzg0MBGGD2h0dHA6Ly90ZXN0LzM4NTARhg9odHRwOi8vdGVz +dC8zODYwEYYPaHR0cDovL3Rlc3QvMzg3MBGGD2h0dHA6Ly90ZXN0LzM4ODARhg9o +dHRwOi8vdGVzdC8zODkwEYYPaHR0cDovL3Rlc3QvMzkwMBGGD2h0dHA6Ly90ZXN0 +LzM5MTARhg9odHRwOi8vdGVzdC8zOTIwEYYPaHR0cDovL3Rlc3QvMzkzMBGGD2h0 +dHA6Ly90ZXN0LzM5NDARhg9odHRwOi8vdGVzdC8zOTUwEYYPaHR0cDovL3Rlc3Qv +Mzk2MBGGD2h0dHA6Ly90ZXN0LzM5NzARhg9odHRwOi8vdGVzdC8zOTgwEYYPaHR0 +cDovL3Rlc3QvMzk5MBGGD2h0dHA6Ly90ZXN0LzQwMDARhg9odHRwOi8vdGVzdC80 +MDEwEYYPaHR0cDovL3Rlc3QvNDAyMBGGD2h0dHA6Ly90ZXN0LzQwMzARhg9odHRw +Oi8vdGVzdC80MDQwEYYPaHR0cDovL3Rlc3QvNDA1MBGGD2h0dHA6Ly90ZXN0LzQw +NjARhg9odHRwOi8vdGVzdC80MDcwEYYPaHR0cDovL3Rlc3QvNDA4MBGGD2h0dHA6 +Ly90ZXN0LzQwOTARhg9odHRwOi8vdGVzdC80MTAwEYYPaHR0cDovL3Rlc3QvNDEx +MBGGD2h0dHA6Ly90ZXN0LzQxMjARhg9odHRwOi8vdGVzdC80MTMwEYYPaHR0cDov +L3Rlc3QvNDE0MBGGD2h0dHA6Ly90ZXN0LzQxNTARhg9odHRwOi8vdGVzdC80MTYw +EYYPaHR0cDovL3Rlc3QvNDE3MBGGD2h0dHA6Ly90ZXN0LzQxODARhg9odHRwOi8v +dGVzdC80MTkwEYYPaHR0cDovL3Rlc3QvNDIwMBGGD2h0dHA6Ly90ZXN0LzQyMTAR +hg9odHRwOi8vdGVzdC80MjIwEYYPaHR0cDovL3Rlc3QvNDIzMBGGD2h0dHA6Ly90 +ZXN0LzQyNDARhg9odHRwOi8vdGVzdC80MjUwEYYPaHR0cDovL3Rlc3QvNDI2MBGG +D2h0dHA6Ly90ZXN0LzQyNzARhg9odHRwOi8vdGVzdC80MjgwEYYPaHR0cDovL3Rl +c3QvNDI5MBGGD2h0dHA6Ly90ZXN0LzQzMDARhg9odHRwOi8vdGVzdC80MzEwEYYP +aHR0cDovL3Rlc3QvNDMyMBGGD2h0dHA6Ly90ZXN0LzQzMzARhg9odHRwOi8vdGVz +dC80MzQwEYYPaHR0cDovL3Rlc3QvNDM1MBGGD2h0dHA6Ly90ZXN0LzQzNjARhg9o +dHRwOi8vdGVzdC80MzcwEYYPaHR0cDovL3Rlc3QvNDM4MBGGD2h0dHA6Ly90ZXN0 +LzQzOTARhg9odHRwOi8vdGVzdC80NDAwEYYPaHR0cDovL3Rlc3QvNDQxMBGGD2h0 +dHA6Ly90ZXN0LzQ0MjARhg9odHRwOi8vdGVzdC80NDMwEYYPaHR0cDovL3Rlc3Qv +NDQ0MBGGD2h0dHA6Ly90ZXN0LzQ0NTARhg9odHRwOi8vdGVzdC80NDYwEYYPaHR0 +cDovL3Rlc3QvNDQ3MBGGD2h0dHA6Ly90ZXN0LzQ0ODARhg9odHRwOi8vdGVzdC80 +NDkwEYYPaHR0cDovL3Rlc3QvNDUwMBGGD2h0dHA6Ly90ZXN0LzQ1MTARhg9odHRw +Oi8vdGVzdC80NTIwEYYPaHR0cDovL3Rlc3QvNDUzMBGGD2h0dHA6Ly90ZXN0LzQ1 +NDARhg9odHRwOi8vdGVzdC80NTUwEYYPaHR0cDovL3Rlc3QvNDU2MBGGD2h0dHA6 +Ly90ZXN0LzQ1NzARhg9odHRwOi8vdGVzdC80NTgwEYYPaHR0cDovL3Rlc3QvNDU5 +MBGGD2h0dHA6Ly90ZXN0LzQ2MDARhg9odHRwOi8vdGVzdC80NjEwEYYPaHR0cDov +L3Rlc3QvNDYyMBGGD2h0dHA6Ly90ZXN0LzQ2MzARhg9odHRwOi8vdGVzdC80NjQw +EYYPaHR0cDovL3Rlc3QvNDY1MBGGD2h0dHA6Ly90ZXN0LzQ2NjARhg9odHRwOi8v +dGVzdC80NjcwEYYPaHR0cDovL3Rlc3QvNDY4MBGGD2h0dHA6Ly90ZXN0LzQ2OTAR +hg9odHRwOi8vdGVzdC80NzAwEYYPaHR0cDovL3Rlc3QvNDcxMBGGD2h0dHA6Ly90 +ZXN0LzQ3MjARhg9odHRwOi8vdGVzdC80NzMwEYYPaHR0cDovL3Rlc3QvNDc0MBGG +D2h0dHA6Ly90ZXN0LzQ3NTARhg9odHRwOi8vdGVzdC80NzYwEYYPaHR0cDovL3Rl +c3QvNDc3MBGGD2h0dHA6Ly90ZXN0LzQ3ODARhg9odHRwOi8vdGVzdC80NzkwEYYP +aHR0cDovL3Rlc3QvNDgwMBGGD2h0dHA6Ly90ZXN0LzQ4MTARhg9odHRwOi8vdGVz +dC80ODIwEYYPaHR0cDovL3Rlc3QvNDgzMBGGD2h0dHA6Ly90ZXN0LzQ4NDARhg9o +dHRwOi8vdGVzdC80ODUwEYYPaHR0cDovL3Rlc3QvNDg2MBGGD2h0dHA6Ly90ZXN0 +LzQ4NzARhg9odHRwOi8vdGVzdC80ODgwEYYPaHR0cDovL3Rlc3QvNDg5MBGGD2h0 +dHA6Ly90ZXN0LzQ5MDARhg9odHRwOi8vdGVzdC80OTEwEYYPaHR0cDovL3Rlc3Qv +NDkyMBGGD2h0dHA6Ly90ZXN0LzQ5MzARhg9odHRwOi8vdGVzdC80OTQwEYYPaHR0 +cDovL3Rlc3QvNDk1MBGGD2h0dHA6Ly90ZXN0LzQ5NjARhg9odHRwOi8vdGVzdC80 +OTcwEYYPaHR0cDovL3Rlc3QvNDk4MBGGD2h0dHA6Ly90ZXN0LzQ5OTARhg9odHRw +Oi8vdGVzdC81MDAwEYYPaHR0cDovL3Rlc3QvNTAxMBGGD2h0dHA6Ly90ZXN0LzUw +MjARhg9odHRwOi8vdGVzdC81MDMwEYYPaHR0cDovL3Rlc3QvNTA0MBGGD2h0dHA6 +Ly90ZXN0LzUwNTARhg9odHRwOi8vdGVzdC81MDYwEYYPaHR0cDovL3Rlc3QvNTA3 +MBGGD2h0dHA6Ly90ZXN0LzUwODARhg9odHRwOi8vdGVzdC81MDkwEYYPaHR0cDov +L3Rlc3QvNTEwMBGGD2h0dHA6Ly90ZXN0LzUxMTARhg9odHRwOi8vdGVzdC81MTIw +EYYPaHR0cDovL3Rlc3QvNTEzMBGGD2h0dHA6Ly90ZXN0LzUxNDARhg9odHRwOi8v +dGVzdC81MTUwEYYPaHR0cDovL3Rlc3QvNTE2MBGGD2h0dHA6Ly90ZXN0LzUxNzAR +hg9odHRwOi8vdGVzdC81MTgwEYYPaHR0cDovL3Rlc3QvNTE5MBGGD2h0dHA6Ly90 +ZXN0LzUyMDARhg9odHRwOi8vdGVzdC81MjEwEYYPaHR0cDovL3Rlc3QvNTIyMBGG +D2h0dHA6Ly90ZXN0LzUyMzARhg9odHRwOi8vdGVzdC81MjQwEYYPaHR0cDovL3Rl +c3QvNTI1MBGGD2h0dHA6Ly90ZXN0LzUyNjARhg9odHRwOi8vdGVzdC81MjcwEYYP +aHR0cDovL3Rlc3QvNTI4MBGGD2h0dHA6Ly90ZXN0LzUyOTARhg9odHRwOi8vdGVz +dC81MzAwEYYPaHR0cDovL3Rlc3QvNTMxMBGGD2h0dHA6Ly90ZXN0LzUzMjARhg9o +dHRwOi8vdGVzdC81MzMwEYYPaHR0cDovL3Rlc3QvNTM0MBGGD2h0dHA6Ly90ZXN0 +LzUzNTARhg9odHRwOi8vdGVzdC81MzYwEYYPaHR0cDovL3Rlc3QvNTM3MBGGD2h0 +dHA6Ly90ZXN0LzUzODARhg9odHRwOi8vdGVzdC81MzkwEYYPaHR0cDovL3Rlc3Qv +NTQwMBGGD2h0dHA6Ly90ZXN0LzU0MTARhg9odHRwOi8vdGVzdC81NDIwEYYPaHR0 +cDovL3Rlc3QvNTQzMBGGD2h0dHA6Ly90ZXN0LzU0NDARhg9odHRwOi8vdGVzdC81 +NDUwEYYPaHR0cDovL3Rlc3QvNTQ2MBGGD2h0dHA6Ly90ZXN0LzU0NzARhg9odHRw +Oi8vdGVzdC81NDgwEYYPaHR0cDovL3Rlc3QvNTQ5MBGGD2h0dHA6Ly90ZXN0LzU1 +MDARhg9odHRwOi8vdGVzdC81NTEwEYYPaHR0cDovL3Rlc3QvNTUyMBGGD2h0dHA6 +Ly90ZXN0LzU1MzARhg9odHRwOi8vdGVzdC81NTQwEYYPaHR0cDovL3Rlc3QvNTU1 +MBGGD2h0dHA6Ly90ZXN0LzU1NjARhg9odHRwOi8vdGVzdC81NTcwEYYPaHR0cDov +L3Rlc3QvNTU4MBGGD2h0dHA6Ly90ZXN0LzU1OTARhg9odHRwOi8vdGVzdC81NjAw +EYYPaHR0cDovL3Rlc3QvNTYxMBGGD2h0dHA6Ly90ZXN0LzU2MjARhg9odHRwOi8v +dGVzdC81NjMwEYYPaHR0cDovL3Rlc3QvNTY0MBGGD2h0dHA6Ly90ZXN0LzU2NTAR +hg9odHRwOi8vdGVzdC81NjYwEYYPaHR0cDovL3Rlc3QvNTY3MBGGD2h0dHA6Ly90 +ZXN0LzU2ODARhg9odHRwOi8vdGVzdC81NjkwEYYPaHR0cDovL3Rlc3QvNTcwMBGG +D2h0dHA6Ly90ZXN0LzU3MTARhg9odHRwOi8vdGVzdC81NzIwEYYPaHR0cDovL3Rl +c3QvNTczMBGGD2h0dHA6Ly90ZXN0LzU3NDARhg9odHRwOi8vdGVzdC81NzUwEYYP +aHR0cDovL3Rlc3QvNTc2MBGGD2h0dHA6Ly90ZXN0LzU3NzARhg9odHRwOi8vdGVz +dC81NzgwEYYPaHR0cDovL3Rlc3QvNTc5MBGGD2h0dHA6Ly90ZXN0LzU4MDARhg9o +dHRwOi8vdGVzdC81ODEwEYYPaHR0cDovL3Rlc3QvNTgyMBGGD2h0dHA6Ly90ZXN0 +LzU4MzARhg9odHRwOi8vdGVzdC81ODQwEYYPaHR0cDovL3Rlc3QvNTg1MBGGD2h0 +dHA6Ly90ZXN0LzU4NjARhg9odHRwOi8vdGVzdC81ODcwEYYPaHR0cDovL3Rlc3Qv +NTg4MBGGD2h0dHA6Ly90ZXN0LzU4OTARhg9odHRwOi8vdGVzdC81OTAwEYYPaHR0 +cDovL3Rlc3QvNTkxMBGGD2h0dHA6Ly90ZXN0LzU5MjARhg9odHRwOi8vdGVzdC81 +OTMwEYYPaHR0cDovL3Rlc3QvNTk0MBGGD2h0dHA6Ly90ZXN0LzU5NTARhg9odHRw +Oi8vdGVzdC81OTYwEYYPaHR0cDovL3Rlc3QvNTk3MBGGD2h0dHA6Ly90ZXN0LzU5 +ODARhg9odHRwOi8vdGVzdC81OTkwEYYPaHR0cDovL3Rlc3QvNjAwMBGGD2h0dHA6 +Ly90ZXN0LzYwMTARhg9odHRwOi8vdGVzdC82MDIwEYYPaHR0cDovL3Rlc3QvNjAz +MBGGD2h0dHA6Ly90ZXN0LzYwNDARhg9odHRwOi8vdGVzdC82MDUwEYYPaHR0cDov +L3Rlc3QvNjA2MBGGD2h0dHA6Ly90ZXN0LzYwNzARhg9odHRwOi8vdGVzdC82MDgw +EYYPaHR0cDovL3Rlc3QvNjA5MBGGD2h0dHA6Ly90ZXN0LzYxMDARhg9odHRwOi8v +dGVzdC82MTEwEYYPaHR0cDovL3Rlc3QvNjEyMBGGD2h0dHA6Ly90ZXN0LzYxMzAR +hg9odHRwOi8vdGVzdC82MTQwEYYPaHR0cDovL3Rlc3QvNjE1MBGGD2h0dHA6Ly90 +ZXN0LzYxNjARhg9odHRwOi8vdGVzdC82MTcwEYYPaHR0cDovL3Rlc3QvNjE4MBGG +D2h0dHA6Ly90ZXN0LzYxOTARhg9odHRwOi8vdGVzdC82MjAwEYYPaHR0cDovL3Rl +c3QvNjIxMBGGD2h0dHA6Ly90ZXN0LzYyMjARhg9odHRwOi8vdGVzdC82MjMwEYYP +aHR0cDovL3Rlc3QvNjI0MBGGD2h0dHA6Ly90ZXN0LzYyNTARhg9odHRwOi8vdGVz +dC82MjYwEYYPaHR0cDovL3Rlc3QvNjI3MBGGD2h0dHA6Ly90ZXN0LzYyODARhg9o +dHRwOi8vdGVzdC82MjkwEYYPaHR0cDovL3Rlc3QvNjMwMBGGD2h0dHA6Ly90ZXN0 +LzYzMTARhg9odHRwOi8vdGVzdC82MzIwEYYPaHR0cDovL3Rlc3QvNjMzMBGGD2h0 +dHA6Ly90ZXN0LzYzNDARhg9odHRwOi8vdGVzdC82MzUwEYYPaHR0cDovL3Rlc3Qv +NjM2MBGGD2h0dHA6Ly90ZXN0LzYzNzARhg9odHRwOi8vdGVzdC82MzgwEYYPaHR0 +cDovL3Rlc3QvNjM5MBGGD2h0dHA6Ly90ZXN0LzY0MDARhg9odHRwOi8vdGVzdC82 +NDEwEYYPaHR0cDovL3Rlc3QvNjQyMBGGD2h0dHA6Ly90ZXN0LzY0MzARhg9odHRw +Oi8vdGVzdC82NDQwEYYPaHR0cDovL3Rlc3QvNjQ1MBGGD2h0dHA6Ly90ZXN0LzY0 +NjARhg9odHRwOi8vdGVzdC82NDcwEYYPaHR0cDovL3Rlc3QvNjQ4MBGGD2h0dHA6 +Ly90ZXN0LzY0OTARhg9odHRwOi8vdGVzdC82NTAwEYYPaHR0cDovL3Rlc3QvNjUx +MBGGD2h0dHA6Ly90ZXN0LzY1MjARhg9odHRwOi8vdGVzdC82NTMwEYYPaHR0cDov +L3Rlc3QvNjU0MBGGD2h0dHA6Ly90ZXN0LzY1NTARhg9odHRwOi8vdGVzdC82NTYw +EYYPaHR0cDovL3Rlc3QvNjU3MBGGD2h0dHA6Ly90ZXN0LzY1ODARhg9odHRwOi8v +dGVzdC82NTkwEYYPaHR0cDovL3Rlc3QvNjYwMBGGD2h0dHA6Ly90ZXN0LzY2MTAR +hg9odHRwOi8vdGVzdC82NjIwEYYPaHR0cDovL3Rlc3QvNjYzMBGGD2h0dHA6Ly90 +ZXN0LzY2NDARhg9odHRwOi8vdGVzdC82NjUwEYYPaHR0cDovL3Rlc3QvNjY2MBGG +D2h0dHA6Ly90ZXN0LzY2NzARhg9odHRwOi8vdGVzdC82NjgwEYYPaHR0cDovL3Rl +c3QvNjY5MBGGD2h0dHA6Ly90ZXN0LzY3MDARhg9odHRwOi8vdGVzdC82NzEwEYYP +aHR0cDovL3Rlc3QvNjcyMBGGD2h0dHA6Ly90ZXN0LzY3MzARhg9odHRwOi8vdGVz +dC82NzQwEYYPaHR0cDovL3Rlc3QvNjc1MBGGD2h0dHA6Ly90ZXN0LzY3NjARhg9o +dHRwOi8vdGVzdC82NzcwEYYPaHR0cDovL3Rlc3QvNjc4MBGGD2h0dHA6Ly90ZXN0 +LzY3OTARhg9odHRwOi8vdGVzdC82ODAwEYYPaHR0cDovL3Rlc3QvNjgxMBGGD2h0 +dHA6Ly90ZXN0LzY4MjARhg9odHRwOi8vdGVzdC82ODMwEYYPaHR0cDovL3Rlc3Qv +Njg0MBGGD2h0dHA6Ly90ZXN0LzY4NTARhg9odHRwOi8vdGVzdC82ODYwEYYPaHR0 +cDovL3Rlc3QvNjg3MBGGD2h0dHA6Ly90ZXN0LzY4ODARhg9odHRwOi8vdGVzdC82 +ODkwEYYPaHR0cDovL3Rlc3QvNjkwMBGGD2h0dHA6Ly90ZXN0LzY5MTARhg9odHRw +Oi8vdGVzdC82OTIwEYYPaHR0cDovL3Rlc3QvNjkzMBGGD2h0dHA6Ly90ZXN0LzY5 +NDARhg9odHRwOi8vdGVzdC82OTUwEYYPaHR0cDovL3Rlc3QvNjk2MBGGD2h0dHA6 +Ly90ZXN0LzY5NzARhg9odHRwOi8vdGVzdC82OTgwEYYPaHR0cDovL3Rlc3QvNjk5 +MBGGD2h0dHA6Ly90ZXN0LzcwMDARhg9odHRwOi8vdGVzdC83MDEwEYYPaHR0cDov +L3Rlc3QvNzAyMBGGD2h0dHA6Ly90ZXN0LzcwMzARhg9odHRwOi8vdGVzdC83MDQw +EYYPaHR0cDovL3Rlc3QvNzA1MBGGD2h0dHA6Ly90ZXN0LzcwNjARhg9odHRwOi8v +dGVzdC83MDcwEYYPaHR0cDovL3Rlc3QvNzA4MBGGD2h0dHA6Ly90ZXN0LzcwOTAR +hg9odHRwOi8vdGVzdC83MTAwEYYPaHR0cDovL3Rlc3QvNzExMBGGD2h0dHA6Ly90 +ZXN0LzcxMjARhg9odHRwOi8vdGVzdC83MTMwEYYPaHR0cDovL3Rlc3QvNzE0MBGG +D2h0dHA6Ly90ZXN0LzcxNTARhg9odHRwOi8vdGVzdC83MTYwEYYPaHR0cDovL3Rl +c3QvNzE3MBGGD2h0dHA6Ly90ZXN0LzcxODARhg9odHRwOi8vdGVzdC83MTkwEYYP +aHR0cDovL3Rlc3QvNzIwMBGGD2h0dHA6Ly90ZXN0LzcyMTARhg9odHRwOi8vdGVz +dC83MjIwEYYPaHR0cDovL3Rlc3QvNzIzMBGGD2h0dHA6Ly90ZXN0LzcyNDARhg9o +dHRwOi8vdGVzdC83MjUwEYYPaHR0cDovL3Rlc3QvNzI2MBGGD2h0dHA6Ly90ZXN0 +LzcyNzARhg9odHRwOi8vdGVzdC83MjgwEYYPaHR0cDovL3Rlc3QvNzI5MBGGD2h0 +dHA6Ly90ZXN0LzczMDARhg9odHRwOi8vdGVzdC83MzEwEYYPaHR0cDovL3Rlc3Qv +NzMyMBGGD2h0dHA6Ly90ZXN0LzczMzARhg9odHRwOi8vdGVzdC83MzQwEYYPaHR0 +cDovL3Rlc3QvNzM1MBGGD2h0dHA6Ly90ZXN0LzczNjARhg9odHRwOi8vdGVzdC83 +MzcwEYYPaHR0cDovL3Rlc3QvNzM4MBGGD2h0dHA6Ly90ZXN0LzczOTARhg9odHRw +Oi8vdGVzdC83NDAwEYYPaHR0cDovL3Rlc3QvNzQxMBGGD2h0dHA6Ly90ZXN0Lzc0 +MjARhg9odHRwOi8vdGVzdC83NDMwEYYPaHR0cDovL3Rlc3QvNzQ0MBGGD2h0dHA6 +Ly90ZXN0Lzc0NTARhg9odHRwOi8vdGVzdC83NDYwEYYPaHR0cDovL3Rlc3QvNzQ3 +MBGGD2h0dHA6Ly90ZXN0Lzc0ODARhg9odHRwOi8vdGVzdC83NDkwEYYPaHR0cDov +L3Rlc3QvNzUwMBGGD2h0dHA6Ly90ZXN0Lzc1MTARhg9odHRwOi8vdGVzdC83NTIw +EYYPaHR0cDovL3Rlc3QvNzUzMBGGD2h0dHA6Ly90ZXN0Lzc1NDARhg9odHRwOi8v +dGVzdC83NTUwEYYPaHR0cDovL3Rlc3QvNzU2MBGGD2h0dHA6Ly90ZXN0Lzc1NzAR +hg9odHRwOi8vdGVzdC83NTgwEYYPaHR0cDovL3Rlc3QvNzU5MBGGD2h0dHA6Ly90 +ZXN0Lzc2MDARhg9odHRwOi8vdGVzdC83NjEwEYYPaHR0cDovL3Rlc3QvNzYyMBGG +D2h0dHA6Ly90ZXN0Lzc2MzARhg9odHRwOi8vdGVzdC83NjQwEYYPaHR0cDovL3Rl +c3QvNzY1MBGGD2h0dHA6Ly90ZXN0Lzc2NjARhg9odHRwOi8vdGVzdC83NjcwEYYP +aHR0cDovL3Rlc3QvNzY4MBGGD2h0dHA6Ly90ZXN0Lzc2OTARhg9odHRwOi8vdGVz +dC83NzAwEYYPaHR0cDovL3Rlc3QvNzcxMBGGD2h0dHA6Ly90ZXN0Lzc3MjARhg9o +dHRwOi8vdGVzdC83NzMwEYYPaHR0cDovL3Rlc3QvNzc0MBGGD2h0dHA6Ly90ZXN0 +Lzc3NTARhg9odHRwOi8vdGVzdC83NzYwEYYPaHR0cDovL3Rlc3QvNzc3MBGGD2h0 +dHA6Ly90ZXN0Lzc3ODARhg9odHRwOi8vdGVzdC83NzkwEYYPaHR0cDovL3Rlc3Qv +NzgwMBGGD2h0dHA6Ly90ZXN0Lzc4MTARhg9odHRwOi8vdGVzdC83ODIwEYYPaHR0 +cDovL3Rlc3QvNzgzMBGGD2h0dHA6Ly90ZXN0Lzc4NDARhg9odHRwOi8vdGVzdC83 +ODUwEYYPaHR0cDovL3Rlc3QvNzg2MBGGD2h0dHA6Ly90ZXN0Lzc4NzARhg9odHRw +Oi8vdGVzdC83ODgwEYYPaHR0cDovL3Rlc3QvNzg5MBGGD2h0dHA6Ly90ZXN0Lzc5 +MDARhg9odHRwOi8vdGVzdC83OTEwEYYPaHR0cDovL3Rlc3QvNzkyMBGGD2h0dHA6 +Ly90ZXN0Lzc5MzARhg9odHRwOi8vdGVzdC83OTQwEYYPaHR0cDovL3Rlc3QvNzk1 +MBGGD2h0dHA6Ly90ZXN0Lzc5NjARhg9odHRwOi8vdGVzdC83OTcwEYYPaHR0cDov +L3Rlc3QvNzk4MBGGD2h0dHA6Ly90ZXN0Lzc5OTARhg9odHRwOi8vdGVzdC84MDAw +EYYPaHR0cDovL3Rlc3QvODAxMBGGD2h0dHA6Ly90ZXN0LzgwMjARhg9odHRwOi8v +dGVzdC84MDMwEYYPaHR0cDovL3Rlc3QvODA0MBGGD2h0dHA6Ly90ZXN0LzgwNTAR +hg9odHRwOi8vdGVzdC84MDYwEYYPaHR0cDovL3Rlc3QvODA3MBGGD2h0dHA6Ly90 +ZXN0LzgwODARhg9odHRwOi8vdGVzdC84MDkwEYYPaHR0cDovL3Rlc3QvODEwMBGG +D2h0dHA6Ly90ZXN0LzgxMTARhg9odHRwOi8vdGVzdC84MTIwEYYPaHR0cDovL3Rl +c3QvODEzMBGGD2h0dHA6Ly90ZXN0LzgxNDARhg9odHRwOi8vdGVzdC84MTUwEYYP +aHR0cDovL3Rlc3QvODE2MBGGD2h0dHA6Ly90ZXN0LzgxNzARhg9odHRwOi8vdGVz +dC84MTgwEYYPaHR0cDovL3Rlc3QvODE5MBGGD2h0dHA6Ly90ZXN0LzgyMDARhg9o +dHRwOi8vdGVzdC84MjEwEYYPaHR0cDovL3Rlc3QvODIyMBGGD2h0dHA6Ly90ZXN0 +LzgyMzARhg9odHRwOi8vdGVzdC84MjQwEYYPaHR0cDovL3Rlc3QvODI1MBGGD2h0 +dHA6Ly90ZXN0LzgyNjARhg9odHRwOi8vdGVzdC84MjcwEYYPaHR0cDovL3Rlc3Qv +ODI4MBGGD2h0dHA6Ly90ZXN0LzgyOTARhg9odHRwOi8vdGVzdC84MzAwEYYPaHR0 +cDovL3Rlc3QvODMxMBGGD2h0dHA6Ly90ZXN0LzgzMjARhg9odHRwOi8vdGVzdC84 +MzMwEYYPaHR0cDovL3Rlc3QvODM0MBGGD2h0dHA6Ly90ZXN0LzgzNTARhg9odHRw +Oi8vdGVzdC84MzYwEYYPaHR0cDovL3Rlc3QvODM3MBGGD2h0dHA6Ly90ZXN0Lzgz +ODARhg9odHRwOi8vdGVzdC84MzkwEYYPaHR0cDovL3Rlc3QvODQwMBGGD2h0dHA6 +Ly90ZXN0Lzg0MTARhg9odHRwOi8vdGVzdC84NDIwEYYPaHR0cDovL3Rlc3QvODQz +MBGGD2h0dHA6Ly90ZXN0Lzg0NDARhg9odHRwOi8vdGVzdC84NDUwEYYPaHR0cDov +L3Rlc3QvODQ2MBGGD2h0dHA6Ly90ZXN0Lzg0NzARhg9odHRwOi8vdGVzdC84NDgw +EYYPaHR0cDovL3Rlc3QvODQ5MBGGD2h0dHA6Ly90ZXN0Lzg1MDARhg9odHRwOi8v +dGVzdC84NTEwEYYPaHR0cDovL3Rlc3QvODUyMBGGD2h0dHA6Ly90ZXN0Lzg1MzAR +hg9odHRwOi8vdGVzdC84NTQwEYYPaHR0cDovL3Rlc3QvODU1MBGGD2h0dHA6Ly90 +ZXN0Lzg1NjARhg9odHRwOi8vdGVzdC84NTcwEYYPaHR0cDovL3Rlc3QvODU4MBGG +D2h0dHA6Ly90ZXN0Lzg1OTARhg9odHRwOi8vdGVzdC84NjAwEYYPaHR0cDovL3Rl +c3QvODYxMBGGD2h0dHA6Ly90ZXN0Lzg2MjARhg9odHRwOi8vdGVzdC84NjMwEYYP +aHR0cDovL3Rlc3QvODY0MBGGD2h0dHA6Ly90ZXN0Lzg2NTARhg9odHRwOi8vdGVz +dC84NjYwEYYPaHR0cDovL3Rlc3QvODY3MBGGD2h0dHA6Ly90ZXN0Lzg2ODARhg9o +dHRwOi8vdGVzdC84NjkwEYYPaHR0cDovL3Rlc3QvODcwMBGGD2h0dHA6Ly90ZXN0 +Lzg3MTARhg9odHRwOi8vdGVzdC84NzIwEYYPaHR0cDovL3Rlc3QvODczMBGGD2h0 +dHA6Ly90ZXN0Lzg3NDARhg9odHRwOi8vdGVzdC84NzUwEYYPaHR0cDovL3Rlc3Qv +ODc2MBGGD2h0dHA6Ly90ZXN0Lzg3NzARhg9odHRwOi8vdGVzdC84NzgwEYYPaHR0 +cDovL3Rlc3QvODc5MBGGD2h0dHA6Ly90ZXN0Lzg4MDARhg9odHRwOi8vdGVzdC84 +ODEwEYYPaHR0cDovL3Rlc3QvODgyMBGGD2h0dHA6Ly90ZXN0Lzg4MzARhg9odHRw +Oi8vdGVzdC84ODQwEYYPaHR0cDovL3Rlc3QvODg1MBGGD2h0dHA6Ly90ZXN0Lzg4 +NjARhg9odHRwOi8vdGVzdC84ODcwEYYPaHR0cDovL3Rlc3QvODg4MBGGD2h0dHA6 +Ly90ZXN0Lzg4OTARhg9odHRwOi8vdGVzdC84OTAwEYYPaHR0cDovL3Rlc3QvODkx +MBGGD2h0dHA6Ly90ZXN0Lzg5MjARhg9odHRwOi8vdGVzdC84OTMwEYYPaHR0cDov +L3Rlc3QvODk0MBGGD2h0dHA6Ly90ZXN0Lzg5NTARhg9odHRwOi8vdGVzdC84OTYw +EYYPaHR0cDovL3Rlc3QvODk3MBGGD2h0dHA6Ly90ZXN0Lzg5ODARhg9odHRwOi8v +dGVzdC84OTkwEYYPaHR0cDovL3Rlc3QvOTAwMBGGD2h0dHA6Ly90ZXN0LzkwMTAR +hg9odHRwOi8vdGVzdC85MDIwEYYPaHR0cDovL3Rlc3QvOTAzMBGGD2h0dHA6Ly90 +ZXN0LzkwNDARhg9odHRwOi8vdGVzdC85MDUwEYYPaHR0cDovL3Rlc3QvOTA2MBGG +D2h0dHA6Ly90ZXN0LzkwNzARhg9odHRwOi8vdGVzdC85MDgwEYYPaHR0cDovL3Rl +c3QvOTA5MBGGD2h0dHA6Ly90ZXN0LzkxMDARhg9odHRwOi8vdGVzdC85MTEwEYYP +aHR0cDovL3Rlc3QvOTEyMBGGD2h0dHA6Ly90ZXN0LzkxMzARhg9odHRwOi8vdGVz +dC85MTQwEYYPaHR0cDovL3Rlc3QvOTE1MBGGD2h0dHA6Ly90ZXN0LzkxNjARhg9o +dHRwOi8vdGVzdC85MTcwEYYPaHR0cDovL3Rlc3QvOTE4MBGGD2h0dHA6Ly90ZXN0 +LzkxOTARhg9odHRwOi8vdGVzdC85MjAwEYYPaHR0cDovL3Rlc3QvOTIxMBGGD2h0 +dHA6Ly90ZXN0LzkyMjARhg9odHRwOi8vdGVzdC85MjMwEYYPaHR0cDovL3Rlc3Qv +OTI0MBGGD2h0dHA6Ly90ZXN0LzkyNTARhg9odHRwOi8vdGVzdC85MjYwEYYPaHR0 +cDovL3Rlc3QvOTI3MBGGD2h0dHA6Ly90ZXN0LzkyODARhg9odHRwOi8vdGVzdC85 +MjkwEYYPaHR0cDovL3Rlc3QvOTMwMBGGD2h0dHA6Ly90ZXN0LzkzMTARhg9odHRw +Oi8vdGVzdC85MzIwEYYPaHR0cDovL3Rlc3QvOTMzMBGGD2h0dHA6Ly90ZXN0Lzkz +NDARhg9odHRwOi8vdGVzdC85MzUwEYYPaHR0cDovL3Rlc3QvOTM2MBGGD2h0dHA6 +Ly90ZXN0LzkzNzARhg9odHRwOi8vdGVzdC85MzgwEYYPaHR0cDovL3Rlc3QvOTM5 +MBGGD2h0dHA6Ly90ZXN0Lzk0MDARhg9odHRwOi8vdGVzdC85NDEwEYYPaHR0cDov +L3Rlc3QvOTQyMBGGD2h0dHA6Ly90ZXN0Lzk0MzARhg9odHRwOi8vdGVzdC85NDQw +EYYPaHR0cDovL3Rlc3QvOTQ1MBGGD2h0dHA6Ly90ZXN0Lzk0NjARhg9odHRwOi8v +dGVzdC85NDcwEYYPaHR0cDovL3Rlc3QvOTQ4MBGGD2h0dHA6Ly90ZXN0Lzk0OTAR +hg9odHRwOi8vdGVzdC85NTAwEYYPaHR0cDovL3Rlc3QvOTUxMBGGD2h0dHA6Ly90 +ZXN0Lzk1MjARhg9odHRwOi8vdGVzdC85NTMwEYYPaHR0cDovL3Rlc3QvOTU0MBGG +D2h0dHA6Ly90ZXN0Lzk1NTARhg9odHRwOi8vdGVzdC85NTYwEYYPaHR0cDovL3Rl +c3QvOTU3MBGGD2h0dHA6Ly90ZXN0Lzk1ODARhg9odHRwOi8vdGVzdC85NTkwEYYP +aHR0cDovL3Rlc3QvOTYwMBGGD2h0dHA6Ly90ZXN0Lzk2MTARhg9odHRwOi8vdGVz +dC85NjIwEYYPaHR0cDovL3Rlc3QvOTYzMBGGD2h0dHA6Ly90ZXN0Lzk2NDARhg9o +dHRwOi8vdGVzdC85NjUwEYYPaHR0cDovL3Rlc3QvOTY2MBGGD2h0dHA6Ly90ZXN0 +Lzk2NzARhg9odHRwOi8vdGVzdC85NjgwEYYPaHR0cDovL3Rlc3QvOTY5MBGGD2h0 +dHA6Ly90ZXN0Lzk3MDARhg9odHRwOi8vdGVzdC85NzEwEYYPaHR0cDovL3Rlc3Qv +OTcyMBGGD2h0dHA6Ly90ZXN0Lzk3MzARhg9odHRwOi8vdGVzdC85NzQwEYYPaHR0 +cDovL3Rlc3QvOTc1MBGGD2h0dHA6Ly90ZXN0Lzk3NjARhg9odHRwOi8vdGVzdC85 +NzcwEYYPaHR0cDovL3Rlc3QvOTc4MBGGD2h0dHA6Ly90ZXN0Lzk3OTARhg9odHRw +Oi8vdGVzdC85ODAwEYYPaHR0cDovL3Rlc3QvOTgxMBGGD2h0dHA6Ly90ZXN0Lzk4 +MjARhg9odHRwOi8vdGVzdC85ODMwEYYPaHR0cDovL3Rlc3QvOTg0MBGGD2h0dHA6 +Ly90ZXN0Lzk4NTARhg9odHRwOi8vdGVzdC85ODYwEYYPaHR0cDovL3Rlc3QvOTg3 +MBGGD2h0dHA6Ly90ZXN0Lzk4ODARhg9odHRwOi8vdGVzdC85ODkwEYYPaHR0cDov +L3Rlc3QvOTkwMBGGD2h0dHA6Ly90ZXN0Lzk5MTARhg9odHRwOi8vdGVzdC85OTIw +EYYPaHR0cDovL3Rlc3QvOTkzMBGGD2h0dHA6Ly90ZXN0Lzk5NDARhg9odHRwOi8v +dGVzdC85OTUwEYYPaHR0cDovL3Rlc3QvOTk2MBGGD2h0dHA6Ly90ZXN0Lzk5NzAR +hg9odHRwOi8vdGVzdC85OTgwEYYPaHR0cDovL3Rlc3QvOTk5MBKGEGh0dHA6Ly90 +ZXN0LzEwMDAwEoYQaHR0cDovL3Rlc3QvMTAwMTAShhBodHRwOi8vdGVzdC8xMDAy +MBKGEGh0dHA6Ly90ZXN0LzEwMDMwEoYQaHR0cDovL3Rlc3QvMTAwNDAShhBodHRw +Oi8vdGVzdC8xMDA1MBKGEGh0dHA6Ly90ZXN0LzEwMDYwEoYQaHR0cDovL3Rlc3Qv +MTAwNzAShhBodHRwOi8vdGVzdC8xMDA4MBKGEGh0dHA6Ly90ZXN0LzEwMDkwEoYQ +aHR0cDovL3Rlc3QvMTAxMDAShhBodHRwOi8vdGVzdC8xMDExMBKGEGh0dHA6Ly90 +ZXN0LzEwMTIwEoYQaHR0cDovL3Rlc3QvMTAxMzAShhBodHRwOi8vdGVzdC8xMDE0 +MBKGEGh0dHA6Ly90ZXN0LzEwMTUwEoYQaHR0cDovL3Rlc3QvMTAxNjAShhBodHRw +Oi8vdGVzdC8xMDE3MBKGEGh0dHA6Ly90ZXN0LzEwMTgwEoYQaHR0cDovL3Rlc3Qv +MTAxOTAShhBodHRwOi8vdGVzdC8xMDIwMBKGEGh0dHA6Ly90ZXN0LzEwMjEwEoYQ +aHR0cDovL3Rlc3QvMTAyMjAShhBodHRwOi8vdGVzdC8xMDIzMBKGEGh0dHA6Ly90 +ZXN0LzEwMjShgmluMAmCB3gwLnRlc3QwCYIHeDEudGVzdDAJggd4Mi50ZXN0MAmC +B3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcu +dGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEwLnRlc3QwCoIIeDExLnRl +c3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRl +c3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRl +c3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRl +c3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRl +c3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRl +c3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRl +c3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRl +c3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRl +c3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRl +c3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRl +c3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRl +c3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRl +c3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRl +c3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRl +c3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRl +c3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRl +c3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRl +c3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRl +c3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRl +c3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRl +c3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRl +c3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRl +c3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4MTAyLnRlc3QwC4IJeDEw +My50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuC +CXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50ZXN0MAuCCXgxMTAudGVz +dDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0 +LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDALggl4MTE3LnRlc3QwC4IJ +eDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0 +MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUu +dGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuCCXgxMjgudGVzdDALggl4 +MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVzdDALggl4MTMyLnRlc3Qw +C4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1LnRlc3QwC4IJeDEzNi50 +ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgx +NDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0MAuCCXgxNDMudGVzdDAL +ggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYudGVzdDALggl4MTQ3LnRl +c3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4MTUwLnRlc3QwC4IJeDE1 +MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuC +CXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVz +dDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgxNjEudGVzdDALggl4MTYy +LnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDALggl4MTY1LnRlc3QwC4IJ +eDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0 +MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/////MAqHCAsAAAP///// +MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/////MAqHCAsAAAf///// +MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/////MAqHCAsAAAv///// +MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/////MAqHCAsAAA////// +MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/////MAqHCAsAABP///// +MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/////MAqHCAsAABf///// +MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/////MAqHCAsAABv///// +MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/////MAqHCAsAAB////// +MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/////MAqHCAsAACP///// +MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/////MAqHCAsAACf///// +MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/////MAqHCAsAACv///// +MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/////MAqHCAsAAC////// +MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/////MAqHCAsAADP///// +MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/////MAqHCAsAADf///// +MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/////MAqHCAsAADv///// +MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/////MAqHCAsAAD////// +MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/////MAqHCAsAAEP///// +MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/////MAqHCAsAAEf///// +MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/////MAqHCAsAAEv///// +MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/////MAqHCAsAAE////// +MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/////MAqHCAsAAFP///// +MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/////MAqHCAsAAFf///// +MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/////MAqHCAsAAFv///// +MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/////MAqHCAsAAF////// +MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/////MAqHCAsAAGP///// +MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/////MAqHCAsAAGf///// +MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/////MAqHCAsAAGv///// +MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/////MAqHCAsAAG////// +MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/////MAqHCAsAAHP///// +MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/////MAqHCAsAAHf///// +MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/////MAqHCAsAAHv///// +MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/////MAqHCAsAAH////// +MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/////MAqHCAsAAIP///// +MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/////MAqHCAsAAIf///// +MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/////MAqHCAsAAIv///// +MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/////MAqHCAsAAI////// +MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/////MAqHCAsAAJP///// +MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/////MAqHCAsAAJf///// +MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/////MAqHCAsAAJv///// +MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/////MAqHCAsAAJ////// +MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/////MAqHCAsAAKP///// +MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/////MAqHCAsAAKf///// +MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQswCQYDVQQDDAJ4MDARpA8w +DTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngyMBGkDzANMQswCQYDVQQD +DAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJBgNVBAMMAng1MBGkDzAN +MQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcwEaQPMA0xCzAJBgNVBAMM +Ang4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoGA1UEAwwDeDEwMBKkEDAO +MQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gxMjASpBAwDjEMMAoGA1UE +AwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4xDDAKBgNVBAMMA3gxNTAS +pBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQDDAN4MTcwEqQQMA4xDDAK +BgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKkEDAOMQwwCgYDVQQDDAN4 +MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoGA1UEAwwDeDIyMBKkEDAO +MQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gyNDASpBAwDjEMMAoGA1UE +AwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4xDDAKBgNVBAMMA3gyNzAS +pBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQDDAN4MjkwEqQQMA4xDDAK +BgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKkEDAOMQwwCgYDVQQDDAN4 +MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoGA1UEAwwDeDM0MBKkEDAO +MQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gzNjASpBAwDjEMMAoGA1UE +AwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4xDDAKBgNVBAMMA3gzOTAS +pBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQDDAN4NDEwEqQQMA4xDDAK +BgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKkEDAOMQwwCgYDVQQDDAN4 +NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoGA1UEAwwDeDQ2MBKkEDAO +MQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0ODASpBAwDjEMMAoGA1UE +AwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4xDDAKBgNVBAMMA3g1MTAS +pBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQDDAN4NTMwEqQQMA4xDDAK +BgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKkEDAOMQwwCgYDVQQDDAN4 +NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoGA1UEAwwDeDU4MBKkEDAO +MQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2MDASpBAwDjEMMAoGA1UE +AwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4xDDAKBgNVBAMMA3g2MzAS +pBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQDDAN4NjUwEqQQMA4xDDAK +BgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKkEDAOMQwwCgYDVQQDDAN4 +NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoGA1UEAwwDeDcwMBKkEDAO +MQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3MjASpBAwDjEMMAoGA1UE +AwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4xDDAKBgNVBAMMA3g3NTAS +pBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQDDAN4NzcwEqQQMA4xDDAK +BgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKkEDAOMQwwCgYDVQQDDAN4 +ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoGA1UEAwwDeDgyMBKkEDAO +MQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4NDASpBAwDjEMMAoGA1UE +AwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4xDDAKBgNVBAMMA3g4NzAS +pBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQDDAN4ODkwEqQQMA4xDDAK +BgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKkEDAOMQwwCgYDVQQDDAN4 +OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoGA1UEAwwDeDk0MBKkEDAO +MQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5NjASpBAwDjEMMAoGA1UE +AwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4xDDAKBgNVBAMMA3g5OTAT +pBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UEAwwEeDEwMTATpBEwDzEN +MAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEwMzATpBEwDzENMAsGA1UE +AwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEwDzENMAsGA1UEAwwEeDEw +NjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsGA1UEAwwEeDEwODATpBEw +DzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwEeDExMDATpBEwDzENMAsG +A1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjATpBEwDzENMAsGA1UEAwwE +eDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzENMAsGA1UEAwwEeDExNTAT +pBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UEAwwEeDExNzATpBEwDzEN +MAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDExOTATpBEwDzENMAsGA1UE +AwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEwDzENMAsGA1UEAwwEeDEy +MjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsGA1UEAwwEeDEyNDATpBEw +DzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwEeDEyNjATpBEwDzENMAsG +A1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODATpBEwDzENMAsGA1UEAwwE +eDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzENMAsGA1UEAwwEeDEzMTAT +pBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UEAwwEeDEzMzATpBEwDzEN +MAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEzNTATpBEwDzENMAsGA1UE +AwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEwDzENMAsGA1UEAwwEeDEz +ODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsGA1UEAwwEeDE0MDATpBEw +DzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwEeDE0MjATpBEwDzENMAsG +A1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDATpBEwDzENMAsGA1UEAwwE +eDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzENMAsGA1UEAwwEeDE0NzAT +pBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UEAwwEeDE0OTATpBEwDzEN +MAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1MTATpBEwDzENMAsGA1UE +AwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEwDzENMAsGA1UEAwwEeDE1 +NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsGA1UEAwwEeDE1NjATpBEw +DzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwEeDE1ODATpBEwDzENMAsG +A1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDATpBEwDzENMAsGA1UEAwwE +eDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzENMAsGA1UEAwwEeDE2MzAT +pBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UEAwwEeDE2NTATpBEwDzEN +MAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2NzATpBEwDzENMAsGA1UE +AwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTAPhg1odHRwOi8veGVzdC8wMA+G +DWh0dHA6Ly94ZXN0LzEwD4YNaHR0cDovL3hlc3QvMjAPhg1odHRwOi8veGVzdC8z +MA+GDWh0dHA6Ly94ZXN0LzQwD4YNaHR0cDovL3hlc3QvNTAPhg1odHRwOi8veGVz +dC82MA+GDWh0dHA6Ly94ZXN0LzcwD4YNaHR0cDovL3hlc3QvODAPhg1odHRwOi8v +eGVzdC85MBCGDmh0dHA6Ly94ZXN0LzEwMBCGDmh0dHA6Ly94ZXN0LzExMBCGDmh0 +dHA6Ly94ZXN0LzEyMBCGDmh0dHA6Ly94ZXN0LzEzMBCGDmh0dHA6Ly94ZXN0LzE0 +MBCGDmh0dHA6Ly94ZXN0LzE1MBCGDmh0dHA6Ly94ZXN0LzE2MBCGDmh0dHA6Ly94 +ZXN0LzE3MBCGDmh0dHA6Ly94ZXN0LzE4MBCGDmh0dHA6Ly94ZXN0LzE5MBCGDmh0 +dHA6Ly94ZXN0LzIwMBCGDmh0dHA6Ly94ZXN0LzIxMBCGDmh0dHA6Ly94ZXN0LzIy +MBCGDmh0dHA6Ly94ZXN0LzIzMBCGDmh0dHA6Ly94ZXN0LzI0MBCGDmh0dHA6Ly94 +ZXN0LzI1MBCGDmh0dHA6Ly94ZXN0LzI2MBCGDmh0dHA6Ly94ZXN0LzI3MBCGDmh0 +dHA6Ly94ZXN0LzI4MBCGDmh0dHA6Ly94ZXN0LzI5MBCGDmh0dHA6Ly94ZXN0LzMw +MBCGDmh0dHA6Ly94ZXN0LzMxMBCGDmh0dHA6Ly94ZXN0LzMyMBCGDmh0dHA6Ly94 +ZXN0LzMzMBCGDmh0dHA6Ly94ZXN0LzM0MBCGDmh0dHA6Ly94ZXN0LzM1MBCGDmh0 +dHA6Ly94ZXN0LzM2MBCGDmh0dHA6Ly94ZXN0LzM3MBCGDmh0dHA6Ly94ZXN0LzM4 +MBCGDmh0dHA6Ly94ZXN0LzM5MBCGDmh0dHA6Ly94ZXN0LzQwMBCGDmh0dHA6Ly94 +ZXN0LzQxMBCGDmh0dHA6Ly94ZXN0LzQyMBCGDmh0dHA6Ly94ZXN0LzQzMBCGDmh0 +dHA6Ly94ZXN0LzQ0MBCGDmh0dHA6Ly94ZXN0LzQ1MBCGDmh0dHA6Ly94ZXN0LzQ2 +MBCGDmh0dHA6Ly94ZXN0LzQ3MBCGDmh0dHA6Ly94ZXN0LzQ4MBCGDmh0dHA6Ly94 +ZXN0LzQ5MBCGDmh0dHA6Ly94ZXN0LzUwMBCGDmh0dHA6Ly94ZXN0LzUxMBCGDmh0 +dHA6Ly94ZXN0LzUyMBCGDmh0dHA6Ly94ZXN0LzUzMBCGDmh0dHA6Ly94ZXN0LzU0 +MBCGDmh0dHA6Ly94ZXN0LzU1MBCGDmh0dHA6Ly94ZXN0LzU2MBCGDmh0dHA6Ly94 +ZXN0LzU3MBCGDmh0dHA6Ly94ZXN0LzU4MBCGDmh0dHA6Ly94ZXN0LzU5MBCGDmh0 +dHA6Ly94ZXN0LzYwMBCGDmh0dHA6Ly94ZXN0LzYxMBCGDmh0dHA6Ly94ZXN0LzYy +MBCGDmh0dHA6Ly94ZXN0LzYzMBCGDmh0dHA6Ly94ZXN0LzY0MBCGDmh0dHA6Ly94 +ZXN0LzY1MBCGDmh0dHA6Ly94ZXN0LzY2MBCGDmh0dHA6Ly94ZXN0LzY3MBCGDmh0 +dHA6Ly94ZXN0LzY4MBCGDmh0dHA6Ly94ZXN0LzY5MBCGDmh0dHA6Ly94ZXN0Lzcw +MBCGDmh0dHA6Ly94ZXN0LzcxMBCGDmh0dHA6Ly94ZXN0LzcyMBCGDmh0dHA6Ly94 +ZXN0LzczMBCGDmh0dHA6Ly94ZXN0Lzc0MBCGDmh0dHA6Ly94ZXN0Lzc1MBCGDmh0 +dHA6Ly94ZXN0Lzc2MBCGDmh0dHA6Ly94ZXN0Lzc3MBCGDmh0dHA6Ly94ZXN0Lzc4 +MBCGDmh0dHA6Ly94ZXN0Lzc5MBCGDmh0dHA6Ly94ZXN0LzgwMBCGDmh0dHA6Ly94 +ZXN0LzgxMBCGDmh0dHA6Ly94ZXN0LzgyMBCGDmh0dHA6Ly94ZXN0LzgzMBCGDmh0 +dHA6Ly94ZXN0Lzg0MBCGDmh0dHA6Ly94ZXN0Lzg1MBCGDmh0dHA6Ly94ZXN0Lzg2 +MBCGDmh0dHA6Ly94ZXN0Lzg3MBCGDmh0dHA6Ly94ZXN0Lzg4MBCGDmh0dHA6Ly94 +ZXN0Lzg5MBCGDmh0dHA6Ly94ZXN0LzkwMBCGDmh0dHA6Ly94ZXN0LzkxMBCGDmh0 +dHA6Ly94ZXN0LzkyMBCGDmh0dHA6Ly94ZXN0LzkzMBCGDmh0dHA6Ly94ZXN0Lzk0 +MBCGDmh0dHA6Ly94ZXN0Lzk1MBCGDmh0dHA6Ly94ZXN0Lzk2MBCGDmh0dHA6Ly94 +ZXN0Lzk3MBCGDmh0dHA6Ly94ZXN0Lzk4MBCGDmh0dHA6Ly94ZXN0Lzk5MBGGD2h0 +dHA6Ly94ZXN0LzEwMDARhg9odHRwOi8veGVzdC8xMDEwEYYPaHR0cDovL3hlc3Qv +MTAyMBGGD2h0dHA6Ly94ZXN0LzEwMzARhg9odHRwOi8veGVzdC8xMDQwEYYPaHR0 +cDovL3hlc3QvMTA1MBGGD2h0dHA6Ly94ZXN0LzEwNjARhg9odHRwOi8veGVzdC8x +MDcwEYYPaHR0cDovL3hlc3QvMTA4MBGGD2h0dHA6Ly94ZXN0LzEwOTARhg9odHRw +Oi8veGVzdC8xMTAwEYYPaHR0cDovL3hlc3QvMTExMBGGD2h0dHA6Ly94ZXN0LzEx +MjARhg9odHRwOi8veGVzdC8xMTMwEYYPaHR0cDovL3hlc3QvMTE0MBGGD2h0dHA6 +Ly94ZXN0LzExNTARhg9odHRwOi8veGVzdC8xMTYwEYYPaHR0cDovL3hlc3QvMTE3 +MBGGD2h0dHA6Ly94ZXN0LzExODARhg9odHRwOi8veGVzdC8xMTkwEYYPaHR0cDov +L3hlc3QvMTIwMBGGD2h0dHA6Ly94ZXN0LzEyMTARhg9odHRwOi8veGVzdC8xMjIw +EYYPaHR0cDovL3hlc3QvMTIzMBGGD2h0dHA6Ly94ZXN0LzEyNDARhg9odHRwOi8v +eGVzdC8xMjUwEYYPaHR0cDovL3hlc3QvMTI2MBGGD2h0dHA6Ly94ZXN0LzEyNzAR +hg9odHRwOi8veGVzdC8xMjgwEYYPaHR0cDovL3hlc3QvMTI5MBGGD2h0dHA6Ly94 +ZXN0LzEzMDARhg9odHRwOi8veGVzdC8xMzEwEYYPaHR0cDovL3hlc3QvMTMyMBGG +D2h0dHA6Ly94ZXN0LzEzMzARhg9odHRwOi8veGVzdC8xMzQwEYYPaHR0cDovL3hl +c3QvMTM1MBGGD2h0dHA6Ly94ZXN0LzEzNjARhg9odHRwOi8veGVzdC8xMzcwEYYP +aHR0cDovL3hlc3QvMTM4MBGGD2h0dHA6Ly94ZXN0LzEzOTARhg9odHRwOi8veGVz +dC8xNDAwEYYPaHR0cDovL3hlc3QvMTQxMBGGD2h0dHA6Ly94ZXN0LzE0MjARhg9o +dHRwOi8veGVzdC8xNDMwEYYPaHR0cDovL3hlc3QvMTQ0MBGGD2h0dHA6Ly94ZXN0 +LzE0NTARhg9odHRwOi8veGVzdC8xNDYwEYYPaHR0cDovL3hlc3QvMTQ3MBGGD2h0 +dHA6Ly94ZXN0LzE0ODARhg9odHRwOi8veGVzdC8xNDkwEYYPaHR0cDovL3hlc3Qv +MTUwMBGGD2h0dHA6Ly94ZXN0LzE1MTARhg9odHRwOi8veGVzdC8xNTIwEYYPaHR0 +cDovL3hlc3QvMTUzMBGGD2h0dHA6Ly94ZXN0LzE1NDARhg9odHRwOi8veGVzdC8x +NTUwEYYPaHR0cDovL3hlc3QvMTU2MBGGD2h0dHA6Ly94ZXN0LzE1NzARhg9odHRw +Oi8veGVzdC8xNTgwEYYPaHR0cDovL3hlc3QvMTU5MBGGD2h0dHA6Ly94ZXN0LzE2 +MDARhg9odHRwOi8veGVzdC8xNjEwEYYPaHR0cDovL3hlc3QvMTYyMBGGD2h0dHA6 +Ly94ZXN0LzE2MzARhg9odHRwOi8veGVzdC8xNjQwEYYPaHR0cDovL3hlc3QvMTY1 +MBGGD2h0dHA6Ly94ZXN0LzE2NjARhg9odHRwOi8veGVzdC8xNjcwEYYPaHR0cDov +L3hlc3QvMTY4MBGGD2h0dHA6Ly94ZXN0LzE2OTARhg9odHRwOi8veGVzdC8xNzAw +EYYPaHR0cDovL3hlc3QvMTcxMBGGD2h0dHA6Ly94ZXN0LzE3MjARhg9odHRwOi8v +eGVzdC8xNzMwEYYPaHR0cDovL3hlc3QvMTc0MBGGD2h0dHA6Ly94ZXN0LzE3NTAR +hg9odHRwOi8veGVzdC8xNzYwEYYPaHR0cDovL3hlc3QvMTc3MBGGD2h0dHA6Ly94 +ZXN0LzE3ODARhg9odHRwOi8veGVzdC8xNzkwEYYPaHR0cDovL3hlc3QvMTgwMBGG +D2h0dHA6Ly94ZXN0LzE4MTARhg9odHRwOi8veGVzdC8xODIwEYYPaHR0cDovL3hl +c3QvMTgzMBGGD2h0dHA6Ly94ZXN0LzE4NDARhg9odHRwOi8veGVzdC8xODUwEYYP +aHR0cDovL3hlc3QvMTg2MBGGD2h0dHA6Ly94ZXN0LzE4NzARhg9odHRwOi8veGVz +dC8xODgwEYYPaHR0cDovL3hlc3QvMTg5MBGGD2h0dHA6Ly94ZXN0LzE5MDARhg9o +dHRwOi8veGVzdC8xOTEwEYYPaHR0cDovL3hlc3QvMTkyMBGGD2h0dHA6Ly94ZXN0 +LzE5MzARhg9odHRwOi8veGVzdC8xOTQwEYYPaHR0cDovL3hlc3QvMTk1MBGGD2h0 +dHA6Ly94ZXN0LzE5NjARhg9odHRwOi8veGVzdC8xOTcwEYYPaHR0cDovL3hlc3Qv +MTk4MBGGD2h0dHA6Ly94ZXN0LzE5OTARhg9odHRwOi8veGVzdC8yMDAwEYYPaHR0 +cDovL3hlc3QvMjAxMBGGD2h0dHA6Ly94ZXN0LzIwMjARhg9odHRwOi8veGVzdC8y +MDMwEYYPaHR0cDovL3hlc3QvMjA0MBGGD2h0dHA6Ly94ZXN0LzIwNTARhg9odHRw +Oi8veGVzdC8yMDYwEYYPaHR0cDovL3hlc3QvMjA3MBGGD2h0dHA6Ly94ZXN0LzIw +ODARhg9odHRwOi8veGVzdC8yMDkwEYYPaHR0cDovL3hlc3QvMjEwMBGGD2h0dHA6 +Ly94ZXN0LzIxMTARhg9odHRwOi8veGVzdC8yMTIwEYYPaHR0cDovL3hlc3QvMjEz +MBGGD2h0dHA6Ly94ZXN0LzIxNDARhg9odHRwOi8veGVzdC8yMTUwEYYPaHR0cDov +L3hlc3QvMjE2MBGGD2h0dHA6Ly94ZXN0LzIxNzARhg9odHRwOi8veGVzdC8yMTgw +EYYPaHR0cDovL3hlc3QvMjE5MBGGD2h0dHA6Ly94ZXN0LzIyMDARhg9odHRwOi8v +eGVzdC8yMjEwEYYPaHR0cDovL3hlc3QvMjIyMBGGD2h0dHA6Ly94ZXN0LzIyMzAR +hg9odHRwOi8veGVzdC8yMjQwEYYPaHR0cDovL3hlc3QvMjI1MBGGD2h0dHA6Ly94 +ZXN0LzIyNjARhg9odHRwOi8veGVzdC8yMjcwEYYPaHR0cDovL3hlc3QvMjI4MBGG +D2h0dHA6Ly94ZXN0LzIyOTARhg9odHRwOi8veGVzdC8yMzAwEYYPaHR0cDovL3hl +c3QvMjMxMBGGD2h0dHA6Ly94ZXN0LzIzMjARhg9odHRwOi8veGVzdC8yMzMwEYYP +aHR0cDovL3hlc3QvMjM0MBGGD2h0dHA6Ly94ZXN0LzIzNTARhg9odHRwOi8veGVz +dC8yMzYwEYYPaHR0cDovL3hlc3QvMjM3MBGGD2h0dHA6Ly94ZXN0LzIzODARhg9o +dHRwOi8veGVzdC8yMzkwEYYPaHR0cDovL3hlc3QvMjQwMBGGD2h0dHA6Ly94ZXN0 +LzI0MTARhg9odHRwOi8veGVzdC8yNDIwEYYPaHR0cDovL3hlc3QvMjQzMBGGD2h0 +dHA6Ly94ZXN0LzI0NDARhg9odHRwOi8veGVzdC8yNDUwEYYPaHR0cDovL3hlc3Qv +MjQ2MBGGD2h0dHA6Ly94ZXN0LzI0NzARhg9odHRwOi8veGVzdC8yNDgwEYYPaHR0 +cDovL3hlc3QvMjQ5MBGGD2h0dHA6Ly94ZXN0LzI1MDARhg9odHRwOi8veGVzdC8y +NTEwEYYPaHR0cDovL3hlc3QvMjUyMBGGD2h0dHA6Ly94ZXN0LzI1MzARhg9odHRw +Oi8veGVzdC8yNTQwEYYPaHR0cDovL3hlc3QvMjU1MBGGD2h0dHA6Ly94ZXN0LzI1 +NjARhg9odHRwOi8veGVzdC8yNTcwEYYPaHR0cDovL3hlc3QvMjU4MBGGD2h0dHA6 +Ly94ZXN0LzI1OTARhg9odHRwOi8veGVzdC8yNjAwEYYPaHR0cDovL3hlc3QvMjYx +MBGGD2h0dHA6Ly94ZXN0LzI2MjARhg9odHRwOi8veGVzdC8yNjMwEYYPaHR0cDov +L3hlc3QvMjY0MBGGD2h0dHA6Ly94ZXN0LzI2NTARhg9odHRwOi8veGVzdC8yNjYw +EYYPaHR0cDovL3hlc3QvMjY3MBGGD2h0dHA6Ly94ZXN0LzI2ODARhg9odHRwOi8v +eGVzdC8yNjkwEYYPaHR0cDovL3hlc3QvMjcwMBGGD2h0dHA6Ly94ZXN0LzI3MTAR +hg9odHRwOi8veGVzdC8yNzIwEYYPaHR0cDovL3hlc3QvMjczMBGGD2h0dHA6Ly94 +ZXN0LzI3NDARhg9odHRwOi8veGVzdC8yNzUwEYYPaHR0cDovL3hlc3QvMjc2MBGG +D2h0dHA6Ly94ZXN0LzI3NzARhg9odHRwOi8veGVzdC8yNzgwEYYPaHR0cDovL3hl +c3QvMjc5MBGGD2h0dHA6Ly94ZXN0LzI4MDARhg9odHRwOi8veGVzdC8yODEwEYYP +aHR0cDovL3hlc3QvMjgyMBGGD2h0dHA6Ly94ZXN0LzI4MzARhg9odHRwOi8veGVz +dC8yODQwEYYPaHR0cDovL3hlc3QvMjg1MBGGD2h0dHA6Ly94ZXN0LzI4NjARhg9o +dHRwOi8veGVzdC8yODcwEYYPaHR0cDovL3hlc3QvMjg4MBGGD2h0dHA6Ly94ZXN0 +LzI4OTARhg9odHRwOi8veGVzdC8yOTAwEYYPaHR0cDovL3hlc3QvMjkxMBGGD2h0 +dHA6Ly94ZXN0LzI5MjARhg9odHRwOi8veGVzdC8yOTMwEYYPaHR0cDovL3hlc3Qv +Mjk0MBGGD2h0dHA6Ly94ZXN0LzI5NTARhg9odHRwOi8veGVzdC8yOTYwEYYPaHR0 +cDovL3hlc3QvMjk3MBGGD2h0dHA6Ly94ZXN0LzI5ODARhg9odHRwOi8veGVzdC8y +OTkwEYYPaHR0cDovL3hlc3QvMzAwMBGGD2h0dHA6Ly94ZXN0LzMwMTARhg9odHRw +Oi8veGVzdC8zMDIwEYYPaHR0cDovL3hlc3QvMzAzMBGGD2h0dHA6Ly94ZXN0LzMw +NDARhg9odHRwOi8veGVzdC8zMDUwEYYPaHR0cDovL3hlc3QvMzA2MBGGD2h0dHA6 +Ly94ZXN0LzMwNzARhg9odHRwOi8veGVzdC8zMDgwEYYPaHR0cDovL3hlc3QvMzA5 +MBGGD2h0dHA6Ly94ZXN0LzMxMDARhg9odHRwOi8veGVzdC8zMTEwEYYPaHR0cDov +L3hlc3QvMzEyMBGGD2h0dHA6Ly94ZXN0LzMxMzARhg9odHRwOi8veGVzdC8zMTQw +EYYPaHR0cDovL3hlc3QvMzE1MBGGD2h0dHA6Ly94ZXN0LzMxNjARhg9odHRwOi8v +eGVzdC8zMTcwEYYPaHR0cDovL3hlc3QvMzE4MBGGD2h0dHA6Ly94ZXN0LzMxOTAR +hg9odHRwOi8veGVzdC8zMjAwEYYPaHR0cDovL3hlc3QvMzIxMBGGD2h0dHA6Ly94 +ZXN0LzMyMjARhg9odHRwOi8veGVzdC8zMjMwEYYPaHR0cDovL3hlc3QvMzI0MBGG +D2h0dHA6Ly94ZXN0LzMyNTARhg9odHRwOi8veGVzdC8zMjYwEYYPaHR0cDovL3hl +c3QvMzI3MBGGD2h0dHA6Ly94ZXN0LzMyODARhg9odHRwOi8veGVzdC8zMjkwEYYP +aHR0cDovL3hlc3QvMzMwMBGGD2h0dHA6Ly94ZXN0LzMzMTARhg9odHRwOi8veGVz +dC8zMzIwEYYPaHR0cDovL3hlc3QvMzMzMBGGD2h0dHA6Ly94ZXN0LzMzNDARhg9o +dHRwOi8veGVzdC8zMzUwEYYPaHR0cDovL3hlc3QvMzM2MBGGD2h0dHA6Ly94ZXN0 +LzMzNzARhg9odHRwOi8veGVzdC8zMzgwEYYPaHR0cDovL3hlc3QvMzM5MBGGD2h0 +dHA6Ly94ZXN0LzM0MDARhg9odHRwOi8veGVzdC8zNDEwEYYPaHR0cDovL3hlc3Qv +MzQyMBGGD2h0dHA6Ly94ZXN0LzM0MzARhg9odHRwOi8veGVzdC8zNDQwEYYPaHR0 +cDovL3hlc3QvMzQ1MBGGD2h0dHA6Ly94ZXN0LzM0NjARhg9odHRwOi8veGVzdC8z +NDcwEYYPaHR0cDovL3hlc3QvMzQ4MBGGD2h0dHA6Ly94ZXN0LzM0OTARhg9odHRw +Oi8veGVzdC8zNTAwEYYPaHR0cDovL3hlc3QvMzUxMBGGD2h0dHA6Ly94ZXN0LzM1 +MjARhg9odHRwOi8veGVzdC8zNTMwEYYPaHR0cDovL3hlc3QvMzU0MBGGD2h0dHA6 +Ly94ZXN0LzM1NTARhg9odHRwOi8veGVzdC8zNTYwEYYPaHR0cDovL3hlc3QvMzU3 +MBGGD2h0dHA6Ly94ZXN0LzM1ODARhg9odHRwOi8veGVzdC8zNTkwEYYPaHR0cDov +L3hlc3QvMzYwMBGGD2h0dHA6Ly94ZXN0LzM2MTARhg9odHRwOi8veGVzdC8zNjIw +EYYPaHR0cDovL3hlc3QvMzYzMBGGD2h0dHA6Ly94ZXN0LzM2NDARhg9odHRwOi8v +eGVzdC8zNjUwEYYPaHR0cDovL3hlc3QvMzY2MBGGD2h0dHA6Ly94ZXN0LzM2NzAR +hg9odHRwOi8veGVzdC8zNjgwEYYPaHR0cDovL3hlc3QvMzY5MBGGD2h0dHA6Ly94 +ZXN0LzM3MDARhg9odHRwOi8veGVzdC8zNzEwEYYPaHR0cDovL3hlc3QvMzcyMBGG +D2h0dHA6Ly94ZXN0LzM3MzARhg9odHRwOi8veGVzdC8zNzQwEYYPaHR0cDovL3hl +c3QvMzc1MBGGD2h0dHA6Ly94ZXN0LzM3NjARhg9odHRwOi8veGVzdC8zNzcwEYYP +aHR0cDovL3hlc3QvMzc4MBGGD2h0dHA6Ly94ZXN0LzM3OTARhg9odHRwOi8veGVz +dC8zODAwEYYPaHR0cDovL3hlc3QvMzgxMBGGD2h0dHA6Ly94ZXN0LzM4MjARhg9o +dHRwOi8veGVzdC8zODMwEYYPaHR0cDovL3hlc3QvMzg0MBGGD2h0dHA6Ly94ZXN0 +LzM4NTARhg9odHRwOi8veGVzdC8zODYwEYYPaHR0cDovL3hlc3QvMzg3MBGGD2h0 +dHA6Ly94ZXN0LzM4ODARhg9odHRwOi8veGVzdC8zODkwEYYPaHR0cDovL3hlc3Qv +MzkwMBGGD2h0dHA6Ly94ZXN0LzM5MTARhg9odHRwOi8veGVzdC8zOTIwEYYPaHR0 +cDovL3hlc3QvMzkzMBGGD2h0dHA6Ly94ZXN0LzM5NDARhg9odHRwOi8veGVzdC8z +OTUwEYYPaHR0cDovL3hlc3QvMzk2MBGGD2h0dHA6Ly94ZXN0LzM5NzARhg9odHRw +Oi8veGVzdC8zOTgwEYYPaHR0cDovL3hlc3QvMzk5MBGGD2h0dHA6Ly94ZXN0LzQw +MDARhg9odHRwOi8veGVzdC80MDEwEYYPaHR0cDovL3hlc3QvNDAyMBGGD2h0dHA6 +Ly94ZXN0LzQwMzARhg9odHRwOi8veGVzdC80MDQwEYYPaHR0cDovL3hlc3QvNDA1 +MBGGD2h0dHA6Ly94ZXN0LzQwNjARhg9odHRwOi8veGVzdC80MDcwEYYPaHR0cDov +L3hlc3QvNDA4MBGGD2h0dHA6Ly94ZXN0LzQwOTARhg9odHRwOi8veGVzdC80MTAw +EYYPaHR0cDovL3hlc3QvNDExMBGGD2h0dHA6Ly94ZXN0LzQxMjARhg9odHRwOi8v +eGVzdC80MTMwEYYPaHR0cDovL3hlc3QvNDE0MBGGD2h0dHA6Ly94ZXN0LzQxNTAR +hg9odHRwOi8veGVzdC80MTYwEYYPaHR0cDovL3hlc3QvNDE3MBGGD2h0dHA6Ly94 +ZXN0LzQxODARhg9odHRwOi8veGVzdC80MTkwEYYPaHR0cDovL3hlc3QvNDIwMBGG +D2h0dHA6Ly94ZXN0LzQyMTARhg9odHRwOi8veGVzdC80MjIwEYYPaHR0cDovL3hl +c3QvNDIzMBGGD2h0dHA6Ly94ZXN0LzQyNDARhg9odHRwOi8veGVzdC80MjUwEYYP +aHR0cDovL3hlc3QvNDI2MBGGD2h0dHA6Ly94ZXN0LzQyNzARhg9odHRwOi8veGVz +dC80MjgwEYYPaHR0cDovL3hlc3QvNDI5MBGGD2h0dHA6Ly94ZXN0LzQzMDARhg9o +dHRwOi8veGVzdC80MzEwEYYPaHR0cDovL3hlc3QvNDMyMBGGD2h0dHA6Ly94ZXN0 +LzQzMzARhg9odHRwOi8veGVzdC80MzQwEYYPaHR0cDovL3hlc3QvNDM1MBGGD2h0 +dHA6Ly94ZXN0LzQzNjARhg9odHRwOi8veGVzdC80MzcwEYYPaHR0cDovL3hlc3Qv +NDM4MBGGD2h0dHA6Ly94ZXN0LzQzOTARhg9odHRwOi8veGVzdC80NDAwEYYPaHR0 +cDovL3hlc3QvNDQxMBGGD2h0dHA6Ly94ZXN0LzQ0MjARhg9odHRwOi8veGVzdC80 +NDMwEYYPaHR0cDovL3hlc3QvNDQ0MBGGD2h0dHA6Ly94ZXN0LzQ0NTARhg9odHRw +Oi8veGVzdC80NDYwEYYPaHR0cDovL3hlc3QvNDQ3MBGGD2h0dHA6Ly94ZXN0LzQ0 +ODARhg9odHRwOi8veGVzdC80NDkwEYYPaHR0cDovL3hlc3QvNDUwMBGGD2h0dHA6 +Ly94ZXN0LzQ1MTARhg9odHRwOi8veGVzdC80NTIwEYYPaHR0cDovL3hlc3QvNDUz +MBGGD2h0dHA6Ly94ZXN0LzQ1NDARhg9odHRwOi8veGVzdC80NTUwEYYPaHR0cDov +L3hlc3QvNDU2MBGGD2h0dHA6Ly94ZXN0LzQ1NzARhg9odHRwOi8veGVzdC80NTgw +EYYPaHR0cDovL3hlc3QvNDU5MBGGD2h0dHA6Ly94ZXN0LzQ2MDARhg9odHRwOi8v +eGVzdC80NjEwEYYPaHR0cDovL3hlc3QvNDYyMBGGD2h0dHA6Ly94ZXN0LzQ2MzAR +hg9odHRwOi8veGVzdC80NjQwEYYPaHR0cDovL3hlc3QvNDY1MBGGD2h0dHA6Ly94 +ZXN0LzQ2NjARhg9odHRwOi8veGVzdC80NjcwEYYPaHR0cDovL3hlc3QvNDY4MBGG +D2h0dHA6Ly94ZXN0LzQ2OTARhg9odHRwOi8veGVzdC80NzAwEYYPaHR0cDovL3hl +c3QvNDcxMBGGD2h0dHA6Ly94ZXN0LzQ3MjARhg9odHRwOi8veGVzdC80NzMwEYYP +aHR0cDovL3hlc3QvNDc0MBGGD2h0dHA6Ly94ZXN0LzQ3NTARhg9odHRwOi8veGVz +dC80NzYwEYYPaHR0cDovL3hlc3QvNDc3MBGGD2h0dHA6Ly94ZXN0LzQ3ODARhg9o +dHRwOi8veGVzdC80NzkwEYYPaHR0cDovL3hlc3QvNDgwMBGGD2h0dHA6Ly94ZXN0 +LzQ4MTARhg9odHRwOi8veGVzdC80ODIwEYYPaHR0cDovL3hlc3QvNDgzMBGGD2h0 +dHA6Ly94ZXN0LzQ4NDARhg9odHRwOi8veGVzdC80ODUwEYYPaHR0cDovL3hlc3Qv +NDg2MBGGD2h0dHA6Ly94ZXN0LzQ4NzARhg9odHRwOi8veGVzdC80ODgwEYYPaHR0 +cDovL3hlc3QvNDg5MBGGD2h0dHA6Ly94ZXN0LzQ5MDARhg9odHRwOi8veGVzdC80 +OTEwEYYPaHR0cDovL3hlc3QvNDkyMBGGD2h0dHA6Ly94ZXN0LzQ5MzARhg9odHRw +Oi8veGVzdC80OTQwEYYPaHR0cDovL3hlc3QvNDk1MBGGD2h0dHA6Ly94ZXN0LzQ5 +NjARhg9odHRwOi8veGVzdC80OTcwEYYPaHR0cDovL3hlc3QvNDk4MBGGD2h0dHA6 +Ly94ZXN0LzQ5OTARhg9odHRwOi8veGVzdC81MDAwEYYPaHR0cDovL3hlc3QvNTAx +MBGGD2h0dHA6Ly94ZXN0LzUwMjARhg9odHRwOi8veGVzdC81MDMwEYYPaHR0cDov +L3hlc3QvNTA0MBGGD2h0dHA6Ly94ZXN0LzUwNTARhg9odHRwOi8veGVzdC81MDYw +EYYPaHR0cDovL3hlc3QvNTA3MBGGD2h0dHA6Ly94ZXN0LzUwODARhg9odHRwOi8v +eGVzdC81MDkwEYYPaHR0cDovL3hlc3QvNTEwMBGGD2h0dHA6Ly94ZXN0LzUxMTAR +hg9odHRwOi8veGVzdC81MTIwEYYPaHR0cDovL3hlc3QvNTEzMBGGD2h0dHA6Ly94 +ZXN0LzUxNDARhg9odHRwOi8veGVzdC81MTUwEYYPaHR0cDovL3hlc3QvNTE2MBGG +D2h0dHA6Ly94ZXN0LzUxNzARhg9odHRwOi8veGVzdC81MTgwEYYPaHR0cDovL3hl +c3QvNTE5MBGGD2h0dHA6Ly94ZXN0LzUyMDARhg9odHRwOi8veGVzdC81MjEwEYYP +aHR0cDovL3hlc3QvNTIyMBGGD2h0dHA6Ly94ZXN0LzUyMzARhg9odHRwOi8veGVz +dC81MjQwEYYPaHR0cDovL3hlc3QvNTI1MBGGD2h0dHA6Ly94ZXN0LzUyNjARhg9o +dHRwOi8veGVzdC81MjcwEYYPaHR0cDovL3hlc3QvNTI4MBGGD2h0dHA6Ly94ZXN0 +LzUyOTARhg9odHRwOi8veGVzdC81MzAwEYYPaHR0cDovL3hlc3QvNTMxMBGGD2h0 +dHA6Ly94ZXN0LzUzMjARhg9odHRwOi8veGVzdC81MzMwEYYPaHR0cDovL3hlc3Qv +NTM0MBGGD2h0dHA6Ly94ZXN0LzUzNTARhg9odHRwOi8veGVzdC81MzYwEYYPaHR0 +cDovL3hlc3QvNTM3MBGGD2h0dHA6Ly94ZXN0LzUzODARhg9odHRwOi8veGVzdC81 +MzkwEYYPaHR0cDovL3hlc3QvNTQwMBGGD2h0dHA6Ly94ZXN0LzU0MTARhg9odHRw +Oi8veGVzdC81NDIwEYYPaHR0cDovL3hlc3QvNTQzMBGGD2h0dHA6Ly94ZXN0LzU0 +NDARhg9odHRwOi8veGVzdC81NDUwEYYPaHR0cDovL3hlc3QvNTQ2MBGGD2h0dHA6 +Ly94ZXN0LzU0NzARhg9odHRwOi8veGVzdC81NDgwEYYPaHR0cDovL3hlc3QvNTQ5 +MBGGD2h0dHA6Ly94ZXN0LzU1MDARhg9odHRwOi8veGVzdC81NTEwEYYPaHR0cDov +L3hlc3QvNTUyMBGGD2h0dHA6Ly94ZXN0LzU1MzARhg9odHRwOi8veGVzdC81NTQw +EYYPaHR0cDovL3hlc3QvNTU1MBGGD2h0dHA6Ly94ZXN0LzU1NjARhg9odHRwOi8v +eGVzdC81NTcwEYYPaHR0cDovL3hlc3QvNTU4MBGGD2h0dHA6Ly94ZXN0LzU1OTAR +hg9odHRwOi8veGVzdC81NjAwEYYPaHR0cDovL3hlc3QvNTYxMBGGD2h0dHA6Ly94 +ZXN0LzU2MjARhg9odHRwOi8veGVzdC81NjMwEYYPaHR0cDovL3hlc3QvNTY0MBGG +D2h0dHA6Ly94ZXN0LzU2NTARhg9odHRwOi8veGVzdC81NjYwEYYPaHR0cDovL3hl +c3QvNTY3MBGGD2h0dHA6Ly94ZXN0LzU2ODARhg9odHRwOi8veGVzdC81NjkwEYYP +aHR0cDovL3hlc3QvNTcwMBGGD2h0dHA6Ly94ZXN0LzU3MTARhg9odHRwOi8veGVz +dC81NzIwEYYPaHR0cDovL3hlc3QvNTczMBGGD2h0dHA6Ly94ZXN0LzU3NDARhg9o +dHRwOi8veGVzdC81NzUwEYYPaHR0cDovL3hlc3QvNTc2MBGGD2h0dHA6Ly94ZXN0 +LzU3NzARhg9odHRwOi8veGVzdC81NzgwEYYPaHR0cDovL3hlc3QvNTc5MBGGD2h0 +dHA6Ly94ZXN0LzU4MDARhg9odHRwOi8veGVzdC81ODEwEYYPaHR0cDovL3hlc3Qv +NTgyMBGGD2h0dHA6Ly94ZXN0LzU4MzARhg9odHRwOi8veGVzdC81ODQwEYYPaHR0 +cDovL3hlc3QvNTg1MBGGD2h0dHA6Ly94ZXN0LzU4NjARhg9odHRwOi8veGVzdC81 +ODcwEYYPaHR0cDovL3hlc3QvNTg4MBGGD2h0dHA6Ly94ZXN0LzU4OTARhg9odHRw +Oi8veGVzdC81OTAwEYYPaHR0cDovL3hlc3QvNTkxMBGGD2h0dHA6Ly94ZXN0LzU5 +MjARhg9odHRwOi8veGVzdC81OTMwEYYPaHR0cDovL3hlc3QvNTk0MBGGD2h0dHA6 +Ly94ZXN0LzU5NTARhg9odHRwOi8veGVzdC81OTYwEYYPaHR0cDovL3hlc3QvNTk3 +MBGGD2h0dHA6Ly94ZXN0LzU5ODARhg9odHRwOi8veGVzdC81OTkwEYYPaHR0cDov +L3hlc3QvNjAwMBGGD2h0dHA6Ly94ZXN0LzYwMTARhg9odHRwOi8veGVzdC82MDIw +EYYPaHR0cDovL3hlc3QvNjAzMBGGD2h0dHA6Ly94ZXN0LzYwNDARhg9odHRwOi8v +eGVzdC82MDUwEYYPaHR0cDovL3hlc3QvNjA2MBGGD2h0dHA6Ly94ZXN0LzYwNzAR +hg9odHRwOi8veGVzdC82MDgwEYYPaHR0cDovL3hlc3QvNjA5MBGGD2h0dHA6Ly94 +ZXN0LzYxMDARhg9odHRwOi8veGVzdC82MTEwEYYPaHR0cDovL3hlc3QvNjEyMBGG +D2h0dHA6Ly94ZXN0LzYxMzARhg9odHRwOi8veGVzdC82MTQwEYYPaHR0cDovL3hl +c3QvNjE1MBGGD2h0dHA6Ly94ZXN0LzYxNjARhg9odHRwOi8veGVzdC82MTcwEYYP +aHR0cDovL3hlc3QvNjE4MBGGD2h0dHA6Ly94ZXN0LzYxOTARhg9odHRwOi8veGVz +dC82MjAwEYYPaHR0cDovL3hlc3QvNjIxMBGGD2h0dHA6Ly94ZXN0LzYyMjARhg9o +dHRwOi8veGVzdC82MjMwEYYPaHR0cDovL3hlc3QvNjI0MBGGD2h0dHA6Ly94ZXN0 +LzYyNTARhg9odHRwOi8veGVzdC82MjYwEYYPaHR0cDovL3hlc3QvNjI3MBGGD2h0 +dHA6Ly94ZXN0LzYyODARhg9odHRwOi8veGVzdC82MjkwEYYPaHR0cDovL3hlc3Qv +NjMwMBGGD2h0dHA6Ly94ZXN0LzYzMTARhg9odHRwOi8veGVzdC82MzIwEYYPaHR0 +cDovL3hlc3QvNjMzMBGGD2h0dHA6Ly94ZXN0LzYzNDARhg9odHRwOi8veGVzdC82 +MzUwEYYPaHR0cDovL3hlc3QvNjM2MBGGD2h0dHA6Ly94ZXN0LzYzNzARhg9odHRw +Oi8veGVzdC82MzgwEYYPaHR0cDovL3hlc3QvNjM5MBGGD2h0dHA6Ly94ZXN0LzY0 +MDARhg9odHRwOi8veGVzdC82NDEwEYYPaHR0cDovL3hlc3QvNjQyMBGGD2h0dHA6 +Ly94ZXN0LzY0MzARhg9odHRwOi8veGVzdC82NDQwEYYPaHR0cDovL3hlc3QvNjQ1 +MBGGD2h0dHA6Ly94ZXN0LzY0NjARhg9odHRwOi8veGVzdC82NDcwEYYPaHR0cDov +L3hlc3QvNjQ4MBGGD2h0dHA6Ly94ZXN0LzY0OTARhg9odHRwOi8veGVzdC82NTAw +EYYPaHR0cDovL3hlc3QvNjUxMBGGD2h0dHA6Ly94ZXN0LzY1MjARhg9odHRwOi8v +eGVzdC82NTMwEYYPaHR0cDovL3hlc3QvNjU0MBGGD2h0dHA6Ly94ZXN0LzY1NTAR +hg9odHRwOi8veGVzdC82NTYwEYYPaHR0cDovL3hlc3QvNjU3MBGGD2h0dHA6Ly94 +ZXN0LzY1ODARhg9odHRwOi8veGVzdC82NTkwEYYPaHR0cDovL3hlc3QvNjYwMBGG +D2h0dHA6Ly94ZXN0LzY2MTARhg9odHRwOi8veGVzdC82NjIwEYYPaHR0cDovL3hl +c3QvNjYzMBGGD2h0dHA6Ly94ZXN0LzY2NDARhg9odHRwOi8veGVzdC82NjUwEYYP +aHR0cDovL3hlc3QvNjY2MBGGD2h0dHA6Ly94ZXN0LzY2NzARhg9odHRwOi8veGVz +dC82NjgwEYYPaHR0cDovL3hlc3QvNjY5MBGGD2h0dHA6Ly94ZXN0LzY3MDARhg9o +dHRwOi8veGVzdC82NzEwEYYPaHR0cDovL3hlc3QvNjcyMBGGD2h0dHA6Ly94ZXN0 +LzY3MzARhg9odHRwOi8veGVzdC82NzQwEYYPaHR0cDovL3hlc3QvNjc1MBGGD2h0 +dHA6Ly94ZXN0LzY3NjARhg9odHRwOi8veGVzdC82NzcwEYYPaHR0cDovL3hlc3Qv +Njc4MBGGD2h0dHA6Ly94ZXN0LzY3OTARhg9odHRwOi8veGVzdC82ODAwEYYPaHR0 +cDovL3hlc3QvNjgxMBGGD2h0dHA6Ly94ZXN0LzY4MjARhg9odHRwOi8veGVzdC82 +ODMwEYYPaHR0cDovL3hlc3QvNjg0MBGGD2h0dHA6Ly94ZXN0LzY4NTARhg9odHRw +Oi8veGVzdC82ODYwEYYPaHR0cDovL3hlc3QvNjg3MBGGD2h0dHA6Ly94ZXN0LzY4 +ODARhg9odHRwOi8veGVzdC82ODkwEYYPaHR0cDovL3hlc3QvNjkwMBGGD2h0dHA6 +Ly94ZXN0LzY5MTARhg9odHRwOi8veGVzdC82OTIwEYYPaHR0cDovL3hlc3QvNjkz +MBGGD2h0dHA6Ly94ZXN0LzY5NDARhg9odHRwOi8veGVzdC82OTUwEYYPaHR0cDov +L3hlc3QvNjk2MBGGD2h0dHA6Ly94ZXN0LzY5NzARhg9odHRwOi8veGVzdC82OTgw +EYYPaHR0cDovL3hlc3QvNjk5MBGGD2h0dHA6Ly94ZXN0LzcwMDARhg9odHRwOi8v +eGVzdC83MDEwEYYPaHR0cDovL3hlc3QvNzAyMBGGD2h0dHA6Ly94ZXN0LzcwMzAR +hg9odHRwOi8veGVzdC83MDQwEYYPaHR0cDovL3hlc3QvNzA1MBGGD2h0dHA6Ly94 +ZXN0LzcwNjARhg9odHRwOi8veGVzdC83MDcwEYYPaHR0cDovL3hlc3QvNzA4MBGG +D2h0dHA6Ly94ZXN0LzcwOTARhg9odHRwOi8veGVzdC83MTAwEYYPaHR0cDovL3hl +c3QvNzExMBGGD2h0dHA6Ly94ZXN0LzcxMjARhg9odHRwOi8veGVzdC83MTMwEYYP +aHR0cDovL3hlc3QvNzE0MBGGD2h0dHA6Ly94ZXN0LzcxNTARhg9odHRwOi8veGVz +dC83MTYwEYYPaHR0cDovL3hlc3QvNzE3MBGGD2h0dHA6Ly94ZXN0LzcxODARhg9o +dHRwOi8veGVzdC83MTkwEYYPaHR0cDovL3hlc3QvNzIwMBGGD2h0dHA6Ly94ZXN0 +LzcyMTARhg9odHRwOi8veGVzdC83MjIwEYYPaHR0cDovL3hlc3QvNzIzMBGGD2h0 +dHA6Ly94ZXN0LzcyNDARhg9odHRwOi8veGVzdC83MjUwEYYPaHR0cDovL3hlc3Qv +NzI2MBGGD2h0dHA6Ly94ZXN0LzcyNzARhg9odHRwOi8veGVzdC83MjgwEYYPaHR0 +cDovL3hlc3QvNzI5MBGGD2h0dHA6Ly94ZXN0LzczMDARhg9odHRwOi8veGVzdC83 +MzEwEYYPaHR0cDovL3hlc3QvNzMyMBGGD2h0dHA6Ly94ZXN0LzczMzARhg9odHRw +Oi8veGVzdC83MzQwEYYPaHR0cDovL3hlc3QvNzM1MBGGD2h0dHA6Ly94ZXN0Lzcz +NjARhg9odHRwOi8veGVzdC83MzcwEYYPaHR0cDovL3hlc3QvNzM4MBGGD2h0dHA6 +Ly94ZXN0LzczOTARhg9odHRwOi8veGVzdC83NDAwEYYPaHR0cDovL3hlc3QvNzQx +MBGGD2h0dHA6Ly94ZXN0Lzc0MjARhg9odHRwOi8veGVzdC83NDMwEYYPaHR0cDov +L3hlc3QvNzQ0MBGGD2h0dHA6Ly94ZXN0Lzc0NTARhg9odHRwOi8veGVzdC83NDYw +EYYPaHR0cDovL3hlc3QvNzQ3MBGGD2h0dHA6Ly94ZXN0Lzc0ODARhg9odHRwOi8v +eGVzdC83NDkwEYYPaHR0cDovL3hlc3QvNzUwMBGGD2h0dHA6Ly94ZXN0Lzc1MTAR +hg9odHRwOi8veGVzdC83NTIwEYYPaHR0cDovL3hlc3QvNzUzMBGGD2h0dHA6Ly94 +ZXN0Lzc1NDARhg9odHRwOi8veGVzdC83NTUwEYYPaHR0cDovL3hlc3QvNzU2MBGG +D2h0dHA6Ly94ZXN0Lzc1NzARhg9odHRwOi8veGVzdC83NTgwEYYPaHR0cDovL3hl +c3QvNzU5MBGGD2h0dHA6Ly94ZXN0Lzc2MDARhg9odHRwOi8veGVzdC83NjEwEYYP +aHR0cDovL3hlc3QvNzYyMBGGD2h0dHA6Ly94ZXN0Lzc2MzARhg9odHRwOi8veGVz +dC83NjQwEYYPaHR0cDovL3hlc3QvNzY1MBGGD2h0dHA6Ly94ZXN0Lzc2NjARhg9o +dHRwOi8veGVzdC83NjcwEYYPaHR0cDovL3hlc3QvNzY4MBGGD2h0dHA6Ly94ZXN0 +Lzc2OTARhg9odHRwOi8veGVzdC83NzAwEYYPaHR0cDovL3hlc3QvNzcxMBGGD2h0 +dHA6Ly94ZXN0Lzc3MjARhg9odHRwOi8veGVzdC83NzMwEYYPaHR0cDovL3hlc3Qv +Nzc0MBGGD2h0dHA6Ly94ZXN0Lzc3NTARhg9odHRwOi8veGVzdC83NzYwEYYPaHR0 +cDovL3hlc3QvNzc3MBGGD2h0dHA6Ly94ZXN0Lzc3ODARhg9odHRwOi8veGVzdC83 +NzkwEYYPaHR0cDovL3hlc3QvNzgwMBGGD2h0dHA6Ly94ZXN0Lzc4MTARhg9odHRw +Oi8veGVzdC83ODIwEYYPaHR0cDovL3hlc3QvNzgzMBGGD2h0dHA6Ly94ZXN0Lzc4 +NDARhg9odHRwOi8veGVzdC83ODUwEYYPaHR0cDovL3hlc3QvNzg2MBGGD2h0dHA6 +Ly94ZXN0Lzc4NzARhg9odHRwOi8veGVzdC83ODgwEYYPaHR0cDovL3hlc3QvNzg5 +MBGGD2h0dHA6Ly94ZXN0Lzc5MDARhg9odHRwOi8veGVzdC83OTEwEYYPaHR0cDov +L3hlc3QvNzkyMBGGD2h0dHA6Ly94ZXN0Lzc5MzARhg9odHRwOi8veGVzdC83OTQw +EYYPaHR0cDovL3hlc3QvNzk1MBGGD2h0dHA6Ly94ZXN0Lzc5NjARhg9odHRwOi8v +eGVzdC83OTcwEYYPaHR0cDovL3hlc3QvNzk4MBGGD2h0dHA6Ly94ZXN0Lzc5OTAR +hg9odHRwOi8veGVzdC84MDAwEYYPaHR0cDovL3hlc3QvODAxMBGGD2h0dHA6Ly94 +ZXN0LzgwMjARhg9odHRwOi8veGVzdC84MDMwEYYPaHR0cDovL3hlc3QvODA0MBGG +D2h0dHA6Ly94ZXN0LzgwNTARhg9odHRwOi8veGVzdC84MDYwEYYPaHR0cDovL3hl +c3QvODA3MBGGD2h0dHA6Ly94ZXN0LzgwODARhg9odHRwOi8veGVzdC84MDkwEYYP +aHR0cDovL3hlc3QvODEwMBGGD2h0dHA6Ly94ZXN0LzgxMTARhg9odHRwOi8veGVz +dC84MTIwEYYPaHR0cDovL3hlc3QvODEzMBGGD2h0dHA6Ly94ZXN0LzgxNDARhg9o +dHRwOi8veGVzdC84MTUwEYYPaHR0cDovL3hlc3QvODE2MBGGD2h0dHA6Ly94ZXN0 +LzgxNzARhg9odHRwOi8veGVzdC84MTgwEYYPaHR0cDovL3hlc3QvODE5MBGGD2h0 +dHA6Ly94ZXN0LzgyMDARhg9odHRwOi8veGVzdC84MjEwEYYPaHR0cDovL3hlc3Qv +ODIyMBGGD2h0dHA6Ly94ZXN0LzgyMzARhg9odHRwOi8veGVzdC84MjQwEYYPaHR0 +cDovL3hlc3QvODI1MBGGD2h0dHA6Ly94ZXN0LzgyNjARhg9odHRwOi8veGVzdC84 +MjcwEYYPaHR0cDovL3hlc3QvODI4MBGGD2h0dHA6Ly94ZXN0LzgyOTARhg9odHRw +Oi8veGVzdC84MzAwEYYPaHR0cDovL3hlc3QvODMxMBGGD2h0dHA6Ly94ZXN0Lzgz +MjARhg9odHRwOi8veGVzdC84MzMwEYYPaHR0cDovL3hlc3QvODM0MBGGD2h0dHA6 +Ly94ZXN0LzgzNTARhg9odHRwOi8veGVzdC84MzYwEYYPaHR0cDovL3hlc3QvODM3 +MBGGD2h0dHA6Ly94ZXN0LzgzODARhg9odHRwOi8veGVzdC84MzkwEYYPaHR0cDov +L3hlc3QvODQwMBGGD2h0dHA6Ly94ZXN0Lzg0MTARhg9odHRwOi8veGVzdC84NDIw +EYYPaHR0cDovL3hlc3QvODQzMBGGD2h0dHA6Ly94ZXN0Lzg0NDARhg9odHRwOi8v +eGVzdC84NDUwEYYPaHR0cDovL3hlc3QvODQ2MBGGD2h0dHA6Ly94ZXN0Lzg0NzAR +hg9odHRwOi8veGVzdC84NDgwEYYPaHR0cDovL3hlc3QvODQ5MBGGD2h0dHA6Ly94 +ZXN0Lzg1MDARhg9odHRwOi8veGVzdC84NTEwEYYPaHR0cDovL3hlc3QvODUyMBGG +D2h0dHA6Ly94ZXN0Lzg1MzARhg9odHRwOi8veGVzdC84NTQwEYYPaHR0cDovL3hl +c3QvODU1MBGGD2h0dHA6Ly94ZXN0Lzg1NjARhg9odHRwOi8veGVzdC84NTcwEYYP +aHR0cDovL3hlc3QvODU4MBGGD2h0dHA6Ly94ZXN0Lzg1OTARhg9odHRwOi8veGVz +dC84NjAwEYYPaHR0cDovL3hlc3QvODYxMBGGD2h0dHA6Ly94ZXN0Lzg2MjARhg9o +dHRwOi8veGVzdC84NjMwEYYPaHR0cDovL3hlc3QvODY0MBGGD2h0dHA6Ly94ZXN0 +Lzg2NTARhg9odHRwOi8veGVzdC84NjYwEYYPaHR0cDovL3hlc3QvODY3MBGGD2h0 +dHA6Ly94ZXN0Lzg2ODARhg9odHRwOi8veGVzdC84NjkwEYYPaHR0cDovL3hlc3Qv +ODcwMBGGD2h0dHA6Ly94ZXN0Lzg3MTARhg9odHRwOi8veGVzdC84NzIwEYYPaHR0 +cDovL3hlc3QvODczMBGGD2h0dHA6Ly94ZXN0Lzg3NDARhg9odHRwOi8veGVzdC84 +NzUwEYYPaHR0cDovL3hlc3QvODc2MBGGD2h0dHA6Ly94ZXN0Lzg3NzARhg9odHRw +Oi8veGVzdC84NzgwEYYPaHR0cDovL3hlc3QvODc5MBGGD2h0dHA6Ly94ZXN0Lzg4 +MDARhg9odHRwOi8veGVzdC84ODEwEYYPaHR0cDovL3hlc3QvODgyMBGGD2h0dHA6 +Ly94ZXN0Lzg4MzARhg9odHRwOi8veGVzdC84ODQwEYYPaHR0cDovL3hlc3QvODg1 +MBGGD2h0dHA6Ly94ZXN0Lzg4NjARhg9odHRwOi8veGVzdC84ODcwEYYPaHR0cDov +L3hlc3QvODg4MBGGD2h0dHA6Ly94ZXN0Lzg4OTARhg9odHRwOi8veGVzdC84OTAw +EYYPaHR0cDovL3hlc3QvODkxMBGGD2h0dHA6Ly94ZXN0Lzg5MjARhg9odHRwOi8v +eGVzdC84OTMwEYYPaHR0cDovL3hlc3QvODk0MBGGD2h0dHA6Ly94ZXN0Lzg5NTAR +hg9odHRwOi8veGVzdC84OTYwEYYPaHR0cDovL3hlc3QvODk3MBGGD2h0dHA6Ly94 +ZXN0Lzg5ODARhg9odHRwOi8veGVzdC84OTkwEYYPaHR0cDovL3hlc3QvOTAwMBGG +D2h0dHA6Ly94ZXN0LzkwMTARhg9odHRwOi8veGVzdC85MDIwEYYPaHR0cDovL3hl +c3QvOTAzMBGGD2h0dHA6Ly94ZXN0LzkwNDARhg9odHRwOi8veGVzdC85MDUwEYYP +aHR0cDovL3hlc3QvOTA2MBGGD2h0dHA6Ly94ZXN0LzkwNzARhg9odHRwOi8veGVz +dC85MDgwEYYPaHR0cDovL3hlc3QvOTA5MBGGD2h0dHA6Ly94ZXN0LzkxMDARhg9o +dHRwOi8veGVzdC85MTEwEYYPaHR0cDovL3hlc3QvOTEyMBGGD2h0dHA6Ly94ZXN0 +LzkxMzARhg9odHRwOi8veGVzdC85MTQwEYYPaHR0cDovL3hlc3QvOTE1MBGGD2h0 +dHA6Ly94ZXN0LzkxNjARhg9odHRwOi8veGVzdC85MTcwEYYPaHR0cDovL3hlc3Qv +OTE4MBGGD2h0dHA6Ly94ZXN0LzkxOTARhg9odHRwOi8veGVzdC85MjAwEYYPaHR0 +cDovL3hlc3QvOTIxMBGGD2h0dHA6Ly94ZXN0LzkyMjARhg9odHRwOi8veGVzdC85 +MjMwEYYPaHR0cDovL3hlc3QvOTI0MBGGD2h0dHA6Ly94ZXN0LzkyNTARhg9odHRw +Oi8veGVzdC85MjYwEYYPaHR0cDovL3hlc3QvOTI3MBGGD2h0dHA6Ly94ZXN0Lzky +ODARhg9odHRwOi8veGVzdC85MjkwEYYPaHR0cDovL3hlc3QvOTMwMBGGD2h0dHA6 +Ly94ZXN0LzkzMTARhg9odHRwOi8veGVzdC85MzIwEYYPaHR0cDovL3hlc3QvOTMz +MBGGD2h0dHA6Ly94ZXN0LzkzNDARhg9odHRwOi8veGVzdC85MzUwEYYPaHR0cDov +L3hlc3QvOTM2MBGGD2h0dHA6Ly94ZXN0LzkzNzARhg9odHRwOi8veGVzdC85Mzgw +EYYPaHR0cDovL3hlc3QvOTM5MBGGD2h0dHA6Ly94ZXN0Lzk0MDARhg9odHRwOi8v +eGVzdC85NDEwEYYPaHR0cDovL3hlc3QvOTQyMBGGD2h0dHA6Ly94ZXN0Lzk0MzAR +hg9odHRwOi8veGVzdC85NDQwEYYPaHR0cDovL3hlc3QvOTQ1MBGGD2h0dHA6Ly94 +ZXN0Lzk0NjARhg9odHRwOi8veGVzdC85NDcwEYYPaHR0cDovL3hlc3QvOTQ4MBGG +D2h0dHA6Ly94ZXN0Lzk0OTARhg9odHRwOi8veGVzdC85NTAwEYYPaHR0cDovL3hl +c3QvOTUxMBGGD2h0dHA6Ly94ZXN0Lzk1MjARhg9odHRwOi8veGVzdC85NTMwEYYP +aHR0cDovL3hlc3QvOTU0MBGGD2h0dHA6Ly94ZXN0Lzk1NTARhg9odHRwOi8veGVz +dC85NTYwEYYPaHR0cDovL3hlc3QvOTU3MBGGD2h0dHA6Ly94ZXN0Lzk1ODARhg9o +dHRwOi8veGVzdC85NTkwEYYPaHR0cDovL3hlc3QvOTYwMBGGD2h0dHA6Ly94ZXN0 +Lzk2MTARhg9odHRwOi8veGVzdC85NjIwEYYPaHR0cDovL3hlc3QvOTYzMBGGD2h0 +dHA6Ly94ZXN0Lzk2NDARhg9odHRwOi8veGVzdC85NjUwEYYPaHR0cDovL3hlc3Qv +OTY2MBGGD2h0dHA6Ly94ZXN0Lzk2NzARhg9odHRwOi8veGVzdC85NjgwEYYPaHR0 +cDovL3hlc3QvOTY5MBGGD2h0dHA6Ly94ZXN0Lzk3MDARhg9odHRwOi8veGVzdC85 +NzEwEYYPaHR0cDovL3hlc3QvOTcyMBGGD2h0dHA6Ly94ZXN0Lzk3MzARhg9odHRw +Oi8veGVzdC85NzQwEYYPaHR0cDovL3hlc3QvOTc1MBGGD2h0dHA6Ly94ZXN0Lzk3 +NjARhg9odHRwOi8veGVzdC85NzcwEYYPaHR0cDovL3hlc3QvOTc4MBGGD2h0dHA6 +Ly94ZXN0Lzk3OTARhg9odHRwOi8veGVzdC85ODAwEYYPaHR0cDovL3hlc3QvOTgx +MBGGD2h0dHA6Ly94ZXN0Lzk4MjARhg9odHRwOi8veGVzdC85ODMwEYYPaHR0cDov +L3hlc3QvOTg0MBGGD2h0dHA6Ly94ZXN0Lzk4NTARhg9odHRwOi8veGVzdC85ODYw +EYYPaHR0cDovL3hlc3QvOTg3MBGGD2h0dHA6Ly94ZXN0Lzk4ODARhg9odHRwOi8v +eGVzdC85ODkwEYYPaHR0cDovL3hlc3QvOTkwMBGGD2h0dHA6Ly94ZXN0Lzk5MTAR +hg9odHRwOi8veGVzdC85OTIwEYYPaHR0cDovL3hlc3QvOTkzMBGGD2h0dHA6Ly94 +ZXN0Lzk5NDARhg9odHRwOi8veGVzdC85OTUwEYYPaHR0cDovL3hlc3QvOTk2MBGG +D2h0dHA6Ly94ZXN0Lzk5NzARhg9odHRwOi8veGVzdC85OTgwEYYPaHR0cDovL3hl +c3QvOTk5MBKGEGh0dHA6Ly94ZXN0LzEwMDAwEoYQaHR0cDovL3hlc3QvMTAwMTAS +hhBodHRwOi8veGVzdC8xMDAyMBKGEGh0dHA6Ly94ZXN0LzEwMDMwEoYQaHR0cDov +L3hlc3QvMTAwNDAShhBodHRwOi8veGVzdC8xMDA1MBKGEGh0dHA6Ly94ZXN0LzEw +MDYwEoYQaHR0cDovL3hlc3QvMTAwNzAShhBodHRwOi8veGVzdC8xMDA4MBKGEGh0 +dHA6Ly94ZXN0LzEwMDkwEoYQaHR0cDovL3hlc3QvMTAxMDAShhBodHRwOi8veGVz +dC8xMDExMBKGEGh0dHA6Ly94ZXN0LzEwMTIwEoYQaHR0cDovL3hlc3QvMTAxMzAS +hhBodHRwOi8veGVzdC8xMDE0MBKGEGh0dHA6Ly94ZXN0LzEwMTUwEoYQaHR0cDov +L3hlc3QvMTAxNjAShhBodHRwOi8veGVzdC8xMDE3MBKGEGh0dHA6Ly94ZXN0LzEw +MTgwEoYQaHR0cDovL3hlc3QvMTAxOTAShhBodHRwOi8veGVzdC8xMDIwMBKGEGh0 +dHA6Ly94ZXN0LzEwMjEwEoYQaHR0cDovL3hlc3QvMTAyMjAShhBodHRwOi8veGVz +dC8xMDIzMBKGEGh0dHA6Ly94ZXN0LzEwMjQwDQYJKoZIhvcNAQELBQADggEBADeo +vuQDYmMVsP6+SX8iXnr4tDMM/jtBDJncvbCjDDpUQidiGBWv5tWRYxcdGz/K9i4v +bnFeZoYnaZExXTWF1EZ3aUVQBZy8ObgP0JamZQLTgFOsWJzz7CcnsjNEURd5kOqx +VzL34FikmWR4VWEW01FizyYCjX3fLdjD0gBeA0l4ILd4np62VulITcVa6ijoFnBK +ObsdiEBa/WeCc/PG8untcIPecj99CC8aQ03JsunO5kOpdCXNupXNUZfLVtTm5tlp +Cl9IFyo7Qayl7B8wybLxaI+hDx59nuO+u43LbkFqFnpI9awUaffeY/yUgOdi2uaZ +Eq3x0l12a8MRblVdfuw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.test b/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.test new file mode 100644 index 0000000000..b7ff9c8a53 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/ok-all-types.test @@ -0,0 +1,5 @@ +chain: ok-all-types.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D4.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D4.pem new file mode 100644 index 0000000000..c59ddf7a5e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D4.pem @@ -0,0 +1,705 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, URI:http://test/0, URI:http://test/1, URI:http://test/2, URI:http://test/3, URI:http://test/4, URI:http://test/5, URI:http://test/6, URI:http://test/7, URI:http://test/8, URI:http://test/9, URI:http://test/10, URI:http://test/11, URI:http://test/12, URI:http://test/13, URI:http://test/14, URI:http://test/15, URI:http://test/16, URI:http://test/17, URI:http://test/18, URI:http://test/19, URI:http://test/20, URI:http://test/21, URI:http://test/22, URI:http://test/23, URI:http://test/24, URI:http://test/25, URI:http://test/26, URI:http://test/27, URI:http://test/28, URI:http://test/29, URI:http://test/30, URI:http://test/31, URI:http://test/32, URI:http://test/33, URI:http://test/34, URI:http://test/35, URI:http://test/36, URI:http://test/37, URI:http://test/38, URI:http://test/39, URI:http://test/40, URI:http://test/41, URI:http://test/42, URI:http://test/43, URI:http://test/44, URI:http://test/45, URI:http://test/46, URI:http://test/47, URI:http://test/48, URI:http://test/49, URI:http://test/50, URI:http://test/51, URI:http://test/52, URI:http://test/53, URI:http://test/54, URI:http://test/55, URI:http://test/56, URI:http://test/57, URI:http://test/58, URI:http://test/59, URI:http://test/60, URI:http://test/61, URI:http://test/62, URI:http://test/63, URI:http://test/64, URI:http://test/65, URI:http://test/66, URI:http://test/67, URI:http://test/68, URI:http://test/69, URI:http://test/70, URI:http://test/71, URI:http://test/72, URI:http://test/73, URI:http://test/74, URI:http://test/75, URI:http://test/76, URI:http://test/77, URI:http://test/78, URI:http://test/79, URI:http://test/80, URI:http://test/81, URI:http://test/82, URI:http://test/83, URI:http://test/84, URI:http://test/85, URI:http://test/86, URI:http://test/87, URI:http://test/88, URI:http://test/89, URI:http://test/90, URI:http://test/91, URI:http://test/92, URI:http://test/93, URI:http://test/94, URI:http://test/95, URI:http://test/96, URI:http://test/97, URI:http://test/98, URI:http://test/99, URI:http://test/100, URI:http://test/101, URI:http://test/102, URI:http://test/103, URI:http://test/104, URI:http://test/105, URI:http://test/106, URI:http://test/107, URI:http://test/108, URI:http://test/109, URI:http://test/110, URI:http://test/111, URI:http://test/112, URI:http://test/113, URI:http://test/114, URI:http://test/115, URI:http://test/116, URI:http://test/117, URI:http://test/118, URI:http://test/119, URI:http://test/120, URI:http://test/121, URI:http://test/122, URI:http://test/123, URI:http://test/124, URI:http://test/125, URI:http://test/126, URI:http://test/127, URI:http://test/128, URI:http://test/129, URI:http://test/130, URI:http://test/131, URI:http://test/132, URI:http://test/133, URI:http://test/134, URI:http://test/135, URI:http://test/136, URI:http://test/137, URI:http://test/138, URI:http://test/139, URI:http://test/140, URI:http://test/141, URI:http://test/142, URI:http://test/143, URI:http://test/144, URI:http://test/145, URI:http://test/146, URI:http://test/147, URI:http://test/148, URI:http://test/149, URI:http://test/150, URI:http://test/151, URI:http://test/152, URI:http://test/153, URI:http://test/154, URI:http://test/155, URI:http://test/156, URI:http://test/157, URI:http://test/158, URI:http://test/159, URI:http://test/160, URI:http://test/161, URI:http://test/162, URI:http://test/163, URI:http://test/164, URI:http://test/165, URI:http://test/166, URI:http://test/167, URI:http://test/168, URI:http://test/169, URI:http://test/170, URI:http://test/171, URI:http://test/172, URI:http://test/173, URI:http://test/174, URI:http://test/175, URI:http://test/176, URI:http://test/177, URI:http://test/178, URI:http://test/179, URI:http://test/180, URI:http://test/181, URI:http://test/182, URI:http://test/183, URI:http://test/184, URI:http://test/185, URI:http://test/186, URI:http://test/187, URI:http://test/188, URI:http://test/189, URI:http://test/190, URI:http://test/191, URI:http://test/192, URI:http://test/193, URI:http://test/194, URI:http://test/195, URI:http://test/196, URI:http://test/197, URI:http://test/198, URI:http://test/199, URI:http://test/200, URI:http://test/201, URI:http://test/202, URI:http://test/203, URI:http://test/204, URI:http://test/205, URI:http://test/206, URI:http://test/207, URI:http://test/208, URI:http://test/209, URI:http://test/210, URI:http://test/211, URI:http://test/212, URI:http://test/213, URI:http://test/214, URI:http://test/215, URI:http://test/216, URI:http://test/217, URI:http://test/218, URI:http://test/219, URI:http://test/220, URI:http://test/221, URI:http://test/222, URI:http://test/223, URI:http://test/224, URI:http://test/225, URI:http://test/226, URI:http://test/227, URI:http://test/228, URI:http://test/229, URI:http://test/230, URI:http://test/231, URI:http://test/232, URI:http://test/233, URI:http://test/234, URI:http://test/235, URI:http://test/236, URI:http://test/237, URI:http://test/238, URI:http://test/239, URI:http://test/240, URI:http://test/241, URI:http://test/242, URI:http://test/243, URI:http://test/244, URI:http://test/245, URI:http://test/246, URI:http://test/247, URI:http://test/248, URI:http://test/249, URI:http://test/250, URI:http://test/251, URI:http://test/252, URI:http://test/253, URI:http://test/254, URI:http://test/255, URI:http://test/256, URI:http://test/257, URI:http://test/258, URI:http://test/259, URI:http://test/260, URI:http://test/261, URI:http://test/262, URI:http://test/263, URI:http://test/264, URI:http://test/265, URI:http://test/266, URI:http://test/267, URI:http://test/268, URI:http://test/269, URI:http://test/270, URI:http://test/271, URI:http://test/272, URI:http://test/273, URI:http://test/274, URI:http://test/275, URI:http://test/276, URI:http://test/277, URI:http://test/278, URI:http://test/279, URI:http://test/280, URI:http://test/281, URI:http://test/282, URI:http://test/283, URI:http://test/284, URI:http://test/285, URI:http://test/286, URI:http://test/287, URI:http://test/288, URI:http://test/289, URI:http://test/290, URI:http://test/291, URI:http://test/292, URI:http://test/293, URI:http://test/294, URI:http://test/295, URI:http://test/296, URI:http://test/297, URI:http://test/298, URI:http://test/299, URI:http://test/300, URI:http://test/301, URI:http://test/302, URI:http://test/303, URI:http://test/304, URI:http://test/305, URI:http://test/306, URI:http://test/307, URI:http://test/308, URI:http://test/309, URI:http://test/310, URI:http://test/311, URI:http://test/312, URI:http://test/313, URI:http://test/314, URI:http://test/315, URI:http://test/316, URI:http://test/317, URI:http://test/318, URI:http://test/319, URI:http://test/320, URI:http://test/321, URI:http://test/322, URI:http://test/323, URI:http://test/324, URI:http://test/325, URI:http://test/326, URI:http://test/327, URI:http://test/328, URI:http://test/329, URI:http://test/330, URI:http://test/331, URI:http://test/332, URI:http://test/333, URI:http://test/334, URI:http://test/335, URI:http://test/336, URI:http://test/337, URI:http://test/338, URI:http://test/339, URI:http://test/340, URI:http://test/341, URI:http://test/342, URI:http://test/343, URI:http://test/344, URI:http://test/345, URI:http://test/346, URI:http://test/347, URI:http://test/348, URI:http://test/349, URI:http://test/350, URI:http://test/351, URI:http://test/352, URI:http://test/353, URI:http://test/354, URI:http://test/355, URI:http://test/356, URI:http://test/357, URI:http://test/358, URI:http://test/359, URI:http://test/360, URI:http://test/361, URI:http://test/362, URI:http://test/363, URI:http://test/364, URI:http://test/365, URI:http://test/366, URI:http://test/367, URI:http://test/368, URI:http://test/369, URI:http://test/370, URI:http://test/371, URI:http://test/372, URI:http://test/373, URI:http://test/374, URI:http://test/375, URI:http://test/376, URI:http://test/377, URI:http://test/378, URI:http://test/379, URI:http://test/380, URI:http://test/381, URI:http://test/382, URI:http://test/383, URI:http://test/384, URI:http://test/385, URI:http://test/386, URI:http://test/387, URI:http://test/388, URI:http://test/389, URI:http://test/390, URI:http://test/391, URI:http://test/392, URI:http://test/393, URI:http://test/394, URI:http://test/395, URI:http://test/396, URI:http://test/397, URI:http://test/398, URI:http://test/399, URI:http://test/400, URI:http://test/401, URI:http://test/402, URI:http://test/403, URI:http://test/404, URI:http://test/405, URI:http://test/406, URI:http://test/407, URI:http://test/408, URI:http://test/409, URI:http://test/410, URI:http://test/411, URI:http://test/412, URI:http://test/413, URI:http://test/414, URI:http://test/415, URI:http://test/416, URI:http://test/417, URI:http://test/418, URI:http://test/419, URI:http://test/420, URI:http://test/421, URI:http://test/422, URI:http://test/423, URI:http://test/424, URI:http://test/425, URI:http://test/426, URI:http://test/427, URI:http://test/428, URI:http://test/429, URI:http://test/430, URI:http://test/431, URI:http://test/432, URI:http://test/433, URI:http://test/434, URI:http://test/435, URI:http://test/436, URI:http://test/437, URI:http://test/438, URI:http://test/439, URI:http://test/440, URI:http://test/441, URI:http://test/442, URI:http://test/443, URI:http://test/444, URI:http://test/445, URI:http://test/446, URI:http://test/447, URI:http://test/448, URI:http://test/449, URI:http://test/450, URI:http://test/451, URI:http://test/452, URI:http://test/453, URI:http://test/454, URI:http://test/455, URI:http://test/456, URI:http://test/457, URI:http://test/458, URI:http://test/459, URI:http://test/460, URI:http://test/461, URI:http://test/462, URI:http://test/463, URI:http://test/464, URI:http://test/465, URI:http://test/466, URI:http://test/467, URI:http://test/468, URI:http://test/469, URI:http://test/470, URI:http://test/471, URI:http://test/472, URI:http://test/473, URI:http://test/474, URI:http://test/475, URI:http://test/476, URI:http://test/477, URI:http://test/478, URI:http://test/479, URI:http://test/480, URI:http://test/481, URI:http://test/482, URI:http://test/483, URI:http://test/484, URI:http://test/485, URI:http://test/486, URI:http://test/487, URI:http://test/488, URI:http://test/489, URI:http://test/490, URI:http://test/491, URI:http://test/492, URI:http://test/493, URI:http://test/494, URI:http://test/495, URI:http://test/496, URI:http://test/497, URI:http://test/498, URI:http://test/499, URI:http://test/500, URI:http://test/501, URI:http://test/502, URI:http://test/503, URI:http://test/504, URI:http://test/505, URI:http://test/506, URI:http://test/507, URI:http://test/508, URI:http://test/509, URI:http://test/510, URI:http://test/511, URI:http://test/512, URI:http://test/513, URI:http://test/514, URI:http://test/515, URI:http://test/516, URI:http://test/517, URI:http://test/518, URI:http://test/519, URI:http://test/520, URI:http://test/521, URI:http://test/522, URI:http://test/523, URI:http://test/524, URI:http://test/525, URI:http://test/526, URI:http://test/527, URI:http://test/528, URI:http://test/529, URI:http://test/530, URI:http://test/531, URI:http://test/532, URI:http://test/533, URI:http://test/534, URI:http://test/535, URI:http://test/536, URI:http://test/537, URI:http://test/538, URI:http://test/539, URI:http://test/540, URI:http://test/541, URI:http://test/542, URI:http://test/543, URI:http://test/544, URI:http://test/545, URI:http://test/546, URI:http://test/547, URI:http://test/548, URI:http://test/549, URI:http://test/550, URI:http://test/551, URI:http://test/552, URI:http://test/553, URI:http://test/554, URI:http://test/555, URI:http://test/556, URI:http://test/557, URI:http://test/558, URI:http://test/559, URI:http://test/560, URI:http://test/561, URI:http://test/562, URI:http://test/563, URI:http://test/564, URI:http://test/565, URI:http://test/566, URI:http://test/567, URI:http://test/568, URI:http://test/569, URI:http://test/570, URI:http://test/571, URI:http://test/572, URI:http://test/573, URI:http://test/574, URI:http://test/575, URI:http://test/576, URI:http://test/577, URI:http://test/578, URI:http://test/579, URI:http://test/580, URI:http://test/581, URI:http://test/582, URI:http://test/583, URI:http://test/584, URI:http://test/585, URI:http://test/586, URI:http://test/587, URI:http://test/588, URI:http://test/589, URI:http://test/590, URI:http://test/591, URI:http://test/592, URI:http://test/593, URI:http://test/594, URI:http://test/595, URI:http://test/596, URI:http://test/597, URI:http://test/598, URI:http://test/599, URI:http://test/600, URI:http://test/601, URI:http://test/602, URI:http://test/603, URI:http://test/604, URI:http://test/605, URI:http://test/606, URI:http://test/607, URI:http://test/608, URI:http://test/609, URI:http://test/610, URI:http://test/611, URI:http://test/612, URI:http://test/613, URI:http://test/614, URI:http://test/615, URI:http://test/616, URI:http://test/617, URI:http://test/618, URI:http://test/619, URI:http://test/620, URI:http://test/621, URI:http://test/622, URI:http://test/623, URI:http://test/624, URI:http://test/625, URI:http://test/626, URI:http://test/627, URI:http://test/628, URI:http://test/629, URI:http://test/630, URI:http://test/631, URI:http://test/632, URI:http://test/633, URI:http://test/634, URI:http://test/635, URI:http://test/636, URI:http://test/637, URI:http://test/638, URI:http://test/639, URI:http://test/640, URI:http://test/641, URI:http://test/642, URI:http://test/643, URI:http://test/644, URI:http://test/645, URI:http://test/646, URI:http://test/647, URI:http://test/648, URI:http://test/649, URI:http://test/650, URI:http://test/651, URI:http://test/652, URI:http://test/653, URI:http://test/654, URI:http://test/655, URI:http://test/656, URI:http://test/657, URI:http://test/658, URI:http://test/659, URI:http://test/660, URI:http://test/661, URI:http://test/662, URI:http://test/663, URI:http://test/664, URI:http://test/665, URI:http://test/666, URI:http://test/667, URI:http://test/668, URI:http://test/669, URI:http://test/670, URI:http://test/671, URI:http://test/672, URI:http://test/673, URI:http://test/674, URI:http://test/675, URI:http://test/676, URI:http://test/677, URI:http://test/678, URI:http://test/679, URI:http://test/680, URI:http://test/681, URI:http://test/682, URI:http://test/683, URI:http://test/684, URI:http://test/685, URI:http://test/686, URI:http://test/687, URI:http://test/688, URI:http://test/689, URI:http://test/690, URI:http://test/691, URI:http://test/692, URI:http://test/693, URI:http://test/694, URI:http://test/695, URI:http://test/696, URI:http://test/697, URI:http://test/698, URI:http://test/699, URI:http://test/700, URI:http://test/701, URI:http://test/702, URI:http://test/703, URI:http://test/704, URI:http://test/705, URI:http://test/706, URI:http://test/707, URI:http://test/708, URI:http://test/709, URI:http://test/710, URI:http://test/711, URI:http://test/712, URI:http://test/713, URI:http://test/714, URI:http://test/715, URI:http://test/716, URI:http://test/717, URI:http://test/718, URI:http://test/719, URI:http://test/720, URI:http://test/721, URI:http://test/722, URI:http://test/723, URI:http://test/724, URI:http://test/725, URI:http://test/726, URI:http://test/727, URI:http://test/728, URI:http://test/729, URI:http://test/730, URI:http://test/731, URI:http://test/732, URI:http://test/733, URI:http://test/734, URI:http://test/735, URI:http://test/736, URI:http://test/737, URI:http://test/738, URI:http://test/739, URI:http://test/740, URI:http://test/741, URI:http://test/742, URI:http://test/743, URI:http://test/744, URI:http://test/745, URI:http://test/746, URI:http://test/747, URI:http://test/748, URI:http://test/749, URI:http://test/750, URI:http://test/751, URI:http://test/752, URI:http://test/753, URI:http://test/754, URI:http://test/755, URI:http://test/756, URI:http://test/757, URI:http://test/758, URI:http://test/759, URI:http://test/760, URI:http://test/761, URI:http://test/762, URI:http://test/763, URI:http://test/764, URI:http://test/765, URI:http://test/766, URI:http://test/767, URI:http://test/768, URI:http://test/769, URI:http://test/770, URI:http://test/771, URI:http://test/772, URI:http://test/773, URI:http://test/774, URI:http://test/775, URI:http://test/776, URI:http://test/777, URI:http://test/778, URI:http://test/779, URI:http://test/780, URI:http://test/781, URI:http://test/782, URI:http://test/783, URI:http://test/784, URI:http://test/785, URI:http://test/786, URI:http://test/787, URI:http://test/788, URI:http://test/789, URI:http://test/790, URI:http://test/791, URI:http://test/792, URI:http://test/793, URI:http://test/794, URI:http://test/795, URI:http://test/796, URI:http://test/797, URI:http://test/798, URI:http://test/799, URI:http://test/800, URI:http://test/801, URI:http://test/802, URI:http://test/803, URI:http://test/804, URI:http://test/805, URI:http://test/806, URI:http://test/807, URI:http://test/808, URI:http://test/809, URI:http://test/810, URI:http://test/811, URI:http://test/812, URI:http://test/813, URI:http://test/814, URI:http://test/815, URI:http://test/816, URI:http://test/817, URI:http://test/818, URI:http://test/819, URI:http://test/820, URI:http://test/821, URI:http://test/822, URI:http://test/823, URI:http://test/824, URI:http://test/825, URI:http://test/826, URI:http://test/827, URI:http://test/828, URI:http://test/829, URI:http://test/830, URI:http://test/831, URI:http://test/832, URI:http://test/833, URI:http://test/834, URI:http://test/835, URI:http://test/836, URI:http://test/837, URI:http://test/838, URI:http://test/839, URI:http://test/840, URI:http://test/841, URI:http://test/842, URI:http://test/843, URI:http://test/844, URI:http://test/845, URI:http://test/846, URI:http://test/847, URI:http://test/848, URI:http://test/849, URI:http://test/850, URI:http://test/851, URI:http://test/852, URI:http://test/853, URI:http://test/854, URI:http://test/855, URI:http://test/856, URI:http://test/857, URI:http://test/858, URI:http://test/859, URI:http://test/860, URI:http://test/861, URI:http://test/862, URI:http://test/863, URI:http://test/864, URI:http://test/865, URI:http://test/866, URI:http://test/867, URI:http://test/868, URI:http://test/869, URI:http://test/870, URI:http://test/871, URI:http://test/872, URI:http://test/873, URI:http://test/874, URI:http://test/875, URI:http://test/876, URI:http://test/877, URI:http://test/878, URI:http://test/879, URI:http://test/880, URI:http://test/881, URI:http://test/882, URI:http://test/883, URI:http://test/884, URI:http://test/885, URI:http://test/886, URI:http://test/887, URI:http://test/888, URI:http://test/889, URI:http://test/890, URI:http://test/891, URI:http://test/892, URI:http://test/893, URI:http://test/894, URI:http://test/895, URI:http://test/896, URI:http://test/897, URI:http://test/898, URI:http://test/899, URI:http://test/900, URI:http://test/901, URI:http://test/902, URI:http://test/903, URI:http://test/904, URI:http://test/905, URI:http://test/906, URI:http://test/907, URI:http://test/908, URI:http://test/909, URI:http://test/910, URI:http://test/911, URI:http://test/912, URI:http://test/913, URI:http://test/914, URI:http://test/915, URI:http://test/916, URI:http://test/917, URI:http://test/918, URI:http://test/919, URI:http://test/920, URI:http://test/921, URI:http://test/922, URI:http://test/923, URI:http://test/924, URI:http://test/925, URI:http://test/926, URI:http://test/927, URI:http://test/928, URI:http://test/929, URI:http://test/930, URI:http://test/931, URI:http://test/932, URI:http://test/933, URI:http://test/934, URI:http://test/935, URI:http://test/936, URI:http://test/937, URI:http://test/938, URI:http://test/939, URI:http://test/940, URI:http://test/941, URI:http://test/942, URI:http://test/943, URI:http://test/944, URI:http://test/945, URI:http://test/946, URI:http://test/947, URI:http://test/948, URI:http://test/949, URI:http://test/950, URI:http://test/951, URI:http://test/952, URI:http://test/953, URI:http://test/954, URI:http://test/955, URI:http://test/956, URI:http://test/957, URI:http://test/958, URI:http://test/959, URI:http://test/960, URI:http://test/961, URI:http://test/962, URI:http://test/963, URI:http://test/964, URI:http://test/965, URI:http://test/966, URI:http://test/967, URI:http://test/968, URI:http://test/969, URI:http://test/970, URI:http://test/971, URI:http://test/972, URI:http://test/973, URI:http://test/974, URI:http://test/975, URI:http://test/976, URI:http://test/977, URI:http://test/978, URI:http://test/979, URI:http://test/980, URI:http://test/981, URI:http://test/982, URI:http://test/983, URI:http://test/984, URI:http://test/985, URI:http://test/986, URI:http://test/987, URI:http://test/988, URI:http://test/989, URI:http://test/990, URI:http://test/991, URI:http://test/992, URI:http://test/993, URI:http://test/994, URI:http://test/995, URI:http://test/996, URI:http://test/997, URI:http://test/998, URI:http://test/999, URI:http://test/1000, URI:http://test/1001, URI:http://test/1002, URI:http://test/1003, URI:http://test/1004, URI:http://test/1005, URI:http://test/1006, URI:http://test/1007, URI:http://test/1008, URI:http://test/1009, URI:http://test/1010, URI:http://test/1011, URI:http://test/1012, URI:http://test/1013, URI:http://test/1014, URI:http://test/1015, URI:http://test/1016, URI:http://test/1017, URI:http://test/1018, URI:http://test/1019, URI:http://test/1020, URI:http://test/1021, URI:http://test/1022, URI:http://test/1023, URI:http://test/1024 + Signature Algorithm: sha256WithRSAEncryption + 08:00:7f:e0:40:75:d2:43:36:3f:e3:6c:cf:c1:4a:69:b2:0c: + 1b:a8:a8:6b:7a:ee:ed:d0:2d:ee:e2:52:d9:2a:1f:5d:ac:29: + f5:12:e2:af:3b:db:a0:6d:3a:b4:09:ef:76:fa:52:68:5f:07: + 5f:9f:a4:52:8f:1d:da:da:b6:93:54:87:47:d0:3c:66:7e:ff: + 1b:e3:1e:da:52:4c:00:46:5b:0c:eb:9e:b8:5e:1e:db:f7:ce: + dd:2c:0f:4e:23:1d:63:98:ed:e5:18:e8:04:9c:a1:1e:cd:58: + de:09:43:4d:bf:8d:4b:6d:8e:32:e9:a6:53:40:17:0c:e2:59: + 43:55:2d:3f:ab:af:aa:13:48:ac:00:ac:5b:df:16:c7:20:2a: + ea:50:ef:79:78:c9:34:d5:c5:7f:8f:27:d0:5a:42:3a:e8:13: + 01:51:bc:a3:b9:53:6f:1d:e4:73:52:8d:f0:c7:9c:d1:46:19: + aa:28:63:3e:cc:4a:5f:63:0d:1d:28:4b:e0:b4:37:83:db:85: + 8c:84:86:7e:37:15:a8:ed:a8:00:da:14:97:fd:f1:c8:ea:6e: + 3a:b7:19:c1:6f:53:6b:0b:ff:29:60:30:7d:b6:35:d6:b8:58: + 6f:55:32:18:c6:44:c3:08:d8:c4:95:25:7b:ba:13:04:26:34: + 7c:d4:0e:a1 +-----BEGIN CERTIFICATE----- +MIJ2lTCCdX2gAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCc+IwgnPeMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgnL0BgNVHREEgnLrMIJy54IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0hwQKAAAAhwQK +AAABhwQKAAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQKAAAHhwQKAAAIhwQK +AAAJhwQKAAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQKAAAPhwQKAAAQhwQK +AAARhwQKAAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQKAAAXhwQKAAAYhwQK +AAAZhwQKAAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQKAAAfhwQKAAAghwQK +AAAhhwQKAAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQKAAAnhwQKAAAohwQK +AAAphwQKAAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQKAAAvhwQKAAAwhwQK +AAAxhwQKAAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQKAAA3hwQKAAA4hwQK +AAA5hwQKAAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQKAAA/hwQKAABAhwQK +AABBhwQKAABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQKAABHhwQKAABIhwQK +AABJhwQKAABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQKAABPhwQKAABQhwQK +AABRhwQKAABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQKAABXhwQKAABYhwQK +AABZhwQKAABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQKAABfhwQKAABghwQK +AABhhwQKAABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQKAABnhwQKAABohwQK +AABphwQKAABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQKAABvhwQKAABwhwQK +AABxhwQKAAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQKAAB3hwQKAAB4hwQK +AAB5hwQKAAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQKAAB/hwQKAACAhwQK +AACBhwQKAACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQKAACHhwQKAACIhwQK +AACJhwQKAACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQKAACPhwQKAACQhwQK +AACRhwQKAACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQKAACXhwQKAACYhwQK +AACZhwQKAACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQKAACfhwQKAACghwQK +AAChhwQKAACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQKAACnhwQKAACohwQK +AACphwQKAACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQKAACvhwQKAACwhwQK +AACxhwQKAACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQKAAC3hwQKAAC4hwQK +AAC5hwQKAAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQKAAC/hwQKAADAhwQK +AADBhwQKAADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQKAADHhwQKAADIhwQK +AADJhwQKAADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQKAADPhwQKAADQhwQK +AADRhwQKAADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQKAADXhwQKAADYhwQK +AADZhwQKAADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQKAADfhwQKAADghwQK +AADhhwQKAADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQKAADnhwQKAADohwQK +AADphwQKAADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQKAADvhwQKAADwhwQK +AADxhwQKAADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQKAAD3hwQKAAD4hwQK +AAD5hwQKAAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQKAAD/hwQKAAEAhwQK +AAEBhwQKAAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQKAAEHhwQKAAEIhwQK +AAEJhwQKAAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQKAAEPhwQKAAEQhwQK +AAERhwQKAAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQKAAEXhwQKAAEYhwQK +AAEZhwQKAAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQKAAEfhwQKAAEghwQK +AAEhhwQKAAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQKAAEnhwQKAAEohwQK +AAEphwQKAAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQKAAEvhwQKAAEwhwQK +AAExhwQKAAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQKAAE3hwQKAAE4hwQK +AAE5hwQKAAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQKAAE/hwQKAAFAhwQK +AAFBhwQKAAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQKAAFHhwQKAAFIhwQK +AAFJhwQKAAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQKAAFPhwQKAAFQhwQK +AAFRhwQKAAFShwQKAAFThwQKAAFUpA8wDTELMAkGA1UEAwwCdDCkDzANMQswCQYD +VQQDDAJ0MaQPMA0xCzAJBgNVBAMMAnQypA8wDTELMAkGA1UEAwwCdDOkDzANMQsw +CQYDVQQDDAJ0NKQPMA0xCzAJBgNVBAMMAnQ1pA8wDTELMAkGA1UEAwwCdDakDzAN +MQswCQYDVQQDDAJ0N6QPMA0xCzAJBgNVBAMMAnQ4pA8wDTELMAkGA1UEAwwCdDmk +EDAOMQwwCgYDVQQDDAN0MTCkEDAOMQwwCgYDVQQDDAN0MTGkEDAOMQwwCgYDVQQD +DAN0MTKkEDAOMQwwCgYDVQQDDAN0MTOkEDAOMQwwCgYDVQQDDAN0MTSkEDAOMQww +CgYDVQQDDAN0MTWkEDAOMQwwCgYDVQQDDAN0MTakEDAOMQwwCgYDVQQDDAN0MTek +EDAOMQwwCgYDVQQDDAN0MTikEDAOMQwwCgYDVQQDDAN0MTmkEDAOMQwwCgYDVQQD +DAN0MjCkEDAOMQwwCgYDVQQDDAN0MjGkEDAOMQwwCgYDVQQDDAN0MjKkEDAOMQww +CgYDVQQDDAN0MjOkEDAOMQwwCgYDVQQDDAN0MjSkEDAOMQwwCgYDVQQDDAN0MjWk +EDAOMQwwCgYDVQQDDAN0MjakEDAOMQwwCgYDVQQDDAN0MjekEDAOMQwwCgYDVQQD +DAN0MjikEDAOMQwwCgYDVQQDDAN0MjmkEDAOMQwwCgYDVQQDDAN0MzCkEDAOMQww +CgYDVQQDDAN0MzGkEDAOMQwwCgYDVQQDDAN0MzKkEDAOMQwwCgYDVQQDDAN0MzOk +EDAOMQwwCgYDVQQDDAN0MzSkEDAOMQwwCgYDVQQDDAN0MzWkEDAOMQwwCgYDVQQD +DAN0MzakEDAOMQwwCgYDVQQDDAN0MzekEDAOMQwwCgYDVQQDDAN0MzikEDAOMQww +CgYDVQQDDAN0MzmkEDAOMQwwCgYDVQQDDAN0NDCkEDAOMQwwCgYDVQQDDAN0NDGk +EDAOMQwwCgYDVQQDDAN0NDKkEDAOMQwwCgYDVQQDDAN0NDOkEDAOMQwwCgYDVQQD +DAN0NDSkEDAOMQwwCgYDVQQDDAN0NDWkEDAOMQwwCgYDVQQDDAN0NDakEDAOMQww +CgYDVQQDDAN0NDekEDAOMQwwCgYDVQQDDAN0NDikEDAOMQwwCgYDVQQDDAN0NDmk +EDAOMQwwCgYDVQQDDAN0NTCkEDAOMQwwCgYDVQQDDAN0NTGkEDAOMQwwCgYDVQQD +DAN0NTKkEDAOMQwwCgYDVQQDDAN0NTOkEDAOMQwwCgYDVQQDDAN0NTSkEDAOMQww +CgYDVQQDDAN0NTWkEDAOMQwwCgYDVQQDDAN0NTakEDAOMQwwCgYDVQQDDAN0NTek +EDAOMQwwCgYDVQQDDAN0NTikEDAOMQwwCgYDVQQDDAN0NTmkEDAOMQwwCgYDVQQD +DAN0NjCkEDAOMQwwCgYDVQQDDAN0NjGkEDAOMQwwCgYDVQQDDAN0NjKkEDAOMQww +CgYDVQQDDAN0NjOkEDAOMQwwCgYDVQQDDAN0NjSkEDAOMQwwCgYDVQQDDAN0NjWk +EDAOMQwwCgYDVQQDDAN0NjakEDAOMQwwCgYDVQQDDAN0NjekEDAOMQwwCgYDVQQD +DAN0NjikEDAOMQwwCgYDVQQDDAN0NjmkEDAOMQwwCgYDVQQDDAN0NzCkEDAOMQww +CgYDVQQDDAN0NzGkEDAOMQwwCgYDVQQDDAN0NzKkEDAOMQwwCgYDVQQDDAN0NzOk +EDAOMQwwCgYDVQQDDAN0NzSkEDAOMQwwCgYDVQQDDAN0NzWkEDAOMQwwCgYDVQQD +DAN0NzakEDAOMQwwCgYDVQQDDAN0NzekEDAOMQwwCgYDVQQDDAN0NzikEDAOMQww +CgYDVQQDDAN0NzmkEDAOMQwwCgYDVQQDDAN0ODCkEDAOMQwwCgYDVQQDDAN0ODGk +EDAOMQwwCgYDVQQDDAN0ODKkEDAOMQwwCgYDVQQDDAN0ODOkEDAOMQwwCgYDVQQD +DAN0ODSkEDAOMQwwCgYDVQQDDAN0ODWkEDAOMQwwCgYDVQQDDAN0ODakEDAOMQww +CgYDVQQDDAN0ODekEDAOMQwwCgYDVQQDDAN0ODikEDAOMQwwCgYDVQQDDAN0ODmk +EDAOMQwwCgYDVQQDDAN0OTCkEDAOMQwwCgYDVQQDDAN0OTGkEDAOMQwwCgYDVQQD +DAN0OTKkEDAOMQwwCgYDVQQDDAN0OTOkEDAOMQwwCgYDVQQDDAN0OTSkEDAOMQww +CgYDVQQDDAN0OTWkEDAOMQwwCgYDVQQDDAN0OTakEDAOMQwwCgYDVQQDDAN0OTek +EDAOMQwwCgYDVQQDDAN0OTikEDAOMQwwCgYDVQQDDAN0OTmkETAPMQ0wCwYDVQQD +DAR0MTAwpBEwDzENMAsGA1UEAwwEdDEwMaQRMA8xDTALBgNVBAMMBHQxMDKkETAP +MQ0wCwYDVQQDDAR0MTAzpBEwDzENMAsGA1UEAwwEdDEwNKQRMA8xDTALBgNVBAMM +BHQxMDWkETAPMQ0wCwYDVQQDDAR0MTA2pBEwDzENMAsGA1UEAwwEdDEwN6QRMA8x +DTALBgNVBAMMBHQxMDikETAPMQ0wCwYDVQQDDAR0MTA5pBEwDzENMAsGA1UEAwwE +dDExMKQRMA8xDTALBgNVBAMMBHQxMTGkETAPMQ0wCwYDVQQDDAR0MTEypBEwDzEN +MAsGA1UEAwwEdDExM6QRMA8xDTALBgNVBAMMBHQxMTSkETAPMQ0wCwYDVQQDDAR0 +MTE1pBEwDzENMAsGA1UEAwwEdDExNqQRMA8xDTALBgNVBAMMBHQxMTekETAPMQ0w +CwYDVQQDDAR0MTE4pBEwDzENMAsGA1UEAwwEdDExOaQRMA8xDTALBgNVBAMMBHQx +MjCkETAPMQ0wCwYDVQQDDAR0MTIxpBEwDzENMAsGA1UEAwwEdDEyMqQRMA8xDTAL +BgNVBAMMBHQxMjOkETAPMQ0wCwYDVQQDDAR0MTI0pBEwDzENMAsGA1UEAwwEdDEy +NaQRMA8xDTALBgNVBAMMBHQxMjakETAPMQ0wCwYDVQQDDAR0MTI3pBEwDzENMAsG +A1UEAwwEdDEyOKQRMA8xDTALBgNVBAMMBHQxMjmkETAPMQ0wCwYDVQQDDAR0MTMw +pBEwDzENMAsGA1UEAwwEdDEzMaQRMA8xDTALBgNVBAMMBHQxMzKkETAPMQ0wCwYD +VQQDDAR0MTMzpBEwDzENMAsGA1UEAwwEdDEzNKQRMA8xDTALBgNVBAMMBHQxMzWk +ETAPMQ0wCwYDVQQDDAR0MTM2pBEwDzENMAsGA1UEAwwEdDEzN6QRMA8xDTALBgNV +BAMMBHQxMzikETAPMQ0wCwYDVQQDDAR0MTM5pBEwDzENMAsGA1UEAwwEdDE0MKQR +MA8xDTALBgNVBAMMBHQxNDGkETAPMQ0wCwYDVQQDDAR0MTQypBEwDzENMAsGA1UE +AwwEdDE0M6QRMA8xDTALBgNVBAMMBHQxNDSkETAPMQ0wCwYDVQQDDAR0MTQ1pBEw +DzENMAsGA1UEAwwEdDE0NqQRMA8xDTALBgNVBAMMBHQxNDekETAPMQ0wCwYDVQQD +DAR0MTQ4pBEwDzENMAsGA1UEAwwEdDE0OaQRMA8xDTALBgNVBAMMBHQxNTCkETAP +MQ0wCwYDVQQDDAR0MTUxpBEwDzENMAsGA1UEAwwEdDE1MqQRMA8xDTALBgNVBAMM +BHQxNTOkETAPMQ0wCwYDVQQDDAR0MTU0pBEwDzENMAsGA1UEAwwEdDE1NaQRMA8x +DTALBgNVBAMMBHQxNTakETAPMQ0wCwYDVQQDDAR0MTU3pBEwDzENMAsGA1UEAwwE +dDE1OKQRMA8xDTALBgNVBAMMBHQxNTmkETAPMQ0wCwYDVQQDDAR0MTYwpBEwDzEN +MAsGA1UEAwwEdDE2MaQRMA8xDTALBgNVBAMMBHQxNjKkETAPMQ0wCwYDVQQDDAR0 +MTYzpBEwDzENMAsGA1UEAwwEdDE2NKQRMA8xDTALBgNVBAMMBHQxNjWkETAPMQ0w +CwYDVQQDDAR0MTY2pBEwDzENMAsGA1UEAwwEdDE2N6QRMA8xDTALBgNVBAMMBHQx +NjikETAPMQ0wCwYDVQQDDAR0MTY5pBEwDzENMAsGA1UEAwwEdDE3MKQRMA8xDTAL +BgNVBAMMBHQxNzGkETAPMQ0wCwYDVQQDDAR0MTcypBEwDzENMAsGA1UEAwwEdDE3 +M6QRMA8xDTALBgNVBAMMBHQxNzSkETAPMQ0wCwYDVQQDDAR0MTc1pBEwDzENMAsG +A1UEAwwEdDE3NqQRMA8xDTALBgNVBAMMBHQxNzekETAPMQ0wCwYDVQQDDAR0MTc4 +pBEwDzENMAsGA1UEAwwEdDE3OaQRMA8xDTALBgNVBAMMBHQxODCkETAPMQ0wCwYD +VQQDDAR0MTgxpBEwDzENMAsGA1UEAwwEdDE4MqQRMA8xDTALBgNVBAMMBHQxODOk +ETAPMQ0wCwYDVQQDDAR0MTg0pBEwDzENMAsGA1UEAwwEdDE4NaQRMA8xDTALBgNV +BAMMBHQxODakETAPMQ0wCwYDVQQDDAR0MTg3pBEwDzENMAsGA1UEAwwEdDE4OKQR +MA8xDTALBgNVBAMMBHQxODmkETAPMQ0wCwYDVQQDDAR0MTkwpBEwDzENMAsGA1UE +AwwEdDE5MaQRMA8xDTALBgNVBAMMBHQxOTKkETAPMQ0wCwYDVQQDDAR0MTkzpBEw +DzENMAsGA1UEAwwEdDE5NKQRMA8xDTALBgNVBAMMBHQxOTWkETAPMQ0wCwYDVQQD +DAR0MTk2pBEwDzENMAsGA1UEAwwEdDE5N6QRMA8xDTALBgNVBAMMBHQxOTikETAP +MQ0wCwYDVQQDDAR0MTk5pBEwDzENMAsGA1UEAwwEdDIwMKQRMA8xDTALBgNVBAMM +BHQyMDGkETAPMQ0wCwYDVQQDDAR0MjAypBEwDzENMAsGA1UEAwwEdDIwM6QRMA8x +DTALBgNVBAMMBHQyMDSkETAPMQ0wCwYDVQQDDAR0MjA1pBEwDzENMAsGA1UEAwwE +dDIwNqQRMA8xDTALBgNVBAMMBHQyMDekETAPMQ0wCwYDVQQDDAR0MjA4pBEwDzEN +MAsGA1UEAwwEdDIwOaQRMA8xDTALBgNVBAMMBHQyMTCkETAPMQ0wCwYDVQQDDAR0 +MjExpBEwDzENMAsGA1UEAwwEdDIxMqQRMA8xDTALBgNVBAMMBHQyMTOkETAPMQ0w +CwYDVQQDDAR0MjE0pBEwDzENMAsGA1UEAwwEdDIxNaQRMA8xDTALBgNVBAMMBHQy +MTakETAPMQ0wCwYDVQQDDAR0MjE3pBEwDzENMAsGA1UEAwwEdDIxOKQRMA8xDTAL +BgNVBAMMBHQyMTmkETAPMQ0wCwYDVQQDDAR0MjIwpBEwDzENMAsGA1UEAwwEdDIy +MaQRMA8xDTALBgNVBAMMBHQyMjKkETAPMQ0wCwYDVQQDDAR0MjIzpBEwDzENMAsG +A1UEAwwEdDIyNKQRMA8xDTALBgNVBAMMBHQyMjWkETAPMQ0wCwYDVQQDDAR0MjI2 +pBEwDzENMAsGA1UEAwwEdDIyN6QRMA8xDTALBgNVBAMMBHQyMjikETAPMQ0wCwYD +VQQDDAR0MjI5pBEwDzENMAsGA1UEAwwEdDIzMKQRMA8xDTALBgNVBAMMBHQyMzGk +ETAPMQ0wCwYDVQQDDAR0MjMypBEwDzENMAsGA1UEAwwEdDIzM6QRMA8xDTALBgNV +BAMMBHQyMzSkETAPMQ0wCwYDVQQDDAR0MjM1pBEwDzENMAsGA1UEAwwEdDIzNqQR +MA8xDTALBgNVBAMMBHQyMzekETAPMQ0wCwYDVQQDDAR0MjM4pBEwDzENMAsGA1UE +AwwEdDIzOaQRMA8xDTALBgNVBAMMBHQyNDCkETAPMQ0wCwYDVQQDDAR0MjQxpBEw +DzENMAsGA1UEAwwEdDI0MqQRMA8xDTALBgNVBAMMBHQyNDOkETAPMQ0wCwYDVQQD +DAR0MjQ0pBEwDzENMAsGA1UEAwwEdDI0NaQRMA8xDTALBgNVBAMMBHQyNDakETAP +MQ0wCwYDVQQDDAR0MjQ3pBEwDzENMAsGA1UEAwwEdDI0OKQRMA8xDTALBgNVBAMM +BHQyNDmkETAPMQ0wCwYDVQQDDAR0MjUwpBEwDzENMAsGA1UEAwwEdDI1MaQRMA8x +DTALBgNVBAMMBHQyNTKkETAPMQ0wCwYDVQQDDAR0MjUzpBEwDzENMAsGA1UEAwwE +dDI1NKQRMA8xDTALBgNVBAMMBHQyNTWkETAPMQ0wCwYDVQQDDAR0MjU2pBEwDzEN +MAsGA1UEAwwEdDI1N6QRMA8xDTALBgNVBAMMBHQyNTikETAPMQ0wCwYDVQQDDAR0 +MjU5pBEwDzENMAsGA1UEAwwEdDI2MKQRMA8xDTALBgNVBAMMBHQyNjGkETAPMQ0w +CwYDVQQDDAR0MjYypBEwDzENMAsGA1UEAwwEdDI2M6QRMA8xDTALBgNVBAMMBHQy +NjSkETAPMQ0wCwYDVQQDDAR0MjY1pBEwDzENMAsGA1UEAwwEdDI2NqQRMA8xDTAL +BgNVBAMMBHQyNjekETAPMQ0wCwYDVQQDDAR0MjY4pBEwDzENMAsGA1UEAwwEdDI2 +OaQRMA8xDTALBgNVBAMMBHQyNzCkETAPMQ0wCwYDVQQDDAR0MjcxpBEwDzENMAsG +A1UEAwwEdDI3MqQRMA8xDTALBgNVBAMMBHQyNzOkETAPMQ0wCwYDVQQDDAR0Mjc0 +pBEwDzENMAsGA1UEAwwEdDI3NaQRMA8xDTALBgNVBAMMBHQyNzakETAPMQ0wCwYD +VQQDDAR0Mjc3pBEwDzENMAsGA1UEAwwEdDI3OKQRMA8xDTALBgNVBAMMBHQyNzmk +ETAPMQ0wCwYDVQQDDAR0MjgwpBEwDzENMAsGA1UEAwwEdDI4MaQRMA8xDTALBgNV +BAMMBHQyODKkETAPMQ0wCwYDVQQDDAR0MjgzpBEwDzENMAsGA1UEAwwEdDI4NKQR +MA8xDTALBgNVBAMMBHQyODWkETAPMQ0wCwYDVQQDDAR0Mjg2pBEwDzENMAsGA1UE +AwwEdDI4N6QRMA8xDTALBgNVBAMMBHQyODikETAPMQ0wCwYDVQQDDAR0Mjg5pBEw +DzENMAsGA1UEAwwEdDI5MKQRMA8xDTALBgNVBAMMBHQyOTGkETAPMQ0wCwYDVQQD +DAR0MjkypBEwDzENMAsGA1UEAwwEdDI5M6QRMA8xDTALBgNVBAMMBHQyOTSkETAP +MQ0wCwYDVQQDDAR0Mjk1pBEwDzENMAsGA1UEAwwEdDI5NqQRMA8xDTALBgNVBAMM +BHQyOTekETAPMQ0wCwYDVQQDDAR0Mjk4pBEwDzENMAsGA1UEAwwEdDI5OaQRMA8x +DTALBgNVBAMMBHQzMDCkETAPMQ0wCwYDVQQDDAR0MzAxpBEwDzENMAsGA1UEAwwE +dDMwMqQRMA8xDTALBgNVBAMMBHQzMDOkETAPMQ0wCwYDVQQDDAR0MzA0pBEwDzEN +MAsGA1UEAwwEdDMwNaQRMA8xDTALBgNVBAMMBHQzMDakETAPMQ0wCwYDVQQDDAR0 +MzA3pBEwDzENMAsGA1UEAwwEdDMwOKQRMA8xDTALBgNVBAMMBHQzMDmkETAPMQ0w +CwYDVQQDDAR0MzEwpBEwDzENMAsGA1UEAwwEdDMxMaQRMA8xDTALBgNVBAMMBHQz +MTKkETAPMQ0wCwYDVQQDDAR0MzEzpBEwDzENMAsGA1UEAwwEdDMxNKQRMA8xDTAL +BgNVBAMMBHQzMTWkETAPMQ0wCwYDVQQDDAR0MzE2pBEwDzENMAsGA1UEAwwEdDMx +N6QRMA8xDTALBgNVBAMMBHQzMTikETAPMQ0wCwYDVQQDDAR0MzE5pBEwDzENMAsG +A1UEAwwEdDMyMKQRMA8xDTALBgNVBAMMBHQzMjGkETAPMQ0wCwYDVQQDDAR0MzIy +pBEwDzENMAsGA1UEAwwEdDMyM6QRMA8xDTALBgNVBAMMBHQzMjSkETAPMQ0wCwYD +VQQDDAR0MzI1pBEwDzENMAsGA1UEAwwEdDMyNqQRMA8xDTALBgNVBAMMBHQzMjek +ETAPMQ0wCwYDVQQDDAR0MzI4pBEwDzENMAsGA1UEAwwEdDMyOaQRMA8xDTALBgNV +BAMMBHQzMzCkETAPMQ0wCwYDVQQDDAR0MzMxpBEwDzENMAsGA1UEAwwEdDMzMqQR +MA8xDTALBgNVBAMMBHQzMzOkETAPMQ0wCwYDVQQDDAR0MzM0pBEwDzENMAsGA1UE +AwwEdDMzNaQRMA8xDTALBgNVBAMMBHQzMzakETAPMQ0wCwYDVQQDDAR0MzM3pBEw +DzENMAsGA1UEAwwEdDMzOKQRMA8xDTALBgNVBAMMBHQzMzmkETAPMQ0wCwYDVQQD +DAR0MzQwpBEwDzENMAsGA1UEAwwEdDM0MYYNaHR0cDovL3Rlc3QvMIYNaHR0cDov +L3Rlc3QvMYYNaHR0cDovL3Rlc3QvMoYNaHR0cDovL3Rlc3QvM4YNaHR0cDovL3Rl +c3QvNIYNaHR0cDovL3Rlc3QvNYYNaHR0cDovL3Rlc3QvNoYNaHR0cDovL3Rlc3Qv +N4YNaHR0cDovL3Rlc3QvOIYNaHR0cDovL3Rlc3QvOYYOaHR0cDovL3Rlc3QvMTCG +Dmh0dHA6Ly90ZXN0LzExhg5odHRwOi8vdGVzdC8xMoYOaHR0cDovL3Rlc3QvMTOG +Dmh0dHA6Ly90ZXN0LzE0hg5odHRwOi8vdGVzdC8xNYYOaHR0cDovL3Rlc3QvMTaG +Dmh0dHA6Ly90ZXN0LzE3hg5odHRwOi8vdGVzdC8xOIYOaHR0cDovL3Rlc3QvMTmG +Dmh0dHA6Ly90ZXN0LzIwhg5odHRwOi8vdGVzdC8yMYYOaHR0cDovL3Rlc3QvMjKG +Dmh0dHA6Ly90ZXN0LzIzhg5odHRwOi8vdGVzdC8yNIYOaHR0cDovL3Rlc3QvMjWG +Dmh0dHA6Ly90ZXN0LzI2hg5odHRwOi8vdGVzdC8yN4YOaHR0cDovL3Rlc3QvMjiG +Dmh0dHA6Ly90ZXN0LzI5hg5odHRwOi8vdGVzdC8zMIYOaHR0cDovL3Rlc3QvMzGG +Dmh0dHA6Ly90ZXN0LzMyhg5odHRwOi8vdGVzdC8zM4YOaHR0cDovL3Rlc3QvMzSG +Dmh0dHA6Ly90ZXN0LzM1hg5odHRwOi8vdGVzdC8zNoYOaHR0cDovL3Rlc3QvMzeG +Dmh0dHA6Ly90ZXN0LzM4hg5odHRwOi8vdGVzdC8zOYYOaHR0cDovL3Rlc3QvNDCG +Dmh0dHA6Ly90ZXN0LzQxhg5odHRwOi8vdGVzdC80MoYOaHR0cDovL3Rlc3QvNDOG +Dmh0dHA6Ly90ZXN0LzQ0hg5odHRwOi8vdGVzdC80NYYOaHR0cDovL3Rlc3QvNDaG +Dmh0dHA6Ly90ZXN0LzQ3hg5odHRwOi8vdGVzdC80OIYOaHR0cDovL3Rlc3QvNDmG +Dmh0dHA6Ly90ZXN0LzUwhg5odHRwOi8vdGVzdC81MYYOaHR0cDovL3Rlc3QvNTKG +Dmh0dHA6Ly90ZXN0LzUzhg5odHRwOi8vdGVzdC81NIYOaHR0cDovL3Rlc3QvNTWG +Dmh0dHA6Ly90ZXN0LzU2hg5odHRwOi8vdGVzdC81N4YOaHR0cDovL3Rlc3QvNTiG +Dmh0dHA6Ly90ZXN0LzU5hg5odHRwOi8vdGVzdC82MIYOaHR0cDovL3Rlc3QvNjGG +Dmh0dHA6Ly90ZXN0LzYyhg5odHRwOi8vdGVzdC82M4YOaHR0cDovL3Rlc3QvNjSG +Dmh0dHA6Ly90ZXN0LzY1hg5odHRwOi8vdGVzdC82NoYOaHR0cDovL3Rlc3QvNjeG +Dmh0dHA6Ly90ZXN0LzY4hg5odHRwOi8vdGVzdC82OYYOaHR0cDovL3Rlc3QvNzCG +Dmh0dHA6Ly90ZXN0Lzcxhg5odHRwOi8vdGVzdC83MoYOaHR0cDovL3Rlc3QvNzOG +Dmh0dHA6Ly90ZXN0Lzc0hg5odHRwOi8vdGVzdC83NYYOaHR0cDovL3Rlc3QvNzaG +Dmh0dHA6Ly90ZXN0Lzc3hg5odHRwOi8vdGVzdC83OIYOaHR0cDovL3Rlc3QvNzmG +Dmh0dHA6Ly90ZXN0Lzgwhg5odHRwOi8vdGVzdC84MYYOaHR0cDovL3Rlc3QvODKG +Dmh0dHA6Ly90ZXN0Lzgzhg5odHRwOi8vdGVzdC84NIYOaHR0cDovL3Rlc3QvODWG +Dmh0dHA6Ly90ZXN0Lzg2hg5odHRwOi8vdGVzdC84N4YOaHR0cDovL3Rlc3QvODiG +Dmh0dHA6Ly90ZXN0Lzg5hg5odHRwOi8vdGVzdC85MIYOaHR0cDovL3Rlc3QvOTGG +Dmh0dHA6Ly90ZXN0Lzkyhg5odHRwOi8vdGVzdC85M4YOaHR0cDovL3Rlc3QvOTSG +Dmh0dHA6Ly90ZXN0Lzk1hg5odHRwOi8vdGVzdC85NoYOaHR0cDovL3Rlc3QvOTeG +Dmh0dHA6Ly90ZXN0Lzk4hg5odHRwOi8vdGVzdC85OYYPaHR0cDovL3Rlc3QvMTAw +hg9odHRwOi8vdGVzdC8xMDGGD2h0dHA6Ly90ZXN0LzEwMoYPaHR0cDovL3Rlc3Qv +MTAzhg9odHRwOi8vdGVzdC8xMDSGD2h0dHA6Ly90ZXN0LzEwNYYPaHR0cDovL3Rl +c3QvMTA2hg9odHRwOi8vdGVzdC8xMDeGD2h0dHA6Ly90ZXN0LzEwOIYPaHR0cDov +L3Rlc3QvMTA5hg9odHRwOi8vdGVzdC8xMTCGD2h0dHA6Ly90ZXN0LzExMYYPaHR0 +cDovL3Rlc3QvMTEyhg9odHRwOi8vdGVzdC8xMTOGD2h0dHA6Ly90ZXN0LzExNIYP +aHR0cDovL3Rlc3QvMTE1hg9odHRwOi8vdGVzdC8xMTaGD2h0dHA6Ly90ZXN0LzEx +N4YPaHR0cDovL3Rlc3QvMTE4hg9odHRwOi8vdGVzdC8xMTmGD2h0dHA6Ly90ZXN0 +LzEyMIYPaHR0cDovL3Rlc3QvMTIxhg9odHRwOi8vdGVzdC8xMjKGD2h0dHA6Ly90 +ZXN0LzEyM4YPaHR0cDovL3Rlc3QvMTI0hg9odHRwOi8vdGVzdC8xMjWGD2h0dHA6 +Ly90ZXN0LzEyNoYPaHR0cDovL3Rlc3QvMTI3hg9odHRwOi8vdGVzdC8xMjiGD2h0 +dHA6Ly90ZXN0LzEyOYYPaHR0cDovL3Rlc3QvMTMwhg9odHRwOi8vdGVzdC8xMzGG +D2h0dHA6Ly90ZXN0LzEzMoYPaHR0cDovL3Rlc3QvMTMzhg9odHRwOi8vdGVzdC8x +MzSGD2h0dHA6Ly90ZXN0LzEzNYYPaHR0cDovL3Rlc3QvMTM2hg9odHRwOi8vdGVz +dC8xMzeGD2h0dHA6Ly90ZXN0LzEzOIYPaHR0cDovL3Rlc3QvMTM5hg9odHRwOi8v +dGVzdC8xNDCGD2h0dHA6Ly90ZXN0LzE0MYYPaHR0cDovL3Rlc3QvMTQyhg9odHRw +Oi8vdGVzdC8xNDOGD2h0dHA6Ly90ZXN0LzE0NIYPaHR0cDovL3Rlc3QvMTQ1hg9o +dHRwOi8vdGVzdC8xNDaGD2h0dHA6Ly90ZXN0LzE0N4YPaHR0cDovL3Rlc3QvMTQ4 +hg9odHRwOi8vdGVzdC8xNDmGD2h0dHA6Ly90ZXN0LzE1MIYPaHR0cDovL3Rlc3Qv +MTUxhg9odHRwOi8vdGVzdC8xNTKGD2h0dHA6Ly90ZXN0LzE1M4YPaHR0cDovL3Rl +c3QvMTU0hg9odHRwOi8vdGVzdC8xNTWGD2h0dHA6Ly90ZXN0LzE1NoYPaHR0cDov +L3Rlc3QvMTU3hg9odHRwOi8vdGVzdC8xNTiGD2h0dHA6Ly90ZXN0LzE1OYYPaHR0 +cDovL3Rlc3QvMTYwhg9odHRwOi8vdGVzdC8xNjGGD2h0dHA6Ly90ZXN0LzE2MoYP +aHR0cDovL3Rlc3QvMTYzhg9odHRwOi8vdGVzdC8xNjSGD2h0dHA6Ly90ZXN0LzE2 +NYYPaHR0cDovL3Rlc3QvMTY2hg9odHRwOi8vdGVzdC8xNjeGD2h0dHA6Ly90ZXN0 +LzE2OIYPaHR0cDovL3Rlc3QvMTY5hg9odHRwOi8vdGVzdC8xNzCGD2h0dHA6Ly90 +ZXN0LzE3MYYPaHR0cDovL3Rlc3QvMTcyhg9odHRwOi8vdGVzdC8xNzOGD2h0dHA6 +Ly90ZXN0LzE3NIYPaHR0cDovL3Rlc3QvMTc1hg9odHRwOi8vdGVzdC8xNzaGD2h0 +dHA6Ly90ZXN0LzE3N4YPaHR0cDovL3Rlc3QvMTc4hg9odHRwOi8vdGVzdC8xNzmG +D2h0dHA6Ly90ZXN0LzE4MIYPaHR0cDovL3Rlc3QvMTgxhg9odHRwOi8vdGVzdC8x +ODKGD2h0dHA6Ly90ZXN0LzE4M4YPaHR0cDovL3Rlc3QvMTg0hg9odHRwOi8vdGVz +dC8xODWGD2h0dHA6Ly90ZXN0LzE4NoYPaHR0cDovL3Rlc3QvMTg3hg9odHRwOi8v +dGVzdC8xODiGD2h0dHA6Ly90ZXN0LzE4OYYPaHR0cDovL3Rlc3QvMTkwhg9odHRw +Oi8vdGVzdC8xOTGGD2h0dHA6Ly90ZXN0LzE5MoYPaHR0cDovL3Rlc3QvMTkzhg9o +dHRwOi8vdGVzdC8xOTSGD2h0dHA6Ly90ZXN0LzE5NYYPaHR0cDovL3Rlc3QvMTk2 +hg9odHRwOi8vdGVzdC8xOTeGD2h0dHA6Ly90ZXN0LzE5OIYPaHR0cDovL3Rlc3Qv +MTk5hg9odHRwOi8vdGVzdC8yMDCGD2h0dHA6Ly90ZXN0LzIwMYYPaHR0cDovL3Rl +c3QvMjAyhg9odHRwOi8vdGVzdC8yMDOGD2h0dHA6Ly90ZXN0LzIwNIYPaHR0cDov +L3Rlc3QvMjA1hg9odHRwOi8vdGVzdC8yMDaGD2h0dHA6Ly90ZXN0LzIwN4YPaHR0 +cDovL3Rlc3QvMjA4hg9odHRwOi8vdGVzdC8yMDmGD2h0dHA6Ly90ZXN0LzIxMIYP +aHR0cDovL3Rlc3QvMjExhg9odHRwOi8vdGVzdC8yMTKGD2h0dHA6Ly90ZXN0LzIx +M4YPaHR0cDovL3Rlc3QvMjE0hg9odHRwOi8vdGVzdC8yMTWGD2h0dHA6Ly90ZXN0 +LzIxNoYPaHR0cDovL3Rlc3QvMjE3hg9odHRwOi8vdGVzdC8yMTiGD2h0dHA6Ly90 +ZXN0LzIxOYYPaHR0cDovL3Rlc3QvMjIwhg9odHRwOi8vdGVzdC8yMjGGD2h0dHA6 +Ly90ZXN0LzIyMoYPaHR0cDovL3Rlc3QvMjIzhg9odHRwOi8vdGVzdC8yMjSGD2h0 +dHA6Ly90ZXN0LzIyNYYPaHR0cDovL3Rlc3QvMjI2hg9odHRwOi8vdGVzdC8yMjeG +D2h0dHA6Ly90ZXN0LzIyOIYPaHR0cDovL3Rlc3QvMjI5hg9odHRwOi8vdGVzdC8y +MzCGD2h0dHA6Ly90ZXN0LzIzMYYPaHR0cDovL3Rlc3QvMjMyhg9odHRwOi8vdGVz +dC8yMzOGD2h0dHA6Ly90ZXN0LzIzNIYPaHR0cDovL3Rlc3QvMjM1hg9odHRwOi8v +dGVzdC8yMzaGD2h0dHA6Ly90ZXN0LzIzN4YPaHR0cDovL3Rlc3QvMjM4hg9odHRw +Oi8vdGVzdC8yMzmGD2h0dHA6Ly90ZXN0LzI0MIYPaHR0cDovL3Rlc3QvMjQxhg9o +dHRwOi8vdGVzdC8yNDKGD2h0dHA6Ly90ZXN0LzI0M4YPaHR0cDovL3Rlc3QvMjQ0 +hg9odHRwOi8vdGVzdC8yNDWGD2h0dHA6Ly90ZXN0LzI0NoYPaHR0cDovL3Rlc3Qv +MjQ3hg9odHRwOi8vdGVzdC8yNDiGD2h0dHA6Ly90ZXN0LzI0OYYPaHR0cDovL3Rl +c3QvMjUwhg9odHRwOi8vdGVzdC8yNTGGD2h0dHA6Ly90ZXN0LzI1MoYPaHR0cDov +L3Rlc3QvMjUzhg9odHRwOi8vdGVzdC8yNTSGD2h0dHA6Ly90ZXN0LzI1NYYPaHR0 +cDovL3Rlc3QvMjU2hg9odHRwOi8vdGVzdC8yNTeGD2h0dHA6Ly90ZXN0LzI1OIYP +aHR0cDovL3Rlc3QvMjU5hg9odHRwOi8vdGVzdC8yNjCGD2h0dHA6Ly90ZXN0LzI2 +MYYPaHR0cDovL3Rlc3QvMjYyhg9odHRwOi8vdGVzdC8yNjOGD2h0dHA6Ly90ZXN0 +LzI2NIYPaHR0cDovL3Rlc3QvMjY1hg9odHRwOi8vdGVzdC8yNjaGD2h0dHA6Ly90 +ZXN0LzI2N4YPaHR0cDovL3Rlc3QvMjY4hg9odHRwOi8vdGVzdC8yNjmGD2h0dHA6 +Ly90ZXN0LzI3MIYPaHR0cDovL3Rlc3QvMjcxhg9odHRwOi8vdGVzdC8yNzKGD2h0 +dHA6Ly90ZXN0LzI3M4YPaHR0cDovL3Rlc3QvMjc0hg9odHRwOi8vdGVzdC8yNzWG +D2h0dHA6Ly90ZXN0LzI3NoYPaHR0cDovL3Rlc3QvMjc3hg9odHRwOi8vdGVzdC8y +NziGD2h0dHA6Ly90ZXN0LzI3OYYPaHR0cDovL3Rlc3QvMjgwhg9odHRwOi8vdGVz +dC8yODGGD2h0dHA6Ly90ZXN0LzI4MoYPaHR0cDovL3Rlc3QvMjgzhg9odHRwOi8v +dGVzdC8yODSGD2h0dHA6Ly90ZXN0LzI4NYYPaHR0cDovL3Rlc3QvMjg2hg9odHRw +Oi8vdGVzdC8yODeGD2h0dHA6Ly90ZXN0LzI4OIYPaHR0cDovL3Rlc3QvMjg5hg9o +dHRwOi8vdGVzdC8yOTCGD2h0dHA6Ly90ZXN0LzI5MYYPaHR0cDovL3Rlc3QvMjky +hg9odHRwOi8vdGVzdC8yOTOGD2h0dHA6Ly90ZXN0LzI5NIYPaHR0cDovL3Rlc3Qv +Mjk1hg9odHRwOi8vdGVzdC8yOTaGD2h0dHA6Ly90ZXN0LzI5N4YPaHR0cDovL3Rl +c3QvMjk4hg9odHRwOi8vdGVzdC8yOTmGD2h0dHA6Ly90ZXN0LzMwMIYPaHR0cDov +L3Rlc3QvMzAxhg9odHRwOi8vdGVzdC8zMDKGD2h0dHA6Ly90ZXN0LzMwM4YPaHR0 +cDovL3Rlc3QvMzA0hg9odHRwOi8vdGVzdC8zMDWGD2h0dHA6Ly90ZXN0LzMwNoYP +aHR0cDovL3Rlc3QvMzA3hg9odHRwOi8vdGVzdC8zMDiGD2h0dHA6Ly90ZXN0LzMw +OYYPaHR0cDovL3Rlc3QvMzEwhg9odHRwOi8vdGVzdC8zMTGGD2h0dHA6Ly90ZXN0 +LzMxMoYPaHR0cDovL3Rlc3QvMzEzhg9odHRwOi8vdGVzdC8zMTSGD2h0dHA6Ly90 +ZXN0LzMxNYYPaHR0cDovL3Rlc3QvMzE2hg9odHRwOi8vdGVzdC8zMTeGD2h0dHA6 +Ly90ZXN0LzMxOIYPaHR0cDovL3Rlc3QvMzE5hg9odHRwOi8vdGVzdC8zMjCGD2h0 +dHA6Ly90ZXN0LzMyMYYPaHR0cDovL3Rlc3QvMzIyhg9odHRwOi8vdGVzdC8zMjOG +D2h0dHA6Ly90ZXN0LzMyNIYPaHR0cDovL3Rlc3QvMzI1hg9odHRwOi8vdGVzdC8z +MjaGD2h0dHA6Ly90ZXN0LzMyN4YPaHR0cDovL3Rlc3QvMzI4hg9odHRwOi8vdGVz +dC8zMjmGD2h0dHA6Ly90ZXN0LzMzMIYPaHR0cDovL3Rlc3QvMzMxhg9odHRwOi8v +dGVzdC8zMzKGD2h0dHA6Ly90ZXN0LzMzM4YPaHR0cDovL3Rlc3QvMzM0hg9odHRw +Oi8vdGVzdC8zMzWGD2h0dHA6Ly90ZXN0LzMzNoYPaHR0cDovL3Rlc3QvMzM3hg9o +dHRwOi8vdGVzdC8zMziGD2h0dHA6Ly90ZXN0LzMzOYYPaHR0cDovL3Rlc3QvMzQw +hg9odHRwOi8vdGVzdC8zNDGGD2h0dHA6Ly90ZXN0LzM0MoYPaHR0cDovL3Rlc3Qv +MzQzhg9odHRwOi8vdGVzdC8zNDSGD2h0dHA6Ly90ZXN0LzM0NYYPaHR0cDovL3Rl +c3QvMzQ2hg9odHRwOi8vdGVzdC8zNDeGD2h0dHA6Ly90ZXN0LzM0OIYPaHR0cDov +L3Rlc3QvMzQ5hg9odHRwOi8vdGVzdC8zNTCGD2h0dHA6Ly90ZXN0LzM1MYYPaHR0 +cDovL3Rlc3QvMzUyhg9odHRwOi8vdGVzdC8zNTOGD2h0dHA6Ly90ZXN0LzM1NIYP +aHR0cDovL3Rlc3QvMzU1hg9odHRwOi8vdGVzdC8zNTaGD2h0dHA6Ly90ZXN0LzM1 +N4YPaHR0cDovL3Rlc3QvMzU4hg9odHRwOi8vdGVzdC8zNTmGD2h0dHA6Ly90ZXN0 +LzM2MIYPaHR0cDovL3Rlc3QvMzYxhg9odHRwOi8vdGVzdC8zNjKGD2h0dHA6Ly90 +ZXN0LzM2M4YPaHR0cDovL3Rlc3QvMzY0hg9odHRwOi8vdGVzdC8zNjWGD2h0dHA6 +Ly90ZXN0LzM2NoYPaHR0cDovL3Rlc3QvMzY3hg9odHRwOi8vdGVzdC8zNjiGD2h0 +dHA6Ly90ZXN0LzM2OYYPaHR0cDovL3Rlc3QvMzcwhg9odHRwOi8vdGVzdC8zNzGG +D2h0dHA6Ly90ZXN0LzM3MoYPaHR0cDovL3Rlc3QvMzczhg9odHRwOi8vdGVzdC8z +NzSGD2h0dHA6Ly90ZXN0LzM3NYYPaHR0cDovL3Rlc3QvMzc2hg9odHRwOi8vdGVz +dC8zNzeGD2h0dHA6Ly90ZXN0LzM3OIYPaHR0cDovL3Rlc3QvMzc5hg9odHRwOi8v +dGVzdC8zODCGD2h0dHA6Ly90ZXN0LzM4MYYPaHR0cDovL3Rlc3QvMzgyhg9odHRw +Oi8vdGVzdC8zODOGD2h0dHA6Ly90ZXN0LzM4NIYPaHR0cDovL3Rlc3QvMzg1hg9o +dHRwOi8vdGVzdC8zODaGD2h0dHA6Ly90ZXN0LzM4N4YPaHR0cDovL3Rlc3QvMzg4 +hg9odHRwOi8vdGVzdC8zODmGD2h0dHA6Ly90ZXN0LzM5MIYPaHR0cDovL3Rlc3Qv +Mzkxhg9odHRwOi8vdGVzdC8zOTKGD2h0dHA6Ly90ZXN0LzM5M4YPaHR0cDovL3Rl +c3QvMzk0hg9odHRwOi8vdGVzdC8zOTWGD2h0dHA6Ly90ZXN0LzM5NoYPaHR0cDov +L3Rlc3QvMzk3hg9odHRwOi8vdGVzdC8zOTiGD2h0dHA6Ly90ZXN0LzM5OYYPaHR0 +cDovL3Rlc3QvNDAwhg9odHRwOi8vdGVzdC80MDGGD2h0dHA6Ly90ZXN0LzQwMoYP +aHR0cDovL3Rlc3QvNDAzhg9odHRwOi8vdGVzdC80MDSGD2h0dHA6Ly90ZXN0LzQw +NYYPaHR0cDovL3Rlc3QvNDA2hg9odHRwOi8vdGVzdC80MDeGD2h0dHA6Ly90ZXN0 +LzQwOIYPaHR0cDovL3Rlc3QvNDA5hg9odHRwOi8vdGVzdC80MTCGD2h0dHA6Ly90 +ZXN0LzQxMYYPaHR0cDovL3Rlc3QvNDEyhg9odHRwOi8vdGVzdC80MTOGD2h0dHA6 +Ly90ZXN0LzQxNIYPaHR0cDovL3Rlc3QvNDE1hg9odHRwOi8vdGVzdC80MTaGD2h0 +dHA6Ly90ZXN0LzQxN4YPaHR0cDovL3Rlc3QvNDE4hg9odHRwOi8vdGVzdC80MTmG +D2h0dHA6Ly90ZXN0LzQyMIYPaHR0cDovL3Rlc3QvNDIxhg9odHRwOi8vdGVzdC80 +MjKGD2h0dHA6Ly90ZXN0LzQyM4YPaHR0cDovL3Rlc3QvNDI0hg9odHRwOi8vdGVz +dC80MjWGD2h0dHA6Ly90ZXN0LzQyNoYPaHR0cDovL3Rlc3QvNDI3hg9odHRwOi8v +dGVzdC80MjiGD2h0dHA6Ly90ZXN0LzQyOYYPaHR0cDovL3Rlc3QvNDMwhg9odHRw +Oi8vdGVzdC80MzGGD2h0dHA6Ly90ZXN0LzQzMoYPaHR0cDovL3Rlc3QvNDMzhg9o +dHRwOi8vdGVzdC80MzSGD2h0dHA6Ly90ZXN0LzQzNYYPaHR0cDovL3Rlc3QvNDM2 +hg9odHRwOi8vdGVzdC80MzeGD2h0dHA6Ly90ZXN0LzQzOIYPaHR0cDovL3Rlc3Qv +NDM5hg9odHRwOi8vdGVzdC80NDCGD2h0dHA6Ly90ZXN0LzQ0MYYPaHR0cDovL3Rl +c3QvNDQyhg9odHRwOi8vdGVzdC80NDOGD2h0dHA6Ly90ZXN0LzQ0NIYPaHR0cDov +L3Rlc3QvNDQ1hg9odHRwOi8vdGVzdC80NDaGD2h0dHA6Ly90ZXN0LzQ0N4YPaHR0 +cDovL3Rlc3QvNDQ4hg9odHRwOi8vdGVzdC80NDmGD2h0dHA6Ly90ZXN0LzQ1MIYP +aHR0cDovL3Rlc3QvNDUxhg9odHRwOi8vdGVzdC80NTKGD2h0dHA6Ly90ZXN0LzQ1 +M4YPaHR0cDovL3Rlc3QvNDU0hg9odHRwOi8vdGVzdC80NTWGD2h0dHA6Ly90ZXN0 +LzQ1NoYPaHR0cDovL3Rlc3QvNDU3hg9odHRwOi8vdGVzdC80NTiGD2h0dHA6Ly90 +ZXN0LzQ1OYYPaHR0cDovL3Rlc3QvNDYwhg9odHRwOi8vdGVzdC80NjGGD2h0dHA6 +Ly90ZXN0LzQ2MoYPaHR0cDovL3Rlc3QvNDYzhg9odHRwOi8vdGVzdC80NjSGD2h0 +dHA6Ly90ZXN0LzQ2NYYPaHR0cDovL3Rlc3QvNDY2hg9odHRwOi8vdGVzdC80NjeG +D2h0dHA6Ly90ZXN0LzQ2OIYPaHR0cDovL3Rlc3QvNDY5hg9odHRwOi8vdGVzdC80 +NzCGD2h0dHA6Ly90ZXN0LzQ3MYYPaHR0cDovL3Rlc3QvNDcyhg9odHRwOi8vdGVz +dC80NzOGD2h0dHA6Ly90ZXN0LzQ3NIYPaHR0cDovL3Rlc3QvNDc1hg9odHRwOi8v +dGVzdC80NzaGD2h0dHA6Ly90ZXN0LzQ3N4YPaHR0cDovL3Rlc3QvNDc4hg9odHRw +Oi8vdGVzdC80NzmGD2h0dHA6Ly90ZXN0LzQ4MIYPaHR0cDovL3Rlc3QvNDgxhg9o +dHRwOi8vdGVzdC80ODKGD2h0dHA6Ly90ZXN0LzQ4M4YPaHR0cDovL3Rlc3QvNDg0 +hg9odHRwOi8vdGVzdC80ODWGD2h0dHA6Ly90ZXN0LzQ4NoYPaHR0cDovL3Rlc3Qv +NDg3hg9odHRwOi8vdGVzdC80ODiGD2h0dHA6Ly90ZXN0LzQ4OYYPaHR0cDovL3Rl +c3QvNDkwhg9odHRwOi8vdGVzdC80OTGGD2h0dHA6Ly90ZXN0LzQ5MoYPaHR0cDov +L3Rlc3QvNDkzhg9odHRwOi8vdGVzdC80OTSGD2h0dHA6Ly90ZXN0LzQ5NYYPaHR0 +cDovL3Rlc3QvNDk2hg9odHRwOi8vdGVzdC80OTeGD2h0dHA6Ly90ZXN0LzQ5OIYP +aHR0cDovL3Rlc3QvNDk5hg9odHRwOi8vdGVzdC81MDCGD2h0dHA6Ly90ZXN0LzUw +MYYPaHR0cDovL3Rlc3QvNTAyhg9odHRwOi8vdGVzdC81MDOGD2h0dHA6Ly90ZXN0 +LzUwNIYPaHR0cDovL3Rlc3QvNTA1hg9odHRwOi8vdGVzdC81MDaGD2h0dHA6Ly90 +ZXN0LzUwN4YPaHR0cDovL3Rlc3QvNTA4hg9odHRwOi8vdGVzdC81MDmGD2h0dHA6 +Ly90ZXN0LzUxMIYPaHR0cDovL3Rlc3QvNTExhg9odHRwOi8vdGVzdC81MTKGD2h0 +dHA6Ly90ZXN0LzUxM4YPaHR0cDovL3Rlc3QvNTE0hg9odHRwOi8vdGVzdC81MTWG +D2h0dHA6Ly90ZXN0LzUxNoYPaHR0cDovL3Rlc3QvNTE3hg9odHRwOi8vdGVzdC81 +MTiGD2h0dHA6Ly90ZXN0LzUxOYYPaHR0cDovL3Rlc3QvNTIwhg9odHRwOi8vdGVz +dC81MjGGD2h0dHA6Ly90ZXN0LzUyMoYPaHR0cDovL3Rlc3QvNTIzhg9odHRwOi8v +dGVzdC81MjSGD2h0dHA6Ly90ZXN0LzUyNYYPaHR0cDovL3Rlc3QvNTI2hg9odHRw +Oi8vdGVzdC81MjeGD2h0dHA6Ly90ZXN0LzUyOIYPaHR0cDovL3Rlc3QvNTI5hg9o +dHRwOi8vdGVzdC81MzCGD2h0dHA6Ly90ZXN0LzUzMYYPaHR0cDovL3Rlc3QvNTMy +hg9odHRwOi8vdGVzdC81MzOGD2h0dHA6Ly90ZXN0LzUzNIYPaHR0cDovL3Rlc3Qv +NTM1hg9odHRwOi8vdGVzdC81MzaGD2h0dHA6Ly90ZXN0LzUzN4YPaHR0cDovL3Rl +c3QvNTM4hg9odHRwOi8vdGVzdC81MzmGD2h0dHA6Ly90ZXN0LzU0MIYPaHR0cDov +L3Rlc3QvNTQxhg9odHRwOi8vdGVzdC81NDKGD2h0dHA6Ly90ZXN0LzU0M4YPaHR0 +cDovL3Rlc3QvNTQ0hg9odHRwOi8vdGVzdC81NDWGD2h0dHA6Ly90ZXN0LzU0NoYP +aHR0cDovL3Rlc3QvNTQ3hg9odHRwOi8vdGVzdC81NDiGD2h0dHA6Ly90ZXN0LzU0 +OYYPaHR0cDovL3Rlc3QvNTUwhg9odHRwOi8vdGVzdC81NTGGD2h0dHA6Ly90ZXN0 +LzU1MoYPaHR0cDovL3Rlc3QvNTUzhg9odHRwOi8vdGVzdC81NTSGD2h0dHA6Ly90 +ZXN0LzU1NYYPaHR0cDovL3Rlc3QvNTU2hg9odHRwOi8vdGVzdC81NTeGD2h0dHA6 +Ly90ZXN0LzU1OIYPaHR0cDovL3Rlc3QvNTU5hg9odHRwOi8vdGVzdC81NjCGD2h0 +dHA6Ly90ZXN0LzU2MYYPaHR0cDovL3Rlc3QvNTYyhg9odHRwOi8vdGVzdC81NjOG +D2h0dHA6Ly90ZXN0LzU2NIYPaHR0cDovL3Rlc3QvNTY1hg9odHRwOi8vdGVzdC81 +NjaGD2h0dHA6Ly90ZXN0LzU2N4YPaHR0cDovL3Rlc3QvNTY4hg9odHRwOi8vdGVz +dC81NjmGD2h0dHA6Ly90ZXN0LzU3MIYPaHR0cDovL3Rlc3QvNTcxhg9odHRwOi8v +dGVzdC81NzKGD2h0dHA6Ly90ZXN0LzU3M4YPaHR0cDovL3Rlc3QvNTc0hg9odHRw +Oi8vdGVzdC81NzWGD2h0dHA6Ly90ZXN0LzU3NoYPaHR0cDovL3Rlc3QvNTc3hg9o +dHRwOi8vdGVzdC81NziGD2h0dHA6Ly90ZXN0LzU3OYYPaHR0cDovL3Rlc3QvNTgw +hg9odHRwOi8vdGVzdC81ODGGD2h0dHA6Ly90ZXN0LzU4MoYPaHR0cDovL3Rlc3Qv +NTgzhg9odHRwOi8vdGVzdC81ODSGD2h0dHA6Ly90ZXN0LzU4NYYPaHR0cDovL3Rl +c3QvNTg2hg9odHRwOi8vdGVzdC81ODeGD2h0dHA6Ly90ZXN0LzU4OIYPaHR0cDov +L3Rlc3QvNTg5hg9odHRwOi8vdGVzdC81OTCGD2h0dHA6Ly90ZXN0LzU5MYYPaHR0 +cDovL3Rlc3QvNTkyhg9odHRwOi8vdGVzdC81OTOGD2h0dHA6Ly90ZXN0LzU5NIYP +aHR0cDovL3Rlc3QvNTk1hg9odHRwOi8vdGVzdC81OTaGD2h0dHA6Ly90ZXN0LzU5 +N4YPaHR0cDovL3Rlc3QvNTk4hg9odHRwOi8vdGVzdC81OTmGD2h0dHA6Ly90ZXN0 +LzYwMIYPaHR0cDovL3Rlc3QvNjAxhg9odHRwOi8vdGVzdC82MDKGD2h0dHA6Ly90 +ZXN0LzYwM4YPaHR0cDovL3Rlc3QvNjA0hg9odHRwOi8vdGVzdC82MDWGD2h0dHA6 +Ly90ZXN0LzYwNoYPaHR0cDovL3Rlc3QvNjA3hg9odHRwOi8vdGVzdC82MDiGD2h0 +dHA6Ly90ZXN0LzYwOYYPaHR0cDovL3Rlc3QvNjEwhg9odHRwOi8vdGVzdC82MTGG +D2h0dHA6Ly90ZXN0LzYxMoYPaHR0cDovL3Rlc3QvNjEzhg9odHRwOi8vdGVzdC82 +MTSGD2h0dHA6Ly90ZXN0LzYxNYYPaHR0cDovL3Rlc3QvNjE2hg9odHRwOi8vdGVz +dC82MTeGD2h0dHA6Ly90ZXN0LzYxOIYPaHR0cDovL3Rlc3QvNjE5hg9odHRwOi8v +dGVzdC82MjCGD2h0dHA6Ly90ZXN0LzYyMYYPaHR0cDovL3Rlc3QvNjIyhg9odHRw +Oi8vdGVzdC82MjOGD2h0dHA6Ly90ZXN0LzYyNIYPaHR0cDovL3Rlc3QvNjI1hg9o +dHRwOi8vdGVzdC82MjaGD2h0dHA6Ly90ZXN0LzYyN4YPaHR0cDovL3Rlc3QvNjI4 +hg9odHRwOi8vdGVzdC82MjmGD2h0dHA6Ly90ZXN0LzYzMIYPaHR0cDovL3Rlc3Qv +NjMxhg9odHRwOi8vdGVzdC82MzKGD2h0dHA6Ly90ZXN0LzYzM4YPaHR0cDovL3Rl +c3QvNjM0hg9odHRwOi8vdGVzdC82MzWGD2h0dHA6Ly90ZXN0LzYzNoYPaHR0cDov +L3Rlc3QvNjM3hg9odHRwOi8vdGVzdC82MziGD2h0dHA6Ly90ZXN0LzYzOYYPaHR0 +cDovL3Rlc3QvNjQwhg9odHRwOi8vdGVzdC82NDGGD2h0dHA6Ly90ZXN0LzY0MoYP +aHR0cDovL3Rlc3QvNjQzhg9odHRwOi8vdGVzdC82NDSGD2h0dHA6Ly90ZXN0LzY0 +NYYPaHR0cDovL3Rlc3QvNjQ2hg9odHRwOi8vdGVzdC82NDeGD2h0dHA6Ly90ZXN0 +LzY0OIYPaHR0cDovL3Rlc3QvNjQ5hg9odHRwOi8vdGVzdC82NTCGD2h0dHA6Ly90 +ZXN0LzY1MYYPaHR0cDovL3Rlc3QvNjUyhg9odHRwOi8vdGVzdC82NTOGD2h0dHA6 +Ly90ZXN0LzY1NIYPaHR0cDovL3Rlc3QvNjU1hg9odHRwOi8vdGVzdC82NTaGD2h0 +dHA6Ly90ZXN0LzY1N4YPaHR0cDovL3Rlc3QvNjU4hg9odHRwOi8vdGVzdC82NTmG +D2h0dHA6Ly90ZXN0LzY2MIYPaHR0cDovL3Rlc3QvNjYxhg9odHRwOi8vdGVzdC82 +NjKGD2h0dHA6Ly90ZXN0LzY2M4YPaHR0cDovL3Rlc3QvNjY0hg9odHRwOi8vdGVz +dC82NjWGD2h0dHA6Ly90ZXN0LzY2NoYPaHR0cDovL3Rlc3QvNjY3hg9odHRwOi8v +dGVzdC82NjiGD2h0dHA6Ly90ZXN0LzY2OYYPaHR0cDovL3Rlc3QvNjcwhg9odHRw +Oi8vdGVzdC82NzGGD2h0dHA6Ly90ZXN0LzY3MoYPaHR0cDovL3Rlc3QvNjczhg9o +dHRwOi8vdGVzdC82NzSGD2h0dHA6Ly90ZXN0LzY3NYYPaHR0cDovL3Rlc3QvNjc2 +hg9odHRwOi8vdGVzdC82NzeGD2h0dHA6Ly90ZXN0LzY3OIYPaHR0cDovL3Rlc3Qv +Njc5hg9odHRwOi8vdGVzdC82ODCGD2h0dHA6Ly90ZXN0LzY4MYYPaHR0cDovL3Rl +c3QvNjgyhg9odHRwOi8vdGVzdC82ODOGD2h0dHA6Ly90ZXN0LzY4NIYPaHR0cDov +L3Rlc3QvNjg1hg9odHRwOi8vdGVzdC82ODaGD2h0dHA6Ly90ZXN0LzY4N4YPaHR0 +cDovL3Rlc3QvNjg4hg9odHRwOi8vdGVzdC82ODmGD2h0dHA6Ly90ZXN0LzY5MIYP +aHR0cDovL3Rlc3QvNjkxhg9odHRwOi8vdGVzdC82OTKGD2h0dHA6Ly90ZXN0LzY5 +M4YPaHR0cDovL3Rlc3QvNjk0hg9odHRwOi8vdGVzdC82OTWGD2h0dHA6Ly90ZXN0 +LzY5NoYPaHR0cDovL3Rlc3QvNjk3hg9odHRwOi8vdGVzdC82OTiGD2h0dHA6Ly90 +ZXN0LzY5OYYPaHR0cDovL3Rlc3QvNzAwhg9odHRwOi8vdGVzdC83MDGGD2h0dHA6 +Ly90ZXN0LzcwMoYPaHR0cDovL3Rlc3QvNzAzhg9odHRwOi8vdGVzdC83MDSGD2h0 +dHA6Ly90ZXN0LzcwNYYPaHR0cDovL3Rlc3QvNzA2hg9odHRwOi8vdGVzdC83MDeG +D2h0dHA6Ly90ZXN0LzcwOIYPaHR0cDovL3Rlc3QvNzA5hg9odHRwOi8vdGVzdC83 +MTCGD2h0dHA6Ly90ZXN0LzcxMYYPaHR0cDovL3Rlc3QvNzEyhg9odHRwOi8vdGVz +dC83MTOGD2h0dHA6Ly90ZXN0LzcxNIYPaHR0cDovL3Rlc3QvNzE1hg9odHRwOi8v +dGVzdC83MTaGD2h0dHA6Ly90ZXN0LzcxN4YPaHR0cDovL3Rlc3QvNzE4hg9odHRw +Oi8vdGVzdC83MTmGD2h0dHA6Ly90ZXN0LzcyMIYPaHR0cDovL3Rlc3QvNzIxhg9o +dHRwOi8vdGVzdC83MjKGD2h0dHA6Ly90ZXN0LzcyM4YPaHR0cDovL3Rlc3QvNzI0 +hg9odHRwOi8vdGVzdC83MjWGD2h0dHA6Ly90ZXN0LzcyNoYPaHR0cDovL3Rlc3Qv +NzI3hg9odHRwOi8vdGVzdC83MjiGD2h0dHA6Ly90ZXN0LzcyOYYPaHR0cDovL3Rl +c3QvNzMwhg9odHRwOi8vdGVzdC83MzGGD2h0dHA6Ly90ZXN0LzczMoYPaHR0cDov +L3Rlc3QvNzMzhg9odHRwOi8vdGVzdC83MzSGD2h0dHA6Ly90ZXN0LzczNYYPaHR0 +cDovL3Rlc3QvNzM2hg9odHRwOi8vdGVzdC83MzeGD2h0dHA6Ly90ZXN0LzczOIYP +aHR0cDovL3Rlc3QvNzM5hg9odHRwOi8vdGVzdC83NDCGD2h0dHA6Ly90ZXN0Lzc0 +MYYPaHR0cDovL3Rlc3QvNzQyhg9odHRwOi8vdGVzdC83NDOGD2h0dHA6Ly90ZXN0 +Lzc0NIYPaHR0cDovL3Rlc3QvNzQ1hg9odHRwOi8vdGVzdC83NDaGD2h0dHA6Ly90 +ZXN0Lzc0N4YPaHR0cDovL3Rlc3QvNzQ4hg9odHRwOi8vdGVzdC83NDmGD2h0dHA6 +Ly90ZXN0Lzc1MIYPaHR0cDovL3Rlc3QvNzUxhg9odHRwOi8vdGVzdC83NTKGD2h0 +dHA6Ly90ZXN0Lzc1M4YPaHR0cDovL3Rlc3QvNzU0hg9odHRwOi8vdGVzdC83NTWG +D2h0dHA6Ly90ZXN0Lzc1NoYPaHR0cDovL3Rlc3QvNzU3hg9odHRwOi8vdGVzdC83 +NTiGD2h0dHA6Ly90ZXN0Lzc1OYYPaHR0cDovL3Rlc3QvNzYwhg9odHRwOi8vdGVz +dC83NjGGD2h0dHA6Ly90ZXN0Lzc2MoYPaHR0cDovL3Rlc3QvNzYzhg9odHRwOi8v +dGVzdC83NjSGD2h0dHA6Ly90ZXN0Lzc2NYYPaHR0cDovL3Rlc3QvNzY2hg9odHRw +Oi8vdGVzdC83NjeGD2h0dHA6Ly90ZXN0Lzc2OIYPaHR0cDovL3Rlc3QvNzY5hg9o +dHRwOi8vdGVzdC83NzCGD2h0dHA6Ly90ZXN0Lzc3MYYPaHR0cDovL3Rlc3QvNzcy +hg9odHRwOi8vdGVzdC83NzOGD2h0dHA6Ly90ZXN0Lzc3NIYPaHR0cDovL3Rlc3Qv +Nzc1hg9odHRwOi8vdGVzdC83NzaGD2h0dHA6Ly90ZXN0Lzc3N4YPaHR0cDovL3Rl +c3QvNzc4hg9odHRwOi8vdGVzdC83NzmGD2h0dHA6Ly90ZXN0Lzc4MIYPaHR0cDov +L3Rlc3QvNzgxhg9odHRwOi8vdGVzdC83ODKGD2h0dHA6Ly90ZXN0Lzc4M4YPaHR0 +cDovL3Rlc3QvNzg0hg9odHRwOi8vdGVzdC83ODWGD2h0dHA6Ly90ZXN0Lzc4NoYP +aHR0cDovL3Rlc3QvNzg3hg9odHRwOi8vdGVzdC83ODiGD2h0dHA6Ly90ZXN0Lzc4 +OYYPaHR0cDovL3Rlc3QvNzkwhg9odHRwOi8vdGVzdC83OTGGD2h0dHA6Ly90ZXN0 +Lzc5MoYPaHR0cDovL3Rlc3QvNzkzhg9odHRwOi8vdGVzdC83OTSGD2h0dHA6Ly90 +ZXN0Lzc5NYYPaHR0cDovL3Rlc3QvNzk2hg9odHRwOi8vdGVzdC83OTeGD2h0dHA6 +Ly90ZXN0Lzc5OIYPaHR0cDovL3Rlc3QvNzk5hg9odHRwOi8vdGVzdC84MDCGD2h0 +dHA6Ly90ZXN0LzgwMYYPaHR0cDovL3Rlc3QvODAyhg9odHRwOi8vdGVzdC84MDOG +D2h0dHA6Ly90ZXN0LzgwNIYPaHR0cDovL3Rlc3QvODA1hg9odHRwOi8vdGVzdC84 +MDaGD2h0dHA6Ly90ZXN0LzgwN4YPaHR0cDovL3Rlc3QvODA4hg9odHRwOi8vdGVz +dC84MDmGD2h0dHA6Ly90ZXN0LzgxMIYPaHR0cDovL3Rlc3QvODExhg9odHRwOi8v +dGVzdC84MTKGD2h0dHA6Ly90ZXN0LzgxM4YPaHR0cDovL3Rlc3QvODE0hg9odHRw +Oi8vdGVzdC84MTWGD2h0dHA6Ly90ZXN0LzgxNoYPaHR0cDovL3Rlc3QvODE3hg9o +dHRwOi8vdGVzdC84MTiGD2h0dHA6Ly90ZXN0LzgxOYYPaHR0cDovL3Rlc3QvODIw +hg9odHRwOi8vdGVzdC84MjGGD2h0dHA6Ly90ZXN0LzgyMoYPaHR0cDovL3Rlc3Qv +ODIzhg9odHRwOi8vdGVzdC84MjSGD2h0dHA6Ly90ZXN0LzgyNYYPaHR0cDovL3Rl +c3QvODI2hg9odHRwOi8vdGVzdC84MjeGD2h0dHA6Ly90ZXN0LzgyOIYPaHR0cDov +L3Rlc3QvODI5hg9odHRwOi8vdGVzdC84MzCGD2h0dHA6Ly90ZXN0LzgzMYYPaHR0 +cDovL3Rlc3QvODMyhg9odHRwOi8vdGVzdC84MzOGD2h0dHA6Ly90ZXN0LzgzNIYP +aHR0cDovL3Rlc3QvODM1hg9odHRwOi8vdGVzdC84MzaGD2h0dHA6Ly90ZXN0Lzgz +N4YPaHR0cDovL3Rlc3QvODM4hg9odHRwOi8vdGVzdC84MzmGD2h0dHA6Ly90ZXN0 +Lzg0MIYPaHR0cDovL3Rlc3QvODQxhg9odHRwOi8vdGVzdC84NDKGD2h0dHA6Ly90 +ZXN0Lzg0M4YPaHR0cDovL3Rlc3QvODQ0hg9odHRwOi8vdGVzdC84NDWGD2h0dHA6 +Ly90ZXN0Lzg0NoYPaHR0cDovL3Rlc3QvODQ3hg9odHRwOi8vdGVzdC84NDiGD2h0 +dHA6Ly90ZXN0Lzg0OYYPaHR0cDovL3Rlc3QvODUwhg9odHRwOi8vdGVzdC84NTGG +D2h0dHA6Ly90ZXN0Lzg1MoYPaHR0cDovL3Rlc3QvODUzhg9odHRwOi8vdGVzdC84 +NTSGD2h0dHA6Ly90ZXN0Lzg1NYYPaHR0cDovL3Rlc3QvODU2hg9odHRwOi8vdGVz +dC84NTeGD2h0dHA6Ly90ZXN0Lzg1OIYPaHR0cDovL3Rlc3QvODU5hg9odHRwOi8v +dGVzdC84NjCGD2h0dHA6Ly90ZXN0Lzg2MYYPaHR0cDovL3Rlc3QvODYyhg9odHRw +Oi8vdGVzdC84NjOGD2h0dHA6Ly90ZXN0Lzg2NIYPaHR0cDovL3Rlc3QvODY1hg9o +dHRwOi8vdGVzdC84NjaGD2h0dHA6Ly90ZXN0Lzg2N4YPaHR0cDovL3Rlc3QvODY4 +hg9odHRwOi8vdGVzdC84NjmGD2h0dHA6Ly90ZXN0Lzg3MIYPaHR0cDovL3Rlc3Qv +ODcxhg9odHRwOi8vdGVzdC84NzKGD2h0dHA6Ly90ZXN0Lzg3M4YPaHR0cDovL3Rl +c3QvODc0hg9odHRwOi8vdGVzdC84NzWGD2h0dHA6Ly90ZXN0Lzg3NoYPaHR0cDov +L3Rlc3QvODc3hg9odHRwOi8vdGVzdC84NziGD2h0dHA6Ly90ZXN0Lzg3OYYPaHR0 +cDovL3Rlc3QvODgwhg9odHRwOi8vdGVzdC84ODGGD2h0dHA6Ly90ZXN0Lzg4MoYP +aHR0cDovL3Rlc3QvODgzhg9odHRwOi8vdGVzdC84ODSGD2h0dHA6Ly90ZXN0Lzg4 +NYYPaHR0cDovL3Rlc3QvODg2hg9odHRwOi8vdGVzdC84ODeGD2h0dHA6Ly90ZXN0 +Lzg4OIYPaHR0cDovL3Rlc3QvODg5hg9odHRwOi8vdGVzdC84OTCGD2h0dHA6Ly90 +ZXN0Lzg5MYYPaHR0cDovL3Rlc3QvODkyhg9odHRwOi8vdGVzdC84OTOGD2h0dHA6 +Ly90ZXN0Lzg5NIYPaHR0cDovL3Rlc3QvODk1hg9odHRwOi8vdGVzdC84OTaGD2h0 +dHA6Ly90ZXN0Lzg5N4YPaHR0cDovL3Rlc3QvODk4hg9odHRwOi8vdGVzdC84OTmG +D2h0dHA6Ly90ZXN0LzkwMIYPaHR0cDovL3Rlc3QvOTAxhg9odHRwOi8vdGVzdC85 +MDKGD2h0dHA6Ly90ZXN0LzkwM4YPaHR0cDovL3Rlc3QvOTA0hg9odHRwOi8vdGVz +dC85MDWGD2h0dHA6Ly90ZXN0LzkwNoYPaHR0cDovL3Rlc3QvOTA3hg9odHRwOi8v +dGVzdC85MDiGD2h0dHA6Ly90ZXN0LzkwOYYPaHR0cDovL3Rlc3QvOTEwhg9odHRw +Oi8vdGVzdC85MTGGD2h0dHA6Ly90ZXN0LzkxMoYPaHR0cDovL3Rlc3QvOTEzhg9o +dHRwOi8vdGVzdC85MTSGD2h0dHA6Ly90ZXN0LzkxNYYPaHR0cDovL3Rlc3QvOTE2 +hg9odHRwOi8vdGVzdC85MTeGD2h0dHA6Ly90ZXN0LzkxOIYPaHR0cDovL3Rlc3Qv +OTE5hg9odHRwOi8vdGVzdC85MjCGD2h0dHA6Ly90ZXN0LzkyMYYPaHR0cDovL3Rl +c3QvOTIyhg9odHRwOi8vdGVzdC85MjOGD2h0dHA6Ly90ZXN0LzkyNIYPaHR0cDov +L3Rlc3QvOTI1hg9odHRwOi8vdGVzdC85MjaGD2h0dHA6Ly90ZXN0LzkyN4YPaHR0 +cDovL3Rlc3QvOTI4hg9odHRwOi8vdGVzdC85MjmGD2h0dHA6Ly90ZXN0LzkzMIYP +aHR0cDovL3Rlc3QvOTMxhg9odHRwOi8vdGVzdC85MzKGD2h0dHA6Ly90ZXN0Lzkz +M4YPaHR0cDovL3Rlc3QvOTM0hg9odHRwOi8vdGVzdC85MzWGD2h0dHA6Ly90ZXN0 +LzkzNoYPaHR0cDovL3Rlc3QvOTM3hg9odHRwOi8vdGVzdC85MziGD2h0dHA6Ly90 +ZXN0LzkzOYYPaHR0cDovL3Rlc3QvOTQwhg9odHRwOi8vdGVzdC85NDGGD2h0dHA6 +Ly90ZXN0Lzk0MoYPaHR0cDovL3Rlc3QvOTQzhg9odHRwOi8vdGVzdC85NDSGD2h0 +dHA6Ly90ZXN0Lzk0NYYPaHR0cDovL3Rlc3QvOTQ2hg9odHRwOi8vdGVzdC85NDeG +D2h0dHA6Ly90ZXN0Lzk0OIYPaHR0cDovL3Rlc3QvOTQ5hg9odHRwOi8vdGVzdC85 +NTCGD2h0dHA6Ly90ZXN0Lzk1MYYPaHR0cDovL3Rlc3QvOTUyhg9odHRwOi8vdGVz +dC85NTOGD2h0dHA6Ly90ZXN0Lzk1NIYPaHR0cDovL3Rlc3QvOTU1hg9odHRwOi8v +dGVzdC85NTaGD2h0dHA6Ly90ZXN0Lzk1N4YPaHR0cDovL3Rlc3QvOTU4hg9odHRw +Oi8vdGVzdC85NTmGD2h0dHA6Ly90ZXN0Lzk2MIYPaHR0cDovL3Rlc3QvOTYxhg9o +dHRwOi8vdGVzdC85NjKGD2h0dHA6Ly90ZXN0Lzk2M4YPaHR0cDovL3Rlc3QvOTY0 +hg9odHRwOi8vdGVzdC85NjWGD2h0dHA6Ly90ZXN0Lzk2NoYPaHR0cDovL3Rlc3Qv +OTY3hg9odHRwOi8vdGVzdC85NjiGD2h0dHA6Ly90ZXN0Lzk2OYYPaHR0cDovL3Rl +c3QvOTcwhg9odHRwOi8vdGVzdC85NzGGD2h0dHA6Ly90ZXN0Lzk3MoYPaHR0cDov +L3Rlc3QvOTczhg9odHRwOi8vdGVzdC85NzSGD2h0dHA6Ly90ZXN0Lzk3NYYPaHR0 +cDovL3Rlc3QvOTc2hg9odHRwOi8vdGVzdC85NzeGD2h0dHA6Ly90ZXN0Lzk3OIYP +aHR0cDovL3Rlc3QvOTc5hg9odHRwOi8vdGVzdC85ODCGD2h0dHA6Ly90ZXN0Lzk4 +MYYPaHR0cDovL3Rlc3QvOTgyhg9odHRwOi8vdGVzdC85ODOGD2h0dHA6Ly90ZXN0 +Lzk4NIYPaHR0cDovL3Rlc3QvOTg1hg9odHRwOi8vdGVzdC85ODaGD2h0dHA6Ly90 +ZXN0Lzk4N4YPaHR0cDovL3Rlc3QvOTg4hg9odHRwOi8vdGVzdC85ODmGD2h0dHA6 +Ly90ZXN0Lzk5MIYPaHR0cDovL3Rlc3QvOTkxhg9odHRwOi8vdGVzdC85OTKGD2h0 +dHA6Ly90ZXN0Lzk5M4YPaHR0cDovL3Rlc3QvOTk0hg9odHRwOi8vdGVzdC85OTWG +D2h0dHA6Ly90ZXN0Lzk5NoYPaHR0cDovL3Rlc3QvOTk3hg9odHRwOi8vdGVzdC85 +OTiGD2h0dHA6Ly90ZXN0Lzk5OYYQaHR0cDovL3Rlc3QvMTAwMIYQaHR0cDovL3Rl +c3QvMTAwMYYQaHR0cDovL3Rlc3QvMTAwMoYQaHR0cDovL3Rlc3QvMTAwM4YQaHR0 +cDovL3Rlc3QvMTAwNIYQaHR0cDovL3Rlc3QvMTAwNYYQaHR0cDovL3Rlc3QvMTAw +NoYQaHR0cDovL3Rlc3QvMTAwN4YQaHR0cDovL3Rlc3QvMTAwOIYQaHR0cDovL3Rl +c3QvMTAwOYYQaHR0cDovL3Rlc3QvMTAxMIYQaHR0cDovL3Rlc3QvMTAxMYYQaHR0 +cDovL3Rlc3QvMTAxMoYQaHR0cDovL3Rlc3QvMTAxM4YQaHR0cDovL3Rlc3QvMTAx +NIYQaHR0cDovL3Rlc3QvMTAxNYYQaHR0cDovL3Rlc3QvMTAxNoYQaHR0cDovL3Rl +c3QvMTAxN4YQaHR0cDovL3Rlc3QvMTAxOIYQaHR0cDovL3Rlc3QvMTAxOYYQaHR0 +cDovL3Rlc3QvMTAyMIYQaHR0cDovL3Rlc3QvMTAyMYYQaHR0cDovL3Rlc3QvMTAy +MoYQaHR0cDovL3Rlc3QvMTAyM4YQaHR0cDovL3Rlc3QvMTAyNDANBgkqhkiG9w0B +AQsFAAOCAQEACAB/4EB10kM2P+Nsz8FKabIMG6ioa3ru7dAt7uJS2SofXawp9RLi +rzvboG06tAnvdvpSaF8HX5+kUo8d2tq2k1SHR9A8Zn7/G+Me2lJMAEZbDOueuF4e +2/fO3SwPTiMdY5jt5RjoBJyhHs1Y3glDTb+NS22OMummU0AXDOJZQ1UtP6uvqhNI +rACsW98WxyAq6lDveXjJNNXFf48n0FpCOugTAVG8o7lTbx3kc1KN8Mec0UYZqihj +PsxKX2MNHShL4LQ3g9uFjISGfjcVqO2oANoUl/3xyOpuOrcZwW9Tawv/KWAwfbY1 +1rhYb1UyGMZEwwjYxJUle7oTBCY0fNQOoQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D5.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D5.pem new file mode 100644 index 0000000000..7ef7fdabb3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D5.pem @@ -0,0 +1,344 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340 + Signature Algorithm: sha256WithRSAEncryption + 90:c2:57:f6:92:e9:c7:58:4e:b5:bd:11:26:33:dd:b9:3d:c2: + 1e:6d:6b:21:74:04:85:22:1e:d2:1b:09:fb:99:24:d8:e6:ed: + 1c:55:14:34:b7:19:4e:f2:cc:37:2e:b3:d3:26:96:f2:6d:88: + d6:8d:b2:7b:1a:6f:eb:66:f1:d9:f3:a3:4f:b0:76:51:d2:1c: + e6:b0:ae:0f:28:38:bf:c6:94:d5:76:71:0f:f6:11:95:c8:07: + 26:be:81:aa:55:4d:17:17:36:90:bb:c2:b8:40:72:a2:cf:0f: + d3:55:b1:65:50:67:c8:57:4b:54:bd:5b:42:7f:d4:b4:46:0e: + fe:9d:f0:eb:a9:96:c2:53:ce:b5:fb:71:3c:da:51:37:94:c7: + 7b:1e:d6:5b:c1:1b:da:ae:09:b1:da:d0:2d:27:ae:46:c6:5e: + d0:72:cb:e0:29:a7:c8:40:e8:18:94:26:ad:d8:51:21:43:24: + f6:f9:a4:9e:f1:57:d1:4b:3e:74:71:97:8f:de:09:2d:d3:85: + b1:79:a8:9d:d0:6c:35:90:a8:62:2f:fb:45:ac:c5:5b:5c:cc: + ea:72:05:b0:2f:79:36:56:f2:75:5b:b4:30:8c:0c:9f:fc:e8: + da:7e:2c:dd:fc:5e:fc:23:04:c1:53:31:a7:e2:ce:18:10:28: + b8:d4:60:8e +-----BEGIN CERTIFICATE----- +MIIy0TCCMbmgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCMB4wgjAaMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgi8wBgNVHREEgi8nMIIvI4IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SHBAoAAACHBAoAAAGHBAoAAAKHBAoAAAOHBAoAAASHBAoAAAWHBAoAAAaHBAoA +AAeHBAoAAAiHBAoAAAmHBAoAAAqHBAoAAAuHBAoAAAyHBAoAAA2HBAoAAA6HBAoA +AA+HBAoAABCHBAoAABGHBAoAABKHBAoAABOHBAoAABSHBAoAABWHBAoAABaHBAoA +ABeHBAoAABiHBAoAABmHBAoAABqHBAoAABuHBAoAAByHBAoAAB2HBAoAAB6HBAoA +AB+HBAoAACCHBAoAACGHBAoAACKHBAoAACOHBAoAACSHBAoAACWHBAoAACaHBAoA +ACeHBAoAACiHBAoAACmHBAoAACqHBAoAACuHBAoAACyHBAoAAC2HBAoAAC6HBAoA +AC+HBAoAADCHBAoAADGHBAoAADKHBAoAADOHBAoAADSHBAoAADWHBAoAADaHBAoA +ADeHBAoAADiHBAoAADmHBAoAADqHBAoAADuHBAoAADyHBAoAAD2HBAoAAD6HBAoA +AD+HBAoAAECHBAoAAEGHBAoAAEKHBAoAAEOHBAoAAESHBAoAAEWHBAoAAEaHBAoA +AEeHBAoAAEiHBAoAAEmHBAoAAEqHBAoAAEuHBAoAAEyHBAoAAE2HBAoAAE6HBAoA +AE+HBAoAAFCHBAoAAFGHBAoAAFKHBAoAAFOHBAoAAFSHBAoAAFWHBAoAAFaHBAoA +AFeHBAoAAFiHBAoAAFmHBAoAAFqHBAoAAFuHBAoAAFyHBAoAAF2HBAoAAF6HBAoA +AF+HBAoAAGCHBAoAAGGHBAoAAGKHBAoAAGOHBAoAAGSHBAoAAGWHBAoAAGaHBAoA +AGeHBAoAAGiHBAoAAGmHBAoAAGqHBAoAAGuHBAoAAGyHBAoAAG2HBAoAAG6HBAoA +AG+HBAoAAHCHBAoAAHGHBAoAAHKHBAoAAHOHBAoAAHSHBAoAAHWHBAoAAHaHBAoA +AHeHBAoAAHiHBAoAAHmHBAoAAHqHBAoAAHuHBAoAAHyHBAoAAH2HBAoAAH6HBAoA +AH+HBAoAAICHBAoAAIGHBAoAAIKHBAoAAIOHBAoAAISHBAoAAIWHBAoAAIaHBAoA +AIeHBAoAAIiHBAoAAImHBAoAAIqHBAoAAIuHBAoAAIyHBAoAAI2HBAoAAI6HBAoA +AI+HBAoAAJCHBAoAAJGHBAoAAJKHBAoAAJOHBAoAAJSHBAoAAJWHBAoAAJaHBAoA +AJeHBAoAAJiHBAoAAJmHBAoAAJqHBAoAAJuHBAoAAJyHBAoAAJ2HBAoAAJ6HBAoA +AJ+HBAoAAKCHBAoAAKGHBAoAAKKHBAoAAKOHBAoAAKSHBAoAAKWHBAoAAKaHBAoA +AKeHBAoAAKiHBAoAAKmHBAoAAKqHBAoAAKuHBAoAAKyHBAoAAK2HBAoAAK6HBAoA +AK+HBAoAALCHBAoAALGHBAoAALKHBAoAALOHBAoAALSHBAoAALWHBAoAALaHBAoA +ALeHBAoAALiHBAoAALmHBAoAALqHBAoAALuHBAoAALyHBAoAAL2HBAoAAL6HBAoA +AL+HBAoAAMCHBAoAAMGHBAoAAMKHBAoAAMOHBAoAAMSHBAoAAMWHBAoAAMaHBAoA +AMeHBAoAAMiHBAoAAMmHBAoAAMqHBAoAAMuHBAoAAMyHBAoAAM2HBAoAAM6HBAoA +AM+HBAoAANCHBAoAANGHBAoAANKHBAoAANOHBAoAANSHBAoAANWHBAoAANaHBAoA +ANeHBAoAANiHBAoAANmHBAoAANqHBAoAANuHBAoAANyHBAoAAN2HBAoAAN6HBAoA +AN+HBAoAAOCHBAoAAOGHBAoAAOKHBAoAAOOHBAoAAOSHBAoAAOWHBAoAAOaHBAoA +AOeHBAoAAOiHBAoAAOmHBAoAAOqHBAoAAOuHBAoAAOyHBAoAAO2HBAoAAO6HBAoA +AO+HBAoAAPCHBAoAAPGHBAoAAPKHBAoAAPOHBAoAAPSHBAoAAPWHBAoAAPaHBAoA +APeHBAoAAPiHBAoAAPmHBAoAAPqHBAoAAPuHBAoAAPyHBAoAAP2HBAoAAP6HBAoA +AP+HBAoAAQCHBAoAAQGHBAoAAQKHBAoAAQOHBAoAAQSHBAoAAQWHBAoAAQaHBAoA +AQeHBAoAAQiHBAoAAQmHBAoAAQqHBAoAAQuHBAoAAQyHBAoAAQ2HBAoAAQ6HBAoA +AQ+HBAoAARCHBAoAARGHBAoAARKHBAoAAROHBAoAARSHBAoAARWHBAoAARaHBAoA +AReHBAoAARiHBAoAARmHBAoAARqHBAoAARuHBAoAARyHBAoAAR2HBAoAAR6HBAoA +AR+HBAoAASCHBAoAASGHBAoAASKHBAoAASOHBAoAASSHBAoAASWHBAoAASaHBAoA +ASeHBAoAASiHBAoAASmHBAoAASqHBAoAASuHBAoAASyHBAoAAS2HBAoAAS6HBAoA +AS+HBAoAATCHBAoAATGHBAoAATKHBAoAATOHBAoAATSHBAoAATWHBAoAATaHBAoA +ATeHBAoAATiHBAoAATmHBAoAATqHBAoAATuHBAoAATyHBAoAAT2HBAoAAT6HBAoA +AT+HBAoAAUCHBAoAAUGHBAoAAUKHBAoAAUOHBAoAAUSHBAoAAUWHBAoAAUaHBAoA +AUeHBAoAAUiHBAoAAUmHBAoAAUqHBAoAAUuHBAoAAUyHBAoAAU2HBAoAAU6HBAoA +AU+HBAoAAVCHBAoAAVGHBAoAAVKHBAoAAVOHBAoAAVSkDzANMQswCQYDVQQDDAJ0 +MKQPMA0xCzAJBgNVBAMMAnQxpA8wDTELMAkGA1UEAwwCdDKkDzANMQswCQYDVQQD +DAJ0M6QPMA0xCzAJBgNVBAMMAnQ0pA8wDTELMAkGA1UEAwwCdDWkDzANMQswCQYD +VQQDDAJ0NqQPMA0xCzAJBgNVBAMMAnQ3pA8wDTELMAkGA1UEAwwCdDikDzANMQsw +CQYDVQQDDAJ0OaQQMA4xDDAKBgNVBAMMA3QxMKQQMA4xDDAKBgNVBAMMA3QxMaQQ +MA4xDDAKBgNVBAMMA3QxMqQQMA4xDDAKBgNVBAMMA3QxM6QQMA4xDDAKBgNVBAMM +A3QxNKQQMA4xDDAKBgNVBAMMA3QxNaQQMA4xDDAKBgNVBAMMA3QxNqQQMA4xDDAK +BgNVBAMMA3QxN6QQMA4xDDAKBgNVBAMMA3QxOKQQMA4xDDAKBgNVBAMMA3QxOaQQ +MA4xDDAKBgNVBAMMA3QyMKQQMA4xDDAKBgNVBAMMA3QyMaQQMA4xDDAKBgNVBAMM +A3QyMqQQMA4xDDAKBgNVBAMMA3QyM6QQMA4xDDAKBgNVBAMMA3QyNKQQMA4xDDAK +BgNVBAMMA3QyNaQQMA4xDDAKBgNVBAMMA3QyNqQQMA4xDDAKBgNVBAMMA3QyN6QQ +MA4xDDAKBgNVBAMMA3QyOKQQMA4xDDAKBgNVBAMMA3QyOaQQMA4xDDAKBgNVBAMM +A3QzMKQQMA4xDDAKBgNVBAMMA3QzMaQQMA4xDDAKBgNVBAMMA3QzMqQQMA4xDDAK +BgNVBAMMA3QzM6QQMA4xDDAKBgNVBAMMA3QzNKQQMA4xDDAKBgNVBAMMA3QzNaQQ +MA4xDDAKBgNVBAMMA3QzNqQQMA4xDDAKBgNVBAMMA3QzN6QQMA4xDDAKBgNVBAMM +A3QzOKQQMA4xDDAKBgNVBAMMA3QzOaQQMA4xDDAKBgNVBAMMA3Q0MKQQMA4xDDAK +BgNVBAMMA3Q0MaQQMA4xDDAKBgNVBAMMA3Q0MqQQMA4xDDAKBgNVBAMMA3Q0M6QQ +MA4xDDAKBgNVBAMMA3Q0NKQQMA4xDDAKBgNVBAMMA3Q0NaQQMA4xDDAKBgNVBAMM +A3Q0NqQQMA4xDDAKBgNVBAMMA3Q0N6QQMA4xDDAKBgNVBAMMA3Q0OKQQMA4xDDAK +BgNVBAMMA3Q0OaQQMA4xDDAKBgNVBAMMA3Q1MKQQMA4xDDAKBgNVBAMMA3Q1MaQQ +MA4xDDAKBgNVBAMMA3Q1MqQQMA4xDDAKBgNVBAMMA3Q1M6QQMA4xDDAKBgNVBAMM +A3Q1NKQQMA4xDDAKBgNVBAMMA3Q1NaQQMA4xDDAKBgNVBAMMA3Q1NqQQMA4xDDAK +BgNVBAMMA3Q1N6QQMA4xDDAKBgNVBAMMA3Q1OKQQMA4xDDAKBgNVBAMMA3Q1OaQQ +MA4xDDAKBgNVBAMMA3Q2MKQQMA4xDDAKBgNVBAMMA3Q2MaQQMA4xDDAKBgNVBAMM +A3Q2MqQQMA4xDDAKBgNVBAMMA3Q2M6QQMA4xDDAKBgNVBAMMA3Q2NKQQMA4xDDAK +BgNVBAMMA3Q2NaQQMA4xDDAKBgNVBAMMA3Q2NqQQMA4xDDAKBgNVBAMMA3Q2N6QQ +MA4xDDAKBgNVBAMMA3Q2OKQQMA4xDDAKBgNVBAMMA3Q2OaQQMA4xDDAKBgNVBAMM +A3Q3MKQQMA4xDDAKBgNVBAMMA3Q3MaQQMA4xDDAKBgNVBAMMA3Q3MqQQMA4xDDAK +BgNVBAMMA3Q3M6QQMA4xDDAKBgNVBAMMA3Q3NKQQMA4xDDAKBgNVBAMMA3Q3NaQQ +MA4xDDAKBgNVBAMMA3Q3NqQQMA4xDDAKBgNVBAMMA3Q3N6QQMA4xDDAKBgNVBAMM +A3Q3OKQQMA4xDDAKBgNVBAMMA3Q3OaQQMA4xDDAKBgNVBAMMA3Q4MKQQMA4xDDAK +BgNVBAMMA3Q4MaQQMA4xDDAKBgNVBAMMA3Q4MqQQMA4xDDAKBgNVBAMMA3Q4M6QQ +MA4xDDAKBgNVBAMMA3Q4NKQQMA4xDDAKBgNVBAMMA3Q4NaQQMA4xDDAKBgNVBAMM +A3Q4NqQQMA4xDDAKBgNVBAMMA3Q4N6QQMA4xDDAKBgNVBAMMA3Q4OKQQMA4xDDAK +BgNVBAMMA3Q4OaQQMA4xDDAKBgNVBAMMA3Q5MKQQMA4xDDAKBgNVBAMMA3Q5MaQQ +MA4xDDAKBgNVBAMMA3Q5MqQQMA4xDDAKBgNVBAMMA3Q5M6QQMA4xDDAKBgNVBAMM +A3Q5NKQQMA4xDDAKBgNVBAMMA3Q5NaQQMA4xDDAKBgNVBAMMA3Q5NqQQMA4xDDAK +BgNVBAMMA3Q5N6QQMA4xDDAKBgNVBAMMA3Q5OKQQMA4xDDAKBgNVBAMMA3Q5OaQR +MA8xDTALBgNVBAMMBHQxMDCkETAPMQ0wCwYDVQQDDAR0MTAxpBEwDzENMAsGA1UE +AwwEdDEwMqQRMA8xDTALBgNVBAMMBHQxMDOkETAPMQ0wCwYDVQQDDAR0MTA0pBEw +DzENMAsGA1UEAwwEdDEwNaQRMA8xDTALBgNVBAMMBHQxMDakETAPMQ0wCwYDVQQD +DAR0MTA3pBEwDzENMAsGA1UEAwwEdDEwOKQRMA8xDTALBgNVBAMMBHQxMDmkETAP +MQ0wCwYDVQQDDAR0MTEwpBEwDzENMAsGA1UEAwwEdDExMaQRMA8xDTALBgNVBAMM +BHQxMTKkETAPMQ0wCwYDVQQDDAR0MTEzpBEwDzENMAsGA1UEAwwEdDExNKQRMA8x +DTALBgNVBAMMBHQxMTWkETAPMQ0wCwYDVQQDDAR0MTE2pBEwDzENMAsGA1UEAwwE +dDExN6QRMA8xDTALBgNVBAMMBHQxMTikETAPMQ0wCwYDVQQDDAR0MTE5pBEwDzEN +MAsGA1UEAwwEdDEyMKQRMA8xDTALBgNVBAMMBHQxMjGkETAPMQ0wCwYDVQQDDAR0 +MTIypBEwDzENMAsGA1UEAwwEdDEyM6QRMA8xDTALBgNVBAMMBHQxMjSkETAPMQ0w +CwYDVQQDDAR0MTI1pBEwDzENMAsGA1UEAwwEdDEyNqQRMA8xDTALBgNVBAMMBHQx +MjekETAPMQ0wCwYDVQQDDAR0MTI4pBEwDzENMAsGA1UEAwwEdDEyOaQRMA8xDTAL +BgNVBAMMBHQxMzCkETAPMQ0wCwYDVQQDDAR0MTMxpBEwDzENMAsGA1UEAwwEdDEz +MqQRMA8xDTALBgNVBAMMBHQxMzOkETAPMQ0wCwYDVQQDDAR0MTM0pBEwDzENMAsG +A1UEAwwEdDEzNaQRMA8xDTALBgNVBAMMBHQxMzakETAPMQ0wCwYDVQQDDAR0MTM3 +pBEwDzENMAsGA1UEAwwEdDEzOKQRMA8xDTALBgNVBAMMBHQxMzmkETAPMQ0wCwYD +VQQDDAR0MTQwpBEwDzENMAsGA1UEAwwEdDE0MaQRMA8xDTALBgNVBAMMBHQxNDKk +ETAPMQ0wCwYDVQQDDAR0MTQzpBEwDzENMAsGA1UEAwwEdDE0NKQRMA8xDTALBgNV +BAMMBHQxNDWkETAPMQ0wCwYDVQQDDAR0MTQ2pBEwDzENMAsGA1UEAwwEdDE0N6QR +MA8xDTALBgNVBAMMBHQxNDikETAPMQ0wCwYDVQQDDAR0MTQ5pBEwDzENMAsGA1UE +AwwEdDE1MKQRMA8xDTALBgNVBAMMBHQxNTGkETAPMQ0wCwYDVQQDDAR0MTUypBEw +DzENMAsGA1UEAwwEdDE1M6QRMA8xDTALBgNVBAMMBHQxNTSkETAPMQ0wCwYDVQQD +DAR0MTU1pBEwDzENMAsGA1UEAwwEdDE1NqQRMA8xDTALBgNVBAMMBHQxNTekETAP +MQ0wCwYDVQQDDAR0MTU4pBEwDzENMAsGA1UEAwwEdDE1OaQRMA8xDTALBgNVBAMM +BHQxNjCkETAPMQ0wCwYDVQQDDAR0MTYxpBEwDzENMAsGA1UEAwwEdDE2MqQRMA8x +DTALBgNVBAMMBHQxNjOkETAPMQ0wCwYDVQQDDAR0MTY0pBEwDzENMAsGA1UEAwwE +dDE2NaQRMA8xDTALBgNVBAMMBHQxNjakETAPMQ0wCwYDVQQDDAR0MTY3pBEwDzEN +MAsGA1UEAwwEdDE2OKQRMA8xDTALBgNVBAMMBHQxNjmkETAPMQ0wCwYDVQQDDAR0 +MTcwpBEwDzENMAsGA1UEAwwEdDE3MaQRMA8xDTALBgNVBAMMBHQxNzKkETAPMQ0w +CwYDVQQDDAR0MTczpBEwDzENMAsGA1UEAwwEdDE3NKQRMA8xDTALBgNVBAMMBHQx +NzWkETAPMQ0wCwYDVQQDDAR0MTc2pBEwDzENMAsGA1UEAwwEdDE3N6QRMA8xDTAL +BgNVBAMMBHQxNzikETAPMQ0wCwYDVQQDDAR0MTc5pBEwDzENMAsGA1UEAwwEdDE4 +MKQRMA8xDTALBgNVBAMMBHQxODGkETAPMQ0wCwYDVQQDDAR0MTgypBEwDzENMAsG +A1UEAwwEdDE4M6QRMA8xDTALBgNVBAMMBHQxODSkETAPMQ0wCwYDVQQDDAR0MTg1 +pBEwDzENMAsGA1UEAwwEdDE4NqQRMA8xDTALBgNVBAMMBHQxODekETAPMQ0wCwYD +VQQDDAR0MTg4pBEwDzENMAsGA1UEAwwEdDE4OaQRMA8xDTALBgNVBAMMBHQxOTCk +ETAPMQ0wCwYDVQQDDAR0MTkxpBEwDzENMAsGA1UEAwwEdDE5MqQRMA8xDTALBgNV +BAMMBHQxOTOkETAPMQ0wCwYDVQQDDAR0MTk0pBEwDzENMAsGA1UEAwwEdDE5NaQR +MA8xDTALBgNVBAMMBHQxOTakETAPMQ0wCwYDVQQDDAR0MTk3pBEwDzENMAsGA1UE +AwwEdDE5OKQRMA8xDTALBgNVBAMMBHQxOTmkETAPMQ0wCwYDVQQDDAR0MjAwpBEw +DzENMAsGA1UEAwwEdDIwMaQRMA8xDTALBgNVBAMMBHQyMDKkETAPMQ0wCwYDVQQD +DAR0MjAzpBEwDzENMAsGA1UEAwwEdDIwNKQRMA8xDTALBgNVBAMMBHQyMDWkETAP +MQ0wCwYDVQQDDAR0MjA2pBEwDzENMAsGA1UEAwwEdDIwN6QRMA8xDTALBgNVBAMM +BHQyMDikETAPMQ0wCwYDVQQDDAR0MjA5pBEwDzENMAsGA1UEAwwEdDIxMKQRMA8x +DTALBgNVBAMMBHQyMTGkETAPMQ0wCwYDVQQDDAR0MjEypBEwDzENMAsGA1UEAwwE +dDIxM6QRMA8xDTALBgNVBAMMBHQyMTSkETAPMQ0wCwYDVQQDDAR0MjE1pBEwDzEN +MAsGA1UEAwwEdDIxNqQRMA8xDTALBgNVBAMMBHQyMTekETAPMQ0wCwYDVQQDDAR0 +MjE4pBEwDzENMAsGA1UEAwwEdDIxOaQRMA8xDTALBgNVBAMMBHQyMjCkETAPMQ0w +CwYDVQQDDAR0MjIxpBEwDzENMAsGA1UEAwwEdDIyMqQRMA8xDTALBgNVBAMMBHQy +MjOkETAPMQ0wCwYDVQQDDAR0MjI0pBEwDzENMAsGA1UEAwwEdDIyNaQRMA8xDTAL +BgNVBAMMBHQyMjakETAPMQ0wCwYDVQQDDAR0MjI3pBEwDzENMAsGA1UEAwwEdDIy +OKQRMA8xDTALBgNVBAMMBHQyMjmkETAPMQ0wCwYDVQQDDAR0MjMwpBEwDzENMAsG +A1UEAwwEdDIzMaQRMA8xDTALBgNVBAMMBHQyMzKkETAPMQ0wCwYDVQQDDAR0MjMz +pBEwDzENMAsGA1UEAwwEdDIzNKQRMA8xDTALBgNVBAMMBHQyMzWkETAPMQ0wCwYD +VQQDDAR0MjM2pBEwDzENMAsGA1UEAwwEdDIzN6QRMA8xDTALBgNVBAMMBHQyMzik +ETAPMQ0wCwYDVQQDDAR0MjM5pBEwDzENMAsGA1UEAwwEdDI0MKQRMA8xDTALBgNV +BAMMBHQyNDGkETAPMQ0wCwYDVQQDDAR0MjQypBEwDzENMAsGA1UEAwwEdDI0M6QR +MA8xDTALBgNVBAMMBHQyNDSkETAPMQ0wCwYDVQQDDAR0MjQ1pBEwDzENMAsGA1UE +AwwEdDI0NqQRMA8xDTALBgNVBAMMBHQyNDekETAPMQ0wCwYDVQQDDAR0MjQ4pBEw +DzENMAsGA1UEAwwEdDI0OaQRMA8xDTALBgNVBAMMBHQyNTCkETAPMQ0wCwYDVQQD +DAR0MjUxpBEwDzENMAsGA1UEAwwEdDI1MqQRMA8xDTALBgNVBAMMBHQyNTOkETAP +MQ0wCwYDVQQDDAR0MjU0pBEwDzENMAsGA1UEAwwEdDI1NaQRMA8xDTALBgNVBAMM +BHQyNTakETAPMQ0wCwYDVQQDDAR0MjU3pBEwDzENMAsGA1UEAwwEdDI1OKQRMA8x +DTALBgNVBAMMBHQyNTmkETAPMQ0wCwYDVQQDDAR0MjYwpBEwDzENMAsGA1UEAwwE +dDI2MaQRMA8xDTALBgNVBAMMBHQyNjKkETAPMQ0wCwYDVQQDDAR0MjYzpBEwDzEN +MAsGA1UEAwwEdDI2NKQRMA8xDTALBgNVBAMMBHQyNjWkETAPMQ0wCwYDVQQDDAR0 +MjY2pBEwDzENMAsGA1UEAwwEdDI2N6QRMA8xDTALBgNVBAMMBHQyNjikETAPMQ0w +CwYDVQQDDAR0MjY5pBEwDzENMAsGA1UEAwwEdDI3MKQRMA8xDTALBgNVBAMMBHQy +NzGkETAPMQ0wCwYDVQQDDAR0MjcypBEwDzENMAsGA1UEAwwEdDI3M6QRMA8xDTAL +BgNVBAMMBHQyNzSkETAPMQ0wCwYDVQQDDAR0Mjc1pBEwDzENMAsGA1UEAwwEdDI3 +NqQRMA8xDTALBgNVBAMMBHQyNzekETAPMQ0wCwYDVQQDDAR0Mjc4pBEwDzENMAsG +A1UEAwwEdDI3OaQRMA8xDTALBgNVBAMMBHQyODCkETAPMQ0wCwYDVQQDDAR0Mjgx +pBEwDzENMAsGA1UEAwwEdDI4MqQRMA8xDTALBgNVBAMMBHQyODOkETAPMQ0wCwYD +VQQDDAR0Mjg0pBEwDzENMAsGA1UEAwwEdDI4NaQRMA8xDTALBgNVBAMMBHQyODak +ETAPMQ0wCwYDVQQDDAR0Mjg3pBEwDzENMAsGA1UEAwwEdDI4OKQRMA8xDTALBgNV +BAMMBHQyODmkETAPMQ0wCwYDVQQDDAR0MjkwpBEwDzENMAsGA1UEAwwEdDI5MaQR +MA8xDTALBgNVBAMMBHQyOTKkETAPMQ0wCwYDVQQDDAR0MjkzpBEwDzENMAsGA1UE +AwwEdDI5NKQRMA8xDTALBgNVBAMMBHQyOTWkETAPMQ0wCwYDVQQDDAR0Mjk2pBEw +DzENMAsGA1UEAwwEdDI5N6QRMA8xDTALBgNVBAMMBHQyOTikETAPMQ0wCwYDVQQD +DAR0Mjk5pBEwDzENMAsGA1UEAwwEdDMwMKQRMA8xDTALBgNVBAMMBHQzMDGkETAP +MQ0wCwYDVQQDDAR0MzAypBEwDzENMAsGA1UEAwwEdDMwM6QRMA8xDTALBgNVBAMM +BHQzMDSkETAPMQ0wCwYDVQQDDAR0MzA1pBEwDzENMAsGA1UEAwwEdDMwNqQRMA8x +DTALBgNVBAMMBHQzMDekETAPMQ0wCwYDVQQDDAR0MzA4pBEwDzENMAsGA1UEAwwE +dDMwOaQRMA8xDTALBgNVBAMMBHQzMTCkETAPMQ0wCwYDVQQDDAR0MzExpBEwDzEN +MAsGA1UEAwwEdDMxMqQRMA8xDTALBgNVBAMMBHQzMTOkETAPMQ0wCwYDVQQDDAR0 +MzE0pBEwDzENMAsGA1UEAwwEdDMxNaQRMA8xDTALBgNVBAMMBHQzMTakETAPMQ0w +CwYDVQQDDAR0MzE3pBEwDzENMAsGA1UEAwwEdDMxOKQRMA8xDTALBgNVBAMMBHQz +MTmkETAPMQ0wCwYDVQQDDAR0MzIwpBEwDzENMAsGA1UEAwwEdDMyMaQRMA8xDTAL +BgNVBAMMBHQzMjKkETAPMQ0wCwYDVQQDDAR0MzIzpBEwDzENMAsGA1UEAwwEdDMy +NKQRMA8xDTALBgNVBAMMBHQzMjWkETAPMQ0wCwYDVQQDDAR0MzI2pBEwDzENMAsG +A1UEAwwEdDMyN6QRMA8xDTALBgNVBAMMBHQzMjikETAPMQ0wCwYDVQQDDAR0MzI5 +pBEwDzENMAsGA1UEAwwEdDMzMKQRMA8xDTALBgNVBAMMBHQzMzGkETAPMQ0wCwYD +VQQDDAR0MzMypBEwDzENMAsGA1UEAwwEdDMzM6QRMA8xDTALBgNVBAMMBHQzMzSk +ETAPMQ0wCwYDVQQDDAR0MzM1pBEwDzENMAsGA1UEAwwEdDMzNqQRMA8xDTALBgNV +BAMMBHQzMzekETAPMQ0wCwYDVQQDDAR0MzM4pBEwDzENMAsGA1UEAwwEdDMzOaQR +MA8xDTALBgNVBAMMBHQzNDAwDQYJKoZIhvcNAQELBQADggEBAJDCV/aS6cdYTrW9 +ESYz3bk9wh5tayF0BIUiHtIbCfuZJNjm7RxVFDS3GU7yzDcus9MmlvJtiNaNsnsa +b+tm8dnzo0+wdlHSHOawrg8oOL/GlNV2cQ/2EZXIBya+gapVTRcXNpC7wrhAcqLP +D9NVsWVQZ8hXS1S9W0J/1LRGDv6d8OuplsJTzrX7cTzaUTeUx3se1lvBG9quCbHa +0C0nrkbGXtByy+App8hA6BiUJq3YUSFDJPb5pJ7xV9FLPnRxl4/eCS3ThbF5qJ3Q +bDWQqGIv+0WsxVtczOpyBbAveTZW8nVbtDCMDJ/86Np+LN38XvwjBMFTMafizhgQ +KLjUYI4= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D6.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D6.pem new file mode 100644 index 0000000000..7afb574bfc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D6.pem @@ -0,0 +1,325 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + 74:b3:46:3e:05:7e:b3:03:85:e3:32:be:81:d2:63:14:24:b1: + 6d:3a:24:e1:79:b7:68:99:15:33:d9:63:6d:8b:b3:63:a5:a3: + a8:1d:c5:05:89:7d:5e:00:2e:16:9d:b3:7e:e3:d6:8b:ec:3b: + e6:00:e3:74:e9:d3:53:89:ee:33:54:c0:19:41:9f:35:62:41: + 32:87:21:e7:84:44:ca:21:2a:f8:33:33:f5:92:39:37:a3:3e: + 43:42:52:16:81:c3:6e:ce:71:d9:d9:4e:be:ee:87:14:39:7b: + 2a:13:67:85:e0:72:b9:05:b7:75:6a:4a:86:f4:bf:9a:67:19: + 75:7c:e6:01:da:42:13:58:ad:f9:1f:d1:63:a5:8c:27:fd:48: + 04:ca:b9:b7:4a:b5:62:12:ad:0f:0b:6f:ba:7f:d1:c4:1f:b6: + c0:6a:c6:88:d5:1b:3d:bd:64:34:fa:44:89:ad:05:47:4c:ac: + dd:72:2f:7c:fa:34:71:bb:41:f0:43:7d:97:3f:29:00:de:ab: + 4c:f7:cc:2b:ca:80:fb:2a:fb:34:81:5a:73:7b:77:da:54:5b: + 1e:09:3c:31:8d:7e:ed:c2:af:48:19:59:fd:59:68:56:c9:f5: + 3a:2d:ac:0f:57:6e:f1:ee:89:ea:69:71:d2:7a:ee:ee:9f:f6: + cc:15:7f:20 +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAdLNGPgV+swOF4zK+gdJjFCSxbTok4Xm3aJkVM9ljbYuzY6Wj +qB3FBYl9XgAuFp2zfuPWi+w75gDjdOnTU4nuM1TAGUGfNWJBMoch54REyiEq+DMz +9ZI5N6M+Q0JSFoHDbs5x2dlOvu6HFDl7KhNnheByuQW3dWpKhvS/mmcZdXzmAdpC +E1it+R/RY6WMJ/1IBMq5t0q1YhKtDwtvun/RxB+2wGrGiNUbPb1kNPpEia0FR0ys +3XIvfPo0cbtB8EN9lz8pAN6rTPfMK8qA+yr7NIFac3t32lRbHgk8MY1+7cKvSBlZ +/VloVsn1Oi2sD1du8e6J6mlx0nru7p/2zBV/IA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D7.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D7.pem new file mode 100644 index 0000000000..9782123c7d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D7.pem @@ -0,0 +1,220 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 24:e6:7f:49:27:e7:de:27:ca:06:88:0f:d2:64:ba:07:75:08: + c0:72:41:ce:67:9f:1a:d8:23:d7:b6:35:ab:d4:49:1b:7e:cb: + 46:74:25:52:65:fb:5b:2b:74:ab:2c:19:1c:bf:06:01:78:0c: + c7:a6:3c:e0:1a:d4:dc:8c:00:8b:a8:05:4c:c2:cf:82:41:c7: + 51:65:49:fc:6b:dc:b3:b6:57:f0:0a:3c:05:39:7d:6e:2c:cd: + 6b:f3:b0:38:c4:0b:1b:5f:bf:03:e9:59:f8:d4:c5:42:7a:c0: + 39:5e:a4:ef:45:39:aa:ab:91:35:9d:8e:65:3f:43:bc:59:6f: + 90:d1:da:eb:fe:b0:b5:3a:24:63:78:04:f3:75:58:43:79:b5: + 64:1f:96:ee:c9:3b:93:12:e1:c7:31:5b:9d:a9:58:48:03:f7: + 76:ad:0a:e8:b1:38:58:df:2e:04:8b:56:07:1c:9c:4e:e8:27: + 2b:9d:24:a0:09:a6:b7:c2:7f:f4:16:c0:2a:f7:ca:b0:f5:b9: + c2:0c:4b:e8:c2:16:e3:b4:dc:0b:a9:95:7f:60:35:b1:62:1b: + 53:14:94:c9:ea:74:ee:0e:05:64:ff:04:1b:b4:1d:8c:10:d2: + 3e:6e:0d:f0:87:0b:c5:29:0a:90:cb:86:ee:0a:ba:3f:d7:d4: + 12:e3:0a:e9 +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAJOZ/SSfn3ifKBogP0mS6B3UIwHJBzmefGtgj17Y1 +q9RJG37LRnQlUmX7Wyt0qywZHL8GAXgMx6Y84BrU3IwAi6gFTMLPgkHHUWVJ/Gvc +s7ZX8Ao8BTl9bizNa/OwOMQLG1+/A+lZ+NTFQnrAOV6k70U5qquRNZ2OZT9DvFlv +kNHa6/6wtTokY3gE83VYQ3m1ZB+W7sk7kxLhxzFbnalYSAP3dq0K6LE4WN8uBItW +BxycTugnK50koAmmt8J/9BbAKvfKsPW5wgxL6MIW47TcC6mVf2A1sWIbUxSUyep0 +7g4FZP8EG7QdjBDSPm4N8IcLxSkKkMuG7gq6P9fUEuMK6Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D8.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D8.pem new file mode 100644 index 0000000000..54fb25ecc2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D8.pem @@ -0,0 +1,496 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 9b:b4:29:30:f0:2d:7a:66:c7:f8:92:4c:cb:f4:08:11:f5:eb: + 66:c3:02:4a:24:12:f2:9d:19:a9:c7:51:3a:93:fe:71:34:93: + 27:32:14:a0:1b:f4:eb:ba:c2:4b:df:7e:a8:57:ce:7f:61:fa: + 9f:d2:ec:9a:02:51:30:13:a5:eb:6a:7c:04:b3:f0:e6:28:66: + 5c:f7:4e:70:66:8f:07:ae:42:77:c0:ec:ee:ff:10:34:83:4a: + b2:81:2c:df:c4:d8:f7:80:70:ea:ae:c8:7c:05:41:19:f8:40: + 23:c1:c0:40:e1:d7:f5:f8:7d:b0:83:b3:6b:3a:01:17:68:ca: + 0a:b2:77:c4:0c:43:5c:d8:4b:0f:21:f4:6f:7e:a8:f7:b4:bc: + 31:cd:02:9a:b6:72:5b:bb:45:0c:4c:97:61:98:24:b0:44:cd: + af:7f:7e:fc:72:55:5a:54:43:04:1d:40:bf:52:9d:4b:c1:58: + 2c:d2:9a:04:ee:0a:04:d8:dc:75:2e:ab:3f:87:08:7c:e2:f0: + 3f:6b:17:95:2f:77:e2:f6:30:93:6c:db:84:aa:c1:3d:70:5d: + fa:b4:40:c4:28:85:76:73:5b:4e:b5:3d:bc:fe:8d:7f:a8:f3: + 20:31:3e:69:d1:c7:fb:8c:79:21:cf:2f:32:e6:46:01:bf:4c: + f2:15:96:98 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQCbtCkw +8C16Zsf4kkzL9AgR9etmwwJKJBLynRmpx1E6k/5xNJMnMhSgG/TrusJL336oV85/ +Yfqf0uyaAlEwE6XranwEs/DmKGZc905wZo8HrkJ3wOzu/xA0g0qygSzfxNj3gHDq +rsh8BUEZ+EAjwcBA4df1+H2wg7NrOgEXaMoKsnfEDENc2EsPIfRvfqj3tLwxzQKa +tnJbu0UMTJdhmCSwRM2vf378clVaVEMEHUC/Up1LwVgs0poE7goE2Nx1Lqs/hwh8 +4vA/axeVL3fi9jCTbNuEqsE9cF36tEDEKIV2c1tOtT28/o1/qPMgMT5p0cf7jHkh +zy8y5kYBv0zyFZaY +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D9.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D9.pem new file mode 100644 index 0000000000..a79609b93c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8D9.pem @@ -0,0 +1,325 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + b7:c8:45:e8:f3:e4:4f:01:a9:fd:50:ef:22:07:85:79:92:9d: + e2:75:89:b7:0d:59:6c:65:ad:83:73:bc:44:09:7c:8b:be:cc: + d4:f6:d5:47:64:7b:c6:c8:d6:dd:ed:f9:bf:77:12:af:21:93: + ce:a8:1c:e3:6b:07:a2:80:f4:a8:83:3e:67:59:63:ae:07:f0: + 70:5b:db:f8:50:76:34:0b:b0:3f:97:93:6b:45:b1:3c:af:0a: + d8:08:96:1d:fa:f1:1b:2c:6b:82:9a:d2:ad:1e:f5:3e:46:33: + 91:60:1d:4d:7a:9b:6d:75:3d:b8:a5:50:d1:0a:cd:ce:ab:24: + 9a:ab:89:d3:73:15:70:f8:c6:23:0d:85:fe:1b:78:e6:d6:69: + 5c:7c:b2:28:1f:39:16:98:bd:f6:e3:0c:1e:71:7f:a9:15:75: + 02:aa:6e:38:2c:a0:18:95:18:28:9e:00:92:2c:eb:78:0b:75: + 11:9c:e9:a9:b5:fa:f9:ea:96:18:58:46:3b:7a:ed:47:08:42: + 01:ac:48:2f:7d:bc:b2:16:e8:b4:1c:36:1e:16:85:d2:ae:26: + 24:36:b2:c3:9f:c7:a1:c3:4e:76:27:5a:ca:cc:33:7e:a4:60: + 7c:86:d7:a7:19:6f:60:1a:98:89:16:ad:4a:de:12:15:0e:d0: + eb:6a:78:1f +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAt8hF6PPkTwGp/VDvIgeFeZKd4nWJtw1ZbGWtg3O8RAl8i77M +1PbVR2R7xsjW3e35v3cSryGTzqgc42sHooD0qIM+Z1ljrgfwcFvb+FB2NAuwP5eT +a0WxPK8K2AiWHfrxGyxrgprSrR71PkYzkWAdTXqbbXU9uKVQ0QrNzqskmquJ03MV +cPjGIw2F/ht45tZpXHyyKB85Fpi99uMMHnF/qRV1AqpuOCygGJUYKJ4AkizreAt1 +EZzpqbX6+eqWGFhGO3rtRwhCAaxIL328shbotBw2HhaF0q4mJDayw5/HocNOdida +yswzfqRgfIbXpxlvYBqYiRatSt4SFQ7Q62p4Hw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DA.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DA.pem new file mode 100644 index 0000000000..e32f370641 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DA.pem @@ -0,0 +1,220 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:da + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 13:e0:0d:71:4c:e5:af:98:fc:35:e0:79:60:26:93:28:ee:ef: + 83:73:c6:86:03:3d:4a:5c:b6:75:25:14:44:0d:af:bf:0b:ac: + 7a:f1:10:78:65:6d:f3:bc:ff:e2:aa:36:af:37:a4:6f:0c:b3: + c5:78:dc:81:a0:98:2a:d2:1c:b3:04:0f:cb:f7:47:b5:75:a2: + 1d:bc:69:2b:aa:62:ff:59:51:53:5b:f6:38:30:00:fa:2d:15: + 9c:9a:7b:b6:56:d7:f7:bc:1d:87:8b:4d:17:41:81:c0:72:c6: + 13:3e:ea:bc:e1:d9:6a:e2:ac:fa:02:a3:3b:c8:59:be:bb:e7: + 62:8c:86:23:f2:ec:d5:d0:f3:45:69:20:95:a2:c3:f4:40:eb: + 36:44:64:b6:11:9d:f8:51:8a:38:85:ef:f3:e0:3e:93:1c:29: + 80:93:4d:d5:75:8c:33:d1:66:9c:61:4e:eb:a2:9a:61:6e:55: + 13:2b:1c:2b:0a:73:6e:44:fb:87:74:c8:08:df:34:78:18:4b: + 66:42:54:11:ce:c4:88:38:4f:42:36:41:81:28:be:91:7d:ce: + 5c:81:71:0d:26:48:d9:65:cf:00:36:66:3b:88:cb:51:21:f5: + ce:e4:56:4f:10:cf:87:0e:40:2f:d9:b6:fc:0b:ae:e6:86:74: + 5c:bd:a5:aa +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAE+ANcUzlr5j8NeB5YCaTKO7vg3PGhgM9Sly2dSUU +RA2vvwusevEQeGVt87z/4qo2rzekbwyzxXjcgaCYKtIcswQPy/dHtXWiHbxpK6pi +/1lRU1v2ODAA+i0VnJp7tlbX97wdh4tNF0GBwHLGEz7qvOHZauKs+gKjO8hZvrvn +YoyGI/Ls1dDzRWkglaLD9EDrNkRkthGd+FGKOIXv8+A+kxwpgJNN1XWMM9FmnGFO +66KaYW5VEyscKwpzbkT7h3TICN80eBhLZkJUEc7EiDhPQjZBgSi+kX3OXIFxDSZI +2WXPADZmO4jLUSH1zuRWTxDPhw5AL9m2/Auu5oZ0XL2lqg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DB.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DB.pem new file mode 100644 index 0000000000..690368a460 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/2FABB43DDCC077802A0309AD437402BF98D8DB.pem @@ -0,0 +1,496 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:db + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 77:af:27:9b:23:82:9d:90:b4:3c:02:1f:d4:a9:c8:0c:7f:58: + 19:ae:9a:86:fe:f5:b1:a4:ae:cb:af:46:3a:04:ff:3c:cf:ea: + 6b:df:16:cb:d1:89:8d:8c:a7:f9:11:e7:e9:90:92:6b:54:d5: + fa:aa:24:96:63:61:57:4a:81:da:7e:0b:2e:c8:04:34:6a:dd: + 6e:46:27:97:5a:9d:db:8c:2d:e8:5a:45:11:bf:7d:1a:25:7a: + ca:9e:b1:e3:1c:53:22:0b:37:b6:fa:d6:1e:83:6d:54:40:4d: + 71:b3:e3:52:dc:84:d1:95:fc:92:e4:f0:85:ce:6d:4e:36:a6: + 6c:b4:35:7e:0e:e8:b6:8b:09:b0:c8:4e:f1:b8:aa:fe:e8:28: + ba:8e:a3:31:ef:99:bd:da:9e:cb:5a:02:95:24:45:41:3c:ed: + 7a:92:94:bd:9d:fd:7e:07:51:8c:55:97:07:53:60:b4:dd:64: + 02:6c:2b:18:32:8d:df:ed:89:4a:dd:37:32:cb:66:9a:fa:b8: + e8:3d:87:8f:63:6a:3f:6f:2c:91:25:b3:85:71:0a:39:aa:24: + a5:8e:7b:c2:57:86:ed:3b:e7:33:6d:e9:a4:c1:cd:88:8b:0e: + c8:06:63:9b:40:40:2a:3c:b2:96:12:2d:1c:53:fe:83:ec:4a: + 50:be:c6:53 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQB3ryeb +I4KdkLQ8Ah/UqcgMf1gZrpqG/vWxpK7Lr0Y6BP88z+pr3xbL0YmNjKf5EefpkJJr +VNX6qiSWY2FXSoHafgsuyAQ0at1uRieXWp3bjC3oWkURv30aJXrKnrHjHFMiCze2 ++tYeg21UQE1xs+NS3ITRlfyS5PCFzm1ONqZstDV+Dui2iwmwyE7xuKr+6Ci6jqMx +75m92p7LWgKVJEVBPO16kpS9nf1+B1GMVZcHU2C03WQCbCsYMo3f7YlK3Tcyy2aa ++rjoPYePY2o/byyRJbOFcQo5qiSljnvCV4btO+czbemkwc2Iiw7IBmObQEAqPLKW +Ei0cU/6D7EpQvsZT +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F5.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F5.pem new file mode 100644 index 0000000000..95b3ef60a0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F5.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F6.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F6.pem new file mode 100644 index 0000000000..cd3f1215ab --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F6.pem @@ -0,0 +1,4294 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + URI:http://test/0 + URI:http://test/1 + URI:http://test/2 + URI:http://test/3 + URI:http://test/4 + URI:http://test/5 + URI:http://test/6 + URI:http://test/7 + URI:http://test/8 + URI:http://test/9 + URI:http://test/10 + URI:http://test/11 + URI:http://test/12 + URI:http://test/13 + URI:http://test/14 + URI:http://test/15 + URI:http://test/16 + URI:http://test/17 + URI:http://test/18 + URI:http://test/19 + URI:http://test/20 + URI:http://test/21 + URI:http://test/22 + URI:http://test/23 + URI:http://test/24 + URI:http://test/25 + URI:http://test/26 + URI:http://test/27 + URI:http://test/28 + URI:http://test/29 + URI:http://test/30 + URI:http://test/31 + URI:http://test/32 + URI:http://test/33 + URI:http://test/34 + URI:http://test/35 + URI:http://test/36 + URI:http://test/37 + URI:http://test/38 + URI:http://test/39 + URI:http://test/40 + URI:http://test/41 + URI:http://test/42 + URI:http://test/43 + URI:http://test/44 + URI:http://test/45 + URI:http://test/46 + URI:http://test/47 + URI:http://test/48 + URI:http://test/49 + URI:http://test/50 + URI:http://test/51 + URI:http://test/52 + URI:http://test/53 + URI:http://test/54 + URI:http://test/55 + URI:http://test/56 + URI:http://test/57 + URI:http://test/58 + URI:http://test/59 + URI:http://test/60 + URI:http://test/61 + URI:http://test/62 + URI:http://test/63 + URI:http://test/64 + URI:http://test/65 + URI:http://test/66 + URI:http://test/67 + URI:http://test/68 + URI:http://test/69 + URI:http://test/70 + URI:http://test/71 + URI:http://test/72 + URI:http://test/73 + URI:http://test/74 + URI:http://test/75 + URI:http://test/76 + URI:http://test/77 + URI:http://test/78 + URI:http://test/79 + URI:http://test/80 + URI:http://test/81 + URI:http://test/82 + URI:http://test/83 + URI:http://test/84 + URI:http://test/85 + URI:http://test/86 + URI:http://test/87 + URI:http://test/88 + URI:http://test/89 + URI:http://test/90 + URI:http://test/91 + URI:http://test/92 + URI:http://test/93 + URI:http://test/94 + URI:http://test/95 + URI:http://test/96 + URI:http://test/97 + URI:http://test/98 + URI:http://test/99 + URI:http://test/100 + URI:http://test/101 + URI:http://test/102 + URI:http://test/103 + URI:http://test/104 + URI:http://test/105 + URI:http://test/106 + URI:http://test/107 + URI:http://test/108 + URI:http://test/109 + URI:http://test/110 + URI:http://test/111 + URI:http://test/112 + URI:http://test/113 + URI:http://test/114 + URI:http://test/115 + URI:http://test/116 + URI:http://test/117 + URI:http://test/118 + URI:http://test/119 + URI:http://test/120 + URI:http://test/121 + URI:http://test/122 + URI:http://test/123 + URI:http://test/124 + URI:http://test/125 + URI:http://test/126 + URI:http://test/127 + URI:http://test/128 + URI:http://test/129 + URI:http://test/130 + URI:http://test/131 + URI:http://test/132 + URI:http://test/133 + URI:http://test/134 + URI:http://test/135 + URI:http://test/136 + URI:http://test/137 + URI:http://test/138 + URI:http://test/139 + URI:http://test/140 + URI:http://test/141 + URI:http://test/142 + URI:http://test/143 + URI:http://test/144 + URI:http://test/145 + URI:http://test/146 + URI:http://test/147 + URI:http://test/148 + URI:http://test/149 + URI:http://test/150 + URI:http://test/151 + URI:http://test/152 + URI:http://test/153 + URI:http://test/154 + URI:http://test/155 + URI:http://test/156 + URI:http://test/157 + URI:http://test/158 + URI:http://test/159 + URI:http://test/160 + URI:http://test/161 + URI:http://test/162 + URI:http://test/163 + URI:http://test/164 + URI:http://test/165 + URI:http://test/166 + URI:http://test/167 + URI:http://test/168 + URI:http://test/169 + URI:http://test/170 + URI:http://test/171 + URI:http://test/172 + URI:http://test/173 + URI:http://test/174 + URI:http://test/175 + URI:http://test/176 + URI:http://test/177 + URI:http://test/178 + URI:http://test/179 + URI:http://test/180 + URI:http://test/181 + URI:http://test/182 + URI:http://test/183 + URI:http://test/184 + URI:http://test/185 + URI:http://test/186 + URI:http://test/187 + URI:http://test/188 + URI:http://test/189 + URI:http://test/190 + URI:http://test/191 + URI:http://test/192 + URI:http://test/193 + URI:http://test/194 + URI:http://test/195 + URI:http://test/196 + URI:http://test/197 + URI:http://test/198 + URI:http://test/199 + URI:http://test/200 + URI:http://test/201 + URI:http://test/202 + URI:http://test/203 + URI:http://test/204 + URI:http://test/205 + URI:http://test/206 + URI:http://test/207 + URI:http://test/208 + URI:http://test/209 + URI:http://test/210 + URI:http://test/211 + URI:http://test/212 + URI:http://test/213 + URI:http://test/214 + URI:http://test/215 + URI:http://test/216 + URI:http://test/217 + URI:http://test/218 + URI:http://test/219 + URI:http://test/220 + URI:http://test/221 + URI:http://test/222 + URI:http://test/223 + URI:http://test/224 + URI:http://test/225 + URI:http://test/226 + URI:http://test/227 + URI:http://test/228 + URI:http://test/229 + URI:http://test/230 + URI:http://test/231 + URI:http://test/232 + URI:http://test/233 + URI:http://test/234 + URI:http://test/235 + URI:http://test/236 + URI:http://test/237 + URI:http://test/238 + URI:http://test/239 + URI:http://test/240 + URI:http://test/241 + URI:http://test/242 + URI:http://test/243 + URI:http://test/244 + URI:http://test/245 + URI:http://test/246 + URI:http://test/247 + URI:http://test/248 + URI:http://test/249 + URI:http://test/250 + URI:http://test/251 + URI:http://test/252 + URI:http://test/253 + URI:http://test/254 + URI:http://test/255 + URI:http://test/256 + URI:http://test/257 + URI:http://test/258 + URI:http://test/259 + URI:http://test/260 + URI:http://test/261 + URI:http://test/262 + URI:http://test/263 + URI:http://test/264 + URI:http://test/265 + URI:http://test/266 + URI:http://test/267 + URI:http://test/268 + URI:http://test/269 + URI:http://test/270 + URI:http://test/271 + URI:http://test/272 + URI:http://test/273 + URI:http://test/274 + URI:http://test/275 + URI:http://test/276 + URI:http://test/277 + URI:http://test/278 + URI:http://test/279 + URI:http://test/280 + URI:http://test/281 + URI:http://test/282 + URI:http://test/283 + URI:http://test/284 + URI:http://test/285 + URI:http://test/286 + URI:http://test/287 + URI:http://test/288 + URI:http://test/289 + URI:http://test/290 + URI:http://test/291 + URI:http://test/292 + URI:http://test/293 + URI:http://test/294 + URI:http://test/295 + URI:http://test/296 + URI:http://test/297 + URI:http://test/298 + URI:http://test/299 + URI:http://test/300 + URI:http://test/301 + URI:http://test/302 + URI:http://test/303 + URI:http://test/304 + URI:http://test/305 + URI:http://test/306 + URI:http://test/307 + URI:http://test/308 + URI:http://test/309 + URI:http://test/310 + URI:http://test/311 + URI:http://test/312 + URI:http://test/313 + URI:http://test/314 + URI:http://test/315 + URI:http://test/316 + URI:http://test/317 + URI:http://test/318 + URI:http://test/319 + URI:http://test/320 + URI:http://test/321 + URI:http://test/322 + URI:http://test/323 + URI:http://test/324 + URI:http://test/325 + URI:http://test/326 + URI:http://test/327 + URI:http://test/328 + URI:http://test/329 + URI:http://test/330 + URI:http://test/331 + URI:http://test/332 + URI:http://test/333 + URI:http://test/334 + URI:http://test/335 + URI:http://test/336 + URI:http://test/337 + URI:http://test/338 + URI:http://test/339 + URI:http://test/340 + URI:http://test/341 + URI:http://test/342 + URI:http://test/343 + URI:http://test/344 + URI:http://test/345 + URI:http://test/346 + URI:http://test/347 + URI:http://test/348 + URI:http://test/349 + URI:http://test/350 + URI:http://test/351 + URI:http://test/352 + URI:http://test/353 + URI:http://test/354 + URI:http://test/355 + URI:http://test/356 + URI:http://test/357 + URI:http://test/358 + URI:http://test/359 + URI:http://test/360 + URI:http://test/361 + URI:http://test/362 + URI:http://test/363 + URI:http://test/364 + URI:http://test/365 + URI:http://test/366 + URI:http://test/367 + URI:http://test/368 + URI:http://test/369 + URI:http://test/370 + URI:http://test/371 + URI:http://test/372 + URI:http://test/373 + URI:http://test/374 + URI:http://test/375 + URI:http://test/376 + URI:http://test/377 + URI:http://test/378 + URI:http://test/379 + URI:http://test/380 + URI:http://test/381 + URI:http://test/382 + URI:http://test/383 + URI:http://test/384 + URI:http://test/385 + URI:http://test/386 + URI:http://test/387 + URI:http://test/388 + URI:http://test/389 + URI:http://test/390 + URI:http://test/391 + URI:http://test/392 + URI:http://test/393 + URI:http://test/394 + URI:http://test/395 + URI:http://test/396 + URI:http://test/397 + URI:http://test/398 + URI:http://test/399 + URI:http://test/400 + URI:http://test/401 + URI:http://test/402 + URI:http://test/403 + URI:http://test/404 + URI:http://test/405 + URI:http://test/406 + URI:http://test/407 + URI:http://test/408 + URI:http://test/409 + URI:http://test/410 + URI:http://test/411 + URI:http://test/412 + URI:http://test/413 + URI:http://test/414 + URI:http://test/415 + URI:http://test/416 + URI:http://test/417 + URI:http://test/418 + URI:http://test/419 + URI:http://test/420 + URI:http://test/421 + URI:http://test/422 + URI:http://test/423 + URI:http://test/424 + URI:http://test/425 + URI:http://test/426 + URI:http://test/427 + URI:http://test/428 + URI:http://test/429 + URI:http://test/430 + URI:http://test/431 + URI:http://test/432 + URI:http://test/433 + URI:http://test/434 + URI:http://test/435 + URI:http://test/436 + URI:http://test/437 + URI:http://test/438 + URI:http://test/439 + URI:http://test/440 + URI:http://test/441 + URI:http://test/442 + URI:http://test/443 + URI:http://test/444 + URI:http://test/445 + URI:http://test/446 + URI:http://test/447 + URI:http://test/448 + URI:http://test/449 + URI:http://test/450 + URI:http://test/451 + URI:http://test/452 + URI:http://test/453 + URI:http://test/454 + URI:http://test/455 + URI:http://test/456 + URI:http://test/457 + URI:http://test/458 + URI:http://test/459 + URI:http://test/460 + URI:http://test/461 + URI:http://test/462 + URI:http://test/463 + URI:http://test/464 + URI:http://test/465 + URI:http://test/466 + URI:http://test/467 + URI:http://test/468 + URI:http://test/469 + URI:http://test/470 + URI:http://test/471 + URI:http://test/472 + URI:http://test/473 + URI:http://test/474 + URI:http://test/475 + URI:http://test/476 + URI:http://test/477 + URI:http://test/478 + URI:http://test/479 + URI:http://test/480 + URI:http://test/481 + URI:http://test/482 + URI:http://test/483 + URI:http://test/484 + URI:http://test/485 + URI:http://test/486 + URI:http://test/487 + URI:http://test/488 + URI:http://test/489 + URI:http://test/490 + URI:http://test/491 + URI:http://test/492 + URI:http://test/493 + URI:http://test/494 + URI:http://test/495 + URI:http://test/496 + URI:http://test/497 + URI:http://test/498 + URI:http://test/499 + URI:http://test/500 + URI:http://test/501 + URI:http://test/502 + URI:http://test/503 + URI:http://test/504 + URI:http://test/505 + URI:http://test/506 + URI:http://test/507 + URI:http://test/508 + URI:http://test/509 + URI:http://test/510 + URI:http://test/511 + URI:http://test/512 + URI:http://test/513 + URI:http://test/514 + URI:http://test/515 + URI:http://test/516 + URI:http://test/517 + URI:http://test/518 + URI:http://test/519 + URI:http://test/520 + URI:http://test/521 + URI:http://test/522 + URI:http://test/523 + URI:http://test/524 + URI:http://test/525 + URI:http://test/526 + URI:http://test/527 + URI:http://test/528 + URI:http://test/529 + URI:http://test/530 + URI:http://test/531 + URI:http://test/532 + URI:http://test/533 + URI:http://test/534 + URI:http://test/535 + URI:http://test/536 + URI:http://test/537 + URI:http://test/538 + URI:http://test/539 + URI:http://test/540 + URI:http://test/541 + URI:http://test/542 + URI:http://test/543 + URI:http://test/544 + URI:http://test/545 + URI:http://test/546 + URI:http://test/547 + URI:http://test/548 + URI:http://test/549 + URI:http://test/550 + URI:http://test/551 + URI:http://test/552 + URI:http://test/553 + URI:http://test/554 + URI:http://test/555 + URI:http://test/556 + URI:http://test/557 + URI:http://test/558 + URI:http://test/559 + URI:http://test/560 + URI:http://test/561 + URI:http://test/562 + URI:http://test/563 + URI:http://test/564 + URI:http://test/565 + URI:http://test/566 + URI:http://test/567 + URI:http://test/568 + URI:http://test/569 + URI:http://test/570 + URI:http://test/571 + URI:http://test/572 + URI:http://test/573 + URI:http://test/574 + URI:http://test/575 + URI:http://test/576 + URI:http://test/577 + URI:http://test/578 + URI:http://test/579 + URI:http://test/580 + URI:http://test/581 + URI:http://test/582 + URI:http://test/583 + URI:http://test/584 + URI:http://test/585 + URI:http://test/586 + URI:http://test/587 + URI:http://test/588 + URI:http://test/589 + URI:http://test/590 + URI:http://test/591 + URI:http://test/592 + URI:http://test/593 + URI:http://test/594 + URI:http://test/595 + URI:http://test/596 + URI:http://test/597 + URI:http://test/598 + URI:http://test/599 + URI:http://test/600 + URI:http://test/601 + URI:http://test/602 + URI:http://test/603 + URI:http://test/604 + URI:http://test/605 + URI:http://test/606 + URI:http://test/607 + URI:http://test/608 + URI:http://test/609 + URI:http://test/610 + URI:http://test/611 + URI:http://test/612 + URI:http://test/613 + URI:http://test/614 + URI:http://test/615 + URI:http://test/616 + URI:http://test/617 + URI:http://test/618 + URI:http://test/619 + URI:http://test/620 + URI:http://test/621 + URI:http://test/622 + URI:http://test/623 + URI:http://test/624 + URI:http://test/625 + URI:http://test/626 + URI:http://test/627 + URI:http://test/628 + URI:http://test/629 + URI:http://test/630 + URI:http://test/631 + URI:http://test/632 + URI:http://test/633 + URI:http://test/634 + URI:http://test/635 + URI:http://test/636 + URI:http://test/637 + URI:http://test/638 + URI:http://test/639 + URI:http://test/640 + URI:http://test/641 + URI:http://test/642 + URI:http://test/643 + URI:http://test/644 + URI:http://test/645 + URI:http://test/646 + URI:http://test/647 + URI:http://test/648 + URI:http://test/649 + URI:http://test/650 + URI:http://test/651 + URI:http://test/652 + URI:http://test/653 + URI:http://test/654 + URI:http://test/655 + URI:http://test/656 + URI:http://test/657 + URI:http://test/658 + URI:http://test/659 + URI:http://test/660 + URI:http://test/661 + URI:http://test/662 + URI:http://test/663 + URI:http://test/664 + URI:http://test/665 + URI:http://test/666 + URI:http://test/667 + URI:http://test/668 + URI:http://test/669 + URI:http://test/670 + URI:http://test/671 + URI:http://test/672 + URI:http://test/673 + URI:http://test/674 + URI:http://test/675 + URI:http://test/676 + URI:http://test/677 + URI:http://test/678 + URI:http://test/679 + URI:http://test/680 + URI:http://test/681 + URI:http://test/682 + URI:http://test/683 + URI:http://test/684 + URI:http://test/685 + URI:http://test/686 + URI:http://test/687 + URI:http://test/688 + URI:http://test/689 + URI:http://test/690 + URI:http://test/691 + URI:http://test/692 + URI:http://test/693 + URI:http://test/694 + URI:http://test/695 + URI:http://test/696 + URI:http://test/697 + URI:http://test/698 + URI:http://test/699 + URI:http://test/700 + URI:http://test/701 + URI:http://test/702 + URI:http://test/703 + URI:http://test/704 + URI:http://test/705 + URI:http://test/706 + URI:http://test/707 + URI:http://test/708 + URI:http://test/709 + URI:http://test/710 + URI:http://test/711 + URI:http://test/712 + URI:http://test/713 + URI:http://test/714 + URI:http://test/715 + URI:http://test/716 + URI:http://test/717 + URI:http://test/718 + URI:http://test/719 + URI:http://test/720 + URI:http://test/721 + URI:http://test/722 + URI:http://test/723 + URI:http://test/724 + URI:http://test/725 + URI:http://test/726 + URI:http://test/727 + URI:http://test/728 + URI:http://test/729 + URI:http://test/730 + URI:http://test/731 + URI:http://test/732 + URI:http://test/733 + URI:http://test/734 + URI:http://test/735 + URI:http://test/736 + URI:http://test/737 + URI:http://test/738 + URI:http://test/739 + URI:http://test/740 + URI:http://test/741 + URI:http://test/742 + URI:http://test/743 + URI:http://test/744 + URI:http://test/745 + URI:http://test/746 + URI:http://test/747 + URI:http://test/748 + URI:http://test/749 + URI:http://test/750 + URI:http://test/751 + URI:http://test/752 + URI:http://test/753 + URI:http://test/754 + URI:http://test/755 + URI:http://test/756 + URI:http://test/757 + URI:http://test/758 + URI:http://test/759 + URI:http://test/760 + URI:http://test/761 + URI:http://test/762 + URI:http://test/763 + URI:http://test/764 + URI:http://test/765 + URI:http://test/766 + URI:http://test/767 + URI:http://test/768 + URI:http://test/769 + URI:http://test/770 + URI:http://test/771 + URI:http://test/772 + URI:http://test/773 + URI:http://test/774 + URI:http://test/775 + URI:http://test/776 + URI:http://test/777 + URI:http://test/778 + URI:http://test/779 + URI:http://test/780 + URI:http://test/781 + URI:http://test/782 + URI:http://test/783 + URI:http://test/784 + URI:http://test/785 + URI:http://test/786 + URI:http://test/787 + URI:http://test/788 + URI:http://test/789 + URI:http://test/790 + URI:http://test/791 + URI:http://test/792 + URI:http://test/793 + URI:http://test/794 + URI:http://test/795 + URI:http://test/796 + URI:http://test/797 + URI:http://test/798 + URI:http://test/799 + URI:http://test/800 + URI:http://test/801 + URI:http://test/802 + URI:http://test/803 + URI:http://test/804 + URI:http://test/805 + URI:http://test/806 + URI:http://test/807 + URI:http://test/808 + URI:http://test/809 + URI:http://test/810 + URI:http://test/811 + URI:http://test/812 + URI:http://test/813 + URI:http://test/814 + URI:http://test/815 + URI:http://test/816 + URI:http://test/817 + URI:http://test/818 + URI:http://test/819 + URI:http://test/820 + URI:http://test/821 + URI:http://test/822 + URI:http://test/823 + URI:http://test/824 + URI:http://test/825 + URI:http://test/826 + URI:http://test/827 + URI:http://test/828 + URI:http://test/829 + URI:http://test/830 + URI:http://test/831 + URI:http://test/832 + URI:http://test/833 + URI:http://test/834 + URI:http://test/835 + URI:http://test/836 + URI:http://test/837 + URI:http://test/838 + URI:http://test/839 + URI:http://test/840 + URI:http://test/841 + URI:http://test/842 + URI:http://test/843 + URI:http://test/844 + URI:http://test/845 + URI:http://test/846 + URI:http://test/847 + URI:http://test/848 + URI:http://test/849 + URI:http://test/850 + URI:http://test/851 + URI:http://test/852 + URI:http://test/853 + URI:http://test/854 + URI:http://test/855 + URI:http://test/856 + URI:http://test/857 + URI:http://test/858 + URI:http://test/859 + URI:http://test/860 + URI:http://test/861 + URI:http://test/862 + URI:http://test/863 + URI:http://test/864 + URI:http://test/865 + URI:http://test/866 + URI:http://test/867 + URI:http://test/868 + URI:http://test/869 + URI:http://test/870 + URI:http://test/871 + URI:http://test/872 + URI:http://test/873 + URI:http://test/874 + URI:http://test/875 + URI:http://test/876 + URI:http://test/877 + URI:http://test/878 + URI:http://test/879 + URI:http://test/880 + URI:http://test/881 + URI:http://test/882 + URI:http://test/883 + URI:http://test/884 + URI:http://test/885 + URI:http://test/886 + URI:http://test/887 + URI:http://test/888 + URI:http://test/889 + URI:http://test/890 + URI:http://test/891 + URI:http://test/892 + URI:http://test/893 + URI:http://test/894 + URI:http://test/895 + URI:http://test/896 + URI:http://test/897 + URI:http://test/898 + URI:http://test/899 + URI:http://test/900 + URI:http://test/901 + URI:http://test/902 + URI:http://test/903 + URI:http://test/904 + URI:http://test/905 + URI:http://test/906 + URI:http://test/907 + URI:http://test/908 + URI:http://test/909 + URI:http://test/910 + URI:http://test/911 + URI:http://test/912 + URI:http://test/913 + URI:http://test/914 + URI:http://test/915 + URI:http://test/916 + URI:http://test/917 + URI:http://test/918 + URI:http://test/919 + URI:http://test/920 + URI:http://test/921 + URI:http://test/922 + URI:http://test/923 + URI:http://test/924 + URI:http://test/925 + URI:http://test/926 + URI:http://test/927 + URI:http://test/928 + URI:http://test/929 + URI:http://test/930 + URI:http://test/931 + URI:http://test/932 + URI:http://test/933 + URI:http://test/934 + URI:http://test/935 + URI:http://test/936 + URI:http://test/937 + URI:http://test/938 + URI:http://test/939 + URI:http://test/940 + URI:http://test/941 + URI:http://test/942 + URI:http://test/943 + URI:http://test/944 + URI:http://test/945 + URI:http://test/946 + URI:http://test/947 + URI:http://test/948 + URI:http://test/949 + URI:http://test/950 + URI:http://test/951 + URI:http://test/952 + URI:http://test/953 + URI:http://test/954 + URI:http://test/955 + URI:http://test/956 + URI:http://test/957 + URI:http://test/958 + URI:http://test/959 + URI:http://test/960 + URI:http://test/961 + URI:http://test/962 + URI:http://test/963 + URI:http://test/964 + URI:http://test/965 + URI:http://test/966 + URI:http://test/967 + URI:http://test/968 + URI:http://test/969 + URI:http://test/970 + URI:http://test/971 + URI:http://test/972 + URI:http://test/973 + URI:http://test/974 + URI:http://test/975 + URI:http://test/976 + URI:http://test/977 + URI:http://test/978 + URI:http://test/979 + URI:http://test/980 + URI:http://test/981 + URI:http://test/982 + URI:http://test/983 + URI:http://test/984 + URI:http://test/985 + URI:http://test/986 + URI:http://test/987 + URI:http://test/988 + URI:http://test/989 + URI:http://test/990 + URI:http://test/991 + URI:http://test/992 + URI:http://test/993 + URI:http://test/994 + URI:http://test/995 + URI:http://test/996 + URI:http://test/997 + URI:http://test/998 + URI:http://test/999 + URI:http://test/1000 + URI:http://test/1001 + URI:http://test/1002 + URI:http://test/1003 + URI:http://test/1004 + URI:http://test/1005 + URI:http://test/1006 + URI:http://test/1007 + URI:http://test/1008 + URI:http://test/1009 + URI:http://test/1010 + URI:http://test/1011 + URI:http://test/1012 + URI:http://test/1013 + URI:http://test/1014 + URI:http://test/1015 + URI:http://test/1016 + URI:http://test/1017 + URI:http://test/1018 + URI:http://test/1019 + URI:http://test/1020 + URI:http://test/1021 + URI:http://test/1022 + URI:http://test/1023 + URI:http://test/1024 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + URI:http://xest/0 + URI:http://xest/1 + URI:http://xest/2 + URI:http://xest/3 + URI:http://xest/4 + URI:http://xest/5 + URI:http://xest/6 + URI:http://xest/7 + URI:http://xest/8 + URI:http://xest/9 + URI:http://xest/10 + URI:http://xest/11 + URI:http://xest/12 + URI:http://xest/13 + URI:http://xest/14 + URI:http://xest/15 + URI:http://xest/16 + URI:http://xest/17 + URI:http://xest/18 + URI:http://xest/19 + URI:http://xest/20 + URI:http://xest/21 + URI:http://xest/22 + URI:http://xest/23 + URI:http://xest/24 + URI:http://xest/25 + URI:http://xest/26 + URI:http://xest/27 + URI:http://xest/28 + URI:http://xest/29 + URI:http://xest/30 + URI:http://xest/31 + URI:http://xest/32 + URI:http://xest/33 + URI:http://xest/34 + URI:http://xest/35 + URI:http://xest/36 + URI:http://xest/37 + URI:http://xest/38 + URI:http://xest/39 + URI:http://xest/40 + URI:http://xest/41 + URI:http://xest/42 + URI:http://xest/43 + URI:http://xest/44 + URI:http://xest/45 + URI:http://xest/46 + URI:http://xest/47 + URI:http://xest/48 + URI:http://xest/49 + URI:http://xest/50 + URI:http://xest/51 + URI:http://xest/52 + URI:http://xest/53 + URI:http://xest/54 + URI:http://xest/55 + URI:http://xest/56 + URI:http://xest/57 + URI:http://xest/58 + URI:http://xest/59 + URI:http://xest/60 + URI:http://xest/61 + URI:http://xest/62 + URI:http://xest/63 + URI:http://xest/64 + URI:http://xest/65 + URI:http://xest/66 + URI:http://xest/67 + URI:http://xest/68 + URI:http://xest/69 + URI:http://xest/70 + URI:http://xest/71 + URI:http://xest/72 + URI:http://xest/73 + URI:http://xest/74 + URI:http://xest/75 + URI:http://xest/76 + URI:http://xest/77 + URI:http://xest/78 + URI:http://xest/79 + URI:http://xest/80 + URI:http://xest/81 + URI:http://xest/82 + URI:http://xest/83 + URI:http://xest/84 + URI:http://xest/85 + URI:http://xest/86 + URI:http://xest/87 + URI:http://xest/88 + URI:http://xest/89 + URI:http://xest/90 + URI:http://xest/91 + URI:http://xest/92 + URI:http://xest/93 + URI:http://xest/94 + URI:http://xest/95 + URI:http://xest/96 + URI:http://xest/97 + URI:http://xest/98 + URI:http://xest/99 + URI:http://xest/100 + URI:http://xest/101 + URI:http://xest/102 + URI:http://xest/103 + URI:http://xest/104 + URI:http://xest/105 + URI:http://xest/106 + URI:http://xest/107 + URI:http://xest/108 + URI:http://xest/109 + URI:http://xest/110 + URI:http://xest/111 + URI:http://xest/112 + URI:http://xest/113 + URI:http://xest/114 + URI:http://xest/115 + URI:http://xest/116 + URI:http://xest/117 + URI:http://xest/118 + URI:http://xest/119 + URI:http://xest/120 + URI:http://xest/121 + URI:http://xest/122 + URI:http://xest/123 + URI:http://xest/124 + URI:http://xest/125 + URI:http://xest/126 + URI:http://xest/127 + URI:http://xest/128 + URI:http://xest/129 + URI:http://xest/130 + URI:http://xest/131 + URI:http://xest/132 + URI:http://xest/133 + URI:http://xest/134 + URI:http://xest/135 + URI:http://xest/136 + URI:http://xest/137 + URI:http://xest/138 + URI:http://xest/139 + URI:http://xest/140 + URI:http://xest/141 + URI:http://xest/142 + URI:http://xest/143 + URI:http://xest/144 + URI:http://xest/145 + URI:http://xest/146 + URI:http://xest/147 + URI:http://xest/148 + URI:http://xest/149 + URI:http://xest/150 + URI:http://xest/151 + URI:http://xest/152 + URI:http://xest/153 + URI:http://xest/154 + URI:http://xest/155 + URI:http://xest/156 + URI:http://xest/157 + URI:http://xest/158 + URI:http://xest/159 + URI:http://xest/160 + URI:http://xest/161 + URI:http://xest/162 + URI:http://xest/163 + URI:http://xest/164 + URI:http://xest/165 + URI:http://xest/166 + URI:http://xest/167 + URI:http://xest/168 + URI:http://xest/169 + URI:http://xest/170 + URI:http://xest/171 + URI:http://xest/172 + URI:http://xest/173 + URI:http://xest/174 + URI:http://xest/175 + URI:http://xest/176 + URI:http://xest/177 + URI:http://xest/178 + URI:http://xest/179 + URI:http://xest/180 + URI:http://xest/181 + URI:http://xest/182 + URI:http://xest/183 + URI:http://xest/184 + URI:http://xest/185 + URI:http://xest/186 + URI:http://xest/187 + URI:http://xest/188 + URI:http://xest/189 + URI:http://xest/190 + URI:http://xest/191 + URI:http://xest/192 + URI:http://xest/193 + URI:http://xest/194 + URI:http://xest/195 + URI:http://xest/196 + URI:http://xest/197 + URI:http://xest/198 + URI:http://xest/199 + URI:http://xest/200 + URI:http://xest/201 + URI:http://xest/202 + URI:http://xest/203 + URI:http://xest/204 + URI:http://xest/205 + URI:http://xest/206 + URI:http://xest/207 + URI:http://xest/208 + URI:http://xest/209 + URI:http://xest/210 + URI:http://xest/211 + URI:http://xest/212 + URI:http://xest/213 + URI:http://xest/214 + URI:http://xest/215 + URI:http://xest/216 + URI:http://xest/217 + URI:http://xest/218 + URI:http://xest/219 + URI:http://xest/220 + URI:http://xest/221 + URI:http://xest/222 + URI:http://xest/223 + URI:http://xest/224 + URI:http://xest/225 + URI:http://xest/226 + URI:http://xest/227 + URI:http://xest/228 + URI:http://xest/229 + URI:http://xest/230 + URI:http://xest/231 + URI:http://xest/232 + URI:http://xest/233 + URI:http://xest/234 + URI:http://xest/235 + URI:http://xest/236 + URI:http://xest/237 + URI:http://xest/238 + URI:http://xest/239 + URI:http://xest/240 + URI:http://xest/241 + URI:http://xest/242 + URI:http://xest/243 + URI:http://xest/244 + URI:http://xest/245 + URI:http://xest/246 + URI:http://xest/247 + URI:http://xest/248 + URI:http://xest/249 + URI:http://xest/250 + URI:http://xest/251 + URI:http://xest/252 + URI:http://xest/253 + URI:http://xest/254 + URI:http://xest/255 + URI:http://xest/256 + URI:http://xest/257 + URI:http://xest/258 + URI:http://xest/259 + URI:http://xest/260 + URI:http://xest/261 + URI:http://xest/262 + URI:http://xest/263 + URI:http://xest/264 + URI:http://xest/265 + URI:http://xest/266 + URI:http://xest/267 + URI:http://xest/268 + URI:http://xest/269 + URI:http://xest/270 + URI:http://xest/271 + URI:http://xest/272 + URI:http://xest/273 + URI:http://xest/274 + URI:http://xest/275 + URI:http://xest/276 + URI:http://xest/277 + URI:http://xest/278 + URI:http://xest/279 + URI:http://xest/280 + URI:http://xest/281 + URI:http://xest/282 + URI:http://xest/283 + URI:http://xest/284 + URI:http://xest/285 + URI:http://xest/286 + URI:http://xest/287 + URI:http://xest/288 + URI:http://xest/289 + URI:http://xest/290 + URI:http://xest/291 + URI:http://xest/292 + URI:http://xest/293 + URI:http://xest/294 + URI:http://xest/295 + URI:http://xest/296 + URI:http://xest/297 + URI:http://xest/298 + URI:http://xest/299 + URI:http://xest/300 + URI:http://xest/301 + URI:http://xest/302 + URI:http://xest/303 + URI:http://xest/304 + URI:http://xest/305 + URI:http://xest/306 + URI:http://xest/307 + URI:http://xest/308 + URI:http://xest/309 + URI:http://xest/310 + URI:http://xest/311 + URI:http://xest/312 + URI:http://xest/313 + URI:http://xest/314 + URI:http://xest/315 + URI:http://xest/316 + URI:http://xest/317 + URI:http://xest/318 + URI:http://xest/319 + URI:http://xest/320 + URI:http://xest/321 + URI:http://xest/322 + URI:http://xest/323 + URI:http://xest/324 + URI:http://xest/325 + URI:http://xest/326 + URI:http://xest/327 + URI:http://xest/328 + URI:http://xest/329 + URI:http://xest/330 + URI:http://xest/331 + URI:http://xest/332 + URI:http://xest/333 + URI:http://xest/334 + URI:http://xest/335 + URI:http://xest/336 + URI:http://xest/337 + URI:http://xest/338 + URI:http://xest/339 + URI:http://xest/340 + URI:http://xest/341 + URI:http://xest/342 + URI:http://xest/343 + URI:http://xest/344 + URI:http://xest/345 + URI:http://xest/346 + URI:http://xest/347 + URI:http://xest/348 + URI:http://xest/349 + URI:http://xest/350 + URI:http://xest/351 + URI:http://xest/352 + URI:http://xest/353 + URI:http://xest/354 + URI:http://xest/355 + URI:http://xest/356 + URI:http://xest/357 + URI:http://xest/358 + URI:http://xest/359 + URI:http://xest/360 + URI:http://xest/361 + URI:http://xest/362 + URI:http://xest/363 + URI:http://xest/364 + URI:http://xest/365 + URI:http://xest/366 + URI:http://xest/367 + URI:http://xest/368 + URI:http://xest/369 + URI:http://xest/370 + URI:http://xest/371 + URI:http://xest/372 + URI:http://xest/373 + URI:http://xest/374 + URI:http://xest/375 + URI:http://xest/376 + URI:http://xest/377 + URI:http://xest/378 + URI:http://xest/379 + URI:http://xest/380 + URI:http://xest/381 + URI:http://xest/382 + URI:http://xest/383 + URI:http://xest/384 + URI:http://xest/385 + URI:http://xest/386 + URI:http://xest/387 + URI:http://xest/388 + URI:http://xest/389 + URI:http://xest/390 + URI:http://xest/391 + URI:http://xest/392 + URI:http://xest/393 + URI:http://xest/394 + URI:http://xest/395 + URI:http://xest/396 + URI:http://xest/397 + URI:http://xest/398 + URI:http://xest/399 + URI:http://xest/400 + URI:http://xest/401 + URI:http://xest/402 + URI:http://xest/403 + URI:http://xest/404 + URI:http://xest/405 + URI:http://xest/406 + URI:http://xest/407 + URI:http://xest/408 + URI:http://xest/409 + URI:http://xest/410 + URI:http://xest/411 + URI:http://xest/412 + URI:http://xest/413 + URI:http://xest/414 + URI:http://xest/415 + URI:http://xest/416 + URI:http://xest/417 + URI:http://xest/418 + URI:http://xest/419 + URI:http://xest/420 + URI:http://xest/421 + URI:http://xest/422 + URI:http://xest/423 + URI:http://xest/424 + URI:http://xest/425 + URI:http://xest/426 + URI:http://xest/427 + URI:http://xest/428 + URI:http://xest/429 + URI:http://xest/430 + URI:http://xest/431 + URI:http://xest/432 + URI:http://xest/433 + URI:http://xest/434 + URI:http://xest/435 + URI:http://xest/436 + URI:http://xest/437 + URI:http://xest/438 + URI:http://xest/439 + URI:http://xest/440 + URI:http://xest/441 + URI:http://xest/442 + URI:http://xest/443 + URI:http://xest/444 + URI:http://xest/445 + URI:http://xest/446 + URI:http://xest/447 + URI:http://xest/448 + URI:http://xest/449 + URI:http://xest/450 + URI:http://xest/451 + URI:http://xest/452 + URI:http://xest/453 + URI:http://xest/454 + URI:http://xest/455 + URI:http://xest/456 + URI:http://xest/457 + URI:http://xest/458 + URI:http://xest/459 + URI:http://xest/460 + URI:http://xest/461 + URI:http://xest/462 + URI:http://xest/463 + URI:http://xest/464 + URI:http://xest/465 + URI:http://xest/466 + URI:http://xest/467 + URI:http://xest/468 + URI:http://xest/469 + URI:http://xest/470 + URI:http://xest/471 + URI:http://xest/472 + URI:http://xest/473 + URI:http://xest/474 + URI:http://xest/475 + URI:http://xest/476 + URI:http://xest/477 + URI:http://xest/478 + URI:http://xest/479 + URI:http://xest/480 + URI:http://xest/481 + URI:http://xest/482 + URI:http://xest/483 + URI:http://xest/484 + URI:http://xest/485 + URI:http://xest/486 + URI:http://xest/487 + URI:http://xest/488 + URI:http://xest/489 + URI:http://xest/490 + URI:http://xest/491 + URI:http://xest/492 + URI:http://xest/493 + URI:http://xest/494 + URI:http://xest/495 + URI:http://xest/496 + URI:http://xest/497 + URI:http://xest/498 + URI:http://xest/499 + URI:http://xest/500 + URI:http://xest/501 + URI:http://xest/502 + URI:http://xest/503 + URI:http://xest/504 + URI:http://xest/505 + URI:http://xest/506 + URI:http://xest/507 + URI:http://xest/508 + URI:http://xest/509 + URI:http://xest/510 + URI:http://xest/511 + URI:http://xest/512 + URI:http://xest/513 + URI:http://xest/514 + URI:http://xest/515 + URI:http://xest/516 + URI:http://xest/517 + URI:http://xest/518 + URI:http://xest/519 + URI:http://xest/520 + URI:http://xest/521 + URI:http://xest/522 + URI:http://xest/523 + URI:http://xest/524 + URI:http://xest/525 + URI:http://xest/526 + URI:http://xest/527 + URI:http://xest/528 + URI:http://xest/529 + URI:http://xest/530 + URI:http://xest/531 + URI:http://xest/532 + URI:http://xest/533 + URI:http://xest/534 + URI:http://xest/535 + URI:http://xest/536 + URI:http://xest/537 + URI:http://xest/538 + URI:http://xest/539 + URI:http://xest/540 + URI:http://xest/541 + URI:http://xest/542 + URI:http://xest/543 + URI:http://xest/544 + URI:http://xest/545 + URI:http://xest/546 + URI:http://xest/547 + URI:http://xest/548 + URI:http://xest/549 + URI:http://xest/550 + URI:http://xest/551 + URI:http://xest/552 + URI:http://xest/553 + URI:http://xest/554 + URI:http://xest/555 + URI:http://xest/556 + URI:http://xest/557 + URI:http://xest/558 + URI:http://xest/559 + URI:http://xest/560 + URI:http://xest/561 + URI:http://xest/562 + URI:http://xest/563 + URI:http://xest/564 + URI:http://xest/565 + URI:http://xest/566 + URI:http://xest/567 + URI:http://xest/568 + URI:http://xest/569 + URI:http://xest/570 + URI:http://xest/571 + URI:http://xest/572 + URI:http://xest/573 + URI:http://xest/574 + URI:http://xest/575 + URI:http://xest/576 + URI:http://xest/577 + URI:http://xest/578 + URI:http://xest/579 + URI:http://xest/580 + URI:http://xest/581 + URI:http://xest/582 + URI:http://xest/583 + URI:http://xest/584 + URI:http://xest/585 + URI:http://xest/586 + URI:http://xest/587 + URI:http://xest/588 + URI:http://xest/589 + URI:http://xest/590 + URI:http://xest/591 + URI:http://xest/592 + URI:http://xest/593 + URI:http://xest/594 + URI:http://xest/595 + URI:http://xest/596 + URI:http://xest/597 + URI:http://xest/598 + URI:http://xest/599 + URI:http://xest/600 + URI:http://xest/601 + URI:http://xest/602 + URI:http://xest/603 + URI:http://xest/604 + URI:http://xest/605 + URI:http://xest/606 + URI:http://xest/607 + URI:http://xest/608 + URI:http://xest/609 + URI:http://xest/610 + URI:http://xest/611 + URI:http://xest/612 + URI:http://xest/613 + URI:http://xest/614 + URI:http://xest/615 + URI:http://xest/616 + URI:http://xest/617 + URI:http://xest/618 + URI:http://xest/619 + URI:http://xest/620 + URI:http://xest/621 + URI:http://xest/622 + URI:http://xest/623 + URI:http://xest/624 + URI:http://xest/625 + URI:http://xest/626 + URI:http://xest/627 + URI:http://xest/628 + URI:http://xest/629 + URI:http://xest/630 + URI:http://xest/631 + URI:http://xest/632 + URI:http://xest/633 + URI:http://xest/634 + URI:http://xest/635 + URI:http://xest/636 + URI:http://xest/637 + URI:http://xest/638 + URI:http://xest/639 + URI:http://xest/640 + URI:http://xest/641 + URI:http://xest/642 + URI:http://xest/643 + URI:http://xest/644 + URI:http://xest/645 + URI:http://xest/646 + URI:http://xest/647 + URI:http://xest/648 + URI:http://xest/649 + URI:http://xest/650 + URI:http://xest/651 + URI:http://xest/652 + URI:http://xest/653 + URI:http://xest/654 + URI:http://xest/655 + URI:http://xest/656 + URI:http://xest/657 + URI:http://xest/658 + URI:http://xest/659 + URI:http://xest/660 + URI:http://xest/661 + URI:http://xest/662 + URI:http://xest/663 + URI:http://xest/664 + URI:http://xest/665 + URI:http://xest/666 + URI:http://xest/667 + URI:http://xest/668 + URI:http://xest/669 + URI:http://xest/670 + URI:http://xest/671 + URI:http://xest/672 + URI:http://xest/673 + URI:http://xest/674 + URI:http://xest/675 + URI:http://xest/676 + URI:http://xest/677 + URI:http://xest/678 + URI:http://xest/679 + URI:http://xest/680 + URI:http://xest/681 + URI:http://xest/682 + URI:http://xest/683 + URI:http://xest/684 + URI:http://xest/685 + URI:http://xest/686 + URI:http://xest/687 + URI:http://xest/688 + URI:http://xest/689 + URI:http://xest/690 + URI:http://xest/691 + URI:http://xest/692 + URI:http://xest/693 + URI:http://xest/694 + URI:http://xest/695 + URI:http://xest/696 + URI:http://xest/697 + URI:http://xest/698 + URI:http://xest/699 + URI:http://xest/700 + URI:http://xest/701 + URI:http://xest/702 + URI:http://xest/703 + URI:http://xest/704 + URI:http://xest/705 + URI:http://xest/706 + URI:http://xest/707 + URI:http://xest/708 + URI:http://xest/709 + URI:http://xest/710 + URI:http://xest/711 + URI:http://xest/712 + URI:http://xest/713 + URI:http://xest/714 + URI:http://xest/715 + URI:http://xest/716 + URI:http://xest/717 + URI:http://xest/718 + URI:http://xest/719 + URI:http://xest/720 + URI:http://xest/721 + URI:http://xest/722 + URI:http://xest/723 + URI:http://xest/724 + URI:http://xest/725 + URI:http://xest/726 + URI:http://xest/727 + URI:http://xest/728 + URI:http://xest/729 + URI:http://xest/730 + URI:http://xest/731 + URI:http://xest/732 + URI:http://xest/733 + URI:http://xest/734 + URI:http://xest/735 + URI:http://xest/736 + URI:http://xest/737 + URI:http://xest/738 + URI:http://xest/739 + URI:http://xest/740 + URI:http://xest/741 + URI:http://xest/742 + URI:http://xest/743 + URI:http://xest/744 + URI:http://xest/745 + URI:http://xest/746 + URI:http://xest/747 + URI:http://xest/748 + URI:http://xest/749 + URI:http://xest/750 + URI:http://xest/751 + URI:http://xest/752 + URI:http://xest/753 + URI:http://xest/754 + URI:http://xest/755 + URI:http://xest/756 + URI:http://xest/757 + URI:http://xest/758 + URI:http://xest/759 + URI:http://xest/760 + URI:http://xest/761 + URI:http://xest/762 + URI:http://xest/763 + URI:http://xest/764 + URI:http://xest/765 + URI:http://xest/766 + URI:http://xest/767 + URI:http://xest/768 + URI:http://xest/769 + URI:http://xest/770 + URI:http://xest/771 + URI:http://xest/772 + URI:http://xest/773 + URI:http://xest/774 + URI:http://xest/775 + URI:http://xest/776 + URI:http://xest/777 + URI:http://xest/778 + URI:http://xest/779 + URI:http://xest/780 + URI:http://xest/781 + URI:http://xest/782 + URI:http://xest/783 + URI:http://xest/784 + URI:http://xest/785 + URI:http://xest/786 + URI:http://xest/787 + URI:http://xest/788 + URI:http://xest/789 + URI:http://xest/790 + URI:http://xest/791 + URI:http://xest/792 + URI:http://xest/793 + URI:http://xest/794 + URI:http://xest/795 + URI:http://xest/796 + URI:http://xest/797 + URI:http://xest/798 + URI:http://xest/799 + URI:http://xest/800 + URI:http://xest/801 + URI:http://xest/802 + URI:http://xest/803 + URI:http://xest/804 + URI:http://xest/805 + URI:http://xest/806 + URI:http://xest/807 + URI:http://xest/808 + URI:http://xest/809 + URI:http://xest/810 + URI:http://xest/811 + URI:http://xest/812 + URI:http://xest/813 + URI:http://xest/814 + URI:http://xest/815 + URI:http://xest/816 + URI:http://xest/817 + URI:http://xest/818 + URI:http://xest/819 + URI:http://xest/820 + URI:http://xest/821 + URI:http://xest/822 + URI:http://xest/823 + URI:http://xest/824 + URI:http://xest/825 + URI:http://xest/826 + URI:http://xest/827 + URI:http://xest/828 + URI:http://xest/829 + URI:http://xest/830 + URI:http://xest/831 + URI:http://xest/832 + URI:http://xest/833 + URI:http://xest/834 + URI:http://xest/835 + URI:http://xest/836 + URI:http://xest/837 + URI:http://xest/838 + URI:http://xest/839 + URI:http://xest/840 + URI:http://xest/841 + URI:http://xest/842 + URI:http://xest/843 + URI:http://xest/844 + URI:http://xest/845 + URI:http://xest/846 + URI:http://xest/847 + URI:http://xest/848 + URI:http://xest/849 + URI:http://xest/850 + URI:http://xest/851 + URI:http://xest/852 + URI:http://xest/853 + URI:http://xest/854 + URI:http://xest/855 + URI:http://xest/856 + URI:http://xest/857 + URI:http://xest/858 + URI:http://xest/859 + URI:http://xest/860 + URI:http://xest/861 + URI:http://xest/862 + URI:http://xest/863 + URI:http://xest/864 + URI:http://xest/865 + URI:http://xest/866 + URI:http://xest/867 + URI:http://xest/868 + URI:http://xest/869 + URI:http://xest/870 + URI:http://xest/871 + URI:http://xest/872 + URI:http://xest/873 + URI:http://xest/874 + URI:http://xest/875 + URI:http://xest/876 + URI:http://xest/877 + URI:http://xest/878 + URI:http://xest/879 + URI:http://xest/880 + URI:http://xest/881 + URI:http://xest/882 + URI:http://xest/883 + URI:http://xest/884 + URI:http://xest/885 + URI:http://xest/886 + URI:http://xest/887 + URI:http://xest/888 + URI:http://xest/889 + URI:http://xest/890 + URI:http://xest/891 + URI:http://xest/892 + URI:http://xest/893 + URI:http://xest/894 + URI:http://xest/895 + URI:http://xest/896 + URI:http://xest/897 + URI:http://xest/898 + URI:http://xest/899 + URI:http://xest/900 + URI:http://xest/901 + URI:http://xest/902 + URI:http://xest/903 + URI:http://xest/904 + URI:http://xest/905 + URI:http://xest/906 + URI:http://xest/907 + URI:http://xest/908 + URI:http://xest/909 + URI:http://xest/910 + URI:http://xest/911 + URI:http://xest/912 + URI:http://xest/913 + URI:http://xest/914 + URI:http://xest/915 + URI:http://xest/916 + URI:http://xest/917 + URI:http://xest/918 + URI:http://xest/919 + URI:http://xest/920 + URI:http://xest/921 + URI:http://xest/922 + URI:http://xest/923 + URI:http://xest/924 + URI:http://xest/925 + URI:http://xest/926 + URI:http://xest/927 + URI:http://xest/928 + URI:http://xest/929 + URI:http://xest/930 + URI:http://xest/931 + URI:http://xest/932 + URI:http://xest/933 + URI:http://xest/934 + URI:http://xest/935 + URI:http://xest/936 + URI:http://xest/937 + URI:http://xest/938 + URI:http://xest/939 + URI:http://xest/940 + URI:http://xest/941 + URI:http://xest/942 + URI:http://xest/943 + URI:http://xest/944 + URI:http://xest/945 + URI:http://xest/946 + URI:http://xest/947 + URI:http://xest/948 + URI:http://xest/949 + URI:http://xest/950 + URI:http://xest/951 + URI:http://xest/952 + URI:http://xest/953 + URI:http://xest/954 + URI:http://xest/955 + URI:http://xest/956 + URI:http://xest/957 + URI:http://xest/958 + URI:http://xest/959 + URI:http://xest/960 + URI:http://xest/961 + URI:http://xest/962 + URI:http://xest/963 + URI:http://xest/964 + URI:http://xest/965 + URI:http://xest/966 + URI:http://xest/967 + URI:http://xest/968 + URI:http://xest/969 + URI:http://xest/970 + URI:http://xest/971 + URI:http://xest/972 + URI:http://xest/973 + URI:http://xest/974 + URI:http://xest/975 + URI:http://xest/976 + URI:http://xest/977 + URI:http://xest/978 + URI:http://xest/979 + URI:http://xest/980 + URI:http://xest/981 + URI:http://xest/982 + URI:http://xest/983 + URI:http://xest/984 + URI:http://xest/985 + URI:http://xest/986 + URI:http://xest/987 + URI:http://xest/988 + URI:http://xest/989 + URI:http://xest/990 + URI:http://xest/991 + URI:http://xest/992 + URI:http://xest/993 + URI:http://xest/994 + URI:http://xest/995 + URI:http://xest/996 + URI:http://xest/997 + URI:http://xest/998 + URI:http://xest/999 + URI:http://xest/1000 + URI:http://xest/1001 + URI:http://xest/1002 + URI:http://xest/1003 + URI:http://xest/1004 + URI:http://xest/1005 + URI:http://xest/1006 + URI:http://xest/1007 + URI:http://xest/1008 + URI:http://xest/1009 + URI:http://xest/1010 + URI:http://xest/1011 + URI:http://xest/1012 + URI:http://xest/1013 + URI:http://xest/1014 + URI:http://xest/1015 + URI:http://xest/1016 + URI:http://xest/1017 + URI:http://xest/1018 + URI:http://xest/1019 + URI:http://xest/1020 + URI:http://xest/1021 + URI:http://xest/1022 + URI:http://xest/1023 + URI:http://xest/1024 + + Signature Algorithm: sha256WithRSAEncryption + 37:a8:be:e4:03:62:63:15:b0:fe:be:49:7f:22:5e:7a:f8:b4: + 33:0c:fe:3b:41:0c:99:dc:bd:b0:a3:0c:3a:54:42:27:62:18: + 15:af:e6:d5:91:63:17:1d:1b:3f:ca:f6:2e:2f:6e:71:5e:66: + 86:27:69:91:31:5d:35:85:d4:46:77:69:45:50:05:9c:bc:39: + b8:0f:d0:96:a6:65:02:d3:80:53:ac:58:9c:f3:ec:27:27:b2: + 33:44:51:17:79:90:ea:b1:57:32:f7:e0:58:a4:99:64:78:55: + 61:16:d3:51:62:cf:26:02:8d:7d:df:2d:d8:c3:d2:00:5e:03: + 49:78:20:b7:78:9e:9e:b6:56:e9:48:4d:c5:5a:ea:28:e8:16: + 70:4a:39:bb:1d:88:40:5a:fd:67:82:73:f3:c6:f2:e9:ed:70: + 83:de:72:3f:7d:08:2f:1a:43:4d:c9:b2:e9:ce:e6:43:a9:74: + 25:cd:ba:95:cd:51:97:cb:56:d4:e6:e6:d9:69:0a:5f:48:17: + 2a:3b:41:ac:a5:ec:1f:30:c9:b2:f1:68:8f:a1:0f:1e:7d:9e: + e3:be:bb:8d:cb:6e:41:6a:16:7a:48:f5:ac:14:69:f7:de:63: + fc:94:80:e7:62:da:e6:99:12:ad:f1:d2:5d:76:6b:c3:11:6e: + 55:5d:7e:ec +-----BEGIN CERTIFICATE----- +MILWujCC1aKgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOC1AQwgtQAMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgtM0BgNVHR4EgtMrMILTJ6CCabEwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAqHCAoAAAD/////MAqHCAoAAAH///// +MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoAAAX///// +MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoAAAn///// +MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoAAA3///// +MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoAABH///// +MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoAABX///// +MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoAABn///// +MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoAAB3///// +MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoAACH///// +MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoAACX///// +MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoAACn///// +MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoAAC3///// +MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoAADH///// +MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoAADX///// +MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoAADn///// +MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoAAD3///// +MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoAAEH///// +MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoAAEX///// +MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoAAEn///// +MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoAAE3///// +MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoAAFH///// +MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoAAFX///// +MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoAAFn///// +MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoAAF3///// +MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoAAGH///// +MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoAAGX///// +MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoAAGn///// +MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoAAG3///// +MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoAAHH///// +MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoAAHX///// +MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoAAHn///// +MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoAAH3///// +MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoAAIH///// +MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoAAIX///// +MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoAAIn///// +MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoAAI3///// +MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoAAJH///// +MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoAAJX///// +MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoAAJn///// +MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoAAJ3///// +MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoAAKH///// +MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoAAKX///// +MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoAAKn///// +MAqHCAoAAKr/////MBGkDzANMQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwC +dDEwEaQPMA0xCzAJBgNVBAMMAnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTEL +MAkGA1UEAwwCdDQwEaQPMA0xCzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0 +NjARpA8wDTELMAkGA1UEAwwCdDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQsw +CQYDVQQDDAJ0OTASpBAwDjEMMAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0 +MTEwEqQQMA4xDDAKBgNVBAMMA3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAO +MQwwCgYDVQQDDAN0MTQwEqQQMA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UE +AwwDdDE2MBKkEDAOMQwwCgYDVQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODAS +pBAwDjEMMAoGA1UEAwwDdDE5MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAK +BgNVBAMMA3QyMTASpBAwDjEMMAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0 +MjMwEqQQMA4xDDAKBgNVBAMMA3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAO +MQwwCgYDVQQDDAN0MjYwEqQQMA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UE +AwwDdDI4MBKkEDAOMQwwCgYDVQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDAS +pBAwDjEMMAoGA1UEAwwDdDMxMBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAK +BgNVBAMMA3QzMzASpBAwDjEMMAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0 +MzUwEqQQMA4xDDAKBgNVBAMMA3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAO +MQwwCgYDVQQDDAN0MzgwEqQQMA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UE +AwwDdDQwMBKkEDAOMQwwCgYDVQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjAS +pBAwDjEMMAoGA1UEAwwDdDQzMBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAK +BgNVBAMMA3Q0NTASpBAwDjEMMAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0 +NDcwEqQQMA4xDDAKBgNVBAMMA3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAO +MQwwCgYDVQQDDAN0NTAwEqQQMA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UE +AwwDdDUyMBKkEDAOMQwwCgYDVQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDAS +pBAwDjEMMAoGA1UEAwwDdDU1MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAK +BgNVBAMMA3Q1NzASpBAwDjEMMAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0 +NTkwEqQQMA4xDDAKBgNVBAMMA3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAO +MQwwCgYDVQQDDAN0NjIwEqQQMA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UE +AwwDdDY0MBKkEDAOMQwwCgYDVQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjAS +pBAwDjEMMAoGA1UEAwwDdDY3MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAK +BgNVBAMMA3Q2OTASpBAwDjEMMAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0 +NzEwEqQQMA4xDDAKBgNVBAMMA3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAO +MQwwCgYDVQQDDAN0NzQwEqQQMA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UE +AwwDdDc2MBKkEDAOMQwwCgYDVQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODAS +pBAwDjEMMAoGA1UEAwwDdDc5MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAK +BgNVBAMMA3Q4MTASpBAwDjEMMAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0 +ODMwEqQQMA4xDDAKBgNVBAMMA3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAO +MQwwCgYDVQQDDAN0ODYwEqQQMA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UE +AwwDdDg4MBKkEDAOMQwwCgYDVQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDAS +pBAwDjEMMAoGA1UEAwwDdDkxMBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAK +BgNVBAMMA3Q5MzASpBAwDjEMMAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0 +OTUwEqQQMA4xDDAKBgNVBAMMA3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAO +MQwwCgYDVQQDDAN0OTgwEqQQMA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UE +AwwEdDEwMDATpBEwDzENMAsGA1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEw +MjATpBEwDzENMAsGA1UEAwwEdDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEw +DzENMAsGA1UEAwwEdDEwNTATpBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsG +A1UEAwwEdDEwNzATpBEwDzENMAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwE +dDEwOTATpBEwDzENMAsGA1UEAwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTAT +pBEwDzENMAsGA1UEAwwEdDExMjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzEN +MAsGA1UEAwwEdDExNDATpBEwDzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UE +AwwEdDExNjATpBEwDzENMAsGA1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDEx +ODATpBEwDzENMAsGA1UEAwwEdDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEw +DzENMAsGA1UEAwwEdDEyMTATpBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsG +A1UEAwwEdDEyMzATpBEwDzENMAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwE +dDEyNTATpBEwDzENMAsGA1UEAwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzAT +pBEwDzENMAsGA1UEAwwEdDEyODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzEN +MAsGA1UEAwwEdDEzMDATpBEwDzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UE +AwwEdDEzMjATpBEwDzENMAsGA1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEz +NDATpBEwDzENMAsGA1UEAwwEdDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEw +DzENMAsGA1UEAwwEdDEzNzATpBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsG +A1UEAwwEdDEzOTATpBEwDzENMAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwE +dDE0MTATpBEwDzENMAsGA1UEAwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzAT +pBEwDzENMAsGA1UEAwwEdDE0NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzEN +MAsGA1UEAwwEdDE0NjATpBEwDzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UE +AwwEdDE0ODATpBEwDzENMAsGA1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1 +MDATpBEwDzENMAsGA1UEAwwEdDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEw +DzENMAsGA1UEAwwEdDE1MzATpBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsG +A1UEAwwEdDE1NTATpBEwDzENMAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwE +dDE1NzATpBEwDzENMAsGA1UEAwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTAT +pBEwDzENMAsGA1UEAwwEdDE2MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzEN +MAsGA1UEAwwEdDE2MjATpBEwDzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UE +AwwEdDE2NDATpBEwDzENMAsGA1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2 +NjATpBEwDzENMAsGA1UEAwwEdDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEw +DzENMAsGA1UEAwwEdDE2OTATpBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsG +A1UEAwwEdDE3MTAPhg1odHRwOi8vdGVzdC8wMA+GDWh0dHA6Ly90ZXN0LzEwD4YN +aHR0cDovL3Rlc3QvMjAPhg1odHRwOi8vdGVzdC8zMA+GDWh0dHA6Ly90ZXN0LzQw +D4YNaHR0cDovL3Rlc3QvNTAPhg1odHRwOi8vdGVzdC82MA+GDWh0dHA6Ly90ZXN0 +LzcwD4YNaHR0cDovL3Rlc3QvODAPhg1odHRwOi8vdGVzdC85MBCGDmh0dHA6Ly90 +ZXN0LzEwMBCGDmh0dHA6Ly90ZXN0LzExMBCGDmh0dHA6Ly90ZXN0LzEyMBCGDmh0 +dHA6Ly90ZXN0LzEzMBCGDmh0dHA6Ly90ZXN0LzE0MBCGDmh0dHA6Ly90ZXN0LzE1 +MBCGDmh0dHA6Ly90ZXN0LzE2MBCGDmh0dHA6Ly90ZXN0LzE3MBCGDmh0dHA6Ly90 +ZXN0LzE4MBCGDmh0dHA6Ly90ZXN0LzE5MBCGDmh0dHA6Ly90ZXN0LzIwMBCGDmh0 +dHA6Ly90ZXN0LzIxMBCGDmh0dHA6Ly90ZXN0LzIyMBCGDmh0dHA6Ly90ZXN0LzIz +MBCGDmh0dHA6Ly90ZXN0LzI0MBCGDmh0dHA6Ly90ZXN0LzI1MBCGDmh0dHA6Ly90 +ZXN0LzI2MBCGDmh0dHA6Ly90ZXN0LzI3MBCGDmh0dHA6Ly90ZXN0LzI4MBCGDmh0 +dHA6Ly90ZXN0LzI5MBCGDmh0dHA6Ly90ZXN0LzMwMBCGDmh0dHA6Ly90ZXN0LzMx +MBCGDmh0dHA6Ly90ZXN0LzMyMBCGDmh0dHA6Ly90ZXN0LzMzMBCGDmh0dHA6Ly90 +ZXN0LzM0MBCGDmh0dHA6Ly90ZXN0LzM1MBCGDmh0dHA6Ly90ZXN0LzM2MBCGDmh0 +dHA6Ly90ZXN0LzM3MBCGDmh0dHA6Ly90ZXN0LzM4MBCGDmh0dHA6Ly90ZXN0LzM5 +MBCGDmh0dHA6Ly90ZXN0LzQwMBCGDmh0dHA6Ly90ZXN0LzQxMBCGDmh0dHA6Ly90 +ZXN0LzQyMBCGDmh0dHA6Ly90ZXN0LzQzMBCGDmh0dHA6Ly90ZXN0LzQ0MBCGDmh0 +dHA6Ly90ZXN0LzQ1MBCGDmh0dHA6Ly90ZXN0LzQ2MBCGDmh0dHA6Ly90ZXN0LzQ3 +MBCGDmh0dHA6Ly90ZXN0LzQ4MBCGDmh0dHA6Ly90ZXN0LzQ5MBCGDmh0dHA6Ly90 +ZXN0LzUwMBCGDmh0dHA6Ly90ZXN0LzUxMBCGDmh0dHA6Ly90ZXN0LzUyMBCGDmh0 +dHA6Ly90ZXN0LzUzMBCGDmh0dHA6Ly90ZXN0LzU0MBCGDmh0dHA6Ly90ZXN0LzU1 +MBCGDmh0dHA6Ly90ZXN0LzU2MBCGDmh0dHA6Ly90ZXN0LzU3MBCGDmh0dHA6Ly90 +ZXN0LzU4MBCGDmh0dHA6Ly90ZXN0LzU5MBCGDmh0dHA6Ly90ZXN0LzYwMBCGDmh0 +dHA6Ly90ZXN0LzYxMBCGDmh0dHA6Ly90ZXN0LzYyMBCGDmh0dHA6Ly90ZXN0LzYz +MBCGDmh0dHA6Ly90ZXN0LzY0MBCGDmh0dHA6Ly90ZXN0LzY1MBCGDmh0dHA6Ly90 +ZXN0LzY2MBCGDmh0dHA6Ly90ZXN0LzY3MBCGDmh0dHA6Ly90ZXN0LzY4MBCGDmh0 +dHA6Ly90ZXN0LzY5MBCGDmh0dHA6Ly90ZXN0LzcwMBCGDmh0dHA6Ly90ZXN0Lzcx +MBCGDmh0dHA6Ly90ZXN0LzcyMBCGDmh0dHA6Ly90ZXN0LzczMBCGDmh0dHA6Ly90 +ZXN0Lzc0MBCGDmh0dHA6Ly90ZXN0Lzc1MBCGDmh0dHA6Ly90ZXN0Lzc2MBCGDmh0 +dHA6Ly90ZXN0Lzc3MBCGDmh0dHA6Ly90ZXN0Lzc4MBCGDmh0dHA6Ly90ZXN0Lzc5 +MBCGDmh0dHA6Ly90ZXN0LzgwMBCGDmh0dHA6Ly90ZXN0LzgxMBCGDmh0dHA6Ly90 +ZXN0LzgyMBCGDmh0dHA6Ly90ZXN0LzgzMBCGDmh0dHA6Ly90ZXN0Lzg0MBCGDmh0 +dHA6Ly90ZXN0Lzg1MBCGDmh0dHA6Ly90ZXN0Lzg2MBCGDmh0dHA6Ly90ZXN0Lzg3 +MBCGDmh0dHA6Ly90ZXN0Lzg4MBCGDmh0dHA6Ly90ZXN0Lzg5MBCGDmh0dHA6Ly90 +ZXN0LzkwMBCGDmh0dHA6Ly90ZXN0LzkxMBCGDmh0dHA6Ly90ZXN0LzkyMBCGDmh0 +dHA6Ly90ZXN0LzkzMBCGDmh0dHA6Ly90ZXN0Lzk0MBCGDmh0dHA6Ly90ZXN0Lzk1 +MBCGDmh0dHA6Ly90ZXN0Lzk2MBCGDmh0dHA6Ly90ZXN0Lzk3MBCGDmh0dHA6Ly90 +ZXN0Lzk4MBCGDmh0dHA6Ly90ZXN0Lzk5MBGGD2h0dHA6Ly90ZXN0LzEwMDARhg9o +dHRwOi8vdGVzdC8xMDEwEYYPaHR0cDovL3Rlc3QvMTAyMBGGD2h0dHA6Ly90ZXN0 +LzEwMzARhg9odHRwOi8vdGVzdC8xMDQwEYYPaHR0cDovL3Rlc3QvMTA1MBGGD2h0 +dHA6Ly90ZXN0LzEwNjARhg9odHRwOi8vdGVzdC8xMDcwEYYPaHR0cDovL3Rlc3Qv +MTA4MBGGD2h0dHA6Ly90ZXN0LzEwOTARhg9odHRwOi8vdGVzdC8xMTAwEYYPaHR0 +cDovL3Rlc3QvMTExMBGGD2h0dHA6Ly90ZXN0LzExMjARhg9odHRwOi8vdGVzdC8x +MTMwEYYPaHR0cDovL3Rlc3QvMTE0MBGGD2h0dHA6Ly90ZXN0LzExNTARhg9odHRw +Oi8vdGVzdC8xMTYwEYYPaHR0cDovL3Rlc3QvMTE3MBGGD2h0dHA6Ly90ZXN0LzEx +ODARhg9odHRwOi8vdGVzdC8xMTkwEYYPaHR0cDovL3Rlc3QvMTIwMBGGD2h0dHA6 +Ly90ZXN0LzEyMTARhg9odHRwOi8vdGVzdC8xMjIwEYYPaHR0cDovL3Rlc3QvMTIz +MBGGD2h0dHA6Ly90ZXN0LzEyNDARhg9odHRwOi8vdGVzdC8xMjUwEYYPaHR0cDov +L3Rlc3QvMTI2MBGGD2h0dHA6Ly90ZXN0LzEyNzARhg9odHRwOi8vdGVzdC8xMjgw +EYYPaHR0cDovL3Rlc3QvMTI5MBGGD2h0dHA6Ly90ZXN0LzEzMDARhg9odHRwOi8v +dGVzdC8xMzEwEYYPaHR0cDovL3Rlc3QvMTMyMBGGD2h0dHA6Ly90ZXN0LzEzMzAR +hg9odHRwOi8vdGVzdC8xMzQwEYYPaHR0cDovL3Rlc3QvMTM1MBGGD2h0dHA6Ly90 +ZXN0LzEzNjARhg9odHRwOi8vdGVzdC8xMzcwEYYPaHR0cDovL3Rlc3QvMTM4MBGG +D2h0dHA6Ly90ZXN0LzEzOTARhg9odHRwOi8vdGVzdC8xNDAwEYYPaHR0cDovL3Rl +c3QvMTQxMBGGD2h0dHA6Ly90ZXN0LzE0MjARhg9odHRwOi8vdGVzdC8xNDMwEYYP +aHR0cDovL3Rlc3QvMTQ0MBGGD2h0dHA6Ly90ZXN0LzE0NTARhg9odHRwOi8vdGVz +dC8xNDYwEYYPaHR0cDovL3Rlc3QvMTQ3MBGGD2h0dHA6Ly90ZXN0LzE0ODARhg9o +dHRwOi8vdGVzdC8xNDkwEYYPaHR0cDovL3Rlc3QvMTUwMBGGD2h0dHA6Ly90ZXN0 +LzE1MTARhg9odHRwOi8vdGVzdC8xNTIwEYYPaHR0cDovL3Rlc3QvMTUzMBGGD2h0 +dHA6Ly90ZXN0LzE1NDARhg9odHRwOi8vdGVzdC8xNTUwEYYPaHR0cDovL3Rlc3Qv +MTU2MBGGD2h0dHA6Ly90ZXN0LzE1NzARhg9odHRwOi8vdGVzdC8xNTgwEYYPaHR0 +cDovL3Rlc3QvMTU5MBGGD2h0dHA6Ly90ZXN0LzE2MDARhg9odHRwOi8vdGVzdC8x +NjEwEYYPaHR0cDovL3Rlc3QvMTYyMBGGD2h0dHA6Ly90ZXN0LzE2MzARhg9odHRw +Oi8vdGVzdC8xNjQwEYYPaHR0cDovL3Rlc3QvMTY1MBGGD2h0dHA6Ly90ZXN0LzE2 +NjARhg9odHRwOi8vdGVzdC8xNjcwEYYPaHR0cDovL3Rlc3QvMTY4MBGGD2h0dHA6 +Ly90ZXN0LzE2OTARhg9odHRwOi8vdGVzdC8xNzAwEYYPaHR0cDovL3Rlc3QvMTcx +MBGGD2h0dHA6Ly90ZXN0LzE3MjARhg9odHRwOi8vdGVzdC8xNzMwEYYPaHR0cDov +L3Rlc3QvMTc0MBGGD2h0dHA6Ly90ZXN0LzE3NTARhg9odHRwOi8vdGVzdC8xNzYw +EYYPaHR0cDovL3Rlc3QvMTc3MBGGD2h0dHA6Ly90ZXN0LzE3ODARhg9odHRwOi8v +dGVzdC8xNzkwEYYPaHR0cDovL3Rlc3QvMTgwMBGGD2h0dHA6Ly90ZXN0LzE4MTAR +hg9odHRwOi8vdGVzdC8xODIwEYYPaHR0cDovL3Rlc3QvMTgzMBGGD2h0dHA6Ly90 +ZXN0LzE4NDARhg9odHRwOi8vdGVzdC8xODUwEYYPaHR0cDovL3Rlc3QvMTg2MBGG +D2h0dHA6Ly90ZXN0LzE4NzARhg9odHRwOi8vdGVzdC8xODgwEYYPaHR0cDovL3Rl +c3QvMTg5MBGGD2h0dHA6Ly90ZXN0LzE5MDARhg9odHRwOi8vdGVzdC8xOTEwEYYP +aHR0cDovL3Rlc3QvMTkyMBGGD2h0dHA6Ly90ZXN0LzE5MzARhg9odHRwOi8vdGVz +dC8xOTQwEYYPaHR0cDovL3Rlc3QvMTk1MBGGD2h0dHA6Ly90ZXN0LzE5NjARhg9o +dHRwOi8vdGVzdC8xOTcwEYYPaHR0cDovL3Rlc3QvMTk4MBGGD2h0dHA6Ly90ZXN0 +LzE5OTARhg9odHRwOi8vdGVzdC8yMDAwEYYPaHR0cDovL3Rlc3QvMjAxMBGGD2h0 +dHA6Ly90ZXN0LzIwMjARhg9odHRwOi8vdGVzdC8yMDMwEYYPaHR0cDovL3Rlc3Qv +MjA0MBGGD2h0dHA6Ly90ZXN0LzIwNTARhg9odHRwOi8vdGVzdC8yMDYwEYYPaHR0 +cDovL3Rlc3QvMjA3MBGGD2h0dHA6Ly90ZXN0LzIwODARhg9odHRwOi8vdGVzdC8y +MDkwEYYPaHR0cDovL3Rlc3QvMjEwMBGGD2h0dHA6Ly90ZXN0LzIxMTARhg9odHRw +Oi8vdGVzdC8yMTIwEYYPaHR0cDovL3Rlc3QvMjEzMBGGD2h0dHA6Ly90ZXN0LzIx +NDARhg9odHRwOi8vdGVzdC8yMTUwEYYPaHR0cDovL3Rlc3QvMjE2MBGGD2h0dHA6 +Ly90ZXN0LzIxNzARhg9odHRwOi8vdGVzdC8yMTgwEYYPaHR0cDovL3Rlc3QvMjE5 +MBGGD2h0dHA6Ly90ZXN0LzIyMDARhg9odHRwOi8vdGVzdC8yMjEwEYYPaHR0cDov +L3Rlc3QvMjIyMBGGD2h0dHA6Ly90ZXN0LzIyMzARhg9odHRwOi8vdGVzdC8yMjQw +EYYPaHR0cDovL3Rlc3QvMjI1MBGGD2h0dHA6Ly90ZXN0LzIyNjARhg9odHRwOi8v +dGVzdC8yMjcwEYYPaHR0cDovL3Rlc3QvMjI4MBGGD2h0dHA6Ly90ZXN0LzIyOTAR +hg9odHRwOi8vdGVzdC8yMzAwEYYPaHR0cDovL3Rlc3QvMjMxMBGGD2h0dHA6Ly90 +ZXN0LzIzMjARhg9odHRwOi8vdGVzdC8yMzMwEYYPaHR0cDovL3Rlc3QvMjM0MBGG +D2h0dHA6Ly90ZXN0LzIzNTARhg9odHRwOi8vdGVzdC8yMzYwEYYPaHR0cDovL3Rl +c3QvMjM3MBGGD2h0dHA6Ly90ZXN0LzIzODARhg9odHRwOi8vdGVzdC8yMzkwEYYP +aHR0cDovL3Rlc3QvMjQwMBGGD2h0dHA6Ly90ZXN0LzI0MTARhg9odHRwOi8vdGVz +dC8yNDIwEYYPaHR0cDovL3Rlc3QvMjQzMBGGD2h0dHA6Ly90ZXN0LzI0NDARhg9o +dHRwOi8vdGVzdC8yNDUwEYYPaHR0cDovL3Rlc3QvMjQ2MBGGD2h0dHA6Ly90ZXN0 +LzI0NzARhg9odHRwOi8vdGVzdC8yNDgwEYYPaHR0cDovL3Rlc3QvMjQ5MBGGD2h0 +dHA6Ly90ZXN0LzI1MDARhg9odHRwOi8vdGVzdC8yNTEwEYYPaHR0cDovL3Rlc3Qv +MjUyMBGGD2h0dHA6Ly90ZXN0LzI1MzARhg9odHRwOi8vdGVzdC8yNTQwEYYPaHR0 +cDovL3Rlc3QvMjU1MBGGD2h0dHA6Ly90ZXN0LzI1NjARhg9odHRwOi8vdGVzdC8y +NTcwEYYPaHR0cDovL3Rlc3QvMjU4MBGGD2h0dHA6Ly90ZXN0LzI1OTARhg9odHRw +Oi8vdGVzdC8yNjAwEYYPaHR0cDovL3Rlc3QvMjYxMBGGD2h0dHA6Ly90ZXN0LzI2 +MjARhg9odHRwOi8vdGVzdC8yNjMwEYYPaHR0cDovL3Rlc3QvMjY0MBGGD2h0dHA6 +Ly90ZXN0LzI2NTARhg9odHRwOi8vdGVzdC8yNjYwEYYPaHR0cDovL3Rlc3QvMjY3 +MBGGD2h0dHA6Ly90ZXN0LzI2ODARhg9odHRwOi8vdGVzdC8yNjkwEYYPaHR0cDov +L3Rlc3QvMjcwMBGGD2h0dHA6Ly90ZXN0LzI3MTARhg9odHRwOi8vdGVzdC8yNzIw +EYYPaHR0cDovL3Rlc3QvMjczMBGGD2h0dHA6Ly90ZXN0LzI3NDARhg9odHRwOi8v +dGVzdC8yNzUwEYYPaHR0cDovL3Rlc3QvMjc2MBGGD2h0dHA6Ly90ZXN0LzI3NzAR +hg9odHRwOi8vdGVzdC8yNzgwEYYPaHR0cDovL3Rlc3QvMjc5MBGGD2h0dHA6Ly90 +ZXN0LzI4MDARhg9odHRwOi8vdGVzdC8yODEwEYYPaHR0cDovL3Rlc3QvMjgyMBGG +D2h0dHA6Ly90ZXN0LzI4MzARhg9odHRwOi8vdGVzdC8yODQwEYYPaHR0cDovL3Rl +c3QvMjg1MBGGD2h0dHA6Ly90ZXN0LzI4NjARhg9odHRwOi8vdGVzdC8yODcwEYYP +aHR0cDovL3Rlc3QvMjg4MBGGD2h0dHA6Ly90ZXN0LzI4OTARhg9odHRwOi8vdGVz +dC8yOTAwEYYPaHR0cDovL3Rlc3QvMjkxMBGGD2h0dHA6Ly90ZXN0LzI5MjARhg9o +dHRwOi8vdGVzdC8yOTMwEYYPaHR0cDovL3Rlc3QvMjk0MBGGD2h0dHA6Ly90ZXN0 +LzI5NTARhg9odHRwOi8vdGVzdC8yOTYwEYYPaHR0cDovL3Rlc3QvMjk3MBGGD2h0 +dHA6Ly90ZXN0LzI5ODARhg9odHRwOi8vdGVzdC8yOTkwEYYPaHR0cDovL3Rlc3Qv +MzAwMBGGD2h0dHA6Ly90ZXN0LzMwMTARhg9odHRwOi8vdGVzdC8zMDIwEYYPaHR0 +cDovL3Rlc3QvMzAzMBGGD2h0dHA6Ly90ZXN0LzMwNDARhg9odHRwOi8vdGVzdC8z +MDUwEYYPaHR0cDovL3Rlc3QvMzA2MBGGD2h0dHA6Ly90ZXN0LzMwNzARhg9odHRw +Oi8vdGVzdC8zMDgwEYYPaHR0cDovL3Rlc3QvMzA5MBGGD2h0dHA6Ly90ZXN0LzMx +MDARhg9odHRwOi8vdGVzdC8zMTEwEYYPaHR0cDovL3Rlc3QvMzEyMBGGD2h0dHA6 +Ly90ZXN0LzMxMzARhg9odHRwOi8vdGVzdC8zMTQwEYYPaHR0cDovL3Rlc3QvMzE1 +MBGGD2h0dHA6Ly90ZXN0LzMxNjARhg9odHRwOi8vdGVzdC8zMTcwEYYPaHR0cDov +L3Rlc3QvMzE4MBGGD2h0dHA6Ly90ZXN0LzMxOTARhg9odHRwOi8vdGVzdC8zMjAw +EYYPaHR0cDovL3Rlc3QvMzIxMBGGD2h0dHA6Ly90ZXN0LzMyMjARhg9odHRwOi8v +dGVzdC8zMjMwEYYPaHR0cDovL3Rlc3QvMzI0MBGGD2h0dHA6Ly90ZXN0LzMyNTAR +hg9odHRwOi8vdGVzdC8zMjYwEYYPaHR0cDovL3Rlc3QvMzI3MBGGD2h0dHA6Ly90 +ZXN0LzMyODARhg9odHRwOi8vdGVzdC8zMjkwEYYPaHR0cDovL3Rlc3QvMzMwMBGG +D2h0dHA6Ly90ZXN0LzMzMTARhg9odHRwOi8vdGVzdC8zMzIwEYYPaHR0cDovL3Rl +c3QvMzMzMBGGD2h0dHA6Ly90ZXN0LzMzNDARhg9odHRwOi8vdGVzdC8zMzUwEYYP +aHR0cDovL3Rlc3QvMzM2MBGGD2h0dHA6Ly90ZXN0LzMzNzARhg9odHRwOi8vdGVz +dC8zMzgwEYYPaHR0cDovL3Rlc3QvMzM5MBGGD2h0dHA6Ly90ZXN0LzM0MDARhg9o +dHRwOi8vdGVzdC8zNDEwEYYPaHR0cDovL3Rlc3QvMzQyMBGGD2h0dHA6Ly90ZXN0 +LzM0MzARhg9odHRwOi8vdGVzdC8zNDQwEYYPaHR0cDovL3Rlc3QvMzQ1MBGGD2h0 +dHA6Ly90ZXN0LzM0NjARhg9odHRwOi8vdGVzdC8zNDcwEYYPaHR0cDovL3Rlc3Qv +MzQ4MBGGD2h0dHA6Ly90ZXN0LzM0OTARhg9odHRwOi8vdGVzdC8zNTAwEYYPaHR0 +cDovL3Rlc3QvMzUxMBGGD2h0dHA6Ly90ZXN0LzM1MjARhg9odHRwOi8vdGVzdC8z +NTMwEYYPaHR0cDovL3Rlc3QvMzU0MBGGD2h0dHA6Ly90ZXN0LzM1NTARhg9odHRw +Oi8vdGVzdC8zNTYwEYYPaHR0cDovL3Rlc3QvMzU3MBGGD2h0dHA6Ly90ZXN0LzM1 +ODARhg9odHRwOi8vdGVzdC8zNTkwEYYPaHR0cDovL3Rlc3QvMzYwMBGGD2h0dHA6 +Ly90ZXN0LzM2MTARhg9odHRwOi8vdGVzdC8zNjIwEYYPaHR0cDovL3Rlc3QvMzYz +MBGGD2h0dHA6Ly90ZXN0LzM2NDARhg9odHRwOi8vdGVzdC8zNjUwEYYPaHR0cDov +L3Rlc3QvMzY2MBGGD2h0dHA6Ly90ZXN0LzM2NzARhg9odHRwOi8vdGVzdC8zNjgw +EYYPaHR0cDovL3Rlc3QvMzY5MBGGD2h0dHA6Ly90ZXN0LzM3MDARhg9odHRwOi8v +dGVzdC8zNzEwEYYPaHR0cDovL3Rlc3QvMzcyMBGGD2h0dHA6Ly90ZXN0LzM3MzAR +hg9odHRwOi8vdGVzdC8zNzQwEYYPaHR0cDovL3Rlc3QvMzc1MBGGD2h0dHA6Ly90 +ZXN0LzM3NjARhg9odHRwOi8vdGVzdC8zNzcwEYYPaHR0cDovL3Rlc3QvMzc4MBGG +D2h0dHA6Ly90ZXN0LzM3OTARhg9odHRwOi8vdGVzdC8zODAwEYYPaHR0cDovL3Rl +c3QvMzgxMBGGD2h0dHA6Ly90ZXN0LzM4MjARhg9odHRwOi8vdGVzdC8zODMwEYYP +aHR0cDovL3Rlc3QvMzg0MBGGD2h0dHA6Ly90ZXN0LzM4NTARhg9odHRwOi8vdGVz +dC8zODYwEYYPaHR0cDovL3Rlc3QvMzg3MBGGD2h0dHA6Ly90ZXN0LzM4ODARhg9o +dHRwOi8vdGVzdC8zODkwEYYPaHR0cDovL3Rlc3QvMzkwMBGGD2h0dHA6Ly90ZXN0 +LzM5MTARhg9odHRwOi8vdGVzdC8zOTIwEYYPaHR0cDovL3Rlc3QvMzkzMBGGD2h0 +dHA6Ly90ZXN0LzM5NDARhg9odHRwOi8vdGVzdC8zOTUwEYYPaHR0cDovL3Rlc3Qv +Mzk2MBGGD2h0dHA6Ly90ZXN0LzM5NzARhg9odHRwOi8vdGVzdC8zOTgwEYYPaHR0 +cDovL3Rlc3QvMzk5MBGGD2h0dHA6Ly90ZXN0LzQwMDARhg9odHRwOi8vdGVzdC80 +MDEwEYYPaHR0cDovL3Rlc3QvNDAyMBGGD2h0dHA6Ly90ZXN0LzQwMzARhg9odHRw +Oi8vdGVzdC80MDQwEYYPaHR0cDovL3Rlc3QvNDA1MBGGD2h0dHA6Ly90ZXN0LzQw +NjARhg9odHRwOi8vdGVzdC80MDcwEYYPaHR0cDovL3Rlc3QvNDA4MBGGD2h0dHA6 +Ly90ZXN0LzQwOTARhg9odHRwOi8vdGVzdC80MTAwEYYPaHR0cDovL3Rlc3QvNDEx +MBGGD2h0dHA6Ly90ZXN0LzQxMjARhg9odHRwOi8vdGVzdC80MTMwEYYPaHR0cDov +L3Rlc3QvNDE0MBGGD2h0dHA6Ly90ZXN0LzQxNTARhg9odHRwOi8vdGVzdC80MTYw +EYYPaHR0cDovL3Rlc3QvNDE3MBGGD2h0dHA6Ly90ZXN0LzQxODARhg9odHRwOi8v +dGVzdC80MTkwEYYPaHR0cDovL3Rlc3QvNDIwMBGGD2h0dHA6Ly90ZXN0LzQyMTAR +hg9odHRwOi8vdGVzdC80MjIwEYYPaHR0cDovL3Rlc3QvNDIzMBGGD2h0dHA6Ly90 +ZXN0LzQyNDARhg9odHRwOi8vdGVzdC80MjUwEYYPaHR0cDovL3Rlc3QvNDI2MBGG +D2h0dHA6Ly90ZXN0LzQyNzARhg9odHRwOi8vdGVzdC80MjgwEYYPaHR0cDovL3Rl +c3QvNDI5MBGGD2h0dHA6Ly90ZXN0LzQzMDARhg9odHRwOi8vdGVzdC80MzEwEYYP +aHR0cDovL3Rlc3QvNDMyMBGGD2h0dHA6Ly90ZXN0LzQzMzARhg9odHRwOi8vdGVz +dC80MzQwEYYPaHR0cDovL3Rlc3QvNDM1MBGGD2h0dHA6Ly90ZXN0LzQzNjARhg9o +dHRwOi8vdGVzdC80MzcwEYYPaHR0cDovL3Rlc3QvNDM4MBGGD2h0dHA6Ly90ZXN0 +LzQzOTARhg9odHRwOi8vdGVzdC80NDAwEYYPaHR0cDovL3Rlc3QvNDQxMBGGD2h0 +dHA6Ly90ZXN0LzQ0MjARhg9odHRwOi8vdGVzdC80NDMwEYYPaHR0cDovL3Rlc3Qv +NDQ0MBGGD2h0dHA6Ly90ZXN0LzQ0NTARhg9odHRwOi8vdGVzdC80NDYwEYYPaHR0 +cDovL3Rlc3QvNDQ3MBGGD2h0dHA6Ly90ZXN0LzQ0ODARhg9odHRwOi8vdGVzdC80 +NDkwEYYPaHR0cDovL3Rlc3QvNDUwMBGGD2h0dHA6Ly90ZXN0LzQ1MTARhg9odHRw +Oi8vdGVzdC80NTIwEYYPaHR0cDovL3Rlc3QvNDUzMBGGD2h0dHA6Ly90ZXN0LzQ1 +NDARhg9odHRwOi8vdGVzdC80NTUwEYYPaHR0cDovL3Rlc3QvNDU2MBGGD2h0dHA6 +Ly90ZXN0LzQ1NzARhg9odHRwOi8vdGVzdC80NTgwEYYPaHR0cDovL3Rlc3QvNDU5 +MBGGD2h0dHA6Ly90ZXN0LzQ2MDARhg9odHRwOi8vdGVzdC80NjEwEYYPaHR0cDov +L3Rlc3QvNDYyMBGGD2h0dHA6Ly90ZXN0LzQ2MzARhg9odHRwOi8vdGVzdC80NjQw +EYYPaHR0cDovL3Rlc3QvNDY1MBGGD2h0dHA6Ly90ZXN0LzQ2NjARhg9odHRwOi8v +dGVzdC80NjcwEYYPaHR0cDovL3Rlc3QvNDY4MBGGD2h0dHA6Ly90ZXN0LzQ2OTAR +hg9odHRwOi8vdGVzdC80NzAwEYYPaHR0cDovL3Rlc3QvNDcxMBGGD2h0dHA6Ly90 +ZXN0LzQ3MjARhg9odHRwOi8vdGVzdC80NzMwEYYPaHR0cDovL3Rlc3QvNDc0MBGG +D2h0dHA6Ly90ZXN0LzQ3NTARhg9odHRwOi8vdGVzdC80NzYwEYYPaHR0cDovL3Rl +c3QvNDc3MBGGD2h0dHA6Ly90ZXN0LzQ3ODARhg9odHRwOi8vdGVzdC80NzkwEYYP +aHR0cDovL3Rlc3QvNDgwMBGGD2h0dHA6Ly90ZXN0LzQ4MTARhg9odHRwOi8vdGVz +dC80ODIwEYYPaHR0cDovL3Rlc3QvNDgzMBGGD2h0dHA6Ly90ZXN0LzQ4NDARhg9o +dHRwOi8vdGVzdC80ODUwEYYPaHR0cDovL3Rlc3QvNDg2MBGGD2h0dHA6Ly90ZXN0 +LzQ4NzARhg9odHRwOi8vdGVzdC80ODgwEYYPaHR0cDovL3Rlc3QvNDg5MBGGD2h0 +dHA6Ly90ZXN0LzQ5MDARhg9odHRwOi8vdGVzdC80OTEwEYYPaHR0cDovL3Rlc3Qv +NDkyMBGGD2h0dHA6Ly90ZXN0LzQ5MzARhg9odHRwOi8vdGVzdC80OTQwEYYPaHR0 +cDovL3Rlc3QvNDk1MBGGD2h0dHA6Ly90ZXN0LzQ5NjARhg9odHRwOi8vdGVzdC80 +OTcwEYYPaHR0cDovL3Rlc3QvNDk4MBGGD2h0dHA6Ly90ZXN0LzQ5OTARhg9odHRw +Oi8vdGVzdC81MDAwEYYPaHR0cDovL3Rlc3QvNTAxMBGGD2h0dHA6Ly90ZXN0LzUw +MjARhg9odHRwOi8vdGVzdC81MDMwEYYPaHR0cDovL3Rlc3QvNTA0MBGGD2h0dHA6 +Ly90ZXN0LzUwNTARhg9odHRwOi8vdGVzdC81MDYwEYYPaHR0cDovL3Rlc3QvNTA3 +MBGGD2h0dHA6Ly90ZXN0LzUwODARhg9odHRwOi8vdGVzdC81MDkwEYYPaHR0cDov +L3Rlc3QvNTEwMBGGD2h0dHA6Ly90ZXN0LzUxMTARhg9odHRwOi8vdGVzdC81MTIw +EYYPaHR0cDovL3Rlc3QvNTEzMBGGD2h0dHA6Ly90ZXN0LzUxNDARhg9odHRwOi8v +dGVzdC81MTUwEYYPaHR0cDovL3Rlc3QvNTE2MBGGD2h0dHA6Ly90ZXN0LzUxNzAR +hg9odHRwOi8vdGVzdC81MTgwEYYPaHR0cDovL3Rlc3QvNTE5MBGGD2h0dHA6Ly90 +ZXN0LzUyMDARhg9odHRwOi8vdGVzdC81MjEwEYYPaHR0cDovL3Rlc3QvNTIyMBGG +D2h0dHA6Ly90ZXN0LzUyMzARhg9odHRwOi8vdGVzdC81MjQwEYYPaHR0cDovL3Rl +c3QvNTI1MBGGD2h0dHA6Ly90ZXN0LzUyNjARhg9odHRwOi8vdGVzdC81MjcwEYYP +aHR0cDovL3Rlc3QvNTI4MBGGD2h0dHA6Ly90ZXN0LzUyOTARhg9odHRwOi8vdGVz +dC81MzAwEYYPaHR0cDovL3Rlc3QvNTMxMBGGD2h0dHA6Ly90ZXN0LzUzMjARhg9o +dHRwOi8vdGVzdC81MzMwEYYPaHR0cDovL3Rlc3QvNTM0MBGGD2h0dHA6Ly90ZXN0 +LzUzNTARhg9odHRwOi8vdGVzdC81MzYwEYYPaHR0cDovL3Rlc3QvNTM3MBGGD2h0 +dHA6Ly90ZXN0LzUzODARhg9odHRwOi8vdGVzdC81MzkwEYYPaHR0cDovL3Rlc3Qv +NTQwMBGGD2h0dHA6Ly90ZXN0LzU0MTARhg9odHRwOi8vdGVzdC81NDIwEYYPaHR0 +cDovL3Rlc3QvNTQzMBGGD2h0dHA6Ly90ZXN0LzU0NDARhg9odHRwOi8vdGVzdC81 +NDUwEYYPaHR0cDovL3Rlc3QvNTQ2MBGGD2h0dHA6Ly90ZXN0LzU0NzARhg9odHRw +Oi8vdGVzdC81NDgwEYYPaHR0cDovL3Rlc3QvNTQ5MBGGD2h0dHA6Ly90ZXN0LzU1 +MDARhg9odHRwOi8vdGVzdC81NTEwEYYPaHR0cDovL3Rlc3QvNTUyMBGGD2h0dHA6 +Ly90ZXN0LzU1MzARhg9odHRwOi8vdGVzdC81NTQwEYYPaHR0cDovL3Rlc3QvNTU1 +MBGGD2h0dHA6Ly90ZXN0LzU1NjARhg9odHRwOi8vdGVzdC81NTcwEYYPaHR0cDov +L3Rlc3QvNTU4MBGGD2h0dHA6Ly90ZXN0LzU1OTARhg9odHRwOi8vdGVzdC81NjAw +EYYPaHR0cDovL3Rlc3QvNTYxMBGGD2h0dHA6Ly90ZXN0LzU2MjARhg9odHRwOi8v +dGVzdC81NjMwEYYPaHR0cDovL3Rlc3QvNTY0MBGGD2h0dHA6Ly90ZXN0LzU2NTAR +hg9odHRwOi8vdGVzdC81NjYwEYYPaHR0cDovL3Rlc3QvNTY3MBGGD2h0dHA6Ly90 +ZXN0LzU2ODARhg9odHRwOi8vdGVzdC81NjkwEYYPaHR0cDovL3Rlc3QvNTcwMBGG +D2h0dHA6Ly90ZXN0LzU3MTARhg9odHRwOi8vdGVzdC81NzIwEYYPaHR0cDovL3Rl +c3QvNTczMBGGD2h0dHA6Ly90ZXN0LzU3NDARhg9odHRwOi8vdGVzdC81NzUwEYYP +aHR0cDovL3Rlc3QvNTc2MBGGD2h0dHA6Ly90ZXN0LzU3NzARhg9odHRwOi8vdGVz +dC81NzgwEYYPaHR0cDovL3Rlc3QvNTc5MBGGD2h0dHA6Ly90ZXN0LzU4MDARhg9o +dHRwOi8vdGVzdC81ODEwEYYPaHR0cDovL3Rlc3QvNTgyMBGGD2h0dHA6Ly90ZXN0 +LzU4MzARhg9odHRwOi8vdGVzdC81ODQwEYYPaHR0cDovL3Rlc3QvNTg1MBGGD2h0 +dHA6Ly90ZXN0LzU4NjARhg9odHRwOi8vdGVzdC81ODcwEYYPaHR0cDovL3Rlc3Qv +NTg4MBGGD2h0dHA6Ly90ZXN0LzU4OTARhg9odHRwOi8vdGVzdC81OTAwEYYPaHR0 +cDovL3Rlc3QvNTkxMBGGD2h0dHA6Ly90ZXN0LzU5MjARhg9odHRwOi8vdGVzdC81 +OTMwEYYPaHR0cDovL3Rlc3QvNTk0MBGGD2h0dHA6Ly90ZXN0LzU5NTARhg9odHRw +Oi8vdGVzdC81OTYwEYYPaHR0cDovL3Rlc3QvNTk3MBGGD2h0dHA6Ly90ZXN0LzU5 +ODARhg9odHRwOi8vdGVzdC81OTkwEYYPaHR0cDovL3Rlc3QvNjAwMBGGD2h0dHA6 +Ly90ZXN0LzYwMTARhg9odHRwOi8vdGVzdC82MDIwEYYPaHR0cDovL3Rlc3QvNjAz +MBGGD2h0dHA6Ly90ZXN0LzYwNDARhg9odHRwOi8vdGVzdC82MDUwEYYPaHR0cDov +L3Rlc3QvNjA2MBGGD2h0dHA6Ly90ZXN0LzYwNzARhg9odHRwOi8vdGVzdC82MDgw +EYYPaHR0cDovL3Rlc3QvNjA5MBGGD2h0dHA6Ly90ZXN0LzYxMDARhg9odHRwOi8v +dGVzdC82MTEwEYYPaHR0cDovL3Rlc3QvNjEyMBGGD2h0dHA6Ly90ZXN0LzYxMzAR +hg9odHRwOi8vdGVzdC82MTQwEYYPaHR0cDovL3Rlc3QvNjE1MBGGD2h0dHA6Ly90 +ZXN0LzYxNjARhg9odHRwOi8vdGVzdC82MTcwEYYPaHR0cDovL3Rlc3QvNjE4MBGG +D2h0dHA6Ly90ZXN0LzYxOTARhg9odHRwOi8vdGVzdC82MjAwEYYPaHR0cDovL3Rl +c3QvNjIxMBGGD2h0dHA6Ly90ZXN0LzYyMjARhg9odHRwOi8vdGVzdC82MjMwEYYP +aHR0cDovL3Rlc3QvNjI0MBGGD2h0dHA6Ly90ZXN0LzYyNTARhg9odHRwOi8vdGVz +dC82MjYwEYYPaHR0cDovL3Rlc3QvNjI3MBGGD2h0dHA6Ly90ZXN0LzYyODARhg9o +dHRwOi8vdGVzdC82MjkwEYYPaHR0cDovL3Rlc3QvNjMwMBGGD2h0dHA6Ly90ZXN0 +LzYzMTARhg9odHRwOi8vdGVzdC82MzIwEYYPaHR0cDovL3Rlc3QvNjMzMBGGD2h0 +dHA6Ly90ZXN0LzYzNDARhg9odHRwOi8vdGVzdC82MzUwEYYPaHR0cDovL3Rlc3Qv +NjM2MBGGD2h0dHA6Ly90ZXN0LzYzNzARhg9odHRwOi8vdGVzdC82MzgwEYYPaHR0 +cDovL3Rlc3QvNjM5MBGGD2h0dHA6Ly90ZXN0LzY0MDARhg9odHRwOi8vdGVzdC82 +NDEwEYYPaHR0cDovL3Rlc3QvNjQyMBGGD2h0dHA6Ly90ZXN0LzY0MzARhg9odHRw +Oi8vdGVzdC82NDQwEYYPaHR0cDovL3Rlc3QvNjQ1MBGGD2h0dHA6Ly90ZXN0LzY0 +NjARhg9odHRwOi8vdGVzdC82NDcwEYYPaHR0cDovL3Rlc3QvNjQ4MBGGD2h0dHA6 +Ly90ZXN0LzY0OTARhg9odHRwOi8vdGVzdC82NTAwEYYPaHR0cDovL3Rlc3QvNjUx +MBGGD2h0dHA6Ly90ZXN0LzY1MjARhg9odHRwOi8vdGVzdC82NTMwEYYPaHR0cDov +L3Rlc3QvNjU0MBGGD2h0dHA6Ly90ZXN0LzY1NTARhg9odHRwOi8vdGVzdC82NTYw +EYYPaHR0cDovL3Rlc3QvNjU3MBGGD2h0dHA6Ly90ZXN0LzY1ODARhg9odHRwOi8v +dGVzdC82NTkwEYYPaHR0cDovL3Rlc3QvNjYwMBGGD2h0dHA6Ly90ZXN0LzY2MTAR +hg9odHRwOi8vdGVzdC82NjIwEYYPaHR0cDovL3Rlc3QvNjYzMBGGD2h0dHA6Ly90 +ZXN0LzY2NDARhg9odHRwOi8vdGVzdC82NjUwEYYPaHR0cDovL3Rlc3QvNjY2MBGG +D2h0dHA6Ly90ZXN0LzY2NzARhg9odHRwOi8vdGVzdC82NjgwEYYPaHR0cDovL3Rl +c3QvNjY5MBGGD2h0dHA6Ly90ZXN0LzY3MDARhg9odHRwOi8vdGVzdC82NzEwEYYP +aHR0cDovL3Rlc3QvNjcyMBGGD2h0dHA6Ly90ZXN0LzY3MzARhg9odHRwOi8vdGVz +dC82NzQwEYYPaHR0cDovL3Rlc3QvNjc1MBGGD2h0dHA6Ly90ZXN0LzY3NjARhg9o +dHRwOi8vdGVzdC82NzcwEYYPaHR0cDovL3Rlc3QvNjc4MBGGD2h0dHA6Ly90ZXN0 +LzY3OTARhg9odHRwOi8vdGVzdC82ODAwEYYPaHR0cDovL3Rlc3QvNjgxMBGGD2h0 +dHA6Ly90ZXN0LzY4MjARhg9odHRwOi8vdGVzdC82ODMwEYYPaHR0cDovL3Rlc3Qv +Njg0MBGGD2h0dHA6Ly90ZXN0LzY4NTARhg9odHRwOi8vdGVzdC82ODYwEYYPaHR0 +cDovL3Rlc3QvNjg3MBGGD2h0dHA6Ly90ZXN0LzY4ODARhg9odHRwOi8vdGVzdC82 +ODkwEYYPaHR0cDovL3Rlc3QvNjkwMBGGD2h0dHA6Ly90ZXN0LzY5MTARhg9odHRw +Oi8vdGVzdC82OTIwEYYPaHR0cDovL3Rlc3QvNjkzMBGGD2h0dHA6Ly90ZXN0LzY5 +NDARhg9odHRwOi8vdGVzdC82OTUwEYYPaHR0cDovL3Rlc3QvNjk2MBGGD2h0dHA6 +Ly90ZXN0LzY5NzARhg9odHRwOi8vdGVzdC82OTgwEYYPaHR0cDovL3Rlc3QvNjk5 +MBGGD2h0dHA6Ly90ZXN0LzcwMDARhg9odHRwOi8vdGVzdC83MDEwEYYPaHR0cDov +L3Rlc3QvNzAyMBGGD2h0dHA6Ly90ZXN0LzcwMzARhg9odHRwOi8vdGVzdC83MDQw +EYYPaHR0cDovL3Rlc3QvNzA1MBGGD2h0dHA6Ly90ZXN0LzcwNjARhg9odHRwOi8v +dGVzdC83MDcwEYYPaHR0cDovL3Rlc3QvNzA4MBGGD2h0dHA6Ly90ZXN0LzcwOTAR +hg9odHRwOi8vdGVzdC83MTAwEYYPaHR0cDovL3Rlc3QvNzExMBGGD2h0dHA6Ly90 +ZXN0LzcxMjARhg9odHRwOi8vdGVzdC83MTMwEYYPaHR0cDovL3Rlc3QvNzE0MBGG +D2h0dHA6Ly90ZXN0LzcxNTARhg9odHRwOi8vdGVzdC83MTYwEYYPaHR0cDovL3Rl +c3QvNzE3MBGGD2h0dHA6Ly90ZXN0LzcxODARhg9odHRwOi8vdGVzdC83MTkwEYYP +aHR0cDovL3Rlc3QvNzIwMBGGD2h0dHA6Ly90ZXN0LzcyMTARhg9odHRwOi8vdGVz +dC83MjIwEYYPaHR0cDovL3Rlc3QvNzIzMBGGD2h0dHA6Ly90ZXN0LzcyNDARhg9o +dHRwOi8vdGVzdC83MjUwEYYPaHR0cDovL3Rlc3QvNzI2MBGGD2h0dHA6Ly90ZXN0 +LzcyNzARhg9odHRwOi8vdGVzdC83MjgwEYYPaHR0cDovL3Rlc3QvNzI5MBGGD2h0 +dHA6Ly90ZXN0LzczMDARhg9odHRwOi8vdGVzdC83MzEwEYYPaHR0cDovL3Rlc3Qv +NzMyMBGGD2h0dHA6Ly90ZXN0LzczMzARhg9odHRwOi8vdGVzdC83MzQwEYYPaHR0 +cDovL3Rlc3QvNzM1MBGGD2h0dHA6Ly90ZXN0LzczNjARhg9odHRwOi8vdGVzdC83 +MzcwEYYPaHR0cDovL3Rlc3QvNzM4MBGGD2h0dHA6Ly90ZXN0LzczOTARhg9odHRw +Oi8vdGVzdC83NDAwEYYPaHR0cDovL3Rlc3QvNzQxMBGGD2h0dHA6Ly90ZXN0Lzc0 +MjARhg9odHRwOi8vdGVzdC83NDMwEYYPaHR0cDovL3Rlc3QvNzQ0MBGGD2h0dHA6 +Ly90ZXN0Lzc0NTARhg9odHRwOi8vdGVzdC83NDYwEYYPaHR0cDovL3Rlc3QvNzQ3 +MBGGD2h0dHA6Ly90ZXN0Lzc0ODARhg9odHRwOi8vdGVzdC83NDkwEYYPaHR0cDov +L3Rlc3QvNzUwMBGGD2h0dHA6Ly90ZXN0Lzc1MTARhg9odHRwOi8vdGVzdC83NTIw +EYYPaHR0cDovL3Rlc3QvNzUzMBGGD2h0dHA6Ly90ZXN0Lzc1NDARhg9odHRwOi8v +dGVzdC83NTUwEYYPaHR0cDovL3Rlc3QvNzU2MBGGD2h0dHA6Ly90ZXN0Lzc1NzAR +hg9odHRwOi8vdGVzdC83NTgwEYYPaHR0cDovL3Rlc3QvNzU5MBGGD2h0dHA6Ly90 +ZXN0Lzc2MDARhg9odHRwOi8vdGVzdC83NjEwEYYPaHR0cDovL3Rlc3QvNzYyMBGG +D2h0dHA6Ly90ZXN0Lzc2MzARhg9odHRwOi8vdGVzdC83NjQwEYYPaHR0cDovL3Rl +c3QvNzY1MBGGD2h0dHA6Ly90ZXN0Lzc2NjARhg9odHRwOi8vdGVzdC83NjcwEYYP +aHR0cDovL3Rlc3QvNzY4MBGGD2h0dHA6Ly90ZXN0Lzc2OTARhg9odHRwOi8vdGVz +dC83NzAwEYYPaHR0cDovL3Rlc3QvNzcxMBGGD2h0dHA6Ly90ZXN0Lzc3MjARhg9o +dHRwOi8vdGVzdC83NzMwEYYPaHR0cDovL3Rlc3QvNzc0MBGGD2h0dHA6Ly90ZXN0 +Lzc3NTARhg9odHRwOi8vdGVzdC83NzYwEYYPaHR0cDovL3Rlc3QvNzc3MBGGD2h0 +dHA6Ly90ZXN0Lzc3ODARhg9odHRwOi8vdGVzdC83NzkwEYYPaHR0cDovL3Rlc3Qv +NzgwMBGGD2h0dHA6Ly90ZXN0Lzc4MTARhg9odHRwOi8vdGVzdC83ODIwEYYPaHR0 +cDovL3Rlc3QvNzgzMBGGD2h0dHA6Ly90ZXN0Lzc4NDARhg9odHRwOi8vdGVzdC83 +ODUwEYYPaHR0cDovL3Rlc3QvNzg2MBGGD2h0dHA6Ly90ZXN0Lzc4NzARhg9odHRw +Oi8vdGVzdC83ODgwEYYPaHR0cDovL3Rlc3QvNzg5MBGGD2h0dHA6Ly90ZXN0Lzc5 +MDARhg9odHRwOi8vdGVzdC83OTEwEYYPaHR0cDovL3Rlc3QvNzkyMBGGD2h0dHA6 +Ly90ZXN0Lzc5MzARhg9odHRwOi8vdGVzdC83OTQwEYYPaHR0cDovL3Rlc3QvNzk1 +MBGGD2h0dHA6Ly90ZXN0Lzc5NjARhg9odHRwOi8vdGVzdC83OTcwEYYPaHR0cDov +L3Rlc3QvNzk4MBGGD2h0dHA6Ly90ZXN0Lzc5OTARhg9odHRwOi8vdGVzdC84MDAw +EYYPaHR0cDovL3Rlc3QvODAxMBGGD2h0dHA6Ly90ZXN0LzgwMjARhg9odHRwOi8v +dGVzdC84MDMwEYYPaHR0cDovL3Rlc3QvODA0MBGGD2h0dHA6Ly90ZXN0LzgwNTAR +hg9odHRwOi8vdGVzdC84MDYwEYYPaHR0cDovL3Rlc3QvODA3MBGGD2h0dHA6Ly90 +ZXN0LzgwODARhg9odHRwOi8vdGVzdC84MDkwEYYPaHR0cDovL3Rlc3QvODEwMBGG +D2h0dHA6Ly90ZXN0LzgxMTARhg9odHRwOi8vdGVzdC84MTIwEYYPaHR0cDovL3Rl +c3QvODEzMBGGD2h0dHA6Ly90ZXN0LzgxNDARhg9odHRwOi8vdGVzdC84MTUwEYYP +aHR0cDovL3Rlc3QvODE2MBGGD2h0dHA6Ly90ZXN0LzgxNzARhg9odHRwOi8vdGVz +dC84MTgwEYYPaHR0cDovL3Rlc3QvODE5MBGGD2h0dHA6Ly90ZXN0LzgyMDARhg9o +dHRwOi8vdGVzdC84MjEwEYYPaHR0cDovL3Rlc3QvODIyMBGGD2h0dHA6Ly90ZXN0 +LzgyMzARhg9odHRwOi8vdGVzdC84MjQwEYYPaHR0cDovL3Rlc3QvODI1MBGGD2h0 +dHA6Ly90ZXN0LzgyNjARhg9odHRwOi8vdGVzdC84MjcwEYYPaHR0cDovL3Rlc3Qv +ODI4MBGGD2h0dHA6Ly90ZXN0LzgyOTARhg9odHRwOi8vdGVzdC84MzAwEYYPaHR0 +cDovL3Rlc3QvODMxMBGGD2h0dHA6Ly90ZXN0LzgzMjARhg9odHRwOi8vdGVzdC84 +MzMwEYYPaHR0cDovL3Rlc3QvODM0MBGGD2h0dHA6Ly90ZXN0LzgzNTARhg9odHRw +Oi8vdGVzdC84MzYwEYYPaHR0cDovL3Rlc3QvODM3MBGGD2h0dHA6Ly90ZXN0Lzgz +ODARhg9odHRwOi8vdGVzdC84MzkwEYYPaHR0cDovL3Rlc3QvODQwMBGGD2h0dHA6 +Ly90ZXN0Lzg0MTARhg9odHRwOi8vdGVzdC84NDIwEYYPaHR0cDovL3Rlc3QvODQz +MBGGD2h0dHA6Ly90ZXN0Lzg0NDARhg9odHRwOi8vdGVzdC84NDUwEYYPaHR0cDov +L3Rlc3QvODQ2MBGGD2h0dHA6Ly90ZXN0Lzg0NzARhg9odHRwOi8vdGVzdC84NDgw +EYYPaHR0cDovL3Rlc3QvODQ5MBGGD2h0dHA6Ly90ZXN0Lzg1MDARhg9odHRwOi8v +dGVzdC84NTEwEYYPaHR0cDovL3Rlc3QvODUyMBGGD2h0dHA6Ly90ZXN0Lzg1MzAR +hg9odHRwOi8vdGVzdC84NTQwEYYPaHR0cDovL3Rlc3QvODU1MBGGD2h0dHA6Ly90 +ZXN0Lzg1NjARhg9odHRwOi8vdGVzdC84NTcwEYYPaHR0cDovL3Rlc3QvODU4MBGG +D2h0dHA6Ly90ZXN0Lzg1OTARhg9odHRwOi8vdGVzdC84NjAwEYYPaHR0cDovL3Rl +c3QvODYxMBGGD2h0dHA6Ly90ZXN0Lzg2MjARhg9odHRwOi8vdGVzdC84NjMwEYYP +aHR0cDovL3Rlc3QvODY0MBGGD2h0dHA6Ly90ZXN0Lzg2NTARhg9odHRwOi8vdGVz +dC84NjYwEYYPaHR0cDovL3Rlc3QvODY3MBGGD2h0dHA6Ly90ZXN0Lzg2ODARhg9o +dHRwOi8vdGVzdC84NjkwEYYPaHR0cDovL3Rlc3QvODcwMBGGD2h0dHA6Ly90ZXN0 +Lzg3MTARhg9odHRwOi8vdGVzdC84NzIwEYYPaHR0cDovL3Rlc3QvODczMBGGD2h0 +dHA6Ly90ZXN0Lzg3NDARhg9odHRwOi8vdGVzdC84NzUwEYYPaHR0cDovL3Rlc3Qv +ODc2MBGGD2h0dHA6Ly90ZXN0Lzg3NzARhg9odHRwOi8vdGVzdC84NzgwEYYPaHR0 +cDovL3Rlc3QvODc5MBGGD2h0dHA6Ly90ZXN0Lzg4MDARhg9odHRwOi8vdGVzdC84 +ODEwEYYPaHR0cDovL3Rlc3QvODgyMBGGD2h0dHA6Ly90ZXN0Lzg4MzARhg9odHRw +Oi8vdGVzdC84ODQwEYYPaHR0cDovL3Rlc3QvODg1MBGGD2h0dHA6Ly90ZXN0Lzg4 +NjARhg9odHRwOi8vdGVzdC84ODcwEYYPaHR0cDovL3Rlc3QvODg4MBGGD2h0dHA6 +Ly90ZXN0Lzg4OTARhg9odHRwOi8vdGVzdC84OTAwEYYPaHR0cDovL3Rlc3QvODkx +MBGGD2h0dHA6Ly90ZXN0Lzg5MjARhg9odHRwOi8vdGVzdC84OTMwEYYPaHR0cDov +L3Rlc3QvODk0MBGGD2h0dHA6Ly90ZXN0Lzg5NTARhg9odHRwOi8vdGVzdC84OTYw +EYYPaHR0cDovL3Rlc3QvODk3MBGGD2h0dHA6Ly90ZXN0Lzg5ODARhg9odHRwOi8v +dGVzdC84OTkwEYYPaHR0cDovL3Rlc3QvOTAwMBGGD2h0dHA6Ly90ZXN0LzkwMTAR +hg9odHRwOi8vdGVzdC85MDIwEYYPaHR0cDovL3Rlc3QvOTAzMBGGD2h0dHA6Ly90 +ZXN0LzkwNDARhg9odHRwOi8vdGVzdC85MDUwEYYPaHR0cDovL3Rlc3QvOTA2MBGG +D2h0dHA6Ly90ZXN0LzkwNzARhg9odHRwOi8vdGVzdC85MDgwEYYPaHR0cDovL3Rl +c3QvOTA5MBGGD2h0dHA6Ly90ZXN0LzkxMDARhg9odHRwOi8vdGVzdC85MTEwEYYP +aHR0cDovL3Rlc3QvOTEyMBGGD2h0dHA6Ly90ZXN0LzkxMzARhg9odHRwOi8vdGVz +dC85MTQwEYYPaHR0cDovL3Rlc3QvOTE1MBGGD2h0dHA6Ly90ZXN0LzkxNjARhg9o +dHRwOi8vdGVzdC85MTcwEYYPaHR0cDovL3Rlc3QvOTE4MBGGD2h0dHA6Ly90ZXN0 +LzkxOTARhg9odHRwOi8vdGVzdC85MjAwEYYPaHR0cDovL3Rlc3QvOTIxMBGGD2h0 +dHA6Ly90ZXN0LzkyMjARhg9odHRwOi8vdGVzdC85MjMwEYYPaHR0cDovL3Rlc3Qv +OTI0MBGGD2h0dHA6Ly90ZXN0LzkyNTARhg9odHRwOi8vdGVzdC85MjYwEYYPaHR0 +cDovL3Rlc3QvOTI3MBGGD2h0dHA6Ly90ZXN0LzkyODARhg9odHRwOi8vdGVzdC85 +MjkwEYYPaHR0cDovL3Rlc3QvOTMwMBGGD2h0dHA6Ly90ZXN0LzkzMTARhg9odHRw +Oi8vdGVzdC85MzIwEYYPaHR0cDovL3Rlc3QvOTMzMBGGD2h0dHA6Ly90ZXN0Lzkz +NDARhg9odHRwOi8vdGVzdC85MzUwEYYPaHR0cDovL3Rlc3QvOTM2MBGGD2h0dHA6 +Ly90ZXN0LzkzNzARhg9odHRwOi8vdGVzdC85MzgwEYYPaHR0cDovL3Rlc3QvOTM5 +MBGGD2h0dHA6Ly90ZXN0Lzk0MDARhg9odHRwOi8vdGVzdC85NDEwEYYPaHR0cDov +L3Rlc3QvOTQyMBGGD2h0dHA6Ly90ZXN0Lzk0MzARhg9odHRwOi8vdGVzdC85NDQw +EYYPaHR0cDovL3Rlc3QvOTQ1MBGGD2h0dHA6Ly90ZXN0Lzk0NjARhg9odHRwOi8v +dGVzdC85NDcwEYYPaHR0cDovL3Rlc3QvOTQ4MBGGD2h0dHA6Ly90ZXN0Lzk0OTAR +hg9odHRwOi8vdGVzdC85NTAwEYYPaHR0cDovL3Rlc3QvOTUxMBGGD2h0dHA6Ly90 +ZXN0Lzk1MjARhg9odHRwOi8vdGVzdC85NTMwEYYPaHR0cDovL3Rlc3QvOTU0MBGG +D2h0dHA6Ly90ZXN0Lzk1NTARhg9odHRwOi8vdGVzdC85NTYwEYYPaHR0cDovL3Rl +c3QvOTU3MBGGD2h0dHA6Ly90ZXN0Lzk1ODARhg9odHRwOi8vdGVzdC85NTkwEYYP +aHR0cDovL3Rlc3QvOTYwMBGGD2h0dHA6Ly90ZXN0Lzk2MTARhg9odHRwOi8vdGVz +dC85NjIwEYYPaHR0cDovL3Rlc3QvOTYzMBGGD2h0dHA6Ly90ZXN0Lzk2NDARhg9o +dHRwOi8vdGVzdC85NjUwEYYPaHR0cDovL3Rlc3QvOTY2MBGGD2h0dHA6Ly90ZXN0 +Lzk2NzARhg9odHRwOi8vdGVzdC85NjgwEYYPaHR0cDovL3Rlc3QvOTY5MBGGD2h0 +dHA6Ly90ZXN0Lzk3MDARhg9odHRwOi8vdGVzdC85NzEwEYYPaHR0cDovL3Rlc3Qv +OTcyMBGGD2h0dHA6Ly90ZXN0Lzk3MzARhg9odHRwOi8vdGVzdC85NzQwEYYPaHR0 +cDovL3Rlc3QvOTc1MBGGD2h0dHA6Ly90ZXN0Lzk3NjARhg9odHRwOi8vdGVzdC85 +NzcwEYYPaHR0cDovL3Rlc3QvOTc4MBGGD2h0dHA6Ly90ZXN0Lzk3OTARhg9odHRw +Oi8vdGVzdC85ODAwEYYPaHR0cDovL3Rlc3QvOTgxMBGGD2h0dHA6Ly90ZXN0Lzk4 +MjARhg9odHRwOi8vdGVzdC85ODMwEYYPaHR0cDovL3Rlc3QvOTg0MBGGD2h0dHA6 +Ly90ZXN0Lzk4NTARhg9odHRwOi8vdGVzdC85ODYwEYYPaHR0cDovL3Rlc3QvOTg3 +MBGGD2h0dHA6Ly90ZXN0Lzk4ODARhg9odHRwOi8vdGVzdC85ODkwEYYPaHR0cDov +L3Rlc3QvOTkwMBGGD2h0dHA6Ly90ZXN0Lzk5MTARhg9odHRwOi8vdGVzdC85OTIw +EYYPaHR0cDovL3Rlc3QvOTkzMBGGD2h0dHA6Ly90ZXN0Lzk5NDARhg9odHRwOi8v +dGVzdC85OTUwEYYPaHR0cDovL3Rlc3QvOTk2MBGGD2h0dHA6Ly90ZXN0Lzk5NzAR +hg9odHRwOi8vdGVzdC85OTgwEYYPaHR0cDovL3Rlc3QvOTk5MBKGEGh0dHA6Ly90 +ZXN0LzEwMDAwEoYQaHR0cDovL3Rlc3QvMTAwMTAShhBodHRwOi8vdGVzdC8xMDAy +MBKGEGh0dHA6Ly90ZXN0LzEwMDMwEoYQaHR0cDovL3Rlc3QvMTAwNDAShhBodHRw +Oi8vdGVzdC8xMDA1MBKGEGh0dHA6Ly90ZXN0LzEwMDYwEoYQaHR0cDovL3Rlc3Qv +MTAwNzAShhBodHRwOi8vdGVzdC8xMDA4MBKGEGh0dHA6Ly90ZXN0LzEwMDkwEoYQ +aHR0cDovL3Rlc3QvMTAxMDAShhBodHRwOi8vdGVzdC8xMDExMBKGEGh0dHA6Ly90 +ZXN0LzEwMTIwEoYQaHR0cDovL3Rlc3QvMTAxMzAShhBodHRwOi8vdGVzdC8xMDE0 +MBKGEGh0dHA6Ly90ZXN0LzEwMTUwEoYQaHR0cDovL3Rlc3QvMTAxNjAShhBodHRw +Oi8vdGVzdC8xMDE3MBKGEGh0dHA6Ly90ZXN0LzEwMTgwEoYQaHR0cDovL3Rlc3Qv +MTAxOTAShhBodHRwOi8vdGVzdC8xMDIwMBKGEGh0dHA6Ly90ZXN0LzEwMjEwEoYQ +aHR0cDovL3Rlc3QvMTAyMjAShhBodHRwOi8vdGVzdC8xMDIzMBKGEGh0dHA6Ly90 +ZXN0LzEwMjShgmluMAmCB3gwLnRlc3QwCYIHeDEudGVzdDAJggd4Mi50ZXN0MAmC +B3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcu +dGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEwLnRlc3QwCoIIeDExLnRl +c3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRl +c3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRl +c3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRl +c3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRl +c3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRl +c3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRl +c3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRl +c3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRl +c3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRl +c3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRl +c3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRl +c3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRl +c3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRl +c3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRl +c3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRl +c3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRl +c3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRl +c3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRl +c3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRl +c3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRl +c3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRl +c3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRl +c3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4MTAyLnRlc3QwC4IJeDEw +My50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuC +CXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50ZXN0MAuCCXgxMTAudGVz +dDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0 +LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDALggl4MTE3LnRlc3QwC4IJ +eDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0 +MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUu +dGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuCCXgxMjgudGVzdDALggl4 +MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVzdDALggl4MTMyLnRlc3Qw +C4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1LnRlc3QwC4IJeDEzNi50 +ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgx +NDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0MAuCCXgxNDMudGVzdDAL +ggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYudGVzdDALggl4MTQ3LnRl +c3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4MTUwLnRlc3QwC4IJeDE1 +MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuC +CXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVz +dDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgxNjEudGVzdDALggl4MTYy +LnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDALggl4MTY1LnRlc3QwC4IJ +eDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0 +MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/////MAqHCAsAAAP///// +MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/////MAqHCAsAAAf///// +MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/////MAqHCAsAAAv///// +MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/////MAqHCAsAAA////// +MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/////MAqHCAsAABP///// +MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/////MAqHCAsAABf///// +MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/////MAqHCAsAABv///// +MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/////MAqHCAsAAB////// +MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/////MAqHCAsAACP///// +MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/////MAqHCAsAACf///// +MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/////MAqHCAsAACv///// +MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/////MAqHCAsAAC////// +MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/////MAqHCAsAADP///// +MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/////MAqHCAsAADf///// +MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/////MAqHCAsAADv///// +MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/////MAqHCAsAAD////// +MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/////MAqHCAsAAEP///// +MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/////MAqHCAsAAEf///// +MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/////MAqHCAsAAEv///// +MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/////MAqHCAsAAE////// +MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/////MAqHCAsAAFP///// +MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/////MAqHCAsAAFf///// +MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/////MAqHCAsAAFv///// +MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/////MAqHCAsAAF////// +MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/////MAqHCAsAAGP///// +MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/////MAqHCAsAAGf///// +MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/////MAqHCAsAAGv///// +MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/////MAqHCAsAAG////// +MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/////MAqHCAsAAHP///// +MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/////MAqHCAsAAHf///// +MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/////MAqHCAsAAHv///// +MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/////MAqHCAsAAH////// +MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/////MAqHCAsAAIP///// +MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/////MAqHCAsAAIf///// +MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/////MAqHCAsAAIv///// +MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/////MAqHCAsAAI////// +MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/////MAqHCAsAAJP///// +MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/////MAqHCAsAAJf///// +MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/////MAqHCAsAAJv///// +MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/////MAqHCAsAAJ////// +MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/////MAqHCAsAAKP///// +MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/////MAqHCAsAAKf///// +MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQswCQYDVQQDDAJ4MDARpA8w +DTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngyMBGkDzANMQswCQYDVQQD +DAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJBgNVBAMMAng1MBGkDzAN +MQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcwEaQPMA0xCzAJBgNVBAMM +Ang4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoGA1UEAwwDeDEwMBKkEDAO +MQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gxMjASpBAwDjEMMAoGA1UE +AwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4xDDAKBgNVBAMMA3gxNTAS +pBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQDDAN4MTcwEqQQMA4xDDAK +BgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKkEDAOMQwwCgYDVQQDDAN4 +MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoGA1UEAwwDeDIyMBKkEDAO +MQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gyNDASpBAwDjEMMAoGA1UE +AwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4xDDAKBgNVBAMMA3gyNzAS +pBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQDDAN4MjkwEqQQMA4xDDAK +BgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKkEDAOMQwwCgYDVQQDDAN4 +MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoGA1UEAwwDeDM0MBKkEDAO +MQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gzNjASpBAwDjEMMAoGA1UE +AwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4xDDAKBgNVBAMMA3gzOTAS +pBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQDDAN4NDEwEqQQMA4xDDAK +BgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKkEDAOMQwwCgYDVQQDDAN4 +NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoGA1UEAwwDeDQ2MBKkEDAO +MQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0ODASpBAwDjEMMAoGA1UE +AwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4xDDAKBgNVBAMMA3g1MTAS +pBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQDDAN4NTMwEqQQMA4xDDAK +BgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKkEDAOMQwwCgYDVQQDDAN4 +NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoGA1UEAwwDeDU4MBKkEDAO +MQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2MDASpBAwDjEMMAoGA1UE +AwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4xDDAKBgNVBAMMA3g2MzAS +pBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQDDAN4NjUwEqQQMA4xDDAK +BgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKkEDAOMQwwCgYDVQQDDAN4 +NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoGA1UEAwwDeDcwMBKkEDAO +MQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3MjASpBAwDjEMMAoGA1UE +AwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4xDDAKBgNVBAMMA3g3NTAS +pBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQDDAN4NzcwEqQQMA4xDDAK +BgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKkEDAOMQwwCgYDVQQDDAN4 +ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoGA1UEAwwDeDgyMBKkEDAO +MQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4NDASpBAwDjEMMAoGA1UE +AwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4xDDAKBgNVBAMMA3g4NzAS +pBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQDDAN4ODkwEqQQMA4xDDAK +BgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKkEDAOMQwwCgYDVQQDDAN4 +OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoGA1UEAwwDeDk0MBKkEDAO +MQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5NjASpBAwDjEMMAoGA1UE +AwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4xDDAKBgNVBAMMA3g5OTAT +pBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UEAwwEeDEwMTATpBEwDzEN +MAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEwMzATpBEwDzENMAsGA1UE +AwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEwDzENMAsGA1UEAwwEeDEw +NjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsGA1UEAwwEeDEwODATpBEw +DzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwEeDExMDATpBEwDzENMAsG +A1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjATpBEwDzENMAsGA1UEAwwE +eDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzENMAsGA1UEAwwEeDExNTAT +pBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UEAwwEeDExNzATpBEwDzEN +MAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDExOTATpBEwDzENMAsGA1UE +AwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEwDzENMAsGA1UEAwwEeDEy +MjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsGA1UEAwwEeDEyNDATpBEw +DzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwEeDEyNjATpBEwDzENMAsG +A1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODATpBEwDzENMAsGA1UEAwwE +eDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzENMAsGA1UEAwwEeDEzMTAT +pBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UEAwwEeDEzMzATpBEwDzEN +MAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEzNTATpBEwDzENMAsGA1UE +AwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEwDzENMAsGA1UEAwwEeDEz +ODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsGA1UEAwwEeDE0MDATpBEw +DzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwEeDE0MjATpBEwDzENMAsG +A1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDATpBEwDzENMAsGA1UEAwwE +eDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzENMAsGA1UEAwwEeDE0NzAT +pBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UEAwwEeDE0OTATpBEwDzEN +MAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1MTATpBEwDzENMAsGA1UE +AwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEwDzENMAsGA1UEAwwEeDE1 +NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsGA1UEAwwEeDE1NjATpBEw +DzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwEeDE1ODATpBEwDzENMAsG +A1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDATpBEwDzENMAsGA1UEAwwE +eDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzENMAsGA1UEAwwEeDE2MzAT +pBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UEAwwEeDE2NTATpBEwDzEN +MAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2NzATpBEwDzENMAsGA1UE +AwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTAPhg1odHRwOi8veGVzdC8wMA+G +DWh0dHA6Ly94ZXN0LzEwD4YNaHR0cDovL3hlc3QvMjAPhg1odHRwOi8veGVzdC8z +MA+GDWh0dHA6Ly94ZXN0LzQwD4YNaHR0cDovL3hlc3QvNTAPhg1odHRwOi8veGVz +dC82MA+GDWh0dHA6Ly94ZXN0LzcwD4YNaHR0cDovL3hlc3QvODAPhg1odHRwOi8v +eGVzdC85MBCGDmh0dHA6Ly94ZXN0LzEwMBCGDmh0dHA6Ly94ZXN0LzExMBCGDmh0 +dHA6Ly94ZXN0LzEyMBCGDmh0dHA6Ly94ZXN0LzEzMBCGDmh0dHA6Ly94ZXN0LzE0 +MBCGDmh0dHA6Ly94ZXN0LzE1MBCGDmh0dHA6Ly94ZXN0LzE2MBCGDmh0dHA6Ly94 +ZXN0LzE3MBCGDmh0dHA6Ly94ZXN0LzE4MBCGDmh0dHA6Ly94ZXN0LzE5MBCGDmh0 +dHA6Ly94ZXN0LzIwMBCGDmh0dHA6Ly94ZXN0LzIxMBCGDmh0dHA6Ly94ZXN0LzIy +MBCGDmh0dHA6Ly94ZXN0LzIzMBCGDmh0dHA6Ly94ZXN0LzI0MBCGDmh0dHA6Ly94 +ZXN0LzI1MBCGDmh0dHA6Ly94ZXN0LzI2MBCGDmh0dHA6Ly94ZXN0LzI3MBCGDmh0 +dHA6Ly94ZXN0LzI4MBCGDmh0dHA6Ly94ZXN0LzI5MBCGDmh0dHA6Ly94ZXN0LzMw +MBCGDmh0dHA6Ly94ZXN0LzMxMBCGDmh0dHA6Ly94ZXN0LzMyMBCGDmh0dHA6Ly94 +ZXN0LzMzMBCGDmh0dHA6Ly94ZXN0LzM0MBCGDmh0dHA6Ly94ZXN0LzM1MBCGDmh0 +dHA6Ly94ZXN0LzM2MBCGDmh0dHA6Ly94ZXN0LzM3MBCGDmh0dHA6Ly94ZXN0LzM4 +MBCGDmh0dHA6Ly94ZXN0LzM5MBCGDmh0dHA6Ly94ZXN0LzQwMBCGDmh0dHA6Ly94 +ZXN0LzQxMBCGDmh0dHA6Ly94ZXN0LzQyMBCGDmh0dHA6Ly94ZXN0LzQzMBCGDmh0 +dHA6Ly94ZXN0LzQ0MBCGDmh0dHA6Ly94ZXN0LzQ1MBCGDmh0dHA6Ly94ZXN0LzQ2 +MBCGDmh0dHA6Ly94ZXN0LzQ3MBCGDmh0dHA6Ly94ZXN0LzQ4MBCGDmh0dHA6Ly94 +ZXN0LzQ5MBCGDmh0dHA6Ly94ZXN0LzUwMBCGDmh0dHA6Ly94ZXN0LzUxMBCGDmh0 +dHA6Ly94ZXN0LzUyMBCGDmh0dHA6Ly94ZXN0LzUzMBCGDmh0dHA6Ly94ZXN0LzU0 +MBCGDmh0dHA6Ly94ZXN0LzU1MBCGDmh0dHA6Ly94ZXN0LzU2MBCGDmh0dHA6Ly94 +ZXN0LzU3MBCGDmh0dHA6Ly94ZXN0LzU4MBCGDmh0dHA6Ly94ZXN0LzU5MBCGDmh0 +dHA6Ly94ZXN0LzYwMBCGDmh0dHA6Ly94ZXN0LzYxMBCGDmh0dHA6Ly94ZXN0LzYy +MBCGDmh0dHA6Ly94ZXN0LzYzMBCGDmh0dHA6Ly94ZXN0LzY0MBCGDmh0dHA6Ly94 +ZXN0LzY1MBCGDmh0dHA6Ly94ZXN0LzY2MBCGDmh0dHA6Ly94ZXN0LzY3MBCGDmh0 +dHA6Ly94ZXN0LzY4MBCGDmh0dHA6Ly94ZXN0LzY5MBCGDmh0dHA6Ly94ZXN0Lzcw +MBCGDmh0dHA6Ly94ZXN0LzcxMBCGDmh0dHA6Ly94ZXN0LzcyMBCGDmh0dHA6Ly94 +ZXN0LzczMBCGDmh0dHA6Ly94ZXN0Lzc0MBCGDmh0dHA6Ly94ZXN0Lzc1MBCGDmh0 +dHA6Ly94ZXN0Lzc2MBCGDmh0dHA6Ly94ZXN0Lzc3MBCGDmh0dHA6Ly94ZXN0Lzc4 +MBCGDmh0dHA6Ly94ZXN0Lzc5MBCGDmh0dHA6Ly94ZXN0LzgwMBCGDmh0dHA6Ly94 +ZXN0LzgxMBCGDmh0dHA6Ly94ZXN0LzgyMBCGDmh0dHA6Ly94ZXN0LzgzMBCGDmh0 +dHA6Ly94ZXN0Lzg0MBCGDmh0dHA6Ly94ZXN0Lzg1MBCGDmh0dHA6Ly94ZXN0Lzg2 +MBCGDmh0dHA6Ly94ZXN0Lzg3MBCGDmh0dHA6Ly94ZXN0Lzg4MBCGDmh0dHA6Ly94 +ZXN0Lzg5MBCGDmh0dHA6Ly94ZXN0LzkwMBCGDmh0dHA6Ly94ZXN0LzkxMBCGDmh0 +dHA6Ly94ZXN0LzkyMBCGDmh0dHA6Ly94ZXN0LzkzMBCGDmh0dHA6Ly94ZXN0Lzk0 +MBCGDmh0dHA6Ly94ZXN0Lzk1MBCGDmh0dHA6Ly94ZXN0Lzk2MBCGDmh0dHA6Ly94 +ZXN0Lzk3MBCGDmh0dHA6Ly94ZXN0Lzk4MBCGDmh0dHA6Ly94ZXN0Lzk5MBGGD2h0 +dHA6Ly94ZXN0LzEwMDARhg9odHRwOi8veGVzdC8xMDEwEYYPaHR0cDovL3hlc3Qv +MTAyMBGGD2h0dHA6Ly94ZXN0LzEwMzARhg9odHRwOi8veGVzdC8xMDQwEYYPaHR0 +cDovL3hlc3QvMTA1MBGGD2h0dHA6Ly94ZXN0LzEwNjARhg9odHRwOi8veGVzdC8x +MDcwEYYPaHR0cDovL3hlc3QvMTA4MBGGD2h0dHA6Ly94ZXN0LzEwOTARhg9odHRw +Oi8veGVzdC8xMTAwEYYPaHR0cDovL3hlc3QvMTExMBGGD2h0dHA6Ly94ZXN0LzEx +MjARhg9odHRwOi8veGVzdC8xMTMwEYYPaHR0cDovL3hlc3QvMTE0MBGGD2h0dHA6 +Ly94ZXN0LzExNTARhg9odHRwOi8veGVzdC8xMTYwEYYPaHR0cDovL3hlc3QvMTE3 +MBGGD2h0dHA6Ly94ZXN0LzExODARhg9odHRwOi8veGVzdC8xMTkwEYYPaHR0cDov +L3hlc3QvMTIwMBGGD2h0dHA6Ly94ZXN0LzEyMTARhg9odHRwOi8veGVzdC8xMjIw +EYYPaHR0cDovL3hlc3QvMTIzMBGGD2h0dHA6Ly94ZXN0LzEyNDARhg9odHRwOi8v +eGVzdC8xMjUwEYYPaHR0cDovL3hlc3QvMTI2MBGGD2h0dHA6Ly94ZXN0LzEyNzAR +hg9odHRwOi8veGVzdC8xMjgwEYYPaHR0cDovL3hlc3QvMTI5MBGGD2h0dHA6Ly94 +ZXN0LzEzMDARhg9odHRwOi8veGVzdC8xMzEwEYYPaHR0cDovL3hlc3QvMTMyMBGG +D2h0dHA6Ly94ZXN0LzEzMzARhg9odHRwOi8veGVzdC8xMzQwEYYPaHR0cDovL3hl +c3QvMTM1MBGGD2h0dHA6Ly94ZXN0LzEzNjARhg9odHRwOi8veGVzdC8xMzcwEYYP +aHR0cDovL3hlc3QvMTM4MBGGD2h0dHA6Ly94ZXN0LzEzOTARhg9odHRwOi8veGVz +dC8xNDAwEYYPaHR0cDovL3hlc3QvMTQxMBGGD2h0dHA6Ly94ZXN0LzE0MjARhg9o +dHRwOi8veGVzdC8xNDMwEYYPaHR0cDovL3hlc3QvMTQ0MBGGD2h0dHA6Ly94ZXN0 +LzE0NTARhg9odHRwOi8veGVzdC8xNDYwEYYPaHR0cDovL3hlc3QvMTQ3MBGGD2h0 +dHA6Ly94ZXN0LzE0ODARhg9odHRwOi8veGVzdC8xNDkwEYYPaHR0cDovL3hlc3Qv +MTUwMBGGD2h0dHA6Ly94ZXN0LzE1MTARhg9odHRwOi8veGVzdC8xNTIwEYYPaHR0 +cDovL3hlc3QvMTUzMBGGD2h0dHA6Ly94ZXN0LzE1NDARhg9odHRwOi8veGVzdC8x +NTUwEYYPaHR0cDovL3hlc3QvMTU2MBGGD2h0dHA6Ly94ZXN0LzE1NzARhg9odHRw +Oi8veGVzdC8xNTgwEYYPaHR0cDovL3hlc3QvMTU5MBGGD2h0dHA6Ly94ZXN0LzE2 +MDARhg9odHRwOi8veGVzdC8xNjEwEYYPaHR0cDovL3hlc3QvMTYyMBGGD2h0dHA6 +Ly94ZXN0LzE2MzARhg9odHRwOi8veGVzdC8xNjQwEYYPaHR0cDovL3hlc3QvMTY1 +MBGGD2h0dHA6Ly94ZXN0LzE2NjARhg9odHRwOi8veGVzdC8xNjcwEYYPaHR0cDov +L3hlc3QvMTY4MBGGD2h0dHA6Ly94ZXN0LzE2OTARhg9odHRwOi8veGVzdC8xNzAw +EYYPaHR0cDovL3hlc3QvMTcxMBGGD2h0dHA6Ly94ZXN0LzE3MjARhg9odHRwOi8v +eGVzdC8xNzMwEYYPaHR0cDovL3hlc3QvMTc0MBGGD2h0dHA6Ly94ZXN0LzE3NTAR +hg9odHRwOi8veGVzdC8xNzYwEYYPaHR0cDovL3hlc3QvMTc3MBGGD2h0dHA6Ly94 +ZXN0LzE3ODARhg9odHRwOi8veGVzdC8xNzkwEYYPaHR0cDovL3hlc3QvMTgwMBGG +D2h0dHA6Ly94ZXN0LzE4MTARhg9odHRwOi8veGVzdC8xODIwEYYPaHR0cDovL3hl +c3QvMTgzMBGGD2h0dHA6Ly94ZXN0LzE4NDARhg9odHRwOi8veGVzdC8xODUwEYYP +aHR0cDovL3hlc3QvMTg2MBGGD2h0dHA6Ly94ZXN0LzE4NzARhg9odHRwOi8veGVz +dC8xODgwEYYPaHR0cDovL3hlc3QvMTg5MBGGD2h0dHA6Ly94ZXN0LzE5MDARhg9o +dHRwOi8veGVzdC8xOTEwEYYPaHR0cDovL3hlc3QvMTkyMBGGD2h0dHA6Ly94ZXN0 +LzE5MzARhg9odHRwOi8veGVzdC8xOTQwEYYPaHR0cDovL3hlc3QvMTk1MBGGD2h0 +dHA6Ly94ZXN0LzE5NjARhg9odHRwOi8veGVzdC8xOTcwEYYPaHR0cDovL3hlc3Qv +MTk4MBGGD2h0dHA6Ly94ZXN0LzE5OTARhg9odHRwOi8veGVzdC8yMDAwEYYPaHR0 +cDovL3hlc3QvMjAxMBGGD2h0dHA6Ly94ZXN0LzIwMjARhg9odHRwOi8veGVzdC8y +MDMwEYYPaHR0cDovL3hlc3QvMjA0MBGGD2h0dHA6Ly94ZXN0LzIwNTARhg9odHRw +Oi8veGVzdC8yMDYwEYYPaHR0cDovL3hlc3QvMjA3MBGGD2h0dHA6Ly94ZXN0LzIw +ODARhg9odHRwOi8veGVzdC8yMDkwEYYPaHR0cDovL3hlc3QvMjEwMBGGD2h0dHA6 +Ly94ZXN0LzIxMTARhg9odHRwOi8veGVzdC8yMTIwEYYPaHR0cDovL3hlc3QvMjEz +MBGGD2h0dHA6Ly94ZXN0LzIxNDARhg9odHRwOi8veGVzdC8yMTUwEYYPaHR0cDov +L3hlc3QvMjE2MBGGD2h0dHA6Ly94ZXN0LzIxNzARhg9odHRwOi8veGVzdC8yMTgw +EYYPaHR0cDovL3hlc3QvMjE5MBGGD2h0dHA6Ly94ZXN0LzIyMDARhg9odHRwOi8v +eGVzdC8yMjEwEYYPaHR0cDovL3hlc3QvMjIyMBGGD2h0dHA6Ly94ZXN0LzIyMzAR +hg9odHRwOi8veGVzdC8yMjQwEYYPaHR0cDovL3hlc3QvMjI1MBGGD2h0dHA6Ly94 +ZXN0LzIyNjARhg9odHRwOi8veGVzdC8yMjcwEYYPaHR0cDovL3hlc3QvMjI4MBGG +D2h0dHA6Ly94ZXN0LzIyOTARhg9odHRwOi8veGVzdC8yMzAwEYYPaHR0cDovL3hl +c3QvMjMxMBGGD2h0dHA6Ly94ZXN0LzIzMjARhg9odHRwOi8veGVzdC8yMzMwEYYP +aHR0cDovL3hlc3QvMjM0MBGGD2h0dHA6Ly94ZXN0LzIzNTARhg9odHRwOi8veGVz +dC8yMzYwEYYPaHR0cDovL3hlc3QvMjM3MBGGD2h0dHA6Ly94ZXN0LzIzODARhg9o +dHRwOi8veGVzdC8yMzkwEYYPaHR0cDovL3hlc3QvMjQwMBGGD2h0dHA6Ly94ZXN0 +LzI0MTARhg9odHRwOi8veGVzdC8yNDIwEYYPaHR0cDovL3hlc3QvMjQzMBGGD2h0 +dHA6Ly94ZXN0LzI0NDARhg9odHRwOi8veGVzdC8yNDUwEYYPaHR0cDovL3hlc3Qv +MjQ2MBGGD2h0dHA6Ly94ZXN0LzI0NzARhg9odHRwOi8veGVzdC8yNDgwEYYPaHR0 +cDovL3hlc3QvMjQ5MBGGD2h0dHA6Ly94ZXN0LzI1MDARhg9odHRwOi8veGVzdC8y +NTEwEYYPaHR0cDovL3hlc3QvMjUyMBGGD2h0dHA6Ly94ZXN0LzI1MzARhg9odHRw +Oi8veGVzdC8yNTQwEYYPaHR0cDovL3hlc3QvMjU1MBGGD2h0dHA6Ly94ZXN0LzI1 +NjARhg9odHRwOi8veGVzdC8yNTcwEYYPaHR0cDovL3hlc3QvMjU4MBGGD2h0dHA6 +Ly94ZXN0LzI1OTARhg9odHRwOi8veGVzdC8yNjAwEYYPaHR0cDovL3hlc3QvMjYx +MBGGD2h0dHA6Ly94ZXN0LzI2MjARhg9odHRwOi8veGVzdC8yNjMwEYYPaHR0cDov +L3hlc3QvMjY0MBGGD2h0dHA6Ly94ZXN0LzI2NTARhg9odHRwOi8veGVzdC8yNjYw +EYYPaHR0cDovL3hlc3QvMjY3MBGGD2h0dHA6Ly94ZXN0LzI2ODARhg9odHRwOi8v +eGVzdC8yNjkwEYYPaHR0cDovL3hlc3QvMjcwMBGGD2h0dHA6Ly94ZXN0LzI3MTAR +hg9odHRwOi8veGVzdC8yNzIwEYYPaHR0cDovL3hlc3QvMjczMBGGD2h0dHA6Ly94 +ZXN0LzI3NDARhg9odHRwOi8veGVzdC8yNzUwEYYPaHR0cDovL3hlc3QvMjc2MBGG +D2h0dHA6Ly94ZXN0LzI3NzARhg9odHRwOi8veGVzdC8yNzgwEYYPaHR0cDovL3hl +c3QvMjc5MBGGD2h0dHA6Ly94ZXN0LzI4MDARhg9odHRwOi8veGVzdC8yODEwEYYP +aHR0cDovL3hlc3QvMjgyMBGGD2h0dHA6Ly94ZXN0LzI4MzARhg9odHRwOi8veGVz +dC8yODQwEYYPaHR0cDovL3hlc3QvMjg1MBGGD2h0dHA6Ly94ZXN0LzI4NjARhg9o +dHRwOi8veGVzdC8yODcwEYYPaHR0cDovL3hlc3QvMjg4MBGGD2h0dHA6Ly94ZXN0 +LzI4OTARhg9odHRwOi8veGVzdC8yOTAwEYYPaHR0cDovL3hlc3QvMjkxMBGGD2h0 +dHA6Ly94ZXN0LzI5MjARhg9odHRwOi8veGVzdC8yOTMwEYYPaHR0cDovL3hlc3Qv +Mjk0MBGGD2h0dHA6Ly94ZXN0LzI5NTARhg9odHRwOi8veGVzdC8yOTYwEYYPaHR0 +cDovL3hlc3QvMjk3MBGGD2h0dHA6Ly94ZXN0LzI5ODARhg9odHRwOi8veGVzdC8y +OTkwEYYPaHR0cDovL3hlc3QvMzAwMBGGD2h0dHA6Ly94ZXN0LzMwMTARhg9odHRw +Oi8veGVzdC8zMDIwEYYPaHR0cDovL3hlc3QvMzAzMBGGD2h0dHA6Ly94ZXN0LzMw +NDARhg9odHRwOi8veGVzdC8zMDUwEYYPaHR0cDovL3hlc3QvMzA2MBGGD2h0dHA6 +Ly94ZXN0LzMwNzARhg9odHRwOi8veGVzdC8zMDgwEYYPaHR0cDovL3hlc3QvMzA5 +MBGGD2h0dHA6Ly94ZXN0LzMxMDARhg9odHRwOi8veGVzdC8zMTEwEYYPaHR0cDov +L3hlc3QvMzEyMBGGD2h0dHA6Ly94ZXN0LzMxMzARhg9odHRwOi8veGVzdC8zMTQw +EYYPaHR0cDovL3hlc3QvMzE1MBGGD2h0dHA6Ly94ZXN0LzMxNjARhg9odHRwOi8v +eGVzdC8zMTcwEYYPaHR0cDovL3hlc3QvMzE4MBGGD2h0dHA6Ly94ZXN0LzMxOTAR +hg9odHRwOi8veGVzdC8zMjAwEYYPaHR0cDovL3hlc3QvMzIxMBGGD2h0dHA6Ly94 +ZXN0LzMyMjARhg9odHRwOi8veGVzdC8zMjMwEYYPaHR0cDovL3hlc3QvMzI0MBGG +D2h0dHA6Ly94ZXN0LzMyNTARhg9odHRwOi8veGVzdC8zMjYwEYYPaHR0cDovL3hl +c3QvMzI3MBGGD2h0dHA6Ly94ZXN0LzMyODARhg9odHRwOi8veGVzdC8zMjkwEYYP +aHR0cDovL3hlc3QvMzMwMBGGD2h0dHA6Ly94ZXN0LzMzMTARhg9odHRwOi8veGVz +dC8zMzIwEYYPaHR0cDovL3hlc3QvMzMzMBGGD2h0dHA6Ly94ZXN0LzMzNDARhg9o +dHRwOi8veGVzdC8zMzUwEYYPaHR0cDovL3hlc3QvMzM2MBGGD2h0dHA6Ly94ZXN0 +LzMzNzARhg9odHRwOi8veGVzdC8zMzgwEYYPaHR0cDovL3hlc3QvMzM5MBGGD2h0 +dHA6Ly94ZXN0LzM0MDARhg9odHRwOi8veGVzdC8zNDEwEYYPaHR0cDovL3hlc3Qv +MzQyMBGGD2h0dHA6Ly94ZXN0LzM0MzARhg9odHRwOi8veGVzdC8zNDQwEYYPaHR0 +cDovL3hlc3QvMzQ1MBGGD2h0dHA6Ly94ZXN0LzM0NjARhg9odHRwOi8veGVzdC8z +NDcwEYYPaHR0cDovL3hlc3QvMzQ4MBGGD2h0dHA6Ly94ZXN0LzM0OTARhg9odHRw +Oi8veGVzdC8zNTAwEYYPaHR0cDovL3hlc3QvMzUxMBGGD2h0dHA6Ly94ZXN0LzM1 +MjARhg9odHRwOi8veGVzdC8zNTMwEYYPaHR0cDovL3hlc3QvMzU0MBGGD2h0dHA6 +Ly94ZXN0LzM1NTARhg9odHRwOi8veGVzdC8zNTYwEYYPaHR0cDovL3hlc3QvMzU3 +MBGGD2h0dHA6Ly94ZXN0LzM1ODARhg9odHRwOi8veGVzdC8zNTkwEYYPaHR0cDov +L3hlc3QvMzYwMBGGD2h0dHA6Ly94ZXN0LzM2MTARhg9odHRwOi8veGVzdC8zNjIw +EYYPaHR0cDovL3hlc3QvMzYzMBGGD2h0dHA6Ly94ZXN0LzM2NDARhg9odHRwOi8v +eGVzdC8zNjUwEYYPaHR0cDovL3hlc3QvMzY2MBGGD2h0dHA6Ly94ZXN0LzM2NzAR +hg9odHRwOi8veGVzdC8zNjgwEYYPaHR0cDovL3hlc3QvMzY5MBGGD2h0dHA6Ly94 +ZXN0LzM3MDARhg9odHRwOi8veGVzdC8zNzEwEYYPaHR0cDovL3hlc3QvMzcyMBGG +D2h0dHA6Ly94ZXN0LzM3MzARhg9odHRwOi8veGVzdC8zNzQwEYYPaHR0cDovL3hl +c3QvMzc1MBGGD2h0dHA6Ly94ZXN0LzM3NjARhg9odHRwOi8veGVzdC8zNzcwEYYP +aHR0cDovL3hlc3QvMzc4MBGGD2h0dHA6Ly94ZXN0LzM3OTARhg9odHRwOi8veGVz +dC8zODAwEYYPaHR0cDovL3hlc3QvMzgxMBGGD2h0dHA6Ly94ZXN0LzM4MjARhg9o +dHRwOi8veGVzdC8zODMwEYYPaHR0cDovL3hlc3QvMzg0MBGGD2h0dHA6Ly94ZXN0 +LzM4NTARhg9odHRwOi8veGVzdC8zODYwEYYPaHR0cDovL3hlc3QvMzg3MBGGD2h0 +dHA6Ly94ZXN0LzM4ODARhg9odHRwOi8veGVzdC8zODkwEYYPaHR0cDovL3hlc3Qv +MzkwMBGGD2h0dHA6Ly94ZXN0LzM5MTARhg9odHRwOi8veGVzdC8zOTIwEYYPaHR0 +cDovL3hlc3QvMzkzMBGGD2h0dHA6Ly94ZXN0LzM5NDARhg9odHRwOi8veGVzdC8z +OTUwEYYPaHR0cDovL3hlc3QvMzk2MBGGD2h0dHA6Ly94ZXN0LzM5NzARhg9odHRw +Oi8veGVzdC8zOTgwEYYPaHR0cDovL3hlc3QvMzk5MBGGD2h0dHA6Ly94ZXN0LzQw +MDARhg9odHRwOi8veGVzdC80MDEwEYYPaHR0cDovL3hlc3QvNDAyMBGGD2h0dHA6 +Ly94ZXN0LzQwMzARhg9odHRwOi8veGVzdC80MDQwEYYPaHR0cDovL3hlc3QvNDA1 +MBGGD2h0dHA6Ly94ZXN0LzQwNjARhg9odHRwOi8veGVzdC80MDcwEYYPaHR0cDov +L3hlc3QvNDA4MBGGD2h0dHA6Ly94ZXN0LzQwOTARhg9odHRwOi8veGVzdC80MTAw +EYYPaHR0cDovL3hlc3QvNDExMBGGD2h0dHA6Ly94ZXN0LzQxMjARhg9odHRwOi8v +eGVzdC80MTMwEYYPaHR0cDovL3hlc3QvNDE0MBGGD2h0dHA6Ly94ZXN0LzQxNTAR +hg9odHRwOi8veGVzdC80MTYwEYYPaHR0cDovL3hlc3QvNDE3MBGGD2h0dHA6Ly94 +ZXN0LzQxODARhg9odHRwOi8veGVzdC80MTkwEYYPaHR0cDovL3hlc3QvNDIwMBGG +D2h0dHA6Ly94ZXN0LzQyMTARhg9odHRwOi8veGVzdC80MjIwEYYPaHR0cDovL3hl +c3QvNDIzMBGGD2h0dHA6Ly94ZXN0LzQyNDARhg9odHRwOi8veGVzdC80MjUwEYYP +aHR0cDovL3hlc3QvNDI2MBGGD2h0dHA6Ly94ZXN0LzQyNzARhg9odHRwOi8veGVz +dC80MjgwEYYPaHR0cDovL3hlc3QvNDI5MBGGD2h0dHA6Ly94ZXN0LzQzMDARhg9o +dHRwOi8veGVzdC80MzEwEYYPaHR0cDovL3hlc3QvNDMyMBGGD2h0dHA6Ly94ZXN0 +LzQzMzARhg9odHRwOi8veGVzdC80MzQwEYYPaHR0cDovL3hlc3QvNDM1MBGGD2h0 +dHA6Ly94ZXN0LzQzNjARhg9odHRwOi8veGVzdC80MzcwEYYPaHR0cDovL3hlc3Qv +NDM4MBGGD2h0dHA6Ly94ZXN0LzQzOTARhg9odHRwOi8veGVzdC80NDAwEYYPaHR0 +cDovL3hlc3QvNDQxMBGGD2h0dHA6Ly94ZXN0LzQ0MjARhg9odHRwOi8veGVzdC80 +NDMwEYYPaHR0cDovL3hlc3QvNDQ0MBGGD2h0dHA6Ly94ZXN0LzQ0NTARhg9odHRw +Oi8veGVzdC80NDYwEYYPaHR0cDovL3hlc3QvNDQ3MBGGD2h0dHA6Ly94ZXN0LzQ0 +ODARhg9odHRwOi8veGVzdC80NDkwEYYPaHR0cDovL3hlc3QvNDUwMBGGD2h0dHA6 +Ly94ZXN0LzQ1MTARhg9odHRwOi8veGVzdC80NTIwEYYPaHR0cDovL3hlc3QvNDUz +MBGGD2h0dHA6Ly94ZXN0LzQ1NDARhg9odHRwOi8veGVzdC80NTUwEYYPaHR0cDov +L3hlc3QvNDU2MBGGD2h0dHA6Ly94ZXN0LzQ1NzARhg9odHRwOi8veGVzdC80NTgw +EYYPaHR0cDovL3hlc3QvNDU5MBGGD2h0dHA6Ly94ZXN0LzQ2MDARhg9odHRwOi8v +eGVzdC80NjEwEYYPaHR0cDovL3hlc3QvNDYyMBGGD2h0dHA6Ly94ZXN0LzQ2MzAR +hg9odHRwOi8veGVzdC80NjQwEYYPaHR0cDovL3hlc3QvNDY1MBGGD2h0dHA6Ly94 +ZXN0LzQ2NjARhg9odHRwOi8veGVzdC80NjcwEYYPaHR0cDovL3hlc3QvNDY4MBGG +D2h0dHA6Ly94ZXN0LzQ2OTARhg9odHRwOi8veGVzdC80NzAwEYYPaHR0cDovL3hl +c3QvNDcxMBGGD2h0dHA6Ly94ZXN0LzQ3MjARhg9odHRwOi8veGVzdC80NzMwEYYP +aHR0cDovL3hlc3QvNDc0MBGGD2h0dHA6Ly94ZXN0LzQ3NTARhg9odHRwOi8veGVz +dC80NzYwEYYPaHR0cDovL3hlc3QvNDc3MBGGD2h0dHA6Ly94ZXN0LzQ3ODARhg9o +dHRwOi8veGVzdC80NzkwEYYPaHR0cDovL3hlc3QvNDgwMBGGD2h0dHA6Ly94ZXN0 +LzQ4MTARhg9odHRwOi8veGVzdC80ODIwEYYPaHR0cDovL3hlc3QvNDgzMBGGD2h0 +dHA6Ly94ZXN0LzQ4NDARhg9odHRwOi8veGVzdC80ODUwEYYPaHR0cDovL3hlc3Qv +NDg2MBGGD2h0dHA6Ly94ZXN0LzQ4NzARhg9odHRwOi8veGVzdC80ODgwEYYPaHR0 +cDovL3hlc3QvNDg5MBGGD2h0dHA6Ly94ZXN0LzQ5MDARhg9odHRwOi8veGVzdC80 +OTEwEYYPaHR0cDovL3hlc3QvNDkyMBGGD2h0dHA6Ly94ZXN0LzQ5MzARhg9odHRw +Oi8veGVzdC80OTQwEYYPaHR0cDovL3hlc3QvNDk1MBGGD2h0dHA6Ly94ZXN0LzQ5 +NjARhg9odHRwOi8veGVzdC80OTcwEYYPaHR0cDovL3hlc3QvNDk4MBGGD2h0dHA6 +Ly94ZXN0LzQ5OTARhg9odHRwOi8veGVzdC81MDAwEYYPaHR0cDovL3hlc3QvNTAx +MBGGD2h0dHA6Ly94ZXN0LzUwMjARhg9odHRwOi8veGVzdC81MDMwEYYPaHR0cDov +L3hlc3QvNTA0MBGGD2h0dHA6Ly94ZXN0LzUwNTARhg9odHRwOi8veGVzdC81MDYw +EYYPaHR0cDovL3hlc3QvNTA3MBGGD2h0dHA6Ly94ZXN0LzUwODARhg9odHRwOi8v +eGVzdC81MDkwEYYPaHR0cDovL3hlc3QvNTEwMBGGD2h0dHA6Ly94ZXN0LzUxMTAR +hg9odHRwOi8veGVzdC81MTIwEYYPaHR0cDovL3hlc3QvNTEzMBGGD2h0dHA6Ly94 +ZXN0LzUxNDARhg9odHRwOi8veGVzdC81MTUwEYYPaHR0cDovL3hlc3QvNTE2MBGG +D2h0dHA6Ly94ZXN0LzUxNzARhg9odHRwOi8veGVzdC81MTgwEYYPaHR0cDovL3hl +c3QvNTE5MBGGD2h0dHA6Ly94ZXN0LzUyMDARhg9odHRwOi8veGVzdC81MjEwEYYP +aHR0cDovL3hlc3QvNTIyMBGGD2h0dHA6Ly94ZXN0LzUyMzARhg9odHRwOi8veGVz +dC81MjQwEYYPaHR0cDovL3hlc3QvNTI1MBGGD2h0dHA6Ly94ZXN0LzUyNjARhg9o +dHRwOi8veGVzdC81MjcwEYYPaHR0cDovL3hlc3QvNTI4MBGGD2h0dHA6Ly94ZXN0 +LzUyOTARhg9odHRwOi8veGVzdC81MzAwEYYPaHR0cDovL3hlc3QvNTMxMBGGD2h0 +dHA6Ly94ZXN0LzUzMjARhg9odHRwOi8veGVzdC81MzMwEYYPaHR0cDovL3hlc3Qv +NTM0MBGGD2h0dHA6Ly94ZXN0LzUzNTARhg9odHRwOi8veGVzdC81MzYwEYYPaHR0 +cDovL3hlc3QvNTM3MBGGD2h0dHA6Ly94ZXN0LzUzODARhg9odHRwOi8veGVzdC81 +MzkwEYYPaHR0cDovL3hlc3QvNTQwMBGGD2h0dHA6Ly94ZXN0LzU0MTARhg9odHRw +Oi8veGVzdC81NDIwEYYPaHR0cDovL3hlc3QvNTQzMBGGD2h0dHA6Ly94ZXN0LzU0 +NDARhg9odHRwOi8veGVzdC81NDUwEYYPaHR0cDovL3hlc3QvNTQ2MBGGD2h0dHA6 +Ly94ZXN0LzU0NzARhg9odHRwOi8veGVzdC81NDgwEYYPaHR0cDovL3hlc3QvNTQ5 +MBGGD2h0dHA6Ly94ZXN0LzU1MDARhg9odHRwOi8veGVzdC81NTEwEYYPaHR0cDov +L3hlc3QvNTUyMBGGD2h0dHA6Ly94ZXN0LzU1MzARhg9odHRwOi8veGVzdC81NTQw +EYYPaHR0cDovL3hlc3QvNTU1MBGGD2h0dHA6Ly94ZXN0LzU1NjARhg9odHRwOi8v +eGVzdC81NTcwEYYPaHR0cDovL3hlc3QvNTU4MBGGD2h0dHA6Ly94ZXN0LzU1OTAR +hg9odHRwOi8veGVzdC81NjAwEYYPaHR0cDovL3hlc3QvNTYxMBGGD2h0dHA6Ly94 +ZXN0LzU2MjARhg9odHRwOi8veGVzdC81NjMwEYYPaHR0cDovL3hlc3QvNTY0MBGG +D2h0dHA6Ly94ZXN0LzU2NTARhg9odHRwOi8veGVzdC81NjYwEYYPaHR0cDovL3hl +c3QvNTY3MBGGD2h0dHA6Ly94ZXN0LzU2ODARhg9odHRwOi8veGVzdC81NjkwEYYP +aHR0cDovL3hlc3QvNTcwMBGGD2h0dHA6Ly94ZXN0LzU3MTARhg9odHRwOi8veGVz +dC81NzIwEYYPaHR0cDovL3hlc3QvNTczMBGGD2h0dHA6Ly94ZXN0LzU3NDARhg9o +dHRwOi8veGVzdC81NzUwEYYPaHR0cDovL3hlc3QvNTc2MBGGD2h0dHA6Ly94ZXN0 +LzU3NzARhg9odHRwOi8veGVzdC81NzgwEYYPaHR0cDovL3hlc3QvNTc5MBGGD2h0 +dHA6Ly94ZXN0LzU4MDARhg9odHRwOi8veGVzdC81ODEwEYYPaHR0cDovL3hlc3Qv +NTgyMBGGD2h0dHA6Ly94ZXN0LzU4MzARhg9odHRwOi8veGVzdC81ODQwEYYPaHR0 +cDovL3hlc3QvNTg1MBGGD2h0dHA6Ly94ZXN0LzU4NjARhg9odHRwOi8veGVzdC81 +ODcwEYYPaHR0cDovL3hlc3QvNTg4MBGGD2h0dHA6Ly94ZXN0LzU4OTARhg9odHRw +Oi8veGVzdC81OTAwEYYPaHR0cDovL3hlc3QvNTkxMBGGD2h0dHA6Ly94ZXN0LzU5 +MjARhg9odHRwOi8veGVzdC81OTMwEYYPaHR0cDovL3hlc3QvNTk0MBGGD2h0dHA6 +Ly94ZXN0LzU5NTARhg9odHRwOi8veGVzdC81OTYwEYYPaHR0cDovL3hlc3QvNTk3 +MBGGD2h0dHA6Ly94ZXN0LzU5ODARhg9odHRwOi8veGVzdC81OTkwEYYPaHR0cDov +L3hlc3QvNjAwMBGGD2h0dHA6Ly94ZXN0LzYwMTARhg9odHRwOi8veGVzdC82MDIw +EYYPaHR0cDovL3hlc3QvNjAzMBGGD2h0dHA6Ly94ZXN0LzYwNDARhg9odHRwOi8v +eGVzdC82MDUwEYYPaHR0cDovL3hlc3QvNjA2MBGGD2h0dHA6Ly94ZXN0LzYwNzAR +hg9odHRwOi8veGVzdC82MDgwEYYPaHR0cDovL3hlc3QvNjA5MBGGD2h0dHA6Ly94 +ZXN0LzYxMDARhg9odHRwOi8veGVzdC82MTEwEYYPaHR0cDovL3hlc3QvNjEyMBGG +D2h0dHA6Ly94ZXN0LzYxMzARhg9odHRwOi8veGVzdC82MTQwEYYPaHR0cDovL3hl +c3QvNjE1MBGGD2h0dHA6Ly94ZXN0LzYxNjARhg9odHRwOi8veGVzdC82MTcwEYYP +aHR0cDovL3hlc3QvNjE4MBGGD2h0dHA6Ly94ZXN0LzYxOTARhg9odHRwOi8veGVz +dC82MjAwEYYPaHR0cDovL3hlc3QvNjIxMBGGD2h0dHA6Ly94ZXN0LzYyMjARhg9o +dHRwOi8veGVzdC82MjMwEYYPaHR0cDovL3hlc3QvNjI0MBGGD2h0dHA6Ly94ZXN0 +LzYyNTARhg9odHRwOi8veGVzdC82MjYwEYYPaHR0cDovL3hlc3QvNjI3MBGGD2h0 +dHA6Ly94ZXN0LzYyODARhg9odHRwOi8veGVzdC82MjkwEYYPaHR0cDovL3hlc3Qv +NjMwMBGGD2h0dHA6Ly94ZXN0LzYzMTARhg9odHRwOi8veGVzdC82MzIwEYYPaHR0 +cDovL3hlc3QvNjMzMBGGD2h0dHA6Ly94ZXN0LzYzNDARhg9odHRwOi8veGVzdC82 +MzUwEYYPaHR0cDovL3hlc3QvNjM2MBGGD2h0dHA6Ly94ZXN0LzYzNzARhg9odHRw +Oi8veGVzdC82MzgwEYYPaHR0cDovL3hlc3QvNjM5MBGGD2h0dHA6Ly94ZXN0LzY0 +MDARhg9odHRwOi8veGVzdC82NDEwEYYPaHR0cDovL3hlc3QvNjQyMBGGD2h0dHA6 +Ly94ZXN0LzY0MzARhg9odHRwOi8veGVzdC82NDQwEYYPaHR0cDovL3hlc3QvNjQ1 +MBGGD2h0dHA6Ly94ZXN0LzY0NjARhg9odHRwOi8veGVzdC82NDcwEYYPaHR0cDov +L3hlc3QvNjQ4MBGGD2h0dHA6Ly94ZXN0LzY0OTARhg9odHRwOi8veGVzdC82NTAw +EYYPaHR0cDovL3hlc3QvNjUxMBGGD2h0dHA6Ly94ZXN0LzY1MjARhg9odHRwOi8v +eGVzdC82NTMwEYYPaHR0cDovL3hlc3QvNjU0MBGGD2h0dHA6Ly94ZXN0LzY1NTAR +hg9odHRwOi8veGVzdC82NTYwEYYPaHR0cDovL3hlc3QvNjU3MBGGD2h0dHA6Ly94 +ZXN0LzY1ODARhg9odHRwOi8veGVzdC82NTkwEYYPaHR0cDovL3hlc3QvNjYwMBGG +D2h0dHA6Ly94ZXN0LzY2MTARhg9odHRwOi8veGVzdC82NjIwEYYPaHR0cDovL3hl +c3QvNjYzMBGGD2h0dHA6Ly94ZXN0LzY2NDARhg9odHRwOi8veGVzdC82NjUwEYYP +aHR0cDovL3hlc3QvNjY2MBGGD2h0dHA6Ly94ZXN0LzY2NzARhg9odHRwOi8veGVz +dC82NjgwEYYPaHR0cDovL3hlc3QvNjY5MBGGD2h0dHA6Ly94ZXN0LzY3MDARhg9o +dHRwOi8veGVzdC82NzEwEYYPaHR0cDovL3hlc3QvNjcyMBGGD2h0dHA6Ly94ZXN0 +LzY3MzARhg9odHRwOi8veGVzdC82NzQwEYYPaHR0cDovL3hlc3QvNjc1MBGGD2h0 +dHA6Ly94ZXN0LzY3NjARhg9odHRwOi8veGVzdC82NzcwEYYPaHR0cDovL3hlc3Qv +Njc4MBGGD2h0dHA6Ly94ZXN0LzY3OTARhg9odHRwOi8veGVzdC82ODAwEYYPaHR0 +cDovL3hlc3QvNjgxMBGGD2h0dHA6Ly94ZXN0LzY4MjARhg9odHRwOi8veGVzdC82 +ODMwEYYPaHR0cDovL3hlc3QvNjg0MBGGD2h0dHA6Ly94ZXN0LzY4NTARhg9odHRw +Oi8veGVzdC82ODYwEYYPaHR0cDovL3hlc3QvNjg3MBGGD2h0dHA6Ly94ZXN0LzY4 +ODARhg9odHRwOi8veGVzdC82ODkwEYYPaHR0cDovL3hlc3QvNjkwMBGGD2h0dHA6 +Ly94ZXN0LzY5MTARhg9odHRwOi8veGVzdC82OTIwEYYPaHR0cDovL3hlc3QvNjkz +MBGGD2h0dHA6Ly94ZXN0LzY5NDARhg9odHRwOi8veGVzdC82OTUwEYYPaHR0cDov +L3hlc3QvNjk2MBGGD2h0dHA6Ly94ZXN0LzY5NzARhg9odHRwOi8veGVzdC82OTgw +EYYPaHR0cDovL3hlc3QvNjk5MBGGD2h0dHA6Ly94ZXN0LzcwMDARhg9odHRwOi8v +eGVzdC83MDEwEYYPaHR0cDovL3hlc3QvNzAyMBGGD2h0dHA6Ly94ZXN0LzcwMzAR +hg9odHRwOi8veGVzdC83MDQwEYYPaHR0cDovL3hlc3QvNzA1MBGGD2h0dHA6Ly94 +ZXN0LzcwNjARhg9odHRwOi8veGVzdC83MDcwEYYPaHR0cDovL3hlc3QvNzA4MBGG +D2h0dHA6Ly94ZXN0LzcwOTARhg9odHRwOi8veGVzdC83MTAwEYYPaHR0cDovL3hl +c3QvNzExMBGGD2h0dHA6Ly94ZXN0LzcxMjARhg9odHRwOi8veGVzdC83MTMwEYYP +aHR0cDovL3hlc3QvNzE0MBGGD2h0dHA6Ly94ZXN0LzcxNTARhg9odHRwOi8veGVz +dC83MTYwEYYPaHR0cDovL3hlc3QvNzE3MBGGD2h0dHA6Ly94ZXN0LzcxODARhg9o +dHRwOi8veGVzdC83MTkwEYYPaHR0cDovL3hlc3QvNzIwMBGGD2h0dHA6Ly94ZXN0 +LzcyMTARhg9odHRwOi8veGVzdC83MjIwEYYPaHR0cDovL3hlc3QvNzIzMBGGD2h0 +dHA6Ly94ZXN0LzcyNDARhg9odHRwOi8veGVzdC83MjUwEYYPaHR0cDovL3hlc3Qv +NzI2MBGGD2h0dHA6Ly94ZXN0LzcyNzARhg9odHRwOi8veGVzdC83MjgwEYYPaHR0 +cDovL3hlc3QvNzI5MBGGD2h0dHA6Ly94ZXN0LzczMDARhg9odHRwOi8veGVzdC83 +MzEwEYYPaHR0cDovL3hlc3QvNzMyMBGGD2h0dHA6Ly94ZXN0LzczMzARhg9odHRw +Oi8veGVzdC83MzQwEYYPaHR0cDovL3hlc3QvNzM1MBGGD2h0dHA6Ly94ZXN0Lzcz +NjARhg9odHRwOi8veGVzdC83MzcwEYYPaHR0cDovL3hlc3QvNzM4MBGGD2h0dHA6 +Ly94ZXN0LzczOTARhg9odHRwOi8veGVzdC83NDAwEYYPaHR0cDovL3hlc3QvNzQx +MBGGD2h0dHA6Ly94ZXN0Lzc0MjARhg9odHRwOi8veGVzdC83NDMwEYYPaHR0cDov +L3hlc3QvNzQ0MBGGD2h0dHA6Ly94ZXN0Lzc0NTARhg9odHRwOi8veGVzdC83NDYw +EYYPaHR0cDovL3hlc3QvNzQ3MBGGD2h0dHA6Ly94ZXN0Lzc0ODARhg9odHRwOi8v +eGVzdC83NDkwEYYPaHR0cDovL3hlc3QvNzUwMBGGD2h0dHA6Ly94ZXN0Lzc1MTAR +hg9odHRwOi8veGVzdC83NTIwEYYPaHR0cDovL3hlc3QvNzUzMBGGD2h0dHA6Ly94 +ZXN0Lzc1NDARhg9odHRwOi8veGVzdC83NTUwEYYPaHR0cDovL3hlc3QvNzU2MBGG +D2h0dHA6Ly94ZXN0Lzc1NzARhg9odHRwOi8veGVzdC83NTgwEYYPaHR0cDovL3hl +c3QvNzU5MBGGD2h0dHA6Ly94ZXN0Lzc2MDARhg9odHRwOi8veGVzdC83NjEwEYYP +aHR0cDovL3hlc3QvNzYyMBGGD2h0dHA6Ly94ZXN0Lzc2MzARhg9odHRwOi8veGVz +dC83NjQwEYYPaHR0cDovL3hlc3QvNzY1MBGGD2h0dHA6Ly94ZXN0Lzc2NjARhg9o +dHRwOi8veGVzdC83NjcwEYYPaHR0cDovL3hlc3QvNzY4MBGGD2h0dHA6Ly94ZXN0 +Lzc2OTARhg9odHRwOi8veGVzdC83NzAwEYYPaHR0cDovL3hlc3QvNzcxMBGGD2h0 +dHA6Ly94ZXN0Lzc3MjARhg9odHRwOi8veGVzdC83NzMwEYYPaHR0cDovL3hlc3Qv +Nzc0MBGGD2h0dHA6Ly94ZXN0Lzc3NTARhg9odHRwOi8veGVzdC83NzYwEYYPaHR0 +cDovL3hlc3QvNzc3MBGGD2h0dHA6Ly94ZXN0Lzc3ODARhg9odHRwOi8veGVzdC83 +NzkwEYYPaHR0cDovL3hlc3QvNzgwMBGGD2h0dHA6Ly94ZXN0Lzc4MTARhg9odHRw +Oi8veGVzdC83ODIwEYYPaHR0cDovL3hlc3QvNzgzMBGGD2h0dHA6Ly94ZXN0Lzc4 +NDARhg9odHRwOi8veGVzdC83ODUwEYYPaHR0cDovL3hlc3QvNzg2MBGGD2h0dHA6 +Ly94ZXN0Lzc4NzARhg9odHRwOi8veGVzdC83ODgwEYYPaHR0cDovL3hlc3QvNzg5 +MBGGD2h0dHA6Ly94ZXN0Lzc5MDARhg9odHRwOi8veGVzdC83OTEwEYYPaHR0cDov +L3hlc3QvNzkyMBGGD2h0dHA6Ly94ZXN0Lzc5MzARhg9odHRwOi8veGVzdC83OTQw +EYYPaHR0cDovL3hlc3QvNzk1MBGGD2h0dHA6Ly94ZXN0Lzc5NjARhg9odHRwOi8v +eGVzdC83OTcwEYYPaHR0cDovL3hlc3QvNzk4MBGGD2h0dHA6Ly94ZXN0Lzc5OTAR +hg9odHRwOi8veGVzdC84MDAwEYYPaHR0cDovL3hlc3QvODAxMBGGD2h0dHA6Ly94 +ZXN0LzgwMjARhg9odHRwOi8veGVzdC84MDMwEYYPaHR0cDovL3hlc3QvODA0MBGG +D2h0dHA6Ly94ZXN0LzgwNTARhg9odHRwOi8veGVzdC84MDYwEYYPaHR0cDovL3hl +c3QvODA3MBGGD2h0dHA6Ly94ZXN0LzgwODARhg9odHRwOi8veGVzdC84MDkwEYYP +aHR0cDovL3hlc3QvODEwMBGGD2h0dHA6Ly94ZXN0LzgxMTARhg9odHRwOi8veGVz +dC84MTIwEYYPaHR0cDovL3hlc3QvODEzMBGGD2h0dHA6Ly94ZXN0LzgxNDARhg9o +dHRwOi8veGVzdC84MTUwEYYPaHR0cDovL3hlc3QvODE2MBGGD2h0dHA6Ly94ZXN0 +LzgxNzARhg9odHRwOi8veGVzdC84MTgwEYYPaHR0cDovL3hlc3QvODE5MBGGD2h0 +dHA6Ly94ZXN0LzgyMDARhg9odHRwOi8veGVzdC84MjEwEYYPaHR0cDovL3hlc3Qv +ODIyMBGGD2h0dHA6Ly94ZXN0LzgyMzARhg9odHRwOi8veGVzdC84MjQwEYYPaHR0 +cDovL3hlc3QvODI1MBGGD2h0dHA6Ly94ZXN0LzgyNjARhg9odHRwOi8veGVzdC84 +MjcwEYYPaHR0cDovL3hlc3QvODI4MBGGD2h0dHA6Ly94ZXN0LzgyOTARhg9odHRw +Oi8veGVzdC84MzAwEYYPaHR0cDovL3hlc3QvODMxMBGGD2h0dHA6Ly94ZXN0Lzgz +MjARhg9odHRwOi8veGVzdC84MzMwEYYPaHR0cDovL3hlc3QvODM0MBGGD2h0dHA6 +Ly94ZXN0LzgzNTARhg9odHRwOi8veGVzdC84MzYwEYYPaHR0cDovL3hlc3QvODM3 +MBGGD2h0dHA6Ly94ZXN0LzgzODARhg9odHRwOi8veGVzdC84MzkwEYYPaHR0cDov +L3hlc3QvODQwMBGGD2h0dHA6Ly94ZXN0Lzg0MTARhg9odHRwOi8veGVzdC84NDIw +EYYPaHR0cDovL3hlc3QvODQzMBGGD2h0dHA6Ly94ZXN0Lzg0NDARhg9odHRwOi8v +eGVzdC84NDUwEYYPaHR0cDovL3hlc3QvODQ2MBGGD2h0dHA6Ly94ZXN0Lzg0NzAR +hg9odHRwOi8veGVzdC84NDgwEYYPaHR0cDovL3hlc3QvODQ5MBGGD2h0dHA6Ly94 +ZXN0Lzg1MDARhg9odHRwOi8veGVzdC84NTEwEYYPaHR0cDovL3hlc3QvODUyMBGG +D2h0dHA6Ly94ZXN0Lzg1MzARhg9odHRwOi8veGVzdC84NTQwEYYPaHR0cDovL3hl +c3QvODU1MBGGD2h0dHA6Ly94ZXN0Lzg1NjARhg9odHRwOi8veGVzdC84NTcwEYYP +aHR0cDovL3hlc3QvODU4MBGGD2h0dHA6Ly94ZXN0Lzg1OTARhg9odHRwOi8veGVz +dC84NjAwEYYPaHR0cDovL3hlc3QvODYxMBGGD2h0dHA6Ly94ZXN0Lzg2MjARhg9o +dHRwOi8veGVzdC84NjMwEYYPaHR0cDovL3hlc3QvODY0MBGGD2h0dHA6Ly94ZXN0 +Lzg2NTARhg9odHRwOi8veGVzdC84NjYwEYYPaHR0cDovL3hlc3QvODY3MBGGD2h0 +dHA6Ly94ZXN0Lzg2ODARhg9odHRwOi8veGVzdC84NjkwEYYPaHR0cDovL3hlc3Qv +ODcwMBGGD2h0dHA6Ly94ZXN0Lzg3MTARhg9odHRwOi8veGVzdC84NzIwEYYPaHR0 +cDovL3hlc3QvODczMBGGD2h0dHA6Ly94ZXN0Lzg3NDARhg9odHRwOi8veGVzdC84 +NzUwEYYPaHR0cDovL3hlc3QvODc2MBGGD2h0dHA6Ly94ZXN0Lzg3NzARhg9odHRw +Oi8veGVzdC84NzgwEYYPaHR0cDovL3hlc3QvODc5MBGGD2h0dHA6Ly94ZXN0Lzg4 +MDARhg9odHRwOi8veGVzdC84ODEwEYYPaHR0cDovL3hlc3QvODgyMBGGD2h0dHA6 +Ly94ZXN0Lzg4MzARhg9odHRwOi8veGVzdC84ODQwEYYPaHR0cDovL3hlc3QvODg1 +MBGGD2h0dHA6Ly94ZXN0Lzg4NjARhg9odHRwOi8veGVzdC84ODcwEYYPaHR0cDov +L3hlc3QvODg4MBGGD2h0dHA6Ly94ZXN0Lzg4OTARhg9odHRwOi8veGVzdC84OTAw +EYYPaHR0cDovL3hlc3QvODkxMBGGD2h0dHA6Ly94ZXN0Lzg5MjARhg9odHRwOi8v +eGVzdC84OTMwEYYPaHR0cDovL3hlc3QvODk0MBGGD2h0dHA6Ly94ZXN0Lzg5NTAR +hg9odHRwOi8veGVzdC84OTYwEYYPaHR0cDovL3hlc3QvODk3MBGGD2h0dHA6Ly94 +ZXN0Lzg5ODARhg9odHRwOi8veGVzdC84OTkwEYYPaHR0cDovL3hlc3QvOTAwMBGG +D2h0dHA6Ly94ZXN0LzkwMTARhg9odHRwOi8veGVzdC85MDIwEYYPaHR0cDovL3hl +c3QvOTAzMBGGD2h0dHA6Ly94ZXN0LzkwNDARhg9odHRwOi8veGVzdC85MDUwEYYP +aHR0cDovL3hlc3QvOTA2MBGGD2h0dHA6Ly94ZXN0LzkwNzARhg9odHRwOi8veGVz +dC85MDgwEYYPaHR0cDovL3hlc3QvOTA5MBGGD2h0dHA6Ly94ZXN0LzkxMDARhg9o +dHRwOi8veGVzdC85MTEwEYYPaHR0cDovL3hlc3QvOTEyMBGGD2h0dHA6Ly94ZXN0 +LzkxMzARhg9odHRwOi8veGVzdC85MTQwEYYPaHR0cDovL3hlc3QvOTE1MBGGD2h0 +dHA6Ly94ZXN0LzkxNjARhg9odHRwOi8veGVzdC85MTcwEYYPaHR0cDovL3hlc3Qv +OTE4MBGGD2h0dHA6Ly94ZXN0LzkxOTARhg9odHRwOi8veGVzdC85MjAwEYYPaHR0 +cDovL3hlc3QvOTIxMBGGD2h0dHA6Ly94ZXN0LzkyMjARhg9odHRwOi8veGVzdC85 +MjMwEYYPaHR0cDovL3hlc3QvOTI0MBGGD2h0dHA6Ly94ZXN0LzkyNTARhg9odHRw +Oi8veGVzdC85MjYwEYYPaHR0cDovL3hlc3QvOTI3MBGGD2h0dHA6Ly94ZXN0Lzky +ODARhg9odHRwOi8veGVzdC85MjkwEYYPaHR0cDovL3hlc3QvOTMwMBGGD2h0dHA6 +Ly94ZXN0LzkzMTARhg9odHRwOi8veGVzdC85MzIwEYYPaHR0cDovL3hlc3QvOTMz +MBGGD2h0dHA6Ly94ZXN0LzkzNDARhg9odHRwOi8veGVzdC85MzUwEYYPaHR0cDov +L3hlc3QvOTM2MBGGD2h0dHA6Ly94ZXN0LzkzNzARhg9odHRwOi8veGVzdC85Mzgw +EYYPaHR0cDovL3hlc3QvOTM5MBGGD2h0dHA6Ly94ZXN0Lzk0MDARhg9odHRwOi8v +eGVzdC85NDEwEYYPaHR0cDovL3hlc3QvOTQyMBGGD2h0dHA6Ly94ZXN0Lzk0MzAR +hg9odHRwOi8veGVzdC85NDQwEYYPaHR0cDovL3hlc3QvOTQ1MBGGD2h0dHA6Ly94 +ZXN0Lzk0NjARhg9odHRwOi8veGVzdC85NDcwEYYPaHR0cDovL3hlc3QvOTQ4MBGG +D2h0dHA6Ly94ZXN0Lzk0OTARhg9odHRwOi8veGVzdC85NTAwEYYPaHR0cDovL3hl +c3QvOTUxMBGGD2h0dHA6Ly94ZXN0Lzk1MjARhg9odHRwOi8veGVzdC85NTMwEYYP +aHR0cDovL3hlc3QvOTU0MBGGD2h0dHA6Ly94ZXN0Lzk1NTARhg9odHRwOi8veGVz +dC85NTYwEYYPaHR0cDovL3hlc3QvOTU3MBGGD2h0dHA6Ly94ZXN0Lzk1ODARhg9o +dHRwOi8veGVzdC85NTkwEYYPaHR0cDovL3hlc3QvOTYwMBGGD2h0dHA6Ly94ZXN0 +Lzk2MTARhg9odHRwOi8veGVzdC85NjIwEYYPaHR0cDovL3hlc3QvOTYzMBGGD2h0 +dHA6Ly94ZXN0Lzk2NDARhg9odHRwOi8veGVzdC85NjUwEYYPaHR0cDovL3hlc3Qv +OTY2MBGGD2h0dHA6Ly94ZXN0Lzk2NzARhg9odHRwOi8veGVzdC85NjgwEYYPaHR0 +cDovL3hlc3QvOTY5MBGGD2h0dHA6Ly94ZXN0Lzk3MDARhg9odHRwOi8veGVzdC85 +NzEwEYYPaHR0cDovL3hlc3QvOTcyMBGGD2h0dHA6Ly94ZXN0Lzk3MzARhg9odHRw +Oi8veGVzdC85NzQwEYYPaHR0cDovL3hlc3QvOTc1MBGGD2h0dHA6Ly94ZXN0Lzk3 +NjARhg9odHRwOi8veGVzdC85NzcwEYYPaHR0cDovL3hlc3QvOTc4MBGGD2h0dHA6 +Ly94ZXN0Lzk3OTARhg9odHRwOi8veGVzdC85ODAwEYYPaHR0cDovL3hlc3QvOTgx +MBGGD2h0dHA6Ly94ZXN0Lzk4MjARhg9odHRwOi8veGVzdC85ODMwEYYPaHR0cDov +L3hlc3QvOTg0MBGGD2h0dHA6Ly94ZXN0Lzk4NTARhg9odHRwOi8veGVzdC85ODYw +EYYPaHR0cDovL3hlc3QvOTg3MBGGD2h0dHA6Ly94ZXN0Lzk4ODARhg9odHRwOi8v +eGVzdC85ODkwEYYPaHR0cDovL3hlc3QvOTkwMBGGD2h0dHA6Ly94ZXN0Lzk5MTAR +hg9odHRwOi8veGVzdC85OTIwEYYPaHR0cDovL3hlc3QvOTkzMBGGD2h0dHA6Ly94 +ZXN0Lzk5NDARhg9odHRwOi8veGVzdC85OTUwEYYPaHR0cDovL3hlc3QvOTk2MBGG +D2h0dHA6Ly94ZXN0Lzk5NzARhg9odHRwOi8veGVzdC85OTgwEYYPaHR0cDovL3hl +c3QvOTk5MBKGEGh0dHA6Ly94ZXN0LzEwMDAwEoYQaHR0cDovL3hlc3QvMTAwMTAS +hhBodHRwOi8veGVzdC8xMDAyMBKGEGh0dHA6Ly94ZXN0LzEwMDMwEoYQaHR0cDov +L3hlc3QvMTAwNDAShhBodHRwOi8veGVzdC8xMDA1MBKGEGh0dHA6Ly94ZXN0LzEw +MDYwEoYQaHR0cDovL3hlc3QvMTAwNzAShhBodHRwOi8veGVzdC8xMDA4MBKGEGh0 +dHA6Ly94ZXN0LzEwMDkwEoYQaHR0cDovL3hlc3QvMTAxMDAShhBodHRwOi8veGVz +dC8xMDExMBKGEGh0dHA6Ly94ZXN0LzEwMTIwEoYQaHR0cDovL3hlc3QvMTAxMzAS +hhBodHRwOi8veGVzdC8xMDE0MBKGEGh0dHA6Ly94ZXN0LzEwMTUwEoYQaHR0cDov +L3hlc3QvMTAxNjAShhBodHRwOi8veGVzdC8xMDE3MBKGEGh0dHA6Ly94ZXN0LzEw +MTgwEoYQaHR0cDovL3hlc3QvMTAxOTAShhBodHRwOi8veGVzdC8xMDIwMBKGEGh0 +dHA6Ly94ZXN0LzEwMjEwEoYQaHR0cDovL3hlc3QvMTAyMjAShhBodHRwOi8veGVz +dC8xMDIzMBKGEGh0dHA6Ly94ZXN0LzEwMjQwDQYJKoZIhvcNAQELBQADggEBADeo +vuQDYmMVsP6+SX8iXnr4tDMM/jtBDJncvbCjDDpUQidiGBWv5tWRYxcdGz/K9i4v +bnFeZoYnaZExXTWF1EZ3aUVQBZy8ObgP0JamZQLTgFOsWJzz7CcnsjNEURd5kOqx +VzL34FikmWR4VWEW01FizyYCjX3fLdjD0gBeA0l4ILd4np62VulITcVa6ijoFnBK +ObsdiEBa/WeCc/PG8untcIPecj99CC8aQ03JsunO5kOpdCXNupXNUZfLVtTm5tlp +Cl9IFyo7Qayl7B8wybLxaI+hDx59nuO+u43LbkFqFnpI9awUaffeY/yUgOdi2uaZ +Eq3x0l12a8MRblVdfuw= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F7.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F7.pem new file mode 100644 index 0000000000..5f017298c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F7.pem @@ -0,0 +1,1437 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + + Signature Algorithm: sha256WithRSAEncryption + 9f:cb:83:7b:e2:3c:57:27:25:ec:82:3f:30:c2:ff:12:51:71: + 3f:d5:94:05:1a:5b:58:44:80:b4:89:1e:e0:89:45:e5:e3:72: + 8b:c4:d8:ca:54:a3:db:f2:a3:fd:16:00:c1:86:21:e2:ed:e3: + 6c:94:7e:09:ae:ed:36:1c:e3:97:6f:3d:0a:b1:39:78:7a:b3: + b9:ce:c3:68:ee:60:27:7c:cb:6b:33:3c:5f:a2:6a:99:d4:08: + 2a:e9:21:04:ea:12:d9:28:53:1f:cc:af:ab:41:a3:6e:34:fa: + 56:56:44:d5:c5:10:bd:f4:37:3b:45:94:74:19:b2:49:cf:0f: + 98:94:75:68:ec:4e:6f:b0:41:ac:f7:38:02:1d:dd:1f:14:f6: + b5:c6:0c:a2:b2:a7:07:75:99:54:4e:fe:68:0c:1d:ae:a0:90: + d7:d5:64:60:15:ff:c7:fd:31:da:ab:50:43:44:b7:cc:3f:d2: + ee:e4:03:3e:a0:9d:8e:81:48:21:86:34:66:27:be:b2:73:01: + 2b:65:ee:51:3b:57:3f:76:51:ad:82:fc:7e:c9:ce:89:38:04: + 5f:c9:f6:41:62:32:60:b2:b9:d1:fe:4e:78:d6:a5:79:56:7b: + 57:e4:1d:42:7a:1f:aa:f7:b0:d0:82:ba:d4:f1:bb:f9:9c:ec: + ca:e7:f7:09 +-----BEGIN CERTIFICATE----- +MII/SzCCPjOgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCPJUwgjyRMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjvFBgNVHR4Egju8MII7uKCCHgAwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDAKhwgKAAAA//// +/zAKhwgKAAAB/////zAKhwgKAAAC/////zAKhwgKAAAD/////zAKhwgKAAAE//// +/zAKhwgKAAAF/////zAKhwgKAAAG/////zAKhwgKAAAH/////zAKhwgKAAAI//// +/zAKhwgKAAAJ/////zAKhwgKAAAK/////zAKhwgKAAAL/////zAKhwgKAAAM//// +/zAKhwgKAAAN/////zAKhwgKAAAO/////zAKhwgKAAAP/////zAKhwgKAAAQ//// +/zAKhwgKAAAR/////zAKhwgKAAAS/////zAKhwgKAAAT/////zAKhwgKAAAU//// +/zAKhwgKAAAV/////zAKhwgKAAAW/////zAKhwgKAAAX/////zAKhwgKAAAY//// +/zAKhwgKAAAZ/////zAKhwgKAAAa/////zAKhwgKAAAb/////zAKhwgKAAAc//// +/zAKhwgKAAAd/////zAKhwgKAAAe/////zAKhwgKAAAf/////zAKhwgKAAAg//// +/zAKhwgKAAAh/////zAKhwgKAAAi/////zAKhwgKAAAj/////zAKhwgKAAAk//// +/zAKhwgKAAAl/////zAKhwgKAAAm/////zAKhwgKAAAn/////zAKhwgKAAAo//// +/zAKhwgKAAAp/////zAKhwgKAAAq/////zAKhwgKAAAr/////zAKhwgKAAAs//// +/zAKhwgKAAAt/////zAKhwgKAAAu/////zAKhwgKAAAv/////zAKhwgKAAAw//// +/zAKhwgKAAAx/////zAKhwgKAAAy/////zAKhwgKAAAz/////zAKhwgKAAA0//// +/zAKhwgKAAA1/////zAKhwgKAAA2/////zAKhwgKAAA3/////zAKhwgKAAA4//// +/zAKhwgKAAA5/////zAKhwgKAAA6/////zAKhwgKAAA7/////zAKhwgKAAA8//// +/zAKhwgKAAA9/////zAKhwgKAAA+/////zAKhwgKAAA//////zAKhwgKAABA//// +/zAKhwgKAABB/////zAKhwgKAABC/////zAKhwgKAABD/////zAKhwgKAABE//// +/zAKhwgKAABF/////zAKhwgKAABG/////zAKhwgKAABH/////zAKhwgKAABI//// +/zAKhwgKAABJ/////zAKhwgKAABK/////zAKhwgKAABL/////zAKhwgKAABM//// +/zAKhwgKAABN/////zAKhwgKAABO/////zAKhwgKAABP/////zAKhwgKAABQ//// +/zAKhwgKAABR/////zAKhwgKAABS/////zAKhwgKAABT/////zAKhwgKAABU//// +/zAKhwgKAABV/////zAKhwgKAABW/////zAKhwgKAABX/////zAKhwgKAABY//// +/zAKhwgKAABZ/////zAKhwgKAABa/////zAKhwgKAABb/////zAKhwgKAABc//// +/zAKhwgKAABd/////zAKhwgKAABe/////zAKhwgKAABf/////zAKhwgKAABg//// +/zAKhwgKAABh/////zAKhwgKAABi/////zAKhwgKAABj/////zAKhwgKAABk//// +/zAKhwgKAABl/////zAKhwgKAABm/////zAKhwgKAABn/////zAKhwgKAABo//// +/zAKhwgKAABp/////zAKhwgKAABq/////zAKhwgKAABr/////zAKhwgKAABs//// +/zAKhwgKAABt/////zAKhwgKAABu/////zAKhwgKAABv/////zAKhwgKAABw//// +/zAKhwgKAABx/////zAKhwgKAABy/////zAKhwgKAABz/////zAKhwgKAAB0//// +/zAKhwgKAAB1/////zAKhwgKAAB2/////zAKhwgKAAB3/////zAKhwgKAAB4//// +/zAKhwgKAAB5/////zAKhwgKAAB6/////zAKhwgKAAB7/////zAKhwgKAAB8//// +/zAKhwgKAAB9/////zAKhwgKAAB+/////zAKhwgKAAB//////zAKhwgKAACA//// +/zAKhwgKAACB/////zAKhwgKAACC/////zAKhwgKAACD/////zAKhwgKAACE//// +/zAKhwgKAACF/////zAKhwgKAACG/////zAKhwgKAACH/////zAKhwgKAACI//// +/zAKhwgKAACJ/////zAKhwgKAACK/////zAKhwgKAACL/////zAKhwgKAACM//// +/zAKhwgKAACN/////zAKhwgKAACO/////zAKhwgKAACP/////zAKhwgKAACQ//// +/zAKhwgKAACR/////zAKhwgKAACS/////zAKhwgKAACT/////zAKhwgKAACU//// +/zAKhwgKAACV/////zAKhwgKAACW/////zAKhwgKAACX/////zAKhwgKAACY//// +/zAKhwgKAACZ/////zAKhwgKAACa/////zAKhwgKAACb/////zAKhwgKAACc//// +/zAKhwgKAACd/////zAKhwgKAACe/////zAKhwgKAACf/////zAKhwgKAACg//// +/zAKhwgKAACh/////zAKhwgKAACi/////zAKhwgKAACj/////zAKhwgKAACk//// +/zAKhwgKAACl/////zAKhwgKAACm/////zAKhwgKAACn/////zAKhwgKAACo//// +/zAKhwgKAACp/////zAKhwgKAACq/////zARpA8wDTELMAkGA1UEAwwCdDAwEaQP +MA0xCzAJBgNVBAMMAnQxMBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UE +AwwCdDMwEaQPMA0xCzAJBgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8w +DTELMAkGA1UEAwwCdDYwEaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQD +DAJ0ODARpA8wDTELMAkGA1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAw +DjEMMAoGA1UEAwwDdDExMBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNV +BAMMA3QxMzASpBAwDjEMMAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUw +EqQQMA4xDDAKBgNVBAMMA3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQww +CgYDVQQDDAN0MTgwEqQQMA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwD +dDIwMBKkEDAOMQwwCgYDVQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAw +DjEMMAoGA1UEAwwDdDIzMBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNV +BAMMA3QyNTASpBAwDjEMMAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0Mjcw +EqQQMA4xDDAKBgNVBAMMA3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQww +CgYDVQQDDAN0MzAwEqQQMA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwD +dDMyMBKkEDAOMQwwCgYDVQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAw +DjEMMAoGA1UEAwwDdDM1MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNV +BAMMA3QzNzASpBAwDjEMMAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0Mzkw +EqQQMA4xDDAKBgNVBAMMA3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQww +CgYDVQQDDAN0NDIwEqQQMA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwD +dDQ0MBKkEDAOMQwwCgYDVQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAw +DjEMMAoGA1UEAwwDdDQ3MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNV +BAMMA3Q0OTASpBAwDjEMMAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEw +EqQQMA4xDDAKBgNVBAMMA3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQww +CgYDVQQDDAN0NTQwEqQQMA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwD +dDU2MBKkEDAOMQwwCgYDVQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAw +DjEMMAoGA1UEAwwDdDU5MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNV +BAMMA3Q2MTASpBAwDjEMMAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMw +EqQQMA4xDDAKBgNVBAMMA3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQww +CgYDVQQDDAN0NjYwEqQQMA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwD +dDY4MBKkEDAOMQwwCgYDVQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAw +DjEMMAoGA1UEAwwDdDcxMBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNV +BAMMA3Q3MzASpBAwDjEMMAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUw +EqQQMA4xDDAKBgNVBAMMA3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQww +CgYDVQQDDAN0NzgwEqQQMA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwD +dDgwMBKkEDAOMQwwCgYDVQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAw +DjEMMAoGA1UEAwwDdDgzMBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNV +BAMMA3Q4NTASpBAwDjEMMAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcw +EqQQMA4xDDAKBgNVBAMMA3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQww +CgYDVQQDDAN0OTAwEqQQMA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwD +dDkyMBKkEDAOMQwwCgYDVQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAw +DjEMMAoGA1UEAwwDdDk1MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNV +BAMMA3Q5NzASpBAwDjEMMAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkw +E6QRMA8xDTALBgNVBAMMBHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8x +DTALBgNVBAMMBHQxMDIwE6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNV +BAMMBHQxMDQwE6QRMA8xDTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQx +MDYwE6QRMA8xDTALBgNVBAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QR +MA8xDTALBgNVBAMMBHQxMDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTAL +BgNVBAMMBHQxMTEwE6QRMA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMM +BHQxMTMwE6QRMA8xDTALBgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUw +E6QRMA8xDTALBgNVBAMMBHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8x +DTALBgNVBAMMBHQxMTgwE6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNV +BAMMBHQxMjAwE6QRMA8xDTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQx +MjIwE6QRMA8xDTALBgNVBAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QR +MA8xDTALBgNVBAMMBHQxMjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTAL +BgNVBAMMBHQxMjcwE6QRMA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMM +BHQxMjkwE6QRMA8xDTALBgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEw +E6QRMA8xDTALBgNVBAMMBHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8x +DTALBgNVBAMMBHQxMzQwE6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNV +BAMMBHQxMzYwE6QRMA8xDTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQx +MzgwE6QRMA8xDTALBgNVBAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QR +MA8xDTALBgNVBAMMBHQxNDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTAL +BgNVBAMMBHQxNDMwE6QRMA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMM +BHQxNDUwE6QRMA8xDTALBgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcw +E6QRMA8xDTALBgNVBAMMBHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8x +DTALBgNVBAMMBHQxNTAwE6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNV +BAMMBHQxNTIwE6QRMA8xDTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQx +NTQwE6QRMA8xDTALBgNVBAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QR +MA8xDTALBgNVBAMMBHQxNTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTAL +BgNVBAMMBHQxNTkwE6QRMA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMM +BHQxNjEwE6QRMA8xDTALBgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMw +E6QRMA8xDTALBgNVBAMMBHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8x +DTALBgNVBAMMBHQxNjYwE6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNV +BAMMBHQxNjgwE6QRMA8xDTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQx +NzAwE6QRMA8xDTALBgNVBAMMBHQxNzGhgh2wMAmCB3gwLnRlc3QwCYIHeDEudGVz +dDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmC +B3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEw +LnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0 +LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4 +LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIy +LnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2 +LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMw +LnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0 +LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4 +LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQy +LnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2 +LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUw +LnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0 +LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4 +LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYy +LnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2 +LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcw +LnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0 +LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4 +LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgy +LnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2 +LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkw +LnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0 +LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4 +LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4 +MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3Qw +C4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50 +ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgx +MTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDAL +ggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRl +c3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEy +NC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuC +CXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVz +dDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1 +LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJ +eDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0 +MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYu +dGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4 +MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3Qw +C4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50 +ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgx +NjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDAL +ggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRl +c3QwC4IJeDE2OS50ZXN0MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/ +////MAqHCAsAAAP/////MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/ +////MAqHCAsAAAf/////MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/ +////MAqHCAsAAAv/////MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/ +////MAqHCAsAAA//////MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/ +////MAqHCAsAABP/////MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/ +////MAqHCAsAABf/////MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/ +////MAqHCAsAABv/////MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/ +////MAqHCAsAAB//////MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/ +////MAqHCAsAACP/////MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/ +////MAqHCAsAACf/////MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/ +////MAqHCAsAACv/////MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/ +////MAqHCAsAAC//////MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/ +////MAqHCAsAADP/////MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/ +////MAqHCAsAADf/////MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/ +////MAqHCAsAADv/////MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/ +////MAqHCAsAAD//////MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/ +////MAqHCAsAAEP/////MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/ +////MAqHCAsAAEf/////MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/ +////MAqHCAsAAEv/////MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/ +////MAqHCAsAAE//////MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/ +////MAqHCAsAAFP/////MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/ +////MAqHCAsAAFf/////MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/ +////MAqHCAsAAFv/////MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/ +////MAqHCAsAAF//////MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/ +////MAqHCAsAAGP/////MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/ +////MAqHCAsAAGf/////MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/ +////MAqHCAsAAGv/////MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/ +////MAqHCAsAAG//////MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/ +////MAqHCAsAAHP/////MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/ +////MAqHCAsAAHf/////MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/ +////MAqHCAsAAHv/////MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/ +////MAqHCAsAAH//////MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/ +////MAqHCAsAAIP/////MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/ +////MAqHCAsAAIf/////MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/ +////MAqHCAsAAIv/////MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/ +////MAqHCAsAAI//////MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/ +////MAqHCAsAAJP/////MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/ +////MAqHCAsAAJf/////MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/ +////MAqHCAsAAJv/////MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/ +////MAqHCAsAAJ//////MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/ +////MAqHCAsAAKP/////MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/ +////MAqHCAsAAKf/////MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQsw +CQYDVQQDDAJ4MDARpA8wDTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngy +MBGkDzANMQswCQYDVQQDDAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJ +BgNVBAMMAng1MBGkDzANMQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcw +EaQPMA0xCzAJBgNVBAMMAng4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoG +A1UEAwwDeDEwMBKkEDAOMQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gx +MjASpBAwDjEMMAoGA1UEAwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4x +DDAKBgNVBAMMA3gxNTASpBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQD +DAN4MTcwEqQQMA4xDDAKBgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKk +EDAOMQwwCgYDVQQDDAN4MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoG +A1UEAwwDeDIyMBKkEDAOMQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gy +NDASpBAwDjEMMAoGA1UEAwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4x +DDAKBgNVBAMMA3gyNzASpBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQD +DAN4MjkwEqQQMA4xDDAKBgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKk +EDAOMQwwCgYDVQQDDAN4MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoG +A1UEAwwDeDM0MBKkEDAOMQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gz +NjASpBAwDjEMMAoGA1UEAwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4x +DDAKBgNVBAMMA3gzOTASpBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQD +DAN4NDEwEqQQMA4xDDAKBgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKk +EDAOMQwwCgYDVQQDDAN4NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoG +A1UEAwwDeDQ2MBKkEDAOMQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0 +ODASpBAwDjEMMAoGA1UEAwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4x +DDAKBgNVBAMMA3g1MTASpBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQD +DAN4NTMwEqQQMA4xDDAKBgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKk +EDAOMQwwCgYDVQQDDAN4NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoG +A1UEAwwDeDU4MBKkEDAOMQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2 +MDASpBAwDjEMMAoGA1UEAwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4x +DDAKBgNVBAMMA3g2MzASpBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQD +DAN4NjUwEqQQMA4xDDAKBgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKk +EDAOMQwwCgYDVQQDDAN4NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoG +A1UEAwwDeDcwMBKkEDAOMQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3 +MjASpBAwDjEMMAoGA1UEAwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4x +DDAKBgNVBAMMA3g3NTASpBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQD +DAN4NzcwEqQQMA4xDDAKBgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKk +EDAOMQwwCgYDVQQDDAN4ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoG +A1UEAwwDeDgyMBKkEDAOMQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4 +NDASpBAwDjEMMAoGA1UEAwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4x +DDAKBgNVBAMMA3g4NzASpBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQD +DAN4ODkwEqQQMA4xDDAKBgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKk +EDAOMQwwCgYDVQQDDAN4OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoG +A1UEAwwDeDk0MBKkEDAOMQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5 +NjASpBAwDjEMMAoGA1UEAwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4x +DDAKBgNVBAMMA3g5OTATpBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UE +AwwEeDEwMTATpBEwDzENMAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEw +MzATpBEwDzENMAsGA1UEAwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEw +DzENMAsGA1UEAwwEeDEwNjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsG +A1UEAwwEeDEwODATpBEwDzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwE +eDExMDATpBEwDzENMAsGA1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjAT +pBEwDzENMAsGA1UEAwwEeDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzEN +MAsGA1UEAwwEeDExNTATpBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UE +AwwEeDExNzATpBEwDzENMAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDEx +OTATpBEwDzENMAsGA1UEAwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEw +DzENMAsGA1UEAwwEeDEyMjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsG +A1UEAwwEeDEyNDATpBEwDzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwE +eDEyNjATpBEwDzENMAsGA1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODAT +pBEwDzENMAsGA1UEAwwEeDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzEN +MAsGA1UEAwwEeDEzMTATpBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UE +AwwEeDEzMzATpBEwDzENMAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEz +NTATpBEwDzENMAsGA1UEAwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEw +DzENMAsGA1UEAwwEeDEzODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsG +A1UEAwwEeDE0MDATpBEwDzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwE +eDE0MjATpBEwDzENMAsGA1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDAT +pBEwDzENMAsGA1UEAwwEeDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzEN +MAsGA1UEAwwEeDE0NzATpBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UE +AwwEeDE0OTATpBEwDzENMAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1 +MTATpBEwDzENMAsGA1UEAwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEw +DzENMAsGA1UEAwwEeDE1NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsG +A1UEAwwEeDE1NjATpBEwDzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwE +eDE1ODATpBEwDzENMAsGA1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDAT +pBEwDzENMAsGA1UEAwwEeDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzEN +MAsGA1UEAwwEeDE2MzATpBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UE +AwwEeDE2NTATpBEwDzENMAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2 +NzATpBEwDzENMAsGA1UEAwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTANBgkq +hkiG9w0BAQsFAAOCAQEAn8uDe+I8Vycl7II/MML/ElFxP9WUBRpbWESAtIke4IlF +5eNyi8TYylSj2/Kj/RYAwYYh4u3jbJR+Ca7tNhzjl289CrE5eHqzuc7DaO5gJ3zL +azM8X6JqmdQIKukhBOoS2ShTH8yvq0GjbjT6VlZE1cUQvfQ3O0WUdBmySc8PmJR1 +aOxOb7BBrPc4Ah3dHxT2tcYMorKnB3WZVE7+aAwdrqCQ19VkYBX/x/0x2qtQQ0S3 +zD/S7uQDPqCdjoFIIYY0Zie+snMBK2XuUTtXP3ZRrYL8fsnOiTgEX8n2QWIyYLK5 +0f5OeNaleVZ7V+QdQnofqvew0IK61PG7+Zzsyuf3CQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F8.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F8.pem new file mode 100644 index 0000000000..186a4023e2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F8.pem @@ -0,0 +1,1394 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + DNS:x170.test + DNS:x171.test + DNS:x172.test + DNS:x173.test + DNS:x174.test + DNS:x175.test + DNS:x176.test + DNS:x177.test + DNS:x178.test + DNS:x179.test + DNS:x180.test + DNS:x181.test + DNS:x182.test + DNS:x183.test + DNS:x184.test + DNS:x185.test + DNS:x186.test + DNS:x187.test + DNS:x188.test + DNS:x189.test + DNS:x190.test + DNS:x191.test + DNS:x192.test + DNS:x193.test + DNS:x194.test + DNS:x195.test + DNS:x196.test + DNS:x197.test + DNS:x198.test + DNS:x199.test + DNS:x200.test + DNS:x201.test + DNS:x202.test + DNS:x203.test + DNS:x204.test + DNS:x205.test + DNS:x206.test + DNS:x207.test + DNS:x208.test + DNS:x209.test + DNS:x210.test + DNS:x211.test + DNS:x212.test + DNS:x213.test + DNS:x214.test + DNS:x215.test + DNS:x216.test + DNS:x217.test + DNS:x218.test + DNS:x219.test + DNS:x220.test + DNS:x221.test + DNS:x222.test + DNS:x223.test + DNS:x224.test + DNS:x225.test + DNS:x226.test + DNS:x227.test + DNS:x228.test + DNS:x229.test + DNS:x230.test + DNS:x231.test + DNS:x232.test + DNS:x233.test + DNS:x234.test + DNS:x235.test + DNS:x236.test + DNS:x237.test + DNS:x238.test + DNS:x239.test + DNS:x240.test + DNS:x241.test + DNS:x242.test + DNS:x243.test + DNS:x244.test + DNS:x245.test + DNS:x246.test + DNS:x247.test + DNS:x248.test + DNS:x249.test + DNS:x250.test + DNS:x251.test + DNS:x252.test + DNS:x253.test + DNS:x254.test + DNS:x255.test + DNS:x256.test + DNS:x257.test + DNS:x258.test + DNS:x259.test + DNS:x260.test + DNS:x261.test + DNS:x262.test + DNS:x263.test + DNS:x264.test + DNS:x265.test + DNS:x266.test + DNS:x267.test + DNS:x268.test + DNS:x269.test + DNS:x270.test + DNS:x271.test + DNS:x272.test + DNS:x273.test + DNS:x274.test + DNS:x275.test + DNS:x276.test + DNS:x277.test + DNS:x278.test + DNS:x279.test + DNS:x280.test + DNS:x281.test + DNS:x282.test + DNS:x283.test + DNS:x284.test + DNS:x285.test + DNS:x286.test + DNS:x287.test + DNS:x288.test + DNS:x289.test + DNS:x290.test + DNS:x291.test + DNS:x292.test + DNS:x293.test + DNS:x294.test + DNS:x295.test + DNS:x296.test + DNS:x297.test + DNS:x298.test + DNS:x299.test + DNS:x300.test + DNS:x301.test + DNS:x302.test + DNS:x303.test + DNS:x304.test + DNS:x305.test + DNS:x306.test + DNS:x307.test + DNS:x308.test + DNS:x309.test + DNS:x310.test + DNS:x311.test + DNS:x312.test + DNS:x313.test + DNS:x314.test + DNS:x315.test + DNS:x316.test + DNS:x317.test + DNS:x318.test + DNS:x319.test + DNS:x320.test + DNS:x321.test + DNS:x322.test + DNS:x323.test + DNS:x324.test + DNS:x325.test + DNS:x326.test + DNS:x327.test + DNS:x328.test + DNS:x329.test + DNS:x330.test + DNS:x331.test + DNS:x332.test + DNS:x333.test + DNS:x334.test + DNS:x335.test + DNS:x336.test + DNS:x337.test + DNS:x338.test + DNS:x339.test + DNS:x340.test + DNS:x341.test + DNS:x342.test + DNS:x343.test + DNS:x344.test + DNS:x345.test + DNS:x346.test + DNS:x347.test + DNS:x348.test + DNS:x349.test + DNS:x350.test + DNS:x351.test + DNS:x352.test + DNS:x353.test + DNS:x354.test + DNS:x355.test + DNS:x356.test + DNS:x357.test + DNS:x358.test + DNS:x359.test + DNS:x360.test + DNS:x361.test + DNS:x362.test + DNS:x363.test + DNS:x364.test + DNS:x365.test + DNS:x366.test + DNS:x367.test + DNS:x368.test + DNS:x369.test + DNS:x370.test + DNS:x371.test + DNS:x372.test + DNS:x373.test + DNS:x374.test + DNS:x375.test + DNS:x376.test + DNS:x377.test + DNS:x378.test + DNS:x379.test + DNS:x380.test + DNS:x381.test + DNS:x382.test + DNS:x383.test + DNS:x384.test + DNS:x385.test + DNS:x386.test + DNS:x387.test + DNS:x388.test + DNS:x389.test + DNS:x390.test + DNS:x391.test + DNS:x392.test + DNS:x393.test + DNS:x394.test + DNS:x395.test + DNS:x396.test + DNS:x397.test + DNS:x398.test + DNS:x399.test + DNS:x400.test + DNS:x401.test + DNS:x402.test + DNS:x403.test + DNS:x404.test + DNS:x405.test + DNS:x406.test + DNS:x407.test + DNS:x408.test + DNS:x409.test + DNS:x410.test + DNS:x411.test + DNS:x412.test + DNS:x413.test + DNS:x414.test + DNS:x415.test + DNS:x416.test + DNS:x417.test + DNS:x418.test + DNS:x419.test + DNS:x420.test + DNS:x421.test + DNS:x422.test + DNS:x423.test + DNS:x424.test + DNS:x425.test + DNS:x426.test + DNS:x427.test + DNS:x428.test + DNS:x429.test + DNS:x430.test + DNS:x431.test + DNS:x432.test + DNS:x433.test + DNS:x434.test + DNS:x435.test + DNS:x436.test + DNS:x437.test + DNS:x438.test + DNS:x439.test + DNS:x440.test + DNS:x441.test + DNS:x442.test + DNS:x443.test + DNS:x444.test + DNS:x445.test + DNS:x446.test + DNS:x447.test + DNS:x448.test + DNS:x449.test + DNS:x450.test + DNS:x451.test + DNS:x452.test + DNS:x453.test + DNS:x454.test + DNS:x455.test + DNS:x456.test + DNS:x457.test + DNS:x458.test + DNS:x459.test + DNS:x460.test + DNS:x461.test + DNS:x462.test + DNS:x463.test + DNS:x464.test + DNS:x465.test + DNS:x466.test + DNS:x467.test + DNS:x468.test + DNS:x469.test + DNS:x470.test + DNS:x471.test + DNS:x472.test + DNS:x473.test + DNS:x474.test + DNS:x475.test + DNS:x476.test + DNS:x477.test + DNS:x478.test + DNS:x479.test + DNS:x480.test + DNS:x481.test + DNS:x482.test + DNS:x483.test + DNS:x484.test + DNS:x485.test + DNS:x486.test + DNS:x487.test + DNS:x488.test + DNS:x489.test + DNS:x490.test + DNS:x491.test + DNS:x492.test + DNS:x493.test + DNS:x494.test + DNS:x495.test + DNS:x496.test + DNS:x497.test + DNS:x498.test + DNS:x499.test + DNS:x500.test + DNS:x501.test + DNS:x502.test + DNS:x503.test + DNS:x504.test + DNS:x505.test + DNS:x506.test + DNS:x507.test + DNS:x508.test + DNS:x509.test + DNS:x510.test + DNS:x511.test + DNS:x512.test + DNS:x513.test + DNS:x514.test + DNS:x515.test + DNS:x516.test + DNS:x517.test + DNS:x518.test + DNS:x519.test + DNS:x520.test + DNS:x521.test + DNS:x522.test + DNS:x523.test + DNS:x524.test + DNS:x525.test + DNS:x526.test + DNS:x527.test + DNS:x528.test + DNS:x529.test + DNS:x530.test + DNS:x531.test + DNS:x532.test + DNS:x533.test + DNS:x534.test + DNS:x535.test + DNS:x536.test + DNS:x537.test + DNS:x538.test + DNS:x539.test + DNS:x540.test + DNS:x541.test + DNS:x542.test + DNS:x543.test + DNS:x544.test + DNS:x545.test + DNS:x546.test + DNS:x547.test + DNS:x548.test + DNS:x549.test + DNS:x550.test + DNS:x551.test + DNS:x552.test + DNS:x553.test + DNS:x554.test + DNS:x555.test + DNS:x556.test + DNS:x557.test + DNS:x558.test + DNS:x559.test + DNS:x560.test + DNS:x561.test + DNS:x562.test + DNS:x563.test + DNS:x564.test + DNS:x565.test + DNS:x566.test + DNS:x567.test + DNS:x568.test + DNS:x569.test + DNS:x570.test + DNS:x571.test + DNS:x572.test + DNS:x573.test + DNS:x574.test + DNS:x575.test + DNS:x576.test + DNS:x577.test + DNS:x578.test + DNS:x579.test + DNS:x580.test + DNS:x581.test + DNS:x582.test + DNS:x583.test + DNS:x584.test + DNS:x585.test + DNS:x586.test + DNS:x587.test + DNS:x588.test + DNS:x589.test + DNS:x590.test + DNS:x591.test + DNS:x592.test + DNS:x593.test + DNS:x594.test + DNS:x595.test + DNS:x596.test + DNS:x597.test + DNS:x598.test + DNS:x599.test + DNS:x600.test + DNS:x601.test + DNS:x602.test + DNS:x603.test + DNS:x604.test + DNS:x605.test + DNS:x606.test + DNS:x607.test + DNS:x608.test + DNS:x609.test + DNS:x610.test + DNS:x611.test + DNS:x612.test + DNS:x613.test + DNS:x614.test + DNS:x615.test + DNS:x616.test + DNS:x617.test + DNS:x618.test + DNS:x619.test + DNS:x620.test + DNS:x621.test + DNS:x622.test + DNS:x623.test + DNS:x624.test + DNS:x625.test + DNS:x626.test + DNS:x627.test + DNS:x628.test + DNS:x629.test + DNS:x630.test + DNS:x631.test + DNS:x632.test + DNS:x633.test + DNS:x634.test + DNS:x635.test + DNS:x636.test + DNS:x637.test + DNS:x638.test + DNS:x639.test + DNS:x640.test + DNS:x641.test + DNS:x642.test + DNS:x643.test + DNS:x644.test + DNS:x645.test + DNS:x646.test + DNS:x647.test + DNS:x648.test + DNS:x649.test + DNS:x650.test + DNS:x651.test + DNS:x652.test + DNS:x653.test + DNS:x654.test + DNS:x655.test + DNS:x656.test + DNS:x657.test + DNS:x658.test + DNS:x659.test + DNS:x660.test + DNS:x661.test + DNS:x662.test + DNS:x663.test + DNS:x664.test + DNS:x665.test + DNS:x666.test + DNS:x667.test + DNS:x668.test + DNS:x669.test + DNS:x670.test + DNS:x671.test + DNS:x672.test + DNS:x673.test + DNS:x674.test + DNS:x675.test + DNS:x676.test + DNS:x677.test + DNS:x678.test + DNS:x679.test + DNS:x680.test + DNS:x681.test + DNS:x682.test + DNS:x683.test + DNS:x684.test + DNS:x685.test + DNS:x686.test + DNS:x687.test + DNS:x688.test + DNS:x689.test + DNS:x690.test + DNS:x691.test + DNS:x692.test + DNS:x693.test + DNS:x694.test + DNS:x695.test + DNS:x696.test + DNS:x697.test + DNS:x698.test + DNS:x699.test + DNS:x700.test + DNS:x701.test + DNS:x702.test + DNS:x703.test + DNS:x704.test + DNS:x705.test + DNS:x706.test + DNS:x707.test + DNS:x708.test + DNS:x709.test + DNS:x710.test + DNS:x711.test + DNS:x712.test + DNS:x713.test + DNS:x714.test + DNS:x715.test + DNS:x716.test + DNS:x717.test + DNS:x718.test + DNS:x719.test + DNS:x720.test + DNS:x721.test + DNS:x722.test + DNS:x723.test + DNS:x724.test + DNS:x725.test + DNS:x726.test + DNS:x727.test + DNS:x728.test + DNS:x729.test + DNS:x730.test + DNS:x731.test + DNS:x732.test + DNS:x733.test + DNS:x734.test + DNS:x735.test + DNS:x736.test + DNS:x737.test + DNS:x738.test + DNS:x739.test + DNS:x740.test + DNS:x741.test + DNS:x742.test + DNS:x743.test + DNS:x744.test + DNS:x745.test + DNS:x746.test + DNS:x747.test + DNS:x748.test + DNS:x749.test + DNS:x750.test + DNS:x751.test + DNS:x752.test + DNS:x753.test + DNS:x754.test + DNS:x755.test + DNS:x756.test + DNS:x757.test + DNS:x758.test + DNS:x759.test + DNS:x760.test + DNS:x761.test + DNS:x762.test + DNS:x763.test + DNS:x764.test + DNS:x765.test + DNS:x766.test + DNS:x767.test + DNS:x768.test + DNS:x769.test + DNS:x770.test + DNS:x771.test + DNS:x772.test + DNS:x773.test + DNS:x774.test + DNS:x775.test + DNS:x776.test + DNS:x777.test + DNS:x778.test + DNS:x779.test + DNS:x780.test + DNS:x781.test + DNS:x782.test + DNS:x783.test + DNS:x784.test + DNS:x785.test + DNS:x786.test + DNS:x787.test + DNS:x788.test + DNS:x789.test + DNS:x790.test + DNS:x791.test + DNS:x792.test + DNS:x793.test + DNS:x794.test + DNS:x795.test + DNS:x796.test + DNS:x797.test + DNS:x798.test + DNS:x799.test + DNS:x800.test + DNS:x801.test + DNS:x802.test + DNS:x803.test + DNS:x804.test + DNS:x805.test + DNS:x806.test + DNS:x807.test + DNS:x808.test + DNS:x809.test + DNS:x810.test + DNS:x811.test + DNS:x812.test + DNS:x813.test + DNS:x814.test + DNS:x815.test + DNS:x816.test + DNS:x817.test + DNS:x818.test + DNS:x819.test + DNS:x820.test + DNS:x821.test + DNS:x822.test + DNS:x823.test + DNS:x824.test + DNS:x825.test + DNS:x826.test + DNS:x827.test + DNS:x828.test + DNS:x829.test + DNS:x830.test + DNS:x831.test + DNS:x832.test + DNS:x833.test + DNS:x834.test + DNS:x835.test + DNS:x836.test + DNS:x837.test + DNS:x838.test + DNS:x839.test + DNS:x840.test + DNS:x841.test + DNS:x842.test + DNS:x843.test + DNS:x844.test + DNS:x845.test + DNS:x846.test + DNS:x847.test + DNS:x848.test + DNS:x849.test + DNS:x850.test + DNS:x851.test + DNS:x852.test + DNS:x853.test + DNS:x854.test + DNS:x855.test + DNS:x856.test + DNS:x857.test + DNS:x858.test + DNS:x859.test + DNS:x860.test + DNS:x861.test + DNS:x862.test + DNS:x863.test + DNS:x864.test + DNS:x865.test + DNS:x866.test + DNS:x867.test + DNS:x868.test + DNS:x869.test + DNS:x870.test + DNS:x871.test + DNS:x872.test + DNS:x873.test + DNS:x874.test + DNS:x875.test + DNS:x876.test + DNS:x877.test + DNS:x878.test + DNS:x879.test + DNS:x880.test + DNS:x881.test + DNS:x882.test + DNS:x883.test + DNS:x884.test + DNS:x885.test + DNS:x886.test + DNS:x887.test + DNS:x888.test + DNS:x889.test + DNS:x890.test + DNS:x891.test + DNS:x892.test + DNS:x893.test + DNS:x894.test + DNS:x895.test + DNS:x896.test + DNS:x897.test + DNS:x898.test + DNS:x899.test + DNS:x900.test + DNS:x901.test + DNS:x902.test + DNS:x903.test + DNS:x904.test + DNS:x905.test + DNS:x906.test + DNS:x907.test + DNS:x908.test + DNS:x909.test + DNS:x910.test + DNS:x911.test + DNS:x912.test + DNS:x913.test + DNS:x914.test + DNS:x915.test + DNS:x916.test + DNS:x917.test + DNS:x918.test + DNS:x919.test + DNS:x920.test + DNS:x921.test + DNS:x922.test + DNS:x923.test + DNS:x924.test + DNS:x925.test + DNS:x926.test + DNS:x927.test + DNS:x928.test + DNS:x929.test + DNS:x930.test + DNS:x931.test + DNS:x932.test + DNS:x933.test + DNS:x934.test + DNS:x935.test + DNS:x936.test + DNS:x937.test + DNS:x938.test + DNS:x939.test + DNS:x940.test + DNS:x941.test + DNS:x942.test + DNS:x943.test + DNS:x944.test + DNS:x945.test + DNS:x946.test + DNS:x947.test + DNS:x948.test + DNS:x949.test + DNS:x950.test + DNS:x951.test + DNS:x952.test + DNS:x953.test + DNS:x954.test + DNS:x955.test + DNS:x956.test + DNS:x957.test + DNS:x958.test + DNS:x959.test + DNS:x960.test + DNS:x961.test + DNS:x962.test + DNS:x963.test + DNS:x964.test + DNS:x965.test + DNS:x966.test + DNS:x967.test + DNS:x968.test + DNS:x969.test + DNS:x970.test + DNS:x971.test + DNS:x972.test + DNS:x973.test + DNS:x974.test + DNS:x975.test + DNS:x976.test + DNS:x977.test + DNS:x978.test + DNS:x979.test + DNS:x980.test + DNS:x981.test + DNS:x982.test + DNS:x983.test + DNS:x984.test + DNS:x985.test + DNS:x986.test + DNS:x987.test + DNS:x988.test + DNS:x989.test + DNS:x990.test + DNS:x991.test + DNS:x992.test + DNS:x993.test + DNS:x994.test + DNS:x995.test + DNS:x996.test + DNS:x997.test + DNS:x998.test + DNS:x999.test + DNS:x1000.test + DNS:x1001.test + DNS:x1002.test + DNS:x1003.test + DNS:x1004.test + DNS:x1005.test + DNS:x1006.test + DNS:x1007.test + DNS:x1008.test + DNS:x1009.test + DNS:x1010.test + DNS:x1011.test + DNS:x1012.test + DNS:x1013.test + DNS:x1014.test + DNS:x1015.test + DNS:x1016.test + DNS:x1017.test + DNS:x1018.test + DNS:x1019.test + DNS:x1020.test + DNS:x1021.test + DNS:x1022.test + DNS:x1023.test + DNS:x1024.test + + Signature Algorithm: sha256WithRSAEncryption + a3:61:e0:bd:55:1b:55:36:05:4b:22:0a:7c:93:62:ba:08:ce: + 68:b5:8a:62:f7:57:27:6c:0f:d0:03:f4:57:f1:a0:e5:35:69: + 91:fe:66:af:27:ae:54:92:67:3b:a7:ce:86:7e:dd:66:e9:a4: + dc:69:49:6d:c3:96:da:fd:3d:4a:27:60:f1:24:f8:f1:be:34: + f6:b6:43:53:02:8a:0f:87:42:07:5d:91:d3:9d:96:39:93:9c: + b6:f2:38:fd:37:2f:7d:f4:02:67:3f:73:bb:96:7e:55:1b:38: + f2:6e:c8:35:90:28:1d:d9:c2:45:e7:17:03:33:96:f9:59:eb: + 0f:bc:2c:52:57:6a:fc:2f:3d:f0:f3:5c:1d:d7:1a:8d:e2:02: + a8:96:15:e0:61:95:d6:09:ba:b9:7b:c0:36:cc:ce:96:7b:7f: + ef:35:f7:f3:08:28:b6:ac:2a:41:a6:22:43:6c:76:c5:34:1d: + e8:47:bf:dd:56:7a:0f:7d:bd:2e:a9:6b:ed:92:39:a5:36:35: + 09:52:6b:fa:03:b0:6d:68:e2:83:2e:8f:7e:87:71:fc:42:2d: + f2:07:16:53:8d:1a:02:c0:03:55:d3:bf:1d:c1:07:f5:63:ec: + 3f:6f:26:4c:e7:47:d0:9d:e6:04:00:ad:b6:87:de:03:59:b0: + 80:10:78:3e +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKGCM7gwCYIHeDAudGVzdDAJggd4MS50ZXN0MAmC +B3gyLnRlc3QwCYIHeDMudGVzdDAJggd4NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYu +dGVzdDAJggd4Ny50ZXN0MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAKggh4MTAudGVz +dDAKggh4MTEudGVzdDAKggh4MTIudGVzdDAKggh4MTMudGVzdDAKggh4MTQudGVz +dDAKggh4MTUudGVzdDAKggh4MTYudGVzdDAKggh4MTcudGVzdDAKggh4MTgudGVz +dDAKggh4MTkudGVzdDAKggh4MjAudGVzdDAKggh4MjEudGVzdDAKggh4MjIudGVz +dDAKggh4MjMudGVzdDAKggh4MjQudGVzdDAKggh4MjUudGVzdDAKggh4MjYudGVz +dDAKggh4MjcudGVzdDAKggh4MjgudGVzdDAKggh4MjkudGVzdDAKggh4MzAudGVz +dDAKggh4MzEudGVzdDAKggh4MzIudGVzdDAKggh4MzMudGVzdDAKggh4MzQudGVz +dDAKggh4MzUudGVzdDAKggh4MzYudGVzdDAKggh4MzcudGVzdDAKggh4MzgudGVz +dDAKggh4MzkudGVzdDAKggh4NDAudGVzdDAKggh4NDEudGVzdDAKggh4NDIudGVz +dDAKggh4NDMudGVzdDAKggh4NDQudGVzdDAKggh4NDUudGVzdDAKggh4NDYudGVz +dDAKggh4NDcudGVzdDAKggh4NDgudGVzdDAKggh4NDkudGVzdDAKggh4NTAudGVz +dDAKggh4NTEudGVzdDAKggh4NTIudGVzdDAKggh4NTMudGVzdDAKggh4NTQudGVz +dDAKggh4NTUudGVzdDAKggh4NTYudGVzdDAKggh4NTcudGVzdDAKggh4NTgudGVz +dDAKggh4NTkudGVzdDAKggh4NjAudGVzdDAKggh4NjEudGVzdDAKggh4NjIudGVz +dDAKggh4NjMudGVzdDAKggh4NjQudGVzdDAKggh4NjUudGVzdDAKggh4NjYudGVz +dDAKggh4NjcudGVzdDAKggh4NjgudGVzdDAKggh4NjkudGVzdDAKggh4NzAudGVz +dDAKggh4NzEudGVzdDAKggh4NzIudGVzdDAKggh4NzMudGVzdDAKggh4NzQudGVz +dDAKggh4NzUudGVzdDAKggh4NzYudGVzdDAKggh4NzcudGVzdDAKggh4NzgudGVz +dDAKggh4NzkudGVzdDAKggh4ODAudGVzdDAKggh4ODEudGVzdDAKggh4ODIudGVz +dDAKggh4ODMudGVzdDAKggh4ODQudGVzdDAKggh4ODUudGVzdDAKggh4ODYudGVz +dDAKggh4ODcudGVzdDAKggh4ODgudGVzdDAKggh4ODkudGVzdDAKggh4OTAudGVz +dDAKggh4OTEudGVzdDAKggh4OTIudGVzdDAKggh4OTMudGVzdDAKggh4OTQudGVz +dDAKggh4OTUudGVzdDAKggh4OTYudGVzdDAKggh4OTcudGVzdDAKggh4OTgudGVz +dDAKggh4OTkudGVzdDALggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIu +dGVzdDALggl4MTAzLnRlc3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUudGVzdDALggl4 +MTA2LnRlc3QwC4IJeDEwNy50ZXN0MAuCCXgxMDgudGVzdDALggl4MTA5LnRlc3Qw +C4IJeDExMC50ZXN0MAuCCXgxMTEudGVzdDALggl4MTEyLnRlc3QwC4IJeDExMy50 +ZXN0MAuCCXgxMTQudGVzdDALggl4MTE1LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgx +MTcudGVzdDALggl4MTE4LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgxMjAudGVzdDAL +ggl4MTIxLnRlc3QwC4IJeDEyMi50ZXN0MAuCCXgxMjMudGVzdDALggl4MTI0LnRl +c3QwC4IJeDEyNS50ZXN0MAuCCXgxMjYudGVzdDALggl4MTI3LnRlc3QwC4IJeDEy +OC50ZXN0MAuCCXgxMjkudGVzdDALggl4MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuC +CXgxMzIudGVzdDALggl4MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuCCXgxMzUudGVz +dDALggl4MTM2LnRlc3QwC4IJeDEzNy50ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5 +LnRlc3QwC4IJeDE0MC50ZXN0MAuCCXgxNDEudGVzdDALggl4MTQyLnRlc3QwC4IJ +eDE0My50ZXN0MAuCCXgxNDQudGVzdDALggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0 +MAuCCXgxNDcudGVzdDALggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAu +dGVzdDALggl4MTUxLnRlc3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4 +MTU0LnRlc3QwC4IJeDE1NS50ZXN0MAuCCXgxNTYudGVzdDALggl4MTU3LnRlc3Qw +C4IJeDE1OC50ZXN0MAuCCXgxNTkudGVzdDALggl4MTYwLnRlc3QwC4IJeDE2MS50 +ZXN0MAuCCXgxNjIudGVzdDALggl4MTYzLnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgx +NjUudGVzdDALggl4MTY2LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgxNjgudGVzdDAL +ggl4MTY5LnRlc3QwC4IJeDE3MC50ZXN0MAuCCXgxNzEudGVzdDALggl4MTcyLnRl +c3QwC4IJeDE3My50ZXN0MAuCCXgxNzQudGVzdDALggl4MTc1LnRlc3QwC4IJeDE3 +Ni50ZXN0MAuCCXgxNzcudGVzdDALggl4MTc4LnRlc3QwC4IJeDE3OS50ZXN0MAuC +CXgxODAudGVzdDALggl4MTgxLnRlc3QwC4IJeDE4Mi50ZXN0MAuCCXgxODMudGVz +dDALggl4MTg0LnRlc3QwC4IJeDE4NS50ZXN0MAuCCXgxODYudGVzdDALggl4MTg3 +LnRlc3QwC4IJeDE4OC50ZXN0MAuCCXgxODkudGVzdDALggl4MTkwLnRlc3QwC4IJ +eDE5MS50ZXN0MAuCCXgxOTIudGVzdDALggl4MTkzLnRlc3QwC4IJeDE5NC50ZXN0 +MAuCCXgxOTUudGVzdDALggl4MTk2LnRlc3QwC4IJeDE5Ny50ZXN0MAuCCXgxOTgu +dGVzdDALggl4MTk5LnRlc3QwC4IJeDIwMC50ZXN0MAuCCXgyMDEudGVzdDALggl4 +MjAyLnRlc3QwC4IJeDIwMy50ZXN0MAuCCXgyMDQudGVzdDALggl4MjA1LnRlc3Qw +C4IJeDIwNi50ZXN0MAuCCXgyMDcudGVzdDALggl4MjA4LnRlc3QwC4IJeDIwOS50 +ZXN0MAuCCXgyMTAudGVzdDALggl4MjExLnRlc3QwC4IJeDIxMi50ZXN0MAuCCXgy +MTMudGVzdDALggl4MjE0LnRlc3QwC4IJeDIxNS50ZXN0MAuCCXgyMTYudGVzdDAL +ggl4MjE3LnRlc3QwC4IJeDIxOC50ZXN0MAuCCXgyMTkudGVzdDALggl4MjIwLnRl +c3QwC4IJeDIyMS50ZXN0MAuCCXgyMjIudGVzdDALggl4MjIzLnRlc3QwC4IJeDIy +NC50ZXN0MAuCCXgyMjUudGVzdDALggl4MjI2LnRlc3QwC4IJeDIyNy50ZXN0MAuC +CXgyMjgudGVzdDALggl4MjI5LnRlc3QwC4IJeDIzMC50ZXN0MAuCCXgyMzEudGVz +dDALggl4MjMyLnRlc3QwC4IJeDIzMy50ZXN0MAuCCXgyMzQudGVzdDALggl4MjM1 +LnRlc3QwC4IJeDIzNi50ZXN0MAuCCXgyMzcudGVzdDALggl4MjM4LnRlc3QwC4IJ +eDIzOS50ZXN0MAuCCXgyNDAudGVzdDALggl4MjQxLnRlc3QwC4IJeDI0Mi50ZXN0 +MAuCCXgyNDMudGVzdDALggl4MjQ0LnRlc3QwC4IJeDI0NS50ZXN0MAuCCXgyNDYu +dGVzdDALggl4MjQ3LnRlc3QwC4IJeDI0OC50ZXN0MAuCCXgyNDkudGVzdDALggl4 +MjUwLnRlc3QwC4IJeDI1MS50ZXN0MAuCCXgyNTIudGVzdDALggl4MjUzLnRlc3Qw +C4IJeDI1NC50ZXN0MAuCCXgyNTUudGVzdDALggl4MjU2LnRlc3QwC4IJeDI1Ny50 +ZXN0MAuCCXgyNTgudGVzdDALggl4MjU5LnRlc3QwC4IJeDI2MC50ZXN0MAuCCXgy +NjEudGVzdDALggl4MjYyLnRlc3QwC4IJeDI2My50ZXN0MAuCCXgyNjQudGVzdDAL +ggl4MjY1LnRlc3QwC4IJeDI2Ni50ZXN0MAuCCXgyNjcudGVzdDALggl4MjY4LnRl +c3QwC4IJeDI2OS50ZXN0MAuCCXgyNzAudGVzdDALggl4MjcxLnRlc3QwC4IJeDI3 +Mi50ZXN0MAuCCXgyNzMudGVzdDALggl4Mjc0LnRlc3QwC4IJeDI3NS50ZXN0MAuC +CXgyNzYudGVzdDALggl4Mjc3LnRlc3QwC4IJeDI3OC50ZXN0MAuCCXgyNzkudGVz +dDALggl4MjgwLnRlc3QwC4IJeDI4MS50ZXN0MAuCCXgyODIudGVzdDALggl4Mjgz +LnRlc3QwC4IJeDI4NC50ZXN0MAuCCXgyODUudGVzdDALggl4Mjg2LnRlc3QwC4IJ +eDI4Ny50ZXN0MAuCCXgyODgudGVzdDALggl4Mjg5LnRlc3QwC4IJeDI5MC50ZXN0 +MAuCCXgyOTEudGVzdDALggl4MjkyLnRlc3QwC4IJeDI5My50ZXN0MAuCCXgyOTQu +dGVzdDALggl4Mjk1LnRlc3QwC4IJeDI5Ni50ZXN0MAuCCXgyOTcudGVzdDALggl4 +Mjk4LnRlc3QwC4IJeDI5OS50ZXN0MAuCCXgzMDAudGVzdDALggl4MzAxLnRlc3Qw +C4IJeDMwMi50ZXN0MAuCCXgzMDMudGVzdDALggl4MzA0LnRlc3QwC4IJeDMwNS50 +ZXN0MAuCCXgzMDYudGVzdDALggl4MzA3LnRlc3QwC4IJeDMwOC50ZXN0MAuCCXgz +MDkudGVzdDALggl4MzEwLnRlc3QwC4IJeDMxMS50ZXN0MAuCCXgzMTIudGVzdDAL +ggl4MzEzLnRlc3QwC4IJeDMxNC50ZXN0MAuCCXgzMTUudGVzdDALggl4MzE2LnRl +c3QwC4IJeDMxNy50ZXN0MAuCCXgzMTgudGVzdDALggl4MzE5LnRlc3QwC4IJeDMy +MC50ZXN0MAuCCXgzMjEudGVzdDALggl4MzIyLnRlc3QwC4IJeDMyMy50ZXN0MAuC +CXgzMjQudGVzdDALggl4MzI1LnRlc3QwC4IJeDMyNi50ZXN0MAuCCXgzMjcudGVz +dDALggl4MzI4LnRlc3QwC4IJeDMyOS50ZXN0MAuCCXgzMzAudGVzdDALggl4MzMx +LnRlc3QwC4IJeDMzMi50ZXN0MAuCCXgzMzMudGVzdDALggl4MzM0LnRlc3QwC4IJ +eDMzNS50ZXN0MAuCCXgzMzYudGVzdDALggl4MzM3LnRlc3QwC4IJeDMzOC50ZXN0 +MAuCCXgzMzkudGVzdDALggl4MzQwLnRlc3QwC4IJeDM0MS50ZXN0MAuCCXgzNDIu +dGVzdDALggl4MzQzLnRlc3QwC4IJeDM0NC50ZXN0MAuCCXgzNDUudGVzdDALggl4 +MzQ2LnRlc3QwC4IJeDM0Ny50ZXN0MAuCCXgzNDgudGVzdDALggl4MzQ5LnRlc3Qw +C4IJeDM1MC50ZXN0MAuCCXgzNTEudGVzdDALggl4MzUyLnRlc3QwC4IJeDM1My50 +ZXN0MAuCCXgzNTQudGVzdDALggl4MzU1LnRlc3QwC4IJeDM1Ni50ZXN0MAuCCXgz +NTcudGVzdDALggl4MzU4LnRlc3QwC4IJeDM1OS50ZXN0MAuCCXgzNjAudGVzdDAL +ggl4MzYxLnRlc3QwC4IJeDM2Mi50ZXN0MAuCCXgzNjMudGVzdDALggl4MzY0LnRl +c3QwC4IJeDM2NS50ZXN0MAuCCXgzNjYudGVzdDALggl4MzY3LnRlc3QwC4IJeDM2 +OC50ZXN0MAuCCXgzNjkudGVzdDALggl4MzcwLnRlc3QwC4IJeDM3MS50ZXN0MAuC +CXgzNzIudGVzdDALggl4MzczLnRlc3QwC4IJeDM3NC50ZXN0MAuCCXgzNzUudGVz +dDALggl4Mzc2LnRlc3QwC4IJeDM3Ny50ZXN0MAuCCXgzNzgudGVzdDALggl4Mzc5 +LnRlc3QwC4IJeDM4MC50ZXN0MAuCCXgzODEudGVzdDALggl4MzgyLnRlc3QwC4IJ +eDM4My50ZXN0MAuCCXgzODQudGVzdDALggl4Mzg1LnRlc3QwC4IJeDM4Ni50ZXN0 +MAuCCXgzODcudGVzdDALggl4Mzg4LnRlc3QwC4IJeDM4OS50ZXN0MAuCCXgzOTAu +dGVzdDALggl4MzkxLnRlc3QwC4IJeDM5Mi50ZXN0MAuCCXgzOTMudGVzdDALggl4 +Mzk0LnRlc3QwC4IJeDM5NS50ZXN0MAuCCXgzOTYudGVzdDALggl4Mzk3LnRlc3Qw +C4IJeDM5OC50ZXN0MAuCCXgzOTkudGVzdDALggl4NDAwLnRlc3QwC4IJeDQwMS50 +ZXN0MAuCCXg0MDIudGVzdDALggl4NDAzLnRlc3QwC4IJeDQwNC50ZXN0MAuCCXg0 +MDUudGVzdDALggl4NDA2LnRlc3QwC4IJeDQwNy50ZXN0MAuCCXg0MDgudGVzdDAL +ggl4NDA5LnRlc3QwC4IJeDQxMC50ZXN0MAuCCXg0MTEudGVzdDALggl4NDEyLnRl +c3QwC4IJeDQxMy50ZXN0MAuCCXg0MTQudGVzdDALggl4NDE1LnRlc3QwC4IJeDQx +Ni50ZXN0MAuCCXg0MTcudGVzdDALggl4NDE4LnRlc3QwC4IJeDQxOS50ZXN0MAuC +CXg0MjAudGVzdDALggl4NDIxLnRlc3QwC4IJeDQyMi50ZXN0MAuCCXg0MjMudGVz +dDALggl4NDI0LnRlc3QwC4IJeDQyNS50ZXN0MAuCCXg0MjYudGVzdDALggl4NDI3 +LnRlc3QwC4IJeDQyOC50ZXN0MAuCCXg0MjkudGVzdDALggl4NDMwLnRlc3QwC4IJ +eDQzMS50ZXN0MAuCCXg0MzIudGVzdDALggl4NDMzLnRlc3QwC4IJeDQzNC50ZXN0 +MAuCCXg0MzUudGVzdDALggl4NDM2LnRlc3QwC4IJeDQzNy50ZXN0MAuCCXg0Mzgu +dGVzdDALggl4NDM5LnRlc3QwC4IJeDQ0MC50ZXN0MAuCCXg0NDEudGVzdDALggl4 +NDQyLnRlc3QwC4IJeDQ0My50ZXN0MAuCCXg0NDQudGVzdDALggl4NDQ1LnRlc3Qw +C4IJeDQ0Ni50ZXN0MAuCCXg0NDcudGVzdDALggl4NDQ4LnRlc3QwC4IJeDQ0OS50 +ZXN0MAuCCXg0NTAudGVzdDALggl4NDUxLnRlc3QwC4IJeDQ1Mi50ZXN0MAuCCXg0 +NTMudGVzdDALggl4NDU0LnRlc3QwC4IJeDQ1NS50ZXN0MAuCCXg0NTYudGVzdDAL +ggl4NDU3LnRlc3QwC4IJeDQ1OC50ZXN0MAuCCXg0NTkudGVzdDALggl4NDYwLnRl +c3QwC4IJeDQ2MS50ZXN0MAuCCXg0NjIudGVzdDALggl4NDYzLnRlc3QwC4IJeDQ2 +NC50ZXN0MAuCCXg0NjUudGVzdDALggl4NDY2LnRlc3QwC4IJeDQ2Ny50ZXN0MAuC +CXg0NjgudGVzdDALggl4NDY5LnRlc3QwC4IJeDQ3MC50ZXN0MAuCCXg0NzEudGVz +dDALggl4NDcyLnRlc3QwC4IJeDQ3My50ZXN0MAuCCXg0NzQudGVzdDALggl4NDc1 +LnRlc3QwC4IJeDQ3Ni50ZXN0MAuCCXg0NzcudGVzdDALggl4NDc4LnRlc3QwC4IJ +eDQ3OS50ZXN0MAuCCXg0ODAudGVzdDALggl4NDgxLnRlc3QwC4IJeDQ4Mi50ZXN0 +MAuCCXg0ODMudGVzdDALggl4NDg0LnRlc3QwC4IJeDQ4NS50ZXN0MAuCCXg0ODYu +dGVzdDALggl4NDg3LnRlc3QwC4IJeDQ4OC50ZXN0MAuCCXg0ODkudGVzdDALggl4 +NDkwLnRlc3QwC4IJeDQ5MS50ZXN0MAuCCXg0OTIudGVzdDALggl4NDkzLnRlc3Qw +C4IJeDQ5NC50ZXN0MAuCCXg0OTUudGVzdDALggl4NDk2LnRlc3QwC4IJeDQ5Ny50 +ZXN0MAuCCXg0OTgudGVzdDALggl4NDk5LnRlc3QwC4IJeDUwMC50ZXN0MAuCCXg1 +MDEudGVzdDALggl4NTAyLnRlc3QwC4IJeDUwMy50ZXN0MAuCCXg1MDQudGVzdDAL +ggl4NTA1LnRlc3QwC4IJeDUwNi50ZXN0MAuCCXg1MDcudGVzdDALggl4NTA4LnRl +c3QwC4IJeDUwOS50ZXN0MAuCCXg1MTAudGVzdDALggl4NTExLnRlc3QwC4IJeDUx +Mi50ZXN0MAuCCXg1MTMudGVzdDALggl4NTE0LnRlc3QwC4IJeDUxNS50ZXN0MAuC +CXg1MTYudGVzdDALggl4NTE3LnRlc3QwC4IJeDUxOC50ZXN0MAuCCXg1MTkudGVz +dDALggl4NTIwLnRlc3QwC4IJeDUyMS50ZXN0MAuCCXg1MjIudGVzdDALggl4NTIz +LnRlc3QwC4IJeDUyNC50ZXN0MAuCCXg1MjUudGVzdDALggl4NTI2LnRlc3QwC4IJ +eDUyNy50ZXN0MAuCCXg1MjgudGVzdDALggl4NTI5LnRlc3QwC4IJeDUzMC50ZXN0 +MAuCCXg1MzEudGVzdDALggl4NTMyLnRlc3QwC4IJeDUzMy50ZXN0MAuCCXg1MzQu +dGVzdDALggl4NTM1LnRlc3QwC4IJeDUzNi50ZXN0MAuCCXg1MzcudGVzdDALggl4 +NTM4LnRlc3QwC4IJeDUzOS50ZXN0MAuCCXg1NDAudGVzdDALggl4NTQxLnRlc3Qw +C4IJeDU0Mi50ZXN0MAuCCXg1NDMudGVzdDALggl4NTQ0LnRlc3QwC4IJeDU0NS50 +ZXN0MAuCCXg1NDYudGVzdDALggl4NTQ3LnRlc3QwC4IJeDU0OC50ZXN0MAuCCXg1 +NDkudGVzdDALggl4NTUwLnRlc3QwC4IJeDU1MS50ZXN0MAuCCXg1NTIudGVzdDAL +ggl4NTUzLnRlc3QwC4IJeDU1NC50ZXN0MAuCCXg1NTUudGVzdDALggl4NTU2LnRl +c3QwC4IJeDU1Ny50ZXN0MAuCCXg1NTgudGVzdDALggl4NTU5LnRlc3QwC4IJeDU2 +MC50ZXN0MAuCCXg1NjEudGVzdDALggl4NTYyLnRlc3QwC4IJeDU2My50ZXN0MAuC +CXg1NjQudGVzdDALggl4NTY1LnRlc3QwC4IJeDU2Ni50ZXN0MAuCCXg1NjcudGVz +dDALggl4NTY4LnRlc3QwC4IJeDU2OS50ZXN0MAuCCXg1NzAudGVzdDALggl4NTcx +LnRlc3QwC4IJeDU3Mi50ZXN0MAuCCXg1NzMudGVzdDALggl4NTc0LnRlc3QwC4IJ +eDU3NS50ZXN0MAuCCXg1NzYudGVzdDALggl4NTc3LnRlc3QwC4IJeDU3OC50ZXN0 +MAuCCXg1NzkudGVzdDALggl4NTgwLnRlc3QwC4IJeDU4MS50ZXN0MAuCCXg1ODIu +dGVzdDALggl4NTgzLnRlc3QwC4IJeDU4NC50ZXN0MAuCCXg1ODUudGVzdDALggl4 +NTg2LnRlc3QwC4IJeDU4Ny50ZXN0MAuCCXg1ODgudGVzdDALggl4NTg5LnRlc3Qw +C4IJeDU5MC50ZXN0MAuCCXg1OTEudGVzdDALggl4NTkyLnRlc3QwC4IJeDU5My50 +ZXN0MAuCCXg1OTQudGVzdDALggl4NTk1LnRlc3QwC4IJeDU5Ni50ZXN0MAuCCXg1 +OTcudGVzdDALggl4NTk4LnRlc3QwC4IJeDU5OS50ZXN0MAuCCXg2MDAudGVzdDAL +ggl4NjAxLnRlc3QwC4IJeDYwMi50ZXN0MAuCCXg2MDMudGVzdDALggl4NjA0LnRl +c3QwC4IJeDYwNS50ZXN0MAuCCXg2MDYudGVzdDALggl4NjA3LnRlc3QwC4IJeDYw +OC50ZXN0MAuCCXg2MDkudGVzdDALggl4NjEwLnRlc3QwC4IJeDYxMS50ZXN0MAuC +CXg2MTIudGVzdDALggl4NjEzLnRlc3QwC4IJeDYxNC50ZXN0MAuCCXg2MTUudGVz +dDALggl4NjE2LnRlc3QwC4IJeDYxNy50ZXN0MAuCCXg2MTgudGVzdDALggl4NjE5 +LnRlc3QwC4IJeDYyMC50ZXN0MAuCCXg2MjEudGVzdDALggl4NjIyLnRlc3QwC4IJ +eDYyMy50ZXN0MAuCCXg2MjQudGVzdDALggl4NjI1LnRlc3QwC4IJeDYyNi50ZXN0 +MAuCCXg2MjcudGVzdDALggl4NjI4LnRlc3QwC4IJeDYyOS50ZXN0MAuCCXg2MzAu +dGVzdDALggl4NjMxLnRlc3QwC4IJeDYzMi50ZXN0MAuCCXg2MzMudGVzdDALggl4 +NjM0LnRlc3QwC4IJeDYzNS50ZXN0MAuCCXg2MzYudGVzdDALggl4NjM3LnRlc3Qw +C4IJeDYzOC50ZXN0MAuCCXg2MzkudGVzdDALggl4NjQwLnRlc3QwC4IJeDY0MS50 +ZXN0MAuCCXg2NDIudGVzdDALggl4NjQzLnRlc3QwC4IJeDY0NC50ZXN0MAuCCXg2 +NDUudGVzdDALggl4NjQ2LnRlc3QwC4IJeDY0Ny50ZXN0MAuCCXg2NDgudGVzdDAL +ggl4NjQ5LnRlc3QwC4IJeDY1MC50ZXN0MAuCCXg2NTEudGVzdDALggl4NjUyLnRl +c3QwC4IJeDY1My50ZXN0MAuCCXg2NTQudGVzdDALggl4NjU1LnRlc3QwC4IJeDY1 +Ni50ZXN0MAuCCXg2NTcudGVzdDALggl4NjU4LnRlc3QwC4IJeDY1OS50ZXN0MAuC +CXg2NjAudGVzdDALggl4NjYxLnRlc3QwC4IJeDY2Mi50ZXN0MAuCCXg2NjMudGVz +dDALggl4NjY0LnRlc3QwC4IJeDY2NS50ZXN0MAuCCXg2NjYudGVzdDALggl4NjY3 +LnRlc3QwC4IJeDY2OC50ZXN0MAuCCXg2NjkudGVzdDALggl4NjcwLnRlc3QwC4IJ +eDY3MS50ZXN0MAuCCXg2NzIudGVzdDALggl4NjczLnRlc3QwC4IJeDY3NC50ZXN0 +MAuCCXg2NzUudGVzdDALggl4Njc2LnRlc3QwC4IJeDY3Ny50ZXN0MAuCCXg2Nzgu +dGVzdDALggl4Njc5LnRlc3QwC4IJeDY4MC50ZXN0MAuCCXg2ODEudGVzdDALggl4 +NjgyLnRlc3QwC4IJeDY4My50ZXN0MAuCCXg2ODQudGVzdDALggl4Njg1LnRlc3Qw +C4IJeDY4Ni50ZXN0MAuCCXg2ODcudGVzdDALggl4Njg4LnRlc3QwC4IJeDY4OS50 +ZXN0MAuCCXg2OTAudGVzdDALggl4NjkxLnRlc3QwC4IJeDY5Mi50ZXN0MAuCCXg2 +OTMudGVzdDALggl4Njk0LnRlc3QwC4IJeDY5NS50ZXN0MAuCCXg2OTYudGVzdDAL +ggl4Njk3LnRlc3QwC4IJeDY5OC50ZXN0MAuCCXg2OTkudGVzdDALggl4NzAwLnRl +c3QwC4IJeDcwMS50ZXN0MAuCCXg3MDIudGVzdDALggl4NzAzLnRlc3QwC4IJeDcw +NC50ZXN0MAuCCXg3MDUudGVzdDALggl4NzA2LnRlc3QwC4IJeDcwNy50ZXN0MAuC +CXg3MDgudGVzdDALggl4NzA5LnRlc3QwC4IJeDcxMC50ZXN0MAuCCXg3MTEudGVz +dDALggl4NzEyLnRlc3QwC4IJeDcxMy50ZXN0MAuCCXg3MTQudGVzdDALggl4NzE1 +LnRlc3QwC4IJeDcxNi50ZXN0MAuCCXg3MTcudGVzdDALggl4NzE4LnRlc3QwC4IJ +eDcxOS50ZXN0MAuCCXg3MjAudGVzdDALggl4NzIxLnRlc3QwC4IJeDcyMi50ZXN0 +MAuCCXg3MjMudGVzdDALggl4NzI0LnRlc3QwC4IJeDcyNS50ZXN0MAuCCXg3MjYu +dGVzdDALggl4NzI3LnRlc3QwC4IJeDcyOC50ZXN0MAuCCXg3MjkudGVzdDALggl4 +NzMwLnRlc3QwC4IJeDczMS50ZXN0MAuCCXg3MzIudGVzdDALggl4NzMzLnRlc3Qw +C4IJeDczNC50ZXN0MAuCCXg3MzUudGVzdDALggl4NzM2LnRlc3QwC4IJeDczNy50 +ZXN0MAuCCXg3MzgudGVzdDALggl4NzM5LnRlc3QwC4IJeDc0MC50ZXN0MAuCCXg3 +NDEudGVzdDALggl4NzQyLnRlc3QwC4IJeDc0My50ZXN0MAuCCXg3NDQudGVzdDAL +ggl4NzQ1LnRlc3QwC4IJeDc0Ni50ZXN0MAuCCXg3NDcudGVzdDALggl4NzQ4LnRl +c3QwC4IJeDc0OS50ZXN0MAuCCXg3NTAudGVzdDALggl4NzUxLnRlc3QwC4IJeDc1 +Mi50ZXN0MAuCCXg3NTMudGVzdDALggl4NzU0LnRlc3QwC4IJeDc1NS50ZXN0MAuC +CXg3NTYudGVzdDALggl4NzU3LnRlc3QwC4IJeDc1OC50ZXN0MAuCCXg3NTkudGVz +dDALggl4NzYwLnRlc3QwC4IJeDc2MS50ZXN0MAuCCXg3NjIudGVzdDALggl4NzYz +LnRlc3QwC4IJeDc2NC50ZXN0MAuCCXg3NjUudGVzdDALggl4NzY2LnRlc3QwC4IJ +eDc2Ny50ZXN0MAuCCXg3NjgudGVzdDALggl4NzY5LnRlc3QwC4IJeDc3MC50ZXN0 +MAuCCXg3NzEudGVzdDALggl4NzcyLnRlc3QwC4IJeDc3My50ZXN0MAuCCXg3NzQu +dGVzdDALggl4Nzc1LnRlc3QwC4IJeDc3Ni50ZXN0MAuCCXg3NzcudGVzdDALggl4 +Nzc4LnRlc3QwC4IJeDc3OS50ZXN0MAuCCXg3ODAudGVzdDALggl4NzgxLnRlc3Qw +C4IJeDc4Mi50ZXN0MAuCCXg3ODMudGVzdDALggl4Nzg0LnRlc3QwC4IJeDc4NS50 +ZXN0MAuCCXg3ODYudGVzdDALggl4Nzg3LnRlc3QwC4IJeDc4OC50ZXN0MAuCCXg3 +ODkudGVzdDALggl4NzkwLnRlc3QwC4IJeDc5MS50ZXN0MAuCCXg3OTIudGVzdDAL +ggl4NzkzLnRlc3QwC4IJeDc5NC50ZXN0MAuCCXg3OTUudGVzdDALggl4Nzk2LnRl +c3QwC4IJeDc5Ny50ZXN0MAuCCXg3OTgudGVzdDALggl4Nzk5LnRlc3QwC4IJeDgw +MC50ZXN0MAuCCXg4MDEudGVzdDALggl4ODAyLnRlc3QwC4IJeDgwMy50ZXN0MAuC +CXg4MDQudGVzdDALggl4ODA1LnRlc3QwC4IJeDgwNi50ZXN0MAuCCXg4MDcudGVz +dDALggl4ODA4LnRlc3QwC4IJeDgwOS50ZXN0MAuCCXg4MTAudGVzdDALggl4ODEx +LnRlc3QwC4IJeDgxMi50ZXN0MAuCCXg4MTMudGVzdDALggl4ODE0LnRlc3QwC4IJ +eDgxNS50ZXN0MAuCCXg4MTYudGVzdDALggl4ODE3LnRlc3QwC4IJeDgxOC50ZXN0 +MAuCCXg4MTkudGVzdDALggl4ODIwLnRlc3QwC4IJeDgyMS50ZXN0MAuCCXg4MjIu +dGVzdDALggl4ODIzLnRlc3QwC4IJeDgyNC50ZXN0MAuCCXg4MjUudGVzdDALggl4 +ODI2LnRlc3QwC4IJeDgyNy50ZXN0MAuCCXg4MjgudGVzdDALggl4ODI5LnRlc3Qw +C4IJeDgzMC50ZXN0MAuCCXg4MzEudGVzdDALggl4ODMyLnRlc3QwC4IJeDgzMy50 +ZXN0MAuCCXg4MzQudGVzdDALggl4ODM1LnRlc3QwC4IJeDgzNi50ZXN0MAuCCXg4 +MzcudGVzdDALggl4ODM4LnRlc3QwC4IJeDgzOS50ZXN0MAuCCXg4NDAudGVzdDAL +ggl4ODQxLnRlc3QwC4IJeDg0Mi50ZXN0MAuCCXg4NDMudGVzdDALggl4ODQ0LnRl +c3QwC4IJeDg0NS50ZXN0MAuCCXg4NDYudGVzdDALggl4ODQ3LnRlc3QwC4IJeDg0 +OC50ZXN0MAuCCXg4NDkudGVzdDALggl4ODUwLnRlc3QwC4IJeDg1MS50ZXN0MAuC +CXg4NTIudGVzdDALggl4ODUzLnRlc3QwC4IJeDg1NC50ZXN0MAuCCXg4NTUudGVz +dDALggl4ODU2LnRlc3QwC4IJeDg1Ny50ZXN0MAuCCXg4NTgudGVzdDALggl4ODU5 +LnRlc3QwC4IJeDg2MC50ZXN0MAuCCXg4NjEudGVzdDALggl4ODYyLnRlc3QwC4IJ +eDg2My50ZXN0MAuCCXg4NjQudGVzdDALggl4ODY1LnRlc3QwC4IJeDg2Ni50ZXN0 +MAuCCXg4NjcudGVzdDALggl4ODY4LnRlc3QwC4IJeDg2OS50ZXN0MAuCCXg4NzAu +dGVzdDALggl4ODcxLnRlc3QwC4IJeDg3Mi50ZXN0MAuCCXg4NzMudGVzdDALggl4 +ODc0LnRlc3QwC4IJeDg3NS50ZXN0MAuCCXg4NzYudGVzdDALggl4ODc3LnRlc3Qw +C4IJeDg3OC50ZXN0MAuCCXg4NzkudGVzdDALggl4ODgwLnRlc3QwC4IJeDg4MS50 +ZXN0MAuCCXg4ODIudGVzdDALggl4ODgzLnRlc3QwC4IJeDg4NC50ZXN0MAuCCXg4 +ODUudGVzdDALggl4ODg2LnRlc3QwC4IJeDg4Ny50ZXN0MAuCCXg4ODgudGVzdDAL +ggl4ODg5LnRlc3QwC4IJeDg5MC50ZXN0MAuCCXg4OTEudGVzdDALggl4ODkyLnRl +c3QwC4IJeDg5My50ZXN0MAuCCXg4OTQudGVzdDALggl4ODk1LnRlc3QwC4IJeDg5 +Ni50ZXN0MAuCCXg4OTcudGVzdDALggl4ODk4LnRlc3QwC4IJeDg5OS50ZXN0MAuC +CXg5MDAudGVzdDALggl4OTAxLnRlc3QwC4IJeDkwMi50ZXN0MAuCCXg5MDMudGVz +dDALggl4OTA0LnRlc3QwC4IJeDkwNS50ZXN0MAuCCXg5MDYudGVzdDALggl4OTA3 +LnRlc3QwC4IJeDkwOC50ZXN0MAuCCXg5MDkudGVzdDALggl4OTEwLnRlc3QwC4IJ +eDkxMS50ZXN0MAuCCXg5MTIudGVzdDALggl4OTEzLnRlc3QwC4IJeDkxNC50ZXN0 +MAuCCXg5MTUudGVzdDALggl4OTE2LnRlc3QwC4IJeDkxNy50ZXN0MAuCCXg5MTgu +dGVzdDALggl4OTE5LnRlc3QwC4IJeDkyMC50ZXN0MAuCCXg5MjEudGVzdDALggl4 +OTIyLnRlc3QwC4IJeDkyMy50ZXN0MAuCCXg5MjQudGVzdDALggl4OTI1LnRlc3Qw +C4IJeDkyNi50ZXN0MAuCCXg5MjcudGVzdDALggl4OTI4LnRlc3QwC4IJeDkyOS50 +ZXN0MAuCCXg5MzAudGVzdDALggl4OTMxLnRlc3QwC4IJeDkzMi50ZXN0MAuCCXg5 +MzMudGVzdDALggl4OTM0LnRlc3QwC4IJeDkzNS50ZXN0MAuCCXg5MzYudGVzdDAL +ggl4OTM3LnRlc3QwC4IJeDkzOC50ZXN0MAuCCXg5MzkudGVzdDALggl4OTQwLnRl +c3QwC4IJeDk0MS50ZXN0MAuCCXg5NDIudGVzdDALggl4OTQzLnRlc3QwC4IJeDk0 +NC50ZXN0MAuCCXg5NDUudGVzdDALggl4OTQ2LnRlc3QwC4IJeDk0Ny50ZXN0MAuC +CXg5NDgudGVzdDALggl4OTQ5LnRlc3QwC4IJeDk1MC50ZXN0MAuCCXg5NTEudGVz +dDALggl4OTUyLnRlc3QwC4IJeDk1My50ZXN0MAuCCXg5NTQudGVzdDALggl4OTU1 +LnRlc3QwC4IJeDk1Ni50ZXN0MAuCCXg5NTcudGVzdDALggl4OTU4LnRlc3QwC4IJ +eDk1OS50ZXN0MAuCCXg5NjAudGVzdDALggl4OTYxLnRlc3QwC4IJeDk2Mi50ZXN0 +MAuCCXg5NjMudGVzdDALggl4OTY0LnRlc3QwC4IJeDk2NS50ZXN0MAuCCXg5NjYu +dGVzdDALggl4OTY3LnRlc3QwC4IJeDk2OC50ZXN0MAuCCXg5NjkudGVzdDALggl4 +OTcwLnRlc3QwC4IJeDk3MS50ZXN0MAuCCXg5NzIudGVzdDALggl4OTczLnRlc3Qw +C4IJeDk3NC50ZXN0MAuCCXg5NzUudGVzdDALggl4OTc2LnRlc3QwC4IJeDk3Ny50 +ZXN0MAuCCXg5NzgudGVzdDALggl4OTc5LnRlc3QwC4IJeDk4MC50ZXN0MAuCCXg5 +ODEudGVzdDALggl4OTgyLnRlc3QwC4IJeDk4My50ZXN0MAuCCXg5ODQudGVzdDAL +ggl4OTg1LnRlc3QwC4IJeDk4Ni50ZXN0MAuCCXg5ODcudGVzdDALggl4OTg4LnRl +c3QwC4IJeDk4OS50ZXN0MAuCCXg5OTAudGVzdDALggl4OTkxLnRlc3QwC4IJeDk5 +Mi50ZXN0MAuCCXg5OTMudGVzdDALggl4OTk0LnRlc3QwC4IJeDk5NS50ZXN0MAuC +CXg5OTYudGVzdDALggl4OTk3LnRlc3QwC4IJeDk5OC50ZXN0MAuCCXg5OTkudGVz +dDAMggp4MTAwMC50ZXN0MAyCCngxMDAxLnRlc3QwDIIKeDEwMDIudGVzdDAMggp4 +MTAwMy50ZXN0MAyCCngxMDA0LnRlc3QwDIIKeDEwMDUudGVzdDAMggp4MTAwNi50 +ZXN0MAyCCngxMDA3LnRlc3QwDIIKeDEwMDgudGVzdDAMggp4MTAwOS50ZXN0MAyC +CngxMDEwLnRlc3QwDIIKeDEwMTEudGVzdDAMggp4MTAxMi50ZXN0MAyCCngxMDEz +LnRlc3QwDIIKeDEwMTQudGVzdDAMggp4MTAxNS50ZXN0MAyCCngxMDE2LnRlc3Qw +DIIKeDEwMTcudGVzdDAMggp4MTAxOC50ZXN0MAyCCngxMDE5LnRlc3QwDIIKeDEw +MjAudGVzdDAMggp4MTAyMS50ZXN0MAyCCngxMDIyLnRlc3QwDIIKeDEwMjMudGVz +dDAMggp4MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQCjYeC9VRtVNgVLIgp8 +k2K6CM5otYpi91cnbA/QA/RX8aDlNWmR/mavJ65Ukmc7p86Gft1m6aTcaUltw5ba +/T1KJ2DxJPjxvjT2tkNTAooPh0IHXZHTnZY5k5y28jj9Ny999AJnP3O7ln5VGzjy +bsg1kCgd2cJF5xcDM5b5WesPvCxSV2r8Lz3w81wd1xqN4gKolhXgYZXWCbq5e8A2 +zM6We3/vNffzCCi2rCpBpiJDbHbFNB3oR7/dVnoPfb0uqWvtkjmlNjUJUmv6A7Bt +aOKDLo9+h3H8Qi3yBxZTjRoCwANV078dwQf1Y+w/byZM50fQneYEAK22h94DWbCA +EHg+ +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F9.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F9.pem new file mode 100644 index 0000000000..c4dfd8fbbc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6F9.pem @@ -0,0 +1,1374 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + IP:11.0.0.170/255.255.255.255 + IP:11.0.0.171/255.255.255.255 + IP:11.0.0.172/255.255.255.255 + IP:11.0.0.173/255.255.255.255 + IP:11.0.0.174/255.255.255.255 + IP:11.0.0.175/255.255.255.255 + IP:11.0.0.176/255.255.255.255 + IP:11.0.0.177/255.255.255.255 + IP:11.0.0.178/255.255.255.255 + IP:11.0.0.179/255.255.255.255 + IP:11.0.0.180/255.255.255.255 + IP:11.0.0.181/255.255.255.255 + IP:11.0.0.182/255.255.255.255 + IP:11.0.0.183/255.255.255.255 + IP:11.0.0.184/255.255.255.255 + IP:11.0.0.185/255.255.255.255 + IP:11.0.0.186/255.255.255.255 + IP:11.0.0.187/255.255.255.255 + IP:11.0.0.188/255.255.255.255 + IP:11.0.0.189/255.255.255.255 + IP:11.0.0.190/255.255.255.255 + IP:11.0.0.191/255.255.255.255 + IP:11.0.0.192/255.255.255.255 + IP:11.0.0.193/255.255.255.255 + IP:11.0.0.194/255.255.255.255 + IP:11.0.0.195/255.255.255.255 + IP:11.0.0.196/255.255.255.255 + IP:11.0.0.197/255.255.255.255 + IP:11.0.0.198/255.255.255.255 + IP:11.0.0.199/255.255.255.255 + IP:11.0.0.200/255.255.255.255 + IP:11.0.0.201/255.255.255.255 + IP:11.0.0.202/255.255.255.255 + IP:11.0.0.203/255.255.255.255 + IP:11.0.0.204/255.255.255.255 + IP:11.0.0.205/255.255.255.255 + IP:11.0.0.206/255.255.255.255 + IP:11.0.0.207/255.255.255.255 + IP:11.0.0.208/255.255.255.255 + IP:11.0.0.209/255.255.255.255 + IP:11.0.0.210/255.255.255.255 + IP:11.0.0.211/255.255.255.255 + IP:11.0.0.212/255.255.255.255 + IP:11.0.0.213/255.255.255.255 + IP:11.0.0.214/255.255.255.255 + IP:11.0.0.215/255.255.255.255 + IP:11.0.0.216/255.255.255.255 + IP:11.0.0.217/255.255.255.255 + IP:11.0.0.218/255.255.255.255 + IP:11.0.0.219/255.255.255.255 + IP:11.0.0.220/255.255.255.255 + IP:11.0.0.221/255.255.255.255 + IP:11.0.0.222/255.255.255.255 + IP:11.0.0.223/255.255.255.255 + IP:11.0.0.224/255.255.255.255 + IP:11.0.0.225/255.255.255.255 + IP:11.0.0.226/255.255.255.255 + IP:11.0.0.227/255.255.255.255 + IP:11.0.0.228/255.255.255.255 + IP:11.0.0.229/255.255.255.255 + IP:11.0.0.230/255.255.255.255 + IP:11.0.0.231/255.255.255.255 + IP:11.0.0.232/255.255.255.255 + IP:11.0.0.233/255.255.255.255 + IP:11.0.0.234/255.255.255.255 + IP:11.0.0.235/255.255.255.255 + IP:11.0.0.236/255.255.255.255 + IP:11.0.0.237/255.255.255.255 + IP:11.0.0.238/255.255.255.255 + IP:11.0.0.239/255.255.255.255 + IP:11.0.0.240/255.255.255.255 + IP:11.0.0.241/255.255.255.255 + IP:11.0.0.242/255.255.255.255 + IP:11.0.0.243/255.255.255.255 + IP:11.0.0.244/255.255.255.255 + IP:11.0.0.245/255.255.255.255 + IP:11.0.0.246/255.255.255.255 + IP:11.0.0.247/255.255.255.255 + IP:11.0.0.248/255.255.255.255 + IP:11.0.0.249/255.255.255.255 + IP:11.0.0.250/255.255.255.255 + IP:11.0.0.251/255.255.255.255 + IP:11.0.0.252/255.255.255.255 + IP:11.0.0.253/255.255.255.255 + IP:11.0.0.254/255.255.255.255 + IP:11.0.0.255/255.255.255.255 + IP:11.0.1.0/255.255.255.255 + IP:11.0.1.1/255.255.255.255 + IP:11.0.1.2/255.255.255.255 + IP:11.0.1.3/255.255.255.255 + IP:11.0.1.4/255.255.255.255 + IP:11.0.1.5/255.255.255.255 + IP:11.0.1.6/255.255.255.255 + IP:11.0.1.7/255.255.255.255 + IP:11.0.1.8/255.255.255.255 + IP:11.0.1.9/255.255.255.255 + IP:11.0.1.10/255.255.255.255 + IP:11.0.1.11/255.255.255.255 + IP:11.0.1.12/255.255.255.255 + IP:11.0.1.13/255.255.255.255 + IP:11.0.1.14/255.255.255.255 + IP:11.0.1.15/255.255.255.255 + IP:11.0.1.16/255.255.255.255 + IP:11.0.1.17/255.255.255.255 + IP:11.0.1.18/255.255.255.255 + IP:11.0.1.19/255.255.255.255 + IP:11.0.1.20/255.255.255.255 + IP:11.0.1.21/255.255.255.255 + IP:11.0.1.22/255.255.255.255 + IP:11.0.1.23/255.255.255.255 + IP:11.0.1.24/255.255.255.255 + IP:11.0.1.25/255.255.255.255 + IP:11.0.1.26/255.255.255.255 + IP:11.0.1.27/255.255.255.255 + IP:11.0.1.28/255.255.255.255 + IP:11.0.1.29/255.255.255.255 + IP:11.0.1.30/255.255.255.255 + IP:11.0.1.31/255.255.255.255 + IP:11.0.1.32/255.255.255.255 + IP:11.0.1.33/255.255.255.255 + IP:11.0.1.34/255.255.255.255 + IP:11.0.1.35/255.255.255.255 + IP:11.0.1.36/255.255.255.255 + IP:11.0.1.37/255.255.255.255 + IP:11.0.1.38/255.255.255.255 + IP:11.0.1.39/255.255.255.255 + IP:11.0.1.40/255.255.255.255 + IP:11.0.1.41/255.255.255.255 + IP:11.0.1.42/255.255.255.255 + IP:11.0.1.43/255.255.255.255 + IP:11.0.1.44/255.255.255.255 + IP:11.0.1.45/255.255.255.255 + IP:11.0.1.46/255.255.255.255 + IP:11.0.1.47/255.255.255.255 + IP:11.0.1.48/255.255.255.255 + IP:11.0.1.49/255.255.255.255 + IP:11.0.1.50/255.255.255.255 + IP:11.0.1.51/255.255.255.255 + IP:11.0.1.52/255.255.255.255 + IP:11.0.1.53/255.255.255.255 + IP:11.0.1.54/255.255.255.255 + IP:11.0.1.55/255.255.255.255 + IP:11.0.1.56/255.255.255.255 + IP:11.0.1.57/255.255.255.255 + IP:11.0.1.58/255.255.255.255 + IP:11.0.1.59/255.255.255.255 + IP:11.0.1.60/255.255.255.255 + IP:11.0.1.61/255.255.255.255 + IP:11.0.1.62/255.255.255.255 + IP:11.0.1.63/255.255.255.255 + IP:11.0.1.64/255.255.255.255 + IP:11.0.1.65/255.255.255.255 + IP:11.0.1.66/255.255.255.255 + IP:11.0.1.67/255.255.255.255 + IP:11.0.1.68/255.255.255.255 + IP:11.0.1.69/255.255.255.255 + IP:11.0.1.70/255.255.255.255 + IP:11.0.1.71/255.255.255.255 + IP:11.0.1.72/255.255.255.255 + IP:11.0.1.73/255.255.255.255 + IP:11.0.1.74/255.255.255.255 + IP:11.0.1.75/255.255.255.255 + IP:11.0.1.76/255.255.255.255 + IP:11.0.1.77/255.255.255.255 + IP:11.0.1.78/255.255.255.255 + IP:11.0.1.79/255.255.255.255 + IP:11.0.1.80/255.255.255.255 + IP:11.0.1.81/255.255.255.255 + IP:11.0.1.82/255.255.255.255 + IP:11.0.1.83/255.255.255.255 + IP:11.0.1.84/255.255.255.255 + IP:11.0.1.85/255.255.255.255 + IP:11.0.1.86/255.255.255.255 + IP:11.0.1.87/255.255.255.255 + IP:11.0.1.88/255.255.255.255 + IP:11.0.1.89/255.255.255.255 + IP:11.0.1.90/255.255.255.255 + IP:11.0.1.91/255.255.255.255 + IP:11.0.1.92/255.255.255.255 + IP:11.0.1.93/255.255.255.255 + IP:11.0.1.94/255.255.255.255 + IP:11.0.1.95/255.255.255.255 + IP:11.0.1.96/255.255.255.255 + IP:11.0.1.97/255.255.255.255 + IP:11.0.1.98/255.255.255.255 + IP:11.0.1.99/255.255.255.255 + IP:11.0.1.100/255.255.255.255 + IP:11.0.1.101/255.255.255.255 + IP:11.0.1.102/255.255.255.255 + IP:11.0.1.103/255.255.255.255 + IP:11.0.1.104/255.255.255.255 + IP:11.0.1.105/255.255.255.255 + IP:11.0.1.106/255.255.255.255 + IP:11.0.1.107/255.255.255.255 + IP:11.0.1.108/255.255.255.255 + IP:11.0.1.109/255.255.255.255 + IP:11.0.1.110/255.255.255.255 + IP:11.0.1.111/255.255.255.255 + IP:11.0.1.112/255.255.255.255 + IP:11.0.1.113/255.255.255.255 + IP:11.0.1.114/255.255.255.255 + IP:11.0.1.115/255.255.255.255 + IP:11.0.1.116/255.255.255.255 + IP:11.0.1.117/255.255.255.255 + IP:11.0.1.118/255.255.255.255 + IP:11.0.1.119/255.255.255.255 + IP:11.0.1.120/255.255.255.255 + IP:11.0.1.121/255.255.255.255 + IP:11.0.1.122/255.255.255.255 + IP:11.0.1.123/255.255.255.255 + IP:11.0.1.124/255.255.255.255 + IP:11.0.1.125/255.255.255.255 + IP:11.0.1.126/255.255.255.255 + IP:11.0.1.127/255.255.255.255 + IP:11.0.1.128/255.255.255.255 + IP:11.0.1.129/255.255.255.255 + IP:11.0.1.130/255.255.255.255 + IP:11.0.1.131/255.255.255.255 + IP:11.0.1.132/255.255.255.255 + IP:11.0.1.133/255.255.255.255 + IP:11.0.1.134/255.255.255.255 + IP:11.0.1.135/255.255.255.255 + IP:11.0.1.136/255.255.255.255 + IP:11.0.1.137/255.255.255.255 + IP:11.0.1.138/255.255.255.255 + IP:11.0.1.139/255.255.255.255 + IP:11.0.1.140/255.255.255.255 + IP:11.0.1.141/255.255.255.255 + IP:11.0.1.142/255.255.255.255 + IP:11.0.1.143/255.255.255.255 + IP:11.0.1.144/255.255.255.255 + IP:11.0.1.145/255.255.255.255 + IP:11.0.1.146/255.255.255.255 + IP:11.0.1.147/255.255.255.255 + IP:11.0.1.148/255.255.255.255 + IP:11.0.1.149/255.255.255.255 + IP:11.0.1.150/255.255.255.255 + IP:11.0.1.151/255.255.255.255 + IP:11.0.1.152/255.255.255.255 + IP:11.0.1.153/255.255.255.255 + IP:11.0.1.154/255.255.255.255 + IP:11.0.1.155/255.255.255.255 + IP:11.0.1.156/255.255.255.255 + IP:11.0.1.157/255.255.255.255 + IP:11.0.1.158/255.255.255.255 + IP:11.0.1.159/255.255.255.255 + IP:11.0.1.160/255.255.255.255 + IP:11.0.1.161/255.255.255.255 + IP:11.0.1.162/255.255.255.255 + IP:11.0.1.163/255.255.255.255 + IP:11.0.1.164/255.255.255.255 + IP:11.0.1.165/255.255.255.255 + IP:11.0.1.166/255.255.255.255 + IP:11.0.1.167/255.255.255.255 + IP:11.0.1.168/255.255.255.255 + IP:11.0.1.169/255.255.255.255 + IP:11.0.1.170/255.255.255.255 + IP:11.0.1.171/255.255.255.255 + IP:11.0.1.172/255.255.255.255 + IP:11.0.1.173/255.255.255.255 + IP:11.0.1.174/255.255.255.255 + IP:11.0.1.175/255.255.255.255 + IP:11.0.1.176/255.255.255.255 + IP:11.0.1.177/255.255.255.255 + IP:11.0.1.178/255.255.255.255 + IP:11.0.1.179/255.255.255.255 + IP:11.0.1.180/255.255.255.255 + IP:11.0.1.181/255.255.255.255 + IP:11.0.1.182/255.255.255.255 + IP:11.0.1.183/255.255.255.255 + IP:11.0.1.184/255.255.255.255 + IP:11.0.1.185/255.255.255.255 + IP:11.0.1.186/255.255.255.255 + IP:11.0.1.187/255.255.255.255 + IP:11.0.1.188/255.255.255.255 + IP:11.0.1.189/255.255.255.255 + IP:11.0.1.190/255.255.255.255 + IP:11.0.1.191/255.255.255.255 + IP:11.0.1.192/255.255.255.255 + IP:11.0.1.193/255.255.255.255 + IP:11.0.1.194/255.255.255.255 + IP:11.0.1.195/255.255.255.255 + IP:11.0.1.196/255.255.255.255 + IP:11.0.1.197/255.255.255.255 + IP:11.0.1.198/255.255.255.255 + IP:11.0.1.199/255.255.255.255 + IP:11.0.1.200/255.255.255.255 + IP:11.0.1.201/255.255.255.255 + IP:11.0.1.202/255.255.255.255 + IP:11.0.1.203/255.255.255.255 + IP:11.0.1.204/255.255.255.255 + IP:11.0.1.205/255.255.255.255 + IP:11.0.1.206/255.255.255.255 + IP:11.0.1.207/255.255.255.255 + IP:11.0.1.208/255.255.255.255 + IP:11.0.1.209/255.255.255.255 + IP:11.0.1.210/255.255.255.255 + IP:11.0.1.211/255.255.255.255 + IP:11.0.1.212/255.255.255.255 + IP:11.0.1.213/255.255.255.255 + IP:11.0.1.214/255.255.255.255 + IP:11.0.1.215/255.255.255.255 + IP:11.0.1.216/255.255.255.255 + IP:11.0.1.217/255.255.255.255 + IP:11.0.1.218/255.255.255.255 + IP:11.0.1.219/255.255.255.255 + IP:11.0.1.220/255.255.255.255 + IP:11.0.1.221/255.255.255.255 + IP:11.0.1.222/255.255.255.255 + IP:11.0.1.223/255.255.255.255 + IP:11.0.1.224/255.255.255.255 + IP:11.0.1.225/255.255.255.255 + IP:11.0.1.226/255.255.255.255 + IP:11.0.1.227/255.255.255.255 + IP:11.0.1.228/255.255.255.255 + IP:11.0.1.229/255.255.255.255 + IP:11.0.1.230/255.255.255.255 + IP:11.0.1.231/255.255.255.255 + IP:11.0.1.232/255.255.255.255 + IP:11.0.1.233/255.255.255.255 + IP:11.0.1.234/255.255.255.255 + IP:11.0.1.235/255.255.255.255 + IP:11.0.1.236/255.255.255.255 + IP:11.0.1.237/255.255.255.255 + IP:11.0.1.238/255.255.255.255 + IP:11.0.1.239/255.255.255.255 + IP:11.0.1.240/255.255.255.255 + IP:11.0.1.241/255.255.255.255 + IP:11.0.1.242/255.255.255.255 + IP:11.0.1.243/255.255.255.255 + IP:11.0.1.244/255.255.255.255 + IP:11.0.1.245/255.255.255.255 + IP:11.0.1.246/255.255.255.255 + IP:11.0.1.247/255.255.255.255 + IP:11.0.1.248/255.255.255.255 + IP:11.0.1.249/255.255.255.255 + IP:11.0.1.250/255.255.255.255 + IP:11.0.1.251/255.255.255.255 + IP:11.0.1.252/255.255.255.255 + IP:11.0.1.253/255.255.255.255 + IP:11.0.1.254/255.255.255.255 + IP:11.0.1.255/255.255.255.255 + IP:11.0.2.0/255.255.255.255 + IP:11.0.2.1/255.255.255.255 + IP:11.0.2.2/255.255.255.255 + IP:11.0.2.3/255.255.255.255 + IP:11.0.2.4/255.255.255.255 + IP:11.0.2.5/255.255.255.255 + IP:11.0.2.6/255.255.255.255 + IP:11.0.2.7/255.255.255.255 + IP:11.0.2.8/255.255.255.255 + IP:11.0.2.9/255.255.255.255 + IP:11.0.2.10/255.255.255.255 + IP:11.0.2.11/255.255.255.255 + IP:11.0.2.12/255.255.255.255 + IP:11.0.2.13/255.255.255.255 + IP:11.0.2.14/255.255.255.255 + IP:11.0.2.15/255.255.255.255 + IP:11.0.2.16/255.255.255.255 + IP:11.0.2.17/255.255.255.255 + IP:11.0.2.18/255.255.255.255 + IP:11.0.2.19/255.255.255.255 + IP:11.0.2.20/255.255.255.255 + IP:11.0.2.21/255.255.255.255 + IP:11.0.2.22/255.255.255.255 + IP:11.0.2.23/255.255.255.255 + IP:11.0.2.24/255.255.255.255 + IP:11.0.2.25/255.255.255.255 + IP:11.0.2.26/255.255.255.255 + IP:11.0.2.27/255.255.255.255 + IP:11.0.2.28/255.255.255.255 + IP:11.0.2.29/255.255.255.255 + IP:11.0.2.30/255.255.255.255 + IP:11.0.2.31/255.255.255.255 + IP:11.0.2.32/255.255.255.255 + IP:11.0.2.33/255.255.255.255 + IP:11.0.2.34/255.255.255.255 + IP:11.0.2.35/255.255.255.255 + IP:11.0.2.36/255.255.255.255 + IP:11.0.2.37/255.255.255.255 + IP:11.0.2.38/255.255.255.255 + IP:11.0.2.39/255.255.255.255 + IP:11.0.2.40/255.255.255.255 + IP:11.0.2.41/255.255.255.255 + IP:11.0.2.42/255.255.255.255 + IP:11.0.2.43/255.255.255.255 + IP:11.0.2.44/255.255.255.255 + IP:11.0.2.45/255.255.255.255 + IP:11.0.2.46/255.255.255.255 + IP:11.0.2.47/255.255.255.255 + IP:11.0.2.48/255.255.255.255 + IP:11.0.2.49/255.255.255.255 + IP:11.0.2.50/255.255.255.255 + IP:11.0.2.51/255.255.255.255 + IP:11.0.2.52/255.255.255.255 + IP:11.0.2.53/255.255.255.255 + IP:11.0.2.54/255.255.255.255 + IP:11.0.2.55/255.255.255.255 + IP:11.0.2.56/255.255.255.255 + IP:11.0.2.57/255.255.255.255 + IP:11.0.2.58/255.255.255.255 + IP:11.0.2.59/255.255.255.255 + IP:11.0.2.60/255.255.255.255 + IP:11.0.2.61/255.255.255.255 + IP:11.0.2.62/255.255.255.255 + IP:11.0.2.63/255.255.255.255 + IP:11.0.2.64/255.255.255.255 + IP:11.0.2.65/255.255.255.255 + IP:11.0.2.66/255.255.255.255 + IP:11.0.2.67/255.255.255.255 + IP:11.0.2.68/255.255.255.255 + IP:11.0.2.69/255.255.255.255 + IP:11.0.2.70/255.255.255.255 + IP:11.0.2.71/255.255.255.255 + IP:11.0.2.72/255.255.255.255 + IP:11.0.2.73/255.255.255.255 + IP:11.0.2.74/255.255.255.255 + IP:11.0.2.75/255.255.255.255 + IP:11.0.2.76/255.255.255.255 + IP:11.0.2.77/255.255.255.255 + IP:11.0.2.78/255.255.255.255 + IP:11.0.2.79/255.255.255.255 + IP:11.0.2.80/255.255.255.255 + IP:11.0.2.81/255.255.255.255 + IP:11.0.2.82/255.255.255.255 + IP:11.0.2.83/255.255.255.255 + IP:11.0.2.84/255.255.255.255 + IP:11.0.2.85/255.255.255.255 + IP:11.0.2.86/255.255.255.255 + IP:11.0.2.87/255.255.255.255 + IP:11.0.2.88/255.255.255.255 + IP:11.0.2.89/255.255.255.255 + IP:11.0.2.90/255.255.255.255 + IP:11.0.2.91/255.255.255.255 + IP:11.0.2.92/255.255.255.255 + IP:11.0.2.93/255.255.255.255 + IP:11.0.2.94/255.255.255.255 + IP:11.0.2.95/255.255.255.255 + IP:11.0.2.96/255.255.255.255 + IP:11.0.2.97/255.255.255.255 + IP:11.0.2.98/255.255.255.255 + IP:11.0.2.99/255.255.255.255 + IP:11.0.2.100/255.255.255.255 + IP:11.0.2.101/255.255.255.255 + IP:11.0.2.102/255.255.255.255 + IP:11.0.2.103/255.255.255.255 + IP:11.0.2.104/255.255.255.255 + IP:11.0.2.105/255.255.255.255 + IP:11.0.2.106/255.255.255.255 + IP:11.0.2.107/255.255.255.255 + IP:11.0.2.108/255.255.255.255 + IP:11.0.2.109/255.255.255.255 + IP:11.0.2.110/255.255.255.255 + IP:11.0.2.111/255.255.255.255 + IP:11.0.2.112/255.255.255.255 + IP:11.0.2.113/255.255.255.255 + IP:11.0.2.114/255.255.255.255 + IP:11.0.2.115/255.255.255.255 + IP:11.0.2.116/255.255.255.255 + IP:11.0.2.117/255.255.255.255 + IP:11.0.2.118/255.255.255.255 + IP:11.0.2.119/255.255.255.255 + IP:11.0.2.120/255.255.255.255 + IP:11.0.2.121/255.255.255.255 + IP:11.0.2.122/255.255.255.255 + IP:11.0.2.123/255.255.255.255 + IP:11.0.2.124/255.255.255.255 + IP:11.0.2.125/255.255.255.255 + IP:11.0.2.126/255.255.255.255 + IP:11.0.2.127/255.255.255.255 + IP:11.0.2.128/255.255.255.255 + IP:11.0.2.129/255.255.255.255 + IP:11.0.2.130/255.255.255.255 + IP:11.0.2.131/255.255.255.255 + IP:11.0.2.132/255.255.255.255 + IP:11.0.2.133/255.255.255.255 + IP:11.0.2.134/255.255.255.255 + IP:11.0.2.135/255.255.255.255 + IP:11.0.2.136/255.255.255.255 + IP:11.0.2.137/255.255.255.255 + IP:11.0.2.138/255.255.255.255 + IP:11.0.2.139/255.255.255.255 + IP:11.0.2.140/255.255.255.255 + IP:11.0.2.141/255.255.255.255 + IP:11.0.2.142/255.255.255.255 + IP:11.0.2.143/255.255.255.255 + IP:11.0.2.144/255.255.255.255 + IP:11.0.2.145/255.255.255.255 + IP:11.0.2.146/255.255.255.255 + IP:11.0.2.147/255.255.255.255 + IP:11.0.2.148/255.255.255.255 + IP:11.0.2.149/255.255.255.255 + IP:11.0.2.150/255.255.255.255 + IP:11.0.2.151/255.255.255.255 + IP:11.0.2.152/255.255.255.255 + IP:11.0.2.153/255.255.255.255 + IP:11.0.2.154/255.255.255.255 + IP:11.0.2.155/255.255.255.255 + IP:11.0.2.156/255.255.255.255 + IP:11.0.2.157/255.255.255.255 + IP:11.0.2.158/255.255.255.255 + IP:11.0.2.159/255.255.255.255 + IP:11.0.2.160/255.255.255.255 + IP:11.0.2.161/255.255.255.255 + IP:11.0.2.162/255.255.255.255 + IP:11.0.2.163/255.255.255.255 + IP:11.0.2.164/255.255.255.255 + IP:11.0.2.165/255.255.255.255 + IP:11.0.2.166/255.255.255.255 + IP:11.0.2.167/255.255.255.255 + IP:11.0.2.168/255.255.255.255 + IP:11.0.2.169/255.255.255.255 + IP:11.0.2.170/255.255.255.255 + IP:11.0.2.171/255.255.255.255 + IP:11.0.2.172/255.255.255.255 + IP:11.0.2.173/255.255.255.255 + IP:11.0.2.174/255.255.255.255 + IP:11.0.2.175/255.255.255.255 + IP:11.0.2.176/255.255.255.255 + IP:11.0.2.177/255.255.255.255 + IP:11.0.2.178/255.255.255.255 + IP:11.0.2.179/255.255.255.255 + IP:11.0.2.180/255.255.255.255 + IP:11.0.2.181/255.255.255.255 + IP:11.0.2.182/255.255.255.255 + IP:11.0.2.183/255.255.255.255 + IP:11.0.2.184/255.255.255.255 + IP:11.0.2.185/255.255.255.255 + IP:11.0.2.186/255.255.255.255 + IP:11.0.2.187/255.255.255.255 + IP:11.0.2.188/255.255.255.255 + IP:11.0.2.189/255.255.255.255 + IP:11.0.2.190/255.255.255.255 + IP:11.0.2.191/255.255.255.255 + IP:11.0.2.192/255.255.255.255 + IP:11.0.2.193/255.255.255.255 + IP:11.0.2.194/255.255.255.255 + IP:11.0.2.195/255.255.255.255 + IP:11.0.2.196/255.255.255.255 + IP:11.0.2.197/255.255.255.255 + IP:11.0.2.198/255.255.255.255 + IP:11.0.2.199/255.255.255.255 + IP:11.0.2.200/255.255.255.255 + IP:11.0.2.201/255.255.255.255 + IP:11.0.2.202/255.255.255.255 + IP:11.0.2.203/255.255.255.255 + IP:11.0.2.204/255.255.255.255 + IP:11.0.2.205/255.255.255.255 + IP:11.0.2.206/255.255.255.255 + IP:11.0.2.207/255.255.255.255 + IP:11.0.2.208/255.255.255.255 + IP:11.0.2.209/255.255.255.255 + IP:11.0.2.210/255.255.255.255 + IP:11.0.2.211/255.255.255.255 + IP:11.0.2.212/255.255.255.255 + IP:11.0.2.213/255.255.255.255 + IP:11.0.2.214/255.255.255.255 + IP:11.0.2.215/255.255.255.255 + IP:11.0.2.216/255.255.255.255 + IP:11.0.2.217/255.255.255.255 + IP:11.0.2.218/255.255.255.255 + IP:11.0.2.219/255.255.255.255 + IP:11.0.2.220/255.255.255.255 + IP:11.0.2.221/255.255.255.255 + IP:11.0.2.222/255.255.255.255 + IP:11.0.2.223/255.255.255.255 + IP:11.0.2.224/255.255.255.255 + IP:11.0.2.225/255.255.255.255 + IP:11.0.2.226/255.255.255.255 + IP:11.0.2.227/255.255.255.255 + IP:11.0.2.228/255.255.255.255 + IP:11.0.2.229/255.255.255.255 + IP:11.0.2.230/255.255.255.255 + IP:11.0.2.231/255.255.255.255 + IP:11.0.2.232/255.255.255.255 + IP:11.0.2.233/255.255.255.255 + IP:11.0.2.234/255.255.255.255 + IP:11.0.2.235/255.255.255.255 + IP:11.0.2.236/255.255.255.255 + IP:11.0.2.237/255.255.255.255 + IP:11.0.2.238/255.255.255.255 + IP:11.0.2.239/255.255.255.255 + IP:11.0.2.240/255.255.255.255 + IP:11.0.2.241/255.255.255.255 + IP:11.0.2.242/255.255.255.255 + IP:11.0.2.243/255.255.255.255 + IP:11.0.2.244/255.255.255.255 + IP:11.0.2.245/255.255.255.255 + IP:11.0.2.246/255.255.255.255 + IP:11.0.2.247/255.255.255.255 + IP:11.0.2.248/255.255.255.255 + IP:11.0.2.249/255.255.255.255 + IP:11.0.2.250/255.255.255.255 + IP:11.0.2.251/255.255.255.255 + IP:11.0.2.252/255.255.255.255 + IP:11.0.2.253/255.255.255.255 + IP:11.0.2.254/255.255.255.255 + IP:11.0.2.255/255.255.255.255 + IP:11.0.3.0/255.255.255.255 + IP:11.0.3.1/255.255.255.255 + IP:11.0.3.2/255.255.255.255 + IP:11.0.3.3/255.255.255.255 + IP:11.0.3.4/255.255.255.255 + IP:11.0.3.5/255.255.255.255 + IP:11.0.3.6/255.255.255.255 + IP:11.0.3.7/255.255.255.255 + IP:11.0.3.8/255.255.255.255 + IP:11.0.3.9/255.255.255.255 + IP:11.0.3.10/255.255.255.255 + IP:11.0.3.11/255.255.255.255 + IP:11.0.3.12/255.255.255.255 + IP:11.0.3.13/255.255.255.255 + IP:11.0.3.14/255.255.255.255 + IP:11.0.3.15/255.255.255.255 + IP:11.0.3.16/255.255.255.255 + IP:11.0.3.17/255.255.255.255 + IP:11.0.3.18/255.255.255.255 + IP:11.0.3.19/255.255.255.255 + IP:11.0.3.20/255.255.255.255 + IP:11.0.3.21/255.255.255.255 + IP:11.0.3.22/255.255.255.255 + IP:11.0.3.23/255.255.255.255 + IP:11.0.3.24/255.255.255.255 + IP:11.0.3.25/255.255.255.255 + IP:11.0.3.26/255.255.255.255 + IP:11.0.3.27/255.255.255.255 + IP:11.0.3.28/255.255.255.255 + IP:11.0.3.29/255.255.255.255 + IP:11.0.3.30/255.255.255.255 + IP:11.0.3.31/255.255.255.255 + IP:11.0.3.32/255.255.255.255 + IP:11.0.3.33/255.255.255.255 + IP:11.0.3.34/255.255.255.255 + IP:11.0.3.35/255.255.255.255 + IP:11.0.3.36/255.255.255.255 + IP:11.0.3.37/255.255.255.255 + IP:11.0.3.38/255.255.255.255 + IP:11.0.3.39/255.255.255.255 + IP:11.0.3.40/255.255.255.255 + IP:11.0.3.41/255.255.255.255 + IP:11.0.3.42/255.255.255.255 + IP:11.0.3.43/255.255.255.255 + IP:11.0.3.44/255.255.255.255 + IP:11.0.3.45/255.255.255.255 + IP:11.0.3.46/255.255.255.255 + IP:11.0.3.47/255.255.255.255 + IP:11.0.3.48/255.255.255.255 + IP:11.0.3.49/255.255.255.255 + IP:11.0.3.50/255.255.255.255 + IP:11.0.3.51/255.255.255.255 + IP:11.0.3.52/255.255.255.255 + IP:11.0.3.53/255.255.255.255 + IP:11.0.3.54/255.255.255.255 + IP:11.0.3.55/255.255.255.255 + IP:11.0.3.56/255.255.255.255 + IP:11.0.3.57/255.255.255.255 + IP:11.0.3.58/255.255.255.255 + IP:11.0.3.59/255.255.255.255 + IP:11.0.3.60/255.255.255.255 + IP:11.0.3.61/255.255.255.255 + IP:11.0.3.62/255.255.255.255 + IP:11.0.3.63/255.255.255.255 + IP:11.0.3.64/255.255.255.255 + IP:11.0.3.65/255.255.255.255 + IP:11.0.3.66/255.255.255.255 + IP:11.0.3.67/255.255.255.255 + IP:11.0.3.68/255.255.255.255 + IP:11.0.3.69/255.255.255.255 + IP:11.0.3.70/255.255.255.255 + IP:11.0.3.71/255.255.255.255 + IP:11.0.3.72/255.255.255.255 + IP:11.0.3.73/255.255.255.255 + IP:11.0.3.74/255.255.255.255 + IP:11.0.3.75/255.255.255.255 + IP:11.0.3.76/255.255.255.255 + IP:11.0.3.77/255.255.255.255 + IP:11.0.3.78/255.255.255.255 + IP:11.0.3.79/255.255.255.255 + IP:11.0.3.80/255.255.255.255 + IP:11.0.3.81/255.255.255.255 + IP:11.0.3.82/255.255.255.255 + IP:11.0.3.83/255.255.255.255 + IP:11.0.3.84/255.255.255.255 + IP:11.0.3.85/255.255.255.255 + IP:11.0.3.86/255.255.255.255 + IP:11.0.3.87/255.255.255.255 + IP:11.0.3.88/255.255.255.255 + IP:11.0.3.89/255.255.255.255 + IP:11.0.3.90/255.255.255.255 + IP:11.0.3.91/255.255.255.255 + IP:11.0.3.92/255.255.255.255 + IP:11.0.3.93/255.255.255.255 + IP:11.0.3.94/255.255.255.255 + IP:11.0.3.95/255.255.255.255 + IP:11.0.3.96/255.255.255.255 + IP:11.0.3.97/255.255.255.255 + IP:11.0.3.98/255.255.255.255 + IP:11.0.3.99/255.255.255.255 + IP:11.0.3.100/255.255.255.255 + IP:11.0.3.101/255.255.255.255 + IP:11.0.3.102/255.255.255.255 + IP:11.0.3.103/255.255.255.255 + IP:11.0.3.104/255.255.255.255 + IP:11.0.3.105/255.255.255.255 + IP:11.0.3.106/255.255.255.255 + IP:11.0.3.107/255.255.255.255 + IP:11.0.3.108/255.255.255.255 + IP:11.0.3.109/255.255.255.255 + IP:11.0.3.110/255.255.255.255 + IP:11.0.3.111/255.255.255.255 + IP:11.0.3.112/255.255.255.255 + IP:11.0.3.113/255.255.255.255 + IP:11.0.3.114/255.255.255.255 + IP:11.0.3.115/255.255.255.255 + IP:11.0.3.116/255.255.255.255 + IP:11.0.3.117/255.255.255.255 + IP:11.0.3.118/255.255.255.255 + IP:11.0.3.119/255.255.255.255 + IP:11.0.3.120/255.255.255.255 + IP:11.0.3.121/255.255.255.255 + IP:11.0.3.122/255.255.255.255 + IP:11.0.3.123/255.255.255.255 + IP:11.0.3.124/255.255.255.255 + IP:11.0.3.125/255.255.255.255 + IP:11.0.3.126/255.255.255.255 + IP:11.0.3.127/255.255.255.255 + IP:11.0.3.128/255.255.255.255 + IP:11.0.3.129/255.255.255.255 + IP:11.0.3.130/255.255.255.255 + IP:11.0.3.131/255.255.255.255 + IP:11.0.3.132/255.255.255.255 + IP:11.0.3.133/255.255.255.255 + IP:11.0.3.134/255.255.255.255 + IP:11.0.3.135/255.255.255.255 + IP:11.0.3.136/255.255.255.255 + IP:11.0.3.137/255.255.255.255 + IP:11.0.3.138/255.255.255.255 + IP:11.0.3.139/255.255.255.255 + IP:11.0.3.140/255.255.255.255 + IP:11.0.3.141/255.255.255.255 + IP:11.0.3.142/255.255.255.255 + IP:11.0.3.143/255.255.255.255 + IP:11.0.3.144/255.255.255.255 + IP:11.0.3.145/255.255.255.255 + IP:11.0.3.146/255.255.255.255 + IP:11.0.3.147/255.255.255.255 + IP:11.0.3.148/255.255.255.255 + IP:11.0.3.149/255.255.255.255 + IP:11.0.3.150/255.255.255.255 + IP:11.0.3.151/255.255.255.255 + IP:11.0.3.152/255.255.255.255 + IP:11.0.3.153/255.255.255.255 + IP:11.0.3.154/255.255.255.255 + IP:11.0.3.155/255.255.255.255 + IP:11.0.3.156/255.255.255.255 + IP:11.0.3.157/255.255.255.255 + IP:11.0.3.158/255.255.255.255 + IP:11.0.3.159/255.255.255.255 + IP:11.0.3.160/255.255.255.255 + IP:11.0.3.161/255.255.255.255 + IP:11.0.3.162/255.255.255.255 + IP:11.0.3.163/255.255.255.255 + IP:11.0.3.164/255.255.255.255 + IP:11.0.3.165/255.255.255.255 + IP:11.0.3.166/255.255.255.255 + IP:11.0.3.167/255.255.255.255 + IP:11.0.3.168/255.255.255.255 + IP:11.0.3.169/255.255.255.255 + IP:11.0.3.170/255.255.255.255 + IP:11.0.3.171/255.255.255.255 + IP:11.0.3.172/255.255.255.255 + IP:11.0.3.173/255.255.255.255 + IP:11.0.3.174/255.255.255.255 + IP:11.0.3.175/255.255.255.255 + IP:11.0.3.176/255.255.255.255 + IP:11.0.3.177/255.255.255.255 + IP:11.0.3.178/255.255.255.255 + IP:11.0.3.179/255.255.255.255 + IP:11.0.3.180/255.255.255.255 + IP:11.0.3.181/255.255.255.255 + IP:11.0.3.182/255.255.255.255 + IP:11.0.3.183/255.255.255.255 + IP:11.0.3.184/255.255.255.255 + IP:11.0.3.185/255.255.255.255 + IP:11.0.3.186/255.255.255.255 + IP:11.0.3.187/255.255.255.255 + IP:11.0.3.188/255.255.255.255 + IP:11.0.3.189/255.255.255.255 + IP:11.0.3.190/255.255.255.255 + IP:11.0.3.191/255.255.255.255 + IP:11.0.3.192/255.255.255.255 + IP:11.0.3.193/255.255.255.255 + IP:11.0.3.194/255.255.255.255 + IP:11.0.3.195/255.255.255.255 + IP:11.0.3.196/255.255.255.255 + IP:11.0.3.197/255.255.255.255 + IP:11.0.3.198/255.255.255.255 + IP:11.0.3.199/255.255.255.255 + IP:11.0.3.200/255.255.255.255 + IP:11.0.3.201/255.255.255.255 + IP:11.0.3.202/255.255.255.255 + IP:11.0.3.203/255.255.255.255 + IP:11.0.3.204/255.255.255.255 + IP:11.0.3.205/255.255.255.255 + IP:11.0.3.206/255.255.255.255 + IP:11.0.3.207/255.255.255.255 + IP:11.0.3.208/255.255.255.255 + IP:11.0.3.209/255.255.255.255 + IP:11.0.3.210/255.255.255.255 + IP:11.0.3.211/255.255.255.255 + IP:11.0.3.212/255.255.255.255 + IP:11.0.3.213/255.255.255.255 + IP:11.0.3.214/255.255.255.255 + IP:11.0.3.215/255.255.255.255 + IP:11.0.3.216/255.255.255.255 + IP:11.0.3.217/255.255.255.255 + IP:11.0.3.218/255.255.255.255 + IP:11.0.3.219/255.255.255.255 + IP:11.0.3.220/255.255.255.255 + IP:11.0.3.221/255.255.255.255 + IP:11.0.3.222/255.255.255.255 + IP:11.0.3.223/255.255.255.255 + IP:11.0.3.224/255.255.255.255 + IP:11.0.3.225/255.255.255.255 + IP:11.0.3.226/255.255.255.255 + IP:11.0.3.227/255.255.255.255 + IP:11.0.3.228/255.255.255.255 + IP:11.0.3.229/255.255.255.255 + IP:11.0.3.230/255.255.255.255 + IP:11.0.3.231/255.255.255.255 + IP:11.0.3.232/255.255.255.255 + IP:11.0.3.233/255.255.255.255 + IP:11.0.3.234/255.255.255.255 + IP:11.0.3.235/255.255.255.255 + IP:11.0.3.236/255.255.255.255 + IP:11.0.3.237/255.255.255.255 + IP:11.0.3.238/255.255.255.255 + IP:11.0.3.239/255.255.255.255 + IP:11.0.3.240/255.255.255.255 + IP:11.0.3.241/255.255.255.255 + IP:11.0.3.242/255.255.255.255 + IP:11.0.3.243/255.255.255.255 + IP:11.0.3.244/255.255.255.255 + IP:11.0.3.245/255.255.255.255 + IP:11.0.3.246/255.255.255.255 + IP:11.0.3.247/255.255.255.255 + IP:11.0.3.248/255.255.255.255 + IP:11.0.3.249/255.255.255.255 + IP:11.0.3.250/255.255.255.255 + IP:11.0.3.251/255.255.255.255 + IP:11.0.3.252/255.255.255.255 + IP:11.0.3.253/255.255.255.255 + IP:11.0.3.254/255.255.255.255 + IP:11.0.3.255/255.255.255.255 + IP:11.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 7a:02:f3:cd:04:f5:98:dc:c0:7a:aa:25:b5:a1:72:e5:09:99: + 3f:b8:54:a2:b7:28:72:61:af:46:c0:09:cc:63:fd:d4:1b:a6: + 36:c5:e2:62:bb:aa:71:f7:92:d2:7a:07:1b:35:ec:c7:2f:ad: + 44:86:6b:43:df:7a:49:05:ac:33:80:81:77:15:76:fb:be:03: + df:89:76:72:1e:c6:7a:ee:01:84:35:4f:a9:7f:67:5a:a5:e0: + 01:df:83:ac:02:ff:9f:77:d8:57:fc:07:ce:87:d1:24:e8:c0: + ac:dd:9b:46:3a:70:86:f9:94:02:c5:63:75:f6:70:10:55:99: + 14:11:57:22:65:30:56:54:2b:95:db:36:02:72:b0:95:87:98: + 87:42:40:44:ff:4a:16:9e:f8:14:c4:b4:d5:ea:a8:06:b4:7b: + fb:eb:0d:45:35:db:8b:1a:3d:2c:df:39:d4:cd:9e:54:e8:e8: + 4f:37:1c:42:25:45:52:e6:c4:42:e7:85:f5:c7:3d:25:db:7f: + a0:29:4d:35:26:f4:d9:c1:4b:64:08:a7:66:fa:8f:4c:d3:94: + bf:8e:60:f3:53:bc:e9:83:c4:96:a1:97:66:27:df:55:90:1f: + 01:8e:6f:90:89:57:18:da:81:26:f1:f4:ad:74:1f:3b:2a:63: + 53:bf:2a:3e +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKGCMAwwCocICwAAAP////8wCocICwAAAf////8w +CocICwAAAv////8wCocICwAAA/////8wCocICwAABP////8wCocICwAABf////8w +CocICwAABv////8wCocICwAAB/////8wCocICwAACP////8wCocICwAACf////8w +CocICwAACv////8wCocICwAAC/////8wCocICwAADP////8wCocICwAADf////8w +CocICwAADv////8wCocICwAAD/////8wCocICwAAEP////8wCocICwAAEf////8w +CocICwAAEv////8wCocICwAAE/////8wCocICwAAFP////8wCocICwAAFf////8w +CocICwAAFv////8wCocICwAAF/////8wCocICwAAGP////8wCocICwAAGf////8w +CocICwAAGv////8wCocICwAAG/////8wCocICwAAHP////8wCocICwAAHf////8w +CocICwAAHv////8wCocICwAAH/////8wCocICwAAIP////8wCocICwAAIf////8w +CocICwAAIv////8wCocICwAAI/////8wCocICwAAJP////8wCocICwAAJf////8w +CocICwAAJv////8wCocICwAAJ/////8wCocICwAAKP////8wCocICwAAKf////8w +CocICwAAKv////8wCocICwAAK/////8wCocICwAALP////8wCocICwAALf////8w +CocICwAALv////8wCocICwAAL/////8wCocICwAAMP////8wCocICwAAMf////8w +CocICwAAMv////8wCocICwAAM/////8wCocICwAANP////8wCocICwAANf////8w +CocICwAANv////8wCocICwAAN/////8wCocICwAAOP////8wCocICwAAOf////8w +CocICwAAOv////8wCocICwAAO/////8wCocICwAAPP////8wCocICwAAPf////8w +CocICwAAPv////8wCocICwAAP/////8wCocICwAAQP////8wCocICwAAQf////8w +CocICwAAQv////8wCocICwAAQ/////8wCocICwAARP////8wCocICwAARf////8w +CocICwAARv////8wCocICwAAR/////8wCocICwAASP////8wCocICwAASf////8w +CocICwAASv////8wCocICwAAS/////8wCocICwAATP////8wCocICwAATf////8w +CocICwAATv////8wCocICwAAT/////8wCocICwAAUP////8wCocICwAAUf////8w +CocICwAAUv////8wCocICwAAU/////8wCocICwAAVP////8wCocICwAAVf////8w +CocICwAAVv////8wCocICwAAV/////8wCocICwAAWP////8wCocICwAAWf////8w +CocICwAAWv////8wCocICwAAW/////8wCocICwAAXP////8wCocICwAAXf////8w +CocICwAAXv////8wCocICwAAX/////8wCocICwAAYP////8wCocICwAAYf////8w +CocICwAAYv////8wCocICwAAY/////8wCocICwAAZP////8wCocICwAAZf////8w +CocICwAAZv////8wCocICwAAZ/////8wCocICwAAaP////8wCocICwAAaf////8w +CocICwAAav////8wCocICwAAa/////8wCocICwAAbP////8wCocICwAAbf////8w +CocICwAAbv////8wCocICwAAb/////8wCocICwAAcP////8wCocICwAAcf////8w +CocICwAAcv////8wCocICwAAc/////8wCocICwAAdP////8wCocICwAAdf////8w +CocICwAAdv////8wCocICwAAd/////8wCocICwAAeP////8wCocICwAAef////8w +CocICwAAev////8wCocICwAAe/////8wCocICwAAfP////8wCocICwAAff////8w +CocICwAAfv////8wCocICwAAf/////8wCocICwAAgP////8wCocICwAAgf////8w +CocICwAAgv////8wCocICwAAg/////8wCocICwAAhP////8wCocICwAAhf////8w +CocICwAAhv////8wCocICwAAh/////8wCocICwAAiP////8wCocICwAAif////8w +CocICwAAiv////8wCocICwAAi/////8wCocICwAAjP////8wCocICwAAjf////8w +CocICwAAjv////8wCocICwAAj/////8wCocICwAAkP////8wCocICwAAkf////8w +CocICwAAkv////8wCocICwAAk/////8wCocICwAAlP////8wCocICwAAlf////8w +CocICwAAlv////8wCocICwAAl/////8wCocICwAAmP////8wCocICwAAmf////8w +CocICwAAmv////8wCocICwAAm/////8wCocICwAAnP////8wCocICwAAnf////8w +CocICwAAnv////8wCocICwAAn/////8wCocICwAAoP////8wCocICwAAof////8w +CocICwAAov////8wCocICwAAo/////8wCocICwAApP////8wCocICwAApf////8w +CocICwAApv////8wCocICwAAp/////8wCocICwAAqP////8wCocICwAAqf////8w +CocICwAAqv////8wCocICwAAq/////8wCocICwAArP////8wCocICwAArf////8w +CocICwAArv////8wCocICwAAr/////8wCocICwAAsP////8wCocICwAAsf////8w +CocICwAAsv////8wCocICwAAs/////8wCocICwAAtP////8wCocICwAAtf////8w +CocICwAAtv////8wCocICwAAt/////8wCocICwAAuP////8wCocICwAAuf////8w +CocICwAAuv////8wCocICwAAu/////8wCocICwAAvP////8wCocICwAAvf////8w +CocICwAAvv////8wCocICwAAv/////8wCocICwAAwP////8wCocICwAAwf////8w +CocICwAAwv////8wCocICwAAw/////8wCocICwAAxP////8wCocICwAAxf////8w +CocICwAAxv////8wCocICwAAx/////8wCocICwAAyP////8wCocICwAAyf////8w +CocICwAAyv////8wCocICwAAy/////8wCocICwAAzP////8wCocICwAAzf////8w +CocICwAAzv////8wCocICwAAz/////8wCocICwAA0P////8wCocICwAA0f////8w +CocICwAA0v////8wCocICwAA0/////8wCocICwAA1P////8wCocICwAA1f////8w +CocICwAA1v////8wCocICwAA1/////8wCocICwAA2P////8wCocICwAA2f////8w +CocICwAA2v////8wCocICwAA2/////8wCocICwAA3P////8wCocICwAA3f////8w +CocICwAA3v////8wCocICwAA3/////8wCocICwAA4P////8wCocICwAA4f////8w +CocICwAA4v////8wCocICwAA4/////8wCocICwAA5P////8wCocICwAA5f////8w +CocICwAA5v////8wCocICwAA5/////8wCocICwAA6P////8wCocICwAA6f////8w +CocICwAA6v////8wCocICwAA6/////8wCocICwAA7P////8wCocICwAA7f////8w +CocICwAA7v////8wCocICwAA7/////8wCocICwAA8P////8wCocICwAA8f////8w +CocICwAA8v////8wCocICwAA8/////8wCocICwAA9P////8wCocICwAA9f////8w +CocICwAA9v////8wCocICwAA9/////8wCocICwAA+P////8wCocICwAA+f////8w +CocICwAA+v////8wCocICwAA+/////8wCocICwAA/P////8wCocICwAA/f////8w +CocICwAA/v////8wCocICwAA//////8wCocICwABAP////8wCocICwABAf////8w +CocICwABAv////8wCocICwABA/////8wCocICwABBP////8wCocICwABBf////8w +CocICwABBv////8wCocICwABB/////8wCocICwABCP////8wCocICwABCf////8w +CocICwABCv////8wCocICwABC/////8wCocICwABDP////8wCocICwABDf////8w +CocICwABDv////8wCocICwABD/////8wCocICwABEP////8wCocICwABEf////8w +CocICwABEv////8wCocICwABE/////8wCocICwABFP////8wCocICwABFf////8w +CocICwABFv////8wCocICwABF/////8wCocICwABGP////8wCocICwABGf////8w +CocICwABGv////8wCocICwABG/////8wCocICwABHP////8wCocICwABHf////8w +CocICwABHv////8wCocICwABH/////8wCocICwABIP////8wCocICwABIf////8w +CocICwABIv////8wCocICwABI/////8wCocICwABJP////8wCocICwABJf////8w +CocICwABJv////8wCocICwABJ/////8wCocICwABKP////8wCocICwABKf////8w +CocICwABKv////8wCocICwABK/////8wCocICwABLP////8wCocICwABLf////8w +CocICwABLv////8wCocICwABL/////8wCocICwABMP////8wCocICwABMf////8w +CocICwABMv////8wCocICwABM/////8wCocICwABNP////8wCocICwABNf////8w +CocICwABNv////8wCocICwABN/////8wCocICwABOP////8wCocICwABOf////8w +CocICwABOv////8wCocICwABO/////8wCocICwABPP////8wCocICwABPf////8w +CocICwABPv////8wCocICwABP/////8wCocICwABQP////8wCocICwABQf////8w +CocICwABQv////8wCocICwABQ/////8wCocICwABRP////8wCocICwABRf////8w +CocICwABRv////8wCocICwABR/////8wCocICwABSP////8wCocICwABSf////8w +CocICwABSv////8wCocICwABS/////8wCocICwABTP////8wCocICwABTf////8w +CocICwABTv////8wCocICwABT/////8wCocICwABUP////8wCocICwABUf////8w +CocICwABUv////8wCocICwABU/////8wCocICwABVP////8wCocICwABVf////8w +CocICwABVv////8wCocICwABV/////8wCocICwABWP////8wCocICwABWf////8w +CocICwABWv////8wCocICwABW/////8wCocICwABXP////8wCocICwABXf////8w +CocICwABXv////8wCocICwABX/////8wCocICwABYP////8wCocICwABYf////8w +CocICwABYv////8wCocICwABY/////8wCocICwABZP////8wCocICwABZf////8w +CocICwABZv////8wCocICwABZ/////8wCocICwABaP////8wCocICwABaf////8w +CocICwABav////8wCocICwABa/////8wCocICwABbP////8wCocICwABbf////8w +CocICwABbv////8wCocICwABb/////8wCocICwABcP////8wCocICwABcf////8w +CocICwABcv////8wCocICwABc/////8wCocICwABdP////8wCocICwABdf////8w +CocICwABdv////8wCocICwABd/////8wCocICwABeP////8wCocICwABef////8w +CocICwABev////8wCocICwABe/////8wCocICwABfP////8wCocICwABff////8w +CocICwABfv////8wCocICwABf/////8wCocICwABgP////8wCocICwABgf////8w +CocICwABgv////8wCocICwABg/////8wCocICwABhP////8wCocICwABhf////8w +CocICwABhv////8wCocICwABh/////8wCocICwABiP////8wCocICwABif////8w +CocICwABiv////8wCocICwABi/////8wCocICwABjP////8wCocICwABjf////8w +CocICwABjv////8wCocICwABj/////8wCocICwABkP////8wCocICwABkf////8w +CocICwABkv////8wCocICwABk/////8wCocICwABlP////8wCocICwABlf////8w +CocICwABlv////8wCocICwABl/////8wCocICwABmP////8wCocICwABmf////8w +CocICwABmv////8wCocICwABm/////8wCocICwABnP////8wCocICwABnf////8w +CocICwABnv////8wCocICwABn/////8wCocICwABoP////8wCocICwABof////8w +CocICwABov////8wCocICwABo/////8wCocICwABpP////8wCocICwABpf////8w +CocICwABpv////8wCocICwABp/////8wCocICwABqP////8wCocICwABqf////8w +CocICwABqv////8wCocICwABq/////8wCocICwABrP////8wCocICwABrf////8w +CocICwABrv////8wCocICwABr/////8wCocICwABsP////8wCocICwABsf////8w +CocICwABsv////8wCocICwABs/////8wCocICwABtP////8wCocICwABtf////8w +CocICwABtv////8wCocICwABt/////8wCocICwABuP////8wCocICwABuf////8w +CocICwABuv////8wCocICwABu/////8wCocICwABvP////8wCocICwABvf////8w +CocICwABvv////8wCocICwABv/////8wCocICwABwP////8wCocICwABwf////8w +CocICwABwv////8wCocICwABw/////8wCocICwABxP////8wCocICwABxf////8w +CocICwABxv////8wCocICwABx/////8wCocICwAByP////8wCocICwAByf////8w +CocICwAByv////8wCocICwABy/////8wCocICwABzP////8wCocICwABzf////8w +CocICwABzv////8wCocICwABz/////8wCocICwAB0P////8wCocICwAB0f////8w +CocICwAB0v////8wCocICwAB0/////8wCocICwAB1P////8wCocICwAB1f////8w +CocICwAB1v////8wCocICwAB1/////8wCocICwAB2P////8wCocICwAB2f////8w +CocICwAB2v////8wCocICwAB2/////8wCocICwAB3P////8wCocICwAB3f////8w +CocICwAB3v////8wCocICwAB3/////8wCocICwAB4P////8wCocICwAB4f////8w +CocICwAB4v////8wCocICwAB4/////8wCocICwAB5P////8wCocICwAB5f////8w +CocICwAB5v////8wCocICwAB5/////8wCocICwAB6P////8wCocICwAB6f////8w +CocICwAB6v////8wCocICwAB6/////8wCocICwAB7P////8wCocICwAB7f////8w +CocICwAB7v////8wCocICwAB7/////8wCocICwAB8P////8wCocICwAB8f////8w +CocICwAB8v////8wCocICwAB8/////8wCocICwAB9P////8wCocICwAB9f////8w +CocICwAB9v////8wCocICwAB9/////8wCocICwAB+P////8wCocICwAB+f////8w +CocICwAB+v////8wCocICwAB+/////8wCocICwAB/P////8wCocICwAB/f////8w +CocICwAB/v////8wCocICwAB//////8wCocICwACAP////8wCocICwACAf////8w +CocICwACAv////8wCocICwACA/////8wCocICwACBP////8wCocICwACBf////8w +CocICwACBv////8wCocICwACB/////8wCocICwACCP////8wCocICwACCf////8w +CocICwACCv////8wCocICwACC/////8wCocICwACDP////8wCocICwACDf////8w +CocICwACDv////8wCocICwACD/////8wCocICwACEP////8wCocICwACEf////8w +CocICwACEv////8wCocICwACE/////8wCocICwACFP////8wCocICwACFf////8w +CocICwACFv////8wCocICwACF/////8wCocICwACGP////8wCocICwACGf////8w +CocICwACGv////8wCocICwACG/////8wCocICwACHP////8wCocICwACHf////8w +CocICwACHv////8wCocICwACH/////8wCocICwACIP////8wCocICwACIf////8w +CocICwACIv////8wCocICwACI/////8wCocICwACJP////8wCocICwACJf////8w +CocICwACJv////8wCocICwACJ/////8wCocICwACKP////8wCocICwACKf////8w +CocICwACKv////8wCocICwACK/////8wCocICwACLP////8wCocICwACLf////8w +CocICwACLv////8wCocICwACL/////8wCocICwACMP////8wCocICwACMf////8w +CocICwACMv////8wCocICwACM/////8wCocICwACNP////8wCocICwACNf////8w +CocICwACNv////8wCocICwACN/////8wCocICwACOP////8wCocICwACOf////8w +CocICwACOv////8wCocICwACO/////8wCocICwACPP////8wCocICwACPf////8w +CocICwACPv////8wCocICwACP/////8wCocICwACQP////8wCocICwACQf////8w +CocICwACQv////8wCocICwACQ/////8wCocICwACRP////8wCocICwACRf////8w +CocICwACRv////8wCocICwACR/////8wCocICwACSP////8wCocICwACSf////8w +CocICwACSv////8wCocICwACS/////8wCocICwACTP////8wCocICwACTf////8w +CocICwACTv////8wCocICwACT/////8wCocICwACUP////8wCocICwACUf////8w +CocICwACUv////8wCocICwACU/////8wCocICwACVP////8wCocICwACVf////8w +CocICwACVv////8wCocICwACV/////8wCocICwACWP////8wCocICwACWf////8w +CocICwACWv////8wCocICwACW/////8wCocICwACXP////8wCocICwACXf////8w +CocICwACXv////8wCocICwACX/////8wCocICwACYP////8wCocICwACYf////8w +CocICwACYv////8wCocICwACY/////8wCocICwACZP////8wCocICwACZf////8w +CocICwACZv////8wCocICwACZ/////8wCocICwACaP////8wCocICwACaf////8w +CocICwACav////8wCocICwACa/////8wCocICwACbP////8wCocICwACbf////8w +CocICwACbv////8wCocICwACb/////8wCocICwACcP////8wCocICwACcf////8w +CocICwACcv////8wCocICwACc/////8wCocICwACdP////8wCocICwACdf////8w +CocICwACdv////8wCocICwACd/////8wCocICwACeP////8wCocICwACef////8w +CocICwACev////8wCocICwACe/////8wCocICwACfP////8wCocICwACff////8w +CocICwACfv////8wCocICwACf/////8wCocICwACgP////8wCocICwACgf////8w +CocICwACgv////8wCocICwACg/////8wCocICwAChP////8wCocICwAChf////8w +CocICwAChv////8wCocICwACh/////8wCocICwACiP////8wCocICwACif////8w +CocICwACiv////8wCocICwACi/////8wCocICwACjP////8wCocICwACjf////8w +CocICwACjv////8wCocICwACj/////8wCocICwACkP////8wCocICwACkf////8w +CocICwACkv////8wCocICwACk/////8wCocICwAClP////8wCocICwAClf////8w +CocICwAClv////8wCocICwACl/////8wCocICwACmP////8wCocICwACmf////8w +CocICwACmv////8wCocICwACm/////8wCocICwACnP////8wCocICwACnf////8w +CocICwACnv////8wCocICwACn/////8wCocICwACoP////8wCocICwACof////8w +CocICwACov////8wCocICwACo/////8wCocICwACpP////8wCocICwACpf////8w +CocICwACpv////8wCocICwACp/////8wCocICwACqP////8wCocICwACqf////8w +CocICwACqv////8wCocICwACq/////8wCocICwACrP////8wCocICwACrf////8w +CocICwACrv////8wCocICwACr/////8wCocICwACsP////8wCocICwACsf////8w +CocICwACsv////8wCocICwACs/////8wCocICwACtP////8wCocICwACtf////8w +CocICwACtv////8wCocICwACt/////8wCocICwACuP////8wCocICwACuf////8w +CocICwACuv////8wCocICwACu/////8wCocICwACvP////8wCocICwACvf////8w +CocICwACvv////8wCocICwACv/////8wCocICwACwP////8wCocICwACwf////8w +CocICwACwv////8wCocICwACw/////8wCocICwACxP////8wCocICwACxf////8w +CocICwACxv////8wCocICwACx/////8wCocICwACyP////8wCocICwACyf////8w +CocICwACyv////8wCocICwACy/////8wCocICwACzP////8wCocICwACzf////8w +CocICwACzv////8wCocICwACz/////8wCocICwAC0P////8wCocICwAC0f////8w +CocICwAC0v////8wCocICwAC0/////8wCocICwAC1P////8wCocICwAC1f////8w +CocICwAC1v////8wCocICwAC1/////8wCocICwAC2P////8wCocICwAC2f////8w +CocICwAC2v////8wCocICwAC2/////8wCocICwAC3P////8wCocICwAC3f////8w +CocICwAC3v////8wCocICwAC3/////8wCocICwAC4P////8wCocICwAC4f////8w +CocICwAC4v////8wCocICwAC4/////8wCocICwAC5P////8wCocICwAC5f////8w +CocICwAC5v////8wCocICwAC5/////8wCocICwAC6P////8wCocICwAC6f////8w +CocICwAC6v////8wCocICwAC6/////8wCocICwAC7P////8wCocICwAC7f////8w +CocICwAC7v////8wCocICwAC7/////8wCocICwAC8P////8wCocICwAC8f////8w +CocICwAC8v////8wCocICwAC8/////8wCocICwAC9P////8wCocICwAC9f////8w +CocICwAC9v////8wCocICwAC9/////8wCocICwAC+P////8wCocICwAC+f////8w +CocICwAC+v////8wCocICwAC+/////8wCocICwAC/P////8wCocICwAC/f////8w +CocICwAC/v////8wCocICwAC//////8wCocICwADAP////8wCocICwADAf////8w +CocICwADAv////8wCocICwADA/////8wCocICwADBP////8wCocICwADBf////8w +CocICwADBv////8wCocICwADB/////8wCocICwADCP////8wCocICwADCf////8w +CocICwADCv////8wCocICwADC/////8wCocICwADDP////8wCocICwADDf////8w +CocICwADDv////8wCocICwADD/////8wCocICwADEP////8wCocICwADEf////8w +CocICwADEv////8wCocICwADE/////8wCocICwADFP////8wCocICwADFf////8w +CocICwADFv////8wCocICwADF/////8wCocICwADGP////8wCocICwADGf////8w +CocICwADGv////8wCocICwADG/////8wCocICwADHP////8wCocICwADHf////8w +CocICwADHv////8wCocICwADH/////8wCocICwADIP////8wCocICwADIf////8w +CocICwADIv////8wCocICwADI/////8wCocICwADJP////8wCocICwADJf////8w +CocICwADJv////8wCocICwADJ/////8wCocICwADKP////8wCocICwADKf////8w +CocICwADKv////8wCocICwADK/////8wCocICwADLP////8wCocICwADLf////8w +CocICwADLv////8wCocICwADL/////8wCocICwADMP////8wCocICwADMf////8w +CocICwADMv////8wCocICwADM/////8wCocICwADNP////8wCocICwADNf////8w +CocICwADNv////8wCocICwADN/////8wCocICwADOP////8wCocICwADOf////8w +CocICwADOv////8wCocICwADO/////8wCocICwADPP////8wCocICwADPf////8w +CocICwADPv////8wCocICwADP/////8wCocICwADQP////8wCocICwADQf////8w +CocICwADQv////8wCocICwADQ/////8wCocICwADRP////8wCocICwADRf////8w +CocICwADRv////8wCocICwADR/////8wCocICwADSP////8wCocICwADSf////8w +CocICwADSv////8wCocICwADS/////8wCocICwADTP////8wCocICwADTf////8w +CocICwADTv////8wCocICwADT/////8wCocICwADUP////8wCocICwADUf////8w +CocICwADUv////8wCocICwADU/////8wCocICwADVP////8wCocICwADVf////8w +CocICwADVv////8wCocICwADV/////8wCocICwADWP////8wCocICwADWf////8w +CocICwADWv////8wCocICwADW/////8wCocICwADXP////8wCocICwADXf////8w +CocICwADXv////8wCocICwADX/////8wCocICwADYP////8wCocICwADYf////8w +CocICwADYv////8wCocICwADY/////8wCocICwADZP////8wCocICwADZf////8w +CocICwADZv////8wCocICwADZ/////8wCocICwADaP////8wCocICwADaf////8w +CocICwADav////8wCocICwADa/////8wCocICwADbP////8wCocICwADbf////8w +CocICwADbv////8wCocICwADb/////8wCocICwADcP////8wCocICwADcf////8w +CocICwADcv////8wCocICwADc/////8wCocICwADdP////8wCocICwADdf////8w +CocICwADdv////8wCocICwADd/////8wCocICwADeP////8wCocICwADef////8w +CocICwADev////8wCocICwADe/////8wCocICwADfP////8wCocICwADff////8w +CocICwADfv////8wCocICwADf/////8wCocICwADgP////8wCocICwADgf////8w +CocICwADgv////8wCocICwADg/////8wCocICwADhP////8wCocICwADhf////8w +CocICwADhv////8wCocICwADh/////8wCocICwADiP////8wCocICwADif////8w +CocICwADiv////8wCocICwADi/////8wCocICwADjP////8wCocICwADjf////8w +CocICwADjv////8wCocICwADj/////8wCocICwADkP////8wCocICwADkf////8w +CocICwADkv////8wCocICwADk/////8wCocICwADlP////8wCocICwADlf////8w +CocICwADlv////8wCocICwADl/////8wCocICwADmP////8wCocICwADmf////8w +CocICwADmv////8wCocICwADm/////8wCocICwADnP////8wCocICwADnf////8w +CocICwADnv////8wCocICwADn/////8wCocICwADoP////8wCocICwADof////8w +CocICwADov////8wCocICwADo/////8wCocICwADpP////8wCocICwADpf////8w +CocICwADpv////8wCocICwADp/////8wCocICwADqP////8wCocICwADqf////8w +CocICwADqv////8wCocICwADq/////8wCocICwADrP////8wCocICwADrf////8w +CocICwADrv////8wCocICwADr/////8wCocICwADsP////8wCocICwADsf////8w +CocICwADsv////8wCocICwADs/////8wCocICwADtP////8wCocICwADtf////8w +CocICwADtv////8wCocICwADt/////8wCocICwADuP////8wCocICwADuf////8w +CocICwADuv////8wCocICwADu/////8wCocICwADvP////8wCocICwADvf////8w +CocICwADvv////8wCocICwADv/////8wCocICwADwP////8wCocICwADwf////8w +CocICwADwv////8wCocICwADw/////8wCocICwADxP////8wCocICwADxf////8w +CocICwADxv////8wCocICwADx/////8wCocICwADyP////8wCocICwADyf////8w +CocICwADyv////8wCocICwADy/////8wCocICwADzP////8wCocICwADzf////8w +CocICwADzv////8wCocICwADz/////8wCocICwAD0P////8wCocICwAD0f////8w +CocICwAD0v////8wCocICwAD0/////8wCocICwAD1P////8wCocICwAD1f////8w +CocICwAD1v////8wCocICwAD1/////8wCocICwAD2P////8wCocICwAD2f////8w +CocICwAD2v////8wCocICwAD2/////8wCocICwAD3P////8wCocICwAD3f////8w +CocICwAD3v////8wCocICwAD3/////8wCocICwAD4P////8wCocICwAD4f////8w +CocICwAD4v////8wCocICwAD4/////8wCocICwAD5P////8wCocICwAD5f////8w +CocICwAD5v////8wCocICwAD5/////8wCocICwAD6P////8wCocICwAD6f////8w +CocICwAD6v////8wCocICwAD6/////8wCocICwAD7P////8wCocICwAD7f////8w +CocICwAD7v////8wCocICwAD7/////8wCocICwAD8P////8wCocICwAD8f////8w +CocICwAD8v////8wCocICwAD8/////8wCocICwAD9P////8wCocICwAD9f////8w +CocICwAD9v////8wCocICwAD9/////8wCocICwAD+P////8wCocICwAD+f////8w +CocICwAD+v////8wCocICwAD+/////8wCocICwAD/P////8wCocICwAD/f////8w +CocICwAD/v////8wCocICwAD//////8wCocICwAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAHoC880E9ZjcwHqqJbWhcuUJmT+4VKK3KHJhr0bACcxj/dQbpjbF4mK7 +qnH3ktJ6Bxs17McvrUSGa0PfekkFrDOAgXcVdvu+A9+JdnIexnruAYQ1T6l/Z1ql +4AHfg6wC/5932Ff8B86H0STowKzdm0Y6cIb5lALFY3X2cBBVmRQRVyJlMFZUK5Xb +NgJysJWHmIdCQET/Shae+BTEtNXqqAa0e/vrDUU124saPSzfOdTNnlTo6E83HEIl +RVLmxELnhfXHPSXbf6ApTTUm9NnBS2QIp2b6j0zTlL+OYPNTvOmDxJahl2Yn31WQ +HwGOb5CJVxjagSbx9K10HzsqY1O/Kj4= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FA.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FA.pem new file mode 100644 index 0000000000..5c9553ca67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FA.pem @@ -0,0 +1,1564 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + DirName: CN = x170 + DirName: CN = x171 + DirName: CN = x172 + DirName: CN = x173 + DirName: CN = x174 + DirName: CN = x175 + DirName: CN = x176 + DirName: CN = x177 + DirName: CN = x178 + DirName: CN = x179 + DirName: CN = x180 + DirName: CN = x181 + DirName: CN = x182 + DirName: CN = x183 + DirName: CN = x184 + DirName: CN = x185 + DirName: CN = x186 + DirName: CN = x187 + DirName: CN = x188 + DirName: CN = x189 + DirName: CN = x190 + DirName: CN = x191 + DirName: CN = x192 + DirName: CN = x193 + DirName: CN = x194 + DirName: CN = x195 + DirName: CN = x196 + DirName: CN = x197 + DirName: CN = x198 + DirName: CN = x199 + DirName: CN = x200 + DirName: CN = x201 + DirName: CN = x202 + DirName: CN = x203 + DirName: CN = x204 + DirName: CN = x205 + DirName: CN = x206 + DirName: CN = x207 + DirName: CN = x208 + DirName: CN = x209 + DirName: CN = x210 + DirName: CN = x211 + DirName: CN = x212 + DirName: CN = x213 + DirName: CN = x214 + DirName: CN = x215 + DirName: CN = x216 + DirName: CN = x217 + DirName: CN = x218 + DirName: CN = x219 + DirName: CN = x220 + DirName: CN = x221 + DirName: CN = x222 + DirName: CN = x223 + DirName: CN = x224 + DirName: CN = x225 + DirName: CN = x226 + DirName: CN = x227 + DirName: CN = x228 + DirName: CN = x229 + DirName: CN = x230 + DirName: CN = x231 + DirName: CN = x232 + DirName: CN = x233 + DirName: CN = x234 + DirName: CN = x235 + DirName: CN = x236 + DirName: CN = x237 + DirName: CN = x238 + DirName: CN = x239 + DirName: CN = x240 + DirName: CN = x241 + DirName: CN = x242 + DirName: CN = x243 + DirName: CN = x244 + DirName: CN = x245 + DirName: CN = x246 + DirName: CN = x247 + DirName: CN = x248 + DirName: CN = x249 + DirName: CN = x250 + DirName: CN = x251 + DirName: CN = x252 + DirName: CN = x253 + DirName: CN = x254 + DirName: CN = x255 + DirName: CN = x256 + DirName: CN = x257 + DirName: CN = x258 + DirName: CN = x259 + DirName: CN = x260 + DirName: CN = x261 + DirName: CN = x262 + DirName: CN = x263 + DirName: CN = x264 + DirName: CN = x265 + DirName: CN = x266 + DirName: CN = x267 + DirName: CN = x268 + DirName: CN = x269 + DirName: CN = x270 + DirName: CN = x271 + DirName: CN = x272 + DirName: CN = x273 + DirName: CN = x274 + DirName: CN = x275 + DirName: CN = x276 + DirName: CN = x277 + DirName: CN = x278 + DirName: CN = x279 + DirName: CN = x280 + DirName: CN = x281 + DirName: CN = x282 + DirName: CN = x283 + DirName: CN = x284 + DirName: CN = x285 + DirName: CN = x286 + DirName: CN = x287 + DirName: CN = x288 + DirName: CN = x289 + DirName: CN = x290 + DirName: CN = x291 + DirName: CN = x292 + DirName: CN = x293 + DirName: CN = x294 + DirName: CN = x295 + DirName: CN = x296 + DirName: CN = x297 + DirName: CN = x298 + DirName: CN = x299 + DirName: CN = x300 + DirName: CN = x301 + DirName: CN = x302 + DirName: CN = x303 + DirName: CN = x304 + DirName: CN = x305 + DirName: CN = x306 + DirName: CN = x307 + DirName: CN = x308 + DirName: CN = x309 + DirName: CN = x310 + DirName: CN = x311 + DirName: CN = x312 + DirName: CN = x313 + DirName: CN = x314 + DirName: CN = x315 + DirName: CN = x316 + DirName: CN = x317 + DirName: CN = x318 + DirName: CN = x319 + DirName: CN = x320 + DirName: CN = x321 + DirName: CN = x322 + DirName: CN = x323 + DirName: CN = x324 + DirName: CN = x325 + DirName: CN = x326 + DirName: CN = x327 + DirName: CN = x328 + DirName: CN = x329 + DirName: CN = x330 + DirName: CN = x331 + DirName: CN = x332 + DirName: CN = x333 + DirName: CN = x334 + DirName: CN = x335 + DirName: CN = x336 + DirName: CN = x337 + DirName: CN = x338 + DirName: CN = x339 + DirName: CN = x340 + DirName: CN = x341 + DirName: CN = x342 + DirName: CN = x343 + DirName: CN = x344 + DirName: CN = x345 + DirName: CN = x346 + DirName: CN = x347 + DirName: CN = x348 + DirName: CN = x349 + DirName: CN = x350 + DirName: CN = x351 + DirName: CN = x352 + DirName: CN = x353 + DirName: CN = x354 + DirName: CN = x355 + DirName: CN = x356 + DirName: CN = x357 + DirName: CN = x358 + DirName: CN = x359 + DirName: CN = x360 + DirName: CN = x361 + DirName: CN = x362 + DirName: CN = x363 + DirName: CN = x364 + DirName: CN = x365 + DirName: CN = x366 + DirName: CN = x367 + DirName: CN = x368 + DirName: CN = x369 + DirName: CN = x370 + DirName: CN = x371 + DirName: CN = x372 + DirName: CN = x373 + DirName: CN = x374 + DirName: CN = x375 + DirName: CN = x376 + DirName: CN = x377 + DirName: CN = x378 + DirName: CN = x379 + DirName: CN = x380 + DirName: CN = x381 + DirName: CN = x382 + DirName: CN = x383 + DirName: CN = x384 + DirName: CN = x385 + DirName: CN = x386 + DirName: CN = x387 + DirName: CN = x388 + DirName: CN = x389 + DirName: CN = x390 + DirName: CN = x391 + DirName: CN = x392 + DirName: CN = x393 + DirName: CN = x394 + DirName: CN = x395 + DirName: CN = x396 + DirName: CN = x397 + DirName: CN = x398 + DirName: CN = x399 + DirName: CN = x400 + DirName: CN = x401 + DirName: CN = x402 + DirName: CN = x403 + DirName: CN = x404 + DirName: CN = x405 + DirName: CN = x406 + DirName: CN = x407 + DirName: CN = x408 + DirName: CN = x409 + DirName: CN = x410 + DirName: CN = x411 + DirName: CN = x412 + DirName: CN = x413 + DirName: CN = x414 + DirName: CN = x415 + DirName: CN = x416 + DirName: CN = x417 + DirName: CN = x418 + DirName: CN = x419 + DirName: CN = x420 + DirName: CN = x421 + DirName: CN = x422 + DirName: CN = x423 + DirName: CN = x424 + DirName: CN = x425 + DirName: CN = x426 + DirName: CN = x427 + DirName: CN = x428 + DirName: CN = x429 + DirName: CN = x430 + DirName: CN = x431 + DirName: CN = x432 + DirName: CN = x433 + DirName: CN = x434 + DirName: CN = x435 + DirName: CN = x436 + DirName: CN = x437 + DirName: CN = x438 + DirName: CN = x439 + DirName: CN = x440 + DirName: CN = x441 + DirName: CN = x442 + DirName: CN = x443 + DirName: CN = x444 + DirName: CN = x445 + DirName: CN = x446 + DirName: CN = x447 + DirName: CN = x448 + DirName: CN = x449 + DirName: CN = x450 + DirName: CN = x451 + DirName: CN = x452 + DirName: CN = x453 + DirName: CN = x454 + DirName: CN = x455 + DirName: CN = x456 + DirName: CN = x457 + DirName: CN = x458 + DirName: CN = x459 + DirName: CN = x460 + DirName: CN = x461 + DirName: CN = x462 + DirName: CN = x463 + DirName: CN = x464 + DirName: CN = x465 + DirName: CN = x466 + DirName: CN = x467 + DirName: CN = x468 + DirName: CN = x469 + DirName: CN = x470 + DirName: CN = x471 + DirName: CN = x472 + DirName: CN = x473 + DirName: CN = x474 + DirName: CN = x475 + DirName: CN = x476 + DirName: CN = x477 + DirName: CN = x478 + DirName: CN = x479 + DirName: CN = x480 + DirName: CN = x481 + DirName: CN = x482 + DirName: CN = x483 + DirName: CN = x484 + DirName: CN = x485 + DirName: CN = x486 + DirName: CN = x487 + DirName: CN = x488 + DirName: CN = x489 + DirName: CN = x490 + DirName: CN = x491 + DirName: CN = x492 + DirName: CN = x493 + DirName: CN = x494 + DirName: CN = x495 + DirName: CN = x496 + DirName: CN = x497 + DirName: CN = x498 + DirName: CN = x499 + DirName: CN = x500 + DirName: CN = x501 + DirName: CN = x502 + DirName: CN = x503 + DirName: CN = x504 + DirName: CN = x505 + DirName: CN = x506 + DirName: CN = x507 + DirName: CN = x508 + DirName: CN = x509 + DirName: CN = x510 + DirName: CN = x511 + DirName: CN = x512 + DirName: CN = x513 + DirName: CN = x514 + DirName: CN = x515 + DirName: CN = x516 + DirName: CN = x517 + DirName: CN = x518 + DirName: CN = x519 + DirName: CN = x520 + DirName: CN = x521 + DirName: CN = x522 + DirName: CN = x523 + DirName: CN = x524 + DirName: CN = x525 + DirName: CN = x526 + DirName: CN = x527 + DirName: CN = x528 + DirName: CN = x529 + DirName: CN = x530 + DirName: CN = x531 + DirName: CN = x532 + DirName: CN = x533 + DirName: CN = x534 + DirName: CN = x535 + DirName: CN = x536 + DirName: CN = x537 + DirName: CN = x538 + DirName: CN = x539 + DirName: CN = x540 + DirName: CN = x541 + DirName: CN = x542 + DirName: CN = x543 + DirName: CN = x544 + DirName: CN = x545 + DirName: CN = x546 + DirName: CN = x547 + DirName: CN = x548 + DirName: CN = x549 + DirName: CN = x550 + DirName: CN = x551 + DirName: CN = x552 + DirName: CN = x553 + DirName: CN = x554 + DirName: CN = x555 + DirName: CN = x556 + DirName: CN = x557 + DirName: CN = x558 + DirName: CN = x559 + DirName: CN = x560 + DirName: CN = x561 + DirName: CN = x562 + DirName: CN = x563 + DirName: CN = x564 + DirName: CN = x565 + DirName: CN = x566 + DirName: CN = x567 + DirName: CN = x568 + DirName: CN = x569 + DirName: CN = x570 + DirName: CN = x571 + DirName: CN = x572 + DirName: CN = x573 + DirName: CN = x574 + DirName: CN = x575 + DirName: CN = x576 + DirName: CN = x577 + DirName: CN = x578 + DirName: CN = x579 + DirName: CN = x580 + DirName: CN = x581 + DirName: CN = x582 + DirName: CN = x583 + DirName: CN = x584 + DirName: CN = x585 + DirName: CN = x586 + DirName: CN = x587 + DirName: CN = x588 + DirName: CN = x589 + DirName: CN = x590 + DirName: CN = x591 + DirName: CN = x592 + DirName: CN = x593 + DirName: CN = x594 + DirName: CN = x595 + DirName: CN = x596 + DirName: CN = x597 + DirName: CN = x598 + DirName: CN = x599 + DirName: CN = x600 + DirName: CN = x601 + DirName: CN = x602 + DirName: CN = x603 + DirName: CN = x604 + DirName: CN = x605 + DirName: CN = x606 + DirName: CN = x607 + DirName: CN = x608 + DirName: CN = x609 + DirName: CN = x610 + DirName: CN = x611 + DirName: CN = x612 + DirName: CN = x613 + DirName: CN = x614 + DirName: CN = x615 + DirName: CN = x616 + DirName: CN = x617 + DirName: CN = x618 + DirName: CN = x619 + DirName: CN = x620 + DirName: CN = x621 + DirName: CN = x622 + DirName: CN = x623 + DirName: CN = x624 + DirName: CN = x625 + DirName: CN = x626 + DirName: CN = x627 + DirName: CN = x628 + DirName: CN = x629 + DirName: CN = x630 + DirName: CN = x631 + DirName: CN = x632 + DirName: CN = x633 + DirName: CN = x634 + DirName: CN = x635 + DirName: CN = x636 + DirName: CN = x637 + DirName: CN = x638 + DirName: CN = x639 + DirName: CN = x640 + DirName: CN = x641 + DirName: CN = x642 + DirName: CN = x643 + DirName: CN = x644 + DirName: CN = x645 + DirName: CN = x646 + DirName: CN = x647 + DirName: CN = x648 + DirName: CN = x649 + DirName: CN = x650 + DirName: CN = x651 + DirName: CN = x652 + DirName: CN = x653 + DirName: CN = x654 + DirName: CN = x655 + DirName: CN = x656 + DirName: CN = x657 + DirName: CN = x658 + DirName: CN = x659 + DirName: CN = x660 + DirName: CN = x661 + DirName: CN = x662 + DirName: CN = x663 + DirName: CN = x664 + DirName: CN = x665 + DirName: CN = x666 + DirName: CN = x667 + DirName: CN = x668 + DirName: CN = x669 + DirName: CN = x670 + DirName: CN = x671 + DirName: CN = x672 + DirName: CN = x673 + DirName: CN = x674 + DirName: CN = x675 + DirName: CN = x676 + DirName: CN = x677 + DirName: CN = x678 + DirName: CN = x679 + DirName: CN = x680 + DirName: CN = x681 + DirName: CN = x682 + DirName: CN = x683 + DirName: CN = x684 + DirName: CN = x685 + DirName: CN = x686 + DirName: CN = x687 + DirName: CN = x688 + DirName: CN = x689 + DirName: CN = x690 + DirName: CN = x691 + DirName: CN = x692 + DirName: CN = x693 + DirName: CN = x694 + DirName: CN = x695 + DirName: CN = x696 + DirName: CN = x697 + DirName: CN = x698 + DirName: CN = x699 + DirName: CN = x700 + DirName: CN = x701 + DirName: CN = x702 + DirName: CN = x703 + DirName: CN = x704 + DirName: CN = x705 + DirName: CN = x706 + DirName: CN = x707 + DirName: CN = x708 + DirName: CN = x709 + DirName: CN = x710 + DirName: CN = x711 + DirName: CN = x712 + DirName: CN = x713 + DirName: CN = x714 + DirName: CN = x715 + DirName: CN = x716 + DirName: CN = x717 + DirName: CN = x718 + DirName: CN = x719 + DirName: CN = x720 + DirName: CN = x721 + DirName: CN = x722 + DirName: CN = x723 + DirName: CN = x724 + DirName: CN = x725 + DirName: CN = x726 + DirName: CN = x727 + DirName: CN = x728 + DirName: CN = x729 + DirName: CN = x730 + DirName: CN = x731 + DirName: CN = x732 + DirName: CN = x733 + DirName: CN = x734 + DirName: CN = x735 + DirName: CN = x736 + DirName: CN = x737 + DirName: CN = x738 + DirName: CN = x739 + DirName: CN = x740 + DirName: CN = x741 + DirName: CN = x742 + DirName: CN = x743 + DirName: CN = x744 + DirName: CN = x745 + DirName: CN = x746 + DirName: CN = x747 + DirName: CN = x748 + DirName: CN = x749 + DirName: CN = x750 + DirName: CN = x751 + DirName: CN = x752 + DirName: CN = x753 + DirName: CN = x754 + DirName: CN = x755 + DirName: CN = x756 + DirName: CN = x757 + DirName: CN = x758 + DirName: CN = x759 + DirName: CN = x760 + DirName: CN = x761 + DirName: CN = x762 + DirName: CN = x763 + DirName: CN = x764 + DirName: CN = x765 + DirName: CN = x766 + DirName: CN = x767 + DirName: CN = x768 + DirName: CN = x769 + DirName: CN = x770 + DirName: CN = x771 + DirName: CN = x772 + DirName: CN = x773 + DirName: CN = x774 + DirName: CN = x775 + DirName: CN = x776 + DirName: CN = x777 + DirName: CN = x778 + DirName: CN = x779 + DirName: CN = x780 + DirName: CN = x781 + DirName: CN = x782 + DirName: CN = x783 + DirName: CN = x784 + DirName: CN = x785 + DirName: CN = x786 + DirName: CN = x787 + DirName: CN = x788 + DirName: CN = x789 + DirName: CN = x790 + DirName: CN = x791 + DirName: CN = x792 + DirName: CN = x793 + DirName: CN = x794 + DirName: CN = x795 + DirName: CN = x796 + DirName: CN = x797 + DirName: CN = x798 + DirName: CN = x799 + DirName: CN = x800 + DirName: CN = x801 + DirName: CN = x802 + DirName: CN = x803 + DirName: CN = x804 + DirName: CN = x805 + DirName: CN = x806 + DirName: CN = x807 + DirName: CN = x808 + DirName: CN = x809 + DirName: CN = x810 + DirName: CN = x811 + DirName: CN = x812 + DirName: CN = x813 + DirName: CN = x814 + DirName: CN = x815 + DirName: CN = x816 + DirName: CN = x817 + DirName: CN = x818 + DirName: CN = x819 + DirName: CN = x820 + DirName: CN = x821 + DirName: CN = x822 + DirName: CN = x823 + DirName: CN = x824 + DirName: CN = x825 + DirName: CN = x826 + DirName: CN = x827 + DirName: CN = x828 + DirName: CN = x829 + DirName: CN = x830 + DirName: CN = x831 + DirName: CN = x832 + DirName: CN = x833 + DirName: CN = x834 + DirName: CN = x835 + DirName: CN = x836 + DirName: CN = x837 + DirName: CN = x838 + DirName: CN = x839 + DirName: CN = x840 + DirName: CN = x841 + DirName: CN = x842 + DirName: CN = x843 + DirName: CN = x844 + DirName: CN = x845 + DirName: CN = x846 + DirName: CN = x847 + DirName: CN = x848 + DirName: CN = x849 + DirName: CN = x850 + DirName: CN = x851 + DirName: CN = x852 + DirName: CN = x853 + DirName: CN = x854 + DirName: CN = x855 + DirName: CN = x856 + DirName: CN = x857 + DirName: CN = x858 + DirName: CN = x859 + DirName: CN = x860 + DirName: CN = x861 + DirName: CN = x862 + DirName: CN = x863 + DirName: CN = x864 + DirName: CN = x865 + DirName: CN = x866 + DirName: CN = x867 + DirName: CN = x868 + DirName: CN = x869 + DirName: CN = x870 + DirName: CN = x871 + DirName: CN = x872 + DirName: CN = x873 + DirName: CN = x874 + DirName: CN = x875 + DirName: CN = x876 + DirName: CN = x877 + DirName: CN = x878 + DirName: CN = x879 + DirName: CN = x880 + DirName: CN = x881 + DirName: CN = x882 + DirName: CN = x883 + DirName: CN = x884 + DirName: CN = x885 + DirName: CN = x886 + DirName: CN = x887 + DirName: CN = x888 + DirName: CN = x889 + DirName: CN = x890 + DirName: CN = x891 + DirName: CN = x892 + DirName: CN = x893 + DirName: CN = x894 + DirName: CN = x895 + DirName: CN = x896 + DirName: CN = x897 + DirName: CN = x898 + DirName: CN = x899 + DirName: CN = x900 + DirName: CN = x901 + DirName: CN = x902 + DirName: CN = x903 + DirName: CN = x904 + DirName: CN = x905 + DirName: CN = x906 + DirName: CN = x907 + DirName: CN = x908 + DirName: CN = x909 + DirName: CN = x910 + DirName: CN = x911 + DirName: CN = x912 + DirName: CN = x913 + DirName: CN = x914 + DirName: CN = x915 + DirName: CN = x916 + DirName: CN = x917 + DirName: CN = x918 + DirName: CN = x919 + DirName: CN = x920 + DirName: CN = x921 + DirName: CN = x922 + DirName: CN = x923 + DirName: CN = x924 + DirName: CN = x925 + DirName: CN = x926 + DirName: CN = x927 + DirName: CN = x928 + DirName: CN = x929 + DirName: CN = x930 + DirName: CN = x931 + DirName: CN = x932 + DirName: CN = x933 + DirName: CN = x934 + DirName: CN = x935 + DirName: CN = x936 + DirName: CN = x937 + DirName: CN = x938 + DirName: CN = x939 + DirName: CN = x940 + DirName: CN = x941 + DirName: CN = x942 + DirName: CN = x943 + DirName: CN = x944 + DirName: CN = x945 + DirName: CN = x946 + DirName: CN = x947 + DirName: CN = x948 + DirName: CN = x949 + DirName: CN = x950 + DirName: CN = x951 + DirName: CN = x952 + DirName: CN = x953 + DirName: CN = x954 + DirName: CN = x955 + DirName: CN = x956 + DirName: CN = x957 + DirName: CN = x958 + DirName: CN = x959 + DirName: CN = x960 + DirName: CN = x961 + DirName: CN = x962 + DirName: CN = x963 + DirName: CN = x964 + DirName: CN = x965 + DirName: CN = x966 + DirName: CN = x967 + DirName: CN = x968 + DirName: CN = x969 + DirName: CN = x970 + DirName: CN = x971 + DirName: CN = x972 + DirName: CN = x973 + DirName: CN = x974 + DirName: CN = x975 + DirName: CN = x976 + DirName: CN = x977 + DirName: CN = x978 + DirName: CN = x979 + DirName: CN = x980 + DirName: CN = x981 + DirName: CN = x982 + DirName: CN = x983 + DirName: CN = x984 + DirName: CN = x985 + DirName: CN = x986 + DirName: CN = x987 + DirName: CN = x988 + DirName: CN = x989 + DirName: CN = x990 + DirName: CN = x991 + DirName: CN = x992 + DirName: CN = x993 + DirName: CN = x994 + DirName: CN = x995 + DirName: CN = x996 + DirName: CN = x997 + DirName: CN = x998 + DirName: CN = x999 + DirName: CN = x1000 + DirName: CN = x1001 + DirName: CN = x1002 + DirName: CN = x1003 + DirName: CN = x1004 + DirName: CN = x1005 + DirName: CN = x1006 + DirName: CN = x1007 + DirName: CN = x1008 + DirName: CN = x1009 + DirName: CN = x1010 + DirName: CN = x1011 + DirName: CN = x1012 + DirName: CN = x1013 + DirName: CN = x1014 + DirName: CN = x1015 + DirName: CN = x1016 + DirName: CN = x1017 + DirName: CN = x1018 + DirName: CN = x1019 + DirName: CN = x1020 + DirName: CN = x1021 + DirName: CN = x1022 + DirName: CN = x1023 + DirName: CN = x1024 + + Signature Algorithm: sha256WithRSAEncryption + 75:8f:ad:5f:a0:8c:a2:05:18:d8:98:a6:c5:1d:7c:b9:11:f4: + 14:6a:24:56:21:11:98:c7:df:0c:12:6c:43:3d:45:54:de:10: + 14:e5:7b:c0:d8:77:64:c2:01:8b:f3:d0:10:d8:03:43:fe:f9: + 50:79:c6:91:34:38:77:bf:0e:09:7f:1f:7f:8f:50:9f:2a:f2: + 31:5b:37:0e:04:55:13:2b:1b:34:32:0e:8d:db:a8:ed:34:d0: + 6a:83:a0:f9:31:d1:5f:2d:58:07:29:25:d3:1c:de:f8:7a:ac: + 3d:a7:67:4a:4c:ea:e0:f9:0f:91:ff:d8:48:dc:11:ec:a8:23: + a1:e4:62:51:b0:93:f8:6d:63:0f:26:c4:aa:09:e7:30:85:94: + cc:22:2d:a6:c1:e1:5a:77:70:e2:be:50:67:2b:7a:85:8e:56: + 35:f7:59:89:70:6f:8a:fe:1c:bd:16:b5:85:22:0e:f2:1e:d0: + 00:5b:63:7f:5b:eb:1e:23:c0:d5:c6:c9:97:9d:9a:a7:f6:2b: + 8d:54:64:0b:f7:db:26:5e:08:b2:0c:8e:dc:df:1f:e9:92:3a: + f1:cb:89:d4:1f:46:45:9c:e8:0c:b2:6c:aa:9f:55:fc:cd:02: + fc:3c:82:9c:a5:79:f2:27:a6:a5:83:83:64:7f:02:d0:8c:f3: + 8f:32:a7:e1 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKGCU8AwEaQPMA0xCzAJBgNVBAMMAngwMBGkDzAN +MQswCQYDVQQDDAJ4MTARpA8wDTELMAkGA1UEAwwCeDIwEaQPMA0xCzAJBgNVBAMM +AngzMBGkDzANMQswCQYDVQQDDAJ4NDARpA8wDTELMAkGA1UEAwwCeDUwEaQPMA0x +CzAJBgNVBAMMAng2MBGkDzANMQswCQYDVQQDDAJ4NzARpA8wDTELMAkGA1UEAwwC +eDgwEaQPMA0xCzAJBgNVBAMMAng5MBKkEDAOMQwwCgYDVQQDDAN4MTAwEqQQMA4x +DDAKBgNVBAMMA3gxMTASpBAwDjEMMAoGA1UEAwwDeDEyMBKkEDAOMQwwCgYDVQQD +DAN4MTMwEqQQMA4xDDAKBgNVBAMMA3gxNDASpBAwDjEMMAoGA1UEAwwDeDE1MBKk +EDAOMQwwCgYDVQQDDAN4MTYwEqQQMA4xDDAKBgNVBAMMA3gxNzASpBAwDjEMMAoG +A1UEAwwDeDE4MBKkEDAOMQwwCgYDVQQDDAN4MTkwEqQQMA4xDDAKBgNVBAMMA3gy +MDASpBAwDjEMMAoGA1UEAwwDeDIxMBKkEDAOMQwwCgYDVQQDDAN4MjIwEqQQMA4x +DDAKBgNVBAMMA3gyMzASpBAwDjEMMAoGA1UEAwwDeDI0MBKkEDAOMQwwCgYDVQQD +DAN4MjUwEqQQMA4xDDAKBgNVBAMMA3gyNjASpBAwDjEMMAoGA1UEAwwDeDI3MBKk +EDAOMQwwCgYDVQQDDAN4MjgwEqQQMA4xDDAKBgNVBAMMA3gyOTASpBAwDjEMMAoG +A1UEAwwDeDMwMBKkEDAOMQwwCgYDVQQDDAN4MzEwEqQQMA4xDDAKBgNVBAMMA3gz +MjASpBAwDjEMMAoGA1UEAwwDeDMzMBKkEDAOMQwwCgYDVQQDDAN4MzQwEqQQMA4x +DDAKBgNVBAMMA3gzNTASpBAwDjEMMAoGA1UEAwwDeDM2MBKkEDAOMQwwCgYDVQQD +DAN4MzcwEqQQMA4xDDAKBgNVBAMMA3gzODASpBAwDjEMMAoGA1UEAwwDeDM5MBKk +EDAOMQwwCgYDVQQDDAN4NDAwEqQQMA4xDDAKBgNVBAMMA3g0MTASpBAwDjEMMAoG +A1UEAwwDeDQyMBKkEDAOMQwwCgYDVQQDDAN4NDMwEqQQMA4xDDAKBgNVBAMMA3g0 +NDASpBAwDjEMMAoGA1UEAwwDeDQ1MBKkEDAOMQwwCgYDVQQDDAN4NDYwEqQQMA4x +DDAKBgNVBAMMA3g0NzASpBAwDjEMMAoGA1UEAwwDeDQ4MBKkEDAOMQwwCgYDVQQD +DAN4NDkwEqQQMA4xDDAKBgNVBAMMA3g1MDASpBAwDjEMMAoGA1UEAwwDeDUxMBKk +EDAOMQwwCgYDVQQDDAN4NTIwEqQQMA4xDDAKBgNVBAMMA3g1MzASpBAwDjEMMAoG +A1UEAwwDeDU0MBKkEDAOMQwwCgYDVQQDDAN4NTUwEqQQMA4xDDAKBgNVBAMMA3g1 +NjASpBAwDjEMMAoGA1UEAwwDeDU3MBKkEDAOMQwwCgYDVQQDDAN4NTgwEqQQMA4x +DDAKBgNVBAMMA3g1OTASpBAwDjEMMAoGA1UEAwwDeDYwMBKkEDAOMQwwCgYDVQQD +DAN4NjEwEqQQMA4xDDAKBgNVBAMMA3g2MjASpBAwDjEMMAoGA1UEAwwDeDYzMBKk +EDAOMQwwCgYDVQQDDAN4NjQwEqQQMA4xDDAKBgNVBAMMA3g2NTASpBAwDjEMMAoG +A1UEAwwDeDY2MBKkEDAOMQwwCgYDVQQDDAN4NjcwEqQQMA4xDDAKBgNVBAMMA3g2 +ODASpBAwDjEMMAoGA1UEAwwDeDY5MBKkEDAOMQwwCgYDVQQDDAN4NzAwEqQQMA4x +DDAKBgNVBAMMA3g3MTASpBAwDjEMMAoGA1UEAwwDeDcyMBKkEDAOMQwwCgYDVQQD +DAN4NzMwEqQQMA4xDDAKBgNVBAMMA3g3NDASpBAwDjEMMAoGA1UEAwwDeDc1MBKk +EDAOMQwwCgYDVQQDDAN4NzYwEqQQMA4xDDAKBgNVBAMMA3g3NzASpBAwDjEMMAoG +A1UEAwwDeDc4MBKkEDAOMQwwCgYDVQQDDAN4NzkwEqQQMA4xDDAKBgNVBAMMA3g4 +MDASpBAwDjEMMAoGA1UEAwwDeDgxMBKkEDAOMQwwCgYDVQQDDAN4ODIwEqQQMA4x +DDAKBgNVBAMMA3g4MzASpBAwDjEMMAoGA1UEAwwDeDg0MBKkEDAOMQwwCgYDVQQD +DAN4ODUwEqQQMA4xDDAKBgNVBAMMA3g4NjASpBAwDjEMMAoGA1UEAwwDeDg3MBKk +EDAOMQwwCgYDVQQDDAN4ODgwEqQQMA4xDDAKBgNVBAMMA3g4OTASpBAwDjEMMAoG +A1UEAwwDeDkwMBKkEDAOMQwwCgYDVQQDDAN4OTEwEqQQMA4xDDAKBgNVBAMMA3g5 +MjASpBAwDjEMMAoGA1UEAwwDeDkzMBKkEDAOMQwwCgYDVQQDDAN4OTQwEqQQMA4x +DDAKBgNVBAMMA3g5NTASpBAwDjEMMAoGA1UEAwwDeDk2MBKkEDAOMQwwCgYDVQQD +DAN4OTcwEqQQMA4xDDAKBgNVBAMMA3g5ODASpBAwDjEMMAoGA1UEAwwDeDk5MBOk +ETAPMQ0wCwYDVQQDDAR4MTAwMBOkETAPMQ0wCwYDVQQDDAR4MTAxMBOkETAPMQ0w +CwYDVQQDDAR4MTAyMBOkETAPMQ0wCwYDVQQDDAR4MTAzMBOkETAPMQ0wCwYDVQQD +DAR4MTA0MBOkETAPMQ0wCwYDVQQDDAR4MTA1MBOkETAPMQ0wCwYDVQQDDAR4MTA2 +MBOkETAPMQ0wCwYDVQQDDAR4MTA3MBOkETAPMQ0wCwYDVQQDDAR4MTA4MBOkETAP +MQ0wCwYDVQQDDAR4MTA5MBOkETAPMQ0wCwYDVQQDDAR4MTEwMBOkETAPMQ0wCwYD +VQQDDAR4MTExMBOkETAPMQ0wCwYDVQQDDAR4MTEyMBOkETAPMQ0wCwYDVQQDDAR4 +MTEzMBOkETAPMQ0wCwYDVQQDDAR4MTE0MBOkETAPMQ0wCwYDVQQDDAR4MTE1MBOk +ETAPMQ0wCwYDVQQDDAR4MTE2MBOkETAPMQ0wCwYDVQQDDAR4MTE3MBOkETAPMQ0w +CwYDVQQDDAR4MTE4MBOkETAPMQ0wCwYDVQQDDAR4MTE5MBOkETAPMQ0wCwYDVQQD +DAR4MTIwMBOkETAPMQ0wCwYDVQQDDAR4MTIxMBOkETAPMQ0wCwYDVQQDDAR4MTIy +MBOkETAPMQ0wCwYDVQQDDAR4MTIzMBOkETAPMQ0wCwYDVQQDDAR4MTI0MBOkETAP +MQ0wCwYDVQQDDAR4MTI1MBOkETAPMQ0wCwYDVQQDDAR4MTI2MBOkETAPMQ0wCwYD +VQQDDAR4MTI3MBOkETAPMQ0wCwYDVQQDDAR4MTI4MBOkETAPMQ0wCwYDVQQDDAR4 +MTI5MBOkETAPMQ0wCwYDVQQDDAR4MTMwMBOkETAPMQ0wCwYDVQQDDAR4MTMxMBOk +ETAPMQ0wCwYDVQQDDAR4MTMyMBOkETAPMQ0wCwYDVQQDDAR4MTMzMBOkETAPMQ0w +CwYDVQQDDAR4MTM0MBOkETAPMQ0wCwYDVQQDDAR4MTM1MBOkETAPMQ0wCwYDVQQD +DAR4MTM2MBOkETAPMQ0wCwYDVQQDDAR4MTM3MBOkETAPMQ0wCwYDVQQDDAR4MTM4 +MBOkETAPMQ0wCwYDVQQDDAR4MTM5MBOkETAPMQ0wCwYDVQQDDAR4MTQwMBOkETAP +MQ0wCwYDVQQDDAR4MTQxMBOkETAPMQ0wCwYDVQQDDAR4MTQyMBOkETAPMQ0wCwYD +VQQDDAR4MTQzMBOkETAPMQ0wCwYDVQQDDAR4MTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR4MTQ2MBOkETAPMQ0wCwYDVQQDDAR4MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4MTQ4MBOkETAPMQ0wCwYDVQQDDAR4MTQ5MBOkETAPMQ0w +CwYDVQQDDAR4MTUwMBOkETAPMQ0wCwYDVQQDDAR4MTUxMBOkETAPMQ0wCwYDVQQD +DAR4MTUyMBOkETAPMQ0wCwYDVQQDDAR4MTUzMBOkETAPMQ0wCwYDVQQDDAR4MTU0 +MBOkETAPMQ0wCwYDVQQDDAR4MTU1MBOkETAPMQ0wCwYDVQQDDAR4MTU2MBOkETAP +MQ0wCwYDVQQDDAR4MTU3MBOkETAPMQ0wCwYDVQQDDAR4MTU4MBOkETAPMQ0wCwYD +VQQDDAR4MTU5MBOkETAPMQ0wCwYDVQQDDAR4MTYwMBOkETAPMQ0wCwYDVQQDDAR4 +MTYxMBOkETAPMQ0wCwYDVQQDDAR4MTYyMBOkETAPMQ0wCwYDVQQDDAR4MTYzMBOk +ETAPMQ0wCwYDVQQDDAR4MTY0MBOkETAPMQ0wCwYDVQQDDAR4MTY1MBOkETAPMQ0w +CwYDVQQDDAR4MTY2MBOkETAPMQ0wCwYDVQQDDAR4MTY3MBOkETAPMQ0wCwYDVQQD +DAR4MTY4MBOkETAPMQ0wCwYDVQQDDAR4MTY5MBOkETAPMQ0wCwYDVQQDDAR4MTcw +MBOkETAPMQ0wCwYDVQQDDAR4MTcxMBOkETAPMQ0wCwYDVQQDDAR4MTcyMBOkETAP +MQ0wCwYDVQQDDAR4MTczMBOkETAPMQ0wCwYDVQQDDAR4MTc0MBOkETAPMQ0wCwYD +VQQDDAR4MTc1MBOkETAPMQ0wCwYDVQQDDAR4MTc2MBOkETAPMQ0wCwYDVQQDDAR4 +MTc3MBOkETAPMQ0wCwYDVQQDDAR4MTc4MBOkETAPMQ0wCwYDVQQDDAR4MTc5MBOk +ETAPMQ0wCwYDVQQDDAR4MTgwMBOkETAPMQ0wCwYDVQQDDAR4MTgxMBOkETAPMQ0w +CwYDVQQDDAR4MTgyMBOkETAPMQ0wCwYDVQQDDAR4MTgzMBOkETAPMQ0wCwYDVQQD +DAR4MTg0MBOkETAPMQ0wCwYDVQQDDAR4MTg1MBOkETAPMQ0wCwYDVQQDDAR4MTg2 +MBOkETAPMQ0wCwYDVQQDDAR4MTg3MBOkETAPMQ0wCwYDVQQDDAR4MTg4MBOkETAP +MQ0wCwYDVQQDDAR4MTg5MBOkETAPMQ0wCwYDVQQDDAR4MTkwMBOkETAPMQ0wCwYD +VQQDDAR4MTkxMBOkETAPMQ0wCwYDVQQDDAR4MTkyMBOkETAPMQ0wCwYDVQQDDAR4 +MTkzMBOkETAPMQ0wCwYDVQQDDAR4MTk0MBOkETAPMQ0wCwYDVQQDDAR4MTk1MBOk +ETAPMQ0wCwYDVQQDDAR4MTk2MBOkETAPMQ0wCwYDVQQDDAR4MTk3MBOkETAPMQ0w +CwYDVQQDDAR4MTk4MBOkETAPMQ0wCwYDVQQDDAR4MTk5MBOkETAPMQ0wCwYDVQQD +DAR4MjAwMBOkETAPMQ0wCwYDVQQDDAR4MjAxMBOkETAPMQ0wCwYDVQQDDAR4MjAy +MBOkETAPMQ0wCwYDVQQDDAR4MjAzMBOkETAPMQ0wCwYDVQQDDAR4MjA0MBOkETAP +MQ0wCwYDVQQDDAR4MjA1MBOkETAPMQ0wCwYDVQQDDAR4MjA2MBOkETAPMQ0wCwYD +VQQDDAR4MjA3MBOkETAPMQ0wCwYDVQQDDAR4MjA4MBOkETAPMQ0wCwYDVQQDDAR4 +MjA5MBOkETAPMQ0wCwYDVQQDDAR4MjEwMBOkETAPMQ0wCwYDVQQDDAR4MjExMBOk +ETAPMQ0wCwYDVQQDDAR4MjEyMBOkETAPMQ0wCwYDVQQDDAR4MjEzMBOkETAPMQ0w +CwYDVQQDDAR4MjE0MBOkETAPMQ0wCwYDVQQDDAR4MjE1MBOkETAPMQ0wCwYDVQQD +DAR4MjE2MBOkETAPMQ0wCwYDVQQDDAR4MjE3MBOkETAPMQ0wCwYDVQQDDAR4MjE4 +MBOkETAPMQ0wCwYDVQQDDAR4MjE5MBOkETAPMQ0wCwYDVQQDDAR4MjIwMBOkETAP +MQ0wCwYDVQQDDAR4MjIxMBOkETAPMQ0wCwYDVQQDDAR4MjIyMBOkETAPMQ0wCwYD +VQQDDAR4MjIzMBOkETAPMQ0wCwYDVQQDDAR4MjI0MBOkETAPMQ0wCwYDVQQDDAR4 +MjI1MBOkETAPMQ0wCwYDVQQDDAR4MjI2MBOkETAPMQ0wCwYDVQQDDAR4MjI3MBOk +ETAPMQ0wCwYDVQQDDAR4MjI4MBOkETAPMQ0wCwYDVQQDDAR4MjI5MBOkETAPMQ0w +CwYDVQQDDAR4MjMwMBOkETAPMQ0wCwYDVQQDDAR4MjMxMBOkETAPMQ0wCwYDVQQD +DAR4MjMyMBOkETAPMQ0wCwYDVQQDDAR4MjMzMBOkETAPMQ0wCwYDVQQDDAR4MjM0 +MBOkETAPMQ0wCwYDVQQDDAR4MjM1MBOkETAPMQ0wCwYDVQQDDAR4MjM2MBOkETAP +MQ0wCwYDVQQDDAR4MjM3MBOkETAPMQ0wCwYDVQQDDAR4MjM4MBOkETAPMQ0wCwYD +VQQDDAR4MjM5MBOkETAPMQ0wCwYDVQQDDAR4MjQwMBOkETAPMQ0wCwYDVQQDDAR4 +MjQxMBOkETAPMQ0wCwYDVQQDDAR4MjQyMBOkETAPMQ0wCwYDVQQDDAR4MjQzMBOk +ETAPMQ0wCwYDVQQDDAR4MjQ0MBOkETAPMQ0wCwYDVQQDDAR4MjQ1MBOkETAPMQ0w +CwYDVQQDDAR4MjQ2MBOkETAPMQ0wCwYDVQQDDAR4MjQ3MBOkETAPMQ0wCwYDVQQD +DAR4MjQ4MBOkETAPMQ0wCwYDVQQDDAR4MjQ5MBOkETAPMQ0wCwYDVQQDDAR4MjUw +MBOkETAPMQ0wCwYDVQQDDAR4MjUxMBOkETAPMQ0wCwYDVQQDDAR4MjUyMBOkETAP +MQ0wCwYDVQQDDAR4MjUzMBOkETAPMQ0wCwYDVQQDDAR4MjU0MBOkETAPMQ0wCwYD +VQQDDAR4MjU1MBOkETAPMQ0wCwYDVQQDDAR4MjU2MBOkETAPMQ0wCwYDVQQDDAR4 +MjU3MBOkETAPMQ0wCwYDVQQDDAR4MjU4MBOkETAPMQ0wCwYDVQQDDAR4MjU5MBOk +ETAPMQ0wCwYDVQQDDAR4MjYwMBOkETAPMQ0wCwYDVQQDDAR4MjYxMBOkETAPMQ0w +CwYDVQQDDAR4MjYyMBOkETAPMQ0wCwYDVQQDDAR4MjYzMBOkETAPMQ0wCwYDVQQD +DAR4MjY0MBOkETAPMQ0wCwYDVQQDDAR4MjY1MBOkETAPMQ0wCwYDVQQDDAR4MjY2 +MBOkETAPMQ0wCwYDVQQDDAR4MjY3MBOkETAPMQ0wCwYDVQQDDAR4MjY4MBOkETAP +MQ0wCwYDVQQDDAR4MjY5MBOkETAPMQ0wCwYDVQQDDAR4MjcwMBOkETAPMQ0wCwYD +VQQDDAR4MjcxMBOkETAPMQ0wCwYDVQQDDAR4MjcyMBOkETAPMQ0wCwYDVQQDDAR4 +MjczMBOkETAPMQ0wCwYDVQQDDAR4Mjc0MBOkETAPMQ0wCwYDVQQDDAR4Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR4Mjc2MBOkETAPMQ0wCwYDVQQDDAR4Mjc3MBOkETAPMQ0w +CwYDVQQDDAR4Mjc4MBOkETAPMQ0wCwYDVQQDDAR4Mjc5MBOkETAPMQ0wCwYDVQQD +DAR4MjgwMBOkETAPMQ0wCwYDVQQDDAR4MjgxMBOkETAPMQ0wCwYDVQQDDAR4Mjgy +MBOkETAPMQ0wCwYDVQQDDAR4MjgzMBOkETAPMQ0wCwYDVQQDDAR4Mjg0MBOkETAP +MQ0wCwYDVQQDDAR4Mjg1MBOkETAPMQ0wCwYDVQQDDAR4Mjg2MBOkETAPMQ0wCwYD +VQQDDAR4Mjg3MBOkETAPMQ0wCwYDVQQDDAR4Mjg4MBOkETAPMQ0wCwYDVQQDDAR4 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR4MjkwMBOkETAPMQ0wCwYDVQQDDAR4MjkxMBOk +ETAPMQ0wCwYDVQQDDAR4MjkyMBOkETAPMQ0wCwYDVQQDDAR4MjkzMBOkETAPMQ0w +CwYDVQQDDAR4Mjk0MBOkETAPMQ0wCwYDVQQDDAR4Mjk1MBOkETAPMQ0wCwYDVQQD +DAR4Mjk2MBOkETAPMQ0wCwYDVQQDDAR4Mjk3MBOkETAPMQ0wCwYDVQQDDAR4Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR4Mjk5MBOkETAPMQ0wCwYDVQQDDAR4MzAwMBOkETAP +MQ0wCwYDVQQDDAR4MzAxMBOkETAPMQ0wCwYDVQQDDAR4MzAyMBOkETAPMQ0wCwYD +VQQDDAR4MzAzMBOkETAPMQ0wCwYDVQQDDAR4MzA0MBOkETAPMQ0wCwYDVQQDDAR4 +MzA1MBOkETAPMQ0wCwYDVQQDDAR4MzA2MBOkETAPMQ0wCwYDVQQDDAR4MzA3MBOk +ETAPMQ0wCwYDVQQDDAR4MzA4MBOkETAPMQ0wCwYDVQQDDAR4MzA5MBOkETAPMQ0w +CwYDVQQDDAR4MzEwMBOkETAPMQ0wCwYDVQQDDAR4MzExMBOkETAPMQ0wCwYDVQQD +DAR4MzEyMBOkETAPMQ0wCwYDVQQDDAR4MzEzMBOkETAPMQ0wCwYDVQQDDAR4MzE0 +MBOkETAPMQ0wCwYDVQQDDAR4MzE1MBOkETAPMQ0wCwYDVQQDDAR4MzE2MBOkETAP +MQ0wCwYDVQQDDAR4MzE3MBOkETAPMQ0wCwYDVQQDDAR4MzE4MBOkETAPMQ0wCwYD +VQQDDAR4MzE5MBOkETAPMQ0wCwYDVQQDDAR4MzIwMBOkETAPMQ0wCwYDVQQDDAR4 +MzIxMBOkETAPMQ0wCwYDVQQDDAR4MzIyMBOkETAPMQ0wCwYDVQQDDAR4MzIzMBOk +ETAPMQ0wCwYDVQQDDAR4MzI0MBOkETAPMQ0wCwYDVQQDDAR4MzI1MBOkETAPMQ0w +CwYDVQQDDAR4MzI2MBOkETAPMQ0wCwYDVQQDDAR4MzI3MBOkETAPMQ0wCwYDVQQD +DAR4MzI4MBOkETAPMQ0wCwYDVQQDDAR4MzI5MBOkETAPMQ0wCwYDVQQDDAR4MzMw +MBOkETAPMQ0wCwYDVQQDDAR4MzMxMBOkETAPMQ0wCwYDVQQDDAR4MzMyMBOkETAP +MQ0wCwYDVQQDDAR4MzMzMBOkETAPMQ0wCwYDVQQDDAR4MzM0MBOkETAPMQ0wCwYD +VQQDDAR4MzM1MBOkETAPMQ0wCwYDVQQDDAR4MzM2MBOkETAPMQ0wCwYDVQQDDAR4 +MzM3MBOkETAPMQ0wCwYDVQQDDAR4MzM4MBOkETAPMQ0wCwYDVQQDDAR4MzM5MBOk +ETAPMQ0wCwYDVQQDDAR4MzQwMBOkETAPMQ0wCwYDVQQDDAR4MzQxMBOkETAPMQ0w +CwYDVQQDDAR4MzQyMBOkETAPMQ0wCwYDVQQDDAR4MzQzMBOkETAPMQ0wCwYDVQQD +DAR4MzQ0MBOkETAPMQ0wCwYDVQQDDAR4MzQ1MBOkETAPMQ0wCwYDVQQDDAR4MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4MzQ3MBOkETAPMQ0wCwYDVQQDDAR4MzQ4MBOkETAP +MQ0wCwYDVQQDDAR4MzQ5MBOkETAPMQ0wCwYDVQQDDAR4MzUwMBOkETAPMQ0wCwYD +VQQDDAR4MzUxMBOkETAPMQ0wCwYDVQQDDAR4MzUyMBOkETAPMQ0wCwYDVQQDDAR4 +MzUzMBOkETAPMQ0wCwYDVQQDDAR4MzU0MBOkETAPMQ0wCwYDVQQDDAR4MzU1MBOk +ETAPMQ0wCwYDVQQDDAR4MzU2MBOkETAPMQ0wCwYDVQQDDAR4MzU3MBOkETAPMQ0w +CwYDVQQDDAR4MzU4MBOkETAPMQ0wCwYDVQQDDAR4MzU5MBOkETAPMQ0wCwYDVQQD +DAR4MzYwMBOkETAPMQ0wCwYDVQQDDAR4MzYxMBOkETAPMQ0wCwYDVQQDDAR4MzYy +MBOkETAPMQ0wCwYDVQQDDAR4MzYzMBOkETAPMQ0wCwYDVQQDDAR4MzY0MBOkETAP +MQ0wCwYDVQQDDAR4MzY1MBOkETAPMQ0wCwYDVQQDDAR4MzY2MBOkETAPMQ0wCwYD +VQQDDAR4MzY3MBOkETAPMQ0wCwYDVQQDDAR4MzY4MBOkETAPMQ0wCwYDVQQDDAR4 +MzY5MBOkETAPMQ0wCwYDVQQDDAR4MzcwMBOkETAPMQ0wCwYDVQQDDAR4MzcxMBOk +ETAPMQ0wCwYDVQQDDAR4MzcyMBOkETAPMQ0wCwYDVQQDDAR4MzczMBOkETAPMQ0w +CwYDVQQDDAR4Mzc0MBOkETAPMQ0wCwYDVQQDDAR4Mzc1MBOkETAPMQ0wCwYDVQQD +DAR4Mzc2MBOkETAPMQ0wCwYDVQQDDAR4Mzc3MBOkETAPMQ0wCwYDVQQDDAR4Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Mzc5MBOkETAPMQ0wCwYDVQQDDAR4MzgwMBOkETAP +MQ0wCwYDVQQDDAR4MzgxMBOkETAPMQ0wCwYDVQQDDAR4MzgyMBOkETAPMQ0wCwYD +VQQDDAR4MzgzMBOkETAPMQ0wCwYDVQQDDAR4Mzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR4Mzg2MBOkETAPMQ0wCwYDVQQDDAR4Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Mzg4MBOkETAPMQ0wCwYDVQQDDAR4Mzg5MBOkETAPMQ0w +CwYDVQQDDAR4MzkwMBOkETAPMQ0wCwYDVQQDDAR4MzkxMBOkETAPMQ0wCwYDVQQD +DAR4MzkyMBOkETAPMQ0wCwYDVQQDDAR4MzkzMBOkETAPMQ0wCwYDVQQDDAR4Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Mzk1MBOkETAPMQ0wCwYDVQQDDAR4Mzk2MBOkETAP +MQ0wCwYDVQQDDAR4Mzk3MBOkETAPMQ0wCwYDVQQDDAR4Mzk4MBOkETAPMQ0wCwYD +VQQDDAR4Mzk5MBOkETAPMQ0wCwYDVQQDDAR4NDAwMBOkETAPMQ0wCwYDVQQDDAR4 +NDAxMBOkETAPMQ0wCwYDVQQDDAR4NDAyMBOkETAPMQ0wCwYDVQQDDAR4NDAzMBOk +ETAPMQ0wCwYDVQQDDAR4NDA0MBOkETAPMQ0wCwYDVQQDDAR4NDA1MBOkETAPMQ0w +CwYDVQQDDAR4NDA2MBOkETAPMQ0wCwYDVQQDDAR4NDA3MBOkETAPMQ0wCwYDVQQD +DAR4NDA4MBOkETAPMQ0wCwYDVQQDDAR4NDA5MBOkETAPMQ0wCwYDVQQDDAR4NDEw +MBOkETAPMQ0wCwYDVQQDDAR4NDExMBOkETAPMQ0wCwYDVQQDDAR4NDEyMBOkETAP +MQ0wCwYDVQQDDAR4NDEzMBOkETAPMQ0wCwYDVQQDDAR4NDE0MBOkETAPMQ0wCwYD +VQQDDAR4NDE1MBOkETAPMQ0wCwYDVQQDDAR4NDE2MBOkETAPMQ0wCwYDVQQDDAR4 +NDE3MBOkETAPMQ0wCwYDVQQDDAR4NDE4MBOkETAPMQ0wCwYDVQQDDAR4NDE5MBOk +ETAPMQ0wCwYDVQQDDAR4NDIwMBOkETAPMQ0wCwYDVQQDDAR4NDIxMBOkETAPMQ0w +CwYDVQQDDAR4NDIyMBOkETAPMQ0wCwYDVQQDDAR4NDIzMBOkETAPMQ0wCwYDVQQD +DAR4NDI0MBOkETAPMQ0wCwYDVQQDDAR4NDI1MBOkETAPMQ0wCwYDVQQDDAR4NDI2 +MBOkETAPMQ0wCwYDVQQDDAR4NDI3MBOkETAPMQ0wCwYDVQQDDAR4NDI4MBOkETAP +MQ0wCwYDVQQDDAR4NDI5MBOkETAPMQ0wCwYDVQQDDAR4NDMwMBOkETAPMQ0wCwYD +VQQDDAR4NDMxMBOkETAPMQ0wCwYDVQQDDAR4NDMyMBOkETAPMQ0wCwYDVQQDDAR4 +NDMzMBOkETAPMQ0wCwYDVQQDDAR4NDM0MBOkETAPMQ0wCwYDVQQDDAR4NDM1MBOk +ETAPMQ0wCwYDVQQDDAR4NDM2MBOkETAPMQ0wCwYDVQQDDAR4NDM3MBOkETAPMQ0w +CwYDVQQDDAR4NDM4MBOkETAPMQ0wCwYDVQQDDAR4NDM5MBOkETAPMQ0wCwYDVQQD +DAR4NDQwMBOkETAPMQ0wCwYDVQQDDAR4NDQxMBOkETAPMQ0wCwYDVQQDDAR4NDQy +MBOkETAPMQ0wCwYDVQQDDAR4NDQzMBOkETAPMQ0wCwYDVQQDDAR4NDQ0MBOkETAP +MQ0wCwYDVQQDDAR4NDQ1MBOkETAPMQ0wCwYDVQQDDAR4NDQ2MBOkETAPMQ0wCwYD +VQQDDAR4NDQ3MBOkETAPMQ0wCwYDVQQDDAR4NDQ4MBOkETAPMQ0wCwYDVQQDDAR4 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR4NDUwMBOkETAPMQ0wCwYDVQQDDAR4NDUxMBOk +ETAPMQ0wCwYDVQQDDAR4NDUyMBOkETAPMQ0wCwYDVQQDDAR4NDUzMBOkETAPMQ0w +CwYDVQQDDAR4NDU0MBOkETAPMQ0wCwYDVQQDDAR4NDU1MBOkETAPMQ0wCwYDVQQD +DAR4NDU2MBOkETAPMQ0wCwYDVQQDDAR4NDU3MBOkETAPMQ0wCwYDVQQDDAR4NDU4 +MBOkETAPMQ0wCwYDVQQDDAR4NDU5MBOkETAPMQ0wCwYDVQQDDAR4NDYwMBOkETAP +MQ0wCwYDVQQDDAR4NDYxMBOkETAPMQ0wCwYDVQQDDAR4NDYyMBOkETAPMQ0wCwYD +VQQDDAR4NDYzMBOkETAPMQ0wCwYDVQQDDAR4NDY0MBOkETAPMQ0wCwYDVQQDDAR4 +NDY1MBOkETAPMQ0wCwYDVQQDDAR4NDY2MBOkETAPMQ0wCwYDVQQDDAR4NDY3MBOk +ETAPMQ0wCwYDVQQDDAR4NDY4MBOkETAPMQ0wCwYDVQQDDAR4NDY5MBOkETAPMQ0w +CwYDVQQDDAR4NDcwMBOkETAPMQ0wCwYDVQQDDAR4NDcxMBOkETAPMQ0wCwYDVQQD +DAR4NDcyMBOkETAPMQ0wCwYDVQQDDAR4NDczMBOkETAPMQ0wCwYDVQQDDAR4NDc0 +MBOkETAPMQ0wCwYDVQQDDAR4NDc1MBOkETAPMQ0wCwYDVQQDDAR4NDc2MBOkETAP +MQ0wCwYDVQQDDAR4NDc3MBOkETAPMQ0wCwYDVQQDDAR4NDc4MBOkETAPMQ0wCwYD +VQQDDAR4NDc5MBOkETAPMQ0wCwYDVQQDDAR4NDgwMBOkETAPMQ0wCwYDVQQDDAR4 +NDgxMBOkETAPMQ0wCwYDVQQDDAR4NDgyMBOkETAPMQ0wCwYDVQQDDAR4NDgzMBOk +ETAPMQ0wCwYDVQQDDAR4NDg0MBOkETAPMQ0wCwYDVQQDDAR4NDg1MBOkETAPMQ0w +CwYDVQQDDAR4NDg2MBOkETAPMQ0wCwYDVQQDDAR4NDg3MBOkETAPMQ0wCwYDVQQD +DAR4NDg4MBOkETAPMQ0wCwYDVQQDDAR4NDg5MBOkETAPMQ0wCwYDVQQDDAR4NDkw +MBOkETAPMQ0wCwYDVQQDDAR4NDkxMBOkETAPMQ0wCwYDVQQDDAR4NDkyMBOkETAP +MQ0wCwYDVQQDDAR4NDkzMBOkETAPMQ0wCwYDVQQDDAR4NDk0MBOkETAPMQ0wCwYD +VQQDDAR4NDk1MBOkETAPMQ0wCwYDVQQDDAR4NDk2MBOkETAPMQ0wCwYDVQQDDAR4 +NDk3MBOkETAPMQ0wCwYDVQQDDAR4NDk4MBOkETAPMQ0wCwYDVQQDDAR4NDk5MBOk +ETAPMQ0wCwYDVQQDDAR4NTAwMBOkETAPMQ0wCwYDVQQDDAR4NTAxMBOkETAPMQ0w +CwYDVQQDDAR4NTAyMBOkETAPMQ0wCwYDVQQDDAR4NTAzMBOkETAPMQ0wCwYDVQQD +DAR4NTA0MBOkETAPMQ0wCwYDVQQDDAR4NTA1MBOkETAPMQ0wCwYDVQQDDAR4NTA2 +MBOkETAPMQ0wCwYDVQQDDAR4NTA3MBOkETAPMQ0wCwYDVQQDDAR4NTA4MBOkETAP +MQ0wCwYDVQQDDAR4NTA5MBOkETAPMQ0wCwYDVQQDDAR4NTEwMBOkETAPMQ0wCwYD +VQQDDAR4NTExMBOkETAPMQ0wCwYDVQQDDAR4NTEyMBOkETAPMQ0wCwYDVQQDDAR4 +NTEzMBOkETAPMQ0wCwYDVQQDDAR4NTE0MBOkETAPMQ0wCwYDVQQDDAR4NTE1MBOk +ETAPMQ0wCwYDVQQDDAR4NTE2MBOkETAPMQ0wCwYDVQQDDAR4NTE3MBOkETAPMQ0w +CwYDVQQDDAR4NTE4MBOkETAPMQ0wCwYDVQQDDAR4NTE5MBOkETAPMQ0wCwYDVQQD +DAR4NTIwMBOkETAPMQ0wCwYDVQQDDAR4NTIxMBOkETAPMQ0wCwYDVQQDDAR4NTIy +MBOkETAPMQ0wCwYDVQQDDAR4NTIzMBOkETAPMQ0wCwYDVQQDDAR4NTI0MBOkETAP +MQ0wCwYDVQQDDAR4NTI1MBOkETAPMQ0wCwYDVQQDDAR4NTI2MBOkETAPMQ0wCwYD +VQQDDAR4NTI3MBOkETAPMQ0wCwYDVQQDDAR4NTI4MBOkETAPMQ0wCwYDVQQDDAR4 +NTI5MBOkETAPMQ0wCwYDVQQDDAR4NTMwMBOkETAPMQ0wCwYDVQQDDAR4NTMxMBOk +ETAPMQ0wCwYDVQQDDAR4NTMyMBOkETAPMQ0wCwYDVQQDDAR4NTMzMBOkETAPMQ0w +CwYDVQQDDAR4NTM0MBOkETAPMQ0wCwYDVQQDDAR4NTM1MBOkETAPMQ0wCwYDVQQD +DAR4NTM2MBOkETAPMQ0wCwYDVQQDDAR4NTM3MBOkETAPMQ0wCwYDVQQDDAR4NTM4 +MBOkETAPMQ0wCwYDVQQDDAR4NTM5MBOkETAPMQ0wCwYDVQQDDAR4NTQwMBOkETAP +MQ0wCwYDVQQDDAR4NTQxMBOkETAPMQ0wCwYDVQQDDAR4NTQyMBOkETAPMQ0wCwYD +VQQDDAR4NTQzMBOkETAPMQ0wCwYDVQQDDAR4NTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR4NTQ2MBOkETAPMQ0wCwYDVQQDDAR4NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4NTQ4MBOkETAPMQ0wCwYDVQQDDAR4NTQ5MBOkETAPMQ0w +CwYDVQQDDAR4NTUwMBOkETAPMQ0wCwYDVQQDDAR4NTUxMBOkETAPMQ0wCwYDVQQD +DAR4NTUyMBOkETAPMQ0wCwYDVQQDDAR4NTUzMBOkETAPMQ0wCwYDVQQDDAR4NTU0 +MBOkETAPMQ0wCwYDVQQDDAR4NTU1MBOkETAPMQ0wCwYDVQQDDAR4NTU2MBOkETAP +MQ0wCwYDVQQDDAR4NTU3MBOkETAPMQ0wCwYDVQQDDAR4NTU4MBOkETAPMQ0wCwYD +VQQDDAR4NTU5MBOkETAPMQ0wCwYDVQQDDAR4NTYwMBOkETAPMQ0wCwYDVQQDDAR4 +NTYxMBOkETAPMQ0wCwYDVQQDDAR4NTYyMBOkETAPMQ0wCwYDVQQDDAR4NTYzMBOk +ETAPMQ0wCwYDVQQDDAR4NTY0MBOkETAPMQ0wCwYDVQQDDAR4NTY1MBOkETAPMQ0w +CwYDVQQDDAR4NTY2MBOkETAPMQ0wCwYDVQQDDAR4NTY3MBOkETAPMQ0wCwYDVQQD +DAR4NTY4MBOkETAPMQ0wCwYDVQQDDAR4NTY5MBOkETAPMQ0wCwYDVQQDDAR4NTcw +MBOkETAPMQ0wCwYDVQQDDAR4NTcxMBOkETAPMQ0wCwYDVQQDDAR4NTcyMBOkETAP +MQ0wCwYDVQQDDAR4NTczMBOkETAPMQ0wCwYDVQQDDAR4NTc0MBOkETAPMQ0wCwYD +VQQDDAR4NTc1MBOkETAPMQ0wCwYDVQQDDAR4NTc2MBOkETAPMQ0wCwYDVQQDDAR4 +NTc3MBOkETAPMQ0wCwYDVQQDDAR4NTc4MBOkETAPMQ0wCwYDVQQDDAR4NTc5MBOk +ETAPMQ0wCwYDVQQDDAR4NTgwMBOkETAPMQ0wCwYDVQQDDAR4NTgxMBOkETAPMQ0w +CwYDVQQDDAR4NTgyMBOkETAPMQ0wCwYDVQQDDAR4NTgzMBOkETAPMQ0wCwYDVQQD +DAR4NTg0MBOkETAPMQ0wCwYDVQQDDAR4NTg1MBOkETAPMQ0wCwYDVQQDDAR4NTg2 +MBOkETAPMQ0wCwYDVQQDDAR4NTg3MBOkETAPMQ0wCwYDVQQDDAR4NTg4MBOkETAP +MQ0wCwYDVQQDDAR4NTg5MBOkETAPMQ0wCwYDVQQDDAR4NTkwMBOkETAPMQ0wCwYD +VQQDDAR4NTkxMBOkETAPMQ0wCwYDVQQDDAR4NTkyMBOkETAPMQ0wCwYDVQQDDAR4 +NTkzMBOkETAPMQ0wCwYDVQQDDAR4NTk0MBOkETAPMQ0wCwYDVQQDDAR4NTk1MBOk +ETAPMQ0wCwYDVQQDDAR4NTk2MBOkETAPMQ0wCwYDVQQDDAR4NTk3MBOkETAPMQ0w +CwYDVQQDDAR4NTk4MBOkETAPMQ0wCwYDVQQDDAR4NTk5MBOkETAPMQ0wCwYDVQQD +DAR4NjAwMBOkETAPMQ0wCwYDVQQDDAR4NjAxMBOkETAPMQ0wCwYDVQQDDAR4NjAy +MBOkETAPMQ0wCwYDVQQDDAR4NjAzMBOkETAPMQ0wCwYDVQQDDAR4NjA0MBOkETAP +MQ0wCwYDVQQDDAR4NjA1MBOkETAPMQ0wCwYDVQQDDAR4NjA2MBOkETAPMQ0wCwYD +VQQDDAR4NjA3MBOkETAPMQ0wCwYDVQQDDAR4NjA4MBOkETAPMQ0wCwYDVQQDDAR4 +NjA5MBOkETAPMQ0wCwYDVQQDDAR4NjEwMBOkETAPMQ0wCwYDVQQDDAR4NjExMBOk +ETAPMQ0wCwYDVQQDDAR4NjEyMBOkETAPMQ0wCwYDVQQDDAR4NjEzMBOkETAPMQ0w +CwYDVQQDDAR4NjE0MBOkETAPMQ0wCwYDVQQDDAR4NjE1MBOkETAPMQ0wCwYDVQQD +DAR4NjE2MBOkETAPMQ0wCwYDVQQDDAR4NjE3MBOkETAPMQ0wCwYDVQQDDAR4NjE4 +MBOkETAPMQ0wCwYDVQQDDAR4NjE5MBOkETAPMQ0wCwYDVQQDDAR4NjIwMBOkETAP +MQ0wCwYDVQQDDAR4NjIxMBOkETAPMQ0wCwYDVQQDDAR4NjIyMBOkETAPMQ0wCwYD +VQQDDAR4NjIzMBOkETAPMQ0wCwYDVQQDDAR4NjI0MBOkETAPMQ0wCwYDVQQDDAR4 +NjI1MBOkETAPMQ0wCwYDVQQDDAR4NjI2MBOkETAPMQ0wCwYDVQQDDAR4NjI3MBOk +ETAPMQ0wCwYDVQQDDAR4NjI4MBOkETAPMQ0wCwYDVQQDDAR4NjI5MBOkETAPMQ0w +CwYDVQQDDAR4NjMwMBOkETAPMQ0wCwYDVQQDDAR4NjMxMBOkETAPMQ0wCwYDVQQD +DAR4NjMyMBOkETAPMQ0wCwYDVQQDDAR4NjMzMBOkETAPMQ0wCwYDVQQDDAR4NjM0 +MBOkETAPMQ0wCwYDVQQDDAR4NjM1MBOkETAPMQ0wCwYDVQQDDAR4NjM2MBOkETAP +MQ0wCwYDVQQDDAR4NjM3MBOkETAPMQ0wCwYDVQQDDAR4NjM4MBOkETAPMQ0wCwYD +VQQDDAR4NjM5MBOkETAPMQ0wCwYDVQQDDAR4NjQwMBOkETAPMQ0wCwYDVQQDDAR4 +NjQxMBOkETAPMQ0wCwYDVQQDDAR4NjQyMBOkETAPMQ0wCwYDVQQDDAR4NjQzMBOk +ETAPMQ0wCwYDVQQDDAR4NjQ0MBOkETAPMQ0wCwYDVQQDDAR4NjQ1MBOkETAPMQ0w +CwYDVQQDDAR4NjQ2MBOkETAPMQ0wCwYDVQQDDAR4NjQ3MBOkETAPMQ0wCwYDVQQD +DAR4NjQ4MBOkETAPMQ0wCwYDVQQDDAR4NjQ5MBOkETAPMQ0wCwYDVQQDDAR4NjUw +MBOkETAPMQ0wCwYDVQQDDAR4NjUxMBOkETAPMQ0wCwYDVQQDDAR4NjUyMBOkETAP +MQ0wCwYDVQQDDAR4NjUzMBOkETAPMQ0wCwYDVQQDDAR4NjU0MBOkETAPMQ0wCwYD +VQQDDAR4NjU1MBOkETAPMQ0wCwYDVQQDDAR4NjU2MBOkETAPMQ0wCwYDVQQDDAR4 +NjU3MBOkETAPMQ0wCwYDVQQDDAR4NjU4MBOkETAPMQ0wCwYDVQQDDAR4NjU5MBOk +ETAPMQ0wCwYDVQQDDAR4NjYwMBOkETAPMQ0wCwYDVQQDDAR4NjYxMBOkETAPMQ0w +CwYDVQQDDAR4NjYyMBOkETAPMQ0wCwYDVQQDDAR4NjYzMBOkETAPMQ0wCwYDVQQD +DAR4NjY0MBOkETAPMQ0wCwYDVQQDDAR4NjY1MBOkETAPMQ0wCwYDVQQDDAR4NjY2 +MBOkETAPMQ0wCwYDVQQDDAR4NjY3MBOkETAPMQ0wCwYDVQQDDAR4NjY4MBOkETAP +MQ0wCwYDVQQDDAR4NjY5MBOkETAPMQ0wCwYDVQQDDAR4NjcwMBOkETAPMQ0wCwYD +VQQDDAR4NjcxMBOkETAPMQ0wCwYDVQQDDAR4NjcyMBOkETAPMQ0wCwYDVQQDDAR4 +NjczMBOkETAPMQ0wCwYDVQQDDAR4Njc0MBOkETAPMQ0wCwYDVQQDDAR4Njc1MBOk +ETAPMQ0wCwYDVQQDDAR4Njc2MBOkETAPMQ0wCwYDVQQDDAR4Njc3MBOkETAPMQ0w +CwYDVQQDDAR4Njc4MBOkETAPMQ0wCwYDVQQDDAR4Njc5MBOkETAPMQ0wCwYDVQQD +DAR4NjgwMBOkETAPMQ0wCwYDVQQDDAR4NjgxMBOkETAPMQ0wCwYDVQQDDAR4Njgy +MBOkETAPMQ0wCwYDVQQDDAR4NjgzMBOkETAPMQ0wCwYDVQQDDAR4Njg0MBOkETAP +MQ0wCwYDVQQDDAR4Njg1MBOkETAPMQ0wCwYDVQQDDAR4Njg2MBOkETAPMQ0wCwYD +VQQDDAR4Njg3MBOkETAPMQ0wCwYDVQQDDAR4Njg4MBOkETAPMQ0wCwYDVQQDDAR4 +Njg5MBOkETAPMQ0wCwYDVQQDDAR4NjkwMBOkETAPMQ0wCwYDVQQDDAR4NjkxMBOk +ETAPMQ0wCwYDVQQDDAR4NjkyMBOkETAPMQ0wCwYDVQQDDAR4NjkzMBOkETAPMQ0w +CwYDVQQDDAR4Njk0MBOkETAPMQ0wCwYDVQQDDAR4Njk1MBOkETAPMQ0wCwYDVQQD +DAR4Njk2MBOkETAPMQ0wCwYDVQQDDAR4Njk3MBOkETAPMQ0wCwYDVQQDDAR4Njk4 +MBOkETAPMQ0wCwYDVQQDDAR4Njk5MBOkETAPMQ0wCwYDVQQDDAR4NzAwMBOkETAP +MQ0wCwYDVQQDDAR4NzAxMBOkETAPMQ0wCwYDVQQDDAR4NzAyMBOkETAPMQ0wCwYD +VQQDDAR4NzAzMBOkETAPMQ0wCwYDVQQDDAR4NzA0MBOkETAPMQ0wCwYDVQQDDAR4 +NzA1MBOkETAPMQ0wCwYDVQQDDAR4NzA2MBOkETAPMQ0wCwYDVQQDDAR4NzA3MBOk +ETAPMQ0wCwYDVQQDDAR4NzA4MBOkETAPMQ0wCwYDVQQDDAR4NzA5MBOkETAPMQ0w +CwYDVQQDDAR4NzEwMBOkETAPMQ0wCwYDVQQDDAR4NzExMBOkETAPMQ0wCwYDVQQD +DAR4NzEyMBOkETAPMQ0wCwYDVQQDDAR4NzEzMBOkETAPMQ0wCwYDVQQDDAR4NzE0 +MBOkETAPMQ0wCwYDVQQDDAR4NzE1MBOkETAPMQ0wCwYDVQQDDAR4NzE2MBOkETAP +MQ0wCwYDVQQDDAR4NzE3MBOkETAPMQ0wCwYDVQQDDAR4NzE4MBOkETAPMQ0wCwYD +VQQDDAR4NzE5MBOkETAPMQ0wCwYDVQQDDAR4NzIwMBOkETAPMQ0wCwYDVQQDDAR4 +NzIxMBOkETAPMQ0wCwYDVQQDDAR4NzIyMBOkETAPMQ0wCwYDVQQDDAR4NzIzMBOk +ETAPMQ0wCwYDVQQDDAR4NzI0MBOkETAPMQ0wCwYDVQQDDAR4NzI1MBOkETAPMQ0w +CwYDVQQDDAR4NzI2MBOkETAPMQ0wCwYDVQQDDAR4NzI3MBOkETAPMQ0wCwYDVQQD +DAR4NzI4MBOkETAPMQ0wCwYDVQQDDAR4NzI5MBOkETAPMQ0wCwYDVQQDDAR4NzMw +MBOkETAPMQ0wCwYDVQQDDAR4NzMxMBOkETAPMQ0wCwYDVQQDDAR4NzMyMBOkETAP +MQ0wCwYDVQQDDAR4NzMzMBOkETAPMQ0wCwYDVQQDDAR4NzM0MBOkETAPMQ0wCwYD +VQQDDAR4NzM1MBOkETAPMQ0wCwYDVQQDDAR4NzM2MBOkETAPMQ0wCwYDVQQDDAR4 +NzM3MBOkETAPMQ0wCwYDVQQDDAR4NzM4MBOkETAPMQ0wCwYDVQQDDAR4NzM5MBOk +ETAPMQ0wCwYDVQQDDAR4NzQwMBOkETAPMQ0wCwYDVQQDDAR4NzQxMBOkETAPMQ0w +CwYDVQQDDAR4NzQyMBOkETAPMQ0wCwYDVQQDDAR4NzQzMBOkETAPMQ0wCwYDVQQD +DAR4NzQ0MBOkETAPMQ0wCwYDVQQDDAR4NzQ1MBOkETAPMQ0wCwYDVQQDDAR4NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4NzQ3MBOkETAPMQ0wCwYDVQQDDAR4NzQ4MBOkETAP +MQ0wCwYDVQQDDAR4NzQ5MBOkETAPMQ0wCwYDVQQDDAR4NzUwMBOkETAPMQ0wCwYD +VQQDDAR4NzUxMBOkETAPMQ0wCwYDVQQDDAR4NzUyMBOkETAPMQ0wCwYDVQQDDAR4 +NzUzMBOkETAPMQ0wCwYDVQQDDAR4NzU0MBOkETAPMQ0wCwYDVQQDDAR4NzU1MBOk +ETAPMQ0wCwYDVQQDDAR4NzU2MBOkETAPMQ0wCwYDVQQDDAR4NzU3MBOkETAPMQ0w +CwYDVQQDDAR4NzU4MBOkETAPMQ0wCwYDVQQDDAR4NzU5MBOkETAPMQ0wCwYDVQQD +DAR4NzYwMBOkETAPMQ0wCwYDVQQDDAR4NzYxMBOkETAPMQ0wCwYDVQQDDAR4NzYy +MBOkETAPMQ0wCwYDVQQDDAR4NzYzMBOkETAPMQ0wCwYDVQQDDAR4NzY0MBOkETAP +MQ0wCwYDVQQDDAR4NzY1MBOkETAPMQ0wCwYDVQQDDAR4NzY2MBOkETAPMQ0wCwYD +VQQDDAR4NzY3MBOkETAPMQ0wCwYDVQQDDAR4NzY4MBOkETAPMQ0wCwYDVQQDDAR4 +NzY5MBOkETAPMQ0wCwYDVQQDDAR4NzcwMBOkETAPMQ0wCwYDVQQDDAR4NzcxMBOk +ETAPMQ0wCwYDVQQDDAR4NzcyMBOkETAPMQ0wCwYDVQQDDAR4NzczMBOkETAPMQ0w +CwYDVQQDDAR4Nzc0MBOkETAPMQ0wCwYDVQQDDAR4Nzc1MBOkETAPMQ0wCwYDVQQD +DAR4Nzc2MBOkETAPMQ0wCwYDVQQDDAR4Nzc3MBOkETAPMQ0wCwYDVQQDDAR4Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Nzc5MBOkETAPMQ0wCwYDVQQDDAR4NzgwMBOkETAP +MQ0wCwYDVQQDDAR4NzgxMBOkETAPMQ0wCwYDVQQDDAR4NzgyMBOkETAPMQ0wCwYD +VQQDDAR4NzgzMBOkETAPMQ0wCwYDVQQDDAR4Nzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR4Nzg2MBOkETAPMQ0wCwYDVQQDDAR4Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Nzg4MBOkETAPMQ0wCwYDVQQDDAR4Nzg5MBOkETAPMQ0w +CwYDVQQDDAR4NzkwMBOkETAPMQ0wCwYDVQQDDAR4NzkxMBOkETAPMQ0wCwYDVQQD +DAR4NzkyMBOkETAPMQ0wCwYDVQQDDAR4NzkzMBOkETAPMQ0wCwYDVQQDDAR4Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Nzk1MBOkETAPMQ0wCwYDVQQDDAR4Nzk2MBOkETAP +MQ0wCwYDVQQDDAR4Nzk3MBOkETAPMQ0wCwYDVQQDDAR4Nzk4MBOkETAPMQ0wCwYD +VQQDDAR4Nzk5MBOkETAPMQ0wCwYDVQQDDAR4ODAwMBOkETAPMQ0wCwYDVQQDDAR4 +ODAxMBOkETAPMQ0wCwYDVQQDDAR4ODAyMBOkETAPMQ0wCwYDVQQDDAR4ODAzMBOk +ETAPMQ0wCwYDVQQDDAR4ODA0MBOkETAPMQ0wCwYDVQQDDAR4ODA1MBOkETAPMQ0w +CwYDVQQDDAR4ODA2MBOkETAPMQ0wCwYDVQQDDAR4ODA3MBOkETAPMQ0wCwYDVQQD +DAR4ODA4MBOkETAPMQ0wCwYDVQQDDAR4ODA5MBOkETAPMQ0wCwYDVQQDDAR4ODEw +MBOkETAPMQ0wCwYDVQQDDAR4ODExMBOkETAPMQ0wCwYDVQQDDAR4ODEyMBOkETAP +MQ0wCwYDVQQDDAR4ODEzMBOkETAPMQ0wCwYDVQQDDAR4ODE0MBOkETAPMQ0wCwYD +VQQDDAR4ODE1MBOkETAPMQ0wCwYDVQQDDAR4ODE2MBOkETAPMQ0wCwYDVQQDDAR4 +ODE3MBOkETAPMQ0wCwYDVQQDDAR4ODE4MBOkETAPMQ0wCwYDVQQDDAR4ODE5MBOk +ETAPMQ0wCwYDVQQDDAR4ODIwMBOkETAPMQ0wCwYDVQQDDAR4ODIxMBOkETAPMQ0w +CwYDVQQDDAR4ODIyMBOkETAPMQ0wCwYDVQQDDAR4ODIzMBOkETAPMQ0wCwYDVQQD +DAR4ODI0MBOkETAPMQ0wCwYDVQQDDAR4ODI1MBOkETAPMQ0wCwYDVQQDDAR4ODI2 +MBOkETAPMQ0wCwYDVQQDDAR4ODI3MBOkETAPMQ0wCwYDVQQDDAR4ODI4MBOkETAP +MQ0wCwYDVQQDDAR4ODI5MBOkETAPMQ0wCwYDVQQDDAR4ODMwMBOkETAPMQ0wCwYD +VQQDDAR4ODMxMBOkETAPMQ0wCwYDVQQDDAR4ODMyMBOkETAPMQ0wCwYDVQQDDAR4 +ODMzMBOkETAPMQ0wCwYDVQQDDAR4ODM0MBOkETAPMQ0wCwYDVQQDDAR4ODM1MBOk +ETAPMQ0wCwYDVQQDDAR4ODM2MBOkETAPMQ0wCwYDVQQDDAR4ODM3MBOkETAPMQ0w +CwYDVQQDDAR4ODM4MBOkETAPMQ0wCwYDVQQDDAR4ODM5MBOkETAPMQ0wCwYDVQQD +DAR4ODQwMBOkETAPMQ0wCwYDVQQDDAR4ODQxMBOkETAPMQ0wCwYDVQQDDAR4ODQy +MBOkETAPMQ0wCwYDVQQDDAR4ODQzMBOkETAPMQ0wCwYDVQQDDAR4ODQ0MBOkETAP +MQ0wCwYDVQQDDAR4ODQ1MBOkETAPMQ0wCwYDVQQDDAR4ODQ2MBOkETAPMQ0wCwYD +VQQDDAR4ODQ3MBOkETAPMQ0wCwYDVQQDDAR4ODQ4MBOkETAPMQ0wCwYDVQQDDAR4 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR4ODUwMBOkETAPMQ0wCwYDVQQDDAR4ODUxMBOk +ETAPMQ0wCwYDVQQDDAR4ODUyMBOkETAPMQ0wCwYDVQQDDAR4ODUzMBOkETAPMQ0w +CwYDVQQDDAR4ODU0MBOkETAPMQ0wCwYDVQQDDAR4ODU1MBOkETAPMQ0wCwYDVQQD +DAR4ODU2MBOkETAPMQ0wCwYDVQQDDAR4ODU3MBOkETAPMQ0wCwYDVQQDDAR4ODU4 +MBOkETAPMQ0wCwYDVQQDDAR4ODU5MBOkETAPMQ0wCwYDVQQDDAR4ODYwMBOkETAP +MQ0wCwYDVQQDDAR4ODYxMBOkETAPMQ0wCwYDVQQDDAR4ODYyMBOkETAPMQ0wCwYD +VQQDDAR4ODYzMBOkETAPMQ0wCwYDVQQDDAR4ODY0MBOkETAPMQ0wCwYDVQQDDAR4 +ODY1MBOkETAPMQ0wCwYDVQQDDAR4ODY2MBOkETAPMQ0wCwYDVQQDDAR4ODY3MBOk +ETAPMQ0wCwYDVQQDDAR4ODY4MBOkETAPMQ0wCwYDVQQDDAR4ODY5MBOkETAPMQ0w +CwYDVQQDDAR4ODcwMBOkETAPMQ0wCwYDVQQDDAR4ODcxMBOkETAPMQ0wCwYDVQQD +DAR4ODcyMBOkETAPMQ0wCwYDVQQDDAR4ODczMBOkETAPMQ0wCwYDVQQDDAR4ODc0 +MBOkETAPMQ0wCwYDVQQDDAR4ODc1MBOkETAPMQ0wCwYDVQQDDAR4ODc2MBOkETAP +MQ0wCwYDVQQDDAR4ODc3MBOkETAPMQ0wCwYDVQQDDAR4ODc4MBOkETAPMQ0wCwYD +VQQDDAR4ODc5MBOkETAPMQ0wCwYDVQQDDAR4ODgwMBOkETAPMQ0wCwYDVQQDDAR4 +ODgxMBOkETAPMQ0wCwYDVQQDDAR4ODgyMBOkETAPMQ0wCwYDVQQDDAR4ODgzMBOk +ETAPMQ0wCwYDVQQDDAR4ODg0MBOkETAPMQ0wCwYDVQQDDAR4ODg1MBOkETAPMQ0w +CwYDVQQDDAR4ODg2MBOkETAPMQ0wCwYDVQQDDAR4ODg3MBOkETAPMQ0wCwYDVQQD +DAR4ODg4MBOkETAPMQ0wCwYDVQQDDAR4ODg5MBOkETAPMQ0wCwYDVQQDDAR4ODkw +MBOkETAPMQ0wCwYDVQQDDAR4ODkxMBOkETAPMQ0wCwYDVQQDDAR4ODkyMBOkETAP +MQ0wCwYDVQQDDAR4ODkzMBOkETAPMQ0wCwYDVQQDDAR4ODk0MBOkETAPMQ0wCwYD +VQQDDAR4ODk1MBOkETAPMQ0wCwYDVQQDDAR4ODk2MBOkETAPMQ0wCwYDVQQDDAR4 +ODk3MBOkETAPMQ0wCwYDVQQDDAR4ODk4MBOkETAPMQ0wCwYDVQQDDAR4ODk5MBOk +ETAPMQ0wCwYDVQQDDAR4OTAwMBOkETAPMQ0wCwYDVQQDDAR4OTAxMBOkETAPMQ0w +CwYDVQQDDAR4OTAyMBOkETAPMQ0wCwYDVQQDDAR4OTAzMBOkETAPMQ0wCwYDVQQD +DAR4OTA0MBOkETAPMQ0wCwYDVQQDDAR4OTA1MBOkETAPMQ0wCwYDVQQDDAR4OTA2 +MBOkETAPMQ0wCwYDVQQDDAR4OTA3MBOkETAPMQ0wCwYDVQQDDAR4OTA4MBOkETAP +MQ0wCwYDVQQDDAR4OTA5MBOkETAPMQ0wCwYDVQQDDAR4OTEwMBOkETAPMQ0wCwYD +VQQDDAR4OTExMBOkETAPMQ0wCwYDVQQDDAR4OTEyMBOkETAPMQ0wCwYDVQQDDAR4 +OTEzMBOkETAPMQ0wCwYDVQQDDAR4OTE0MBOkETAPMQ0wCwYDVQQDDAR4OTE1MBOk +ETAPMQ0wCwYDVQQDDAR4OTE2MBOkETAPMQ0wCwYDVQQDDAR4OTE3MBOkETAPMQ0w +CwYDVQQDDAR4OTE4MBOkETAPMQ0wCwYDVQQDDAR4OTE5MBOkETAPMQ0wCwYDVQQD +DAR4OTIwMBOkETAPMQ0wCwYDVQQDDAR4OTIxMBOkETAPMQ0wCwYDVQQDDAR4OTIy +MBOkETAPMQ0wCwYDVQQDDAR4OTIzMBOkETAPMQ0wCwYDVQQDDAR4OTI0MBOkETAP +MQ0wCwYDVQQDDAR4OTI1MBOkETAPMQ0wCwYDVQQDDAR4OTI2MBOkETAPMQ0wCwYD +VQQDDAR4OTI3MBOkETAPMQ0wCwYDVQQDDAR4OTI4MBOkETAPMQ0wCwYDVQQDDAR4 +OTI5MBOkETAPMQ0wCwYDVQQDDAR4OTMwMBOkETAPMQ0wCwYDVQQDDAR4OTMxMBOk +ETAPMQ0wCwYDVQQDDAR4OTMyMBOkETAPMQ0wCwYDVQQDDAR4OTMzMBOkETAPMQ0w +CwYDVQQDDAR4OTM0MBOkETAPMQ0wCwYDVQQDDAR4OTM1MBOkETAPMQ0wCwYDVQQD +DAR4OTM2MBOkETAPMQ0wCwYDVQQDDAR4OTM3MBOkETAPMQ0wCwYDVQQDDAR4OTM4 +MBOkETAPMQ0wCwYDVQQDDAR4OTM5MBOkETAPMQ0wCwYDVQQDDAR4OTQwMBOkETAP +MQ0wCwYDVQQDDAR4OTQxMBOkETAPMQ0wCwYDVQQDDAR4OTQyMBOkETAPMQ0wCwYD +VQQDDAR4OTQzMBOkETAPMQ0wCwYDVQQDDAR4OTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR4OTQ2MBOkETAPMQ0wCwYDVQQDDAR4OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4OTQ4MBOkETAPMQ0wCwYDVQQDDAR4OTQ5MBOkETAPMQ0w +CwYDVQQDDAR4OTUwMBOkETAPMQ0wCwYDVQQDDAR4OTUxMBOkETAPMQ0wCwYDVQQD +DAR4OTUyMBOkETAPMQ0wCwYDVQQDDAR4OTUzMBOkETAPMQ0wCwYDVQQDDAR4OTU0 +MBOkETAPMQ0wCwYDVQQDDAR4OTU1MBOkETAPMQ0wCwYDVQQDDAR4OTU2MBOkETAP +MQ0wCwYDVQQDDAR4OTU3MBOkETAPMQ0wCwYDVQQDDAR4OTU4MBOkETAPMQ0wCwYD +VQQDDAR4OTU5MBOkETAPMQ0wCwYDVQQDDAR4OTYwMBOkETAPMQ0wCwYDVQQDDAR4 +OTYxMBOkETAPMQ0wCwYDVQQDDAR4OTYyMBOkETAPMQ0wCwYDVQQDDAR4OTYzMBOk +ETAPMQ0wCwYDVQQDDAR4OTY0MBOkETAPMQ0wCwYDVQQDDAR4OTY1MBOkETAPMQ0w +CwYDVQQDDAR4OTY2MBOkETAPMQ0wCwYDVQQDDAR4OTY3MBOkETAPMQ0wCwYDVQQD +DAR4OTY4MBOkETAPMQ0wCwYDVQQDDAR4OTY5MBOkETAPMQ0wCwYDVQQDDAR4OTcw +MBOkETAPMQ0wCwYDVQQDDAR4OTcxMBOkETAPMQ0wCwYDVQQDDAR4OTcyMBOkETAP +MQ0wCwYDVQQDDAR4OTczMBOkETAPMQ0wCwYDVQQDDAR4OTc0MBOkETAPMQ0wCwYD +VQQDDAR4OTc1MBOkETAPMQ0wCwYDVQQDDAR4OTc2MBOkETAPMQ0wCwYDVQQDDAR4 +OTc3MBOkETAPMQ0wCwYDVQQDDAR4OTc4MBOkETAPMQ0wCwYDVQQDDAR4OTc5MBOk +ETAPMQ0wCwYDVQQDDAR4OTgwMBOkETAPMQ0wCwYDVQQDDAR4OTgxMBOkETAPMQ0w +CwYDVQQDDAR4OTgyMBOkETAPMQ0wCwYDVQQDDAR4OTgzMBOkETAPMQ0wCwYDVQQD +DAR4OTg0MBOkETAPMQ0wCwYDVQQDDAR4OTg1MBOkETAPMQ0wCwYDVQQDDAR4OTg2 +MBOkETAPMQ0wCwYDVQQDDAR4OTg3MBOkETAPMQ0wCwYDVQQDDAR4OTg4MBOkETAP +MQ0wCwYDVQQDDAR4OTg5MBOkETAPMQ0wCwYDVQQDDAR4OTkwMBOkETAPMQ0wCwYD +VQQDDAR4OTkxMBOkETAPMQ0wCwYDVQQDDAR4OTkyMBOkETAPMQ0wCwYDVQQDDAR4 +OTkzMBOkETAPMQ0wCwYDVQQDDAR4OTk0MBOkETAPMQ0wCwYDVQQDDAR4OTk1MBOk +ETAPMQ0wCwYDVQQDDAR4OTk2MBOkETAPMQ0wCwYDVQQDDAR4OTk3MBOkETAPMQ0w +CwYDVQQDDAR4OTk4MBOkETAPMQ0wCwYDVQQDDAR4OTk5MBSkEjAQMQ4wDAYDVQQD +DAV4MTAwMDAUpBIwEDEOMAwGA1UEAwwFeDEwMDEwFKQSMBAxDjAMBgNVBAMMBXgx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV4MTAwMzAUpBIwEDEOMAwGA1UEAwwFeDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXgxMDA1MBSkEjAQMQ4wDAYDVQQDDAV4MTAwNjAUpBIw +EDEOMAwGA1UEAwwFeDEwMDcwFKQSMBAxDjAMBgNVBAMMBXgxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV4MTAwOTAUpBIwEDEOMAwGA1UEAwwFeDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXgxMDExMBSkEjAQMQ4wDAYDVQQDDAV4MTAxMjAUpBIwEDEOMAwGA1UEAwwF +eDEwMTMwFKQSMBAxDjAMBgNVBAMMBXgxMDE0MBSkEjAQMQ4wDAYDVQQDDAV4MTAx +NTAUpBIwEDEOMAwGA1UEAwwFeDEwMTYwFKQSMBAxDjAMBgNVBAMMBXgxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV4MTAxODAUpBIwEDEOMAwGA1UEAwwFeDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXgxMDIwMBSkEjAQMQ4wDAYDVQQDDAV4MTAyMTAUpBIwEDEOMAwG +A1UEAwwFeDEwMjIwFKQSMBAxDjAMBgNVBAMMBXgxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV4MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAdY+tX6CMogUY2JimxR18uRH0FGok +ViERmMffDBJsQz1FVN4QFOV7wNh3ZMIBi/PQENgDQ/75UHnGkTQ4d78OCX8ff49Q +nyryMVs3DgRVEysbNDIOjduo7TTQaoOg+THRXy1YBykl0xze+HqsPadnSkzq4PkP +kf/YSNwR7KgjoeRiUbCT+G1jDybEqgnnMIWUzCItpsHhWndw4r5QZyt6hY5WNfdZ +iXBviv4cvRa1hSIO8h7QAFtjf1vrHiPA1cbJl52ap/YrjVRkC/fbJl4IsgyO3N8f +6ZI68cuJ1B9GRZzoDLJsqp9V/M0C/DyCnKV58iempYODZH8C0IzzjzKn4Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FB.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FB.pem new file mode 100644 index 0000000000..df5c47cf7e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FB.pem @@ -0,0 +1,1394 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + DNS:t172.test + DNS:t173.test + DNS:t174.test + DNS:t175.test + DNS:t176.test + DNS:t177.test + DNS:t178.test + DNS:t179.test + DNS:t180.test + DNS:t181.test + DNS:t182.test + DNS:t183.test + DNS:t184.test + DNS:t185.test + DNS:t186.test + DNS:t187.test + DNS:t188.test + DNS:t189.test + DNS:t190.test + DNS:t191.test + DNS:t192.test + DNS:t193.test + DNS:t194.test + DNS:t195.test + DNS:t196.test + DNS:t197.test + DNS:t198.test + DNS:t199.test + DNS:t200.test + DNS:t201.test + DNS:t202.test + DNS:t203.test + DNS:t204.test + DNS:t205.test + DNS:t206.test + DNS:t207.test + DNS:t208.test + DNS:t209.test + DNS:t210.test + DNS:t211.test + DNS:t212.test + DNS:t213.test + DNS:t214.test + DNS:t215.test + DNS:t216.test + DNS:t217.test + DNS:t218.test + DNS:t219.test + DNS:t220.test + DNS:t221.test + DNS:t222.test + DNS:t223.test + DNS:t224.test + DNS:t225.test + DNS:t226.test + DNS:t227.test + DNS:t228.test + DNS:t229.test + DNS:t230.test + DNS:t231.test + DNS:t232.test + DNS:t233.test + DNS:t234.test + DNS:t235.test + DNS:t236.test + DNS:t237.test + DNS:t238.test + DNS:t239.test + DNS:t240.test + DNS:t241.test + DNS:t242.test + DNS:t243.test + DNS:t244.test + DNS:t245.test + DNS:t246.test + DNS:t247.test + DNS:t248.test + DNS:t249.test + DNS:t250.test + DNS:t251.test + DNS:t252.test + DNS:t253.test + DNS:t254.test + DNS:t255.test + DNS:t256.test + DNS:t257.test + DNS:t258.test + DNS:t259.test + DNS:t260.test + DNS:t261.test + DNS:t262.test + DNS:t263.test + DNS:t264.test + DNS:t265.test + DNS:t266.test + DNS:t267.test + DNS:t268.test + DNS:t269.test + DNS:t270.test + DNS:t271.test + DNS:t272.test + DNS:t273.test + DNS:t274.test + DNS:t275.test + DNS:t276.test + DNS:t277.test + DNS:t278.test + DNS:t279.test + DNS:t280.test + DNS:t281.test + DNS:t282.test + DNS:t283.test + DNS:t284.test + DNS:t285.test + DNS:t286.test + DNS:t287.test + DNS:t288.test + DNS:t289.test + DNS:t290.test + DNS:t291.test + DNS:t292.test + DNS:t293.test + DNS:t294.test + DNS:t295.test + DNS:t296.test + DNS:t297.test + DNS:t298.test + DNS:t299.test + DNS:t300.test + DNS:t301.test + DNS:t302.test + DNS:t303.test + DNS:t304.test + DNS:t305.test + DNS:t306.test + DNS:t307.test + DNS:t308.test + DNS:t309.test + DNS:t310.test + DNS:t311.test + DNS:t312.test + DNS:t313.test + DNS:t314.test + DNS:t315.test + DNS:t316.test + DNS:t317.test + DNS:t318.test + DNS:t319.test + DNS:t320.test + DNS:t321.test + DNS:t322.test + DNS:t323.test + DNS:t324.test + DNS:t325.test + DNS:t326.test + DNS:t327.test + DNS:t328.test + DNS:t329.test + DNS:t330.test + DNS:t331.test + DNS:t332.test + DNS:t333.test + DNS:t334.test + DNS:t335.test + DNS:t336.test + DNS:t337.test + DNS:t338.test + DNS:t339.test + DNS:t340.test + DNS:t341.test + DNS:t342.test + DNS:t343.test + DNS:t344.test + DNS:t345.test + DNS:t346.test + DNS:t347.test + DNS:t348.test + DNS:t349.test + DNS:t350.test + DNS:t351.test + DNS:t352.test + DNS:t353.test + DNS:t354.test + DNS:t355.test + DNS:t356.test + DNS:t357.test + DNS:t358.test + DNS:t359.test + DNS:t360.test + DNS:t361.test + DNS:t362.test + DNS:t363.test + DNS:t364.test + DNS:t365.test + DNS:t366.test + DNS:t367.test + DNS:t368.test + DNS:t369.test + DNS:t370.test + DNS:t371.test + DNS:t372.test + DNS:t373.test + DNS:t374.test + DNS:t375.test + DNS:t376.test + DNS:t377.test + DNS:t378.test + DNS:t379.test + DNS:t380.test + DNS:t381.test + DNS:t382.test + DNS:t383.test + DNS:t384.test + DNS:t385.test + DNS:t386.test + DNS:t387.test + DNS:t388.test + DNS:t389.test + DNS:t390.test + DNS:t391.test + DNS:t392.test + DNS:t393.test + DNS:t394.test + DNS:t395.test + DNS:t396.test + DNS:t397.test + DNS:t398.test + DNS:t399.test + DNS:t400.test + DNS:t401.test + DNS:t402.test + DNS:t403.test + DNS:t404.test + DNS:t405.test + DNS:t406.test + DNS:t407.test + DNS:t408.test + DNS:t409.test + DNS:t410.test + DNS:t411.test + DNS:t412.test + DNS:t413.test + DNS:t414.test + DNS:t415.test + DNS:t416.test + DNS:t417.test + DNS:t418.test + DNS:t419.test + DNS:t420.test + DNS:t421.test + DNS:t422.test + DNS:t423.test + DNS:t424.test + DNS:t425.test + DNS:t426.test + DNS:t427.test + DNS:t428.test + DNS:t429.test + DNS:t430.test + DNS:t431.test + DNS:t432.test + DNS:t433.test + DNS:t434.test + DNS:t435.test + DNS:t436.test + DNS:t437.test + DNS:t438.test + DNS:t439.test + DNS:t440.test + DNS:t441.test + DNS:t442.test + DNS:t443.test + DNS:t444.test + DNS:t445.test + DNS:t446.test + DNS:t447.test + DNS:t448.test + DNS:t449.test + DNS:t450.test + DNS:t451.test + DNS:t452.test + DNS:t453.test + DNS:t454.test + DNS:t455.test + DNS:t456.test + DNS:t457.test + DNS:t458.test + DNS:t459.test + DNS:t460.test + DNS:t461.test + DNS:t462.test + DNS:t463.test + DNS:t464.test + DNS:t465.test + DNS:t466.test + DNS:t467.test + DNS:t468.test + DNS:t469.test + DNS:t470.test + DNS:t471.test + DNS:t472.test + DNS:t473.test + DNS:t474.test + DNS:t475.test + DNS:t476.test + DNS:t477.test + DNS:t478.test + DNS:t479.test + DNS:t480.test + DNS:t481.test + DNS:t482.test + DNS:t483.test + DNS:t484.test + DNS:t485.test + DNS:t486.test + DNS:t487.test + DNS:t488.test + DNS:t489.test + DNS:t490.test + DNS:t491.test + DNS:t492.test + DNS:t493.test + DNS:t494.test + DNS:t495.test + DNS:t496.test + DNS:t497.test + DNS:t498.test + DNS:t499.test + DNS:t500.test + DNS:t501.test + DNS:t502.test + DNS:t503.test + DNS:t504.test + DNS:t505.test + DNS:t506.test + DNS:t507.test + DNS:t508.test + DNS:t509.test + DNS:t510.test + DNS:t511.test + DNS:t512.test + DNS:t513.test + DNS:t514.test + DNS:t515.test + DNS:t516.test + DNS:t517.test + DNS:t518.test + DNS:t519.test + DNS:t520.test + DNS:t521.test + DNS:t522.test + DNS:t523.test + DNS:t524.test + DNS:t525.test + DNS:t526.test + DNS:t527.test + DNS:t528.test + DNS:t529.test + DNS:t530.test + DNS:t531.test + DNS:t532.test + DNS:t533.test + DNS:t534.test + DNS:t535.test + DNS:t536.test + DNS:t537.test + DNS:t538.test + DNS:t539.test + DNS:t540.test + DNS:t541.test + DNS:t542.test + DNS:t543.test + DNS:t544.test + DNS:t545.test + DNS:t546.test + DNS:t547.test + DNS:t548.test + DNS:t549.test + DNS:t550.test + DNS:t551.test + DNS:t552.test + DNS:t553.test + DNS:t554.test + DNS:t555.test + DNS:t556.test + DNS:t557.test + DNS:t558.test + DNS:t559.test + DNS:t560.test + DNS:t561.test + DNS:t562.test + DNS:t563.test + DNS:t564.test + DNS:t565.test + DNS:t566.test + DNS:t567.test + DNS:t568.test + DNS:t569.test + DNS:t570.test + DNS:t571.test + DNS:t572.test + DNS:t573.test + DNS:t574.test + DNS:t575.test + DNS:t576.test + DNS:t577.test + DNS:t578.test + DNS:t579.test + DNS:t580.test + DNS:t581.test + DNS:t582.test + DNS:t583.test + DNS:t584.test + DNS:t585.test + DNS:t586.test + DNS:t587.test + DNS:t588.test + DNS:t589.test + DNS:t590.test + DNS:t591.test + DNS:t592.test + DNS:t593.test + DNS:t594.test + DNS:t595.test + DNS:t596.test + DNS:t597.test + DNS:t598.test + DNS:t599.test + DNS:t600.test + DNS:t601.test + DNS:t602.test + DNS:t603.test + DNS:t604.test + DNS:t605.test + DNS:t606.test + DNS:t607.test + DNS:t608.test + DNS:t609.test + DNS:t610.test + DNS:t611.test + DNS:t612.test + DNS:t613.test + DNS:t614.test + DNS:t615.test + DNS:t616.test + DNS:t617.test + DNS:t618.test + DNS:t619.test + DNS:t620.test + DNS:t621.test + DNS:t622.test + DNS:t623.test + DNS:t624.test + DNS:t625.test + DNS:t626.test + DNS:t627.test + DNS:t628.test + DNS:t629.test + DNS:t630.test + DNS:t631.test + DNS:t632.test + DNS:t633.test + DNS:t634.test + DNS:t635.test + DNS:t636.test + DNS:t637.test + DNS:t638.test + DNS:t639.test + DNS:t640.test + DNS:t641.test + DNS:t642.test + DNS:t643.test + DNS:t644.test + DNS:t645.test + DNS:t646.test + DNS:t647.test + DNS:t648.test + DNS:t649.test + DNS:t650.test + DNS:t651.test + DNS:t652.test + DNS:t653.test + DNS:t654.test + DNS:t655.test + DNS:t656.test + DNS:t657.test + DNS:t658.test + DNS:t659.test + DNS:t660.test + DNS:t661.test + DNS:t662.test + DNS:t663.test + DNS:t664.test + DNS:t665.test + DNS:t666.test + DNS:t667.test + DNS:t668.test + DNS:t669.test + DNS:t670.test + DNS:t671.test + DNS:t672.test + DNS:t673.test + DNS:t674.test + DNS:t675.test + DNS:t676.test + DNS:t677.test + DNS:t678.test + DNS:t679.test + DNS:t680.test + DNS:t681.test + DNS:t682.test + DNS:t683.test + DNS:t684.test + DNS:t685.test + DNS:t686.test + DNS:t687.test + DNS:t688.test + DNS:t689.test + DNS:t690.test + DNS:t691.test + DNS:t692.test + DNS:t693.test + DNS:t694.test + DNS:t695.test + DNS:t696.test + DNS:t697.test + DNS:t698.test + DNS:t699.test + DNS:t700.test + DNS:t701.test + DNS:t702.test + DNS:t703.test + DNS:t704.test + DNS:t705.test + DNS:t706.test + DNS:t707.test + DNS:t708.test + DNS:t709.test + DNS:t710.test + DNS:t711.test + DNS:t712.test + DNS:t713.test + DNS:t714.test + DNS:t715.test + DNS:t716.test + DNS:t717.test + DNS:t718.test + DNS:t719.test + DNS:t720.test + DNS:t721.test + DNS:t722.test + DNS:t723.test + DNS:t724.test + DNS:t725.test + DNS:t726.test + DNS:t727.test + DNS:t728.test + DNS:t729.test + DNS:t730.test + DNS:t731.test + DNS:t732.test + DNS:t733.test + DNS:t734.test + DNS:t735.test + DNS:t736.test + DNS:t737.test + DNS:t738.test + DNS:t739.test + DNS:t740.test + DNS:t741.test + DNS:t742.test + DNS:t743.test + DNS:t744.test + DNS:t745.test + DNS:t746.test + DNS:t747.test + DNS:t748.test + DNS:t749.test + DNS:t750.test + DNS:t751.test + DNS:t752.test + DNS:t753.test + DNS:t754.test + DNS:t755.test + DNS:t756.test + DNS:t757.test + DNS:t758.test + DNS:t759.test + DNS:t760.test + DNS:t761.test + DNS:t762.test + DNS:t763.test + DNS:t764.test + DNS:t765.test + DNS:t766.test + DNS:t767.test + DNS:t768.test + DNS:t769.test + DNS:t770.test + DNS:t771.test + DNS:t772.test + DNS:t773.test + DNS:t774.test + DNS:t775.test + DNS:t776.test + DNS:t777.test + DNS:t778.test + DNS:t779.test + DNS:t780.test + DNS:t781.test + DNS:t782.test + DNS:t783.test + DNS:t784.test + DNS:t785.test + DNS:t786.test + DNS:t787.test + DNS:t788.test + DNS:t789.test + DNS:t790.test + DNS:t791.test + DNS:t792.test + DNS:t793.test + DNS:t794.test + DNS:t795.test + DNS:t796.test + DNS:t797.test + DNS:t798.test + DNS:t799.test + DNS:t800.test + DNS:t801.test + DNS:t802.test + DNS:t803.test + DNS:t804.test + DNS:t805.test + DNS:t806.test + DNS:t807.test + DNS:t808.test + DNS:t809.test + DNS:t810.test + DNS:t811.test + DNS:t812.test + DNS:t813.test + DNS:t814.test + DNS:t815.test + DNS:t816.test + DNS:t817.test + DNS:t818.test + DNS:t819.test + DNS:t820.test + DNS:t821.test + DNS:t822.test + DNS:t823.test + DNS:t824.test + DNS:t825.test + DNS:t826.test + DNS:t827.test + DNS:t828.test + DNS:t829.test + DNS:t830.test + DNS:t831.test + DNS:t832.test + DNS:t833.test + DNS:t834.test + DNS:t835.test + DNS:t836.test + DNS:t837.test + DNS:t838.test + DNS:t839.test + DNS:t840.test + DNS:t841.test + DNS:t842.test + DNS:t843.test + DNS:t844.test + DNS:t845.test + DNS:t846.test + DNS:t847.test + DNS:t848.test + DNS:t849.test + DNS:t850.test + DNS:t851.test + DNS:t852.test + DNS:t853.test + DNS:t854.test + DNS:t855.test + DNS:t856.test + DNS:t857.test + DNS:t858.test + DNS:t859.test + DNS:t860.test + DNS:t861.test + DNS:t862.test + DNS:t863.test + DNS:t864.test + DNS:t865.test + DNS:t866.test + DNS:t867.test + DNS:t868.test + DNS:t869.test + DNS:t870.test + DNS:t871.test + DNS:t872.test + DNS:t873.test + DNS:t874.test + DNS:t875.test + DNS:t876.test + DNS:t877.test + DNS:t878.test + DNS:t879.test + DNS:t880.test + DNS:t881.test + DNS:t882.test + DNS:t883.test + DNS:t884.test + DNS:t885.test + DNS:t886.test + DNS:t887.test + DNS:t888.test + DNS:t889.test + DNS:t890.test + DNS:t891.test + DNS:t892.test + DNS:t893.test + DNS:t894.test + DNS:t895.test + DNS:t896.test + DNS:t897.test + DNS:t898.test + DNS:t899.test + DNS:t900.test + DNS:t901.test + DNS:t902.test + DNS:t903.test + DNS:t904.test + DNS:t905.test + DNS:t906.test + DNS:t907.test + DNS:t908.test + DNS:t909.test + DNS:t910.test + DNS:t911.test + DNS:t912.test + DNS:t913.test + DNS:t914.test + DNS:t915.test + DNS:t916.test + DNS:t917.test + DNS:t918.test + DNS:t919.test + DNS:t920.test + DNS:t921.test + DNS:t922.test + DNS:t923.test + DNS:t924.test + DNS:t925.test + DNS:t926.test + DNS:t927.test + DNS:t928.test + DNS:t929.test + DNS:t930.test + DNS:t931.test + DNS:t932.test + DNS:t933.test + DNS:t934.test + DNS:t935.test + DNS:t936.test + DNS:t937.test + DNS:t938.test + DNS:t939.test + DNS:t940.test + DNS:t941.test + DNS:t942.test + DNS:t943.test + DNS:t944.test + DNS:t945.test + DNS:t946.test + DNS:t947.test + DNS:t948.test + DNS:t949.test + DNS:t950.test + DNS:t951.test + DNS:t952.test + DNS:t953.test + DNS:t954.test + DNS:t955.test + DNS:t956.test + DNS:t957.test + DNS:t958.test + DNS:t959.test + DNS:t960.test + DNS:t961.test + DNS:t962.test + DNS:t963.test + DNS:t964.test + DNS:t965.test + DNS:t966.test + DNS:t967.test + DNS:t968.test + DNS:t969.test + DNS:t970.test + DNS:t971.test + DNS:t972.test + DNS:t973.test + DNS:t974.test + DNS:t975.test + DNS:t976.test + DNS:t977.test + DNS:t978.test + DNS:t979.test + DNS:t980.test + DNS:t981.test + DNS:t982.test + DNS:t983.test + DNS:t984.test + DNS:t985.test + DNS:t986.test + DNS:t987.test + DNS:t988.test + DNS:t989.test + DNS:t990.test + DNS:t991.test + DNS:t992.test + DNS:t993.test + DNS:t994.test + DNS:t995.test + DNS:t996.test + DNS:t997.test + DNS:t998.test + DNS:t999.test + DNS:t1000.test + DNS:t1001.test + DNS:t1002.test + DNS:t1003.test + DNS:t1004.test + DNS:t1005.test + DNS:t1006.test + DNS:t1007.test + DNS:t1008.test + DNS:t1009.test + DNS:t1010.test + DNS:t1011.test + DNS:t1012.test + DNS:t1013.test + DNS:t1014.test + DNS:t1015.test + DNS:t1016.test + DNS:t1017.test + DNS:t1018.test + DNS:t1019.test + DNS:t1020.test + DNS:t1021.test + DNS:t1022.test + DNS:t1023.test + DNS:t1024.test + + Signature Algorithm: sha256WithRSAEncryption + 2f:8c:9f:08:43:fa:e1:c2:16:9b:e6:5a:b9:8e:7b:d5:49:ef: + d6:de:02:25:9b:46:eb:a3:df:a8:8d:07:10:40:e7:de:fe:23: + 6a:5e:9d:eb:63:7f:a1:a9:8d:34:b9:c8:bd:5f:dc:4c:eb:b3: + 89:73:23:fa:90:a3:a2:cb:f0:1f:67:f2:e8:e1:e0:74:e2:86: + 03:96:28:20:4b:b9:fc:ba:4f:80:24:de:2b:c1:27:9b:21:e5: + d9:3e:2b:66:76:50:6c:90:a3:5a:89:3e:51:34:09:1c:37:ce: + 60:79:6a:89:9b:6b:18:f5:89:31:01:96:92:b9:a0:71:b4:50: + 3a:8c:f4:46:3a:58:54:ff:a2:34:dc:ee:86:4e:5f:ac:f8:1a: + f9:c0:22:40:82:be:5f:98:d8:3d:52:3a:18:a2:4f:e2:30:76: + ba:fa:ee:5e:1f:26:80:72:b0:06:f0:21:b7:84:2a:5d:ea:21: + 9d:e0:0f:35:80:93:d8:9d:1f:9b:a7:3d:6f:e2:1c:29:38:12: + 9d:3c:cd:4b:4c:9f:fa:d5:62:2b:56:ac:2a:3a:f8:5f:cc:32: + 0f:02:7c:a8:df:c0:c9:d1:1e:4d:a7:dc:9f:cb:4e:93:34:f6: + 6e:50:3a:1d:b3:49:e9:50:a3:19:78:a0:8d:c3:2b:5a:78:1d: + 53:55:35:47 +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKCCM7gwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDALggl0MTcyLnRl +c3QwC4IJdDE3My50ZXN0MAuCCXQxNzQudGVzdDALggl0MTc1LnRlc3QwC4IJdDE3 +Ni50ZXN0MAuCCXQxNzcudGVzdDALggl0MTc4LnRlc3QwC4IJdDE3OS50ZXN0MAuC +CXQxODAudGVzdDALggl0MTgxLnRlc3QwC4IJdDE4Mi50ZXN0MAuCCXQxODMudGVz +dDALggl0MTg0LnRlc3QwC4IJdDE4NS50ZXN0MAuCCXQxODYudGVzdDALggl0MTg3 +LnRlc3QwC4IJdDE4OC50ZXN0MAuCCXQxODkudGVzdDALggl0MTkwLnRlc3QwC4IJ +dDE5MS50ZXN0MAuCCXQxOTIudGVzdDALggl0MTkzLnRlc3QwC4IJdDE5NC50ZXN0 +MAuCCXQxOTUudGVzdDALggl0MTk2LnRlc3QwC4IJdDE5Ny50ZXN0MAuCCXQxOTgu +dGVzdDALggl0MTk5LnRlc3QwC4IJdDIwMC50ZXN0MAuCCXQyMDEudGVzdDALggl0 +MjAyLnRlc3QwC4IJdDIwMy50ZXN0MAuCCXQyMDQudGVzdDALggl0MjA1LnRlc3Qw +C4IJdDIwNi50ZXN0MAuCCXQyMDcudGVzdDALggl0MjA4LnRlc3QwC4IJdDIwOS50 +ZXN0MAuCCXQyMTAudGVzdDALggl0MjExLnRlc3QwC4IJdDIxMi50ZXN0MAuCCXQy +MTMudGVzdDALggl0MjE0LnRlc3QwC4IJdDIxNS50ZXN0MAuCCXQyMTYudGVzdDAL +ggl0MjE3LnRlc3QwC4IJdDIxOC50ZXN0MAuCCXQyMTkudGVzdDALggl0MjIwLnRl +c3QwC4IJdDIyMS50ZXN0MAuCCXQyMjIudGVzdDALggl0MjIzLnRlc3QwC4IJdDIy +NC50ZXN0MAuCCXQyMjUudGVzdDALggl0MjI2LnRlc3QwC4IJdDIyNy50ZXN0MAuC +CXQyMjgudGVzdDALggl0MjI5LnRlc3QwC4IJdDIzMC50ZXN0MAuCCXQyMzEudGVz +dDALggl0MjMyLnRlc3QwC4IJdDIzMy50ZXN0MAuCCXQyMzQudGVzdDALggl0MjM1 +LnRlc3QwC4IJdDIzNi50ZXN0MAuCCXQyMzcudGVzdDALggl0MjM4LnRlc3QwC4IJ +dDIzOS50ZXN0MAuCCXQyNDAudGVzdDALggl0MjQxLnRlc3QwC4IJdDI0Mi50ZXN0 +MAuCCXQyNDMudGVzdDALggl0MjQ0LnRlc3QwC4IJdDI0NS50ZXN0MAuCCXQyNDYu +dGVzdDALggl0MjQ3LnRlc3QwC4IJdDI0OC50ZXN0MAuCCXQyNDkudGVzdDALggl0 +MjUwLnRlc3QwC4IJdDI1MS50ZXN0MAuCCXQyNTIudGVzdDALggl0MjUzLnRlc3Qw +C4IJdDI1NC50ZXN0MAuCCXQyNTUudGVzdDALggl0MjU2LnRlc3QwC4IJdDI1Ny50 +ZXN0MAuCCXQyNTgudGVzdDALggl0MjU5LnRlc3QwC4IJdDI2MC50ZXN0MAuCCXQy +NjEudGVzdDALggl0MjYyLnRlc3QwC4IJdDI2My50ZXN0MAuCCXQyNjQudGVzdDAL +ggl0MjY1LnRlc3QwC4IJdDI2Ni50ZXN0MAuCCXQyNjcudGVzdDALggl0MjY4LnRl +c3QwC4IJdDI2OS50ZXN0MAuCCXQyNzAudGVzdDALggl0MjcxLnRlc3QwC4IJdDI3 +Mi50ZXN0MAuCCXQyNzMudGVzdDALggl0Mjc0LnRlc3QwC4IJdDI3NS50ZXN0MAuC +CXQyNzYudGVzdDALggl0Mjc3LnRlc3QwC4IJdDI3OC50ZXN0MAuCCXQyNzkudGVz +dDALggl0MjgwLnRlc3QwC4IJdDI4MS50ZXN0MAuCCXQyODIudGVzdDALggl0Mjgz +LnRlc3QwC4IJdDI4NC50ZXN0MAuCCXQyODUudGVzdDALggl0Mjg2LnRlc3QwC4IJ +dDI4Ny50ZXN0MAuCCXQyODgudGVzdDALggl0Mjg5LnRlc3QwC4IJdDI5MC50ZXN0 +MAuCCXQyOTEudGVzdDALggl0MjkyLnRlc3QwC4IJdDI5My50ZXN0MAuCCXQyOTQu +dGVzdDALggl0Mjk1LnRlc3QwC4IJdDI5Ni50ZXN0MAuCCXQyOTcudGVzdDALggl0 +Mjk4LnRlc3QwC4IJdDI5OS50ZXN0MAuCCXQzMDAudGVzdDALggl0MzAxLnRlc3Qw +C4IJdDMwMi50ZXN0MAuCCXQzMDMudGVzdDALggl0MzA0LnRlc3QwC4IJdDMwNS50 +ZXN0MAuCCXQzMDYudGVzdDALggl0MzA3LnRlc3QwC4IJdDMwOC50ZXN0MAuCCXQz +MDkudGVzdDALggl0MzEwLnRlc3QwC4IJdDMxMS50ZXN0MAuCCXQzMTIudGVzdDAL +ggl0MzEzLnRlc3QwC4IJdDMxNC50ZXN0MAuCCXQzMTUudGVzdDALggl0MzE2LnRl +c3QwC4IJdDMxNy50ZXN0MAuCCXQzMTgudGVzdDALggl0MzE5LnRlc3QwC4IJdDMy +MC50ZXN0MAuCCXQzMjEudGVzdDALggl0MzIyLnRlc3QwC4IJdDMyMy50ZXN0MAuC +CXQzMjQudGVzdDALggl0MzI1LnRlc3QwC4IJdDMyNi50ZXN0MAuCCXQzMjcudGVz +dDALggl0MzI4LnRlc3QwC4IJdDMyOS50ZXN0MAuCCXQzMzAudGVzdDALggl0MzMx +LnRlc3QwC4IJdDMzMi50ZXN0MAuCCXQzMzMudGVzdDALggl0MzM0LnRlc3QwC4IJ +dDMzNS50ZXN0MAuCCXQzMzYudGVzdDALggl0MzM3LnRlc3QwC4IJdDMzOC50ZXN0 +MAuCCXQzMzkudGVzdDALggl0MzQwLnRlc3QwC4IJdDM0MS50ZXN0MAuCCXQzNDIu +dGVzdDALggl0MzQzLnRlc3QwC4IJdDM0NC50ZXN0MAuCCXQzNDUudGVzdDALggl0 +MzQ2LnRlc3QwC4IJdDM0Ny50ZXN0MAuCCXQzNDgudGVzdDALggl0MzQ5LnRlc3Qw +C4IJdDM1MC50ZXN0MAuCCXQzNTEudGVzdDALggl0MzUyLnRlc3QwC4IJdDM1My50 +ZXN0MAuCCXQzNTQudGVzdDALggl0MzU1LnRlc3QwC4IJdDM1Ni50ZXN0MAuCCXQz +NTcudGVzdDALggl0MzU4LnRlc3QwC4IJdDM1OS50ZXN0MAuCCXQzNjAudGVzdDAL +ggl0MzYxLnRlc3QwC4IJdDM2Mi50ZXN0MAuCCXQzNjMudGVzdDALggl0MzY0LnRl +c3QwC4IJdDM2NS50ZXN0MAuCCXQzNjYudGVzdDALggl0MzY3LnRlc3QwC4IJdDM2 +OC50ZXN0MAuCCXQzNjkudGVzdDALggl0MzcwLnRlc3QwC4IJdDM3MS50ZXN0MAuC +CXQzNzIudGVzdDALggl0MzczLnRlc3QwC4IJdDM3NC50ZXN0MAuCCXQzNzUudGVz +dDALggl0Mzc2LnRlc3QwC4IJdDM3Ny50ZXN0MAuCCXQzNzgudGVzdDALggl0Mzc5 +LnRlc3QwC4IJdDM4MC50ZXN0MAuCCXQzODEudGVzdDALggl0MzgyLnRlc3QwC4IJ +dDM4My50ZXN0MAuCCXQzODQudGVzdDALggl0Mzg1LnRlc3QwC4IJdDM4Ni50ZXN0 +MAuCCXQzODcudGVzdDALggl0Mzg4LnRlc3QwC4IJdDM4OS50ZXN0MAuCCXQzOTAu +dGVzdDALggl0MzkxLnRlc3QwC4IJdDM5Mi50ZXN0MAuCCXQzOTMudGVzdDALggl0 +Mzk0LnRlc3QwC4IJdDM5NS50ZXN0MAuCCXQzOTYudGVzdDALggl0Mzk3LnRlc3Qw +C4IJdDM5OC50ZXN0MAuCCXQzOTkudGVzdDALggl0NDAwLnRlc3QwC4IJdDQwMS50 +ZXN0MAuCCXQ0MDIudGVzdDALggl0NDAzLnRlc3QwC4IJdDQwNC50ZXN0MAuCCXQ0 +MDUudGVzdDALggl0NDA2LnRlc3QwC4IJdDQwNy50ZXN0MAuCCXQ0MDgudGVzdDAL +ggl0NDA5LnRlc3QwC4IJdDQxMC50ZXN0MAuCCXQ0MTEudGVzdDALggl0NDEyLnRl +c3QwC4IJdDQxMy50ZXN0MAuCCXQ0MTQudGVzdDALggl0NDE1LnRlc3QwC4IJdDQx +Ni50ZXN0MAuCCXQ0MTcudGVzdDALggl0NDE4LnRlc3QwC4IJdDQxOS50ZXN0MAuC +CXQ0MjAudGVzdDALggl0NDIxLnRlc3QwC4IJdDQyMi50ZXN0MAuCCXQ0MjMudGVz +dDALggl0NDI0LnRlc3QwC4IJdDQyNS50ZXN0MAuCCXQ0MjYudGVzdDALggl0NDI3 +LnRlc3QwC4IJdDQyOC50ZXN0MAuCCXQ0MjkudGVzdDALggl0NDMwLnRlc3QwC4IJ +dDQzMS50ZXN0MAuCCXQ0MzIudGVzdDALggl0NDMzLnRlc3QwC4IJdDQzNC50ZXN0 +MAuCCXQ0MzUudGVzdDALggl0NDM2LnRlc3QwC4IJdDQzNy50ZXN0MAuCCXQ0Mzgu +dGVzdDALggl0NDM5LnRlc3QwC4IJdDQ0MC50ZXN0MAuCCXQ0NDEudGVzdDALggl0 +NDQyLnRlc3QwC4IJdDQ0My50ZXN0MAuCCXQ0NDQudGVzdDALggl0NDQ1LnRlc3Qw +C4IJdDQ0Ni50ZXN0MAuCCXQ0NDcudGVzdDALggl0NDQ4LnRlc3QwC4IJdDQ0OS50 +ZXN0MAuCCXQ0NTAudGVzdDALggl0NDUxLnRlc3QwC4IJdDQ1Mi50ZXN0MAuCCXQ0 +NTMudGVzdDALggl0NDU0LnRlc3QwC4IJdDQ1NS50ZXN0MAuCCXQ0NTYudGVzdDAL +ggl0NDU3LnRlc3QwC4IJdDQ1OC50ZXN0MAuCCXQ0NTkudGVzdDALggl0NDYwLnRl +c3QwC4IJdDQ2MS50ZXN0MAuCCXQ0NjIudGVzdDALggl0NDYzLnRlc3QwC4IJdDQ2 +NC50ZXN0MAuCCXQ0NjUudGVzdDALggl0NDY2LnRlc3QwC4IJdDQ2Ny50ZXN0MAuC +CXQ0NjgudGVzdDALggl0NDY5LnRlc3QwC4IJdDQ3MC50ZXN0MAuCCXQ0NzEudGVz +dDALggl0NDcyLnRlc3QwC4IJdDQ3My50ZXN0MAuCCXQ0NzQudGVzdDALggl0NDc1 +LnRlc3QwC4IJdDQ3Ni50ZXN0MAuCCXQ0NzcudGVzdDALggl0NDc4LnRlc3QwC4IJ +dDQ3OS50ZXN0MAuCCXQ0ODAudGVzdDALggl0NDgxLnRlc3QwC4IJdDQ4Mi50ZXN0 +MAuCCXQ0ODMudGVzdDALggl0NDg0LnRlc3QwC4IJdDQ4NS50ZXN0MAuCCXQ0ODYu +dGVzdDALggl0NDg3LnRlc3QwC4IJdDQ4OC50ZXN0MAuCCXQ0ODkudGVzdDALggl0 +NDkwLnRlc3QwC4IJdDQ5MS50ZXN0MAuCCXQ0OTIudGVzdDALggl0NDkzLnRlc3Qw +C4IJdDQ5NC50ZXN0MAuCCXQ0OTUudGVzdDALggl0NDk2LnRlc3QwC4IJdDQ5Ny50 +ZXN0MAuCCXQ0OTgudGVzdDALggl0NDk5LnRlc3QwC4IJdDUwMC50ZXN0MAuCCXQ1 +MDEudGVzdDALggl0NTAyLnRlc3QwC4IJdDUwMy50ZXN0MAuCCXQ1MDQudGVzdDAL +ggl0NTA1LnRlc3QwC4IJdDUwNi50ZXN0MAuCCXQ1MDcudGVzdDALggl0NTA4LnRl +c3QwC4IJdDUwOS50ZXN0MAuCCXQ1MTAudGVzdDALggl0NTExLnRlc3QwC4IJdDUx +Mi50ZXN0MAuCCXQ1MTMudGVzdDALggl0NTE0LnRlc3QwC4IJdDUxNS50ZXN0MAuC +CXQ1MTYudGVzdDALggl0NTE3LnRlc3QwC4IJdDUxOC50ZXN0MAuCCXQ1MTkudGVz +dDALggl0NTIwLnRlc3QwC4IJdDUyMS50ZXN0MAuCCXQ1MjIudGVzdDALggl0NTIz +LnRlc3QwC4IJdDUyNC50ZXN0MAuCCXQ1MjUudGVzdDALggl0NTI2LnRlc3QwC4IJ +dDUyNy50ZXN0MAuCCXQ1MjgudGVzdDALggl0NTI5LnRlc3QwC4IJdDUzMC50ZXN0 +MAuCCXQ1MzEudGVzdDALggl0NTMyLnRlc3QwC4IJdDUzMy50ZXN0MAuCCXQ1MzQu +dGVzdDALggl0NTM1LnRlc3QwC4IJdDUzNi50ZXN0MAuCCXQ1MzcudGVzdDALggl0 +NTM4LnRlc3QwC4IJdDUzOS50ZXN0MAuCCXQ1NDAudGVzdDALggl0NTQxLnRlc3Qw +C4IJdDU0Mi50ZXN0MAuCCXQ1NDMudGVzdDALggl0NTQ0LnRlc3QwC4IJdDU0NS50 +ZXN0MAuCCXQ1NDYudGVzdDALggl0NTQ3LnRlc3QwC4IJdDU0OC50ZXN0MAuCCXQ1 +NDkudGVzdDALggl0NTUwLnRlc3QwC4IJdDU1MS50ZXN0MAuCCXQ1NTIudGVzdDAL +ggl0NTUzLnRlc3QwC4IJdDU1NC50ZXN0MAuCCXQ1NTUudGVzdDALggl0NTU2LnRl +c3QwC4IJdDU1Ny50ZXN0MAuCCXQ1NTgudGVzdDALggl0NTU5LnRlc3QwC4IJdDU2 +MC50ZXN0MAuCCXQ1NjEudGVzdDALggl0NTYyLnRlc3QwC4IJdDU2My50ZXN0MAuC +CXQ1NjQudGVzdDALggl0NTY1LnRlc3QwC4IJdDU2Ni50ZXN0MAuCCXQ1NjcudGVz +dDALggl0NTY4LnRlc3QwC4IJdDU2OS50ZXN0MAuCCXQ1NzAudGVzdDALggl0NTcx +LnRlc3QwC4IJdDU3Mi50ZXN0MAuCCXQ1NzMudGVzdDALggl0NTc0LnRlc3QwC4IJ +dDU3NS50ZXN0MAuCCXQ1NzYudGVzdDALggl0NTc3LnRlc3QwC4IJdDU3OC50ZXN0 +MAuCCXQ1NzkudGVzdDALggl0NTgwLnRlc3QwC4IJdDU4MS50ZXN0MAuCCXQ1ODIu +dGVzdDALggl0NTgzLnRlc3QwC4IJdDU4NC50ZXN0MAuCCXQ1ODUudGVzdDALggl0 +NTg2LnRlc3QwC4IJdDU4Ny50ZXN0MAuCCXQ1ODgudGVzdDALggl0NTg5LnRlc3Qw +C4IJdDU5MC50ZXN0MAuCCXQ1OTEudGVzdDALggl0NTkyLnRlc3QwC4IJdDU5My50 +ZXN0MAuCCXQ1OTQudGVzdDALggl0NTk1LnRlc3QwC4IJdDU5Ni50ZXN0MAuCCXQ1 +OTcudGVzdDALggl0NTk4LnRlc3QwC4IJdDU5OS50ZXN0MAuCCXQ2MDAudGVzdDAL +ggl0NjAxLnRlc3QwC4IJdDYwMi50ZXN0MAuCCXQ2MDMudGVzdDALggl0NjA0LnRl +c3QwC4IJdDYwNS50ZXN0MAuCCXQ2MDYudGVzdDALggl0NjA3LnRlc3QwC4IJdDYw +OC50ZXN0MAuCCXQ2MDkudGVzdDALggl0NjEwLnRlc3QwC4IJdDYxMS50ZXN0MAuC +CXQ2MTIudGVzdDALggl0NjEzLnRlc3QwC4IJdDYxNC50ZXN0MAuCCXQ2MTUudGVz +dDALggl0NjE2LnRlc3QwC4IJdDYxNy50ZXN0MAuCCXQ2MTgudGVzdDALggl0NjE5 +LnRlc3QwC4IJdDYyMC50ZXN0MAuCCXQ2MjEudGVzdDALggl0NjIyLnRlc3QwC4IJ +dDYyMy50ZXN0MAuCCXQ2MjQudGVzdDALggl0NjI1LnRlc3QwC4IJdDYyNi50ZXN0 +MAuCCXQ2MjcudGVzdDALggl0NjI4LnRlc3QwC4IJdDYyOS50ZXN0MAuCCXQ2MzAu +dGVzdDALggl0NjMxLnRlc3QwC4IJdDYzMi50ZXN0MAuCCXQ2MzMudGVzdDALggl0 +NjM0LnRlc3QwC4IJdDYzNS50ZXN0MAuCCXQ2MzYudGVzdDALggl0NjM3LnRlc3Qw +C4IJdDYzOC50ZXN0MAuCCXQ2MzkudGVzdDALggl0NjQwLnRlc3QwC4IJdDY0MS50 +ZXN0MAuCCXQ2NDIudGVzdDALggl0NjQzLnRlc3QwC4IJdDY0NC50ZXN0MAuCCXQ2 +NDUudGVzdDALggl0NjQ2LnRlc3QwC4IJdDY0Ny50ZXN0MAuCCXQ2NDgudGVzdDAL +ggl0NjQ5LnRlc3QwC4IJdDY1MC50ZXN0MAuCCXQ2NTEudGVzdDALggl0NjUyLnRl +c3QwC4IJdDY1My50ZXN0MAuCCXQ2NTQudGVzdDALggl0NjU1LnRlc3QwC4IJdDY1 +Ni50ZXN0MAuCCXQ2NTcudGVzdDALggl0NjU4LnRlc3QwC4IJdDY1OS50ZXN0MAuC +CXQ2NjAudGVzdDALggl0NjYxLnRlc3QwC4IJdDY2Mi50ZXN0MAuCCXQ2NjMudGVz +dDALggl0NjY0LnRlc3QwC4IJdDY2NS50ZXN0MAuCCXQ2NjYudGVzdDALggl0NjY3 +LnRlc3QwC4IJdDY2OC50ZXN0MAuCCXQ2NjkudGVzdDALggl0NjcwLnRlc3QwC4IJ +dDY3MS50ZXN0MAuCCXQ2NzIudGVzdDALggl0NjczLnRlc3QwC4IJdDY3NC50ZXN0 +MAuCCXQ2NzUudGVzdDALggl0Njc2LnRlc3QwC4IJdDY3Ny50ZXN0MAuCCXQ2Nzgu +dGVzdDALggl0Njc5LnRlc3QwC4IJdDY4MC50ZXN0MAuCCXQ2ODEudGVzdDALggl0 +NjgyLnRlc3QwC4IJdDY4My50ZXN0MAuCCXQ2ODQudGVzdDALggl0Njg1LnRlc3Qw +C4IJdDY4Ni50ZXN0MAuCCXQ2ODcudGVzdDALggl0Njg4LnRlc3QwC4IJdDY4OS50 +ZXN0MAuCCXQ2OTAudGVzdDALggl0NjkxLnRlc3QwC4IJdDY5Mi50ZXN0MAuCCXQ2 +OTMudGVzdDALggl0Njk0LnRlc3QwC4IJdDY5NS50ZXN0MAuCCXQ2OTYudGVzdDAL +ggl0Njk3LnRlc3QwC4IJdDY5OC50ZXN0MAuCCXQ2OTkudGVzdDALggl0NzAwLnRl +c3QwC4IJdDcwMS50ZXN0MAuCCXQ3MDIudGVzdDALggl0NzAzLnRlc3QwC4IJdDcw +NC50ZXN0MAuCCXQ3MDUudGVzdDALggl0NzA2LnRlc3QwC4IJdDcwNy50ZXN0MAuC +CXQ3MDgudGVzdDALggl0NzA5LnRlc3QwC4IJdDcxMC50ZXN0MAuCCXQ3MTEudGVz +dDALggl0NzEyLnRlc3QwC4IJdDcxMy50ZXN0MAuCCXQ3MTQudGVzdDALggl0NzE1 +LnRlc3QwC4IJdDcxNi50ZXN0MAuCCXQ3MTcudGVzdDALggl0NzE4LnRlc3QwC4IJ +dDcxOS50ZXN0MAuCCXQ3MjAudGVzdDALggl0NzIxLnRlc3QwC4IJdDcyMi50ZXN0 +MAuCCXQ3MjMudGVzdDALggl0NzI0LnRlc3QwC4IJdDcyNS50ZXN0MAuCCXQ3MjYu +dGVzdDALggl0NzI3LnRlc3QwC4IJdDcyOC50ZXN0MAuCCXQ3MjkudGVzdDALggl0 +NzMwLnRlc3QwC4IJdDczMS50ZXN0MAuCCXQ3MzIudGVzdDALggl0NzMzLnRlc3Qw +C4IJdDczNC50ZXN0MAuCCXQ3MzUudGVzdDALggl0NzM2LnRlc3QwC4IJdDczNy50 +ZXN0MAuCCXQ3MzgudGVzdDALggl0NzM5LnRlc3QwC4IJdDc0MC50ZXN0MAuCCXQ3 +NDEudGVzdDALggl0NzQyLnRlc3QwC4IJdDc0My50ZXN0MAuCCXQ3NDQudGVzdDAL +ggl0NzQ1LnRlc3QwC4IJdDc0Ni50ZXN0MAuCCXQ3NDcudGVzdDALggl0NzQ4LnRl +c3QwC4IJdDc0OS50ZXN0MAuCCXQ3NTAudGVzdDALggl0NzUxLnRlc3QwC4IJdDc1 +Mi50ZXN0MAuCCXQ3NTMudGVzdDALggl0NzU0LnRlc3QwC4IJdDc1NS50ZXN0MAuC +CXQ3NTYudGVzdDALggl0NzU3LnRlc3QwC4IJdDc1OC50ZXN0MAuCCXQ3NTkudGVz +dDALggl0NzYwLnRlc3QwC4IJdDc2MS50ZXN0MAuCCXQ3NjIudGVzdDALggl0NzYz +LnRlc3QwC4IJdDc2NC50ZXN0MAuCCXQ3NjUudGVzdDALggl0NzY2LnRlc3QwC4IJ +dDc2Ny50ZXN0MAuCCXQ3NjgudGVzdDALggl0NzY5LnRlc3QwC4IJdDc3MC50ZXN0 +MAuCCXQ3NzEudGVzdDALggl0NzcyLnRlc3QwC4IJdDc3My50ZXN0MAuCCXQ3NzQu +dGVzdDALggl0Nzc1LnRlc3QwC4IJdDc3Ni50ZXN0MAuCCXQ3NzcudGVzdDALggl0 +Nzc4LnRlc3QwC4IJdDc3OS50ZXN0MAuCCXQ3ODAudGVzdDALggl0NzgxLnRlc3Qw +C4IJdDc4Mi50ZXN0MAuCCXQ3ODMudGVzdDALggl0Nzg0LnRlc3QwC4IJdDc4NS50 +ZXN0MAuCCXQ3ODYudGVzdDALggl0Nzg3LnRlc3QwC4IJdDc4OC50ZXN0MAuCCXQ3 +ODkudGVzdDALggl0NzkwLnRlc3QwC4IJdDc5MS50ZXN0MAuCCXQ3OTIudGVzdDAL +ggl0NzkzLnRlc3QwC4IJdDc5NC50ZXN0MAuCCXQ3OTUudGVzdDALggl0Nzk2LnRl +c3QwC4IJdDc5Ny50ZXN0MAuCCXQ3OTgudGVzdDALggl0Nzk5LnRlc3QwC4IJdDgw +MC50ZXN0MAuCCXQ4MDEudGVzdDALggl0ODAyLnRlc3QwC4IJdDgwMy50ZXN0MAuC +CXQ4MDQudGVzdDALggl0ODA1LnRlc3QwC4IJdDgwNi50ZXN0MAuCCXQ4MDcudGVz +dDALggl0ODA4LnRlc3QwC4IJdDgwOS50ZXN0MAuCCXQ4MTAudGVzdDALggl0ODEx +LnRlc3QwC4IJdDgxMi50ZXN0MAuCCXQ4MTMudGVzdDALggl0ODE0LnRlc3QwC4IJ +dDgxNS50ZXN0MAuCCXQ4MTYudGVzdDALggl0ODE3LnRlc3QwC4IJdDgxOC50ZXN0 +MAuCCXQ4MTkudGVzdDALggl0ODIwLnRlc3QwC4IJdDgyMS50ZXN0MAuCCXQ4MjIu +dGVzdDALggl0ODIzLnRlc3QwC4IJdDgyNC50ZXN0MAuCCXQ4MjUudGVzdDALggl0 +ODI2LnRlc3QwC4IJdDgyNy50ZXN0MAuCCXQ4MjgudGVzdDALggl0ODI5LnRlc3Qw +C4IJdDgzMC50ZXN0MAuCCXQ4MzEudGVzdDALggl0ODMyLnRlc3QwC4IJdDgzMy50 +ZXN0MAuCCXQ4MzQudGVzdDALggl0ODM1LnRlc3QwC4IJdDgzNi50ZXN0MAuCCXQ4 +MzcudGVzdDALggl0ODM4LnRlc3QwC4IJdDgzOS50ZXN0MAuCCXQ4NDAudGVzdDAL +ggl0ODQxLnRlc3QwC4IJdDg0Mi50ZXN0MAuCCXQ4NDMudGVzdDALggl0ODQ0LnRl +c3QwC4IJdDg0NS50ZXN0MAuCCXQ4NDYudGVzdDALggl0ODQ3LnRlc3QwC4IJdDg0 +OC50ZXN0MAuCCXQ4NDkudGVzdDALggl0ODUwLnRlc3QwC4IJdDg1MS50ZXN0MAuC +CXQ4NTIudGVzdDALggl0ODUzLnRlc3QwC4IJdDg1NC50ZXN0MAuCCXQ4NTUudGVz +dDALggl0ODU2LnRlc3QwC4IJdDg1Ny50ZXN0MAuCCXQ4NTgudGVzdDALggl0ODU5 +LnRlc3QwC4IJdDg2MC50ZXN0MAuCCXQ4NjEudGVzdDALggl0ODYyLnRlc3QwC4IJ +dDg2My50ZXN0MAuCCXQ4NjQudGVzdDALggl0ODY1LnRlc3QwC4IJdDg2Ni50ZXN0 +MAuCCXQ4NjcudGVzdDALggl0ODY4LnRlc3QwC4IJdDg2OS50ZXN0MAuCCXQ4NzAu +dGVzdDALggl0ODcxLnRlc3QwC4IJdDg3Mi50ZXN0MAuCCXQ4NzMudGVzdDALggl0 +ODc0LnRlc3QwC4IJdDg3NS50ZXN0MAuCCXQ4NzYudGVzdDALggl0ODc3LnRlc3Qw +C4IJdDg3OC50ZXN0MAuCCXQ4NzkudGVzdDALggl0ODgwLnRlc3QwC4IJdDg4MS50 +ZXN0MAuCCXQ4ODIudGVzdDALggl0ODgzLnRlc3QwC4IJdDg4NC50ZXN0MAuCCXQ4 +ODUudGVzdDALggl0ODg2LnRlc3QwC4IJdDg4Ny50ZXN0MAuCCXQ4ODgudGVzdDAL +ggl0ODg5LnRlc3QwC4IJdDg5MC50ZXN0MAuCCXQ4OTEudGVzdDALggl0ODkyLnRl +c3QwC4IJdDg5My50ZXN0MAuCCXQ4OTQudGVzdDALggl0ODk1LnRlc3QwC4IJdDg5 +Ni50ZXN0MAuCCXQ4OTcudGVzdDALggl0ODk4LnRlc3QwC4IJdDg5OS50ZXN0MAuC +CXQ5MDAudGVzdDALggl0OTAxLnRlc3QwC4IJdDkwMi50ZXN0MAuCCXQ5MDMudGVz +dDALggl0OTA0LnRlc3QwC4IJdDkwNS50ZXN0MAuCCXQ5MDYudGVzdDALggl0OTA3 +LnRlc3QwC4IJdDkwOC50ZXN0MAuCCXQ5MDkudGVzdDALggl0OTEwLnRlc3QwC4IJ +dDkxMS50ZXN0MAuCCXQ5MTIudGVzdDALggl0OTEzLnRlc3QwC4IJdDkxNC50ZXN0 +MAuCCXQ5MTUudGVzdDALggl0OTE2LnRlc3QwC4IJdDkxNy50ZXN0MAuCCXQ5MTgu +dGVzdDALggl0OTE5LnRlc3QwC4IJdDkyMC50ZXN0MAuCCXQ5MjEudGVzdDALggl0 +OTIyLnRlc3QwC4IJdDkyMy50ZXN0MAuCCXQ5MjQudGVzdDALggl0OTI1LnRlc3Qw +C4IJdDkyNi50ZXN0MAuCCXQ5MjcudGVzdDALggl0OTI4LnRlc3QwC4IJdDkyOS50 +ZXN0MAuCCXQ5MzAudGVzdDALggl0OTMxLnRlc3QwC4IJdDkzMi50ZXN0MAuCCXQ5 +MzMudGVzdDALggl0OTM0LnRlc3QwC4IJdDkzNS50ZXN0MAuCCXQ5MzYudGVzdDAL +ggl0OTM3LnRlc3QwC4IJdDkzOC50ZXN0MAuCCXQ5MzkudGVzdDALggl0OTQwLnRl +c3QwC4IJdDk0MS50ZXN0MAuCCXQ5NDIudGVzdDALggl0OTQzLnRlc3QwC4IJdDk0 +NC50ZXN0MAuCCXQ5NDUudGVzdDALggl0OTQ2LnRlc3QwC4IJdDk0Ny50ZXN0MAuC +CXQ5NDgudGVzdDALggl0OTQ5LnRlc3QwC4IJdDk1MC50ZXN0MAuCCXQ5NTEudGVz +dDALggl0OTUyLnRlc3QwC4IJdDk1My50ZXN0MAuCCXQ5NTQudGVzdDALggl0OTU1 +LnRlc3QwC4IJdDk1Ni50ZXN0MAuCCXQ5NTcudGVzdDALggl0OTU4LnRlc3QwC4IJ +dDk1OS50ZXN0MAuCCXQ5NjAudGVzdDALggl0OTYxLnRlc3QwC4IJdDk2Mi50ZXN0 +MAuCCXQ5NjMudGVzdDALggl0OTY0LnRlc3QwC4IJdDk2NS50ZXN0MAuCCXQ5NjYu +dGVzdDALggl0OTY3LnRlc3QwC4IJdDk2OC50ZXN0MAuCCXQ5NjkudGVzdDALggl0 +OTcwLnRlc3QwC4IJdDk3MS50ZXN0MAuCCXQ5NzIudGVzdDALggl0OTczLnRlc3Qw +C4IJdDk3NC50ZXN0MAuCCXQ5NzUudGVzdDALggl0OTc2LnRlc3QwC4IJdDk3Ny50 +ZXN0MAuCCXQ5NzgudGVzdDALggl0OTc5LnRlc3QwC4IJdDk4MC50ZXN0MAuCCXQ5 +ODEudGVzdDALggl0OTgyLnRlc3QwC4IJdDk4My50ZXN0MAuCCXQ5ODQudGVzdDAL +ggl0OTg1LnRlc3QwC4IJdDk4Ni50ZXN0MAuCCXQ5ODcudGVzdDALggl0OTg4LnRl +c3QwC4IJdDk4OS50ZXN0MAuCCXQ5OTAudGVzdDALggl0OTkxLnRlc3QwC4IJdDk5 +Mi50ZXN0MAuCCXQ5OTMudGVzdDALggl0OTk0LnRlc3QwC4IJdDk5NS50ZXN0MAuC +CXQ5OTYudGVzdDALggl0OTk3LnRlc3QwC4IJdDk5OC50ZXN0MAuCCXQ5OTkudGVz +dDAMggp0MTAwMC50ZXN0MAyCCnQxMDAxLnRlc3QwDIIKdDEwMDIudGVzdDAMggp0 +MTAwMy50ZXN0MAyCCnQxMDA0LnRlc3QwDIIKdDEwMDUudGVzdDAMggp0MTAwNi50 +ZXN0MAyCCnQxMDA3LnRlc3QwDIIKdDEwMDgudGVzdDAMggp0MTAwOS50ZXN0MAyC +CnQxMDEwLnRlc3QwDIIKdDEwMTEudGVzdDAMggp0MTAxMi50ZXN0MAyCCnQxMDEz +LnRlc3QwDIIKdDEwMTQudGVzdDAMggp0MTAxNS50ZXN0MAyCCnQxMDE2LnRlc3Qw +DIIKdDEwMTcudGVzdDAMggp0MTAxOC50ZXN0MAyCCnQxMDE5LnRlc3QwDIIKdDEw +MjAudGVzdDAMggp0MTAyMS50ZXN0MAyCCnQxMDIyLnRlc3QwDIIKdDEwMjMudGVz +dDAMggp0MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQAvjJ8IQ/rhwhab5lq5 +jnvVSe/W3gIlm0bro9+ojQcQQOfe/iNqXp3rY3+hqY00uci9X9xM67OJcyP6kKOi +y/AfZ/Lo4eB04oYDliggS7n8uk+AJN4rwSebIeXZPitmdlBskKNaiT5RNAkcN85g +eWqJm2sY9YkxAZaSuaBxtFA6jPRGOlhU/6I03O6GTl+s+Br5wCJAgr5fmNg9UjoY +ok/iMHa6+u5eHyaAcrAG8CG3hCpd6iGd4A81gJPYnR+bpz1v4hwpOBKdPM1LTJ/6 +1WIrVqwqOvhfzDIPAnyo38DJ0R5Np9yfy06TNPZuUDods0npUKMZeKCNwytaeB1T +VTVH +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FC.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FC.pem new file mode 100644 index 0000000000..30ee03a71f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FC.pem @@ -0,0 +1,1374 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + IP:10.0.0.171/255.255.255.255 + IP:10.0.0.172/255.255.255.255 + IP:10.0.0.173/255.255.255.255 + IP:10.0.0.174/255.255.255.255 + IP:10.0.0.175/255.255.255.255 + IP:10.0.0.176/255.255.255.255 + IP:10.0.0.177/255.255.255.255 + IP:10.0.0.178/255.255.255.255 + IP:10.0.0.179/255.255.255.255 + IP:10.0.0.180/255.255.255.255 + IP:10.0.0.181/255.255.255.255 + IP:10.0.0.182/255.255.255.255 + IP:10.0.0.183/255.255.255.255 + IP:10.0.0.184/255.255.255.255 + IP:10.0.0.185/255.255.255.255 + IP:10.0.0.186/255.255.255.255 + IP:10.0.0.187/255.255.255.255 + IP:10.0.0.188/255.255.255.255 + IP:10.0.0.189/255.255.255.255 + IP:10.0.0.190/255.255.255.255 + IP:10.0.0.191/255.255.255.255 + IP:10.0.0.192/255.255.255.255 + IP:10.0.0.193/255.255.255.255 + IP:10.0.0.194/255.255.255.255 + IP:10.0.0.195/255.255.255.255 + IP:10.0.0.196/255.255.255.255 + IP:10.0.0.197/255.255.255.255 + IP:10.0.0.198/255.255.255.255 + IP:10.0.0.199/255.255.255.255 + IP:10.0.0.200/255.255.255.255 + IP:10.0.0.201/255.255.255.255 + IP:10.0.0.202/255.255.255.255 + IP:10.0.0.203/255.255.255.255 + IP:10.0.0.204/255.255.255.255 + IP:10.0.0.205/255.255.255.255 + IP:10.0.0.206/255.255.255.255 + IP:10.0.0.207/255.255.255.255 + IP:10.0.0.208/255.255.255.255 + IP:10.0.0.209/255.255.255.255 + IP:10.0.0.210/255.255.255.255 + IP:10.0.0.211/255.255.255.255 + IP:10.0.0.212/255.255.255.255 + IP:10.0.0.213/255.255.255.255 + IP:10.0.0.214/255.255.255.255 + IP:10.0.0.215/255.255.255.255 + IP:10.0.0.216/255.255.255.255 + IP:10.0.0.217/255.255.255.255 + IP:10.0.0.218/255.255.255.255 + IP:10.0.0.219/255.255.255.255 + IP:10.0.0.220/255.255.255.255 + IP:10.0.0.221/255.255.255.255 + IP:10.0.0.222/255.255.255.255 + IP:10.0.0.223/255.255.255.255 + IP:10.0.0.224/255.255.255.255 + IP:10.0.0.225/255.255.255.255 + IP:10.0.0.226/255.255.255.255 + IP:10.0.0.227/255.255.255.255 + IP:10.0.0.228/255.255.255.255 + IP:10.0.0.229/255.255.255.255 + IP:10.0.0.230/255.255.255.255 + IP:10.0.0.231/255.255.255.255 + IP:10.0.0.232/255.255.255.255 + IP:10.0.0.233/255.255.255.255 + IP:10.0.0.234/255.255.255.255 + IP:10.0.0.235/255.255.255.255 + IP:10.0.0.236/255.255.255.255 + IP:10.0.0.237/255.255.255.255 + IP:10.0.0.238/255.255.255.255 + IP:10.0.0.239/255.255.255.255 + IP:10.0.0.240/255.255.255.255 + IP:10.0.0.241/255.255.255.255 + IP:10.0.0.242/255.255.255.255 + IP:10.0.0.243/255.255.255.255 + IP:10.0.0.244/255.255.255.255 + IP:10.0.0.245/255.255.255.255 + IP:10.0.0.246/255.255.255.255 + IP:10.0.0.247/255.255.255.255 + IP:10.0.0.248/255.255.255.255 + IP:10.0.0.249/255.255.255.255 + IP:10.0.0.250/255.255.255.255 + IP:10.0.0.251/255.255.255.255 + IP:10.0.0.252/255.255.255.255 + IP:10.0.0.253/255.255.255.255 + IP:10.0.0.254/255.255.255.255 + IP:10.0.0.255/255.255.255.255 + IP:10.0.1.0/255.255.255.255 + IP:10.0.1.1/255.255.255.255 + IP:10.0.1.2/255.255.255.255 + IP:10.0.1.3/255.255.255.255 + IP:10.0.1.4/255.255.255.255 + IP:10.0.1.5/255.255.255.255 + IP:10.0.1.6/255.255.255.255 + IP:10.0.1.7/255.255.255.255 + IP:10.0.1.8/255.255.255.255 + IP:10.0.1.9/255.255.255.255 + IP:10.0.1.10/255.255.255.255 + IP:10.0.1.11/255.255.255.255 + IP:10.0.1.12/255.255.255.255 + IP:10.0.1.13/255.255.255.255 + IP:10.0.1.14/255.255.255.255 + IP:10.0.1.15/255.255.255.255 + IP:10.0.1.16/255.255.255.255 + IP:10.0.1.17/255.255.255.255 + IP:10.0.1.18/255.255.255.255 + IP:10.0.1.19/255.255.255.255 + IP:10.0.1.20/255.255.255.255 + IP:10.0.1.21/255.255.255.255 + IP:10.0.1.22/255.255.255.255 + IP:10.0.1.23/255.255.255.255 + IP:10.0.1.24/255.255.255.255 + IP:10.0.1.25/255.255.255.255 + IP:10.0.1.26/255.255.255.255 + IP:10.0.1.27/255.255.255.255 + IP:10.0.1.28/255.255.255.255 + IP:10.0.1.29/255.255.255.255 + IP:10.0.1.30/255.255.255.255 + IP:10.0.1.31/255.255.255.255 + IP:10.0.1.32/255.255.255.255 + IP:10.0.1.33/255.255.255.255 + IP:10.0.1.34/255.255.255.255 + IP:10.0.1.35/255.255.255.255 + IP:10.0.1.36/255.255.255.255 + IP:10.0.1.37/255.255.255.255 + IP:10.0.1.38/255.255.255.255 + IP:10.0.1.39/255.255.255.255 + IP:10.0.1.40/255.255.255.255 + IP:10.0.1.41/255.255.255.255 + IP:10.0.1.42/255.255.255.255 + IP:10.0.1.43/255.255.255.255 + IP:10.0.1.44/255.255.255.255 + IP:10.0.1.45/255.255.255.255 + IP:10.0.1.46/255.255.255.255 + IP:10.0.1.47/255.255.255.255 + IP:10.0.1.48/255.255.255.255 + IP:10.0.1.49/255.255.255.255 + IP:10.0.1.50/255.255.255.255 + IP:10.0.1.51/255.255.255.255 + IP:10.0.1.52/255.255.255.255 + IP:10.0.1.53/255.255.255.255 + IP:10.0.1.54/255.255.255.255 + IP:10.0.1.55/255.255.255.255 + IP:10.0.1.56/255.255.255.255 + IP:10.0.1.57/255.255.255.255 + IP:10.0.1.58/255.255.255.255 + IP:10.0.1.59/255.255.255.255 + IP:10.0.1.60/255.255.255.255 + IP:10.0.1.61/255.255.255.255 + IP:10.0.1.62/255.255.255.255 + IP:10.0.1.63/255.255.255.255 + IP:10.0.1.64/255.255.255.255 + IP:10.0.1.65/255.255.255.255 + IP:10.0.1.66/255.255.255.255 + IP:10.0.1.67/255.255.255.255 + IP:10.0.1.68/255.255.255.255 + IP:10.0.1.69/255.255.255.255 + IP:10.0.1.70/255.255.255.255 + IP:10.0.1.71/255.255.255.255 + IP:10.0.1.72/255.255.255.255 + IP:10.0.1.73/255.255.255.255 + IP:10.0.1.74/255.255.255.255 + IP:10.0.1.75/255.255.255.255 + IP:10.0.1.76/255.255.255.255 + IP:10.0.1.77/255.255.255.255 + IP:10.0.1.78/255.255.255.255 + IP:10.0.1.79/255.255.255.255 + IP:10.0.1.80/255.255.255.255 + IP:10.0.1.81/255.255.255.255 + IP:10.0.1.82/255.255.255.255 + IP:10.0.1.83/255.255.255.255 + IP:10.0.1.84/255.255.255.255 + IP:10.0.1.85/255.255.255.255 + IP:10.0.1.86/255.255.255.255 + IP:10.0.1.87/255.255.255.255 + IP:10.0.1.88/255.255.255.255 + IP:10.0.1.89/255.255.255.255 + IP:10.0.1.90/255.255.255.255 + IP:10.0.1.91/255.255.255.255 + IP:10.0.1.92/255.255.255.255 + IP:10.0.1.93/255.255.255.255 + IP:10.0.1.94/255.255.255.255 + IP:10.0.1.95/255.255.255.255 + IP:10.0.1.96/255.255.255.255 + IP:10.0.1.97/255.255.255.255 + IP:10.0.1.98/255.255.255.255 + IP:10.0.1.99/255.255.255.255 + IP:10.0.1.100/255.255.255.255 + IP:10.0.1.101/255.255.255.255 + IP:10.0.1.102/255.255.255.255 + IP:10.0.1.103/255.255.255.255 + IP:10.0.1.104/255.255.255.255 + IP:10.0.1.105/255.255.255.255 + IP:10.0.1.106/255.255.255.255 + IP:10.0.1.107/255.255.255.255 + IP:10.0.1.108/255.255.255.255 + IP:10.0.1.109/255.255.255.255 + IP:10.0.1.110/255.255.255.255 + IP:10.0.1.111/255.255.255.255 + IP:10.0.1.112/255.255.255.255 + IP:10.0.1.113/255.255.255.255 + IP:10.0.1.114/255.255.255.255 + IP:10.0.1.115/255.255.255.255 + IP:10.0.1.116/255.255.255.255 + IP:10.0.1.117/255.255.255.255 + IP:10.0.1.118/255.255.255.255 + IP:10.0.1.119/255.255.255.255 + IP:10.0.1.120/255.255.255.255 + IP:10.0.1.121/255.255.255.255 + IP:10.0.1.122/255.255.255.255 + IP:10.0.1.123/255.255.255.255 + IP:10.0.1.124/255.255.255.255 + IP:10.0.1.125/255.255.255.255 + IP:10.0.1.126/255.255.255.255 + IP:10.0.1.127/255.255.255.255 + IP:10.0.1.128/255.255.255.255 + IP:10.0.1.129/255.255.255.255 + IP:10.0.1.130/255.255.255.255 + IP:10.0.1.131/255.255.255.255 + IP:10.0.1.132/255.255.255.255 + IP:10.0.1.133/255.255.255.255 + IP:10.0.1.134/255.255.255.255 + IP:10.0.1.135/255.255.255.255 + IP:10.0.1.136/255.255.255.255 + IP:10.0.1.137/255.255.255.255 + IP:10.0.1.138/255.255.255.255 + IP:10.0.1.139/255.255.255.255 + IP:10.0.1.140/255.255.255.255 + IP:10.0.1.141/255.255.255.255 + IP:10.0.1.142/255.255.255.255 + IP:10.0.1.143/255.255.255.255 + IP:10.0.1.144/255.255.255.255 + IP:10.0.1.145/255.255.255.255 + IP:10.0.1.146/255.255.255.255 + IP:10.0.1.147/255.255.255.255 + IP:10.0.1.148/255.255.255.255 + IP:10.0.1.149/255.255.255.255 + IP:10.0.1.150/255.255.255.255 + IP:10.0.1.151/255.255.255.255 + IP:10.0.1.152/255.255.255.255 + IP:10.0.1.153/255.255.255.255 + IP:10.0.1.154/255.255.255.255 + IP:10.0.1.155/255.255.255.255 + IP:10.0.1.156/255.255.255.255 + IP:10.0.1.157/255.255.255.255 + IP:10.0.1.158/255.255.255.255 + IP:10.0.1.159/255.255.255.255 + IP:10.0.1.160/255.255.255.255 + IP:10.0.1.161/255.255.255.255 + IP:10.0.1.162/255.255.255.255 + IP:10.0.1.163/255.255.255.255 + IP:10.0.1.164/255.255.255.255 + IP:10.0.1.165/255.255.255.255 + IP:10.0.1.166/255.255.255.255 + IP:10.0.1.167/255.255.255.255 + IP:10.0.1.168/255.255.255.255 + IP:10.0.1.169/255.255.255.255 + IP:10.0.1.170/255.255.255.255 + IP:10.0.1.171/255.255.255.255 + IP:10.0.1.172/255.255.255.255 + IP:10.0.1.173/255.255.255.255 + IP:10.0.1.174/255.255.255.255 + IP:10.0.1.175/255.255.255.255 + IP:10.0.1.176/255.255.255.255 + IP:10.0.1.177/255.255.255.255 + IP:10.0.1.178/255.255.255.255 + IP:10.0.1.179/255.255.255.255 + IP:10.0.1.180/255.255.255.255 + IP:10.0.1.181/255.255.255.255 + IP:10.0.1.182/255.255.255.255 + IP:10.0.1.183/255.255.255.255 + IP:10.0.1.184/255.255.255.255 + IP:10.0.1.185/255.255.255.255 + IP:10.0.1.186/255.255.255.255 + IP:10.0.1.187/255.255.255.255 + IP:10.0.1.188/255.255.255.255 + IP:10.0.1.189/255.255.255.255 + IP:10.0.1.190/255.255.255.255 + IP:10.0.1.191/255.255.255.255 + IP:10.0.1.192/255.255.255.255 + IP:10.0.1.193/255.255.255.255 + IP:10.0.1.194/255.255.255.255 + IP:10.0.1.195/255.255.255.255 + IP:10.0.1.196/255.255.255.255 + IP:10.0.1.197/255.255.255.255 + IP:10.0.1.198/255.255.255.255 + IP:10.0.1.199/255.255.255.255 + IP:10.0.1.200/255.255.255.255 + IP:10.0.1.201/255.255.255.255 + IP:10.0.1.202/255.255.255.255 + IP:10.0.1.203/255.255.255.255 + IP:10.0.1.204/255.255.255.255 + IP:10.0.1.205/255.255.255.255 + IP:10.0.1.206/255.255.255.255 + IP:10.0.1.207/255.255.255.255 + IP:10.0.1.208/255.255.255.255 + IP:10.0.1.209/255.255.255.255 + IP:10.0.1.210/255.255.255.255 + IP:10.0.1.211/255.255.255.255 + IP:10.0.1.212/255.255.255.255 + IP:10.0.1.213/255.255.255.255 + IP:10.0.1.214/255.255.255.255 + IP:10.0.1.215/255.255.255.255 + IP:10.0.1.216/255.255.255.255 + IP:10.0.1.217/255.255.255.255 + IP:10.0.1.218/255.255.255.255 + IP:10.0.1.219/255.255.255.255 + IP:10.0.1.220/255.255.255.255 + IP:10.0.1.221/255.255.255.255 + IP:10.0.1.222/255.255.255.255 + IP:10.0.1.223/255.255.255.255 + IP:10.0.1.224/255.255.255.255 + IP:10.0.1.225/255.255.255.255 + IP:10.0.1.226/255.255.255.255 + IP:10.0.1.227/255.255.255.255 + IP:10.0.1.228/255.255.255.255 + IP:10.0.1.229/255.255.255.255 + IP:10.0.1.230/255.255.255.255 + IP:10.0.1.231/255.255.255.255 + IP:10.0.1.232/255.255.255.255 + IP:10.0.1.233/255.255.255.255 + IP:10.0.1.234/255.255.255.255 + IP:10.0.1.235/255.255.255.255 + IP:10.0.1.236/255.255.255.255 + IP:10.0.1.237/255.255.255.255 + IP:10.0.1.238/255.255.255.255 + IP:10.0.1.239/255.255.255.255 + IP:10.0.1.240/255.255.255.255 + IP:10.0.1.241/255.255.255.255 + IP:10.0.1.242/255.255.255.255 + IP:10.0.1.243/255.255.255.255 + IP:10.0.1.244/255.255.255.255 + IP:10.0.1.245/255.255.255.255 + IP:10.0.1.246/255.255.255.255 + IP:10.0.1.247/255.255.255.255 + IP:10.0.1.248/255.255.255.255 + IP:10.0.1.249/255.255.255.255 + IP:10.0.1.250/255.255.255.255 + IP:10.0.1.251/255.255.255.255 + IP:10.0.1.252/255.255.255.255 + IP:10.0.1.253/255.255.255.255 + IP:10.0.1.254/255.255.255.255 + IP:10.0.1.255/255.255.255.255 + IP:10.0.2.0/255.255.255.255 + IP:10.0.2.1/255.255.255.255 + IP:10.0.2.2/255.255.255.255 + IP:10.0.2.3/255.255.255.255 + IP:10.0.2.4/255.255.255.255 + IP:10.0.2.5/255.255.255.255 + IP:10.0.2.6/255.255.255.255 + IP:10.0.2.7/255.255.255.255 + IP:10.0.2.8/255.255.255.255 + IP:10.0.2.9/255.255.255.255 + IP:10.0.2.10/255.255.255.255 + IP:10.0.2.11/255.255.255.255 + IP:10.0.2.12/255.255.255.255 + IP:10.0.2.13/255.255.255.255 + IP:10.0.2.14/255.255.255.255 + IP:10.0.2.15/255.255.255.255 + IP:10.0.2.16/255.255.255.255 + IP:10.0.2.17/255.255.255.255 + IP:10.0.2.18/255.255.255.255 + IP:10.0.2.19/255.255.255.255 + IP:10.0.2.20/255.255.255.255 + IP:10.0.2.21/255.255.255.255 + IP:10.0.2.22/255.255.255.255 + IP:10.0.2.23/255.255.255.255 + IP:10.0.2.24/255.255.255.255 + IP:10.0.2.25/255.255.255.255 + IP:10.0.2.26/255.255.255.255 + IP:10.0.2.27/255.255.255.255 + IP:10.0.2.28/255.255.255.255 + IP:10.0.2.29/255.255.255.255 + IP:10.0.2.30/255.255.255.255 + IP:10.0.2.31/255.255.255.255 + IP:10.0.2.32/255.255.255.255 + IP:10.0.2.33/255.255.255.255 + IP:10.0.2.34/255.255.255.255 + IP:10.0.2.35/255.255.255.255 + IP:10.0.2.36/255.255.255.255 + IP:10.0.2.37/255.255.255.255 + IP:10.0.2.38/255.255.255.255 + IP:10.0.2.39/255.255.255.255 + IP:10.0.2.40/255.255.255.255 + IP:10.0.2.41/255.255.255.255 + IP:10.0.2.42/255.255.255.255 + IP:10.0.2.43/255.255.255.255 + IP:10.0.2.44/255.255.255.255 + IP:10.0.2.45/255.255.255.255 + IP:10.0.2.46/255.255.255.255 + IP:10.0.2.47/255.255.255.255 + IP:10.0.2.48/255.255.255.255 + IP:10.0.2.49/255.255.255.255 + IP:10.0.2.50/255.255.255.255 + IP:10.0.2.51/255.255.255.255 + IP:10.0.2.52/255.255.255.255 + IP:10.0.2.53/255.255.255.255 + IP:10.0.2.54/255.255.255.255 + IP:10.0.2.55/255.255.255.255 + IP:10.0.2.56/255.255.255.255 + IP:10.0.2.57/255.255.255.255 + IP:10.0.2.58/255.255.255.255 + IP:10.0.2.59/255.255.255.255 + IP:10.0.2.60/255.255.255.255 + IP:10.0.2.61/255.255.255.255 + IP:10.0.2.62/255.255.255.255 + IP:10.0.2.63/255.255.255.255 + IP:10.0.2.64/255.255.255.255 + IP:10.0.2.65/255.255.255.255 + IP:10.0.2.66/255.255.255.255 + IP:10.0.2.67/255.255.255.255 + IP:10.0.2.68/255.255.255.255 + IP:10.0.2.69/255.255.255.255 + IP:10.0.2.70/255.255.255.255 + IP:10.0.2.71/255.255.255.255 + IP:10.0.2.72/255.255.255.255 + IP:10.0.2.73/255.255.255.255 + IP:10.0.2.74/255.255.255.255 + IP:10.0.2.75/255.255.255.255 + IP:10.0.2.76/255.255.255.255 + IP:10.0.2.77/255.255.255.255 + IP:10.0.2.78/255.255.255.255 + IP:10.0.2.79/255.255.255.255 + IP:10.0.2.80/255.255.255.255 + IP:10.0.2.81/255.255.255.255 + IP:10.0.2.82/255.255.255.255 + IP:10.0.2.83/255.255.255.255 + IP:10.0.2.84/255.255.255.255 + IP:10.0.2.85/255.255.255.255 + IP:10.0.2.86/255.255.255.255 + IP:10.0.2.87/255.255.255.255 + IP:10.0.2.88/255.255.255.255 + IP:10.0.2.89/255.255.255.255 + IP:10.0.2.90/255.255.255.255 + IP:10.0.2.91/255.255.255.255 + IP:10.0.2.92/255.255.255.255 + IP:10.0.2.93/255.255.255.255 + IP:10.0.2.94/255.255.255.255 + IP:10.0.2.95/255.255.255.255 + IP:10.0.2.96/255.255.255.255 + IP:10.0.2.97/255.255.255.255 + IP:10.0.2.98/255.255.255.255 + IP:10.0.2.99/255.255.255.255 + IP:10.0.2.100/255.255.255.255 + IP:10.0.2.101/255.255.255.255 + IP:10.0.2.102/255.255.255.255 + IP:10.0.2.103/255.255.255.255 + IP:10.0.2.104/255.255.255.255 + IP:10.0.2.105/255.255.255.255 + IP:10.0.2.106/255.255.255.255 + IP:10.0.2.107/255.255.255.255 + IP:10.0.2.108/255.255.255.255 + IP:10.0.2.109/255.255.255.255 + IP:10.0.2.110/255.255.255.255 + IP:10.0.2.111/255.255.255.255 + IP:10.0.2.112/255.255.255.255 + IP:10.0.2.113/255.255.255.255 + IP:10.0.2.114/255.255.255.255 + IP:10.0.2.115/255.255.255.255 + IP:10.0.2.116/255.255.255.255 + IP:10.0.2.117/255.255.255.255 + IP:10.0.2.118/255.255.255.255 + IP:10.0.2.119/255.255.255.255 + IP:10.0.2.120/255.255.255.255 + IP:10.0.2.121/255.255.255.255 + IP:10.0.2.122/255.255.255.255 + IP:10.0.2.123/255.255.255.255 + IP:10.0.2.124/255.255.255.255 + IP:10.0.2.125/255.255.255.255 + IP:10.0.2.126/255.255.255.255 + IP:10.0.2.127/255.255.255.255 + IP:10.0.2.128/255.255.255.255 + IP:10.0.2.129/255.255.255.255 + IP:10.0.2.130/255.255.255.255 + IP:10.0.2.131/255.255.255.255 + IP:10.0.2.132/255.255.255.255 + IP:10.0.2.133/255.255.255.255 + IP:10.0.2.134/255.255.255.255 + IP:10.0.2.135/255.255.255.255 + IP:10.0.2.136/255.255.255.255 + IP:10.0.2.137/255.255.255.255 + IP:10.0.2.138/255.255.255.255 + IP:10.0.2.139/255.255.255.255 + IP:10.0.2.140/255.255.255.255 + IP:10.0.2.141/255.255.255.255 + IP:10.0.2.142/255.255.255.255 + IP:10.0.2.143/255.255.255.255 + IP:10.0.2.144/255.255.255.255 + IP:10.0.2.145/255.255.255.255 + IP:10.0.2.146/255.255.255.255 + IP:10.0.2.147/255.255.255.255 + IP:10.0.2.148/255.255.255.255 + IP:10.0.2.149/255.255.255.255 + IP:10.0.2.150/255.255.255.255 + IP:10.0.2.151/255.255.255.255 + IP:10.0.2.152/255.255.255.255 + IP:10.0.2.153/255.255.255.255 + IP:10.0.2.154/255.255.255.255 + IP:10.0.2.155/255.255.255.255 + IP:10.0.2.156/255.255.255.255 + IP:10.0.2.157/255.255.255.255 + IP:10.0.2.158/255.255.255.255 + IP:10.0.2.159/255.255.255.255 + IP:10.0.2.160/255.255.255.255 + IP:10.0.2.161/255.255.255.255 + IP:10.0.2.162/255.255.255.255 + IP:10.0.2.163/255.255.255.255 + IP:10.0.2.164/255.255.255.255 + IP:10.0.2.165/255.255.255.255 + IP:10.0.2.166/255.255.255.255 + IP:10.0.2.167/255.255.255.255 + IP:10.0.2.168/255.255.255.255 + IP:10.0.2.169/255.255.255.255 + IP:10.0.2.170/255.255.255.255 + IP:10.0.2.171/255.255.255.255 + IP:10.0.2.172/255.255.255.255 + IP:10.0.2.173/255.255.255.255 + IP:10.0.2.174/255.255.255.255 + IP:10.0.2.175/255.255.255.255 + IP:10.0.2.176/255.255.255.255 + IP:10.0.2.177/255.255.255.255 + IP:10.0.2.178/255.255.255.255 + IP:10.0.2.179/255.255.255.255 + IP:10.0.2.180/255.255.255.255 + IP:10.0.2.181/255.255.255.255 + IP:10.0.2.182/255.255.255.255 + IP:10.0.2.183/255.255.255.255 + IP:10.0.2.184/255.255.255.255 + IP:10.0.2.185/255.255.255.255 + IP:10.0.2.186/255.255.255.255 + IP:10.0.2.187/255.255.255.255 + IP:10.0.2.188/255.255.255.255 + IP:10.0.2.189/255.255.255.255 + IP:10.0.2.190/255.255.255.255 + IP:10.0.2.191/255.255.255.255 + IP:10.0.2.192/255.255.255.255 + IP:10.0.2.193/255.255.255.255 + IP:10.0.2.194/255.255.255.255 + IP:10.0.2.195/255.255.255.255 + IP:10.0.2.196/255.255.255.255 + IP:10.0.2.197/255.255.255.255 + IP:10.0.2.198/255.255.255.255 + IP:10.0.2.199/255.255.255.255 + IP:10.0.2.200/255.255.255.255 + IP:10.0.2.201/255.255.255.255 + IP:10.0.2.202/255.255.255.255 + IP:10.0.2.203/255.255.255.255 + IP:10.0.2.204/255.255.255.255 + IP:10.0.2.205/255.255.255.255 + IP:10.0.2.206/255.255.255.255 + IP:10.0.2.207/255.255.255.255 + IP:10.0.2.208/255.255.255.255 + IP:10.0.2.209/255.255.255.255 + IP:10.0.2.210/255.255.255.255 + IP:10.0.2.211/255.255.255.255 + IP:10.0.2.212/255.255.255.255 + IP:10.0.2.213/255.255.255.255 + IP:10.0.2.214/255.255.255.255 + IP:10.0.2.215/255.255.255.255 + IP:10.0.2.216/255.255.255.255 + IP:10.0.2.217/255.255.255.255 + IP:10.0.2.218/255.255.255.255 + IP:10.0.2.219/255.255.255.255 + IP:10.0.2.220/255.255.255.255 + IP:10.0.2.221/255.255.255.255 + IP:10.0.2.222/255.255.255.255 + IP:10.0.2.223/255.255.255.255 + IP:10.0.2.224/255.255.255.255 + IP:10.0.2.225/255.255.255.255 + IP:10.0.2.226/255.255.255.255 + IP:10.0.2.227/255.255.255.255 + IP:10.0.2.228/255.255.255.255 + IP:10.0.2.229/255.255.255.255 + IP:10.0.2.230/255.255.255.255 + IP:10.0.2.231/255.255.255.255 + IP:10.0.2.232/255.255.255.255 + IP:10.0.2.233/255.255.255.255 + IP:10.0.2.234/255.255.255.255 + IP:10.0.2.235/255.255.255.255 + IP:10.0.2.236/255.255.255.255 + IP:10.0.2.237/255.255.255.255 + IP:10.0.2.238/255.255.255.255 + IP:10.0.2.239/255.255.255.255 + IP:10.0.2.240/255.255.255.255 + IP:10.0.2.241/255.255.255.255 + IP:10.0.2.242/255.255.255.255 + IP:10.0.2.243/255.255.255.255 + IP:10.0.2.244/255.255.255.255 + IP:10.0.2.245/255.255.255.255 + IP:10.0.2.246/255.255.255.255 + IP:10.0.2.247/255.255.255.255 + IP:10.0.2.248/255.255.255.255 + IP:10.0.2.249/255.255.255.255 + IP:10.0.2.250/255.255.255.255 + IP:10.0.2.251/255.255.255.255 + IP:10.0.2.252/255.255.255.255 + IP:10.0.2.253/255.255.255.255 + IP:10.0.2.254/255.255.255.255 + IP:10.0.2.255/255.255.255.255 + IP:10.0.3.0/255.255.255.255 + IP:10.0.3.1/255.255.255.255 + IP:10.0.3.2/255.255.255.255 + IP:10.0.3.3/255.255.255.255 + IP:10.0.3.4/255.255.255.255 + IP:10.0.3.5/255.255.255.255 + IP:10.0.3.6/255.255.255.255 + IP:10.0.3.7/255.255.255.255 + IP:10.0.3.8/255.255.255.255 + IP:10.0.3.9/255.255.255.255 + IP:10.0.3.10/255.255.255.255 + IP:10.0.3.11/255.255.255.255 + IP:10.0.3.12/255.255.255.255 + IP:10.0.3.13/255.255.255.255 + IP:10.0.3.14/255.255.255.255 + IP:10.0.3.15/255.255.255.255 + IP:10.0.3.16/255.255.255.255 + IP:10.0.3.17/255.255.255.255 + IP:10.0.3.18/255.255.255.255 + IP:10.0.3.19/255.255.255.255 + IP:10.0.3.20/255.255.255.255 + IP:10.0.3.21/255.255.255.255 + IP:10.0.3.22/255.255.255.255 + IP:10.0.3.23/255.255.255.255 + IP:10.0.3.24/255.255.255.255 + IP:10.0.3.25/255.255.255.255 + IP:10.0.3.26/255.255.255.255 + IP:10.0.3.27/255.255.255.255 + IP:10.0.3.28/255.255.255.255 + IP:10.0.3.29/255.255.255.255 + IP:10.0.3.30/255.255.255.255 + IP:10.0.3.31/255.255.255.255 + IP:10.0.3.32/255.255.255.255 + IP:10.0.3.33/255.255.255.255 + IP:10.0.3.34/255.255.255.255 + IP:10.0.3.35/255.255.255.255 + IP:10.0.3.36/255.255.255.255 + IP:10.0.3.37/255.255.255.255 + IP:10.0.3.38/255.255.255.255 + IP:10.0.3.39/255.255.255.255 + IP:10.0.3.40/255.255.255.255 + IP:10.0.3.41/255.255.255.255 + IP:10.0.3.42/255.255.255.255 + IP:10.0.3.43/255.255.255.255 + IP:10.0.3.44/255.255.255.255 + IP:10.0.3.45/255.255.255.255 + IP:10.0.3.46/255.255.255.255 + IP:10.0.3.47/255.255.255.255 + IP:10.0.3.48/255.255.255.255 + IP:10.0.3.49/255.255.255.255 + IP:10.0.3.50/255.255.255.255 + IP:10.0.3.51/255.255.255.255 + IP:10.0.3.52/255.255.255.255 + IP:10.0.3.53/255.255.255.255 + IP:10.0.3.54/255.255.255.255 + IP:10.0.3.55/255.255.255.255 + IP:10.0.3.56/255.255.255.255 + IP:10.0.3.57/255.255.255.255 + IP:10.0.3.58/255.255.255.255 + IP:10.0.3.59/255.255.255.255 + IP:10.0.3.60/255.255.255.255 + IP:10.0.3.61/255.255.255.255 + IP:10.0.3.62/255.255.255.255 + IP:10.0.3.63/255.255.255.255 + IP:10.0.3.64/255.255.255.255 + IP:10.0.3.65/255.255.255.255 + IP:10.0.3.66/255.255.255.255 + IP:10.0.3.67/255.255.255.255 + IP:10.0.3.68/255.255.255.255 + IP:10.0.3.69/255.255.255.255 + IP:10.0.3.70/255.255.255.255 + IP:10.0.3.71/255.255.255.255 + IP:10.0.3.72/255.255.255.255 + IP:10.0.3.73/255.255.255.255 + IP:10.0.3.74/255.255.255.255 + IP:10.0.3.75/255.255.255.255 + IP:10.0.3.76/255.255.255.255 + IP:10.0.3.77/255.255.255.255 + IP:10.0.3.78/255.255.255.255 + IP:10.0.3.79/255.255.255.255 + IP:10.0.3.80/255.255.255.255 + IP:10.0.3.81/255.255.255.255 + IP:10.0.3.82/255.255.255.255 + IP:10.0.3.83/255.255.255.255 + IP:10.0.3.84/255.255.255.255 + IP:10.0.3.85/255.255.255.255 + IP:10.0.3.86/255.255.255.255 + IP:10.0.3.87/255.255.255.255 + IP:10.0.3.88/255.255.255.255 + IP:10.0.3.89/255.255.255.255 + IP:10.0.3.90/255.255.255.255 + IP:10.0.3.91/255.255.255.255 + IP:10.0.3.92/255.255.255.255 + IP:10.0.3.93/255.255.255.255 + IP:10.0.3.94/255.255.255.255 + IP:10.0.3.95/255.255.255.255 + IP:10.0.3.96/255.255.255.255 + IP:10.0.3.97/255.255.255.255 + IP:10.0.3.98/255.255.255.255 + IP:10.0.3.99/255.255.255.255 + IP:10.0.3.100/255.255.255.255 + IP:10.0.3.101/255.255.255.255 + IP:10.0.3.102/255.255.255.255 + IP:10.0.3.103/255.255.255.255 + IP:10.0.3.104/255.255.255.255 + IP:10.0.3.105/255.255.255.255 + IP:10.0.3.106/255.255.255.255 + IP:10.0.3.107/255.255.255.255 + IP:10.0.3.108/255.255.255.255 + IP:10.0.3.109/255.255.255.255 + IP:10.0.3.110/255.255.255.255 + IP:10.0.3.111/255.255.255.255 + IP:10.0.3.112/255.255.255.255 + IP:10.0.3.113/255.255.255.255 + IP:10.0.3.114/255.255.255.255 + IP:10.0.3.115/255.255.255.255 + IP:10.0.3.116/255.255.255.255 + IP:10.0.3.117/255.255.255.255 + IP:10.0.3.118/255.255.255.255 + IP:10.0.3.119/255.255.255.255 + IP:10.0.3.120/255.255.255.255 + IP:10.0.3.121/255.255.255.255 + IP:10.0.3.122/255.255.255.255 + IP:10.0.3.123/255.255.255.255 + IP:10.0.3.124/255.255.255.255 + IP:10.0.3.125/255.255.255.255 + IP:10.0.3.126/255.255.255.255 + IP:10.0.3.127/255.255.255.255 + IP:10.0.3.128/255.255.255.255 + IP:10.0.3.129/255.255.255.255 + IP:10.0.3.130/255.255.255.255 + IP:10.0.3.131/255.255.255.255 + IP:10.0.3.132/255.255.255.255 + IP:10.0.3.133/255.255.255.255 + IP:10.0.3.134/255.255.255.255 + IP:10.0.3.135/255.255.255.255 + IP:10.0.3.136/255.255.255.255 + IP:10.0.3.137/255.255.255.255 + IP:10.0.3.138/255.255.255.255 + IP:10.0.3.139/255.255.255.255 + IP:10.0.3.140/255.255.255.255 + IP:10.0.3.141/255.255.255.255 + IP:10.0.3.142/255.255.255.255 + IP:10.0.3.143/255.255.255.255 + IP:10.0.3.144/255.255.255.255 + IP:10.0.3.145/255.255.255.255 + IP:10.0.3.146/255.255.255.255 + IP:10.0.3.147/255.255.255.255 + IP:10.0.3.148/255.255.255.255 + IP:10.0.3.149/255.255.255.255 + IP:10.0.3.150/255.255.255.255 + IP:10.0.3.151/255.255.255.255 + IP:10.0.3.152/255.255.255.255 + IP:10.0.3.153/255.255.255.255 + IP:10.0.3.154/255.255.255.255 + IP:10.0.3.155/255.255.255.255 + IP:10.0.3.156/255.255.255.255 + IP:10.0.3.157/255.255.255.255 + IP:10.0.3.158/255.255.255.255 + IP:10.0.3.159/255.255.255.255 + IP:10.0.3.160/255.255.255.255 + IP:10.0.3.161/255.255.255.255 + IP:10.0.3.162/255.255.255.255 + IP:10.0.3.163/255.255.255.255 + IP:10.0.3.164/255.255.255.255 + IP:10.0.3.165/255.255.255.255 + IP:10.0.3.166/255.255.255.255 + IP:10.0.3.167/255.255.255.255 + IP:10.0.3.168/255.255.255.255 + IP:10.0.3.169/255.255.255.255 + IP:10.0.3.170/255.255.255.255 + IP:10.0.3.171/255.255.255.255 + IP:10.0.3.172/255.255.255.255 + IP:10.0.3.173/255.255.255.255 + IP:10.0.3.174/255.255.255.255 + IP:10.0.3.175/255.255.255.255 + IP:10.0.3.176/255.255.255.255 + IP:10.0.3.177/255.255.255.255 + IP:10.0.3.178/255.255.255.255 + IP:10.0.3.179/255.255.255.255 + IP:10.0.3.180/255.255.255.255 + IP:10.0.3.181/255.255.255.255 + IP:10.0.3.182/255.255.255.255 + IP:10.0.3.183/255.255.255.255 + IP:10.0.3.184/255.255.255.255 + IP:10.0.3.185/255.255.255.255 + IP:10.0.3.186/255.255.255.255 + IP:10.0.3.187/255.255.255.255 + IP:10.0.3.188/255.255.255.255 + IP:10.0.3.189/255.255.255.255 + IP:10.0.3.190/255.255.255.255 + IP:10.0.3.191/255.255.255.255 + IP:10.0.3.192/255.255.255.255 + IP:10.0.3.193/255.255.255.255 + IP:10.0.3.194/255.255.255.255 + IP:10.0.3.195/255.255.255.255 + IP:10.0.3.196/255.255.255.255 + IP:10.0.3.197/255.255.255.255 + IP:10.0.3.198/255.255.255.255 + IP:10.0.3.199/255.255.255.255 + IP:10.0.3.200/255.255.255.255 + IP:10.0.3.201/255.255.255.255 + IP:10.0.3.202/255.255.255.255 + IP:10.0.3.203/255.255.255.255 + IP:10.0.3.204/255.255.255.255 + IP:10.0.3.205/255.255.255.255 + IP:10.0.3.206/255.255.255.255 + IP:10.0.3.207/255.255.255.255 + IP:10.0.3.208/255.255.255.255 + IP:10.0.3.209/255.255.255.255 + IP:10.0.3.210/255.255.255.255 + IP:10.0.3.211/255.255.255.255 + IP:10.0.3.212/255.255.255.255 + IP:10.0.3.213/255.255.255.255 + IP:10.0.3.214/255.255.255.255 + IP:10.0.3.215/255.255.255.255 + IP:10.0.3.216/255.255.255.255 + IP:10.0.3.217/255.255.255.255 + IP:10.0.3.218/255.255.255.255 + IP:10.0.3.219/255.255.255.255 + IP:10.0.3.220/255.255.255.255 + IP:10.0.3.221/255.255.255.255 + IP:10.0.3.222/255.255.255.255 + IP:10.0.3.223/255.255.255.255 + IP:10.0.3.224/255.255.255.255 + IP:10.0.3.225/255.255.255.255 + IP:10.0.3.226/255.255.255.255 + IP:10.0.3.227/255.255.255.255 + IP:10.0.3.228/255.255.255.255 + IP:10.0.3.229/255.255.255.255 + IP:10.0.3.230/255.255.255.255 + IP:10.0.3.231/255.255.255.255 + IP:10.0.3.232/255.255.255.255 + IP:10.0.3.233/255.255.255.255 + IP:10.0.3.234/255.255.255.255 + IP:10.0.3.235/255.255.255.255 + IP:10.0.3.236/255.255.255.255 + IP:10.0.3.237/255.255.255.255 + IP:10.0.3.238/255.255.255.255 + IP:10.0.3.239/255.255.255.255 + IP:10.0.3.240/255.255.255.255 + IP:10.0.3.241/255.255.255.255 + IP:10.0.3.242/255.255.255.255 + IP:10.0.3.243/255.255.255.255 + IP:10.0.3.244/255.255.255.255 + IP:10.0.3.245/255.255.255.255 + IP:10.0.3.246/255.255.255.255 + IP:10.0.3.247/255.255.255.255 + IP:10.0.3.248/255.255.255.255 + IP:10.0.3.249/255.255.255.255 + IP:10.0.3.250/255.255.255.255 + IP:10.0.3.251/255.255.255.255 + IP:10.0.3.252/255.255.255.255 + IP:10.0.3.253/255.255.255.255 + IP:10.0.3.254/255.255.255.255 + IP:10.0.3.255/255.255.255.255 + IP:10.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 58:a8:fb:63:46:45:e4:1c:02:f9:5f:1a:8f:a3:1d:d4:d0:41: + 9a:13:72:6d:3a:7b:6a:24:dc:70:47:29:f6:c9:73:80:1a:5f: + ee:92:a6:ce:26:94:d0:7b:29:18:07:c8:69:a6:dd:d8:cf:65: + fa:9b:e1:00:a0:7e:ea:a3:a5:92:09:01:95:6d:52:66:12:5f: + c0:49:6b:38:aa:ba:bc:58:ac:c2:03:ee:6f:2d:5f:8e:73:71: + 19:8a:d8:04:4b:00:fd:94:d3:7f:fa:38:6d:21:15:ba:e5:8e: + 7c:5f:2c:5d:58:67:71:f6:37:14:a5:ac:d5:ff:44:ca:b0:2b: + 41:b3:2c:d4:93:25:0a:d2:ff:1d:bb:de:d4:43:fd:05:b7:5f: + 07:3f:b3:04:52:54:83:5d:1f:05:b3:ff:50:47:83:ec:6f:8a: + 92:9a:3b:27:82:05:ea:e2:6f:a2:4a:43:8b:7a:39:a9:6b:da: + 9c:63:39:5d:57:a8:b8:86:84:c9:fe:5b:2a:1e:07:6c:05:18: + d5:40:e7:6d:75:e3:31:1c:d2:1c:e6:3e:46:63:b4:7e:30:d3: + a1:14:77:40:28:6e:d3:3a:fc:e1:80:45:37:7e:5f:ec:5c:66: + bb:6f:4f:82:30:24:53:6c:8f:4a:db:6d:5a:8f:71:63:20:fa: + f9:b6:54:fc +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKCCMAwwCocICgAAAP////8wCocICgAAAf////8w +CocICgAAAv////8wCocICgAAA/////8wCocICgAABP////8wCocICgAABf////8w +CocICgAABv////8wCocICgAAB/////8wCocICgAACP////8wCocICgAACf////8w +CocICgAACv////8wCocICgAAC/////8wCocICgAADP////8wCocICgAADf////8w +CocICgAADv////8wCocICgAAD/////8wCocICgAAEP////8wCocICgAAEf////8w +CocICgAAEv////8wCocICgAAE/////8wCocICgAAFP////8wCocICgAAFf////8w +CocICgAAFv////8wCocICgAAF/////8wCocICgAAGP////8wCocICgAAGf////8w +CocICgAAGv////8wCocICgAAG/////8wCocICgAAHP////8wCocICgAAHf////8w +CocICgAAHv////8wCocICgAAH/////8wCocICgAAIP////8wCocICgAAIf////8w +CocICgAAIv////8wCocICgAAI/////8wCocICgAAJP////8wCocICgAAJf////8w +CocICgAAJv////8wCocICgAAJ/////8wCocICgAAKP////8wCocICgAAKf////8w +CocICgAAKv////8wCocICgAAK/////8wCocICgAALP////8wCocICgAALf////8w +CocICgAALv////8wCocICgAAL/////8wCocICgAAMP////8wCocICgAAMf////8w +CocICgAAMv////8wCocICgAAM/////8wCocICgAANP////8wCocICgAANf////8w +CocICgAANv////8wCocICgAAN/////8wCocICgAAOP////8wCocICgAAOf////8w +CocICgAAOv////8wCocICgAAO/////8wCocICgAAPP////8wCocICgAAPf////8w +CocICgAAPv////8wCocICgAAP/////8wCocICgAAQP////8wCocICgAAQf////8w +CocICgAAQv////8wCocICgAAQ/////8wCocICgAARP////8wCocICgAARf////8w +CocICgAARv////8wCocICgAAR/////8wCocICgAASP////8wCocICgAASf////8w +CocICgAASv////8wCocICgAAS/////8wCocICgAATP////8wCocICgAATf////8w +CocICgAATv////8wCocICgAAT/////8wCocICgAAUP////8wCocICgAAUf////8w +CocICgAAUv////8wCocICgAAU/////8wCocICgAAVP////8wCocICgAAVf////8w +CocICgAAVv////8wCocICgAAV/////8wCocICgAAWP////8wCocICgAAWf////8w +CocICgAAWv////8wCocICgAAW/////8wCocICgAAXP////8wCocICgAAXf////8w +CocICgAAXv////8wCocICgAAX/////8wCocICgAAYP////8wCocICgAAYf////8w +CocICgAAYv////8wCocICgAAY/////8wCocICgAAZP////8wCocICgAAZf////8w +CocICgAAZv////8wCocICgAAZ/////8wCocICgAAaP////8wCocICgAAaf////8w +CocICgAAav////8wCocICgAAa/////8wCocICgAAbP////8wCocICgAAbf////8w +CocICgAAbv////8wCocICgAAb/////8wCocICgAAcP////8wCocICgAAcf////8w +CocICgAAcv////8wCocICgAAc/////8wCocICgAAdP////8wCocICgAAdf////8w +CocICgAAdv////8wCocICgAAd/////8wCocICgAAeP////8wCocICgAAef////8w +CocICgAAev////8wCocICgAAe/////8wCocICgAAfP////8wCocICgAAff////8w +CocICgAAfv////8wCocICgAAf/////8wCocICgAAgP////8wCocICgAAgf////8w +CocICgAAgv////8wCocICgAAg/////8wCocICgAAhP////8wCocICgAAhf////8w +CocICgAAhv////8wCocICgAAh/////8wCocICgAAiP////8wCocICgAAif////8w +CocICgAAiv////8wCocICgAAi/////8wCocICgAAjP////8wCocICgAAjf////8w +CocICgAAjv////8wCocICgAAj/////8wCocICgAAkP////8wCocICgAAkf////8w +CocICgAAkv////8wCocICgAAk/////8wCocICgAAlP////8wCocICgAAlf////8w +CocICgAAlv////8wCocICgAAl/////8wCocICgAAmP////8wCocICgAAmf////8w +CocICgAAmv////8wCocICgAAm/////8wCocICgAAnP////8wCocICgAAnf////8w +CocICgAAnv////8wCocICgAAn/////8wCocICgAAoP////8wCocICgAAof////8w +CocICgAAov////8wCocICgAAo/////8wCocICgAApP////8wCocICgAApf////8w +CocICgAApv////8wCocICgAAp/////8wCocICgAAqP////8wCocICgAAqf////8w +CocICgAAqv////8wCocICgAAq/////8wCocICgAArP////8wCocICgAArf////8w +CocICgAArv////8wCocICgAAr/////8wCocICgAAsP////8wCocICgAAsf////8w +CocICgAAsv////8wCocICgAAs/////8wCocICgAAtP////8wCocICgAAtf////8w +CocICgAAtv////8wCocICgAAt/////8wCocICgAAuP////8wCocICgAAuf////8w +CocICgAAuv////8wCocICgAAu/////8wCocICgAAvP////8wCocICgAAvf////8w +CocICgAAvv////8wCocICgAAv/////8wCocICgAAwP////8wCocICgAAwf////8w +CocICgAAwv////8wCocICgAAw/////8wCocICgAAxP////8wCocICgAAxf////8w +CocICgAAxv////8wCocICgAAx/////8wCocICgAAyP////8wCocICgAAyf////8w +CocICgAAyv////8wCocICgAAy/////8wCocICgAAzP////8wCocICgAAzf////8w +CocICgAAzv////8wCocICgAAz/////8wCocICgAA0P////8wCocICgAA0f////8w +CocICgAA0v////8wCocICgAA0/////8wCocICgAA1P////8wCocICgAA1f////8w +CocICgAA1v////8wCocICgAA1/////8wCocICgAA2P////8wCocICgAA2f////8w +CocICgAA2v////8wCocICgAA2/////8wCocICgAA3P////8wCocICgAA3f////8w +CocICgAA3v////8wCocICgAA3/////8wCocICgAA4P////8wCocICgAA4f////8w +CocICgAA4v////8wCocICgAA4/////8wCocICgAA5P////8wCocICgAA5f////8w +CocICgAA5v////8wCocICgAA5/////8wCocICgAA6P////8wCocICgAA6f////8w +CocICgAA6v////8wCocICgAA6/////8wCocICgAA7P////8wCocICgAA7f////8w +CocICgAA7v////8wCocICgAA7/////8wCocICgAA8P////8wCocICgAA8f////8w +CocICgAA8v////8wCocICgAA8/////8wCocICgAA9P////8wCocICgAA9f////8w +CocICgAA9v////8wCocICgAA9/////8wCocICgAA+P////8wCocICgAA+f////8w +CocICgAA+v////8wCocICgAA+/////8wCocICgAA/P////8wCocICgAA/f////8w +CocICgAA/v////8wCocICgAA//////8wCocICgABAP////8wCocICgABAf////8w +CocICgABAv////8wCocICgABA/////8wCocICgABBP////8wCocICgABBf////8w +CocICgABBv////8wCocICgABB/////8wCocICgABCP////8wCocICgABCf////8w +CocICgABCv////8wCocICgABC/////8wCocICgABDP////8wCocICgABDf////8w +CocICgABDv////8wCocICgABD/////8wCocICgABEP////8wCocICgABEf////8w +CocICgABEv////8wCocICgABE/////8wCocICgABFP////8wCocICgABFf////8w +CocICgABFv////8wCocICgABF/////8wCocICgABGP////8wCocICgABGf////8w +CocICgABGv////8wCocICgABG/////8wCocICgABHP////8wCocICgABHf////8w +CocICgABHv////8wCocICgABH/////8wCocICgABIP////8wCocICgABIf////8w +CocICgABIv////8wCocICgABI/////8wCocICgABJP////8wCocICgABJf////8w +CocICgABJv////8wCocICgABJ/////8wCocICgABKP////8wCocICgABKf////8w +CocICgABKv////8wCocICgABK/////8wCocICgABLP////8wCocICgABLf////8w +CocICgABLv////8wCocICgABL/////8wCocICgABMP////8wCocICgABMf////8w +CocICgABMv////8wCocICgABM/////8wCocICgABNP////8wCocICgABNf////8w +CocICgABNv////8wCocICgABN/////8wCocICgABOP////8wCocICgABOf////8w +CocICgABOv////8wCocICgABO/////8wCocICgABPP////8wCocICgABPf////8w +CocICgABPv////8wCocICgABP/////8wCocICgABQP////8wCocICgABQf////8w +CocICgABQv////8wCocICgABQ/////8wCocICgABRP////8wCocICgABRf////8w +CocICgABRv////8wCocICgABR/////8wCocICgABSP////8wCocICgABSf////8w +CocICgABSv////8wCocICgABS/////8wCocICgABTP////8wCocICgABTf////8w +CocICgABTv////8wCocICgABT/////8wCocICgABUP////8wCocICgABUf////8w +CocICgABUv////8wCocICgABU/////8wCocICgABVP////8wCocICgABVf////8w +CocICgABVv////8wCocICgABV/////8wCocICgABWP////8wCocICgABWf////8w +CocICgABWv////8wCocICgABW/////8wCocICgABXP////8wCocICgABXf////8w +CocICgABXv////8wCocICgABX/////8wCocICgABYP////8wCocICgABYf////8w +CocICgABYv////8wCocICgABY/////8wCocICgABZP////8wCocICgABZf////8w +CocICgABZv////8wCocICgABZ/////8wCocICgABaP////8wCocICgABaf////8w +CocICgABav////8wCocICgABa/////8wCocICgABbP////8wCocICgABbf////8w +CocICgABbv////8wCocICgABb/////8wCocICgABcP////8wCocICgABcf////8w +CocICgABcv////8wCocICgABc/////8wCocICgABdP////8wCocICgABdf////8w +CocICgABdv////8wCocICgABd/////8wCocICgABeP////8wCocICgABef////8w +CocICgABev////8wCocICgABe/////8wCocICgABfP////8wCocICgABff////8w +CocICgABfv////8wCocICgABf/////8wCocICgABgP////8wCocICgABgf////8w +CocICgABgv////8wCocICgABg/////8wCocICgABhP////8wCocICgABhf////8w +CocICgABhv////8wCocICgABh/////8wCocICgABiP////8wCocICgABif////8w +CocICgABiv////8wCocICgABi/////8wCocICgABjP////8wCocICgABjf////8w +CocICgABjv////8wCocICgABj/////8wCocICgABkP////8wCocICgABkf////8w +CocICgABkv////8wCocICgABk/////8wCocICgABlP////8wCocICgABlf////8w +CocICgABlv////8wCocICgABl/////8wCocICgABmP////8wCocICgABmf////8w +CocICgABmv////8wCocICgABm/////8wCocICgABnP////8wCocICgABnf////8w +CocICgABnv////8wCocICgABn/////8wCocICgABoP////8wCocICgABof////8w +CocICgABov////8wCocICgABo/////8wCocICgABpP////8wCocICgABpf////8w +CocICgABpv////8wCocICgABp/////8wCocICgABqP////8wCocICgABqf////8w +CocICgABqv////8wCocICgABq/////8wCocICgABrP////8wCocICgABrf////8w +CocICgABrv////8wCocICgABr/////8wCocICgABsP////8wCocICgABsf////8w +CocICgABsv////8wCocICgABs/////8wCocICgABtP////8wCocICgABtf////8w +CocICgABtv////8wCocICgABt/////8wCocICgABuP////8wCocICgABuf////8w +CocICgABuv////8wCocICgABu/////8wCocICgABvP////8wCocICgABvf////8w +CocICgABvv////8wCocICgABv/////8wCocICgABwP////8wCocICgABwf////8w +CocICgABwv////8wCocICgABw/////8wCocICgABxP////8wCocICgABxf////8w +CocICgABxv////8wCocICgABx/////8wCocICgAByP////8wCocICgAByf////8w +CocICgAByv////8wCocICgABy/////8wCocICgABzP////8wCocICgABzf////8w +CocICgABzv////8wCocICgABz/////8wCocICgAB0P////8wCocICgAB0f////8w +CocICgAB0v////8wCocICgAB0/////8wCocICgAB1P////8wCocICgAB1f////8w +CocICgAB1v////8wCocICgAB1/////8wCocICgAB2P////8wCocICgAB2f////8w +CocICgAB2v////8wCocICgAB2/////8wCocICgAB3P////8wCocICgAB3f////8w +CocICgAB3v////8wCocICgAB3/////8wCocICgAB4P////8wCocICgAB4f////8w +CocICgAB4v////8wCocICgAB4/////8wCocICgAB5P////8wCocICgAB5f////8w +CocICgAB5v////8wCocICgAB5/////8wCocICgAB6P////8wCocICgAB6f////8w +CocICgAB6v////8wCocICgAB6/////8wCocICgAB7P////8wCocICgAB7f////8w +CocICgAB7v////8wCocICgAB7/////8wCocICgAB8P////8wCocICgAB8f////8w +CocICgAB8v////8wCocICgAB8/////8wCocICgAB9P////8wCocICgAB9f////8w +CocICgAB9v////8wCocICgAB9/////8wCocICgAB+P////8wCocICgAB+f////8w +CocICgAB+v////8wCocICgAB+/////8wCocICgAB/P////8wCocICgAB/f////8w +CocICgAB/v////8wCocICgAB//////8wCocICgACAP////8wCocICgACAf////8w +CocICgACAv////8wCocICgACA/////8wCocICgACBP////8wCocICgACBf////8w +CocICgACBv////8wCocICgACB/////8wCocICgACCP////8wCocICgACCf////8w +CocICgACCv////8wCocICgACC/////8wCocICgACDP////8wCocICgACDf////8w +CocICgACDv////8wCocICgACD/////8wCocICgACEP////8wCocICgACEf////8w +CocICgACEv////8wCocICgACE/////8wCocICgACFP////8wCocICgACFf////8w +CocICgACFv////8wCocICgACF/////8wCocICgACGP////8wCocICgACGf////8w +CocICgACGv////8wCocICgACG/////8wCocICgACHP////8wCocICgACHf////8w +CocICgACHv////8wCocICgACH/////8wCocICgACIP////8wCocICgACIf////8w +CocICgACIv////8wCocICgACI/////8wCocICgACJP////8wCocICgACJf////8w +CocICgACJv////8wCocICgACJ/////8wCocICgACKP////8wCocICgACKf////8w +CocICgACKv////8wCocICgACK/////8wCocICgACLP////8wCocICgACLf////8w +CocICgACLv////8wCocICgACL/////8wCocICgACMP////8wCocICgACMf////8w +CocICgACMv////8wCocICgACM/////8wCocICgACNP////8wCocICgACNf////8w +CocICgACNv////8wCocICgACN/////8wCocICgACOP////8wCocICgACOf////8w +CocICgACOv////8wCocICgACO/////8wCocICgACPP////8wCocICgACPf////8w +CocICgACPv////8wCocICgACP/////8wCocICgACQP////8wCocICgACQf////8w +CocICgACQv////8wCocICgACQ/////8wCocICgACRP////8wCocICgACRf////8w +CocICgACRv////8wCocICgACR/////8wCocICgACSP////8wCocICgACSf////8w +CocICgACSv////8wCocICgACS/////8wCocICgACTP////8wCocICgACTf////8w +CocICgACTv////8wCocICgACT/////8wCocICgACUP////8wCocICgACUf////8w +CocICgACUv////8wCocICgACU/////8wCocICgACVP////8wCocICgACVf////8w +CocICgACVv////8wCocICgACV/////8wCocICgACWP////8wCocICgACWf////8w +CocICgACWv////8wCocICgACW/////8wCocICgACXP////8wCocICgACXf////8w +CocICgACXv////8wCocICgACX/////8wCocICgACYP////8wCocICgACYf////8w +CocICgACYv////8wCocICgACY/////8wCocICgACZP////8wCocICgACZf////8w +CocICgACZv////8wCocICgACZ/////8wCocICgACaP////8wCocICgACaf////8w +CocICgACav////8wCocICgACa/////8wCocICgACbP////8wCocICgACbf////8w +CocICgACbv////8wCocICgACb/////8wCocICgACcP////8wCocICgACcf////8w +CocICgACcv////8wCocICgACc/////8wCocICgACdP////8wCocICgACdf////8w +CocICgACdv////8wCocICgACd/////8wCocICgACeP////8wCocICgACef////8w +CocICgACev////8wCocICgACe/////8wCocICgACfP////8wCocICgACff////8w +CocICgACfv////8wCocICgACf/////8wCocICgACgP////8wCocICgACgf////8w +CocICgACgv////8wCocICgACg/////8wCocICgAChP////8wCocICgAChf////8w +CocICgAChv////8wCocICgACh/////8wCocICgACiP////8wCocICgACif////8w +CocICgACiv////8wCocICgACi/////8wCocICgACjP////8wCocICgACjf////8w +CocICgACjv////8wCocICgACj/////8wCocICgACkP////8wCocICgACkf////8w +CocICgACkv////8wCocICgACk/////8wCocICgAClP////8wCocICgAClf////8w +CocICgAClv////8wCocICgACl/////8wCocICgACmP////8wCocICgACmf////8w +CocICgACmv////8wCocICgACm/////8wCocICgACnP////8wCocICgACnf////8w +CocICgACnv////8wCocICgACn/////8wCocICgACoP////8wCocICgACof////8w +CocICgACov////8wCocICgACo/////8wCocICgACpP////8wCocICgACpf////8w +CocICgACpv////8wCocICgACp/////8wCocICgACqP////8wCocICgACqf////8w +CocICgACqv////8wCocICgACq/////8wCocICgACrP////8wCocICgACrf////8w +CocICgACrv////8wCocICgACr/////8wCocICgACsP////8wCocICgACsf////8w +CocICgACsv////8wCocICgACs/////8wCocICgACtP////8wCocICgACtf////8w +CocICgACtv////8wCocICgACt/////8wCocICgACuP////8wCocICgACuf////8w +CocICgACuv////8wCocICgACu/////8wCocICgACvP////8wCocICgACvf////8w +CocICgACvv////8wCocICgACv/////8wCocICgACwP////8wCocICgACwf////8w +CocICgACwv////8wCocICgACw/////8wCocICgACxP////8wCocICgACxf////8w +CocICgACxv////8wCocICgACx/////8wCocICgACyP////8wCocICgACyf////8w +CocICgACyv////8wCocICgACy/////8wCocICgACzP////8wCocICgACzf////8w +CocICgACzv////8wCocICgACz/////8wCocICgAC0P////8wCocICgAC0f////8w +CocICgAC0v////8wCocICgAC0/////8wCocICgAC1P////8wCocICgAC1f////8w +CocICgAC1v////8wCocICgAC1/////8wCocICgAC2P////8wCocICgAC2f////8w +CocICgAC2v////8wCocICgAC2/////8wCocICgAC3P////8wCocICgAC3f////8w +CocICgAC3v////8wCocICgAC3/////8wCocICgAC4P////8wCocICgAC4f////8w +CocICgAC4v////8wCocICgAC4/////8wCocICgAC5P////8wCocICgAC5f////8w +CocICgAC5v////8wCocICgAC5/////8wCocICgAC6P////8wCocICgAC6f////8w +CocICgAC6v////8wCocICgAC6/////8wCocICgAC7P////8wCocICgAC7f////8w +CocICgAC7v////8wCocICgAC7/////8wCocICgAC8P////8wCocICgAC8f////8w +CocICgAC8v////8wCocICgAC8/////8wCocICgAC9P////8wCocICgAC9f////8w +CocICgAC9v////8wCocICgAC9/////8wCocICgAC+P////8wCocICgAC+f////8w +CocICgAC+v////8wCocICgAC+/////8wCocICgAC/P////8wCocICgAC/f////8w +CocICgAC/v////8wCocICgAC//////8wCocICgADAP////8wCocICgADAf////8w +CocICgADAv////8wCocICgADA/////8wCocICgADBP////8wCocICgADBf////8w +CocICgADBv////8wCocICgADB/////8wCocICgADCP////8wCocICgADCf////8w +CocICgADCv////8wCocICgADC/////8wCocICgADDP////8wCocICgADDf////8w +CocICgADDv////8wCocICgADD/////8wCocICgADEP////8wCocICgADEf////8w +CocICgADEv////8wCocICgADE/////8wCocICgADFP////8wCocICgADFf////8w +CocICgADFv////8wCocICgADF/////8wCocICgADGP////8wCocICgADGf////8w +CocICgADGv////8wCocICgADG/////8wCocICgADHP////8wCocICgADHf////8w +CocICgADHv////8wCocICgADH/////8wCocICgADIP////8wCocICgADIf////8w +CocICgADIv////8wCocICgADI/////8wCocICgADJP////8wCocICgADJf////8w +CocICgADJv////8wCocICgADJ/////8wCocICgADKP////8wCocICgADKf////8w +CocICgADKv////8wCocICgADK/////8wCocICgADLP////8wCocICgADLf////8w +CocICgADLv////8wCocICgADL/////8wCocICgADMP////8wCocICgADMf////8w +CocICgADMv////8wCocICgADM/////8wCocICgADNP////8wCocICgADNf////8w +CocICgADNv////8wCocICgADN/////8wCocICgADOP////8wCocICgADOf////8w +CocICgADOv////8wCocICgADO/////8wCocICgADPP////8wCocICgADPf////8w +CocICgADPv////8wCocICgADP/////8wCocICgADQP////8wCocICgADQf////8w +CocICgADQv////8wCocICgADQ/////8wCocICgADRP////8wCocICgADRf////8w +CocICgADRv////8wCocICgADR/////8wCocICgADSP////8wCocICgADSf////8w +CocICgADSv////8wCocICgADS/////8wCocICgADTP////8wCocICgADTf////8w +CocICgADTv////8wCocICgADT/////8wCocICgADUP////8wCocICgADUf////8w +CocICgADUv////8wCocICgADU/////8wCocICgADVP////8wCocICgADVf////8w +CocICgADVv////8wCocICgADV/////8wCocICgADWP////8wCocICgADWf////8w +CocICgADWv////8wCocICgADW/////8wCocICgADXP////8wCocICgADXf////8w +CocICgADXv////8wCocICgADX/////8wCocICgADYP////8wCocICgADYf////8w +CocICgADYv////8wCocICgADY/////8wCocICgADZP////8wCocICgADZf////8w +CocICgADZv////8wCocICgADZ/////8wCocICgADaP////8wCocICgADaf////8w +CocICgADav////8wCocICgADa/////8wCocICgADbP////8wCocICgADbf////8w +CocICgADbv////8wCocICgADb/////8wCocICgADcP////8wCocICgADcf////8w +CocICgADcv////8wCocICgADc/////8wCocICgADdP////8wCocICgADdf////8w +CocICgADdv////8wCocICgADd/////8wCocICgADeP////8wCocICgADef////8w +CocICgADev////8wCocICgADe/////8wCocICgADfP////8wCocICgADff////8w +CocICgADfv////8wCocICgADf/////8wCocICgADgP////8wCocICgADgf////8w +CocICgADgv////8wCocICgADg/////8wCocICgADhP////8wCocICgADhf////8w +CocICgADhv////8wCocICgADh/////8wCocICgADiP////8wCocICgADif////8w +CocICgADiv////8wCocICgADi/////8wCocICgADjP////8wCocICgADjf////8w +CocICgADjv////8wCocICgADj/////8wCocICgADkP////8wCocICgADkf////8w +CocICgADkv////8wCocICgADk/////8wCocICgADlP////8wCocICgADlf////8w +CocICgADlv////8wCocICgADl/////8wCocICgADmP////8wCocICgADmf////8w +CocICgADmv////8wCocICgADm/////8wCocICgADnP////8wCocICgADnf////8w +CocICgADnv////8wCocICgADn/////8wCocICgADoP////8wCocICgADof////8w +CocICgADov////8wCocICgADo/////8wCocICgADpP////8wCocICgADpf////8w +CocICgADpv////8wCocICgADp/////8wCocICgADqP////8wCocICgADqf////8w +CocICgADqv////8wCocICgADq/////8wCocICgADrP////8wCocICgADrf////8w +CocICgADrv////8wCocICgADr/////8wCocICgADsP////8wCocICgADsf////8w +CocICgADsv////8wCocICgADs/////8wCocICgADtP////8wCocICgADtf////8w +CocICgADtv////8wCocICgADt/////8wCocICgADuP////8wCocICgADuf////8w +CocICgADuv////8wCocICgADu/////8wCocICgADvP////8wCocICgADvf////8w +CocICgADvv////8wCocICgADv/////8wCocICgADwP////8wCocICgADwf////8w +CocICgADwv////8wCocICgADw/////8wCocICgADxP////8wCocICgADxf////8w +CocICgADxv////8wCocICgADx/////8wCocICgADyP////8wCocICgADyf////8w +CocICgADyv////8wCocICgADy/////8wCocICgADzP////8wCocICgADzf////8w +CocICgADzv////8wCocICgADz/////8wCocICgAD0P////8wCocICgAD0f////8w +CocICgAD0v////8wCocICgAD0/////8wCocICgAD1P////8wCocICgAD1f////8w +CocICgAD1v////8wCocICgAD1/////8wCocICgAD2P////8wCocICgAD2f////8w +CocICgAD2v////8wCocICgAD2/////8wCocICgAD3P////8wCocICgAD3f////8w +CocICgAD3v////8wCocICgAD3/////8wCocICgAD4P////8wCocICgAD4f////8w +CocICgAD4v////8wCocICgAD4/////8wCocICgAD5P////8wCocICgAD5f////8w +CocICgAD5v////8wCocICgAD5/////8wCocICgAD6P////8wCocICgAD6f////8w +CocICgAD6v////8wCocICgAD6/////8wCocICgAD7P////8wCocICgAD7f////8w +CocICgAD7v////8wCocICgAD7/////8wCocICgAD8P////8wCocICgAD8f////8w +CocICgAD8v////8wCocICgAD8/////8wCocICgAD9P////8wCocICgAD9f////8w +CocICgAD9v////8wCocICgAD9/////8wCocICgAD+P////8wCocICgAD+f////8w +CocICgAD+v////8wCocICgAD+/////8wCocICgAD/P////8wCocICgAD/f////8w +CocICgAD/v////8wCocICgAD//////8wCocICgAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAFio+2NGReQcAvlfGo+jHdTQQZoTcm06e2ok3HBHKfbJc4AaX+6Sps4m +lNB7KRgHyGmm3djPZfqb4QCgfuqjpZIJAZVtUmYSX8BJaziqurxYrMID7m8tX45z +cRmK2ARLAP2U03/6OG0hFbrljnxfLF1YZ3H2NxSlrNX/RMqwK0GzLNSTJQrS/x27 +3tRD/QW3Xwc/swRSVINdHwWz/1BHg+xvipKaOyeCBerib6JKQ4t6Oalr2pxjOV1X +qLiGhMn+WyoeB2wFGNVA52114zEc0hzmPkZjtH4w06EUd0AobtM6/OGARTd+X+xc +ZrtvT4IwJFNsj0rbbVqPcWMg+vm2VPw= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FD.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FD.pem new file mode 100644 index 0000000000..6447d3c6a3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/3CE5FC818859A85016C17FD7E52AE5967FC2F6FD.pem @@ -0,0 +1,1564 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + DirName: CN = t172 + DirName: CN = t173 + DirName: CN = t174 + DirName: CN = t175 + DirName: CN = t176 + DirName: CN = t177 + DirName: CN = t178 + DirName: CN = t179 + DirName: CN = t180 + DirName: CN = t181 + DirName: CN = t182 + DirName: CN = t183 + DirName: CN = t184 + DirName: CN = t185 + DirName: CN = t186 + DirName: CN = t187 + DirName: CN = t188 + DirName: CN = t189 + DirName: CN = t190 + DirName: CN = t191 + DirName: CN = t192 + DirName: CN = t193 + DirName: CN = t194 + DirName: CN = t195 + DirName: CN = t196 + DirName: CN = t197 + DirName: CN = t198 + DirName: CN = t199 + DirName: CN = t200 + DirName: CN = t201 + DirName: CN = t202 + DirName: CN = t203 + DirName: CN = t204 + DirName: CN = t205 + DirName: CN = t206 + DirName: CN = t207 + DirName: CN = t208 + DirName: CN = t209 + DirName: CN = t210 + DirName: CN = t211 + DirName: CN = t212 + DirName: CN = t213 + DirName: CN = t214 + DirName: CN = t215 + DirName: CN = t216 + DirName: CN = t217 + DirName: CN = t218 + DirName: CN = t219 + DirName: CN = t220 + DirName: CN = t221 + DirName: CN = t222 + DirName: CN = t223 + DirName: CN = t224 + DirName: CN = t225 + DirName: CN = t226 + DirName: CN = t227 + DirName: CN = t228 + DirName: CN = t229 + DirName: CN = t230 + DirName: CN = t231 + DirName: CN = t232 + DirName: CN = t233 + DirName: CN = t234 + DirName: CN = t235 + DirName: CN = t236 + DirName: CN = t237 + DirName: CN = t238 + DirName: CN = t239 + DirName: CN = t240 + DirName: CN = t241 + DirName: CN = t242 + DirName: CN = t243 + DirName: CN = t244 + DirName: CN = t245 + DirName: CN = t246 + DirName: CN = t247 + DirName: CN = t248 + DirName: CN = t249 + DirName: CN = t250 + DirName: CN = t251 + DirName: CN = t252 + DirName: CN = t253 + DirName: CN = t254 + DirName: CN = t255 + DirName: CN = t256 + DirName: CN = t257 + DirName: CN = t258 + DirName: CN = t259 + DirName: CN = t260 + DirName: CN = t261 + DirName: CN = t262 + DirName: CN = t263 + DirName: CN = t264 + DirName: CN = t265 + DirName: CN = t266 + DirName: CN = t267 + DirName: CN = t268 + DirName: CN = t269 + DirName: CN = t270 + DirName: CN = t271 + DirName: CN = t272 + DirName: CN = t273 + DirName: CN = t274 + DirName: CN = t275 + DirName: CN = t276 + DirName: CN = t277 + DirName: CN = t278 + DirName: CN = t279 + DirName: CN = t280 + DirName: CN = t281 + DirName: CN = t282 + DirName: CN = t283 + DirName: CN = t284 + DirName: CN = t285 + DirName: CN = t286 + DirName: CN = t287 + DirName: CN = t288 + DirName: CN = t289 + DirName: CN = t290 + DirName: CN = t291 + DirName: CN = t292 + DirName: CN = t293 + DirName: CN = t294 + DirName: CN = t295 + DirName: CN = t296 + DirName: CN = t297 + DirName: CN = t298 + DirName: CN = t299 + DirName: CN = t300 + DirName: CN = t301 + DirName: CN = t302 + DirName: CN = t303 + DirName: CN = t304 + DirName: CN = t305 + DirName: CN = t306 + DirName: CN = t307 + DirName: CN = t308 + DirName: CN = t309 + DirName: CN = t310 + DirName: CN = t311 + DirName: CN = t312 + DirName: CN = t313 + DirName: CN = t314 + DirName: CN = t315 + DirName: CN = t316 + DirName: CN = t317 + DirName: CN = t318 + DirName: CN = t319 + DirName: CN = t320 + DirName: CN = t321 + DirName: CN = t322 + DirName: CN = t323 + DirName: CN = t324 + DirName: CN = t325 + DirName: CN = t326 + DirName: CN = t327 + DirName: CN = t328 + DirName: CN = t329 + DirName: CN = t330 + DirName: CN = t331 + DirName: CN = t332 + DirName: CN = t333 + DirName: CN = t334 + DirName: CN = t335 + DirName: CN = t336 + DirName: CN = t337 + DirName: CN = t338 + DirName: CN = t339 + DirName: CN = t340 + DirName: CN = t341 + DirName: CN = t342 + DirName: CN = t343 + DirName: CN = t344 + DirName: CN = t345 + DirName: CN = t346 + DirName: CN = t347 + DirName: CN = t348 + DirName: CN = t349 + DirName: CN = t350 + DirName: CN = t351 + DirName: CN = t352 + DirName: CN = t353 + DirName: CN = t354 + DirName: CN = t355 + DirName: CN = t356 + DirName: CN = t357 + DirName: CN = t358 + DirName: CN = t359 + DirName: CN = t360 + DirName: CN = t361 + DirName: CN = t362 + DirName: CN = t363 + DirName: CN = t364 + DirName: CN = t365 + DirName: CN = t366 + DirName: CN = t367 + DirName: CN = t368 + DirName: CN = t369 + DirName: CN = t370 + DirName: CN = t371 + DirName: CN = t372 + DirName: CN = t373 + DirName: CN = t374 + DirName: CN = t375 + DirName: CN = t376 + DirName: CN = t377 + DirName: CN = t378 + DirName: CN = t379 + DirName: CN = t380 + DirName: CN = t381 + DirName: CN = t382 + DirName: CN = t383 + DirName: CN = t384 + DirName: CN = t385 + DirName: CN = t386 + DirName: CN = t387 + DirName: CN = t388 + DirName: CN = t389 + DirName: CN = t390 + DirName: CN = t391 + DirName: CN = t392 + DirName: CN = t393 + DirName: CN = t394 + DirName: CN = t395 + DirName: CN = t396 + DirName: CN = t397 + DirName: CN = t398 + DirName: CN = t399 + DirName: CN = t400 + DirName: CN = t401 + DirName: CN = t402 + DirName: CN = t403 + DirName: CN = t404 + DirName: CN = t405 + DirName: CN = t406 + DirName: CN = t407 + DirName: CN = t408 + DirName: CN = t409 + DirName: CN = t410 + DirName: CN = t411 + DirName: CN = t412 + DirName: CN = t413 + DirName: CN = t414 + DirName: CN = t415 + DirName: CN = t416 + DirName: CN = t417 + DirName: CN = t418 + DirName: CN = t419 + DirName: CN = t420 + DirName: CN = t421 + DirName: CN = t422 + DirName: CN = t423 + DirName: CN = t424 + DirName: CN = t425 + DirName: CN = t426 + DirName: CN = t427 + DirName: CN = t428 + DirName: CN = t429 + DirName: CN = t430 + DirName: CN = t431 + DirName: CN = t432 + DirName: CN = t433 + DirName: CN = t434 + DirName: CN = t435 + DirName: CN = t436 + DirName: CN = t437 + DirName: CN = t438 + DirName: CN = t439 + DirName: CN = t440 + DirName: CN = t441 + DirName: CN = t442 + DirName: CN = t443 + DirName: CN = t444 + DirName: CN = t445 + DirName: CN = t446 + DirName: CN = t447 + DirName: CN = t448 + DirName: CN = t449 + DirName: CN = t450 + DirName: CN = t451 + DirName: CN = t452 + DirName: CN = t453 + DirName: CN = t454 + DirName: CN = t455 + DirName: CN = t456 + DirName: CN = t457 + DirName: CN = t458 + DirName: CN = t459 + DirName: CN = t460 + DirName: CN = t461 + DirName: CN = t462 + DirName: CN = t463 + DirName: CN = t464 + DirName: CN = t465 + DirName: CN = t466 + DirName: CN = t467 + DirName: CN = t468 + DirName: CN = t469 + DirName: CN = t470 + DirName: CN = t471 + DirName: CN = t472 + DirName: CN = t473 + DirName: CN = t474 + DirName: CN = t475 + DirName: CN = t476 + DirName: CN = t477 + DirName: CN = t478 + DirName: CN = t479 + DirName: CN = t480 + DirName: CN = t481 + DirName: CN = t482 + DirName: CN = t483 + DirName: CN = t484 + DirName: CN = t485 + DirName: CN = t486 + DirName: CN = t487 + DirName: CN = t488 + DirName: CN = t489 + DirName: CN = t490 + DirName: CN = t491 + DirName: CN = t492 + DirName: CN = t493 + DirName: CN = t494 + DirName: CN = t495 + DirName: CN = t496 + DirName: CN = t497 + DirName: CN = t498 + DirName: CN = t499 + DirName: CN = t500 + DirName: CN = t501 + DirName: CN = t502 + DirName: CN = t503 + DirName: CN = t504 + DirName: CN = t505 + DirName: CN = t506 + DirName: CN = t507 + DirName: CN = t508 + DirName: CN = t509 + DirName: CN = t510 + DirName: CN = t511 + DirName: CN = t512 + DirName: CN = t513 + DirName: CN = t514 + DirName: CN = t515 + DirName: CN = t516 + DirName: CN = t517 + DirName: CN = t518 + DirName: CN = t519 + DirName: CN = t520 + DirName: CN = t521 + DirName: CN = t522 + DirName: CN = t523 + DirName: CN = t524 + DirName: CN = t525 + DirName: CN = t526 + DirName: CN = t527 + DirName: CN = t528 + DirName: CN = t529 + DirName: CN = t530 + DirName: CN = t531 + DirName: CN = t532 + DirName: CN = t533 + DirName: CN = t534 + DirName: CN = t535 + DirName: CN = t536 + DirName: CN = t537 + DirName: CN = t538 + DirName: CN = t539 + DirName: CN = t540 + DirName: CN = t541 + DirName: CN = t542 + DirName: CN = t543 + DirName: CN = t544 + DirName: CN = t545 + DirName: CN = t546 + DirName: CN = t547 + DirName: CN = t548 + DirName: CN = t549 + DirName: CN = t550 + DirName: CN = t551 + DirName: CN = t552 + DirName: CN = t553 + DirName: CN = t554 + DirName: CN = t555 + DirName: CN = t556 + DirName: CN = t557 + DirName: CN = t558 + DirName: CN = t559 + DirName: CN = t560 + DirName: CN = t561 + DirName: CN = t562 + DirName: CN = t563 + DirName: CN = t564 + DirName: CN = t565 + DirName: CN = t566 + DirName: CN = t567 + DirName: CN = t568 + DirName: CN = t569 + DirName: CN = t570 + DirName: CN = t571 + DirName: CN = t572 + DirName: CN = t573 + DirName: CN = t574 + DirName: CN = t575 + DirName: CN = t576 + DirName: CN = t577 + DirName: CN = t578 + DirName: CN = t579 + DirName: CN = t580 + DirName: CN = t581 + DirName: CN = t582 + DirName: CN = t583 + DirName: CN = t584 + DirName: CN = t585 + DirName: CN = t586 + DirName: CN = t587 + DirName: CN = t588 + DirName: CN = t589 + DirName: CN = t590 + DirName: CN = t591 + DirName: CN = t592 + DirName: CN = t593 + DirName: CN = t594 + DirName: CN = t595 + DirName: CN = t596 + DirName: CN = t597 + DirName: CN = t598 + DirName: CN = t599 + DirName: CN = t600 + DirName: CN = t601 + DirName: CN = t602 + DirName: CN = t603 + DirName: CN = t604 + DirName: CN = t605 + DirName: CN = t606 + DirName: CN = t607 + DirName: CN = t608 + DirName: CN = t609 + DirName: CN = t610 + DirName: CN = t611 + DirName: CN = t612 + DirName: CN = t613 + DirName: CN = t614 + DirName: CN = t615 + DirName: CN = t616 + DirName: CN = t617 + DirName: CN = t618 + DirName: CN = t619 + DirName: CN = t620 + DirName: CN = t621 + DirName: CN = t622 + DirName: CN = t623 + DirName: CN = t624 + DirName: CN = t625 + DirName: CN = t626 + DirName: CN = t627 + DirName: CN = t628 + DirName: CN = t629 + DirName: CN = t630 + DirName: CN = t631 + DirName: CN = t632 + DirName: CN = t633 + DirName: CN = t634 + DirName: CN = t635 + DirName: CN = t636 + DirName: CN = t637 + DirName: CN = t638 + DirName: CN = t639 + DirName: CN = t640 + DirName: CN = t641 + DirName: CN = t642 + DirName: CN = t643 + DirName: CN = t644 + DirName: CN = t645 + DirName: CN = t646 + DirName: CN = t647 + DirName: CN = t648 + DirName: CN = t649 + DirName: CN = t650 + DirName: CN = t651 + DirName: CN = t652 + DirName: CN = t653 + DirName: CN = t654 + DirName: CN = t655 + DirName: CN = t656 + DirName: CN = t657 + DirName: CN = t658 + DirName: CN = t659 + DirName: CN = t660 + DirName: CN = t661 + DirName: CN = t662 + DirName: CN = t663 + DirName: CN = t664 + DirName: CN = t665 + DirName: CN = t666 + DirName: CN = t667 + DirName: CN = t668 + DirName: CN = t669 + DirName: CN = t670 + DirName: CN = t671 + DirName: CN = t672 + DirName: CN = t673 + DirName: CN = t674 + DirName: CN = t675 + DirName: CN = t676 + DirName: CN = t677 + DirName: CN = t678 + DirName: CN = t679 + DirName: CN = t680 + DirName: CN = t681 + DirName: CN = t682 + DirName: CN = t683 + DirName: CN = t684 + DirName: CN = t685 + DirName: CN = t686 + DirName: CN = t687 + DirName: CN = t688 + DirName: CN = t689 + DirName: CN = t690 + DirName: CN = t691 + DirName: CN = t692 + DirName: CN = t693 + DirName: CN = t694 + DirName: CN = t695 + DirName: CN = t696 + DirName: CN = t697 + DirName: CN = t698 + DirName: CN = t699 + DirName: CN = t700 + DirName: CN = t701 + DirName: CN = t702 + DirName: CN = t703 + DirName: CN = t704 + DirName: CN = t705 + DirName: CN = t706 + DirName: CN = t707 + DirName: CN = t708 + DirName: CN = t709 + DirName: CN = t710 + DirName: CN = t711 + DirName: CN = t712 + DirName: CN = t713 + DirName: CN = t714 + DirName: CN = t715 + DirName: CN = t716 + DirName: CN = t717 + DirName: CN = t718 + DirName: CN = t719 + DirName: CN = t720 + DirName: CN = t721 + DirName: CN = t722 + DirName: CN = t723 + DirName: CN = t724 + DirName: CN = t725 + DirName: CN = t726 + DirName: CN = t727 + DirName: CN = t728 + DirName: CN = t729 + DirName: CN = t730 + DirName: CN = t731 + DirName: CN = t732 + DirName: CN = t733 + DirName: CN = t734 + DirName: CN = t735 + DirName: CN = t736 + DirName: CN = t737 + DirName: CN = t738 + DirName: CN = t739 + DirName: CN = t740 + DirName: CN = t741 + DirName: CN = t742 + DirName: CN = t743 + DirName: CN = t744 + DirName: CN = t745 + DirName: CN = t746 + DirName: CN = t747 + DirName: CN = t748 + DirName: CN = t749 + DirName: CN = t750 + DirName: CN = t751 + DirName: CN = t752 + DirName: CN = t753 + DirName: CN = t754 + DirName: CN = t755 + DirName: CN = t756 + DirName: CN = t757 + DirName: CN = t758 + DirName: CN = t759 + DirName: CN = t760 + DirName: CN = t761 + DirName: CN = t762 + DirName: CN = t763 + DirName: CN = t764 + DirName: CN = t765 + DirName: CN = t766 + DirName: CN = t767 + DirName: CN = t768 + DirName: CN = t769 + DirName: CN = t770 + DirName: CN = t771 + DirName: CN = t772 + DirName: CN = t773 + DirName: CN = t774 + DirName: CN = t775 + DirName: CN = t776 + DirName: CN = t777 + DirName: CN = t778 + DirName: CN = t779 + DirName: CN = t780 + DirName: CN = t781 + DirName: CN = t782 + DirName: CN = t783 + DirName: CN = t784 + DirName: CN = t785 + DirName: CN = t786 + DirName: CN = t787 + DirName: CN = t788 + DirName: CN = t789 + DirName: CN = t790 + DirName: CN = t791 + DirName: CN = t792 + DirName: CN = t793 + DirName: CN = t794 + DirName: CN = t795 + DirName: CN = t796 + DirName: CN = t797 + DirName: CN = t798 + DirName: CN = t799 + DirName: CN = t800 + DirName: CN = t801 + DirName: CN = t802 + DirName: CN = t803 + DirName: CN = t804 + DirName: CN = t805 + DirName: CN = t806 + DirName: CN = t807 + DirName: CN = t808 + DirName: CN = t809 + DirName: CN = t810 + DirName: CN = t811 + DirName: CN = t812 + DirName: CN = t813 + DirName: CN = t814 + DirName: CN = t815 + DirName: CN = t816 + DirName: CN = t817 + DirName: CN = t818 + DirName: CN = t819 + DirName: CN = t820 + DirName: CN = t821 + DirName: CN = t822 + DirName: CN = t823 + DirName: CN = t824 + DirName: CN = t825 + DirName: CN = t826 + DirName: CN = t827 + DirName: CN = t828 + DirName: CN = t829 + DirName: CN = t830 + DirName: CN = t831 + DirName: CN = t832 + DirName: CN = t833 + DirName: CN = t834 + DirName: CN = t835 + DirName: CN = t836 + DirName: CN = t837 + DirName: CN = t838 + DirName: CN = t839 + DirName: CN = t840 + DirName: CN = t841 + DirName: CN = t842 + DirName: CN = t843 + DirName: CN = t844 + DirName: CN = t845 + DirName: CN = t846 + DirName: CN = t847 + DirName: CN = t848 + DirName: CN = t849 + DirName: CN = t850 + DirName: CN = t851 + DirName: CN = t852 + DirName: CN = t853 + DirName: CN = t854 + DirName: CN = t855 + DirName: CN = t856 + DirName: CN = t857 + DirName: CN = t858 + DirName: CN = t859 + DirName: CN = t860 + DirName: CN = t861 + DirName: CN = t862 + DirName: CN = t863 + DirName: CN = t864 + DirName: CN = t865 + DirName: CN = t866 + DirName: CN = t867 + DirName: CN = t868 + DirName: CN = t869 + DirName: CN = t870 + DirName: CN = t871 + DirName: CN = t872 + DirName: CN = t873 + DirName: CN = t874 + DirName: CN = t875 + DirName: CN = t876 + DirName: CN = t877 + DirName: CN = t878 + DirName: CN = t879 + DirName: CN = t880 + DirName: CN = t881 + DirName: CN = t882 + DirName: CN = t883 + DirName: CN = t884 + DirName: CN = t885 + DirName: CN = t886 + DirName: CN = t887 + DirName: CN = t888 + DirName: CN = t889 + DirName: CN = t890 + DirName: CN = t891 + DirName: CN = t892 + DirName: CN = t893 + DirName: CN = t894 + DirName: CN = t895 + DirName: CN = t896 + DirName: CN = t897 + DirName: CN = t898 + DirName: CN = t899 + DirName: CN = t900 + DirName: CN = t901 + DirName: CN = t902 + DirName: CN = t903 + DirName: CN = t904 + DirName: CN = t905 + DirName: CN = t906 + DirName: CN = t907 + DirName: CN = t908 + DirName: CN = t909 + DirName: CN = t910 + DirName: CN = t911 + DirName: CN = t912 + DirName: CN = t913 + DirName: CN = t914 + DirName: CN = t915 + DirName: CN = t916 + DirName: CN = t917 + DirName: CN = t918 + DirName: CN = t919 + DirName: CN = t920 + DirName: CN = t921 + DirName: CN = t922 + DirName: CN = t923 + DirName: CN = t924 + DirName: CN = t925 + DirName: CN = t926 + DirName: CN = t927 + DirName: CN = t928 + DirName: CN = t929 + DirName: CN = t930 + DirName: CN = t931 + DirName: CN = t932 + DirName: CN = t933 + DirName: CN = t934 + DirName: CN = t935 + DirName: CN = t936 + DirName: CN = t937 + DirName: CN = t938 + DirName: CN = t939 + DirName: CN = t940 + DirName: CN = t941 + DirName: CN = t942 + DirName: CN = t943 + DirName: CN = t944 + DirName: CN = t945 + DirName: CN = t946 + DirName: CN = t947 + DirName: CN = t948 + DirName: CN = t949 + DirName: CN = t950 + DirName: CN = t951 + DirName: CN = t952 + DirName: CN = t953 + DirName: CN = t954 + DirName: CN = t955 + DirName: CN = t956 + DirName: CN = t957 + DirName: CN = t958 + DirName: CN = t959 + DirName: CN = t960 + DirName: CN = t961 + DirName: CN = t962 + DirName: CN = t963 + DirName: CN = t964 + DirName: CN = t965 + DirName: CN = t966 + DirName: CN = t967 + DirName: CN = t968 + DirName: CN = t969 + DirName: CN = t970 + DirName: CN = t971 + DirName: CN = t972 + DirName: CN = t973 + DirName: CN = t974 + DirName: CN = t975 + DirName: CN = t976 + DirName: CN = t977 + DirName: CN = t978 + DirName: CN = t979 + DirName: CN = t980 + DirName: CN = t981 + DirName: CN = t982 + DirName: CN = t983 + DirName: CN = t984 + DirName: CN = t985 + DirName: CN = t986 + DirName: CN = t987 + DirName: CN = t988 + DirName: CN = t989 + DirName: CN = t990 + DirName: CN = t991 + DirName: CN = t992 + DirName: CN = t993 + DirName: CN = t994 + DirName: CN = t995 + DirName: CN = t996 + DirName: CN = t997 + DirName: CN = t998 + DirName: CN = t999 + DirName: CN = t1000 + DirName: CN = t1001 + DirName: CN = t1002 + DirName: CN = t1003 + DirName: CN = t1004 + DirName: CN = t1005 + DirName: CN = t1006 + DirName: CN = t1007 + DirName: CN = t1008 + DirName: CN = t1009 + DirName: CN = t1010 + DirName: CN = t1011 + DirName: CN = t1012 + DirName: CN = t1013 + DirName: CN = t1014 + DirName: CN = t1015 + DirName: CN = t1016 + DirName: CN = t1017 + DirName: CN = t1018 + DirName: CN = t1019 + DirName: CN = t1020 + DirName: CN = t1021 + DirName: CN = t1022 + DirName: CN = t1023 + DirName: CN = t1024 + + Signature Algorithm: sha256WithRSAEncryption + 12:ce:60:d6:3b:b5:7e:7a:8e:9e:d0:f5:fd:a8:8a:33:24:95: + 6d:79:56:24:23:12:10:8f:12:7c:e0:13:99:ba:6d:b9:b2:51: + b4:cc:50:2c:06:28:b8:d1:18:1a:16:e6:03:b4:7f:cd:b7:f6: + 06:7b:c2:77:97:52:76:8f:81:d1:f6:2c:08:e2:70:27:76:3f: + 90:a7:52:f3:15:f0:1f:40:97:99:fb:fa:9a:c1:eb:10:fa:a0: + 74:df:f1:df:8a:d2:4b:67:11:2f:5c:a9:52:78:69:e8:4b:21: + be:f2:a9:65:62:cc:0e:d9:59:8e:7a:ca:5f:01:41:d9:d2:e9: + 89:5f:bc:3c:8c:bb:4f:90:80:06:05:37:be:0c:1f:a8:56:82: + e7:92:2d:c5:89:56:d8:d4:86:9d:8a:bc:5e:43:d3:07:65:da: + d4:08:75:27:e5:49:0e:e9:f8:54:2b:7a:53:99:37:29:9b:ea: + 14:de:80:68:a9:79:26:5e:64:ff:21:6c:da:83:ef:8f:a4:df: + 3a:20:6e:5c:d3:68:48:82:ab:b9:ac:4a:28:b6:2f:35:14:98: + 54:16:a8:fa:ee:30:c3:ba:c5:2d:33:bc:32:ae:96:c6:8a:17: + 49:32:78:d4:61:29:66:7f:75:ae:16:2e:81:b2:b9:fa:56:b1: + d5:c6:9e:77 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9v0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKCCU8AwEaQPMA0xCzAJBgNVBAMMAnQwMBGkDzAN +MQswCQYDVQQDDAJ0MTARpA8wDTELMAkGA1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMM +AnQzMBGkDzANMQswCQYDVQQDDAJ0NDARpA8wDTELMAkGA1UEAwwCdDUwEaQPMA0x +CzAJBgNVBAMMAnQ2MBGkDzANMQswCQYDVQQDDAJ0NzARpA8wDTELMAkGA1UEAwwC +dDgwEaQPMA0xCzAJBgNVBAMMAnQ5MBKkEDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4x +DDAKBgNVBAMMA3QxMTASpBAwDjEMMAoGA1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQD +DAN0MTMwEqQQMA4xDDAKBgNVBAMMA3QxNDASpBAwDjEMMAoGA1UEAwwDdDE1MBKk +EDAOMQwwCgYDVQQDDAN0MTYwEqQQMA4xDDAKBgNVBAMMA3QxNzASpBAwDjEMMAoG +A1UEAwwDdDE4MBKkEDAOMQwwCgYDVQQDDAN0MTkwEqQQMA4xDDAKBgNVBAMMA3Qy +MDASpBAwDjEMMAoGA1UEAwwDdDIxMBKkEDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4x +DDAKBgNVBAMMA3QyMzASpBAwDjEMMAoGA1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQD +DAN0MjUwEqQQMA4xDDAKBgNVBAMMA3QyNjASpBAwDjEMMAoGA1UEAwwDdDI3MBKk +EDAOMQwwCgYDVQQDDAN0MjgwEqQQMA4xDDAKBgNVBAMMA3QyOTASpBAwDjEMMAoG +A1UEAwwDdDMwMBKkEDAOMQwwCgYDVQQDDAN0MzEwEqQQMA4xDDAKBgNVBAMMA3Qz +MjASpBAwDjEMMAoGA1UEAwwDdDMzMBKkEDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4x +DDAKBgNVBAMMA3QzNTASpBAwDjEMMAoGA1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQD +DAN0MzcwEqQQMA4xDDAKBgNVBAMMA3QzODASpBAwDjEMMAoGA1UEAwwDdDM5MBKk +EDAOMQwwCgYDVQQDDAN0NDAwEqQQMA4xDDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoG +A1UEAwwDdDQyMBKkEDAOMQwwCgYDVQQDDAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0 +NDASpBAwDjEMMAoGA1UEAwwDdDQ1MBKkEDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4x +DDAKBgNVBAMMA3Q0NzASpBAwDjEMMAoGA1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQD +DAN0NDkwEqQQMA4xDDAKBgNVBAMMA3Q1MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKk +EDAOMQwwCgYDVQQDDAN0NTIwEqQQMA4xDDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoG +A1UEAwwDdDU0MBKkEDAOMQwwCgYDVQQDDAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1 +NjASpBAwDjEMMAoGA1UEAwwDdDU3MBKkEDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4x +DDAKBgNVBAMMA3Q1OTASpBAwDjEMMAoGA1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQD +DAN0NjEwEqQQMA4xDDAKBgNVBAMMA3Q2MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKk +EDAOMQwwCgYDVQQDDAN0NjQwEqQQMA4xDDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoG +A1UEAwwDdDY2MBKkEDAOMQwwCgYDVQQDDAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2 +ODASpBAwDjEMMAoGA1UEAwwDdDY5MBKkEDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4x +DDAKBgNVBAMMA3Q3MTASpBAwDjEMMAoGA1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQD +DAN0NzMwEqQQMA4xDDAKBgNVBAMMA3Q3NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKk +EDAOMQwwCgYDVQQDDAN0NzYwEqQQMA4xDDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoG +A1UEAwwDdDc4MBKkEDAOMQwwCgYDVQQDDAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4 +MDASpBAwDjEMMAoGA1UEAwwDdDgxMBKkEDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4x +DDAKBgNVBAMMA3Q4MzASpBAwDjEMMAoGA1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQD +DAN0ODUwEqQQMA4xDDAKBgNVBAMMA3Q4NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKk +EDAOMQwwCgYDVQQDDAN0ODgwEqQQMA4xDDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoG +A1UEAwwDdDkwMBKkEDAOMQwwCgYDVQQDDAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5 +MjASpBAwDjEMMAoGA1UEAwwDdDkzMBKkEDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4x +DDAKBgNVBAMMA3Q5NTASpBAwDjEMMAoGA1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQD +DAN0OTcwEqQQMA4xDDAKBgNVBAMMA3Q5ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOk +ETAPMQ0wCwYDVQQDDAR0MTAwMBOkETAPMQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0w +CwYDVQQDDAR0MTAyMBOkETAPMQ0wCwYDVQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQD +DAR0MTA0MBOkETAPMQ0wCwYDVQQDDAR0MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2 +MBOkETAPMQ0wCwYDVQQDDAR0MTA3MBOkETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAP +MQ0wCwYDVQQDDAR0MTA5MBOkETAPMQ0wCwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYD +VQQDDAR0MTExMBOkETAPMQ0wCwYDVQQDDAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0 +MTEzMBOkETAPMQ0wCwYDVQQDDAR0MTE0MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOk +ETAPMQ0wCwYDVQQDDAR0MTE2MBOkETAPMQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0w +CwYDVQQDDAR0MTE4MBOkETAPMQ0wCwYDVQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQD +DAR0MTIwMBOkETAPMQ0wCwYDVQQDDAR0MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIy +MBOkETAPMQ0wCwYDVQQDDAR0MTIzMBOkETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAP +MQ0wCwYDVQQDDAR0MTI1MBOkETAPMQ0wCwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYD +VQQDDAR0MTI3MBOkETAPMQ0wCwYDVQQDDAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0 +MTI5MBOkETAPMQ0wCwYDVQQDDAR0MTMwMBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOk +ETAPMQ0wCwYDVQQDDAR0MTMyMBOkETAPMQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0w +CwYDVQQDDAR0MTM0MBOkETAPMQ0wCwYDVQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQD +DAR0MTM2MBOkETAPMQ0wCwYDVQQDDAR0MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4 +MBOkETAPMQ0wCwYDVQQDDAR0MTM5MBOkETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAP +MQ0wCwYDVQQDDAR0MTQxMBOkETAPMQ0wCwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYD +VQQDDAR0MTQzMBOkETAPMQ0wCwYDVQQDDAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR0MTQ2MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0MTQ4MBOkETAPMQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0w +CwYDVQQDDAR0MTUwMBOkETAPMQ0wCwYDVQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQD +DAR0MTUyMBOkETAPMQ0wCwYDVQQDDAR0MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0 +MBOkETAPMQ0wCwYDVQQDDAR0MTU1MBOkETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAP +MQ0wCwYDVQQDDAR0MTU3MBOkETAPMQ0wCwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYD +VQQDDAR0MTU5MBOkETAPMQ0wCwYDVQQDDAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0 +MTYxMBOkETAPMQ0wCwYDVQQDDAR0MTYyMBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOk +ETAPMQ0wCwYDVQQDDAR0MTY0MBOkETAPMQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0w +CwYDVQQDDAR0MTY2MBOkETAPMQ0wCwYDVQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQD +DAR0MTY4MBOkETAPMQ0wCwYDVQQDDAR0MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcw +MBOkETAPMQ0wCwYDVQQDDAR0MTcxMBOkETAPMQ0wCwYDVQQDDAR0MTcyMBOkETAP +MQ0wCwYDVQQDDAR0MTczMBOkETAPMQ0wCwYDVQQDDAR0MTc0MBOkETAPMQ0wCwYD +VQQDDAR0MTc1MBOkETAPMQ0wCwYDVQQDDAR0MTc2MBOkETAPMQ0wCwYDVQQDDAR0 +MTc3MBOkETAPMQ0wCwYDVQQDDAR0MTc4MBOkETAPMQ0wCwYDVQQDDAR0MTc5MBOk +ETAPMQ0wCwYDVQQDDAR0MTgwMBOkETAPMQ0wCwYDVQQDDAR0MTgxMBOkETAPMQ0w +CwYDVQQDDAR0MTgyMBOkETAPMQ0wCwYDVQQDDAR0MTgzMBOkETAPMQ0wCwYDVQQD +DAR0MTg0MBOkETAPMQ0wCwYDVQQDDAR0MTg1MBOkETAPMQ0wCwYDVQQDDAR0MTg2 +MBOkETAPMQ0wCwYDVQQDDAR0MTg3MBOkETAPMQ0wCwYDVQQDDAR0MTg4MBOkETAP +MQ0wCwYDVQQDDAR0MTg5MBOkETAPMQ0wCwYDVQQDDAR0MTkwMBOkETAPMQ0wCwYD +VQQDDAR0MTkxMBOkETAPMQ0wCwYDVQQDDAR0MTkyMBOkETAPMQ0wCwYDVQQDDAR0 +MTkzMBOkETAPMQ0wCwYDVQQDDAR0MTk0MBOkETAPMQ0wCwYDVQQDDAR0MTk1MBOk +ETAPMQ0wCwYDVQQDDAR0MTk2MBOkETAPMQ0wCwYDVQQDDAR0MTk3MBOkETAPMQ0w +CwYDVQQDDAR0MTk4MBOkETAPMQ0wCwYDVQQDDAR0MTk5MBOkETAPMQ0wCwYDVQQD +DAR0MjAwMBOkETAPMQ0wCwYDVQQDDAR0MjAxMBOkETAPMQ0wCwYDVQQDDAR0MjAy +MBOkETAPMQ0wCwYDVQQDDAR0MjAzMBOkETAPMQ0wCwYDVQQDDAR0MjA0MBOkETAP +MQ0wCwYDVQQDDAR0MjA1MBOkETAPMQ0wCwYDVQQDDAR0MjA2MBOkETAPMQ0wCwYD +VQQDDAR0MjA3MBOkETAPMQ0wCwYDVQQDDAR0MjA4MBOkETAPMQ0wCwYDVQQDDAR0 +MjA5MBOkETAPMQ0wCwYDVQQDDAR0MjEwMBOkETAPMQ0wCwYDVQQDDAR0MjExMBOk +ETAPMQ0wCwYDVQQDDAR0MjEyMBOkETAPMQ0wCwYDVQQDDAR0MjEzMBOkETAPMQ0w +CwYDVQQDDAR0MjE0MBOkETAPMQ0wCwYDVQQDDAR0MjE1MBOkETAPMQ0wCwYDVQQD +DAR0MjE2MBOkETAPMQ0wCwYDVQQDDAR0MjE3MBOkETAPMQ0wCwYDVQQDDAR0MjE4 +MBOkETAPMQ0wCwYDVQQDDAR0MjE5MBOkETAPMQ0wCwYDVQQDDAR0MjIwMBOkETAP +MQ0wCwYDVQQDDAR0MjIxMBOkETAPMQ0wCwYDVQQDDAR0MjIyMBOkETAPMQ0wCwYD +VQQDDAR0MjIzMBOkETAPMQ0wCwYDVQQDDAR0MjI0MBOkETAPMQ0wCwYDVQQDDAR0 +MjI1MBOkETAPMQ0wCwYDVQQDDAR0MjI2MBOkETAPMQ0wCwYDVQQDDAR0MjI3MBOk +ETAPMQ0wCwYDVQQDDAR0MjI4MBOkETAPMQ0wCwYDVQQDDAR0MjI5MBOkETAPMQ0w +CwYDVQQDDAR0MjMwMBOkETAPMQ0wCwYDVQQDDAR0MjMxMBOkETAPMQ0wCwYDVQQD +DAR0MjMyMBOkETAPMQ0wCwYDVQQDDAR0MjMzMBOkETAPMQ0wCwYDVQQDDAR0MjM0 +MBOkETAPMQ0wCwYDVQQDDAR0MjM1MBOkETAPMQ0wCwYDVQQDDAR0MjM2MBOkETAP +MQ0wCwYDVQQDDAR0MjM3MBOkETAPMQ0wCwYDVQQDDAR0MjM4MBOkETAPMQ0wCwYD +VQQDDAR0MjM5MBOkETAPMQ0wCwYDVQQDDAR0MjQwMBOkETAPMQ0wCwYDVQQDDAR0 +MjQxMBOkETAPMQ0wCwYDVQQDDAR0MjQyMBOkETAPMQ0wCwYDVQQDDAR0MjQzMBOk +ETAPMQ0wCwYDVQQDDAR0MjQ0MBOkETAPMQ0wCwYDVQQDDAR0MjQ1MBOkETAPMQ0w +CwYDVQQDDAR0MjQ2MBOkETAPMQ0wCwYDVQQDDAR0MjQ3MBOkETAPMQ0wCwYDVQQD +DAR0MjQ4MBOkETAPMQ0wCwYDVQQDDAR0MjQ5MBOkETAPMQ0wCwYDVQQDDAR0MjUw +MBOkETAPMQ0wCwYDVQQDDAR0MjUxMBOkETAPMQ0wCwYDVQQDDAR0MjUyMBOkETAP +MQ0wCwYDVQQDDAR0MjUzMBOkETAPMQ0wCwYDVQQDDAR0MjU0MBOkETAPMQ0wCwYD +VQQDDAR0MjU1MBOkETAPMQ0wCwYDVQQDDAR0MjU2MBOkETAPMQ0wCwYDVQQDDAR0 +MjU3MBOkETAPMQ0wCwYDVQQDDAR0MjU4MBOkETAPMQ0wCwYDVQQDDAR0MjU5MBOk +ETAPMQ0wCwYDVQQDDAR0MjYwMBOkETAPMQ0wCwYDVQQDDAR0MjYxMBOkETAPMQ0w +CwYDVQQDDAR0MjYyMBOkETAPMQ0wCwYDVQQDDAR0MjYzMBOkETAPMQ0wCwYDVQQD +DAR0MjY0MBOkETAPMQ0wCwYDVQQDDAR0MjY1MBOkETAPMQ0wCwYDVQQDDAR0MjY2 +MBOkETAPMQ0wCwYDVQQDDAR0MjY3MBOkETAPMQ0wCwYDVQQDDAR0MjY4MBOkETAP +MQ0wCwYDVQQDDAR0MjY5MBOkETAPMQ0wCwYDVQQDDAR0MjcwMBOkETAPMQ0wCwYD +VQQDDAR0MjcxMBOkETAPMQ0wCwYDVQQDDAR0MjcyMBOkETAPMQ0wCwYDVQQDDAR0 +MjczMBOkETAPMQ0wCwYDVQQDDAR0Mjc0MBOkETAPMQ0wCwYDVQQDDAR0Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR0Mjc2MBOkETAPMQ0wCwYDVQQDDAR0Mjc3MBOkETAPMQ0w +CwYDVQQDDAR0Mjc4MBOkETAPMQ0wCwYDVQQDDAR0Mjc5MBOkETAPMQ0wCwYDVQQD +DAR0MjgwMBOkETAPMQ0wCwYDVQQDDAR0MjgxMBOkETAPMQ0wCwYDVQQDDAR0Mjgy +MBOkETAPMQ0wCwYDVQQDDAR0MjgzMBOkETAPMQ0wCwYDVQQDDAR0Mjg0MBOkETAP +MQ0wCwYDVQQDDAR0Mjg1MBOkETAPMQ0wCwYDVQQDDAR0Mjg2MBOkETAPMQ0wCwYD +VQQDDAR0Mjg3MBOkETAPMQ0wCwYDVQQDDAR0Mjg4MBOkETAPMQ0wCwYDVQQDDAR0 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR0MjkwMBOkETAPMQ0wCwYDVQQDDAR0MjkxMBOk +ETAPMQ0wCwYDVQQDDAR0MjkyMBOkETAPMQ0wCwYDVQQDDAR0MjkzMBOkETAPMQ0w +CwYDVQQDDAR0Mjk0MBOkETAPMQ0wCwYDVQQDDAR0Mjk1MBOkETAPMQ0wCwYDVQQD +DAR0Mjk2MBOkETAPMQ0wCwYDVQQDDAR0Mjk3MBOkETAPMQ0wCwYDVQQDDAR0Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR0Mjk5MBOkETAPMQ0wCwYDVQQDDAR0MzAwMBOkETAP +MQ0wCwYDVQQDDAR0MzAxMBOkETAPMQ0wCwYDVQQDDAR0MzAyMBOkETAPMQ0wCwYD +VQQDDAR0MzAzMBOkETAPMQ0wCwYDVQQDDAR0MzA0MBOkETAPMQ0wCwYDVQQDDAR0 +MzA1MBOkETAPMQ0wCwYDVQQDDAR0MzA2MBOkETAPMQ0wCwYDVQQDDAR0MzA3MBOk +ETAPMQ0wCwYDVQQDDAR0MzA4MBOkETAPMQ0wCwYDVQQDDAR0MzA5MBOkETAPMQ0w +CwYDVQQDDAR0MzEwMBOkETAPMQ0wCwYDVQQDDAR0MzExMBOkETAPMQ0wCwYDVQQD +DAR0MzEyMBOkETAPMQ0wCwYDVQQDDAR0MzEzMBOkETAPMQ0wCwYDVQQDDAR0MzE0 +MBOkETAPMQ0wCwYDVQQDDAR0MzE1MBOkETAPMQ0wCwYDVQQDDAR0MzE2MBOkETAP +MQ0wCwYDVQQDDAR0MzE3MBOkETAPMQ0wCwYDVQQDDAR0MzE4MBOkETAPMQ0wCwYD +VQQDDAR0MzE5MBOkETAPMQ0wCwYDVQQDDAR0MzIwMBOkETAPMQ0wCwYDVQQDDAR0 +MzIxMBOkETAPMQ0wCwYDVQQDDAR0MzIyMBOkETAPMQ0wCwYDVQQDDAR0MzIzMBOk +ETAPMQ0wCwYDVQQDDAR0MzI0MBOkETAPMQ0wCwYDVQQDDAR0MzI1MBOkETAPMQ0w +CwYDVQQDDAR0MzI2MBOkETAPMQ0wCwYDVQQDDAR0MzI3MBOkETAPMQ0wCwYDVQQD +DAR0MzI4MBOkETAPMQ0wCwYDVQQDDAR0MzI5MBOkETAPMQ0wCwYDVQQDDAR0MzMw +MBOkETAPMQ0wCwYDVQQDDAR0MzMxMBOkETAPMQ0wCwYDVQQDDAR0MzMyMBOkETAP +MQ0wCwYDVQQDDAR0MzMzMBOkETAPMQ0wCwYDVQQDDAR0MzM0MBOkETAPMQ0wCwYD +VQQDDAR0MzM1MBOkETAPMQ0wCwYDVQQDDAR0MzM2MBOkETAPMQ0wCwYDVQQDDAR0 +MzM3MBOkETAPMQ0wCwYDVQQDDAR0MzM4MBOkETAPMQ0wCwYDVQQDDAR0MzM5MBOk +ETAPMQ0wCwYDVQQDDAR0MzQwMBOkETAPMQ0wCwYDVQQDDAR0MzQxMBOkETAPMQ0w +CwYDVQQDDAR0MzQyMBOkETAPMQ0wCwYDVQQDDAR0MzQzMBOkETAPMQ0wCwYDVQQD +DAR0MzQ0MBOkETAPMQ0wCwYDVQQDDAR0MzQ1MBOkETAPMQ0wCwYDVQQDDAR0MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0MzQ3MBOkETAPMQ0wCwYDVQQDDAR0MzQ4MBOkETAP +MQ0wCwYDVQQDDAR0MzQ5MBOkETAPMQ0wCwYDVQQDDAR0MzUwMBOkETAPMQ0wCwYD +VQQDDAR0MzUxMBOkETAPMQ0wCwYDVQQDDAR0MzUyMBOkETAPMQ0wCwYDVQQDDAR0 +MzUzMBOkETAPMQ0wCwYDVQQDDAR0MzU0MBOkETAPMQ0wCwYDVQQDDAR0MzU1MBOk +ETAPMQ0wCwYDVQQDDAR0MzU2MBOkETAPMQ0wCwYDVQQDDAR0MzU3MBOkETAPMQ0w +CwYDVQQDDAR0MzU4MBOkETAPMQ0wCwYDVQQDDAR0MzU5MBOkETAPMQ0wCwYDVQQD +DAR0MzYwMBOkETAPMQ0wCwYDVQQDDAR0MzYxMBOkETAPMQ0wCwYDVQQDDAR0MzYy +MBOkETAPMQ0wCwYDVQQDDAR0MzYzMBOkETAPMQ0wCwYDVQQDDAR0MzY0MBOkETAP +MQ0wCwYDVQQDDAR0MzY1MBOkETAPMQ0wCwYDVQQDDAR0MzY2MBOkETAPMQ0wCwYD +VQQDDAR0MzY3MBOkETAPMQ0wCwYDVQQDDAR0MzY4MBOkETAPMQ0wCwYDVQQDDAR0 +MzY5MBOkETAPMQ0wCwYDVQQDDAR0MzcwMBOkETAPMQ0wCwYDVQQDDAR0MzcxMBOk +ETAPMQ0wCwYDVQQDDAR0MzcyMBOkETAPMQ0wCwYDVQQDDAR0MzczMBOkETAPMQ0w +CwYDVQQDDAR0Mzc0MBOkETAPMQ0wCwYDVQQDDAR0Mzc1MBOkETAPMQ0wCwYDVQQD +DAR0Mzc2MBOkETAPMQ0wCwYDVQQDDAR0Mzc3MBOkETAPMQ0wCwYDVQQDDAR0Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Mzc5MBOkETAPMQ0wCwYDVQQDDAR0MzgwMBOkETAP +MQ0wCwYDVQQDDAR0MzgxMBOkETAPMQ0wCwYDVQQDDAR0MzgyMBOkETAPMQ0wCwYD +VQQDDAR0MzgzMBOkETAPMQ0wCwYDVQQDDAR0Mzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR0Mzg2MBOkETAPMQ0wCwYDVQQDDAR0Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Mzg4MBOkETAPMQ0wCwYDVQQDDAR0Mzg5MBOkETAPMQ0w +CwYDVQQDDAR0MzkwMBOkETAPMQ0wCwYDVQQDDAR0MzkxMBOkETAPMQ0wCwYDVQQD +DAR0MzkyMBOkETAPMQ0wCwYDVQQDDAR0MzkzMBOkETAPMQ0wCwYDVQQDDAR0Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Mzk1MBOkETAPMQ0wCwYDVQQDDAR0Mzk2MBOkETAP +MQ0wCwYDVQQDDAR0Mzk3MBOkETAPMQ0wCwYDVQQDDAR0Mzk4MBOkETAPMQ0wCwYD +VQQDDAR0Mzk5MBOkETAPMQ0wCwYDVQQDDAR0NDAwMBOkETAPMQ0wCwYDVQQDDAR0 +NDAxMBOkETAPMQ0wCwYDVQQDDAR0NDAyMBOkETAPMQ0wCwYDVQQDDAR0NDAzMBOk +ETAPMQ0wCwYDVQQDDAR0NDA0MBOkETAPMQ0wCwYDVQQDDAR0NDA1MBOkETAPMQ0w +CwYDVQQDDAR0NDA2MBOkETAPMQ0wCwYDVQQDDAR0NDA3MBOkETAPMQ0wCwYDVQQD +DAR0NDA4MBOkETAPMQ0wCwYDVQQDDAR0NDA5MBOkETAPMQ0wCwYDVQQDDAR0NDEw +MBOkETAPMQ0wCwYDVQQDDAR0NDExMBOkETAPMQ0wCwYDVQQDDAR0NDEyMBOkETAP +MQ0wCwYDVQQDDAR0NDEzMBOkETAPMQ0wCwYDVQQDDAR0NDE0MBOkETAPMQ0wCwYD +VQQDDAR0NDE1MBOkETAPMQ0wCwYDVQQDDAR0NDE2MBOkETAPMQ0wCwYDVQQDDAR0 +NDE3MBOkETAPMQ0wCwYDVQQDDAR0NDE4MBOkETAPMQ0wCwYDVQQDDAR0NDE5MBOk +ETAPMQ0wCwYDVQQDDAR0NDIwMBOkETAPMQ0wCwYDVQQDDAR0NDIxMBOkETAPMQ0w +CwYDVQQDDAR0NDIyMBOkETAPMQ0wCwYDVQQDDAR0NDIzMBOkETAPMQ0wCwYDVQQD +DAR0NDI0MBOkETAPMQ0wCwYDVQQDDAR0NDI1MBOkETAPMQ0wCwYDVQQDDAR0NDI2 +MBOkETAPMQ0wCwYDVQQDDAR0NDI3MBOkETAPMQ0wCwYDVQQDDAR0NDI4MBOkETAP +MQ0wCwYDVQQDDAR0NDI5MBOkETAPMQ0wCwYDVQQDDAR0NDMwMBOkETAPMQ0wCwYD +VQQDDAR0NDMxMBOkETAPMQ0wCwYDVQQDDAR0NDMyMBOkETAPMQ0wCwYDVQQDDAR0 +NDMzMBOkETAPMQ0wCwYDVQQDDAR0NDM0MBOkETAPMQ0wCwYDVQQDDAR0NDM1MBOk +ETAPMQ0wCwYDVQQDDAR0NDM2MBOkETAPMQ0wCwYDVQQDDAR0NDM3MBOkETAPMQ0w +CwYDVQQDDAR0NDM4MBOkETAPMQ0wCwYDVQQDDAR0NDM5MBOkETAPMQ0wCwYDVQQD +DAR0NDQwMBOkETAPMQ0wCwYDVQQDDAR0NDQxMBOkETAPMQ0wCwYDVQQDDAR0NDQy +MBOkETAPMQ0wCwYDVQQDDAR0NDQzMBOkETAPMQ0wCwYDVQQDDAR0NDQ0MBOkETAP +MQ0wCwYDVQQDDAR0NDQ1MBOkETAPMQ0wCwYDVQQDDAR0NDQ2MBOkETAPMQ0wCwYD +VQQDDAR0NDQ3MBOkETAPMQ0wCwYDVQQDDAR0NDQ4MBOkETAPMQ0wCwYDVQQDDAR0 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR0NDUwMBOkETAPMQ0wCwYDVQQDDAR0NDUxMBOk +ETAPMQ0wCwYDVQQDDAR0NDUyMBOkETAPMQ0wCwYDVQQDDAR0NDUzMBOkETAPMQ0w +CwYDVQQDDAR0NDU0MBOkETAPMQ0wCwYDVQQDDAR0NDU1MBOkETAPMQ0wCwYDVQQD +DAR0NDU2MBOkETAPMQ0wCwYDVQQDDAR0NDU3MBOkETAPMQ0wCwYDVQQDDAR0NDU4 +MBOkETAPMQ0wCwYDVQQDDAR0NDU5MBOkETAPMQ0wCwYDVQQDDAR0NDYwMBOkETAP +MQ0wCwYDVQQDDAR0NDYxMBOkETAPMQ0wCwYDVQQDDAR0NDYyMBOkETAPMQ0wCwYD +VQQDDAR0NDYzMBOkETAPMQ0wCwYDVQQDDAR0NDY0MBOkETAPMQ0wCwYDVQQDDAR0 +NDY1MBOkETAPMQ0wCwYDVQQDDAR0NDY2MBOkETAPMQ0wCwYDVQQDDAR0NDY3MBOk +ETAPMQ0wCwYDVQQDDAR0NDY4MBOkETAPMQ0wCwYDVQQDDAR0NDY5MBOkETAPMQ0w +CwYDVQQDDAR0NDcwMBOkETAPMQ0wCwYDVQQDDAR0NDcxMBOkETAPMQ0wCwYDVQQD +DAR0NDcyMBOkETAPMQ0wCwYDVQQDDAR0NDczMBOkETAPMQ0wCwYDVQQDDAR0NDc0 +MBOkETAPMQ0wCwYDVQQDDAR0NDc1MBOkETAPMQ0wCwYDVQQDDAR0NDc2MBOkETAP +MQ0wCwYDVQQDDAR0NDc3MBOkETAPMQ0wCwYDVQQDDAR0NDc4MBOkETAPMQ0wCwYD +VQQDDAR0NDc5MBOkETAPMQ0wCwYDVQQDDAR0NDgwMBOkETAPMQ0wCwYDVQQDDAR0 +NDgxMBOkETAPMQ0wCwYDVQQDDAR0NDgyMBOkETAPMQ0wCwYDVQQDDAR0NDgzMBOk +ETAPMQ0wCwYDVQQDDAR0NDg0MBOkETAPMQ0wCwYDVQQDDAR0NDg1MBOkETAPMQ0w +CwYDVQQDDAR0NDg2MBOkETAPMQ0wCwYDVQQDDAR0NDg3MBOkETAPMQ0wCwYDVQQD +DAR0NDg4MBOkETAPMQ0wCwYDVQQDDAR0NDg5MBOkETAPMQ0wCwYDVQQDDAR0NDkw +MBOkETAPMQ0wCwYDVQQDDAR0NDkxMBOkETAPMQ0wCwYDVQQDDAR0NDkyMBOkETAP +MQ0wCwYDVQQDDAR0NDkzMBOkETAPMQ0wCwYDVQQDDAR0NDk0MBOkETAPMQ0wCwYD +VQQDDAR0NDk1MBOkETAPMQ0wCwYDVQQDDAR0NDk2MBOkETAPMQ0wCwYDVQQDDAR0 +NDk3MBOkETAPMQ0wCwYDVQQDDAR0NDk4MBOkETAPMQ0wCwYDVQQDDAR0NDk5MBOk +ETAPMQ0wCwYDVQQDDAR0NTAwMBOkETAPMQ0wCwYDVQQDDAR0NTAxMBOkETAPMQ0w +CwYDVQQDDAR0NTAyMBOkETAPMQ0wCwYDVQQDDAR0NTAzMBOkETAPMQ0wCwYDVQQD +DAR0NTA0MBOkETAPMQ0wCwYDVQQDDAR0NTA1MBOkETAPMQ0wCwYDVQQDDAR0NTA2 +MBOkETAPMQ0wCwYDVQQDDAR0NTA3MBOkETAPMQ0wCwYDVQQDDAR0NTA4MBOkETAP +MQ0wCwYDVQQDDAR0NTA5MBOkETAPMQ0wCwYDVQQDDAR0NTEwMBOkETAPMQ0wCwYD +VQQDDAR0NTExMBOkETAPMQ0wCwYDVQQDDAR0NTEyMBOkETAPMQ0wCwYDVQQDDAR0 +NTEzMBOkETAPMQ0wCwYDVQQDDAR0NTE0MBOkETAPMQ0wCwYDVQQDDAR0NTE1MBOk +ETAPMQ0wCwYDVQQDDAR0NTE2MBOkETAPMQ0wCwYDVQQDDAR0NTE3MBOkETAPMQ0w +CwYDVQQDDAR0NTE4MBOkETAPMQ0wCwYDVQQDDAR0NTE5MBOkETAPMQ0wCwYDVQQD +DAR0NTIwMBOkETAPMQ0wCwYDVQQDDAR0NTIxMBOkETAPMQ0wCwYDVQQDDAR0NTIy +MBOkETAPMQ0wCwYDVQQDDAR0NTIzMBOkETAPMQ0wCwYDVQQDDAR0NTI0MBOkETAP +MQ0wCwYDVQQDDAR0NTI1MBOkETAPMQ0wCwYDVQQDDAR0NTI2MBOkETAPMQ0wCwYD +VQQDDAR0NTI3MBOkETAPMQ0wCwYDVQQDDAR0NTI4MBOkETAPMQ0wCwYDVQQDDAR0 +NTI5MBOkETAPMQ0wCwYDVQQDDAR0NTMwMBOkETAPMQ0wCwYDVQQDDAR0NTMxMBOk +ETAPMQ0wCwYDVQQDDAR0NTMyMBOkETAPMQ0wCwYDVQQDDAR0NTMzMBOkETAPMQ0w +CwYDVQQDDAR0NTM0MBOkETAPMQ0wCwYDVQQDDAR0NTM1MBOkETAPMQ0wCwYDVQQD +DAR0NTM2MBOkETAPMQ0wCwYDVQQDDAR0NTM3MBOkETAPMQ0wCwYDVQQDDAR0NTM4 +MBOkETAPMQ0wCwYDVQQDDAR0NTM5MBOkETAPMQ0wCwYDVQQDDAR0NTQwMBOkETAP +MQ0wCwYDVQQDDAR0NTQxMBOkETAPMQ0wCwYDVQQDDAR0NTQyMBOkETAPMQ0wCwYD +VQQDDAR0NTQzMBOkETAPMQ0wCwYDVQQDDAR0NTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR0NTQ2MBOkETAPMQ0wCwYDVQQDDAR0NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0NTQ4MBOkETAPMQ0wCwYDVQQDDAR0NTQ5MBOkETAPMQ0w +CwYDVQQDDAR0NTUwMBOkETAPMQ0wCwYDVQQDDAR0NTUxMBOkETAPMQ0wCwYDVQQD +DAR0NTUyMBOkETAPMQ0wCwYDVQQDDAR0NTUzMBOkETAPMQ0wCwYDVQQDDAR0NTU0 +MBOkETAPMQ0wCwYDVQQDDAR0NTU1MBOkETAPMQ0wCwYDVQQDDAR0NTU2MBOkETAP +MQ0wCwYDVQQDDAR0NTU3MBOkETAPMQ0wCwYDVQQDDAR0NTU4MBOkETAPMQ0wCwYD +VQQDDAR0NTU5MBOkETAPMQ0wCwYDVQQDDAR0NTYwMBOkETAPMQ0wCwYDVQQDDAR0 +NTYxMBOkETAPMQ0wCwYDVQQDDAR0NTYyMBOkETAPMQ0wCwYDVQQDDAR0NTYzMBOk +ETAPMQ0wCwYDVQQDDAR0NTY0MBOkETAPMQ0wCwYDVQQDDAR0NTY1MBOkETAPMQ0w +CwYDVQQDDAR0NTY2MBOkETAPMQ0wCwYDVQQDDAR0NTY3MBOkETAPMQ0wCwYDVQQD +DAR0NTY4MBOkETAPMQ0wCwYDVQQDDAR0NTY5MBOkETAPMQ0wCwYDVQQDDAR0NTcw +MBOkETAPMQ0wCwYDVQQDDAR0NTcxMBOkETAPMQ0wCwYDVQQDDAR0NTcyMBOkETAP +MQ0wCwYDVQQDDAR0NTczMBOkETAPMQ0wCwYDVQQDDAR0NTc0MBOkETAPMQ0wCwYD +VQQDDAR0NTc1MBOkETAPMQ0wCwYDVQQDDAR0NTc2MBOkETAPMQ0wCwYDVQQDDAR0 +NTc3MBOkETAPMQ0wCwYDVQQDDAR0NTc4MBOkETAPMQ0wCwYDVQQDDAR0NTc5MBOk +ETAPMQ0wCwYDVQQDDAR0NTgwMBOkETAPMQ0wCwYDVQQDDAR0NTgxMBOkETAPMQ0w +CwYDVQQDDAR0NTgyMBOkETAPMQ0wCwYDVQQDDAR0NTgzMBOkETAPMQ0wCwYDVQQD +DAR0NTg0MBOkETAPMQ0wCwYDVQQDDAR0NTg1MBOkETAPMQ0wCwYDVQQDDAR0NTg2 +MBOkETAPMQ0wCwYDVQQDDAR0NTg3MBOkETAPMQ0wCwYDVQQDDAR0NTg4MBOkETAP +MQ0wCwYDVQQDDAR0NTg5MBOkETAPMQ0wCwYDVQQDDAR0NTkwMBOkETAPMQ0wCwYD +VQQDDAR0NTkxMBOkETAPMQ0wCwYDVQQDDAR0NTkyMBOkETAPMQ0wCwYDVQQDDAR0 +NTkzMBOkETAPMQ0wCwYDVQQDDAR0NTk0MBOkETAPMQ0wCwYDVQQDDAR0NTk1MBOk +ETAPMQ0wCwYDVQQDDAR0NTk2MBOkETAPMQ0wCwYDVQQDDAR0NTk3MBOkETAPMQ0w +CwYDVQQDDAR0NTk4MBOkETAPMQ0wCwYDVQQDDAR0NTk5MBOkETAPMQ0wCwYDVQQD +DAR0NjAwMBOkETAPMQ0wCwYDVQQDDAR0NjAxMBOkETAPMQ0wCwYDVQQDDAR0NjAy +MBOkETAPMQ0wCwYDVQQDDAR0NjAzMBOkETAPMQ0wCwYDVQQDDAR0NjA0MBOkETAP +MQ0wCwYDVQQDDAR0NjA1MBOkETAPMQ0wCwYDVQQDDAR0NjA2MBOkETAPMQ0wCwYD +VQQDDAR0NjA3MBOkETAPMQ0wCwYDVQQDDAR0NjA4MBOkETAPMQ0wCwYDVQQDDAR0 +NjA5MBOkETAPMQ0wCwYDVQQDDAR0NjEwMBOkETAPMQ0wCwYDVQQDDAR0NjExMBOk +ETAPMQ0wCwYDVQQDDAR0NjEyMBOkETAPMQ0wCwYDVQQDDAR0NjEzMBOkETAPMQ0w +CwYDVQQDDAR0NjE0MBOkETAPMQ0wCwYDVQQDDAR0NjE1MBOkETAPMQ0wCwYDVQQD +DAR0NjE2MBOkETAPMQ0wCwYDVQQDDAR0NjE3MBOkETAPMQ0wCwYDVQQDDAR0NjE4 +MBOkETAPMQ0wCwYDVQQDDAR0NjE5MBOkETAPMQ0wCwYDVQQDDAR0NjIwMBOkETAP +MQ0wCwYDVQQDDAR0NjIxMBOkETAPMQ0wCwYDVQQDDAR0NjIyMBOkETAPMQ0wCwYD +VQQDDAR0NjIzMBOkETAPMQ0wCwYDVQQDDAR0NjI0MBOkETAPMQ0wCwYDVQQDDAR0 +NjI1MBOkETAPMQ0wCwYDVQQDDAR0NjI2MBOkETAPMQ0wCwYDVQQDDAR0NjI3MBOk +ETAPMQ0wCwYDVQQDDAR0NjI4MBOkETAPMQ0wCwYDVQQDDAR0NjI5MBOkETAPMQ0w +CwYDVQQDDAR0NjMwMBOkETAPMQ0wCwYDVQQDDAR0NjMxMBOkETAPMQ0wCwYDVQQD +DAR0NjMyMBOkETAPMQ0wCwYDVQQDDAR0NjMzMBOkETAPMQ0wCwYDVQQDDAR0NjM0 +MBOkETAPMQ0wCwYDVQQDDAR0NjM1MBOkETAPMQ0wCwYDVQQDDAR0NjM2MBOkETAP +MQ0wCwYDVQQDDAR0NjM3MBOkETAPMQ0wCwYDVQQDDAR0NjM4MBOkETAPMQ0wCwYD +VQQDDAR0NjM5MBOkETAPMQ0wCwYDVQQDDAR0NjQwMBOkETAPMQ0wCwYDVQQDDAR0 +NjQxMBOkETAPMQ0wCwYDVQQDDAR0NjQyMBOkETAPMQ0wCwYDVQQDDAR0NjQzMBOk +ETAPMQ0wCwYDVQQDDAR0NjQ0MBOkETAPMQ0wCwYDVQQDDAR0NjQ1MBOkETAPMQ0w +CwYDVQQDDAR0NjQ2MBOkETAPMQ0wCwYDVQQDDAR0NjQ3MBOkETAPMQ0wCwYDVQQD +DAR0NjQ4MBOkETAPMQ0wCwYDVQQDDAR0NjQ5MBOkETAPMQ0wCwYDVQQDDAR0NjUw +MBOkETAPMQ0wCwYDVQQDDAR0NjUxMBOkETAPMQ0wCwYDVQQDDAR0NjUyMBOkETAP +MQ0wCwYDVQQDDAR0NjUzMBOkETAPMQ0wCwYDVQQDDAR0NjU0MBOkETAPMQ0wCwYD +VQQDDAR0NjU1MBOkETAPMQ0wCwYDVQQDDAR0NjU2MBOkETAPMQ0wCwYDVQQDDAR0 +NjU3MBOkETAPMQ0wCwYDVQQDDAR0NjU4MBOkETAPMQ0wCwYDVQQDDAR0NjU5MBOk +ETAPMQ0wCwYDVQQDDAR0NjYwMBOkETAPMQ0wCwYDVQQDDAR0NjYxMBOkETAPMQ0w +CwYDVQQDDAR0NjYyMBOkETAPMQ0wCwYDVQQDDAR0NjYzMBOkETAPMQ0wCwYDVQQD +DAR0NjY0MBOkETAPMQ0wCwYDVQQDDAR0NjY1MBOkETAPMQ0wCwYDVQQDDAR0NjY2 +MBOkETAPMQ0wCwYDVQQDDAR0NjY3MBOkETAPMQ0wCwYDVQQDDAR0NjY4MBOkETAP +MQ0wCwYDVQQDDAR0NjY5MBOkETAPMQ0wCwYDVQQDDAR0NjcwMBOkETAPMQ0wCwYD +VQQDDAR0NjcxMBOkETAPMQ0wCwYDVQQDDAR0NjcyMBOkETAPMQ0wCwYDVQQDDAR0 +NjczMBOkETAPMQ0wCwYDVQQDDAR0Njc0MBOkETAPMQ0wCwYDVQQDDAR0Njc1MBOk +ETAPMQ0wCwYDVQQDDAR0Njc2MBOkETAPMQ0wCwYDVQQDDAR0Njc3MBOkETAPMQ0w +CwYDVQQDDAR0Njc4MBOkETAPMQ0wCwYDVQQDDAR0Njc5MBOkETAPMQ0wCwYDVQQD +DAR0NjgwMBOkETAPMQ0wCwYDVQQDDAR0NjgxMBOkETAPMQ0wCwYDVQQDDAR0Njgy +MBOkETAPMQ0wCwYDVQQDDAR0NjgzMBOkETAPMQ0wCwYDVQQDDAR0Njg0MBOkETAP +MQ0wCwYDVQQDDAR0Njg1MBOkETAPMQ0wCwYDVQQDDAR0Njg2MBOkETAPMQ0wCwYD +VQQDDAR0Njg3MBOkETAPMQ0wCwYDVQQDDAR0Njg4MBOkETAPMQ0wCwYDVQQDDAR0 +Njg5MBOkETAPMQ0wCwYDVQQDDAR0NjkwMBOkETAPMQ0wCwYDVQQDDAR0NjkxMBOk +ETAPMQ0wCwYDVQQDDAR0NjkyMBOkETAPMQ0wCwYDVQQDDAR0NjkzMBOkETAPMQ0w +CwYDVQQDDAR0Njk0MBOkETAPMQ0wCwYDVQQDDAR0Njk1MBOkETAPMQ0wCwYDVQQD +DAR0Njk2MBOkETAPMQ0wCwYDVQQDDAR0Njk3MBOkETAPMQ0wCwYDVQQDDAR0Njk4 +MBOkETAPMQ0wCwYDVQQDDAR0Njk5MBOkETAPMQ0wCwYDVQQDDAR0NzAwMBOkETAP +MQ0wCwYDVQQDDAR0NzAxMBOkETAPMQ0wCwYDVQQDDAR0NzAyMBOkETAPMQ0wCwYD +VQQDDAR0NzAzMBOkETAPMQ0wCwYDVQQDDAR0NzA0MBOkETAPMQ0wCwYDVQQDDAR0 +NzA1MBOkETAPMQ0wCwYDVQQDDAR0NzA2MBOkETAPMQ0wCwYDVQQDDAR0NzA3MBOk +ETAPMQ0wCwYDVQQDDAR0NzA4MBOkETAPMQ0wCwYDVQQDDAR0NzA5MBOkETAPMQ0w +CwYDVQQDDAR0NzEwMBOkETAPMQ0wCwYDVQQDDAR0NzExMBOkETAPMQ0wCwYDVQQD +DAR0NzEyMBOkETAPMQ0wCwYDVQQDDAR0NzEzMBOkETAPMQ0wCwYDVQQDDAR0NzE0 +MBOkETAPMQ0wCwYDVQQDDAR0NzE1MBOkETAPMQ0wCwYDVQQDDAR0NzE2MBOkETAP +MQ0wCwYDVQQDDAR0NzE3MBOkETAPMQ0wCwYDVQQDDAR0NzE4MBOkETAPMQ0wCwYD +VQQDDAR0NzE5MBOkETAPMQ0wCwYDVQQDDAR0NzIwMBOkETAPMQ0wCwYDVQQDDAR0 +NzIxMBOkETAPMQ0wCwYDVQQDDAR0NzIyMBOkETAPMQ0wCwYDVQQDDAR0NzIzMBOk +ETAPMQ0wCwYDVQQDDAR0NzI0MBOkETAPMQ0wCwYDVQQDDAR0NzI1MBOkETAPMQ0w +CwYDVQQDDAR0NzI2MBOkETAPMQ0wCwYDVQQDDAR0NzI3MBOkETAPMQ0wCwYDVQQD +DAR0NzI4MBOkETAPMQ0wCwYDVQQDDAR0NzI5MBOkETAPMQ0wCwYDVQQDDAR0NzMw +MBOkETAPMQ0wCwYDVQQDDAR0NzMxMBOkETAPMQ0wCwYDVQQDDAR0NzMyMBOkETAP +MQ0wCwYDVQQDDAR0NzMzMBOkETAPMQ0wCwYDVQQDDAR0NzM0MBOkETAPMQ0wCwYD +VQQDDAR0NzM1MBOkETAPMQ0wCwYDVQQDDAR0NzM2MBOkETAPMQ0wCwYDVQQDDAR0 +NzM3MBOkETAPMQ0wCwYDVQQDDAR0NzM4MBOkETAPMQ0wCwYDVQQDDAR0NzM5MBOk +ETAPMQ0wCwYDVQQDDAR0NzQwMBOkETAPMQ0wCwYDVQQDDAR0NzQxMBOkETAPMQ0w +CwYDVQQDDAR0NzQyMBOkETAPMQ0wCwYDVQQDDAR0NzQzMBOkETAPMQ0wCwYDVQQD +DAR0NzQ0MBOkETAPMQ0wCwYDVQQDDAR0NzQ1MBOkETAPMQ0wCwYDVQQDDAR0NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0NzQ3MBOkETAPMQ0wCwYDVQQDDAR0NzQ4MBOkETAP +MQ0wCwYDVQQDDAR0NzQ5MBOkETAPMQ0wCwYDVQQDDAR0NzUwMBOkETAPMQ0wCwYD +VQQDDAR0NzUxMBOkETAPMQ0wCwYDVQQDDAR0NzUyMBOkETAPMQ0wCwYDVQQDDAR0 +NzUzMBOkETAPMQ0wCwYDVQQDDAR0NzU0MBOkETAPMQ0wCwYDVQQDDAR0NzU1MBOk +ETAPMQ0wCwYDVQQDDAR0NzU2MBOkETAPMQ0wCwYDVQQDDAR0NzU3MBOkETAPMQ0w +CwYDVQQDDAR0NzU4MBOkETAPMQ0wCwYDVQQDDAR0NzU5MBOkETAPMQ0wCwYDVQQD +DAR0NzYwMBOkETAPMQ0wCwYDVQQDDAR0NzYxMBOkETAPMQ0wCwYDVQQDDAR0NzYy +MBOkETAPMQ0wCwYDVQQDDAR0NzYzMBOkETAPMQ0wCwYDVQQDDAR0NzY0MBOkETAP +MQ0wCwYDVQQDDAR0NzY1MBOkETAPMQ0wCwYDVQQDDAR0NzY2MBOkETAPMQ0wCwYD +VQQDDAR0NzY3MBOkETAPMQ0wCwYDVQQDDAR0NzY4MBOkETAPMQ0wCwYDVQQDDAR0 +NzY5MBOkETAPMQ0wCwYDVQQDDAR0NzcwMBOkETAPMQ0wCwYDVQQDDAR0NzcxMBOk +ETAPMQ0wCwYDVQQDDAR0NzcyMBOkETAPMQ0wCwYDVQQDDAR0NzczMBOkETAPMQ0w +CwYDVQQDDAR0Nzc0MBOkETAPMQ0wCwYDVQQDDAR0Nzc1MBOkETAPMQ0wCwYDVQQD +DAR0Nzc2MBOkETAPMQ0wCwYDVQQDDAR0Nzc3MBOkETAPMQ0wCwYDVQQDDAR0Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Nzc5MBOkETAPMQ0wCwYDVQQDDAR0NzgwMBOkETAP +MQ0wCwYDVQQDDAR0NzgxMBOkETAPMQ0wCwYDVQQDDAR0NzgyMBOkETAPMQ0wCwYD +VQQDDAR0NzgzMBOkETAPMQ0wCwYDVQQDDAR0Nzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR0Nzg2MBOkETAPMQ0wCwYDVQQDDAR0Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Nzg4MBOkETAPMQ0wCwYDVQQDDAR0Nzg5MBOkETAPMQ0w +CwYDVQQDDAR0NzkwMBOkETAPMQ0wCwYDVQQDDAR0NzkxMBOkETAPMQ0wCwYDVQQD +DAR0NzkyMBOkETAPMQ0wCwYDVQQDDAR0NzkzMBOkETAPMQ0wCwYDVQQDDAR0Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Nzk1MBOkETAPMQ0wCwYDVQQDDAR0Nzk2MBOkETAP +MQ0wCwYDVQQDDAR0Nzk3MBOkETAPMQ0wCwYDVQQDDAR0Nzk4MBOkETAPMQ0wCwYD +VQQDDAR0Nzk5MBOkETAPMQ0wCwYDVQQDDAR0ODAwMBOkETAPMQ0wCwYDVQQDDAR0 +ODAxMBOkETAPMQ0wCwYDVQQDDAR0ODAyMBOkETAPMQ0wCwYDVQQDDAR0ODAzMBOk +ETAPMQ0wCwYDVQQDDAR0ODA0MBOkETAPMQ0wCwYDVQQDDAR0ODA1MBOkETAPMQ0w +CwYDVQQDDAR0ODA2MBOkETAPMQ0wCwYDVQQDDAR0ODA3MBOkETAPMQ0wCwYDVQQD +DAR0ODA4MBOkETAPMQ0wCwYDVQQDDAR0ODA5MBOkETAPMQ0wCwYDVQQDDAR0ODEw +MBOkETAPMQ0wCwYDVQQDDAR0ODExMBOkETAPMQ0wCwYDVQQDDAR0ODEyMBOkETAP +MQ0wCwYDVQQDDAR0ODEzMBOkETAPMQ0wCwYDVQQDDAR0ODE0MBOkETAPMQ0wCwYD +VQQDDAR0ODE1MBOkETAPMQ0wCwYDVQQDDAR0ODE2MBOkETAPMQ0wCwYDVQQDDAR0 +ODE3MBOkETAPMQ0wCwYDVQQDDAR0ODE4MBOkETAPMQ0wCwYDVQQDDAR0ODE5MBOk +ETAPMQ0wCwYDVQQDDAR0ODIwMBOkETAPMQ0wCwYDVQQDDAR0ODIxMBOkETAPMQ0w +CwYDVQQDDAR0ODIyMBOkETAPMQ0wCwYDVQQDDAR0ODIzMBOkETAPMQ0wCwYDVQQD +DAR0ODI0MBOkETAPMQ0wCwYDVQQDDAR0ODI1MBOkETAPMQ0wCwYDVQQDDAR0ODI2 +MBOkETAPMQ0wCwYDVQQDDAR0ODI3MBOkETAPMQ0wCwYDVQQDDAR0ODI4MBOkETAP +MQ0wCwYDVQQDDAR0ODI5MBOkETAPMQ0wCwYDVQQDDAR0ODMwMBOkETAPMQ0wCwYD +VQQDDAR0ODMxMBOkETAPMQ0wCwYDVQQDDAR0ODMyMBOkETAPMQ0wCwYDVQQDDAR0 +ODMzMBOkETAPMQ0wCwYDVQQDDAR0ODM0MBOkETAPMQ0wCwYDVQQDDAR0ODM1MBOk +ETAPMQ0wCwYDVQQDDAR0ODM2MBOkETAPMQ0wCwYDVQQDDAR0ODM3MBOkETAPMQ0w +CwYDVQQDDAR0ODM4MBOkETAPMQ0wCwYDVQQDDAR0ODM5MBOkETAPMQ0wCwYDVQQD +DAR0ODQwMBOkETAPMQ0wCwYDVQQDDAR0ODQxMBOkETAPMQ0wCwYDVQQDDAR0ODQy +MBOkETAPMQ0wCwYDVQQDDAR0ODQzMBOkETAPMQ0wCwYDVQQDDAR0ODQ0MBOkETAP +MQ0wCwYDVQQDDAR0ODQ1MBOkETAPMQ0wCwYDVQQDDAR0ODQ2MBOkETAPMQ0wCwYD +VQQDDAR0ODQ3MBOkETAPMQ0wCwYDVQQDDAR0ODQ4MBOkETAPMQ0wCwYDVQQDDAR0 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR0ODUwMBOkETAPMQ0wCwYDVQQDDAR0ODUxMBOk +ETAPMQ0wCwYDVQQDDAR0ODUyMBOkETAPMQ0wCwYDVQQDDAR0ODUzMBOkETAPMQ0w +CwYDVQQDDAR0ODU0MBOkETAPMQ0wCwYDVQQDDAR0ODU1MBOkETAPMQ0wCwYDVQQD +DAR0ODU2MBOkETAPMQ0wCwYDVQQDDAR0ODU3MBOkETAPMQ0wCwYDVQQDDAR0ODU4 +MBOkETAPMQ0wCwYDVQQDDAR0ODU5MBOkETAPMQ0wCwYDVQQDDAR0ODYwMBOkETAP +MQ0wCwYDVQQDDAR0ODYxMBOkETAPMQ0wCwYDVQQDDAR0ODYyMBOkETAPMQ0wCwYD +VQQDDAR0ODYzMBOkETAPMQ0wCwYDVQQDDAR0ODY0MBOkETAPMQ0wCwYDVQQDDAR0 +ODY1MBOkETAPMQ0wCwYDVQQDDAR0ODY2MBOkETAPMQ0wCwYDVQQDDAR0ODY3MBOk +ETAPMQ0wCwYDVQQDDAR0ODY4MBOkETAPMQ0wCwYDVQQDDAR0ODY5MBOkETAPMQ0w +CwYDVQQDDAR0ODcwMBOkETAPMQ0wCwYDVQQDDAR0ODcxMBOkETAPMQ0wCwYDVQQD +DAR0ODcyMBOkETAPMQ0wCwYDVQQDDAR0ODczMBOkETAPMQ0wCwYDVQQDDAR0ODc0 +MBOkETAPMQ0wCwYDVQQDDAR0ODc1MBOkETAPMQ0wCwYDVQQDDAR0ODc2MBOkETAP +MQ0wCwYDVQQDDAR0ODc3MBOkETAPMQ0wCwYDVQQDDAR0ODc4MBOkETAPMQ0wCwYD +VQQDDAR0ODc5MBOkETAPMQ0wCwYDVQQDDAR0ODgwMBOkETAPMQ0wCwYDVQQDDAR0 +ODgxMBOkETAPMQ0wCwYDVQQDDAR0ODgyMBOkETAPMQ0wCwYDVQQDDAR0ODgzMBOk +ETAPMQ0wCwYDVQQDDAR0ODg0MBOkETAPMQ0wCwYDVQQDDAR0ODg1MBOkETAPMQ0w +CwYDVQQDDAR0ODg2MBOkETAPMQ0wCwYDVQQDDAR0ODg3MBOkETAPMQ0wCwYDVQQD +DAR0ODg4MBOkETAPMQ0wCwYDVQQDDAR0ODg5MBOkETAPMQ0wCwYDVQQDDAR0ODkw +MBOkETAPMQ0wCwYDVQQDDAR0ODkxMBOkETAPMQ0wCwYDVQQDDAR0ODkyMBOkETAP +MQ0wCwYDVQQDDAR0ODkzMBOkETAPMQ0wCwYDVQQDDAR0ODk0MBOkETAPMQ0wCwYD +VQQDDAR0ODk1MBOkETAPMQ0wCwYDVQQDDAR0ODk2MBOkETAPMQ0wCwYDVQQDDAR0 +ODk3MBOkETAPMQ0wCwYDVQQDDAR0ODk4MBOkETAPMQ0wCwYDVQQDDAR0ODk5MBOk +ETAPMQ0wCwYDVQQDDAR0OTAwMBOkETAPMQ0wCwYDVQQDDAR0OTAxMBOkETAPMQ0w +CwYDVQQDDAR0OTAyMBOkETAPMQ0wCwYDVQQDDAR0OTAzMBOkETAPMQ0wCwYDVQQD +DAR0OTA0MBOkETAPMQ0wCwYDVQQDDAR0OTA1MBOkETAPMQ0wCwYDVQQDDAR0OTA2 +MBOkETAPMQ0wCwYDVQQDDAR0OTA3MBOkETAPMQ0wCwYDVQQDDAR0OTA4MBOkETAP +MQ0wCwYDVQQDDAR0OTA5MBOkETAPMQ0wCwYDVQQDDAR0OTEwMBOkETAPMQ0wCwYD +VQQDDAR0OTExMBOkETAPMQ0wCwYDVQQDDAR0OTEyMBOkETAPMQ0wCwYDVQQDDAR0 +OTEzMBOkETAPMQ0wCwYDVQQDDAR0OTE0MBOkETAPMQ0wCwYDVQQDDAR0OTE1MBOk +ETAPMQ0wCwYDVQQDDAR0OTE2MBOkETAPMQ0wCwYDVQQDDAR0OTE3MBOkETAPMQ0w +CwYDVQQDDAR0OTE4MBOkETAPMQ0wCwYDVQQDDAR0OTE5MBOkETAPMQ0wCwYDVQQD +DAR0OTIwMBOkETAPMQ0wCwYDVQQDDAR0OTIxMBOkETAPMQ0wCwYDVQQDDAR0OTIy +MBOkETAPMQ0wCwYDVQQDDAR0OTIzMBOkETAPMQ0wCwYDVQQDDAR0OTI0MBOkETAP +MQ0wCwYDVQQDDAR0OTI1MBOkETAPMQ0wCwYDVQQDDAR0OTI2MBOkETAPMQ0wCwYD +VQQDDAR0OTI3MBOkETAPMQ0wCwYDVQQDDAR0OTI4MBOkETAPMQ0wCwYDVQQDDAR0 +OTI5MBOkETAPMQ0wCwYDVQQDDAR0OTMwMBOkETAPMQ0wCwYDVQQDDAR0OTMxMBOk +ETAPMQ0wCwYDVQQDDAR0OTMyMBOkETAPMQ0wCwYDVQQDDAR0OTMzMBOkETAPMQ0w +CwYDVQQDDAR0OTM0MBOkETAPMQ0wCwYDVQQDDAR0OTM1MBOkETAPMQ0wCwYDVQQD +DAR0OTM2MBOkETAPMQ0wCwYDVQQDDAR0OTM3MBOkETAPMQ0wCwYDVQQDDAR0OTM4 +MBOkETAPMQ0wCwYDVQQDDAR0OTM5MBOkETAPMQ0wCwYDVQQDDAR0OTQwMBOkETAP +MQ0wCwYDVQQDDAR0OTQxMBOkETAPMQ0wCwYDVQQDDAR0OTQyMBOkETAPMQ0wCwYD +VQQDDAR0OTQzMBOkETAPMQ0wCwYDVQQDDAR0OTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR0OTQ2MBOkETAPMQ0wCwYDVQQDDAR0OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0OTQ4MBOkETAPMQ0wCwYDVQQDDAR0OTQ5MBOkETAPMQ0w +CwYDVQQDDAR0OTUwMBOkETAPMQ0wCwYDVQQDDAR0OTUxMBOkETAPMQ0wCwYDVQQD +DAR0OTUyMBOkETAPMQ0wCwYDVQQDDAR0OTUzMBOkETAPMQ0wCwYDVQQDDAR0OTU0 +MBOkETAPMQ0wCwYDVQQDDAR0OTU1MBOkETAPMQ0wCwYDVQQDDAR0OTU2MBOkETAP +MQ0wCwYDVQQDDAR0OTU3MBOkETAPMQ0wCwYDVQQDDAR0OTU4MBOkETAPMQ0wCwYD +VQQDDAR0OTU5MBOkETAPMQ0wCwYDVQQDDAR0OTYwMBOkETAPMQ0wCwYDVQQDDAR0 +OTYxMBOkETAPMQ0wCwYDVQQDDAR0OTYyMBOkETAPMQ0wCwYDVQQDDAR0OTYzMBOk +ETAPMQ0wCwYDVQQDDAR0OTY0MBOkETAPMQ0wCwYDVQQDDAR0OTY1MBOkETAPMQ0w +CwYDVQQDDAR0OTY2MBOkETAPMQ0wCwYDVQQDDAR0OTY3MBOkETAPMQ0wCwYDVQQD +DAR0OTY4MBOkETAPMQ0wCwYDVQQDDAR0OTY5MBOkETAPMQ0wCwYDVQQDDAR0OTcw +MBOkETAPMQ0wCwYDVQQDDAR0OTcxMBOkETAPMQ0wCwYDVQQDDAR0OTcyMBOkETAP +MQ0wCwYDVQQDDAR0OTczMBOkETAPMQ0wCwYDVQQDDAR0OTc0MBOkETAPMQ0wCwYD +VQQDDAR0OTc1MBOkETAPMQ0wCwYDVQQDDAR0OTc2MBOkETAPMQ0wCwYDVQQDDAR0 +OTc3MBOkETAPMQ0wCwYDVQQDDAR0OTc4MBOkETAPMQ0wCwYDVQQDDAR0OTc5MBOk +ETAPMQ0wCwYDVQQDDAR0OTgwMBOkETAPMQ0wCwYDVQQDDAR0OTgxMBOkETAPMQ0w +CwYDVQQDDAR0OTgyMBOkETAPMQ0wCwYDVQQDDAR0OTgzMBOkETAPMQ0wCwYDVQQD +DAR0OTg0MBOkETAPMQ0wCwYDVQQDDAR0OTg1MBOkETAPMQ0wCwYDVQQDDAR0OTg2 +MBOkETAPMQ0wCwYDVQQDDAR0OTg3MBOkETAPMQ0wCwYDVQQDDAR0OTg4MBOkETAP +MQ0wCwYDVQQDDAR0OTg5MBOkETAPMQ0wCwYDVQQDDAR0OTkwMBOkETAPMQ0wCwYD +VQQDDAR0OTkxMBOkETAPMQ0wCwYDVQQDDAR0OTkyMBOkETAPMQ0wCwYDVQQDDAR0 +OTkzMBOkETAPMQ0wCwYDVQQDDAR0OTk0MBOkETAPMQ0wCwYDVQQDDAR0OTk1MBOk +ETAPMQ0wCwYDVQQDDAR0OTk2MBOkETAPMQ0wCwYDVQQDDAR0OTk3MBOkETAPMQ0w +CwYDVQQDDAR0OTk4MBOkETAPMQ0wCwYDVQQDDAR0OTk5MBSkEjAQMQ4wDAYDVQQD +DAV0MTAwMDAUpBIwEDEOMAwGA1UEAwwFdDEwMDEwFKQSMBAxDjAMBgNVBAMMBXQx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV0MTAwMzAUpBIwEDEOMAwGA1UEAwwFdDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXQxMDA1MBSkEjAQMQ4wDAYDVQQDDAV0MTAwNjAUpBIw +EDEOMAwGA1UEAwwFdDEwMDcwFKQSMBAxDjAMBgNVBAMMBXQxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV0MTAwOTAUpBIwEDEOMAwGA1UEAwwFdDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXQxMDExMBSkEjAQMQ4wDAYDVQQDDAV0MTAxMjAUpBIwEDEOMAwGA1UEAwwF +dDEwMTMwFKQSMBAxDjAMBgNVBAMMBXQxMDE0MBSkEjAQMQ4wDAYDVQQDDAV0MTAx +NTAUpBIwEDEOMAwGA1UEAwwFdDEwMTYwFKQSMBAxDjAMBgNVBAMMBXQxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV0MTAxODAUpBIwEDEOMAwGA1UEAwwFdDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXQxMDIwMBSkEjAQMQ4wDAYDVQQDDAV0MTAyMTAUpBIwEDEOMAwG +A1UEAwwFdDEwMjIwFKQSMBAxDjAMBgNVBAMMBXQxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV0MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAEs5g1ju1fnqOntD1/aiKMySVbXlW +JCMSEI8SfOATmbptubJRtMxQLAYouNEYGhbmA7R/zbf2BnvCd5dSdo+B0fYsCOJw +J3Y/kKdS8xXwH0CXmfv6msHrEPqgdN/x34rSS2cRL1ypUnhp6EshvvKpZWLMDtlZ +jnrKXwFB2dLpiV+8PIy7T5CABgU3vgwfqFaC55ItxYlW2NSGnYq8XkPTB2Xa1Ah1 +J+VJDun4VCt6U5k3KZvqFN6AaKl5Jl5k/yFs2oPvj6TfOiBuXNNoSIKruaxKKLYv +NRSYVBao+u4ww7rFLTO8Mq6WxooXSTJ41GEpZn91rhYugbK5+lax1caedw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.cnf new file mode 100644 index 0000000000..d771260c0f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.cnf @@ -0,0 +1,4167 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +excluded;DNS.1 = x0.test +excluded;DNS.2 = x1.test +excluded;DNS.3 = x2.test +excluded;DNS.4 = x3.test +excluded;DNS.5 = x4.test +excluded;DNS.6 = x5.test +excluded;DNS.7 = x6.test +excluded;DNS.8 = x7.test +excluded;DNS.9 = x8.test +excluded;DNS.10 = x9.test +excluded;DNS.11 = x10.test +excluded;DNS.12 = x11.test +excluded;DNS.13 = x12.test +excluded;DNS.14 = x13.test +excluded;DNS.15 = x14.test +excluded;DNS.16 = x15.test +excluded;DNS.17 = x16.test +excluded;DNS.18 = x17.test +excluded;DNS.19 = x18.test +excluded;DNS.20 = x19.test +excluded;DNS.21 = x20.test +excluded;DNS.22 = x21.test +excluded;DNS.23 = x22.test +excluded;DNS.24 = x23.test +excluded;DNS.25 = x24.test +excluded;DNS.26 = x25.test +excluded;DNS.27 = x26.test +excluded;DNS.28 = x27.test +excluded;DNS.29 = x28.test +excluded;DNS.30 = x29.test +excluded;DNS.31 = x30.test +excluded;DNS.32 = x31.test +excluded;DNS.33 = x32.test +excluded;DNS.34 = x33.test +excluded;DNS.35 = x34.test +excluded;DNS.36 = x35.test +excluded;DNS.37 = x36.test +excluded;DNS.38 = x37.test +excluded;DNS.39 = x38.test +excluded;DNS.40 = x39.test +excluded;DNS.41 = x40.test +excluded;DNS.42 = x41.test +excluded;DNS.43 = x42.test +excluded;DNS.44 = x43.test +excluded;DNS.45 = x44.test +excluded;DNS.46 = x45.test +excluded;DNS.47 = x46.test +excluded;DNS.48 = x47.test +excluded;DNS.49 = x48.test +excluded;DNS.50 = x49.test +excluded;DNS.51 = x50.test +excluded;DNS.52 = x51.test +excluded;DNS.53 = x52.test +excluded;DNS.54 = x53.test +excluded;DNS.55 = x54.test +excluded;DNS.56 = x55.test +excluded;DNS.57 = x56.test +excluded;DNS.58 = x57.test +excluded;DNS.59 = x58.test +excluded;DNS.60 = x59.test +excluded;DNS.61 = x60.test +excluded;DNS.62 = x61.test +excluded;DNS.63 = x62.test +excluded;DNS.64 = x63.test +excluded;DNS.65 = x64.test +excluded;DNS.66 = x65.test +excluded;DNS.67 = x66.test +excluded;DNS.68 = x67.test +excluded;DNS.69 = x68.test +excluded;DNS.70 = x69.test +excluded;DNS.71 = x70.test +excluded;DNS.72 = x71.test +excluded;DNS.73 = x72.test +excluded;DNS.74 = x73.test +excluded;DNS.75 = x74.test +excluded;DNS.76 = x75.test +excluded;DNS.77 = x76.test +excluded;DNS.78 = x77.test +excluded;DNS.79 = x78.test +excluded;DNS.80 = x79.test +excluded;DNS.81 = x80.test +excluded;DNS.82 = x81.test +excluded;DNS.83 = x82.test +excluded;DNS.84 = x83.test +excluded;DNS.85 = x84.test +excluded;DNS.86 = x85.test +excluded;DNS.87 = x86.test +excluded;DNS.88 = x87.test +excluded;DNS.89 = x88.test +excluded;DNS.90 = x89.test +excluded;DNS.91 = x90.test +excluded;DNS.92 = x91.test +excluded;DNS.93 = x92.test +excluded;DNS.94 = x93.test +excluded;DNS.95 = x94.test +excluded;DNS.96 = x95.test +excluded;DNS.97 = x96.test +excluded;DNS.98 = x97.test +excluded;DNS.99 = x98.test +excluded;DNS.100 = x99.test +excluded;DNS.101 = x100.test +excluded;DNS.102 = x101.test +excluded;DNS.103 = x102.test +excluded;DNS.104 = x103.test +excluded;DNS.105 = x104.test +excluded;DNS.106 = x105.test +excluded;DNS.107 = x106.test +excluded;DNS.108 = x107.test +excluded;DNS.109 = x108.test +excluded;DNS.110 = x109.test +excluded;DNS.111 = x110.test +excluded;DNS.112 = x111.test +excluded;DNS.113 = x112.test +excluded;DNS.114 = x113.test +excluded;DNS.115 = x114.test +excluded;DNS.116 = x115.test +excluded;DNS.117 = x116.test +excluded;DNS.118 = x117.test +excluded;DNS.119 = x118.test +excluded;DNS.120 = x119.test +excluded;DNS.121 = x120.test +excluded;DNS.122 = x121.test +excluded;DNS.123 = x122.test +excluded;DNS.124 = x123.test +excluded;DNS.125 = x124.test +excluded;DNS.126 = x125.test +excluded;DNS.127 = x126.test +excluded;DNS.128 = x127.test +excluded;DNS.129 = x128.test +excluded;DNS.130 = x129.test +excluded;DNS.131 = x130.test +excluded;DNS.132 = x131.test +excluded;DNS.133 = x132.test +excluded;DNS.134 = x133.test +excluded;DNS.135 = x134.test +excluded;DNS.136 = x135.test +excluded;DNS.137 = x136.test +excluded;DNS.138 = x137.test +excluded;DNS.139 = x138.test +excluded;DNS.140 = x139.test +excluded;DNS.141 = x140.test +excluded;DNS.142 = x141.test +excluded;DNS.143 = x142.test +excluded;DNS.144 = x143.test +excluded;DNS.145 = x144.test +excluded;DNS.146 = x145.test +excluded;DNS.147 = x146.test +excluded;DNS.148 = x147.test +excluded;DNS.149 = x148.test +excluded;DNS.150 = x149.test +excluded;DNS.151 = x150.test +excluded;DNS.152 = x151.test +excluded;DNS.153 = x152.test +excluded;DNS.154 = x153.test +excluded;DNS.155 = x154.test +excluded;DNS.156 = x155.test +excluded;DNS.157 = x156.test +excluded;DNS.158 = x157.test +excluded;DNS.159 = x158.test +excluded;DNS.160 = x159.test +excluded;DNS.161 = x160.test +excluded;DNS.162 = x161.test +excluded;DNS.163 = x162.test +excluded;DNS.164 = x163.test +excluded;DNS.165 = x164.test +excluded;DNS.166 = x165.test +excluded;DNS.167 = x166.test +excluded;DNS.168 = x167.test +excluded;DNS.169 = x168.test +excluded;DNS.170 = x169.test +excluded;IP.1 = 11.0.0.0/255.255.255.255 +excluded;IP.2 = 11.0.0.1/255.255.255.255 +excluded;IP.3 = 11.0.0.2/255.255.255.255 +excluded;IP.4 = 11.0.0.3/255.255.255.255 +excluded;IP.5 = 11.0.0.4/255.255.255.255 +excluded;IP.6 = 11.0.0.5/255.255.255.255 +excluded;IP.7 = 11.0.0.6/255.255.255.255 +excluded;IP.8 = 11.0.0.7/255.255.255.255 +excluded;IP.9 = 11.0.0.8/255.255.255.255 +excluded;IP.10 = 11.0.0.9/255.255.255.255 +excluded;IP.11 = 11.0.0.10/255.255.255.255 +excluded;IP.12 = 11.0.0.11/255.255.255.255 +excluded;IP.13 = 11.0.0.12/255.255.255.255 +excluded;IP.14 = 11.0.0.13/255.255.255.255 +excluded;IP.15 = 11.0.0.14/255.255.255.255 +excluded;IP.16 = 11.0.0.15/255.255.255.255 +excluded;IP.17 = 11.0.0.16/255.255.255.255 +excluded;IP.18 = 11.0.0.17/255.255.255.255 +excluded;IP.19 = 11.0.0.18/255.255.255.255 +excluded;IP.20 = 11.0.0.19/255.255.255.255 +excluded;IP.21 = 11.0.0.20/255.255.255.255 +excluded;IP.22 = 11.0.0.21/255.255.255.255 +excluded;IP.23 = 11.0.0.22/255.255.255.255 +excluded;IP.24 = 11.0.0.23/255.255.255.255 +excluded;IP.25 = 11.0.0.24/255.255.255.255 +excluded;IP.26 = 11.0.0.25/255.255.255.255 +excluded;IP.27 = 11.0.0.26/255.255.255.255 +excluded;IP.28 = 11.0.0.27/255.255.255.255 +excluded;IP.29 = 11.0.0.28/255.255.255.255 +excluded;IP.30 = 11.0.0.29/255.255.255.255 +excluded;IP.31 = 11.0.0.30/255.255.255.255 +excluded;IP.32 = 11.0.0.31/255.255.255.255 +excluded;IP.33 = 11.0.0.32/255.255.255.255 +excluded;IP.34 = 11.0.0.33/255.255.255.255 +excluded;IP.35 = 11.0.0.34/255.255.255.255 +excluded;IP.36 = 11.0.0.35/255.255.255.255 +excluded;IP.37 = 11.0.0.36/255.255.255.255 +excluded;IP.38 = 11.0.0.37/255.255.255.255 +excluded;IP.39 = 11.0.0.38/255.255.255.255 +excluded;IP.40 = 11.0.0.39/255.255.255.255 +excluded;IP.41 = 11.0.0.40/255.255.255.255 +excluded;IP.42 = 11.0.0.41/255.255.255.255 +excluded;IP.43 = 11.0.0.42/255.255.255.255 +excluded;IP.44 = 11.0.0.43/255.255.255.255 +excluded;IP.45 = 11.0.0.44/255.255.255.255 +excluded;IP.46 = 11.0.0.45/255.255.255.255 +excluded;IP.47 = 11.0.0.46/255.255.255.255 +excluded;IP.48 = 11.0.0.47/255.255.255.255 +excluded;IP.49 = 11.0.0.48/255.255.255.255 +excluded;IP.50 = 11.0.0.49/255.255.255.255 +excluded;IP.51 = 11.0.0.50/255.255.255.255 +excluded;IP.52 = 11.0.0.51/255.255.255.255 +excluded;IP.53 = 11.0.0.52/255.255.255.255 +excluded;IP.54 = 11.0.0.53/255.255.255.255 +excluded;IP.55 = 11.0.0.54/255.255.255.255 +excluded;IP.56 = 11.0.0.55/255.255.255.255 +excluded;IP.57 = 11.0.0.56/255.255.255.255 +excluded;IP.58 = 11.0.0.57/255.255.255.255 +excluded;IP.59 = 11.0.0.58/255.255.255.255 +excluded;IP.60 = 11.0.0.59/255.255.255.255 +excluded;IP.61 = 11.0.0.60/255.255.255.255 +excluded;IP.62 = 11.0.0.61/255.255.255.255 +excluded;IP.63 = 11.0.0.62/255.255.255.255 +excluded;IP.64 = 11.0.0.63/255.255.255.255 +excluded;IP.65 = 11.0.0.64/255.255.255.255 +excluded;IP.66 = 11.0.0.65/255.255.255.255 +excluded;IP.67 = 11.0.0.66/255.255.255.255 +excluded;IP.68 = 11.0.0.67/255.255.255.255 +excluded;IP.69 = 11.0.0.68/255.255.255.255 +excluded;IP.70 = 11.0.0.69/255.255.255.255 +excluded;IP.71 = 11.0.0.70/255.255.255.255 +excluded;IP.72 = 11.0.0.71/255.255.255.255 +excluded;IP.73 = 11.0.0.72/255.255.255.255 +excluded;IP.74 = 11.0.0.73/255.255.255.255 +excluded;IP.75 = 11.0.0.74/255.255.255.255 +excluded;IP.76 = 11.0.0.75/255.255.255.255 +excluded;IP.77 = 11.0.0.76/255.255.255.255 +excluded;IP.78 = 11.0.0.77/255.255.255.255 +excluded;IP.79 = 11.0.0.78/255.255.255.255 +excluded;IP.80 = 11.0.0.79/255.255.255.255 +excluded;IP.81 = 11.0.0.80/255.255.255.255 +excluded;IP.82 = 11.0.0.81/255.255.255.255 +excluded;IP.83 = 11.0.0.82/255.255.255.255 +excluded;IP.84 = 11.0.0.83/255.255.255.255 +excluded;IP.85 = 11.0.0.84/255.255.255.255 +excluded;IP.86 = 11.0.0.85/255.255.255.255 +excluded;IP.87 = 11.0.0.86/255.255.255.255 +excluded;IP.88 = 11.0.0.87/255.255.255.255 +excluded;IP.89 = 11.0.0.88/255.255.255.255 +excluded;IP.90 = 11.0.0.89/255.255.255.255 +excluded;IP.91 = 11.0.0.90/255.255.255.255 +excluded;IP.92 = 11.0.0.91/255.255.255.255 +excluded;IP.93 = 11.0.0.92/255.255.255.255 +excluded;IP.94 = 11.0.0.93/255.255.255.255 +excluded;IP.95 = 11.0.0.94/255.255.255.255 +excluded;IP.96 = 11.0.0.95/255.255.255.255 +excluded;IP.97 = 11.0.0.96/255.255.255.255 +excluded;IP.98 = 11.0.0.97/255.255.255.255 +excluded;IP.99 = 11.0.0.98/255.255.255.255 +excluded;IP.100 = 11.0.0.99/255.255.255.255 +excluded;IP.101 = 11.0.0.100/255.255.255.255 +excluded;IP.102 = 11.0.0.101/255.255.255.255 +excluded;IP.103 = 11.0.0.102/255.255.255.255 +excluded;IP.104 = 11.0.0.103/255.255.255.255 +excluded;IP.105 = 11.0.0.104/255.255.255.255 +excluded;IP.106 = 11.0.0.105/255.255.255.255 +excluded;IP.107 = 11.0.0.106/255.255.255.255 +excluded;IP.108 = 11.0.0.107/255.255.255.255 +excluded;IP.109 = 11.0.0.108/255.255.255.255 +excluded;IP.110 = 11.0.0.109/255.255.255.255 +excluded;IP.111 = 11.0.0.110/255.255.255.255 +excluded;IP.112 = 11.0.0.111/255.255.255.255 +excluded;IP.113 = 11.0.0.112/255.255.255.255 +excluded;IP.114 = 11.0.0.113/255.255.255.255 +excluded;IP.115 = 11.0.0.114/255.255.255.255 +excluded;IP.116 = 11.0.0.115/255.255.255.255 +excluded;IP.117 = 11.0.0.116/255.255.255.255 +excluded;IP.118 = 11.0.0.117/255.255.255.255 +excluded;IP.119 = 11.0.0.118/255.255.255.255 +excluded;IP.120 = 11.0.0.119/255.255.255.255 +excluded;IP.121 = 11.0.0.120/255.255.255.255 +excluded;IP.122 = 11.0.0.121/255.255.255.255 +excluded;IP.123 = 11.0.0.122/255.255.255.255 +excluded;IP.124 = 11.0.0.123/255.255.255.255 +excluded;IP.125 = 11.0.0.124/255.255.255.255 +excluded;IP.126 = 11.0.0.125/255.255.255.255 +excluded;IP.127 = 11.0.0.126/255.255.255.255 +excluded;IP.128 = 11.0.0.127/255.255.255.255 +excluded;IP.129 = 11.0.0.128/255.255.255.255 +excluded;IP.130 = 11.0.0.129/255.255.255.255 +excluded;IP.131 = 11.0.0.130/255.255.255.255 +excluded;IP.132 = 11.0.0.131/255.255.255.255 +excluded;IP.133 = 11.0.0.132/255.255.255.255 +excluded;IP.134 = 11.0.0.133/255.255.255.255 +excluded;IP.135 = 11.0.0.134/255.255.255.255 +excluded;IP.136 = 11.0.0.135/255.255.255.255 +excluded;IP.137 = 11.0.0.136/255.255.255.255 +excluded;IP.138 = 11.0.0.137/255.255.255.255 +excluded;IP.139 = 11.0.0.138/255.255.255.255 +excluded;IP.140 = 11.0.0.139/255.255.255.255 +excluded;IP.141 = 11.0.0.140/255.255.255.255 +excluded;IP.142 = 11.0.0.141/255.255.255.255 +excluded;IP.143 = 11.0.0.142/255.255.255.255 +excluded;IP.144 = 11.0.0.143/255.255.255.255 +excluded;IP.145 = 11.0.0.144/255.255.255.255 +excluded;IP.146 = 11.0.0.145/255.255.255.255 +excluded;IP.147 = 11.0.0.146/255.255.255.255 +excluded;IP.148 = 11.0.0.147/255.255.255.255 +excluded;IP.149 = 11.0.0.148/255.255.255.255 +excluded;IP.150 = 11.0.0.149/255.255.255.255 +excluded;IP.151 = 11.0.0.150/255.255.255.255 +excluded;IP.152 = 11.0.0.151/255.255.255.255 +excluded;IP.153 = 11.0.0.152/255.255.255.255 +excluded;IP.154 = 11.0.0.153/255.255.255.255 +excluded;IP.155 = 11.0.0.154/255.255.255.255 +excluded;IP.156 = 11.0.0.155/255.255.255.255 +excluded;IP.157 = 11.0.0.156/255.255.255.255 +excluded;IP.158 = 11.0.0.157/255.255.255.255 +excluded;IP.159 = 11.0.0.158/255.255.255.255 +excluded;IP.160 = 11.0.0.159/255.255.255.255 +excluded;IP.161 = 11.0.0.160/255.255.255.255 +excluded;IP.162 = 11.0.0.161/255.255.255.255 +excluded;IP.163 = 11.0.0.162/255.255.255.255 +excluded;IP.164 = 11.0.0.163/255.255.255.255 +excluded;IP.165 = 11.0.0.164/255.255.255.255 +excluded;IP.166 = 11.0.0.165/255.255.255.255 +excluded;IP.167 = 11.0.0.166/255.255.255.255 +excluded;IP.168 = 11.0.0.167/255.255.255.255 +excluded;IP.169 = 11.0.0.168/255.255.255.255 +excluded;IP.170 = 11.0.0.169/255.255.255.255 +excluded;dirName.1 = nameConstraints_dirname_x1 +excluded;dirName.2 = nameConstraints_dirname_x2 +excluded;dirName.3 = nameConstraints_dirname_x3 +excluded;dirName.4 = nameConstraints_dirname_x4 +excluded;dirName.5 = nameConstraints_dirname_x5 +excluded;dirName.6 = nameConstraints_dirname_x6 +excluded;dirName.7 = nameConstraints_dirname_x7 +excluded;dirName.8 = nameConstraints_dirname_x8 +excluded;dirName.9 = nameConstraints_dirname_x9 +excluded;dirName.10 = nameConstraints_dirname_x10 +excluded;dirName.11 = nameConstraints_dirname_x11 +excluded;dirName.12 = nameConstraints_dirname_x12 +excluded;dirName.13 = nameConstraints_dirname_x13 +excluded;dirName.14 = nameConstraints_dirname_x14 +excluded;dirName.15 = nameConstraints_dirname_x15 +excluded;dirName.16 = nameConstraints_dirname_x16 +excluded;dirName.17 = nameConstraints_dirname_x17 +excluded;dirName.18 = nameConstraints_dirname_x18 +excluded;dirName.19 = nameConstraints_dirname_x19 +excluded;dirName.20 = nameConstraints_dirname_x20 +excluded;dirName.21 = nameConstraints_dirname_x21 +excluded;dirName.22 = nameConstraints_dirname_x22 +excluded;dirName.23 = nameConstraints_dirname_x23 +excluded;dirName.24 = nameConstraints_dirname_x24 +excluded;dirName.25 = nameConstraints_dirname_x25 +excluded;dirName.26 = nameConstraints_dirname_x26 +excluded;dirName.27 = nameConstraints_dirname_x27 +excluded;dirName.28 = nameConstraints_dirname_x28 +excluded;dirName.29 = nameConstraints_dirname_x29 +excluded;dirName.30 = nameConstraints_dirname_x30 +excluded;dirName.31 = nameConstraints_dirname_x31 +excluded;dirName.32 = nameConstraints_dirname_x32 +excluded;dirName.33 = nameConstraints_dirname_x33 +excluded;dirName.34 = nameConstraints_dirname_x34 +excluded;dirName.35 = nameConstraints_dirname_x35 +excluded;dirName.36 = nameConstraints_dirname_x36 +excluded;dirName.37 = nameConstraints_dirname_x37 +excluded;dirName.38 = nameConstraints_dirname_x38 +excluded;dirName.39 = nameConstraints_dirname_x39 +excluded;dirName.40 = nameConstraints_dirname_x40 +excluded;dirName.41 = nameConstraints_dirname_x41 +excluded;dirName.42 = nameConstraints_dirname_x42 +excluded;dirName.43 = nameConstraints_dirname_x43 +excluded;dirName.44 = nameConstraints_dirname_x44 +excluded;dirName.45 = nameConstraints_dirname_x45 +excluded;dirName.46 = nameConstraints_dirname_x46 +excluded;dirName.47 = nameConstraints_dirname_x47 +excluded;dirName.48 = nameConstraints_dirname_x48 +excluded;dirName.49 = nameConstraints_dirname_x49 +excluded;dirName.50 = nameConstraints_dirname_x50 +excluded;dirName.51 = nameConstraints_dirname_x51 +excluded;dirName.52 = nameConstraints_dirname_x52 +excluded;dirName.53 = nameConstraints_dirname_x53 +excluded;dirName.54 = nameConstraints_dirname_x54 +excluded;dirName.55 = nameConstraints_dirname_x55 +excluded;dirName.56 = nameConstraints_dirname_x56 +excluded;dirName.57 = nameConstraints_dirname_x57 +excluded;dirName.58 = nameConstraints_dirname_x58 +excluded;dirName.59 = nameConstraints_dirname_x59 +excluded;dirName.60 = nameConstraints_dirname_x60 +excluded;dirName.61 = nameConstraints_dirname_x61 +excluded;dirName.62 = nameConstraints_dirname_x62 +excluded;dirName.63 = nameConstraints_dirname_x63 +excluded;dirName.64 = nameConstraints_dirname_x64 +excluded;dirName.65 = nameConstraints_dirname_x65 +excluded;dirName.66 = nameConstraints_dirname_x66 +excluded;dirName.67 = nameConstraints_dirname_x67 +excluded;dirName.68 = nameConstraints_dirname_x68 +excluded;dirName.69 = nameConstraints_dirname_x69 +excluded;dirName.70 = nameConstraints_dirname_x70 +excluded;dirName.71 = nameConstraints_dirname_x71 +excluded;dirName.72 = nameConstraints_dirname_x72 +excluded;dirName.73 = nameConstraints_dirname_x73 +excluded;dirName.74 = nameConstraints_dirname_x74 +excluded;dirName.75 = nameConstraints_dirname_x75 +excluded;dirName.76 = nameConstraints_dirname_x76 +excluded;dirName.77 = nameConstraints_dirname_x77 +excluded;dirName.78 = nameConstraints_dirname_x78 +excluded;dirName.79 = nameConstraints_dirname_x79 +excluded;dirName.80 = nameConstraints_dirname_x80 +excluded;dirName.81 = nameConstraints_dirname_x81 +excluded;dirName.82 = nameConstraints_dirname_x82 +excluded;dirName.83 = nameConstraints_dirname_x83 +excluded;dirName.84 = nameConstraints_dirname_x84 +excluded;dirName.85 = nameConstraints_dirname_x85 +excluded;dirName.86 = nameConstraints_dirname_x86 +excluded;dirName.87 = nameConstraints_dirname_x87 +excluded;dirName.88 = nameConstraints_dirname_x88 +excluded;dirName.89 = nameConstraints_dirname_x89 +excluded;dirName.90 = nameConstraints_dirname_x90 +excluded;dirName.91 = nameConstraints_dirname_x91 +excluded;dirName.92 = nameConstraints_dirname_x92 +excluded;dirName.93 = nameConstraints_dirname_x93 +excluded;dirName.94 = nameConstraints_dirname_x94 +excluded;dirName.95 = nameConstraints_dirname_x95 +excluded;dirName.96 = nameConstraints_dirname_x96 +excluded;dirName.97 = nameConstraints_dirname_x97 +excluded;dirName.98 = nameConstraints_dirname_x98 +excluded;dirName.99 = nameConstraints_dirname_x99 +excluded;dirName.100 = nameConstraints_dirname_x100 +excluded;dirName.101 = nameConstraints_dirname_x101 +excluded;dirName.102 = nameConstraints_dirname_x102 +excluded;dirName.103 = nameConstraints_dirname_x103 +excluded;dirName.104 = nameConstraints_dirname_x104 +excluded;dirName.105 = nameConstraints_dirname_x105 +excluded;dirName.106 = nameConstraints_dirname_x106 +excluded;dirName.107 = nameConstraints_dirname_x107 +excluded;dirName.108 = nameConstraints_dirname_x108 +excluded;dirName.109 = nameConstraints_dirname_x109 +excluded;dirName.110 = nameConstraints_dirname_x110 +excluded;dirName.111 = nameConstraints_dirname_x111 +excluded;dirName.112 = nameConstraints_dirname_x112 +excluded;dirName.113 = nameConstraints_dirname_x113 +excluded;dirName.114 = nameConstraints_dirname_x114 +excluded;dirName.115 = nameConstraints_dirname_x115 +excluded;dirName.116 = nameConstraints_dirname_x116 +excluded;dirName.117 = nameConstraints_dirname_x117 +excluded;dirName.118 = nameConstraints_dirname_x118 +excluded;dirName.119 = nameConstraints_dirname_x119 +excluded;dirName.120 = nameConstraints_dirname_x120 +excluded;dirName.121 = nameConstraints_dirname_x121 +excluded;dirName.122 = nameConstraints_dirname_x122 +excluded;dirName.123 = nameConstraints_dirname_x123 +excluded;dirName.124 = nameConstraints_dirname_x124 +excluded;dirName.125 = nameConstraints_dirname_x125 +excluded;dirName.126 = nameConstraints_dirname_x126 +excluded;dirName.127 = nameConstraints_dirname_x127 +excluded;dirName.128 = nameConstraints_dirname_x128 +excluded;dirName.129 = nameConstraints_dirname_x129 +excluded;dirName.130 = nameConstraints_dirname_x130 +excluded;dirName.131 = nameConstraints_dirname_x131 +excluded;dirName.132 = nameConstraints_dirname_x132 +excluded;dirName.133 = nameConstraints_dirname_x133 +excluded;dirName.134 = nameConstraints_dirname_x134 +excluded;dirName.135 = nameConstraints_dirname_x135 +excluded;dirName.136 = nameConstraints_dirname_x136 +excluded;dirName.137 = nameConstraints_dirname_x137 +excluded;dirName.138 = nameConstraints_dirname_x138 +excluded;dirName.139 = nameConstraints_dirname_x139 +excluded;dirName.140 = nameConstraints_dirname_x140 +excluded;dirName.141 = nameConstraints_dirname_x141 +excluded;dirName.142 = nameConstraints_dirname_x142 +excluded;dirName.143 = nameConstraints_dirname_x143 +excluded;dirName.144 = nameConstraints_dirname_x144 +excluded;dirName.145 = nameConstraints_dirname_x145 +excluded;dirName.146 = nameConstraints_dirname_x146 +excluded;dirName.147 = nameConstraints_dirname_x147 +excluded;dirName.148 = nameConstraints_dirname_x148 +excluded;dirName.149 = nameConstraints_dirname_x149 +excluded;dirName.150 = nameConstraints_dirname_x150 +excluded;dirName.151 = nameConstraints_dirname_x151 +excluded;dirName.152 = nameConstraints_dirname_x152 +excluded;dirName.153 = nameConstraints_dirname_x153 +excluded;dirName.154 = nameConstraints_dirname_x154 +excluded;dirName.155 = nameConstraints_dirname_x155 +excluded;dirName.156 = nameConstraints_dirname_x156 +excluded;dirName.157 = nameConstraints_dirname_x157 +excluded;dirName.158 = nameConstraints_dirname_x158 +excluded;dirName.159 = nameConstraints_dirname_x159 +excluded;dirName.160 = nameConstraints_dirname_x160 +excluded;dirName.161 = nameConstraints_dirname_x161 +excluded;dirName.162 = nameConstraints_dirname_x162 +excluded;dirName.163 = nameConstraints_dirname_x163 +excluded;dirName.164 = nameConstraints_dirname_x164 +excluded;dirName.165 = nameConstraints_dirname_x165 +excluded;dirName.166 = nameConstraints_dirname_x166 +excluded;dirName.167 = nameConstraints_dirname_x167 +excluded;dirName.168 = nameConstraints_dirname_x168 +excluded;dirName.169 = nameConstraints_dirname_x169 +excluded;dirName.170 = nameConstraints_dirname_x170 +excluded;URI.1 = http://xest/0 +excluded;URI.2 = http://xest/1 +excluded;URI.3 = http://xest/2 +excluded;URI.4 = http://xest/3 +excluded;URI.5 = http://xest/4 +excluded;URI.6 = http://xest/5 +excluded;URI.7 = http://xest/6 +excluded;URI.8 = http://xest/7 +excluded;URI.9 = http://xest/8 +excluded;URI.10 = http://xest/9 +excluded;URI.11 = http://xest/10 +excluded;URI.12 = http://xest/11 +excluded;URI.13 = http://xest/12 +excluded;URI.14 = http://xest/13 +excluded;URI.15 = http://xest/14 +excluded;URI.16 = http://xest/15 +excluded;URI.17 = http://xest/16 +excluded;URI.18 = http://xest/17 +excluded;URI.19 = http://xest/18 +excluded;URI.20 = http://xest/19 +excluded;URI.21 = http://xest/20 +excluded;URI.22 = http://xest/21 +excluded;URI.23 = http://xest/22 +excluded;URI.24 = http://xest/23 +excluded;URI.25 = http://xest/24 +excluded;URI.26 = http://xest/25 +excluded;URI.27 = http://xest/26 +excluded;URI.28 = http://xest/27 +excluded;URI.29 = http://xest/28 +excluded;URI.30 = http://xest/29 +excluded;URI.31 = http://xest/30 +excluded;URI.32 = http://xest/31 +excluded;URI.33 = http://xest/32 +excluded;URI.34 = http://xest/33 +excluded;URI.35 = http://xest/34 +excluded;URI.36 = http://xest/35 +excluded;URI.37 = http://xest/36 +excluded;URI.38 = http://xest/37 +excluded;URI.39 = http://xest/38 +excluded;URI.40 = http://xest/39 +excluded;URI.41 = http://xest/40 +excluded;URI.42 = http://xest/41 +excluded;URI.43 = http://xest/42 +excluded;URI.44 = http://xest/43 +excluded;URI.45 = http://xest/44 +excluded;URI.46 = http://xest/45 +excluded;URI.47 = http://xest/46 +excluded;URI.48 = http://xest/47 +excluded;URI.49 = http://xest/48 +excluded;URI.50 = http://xest/49 +excluded;URI.51 = http://xest/50 +excluded;URI.52 = http://xest/51 +excluded;URI.53 = http://xest/52 +excluded;URI.54 = http://xest/53 +excluded;URI.55 = http://xest/54 +excluded;URI.56 = http://xest/55 +excluded;URI.57 = http://xest/56 +excluded;URI.58 = http://xest/57 +excluded;URI.59 = http://xest/58 +excluded;URI.60 = http://xest/59 +excluded;URI.61 = http://xest/60 +excluded;URI.62 = http://xest/61 +excluded;URI.63 = http://xest/62 +excluded;URI.64 = http://xest/63 +excluded;URI.65 = http://xest/64 +excluded;URI.66 = http://xest/65 +excluded;URI.67 = http://xest/66 +excluded;URI.68 = http://xest/67 +excluded;URI.69 = http://xest/68 +excluded;URI.70 = http://xest/69 +excluded;URI.71 = http://xest/70 +excluded;URI.72 = http://xest/71 +excluded;URI.73 = http://xest/72 +excluded;URI.74 = http://xest/73 +excluded;URI.75 = http://xest/74 +excluded;URI.76 = http://xest/75 +excluded;URI.77 = http://xest/76 +excluded;URI.78 = http://xest/77 +excluded;URI.79 = http://xest/78 +excluded;URI.80 = http://xest/79 +excluded;URI.81 = http://xest/80 +excluded;URI.82 = http://xest/81 +excluded;URI.83 = http://xest/82 +excluded;URI.84 = http://xest/83 +excluded;URI.85 = http://xest/84 +excluded;URI.86 = http://xest/85 +excluded;URI.87 = http://xest/86 +excluded;URI.88 = http://xest/87 +excluded;URI.89 = http://xest/88 +excluded;URI.90 = http://xest/89 +excluded;URI.91 = http://xest/90 +excluded;URI.92 = http://xest/91 +excluded;URI.93 = http://xest/92 +excluded;URI.94 = http://xest/93 +excluded;URI.95 = http://xest/94 +excluded;URI.96 = http://xest/95 +excluded;URI.97 = http://xest/96 +excluded;URI.98 = http://xest/97 +excluded;URI.99 = http://xest/98 +excluded;URI.100 = http://xest/99 +excluded;URI.101 = http://xest/100 +excluded;URI.102 = http://xest/101 +excluded;URI.103 = http://xest/102 +excluded;URI.104 = http://xest/103 +excluded;URI.105 = http://xest/104 +excluded;URI.106 = http://xest/105 +excluded;URI.107 = http://xest/106 +excluded;URI.108 = http://xest/107 +excluded;URI.109 = http://xest/108 +excluded;URI.110 = http://xest/109 +excluded;URI.111 = http://xest/110 +excluded;URI.112 = http://xest/111 +excluded;URI.113 = http://xest/112 +excluded;URI.114 = http://xest/113 +excluded;URI.115 = http://xest/114 +excluded;URI.116 = http://xest/115 +excluded;URI.117 = http://xest/116 +excluded;URI.118 = http://xest/117 +excluded;URI.119 = http://xest/118 +excluded;URI.120 = http://xest/119 +excluded;URI.121 = http://xest/120 +excluded;URI.122 = http://xest/121 +excluded;URI.123 = http://xest/122 +excluded;URI.124 = http://xest/123 +excluded;URI.125 = http://xest/124 +excluded;URI.126 = http://xest/125 +excluded;URI.127 = http://xest/126 +excluded;URI.128 = http://xest/127 +excluded;URI.129 = http://xest/128 +excluded;URI.130 = http://xest/129 +excluded;URI.131 = http://xest/130 +excluded;URI.132 = http://xest/131 +excluded;URI.133 = http://xest/132 +excluded;URI.134 = http://xest/133 +excluded;URI.135 = http://xest/134 +excluded;URI.136 = http://xest/135 +excluded;URI.137 = http://xest/136 +excluded;URI.138 = http://xest/137 +excluded;URI.139 = http://xest/138 +excluded;URI.140 = http://xest/139 +excluded;URI.141 = http://xest/140 +excluded;URI.142 = http://xest/141 +excluded;URI.143 = http://xest/142 +excluded;URI.144 = http://xest/143 +excluded;URI.145 = http://xest/144 +excluded;URI.146 = http://xest/145 +excluded;URI.147 = http://xest/146 +excluded;URI.148 = http://xest/147 +excluded;URI.149 = http://xest/148 +excluded;URI.150 = http://xest/149 +excluded;URI.151 = http://xest/150 +excluded;URI.152 = http://xest/151 +excluded;URI.153 = http://xest/152 +excluded;URI.154 = http://xest/153 +excluded;URI.155 = http://xest/154 +excluded;URI.156 = http://xest/155 +excluded;URI.157 = http://xest/156 +excluded;URI.158 = http://xest/157 +excluded;URI.159 = http://xest/158 +excluded;URI.160 = http://xest/159 +excluded;URI.161 = http://xest/160 +excluded;URI.162 = http://xest/161 +excluded;URI.163 = http://xest/162 +excluded;URI.164 = http://xest/163 +excluded;URI.165 = http://xest/164 +excluded;URI.166 = http://xest/165 +excluded;URI.167 = http://xest/166 +excluded;URI.168 = http://xest/167 +excluded;URI.169 = http://xest/168 +excluded;URI.170 = http://xest/169 +excluded;URI.171 = http://xest/170 +excluded;URI.172 = http://xest/171 +excluded;URI.173 = http://xest/172 +excluded;URI.174 = http://xest/173 +excluded;URI.175 = http://xest/174 +excluded;URI.176 = http://xest/175 +excluded;URI.177 = http://xest/176 +excluded;URI.178 = http://xest/177 +excluded;URI.179 = http://xest/178 +excluded;URI.180 = http://xest/179 +excluded;URI.181 = http://xest/180 +excluded;URI.182 = http://xest/181 +excluded;URI.183 = http://xest/182 +excluded;URI.184 = http://xest/183 +excluded;URI.185 = http://xest/184 +excluded;URI.186 = http://xest/185 +excluded;URI.187 = http://xest/186 +excluded;URI.188 = http://xest/187 +excluded;URI.189 = http://xest/188 +excluded;URI.190 = http://xest/189 +excluded;URI.191 = http://xest/190 +excluded;URI.192 = http://xest/191 +excluded;URI.193 = http://xest/192 +excluded;URI.194 = http://xest/193 +excluded;URI.195 = http://xest/194 +excluded;URI.196 = http://xest/195 +excluded;URI.197 = http://xest/196 +excluded;URI.198 = http://xest/197 +excluded;URI.199 = http://xest/198 +excluded;URI.200 = http://xest/199 +excluded;URI.201 = http://xest/200 +excluded;URI.202 = http://xest/201 +excluded;URI.203 = http://xest/202 +excluded;URI.204 = http://xest/203 +excluded;URI.205 = http://xest/204 +excluded;URI.206 = http://xest/205 +excluded;URI.207 = http://xest/206 +excluded;URI.208 = http://xest/207 +excluded;URI.209 = http://xest/208 +excluded;URI.210 = http://xest/209 +excluded;URI.211 = http://xest/210 +excluded;URI.212 = http://xest/211 +excluded;URI.213 = http://xest/212 +excluded;URI.214 = http://xest/213 +excluded;URI.215 = http://xest/214 +excluded;URI.216 = http://xest/215 +excluded;URI.217 = http://xest/216 +excluded;URI.218 = http://xest/217 +excluded;URI.219 = http://xest/218 +excluded;URI.220 = http://xest/219 +excluded;URI.221 = http://xest/220 +excluded;URI.222 = http://xest/221 +excluded;URI.223 = http://xest/222 +excluded;URI.224 = http://xest/223 +excluded;URI.225 = http://xest/224 +excluded;URI.226 = http://xest/225 +excluded;URI.227 = http://xest/226 +excluded;URI.228 = http://xest/227 +excluded;URI.229 = http://xest/228 +excluded;URI.230 = http://xest/229 +excluded;URI.231 = http://xest/230 +excluded;URI.232 = http://xest/231 +excluded;URI.233 = http://xest/232 +excluded;URI.234 = http://xest/233 +excluded;URI.235 = http://xest/234 +excluded;URI.236 = http://xest/235 +excluded;URI.237 = http://xest/236 +excluded;URI.238 = http://xest/237 +excluded;URI.239 = http://xest/238 +excluded;URI.240 = http://xest/239 +excluded;URI.241 = http://xest/240 +excluded;URI.242 = http://xest/241 +excluded;URI.243 = http://xest/242 +excluded;URI.244 = http://xest/243 +excluded;URI.245 = http://xest/244 +excluded;URI.246 = http://xest/245 +excluded;URI.247 = http://xest/246 +excluded;URI.248 = http://xest/247 +excluded;URI.249 = http://xest/248 +excluded;URI.250 = http://xest/249 +excluded;URI.251 = http://xest/250 +excluded;URI.252 = http://xest/251 +excluded;URI.253 = http://xest/252 +excluded;URI.254 = http://xest/253 +excluded;URI.255 = http://xest/254 +excluded;URI.256 = http://xest/255 +excluded;URI.257 = http://xest/256 +excluded;URI.258 = http://xest/257 +excluded;URI.259 = http://xest/258 +excluded;URI.260 = http://xest/259 +excluded;URI.261 = http://xest/260 +excluded;URI.262 = http://xest/261 +excluded;URI.263 = http://xest/262 +excluded;URI.264 = http://xest/263 +excluded;URI.265 = http://xest/264 +excluded;URI.266 = http://xest/265 +excluded;URI.267 = http://xest/266 +excluded;URI.268 = http://xest/267 +excluded;URI.269 = http://xest/268 +excluded;URI.270 = http://xest/269 +excluded;URI.271 = http://xest/270 +excluded;URI.272 = http://xest/271 +excluded;URI.273 = http://xest/272 +excluded;URI.274 = http://xest/273 +excluded;URI.275 = http://xest/274 +excluded;URI.276 = http://xest/275 +excluded;URI.277 = http://xest/276 +excluded;URI.278 = http://xest/277 +excluded;URI.279 = http://xest/278 +excluded;URI.280 = http://xest/279 +excluded;URI.281 = http://xest/280 +excluded;URI.282 = http://xest/281 +excluded;URI.283 = http://xest/282 +excluded;URI.284 = http://xest/283 +excluded;URI.285 = http://xest/284 +excluded;URI.286 = http://xest/285 +excluded;URI.287 = http://xest/286 +excluded;URI.288 = http://xest/287 +excluded;URI.289 = http://xest/288 +excluded;URI.290 = http://xest/289 +excluded;URI.291 = http://xest/290 +excluded;URI.292 = http://xest/291 +excluded;URI.293 = http://xest/292 +excluded;URI.294 = http://xest/293 +excluded;URI.295 = http://xest/294 +excluded;URI.296 = http://xest/295 +excluded;URI.297 = http://xest/296 +excluded;URI.298 = http://xest/297 +excluded;URI.299 = http://xest/298 +excluded;URI.300 = http://xest/299 +excluded;URI.301 = http://xest/300 +excluded;URI.302 = http://xest/301 +excluded;URI.303 = http://xest/302 +excluded;URI.304 = http://xest/303 +excluded;URI.305 = http://xest/304 +excluded;URI.306 = http://xest/305 +excluded;URI.307 = http://xest/306 +excluded;URI.308 = http://xest/307 +excluded;URI.309 = http://xest/308 +excluded;URI.310 = http://xest/309 +excluded;URI.311 = http://xest/310 +excluded;URI.312 = http://xest/311 +excluded;URI.313 = http://xest/312 +excluded;URI.314 = http://xest/313 +excluded;URI.315 = http://xest/314 +excluded;URI.316 = http://xest/315 +excluded;URI.317 = http://xest/316 +excluded;URI.318 = http://xest/317 +excluded;URI.319 = http://xest/318 +excluded;URI.320 = http://xest/319 +excluded;URI.321 = http://xest/320 +excluded;URI.322 = http://xest/321 +excluded;URI.323 = http://xest/322 +excluded;URI.324 = http://xest/323 +excluded;URI.325 = http://xest/324 +excluded;URI.326 = http://xest/325 +excluded;URI.327 = http://xest/326 +excluded;URI.328 = http://xest/327 +excluded;URI.329 = http://xest/328 +excluded;URI.330 = http://xest/329 +excluded;URI.331 = http://xest/330 +excluded;URI.332 = http://xest/331 +excluded;URI.333 = http://xest/332 +excluded;URI.334 = http://xest/333 +excluded;URI.335 = http://xest/334 +excluded;URI.336 = http://xest/335 +excluded;URI.337 = http://xest/336 +excluded;URI.338 = http://xest/337 +excluded;URI.339 = http://xest/338 +excluded;URI.340 = http://xest/339 +excluded;URI.341 = http://xest/340 +excluded;URI.342 = http://xest/341 +excluded;URI.343 = http://xest/342 +excluded;URI.344 = http://xest/343 +excluded;URI.345 = http://xest/344 +excluded;URI.346 = http://xest/345 +excluded;URI.347 = http://xest/346 +excluded;URI.348 = http://xest/347 +excluded;URI.349 = http://xest/348 +excluded;URI.350 = http://xest/349 +excluded;URI.351 = http://xest/350 +excluded;URI.352 = http://xest/351 +excluded;URI.353 = http://xest/352 +excluded;URI.354 = http://xest/353 +excluded;URI.355 = http://xest/354 +excluded;URI.356 = http://xest/355 +excluded;URI.357 = http://xest/356 +excluded;URI.358 = http://xest/357 +excluded;URI.359 = http://xest/358 +excluded;URI.360 = http://xest/359 +excluded;URI.361 = http://xest/360 +excluded;URI.362 = http://xest/361 +excluded;URI.363 = http://xest/362 +excluded;URI.364 = http://xest/363 +excluded;URI.365 = http://xest/364 +excluded;URI.366 = http://xest/365 +excluded;URI.367 = http://xest/366 +excluded;URI.368 = http://xest/367 +excluded;URI.369 = http://xest/368 +excluded;URI.370 = http://xest/369 +excluded;URI.371 = http://xest/370 +excluded;URI.372 = http://xest/371 +excluded;URI.373 = http://xest/372 +excluded;URI.374 = http://xest/373 +excluded;URI.375 = http://xest/374 +excluded;URI.376 = http://xest/375 +excluded;URI.377 = http://xest/376 +excluded;URI.378 = http://xest/377 +excluded;URI.379 = http://xest/378 +excluded;URI.380 = http://xest/379 +excluded;URI.381 = http://xest/380 +excluded;URI.382 = http://xest/381 +excluded;URI.383 = http://xest/382 +excluded;URI.384 = http://xest/383 +excluded;URI.385 = http://xest/384 +excluded;URI.386 = http://xest/385 +excluded;URI.387 = http://xest/386 +excluded;URI.388 = http://xest/387 +excluded;URI.389 = http://xest/388 +excluded;URI.390 = http://xest/389 +excluded;URI.391 = http://xest/390 +excluded;URI.392 = http://xest/391 +excluded;URI.393 = http://xest/392 +excluded;URI.394 = http://xest/393 +excluded;URI.395 = http://xest/394 +excluded;URI.396 = http://xest/395 +excluded;URI.397 = http://xest/396 +excluded;URI.398 = http://xest/397 +excluded;URI.399 = http://xest/398 +excluded;URI.400 = http://xest/399 +excluded;URI.401 = http://xest/400 +excluded;URI.402 = http://xest/401 +excluded;URI.403 = http://xest/402 +excluded;URI.404 = http://xest/403 +excluded;URI.405 = http://xest/404 +excluded;URI.406 = http://xest/405 +excluded;URI.407 = http://xest/406 +excluded;URI.408 = http://xest/407 +excluded;URI.409 = http://xest/408 +excluded;URI.410 = http://xest/409 +excluded;URI.411 = http://xest/410 +excluded;URI.412 = http://xest/411 +excluded;URI.413 = http://xest/412 +excluded;URI.414 = http://xest/413 +excluded;URI.415 = http://xest/414 +excluded;URI.416 = http://xest/415 +excluded;URI.417 = http://xest/416 +excluded;URI.418 = http://xest/417 +excluded;URI.419 = http://xest/418 +excluded;URI.420 = http://xest/419 +excluded;URI.421 = http://xest/420 +excluded;URI.422 = http://xest/421 +excluded;URI.423 = http://xest/422 +excluded;URI.424 = http://xest/423 +excluded;URI.425 = http://xest/424 +excluded;URI.426 = http://xest/425 +excluded;URI.427 = http://xest/426 +excluded;URI.428 = http://xest/427 +excluded;URI.429 = http://xest/428 +excluded;URI.430 = http://xest/429 +excluded;URI.431 = http://xest/430 +excluded;URI.432 = http://xest/431 +excluded;URI.433 = http://xest/432 +excluded;URI.434 = http://xest/433 +excluded;URI.435 = http://xest/434 +excluded;URI.436 = http://xest/435 +excluded;URI.437 = http://xest/436 +excluded;URI.438 = http://xest/437 +excluded;URI.439 = http://xest/438 +excluded;URI.440 = http://xest/439 +excluded;URI.441 = http://xest/440 +excluded;URI.442 = http://xest/441 +excluded;URI.443 = http://xest/442 +excluded;URI.444 = http://xest/443 +excluded;URI.445 = http://xest/444 +excluded;URI.446 = http://xest/445 +excluded;URI.447 = http://xest/446 +excluded;URI.448 = http://xest/447 +excluded;URI.449 = http://xest/448 +excluded;URI.450 = http://xest/449 +excluded;URI.451 = http://xest/450 +excluded;URI.452 = http://xest/451 +excluded;URI.453 = http://xest/452 +excluded;URI.454 = http://xest/453 +excluded;URI.455 = http://xest/454 +excluded;URI.456 = http://xest/455 +excluded;URI.457 = http://xest/456 +excluded;URI.458 = http://xest/457 +excluded;URI.459 = http://xest/458 +excluded;URI.460 = http://xest/459 +excluded;URI.461 = http://xest/460 +excluded;URI.462 = http://xest/461 +excluded;URI.463 = http://xest/462 +excluded;URI.464 = http://xest/463 +excluded;URI.465 = http://xest/464 +excluded;URI.466 = http://xest/465 +excluded;URI.467 = http://xest/466 +excluded;URI.468 = http://xest/467 +excluded;URI.469 = http://xest/468 +excluded;URI.470 = http://xest/469 +excluded;URI.471 = http://xest/470 +excluded;URI.472 = http://xest/471 +excluded;URI.473 = http://xest/472 +excluded;URI.474 = http://xest/473 +excluded;URI.475 = http://xest/474 +excluded;URI.476 = http://xest/475 +excluded;URI.477 = http://xest/476 +excluded;URI.478 = http://xest/477 +excluded;URI.479 = http://xest/478 +excluded;URI.480 = http://xest/479 +excluded;URI.481 = http://xest/480 +excluded;URI.482 = http://xest/481 +excluded;URI.483 = http://xest/482 +excluded;URI.484 = http://xest/483 +excluded;URI.485 = http://xest/484 +excluded;URI.486 = http://xest/485 +excluded;URI.487 = http://xest/486 +excluded;URI.488 = http://xest/487 +excluded;URI.489 = http://xest/488 +excluded;URI.490 = http://xest/489 +excluded;URI.491 = http://xest/490 +excluded;URI.492 = http://xest/491 +excluded;URI.493 = http://xest/492 +excluded;URI.494 = http://xest/493 +excluded;URI.495 = http://xest/494 +excluded;URI.496 = http://xest/495 +excluded;URI.497 = http://xest/496 +excluded;URI.498 = http://xest/497 +excluded;URI.499 = http://xest/498 +excluded;URI.500 = http://xest/499 +excluded;URI.501 = http://xest/500 +excluded;URI.502 = http://xest/501 +excluded;URI.503 = http://xest/502 +excluded;URI.504 = http://xest/503 +excluded;URI.505 = http://xest/504 +excluded;URI.506 = http://xest/505 +excluded;URI.507 = http://xest/506 +excluded;URI.508 = http://xest/507 +excluded;URI.509 = http://xest/508 +excluded;URI.510 = http://xest/509 +excluded;URI.511 = http://xest/510 +excluded;URI.512 = http://xest/511 +excluded;URI.513 = http://xest/512 +excluded;URI.514 = http://xest/513 +excluded;URI.515 = http://xest/514 +excluded;URI.516 = http://xest/515 +excluded;URI.517 = http://xest/516 +excluded;URI.518 = http://xest/517 +excluded;URI.519 = http://xest/518 +excluded;URI.520 = http://xest/519 +excluded;URI.521 = http://xest/520 +excluded;URI.522 = http://xest/521 +excluded;URI.523 = http://xest/522 +excluded;URI.524 = http://xest/523 +excluded;URI.525 = http://xest/524 +excluded;URI.526 = http://xest/525 +excluded;URI.527 = http://xest/526 +excluded;URI.528 = http://xest/527 +excluded;URI.529 = http://xest/528 +excluded;URI.530 = http://xest/529 +excluded;URI.531 = http://xest/530 +excluded;URI.532 = http://xest/531 +excluded;URI.533 = http://xest/532 +excluded;URI.534 = http://xest/533 +excluded;URI.535 = http://xest/534 +excluded;URI.536 = http://xest/535 +excluded;URI.537 = http://xest/536 +excluded;URI.538 = http://xest/537 +excluded;URI.539 = http://xest/538 +excluded;URI.540 = http://xest/539 +excluded;URI.541 = http://xest/540 +excluded;URI.542 = http://xest/541 +excluded;URI.543 = http://xest/542 +excluded;URI.544 = http://xest/543 +excluded;URI.545 = http://xest/544 +excluded;URI.546 = http://xest/545 +excluded;URI.547 = http://xest/546 +excluded;URI.548 = http://xest/547 +excluded;URI.549 = http://xest/548 +excluded;URI.550 = http://xest/549 +excluded;URI.551 = http://xest/550 +excluded;URI.552 = http://xest/551 +excluded;URI.553 = http://xest/552 +excluded;URI.554 = http://xest/553 +excluded;URI.555 = http://xest/554 +excluded;URI.556 = http://xest/555 +excluded;URI.557 = http://xest/556 +excluded;URI.558 = http://xest/557 +excluded;URI.559 = http://xest/558 +excluded;URI.560 = http://xest/559 +excluded;URI.561 = http://xest/560 +excluded;URI.562 = http://xest/561 +excluded;URI.563 = http://xest/562 +excluded;URI.564 = http://xest/563 +excluded;URI.565 = http://xest/564 +excluded;URI.566 = http://xest/565 +excluded;URI.567 = http://xest/566 +excluded;URI.568 = http://xest/567 +excluded;URI.569 = http://xest/568 +excluded;URI.570 = http://xest/569 +excluded;URI.571 = http://xest/570 +excluded;URI.572 = http://xest/571 +excluded;URI.573 = http://xest/572 +excluded;URI.574 = http://xest/573 +excluded;URI.575 = http://xest/574 +excluded;URI.576 = http://xest/575 +excluded;URI.577 = http://xest/576 +excluded;URI.578 = http://xest/577 +excluded;URI.579 = http://xest/578 +excluded;URI.580 = http://xest/579 +excluded;URI.581 = http://xest/580 +excluded;URI.582 = http://xest/581 +excluded;URI.583 = http://xest/582 +excluded;URI.584 = http://xest/583 +excluded;URI.585 = http://xest/584 +excluded;URI.586 = http://xest/585 +excluded;URI.587 = http://xest/586 +excluded;URI.588 = http://xest/587 +excluded;URI.589 = http://xest/588 +excluded;URI.590 = http://xest/589 +excluded;URI.591 = http://xest/590 +excluded;URI.592 = http://xest/591 +excluded;URI.593 = http://xest/592 +excluded;URI.594 = http://xest/593 +excluded;URI.595 = http://xest/594 +excluded;URI.596 = http://xest/595 +excluded;URI.597 = http://xest/596 +excluded;URI.598 = http://xest/597 +excluded;URI.599 = http://xest/598 +excluded;URI.600 = http://xest/599 +excluded;URI.601 = http://xest/600 +excluded;URI.602 = http://xest/601 +excluded;URI.603 = http://xest/602 +excluded;URI.604 = http://xest/603 +excluded;URI.605 = http://xest/604 +excluded;URI.606 = http://xest/605 +excluded;URI.607 = http://xest/606 +excluded;URI.608 = http://xest/607 +excluded;URI.609 = http://xest/608 +excluded;URI.610 = http://xest/609 +excluded;URI.611 = http://xest/610 +excluded;URI.612 = http://xest/611 +excluded;URI.613 = http://xest/612 +excluded;URI.614 = http://xest/613 +excluded;URI.615 = http://xest/614 +excluded;URI.616 = http://xest/615 +excluded;URI.617 = http://xest/616 +excluded;URI.618 = http://xest/617 +excluded;URI.619 = http://xest/618 +excluded;URI.620 = http://xest/619 +excluded;URI.621 = http://xest/620 +excluded;URI.622 = http://xest/621 +excluded;URI.623 = http://xest/622 +excluded;URI.624 = http://xest/623 +excluded;URI.625 = http://xest/624 +excluded;URI.626 = http://xest/625 +excluded;URI.627 = http://xest/626 +excluded;URI.628 = http://xest/627 +excluded;URI.629 = http://xest/628 +excluded;URI.630 = http://xest/629 +excluded;URI.631 = http://xest/630 +excluded;URI.632 = http://xest/631 +excluded;URI.633 = http://xest/632 +excluded;URI.634 = http://xest/633 +excluded;URI.635 = http://xest/634 +excluded;URI.636 = http://xest/635 +excluded;URI.637 = http://xest/636 +excluded;URI.638 = http://xest/637 +excluded;URI.639 = http://xest/638 +excluded;URI.640 = http://xest/639 +excluded;URI.641 = http://xest/640 +excluded;URI.642 = http://xest/641 +excluded;URI.643 = http://xest/642 +excluded;URI.644 = http://xest/643 +excluded;URI.645 = http://xest/644 +excluded;URI.646 = http://xest/645 +excluded;URI.647 = http://xest/646 +excluded;URI.648 = http://xest/647 +excluded;URI.649 = http://xest/648 +excluded;URI.650 = http://xest/649 +excluded;URI.651 = http://xest/650 +excluded;URI.652 = http://xest/651 +excluded;URI.653 = http://xest/652 +excluded;URI.654 = http://xest/653 +excluded;URI.655 = http://xest/654 +excluded;URI.656 = http://xest/655 +excluded;URI.657 = http://xest/656 +excluded;URI.658 = http://xest/657 +excluded;URI.659 = http://xest/658 +excluded;URI.660 = http://xest/659 +excluded;URI.661 = http://xest/660 +excluded;URI.662 = http://xest/661 +excluded;URI.663 = http://xest/662 +excluded;URI.664 = http://xest/663 +excluded;URI.665 = http://xest/664 +excluded;URI.666 = http://xest/665 +excluded;URI.667 = http://xest/666 +excluded;URI.668 = http://xest/667 +excluded;URI.669 = http://xest/668 +excluded;URI.670 = http://xest/669 +excluded;URI.671 = http://xest/670 +excluded;URI.672 = http://xest/671 +excluded;URI.673 = http://xest/672 +excluded;URI.674 = http://xest/673 +excluded;URI.675 = http://xest/674 +excluded;URI.676 = http://xest/675 +excluded;URI.677 = http://xest/676 +excluded;URI.678 = http://xest/677 +excluded;URI.679 = http://xest/678 +excluded;URI.680 = http://xest/679 +excluded;URI.681 = http://xest/680 +excluded;URI.682 = http://xest/681 +excluded;URI.683 = http://xest/682 +excluded;URI.684 = http://xest/683 +excluded;URI.685 = http://xest/684 +excluded;URI.686 = http://xest/685 +excluded;URI.687 = http://xest/686 +excluded;URI.688 = http://xest/687 +excluded;URI.689 = http://xest/688 +excluded;URI.690 = http://xest/689 +excluded;URI.691 = http://xest/690 +excluded;URI.692 = http://xest/691 +excluded;URI.693 = http://xest/692 +excluded;URI.694 = http://xest/693 +excluded;URI.695 = http://xest/694 +excluded;URI.696 = http://xest/695 +excluded;URI.697 = http://xest/696 +excluded;URI.698 = http://xest/697 +excluded;URI.699 = http://xest/698 +excluded;URI.700 = http://xest/699 +excluded;URI.701 = http://xest/700 +excluded;URI.702 = http://xest/701 +excluded;URI.703 = http://xest/702 +excluded;URI.704 = http://xest/703 +excluded;URI.705 = http://xest/704 +excluded;URI.706 = http://xest/705 +excluded;URI.707 = http://xest/706 +excluded;URI.708 = http://xest/707 +excluded;URI.709 = http://xest/708 +excluded;URI.710 = http://xest/709 +excluded;URI.711 = http://xest/710 +excluded;URI.712 = http://xest/711 +excluded;URI.713 = http://xest/712 +excluded;URI.714 = http://xest/713 +excluded;URI.715 = http://xest/714 +excluded;URI.716 = http://xest/715 +excluded;URI.717 = http://xest/716 +excluded;URI.718 = http://xest/717 +excluded;URI.719 = http://xest/718 +excluded;URI.720 = http://xest/719 +excluded;URI.721 = http://xest/720 +excluded;URI.722 = http://xest/721 +excluded;URI.723 = http://xest/722 +excluded;URI.724 = http://xest/723 +excluded;URI.725 = http://xest/724 +excluded;URI.726 = http://xest/725 +excluded;URI.727 = http://xest/726 +excluded;URI.728 = http://xest/727 +excluded;URI.729 = http://xest/728 +excluded;URI.730 = http://xest/729 +excluded;URI.731 = http://xest/730 +excluded;URI.732 = http://xest/731 +excluded;URI.733 = http://xest/732 +excluded;URI.734 = http://xest/733 +excluded;URI.735 = http://xest/734 +excluded;URI.736 = http://xest/735 +excluded;URI.737 = http://xest/736 +excluded;URI.738 = http://xest/737 +excluded;URI.739 = http://xest/738 +excluded;URI.740 = http://xest/739 +excluded;URI.741 = http://xest/740 +excluded;URI.742 = http://xest/741 +excluded;URI.743 = http://xest/742 +excluded;URI.744 = http://xest/743 +excluded;URI.745 = http://xest/744 +excluded;URI.746 = http://xest/745 +excluded;URI.747 = http://xest/746 +excluded;URI.748 = http://xest/747 +excluded;URI.749 = http://xest/748 +excluded;URI.750 = http://xest/749 +excluded;URI.751 = http://xest/750 +excluded;URI.752 = http://xest/751 +excluded;URI.753 = http://xest/752 +excluded;URI.754 = http://xest/753 +excluded;URI.755 = http://xest/754 +excluded;URI.756 = http://xest/755 +excluded;URI.757 = http://xest/756 +excluded;URI.758 = http://xest/757 +excluded;URI.759 = http://xest/758 +excluded;URI.760 = http://xest/759 +excluded;URI.761 = http://xest/760 +excluded;URI.762 = http://xest/761 +excluded;URI.763 = http://xest/762 +excluded;URI.764 = http://xest/763 +excluded;URI.765 = http://xest/764 +excluded;URI.766 = http://xest/765 +excluded;URI.767 = http://xest/766 +excluded;URI.768 = http://xest/767 +excluded;URI.769 = http://xest/768 +excluded;URI.770 = http://xest/769 +excluded;URI.771 = http://xest/770 +excluded;URI.772 = http://xest/771 +excluded;URI.773 = http://xest/772 +excluded;URI.774 = http://xest/773 +excluded;URI.775 = http://xest/774 +excluded;URI.776 = http://xest/775 +excluded;URI.777 = http://xest/776 +excluded;URI.778 = http://xest/777 +excluded;URI.779 = http://xest/778 +excluded;URI.780 = http://xest/779 +excluded;URI.781 = http://xest/780 +excluded;URI.782 = http://xest/781 +excluded;URI.783 = http://xest/782 +excluded;URI.784 = http://xest/783 +excluded;URI.785 = http://xest/784 +excluded;URI.786 = http://xest/785 +excluded;URI.787 = http://xest/786 +excluded;URI.788 = http://xest/787 +excluded;URI.789 = http://xest/788 +excluded;URI.790 = http://xest/789 +excluded;URI.791 = http://xest/790 +excluded;URI.792 = http://xest/791 +excluded;URI.793 = http://xest/792 +excluded;URI.794 = http://xest/793 +excluded;URI.795 = http://xest/794 +excluded;URI.796 = http://xest/795 +excluded;URI.797 = http://xest/796 +excluded;URI.798 = http://xest/797 +excluded;URI.799 = http://xest/798 +excluded;URI.800 = http://xest/799 +excluded;URI.801 = http://xest/800 +excluded;URI.802 = http://xest/801 +excluded;URI.803 = http://xest/802 +excluded;URI.804 = http://xest/803 +excluded;URI.805 = http://xest/804 +excluded;URI.806 = http://xest/805 +excluded;URI.807 = http://xest/806 +excluded;URI.808 = http://xest/807 +excluded;URI.809 = http://xest/808 +excluded;URI.810 = http://xest/809 +excluded;URI.811 = http://xest/810 +excluded;URI.812 = http://xest/811 +excluded;URI.813 = http://xest/812 +excluded;URI.814 = http://xest/813 +excluded;URI.815 = http://xest/814 +excluded;URI.816 = http://xest/815 +excluded;URI.817 = http://xest/816 +excluded;URI.818 = http://xest/817 +excluded;URI.819 = http://xest/818 +excluded;URI.820 = http://xest/819 +excluded;URI.821 = http://xest/820 +excluded;URI.822 = http://xest/821 +excluded;URI.823 = http://xest/822 +excluded;URI.824 = http://xest/823 +excluded;URI.825 = http://xest/824 +excluded;URI.826 = http://xest/825 +excluded;URI.827 = http://xest/826 +excluded;URI.828 = http://xest/827 +excluded;URI.829 = http://xest/828 +excluded;URI.830 = http://xest/829 +excluded;URI.831 = http://xest/830 +excluded;URI.832 = http://xest/831 +excluded;URI.833 = http://xest/832 +excluded;URI.834 = http://xest/833 +excluded;URI.835 = http://xest/834 +excluded;URI.836 = http://xest/835 +excluded;URI.837 = http://xest/836 +excluded;URI.838 = http://xest/837 +excluded;URI.839 = http://xest/838 +excluded;URI.840 = http://xest/839 +excluded;URI.841 = http://xest/840 +excluded;URI.842 = http://xest/841 +excluded;URI.843 = http://xest/842 +excluded;URI.844 = http://xest/843 +excluded;URI.845 = http://xest/844 +excluded;URI.846 = http://xest/845 +excluded;URI.847 = http://xest/846 +excluded;URI.848 = http://xest/847 +excluded;URI.849 = http://xest/848 +excluded;URI.850 = http://xest/849 +excluded;URI.851 = http://xest/850 +excluded;URI.852 = http://xest/851 +excluded;URI.853 = http://xest/852 +excluded;URI.854 = http://xest/853 +excluded;URI.855 = http://xest/854 +excluded;URI.856 = http://xest/855 +excluded;URI.857 = http://xest/856 +excluded;URI.858 = http://xest/857 +excluded;URI.859 = http://xest/858 +excluded;URI.860 = http://xest/859 +excluded;URI.861 = http://xest/860 +excluded;URI.862 = http://xest/861 +excluded;URI.863 = http://xest/862 +excluded;URI.864 = http://xest/863 +excluded;URI.865 = http://xest/864 +excluded;URI.866 = http://xest/865 +excluded;URI.867 = http://xest/866 +excluded;URI.868 = http://xest/867 +excluded;URI.869 = http://xest/868 +excluded;URI.870 = http://xest/869 +excluded;URI.871 = http://xest/870 +excluded;URI.872 = http://xest/871 +excluded;URI.873 = http://xest/872 +excluded;URI.874 = http://xest/873 +excluded;URI.875 = http://xest/874 +excluded;URI.876 = http://xest/875 +excluded;URI.877 = http://xest/876 +excluded;URI.878 = http://xest/877 +excluded;URI.879 = http://xest/878 +excluded;URI.880 = http://xest/879 +excluded;URI.881 = http://xest/880 +excluded;URI.882 = http://xest/881 +excluded;URI.883 = http://xest/882 +excluded;URI.884 = http://xest/883 +excluded;URI.885 = http://xest/884 +excluded;URI.886 = http://xest/885 +excluded;URI.887 = http://xest/886 +excluded;URI.888 = http://xest/887 +excluded;URI.889 = http://xest/888 +excluded;URI.890 = http://xest/889 +excluded;URI.891 = http://xest/890 +excluded;URI.892 = http://xest/891 +excluded;URI.893 = http://xest/892 +excluded;URI.894 = http://xest/893 +excluded;URI.895 = http://xest/894 +excluded;URI.896 = http://xest/895 +excluded;URI.897 = http://xest/896 +excluded;URI.898 = http://xest/897 +excluded;URI.899 = http://xest/898 +excluded;URI.900 = http://xest/899 +excluded;URI.901 = http://xest/900 +excluded;URI.902 = http://xest/901 +excluded;URI.903 = http://xest/902 +excluded;URI.904 = http://xest/903 +excluded;URI.905 = http://xest/904 +excluded;URI.906 = http://xest/905 +excluded;URI.907 = http://xest/906 +excluded;URI.908 = http://xest/907 +excluded;URI.909 = http://xest/908 +excluded;URI.910 = http://xest/909 +excluded;URI.911 = http://xest/910 +excluded;URI.912 = http://xest/911 +excluded;URI.913 = http://xest/912 +excluded;URI.914 = http://xest/913 +excluded;URI.915 = http://xest/914 +excluded;URI.916 = http://xest/915 +excluded;URI.917 = http://xest/916 +excluded;URI.918 = http://xest/917 +excluded;URI.919 = http://xest/918 +excluded;URI.920 = http://xest/919 +excluded;URI.921 = http://xest/920 +excluded;URI.922 = http://xest/921 +excluded;URI.923 = http://xest/922 +excluded;URI.924 = http://xest/923 +excluded;URI.925 = http://xest/924 +excluded;URI.926 = http://xest/925 +excluded;URI.927 = http://xest/926 +excluded;URI.928 = http://xest/927 +excluded;URI.929 = http://xest/928 +excluded;URI.930 = http://xest/929 +excluded;URI.931 = http://xest/930 +excluded;URI.932 = http://xest/931 +excluded;URI.933 = http://xest/932 +excluded;URI.934 = http://xest/933 +excluded;URI.935 = http://xest/934 +excluded;URI.936 = http://xest/935 +excluded;URI.937 = http://xest/936 +excluded;URI.938 = http://xest/937 +excluded;URI.939 = http://xest/938 +excluded;URI.940 = http://xest/939 +excluded;URI.941 = http://xest/940 +excluded;URI.942 = http://xest/941 +excluded;URI.943 = http://xest/942 +excluded;URI.944 = http://xest/943 +excluded;URI.945 = http://xest/944 +excluded;URI.946 = http://xest/945 +excluded;URI.947 = http://xest/946 +excluded;URI.948 = http://xest/947 +excluded;URI.949 = http://xest/948 +excluded;URI.950 = http://xest/949 +excluded;URI.951 = http://xest/950 +excluded;URI.952 = http://xest/951 +excluded;URI.953 = http://xest/952 +excluded;URI.954 = http://xest/953 +excluded;URI.955 = http://xest/954 +excluded;URI.956 = http://xest/955 +excluded;URI.957 = http://xest/956 +excluded;URI.958 = http://xest/957 +excluded;URI.959 = http://xest/958 +excluded;URI.960 = http://xest/959 +excluded;URI.961 = http://xest/960 +excluded;URI.962 = http://xest/961 +excluded;URI.963 = http://xest/962 +excluded;URI.964 = http://xest/963 +excluded;URI.965 = http://xest/964 +excluded;URI.966 = http://xest/965 +excluded;URI.967 = http://xest/966 +excluded;URI.968 = http://xest/967 +excluded;URI.969 = http://xest/968 +excluded;URI.970 = http://xest/969 +excluded;URI.971 = http://xest/970 +excluded;URI.972 = http://xest/971 +excluded;URI.973 = http://xest/972 +excluded;URI.974 = http://xest/973 +excluded;URI.975 = http://xest/974 +excluded;URI.976 = http://xest/975 +excluded;URI.977 = http://xest/976 +excluded;URI.978 = http://xest/977 +excluded;URI.979 = http://xest/978 +excluded;URI.980 = http://xest/979 +excluded;URI.981 = http://xest/980 +excluded;URI.982 = http://xest/981 +excluded;URI.983 = http://xest/982 +excluded;URI.984 = http://xest/983 +excluded;URI.985 = http://xest/984 +excluded;URI.986 = http://xest/985 +excluded;URI.987 = http://xest/986 +excluded;URI.988 = http://xest/987 +excluded;URI.989 = http://xest/988 +excluded;URI.990 = http://xest/989 +excluded;URI.991 = http://xest/990 +excluded;URI.992 = http://xest/991 +excluded;URI.993 = http://xest/992 +excluded;URI.994 = http://xest/993 +excluded;URI.995 = http://xest/994 +excluded;URI.996 = http://xest/995 +excluded;URI.997 = http://xest/996 +excluded;URI.998 = http://xest/997 +excluded;URI.999 = http://xest/998 +excluded;URI.1000 = http://xest/999 +excluded;URI.1001 = http://xest/1000 +excluded;URI.1002 = http://xest/1001 +excluded;URI.1003 = http://xest/1002 +excluded;URI.1004 = http://xest/1003 +excluded;URI.1005 = http://xest/1004 +excluded;URI.1006 = http://xest/1005 +excluded;URI.1007 = http://xest/1006 +excluded;URI.1008 = http://xest/1007 +excluded;URI.1009 = http://xest/1008 +excluded;URI.1010 = http://xest/1009 +excluded;URI.1011 = http://xest/1010 +excluded;URI.1012 = http://xest/1011 +excluded;URI.1013 = http://xest/1012 +excluded;URI.1014 = http://xest/1013 +excluded;URI.1015 = http://xest/1014 +excluded;URI.1016 = http://xest/1015 +excluded;URI.1017 = http://xest/1016 +excluded;URI.1018 = http://xest/1017 +excluded;URI.1019 = http://xest/1018 +excluded;URI.1020 = http://xest/1019 +excluded;URI.1021 = http://xest/1020 +excluded;URI.1022 = http://xest/1021 +excluded;URI.1023 = http://xest/1022 +excluded;URI.1024 = http://xest/1023 +excluded;URI.1025 = http://xest/1024 +permitted;DNS.1 = t0.test +permitted;DNS.2 = t1.test +permitted;DNS.3 = t2.test +permitted;DNS.4 = t3.test +permitted;DNS.5 = t4.test +permitted;DNS.6 = t5.test +permitted;DNS.7 = t6.test +permitted;DNS.8 = t7.test +permitted;DNS.9 = t8.test +permitted;DNS.10 = t9.test +permitted;DNS.11 = t10.test +permitted;DNS.12 = t11.test +permitted;DNS.13 = t12.test +permitted;DNS.14 = t13.test +permitted;DNS.15 = t14.test +permitted;DNS.16 = t15.test +permitted;DNS.17 = t16.test +permitted;DNS.18 = t17.test +permitted;DNS.19 = t18.test +permitted;DNS.20 = t19.test +permitted;DNS.21 = t20.test +permitted;DNS.22 = t21.test +permitted;DNS.23 = t22.test +permitted;DNS.24 = t23.test +permitted;DNS.25 = t24.test +permitted;DNS.26 = t25.test +permitted;DNS.27 = t26.test +permitted;DNS.28 = t27.test +permitted;DNS.29 = t28.test +permitted;DNS.30 = t29.test +permitted;DNS.31 = t30.test +permitted;DNS.32 = t31.test +permitted;DNS.33 = t32.test +permitted;DNS.34 = t33.test +permitted;DNS.35 = t34.test +permitted;DNS.36 = t35.test +permitted;DNS.37 = t36.test +permitted;DNS.38 = t37.test +permitted;DNS.39 = t38.test +permitted;DNS.40 = t39.test +permitted;DNS.41 = t40.test +permitted;DNS.42 = t41.test +permitted;DNS.43 = t42.test +permitted;DNS.44 = t43.test +permitted;DNS.45 = t44.test +permitted;DNS.46 = t45.test +permitted;DNS.47 = t46.test +permitted;DNS.48 = t47.test +permitted;DNS.49 = t48.test +permitted;DNS.50 = t49.test +permitted;DNS.51 = t50.test +permitted;DNS.52 = t51.test +permitted;DNS.53 = t52.test +permitted;DNS.54 = t53.test +permitted;DNS.55 = t54.test +permitted;DNS.56 = t55.test +permitted;DNS.57 = t56.test +permitted;DNS.58 = t57.test +permitted;DNS.59 = t58.test +permitted;DNS.60 = t59.test +permitted;DNS.61 = t60.test +permitted;DNS.62 = t61.test +permitted;DNS.63 = t62.test +permitted;DNS.64 = t63.test +permitted;DNS.65 = t64.test +permitted;DNS.66 = t65.test +permitted;DNS.67 = t66.test +permitted;DNS.68 = t67.test +permitted;DNS.69 = t68.test +permitted;DNS.70 = t69.test +permitted;DNS.71 = t70.test +permitted;DNS.72 = t71.test +permitted;DNS.73 = t72.test +permitted;DNS.74 = t73.test +permitted;DNS.75 = t74.test +permitted;DNS.76 = t75.test +permitted;DNS.77 = t76.test +permitted;DNS.78 = t77.test +permitted;DNS.79 = t78.test +permitted;DNS.80 = t79.test +permitted;DNS.81 = t80.test +permitted;DNS.82 = t81.test +permitted;DNS.83 = t82.test +permitted;DNS.84 = t83.test +permitted;DNS.85 = t84.test +permitted;DNS.86 = t85.test +permitted;DNS.87 = t86.test +permitted;DNS.88 = t87.test +permitted;DNS.89 = t88.test +permitted;DNS.90 = t89.test +permitted;DNS.91 = t90.test +permitted;DNS.92 = t91.test +permitted;DNS.93 = t92.test +permitted;DNS.94 = t93.test +permitted;DNS.95 = t94.test +permitted;DNS.96 = t95.test +permitted;DNS.97 = t96.test +permitted;DNS.98 = t97.test +permitted;DNS.99 = t98.test +permitted;DNS.100 = t99.test +permitted;DNS.101 = t100.test +permitted;DNS.102 = t101.test +permitted;DNS.103 = t102.test +permitted;DNS.104 = t103.test +permitted;DNS.105 = t104.test +permitted;DNS.106 = t105.test +permitted;DNS.107 = t106.test +permitted;DNS.108 = t107.test +permitted;DNS.109 = t108.test +permitted;DNS.110 = t109.test +permitted;DNS.111 = t110.test +permitted;DNS.112 = t111.test +permitted;DNS.113 = t112.test +permitted;DNS.114 = t113.test +permitted;DNS.115 = t114.test +permitted;DNS.116 = t115.test +permitted;DNS.117 = t116.test +permitted;DNS.118 = t117.test +permitted;DNS.119 = t118.test +permitted;DNS.120 = t119.test +permitted;DNS.121 = t120.test +permitted;DNS.122 = t121.test +permitted;DNS.123 = t122.test +permitted;DNS.124 = t123.test +permitted;DNS.125 = t124.test +permitted;DNS.126 = t125.test +permitted;DNS.127 = t126.test +permitted;DNS.128 = t127.test +permitted;DNS.129 = t128.test +permitted;DNS.130 = t129.test +permitted;DNS.131 = t130.test +permitted;DNS.132 = t131.test +permitted;DNS.133 = t132.test +permitted;DNS.134 = t133.test +permitted;DNS.135 = t134.test +permitted;DNS.136 = t135.test +permitted;DNS.137 = t136.test +permitted;DNS.138 = t137.test +permitted;DNS.139 = t138.test +permitted;DNS.140 = t139.test +permitted;DNS.141 = t140.test +permitted;DNS.142 = t141.test +permitted;DNS.143 = t142.test +permitted;DNS.144 = t143.test +permitted;DNS.145 = t144.test +permitted;DNS.146 = t145.test +permitted;DNS.147 = t146.test +permitted;DNS.148 = t147.test +permitted;DNS.149 = t148.test +permitted;DNS.150 = t149.test +permitted;DNS.151 = t150.test +permitted;DNS.152 = t151.test +permitted;DNS.153 = t152.test +permitted;DNS.154 = t153.test +permitted;DNS.155 = t154.test +permitted;DNS.156 = t155.test +permitted;DNS.157 = t156.test +permitted;DNS.158 = t157.test +permitted;DNS.159 = t158.test +permitted;DNS.160 = t159.test +permitted;DNS.161 = t160.test +permitted;DNS.162 = t161.test +permitted;DNS.163 = t162.test +permitted;DNS.164 = t163.test +permitted;DNS.165 = t164.test +permitted;DNS.166 = t165.test +permitted;DNS.167 = t166.test +permitted;DNS.168 = t167.test +permitted;DNS.169 = t168.test +permitted;DNS.170 = t169.test +permitted;DNS.171 = t170.test +permitted;IP.1 = 10.0.0.0/255.255.255.255 +permitted;IP.2 = 10.0.0.1/255.255.255.255 +permitted;IP.3 = 10.0.0.2/255.255.255.255 +permitted;IP.4 = 10.0.0.3/255.255.255.255 +permitted;IP.5 = 10.0.0.4/255.255.255.255 +permitted;IP.6 = 10.0.0.5/255.255.255.255 +permitted;IP.7 = 10.0.0.6/255.255.255.255 +permitted;IP.8 = 10.0.0.7/255.255.255.255 +permitted;IP.9 = 10.0.0.8/255.255.255.255 +permitted;IP.10 = 10.0.0.9/255.255.255.255 +permitted;IP.11 = 10.0.0.10/255.255.255.255 +permitted;IP.12 = 10.0.0.11/255.255.255.255 +permitted;IP.13 = 10.0.0.12/255.255.255.255 +permitted;IP.14 = 10.0.0.13/255.255.255.255 +permitted;IP.15 = 10.0.0.14/255.255.255.255 +permitted;IP.16 = 10.0.0.15/255.255.255.255 +permitted;IP.17 = 10.0.0.16/255.255.255.255 +permitted;IP.18 = 10.0.0.17/255.255.255.255 +permitted;IP.19 = 10.0.0.18/255.255.255.255 +permitted;IP.20 = 10.0.0.19/255.255.255.255 +permitted;IP.21 = 10.0.0.20/255.255.255.255 +permitted;IP.22 = 10.0.0.21/255.255.255.255 +permitted;IP.23 = 10.0.0.22/255.255.255.255 +permitted;IP.24 = 10.0.0.23/255.255.255.255 +permitted;IP.25 = 10.0.0.24/255.255.255.255 +permitted;IP.26 = 10.0.0.25/255.255.255.255 +permitted;IP.27 = 10.0.0.26/255.255.255.255 +permitted;IP.28 = 10.0.0.27/255.255.255.255 +permitted;IP.29 = 10.0.0.28/255.255.255.255 +permitted;IP.30 = 10.0.0.29/255.255.255.255 +permitted;IP.31 = 10.0.0.30/255.255.255.255 +permitted;IP.32 = 10.0.0.31/255.255.255.255 +permitted;IP.33 = 10.0.0.32/255.255.255.255 +permitted;IP.34 = 10.0.0.33/255.255.255.255 +permitted;IP.35 = 10.0.0.34/255.255.255.255 +permitted;IP.36 = 10.0.0.35/255.255.255.255 +permitted;IP.37 = 10.0.0.36/255.255.255.255 +permitted;IP.38 = 10.0.0.37/255.255.255.255 +permitted;IP.39 = 10.0.0.38/255.255.255.255 +permitted;IP.40 = 10.0.0.39/255.255.255.255 +permitted;IP.41 = 10.0.0.40/255.255.255.255 +permitted;IP.42 = 10.0.0.41/255.255.255.255 +permitted;IP.43 = 10.0.0.42/255.255.255.255 +permitted;IP.44 = 10.0.0.43/255.255.255.255 +permitted;IP.45 = 10.0.0.44/255.255.255.255 +permitted;IP.46 = 10.0.0.45/255.255.255.255 +permitted;IP.47 = 10.0.0.46/255.255.255.255 +permitted;IP.48 = 10.0.0.47/255.255.255.255 +permitted;IP.49 = 10.0.0.48/255.255.255.255 +permitted;IP.50 = 10.0.0.49/255.255.255.255 +permitted;IP.51 = 10.0.0.50/255.255.255.255 +permitted;IP.52 = 10.0.0.51/255.255.255.255 +permitted;IP.53 = 10.0.0.52/255.255.255.255 +permitted;IP.54 = 10.0.0.53/255.255.255.255 +permitted;IP.55 = 10.0.0.54/255.255.255.255 +permitted;IP.56 = 10.0.0.55/255.255.255.255 +permitted;IP.57 = 10.0.0.56/255.255.255.255 +permitted;IP.58 = 10.0.0.57/255.255.255.255 +permitted;IP.59 = 10.0.0.58/255.255.255.255 +permitted;IP.60 = 10.0.0.59/255.255.255.255 +permitted;IP.61 = 10.0.0.60/255.255.255.255 +permitted;IP.62 = 10.0.0.61/255.255.255.255 +permitted;IP.63 = 10.0.0.62/255.255.255.255 +permitted;IP.64 = 10.0.0.63/255.255.255.255 +permitted;IP.65 = 10.0.0.64/255.255.255.255 +permitted;IP.66 = 10.0.0.65/255.255.255.255 +permitted;IP.67 = 10.0.0.66/255.255.255.255 +permitted;IP.68 = 10.0.0.67/255.255.255.255 +permitted;IP.69 = 10.0.0.68/255.255.255.255 +permitted;IP.70 = 10.0.0.69/255.255.255.255 +permitted;IP.71 = 10.0.0.70/255.255.255.255 +permitted;IP.72 = 10.0.0.71/255.255.255.255 +permitted;IP.73 = 10.0.0.72/255.255.255.255 +permitted;IP.74 = 10.0.0.73/255.255.255.255 +permitted;IP.75 = 10.0.0.74/255.255.255.255 +permitted;IP.76 = 10.0.0.75/255.255.255.255 +permitted;IP.77 = 10.0.0.76/255.255.255.255 +permitted;IP.78 = 10.0.0.77/255.255.255.255 +permitted;IP.79 = 10.0.0.78/255.255.255.255 +permitted;IP.80 = 10.0.0.79/255.255.255.255 +permitted;IP.81 = 10.0.0.80/255.255.255.255 +permitted;IP.82 = 10.0.0.81/255.255.255.255 +permitted;IP.83 = 10.0.0.82/255.255.255.255 +permitted;IP.84 = 10.0.0.83/255.255.255.255 +permitted;IP.85 = 10.0.0.84/255.255.255.255 +permitted;IP.86 = 10.0.0.85/255.255.255.255 +permitted;IP.87 = 10.0.0.86/255.255.255.255 +permitted;IP.88 = 10.0.0.87/255.255.255.255 +permitted;IP.89 = 10.0.0.88/255.255.255.255 +permitted;IP.90 = 10.0.0.89/255.255.255.255 +permitted;IP.91 = 10.0.0.90/255.255.255.255 +permitted;IP.92 = 10.0.0.91/255.255.255.255 +permitted;IP.93 = 10.0.0.92/255.255.255.255 +permitted;IP.94 = 10.0.0.93/255.255.255.255 +permitted;IP.95 = 10.0.0.94/255.255.255.255 +permitted;IP.96 = 10.0.0.95/255.255.255.255 +permitted;IP.97 = 10.0.0.96/255.255.255.255 +permitted;IP.98 = 10.0.0.97/255.255.255.255 +permitted;IP.99 = 10.0.0.98/255.255.255.255 +permitted;IP.100 = 10.0.0.99/255.255.255.255 +permitted;IP.101 = 10.0.0.100/255.255.255.255 +permitted;IP.102 = 10.0.0.101/255.255.255.255 +permitted;IP.103 = 10.0.0.102/255.255.255.255 +permitted;IP.104 = 10.0.0.103/255.255.255.255 +permitted;IP.105 = 10.0.0.104/255.255.255.255 +permitted;IP.106 = 10.0.0.105/255.255.255.255 +permitted;IP.107 = 10.0.0.106/255.255.255.255 +permitted;IP.108 = 10.0.0.107/255.255.255.255 +permitted;IP.109 = 10.0.0.108/255.255.255.255 +permitted;IP.110 = 10.0.0.109/255.255.255.255 +permitted;IP.111 = 10.0.0.110/255.255.255.255 +permitted;IP.112 = 10.0.0.111/255.255.255.255 +permitted;IP.113 = 10.0.0.112/255.255.255.255 +permitted;IP.114 = 10.0.0.113/255.255.255.255 +permitted;IP.115 = 10.0.0.114/255.255.255.255 +permitted;IP.116 = 10.0.0.115/255.255.255.255 +permitted;IP.117 = 10.0.0.116/255.255.255.255 +permitted;IP.118 = 10.0.0.117/255.255.255.255 +permitted;IP.119 = 10.0.0.118/255.255.255.255 +permitted;IP.120 = 10.0.0.119/255.255.255.255 +permitted;IP.121 = 10.0.0.120/255.255.255.255 +permitted;IP.122 = 10.0.0.121/255.255.255.255 +permitted;IP.123 = 10.0.0.122/255.255.255.255 +permitted;IP.124 = 10.0.0.123/255.255.255.255 +permitted;IP.125 = 10.0.0.124/255.255.255.255 +permitted;IP.126 = 10.0.0.125/255.255.255.255 +permitted;IP.127 = 10.0.0.126/255.255.255.255 +permitted;IP.128 = 10.0.0.127/255.255.255.255 +permitted;IP.129 = 10.0.0.128/255.255.255.255 +permitted;IP.130 = 10.0.0.129/255.255.255.255 +permitted;IP.131 = 10.0.0.130/255.255.255.255 +permitted;IP.132 = 10.0.0.131/255.255.255.255 +permitted;IP.133 = 10.0.0.132/255.255.255.255 +permitted;IP.134 = 10.0.0.133/255.255.255.255 +permitted;IP.135 = 10.0.0.134/255.255.255.255 +permitted;IP.136 = 10.0.0.135/255.255.255.255 +permitted;IP.137 = 10.0.0.136/255.255.255.255 +permitted;IP.138 = 10.0.0.137/255.255.255.255 +permitted;IP.139 = 10.0.0.138/255.255.255.255 +permitted;IP.140 = 10.0.0.139/255.255.255.255 +permitted;IP.141 = 10.0.0.140/255.255.255.255 +permitted;IP.142 = 10.0.0.141/255.255.255.255 +permitted;IP.143 = 10.0.0.142/255.255.255.255 +permitted;IP.144 = 10.0.0.143/255.255.255.255 +permitted;IP.145 = 10.0.0.144/255.255.255.255 +permitted;IP.146 = 10.0.0.145/255.255.255.255 +permitted;IP.147 = 10.0.0.146/255.255.255.255 +permitted;IP.148 = 10.0.0.147/255.255.255.255 +permitted;IP.149 = 10.0.0.148/255.255.255.255 +permitted;IP.150 = 10.0.0.149/255.255.255.255 +permitted;IP.151 = 10.0.0.150/255.255.255.255 +permitted;IP.152 = 10.0.0.151/255.255.255.255 +permitted;IP.153 = 10.0.0.152/255.255.255.255 +permitted;IP.154 = 10.0.0.153/255.255.255.255 +permitted;IP.155 = 10.0.0.154/255.255.255.255 +permitted;IP.156 = 10.0.0.155/255.255.255.255 +permitted;IP.157 = 10.0.0.156/255.255.255.255 +permitted;IP.158 = 10.0.0.157/255.255.255.255 +permitted;IP.159 = 10.0.0.158/255.255.255.255 +permitted;IP.160 = 10.0.0.159/255.255.255.255 +permitted;IP.161 = 10.0.0.160/255.255.255.255 +permitted;IP.162 = 10.0.0.161/255.255.255.255 +permitted;IP.163 = 10.0.0.162/255.255.255.255 +permitted;IP.164 = 10.0.0.163/255.255.255.255 +permitted;IP.165 = 10.0.0.164/255.255.255.255 +permitted;IP.166 = 10.0.0.165/255.255.255.255 +permitted;IP.167 = 10.0.0.166/255.255.255.255 +permitted;IP.168 = 10.0.0.167/255.255.255.255 +permitted;IP.169 = 10.0.0.168/255.255.255.255 +permitted;IP.170 = 10.0.0.169/255.255.255.255 +permitted;IP.171 = 10.0.0.170/255.255.255.255 +permitted;dirName.1 = nameConstraints_dirname_p1 +permitted;dirName.2 = nameConstraints_dirname_p2 +permitted;dirName.3 = nameConstraints_dirname_p3 +permitted;dirName.4 = nameConstraints_dirname_p4 +permitted;dirName.5 = nameConstraints_dirname_p5 +permitted;dirName.6 = nameConstraints_dirname_p6 +permitted;dirName.7 = nameConstraints_dirname_p7 +permitted;dirName.8 = nameConstraints_dirname_p8 +permitted;dirName.9 = nameConstraints_dirname_p9 +permitted;dirName.10 = nameConstraints_dirname_p10 +permitted;dirName.11 = nameConstraints_dirname_p11 +permitted;dirName.12 = nameConstraints_dirname_p12 +permitted;dirName.13 = nameConstraints_dirname_p13 +permitted;dirName.14 = nameConstraints_dirname_p14 +permitted;dirName.15 = nameConstraints_dirname_p15 +permitted;dirName.16 = nameConstraints_dirname_p16 +permitted;dirName.17 = nameConstraints_dirname_p17 +permitted;dirName.18 = nameConstraints_dirname_p18 +permitted;dirName.19 = nameConstraints_dirname_p19 +permitted;dirName.20 = nameConstraints_dirname_p20 +permitted;dirName.21 = nameConstraints_dirname_p21 +permitted;dirName.22 = nameConstraints_dirname_p22 +permitted;dirName.23 = nameConstraints_dirname_p23 +permitted;dirName.24 = nameConstraints_dirname_p24 +permitted;dirName.25 = nameConstraints_dirname_p25 +permitted;dirName.26 = nameConstraints_dirname_p26 +permitted;dirName.27 = nameConstraints_dirname_p27 +permitted;dirName.28 = nameConstraints_dirname_p28 +permitted;dirName.29 = nameConstraints_dirname_p29 +permitted;dirName.30 = nameConstraints_dirname_p30 +permitted;dirName.31 = nameConstraints_dirname_p31 +permitted;dirName.32 = nameConstraints_dirname_p32 +permitted;dirName.33 = nameConstraints_dirname_p33 +permitted;dirName.34 = nameConstraints_dirname_p34 +permitted;dirName.35 = nameConstraints_dirname_p35 +permitted;dirName.36 = nameConstraints_dirname_p36 +permitted;dirName.37 = nameConstraints_dirname_p37 +permitted;dirName.38 = nameConstraints_dirname_p38 +permitted;dirName.39 = nameConstraints_dirname_p39 +permitted;dirName.40 = nameConstraints_dirname_p40 +permitted;dirName.41 = nameConstraints_dirname_p41 +permitted;dirName.42 = nameConstraints_dirname_p42 +permitted;dirName.43 = nameConstraints_dirname_p43 +permitted;dirName.44 = nameConstraints_dirname_p44 +permitted;dirName.45 = nameConstraints_dirname_p45 +permitted;dirName.46 = nameConstraints_dirname_p46 +permitted;dirName.47 = nameConstraints_dirname_p47 +permitted;dirName.48 = nameConstraints_dirname_p48 +permitted;dirName.49 = nameConstraints_dirname_p49 +permitted;dirName.50 = nameConstraints_dirname_p50 +permitted;dirName.51 = nameConstraints_dirname_p51 +permitted;dirName.52 = nameConstraints_dirname_p52 +permitted;dirName.53 = nameConstraints_dirname_p53 +permitted;dirName.54 = nameConstraints_dirname_p54 +permitted;dirName.55 = nameConstraints_dirname_p55 +permitted;dirName.56 = nameConstraints_dirname_p56 +permitted;dirName.57 = nameConstraints_dirname_p57 +permitted;dirName.58 = nameConstraints_dirname_p58 +permitted;dirName.59 = nameConstraints_dirname_p59 +permitted;dirName.60 = nameConstraints_dirname_p60 +permitted;dirName.61 = nameConstraints_dirname_p61 +permitted;dirName.62 = nameConstraints_dirname_p62 +permitted;dirName.63 = nameConstraints_dirname_p63 +permitted;dirName.64 = nameConstraints_dirname_p64 +permitted;dirName.65 = nameConstraints_dirname_p65 +permitted;dirName.66 = nameConstraints_dirname_p66 +permitted;dirName.67 = nameConstraints_dirname_p67 +permitted;dirName.68 = nameConstraints_dirname_p68 +permitted;dirName.69 = nameConstraints_dirname_p69 +permitted;dirName.70 = nameConstraints_dirname_p70 +permitted;dirName.71 = nameConstraints_dirname_p71 +permitted;dirName.72 = nameConstraints_dirname_p72 +permitted;dirName.73 = nameConstraints_dirname_p73 +permitted;dirName.74 = nameConstraints_dirname_p74 +permitted;dirName.75 = nameConstraints_dirname_p75 +permitted;dirName.76 = nameConstraints_dirname_p76 +permitted;dirName.77 = nameConstraints_dirname_p77 +permitted;dirName.78 = nameConstraints_dirname_p78 +permitted;dirName.79 = nameConstraints_dirname_p79 +permitted;dirName.80 = nameConstraints_dirname_p80 +permitted;dirName.81 = nameConstraints_dirname_p81 +permitted;dirName.82 = nameConstraints_dirname_p82 +permitted;dirName.83 = nameConstraints_dirname_p83 +permitted;dirName.84 = nameConstraints_dirname_p84 +permitted;dirName.85 = nameConstraints_dirname_p85 +permitted;dirName.86 = nameConstraints_dirname_p86 +permitted;dirName.87 = nameConstraints_dirname_p87 +permitted;dirName.88 = nameConstraints_dirname_p88 +permitted;dirName.89 = nameConstraints_dirname_p89 +permitted;dirName.90 = nameConstraints_dirname_p90 +permitted;dirName.91 = nameConstraints_dirname_p91 +permitted;dirName.92 = nameConstraints_dirname_p92 +permitted;dirName.93 = nameConstraints_dirname_p93 +permitted;dirName.94 = nameConstraints_dirname_p94 +permitted;dirName.95 = nameConstraints_dirname_p95 +permitted;dirName.96 = nameConstraints_dirname_p96 +permitted;dirName.97 = nameConstraints_dirname_p97 +permitted;dirName.98 = nameConstraints_dirname_p98 +permitted;dirName.99 = nameConstraints_dirname_p99 +permitted;dirName.100 = nameConstraints_dirname_p100 +permitted;dirName.101 = nameConstraints_dirname_p101 +permitted;dirName.102 = nameConstraints_dirname_p102 +permitted;dirName.103 = nameConstraints_dirname_p103 +permitted;dirName.104 = nameConstraints_dirname_p104 +permitted;dirName.105 = nameConstraints_dirname_p105 +permitted;dirName.106 = nameConstraints_dirname_p106 +permitted;dirName.107 = nameConstraints_dirname_p107 +permitted;dirName.108 = nameConstraints_dirname_p108 +permitted;dirName.109 = nameConstraints_dirname_p109 +permitted;dirName.110 = nameConstraints_dirname_p110 +permitted;dirName.111 = nameConstraints_dirname_p111 +permitted;dirName.112 = nameConstraints_dirname_p112 +permitted;dirName.113 = nameConstraints_dirname_p113 +permitted;dirName.114 = nameConstraints_dirname_p114 +permitted;dirName.115 = nameConstraints_dirname_p115 +permitted;dirName.116 = nameConstraints_dirname_p116 +permitted;dirName.117 = nameConstraints_dirname_p117 +permitted;dirName.118 = nameConstraints_dirname_p118 +permitted;dirName.119 = nameConstraints_dirname_p119 +permitted;dirName.120 = nameConstraints_dirname_p120 +permitted;dirName.121 = nameConstraints_dirname_p121 +permitted;dirName.122 = nameConstraints_dirname_p122 +permitted;dirName.123 = nameConstraints_dirname_p123 +permitted;dirName.124 = nameConstraints_dirname_p124 +permitted;dirName.125 = nameConstraints_dirname_p125 +permitted;dirName.126 = nameConstraints_dirname_p126 +permitted;dirName.127 = nameConstraints_dirname_p127 +permitted;dirName.128 = nameConstraints_dirname_p128 +permitted;dirName.129 = nameConstraints_dirname_p129 +permitted;dirName.130 = nameConstraints_dirname_p130 +permitted;dirName.131 = nameConstraints_dirname_p131 +permitted;dirName.132 = nameConstraints_dirname_p132 +permitted;dirName.133 = nameConstraints_dirname_p133 +permitted;dirName.134 = nameConstraints_dirname_p134 +permitted;dirName.135 = nameConstraints_dirname_p135 +permitted;dirName.136 = nameConstraints_dirname_p136 +permitted;dirName.137 = nameConstraints_dirname_p137 +permitted;dirName.138 = nameConstraints_dirname_p138 +permitted;dirName.139 = nameConstraints_dirname_p139 +permitted;dirName.140 = nameConstraints_dirname_p140 +permitted;dirName.141 = nameConstraints_dirname_p141 +permitted;dirName.142 = nameConstraints_dirname_p142 +permitted;dirName.143 = nameConstraints_dirname_p143 +permitted;dirName.144 = nameConstraints_dirname_p144 +permitted;dirName.145 = nameConstraints_dirname_p145 +permitted;dirName.146 = nameConstraints_dirname_p146 +permitted;dirName.147 = nameConstraints_dirname_p147 +permitted;dirName.148 = nameConstraints_dirname_p148 +permitted;dirName.149 = nameConstraints_dirname_p149 +permitted;dirName.150 = nameConstraints_dirname_p150 +permitted;dirName.151 = nameConstraints_dirname_p151 +permitted;dirName.152 = nameConstraints_dirname_p152 +permitted;dirName.153 = nameConstraints_dirname_p153 +permitted;dirName.154 = nameConstraints_dirname_p154 +permitted;dirName.155 = nameConstraints_dirname_p155 +permitted;dirName.156 = nameConstraints_dirname_p156 +permitted;dirName.157 = nameConstraints_dirname_p157 +permitted;dirName.158 = nameConstraints_dirname_p158 +permitted;dirName.159 = nameConstraints_dirname_p159 +permitted;dirName.160 = nameConstraints_dirname_p160 +permitted;dirName.161 = nameConstraints_dirname_p161 +permitted;dirName.162 = nameConstraints_dirname_p162 +permitted;dirName.163 = nameConstraints_dirname_p163 +permitted;dirName.164 = nameConstraints_dirname_p164 +permitted;dirName.165 = nameConstraints_dirname_p165 +permitted;dirName.166 = nameConstraints_dirname_p166 +permitted;dirName.167 = nameConstraints_dirname_p167 +permitted;dirName.168 = nameConstraints_dirname_p168 +permitted;dirName.169 = nameConstraints_dirname_p169 +permitted;dirName.170 = nameConstraints_dirname_p170 +permitted;dirName.171 = nameConstraints_dirname_p171 +permitted;dirName.172 = nameConstraints_dirname_p172 +permitted;URI.1 = http://test/0 +permitted;URI.2 = http://test/1 +permitted;URI.3 = http://test/2 +permitted;URI.4 = http://test/3 +permitted;URI.5 = http://test/4 +permitted;URI.6 = http://test/5 +permitted;URI.7 = http://test/6 +permitted;URI.8 = http://test/7 +permitted;URI.9 = http://test/8 +permitted;URI.10 = http://test/9 +permitted;URI.11 = http://test/10 +permitted;URI.12 = http://test/11 +permitted;URI.13 = http://test/12 +permitted;URI.14 = http://test/13 +permitted;URI.15 = http://test/14 +permitted;URI.16 = http://test/15 +permitted;URI.17 = http://test/16 +permitted;URI.18 = http://test/17 +permitted;URI.19 = http://test/18 +permitted;URI.20 = http://test/19 +permitted;URI.21 = http://test/20 +permitted;URI.22 = http://test/21 +permitted;URI.23 = http://test/22 +permitted;URI.24 = http://test/23 +permitted;URI.25 = http://test/24 +permitted;URI.26 = http://test/25 +permitted;URI.27 = http://test/26 +permitted;URI.28 = http://test/27 +permitted;URI.29 = http://test/28 +permitted;URI.30 = http://test/29 +permitted;URI.31 = http://test/30 +permitted;URI.32 = http://test/31 +permitted;URI.33 = http://test/32 +permitted;URI.34 = http://test/33 +permitted;URI.35 = http://test/34 +permitted;URI.36 = http://test/35 +permitted;URI.37 = http://test/36 +permitted;URI.38 = http://test/37 +permitted;URI.39 = http://test/38 +permitted;URI.40 = http://test/39 +permitted;URI.41 = http://test/40 +permitted;URI.42 = http://test/41 +permitted;URI.43 = http://test/42 +permitted;URI.44 = http://test/43 +permitted;URI.45 = http://test/44 +permitted;URI.46 = http://test/45 +permitted;URI.47 = http://test/46 +permitted;URI.48 = http://test/47 +permitted;URI.49 = http://test/48 +permitted;URI.50 = http://test/49 +permitted;URI.51 = http://test/50 +permitted;URI.52 = http://test/51 +permitted;URI.53 = http://test/52 +permitted;URI.54 = http://test/53 +permitted;URI.55 = http://test/54 +permitted;URI.56 = http://test/55 +permitted;URI.57 = http://test/56 +permitted;URI.58 = http://test/57 +permitted;URI.59 = http://test/58 +permitted;URI.60 = http://test/59 +permitted;URI.61 = http://test/60 +permitted;URI.62 = http://test/61 +permitted;URI.63 = http://test/62 +permitted;URI.64 = http://test/63 +permitted;URI.65 = http://test/64 +permitted;URI.66 = http://test/65 +permitted;URI.67 = http://test/66 +permitted;URI.68 = http://test/67 +permitted;URI.69 = http://test/68 +permitted;URI.70 = http://test/69 +permitted;URI.71 = http://test/70 +permitted;URI.72 = http://test/71 +permitted;URI.73 = http://test/72 +permitted;URI.74 = http://test/73 +permitted;URI.75 = http://test/74 +permitted;URI.76 = http://test/75 +permitted;URI.77 = http://test/76 +permitted;URI.78 = http://test/77 +permitted;URI.79 = http://test/78 +permitted;URI.80 = http://test/79 +permitted;URI.81 = http://test/80 +permitted;URI.82 = http://test/81 +permitted;URI.83 = http://test/82 +permitted;URI.84 = http://test/83 +permitted;URI.85 = http://test/84 +permitted;URI.86 = http://test/85 +permitted;URI.87 = http://test/86 +permitted;URI.88 = http://test/87 +permitted;URI.89 = http://test/88 +permitted;URI.90 = http://test/89 +permitted;URI.91 = http://test/90 +permitted;URI.92 = http://test/91 +permitted;URI.93 = http://test/92 +permitted;URI.94 = http://test/93 +permitted;URI.95 = http://test/94 +permitted;URI.96 = http://test/95 +permitted;URI.97 = http://test/96 +permitted;URI.98 = http://test/97 +permitted;URI.99 = http://test/98 +permitted;URI.100 = http://test/99 +permitted;URI.101 = http://test/100 +permitted;URI.102 = http://test/101 +permitted;URI.103 = http://test/102 +permitted;URI.104 = http://test/103 +permitted;URI.105 = http://test/104 +permitted;URI.106 = http://test/105 +permitted;URI.107 = http://test/106 +permitted;URI.108 = http://test/107 +permitted;URI.109 = http://test/108 +permitted;URI.110 = http://test/109 +permitted;URI.111 = http://test/110 +permitted;URI.112 = http://test/111 +permitted;URI.113 = http://test/112 +permitted;URI.114 = http://test/113 +permitted;URI.115 = http://test/114 +permitted;URI.116 = http://test/115 +permitted;URI.117 = http://test/116 +permitted;URI.118 = http://test/117 +permitted;URI.119 = http://test/118 +permitted;URI.120 = http://test/119 +permitted;URI.121 = http://test/120 +permitted;URI.122 = http://test/121 +permitted;URI.123 = http://test/122 +permitted;URI.124 = http://test/123 +permitted;URI.125 = http://test/124 +permitted;URI.126 = http://test/125 +permitted;URI.127 = http://test/126 +permitted;URI.128 = http://test/127 +permitted;URI.129 = http://test/128 +permitted;URI.130 = http://test/129 +permitted;URI.131 = http://test/130 +permitted;URI.132 = http://test/131 +permitted;URI.133 = http://test/132 +permitted;URI.134 = http://test/133 +permitted;URI.135 = http://test/134 +permitted;URI.136 = http://test/135 +permitted;URI.137 = http://test/136 +permitted;URI.138 = http://test/137 +permitted;URI.139 = http://test/138 +permitted;URI.140 = http://test/139 +permitted;URI.141 = http://test/140 +permitted;URI.142 = http://test/141 +permitted;URI.143 = http://test/142 +permitted;URI.144 = http://test/143 +permitted;URI.145 = http://test/144 +permitted;URI.146 = http://test/145 +permitted;URI.147 = http://test/146 +permitted;URI.148 = http://test/147 +permitted;URI.149 = http://test/148 +permitted;URI.150 = http://test/149 +permitted;URI.151 = http://test/150 +permitted;URI.152 = http://test/151 +permitted;URI.153 = http://test/152 +permitted;URI.154 = http://test/153 +permitted;URI.155 = http://test/154 +permitted;URI.156 = http://test/155 +permitted;URI.157 = http://test/156 +permitted;URI.158 = http://test/157 +permitted;URI.159 = http://test/158 +permitted;URI.160 = http://test/159 +permitted;URI.161 = http://test/160 +permitted;URI.162 = http://test/161 +permitted;URI.163 = http://test/162 +permitted;URI.164 = http://test/163 +permitted;URI.165 = http://test/164 +permitted;URI.166 = http://test/165 +permitted;URI.167 = http://test/166 +permitted;URI.168 = http://test/167 +permitted;URI.169 = http://test/168 +permitted;URI.170 = http://test/169 +permitted;URI.171 = http://test/170 +permitted;URI.172 = http://test/171 +permitted;URI.173 = http://test/172 +permitted;URI.174 = http://test/173 +permitted;URI.175 = http://test/174 +permitted;URI.176 = http://test/175 +permitted;URI.177 = http://test/176 +permitted;URI.178 = http://test/177 +permitted;URI.179 = http://test/178 +permitted;URI.180 = http://test/179 +permitted;URI.181 = http://test/180 +permitted;URI.182 = http://test/181 +permitted;URI.183 = http://test/182 +permitted;URI.184 = http://test/183 +permitted;URI.185 = http://test/184 +permitted;URI.186 = http://test/185 +permitted;URI.187 = http://test/186 +permitted;URI.188 = http://test/187 +permitted;URI.189 = http://test/188 +permitted;URI.190 = http://test/189 +permitted;URI.191 = http://test/190 +permitted;URI.192 = http://test/191 +permitted;URI.193 = http://test/192 +permitted;URI.194 = http://test/193 +permitted;URI.195 = http://test/194 +permitted;URI.196 = http://test/195 +permitted;URI.197 = http://test/196 +permitted;URI.198 = http://test/197 +permitted;URI.199 = http://test/198 +permitted;URI.200 = http://test/199 +permitted;URI.201 = http://test/200 +permitted;URI.202 = http://test/201 +permitted;URI.203 = http://test/202 +permitted;URI.204 = http://test/203 +permitted;URI.205 = http://test/204 +permitted;URI.206 = http://test/205 +permitted;URI.207 = http://test/206 +permitted;URI.208 = http://test/207 +permitted;URI.209 = http://test/208 +permitted;URI.210 = http://test/209 +permitted;URI.211 = http://test/210 +permitted;URI.212 = http://test/211 +permitted;URI.213 = http://test/212 +permitted;URI.214 = http://test/213 +permitted;URI.215 = http://test/214 +permitted;URI.216 = http://test/215 +permitted;URI.217 = http://test/216 +permitted;URI.218 = http://test/217 +permitted;URI.219 = http://test/218 +permitted;URI.220 = http://test/219 +permitted;URI.221 = http://test/220 +permitted;URI.222 = http://test/221 +permitted;URI.223 = http://test/222 +permitted;URI.224 = http://test/223 +permitted;URI.225 = http://test/224 +permitted;URI.226 = http://test/225 +permitted;URI.227 = http://test/226 +permitted;URI.228 = http://test/227 +permitted;URI.229 = http://test/228 +permitted;URI.230 = http://test/229 +permitted;URI.231 = http://test/230 +permitted;URI.232 = http://test/231 +permitted;URI.233 = http://test/232 +permitted;URI.234 = http://test/233 +permitted;URI.235 = http://test/234 +permitted;URI.236 = http://test/235 +permitted;URI.237 = http://test/236 +permitted;URI.238 = http://test/237 +permitted;URI.239 = http://test/238 +permitted;URI.240 = http://test/239 +permitted;URI.241 = http://test/240 +permitted;URI.242 = http://test/241 +permitted;URI.243 = http://test/242 +permitted;URI.244 = http://test/243 +permitted;URI.245 = http://test/244 +permitted;URI.246 = http://test/245 +permitted;URI.247 = http://test/246 +permitted;URI.248 = http://test/247 +permitted;URI.249 = http://test/248 +permitted;URI.250 = http://test/249 +permitted;URI.251 = http://test/250 +permitted;URI.252 = http://test/251 +permitted;URI.253 = http://test/252 +permitted;URI.254 = http://test/253 +permitted;URI.255 = http://test/254 +permitted;URI.256 = http://test/255 +permitted;URI.257 = http://test/256 +permitted;URI.258 = http://test/257 +permitted;URI.259 = http://test/258 +permitted;URI.260 = http://test/259 +permitted;URI.261 = http://test/260 +permitted;URI.262 = http://test/261 +permitted;URI.263 = http://test/262 +permitted;URI.264 = http://test/263 +permitted;URI.265 = http://test/264 +permitted;URI.266 = http://test/265 +permitted;URI.267 = http://test/266 +permitted;URI.268 = http://test/267 +permitted;URI.269 = http://test/268 +permitted;URI.270 = http://test/269 +permitted;URI.271 = http://test/270 +permitted;URI.272 = http://test/271 +permitted;URI.273 = http://test/272 +permitted;URI.274 = http://test/273 +permitted;URI.275 = http://test/274 +permitted;URI.276 = http://test/275 +permitted;URI.277 = http://test/276 +permitted;URI.278 = http://test/277 +permitted;URI.279 = http://test/278 +permitted;URI.280 = http://test/279 +permitted;URI.281 = http://test/280 +permitted;URI.282 = http://test/281 +permitted;URI.283 = http://test/282 +permitted;URI.284 = http://test/283 +permitted;URI.285 = http://test/284 +permitted;URI.286 = http://test/285 +permitted;URI.287 = http://test/286 +permitted;URI.288 = http://test/287 +permitted;URI.289 = http://test/288 +permitted;URI.290 = http://test/289 +permitted;URI.291 = http://test/290 +permitted;URI.292 = http://test/291 +permitted;URI.293 = http://test/292 +permitted;URI.294 = http://test/293 +permitted;URI.295 = http://test/294 +permitted;URI.296 = http://test/295 +permitted;URI.297 = http://test/296 +permitted;URI.298 = http://test/297 +permitted;URI.299 = http://test/298 +permitted;URI.300 = http://test/299 +permitted;URI.301 = http://test/300 +permitted;URI.302 = http://test/301 +permitted;URI.303 = http://test/302 +permitted;URI.304 = http://test/303 +permitted;URI.305 = http://test/304 +permitted;URI.306 = http://test/305 +permitted;URI.307 = http://test/306 +permitted;URI.308 = http://test/307 +permitted;URI.309 = http://test/308 +permitted;URI.310 = http://test/309 +permitted;URI.311 = http://test/310 +permitted;URI.312 = http://test/311 +permitted;URI.313 = http://test/312 +permitted;URI.314 = http://test/313 +permitted;URI.315 = http://test/314 +permitted;URI.316 = http://test/315 +permitted;URI.317 = http://test/316 +permitted;URI.318 = http://test/317 +permitted;URI.319 = http://test/318 +permitted;URI.320 = http://test/319 +permitted;URI.321 = http://test/320 +permitted;URI.322 = http://test/321 +permitted;URI.323 = http://test/322 +permitted;URI.324 = http://test/323 +permitted;URI.325 = http://test/324 +permitted;URI.326 = http://test/325 +permitted;URI.327 = http://test/326 +permitted;URI.328 = http://test/327 +permitted;URI.329 = http://test/328 +permitted;URI.330 = http://test/329 +permitted;URI.331 = http://test/330 +permitted;URI.332 = http://test/331 +permitted;URI.333 = http://test/332 +permitted;URI.334 = http://test/333 +permitted;URI.335 = http://test/334 +permitted;URI.336 = http://test/335 +permitted;URI.337 = http://test/336 +permitted;URI.338 = http://test/337 +permitted;URI.339 = http://test/338 +permitted;URI.340 = http://test/339 +permitted;URI.341 = http://test/340 +permitted;URI.342 = http://test/341 +permitted;URI.343 = http://test/342 +permitted;URI.344 = http://test/343 +permitted;URI.345 = http://test/344 +permitted;URI.346 = http://test/345 +permitted;URI.347 = http://test/346 +permitted;URI.348 = http://test/347 +permitted;URI.349 = http://test/348 +permitted;URI.350 = http://test/349 +permitted;URI.351 = http://test/350 +permitted;URI.352 = http://test/351 +permitted;URI.353 = http://test/352 +permitted;URI.354 = http://test/353 +permitted;URI.355 = http://test/354 +permitted;URI.356 = http://test/355 +permitted;URI.357 = http://test/356 +permitted;URI.358 = http://test/357 +permitted;URI.359 = http://test/358 +permitted;URI.360 = http://test/359 +permitted;URI.361 = http://test/360 +permitted;URI.362 = http://test/361 +permitted;URI.363 = http://test/362 +permitted;URI.364 = http://test/363 +permitted;URI.365 = http://test/364 +permitted;URI.366 = http://test/365 +permitted;URI.367 = http://test/366 +permitted;URI.368 = http://test/367 +permitted;URI.369 = http://test/368 +permitted;URI.370 = http://test/369 +permitted;URI.371 = http://test/370 +permitted;URI.372 = http://test/371 +permitted;URI.373 = http://test/372 +permitted;URI.374 = http://test/373 +permitted;URI.375 = http://test/374 +permitted;URI.376 = http://test/375 +permitted;URI.377 = http://test/376 +permitted;URI.378 = http://test/377 +permitted;URI.379 = http://test/378 +permitted;URI.380 = http://test/379 +permitted;URI.381 = http://test/380 +permitted;URI.382 = http://test/381 +permitted;URI.383 = http://test/382 +permitted;URI.384 = http://test/383 +permitted;URI.385 = http://test/384 +permitted;URI.386 = http://test/385 +permitted;URI.387 = http://test/386 +permitted;URI.388 = http://test/387 +permitted;URI.389 = http://test/388 +permitted;URI.390 = http://test/389 +permitted;URI.391 = http://test/390 +permitted;URI.392 = http://test/391 +permitted;URI.393 = http://test/392 +permitted;URI.394 = http://test/393 +permitted;URI.395 = http://test/394 +permitted;URI.396 = http://test/395 +permitted;URI.397 = http://test/396 +permitted;URI.398 = http://test/397 +permitted;URI.399 = http://test/398 +permitted;URI.400 = http://test/399 +permitted;URI.401 = http://test/400 +permitted;URI.402 = http://test/401 +permitted;URI.403 = http://test/402 +permitted;URI.404 = http://test/403 +permitted;URI.405 = http://test/404 +permitted;URI.406 = http://test/405 +permitted;URI.407 = http://test/406 +permitted;URI.408 = http://test/407 +permitted;URI.409 = http://test/408 +permitted;URI.410 = http://test/409 +permitted;URI.411 = http://test/410 +permitted;URI.412 = http://test/411 +permitted;URI.413 = http://test/412 +permitted;URI.414 = http://test/413 +permitted;URI.415 = http://test/414 +permitted;URI.416 = http://test/415 +permitted;URI.417 = http://test/416 +permitted;URI.418 = http://test/417 +permitted;URI.419 = http://test/418 +permitted;URI.420 = http://test/419 +permitted;URI.421 = http://test/420 +permitted;URI.422 = http://test/421 +permitted;URI.423 = http://test/422 +permitted;URI.424 = http://test/423 +permitted;URI.425 = http://test/424 +permitted;URI.426 = http://test/425 +permitted;URI.427 = http://test/426 +permitted;URI.428 = http://test/427 +permitted;URI.429 = http://test/428 +permitted;URI.430 = http://test/429 +permitted;URI.431 = http://test/430 +permitted;URI.432 = http://test/431 +permitted;URI.433 = http://test/432 +permitted;URI.434 = http://test/433 +permitted;URI.435 = http://test/434 +permitted;URI.436 = http://test/435 +permitted;URI.437 = http://test/436 +permitted;URI.438 = http://test/437 +permitted;URI.439 = http://test/438 +permitted;URI.440 = http://test/439 +permitted;URI.441 = http://test/440 +permitted;URI.442 = http://test/441 +permitted;URI.443 = http://test/442 +permitted;URI.444 = http://test/443 +permitted;URI.445 = http://test/444 +permitted;URI.446 = http://test/445 +permitted;URI.447 = http://test/446 +permitted;URI.448 = http://test/447 +permitted;URI.449 = http://test/448 +permitted;URI.450 = http://test/449 +permitted;URI.451 = http://test/450 +permitted;URI.452 = http://test/451 +permitted;URI.453 = http://test/452 +permitted;URI.454 = http://test/453 +permitted;URI.455 = http://test/454 +permitted;URI.456 = http://test/455 +permitted;URI.457 = http://test/456 +permitted;URI.458 = http://test/457 +permitted;URI.459 = http://test/458 +permitted;URI.460 = http://test/459 +permitted;URI.461 = http://test/460 +permitted;URI.462 = http://test/461 +permitted;URI.463 = http://test/462 +permitted;URI.464 = http://test/463 +permitted;URI.465 = http://test/464 +permitted;URI.466 = http://test/465 +permitted;URI.467 = http://test/466 +permitted;URI.468 = http://test/467 +permitted;URI.469 = http://test/468 +permitted;URI.470 = http://test/469 +permitted;URI.471 = http://test/470 +permitted;URI.472 = http://test/471 +permitted;URI.473 = http://test/472 +permitted;URI.474 = http://test/473 +permitted;URI.475 = http://test/474 +permitted;URI.476 = http://test/475 +permitted;URI.477 = http://test/476 +permitted;URI.478 = http://test/477 +permitted;URI.479 = http://test/478 +permitted;URI.480 = http://test/479 +permitted;URI.481 = http://test/480 +permitted;URI.482 = http://test/481 +permitted;URI.483 = http://test/482 +permitted;URI.484 = http://test/483 +permitted;URI.485 = http://test/484 +permitted;URI.486 = http://test/485 +permitted;URI.487 = http://test/486 +permitted;URI.488 = http://test/487 +permitted;URI.489 = http://test/488 +permitted;URI.490 = http://test/489 +permitted;URI.491 = http://test/490 +permitted;URI.492 = http://test/491 +permitted;URI.493 = http://test/492 +permitted;URI.494 = http://test/493 +permitted;URI.495 = http://test/494 +permitted;URI.496 = http://test/495 +permitted;URI.497 = http://test/496 +permitted;URI.498 = http://test/497 +permitted;URI.499 = http://test/498 +permitted;URI.500 = http://test/499 +permitted;URI.501 = http://test/500 +permitted;URI.502 = http://test/501 +permitted;URI.503 = http://test/502 +permitted;URI.504 = http://test/503 +permitted;URI.505 = http://test/504 +permitted;URI.506 = http://test/505 +permitted;URI.507 = http://test/506 +permitted;URI.508 = http://test/507 +permitted;URI.509 = http://test/508 +permitted;URI.510 = http://test/509 +permitted;URI.511 = http://test/510 +permitted;URI.512 = http://test/511 +permitted;URI.513 = http://test/512 +permitted;URI.514 = http://test/513 +permitted;URI.515 = http://test/514 +permitted;URI.516 = http://test/515 +permitted;URI.517 = http://test/516 +permitted;URI.518 = http://test/517 +permitted;URI.519 = http://test/518 +permitted;URI.520 = http://test/519 +permitted;URI.521 = http://test/520 +permitted;URI.522 = http://test/521 +permitted;URI.523 = http://test/522 +permitted;URI.524 = http://test/523 +permitted;URI.525 = http://test/524 +permitted;URI.526 = http://test/525 +permitted;URI.527 = http://test/526 +permitted;URI.528 = http://test/527 +permitted;URI.529 = http://test/528 +permitted;URI.530 = http://test/529 +permitted;URI.531 = http://test/530 +permitted;URI.532 = http://test/531 +permitted;URI.533 = http://test/532 +permitted;URI.534 = http://test/533 +permitted;URI.535 = http://test/534 +permitted;URI.536 = http://test/535 +permitted;URI.537 = http://test/536 +permitted;URI.538 = http://test/537 +permitted;URI.539 = http://test/538 +permitted;URI.540 = http://test/539 +permitted;URI.541 = http://test/540 +permitted;URI.542 = http://test/541 +permitted;URI.543 = http://test/542 +permitted;URI.544 = http://test/543 +permitted;URI.545 = http://test/544 +permitted;URI.546 = http://test/545 +permitted;URI.547 = http://test/546 +permitted;URI.548 = http://test/547 +permitted;URI.549 = http://test/548 +permitted;URI.550 = http://test/549 +permitted;URI.551 = http://test/550 +permitted;URI.552 = http://test/551 +permitted;URI.553 = http://test/552 +permitted;URI.554 = http://test/553 +permitted;URI.555 = http://test/554 +permitted;URI.556 = http://test/555 +permitted;URI.557 = http://test/556 +permitted;URI.558 = http://test/557 +permitted;URI.559 = http://test/558 +permitted;URI.560 = http://test/559 +permitted;URI.561 = http://test/560 +permitted;URI.562 = http://test/561 +permitted;URI.563 = http://test/562 +permitted;URI.564 = http://test/563 +permitted;URI.565 = http://test/564 +permitted;URI.566 = http://test/565 +permitted;URI.567 = http://test/566 +permitted;URI.568 = http://test/567 +permitted;URI.569 = http://test/568 +permitted;URI.570 = http://test/569 +permitted;URI.571 = http://test/570 +permitted;URI.572 = http://test/571 +permitted;URI.573 = http://test/572 +permitted;URI.574 = http://test/573 +permitted;URI.575 = http://test/574 +permitted;URI.576 = http://test/575 +permitted;URI.577 = http://test/576 +permitted;URI.578 = http://test/577 +permitted;URI.579 = http://test/578 +permitted;URI.580 = http://test/579 +permitted;URI.581 = http://test/580 +permitted;URI.582 = http://test/581 +permitted;URI.583 = http://test/582 +permitted;URI.584 = http://test/583 +permitted;URI.585 = http://test/584 +permitted;URI.586 = http://test/585 +permitted;URI.587 = http://test/586 +permitted;URI.588 = http://test/587 +permitted;URI.589 = http://test/588 +permitted;URI.590 = http://test/589 +permitted;URI.591 = http://test/590 +permitted;URI.592 = http://test/591 +permitted;URI.593 = http://test/592 +permitted;URI.594 = http://test/593 +permitted;URI.595 = http://test/594 +permitted;URI.596 = http://test/595 +permitted;URI.597 = http://test/596 +permitted;URI.598 = http://test/597 +permitted;URI.599 = http://test/598 +permitted;URI.600 = http://test/599 +permitted;URI.601 = http://test/600 +permitted;URI.602 = http://test/601 +permitted;URI.603 = http://test/602 +permitted;URI.604 = http://test/603 +permitted;URI.605 = http://test/604 +permitted;URI.606 = http://test/605 +permitted;URI.607 = http://test/606 +permitted;URI.608 = http://test/607 +permitted;URI.609 = http://test/608 +permitted;URI.610 = http://test/609 +permitted;URI.611 = http://test/610 +permitted;URI.612 = http://test/611 +permitted;URI.613 = http://test/612 +permitted;URI.614 = http://test/613 +permitted;URI.615 = http://test/614 +permitted;URI.616 = http://test/615 +permitted;URI.617 = http://test/616 +permitted;URI.618 = http://test/617 +permitted;URI.619 = http://test/618 +permitted;URI.620 = http://test/619 +permitted;URI.621 = http://test/620 +permitted;URI.622 = http://test/621 +permitted;URI.623 = http://test/622 +permitted;URI.624 = http://test/623 +permitted;URI.625 = http://test/624 +permitted;URI.626 = http://test/625 +permitted;URI.627 = http://test/626 +permitted;URI.628 = http://test/627 +permitted;URI.629 = http://test/628 +permitted;URI.630 = http://test/629 +permitted;URI.631 = http://test/630 +permitted;URI.632 = http://test/631 +permitted;URI.633 = http://test/632 +permitted;URI.634 = http://test/633 +permitted;URI.635 = http://test/634 +permitted;URI.636 = http://test/635 +permitted;URI.637 = http://test/636 +permitted;URI.638 = http://test/637 +permitted;URI.639 = http://test/638 +permitted;URI.640 = http://test/639 +permitted;URI.641 = http://test/640 +permitted;URI.642 = http://test/641 +permitted;URI.643 = http://test/642 +permitted;URI.644 = http://test/643 +permitted;URI.645 = http://test/644 +permitted;URI.646 = http://test/645 +permitted;URI.647 = http://test/646 +permitted;URI.648 = http://test/647 +permitted;URI.649 = http://test/648 +permitted;URI.650 = http://test/649 +permitted;URI.651 = http://test/650 +permitted;URI.652 = http://test/651 +permitted;URI.653 = http://test/652 +permitted;URI.654 = http://test/653 +permitted;URI.655 = http://test/654 +permitted;URI.656 = http://test/655 +permitted;URI.657 = http://test/656 +permitted;URI.658 = http://test/657 +permitted;URI.659 = http://test/658 +permitted;URI.660 = http://test/659 +permitted;URI.661 = http://test/660 +permitted;URI.662 = http://test/661 +permitted;URI.663 = http://test/662 +permitted;URI.664 = http://test/663 +permitted;URI.665 = http://test/664 +permitted;URI.666 = http://test/665 +permitted;URI.667 = http://test/666 +permitted;URI.668 = http://test/667 +permitted;URI.669 = http://test/668 +permitted;URI.670 = http://test/669 +permitted;URI.671 = http://test/670 +permitted;URI.672 = http://test/671 +permitted;URI.673 = http://test/672 +permitted;URI.674 = http://test/673 +permitted;URI.675 = http://test/674 +permitted;URI.676 = http://test/675 +permitted;URI.677 = http://test/676 +permitted;URI.678 = http://test/677 +permitted;URI.679 = http://test/678 +permitted;URI.680 = http://test/679 +permitted;URI.681 = http://test/680 +permitted;URI.682 = http://test/681 +permitted;URI.683 = http://test/682 +permitted;URI.684 = http://test/683 +permitted;URI.685 = http://test/684 +permitted;URI.686 = http://test/685 +permitted;URI.687 = http://test/686 +permitted;URI.688 = http://test/687 +permitted;URI.689 = http://test/688 +permitted;URI.690 = http://test/689 +permitted;URI.691 = http://test/690 +permitted;URI.692 = http://test/691 +permitted;URI.693 = http://test/692 +permitted;URI.694 = http://test/693 +permitted;URI.695 = http://test/694 +permitted;URI.696 = http://test/695 +permitted;URI.697 = http://test/696 +permitted;URI.698 = http://test/697 +permitted;URI.699 = http://test/698 +permitted;URI.700 = http://test/699 +permitted;URI.701 = http://test/700 +permitted;URI.702 = http://test/701 +permitted;URI.703 = http://test/702 +permitted;URI.704 = http://test/703 +permitted;URI.705 = http://test/704 +permitted;URI.706 = http://test/705 +permitted;URI.707 = http://test/706 +permitted;URI.708 = http://test/707 +permitted;URI.709 = http://test/708 +permitted;URI.710 = http://test/709 +permitted;URI.711 = http://test/710 +permitted;URI.712 = http://test/711 +permitted;URI.713 = http://test/712 +permitted;URI.714 = http://test/713 +permitted;URI.715 = http://test/714 +permitted;URI.716 = http://test/715 +permitted;URI.717 = http://test/716 +permitted;URI.718 = http://test/717 +permitted;URI.719 = http://test/718 +permitted;URI.720 = http://test/719 +permitted;URI.721 = http://test/720 +permitted;URI.722 = http://test/721 +permitted;URI.723 = http://test/722 +permitted;URI.724 = http://test/723 +permitted;URI.725 = http://test/724 +permitted;URI.726 = http://test/725 +permitted;URI.727 = http://test/726 +permitted;URI.728 = http://test/727 +permitted;URI.729 = http://test/728 +permitted;URI.730 = http://test/729 +permitted;URI.731 = http://test/730 +permitted;URI.732 = http://test/731 +permitted;URI.733 = http://test/732 +permitted;URI.734 = http://test/733 +permitted;URI.735 = http://test/734 +permitted;URI.736 = http://test/735 +permitted;URI.737 = http://test/736 +permitted;URI.738 = http://test/737 +permitted;URI.739 = http://test/738 +permitted;URI.740 = http://test/739 +permitted;URI.741 = http://test/740 +permitted;URI.742 = http://test/741 +permitted;URI.743 = http://test/742 +permitted;URI.744 = http://test/743 +permitted;URI.745 = http://test/744 +permitted;URI.746 = http://test/745 +permitted;URI.747 = http://test/746 +permitted;URI.748 = http://test/747 +permitted;URI.749 = http://test/748 +permitted;URI.750 = http://test/749 +permitted;URI.751 = http://test/750 +permitted;URI.752 = http://test/751 +permitted;URI.753 = http://test/752 +permitted;URI.754 = http://test/753 +permitted;URI.755 = http://test/754 +permitted;URI.756 = http://test/755 +permitted;URI.757 = http://test/756 +permitted;URI.758 = http://test/757 +permitted;URI.759 = http://test/758 +permitted;URI.760 = http://test/759 +permitted;URI.761 = http://test/760 +permitted;URI.762 = http://test/761 +permitted;URI.763 = http://test/762 +permitted;URI.764 = http://test/763 +permitted;URI.765 = http://test/764 +permitted;URI.766 = http://test/765 +permitted;URI.767 = http://test/766 +permitted;URI.768 = http://test/767 +permitted;URI.769 = http://test/768 +permitted;URI.770 = http://test/769 +permitted;URI.771 = http://test/770 +permitted;URI.772 = http://test/771 +permitted;URI.773 = http://test/772 +permitted;URI.774 = http://test/773 +permitted;URI.775 = http://test/774 +permitted;URI.776 = http://test/775 +permitted;URI.777 = http://test/776 +permitted;URI.778 = http://test/777 +permitted;URI.779 = http://test/778 +permitted;URI.780 = http://test/779 +permitted;URI.781 = http://test/780 +permitted;URI.782 = http://test/781 +permitted;URI.783 = http://test/782 +permitted;URI.784 = http://test/783 +permitted;URI.785 = http://test/784 +permitted;URI.786 = http://test/785 +permitted;URI.787 = http://test/786 +permitted;URI.788 = http://test/787 +permitted;URI.789 = http://test/788 +permitted;URI.790 = http://test/789 +permitted;URI.791 = http://test/790 +permitted;URI.792 = http://test/791 +permitted;URI.793 = http://test/792 +permitted;URI.794 = http://test/793 +permitted;URI.795 = http://test/794 +permitted;URI.796 = http://test/795 +permitted;URI.797 = http://test/796 +permitted;URI.798 = http://test/797 +permitted;URI.799 = http://test/798 +permitted;URI.800 = http://test/799 +permitted;URI.801 = http://test/800 +permitted;URI.802 = http://test/801 +permitted;URI.803 = http://test/802 +permitted;URI.804 = http://test/803 +permitted;URI.805 = http://test/804 +permitted;URI.806 = http://test/805 +permitted;URI.807 = http://test/806 +permitted;URI.808 = http://test/807 +permitted;URI.809 = http://test/808 +permitted;URI.810 = http://test/809 +permitted;URI.811 = http://test/810 +permitted;URI.812 = http://test/811 +permitted;URI.813 = http://test/812 +permitted;URI.814 = http://test/813 +permitted;URI.815 = http://test/814 +permitted;URI.816 = http://test/815 +permitted;URI.817 = http://test/816 +permitted;URI.818 = http://test/817 +permitted;URI.819 = http://test/818 +permitted;URI.820 = http://test/819 +permitted;URI.821 = http://test/820 +permitted;URI.822 = http://test/821 +permitted;URI.823 = http://test/822 +permitted;URI.824 = http://test/823 +permitted;URI.825 = http://test/824 +permitted;URI.826 = http://test/825 +permitted;URI.827 = http://test/826 +permitted;URI.828 = http://test/827 +permitted;URI.829 = http://test/828 +permitted;URI.830 = http://test/829 +permitted;URI.831 = http://test/830 +permitted;URI.832 = http://test/831 +permitted;URI.833 = http://test/832 +permitted;URI.834 = http://test/833 +permitted;URI.835 = http://test/834 +permitted;URI.836 = http://test/835 +permitted;URI.837 = http://test/836 +permitted;URI.838 = http://test/837 +permitted;URI.839 = http://test/838 +permitted;URI.840 = http://test/839 +permitted;URI.841 = http://test/840 +permitted;URI.842 = http://test/841 +permitted;URI.843 = http://test/842 +permitted;URI.844 = http://test/843 +permitted;URI.845 = http://test/844 +permitted;URI.846 = http://test/845 +permitted;URI.847 = http://test/846 +permitted;URI.848 = http://test/847 +permitted;URI.849 = http://test/848 +permitted;URI.850 = http://test/849 +permitted;URI.851 = http://test/850 +permitted;URI.852 = http://test/851 +permitted;URI.853 = http://test/852 +permitted;URI.854 = http://test/853 +permitted;URI.855 = http://test/854 +permitted;URI.856 = http://test/855 +permitted;URI.857 = http://test/856 +permitted;URI.858 = http://test/857 +permitted;URI.859 = http://test/858 +permitted;URI.860 = http://test/859 +permitted;URI.861 = http://test/860 +permitted;URI.862 = http://test/861 +permitted;URI.863 = http://test/862 +permitted;URI.864 = http://test/863 +permitted;URI.865 = http://test/864 +permitted;URI.866 = http://test/865 +permitted;URI.867 = http://test/866 +permitted;URI.868 = http://test/867 +permitted;URI.869 = http://test/868 +permitted;URI.870 = http://test/869 +permitted;URI.871 = http://test/870 +permitted;URI.872 = http://test/871 +permitted;URI.873 = http://test/872 +permitted;URI.874 = http://test/873 +permitted;URI.875 = http://test/874 +permitted;URI.876 = http://test/875 +permitted;URI.877 = http://test/876 +permitted;URI.878 = http://test/877 +permitted;URI.879 = http://test/878 +permitted;URI.880 = http://test/879 +permitted;URI.881 = http://test/880 +permitted;URI.882 = http://test/881 +permitted;URI.883 = http://test/882 +permitted;URI.884 = http://test/883 +permitted;URI.885 = http://test/884 +permitted;URI.886 = http://test/885 +permitted;URI.887 = http://test/886 +permitted;URI.888 = http://test/887 +permitted;URI.889 = http://test/888 +permitted;URI.890 = http://test/889 +permitted;URI.891 = http://test/890 +permitted;URI.892 = http://test/891 +permitted;URI.893 = http://test/892 +permitted;URI.894 = http://test/893 +permitted;URI.895 = http://test/894 +permitted;URI.896 = http://test/895 +permitted;URI.897 = http://test/896 +permitted;URI.898 = http://test/897 +permitted;URI.899 = http://test/898 +permitted;URI.900 = http://test/899 +permitted;URI.901 = http://test/900 +permitted;URI.902 = http://test/901 +permitted;URI.903 = http://test/902 +permitted;URI.904 = http://test/903 +permitted;URI.905 = http://test/904 +permitted;URI.906 = http://test/905 +permitted;URI.907 = http://test/906 +permitted;URI.908 = http://test/907 +permitted;URI.909 = http://test/908 +permitted;URI.910 = http://test/909 +permitted;URI.911 = http://test/910 +permitted;URI.912 = http://test/911 +permitted;URI.913 = http://test/912 +permitted;URI.914 = http://test/913 +permitted;URI.915 = http://test/914 +permitted;URI.916 = http://test/915 +permitted;URI.917 = http://test/916 +permitted;URI.918 = http://test/917 +permitted;URI.919 = http://test/918 +permitted;URI.920 = http://test/919 +permitted;URI.921 = http://test/920 +permitted;URI.922 = http://test/921 +permitted;URI.923 = http://test/922 +permitted;URI.924 = http://test/923 +permitted;URI.925 = http://test/924 +permitted;URI.926 = http://test/925 +permitted;URI.927 = http://test/926 +permitted;URI.928 = http://test/927 +permitted;URI.929 = http://test/928 +permitted;URI.930 = http://test/929 +permitted;URI.931 = http://test/930 +permitted;URI.932 = http://test/931 +permitted;URI.933 = http://test/932 +permitted;URI.934 = http://test/933 +permitted;URI.935 = http://test/934 +permitted;URI.936 = http://test/935 +permitted;URI.937 = http://test/936 +permitted;URI.938 = http://test/937 +permitted;URI.939 = http://test/938 +permitted;URI.940 = http://test/939 +permitted;URI.941 = http://test/940 +permitted;URI.942 = http://test/941 +permitted;URI.943 = http://test/942 +permitted;URI.944 = http://test/943 +permitted;URI.945 = http://test/944 +permitted;URI.946 = http://test/945 +permitted;URI.947 = http://test/946 +permitted;URI.948 = http://test/947 +permitted;URI.949 = http://test/948 +permitted;URI.950 = http://test/949 +permitted;URI.951 = http://test/950 +permitted;URI.952 = http://test/951 +permitted;URI.953 = http://test/952 +permitted;URI.954 = http://test/953 +permitted;URI.955 = http://test/954 +permitted;URI.956 = http://test/955 +permitted;URI.957 = http://test/956 +permitted;URI.958 = http://test/957 +permitted;URI.959 = http://test/958 +permitted;URI.960 = http://test/959 +permitted;URI.961 = http://test/960 +permitted;URI.962 = http://test/961 +permitted;URI.963 = http://test/962 +permitted;URI.964 = http://test/963 +permitted;URI.965 = http://test/964 +permitted;URI.966 = http://test/965 +permitted;URI.967 = http://test/966 +permitted;URI.968 = http://test/967 +permitted;URI.969 = http://test/968 +permitted;URI.970 = http://test/969 +permitted;URI.971 = http://test/970 +permitted;URI.972 = http://test/971 +permitted;URI.973 = http://test/972 +permitted;URI.974 = http://test/973 +permitted;URI.975 = http://test/974 +permitted;URI.976 = http://test/975 +permitted;URI.977 = http://test/976 +permitted;URI.978 = http://test/977 +permitted;URI.979 = http://test/978 +permitted;URI.980 = http://test/979 +permitted;URI.981 = http://test/980 +permitted;URI.982 = http://test/981 +permitted;URI.983 = http://test/982 +permitted;URI.984 = http://test/983 +permitted;URI.985 = http://test/984 +permitted;URI.986 = http://test/985 +permitted;URI.987 = http://test/986 +permitted;URI.988 = http://test/987 +permitted;URI.989 = http://test/988 +permitted;URI.990 = http://test/989 +permitted;URI.991 = http://test/990 +permitted;URI.992 = http://test/991 +permitted;URI.993 = http://test/992 +permitted;URI.994 = http://test/993 +permitted;URI.995 = http://test/994 +permitted;URI.996 = http://test/995 +permitted;URI.997 = http://test/996 +permitted;URI.998 = http://test/997 +permitted;URI.999 = http://test/998 +permitted;URI.1000 = http://test/999 +permitted;URI.1001 = http://test/1000 +permitted;URI.1002 = http://test/1001 +permitted;URI.1003 = http://test/1002 +permitted;URI.1004 = http://test/1003 +permitted;URI.1005 = http://test/1004 +permitted;URI.1006 = http://test/1005 +permitted;URI.1007 = http://test/1006 +permitted;URI.1008 = http://test/1007 +permitted;URI.1009 = http://test/1008 +permitted;URI.1010 = http://test/1009 +permitted;URI.1011 = http://test/1010 +permitted;URI.1012 = http://test/1011 +permitted;URI.1013 = http://test/1012 +permitted;URI.1014 = http://test/1013 +permitted;URI.1015 = http://test/1014 +permitted;URI.1016 = http://test/1015 +permitted;URI.1017 = http://test/1016 +permitted;URI.1018 = http://test/1017 +permitted;URI.1019 = http://test/1018 +permitted;URI.1020 = http://test/1019 +permitted;URI.1021 = http://test/1020 +permitted;URI.1022 = http://test/1021 +permitted;URI.1023 = http://test/1022 +permitted;URI.1024 = http://test/1023 +permitted;URI.1025 = http://test/1024 + +[nameConstraints_dirname_x1] +commonName = "x0 + +[nameConstraints_dirname_x2] +commonName = "x1 + +[nameConstraints_dirname_x3] +commonName = "x2 + +[nameConstraints_dirname_x4] +commonName = "x3 + +[nameConstraints_dirname_x5] +commonName = "x4 + +[nameConstraints_dirname_x6] +commonName = "x5 + +[nameConstraints_dirname_x7] +commonName = "x6 + +[nameConstraints_dirname_x8] +commonName = "x7 + +[nameConstraints_dirname_x9] +commonName = "x8 + +[nameConstraints_dirname_x10] +commonName = "x9 + +[nameConstraints_dirname_x11] +commonName = "x10 + +[nameConstraints_dirname_x12] +commonName = "x11 + +[nameConstraints_dirname_x13] +commonName = "x12 + +[nameConstraints_dirname_x14] +commonName = "x13 + +[nameConstraints_dirname_x15] +commonName = "x14 + +[nameConstraints_dirname_x16] +commonName = "x15 + +[nameConstraints_dirname_x17] +commonName = "x16 + +[nameConstraints_dirname_x18] +commonName = "x17 + +[nameConstraints_dirname_x19] +commonName = "x18 + +[nameConstraints_dirname_x20] +commonName = "x19 + +[nameConstraints_dirname_x21] +commonName = "x20 + +[nameConstraints_dirname_x22] +commonName = "x21 + +[nameConstraints_dirname_x23] +commonName = "x22 + +[nameConstraints_dirname_x24] +commonName = "x23 + +[nameConstraints_dirname_x25] +commonName = "x24 + +[nameConstraints_dirname_x26] +commonName = "x25 + +[nameConstraints_dirname_x27] +commonName = "x26 + +[nameConstraints_dirname_x28] +commonName = "x27 + +[nameConstraints_dirname_x29] +commonName = "x28 + +[nameConstraints_dirname_x30] +commonName = "x29 + +[nameConstraints_dirname_x31] +commonName = "x30 + +[nameConstraints_dirname_x32] +commonName = "x31 + +[nameConstraints_dirname_x33] +commonName = "x32 + +[nameConstraints_dirname_x34] +commonName = "x33 + +[nameConstraints_dirname_x35] +commonName = "x34 + +[nameConstraints_dirname_x36] +commonName = "x35 + +[nameConstraints_dirname_x37] +commonName = "x36 + +[nameConstraints_dirname_x38] +commonName = "x37 + +[nameConstraints_dirname_x39] +commonName = "x38 + +[nameConstraints_dirname_x40] +commonName = "x39 + +[nameConstraints_dirname_x41] +commonName = "x40 + +[nameConstraints_dirname_x42] +commonName = "x41 + +[nameConstraints_dirname_x43] +commonName = "x42 + +[nameConstraints_dirname_x44] +commonName = "x43 + +[nameConstraints_dirname_x45] +commonName = "x44 + +[nameConstraints_dirname_x46] +commonName = "x45 + +[nameConstraints_dirname_x47] +commonName = "x46 + +[nameConstraints_dirname_x48] +commonName = "x47 + +[nameConstraints_dirname_x49] +commonName = "x48 + +[nameConstraints_dirname_x50] +commonName = "x49 + +[nameConstraints_dirname_x51] +commonName = "x50 + +[nameConstraints_dirname_x52] +commonName = "x51 + +[nameConstraints_dirname_x53] +commonName = "x52 + +[nameConstraints_dirname_x54] +commonName = "x53 + +[nameConstraints_dirname_x55] +commonName = "x54 + +[nameConstraints_dirname_x56] +commonName = "x55 + +[nameConstraints_dirname_x57] +commonName = "x56 + +[nameConstraints_dirname_x58] +commonName = "x57 + +[nameConstraints_dirname_x59] +commonName = "x58 + +[nameConstraints_dirname_x60] +commonName = "x59 + +[nameConstraints_dirname_x61] +commonName = "x60 + +[nameConstraints_dirname_x62] +commonName = "x61 + +[nameConstraints_dirname_x63] +commonName = "x62 + +[nameConstraints_dirname_x64] +commonName = "x63 + +[nameConstraints_dirname_x65] +commonName = "x64 + +[nameConstraints_dirname_x66] +commonName = "x65 + +[nameConstraints_dirname_x67] +commonName = "x66 + +[nameConstraints_dirname_x68] +commonName = "x67 + +[nameConstraints_dirname_x69] +commonName = "x68 + +[nameConstraints_dirname_x70] +commonName = "x69 + +[nameConstraints_dirname_x71] +commonName = "x70 + +[nameConstraints_dirname_x72] +commonName = "x71 + +[nameConstraints_dirname_x73] +commonName = "x72 + +[nameConstraints_dirname_x74] +commonName = "x73 + +[nameConstraints_dirname_x75] +commonName = "x74 + +[nameConstraints_dirname_x76] +commonName = "x75 + +[nameConstraints_dirname_x77] +commonName = "x76 + +[nameConstraints_dirname_x78] +commonName = "x77 + +[nameConstraints_dirname_x79] +commonName = "x78 + +[nameConstraints_dirname_x80] +commonName = "x79 + +[nameConstraints_dirname_x81] +commonName = "x80 + +[nameConstraints_dirname_x82] +commonName = "x81 + +[nameConstraints_dirname_x83] +commonName = "x82 + +[nameConstraints_dirname_x84] +commonName = "x83 + +[nameConstraints_dirname_x85] +commonName = "x84 + +[nameConstraints_dirname_x86] +commonName = "x85 + +[nameConstraints_dirname_x87] +commonName = "x86 + +[nameConstraints_dirname_x88] +commonName = "x87 + +[nameConstraints_dirname_x89] +commonName = "x88 + +[nameConstraints_dirname_x90] +commonName = "x89 + +[nameConstraints_dirname_x91] +commonName = "x90 + +[nameConstraints_dirname_x92] +commonName = "x91 + +[nameConstraints_dirname_x93] +commonName = "x92 + +[nameConstraints_dirname_x94] +commonName = "x93 + +[nameConstraints_dirname_x95] +commonName = "x94 + +[nameConstraints_dirname_x96] +commonName = "x95 + +[nameConstraints_dirname_x97] +commonName = "x96 + +[nameConstraints_dirname_x98] +commonName = "x97 + +[nameConstraints_dirname_x99] +commonName = "x98 + +[nameConstraints_dirname_x100] +commonName = "x99 + +[nameConstraints_dirname_x101] +commonName = "x100 + +[nameConstraints_dirname_x102] +commonName = "x101 + +[nameConstraints_dirname_x103] +commonName = "x102 + +[nameConstraints_dirname_x104] +commonName = "x103 + +[nameConstraints_dirname_x105] +commonName = "x104 + +[nameConstraints_dirname_x106] +commonName = "x105 + +[nameConstraints_dirname_x107] +commonName = "x106 + +[nameConstraints_dirname_x108] +commonName = "x107 + +[nameConstraints_dirname_x109] +commonName = "x108 + +[nameConstraints_dirname_x110] +commonName = "x109 + +[nameConstraints_dirname_x111] +commonName = "x110 + +[nameConstraints_dirname_x112] +commonName = "x111 + +[nameConstraints_dirname_x113] +commonName = "x112 + +[nameConstraints_dirname_x114] +commonName = "x113 + +[nameConstraints_dirname_x115] +commonName = "x114 + +[nameConstraints_dirname_x116] +commonName = "x115 + +[nameConstraints_dirname_x117] +commonName = "x116 + +[nameConstraints_dirname_x118] +commonName = "x117 + +[nameConstraints_dirname_x119] +commonName = "x118 + +[nameConstraints_dirname_x120] +commonName = "x119 + +[nameConstraints_dirname_x121] +commonName = "x120 + +[nameConstraints_dirname_x122] +commonName = "x121 + +[nameConstraints_dirname_x123] +commonName = "x122 + +[nameConstraints_dirname_x124] +commonName = "x123 + +[nameConstraints_dirname_x125] +commonName = "x124 + +[nameConstraints_dirname_x126] +commonName = "x125 + +[nameConstraints_dirname_x127] +commonName = "x126 + +[nameConstraints_dirname_x128] +commonName = "x127 + +[nameConstraints_dirname_x129] +commonName = "x128 + +[nameConstraints_dirname_x130] +commonName = "x129 + +[nameConstraints_dirname_x131] +commonName = "x130 + +[nameConstraints_dirname_x132] +commonName = "x131 + +[nameConstraints_dirname_x133] +commonName = "x132 + +[nameConstraints_dirname_x134] +commonName = "x133 + +[nameConstraints_dirname_x135] +commonName = "x134 + +[nameConstraints_dirname_x136] +commonName = "x135 + +[nameConstraints_dirname_x137] +commonName = "x136 + +[nameConstraints_dirname_x138] +commonName = "x137 + +[nameConstraints_dirname_x139] +commonName = "x138 + +[nameConstraints_dirname_x140] +commonName = "x139 + +[nameConstraints_dirname_x141] +commonName = "x140 + +[nameConstraints_dirname_x142] +commonName = "x141 + +[nameConstraints_dirname_x143] +commonName = "x142 + +[nameConstraints_dirname_x144] +commonName = "x143 + +[nameConstraints_dirname_x145] +commonName = "x144 + +[nameConstraints_dirname_x146] +commonName = "x145 + +[nameConstraints_dirname_x147] +commonName = "x146 + +[nameConstraints_dirname_x148] +commonName = "x147 + +[nameConstraints_dirname_x149] +commonName = "x148 + +[nameConstraints_dirname_x150] +commonName = "x149 + +[nameConstraints_dirname_x151] +commonName = "x150 + +[nameConstraints_dirname_x152] +commonName = "x151 + +[nameConstraints_dirname_x153] +commonName = "x152 + +[nameConstraints_dirname_x154] +commonName = "x153 + +[nameConstraints_dirname_x155] +commonName = "x154 + +[nameConstraints_dirname_x156] +commonName = "x155 + +[nameConstraints_dirname_x157] +commonName = "x156 + +[nameConstraints_dirname_x158] +commonName = "x157 + +[nameConstraints_dirname_x159] +commonName = "x158 + +[nameConstraints_dirname_x160] +commonName = "x159 + +[nameConstraints_dirname_x161] +commonName = "x160 + +[nameConstraints_dirname_x162] +commonName = "x161 + +[nameConstraints_dirname_x163] +commonName = "x162 + +[nameConstraints_dirname_x164] +commonName = "x163 + +[nameConstraints_dirname_x165] +commonName = "x164 + +[nameConstraints_dirname_x166] +commonName = "x165 + +[nameConstraints_dirname_x167] +commonName = "x166 + +[nameConstraints_dirname_x168] +commonName = "x167 + +[nameConstraints_dirname_x169] +commonName = "x168 + +[nameConstraints_dirname_x170] +commonName = "x169 + +[nameConstraints_dirname_p1] +commonName = "t0 + +[nameConstraints_dirname_p2] +commonName = "t1 + +[nameConstraints_dirname_p3] +commonName = "t2 + +[nameConstraints_dirname_p4] +commonName = "t3 + +[nameConstraints_dirname_p5] +commonName = "t4 + +[nameConstraints_dirname_p6] +commonName = "t5 + +[nameConstraints_dirname_p7] +commonName = "t6 + +[nameConstraints_dirname_p8] +commonName = "t7 + +[nameConstraints_dirname_p9] +commonName = "t8 + +[nameConstraints_dirname_p10] +commonName = "t9 + +[nameConstraints_dirname_p11] +commonName = "t10 + +[nameConstraints_dirname_p12] +commonName = "t11 + +[nameConstraints_dirname_p13] +commonName = "t12 + +[nameConstraints_dirname_p14] +commonName = "t13 + +[nameConstraints_dirname_p15] +commonName = "t14 + +[nameConstraints_dirname_p16] +commonName = "t15 + +[nameConstraints_dirname_p17] +commonName = "t16 + +[nameConstraints_dirname_p18] +commonName = "t17 + +[nameConstraints_dirname_p19] +commonName = "t18 + +[nameConstraints_dirname_p20] +commonName = "t19 + +[nameConstraints_dirname_p21] +commonName = "t20 + +[nameConstraints_dirname_p22] +commonName = "t21 + +[nameConstraints_dirname_p23] +commonName = "t22 + +[nameConstraints_dirname_p24] +commonName = "t23 + +[nameConstraints_dirname_p25] +commonName = "t24 + +[nameConstraints_dirname_p26] +commonName = "t25 + +[nameConstraints_dirname_p27] +commonName = "t26 + +[nameConstraints_dirname_p28] +commonName = "t27 + +[nameConstraints_dirname_p29] +commonName = "t28 + +[nameConstraints_dirname_p30] +commonName = "t29 + +[nameConstraints_dirname_p31] +commonName = "t30 + +[nameConstraints_dirname_p32] +commonName = "t31 + +[nameConstraints_dirname_p33] +commonName = "t32 + +[nameConstraints_dirname_p34] +commonName = "t33 + +[nameConstraints_dirname_p35] +commonName = "t34 + +[nameConstraints_dirname_p36] +commonName = "t35 + +[nameConstraints_dirname_p37] +commonName = "t36 + +[nameConstraints_dirname_p38] +commonName = "t37 + +[nameConstraints_dirname_p39] +commonName = "t38 + +[nameConstraints_dirname_p40] +commonName = "t39 + +[nameConstraints_dirname_p41] +commonName = "t40 + +[nameConstraints_dirname_p42] +commonName = "t41 + +[nameConstraints_dirname_p43] +commonName = "t42 + +[nameConstraints_dirname_p44] +commonName = "t43 + +[nameConstraints_dirname_p45] +commonName = "t44 + +[nameConstraints_dirname_p46] +commonName = "t45 + +[nameConstraints_dirname_p47] +commonName = "t46 + +[nameConstraints_dirname_p48] +commonName = "t47 + +[nameConstraints_dirname_p49] +commonName = "t48 + +[nameConstraints_dirname_p50] +commonName = "t49 + +[nameConstraints_dirname_p51] +commonName = "t50 + +[nameConstraints_dirname_p52] +commonName = "t51 + +[nameConstraints_dirname_p53] +commonName = "t52 + +[nameConstraints_dirname_p54] +commonName = "t53 + +[nameConstraints_dirname_p55] +commonName = "t54 + +[nameConstraints_dirname_p56] +commonName = "t55 + +[nameConstraints_dirname_p57] +commonName = "t56 + +[nameConstraints_dirname_p58] +commonName = "t57 + +[nameConstraints_dirname_p59] +commonName = "t58 + +[nameConstraints_dirname_p60] +commonName = "t59 + +[nameConstraints_dirname_p61] +commonName = "t60 + +[nameConstraints_dirname_p62] +commonName = "t61 + +[nameConstraints_dirname_p63] +commonName = "t62 + +[nameConstraints_dirname_p64] +commonName = "t63 + +[nameConstraints_dirname_p65] +commonName = "t64 + +[nameConstraints_dirname_p66] +commonName = "t65 + +[nameConstraints_dirname_p67] +commonName = "t66 + +[nameConstraints_dirname_p68] +commonName = "t67 + +[nameConstraints_dirname_p69] +commonName = "t68 + +[nameConstraints_dirname_p70] +commonName = "t69 + +[nameConstraints_dirname_p71] +commonName = "t70 + +[nameConstraints_dirname_p72] +commonName = "t71 + +[nameConstraints_dirname_p73] +commonName = "t72 + +[nameConstraints_dirname_p74] +commonName = "t73 + +[nameConstraints_dirname_p75] +commonName = "t74 + +[nameConstraints_dirname_p76] +commonName = "t75 + +[nameConstraints_dirname_p77] +commonName = "t76 + +[nameConstraints_dirname_p78] +commonName = "t77 + +[nameConstraints_dirname_p79] +commonName = "t78 + +[nameConstraints_dirname_p80] +commonName = "t79 + +[nameConstraints_dirname_p81] +commonName = "t80 + +[nameConstraints_dirname_p82] +commonName = "t81 + +[nameConstraints_dirname_p83] +commonName = "t82 + +[nameConstraints_dirname_p84] +commonName = "t83 + +[nameConstraints_dirname_p85] +commonName = "t84 + +[nameConstraints_dirname_p86] +commonName = "t85 + +[nameConstraints_dirname_p87] +commonName = "t86 + +[nameConstraints_dirname_p88] +commonName = "t87 + +[nameConstraints_dirname_p89] +commonName = "t88 + +[nameConstraints_dirname_p90] +commonName = "t89 + +[nameConstraints_dirname_p91] +commonName = "t90 + +[nameConstraints_dirname_p92] +commonName = "t91 + +[nameConstraints_dirname_p93] +commonName = "t92 + +[nameConstraints_dirname_p94] +commonName = "t93 + +[nameConstraints_dirname_p95] +commonName = "t94 + +[nameConstraints_dirname_p96] +commonName = "t95 + +[nameConstraints_dirname_p97] +commonName = "t96 + +[nameConstraints_dirname_p98] +commonName = "t97 + +[nameConstraints_dirname_p99] +commonName = "t98 + +[nameConstraints_dirname_p100] +commonName = "t99 + +[nameConstraints_dirname_p101] +commonName = "t100 + +[nameConstraints_dirname_p102] +commonName = "t101 + +[nameConstraints_dirname_p103] +commonName = "t102 + +[nameConstraints_dirname_p104] +commonName = "t103 + +[nameConstraints_dirname_p105] +commonName = "t104 + +[nameConstraints_dirname_p106] +commonName = "t105 + +[nameConstraints_dirname_p107] +commonName = "t106 + +[nameConstraints_dirname_p108] +commonName = "t107 + +[nameConstraints_dirname_p109] +commonName = "t108 + +[nameConstraints_dirname_p110] +commonName = "t109 + +[nameConstraints_dirname_p111] +commonName = "t110 + +[nameConstraints_dirname_p112] +commonName = "t111 + +[nameConstraints_dirname_p113] +commonName = "t112 + +[nameConstraints_dirname_p114] +commonName = "t113 + +[nameConstraints_dirname_p115] +commonName = "t114 + +[nameConstraints_dirname_p116] +commonName = "t115 + +[nameConstraints_dirname_p117] +commonName = "t116 + +[nameConstraints_dirname_p118] +commonName = "t117 + +[nameConstraints_dirname_p119] +commonName = "t118 + +[nameConstraints_dirname_p120] +commonName = "t119 + +[nameConstraints_dirname_p121] +commonName = "t120 + +[nameConstraints_dirname_p122] +commonName = "t121 + +[nameConstraints_dirname_p123] +commonName = "t122 + +[nameConstraints_dirname_p124] +commonName = "t123 + +[nameConstraints_dirname_p125] +commonName = "t124 + +[nameConstraints_dirname_p126] +commonName = "t125 + +[nameConstraints_dirname_p127] +commonName = "t126 + +[nameConstraints_dirname_p128] +commonName = "t127 + +[nameConstraints_dirname_p129] +commonName = "t128 + +[nameConstraints_dirname_p130] +commonName = "t129 + +[nameConstraints_dirname_p131] +commonName = "t130 + +[nameConstraints_dirname_p132] +commonName = "t131 + +[nameConstraints_dirname_p133] +commonName = "t132 + +[nameConstraints_dirname_p134] +commonName = "t133 + +[nameConstraints_dirname_p135] +commonName = "t134 + +[nameConstraints_dirname_p136] +commonName = "t135 + +[nameConstraints_dirname_p137] +commonName = "t136 + +[nameConstraints_dirname_p138] +commonName = "t137 + +[nameConstraints_dirname_p139] +commonName = "t138 + +[nameConstraints_dirname_p140] +commonName = "t139 + +[nameConstraints_dirname_p141] +commonName = "t140 + +[nameConstraints_dirname_p142] +commonName = "t141 + +[nameConstraints_dirname_p143] +commonName = "t142 + +[nameConstraints_dirname_p144] +commonName = "t143 + +[nameConstraints_dirname_p145] +commonName = "t144 + +[nameConstraints_dirname_p146] +commonName = "t145 + +[nameConstraints_dirname_p147] +commonName = "t146 + +[nameConstraints_dirname_p148] +commonName = "t147 + +[nameConstraints_dirname_p149] +commonName = "t148 + +[nameConstraints_dirname_p150] +commonName = "t149 + +[nameConstraints_dirname_p151] +commonName = "t150 + +[nameConstraints_dirname_p152] +commonName = "t151 + +[nameConstraints_dirname_p153] +commonName = "t152 + +[nameConstraints_dirname_p154] +commonName = "t153 + +[nameConstraints_dirname_p155] +commonName = "t154 + +[nameConstraints_dirname_p156] +commonName = "t155 + +[nameConstraints_dirname_p157] +commonName = "t156 + +[nameConstraints_dirname_p158] +commonName = "t157 + +[nameConstraints_dirname_p159] +commonName = "t158 + +[nameConstraints_dirname_p160] +commonName = "t159 + +[nameConstraints_dirname_p161] +commonName = "t160 + +[nameConstraints_dirname_p162] +commonName = "t161 + +[nameConstraints_dirname_p163] +commonName = "t162 + +[nameConstraints_dirname_p164] +commonName = "t163 + +[nameConstraints_dirname_p165] +commonName = "t164 + +[nameConstraints_dirname_p166] +commonName = "t165 + +[nameConstraints_dirname_p167] +commonName = "t166 + +[nameConstraints_dirname_p168] +commonName = "t167 + +[nameConstraints_dirname_p169] +commonName = "t168 + +[nameConstraints_dirname_p170] +commonName = "t169 + +[nameConstraints_dirname_p171] +commonName = "t170 + +[nameConstraints_dirname_p172] +commonName = "t171 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.csr new file mode 100644 index 0000000000..287009b5a5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.csr @@ -0,0 +1,1144 @@ +-----BEGIN CERTIFICATE REQUEST----- +MILV7TCC1NUCAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoILTjzCC +04sGCSqGSIb3DQEJDjGC03wwgtN4MB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCC0zQGA1UdHgSC +0yswgtMnoIJpsTAJggd0MC50ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0 +My50ZXN0MAmCB3Q0LnRlc3QwCYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRl +c3QwCYIHdDgudGVzdDAJggd0OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0 +MAqCCHQxMi50ZXN0MAqCCHQxMy50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0 +MAqCCHQxNi50ZXN0MAqCCHQxNy50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0 +MAqCCHQyMC50ZXN0MAqCCHQyMS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0 +MAqCCHQyNC50ZXN0MAqCCHQyNS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0 +MAqCCHQyOC50ZXN0MAqCCHQyOS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0 +MAqCCHQzMi50ZXN0MAqCCHQzMy50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0 +MAqCCHQzNi50ZXN0MAqCCHQzNy50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0 +MAqCCHQ0MC50ZXN0MAqCCHQ0MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0 +MAqCCHQ0NC50ZXN0MAqCCHQ0NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0 +MAqCCHQ0OC50ZXN0MAqCCHQ0OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0 +MAqCCHQ1Mi50ZXN0MAqCCHQ1My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0 +MAqCCHQ1Ni50ZXN0MAqCCHQ1Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0 +MAqCCHQ2MC50ZXN0MAqCCHQ2MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0 +MAqCCHQ2NC50ZXN0MAqCCHQ2NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0 +MAqCCHQ2OC50ZXN0MAqCCHQ2OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0 +MAqCCHQ3Mi50ZXN0MAqCCHQ3My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0 +MAqCCHQ3Ni50ZXN0MAqCCHQ3Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0 +MAqCCHQ4MC50ZXN0MAqCCHQ4MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0 +MAqCCHQ4NC50ZXN0MAqCCHQ4NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0 +MAqCCHQ4OC50ZXN0MAqCCHQ4OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0 +MAqCCHQ5Mi50ZXN0MAqCCHQ5My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0 +MAqCCHQ5Ni50ZXN0MAqCCHQ5Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0 +MAuCCXQxMDAudGVzdDALggl0MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMu +dGVzdDALggl0MTA0LnRlc3QwC4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0 +MTA3LnRlc3QwC4IJdDEwOC50ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3Qw +C4IJdDExMS50ZXN0MAuCCXQxMTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50 +ZXN0MAuCCXQxMTUudGVzdDALggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQx +MTgudGVzdDALggl0MTE5LnRlc3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDAL +ggl0MTIyLnRlc3QwC4IJdDEyMy50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRl +c3QwC4IJdDEyNi50ZXN0MAuCCXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEy +OS50ZXN0MAuCCXQxMzAudGVzdDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuC +CXQxMzMudGVzdDALggl0MTM0LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVz +dDALggl0MTM3LnRlc3QwC4IJdDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQw +LnRlc3QwC4IJdDE0MS50ZXN0MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJ +dDE0NC50ZXN0MAuCCXQxNDUudGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0 +MAuCCXQxNDgudGVzdDALggl0MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEu +dGVzdDALggl0MTUyLnRlc3QwC4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0 +MTU1LnRlc3QwC4IJdDE1Ni50ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3Qw +C4IJdDE1OS50ZXN0MAuCCXQxNjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50 +ZXN0MAuCCXQxNjMudGVzdDALggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQx +NjYudGVzdDALggl0MTY3LnRlc3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDAL +ggl0MTcwLnRlc3QwCocICgAAAP////8wCocICgAAAf////8wCocICgAAAv////8w +CocICgAAA/////8wCocICgAABP////8wCocICgAABf////8wCocICgAABv////8w +CocICgAAB/////8wCocICgAACP////8wCocICgAACf////8wCocICgAACv////8w +CocICgAAC/////8wCocICgAADP////8wCocICgAADf////8wCocICgAADv////8w +CocICgAAD/////8wCocICgAAEP////8wCocICgAAEf////8wCocICgAAEv////8w +CocICgAAE/////8wCocICgAAFP////8wCocICgAAFf////8wCocICgAAFv////8w +CocICgAAF/////8wCocICgAAGP////8wCocICgAAGf////8wCocICgAAGv////8w +CocICgAAG/////8wCocICgAAHP////8wCocICgAAHf////8wCocICgAAHv////8w +CocICgAAH/////8wCocICgAAIP////8wCocICgAAIf////8wCocICgAAIv////8w +CocICgAAI/////8wCocICgAAJP////8wCocICgAAJf////8wCocICgAAJv////8w +CocICgAAJ/////8wCocICgAAKP////8wCocICgAAKf////8wCocICgAAKv////8w +CocICgAAK/////8wCocICgAALP////8wCocICgAALf////8wCocICgAALv////8w +CocICgAAL/////8wCocICgAAMP////8wCocICgAAMf////8wCocICgAAMv////8w +CocICgAAM/////8wCocICgAANP////8wCocICgAANf////8wCocICgAANv////8w +CocICgAAN/////8wCocICgAAOP////8wCocICgAAOf////8wCocICgAAOv////8w +CocICgAAO/////8wCocICgAAPP////8wCocICgAAPf////8wCocICgAAPv////8w +CocICgAAP/////8wCocICgAAQP////8wCocICgAAQf////8wCocICgAAQv////8w +CocICgAAQ/////8wCocICgAARP////8wCocICgAARf////8wCocICgAARv////8w +CocICgAAR/////8wCocICgAASP////8wCocICgAASf////8wCocICgAASv////8w +CocICgAAS/////8wCocICgAATP////8wCocICgAATf////8wCocICgAATv////8w +CocICgAAT/////8wCocICgAAUP////8wCocICgAAUf////8wCocICgAAUv////8w +CocICgAAU/////8wCocICgAAVP////8wCocICgAAVf////8wCocICgAAVv////8w +CocICgAAV/////8wCocICgAAWP////8wCocICgAAWf////8wCocICgAAWv////8w +CocICgAAW/////8wCocICgAAXP////8wCocICgAAXf////8wCocICgAAXv////8w +CocICgAAX/////8wCocICgAAYP////8wCocICgAAYf////8wCocICgAAYv////8w +CocICgAAY/////8wCocICgAAZP////8wCocICgAAZf////8wCocICgAAZv////8w +CocICgAAZ/////8wCocICgAAaP////8wCocICgAAaf////8wCocICgAAav////8w +CocICgAAa/////8wCocICgAAbP////8wCocICgAAbf////8wCocICgAAbv////8w +CocICgAAb/////8wCocICgAAcP////8wCocICgAAcf////8wCocICgAAcv////8w +CocICgAAc/////8wCocICgAAdP////8wCocICgAAdf////8wCocICgAAdv////8w +CocICgAAd/////8wCocICgAAeP////8wCocICgAAef////8wCocICgAAev////8w +CocICgAAe/////8wCocICgAAfP////8wCocICgAAff////8wCocICgAAfv////8w +CocICgAAf/////8wCocICgAAgP////8wCocICgAAgf////8wCocICgAAgv////8w +CocICgAAg/////8wCocICgAAhP////8wCocICgAAhf////8wCocICgAAhv////8w +CocICgAAh/////8wCocICgAAiP////8wCocICgAAif////8wCocICgAAiv////8w +CocICgAAi/////8wCocICgAAjP////8wCocICgAAjf////8wCocICgAAjv////8w +CocICgAAj/////8wCocICgAAkP////8wCocICgAAkf////8wCocICgAAkv////8w +CocICgAAk/////8wCocICgAAlP////8wCocICgAAlf////8wCocICgAAlv////8w +CocICgAAl/////8wCocICgAAmP////8wCocICgAAmf////8wCocICgAAmv////8w +CocICgAAm/////8wCocICgAAnP////8wCocICgAAnf////8wCocICgAAnv////8w +CocICgAAn/////8wCocICgAAoP////8wCocICgAAof////8wCocICgAAov////8w +CocICgAAo/////8wCocICgAApP////8wCocICgAApf////8wCocICgAApv////8w +CocICgAAp/////8wCocICgAAqP////8wCocICgAAqf////8wCocICgAAqv////8w +EaQPMA0xCzAJBgNVBAMMAnQwMBGkDzANMQswCQYDVQQDDAJ0MTARpA8wDTELMAkG +A1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMMAnQzMBGkDzANMQswCQYDVQQDDAJ0NDAR +pA8wDTELMAkGA1UEAwwCdDUwEaQPMA0xCzAJBgNVBAMMAnQ2MBGkDzANMQswCQYD +VQQDDAJ0NzARpA8wDTELMAkGA1UEAwwCdDgwEaQPMA0xCzAJBgNVBAMMAnQ5MBKk +EDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4xDDAKBgNVBAMMA3QxMTASpBAwDjEMMAoG +A1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQDDAN0MTMwEqQQMA4xDDAKBgNVBAMMA3Qx +NDASpBAwDjEMMAoGA1UEAwwDdDE1MBKkEDAOMQwwCgYDVQQDDAN0MTYwEqQQMA4x +DDAKBgNVBAMMA3QxNzASpBAwDjEMMAoGA1UEAwwDdDE4MBKkEDAOMQwwCgYDVQQD +DAN0MTkwEqQQMA4xDDAKBgNVBAMMA3QyMDASpBAwDjEMMAoGA1UEAwwDdDIxMBKk +EDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4xDDAKBgNVBAMMA3QyMzASpBAwDjEMMAoG +A1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQDDAN0MjUwEqQQMA4xDDAKBgNVBAMMA3Qy +NjASpBAwDjEMMAoGA1UEAwwDdDI3MBKkEDAOMQwwCgYDVQQDDAN0MjgwEqQQMA4x +DDAKBgNVBAMMA3QyOTASpBAwDjEMMAoGA1UEAwwDdDMwMBKkEDAOMQwwCgYDVQQD +DAN0MzEwEqQQMA4xDDAKBgNVBAMMA3QzMjASpBAwDjEMMAoGA1UEAwwDdDMzMBKk +EDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4xDDAKBgNVBAMMA3QzNTASpBAwDjEMMAoG +A1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQDDAN0MzcwEqQQMA4xDDAKBgNVBAMMA3Qz +ODASpBAwDjEMMAoGA1UEAwwDdDM5MBKkEDAOMQwwCgYDVQQDDAN0NDAwEqQQMA4x +DDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoGA1UEAwwDdDQyMBKkEDAOMQwwCgYDVQQD +DAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0NDASpBAwDjEMMAoGA1UEAwwDdDQ1MBKk +EDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4xDDAKBgNVBAMMA3Q0NzASpBAwDjEMMAoG +A1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQDDAN0NDkwEqQQMA4xDDAKBgNVBAMMA3Q1 +MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKkEDAOMQwwCgYDVQQDDAN0NTIwEqQQMA4x +DDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoGA1UEAwwDdDU0MBKkEDAOMQwwCgYDVQQD +DAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1NjASpBAwDjEMMAoGA1UEAwwDdDU3MBKk +EDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4xDDAKBgNVBAMMA3Q1OTASpBAwDjEMMAoG +A1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQDDAN0NjEwEqQQMA4xDDAKBgNVBAMMA3Q2 +MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKkEDAOMQwwCgYDVQQDDAN0NjQwEqQQMA4x +DDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoGA1UEAwwDdDY2MBKkEDAOMQwwCgYDVQQD +DAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2ODASpBAwDjEMMAoGA1UEAwwDdDY5MBKk +EDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4xDDAKBgNVBAMMA3Q3MTASpBAwDjEMMAoG +A1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQDDAN0NzMwEqQQMA4xDDAKBgNVBAMMA3Q3 +NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKkEDAOMQwwCgYDVQQDDAN0NzYwEqQQMA4x +DDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoGA1UEAwwDdDc4MBKkEDAOMQwwCgYDVQQD +DAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4MDASpBAwDjEMMAoGA1UEAwwDdDgxMBKk +EDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4xDDAKBgNVBAMMA3Q4MzASpBAwDjEMMAoG +A1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQDDAN0ODUwEqQQMA4xDDAKBgNVBAMMA3Q4 +NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKkEDAOMQwwCgYDVQQDDAN0ODgwEqQQMA4x +DDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoGA1UEAwwDdDkwMBKkEDAOMQwwCgYDVQQD +DAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5MjASpBAwDjEMMAoGA1UEAwwDdDkzMBKk +EDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4xDDAKBgNVBAMMA3Q5NTASpBAwDjEMMAoG +A1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQDDAN0OTcwEqQQMA4xDDAKBgNVBAMMA3Q5 +ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOkETAPMQ0wCwYDVQQDDAR0MTAwMBOkETAP +MQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0wCwYDVQQDDAR0MTAyMBOkETAPMQ0wCwYD +VQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQDDAR0MTA0MBOkETAPMQ0wCwYDVQQDDAR0 +MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2MBOkETAPMQ0wCwYDVQQDDAR0MTA3MBOk +ETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAPMQ0wCwYDVQQDDAR0MTA5MBOkETAPMQ0w +CwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYDVQQDDAR0MTExMBOkETAPMQ0wCwYDVQQD +DAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0MTEzMBOkETAPMQ0wCwYDVQQDDAR0MTE0 +MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOkETAPMQ0wCwYDVQQDDAR0MTE2MBOkETAP +MQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0wCwYDVQQDDAR0MTE4MBOkETAPMQ0wCwYD +VQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQDDAR0MTIwMBOkETAPMQ0wCwYDVQQDDAR0 +MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIyMBOkETAPMQ0wCwYDVQQDDAR0MTIzMBOk +ETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAPMQ0wCwYDVQQDDAR0MTI1MBOkETAPMQ0w +CwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYDVQQDDAR0MTI3MBOkETAPMQ0wCwYDVQQD +DAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0MTI5MBOkETAPMQ0wCwYDVQQDDAR0MTMw +MBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOkETAPMQ0wCwYDVQQDDAR0MTMyMBOkETAP +MQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0wCwYDVQQDDAR0MTM0MBOkETAPMQ0wCwYD +VQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQDDAR0MTM2MBOkETAPMQ0wCwYDVQQDDAR0 +MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4MBOkETAPMQ0wCwYDVQQDDAR0MTM5MBOk +ETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAPMQ0wCwYDVQQDDAR0MTQxMBOkETAPMQ0w +CwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYDVQQDDAR0MTQzMBOkETAPMQ0wCwYDVQQD +DAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0MTQ1MBOkETAPMQ0wCwYDVQQDDAR0MTQ2 +MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOkETAPMQ0wCwYDVQQDDAR0MTQ4MBOkETAP +MQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0wCwYDVQQDDAR0MTUwMBOkETAPMQ0wCwYD +VQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQDDAR0MTUyMBOkETAPMQ0wCwYDVQQDDAR0 +MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0MBOkETAPMQ0wCwYDVQQDDAR0MTU1MBOk +ETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAPMQ0wCwYDVQQDDAR0MTU3MBOkETAPMQ0w +CwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYDVQQDDAR0MTU5MBOkETAPMQ0wCwYDVQQD +DAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0MTYxMBOkETAPMQ0wCwYDVQQDDAR0MTYy +MBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOkETAPMQ0wCwYDVQQDDAR0MTY0MBOkETAP +MQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0wCwYDVQQDDAR0MTY2MBOkETAPMQ0wCwYD +VQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQDDAR0MTY4MBOkETAPMQ0wCwYDVQQDDAR0 +MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcwMBOkETAPMQ0wCwYDVQQDDAR0MTcxMA+G +DWh0dHA6Ly90ZXN0LzAwD4YNaHR0cDovL3Rlc3QvMTAPhg1odHRwOi8vdGVzdC8y +MA+GDWh0dHA6Ly90ZXN0LzMwD4YNaHR0cDovL3Rlc3QvNDAPhg1odHRwOi8vdGVz +dC81MA+GDWh0dHA6Ly90ZXN0LzYwD4YNaHR0cDovL3Rlc3QvNzAPhg1odHRwOi8v +dGVzdC84MA+GDWh0dHA6Ly90ZXN0LzkwEIYOaHR0cDovL3Rlc3QvMTAwEIYOaHR0 +cDovL3Rlc3QvMTEwEIYOaHR0cDovL3Rlc3QvMTIwEIYOaHR0cDovL3Rlc3QvMTMw +EIYOaHR0cDovL3Rlc3QvMTQwEIYOaHR0cDovL3Rlc3QvMTUwEIYOaHR0cDovL3Rl +c3QvMTYwEIYOaHR0cDovL3Rlc3QvMTcwEIYOaHR0cDovL3Rlc3QvMTgwEIYOaHR0 +cDovL3Rlc3QvMTkwEIYOaHR0cDovL3Rlc3QvMjAwEIYOaHR0cDovL3Rlc3QvMjEw +EIYOaHR0cDovL3Rlc3QvMjIwEIYOaHR0cDovL3Rlc3QvMjMwEIYOaHR0cDovL3Rl +c3QvMjQwEIYOaHR0cDovL3Rlc3QvMjUwEIYOaHR0cDovL3Rlc3QvMjYwEIYOaHR0 +cDovL3Rlc3QvMjcwEIYOaHR0cDovL3Rlc3QvMjgwEIYOaHR0cDovL3Rlc3QvMjkw +EIYOaHR0cDovL3Rlc3QvMzAwEIYOaHR0cDovL3Rlc3QvMzEwEIYOaHR0cDovL3Rl +c3QvMzIwEIYOaHR0cDovL3Rlc3QvMzMwEIYOaHR0cDovL3Rlc3QvMzQwEIYOaHR0 +cDovL3Rlc3QvMzUwEIYOaHR0cDovL3Rlc3QvMzYwEIYOaHR0cDovL3Rlc3QvMzcw +EIYOaHR0cDovL3Rlc3QvMzgwEIYOaHR0cDovL3Rlc3QvMzkwEIYOaHR0cDovL3Rl +c3QvNDAwEIYOaHR0cDovL3Rlc3QvNDEwEIYOaHR0cDovL3Rlc3QvNDIwEIYOaHR0 +cDovL3Rlc3QvNDMwEIYOaHR0cDovL3Rlc3QvNDQwEIYOaHR0cDovL3Rlc3QvNDUw +EIYOaHR0cDovL3Rlc3QvNDYwEIYOaHR0cDovL3Rlc3QvNDcwEIYOaHR0cDovL3Rl +c3QvNDgwEIYOaHR0cDovL3Rlc3QvNDkwEIYOaHR0cDovL3Rlc3QvNTAwEIYOaHR0 +cDovL3Rlc3QvNTEwEIYOaHR0cDovL3Rlc3QvNTIwEIYOaHR0cDovL3Rlc3QvNTMw +EIYOaHR0cDovL3Rlc3QvNTQwEIYOaHR0cDovL3Rlc3QvNTUwEIYOaHR0cDovL3Rl +c3QvNTYwEIYOaHR0cDovL3Rlc3QvNTcwEIYOaHR0cDovL3Rlc3QvNTgwEIYOaHR0 +cDovL3Rlc3QvNTkwEIYOaHR0cDovL3Rlc3QvNjAwEIYOaHR0cDovL3Rlc3QvNjEw +EIYOaHR0cDovL3Rlc3QvNjIwEIYOaHR0cDovL3Rlc3QvNjMwEIYOaHR0cDovL3Rl +c3QvNjQwEIYOaHR0cDovL3Rlc3QvNjUwEIYOaHR0cDovL3Rlc3QvNjYwEIYOaHR0 +cDovL3Rlc3QvNjcwEIYOaHR0cDovL3Rlc3QvNjgwEIYOaHR0cDovL3Rlc3QvNjkw +EIYOaHR0cDovL3Rlc3QvNzAwEIYOaHR0cDovL3Rlc3QvNzEwEIYOaHR0cDovL3Rl +c3QvNzIwEIYOaHR0cDovL3Rlc3QvNzMwEIYOaHR0cDovL3Rlc3QvNzQwEIYOaHR0 +cDovL3Rlc3QvNzUwEIYOaHR0cDovL3Rlc3QvNzYwEIYOaHR0cDovL3Rlc3QvNzcw +EIYOaHR0cDovL3Rlc3QvNzgwEIYOaHR0cDovL3Rlc3QvNzkwEIYOaHR0cDovL3Rl +c3QvODAwEIYOaHR0cDovL3Rlc3QvODEwEIYOaHR0cDovL3Rlc3QvODIwEIYOaHR0 +cDovL3Rlc3QvODMwEIYOaHR0cDovL3Rlc3QvODQwEIYOaHR0cDovL3Rlc3QvODUw +EIYOaHR0cDovL3Rlc3QvODYwEIYOaHR0cDovL3Rlc3QvODcwEIYOaHR0cDovL3Rl +c3QvODgwEIYOaHR0cDovL3Rlc3QvODkwEIYOaHR0cDovL3Rlc3QvOTAwEIYOaHR0 +cDovL3Rlc3QvOTEwEIYOaHR0cDovL3Rlc3QvOTIwEIYOaHR0cDovL3Rlc3QvOTMw +EIYOaHR0cDovL3Rlc3QvOTQwEIYOaHR0cDovL3Rlc3QvOTUwEIYOaHR0cDovL3Rl +c3QvOTYwEIYOaHR0cDovL3Rlc3QvOTcwEIYOaHR0cDovL3Rlc3QvOTgwEIYOaHR0 +cDovL3Rlc3QvOTkwEYYPaHR0cDovL3Rlc3QvMTAwMBGGD2h0dHA6Ly90ZXN0LzEw +MTARhg9odHRwOi8vdGVzdC8xMDIwEYYPaHR0cDovL3Rlc3QvMTAzMBGGD2h0dHA6 +Ly90ZXN0LzEwNDARhg9odHRwOi8vdGVzdC8xMDUwEYYPaHR0cDovL3Rlc3QvMTA2 +MBGGD2h0dHA6Ly90ZXN0LzEwNzARhg9odHRwOi8vdGVzdC8xMDgwEYYPaHR0cDov +L3Rlc3QvMTA5MBGGD2h0dHA6Ly90ZXN0LzExMDARhg9odHRwOi8vdGVzdC8xMTEw +EYYPaHR0cDovL3Rlc3QvMTEyMBGGD2h0dHA6Ly90ZXN0LzExMzARhg9odHRwOi8v +dGVzdC8xMTQwEYYPaHR0cDovL3Rlc3QvMTE1MBGGD2h0dHA6Ly90ZXN0LzExNjAR +hg9odHRwOi8vdGVzdC8xMTcwEYYPaHR0cDovL3Rlc3QvMTE4MBGGD2h0dHA6Ly90 +ZXN0LzExOTARhg9odHRwOi8vdGVzdC8xMjAwEYYPaHR0cDovL3Rlc3QvMTIxMBGG +D2h0dHA6Ly90ZXN0LzEyMjARhg9odHRwOi8vdGVzdC8xMjMwEYYPaHR0cDovL3Rl +c3QvMTI0MBGGD2h0dHA6Ly90ZXN0LzEyNTARhg9odHRwOi8vdGVzdC8xMjYwEYYP +aHR0cDovL3Rlc3QvMTI3MBGGD2h0dHA6Ly90ZXN0LzEyODARhg9odHRwOi8vdGVz +dC8xMjkwEYYPaHR0cDovL3Rlc3QvMTMwMBGGD2h0dHA6Ly90ZXN0LzEzMTARhg9o +dHRwOi8vdGVzdC8xMzIwEYYPaHR0cDovL3Rlc3QvMTMzMBGGD2h0dHA6Ly90ZXN0 +LzEzNDARhg9odHRwOi8vdGVzdC8xMzUwEYYPaHR0cDovL3Rlc3QvMTM2MBGGD2h0 +dHA6Ly90ZXN0LzEzNzARhg9odHRwOi8vdGVzdC8xMzgwEYYPaHR0cDovL3Rlc3Qv +MTM5MBGGD2h0dHA6Ly90ZXN0LzE0MDARhg9odHRwOi8vdGVzdC8xNDEwEYYPaHR0 +cDovL3Rlc3QvMTQyMBGGD2h0dHA6Ly90ZXN0LzE0MzARhg9odHRwOi8vdGVzdC8x +NDQwEYYPaHR0cDovL3Rlc3QvMTQ1MBGGD2h0dHA6Ly90ZXN0LzE0NjARhg9odHRw +Oi8vdGVzdC8xNDcwEYYPaHR0cDovL3Rlc3QvMTQ4MBGGD2h0dHA6Ly90ZXN0LzE0 +OTARhg9odHRwOi8vdGVzdC8xNTAwEYYPaHR0cDovL3Rlc3QvMTUxMBGGD2h0dHA6 +Ly90ZXN0LzE1MjARhg9odHRwOi8vdGVzdC8xNTMwEYYPaHR0cDovL3Rlc3QvMTU0 +MBGGD2h0dHA6Ly90ZXN0LzE1NTARhg9odHRwOi8vdGVzdC8xNTYwEYYPaHR0cDov +L3Rlc3QvMTU3MBGGD2h0dHA6Ly90ZXN0LzE1ODARhg9odHRwOi8vdGVzdC8xNTkw +EYYPaHR0cDovL3Rlc3QvMTYwMBGGD2h0dHA6Ly90ZXN0LzE2MTARhg9odHRwOi8v +dGVzdC8xNjIwEYYPaHR0cDovL3Rlc3QvMTYzMBGGD2h0dHA6Ly90ZXN0LzE2NDAR +hg9odHRwOi8vdGVzdC8xNjUwEYYPaHR0cDovL3Rlc3QvMTY2MBGGD2h0dHA6Ly90 +ZXN0LzE2NzARhg9odHRwOi8vdGVzdC8xNjgwEYYPaHR0cDovL3Rlc3QvMTY5MBGG +D2h0dHA6Ly90ZXN0LzE3MDARhg9odHRwOi8vdGVzdC8xNzEwEYYPaHR0cDovL3Rl +c3QvMTcyMBGGD2h0dHA6Ly90ZXN0LzE3MzARhg9odHRwOi8vdGVzdC8xNzQwEYYP +aHR0cDovL3Rlc3QvMTc1MBGGD2h0dHA6Ly90ZXN0LzE3NjARhg9odHRwOi8vdGVz +dC8xNzcwEYYPaHR0cDovL3Rlc3QvMTc4MBGGD2h0dHA6Ly90ZXN0LzE3OTARhg9o +dHRwOi8vdGVzdC8xODAwEYYPaHR0cDovL3Rlc3QvMTgxMBGGD2h0dHA6Ly90ZXN0 +LzE4MjARhg9odHRwOi8vdGVzdC8xODMwEYYPaHR0cDovL3Rlc3QvMTg0MBGGD2h0 +dHA6Ly90ZXN0LzE4NTARhg9odHRwOi8vdGVzdC8xODYwEYYPaHR0cDovL3Rlc3Qv +MTg3MBGGD2h0dHA6Ly90ZXN0LzE4ODARhg9odHRwOi8vdGVzdC8xODkwEYYPaHR0 +cDovL3Rlc3QvMTkwMBGGD2h0dHA6Ly90ZXN0LzE5MTARhg9odHRwOi8vdGVzdC8x +OTIwEYYPaHR0cDovL3Rlc3QvMTkzMBGGD2h0dHA6Ly90ZXN0LzE5NDARhg9odHRw +Oi8vdGVzdC8xOTUwEYYPaHR0cDovL3Rlc3QvMTk2MBGGD2h0dHA6Ly90ZXN0LzE5 +NzARhg9odHRwOi8vdGVzdC8xOTgwEYYPaHR0cDovL3Rlc3QvMTk5MBGGD2h0dHA6 +Ly90ZXN0LzIwMDARhg9odHRwOi8vdGVzdC8yMDEwEYYPaHR0cDovL3Rlc3QvMjAy +MBGGD2h0dHA6Ly90ZXN0LzIwMzARhg9odHRwOi8vdGVzdC8yMDQwEYYPaHR0cDov +L3Rlc3QvMjA1MBGGD2h0dHA6Ly90ZXN0LzIwNjARhg9odHRwOi8vdGVzdC8yMDcw +EYYPaHR0cDovL3Rlc3QvMjA4MBGGD2h0dHA6Ly90ZXN0LzIwOTARhg9odHRwOi8v +dGVzdC8yMTAwEYYPaHR0cDovL3Rlc3QvMjExMBGGD2h0dHA6Ly90ZXN0LzIxMjAR +hg9odHRwOi8vdGVzdC8yMTMwEYYPaHR0cDovL3Rlc3QvMjE0MBGGD2h0dHA6Ly90 +ZXN0LzIxNTARhg9odHRwOi8vdGVzdC8yMTYwEYYPaHR0cDovL3Rlc3QvMjE3MBGG +D2h0dHA6Ly90ZXN0LzIxODARhg9odHRwOi8vdGVzdC8yMTkwEYYPaHR0cDovL3Rl +c3QvMjIwMBGGD2h0dHA6Ly90ZXN0LzIyMTARhg9odHRwOi8vdGVzdC8yMjIwEYYP +aHR0cDovL3Rlc3QvMjIzMBGGD2h0dHA6Ly90ZXN0LzIyNDARhg9odHRwOi8vdGVz +dC8yMjUwEYYPaHR0cDovL3Rlc3QvMjI2MBGGD2h0dHA6Ly90ZXN0LzIyNzARhg9o +dHRwOi8vdGVzdC8yMjgwEYYPaHR0cDovL3Rlc3QvMjI5MBGGD2h0dHA6Ly90ZXN0 +LzIzMDARhg9odHRwOi8vdGVzdC8yMzEwEYYPaHR0cDovL3Rlc3QvMjMyMBGGD2h0 +dHA6Ly90ZXN0LzIzMzARhg9odHRwOi8vdGVzdC8yMzQwEYYPaHR0cDovL3Rlc3Qv +MjM1MBGGD2h0dHA6Ly90ZXN0LzIzNjARhg9odHRwOi8vdGVzdC8yMzcwEYYPaHR0 +cDovL3Rlc3QvMjM4MBGGD2h0dHA6Ly90ZXN0LzIzOTARhg9odHRwOi8vdGVzdC8y +NDAwEYYPaHR0cDovL3Rlc3QvMjQxMBGGD2h0dHA6Ly90ZXN0LzI0MjARhg9odHRw +Oi8vdGVzdC8yNDMwEYYPaHR0cDovL3Rlc3QvMjQ0MBGGD2h0dHA6Ly90ZXN0LzI0 +NTARhg9odHRwOi8vdGVzdC8yNDYwEYYPaHR0cDovL3Rlc3QvMjQ3MBGGD2h0dHA6 +Ly90ZXN0LzI0ODARhg9odHRwOi8vdGVzdC8yNDkwEYYPaHR0cDovL3Rlc3QvMjUw +MBGGD2h0dHA6Ly90ZXN0LzI1MTARhg9odHRwOi8vdGVzdC8yNTIwEYYPaHR0cDov +L3Rlc3QvMjUzMBGGD2h0dHA6Ly90ZXN0LzI1NDARhg9odHRwOi8vdGVzdC8yNTUw +EYYPaHR0cDovL3Rlc3QvMjU2MBGGD2h0dHA6Ly90ZXN0LzI1NzARhg9odHRwOi8v +dGVzdC8yNTgwEYYPaHR0cDovL3Rlc3QvMjU5MBGGD2h0dHA6Ly90ZXN0LzI2MDAR +hg9odHRwOi8vdGVzdC8yNjEwEYYPaHR0cDovL3Rlc3QvMjYyMBGGD2h0dHA6Ly90 +ZXN0LzI2MzARhg9odHRwOi8vdGVzdC8yNjQwEYYPaHR0cDovL3Rlc3QvMjY1MBGG +D2h0dHA6Ly90ZXN0LzI2NjARhg9odHRwOi8vdGVzdC8yNjcwEYYPaHR0cDovL3Rl +c3QvMjY4MBGGD2h0dHA6Ly90ZXN0LzI2OTARhg9odHRwOi8vdGVzdC8yNzAwEYYP +aHR0cDovL3Rlc3QvMjcxMBGGD2h0dHA6Ly90ZXN0LzI3MjARhg9odHRwOi8vdGVz +dC8yNzMwEYYPaHR0cDovL3Rlc3QvMjc0MBGGD2h0dHA6Ly90ZXN0LzI3NTARhg9o +dHRwOi8vdGVzdC8yNzYwEYYPaHR0cDovL3Rlc3QvMjc3MBGGD2h0dHA6Ly90ZXN0 +LzI3ODARhg9odHRwOi8vdGVzdC8yNzkwEYYPaHR0cDovL3Rlc3QvMjgwMBGGD2h0 +dHA6Ly90ZXN0LzI4MTARhg9odHRwOi8vdGVzdC8yODIwEYYPaHR0cDovL3Rlc3Qv +MjgzMBGGD2h0dHA6Ly90ZXN0LzI4NDARhg9odHRwOi8vdGVzdC8yODUwEYYPaHR0 +cDovL3Rlc3QvMjg2MBGGD2h0dHA6Ly90ZXN0LzI4NzARhg9odHRwOi8vdGVzdC8y +ODgwEYYPaHR0cDovL3Rlc3QvMjg5MBGGD2h0dHA6Ly90ZXN0LzI5MDARhg9odHRw +Oi8vdGVzdC8yOTEwEYYPaHR0cDovL3Rlc3QvMjkyMBGGD2h0dHA6Ly90ZXN0LzI5 +MzARhg9odHRwOi8vdGVzdC8yOTQwEYYPaHR0cDovL3Rlc3QvMjk1MBGGD2h0dHA6 +Ly90ZXN0LzI5NjARhg9odHRwOi8vdGVzdC8yOTcwEYYPaHR0cDovL3Rlc3QvMjk4 +MBGGD2h0dHA6Ly90ZXN0LzI5OTARhg9odHRwOi8vdGVzdC8zMDAwEYYPaHR0cDov +L3Rlc3QvMzAxMBGGD2h0dHA6Ly90ZXN0LzMwMjARhg9odHRwOi8vdGVzdC8zMDMw +EYYPaHR0cDovL3Rlc3QvMzA0MBGGD2h0dHA6Ly90ZXN0LzMwNTARhg9odHRwOi8v +dGVzdC8zMDYwEYYPaHR0cDovL3Rlc3QvMzA3MBGGD2h0dHA6Ly90ZXN0LzMwODAR +hg9odHRwOi8vdGVzdC8zMDkwEYYPaHR0cDovL3Rlc3QvMzEwMBGGD2h0dHA6Ly90 +ZXN0LzMxMTARhg9odHRwOi8vdGVzdC8zMTIwEYYPaHR0cDovL3Rlc3QvMzEzMBGG +D2h0dHA6Ly90ZXN0LzMxNDARhg9odHRwOi8vdGVzdC8zMTUwEYYPaHR0cDovL3Rl +c3QvMzE2MBGGD2h0dHA6Ly90ZXN0LzMxNzARhg9odHRwOi8vdGVzdC8zMTgwEYYP +aHR0cDovL3Rlc3QvMzE5MBGGD2h0dHA6Ly90ZXN0LzMyMDARhg9odHRwOi8vdGVz +dC8zMjEwEYYPaHR0cDovL3Rlc3QvMzIyMBGGD2h0dHA6Ly90ZXN0LzMyMzARhg9o +dHRwOi8vdGVzdC8zMjQwEYYPaHR0cDovL3Rlc3QvMzI1MBGGD2h0dHA6Ly90ZXN0 +LzMyNjARhg9odHRwOi8vdGVzdC8zMjcwEYYPaHR0cDovL3Rlc3QvMzI4MBGGD2h0 +dHA6Ly90ZXN0LzMyOTARhg9odHRwOi8vdGVzdC8zMzAwEYYPaHR0cDovL3Rlc3Qv +MzMxMBGGD2h0dHA6Ly90ZXN0LzMzMjARhg9odHRwOi8vdGVzdC8zMzMwEYYPaHR0 +cDovL3Rlc3QvMzM0MBGGD2h0dHA6Ly90ZXN0LzMzNTARhg9odHRwOi8vdGVzdC8z +MzYwEYYPaHR0cDovL3Rlc3QvMzM3MBGGD2h0dHA6Ly90ZXN0LzMzODARhg9odHRw +Oi8vdGVzdC8zMzkwEYYPaHR0cDovL3Rlc3QvMzQwMBGGD2h0dHA6Ly90ZXN0LzM0 +MTARhg9odHRwOi8vdGVzdC8zNDIwEYYPaHR0cDovL3Rlc3QvMzQzMBGGD2h0dHA6 +Ly90ZXN0LzM0NDARhg9odHRwOi8vdGVzdC8zNDUwEYYPaHR0cDovL3Rlc3QvMzQ2 +MBGGD2h0dHA6Ly90ZXN0LzM0NzARhg9odHRwOi8vdGVzdC8zNDgwEYYPaHR0cDov +L3Rlc3QvMzQ5MBGGD2h0dHA6Ly90ZXN0LzM1MDARhg9odHRwOi8vdGVzdC8zNTEw +EYYPaHR0cDovL3Rlc3QvMzUyMBGGD2h0dHA6Ly90ZXN0LzM1MzARhg9odHRwOi8v +dGVzdC8zNTQwEYYPaHR0cDovL3Rlc3QvMzU1MBGGD2h0dHA6Ly90ZXN0LzM1NjAR +hg9odHRwOi8vdGVzdC8zNTcwEYYPaHR0cDovL3Rlc3QvMzU4MBGGD2h0dHA6Ly90 +ZXN0LzM1OTARhg9odHRwOi8vdGVzdC8zNjAwEYYPaHR0cDovL3Rlc3QvMzYxMBGG +D2h0dHA6Ly90ZXN0LzM2MjARhg9odHRwOi8vdGVzdC8zNjMwEYYPaHR0cDovL3Rl +c3QvMzY0MBGGD2h0dHA6Ly90ZXN0LzM2NTARhg9odHRwOi8vdGVzdC8zNjYwEYYP +aHR0cDovL3Rlc3QvMzY3MBGGD2h0dHA6Ly90ZXN0LzM2ODARhg9odHRwOi8vdGVz +dC8zNjkwEYYPaHR0cDovL3Rlc3QvMzcwMBGGD2h0dHA6Ly90ZXN0LzM3MTARhg9o +dHRwOi8vdGVzdC8zNzIwEYYPaHR0cDovL3Rlc3QvMzczMBGGD2h0dHA6Ly90ZXN0 +LzM3NDARhg9odHRwOi8vdGVzdC8zNzUwEYYPaHR0cDovL3Rlc3QvMzc2MBGGD2h0 +dHA6Ly90ZXN0LzM3NzARhg9odHRwOi8vdGVzdC8zNzgwEYYPaHR0cDovL3Rlc3Qv +Mzc5MBGGD2h0dHA6Ly90ZXN0LzM4MDARhg9odHRwOi8vdGVzdC8zODEwEYYPaHR0 +cDovL3Rlc3QvMzgyMBGGD2h0dHA6Ly90ZXN0LzM4MzARhg9odHRwOi8vdGVzdC8z +ODQwEYYPaHR0cDovL3Rlc3QvMzg1MBGGD2h0dHA6Ly90ZXN0LzM4NjARhg9odHRw +Oi8vdGVzdC8zODcwEYYPaHR0cDovL3Rlc3QvMzg4MBGGD2h0dHA6Ly90ZXN0LzM4 +OTARhg9odHRwOi8vdGVzdC8zOTAwEYYPaHR0cDovL3Rlc3QvMzkxMBGGD2h0dHA6 +Ly90ZXN0LzM5MjARhg9odHRwOi8vdGVzdC8zOTMwEYYPaHR0cDovL3Rlc3QvMzk0 +MBGGD2h0dHA6Ly90ZXN0LzM5NTARhg9odHRwOi8vdGVzdC8zOTYwEYYPaHR0cDov +L3Rlc3QvMzk3MBGGD2h0dHA6Ly90ZXN0LzM5ODARhg9odHRwOi8vdGVzdC8zOTkw +EYYPaHR0cDovL3Rlc3QvNDAwMBGGD2h0dHA6Ly90ZXN0LzQwMTARhg9odHRwOi8v +dGVzdC80MDIwEYYPaHR0cDovL3Rlc3QvNDAzMBGGD2h0dHA6Ly90ZXN0LzQwNDAR +hg9odHRwOi8vdGVzdC80MDUwEYYPaHR0cDovL3Rlc3QvNDA2MBGGD2h0dHA6Ly90 +ZXN0LzQwNzARhg9odHRwOi8vdGVzdC80MDgwEYYPaHR0cDovL3Rlc3QvNDA5MBGG +D2h0dHA6Ly90ZXN0LzQxMDARhg9odHRwOi8vdGVzdC80MTEwEYYPaHR0cDovL3Rl +c3QvNDEyMBGGD2h0dHA6Ly90ZXN0LzQxMzARhg9odHRwOi8vdGVzdC80MTQwEYYP +aHR0cDovL3Rlc3QvNDE1MBGGD2h0dHA6Ly90ZXN0LzQxNjARhg9odHRwOi8vdGVz +dC80MTcwEYYPaHR0cDovL3Rlc3QvNDE4MBGGD2h0dHA6Ly90ZXN0LzQxOTARhg9o +dHRwOi8vdGVzdC80MjAwEYYPaHR0cDovL3Rlc3QvNDIxMBGGD2h0dHA6Ly90ZXN0 +LzQyMjARhg9odHRwOi8vdGVzdC80MjMwEYYPaHR0cDovL3Rlc3QvNDI0MBGGD2h0 +dHA6Ly90ZXN0LzQyNTARhg9odHRwOi8vdGVzdC80MjYwEYYPaHR0cDovL3Rlc3Qv +NDI3MBGGD2h0dHA6Ly90ZXN0LzQyODARhg9odHRwOi8vdGVzdC80MjkwEYYPaHR0 +cDovL3Rlc3QvNDMwMBGGD2h0dHA6Ly90ZXN0LzQzMTARhg9odHRwOi8vdGVzdC80 +MzIwEYYPaHR0cDovL3Rlc3QvNDMzMBGGD2h0dHA6Ly90ZXN0LzQzNDARhg9odHRw +Oi8vdGVzdC80MzUwEYYPaHR0cDovL3Rlc3QvNDM2MBGGD2h0dHA6Ly90ZXN0LzQz +NzARhg9odHRwOi8vdGVzdC80MzgwEYYPaHR0cDovL3Rlc3QvNDM5MBGGD2h0dHA6 +Ly90ZXN0LzQ0MDARhg9odHRwOi8vdGVzdC80NDEwEYYPaHR0cDovL3Rlc3QvNDQy +MBGGD2h0dHA6Ly90ZXN0LzQ0MzARhg9odHRwOi8vdGVzdC80NDQwEYYPaHR0cDov +L3Rlc3QvNDQ1MBGGD2h0dHA6Ly90ZXN0LzQ0NjARhg9odHRwOi8vdGVzdC80NDcw +EYYPaHR0cDovL3Rlc3QvNDQ4MBGGD2h0dHA6Ly90ZXN0LzQ0OTARhg9odHRwOi8v +dGVzdC80NTAwEYYPaHR0cDovL3Rlc3QvNDUxMBGGD2h0dHA6Ly90ZXN0LzQ1MjAR +hg9odHRwOi8vdGVzdC80NTMwEYYPaHR0cDovL3Rlc3QvNDU0MBGGD2h0dHA6Ly90 +ZXN0LzQ1NTARhg9odHRwOi8vdGVzdC80NTYwEYYPaHR0cDovL3Rlc3QvNDU3MBGG +D2h0dHA6Ly90ZXN0LzQ1ODARhg9odHRwOi8vdGVzdC80NTkwEYYPaHR0cDovL3Rl +c3QvNDYwMBGGD2h0dHA6Ly90ZXN0LzQ2MTARhg9odHRwOi8vdGVzdC80NjIwEYYP +aHR0cDovL3Rlc3QvNDYzMBGGD2h0dHA6Ly90ZXN0LzQ2NDARhg9odHRwOi8vdGVz +dC80NjUwEYYPaHR0cDovL3Rlc3QvNDY2MBGGD2h0dHA6Ly90ZXN0LzQ2NzARhg9o +dHRwOi8vdGVzdC80NjgwEYYPaHR0cDovL3Rlc3QvNDY5MBGGD2h0dHA6Ly90ZXN0 +LzQ3MDARhg9odHRwOi8vdGVzdC80NzEwEYYPaHR0cDovL3Rlc3QvNDcyMBGGD2h0 +dHA6Ly90ZXN0LzQ3MzARhg9odHRwOi8vdGVzdC80NzQwEYYPaHR0cDovL3Rlc3Qv +NDc1MBGGD2h0dHA6Ly90ZXN0LzQ3NjARhg9odHRwOi8vdGVzdC80NzcwEYYPaHR0 +cDovL3Rlc3QvNDc4MBGGD2h0dHA6Ly90ZXN0LzQ3OTARhg9odHRwOi8vdGVzdC80 +ODAwEYYPaHR0cDovL3Rlc3QvNDgxMBGGD2h0dHA6Ly90ZXN0LzQ4MjARhg9odHRw +Oi8vdGVzdC80ODMwEYYPaHR0cDovL3Rlc3QvNDg0MBGGD2h0dHA6Ly90ZXN0LzQ4 +NTARhg9odHRwOi8vdGVzdC80ODYwEYYPaHR0cDovL3Rlc3QvNDg3MBGGD2h0dHA6 +Ly90ZXN0LzQ4ODARhg9odHRwOi8vdGVzdC80ODkwEYYPaHR0cDovL3Rlc3QvNDkw +MBGGD2h0dHA6Ly90ZXN0LzQ5MTARhg9odHRwOi8vdGVzdC80OTIwEYYPaHR0cDov +L3Rlc3QvNDkzMBGGD2h0dHA6Ly90ZXN0LzQ5NDARhg9odHRwOi8vdGVzdC80OTUw +EYYPaHR0cDovL3Rlc3QvNDk2MBGGD2h0dHA6Ly90ZXN0LzQ5NzARhg9odHRwOi8v +dGVzdC80OTgwEYYPaHR0cDovL3Rlc3QvNDk5MBGGD2h0dHA6Ly90ZXN0LzUwMDAR +hg9odHRwOi8vdGVzdC81MDEwEYYPaHR0cDovL3Rlc3QvNTAyMBGGD2h0dHA6Ly90 +ZXN0LzUwMzARhg9odHRwOi8vdGVzdC81MDQwEYYPaHR0cDovL3Rlc3QvNTA1MBGG +D2h0dHA6Ly90ZXN0LzUwNjARhg9odHRwOi8vdGVzdC81MDcwEYYPaHR0cDovL3Rl +c3QvNTA4MBGGD2h0dHA6Ly90ZXN0LzUwOTARhg9odHRwOi8vdGVzdC81MTAwEYYP +aHR0cDovL3Rlc3QvNTExMBGGD2h0dHA6Ly90ZXN0LzUxMjARhg9odHRwOi8vdGVz +dC81MTMwEYYPaHR0cDovL3Rlc3QvNTE0MBGGD2h0dHA6Ly90ZXN0LzUxNTARhg9o +dHRwOi8vdGVzdC81MTYwEYYPaHR0cDovL3Rlc3QvNTE3MBGGD2h0dHA6Ly90ZXN0 +LzUxODARhg9odHRwOi8vdGVzdC81MTkwEYYPaHR0cDovL3Rlc3QvNTIwMBGGD2h0 +dHA6Ly90ZXN0LzUyMTARhg9odHRwOi8vdGVzdC81MjIwEYYPaHR0cDovL3Rlc3Qv +NTIzMBGGD2h0dHA6Ly90ZXN0LzUyNDARhg9odHRwOi8vdGVzdC81MjUwEYYPaHR0 +cDovL3Rlc3QvNTI2MBGGD2h0dHA6Ly90ZXN0LzUyNzARhg9odHRwOi8vdGVzdC81 +MjgwEYYPaHR0cDovL3Rlc3QvNTI5MBGGD2h0dHA6Ly90ZXN0LzUzMDARhg9odHRw +Oi8vdGVzdC81MzEwEYYPaHR0cDovL3Rlc3QvNTMyMBGGD2h0dHA6Ly90ZXN0LzUz +MzARhg9odHRwOi8vdGVzdC81MzQwEYYPaHR0cDovL3Rlc3QvNTM1MBGGD2h0dHA6 +Ly90ZXN0LzUzNjARhg9odHRwOi8vdGVzdC81MzcwEYYPaHR0cDovL3Rlc3QvNTM4 +MBGGD2h0dHA6Ly90ZXN0LzUzOTARhg9odHRwOi8vdGVzdC81NDAwEYYPaHR0cDov +L3Rlc3QvNTQxMBGGD2h0dHA6Ly90ZXN0LzU0MjARhg9odHRwOi8vdGVzdC81NDMw +EYYPaHR0cDovL3Rlc3QvNTQ0MBGGD2h0dHA6Ly90ZXN0LzU0NTARhg9odHRwOi8v +dGVzdC81NDYwEYYPaHR0cDovL3Rlc3QvNTQ3MBGGD2h0dHA6Ly90ZXN0LzU0ODAR +hg9odHRwOi8vdGVzdC81NDkwEYYPaHR0cDovL3Rlc3QvNTUwMBGGD2h0dHA6Ly90 +ZXN0LzU1MTARhg9odHRwOi8vdGVzdC81NTIwEYYPaHR0cDovL3Rlc3QvNTUzMBGG +D2h0dHA6Ly90ZXN0LzU1NDARhg9odHRwOi8vdGVzdC81NTUwEYYPaHR0cDovL3Rl +c3QvNTU2MBGGD2h0dHA6Ly90ZXN0LzU1NzARhg9odHRwOi8vdGVzdC81NTgwEYYP +aHR0cDovL3Rlc3QvNTU5MBGGD2h0dHA6Ly90ZXN0LzU2MDARhg9odHRwOi8vdGVz +dC81NjEwEYYPaHR0cDovL3Rlc3QvNTYyMBGGD2h0dHA6Ly90ZXN0LzU2MzARhg9o +dHRwOi8vdGVzdC81NjQwEYYPaHR0cDovL3Rlc3QvNTY1MBGGD2h0dHA6Ly90ZXN0 +LzU2NjARhg9odHRwOi8vdGVzdC81NjcwEYYPaHR0cDovL3Rlc3QvNTY4MBGGD2h0 +dHA6Ly90ZXN0LzU2OTARhg9odHRwOi8vdGVzdC81NzAwEYYPaHR0cDovL3Rlc3Qv +NTcxMBGGD2h0dHA6Ly90ZXN0LzU3MjARhg9odHRwOi8vdGVzdC81NzMwEYYPaHR0 +cDovL3Rlc3QvNTc0MBGGD2h0dHA6Ly90ZXN0LzU3NTARhg9odHRwOi8vdGVzdC81 +NzYwEYYPaHR0cDovL3Rlc3QvNTc3MBGGD2h0dHA6Ly90ZXN0LzU3ODARhg9odHRw +Oi8vdGVzdC81NzkwEYYPaHR0cDovL3Rlc3QvNTgwMBGGD2h0dHA6Ly90ZXN0LzU4 +MTARhg9odHRwOi8vdGVzdC81ODIwEYYPaHR0cDovL3Rlc3QvNTgzMBGGD2h0dHA6 +Ly90ZXN0LzU4NDARhg9odHRwOi8vdGVzdC81ODUwEYYPaHR0cDovL3Rlc3QvNTg2 +MBGGD2h0dHA6Ly90ZXN0LzU4NzARhg9odHRwOi8vdGVzdC81ODgwEYYPaHR0cDov +L3Rlc3QvNTg5MBGGD2h0dHA6Ly90ZXN0LzU5MDARhg9odHRwOi8vdGVzdC81OTEw +EYYPaHR0cDovL3Rlc3QvNTkyMBGGD2h0dHA6Ly90ZXN0LzU5MzARhg9odHRwOi8v +dGVzdC81OTQwEYYPaHR0cDovL3Rlc3QvNTk1MBGGD2h0dHA6Ly90ZXN0LzU5NjAR +hg9odHRwOi8vdGVzdC81OTcwEYYPaHR0cDovL3Rlc3QvNTk4MBGGD2h0dHA6Ly90 +ZXN0LzU5OTARhg9odHRwOi8vdGVzdC82MDAwEYYPaHR0cDovL3Rlc3QvNjAxMBGG +D2h0dHA6Ly90ZXN0LzYwMjARhg9odHRwOi8vdGVzdC82MDMwEYYPaHR0cDovL3Rl +c3QvNjA0MBGGD2h0dHA6Ly90ZXN0LzYwNTARhg9odHRwOi8vdGVzdC82MDYwEYYP +aHR0cDovL3Rlc3QvNjA3MBGGD2h0dHA6Ly90ZXN0LzYwODARhg9odHRwOi8vdGVz +dC82MDkwEYYPaHR0cDovL3Rlc3QvNjEwMBGGD2h0dHA6Ly90ZXN0LzYxMTARhg9o +dHRwOi8vdGVzdC82MTIwEYYPaHR0cDovL3Rlc3QvNjEzMBGGD2h0dHA6Ly90ZXN0 +LzYxNDARhg9odHRwOi8vdGVzdC82MTUwEYYPaHR0cDovL3Rlc3QvNjE2MBGGD2h0 +dHA6Ly90ZXN0LzYxNzARhg9odHRwOi8vdGVzdC82MTgwEYYPaHR0cDovL3Rlc3Qv +NjE5MBGGD2h0dHA6Ly90ZXN0LzYyMDARhg9odHRwOi8vdGVzdC82MjEwEYYPaHR0 +cDovL3Rlc3QvNjIyMBGGD2h0dHA6Ly90ZXN0LzYyMzARhg9odHRwOi8vdGVzdC82 +MjQwEYYPaHR0cDovL3Rlc3QvNjI1MBGGD2h0dHA6Ly90ZXN0LzYyNjARhg9odHRw +Oi8vdGVzdC82MjcwEYYPaHR0cDovL3Rlc3QvNjI4MBGGD2h0dHA6Ly90ZXN0LzYy +OTARhg9odHRwOi8vdGVzdC82MzAwEYYPaHR0cDovL3Rlc3QvNjMxMBGGD2h0dHA6 +Ly90ZXN0LzYzMjARhg9odHRwOi8vdGVzdC82MzMwEYYPaHR0cDovL3Rlc3QvNjM0 +MBGGD2h0dHA6Ly90ZXN0LzYzNTARhg9odHRwOi8vdGVzdC82MzYwEYYPaHR0cDov +L3Rlc3QvNjM3MBGGD2h0dHA6Ly90ZXN0LzYzODARhg9odHRwOi8vdGVzdC82Mzkw +EYYPaHR0cDovL3Rlc3QvNjQwMBGGD2h0dHA6Ly90ZXN0LzY0MTARhg9odHRwOi8v +dGVzdC82NDIwEYYPaHR0cDovL3Rlc3QvNjQzMBGGD2h0dHA6Ly90ZXN0LzY0NDAR +hg9odHRwOi8vdGVzdC82NDUwEYYPaHR0cDovL3Rlc3QvNjQ2MBGGD2h0dHA6Ly90 +ZXN0LzY0NzARhg9odHRwOi8vdGVzdC82NDgwEYYPaHR0cDovL3Rlc3QvNjQ5MBGG +D2h0dHA6Ly90ZXN0LzY1MDARhg9odHRwOi8vdGVzdC82NTEwEYYPaHR0cDovL3Rl +c3QvNjUyMBGGD2h0dHA6Ly90ZXN0LzY1MzARhg9odHRwOi8vdGVzdC82NTQwEYYP +aHR0cDovL3Rlc3QvNjU1MBGGD2h0dHA6Ly90ZXN0LzY1NjARhg9odHRwOi8vdGVz +dC82NTcwEYYPaHR0cDovL3Rlc3QvNjU4MBGGD2h0dHA6Ly90ZXN0LzY1OTARhg9o +dHRwOi8vdGVzdC82NjAwEYYPaHR0cDovL3Rlc3QvNjYxMBGGD2h0dHA6Ly90ZXN0 +LzY2MjARhg9odHRwOi8vdGVzdC82NjMwEYYPaHR0cDovL3Rlc3QvNjY0MBGGD2h0 +dHA6Ly90ZXN0LzY2NTARhg9odHRwOi8vdGVzdC82NjYwEYYPaHR0cDovL3Rlc3Qv +NjY3MBGGD2h0dHA6Ly90ZXN0LzY2ODARhg9odHRwOi8vdGVzdC82NjkwEYYPaHR0 +cDovL3Rlc3QvNjcwMBGGD2h0dHA6Ly90ZXN0LzY3MTARhg9odHRwOi8vdGVzdC82 +NzIwEYYPaHR0cDovL3Rlc3QvNjczMBGGD2h0dHA6Ly90ZXN0LzY3NDARhg9odHRw +Oi8vdGVzdC82NzUwEYYPaHR0cDovL3Rlc3QvNjc2MBGGD2h0dHA6Ly90ZXN0LzY3 +NzARhg9odHRwOi8vdGVzdC82NzgwEYYPaHR0cDovL3Rlc3QvNjc5MBGGD2h0dHA6 +Ly90ZXN0LzY4MDARhg9odHRwOi8vdGVzdC82ODEwEYYPaHR0cDovL3Rlc3QvNjgy +MBGGD2h0dHA6Ly90ZXN0LzY4MzARhg9odHRwOi8vdGVzdC82ODQwEYYPaHR0cDov +L3Rlc3QvNjg1MBGGD2h0dHA6Ly90ZXN0LzY4NjARhg9odHRwOi8vdGVzdC82ODcw +EYYPaHR0cDovL3Rlc3QvNjg4MBGGD2h0dHA6Ly90ZXN0LzY4OTARhg9odHRwOi8v +dGVzdC82OTAwEYYPaHR0cDovL3Rlc3QvNjkxMBGGD2h0dHA6Ly90ZXN0LzY5MjAR +hg9odHRwOi8vdGVzdC82OTMwEYYPaHR0cDovL3Rlc3QvNjk0MBGGD2h0dHA6Ly90 +ZXN0LzY5NTARhg9odHRwOi8vdGVzdC82OTYwEYYPaHR0cDovL3Rlc3QvNjk3MBGG +D2h0dHA6Ly90ZXN0LzY5ODARhg9odHRwOi8vdGVzdC82OTkwEYYPaHR0cDovL3Rl +c3QvNzAwMBGGD2h0dHA6Ly90ZXN0LzcwMTARhg9odHRwOi8vdGVzdC83MDIwEYYP +aHR0cDovL3Rlc3QvNzAzMBGGD2h0dHA6Ly90ZXN0LzcwNDARhg9odHRwOi8vdGVz +dC83MDUwEYYPaHR0cDovL3Rlc3QvNzA2MBGGD2h0dHA6Ly90ZXN0LzcwNzARhg9o +dHRwOi8vdGVzdC83MDgwEYYPaHR0cDovL3Rlc3QvNzA5MBGGD2h0dHA6Ly90ZXN0 +LzcxMDARhg9odHRwOi8vdGVzdC83MTEwEYYPaHR0cDovL3Rlc3QvNzEyMBGGD2h0 +dHA6Ly90ZXN0LzcxMzARhg9odHRwOi8vdGVzdC83MTQwEYYPaHR0cDovL3Rlc3Qv +NzE1MBGGD2h0dHA6Ly90ZXN0LzcxNjARhg9odHRwOi8vdGVzdC83MTcwEYYPaHR0 +cDovL3Rlc3QvNzE4MBGGD2h0dHA6Ly90ZXN0LzcxOTARhg9odHRwOi8vdGVzdC83 +MjAwEYYPaHR0cDovL3Rlc3QvNzIxMBGGD2h0dHA6Ly90ZXN0LzcyMjARhg9odHRw +Oi8vdGVzdC83MjMwEYYPaHR0cDovL3Rlc3QvNzI0MBGGD2h0dHA6Ly90ZXN0Lzcy +NTARhg9odHRwOi8vdGVzdC83MjYwEYYPaHR0cDovL3Rlc3QvNzI3MBGGD2h0dHA6 +Ly90ZXN0LzcyODARhg9odHRwOi8vdGVzdC83MjkwEYYPaHR0cDovL3Rlc3QvNzMw +MBGGD2h0dHA6Ly90ZXN0LzczMTARhg9odHRwOi8vdGVzdC83MzIwEYYPaHR0cDov +L3Rlc3QvNzMzMBGGD2h0dHA6Ly90ZXN0LzczNDARhg9odHRwOi8vdGVzdC83MzUw +EYYPaHR0cDovL3Rlc3QvNzM2MBGGD2h0dHA6Ly90ZXN0LzczNzARhg9odHRwOi8v +dGVzdC83MzgwEYYPaHR0cDovL3Rlc3QvNzM5MBGGD2h0dHA6Ly90ZXN0Lzc0MDAR +hg9odHRwOi8vdGVzdC83NDEwEYYPaHR0cDovL3Rlc3QvNzQyMBGGD2h0dHA6Ly90 +ZXN0Lzc0MzARhg9odHRwOi8vdGVzdC83NDQwEYYPaHR0cDovL3Rlc3QvNzQ1MBGG +D2h0dHA6Ly90ZXN0Lzc0NjARhg9odHRwOi8vdGVzdC83NDcwEYYPaHR0cDovL3Rl +c3QvNzQ4MBGGD2h0dHA6Ly90ZXN0Lzc0OTARhg9odHRwOi8vdGVzdC83NTAwEYYP +aHR0cDovL3Rlc3QvNzUxMBGGD2h0dHA6Ly90ZXN0Lzc1MjARhg9odHRwOi8vdGVz +dC83NTMwEYYPaHR0cDovL3Rlc3QvNzU0MBGGD2h0dHA6Ly90ZXN0Lzc1NTARhg9o +dHRwOi8vdGVzdC83NTYwEYYPaHR0cDovL3Rlc3QvNzU3MBGGD2h0dHA6Ly90ZXN0 +Lzc1ODARhg9odHRwOi8vdGVzdC83NTkwEYYPaHR0cDovL3Rlc3QvNzYwMBGGD2h0 +dHA6Ly90ZXN0Lzc2MTARhg9odHRwOi8vdGVzdC83NjIwEYYPaHR0cDovL3Rlc3Qv +NzYzMBGGD2h0dHA6Ly90ZXN0Lzc2NDARhg9odHRwOi8vdGVzdC83NjUwEYYPaHR0 +cDovL3Rlc3QvNzY2MBGGD2h0dHA6Ly90ZXN0Lzc2NzARhg9odHRwOi8vdGVzdC83 +NjgwEYYPaHR0cDovL3Rlc3QvNzY5MBGGD2h0dHA6Ly90ZXN0Lzc3MDARhg9odHRw +Oi8vdGVzdC83NzEwEYYPaHR0cDovL3Rlc3QvNzcyMBGGD2h0dHA6Ly90ZXN0Lzc3 +MzARhg9odHRwOi8vdGVzdC83NzQwEYYPaHR0cDovL3Rlc3QvNzc1MBGGD2h0dHA6 +Ly90ZXN0Lzc3NjARhg9odHRwOi8vdGVzdC83NzcwEYYPaHR0cDovL3Rlc3QvNzc4 +MBGGD2h0dHA6Ly90ZXN0Lzc3OTARhg9odHRwOi8vdGVzdC83ODAwEYYPaHR0cDov +L3Rlc3QvNzgxMBGGD2h0dHA6Ly90ZXN0Lzc4MjARhg9odHRwOi8vdGVzdC83ODMw +EYYPaHR0cDovL3Rlc3QvNzg0MBGGD2h0dHA6Ly90ZXN0Lzc4NTARhg9odHRwOi8v +dGVzdC83ODYwEYYPaHR0cDovL3Rlc3QvNzg3MBGGD2h0dHA6Ly90ZXN0Lzc4ODAR +hg9odHRwOi8vdGVzdC83ODkwEYYPaHR0cDovL3Rlc3QvNzkwMBGGD2h0dHA6Ly90 +ZXN0Lzc5MTARhg9odHRwOi8vdGVzdC83OTIwEYYPaHR0cDovL3Rlc3QvNzkzMBGG +D2h0dHA6Ly90ZXN0Lzc5NDARhg9odHRwOi8vdGVzdC83OTUwEYYPaHR0cDovL3Rl +c3QvNzk2MBGGD2h0dHA6Ly90ZXN0Lzc5NzARhg9odHRwOi8vdGVzdC83OTgwEYYP +aHR0cDovL3Rlc3QvNzk5MBGGD2h0dHA6Ly90ZXN0LzgwMDARhg9odHRwOi8vdGVz +dC84MDEwEYYPaHR0cDovL3Rlc3QvODAyMBGGD2h0dHA6Ly90ZXN0LzgwMzARhg9o +dHRwOi8vdGVzdC84MDQwEYYPaHR0cDovL3Rlc3QvODA1MBGGD2h0dHA6Ly90ZXN0 +LzgwNjARhg9odHRwOi8vdGVzdC84MDcwEYYPaHR0cDovL3Rlc3QvODA4MBGGD2h0 +dHA6Ly90ZXN0LzgwOTARhg9odHRwOi8vdGVzdC84MTAwEYYPaHR0cDovL3Rlc3Qv +ODExMBGGD2h0dHA6Ly90ZXN0LzgxMjARhg9odHRwOi8vdGVzdC84MTMwEYYPaHR0 +cDovL3Rlc3QvODE0MBGGD2h0dHA6Ly90ZXN0LzgxNTARhg9odHRwOi8vdGVzdC84 +MTYwEYYPaHR0cDovL3Rlc3QvODE3MBGGD2h0dHA6Ly90ZXN0LzgxODARhg9odHRw +Oi8vdGVzdC84MTkwEYYPaHR0cDovL3Rlc3QvODIwMBGGD2h0dHA6Ly90ZXN0Lzgy +MTARhg9odHRwOi8vdGVzdC84MjIwEYYPaHR0cDovL3Rlc3QvODIzMBGGD2h0dHA6 +Ly90ZXN0LzgyNDARhg9odHRwOi8vdGVzdC84MjUwEYYPaHR0cDovL3Rlc3QvODI2 +MBGGD2h0dHA6Ly90ZXN0LzgyNzARhg9odHRwOi8vdGVzdC84MjgwEYYPaHR0cDov +L3Rlc3QvODI5MBGGD2h0dHA6Ly90ZXN0LzgzMDARhg9odHRwOi8vdGVzdC84MzEw +EYYPaHR0cDovL3Rlc3QvODMyMBGGD2h0dHA6Ly90ZXN0LzgzMzARhg9odHRwOi8v +dGVzdC84MzQwEYYPaHR0cDovL3Rlc3QvODM1MBGGD2h0dHA6Ly90ZXN0LzgzNjAR +hg9odHRwOi8vdGVzdC84MzcwEYYPaHR0cDovL3Rlc3QvODM4MBGGD2h0dHA6Ly90 +ZXN0LzgzOTARhg9odHRwOi8vdGVzdC84NDAwEYYPaHR0cDovL3Rlc3QvODQxMBGG +D2h0dHA6Ly90ZXN0Lzg0MjARhg9odHRwOi8vdGVzdC84NDMwEYYPaHR0cDovL3Rl +c3QvODQ0MBGGD2h0dHA6Ly90ZXN0Lzg0NTARhg9odHRwOi8vdGVzdC84NDYwEYYP +aHR0cDovL3Rlc3QvODQ3MBGGD2h0dHA6Ly90ZXN0Lzg0ODARhg9odHRwOi8vdGVz +dC84NDkwEYYPaHR0cDovL3Rlc3QvODUwMBGGD2h0dHA6Ly90ZXN0Lzg1MTARhg9o +dHRwOi8vdGVzdC84NTIwEYYPaHR0cDovL3Rlc3QvODUzMBGGD2h0dHA6Ly90ZXN0 +Lzg1NDARhg9odHRwOi8vdGVzdC84NTUwEYYPaHR0cDovL3Rlc3QvODU2MBGGD2h0 +dHA6Ly90ZXN0Lzg1NzARhg9odHRwOi8vdGVzdC84NTgwEYYPaHR0cDovL3Rlc3Qv +ODU5MBGGD2h0dHA6Ly90ZXN0Lzg2MDARhg9odHRwOi8vdGVzdC84NjEwEYYPaHR0 +cDovL3Rlc3QvODYyMBGGD2h0dHA6Ly90ZXN0Lzg2MzARhg9odHRwOi8vdGVzdC84 +NjQwEYYPaHR0cDovL3Rlc3QvODY1MBGGD2h0dHA6Ly90ZXN0Lzg2NjARhg9odHRw +Oi8vdGVzdC84NjcwEYYPaHR0cDovL3Rlc3QvODY4MBGGD2h0dHA6Ly90ZXN0Lzg2 +OTARhg9odHRwOi8vdGVzdC84NzAwEYYPaHR0cDovL3Rlc3QvODcxMBGGD2h0dHA6 +Ly90ZXN0Lzg3MjARhg9odHRwOi8vdGVzdC84NzMwEYYPaHR0cDovL3Rlc3QvODc0 +MBGGD2h0dHA6Ly90ZXN0Lzg3NTARhg9odHRwOi8vdGVzdC84NzYwEYYPaHR0cDov +L3Rlc3QvODc3MBGGD2h0dHA6Ly90ZXN0Lzg3ODARhg9odHRwOi8vdGVzdC84Nzkw +EYYPaHR0cDovL3Rlc3QvODgwMBGGD2h0dHA6Ly90ZXN0Lzg4MTARhg9odHRwOi8v +dGVzdC84ODIwEYYPaHR0cDovL3Rlc3QvODgzMBGGD2h0dHA6Ly90ZXN0Lzg4NDAR +hg9odHRwOi8vdGVzdC84ODUwEYYPaHR0cDovL3Rlc3QvODg2MBGGD2h0dHA6Ly90 +ZXN0Lzg4NzARhg9odHRwOi8vdGVzdC84ODgwEYYPaHR0cDovL3Rlc3QvODg5MBGG +D2h0dHA6Ly90ZXN0Lzg5MDARhg9odHRwOi8vdGVzdC84OTEwEYYPaHR0cDovL3Rl +c3QvODkyMBGGD2h0dHA6Ly90ZXN0Lzg5MzARhg9odHRwOi8vdGVzdC84OTQwEYYP +aHR0cDovL3Rlc3QvODk1MBGGD2h0dHA6Ly90ZXN0Lzg5NjARhg9odHRwOi8vdGVz +dC84OTcwEYYPaHR0cDovL3Rlc3QvODk4MBGGD2h0dHA6Ly90ZXN0Lzg5OTARhg9o +dHRwOi8vdGVzdC85MDAwEYYPaHR0cDovL3Rlc3QvOTAxMBGGD2h0dHA6Ly90ZXN0 +LzkwMjARhg9odHRwOi8vdGVzdC85MDMwEYYPaHR0cDovL3Rlc3QvOTA0MBGGD2h0 +dHA6Ly90ZXN0LzkwNTARhg9odHRwOi8vdGVzdC85MDYwEYYPaHR0cDovL3Rlc3Qv +OTA3MBGGD2h0dHA6Ly90ZXN0LzkwODARhg9odHRwOi8vdGVzdC85MDkwEYYPaHR0 +cDovL3Rlc3QvOTEwMBGGD2h0dHA6Ly90ZXN0LzkxMTARhg9odHRwOi8vdGVzdC85 +MTIwEYYPaHR0cDovL3Rlc3QvOTEzMBGGD2h0dHA6Ly90ZXN0LzkxNDARhg9odHRw +Oi8vdGVzdC85MTUwEYYPaHR0cDovL3Rlc3QvOTE2MBGGD2h0dHA6Ly90ZXN0Lzkx +NzARhg9odHRwOi8vdGVzdC85MTgwEYYPaHR0cDovL3Rlc3QvOTE5MBGGD2h0dHA6 +Ly90ZXN0LzkyMDARhg9odHRwOi8vdGVzdC85MjEwEYYPaHR0cDovL3Rlc3QvOTIy +MBGGD2h0dHA6Ly90ZXN0LzkyMzARhg9odHRwOi8vdGVzdC85MjQwEYYPaHR0cDov +L3Rlc3QvOTI1MBGGD2h0dHA6Ly90ZXN0LzkyNjARhg9odHRwOi8vdGVzdC85Mjcw +EYYPaHR0cDovL3Rlc3QvOTI4MBGGD2h0dHA6Ly90ZXN0LzkyOTARhg9odHRwOi8v +dGVzdC85MzAwEYYPaHR0cDovL3Rlc3QvOTMxMBGGD2h0dHA6Ly90ZXN0LzkzMjAR +hg9odHRwOi8vdGVzdC85MzMwEYYPaHR0cDovL3Rlc3QvOTM0MBGGD2h0dHA6Ly90 +ZXN0LzkzNTARhg9odHRwOi8vdGVzdC85MzYwEYYPaHR0cDovL3Rlc3QvOTM3MBGG +D2h0dHA6Ly90ZXN0LzkzODARhg9odHRwOi8vdGVzdC85MzkwEYYPaHR0cDovL3Rl +c3QvOTQwMBGGD2h0dHA6Ly90ZXN0Lzk0MTARhg9odHRwOi8vdGVzdC85NDIwEYYP +aHR0cDovL3Rlc3QvOTQzMBGGD2h0dHA6Ly90ZXN0Lzk0NDARhg9odHRwOi8vdGVz +dC85NDUwEYYPaHR0cDovL3Rlc3QvOTQ2MBGGD2h0dHA6Ly90ZXN0Lzk0NzARhg9o +dHRwOi8vdGVzdC85NDgwEYYPaHR0cDovL3Rlc3QvOTQ5MBGGD2h0dHA6Ly90ZXN0 +Lzk1MDARhg9odHRwOi8vdGVzdC85NTEwEYYPaHR0cDovL3Rlc3QvOTUyMBGGD2h0 +dHA6Ly90ZXN0Lzk1MzARhg9odHRwOi8vdGVzdC85NTQwEYYPaHR0cDovL3Rlc3Qv +OTU1MBGGD2h0dHA6Ly90ZXN0Lzk1NjARhg9odHRwOi8vdGVzdC85NTcwEYYPaHR0 +cDovL3Rlc3QvOTU4MBGGD2h0dHA6Ly90ZXN0Lzk1OTARhg9odHRwOi8vdGVzdC85 +NjAwEYYPaHR0cDovL3Rlc3QvOTYxMBGGD2h0dHA6Ly90ZXN0Lzk2MjARhg9odHRw +Oi8vdGVzdC85NjMwEYYPaHR0cDovL3Rlc3QvOTY0MBGGD2h0dHA6Ly90ZXN0Lzk2 +NTARhg9odHRwOi8vdGVzdC85NjYwEYYPaHR0cDovL3Rlc3QvOTY3MBGGD2h0dHA6 +Ly90ZXN0Lzk2ODARhg9odHRwOi8vdGVzdC85NjkwEYYPaHR0cDovL3Rlc3QvOTcw +MBGGD2h0dHA6Ly90ZXN0Lzk3MTARhg9odHRwOi8vdGVzdC85NzIwEYYPaHR0cDov +L3Rlc3QvOTczMBGGD2h0dHA6Ly90ZXN0Lzk3NDARhg9odHRwOi8vdGVzdC85NzUw +EYYPaHR0cDovL3Rlc3QvOTc2MBGGD2h0dHA6Ly90ZXN0Lzk3NzARhg9odHRwOi8v +dGVzdC85NzgwEYYPaHR0cDovL3Rlc3QvOTc5MBGGD2h0dHA6Ly90ZXN0Lzk4MDAR +hg9odHRwOi8vdGVzdC85ODEwEYYPaHR0cDovL3Rlc3QvOTgyMBGGD2h0dHA6Ly90 +ZXN0Lzk4MzARhg9odHRwOi8vdGVzdC85ODQwEYYPaHR0cDovL3Rlc3QvOTg1MBGG +D2h0dHA6Ly90ZXN0Lzk4NjARhg9odHRwOi8vdGVzdC85ODcwEYYPaHR0cDovL3Rl +c3QvOTg4MBGGD2h0dHA6Ly90ZXN0Lzk4OTARhg9odHRwOi8vdGVzdC85OTAwEYYP +aHR0cDovL3Rlc3QvOTkxMBGGD2h0dHA6Ly90ZXN0Lzk5MjARhg9odHRwOi8vdGVz +dC85OTMwEYYPaHR0cDovL3Rlc3QvOTk0MBGGD2h0dHA6Ly90ZXN0Lzk5NTARhg9o +dHRwOi8vdGVzdC85OTYwEYYPaHR0cDovL3Rlc3QvOTk3MBGGD2h0dHA6Ly90ZXN0 +Lzk5ODARhg9odHRwOi8vdGVzdC85OTkwEoYQaHR0cDovL3Rlc3QvMTAwMDAShhBo +dHRwOi8vdGVzdC8xMDAxMBKGEGh0dHA6Ly90ZXN0LzEwMDIwEoYQaHR0cDovL3Rl +c3QvMTAwMzAShhBodHRwOi8vdGVzdC8xMDA0MBKGEGh0dHA6Ly90ZXN0LzEwMDUw +EoYQaHR0cDovL3Rlc3QvMTAwNjAShhBodHRwOi8vdGVzdC8xMDA3MBKGEGh0dHA6 +Ly90ZXN0LzEwMDgwEoYQaHR0cDovL3Rlc3QvMTAwOTAShhBodHRwOi8vdGVzdC8x +MDEwMBKGEGh0dHA6Ly90ZXN0LzEwMTEwEoYQaHR0cDovL3Rlc3QvMTAxMjAShhBo +dHRwOi8vdGVzdC8xMDEzMBKGEGh0dHA6Ly90ZXN0LzEwMTQwEoYQaHR0cDovL3Rl +c3QvMTAxNTAShhBodHRwOi8vdGVzdC8xMDE2MBKGEGh0dHA6Ly90ZXN0LzEwMTcw +EoYQaHR0cDovL3Rlc3QvMTAxODAShhBodHRwOi8vdGVzdC8xMDE5MBKGEGh0dHA6 +Ly90ZXN0LzEwMjAwEoYQaHR0cDovL3Rlc3QvMTAyMTAShhBodHRwOi8vdGVzdC8x +MDIyMBKGEGh0dHA6Ly90ZXN0LzEwMjMwEoYQaHR0cDovL3Rlc3QvMTAyNKGCaW4w +CYIHeDAudGVzdDAJggd4MS50ZXN0MAmCB3gyLnRlc3QwCYIHeDMudGVzdDAJggd4 +NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYudGVzdDAJggd4Ny50ZXN0MAmCB3g4LnRl +c3QwCYIHeDkudGVzdDAKggh4MTAudGVzdDAKggh4MTEudGVzdDAKggh4MTIudGVz +dDAKggh4MTMudGVzdDAKggh4MTQudGVzdDAKggh4MTUudGVzdDAKggh4MTYudGVz +dDAKggh4MTcudGVzdDAKggh4MTgudGVzdDAKggh4MTkudGVzdDAKggh4MjAudGVz +dDAKggh4MjEudGVzdDAKggh4MjIudGVzdDAKggh4MjMudGVzdDAKggh4MjQudGVz +dDAKggh4MjUudGVzdDAKggh4MjYudGVzdDAKggh4MjcudGVzdDAKggh4MjgudGVz +dDAKggh4MjkudGVzdDAKggh4MzAudGVzdDAKggh4MzEudGVzdDAKggh4MzIudGVz +dDAKggh4MzMudGVzdDAKggh4MzQudGVzdDAKggh4MzUudGVzdDAKggh4MzYudGVz +dDAKggh4MzcudGVzdDAKggh4MzgudGVzdDAKggh4MzkudGVzdDAKggh4NDAudGVz +dDAKggh4NDEudGVzdDAKggh4NDIudGVzdDAKggh4NDMudGVzdDAKggh4NDQudGVz +dDAKggh4NDUudGVzdDAKggh4NDYudGVzdDAKggh4NDcudGVzdDAKggh4NDgudGVz +dDAKggh4NDkudGVzdDAKggh4NTAudGVzdDAKggh4NTEudGVzdDAKggh4NTIudGVz +dDAKggh4NTMudGVzdDAKggh4NTQudGVzdDAKggh4NTUudGVzdDAKggh4NTYudGVz +dDAKggh4NTcudGVzdDAKggh4NTgudGVzdDAKggh4NTkudGVzdDAKggh4NjAudGVz +dDAKggh4NjEudGVzdDAKggh4NjIudGVzdDAKggh4NjMudGVzdDAKggh4NjQudGVz +dDAKggh4NjUudGVzdDAKggh4NjYudGVzdDAKggh4NjcudGVzdDAKggh4NjgudGVz +dDAKggh4NjkudGVzdDAKggh4NzAudGVzdDAKggh4NzEudGVzdDAKggh4NzIudGVz +dDAKggh4NzMudGVzdDAKggh4NzQudGVzdDAKggh4NzUudGVzdDAKggh4NzYudGVz +dDAKggh4NzcudGVzdDAKggh4NzgudGVzdDAKggh4NzkudGVzdDAKggh4ODAudGVz +dDAKggh4ODEudGVzdDAKggh4ODIudGVzdDAKggh4ODMudGVzdDAKggh4ODQudGVz +dDAKggh4ODUudGVzdDAKggh4ODYudGVzdDAKggh4ODcudGVzdDAKggh4ODgudGVz +dDAKggh4ODkudGVzdDAKggh4OTAudGVzdDAKggh4OTEudGVzdDAKggh4OTIudGVz +dDAKggh4OTMudGVzdDAKggh4OTQudGVzdDAKggh4OTUudGVzdDAKggh4OTYudGVz +dDAKggh4OTcudGVzdDAKggh4OTgudGVzdDAKggh4OTkudGVzdDALggl4MTAwLnRl +c3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIudGVzdDALggl4MTAzLnRlc3QwC4IJeDEw +NC50ZXN0MAuCCXgxMDUudGVzdDALggl4MTA2LnRlc3QwC4IJeDEwNy50ZXN0MAuC +CXgxMDgudGVzdDALggl4MTA5LnRlc3QwC4IJeDExMC50ZXN0MAuCCXgxMTEudGVz +dDALggl4MTEyLnRlc3QwC4IJeDExMy50ZXN0MAuCCXgxMTQudGVzdDALggl4MTE1 +LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgxMTcudGVzdDALggl4MTE4LnRlc3QwC4IJ +eDExOS50ZXN0MAuCCXgxMjAudGVzdDALggl4MTIxLnRlc3QwC4IJeDEyMi50ZXN0 +MAuCCXgxMjMudGVzdDALggl4MTI0LnRlc3QwC4IJeDEyNS50ZXN0MAuCCXgxMjYu +dGVzdDALggl4MTI3LnRlc3QwC4IJeDEyOC50ZXN0MAuCCXgxMjkudGVzdDALggl4 +MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuCCXgxMzIudGVzdDALggl4MTMzLnRlc3Qw +C4IJeDEzNC50ZXN0MAuCCXgxMzUudGVzdDALggl4MTM2LnRlc3QwC4IJeDEzNy50 +ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5LnRlc3QwC4IJeDE0MC50ZXN0MAuCCXgx +NDEudGVzdDALggl4MTQyLnRlc3QwC4IJeDE0My50ZXN0MAuCCXgxNDQudGVzdDAL +ggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0MAuCCXgxNDcudGVzdDALggl4MTQ4LnRl +c3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAudGVzdDALggl4MTUxLnRlc3QwC4IJeDE1 +Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4MTU0LnRlc3QwC4IJeDE1NS50ZXN0MAuC +CXgxNTYudGVzdDALggl4MTU3LnRlc3QwC4IJeDE1OC50ZXN0MAuCCXgxNTkudGVz +dDALggl4MTYwLnRlc3QwC4IJeDE2MS50ZXN0MAuCCXgxNjIudGVzdDALggl4MTYz +LnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgxNjUudGVzdDALggl4MTY2LnRlc3QwC4IJ +eDE2Ny50ZXN0MAuCCXgxNjgudGVzdDALggl4MTY5LnRlc3QwCocICwAAAP////8w +CocICwAAAf////8wCocICwAAAv////8wCocICwAAA/////8wCocICwAABP////8w +CocICwAABf////8wCocICwAABv////8wCocICwAAB/////8wCocICwAACP////8w +CocICwAACf////8wCocICwAACv////8wCocICwAAC/////8wCocICwAADP////8w +CocICwAADf////8wCocICwAADv////8wCocICwAAD/////8wCocICwAAEP////8w +CocICwAAEf////8wCocICwAAEv////8wCocICwAAE/////8wCocICwAAFP////8w +CocICwAAFf////8wCocICwAAFv////8wCocICwAAF/////8wCocICwAAGP////8w +CocICwAAGf////8wCocICwAAGv////8wCocICwAAG/////8wCocICwAAHP////8w +CocICwAAHf////8wCocICwAAHv////8wCocICwAAH/////8wCocICwAAIP////8w +CocICwAAIf////8wCocICwAAIv////8wCocICwAAI/////8wCocICwAAJP////8w +CocICwAAJf////8wCocICwAAJv////8wCocICwAAJ/////8wCocICwAAKP////8w +CocICwAAKf////8wCocICwAAKv////8wCocICwAAK/////8wCocICwAALP////8w +CocICwAALf////8wCocICwAALv////8wCocICwAAL/////8wCocICwAAMP////8w +CocICwAAMf////8wCocICwAAMv////8wCocICwAAM/////8wCocICwAANP////8w +CocICwAANf////8wCocICwAANv////8wCocICwAAN/////8wCocICwAAOP////8w +CocICwAAOf////8wCocICwAAOv////8wCocICwAAO/////8wCocICwAAPP////8w +CocICwAAPf////8wCocICwAAPv////8wCocICwAAP/////8wCocICwAAQP////8w +CocICwAAQf////8wCocICwAAQv////8wCocICwAAQ/////8wCocICwAARP////8w +CocICwAARf////8wCocICwAARv////8wCocICwAAR/////8wCocICwAASP////8w +CocICwAASf////8wCocICwAASv////8wCocICwAAS/////8wCocICwAATP////8w +CocICwAATf////8wCocICwAATv////8wCocICwAAT/////8wCocICwAAUP////8w +CocICwAAUf////8wCocICwAAUv////8wCocICwAAU/////8wCocICwAAVP////8w +CocICwAAVf////8wCocICwAAVv////8wCocICwAAV/////8wCocICwAAWP////8w +CocICwAAWf////8wCocICwAAWv////8wCocICwAAW/////8wCocICwAAXP////8w +CocICwAAXf////8wCocICwAAXv////8wCocICwAAX/////8wCocICwAAYP////8w +CocICwAAYf////8wCocICwAAYv////8wCocICwAAY/////8wCocICwAAZP////8w +CocICwAAZf////8wCocICwAAZv////8wCocICwAAZ/////8wCocICwAAaP////8w +CocICwAAaf////8wCocICwAAav////8wCocICwAAa/////8wCocICwAAbP////8w +CocICwAAbf////8wCocICwAAbv////8wCocICwAAb/////8wCocICwAAcP////8w +CocICwAAcf////8wCocICwAAcv////8wCocICwAAc/////8wCocICwAAdP////8w +CocICwAAdf////8wCocICwAAdv////8wCocICwAAd/////8wCocICwAAeP////8w +CocICwAAef////8wCocICwAAev////8wCocICwAAe/////8wCocICwAAfP////8w +CocICwAAff////8wCocICwAAfv////8wCocICwAAf/////8wCocICwAAgP////8w +CocICwAAgf////8wCocICwAAgv////8wCocICwAAg/////8wCocICwAAhP////8w +CocICwAAhf////8wCocICwAAhv////8wCocICwAAh/////8wCocICwAAiP////8w +CocICwAAif////8wCocICwAAiv////8wCocICwAAi/////8wCocICwAAjP////8w +CocICwAAjf////8wCocICwAAjv////8wCocICwAAj/////8wCocICwAAkP////8w +CocICwAAkf////8wCocICwAAkv////8wCocICwAAk/////8wCocICwAAlP////8w +CocICwAAlf////8wCocICwAAlv////8wCocICwAAl/////8wCocICwAAmP////8w +CocICwAAmf////8wCocICwAAmv////8wCocICwAAm/////8wCocICwAAnP////8w +CocICwAAnf////8wCocICwAAnv////8wCocICwAAn/////8wCocICwAAoP////8w +CocICwAAof////8wCocICwAAov////8wCocICwAAo/////8wCocICwAApP////8w +CocICwAApf////8wCocICwAApv////8wCocICwAAp/////8wCocICwAAqP////8w +CocICwAAqf////8wEaQPMA0xCzAJBgNVBAMMAngwMBGkDzANMQswCQYDVQQDDAJ4 +MTARpA8wDTELMAkGA1UEAwwCeDIwEaQPMA0xCzAJBgNVBAMMAngzMBGkDzANMQsw +CQYDVQQDDAJ4NDARpA8wDTELMAkGA1UEAwwCeDUwEaQPMA0xCzAJBgNVBAMMAng2 +MBGkDzANMQswCQYDVQQDDAJ4NzARpA8wDTELMAkGA1UEAwwCeDgwEaQPMA0xCzAJ +BgNVBAMMAng5MBKkEDAOMQwwCgYDVQQDDAN4MTAwEqQQMA4xDDAKBgNVBAMMA3gx +MTASpBAwDjEMMAoGA1UEAwwDeDEyMBKkEDAOMQwwCgYDVQQDDAN4MTMwEqQQMA4x +DDAKBgNVBAMMA3gxNDASpBAwDjEMMAoGA1UEAwwDeDE1MBKkEDAOMQwwCgYDVQQD +DAN4MTYwEqQQMA4xDDAKBgNVBAMMA3gxNzASpBAwDjEMMAoGA1UEAwwDeDE4MBKk +EDAOMQwwCgYDVQQDDAN4MTkwEqQQMA4xDDAKBgNVBAMMA3gyMDASpBAwDjEMMAoG +A1UEAwwDeDIxMBKkEDAOMQwwCgYDVQQDDAN4MjIwEqQQMA4xDDAKBgNVBAMMA3gy +MzASpBAwDjEMMAoGA1UEAwwDeDI0MBKkEDAOMQwwCgYDVQQDDAN4MjUwEqQQMA4x +DDAKBgNVBAMMA3gyNjASpBAwDjEMMAoGA1UEAwwDeDI3MBKkEDAOMQwwCgYDVQQD +DAN4MjgwEqQQMA4xDDAKBgNVBAMMA3gyOTASpBAwDjEMMAoGA1UEAwwDeDMwMBKk +EDAOMQwwCgYDVQQDDAN4MzEwEqQQMA4xDDAKBgNVBAMMA3gzMjASpBAwDjEMMAoG +A1UEAwwDeDMzMBKkEDAOMQwwCgYDVQQDDAN4MzQwEqQQMA4xDDAKBgNVBAMMA3gz +NTASpBAwDjEMMAoGA1UEAwwDeDM2MBKkEDAOMQwwCgYDVQQDDAN4MzcwEqQQMA4x +DDAKBgNVBAMMA3gzODASpBAwDjEMMAoGA1UEAwwDeDM5MBKkEDAOMQwwCgYDVQQD +DAN4NDAwEqQQMA4xDDAKBgNVBAMMA3g0MTASpBAwDjEMMAoGA1UEAwwDeDQyMBKk +EDAOMQwwCgYDVQQDDAN4NDMwEqQQMA4xDDAKBgNVBAMMA3g0NDASpBAwDjEMMAoG +A1UEAwwDeDQ1MBKkEDAOMQwwCgYDVQQDDAN4NDYwEqQQMA4xDDAKBgNVBAMMA3g0 +NzASpBAwDjEMMAoGA1UEAwwDeDQ4MBKkEDAOMQwwCgYDVQQDDAN4NDkwEqQQMA4x +DDAKBgNVBAMMA3g1MDASpBAwDjEMMAoGA1UEAwwDeDUxMBKkEDAOMQwwCgYDVQQD +DAN4NTIwEqQQMA4xDDAKBgNVBAMMA3g1MzASpBAwDjEMMAoGA1UEAwwDeDU0MBKk +EDAOMQwwCgYDVQQDDAN4NTUwEqQQMA4xDDAKBgNVBAMMA3g1NjASpBAwDjEMMAoG +A1UEAwwDeDU3MBKkEDAOMQwwCgYDVQQDDAN4NTgwEqQQMA4xDDAKBgNVBAMMA3g1 +OTASpBAwDjEMMAoGA1UEAwwDeDYwMBKkEDAOMQwwCgYDVQQDDAN4NjEwEqQQMA4x +DDAKBgNVBAMMA3g2MjASpBAwDjEMMAoGA1UEAwwDeDYzMBKkEDAOMQwwCgYDVQQD +DAN4NjQwEqQQMA4xDDAKBgNVBAMMA3g2NTASpBAwDjEMMAoGA1UEAwwDeDY2MBKk +EDAOMQwwCgYDVQQDDAN4NjcwEqQQMA4xDDAKBgNVBAMMA3g2ODASpBAwDjEMMAoG +A1UEAwwDeDY5MBKkEDAOMQwwCgYDVQQDDAN4NzAwEqQQMA4xDDAKBgNVBAMMA3g3 +MTASpBAwDjEMMAoGA1UEAwwDeDcyMBKkEDAOMQwwCgYDVQQDDAN4NzMwEqQQMA4x +DDAKBgNVBAMMA3g3NDASpBAwDjEMMAoGA1UEAwwDeDc1MBKkEDAOMQwwCgYDVQQD +DAN4NzYwEqQQMA4xDDAKBgNVBAMMA3g3NzASpBAwDjEMMAoGA1UEAwwDeDc4MBKk +EDAOMQwwCgYDVQQDDAN4NzkwEqQQMA4xDDAKBgNVBAMMA3g4MDASpBAwDjEMMAoG +A1UEAwwDeDgxMBKkEDAOMQwwCgYDVQQDDAN4ODIwEqQQMA4xDDAKBgNVBAMMA3g4 +MzASpBAwDjEMMAoGA1UEAwwDeDg0MBKkEDAOMQwwCgYDVQQDDAN4ODUwEqQQMA4x +DDAKBgNVBAMMA3g4NjASpBAwDjEMMAoGA1UEAwwDeDg3MBKkEDAOMQwwCgYDVQQD +DAN4ODgwEqQQMA4xDDAKBgNVBAMMA3g4OTASpBAwDjEMMAoGA1UEAwwDeDkwMBKk +EDAOMQwwCgYDVQQDDAN4OTEwEqQQMA4xDDAKBgNVBAMMA3g5MjASpBAwDjEMMAoG +A1UEAwwDeDkzMBKkEDAOMQwwCgYDVQQDDAN4OTQwEqQQMA4xDDAKBgNVBAMMA3g5 +NTASpBAwDjEMMAoGA1UEAwwDeDk2MBKkEDAOMQwwCgYDVQQDDAN4OTcwEqQQMA4x +DDAKBgNVBAMMA3g5ODASpBAwDjEMMAoGA1UEAwwDeDk5MBOkETAPMQ0wCwYDVQQD +DAR4MTAwMBOkETAPMQ0wCwYDVQQDDAR4MTAxMBOkETAPMQ0wCwYDVQQDDAR4MTAy +MBOkETAPMQ0wCwYDVQQDDAR4MTAzMBOkETAPMQ0wCwYDVQQDDAR4MTA0MBOkETAP +MQ0wCwYDVQQDDAR4MTA1MBOkETAPMQ0wCwYDVQQDDAR4MTA2MBOkETAPMQ0wCwYD +VQQDDAR4MTA3MBOkETAPMQ0wCwYDVQQDDAR4MTA4MBOkETAPMQ0wCwYDVQQDDAR4 +MTA5MBOkETAPMQ0wCwYDVQQDDAR4MTEwMBOkETAPMQ0wCwYDVQQDDAR4MTExMBOk +ETAPMQ0wCwYDVQQDDAR4MTEyMBOkETAPMQ0wCwYDVQQDDAR4MTEzMBOkETAPMQ0w +CwYDVQQDDAR4MTE0MBOkETAPMQ0wCwYDVQQDDAR4MTE1MBOkETAPMQ0wCwYDVQQD +DAR4MTE2MBOkETAPMQ0wCwYDVQQDDAR4MTE3MBOkETAPMQ0wCwYDVQQDDAR4MTE4 +MBOkETAPMQ0wCwYDVQQDDAR4MTE5MBOkETAPMQ0wCwYDVQQDDAR4MTIwMBOkETAP +MQ0wCwYDVQQDDAR4MTIxMBOkETAPMQ0wCwYDVQQDDAR4MTIyMBOkETAPMQ0wCwYD +VQQDDAR4MTIzMBOkETAPMQ0wCwYDVQQDDAR4MTI0MBOkETAPMQ0wCwYDVQQDDAR4 +MTI1MBOkETAPMQ0wCwYDVQQDDAR4MTI2MBOkETAPMQ0wCwYDVQQDDAR4MTI3MBOk +ETAPMQ0wCwYDVQQDDAR4MTI4MBOkETAPMQ0wCwYDVQQDDAR4MTI5MBOkETAPMQ0w +CwYDVQQDDAR4MTMwMBOkETAPMQ0wCwYDVQQDDAR4MTMxMBOkETAPMQ0wCwYDVQQD +DAR4MTMyMBOkETAPMQ0wCwYDVQQDDAR4MTMzMBOkETAPMQ0wCwYDVQQDDAR4MTM0 +MBOkETAPMQ0wCwYDVQQDDAR4MTM1MBOkETAPMQ0wCwYDVQQDDAR4MTM2MBOkETAP +MQ0wCwYDVQQDDAR4MTM3MBOkETAPMQ0wCwYDVQQDDAR4MTM4MBOkETAPMQ0wCwYD +VQQDDAR4MTM5MBOkETAPMQ0wCwYDVQQDDAR4MTQwMBOkETAPMQ0wCwYDVQQDDAR4 +MTQxMBOkETAPMQ0wCwYDVQQDDAR4MTQyMBOkETAPMQ0wCwYDVQQDDAR4MTQzMBOk +ETAPMQ0wCwYDVQQDDAR4MTQ0MBOkETAPMQ0wCwYDVQQDDAR4MTQ1MBOkETAPMQ0w +CwYDVQQDDAR4MTQ2MBOkETAPMQ0wCwYDVQQDDAR4MTQ3MBOkETAPMQ0wCwYDVQQD +DAR4MTQ4MBOkETAPMQ0wCwYDVQQDDAR4MTQ5MBOkETAPMQ0wCwYDVQQDDAR4MTUw +MBOkETAPMQ0wCwYDVQQDDAR4MTUxMBOkETAPMQ0wCwYDVQQDDAR4MTUyMBOkETAP +MQ0wCwYDVQQDDAR4MTUzMBOkETAPMQ0wCwYDVQQDDAR4MTU0MBOkETAPMQ0wCwYD +VQQDDAR4MTU1MBOkETAPMQ0wCwYDVQQDDAR4MTU2MBOkETAPMQ0wCwYDVQQDDAR4 +MTU3MBOkETAPMQ0wCwYDVQQDDAR4MTU4MBOkETAPMQ0wCwYDVQQDDAR4MTU5MBOk +ETAPMQ0wCwYDVQQDDAR4MTYwMBOkETAPMQ0wCwYDVQQDDAR4MTYxMBOkETAPMQ0w +CwYDVQQDDAR4MTYyMBOkETAPMQ0wCwYDVQQDDAR4MTYzMBOkETAPMQ0wCwYDVQQD +DAR4MTY0MBOkETAPMQ0wCwYDVQQDDAR4MTY1MBOkETAPMQ0wCwYDVQQDDAR4MTY2 +MBOkETAPMQ0wCwYDVQQDDAR4MTY3MBOkETAPMQ0wCwYDVQQDDAR4MTY4MBOkETAP +MQ0wCwYDVQQDDAR4MTY5MA+GDWh0dHA6Ly94ZXN0LzAwD4YNaHR0cDovL3hlc3Qv +MTAPhg1odHRwOi8veGVzdC8yMA+GDWh0dHA6Ly94ZXN0LzMwD4YNaHR0cDovL3hl +c3QvNDAPhg1odHRwOi8veGVzdC81MA+GDWh0dHA6Ly94ZXN0LzYwD4YNaHR0cDov +L3hlc3QvNzAPhg1odHRwOi8veGVzdC84MA+GDWh0dHA6Ly94ZXN0LzkwEIYOaHR0 +cDovL3hlc3QvMTAwEIYOaHR0cDovL3hlc3QvMTEwEIYOaHR0cDovL3hlc3QvMTIw +EIYOaHR0cDovL3hlc3QvMTMwEIYOaHR0cDovL3hlc3QvMTQwEIYOaHR0cDovL3hl +c3QvMTUwEIYOaHR0cDovL3hlc3QvMTYwEIYOaHR0cDovL3hlc3QvMTcwEIYOaHR0 +cDovL3hlc3QvMTgwEIYOaHR0cDovL3hlc3QvMTkwEIYOaHR0cDovL3hlc3QvMjAw +EIYOaHR0cDovL3hlc3QvMjEwEIYOaHR0cDovL3hlc3QvMjIwEIYOaHR0cDovL3hl +c3QvMjMwEIYOaHR0cDovL3hlc3QvMjQwEIYOaHR0cDovL3hlc3QvMjUwEIYOaHR0 +cDovL3hlc3QvMjYwEIYOaHR0cDovL3hlc3QvMjcwEIYOaHR0cDovL3hlc3QvMjgw +EIYOaHR0cDovL3hlc3QvMjkwEIYOaHR0cDovL3hlc3QvMzAwEIYOaHR0cDovL3hl +c3QvMzEwEIYOaHR0cDovL3hlc3QvMzIwEIYOaHR0cDovL3hlc3QvMzMwEIYOaHR0 +cDovL3hlc3QvMzQwEIYOaHR0cDovL3hlc3QvMzUwEIYOaHR0cDovL3hlc3QvMzYw +EIYOaHR0cDovL3hlc3QvMzcwEIYOaHR0cDovL3hlc3QvMzgwEIYOaHR0cDovL3hl +c3QvMzkwEIYOaHR0cDovL3hlc3QvNDAwEIYOaHR0cDovL3hlc3QvNDEwEIYOaHR0 +cDovL3hlc3QvNDIwEIYOaHR0cDovL3hlc3QvNDMwEIYOaHR0cDovL3hlc3QvNDQw +EIYOaHR0cDovL3hlc3QvNDUwEIYOaHR0cDovL3hlc3QvNDYwEIYOaHR0cDovL3hl +c3QvNDcwEIYOaHR0cDovL3hlc3QvNDgwEIYOaHR0cDovL3hlc3QvNDkwEIYOaHR0 +cDovL3hlc3QvNTAwEIYOaHR0cDovL3hlc3QvNTEwEIYOaHR0cDovL3hlc3QvNTIw +EIYOaHR0cDovL3hlc3QvNTMwEIYOaHR0cDovL3hlc3QvNTQwEIYOaHR0cDovL3hl +c3QvNTUwEIYOaHR0cDovL3hlc3QvNTYwEIYOaHR0cDovL3hlc3QvNTcwEIYOaHR0 +cDovL3hlc3QvNTgwEIYOaHR0cDovL3hlc3QvNTkwEIYOaHR0cDovL3hlc3QvNjAw +EIYOaHR0cDovL3hlc3QvNjEwEIYOaHR0cDovL3hlc3QvNjIwEIYOaHR0cDovL3hl +c3QvNjMwEIYOaHR0cDovL3hlc3QvNjQwEIYOaHR0cDovL3hlc3QvNjUwEIYOaHR0 +cDovL3hlc3QvNjYwEIYOaHR0cDovL3hlc3QvNjcwEIYOaHR0cDovL3hlc3QvNjgw +EIYOaHR0cDovL3hlc3QvNjkwEIYOaHR0cDovL3hlc3QvNzAwEIYOaHR0cDovL3hl +c3QvNzEwEIYOaHR0cDovL3hlc3QvNzIwEIYOaHR0cDovL3hlc3QvNzMwEIYOaHR0 +cDovL3hlc3QvNzQwEIYOaHR0cDovL3hlc3QvNzUwEIYOaHR0cDovL3hlc3QvNzYw +EIYOaHR0cDovL3hlc3QvNzcwEIYOaHR0cDovL3hlc3QvNzgwEIYOaHR0cDovL3hl +c3QvNzkwEIYOaHR0cDovL3hlc3QvODAwEIYOaHR0cDovL3hlc3QvODEwEIYOaHR0 +cDovL3hlc3QvODIwEIYOaHR0cDovL3hlc3QvODMwEIYOaHR0cDovL3hlc3QvODQw +EIYOaHR0cDovL3hlc3QvODUwEIYOaHR0cDovL3hlc3QvODYwEIYOaHR0cDovL3hl +c3QvODcwEIYOaHR0cDovL3hlc3QvODgwEIYOaHR0cDovL3hlc3QvODkwEIYOaHR0 +cDovL3hlc3QvOTAwEIYOaHR0cDovL3hlc3QvOTEwEIYOaHR0cDovL3hlc3QvOTIw +EIYOaHR0cDovL3hlc3QvOTMwEIYOaHR0cDovL3hlc3QvOTQwEIYOaHR0cDovL3hl +c3QvOTUwEIYOaHR0cDovL3hlc3QvOTYwEIYOaHR0cDovL3hlc3QvOTcwEIYOaHR0 +cDovL3hlc3QvOTgwEIYOaHR0cDovL3hlc3QvOTkwEYYPaHR0cDovL3hlc3QvMTAw +MBGGD2h0dHA6Ly94ZXN0LzEwMTARhg9odHRwOi8veGVzdC8xMDIwEYYPaHR0cDov +L3hlc3QvMTAzMBGGD2h0dHA6Ly94ZXN0LzEwNDARhg9odHRwOi8veGVzdC8xMDUw +EYYPaHR0cDovL3hlc3QvMTA2MBGGD2h0dHA6Ly94ZXN0LzEwNzARhg9odHRwOi8v +eGVzdC8xMDgwEYYPaHR0cDovL3hlc3QvMTA5MBGGD2h0dHA6Ly94ZXN0LzExMDAR +hg9odHRwOi8veGVzdC8xMTEwEYYPaHR0cDovL3hlc3QvMTEyMBGGD2h0dHA6Ly94 +ZXN0LzExMzARhg9odHRwOi8veGVzdC8xMTQwEYYPaHR0cDovL3hlc3QvMTE1MBGG +D2h0dHA6Ly94ZXN0LzExNjARhg9odHRwOi8veGVzdC8xMTcwEYYPaHR0cDovL3hl +c3QvMTE4MBGGD2h0dHA6Ly94ZXN0LzExOTARhg9odHRwOi8veGVzdC8xMjAwEYYP +aHR0cDovL3hlc3QvMTIxMBGGD2h0dHA6Ly94ZXN0LzEyMjARhg9odHRwOi8veGVz +dC8xMjMwEYYPaHR0cDovL3hlc3QvMTI0MBGGD2h0dHA6Ly94ZXN0LzEyNTARhg9o +dHRwOi8veGVzdC8xMjYwEYYPaHR0cDovL3hlc3QvMTI3MBGGD2h0dHA6Ly94ZXN0 +LzEyODARhg9odHRwOi8veGVzdC8xMjkwEYYPaHR0cDovL3hlc3QvMTMwMBGGD2h0 +dHA6Ly94ZXN0LzEzMTARhg9odHRwOi8veGVzdC8xMzIwEYYPaHR0cDovL3hlc3Qv +MTMzMBGGD2h0dHA6Ly94ZXN0LzEzNDARhg9odHRwOi8veGVzdC8xMzUwEYYPaHR0 +cDovL3hlc3QvMTM2MBGGD2h0dHA6Ly94ZXN0LzEzNzARhg9odHRwOi8veGVzdC8x +MzgwEYYPaHR0cDovL3hlc3QvMTM5MBGGD2h0dHA6Ly94ZXN0LzE0MDARhg9odHRw +Oi8veGVzdC8xNDEwEYYPaHR0cDovL3hlc3QvMTQyMBGGD2h0dHA6Ly94ZXN0LzE0 +MzARhg9odHRwOi8veGVzdC8xNDQwEYYPaHR0cDovL3hlc3QvMTQ1MBGGD2h0dHA6 +Ly94ZXN0LzE0NjARhg9odHRwOi8veGVzdC8xNDcwEYYPaHR0cDovL3hlc3QvMTQ4 +MBGGD2h0dHA6Ly94ZXN0LzE0OTARhg9odHRwOi8veGVzdC8xNTAwEYYPaHR0cDov +L3hlc3QvMTUxMBGGD2h0dHA6Ly94ZXN0LzE1MjARhg9odHRwOi8veGVzdC8xNTMw +EYYPaHR0cDovL3hlc3QvMTU0MBGGD2h0dHA6Ly94ZXN0LzE1NTARhg9odHRwOi8v +eGVzdC8xNTYwEYYPaHR0cDovL3hlc3QvMTU3MBGGD2h0dHA6Ly94ZXN0LzE1ODAR +hg9odHRwOi8veGVzdC8xNTkwEYYPaHR0cDovL3hlc3QvMTYwMBGGD2h0dHA6Ly94 +ZXN0LzE2MTARhg9odHRwOi8veGVzdC8xNjIwEYYPaHR0cDovL3hlc3QvMTYzMBGG +D2h0dHA6Ly94ZXN0LzE2NDARhg9odHRwOi8veGVzdC8xNjUwEYYPaHR0cDovL3hl +c3QvMTY2MBGGD2h0dHA6Ly94ZXN0LzE2NzARhg9odHRwOi8veGVzdC8xNjgwEYYP +aHR0cDovL3hlc3QvMTY5MBGGD2h0dHA6Ly94ZXN0LzE3MDARhg9odHRwOi8veGVz +dC8xNzEwEYYPaHR0cDovL3hlc3QvMTcyMBGGD2h0dHA6Ly94ZXN0LzE3MzARhg9o +dHRwOi8veGVzdC8xNzQwEYYPaHR0cDovL3hlc3QvMTc1MBGGD2h0dHA6Ly94ZXN0 +LzE3NjARhg9odHRwOi8veGVzdC8xNzcwEYYPaHR0cDovL3hlc3QvMTc4MBGGD2h0 +dHA6Ly94ZXN0LzE3OTARhg9odHRwOi8veGVzdC8xODAwEYYPaHR0cDovL3hlc3Qv +MTgxMBGGD2h0dHA6Ly94ZXN0LzE4MjARhg9odHRwOi8veGVzdC8xODMwEYYPaHR0 +cDovL3hlc3QvMTg0MBGGD2h0dHA6Ly94ZXN0LzE4NTARhg9odHRwOi8veGVzdC8x +ODYwEYYPaHR0cDovL3hlc3QvMTg3MBGGD2h0dHA6Ly94ZXN0LzE4ODARhg9odHRw +Oi8veGVzdC8xODkwEYYPaHR0cDovL3hlc3QvMTkwMBGGD2h0dHA6Ly94ZXN0LzE5 +MTARhg9odHRwOi8veGVzdC8xOTIwEYYPaHR0cDovL3hlc3QvMTkzMBGGD2h0dHA6 +Ly94ZXN0LzE5NDARhg9odHRwOi8veGVzdC8xOTUwEYYPaHR0cDovL3hlc3QvMTk2 +MBGGD2h0dHA6Ly94ZXN0LzE5NzARhg9odHRwOi8veGVzdC8xOTgwEYYPaHR0cDov +L3hlc3QvMTk5MBGGD2h0dHA6Ly94ZXN0LzIwMDARhg9odHRwOi8veGVzdC8yMDEw +EYYPaHR0cDovL3hlc3QvMjAyMBGGD2h0dHA6Ly94ZXN0LzIwMzARhg9odHRwOi8v +eGVzdC8yMDQwEYYPaHR0cDovL3hlc3QvMjA1MBGGD2h0dHA6Ly94ZXN0LzIwNjAR +hg9odHRwOi8veGVzdC8yMDcwEYYPaHR0cDovL3hlc3QvMjA4MBGGD2h0dHA6Ly94 +ZXN0LzIwOTARhg9odHRwOi8veGVzdC8yMTAwEYYPaHR0cDovL3hlc3QvMjExMBGG +D2h0dHA6Ly94ZXN0LzIxMjARhg9odHRwOi8veGVzdC8yMTMwEYYPaHR0cDovL3hl +c3QvMjE0MBGGD2h0dHA6Ly94ZXN0LzIxNTARhg9odHRwOi8veGVzdC8yMTYwEYYP +aHR0cDovL3hlc3QvMjE3MBGGD2h0dHA6Ly94ZXN0LzIxODARhg9odHRwOi8veGVz +dC8yMTkwEYYPaHR0cDovL3hlc3QvMjIwMBGGD2h0dHA6Ly94ZXN0LzIyMTARhg9o +dHRwOi8veGVzdC8yMjIwEYYPaHR0cDovL3hlc3QvMjIzMBGGD2h0dHA6Ly94ZXN0 +LzIyNDARhg9odHRwOi8veGVzdC8yMjUwEYYPaHR0cDovL3hlc3QvMjI2MBGGD2h0 +dHA6Ly94ZXN0LzIyNzARhg9odHRwOi8veGVzdC8yMjgwEYYPaHR0cDovL3hlc3Qv +MjI5MBGGD2h0dHA6Ly94ZXN0LzIzMDARhg9odHRwOi8veGVzdC8yMzEwEYYPaHR0 +cDovL3hlc3QvMjMyMBGGD2h0dHA6Ly94ZXN0LzIzMzARhg9odHRwOi8veGVzdC8y +MzQwEYYPaHR0cDovL3hlc3QvMjM1MBGGD2h0dHA6Ly94ZXN0LzIzNjARhg9odHRw +Oi8veGVzdC8yMzcwEYYPaHR0cDovL3hlc3QvMjM4MBGGD2h0dHA6Ly94ZXN0LzIz +OTARhg9odHRwOi8veGVzdC8yNDAwEYYPaHR0cDovL3hlc3QvMjQxMBGGD2h0dHA6 +Ly94ZXN0LzI0MjARhg9odHRwOi8veGVzdC8yNDMwEYYPaHR0cDovL3hlc3QvMjQ0 +MBGGD2h0dHA6Ly94ZXN0LzI0NTARhg9odHRwOi8veGVzdC8yNDYwEYYPaHR0cDov +L3hlc3QvMjQ3MBGGD2h0dHA6Ly94ZXN0LzI0ODARhg9odHRwOi8veGVzdC8yNDkw +EYYPaHR0cDovL3hlc3QvMjUwMBGGD2h0dHA6Ly94ZXN0LzI1MTARhg9odHRwOi8v +eGVzdC8yNTIwEYYPaHR0cDovL3hlc3QvMjUzMBGGD2h0dHA6Ly94ZXN0LzI1NDAR +hg9odHRwOi8veGVzdC8yNTUwEYYPaHR0cDovL3hlc3QvMjU2MBGGD2h0dHA6Ly94 +ZXN0LzI1NzARhg9odHRwOi8veGVzdC8yNTgwEYYPaHR0cDovL3hlc3QvMjU5MBGG +D2h0dHA6Ly94ZXN0LzI2MDARhg9odHRwOi8veGVzdC8yNjEwEYYPaHR0cDovL3hl +c3QvMjYyMBGGD2h0dHA6Ly94ZXN0LzI2MzARhg9odHRwOi8veGVzdC8yNjQwEYYP +aHR0cDovL3hlc3QvMjY1MBGGD2h0dHA6Ly94ZXN0LzI2NjARhg9odHRwOi8veGVz +dC8yNjcwEYYPaHR0cDovL3hlc3QvMjY4MBGGD2h0dHA6Ly94ZXN0LzI2OTARhg9o +dHRwOi8veGVzdC8yNzAwEYYPaHR0cDovL3hlc3QvMjcxMBGGD2h0dHA6Ly94ZXN0 +LzI3MjARhg9odHRwOi8veGVzdC8yNzMwEYYPaHR0cDovL3hlc3QvMjc0MBGGD2h0 +dHA6Ly94ZXN0LzI3NTARhg9odHRwOi8veGVzdC8yNzYwEYYPaHR0cDovL3hlc3Qv +Mjc3MBGGD2h0dHA6Ly94ZXN0LzI3ODARhg9odHRwOi8veGVzdC8yNzkwEYYPaHR0 +cDovL3hlc3QvMjgwMBGGD2h0dHA6Ly94ZXN0LzI4MTARhg9odHRwOi8veGVzdC8y +ODIwEYYPaHR0cDovL3hlc3QvMjgzMBGGD2h0dHA6Ly94ZXN0LzI4NDARhg9odHRw +Oi8veGVzdC8yODUwEYYPaHR0cDovL3hlc3QvMjg2MBGGD2h0dHA6Ly94ZXN0LzI4 +NzARhg9odHRwOi8veGVzdC8yODgwEYYPaHR0cDovL3hlc3QvMjg5MBGGD2h0dHA6 +Ly94ZXN0LzI5MDARhg9odHRwOi8veGVzdC8yOTEwEYYPaHR0cDovL3hlc3QvMjky +MBGGD2h0dHA6Ly94ZXN0LzI5MzARhg9odHRwOi8veGVzdC8yOTQwEYYPaHR0cDov +L3hlc3QvMjk1MBGGD2h0dHA6Ly94ZXN0LzI5NjARhg9odHRwOi8veGVzdC8yOTcw +EYYPaHR0cDovL3hlc3QvMjk4MBGGD2h0dHA6Ly94ZXN0LzI5OTARhg9odHRwOi8v +eGVzdC8zMDAwEYYPaHR0cDovL3hlc3QvMzAxMBGGD2h0dHA6Ly94ZXN0LzMwMjAR +hg9odHRwOi8veGVzdC8zMDMwEYYPaHR0cDovL3hlc3QvMzA0MBGGD2h0dHA6Ly94 +ZXN0LzMwNTARhg9odHRwOi8veGVzdC8zMDYwEYYPaHR0cDovL3hlc3QvMzA3MBGG +D2h0dHA6Ly94ZXN0LzMwODARhg9odHRwOi8veGVzdC8zMDkwEYYPaHR0cDovL3hl +c3QvMzEwMBGGD2h0dHA6Ly94ZXN0LzMxMTARhg9odHRwOi8veGVzdC8zMTIwEYYP +aHR0cDovL3hlc3QvMzEzMBGGD2h0dHA6Ly94ZXN0LzMxNDARhg9odHRwOi8veGVz +dC8zMTUwEYYPaHR0cDovL3hlc3QvMzE2MBGGD2h0dHA6Ly94ZXN0LzMxNzARhg9o +dHRwOi8veGVzdC8zMTgwEYYPaHR0cDovL3hlc3QvMzE5MBGGD2h0dHA6Ly94ZXN0 +LzMyMDARhg9odHRwOi8veGVzdC8zMjEwEYYPaHR0cDovL3hlc3QvMzIyMBGGD2h0 +dHA6Ly94ZXN0LzMyMzARhg9odHRwOi8veGVzdC8zMjQwEYYPaHR0cDovL3hlc3Qv +MzI1MBGGD2h0dHA6Ly94ZXN0LzMyNjARhg9odHRwOi8veGVzdC8zMjcwEYYPaHR0 +cDovL3hlc3QvMzI4MBGGD2h0dHA6Ly94ZXN0LzMyOTARhg9odHRwOi8veGVzdC8z +MzAwEYYPaHR0cDovL3hlc3QvMzMxMBGGD2h0dHA6Ly94ZXN0LzMzMjARhg9odHRw +Oi8veGVzdC8zMzMwEYYPaHR0cDovL3hlc3QvMzM0MBGGD2h0dHA6Ly94ZXN0LzMz +NTARhg9odHRwOi8veGVzdC8zMzYwEYYPaHR0cDovL3hlc3QvMzM3MBGGD2h0dHA6 +Ly94ZXN0LzMzODARhg9odHRwOi8veGVzdC8zMzkwEYYPaHR0cDovL3hlc3QvMzQw +MBGGD2h0dHA6Ly94ZXN0LzM0MTARhg9odHRwOi8veGVzdC8zNDIwEYYPaHR0cDov +L3hlc3QvMzQzMBGGD2h0dHA6Ly94ZXN0LzM0NDARhg9odHRwOi8veGVzdC8zNDUw +EYYPaHR0cDovL3hlc3QvMzQ2MBGGD2h0dHA6Ly94ZXN0LzM0NzARhg9odHRwOi8v +eGVzdC8zNDgwEYYPaHR0cDovL3hlc3QvMzQ5MBGGD2h0dHA6Ly94ZXN0LzM1MDAR +hg9odHRwOi8veGVzdC8zNTEwEYYPaHR0cDovL3hlc3QvMzUyMBGGD2h0dHA6Ly94 +ZXN0LzM1MzARhg9odHRwOi8veGVzdC8zNTQwEYYPaHR0cDovL3hlc3QvMzU1MBGG +D2h0dHA6Ly94ZXN0LzM1NjARhg9odHRwOi8veGVzdC8zNTcwEYYPaHR0cDovL3hl +c3QvMzU4MBGGD2h0dHA6Ly94ZXN0LzM1OTARhg9odHRwOi8veGVzdC8zNjAwEYYP +aHR0cDovL3hlc3QvMzYxMBGGD2h0dHA6Ly94ZXN0LzM2MjARhg9odHRwOi8veGVz +dC8zNjMwEYYPaHR0cDovL3hlc3QvMzY0MBGGD2h0dHA6Ly94ZXN0LzM2NTARhg9o +dHRwOi8veGVzdC8zNjYwEYYPaHR0cDovL3hlc3QvMzY3MBGGD2h0dHA6Ly94ZXN0 +LzM2ODARhg9odHRwOi8veGVzdC8zNjkwEYYPaHR0cDovL3hlc3QvMzcwMBGGD2h0 +dHA6Ly94ZXN0LzM3MTARhg9odHRwOi8veGVzdC8zNzIwEYYPaHR0cDovL3hlc3Qv +MzczMBGGD2h0dHA6Ly94ZXN0LzM3NDARhg9odHRwOi8veGVzdC8zNzUwEYYPaHR0 +cDovL3hlc3QvMzc2MBGGD2h0dHA6Ly94ZXN0LzM3NzARhg9odHRwOi8veGVzdC8z +NzgwEYYPaHR0cDovL3hlc3QvMzc5MBGGD2h0dHA6Ly94ZXN0LzM4MDARhg9odHRw +Oi8veGVzdC8zODEwEYYPaHR0cDovL3hlc3QvMzgyMBGGD2h0dHA6Ly94ZXN0LzM4 +MzARhg9odHRwOi8veGVzdC8zODQwEYYPaHR0cDovL3hlc3QvMzg1MBGGD2h0dHA6 +Ly94ZXN0LzM4NjARhg9odHRwOi8veGVzdC8zODcwEYYPaHR0cDovL3hlc3QvMzg4 +MBGGD2h0dHA6Ly94ZXN0LzM4OTARhg9odHRwOi8veGVzdC8zOTAwEYYPaHR0cDov +L3hlc3QvMzkxMBGGD2h0dHA6Ly94ZXN0LzM5MjARhg9odHRwOi8veGVzdC8zOTMw +EYYPaHR0cDovL3hlc3QvMzk0MBGGD2h0dHA6Ly94ZXN0LzM5NTARhg9odHRwOi8v +eGVzdC8zOTYwEYYPaHR0cDovL3hlc3QvMzk3MBGGD2h0dHA6Ly94ZXN0LzM5ODAR +hg9odHRwOi8veGVzdC8zOTkwEYYPaHR0cDovL3hlc3QvNDAwMBGGD2h0dHA6Ly94 +ZXN0LzQwMTARhg9odHRwOi8veGVzdC80MDIwEYYPaHR0cDovL3hlc3QvNDAzMBGG +D2h0dHA6Ly94ZXN0LzQwNDARhg9odHRwOi8veGVzdC80MDUwEYYPaHR0cDovL3hl +c3QvNDA2MBGGD2h0dHA6Ly94ZXN0LzQwNzARhg9odHRwOi8veGVzdC80MDgwEYYP +aHR0cDovL3hlc3QvNDA5MBGGD2h0dHA6Ly94ZXN0LzQxMDARhg9odHRwOi8veGVz +dC80MTEwEYYPaHR0cDovL3hlc3QvNDEyMBGGD2h0dHA6Ly94ZXN0LzQxMzARhg9o +dHRwOi8veGVzdC80MTQwEYYPaHR0cDovL3hlc3QvNDE1MBGGD2h0dHA6Ly94ZXN0 +LzQxNjARhg9odHRwOi8veGVzdC80MTcwEYYPaHR0cDovL3hlc3QvNDE4MBGGD2h0 +dHA6Ly94ZXN0LzQxOTARhg9odHRwOi8veGVzdC80MjAwEYYPaHR0cDovL3hlc3Qv +NDIxMBGGD2h0dHA6Ly94ZXN0LzQyMjARhg9odHRwOi8veGVzdC80MjMwEYYPaHR0 +cDovL3hlc3QvNDI0MBGGD2h0dHA6Ly94ZXN0LzQyNTARhg9odHRwOi8veGVzdC80 +MjYwEYYPaHR0cDovL3hlc3QvNDI3MBGGD2h0dHA6Ly94ZXN0LzQyODARhg9odHRw +Oi8veGVzdC80MjkwEYYPaHR0cDovL3hlc3QvNDMwMBGGD2h0dHA6Ly94ZXN0LzQz +MTARhg9odHRwOi8veGVzdC80MzIwEYYPaHR0cDovL3hlc3QvNDMzMBGGD2h0dHA6 +Ly94ZXN0LzQzNDARhg9odHRwOi8veGVzdC80MzUwEYYPaHR0cDovL3hlc3QvNDM2 +MBGGD2h0dHA6Ly94ZXN0LzQzNzARhg9odHRwOi8veGVzdC80MzgwEYYPaHR0cDov +L3hlc3QvNDM5MBGGD2h0dHA6Ly94ZXN0LzQ0MDARhg9odHRwOi8veGVzdC80NDEw +EYYPaHR0cDovL3hlc3QvNDQyMBGGD2h0dHA6Ly94ZXN0LzQ0MzARhg9odHRwOi8v +eGVzdC80NDQwEYYPaHR0cDovL3hlc3QvNDQ1MBGGD2h0dHA6Ly94ZXN0LzQ0NjAR +hg9odHRwOi8veGVzdC80NDcwEYYPaHR0cDovL3hlc3QvNDQ4MBGGD2h0dHA6Ly94 +ZXN0LzQ0OTARhg9odHRwOi8veGVzdC80NTAwEYYPaHR0cDovL3hlc3QvNDUxMBGG +D2h0dHA6Ly94ZXN0LzQ1MjARhg9odHRwOi8veGVzdC80NTMwEYYPaHR0cDovL3hl +c3QvNDU0MBGGD2h0dHA6Ly94ZXN0LzQ1NTARhg9odHRwOi8veGVzdC80NTYwEYYP +aHR0cDovL3hlc3QvNDU3MBGGD2h0dHA6Ly94ZXN0LzQ1ODARhg9odHRwOi8veGVz +dC80NTkwEYYPaHR0cDovL3hlc3QvNDYwMBGGD2h0dHA6Ly94ZXN0LzQ2MTARhg9o +dHRwOi8veGVzdC80NjIwEYYPaHR0cDovL3hlc3QvNDYzMBGGD2h0dHA6Ly94ZXN0 +LzQ2NDARhg9odHRwOi8veGVzdC80NjUwEYYPaHR0cDovL3hlc3QvNDY2MBGGD2h0 +dHA6Ly94ZXN0LzQ2NzARhg9odHRwOi8veGVzdC80NjgwEYYPaHR0cDovL3hlc3Qv +NDY5MBGGD2h0dHA6Ly94ZXN0LzQ3MDARhg9odHRwOi8veGVzdC80NzEwEYYPaHR0 +cDovL3hlc3QvNDcyMBGGD2h0dHA6Ly94ZXN0LzQ3MzARhg9odHRwOi8veGVzdC80 +NzQwEYYPaHR0cDovL3hlc3QvNDc1MBGGD2h0dHA6Ly94ZXN0LzQ3NjARhg9odHRw +Oi8veGVzdC80NzcwEYYPaHR0cDovL3hlc3QvNDc4MBGGD2h0dHA6Ly94ZXN0LzQ3 +OTARhg9odHRwOi8veGVzdC80ODAwEYYPaHR0cDovL3hlc3QvNDgxMBGGD2h0dHA6 +Ly94ZXN0LzQ4MjARhg9odHRwOi8veGVzdC80ODMwEYYPaHR0cDovL3hlc3QvNDg0 +MBGGD2h0dHA6Ly94ZXN0LzQ4NTARhg9odHRwOi8veGVzdC80ODYwEYYPaHR0cDov +L3hlc3QvNDg3MBGGD2h0dHA6Ly94ZXN0LzQ4ODARhg9odHRwOi8veGVzdC80ODkw +EYYPaHR0cDovL3hlc3QvNDkwMBGGD2h0dHA6Ly94ZXN0LzQ5MTARhg9odHRwOi8v +eGVzdC80OTIwEYYPaHR0cDovL3hlc3QvNDkzMBGGD2h0dHA6Ly94ZXN0LzQ5NDAR +hg9odHRwOi8veGVzdC80OTUwEYYPaHR0cDovL3hlc3QvNDk2MBGGD2h0dHA6Ly94 +ZXN0LzQ5NzARhg9odHRwOi8veGVzdC80OTgwEYYPaHR0cDovL3hlc3QvNDk5MBGG +D2h0dHA6Ly94ZXN0LzUwMDARhg9odHRwOi8veGVzdC81MDEwEYYPaHR0cDovL3hl +c3QvNTAyMBGGD2h0dHA6Ly94ZXN0LzUwMzARhg9odHRwOi8veGVzdC81MDQwEYYP +aHR0cDovL3hlc3QvNTA1MBGGD2h0dHA6Ly94ZXN0LzUwNjARhg9odHRwOi8veGVz +dC81MDcwEYYPaHR0cDovL3hlc3QvNTA4MBGGD2h0dHA6Ly94ZXN0LzUwOTARhg9o +dHRwOi8veGVzdC81MTAwEYYPaHR0cDovL3hlc3QvNTExMBGGD2h0dHA6Ly94ZXN0 +LzUxMjARhg9odHRwOi8veGVzdC81MTMwEYYPaHR0cDovL3hlc3QvNTE0MBGGD2h0 +dHA6Ly94ZXN0LzUxNTARhg9odHRwOi8veGVzdC81MTYwEYYPaHR0cDovL3hlc3Qv +NTE3MBGGD2h0dHA6Ly94ZXN0LzUxODARhg9odHRwOi8veGVzdC81MTkwEYYPaHR0 +cDovL3hlc3QvNTIwMBGGD2h0dHA6Ly94ZXN0LzUyMTARhg9odHRwOi8veGVzdC81 +MjIwEYYPaHR0cDovL3hlc3QvNTIzMBGGD2h0dHA6Ly94ZXN0LzUyNDARhg9odHRw +Oi8veGVzdC81MjUwEYYPaHR0cDovL3hlc3QvNTI2MBGGD2h0dHA6Ly94ZXN0LzUy +NzARhg9odHRwOi8veGVzdC81MjgwEYYPaHR0cDovL3hlc3QvNTI5MBGGD2h0dHA6 +Ly94ZXN0LzUzMDARhg9odHRwOi8veGVzdC81MzEwEYYPaHR0cDovL3hlc3QvNTMy +MBGGD2h0dHA6Ly94ZXN0LzUzMzARhg9odHRwOi8veGVzdC81MzQwEYYPaHR0cDov +L3hlc3QvNTM1MBGGD2h0dHA6Ly94ZXN0LzUzNjARhg9odHRwOi8veGVzdC81Mzcw +EYYPaHR0cDovL3hlc3QvNTM4MBGGD2h0dHA6Ly94ZXN0LzUzOTARhg9odHRwOi8v +eGVzdC81NDAwEYYPaHR0cDovL3hlc3QvNTQxMBGGD2h0dHA6Ly94ZXN0LzU0MjAR +hg9odHRwOi8veGVzdC81NDMwEYYPaHR0cDovL3hlc3QvNTQ0MBGGD2h0dHA6Ly94 +ZXN0LzU0NTARhg9odHRwOi8veGVzdC81NDYwEYYPaHR0cDovL3hlc3QvNTQ3MBGG +D2h0dHA6Ly94ZXN0LzU0ODARhg9odHRwOi8veGVzdC81NDkwEYYPaHR0cDovL3hl +c3QvNTUwMBGGD2h0dHA6Ly94ZXN0LzU1MTARhg9odHRwOi8veGVzdC81NTIwEYYP +aHR0cDovL3hlc3QvNTUzMBGGD2h0dHA6Ly94ZXN0LzU1NDARhg9odHRwOi8veGVz +dC81NTUwEYYPaHR0cDovL3hlc3QvNTU2MBGGD2h0dHA6Ly94ZXN0LzU1NzARhg9o +dHRwOi8veGVzdC81NTgwEYYPaHR0cDovL3hlc3QvNTU5MBGGD2h0dHA6Ly94ZXN0 +LzU2MDARhg9odHRwOi8veGVzdC81NjEwEYYPaHR0cDovL3hlc3QvNTYyMBGGD2h0 +dHA6Ly94ZXN0LzU2MzARhg9odHRwOi8veGVzdC81NjQwEYYPaHR0cDovL3hlc3Qv +NTY1MBGGD2h0dHA6Ly94ZXN0LzU2NjARhg9odHRwOi8veGVzdC81NjcwEYYPaHR0 +cDovL3hlc3QvNTY4MBGGD2h0dHA6Ly94ZXN0LzU2OTARhg9odHRwOi8veGVzdC81 +NzAwEYYPaHR0cDovL3hlc3QvNTcxMBGGD2h0dHA6Ly94ZXN0LzU3MjARhg9odHRw +Oi8veGVzdC81NzMwEYYPaHR0cDovL3hlc3QvNTc0MBGGD2h0dHA6Ly94ZXN0LzU3 +NTARhg9odHRwOi8veGVzdC81NzYwEYYPaHR0cDovL3hlc3QvNTc3MBGGD2h0dHA6 +Ly94ZXN0LzU3ODARhg9odHRwOi8veGVzdC81NzkwEYYPaHR0cDovL3hlc3QvNTgw +MBGGD2h0dHA6Ly94ZXN0LzU4MTARhg9odHRwOi8veGVzdC81ODIwEYYPaHR0cDov +L3hlc3QvNTgzMBGGD2h0dHA6Ly94ZXN0LzU4NDARhg9odHRwOi8veGVzdC81ODUw +EYYPaHR0cDovL3hlc3QvNTg2MBGGD2h0dHA6Ly94ZXN0LzU4NzARhg9odHRwOi8v +eGVzdC81ODgwEYYPaHR0cDovL3hlc3QvNTg5MBGGD2h0dHA6Ly94ZXN0LzU5MDAR +hg9odHRwOi8veGVzdC81OTEwEYYPaHR0cDovL3hlc3QvNTkyMBGGD2h0dHA6Ly94 +ZXN0LzU5MzARhg9odHRwOi8veGVzdC81OTQwEYYPaHR0cDovL3hlc3QvNTk1MBGG +D2h0dHA6Ly94ZXN0LzU5NjARhg9odHRwOi8veGVzdC81OTcwEYYPaHR0cDovL3hl +c3QvNTk4MBGGD2h0dHA6Ly94ZXN0LzU5OTARhg9odHRwOi8veGVzdC82MDAwEYYP +aHR0cDovL3hlc3QvNjAxMBGGD2h0dHA6Ly94ZXN0LzYwMjARhg9odHRwOi8veGVz +dC82MDMwEYYPaHR0cDovL3hlc3QvNjA0MBGGD2h0dHA6Ly94ZXN0LzYwNTARhg9o +dHRwOi8veGVzdC82MDYwEYYPaHR0cDovL3hlc3QvNjA3MBGGD2h0dHA6Ly94ZXN0 +LzYwODARhg9odHRwOi8veGVzdC82MDkwEYYPaHR0cDovL3hlc3QvNjEwMBGGD2h0 +dHA6Ly94ZXN0LzYxMTARhg9odHRwOi8veGVzdC82MTIwEYYPaHR0cDovL3hlc3Qv +NjEzMBGGD2h0dHA6Ly94ZXN0LzYxNDARhg9odHRwOi8veGVzdC82MTUwEYYPaHR0 +cDovL3hlc3QvNjE2MBGGD2h0dHA6Ly94ZXN0LzYxNzARhg9odHRwOi8veGVzdC82 +MTgwEYYPaHR0cDovL3hlc3QvNjE5MBGGD2h0dHA6Ly94ZXN0LzYyMDARhg9odHRw +Oi8veGVzdC82MjEwEYYPaHR0cDovL3hlc3QvNjIyMBGGD2h0dHA6Ly94ZXN0LzYy +MzARhg9odHRwOi8veGVzdC82MjQwEYYPaHR0cDovL3hlc3QvNjI1MBGGD2h0dHA6 +Ly94ZXN0LzYyNjARhg9odHRwOi8veGVzdC82MjcwEYYPaHR0cDovL3hlc3QvNjI4 +MBGGD2h0dHA6Ly94ZXN0LzYyOTARhg9odHRwOi8veGVzdC82MzAwEYYPaHR0cDov +L3hlc3QvNjMxMBGGD2h0dHA6Ly94ZXN0LzYzMjARhg9odHRwOi8veGVzdC82MzMw +EYYPaHR0cDovL3hlc3QvNjM0MBGGD2h0dHA6Ly94ZXN0LzYzNTARhg9odHRwOi8v +eGVzdC82MzYwEYYPaHR0cDovL3hlc3QvNjM3MBGGD2h0dHA6Ly94ZXN0LzYzODAR +hg9odHRwOi8veGVzdC82MzkwEYYPaHR0cDovL3hlc3QvNjQwMBGGD2h0dHA6Ly94 +ZXN0LzY0MTARhg9odHRwOi8veGVzdC82NDIwEYYPaHR0cDovL3hlc3QvNjQzMBGG +D2h0dHA6Ly94ZXN0LzY0NDARhg9odHRwOi8veGVzdC82NDUwEYYPaHR0cDovL3hl +c3QvNjQ2MBGGD2h0dHA6Ly94ZXN0LzY0NzARhg9odHRwOi8veGVzdC82NDgwEYYP +aHR0cDovL3hlc3QvNjQ5MBGGD2h0dHA6Ly94ZXN0LzY1MDARhg9odHRwOi8veGVz +dC82NTEwEYYPaHR0cDovL3hlc3QvNjUyMBGGD2h0dHA6Ly94ZXN0LzY1MzARhg9o +dHRwOi8veGVzdC82NTQwEYYPaHR0cDovL3hlc3QvNjU1MBGGD2h0dHA6Ly94ZXN0 +LzY1NjARhg9odHRwOi8veGVzdC82NTcwEYYPaHR0cDovL3hlc3QvNjU4MBGGD2h0 +dHA6Ly94ZXN0LzY1OTARhg9odHRwOi8veGVzdC82NjAwEYYPaHR0cDovL3hlc3Qv +NjYxMBGGD2h0dHA6Ly94ZXN0LzY2MjARhg9odHRwOi8veGVzdC82NjMwEYYPaHR0 +cDovL3hlc3QvNjY0MBGGD2h0dHA6Ly94ZXN0LzY2NTARhg9odHRwOi8veGVzdC82 +NjYwEYYPaHR0cDovL3hlc3QvNjY3MBGGD2h0dHA6Ly94ZXN0LzY2ODARhg9odHRw +Oi8veGVzdC82NjkwEYYPaHR0cDovL3hlc3QvNjcwMBGGD2h0dHA6Ly94ZXN0LzY3 +MTARhg9odHRwOi8veGVzdC82NzIwEYYPaHR0cDovL3hlc3QvNjczMBGGD2h0dHA6 +Ly94ZXN0LzY3NDARhg9odHRwOi8veGVzdC82NzUwEYYPaHR0cDovL3hlc3QvNjc2 +MBGGD2h0dHA6Ly94ZXN0LzY3NzARhg9odHRwOi8veGVzdC82NzgwEYYPaHR0cDov +L3hlc3QvNjc5MBGGD2h0dHA6Ly94ZXN0LzY4MDARhg9odHRwOi8veGVzdC82ODEw +EYYPaHR0cDovL3hlc3QvNjgyMBGGD2h0dHA6Ly94ZXN0LzY4MzARhg9odHRwOi8v +eGVzdC82ODQwEYYPaHR0cDovL3hlc3QvNjg1MBGGD2h0dHA6Ly94ZXN0LzY4NjAR +hg9odHRwOi8veGVzdC82ODcwEYYPaHR0cDovL3hlc3QvNjg4MBGGD2h0dHA6Ly94 +ZXN0LzY4OTARhg9odHRwOi8veGVzdC82OTAwEYYPaHR0cDovL3hlc3QvNjkxMBGG +D2h0dHA6Ly94ZXN0LzY5MjARhg9odHRwOi8veGVzdC82OTMwEYYPaHR0cDovL3hl +c3QvNjk0MBGGD2h0dHA6Ly94ZXN0LzY5NTARhg9odHRwOi8veGVzdC82OTYwEYYP +aHR0cDovL3hlc3QvNjk3MBGGD2h0dHA6Ly94ZXN0LzY5ODARhg9odHRwOi8veGVz +dC82OTkwEYYPaHR0cDovL3hlc3QvNzAwMBGGD2h0dHA6Ly94ZXN0LzcwMTARhg9o +dHRwOi8veGVzdC83MDIwEYYPaHR0cDovL3hlc3QvNzAzMBGGD2h0dHA6Ly94ZXN0 +LzcwNDARhg9odHRwOi8veGVzdC83MDUwEYYPaHR0cDovL3hlc3QvNzA2MBGGD2h0 +dHA6Ly94ZXN0LzcwNzARhg9odHRwOi8veGVzdC83MDgwEYYPaHR0cDovL3hlc3Qv +NzA5MBGGD2h0dHA6Ly94ZXN0LzcxMDARhg9odHRwOi8veGVzdC83MTEwEYYPaHR0 +cDovL3hlc3QvNzEyMBGGD2h0dHA6Ly94ZXN0LzcxMzARhg9odHRwOi8veGVzdC83 +MTQwEYYPaHR0cDovL3hlc3QvNzE1MBGGD2h0dHA6Ly94ZXN0LzcxNjARhg9odHRw +Oi8veGVzdC83MTcwEYYPaHR0cDovL3hlc3QvNzE4MBGGD2h0dHA6Ly94ZXN0Lzcx +OTARhg9odHRwOi8veGVzdC83MjAwEYYPaHR0cDovL3hlc3QvNzIxMBGGD2h0dHA6 +Ly94ZXN0LzcyMjARhg9odHRwOi8veGVzdC83MjMwEYYPaHR0cDovL3hlc3QvNzI0 +MBGGD2h0dHA6Ly94ZXN0LzcyNTARhg9odHRwOi8veGVzdC83MjYwEYYPaHR0cDov +L3hlc3QvNzI3MBGGD2h0dHA6Ly94ZXN0LzcyODARhg9odHRwOi8veGVzdC83Mjkw +EYYPaHR0cDovL3hlc3QvNzMwMBGGD2h0dHA6Ly94ZXN0LzczMTARhg9odHRwOi8v +eGVzdC83MzIwEYYPaHR0cDovL3hlc3QvNzMzMBGGD2h0dHA6Ly94ZXN0LzczNDAR +hg9odHRwOi8veGVzdC83MzUwEYYPaHR0cDovL3hlc3QvNzM2MBGGD2h0dHA6Ly94 +ZXN0LzczNzARhg9odHRwOi8veGVzdC83MzgwEYYPaHR0cDovL3hlc3QvNzM5MBGG +D2h0dHA6Ly94ZXN0Lzc0MDARhg9odHRwOi8veGVzdC83NDEwEYYPaHR0cDovL3hl +c3QvNzQyMBGGD2h0dHA6Ly94ZXN0Lzc0MzARhg9odHRwOi8veGVzdC83NDQwEYYP +aHR0cDovL3hlc3QvNzQ1MBGGD2h0dHA6Ly94ZXN0Lzc0NjARhg9odHRwOi8veGVz +dC83NDcwEYYPaHR0cDovL3hlc3QvNzQ4MBGGD2h0dHA6Ly94ZXN0Lzc0OTARhg9o +dHRwOi8veGVzdC83NTAwEYYPaHR0cDovL3hlc3QvNzUxMBGGD2h0dHA6Ly94ZXN0 +Lzc1MjARhg9odHRwOi8veGVzdC83NTMwEYYPaHR0cDovL3hlc3QvNzU0MBGGD2h0 +dHA6Ly94ZXN0Lzc1NTARhg9odHRwOi8veGVzdC83NTYwEYYPaHR0cDovL3hlc3Qv +NzU3MBGGD2h0dHA6Ly94ZXN0Lzc1ODARhg9odHRwOi8veGVzdC83NTkwEYYPaHR0 +cDovL3hlc3QvNzYwMBGGD2h0dHA6Ly94ZXN0Lzc2MTARhg9odHRwOi8veGVzdC83 +NjIwEYYPaHR0cDovL3hlc3QvNzYzMBGGD2h0dHA6Ly94ZXN0Lzc2NDARhg9odHRw +Oi8veGVzdC83NjUwEYYPaHR0cDovL3hlc3QvNzY2MBGGD2h0dHA6Ly94ZXN0Lzc2 +NzARhg9odHRwOi8veGVzdC83NjgwEYYPaHR0cDovL3hlc3QvNzY5MBGGD2h0dHA6 +Ly94ZXN0Lzc3MDARhg9odHRwOi8veGVzdC83NzEwEYYPaHR0cDovL3hlc3QvNzcy +MBGGD2h0dHA6Ly94ZXN0Lzc3MzARhg9odHRwOi8veGVzdC83NzQwEYYPaHR0cDov +L3hlc3QvNzc1MBGGD2h0dHA6Ly94ZXN0Lzc3NjARhg9odHRwOi8veGVzdC83Nzcw +EYYPaHR0cDovL3hlc3QvNzc4MBGGD2h0dHA6Ly94ZXN0Lzc3OTARhg9odHRwOi8v +eGVzdC83ODAwEYYPaHR0cDovL3hlc3QvNzgxMBGGD2h0dHA6Ly94ZXN0Lzc4MjAR +hg9odHRwOi8veGVzdC83ODMwEYYPaHR0cDovL3hlc3QvNzg0MBGGD2h0dHA6Ly94 +ZXN0Lzc4NTARhg9odHRwOi8veGVzdC83ODYwEYYPaHR0cDovL3hlc3QvNzg3MBGG +D2h0dHA6Ly94ZXN0Lzc4ODARhg9odHRwOi8veGVzdC83ODkwEYYPaHR0cDovL3hl +c3QvNzkwMBGGD2h0dHA6Ly94ZXN0Lzc5MTARhg9odHRwOi8veGVzdC83OTIwEYYP +aHR0cDovL3hlc3QvNzkzMBGGD2h0dHA6Ly94ZXN0Lzc5NDARhg9odHRwOi8veGVz +dC83OTUwEYYPaHR0cDovL3hlc3QvNzk2MBGGD2h0dHA6Ly94ZXN0Lzc5NzARhg9o +dHRwOi8veGVzdC83OTgwEYYPaHR0cDovL3hlc3QvNzk5MBGGD2h0dHA6Ly94ZXN0 +LzgwMDARhg9odHRwOi8veGVzdC84MDEwEYYPaHR0cDovL3hlc3QvODAyMBGGD2h0 +dHA6Ly94ZXN0LzgwMzARhg9odHRwOi8veGVzdC84MDQwEYYPaHR0cDovL3hlc3Qv +ODA1MBGGD2h0dHA6Ly94ZXN0LzgwNjARhg9odHRwOi8veGVzdC84MDcwEYYPaHR0 +cDovL3hlc3QvODA4MBGGD2h0dHA6Ly94ZXN0LzgwOTARhg9odHRwOi8veGVzdC84 +MTAwEYYPaHR0cDovL3hlc3QvODExMBGGD2h0dHA6Ly94ZXN0LzgxMjARhg9odHRw +Oi8veGVzdC84MTMwEYYPaHR0cDovL3hlc3QvODE0MBGGD2h0dHA6Ly94ZXN0Lzgx +NTARhg9odHRwOi8veGVzdC84MTYwEYYPaHR0cDovL3hlc3QvODE3MBGGD2h0dHA6 +Ly94ZXN0LzgxODARhg9odHRwOi8veGVzdC84MTkwEYYPaHR0cDovL3hlc3QvODIw +MBGGD2h0dHA6Ly94ZXN0LzgyMTARhg9odHRwOi8veGVzdC84MjIwEYYPaHR0cDov +L3hlc3QvODIzMBGGD2h0dHA6Ly94ZXN0LzgyNDARhg9odHRwOi8veGVzdC84MjUw +EYYPaHR0cDovL3hlc3QvODI2MBGGD2h0dHA6Ly94ZXN0LzgyNzARhg9odHRwOi8v +eGVzdC84MjgwEYYPaHR0cDovL3hlc3QvODI5MBGGD2h0dHA6Ly94ZXN0LzgzMDAR +hg9odHRwOi8veGVzdC84MzEwEYYPaHR0cDovL3hlc3QvODMyMBGGD2h0dHA6Ly94 +ZXN0LzgzMzARhg9odHRwOi8veGVzdC84MzQwEYYPaHR0cDovL3hlc3QvODM1MBGG +D2h0dHA6Ly94ZXN0LzgzNjARhg9odHRwOi8veGVzdC84MzcwEYYPaHR0cDovL3hl +c3QvODM4MBGGD2h0dHA6Ly94ZXN0LzgzOTARhg9odHRwOi8veGVzdC84NDAwEYYP +aHR0cDovL3hlc3QvODQxMBGGD2h0dHA6Ly94ZXN0Lzg0MjARhg9odHRwOi8veGVz +dC84NDMwEYYPaHR0cDovL3hlc3QvODQ0MBGGD2h0dHA6Ly94ZXN0Lzg0NTARhg9o +dHRwOi8veGVzdC84NDYwEYYPaHR0cDovL3hlc3QvODQ3MBGGD2h0dHA6Ly94ZXN0 +Lzg0ODARhg9odHRwOi8veGVzdC84NDkwEYYPaHR0cDovL3hlc3QvODUwMBGGD2h0 +dHA6Ly94ZXN0Lzg1MTARhg9odHRwOi8veGVzdC84NTIwEYYPaHR0cDovL3hlc3Qv +ODUzMBGGD2h0dHA6Ly94ZXN0Lzg1NDARhg9odHRwOi8veGVzdC84NTUwEYYPaHR0 +cDovL3hlc3QvODU2MBGGD2h0dHA6Ly94ZXN0Lzg1NzARhg9odHRwOi8veGVzdC84 +NTgwEYYPaHR0cDovL3hlc3QvODU5MBGGD2h0dHA6Ly94ZXN0Lzg2MDARhg9odHRw +Oi8veGVzdC84NjEwEYYPaHR0cDovL3hlc3QvODYyMBGGD2h0dHA6Ly94ZXN0Lzg2 +MzARhg9odHRwOi8veGVzdC84NjQwEYYPaHR0cDovL3hlc3QvODY1MBGGD2h0dHA6 +Ly94ZXN0Lzg2NjARhg9odHRwOi8veGVzdC84NjcwEYYPaHR0cDovL3hlc3QvODY4 +MBGGD2h0dHA6Ly94ZXN0Lzg2OTARhg9odHRwOi8veGVzdC84NzAwEYYPaHR0cDov +L3hlc3QvODcxMBGGD2h0dHA6Ly94ZXN0Lzg3MjARhg9odHRwOi8veGVzdC84NzMw +EYYPaHR0cDovL3hlc3QvODc0MBGGD2h0dHA6Ly94ZXN0Lzg3NTARhg9odHRwOi8v +eGVzdC84NzYwEYYPaHR0cDovL3hlc3QvODc3MBGGD2h0dHA6Ly94ZXN0Lzg3ODAR +hg9odHRwOi8veGVzdC84NzkwEYYPaHR0cDovL3hlc3QvODgwMBGGD2h0dHA6Ly94 +ZXN0Lzg4MTARhg9odHRwOi8veGVzdC84ODIwEYYPaHR0cDovL3hlc3QvODgzMBGG +D2h0dHA6Ly94ZXN0Lzg4NDARhg9odHRwOi8veGVzdC84ODUwEYYPaHR0cDovL3hl +c3QvODg2MBGGD2h0dHA6Ly94ZXN0Lzg4NzARhg9odHRwOi8veGVzdC84ODgwEYYP +aHR0cDovL3hlc3QvODg5MBGGD2h0dHA6Ly94ZXN0Lzg5MDARhg9odHRwOi8veGVz +dC84OTEwEYYPaHR0cDovL3hlc3QvODkyMBGGD2h0dHA6Ly94ZXN0Lzg5MzARhg9o +dHRwOi8veGVzdC84OTQwEYYPaHR0cDovL3hlc3QvODk1MBGGD2h0dHA6Ly94ZXN0 +Lzg5NjARhg9odHRwOi8veGVzdC84OTcwEYYPaHR0cDovL3hlc3QvODk4MBGGD2h0 +dHA6Ly94ZXN0Lzg5OTARhg9odHRwOi8veGVzdC85MDAwEYYPaHR0cDovL3hlc3Qv +OTAxMBGGD2h0dHA6Ly94ZXN0LzkwMjARhg9odHRwOi8veGVzdC85MDMwEYYPaHR0 +cDovL3hlc3QvOTA0MBGGD2h0dHA6Ly94ZXN0LzkwNTARhg9odHRwOi8veGVzdC85 +MDYwEYYPaHR0cDovL3hlc3QvOTA3MBGGD2h0dHA6Ly94ZXN0LzkwODARhg9odHRw +Oi8veGVzdC85MDkwEYYPaHR0cDovL3hlc3QvOTEwMBGGD2h0dHA6Ly94ZXN0Lzkx +MTARhg9odHRwOi8veGVzdC85MTIwEYYPaHR0cDovL3hlc3QvOTEzMBGGD2h0dHA6 +Ly94ZXN0LzkxNDARhg9odHRwOi8veGVzdC85MTUwEYYPaHR0cDovL3hlc3QvOTE2 +MBGGD2h0dHA6Ly94ZXN0LzkxNzARhg9odHRwOi8veGVzdC85MTgwEYYPaHR0cDov +L3hlc3QvOTE5MBGGD2h0dHA6Ly94ZXN0LzkyMDARhg9odHRwOi8veGVzdC85MjEw +EYYPaHR0cDovL3hlc3QvOTIyMBGGD2h0dHA6Ly94ZXN0LzkyMzARhg9odHRwOi8v +eGVzdC85MjQwEYYPaHR0cDovL3hlc3QvOTI1MBGGD2h0dHA6Ly94ZXN0LzkyNjAR +hg9odHRwOi8veGVzdC85MjcwEYYPaHR0cDovL3hlc3QvOTI4MBGGD2h0dHA6Ly94 +ZXN0LzkyOTARhg9odHRwOi8veGVzdC85MzAwEYYPaHR0cDovL3hlc3QvOTMxMBGG +D2h0dHA6Ly94ZXN0LzkzMjARhg9odHRwOi8veGVzdC85MzMwEYYPaHR0cDovL3hl +c3QvOTM0MBGGD2h0dHA6Ly94ZXN0LzkzNTARhg9odHRwOi8veGVzdC85MzYwEYYP +aHR0cDovL3hlc3QvOTM3MBGGD2h0dHA6Ly94ZXN0LzkzODARhg9odHRwOi8veGVz +dC85MzkwEYYPaHR0cDovL3hlc3QvOTQwMBGGD2h0dHA6Ly94ZXN0Lzk0MTARhg9o +dHRwOi8veGVzdC85NDIwEYYPaHR0cDovL3hlc3QvOTQzMBGGD2h0dHA6Ly94ZXN0 +Lzk0NDARhg9odHRwOi8veGVzdC85NDUwEYYPaHR0cDovL3hlc3QvOTQ2MBGGD2h0 +dHA6Ly94ZXN0Lzk0NzARhg9odHRwOi8veGVzdC85NDgwEYYPaHR0cDovL3hlc3Qv +OTQ5MBGGD2h0dHA6Ly94ZXN0Lzk1MDARhg9odHRwOi8veGVzdC85NTEwEYYPaHR0 +cDovL3hlc3QvOTUyMBGGD2h0dHA6Ly94ZXN0Lzk1MzARhg9odHRwOi8veGVzdC85 +NTQwEYYPaHR0cDovL3hlc3QvOTU1MBGGD2h0dHA6Ly94ZXN0Lzk1NjARhg9odHRw +Oi8veGVzdC85NTcwEYYPaHR0cDovL3hlc3QvOTU4MBGGD2h0dHA6Ly94ZXN0Lzk1 +OTARhg9odHRwOi8veGVzdC85NjAwEYYPaHR0cDovL3hlc3QvOTYxMBGGD2h0dHA6 +Ly94ZXN0Lzk2MjARhg9odHRwOi8veGVzdC85NjMwEYYPaHR0cDovL3hlc3QvOTY0 +MBGGD2h0dHA6Ly94ZXN0Lzk2NTARhg9odHRwOi8veGVzdC85NjYwEYYPaHR0cDov +L3hlc3QvOTY3MBGGD2h0dHA6Ly94ZXN0Lzk2ODARhg9odHRwOi8veGVzdC85Njkw +EYYPaHR0cDovL3hlc3QvOTcwMBGGD2h0dHA6Ly94ZXN0Lzk3MTARhg9odHRwOi8v +eGVzdC85NzIwEYYPaHR0cDovL3hlc3QvOTczMBGGD2h0dHA6Ly94ZXN0Lzk3NDAR +hg9odHRwOi8veGVzdC85NzUwEYYPaHR0cDovL3hlc3QvOTc2MBGGD2h0dHA6Ly94 +ZXN0Lzk3NzARhg9odHRwOi8veGVzdC85NzgwEYYPaHR0cDovL3hlc3QvOTc5MBGG +D2h0dHA6Ly94ZXN0Lzk4MDARhg9odHRwOi8veGVzdC85ODEwEYYPaHR0cDovL3hl +c3QvOTgyMBGGD2h0dHA6Ly94ZXN0Lzk4MzARhg9odHRwOi8veGVzdC85ODQwEYYP +aHR0cDovL3hlc3QvOTg1MBGGD2h0dHA6Ly94ZXN0Lzk4NjARhg9odHRwOi8veGVz +dC85ODcwEYYPaHR0cDovL3hlc3QvOTg4MBGGD2h0dHA6Ly94ZXN0Lzk4OTARhg9o +dHRwOi8veGVzdC85OTAwEYYPaHR0cDovL3hlc3QvOTkxMBGGD2h0dHA6Ly94ZXN0 +Lzk5MjARhg9odHRwOi8veGVzdC85OTMwEYYPaHR0cDovL3hlc3QvOTk0MBGGD2h0 +dHA6Ly94ZXN0Lzk5NTARhg9odHRwOi8veGVzdC85OTYwEYYPaHR0cDovL3hlc3Qv +OTk3MBGGD2h0dHA6Ly94ZXN0Lzk5ODARhg9odHRwOi8veGVzdC85OTkwEoYQaHR0 +cDovL3hlc3QvMTAwMDAShhBodHRwOi8veGVzdC8xMDAxMBKGEGh0dHA6Ly94ZXN0 +LzEwMDIwEoYQaHR0cDovL3hlc3QvMTAwMzAShhBodHRwOi8veGVzdC8xMDA0MBKG +EGh0dHA6Ly94ZXN0LzEwMDUwEoYQaHR0cDovL3hlc3QvMTAwNjAShhBodHRwOi8v +eGVzdC8xMDA3MBKGEGh0dHA6Ly94ZXN0LzEwMDgwEoYQaHR0cDovL3hlc3QvMTAw +OTAShhBodHRwOi8veGVzdC8xMDEwMBKGEGh0dHA6Ly94ZXN0LzEwMTEwEoYQaHR0 +cDovL3hlc3QvMTAxMjAShhBodHRwOi8veGVzdC8xMDEzMBKGEGh0dHA6Ly94ZXN0 +LzEwMTQwEoYQaHR0cDovL3hlc3QvMTAxNTAShhBodHRwOi8veGVzdC8xMDE2MBKG +EGh0dHA6Ly94ZXN0LzEwMTcwEoYQaHR0cDovL3hlc3QvMTAxODAShhBodHRwOi8v +eGVzdC8xMDE5MBKGEGh0dHA6Ly94ZXN0LzEwMjAwEoYQaHR0cDovL3hlc3QvMTAy +MTAShhBodHRwOi8veGVzdC8xMDIyMBKGEGh0dHA6Ly94ZXN0LzEwMjMwEoYQaHR0 +cDovL3hlc3QvMTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAgsk+M7BA++4VDlXfzCOT +zuINL88G39pnRJgF1zJlh43pf1q9m43BXh8sqno+Ds7lrcWsKXpC4Y0611gpm3kY +SSvte4/33aXtqs/Bja6bJiGVwqu7r3wuNSro0pw5mwFcQTh/9q1J9a1Tij0mzRDr +hIU+K7Jf/QuVZsUc0Ds8HkDM3Yyj/P4bJCNss2+VGWdseQBqLJY3NqXVTb1kzFy+ +kYIUFmsad7LHDLG/dASbz9gt2We6Xn5xHnF2bW4caamMkjXObn26Wn1QuFIiTl1R +Yv03X3jeVR1C9L77bHbmR8rpkmgFUk25ntmEbzpP9Ls7UixBLyjcFhhdUlx/pueW +KQ== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db new file mode 100644 index 0000000000..829edad47b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db @@ -0,0 +1,8 @@ +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D4 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D5 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D6 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D7 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D8 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D9 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8DA unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8DB unknown /CN=t0 diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr.old new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.old new file mode 100644 index 0000000000..9d478d5995 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.db.old @@ -0,0 +1,7 @@ +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D4 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D5 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D6 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D7 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D8 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8D9 unknown /CN=t0 +V 221005120000Z 2FABB43DDCC077802A0309AD437402BF98D8DA unknown /CN=t0 diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.pem new file mode 100644 index 0000000000..cd3f1215ab --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.pem @@ -0,0 +1,4294 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + URI:http://test/0 + URI:http://test/1 + URI:http://test/2 + URI:http://test/3 + URI:http://test/4 + URI:http://test/5 + URI:http://test/6 + URI:http://test/7 + URI:http://test/8 + URI:http://test/9 + URI:http://test/10 + URI:http://test/11 + URI:http://test/12 + URI:http://test/13 + URI:http://test/14 + URI:http://test/15 + URI:http://test/16 + URI:http://test/17 + URI:http://test/18 + URI:http://test/19 + URI:http://test/20 + URI:http://test/21 + URI:http://test/22 + URI:http://test/23 + URI:http://test/24 + URI:http://test/25 + URI:http://test/26 + URI:http://test/27 + URI:http://test/28 + URI:http://test/29 + URI:http://test/30 + URI:http://test/31 + URI:http://test/32 + URI:http://test/33 + URI:http://test/34 + URI:http://test/35 + URI:http://test/36 + URI:http://test/37 + URI:http://test/38 + URI:http://test/39 + URI:http://test/40 + URI:http://test/41 + URI:http://test/42 + URI:http://test/43 + URI:http://test/44 + URI:http://test/45 + URI:http://test/46 + URI:http://test/47 + URI:http://test/48 + URI:http://test/49 + URI:http://test/50 + URI:http://test/51 + URI:http://test/52 + URI:http://test/53 + URI:http://test/54 + URI:http://test/55 + URI:http://test/56 + URI:http://test/57 + URI:http://test/58 + URI:http://test/59 + URI:http://test/60 + URI:http://test/61 + URI:http://test/62 + URI:http://test/63 + URI:http://test/64 + URI:http://test/65 + URI:http://test/66 + URI:http://test/67 + URI:http://test/68 + URI:http://test/69 + URI:http://test/70 + URI:http://test/71 + URI:http://test/72 + URI:http://test/73 + URI:http://test/74 + URI:http://test/75 + URI:http://test/76 + URI:http://test/77 + URI:http://test/78 + URI:http://test/79 + URI:http://test/80 + URI:http://test/81 + URI:http://test/82 + URI:http://test/83 + URI:http://test/84 + URI:http://test/85 + URI:http://test/86 + URI:http://test/87 + URI:http://test/88 + URI:http://test/89 + URI:http://test/90 + URI:http://test/91 + URI:http://test/92 + URI:http://test/93 + URI:http://test/94 + URI:http://test/95 + URI:http://test/96 + URI:http://test/97 + URI:http://test/98 + URI:http://test/99 + URI:http://test/100 + URI:http://test/101 + URI:http://test/102 + URI:http://test/103 + URI:http://test/104 + URI:http://test/105 + URI:http://test/106 + URI:http://test/107 + URI:http://test/108 + URI:http://test/109 + URI:http://test/110 + URI:http://test/111 + URI:http://test/112 + URI:http://test/113 + URI:http://test/114 + URI:http://test/115 + URI:http://test/116 + URI:http://test/117 + URI:http://test/118 + URI:http://test/119 + URI:http://test/120 + URI:http://test/121 + URI:http://test/122 + URI:http://test/123 + URI:http://test/124 + URI:http://test/125 + URI:http://test/126 + URI:http://test/127 + URI:http://test/128 + URI:http://test/129 + URI:http://test/130 + URI:http://test/131 + URI:http://test/132 + URI:http://test/133 + URI:http://test/134 + URI:http://test/135 + URI:http://test/136 + URI:http://test/137 + URI:http://test/138 + URI:http://test/139 + URI:http://test/140 + URI:http://test/141 + URI:http://test/142 + URI:http://test/143 + URI:http://test/144 + URI:http://test/145 + URI:http://test/146 + URI:http://test/147 + URI:http://test/148 + URI:http://test/149 + URI:http://test/150 + URI:http://test/151 + URI:http://test/152 + URI:http://test/153 + URI:http://test/154 + URI:http://test/155 + URI:http://test/156 + URI:http://test/157 + URI:http://test/158 + URI:http://test/159 + URI:http://test/160 + URI:http://test/161 + URI:http://test/162 + URI:http://test/163 + URI:http://test/164 + URI:http://test/165 + URI:http://test/166 + URI:http://test/167 + URI:http://test/168 + URI:http://test/169 + URI:http://test/170 + URI:http://test/171 + URI:http://test/172 + URI:http://test/173 + URI:http://test/174 + URI:http://test/175 + URI:http://test/176 + URI:http://test/177 + URI:http://test/178 + URI:http://test/179 + URI:http://test/180 + URI:http://test/181 + URI:http://test/182 + URI:http://test/183 + URI:http://test/184 + URI:http://test/185 + URI:http://test/186 + URI:http://test/187 + URI:http://test/188 + URI:http://test/189 + URI:http://test/190 + URI:http://test/191 + URI:http://test/192 + URI:http://test/193 + URI:http://test/194 + URI:http://test/195 + URI:http://test/196 + URI:http://test/197 + URI:http://test/198 + URI:http://test/199 + URI:http://test/200 + URI:http://test/201 + URI:http://test/202 + URI:http://test/203 + URI:http://test/204 + URI:http://test/205 + URI:http://test/206 + URI:http://test/207 + URI:http://test/208 + URI:http://test/209 + URI:http://test/210 + URI:http://test/211 + URI:http://test/212 + URI:http://test/213 + URI:http://test/214 + URI:http://test/215 + URI:http://test/216 + URI:http://test/217 + URI:http://test/218 + URI:http://test/219 + URI:http://test/220 + URI:http://test/221 + URI:http://test/222 + URI:http://test/223 + URI:http://test/224 + URI:http://test/225 + URI:http://test/226 + URI:http://test/227 + URI:http://test/228 + URI:http://test/229 + URI:http://test/230 + URI:http://test/231 + URI:http://test/232 + URI:http://test/233 + URI:http://test/234 + URI:http://test/235 + URI:http://test/236 + URI:http://test/237 + URI:http://test/238 + URI:http://test/239 + URI:http://test/240 + URI:http://test/241 + URI:http://test/242 + URI:http://test/243 + URI:http://test/244 + URI:http://test/245 + URI:http://test/246 + URI:http://test/247 + URI:http://test/248 + URI:http://test/249 + URI:http://test/250 + URI:http://test/251 + URI:http://test/252 + URI:http://test/253 + URI:http://test/254 + URI:http://test/255 + URI:http://test/256 + URI:http://test/257 + URI:http://test/258 + URI:http://test/259 + URI:http://test/260 + URI:http://test/261 + URI:http://test/262 + URI:http://test/263 + URI:http://test/264 + URI:http://test/265 + URI:http://test/266 + URI:http://test/267 + URI:http://test/268 + URI:http://test/269 + URI:http://test/270 + URI:http://test/271 + URI:http://test/272 + URI:http://test/273 + URI:http://test/274 + URI:http://test/275 + URI:http://test/276 + URI:http://test/277 + URI:http://test/278 + URI:http://test/279 + URI:http://test/280 + URI:http://test/281 + URI:http://test/282 + URI:http://test/283 + URI:http://test/284 + URI:http://test/285 + URI:http://test/286 + URI:http://test/287 + URI:http://test/288 + URI:http://test/289 + URI:http://test/290 + URI:http://test/291 + URI:http://test/292 + URI:http://test/293 + URI:http://test/294 + URI:http://test/295 + URI:http://test/296 + URI:http://test/297 + URI:http://test/298 + URI:http://test/299 + URI:http://test/300 + URI:http://test/301 + URI:http://test/302 + URI:http://test/303 + URI:http://test/304 + URI:http://test/305 + URI:http://test/306 + URI:http://test/307 + URI:http://test/308 + URI:http://test/309 + URI:http://test/310 + URI:http://test/311 + URI:http://test/312 + URI:http://test/313 + URI:http://test/314 + URI:http://test/315 + URI:http://test/316 + URI:http://test/317 + URI:http://test/318 + URI:http://test/319 + URI:http://test/320 + URI:http://test/321 + URI:http://test/322 + URI:http://test/323 + URI:http://test/324 + URI:http://test/325 + URI:http://test/326 + URI:http://test/327 + URI:http://test/328 + URI:http://test/329 + URI:http://test/330 + URI:http://test/331 + URI:http://test/332 + URI:http://test/333 + URI:http://test/334 + URI:http://test/335 + URI:http://test/336 + URI:http://test/337 + URI:http://test/338 + URI:http://test/339 + URI:http://test/340 + URI:http://test/341 + URI:http://test/342 + URI:http://test/343 + URI:http://test/344 + URI:http://test/345 + URI:http://test/346 + URI:http://test/347 + URI:http://test/348 + URI:http://test/349 + URI:http://test/350 + URI:http://test/351 + URI:http://test/352 + URI:http://test/353 + URI:http://test/354 + URI:http://test/355 + URI:http://test/356 + URI:http://test/357 + URI:http://test/358 + URI:http://test/359 + URI:http://test/360 + URI:http://test/361 + URI:http://test/362 + URI:http://test/363 + URI:http://test/364 + URI:http://test/365 + URI:http://test/366 + URI:http://test/367 + URI:http://test/368 + URI:http://test/369 + URI:http://test/370 + URI:http://test/371 + URI:http://test/372 + URI:http://test/373 + URI:http://test/374 + URI:http://test/375 + URI:http://test/376 + URI:http://test/377 + URI:http://test/378 + URI:http://test/379 + URI:http://test/380 + URI:http://test/381 + URI:http://test/382 + URI:http://test/383 + URI:http://test/384 + URI:http://test/385 + URI:http://test/386 + URI:http://test/387 + URI:http://test/388 + URI:http://test/389 + URI:http://test/390 + URI:http://test/391 + URI:http://test/392 + URI:http://test/393 + URI:http://test/394 + URI:http://test/395 + URI:http://test/396 + URI:http://test/397 + URI:http://test/398 + URI:http://test/399 + URI:http://test/400 + URI:http://test/401 + URI:http://test/402 + URI:http://test/403 + URI:http://test/404 + URI:http://test/405 + URI:http://test/406 + URI:http://test/407 + URI:http://test/408 + URI:http://test/409 + URI:http://test/410 + URI:http://test/411 + URI:http://test/412 + URI:http://test/413 + URI:http://test/414 + URI:http://test/415 + URI:http://test/416 + URI:http://test/417 + URI:http://test/418 + URI:http://test/419 + URI:http://test/420 + URI:http://test/421 + URI:http://test/422 + URI:http://test/423 + URI:http://test/424 + URI:http://test/425 + URI:http://test/426 + URI:http://test/427 + URI:http://test/428 + URI:http://test/429 + URI:http://test/430 + URI:http://test/431 + URI:http://test/432 + URI:http://test/433 + URI:http://test/434 + URI:http://test/435 + URI:http://test/436 + URI:http://test/437 + URI:http://test/438 + URI:http://test/439 + URI:http://test/440 + URI:http://test/441 + URI:http://test/442 + URI:http://test/443 + URI:http://test/444 + URI:http://test/445 + URI:http://test/446 + URI:http://test/447 + URI:http://test/448 + URI:http://test/449 + URI:http://test/450 + URI:http://test/451 + URI:http://test/452 + URI:http://test/453 + URI:http://test/454 + URI:http://test/455 + URI:http://test/456 + URI:http://test/457 + URI:http://test/458 + URI:http://test/459 + URI:http://test/460 + URI:http://test/461 + URI:http://test/462 + URI:http://test/463 + URI:http://test/464 + URI:http://test/465 + URI:http://test/466 + URI:http://test/467 + URI:http://test/468 + URI:http://test/469 + URI:http://test/470 + URI:http://test/471 + URI:http://test/472 + URI:http://test/473 + URI:http://test/474 + URI:http://test/475 + URI:http://test/476 + URI:http://test/477 + URI:http://test/478 + URI:http://test/479 + URI:http://test/480 + URI:http://test/481 + URI:http://test/482 + URI:http://test/483 + URI:http://test/484 + URI:http://test/485 + URI:http://test/486 + URI:http://test/487 + URI:http://test/488 + URI:http://test/489 + URI:http://test/490 + URI:http://test/491 + URI:http://test/492 + URI:http://test/493 + URI:http://test/494 + URI:http://test/495 + URI:http://test/496 + URI:http://test/497 + URI:http://test/498 + URI:http://test/499 + URI:http://test/500 + URI:http://test/501 + URI:http://test/502 + URI:http://test/503 + URI:http://test/504 + URI:http://test/505 + URI:http://test/506 + URI:http://test/507 + URI:http://test/508 + URI:http://test/509 + URI:http://test/510 + URI:http://test/511 + URI:http://test/512 + URI:http://test/513 + URI:http://test/514 + URI:http://test/515 + URI:http://test/516 + URI:http://test/517 + URI:http://test/518 + URI:http://test/519 + URI:http://test/520 + URI:http://test/521 + URI:http://test/522 + URI:http://test/523 + URI:http://test/524 + URI:http://test/525 + URI:http://test/526 + URI:http://test/527 + URI:http://test/528 + URI:http://test/529 + URI:http://test/530 + URI:http://test/531 + URI:http://test/532 + URI:http://test/533 + URI:http://test/534 + URI:http://test/535 + URI:http://test/536 + URI:http://test/537 + URI:http://test/538 + URI:http://test/539 + URI:http://test/540 + URI:http://test/541 + URI:http://test/542 + URI:http://test/543 + URI:http://test/544 + URI:http://test/545 + URI:http://test/546 + URI:http://test/547 + URI:http://test/548 + URI:http://test/549 + URI:http://test/550 + URI:http://test/551 + URI:http://test/552 + URI:http://test/553 + URI:http://test/554 + URI:http://test/555 + URI:http://test/556 + URI:http://test/557 + URI:http://test/558 + URI:http://test/559 + URI:http://test/560 + URI:http://test/561 + URI:http://test/562 + URI:http://test/563 + URI:http://test/564 + URI:http://test/565 + URI:http://test/566 + URI:http://test/567 + URI:http://test/568 + URI:http://test/569 + URI:http://test/570 + URI:http://test/571 + URI:http://test/572 + URI:http://test/573 + URI:http://test/574 + URI:http://test/575 + URI:http://test/576 + URI:http://test/577 + URI:http://test/578 + URI:http://test/579 + URI:http://test/580 + URI:http://test/581 + URI:http://test/582 + URI:http://test/583 + URI:http://test/584 + URI:http://test/585 + URI:http://test/586 + URI:http://test/587 + URI:http://test/588 + URI:http://test/589 + URI:http://test/590 + URI:http://test/591 + URI:http://test/592 + URI:http://test/593 + URI:http://test/594 + URI:http://test/595 + URI:http://test/596 + URI:http://test/597 + URI:http://test/598 + URI:http://test/599 + URI:http://test/600 + URI:http://test/601 + URI:http://test/602 + URI:http://test/603 + URI:http://test/604 + URI:http://test/605 + URI:http://test/606 + URI:http://test/607 + URI:http://test/608 + URI:http://test/609 + URI:http://test/610 + URI:http://test/611 + URI:http://test/612 + URI:http://test/613 + URI:http://test/614 + URI:http://test/615 + URI:http://test/616 + URI:http://test/617 + URI:http://test/618 + URI:http://test/619 + URI:http://test/620 + URI:http://test/621 + URI:http://test/622 + URI:http://test/623 + URI:http://test/624 + URI:http://test/625 + URI:http://test/626 + URI:http://test/627 + URI:http://test/628 + URI:http://test/629 + URI:http://test/630 + URI:http://test/631 + URI:http://test/632 + URI:http://test/633 + URI:http://test/634 + URI:http://test/635 + URI:http://test/636 + URI:http://test/637 + URI:http://test/638 + URI:http://test/639 + URI:http://test/640 + URI:http://test/641 + URI:http://test/642 + URI:http://test/643 + URI:http://test/644 + URI:http://test/645 + URI:http://test/646 + URI:http://test/647 + URI:http://test/648 + URI:http://test/649 + URI:http://test/650 + URI:http://test/651 + URI:http://test/652 + URI:http://test/653 + URI:http://test/654 + URI:http://test/655 + URI:http://test/656 + URI:http://test/657 + URI:http://test/658 + URI:http://test/659 + URI:http://test/660 + URI:http://test/661 + URI:http://test/662 + URI:http://test/663 + URI:http://test/664 + URI:http://test/665 + URI:http://test/666 + URI:http://test/667 + URI:http://test/668 + URI:http://test/669 + URI:http://test/670 + URI:http://test/671 + URI:http://test/672 + URI:http://test/673 + URI:http://test/674 + URI:http://test/675 + URI:http://test/676 + URI:http://test/677 + URI:http://test/678 + URI:http://test/679 + URI:http://test/680 + URI:http://test/681 + URI:http://test/682 + URI:http://test/683 + URI:http://test/684 + URI:http://test/685 + URI:http://test/686 + URI:http://test/687 + URI:http://test/688 + URI:http://test/689 + URI:http://test/690 + URI:http://test/691 + URI:http://test/692 + URI:http://test/693 + URI:http://test/694 + URI:http://test/695 + URI:http://test/696 + URI:http://test/697 + URI:http://test/698 + URI:http://test/699 + URI:http://test/700 + URI:http://test/701 + URI:http://test/702 + URI:http://test/703 + URI:http://test/704 + URI:http://test/705 + URI:http://test/706 + URI:http://test/707 + URI:http://test/708 + URI:http://test/709 + URI:http://test/710 + URI:http://test/711 + URI:http://test/712 + URI:http://test/713 + URI:http://test/714 + URI:http://test/715 + URI:http://test/716 + URI:http://test/717 + URI:http://test/718 + URI:http://test/719 + URI:http://test/720 + URI:http://test/721 + URI:http://test/722 + URI:http://test/723 + URI:http://test/724 + URI:http://test/725 + URI:http://test/726 + URI:http://test/727 + URI:http://test/728 + URI:http://test/729 + URI:http://test/730 + URI:http://test/731 + URI:http://test/732 + URI:http://test/733 + URI:http://test/734 + URI:http://test/735 + URI:http://test/736 + URI:http://test/737 + URI:http://test/738 + URI:http://test/739 + URI:http://test/740 + URI:http://test/741 + URI:http://test/742 + URI:http://test/743 + URI:http://test/744 + URI:http://test/745 + URI:http://test/746 + URI:http://test/747 + URI:http://test/748 + URI:http://test/749 + URI:http://test/750 + URI:http://test/751 + URI:http://test/752 + URI:http://test/753 + URI:http://test/754 + URI:http://test/755 + URI:http://test/756 + URI:http://test/757 + URI:http://test/758 + URI:http://test/759 + URI:http://test/760 + URI:http://test/761 + URI:http://test/762 + URI:http://test/763 + URI:http://test/764 + URI:http://test/765 + URI:http://test/766 + URI:http://test/767 + URI:http://test/768 + URI:http://test/769 + URI:http://test/770 + URI:http://test/771 + URI:http://test/772 + URI:http://test/773 + URI:http://test/774 + URI:http://test/775 + URI:http://test/776 + URI:http://test/777 + URI:http://test/778 + URI:http://test/779 + URI:http://test/780 + URI:http://test/781 + URI:http://test/782 + URI:http://test/783 + URI:http://test/784 + URI:http://test/785 + URI:http://test/786 + URI:http://test/787 + URI:http://test/788 + URI:http://test/789 + URI:http://test/790 + URI:http://test/791 + URI:http://test/792 + URI:http://test/793 + URI:http://test/794 + URI:http://test/795 + URI:http://test/796 + URI:http://test/797 + URI:http://test/798 + URI:http://test/799 + URI:http://test/800 + URI:http://test/801 + URI:http://test/802 + URI:http://test/803 + URI:http://test/804 + URI:http://test/805 + URI:http://test/806 + URI:http://test/807 + URI:http://test/808 + URI:http://test/809 + URI:http://test/810 + URI:http://test/811 + URI:http://test/812 + URI:http://test/813 + URI:http://test/814 + URI:http://test/815 + URI:http://test/816 + URI:http://test/817 + URI:http://test/818 + URI:http://test/819 + URI:http://test/820 + URI:http://test/821 + URI:http://test/822 + URI:http://test/823 + URI:http://test/824 + URI:http://test/825 + URI:http://test/826 + URI:http://test/827 + URI:http://test/828 + URI:http://test/829 + URI:http://test/830 + URI:http://test/831 + URI:http://test/832 + URI:http://test/833 + URI:http://test/834 + URI:http://test/835 + URI:http://test/836 + URI:http://test/837 + URI:http://test/838 + URI:http://test/839 + URI:http://test/840 + URI:http://test/841 + URI:http://test/842 + URI:http://test/843 + URI:http://test/844 + URI:http://test/845 + URI:http://test/846 + URI:http://test/847 + URI:http://test/848 + URI:http://test/849 + URI:http://test/850 + URI:http://test/851 + URI:http://test/852 + URI:http://test/853 + URI:http://test/854 + URI:http://test/855 + URI:http://test/856 + URI:http://test/857 + URI:http://test/858 + URI:http://test/859 + URI:http://test/860 + URI:http://test/861 + URI:http://test/862 + URI:http://test/863 + URI:http://test/864 + URI:http://test/865 + URI:http://test/866 + URI:http://test/867 + URI:http://test/868 + URI:http://test/869 + URI:http://test/870 + URI:http://test/871 + URI:http://test/872 + URI:http://test/873 + URI:http://test/874 + URI:http://test/875 + URI:http://test/876 + URI:http://test/877 + URI:http://test/878 + URI:http://test/879 + URI:http://test/880 + URI:http://test/881 + URI:http://test/882 + URI:http://test/883 + URI:http://test/884 + URI:http://test/885 + URI:http://test/886 + URI:http://test/887 + URI:http://test/888 + URI:http://test/889 + URI:http://test/890 + URI:http://test/891 + URI:http://test/892 + URI:http://test/893 + URI:http://test/894 + URI:http://test/895 + URI:http://test/896 + URI:http://test/897 + URI:http://test/898 + URI:http://test/899 + URI:http://test/900 + URI:http://test/901 + URI:http://test/902 + URI:http://test/903 + URI:http://test/904 + URI:http://test/905 + URI:http://test/906 + URI:http://test/907 + URI:http://test/908 + URI:http://test/909 + URI:http://test/910 + URI:http://test/911 + URI:http://test/912 + URI:http://test/913 + URI:http://test/914 + URI:http://test/915 + URI:http://test/916 + URI:http://test/917 + URI:http://test/918 + URI:http://test/919 + URI:http://test/920 + URI:http://test/921 + URI:http://test/922 + URI:http://test/923 + URI:http://test/924 + URI:http://test/925 + URI:http://test/926 + URI:http://test/927 + URI:http://test/928 + URI:http://test/929 + URI:http://test/930 + URI:http://test/931 + URI:http://test/932 + URI:http://test/933 + URI:http://test/934 + URI:http://test/935 + URI:http://test/936 + URI:http://test/937 + URI:http://test/938 + URI:http://test/939 + URI:http://test/940 + URI:http://test/941 + URI:http://test/942 + URI:http://test/943 + URI:http://test/944 + URI:http://test/945 + URI:http://test/946 + URI:http://test/947 + URI:http://test/948 + URI:http://test/949 + URI:http://test/950 + URI:http://test/951 + URI:http://test/952 + URI:http://test/953 + URI:http://test/954 + URI:http://test/955 + URI:http://test/956 + URI:http://test/957 + URI:http://test/958 + URI:http://test/959 + URI:http://test/960 + URI:http://test/961 + URI:http://test/962 + URI:http://test/963 + URI:http://test/964 + URI:http://test/965 + URI:http://test/966 + URI:http://test/967 + URI:http://test/968 + URI:http://test/969 + URI:http://test/970 + URI:http://test/971 + URI:http://test/972 + URI:http://test/973 + URI:http://test/974 + URI:http://test/975 + URI:http://test/976 + URI:http://test/977 + URI:http://test/978 + URI:http://test/979 + URI:http://test/980 + URI:http://test/981 + URI:http://test/982 + URI:http://test/983 + URI:http://test/984 + URI:http://test/985 + URI:http://test/986 + URI:http://test/987 + URI:http://test/988 + URI:http://test/989 + URI:http://test/990 + URI:http://test/991 + URI:http://test/992 + URI:http://test/993 + URI:http://test/994 + URI:http://test/995 + URI:http://test/996 + URI:http://test/997 + URI:http://test/998 + URI:http://test/999 + URI:http://test/1000 + URI:http://test/1001 + URI:http://test/1002 + URI:http://test/1003 + URI:http://test/1004 + URI:http://test/1005 + URI:http://test/1006 + URI:http://test/1007 + URI:http://test/1008 + URI:http://test/1009 + URI:http://test/1010 + URI:http://test/1011 + URI:http://test/1012 + URI:http://test/1013 + URI:http://test/1014 + URI:http://test/1015 + URI:http://test/1016 + URI:http://test/1017 + URI:http://test/1018 + URI:http://test/1019 + URI:http://test/1020 + URI:http://test/1021 + URI:http://test/1022 + URI:http://test/1023 + URI:http://test/1024 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + URI:http://xest/0 + URI:http://xest/1 + URI:http://xest/2 + URI:http://xest/3 + URI:http://xest/4 + URI:http://xest/5 + URI:http://xest/6 + URI:http://xest/7 + URI:http://xest/8 + URI:http://xest/9 + URI:http://xest/10 + URI:http://xest/11 + URI:http://xest/12 + URI:http://xest/13 + URI:http://xest/14 + URI:http://xest/15 + URI:http://xest/16 + URI:http://xest/17 + URI:http://xest/18 + URI:http://xest/19 + URI:http://xest/20 + URI:http://xest/21 + URI:http://xest/22 + URI:http://xest/23 + URI:http://xest/24 + URI:http://xest/25 + URI:http://xest/26 + URI:http://xest/27 + URI:http://xest/28 + URI:http://xest/29 + URI:http://xest/30 + URI:http://xest/31 + URI:http://xest/32 + URI:http://xest/33 + URI:http://xest/34 + URI:http://xest/35 + URI:http://xest/36 + URI:http://xest/37 + URI:http://xest/38 + URI:http://xest/39 + URI:http://xest/40 + URI:http://xest/41 + URI:http://xest/42 + URI:http://xest/43 + URI:http://xest/44 + URI:http://xest/45 + URI:http://xest/46 + URI:http://xest/47 + URI:http://xest/48 + URI:http://xest/49 + URI:http://xest/50 + URI:http://xest/51 + URI:http://xest/52 + URI:http://xest/53 + URI:http://xest/54 + URI:http://xest/55 + URI:http://xest/56 + URI:http://xest/57 + URI:http://xest/58 + URI:http://xest/59 + URI:http://xest/60 + URI:http://xest/61 + URI:http://xest/62 + URI:http://xest/63 + URI:http://xest/64 + URI:http://xest/65 + URI:http://xest/66 + URI:http://xest/67 + URI:http://xest/68 + URI:http://xest/69 + URI:http://xest/70 + URI:http://xest/71 + URI:http://xest/72 + URI:http://xest/73 + URI:http://xest/74 + URI:http://xest/75 + URI:http://xest/76 + URI:http://xest/77 + URI:http://xest/78 + URI:http://xest/79 + URI:http://xest/80 + URI:http://xest/81 + URI:http://xest/82 + URI:http://xest/83 + URI:http://xest/84 + URI:http://xest/85 + URI:http://xest/86 + URI:http://xest/87 + URI:http://xest/88 + URI:http://xest/89 + URI:http://xest/90 + URI:http://xest/91 + URI:http://xest/92 + URI:http://xest/93 + URI:http://xest/94 + URI:http://xest/95 + URI:http://xest/96 + URI:http://xest/97 + URI:http://xest/98 + URI:http://xest/99 + URI:http://xest/100 + URI:http://xest/101 + URI:http://xest/102 + URI:http://xest/103 + URI:http://xest/104 + URI:http://xest/105 + URI:http://xest/106 + URI:http://xest/107 + URI:http://xest/108 + URI:http://xest/109 + URI:http://xest/110 + URI:http://xest/111 + URI:http://xest/112 + URI:http://xest/113 + URI:http://xest/114 + URI:http://xest/115 + URI:http://xest/116 + URI:http://xest/117 + URI:http://xest/118 + URI:http://xest/119 + URI:http://xest/120 + URI:http://xest/121 + URI:http://xest/122 + URI:http://xest/123 + URI:http://xest/124 + URI:http://xest/125 + URI:http://xest/126 + URI:http://xest/127 + URI:http://xest/128 + URI:http://xest/129 + URI:http://xest/130 + URI:http://xest/131 + URI:http://xest/132 + URI:http://xest/133 + URI:http://xest/134 + URI:http://xest/135 + URI:http://xest/136 + URI:http://xest/137 + URI:http://xest/138 + URI:http://xest/139 + URI:http://xest/140 + URI:http://xest/141 + URI:http://xest/142 + URI:http://xest/143 + URI:http://xest/144 + URI:http://xest/145 + URI:http://xest/146 + URI:http://xest/147 + URI:http://xest/148 + URI:http://xest/149 + URI:http://xest/150 + URI:http://xest/151 + URI:http://xest/152 + URI:http://xest/153 + URI:http://xest/154 + URI:http://xest/155 + URI:http://xest/156 + URI:http://xest/157 + URI:http://xest/158 + URI:http://xest/159 + URI:http://xest/160 + URI:http://xest/161 + URI:http://xest/162 + URI:http://xest/163 + URI:http://xest/164 + URI:http://xest/165 + URI:http://xest/166 + URI:http://xest/167 + URI:http://xest/168 + URI:http://xest/169 + URI:http://xest/170 + URI:http://xest/171 + URI:http://xest/172 + URI:http://xest/173 + URI:http://xest/174 + URI:http://xest/175 + URI:http://xest/176 + URI:http://xest/177 + URI:http://xest/178 + URI:http://xest/179 + URI:http://xest/180 + URI:http://xest/181 + URI:http://xest/182 + URI:http://xest/183 + URI:http://xest/184 + URI:http://xest/185 + URI:http://xest/186 + URI:http://xest/187 + URI:http://xest/188 + URI:http://xest/189 + URI:http://xest/190 + URI:http://xest/191 + URI:http://xest/192 + URI:http://xest/193 + URI:http://xest/194 + URI:http://xest/195 + URI:http://xest/196 + URI:http://xest/197 + URI:http://xest/198 + URI:http://xest/199 + URI:http://xest/200 + URI:http://xest/201 + URI:http://xest/202 + URI:http://xest/203 + URI:http://xest/204 + URI:http://xest/205 + URI:http://xest/206 + URI:http://xest/207 + URI:http://xest/208 + URI:http://xest/209 + URI:http://xest/210 + URI:http://xest/211 + URI:http://xest/212 + URI:http://xest/213 + URI:http://xest/214 + URI:http://xest/215 + URI:http://xest/216 + URI:http://xest/217 + URI:http://xest/218 + URI:http://xest/219 + URI:http://xest/220 + URI:http://xest/221 + URI:http://xest/222 + URI:http://xest/223 + URI:http://xest/224 + URI:http://xest/225 + URI:http://xest/226 + URI:http://xest/227 + URI:http://xest/228 + URI:http://xest/229 + URI:http://xest/230 + URI:http://xest/231 + URI:http://xest/232 + URI:http://xest/233 + URI:http://xest/234 + URI:http://xest/235 + URI:http://xest/236 + URI:http://xest/237 + URI:http://xest/238 + URI:http://xest/239 + URI:http://xest/240 + URI:http://xest/241 + URI:http://xest/242 + URI:http://xest/243 + URI:http://xest/244 + URI:http://xest/245 + URI:http://xest/246 + URI:http://xest/247 + URI:http://xest/248 + URI:http://xest/249 + URI:http://xest/250 + URI:http://xest/251 + URI:http://xest/252 + URI:http://xest/253 + URI:http://xest/254 + URI:http://xest/255 + URI:http://xest/256 + URI:http://xest/257 + URI:http://xest/258 + URI:http://xest/259 + URI:http://xest/260 + URI:http://xest/261 + URI:http://xest/262 + URI:http://xest/263 + URI:http://xest/264 + URI:http://xest/265 + URI:http://xest/266 + URI:http://xest/267 + URI:http://xest/268 + URI:http://xest/269 + URI:http://xest/270 + URI:http://xest/271 + URI:http://xest/272 + URI:http://xest/273 + URI:http://xest/274 + URI:http://xest/275 + URI:http://xest/276 + URI:http://xest/277 + URI:http://xest/278 + URI:http://xest/279 + URI:http://xest/280 + URI:http://xest/281 + URI:http://xest/282 + URI:http://xest/283 + URI:http://xest/284 + URI:http://xest/285 + URI:http://xest/286 + URI:http://xest/287 + URI:http://xest/288 + URI:http://xest/289 + URI:http://xest/290 + URI:http://xest/291 + URI:http://xest/292 + URI:http://xest/293 + URI:http://xest/294 + URI:http://xest/295 + URI:http://xest/296 + URI:http://xest/297 + URI:http://xest/298 + URI:http://xest/299 + URI:http://xest/300 + URI:http://xest/301 + URI:http://xest/302 + URI:http://xest/303 + URI:http://xest/304 + URI:http://xest/305 + URI:http://xest/306 + URI:http://xest/307 + URI:http://xest/308 + URI:http://xest/309 + URI:http://xest/310 + URI:http://xest/311 + URI:http://xest/312 + URI:http://xest/313 + URI:http://xest/314 + URI:http://xest/315 + URI:http://xest/316 + URI:http://xest/317 + URI:http://xest/318 + URI:http://xest/319 + URI:http://xest/320 + URI:http://xest/321 + URI:http://xest/322 + URI:http://xest/323 + URI:http://xest/324 + URI:http://xest/325 + URI:http://xest/326 + URI:http://xest/327 + URI:http://xest/328 + URI:http://xest/329 + URI:http://xest/330 + URI:http://xest/331 + URI:http://xest/332 + URI:http://xest/333 + URI:http://xest/334 + URI:http://xest/335 + URI:http://xest/336 + URI:http://xest/337 + URI:http://xest/338 + URI:http://xest/339 + URI:http://xest/340 + URI:http://xest/341 + URI:http://xest/342 + URI:http://xest/343 + URI:http://xest/344 + URI:http://xest/345 + URI:http://xest/346 + URI:http://xest/347 + URI:http://xest/348 + URI:http://xest/349 + URI:http://xest/350 + URI:http://xest/351 + URI:http://xest/352 + URI:http://xest/353 + URI:http://xest/354 + URI:http://xest/355 + URI:http://xest/356 + URI:http://xest/357 + URI:http://xest/358 + URI:http://xest/359 + URI:http://xest/360 + URI:http://xest/361 + URI:http://xest/362 + URI:http://xest/363 + URI:http://xest/364 + URI:http://xest/365 + URI:http://xest/366 + URI:http://xest/367 + URI:http://xest/368 + URI:http://xest/369 + URI:http://xest/370 + URI:http://xest/371 + URI:http://xest/372 + URI:http://xest/373 + URI:http://xest/374 + URI:http://xest/375 + URI:http://xest/376 + URI:http://xest/377 + URI:http://xest/378 + URI:http://xest/379 + URI:http://xest/380 + URI:http://xest/381 + URI:http://xest/382 + URI:http://xest/383 + URI:http://xest/384 + URI:http://xest/385 + URI:http://xest/386 + URI:http://xest/387 + URI:http://xest/388 + URI:http://xest/389 + URI:http://xest/390 + URI:http://xest/391 + URI:http://xest/392 + URI:http://xest/393 + URI:http://xest/394 + URI:http://xest/395 + URI:http://xest/396 + URI:http://xest/397 + URI:http://xest/398 + URI:http://xest/399 + URI:http://xest/400 + URI:http://xest/401 + URI:http://xest/402 + URI:http://xest/403 + URI:http://xest/404 + URI:http://xest/405 + URI:http://xest/406 + URI:http://xest/407 + URI:http://xest/408 + URI:http://xest/409 + URI:http://xest/410 + URI:http://xest/411 + URI:http://xest/412 + URI:http://xest/413 + URI:http://xest/414 + URI:http://xest/415 + URI:http://xest/416 + URI:http://xest/417 + URI:http://xest/418 + URI:http://xest/419 + URI:http://xest/420 + URI:http://xest/421 + URI:http://xest/422 + URI:http://xest/423 + URI:http://xest/424 + URI:http://xest/425 + URI:http://xest/426 + URI:http://xest/427 + URI:http://xest/428 + URI:http://xest/429 + URI:http://xest/430 + URI:http://xest/431 + URI:http://xest/432 + URI:http://xest/433 + URI:http://xest/434 + URI:http://xest/435 + URI:http://xest/436 + URI:http://xest/437 + URI:http://xest/438 + URI:http://xest/439 + URI:http://xest/440 + URI:http://xest/441 + URI:http://xest/442 + URI:http://xest/443 + URI:http://xest/444 + URI:http://xest/445 + URI:http://xest/446 + URI:http://xest/447 + URI:http://xest/448 + URI:http://xest/449 + URI:http://xest/450 + URI:http://xest/451 + URI:http://xest/452 + URI:http://xest/453 + URI:http://xest/454 + URI:http://xest/455 + URI:http://xest/456 + URI:http://xest/457 + URI:http://xest/458 + URI:http://xest/459 + URI:http://xest/460 + URI:http://xest/461 + URI:http://xest/462 + URI:http://xest/463 + URI:http://xest/464 + URI:http://xest/465 + URI:http://xest/466 + URI:http://xest/467 + URI:http://xest/468 + URI:http://xest/469 + URI:http://xest/470 + URI:http://xest/471 + URI:http://xest/472 + URI:http://xest/473 + URI:http://xest/474 + URI:http://xest/475 + URI:http://xest/476 + URI:http://xest/477 + URI:http://xest/478 + URI:http://xest/479 + URI:http://xest/480 + URI:http://xest/481 + URI:http://xest/482 + URI:http://xest/483 + URI:http://xest/484 + URI:http://xest/485 + URI:http://xest/486 + URI:http://xest/487 + URI:http://xest/488 + URI:http://xest/489 + URI:http://xest/490 + URI:http://xest/491 + URI:http://xest/492 + URI:http://xest/493 + URI:http://xest/494 + URI:http://xest/495 + URI:http://xest/496 + URI:http://xest/497 + URI:http://xest/498 + URI:http://xest/499 + URI:http://xest/500 + URI:http://xest/501 + URI:http://xest/502 + URI:http://xest/503 + URI:http://xest/504 + URI:http://xest/505 + URI:http://xest/506 + URI:http://xest/507 + URI:http://xest/508 + URI:http://xest/509 + URI:http://xest/510 + URI:http://xest/511 + URI:http://xest/512 + URI:http://xest/513 + URI:http://xest/514 + URI:http://xest/515 + URI:http://xest/516 + URI:http://xest/517 + URI:http://xest/518 + URI:http://xest/519 + URI:http://xest/520 + URI:http://xest/521 + URI:http://xest/522 + URI:http://xest/523 + URI:http://xest/524 + URI:http://xest/525 + URI:http://xest/526 + URI:http://xest/527 + URI:http://xest/528 + URI:http://xest/529 + URI:http://xest/530 + URI:http://xest/531 + URI:http://xest/532 + URI:http://xest/533 + URI:http://xest/534 + URI:http://xest/535 + URI:http://xest/536 + URI:http://xest/537 + URI:http://xest/538 + URI:http://xest/539 + URI:http://xest/540 + URI:http://xest/541 + URI:http://xest/542 + URI:http://xest/543 + URI:http://xest/544 + URI:http://xest/545 + URI:http://xest/546 + URI:http://xest/547 + URI:http://xest/548 + URI:http://xest/549 + URI:http://xest/550 + URI:http://xest/551 + URI:http://xest/552 + URI:http://xest/553 + URI:http://xest/554 + URI:http://xest/555 + URI:http://xest/556 + URI:http://xest/557 + URI:http://xest/558 + URI:http://xest/559 + URI:http://xest/560 + URI:http://xest/561 + URI:http://xest/562 + URI:http://xest/563 + URI:http://xest/564 + URI:http://xest/565 + URI:http://xest/566 + URI:http://xest/567 + URI:http://xest/568 + URI:http://xest/569 + URI:http://xest/570 + URI:http://xest/571 + URI:http://xest/572 + URI:http://xest/573 + URI:http://xest/574 + URI:http://xest/575 + URI:http://xest/576 + URI:http://xest/577 + URI:http://xest/578 + URI:http://xest/579 + URI:http://xest/580 + URI:http://xest/581 + URI:http://xest/582 + URI:http://xest/583 + URI:http://xest/584 + URI:http://xest/585 + URI:http://xest/586 + URI:http://xest/587 + URI:http://xest/588 + URI:http://xest/589 + URI:http://xest/590 + URI:http://xest/591 + URI:http://xest/592 + URI:http://xest/593 + URI:http://xest/594 + URI:http://xest/595 + URI:http://xest/596 + URI:http://xest/597 + URI:http://xest/598 + URI:http://xest/599 + URI:http://xest/600 + URI:http://xest/601 + URI:http://xest/602 + URI:http://xest/603 + URI:http://xest/604 + URI:http://xest/605 + URI:http://xest/606 + URI:http://xest/607 + URI:http://xest/608 + URI:http://xest/609 + URI:http://xest/610 + URI:http://xest/611 + URI:http://xest/612 + URI:http://xest/613 + URI:http://xest/614 + URI:http://xest/615 + URI:http://xest/616 + URI:http://xest/617 + URI:http://xest/618 + URI:http://xest/619 + URI:http://xest/620 + URI:http://xest/621 + URI:http://xest/622 + URI:http://xest/623 + URI:http://xest/624 + URI:http://xest/625 + URI:http://xest/626 + URI:http://xest/627 + URI:http://xest/628 + URI:http://xest/629 + URI:http://xest/630 + URI:http://xest/631 + URI:http://xest/632 + URI:http://xest/633 + URI:http://xest/634 + URI:http://xest/635 + URI:http://xest/636 + URI:http://xest/637 + URI:http://xest/638 + URI:http://xest/639 + URI:http://xest/640 + URI:http://xest/641 + URI:http://xest/642 + URI:http://xest/643 + URI:http://xest/644 + URI:http://xest/645 + URI:http://xest/646 + URI:http://xest/647 + URI:http://xest/648 + URI:http://xest/649 + URI:http://xest/650 + URI:http://xest/651 + URI:http://xest/652 + URI:http://xest/653 + URI:http://xest/654 + URI:http://xest/655 + URI:http://xest/656 + URI:http://xest/657 + URI:http://xest/658 + URI:http://xest/659 + URI:http://xest/660 + URI:http://xest/661 + URI:http://xest/662 + URI:http://xest/663 + URI:http://xest/664 + URI:http://xest/665 + URI:http://xest/666 + URI:http://xest/667 + URI:http://xest/668 + URI:http://xest/669 + URI:http://xest/670 + URI:http://xest/671 + URI:http://xest/672 + URI:http://xest/673 + URI:http://xest/674 + URI:http://xest/675 + URI:http://xest/676 + URI:http://xest/677 + URI:http://xest/678 + URI:http://xest/679 + URI:http://xest/680 + URI:http://xest/681 + URI:http://xest/682 + URI:http://xest/683 + URI:http://xest/684 + URI:http://xest/685 + URI:http://xest/686 + URI:http://xest/687 + URI:http://xest/688 + URI:http://xest/689 + URI:http://xest/690 + URI:http://xest/691 + URI:http://xest/692 + URI:http://xest/693 + URI:http://xest/694 + URI:http://xest/695 + URI:http://xest/696 + URI:http://xest/697 + URI:http://xest/698 + URI:http://xest/699 + URI:http://xest/700 + URI:http://xest/701 + URI:http://xest/702 + URI:http://xest/703 + URI:http://xest/704 + URI:http://xest/705 + URI:http://xest/706 + URI:http://xest/707 + URI:http://xest/708 + URI:http://xest/709 + URI:http://xest/710 + URI:http://xest/711 + URI:http://xest/712 + URI:http://xest/713 + URI:http://xest/714 + URI:http://xest/715 + URI:http://xest/716 + URI:http://xest/717 + URI:http://xest/718 + URI:http://xest/719 + URI:http://xest/720 + URI:http://xest/721 + URI:http://xest/722 + URI:http://xest/723 + URI:http://xest/724 + URI:http://xest/725 + URI:http://xest/726 + URI:http://xest/727 + URI:http://xest/728 + URI:http://xest/729 + URI:http://xest/730 + URI:http://xest/731 + URI:http://xest/732 + URI:http://xest/733 + URI:http://xest/734 + URI:http://xest/735 + URI:http://xest/736 + URI:http://xest/737 + URI:http://xest/738 + URI:http://xest/739 + URI:http://xest/740 + URI:http://xest/741 + URI:http://xest/742 + URI:http://xest/743 + URI:http://xest/744 + URI:http://xest/745 + URI:http://xest/746 + URI:http://xest/747 + URI:http://xest/748 + URI:http://xest/749 + URI:http://xest/750 + URI:http://xest/751 + URI:http://xest/752 + URI:http://xest/753 + URI:http://xest/754 + URI:http://xest/755 + URI:http://xest/756 + URI:http://xest/757 + URI:http://xest/758 + URI:http://xest/759 + URI:http://xest/760 + URI:http://xest/761 + URI:http://xest/762 + URI:http://xest/763 + URI:http://xest/764 + URI:http://xest/765 + URI:http://xest/766 + URI:http://xest/767 + URI:http://xest/768 + URI:http://xest/769 + URI:http://xest/770 + URI:http://xest/771 + URI:http://xest/772 + URI:http://xest/773 + URI:http://xest/774 + URI:http://xest/775 + URI:http://xest/776 + URI:http://xest/777 + URI:http://xest/778 + URI:http://xest/779 + URI:http://xest/780 + URI:http://xest/781 + URI:http://xest/782 + URI:http://xest/783 + URI:http://xest/784 + URI:http://xest/785 + URI:http://xest/786 + URI:http://xest/787 + URI:http://xest/788 + URI:http://xest/789 + URI:http://xest/790 + URI:http://xest/791 + URI:http://xest/792 + URI:http://xest/793 + URI:http://xest/794 + URI:http://xest/795 + URI:http://xest/796 + URI:http://xest/797 + URI:http://xest/798 + URI:http://xest/799 + URI:http://xest/800 + URI:http://xest/801 + URI:http://xest/802 + URI:http://xest/803 + URI:http://xest/804 + URI:http://xest/805 + URI:http://xest/806 + URI:http://xest/807 + URI:http://xest/808 + URI:http://xest/809 + URI:http://xest/810 + URI:http://xest/811 + URI:http://xest/812 + URI:http://xest/813 + URI:http://xest/814 + URI:http://xest/815 + URI:http://xest/816 + URI:http://xest/817 + URI:http://xest/818 + URI:http://xest/819 + URI:http://xest/820 + URI:http://xest/821 + URI:http://xest/822 + URI:http://xest/823 + URI:http://xest/824 + URI:http://xest/825 + URI:http://xest/826 + URI:http://xest/827 + URI:http://xest/828 + URI:http://xest/829 + URI:http://xest/830 + URI:http://xest/831 + URI:http://xest/832 + URI:http://xest/833 + URI:http://xest/834 + URI:http://xest/835 + URI:http://xest/836 + URI:http://xest/837 + URI:http://xest/838 + URI:http://xest/839 + URI:http://xest/840 + URI:http://xest/841 + URI:http://xest/842 + URI:http://xest/843 + URI:http://xest/844 + URI:http://xest/845 + URI:http://xest/846 + URI:http://xest/847 + URI:http://xest/848 + URI:http://xest/849 + URI:http://xest/850 + URI:http://xest/851 + URI:http://xest/852 + URI:http://xest/853 + URI:http://xest/854 + URI:http://xest/855 + URI:http://xest/856 + URI:http://xest/857 + URI:http://xest/858 + URI:http://xest/859 + URI:http://xest/860 + URI:http://xest/861 + URI:http://xest/862 + URI:http://xest/863 + URI:http://xest/864 + URI:http://xest/865 + URI:http://xest/866 + URI:http://xest/867 + URI:http://xest/868 + URI:http://xest/869 + URI:http://xest/870 + URI:http://xest/871 + URI:http://xest/872 + URI:http://xest/873 + URI:http://xest/874 + URI:http://xest/875 + URI:http://xest/876 + URI:http://xest/877 + URI:http://xest/878 + URI:http://xest/879 + URI:http://xest/880 + URI:http://xest/881 + URI:http://xest/882 + URI:http://xest/883 + URI:http://xest/884 + URI:http://xest/885 + URI:http://xest/886 + URI:http://xest/887 + URI:http://xest/888 + URI:http://xest/889 + URI:http://xest/890 + URI:http://xest/891 + URI:http://xest/892 + URI:http://xest/893 + URI:http://xest/894 + URI:http://xest/895 + URI:http://xest/896 + URI:http://xest/897 + URI:http://xest/898 + URI:http://xest/899 + URI:http://xest/900 + URI:http://xest/901 + URI:http://xest/902 + URI:http://xest/903 + URI:http://xest/904 + URI:http://xest/905 + URI:http://xest/906 + URI:http://xest/907 + URI:http://xest/908 + URI:http://xest/909 + URI:http://xest/910 + URI:http://xest/911 + URI:http://xest/912 + URI:http://xest/913 + URI:http://xest/914 + URI:http://xest/915 + URI:http://xest/916 + URI:http://xest/917 + URI:http://xest/918 + URI:http://xest/919 + URI:http://xest/920 + URI:http://xest/921 + URI:http://xest/922 + URI:http://xest/923 + URI:http://xest/924 + URI:http://xest/925 + URI:http://xest/926 + URI:http://xest/927 + URI:http://xest/928 + URI:http://xest/929 + URI:http://xest/930 + URI:http://xest/931 + URI:http://xest/932 + URI:http://xest/933 + URI:http://xest/934 + URI:http://xest/935 + URI:http://xest/936 + URI:http://xest/937 + URI:http://xest/938 + URI:http://xest/939 + URI:http://xest/940 + URI:http://xest/941 + URI:http://xest/942 + URI:http://xest/943 + URI:http://xest/944 + URI:http://xest/945 + URI:http://xest/946 + URI:http://xest/947 + URI:http://xest/948 + URI:http://xest/949 + URI:http://xest/950 + URI:http://xest/951 + URI:http://xest/952 + URI:http://xest/953 + URI:http://xest/954 + URI:http://xest/955 + URI:http://xest/956 + URI:http://xest/957 + URI:http://xest/958 + URI:http://xest/959 + URI:http://xest/960 + URI:http://xest/961 + URI:http://xest/962 + URI:http://xest/963 + URI:http://xest/964 + URI:http://xest/965 + URI:http://xest/966 + URI:http://xest/967 + URI:http://xest/968 + URI:http://xest/969 + URI:http://xest/970 + URI:http://xest/971 + URI:http://xest/972 + URI:http://xest/973 + URI:http://xest/974 + URI:http://xest/975 + URI:http://xest/976 + URI:http://xest/977 + URI:http://xest/978 + URI:http://xest/979 + URI:http://xest/980 + URI:http://xest/981 + URI:http://xest/982 + URI:http://xest/983 + URI:http://xest/984 + URI:http://xest/985 + URI:http://xest/986 + URI:http://xest/987 + URI:http://xest/988 + URI:http://xest/989 + URI:http://xest/990 + URI:http://xest/991 + URI:http://xest/992 + URI:http://xest/993 + URI:http://xest/994 + URI:http://xest/995 + URI:http://xest/996 + URI:http://xest/997 + URI:http://xest/998 + URI:http://xest/999 + URI:http://xest/1000 + URI:http://xest/1001 + URI:http://xest/1002 + URI:http://xest/1003 + URI:http://xest/1004 + URI:http://xest/1005 + URI:http://xest/1006 + URI:http://xest/1007 + URI:http://xest/1008 + URI:http://xest/1009 + URI:http://xest/1010 + URI:http://xest/1011 + URI:http://xest/1012 + URI:http://xest/1013 + URI:http://xest/1014 + URI:http://xest/1015 + URI:http://xest/1016 + URI:http://xest/1017 + URI:http://xest/1018 + URI:http://xest/1019 + URI:http://xest/1020 + URI:http://xest/1021 + URI:http://xest/1022 + URI:http://xest/1023 + URI:http://xest/1024 + + Signature Algorithm: sha256WithRSAEncryption + 37:a8:be:e4:03:62:63:15:b0:fe:be:49:7f:22:5e:7a:f8:b4: + 33:0c:fe:3b:41:0c:99:dc:bd:b0:a3:0c:3a:54:42:27:62:18: + 15:af:e6:d5:91:63:17:1d:1b:3f:ca:f6:2e:2f:6e:71:5e:66: + 86:27:69:91:31:5d:35:85:d4:46:77:69:45:50:05:9c:bc:39: + b8:0f:d0:96:a6:65:02:d3:80:53:ac:58:9c:f3:ec:27:27:b2: + 33:44:51:17:79:90:ea:b1:57:32:f7:e0:58:a4:99:64:78:55: + 61:16:d3:51:62:cf:26:02:8d:7d:df:2d:d8:c3:d2:00:5e:03: + 49:78:20:b7:78:9e:9e:b6:56:e9:48:4d:c5:5a:ea:28:e8:16: + 70:4a:39:bb:1d:88:40:5a:fd:67:82:73:f3:c6:f2:e9:ed:70: + 83:de:72:3f:7d:08:2f:1a:43:4d:c9:b2:e9:ce:e6:43:a9:74: + 25:cd:ba:95:cd:51:97:cb:56:d4:e6:e6:d9:69:0a:5f:48:17: + 2a:3b:41:ac:a5:ec:1f:30:c9:b2:f1:68:8f:a1:0f:1e:7d:9e: + e3:be:bb:8d:cb:6e:41:6a:16:7a:48:f5:ac:14:69:f7:de:63: + fc:94:80:e7:62:da:e6:99:12:ad:f1:d2:5d:76:6b:c3:11:6e: + 55:5d:7e:ec +-----BEGIN CERTIFICATE----- +MILWujCC1aKgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOC1AQwgtQAMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgtM0BgNVHR4EgtMrMILTJ6CCabEwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAqHCAoAAAD/////MAqHCAoAAAH///// +MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoAAAX///// +MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoAAAn///// +MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoAAA3///// +MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoAABH///// +MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoAABX///// +MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoAABn///// +MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoAAB3///// +MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoAACH///// +MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoAACX///// +MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoAACn///// +MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoAAC3///// +MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoAADH///// +MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoAADX///// +MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoAADn///// +MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoAAD3///// +MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoAAEH///// +MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoAAEX///// +MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoAAEn///// +MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoAAE3///// +MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoAAFH///// +MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoAAFX///// +MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoAAFn///// +MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoAAF3///// +MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoAAGH///// +MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoAAGX///// +MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoAAGn///// +MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoAAG3///// +MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoAAHH///// +MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoAAHX///// +MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoAAHn///// +MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoAAH3///// +MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoAAIH///// +MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoAAIX///// +MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoAAIn///// +MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoAAI3///// +MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoAAJH///// +MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoAAJX///// +MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoAAJn///// +MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoAAJ3///// +MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoAAKH///// +MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoAAKX///// +MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoAAKn///// +MAqHCAoAAKr/////MBGkDzANMQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwC +dDEwEaQPMA0xCzAJBgNVBAMMAnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTEL +MAkGA1UEAwwCdDQwEaQPMA0xCzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0 +NjARpA8wDTELMAkGA1UEAwwCdDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQsw +CQYDVQQDDAJ0OTASpBAwDjEMMAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0 +MTEwEqQQMA4xDDAKBgNVBAMMA3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAO +MQwwCgYDVQQDDAN0MTQwEqQQMA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UE +AwwDdDE2MBKkEDAOMQwwCgYDVQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODAS +pBAwDjEMMAoGA1UEAwwDdDE5MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAK +BgNVBAMMA3QyMTASpBAwDjEMMAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0 +MjMwEqQQMA4xDDAKBgNVBAMMA3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAO +MQwwCgYDVQQDDAN0MjYwEqQQMA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UE +AwwDdDI4MBKkEDAOMQwwCgYDVQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDAS +pBAwDjEMMAoGA1UEAwwDdDMxMBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAK +BgNVBAMMA3QzMzASpBAwDjEMMAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0 +MzUwEqQQMA4xDDAKBgNVBAMMA3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAO +MQwwCgYDVQQDDAN0MzgwEqQQMA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UE +AwwDdDQwMBKkEDAOMQwwCgYDVQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjAS +pBAwDjEMMAoGA1UEAwwDdDQzMBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAK +BgNVBAMMA3Q0NTASpBAwDjEMMAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0 +NDcwEqQQMA4xDDAKBgNVBAMMA3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAO +MQwwCgYDVQQDDAN0NTAwEqQQMA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UE +AwwDdDUyMBKkEDAOMQwwCgYDVQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDAS +pBAwDjEMMAoGA1UEAwwDdDU1MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAK +BgNVBAMMA3Q1NzASpBAwDjEMMAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0 +NTkwEqQQMA4xDDAKBgNVBAMMA3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAO +MQwwCgYDVQQDDAN0NjIwEqQQMA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UE +AwwDdDY0MBKkEDAOMQwwCgYDVQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjAS +pBAwDjEMMAoGA1UEAwwDdDY3MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAK +BgNVBAMMA3Q2OTASpBAwDjEMMAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0 +NzEwEqQQMA4xDDAKBgNVBAMMA3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAO +MQwwCgYDVQQDDAN0NzQwEqQQMA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UE +AwwDdDc2MBKkEDAOMQwwCgYDVQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODAS +pBAwDjEMMAoGA1UEAwwDdDc5MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAK +BgNVBAMMA3Q4MTASpBAwDjEMMAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0 +ODMwEqQQMA4xDDAKBgNVBAMMA3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAO +MQwwCgYDVQQDDAN0ODYwEqQQMA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UE +AwwDdDg4MBKkEDAOMQwwCgYDVQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDAS +pBAwDjEMMAoGA1UEAwwDdDkxMBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAK +BgNVBAMMA3Q5MzASpBAwDjEMMAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0 +OTUwEqQQMA4xDDAKBgNVBAMMA3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAO +MQwwCgYDVQQDDAN0OTgwEqQQMA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UE +AwwEdDEwMDATpBEwDzENMAsGA1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEw +MjATpBEwDzENMAsGA1UEAwwEdDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEw +DzENMAsGA1UEAwwEdDEwNTATpBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsG +A1UEAwwEdDEwNzATpBEwDzENMAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwE +dDEwOTATpBEwDzENMAsGA1UEAwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTAT +pBEwDzENMAsGA1UEAwwEdDExMjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzEN +MAsGA1UEAwwEdDExNDATpBEwDzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UE +AwwEdDExNjATpBEwDzENMAsGA1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDEx +ODATpBEwDzENMAsGA1UEAwwEdDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEw +DzENMAsGA1UEAwwEdDEyMTATpBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsG +A1UEAwwEdDEyMzATpBEwDzENMAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwE +dDEyNTATpBEwDzENMAsGA1UEAwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzAT +pBEwDzENMAsGA1UEAwwEdDEyODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzEN +MAsGA1UEAwwEdDEzMDATpBEwDzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UE +AwwEdDEzMjATpBEwDzENMAsGA1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEz +NDATpBEwDzENMAsGA1UEAwwEdDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEw +DzENMAsGA1UEAwwEdDEzNzATpBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsG +A1UEAwwEdDEzOTATpBEwDzENMAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwE +dDE0MTATpBEwDzENMAsGA1UEAwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzAT +pBEwDzENMAsGA1UEAwwEdDE0NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzEN +MAsGA1UEAwwEdDE0NjATpBEwDzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UE +AwwEdDE0ODATpBEwDzENMAsGA1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1 +MDATpBEwDzENMAsGA1UEAwwEdDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEw +DzENMAsGA1UEAwwEdDE1MzATpBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsG +A1UEAwwEdDE1NTATpBEwDzENMAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwE +dDE1NzATpBEwDzENMAsGA1UEAwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTAT +pBEwDzENMAsGA1UEAwwEdDE2MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzEN +MAsGA1UEAwwEdDE2MjATpBEwDzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UE +AwwEdDE2NDATpBEwDzENMAsGA1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2 +NjATpBEwDzENMAsGA1UEAwwEdDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEw +DzENMAsGA1UEAwwEdDE2OTATpBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsG +A1UEAwwEdDE3MTAPhg1odHRwOi8vdGVzdC8wMA+GDWh0dHA6Ly90ZXN0LzEwD4YN +aHR0cDovL3Rlc3QvMjAPhg1odHRwOi8vdGVzdC8zMA+GDWh0dHA6Ly90ZXN0LzQw +D4YNaHR0cDovL3Rlc3QvNTAPhg1odHRwOi8vdGVzdC82MA+GDWh0dHA6Ly90ZXN0 +LzcwD4YNaHR0cDovL3Rlc3QvODAPhg1odHRwOi8vdGVzdC85MBCGDmh0dHA6Ly90 +ZXN0LzEwMBCGDmh0dHA6Ly90ZXN0LzExMBCGDmh0dHA6Ly90ZXN0LzEyMBCGDmh0 +dHA6Ly90ZXN0LzEzMBCGDmh0dHA6Ly90ZXN0LzE0MBCGDmh0dHA6Ly90ZXN0LzE1 +MBCGDmh0dHA6Ly90ZXN0LzE2MBCGDmh0dHA6Ly90ZXN0LzE3MBCGDmh0dHA6Ly90 +ZXN0LzE4MBCGDmh0dHA6Ly90ZXN0LzE5MBCGDmh0dHA6Ly90ZXN0LzIwMBCGDmh0 +dHA6Ly90ZXN0LzIxMBCGDmh0dHA6Ly90ZXN0LzIyMBCGDmh0dHA6Ly90ZXN0LzIz +MBCGDmh0dHA6Ly90ZXN0LzI0MBCGDmh0dHA6Ly90ZXN0LzI1MBCGDmh0dHA6Ly90 +ZXN0LzI2MBCGDmh0dHA6Ly90ZXN0LzI3MBCGDmh0dHA6Ly90ZXN0LzI4MBCGDmh0 +dHA6Ly90ZXN0LzI5MBCGDmh0dHA6Ly90ZXN0LzMwMBCGDmh0dHA6Ly90ZXN0LzMx +MBCGDmh0dHA6Ly90ZXN0LzMyMBCGDmh0dHA6Ly90ZXN0LzMzMBCGDmh0dHA6Ly90 +ZXN0LzM0MBCGDmh0dHA6Ly90ZXN0LzM1MBCGDmh0dHA6Ly90ZXN0LzM2MBCGDmh0 +dHA6Ly90ZXN0LzM3MBCGDmh0dHA6Ly90ZXN0LzM4MBCGDmh0dHA6Ly90ZXN0LzM5 +MBCGDmh0dHA6Ly90ZXN0LzQwMBCGDmh0dHA6Ly90ZXN0LzQxMBCGDmh0dHA6Ly90 +ZXN0LzQyMBCGDmh0dHA6Ly90ZXN0LzQzMBCGDmh0dHA6Ly90ZXN0LzQ0MBCGDmh0 +dHA6Ly90ZXN0LzQ1MBCGDmh0dHA6Ly90ZXN0LzQ2MBCGDmh0dHA6Ly90ZXN0LzQ3 +MBCGDmh0dHA6Ly90ZXN0LzQ4MBCGDmh0dHA6Ly90ZXN0LzQ5MBCGDmh0dHA6Ly90 +ZXN0LzUwMBCGDmh0dHA6Ly90ZXN0LzUxMBCGDmh0dHA6Ly90ZXN0LzUyMBCGDmh0 +dHA6Ly90ZXN0LzUzMBCGDmh0dHA6Ly90ZXN0LzU0MBCGDmh0dHA6Ly90ZXN0LzU1 +MBCGDmh0dHA6Ly90ZXN0LzU2MBCGDmh0dHA6Ly90ZXN0LzU3MBCGDmh0dHA6Ly90 +ZXN0LzU4MBCGDmh0dHA6Ly90ZXN0LzU5MBCGDmh0dHA6Ly90ZXN0LzYwMBCGDmh0 +dHA6Ly90ZXN0LzYxMBCGDmh0dHA6Ly90ZXN0LzYyMBCGDmh0dHA6Ly90ZXN0LzYz +MBCGDmh0dHA6Ly90ZXN0LzY0MBCGDmh0dHA6Ly90ZXN0LzY1MBCGDmh0dHA6Ly90 +ZXN0LzY2MBCGDmh0dHA6Ly90ZXN0LzY3MBCGDmh0dHA6Ly90ZXN0LzY4MBCGDmh0 +dHA6Ly90ZXN0LzY5MBCGDmh0dHA6Ly90ZXN0LzcwMBCGDmh0dHA6Ly90ZXN0Lzcx +MBCGDmh0dHA6Ly90ZXN0LzcyMBCGDmh0dHA6Ly90ZXN0LzczMBCGDmh0dHA6Ly90 +ZXN0Lzc0MBCGDmh0dHA6Ly90ZXN0Lzc1MBCGDmh0dHA6Ly90ZXN0Lzc2MBCGDmh0 +dHA6Ly90ZXN0Lzc3MBCGDmh0dHA6Ly90ZXN0Lzc4MBCGDmh0dHA6Ly90ZXN0Lzc5 +MBCGDmh0dHA6Ly90ZXN0LzgwMBCGDmh0dHA6Ly90ZXN0LzgxMBCGDmh0dHA6Ly90 +ZXN0LzgyMBCGDmh0dHA6Ly90ZXN0LzgzMBCGDmh0dHA6Ly90ZXN0Lzg0MBCGDmh0 +dHA6Ly90ZXN0Lzg1MBCGDmh0dHA6Ly90ZXN0Lzg2MBCGDmh0dHA6Ly90ZXN0Lzg3 +MBCGDmh0dHA6Ly90ZXN0Lzg4MBCGDmh0dHA6Ly90ZXN0Lzg5MBCGDmh0dHA6Ly90 +ZXN0LzkwMBCGDmh0dHA6Ly90ZXN0LzkxMBCGDmh0dHA6Ly90ZXN0LzkyMBCGDmh0 +dHA6Ly90ZXN0LzkzMBCGDmh0dHA6Ly90ZXN0Lzk0MBCGDmh0dHA6Ly90ZXN0Lzk1 +MBCGDmh0dHA6Ly90ZXN0Lzk2MBCGDmh0dHA6Ly90ZXN0Lzk3MBCGDmh0dHA6Ly90 +ZXN0Lzk4MBCGDmh0dHA6Ly90ZXN0Lzk5MBGGD2h0dHA6Ly90ZXN0LzEwMDARhg9o +dHRwOi8vdGVzdC8xMDEwEYYPaHR0cDovL3Rlc3QvMTAyMBGGD2h0dHA6Ly90ZXN0 +LzEwMzARhg9odHRwOi8vdGVzdC8xMDQwEYYPaHR0cDovL3Rlc3QvMTA1MBGGD2h0 +dHA6Ly90ZXN0LzEwNjARhg9odHRwOi8vdGVzdC8xMDcwEYYPaHR0cDovL3Rlc3Qv +MTA4MBGGD2h0dHA6Ly90ZXN0LzEwOTARhg9odHRwOi8vdGVzdC8xMTAwEYYPaHR0 +cDovL3Rlc3QvMTExMBGGD2h0dHA6Ly90ZXN0LzExMjARhg9odHRwOi8vdGVzdC8x +MTMwEYYPaHR0cDovL3Rlc3QvMTE0MBGGD2h0dHA6Ly90ZXN0LzExNTARhg9odHRw +Oi8vdGVzdC8xMTYwEYYPaHR0cDovL3Rlc3QvMTE3MBGGD2h0dHA6Ly90ZXN0LzEx +ODARhg9odHRwOi8vdGVzdC8xMTkwEYYPaHR0cDovL3Rlc3QvMTIwMBGGD2h0dHA6 +Ly90ZXN0LzEyMTARhg9odHRwOi8vdGVzdC8xMjIwEYYPaHR0cDovL3Rlc3QvMTIz +MBGGD2h0dHA6Ly90ZXN0LzEyNDARhg9odHRwOi8vdGVzdC8xMjUwEYYPaHR0cDov +L3Rlc3QvMTI2MBGGD2h0dHA6Ly90ZXN0LzEyNzARhg9odHRwOi8vdGVzdC8xMjgw +EYYPaHR0cDovL3Rlc3QvMTI5MBGGD2h0dHA6Ly90ZXN0LzEzMDARhg9odHRwOi8v +dGVzdC8xMzEwEYYPaHR0cDovL3Rlc3QvMTMyMBGGD2h0dHA6Ly90ZXN0LzEzMzAR +hg9odHRwOi8vdGVzdC8xMzQwEYYPaHR0cDovL3Rlc3QvMTM1MBGGD2h0dHA6Ly90 +ZXN0LzEzNjARhg9odHRwOi8vdGVzdC8xMzcwEYYPaHR0cDovL3Rlc3QvMTM4MBGG +D2h0dHA6Ly90ZXN0LzEzOTARhg9odHRwOi8vdGVzdC8xNDAwEYYPaHR0cDovL3Rl +c3QvMTQxMBGGD2h0dHA6Ly90ZXN0LzE0MjARhg9odHRwOi8vdGVzdC8xNDMwEYYP +aHR0cDovL3Rlc3QvMTQ0MBGGD2h0dHA6Ly90ZXN0LzE0NTARhg9odHRwOi8vdGVz +dC8xNDYwEYYPaHR0cDovL3Rlc3QvMTQ3MBGGD2h0dHA6Ly90ZXN0LzE0ODARhg9o +dHRwOi8vdGVzdC8xNDkwEYYPaHR0cDovL3Rlc3QvMTUwMBGGD2h0dHA6Ly90ZXN0 +LzE1MTARhg9odHRwOi8vdGVzdC8xNTIwEYYPaHR0cDovL3Rlc3QvMTUzMBGGD2h0 +dHA6Ly90ZXN0LzE1NDARhg9odHRwOi8vdGVzdC8xNTUwEYYPaHR0cDovL3Rlc3Qv +MTU2MBGGD2h0dHA6Ly90ZXN0LzE1NzARhg9odHRwOi8vdGVzdC8xNTgwEYYPaHR0 +cDovL3Rlc3QvMTU5MBGGD2h0dHA6Ly90ZXN0LzE2MDARhg9odHRwOi8vdGVzdC8x +NjEwEYYPaHR0cDovL3Rlc3QvMTYyMBGGD2h0dHA6Ly90ZXN0LzE2MzARhg9odHRw +Oi8vdGVzdC8xNjQwEYYPaHR0cDovL3Rlc3QvMTY1MBGGD2h0dHA6Ly90ZXN0LzE2 +NjARhg9odHRwOi8vdGVzdC8xNjcwEYYPaHR0cDovL3Rlc3QvMTY4MBGGD2h0dHA6 +Ly90ZXN0LzE2OTARhg9odHRwOi8vdGVzdC8xNzAwEYYPaHR0cDovL3Rlc3QvMTcx +MBGGD2h0dHA6Ly90ZXN0LzE3MjARhg9odHRwOi8vdGVzdC8xNzMwEYYPaHR0cDov +L3Rlc3QvMTc0MBGGD2h0dHA6Ly90ZXN0LzE3NTARhg9odHRwOi8vdGVzdC8xNzYw +EYYPaHR0cDovL3Rlc3QvMTc3MBGGD2h0dHA6Ly90ZXN0LzE3ODARhg9odHRwOi8v +dGVzdC8xNzkwEYYPaHR0cDovL3Rlc3QvMTgwMBGGD2h0dHA6Ly90ZXN0LzE4MTAR +hg9odHRwOi8vdGVzdC8xODIwEYYPaHR0cDovL3Rlc3QvMTgzMBGGD2h0dHA6Ly90 +ZXN0LzE4NDARhg9odHRwOi8vdGVzdC8xODUwEYYPaHR0cDovL3Rlc3QvMTg2MBGG +D2h0dHA6Ly90ZXN0LzE4NzARhg9odHRwOi8vdGVzdC8xODgwEYYPaHR0cDovL3Rl +c3QvMTg5MBGGD2h0dHA6Ly90ZXN0LzE5MDARhg9odHRwOi8vdGVzdC8xOTEwEYYP +aHR0cDovL3Rlc3QvMTkyMBGGD2h0dHA6Ly90ZXN0LzE5MzARhg9odHRwOi8vdGVz +dC8xOTQwEYYPaHR0cDovL3Rlc3QvMTk1MBGGD2h0dHA6Ly90ZXN0LzE5NjARhg9o +dHRwOi8vdGVzdC8xOTcwEYYPaHR0cDovL3Rlc3QvMTk4MBGGD2h0dHA6Ly90ZXN0 +LzE5OTARhg9odHRwOi8vdGVzdC8yMDAwEYYPaHR0cDovL3Rlc3QvMjAxMBGGD2h0 +dHA6Ly90ZXN0LzIwMjARhg9odHRwOi8vdGVzdC8yMDMwEYYPaHR0cDovL3Rlc3Qv +MjA0MBGGD2h0dHA6Ly90ZXN0LzIwNTARhg9odHRwOi8vdGVzdC8yMDYwEYYPaHR0 +cDovL3Rlc3QvMjA3MBGGD2h0dHA6Ly90ZXN0LzIwODARhg9odHRwOi8vdGVzdC8y +MDkwEYYPaHR0cDovL3Rlc3QvMjEwMBGGD2h0dHA6Ly90ZXN0LzIxMTARhg9odHRw +Oi8vdGVzdC8yMTIwEYYPaHR0cDovL3Rlc3QvMjEzMBGGD2h0dHA6Ly90ZXN0LzIx +NDARhg9odHRwOi8vdGVzdC8yMTUwEYYPaHR0cDovL3Rlc3QvMjE2MBGGD2h0dHA6 +Ly90ZXN0LzIxNzARhg9odHRwOi8vdGVzdC8yMTgwEYYPaHR0cDovL3Rlc3QvMjE5 +MBGGD2h0dHA6Ly90ZXN0LzIyMDARhg9odHRwOi8vdGVzdC8yMjEwEYYPaHR0cDov +L3Rlc3QvMjIyMBGGD2h0dHA6Ly90ZXN0LzIyMzARhg9odHRwOi8vdGVzdC8yMjQw +EYYPaHR0cDovL3Rlc3QvMjI1MBGGD2h0dHA6Ly90ZXN0LzIyNjARhg9odHRwOi8v +dGVzdC8yMjcwEYYPaHR0cDovL3Rlc3QvMjI4MBGGD2h0dHA6Ly90ZXN0LzIyOTAR +hg9odHRwOi8vdGVzdC8yMzAwEYYPaHR0cDovL3Rlc3QvMjMxMBGGD2h0dHA6Ly90 +ZXN0LzIzMjARhg9odHRwOi8vdGVzdC8yMzMwEYYPaHR0cDovL3Rlc3QvMjM0MBGG +D2h0dHA6Ly90ZXN0LzIzNTARhg9odHRwOi8vdGVzdC8yMzYwEYYPaHR0cDovL3Rl +c3QvMjM3MBGGD2h0dHA6Ly90ZXN0LzIzODARhg9odHRwOi8vdGVzdC8yMzkwEYYP +aHR0cDovL3Rlc3QvMjQwMBGGD2h0dHA6Ly90ZXN0LzI0MTARhg9odHRwOi8vdGVz +dC8yNDIwEYYPaHR0cDovL3Rlc3QvMjQzMBGGD2h0dHA6Ly90ZXN0LzI0NDARhg9o +dHRwOi8vdGVzdC8yNDUwEYYPaHR0cDovL3Rlc3QvMjQ2MBGGD2h0dHA6Ly90ZXN0 +LzI0NzARhg9odHRwOi8vdGVzdC8yNDgwEYYPaHR0cDovL3Rlc3QvMjQ5MBGGD2h0 +dHA6Ly90ZXN0LzI1MDARhg9odHRwOi8vdGVzdC8yNTEwEYYPaHR0cDovL3Rlc3Qv +MjUyMBGGD2h0dHA6Ly90ZXN0LzI1MzARhg9odHRwOi8vdGVzdC8yNTQwEYYPaHR0 +cDovL3Rlc3QvMjU1MBGGD2h0dHA6Ly90ZXN0LzI1NjARhg9odHRwOi8vdGVzdC8y +NTcwEYYPaHR0cDovL3Rlc3QvMjU4MBGGD2h0dHA6Ly90ZXN0LzI1OTARhg9odHRw +Oi8vdGVzdC8yNjAwEYYPaHR0cDovL3Rlc3QvMjYxMBGGD2h0dHA6Ly90ZXN0LzI2 +MjARhg9odHRwOi8vdGVzdC8yNjMwEYYPaHR0cDovL3Rlc3QvMjY0MBGGD2h0dHA6 +Ly90ZXN0LzI2NTARhg9odHRwOi8vdGVzdC8yNjYwEYYPaHR0cDovL3Rlc3QvMjY3 +MBGGD2h0dHA6Ly90ZXN0LzI2ODARhg9odHRwOi8vdGVzdC8yNjkwEYYPaHR0cDov +L3Rlc3QvMjcwMBGGD2h0dHA6Ly90ZXN0LzI3MTARhg9odHRwOi8vdGVzdC8yNzIw +EYYPaHR0cDovL3Rlc3QvMjczMBGGD2h0dHA6Ly90ZXN0LzI3NDARhg9odHRwOi8v +dGVzdC8yNzUwEYYPaHR0cDovL3Rlc3QvMjc2MBGGD2h0dHA6Ly90ZXN0LzI3NzAR +hg9odHRwOi8vdGVzdC8yNzgwEYYPaHR0cDovL3Rlc3QvMjc5MBGGD2h0dHA6Ly90 +ZXN0LzI4MDARhg9odHRwOi8vdGVzdC8yODEwEYYPaHR0cDovL3Rlc3QvMjgyMBGG +D2h0dHA6Ly90ZXN0LzI4MzARhg9odHRwOi8vdGVzdC8yODQwEYYPaHR0cDovL3Rl +c3QvMjg1MBGGD2h0dHA6Ly90ZXN0LzI4NjARhg9odHRwOi8vdGVzdC8yODcwEYYP +aHR0cDovL3Rlc3QvMjg4MBGGD2h0dHA6Ly90ZXN0LzI4OTARhg9odHRwOi8vdGVz +dC8yOTAwEYYPaHR0cDovL3Rlc3QvMjkxMBGGD2h0dHA6Ly90ZXN0LzI5MjARhg9o +dHRwOi8vdGVzdC8yOTMwEYYPaHR0cDovL3Rlc3QvMjk0MBGGD2h0dHA6Ly90ZXN0 +LzI5NTARhg9odHRwOi8vdGVzdC8yOTYwEYYPaHR0cDovL3Rlc3QvMjk3MBGGD2h0 +dHA6Ly90ZXN0LzI5ODARhg9odHRwOi8vdGVzdC8yOTkwEYYPaHR0cDovL3Rlc3Qv +MzAwMBGGD2h0dHA6Ly90ZXN0LzMwMTARhg9odHRwOi8vdGVzdC8zMDIwEYYPaHR0 +cDovL3Rlc3QvMzAzMBGGD2h0dHA6Ly90ZXN0LzMwNDARhg9odHRwOi8vdGVzdC8z +MDUwEYYPaHR0cDovL3Rlc3QvMzA2MBGGD2h0dHA6Ly90ZXN0LzMwNzARhg9odHRw +Oi8vdGVzdC8zMDgwEYYPaHR0cDovL3Rlc3QvMzA5MBGGD2h0dHA6Ly90ZXN0LzMx +MDARhg9odHRwOi8vdGVzdC8zMTEwEYYPaHR0cDovL3Rlc3QvMzEyMBGGD2h0dHA6 +Ly90ZXN0LzMxMzARhg9odHRwOi8vdGVzdC8zMTQwEYYPaHR0cDovL3Rlc3QvMzE1 +MBGGD2h0dHA6Ly90ZXN0LzMxNjARhg9odHRwOi8vdGVzdC8zMTcwEYYPaHR0cDov +L3Rlc3QvMzE4MBGGD2h0dHA6Ly90ZXN0LzMxOTARhg9odHRwOi8vdGVzdC8zMjAw +EYYPaHR0cDovL3Rlc3QvMzIxMBGGD2h0dHA6Ly90ZXN0LzMyMjARhg9odHRwOi8v +dGVzdC8zMjMwEYYPaHR0cDovL3Rlc3QvMzI0MBGGD2h0dHA6Ly90ZXN0LzMyNTAR +hg9odHRwOi8vdGVzdC8zMjYwEYYPaHR0cDovL3Rlc3QvMzI3MBGGD2h0dHA6Ly90 +ZXN0LzMyODARhg9odHRwOi8vdGVzdC8zMjkwEYYPaHR0cDovL3Rlc3QvMzMwMBGG +D2h0dHA6Ly90ZXN0LzMzMTARhg9odHRwOi8vdGVzdC8zMzIwEYYPaHR0cDovL3Rl +c3QvMzMzMBGGD2h0dHA6Ly90ZXN0LzMzNDARhg9odHRwOi8vdGVzdC8zMzUwEYYP +aHR0cDovL3Rlc3QvMzM2MBGGD2h0dHA6Ly90ZXN0LzMzNzARhg9odHRwOi8vdGVz +dC8zMzgwEYYPaHR0cDovL3Rlc3QvMzM5MBGGD2h0dHA6Ly90ZXN0LzM0MDARhg9o +dHRwOi8vdGVzdC8zNDEwEYYPaHR0cDovL3Rlc3QvMzQyMBGGD2h0dHA6Ly90ZXN0 +LzM0MzARhg9odHRwOi8vdGVzdC8zNDQwEYYPaHR0cDovL3Rlc3QvMzQ1MBGGD2h0 +dHA6Ly90ZXN0LzM0NjARhg9odHRwOi8vdGVzdC8zNDcwEYYPaHR0cDovL3Rlc3Qv +MzQ4MBGGD2h0dHA6Ly90ZXN0LzM0OTARhg9odHRwOi8vdGVzdC8zNTAwEYYPaHR0 +cDovL3Rlc3QvMzUxMBGGD2h0dHA6Ly90ZXN0LzM1MjARhg9odHRwOi8vdGVzdC8z +NTMwEYYPaHR0cDovL3Rlc3QvMzU0MBGGD2h0dHA6Ly90ZXN0LzM1NTARhg9odHRw +Oi8vdGVzdC8zNTYwEYYPaHR0cDovL3Rlc3QvMzU3MBGGD2h0dHA6Ly90ZXN0LzM1 +ODARhg9odHRwOi8vdGVzdC8zNTkwEYYPaHR0cDovL3Rlc3QvMzYwMBGGD2h0dHA6 +Ly90ZXN0LzM2MTARhg9odHRwOi8vdGVzdC8zNjIwEYYPaHR0cDovL3Rlc3QvMzYz +MBGGD2h0dHA6Ly90ZXN0LzM2NDARhg9odHRwOi8vdGVzdC8zNjUwEYYPaHR0cDov +L3Rlc3QvMzY2MBGGD2h0dHA6Ly90ZXN0LzM2NzARhg9odHRwOi8vdGVzdC8zNjgw +EYYPaHR0cDovL3Rlc3QvMzY5MBGGD2h0dHA6Ly90ZXN0LzM3MDARhg9odHRwOi8v +dGVzdC8zNzEwEYYPaHR0cDovL3Rlc3QvMzcyMBGGD2h0dHA6Ly90ZXN0LzM3MzAR +hg9odHRwOi8vdGVzdC8zNzQwEYYPaHR0cDovL3Rlc3QvMzc1MBGGD2h0dHA6Ly90 +ZXN0LzM3NjARhg9odHRwOi8vdGVzdC8zNzcwEYYPaHR0cDovL3Rlc3QvMzc4MBGG +D2h0dHA6Ly90ZXN0LzM3OTARhg9odHRwOi8vdGVzdC8zODAwEYYPaHR0cDovL3Rl +c3QvMzgxMBGGD2h0dHA6Ly90ZXN0LzM4MjARhg9odHRwOi8vdGVzdC8zODMwEYYP +aHR0cDovL3Rlc3QvMzg0MBGGD2h0dHA6Ly90ZXN0LzM4NTARhg9odHRwOi8vdGVz +dC8zODYwEYYPaHR0cDovL3Rlc3QvMzg3MBGGD2h0dHA6Ly90ZXN0LzM4ODARhg9o +dHRwOi8vdGVzdC8zODkwEYYPaHR0cDovL3Rlc3QvMzkwMBGGD2h0dHA6Ly90ZXN0 +LzM5MTARhg9odHRwOi8vdGVzdC8zOTIwEYYPaHR0cDovL3Rlc3QvMzkzMBGGD2h0 +dHA6Ly90ZXN0LzM5NDARhg9odHRwOi8vdGVzdC8zOTUwEYYPaHR0cDovL3Rlc3Qv +Mzk2MBGGD2h0dHA6Ly90ZXN0LzM5NzARhg9odHRwOi8vdGVzdC8zOTgwEYYPaHR0 +cDovL3Rlc3QvMzk5MBGGD2h0dHA6Ly90ZXN0LzQwMDARhg9odHRwOi8vdGVzdC80 +MDEwEYYPaHR0cDovL3Rlc3QvNDAyMBGGD2h0dHA6Ly90ZXN0LzQwMzARhg9odHRw +Oi8vdGVzdC80MDQwEYYPaHR0cDovL3Rlc3QvNDA1MBGGD2h0dHA6Ly90ZXN0LzQw +NjARhg9odHRwOi8vdGVzdC80MDcwEYYPaHR0cDovL3Rlc3QvNDA4MBGGD2h0dHA6 +Ly90ZXN0LzQwOTARhg9odHRwOi8vdGVzdC80MTAwEYYPaHR0cDovL3Rlc3QvNDEx +MBGGD2h0dHA6Ly90ZXN0LzQxMjARhg9odHRwOi8vdGVzdC80MTMwEYYPaHR0cDov +L3Rlc3QvNDE0MBGGD2h0dHA6Ly90ZXN0LzQxNTARhg9odHRwOi8vdGVzdC80MTYw +EYYPaHR0cDovL3Rlc3QvNDE3MBGGD2h0dHA6Ly90ZXN0LzQxODARhg9odHRwOi8v +dGVzdC80MTkwEYYPaHR0cDovL3Rlc3QvNDIwMBGGD2h0dHA6Ly90ZXN0LzQyMTAR +hg9odHRwOi8vdGVzdC80MjIwEYYPaHR0cDovL3Rlc3QvNDIzMBGGD2h0dHA6Ly90 +ZXN0LzQyNDARhg9odHRwOi8vdGVzdC80MjUwEYYPaHR0cDovL3Rlc3QvNDI2MBGG +D2h0dHA6Ly90ZXN0LzQyNzARhg9odHRwOi8vdGVzdC80MjgwEYYPaHR0cDovL3Rl +c3QvNDI5MBGGD2h0dHA6Ly90ZXN0LzQzMDARhg9odHRwOi8vdGVzdC80MzEwEYYP +aHR0cDovL3Rlc3QvNDMyMBGGD2h0dHA6Ly90ZXN0LzQzMzARhg9odHRwOi8vdGVz +dC80MzQwEYYPaHR0cDovL3Rlc3QvNDM1MBGGD2h0dHA6Ly90ZXN0LzQzNjARhg9o +dHRwOi8vdGVzdC80MzcwEYYPaHR0cDovL3Rlc3QvNDM4MBGGD2h0dHA6Ly90ZXN0 +LzQzOTARhg9odHRwOi8vdGVzdC80NDAwEYYPaHR0cDovL3Rlc3QvNDQxMBGGD2h0 +dHA6Ly90ZXN0LzQ0MjARhg9odHRwOi8vdGVzdC80NDMwEYYPaHR0cDovL3Rlc3Qv +NDQ0MBGGD2h0dHA6Ly90ZXN0LzQ0NTARhg9odHRwOi8vdGVzdC80NDYwEYYPaHR0 +cDovL3Rlc3QvNDQ3MBGGD2h0dHA6Ly90ZXN0LzQ0ODARhg9odHRwOi8vdGVzdC80 +NDkwEYYPaHR0cDovL3Rlc3QvNDUwMBGGD2h0dHA6Ly90ZXN0LzQ1MTARhg9odHRw +Oi8vdGVzdC80NTIwEYYPaHR0cDovL3Rlc3QvNDUzMBGGD2h0dHA6Ly90ZXN0LzQ1 +NDARhg9odHRwOi8vdGVzdC80NTUwEYYPaHR0cDovL3Rlc3QvNDU2MBGGD2h0dHA6 +Ly90ZXN0LzQ1NzARhg9odHRwOi8vdGVzdC80NTgwEYYPaHR0cDovL3Rlc3QvNDU5 +MBGGD2h0dHA6Ly90ZXN0LzQ2MDARhg9odHRwOi8vdGVzdC80NjEwEYYPaHR0cDov +L3Rlc3QvNDYyMBGGD2h0dHA6Ly90ZXN0LzQ2MzARhg9odHRwOi8vdGVzdC80NjQw +EYYPaHR0cDovL3Rlc3QvNDY1MBGGD2h0dHA6Ly90ZXN0LzQ2NjARhg9odHRwOi8v +dGVzdC80NjcwEYYPaHR0cDovL3Rlc3QvNDY4MBGGD2h0dHA6Ly90ZXN0LzQ2OTAR +hg9odHRwOi8vdGVzdC80NzAwEYYPaHR0cDovL3Rlc3QvNDcxMBGGD2h0dHA6Ly90 +ZXN0LzQ3MjARhg9odHRwOi8vdGVzdC80NzMwEYYPaHR0cDovL3Rlc3QvNDc0MBGG +D2h0dHA6Ly90ZXN0LzQ3NTARhg9odHRwOi8vdGVzdC80NzYwEYYPaHR0cDovL3Rl +c3QvNDc3MBGGD2h0dHA6Ly90ZXN0LzQ3ODARhg9odHRwOi8vdGVzdC80NzkwEYYP +aHR0cDovL3Rlc3QvNDgwMBGGD2h0dHA6Ly90ZXN0LzQ4MTARhg9odHRwOi8vdGVz +dC80ODIwEYYPaHR0cDovL3Rlc3QvNDgzMBGGD2h0dHA6Ly90ZXN0LzQ4NDARhg9o +dHRwOi8vdGVzdC80ODUwEYYPaHR0cDovL3Rlc3QvNDg2MBGGD2h0dHA6Ly90ZXN0 +LzQ4NzARhg9odHRwOi8vdGVzdC80ODgwEYYPaHR0cDovL3Rlc3QvNDg5MBGGD2h0 +dHA6Ly90ZXN0LzQ5MDARhg9odHRwOi8vdGVzdC80OTEwEYYPaHR0cDovL3Rlc3Qv +NDkyMBGGD2h0dHA6Ly90ZXN0LzQ5MzARhg9odHRwOi8vdGVzdC80OTQwEYYPaHR0 +cDovL3Rlc3QvNDk1MBGGD2h0dHA6Ly90ZXN0LzQ5NjARhg9odHRwOi8vdGVzdC80 +OTcwEYYPaHR0cDovL3Rlc3QvNDk4MBGGD2h0dHA6Ly90ZXN0LzQ5OTARhg9odHRw +Oi8vdGVzdC81MDAwEYYPaHR0cDovL3Rlc3QvNTAxMBGGD2h0dHA6Ly90ZXN0LzUw +MjARhg9odHRwOi8vdGVzdC81MDMwEYYPaHR0cDovL3Rlc3QvNTA0MBGGD2h0dHA6 +Ly90ZXN0LzUwNTARhg9odHRwOi8vdGVzdC81MDYwEYYPaHR0cDovL3Rlc3QvNTA3 +MBGGD2h0dHA6Ly90ZXN0LzUwODARhg9odHRwOi8vdGVzdC81MDkwEYYPaHR0cDov +L3Rlc3QvNTEwMBGGD2h0dHA6Ly90ZXN0LzUxMTARhg9odHRwOi8vdGVzdC81MTIw +EYYPaHR0cDovL3Rlc3QvNTEzMBGGD2h0dHA6Ly90ZXN0LzUxNDARhg9odHRwOi8v +dGVzdC81MTUwEYYPaHR0cDovL3Rlc3QvNTE2MBGGD2h0dHA6Ly90ZXN0LzUxNzAR +hg9odHRwOi8vdGVzdC81MTgwEYYPaHR0cDovL3Rlc3QvNTE5MBGGD2h0dHA6Ly90 +ZXN0LzUyMDARhg9odHRwOi8vdGVzdC81MjEwEYYPaHR0cDovL3Rlc3QvNTIyMBGG +D2h0dHA6Ly90ZXN0LzUyMzARhg9odHRwOi8vdGVzdC81MjQwEYYPaHR0cDovL3Rl +c3QvNTI1MBGGD2h0dHA6Ly90ZXN0LzUyNjARhg9odHRwOi8vdGVzdC81MjcwEYYP +aHR0cDovL3Rlc3QvNTI4MBGGD2h0dHA6Ly90ZXN0LzUyOTARhg9odHRwOi8vdGVz +dC81MzAwEYYPaHR0cDovL3Rlc3QvNTMxMBGGD2h0dHA6Ly90ZXN0LzUzMjARhg9o +dHRwOi8vdGVzdC81MzMwEYYPaHR0cDovL3Rlc3QvNTM0MBGGD2h0dHA6Ly90ZXN0 +LzUzNTARhg9odHRwOi8vdGVzdC81MzYwEYYPaHR0cDovL3Rlc3QvNTM3MBGGD2h0 +dHA6Ly90ZXN0LzUzODARhg9odHRwOi8vdGVzdC81MzkwEYYPaHR0cDovL3Rlc3Qv +NTQwMBGGD2h0dHA6Ly90ZXN0LzU0MTARhg9odHRwOi8vdGVzdC81NDIwEYYPaHR0 +cDovL3Rlc3QvNTQzMBGGD2h0dHA6Ly90ZXN0LzU0NDARhg9odHRwOi8vdGVzdC81 +NDUwEYYPaHR0cDovL3Rlc3QvNTQ2MBGGD2h0dHA6Ly90ZXN0LzU0NzARhg9odHRw +Oi8vdGVzdC81NDgwEYYPaHR0cDovL3Rlc3QvNTQ5MBGGD2h0dHA6Ly90ZXN0LzU1 +MDARhg9odHRwOi8vdGVzdC81NTEwEYYPaHR0cDovL3Rlc3QvNTUyMBGGD2h0dHA6 +Ly90ZXN0LzU1MzARhg9odHRwOi8vdGVzdC81NTQwEYYPaHR0cDovL3Rlc3QvNTU1 +MBGGD2h0dHA6Ly90ZXN0LzU1NjARhg9odHRwOi8vdGVzdC81NTcwEYYPaHR0cDov +L3Rlc3QvNTU4MBGGD2h0dHA6Ly90ZXN0LzU1OTARhg9odHRwOi8vdGVzdC81NjAw +EYYPaHR0cDovL3Rlc3QvNTYxMBGGD2h0dHA6Ly90ZXN0LzU2MjARhg9odHRwOi8v +dGVzdC81NjMwEYYPaHR0cDovL3Rlc3QvNTY0MBGGD2h0dHA6Ly90ZXN0LzU2NTAR +hg9odHRwOi8vdGVzdC81NjYwEYYPaHR0cDovL3Rlc3QvNTY3MBGGD2h0dHA6Ly90 +ZXN0LzU2ODARhg9odHRwOi8vdGVzdC81NjkwEYYPaHR0cDovL3Rlc3QvNTcwMBGG +D2h0dHA6Ly90ZXN0LzU3MTARhg9odHRwOi8vdGVzdC81NzIwEYYPaHR0cDovL3Rl +c3QvNTczMBGGD2h0dHA6Ly90ZXN0LzU3NDARhg9odHRwOi8vdGVzdC81NzUwEYYP +aHR0cDovL3Rlc3QvNTc2MBGGD2h0dHA6Ly90ZXN0LzU3NzARhg9odHRwOi8vdGVz +dC81NzgwEYYPaHR0cDovL3Rlc3QvNTc5MBGGD2h0dHA6Ly90ZXN0LzU4MDARhg9o +dHRwOi8vdGVzdC81ODEwEYYPaHR0cDovL3Rlc3QvNTgyMBGGD2h0dHA6Ly90ZXN0 +LzU4MzARhg9odHRwOi8vdGVzdC81ODQwEYYPaHR0cDovL3Rlc3QvNTg1MBGGD2h0 +dHA6Ly90ZXN0LzU4NjARhg9odHRwOi8vdGVzdC81ODcwEYYPaHR0cDovL3Rlc3Qv +NTg4MBGGD2h0dHA6Ly90ZXN0LzU4OTARhg9odHRwOi8vdGVzdC81OTAwEYYPaHR0 +cDovL3Rlc3QvNTkxMBGGD2h0dHA6Ly90ZXN0LzU5MjARhg9odHRwOi8vdGVzdC81 +OTMwEYYPaHR0cDovL3Rlc3QvNTk0MBGGD2h0dHA6Ly90ZXN0LzU5NTARhg9odHRw +Oi8vdGVzdC81OTYwEYYPaHR0cDovL3Rlc3QvNTk3MBGGD2h0dHA6Ly90ZXN0LzU5 +ODARhg9odHRwOi8vdGVzdC81OTkwEYYPaHR0cDovL3Rlc3QvNjAwMBGGD2h0dHA6 +Ly90ZXN0LzYwMTARhg9odHRwOi8vdGVzdC82MDIwEYYPaHR0cDovL3Rlc3QvNjAz +MBGGD2h0dHA6Ly90ZXN0LzYwNDARhg9odHRwOi8vdGVzdC82MDUwEYYPaHR0cDov +L3Rlc3QvNjA2MBGGD2h0dHA6Ly90ZXN0LzYwNzARhg9odHRwOi8vdGVzdC82MDgw +EYYPaHR0cDovL3Rlc3QvNjA5MBGGD2h0dHA6Ly90ZXN0LzYxMDARhg9odHRwOi8v +dGVzdC82MTEwEYYPaHR0cDovL3Rlc3QvNjEyMBGGD2h0dHA6Ly90ZXN0LzYxMzAR +hg9odHRwOi8vdGVzdC82MTQwEYYPaHR0cDovL3Rlc3QvNjE1MBGGD2h0dHA6Ly90 +ZXN0LzYxNjARhg9odHRwOi8vdGVzdC82MTcwEYYPaHR0cDovL3Rlc3QvNjE4MBGG +D2h0dHA6Ly90ZXN0LzYxOTARhg9odHRwOi8vdGVzdC82MjAwEYYPaHR0cDovL3Rl +c3QvNjIxMBGGD2h0dHA6Ly90ZXN0LzYyMjARhg9odHRwOi8vdGVzdC82MjMwEYYP +aHR0cDovL3Rlc3QvNjI0MBGGD2h0dHA6Ly90ZXN0LzYyNTARhg9odHRwOi8vdGVz +dC82MjYwEYYPaHR0cDovL3Rlc3QvNjI3MBGGD2h0dHA6Ly90ZXN0LzYyODARhg9o +dHRwOi8vdGVzdC82MjkwEYYPaHR0cDovL3Rlc3QvNjMwMBGGD2h0dHA6Ly90ZXN0 +LzYzMTARhg9odHRwOi8vdGVzdC82MzIwEYYPaHR0cDovL3Rlc3QvNjMzMBGGD2h0 +dHA6Ly90ZXN0LzYzNDARhg9odHRwOi8vdGVzdC82MzUwEYYPaHR0cDovL3Rlc3Qv +NjM2MBGGD2h0dHA6Ly90ZXN0LzYzNzARhg9odHRwOi8vdGVzdC82MzgwEYYPaHR0 +cDovL3Rlc3QvNjM5MBGGD2h0dHA6Ly90ZXN0LzY0MDARhg9odHRwOi8vdGVzdC82 +NDEwEYYPaHR0cDovL3Rlc3QvNjQyMBGGD2h0dHA6Ly90ZXN0LzY0MzARhg9odHRw +Oi8vdGVzdC82NDQwEYYPaHR0cDovL3Rlc3QvNjQ1MBGGD2h0dHA6Ly90ZXN0LzY0 +NjARhg9odHRwOi8vdGVzdC82NDcwEYYPaHR0cDovL3Rlc3QvNjQ4MBGGD2h0dHA6 +Ly90ZXN0LzY0OTARhg9odHRwOi8vdGVzdC82NTAwEYYPaHR0cDovL3Rlc3QvNjUx +MBGGD2h0dHA6Ly90ZXN0LzY1MjARhg9odHRwOi8vdGVzdC82NTMwEYYPaHR0cDov +L3Rlc3QvNjU0MBGGD2h0dHA6Ly90ZXN0LzY1NTARhg9odHRwOi8vdGVzdC82NTYw +EYYPaHR0cDovL3Rlc3QvNjU3MBGGD2h0dHA6Ly90ZXN0LzY1ODARhg9odHRwOi8v +dGVzdC82NTkwEYYPaHR0cDovL3Rlc3QvNjYwMBGGD2h0dHA6Ly90ZXN0LzY2MTAR +hg9odHRwOi8vdGVzdC82NjIwEYYPaHR0cDovL3Rlc3QvNjYzMBGGD2h0dHA6Ly90 +ZXN0LzY2NDARhg9odHRwOi8vdGVzdC82NjUwEYYPaHR0cDovL3Rlc3QvNjY2MBGG +D2h0dHA6Ly90ZXN0LzY2NzARhg9odHRwOi8vdGVzdC82NjgwEYYPaHR0cDovL3Rl +c3QvNjY5MBGGD2h0dHA6Ly90ZXN0LzY3MDARhg9odHRwOi8vdGVzdC82NzEwEYYP +aHR0cDovL3Rlc3QvNjcyMBGGD2h0dHA6Ly90ZXN0LzY3MzARhg9odHRwOi8vdGVz +dC82NzQwEYYPaHR0cDovL3Rlc3QvNjc1MBGGD2h0dHA6Ly90ZXN0LzY3NjARhg9o +dHRwOi8vdGVzdC82NzcwEYYPaHR0cDovL3Rlc3QvNjc4MBGGD2h0dHA6Ly90ZXN0 +LzY3OTARhg9odHRwOi8vdGVzdC82ODAwEYYPaHR0cDovL3Rlc3QvNjgxMBGGD2h0 +dHA6Ly90ZXN0LzY4MjARhg9odHRwOi8vdGVzdC82ODMwEYYPaHR0cDovL3Rlc3Qv +Njg0MBGGD2h0dHA6Ly90ZXN0LzY4NTARhg9odHRwOi8vdGVzdC82ODYwEYYPaHR0 +cDovL3Rlc3QvNjg3MBGGD2h0dHA6Ly90ZXN0LzY4ODARhg9odHRwOi8vdGVzdC82 +ODkwEYYPaHR0cDovL3Rlc3QvNjkwMBGGD2h0dHA6Ly90ZXN0LzY5MTARhg9odHRw +Oi8vdGVzdC82OTIwEYYPaHR0cDovL3Rlc3QvNjkzMBGGD2h0dHA6Ly90ZXN0LzY5 +NDARhg9odHRwOi8vdGVzdC82OTUwEYYPaHR0cDovL3Rlc3QvNjk2MBGGD2h0dHA6 +Ly90ZXN0LzY5NzARhg9odHRwOi8vdGVzdC82OTgwEYYPaHR0cDovL3Rlc3QvNjk5 +MBGGD2h0dHA6Ly90ZXN0LzcwMDARhg9odHRwOi8vdGVzdC83MDEwEYYPaHR0cDov +L3Rlc3QvNzAyMBGGD2h0dHA6Ly90ZXN0LzcwMzARhg9odHRwOi8vdGVzdC83MDQw +EYYPaHR0cDovL3Rlc3QvNzA1MBGGD2h0dHA6Ly90ZXN0LzcwNjARhg9odHRwOi8v +dGVzdC83MDcwEYYPaHR0cDovL3Rlc3QvNzA4MBGGD2h0dHA6Ly90ZXN0LzcwOTAR +hg9odHRwOi8vdGVzdC83MTAwEYYPaHR0cDovL3Rlc3QvNzExMBGGD2h0dHA6Ly90 +ZXN0LzcxMjARhg9odHRwOi8vdGVzdC83MTMwEYYPaHR0cDovL3Rlc3QvNzE0MBGG +D2h0dHA6Ly90ZXN0LzcxNTARhg9odHRwOi8vdGVzdC83MTYwEYYPaHR0cDovL3Rl +c3QvNzE3MBGGD2h0dHA6Ly90ZXN0LzcxODARhg9odHRwOi8vdGVzdC83MTkwEYYP +aHR0cDovL3Rlc3QvNzIwMBGGD2h0dHA6Ly90ZXN0LzcyMTARhg9odHRwOi8vdGVz +dC83MjIwEYYPaHR0cDovL3Rlc3QvNzIzMBGGD2h0dHA6Ly90ZXN0LzcyNDARhg9o +dHRwOi8vdGVzdC83MjUwEYYPaHR0cDovL3Rlc3QvNzI2MBGGD2h0dHA6Ly90ZXN0 +LzcyNzARhg9odHRwOi8vdGVzdC83MjgwEYYPaHR0cDovL3Rlc3QvNzI5MBGGD2h0 +dHA6Ly90ZXN0LzczMDARhg9odHRwOi8vdGVzdC83MzEwEYYPaHR0cDovL3Rlc3Qv +NzMyMBGGD2h0dHA6Ly90ZXN0LzczMzARhg9odHRwOi8vdGVzdC83MzQwEYYPaHR0 +cDovL3Rlc3QvNzM1MBGGD2h0dHA6Ly90ZXN0LzczNjARhg9odHRwOi8vdGVzdC83 +MzcwEYYPaHR0cDovL3Rlc3QvNzM4MBGGD2h0dHA6Ly90ZXN0LzczOTARhg9odHRw +Oi8vdGVzdC83NDAwEYYPaHR0cDovL3Rlc3QvNzQxMBGGD2h0dHA6Ly90ZXN0Lzc0 +MjARhg9odHRwOi8vdGVzdC83NDMwEYYPaHR0cDovL3Rlc3QvNzQ0MBGGD2h0dHA6 +Ly90ZXN0Lzc0NTARhg9odHRwOi8vdGVzdC83NDYwEYYPaHR0cDovL3Rlc3QvNzQ3 +MBGGD2h0dHA6Ly90ZXN0Lzc0ODARhg9odHRwOi8vdGVzdC83NDkwEYYPaHR0cDov +L3Rlc3QvNzUwMBGGD2h0dHA6Ly90ZXN0Lzc1MTARhg9odHRwOi8vdGVzdC83NTIw +EYYPaHR0cDovL3Rlc3QvNzUzMBGGD2h0dHA6Ly90ZXN0Lzc1NDARhg9odHRwOi8v +dGVzdC83NTUwEYYPaHR0cDovL3Rlc3QvNzU2MBGGD2h0dHA6Ly90ZXN0Lzc1NzAR +hg9odHRwOi8vdGVzdC83NTgwEYYPaHR0cDovL3Rlc3QvNzU5MBGGD2h0dHA6Ly90 +ZXN0Lzc2MDARhg9odHRwOi8vdGVzdC83NjEwEYYPaHR0cDovL3Rlc3QvNzYyMBGG +D2h0dHA6Ly90ZXN0Lzc2MzARhg9odHRwOi8vdGVzdC83NjQwEYYPaHR0cDovL3Rl +c3QvNzY1MBGGD2h0dHA6Ly90ZXN0Lzc2NjARhg9odHRwOi8vdGVzdC83NjcwEYYP +aHR0cDovL3Rlc3QvNzY4MBGGD2h0dHA6Ly90ZXN0Lzc2OTARhg9odHRwOi8vdGVz +dC83NzAwEYYPaHR0cDovL3Rlc3QvNzcxMBGGD2h0dHA6Ly90ZXN0Lzc3MjARhg9o +dHRwOi8vdGVzdC83NzMwEYYPaHR0cDovL3Rlc3QvNzc0MBGGD2h0dHA6Ly90ZXN0 +Lzc3NTARhg9odHRwOi8vdGVzdC83NzYwEYYPaHR0cDovL3Rlc3QvNzc3MBGGD2h0 +dHA6Ly90ZXN0Lzc3ODARhg9odHRwOi8vdGVzdC83NzkwEYYPaHR0cDovL3Rlc3Qv +NzgwMBGGD2h0dHA6Ly90ZXN0Lzc4MTARhg9odHRwOi8vdGVzdC83ODIwEYYPaHR0 +cDovL3Rlc3QvNzgzMBGGD2h0dHA6Ly90ZXN0Lzc4NDARhg9odHRwOi8vdGVzdC83 +ODUwEYYPaHR0cDovL3Rlc3QvNzg2MBGGD2h0dHA6Ly90ZXN0Lzc4NzARhg9odHRw +Oi8vdGVzdC83ODgwEYYPaHR0cDovL3Rlc3QvNzg5MBGGD2h0dHA6Ly90ZXN0Lzc5 +MDARhg9odHRwOi8vdGVzdC83OTEwEYYPaHR0cDovL3Rlc3QvNzkyMBGGD2h0dHA6 +Ly90ZXN0Lzc5MzARhg9odHRwOi8vdGVzdC83OTQwEYYPaHR0cDovL3Rlc3QvNzk1 +MBGGD2h0dHA6Ly90ZXN0Lzc5NjARhg9odHRwOi8vdGVzdC83OTcwEYYPaHR0cDov +L3Rlc3QvNzk4MBGGD2h0dHA6Ly90ZXN0Lzc5OTARhg9odHRwOi8vdGVzdC84MDAw +EYYPaHR0cDovL3Rlc3QvODAxMBGGD2h0dHA6Ly90ZXN0LzgwMjARhg9odHRwOi8v +dGVzdC84MDMwEYYPaHR0cDovL3Rlc3QvODA0MBGGD2h0dHA6Ly90ZXN0LzgwNTAR +hg9odHRwOi8vdGVzdC84MDYwEYYPaHR0cDovL3Rlc3QvODA3MBGGD2h0dHA6Ly90 +ZXN0LzgwODARhg9odHRwOi8vdGVzdC84MDkwEYYPaHR0cDovL3Rlc3QvODEwMBGG +D2h0dHA6Ly90ZXN0LzgxMTARhg9odHRwOi8vdGVzdC84MTIwEYYPaHR0cDovL3Rl +c3QvODEzMBGGD2h0dHA6Ly90ZXN0LzgxNDARhg9odHRwOi8vdGVzdC84MTUwEYYP +aHR0cDovL3Rlc3QvODE2MBGGD2h0dHA6Ly90ZXN0LzgxNzARhg9odHRwOi8vdGVz +dC84MTgwEYYPaHR0cDovL3Rlc3QvODE5MBGGD2h0dHA6Ly90ZXN0LzgyMDARhg9o +dHRwOi8vdGVzdC84MjEwEYYPaHR0cDovL3Rlc3QvODIyMBGGD2h0dHA6Ly90ZXN0 +LzgyMzARhg9odHRwOi8vdGVzdC84MjQwEYYPaHR0cDovL3Rlc3QvODI1MBGGD2h0 +dHA6Ly90ZXN0LzgyNjARhg9odHRwOi8vdGVzdC84MjcwEYYPaHR0cDovL3Rlc3Qv +ODI4MBGGD2h0dHA6Ly90ZXN0LzgyOTARhg9odHRwOi8vdGVzdC84MzAwEYYPaHR0 +cDovL3Rlc3QvODMxMBGGD2h0dHA6Ly90ZXN0LzgzMjARhg9odHRwOi8vdGVzdC84 +MzMwEYYPaHR0cDovL3Rlc3QvODM0MBGGD2h0dHA6Ly90ZXN0LzgzNTARhg9odHRw +Oi8vdGVzdC84MzYwEYYPaHR0cDovL3Rlc3QvODM3MBGGD2h0dHA6Ly90ZXN0Lzgz +ODARhg9odHRwOi8vdGVzdC84MzkwEYYPaHR0cDovL3Rlc3QvODQwMBGGD2h0dHA6 +Ly90ZXN0Lzg0MTARhg9odHRwOi8vdGVzdC84NDIwEYYPaHR0cDovL3Rlc3QvODQz +MBGGD2h0dHA6Ly90ZXN0Lzg0NDARhg9odHRwOi8vdGVzdC84NDUwEYYPaHR0cDov +L3Rlc3QvODQ2MBGGD2h0dHA6Ly90ZXN0Lzg0NzARhg9odHRwOi8vdGVzdC84NDgw +EYYPaHR0cDovL3Rlc3QvODQ5MBGGD2h0dHA6Ly90ZXN0Lzg1MDARhg9odHRwOi8v +dGVzdC84NTEwEYYPaHR0cDovL3Rlc3QvODUyMBGGD2h0dHA6Ly90ZXN0Lzg1MzAR +hg9odHRwOi8vdGVzdC84NTQwEYYPaHR0cDovL3Rlc3QvODU1MBGGD2h0dHA6Ly90 +ZXN0Lzg1NjARhg9odHRwOi8vdGVzdC84NTcwEYYPaHR0cDovL3Rlc3QvODU4MBGG +D2h0dHA6Ly90ZXN0Lzg1OTARhg9odHRwOi8vdGVzdC84NjAwEYYPaHR0cDovL3Rl +c3QvODYxMBGGD2h0dHA6Ly90ZXN0Lzg2MjARhg9odHRwOi8vdGVzdC84NjMwEYYP +aHR0cDovL3Rlc3QvODY0MBGGD2h0dHA6Ly90ZXN0Lzg2NTARhg9odHRwOi8vdGVz +dC84NjYwEYYPaHR0cDovL3Rlc3QvODY3MBGGD2h0dHA6Ly90ZXN0Lzg2ODARhg9o +dHRwOi8vdGVzdC84NjkwEYYPaHR0cDovL3Rlc3QvODcwMBGGD2h0dHA6Ly90ZXN0 +Lzg3MTARhg9odHRwOi8vdGVzdC84NzIwEYYPaHR0cDovL3Rlc3QvODczMBGGD2h0 +dHA6Ly90ZXN0Lzg3NDARhg9odHRwOi8vdGVzdC84NzUwEYYPaHR0cDovL3Rlc3Qv +ODc2MBGGD2h0dHA6Ly90ZXN0Lzg3NzARhg9odHRwOi8vdGVzdC84NzgwEYYPaHR0 +cDovL3Rlc3QvODc5MBGGD2h0dHA6Ly90ZXN0Lzg4MDARhg9odHRwOi8vdGVzdC84 +ODEwEYYPaHR0cDovL3Rlc3QvODgyMBGGD2h0dHA6Ly90ZXN0Lzg4MzARhg9odHRw +Oi8vdGVzdC84ODQwEYYPaHR0cDovL3Rlc3QvODg1MBGGD2h0dHA6Ly90ZXN0Lzg4 +NjARhg9odHRwOi8vdGVzdC84ODcwEYYPaHR0cDovL3Rlc3QvODg4MBGGD2h0dHA6 +Ly90ZXN0Lzg4OTARhg9odHRwOi8vdGVzdC84OTAwEYYPaHR0cDovL3Rlc3QvODkx +MBGGD2h0dHA6Ly90ZXN0Lzg5MjARhg9odHRwOi8vdGVzdC84OTMwEYYPaHR0cDov +L3Rlc3QvODk0MBGGD2h0dHA6Ly90ZXN0Lzg5NTARhg9odHRwOi8vdGVzdC84OTYw +EYYPaHR0cDovL3Rlc3QvODk3MBGGD2h0dHA6Ly90ZXN0Lzg5ODARhg9odHRwOi8v +dGVzdC84OTkwEYYPaHR0cDovL3Rlc3QvOTAwMBGGD2h0dHA6Ly90ZXN0LzkwMTAR +hg9odHRwOi8vdGVzdC85MDIwEYYPaHR0cDovL3Rlc3QvOTAzMBGGD2h0dHA6Ly90 +ZXN0LzkwNDARhg9odHRwOi8vdGVzdC85MDUwEYYPaHR0cDovL3Rlc3QvOTA2MBGG +D2h0dHA6Ly90ZXN0LzkwNzARhg9odHRwOi8vdGVzdC85MDgwEYYPaHR0cDovL3Rl +c3QvOTA5MBGGD2h0dHA6Ly90ZXN0LzkxMDARhg9odHRwOi8vdGVzdC85MTEwEYYP +aHR0cDovL3Rlc3QvOTEyMBGGD2h0dHA6Ly90ZXN0LzkxMzARhg9odHRwOi8vdGVz +dC85MTQwEYYPaHR0cDovL3Rlc3QvOTE1MBGGD2h0dHA6Ly90ZXN0LzkxNjARhg9o +dHRwOi8vdGVzdC85MTcwEYYPaHR0cDovL3Rlc3QvOTE4MBGGD2h0dHA6Ly90ZXN0 +LzkxOTARhg9odHRwOi8vdGVzdC85MjAwEYYPaHR0cDovL3Rlc3QvOTIxMBGGD2h0 +dHA6Ly90ZXN0LzkyMjARhg9odHRwOi8vdGVzdC85MjMwEYYPaHR0cDovL3Rlc3Qv +OTI0MBGGD2h0dHA6Ly90ZXN0LzkyNTARhg9odHRwOi8vdGVzdC85MjYwEYYPaHR0 +cDovL3Rlc3QvOTI3MBGGD2h0dHA6Ly90ZXN0LzkyODARhg9odHRwOi8vdGVzdC85 +MjkwEYYPaHR0cDovL3Rlc3QvOTMwMBGGD2h0dHA6Ly90ZXN0LzkzMTARhg9odHRw +Oi8vdGVzdC85MzIwEYYPaHR0cDovL3Rlc3QvOTMzMBGGD2h0dHA6Ly90ZXN0Lzkz +NDARhg9odHRwOi8vdGVzdC85MzUwEYYPaHR0cDovL3Rlc3QvOTM2MBGGD2h0dHA6 +Ly90ZXN0LzkzNzARhg9odHRwOi8vdGVzdC85MzgwEYYPaHR0cDovL3Rlc3QvOTM5 +MBGGD2h0dHA6Ly90ZXN0Lzk0MDARhg9odHRwOi8vdGVzdC85NDEwEYYPaHR0cDov +L3Rlc3QvOTQyMBGGD2h0dHA6Ly90ZXN0Lzk0MzARhg9odHRwOi8vdGVzdC85NDQw +EYYPaHR0cDovL3Rlc3QvOTQ1MBGGD2h0dHA6Ly90ZXN0Lzk0NjARhg9odHRwOi8v +dGVzdC85NDcwEYYPaHR0cDovL3Rlc3QvOTQ4MBGGD2h0dHA6Ly90ZXN0Lzk0OTAR +hg9odHRwOi8vdGVzdC85NTAwEYYPaHR0cDovL3Rlc3QvOTUxMBGGD2h0dHA6Ly90 +ZXN0Lzk1MjARhg9odHRwOi8vdGVzdC85NTMwEYYPaHR0cDovL3Rlc3QvOTU0MBGG +D2h0dHA6Ly90ZXN0Lzk1NTARhg9odHRwOi8vdGVzdC85NTYwEYYPaHR0cDovL3Rl +c3QvOTU3MBGGD2h0dHA6Ly90ZXN0Lzk1ODARhg9odHRwOi8vdGVzdC85NTkwEYYP +aHR0cDovL3Rlc3QvOTYwMBGGD2h0dHA6Ly90ZXN0Lzk2MTARhg9odHRwOi8vdGVz +dC85NjIwEYYPaHR0cDovL3Rlc3QvOTYzMBGGD2h0dHA6Ly90ZXN0Lzk2NDARhg9o +dHRwOi8vdGVzdC85NjUwEYYPaHR0cDovL3Rlc3QvOTY2MBGGD2h0dHA6Ly90ZXN0 +Lzk2NzARhg9odHRwOi8vdGVzdC85NjgwEYYPaHR0cDovL3Rlc3QvOTY5MBGGD2h0 +dHA6Ly90ZXN0Lzk3MDARhg9odHRwOi8vdGVzdC85NzEwEYYPaHR0cDovL3Rlc3Qv +OTcyMBGGD2h0dHA6Ly90ZXN0Lzk3MzARhg9odHRwOi8vdGVzdC85NzQwEYYPaHR0 +cDovL3Rlc3QvOTc1MBGGD2h0dHA6Ly90ZXN0Lzk3NjARhg9odHRwOi8vdGVzdC85 +NzcwEYYPaHR0cDovL3Rlc3QvOTc4MBGGD2h0dHA6Ly90ZXN0Lzk3OTARhg9odHRw +Oi8vdGVzdC85ODAwEYYPaHR0cDovL3Rlc3QvOTgxMBGGD2h0dHA6Ly90ZXN0Lzk4 +MjARhg9odHRwOi8vdGVzdC85ODMwEYYPaHR0cDovL3Rlc3QvOTg0MBGGD2h0dHA6 +Ly90ZXN0Lzk4NTARhg9odHRwOi8vdGVzdC85ODYwEYYPaHR0cDovL3Rlc3QvOTg3 +MBGGD2h0dHA6Ly90ZXN0Lzk4ODARhg9odHRwOi8vdGVzdC85ODkwEYYPaHR0cDov +L3Rlc3QvOTkwMBGGD2h0dHA6Ly90ZXN0Lzk5MTARhg9odHRwOi8vdGVzdC85OTIw +EYYPaHR0cDovL3Rlc3QvOTkzMBGGD2h0dHA6Ly90ZXN0Lzk5NDARhg9odHRwOi8v +dGVzdC85OTUwEYYPaHR0cDovL3Rlc3QvOTk2MBGGD2h0dHA6Ly90ZXN0Lzk5NzAR +hg9odHRwOi8vdGVzdC85OTgwEYYPaHR0cDovL3Rlc3QvOTk5MBKGEGh0dHA6Ly90 +ZXN0LzEwMDAwEoYQaHR0cDovL3Rlc3QvMTAwMTAShhBodHRwOi8vdGVzdC8xMDAy +MBKGEGh0dHA6Ly90ZXN0LzEwMDMwEoYQaHR0cDovL3Rlc3QvMTAwNDAShhBodHRw +Oi8vdGVzdC8xMDA1MBKGEGh0dHA6Ly90ZXN0LzEwMDYwEoYQaHR0cDovL3Rlc3Qv +MTAwNzAShhBodHRwOi8vdGVzdC8xMDA4MBKGEGh0dHA6Ly90ZXN0LzEwMDkwEoYQ +aHR0cDovL3Rlc3QvMTAxMDAShhBodHRwOi8vdGVzdC8xMDExMBKGEGh0dHA6Ly90 +ZXN0LzEwMTIwEoYQaHR0cDovL3Rlc3QvMTAxMzAShhBodHRwOi8vdGVzdC8xMDE0 +MBKGEGh0dHA6Ly90ZXN0LzEwMTUwEoYQaHR0cDovL3Rlc3QvMTAxNjAShhBodHRw +Oi8vdGVzdC8xMDE3MBKGEGh0dHA6Ly90ZXN0LzEwMTgwEoYQaHR0cDovL3Rlc3Qv +MTAxOTAShhBodHRwOi8vdGVzdC8xMDIwMBKGEGh0dHA6Ly90ZXN0LzEwMjEwEoYQ +aHR0cDovL3Rlc3QvMTAyMjAShhBodHRwOi8vdGVzdC8xMDIzMBKGEGh0dHA6Ly90 +ZXN0LzEwMjShgmluMAmCB3gwLnRlc3QwCYIHeDEudGVzdDAJggd4Mi50ZXN0MAmC +B3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcu +dGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEwLnRlc3QwCoIIeDExLnRl +c3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRl +c3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRl +c3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRl +c3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRl +c3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRl +c3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRl +c3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRl +c3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRl +c3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRl +c3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRl +c3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRl +c3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRl +c3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRl +c3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRl +c3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRl +c3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRl +c3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRl +c3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRl +c3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRl +c3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRl +c3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRl +c3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRl +c3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4MTAyLnRlc3QwC4IJeDEw +My50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuC +CXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50ZXN0MAuCCXgxMTAudGVz +dDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0 +LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDALggl4MTE3LnRlc3QwC4IJ +eDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0 +MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUu +dGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuCCXgxMjgudGVzdDALggl4 +MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVzdDALggl4MTMyLnRlc3Qw +C4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1LnRlc3QwC4IJeDEzNi50 +ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgx +NDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0MAuCCXgxNDMudGVzdDAL +ggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYudGVzdDALggl4MTQ3LnRl +c3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4MTUwLnRlc3QwC4IJeDE1 +MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuC +CXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVz +dDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgxNjEudGVzdDALggl4MTYy +LnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDALggl4MTY1LnRlc3QwC4IJ +eDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0 +MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/////MAqHCAsAAAP///// +MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/////MAqHCAsAAAf///// +MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/////MAqHCAsAAAv///// +MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/////MAqHCAsAAA////// +MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/////MAqHCAsAABP///// +MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/////MAqHCAsAABf///// +MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/////MAqHCAsAABv///// +MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/////MAqHCAsAAB////// +MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/////MAqHCAsAACP///// +MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/////MAqHCAsAACf///// +MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/////MAqHCAsAACv///// +MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/////MAqHCAsAAC////// +MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/////MAqHCAsAADP///// +MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/////MAqHCAsAADf///// +MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/////MAqHCAsAADv///// +MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/////MAqHCAsAAD////// +MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/////MAqHCAsAAEP///// +MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/////MAqHCAsAAEf///// +MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/////MAqHCAsAAEv///// +MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/////MAqHCAsAAE////// +MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/////MAqHCAsAAFP///// +MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/////MAqHCAsAAFf///// +MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/////MAqHCAsAAFv///// +MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/////MAqHCAsAAF////// +MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/////MAqHCAsAAGP///// +MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/////MAqHCAsAAGf///// +MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/////MAqHCAsAAGv///// +MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/////MAqHCAsAAG////// +MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/////MAqHCAsAAHP///// +MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/////MAqHCAsAAHf///// +MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/////MAqHCAsAAHv///// +MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/////MAqHCAsAAH////// +MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/////MAqHCAsAAIP///// +MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/////MAqHCAsAAIf///// +MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/////MAqHCAsAAIv///// +MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/////MAqHCAsAAI////// +MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/////MAqHCAsAAJP///// +MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/////MAqHCAsAAJf///// +MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/////MAqHCAsAAJv///// +MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/////MAqHCAsAAJ////// +MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/////MAqHCAsAAKP///// +MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/////MAqHCAsAAKf///// +MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQswCQYDVQQDDAJ4MDARpA8w +DTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngyMBGkDzANMQswCQYDVQQD +DAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJBgNVBAMMAng1MBGkDzAN +MQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcwEaQPMA0xCzAJBgNVBAMM +Ang4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoGA1UEAwwDeDEwMBKkEDAO +MQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gxMjASpBAwDjEMMAoGA1UE +AwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4xDDAKBgNVBAMMA3gxNTAS +pBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQDDAN4MTcwEqQQMA4xDDAK +BgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKkEDAOMQwwCgYDVQQDDAN4 +MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoGA1UEAwwDeDIyMBKkEDAO +MQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gyNDASpBAwDjEMMAoGA1UE +AwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4xDDAKBgNVBAMMA3gyNzAS +pBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQDDAN4MjkwEqQQMA4xDDAK +BgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKkEDAOMQwwCgYDVQQDDAN4 +MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoGA1UEAwwDeDM0MBKkEDAO +MQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gzNjASpBAwDjEMMAoGA1UE +AwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4xDDAKBgNVBAMMA3gzOTAS +pBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQDDAN4NDEwEqQQMA4xDDAK +BgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKkEDAOMQwwCgYDVQQDDAN4 +NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoGA1UEAwwDeDQ2MBKkEDAO +MQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0ODASpBAwDjEMMAoGA1UE +AwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4xDDAKBgNVBAMMA3g1MTAS +pBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQDDAN4NTMwEqQQMA4xDDAK +BgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKkEDAOMQwwCgYDVQQDDAN4 +NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoGA1UEAwwDeDU4MBKkEDAO +MQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2MDASpBAwDjEMMAoGA1UE +AwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4xDDAKBgNVBAMMA3g2MzAS +pBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQDDAN4NjUwEqQQMA4xDDAK +BgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKkEDAOMQwwCgYDVQQDDAN4 +NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoGA1UEAwwDeDcwMBKkEDAO +MQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3MjASpBAwDjEMMAoGA1UE +AwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4xDDAKBgNVBAMMA3g3NTAS +pBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQDDAN4NzcwEqQQMA4xDDAK +BgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKkEDAOMQwwCgYDVQQDDAN4 +ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoGA1UEAwwDeDgyMBKkEDAO +MQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4NDASpBAwDjEMMAoGA1UE +AwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4xDDAKBgNVBAMMA3g4NzAS +pBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQDDAN4ODkwEqQQMA4xDDAK +BgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKkEDAOMQwwCgYDVQQDDAN4 +OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoGA1UEAwwDeDk0MBKkEDAO +MQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5NjASpBAwDjEMMAoGA1UE +AwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4xDDAKBgNVBAMMA3g5OTAT +pBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UEAwwEeDEwMTATpBEwDzEN +MAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEwMzATpBEwDzENMAsGA1UE +AwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEwDzENMAsGA1UEAwwEeDEw +NjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsGA1UEAwwEeDEwODATpBEw +DzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwEeDExMDATpBEwDzENMAsG +A1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjATpBEwDzENMAsGA1UEAwwE +eDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzENMAsGA1UEAwwEeDExNTAT +pBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UEAwwEeDExNzATpBEwDzEN +MAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDExOTATpBEwDzENMAsGA1UE +AwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEwDzENMAsGA1UEAwwEeDEy +MjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsGA1UEAwwEeDEyNDATpBEw +DzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwEeDEyNjATpBEwDzENMAsG +A1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODATpBEwDzENMAsGA1UEAwwE +eDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzENMAsGA1UEAwwEeDEzMTAT +pBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UEAwwEeDEzMzATpBEwDzEN +MAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEzNTATpBEwDzENMAsGA1UE +AwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEwDzENMAsGA1UEAwwEeDEz +ODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsGA1UEAwwEeDE0MDATpBEw +DzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwEeDE0MjATpBEwDzENMAsG +A1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDATpBEwDzENMAsGA1UEAwwE +eDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzENMAsGA1UEAwwEeDE0NzAT +pBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UEAwwEeDE0OTATpBEwDzEN +MAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1MTATpBEwDzENMAsGA1UE +AwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEwDzENMAsGA1UEAwwEeDE1 +NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsGA1UEAwwEeDE1NjATpBEw +DzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwEeDE1ODATpBEwDzENMAsG +A1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDATpBEwDzENMAsGA1UEAwwE +eDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzENMAsGA1UEAwwEeDE2MzAT +pBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UEAwwEeDE2NTATpBEwDzEN +MAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2NzATpBEwDzENMAsGA1UE +AwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTAPhg1odHRwOi8veGVzdC8wMA+G +DWh0dHA6Ly94ZXN0LzEwD4YNaHR0cDovL3hlc3QvMjAPhg1odHRwOi8veGVzdC8z +MA+GDWh0dHA6Ly94ZXN0LzQwD4YNaHR0cDovL3hlc3QvNTAPhg1odHRwOi8veGVz +dC82MA+GDWh0dHA6Ly94ZXN0LzcwD4YNaHR0cDovL3hlc3QvODAPhg1odHRwOi8v +eGVzdC85MBCGDmh0dHA6Ly94ZXN0LzEwMBCGDmh0dHA6Ly94ZXN0LzExMBCGDmh0 +dHA6Ly94ZXN0LzEyMBCGDmh0dHA6Ly94ZXN0LzEzMBCGDmh0dHA6Ly94ZXN0LzE0 +MBCGDmh0dHA6Ly94ZXN0LzE1MBCGDmh0dHA6Ly94ZXN0LzE2MBCGDmh0dHA6Ly94 +ZXN0LzE3MBCGDmh0dHA6Ly94ZXN0LzE4MBCGDmh0dHA6Ly94ZXN0LzE5MBCGDmh0 +dHA6Ly94ZXN0LzIwMBCGDmh0dHA6Ly94ZXN0LzIxMBCGDmh0dHA6Ly94ZXN0LzIy +MBCGDmh0dHA6Ly94ZXN0LzIzMBCGDmh0dHA6Ly94ZXN0LzI0MBCGDmh0dHA6Ly94 +ZXN0LzI1MBCGDmh0dHA6Ly94ZXN0LzI2MBCGDmh0dHA6Ly94ZXN0LzI3MBCGDmh0 +dHA6Ly94ZXN0LzI4MBCGDmh0dHA6Ly94ZXN0LzI5MBCGDmh0dHA6Ly94ZXN0LzMw +MBCGDmh0dHA6Ly94ZXN0LzMxMBCGDmh0dHA6Ly94ZXN0LzMyMBCGDmh0dHA6Ly94 +ZXN0LzMzMBCGDmh0dHA6Ly94ZXN0LzM0MBCGDmh0dHA6Ly94ZXN0LzM1MBCGDmh0 +dHA6Ly94ZXN0LzM2MBCGDmh0dHA6Ly94ZXN0LzM3MBCGDmh0dHA6Ly94ZXN0LzM4 +MBCGDmh0dHA6Ly94ZXN0LzM5MBCGDmh0dHA6Ly94ZXN0LzQwMBCGDmh0dHA6Ly94 +ZXN0LzQxMBCGDmh0dHA6Ly94ZXN0LzQyMBCGDmh0dHA6Ly94ZXN0LzQzMBCGDmh0 +dHA6Ly94ZXN0LzQ0MBCGDmh0dHA6Ly94ZXN0LzQ1MBCGDmh0dHA6Ly94ZXN0LzQ2 +MBCGDmh0dHA6Ly94ZXN0LzQ3MBCGDmh0dHA6Ly94ZXN0LzQ4MBCGDmh0dHA6Ly94 +ZXN0LzQ5MBCGDmh0dHA6Ly94ZXN0LzUwMBCGDmh0dHA6Ly94ZXN0LzUxMBCGDmh0 +dHA6Ly94ZXN0LzUyMBCGDmh0dHA6Ly94ZXN0LzUzMBCGDmh0dHA6Ly94ZXN0LzU0 +MBCGDmh0dHA6Ly94ZXN0LzU1MBCGDmh0dHA6Ly94ZXN0LzU2MBCGDmh0dHA6Ly94 +ZXN0LzU3MBCGDmh0dHA6Ly94ZXN0LzU4MBCGDmh0dHA6Ly94ZXN0LzU5MBCGDmh0 +dHA6Ly94ZXN0LzYwMBCGDmh0dHA6Ly94ZXN0LzYxMBCGDmh0dHA6Ly94ZXN0LzYy +MBCGDmh0dHA6Ly94ZXN0LzYzMBCGDmh0dHA6Ly94ZXN0LzY0MBCGDmh0dHA6Ly94 +ZXN0LzY1MBCGDmh0dHA6Ly94ZXN0LzY2MBCGDmh0dHA6Ly94ZXN0LzY3MBCGDmh0 +dHA6Ly94ZXN0LzY4MBCGDmh0dHA6Ly94ZXN0LzY5MBCGDmh0dHA6Ly94ZXN0Lzcw +MBCGDmh0dHA6Ly94ZXN0LzcxMBCGDmh0dHA6Ly94ZXN0LzcyMBCGDmh0dHA6Ly94 +ZXN0LzczMBCGDmh0dHA6Ly94ZXN0Lzc0MBCGDmh0dHA6Ly94ZXN0Lzc1MBCGDmh0 +dHA6Ly94ZXN0Lzc2MBCGDmh0dHA6Ly94ZXN0Lzc3MBCGDmh0dHA6Ly94ZXN0Lzc4 +MBCGDmh0dHA6Ly94ZXN0Lzc5MBCGDmh0dHA6Ly94ZXN0LzgwMBCGDmh0dHA6Ly94 +ZXN0LzgxMBCGDmh0dHA6Ly94ZXN0LzgyMBCGDmh0dHA6Ly94ZXN0LzgzMBCGDmh0 +dHA6Ly94ZXN0Lzg0MBCGDmh0dHA6Ly94ZXN0Lzg1MBCGDmh0dHA6Ly94ZXN0Lzg2 +MBCGDmh0dHA6Ly94ZXN0Lzg3MBCGDmh0dHA6Ly94ZXN0Lzg4MBCGDmh0dHA6Ly94 +ZXN0Lzg5MBCGDmh0dHA6Ly94ZXN0LzkwMBCGDmh0dHA6Ly94ZXN0LzkxMBCGDmh0 +dHA6Ly94ZXN0LzkyMBCGDmh0dHA6Ly94ZXN0LzkzMBCGDmh0dHA6Ly94ZXN0Lzk0 +MBCGDmh0dHA6Ly94ZXN0Lzk1MBCGDmh0dHA6Ly94ZXN0Lzk2MBCGDmh0dHA6Ly94 +ZXN0Lzk3MBCGDmh0dHA6Ly94ZXN0Lzk4MBCGDmh0dHA6Ly94ZXN0Lzk5MBGGD2h0 +dHA6Ly94ZXN0LzEwMDARhg9odHRwOi8veGVzdC8xMDEwEYYPaHR0cDovL3hlc3Qv +MTAyMBGGD2h0dHA6Ly94ZXN0LzEwMzARhg9odHRwOi8veGVzdC8xMDQwEYYPaHR0 +cDovL3hlc3QvMTA1MBGGD2h0dHA6Ly94ZXN0LzEwNjARhg9odHRwOi8veGVzdC8x +MDcwEYYPaHR0cDovL3hlc3QvMTA4MBGGD2h0dHA6Ly94ZXN0LzEwOTARhg9odHRw +Oi8veGVzdC8xMTAwEYYPaHR0cDovL3hlc3QvMTExMBGGD2h0dHA6Ly94ZXN0LzEx +MjARhg9odHRwOi8veGVzdC8xMTMwEYYPaHR0cDovL3hlc3QvMTE0MBGGD2h0dHA6 +Ly94ZXN0LzExNTARhg9odHRwOi8veGVzdC8xMTYwEYYPaHR0cDovL3hlc3QvMTE3 +MBGGD2h0dHA6Ly94ZXN0LzExODARhg9odHRwOi8veGVzdC8xMTkwEYYPaHR0cDov +L3hlc3QvMTIwMBGGD2h0dHA6Ly94ZXN0LzEyMTARhg9odHRwOi8veGVzdC8xMjIw +EYYPaHR0cDovL3hlc3QvMTIzMBGGD2h0dHA6Ly94ZXN0LzEyNDARhg9odHRwOi8v +eGVzdC8xMjUwEYYPaHR0cDovL3hlc3QvMTI2MBGGD2h0dHA6Ly94ZXN0LzEyNzAR +hg9odHRwOi8veGVzdC8xMjgwEYYPaHR0cDovL3hlc3QvMTI5MBGGD2h0dHA6Ly94 +ZXN0LzEzMDARhg9odHRwOi8veGVzdC8xMzEwEYYPaHR0cDovL3hlc3QvMTMyMBGG +D2h0dHA6Ly94ZXN0LzEzMzARhg9odHRwOi8veGVzdC8xMzQwEYYPaHR0cDovL3hl +c3QvMTM1MBGGD2h0dHA6Ly94ZXN0LzEzNjARhg9odHRwOi8veGVzdC8xMzcwEYYP +aHR0cDovL3hlc3QvMTM4MBGGD2h0dHA6Ly94ZXN0LzEzOTARhg9odHRwOi8veGVz +dC8xNDAwEYYPaHR0cDovL3hlc3QvMTQxMBGGD2h0dHA6Ly94ZXN0LzE0MjARhg9o +dHRwOi8veGVzdC8xNDMwEYYPaHR0cDovL3hlc3QvMTQ0MBGGD2h0dHA6Ly94ZXN0 +LzE0NTARhg9odHRwOi8veGVzdC8xNDYwEYYPaHR0cDovL3hlc3QvMTQ3MBGGD2h0 +dHA6Ly94ZXN0LzE0ODARhg9odHRwOi8veGVzdC8xNDkwEYYPaHR0cDovL3hlc3Qv +MTUwMBGGD2h0dHA6Ly94ZXN0LzE1MTARhg9odHRwOi8veGVzdC8xNTIwEYYPaHR0 +cDovL3hlc3QvMTUzMBGGD2h0dHA6Ly94ZXN0LzE1NDARhg9odHRwOi8veGVzdC8x +NTUwEYYPaHR0cDovL3hlc3QvMTU2MBGGD2h0dHA6Ly94ZXN0LzE1NzARhg9odHRw +Oi8veGVzdC8xNTgwEYYPaHR0cDovL3hlc3QvMTU5MBGGD2h0dHA6Ly94ZXN0LzE2 +MDARhg9odHRwOi8veGVzdC8xNjEwEYYPaHR0cDovL3hlc3QvMTYyMBGGD2h0dHA6 +Ly94ZXN0LzE2MzARhg9odHRwOi8veGVzdC8xNjQwEYYPaHR0cDovL3hlc3QvMTY1 +MBGGD2h0dHA6Ly94ZXN0LzE2NjARhg9odHRwOi8veGVzdC8xNjcwEYYPaHR0cDov +L3hlc3QvMTY4MBGGD2h0dHA6Ly94ZXN0LzE2OTARhg9odHRwOi8veGVzdC8xNzAw +EYYPaHR0cDovL3hlc3QvMTcxMBGGD2h0dHA6Ly94ZXN0LzE3MjARhg9odHRwOi8v +eGVzdC8xNzMwEYYPaHR0cDovL3hlc3QvMTc0MBGGD2h0dHA6Ly94ZXN0LzE3NTAR +hg9odHRwOi8veGVzdC8xNzYwEYYPaHR0cDovL3hlc3QvMTc3MBGGD2h0dHA6Ly94 +ZXN0LzE3ODARhg9odHRwOi8veGVzdC8xNzkwEYYPaHR0cDovL3hlc3QvMTgwMBGG +D2h0dHA6Ly94ZXN0LzE4MTARhg9odHRwOi8veGVzdC8xODIwEYYPaHR0cDovL3hl +c3QvMTgzMBGGD2h0dHA6Ly94ZXN0LzE4NDARhg9odHRwOi8veGVzdC8xODUwEYYP +aHR0cDovL3hlc3QvMTg2MBGGD2h0dHA6Ly94ZXN0LzE4NzARhg9odHRwOi8veGVz +dC8xODgwEYYPaHR0cDovL3hlc3QvMTg5MBGGD2h0dHA6Ly94ZXN0LzE5MDARhg9o +dHRwOi8veGVzdC8xOTEwEYYPaHR0cDovL3hlc3QvMTkyMBGGD2h0dHA6Ly94ZXN0 +LzE5MzARhg9odHRwOi8veGVzdC8xOTQwEYYPaHR0cDovL3hlc3QvMTk1MBGGD2h0 +dHA6Ly94ZXN0LzE5NjARhg9odHRwOi8veGVzdC8xOTcwEYYPaHR0cDovL3hlc3Qv +MTk4MBGGD2h0dHA6Ly94ZXN0LzE5OTARhg9odHRwOi8veGVzdC8yMDAwEYYPaHR0 +cDovL3hlc3QvMjAxMBGGD2h0dHA6Ly94ZXN0LzIwMjARhg9odHRwOi8veGVzdC8y +MDMwEYYPaHR0cDovL3hlc3QvMjA0MBGGD2h0dHA6Ly94ZXN0LzIwNTARhg9odHRw +Oi8veGVzdC8yMDYwEYYPaHR0cDovL3hlc3QvMjA3MBGGD2h0dHA6Ly94ZXN0LzIw +ODARhg9odHRwOi8veGVzdC8yMDkwEYYPaHR0cDovL3hlc3QvMjEwMBGGD2h0dHA6 +Ly94ZXN0LzIxMTARhg9odHRwOi8veGVzdC8yMTIwEYYPaHR0cDovL3hlc3QvMjEz +MBGGD2h0dHA6Ly94ZXN0LzIxNDARhg9odHRwOi8veGVzdC8yMTUwEYYPaHR0cDov +L3hlc3QvMjE2MBGGD2h0dHA6Ly94ZXN0LzIxNzARhg9odHRwOi8veGVzdC8yMTgw +EYYPaHR0cDovL3hlc3QvMjE5MBGGD2h0dHA6Ly94ZXN0LzIyMDARhg9odHRwOi8v +eGVzdC8yMjEwEYYPaHR0cDovL3hlc3QvMjIyMBGGD2h0dHA6Ly94ZXN0LzIyMzAR +hg9odHRwOi8veGVzdC8yMjQwEYYPaHR0cDovL3hlc3QvMjI1MBGGD2h0dHA6Ly94 +ZXN0LzIyNjARhg9odHRwOi8veGVzdC8yMjcwEYYPaHR0cDovL3hlc3QvMjI4MBGG +D2h0dHA6Ly94ZXN0LzIyOTARhg9odHRwOi8veGVzdC8yMzAwEYYPaHR0cDovL3hl +c3QvMjMxMBGGD2h0dHA6Ly94ZXN0LzIzMjARhg9odHRwOi8veGVzdC8yMzMwEYYP +aHR0cDovL3hlc3QvMjM0MBGGD2h0dHA6Ly94ZXN0LzIzNTARhg9odHRwOi8veGVz +dC8yMzYwEYYPaHR0cDovL3hlc3QvMjM3MBGGD2h0dHA6Ly94ZXN0LzIzODARhg9o +dHRwOi8veGVzdC8yMzkwEYYPaHR0cDovL3hlc3QvMjQwMBGGD2h0dHA6Ly94ZXN0 +LzI0MTARhg9odHRwOi8veGVzdC8yNDIwEYYPaHR0cDovL3hlc3QvMjQzMBGGD2h0 +dHA6Ly94ZXN0LzI0NDARhg9odHRwOi8veGVzdC8yNDUwEYYPaHR0cDovL3hlc3Qv +MjQ2MBGGD2h0dHA6Ly94ZXN0LzI0NzARhg9odHRwOi8veGVzdC8yNDgwEYYPaHR0 +cDovL3hlc3QvMjQ5MBGGD2h0dHA6Ly94ZXN0LzI1MDARhg9odHRwOi8veGVzdC8y +NTEwEYYPaHR0cDovL3hlc3QvMjUyMBGGD2h0dHA6Ly94ZXN0LzI1MzARhg9odHRw +Oi8veGVzdC8yNTQwEYYPaHR0cDovL3hlc3QvMjU1MBGGD2h0dHA6Ly94ZXN0LzI1 +NjARhg9odHRwOi8veGVzdC8yNTcwEYYPaHR0cDovL3hlc3QvMjU4MBGGD2h0dHA6 +Ly94ZXN0LzI1OTARhg9odHRwOi8veGVzdC8yNjAwEYYPaHR0cDovL3hlc3QvMjYx +MBGGD2h0dHA6Ly94ZXN0LzI2MjARhg9odHRwOi8veGVzdC8yNjMwEYYPaHR0cDov +L3hlc3QvMjY0MBGGD2h0dHA6Ly94ZXN0LzI2NTARhg9odHRwOi8veGVzdC8yNjYw +EYYPaHR0cDovL3hlc3QvMjY3MBGGD2h0dHA6Ly94ZXN0LzI2ODARhg9odHRwOi8v +eGVzdC8yNjkwEYYPaHR0cDovL3hlc3QvMjcwMBGGD2h0dHA6Ly94ZXN0LzI3MTAR +hg9odHRwOi8veGVzdC8yNzIwEYYPaHR0cDovL3hlc3QvMjczMBGGD2h0dHA6Ly94 +ZXN0LzI3NDARhg9odHRwOi8veGVzdC8yNzUwEYYPaHR0cDovL3hlc3QvMjc2MBGG +D2h0dHA6Ly94ZXN0LzI3NzARhg9odHRwOi8veGVzdC8yNzgwEYYPaHR0cDovL3hl +c3QvMjc5MBGGD2h0dHA6Ly94ZXN0LzI4MDARhg9odHRwOi8veGVzdC8yODEwEYYP +aHR0cDovL3hlc3QvMjgyMBGGD2h0dHA6Ly94ZXN0LzI4MzARhg9odHRwOi8veGVz +dC8yODQwEYYPaHR0cDovL3hlc3QvMjg1MBGGD2h0dHA6Ly94ZXN0LzI4NjARhg9o +dHRwOi8veGVzdC8yODcwEYYPaHR0cDovL3hlc3QvMjg4MBGGD2h0dHA6Ly94ZXN0 +LzI4OTARhg9odHRwOi8veGVzdC8yOTAwEYYPaHR0cDovL3hlc3QvMjkxMBGGD2h0 +dHA6Ly94ZXN0LzI5MjARhg9odHRwOi8veGVzdC8yOTMwEYYPaHR0cDovL3hlc3Qv +Mjk0MBGGD2h0dHA6Ly94ZXN0LzI5NTARhg9odHRwOi8veGVzdC8yOTYwEYYPaHR0 +cDovL3hlc3QvMjk3MBGGD2h0dHA6Ly94ZXN0LzI5ODARhg9odHRwOi8veGVzdC8y +OTkwEYYPaHR0cDovL3hlc3QvMzAwMBGGD2h0dHA6Ly94ZXN0LzMwMTARhg9odHRw +Oi8veGVzdC8zMDIwEYYPaHR0cDovL3hlc3QvMzAzMBGGD2h0dHA6Ly94ZXN0LzMw +NDARhg9odHRwOi8veGVzdC8zMDUwEYYPaHR0cDovL3hlc3QvMzA2MBGGD2h0dHA6 +Ly94ZXN0LzMwNzARhg9odHRwOi8veGVzdC8zMDgwEYYPaHR0cDovL3hlc3QvMzA5 +MBGGD2h0dHA6Ly94ZXN0LzMxMDARhg9odHRwOi8veGVzdC8zMTEwEYYPaHR0cDov +L3hlc3QvMzEyMBGGD2h0dHA6Ly94ZXN0LzMxMzARhg9odHRwOi8veGVzdC8zMTQw +EYYPaHR0cDovL3hlc3QvMzE1MBGGD2h0dHA6Ly94ZXN0LzMxNjARhg9odHRwOi8v +eGVzdC8zMTcwEYYPaHR0cDovL3hlc3QvMzE4MBGGD2h0dHA6Ly94ZXN0LzMxOTAR +hg9odHRwOi8veGVzdC8zMjAwEYYPaHR0cDovL3hlc3QvMzIxMBGGD2h0dHA6Ly94 +ZXN0LzMyMjARhg9odHRwOi8veGVzdC8zMjMwEYYPaHR0cDovL3hlc3QvMzI0MBGG +D2h0dHA6Ly94ZXN0LzMyNTARhg9odHRwOi8veGVzdC8zMjYwEYYPaHR0cDovL3hl +c3QvMzI3MBGGD2h0dHA6Ly94ZXN0LzMyODARhg9odHRwOi8veGVzdC8zMjkwEYYP +aHR0cDovL3hlc3QvMzMwMBGGD2h0dHA6Ly94ZXN0LzMzMTARhg9odHRwOi8veGVz +dC8zMzIwEYYPaHR0cDovL3hlc3QvMzMzMBGGD2h0dHA6Ly94ZXN0LzMzNDARhg9o +dHRwOi8veGVzdC8zMzUwEYYPaHR0cDovL3hlc3QvMzM2MBGGD2h0dHA6Ly94ZXN0 +LzMzNzARhg9odHRwOi8veGVzdC8zMzgwEYYPaHR0cDovL3hlc3QvMzM5MBGGD2h0 +dHA6Ly94ZXN0LzM0MDARhg9odHRwOi8veGVzdC8zNDEwEYYPaHR0cDovL3hlc3Qv +MzQyMBGGD2h0dHA6Ly94ZXN0LzM0MzARhg9odHRwOi8veGVzdC8zNDQwEYYPaHR0 +cDovL3hlc3QvMzQ1MBGGD2h0dHA6Ly94ZXN0LzM0NjARhg9odHRwOi8veGVzdC8z +NDcwEYYPaHR0cDovL3hlc3QvMzQ4MBGGD2h0dHA6Ly94ZXN0LzM0OTARhg9odHRw +Oi8veGVzdC8zNTAwEYYPaHR0cDovL3hlc3QvMzUxMBGGD2h0dHA6Ly94ZXN0LzM1 +MjARhg9odHRwOi8veGVzdC8zNTMwEYYPaHR0cDovL3hlc3QvMzU0MBGGD2h0dHA6 +Ly94ZXN0LzM1NTARhg9odHRwOi8veGVzdC8zNTYwEYYPaHR0cDovL3hlc3QvMzU3 +MBGGD2h0dHA6Ly94ZXN0LzM1ODARhg9odHRwOi8veGVzdC8zNTkwEYYPaHR0cDov +L3hlc3QvMzYwMBGGD2h0dHA6Ly94ZXN0LzM2MTARhg9odHRwOi8veGVzdC8zNjIw +EYYPaHR0cDovL3hlc3QvMzYzMBGGD2h0dHA6Ly94ZXN0LzM2NDARhg9odHRwOi8v +eGVzdC8zNjUwEYYPaHR0cDovL3hlc3QvMzY2MBGGD2h0dHA6Ly94ZXN0LzM2NzAR +hg9odHRwOi8veGVzdC8zNjgwEYYPaHR0cDovL3hlc3QvMzY5MBGGD2h0dHA6Ly94 +ZXN0LzM3MDARhg9odHRwOi8veGVzdC8zNzEwEYYPaHR0cDovL3hlc3QvMzcyMBGG +D2h0dHA6Ly94ZXN0LzM3MzARhg9odHRwOi8veGVzdC8zNzQwEYYPaHR0cDovL3hl +c3QvMzc1MBGGD2h0dHA6Ly94ZXN0LzM3NjARhg9odHRwOi8veGVzdC8zNzcwEYYP +aHR0cDovL3hlc3QvMzc4MBGGD2h0dHA6Ly94ZXN0LzM3OTARhg9odHRwOi8veGVz +dC8zODAwEYYPaHR0cDovL3hlc3QvMzgxMBGGD2h0dHA6Ly94ZXN0LzM4MjARhg9o +dHRwOi8veGVzdC8zODMwEYYPaHR0cDovL3hlc3QvMzg0MBGGD2h0dHA6Ly94ZXN0 +LzM4NTARhg9odHRwOi8veGVzdC8zODYwEYYPaHR0cDovL3hlc3QvMzg3MBGGD2h0 +dHA6Ly94ZXN0LzM4ODARhg9odHRwOi8veGVzdC8zODkwEYYPaHR0cDovL3hlc3Qv +MzkwMBGGD2h0dHA6Ly94ZXN0LzM5MTARhg9odHRwOi8veGVzdC8zOTIwEYYPaHR0 +cDovL3hlc3QvMzkzMBGGD2h0dHA6Ly94ZXN0LzM5NDARhg9odHRwOi8veGVzdC8z +OTUwEYYPaHR0cDovL3hlc3QvMzk2MBGGD2h0dHA6Ly94ZXN0LzM5NzARhg9odHRw +Oi8veGVzdC8zOTgwEYYPaHR0cDovL3hlc3QvMzk5MBGGD2h0dHA6Ly94ZXN0LzQw +MDARhg9odHRwOi8veGVzdC80MDEwEYYPaHR0cDovL3hlc3QvNDAyMBGGD2h0dHA6 +Ly94ZXN0LzQwMzARhg9odHRwOi8veGVzdC80MDQwEYYPaHR0cDovL3hlc3QvNDA1 +MBGGD2h0dHA6Ly94ZXN0LzQwNjARhg9odHRwOi8veGVzdC80MDcwEYYPaHR0cDov +L3hlc3QvNDA4MBGGD2h0dHA6Ly94ZXN0LzQwOTARhg9odHRwOi8veGVzdC80MTAw +EYYPaHR0cDovL3hlc3QvNDExMBGGD2h0dHA6Ly94ZXN0LzQxMjARhg9odHRwOi8v +eGVzdC80MTMwEYYPaHR0cDovL3hlc3QvNDE0MBGGD2h0dHA6Ly94ZXN0LzQxNTAR +hg9odHRwOi8veGVzdC80MTYwEYYPaHR0cDovL3hlc3QvNDE3MBGGD2h0dHA6Ly94 +ZXN0LzQxODARhg9odHRwOi8veGVzdC80MTkwEYYPaHR0cDovL3hlc3QvNDIwMBGG +D2h0dHA6Ly94ZXN0LzQyMTARhg9odHRwOi8veGVzdC80MjIwEYYPaHR0cDovL3hl +c3QvNDIzMBGGD2h0dHA6Ly94ZXN0LzQyNDARhg9odHRwOi8veGVzdC80MjUwEYYP +aHR0cDovL3hlc3QvNDI2MBGGD2h0dHA6Ly94ZXN0LzQyNzARhg9odHRwOi8veGVz +dC80MjgwEYYPaHR0cDovL3hlc3QvNDI5MBGGD2h0dHA6Ly94ZXN0LzQzMDARhg9o +dHRwOi8veGVzdC80MzEwEYYPaHR0cDovL3hlc3QvNDMyMBGGD2h0dHA6Ly94ZXN0 +LzQzMzARhg9odHRwOi8veGVzdC80MzQwEYYPaHR0cDovL3hlc3QvNDM1MBGGD2h0 +dHA6Ly94ZXN0LzQzNjARhg9odHRwOi8veGVzdC80MzcwEYYPaHR0cDovL3hlc3Qv +NDM4MBGGD2h0dHA6Ly94ZXN0LzQzOTARhg9odHRwOi8veGVzdC80NDAwEYYPaHR0 +cDovL3hlc3QvNDQxMBGGD2h0dHA6Ly94ZXN0LzQ0MjARhg9odHRwOi8veGVzdC80 +NDMwEYYPaHR0cDovL3hlc3QvNDQ0MBGGD2h0dHA6Ly94ZXN0LzQ0NTARhg9odHRw +Oi8veGVzdC80NDYwEYYPaHR0cDovL3hlc3QvNDQ3MBGGD2h0dHA6Ly94ZXN0LzQ0 +ODARhg9odHRwOi8veGVzdC80NDkwEYYPaHR0cDovL3hlc3QvNDUwMBGGD2h0dHA6 +Ly94ZXN0LzQ1MTARhg9odHRwOi8veGVzdC80NTIwEYYPaHR0cDovL3hlc3QvNDUz +MBGGD2h0dHA6Ly94ZXN0LzQ1NDARhg9odHRwOi8veGVzdC80NTUwEYYPaHR0cDov +L3hlc3QvNDU2MBGGD2h0dHA6Ly94ZXN0LzQ1NzARhg9odHRwOi8veGVzdC80NTgw +EYYPaHR0cDovL3hlc3QvNDU5MBGGD2h0dHA6Ly94ZXN0LzQ2MDARhg9odHRwOi8v +eGVzdC80NjEwEYYPaHR0cDovL3hlc3QvNDYyMBGGD2h0dHA6Ly94ZXN0LzQ2MzAR +hg9odHRwOi8veGVzdC80NjQwEYYPaHR0cDovL3hlc3QvNDY1MBGGD2h0dHA6Ly94 +ZXN0LzQ2NjARhg9odHRwOi8veGVzdC80NjcwEYYPaHR0cDovL3hlc3QvNDY4MBGG +D2h0dHA6Ly94ZXN0LzQ2OTARhg9odHRwOi8veGVzdC80NzAwEYYPaHR0cDovL3hl +c3QvNDcxMBGGD2h0dHA6Ly94ZXN0LzQ3MjARhg9odHRwOi8veGVzdC80NzMwEYYP +aHR0cDovL3hlc3QvNDc0MBGGD2h0dHA6Ly94ZXN0LzQ3NTARhg9odHRwOi8veGVz +dC80NzYwEYYPaHR0cDovL3hlc3QvNDc3MBGGD2h0dHA6Ly94ZXN0LzQ3ODARhg9o +dHRwOi8veGVzdC80NzkwEYYPaHR0cDovL3hlc3QvNDgwMBGGD2h0dHA6Ly94ZXN0 +LzQ4MTARhg9odHRwOi8veGVzdC80ODIwEYYPaHR0cDovL3hlc3QvNDgzMBGGD2h0 +dHA6Ly94ZXN0LzQ4NDARhg9odHRwOi8veGVzdC80ODUwEYYPaHR0cDovL3hlc3Qv +NDg2MBGGD2h0dHA6Ly94ZXN0LzQ4NzARhg9odHRwOi8veGVzdC80ODgwEYYPaHR0 +cDovL3hlc3QvNDg5MBGGD2h0dHA6Ly94ZXN0LzQ5MDARhg9odHRwOi8veGVzdC80 +OTEwEYYPaHR0cDovL3hlc3QvNDkyMBGGD2h0dHA6Ly94ZXN0LzQ5MzARhg9odHRw +Oi8veGVzdC80OTQwEYYPaHR0cDovL3hlc3QvNDk1MBGGD2h0dHA6Ly94ZXN0LzQ5 +NjARhg9odHRwOi8veGVzdC80OTcwEYYPaHR0cDovL3hlc3QvNDk4MBGGD2h0dHA6 +Ly94ZXN0LzQ5OTARhg9odHRwOi8veGVzdC81MDAwEYYPaHR0cDovL3hlc3QvNTAx +MBGGD2h0dHA6Ly94ZXN0LzUwMjARhg9odHRwOi8veGVzdC81MDMwEYYPaHR0cDov +L3hlc3QvNTA0MBGGD2h0dHA6Ly94ZXN0LzUwNTARhg9odHRwOi8veGVzdC81MDYw +EYYPaHR0cDovL3hlc3QvNTA3MBGGD2h0dHA6Ly94ZXN0LzUwODARhg9odHRwOi8v +eGVzdC81MDkwEYYPaHR0cDovL3hlc3QvNTEwMBGGD2h0dHA6Ly94ZXN0LzUxMTAR +hg9odHRwOi8veGVzdC81MTIwEYYPaHR0cDovL3hlc3QvNTEzMBGGD2h0dHA6Ly94 +ZXN0LzUxNDARhg9odHRwOi8veGVzdC81MTUwEYYPaHR0cDovL3hlc3QvNTE2MBGG +D2h0dHA6Ly94ZXN0LzUxNzARhg9odHRwOi8veGVzdC81MTgwEYYPaHR0cDovL3hl +c3QvNTE5MBGGD2h0dHA6Ly94ZXN0LzUyMDARhg9odHRwOi8veGVzdC81MjEwEYYP +aHR0cDovL3hlc3QvNTIyMBGGD2h0dHA6Ly94ZXN0LzUyMzARhg9odHRwOi8veGVz +dC81MjQwEYYPaHR0cDovL3hlc3QvNTI1MBGGD2h0dHA6Ly94ZXN0LzUyNjARhg9o +dHRwOi8veGVzdC81MjcwEYYPaHR0cDovL3hlc3QvNTI4MBGGD2h0dHA6Ly94ZXN0 +LzUyOTARhg9odHRwOi8veGVzdC81MzAwEYYPaHR0cDovL3hlc3QvNTMxMBGGD2h0 +dHA6Ly94ZXN0LzUzMjARhg9odHRwOi8veGVzdC81MzMwEYYPaHR0cDovL3hlc3Qv +NTM0MBGGD2h0dHA6Ly94ZXN0LzUzNTARhg9odHRwOi8veGVzdC81MzYwEYYPaHR0 +cDovL3hlc3QvNTM3MBGGD2h0dHA6Ly94ZXN0LzUzODARhg9odHRwOi8veGVzdC81 +MzkwEYYPaHR0cDovL3hlc3QvNTQwMBGGD2h0dHA6Ly94ZXN0LzU0MTARhg9odHRw +Oi8veGVzdC81NDIwEYYPaHR0cDovL3hlc3QvNTQzMBGGD2h0dHA6Ly94ZXN0LzU0 +NDARhg9odHRwOi8veGVzdC81NDUwEYYPaHR0cDovL3hlc3QvNTQ2MBGGD2h0dHA6 +Ly94ZXN0LzU0NzARhg9odHRwOi8veGVzdC81NDgwEYYPaHR0cDovL3hlc3QvNTQ5 +MBGGD2h0dHA6Ly94ZXN0LzU1MDARhg9odHRwOi8veGVzdC81NTEwEYYPaHR0cDov +L3hlc3QvNTUyMBGGD2h0dHA6Ly94ZXN0LzU1MzARhg9odHRwOi8veGVzdC81NTQw +EYYPaHR0cDovL3hlc3QvNTU1MBGGD2h0dHA6Ly94ZXN0LzU1NjARhg9odHRwOi8v +eGVzdC81NTcwEYYPaHR0cDovL3hlc3QvNTU4MBGGD2h0dHA6Ly94ZXN0LzU1OTAR +hg9odHRwOi8veGVzdC81NjAwEYYPaHR0cDovL3hlc3QvNTYxMBGGD2h0dHA6Ly94 +ZXN0LzU2MjARhg9odHRwOi8veGVzdC81NjMwEYYPaHR0cDovL3hlc3QvNTY0MBGG +D2h0dHA6Ly94ZXN0LzU2NTARhg9odHRwOi8veGVzdC81NjYwEYYPaHR0cDovL3hl +c3QvNTY3MBGGD2h0dHA6Ly94ZXN0LzU2ODARhg9odHRwOi8veGVzdC81NjkwEYYP +aHR0cDovL3hlc3QvNTcwMBGGD2h0dHA6Ly94ZXN0LzU3MTARhg9odHRwOi8veGVz +dC81NzIwEYYPaHR0cDovL3hlc3QvNTczMBGGD2h0dHA6Ly94ZXN0LzU3NDARhg9o +dHRwOi8veGVzdC81NzUwEYYPaHR0cDovL3hlc3QvNTc2MBGGD2h0dHA6Ly94ZXN0 +LzU3NzARhg9odHRwOi8veGVzdC81NzgwEYYPaHR0cDovL3hlc3QvNTc5MBGGD2h0 +dHA6Ly94ZXN0LzU4MDARhg9odHRwOi8veGVzdC81ODEwEYYPaHR0cDovL3hlc3Qv +NTgyMBGGD2h0dHA6Ly94ZXN0LzU4MzARhg9odHRwOi8veGVzdC81ODQwEYYPaHR0 +cDovL3hlc3QvNTg1MBGGD2h0dHA6Ly94ZXN0LzU4NjARhg9odHRwOi8veGVzdC81 +ODcwEYYPaHR0cDovL3hlc3QvNTg4MBGGD2h0dHA6Ly94ZXN0LzU4OTARhg9odHRw +Oi8veGVzdC81OTAwEYYPaHR0cDovL3hlc3QvNTkxMBGGD2h0dHA6Ly94ZXN0LzU5 +MjARhg9odHRwOi8veGVzdC81OTMwEYYPaHR0cDovL3hlc3QvNTk0MBGGD2h0dHA6 +Ly94ZXN0LzU5NTARhg9odHRwOi8veGVzdC81OTYwEYYPaHR0cDovL3hlc3QvNTk3 +MBGGD2h0dHA6Ly94ZXN0LzU5ODARhg9odHRwOi8veGVzdC81OTkwEYYPaHR0cDov +L3hlc3QvNjAwMBGGD2h0dHA6Ly94ZXN0LzYwMTARhg9odHRwOi8veGVzdC82MDIw +EYYPaHR0cDovL3hlc3QvNjAzMBGGD2h0dHA6Ly94ZXN0LzYwNDARhg9odHRwOi8v +eGVzdC82MDUwEYYPaHR0cDovL3hlc3QvNjA2MBGGD2h0dHA6Ly94ZXN0LzYwNzAR +hg9odHRwOi8veGVzdC82MDgwEYYPaHR0cDovL3hlc3QvNjA5MBGGD2h0dHA6Ly94 +ZXN0LzYxMDARhg9odHRwOi8veGVzdC82MTEwEYYPaHR0cDovL3hlc3QvNjEyMBGG +D2h0dHA6Ly94ZXN0LzYxMzARhg9odHRwOi8veGVzdC82MTQwEYYPaHR0cDovL3hl +c3QvNjE1MBGGD2h0dHA6Ly94ZXN0LzYxNjARhg9odHRwOi8veGVzdC82MTcwEYYP +aHR0cDovL3hlc3QvNjE4MBGGD2h0dHA6Ly94ZXN0LzYxOTARhg9odHRwOi8veGVz +dC82MjAwEYYPaHR0cDovL3hlc3QvNjIxMBGGD2h0dHA6Ly94ZXN0LzYyMjARhg9o +dHRwOi8veGVzdC82MjMwEYYPaHR0cDovL3hlc3QvNjI0MBGGD2h0dHA6Ly94ZXN0 +LzYyNTARhg9odHRwOi8veGVzdC82MjYwEYYPaHR0cDovL3hlc3QvNjI3MBGGD2h0 +dHA6Ly94ZXN0LzYyODARhg9odHRwOi8veGVzdC82MjkwEYYPaHR0cDovL3hlc3Qv +NjMwMBGGD2h0dHA6Ly94ZXN0LzYzMTARhg9odHRwOi8veGVzdC82MzIwEYYPaHR0 +cDovL3hlc3QvNjMzMBGGD2h0dHA6Ly94ZXN0LzYzNDARhg9odHRwOi8veGVzdC82 +MzUwEYYPaHR0cDovL3hlc3QvNjM2MBGGD2h0dHA6Ly94ZXN0LzYzNzARhg9odHRw +Oi8veGVzdC82MzgwEYYPaHR0cDovL3hlc3QvNjM5MBGGD2h0dHA6Ly94ZXN0LzY0 +MDARhg9odHRwOi8veGVzdC82NDEwEYYPaHR0cDovL3hlc3QvNjQyMBGGD2h0dHA6 +Ly94ZXN0LzY0MzARhg9odHRwOi8veGVzdC82NDQwEYYPaHR0cDovL3hlc3QvNjQ1 +MBGGD2h0dHA6Ly94ZXN0LzY0NjARhg9odHRwOi8veGVzdC82NDcwEYYPaHR0cDov +L3hlc3QvNjQ4MBGGD2h0dHA6Ly94ZXN0LzY0OTARhg9odHRwOi8veGVzdC82NTAw +EYYPaHR0cDovL3hlc3QvNjUxMBGGD2h0dHA6Ly94ZXN0LzY1MjARhg9odHRwOi8v +eGVzdC82NTMwEYYPaHR0cDovL3hlc3QvNjU0MBGGD2h0dHA6Ly94ZXN0LzY1NTAR +hg9odHRwOi8veGVzdC82NTYwEYYPaHR0cDovL3hlc3QvNjU3MBGGD2h0dHA6Ly94 +ZXN0LzY1ODARhg9odHRwOi8veGVzdC82NTkwEYYPaHR0cDovL3hlc3QvNjYwMBGG +D2h0dHA6Ly94ZXN0LzY2MTARhg9odHRwOi8veGVzdC82NjIwEYYPaHR0cDovL3hl +c3QvNjYzMBGGD2h0dHA6Ly94ZXN0LzY2NDARhg9odHRwOi8veGVzdC82NjUwEYYP +aHR0cDovL3hlc3QvNjY2MBGGD2h0dHA6Ly94ZXN0LzY2NzARhg9odHRwOi8veGVz +dC82NjgwEYYPaHR0cDovL3hlc3QvNjY5MBGGD2h0dHA6Ly94ZXN0LzY3MDARhg9o +dHRwOi8veGVzdC82NzEwEYYPaHR0cDovL3hlc3QvNjcyMBGGD2h0dHA6Ly94ZXN0 +LzY3MzARhg9odHRwOi8veGVzdC82NzQwEYYPaHR0cDovL3hlc3QvNjc1MBGGD2h0 +dHA6Ly94ZXN0LzY3NjARhg9odHRwOi8veGVzdC82NzcwEYYPaHR0cDovL3hlc3Qv +Njc4MBGGD2h0dHA6Ly94ZXN0LzY3OTARhg9odHRwOi8veGVzdC82ODAwEYYPaHR0 +cDovL3hlc3QvNjgxMBGGD2h0dHA6Ly94ZXN0LzY4MjARhg9odHRwOi8veGVzdC82 +ODMwEYYPaHR0cDovL3hlc3QvNjg0MBGGD2h0dHA6Ly94ZXN0LzY4NTARhg9odHRw +Oi8veGVzdC82ODYwEYYPaHR0cDovL3hlc3QvNjg3MBGGD2h0dHA6Ly94ZXN0LzY4 +ODARhg9odHRwOi8veGVzdC82ODkwEYYPaHR0cDovL3hlc3QvNjkwMBGGD2h0dHA6 +Ly94ZXN0LzY5MTARhg9odHRwOi8veGVzdC82OTIwEYYPaHR0cDovL3hlc3QvNjkz +MBGGD2h0dHA6Ly94ZXN0LzY5NDARhg9odHRwOi8veGVzdC82OTUwEYYPaHR0cDov +L3hlc3QvNjk2MBGGD2h0dHA6Ly94ZXN0LzY5NzARhg9odHRwOi8veGVzdC82OTgw +EYYPaHR0cDovL3hlc3QvNjk5MBGGD2h0dHA6Ly94ZXN0LzcwMDARhg9odHRwOi8v +eGVzdC83MDEwEYYPaHR0cDovL3hlc3QvNzAyMBGGD2h0dHA6Ly94ZXN0LzcwMzAR +hg9odHRwOi8veGVzdC83MDQwEYYPaHR0cDovL3hlc3QvNzA1MBGGD2h0dHA6Ly94 +ZXN0LzcwNjARhg9odHRwOi8veGVzdC83MDcwEYYPaHR0cDovL3hlc3QvNzA4MBGG +D2h0dHA6Ly94ZXN0LzcwOTARhg9odHRwOi8veGVzdC83MTAwEYYPaHR0cDovL3hl +c3QvNzExMBGGD2h0dHA6Ly94ZXN0LzcxMjARhg9odHRwOi8veGVzdC83MTMwEYYP +aHR0cDovL3hlc3QvNzE0MBGGD2h0dHA6Ly94ZXN0LzcxNTARhg9odHRwOi8veGVz +dC83MTYwEYYPaHR0cDovL3hlc3QvNzE3MBGGD2h0dHA6Ly94ZXN0LzcxODARhg9o +dHRwOi8veGVzdC83MTkwEYYPaHR0cDovL3hlc3QvNzIwMBGGD2h0dHA6Ly94ZXN0 +LzcyMTARhg9odHRwOi8veGVzdC83MjIwEYYPaHR0cDovL3hlc3QvNzIzMBGGD2h0 +dHA6Ly94ZXN0LzcyNDARhg9odHRwOi8veGVzdC83MjUwEYYPaHR0cDovL3hlc3Qv +NzI2MBGGD2h0dHA6Ly94ZXN0LzcyNzARhg9odHRwOi8veGVzdC83MjgwEYYPaHR0 +cDovL3hlc3QvNzI5MBGGD2h0dHA6Ly94ZXN0LzczMDARhg9odHRwOi8veGVzdC83 +MzEwEYYPaHR0cDovL3hlc3QvNzMyMBGGD2h0dHA6Ly94ZXN0LzczMzARhg9odHRw +Oi8veGVzdC83MzQwEYYPaHR0cDovL3hlc3QvNzM1MBGGD2h0dHA6Ly94ZXN0Lzcz +NjARhg9odHRwOi8veGVzdC83MzcwEYYPaHR0cDovL3hlc3QvNzM4MBGGD2h0dHA6 +Ly94ZXN0LzczOTARhg9odHRwOi8veGVzdC83NDAwEYYPaHR0cDovL3hlc3QvNzQx +MBGGD2h0dHA6Ly94ZXN0Lzc0MjARhg9odHRwOi8veGVzdC83NDMwEYYPaHR0cDov +L3hlc3QvNzQ0MBGGD2h0dHA6Ly94ZXN0Lzc0NTARhg9odHRwOi8veGVzdC83NDYw +EYYPaHR0cDovL3hlc3QvNzQ3MBGGD2h0dHA6Ly94ZXN0Lzc0ODARhg9odHRwOi8v +eGVzdC83NDkwEYYPaHR0cDovL3hlc3QvNzUwMBGGD2h0dHA6Ly94ZXN0Lzc1MTAR +hg9odHRwOi8veGVzdC83NTIwEYYPaHR0cDovL3hlc3QvNzUzMBGGD2h0dHA6Ly94 +ZXN0Lzc1NDARhg9odHRwOi8veGVzdC83NTUwEYYPaHR0cDovL3hlc3QvNzU2MBGG +D2h0dHA6Ly94ZXN0Lzc1NzARhg9odHRwOi8veGVzdC83NTgwEYYPaHR0cDovL3hl +c3QvNzU5MBGGD2h0dHA6Ly94ZXN0Lzc2MDARhg9odHRwOi8veGVzdC83NjEwEYYP +aHR0cDovL3hlc3QvNzYyMBGGD2h0dHA6Ly94ZXN0Lzc2MzARhg9odHRwOi8veGVz +dC83NjQwEYYPaHR0cDovL3hlc3QvNzY1MBGGD2h0dHA6Ly94ZXN0Lzc2NjARhg9o +dHRwOi8veGVzdC83NjcwEYYPaHR0cDovL3hlc3QvNzY4MBGGD2h0dHA6Ly94ZXN0 +Lzc2OTARhg9odHRwOi8veGVzdC83NzAwEYYPaHR0cDovL3hlc3QvNzcxMBGGD2h0 +dHA6Ly94ZXN0Lzc3MjARhg9odHRwOi8veGVzdC83NzMwEYYPaHR0cDovL3hlc3Qv +Nzc0MBGGD2h0dHA6Ly94ZXN0Lzc3NTARhg9odHRwOi8veGVzdC83NzYwEYYPaHR0 +cDovL3hlc3QvNzc3MBGGD2h0dHA6Ly94ZXN0Lzc3ODARhg9odHRwOi8veGVzdC83 +NzkwEYYPaHR0cDovL3hlc3QvNzgwMBGGD2h0dHA6Ly94ZXN0Lzc4MTARhg9odHRw +Oi8veGVzdC83ODIwEYYPaHR0cDovL3hlc3QvNzgzMBGGD2h0dHA6Ly94ZXN0Lzc4 +NDARhg9odHRwOi8veGVzdC83ODUwEYYPaHR0cDovL3hlc3QvNzg2MBGGD2h0dHA6 +Ly94ZXN0Lzc4NzARhg9odHRwOi8veGVzdC83ODgwEYYPaHR0cDovL3hlc3QvNzg5 +MBGGD2h0dHA6Ly94ZXN0Lzc5MDARhg9odHRwOi8veGVzdC83OTEwEYYPaHR0cDov +L3hlc3QvNzkyMBGGD2h0dHA6Ly94ZXN0Lzc5MzARhg9odHRwOi8veGVzdC83OTQw +EYYPaHR0cDovL3hlc3QvNzk1MBGGD2h0dHA6Ly94ZXN0Lzc5NjARhg9odHRwOi8v +eGVzdC83OTcwEYYPaHR0cDovL3hlc3QvNzk4MBGGD2h0dHA6Ly94ZXN0Lzc5OTAR +hg9odHRwOi8veGVzdC84MDAwEYYPaHR0cDovL3hlc3QvODAxMBGGD2h0dHA6Ly94 +ZXN0LzgwMjARhg9odHRwOi8veGVzdC84MDMwEYYPaHR0cDovL3hlc3QvODA0MBGG +D2h0dHA6Ly94ZXN0LzgwNTARhg9odHRwOi8veGVzdC84MDYwEYYPaHR0cDovL3hl +c3QvODA3MBGGD2h0dHA6Ly94ZXN0LzgwODARhg9odHRwOi8veGVzdC84MDkwEYYP +aHR0cDovL3hlc3QvODEwMBGGD2h0dHA6Ly94ZXN0LzgxMTARhg9odHRwOi8veGVz +dC84MTIwEYYPaHR0cDovL3hlc3QvODEzMBGGD2h0dHA6Ly94ZXN0LzgxNDARhg9o +dHRwOi8veGVzdC84MTUwEYYPaHR0cDovL3hlc3QvODE2MBGGD2h0dHA6Ly94ZXN0 +LzgxNzARhg9odHRwOi8veGVzdC84MTgwEYYPaHR0cDovL3hlc3QvODE5MBGGD2h0 +dHA6Ly94ZXN0LzgyMDARhg9odHRwOi8veGVzdC84MjEwEYYPaHR0cDovL3hlc3Qv +ODIyMBGGD2h0dHA6Ly94ZXN0LzgyMzARhg9odHRwOi8veGVzdC84MjQwEYYPaHR0 +cDovL3hlc3QvODI1MBGGD2h0dHA6Ly94ZXN0LzgyNjARhg9odHRwOi8veGVzdC84 +MjcwEYYPaHR0cDovL3hlc3QvODI4MBGGD2h0dHA6Ly94ZXN0LzgyOTARhg9odHRw +Oi8veGVzdC84MzAwEYYPaHR0cDovL3hlc3QvODMxMBGGD2h0dHA6Ly94ZXN0Lzgz +MjARhg9odHRwOi8veGVzdC84MzMwEYYPaHR0cDovL3hlc3QvODM0MBGGD2h0dHA6 +Ly94ZXN0LzgzNTARhg9odHRwOi8veGVzdC84MzYwEYYPaHR0cDovL3hlc3QvODM3 +MBGGD2h0dHA6Ly94ZXN0LzgzODARhg9odHRwOi8veGVzdC84MzkwEYYPaHR0cDov +L3hlc3QvODQwMBGGD2h0dHA6Ly94ZXN0Lzg0MTARhg9odHRwOi8veGVzdC84NDIw +EYYPaHR0cDovL3hlc3QvODQzMBGGD2h0dHA6Ly94ZXN0Lzg0NDARhg9odHRwOi8v +eGVzdC84NDUwEYYPaHR0cDovL3hlc3QvODQ2MBGGD2h0dHA6Ly94ZXN0Lzg0NzAR +hg9odHRwOi8veGVzdC84NDgwEYYPaHR0cDovL3hlc3QvODQ5MBGGD2h0dHA6Ly94 +ZXN0Lzg1MDARhg9odHRwOi8veGVzdC84NTEwEYYPaHR0cDovL3hlc3QvODUyMBGG +D2h0dHA6Ly94ZXN0Lzg1MzARhg9odHRwOi8veGVzdC84NTQwEYYPaHR0cDovL3hl +c3QvODU1MBGGD2h0dHA6Ly94ZXN0Lzg1NjARhg9odHRwOi8veGVzdC84NTcwEYYP +aHR0cDovL3hlc3QvODU4MBGGD2h0dHA6Ly94ZXN0Lzg1OTARhg9odHRwOi8veGVz +dC84NjAwEYYPaHR0cDovL3hlc3QvODYxMBGGD2h0dHA6Ly94ZXN0Lzg2MjARhg9o +dHRwOi8veGVzdC84NjMwEYYPaHR0cDovL3hlc3QvODY0MBGGD2h0dHA6Ly94ZXN0 +Lzg2NTARhg9odHRwOi8veGVzdC84NjYwEYYPaHR0cDovL3hlc3QvODY3MBGGD2h0 +dHA6Ly94ZXN0Lzg2ODARhg9odHRwOi8veGVzdC84NjkwEYYPaHR0cDovL3hlc3Qv +ODcwMBGGD2h0dHA6Ly94ZXN0Lzg3MTARhg9odHRwOi8veGVzdC84NzIwEYYPaHR0 +cDovL3hlc3QvODczMBGGD2h0dHA6Ly94ZXN0Lzg3NDARhg9odHRwOi8veGVzdC84 +NzUwEYYPaHR0cDovL3hlc3QvODc2MBGGD2h0dHA6Ly94ZXN0Lzg3NzARhg9odHRw +Oi8veGVzdC84NzgwEYYPaHR0cDovL3hlc3QvODc5MBGGD2h0dHA6Ly94ZXN0Lzg4 +MDARhg9odHRwOi8veGVzdC84ODEwEYYPaHR0cDovL3hlc3QvODgyMBGGD2h0dHA6 +Ly94ZXN0Lzg4MzARhg9odHRwOi8veGVzdC84ODQwEYYPaHR0cDovL3hlc3QvODg1 +MBGGD2h0dHA6Ly94ZXN0Lzg4NjARhg9odHRwOi8veGVzdC84ODcwEYYPaHR0cDov +L3hlc3QvODg4MBGGD2h0dHA6Ly94ZXN0Lzg4OTARhg9odHRwOi8veGVzdC84OTAw +EYYPaHR0cDovL3hlc3QvODkxMBGGD2h0dHA6Ly94ZXN0Lzg5MjARhg9odHRwOi8v +eGVzdC84OTMwEYYPaHR0cDovL3hlc3QvODk0MBGGD2h0dHA6Ly94ZXN0Lzg5NTAR +hg9odHRwOi8veGVzdC84OTYwEYYPaHR0cDovL3hlc3QvODk3MBGGD2h0dHA6Ly94 +ZXN0Lzg5ODARhg9odHRwOi8veGVzdC84OTkwEYYPaHR0cDovL3hlc3QvOTAwMBGG +D2h0dHA6Ly94ZXN0LzkwMTARhg9odHRwOi8veGVzdC85MDIwEYYPaHR0cDovL3hl +c3QvOTAzMBGGD2h0dHA6Ly94ZXN0LzkwNDARhg9odHRwOi8veGVzdC85MDUwEYYP +aHR0cDovL3hlc3QvOTA2MBGGD2h0dHA6Ly94ZXN0LzkwNzARhg9odHRwOi8veGVz +dC85MDgwEYYPaHR0cDovL3hlc3QvOTA5MBGGD2h0dHA6Ly94ZXN0LzkxMDARhg9o +dHRwOi8veGVzdC85MTEwEYYPaHR0cDovL3hlc3QvOTEyMBGGD2h0dHA6Ly94ZXN0 +LzkxMzARhg9odHRwOi8veGVzdC85MTQwEYYPaHR0cDovL3hlc3QvOTE1MBGGD2h0 +dHA6Ly94ZXN0LzkxNjARhg9odHRwOi8veGVzdC85MTcwEYYPaHR0cDovL3hlc3Qv +OTE4MBGGD2h0dHA6Ly94ZXN0LzkxOTARhg9odHRwOi8veGVzdC85MjAwEYYPaHR0 +cDovL3hlc3QvOTIxMBGGD2h0dHA6Ly94ZXN0LzkyMjARhg9odHRwOi8veGVzdC85 +MjMwEYYPaHR0cDovL3hlc3QvOTI0MBGGD2h0dHA6Ly94ZXN0LzkyNTARhg9odHRw +Oi8veGVzdC85MjYwEYYPaHR0cDovL3hlc3QvOTI3MBGGD2h0dHA6Ly94ZXN0Lzky +ODARhg9odHRwOi8veGVzdC85MjkwEYYPaHR0cDovL3hlc3QvOTMwMBGGD2h0dHA6 +Ly94ZXN0LzkzMTARhg9odHRwOi8veGVzdC85MzIwEYYPaHR0cDovL3hlc3QvOTMz +MBGGD2h0dHA6Ly94ZXN0LzkzNDARhg9odHRwOi8veGVzdC85MzUwEYYPaHR0cDov +L3hlc3QvOTM2MBGGD2h0dHA6Ly94ZXN0LzkzNzARhg9odHRwOi8veGVzdC85Mzgw +EYYPaHR0cDovL3hlc3QvOTM5MBGGD2h0dHA6Ly94ZXN0Lzk0MDARhg9odHRwOi8v +eGVzdC85NDEwEYYPaHR0cDovL3hlc3QvOTQyMBGGD2h0dHA6Ly94ZXN0Lzk0MzAR +hg9odHRwOi8veGVzdC85NDQwEYYPaHR0cDovL3hlc3QvOTQ1MBGGD2h0dHA6Ly94 +ZXN0Lzk0NjARhg9odHRwOi8veGVzdC85NDcwEYYPaHR0cDovL3hlc3QvOTQ4MBGG +D2h0dHA6Ly94ZXN0Lzk0OTARhg9odHRwOi8veGVzdC85NTAwEYYPaHR0cDovL3hl +c3QvOTUxMBGGD2h0dHA6Ly94ZXN0Lzk1MjARhg9odHRwOi8veGVzdC85NTMwEYYP +aHR0cDovL3hlc3QvOTU0MBGGD2h0dHA6Ly94ZXN0Lzk1NTARhg9odHRwOi8veGVz +dC85NTYwEYYPaHR0cDovL3hlc3QvOTU3MBGGD2h0dHA6Ly94ZXN0Lzk1ODARhg9o +dHRwOi8veGVzdC85NTkwEYYPaHR0cDovL3hlc3QvOTYwMBGGD2h0dHA6Ly94ZXN0 +Lzk2MTARhg9odHRwOi8veGVzdC85NjIwEYYPaHR0cDovL3hlc3QvOTYzMBGGD2h0 +dHA6Ly94ZXN0Lzk2NDARhg9odHRwOi8veGVzdC85NjUwEYYPaHR0cDovL3hlc3Qv +OTY2MBGGD2h0dHA6Ly94ZXN0Lzk2NzARhg9odHRwOi8veGVzdC85NjgwEYYPaHR0 +cDovL3hlc3QvOTY5MBGGD2h0dHA6Ly94ZXN0Lzk3MDARhg9odHRwOi8veGVzdC85 +NzEwEYYPaHR0cDovL3hlc3QvOTcyMBGGD2h0dHA6Ly94ZXN0Lzk3MzARhg9odHRw +Oi8veGVzdC85NzQwEYYPaHR0cDovL3hlc3QvOTc1MBGGD2h0dHA6Ly94ZXN0Lzk3 +NjARhg9odHRwOi8veGVzdC85NzcwEYYPaHR0cDovL3hlc3QvOTc4MBGGD2h0dHA6 +Ly94ZXN0Lzk3OTARhg9odHRwOi8veGVzdC85ODAwEYYPaHR0cDovL3hlc3QvOTgx +MBGGD2h0dHA6Ly94ZXN0Lzk4MjARhg9odHRwOi8veGVzdC85ODMwEYYPaHR0cDov +L3hlc3QvOTg0MBGGD2h0dHA6Ly94ZXN0Lzk4NTARhg9odHRwOi8veGVzdC85ODYw +EYYPaHR0cDovL3hlc3QvOTg3MBGGD2h0dHA6Ly94ZXN0Lzk4ODARhg9odHRwOi8v +eGVzdC85ODkwEYYPaHR0cDovL3hlc3QvOTkwMBGGD2h0dHA6Ly94ZXN0Lzk5MTAR +hg9odHRwOi8veGVzdC85OTIwEYYPaHR0cDovL3hlc3QvOTkzMBGGD2h0dHA6Ly94 +ZXN0Lzk5NDARhg9odHRwOi8veGVzdC85OTUwEYYPaHR0cDovL3hlc3QvOTk2MBGG +D2h0dHA6Ly94ZXN0Lzk5NzARhg9odHRwOi8veGVzdC85OTgwEYYPaHR0cDovL3hl +c3QvOTk5MBKGEGh0dHA6Ly94ZXN0LzEwMDAwEoYQaHR0cDovL3hlc3QvMTAwMTAS +hhBodHRwOi8veGVzdC8xMDAyMBKGEGh0dHA6Ly94ZXN0LzEwMDMwEoYQaHR0cDov +L3hlc3QvMTAwNDAShhBodHRwOi8veGVzdC8xMDA1MBKGEGh0dHA6Ly94ZXN0LzEw +MDYwEoYQaHR0cDovL3hlc3QvMTAwNzAShhBodHRwOi8veGVzdC8xMDA4MBKGEGh0 +dHA6Ly94ZXN0LzEwMDkwEoYQaHR0cDovL3hlc3QvMTAxMDAShhBodHRwOi8veGVz +dC8xMDExMBKGEGh0dHA6Ly94ZXN0LzEwMTIwEoYQaHR0cDovL3hlc3QvMTAxMzAS +hhBodHRwOi8veGVzdC8xMDE0MBKGEGh0dHA6Ly94ZXN0LzEwMTUwEoYQaHR0cDov +L3hlc3QvMTAxNjAShhBodHRwOi8veGVzdC8xMDE3MBKGEGh0dHA6Ly94ZXN0LzEw +MTgwEoYQaHR0cDovL3hlc3QvMTAxOTAShhBodHRwOi8veGVzdC8xMDIwMBKGEGh0 +dHA6Ly94ZXN0LzEwMjEwEoYQaHR0cDovL3hlc3QvMTAyMjAShhBodHRwOi8veGVz +dC8xMDIzMBKGEGh0dHA6Ly94ZXN0LzEwMjQwDQYJKoZIhvcNAQELBQADggEBADeo +vuQDYmMVsP6+SX8iXnr4tDMM/jtBDJncvbCjDDpUQidiGBWv5tWRYxcdGz/K9i4v +bnFeZoYnaZExXTWF1EZ3aUVQBZy8ObgP0JamZQLTgFOsWJzz7CcnsjNEURd5kOqx +VzL34FikmWR4VWEW01FizyYCjX3fLdjD0gBeA0l4ILd4np62VulITcVa6ijoFnBK +ObsdiEBa/WeCc/PG8untcIPecj99CC8aQ03JsunO5kOpdCXNupXNUZfLVtTm5tlp +Cl9IFyo7Qayl7B8wybLxaI+hDx59nuO+u43LbkFqFnpI9awUaffeY/yUgOdi2uaZ +Eq3x0l12a8MRblVdfuw= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial new file mode 100644 index 0000000000..5fcb2f4265 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial @@ -0,0 +1 @@ +2FABB43DDCC077802A0309AD437402BF98D8DC diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial.old new file mode 100644 index 0000000000..32296209b4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate.serial.old @@ -0,0 +1 @@ +2FABB43DDCC077802A0309AD437402BF98D8DB diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.cnf new file mode 100644 index 0000000000..fb582a1c60 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.cnf @@ -0,0 +1,2118 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_1.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +excluded;DNS.1 = x0.test +excluded;DNS.2 = x1.test +excluded;DNS.3 = x2.test +excluded;DNS.4 = x3.test +excluded;DNS.5 = x4.test +excluded;DNS.6 = x5.test +excluded;DNS.7 = x6.test +excluded;DNS.8 = x7.test +excluded;DNS.9 = x8.test +excluded;DNS.10 = x9.test +excluded;DNS.11 = x10.test +excluded;DNS.12 = x11.test +excluded;DNS.13 = x12.test +excluded;DNS.14 = x13.test +excluded;DNS.15 = x14.test +excluded;DNS.16 = x15.test +excluded;DNS.17 = x16.test +excluded;DNS.18 = x17.test +excluded;DNS.19 = x18.test +excluded;DNS.20 = x19.test +excluded;DNS.21 = x20.test +excluded;DNS.22 = x21.test +excluded;DNS.23 = x22.test +excluded;DNS.24 = x23.test +excluded;DNS.25 = x24.test +excluded;DNS.26 = x25.test +excluded;DNS.27 = x26.test +excluded;DNS.28 = x27.test +excluded;DNS.29 = x28.test +excluded;DNS.30 = x29.test +excluded;DNS.31 = x30.test +excluded;DNS.32 = x31.test +excluded;DNS.33 = x32.test +excluded;DNS.34 = x33.test +excluded;DNS.35 = x34.test +excluded;DNS.36 = x35.test +excluded;DNS.37 = x36.test +excluded;DNS.38 = x37.test +excluded;DNS.39 = x38.test +excluded;DNS.40 = x39.test +excluded;DNS.41 = x40.test +excluded;DNS.42 = x41.test +excluded;DNS.43 = x42.test +excluded;DNS.44 = x43.test +excluded;DNS.45 = x44.test +excluded;DNS.46 = x45.test +excluded;DNS.47 = x46.test +excluded;DNS.48 = x47.test +excluded;DNS.49 = x48.test +excluded;DNS.50 = x49.test +excluded;DNS.51 = x50.test +excluded;DNS.52 = x51.test +excluded;DNS.53 = x52.test +excluded;DNS.54 = x53.test +excluded;DNS.55 = x54.test +excluded;DNS.56 = x55.test +excluded;DNS.57 = x56.test +excluded;DNS.58 = x57.test +excluded;DNS.59 = x58.test +excluded;DNS.60 = x59.test +excluded;DNS.61 = x60.test +excluded;DNS.62 = x61.test +excluded;DNS.63 = x62.test +excluded;DNS.64 = x63.test +excluded;DNS.65 = x64.test +excluded;DNS.66 = x65.test +excluded;DNS.67 = x66.test +excluded;DNS.68 = x67.test +excluded;DNS.69 = x68.test +excluded;DNS.70 = x69.test +excluded;DNS.71 = x70.test +excluded;DNS.72 = x71.test +excluded;DNS.73 = x72.test +excluded;DNS.74 = x73.test +excluded;DNS.75 = x74.test +excluded;DNS.76 = x75.test +excluded;DNS.77 = x76.test +excluded;DNS.78 = x77.test +excluded;DNS.79 = x78.test +excluded;DNS.80 = x79.test +excluded;DNS.81 = x80.test +excluded;DNS.82 = x81.test +excluded;DNS.83 = x82.test +excluded;DNS.84 = x83.test +excluded;DNS.85 = x84.test +excluded;DNS.86 = x85.test +excluded;DNS.87 = x86.test +excluded;DNS.88 = x87.test +excluded;DNS.89 = x88.test +excluded;DNS.90 = x89.test +excluded;DNS.91 = x90.test +excluded;DNS.92 = x91.test +excluded;DNS.93 = x92.test +excluded;DNS.94 = x93.test +excluded;DNS.95 = x94.test +excluded;DNS.96 = x95.test +excluded;DNS.97 = x96.test +excluded;DNS.98 = x97.test +excluded;DNS.99 = x98.test +excluded;DNS.100 = x99.test +excluded;DNS.101 = x100.test +excluded;DNS.102 = x101.test +excluded;DNS.103 = x102.test +excluded;DNS.104 = x103.test +excluded;DNS.105 = x104.test +excluded;DNS.106 = x105.test +excluded;DNS.107 = x106.test +excluded;DNS.108 = x107.test +excluded;DNS.109 = x108.test +excluded;DNS.110 = x109.test +excluded;DNS.111 = x110.test +excluded;DNS.112 = x111.test +excluded;DNS.113 = x112.test +excluded;DNS.114 = x113.test +excluded;DNS.115 = x114.test +excluded;DNS.116 = x115.test +excluded;DNS.117 = x116.test +excluded;DNS.118 = x117.test +excluded;DNS.119 = x118.test +excluded;DNS.120 = x119.test +excluded;DNS.121 = x120.test +excluded;DNS.122 = x121.test +excluded;DNS.123 = x122.test +excluded;DNS.124 = x123.test +excluded;DNS.125 = x124.test +excluded;DNS.126 = x125.test +excluded;DNS.127 = x126.test +excluded;DNS.128 = x127.test +excluded;DNS.129 = x128.test +excluded;DNS.130 = x129.test +excluded;DNS.131 = x130.test +excluded;DNS.132 = x131.test +excluded;DNS.133 = x132.test +excluded;DNS.134 = x133.test +excluded;DNS.135 = x134.test +excluded;DNS.136 = x135.test +excluded;DNS.137 = x136.test +excluded;DNS.138 = x137.test +excluded;DNS.139 = x138.test +excluded;DNS.140 = x139.test +excluded;DNS.141 = x140.test +excluded;DNS.142 = x141.test +excluded;DNS.143 = x142.test +excluded;DNS.144 = x143.test +excluded;DNS.145 = x144.test +excluded;DNS.146 = x145.test +excluded;DNS.147 = x146.test +excluded;DNS.148 = x147.test +excluded;DNS.149 = x148.test +excluded;DNS.150 = x149.test +excluded;DNS.151 = x150.test +excluded;DNS.152 = x151.test +excluded;DNS.153 = x152.test +excluded;DNS.154 = x153.test +excluded;DNS.155 = x154.test +excluded;DNS.156 = x155.test +excluded;DNS.157 = x156.test +excluded;DNS.158 = x157.test +excluded;DNS.159 = x158.test +excluded;DNS.160 = x159.test +excluded;DNS.161 = x160.test +excluded;DNS.162 = x161.test +excluded;DNS.163 = x162.test +excluded;DNS.164 = x163.test +excluded;DNS.165 = x164.test +excluded;DNS.166 = x165.test +excluded;DNS.167 = x166.test +excluded;DNS.168 = x167.test +excluded;DNS.169 = x168.test +excluded;DNS.170 = x169.test +excluded;IP.1 = 11.0.0.0/255.255.255.255 +excluded;IP.2 = 11.0.0.1/255.255.255.255 +excluded;IP.3 = 11.0.0.2/255.255.255.255 +excluded;IP.4 = 11.0.0.3/255.255.255.255 +excluded;IP.5 = 11.0.0.4/255.255.255.255 +excluded;IP.6 = 11.0.0.5/255.255.255.255 +excluded;IP.7 = 11.0.0.6/255.255.255.255 +excluded;IP.8 = 11.0.0.7/255.255.255.255 +excluded;IP.9 = 11.0.0.8/255.255.255.255 +excluded;IP.10 = 11.0.0.9/255.255.255.255 +excluded;IP.11 = 11.0.0.10/255.255.255.255 +excluded;IP.12 = 11.0.0.11/255.255.255.255 +excluded;IP.13 = 11.0.0.12/255.255.255.255 +excluded;IP.14 = 11.0.0.13/255.255.255.255 +excluded;IP.15 = 11.0.0.14/255.255.255.255 +excluded;IP.16 = 11.0.0.15/255.255.255.255 +excluded;IP.17 = 11.0.0.16/255.255.255.255 +excluded;IP.18 = 11.0.0.17/255.255.255.255 +excluded;IP.19 = 11.0.0.18/255.255.255.255 +excluded;IP.20 = 11.0.0.19/255.255.255.255 +excluded;IP.21 = 11.0.0.20/255.255.255.255 +excluded;IP.22 = 11.0.0.21/255.255.255.255 +excluded;IP.23 = 11.0.0.22/255.255.255.255 +excluded;IP.24 = 11.0.0.23/255.255.255.255 +excluded;IP.25 = 11.0.0.24/255.255.255.255 +excluded;IP.26 = 11.0.0.25/255.255.255.255 +excluded;IP.27 = 11.0.0.26/255.255.255.255 +excluded;IP.28 = 11.0.0.27/255.255.255.255 +excluded;IP.29 = 11.0.0.28/255.255.255.255 +excluded;IP.30 = 11.0.0.29/255.255.255.255 +excluded;IP.31 = 11.0.0.30/255.255.255.255 +excluded;IP.32 = 11.0.0.31/255.255.255.255 +excluded;IP.33 = 11.0.0.32/255.255.255.255 +excluded;IP.34 = 11.0.0.33/255.255.255.255 +excluded;IP.35 = 11.0.0.34/255.255.255.255 +excluded;IP.36 = 11.0.0.35/255.255.255.255 +excluded;IP.37 = 11.0.0.36/255.255.255.255 +excluded;IP.38 = 11.0.0.37/255.255.255.255 +excluded;IP.39 = 11.0.0.38/255.255.255.255 +excluded;IP.40 = 11.0.0.39/255.255.255.255 +excluded;IP.41 = 11.0.0.40/255.255.255.255 +excluded;IP.42 = 11.0.0.41/255.255.255.255 +excluded;IP.43 = 11.0.0.42/255.255.255.255 +excluded;IP.44 = 11.0.0.43/255.255.255.255 +excluded;IP.45 = 11.0.0.44/255.255.255.255 +excluded;IP.46 = 11.0.0.45/255.255.255.255 +excluded;IP.47 = 11.0.0.46/255.255.255.255 +excluded;IP.48 = 11.0.0.47/255.255.255.255 +excluded;IP.49 = 11.0.0.48/255.255.255.255 +excluded;IP.50 = 11.0.0.49/255.255.255.255 +excluded;IP.51 = 11.0.0.50/255.255.255.255 +excluded;IP.52 = 11.0.0.51/255.255.255.255 +excluded;IP.53 = 11.0.0.52/255.255.255.255 +excluded;IP.54 = 11.0.0.53/255.255.255.255 +excluded;IP.55 = 11.0.0.54/255.255.255.255 +excluded;IP.56 = 11.0.0.55/255.255.255.255 +excluded;IP.57 = 11.0.0.56/255.255.255.255 +excluded;IP.58 = 11.0.0.57/255.255.255.255 +excluded;IP.59 = 11.0.0.58/255.255.255.255 +excluded;IP.60 = 11.0.0.59/255.255.255.255 +excluded;IP.61 = 11.0.0.60/255.255.255.255 +excluded;IP.62 = 11.0.0.61/255.255.255.255 +excluded;IP.63 = 11.0.0.62/255.255.255.255 +excluded;IP.64 = 11.0.0.63/255.255.255.255 +excluded;IP.65 = 11.0.0.64/255.255.255.255 +excluded;IP.66 = 11.0.0.65/255.255.255.255 +excluded;IP.67 = 11.0.0.66/255.255.255.255 +excluded;IP.68 = 11.0.0.67/255.255.255.255 +excluded;IP.69 = 11.0.0.68/255.255.255.255 +excluded;IP.70 = 11.0.0.69/255.255.255.255 +excluded;IP.71 = 11.0.0.70/255.255.255.255 +excluded;IP.72 = 11.0.0.71/255.255.255.255 +excluded;IP.73 = 11.0.0.72/255.255.255.255 +excluded;IP.74 = 11.0.0.73/255.255.255.255 +excluded;IP.75 = 11.0.0.74/255.255.255.255 +excluded;IP.76 = 11.0.0.75/255.255.255.255 +excluded;IP.77 = 11.0.0.76/255.255.255.255 +excluded;IP.78 = 11.0.0.77/255.255.255.255 +excluded;IP.79 = 11.0.0.78/255.255.255.255 +excluded;IP.80 = 11.0.0.79/255.255.255.255 +excluded;IP.81 = 11.0.0.80/255.255.255.255 +excluded;IP.82 = 11.0.0.81/255.255.255.255 +excluded;IP.83 = 11.0.0.82/255.255.255.255 +excluded;IP.84 = 11.0.0.83/255.255.255.255 +excluded;IP.85 = 11.0.0.84/255.255.255.255 +excluded;IP.86 = 11.0.0.85/255.255.255.255 +excluded;IP.87 = 11.0.0.86/255.255.255.255 +excluded;IP.88 = 11.0.0.87/255.255.255.255 +excluded;IP.89 = 11.0.0.88/255.255.255.255 +excluded;IP.90 = 11.0.0.89/255.255.255.255 +excluded;IP.91 = 11.0.0.90/255.255.255.255 +excluded;IP.92 = 11.0.0.91/255.255.255.255 +excluded;IP.93 = 11.0.0.92/255.255.255.255 +excluded;IP.94 = 11.0.0.93/255.255.255.255 +excluded;IP.95 = 11.0.0.94/255.255.255.255 +excluded;IP.96 = 11.0.0.95/255.255.255.255 +excluded;IP.97 = 11.0.0.96/255.255.255.255 +excluded;IP.98 = 11.0.0.97/255.255.255.255 +excluded;IP.99 = 11.0.0.98/255.255.255.255 +excluded;IP.100 = 11.0.0.99/255.255.255.255 +excluded;IP.101 = 11.0.0.100/255.255.255.255 +excluded;IP.102 = 11.0.0.101/255.255.255.255 +excluded;IP.103 = 11.0.0.102/255.255.255.255 +excluded;IP.104 = 11.0.0.103/255.255.255.255 +excluded;IP.105 = 11.0.0.104/255.255.255.255 +excluded;IP.106 = 11.0.0.105/255.255.255.255 +excluded;IP.107 = 11.0.0.106/255.255.255.255 +excluded;IP.108 = 11.0.0.107/255.255.255.255 +excluded;IP.109 = 11.0.0.108/255.255.255.255 +excluded;IP.110 = 11.0.0.109/255.255.255.255 +excluded;IP.111 = 11.0.0.110/255.255.255.255 +excluded;IP.112 = 11.0.0.111/255.255.255.255 +excluded;IP.113 = 11.0.0.112/255.255.255.255 +excluded;IP.114 = 11.0.0.113/255.255.255.255 +excluded;IP.115 = 11.0.0.114/255.255.255.255 +excluded;IP.116 = 11.0.0.115/255.255.255.255 +excluded;IP.117 = 11.0.0.116/255.255.255.255 +excluded;IP.118 = 11.0.0.117/255.255.255.255 +excluded;IP.119 = 11.0.0.118/255.255.255.255 +excluded;IP.120 = 11.0.0.119/255.255.255.255 +excluded;IP.121 = 11.0.0.120/255.255.255.255 +excluded;IP.122 = 11.0.0.121/255.255.255.255 +excluded;IP.123 = 11.0.0.122/255.255.255.255 +excluded;IP.124 = 11.0.0.123/255.255.255.255 +excluded;IP.125 = 11.0.0.124/255.255.255.255 +excluded;IP.126 = 11.0.0.125/255.255.255.255 +excluded;IP.127 = 11.0.0.126/255.255.255.255 +excluded;IP.128 = 11.0.0.127/255.255.255.255 +excluded;IP.129 = 11.0.0.128/255.255.255.255 +excluded;IP.130 = 11.0.0.129/255.255.255.255 +excluded;IP.131 = 11.0.0.130/255.255.255.255 +excluded;IP.132 = 11.0.0.131/255.255.255.255 +excluded;IP.133 = 11.0.0.132/255.255.255.255 +excluded;IP.134 = 11.0.0.133/255.255.255.255 +excluded;IP.135 = 11.0.0.134/255.255.255.255 +excluded;IP.136 = 11.0.0.135/255.255.255.255 +excluded;IP.137 = 11.0.0.136/255.255.255.255 +excluded;IP.138 = 11.0.0.137/255.255.255.255 +excluded;IP.139 = 11.0.0.138/255.255.255.255 +excluded;IP.140 = 11.0.0.139/255.255.255.255 +excluded;IP.141 = 11.0.0.140/255.255.255.255 +excluded;IP.142 = 11.0.0.141/255.255.255.255 +excluded;IP.143 = 11.0.0.142/255.255.255.255 +excluded;IP.144 = 11.0.0.143/255.255.255.255 +excluded;IP.145 = 11.0.0.144/255.255.255.255 +excluded;IP.146 = 11.0.0.145/255.255.255.255 +excluded;IP.147 = 11.0.0.146/255.255.255.255 +excluded;IP.148 = 11.0.0.147/255.255.255.255 +excluded;IP.149 = 11.0.0.148/255.255.255.255 +excluded;IP.150 = 11.0.0.149/255.255.255.255 +excluded;IP.151 = 11.0.0.150/255.255.255.255 +excluded;IP.152 = 11.0.0.151/255.255.255.255 +excluded;IP.153 = 11.0.0.152/255.255.255.255 +excluded;IP.154 = 11.0.0.153/255.255.255.255 +excluded;IP.155 = 11.0.0.154/255.255.255.255 +excluded;IP.156 = 11.0.0.155/255.255.255.255 +excluded;IP.157 = 11.0.0.156/255.255.255.255 +excluded;IP.158 = 11.0.0.157/255.255.255.255 +excluded;IP.159 = 11.0.0.158/255.255.255.255 +excluded;IP.160 = 11.0.0.159/255.255.255.255 +excluded;IP.161 = 11.0.0.160/255.255.255.255 +excluded;IP.162 = 11.0.0.161/255.255.255.255 +excluded;IP.163 = 11.0.0.162/255.255.255.255 +excluded;IP.164 = 11.0.0.163/255.255.255.255 +excluded;IP.165 = 11.0.0.164/255.255.255.255 +excluded;IP.166 = 11.0.0.165/255.255.255.255 +excluded;IP.167 = 11.0.0.166/255.255.255.255 +excluded;IP.168 = 11.0.0.167/255.255.255.255 +excluded;IP.169 = 11.0.0.168/255.255.255.255 +excluded;IP.170 = 11.0.0.169/255.255.255.255 +excluded;dirName.1 = nameConstraints_dirname_x1 +excluded;dirName.2 = nameConstraints_dirname_x2 +excluded;dirName.3 = nameConstraints_dirname_x3 +excluded;dirName.4 = nameConstraints_dirname_x4 +excluded;dirName.5 = nameConstraints_dirname_x5 +excluded;dirName.6 = nameConstraints_dirname_x6 +excluded;dirName.7 = nameConstraints_dirname_x7 +excluded;dirName.8 = nameConstraints_dirname_x8 +excluded;dirName.9 = nameConstraints_dirname_x9 +excluded;dirName.10 = nameConstraints_dirname_x10 +excluded;dirName.11 = nameConstraints_dirname_x11 +excluded;dirName.12 = nameConstraints_dirname_x12 +excluded;dirName.13 = nameConstraints_dirname_x13 +excluded;dirName.14 = nameConstraints_dirname_x14 +excluded;dirName.15 = nameConstraints_dirname_x15 +excluded;dirName.16 = nameConstraints_dirname_x16 +excluded;dirName.17 = nameConstraints_dirname_x17 +excluded;dirName.18 = nameConstraints_dirname_x18 +excluded;dirName.19 = nameConstraints_dirname_x19 +excluded;dirName.20 = nameConstraints_dirname_x20 +excluded;dirName.21 = nameConstraints_dirname_x21 +excluded;dirName.22 = nameConstraints_dirname_x22 +excluded;dirName.23 = nameConstraints_dirname_x23 +excluded;dirName.24 = nameConstraints_dirname_x24 +excluded;dirName.25 = nameConstraints_dirname_x25 +excluded;dirName.26 = nameConstraints_dirname_x26 +excluded;dirName.27 = nameConstraints_dirname_x27 +excluded;dirName.28 = nameConstraints_dirname_x28 +excluded;dirName.29 = nameConstraints_dirname_x29 +excluded;dirName.30 = nameConstraints_dirname_x30 +excluded;dirName.31 = nameConstraints_dirname_x31 +excluded;dirName.32 = nameConstraints_dirname_x32 +excluded;dirName.33 = nameConstraints_dirname_x33 +excluded;dirName.34 = nameConstraints_dirname_x34 +excluded;dirName.35 = nameConstraints_dirname_x35 +excluded;dirName.36 = nameConstraints_dirname_x36 +excluded;dirName.37 = nameConstraints_dirname_x37 +excluded;dirName.38 = nameConstraints_dirname_x38 +excluded;dirName.39 = nameConstraints_dirname_x39 +excluded;dirName.40 = nameConstraints_dirname_x40 +excluded;dirName.41 = nameConstraints_dirname_x41 +excluded;dirName.42 = nameConstraints_dirname_x42 +excluded;dirName.43 = nameConstraints_dirname_x43 +excluded;dirName.44 = nameConstraints_dirname_x44 +excluded;dirName.45 = nameConstraints_dirname_x45 +excluded;dirName.46 = nameConstraints_dirname_x46 +excluded;dirName.47 = nameConstraints_dirname_x47 +excluded;dirName.48 = nameConstraints_dirname_x48 +excluded;dirName.49 = nameConstraints_dirname_x49 +excluded;dirName.50 = nameConstraints_dirname_x50 +excluded;dirName.51 = nameConstraints_dirname_x51 +excluded;dirName.52 = nameConstraints_dirname_x52 +excluded;dirName.53 = nameConstraints_dirname_x53 +excluded;dirName.54 = nameConstraints_dirname_x54 +excluded;dirName.55 = nameConstraints_dirname_x55 +excluded;dirName.56 = nameConstraints_dirname_x56 +excluded;dirName.57 = nameConstraints_dirname_x57 +excluded;dirName.58 = nameConstraints_dirname_x58 +excluded;dirName.59 = nameConstraints_dirname_x59 +excluded;dirName.60 = nameConstraints_dirname_x60 +excluded;dirName.61 = nameConstraints_dirname_x61 +excluded;dirName.62 = nameConstraints_dirname_x62 +excluded;dirName.63 = nameConstraints_dirname_x63 +excluded;dirName.64 = nameConstraints_dirname_x64 +excluded;dirName.65 = nameConstraints_dirname_x65 +excluded;dirName.66 = nameConstraints_dirname_x66 +excluded;dirName.67 = nameConstraints_dirname_x67 +excluded;dirName.68 = nameConstraints_dirname_x68 +excluded;dirName.69 = nameConstraints_dirname_x69 +excluded;dirName.70 = nameConstraints_dirname_x70 +excluded;dirName.71 = nameConstraints_dirname_x71 +excluded;dirName.72 = nameConstraints_dirname_x72 +excluded;dirName.73 = nameConstraints_dirname_x73 +excluded;dirName.74 = nameConstraints_dirname_x74 +excluded;dirName.75 = nameConstraints_dirname_x75 +excluded;dirName.76 = nameConstraints_dirname_x76 +excluded;dirName.77 = nameConstraints_dirname_x77 +excluded;dirName.78 = nameConstraints_dirname_x78 +excluded;dirName.79 = nameConstraints_dirname_x79 +excluded;dirName.80 = nameConstraints_dirname_x80 +excluded;dirName.81 = nameConstraints_dirname_x81 +excluded;dirName.82 = nameConstraints_dirname_x82 +excluded;dirName.83 = nameConstraints_dirname_x83 +excluded;dirName.84 = nameConstraints_dirname_x84 +excluded;dirName.85 = nameConstraints_dirname_x85 +excluded;dirName.86 = nameConstraints_dirname_x86 +excluded;dirName.87 = nameConstraints_dirname_x87 +excluded;dirName.88 = nameConstraints_dirname_x88 +excluded;dirName.89 = nameConstraints_dirname_x89 +excluded;dirName.90 = nameConstraints_dirname_x90 +excluded;dirName.91 = nameConstraints_dirname_x91 +excluded;dirName.92 = nameConstraints_dirname_x92 +excluded;dirName.93 = nameConstraints_dirname_x93 +excluded;dirName.94 = nameConstraints_dirname_x94 +excluded;dirName.95 = nameConstraints_dirname_x95 +excluded;dirName.96 = nameConstraints_dirname_x96 +excluded;dirName.97 = nameConstraints_dirname_x97 +excluded;dirName.98 = nameConstraints_dirname_x98 +excluded;dirName.99 = nameConstraints_dirname_x99 +excluded;dirName.100 = nameConstraints_dirname_x100 +excluded;dirName.101 = nameConstraints_dirname_x101 +excluded;dirName.102 = nameConstraints_dirname_x102 +excluded;dirName.103 = nameConstraints_dirname_x103 +excluded;dirName.104 = nameConstraints_dirname_x104 +excluded;dirName.105 = nameConstraints_dirname_x105 +excluded;dirName.106 = nameConstraints_dirname_x106 +excluded;dirName.107 = nameConstraints_dirname_x107 +excluded;dirName.108 = nameConstraints_dirname_x108 +excluded;dirName.109 = nameConstraints_dirname_x109 +excluded;dirName.110 = nameConstraints_dirname_x110 +excluded;dirName.111 = nameConstraints_dirname_x111 +excluded;dirName.112 = nameConstraints_dirname_x112 +excluded;dirName.113 = nameConstraints_dirname_x113 +excluded;dirName.114 = nameConstraints_dirname_x114 +excluded;dirName.115 = nameConstraints_dirname_x115 +excluded;dirName.116 = nameConstraints_dirname_x116 +excluded;dirName.117 = nameConstraints_dirname_x117 +excluded;dirName.118 = nameConstraints_dirname_x118 +excluded;dirName.119 = nameConstraints_dirname_x119 +excluded;dirName.120 = nameConstraints_dirname_x120 +excluded;dirName.121 = nameConstraints_dirname_x121 +excluded;dirName.122 = nameConstraints_dirname_x122 +excluded;dirName.123 = nameConstraints_dirname_x123 +excluded;dirName.124 = nameConstraints_dirname_x124 +excluded;dirName.125 = nameConstraints_dirname_x125 +excluded;dirName.126 = nameConstraints_dirname_x126 +excluded;dirName.127 = nameConstraints_dirname_x127 +excluded;dirName.128 = nameConstraints_dirname_x128 +excluded;dirName.129 = nameConstraints_dirname_x129 +excluded;dirName.130 = nameConstraints_dirname_x130 +excluded;dirName.131 = nameConstraints_dirname_x131 +excluded;dirName.132 = nameConstraints_dirname_x132 +excluded;dirName.133 = nameConstraints_dirname_x133 +excluded;dirName.134 = nameConstraints_dirname_x134 +excluded;dirName.135 = nameConstraints_dirname_x135 +excluded;dirName.136 = nameConstraints_dirname_x136 +excluded;dirName.137 = nameConstraints_dirname_x137 +excluded;dirName.138 = nameConstraints_dirname_x138 +excluded;dirName.139 = nameConstraints_dirname_x139 +excluded;dirName.140 = nameConstraints_dirname_x140 +excluded;dirName.141 = nameConstraints_dirname_x141 +excluded;dirName.142 = nameConstraints_dirname_x142 +excluded;dirName.143 = nameConstraints_dirname_x143 +excluded;dirName.144 = nameConstraints_dirname_x144 +excluded;dirName.145 = nameConstraints_dirname_x145 +excluded;dirName.146 = nameConstraints_dirname_x146 +excluded;dirName.147 = nameConstraints_dirname_x147 +excluded;dirName.148 = nameConstraints_dirname_x148 +excluded;dirName.149 = nameConstraints_dirname_x149 +excluded;dirName.150 = nameConstraints_dirname_x150 +excluded;dirName.151 = nameConstraints_dirname_x151 +excluded;dirName.152 = nameConstraints_dirname_x152 +excluded;dirName.153 = nameConstraints_dirname_x153 +excluded;dirName.154 = nameConstraints_dirname_x154 +excluded;dirName.155 = nameConstraints_dirname_x155 +excluded;dirName.156 = nameConstraints_dirname_x156 +excluded;dirName.157 = nameConstraints_dirname_x157 +excluded;dirName.158 = nameConstraints_dirname_x158 +excluded;dirName.159 = nameConstraints_dirname_x159 +excluded;dirName.160 = nameConstraints_dirname_x160 +excluded;dirName.161 = nameConstraints_dirname_x161 +excluded;dirName.162 = nameConstraints_dirname_x162 +excluded;dirName.163 = nameConstraints_dirname_x163 +excluded;dirName.164 = nameConstraints_dirname_x164 +excluded;dirName.165 = nameConstraints_dirname_x165 +excluded;dirName.166 = nameConstraints_dirname_x166 +excluded;dirName.167 = nameConstraints_dirname_x167 +excluded;dirName.168 = nameConstraints_dirname_x168 +excluded;dirName.169 = nameConstraints_dirname_x169 +excluded;dirName.170 = nameConstraints_dirname_x170 +permitted;DNS.1 = t0.test +permitted;DNS.2 = t1.test +permitted;DNS.3 = t2.test +permitted;DNS.4 = t3.test +permitted;DNS.5 = t4.test +permitted;DNS.6 = t5.test +permitted;DNS.7 = t6.test +permitted;DNS.8 = t7.test +permitted;DNS.9 = t8.test +permitted;DNS.10 = t9.test +permitted;DNS.11 = t10.test +permitted;DNS.12 = t11.test +permitted;DNS.13 = t12.test +permitted;DNS.14 = t13.test +permitted;DNS.15 = t14.test +permitted;DNS.16 = t15.test +permitted;DNS.17 = t16.test +permitted;DNS.18 = t17.test +permitted;DNS.19 = t18.test +permitted;DNS.20 = t19.test +permitted;DNS.21 = t20.test +permitted;DNS.22 = t21.test +permitted;DNS.23 = t22.test +permitted;DNS.24 = t23.test +permitted;DNS.25 = t24.test +permitted;DNS.26 = t25.test +permitted;DNS.27 = t26.test +permitted;DNS.28 = t27.test +permitted;DNS.29 = t28.test +permitted;DNS.30 = t29.test +permitted;DNS.31 = t30.test +permitted;DNS.32 = t31.test +permitted;DNS.33 = t32.test +permitted;DNS.34 = t33.test +permitted;DNS.35 = t34.test +permitted;DNS.36 = t35.test +permitted;DNS.37 = t36.test +permitted;DNS.38 = t37.test +permitted;DNS.39 = t38.test +permitted;DNS.40 = t39.test +permitted;DNS.41 = t40.test +permitted;DNS.42 = t41.test +permitted;DNS.43 = t42.test +permitted;DNS.44 = t43.test +permitted;DNS.45 = t44.test +permitted;DNS.46 = t45.test +permitted;DNS.47 = t46.test +permitted;DNS.48 = t47.test +permitted;DNS.49 = t48.test +permitted;DNS.50 = t49.test +permitted;DNS.51 = t50.test +permitted;DNS.52 = t51.test +permitted;DNS.53 = t52.test +permitted;DNS.54 = t53.test +permitted;DNS.55 = t54.test +permitted;DNS.56 = t55.test +permitted;DNS.57 = t56.test +permitted;DNS.58 = t57.test +permitted;DNS.59 = t58.test +permitted;DNS.60 = t59.test +permitted;DNS.61 = t60.test +permitted;DNS.62 = t61.test +permitted;DNS.63 = t62.test +permitted;DNS.64 = t63.test +permitted;DNS.65 = t64.test +permitted;DNS.66 = t65.test +permitted;DNS.67 = t66.test +permitted;DNS.68 = t67.test +permitted;DNS.69 = t68.test +permitted;DNS.70 = t69.test +permitted;DNS.71 = t70.test +permitted;DNS.72 = t71.test +permitted;DNS.73 = t72.test +permitted;DNS.74 = t73.test +permitted;DNS.75 = t74.test +permitted;DNS.76 = t75.test +permitted;DNS.77 = t76.test +permitted;DNS.78 = t77.test +permitted;DNS.79 = t78.test +permitted;DNS.80 = t79.test +permitted;DNS.81 = t80.test +permitted;DNS.82 = t81.test +permitted;DNS.83 = t82.test +permitted;DNS.84 = t83.test +permitted;DNS.85 = t84.test +permitted;DNS.86 = t85.test +permitted;DNS.87 = t86.test +permitted;DNS.88 = t87.test +permitted;DNS.89 = t88.test +permitted;DNS.90 = t89.test +permitted;DNS.91 = t90.test +permitted;DNS.92 = t91.test +permitted;DNS.93 = t92.test +permitted;DNS.94 = t93.test +permitted;DNS.95 = t94.test +permitted;DNS.96 = t95.test +permitted;DNS.97 = t96.test +permitted;DNS.98 = t97.test +permitted;DNS.99 = t98.test +permitted;DNS.100 = t99.test +permitted;DNS.101 = t100.test +permitted;DNS.102 = t101.test +permitted;DNS.103 = t102.test +permitted;DNS.104 = t103.test +permitted;DNS.105 = t104.test +permitted;DNS.106 = t105.test +permitted;DNS.107 = t106.test +permitted;DNS.108 = t107.test +permitted;DNS.109 = t108.test +permitted;DNS.110 = t109.test +permitted;DNS.111 = t110.test +permitted;DNS.112 = t111.test +permitted;DNS.113 = t112.test +permitted;DNS.114 = t113.test +permitted;DNS.115 = t114.test +permitted;DNS.116 = t115.test +permitted;DNS.117 = t116.test +permitted;DNS.118 = t117.test +permitted;DNS.119 = t118.test +permitted;DNS.120 = t119.test +permitted;DNS.121 = t120.test +permitted;DNS.122 = t121.test +permitted;DNS.123 = t122.test +permitted;DNS.124 = t123.test +permitted;DNS.125 = t124.test +permitted;DNS.126 = t125.test +permitted;DNS.127 = t126.test +permitted;DNS.128 = t127.test +permitted;DNS.129 = t128.test +permitted;DNS.130 = t129.test +permitted;DNS.131 = t130.test +permitted;DNS.132 = t131.test +permitted;DNS.133 = t132.test +permitted;DNS.134 = t133.test +permitted;DNS.135 = t134.test +permitted;DNS.136 = t135.test +permitted;DNS.137 = t136.test +permitted;DNS.138 = t137.test +permitted;DNS.139 = t138.test +permitted;DNS.140 = t139.test +permitted;DNS.141 = t140.test +permitted;DNS.142 = t141.test +permitted;DNS.143 = t142.test +permitted;DNS.144 = t143.test +permitted;DNS.145 = t144.test +permitted;DNS.146 = t145.test +permitted;DNS.147 = t146.test +permitted;DNS.148 = t147.test +permitted;DNS.149 = t148.test +permitted;DNS.150 = t149.test +permitted;DNS.151 = t150.test +permitted;DNS.152 = t151.test +permitted;DNS.153 = t152.test +permitted;DNS.154 = t153.test +permitted;DNS.155 = t154.test +permitted;DNS.156 = t155.test +permitted;DNS.157 = t156.test +permitted;DNS.158 = t157.test +permitted;DNS.159 = t158.test +permitted;DNS.160 = t159.test +permitted;DNS.161 = t160.test +permitted;DNS.162 = t161.test +permitted;DNS.163 = t162.test +permitted;DNS.164 = t163.test +permitted;DNS.165 = t164.test +permitted;DNS.166 = t165.test +permitted;DNS.167 = t166.test +permitted;DNS.168 = t167.test +permitted;DNS.169 = t168.test +permitted;DNS.170 = t169.test +permitted;DNS.171 = t170.test +permitted;DNS.172 = t171.test +permitted;IP.1 = 10.0.0.0/255.255.255.255 +permitted;IP.2 = 10.0.0.1/255.255.255.255 +permitted;IP.3 = 10.0.0.2/255.255.255.255 +permitted;IP.4 = 10.0.0.3/255.255.255.255 +permitted;IP.5 = 10.0.0.4/255.255.255.255 +permitted;IP.6 = 10.0.0.5/255.255.255.255 +permitted;IP.7 = 10.0.0.6/255.255.255.255 +permitted;IP.8 = 10.0.0.7/255.255.255.255 +permitted;IP.9 = 10.0.0.8/255.255.255.255 +permitted;IP.10 = 10.0.0.9/255.255.255.255 +permitted;IP.11 = 10.0.0.10/255.255.255.255 +permitted;IP.12 = 10.0.0.11/255.255.255.255 +permitted;IP.13 = 10.0.0.12/255.255.255.255 +permitted;IP.14 = 10.0.0.13/255.255.255.255 +permitted;IP.15 = 10.0.0.14/255.255.255.255 +permitted;IP.16 = 10.0.0.15/255.255.255.255 +permitted;IP.17 = 10.0.0.16/255.255.255.255 +permitted;IP.18 = 10.0.0.17/255.255.255.255 +permitted;IP.19 = 10.0.0.18/255.255.255.255 +permitted;IP.20 = 10.0.0.19/255.255.255.255 +permitted;IP.21 = 10.0.0.20/255.255.255.255 +permitted;IP.22 = 10.0.0.21/255.255.255.255 +permitted;IP.23 = 10.0.0.22/255.255.255.255 +permitted;IP.24 = 10.0.0.23/255.255.255.255 +permitted;IP.25 = 10.0.0.24/255.255.255.255 +permitted;IP.26 = 10.0.0.25/255.255.255.255 +permitted;IP.27 = 10.0.0.26/255.255.255.255 +permitted;IP.28 = 10.0.0.27/255.255.255.255 +permitted;IP.29 = 10.0.0.28/255.255.255.255 +permitted;IP.30 = 10.0.0.29/255.255.255.255 +permitted;IP.31 = 10.0.0.30/255.255.255.255 +permitted;IP.32 = 10.0.0.31/255.255.255.255 +permitted;IP.33 = 10.0.0.32/255.255.255.255 +permitted;IP.34 = 10.0.0.33/255.255.255.255 +permitted;IP.35 = 10.0.0.34/255.255.255.255 +permitted;IP.36 = 10.0.0.35/255.255.255.255 +permitted;IP.37 = 10.0.0.36/255.255.255.255 +permitted;IP.38 = 10.0.0.37/255.255.255.255 +permitted;IP.39 = 10.0.0.38/255.255.255.255 +permitted;IP.40 = 10.0.0.39/255.255.255.255 +permitted;IP.41 = 10.0.0.40/255.255.255.255 +permitted;IP.42 = 10.0.0.41/255.255.255.255 +permitted;IP.43 = 10.0.0.42/255.255.255.255 +permitted;IP.44 = 10.0.0.43/255.255.255.255 +permitted;IP.45 = 10.0.0.44/255.255.255.255 +permitted;IP.46 = 10.0.0.45/255.255.255.255 +permitted;IP.47 = 10.0.0.46/255.255.255.255 +permitted;IP.48 = 10.0.0.47/255.255.255.255 +permitted;IP.49 = 10.0.0.48/255.255.255.255 +permitted;IP.50 = 10.0.0.49/255.255.255.255 +permitted;IP.51 = 10.0.0.50/255.255.255.255 +permitted;IP.52 = 10.0.0.51/255.255.255.255 +permitted;IP.53 = 10.0.0.52/255.255.255.255 +permitted;IP.54 = 10.0.0.53/255.255.255.255 +permitted;IP.55 = 10.0.0.54/255.255.255.255 +permitted;IP.56 = 10.0.0.55/255.255.255.255 +permitted;IP.57 = 10.0.0.56/255.255.255.255 +permitted;IP.58 = 10.0.0.57/255.255.255.255 +permitted;IP.59 = 10.0.0.58/255.255.255.255 +permitted;IP.60 = 10.0.0.59/255.255.255.255 +permitted;IP.61 = 10.0.0.60/255.255.255.255 +permitted;IP.62 = 10.0.0.61/255.255.255.255 +permitted;IP.63 = 10.0.0.62/255.255.255.255 +permitted;IP.64 = 10.0.0.63/255.255.255.255 +permitted;IP.65 = 10.0.0.64/255.255.255.255 +permitted;IP.66 = 10.0.0.65/255.255.255.255 +permitted;IP.67 = 10.0.0.66/255.255.255.255 +permitted;IP.68 = 10.0.0.67/255.255.255.255 +permitted;IP.69 = 10.0.0.68/255.255.255.255 +permitted;IP.70 = 10.0.0.69/255.255.255.255 +permitted;IP.71 = 10.0.0.70/255.255.255.255 +permitted;IP.72 = 10.0.0.71/255.255.255.255 +permitted;IP.73 = 10.0.0.72/255.255.255.255 +permitted;IP.74 = 10.0.0.73/255.255.255.255 +permitted;IP.75 = 10.0.0.74/255.255.255.255 +permitted;IP.76 = 10.0.0.75/255.255.255.255 +permitted;IP.77 = 10.0.0.76/255.255.255.255 +permitted;IP.78 = 10.0.0.77/255.255.255.255 +permitted;IP.79 = 10.0.0.78/255.255.255.255 +permitted;IP.80 = 10.0.0.79/255.255.255.255 +permitted;IP.81 = 10.0.0.80/255.255.255.255 +permitted;IP.82 = 10.0.0.81/255.255.255.255 +permitted;IP.83 = 10.0.0.82/255.255.255.255 +permitted;IP.84 = 10.0.0.83/255.255.255.255 +permitted;IP.85 = 10.0.0.84/255.255.255.255 +permitted;IP.86 = 10.0.0.85/255.255.255.255 +permitted;IP.87 = 10.0.0.86/255.255.255.255 +permitted;IP.88 = 10.0.0.87/255.255.255.255 +permitted;IP.89 = 10.0.0.88/255.255.255.255 +permitted;IP.90 = 10.0.0.89/255.255.255.255 +permitted;IP.91 = 10.0.0.90/255.255.255.255 +permitted;IP.92 = 10.0.0.91/255.255.255.255 +permitted;IP.93 = 10.0.0.92/255.255.255.255 +permitted;IP.94 = 10.0.0.93/255.255.255.255 +permitted;IP.95 = 10.0.0.94/255.255.255.255 +permitted;IP.96 = 10.0.0.95/255.255.255.255 +permitted;IP.97 = 10.0.0.96/255.255.255.255 +permitted;IP.98 = 10.0.0.97/255.255.255.255 +permitted;IP.99 = 10.0.0.98/255.255.255.255 +permitted;IP.100 = 10.0.0.99/255.255.255.255 +permitted;IP.101 = 10.0.0.100/255.255.255.255 +permitted;IP.102 = 10.0.0.101/255.255.255.255 +permitted;IP.103 = 10.0.0.102/255.255.255.255 +permitted;IP.104 = 10.0.0.103/255.255.255.255 +permitted;IP.105 = 10.0.0.104/255.255.255.255 +permitted;IP.106 = 10.0.0.105/255.255.255.255 +permitted;IP.107 = 10.0.0.106/255.255.255.255 +permitted;IP.108 = 10.0.0.107/255.255.255.255 +permitted;IP.109 = 10.0.0.108/255.255.255.255 +permitted;IP.110 = 10.0.0.109/255.255.255.255 +permitted;IP.111 = 10.0.0.110/255.255.255.255 +permitted;IP.112 = 10.0.0.111/255.255.255.255 +permitted;IP.113 = 10.0.0.112/255.255.255.255 +permitted;IP.114 = 10.0.0.113/255.255.255.255 +permitted;IP.115 = 10.0.0.114/255.255.255.255 +permitted;IP.116 = 10.0.0.115/255.255.255.255 +permitted;IP.117 = 10.0.0.116/255.255.255.255 +permitted;IP.118 = 10.0.0.117/255.255.255.255 +permitted;IP.119 = 10.0.0.118/255.255.255.255 +permitted;IP.120 = 10.0.0.119/255.255.255.255 +permitted;IP.121 = 10.0.0.120/255.255.255.255 +permitted;IP.122 = 10.0.0.121/255.255.255.255 +permitted;IP.123 = 10.0.0.122/255.255.255.255 +permitted;IP.124 = 10.0.0.123/255.255.255.255 +permitted;IP.125 = 10.0.0.124/255.255.255.255 +permitted;IP.126 = 10.0.0.125/255.255.255.255 +permitted;IP.127 = 10.0.0.126/255.255.255.255 +permitted;IP.128 = 10.0.0.127/255.255.255.255 +permitted;IP.129 = 10.0.0.128/255.255.255.255 +permitted;IP.130 = 10.0.0.129/255.255.255.255 +permitted;IP.131 = 10.0.0.130/255.255.255.255 +permitted;IP.132 = 10.0.0.131/255.255.255.255 +permitted;IP.133 = 10.0.0.132/255.255.255.255 +permitted;IP.134 = 10.0.0.133/255.255.255.255 +permitted;IP.135 = 10.0.0.134/255.255.255.255 +permitted;IP.136 = 10.0.0.135/255.255.255.255 +permitted;IP.137 = 10.0.0.136/255.255.255.255 +permitted;IP.138 = 10.0.0.137/255.255.255.255 +permitted;IP.139 = 10.0.0.138/255.255.255.255 +permitted;IP.140 = 10.0.0.139/255.255.255.255 +permitted;IP.141 = 10.0.0.140/255.255.255.255 +permitted;IP.142 = 10.0.0.141/255.255.255.255 +permitted;IP.143 = 10.0.0.142/255.255.255.255 +permitted;IP.144 = 10.0.0.143/255.255.255.255 +permitted;IP.145 = 10.0.0.144/255.255.255.255 +permitted;IP.146 = 10.0.0.145/255.255.255.255 +permitted;IP.147 = 10.0.0.146/255.255.255.255 +permitted;IP.148 = 10.0.0.147/255.255.255.255 +permitted;IP.149 = 10.0.0.148/255.255.255.255 +permitted;IP.150 = 10.0.0.149/255.255.255.255 +permitted;IP.151 = 10.0.0.150/255.255.255.255 +permitted;IP.152 = 10.0.0.151/255.255.255.255 +permitted;IP.153 = 10.0.0.152/255.255.255.255 +permitted;IP.154 = 10.0.0.153/255.255.255.255 +permitted;IP.155 = 10.0.0.154/255.255.255.255 +permitted;IP.156 = 10.0.0.155/255.255.255.255 +permitted;IP.157 = 10.0.0.156/255.255.255.255 +permitted;IP.158 = 10.0.0.157/255.255.255.255 +permitted;IP.159 = 10.0.0.158/255.255.255.255 +permitted;IP.160 = 10.0.0.159/255.255.255.255 +permitted;IP.161 = 10.0.0.160/255.255.255.255 +permitted;IP.162 = 10.0.0.161/255.255.255.255 +permitted;IP.163 = 10.0.0.162/255.255.255.255 +permitted;IP.164 = 10.0.0.163/255.255.255.255 +permitted;IP.165 = 10.0.0.164/255.255.255.255 +permitted;IP.166 = 10.0.0.165/255.255.255.255 +permitted;IP.167 = 10.0.0.166/255.255.255.255 +permitted;IP.168 = 10.0.0.167/255.255.255.255 +permitted;IP.169 = 10.0.0.168/255.255.255.255 +permitted;IP.170 = 10.0.0.169/255.255.255.255 +permitted;IP.171 = 10.0.0.170/255.255.255.255 +permitted;dirName.1 = nameConstraints_dirname_p1 +permitted;dirName.2 = nameConstraints_dirname_p2 +permitted;dirName.3 = nameConstraints_dirname_p3 +permitted;dirName.4 = nameConstraints_dirname_p4 +permitted;dirName.5 = nameConstraints_dirname_p5 +permitted;dirName.6 = nameConstraints_dirname_p6 +permitted;dirName.7 = nameConstraints_dirname_p7 +permitted;dirName.8 = nameConstraints_dirname_p8 +permitted;dirName.9 = nameConstraints_dirname_p9 +permitted;dirName.10 = nameConstraints_dirname_p10 +permitted;dirName.11 = nameConstraints_dirname_p11 +permitted;dirName.12 = nameConstraints_dirname_p12 +permitted;dirName.13 = nameConstraints_dirname_p13 +permitted;dirName.14 = nameConstraints_dirname_p14 +permitted;dirName.15 = nameConstraints_dirname_p15 +permitted;dirName.16 = nameConstraints_dirname_p16 +permitted;dirName.17 = nameConstraints_dirname_p17 +permitted;dirName.18 = nameConstraints_dirname_p18 +permitted;dirName.19 = nameConstraints_dirname_p19 +permitted;dirName.20 = nameConstraints_dirname_p20 +permitted;dirName.21 = nameConstraints_dirname_p21 +permitted;dirName.22 = nameConstraints_dirname_p22 +permitted;dirName.23 = nameConstraints_dirname_p23 +permitted;dirName.24 = nameConstraints_dirname_p24 +permitted;dirName.25 = nameConstraints_dirname_p25 +permitted;dirName.26 = nameConstraints_dirname_p26 +permitted;dirName.27 = nameConstraints_dirname_p27 +permitted;dirName.28 = nameConstraints_dirname_p28 +permitted;dirName.29 = nameConstraints_dirname_p29 +permitted;dirName.30 = nameConstraints_dirname_p30 +permitted;dirName.31 = nameConstraints_dirname_p31 +permitted;dirName.32 = nameConstraints_dirname_p32 +permitted;dirName.33 = nameConstraints_dirname_p33 +permitted;dirName.34 = nameConstraints_dirname_p34 +permitted;dirName.35 = nameConstraints_dirname_p35 +permitted;dirName.36 = nameConstraints_dirname_p36 +permitted;dirName.37 = nameConstraints_dirname_p37 +permitted;dirName.38 = nameConstraints_dirname_p38 +permitted;dirName.39 = nameConstraints_dirname_p39 +permitted;dirName.40 = nameConstraints_dirname_p40 +permitted;dirName.41 = nameConstraints_dirname_p41 +permitted;dirName.42 = nameConstraints_dirname_p42 +permitted;dirName.43 = nameConstraints_dirname_p43 +permitted;dirName.44 = nameConstraints_dirname_p44 +permitted;dirName.45 = nameConstraints_dirname_p45 +permitted;dirName.46 = nameConstraints_dirname_p46 +permitted;dirName.47 = nameConstraints_dirname_p47 +permitted;dirName.48 = nameConstraints_dirname_p48 +permitted;dirName.49 = nameConstraints_dirname_p49 +permitted;dirName.50 = nameConstraints_dirname_p50 +permitted;dirName.51 = nameConstraints_dirname_p51 +permitted;dirName.52 = nameConstraints_dirname_p52 +permitted;dirName.53 = nameConstraints_dirname_p53 +permitted;dirName.54 = nameConstraints_dirname_p54 +permitted;dirName.55 = nameConstraints_dirname_p55 +permitted;dirName.56 = nameConstraints_dirname_p56 +permitted;dirName.57 = nameConstraints_dirname_p57 +permitted;dirName.58 = nameConstraints_dirname_p58 +permitted;dirName.59 = nameConstraints_dirname_p59 +permitted;dirName.60 = nameConstraints_dirname_p60 +permitted;dirName.61 = nameConstraints_dirname_p61 +permitted;dirName.62 = nameConstraints_dirname_p62 +permitted;dirName.63 = nameConstraints_dirname_p63 +permitted;dirName.64 = nameConstraints_dirname_p64 +permitted;dirName.65 = nameConstraints_dirname_p65 +permitted;dirName.66 = nameConstraints_dirname_p66 +permitted;dirName.67 = nameConstraints_dirname_p67 +permitted;dirName.68 = nameConstraints_dirname_p68 +permitted;dirName.69 = nameConstraints_dirname_p69 +permitted;dirName.70 = nameConstraints_dirname_p70 +permitted;dirName.71 = nameConstraints_dirname_p71 +permitted;dirName.72 = nameConstraints_dirname_p72 +permitted;dirName.73 = nameConstraints_dirname_p73 +permitted;dirName.74 = nameConstraints_dirname_p74 +permitted;dirName.75 = nameConstraints_dirname_p75 +permitted;dirName.76 = nameConstraints_dirname_p76 +permitted;dirName.77 = nameConstraints_dirname_p77 +permitted;dirName.78 = nameConstraints_dirname_p78 +permitted;dirName.79 = nameConstraints_dirname_p79 +permitted;dirName.80 = nameConstraints_dirname_p80 +permitted;dirName.81 = nameConstraints_dirname_p81 +permitted;dirName.82 = nameConstraints_dirname_p82 +permitted;dirName.83 = nameConstraints_dirname_p83 +permitted;dirName.84 = nameConstraints_dirname_p84 +permitted;dirName.85 = nameConstraints_dirname_p85 +permitted;dirName.86 = nameConstraints_dirname_p86 +permitted;dirName.87 = nameConstraints_dirname_p87 +permitted;dirName.88 = nameConstraints_dirname_p88 +permitted;dirName.89 = nameConstraints_dirname_p89 +permitted;dirName.90 = nameConstraints_dirname_p90 +permitted;dirName.91 = nameConstraints_dirname_p91 +permitted;dirName.92 = nameConstraints_dirname_p92 +permitted;dirName.93 = nameConstraints_dirname_p93 +permitted;dirName.94 = nameConstraints_dirname_p94 +permitted;dirName.95 = nameConstraints_dirname_p95 +permitted;dirName.96 = nameConstraints_dirname_p96 +permitted;dirName.97 = nameConstraints_dirname_p97 +permitted;dirName.98 = nameConstraints_dirname_p98 +permitted;dirName.99 = nameConstraints_dirname_p99 +permitted;dirName.100 = nameConstraints_dirname_p100 +permitted;dirName.101 = nameConstraints_dirname_p101 +permitted;dirName.102 = nameConstraints_dirname_p102 +permitted;dirName.103 = nameConstraints_dirname_p103 +permitted;dirName.104 = nameConstraints_dirname_p104 +permitted;dirName.105 = nameConstraints_dirname_p105 +permitted;dirName.106 = nameConstraints_dirname_p106 +permitted;dirName.107 = nameConstraints_dirname_p107 +permitted;dirName.108 = nameConstraints_dirname_p108 +permitted;dirName.109 = nameConstraints_dirname_p109 +permitted;dirName.110 = nameConstraints_dirname_p110 +permitted;dirName.111 = nameConstraints_dirname_p111 +permitted;dirName.112 = nameConstraints_dirname_p112 +permitted;dirName.113 = nameConstraints_dirname_p113 +permitted;dirName.114 = nameConstraints_dirname_p114 +permitted;dirName.115 = nameConstraints_dirname_p115 +permitted;dirName.116 = nameConstraints_dirname_p116 +permitted;dirName.117 = nameConstraints_dirname_p117 +permitted;dirName.118 = nameConstraints_dirname_p118 +permitted;dirName.119 = nameConstraints_dirname_p119 +permitted;dirName.120 = nameConstraints_dirname_p120 +permitted;dirName.121 = nameConstraints_dirname_p121 +permitted;dirName.122 = nameConstraints_dirname_p122 +permitted;dirName.123 = nameConstraints_dirname_p123 +permitted;dirName.124 = nameConstraints_dirname_p124 +permitted;dirName.125 = nameConstraints_dirname_p125 +permitted;dirName.126 = nameConstraints_dirname_p126 +permitted;dirName.127 = nameConstraints_dirname_p127 +permitted;dirName.128 = nameConstraints_dirname_p128 +permitted;dirName.129 = nameConstraints_dirname_p129 +permitted;dirName.130 = nameConstraints_dirname_p130 +permitted;dirName.131 = nameConstraints_dirname_p131 +permitted;dirName.132 = nameConstraints_dirname_p132 +permitted;dirName.133 = nameConstraints_dirname_p133 +permitted;dirName.134 = nameConstraints_dirname_p134 +permitted;dirName.135 = nameConstraints_dirname_p135 +permitted;dirName.136 = nameConstraints_dirname_p136 +permitted;dirName.137 = nameConstraints_dirname_p137 +permitted;dirName.138 = nameConstraints_dirname_p138 +permitted;dirName.139 = nameConstraints_dirname_p139 +permitted;dirName.140 = nameConstraints_dirname_p140 +permitted;dirName.141 = nameConstraints_dirname_p141 +permitted;dirName.142 = nameConstraints_dirname_p142 +permitted;dirName.143 = nameConstraints_dirname_p143 +permitted;dirName.144 = nameConstraints_dirname_p144 +permitted;dirName.145 = nameConstraints_dirname_p145 +permitted;dirName.146 = nameConstraints_dirname_p146 +permitted;dirName.147 = nameConstraints_dirname_p147 +permitted;dirName.148 = nameConstraints_dirname_p148 +permitted;dirName.149 = nameConstraints_dirname_p149 +permitted;dirName.150 = nameConstraints_dirname_p150 +permitted;dirName.151 = nameConstraints_dirname_p151 +permitted;dirName.152 = nameConstraints_dirname_p152 +permitted;dirName.153 = nameConstraints_dirname_p153 +permitted;dirName.154 = nameConstraints_dirname_p154 +permitted;dirName.155 = nameConstraints_dirname_p155 +permitted;dirName.156 = nameConstraints_dirname_p156 +permitted;dirName.157 = nameConstraints_dirname_p157 +permitted;dirName.158 = nameConstraints_dirname_p158 +permitted;dirName.159 = nameConstraints_dirname_p159 +permitted;dirName.160 = nameConstraints_dirname_p160 +permitted;dirName.161 = nameConstraints_dirname_p161 +permitted;dirName.162 = nameConstraints_dirname_p162 +permitted;dirName.163 = nameConstraints_dirname_p163 +permitted;dirName.164 = nameConstraints_dirname_p164 +permitted;dirName.165 = nameConstraints_dirname_p165 +permitted;dirName.166 = nameConstraints_dirname_p166 +permitted;dirName.167 = nameConstraints_dirname_p167 +permitted;dirName.168 = nameConstraints_dirname_p168 +permitted;dirName.169 = nameConstraints_dirname_p169 +permitted;dirName.170 = nameConstraints_dirname_p170 +permitted;dirName.171 = nameConstraints_dirname_p171 +permitted;dirName.172 = nameConstraints_dirname_p172 + +[nameConstraints_dirname_x1] +commonName = "x0 + +[nameConstraints_dirname_x2] +commonName = "x1 + +[nameConstraints_dirname_x3] +commonName = "x2 + +[nameConstraints_dirname_x4] +commonName = "x3 + +[nameConstraints_dirname_x5] +commonName = "x4 + +[nameConstraints_dirname_x6] +commonName = "x5 + +[nameConstraints_dirname_x7] +commonName = "x6 + +[nameConstraints_dirname_x8] +commonName = "x7 + +[nameConstraints_dirname_x9] +commonName = "x8 + +[nameConstraints_dirname_x10] +commonName = "x9 + +[nameConstraints_dirname_x11] +commonName = "x10 + +[nameConstraints_dirname_x12] +commonName = "x11 + +[nameConstraints_dirname_x13] +commonName = "x12 + +[nameConstraints_dirname_x14] +commonName = "x13 + +[nameConstraints_dirname_x15] +commonName = "x14 + +[nameConstraints_dirname_x16] +commonName = "x15 + +[nameConstraints_dirname_x17] +commonName = "x16 + +[nameConstraints_dirname_x18] +commonName = "x17 + +[nameConstraints_dirname_x19] +commonName = "x18 + +[nameConstraints_dirname_x20] +commonName = "x19 + +[nameConstraints_dirname_x21] +commonName = "x20 + +[nameConstraints_dirname_x22] +commonName = "x21 + +[nameConstraints_dirname_x23] +commonName = "x22 + +[nameConstraints_dirname_x24] +commonName = "x23 + +[nameConstraints_dirname_x25] +commonName = "x24 + +[nameConstraints_dirname_x26] +commonName = "x25 + +[nameConstraints_dirname_x27] +commonName = "x26 + +[nameConstraints_dirname_x28] +commonName = "x27 + +[nameConstraints_dirname_x29] +commonName = "x28 + +[nameConstraints_dirname_x30] +commonName = "x29 + +[nameConstraints_dirname_x31] +commonName = "x30 + +[nameConstraints_dirname_x32] +commonName = "x31 + +[nameConstraints_dirname_x33] +commonName = "x32 + +[nameConstraints_dirname_x34] +commonName = "x33 + +[nameConstraints_dirname_x35] +commonName = "x34 + +[nameConstraints_dirname_x36] +commonName = "x35 + +[nameConstraints_dirname_x37] +commonName = "x36 + +[nameConstraints_dirname_x38] +commonName = "x37 + +[nameConstraints_dirname_x39] +commonName = "x38 + +[nameConstraints_dirname_x40] +commonName = "x39 + +[nameConstraints_dirname_x41] +commonName = "x40 + +[nameConstraints_dirname_x42] +commonName = "x41 + +[nameConstraints_dirname_x43] +commonName = "x42 + +[nameConstraints_dirname_x44] +commonName = "x43 + +[nameConstraints_dirname_x45] +commonName = "x44 + +[nameConstraints_dirname_x46] +commonName = "x45 + +[nameConstraints_dirname_x47] +commonName = "x46 + +[nameConstraints_dirname_x48] +commonName = "x47 + +[nameConstraints_dirname_x49] +commonName = "x48 + +[nameConstraints_dirname_x50] +commonName = "x49 + +[nameConstraints_dirname_x51] +commonName = "x50 + +[nameConstraints_dirname_x52] +commonName = "x51 + +[nameConstraints_dirname_x53] +commonName = "x52 + +[nameConstraints_dirname_x54] +commonName = "x53 + +[nameConstraints_dirname_x55] +commonName = "x54 + +[nameConstraints_dirname_x56] +commonName = "x55 + +[nameConstraints_dirname_x57] +commonName = "x56 + +[nameConstraints_dirname_x58] +commonName = "x57 + +[nameConstraints_dirname_x59] +commonName = "x58 + +[nameConstraints_dirname_x60] +commonName = "x59 + +[nameConstraints_dirname_x61] +commonName = "x60 + +[nameConstraints_dirname_x62] +commonName = "x61 + +[nameConstraints_dirname_x63] +commonName = "x62 + +[nameConstraints_dirname_x64] +commonName = "x63 + +[nameConstraints_dirname_x65] +commonName = "x64 + +[nameConstraints_dirname_x66] +commonName = "x65 + +[nameConstraints_dirname_x67] +commonName = "x66 + +[nameConstraints_dirname_x68] +commonName = "x67 + +[nameConstraints_dirname_x69] +commonName = "x68 + +[nameConstraints_dirname_x70] +commonName = "x69 + +[nameConstraints_dirname_x71] +commonName = "x70 + +[nameConstraints_dirname_x72] +commonName = "x71 + +[nameConstraints_dirname_x73] +commonName = "x72 + +[nameConstraints_dirname_x74] +commonName = "x73 + +[nameConstraints_dirname_x75] +commonName = "x74 + +[nameConstraints_dirname_x76] +commonName = "x75 + +[nameConstraints_dirname_x77] +commonName = "x76 + +[nameConstraints_dirname_x78] +commonName = "x77 + +[nameConstraints_dirname_x79] +commonName = "x78 + +[nameConstraints_dirname_x80] +commonName = "x79 + +[nameConstraints_dirname_x81] +commonName = "x80 + +[nameConstraints_dirname_x82] +commonName = "x81 + +[nameConstraints_dirname_x83] +commonName = "x82 + +[nameConstraints_dirname_x84] +commonName = "x83 + +[nameConstraints_dirname_x85] +commonName = "x84 + +[nameConstraints_dirname_x86] +commonName = "x85 + +[nameConstraints_dirname_x87] +commonName = "x86 + +[nameConstraints_dirname_x88] +commonName = "x87 + +[nameConstraints_dirname_x89] +commonName = "x88 + +[nameConstraints_dirname_x90] +commonName = "x89 + +[nameConstraints_dirname_x91] +commonName = "x90 + +[nameConstraints_dirname_x92] +commonName = "x91 + +[nameConstraints_dirname_x93] +commonName = "x92 + +[nameConstraints_dirname_x94] +commonName = "x93 + +[nameConstraints_dirname_x95] +commonName = "x94 + +[nameConstraints_dirname_x96] +commonName = "x95 + +[nameConstraints_dirname_x97] +commonName = "x96 + +[nameConstraints_dirname_x98] +commonName = "x97 + +[nameConstraints_dirname_x99] +commonName = "x98 + +[nameConstraints_dirname_x100] +commonName = "x99 + +[nameConstraints_dirname_x101] +commonName = "x100 + +[nameConstraints_dirname_x102] +commonName = "x101 + +[nameConstraints_dirname_x103] +commonName = "x102 + +[nameConstraints_dirname_x104] +commonName = "x103 + +[nameConstraints_dirname_x105] +commonName = "x104 + +[nameConstraints_dirname_x106] +commonName = "x105 + +[nameConstraints_dirname_x107] +commonName = "x106 + +[nameConstraints_dirname_x108] +commonName = "x107 + +[nameConstraints_dirname_x109] +commonName = "x108 + +[nameConstraints_dirname_x110] +commonName = "x109 + +[nameConstraints_dirname_x111] +commonName = "x110 + +[nameConstraints_dirname_x112] +commonName = "x111 + +[nameConstraints_dirname_x113] +commonName = "x112 + +[nameConstraints_dirname_x114] +commonName = "x113 + +[nameConstraints_dirname_x115] +commonName = "x114 + +[nameConstraints_dirname_x116] +commonName = "x115 + +[nameConstraints_dirname_x117] +commonName = "x116 + +[nameConstraints_dirname_x118] +commonName = "x117 + +[nameConstraints_dirname_x119] +commonName = "x118 + +[nameConstraints_dirname_x120] +commonName = "x119 + +[nameConstraints_dirname_x121] +commonName = "x120 + +[nameConstraints_dirname_x122] +commonName = "x121 + +[nameConstraints_dirname_x123] +commonName = "x122 + +[nameConstraints_dirname_x124] +commonName = "x123 + +[nameConstraints_dirname_x125] +commonName = "x124 + +[nameConstraints_dirname_x126] +commonName = "x125 + +[nameConstraints_dirname_x127] +commonName = "x126 + +[nameConstraints_dirname_x128] +commonName = "x127 + +[nameConstraints_dirname_x129] +commonName = "x128 + +[nameConstraints_dirname_x130] +commonName = "x129 + +[nameConstraints_dirname_x131] +commonName = "x130 + +[nameConstraints_dirname_x132] +commonName = "x131 + +[nameConstraints_dirname_x133] +commonName = "x132 + +[nameConstraints_dirname_x134] +commonName = "x133 + +[nameConstraints_dirname_x135] +commonName = "x134 + +[nameConstraints_dirname_x136] +commonName = "x135 + +[nameConstraints_dirname_x137] +commonName = "x136 + +[nameConstraints_dirname_x138] +commonName = "x137 + +[nameConstraints_dirname_x139] +commonName = "x138 + +[nameConstraints_dirname_x140] +commonName = "x139 + +[nameConstraints_dirname_x141] +commonName = "x140 + +[nameConstraints_dirname_x142] +commonName = "x141 + +[nameConstraints_dirname_x143] +commonName = "x142 + +[nameConstraints_dirname_x144] +commonName = "x143 + +[nameConstraints_dirname_x145] +commonName = "x144 + +[nameConstraints_dirname_x146] +commonName = "x145 + +[nameConstraints_dirname_x147] +commonName = "x146 + +[nameConstraints_dirname_x148] +commonName = "x147 + +[nameConstraints_dirname_x149] +commonName = "x148 + +[nameConstraints_dirname_x150] +commonName = "x149 + +[nameConstraints_dirname_x151] +commonName = "x150 + +[nameConstraints_dirname_x152] +commonName = "x151 + +[nameConstraints_dirname_x153] +commonName = "x152 + +[nameConstraints_dirname_x154] +commonName = "x153 + +[nameConstraints_dirname_x155] +commonName = "x154 + +[nameConstraints_dirname_x156] +commonName = "x155 + +[nameConstraints_dirname_x157] +commonName = "x156 + +[nameConstraints_dirname_x158] +commonName = "x157 + +[nameConstraints_dirname_x159] +commonName = "x158 + +[nameConstraints_dirname_x160] +commonName = "x159 + +[nameConstraints_dirname_x161] +commonName = "x160 + +[nameConstraints_dirname_x162] +commonName = "x161 + +[nameConstraints_dirname_x163] +commonName = "x162 + +[nameConstraints_dirname_x164] +commonName = "x163 + +[nameConstraints_dirname_x165] +commonName = "x164 + +[nameConstraints_dirname_x166] +commonName = "x165 + +[nameConstraints_dirname_x167] +commonName = "x166 + +[nameConstraints_dirname_x168] +commonName = "x167 + +[nameConstraints_dirname_x169] +commonName = "x168 + +[nameConstraints_dirname_x170] +commonName = "x169 + +[nameConstraints_dirname_p1] +commonName = "t0 + +[nameConstraints_dirname_p2] +commonName = "t1 + +[nameConstraints_dirname_p3] +commonName = "t2 + +[nameConstraints_dirname_p4] +commonName = "t3 + +[nameConstraints_dirname_p5] +commonName = "t4 + +[nameConstraints_dirname_p6] +commonName = "t5 + +[nameConstraints_dirname_p7] +commonName = "t6 + +[nameConstraints_dirname_p8] +commonName = "t7 + +[nameConstraints_dirname_p9] +commonName = "t8 + +[nameConstraints_dirname_p10] +commonName = "t9 + +[nameConstraints_dirname_p11] +commonName = "t10 + +[nameConstraints_dirname_p12] +commonName = "t11 + +[nameConstraints_dirname_p13] +commonName = "t12 + +[nameConstraints_dirname_p14] +commonName = "t13 + +[nameConstraints_dirname_p15] +commonName = "t14 + +[nameConstraints_dirname_p16] +commonName = "t15 + +[nameConstraints_dirname_p17] +commonName = "t16 + +[nameConstraints_dirname_p18] +commonName = "t17 + +[nameConstraints_dirname_p19] +commonName = "t18 + +[nameConstraints_dirname_p20] +commonName = "t19 + +[nameConstraints_dirname_p21] +commonName = "t20 + +[nameConstraints_dirname_p22] +commonName = "t21 + +[nameConstraints_dirname_p23] +commonName = "t22 + +[nameConstraints_dirname_p24] +commonName = "t23 + +[nameConstraints_dirname_p25] +commonName = "t24 + +[nameConstraints_dirname_p26] +commonName = "t25 + +[nameConstraints_dirname_p27] +commonName = "t26 + +[nameConstraints_dirname_p28] +commonName = "t27 + +[nameConstraints_dirname_p29] +commonName = "t28 + +[nameConstraints_dirname_p30] +commonName = "t29 + +[nameConstraints_dirname_p31] +commonName = "t30 + +[nameConstraints_dirname_p32] +commonName = "t31 + +[nameConstraints_dirname_p33] +commonName = "t32 + +[nameConstraints_dirname_p34] +commonName = "t33 + +[nameConstraints_dirname_p35] +commonName = "t34 + +[nameConstraints_dirname_p36] +commonName = "t35 + +[nameConstraints_dirname_p37] +commonName = "t36 + +[nameConstraints_dirname_p38] +commonName = "t37 + +[nameConstraints_dirname_p39] +commonName = "t38 + +[nameConstraints_dirname_p40] +commonName = "t39 + +[nameConstraints_dirname_p41] +commonName = "t40 + +[nameConstraints_dirname_p42] +commonName = "t41 + +[nameConstraints_dirname_p43] +commonName = "t42 + +[nameConstraints_dirname_p44] +commonName = "t43 + +[nameConstraints_dirname_p45] +commonName = "t44 + +[nameConstraints_dirname_p46] +commonName = "t45 + +[nameConstraints_dirname_p47] +commonName = "t46 + +[nameConstraints_dirname_p48] +commonName = "t47 + +[nameConstraints_dirname_p49] +commonName = "t48 + +[nameConstraints_dirname_p50] +commonName = "t49 + +[nameConstraints_dirname_p51] +commonName = "t50 + +[nameConstraints_dirname_p52] +commonName = "t51 + +[nameConstraints_dirname_p53] +commonName = "t52 + +[nameConstraints_dirname_p54] +commonName = "t53 + +[nameConstraints_dirname_p55] +commonName = "t54 + +[nameConstraints_dirname_p56] +commonName = "t55 + +[nameConstraints_dirname_p57] +commonName = "t56 + +[nameConstraints_dirname_p58] +commonName = "t57 + +[nameConstraints_dirname_p59] +commonName = "t58 + +[nameConstraints_dirname_p60] +commonName = "t59 + +[nameConstraints_dirname_p61] +commonName = "t60 + +[nameConstraints_dirname_p62] +commonName = "t61 + +[nameConstraints_dirname_p63] +commonName = "t62 + +[nameConstraints_dirname_p64] +commonName = "t63 + +[nameConstraints_dirname_p65] +commonName = "t64 + +[nameConstraints_dirname_p66] +commonName = "t65 + +[nameConstraints_dirname_p67] +commonName = "t66 + +[nameConstraints_dirname_p68] +commonName = "t67 + +[nameConstraints_dirname_p69] +commonName = "t68 + +[nameConstraints_dirname_p70] +commonName = "t69 + +[nameConstraints_dirname_p71] +commonName = "t70 + +[nameConstraints_dirname_p72] +commonName = "t71 + +[nameConstraints_dirname_p73] +commonName = "t72 + +[nameConstraints_dirname_p74] +commonName = "t73 + +[nameConstraints_dirname_p75] +commonName = "t74 + +[nameConstraints_dirname_p76] +commonName = "t75 + +[nameConstraints_dirname_p77] +commonName = "t76 + +[nameConstraints_dirname_p78] +commonName = "t77 + +[nameConstraints_dirname_p79] +commonName = "t78 + +[nameConstraints_dirname_p80] +commonName = "t79 + +[nameConstraints_dirname_p81] +commonName = "t80 + +[nameConstraints_dirname_p82] +commonName = "t81 + +[nameConstraints_dirname_p83] +commonName = "t82 + +[nameConstraints_dirname_p84] +commonName = "t83 + +[nameConstraints_dirname_p85] +commonName = "t84 + +[nameConstraints_dirname_p86] +commonName = "t85 + +[nameConstraints_dirname_p87] +commonName = "t86 + +[nameConstraints_dirname_p88] +commonName = "t87 + +[nameConstraints_dirname_p89] +commonName = "t88 + +[nameConstraints_dirname_p90] +commonName = "t89 + +[nameConstraints_dirname_p91] +commonName = "t90 + +[nameConstraints_dirname_p92] +commonName = "t91 + +[nameConstraints_dirname_p93] +commonName = "t92 + +[nameConstraints_dirname_p94] +commonName = "t93 + +[nameConstraints_dirname_p95] +commonName = "t94 + +[nameConstraints_dirname_p96] +commonName = "t95 + +[nameConstraints_dirname_p97] +commonName = "t96 + +[nameConstraints_dirname_p98] +commonName = "t97 + +[nameConstraints_dirname_p99] +commonName = "t98 + +[nameConstraints_dirname_p100] +commonName = "t99 + +[nameConstraints_dirname_p101] +commonName = "t100 + +[nameConstraints_dirname_p102] +commonName = "t101 + +[nameConstraints_dirname_p103] +commonName = "t102 + +[nameConstraints_dirname_p104] +commonName = "t103 + +[nameConstraints_dirname_p105] +commonName = "t104 + +[nameConstraints_dirname_p106] +commonName = "t105 + +[nameConstraints_dirname_p107] +commonName = "t106 + +[nameConstraints_dirname_p108] +commonName = "t107 + +[nameConstraints_dirname_p109] +commonName = "t108 + +[nameConstraints_dirname_p110] +commonName = "t109 + +[nameConstraints_dirname_p111] +commonName = "t110 + +[nameConstraints_dirname_p112] +commonName = "t111 + +[nameConstraints_dirname_p113] +commonName = "t112 + +[nameConstraints_dirname_p114] +commonName = "t113 + +[nameConstraints_dirname_p115] +commonName = "t114 + +[nameConstraints_dirname_p116] +commonName = "t115 + +[nameConstraints_dirname_p117] +commonName = "t116 + +[nameConstraints_dirname_p118] +commonName = "t117 + +[nameConstraints_dirname_p119] +commonName = "t118 + +[nameConstraints_dirname_p120] +commonName = "t119 + +[nameConstraints_dirname_p121] +commonName = "t120 + +[nameConstraints_dirname_p122] +commonName = "t121 + +[nameConstraints_dirname_p123] +commonName = "t122 + +[nameConstraints_dirname_p124] +commonName = "t123 + +[nameConstraints_dirname_p125] +commonName = "t124 + +[nameConstraints_dirname_p126] +commonName = "t125 + +[nameConstraints_dirname_p127] +commonName = "t126 + +[nameConstraints_dirname_p128] +commonName = "t127 + +[nameConstraints_dirname_p129] +commonName = "t128 + +[nameConstraints_dirname_p130] +commonName = "t129 + +[nameConstraints_dirname_p131] +commonName = "t130 + +[nameConstraints_dirname_p132] +commonName = "t131 + +[nameConstraints_dirname_p133] +commonName = "t132 + +[nameConstraints_dirname_p134] +commonName = "t133 + +[nameConstraints_dirname_p135] +commonName = "t134 + +[nameConstraints_dirname_p136] +commonName = "t135 + +[nameConstraints_dirname_p137] +commonName = "t136 + +[nameConstraints_dirname_p138] +commonName = "t137 + +[nameConstraints_dirname_p139] +commonName = "t138 + +[nameConstraints_dirname_p140] +commonName = "t139 + +[nameConstraints_dirname_p141] +commonName = "t140 + +[nameConstraints_dirname_p142] +commonName = "t141 + +[nameConstraints_dirname_p143] +commonName = "t142 + +[nameConstraints_dirname_p144] +commonName = "t143 + +[nameConstraints_dirname_p145] +commonName = "t144 + +[nameConstraints_dirname_p146] +commonName = "t145 + +[nameConstraints_dirname_p147] +commonName = "t146 + +[nameConstraints_dirname_p148] +commonName = "t147 + +[nameConstraints_dirname_p149] +commonName = "t148 + +[nameConstraints_dirname_p150] +commonName = "t149 + +[nameConstraints_dirname_p151] +commonName = "t150 + +[nameConstraints_dirname_p152] +commonName = "t151 + +[nameConstraints_dirname_p153] +commonName = "t152 + +[nameConstraints_dirname_p154] +commonName = "t153 + +[nameConstraints_dirname_p155] +commonName = "t154 + +[nameConstraints_dirname_p156] +commonName = "t155 + +[nameConstraints_dirname_p157] +commonName = "t156 + +[nameConstraints_dirname_p158] +commonName = "t157 + +[nameConstraints_dirname_p159] +commonName = "t158 + +[nameConstraints_dirname_p160] +commonName = "t159 + +[nameConstraints_dirname_p161] +commonName = "t160 + +[nameConstraints_dirname_p162] +commonName = "t161 + +[nameConstraints_dirname_p163] +commonName = "t162 + +[nameConstraints_dirname_p164] +commonName = "t163 + +[nameConstraints_dirname_p165] +commonName = "t164 + +[nameConstraints_dirname_p166] +commonName = "t165 + +[nameConstraints_dirname_p167] +commonName = "t166 + +[nameConstraints_dirname_p168] +commonName = "t167 + +[nameConstraints_dirname_p169] +commonName = "t168 + +[nameConstraints_dirname_p170] +commonName = "t169 + +[nameConstraints_dirname_p171] +commonName = "t170 + +[nameConstraints_dirname_p172] +commonName = "t171 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.csr new file mode 100644 index 0000000000..1c1920cd59 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.csr @@ -0,0 +1,336 @@ +-----BEGIN CERTIFICATE REQUEST----- +MII+fjCCPWYCAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoII8IDCC +PBwGCSqGSIb3DQEJDjGCPA0wgjwJMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCO8UGA1UdHgSC +O7wwgju4oIIeADAJggd0MC50ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0 +My50ZXN0MAmCB3Q0LnRlc3QwCYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRl +c3QwCYIHdDgudGVzdDAJggd0OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0 +MAqCCHQxMi50ZXN0MAqCCHQxMy50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0 +MAqCCHQxNi50ZXN0MAqCCHQxNy50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0 +MAqCCHQyMC50ZXN0MAqCCHQyMS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0 +MAqCCHQyNC50ZXN0MAqCCHQyNS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0 +MAqCCHQyOC50ZXN0MAqCCHQyOS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0 +MAqCCHQzMi50ZXN0MAqCCHQzMy50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0 +MAqCCHQzNi50ZXN0MAqCCHQzNy50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0 +MAqCCHQ0MC50ZXN0MAqCCHQ0MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0 +MAqCCHQ0NC50ZXN0MAqCCHQ0NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0 +MAqCCHQ0OC50ZXN0MAqCCHQ0OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0 +MAqCCHQ1Mi50ZXN0MAqCCHQ1My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0 +MAqCCHQ1Ni50ZXN0MAqCCHQ1Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0 +MAqCCHQ2MC50ZXN0MAqCCHQ2MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0 +MAqCCHQ2NC50ZXN0MAqCCHQ2NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0 +MAqCCHQ2OC50ZXN0MAqCCHQ2OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0 +MAqCCHQ3Mi50ZXN0MAqCCHQ3My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0 +MAqCCHQ3Ni50ZXN0MAqCCHQ3Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0 +MAqCCHQ4MC50ZXN0MAqCCHQ4MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0 +MAqCCHQ4NC50ZXN0MAqCCHQ4NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0 +MAqCCHQ4OC50ZXN0MAqCCHQ4OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0 +MAqCCHQ5Mi50ZXN0MAqCCHQ5My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0 +MAqCCHQ5Ni50ZXN0MAqCCHQ5Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0 +MAuCCXQxMDAudGVzdDALggl0MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMu +dGVzdDALggl0MTA0LnRlc3QwC4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0 +MTA3LnRlc3QwC4IJdDEwOC50ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3Qw +C4IJdDExMS50ZXN0MAuCCXQxMTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50 +ZXN0MAuCCXQxMTUudGVzdDALggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQx +MTgudGVzdDALggl0MTE5LnRlc3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDAL +ggl0MTIyLnRlc3QwC4IJdDEyMy50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRl +c3QwC4IJdDEyNi50ZXN0MAuCCXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEy +OS50ZXN0MAuCCXQxMzAudGVzdDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuC +CXQxMzMudGVzdDALggl0MTM0LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVz +dDALggl0MTM3LnRlc3QwC4IJdDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQw +LnRlc3QwC4IJdDE0MS50ZXN0MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJ +dDE0NC50ZXN0MAuCCXQxNDUudGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0 +MAuCCXQxNDgudGVzdDALggl0MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEu +dGVzdDALggl0MTUyLnRlc3QwC4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0 +MTU1LnRlc3QwC4IJdDE1Ni50ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3Qw +C4IJdDE1OS50ZXN0MAuCCXQxNjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50 +ZXN0MAuCCXQxNjMudGVzdDALggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQx +NjYudGVzdDALggl0MTY3LnRlc3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDAL +ggl0MTcwLnRlc3QwC4IJdDE3MS50ZXN0MAqHCAoAAAD/////MAqHCAoAAAH///// +MAqHCAoAAAL/////MAqHCAoAAAP/////MAqHCAoAAAT/////MAqHCAoAAAX///// +MAqHCAoAAAb/////MAqHCAoAAAf/////MAqHCAoAAAj/////MAqHCAoAAAn///// +MAqHCAoAAAr/////MAqHCAoAAAv/////MAqHCAoAAAz/////MAqHCAoAAA3///// +MAqHCAoAAA7/////MAqHCAoAAA//////MAqHCAoAABD/////MAqHCAoAABH///// +MAqHCAoAABL/////MAqHCAoAABP/////MAqHCAoAABT/////MAqHCAoAABX///// +MAqHCAoAABb/////MAqHCAoAABf/////MAqHCAoAABj/////MAqHCAoAABn///// +MAqHCAoAABr/////MAqHCAoAABv/////MAqHCAoAABz/////MAqHCAoAAB3///// +MAqHCAoAAB7/////MAqHCAoAAB//////MAqHCAoAACD/////MAqHCAoAACH///// +MAqHCAoAACL/////MAqHCAoAACP/////MAqHCAoAACT/////MAqHCAoAACX///// +MAqHCAoAACb/////MAqHCAoAACf/////MAqHCAoAACj/////MAqHCAoAACn///// +MAqHCAoAACr/////MAqHCAoAACv/////MAqHCAoAACz/////MAqHCAoAAC3///// +MAqHCAoAAC7/////MAqHCAoAAC//////MAqHCAoAADD/////MAqHCAoAADH///// +MAqHCAoAADL/////MAqHCAoAADP/////MAqHCAoAADT/////MAqHCAoAADX///// +MAqHCAoAADb/////MAqHCAoAADf/////MAqHCAoAADj/////MAqHCAoAADn///// +MAqHCAoAADr/////MAqHCAoAADv/////MAqHCAoAADz/////MAqHCAoAAD3///// +MAqHCAoAAD7/////MAqHCAoAAD//////MAqHCAoAAED/////MAqHCAoAAEH///// +MAqHCAoAAEL/////MAqHCAoAAEP/////MAqHCAoAAET/////MAqHCAoAAEX///// +MAqHCAoAAEb/////MAqHCAoAAEf/////MAqHCAoAAEj/////MAqHCAoAAEn///// +MAqHCAoAAEr/////MAqHCAoAAEv/////MAqHCAoAAEz/////MAqHCAoAAE3///// +MAqHCAoAAE7/////MAqHCAoAAE//////MAqHCAoAAFD/////MAqHCAoAAFH///// +MAqHCAoAAFL/////MAqHCAoAAFP/////MAqHCAoAAFT/////MAqHCAoAAFX///// +MAqHCAoAAFb/////MAqHCAoAAFf/////MAqHCAoAAFj/////MAqHCAoAAFn///// +MAqHCAoAAFr/////MAqHCAoAAFv/////MAqHCAoAAFz/////MAqHCAoAAF3///// +MAqHCAoAAF7/////MAqHCAoAAF//////MAqHCAoAAGD/////MAqHCAoAAGH///// +MAqHCAoAAGL/////MAqHCAoAAGP/////MAqHCAoAAGT/////MAqHCAoAAGX///// +MAqHCAoAAGb/////MAqHCAoAAGf/////MAqHCAoAAGj/////MAqHCAoAAGn///// +MAqHCAoAAGr/////MAqHCAoAAGv/////MAqHCAoAAGz/////MAqHCAoAAG3///// +MAqHCAoAAG7/////MAqHCAoAAG//////MAqHCAoAAHD/////MAqHCAoAAHH///// +MAqHCAoAAHL/////MAqHCAoAAHP/////MAqHCAoAAHT/////MAqHCAoAAHX///// +MAqHCAoAAHb/////MAqHCAoAAHf/////MAqHCAoAAHj/////MAqHCAoAAHn///// +MAqHCAoAAHr/////MAqHCAoAAHv/////MAqHCAoAAHz/////MAqHCAoAAH3///// +MAqHCAoAAH7/////MAqHCAoAAH//////MAqHCAoAAID/////MAqHCAoAAIH///// +MAqHCAoAAIL/////MAqHCAoAAIP/////MAqHCAoAAIT/////MAqHCAoAAIX///// +MAqHCAoAAIb/////MAqHCAoAAIf/////MAqHCAoAAIj/////MAqHCAoAAIn///// +MAqHCAoAAIr/////MAqHCAoAAIv/////MAqHCAoAAIz/////MAqHCAoAAI3///// +MAqHCAoAAI7/////MAqHCAoAAI//////MAqHCAoAAJD/////MAqHCAoAAJH///// +MAqHCAoAAJL/////MAqHCAoAAJP/////MAqHCAoAAJT/////MAqHCAoAAJX///// +MAqHCAoAAJb/////MAqHCAoAAJf/////MAqHCAoAAJj/////MAqHCAoAAJn///// +MAqHCAoAAJr/////MAqHCAoAAJv/////MAqHCAoAAJz/////MAqHCAoAAJ3///// +MAqHCAoAAJ7/////MAqHCAoAAJ//////MAqHCAoAAKD/////MAqHCAoAAKH///// +MAqHCAoAAKL/////MAqHCAoAAKP/////MAqHCAoAAKT/////MAqHCAoAAKX///// +MAqHCAoAAKb/////MAqHCAoAAKf/////MAqHCAoAAKj/////MAqHCAoAAKn///// +MAqHCAoAAKr/////MBGkDzANMQswCQYDVQQDDAJ0MDARpA8wDTELMAkGA1UEAwwC +dDEwEaQPMA0xCzAJBgNVBAMMAnQyMBGkDzANMQswCQYDVQQDDAJ0MzARpA8wDTEL +MAkGA1UEAwwCdDQwEaQPMA0xCzAJBgNVBAMMAnQ1MBGkDzANMQswCQYDVQQDDAJ0 +NjARpA8wDTELMAkGA1UEAwwCdDcwEaQPMA0xCzAJBgNVBAMMAnQ4MBGkDzANMQsw +CQYDVQQDDAJ0OTASpBAwDjEMMAoGA1UEAwwDdDEwMBKkEDAOMQwwCgYDVQQDDAN0 +MTEwEqQQMA4xDDAKBgNVBAMMA3QxMjASpBAwDjEMMAoGA1UEAwwDdDEzMBKkEDAO +MQwwCgYDVQQDDAN0MTQwEqQQMA4xDDAKBgNVBAMMA3QxNTASpBAwDjEMMAoGA1UE +AwwDdDE2MBKkEDAOMQwwCgYDVQQDDAN0MTcwEqQQMA4xDDAKBgNVBAMMA3QxODAS +pBAwDjEMMAoGA1UEAwwDdDE5MBKkEDAOMQwwCgYDVQQDDAN0MjAwEqQQMA4xDDAK +BgNVBAMMA3QyMTASpBAwDjEMMAoGA1UEAwwDdDIyMBKkEDAOMQwwCgYDVQQDDAN0 +MjMwEqQQMA4xDDAKBgNVBAMMA3QyNDASpBAwDjEMMAoGA1UEAwwDdDI1MBKkEDAO +MQwwCgYDVQQDDAN0MjYwEqQQMA4xDDAKBgNVBAMMA3QyNzASpBAwDjEMMAoGA1UE +AwwDdDI4MBKkEDAOMQwwCgYDVQQDDAN0MjkwEqQQMA4xDDAKBgNVBAMMA3QzMDAS +pBAwDjEMMAoGA1UEAwwDdDMxMBKkEDAOMQwwCgYDVQQDDAN0MzIwEqQQMA4xDDAK +BgNVBAMMA3QzMzASpBAwDjEMMAoGA1UEAwwDdDM0MBKkEDAOMQwwCgYDVQQDDAN0 +MzUwEqQQMA4xDDAKBgNVBAMMA3QzNjASpBAwDjEMMAoGA1UEAwwDdDM3MBKkEDAO +MQwwCgYDVQQDDAN0MzgwEqQQMA4xDDAKBgNVBAMMA3QzOTASpBAwDjEMMAoGA1UE +AwwDdDQwMBKkEDAOMQwwCgYDVQQDDAN0NDEwEqQQMA4xDDAKBgNVBAMMA3Q0MjAS +pBAwDjEMMAoGA1UEAwwDdDQzMBKkEDAOMQwwCgYDVQQDDAN0NDQwEqQQMA4xDDAK +BgNVBAMMA3Q0NTASpBAwDjEMMAoGA1UEAwwDdDQ2MBKkEDAOMQwwCgYDVQQDDAN0 +NDcwEqQQMA4xDDAKBgNVBAMMA3Q0ODASpBAwDjEMMAoGA1UEAwwDdDQ5MBKkEDAO +MQwwCgYDVQQDDAN0NTAwEqQQMA4xDDAKBgNVBAMMA3Q1MTASpBAwDjEMMAoGA1UE +AwwDdDUyMBKkEDAOMQwwCgYDVQQDDAN0NTMwEqQQMA4xDDAKBgNVBAMMA3Q1NDAS +pBAwDjEMMAoGA1UEAwwDdDU1MBKkEDAOMQwwCgYDVQQDDAN0NTYwEqQQMA4xDDAK +BgNVBAMMA3Q1NzASpBAwDjEMMAoGA1UEAwwDdDU4MBKkEDAOMQwwCgYDVQQDDAN0 +NTkwEqQQMA4xDDAKBgNVBAMMA3Q2MDASpBAwDjEMMAoGA1UEAwwDdDYxMBKkEDAO +MQwwCgYDVQQDDAN0NjIwEqQQMA4xDDAKBgNVBAMMA3Q2MzASpBAwDjEMMAoGA1UE +AwwDdDY0MBKkEDAOMQwwCgYDVQQDDAN0NjUwEqQQMA4xDDAKBgNVBAMMA3Q2NjAS +pBAwDjEMMAoGA1UEAwwDdDY3MBKkEDAOMQwwCgYDVQQDDAN0NjgwEqQQMA4xDDAK +BgNVBAMMA3Q2OTASpBAwDjEMMAoGA1UEAwwDdDcwMBKkEDAOMQwwCgYDVQQDDAN0 +NzEwEqQQMA4xDDAKBgNVBAMMA3Q3MjASpBAwDjEMMAoGA1UEAwwDdDczMBKkEDAO +MQwwCgYDVQQDDAN0NzQwEqQQMA4xDDAKBgNVBAMMA3Q3NTASpBAwDjEMMAoGA1UE +AwwDdDc2MBKkEDAOMQwwCgYDVQQDDAN0NzcwEqQQMA4xDDAKBgNVBAMMA3Q3ODAS +pBAwDjEMMAoGA1UEAwwDdDc5MBKkEDAOMQwwCgYDVQQDDAN0ODAwEqQQMA4xDDAK +BgNVBAMMA3Q4MTASpBAwDjEMMAoGA1UEAwwDdDgyMBKkEDAOMQwwCgYDVQQDDAN0 +ODMwEqQQMA4xDDAKBgNVBAMMA3Q4NDASpBAwDjEMMAoGA1UEAwwDdDg1MBKkEDAO +MQwwCgYDVQQDDAN0ODYwEqQQMA4xDDAKBgNVBAMMA3Q4NzASpBAwDjEMMAoGA1UE +AwwDdDg4MBKkEDAOMQwwCgYDVQQDDAN0ODkwEqQQMA4xDDAKBgNVBAMMA3Q5MDAS +pBAwDjEMMAoGA1UEAwwDdDkxMBKkEDAOMQwwCgYDVQQDDAN0OTIwEqQQMA4xDDAK +BgNVBAMMA3Q5MzASpBAwDjEMMAoGA1UEAwwDdDk0MBKkEDAOMQwwCgYDVQQDDAN0 +OTUwEqQQMA4xDDAKBgNVBAMMA3Q5NjASpBAwDjEMMAoGA1UEAwwDdDk3MBKkEDAO +MQwwCgYDVQQDDAN0OTgwEqQQMA4xDDAKBgNVBAMMA3Q5OTATpBEwDzENMAsGA1UE +AwwEdDEwMDATpBEwDzENMAsGA1UEAwwEdDEwMTATpBEwDzENMAsGA1UEAwwEdDEw +MjATpBEwDzENMAsGA1UEAwwEdDEwMzATpBEwDzENMAsGA1UEAwwEdDEwNDATpBEw +DzENMAsGA1UEAwwEdDEwNTATpBEwDzENMAsGA1UEAwwEdDEwNjATpBEwDzENMAsG +A1UEAwwEdDEwNzATpBEwDzENMAsGA1UEAwwEdDEwODATpBEwDzENMAsGA1UEAwwE +dDEwOTATpBEwDzENMAsGA1UEAwwEdDExMDATpBEwDzENMAsGA1UEAwwEdDExMTAT +pBEwDzENMAsGA1UEAwwEdDExMjATpBEwDzENMAsGA1UEAwwEdDExMzATpBEwDzEN +MAsGA1UEAwwEdDExNDATpBEwDzENMAsGA1UEAwwEdDExNTATpBEwDzENMAsGA1UE +AwwEdDExNjATpBEwDzENMAsGA1UEAwwEdDExNzATpBEwDzENMAsGA1UEAwwEdDEx +ODATpBEwDzENMAsGA1UEAwwEdDExOTATpBEwDzENMAsGA1UEAwwEdDEyMDATpBEw +DzENMAsGA1UEAwwEdDEyMTATpBEwDzENMAsGA1UEAwwEdDEyMjATpBEwDzENMAsG +A1UEAwwEdDEyMzATpBEwDzENMAsGA1UEAwwEdDEyNDATpBEwDzENMAsGA1UEAwwE +dDEyNTATpBEwDzENMAsGA1UEAwwEdDEyNjATpBEwDzENMAsGA1UEAwwEdDEyNzAT +pBEwDzENMAsGA1UEAwwEdDEyODATpBEwDzENMAsGA1UEAwwEdDEyOTATpBEwDzEN +MAsGA1UEAwwEdDEzMDATpBEwDzENMAsGA1UEAwwEdDEzMTATpBEwDzENMAsGA1UE +AwwEdDEzMjATpBEwDzENMAsGA1UEAwwEdDEzMzATpBEwDzENMAsGA1UEAwwEdDEz +NDATpBEwDzENMAsGA1UEAwwEdDEzNTATpBEwDzENMAsGA1UEAwwEdDEzNjATpBEw +DzENMAsGA1UEAwwEdDEzNzATpBEwDzENMAsGA1UEAwwEdDEzODATpBEwDzENMAsG +A1UEAwwEdDEzOTATpBEwDzENMAsGA1UEAwwEdDE0MDATpBEwDzENMAsGA1UEAwwE +dDE0MTATpBEwDzENMAsGA1UEAwwEdDE0MjATpBEwDzENMAsGA1UEAwwEdDE0MzAT +pBEwDzENMAsGA1UEAwwEdDE0NDATpBEwDzENMAsGA1UEAwwEdDE0NTATpBEwDzEN +MAsGA1UEAwwEdDE0NjATpBEwDzENMAsGA1UEAwwEdDE0NzATpBEwDzENMAsGA1UE +AwwEdDE0ODATpBEwDzENMAsGA1UEAwwEdDE0OTATpBEwDzENMAsGA1UEAwwEdDE1 +MDATpBEwDzENMAsGA1UEAwwEdDE1MTATpBEwDzENMAsGA1UEAwwEdDE1MjATpBEw +DzENMAsGA1UEAwwEdDE1MzATpBEwDzENMAsGA1UEAwwEdDE1NDATpBEwDzENMAsG +A1UEAwwEdDE1NTATpBEwDzENMAsGA1UEAwwEdDE1NjATpBEwDzENMAsGA1UEAwwE +dDE1NzATpBEwDzENMAsGA1UEAwwEdDE1ODATpBEwDzENMAsGA1UEAwwEdDE1OTAT +pBEwDzENMAsGA1UEAwwEdDE2MDATpBEwDzENMAsGA1UEAwwEdDE2MTATpBEwDzEN +MAsGA1UEAwwEdDE2MjATpBEwDzENMAsGA1UEAwwEdDE2MzATpBEwDzENMAsGA1UE +AwwEdDE2NDATpBEwDzENMAsGA1UEAwwEdDE2NTATpBEwDzENMAsGA1UEAwwEdDE2 +NjATpBEwDzENMAsGA1UEAwwEdDE2NzATpBEwDzENMAsGA1UEAwwEdDE2ODATpBEw +DzENMAsGA1UEAwwEdDE2OTATpBEwDzENMAsGA1UEAwwEdDE3MDATpBEwDzENMAsG +A1UEAwwEdDE3MaGCHbAwCYIHeDAudGVzdDAJggd4MS50ZXN0MAmCB3gyLnRlc3Qw +CYIHeDMudGVzdDAJggd4NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYudGVzdDAJggd4 +Ny50ZXN0MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAKggh4MTAudGVzdDAKggh4MTEu +dGVzdDAKggh4MTIudGVzdDAKggh4MTMudGVzdDAKggh4MTQudGVzdDAKggh4MTUu +dGVzdDAKggh4MTYudGVzdDAKggh4MTcudGVzdDAKggh4MTgudGVzdDAKggh4MTku +dGVzdDAKggh4MjAudGVzdDAKggh4MjEudGVzdDAKggh4MjIudGVzdDAKggh4MjMu +dGVzdDAKggh4MjQudGVzdDAKggh4MjUudGVzdDAKggh4MjYudGVzdDAKggh4Mjcu +dGVzdDAKggh4MjgudGVzdDAKggh4MjkudGVzdDAKggh4MzAudGVzdDAKggh4MzEu +dGVzdDAKggh4MzIudGVzdDAKggh4MzMudGVzdDAKggh4MzQudGVzdDAKggh4MzUu +dGVzdDAKggh4MzYudGVzdDAKggh4MzcudGVzdDAKggh4MzgudGVzdDAKggh4Mzku +dGVzdDAKggh4NDAudGVzdDAKggh4NDEudGVzdDAKggh4NDIudGVzdDAKggh4NDMu +dGVzdDAKggh4NDQudGVzdDAKggh4NDUudGVzdDAKggh4NDYudGVzdDAKggh4NDcu +dGVzdDAKggh4NDgudGVzdDAKggh4NDkudGVzdDAKggh4NTAudGVzdDAKggh4NTEu +dGVzdDAKggh4NTIudGVzdDAKggh4NTMudGVzdDAKggh4NTQudGVzdDAKggh4NTUu +dGVzdDAKggh4NTYudGVzdDAKggh4NTcudGVzdDAKggh4NTgudGVzdDAKggh4NTku +dGVzdDAKggh4NjAudGVzdDAKggh4NjEudGVzdDAKggh4NjIudGVzdDAKggh4NjMu +dGVzdDAKggh4NjQudGVzdDAKggh4NjUudGVzdDAKggh4NjYudGVzdDAKggh4Njcu +dGVzdDAKggh4NjgudGVzdDAKggh4NjkudGVzdDAKggh4NzAudGVzdDAKggh4NzEu +dGVzdDAKggh4NzIudGVzdDAKggh4NzMudGVzdDAKggh4NzQudGVzdDAKggh4NzUu +dGVzdDAKggh4NzYudGVzdDAKggh4NzcudGVzdDAKggh4NzgudGVzdDAKggh4Nzku +dGVzdDAKggh4ODAudGVzdDAKggh4ODEudGVzdDAKggh4ODIudGVzdDAKggh4ODMu +dGVzdDAKggh4ODQudGVzdDAKggh4ODUudGVzdDAKggh4ODYudGVzdDAKggh4ODcu +dGVzdDAKggh4ODgudGVzdDAKggh4ODkudGVzdDAKggh4OTAudGVzdDAKggh4OTEu +dGVzdDAKggh4OTIudGVzdDAKggh4OTMudGVzdDAKggh4OTQudGVzdDAKggh4OTUu +dGVzdDAKggh4OTYudGVzdDAKggh4OTcudGVzdDAKggh4OTgudGVzdDAKggh4OTku +dGVzdDALggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIudGVzdDALggl4 +MTAzLnRlc3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUudGVzdDALggl4MTA2LnRlc3Qw +C4IJeDEwNy50ZXN0MAuCCXgxMDgudGVzdDALggl4MTA5LnRlc3QwC4IJeDExMC50 +ZXN0MAuCCXgxMTEudGVzdDALggl4MTEyLnRlc3QwC4IJeDExMy50ZXN0MAuCCXgx +MTQudGVzdDALggl4MTE1LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgxMTcudGVzdDAL +ggl4MTE4LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgxMjAudGVzdDALggl4MTIxLnRl +c3QwC4IJeDEyMi50ZXN0MAuCCXgxMjMudGVzdDALggl4MTI0LnRlc3QwC4IJeDEy +NS50ZXN0MAuCCXgxMjYudGVzdDALggl4MTI3LnRlc3QwC4IJeDEyOC50ZXN0MAuC +CXgxMjkudGVzdDALggl4MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuCCXgxMzIudGVz +dDALggl4MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuCCXgxMzUudGVzdDALggl4MTM2 +LnRlc3QwC4IJeDEzNy50ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5LnRlc3QwC4IJ +eDE0MC50ZXN0MAuCCXgxNDEudGVzdDALggl4MTQyLnRlc3QwC4IJeDE0My50ZXN0 +MAuCCXgxNDQudGVzdDALggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0MAuCCXgxNDcu +dGVzdDALggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAudGVzdDALggl4 +MTUxLnRlc3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4MTU0LnRlc3Qw +C4IJeDE1NS50ZXN0MAuCCXgxNTYudGVzdDALggl4MTU3LnRlc3QwC4IJeDE1OC50 +ZXN0MAuCCXgxNTkudGVzdDALggl4MTYwLnRlc3QwC4IJeDE2MS50ZXN0MAuCCXgx +NjIudGVzdDALggl4MTYzLnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgxNjUudGVzdDAL +ggl4MTY2LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgxNjgudGVzdDALggl4MTY5LnRl +c3QwCocICwAAAP////8wCocICwAAAf////8wCocICwAAAv////8wCocICwAAA/// +//8wCocICwAABP////8wCocICwAABf////8wCocICwAABv////8wCocICwAAB/// +//8wCocICwAACP////8wCocICwAACf////8wCocICwAACv////8wCocICwAAC/// +//8wCocICwAADP////8wCocICwAADf////8wCocICwAADv////8wCocICwAAD/// +//8wCocICwAAEP////8wCocICwAAEf////8wCocICwAAEv////8wCocICwAAE/// +//8wCocICwAAFP////8wCocICwAAFf////8wCocICwAAFv////8wCocICwAAF/// +//8wCocICwAAGP////8wCocICwAAGf////8wCocICwAAGv////8wCocICwAAG/// +//8wCocICwAAHP////8wCocICwAAHf////8wCocICwAAHv////8wCocICwAAH/// +//8wCocICwAAIP////8wCocICwAAIf////8wCocICwAAIv////8wCocICwAAI/// +//8wCocICwAAJP////8wCocICwAAJf////8wCocICwAAJv////8wCocICwAAJ/// +//8wCocICwAAKP////8wCocICwAAKf////8wCocICwAAKv////8wCocICwAAK/// +//8wCocICwAALP////8wCocICwAALf////8wCocICwAALv////8wCocICwAAL/// +//8wCocICwAAMP////8wCocICwAAMf////8wCocICwAAMv////8wCocICwAAM/// +//8wCocICwAANP////8wCocICwAANf////8wCocICwAANv////8wCocICwAAN/// +//8wCocICwAAOP////8wCocICwAAOf////8wCocICwAAOv////8wCocICwAAO/// +//8wCocICwAAPP////8wCocICwAAPf////8wCocICwAAPv////8wCocICwAAP/// +//8wCocICwAAQP////8wCocICwAAQf////8wCocICwAAQv////8wCocICwAAQ/// +//8wCocICwAARP////8wCocICwAARf////8wCocICwAARv////8wCocICwAAR/// +//8wCocICwAASP////8wCocICwAASf////8wCocICwAASv////8wCocICwAAS/// +//8wCocICwAATP////8wCocICwAATf////8wCocICwAATv////8wCocICwAAT/// +//8wCocICwAAUP////8wCocICwAAUf////8wCocICwAAUv////8wCocICwAAU/// +//8wCocICwAAVP////8wCocICwAAVf////8wCocICwAAVv////8wCocICwAAV/// +//8wCocICwAAWP////8wCocICwAAWf////8wCocICwAAWv////8wCocICwAAW/// +//8wCocICwAAXP////8wCocICwAAXf////8wCocICwAAXv////8wCocICwAAX/// +//8wCocICwAAYP////8wCocICwAAYf////8wCocICwAAYv////8wCocICwAAY/// +//8wCocICwAAZP////8wCocICwAAZf////8wCocICwAAZv////8wCocICwAAZ/// +//8wCocICwAAaP////8wCocICwAAaf////8wCocICwAAav////8wCocICwAAa/// +//8wCocICwAAbP////8wCocICwAAbf////8wCocICwAAbv////8wCocICwAAb/// +//8wCocICwAAcP////8wCocICwAAcf////8wCocICwAAcv////8wCocICwAAc/// +//8wCocICwAAdP////8wCocICwAAdf////8wCocICwAAdv////8wCocICwAAd/// +//8wCocICwAAeP////8wCocICwAAef////8wCocICwAAev////8wCocICwAAe/// +//8wCocICwAAfP////8wCocICwAAff////8wCocICwAAfv////8wCocICwAAf/// +//8wCocICwAAgP////8wCocICwAAgf////8wCocICwAAgv////8wCocICwAAg/// +//8wCocICwAAhP////8wCocICwAAhf////8wCocICwAAhv////8wCocICwAAh/// +//8wCocICwAAiP////8wCocICwAAif////8wCocICwAAiv////8wCocICwAAi/// +//8wCocICwAAjP////8wCocICwAAjf////8wCocICwAAjv////8wCocICwAAj/// +//8wCocICwAAkP////8wCocICwAAkf////8wCocICwAAkv////8wCocICwAAk/// +//8wCocICwAAlP////8wCocICwAAlf////8wCocICwAAlv////8wCocICwAAl/// +//8wCocICwAAmP////8wCocICwAAmf////8wCocICwAAmv////8wCocICwAAm/// +//8wCocICwAAnP////8wCocICwAAnf////8wCocICwAAnv////8wCocICwAAn/// +//8wCocICwAAoP////8wCocICwAAof////8wCocICwAAov////8wCocICwAAo/// +//8wCocICwAApP////8wCocICwAApf////8wCocICwAApv////8wCocICwAAp/// +//8wCocICwAAqP////8wCocICwAAqf////8wEaQPMA0xCzAJBgNVBAMMAngwMBGk +DzANMQswCQYDVQQDDAJ4MTARpA8wDTELMAkGA1UEAwwCeDIwEaQPMA0xCzAJBgNV +BAMMAngzMBGkDzANMQswCQYDVQQDDAJ4NDARpA8wDTELMAkGA1UEAwwCeDUwEaQP +MA0xCzAJBgNVBAMMAng2MBGkDzANMQswCQYDVQQDDAJ4NzARpA8wDTELMAkGA1UE +AwwCeDgwEaQPMA0xCzAJBgNVBAMMAng5MBKkEDAOMQwwCgYDVQQDDAN4MTAwEqQQ +MA4xDDAKBgNVBAMMA3gxMTASpBAwDjEMMAoGA1UEAwwDeDEyMBKkEDAOMQwwCgYD +VQQDDAN4MTMwEqQQMA4xDDAKBgNVBAMMA3gxNDASpBAwDjEMMAoGA1UEAwwDeDE1 +MBKkEDAOMQwwCgYDVQQDDAN4MTYwEqQQMA4xDDAKBgNVBAMMA3gxNzASpBAwDjEM +MAoGA1UEAwwDeDE4MBKkEDAOMQwwCgYDVQQDDAN4MTkwEqQQMA4xDDAKBgNVBAMM +A3gyMDASpBAwDjEMMAoGA1UEAwwDeDIxMBKkEDAOMQwwCgYDVQQDDAN4MjIwEqQQ +MA4xDDAKBgNVBAMMA3gyMzASpBAwDjEMMAoGA1UEAwwDeDI0MBKkEDAOMQwwCgYD +VQQDDAN4MjUwEqQQMA4xDDAKBgNVBAMMA3gyNjASpBAwDjEMMAoGA1UEAwwDeDI3 +MBKkEDAOMQwwCgYDVQQDDAN4MjgwEqQQMA4xDDAKBgNVBAMMA3gyOTASpBAwDjEM +MAoGA1UEAwwDeDMwMBKkEDAOMQwwCgYDVQQDDAN4MzEwEqQQMA4xDDAKBgNVBAMM +A3gzMjASpBAwDjEMMAoGA1UEAwwDeDMzMBKkEDAOMQwwCgYDVQQDDAN4MzQwEqQQ +MA4xDDAKBgNVBAMMA3gzNTASpBAwDjEMMAoGA1UEAwwDeDM2MBKkEDAOMQwwCgYD +VQQDDAN4MzcwEqQQMA4xDDAKBgNVBAMMA3gzODASpBAwDjEMMAoGA1UEAwwDeDM5 +MBKkEDAOMQwwCgYDVQQDDAN4NDAwEqQQMA4xDDAKBgNVBAMMA3g0MTASpBAwDjEM +MAoGA1UEAwwDeDQyMBKkEDAOMQwwCgYDVQQDDAN4NDMwEqQQMA4xDDAKBgNVBAMM +A3g0NDASpBAwDjEMMAoGA1UEAwwDeDQ1MBKkEDAOMQwwCgYDVQQDDAN4NDYwEqQQ +MA4xDDAKBgNVBAMMA3g0NzASpBAwDjEMMAoGA1UEAwwDeDQ4MBKkEDAOMQwwCgYD +VQQDDAN4NDkwEqQQMA4xDDAKBgNVBAMMA3g1MDASpBAwDjEMMAoGA1UEAwwDeDUx +MBKkEDAOMQwwCgYDVQQDDAN4NTIwEqQQMA4xDDAKBgNVBAMMA3g1MzASpBAwDjEM +MAoGA1UEAwwDeDU0MBKkEDAOMQwwCgYDVQQDDAN4NTUwEqQQMA4xDDAKBgNVBAMM +A3g1NjASpBAwDjEMMAoGA1UEAwwDeDU3MBKkEDAOMQwwCgYDVQQDDAN4NTgwEqQQ +MA4xDDAKBgNVBAMMA3g1OTASpBAwDjEMMAoGA1UEAwwDeDYwMBKkEDAOMQwwCgYD +VQQDDAN4NjEwEqQQMA4xDDAKBgNVBAMMA3g2MjASpBAwDjEMMAoGA1UEAwwDeDYz +MBKkEDAOMQwwCgYDVQQDDAN4NjQwEqQQMA4xDDAKBgNVBAMMA3g2NTASpBAwDjEM +MAoGA1UEAwwDeDY2MBKkEDAOMQwwCgYDVQQDDAN4NjcwEqQQMA4xDDAKBgNVBAMM +A3g2ODASpBAwDjEMMAoGA1UEAwwDeDY5MBKkEDAOMQwwCgYDVQQDDAN4NzAwEqQQ +MA4xDDAKBgNVBAMMA3g3MTASpBAwDjEMMAoGA1UEAwwDeDcyMBKkEDAOMQwwCgYD +VQQDDAN4NzMwEqQQMA4xDDAKBgNVBAMMA3g3NDASpBAwDjEMMAoGA1UEAwwDeDc1 +MBKkEDAOMQwwCgYDVQQDDAN4NzYwEqQQMA4xDDAKBgNVBAMMA3g3NzASpBAwDjEM +MAoGA1UEAwwDeDc4MBKkEDAOMQwwCgYDVQQDDAN4NzkwEqQQMA4xDDAKBgNVBAMM +A3g4MDASpBAwDjEMMAoGA1UEAwwDeDgxMBKkEDAOMQwwCgYDVQQDDAN4ODIwEqQQ +MA4xDDAKBgNVBAMMA3g4MzASpBAwDjEMMAoGA1UEAwwDeDg0MBKkEDAOMQwwCgYD +VQQDDAN4ODUwEqQQMA4xDDAKBgNVBAMMA3g4NjASpBAwDjEMMAoGA1UEAwwDeDg3 +MBKkEDAOMQwwCgYDVQQDDAN4ODgwEqQQMA4xDDAKBgNVBAMMA3g4OTASpBAwDjEM +MAoGA1UEAwwDeDkwMBKkEDAOMQwwCgYDVQQDDAN4OTEwEqQQMA4xDDAKBgNVBAMM +A3g5MjASpBAwDjEMMAoGA1UEAwwDeDkzMBKkEDAOMQwwCgYDVQQDDAN4OTQwEqQQ +MA4xDDAKBgNVBAMMA3g5NTASpBAwDjEMMAoGA1UEAwwDeDk2MBKkEDAOMQwwCgYD +VQQDDAN4OTcwEqQQMA4xDDAKBgNVBAMMA3g5ODASpBAwDjEMMAoGA1UEAwwDeDk5 +MBOkETAPMQ0wCwYDVQQDDAR4MTAwMBOkETAPMQ0wCwYDVQQDDAR4MTAxMBOkETAP +MQ0wCwYDVQQDDAR4MTAyMBOkETAPMQ0wCwYDVQQDDAR4MTAzMBOkETAPMQ0wCwYD +VQQDDAR4MTA0MBOkETAPMQ0wCwYDVQQDDAR4MTA1MBOkETAPMQ0wCwYDVQQDDAR4 +MTA2MBOkETAPMQ0wCwYDVQQDDAR4MTA3MBOkETAPMQ0wCwYDVQQDDAR4MTA4MBOk +ETAPMQ0wCwYDVQQDDAR4MTA5MBOkETAPMQ0wCwYDVQQDDAR4MTEwMBOkETAPMQ0w +CwYDVQQDDAR4MTExMBOkETAPMQ0wCwYDVQQDDAR4MTEyMBOkETAPMQ0wCwYDVQQD +DAR4MTEzMBOkETAPMQ0wCwYDVQQDDAR4MTE0MBOkETAPMQ0wCwYDVQQDDAR4MTE1 +MBOkETAPMQ0wCwYDVQQDDAR4MTE2MBOkETAPMQ0wCwYDVQQDDAR4MTE3MBOkETAP +MQ0wCwYDVQQDDAR4MTE4MBOkETAPMQ0wCwYDVQQDDAR4MTE5MBOkETAPMQ0wCwYD +VQQDDAR4MTIwMBOkETAPMQ0wCwYDVQQDDAR4MTIxMBOkETAPMQ0wCwYDVQQDDAR4 +MTIyMBOkETAPMQ0wCwYDVQQDDAR4MTIzMBOkETAPMQ0wCwYDVQQDDAR4MTI0MBOk +ETAPMQ0wCwYDVQQDDAR4MTI1MBOkETAPMQ0wCwYDVQQDDAR4MTI2MBOkETAPMQ0w +CwYDVQQDDAR4MTI3MBOkETAPMQ0wCwYDVQQDDAR4MTI4MBOkETAPMQ0wCwYDVQQD +DAR4MTI5MBOkETAPMQ0wCwYDVQQDDAR4MTMwMBOkETAPMQ0wCwYDVQQDDAR4MTMx +MBOkETAPMQ0wCwYDVQQDDAR4MTMyMBOkETAPMQ0wCwYDVQQDDAR4MTMzMBOkETAP +MQ0wCwYDVQQDDAR4MTM0MBOkETAPMQ0wCwYDVQQDDAR4MTM1MBOkETAPMQ0wCwYD +VQQDDAR4MTM2MBOkETAPMQ0wCwYDVQQDDAR4MTM3MBOkETAPMQ0wCwYDVQQDDAR4 +MTM4MBOkETAPMQ0wCwYDVQQDDAR4MTM5MBOkETAPMQ0wCwYDVQQDDAR4MTQwMBOk +ETAPMQ0wCwYDVQQDDAR4MTQxMBOkETAPMQ0wCwYDVQQDDAR4MTQyMBOkETAPMQ0w +CwYDVQQDDAR4MTQzMBOkETAPMQ0wCwYDVQQDDAR4MTQ0MBOkETAPMQ0wCwYDVQQD +DAR4MTQ1MBOkETAPMQ0wCwYDVQQDDAR4MTQ2MBOkETAPMQ0wCwYDVQQDDAR4MTQ3 +MBOkETAPMQ0wCwYDVQQDDAR4MTQ4MBOkETAPMQ0wCwYDVQQDDAR4MTQ5MBOkETAP +MQ0wCwYDVQQDDAR4MTUwMBOkETAPMQ0wCwYDVQQDDAR4MTUxMBOkETAPMQ0wCwYD +VQQDDAR4MTUyMBOkETAPMQ0wCwYDVQQDDAR4MTUzMBOkETAPMQ0wCwYDVQQDDAR4 +MTU0MBOkETAPMQ0wCwYDVQQDDAR4MTU1MBOkETAPMQ0wCwYDVQQDDAR4MTU2MBOk +ETAPMQ0wCwYDVQQDDAR4MTU3MBOkETAPMQ0wCwYDVQQDDAR4MTU4MBOkETAPMQ0w +CwYDVQQDDAR4MTU5MBOkETAPMQ0wCwYDVQQDDAR4MTYwMBOkETAPMQ0wCwYDVQQD +DAR4MTYxMBOkETAPMQ0wCwYDVQQDDAR4MTYyMBOkETAPMQ0wCwYDVQQDDAR4MTYz +MBOkETAPMQ0wCwYDVQQDDAR4MTY0MBOkETAPMQ0wCwYDVQQDDAR4MTY1MBOkETAP +MQ0wCwYDVQQDDAR4MTY2MBOkETAPMQ0wCwYDVQQDDAR4MTY3MBOkETAPMQ0wCwYD +VQQDDAR4MTY4MBOkETAPMQ0wCwYDVQQDDAR4MTY5MA0GCSqGSIb3DQEBCwUAA4IB +AQBQjCMVe8AEhyZfMmjpBZp3FfAxnnrG0igkCP19uZ2ujVZpRl3jh5RW4amag2F/ +sD7LkmotsibvlOoUykRycob0tlOa5rWa4AyhGD2aPByPwUa0X73x4Qk54M5Asbn9 +J+KYu8yB9Y/b++F5gpsu8YSDSOkN5IwnNe5NtqqOBdbY4rF94lgboLWLTQuteirA +YTRif5Fa+bbR+zfkp1m/EQC2Ie+wN3tHdPEQ9958S1eQ9OiVjSlhgsZJQdMemt3n +Otbumi5w2mtHugXKAnFcSZHOvNqqLspLfE3pws8YGbDHmqI7txo4qNyKMUgsneBo +7FiX5kwrhiQgzfLh/7KgwYvg +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.pem new file mode 100644 index 0000000000..5f017298c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_1.pem @@ -0,0 +1,1437 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + + Signature Algorithm: sha256WithRSAEncryption + 9f:cb:83:7b:e2:3c:57:27:25:ec:82:3f:30:c2:ff:12:51:71: + 3f:d5:94:05:1a:5b:58:44:80:b4:89:1e:e0:89:45:e5:e3:72: + 8b:c4:d8:ca:54:a3:db:f2:a3:fd:16:00:c1:86:21:e2:ed:e3: + 6c:94:7e:09:ae:ed:36:1c:e3:97:6f:3d:0a:b1:39:78:7a:b3: + b9:ce:c3:68:ee:60:27:7c:cb:6b:33:3c:5f:a2:6a:99:d4:08: + 2a:e9:21:04:ea:12:d9:28:53:1f:cc:af:ab:41:a3:6e:34:fa: + 56:56:44:d5:c5:10:bd:f4:37:3b:45:94:74:19:b2:49:cf:0f: + 98:94:75:68:ec:4e:6f:b0:41:ac:f7:38:02:1d:dd:1f:14:f6: + b5:c6:0c:a2:b2:a7:07:75:99:54:4e:fe:68:0c:1d:ae:a0:90: + d7:d5:64:60:15:ff:c7:fd:31:da:ab:50:43:44:b7:cc:3f:d2: + ee:e4:03:3e:a0:9d:8e:81:48:21:86:34:66:27:be:b2:73:01: + 2b:65:ee:51:3b:57:3f:76:51:ad:82:fc:7e:c9:ce:89:38:04: + 5f:c9:f6:41:62:32:60:b2:b9:d1:fe:4e:78:d6:a5:79:56:7b: + 57:e4:1d:42:7a:1f:aa:f7:b0:d0:82:ba:d4:f1:bb:f9:9c:ec: + ca:e7:f7:09 +-----BEGIN CERTIFICATE----- +MII/SzCCPjOgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCPJUwgjyRMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjvFBgNVHR4Egju8MII7uKCCHgAwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDAKhwgKAAAA//// +/zAKhwgKAAAB/////zAKhwgKAAAC/////zAKhwgKAAAD/////zAKhwgKAAAE//// +/zAKhwgKAAAF/////zAKhwgKAAAG/////zAKhwgKAAAH/////zAKhwgKAAAI//// +/zAKhwgKAAAJ/////zAKhwgKAAAK/////zAKhwgKAAAL/////zAKhwgKAAAM//// +/zAKhwgKAAAN/////zAKhwgKAAAO/////zAKhwgKAAAP/////zAKhwgKAAAQ//// +/zAKhwgKAAAR/////zAKhwgKAAAS/////zAKhwgKAAAT/////zAKhwgKAAAU//// +/zAKhwgKAAAV/////zAKhwgKAAAW/////zAKhwgKAAAX/////zAKhwgKAAAY//// +/zAKhwgKAAAZ/////zAKhwgKAAAa/////zAKhwgKAAAb/////zAKhwgKAAAc//// +/zAKhwgKAAAd/////zAKhwgKAAAe/////zAKhwgKAAAf/////zAKhwgKAAAg//// +/zAKhwgKAAAh/////zAKhwgKAAAi/////zAKhwgKAAAj/////zAKhwgKAAAk//// +/zAKhwgKAAAl/////zAKhwgKAAAm/////zAKhwgKAAAn/////zAKhwgKAAAo//// +/zAKhwgKAAAp/////zAKhwgKAAAq/////zAKhwgKAAAr/////zAKhwgKAAAs//// +/zAKhwgKAAAt/////zAKhwgKAAAu/////zAKhwgKAAAv/////zAKhwgKAAAw//// +/zAKhwgKAAAx/////zAKhwgKAAAy/////zAKhwgKAAAz/////zAKhwgKAAA0//// +/zAKhwgKAAA1/////zAKhwgKAAA2/////zAKhwgKAAA3/////zAKhwgKAAA4//// +/zAKhwgKAAA5/////zAKhwgKAAA6/////zAKhwgKAAA7/////zAKhwgKAAA8//// +/zAKhwgKAAA9/////zAKhwgKAAA+/////zAKhwgKAAA//////zAKhwgKAABA//// +/zAKhwgKAABB/////zAKhwgKAABC/////zAKhwgKAABD/////zAKhwgKAABE//// +/zAKhwgKAABF/////zAKhwgKAABG/////zAKhwgKAABH/////zAKhwgKAABI//// +/zAKhwgKAABJ/////zAKhwgKAABK/////zAKhwgKAABL/////zAKhwgKAABM//// +/zAKhwgKAABN/////zAKhwgKAABO/////zAKhwgKAABP/////zAKhwgKAABQ//// +/zAKhwgKAABR/////zAKhwgKAABS/////zAKhwgKAABT/////zAKhwgKAABU//// +/zAKhwgKAABV/////zAKhwgKAABW/////zAKhwgKAABX/////zAKhwgKAABY//// +/zAKhwgKAABZ/////zAKhwgKAABa/////zAKhwgKAABb/////zAKhwgKAABc//// +/zAKhwgKAABd/////zAKhwgKAABe/////zAKhwgKAABf/////zAKhwgKAABg//// +/zAKhwgKAABh/////zAKhwgKAABi/////zAKhwgKAABj/////zAKhwgKAABk//// +/zAKhwgKAABl/////zAKhwgKAABm/////zAKhwgKAABn/////zAKhwgKAABo//// +/zAKhwgKAABp/////zAKhwgKAABq/////zAKhwgKAABr/////zAKhwgKAABs//// +/zAKhwgKAABt/////zAKhwgKAABu/////zAKhwgKAABv/////zAKhwgKAABw//// +/zAKhwgKAABx/////zAKhwgKAABy/////zAKhwgKAABz/////zAKhwgKAAB0//// +/zAKhwgKAAB1/////zAKhwgKAAB2/////zAKhwgKAAB3/////zAKhwgKAAB4//// +/zAKhwgKAAB5/////zAKhwgKAAB6/////zAKhwgKAAB7/////zAKhwgKAAB8//// +/zAKhwgKAAB9/////zAKhwgKAAB+/////zAKhwgKAAB//////zAKhwgKAACA//// +/zAKhwgKAACB/////zAKhwgKAACC/////zAKhwgKAACD/////zAKhwgKAACE//// +/zAKhwgKAACF/////zAKhwgKAACG/////zAKhwgKAACH/////zAKhwgKAACI//// +/zAKhwgKAACJ/////zAKhwgKAACK/////zAKhwgKAACL/////zAKhwgKAACM//// +/zAKhwgKAACN/////zAKhwgKAACO/////zAKhwgKAACP/////zAKhwgKAACQ//// +/zAKhwgKAACR/////zAKhwgKAACS/////zAKhwgKAACT/////zAKhwgKAACU//// +/zAKhwgKAACV/////zAKhwgKAACW/////zAKhwgKAACX/////zAKhwgKAACY//// +/zAKhwgKAACZ/////zAKhwgKAACa/////zAKhwgKAACb/////zAKhwgKAACc//// +/zAKhwgKAACd/////zAKhwgKAACe/////zAKhwgKAACf/////zAKhwgKAACg//// +/zAKhwgKAACh/////zAKhwgKAACi/////zAKhwgKAACj/////zAKhwgKAACk//// +/zAKhwgKAACl/////zAKhwgKAACm/////zAKhwgKAACn/////zAKhwgKAACo//// +/zAKhwgKAACp/////zAKhwgKAACq/////zARpA8wDTELMAkGA1UEAwwCdDAwEaQP +MA0xCzAJBgNVBAMMAnQxMBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UE +AwwCdDMwEaQPMA0xCzAJBgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8w +DTELMAkGA1UEAwwCdDYwEaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQD +DAJ0ODARpA8wDTELMAkGA1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAw +DjEMMAoGA1UEAwwDdDExMBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNV +BAMMA3QxMzASpBAwDjEMMAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUw +EqQQMA4xDDAKBgNVBAMMA3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQww +CgYDVQQDDAN0MTgwEqQQMA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwD +dDIwMBKkEDAOMQwwCgYDVQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAw +DjEMMAoGA1UEAwwDdDIzMBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNV +BAMMA3QyNTASpBAwDjEMMAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0Mjcw +EqQQMA4xDDAKBgNVBAMMA3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQww +CgYDVQQDDAN0MzAwEqQQMA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwD +dDMyMBKkEDAOMQwwCgYDVQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAw +DjEMMAoGA1UEAwwDdDM1MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNV +BAMMA3QzNzASpBAwDjEMMAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0Mzkw +EqQQMA4xDDAKBgNVBAMMA3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQww +CgYDVQQDDAN0NDIwEqQQMA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwD +dDQ0MBKkEDAOMQwwCgYDVQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAw +DjEMMAoGA1UEAwwDdDQ3MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNV +BAMMA3Q0OTASpBAwDjEMMAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEw +EqQQMA4xDDAKBgNVBAMMA3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQww +CgYDVQQDDAN0NTQwEqQQMA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwD +dDU2MBKkEDAOMQwwCgYDVQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAw +DjEMMAoGA1UEAwwDdDU5MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNV +BAMMA3Q2MTASpBAwDjEMMAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMw +EqQQMA4xDDAKBgNVBAMMA3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQww +CgYDVQQDDAN0NjYwEqQQMA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwD +dDY4MBKkEDAOMQwwCgYDVQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAw +DjEMMAoGA1UEAwwDdDcxMBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNV +BAMMA3Q3MzASpBAwDjEMMAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUw +EqQQMA4xDDAKBgNVBAMMA3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQww +CgYDVQQDDAN0NzgwEqQQMA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwD +dDgwMBKkEDAOMQwwCgYDVQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAw +DjEMMAoGA1UEAwwDdDgzMBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNV +BAMMA3Q4NTASpBAwDjEMMAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcw +EqQQMA4xDDAKBgNVBAMMA3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQww +CgYDVQQDDAN0OTAwEqQQMA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwD +dDkyMBKkEDAOMQwwCgYDVQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAw +DjEMMAoGA1UEAwwDdDk1MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNV +BAMMA3Q5NzASpBAwDjEMMAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkw +E6QRMA8xDTALBgNVBAMMBHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8x +DTALBgNVBAMMBHQxMDIwE6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNV +BAMMBHQxMDQwE6QRMA8xDTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQx +MDYwE6QRMA8xDTALBgNVBAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QR +MA8xDTALBgNVBAMMBHQxMDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTAL +BgNVBAMMBHQxMTEwE6QRMA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMM +BHQxMTMwE6QRMA8xDTALBgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUw +E6QRMA8xDTALBgNVBAMMBHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8x +DTALBgNVBAMMBHQxMTgwE6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNV +BAMMBHQxMjAwE6QRMA8xDTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQx +MjIwE6QRMA8xDTALBgNVBAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QR +MA8xDTALBgNVBAMMBHQxMjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTAL +BgNVBAMMBHQxMjcwE6QRMA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMM +BHQxMjkwE6QRMA8xDTALBgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEw +E6QRMA8xDTALBgNVBAMMBHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8x +DTALBgNVBAMMBHQxMzQwE6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNV +BAMMBHQxMzYwE6QRMA8xDTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQx +MzgwE6QRMA8xDTALBgNVBAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QR +MA8xDTALBgNVBAMMBHQxNDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTAL +BgNVBAMMBHQxNDMwE6QRMA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMM +BHQxNDUwE6QRMA8xDTALBgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcw +E6QRMA8xDTALBgNVBAMMBHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8x +DTALBgNVBAMMBHQxNTAwE6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNV +BAMMBHQxNTIwE6QRMA8xDTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQx +NTQwE6QRMA8xDTALBgNVBAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QR +MA8xDTALBgNVBAMMBHQxNTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTAL +BgNVBAMMBHQxNTkwE6QRMA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMM +BHQxNjEwE6QRMA8xDTALBgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMw +E6QRMA8xDTALBgNVBAMMBHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8x +DTALBgNVBAMMBHQxNjYwE6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNV +BAMMBHQxNjgwE6QRMA8xDTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQx +NzAwE6QRMA8xDTALBgNVBAMMBHQxNzGhgh2wMAmCB3gwLnRlc3QwCYIHeDEudGVz +dDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmC +B3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEw +LnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0 +LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4 +LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIy +LnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2 +LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMw +LnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0 +LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4 +LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQy +LnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2 +LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUw +LnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0 +LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4 +LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYy +LnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2 +LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcw +LnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0 +LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4 +LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgy +LnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2 +LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkw +LnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0 +LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4 +LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4 +MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3Qw +C4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50 +ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgx +MTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDAL +ggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRl +c3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEy +NC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuC +CXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVz +dDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1 +LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJ +eDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0 +MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYu +dGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4 +MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3Qw +C4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50 +ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgx +NjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDAL +ggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRl +c3QwC4IJeDE2OS50ZXN0MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/ +////MAqHCAsAAAP/////MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/ +////MAqHCAsAAAf/////MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/ +////MAqHCAsAAAv/////MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/ +////MAqHCAsAAA//////MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/ +////MAqHCAsAABP/////MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/ +////MAqHCAsAABf/////MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/ +////MAqHCAsAABv/////MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/ +////MAqHCAsAAB//////MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/ +////MAqHCAsAACP/////MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/ +////MAqHCAsAACf/////MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/ +////MAqHCAsAACv/////MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/ +////MAqHCAsAAC//////MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/ +////MAqHCAsAADP/////MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/ +////MAqHCAsAADf/////MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/ +////MAqHCAsAADv/////MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/ +////MAqHCAsAAD//////MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/ +////MAqHCAsAAEP/////MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/ +////MAqHCAsAAEf/////MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/ +////MAqHCAsAAEv/////MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/ +////MAqHCAsAAE//////MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/ +////MAqHCAsAAFP/////MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/ +////MAqHCAsAAFf/////MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/ +////MAqHCAsAAFv/////MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/ +////MAqHCAsAAF//////MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/ +////MAqHCAsAAGP/////MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/ +////MAqHCAsAAGf/////MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/ +////MAqHCAsAAGv/////MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/ +////MAqHCAsAAG//////MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/ +////MAqHCAsAAHP/////MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/ +////MAqHCAsAAHf/////MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/ +////MAqHCAsAAHv/////MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/ +////MAqHCAsAAH//////MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/ +////MAqHCAsAAIP/////MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/ +////MAqHCAsAAIf/////MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/ +////MAqHCAsAAIv/////MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/ +////MAqHCAsAAI//////MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/ +////MAqHCAsAAJP/////MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/ +////MAqHCAsAAJf/////MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/ +////MAqHCAsAAJv/////MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/ +////MAqHCAsAAJ//////MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/ +////MAqHCAsAAKP/////MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/ +////MAqHCAsAAKf/////MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQsw +CQYDVQQDDAJ4MDARpA8wDTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngy +MBGkDzANMQswCQYDVQQDDAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJ +BgNVBAMMAng1MBGkDzANMQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcw +EaQPMA0xCzAJBgNVBAMMAng4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoG +A1UEAwwDeDEwMBKkEDAOMQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gx +MjASpBAwDjEMMAoGA1UEAwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4x +DDAKBgNVBAMMA3gxNTASpBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQD +DAN4MTcwEqQQMA4xDDAKBgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKk +EDAOMQwwCgYDVQQDDAN4MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoG +A1UEAwwDeDIyMBKkEDAOMQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gy +NDASpBAwDjEMMAoGA1UEAwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4x +DDAKBgNVBAMMA3gyNzASpBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQD +DAN4MjkwEqQQMA4xDDAKBgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKk +EDAOMQwwCgYDVQQDDAN4MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoG +A1UEAwwDeDM0MBKkEDAOMQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gz +NjASpBAwDjEMMAoGA1UEAwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4x +DDAKBgNVBAMMA3gzOTASpBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQD +DAN4NDEwEqQQMA4xDDAKBgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKk +EDAOMQwwCgYDVQQDDAN4NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoG +A1UEAwwDeDQ2MBKkEDAOMQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0 +ODASpBAwDjEMMAoGA1UEAwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4x +DDAKBgNVBAMMA3g1MTASpBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQD +DAN4NTMwEqQQMA4xDDAKBgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKk +EDAOMQwwCgYDVQQDDAN4NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoG +A1UEAwwDeDU4MBKkEDAOMQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2 +MDASpBAwDjEMMAoGA1UEAwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4x +DDAKBgNVBAMMA3g2MzASpBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQD +DAN4NjUwEqQQMA4xDDAKBgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKk +EDAOMQwwCgYDVQQDDAN4NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoG +A1UEAwwDeDcwMBKkEDAOMQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3 +MjASpBAwDjEMMAoGA1UEAwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4x +DDAKBgNVBAMMA3g3NTASpBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQD +DAN4NzcwEqQQMA4xDDAKBgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKk +EDAOMQwwCgYDVQQDDAN4ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoG +A1UEAwwDeDgyMBKkEDAOMQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4 +NDASpBAwDjEMMAoGA1UEAwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4x +DDAKBgNVBAMMA3g4NzASpBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQD +DAN4ODkwEqQQMA4xDDAKBgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKk +EDAOMQwwCgYDVQQDDAN4OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoG +A1UEAwwDeDk0MBKkEDAOMQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5 +NjASpBAwDjEMMAoGA1UEAwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4x +DDAKBgNVBAMMA3g5OTATpBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UE +AwwEeDEwMTATpBEwDzENMAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEw +MzATpBEwDzENMAsGA1UEAwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEw +DzENMAsGA1UEAwwEeDEwNjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsG +A1UEAwwEeDEwODATpBEwDzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwE +eDExMDATpBEwDzENMAsGA1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjAT +pBEwDzENMAsGA1UEAwwEeDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzEN +MAsGA1UEAwwEeDExNTATpBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UE +AwwEeDExNzATpBEwDzENMAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDEx +OTATpBEwDzENMAsGA1UEAwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEw +DzENMAsGA1UEAwwEeDEyMjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsG +A1UEAwwEeDEyNDATpBEwDzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwE +eDEyNjATpBEwDzENMAsGA1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODAT +pBEwDzENMAsGA1UEAwwEeDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzEN +MAsGA1UEAwwEeDEzMTATpBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UE +AwwEeDEzMzATpBEwDzENMAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEz +NTATpBEwDzENMAsGA1UEAwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEw +DzENMAsGA1UEAwwEeDEzODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsG +A1UEAwwEeDE0MDATpBEwDzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwE +eDE0MjATpBEwDzENMAsGA1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDAT +pBEwDzENMAsGA1UEAwwEeDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzEN +MAsGA1UEAwwEeDE0NzATpBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UE +AwwEeDE0OTATpBEwDzENMAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1 +MTATpBEwDzENMAsGA1UEAwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEw +DzENMAsGA1UEAwwEeDE1NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsG +A1UEAwwEeDE1NjATpBEwDzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwE +eDE1ODATpBEwDzENMAsGA1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDAT +pBEwDzENMAsGA1UEAwwEeDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzEN +MAsGA1UEAwwEeDE2MzATpBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UE +AwwEeDE2NTATpBEwDzENMAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2 +NzATpBEwDzENMAsGA1UEAwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTANBgkq +hkiG9w0BAQsFAAOCAQEAn8uDe+I8Vycl7II/MML/ElFxP9WUBRpbWESAtIke4IlF +5eNyi8TYylSj2/Kj/RYAwYYh4u3jbJR+Ca7tNhzjl289CrE5eHqzuc7DaO5gJ3zL +azM8X6JqmdQIKukhBOoS2ShTH8yvq0GjbjT6VlZE1cUQvfQ3O0WUdBmySc8PmJR1 +aOxOb7BBrPc4Ah3dHxT2tcYMorKnB3WZVE7+aAwdrqCQ19VkYBX/x/0x2qtQQ0S3 +zD/S7uQDPqCdjoFIIYY0Zie+snMBK2XuUTtXP3ZRrYL8fsnOiTgEX8n2QWIyYLK5 +0f5OeNaleVZ7V+QdQnofqvew0IK61PG7+Zzsyuf3CQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.cnf new file mode 100644 index 0000000000..5a2efa97c4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.cnf @@ -0,0 +1,1092 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_2.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +excluded;DNS.1 = x0.test +excluded;DNS.2 = x1.test +excluded;DNS.3 = x2.test +excluded;DNS.4 = x3.test +excluded;DNS.5 = x4.test +excluded;DNS.6 = x5.test +excluded;DNS.7 = x6.test +excluded;DNS.8 = x7.test +excluded;DNS.9 = x8.test +excluded;DNS.10 = x9.test +excluded;DNS.11 = x10.test +excluded;DNS.12 = x11.test +excluded;DNS.13 = x12.test +excluded;DNS.14 = x13.test +excluded;DNS.15 = x14.test +excluded;DNS.16 = x15.test +excluded;DNS.17 = x16.test +excluded;DNS.18 = x17.test +excluded;DNS.19 = x18.test +excluded;DNS.20 = x19.test +excluded;DNS.21 = x20.test +excluded;DNS.22 = x21.test +excluded;DNS.23 = x22.test +excluded;DNS.24 = x23.test +excluded;DNS.25 = x24.test +excluded;DNS.26 = x25.test +excluded;DNS.27 = x26.test +excluded;DNS.28 = x27.test +excluded;DNS.29 = x28.test +excluded;DNS.30 = x29.test +excluded;DNS.31 = x30.test +excluded;DNS.32 = x31.test +excluded;DNS.33 = x32.test +excluded;DNS.34 = x33.test +excluded;DNS.35 = x34.test +excluded;DNS.36 = x35.test +excluded;DNS.37 = x36.test +excluded;DNS.38 = x37.test +excluded;DNS.39 = x38.test +excluded;DNS.40 = x39.test +excluded;DNS.41 = x40.test +excluded;DNS.42 = x41.test +excluded;DNS.43 = x42.test +excluded;DNS.44 = x43.test +excluded;DNS.45 = x44.test +excluded;DNS.46 = x45.test +excluded;DNS.47 = x46.test +excluded;DNS.48 = x47.test +excluded;DNS.49 = x48.test +excluded;DNS.50 = x49.test +excluded;DNS.51 = x50.test +excluded;DNS.52 = x51.test +excluded;DNS.53 = x52.test +excluded;DNS.54 = x53.test +excluded;DNS.55 = x54.test +excluded;DNS.56 = x55.test +excluded;DNS.57 = x56.test +excluded;DNS.58 = x57.test +excluded;DNS.59 = x58.test +excluded;DNS.60 = x59.test +excluded;DNS.61 = x60.test +excluded;DNS.62 = x61.test +excluded;DNS.63 = x62.test +excluded;DNS.64 = x63.test +excluded;DNS.65 = x64.test +excluded;DNS.66 = x65.test +excluded;DNS.67 = x66.test +excluded;DNS.68 = x67.test +excluded;DNS.69 = x68.test +excluded;DNS.70 = x69.test +excluded;DNS.71 = x70.test +excluded;DNS.72 = x71.test +excluded;DNS.73 = x72.test +excluded;DNS.74 = x73.test +excluded;DNS.75 = x74.test +excluded;DNS.76 = x75.test +excluded;DNS.77 = x76.test +excluded;DNS.78 = x77.test +excluded;DNS.79 = x78.test +excluded;DNS.80 = x79.test +excluded;DNS.81 = x80.test +excluded;DNS.82 = x81.test +excluded;DNS.83 = x82.test +excluded;DNS.84 = x83.test +excluded;DNS.85 = x84.test +excluded;DNS.86 = x85.test +excluded;DNS.87 = x86.test +excluded;DNS.88 = x87.test +excluded;DNS.89 = x88.test +excluded;DNS.90 = x89.test +excluded;DNS.91 = x90.test +excluded;DNS.92 = x91.test +excluded;DNS.93 = x92.test +excluded;DNS.94 = x93.test +excluded;DNS.95 = x94.test +excluded;DNS.96 = x95.test +excluded;DNS.97 = x96.test +excluded;DNS.98 = x97.test +excluded;DNS.99 = x98.test +excluded;DNS.100 = x99.test +excluded;DNS.101 = x100.test +excluded;DNS.102 = x101.test +excluded;DNS.103 = x102.test +excluded;DNS.104 = x103.test +excluded;DNS.105 = x104.test +excluded;DNS.106 = x105.test +excluded;DNS.107 = x106.test +excluded;DNS.108 = x107.test +excluded;DNS.109 = x108.test +excluded;DNS.110 = x109.test +excluded;DNS.111 = x110.test +excluded;DNS.112 = x111.test +excluded;DNS.113 = x112.test +excluded;DNS.114 = x113.test +excluded;DNS.115 = x114.test +excluded;DNS.116 = x115.test +excluded;DNS.117 = x116.test +excluded;DNS.118 = x117.test +excluded;DNS.119 = x118.test +excluded;DNS.120 = x119.test +excluded;DNS.121 = x120.test +excluded;DNS.122 = x121.test +excluded;DNS.123 = x122.test +excluded;DNS.124 = x123.test +excluded;DNS.125 = x124.test +excluded;DNS.126 = x125.test +excluded;DNS.127 = x126.test +excluded;DNS.128 = x127.test +excluded;DNS.129 = x128.test +excluded;DNS.130 = x129.test +excluded;DNS.131 = x130.test +excluded;DNS.132 = x131.test +excluded;DNS.133 = x132.test +excluded;DNS.134 = x133.test +excluded;DNS.135 = x134.test +excluded;DNS.136 = x135.test +excluded;DNS.137 = x136.test +excluded;DNS.138 = x137.test +excluded;DNS.139 = x138.test +excluded;DNS.140 = x139.test +excluded;DNS.141 = x140.test +excluded;DNS.142 = x141.test +excluded;DNS.143 = x142.test +excluded;DNS.144 = x143.test +excluded;DNS.145 = x144.test +excluded;DNS.146 = x145.test +excluded;DNS.147 = x146.test +excluded;DNS.148 = x147.test +excluded;DNS.149 = x148.test +excluded;DNS.150 = x149.test +excluded;DNS.151 = x150.test +excluded;DNS.152 = x151.test +excluded;DNS.153 = x152.test +excluded;DNS.154 = x153.test +excluded;DNS.155 = x154.test +excluded;DNS.156 = x155.test +excluded;DNS.157 = x156.test +excluded;DNS.158 = x157.test +excluded;DNS.159 = x158.test +excluded;DNS.160 = x159.test +excluded;DNS.161 = x160.test +excluded;DNS.162 = x161.test +excluded;DNS.163 = x162.test +excluded;DNS.164 = x163.test +excluded;DNS.165 = x164.test +excluded;DNS.166 = x165.test +excluded;DNS.167 = x166.test +excluded;DNS.168 = x167.test +excluded;DNS.169 = x168.test +excluded;DNS.170 = x169.test +excluded;DNS.171 = x170.test +excluded;DNS.172 = x171.test +excluded;DNS.173 = x172.test +excluded;DNS.174 = x173.test +excluded;DNS.175 = x174.test +excluded;DNS.176 = x175.test +excluded;DNS.177 = x176.test +excluded;DNS.178 = x177.test +excluded;DNS.179 = x178.test +excluded;DNS.180 = x179.test +excluded;DNS.181 = x180.test +excluded;DNS.182 = x181.test +excluded;DNS.183 = x182.test +excluded;DNS.184 = x183.test +excluded;DNS.185 = x184.test +excluded;DNS.186 = x185.test +excluded;DNS.187 = x186.test +excluded;DNS.188 = x187.test +excluded;DNS.189 = x188.test +excluded;DNS.190 = x189.test +excluded;DNS.191 = x190.test +excluded;DNS.192 = x191.test +excluded;DNS.193 = x192.test +excluded;DNS.194 = x193.test +excluded;DNS.195 = x194.test +excluded;DNS.196 = x195.test +excluded;DNS.197 = x196.test +excluded;DNS.198 = x197.test +excluded;DNS.199 = x198.test +excluded;DNS.200 = x199.test +excluded;DNS.201 = x200.test +excluded;DNS.202 = x201.test +excluded;DNS.203 = x202.test +excluded;DNS.204 = x203.test +excluded;DNS.205 = x204.test +excluded;DNS.206 = x205.test +excluded;DNS.207 = x206.test +excluded;DNS.208 = x207.test +excluded;DNS.209 = x208.test +excluded;DNS.210 = x209.test +excluded;DNS.211 = x210.test +excluded;DNS.212 = x211.test +excluded;DNS.213 = x212.test +excluded;DNS.214 = x213.test +excluded;DNS.215 = x214.test +excluded;DNS.216 = x215.test +excluded;DNS.217 = x216.test +excluded;DNS.218 = x217.test +excluded;DNS.219 = x218.test +excluded;DNS.220 = x219.test +excluded;DNS.221 = x220.test +excluded;DNS.222 = x221.test +excluded;DNS.223 = x222.test +excluded;DNS.224 = x223.test +excluded;DNS.225 = x224.test +excluded;DNS.226 = x225.test +excluded;DNS.227 = x226.test +excluded;DNS.228 = x227.test +excluded;DNS.229 = x228.test +excluded;DNS.230 = x229.test +excluded;DNS.231 = x230.test +excluded;DNS.232 = x231.test +excluded;DNS.233 = x232.test +excluded;DNS.234 = x233.test +excluded;DNS.235 = x234.test +excluded;DNS.236 = x235.test +excluded;DNS.237 = x236.test +excluded;DNS.238 = x237.test +excluded;DNS.239 = x238.test +excluded;DNS.240 = x239.test +excluded;DNS.241 = x240.test +excluded;DNS.242 = x241.test +excluded;DNS.243 = x242.test +excluded;DNS.244 = x243.test +excluded;DNS.245 = x244.test +excluded;DNS.246 = x245.test +excluded;DNS.247 = x246.test +excluded;DNS.248 = x247.test +excluded;DNS.249 = x248.test +excluded;DNS.250 = x249.test +excluded;DNS.251 = x250.test +excluded;DNS.252 = x251.test +excluded;DNS.253 = x252.test +excluded;DNS.254 = x253.test +excluded;DNS.255 = x254.test +excluded;DNS.256 = x255.test +excluded;DNS.257 = x256.test +excluded;DNS.258 = x257.test +excluded;DNS.259 = x258.test +excluded;DNS.260 = x259.test +excluded;DNS.261 = x260.test +excluded;DNS.262 = x261.test +excluded;DNS.263 = x262.test +excluded;DNS.264 = x263.test +excluded;DNS.265 = x264.test +excluded;DNS.266 = x265.test +excluded;DNS.267 = x266.test +excluded;DNS.268 = x267.test +excluded;DNS.269 = x268.test +excluded;DNS.270 = x269.test +excluded;DNS.271 = x270.test +excluded;DNS.272 = x271.test +excluded;DNS.273 = x272.test +excluded;DNS.274 = x273.test +excluded;DNS.275 = x274.test +excluded;DNS.276 = x275.test +excluded;DNS.277 = x276.test +excluded;DNS.278 = x277.test +excluded;DNS.279 = x278.test +excluded;DNS.280 = x279.test +excluded;DNS.281 = x280.test +excluded;DNS.282 = x281.test +excluded;DNS.283 = x282.test +excluded;DNS.284 = x283.test +excluded;DNS.285 = x284.test +excluded;DNS.286 = x285.test +excluded;DNS.287 = x286.test +excluded;DNS.288 = x287.test +excluded;DNS.289 = x288.test +excluded;DNS.290 = x289.test +excluded;DNS.291 = x290.test +excluded;DNS.292 = x291.test +excluded;DNS.293 = x292.test +excluded;DNS.294 = x293.test +excluded;DNS.295 = x294.test +excluded;DNS.296 = x295.test +excluded;DNS.297 = x296.test +excluded;DNS.298 = x297.test +excluded;DNS.299 = x298.test +excluded;DNS.300 = x299.test +excluded;DNS.301 = x300.test +excluded;DNS.302 = x301.test +excluded;DNS.303 = x302.test +excluded;DNS.304 = x303.test +excluded;DNS.305 = x304.test +excluded;DNS.306 = x305.test +excluded;DNS.307 = x306.test +excluded;DNS.308 = x307.test +excluded;DNS.309 = x308.test +excluded;DNS.310 = x309.test +excluded;DNS.311 = x310.test +excluded;DNS.312 = x311.test +excluded;DNS.313 = x312.test +excluded;DNS.314 = x313.test +excluded;DNS.315 = x314.test +excluded;DNS.316 = x315.test +excluded;DNS.317 = x316.test +excluded;DNS.318 = x317.test +excluded;DNS.319 = x318.test +excluded;DNS.320 = x319.test +excluded;DNS.321 = x320.test +excluded;DNS.322 = x321.test +excluded;DNS.323 = x322.test +excluded;DNS.324 = x323.test +excluded;DNS.325 = x324.test +excluded;DNS.326 = x325.test +excluded;DNS.327 = x326.test +excluded;DNS.328 = x327.test +excluded;DNS.329 = x328.test +excluded;DNS.330 = x329.test +excluded;DNS.331 = x330.test +excluded;DNS.332 = x331.test +excluded;DNS.333 = x332.test +excluded;DNS.334 = x333.test +excluded;DNS.335 = x334.test +excluded;DNS.336 = x335.test +excluded;DNS.337 = x336.test +excluded;DNS.338 = x337.test +excluded;DNS.339 = x338.test +excluded;DNS.340 = x339.test +excluded;DNS.341 = x340.test +excluded;DNS.342 = x341.test +excluded;DNS.343 = x342.test +excluded;DNS.344 = x343.test +excluded;DNS.345 = x344.test +excluded;DNS.346 = x345.test +excluded;DNS.347 = x346.test +excluded;DNS.348 = x347.test +excluded;DNS.349 = x348.test +excluded;DNS.350 = x349.test +excluded;DNS.351 = x350.test +excluded;DNS.352 = x351.test +excluded;DNS.353 = x352.test +excluded;DNS.354 = x353.test +excluded;DNS.355 = x354.test +excluded;DNS.356 = x355.test +excluded;DNS.357 = x356.test +excluded;DNS.358 = x357.test +excluded;DNS.359 = x358.test +excluded;DNS.360 = x359.test +excluded;DNS.361 = x360.test +excluded;DNS.362 = x361.test +excluded;DNS.363 = x362.test +excluded;DNS.364 = x363.test +excluded;DNS.365 = x364.test +excluded;DNS.366 = x365.test +excluded;DNS.367 = x366.test +excluded;DNS.368 = x367.test +excluded;DNS.369 = x368.test +excluded;DNS.370 = x369.test +excluded;DNS.371 = x370.test +excluded;DNS.372 = x371.test +excluded;DNS.373 = x372.test +excluded;DNS.374 = x373.test +excluded;DNS.375 = x374.test +excluded;DNS.376 = x375.test +excluded;DNS.377 = x376.test +excluded;DNS.378 = x377.test +excluded;DNS.379 = x378.test +excluded;DNS.380 = x379.test +excluded;DNS.381 = x380.test +excluded;DNS.382 = x381.test +excluded;DNS.383 = x382.test +excluded;DNS.384 = x383.test +excluded;DNS.385 = x384.test +excluded;DNS.386 = x385.test +excluded;DNS.387 = x386.test +excluded;DNS.388 = x387.test +excluded;DNS.389 = x388.test +excluded;DNS.390 = x389.test +excluded;DNS.391 = x390.test +excluded;DNS.392 = x391.test +excluded;DNS.393 = x392.test +excluded;DNS.394 = x393.test +excluded;DNS.395 = x394.test +excluded;DNS.396 = x395.test +excluded;DNS.397 = x396.test +excluded;DNS.398 = x397.test +excluded;DNS.399 = x398.test +excluded;DNS.400 = x399.test +excluded;DNS.401 = x400.test +excluded;DNS.402 = x401.test +excluded;DNS.403 = x402.test +excluded;DNS.404 = x403.test +excluded;DNS.405 = x404.test +excluded;DNS.406 = x405.test +excluded;DNS.407 = x406.test +excluded;DNS.408 = x407.test +excluded;DNS.409 = x408.test +excluded;DNS.410 = x409.test +excluded;DNS.411 = x410.test +excluded;DNS.412 = x411.test +excluded;DNS.413 = x412.test +excluded;DNS.414 = x413.test +excluded;DNS.415 = x414.test +excluded;DNS.416 = x415.test +excluded;DNS.417 = x416.test +excluded;DNS.418 = x417.test +excluded;DNS.419 = x418.test +excluded;DNS.420 = x419.test +excluded;DNS.421 = x420.test +excluded;DNS.422 = x421.test +excluded;DNS.423 = x422.test +excluded;DNS.424 = x423.test +excluded;DNS.425 = x424.test +excluded;DNS.426 = x425.test +excluded;DNS.427 = x426.test +excluded;DNS.428 = x427.test +excluded;DNS.429 = x428.test +excluded;DNS.430 = x429.test +excluded;DNS.431 = x430.test +excluded;DNS.432 = x431.test +excluded;DNS.433 = x432.test +excluded;DNS.434 = x433.test +excluded;DNS.435 = x434.test +excluded;DNS.436 = x435.test +excluded;DNS.437 = x436.test +excluded;DNS.438 = x437.test +excluded;DNS.439 = x438.test +excluded;DNS.440 = x439.test +excluded;DNS.441 = x440.test +excluded;DNS.442 = x441.test +excluded;DNS.443 = x442.test +excluded;DNS.444 = x443.test +excluded;DNS.445 = x444.test +excluded;DNS.446 = x445.test +excluded;DNS.447 = x446.test +excluded;DNS.448 = x447.test +excluded;DNS.449 = x448.test +excluded;DNS.450 = x449.test +excluded;DNS.451 = x450.test +excluded;DNS.452 = x451.test +excluded;DNS.453 = x452.test +excluded;DNS.454 = x453.test +excluded;DNS.455 = x454.test +excluded;DNS.456 = x455.test +excluded;DNS.457 = x456.test +excluded;DNS.458 = x457.test +excluded;DNS.459 = x458.test +excluded;DNS.460 = x459.test +excluded;DNS.461 = x460.test +excluded;DNS.462 = x461.test +excluded;DNS.463 = x462.test +excluded;DNS.464 = x463.test +excluded;DNS.465 = x464.test +excluded;DNS.466 = x465.test +excluded;DNS.467 = x466.test +excluded;DNS.468 = x467.test +excluded;DNS.469 = x468.test +excluded;DNS.470 = x469.test +excluded;DNS.471 = x470.test +excluded;DNS.472 = x471.test +excluded;DNS.473 = x472.test +excluded;DNS.474 = x473.test +excluded;DNS.475 = x474.test +excluded;DNS.476 = x475.test +excluded;DNS.477 = x476.test +excluded;DNS.478 = x477.test +excluded;DNS.479 = x478.test +excluded;DNS.480 = x479.test +excluded;DNS.481 = x480.test +excluded;DNS.482 = x481.test +excluded;DNS.483 = x482.test +excluded;DNS.484 = x483.test +excluded;DNS.485 = x484.test +excluded;DNS.486 = x485.test +excluded;DNS.487 = x486.test +excluded;DNS.488 = x487.test +excluded;DNS.489 = x488.test +excluded;DNS.490 = x489.test +excluded;DNS.491 = x490.test +excluded;DNS.492 = x491.test +excluded;DNS.493 = x492.test +excluded;DNS.494 = x493.test +excluded;DNS.495 = x494.test +excluded;DNS.496 = x495.test +excluded;DNS.497 = x496.test +excluded;DNS.498 = x497.test +excluded;DNS.499 = x498.test +excluded;DNS.500 = x499.test +excluded;DNS.501 = x500.test +excluded;DNS.502 = x501.test +excluded;DNS.503 = x502.test +excluded;DNS.504 = x503.test +excluded;DNS.505 = x504.test +excluded;DNS.506 = x505.test +excluded;DNS.507 = x506.test +excluded;DNS.508 = x507.test +excluded;DNS.509 = x508.test +excluded;DNS.510 = x509.test +excluded;DNS.511 = x510.test +excluded;DNS.512 = x511.test +excluded;DNS.513 = x512.test +excluded;DNS.514 = x513.test +excluded;DNS.515 = x514.test +excluded;DNS.516 = x515.test +excluded;DNS.517 = x516.test +excluded;DNS.518 = x517.test +excluded;DNS.519 = x518.test +excluded;DNS.520 = x519.test +excluded;DNS.521 = x520.test +excluded;DNS.522 = x521.test +excluded;DNS.523 = x522.test +excluded;DNS.524 = x523.test +excluded;DNS.525 = x524.test +excluded;DNS.526 = x525.test +excluded;DNS.527 = x526.test +excluded;DNS.528 = x527.test +excluded;DNS.529 = x528.test +excluded;DNS.530 = x529.test +excluded;DNS.531 = x530.test +excluded;DNS.532 = x531.test +excluded;DNS.533 = x532.test +excluded;DNS.534 = x533.test +excluded;DNS.535 = x534.test +excluded;DNS.536 = x535.test +excluded;DNS.537 = x536.test +excluded;DNS.538 = x537.test +excluded;DNS.539 = x538.test +excluded;DNS.540 = x539.test +excluded;DNS.541 = x540.test +excluded;DNS.542 = x541.test +excluded;DNS.543 = x542.test +excluded;DNS.544 = x543.test +excluded;DNS.545 = x544.test +excluded;DNS.546 = x545.test +excluded;DNS.547 = x546.test +excluded;DNS.548 = x547.test +excluded;DNS.549 = x548.test +excluded;DNS.550 = x549.test +excluded;DNS.551 = x550.test +excluded;DNS.552 = x551.test +excluded;DNS.553 = x552.test +excluded;DNS.554 = x553.test +excluded;DNS.555 = x554.test +excluded;DNS.556 = x555.test +excluded;DNS.557 = x556.test +excluded;DNS.558 = x557.test +excluded;DNS.559 = x558.test +excluded;DNS.560 = x559.test +excluded;DNS.561 = x560.test +excluded;DNS.562 = x561.test +excluded;DNS.563 = x562.test +excluded;DNS.564 = x563.test +excluded;DNS.565 = x564.test +excluded;DNS.566 = x565.test +excluded;DNS.567 = x566.test +excluded;DNS.568 = x567.test +excluded;DNS.569 = x568.test +excluded;DNS.570 = x569.test +excluded;DNS.571 = x570.test +excluded;DNS.572 = x571.test +excluded;DNS.573 = x572.test +excluded;DNS.574 = x573.test +excluded;DNS.575 = x574.test +excluded;DNS.576 = x575.test +excluded;DNS.577 = x576.test +excluded;DNS.578 = x577.test +excluded;DNS.579 = x578.test +excluded;DNS.580 = x579.test +excluded;DNS.581 = x580.test +excluded;DNS.582 = x581.test +excluded;DNS.583 = x582.test +excluded;DNS.584 = x583.test +excluded;DNS.585 = x584.test +excluded;DNS.586 = x585.test +excluded;DNS.587 = x586.test +excluded;DNS.588 = x587.test +excluded;DNS.589 = x588.test +excluded;DNS.590 = x589.test +excluded;DNS.591 = x590.test +excluded;DNS.592 = x591.test +excluded;DNS.593 = x592.test +excluded;DNS.594 = x593.test +excluded;DNS.595 = x594.test +excluded;DNS.596 = x595.test +excluded;DNS.597 = x596.test +excluded;DNS.598 = x597.test +excluded;DNS.599 = x598.test +excluded;DNS.600 = x599.test +excluded;DNS.601 = x600.test +excluded;DNS.602 = x601.test +excluded;DNS.603 = x602.test +excluded;DNS.604 = x603.test +excluded;DNS.605 = x604.test +excluded;DNS.606 = x605.test +excluded;DNS.607 = x606.test +excluded;DNS.608 = x607.test +excluded;DNS.609 = x608.test +excluded;DNS.610 = x609.test +excluded;DNS.611 = x610.test +excluded;DNS.612 = x611.test +excluded;DNS.613 = x612.test +excluded;DNS.614 = x613.test +excluded;DNS.615 = x614.test +excluded;DNS.616 = x615.test +excluded;DNS.617 = x616.test +excluded;DNS.618 = x617.test +excluded;DNS.619 = x618.test +excluded;DNS.620 = x619.test +excluded;DNS.621 = x620.test +excluded;DNS.622 = x621.test +excluded;DNS.623 = x622.test +excluded;DNS.624 = x623.test +excluded;DNS.625 = x624.test +excluded;DNS.626 = x625.test +excluded;DNS.627 = x626.test +excluded;DNS.628 = x627.test +excluded;DNS.629 = x628.test +excluded;DNS.630 = x629.test +excluded;DNS.631 = x630.test +excluded;DNS.632 = x631.test +excluded;DNS.633 = x632.test +excluded;DNS.634 = x633.test +excluded;DNS.635 = x634.test +excluded;DNS.636 = x635.test +excluded;DNS.637 = x636.test +excluded;DNS.638 = x637.test +excluded;DNS.639 = x638.test +excluded;DNS.640 = x639.test +excluded;DNS.641 = x640.test +excluded;DNS.642 = x641.test +excluded;DNS.643 = x642.test +excluded;DNS.644 = x643.test +excluded;DNS.645 = x644.test +excluded;DNS.646 = x645.test +excluded;DNS.647 = x646.test +excluded;DNS.648 = x647.test +excluded;DNS.649 = x648.test +excluded;DNS.650 = x649.test +excluded;DNS.651 = x650.test +excluded;DNS.652 = x651.test +excluded;DNS.653 = x652.test +excluded;DNS.654 = x653.test +excluded;DNS.655 = x654.test +excluded;DNS.656 = x655.test +excluded;DNS.657 = x656.test +excluded;DNS.658 = x657.test +excluded;DNS.659 = x658.test +excluded;DNS.660 = x659.test +excluded;DNS.661 = x660.test +excluded;DNS.662 = x661.test +excluded;DNS.663 = x662.test +excluded;DNS.664 = x663.test +excluded;DNS.665 = x664.test +excluded;DNS.666 = x665.test +excluded;DNS.667 = x666.test +excluded;DNS.668 = x667.test +excluded;DNS.669 = x668.test +excluded;DNS.670 = x669.test +excluded;DNS.671 = x670.test +excluded;DNS.672 = x671.test +excluded;DNS.673 = x672.test +excluded;DNS.674 = x673.test +excluded;DNS.675 = x674.test +excluded;DNS.676 = x675.test +excluded;DNS.677 = x676.test +excluded;DNS.678 = x677.test +excluded;DNS.679 = x678.test +excluded;DNS.680 = x679.test +excluded;DNS.681 = x680.test +excluded;DNS.682 = x681.test +excluded;DNS.683 = x682.test +excluded;DNS.684 = x683.test +excluded;DNS.685 = x684.test +excluded;DNS.686 = x685.test +excluded;DNS.687 = x686.test +excluded;DNS.688 = x687.test +excluded;DNS.689 = x688.test +excluded;DNS.690 = x689.test +excluded;DNS.691 = x690.test +excluded;DNS.692 = x691.test +excluded;DNS.693 = x692.test +excluded;DNS.694 = x693.test +excluded;DNS.695 = x694.test +excluded;DNS.696 = x695.test +excluded;DNS.697 = x696.test +excluded;DNS.698 = x697.test +excluded;DNS.699 = x698.test +excluded;DNS.700 = x699.test +excluded;DNS.701 = x700.test +excluded;DNS.702 = x701.test +excluded;DNS.703 = x702.test +excluded;DNS.704 = x703.test +excluded;DNS.705 = x704.test +excluded;DNS.706 = x705.test +excluded;DNS.707 = x706.test +excluded;DNS.708 = x707.test +excluded;DNS.709 = x708.test +excluded;DNS.710 = x709.test +excluded;DNS.711 = x710.test +excluded;DNS.712 = x711.test +excluded;DNS.713 = x712.test +excluded;DNS.714 = x713.test +excluded;DNS.715 = x714.test +excluded;DNS.716 = x715.test +excluded;DNS.717 = x716.test +excluded;DNS.718 = x717.test +excluded;DNS.719 = x718.test +excluded;DNS.720 = x719.test +excluded;DNS.721 = x720.test +excluded;DNS.722 = x721.test +excluded;DNS.723 = x722.test +excluded;DNS.724 = x723.test +excluded;DNS.725 = x724.test +excluded;DNS.726 = x725.test +excluded;DNS.727 = x726.test +excluded;DNS.728 = x727.test +excluded;DNS.729 = x728.test +excluded;DNS.730 = x729.test +excluded;DNS.731 = x730.test +excluded;DNS.732 = x731.test +excluded;DNS.733 = x732.test +excluded;DNS.734 = x733.test +excluded;DNS.735 = x734.test +excluded;DNS.736 = x735.test +excluded;DNS.737 = x736.test +excluded;DNS.738 = x737.test +excluded;DNS.739 = x738.test +excluded;DNS.740 = x739.test +excluded;DNS.741 = x740.test +excluded;DNS.742 = x741.test +excluded;DNS.743 = x742.test +excluded;DNS.744 = x743.test +excluded;DNS.745 = x744.test +excluded;DNS.746 = x745.test +excluded;DNS.747 = x746.test +excluded;DNS.748 = x747.test +excluded;DNS.749 = x748.test +excluded;DNS.750 = x749.test +excluded;DNS.751 = x750.test +excluded;DNS.752 = x751.test +excluded;DNS.753 = x752.test +excluded;DNS.754 = x753.test +excluded;DNS.755 = x754.test +excluded;DNS.756 = x755.test +excluded;DNS.757 = x756.test +excluded;DNS.758 = x757.test +excluded;DNS.759 = x758.test +excluded;DNS.760 = x759.test +excluded;DNS.761 = x760.test +excluded;DNS.762 = x761.test +excluded;DNS.763 = x762.test +excluded;DNS.764 = x763.test +excluded;DNS.765 = x764.test +excluded;DNS.766 = x765.test +excluded;DNS.767 = x766.test +excluded;DNS.768 = x767.test +excluded;DNS.769 = x768.test +excluded;DNS.770 = x769.test +excluded;DNS.771 = x770.test +excluded;DNS.772 = x771.test +excluded;DNS.773 = x772.test +excluded;DNS.774 = x773.test +excluded;DNS.775 = x774.test +excluded;DNS.776 = x775.test +excluded;DNS.777 = x776.test +excluded;DNS.778 = x777.test +excluded;DNS.779 = x778.test +excluded;DNS.780 = x779.test +excluded;DNS.781 = x780.test +excluded;DNS.782 = x781.test +excluded;DNS.783 = x782.test +excluded;DNS.784 = x783.test +excluded;DNS.785 = x784.test +excluded;DNS.786 = x785.test +excluded;DNS.787 = x786.test +excluded;DNS.788 = x787.test +excluded;DNS.789 = x788.test +excluded;DNS.790 = x789.test +excluded;DNS.791 = x790.test +excluded;DNS.792 = x791.test +excluded;DNS.793 = x792.test +excluded;DNS.794 = x793.test +excluded;DNS.795 = x794.test +excluded;DNS.796 = x795.test +excluded;DNS.797 = x796.test +excluded;DNS.798 = x797.test +excluded;DNS.799 = x798.test +excluded;DNS.800 = x799.test +excluded;DNS.801 = x800.test +excluded;DNS.802 = x801.test +excluded;DNS.803 = x802.test +excluded;DNS.804 = x803.test +excluded;DNS.805 = x804.test +excluded;DNS.806 = x805.test +excluded;DNS.807 = x806.test +excluded;DNS.808 = x807.test +excluded;DNS.809 = x808.test +excluded;DNS.810 = x809.test +excluded;DNS.811 = x810.test +excluded;DNS.812 = x811.test +excluded;DNS.813 = x812.test +excluded;DNS.814 = x813.test +excluded;DNS.815 = x814.test +excluded;DNS.816 = x815.test +excluded;DNS.817 = x816.test +excluded;DNS.818 = x817.test +excluded;DNS.819 = x818.test +excluded;DNS.820 = x819.test +excluded;DNS.821 = x820.test +excluded;DNS.822 = x821.test +excluded;DNS.823 = x822.test +excluded;DNS.824 = x823.test +excluded;DNS.825 = x824.test +excluded;DNS.826 = x825.test +excluded;DNS.827 = x826.test +excluded;DNS.828 = x827.test +excluded;DNS.829 = x828.test +excluded;DNS.830 = x829.test +excluded;DNS.831 = x830.test +excluded;DNS.832 = x831.test +excluded;DNS.833 = x832.test +excluded;DNS.834 = x833.test +excluded;DNS.835 = x834.test +excluded;DNS.836 = x835.test +excluded;DNS.837 = x836.test +excluded;DNS.838 = x837.test +excluded;DNS.839 = x838.test +excluded;DNS.840 = x839.test +excluded;DNS.841 = x840.test +excluded;DNS.842 = x841.test +excluded;DNS.843 = x842.test +excluded;DNS.844 = x843.test +excluded;DNS.845 = x844.test +excluded;DNS.846 = x845.test +excluded;DNS.847 = x846.test +excluded;DNS.848 = x847.test +excluded;DNS.849 = x848.test +excluded;DNS.850 = x849.test +excluded;DNS.851 = x850.test +excluded;DNS.852 = x851.test +excluded;DNS.853 = x852.test +excluded;DNS.854 = x853.test +excluded;DNS.855 = x854.test +excluded;DNS.856 = x855.test +excluded;DNS.857 = x856.test +excluded;DNS.858 = x857.test +excluded;DNS.859 = x858.test +excluded;DNS.860 = x859.test +excluded;DNS.861 = x860.test +excluded;DNS.862 = x861.test +excluded;DNS.863 = x862.test +excluded;DNS.864 = x863.test +excluded;DNS.865 = x864.test +excluded;DNS.866 = x865.test +excluded;DNS.867 = x866.test +excluded;DNS.868 = x867.test +excluded;DNS.869 = x868.test +excluded;DNS.870 = x869.test +excluded;DNS.871 = x870.test +excluded;DNS.872 = x871.test +excluded;DNS.873 = x872.test +excluded;DNS.874 = x873.test +excluded;DNS.875 = x874.test +excluded;DNS.876 = x875.test +excluded;DNS.877 = x876.test +excluded;DNS.878 = x877.test +excluded;DNS.879 = x878.test +excluded;DNS.880 = x879.test +excluded;DNS.881 = x880.test +excluded;DNS.882 = x881.test +excluded;DNS.883 = x882.test +excluded;DNS.884 = x883.test +excluded;DNS.885 = x884.test +excluded;DNS.886 = x885.test +excluded;DNS.887 = x886.test +excluded;DNS.888 = x887.test +excluded;DNS.889 = x888.test +excluded;DNS.890 = x889.test +excluded;DNS.891 = x890.test +excluded;DNS.892 = x891.test +excluded;DNS.893 = x892.test +excluded;DNS.894 = x893.test +excluded;DNS.895 = x894.test +excluded;DNS.896 = x895.test +excluded;DNS.897 = x896.test +excluded;DNS.898 = x897.test +excluded;DNS.899 = x898.test +excluded;DNS.900 = x899.test +excluded;DNS.901 = x900.test +excluded;DNS.902 = x901.test +excluded;DNS.903 = x902.test +excluded;DNS.904 = x903.test +excluded;DNS.905 = x904.test +excluded;DNS.906 = x905.test +excluded;DNS.907 = x906.test +excluded;DNS.908 = x907.test +excluded;DNS.909 = x908.test +excluded;DNS.910 = x909.test +excluded;DNS.911 = x910.test +excluded;DNS.912 = x911.test +excluded;DNS.913 = x912.test +excluded;DNS.914 = x913.test +excluded;DNS.915 = x914.test +excluded;DNS.916 = x915.test +excluded;DNS.917 = x916.test +excluded;DNS.918 = x917.test +excluded;DNS.919 = x918.test +excluded;DNS.920 = x919.test +excluded;DNS.921 = x920.test +excluded;DNS.922 = x921.test +excluded;DNS.923 = x922.test +excluded;DNS.924 = x923.test +excluded;DNS.925 = x924.test +excluded;DNS.926 = x925.test +excluded;DNS.927 = x926.test +excluded;DNS.928 = x927.test +excluded;DNS.929 = x928.test +excluded;DNS.930 = x929.test +excluded;DNS.931 = x930.test +excluded;DNS.932 = x931.test +excluded;DNS.933 = x932.test +excluded;DNS.934 = x933.test +excluded;DNS.935 = x934.test +excluded;DNS.936 = x935.test +excluded;DNS.937 = x936.test +excluded;DNS.938 = x937.test +excluded;DNS.939 = x938.test +excluded;DNS.940 = x939.test +excluded;DNS.941 = x940.test +excluded;DNS.942 = x941.test +excluded;DNS.943 = x942.test +excluded;DNS.944 = x943.test +excluded;DNS.945 = x944.test +excluded;DNS.946 = x945.test +excluded;DNS.947 = x946.test +excluded;DNS.948 = x947.test +excluded;DNS.949 = x948.test +excluded;DNS.950 = x949.test +excluded;DNS.951 = x950.test +excluded;DNS.952 = x951.test +excluded;DNS.953 = x952.test +excluded;DNS.954 = x953.test +excluded;DNS.955 = x954.test +excluded;DNS.956 = x955.test +excluded;DNS.957 = x956.test +excluded;DNS.958 = x957.test +excluded;DNS.959 = x958.test +excluded;DNS.960 = x959.test +excluded;DNS.961 = x960.test +excluded;DNS.962 = x961.test +excluded;DNS.963 = x962.test +excluded;DNS.964 = x963.test +excluded;DNS.965 = x964.test +excluded;DNS.966 = x965.test +excluded;DNS.967 = x966.test +excluded;DNS.968 = x967.test +excluded;DNS.969 = x968.test +excluded;DNS.970 = x969.test +excluded;DNS.971 = x970.test +excluded;DNS.972 = x971.test +excluded;DNS.973 = x972.test +excluded;DNS.974 = x973.test +excluded;DNS.975 = x974.test +excluded;DNS.976 = x975.test +excluded;DNS.977 = x976.test +excluded;DNS.978 = x977.test +excluded;DNS.979 = x978.test +excluded;DNS.980 = x979.test +excluded;DNS.981 = x980.test +excluded;DNS.982 = x981.test +excluded;DNS.983 = x982.test +excluded;DNS.984 = x983.test +excluded;DNS.985 = x984.test +excluded;DNS.986 = x985.test +excluded;DNS.987 = x986.test +excluded;DNS.988 = x987.test +excluded;DNS.989 = x988.test +excluded;DNS.990 = x989.test +excluded;DNS.991 = x990.test +excluded;DNS.992 = x991.test +excluded;DNS.993 = x992.test +excluded;DNS.994 = x993.test +excluded;DNS.995 = x994.test +excluded;DNS.996 = x995.test +excluded;DNS.997 = x996.test +excluded;DNS.998 = x997.test +excluded;DNS.999 = x998.test +excluded;DNS.1000 = x999.test +excluded;DNS.1001 = x1000.test +excluded;DNS.1002 = x1001.test +excluded;DNS.1003 = x1002.test +excluded;DNS.1004 = x1003.test +excluded;DNS.1005 = x1004.test +excluded;DNS.1006 = x1005.test +excluded;DNS.1007 = x1006.test +excluded;DNS.1008 = x1007.test +excluded;DNS.1009 = x1008.test +excluded;DNS.1010 = x1009.test +excluded;DNS.1011 = x1010.test +excluded;DNS.1012 = x1011.test +excluded;DNS.1013 = x1012.test +excluded;DNS.1014 = x1013.test +excluded;DNS.1015 = x1014.test +excluded;DNS.1016 = x1015.test +excluded;DNS.1017 = x1016.test +excluded;DNS.1018 = x1017.test +excluded;DNS.1019 = x1018.test +excluded;DNS.1020 = x1019.test +excluded;DNS.1021 = x1020.test +excluded;DNS.1022 = x1021.test +excluded;DNS.1023 = x1022.test +excluded;DNS.1024 = x1023.test +excluded;DNS.1025 = x1024.test + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.csr new file mode 100644 index 0000000000..8e850353e1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.csr @@ -0,0 +1,293 @@ +-----BEGIN CERTIFICATE REQUEST----- +MII2gjCCNWoCAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoII0JDCC +NCAGCSqGSIb3DQEJDjGCNBEwgjQNMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCM8kGA1UdHgSC +M8AwgjO8oYIzuDAJggd4MC50ZXN0MAmCB3gxLnRlc3QwCYIHeDIudGVzdDAJggd4 +My50ZXN0MAmCB3g0LnRlc3QwCYIHeDUudGVzdDAJggd4Ni50ZXN0MAmCB3g3LnRl +c3QwCYIHeDgudGVzdDAJggd4OS50ZXN0MAqCCHgxMC50ZXN0MAqCCHgxMS50ZXN0 +MAqCCHgxMi50ZXN0MAqCCHgxMy50ZXN0MAqCCHgxNC50ZXN0MAqCCHgxNS50ZXN0 +MAqCCHgxNi50ZXN0MAqCCHgxNy50ZXN0MAqCCHgxOC50ZXN0MAqCCHgxOS50ZXN0 +MAqCCHgyMC50ZXN0MAqCCHgyMS50ZXN0MAqCCHgyMi50ZXN0MAqCCHgyMy50ZXN0 +MAqCCHgyNC50ZXN0MAqCCHgyNS50ZXN0MAqCCHgyNi50ZXN0MAqCCHgyNy50ZXN0 +MAqCCHgyOC50ZXN0MAqCCHgyOS50ZXN0MAqCCHgzMC50ZXN0MAqCCHgzMS50ZXN0 +MAqCCHgzMi50ZXN0MAqCCHgzMy50ZXN0MAqCCHgzNC50ZXN0MAqCCHgzNS50ZXN0 +MAqCCHgzNi50ZXN0MAqCCHgzNy50ZXN0MAqCCHgzOC50ZXN0MAqCCHgzOS50ZXN0 +MAqCCHg0MC50ZXN0MAqCCHg0MS50ZXN0MAqCCHg0Mi50ZXN0MAqCCHg0My50ZXN0 +MAqCCHg0NC50ZXN0MAqCCHg0NS50ZXN0MAqCCHg0Ni50ZXN0MAqCCHg0Ny50ZXN0 +MAqCCHg0OC50ZXN0MAqCCHg0OS50ZXN0MAqCCHg1MC50ZXN0MAqCCHg1MS50ZXN0 +MAqCCHg1Mi50ZXN0MAqCCHg1My50ZXN0MAqCCHg1NC50ZXN0MAqCCHg1NS50ZXN0 +MAqCCHg1Ni50ZXN0MAqCCHg1Ny50ZXN0MAqCCHg1OC50ZXN0MAqCCHg1OS50ZXN0 +MAqCCHg2MC50ZXN0MAqCCHg2MS50ZXN0MAqCCHg2Mi50ZXN0MAqCCHg2My50ZXN0 +MAqCCHg2NC50ZXN0MAqCCHg2NS50ZXN0MAqCCHg2Ni50ZXN0MAqCCHg2Ny50ZXN0 +MAqCCHg2OC50ZXN0MAqCCHg2OS50ZXN0MAqCCHg3MC50ZXN0MAqCCHg3MS50ZXN0 +MAqCCHg3Mi50ZXN0MAqCCHg3My50ZXN0MAqCCHg3NC50ZXN0MAqCCHg3NS50ZXN0 +MAqCCHg3Ni50ZXN0MAqCCHg3Ny50ZXN0MAqCCHg3OC50ZXN0MAqCCHg3OS50ZXN0 +MAqCCHg4MC50ZXN0MAqCCHg4MS50ZXN0MAqCCHg4Mi50ZXN0MAqCCHg4My50ZXN0 +MAqCCHg4NC50ZXN0MAqCCHg4NS50ZXN0MAqCCHg4Ni50ZXN0MAqCCHg4Ny50ZXN0 +MAqCCHg4OC50ZXN0MAqCCHg4OS50ZXN0MAqCCHg5MC50ZXN0MAqCCHg5MS50ZXN0 +MAqCCHg5Mi50ZXN0MAqCCHg5My50ZXN0MAqCCHg5NC50ZXN0MAqCCHg5NS50ZXN0 +MAqCCHg5Ni50ZXN0MAqCCHg5Ny50ZXN0MAqCCHg5OC50ZXN0MAqCCHg5OS50ZXN0 +MAuCCXgxMDAudGVzdDALggl4MTAxLnRlc3QwC4IJeDEwMi50ZXN0MAuCCXgxMDMu +dGVzdDALggl4MTA0LnRlc3QwC4IJeDEwNS50ZXN0MAuCCXgxMDYudGVzdDALggl4 +MTA3LnRlc3QwC4IJeDEwOC50ZXN0MAuCCXgxMDkudGVzdDALggl4MTEwLnRlc3Qw +C4IJeDExMS50ZXN0MAuCCXgxMTIudGVzdDALggl4MTEzLnRlc3QwC4IJeDExNC50 +ZXN0MAuCCXgxMTUudGVzdDALggl4MTE2LnRlc3QwC4IJeDExNy50ZXN0MAuCCXgx +MTgudGVzdDALggl4MTE5LnRlc3QwC4IJeDEyMC50ZXN0MAuCCXgxMjEudGVzdDAL +ggl4MTIyLnRlc3QwC4IJeDEyMy50ZXN0MAuCCXgxMjQudGVzdDALggl4MTI1LnRl +c3QwC4IJeDEyNi50ZXN0MAuCCXgxMjcudGVzdDALggl4MTI4LnRlc3QwC4IJeDEy +OS50ZXN0MAuCCXgxMzAudGVzdDALggl4MTMxLnRlc3QwC4IJeDEzMi50ZXN0MAuC +CXgxMzMudGVzdDALggl4MTM0LnRlc3QwC4IJeDEzNS50ZXN0MAuCCXgxMzYudGVz +dDALggl4MTM3LnRlc3QwC4IJeDEzOC50ZXN0MAuCCXgxMzkudGVzdDALggl4MTQw +LnRlc3QwC4IJeDE0MS50ZXN0MAuCCXgxNDIudGVzdDALggl4MTQzLnRlc3QwC4IJ +eDE0NC50ZXN0MAuCCXgxNDUudGVzdDALggl4MTQ2LnRlc3QwC4IJeDE0Ny50ZXN0 +MAuCCXgxNDgudGVzdDALggl4MTQ5LnRlc3QwC4IJeDE1MC50ZXN0MAuCCXgxNTEu +dGVzdDALggl4MTUyLnRlc3QwC4IJeDE1My50ZXN0MAuCCXgxNTQudGVzdDALggl4 +MTU1LnRlc3QwC4IJeDE1Ni50ZXN0MAuCCXgxNTcudGVzdDALggl4MTU4LnRlc3Qw +C4IJeDE1OS50ZXN0MAuCCXgxNjAudGVzdDALggl4MTYxLnRlc3QwC4IJeDE2Mi50 +ZXN0MAuCCXgxNjMudGVzdDALggl4MTY0LnRlc3QwC4IJeDE2NS50ZXN0MAuCCXgx +NjYudGVzdDALggl4MTY3LnRlc3QwC4IJeDE2OC50ZXN0MAuCCXgxNjkudGVzdDAL +ggl4MTcwLnRlc3QwC4IJeDE3MS50ZXN0MAuCCXgxNzIudGVzdDALggl4MTczLnRl +c3QwC4IJeDE3NC50ZXN0MAuCCXgxNzUudGVzdDALggl4MTc2LnRlc3QwC4IJeDE3 +Ny50ZXN0MAuCCXgxNzgudGVzdDALggl4MTc5LnRlc3QwC4IJeDE4MC50ZXN0MAuC +CXgxODEudGVzdDALggl4MTgyLnRlc3QwC4IJeDE4My50ZXN0MAuCCXgxODQudGVz +dDALggl4MTg1LnRlc3QwC4IJeDE4Ni50ZXN0MAuCCXgxODcudGVzdDALggl4MTg4 +LnRlc3QwC4IJeDE4OS50ZXN0MAuCCXgxOTAudGVzdDALggl4MTkxLnRlc3QwC4IJ +eDE5Mi50ZXN0MAuCCXgxOTMudGVzdDALggl4MTk0LnRlc3QwC4IJeDE5NS50ZXN0 +MAuCCXgxOTYudGVzdDALggl4MTk3LnRlc3QwC4IJeDE5OC50ZXN0MAuCCXgxOTku +dGVzdDALggl4MjAwLnRlc3QwC4IJeDIwMS50ZXN0MAuCCXgyMDIudGVzdDALggl4 +MjAzLnRlc3QwC4IJeDIwNC50ZXN0MAuCCXgyMDUudGVzdDALggl4MjA2LnRlc3Qw +C4IJeDIwNy50ZXN0MAuCCXgyMDgudGVzdDALggl4MjA5LnRlc3QwC4IJeDIxMC50 +ZXN0MAuCCXgyMTEudGVzdDALggl4MjEyLnRlc3QwC4IJeDIxMy50ZXN0MAuCCXgy +MTQudGVzdDALggl4MjE1LnRlc3QwC4IJeDIxNi50ZXN0MAuCCXgyMTcudGVzdDAL +ggl4MjE4LnRlc3QwC4IJeDIxOS50ZXN0MAuCCXgyMjAudGVzdDALggl4MjIxLnRl +c3QwC4IJeDIyMi50ZXN0MAuCCXgyMjMudGVzdDALggl4MjI0LnRlc3QwC4IJeDIy +NS50ZXN0MAuCCXgyMjYudGVzdDALggl4MjI3LnRlc3QwC4IJeDIyOC50ZXN0MAuC +CXgyMjkudGVzdDALggl4MjMwLnRlc3QwC4IJeDIzMS50ZXN0MAuCCXgyMzIudGVz +dDALggl4MjMzLnRlc3QwC4IJeDIzNC50ZXN0MAuCCXgyMzUudGVzdDALggl4MjM2 +LnRlc3QwC4IJeDIzNy50ZXN0MAuCCXgyMzgudGVzdDALggl4MjM5LnRlc3QwC4IJ +eDI0MC50ZXN0MAuCCXgyNDEudGVzdDALggl4MjQyLnRlc3QwC4IJeDI0My50ZXN0 +MAuCCXgyNDQudGVzdDALggl4MjQ1LnRlc3QwC4IJeDI0Ni50ZXN0MAuCCXgyNDcu +dGVzdDALggl4MjQ4LnRlc3QwC4IJeDI0OS50ZXN0MAuCCXgyNTAudGVzdDALggl4 +MjUxLnRlc3QwC4IJeDI1Mi50ZXN0MAuCCXgyNTMudGVzdDALggl4MjU0LnRlc3Qw +C4IJeDI1NS50ZXN0MAuCCXgyNTYudGVzdDALggl4MjU3LnRlc3QwC4IJeDI1OC50 +ZXN0MAuCCXgyNTkudGVzdDALggl4MjYwLnRlc3QwC4IJeDI2MS50ZXN0MAuCCXgy +NjIudGVzdDALggl4MjYzLnRlc3QwC4IJeDI2NC50ZXN0MAuCCXgyNjUudGVzdDAL +ggl4MjY2LnRlc3QwC4IJeDI2Ny50ZXN0MAuCCXgyNjgudGVzdDALggl4MjY5LnRl +c3QwC4IJeDI3MC50ZXN0MAuCCXgyNzEudGVzdDALggl4MjcyLnRlc3QwC4IJeDI3 +My50ZXN0MAuCCXgyNzQudGVzdDALggl4Mjc1LnRlc3QwC4IJeDI3Ni50ZXN0MAuC +CXgyNzcudGVzdDALggl4Mjc4LnRlc3QwC4IJeDI3OS50ZXN0MAuCCXgyODAudGVz +dDALggl4MjgxLnRlc3QwC4IJeDI4Mi50ZXN0MAuCCXgyODMudGVzdDALggl4Mjg0 +LnRlc3QwC4IJeDI4NS50ZXN0MAuCCXgyODYudGVzdDALggl4Mjg3LnRlc3QwC4IJ +eDI4OC50ZXN0MAuCCXgyODkudGVzdDALggl4MjkwLnRlc3QwC4IJeDI5MS50ZXN0 +MAuCCXgyOTIudGVzdDALggl4MjkzLnRlc3QwC4IJeDI5NC50ZXN0MAuCCXgyOTUu +dGVzdDALggl4Mjk2LnRlc3QwC4IJeDI5Ny50ZXN0MAuCCXgyOTgudGVzdDALggl4 +Mjk5LnRlc3QwC4IJeDMwMC50ZXN0MAuCCXgzMDEudGVzdDALggl4MzAyLnRlc3Qw +C4IJeDMwMy50ZXN0MAuCCXgzMDQudGVzdDALggl4MzA1LnRlc3QwC4IJeDMwNi50 +ZXN0MAuCCXgzMDcudGVzdDALggl4MzA4LnRlc3QwC4IJeDMwOS50ZXN0MAuCCXgz +MTAudGVzdDALggl4MzExLnRlc3QwC4IJeDMxMi50ZXN0MAuCCXgzMTMudGVzdDAL +ggl4MzE0LnRlc3QwC4IJeDMxNS50ZXN0MAuCCXgzMTYudGVzdDALggl4MzE3LnRl +c3QwC4IJeDMxOC50ZXN0MAuCCXgzMTkudGVzdDALggl4MzIwLnRlc3QwC4IJeDMy +MS50ZXN0MAuCCXgzMjIudGVzdDALggl4MzIzLnRlc3QwC4IJeDMyNC50ZXN0MAuC +CXgzMjUudGVzdDALggl4MzI2LnRlc3QwC4IJeDMyNy50ZXN0MAuCCXgzMjgudGVz +dDALggl4MzI5LnRlc3QwC4IJeDMzMC50ZXN0MAuCCXgzMzEudGVzdDALggl4MzMy +LnRlc3QwC4IJeDMzMy50ZXN0MAuCCXgzMzQudGVzdDALggl4MzM1LnRlc3QwC4IJ +eDMzNi50ZXN0MAuCCXgzMzcudGVzdDALggl4MzM4LnRlc3QwC4IJeDMzOS50ZXN0 +MAuCCXgzNDAudGVzdDALggl4MzQxLnRlc3QwC4IJeDM0Mi50ZXN0MAuCCXgzNDMu +dGVzdDALggl4MzQ0LnRlc3QwC4IJeDM0NS50ZXN0MAuCCXgzNDYudGVzdDALggl4 +MzQ3LnRlc3QwC4IJeDM0OC50ZXN0MAuCCXgzNDkudGVzdDALggl4MzUwLnRlc3Qw +C4IJeDM1MS50ZXN0MAuCCXgzNTIudGVzdDALggl4MzUzLnRlc3QwC4IJeDM1NC50 +ZXN0MAuCCXgzNTUudGVzdDALggl4MzU2LnRlc3QwC4IJeDM1Ny50ZXN0MAuCCXgz +NTgudGVzdDALggl4MzU5LnRlc3QwC4IJeDM2MC50ZXN0MAuCCXgzNjEudGVzdDAL +ggl4MzYyLnRlc3QwC4IJeDM2My50ZXN0MAuCCXgzNjQudGVzdDALggl4MzY1LnRl +c3QwC4IJeDM2Ni50ZXN0MAuCCXgzNjcudGVzdDALggl4MzY4LnRlc3QwC4IJeDM2 +OS50ZXN0MAuCCXgzNzAudGVzdDALggl4MzcxLnRlc3QwC4IJeDM3Mi50ZXN0MAuC +CXgzNzMudGVzdDALggl4Mzc0LnRlc3QwC4IJeDM3NS50ZXN0MAuCCXgzNzYudGVz +dDALggl4Mzc3LnRlc3QwC4IJeDM3OC50ZXN0MAuCCXgzNzkudGVzdDALggl4Mzgw +LnRlc3QwC4IJeDM4MS50ZXN0MAuCCXgzODIudGVzdDALggl4MzgzLnRlc3QwC4IJ +eDM4NC50ZXN0MAuCCXgzODUudGVzdDALggl4Mzg2LnRlc3QwC4IJeDM4Ny50ZXN0 +MAuCCXgzODgudGVzdDALggl4Mzg5LnRlc3QwC4IJeDM5MC50ZXN0MAuCCXgzOTEu +dGVzdDALggl4MzkyLnRlc3QwC4IJeDM5My50ZXN0MAuCCXgzOTQudGVzdDALggl4 +Mzk1LnRlc3QwC4IJeDM5Ni50ZXN0MAuCCXgzOTcudGVzdDALggl4Mzk4LnRlc3Qw +C4IJeDM5OS50ZXN0MAuCCXg0MDAudGVzdDALggl4NDAxLnRlc3QwC4IJeDQwMi50 +ZXN0MAuCCXg0MDMudGVzdDALggl4NDA0LnRlc3QwC4IJeDQwNS50ZXN0MAuCCXg0 +MDYudGVzdDALggl4NDA3LnRlc3QwC4IJeDQwOC50ZXN0MAuCCXg0MDkudGVzdDAL +ggl4NDEwLnRlc3QwC4IJeDQxMS50ZXN0MAuCCXg0MTIudGVzdDALggl4NDEzLnRl +c3QwC4IJeDQxNC50ZXN0MAuCCXg0MTUudGVzdDALggl4NDE2LnRlc3QwC4IJeDQx +Ny50ZXN0MAuCCXg0MTgudGVzdDALggl4NDE5LnRlc3QwC4IJeDQyMC50ZXN0MAuC +CXg0MjEudGVzdDALggl4NDIyLnRlc3QwC4IJeDQyMy50ZXN0MAuCCXg0MjQudGVz +dDALggl4NDI1LnRlc3QwC4IJeDQyNi50ZXN0MAuCCXg0MjcudGVzdDALggl4NDI4 +LnRlc3QwC4IJeDQyOS50ZXN0MAuCCXg0MzAudGVzdDALggl4NDMxLnRlc3QwC4IJ +eDQzMi50ZXN0MAuCCXg0MzMudGVzdDALggl4NDM0LnRlc3QwC4IJeDQzNS50ZXN0 +MAuCCXg0MzYudGVzdDALggl4NDM3LnRlc3QwC4IJeDQzOC50ZXN0MAuCCXg0Mzku +dGVzdDALggl4NDQwLnRlc3QwC4IJeDQ0MS50ZXN0MAuCCXg0NDIudGVzdDALggl4 +NDQzLnRlc3QwC4IJeDQ0NC50ZXN0MAuCCXg0NDUudGVzdDALggl4NDQ2LnRlc3Qw +C4IJeDQ0Ny50ZXN0MAuCCXg0NDgudGVzdDALggl4NDQ5LnRlc3QwC4IJeDQ1MC50 +ZXN0MAuCCXg0NTEudGVzdDALggl4NDUyLnRlc3QwC4IJeDQ1My50ZXN0MAuCCXg0 +NTQudGVzdDALggl4NDU1LnRlc3QwC4IJeDQ1Ni50ZXN0MAuCCXg0NTcudGVzdDAL +ggl4NDU4LnRlc3QwC4IJeDQ1OS50ZXN0MAuCCXg0NjAudGVzdDALggl4NDYxLnRl +c3QwC4IJeDQ2Mi50ZXN0MAuCCXg0NjMudGVzdDALggl4NDY0LnRlc3QwC4IJeDQ2 +NS50ZXN0MAuCCXg0NjYudGVzdDALggl4NDY3LnRlc3QwC4IJeDQ2OC50ZXN0MAuC +CXg0NjkudGVzdDALggl4NDcwLnRlc3QwC4IJeDQ3MS50ZXN0MAuCCXg0NzIudGVz +dDALggl4NDczLnRlc3QwC4IJeDQ3NC50ZXN0MAuCCXg0NzUudGVzdDALggl4NDc2 +LnRlc3QwC4IJeDQ3Ny50ZXN0MAuCCXg0NzgudGVzdDALggl4NDc5LnRlc3QwC4IJ +eDQ4MC50ZXN0MAuCCXg0ODEudGVzdDALggl4NDgyLnRlc3QwC4IJeDQ4My50ZXN0 +MAuCCXg0ODQudGVzdDALggl4NDg1LnRlc3QwC4IJeDQ4Ni50ZXN0MAuCCXg0ODcu +dGVzdDALggl4NDg4LnRlc3QwC4IJeDQ4OS50ZXN0MAuCCXg0OTAudGVzdDALggl4 +NDkxLnRlc3QwC4IJeDQ5Mi50ZXN0MAuCCXg0OTMudGVzdDALggl4NDk0LnRlc3Qw +C4IJeDQ5NS50ZXN0MAuCCXg0OTYudGVzdDALggl4NDk3LnRlc3QwC4IJeDQ5OC50 +ZXN0MAuCCXg0OTkudGVzdDALggl4NTAwLnRlc3QwC4IJeDUwMS50ZXN0MAuCCXg1 +MDIudGVzdDALggl4NTAzLnRlc3QwC4IJeDUwNC50ZXN0MAuCCXg1MDUudGVzdDAL +ggl4NTA2LnRlc3QwC4IJeDUwNy50ZXN0MAuCCXg1MDgudGVzdDALggl4NTA5LnRl +c3QwC4IJeDUxMC50ZXN0MAuCCXg1MTEudGVzdDALggl4NTEyLnRlc3QwC4IJeDUx +My50ZXN0MAuCCXg1MTQudGVzdDALggl4NTE1LnRlc3QwC4IJeDUxNi50ZXN0MAuC +CXg1MTcudGVzdDALggl4NTE4LnRlc3QwC4IJeDUxOS50ZXN0MAuCCXg1MjAudGVz +dDALggl4NTIxLnRlc3QwC4IJeDUyMi50ZXN0MAuCCXg1MjMudGVzdDALggl4NTI0 +LnRlc3QwC4IJeDUyNS50ZXN0MAuCCXg1MjYudGVzdDALggl4NTI3LnRlc3QwC4IJ +eDUyOC50ZXN0MAuCCXg1MjkudGVzdDALggl4NTMwLnRlc3QwC4IJeDUzMS50ZXN0 +MAuCCXg1MzIudGVzdDALggl4NTMzLnRlc3QwC4IJeDUzNC50ZXN0MAuCCXg1MzUu +dGVzdDALggl4NTM2LnRlc3QwC4IJeDUzNy50ZXN0MAuCCXg1MzgudGVzdDALggl4 +NTM5LnRlc3QwC4IJeDU0MC50ZXN0MAuCCXg1NDEudGVzdDALggl4NTQyLnRlc3Qw +C4IJeDU0My50ZXN0MAuCCXg1NDQudGVzdDALggl4NTQ1LnRlc3QwC4IJeDU0Ni50 +ZXN0MAuCCXg1NDcudGVzdDALggl4NTQ4LnRlc3QwC4IJeDU0OS50ZXN0MAuCCXg1 +NTAudGVzdDALggl4NTUxLnRlc3QwC4IJeDU1Mi50ZXN0MAuCCXg1NTMudGVzdDAL +ggl4NTU0LnRlc3QwC4IJeDU1NS50ZXN0MAuCCXg1NTYudGVzdDALggl4NTU3LnRl +c3QwC4IJeDU1OC50ZXN0MAuCCXg1NTkudGVzdDALggl4NTYwLnRlc3QwC4IJeDU2 +MS50ZXN0MAuCCXg1NjIudGVzdDALggl4NTYzLnRlc3QwC4IJeDU2NC50ZXN0MAuC +CXg1NjUudGVzdDALggl4NTY2LnRlc3QwC4IJeDU2Ny50ZXN0MAuCCXg1NjgudGVz +dDALggl4NTY5LnRlc3QwC4IJeDU3MC50ZXN0MAuCCXg1NzEudGVzdDALggl4NTcy +LnRlc3QwC4IJeDU3My50ZXN0MAuCCXg1NzQudGVzdDALggl4NTc1LnRlc3QwC4IJ +eDU3Ni50ZXN0MAuCCXg1NzcudGVzdDALggl4NTc4LnRlc3QwC4IJeDU3OS50ZXN0 +MAuCCXg1ODAudGVzdDALggl4NTgxLnRlc3QwC4IJeDU4Mi50ZXN0MAuCCXg1ODMu +dGVzdDALggl4NTg0LnRlc3QwC4IJeDU4NS50ZXN0MAuCCXg1ODYudGVzdDALggl4 +NTg3LnRlc3QwC4IJeDU4OC50ZXN0MAuCCXg1ODkudGVzdDALggl4NTkwLnRlc3Qw +C4IJeDU5MS50ZXN0MAuCCXg1OTIudGVzdDALggl4NTkzLnRlc3QwC4IJeDU5NC50 +ZXN0MAuCCXg1OTUudGVzdDALggl4NTk2LnRlc3QwC4IJeDU5Ny50ZXN0MAuCCXg1 +OTgudGVzdDALggl4NTk5LnRlc3QwC4IJeDYwMC50ZXN0MAuCCXg2MDEudGVzdDAL +ggl4NjAyLnRlc3QwC4IJeDYwMy50ZXN0MAuCCXg2MDQudGVzdDALggl4NjA1LnRl +c3QwC4IJeDYwNi50ZXN0MAuCCXg2MDcudGVzdDALggl4NjA4LnRlc3QwC4IJeDYw +OS50ZXN0MAuCCXg2MTAudGVzdDALggl4NjExLnRlc3QwC4IJeDYxMi50ZXN0MAuC +CXg2MTMudGVzdDALggl4NjE0LnRlc3QwC4IJeDYxNS50ZXN0MAuCCXg2MTYudGVz +dDALggl4NjE3LnRlc3QwC4IJeDYxOC50ZXN0MAuCCXg2MTkudGVzdDALggl4NjIw +LnRlc3QwC4IJeDYyMS50ZXN0MAuCCXg2MjIudGVzdDALggl4NjIzLnRlc3QwC4IJ +eDYyNC50ZXN0MAuCCXg2MjUudGVzdDALggl4NjI2LnRlc3QwC4IJeDYyNy50ZXN0 +MAuCCXg2MjgudGVzdDALggl4NjI5LnRlc3QwC4IJeDYzMC50ZXN0MAuCCXg2MzEu +dGVzdDALggl4NjMyLnRlc3QwC4IJeDYzMy50ZXN0MAuCCXg2MzQudGVzdDALggl4 +NjM1LnRlc3QwC4IJeDYzNi50ZXN0MAuCCXg2MzcudGVzdDALggl4NjM4LnRlc3Qw +C4IJeDYzOS50ZXN0MAuCCXg2NDAudGVzdDALggl4NjQxLnRlc3QwC4IJeDY0Mi50 +ZXN0MAuCCXg2NDMudGVzdDALggl4NjQ0LnRlc3QwC4IJeDY0NS50ZXN0MAuCCXg2 +NDYudGVzdDALggl4NjQ3LnRlc3QwC4IJeDY0OC50ZXN0MAuCCXg2NDkudGVzdDAL +ggl4NjUwLnRlc3QwC4IJeDY1MS50ZXN0MAuCCXg2NTIudGVzdDALggl4NjUzLnRl +c3QwC4IJeDY1NC50ZXN0MAuCCXg2NTUudGVzdDALggl4NjU2LnRlc3QwC4IJeDY1 +Ny50ZXN0MAuCCXg2NTgudGVzdDALggl4NjU5LnRlc3QwC4IJeDY2MC50ZXN0MAuC +CXg2NjEudGVzdDALggl4NjYyLnRlc3QwC4IJeDY2My50ZXN0MAuCCXg2NjQudGVz +dDALggl4NjY1LnRlc3QwC4IJeDY2Ni50ZXN0MAuCCXg2NjcudGVzdDALggl4NjY4 +LnRlc3QwC4IJeDY2OS50ZXN0MAuCCXg2NzAudGVzdDALggl4NjcxLnRlc3QwC4IJ +eDY3Mi50ZXN0MAuCCXg2NzMudGVzdDALggl4Njc0LnRlc3QwC4IJeDY3NS50ZXN0 +MAuCCXg2NzYudGVzdDALggl4Njc3LnRlc3QwC4IJeDY3OC50ZXN0MAuCCXg2Nzku +dGVzdDALggl4NjgwLnRlc3QwC4IJeDY4MS50ZXN0MAuCCXg2ODIudGVzdDALggl4 +NjgzLnRlc3QwC4IJeDY4NC50ZXN0MAuCCXg2ODUudGVzdDALggl4Njg2LnRlc3Qw +C4IJeDY4Ny50ZXN0MAuCCXg2ODgudGVzdDALggl4Njg5LnRlc3QwC4IJeDY5MC50 +ZXN0MAuCCXg2OTEudGVzdDALggl4NjkyLnRlc3QwC4IJeDY5My50ZXN0MAuCCXg2 +OTQudGVzdDALggl4Njk1LnRlc3QwC4IJeDY5Ni50ZXN0MAuCCXg2OTcudGVzdDAL +ggl4Njk4LnRlc3QwC4IJeDY5OS50ZXN0MAuCCXg3MDAudGVzdDALggl4NzAxLnRl +c3QwC4IJeDcwMi50ZXN0MAuCCXg3MDMudGVzdDALggl4NzA0LnRlc3QwC4IJeDcw +NS50ZXN0MAuCCXg3MDYudGVzdDALggl4NzA3LnRlc3QwC4IJeDcwOC50ZXN0MAuC +CXg3MDkudGVzdDALggl4NzEwLnRlc3QwC4IJeDcxMS50ZXN0MAuCCXg3MTIudGVz +dDALggl4NzEzLnRlc3QwC4IJeDcxNC50ZXN0MAuCCXg3MTUudGVzdDALggl4NzE2 +LnRlc3QwC4IJeDcxNy50ZXN0MAuCCXg3MTgudGVzdDALggl4NzE5LnRlc3QwC4IJ +eDcyMC50ZXN0MAuCCXg3MjEudGVzdDALggl4NzIyLnRlc3QwC4IJeDcyMy50ZXN0 +MAuCCXg3MjQudGVzdDALggl4NzI1LnRlc3QwC4IJeDcyNi50ZXN0MAuCCXg3Mjcu +dGVzdDALggl4NzI4LnRlc3QwC4IJeDcyOS50ZXN0MAuCCXg3MzAudGVzdDALggl4 +NzMxLnRlc3QwC4IJeDczMi50ZXN0MAuCCXg3MzMudGVzdDALggl4NzM0LnRlc3Qw +C4IJeDczNS50ZXN0MAuCCXg3MzYudGVzdDALggl4NzM3LnRlc3QwC4IJeDczOC50 +ZXN0MAuCCXg3MzkudGVzdDALggl4NzQwLnRlc3QwC4IJeDc0MS50ZXN0MAuCCXg3 +NDIudGVzdDALggl4NzQzLnRlc3QwC4IJeDc0NC50ZXN0MAuCCXg3NDUudGVzdDAL +ggl4NzQ2LnRlc3QwC4IJeDc0Ny50ZXN0MAuCCXg3NDgudGVzdDALggl4NzQ5LnRl +c3QwC4IJeDc1MC50ZXN0MAuCCXg3NTEudGVzdDALggl4NzUyLnRlc3QwC4IJeDc1 +My50ZXN0MAuCCXg3NTQudGVzdDALggl4NzU1LnRlc3QwC4IJeDc1Ni50ZXN0MAuC +CXg3NTcudGVzdDALggl4NzU4LnRlc3QwC4IJeDc1OS50ZXN0MAuCCXg3NjAudGVz +dDALggl4NzYxLnRlc3QwC4IJeDc2Mi50ZXN0MAuCCXg3NjMudGVzdDALggl4NzY0 +LnRlc3QwC4IJeDc2NS50ZXN0MAuCCXg3NjYudGVzdDALggl4NzY3LnRlc3QwC4IJ +eDc2OC50ZXN0MAuCCXg3NjkudGVzdDALggl4NzcwLnRlc3QwC4IJeDc3MS50ZXN0 +MAuCCXg3NzIudGVzdDALggl4NzczLnRlc3QwC4IJeDc3NC50ZXN0MAuCCXg3NzUu +dGVzdDALggl4Nzc2LnRlc3QwC4IJeDc3Ny50ZXN0MAuCCXg3NzgudGVzdDALggl4 +Nzc5LnRlc3QwC4IJeDc4MC50ZXN0MAuCCXg3ODEudGVzdDALggl4NzgyLnRlc3Qw +C4IJeDc4My50ZXN0MAuCCXg3ODQudGVzdDALggl4Nzg1LnRlc3QwC4IJeDc4Ni50 +ZXN0MAuCCXg3ODcudGVzdDALggl4Nzg4LnRlc3QwC4IJeDc4OS50ZXN0MAuCCXg3 +OTAudGVzdDALggl4NzkxLnRlc3QwC4IJeDc5Mi50ZXN0MAuCCXg3OTMudGVzdDAL +ggl4Nzk0LnRlc3QwC4IJeDc5NS50ZXN0MAuCCXg3OTYudGVzdDALggl4Nzk3LnRl +c3QwC4IJeDc5OC50ZXN0MAuCCXg3OTkudGVzdDALggl4ODAwLnRlc3QwC4IJeDgw +MS50ZXN0MAuCCXg4MDIudGVzdDALggl4ODAzLnRlc3QwC4IJeDgwNC50ZXN0MAuC +CXg4MDUudGVzdDALggl4ODA2LnRlc3QwC4IJeDgwNy50ZXN0MAuCCXg4MDgudGVz +dDALggl4ODA5LnRlc3QwC4IJeDgxMC50ZXN0MAuCCXg4MTEudGVzdDALggl4ODEy +LnRlc3QwC4IJeDgxMy50ZXN0MAuCCXg4MTQudGVzdDALggl4ODE1LnRlc3QwC4IJ +eDgxNi50ZXN0MAuCCXg4MTcudGVzdDALggl4ODE4LnRlc3QwC4IJeDgxOS50ZXN0 +MAuCCXg4MjAudGVzdDALggl4ODIxLnRlc3QwC4IJeDgyMi50ZXN0MAuCCXg4MjMu +dGVzdDALggl4ODI0LnRlc3QwC4IJeDgyNS50ZXN0MAuCCXg4MjYudGVzdDALggl4 +ODI3LnRlc3QwC4IJeDgyOC50ZXN0MAuCCXg4MjkudGVzdDALggl4ODMwLnRlc3Qw +C4IJeDgzMS50ZXN0MAuCCXg4MzIudGVzdDALggl4ODMzLnRlc3QwC4IJeDgzNC50 +ZXN0MAuCCXg4MzUudGVzdDALggl4ODM2LnRlc3QwC4IJeDgzNy50ZXN0MAuCCXg4 +MzgudGVzdDALggl4ODM5LnRlc3QwC4IJeDg0MC50ZXN0MAuCCXg4NDEudGVzdDAL +ggl4ODQyLnRlc3QwC4IJeDg0My50ZXN0MAuCCXg4NDQudGVzdDALggl4ODQ1LnRl +c3QwC4IJeDg0Ni50ZXN0MAuCCXg4NDcudGVzdDALggl4ODQ4LnRlc3QwC4IJeDg0 +OS50ZXN0MAuCCXg4NTAudGVzdDALggl4ODUxLnRlc3QwC4IJeDg1Mi50ZXN0MAuC +CXg4NTMudGVzdDALggl4ODU0LnRlc3QwC4IJeDg1NS50ZXN0MAuCCXg4NTYudGVz +dDALggl4ODU3LnRlc3QwC4IJeDg1OC50ZXN0MAuCCXg4NTkudGVzdDALggl4ODYw +LnRlc3QwC4IJeDg2MS50ZXN0MAuCCXg4NjIudGVzdDALggl4ODYzLnRlc3QwC4IJ +eDg2NC50ZXN0MAuCCXg4NjUudGVzdDALggl4ODY2LnRlc3QwC4IJeDg2Ny50ZXN0 +MAuCCXg4NjgudGVzdDALggl4ODY5LnRlc3QwC4IJeDg3MC50ZXN0MAuCCXg4NzEu +dGVzdDALggl4ODcyLnRlc3QwC4IJeDg3My50ZXN0MAuCCXg4NzQudGVzdDALggl4 +ODc1LnRlc3QwC4IJeDg3Ni50ZXN0MAuCCXg4NzcudGVzdDALggl4ODc4LnRlc3Qw +C4IJeDg3OS50ZXN0MAuCCXg4ODAudGVzdDALggl4ODgxLnRlc3QwC4IJeDg4Mi50 +ZXN0MAuCCXg4ODMudGVzdDALggl4ODg0LnRlc3QwC4IJeDg4NS50ZXN0MAuCCXg4 +ODYudGVzdDALggl4ODg3LnRlc3QwC4IJeDg4OC50ZXN0MAuCCXg4ODkudGVzdDAL +ggl4ODkwLnRlc3QwC4IJeDg5MS50ZXN0MAuCCXg4OTIudGVzdDALggl4ODkzLnRl +c3QwC4IJeDg5NC50ZXN0MAuCCXg4OTUudGVzdDALggl4ODk2LnRlc3QwC4IJeDg5 +Ny50ZXN0MAuCCXg4OTgudGVzdDALggl4ODk5LnRlc3QwC4IJeDkwMC50ZXN0MAuC +CXg5MDEudGVzdDALggl4OTAyLnRlc3QwC4IJeDkwMy50ZXN0MAuCCXg5MDQudGVz +dDALggl4OTA1LnRlc3QwC4IJeDkwNi50ZXN0MAuCCXg5MDcudGVzdDALggl4OTA4 +LnRlc3QwC4IJeDkwOS50ZXN0MAuCCXg5MTAudGVzdDALggl4OTExLnRlc3QwC4IJ +eDkxMi50ZXN0MAuCCXg5MTMudGVzdDALggl4OTE0LnRlc3QwC4IJeDkxNS50ZXN0 +MAuCCXg5MTYudGVzdDALggl4OTE3LnRlc3QwC4IJeDkxOC50ZXN0MAuCCXg5MTku +dGVzdDALggl4OTIwLnRlc3QwC4IJeDkyMS50ZXN0MAuCCXg5MjIudGVzdDALggl4 +OTIzLnRlc3QwC4IJeDkyNC50ZXN0MAuCCXg5MjUudGVzdDALggl4OTI2LnRlc3Qw +C4IJeDkyNy50ZXN0MAuCCXg5MjgudGVzdDALggl4OTI5LnRlc3QwC4IJeDkzMC50 +ZXN0MAuCCXg5MzEudGVzdDALggl4OTMyLnRlc3QwC4IJeDkzMy50ZXN0MAuCCXg5 +MzQudGVzdDALggl4OTM1LnRlc3QwC4IJeDkzNi50ZXN0MAuCCXg5MzcudGVzdDAL +ggl4OTM4LnRlc3QwC4IJeDkzOS50ZXN0MAuCCXg5NDAudGVzdDALggl4OTQxLnRl +c3QwC4IJeDk0Mi50ZXN0MAuCCXg5NDMudGVzdDALggl4OTQ0LnRlc3QwC4IJeDk0 +NS50ZXN0MAuCCXg5NDYudGVzdDALggl4OTQ3LnRlc3QwC4IJeDk0OC50ZXN0MAuC +CXg5NDkudGVzdDALggl4OTUwLnRlc3QwC4IJeDk1MS50ZXN0MAuCCXg5NTIudGVz +dDALggl4OTUzLnRlc3QwC4IJeDk1NC50ZXN0MAuCCXg5NTUudGVzdDALggl4OTU2 +LnRlc3QwC4IJeDk1Ny50ZXN0MAuCCXg5NTgudGVzdDALggl4OTU5LnRlc3QwC4IJ +eDk2MC50ZXN0MAuCCXg5NjEudGVzdDALggl4OTYyLnRlc3QwC4IJeDk2My50ZXN0 +MAuCCXg5NjQudGVzdDALggl4OTY1LnRlc3QwC4IJeDk2Ni50ZXN0MAuCCXg5Njcu +dGVzdDALggl4OTY4LnRlc3QwC4IJeDk2OS50ZXN0MAuCCXg5NzAudGVzdDALggl4 +OTcxLnRlc3QwC4IJeDk3Mi50ZXN0MAuCCXg5NzMudGVzdDALggl4OTc0LnRlc3Qw +C4IJeDk3NS50ZXN0MAuCCXg5NzYudGVzdDALggl4OTc3LnRlc3QwC4IJeDk3OC50 +ZXN0MAuCCXg5NzkudGVzdDALggl4OTgwLnRlc3QwC4IJeDk4MS50ZXN0MAuCCXg5 +ODIudGVzdDALggl4OTgzLnRlc3QwC4IJeDk4NC50ZXN0MAuCCXg5ODUudGVzdDAL +ggl4OTg2LnRlc3QwC4IJeDk4Ny50ZXN0MAuCCXg5ODgudGVzdDALggl4OTg5LnRl +c3QwC4IJeDk5MC50ZXN0MAuCCXg5OTEudGVzdDALggl4OTkyLnRlc3QwC4IJeDk5 +My50ZXN0MAuCCXg5OTQudGVzdDALggl4OTk1LnRlc3QwC4IJeDk5Ni50ZXN0MAuC +CXg5OTcudGVzdDALggl4OTk4LnRlc3QwC4IJeDk5OS50ZXN0MAyCCngxMDAwLnRl +c3QwDIIKeDEwMDEudGVzdDAMggp4MTAwMi50ZXN0MAyCCngxMDAzLnRlc3QwDIIK +eDEwMDQudGVzdDAMggp4MTAwNS50ZXN0MAyCCngxMDA2LnRlc3QwDIIKeDEwMDcu +dGVzdDAMggp4MTAwOC50ZXN0MAyCCngxMDA5LnRlc3QwDIIKeDEwMTAudGVzdDAM +ggp4MTAxMS50ZXN0MAyCCngxMDEyLnRlc3QwDIIKeDEwMTMudGVzdDAMggp4MTAx +NC50ZXN0MAyCCngxMDE1LnRlc3QwDIIKeDEwMTYudGVzdDAMggp4MTAxNy50ZXN0 +MAyCCngxMDE4LnRlc3QwDIIKeDEwMTkudGVzdDAMggp4MTAyMC50ZXN0MAyCCngx +MDIxLnRlc3QwDIIKeDEwMjIudGVzdDAMggp4MTAyMy50ZXN0MAyCCngxMDI0LnRl +c3QwDQYJKoZIhvcNAQELBQADggEBAKzPAsAoWbli0F+2++igOP2Ytfmpa5hB1L6O +xZA/JSsIwxNNO8drnZn31mKh5905Tn30En8d/3RdXDRMUSLA0shp1PrgisZ3U3Ce +nxy+JSZxAKoTTLbL5e3R9nzOMlZ910VERRtV3quruRe/ehFUcDZnluNChSp5PFI2 +gxrUZeWDAAGBtDaF0bzQBTOSV2Ghf4tns6MM8SwALjkh+UaIGLBIJawKLhd4mU3e +7QFJE4dSRWhjBAPSVYEOjvfV7d/K1SALjNDs4N7cQHNYVgPUM1lu8aeJGJeTtp+x +HWWE1vuoYeEjIOpWYBwQROTsvYBFWuIUWJSFCWWSlP9sCBzfxmk= +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.pem new file mode 100644 index 0000000000..186a4023e2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_2.pem @@ -0,0 +1,1394 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + DNS:x170.test + DNS:x171.test + DNS:x172.test + DNS:x173.test + DNS:x174.test + DNS:x175.test + DNS:x176.test + DNS:x177.test + DNS:x178.test + DNS:x179.test + DNS:x180.test + DNS:x181.test + DNS:x182.test + DNS:x183.test + DNS:x184.test + DNS:x185.test + DNS:x186.test + DNS:x187.test + DNS:x188.test + DNS:x189.test + DNS:x190.test + DNS:x191.test + DNS:x192.test + DNS:x193.test + DNS:x194.test + DNS:x195.test + DNS:x196.test + DNS:x197.test + DNS:x198.test + DNS:x199.test + DNS:x200.test + DNS:x201.test + DNS:x202.test + DNS:x203.test + DNS:x204.test + DNS:x205.test + DNS:x206.test + DNS:x207.test + DNS:x208.test + DNS:x209.test + DNS:x210.test + DNS:x211.test + DNS:x212.test + DNS:x213.test + DNS:x214.test + DNS:x215.test + DNS:x216.test + DNS:x217.test + DNS:x218.test + DNS:x219.test + DNS:x220.test + DNS:x221.test + DNS:x222.test + DNS:x223.test + DNS:x224.test + DNS:x225.test + DNS:x226.test + DNS:x227.test + DNS:x228.test + DNS:x229.test + DNS:x230.test + DNS:x231.test + DNS:x232.test + DNS:x233.test + DNS:x234.test + DNS:x235.test + DNS:x236.test + DNS:x237.test + DNS:x238.test + DNS:x239.test + DNS:x240.test + DNS:x241.test + DNS:x242.test + DNS:x243.test + DNS:x244.test + DNS:x245.test + DNS:x246.test + DNS:x247.test + DNS:x248.test + DNS:x249.test + DNS:x250.test + DNS:x251.test + DNS:x252.test + DNS:x253.test + DNS:x254.test + DNS:x255.test + DNS:x256.test + DNS:x257.test + DNS:x258.test + DNS:x259.test + DNS:x260.test + DNS:x261.test + DNS:x262.test + DNS:x263.test + DNS:x264.test + DNS:x265.test + DNS:x266.test + DNS:x267.test + DNS:x268.test + DNS:x269.test + DNS:x270.test + DNS:x271.test + DNS:x272.test + DNS:x273.test + DNS:x274.test + DNS:x275.test + DNS:x276.test + DNS:x277.test + DNS:x278.test + DNS:x279.test + DNS:x280.test + DNS:x281.test + DNS:x282.test + DNS:x283.test + DNS:x284.test + DNS:x285.test + DNS:x286.test + DNS:x287.test + DNS:x288.test + DNS:x289.test + DNS:x290.test + DNS:x291.test + DNS:x292.test + DNS:x293.test + DNS:x294.test + DNS:x295.test + DNS:x296.test + DNS:x297.test + DNS:x298.test + DNS:x299.test + DNS:x300.test + DNS:x301.test + DNS:x302.test + DNS:x303.test + DNS:x304.test + DNS:x305.test + DNS:x306.test + DNS:x307.test + DNS:x308.test + DNS:x309.test + DNS:x310.test + DNS:x311.test + DNS:x312.test + DNS:x313.test + DNS:x314.test + DNS:x315.test + DNS:x316.test + DNS:x317.test + DNS:x318.test + DNS:x319.test + DNS:x320.test + DNS:x321.test + DNS:x322.test + DNS:x323.test + DNS:x324.test + DNS:x325.test + DNS:x326.test + DNS:x327.test + DNS:x328.test + DNS:x329.test + DNS:x330.test + DNS:x331.test + DNS:x332.test + DNS:x333.test + DNS:x334.test + DNS:x335.test + DNS:x336.test + DNS:x337.test + DNS:x338.test + DNS:x339.test + DNS:x340.test + DNS:x341.test + DNS:x342.test + DNS:x343.test + DNS:x344.test + DNS:x345.test + DNS:x346.test + DNS:x347.test + DNS:x348.test + DNS:x349.test + DNS:x350.test + DNS:x351.test + DNS:x352.test + DNS:x353.test + DNS:x354.test + DNS:x355.test + DNS:x356.test + DNS:x357.test + DNS:x358.test + DNS:x359.test + DNS:x360.test + DNS:x361.test + DNS:x362.test + DNS:x363.test + DNS:x364.test + DNS:x365.test + DNS:x366.test + DNS:x367.test + DNS:x368.test + DNS:x369.test + DNS:x370.test + DNS:x371.test + DNS:x372.test + DNS:x373.test + DNS:x374.test + DNS:x375.test + DNS:x376.test + DNS:x377.test + DNS:x378.test + DNS:x379.test + DNS:x380.test + DNS:x381.test + DNS:x382.test + DNS:x383.test + DNS:x384.test + DNS:x385.test + DNS:x386.test + DNS:x387.test + DNS:x388.test + DNS:x389.test + DNS:x390.test + DNS:x391.test + DNS:x392.test + DNS:x393.test + DNS:x394.test + DNS:x395.test + DNS:x396.test + DNS:x397.test + DNS:x398.test + DNS:x399.test + DNS:x400.test + DNS:x401.test + DNS:x402.test + DNS:x403.test + DNS:x404.test + DNS:x405.test + DNS:x406.test + DNS:x407.test + DNS:x408.test + DNS:x409.test + DNS:x410.test + DNS:x411.test + DNS:x412.test + DNS:x413.test + DNS:x414.test + DNS:x415.test + DNS:x416.test + DNS:x417.test + DNS:x418.test + DNS:x419.test + DNS:x420.test + DNS:x421.test + DNS:x422.test + DNS:x423.test + DNS:x424.test + DNS:x425.test + DNS:x426.test + DNS:x427.test + DNS:x428.test + DNS:x429.test + DNS:x430.test + DNS:x431.test + DNS:x432.test + DNS:x433.test + DNS:x434.test + DNS:x435.test + DNS:x436.test + DNS:x437.test + DNS:x438.test + DNS:x439.test + DNS:x440.test + DNS:x441.test + DNS:x442.test + DNS:x443.test + DNS:x444.test + DNS:x445.test + DNS:x446.test + DNS:x447.test + DNS:x448.test + DNS:x449.test + DNS:x450.test + DNS:x451.test + DNS:x452.test + DNS:x453.test + DNS:x454.test + DNS:x455.test + DNS:x456.test + DNS:x457.test + DNS:x458.test + DNS:x459.test + DNS:x460.test + DNS:x461.test + DNS:x462.test + DNS:x463.test + DNS:x464.test + DNS:x465.test + DNS:x466.test + DNS:x467.test + DNS:x468.test + DNS:x469.test + DNS:x470.test + DNS:x471.test + DNS:x472.test + DNS:x473.test + DNS:x474.test + DNS:x475.test + DNS:x476.test + DNS:x477.test + DNS:x478.test + DNS:x479.test + DNS:x480.test + DNS:x481.test + DNS:x482.test + DNS:x483.test + DNS:x484.test + DNS:x485.test + DNS:x486.test + DNS:x487.test + DNS:x488.test + DNS:x489.test + DNS:x490.test + DNS:x491.test + DNS:x492.test + DNS:x493.test + DNS:x494.test + DNS:x495.test + DNS:x496.test + DNS:x497.test + DNS:x498.test + DNS:x499.test + DNS:x500.test + DNS:x501.test + DNS:x502.test + DNS:x503.test + DNS:x504.test + DNS:x505.test + DNS:x506.test + DNS:x507.test + DNS:x508.test + DNS:x509.test + DNS:x510.test + DNS:x511.test + DNS:x512.test + DNS:x513.test + DNS:x514.test + DNS:x515.test + DNS:x516.test + DNS:x517.test + DNS:x518.test + DNS:x519.test + DNS:x520.test + DNS:x521.test + DNS:x522.test + DNS:x523.test + DNS:x524.test + DNS:x525.test + DNS:x526.test + DNS:x527.test + DNS:x528.test + DNS:x529.test + DNS:x530.test + DNS:x531.test + DNS:x532.test + DNS:x533.test + DNS:x534.test + DNS:x535.test + DNS:x536.test + DNS:x537.test + DNS:x538.test + DNS:x539.test + DNS:x540.test + DNS:x541.test + DNS:x542.test + DNS:x543.test + DNS:x544.test + DNS:x545.test + DNS:x546.test + DNS:x547.test + DNS:x548.test + DNS:x549.test + DNS:x550.test + DNS:x551.test + DNS:x552.test + DNS:x553.test + DNS:x554.test + DNS:x555.test + DNS:x556.test + DNS:x557.test + DNS:x558.test + DNS:x559.test + DNS:x560.test + DNS:x561.test + DNS:x562.test + DNS:x563.test + DNS:x564.test + DNS:x565.test + DNS:x566.test + DNS:x567.test + DNS:x568.test + DNS:x569.test + DNS:x570.test + DNS:x571.test + DNS:x572.test + DNS:x573.test + DNS:x574.test + DNS:x575.test + DNS:x576.test + DNS:x577.test + DNS:x578.test + DNS:x579.test + DNS:x580.test + DNS:x581.test + DNS:x582.test + DNS:x583.test + DNS:x584.test + DNS:x585.test + DNS:x586.test + DNS:x587.test + DNS:x588.test + DNS:x589.test + DNS:x590.test + DNS:x591.test + DNS:x592.test + DNS:x593.test + DNS:x594.test + DNS:x595.test + DNS:x596.test + DNS:x597.test + DNS:x598.test + DNS:x599.test + DNS:x600.test + DNS:x601.test + DNS:x602.test + DNS:x603.test + DNS:x604.test + DNS:x605.test + DNS:x606.test + DNS:x607.test + DNS:x608.test + DNS:x609.test + DNS:x610.test + DNS:x611.test + DNS:x612.test + DNS:x613.test + DNS:x614.test + DNS:x615.test + DNS:x616.test + DNS:x617.test + DNS:x618.test + DNS:x619.test + DNS:x620.test + DNS:x621.test + DNS:x622.test + DNS:x623.test + DNS:x624.test + DNS:x625.test + DNS:x626.test + DNS:x627.test + DNS:x628.test + DNS:x629.test + DNS:x630.test + DNS:x631.test + DNS:x632.test + DNS:x633.test + DNS:x634.test + DNS:x635.test + DNS:x636.test + DNS:x637.test + DNS:x638.test + DNS:x639.test + DNS:x640.test + DNS:x641.test + DNS:x642.test + DNS:x643.test + DNS:x644.test + DNS:x645.test + DNS:x646.test + DNS:x647.test + DNS:x648.test + DNS:x649.test + DNS:x650.test + DNS:x651.test + DNS:x652.test + DNS:x653.test + DNS:x654.test + DNS:x655.test + DNS:x656.test + DNS:x657.test + DNS:x658.test + DNS:x659.test + DNS:x660.test + DNS:x661.test + DNS:x662.test + DNS:x663.test + DNS:x664.test + DNS:x665.test + DNS:x666.test + DNS:x667.test + DNS:x668.test + DNS:x669.test + DNS:x670.test + DNS:x671.test + DNS:x672.test + DNS:x673.test + DNS:x674.test + DNS:x675.test + DNS:x676.test + DNS:x677.test + DNS:x678.test + DNS:x679.test + DNS:x680.test + DNS:x681.test + DNS:x682.test + DNS:x683.test + DNS:x684.test + DNS:x685.test + DNS:x686.test + DNS:x687.test + DNS:x688.test + DNS:x689.test + DNS:x690.test + DNS:x691.test + DNS:x692.test + DNS:x693.test + DNS:x694.test + DNS:x695.test + DNS:x696.test + DNS:x697.test + DNS:x698.test + DNS:x699.test + DNS:x700.test + DNS:x701.test + DNS:x702.test + DNS:x703.test + DNS:x704.test + DNS:x705.test + DNS:x706.test + DNS:x707.test + DNS:x708.test + DNS:x709.test + DNS:x710.test + DNS:x711.test + DNS:x712.test + DNS:x713.test + DNS:x714.test + DNS:x715.test + DNS:x716.test + DNS:x717.test + DNS:x718.test + DNS:x719.test + DNS:x720.test + DNS:x721.test + DNS:x722.test + DNS:x723.test + DNS:x724.test + DNS:x725.test + DNS:x726.test + DNS:x727.test + DNS:x728.test + DNS:x729.test + DNS:x730.test + DNS:x731.test + DNS:x732.test + DNS:x733.test + DNS:x734.test + DNS:x735.test + DNS:x736.test + DNS:x737.test + DNS:x738.test + DNS:x739.test + DNS:x740.test + DNS:x741.test + DNS:x742.test + DNS:x743.test + DNS:x744.test + DNS:x745.test + DNS:x746.test + DNS:x747.test + DNS:x748.test + DNS:x749.test + DNS:x750.test + DNS:x751.test + DNS:x752.test + DNS:x753.test + DNS:x754.test + DNS:x755.test + DNS:x756.test + DNS:x757.test + DNS:x758.test + DNS:x759.test + DNS:x760.test + DNS:x761.test + DNS:x762.test + DNS:x763.test + DNS:x764.test + DNS:x765.test + DNS:x766.test + DNS:x767.test + DNS:x768.test + DNS:x769.test + DNS:x770.test + DNS:x771.test + DNS:x772.test + DNS:x773.test + DNS:x774.test + DNS:x775.test + DNS:x776.test + DNS:x777.test + DNS:x778.test + DNS:x779.test + DNS:x780.test + DNS:x781.test + DNS:x782.test + DNS:x783.test + DNS:x784.test + DNS:x785.test + DNS:x786.test + DNS:x787.test + DNS:x788.test + DNS:x789.test + DNS:x790.test + DNS:x791.test + DNS:x792.test + DNS:x793.test + DNS:x794.test + DNS:x795.test + DNS:x796.test + DNS:x797.test + DNS:x798.test + DNS:x799.test + DNS:x800.test + DNS:x801.test + DNS:x802.test + DNS:x803.test + DNS:x804.test + DNS:x805.test + DNS:x806.test + DNS:x807.test + DNS:x808.test + DNS:x809.test + DNS:x810.test + DNS:x811.test + DNS:x812.test + DNS:x813.test + DNS:x814.test + DNS:x815.test + DNS:x816.test + DNS:x817.test + DNS:x818.test + DNS:x819.test + DNS:x820.test + DNS:x821.test + DNS:x822.test + DNS:x823.test + DNS:x824.test + DNS:x825.test + DNS:x826.test + DNS:x827.test + DNS:x828.test + DNS:x829.test + DNS:x830.test + DNS:x831.test + DNS:x832.test + DNS:x833.test + DNS:x834.test + DNS:x835.test + DNS:x836.test + DNS:x837.test + DNS:x838.test + DNS:x839.test + DNS:x840.test + DNS:x841.test + DNS:x842.test + DNS:x843.test + DNS:x844.test + DNS:x845.test + DNS:x846.test + DNS:x847.test + DNS:x848.test + DNS:x849.test + DNS:x850.test + DNS:x851.test + DNS:x852.test + DNS:x853.test + DNS:x854.test + DNS:x855.test + DNS:x856.test + DNS:x857.test + DNS:x858.test + DNS:x859.test + DNS:x860.test + DNS:x861.test + DNS:x862.test + DNS:x863.test + DNS:x864.test + DNS:x865.test + DNS:x866.test + DNS:x867.test + DNS:x868.test + DNS:x869.test + DNS:x870.test + DNS:x871.test + DNS:x872.test + DNS:x873.test + DNS:x874.test + DNS:x875.test + DNS:x876.test + DNS:x877.test + DNS:x878.test + DNS:x879.test + DNS:x880.test + DNS:x881.test + DNS:x882.test + DNS:x883.test + DNS:x884.test + DNS:x885.test + DNS:x886.test + DNS:x887.test + DNS:x888.test + DNS:x889.test + DNS:x890.test + DNS:x891.test + DNS:x892.test + DNS:x893.test + DNS:x894.test + DNS:x895.test + DNS:x896.test + DNS:x897.test + DNS:x898.test + DNS:x899.test + DNS:x900.test + DNS:x901.test + DNS:x902.test + DNS:x903.test + DNS:x904.test + DNS:x905.test + DNS:x906.test + DNS:x907.test + DNS:x908.test + DNS:x909.test + DNS:x910.test + DNS:x911.test + DNS:x912.test + DNS:x913.test + DNS:x914.test + DNS:x915.test + DNS:x916.test + DNS:x917.test + DNS:x918.test + DNS:x919.test + DNS:x920.test + DNS:x921.test + DNS:x922.test + DNS:x923.test + DNS:x924.test + DNS:x925.test + DNS:x926.test + DNS:x927.test + DNS:x928.test + DNS:x929.test + DNS:x930.test + DNS:x931.test + DNS:x932.test + DNS:x933.test + DNS:x934.test + DNS:x935.test + DNS:x936.test + DNS:x937.test + DNS:x938.test + DNS:x939.test + DNS:x940.test + DNS:x941.test + DNS:x942.test + DNS:x943.test + DNS:x944.test + DNS:x945.test + DNS:x946.test + DNS:x947.test + DNS:x948.test + DNS:x949.test + DNS:x950.test + DNS:x951.test + DNS:x952.test + DNS:x953.test + DNS:x954.test + DNS:x955.test + DNS:x956.test + DNS:x957.test + DNS:x958.test + DNS:x959.test + DNS:x960.test + DNS:x961.test + DNS:x962.test + DNS:x963.test + DNS:x964.test + DNS:x965.test + DNS:x966.test + DNS:x967.test + DNS:x968.test + DNS:x969.test + DNS:x970.test + DNS:x971.test + DNS:x972.test + DNS:x973.test + DNS:x974.test + DNS:x975.test + DNS:x976.test + DNS:x977.test + DNS:x978.test + DNS:x979.test + DNS:x980.test + DNS:x981.test + DNS:x982.test + DNS:x983.test + DNS:x984.test + DNS:x985.test + DNS:x986.test + DNS:x987.test + DNS:x988.test + DNS:x989.test + DNS:x990.test + DNS:x991.test + DNS:x992.test + DNS:x993.test + DNS:x994.test + DNS:x995.test + DNS:x996.test + DNS:x997.test + DNS:x998.test + DNS:x999.test + DNS:x1000.test + DNS:x1001.test + DNS:x1002.test + DNS:x1003.test + DNS:x1004.test + DNS:x1005.test + DNS:x1006.test + DNS:x1007.test + DNS:x1008.test + DNS:x1009.test + DNS:x1010.test + DNS:x1011.test + DNS:x1012.test + DNS:x1013.test + DNS:x1014.test + DNS:x1015.test + DNS:x1016.test + DNS:x1017.test + DNS:x1018.test + DNS:x1019.test + DNS:x1020.test + DNS:x1021.test + DNS:x1022.test + DNS:x1023.test + DNS:x1024.test + + Signature Algorithm: sha256WithRSAEncryption + a3:61:e0:bd:55:1b:55:36:05:4b:22:0a:7c:93:62:ba:08:ce: + 68:b5:8a:62:f7:57:27:6c:0f:d0:03:f4:57:f1:a0:e5:35:69: + 91:fe:66:af:27:ae:54:92:67:3b:a7:ce:86:7e:dd:66:e9:a4: + dc:69:49:6d:c3:96:da:fd:3d:4a:27:60:f1:24:f8:f1:be:34: + f6:b6:43:53:02:8a:0f:87:42:07:5d:91:d3:9d:96:39:93:9c: + b6:f2:38:fd:37:2f:7d:f4:02:67:3f:73:bb:96:7e:55:1b:38: + f2:6e:c8:35:90:28:1d:d9:c2:45:e7:17:03:33:96:f9:59:eb: + 0f:bc:2c:52:57:6a:fc:2f:3d:f0:f3:5c:1d:d7:1a:8d:e2:02: + a8:96:15:e0:61:95:d6:09:ba:b9:7b:c0:36:cc:ce:96:7b:7f: + ef:35:f7:f3:08:28:b6:ac:2a:41:a6:22:43:6c:76:c5:34:1d: + e8:47:bf:dd:56:7a:0f:7d:bd:2e:a9:6b:ed:92:39:a5:36:35: + 09:52:6b:fa:03:b0:6d:68:e2:83:2e:8f:7e:87:71:fc:42:2d: + f2:07:16:53:8d:1a:02:c0:03:55:d3:bf:1d:c1:07:f5:63:ec: + 3f:6f:26:4c:e7:47:d0:9d:e6:04:00:ad:b6:87:de:03:59:b0: + 80:10:78:3e +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKGCM7gwCYIHeDAudGVzdDAJggd4MS50ZXN0MAmC +B3gyLnRlc3QwCYIHeDMudGVzdDAJggd4NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYu +dGVzdDAJggd4Ny50ZXN0MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAKggh4MTAudGVz +dDAKggh4MTEudGVzdDAKggh4MTIudGVzdDAKggh4MTMudGVzdDAKggh4MTQudGVz +dDAKggh4MTUudGVzdDAKggh4MTYudGVzdDAKggh4MTcudGVzdDAKggh4MTgudGVz +dDAKggh4MTkudGVzdDAKggh4MjAudGVzdDAKggh4MjEudGVzdDAKggh4MjIudGVz +dDAKggh4MjMudGVzdDAKggh4MjQudGVzdDAKggh4MjUudGVzdDAKggh4MjYudGVz +dDAKggh4MjcudGVzdDAKggh4MjgudGVzdDAKggh4MjkudGVzdDAKggh4MzAudGVz +dDAKggh4MzEudGVzdDAKggh4MzIudGVzdDAKggh4MzMudGVzdDAKggh4MzQudGVz +dDAKggh4MzUudGVzdDAKggh4MzYudGVzdDAKggh4MzcudGVzdDAKggh4MzgudGVz +dDAKggh4MzkudGVzdDAKggh4NDAudGVzdDAKggh4NDEudGVzdDAKggh4NDIudGVz +dDAKggh4NDMudGVzdDAKggh4NDQudGVzdDAKggh4NDUudGVzdDAKggh4NDYudGVz +dDAKggh4NDcudGVzdDAKggh4NDgudGVzdDAKggh4NDkudGVzdDAKggh4NTAudGVz +dDAKggh4NTEudGVzdDAKggh4NTIudGVzdDAKggh4NTMudGVzdDAKggh4NTQudGVz +dDAKggh4NTUudGVzdDAKggh4NTYudGVzdDAKggh4NTcudGVzdDAKggh4NTgudGVz +dDAKggh4NTkudGVzdDAKggh4NjAudGVzdDAKggh4NjEudGVzdDAKggh4NjIudGVz +dDAKggh4NjMudGVzdDAKggh4NjQudGVzdDAKggh4NjUudGVzdDAKggh4NjYudGVz +dDAKggh4NjcudGVzdDAKggh4NjgudGVzdDAKggh4NjkudGVzdDAKggh4NzAudGVz +dDAKggh4NzEudGVzdDAKggh4NzIudGVzdDAKggh4NzMudGVzdDAKggh4NzQudGVz +dDAKggh4NzUudGVzdDAKggh4NzYudGVzdDAKggh4NzcudGVzdDAKggh4NzgudGVz +dDAKggh4NzkudGVzdDAKggh4ODAudGVzdDAKggh4ODEudGVzdDAKggh4ODIudGVz +dDAKggh4ODMudGVzdDAKggh4ODQudGVzdDAKggh4ODUudGVzdDAKggh4ODYudGVz +dDAKggh4ODcudGVzdDAKggh4ODgudGVzdDAKggh4ODkudGVzdDAKggh4OTAudGVz +dDAKggh4OTEudGVzdDAKggh4OTIudGVzdDAKggh4OTMudGVzdDAKggh4OTQudGVz +dDAKggh4OTUudGVzdDAKggh4OTYudGVzdDAKggh4OTcudGVzdDAKggh4OTgudGVz +dDAKggh4OTkudGVzdDALggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIu +dGVzdDALggl4MTAzLnRlc3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUudGVzdDALggl4 +MTA2LnRlc3QwC4IJeDEwNy50ZXN0MAuCCXgxMDgudGVzdDALggl4MTA5LnRlc3Qw +C4IJeDExMC50ZXN0MAuCCXgxMTEudGVzdDALggl4MTEyLnRlc3QwC4IJeDExMy50 +ZXN0MAuCCXgxMTQudGVzdDALggl4MTE1LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgx +MTcudGVzdDALggl4MTE4LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgxMjAudGVzdDAL +ggl4MTIxLnRlc3QwC4IJeDEyMi50ZXN0MAuCCXgxMjMudGVzdDALggl4MTI0LnRl +c3QwC4IJeDEyNS50ZXN0MAuCCXgxMjYudGVzdDALggl4MTI3LnRlc3QwC4IJeDEy +OC50ZXN0MAuCCXgxMjkudGVzdDALggl4MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuC +CXgxMzIudGVzdDALggl4MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuCCXgxMzUudGVz +dDALggl4MTM2LnRlc3QwC4IJeDEzNy50ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5 +LnRlc3QwC4IJeDE0MC50ZXN0MAuCCXgxNDEudGVzdDALggl4MTQyLnRlc3QwC4IJ +eDE0My50ZXN0MAuCCXgxNDQudGVzdDALggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0 +MAuCCXgxNDcudGVzdDALggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAu +dGVzdDALggl4MTUxLnRlc3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4 +MTU0LnRlc3QwC4IJeDE1NS50ZXN0MAuCCXgxNTYudGVzdDALggl4MTU3LnRlc3Qw +C4IJeDE1OC50ZXN0MAuCCXgxNTkudGVzdDALggl4MTYwLnRlc3QwC4IJeDE2MS50 +ZXN0MAuCCXgxNjIudGVzdDALggl4MTYzLnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgx +NjUudGVzdDALggl4MTY2LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgxNjgudGVzdDAL +ggl4MTY5LnRlc3QwC4IJeDE3MC50ZXN0MAuCCXgxNzEudGVzdDALggl4MTcyLnRl +c3QwC4IJeDE3My50ZXN0MAuCCXgxNzQudGVzdDALggl4MTc1LnRlc3QwC4IJeDE3 +Ni50ZXN0MAuCCXgxNzcudGVzdDALggl4MTc4LnRlc3QwC4IJeDE3OS50ZXN0MAuC +CXgxODAudGVzdDALggl4MTgxLnRlc3QwC4IJeDE4Mi50ZXN0MAuCCXgxODMudGVz +dDALggl4MTg0LnRlc3QwC4IJeDE4NS50ZXN0MAuCCXgxODYudGVzdDALggl4MTg3 +LnRlc3QwC4IJeDE4OC50ZXN0MAuCCXgxODkudGVzdDALggl4MTkwLnRlc3QwC4IJ +eDE5MS50ZXN0MAuCCXgxOTIudGVzdDALggl4MTkzLnRlc3QwC4IJeDE5NC50ZXN0 +MAuCCXgxOTUudGVzdDALggl4MTk2LnRlc3QwC4IJeDE5Ny50ZXN0MAuCCXgxOTgu +dGVzdDALggl4MTk5LnRlc3QwC4IJeDIwMC50ZXN0MAuCCXgyMDEudGVzdDALggl4 +MjAyLnRlc3QwC4IJeDIwMy50ZXN0MAuCCXgyMDQudGVzdDALggl4MjA1LnRlc3Qw +C4IJeDIwNi50ZXN0MAuCCXgyMDcudGVzdDALggl4MjA4LnRlc3QwC4IJeDIwOS50 +ZXN0MAuCCXgyMTAudGVzdDALggl4MjExLnRlc3QwC4IJeDIxMi50ZXN0MAuCCXgy +MTMudGVzdDALggl4MjE0LnRlc3QwC4IJeDIxNS50ZXN0MAuCCXgyMTYudGVzdDAL +ggl4MjE3LnRlc3QwC4IJeDIxOC50ZXN0MAuCCXgyMTkudGVzdDALggl4MjIwLnRl +c3QwC4IJeDIyMS50ZXN0MAuCCXgyMjIudGVzdDALggl4MjIzLnRlc3QwC4IJeDIy +NC50ZXN0MAuCCXgyMjUudGVzdDALggl4MjI2LnRlc3QwC4IJeDIyNy50ZXN0MAuC +CXgyMjgudGVzdDALggl4MjI5LnRlc3QwC4IJeDIzMC50ZXN0MAuCCXgyMzEudGVz +dDALggl4MjMyLnRlc3QwC4IJeDIzMy50ZXN0MAuCCXgyMzQudGVzdDALggl4MjM1 +LnRlc3QwC4IJeDIzNi50ZXN0MAuCCXgyMzcudGVzdDALggl4MjM4LnRlc3QwC4IJ +eDIzOS50ZXN0MAuCCXgyNDAudGVzdDALggl4MjQxLnRlc3QwC4IJeDI0Mi50ZXN0 +MAuCCXgyNDMudGVzdDALggl4MjQ0LnRlc3QwC4IJeDI0NS50ZXN0MAuCCXgyNDYu +dGVzdDALggl4MjQ3LnRlc3QwC4IJeDI0OC50ZXN0MAuCCXgyNDkudGVzdDALggl4 +MjUwLnRlc3QwC4IJeDI1MS50ZXN0MAuCCXgyNTIudGVzdDALggl4MjUzLnRlc3Qw +C4IJeDI1NC50ZXN0MAuCCXgyNTUudGVzdDALggl4MjU2LnRlc3QwC4IJeDI1Ny50 +ZXN0MAuCCXgyNTgudGVzdDALggl4MjU5LnRlc3QwC4IJeDI2MC50ZXN0MAuCCXgy +NjEudGVzdDALggl4MjYyLnRlc3QwC4IJeDI2My50ZXN0MAuCCXgyNjQudGVzdDAL +ggl4MjY1LnRlc3QwC4IJeDI2Ni50ZXN0MAuCCXgyNjcudGVzdDALggl4MjY4LnRl +c3QwC4IJeDI2OS50ZXN0MAuCCXgyNzAudGVzdDALggl4MjcxLnRlc3QwC4IJeDI3 +Mi50ZXN0MAuCCXgyNzMudGVzdDALggl4Mjc0LnRlc3QwC4IJeDI3NS50ZXN0MAuC +CXgyNzYudGVzdDALggl4Mjc3LnRlc3QwC4IJeDI3OC50ZXN0MAuCCXgyNzkudGVz +dDALggl4MjgwLnRlc3QwC4IJeDI4MS50ZXN0MAuCCXgyODIudGVzdDALggl4Mjgz +LnRlc3QwC4IJeDI4NC50ZXN0MAuCCXgyODUudGVzdDALggl4Mjg2LnRlc3QwC4IJ +eDI4Ny50ZXN0MAuCCXgyODgudGVzdDALggl4Mjg5LnRlc3QwC4IJeDI5MC50ZXN0 +MAuCCXgyOTEudGVzdDALggl4MjkyLnRlc3QwC4IJeDI5My50ZXN0MAuCCXgyOTQu +dGVzdDALggl4Mjk1LnRlc3QwC4IJeDI5Ni50ZXN0MAuCCXgyOTcudGVzdDALggl4 +Mjk4LnRlc3QwC4IJeDI5OS50ZXN0MAuCCXgzMDAudGVzdDALggl4MzAxLnRlc3Qw +C4IJeDMwMi50ZXN0MAuCCXgzMDMudGVzdDALggl4MzA0LnRlc3QwC4IJeDMwNS50 +ZXN0MAuCCXgzMDYudGVzdDALggl4MzA3LnRlc3QwC4IJeDMwOC50ZXN0MAuCCXgz +MDkudGVzdDALggl4MzEwLnRlc3QwC4IJeDMxMS50ZXN0MAuCCXgzMTIudGVzdDAL +ggl4MzEzLnRlc3QwC4IJeDMxNC50ZXN0MAuCCXgzMTUudGVzdDALggl4MzE2LnRl +c3QwC4IJeDMxNy50ZXN0MAuCCXgzMTgudGVzdDALggl4MzE5LnRlc3QwC4IJeDMy +MC50ZXN0MAuCCXgzMjEudGVzdDALggl4MzIyLnRlc3QwC4IJeDMyMy50ZXN0MAuC +CXgzMjQudGVzdDALggl4MzI1LnRlc3QwC4IJeDMyNi50ZXN0MAuCCXgzMjcudGVz +dDALggl4MzI4LnRlc3QwC4IJeDMyOS50ZXN0MAuCCXgzMzAudGVzdDALggl4MzMx +LnRlc3QwC4IJeDMzMi50ZXN0MAuCCXgzMzMudGVzdDALggl4MzM0LnRlc3QwC4IJ +eDMzNS50ZXN0MAuCCXgzMzYudGVzdDALggl4MzM3LnRlc3QwC4IJeDMzOC50ZXN0 +MAuCCXgzMzkudGVzdDALggl4MzQwLnRlc3QwC4IJeDM0MS50ZXN0MAuCCXgzNDIu +dGVzdDALggl4MzQzLnRlc3QwC4IJeDM0NC50ZXN0MAuCCXgzNDUudGVzdDALggl4 +MzQ2LnRlc3QwC4IJeDM0Ny50ZXN0MAuCCXgzNDgudGVzdDALggl4MzQ5LnRlc3Qw +C4IJeDM1MC50ZXN0MAuCCXgzNTEudGVzdDALggl4MzUyLnRlc3QwC4IJeDM1My50 +ZXN0MAuCCXgzNTQudGVzdDALggl4MzU1LnRlc3QwC4IJeDM1Ni50ZXN0MAuCCXgz +NTcudGVzdDALggl4MzU4LnRlc3QwC4IJeDM1OS50ZXN0MAuCCXgzNjAudGVzdDAL +ggl4MzYxLnRlc3QwC4IJeDM2Mi50ZXN0MAuCCXgzNjMudGVzdDALggl4MzY0LnRl +c3QwC4IJeDM2NS50ZXN0MAuCCXgzNjYudGVzdDALggl4MzY3LnRlc3QwC4IJeDM2 +OC50ZXN0MAuCCXgzNjkudGVzdDALggl4MzcwLnRlc3QwC4IJeDM3MS50ZXN0MAuC +CXgzNzIudGVzdDALggl4MzczLnRlc3QwC4IJeDM3NC50ZXN0MAuCCXgzNzUudGVz +dDALggl4Mzc2LnRlc3QwC4IJeDM3Ny50ZXN0MAuCCXgzNzgudGVzdDALggl4Mzc5 +LnRlc3QwC4IJeDM4MC50ZXN0MAuCCXgzODEudGVzdDALggl4MzgyLnRlc3QwC4IJ +eDM4My50ZXN0MAuCCXgzODQudGVzdDALggl4Mzg1LnRlc3QwC4IJeDM4Ni50ZXN0 +MAuCCXgzODcudGVzdDALggl4Mzg4LnRlc3QwC4IJeDM4OS50ZXN0MAuCCXgzOTAu +dGVzdDALggl4MzkxLnRlc3QwC4IJeDM5Mi50ZXN0MAuCCXgzOTMudGVzdDALggl4 +Mzk0LnRlc3QwC4IJeDM5NS50ZXN0MAuCCXgzOTYudGVzdDALggl4Mzk3LnRlc3Qw +C4IJeDM5OC50ZXN0MAuCCXgzOTkudGVzdDALggl4NDAwLnRlc3QwC4IJeDQwMS50 +ZXN0MAuCCXg0MDIudGVzdDALggl4NDAzLnRlc3QwC4IJeDQwNC50ZXN0MAuCCXg0 +MDUudGVzdDALggl4NDA2LnRlc3QwC4IJeDQwNy50ZXN0MAuCCXg0MDgudGVzdDAL +ggl4NDA5LnRlc3QwC4IJeDQxMC50ZXN0MAuCCXg0MTEudGVzdDALggl4NDEyLnRl +c3QwC4IJeDQxMy50ZXN0MAuCCXg0MTQudGVzdDALggl4NDE1LnRlc3QwC4IJeDQx +Ni50ZXN0MAuCCXg0MTcudGVzdDALggl4NDE4LnRlc3QwC4IJeDQxOS50ZXN0MAuC +CXg0MjAudGVzdDALggl4NDIxLnRlc3QwC4IJeDQyMi50ZXN0MAuCCXg0MjMudGVz +dDALggl4NDI0LnRlc3QwC4IJeDQyNS50ZXN0MAuCCXg0MjYudGVzdDALggl4NDI3 +LnRlc3QwC4IJeDQyOC50ZXN0MAuCCXg0MjkudGVzdDALggl4NDMwLnRlc3QwC4IJ +eDQzMS50ZXN0MAuCCXg0MzIudGVzdDALggl4NDMzLnRlc3QwC4IJeDQzNC50ZXN0 +MAuCCXg0MzUudGVzdDALggl4NDM2LnRlc3QwC4IJeDQzNy50ZXN0MAuCCXg0Mzgu +dGVzdDALggl4NDM5LnRlc3QwC4IJeDQ0MC50ZXN0MAuCCXg0NDEudGVzdDALggl4 +NDQyLnRlc3QwC4IJeDQ0My50ZXN0MAuCCXg0NDQudGVzdDALggl4NDQ1LnRlc3Qw +C4IJeDQ0Ni50ZXN0MAuCCXg0NDcudGVzdDALggl4NDQ4LnRlc3QwC4IJeDQ0OS50 +ZXN0MAuCCXg0NTAudGVzdDALggl4NDUxLnRlc3QwC4IJeDQ1Mi50ZXN0MAuCCXg0 +NTMudGVzdDALggl4NDU0LnRlc3QwC4IJeDQ1NS50ZXN0MAuCCXg0NTYudGVzdDAL +ggl4NDU3LnRlc3QwC4IJeDQ1OC50ZXN0MAuCCXg0NTkudGVzdDALggl4NDYwLnRl +c3QwC4IJeDQ2MS50ZXN0MAuCCXg0NjIudGVzdDALggl4NDYzLnRlc3QwC4IJeDQ2 +NC50ZXN0MAuCCXg0NjUudGVzdDALggl4NDY2LnRlc3QwC4IJeDQ2Ny50ZXN0MAuC +CXg0NjgudGVzdDALggl4NDY5LnRlc3QwC4IJeDQ3MC50ZXN0MAuCCXg0NzEudGVz +dDALggl4NDcyLnRlc3QwC4IJeDQ3My50ZXN0MAuCCXg0NzQudGVzdDALggl4NDc1 +LnRlc3QwC4IJeDQ3Ni50ZXN0MAuCCXg0NzcudGVzdDALggl4NDc4LnRlc3QwC4IJ +eDQ3OS50ZXN0MAuCCXg0ODAudGVzdDALggl4NDgxLnRlc3QwC4IJeDQ4Mi50ZXN0 +MAuCCXg0ODMudGVzdDALggl4NDg0LnRlc3QwC4IJeDQ4NS50ZXN0MAuCCXg0ODYu +dGVzdDALggl4NDg3LnRlc3QwC4IJeDQ4OC50ZXN0MAuCCXg0ODkudGVzdDALggl4 +NDkwLnRlc3QwC4IJeDQ5MS50ZXN0MAuCCXg0OTIudGVzdDALggl4NDkzLnRlc3Qw +C4IJeDQ5NC50ZXN0MAuCCXg0OTUudGVzdDALggl4NDk2LnRlc3QwC4IJeDQ5Ny50 +ZXN0MAuCCXg0OTgudGVzdDALggl4NDk5LnRlc3QwC4IJeDUwMC50ZXN0MAuCCXg1 +MDEudGVzdDALggl4NTAyLnRlc3QwC4IJeDUwMy50ZXN0MAuCCXg1MDQudGVzdDAL +ggl4NTA1LnRlc3QwC4IJeDUwNi50ZXN0MAuCCXg1MDcudGVzdDALggl4NTA4LnRl +c3QwC4IJeDUwOS50ZXN0MAuCCXg1MTAudGVzdDALggl4NTExLnRlc3QwC4IJeDUx +Mi50ZXN0MAuCCXg1MTMudGVzdDALggl4NTE0LnRlc3QwC4IJeDUxNS50ZXN0MAuC +CXg1MTYudGVzdDALggl4NTE3LnRlc3QwC4IJeDUxOC50ZXN0MAuCCXg1MTkudGVz +dDALggl4NTIwLnRlc3QwC4IJeDUyMS50ZXN0MAuCCXg1MjIudGVzdDALggl4NTIz +LnRlc3QwC4IJeDUyNC50ZXN0MAuCCXg1MjUudGVzdDALggl4NTI2LnRlc3QwC4IJ +eDUyNy50ZXN0MAuCCXg1MjgudGVzdDALggl4NTI5LnRlc3QwC4IJeDUzMC50ZXN0 +MAuCCXg1MzEudGVzdDALggl4NTMyLnRlc3QwC4IJeDUzMy50ZXN0MAuCCXg1MzQu +dGVzdDALggl4NTM1LnRlc3QwC4IJeDUzNi50ZXN0MAuCCXg1MzcudGVzdDALggl4 +NTM4LnRlc3QwC4IJeDUzOS50ZXN0MAuCCXg1NDAudGVzdDALggl4NTQxLnRlc3Qw +C4IJeDU0Mi50ZXN0MAuCCXg1NDMudGVzdDALggl4NTQ0LnRlc3QwC4IJeDU0NS50 +ZXN0MAuCCXg1NDYudGVzdDALggl4NTQ3LnRlc3QwC4IJeDU0OC50ZXN0MAuCCXg1 +NDkudGVzdDALggl4NTUwLnRlc3QwC4IJeDU1MS50ZXN0MAuCCXg1NTIudGVzdDAL +ggl4NTUzLnRlc3QwC4IJeDU1NC50ZXN0MAuCCXg1NTUudGVzdDALggl4NTU2LnRl +c3QwC4IJeDU1Ny50ZXN0MAuCCXg1NTgudGVzdDALggl4NTU5LnRlc3QwC4IJeDU2 +MC50ZXN0MAuCCXg1NjEudGVzdDALggl4NTYyLnRlc3QwC4IJeDU2My50ZXN0MAuC +CXg1NjQudGVzdDALggl4NTY1LnRlc3QwC4IJeDU2Ni50ZXN0MAuCCXg1NjcudGVz +dDALggl4NTY4LnRlc3QwC4IJeDU2OS50ZXN0MAuCCXg1NzAudGVzdDALggl4NTcx +LnRlc3QwC4IJeDU3Mi50ZXN0MAuCCXg1NzMudGVzdDALggl4NTc0LnRlc3QwC4IJ +eDU3NS50ZXN0MAuCCXg1NzYudGVzdDALggl4NTc3LnRlc3QwC4IJeDU3OC50ZXN0 +MAuCCXg1NzkudGVzdDALggl4NTgwLnRlc3QwC4IJeDU4MS50ZXN0MAuCCXg1ODIu +dGVzdDALggl4NTgzLnRlc3QwC4IJeDU4NC50ZXN0MAuCCXg1ODUudGVzdDALggl4 +NTg2LnRlc3QwC4IJeDU4Ny50ZXN0MAuCCXg1ODgudGVzdDALggl4NTg5LnRlc3Qw +C4IJeDU5MC50ZXN0MAuCCXg1OTEudGVzdDALggl4NTkyLnRlc3QwC4IJeDU5My50 +ZXN0MAuCCXg1OTQudGVzdDALggl4NTk1LnRlc3QwC4IJeDU5Ni50ZXN0MAuCCXg1 +OTcudGVzdDALggl4NTk4LnRlc3QwC4IJeDU5OS50ZXN0MAuCCXg2MDAudGVzdDAL +ggl4NjAxLnRlc3QwC4IJeDYwMi50ZXN0MAuCCXg2MDMudGVzdDALggl4NjA0LnRl +c3QwC4IJeDYwNS50ZXN0MAuCCXg2MDYudGVzdDALggl4NjA3LnRlc3QwC4IJeDYw +OC50ZXN0MAuCCXg2MDkudGVzdDALggl4NjEwLnRlc3QwC4IJeDYxMS50ZXN0MAuC +CXg2MTIudGVzdDALggl4NjEzLnRlc3QwC4IJeDYxNC50ZXN0MAuCCXg2MTUudGVz +dDALggl4NjE2LnRlc3QwC4IJeDYxNy50ZXN0MAuCCXg2MTgudGVzdDALggl4NjE5 +LnRlc3QwC4IJeDYyMC50ZXN0MAuCCXg2MjEudGVzdDALggl4NjIyLnRlc3QwC4IJ +eDYyMy50ZXN0MAuCCXg2MjQudGVzdDALggl4NjI1LnRlc3QwC4IJeDYyNi50ZXN0 +MAuCCXg2MjcudGVzdDALggl4NjI4LnRlc3QwC4IJeDYyOS50ZXN0MAuCCXg2MzAu +dGVzdDALggl4NjMxLnRlc3QwC4IJeDYzMi50ZXN0MAuCCXg2MzMudGVzdDALggl4 +NjM0LnRlc3QwC4IJeDYzNS50ZXN0MAuCCXg2MzYudGVzdDALggl4NjM3LnRlc3Qw +C4IJeDYzOC50ZXN0MAuCCXg2MzkudGVzdDALggl4NjQwLnRlc3QwC4IJeDY0MS50 +ZXN0MAuCCXg2NDIudGVzdDALggl4NjQzLnRlc3QwC4IJeDY0NC50ZXN0MAuCCXg2 +NDUudGVzdDALggl4NjQ2LnRlc3QwC4IJeDY0Ny50ZXN0MAuCCXg2NDgudGVzdDAL +ggl4NjQ5LnRlc3QwC4IJeDY1MC50ZXN0MAuCCXg2NTEudGVzdDALggl4NjUyLnRl +c3QwC4IJeDY1My50ZXN0MAuCCXg2NTQudGVzdDALggl4NjU1LnRlc3QwC4IJeDY1 +Ni50ZXN0MAuCCXg2NTcudGVzdDALggl4NjU4LnRlc3QwC4IJeDY1OS50ZXN0MAuC +CXg2NjAudGVzdDALggl4NjYxLnRlc3QwC4IJeDY2Mi50ZXN0MAuCCXg2NjMudGVz +dDALggl4NjY0LnRlc3QwC4IJeDY2NS50ZXN0MAuCCXg2NjYudGVzdDALggl4NjY3 +LnRlc3QwC4IJeDY2OC50ZXN0MAuCCXg2NjkudGVzdDALggl4NjcwLnRlc3QwC4IJ +eDY3MS50ZXN0MAuCCXg2NzIudGVzdDALggl4NjczLnRlc3QwC4IJeDY3NC50ZXN0 +MAuCCXg2NzUudGVzdDALggl4Njc2LnRlc3QwC4IJeDY3Ny50ZXN0MAuCCXg2Nzgu +dGVzdDALggl4Njc5LnRlc3QwC4IJeDY4MC50ZXN0MAuCCXg2ODEudGVzdDALggl4 +NjgyLnRlc3QwC4IJeDY4My50ZXN0MAuCCXg2ODQudGVzdDALggl4Njg1LnRlc3Qw +C4IJeDY4Ni50ZXN0MAuCCXg2ODcudGVzdDALggl4Njg4LnRlc3QwC4IJeDY4OS50 +ZXN0MAuCCXg2OTAudGVzdDALggl4NjkxLnRlc3QwC4IJeDY5Mi50ZXN0MAuCCXg2 +OTMudGVzdDALggl4Njk0LnRlc3QwC4IJeDY5NS50ZXN0MAuCCXg2OTYudGVzdDAL +ggl4Njk3LnRlc3QwC4IJeDY5OC50ZXN0MAuCCXg2OTkudGVzdDALggl4NzAwLnRl +c3QwC4IJeDcwMS50ZXN0MAuCCXg3MDIudGVzdDALggl4NzAzLnRlc3QwC4IJeDcw +NC50ZXN0MAuCCXg3MDUudGVzdDALggl4NzA2LnRlc3QwC4IJeDcwNy50ZXN0MAuC +CXg3MDgudGVzdDALggl4NzA5LnRlc3QwC4IJeDcxMC50ZXN0MAuCCXg3MTEudGVz +dDALggl4NzEyLnRlc3QwC4IJeDcxMy50ZXN0MAuCCXg3MTQudGVzdDALggl4NzE1 +LnRlc3QwC4IJeDcxNi50ZXN0MAuCCXg3MTcudGVzdDALggl4NzE4LnRlc3QwC4IJ +eDcxOS50ZXN0MAuCCXg3MjAudGVzdDALggl4NzIxLnRlc3QwC4IJeDcyMi50ZXN0 +MAuCCXg3MjMudGVzdDALggl4NzI0LnRlc3QwC4IJeDcyNS50ZXN0MAuCCXg3MjYu +dGVzdDALggl4NzI3LnRlc3QwC4IJeDcyOC50ZXN0MAuCCXg3MjkudGVzdDALggl4 +NzMwLnRlc3QwC4IJeDczMS50ZXN0MAuCCXg3MzIudGVzdDALggl4NzMzLnRlc3Qw +C4IJeDczNC50ZXN0MAuCCXg3MzUudGVzdDALggl4NzM2LnRlc3QwC4IJeDczNy50 +ZXN0MAuCCXg3MzgudGVzdDALggl4NzM5LnRlc3QwC4IJeDc0MC50ZXN0MAuCCXg3 +NDEudGVzdDALggl4NzQyLnRlc3QwC4IJeDc0My50ZXN0MAuCCXg3NDQudGVzdDAL +ggl4NzQ1LnRlc3QwC4IJeDc0Ni50ZXN0MAuCCXg3NDcudGVzdDALggl4NzQ4LnRl +c3QwC4IJeDc0OS50ZXN0MAuCCXg3NTAudGVzdDALggl4NzUxLnRlc3QwC4IJeDc1 +Mi50ZXN0MAuCCXg3NTMudGVzdDALggl4NzU0LnRlc3QwC4IJeDc1NS50ZXN0MAuC +CXg3NTYudGVzdDALggl4NzU3LnRlc3QwC4IJeDc1OC50ZXN0MAuCCXg3NTkudGVz +dDALggl4NzYwLnRlc3QwC4IJeDc2MS50ZXN0MAuCCXg3NjIudGVzdDALggl4NzYz +LnRlc3QwC4IJeDc2NC50ZXN0MAuCCXg3NjUudGVzdDALggl4NzY2LnRlc3QwC4IJ +eDc2Ny50ZXN0MAuCCXg3NjgudGVzdDALggl4NzY5LnRlc3QwC4IJeDc3MC50ZXN0 +MAuCCXg3NzEudGVzdDALggl4NzcyLnRlc3QwC4IJeDc3My50ZXN0MAuCCXg3NzQu +dGVzdDALggl4Nzc1LnRlc3QwC4IJeDc3Ni50ZXN0MAuCCXg3NzcudGVzdDALggl4 +Nzc4LnRlc3QwC4IJeDc3OS50ZXN0MAuCCXg3ODAudGVzdDALggl4NzgxLnRlc3Qw +C4IJeDc4Mi50ZXN0MAuCCXg3ODMudGVzdDALggl4Nzg0LnRlc3QwC4IJeDc4NS50 +ZXN0MAuCCXg3ODYudGVzdDALggl4Nzg3LnRlc3QwC4IJeDc4OC50ZXN0MAuCCXg3 +ODkudGVzdDALggl4NzkwLnRlc3QwC4IJeDc5MS50ZXN0MAuCCXg3OTIudGVzdDAL +ggl4NzkzLnRlc3QwC4IJeDc5NC50ZXN0MAuCCXg3OTUudGVzdDALggl4Nzk2LnRl +c3QwC4IJeDc5Ny50ZXN0MAuCCXg3OTgudGVzdDALggl4Nzk5LnRlc3QwC4IJeDgw +MC50ZXN0MAuCCXg4MDEudGVzdDALggl4ODAyLnRlc3QwC4IJeDgwMy50ZXN0MAuC +CXg4MDQudGVzdDALggl4ODA1LnRlc3QwC4IJeDgwNi50ZXN0MAuCCXg4MDcudGVz +dDALggl4ODA4LnRlc3QwC4IJeDgwOS50ZXN0MAuCCXg4MTAudGVzdDALggl4ODEx +LnRlc3QwC4IJeDgxMi50ZXN0MAuCCXg4MTMudGVzdDALggl4ODE0LnRlc3QwC4IJ +eDgxNS50ZXN0MAuCCXg4MTYudGVzdDALggl4ODE3LnRlc3QwC4IJeDgxOC50ZXN0 +MAuCCXg4MTkudGVzdDALggl4ODIwLnRlc3QwC4IJeDgyMS50ZXN0MAuCCXg4MjIu +dGVzdDALggl4ODIzLnRlc3QwC4IJeDgyNC50ZXN0MAuCCXg4MjUudGVzdDALggl4 +ODI2LnRlc3QwC4IJeDgyNy50ZXN0MAuCCXg4MjgudGVzdDALggl4ODI5LnRlc3Qw +C4IJeDgzMC50ZXN0MAuCCXg4MzEudGVzdDALggl4ODMyLnRlc3QwC4IJeDgzMy50 +ZXN0MAuCCXg4MzQudGVzdDALggl4ODM1LnRlc3QwC4IJeDgzNi50ZXN0MAuCCXg4 +MzcudGVzdDALggl4ODM4LnRlc3QwC4IJeDgzOS50ZXN0MAuCCXg4NDAudGVzdDAL +ggl4ODQxLnRlc3QwC4IJeDg0Mi50ZXN0MAuCCXg4NDMudGVzdDALggl4ODQ0LnRl +c3QwC4IJeDg0NS50ZXN0MAuCCXg4NDYudGVzdDALggl4ODQ3LnRlc3QwC4IJeDg0 +OC50ZXN0MAuCCXg4NDkudGVzdDALggl4ODUwLnRlc3QwC4IJeDg1MS50ZXN0MAuC +CXg4NTIudGVzdDALggl4ODUzLnRlc3QwC4IJeDg1NC50ZXN0MAuCCXg4NTUudGVz +dDALggl4ODU2LnRlc3QwC4IJeDg1Ny50ZXN0MAuCCXg4NTgudGVzdDALggl4ODU5 +LnRlc3QwC4IJeDg2MC50ZXN0MAuCCXg4NjEudGVzdDALggl4ODYyLnRlc3QwC4IJ +eDg2My50ZXN0MAuCCXg4NjQudGVzdDALggl4ODY1LnRlc3QwC4IJeDg2Ni50ZXN0 +MAuCCXg4NjcudGVzdDALggl4ODY4LnRlc3QwC4IJeDg2OS50ZXN0MAuCCXg4NzAu +dGVzdDALggl4ODcxLnRlc3QwC4IJeDg3Mi50ZXN0MAuCCXg4NzMudGVzdDALggl4 +ODc0LnRlc3QwC4IJeDg3NS50ZXN0MAuCCXg4NzYudGVzdDALggl4ODc3LnRlc3Qw +C4IJeDg3OC50ZXN0MAuCCXg4NzkudGVzdDALggl4ODgwLnRlc3QwC4IJeDg4MS50 +ZXN0MAuCCXg4ODIudGVzdDALggl4ODgzLnRlc3QwC4IJeDg4NC50ZXN0MAuCCXg4 +ODUudGVzdDALggl4ODg2LnRlc3QwC4IJeDg4Ny50ZXN0MAuCCXg4ODgudGVzdDAL +ggl4ODg5LnRlc3QwC4IJeDg5MC50ZXN0MAuCCXg4OTEudGVzdDALggl4ODkyLnRl +c3QwC4IJeDg5My50ZXN0MAuCCXg4OTQudGVzdDALggl4ODk1LnRlc3QwC4IJeDg5 +Ni50ZXN0MAuCCXg4OTcudGVzdDALggl4ODk4LnRlc3QwC4IJeDg5OS50ZXN0MAuC +CXg5MDAudGVzdDALggl4OTAxLnRlc3QwC4IJeDkwMi50ZXN0MAuCCXg5MDMudGVz +dDALggl4OTA0LnRlc3QwC4IJeDkwNS50ZXN0MAuCCXg5MDYudGVzdDALggl4OTA3 +LnRlc3QwC4IJeDkwOC50ZXN0MAuCCXg5MDkudGVzdDALggl4OTEwLnRlc3QwC4IJ +eDkxMS50ZXN0MAuCCXg5MTIudGVzdDALggl4OTEzLnRlc3QwC4IJeDkxNC50ZXN0 +MAuCCXg5MTUudGVzdDALggl4OTE2LnRlc3QwC4IJeDkxNy50ZXN0MAuCCXg5MTgu +dGVzdDALggl4OTE5LnRlc3QwC4IJeDkyMC50ZXN0MAuCCXg5MjEudGVzdDALggl4 +OTIyLnRlc3QwC4IJeDkyMy50ZXN0MAuCCXg5MjQudGVzdDALggl4OTI1LnRlc3Qw +C4IJeDkyNi50ZXN0MAuCCXg5MjcudGVzdDALggl4OTI4LnRlc3QwC4IJeDkyOS50 +ZXN0MAuCCXg5MzAudGVzdDALggl4OTMxLnRlc3QwC4IJeDkzMi50ZXN0MAuCCXg5 +MzMudGVzdDALggl4OTM0LnRlc3QwC4IJeDkzNS50ZXN0MAuCCXg5MzYudGVzdDAL +ggl4OTM3LnRlc3QwC4IJeDkzOC50ZXN0MAuCCXg5MzkudGVzdDALggl4OTQwLnRl +c3QwC4IJeDk0MS50ZXN0MAuCCXg5NDIudGVzdDALggl4OTQzLnRlc3QwC4IJeDk0 +NC50ZXN0MAuCCXg5NDUudGVzdDALggl4OTQ2LnRlc3QwC4IJeDk0Ny50ZXN0MAuC +CXg5NDgudGVzdDALggl4OTQ5LnRlc3QwC4IJeDk1MC50ZXN0MAuCCXg5NTEudGVz +dDALggl4OTUyLnRlc3QwC4IJeDk1My50ZXN0MAuCCXg5NTQudGVzdDALggl4OTU1 +LnRlc3QwC4IJeDk1Ni50ZXN0MAuCCXg5NTcudGVzdDALggl4OTU4LnRlc3QwC4IJ +eDk1OS50ZXN0MAuCCXg5NjAudGVzdDALggl4OTYxLnRlc3QwC4IJeDk2Mi50ZXN0 +MAuCCXg5NjMudGVzdDALggl4OTY0LnRlc3QwC4IJeDk2NS50ZXN0MAuCCXg5NjYu +dGVzdDALggl4OTY3LnRlc3QwC4IJeDk2OC50ZXN0MAuCCXg5NjkudGVzdDALggl4 +OTcwLnRlc3QwC4IJeDk3MS50ZXN0MAuCCXg5NzIudGVzdDALggl4OTczLnRlc3Qw +C4IJeDk3NC50ZXN0MAuCCXg5NzUudGVzdDALggl4OTc2LnRlc3QwC4IJeDk3Ny50 +ZXN0MAuCCXg5NzgudGVzdDALggl4OTc5LnRlc3QwC4IJeDk4MC50ZXN0MAuCCXg5 +ODEudGVzdDALggl4OTgyLnRlc3QwC4IJeDk4My50ZXN0MAuCCXg5ODQudGVzdDAL +ggl4OTg1LnRlc3QwC4IJeDk4Ni50ZXN0MAuCCXg5ODcudGVzdDALggl4OTg4LnRl +c3QwC4IJeDk4OS50ZXN0MAuCCXg5OTAudGVzdDALggl4OTkxLnRlc3QwC4IJeDk5 +Mi50ZXN0MAuCCXg5OTMudGVzdDALggl4OTk0LnRlc3QwC4IJeDk5NS50ZXN0MAuC +CXg5OTYudGVzdDALggl4OTk3LnRlc3QwC4IJeDk5OC50ZXN0MAuCCXg5OTkudGVz +dDAMggp4MTAwMC50ZXN0MAyCCngxMDAxLnRlc3QwDIIKeDEwMDIudGVzdDAMggp4 +MTAwMy50ZXN0MAyCCngxMDA0LnRlc3QwDIIKeDEwMDUudGVzdDAMggp4MTAwNi50 +ZXN0MAyCCngxMDA3LnRlc3QwDIIKeDEwMDgudGVzdDAMggp4MTAwOS50ZXN0MAyC +CngxMDEwLnRlc3QwDIIKeDEwMTEudGVzdDAMggp4MTAxMi50ZXN0MAyCCngxMDEz +LnRlc3QwDIIKeDEwMTQudGVzdDAMggp4MTAxNS50ZXN0MAyCCngxMDE2LnRlc3Qw +DIIKeDEwMTcudGVzdDAMggp4MTAxOC50ZXN0MAyCCngxMDE5LnRlc3QwDIIKeDEw +MjAudGVzdDAMggp4MTAyMS50ZXN0MAyCCngxMDIyLnRlc3QwDIIKeDEwMjMudGVz +dDAMggp4MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQCjYeC9VRtVNgVLIgp8 +k2K6CM5otYpi91cnbA/QA/RX8aDlNWmR/mavJ65Ukmc7p86Gft1m6aTcaUltw5ba +/T1KJ2DxJPjxvjT2tkNTAooPh0IHXZHTnZY5k5y28jj9Ny999AJnP3O7ln5VGzjy +bsg1kCgd2cJF5xcDM5b5WesPvCxSV2r8Lz3w81wd1xqN4gKolhXgYZXWCbq5e8A2 +zM6We3/vNffzCCi2rCpBpiJDbHbFNB3oR7/dVnoPfb0uqWvtkjmlNjUJUmv6A7Bt +aOKDLo9+h3H8Qi3yBxZTjRoCwANV078dwQf1Y+w/byZM50fQneYEAK22h94DWbCA +EHg+ +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.cnf new file mode 100644 index 0000000000..3b9cb5b810 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.cnf @@ -0,0 +1,1092 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_3.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +excluded;IP.1 = 11.0.0.0/255.255.255.255 +excluded;IP.2 = 11.0.0.1/255.255.255.255 +excluded;IP.3 = 11.0.0.2/255.255.255.255 +excluded;IP.4 = 11.0.0.3/255.255.255.255 +excluded;IP.5 = 11.0.0.4/255.255.255.255 +excluded;IP.6 = 11.0.0.5/255.255.255.255 +excluded;IP.7 = 11.0.0.6/255.255.255.255 +excluded;IP.8 = 11.0.0.7/255.255.255.255 +excluded;IP.9 = 11.0.0.8/255.255.255.255 +excluded;IP.10 = 11.0.0.9/255.255.255.255 +excluded;IP.11 = 11.0.0.10/255.255.255.255 +excluded;IP.12 = 11.0.0.11/255.255.255.255 +excluded;IP.13 = 11.0.0.12/255.255.255.255 +excluded;IP.14 = 11.0.0.13/255.255.255.255 +excluded;IP.15 = 11.0.0.14/255.255.255.255 +excluded;IP.16 = 11.0.0.15/255.255.255.255 +excluded;IP.17 = 11.0.0.16/255.255.255.255 +excluded;IP.18 = 11.0.0.17/255.255.255.255 +excluded;IP.19 = 11.0.0.18/255.255.255.255 +excluded;IP.20 = 11.0.0.19/255.255.255.255 +excluded;IP.21 = 11.0.0.20/255.255.255.255 +excluded;IP.22 = 11.0.0.21/255.255.255.255 +excluded;IP.23 = 11.0.0.22/255.255.255.255 +excluded;IP.24 = 11.0.0.23/255.255.255.255 +excluded;IP.25 = 11.0.0.24/255.255.255.255 +excluded;IP.26 = 11.0.0.25/255.255.255.255 +excluded;IP.27 = 11.0.0.26/255.255.255.255 +excluded;IP.28 = 11.0.0.27/255.255.255.255 +excluded;IP.29 = 11.0.0.28/255.255.255.255 +excluded;IP.30 = 11.0.0.29/255.255.255.255 +excluded;IP.31 = 11.0.0.30/255.255.255.255 +excluded;IP.32 = 11.0.0.31/255.255.255.255 +excluded;IP.33 = 11.0.0.32/255.255.255.255 +excluded;IP.34 = 11.0.0.33/255.255.255.255 +excluded;IP.35 = 11.0.0.34/255.255.255.255 +excluded;IP.36 = 11.0.0.35/255.255.255.255 +excluded;IP.37 = 11.0.0.36/255.255.255.255 +excluded;IP.38 = 11.0.0.37/255.255.255.255 +excluded;IP.39 = 11.0.0.38/255.255.255.255 +excluded;IP.40 = 11.0.0.39/255.255.255.255 +excluded;IP.41 = 11.0.0.40/255.255.255.255 +excluded;IP.42 = 11.0.0.41/255.255.255.255 +excluded;IP.43 = 11.0.0.42/255.255.255.255 +excluded;IP.44 = 11.0.0.43/255.255.255.255 +excluded;IP.45 = 11.0.0.44/255.255.255.255 +excluded;IP.46 = 11.0.0.45/255.255.255.255 +excluded;IP.47 = 11.0.0.46/255.255.255.255 +excluded;IP.48 = 11.0.0.47/255.255.255.255 +excluded;IP.49 = 11.0.0.48/255.255.255.255 +excluded;IP.50 = 11.0.0.49/255.255.255.255 +excluded;IP.51 = 11.0.0.50/255.255.255.255 +excluded;IP.52 = 11.0.0.51/255.255.255.255 +excluded;IP.53 = 11.0.0.52/255.255.255.255 +excluded;IP.54 = 11.0.0.53/255.255.255.255 +excluded;IP.55 = 11.0.0.54/255.255.255.255 +excluded;IP.56 = 11.0.0.55/255.255.255.255 +excluded;IP.57 = 11.0.0.56/255.255.255.255 +excluded;IP.58 = 11.0.0.57/255.255.255.255 +excluded;IP.59 = 11.0.0.58/255.255.255.255 +excluded;IP.60 = 11.0.0.59/255.255.255.255 +excluded;IP.61 = 11.0.0.60/255.255.255.255 +excluded;IP.62 = 11.0.0.61/255.255.255.255 +excluded;IP.63 = 11.0.0.62/255.255.255.255 +excluded;IP.64 = 11.0.0.63/255.255.255.255 +excluded;IP.65 = 11.0.0.64/255.255.255.255 +excluded;IP.66 = 11.0.0.65/255.255.255.255 +excluded;IP.67 = 11.0.0.66/255.255.255.255 +excluded;IP.68 = 11.0.0.67/255.255.255.255 +excluded;IP.69 = 11.0.0.68/255.255.255.255 +excluded;IP.70 = 11.0.0.69/255.255.255.255 +excluded;IP.71 = 11.0.0.70/255.255.255.255 +excluded;IP.72 = 11.0.0.71/255.255.255.255 +excluded;IP.73 = 11.0.0.72/255.255.255.255 +excluded;IP.74 = 11.0.0.73/255.255.255.255 +excluded;IP.75 = 11.0.0.74/255.255.255.255 +excluded;IP.76 = 11.0.0.75/255.255.255.255 +excluded;IP.77 = 11.0.0.76/255.255.255.255 +excluded;IP.78 = 11.0.0.77/255.255.255.255 +excluded;IP.79 = 11.0.0.78/255.255.255.255 +excluded;IP.80 = 11.0.0.79/255.255.255.255 +excluded;IP.81 = 11.0.0.80/255.255.255.255 +excluded;IP.82 = 11.0.0.81/255.255.255.255 +excluded;IP.83 = 11.0.0.82/255.255.255.255 +excluded;IP.84 = 11.0.0.83/255.255.255.255 +excluded;IP.85 = 11.0.0.84/255.255.255.255 +excluded;IP.86 = 11.0.0.85/255.255.255.255 +excluded;IP.87 = 11.0.0.86/255.255.255.255 +excluded;IP.88 = 11.0.0.87/255.255.255.255 +excluded;IP.89 = 11.0.0.88/255.255.255.255 +excluded;IP.90 = 11.0.0.89/255.255.255.255 +excluded;IP.91 = 11.0.0.90/255.255.255.255 +excluded;IP.92 = 11.0.0.91/255.255.255.255 +excluded;IP.93 = 11.0.0.92/255.255.255.255 +excluded;IP.94 = 11.0.0.93/255.255.255.255 +excluded;IP.95 = 11.0.0.94/255.255.255.255 +excluded;IP.96 = 11.0.0.95/255.255.255.255 +excluded;IP.97 = 11.0.0.96/255.255.255.255 +excluded;IP.98 = 11.0.0.97/255.255.255.255 +excluded;IP.99 = 11.0.0.98/255.255.255.255 +excluded;IP.100 = 11.0.0.99/255.255.255.255 +excluded;IP.101 = 11.0.0.100/255.255.255.255 +excluded;IP.102 = 11.0.0.101/255.255.255.255 +excluded;IP.103 = 11.0.0.102/255.255.255.255 +excluded;IP.104 = 11.0.0.103/255.255.255.255 +excluded;IP.105 = 11.0.0.104/255.255.255.255 +excluded;IP.106 = 11.0.0.105/255.255.255.255 +excluded;IP.107 = 11.0.0.106/255.255.255.255 +excluded;IP.108 = 11.0.0.107/255.255.255.255 +excluded;IP.109 = 11.0.0.108/255.255.255.255 +excluded;IP.110 = 11.0.0.109/255.255.255.255 +excluded;IP.111 = 11.0.0.110/255.255.255.255 +excluded;IP.112 = 11.0.0.111/255.255.255.255 +excluded;IP.113 = 11.0.0.112/255.255.255.255 +excluded;IP.114 = 11.0.0.113/255.255.255.255 +excluded;IP.115 = 11.0.0.114/255.255.255.255 +excluded;IP.116 = 11.0.0.115/255.255.255.255 +excluded;IP.117 = 11.0.0.116/255.255.255.255 +excluded;IP.118 = 11.0.0.117/255.255.255.255 +excluded;IP.119 = 11.0.0.118/255.255.255.255 +excluded;IP.120 = 11.0.0.119/255.255.255.255 +excluded;IP.121 = 11.0.0.120/255.255.255.255 +excluded;IP.122 = 11.0.0.121/255.255.255.255 +excluded;IP.123 = 11.0.0.122/255.255.255.255 +excluded;IP.124 = 11.0.0.123/255.255.255.255 +excluded;IP.125 = 11.0.0.124/255.255.255.255 +excluded;IP.126 = 11.0.0.125/255.255.255.255 +excluded;IP.127 = 11.0.0.126/255.255.255.255 +excluded;IP.128 = 11.0.0.127/255.255.255.255 +excluded;IP.129 = 11.0.0.128/255.255.255.255 +excluded;IP.130 = 11.0.0.129/255.255.255.255 +excluded;IP.131 = 11.0.0.130/255.255.255.255 +excluded;IP.132 = 11.0.0.131/255.255.255.255 +excluded;IP.133 = 11.0.0.132/255.255.255.255 +excluded;IP.134 = 11.0.0.133/255.255.255.255 +excluded;IP.135 = 11.0.0.134/255.255.255.255 +excluded;IP.136 = 11.0.0.135/255.255.255.255 +excluded;IP.137 = 11.0.0.136/255.255.255.255 +excluded;IP.138 = 11.0.0.137/255.255.255.255 +excluded;IP.139 = 11.0.0.138/255.255.255.255 +excluded;IP.140 = 11.0.0.139/255.255.255.255 +excluded;IP.141 = 11.0.0.140/255.255.255.255 +excluded;IP.142 = 11.0.0.141/255.255.255.255 +excluded;IP.143 = 11.0.0.142/255.255.255.255 +excluded;IP.144 = 11.0.0.143/255.255.255.255 +excluded;IP.145 = 11.0.0.144/255.255.255.255 +excluded;IP.146 = 11.0.0.145/255.255.255.255 +excluded;IP.147 = 11.0.0.146/255.255.255.255 +excluded;IP.148 = 11.0.0.147/255.255.255.255 +excluded;IP.149 = 11.0.0.148/255.255.255.255 +excluded;IP.150 = 11.0.0.149/255.255.255.255 +excluded;IP.151 = 11.0.0.150/255.255.255.255 +excluded;IP.152 = 11.0.0.151/255.255.255.255 +excluded;IP.153 = 11.0.0.152/255.255.255.255 +excluded;IP.154 = 11.0.0.153/255.255.255.255 +excluded;IP.155 = 11.0.0.154/255.255.255.255 +excluded;IP.156 = 11.0.0.155/255.255.255.255 +excluded;IP.157 = 11.0.0.156/255.255.255.255 +excluded;IP.158 = 11.0.0.157/255.255.255.255 +excluded;IP.159 = 11.0.0.158/255.255.255.255 +excluded;IP.160 = 11.0.0.159/255.255.255.255 +excluded;IP.161 = 11.0.0.160/255.255.255.255 +excluded;IP.162 = 11.0.0.161/255.255.255.255 +excluded;IP.163 = 11.0.0.162/255.255.255.255 +excluded;IP.164 = 11.0.0.163/255.255.255.255 +excluded;IP.165 = 11.0.0.164/255.255.255.255 +excluded;IP.166 = 11.0.0.165/255.255.255.255 +excluded;IP.167 = 11.0.0.166/255.255.255.255 +excluded;IP.168 = 11.0.0.167/255.255.255.255 +excluded;IP.169 = 11.0.0.168/255.255.255.255 +excluded;IP.170 = 11.0.0.169/255.255.255.255 +excluded;IP.171 = 11.0.0.170/255.255.255.255 +excluded;IP.172 = 11.0.0.171/255.255.255.255 +excluded;IP.173 = 11.0.0.172/255.255.255.255 +excluded;IP.174 = 11.0.0.173/255.255.255.255 +excluded;IP.175 = 11.0.0.174/255.255.255.255 +excluded;IP.176 = 11.0.0.175/255.255.255.255 +excluded;IP.177 = 11.0.0.176/255.255.255.255 +excluded;IP.178 = 11.0.0.177/255.255.255.255 +excluded;IP.179 = 11.0.0.178/255.255.255.255 +excluded;IP.180 = 11.0.0.179/255.255.255.255 +excluded;IP.181 = 11.0.0.180/255.255.255.255 +excluded;IP.182 = 11.0.0.181/255.255.255.255 +excluded;IP.183 = 11.0.0.182/255.255.255.255 +excluded;IP.184 = 11.0.0.183/255.255.255.255 +excluded;IP.185 = 11.0.0.184/255.255.255.255 +excluded;IP.186 = 11.0.0.185/255.255.255.255 +excluded;IP.187 = 11.0.0.186/255.255.255.255 +excluded;IP.188 = 11.0.0.187/255.255.255.255 +excluded;IP.189 = 11.0.0.188/255.255.255.255 +excluded;IP.190 = 11.0.0.189/255.255.255.255 +excluded;IP.191 = 11.0.0.190/255.255.255.255 +excluded;IP.192 = 11.0.0.191/255.255.255.255 +excluded;IP.193 = 11.0.0.192/255.255.255.255 +excluded;IP.194 = 11.0.0.193/255.255.255.255 +excluded;IP.195 = 11.0.0.194/255.255.255.255 +excluded;IP.196 = 11.0.0.195/255.255.255.255 +excluded;IP.197 = 11.0.0.196/255.255.255.255 +excluded;IP.198 = 11.0.0.197/255.255.255.255 +excluded;IP.199 = 11.0.0.198/255.255.255.255 +excluded;IP.200 = 11.0.0.199/255.255.255.255 +excluded;IP.201 = 11.0.0.200/255.255.255.255 +excluded;IP.202 = 11.0.0.201/255.255.255.255 +excluded;IP.203 = 11.0.0.202/255.255.255.255 +excluded;IP.204 = 11.0.0.203/255.255.255.255 +excluded;IP.205 = 11.0.0.204/255.255.255.255 +excluded;IP.206 = 11.0.0.205/255.255.255.255 +excluded;IP.207 = 11.0.0.206/255.255.255.255 +excluded;IP.208 = 11.0.0.207/255.255.255.255 +excluded;IP.209 = 11.0.0.208/255.255.255.255 +excluded;IP.210 = 11.0.0.209/255.255.255.255 +excluded;IP.211 = 11.0.0.210/255.255.255.255 +excluded;IP.212 = 11.0.0.211/255.255.255.255 +excluded;IP.213 = 11.0.0.212/255.255.255.255 +excluded;IP.214 = 11.0.0.213/255.255.255.255 +excluded;IP.215 = 11.0.0.214/255.255.255.255 +excluded;IP.216 = 11.0.0.215/255.255.255.255 +excluded;IP.217 = 11.0.0.216/255.255.255.255 +excluded;IP.218 = 11.0.0.217/255.255.255.255 +excluded;IP.219 = 11.0.0.218/255.255.255.255 +excluded;IP.220 = 11.0.0.219/255.255.255.255 +excluded;IP.221 = 11.0.0.220/255.255.255.255 +excluded;IP.222 = 11.0.0.221/255.255.255.255 +excluded;IP.223 = 11.0.0.222/255.255.255.255 +excluded;IP.224 = 11.0.0.223/255.255.255.255 +excluded;IP.225 = 11.0.0.224/255.255.255.255 +excluded;IP.226 = 11.0.0.225/255.255.255.255 +excluded;IP.227 = 11.0.0.226/255.255.255.255 +excluded;IP.228 = 11.0.0.227/255.255.255.255 +excluded;IP.229 = 11.0.0.228/255.255.255.255 +excluded;IP.230 = 11.0.0.229/255.255.255.255 +excluded;IP.231 = 11.0.0.230/255.255.255.255 +excluded;IP.232 = 11.0.0.231/255.255.255.255 +excluded;IP.233 = 11.0.0.232/255.255.255.255 +excluded;IP.234 = 11.0.0.233/255.255.255.255 +excluded;IP.235 = 11.0.0.234/255.255.255.255 +excluded;IP.236 = 11.0.0.235/255.255.255.255 +excluded;IP.237 = 11.0.0.236/255.255.255.255 +excluded;IP.238 = 11.0.0.237/255.255.255.255 +excluded;IP.239 = 11.0.0.238/255.255.255.255 +excluded;IP.240 = 11.0.0.239/255.255.255.255 +excluded;IP.241 = 11.0.0.240/255.255.255.255 +excluded;IP.242 = 11.0.0.241/255.255.255.255 +excluded;IP.243 = 11.0.0.242/255.255.255.255 +excluded;IP.244 = 11.0.0.243/255.255.255.255 +excluded;IP.245 = 11.0.0.244/255.255.255.255 +excluded;IP.246 = 11.0.0.245/255.255.255.255 +excluded;IP.247 = 11.0.0.246/255.255.255.255 +excluded;IP.248 = 11.0.0.247/255.255.255.255 +excluded;IP.249 = 11.0.0.248/255.255.255.255 +excluded;IP.250 = 11.0.0.249/255.255.255.255 +excluded;IP.251 = 11.0.0.250/255.255.255.255 +excluded;IP.252 = 11.0.0.251/255.255.255.255 +excluded;IP.253 = 11.0.0.252/255.255.255.255 +excluded;IP.254 = 11.0.0.253/255.255.255.255 +excluded;IP.255 = 11.0.0.254/255.255.255.255 +excluded;IP.256 = 11.0.0.255/255.255.255.255 +excluded;IP.257 = 11.0.1.0/255.255.255.255 +excluded;IP.258 = 11.0.1.1/255.255.255.255 +excluded;IP.259 = 11.0.1.2/255.255.255.255 +excluded;IP.260 = 11.0.1.3/255.255.255.255 +excluded;IP.261 = 11.0.1.4/255.255.255.255 +excluded;IP.262 = 11.0.1.5/255.255.255.255 +excluded;IP.263 = 11.0.1.6/255.255.255.255 +excluded;IP.264 = 11.0.1.7/255.255.255.255 +excluded;IP.265 = 11.0.1.8/255.255.255.255 +excluded;IP.266 = 11.0.1.9/255.255.255.255 +excluded;IP.267 = 11.0.1.10/255.255.255.255 +excluded;IP.268 = 11.0.1.11/255.255.255.255 +excluded;IP.269 = 11.0.1.12/255.255.255.255 +excluded;IP.270 = 11.0.1.13/255.255.255.255 +excluded;IP.271 = 11.0.1.14/255.255.255.255 +excluded;IP.272 = 11.0.1.15/255.255.255.255 +excluded;IP.273 = 11.0.1.16/255.255.255.255 +excluded;IP.274 = 11.0.1.17/255.255.255.255 +excluded;IP.275 = 11.0.1.18/255.255.255.255 +excluded;IP.276 = 11.0.1.19/255.255.255.255 +excluded;IP.277 = 11.0.1.20/255.255.255.255 +excluded;IP.278 = 11.0.1.21/255.255.255.255 +excluded;IP.279 = 11.0.1.22/255.255.255.255 +excluded;IP.280 = 11.0.1.23/255.255.255.255 +excluded;IP.281 = 11.0.1.24/255.255.255.255 +excluded;IP.282 = 11.0.1.25/255.255.255.255 +excluded;IP.283 = 11.0.1.26/255.255.255.255 +excluded;IP.284 = 11.0.1.27/255.255.255.255 +excluded;IP.285 = 11.0.1.28/255.255.255.255 +excluded;IP.286 = 11.0.1.29/255.255.255.255 +excluded;IP.287 = 11.0.1.30/255.255.255.255 +excluded;IP.288 = 11.0.1.31/255.255.255.255 +excluded;IP.289 = 11.0.1.32/255.255.255.255 +excluded;IP.290 = 11.0.1.33/255.255.255.255 +excluded;IP.291 = 11.0.1.34/255.255.255.255 +excluded;IP.292 = 11.0.1.35/255.255.255.255 +excluded;IP.293 = 11.0.1.36/255.255.255.255 +excluded;IP.294 = 11.0.1.37/255.255.255.255 +excluded;IP.295 = 11.0.1.38/255.255.255.255 +excluded;IP.296 = 11.0.1.39/255.255.255.255 +excluded;IP.297 = 11.0.1.40/255.255.255.255 +excluded;IP.298 = 11.0.1.41/255.255.255.255 +excluded;IP.299 = 11.0.1.42/255.255.255.255 +excluded;IP.300 = 11.0.1.43/255.255.255.255 +excluded;IP.301 = 11.0.1.44/255.255.255.255 +excluded;IP.302 = 11.0.1.45/255.255.255.255 +excluded;IP.303 = 11.0.1.46/255.255.255.255 +excluded;IP.304 = 11.0.1.47/255.255.255.255 +excluded;IP.305 = 11.0.1.48/255.255.255.255 +excluded;IP.306 = 11.0.1.49/255.255.255.255 +excluded;IP.307 = 11.0.1.50/255.255.255.255 +excluded;IP.308 = 11.0.1.51/255.255.255.255 +excluded;IP.309 = 11.0.1.52/255.255.255.255 +excluded;IP.310 = 11.0.1.53/255.255.255.255 +excluded;IP.311 = 11.0.1.54/255.255.255.255 +excluded;IP.312 = 11.0.1.55/255.255.255.255 +excluded;IP.313 = 11.0.1.56/255.255.255.255 +excluded;IP.314 = 11.0.1.57/255.255.255.255 +excluded;IP.315 = 11.0.1.58/255.255.255.255 +excluded;IP.316 = 11.0.1.59/255.255.255.255 +excluded;IP.317 = 11.0.1.60/255.255.255.255 +excluded;IP.318 = 11.0.1.61/255.255.255.255 +excluded;IP.319 = 11.0.1.62/255.255.255.255 +excluded;IP.320 = 11.0.1.63/255.255.255.255 +excluded;IP.321 = 11.0.1.64/255.255.255.255 +excluded;IP.322 = 11.0.1.65/255.255.255.255 +excluded;IP.323 = 11.0.1.66/255.255.255.255 +excluded;IP.324 = 11.0.1.67/255.255.255.255 +excluded;IP.325 = 11.0.1.68/255.255.255.255 +excluded;IP.326 = 11.0.1.69/255.255.255.255 +excluded;IP.327 = 11.0.1.70/255.255.255.255 +excluded;IP.328 = 11.0.1.71/255.255.255.255 +excluded;IP.329 = 11.0.1.72/255.255.255.255 +excluded;IP.330 = 11.0.1.73/255.255.255.255 +excluded;IP.331 = 11.0.1.74/255.255.255.255 +excluded;IP.332 = 11.0.1.75/255.255.255.255 +excluded;IP.333 = 11.0.1.76/255.255.255.255 +excluded;IP.334 = 11.0.1.77/255.255.255.255 +excluded;IP.335 = 11.0.1.78/255.255.255.255 +excluded;IP.336 = 11.0.1.79/255.255.255.255 +excluded;IP.337 = 11.0.1.80/255.255.255.255 +excluded;IP.338 = 11.0.1.81/255.255.255.255 +excluded;IP.339 = 11.0.1.82/255.255.255.255 +excluded;IP.340 = 11.0.1.83/255.255.255.255 +excluded;IP.341 = 11.0.1.84/255.255.255.255 +excluded;IP.342 = 11.0.1.85/255.255.255.255 +excluded;IP.343 = 11.0.1.86/255.255.255.255 +excluded;IP.344 = 11.0.1.87/255.255.255.255 +excluded;IP.345 = 11.0.1.88/255.255.255.255 +excluded;IP.346 = 11.0.1.89/255.255.255.255 +excluded;IP.347 = 11.0.1.90/255.255.255.255 +excluded;IP.348 = 11.0.1.91/255.255.255.255 +excluded;IP.349 = 11.0.1.92/255.255.255.255 +excluded;IP.350 = 11.0.1.93/255.255.255.255 +excluded;IP.351 = 11.0.1.94/255.255.255.255 +excluded;IP.352 = 11.0.1.95/255.255.255.255 +excluded;IP.353 = 11.0.1.96/255.255.255.255 +excluded;IP.354 = 11.0.1.97/255.255.255.255 +excluded;IP.355 = 11.0.1.98/255.255.255.255 +excluded;IP.356 = 11.0.1.99/255.255.255.255 +excluded;IP.357 = 11.0.1.100/255.255.255.255 +excluded;IP.358 = 11.0.1.101/255.255.255.255 +excluded;IP.359 = 11.0.1.102/255.255.255.255 +excluded;IP.360 = 11.0.1.103/255.255.255.255 +excluded;IP.361 = 11.0.1.104/255.255.255.255 +excluded;IP.362 = 11.0.1.105/255.255.255.255 +excluded;IP.363 = 11.0.1.106/255.255.255.255 +excluded;IP.364 = 11.0.1.107/255.255.255.255 +excluded;IP.365 = 11.0.1.108/255.255.255.255 +excluded;IP.366 = 11.0.1.109/255.255.255.255 +excluded;IP.367 = 11.0.1.110/255.255.255.255 +excluded;IP.368 = 11.0.1.111/255.255.255.255 +excluded;IP.369 = 11.0.1.112/255.255.255.255 +excluded;IP.370 = 11.0.1.113/255.255.255.255 +excluded;IP.371 = 11.0.1.114/255.255.255.255 +excluded;IP.372 = 11.0.1.115/255.255.255.255 +excluded;IP.373 = 11.0.1.116/255.255.255.255 +excluded;IP.374 = 11.0.1.117/255.255.255.255 +excluded;IP.375 = 11.0.1.118/255.255.255.255 +excluded;IP.376 = 11.0.1.119/255.255.255.255 +excluded;IP.377 = 11.0.1.120/255.255.255.255 +excluded;IP.378 = 11.0.1.121/255.255.255.255 +excluded;IP.379 = 11.0.1.122/255.255.255.255 +excluded;IP.380 = 11.0.1.123/255.255.255.255 +excluded;IP.381 = 11.0.1.124/255.255.255.255 +excluded;IP.382 = 11.0.1.125/255.255.255.255 +excluded;IP.383 = 11.0.1.126/255.255.255.255 +excluded;IP.384 = 11.0.1.127/255.255.255.255 +excluded;IP.385 = 11.0.1.128/255.255.255.255 +excluded;IP.386 = 11.0.1.129/255.255.255.255 +excluded;IP.387 = 11.0.1.130/255.255.255.255 +excluded;IP.388 = 11.0.1.131/255.255.255.255 +excluded;IP.389 = 11.0.1.132/255.255.255.255 +excluded;IP.390 = 11.0.1.133/255.255.255.255 +excluded;IP.391 = 11.0.1.134/255.255.255.255 +excluded;IP.392 = 11.0.1.135/255.255.255.255 +excluded;IP.393 = 11.0.1.136/255.255.255.255 +excluded;IP.394 = 11.0.1.137/255.255.255.255 +excluded;IP.395 = 11.0.1.138/255.255.255.255 +excluded;IP.396 = 11.0.1.139/255.255.255.255 +excluded;IP.397 = 11.0.1.140/255.255.255.255 +excluded;IP.398 = 11.0.1.141/255.255.255.255 +excluded;IP.399 = 11.0.1.142/255.255.255.255 +excluded;IP.400 = 11.0.1.143/255.255.255.255 +excluded;IP.401 = 11.0.1.144/255.255.255.255 +excluded;IP.402 = 11.0.1.145/255.255.255.255 +excluded;IP.403 = 11.0.1.146/255.255.255.255 +excluded;IP.404 = 11.0.1.147/255.255.255.255 +excluded;IP.405 = 11.0.1.148/255.255.255.255 +excluded;IP.406 = 11.0.1.149/255.255.255.255 +excluded;IP.407 = 11.0.1.150/255.255.255.255 +excluded;IP.408 = 11.0.1.151/255.255.255.255 +excluded;IP.409 = 11.0.1.152/255.255.255.255 +excluded;IP.410 = 11.0.1.153/255.255.255.255 +excluded;IP.411 = 11.0.1.154/255.255.255.255 +excluded;IP.412 = 11.0.1.155/255.255.255.255 +excluded;IP.413 = 11.0.1.156/255.255.255.255 +excluded;IP.414 = 11.0.1.157/255.255.255.255 +excluded;IP.415 = 11.0.1.158/255.255.255.255 +excluded;IP.416 = 11.0.1.159/255.255.255.255 +excluded;IP.417 = 11.0.1.160/255.255.255.255 +excluded;IP.418 = 11.0.1.161/255.255.255.255 +excluded;IP.419 = 11.0.1.162/255.255.255.255 +excluded;IP.420 = 11.0.1.163/255.255.255.255 +excluded;IP.421 = 11.0.1.164/255.255.255.255 +excluded;IP.422 = 11.0.1.165/255.255.255.255 +excluded;IP.423 = 11.0.1.166/255.255.255.255 +excluded;IP.424 = 11.0.1.167/255.255.255.255 +excluded;IP.425 = 11.0.1.168/255.255.255.255 +excluded;IP.426 = 11.0.1.169/255.255.255.255 +excluded;IP.427 = 11.0.1.170/255.255.255.255 +excluded;IP.428 = 11.0.1.171/255.255.255.255 +excluded;IP.429 = 11.0.1.172/255.255.255.255 +excluded;IP.430 = 11.0.1.173/255.255.255.255 +excluded;IP.431 = 11.0.1.174/255.255.255.255 +excluded;IP.432 = 11.0.1.175/255.255.255.255 +excluded;IP.433 = 11.0.1.176/255.255.255.255 +excluded;IP.434 = 11.0.1.177/255.255.255.255 +excluded;IP.435 = 11.0.1.178/255.255.255.255 +excluded;IP.436 = 11.0.1.179/255.255.255.255 +excluded;IP.437 = 11.0.1.180/255.255.255.255 +excluded;IP.438 = 11.0.1.181/255.255.255.255 +excluded;IP.439 = 11.0.1.182/255.255.255.255 +excluded;IP.440 = 11.0.1.183/255.255.255.255 +excluded;IP.441 = 11.0.1.184/255.255.255.255 +excluded;IP.442 = 11.0.1.185/255.255.255.255 +excluded;IP.443 = 11.0.1.186/255.255.255.255 +excluded;IP.444 = 11.0.1.187/255.255.255.255 +excluded;IP.445 = 11.0.1.188/255.255.255.255 +excluded;IP.446 = 11.0.1.189/255.255.255.255 +excluded;IP.447 = 11.0.1.190/255.255.255.255 +excluded;IP.448 = 11.0.1.191/255.255.255.255 +excluded;IP.449 = 11.0.1.192/255.255.255.255 +excluded;IP.450 = 11.0.1.193/255.255.255.255 +excluded;IP.451 = 11.0.1.194/255.255.255.255 +excluded;IP.452 = 11.0.1.195/255.255.255.255 +excluded;IP.453 = 11.0.1.196/255.255.255.255 +excluded;IP.454 = 11.0.1.197/255.255.255.255 +excluded;IP.455 = 11.0.1.198/255.255.255.255 +excluded;IP.456 = 11.0.1.199/255.255.255.255 +excluded;IP.457 = 11.0.1.200/255.255.255.255 +excluded;IP.458 = 11.0.1.201/255.255.255.255 +excluded;IP.459 = 11.0.1.202/255.255.255.255 +excluded;IP.460 = 11.0.1.203/255.255.255.255 +excluded;IP.461 = 11.0.1.204/255.255.255.255 +excluded;IP.462 = 11.0.1.205/255.255.255.255 +excluded;IP.463 = 11.0.1.206/255.255.255.255 +excluded;IP.464 = 11.0.1.207/255.255.255.255 +excluded;IP.465 = 11.0.1.208/255.255.255.255 +excluded;IP.466 = 11.0.1.209/255.255.255.255 +excluded;IP.467 = 11.0.1.210/255.255.255.255 +excluded;IP.468 = 11.0.1.211/255.255.255.255 +excluded;IP.469 = 11.0.1.212/255.255.255.255 +excluded;IP.470 = 11.0.1.213/255.255.255.255 +excluded;IP.471 = 11.0.1.214/255.255.255.255 +excluded;IP.472 = 11.0.1.215/255.255.255.255 +excluded;IP.473 = 11.0.1.216/255.255.255.255 +excluded;IP.474 = 11.0.1.217/255.255.255.255 +excluded;IP.475 = 11.0.1.218/255.255.255.255 +excluded;IP.476 = 11.0.1.219/255.255.255.255 +excluded;IP.477 = 11.0.1.220/255.255.255.255 +excluded;IP.478 = 11.0.1.221/255.255.255.255 +excluded;IP.479 = 11.0.1.222/255.255.255.255 +excluded;IP.480 = 11.0.1.223/255.255.255.255 +excluded;IP.481 = 11.0.1.224/255.255.255.255 +excluded;IP.482 = 11.0.1.225/255.255.255.255 +excluded;IP.483 = 11.0.1.226/255.255.255.255 +excluded;IP.484 = 11.0.1.227/255.255.255.255 +excluded;IP.485 = 11.0.1.228/255.255.255.255 +excluded;IP.486 = 11.0.1.229/255.255.255.255 +excluded;IP.487 = 11.0.1.230/255.255.255.255 +excluded;IP.488 = 11.0.1.231/255.255.255.255 +excluded;IP.489 = 11.0.1.232/255.255.255.255 +excluded;IP.490 = 11.0.1.233/255.255.255.255 +excluded;IP.491 = 11.0.1.234/255.255.255.255 +excluded;IP.492 = 11.0.1.235/255.255.255.255 +excluded;IP.493 = 11.0.1.236/255.255.255.255 +excluded;IP.494 = 11.0.1.237/255.255.255.255 +excluded;IP.495 = 11.0.1.238/255.255.255.255 +excluded;IP.496 = 11.0.1.239/255.255.255.255 +excluded;IP.497 = 11.0.1.240/255.255.255.255 +excluded;IP.498 = 11.0.1.241/255.255.255.255 +excluded;IP.499 = 11.0.1.242/255.255.255.255 +excluded;IP.500 = 11.0.1.243/255.255.255.255 +excluded;IP.501 = 11.0.1.244/255.255.255.255 +excluded;IP.502 = 11.0.1.245/255.255.255.255 +excluded;IP.503 = 11.0.1.246/255.255.255.255 +excluded;IP.504 = 11.0.1.247/255.255.255.255 +excluded;IP.505 = 11.0.1.248/255.255.255.255 +excluded;IP.506 = 11.0.1.249/255.255.255.255 +excluded;IP.507 = 11.0.1.250/255.255.255.255 +excluded;IP.508 = 11.0.1.251/255.255.255.255 +excluded;IP.509 = 11.0.1.252/255.255.255.255 +excluded;IP.510 = 11.0.1.253/255.255.255.255 +excluded;IP.511 = 11.0.1.254/255.255.255.255 +excluded;IP.512 = 11.0.1.255/255.255.255.255 +excluded;IP.513 = 11.0.2.0/255.255.255.255 +excluded;IP.514 = 11.0.2.1/255.255.255.255 +excluded;IP.515 = 11.0.2.2/255.255.255.255 +excluded;IP.516 = 11.0.2.3/255.255.255.255 +excluded;IP.517 = 11.0.2.4/255.255.255.255 +excluded;IP.518 = 11.0.2.5/255.255.255.255 +excluded;IP.519 = 11.0.2.6/255.255.255.255 +excluded;IP.520 = 11.0.2.7/255.255.255.255 +excluded;IP.521 = 11.0.2.8/255.255.255.255 +excluded;IP.522 = 11.0.2.9/255.255.255.255 +excluded;IP.523 = 11.0.2.10/255.255.255.255 +excluded;IP.524 = 11.0.2.11/255.255.255.255 +excluded;IP.525 = 11.0.2.12/255.255.255.255 +excluded;IP.526 = 11.0.2.13/255.255.255.255 +excluded;IP.527 = 11.0.2.14/255.255.255.255 +excluded;IP.528 = 11.0.2.15/255.255.255.255 +excluded;IP.529 = 11.0.2.16/255.255.255.255 +excluded;IP.530 = 11.0.2.17/255.255.255.255 +excluded;IP.531 = 11.0.2.18/255.255.255.255 +excluded;IP.532 = 11.0.2.19/255.255.255.255 +excluded;IP.533 = 11.0.2.20/255.255.255.255 +excluded;IP.534 = 11.0.2.21/255.255.255.255 +excluded;IP.535 = 11.0.2.22/255.255.255.255 +excluded;IP.536 = 11.0.2.23/255.255.255.255 +excluded;IP.537 = 11.0.2.24/255.255.255.255 +excluded;IP.538 = 11.0.2.25/255.255.255.255 +excluded;IP.539 = 11.0.2.26/255.255.255.255 +excluded;IP.540 = 11.0.2.27/255.255.255.255 +excluded;IP.541 = 11.0.2.28/255.255.255.255 +excluded;IP.542 = 11.0.2.29/255.255.255.255 +excluded;IP.543 = 11.0.2.30/255.255.255.255 +excluded;IP.544 = 11.0.2.31/255.255.255.255 +excluded;IP.545 = 11.0.2.32/255.255.255.255 +excluded;IP.546 = 11.0.2.33/255.255.255.255 +excluded;IP.547 = 11.0.2.34/255.255.255.255 +excluded;IP.548 = 11.0.2.35/255.255.255.255 +excluded;IP.549 = 11.0.2.36/255.255.255.255 +excluded;IP.550 = 11.0.2.37/255.255.255.255 +excluded;IP.551 = 11.0.2.38/255.255.255.255 +excluded;IP.552 = 11.0.2.39/255.255.255.255 +excluded;IP.553 = 11.0.2.40/255.255.255.255 +excluded;IP.554 = 11.0.2.41/255.255.255.255 +excluded;IP.555 = 11.0.2.42/255.255.255.255 +excluded;IP.556 = 11.0.2.43/255.255.255.255 +excluded;IP.557 = 11.0.2.44/255.255.255.255 +excluded;IP.558 = 11.0.2.45/255.255.255.255 +excluded;IP.559 = 11.0.2.46/255.255.255.255 +excluded;IP.560 = 11.0.2.47/255.255.255.255 +excluded;IP.561 = 11.0.2.48/255.255.255.255 +excluded;IP.562 = 11.0.2.49/255.255.255.255 +excluded;IP.563 = 11.0.2.50/255.255.255.255 +excluded;IP.564 = 11.0.2.51/255.255.255.255 +excluded;IP.565 = 11.0.2.52/255.255.255.255 +excluded;IP.566 = 11.0.2.53/255.255.255.255 +excluded;IP.567 = 11.0.2.54/255.255.255.255 +excluded;IP.568 = 11.0.2.55/255.255.255.255 +excluded;IP.569 = 11.0.2.56/255.255.255.255 +excluded;IP.570 = 11.0.2.57/255.255.255.255 +excluded;IP.571 = 11.0.2.58/255.255.255.255 +excluded;IP.572 = 11.0.2.59/255.255.255.255 +excluded;IP.573 = 11.0.2.60/255.255.255.255 +excluded;IP.574 = 11.0.2.61/255.255.255.255 +excluded;IP.575 = 11.0.2.62/255.255.255.255 +excluded;IP.576 = 11.0.2.63/255.255.255.255 +excluded;IP.577 = 11.0.2.64/255.255.255.255 +excluded;IP.578 = 11.0.2.65/255.255.255.255 +excluded;IP.579 = 11.0.2.66/255.255.255.255 +excluded;IP.580 = 11.0.2.67/255.255.255.255 +excluded;IP.581 = 11.0.2.68/255.255.255.255 +excluded;IP.582 = 11.0.2.69/255.255.255.255 +excluded;IP.583 = 11.0.2.70/255.255.255.255 +excluded;IP.584 = 11.0.2.71/255.255.255.255 +excluded;IP.585 = 11.0.2.72/255.255.255.255 +excluded;IP.586 = 11.0.2.73/255.255.255.255 +excluded;IP.587 = 11.0.2.74/255.255.255.255 +excluded;IP.588 = 11.0.2.75/255.255.255.255 +excluded;IP.589 = 11.0.2.76/255.255.255.255 +excluded;IP.590 = 11.0.2.77/255.255.255.255 +excluded;IP.591 = 11.0.2.78/255.255.255.255 +excluded;IP.592 = 11.0.2.79/255.255.255.255 +excluded;IP.593 = 11.0.2.80/255.255.255.255 +excluded;IP.594 = 11.0.2.81/255.255.255.255 +excluded;IP.595 = 11.0.2.82/255.255.255.255 +excluded;IP.596 = 11.0.2.83/255.255.255.255 +excluded;IP.597 = 11.0.2.84/255.255.255.255 +excluded;IP.598 = 11.0.2.85/255.255.255.255 +excluded;IP.599 = 11.0.2.86/255.255.255.255 +excluded;IP.600 = 11.0.2.87/255.255.255.255 +excluded;IP.601 = 11.0.2.88/255.255.255.255 +excluded;IP.602 = 11.0.2.89/255.255.255.255 +excluded;IP.603 = 11.0.2.90/255.255.255.255 +excluded;IP.604 = 11.0.2.91/255.255.255.255 +excluded;IP.605 = 11.0.2.92/255.255.255.255 +excluded;IP.606 = 11.0.2.93/255.255.255.255 +excluded;IP.607 = 11.0.2.94/255.255.255.255 +excluded;IP.608 = 11.0.2.95/255.255.255.255 +excluded;IP.609 = 11.0.2.96/255.255.255.255 +excluded;IP.610 = 11.0.2.97/255.255.255.255 +excluded;IP.611 = 11.0.2.98/255.255.255.255 +excluded;IP.612 = 11.0.2.99/255.255.255.255 +excluded;IP.613 = 11.0.2.100/255.255.255.255 +excluded;IP.614 = 11.0.2.101/255.255.255.255 +excluded;IP.615 = 11.0.2.102/255.255.255.255 +excluded;IP.616 = 11.0.2.103/255.255.255.255 +excluded;IP.617 = 11.0.2.104/255.255.255.255 +excluded;IP.618 = 11.0.2.105/255.255.255.255 +excluded;IP.619 = 11.0.2.106/255.255.255.255 +excluded;IP.620 = 11.0.2.107/255.255.255.255 +excluded;IP.621 = 11.0.2.108/255.255.255.255 +excluded;IP.622 = 11.0.2.109/255.255.255.255 +excluded;IP.623 = 11.0.2.110/255.255.255.255 +excluded;IP.624 = 11.0.2.111/255.255.255.255 +excluded;IP.625 = 11.0.2.112/255.255.255.255 +excluded;IP.626 = 11.0.2.113/255.255.255.255 +excluded;IP.627 = 11.0.2.114/255.255.255.255 +excluded;IP.628 = 11.0.2.115/255.255.255.255 +excluded;IP.629 = 11.0.2.116/255.255.255.255 +excluded;IP.630 = 11.0.2.117/255.255.255.255 +excluded;IP.631 = 11.0.2.118/255.255.255.255 +excluded;IP.632 = 11.0.2.119/255.255.255.255 +excluded;IP.633 = 11.0.2.120/255.255.255.255 +excluded;IP.634 = 11.0.2.121/255.255.255.255 +excluded;IP.635 = 11.0.2.122/255.255.255.255 +excluded;IP.636 = 11.0.2.123/255.255.255.255 +excluded;IP.637 = 11.0.2.124/255.255.255.255 +excluded;IP.638 = 11.0.2.125/255.255.255.255 +excluded;IP.639 = 11.0.2.126/255.255.255.255 +excluded;IP.640 = 11.0.2.127/255.255.255.255 +excluded;IP.641 = 11.0.2.128/255.255.255.255 +excluded;IP.642 = 11.0.2.129/255.255.255.255 +excluded;IP.643 = 11.0.2.130/255.255.255.255 +excluded;IP.644 = 11.0.2.131/255.255.255.255 +excluded;IP.645 = 11.0.2.132/255.255.255.255 +excluded;IP.646 = 11.0.2.133/255.255.255.255 +excluded;IP.647 = 11.0.2.134/255.255.255.255 +excluded;IP.648 = 11.0.2.135/255.255.255.255 +excluded;IP.649 = 11.0.2.136/255.255.255.255 +excluded;IP.650 = 11.0.2.137/255.255.255.255 +excluded;IP.651 = 11.0.2.138/255.255.255.255 +excluded;IP.652 = 11.0.2.139/255.255.255.255 +excluded;IP.653 = 11.0.2.140/255.255.255.255 +excluded;IP.654 = 11.0.2.141/255.255.255.255 +excluded;IP.655 = 11.0.2.142/255.255.255.255 +excluded;IP.656 = 11.0.2.143/255.255.255.255 +excluded;IP.657 = 11.0.2.144/255.255.255.255 +excluded;IP.658 = 11.0.2.145/255.255.255.255 +excluded;IP.659 = 11.0.2.146/255.255.255.255 +excluded;IP.660 = 11.0.2.147/255.255.255.255 +excluded;IP.661 = 11.0.2.148/255.255.255.255 +excluded;IP.662 = 11.0.2.149/255.255.255.255 +excluded;IP.663 = 11.0.2.150/255.255.255.255 +excluded;IP.664 = 11.0.2.151/255.255.255.255 +excluded;IP.665 = 11.0.2.152/255.255.255.255 +excluded;IP.666 = 11.0.2.153/255.255.255.255 +excluded;IP.667 = 11.0.2.154/255.255.255.255 +excluded;IP.668 = 11.0.2.155/255.255.255.255 +excluded;IP.669 = 11.0.2.156/255.255.255.255 +excluded;IP.670 = 11.0.2.157/255.255.255.255 +excluded;IP.671 = 11.0.2.158/255.255.255.255 +excluded;IP.672 = 11.0.2.159/255.255.255.255 +excluded;IP.673 = 11.0.2.160/255.255.255.255 +excluded;IP.674 = 11.0.2.161/255.255.255.255 +excluded;IP.675 = 11.0.2.162/255.255.255.255 +excluded;IP.676 = 11.0.2.163/255.255.255.255 +excluded;IP.677 = 11.0.2.164/255.255.255.255 +excluded;IP.678 = 11.0.2.165/255.255.255.255 +excluded;IP.679 = 11.0.2.166/255.255.255.255 +excluded;IP.680 = 11.0.2.167/255.255.255.255 +excluded;IP.681 = 11.0.2.168/255.255.255.255 +excluded;IP.682 = 11.0.2.169/255.255.255.255 +excluded;IP.683 = 11.0.2.170/255.255.255.255 +excluded;IP.684 = 11.0.2.171/255.255.255.255 +excluded;IP.685 = 11.0.2.172/255.255.255.255 +excluded;IP.686 = 11.0.2.173/255.255.255.255 +excluded;IP.687 = 11.0.2.174/255.255.255.255 +excluded;IP.688 = 11.0.2.175/255.255.255.255 +excluded;IP.689 = 11.0.2.176/255.255.255.255 +excluded;IP.690 = 11.0.2.177/255.255.255.255 +excluded;IP.691 = 11.0.2.178/255.255.255.255 +excluded;IP.692 = 11.0.2.179/255.255.255.255 +excluded;IP.693 = 11.0.2.180/255.255.255.255 +excluded;IP.694 = 11.0.2.181/255.255.255.255 +excluded;IP.695 = 11.0.2.182/255.255.255.255 +excluded;IP.696 = 11.0.2.183/255.255.255.255 +excluded;IP.697 = 11.0.2.184/255.255.255.255 +excluded;IP.698 = 11.0.2.185/255.255.255.255 +excluded;IP.699 = 11.0.2.186/255.255.255.255 +excluded;IP.700 = 11.0.2.187/255.255.255.255 +excluded;IP.701 = 11.0.2.188/255.255.255.255 +excluded;IP.702 = 11.0.2.189/255.255.255.255 +excluded;IP.703 = 11.0.2.190/255.255.255.255 +excluded;IP.704 = 11.0.2.191/255.255.255.255 +excluded;IP.705 = 11.0.2.192/255.255.255.255 +excluded;IP.706 = 11.0.2.193/255.255.255.255 +excluded;IP.707 = 11.0.2.194/255.255.255.255 +excluded;IP.708 = 11.0.2.195/255.255.255.255 +excluded;IP.709 = 11.0.2.196/255.255.255.255 +excluded;IP.710 = 11.0.2.197/255.255.255.255 +excluded;IP.711 = 11.0.2.198/255.255.255.255 +excluded;IP.712 = 11.0.2.199/255.255.255.255 +excluded;IP.713 = 11.0.2.200/255.255.255.255 +excluded;IP.714 = 11.0.2.201/255.255.255.255 +excluded;IP.715 = 11.0.2.202/255.255.255.255 +excluded;IP.716 = 11.0.2.203/255.255.255.255 +excluded;IP.717 = 11.0.2.204/255.255.255.255 +excluded;IP.718 = 11.0.2.205/255.255.255.255 +excluded;IP.719 = 11.0.2.206/255.255.255.255 +excluded;IP.720 = 11.0.2.207/255.255.255.255 +excluded;IP.721 = 11.0.2.208/255.255.255.255 +excluded;IP.722 = 11.0.2.209/255.255.255.255 +excluded;IP.723 = 11.0.2.210/255.255.255.255 +excluded;IP.724 = 11.0.2.211/255.255.255.255 +excluded;IP.725 = 11.0.2.212/255.255.255.255 +excluded;IP.726 = 11.0.2.213/255.255.255.255 +excluded;IP.727 = 11.0.2.214/255.255.255.255 +excluded;IP.728 = 11.0.2.215/255.255.255.255 +excluded;IP.729 = 11.0.2.216/255.255.255.255 +excluded;IP.730 = 11.0.2.217/255.255.255.255 +excluded;IP.731 = 11.0.2.218/255.255.255.255 +excluded;IP.732 = 11.0.2.219/255.255.255.255 +excluded;IP.733 = 11.0.2.220/255.255.255.255 +excluded;IP.734 = 11.0.2.221/255.255.255.255 +excluded;IP.735 = 11.0.2.222/255.255.255.255 +excluded;IP.736 = 11.0.2.223/255.255.255.255 +excluded;IP.737 = 11.0.2.224/255.255.255.255 +excluded;IP.738 = 11.0.2.225/255.255.255.255 +excluded;IP.739 = 11.0.2.226/255.255.255.255 +excluded;IP.740 = 11.0.2.227/255.255.255.255 +excluded;IP.741 = 11.0.2.228/255.255.255.255 +excluded;IP.742 = 11.0.2.229/255.255.255.255 +excluded;IP.743 = 11.0.2.230/255.255.255.255 +excluded;IP.744 = 11.0.2.231/255.255.255.255 +excluded;IP.745 = 11.0.2.232/255.255.255.255 +excluded;IP.746 = 11.0.2.233/255.255.255.255 +excluded;IP.747 = 11.0.2.234/255.255.255.255 +excluded;IP.748 = 11.0.2.235/255.255.255.255 +excluded;IP.749 = 11.0.2.236/255.255.255.255 +excluded;IP.750 = 11.0.2.237/255.255.255.255 +excluded;IP.751 = 11.0.2.238/255.255.255.255 +excluded;IP.752 = 11.0.2.239/255.255.255.255 +excluded;IP.753 = 11.0.2.240/255.255.255.255 +excluded;IP.754 = 11.0.2.241/255.255.255.255 +excluded;IP.755 = 11.0.2.242/255.255.255.255 +excluded;IP.756 = 11.0.2.243/255.255.255.255 +excluded;IP.757 = 11.0.2.244/255.255.255.255 +excluded;IP.758 = 11.0.2.245/255.255.255.255 +excluded;IP.759 = 11.0.2.246/255.255.255.255 +excluded;IP.760 = 11.0.2.247/255.255.255.255 +excluded;IP.761 = 11.0.2.248/255.255.255.255 +excluded;IP.762 = 11.0.2.249/255.255.255.255 +excluded;IP.763 = 11.0.2.250/255.255.255.255 +excluded;IP.764 = 11.0.2.251/255.255.255.255 +excluded;IP.765 = 11.0.2.252/255.255.255.255 +excluded;IP.766 = 11.0.2.253/255.255.255.255 +excluded;IP.767 = 11.0.2.254/255.255.255.255 +excluded;IP.768 = 11.0.2.255/255.255.255.255 +excluded;IP.769 = 11.0.3.0/255.255.255.255 +excluded;IP.770 = 11.0.3.1/255.255.255.255 +excluded;IP.771 = 11.0.3.2/255.255.255.255 +excluded;IP.772 = 11.0.3.3/255.255.255.255 +excluded;IP.773 = 11.0.3.4/255.255.255.255 +excluded;IP.774 = 11.0.3.5/255.255.255.255 +excluded;IP.775 = 11.0.3.6/255.255.255.255 +excluded;IP.776 = 11.0.3.7/255.255.255.255 +excluded;IP.777 = 11.0.3.8/255.255.255.255 +excluded;IP.778 = 11.0.3.9/255.255.255.255 +excluded;IP.779 = 11.0.3.10/255.255.255.255 +excluded;IP.780 = 11.0.3.11/255.255.255.255 +excluded;IP.781 = 11.0.3.12/255.255.255.255 +excluded;IP.782 = 11.0.3.13/255.255.255.255 +excluded;IP.783 = 11.0.3.14/255.255.255.255 +excluded;IP.784 = 11.0.3.15/255.255.255.255 +excluded;IP.785 = 11.0.3.16/255.255.255.255 +excluded;IP.786 = 11.0.3.17/255.255.255.255 +excluded;IP.787 = 11.0.3.18/255.255.255.255 +excluded;IP.788 = 11.0.3.19/255.255.255.255 +excluded;IP.789 = 11.0.3.20/255.255.255.255 +excluded;IP.790 = 11.0.3.21/255.255.255.255 +excluded;IP.791 = 11.0.3.22/255.255.255.255 +excluded;IP.792 = 11.0.3.23/255.255.255.255 +excluded;IP.793 = 11.0.3.24/255.255.255.255 +excluded;IP.794 = 11.0.3.25/255.255.255.255 +excluded;IP.795 = 11.0.3.26/255.255.255.255 +excluded;IP.796 = 11.0.3.27/255.255.255.255 +excluded;IP.797 = 11.0.3.28/255.255.255.255 +excluded;IP.798 = 11.0.3.29/255.255.255.255 +excluded;IP.799 = 11.0.3.30/255.255.255.255 +excluded;IP.800 = 11.0.3.31/255.255.255.255 +excluded;IP.801 = 11.0.3.32/255.255.255.255 +excluded;IP.802 = 11.0.3.33/255.255.255.255 +excluded;IP.803 = 11.0.3.34/255.255.255.255 +excluded;IP.804 = 11.0.3.35/255.255.255.255 +excluded;IP.805 = 11.0.3.36/255.255.255.255 +excluded;IP.806 = 11.0.3.37/255.255.255.255 +excluded;IP.807 = 11.0.3.38/255.255.255.255 +excluded;IP.808 = 11.0.3.39/255.255.255.255 +excluded;IP.809 = 11.0.3.40/255.255.255.255 +excluded;IP.810 = 11.0.3.41/255.255.255.255 +excluded;IP.811 = 11.0.3.42/255.255.255.255 +excluded;IP.812 = 11.0.3.43/255.255.255.255 +excluded;IP.813 = 11.0.3.44/255.255.255.255 +excluded;IP.814 = 11.0.3.45/255.255.255.255 +excluded;IP.815 = 11.0.3.46/255.255.255.255 +excluded;IP.816 = 11.0.3.47/255.255.255.255 +excluded;IP.817 = 11.0.3.48/255.255.255.255 +excluded;IP.818 = 11.0.3.49/255.255.255.255 +excluded;IP.819 = 11.0.3.50/255.255.255.255 +excluded;IP.820 = 11.0.3.51/255.255.255.255 +excluded;IP.821 = 11.0.3.52/255.255.255.255 +excluded;IP.822 = 11.0.3.53/255.255.255.255 +excluded;IP.823 = 11.0.3.54/255.255.255.255 +excluded;IP.824 = 11.0.3.55/255.255.255.255 +excluded;IP.825 = 11.0.3.56/255.255.255.255 +excluded;IP.826 = 11.0.3.57/255.255.255.255 +excluded;IP.827 = 11.0.3.58/255.255.255.255 +excluded;IP.828 = 11.0.3.59/255.255.255.255 +excluded;IP.829 = 11.0.3.60/255.255.255.255 +excluded;IP.830 = 11.0.3.61/255.255.255.255 +excluded;IP.831 = 11.0.3.62/255.255.255.255 +excluded;IP.832 = 11.0.3.63/255.255.255.255 +excluded;IP.833 = 11.0.3.64/255.255.255.255 +excluded;IP.834 = 11.0.3.65/255.255.255.255 +excluded;IP.835 = 11.0.3.66/255.255.255.255 +excluded;IP.836 = 11.0.3.67/255.255.255.255 +excluded;IP.837 = 11.0.3.68/255.255.255.255 +excluded;IP.838 = 11.0.3.69/255.255.255.255 +excluded;IP.839 = 11.0.3.70/255.255.255.255 +excluded;IP.840 = 11.0.3.71/255.255.255.255 +excluded;IP.841 = 11.0.3.72/255.255.255.255 +excluded;IP.842 = 11.0.3.73/255.255.255.255 +excluded;IP.843 = 11.0.3.74/255.255.255.255 +excluded;IP.844 = 11.0.3.75/255.255.255.255 +excluded;IP.845 = 11.0.3.76/255.255.255.255 +excluded;IP.846 = 11.0.3.77/255.255.255.255 +excluded;IP.847 = 11.0.3.78/255.255.255.255 +excluded;IP.848 = 11.0.3.79/255.255.255.255 +excluded;IP.849 = 11.0.3.80/255.255.255.255 +excluded;IP.850 = 11.0.3.81/255.255.255.255 +excluded;IP.851 = 11.0.3.82/255.255.255.255 +excluded;IP.852 = 11.0.3.83/255.255.255.255 +excluded;IP.853 = 11.0.3.84/255.255.255.255 +excluded;IP.854 = 11.0.3.85/255.255.255.255 +excluded;IP.855 = 11.0.3.86/255.255.255.255 +excluded;IP.856 = 11.0.3.87/255.255.255.255 +excluded;IP.857 = 11.0.3.88/255.255.255.255 +excluded;IP.858 = 11.0.3.89/255.255.255.255 +excluded;IP.859 = 11.0.3.90/255.255.255.255 +excluded;IP.860 = 11.0.3.91/255.255.255.255 +excluded;IP.861 = 11.0.3.92/255.255.255.255 +excluded;IP.862 = 11.0.3.93/255.255.255.255 +excluded;IP.863 = 11.0.3.94/255.255.255.255 +excluded;IP.864 = 11.0.3.95/255.255.255.255 +excluded;IP.865 = 11.0.3.96/255.255.255.255 +excluded;IP.866 = 11.0.3.97/255.255.255.255 +excluded;IP.867 = 11.0.3.98/255.255.255.255 +excluded;IP.868 = 11.0.3.99/255.255.255.255 +excluded;IP.869 = 11.0.3.100/255.255.255.255 +excluded;IP.870 = 11.0.3.101/255.255.255.255 +excluded;IP.871 = 11.0.3.102/255.255.255.255 +excluded;IP.872 = 11.0.3.103/255.255.255.255 +excluded;IP.873 = 11.0.3.104/255.255.255.255 +excluded;IP.874 = 11.0.3.105/255.255.255.255 +excluded;IP.875 = 11.0.3.106/255.255.255.255 +excluded;IP.876 = 11.0.3.107/255.255.255.255 +excluded;IP.877 = 11.0.3.108/255.255.255.255 +excluded;IP.878 = 11.0.3.109/255.255.255.255 +excluded;IP.879 = 11.0.3.110/255.255.255.255 +excluded;IP.880 = 11.0.3.111/255.255.255.255 +excluded;IP.881 = 11.0.3.112/255.255.255.255 +excluded;IP.882 = 11.0.3.113/255.255.255.255 +excluded;IP.883 = 11.0.3.114/255.255.255.255 +excluded;IP.884 = 11.0.3.115/255.255.255.255 +excluded;IP.885 = 11.0.3.116/255.255.255.255 +excluded;IP.886 = 11.0.3.117/255.255.255.255 +excluded;IP.887 = 11.0.3.118/255.255.255.255 +excluded;IP.888 = 11.0.3.119/255.255.255.255 +excluded;IP.889 = 11.0.3.120/255.255.255.255 +excluded;IP.890 = 11.0.3.121/255.255.255.255 +excluded;IP.891 = 11.0.3.122/255.255.255.255 +excluded;IP.892 = 11.0.3.123/255.255.255.255 +excluded;IP.893 = 11.0.3.124/255.255.255.255 +excluded;IP.894 = 11.0.3.125/255.255.255.255 +excluded;IP.895 = 11.0.3.126/255.255.255.255 +excluded;IP.896 = 11.0.3.127/255.255.255.255 +excluded;IP.897 = 11.0.3.128/255.255.255.255 +excluded;IP.898 = 11.0.3.129/255.255.255.255 +excluded;IP.899 = 11.0.3.130/255.255.255.255 +excluded;IP.900 = 11.0.3.131/255.255.255.255 +excluded;IP.901 = 11.0.3.132/255.255.255.255 +excluded;IP.902 = 11.0.3.133/255.255.255.255 +excluded;IP.903 = 11.0.3.134/255.255.255.255 +excluded;IP.904 = 11.0.3.135/255.255.255.255 +excluded;IP.905 = 11.0.3.136/255.255.255.255 +excluded;IP.906 = 11.0.3.137/255.255.255.255 +excluded;IP.907 = 11.0.3.138/255.255.255.255 +excluded;IP.908 = 11.0.3.139/255.255.255.255 +excluded;IP.909 = 11.0.3.140/255.255.255.255 +excluded;IP.910 = 11.0.3.141/255.255.255.255 +excluded;IP.911 = 11.0.3.142/255.255.255.255 +excluded;IP.912 = 11.0.3.143/255.255.255.255 +excluded;IP.913 = 11.0.3.144/255.255.255.255 +excluded;IP.914 = 11.0.3.145/255.255.255.255 +excluded;IP.915 = 11.0.3.146/255.255.255.255 +excluded;IP.916 = 11.0.3.147/255.255.255.255 +excluded;IP.917 = 11.0.3.148/255.255.255.255 +excluded;IP.918 = 11.0.3.149/255.255.255.255 +excluded;IP.919 = 11.0.3.150/255.255.255.255 +excluded;IP.920 = 11.0.3.151/255.255.255.255 +excluded;IP.921 = 11.0.3.152/255.255.255.255 +excluded;IP.922 = 11.0.3.153/255.255.255.255 +excluded;IP.923 = 11.0.3.154/255.255.255.255 +excluded;IP.924 = 11.0.3.155/255.255.255.255 +excluded;IP.925 = 11.0.3.156/255.255.255.255 +excluded;IP.926 = 11.0.3.157/255.255.255.255 +excluded;IP.927 = 11.0.3.158/255.255.255.255 +excluded;IP.928 = 11.0.3.159/255.255.255.255 +excluded;IP.929 = 11.0.3.160/255.255.255.255 +excluded;IP.930 = 11.0.3.161/255.255.255.255 +excluded;IP.931 = 11.0.3.162/255.255.255.255 +excluded;IP.932 = 11.0.3.163/255.255.255.255 +excluded;IP.933 = 11.0.3.164/255.255.255.255 +excluded;IP.934 = 11.0.3.165/255.255.255.255 +excluded;IP.935 = 11.0.3.166/255.255.255.255 +excluded;IP.936 = 11.0.3.167/255.255.255.255 +excluded;IP.937 = 11.0.3.168/255.255.255.255 +excluded;IP.938 = 11.0.3.169/255.255.255.255 +excluded;IP.939 = 11.0.3.170/255.255.255.255 +excluded;IP.940 = 11.0.3.171/255.255.255.255 +excluded;IP.941 = 11.0.3.172/255.255.255.255 +excluded;IP.942 = 11.0.3.173/255.255.255.255 +excluded;IP.943 = 11.0.3.174/255.255.255.255 +excluded;IP.944 = 11.0.3.175/255.255.255.255 +excluded;IP.945 = 11.0.3.176/255.255.255.255 +excluded;IP.946 = 11.0.3.177/255.255.255.255 +excluded;IP.947 = 11.0.3.178/255.255.255.255 +excluded;IP.948 = 11.0.3.179/255.255.255.255 +excluded;IP.949 = 11.0.3.180/255.255.255.255 +excluded;IP.950 = 11.0.3.181/255.255.255.255 +excluded;IP.951 = 11.0.3.182/255.255.255.255 +excluded;IP.952 = 11.0.3.183/255.255.255.255 +excluded;IP.953 = 11.0.3.184/255.255.255.255 +excluded;IP.954 = 11.0.3.185/255.255.255.255 +excluded;IP.955 = 11.0.3.186/255.255.255.255 +excluded;IP.956 = 11.0.3.187/255.255.255.255 +excluded;IP.957 = 11.0.3.188/255.255.255.255 +excluded;IP.958 = 11.0.3.189/255.255.255.255 +excluded;IP.959 = 11.0.3.190/255.255.255.255 +excluded;IP.960 = 11.0.3.191/255.255.255.255 +excluded;IP.961 = 11.0.3.192/255.255.255.255 +excluded;IP.962 = 11.0.3.193/255.255.255.255 +excluded;IP.963 = 11.0.3.194/255.255.255.255 +excluded;IP.964 = 11.0.3.195/255.255.255.255 +excluded;IP.965 = 11.0.3.196/255.255.255.255 +excluded;IP.966 = 11.0.3.197/255.255.255.255 +excluded;IP.967 = 11.0.3.198/255.255.255.255 +excluded;IP.968 = 11.0.3.199/255.255.255.255 +excluded;IP.969 = 11.0.3.200/255.255.255.255 +excluded;IP.970 = 11.0.3.201/255.255.255.255 +excluded;IP.971 = 11.0.3.202/255.255.255.255 +excluded;IP.972 = 11.0.3.203/255.255.255.255 +excluded;IP.973 = 11.0.3.204/255.255.255.255 +excluded;IP.974 = 11.0.3.205/255.255.255.255 +excluded;IP.975 = 11.0.3.206/255.255.255.255 +excluded;IP.976 = 11.0.3.207/255.255.255.255 +excluded;IP.977 = 11.0.3.208/255.255.255.255 +excluded;IP.978 = 11.0.3.209/255.255.255.255 +excluded;IP.979 = 11.0.3.210/255.255.255.255 +excluded;IP.980 = 11.0.3.211/255.255.255.255 +excluded;IP.981 = 11.0.3.212/255.255.255.255 +excluded;IP.982 = 11.0.3.213/255.255.255.255 +excluded;IP.983 = 11.0.3.214/255.255.255.255 +excluded;IP.984 = 11.0.3.215/255.255.255.255 +excluded;IP.985 = 11.0.3.216/255.255.255.255 +excluded;IP.986 = 11.0.3.217/255.255.255.255 +excluded;IP.987 = 11.0.3.218/255.255.255.255 +excluded;IP.988 = 11.0.3.219/255.255.255.255 +excluded;IP.989 = 11.0.3.220/255.255.255.255 +excluded;IP.990 = 11.0.3.221/255.255.255.255 +excluded;IP.991 = 11.0.3.222/255.255.255.255 +excluded;IP.992 = 11.0.3.223/255.255.255.255 +excluded;IP.993 = 11.0.3.224/255.255.255.255 +excluded;IP.994 = 11.0.3.225/255.255.255.255 +excluded;IP.995 = 11.0.3.226/255.255.255.255 +excluded;IP.996 = 11.0.3.227/255.255.255.255 +excluded;IP.997 = 11.0.3.228/255.255.255.255 +excluded;IP.998 = 11.0.3.229/255.255.255.255 +excluded;IP.999 = 11.0.3.230/255.255.255.255 +excluded;IP.1000 = 11.0.3.231/255.255.255.255 +excluded;IP.1001 = 11.0.3.232/255.255.255.255 +excluded;IP.1002 = 11.0.3.233/255.255.255.255 +excluded;IP.1003 = 11.0.3.234/255.255.255.255 +excluded;IP.1004 = 11.0.3.235/255.255.255.255 +excluded;IP.1005 = 11.0.3.236/255.255.255.255 +excluded;IP.1006 = 11.0.3.237/255.255.255.255 +excluded;IP.1007 = 11.0.3.238/255.255.255.255 +excluded;IP.1008 = 11.0.3.239/255.255.255.255 +excluded;IP.1009 = 11.0.3.240/255.255.255.255 +excluded;IP.1010 = 11.0.3.241/255.255.255.255 +excluded;IP.1011 = 11.0.3.242/255.255.255.255 +excluded;IP.1012 = 11.0.3.243/255.255.255.255 +excluded;IP.1013 = 11.0.3.244/255.255.255.255 +excluded;IP.1014 = 11.0.3.245/255.255.255.255 +excluded;IP.1015 = 11.0.3.246/255.255.255.255 +excluded;IP.1016 = 11.0.3.247/255.255.255.255 +excluded;IP.1017 = 11.0.3.248/255.255.255.255 +excluded;IP.1018 = 11.0.3.249/255.255.255.255 +excluded;IP.1019 = 11.0.3.250/255.255.255.255 +excluded;IP.1020 = 11.0.3.251/255.255.255.255 +excluded;IP.1021 = 11.0.3.252/255.255.255.255 +excluded;IP.1022 = 11.0.3.253/255.255.255.255 +excluded;IP.1023 = 11.0.3.254/255.255.255.255 +excluded;IP.1024 = 11.0.3.255/255.255.255.255 +excluded;IP.1025 = 11.0.4.0/255.255.255.255 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.csr new file mode 100644 index 0000000000..d595c49116 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.csr @@ -0,0 +1,274 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIy1jCCMb4CAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoIIweDCC +MHQGCSqGSIb3DQEJDjGCMGUwgjBhMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCMB0GA1UdHgSC +MBQwgjAQoYIwDDAKhwgLAAAA/////zAKhwgLAAAB/////zAKhwgLAAAC/////zAK +hwgLAAAD/////zAKhwgLAAAE/////zAKhwgLAAAF/////zAKhwgLAAAG/////zAK +hwgLAAAH/////zAKhwgLAAAI/////zAKhwgLAAAJ/////zAKhwgLAAAK/////zAK +hwgLAAAL/////zAKhwgLAAAM/////zAKhwgLAAAN/////zAKhwgLAAAO/////zAK +hwgLAAAP/////zAKhwgLAAAQ/////zAKhwgLAAAR/////zAKhwgLAAAS/////zAK +hwgLAAAT/////zAKhwgLAAAU/////zAKhwgLAAAV/////zAKhwgLAAAW/////zAK +hwgLAAAX/////zAKhwgLAAAY/////zAKhwgLAAAZ/////zAKhwgLAAAa/////zAK +hwgLAAAb/////zAKhwgLAAAc/////zAKhwgLAAAd/////zAKhwgLAAAe/////zAK +hwgLAAAf/////zAKhwgLAAAg/////zAKhwgLAAAh/////zAKhwgLAAAi/////zAK +hwgLAAAj/////zAKhwgLAAAk/////zAKhwgLAAAl/////zAKhwgLAAAm/////zAK +hwgLAAAn/////zAKhwgLAAAo/////zAKhwgLAAAp/////zAKhwgLAAAq/////zAK +hwgLAAAr/////zAKhwgLAAAs/////zAKhwgLAAAt/////zAKhwgLAAAu/////zAK +hwgLAAAv/////zAKhwgLAAAw/////zAKhwgLAAAx/////zAKhwgLAAAy/////zAK +hwgLAAAz/////zAKhwgLAAA0/////zAKhwgLAAA1/////zAKhwgLAAA2/////zAK +hwgLAAA3/////zAKhwgLAAA4/////zAKhwgLAAA5/////zAKhwgLAAA6/////zAK +hwgLAAA7/////zAKhwgLAAA8/////zAKhwgLAAA9/////zAKhwgLAAA+/////zAK +hwgLAAA//////zAKhwgLAABA/////zAKhwgLAABB/////zAKhwgLAABC/////zAK +hwgLAABD/////zAKhwgLAABE/////zAKhwgLAABF/////zAKhwgLAABG/////zAK +hwgLAABH/////zAKhwgLAABI/////zAKhwgLAABJ/////zAKhwgLAABK/////zAK +hwgLAABL/////zAKhwgLAABM/////zAKhwgLAABN/////zAKhwgLAABO/////zAK +hwgLAABP/////zAKhwgLAABQ/////zAKhwgLAABR/////zAKhwgLAABS/////zAK +hwgLAABT/////zAKhwgLAABU/////zAKhwgLAABV/////zAKhwgLAABW/////zAK +hwgLAABX/////zAKhwgLAABY/////zAKhwgLAABZ/////zAKhwgLAABa/////zAK +hwgLAABb/////zAKhwgLAABc/////zAKhwgLAABd/////zAKhwgLAABe/////zAK +hwgLAABf/////zAKhwgLAABg/////zAKhwgLAABh/////zAKhwgLAABi/////zAK +hwgLAABj/////zAKhwgLAABk/////zAKhwgLAABl/////zAKhwgLAABm/////zAK +hwgLAABn/////zAKhwgLAABo/////zAKhwgLAABp/////zAKhwgLAABq/////zAK +hwgLAABr/////zAKhwgLAABs/////zAKhwgLAABt/////zAKhwgLAABu/////zAK +hwgLAABv/////zAKhwgLAABw/////zAKhwgLAABx/////zAKhwgLAABy/////zAK +hwgLAABz/////zAKhwgLAAB0/////zAKhwgLAAB1/////zAKhwgLAAB2/////zAK +hwgLAAB3/////zAKhwgLAAB4/////zAKhwgLAAB5/////zAKhwgLAAB6/////zAK +hwgLAAB7/////zAKhwgLAAB8/////zAKhwgLAAB9/////zAKhwgLAAB+/////zAK +hwgLAAB//////zAKhwgLAACA/////zAKhwgLAACB/////zAKhwgLAACC/////zAK +hwgLAACD/////zAKhwgLAACE/////zAKhwgLAACF/////zAKhwgLAACG/////zAK +hwgLAACH/////zAKhwgLAACI/////zAKhwgLAACJ/////zAKhwgLAACK/////zAK +hwgLAACL/////zAKhwgLAACM/////zAKhwgLAACN/////zAKhwgLAACO/////zAK +hwgLAACP/////zAKhwgLAACQ/////zAKhwgLAACR/////zAKhwgLAACS/////zAK +hwgLAACT/////zAKhwgLAACU/////zAKhwgLAACV/////zAKhwgLAACW/////zAK +hwgLAACX/////zAKhwgLAACY/////zAKhwgLAACZ/////zAKhwgLAACa/////zAK +hwgLAACb/////zAKhwgLAACc/////zAKhwgLAACd/////zAKhwgLAACe/////zAK +hwgLAACf/////zAKhwgLAACg/////zAKhwgLAACh/////zAKhwgLAACi/////zAK +hwgLAACj/////zAKhwgLAACk/////zAKhwgLAACl/////zAKhwgLAACm/////zAK +hwgLAACn/////zAKhwgLAACo/////zAKhwgLAACp/////zAKhwgLAACq/////zAK +hwgLAACr/////zAKhwgLAACs/////zAKhwgLAACt/////zAKhwgLAACu/////zAK +hwgLAACv/////zAKhwgLAACw/////zAKhwgLAACx/////zAKhwgLAACy/////zAK +hwgLAACz/////zAKhwgLAAC0/////zAKhwgLAAC1/////zAKhwgLAAC2/////zAK +hwgLAAC3/////zAKhwgLAAC4/////zAKhwgLAAC5/////zAKhwgLAAC6/////zAK +hwgLAAC7/////zAKhwgLAAC8/////zAKhwgLAAC9/////zAKhwgLAAC+/////zAK +hwgLAAC//////zAKhwgLAADA/////zAKhwgLAADB/////zAKhwgLAADC/////zAK +hwgLAADD/////zAKhwgLAADE/////zAKhwgLAADF/////zAKhwgLAADG/////zAK +hwgLAADH/////zAKhwgLAADI/////zAKhwgLAADJ/////zAKhwgLAADK/////zAK +hwgLAADL/////zAKhwgLAADM/////zAKhwgLAADN/////zAKhwgLAADO/////zAK +hwgLAADP/////zAKhwgLAADQ/////zAKhwgLAADR/////zAKhwgLAADS/////zAK +hwgLAADT/////zAKhwgLAADU/////zAKhwgLAADV/////zAKhwgLAADW/////zAK +hwgLAADX/////zAKhwgLAADY/////zAKhwgLAADZ/////zAKhwgLAADa/////zAK +hwgLAADb/////zAKhwgLAADc/////zAKhwgLAADd/////zAKhwgLAADe/////zAK +hwgLAADf/////zAKhwgLAADg/////zAKhwgLAADh/////zAKhwgLAADi/////zAK +hwgLAADj/////zAKhwgLAADk/////zAKhwgLAADl/////zAKhwgLAADm/////zAK +hwgLAADn/////zAKhwgLAADo/////zAKhwgLAADp/////zAKhwgLAADq/////zAK +hwgLAADr/////zAKhwgLAADs/////zAKhwgLAADt/////zAKhwgLAADu/////zAK +hwgLAADv/////zAKhwgLAADw/////zAKhwgLAADx/////zAKhwgLAADy/////zAK +hwgLAADz/////zAKhwgLAAD0/////zAKhwgLAAD1/////zAKhwgLAAD2/////zAK +hwgLAAD3/////zAKhwgLAAD4/////zAKhwgLAAD5/////zAKhwgLAAD6/////zAK +hwgLAAD7/////zAKhwgLAAD8/////zAKhwgLAAD9/////zAKhwgLAAD+/////zAK +hwgLAAD//////zAKhwgLAAEA/////zAKhwgLAAEB/////zAKhwgLAAEC/////zAK +hwgLAAED/////zAKhwgLAAEE/////zAKhwgLAAEF/////zAKhwgLAAEG/////zAK +hwgLAAEH/////zAKhwgLAAEI/////zAKhwgLAAEJ/////zAKhwgLAAEK/////zAK +hwgLAAEL/////zAKhwgLAAEM/////zAKhwgLAAEN/////zAKhwgLAAEO/////zAK +hwgLAAEP/////zAKhwgLAAEQ/////zAKhwgLAAER/////zAKhwgLAAES/////zAK +hwgLAAET/////zAKhwgLAAEU/////zAKhwgLAAEV/////zAKhwgLAAEW/////zAK +hwgLAAEX/////zAKhwgLAAEY/////zAKhwgLAAEZ/////zAKhwgLAAEa/////zAK +hwgLAAEb/////zAKhwgLAAEc/////zAKhwgLAAEd/////zAKhwgLAAEe/////zAK +hwgLAAEf/////zAKhwgLAAEg/////zAKhwgLAAEh/////zAKhwgLAAEi/////zAK +hwgLAAEj/////zAKhwgLAAEk/////zAKhwgLAAEl/////zAKhwgLAAEm/////zAK +hwgLAAEn/////zAKhwgLAAEo/////zAKhwgLAAEp/////zAKhwgLAAEq/////zAK +hwgLAAEr/////zAKhwgLAAEs/////zAKhwgLAAEt/////zAKhwgLAAEu/////zAK +hwgLAAEv/////zAKhwgLAAEw/////zAKhwgLAAEx/////zAKhwgLAAEy/////zAK +hwgLAAEz/////zAKhwgLAAE0/////zAKhwgLAAE1/////zAKhwgLAAE2/////zAK +hwgLAAE3/////zAKhwgLAAE4/////zAKhwgLAAE5/////zAKhwgLAAE6/////zAK +hwgLAAE7/////zAKhwgLAAE8/////zAKhwgLAAE9/////zAKhwgLAAE+/////zAK +hwgLAAE//////zAKhwgLAAFA/////zAKhwgLAAFB/////zAKhwgLAAFC/////zAK +hwgLAAFD/////zAKhwgLAAFE/////zAKhwgLAAFF/////zAKhwgLAAFG/////zAK +hwgLAAFH/////zAKhwgLAAFI/////zAKhwgLAAFJ/////zAKhwgLAAFK/////zAK +hwgLAAFL/////zAKhwgLAAFM/////zAKhwgLAAFN/////zAKhwgLAAFO/////zAK +hwgLAAFP/////zAKhwgLAAFQ/////zAKhwgLAAFR/////zAKhwgLAAFS/////zAK +hwgLAAFT/////zAKhwgLAAFU/////zAKhwgLAAFV/////zAKhwgLAAFW/////zAK +hwgLAAFX/////zAKhwgLAAFY/////zAKhwgLAAFZ/////zAKhwgLAAFa/////zAK +hwgLAAFb/////zAKhwgLAAFc/////zAKhwgLAAFd/////zAKhwgLAAFe/////zAK +hwgLAAFf/////zAKhwgLAAFg/////zAKhwgLAAFh/////zAKhwgLAAFi/////zAK +hwgLAAFj/////zAKhwgLAAFk/////zAKhwgLAAFl/////zAKhwgLAAFm/////zAK +hwgLAAFn/////zAKhwgLAAFo/////zAKhwgLAAFp/////zAKhwgLAAFq/////zAK +hwgLAAFr/////zAKhwgLAAFs/////zAKhwgLAAFt/////zAKhwgLAAFu/////zAK +hwgLAAFv/////zAKhwgLAAFw/////zAKhwgLAAFx/////zAKhwgLAAFy/////zAK +hwgLAAFz/////zAKhwgLAAF0/////zAKhwgLAAF1/////zAKhwgLAAF2/////zAK +hwgLAAF3/////zAKhwgLAAF4/////zAKhwgLAAF5/////zAKhwgLAAF6/////zAK +hwgLAAF7/////zAKhwgLAAF8/////zAKhwgLAAF9/////zAKhwgLAAF+/////zAK +hwgLAAF//////zAKhwgLAAGA/////zAKhwgLAAGB/////zAKhwgLAAGC/////zAK +hwgLAAGD/////zAKhwgLAAGE/////zAKhwgLAAGF/////zAKhwgLAAGG/////zAK +hwgLAAGH/////zAKhwgLAAGI/////zAKhwgLAAGJ/////zAKhwgLAAGK/////zAK +hwgLAAGL/////zAKhwgLAAGM/////zAKhwgLAAGN/////zAKhwgLAAGO/////zAK +hwgLAAGP/////zAKhwgLAAGQ/////zAKhwgLAAGR/////zAKhwgLAAGS/////zAK +hwgLAAGT/////zAKhwgLAAGU/////zAKhwgLAAGV/////zAKhwgLAAGW/////zAK +hwgLAAGX/////zAKhwgLAAGY/////zAKhwgLAAGZ/////zAKhwgLAAGa/////zAK +hwgLAAGb/////zAKhwgLAAGc/////zAKhwgLAAGd/////zAKhwgLAAGe/////zAK +hwgLAAGf/////zAKhwgLAAGg/////zAKhwgLAAGh/////zAKhwgLAAGi/////zAK +hwgLAAGj/////zAKhwgLAAGk/////zAKhwgLAAGl/////zAKhwgLAAGm/////zAK +hwgLAAGn/////zAKhwgLAAGo/////zAKhwgLAAGp/////zAKhwgLAAGq/////zAK +hwgLAAGr/////zAKhwgLAAGs/////zAKhwgLAAGt/////zAKhwgLAAGu/////zAK +hwgLAAGv/////zAKhwgLAAGw/////zAKhwgLAAGx/////zAKhwgLAAGy/////zAK +hwgLAAGz/////zAKhwgLAAG0/////zAKhwgLAAG1/////zAKhwgLAAG2/////zAK +hwgLAAG3/////zAKhwgLAAG4/////zAKhwgLAAG5/////zAKhwgLAAG6/////zAK +hwgLAAG7/////zAKhwgLAAG8/////zAKhwgLAAG9/////zAKhwgLAAG+/////zAK +hwgLAAG//////zAKhwgLAAHA/////zAKhwgLAAHB/////zAKhwgLAAHC/////zAK +hwgLAAHD/////zAKhwgLAAHE/////zAKhwgLAAHF/////zAKhwgLAAHG/////zAK +hwgLAAHH/////zAKhwgLAAHI/////zAKhwgLAAHJ/////zAKhwgLAAHK/////zAK +hwgLAAHL/////zAKhwgLAAHM/////zAKhwgLAAHN/////zAKhwgLAAHO/////zAK +hwgLAAHP/////zAKhwgLAAHQ/////zAKhwgLAAHR/////zAKhwgLAAHS/////zAK +hwgLAAHT/////zAKhwgLAAHU/////zAKhwgLAAHV/////zAKhwgLAAHW/////zAK +hwgLAAHX/////zAKhwgLAAHY/////zAKhwgLAAHZ/////zAKhwgLAAHa/////zAK +hwgLAAHb/////zAKhwgLAAHc/////zAKhwgLAAHd/////zAKhwgLAAHe/////zAK +hwgLAAHf/////zAKhwgLAAHg/////zAKhwgLAAHh/////zAKhwgLAAHi/////zAK +hwgLAAHj/////zAKhwgLAAHk/////zAKhwgLAAHl/////zAKhwgLAAHm/////zAK +hwgLAAHn/////zAKhwgLAAHo/////zAKhwgLAAHp/////zAKhwgLAAHq/////zAK +hwgLAAHr/////zAKhwgLAAHs/////zAKhwgLAAHt/////zAKhwgLAAHu/////zAK +hwgLAAHv/////zAKhwgLAAHw/////zAKhwgLAAHx/////zAKhwgLAAHy/////zAK +hwgLAAHz/////zAKhwgLAAH0/////zAKhwgLAAH1/////zAKhwgLAAH2/////zAK +hwgLAAH3/////zAKhwgLAAH4/////zAKhwgLAAH5/////zAKhwgLAAH6/////zAK +hwgLAAH7/////zAKhwgLAAH8/////zAKhwgLAAH9/////zAKhwgLAAH+/////zAK +hwgLAAH//////zAKhwgLAAIA/////zAKhwgLAAIB/////zAKhwgLAAIC/////zAK +hwgLAAID/////zAKhwgLAAIE/////zAKhwgLAAIF/////zAKhwgLAAIG/////zAK +hwgLAAIH/////zAKhwgLAAII/////zAKhwgLAAIJ/////zAKhwgLAAIK/////zAK +hwgLAAIL/////zAKhwgLAAIM/////zAKhwgLAAIN/////zAKhwgLAAIO/////zAK +hwgLAAIP/////zAKhwgLAAIQ/////zAKhwgLAAIR/////zAKhwgLAAIS/////zAK +hwgLAAIT/////zAKhwgLAAIU/////zAKhwgLAAIV/////zAKhwgLAAIW/////zAK +hwgLAAIX/////zAKhwgLAAIY/////zAKhwgLAAIZ/////zAKhwgLAAIa/////zAK +hwgLAAIb/////zAKhwgLAAIc/////zAKhwgLAAId/////zAKhwgLAAIe/////zAK +hwgLAAIf/////zAKhwgLAAIg/////zAKhwgLAAIh/////zAKhwgLAAIi/////zAK +hwgLAAIj/////zAKhwgLAAIk/////zAKhwgLAAIl/////zAKhwgLAAIm/////zAK +hwgLAAIn/////zAKhwgLAAIo/////zAKhwgLAAIp/////zAKhwgLAAIq/////zAK +hwgLAAIr/////zAKhwgLAAIs/////zAKhwgLAAIt/////zAKhwgLAAIu/////zAK +hwgLAAIv/////zAKhwgLAAIw/////zAKhwgLAAIx/////zAKhwgLAAIy/////zAK +hwgLAAIz/////zAKhwgLAAI0/////zAKhwgLAAI1/////zAKhwgLAAI2/////zAK +hwgLAAI3/////zAKhwgLAAI4/////zAKhwgLAAI5/////zAKhwgLAAI6/////zAK +hwgLAAI7/////zAKhwgLAAI8/////zAKhwgLAAI9/////zAKhwgLAAI+/////zAK +hwgLAAI//////zAKhwgLAAJA/////zAKhwgLAAJB/////zAKhwgLAAJC/////zAK +hwgLAAJD/////zAKhwgLAAJE/////zAKhwgLAAJF/////zAKhwgLAAJG/////zAK +hwgLAAJH/////zAKhwgLAAJI/////zAKhwgLAAJJ/////zAKhwgLAAJK/////zAK +hwgLAAJL/////zAKhwgLAAJM/////zAKhwgLAAJN/////zAKhwgLAAJO/////zAK +hwgLAAJP/////zAKhwgLAAJQ/////zAKhwgLAAJR/////zAKhwgLAAJS/////zAK +hwgLAAJT/////zAKhwgLAAJU/////zAKhwgLAAJV/////zAKhwgLAAJW/////zAK +hwgLAAJX/////zAKhwgLAAJY/////zAKhwgLAAJZ/////zAKhwgLAAJa/////zAK +hwgLAAJb/////zAKhwgLAAJc/////zAKhwgLAAJd/////zAKhwgLAAJe/////zAK +hwgLAAJf/////zAKhwgLAAJg/////zAKhwgLAAJh/////zAKhwgLAAJi/////zAK +hwgLAAJj/////zAKhwgLAAJk/////zAKhwgLAAJl/////zAKhwgLAAJm/////zAK +hwgLAAJn/////zAKhwgLAAJo/////zAKhwgLAAJp/////zAKhwgLAAJq/////zAK +hwgLAAJr/////zAKhwgLAAJs/////zAKhwgLAAJt/////zAKhwgLAAJu/////zAK +hwgLAAJv/////zAKhwgLAAJw/////zAKhwgLAAJx/////zAKhwgLAAJy/////zAK +hwgLAAJz/////zAKhwgLAAJ0/////zAKhwgLAAJ1/////zAKhwgLAAJ2/////zAK +hwgLAAJ3/////zAKhwgLAAJ4/////zAKhwgLAAJ5/////zAKhwgLAAJ6/////zAK +hwgLAAJ7/////zAKhwgLAAJ8/////zAKhwgLAAJ9/////zAKhwgLAAJ+/////zAK +hwgLAAJ//////zAKhwgLAAKA/////zAKhwgLAAKB/////zAKhwgLAAKC/////zAK +hwgLAAKD/////zAKhwgLAAKE/////zAKhwgLAAKF/////zAKhwgLAAKG/////zAK +hwgLAAKH/////zAKhwgLAAKI/////zAKhwgLAAKJ/////zAKhwgLAAKK/////zAK +hwgLAAKL/////zAKhwgLAAKM/////zAKhwgLAAKN/////zAKhwgLAAKO/////zAK +hwgLAAKP/////zAKhwgLAAKQ/////zAKhwgLAAKR/////zAKhwgLAAKS/////zAK +hwgLAAKT/////zAKhwgLAAKU/////zAKhwgLAAKV/////zAKhwgLAAKW/////zAK +hwgLAAKX/////zAKhwgLAAKY/////zAKhwgLAAKZ/////zAKhwgLAAKa/////zAK +hwgLAAKb/////zAKhwgLAAKc/////zAKhwgLAAKd/////zAKhwgLAAKe/////zAK +hwgLAAKf/////zAKhwgLAAKg/////zAKhwgLAAKh/////zAKhwgLAAKi/////zAK +hwgLAAKj/////zAKhwgLAAKk/////zAKhwgLAAKl/////zAKhwgLAAKm/////zAK +hwgLAAKn/////zAKhwgLAAKo/////zAKhwgLAAKp/////zAKhwgLAAKq/////zAK +hwgLAAKr/////zAKhwgLAAKs/////zAKhwgLAAKt/////zAKhwgLAAKu/////zAK +hwgLAAKv/////zAKhwgLAAKw/////zAKhwgLAAKx/////zAKhwgLAAKy/////zAK +hwgLAAKz/////zAKhwgLAAK0/////zAKhwgLAAK1/////zAKhwgLAAK2/////zAK +hwgLAAK3/////zAKhwgLAAK4/////zAKhwgLAAK5/////zAKhwgLAAK6/////zAK +hwgLAAK7/////zAKhwgLAAK8/////zAKhwgLAAK9/////zAKhwgLAAK+/////zAK +hwgLAAK//////zAKhwgLAALA/////zAKhwgLAALB/////zAKhwgLAALC/////zAK +hwgLAALD/////zAKhwgLAALE/////zAKhwgLAALF/////zAKhwgLAALG/////zAK +hwgLAALH/////zAKhwgLAALI/////zAKhwgLAALJ/////zAKhwgLAALK/////zAK +hwgLAALL/////zAKhwgLAALM/////zAKhwgLAALN/////zAKhwgLAALO/////zAK +hwgLAALP/////zAKhwgLAALQ/////zAKhwgLAALR/////zAKhwgLAALS/////zAK +hwgLAALT/////zAKhwgLAALU/////zAKhwgLAALV/////zAKhwgLAALW/////zAK +hwgLAALX/////zAKhwgLAALY/////zAKhwgLAALZ/////zAKhwgLAALa/////zAK +hwgLAALb/////zAKhwgLAALc/////zAKhwgLAALd/////zAKhwgLAALe/////zAK +hwgLAALf/////zAKhwgLAALg/////zAKhwgLAALh/////zAKhwgLAALi/////zAK +hwgLAALj/////zAKhwgLAALk/////zAKhwgLAALl/////zAKhwgLAALm/////zAK +hwgLAALn/////zAKhwgLAALo/////zAKhwgLAALp/////zAKhwgLAALq/////zAK +hwgLAALr/////zAKhwgLAALs/////zAKhwgLAALt/////zAKhwgLAALu/////zAK +hwgLAALv/////zAKhwgLAALw/////zAKhwgLAALx/////zAKhwgLAALy/////zAK +hwgLAALz/////zAKhwgLAAL0/////zAKhwgLAAL1/////zAKhwgLAAL2/////zAK +hwgLAAL3/////zAKhwgLAAL4/////zAKhwgLAAL5/////zAKhwgLAAL6/////zAK +hwgLAAL7/////zAKhwgLAAL8/////zAKhwgLAAL9/////zAKhwgLAAL+/////zAK +hwgLAAL//////zAKhwgLAAMA/////zAKhwgLAAMB/////zAKhwgLAAMC/////zAK +hwgLAAMD/////zAKhwgLAAME/////zAKhwgLAAMF/////zAKhwgLAAMG/////zAK +hwgLAAMH/////zAKhwgLAAMI/////zAKhwgLAAMJ/////zAKhwgLAAMK/////zAK +hwgLAAML/////zAKhwgLAAMM/////zAKhwgLAAMN/////zAKhwgLAAMO/////zAK +hwgLAAMP/////zAKhwgLAAMQ/////zAKhwgLAAMR/////zAKhwgLAAMS/////zAK +hwgLAAMT/////zAKhwgLAAMU/////zAKhwgLAAMV/////zAKhwgLAAMW/////zAK +hwgLAAMX/////zAKhwgLAAMY/////zAKhwgLAAMZ/////zAKhwgLAAMa/////zAK +hwgLAAMb/////zAKhwgLAAMc/////zAKhwgLAAMd/////zAKhwgLAAMe/////zAK +hwgLAAMf/////zAKhwgLAAMg/////zAKhwgLAAMh/////zAKhwgLAAMi/////zAK +hwgLAAMj/////zAKhwgLAAMk/////zAKhwgLAAMl/////zAKhwgLAAMm/////zAK +hwgLAAMn/////zAKhwgLAAMo/////zAKhwgLAAMp/////zAKhwgLAAMq/////zAK +hwgLAAMr/////zAKhwgLAAMs/////zAKhwgLAAMt/////zAKhwgLAAMu/////zAK +hwgLAAMv/////zAKhwgLAAMw/////zAKhwgLAAMx/////zAKhwgLAAMy/////zAK +hwgLAAMz/////zAKhwgLAAM0/////zAKhwgLAAM1/////zAKhwgLAAM2/////zAK +hwgLAAM3/////zAKhwgLAAM4/////zAKhwgLAAM5/////zAKhwgLAAM6/////zAK +hwgLAAM7/////zAKhwgLAAM8/////zAKhwgLAAM9/////zAKhwgLAAM+/////zAK +hwgLAAM//////zAKhwgLAANA/////zAKhwgLAANB/////zAKhwgLAANC/////zAK +hwgLAAND/////zAKhwgLAANE/////zAKhwgLAANF/////zAKhwgLAANG/////zAK +hwgLAANH/////zAKhwgLAANI/////zAKhwgLAANJ/////zAKhwgLAANK/////zAK +hwgLAANL/////zAKhwgLAANM/////zAKhwgLAANN/////zAKhwgLAANO/////zAK +hwgLAANP/////zAKhwgLAANQ/////zAKhwgLAANR/////zAKhwgLAANS/////zAK +hwgLAANT/////zAKhwgLAANU/////zAKhwgLAANV/////zAKhwgLAANW/////zAK +hwgLAANX/////zAKhwgLAANY/////zAKhwgLAANZ/////zAKhwgLAANa/////zAK +hwgLAANb/////zAKhwgLAANc/////zAKhwgLAANd/////zAKhwgLAANe/////zAK +hwgLAANf/////zAKhwgLAANg/////zAKhwgLAANh/////zAKhwgLAANi/////zAK +hwgLAANj/////zAKhwgLAANk/////zAKhwgLAANl/////zAKhwgLAANm/////zAK +hwgLAANn/////zAKhwgLAANo/////zAKhwgLAANp/////zAKhwgLAANq/////zAK +hwgLAANr/////zAKhwgLAANs/////zAKhwgLAANt/////zAKhwgLAANu/////zAK +hwgLAANv/////zAKhwgLAANw/////zAKhwgLAANx/////zAKhwgLAANy/////zAK +hwgLAANz/////zAKhwgLAAN0/////zAKhwgLAAN1/////zAKhwgLAAN2/////zAK +hwgLAAN3/////zAKhwgLAAN4/////zAKhwgLAAN5/////zAKhwgLAAN6/////zAK +hwgLAAN7/////zAKhwgLAAN8/////zAKhwgLAAN9/////zAKhwgLAAN+/////zAK +hwgLAAN//////zAKhwgLAAOA/////zAKhwgLAAOB/////zAKhwgLAAOC/////zAK +hwgLAAOD/////zAKhwgLAAOE/////zAKhwgLAAOF/////zAKhwgLAAOG/////zAK +hwgLAAOH/////zAKhwgLAAOI/////zAKhwgLAAOJ/////zAKhwgLAAOK/////zAK +hwgLAAOL/////zAKhwgLAAOM/////zAKhwgLAAON/////zAKhwgLAAOO/////zAK +hwgLAAOP/////zAKhwgLAAOQ/////zAKhwgLAAOR/////zAKhwgLAAOS/////zAK +hwgLAAOT/////zAKhwgLAAOU/////zAKhwgLAAOV/////zAKhwgLAAOW/////zAK +hwgLAAOX/////zAKhwgLAAOY/////zAKhwgLAAOZ/////zAKhwgLAAOa/////zAK +hwgLAAOb/////zAKhwgLAAOc/////zAKhwgLAAOd/////zAKhwgLAAOe/////zAK +hwgLAAOf/////zAKhwgLAAOg/////zAKhwgLAAOh/////zAKhwgLAAOi/////zAK +hwgLAAOj/////zAKhwgLAAOk/////zAKhwgLAAOl/////zAKhwgLAAOm/////zAK +hwgLAAOn/////zAKhwgLAAOo/////zAKhwgLAAOp/////zAKhwgLAAOq/////zAK +hwgLAAOr/////zAKhwgLAAOs/////zAKhwgLAAOt/////zAKhwgLAAOu/////zAK +hwgLAAOv/////zAKhwgLAAOw/////zAKhwgLAAOx/////zAKhwgLAAOy/////zAK +hwgLAAOz/////zAKhwgLAAO0/////zAKhwgLAAO1/////zAKhwgLAAO2/////zAK +hwgLAAO3/////zAKhwgLAAO4/////zAKhwgLAAO5/////zAKhwgLAAO6/////zAK +hwgLAAO7/////zAKhwgLAAO8/////zAKhwgLAAO9/////zAKhwgLAAO+/////zAK +hwgLAAO//////zAKhwgLAAPA/////zAKhwgLAAPB/////zAKhwgLAAPC/////zAK +hwgLAAPD/////zAKhwgLAAPE/////zAKhwgLAAPF/////zAKhwgLAAPG/////zAK +hwgLAAPH/////zAKhwgLAAPI/////zAKhwgLAAPJ/////zAKhwgLAAPK/////zAK +hwgLAAPL/////zAKhwgLAAPM/////zAKhwgLAAPN/////zAKhwgLAAPO/////zAK +hwgLAAPP/////zAKhwgLAAPQ/////zAKhwgLAAPR/////zAKhwgLAAPS/////zAK +hwgLAAPT/////zAKhwgLAAPU/////zAKhwgLAAPV/////zAKhwgLAAPW/////zAK +hwgLAAPX/////zAKhwgLAAPY/////zAKhwgLAAPZ/////zAKhwgLAAPa/////zAK +hwgLAAPb/////zAKhwgLAAPc/////zAKhwgLAAPd/////zAKhwgLAAPe/////zAK +hwgLAAPf/////zAKhwgLAAPg/////zAKhwgLAAPh/////zAKhwgLAAPi/////zAK +hwgLAAPj/////zAKhwgLAAPk/////zAKhwgLAAPl/////zAKhwgLAAPm/////zAK +hwgLAAPn/////zAKhwgLAAPo/////zAKhwgLAAPp/////zAKhwgLAAPq/////zAK +hwgLAAPr/////zAKhwgLAAPs/////zAKhwgLAAPt/////zAKhwgLAAPu/////zAK +hwgLAAPv/////zAKhwgLAAPw/////zAKhwgLAAPx/////zAKhwgLAAPy/////zAK +hwgLAAPz/////zAKhwgLAAP0/////zAKhwgLAAP1/////zAKhwgLAAP2/////zAK +hwgLAAP3/////zAKhwgLAAP4/////zAKhwgLAAP5/////zAKhwgLAAP6/////zAK +hwgLAAP7/////zAKhwgLAAP8/////zAKhwgLAAP9/////zAKhwgLAAP+/////zAK +hwgLAAP//////zAKhwgLAAQA/////zANBgkqhkiG9w0BAQsFAAOCAQEAekt7d20T +amfhYBe6w+YSpCQlobWz5m8saaCAw5lSoCD7rDxc5ZU/sayfFUMoOmJmmk+ii+0B +WeuoHlfe+QBqtHFzJ7r3FckbGcwMsSKZJmjiBlBveYMHm39cRmhEa5hmOkWUKjl0 +7AjXbmkOWzBueruqNsUZcU5mVER5u/OilYdIw3F7y4bW8oim12JgmDj0aCjRz+gA +0FuWzlJVguk8sR+CArcjc0zDZZDzq4yuVe/HFcm5sf+WuHo4UohGd1CY0wNipkwF +1Tgr1O/uvdBDY5PvEeGP8jjTcE+O3qbCAKH1fnxaeRGuETUqdm//b+EhSWkqyHCM +zD4OIa/2mw0OkA== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.pem new file mode 100644 index 0000000000..c4dfd8fbbc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_3.pem @@ -0,0 +1,1374 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + IP:11.0.0.170/255.255.255.255 + IP:11.0.0.171/255.255.255.255 + IP:11.0.0.172/255.255.255.255 + IP:11.0.0.173/255.255.255.255 + IP:11.0.0.174/255.255.255.255 + IP:11.0.0.175/255.255.255.255 + IP:11.0.0.176/255.255.255.255 + IP:11.0.0.177/255.255.255.255 + IP:11.0.0.178/255.255.255.255 + IP:11.0.0.179/255.255.255.255 + IP:11.0.0.180/255.255.255.255 + IP:11.0.0.181/255.255.255.255 + IP:11.0.0.182/255.255.255.255 + IP:11.0.0.183/255.255.255.255 + IP:11.0.0.184/255.255.255.255 + IP:11.0.0.185/255.255.255.255 + IP:11.0.0.186/255.255.255.255 + IP:11.0.0.187/255.255.255.255 + IP:11.0.0.188/255.255.255.255 + IP:11.0.0.189/255.255.255.255 + IP:11.0.0.190/255.255.255.255 + IP:11.0.0.191/255.255.255.255 + IP:11.0.0.192/255.255.255.255 + IP:11.0.0.193/255.255.255.255 + IP:11.0.0.194/255.255.255.255 + IP:11.0.0.195/255.255.255.255 + IP:11.0.0.196/255.255.255.255 + IP:11.0.0.197/255.255.255.255 + IP:11.0.0.198/255.255.255.255 + IP:11.0.0.199/255.255.255.255 + IP:11.0.0.200/255.255.255.255 + IP:11.0.0.201/255.255.255.255 + IP:11.0.0.202/255.255.255.255 + IP:11.0.0.203/255.255.255.255 + IP:11.0.0.204/255.255.255.255 + IP:11.0.0.205/255.255.255.255 + IP:11.0.0.206/255.255.255.255 + IP:11.0.0.207/255.255.255.255 + IP:11.0.0.208/255.255.255.255 + IP:11.0.0.209/255.255.255.255 + IP:11.0.0.210/255.255.255.255 + IP:11.0.0.211/255.255.255.255 + IP:11.0.0.212/255.255.255.255 + IP:11.0.0.213/255.255.255.255 + IP:11.0.0.214/255.255.255.255 + IP:11.0.0.215/255.255.255.255 + IP:11.0.0.216/255.255.255.255 + IP:11.0.0.217/255.255.255.255 + IP:11.0.0.218/255.255.255.255 + IP:11.0.0.219/255.255.255.255 + IP:11.0.0.220/255.255.255.255 + IP:11.0.0.221/255.255.255.255 + IP:11.0.0.222/255.255.255.255 + IP:11.0.0.223/255.255.255.255 + IP:11.0.0.224/255.255.255.255 + IP:11.0.0.225/255.255.255.255 + IP:11.0.0.226/255.255.255.255 + IP:11.0.0.227/255.255.255.255 + IP:11.0.0.228/255.255.255.255 + IP:11.0.0.229/255.255.255.255 + IP:11.0.0.230/255.255.255.255 + IP:11.0.0.231/255.255.255.255 + IP:11.0.0.232/255.255.255.255 + IP:11.0.0.233/255.255.255.255 + IP:11.0.0.234/255.255.255.255 + IP:11.0.0.235/255.255.255.255 + IP:11.0.0.236/255.255.255.255 + IP:11.0.0.237/255.255.255.255 + IP:11.0.0.238/255.255.255.255 + IP:11.0.0.239/255.255.255.255 + IP:11.0.0.240/255.255.255.255 + IP:11.0.0.241/255.255.255.255 + IP:11.0.0.242/255.255.255.255 + IP:11.0.0.243/255.255.255.255 + IP:11.0.0.244/255.255.255.255 + IP:11.0.0.245/255.255.255.255 + IP:11.0.0.246/255.255.255.255 + IP:11.0.0.247/255.255.255.255 + IP:11.0.0.248/255.255.255.255 + IP:11.0.0.249/255.255.255.255 + IP:11.0.0.250/255.255.255.255 + IP:11.0.0.251/255.255.255.255 + IP:11.0.0.252/255.255.255.255 + IP:11.0.0.253/255.255.255.255 + IP:11.0.0.254/255.255.255.255 + IP:11.0.0.255/255.255.255.255 + IP:11.0.1.0/255.255.255.255 + IP:11.0.1.1/255.255.255.255 + IP:11.0.1.2/255.255.255.255 + IP:11.0.1.3/255.255.255.255 + IP:11.0.1.4/255.255.255.255 + IP:11.0.1.5/255.255.255.255 + IP:11.0.1.6/255.255.255.255 + IP:11.0.1.7/255.255.255.255 + IP:11.0.1.8/255.255.255.255 + IP:11.0.1.9/255.255.255.255 + IP:11.0.1.10/255.255.255.255 + IP:11.0.1.11/255.255.255.255 + IP:11.0.1.12/255.255.255.255 + IP:11.0.1.13/255.255.255.255 + IP:11.0.1.14/255.255.255.255 + IP:11.0.1.15/255.255.255.255 + IP:11.0.1.16/255.255.255.255 + IP:11.0.1.17/255.255.255.255 + IP:11.0.1.18/255.255.255.255 + IP:11.0.1.19/255.255.255.255 + IP:11.0.1.20/255.255.255.255 + IP:11.0.1.21/255.255.255.255 + IP:11.0.1.22/255.255.255.255 + IP:11.0.1.23/255.255.255.255 + IP:11.0.1.24/255.255.255.255 + IP:11.0.1.25/255.255.255.255 + IP:11.0.1.26/255.255.255.255 + IP:11.0.1.27/255.255.255.255 + IP:11.0.1.28/255.255.255.255 + IP:11.0.1.29/255.255.255.255 + IP:11.0.1.30/255.255.255.255 + IP:11.0.1.31/255.255.255.255 + IP:11.0.1.32/255.255.255.255 + IP:11.0.1.33/255.255.255.255 + IP:11.0.1.34/255.255.255.255 + IP:11.0.1.35/255.255.255.255 + IP:11.0.1.36/255.255.255.255 + IP:11.0.1.37/255.255.255.255 + IP:11.0.1.38/255.255.255.255 + IP:11.0.1.39/255.255.255.255 + IP:11.0.1.40/255.255.255.255 + IP:11.0.1.41/255.255.255.255 + IP:11.0.1.42/255.255.255.255 + IP:11.0.1.43/255.255.255.255 + IP:11.0.1.44/255.255.255.255 + IP:11.0.1.45/255.255.255.255 + IP:11.0.1.46/255.255.255.255 + IP:11.0.1.47/255.255.255.255 + IP:11.0.1.48/255.255.255.255 + IP:11.0.1.49/255.255.255.255 + IP:11.0.1.50/255.255.255.255 + IP:11.0.1.51/255.255.255.255 + IP:11.0.1.52/255.255.255.255 + IP:11.0.1.53/255.255.255.255 + IP:11.0.1.54/255.255.255.255 + IP:11.0.1.55/255.255.255.255 + IP:11.0.1.56/255.255.255.255 + IP:11.0.1.57/255.255.255.255 + IP:11.0.1.58/255.255.255.255 + IP:11.0.1.59/255.255.255.255 + IP:11.0.1.60/255.255.255.255 + IP:11.0.1.61/255.255.255.255 + IP:11.0.1.62/255.255.255.255 + IP:11.0.1.63/255.255.255.255 + IP:11.0.1.64/255.255.255.255 + IP:11.0.1.65/255.255.255.255 + IP:11.0.1.66/255.255.255.255 + IP:11.0.1.67/255.255.255.255 + IP:11.0.1.68/255.255.255.255 + IP:11.0.1.69/255.255.255.255 + IP:11.0.1.70/255.255.255.255 + IP:11.0.1.71/255.255.255.255 + IP:11.0.1.72/255.255.255.255 + IP:11.0.1.73/255.255.255.255 + IP:11.0.1.74/255.255.255.255 + IP:11.0.1.75/255.255.255.255 + IP:11.0.1.76/255.255.255.255 + IP:11.0.1.77/255.255.255.255 + IP:11.0.1.78/255.255.255.255 + IP:11.0.1.79/255.255.255.255 + IP:11.0.1.80/255.255.255.255 + IP:11.0.1.81/255.255.255.255 + IP:11.0.1.82/255.255.255.255 + IP:11.0.1.83/255.255.255.255 + IP:11.0.1.84/255.255.255.255 + IP:11.0.1.85/255.255.255.255 + IP:11.0.1.86/255.255.255.255 + IP:11.0.1.87/255.255.255.255 + IP:11.0.1.88/255.255.255.255 + IP:11.0.1.89/255.255.255.255 + IP:11.0.1.90/255.255.255.255 + IP:11.0.1.91/255.255.255.255 + IP:11.0.1.92/255.255.255.255 + IP:11.0.1.93/255.255.255.255 + IP:11.0.1.94/255.255.255.255 + IP:11.0.1.95/255.255.255.255 + IP:11.0.1.96/255.255.255.255 + IP:11.0.1.97/255.255.255.255 + IP:11.0.1.98/255.255.255.255 + IP:11.0.1.99/255.255.255.255 + IP:11.0.1.100/255.255.255.255 + IP:11.0.1.101/255.255.255.255 + IP:11.0.1.102/255.255.255.255 + IP:11.0.1.103/255.255.255.255 + IP:11.0.1.104/255.255.255.255 + IP:11.0.1.105/255.255.255.255 + IP:11.0.1.106/255.255.255.255 + IP:11.0.1.107/255.255.255.255 + IP:11.0.1.108/255.255.255.255 + IP:11.0.1.109/255.255.255.255 + IP:11.0.1.110/255.255.255.255 + IP:11.0.1.111/255.255.255.255 + IP:11.0.1.112/255.255.255.255 + IP:11.0.1.113/255.255.255.255 + IP:11.0.1.114/255.255.255.255 + IP:11.0.1.115/255.255.255.255 + IP:11.0.1.116/255.255.255.255 + IP:11.0.1.117/255.255.255.255 + IP:11.0.1.118/255.255.255.255 + IP:11.0.1.119/255.255.255.255 + IP:11.0.1.120/255.255.255.255 + IP:11.0.1.121/255.255.255.255 + IP:11.0.1.122/255.255.255.255 + IP:11.0.1.123/255.255.255.255 + IP:11.0.1.124/255.255.255.255 + IP:11.0.1.125/255.255.255.255 + IP:11.0.1.126/255.255.255.255 + IP:11.0.1.127/255.255.255.255 + IP:11.0.1.128/255.255.255.255 + IP:11.0.1.129/255.255.255.255 + IP:11.0.1.130/255.255.255.255 + IP:11.0.1.131/255.255.255.255 + IP:11.0.1.132/255.255.255.255 + IP:11.0.1.133/255.255.255.255 + IP:11.0.1.134/255.255.255.255 + IP:11.0.1.135/255.255.255.255 + IP:11.0.1.136/255.255.255.255 + IP:11.0.1.137/255.255.255.255 + IP:11.0.1.138/255.255.255.255 + IP:11.0.1.139/255.255.255.255 + IP:11.0.1.140/255.255.255.255 + IP:11.0.1.141/255.255.255.255 + IP:11.0.1.142/255.255.255.255 + IP:11.0.1.143/255.255.255.255 + IP:11.0.1.144/255.255.255.255 + IP:11.0.1.145/255.255.255.255 + IP:11.0.1.146/255.255.255.255 + IP:11.0.1.147/255.255.255.255 + IP:11.0.1.148/255.255.255.255 + IP:11.0.1.149/255.255.255.255 + IP:11.0.1.150/255.255.255.255 + IP:11.0.1.151/255.255.255.255 + IP:11.0.1.152/255.255.255.255 + IP:11.0.1.153/255.255.255.255 + IP:11.0.1.154/255.255.255.255 + IP:11.0.1.155/255.255.255.255 + IP:11.0.1.156/255.255.255.255 + IP:11.0.1.157/255.255.255.255 + IP:11.0.1.158/255.255.255.255 + IP:11.0.1.159/255.255.255.255 + IP:11.0.1.160/255.255.255.255 + IP:11.0.1.161/255.255.255.255 + IP:11.0.1.162/255.255.255.255 + IP:11.0.1.163/255.255.255.255 + IP:11.0.1.164/255.255.255.255 + IP:11.0.1.165/255.255.255.255 + IP:11.0.1.166/255.255.255.255 + IP:11.0.1.167/255.255.255.255 + IP:11.0.1.168/255.255.255.255 + IP:11.0.1.169/255.255.255.255 + IP:11.0.1.170/255.255.255.255 + IP:11.0.1.171/255.255.255.255 + IP:11.0.1.172/255.255.255.255 + IP:11.0.1.173/255.255.255.255 + IP:11.0.1.174/255.255.255.255 + IP:11.0.1.175/255.255.255.255 + IP:11.0.1.176/255.255.255.255 + IP:11.0.1.177/255.255.255.255 + IP:11.0.1.178/255.255.255.255 + IP:11.0.1.179/255.255.255.255 + IP:11.0.1.180/255.255.255.255 + IP:11.0.1.181/255.255.255.255 + IP:11.0.1.182/255.255.255.255 + IP:11.0.1.183/255.255.255.255 + IP:11.0.1.184/255.255.255.255 + IP:11.0.1.185/255.255.255.255 + IP:11.0.1.186/255.255.255.255 + IP:11.0.1.187/255.255.255.255 + IP:11.0.1.188/255.255.255.255 + IP:11.0.1.189/255.255.255.255 + IP:11.0.1.190/255.255.255.255 + IP:11.0.1.191/255.255.255.255 + IP:11.0.1.192/255.255.255.255 + IP:11.0.1.193/255.255.255.255 + IP:11.0.1.194/255.255.255.255 + IP:11.0.1.195/255.255.255.255 + IP:11.0.1.196/255.255.255.255 + IP:11.0.1.197/255.255.255.255 + IP:11.0.1.198/255.255.255.255 + IP:11.0.1.199/255.255.255.255 + IP:11.0.1.200/255.255.255.255 + IP:11.0.1.201/255.255.255.255 + IP:11.0.1.202/255.255.255.255 + IP:11.0.1.203/255.255.255.255 + IP:11.0.1.204/255.255.255.255 + IP:11.0.1.205/255.255.255.255 + IP:11.0.1.206/255.255.255.255 + IP:11.0.1.207/255.255.255.255 + IP:11.0.1.208/255.255.255.255 + IP:11.0.1.209/255.255.255.255 + IP:11.0.1.210/255.255.255.255 + IP:11.0.1.211/255.255.255.255 + IP:11.0.1.212/255.255.255.255 + IP:11.0.1.213/255.255.255.255 + IP:11.0.1.214/255.255.255.255 + IP:11.0.1.215/255.255.255.255 + IP:11.0.1.216/255.255.255.255 + IP:11.0.1.217/255.255.255.255 + IP:11.0.1.218/255.255.255.255 + IP:11.0.1.219/255.255.255.255 + IP:11.0.1.220/255.255.255.255 + IP:11.0.1.221/255.255.255.255 + IP:11.0.1.222/255.255.255.255 + IP:11.0.1.223/255.255.255.255 + IP:11.0.1.224/255.255.255.255 + IP:11.0.1.225/255.255.255.255 + IP:11.0.1.226/255.255.255.255 + IP:11.0.1.227/255.255.255.255 + IP:11.0.1.228/255.255.255.255 + IP:11.0.1.229/255.255.255.255 + IP:11.0.1.230/255.255.255.255 + IP:11.0.1.231/255.255.255.255 + IP:11.0.1.232/255.255.255.255 + IP:11.0.1.233/255.255.255.255 + IP:11.0.1.234/255.255.255.255 + IP:11.0.1.235/255.255.255.255 + IP:11.0.1.236/255.255.255.255 + IP:11.0.1.237/255.255.255.255 + IP:11.0.1.238/255.255.255.255 + IP:11.0.1.239/255.255.255.255 + IP:11.0.1.240/255.255.255.255 + IP:11.0.1.241/255.255.255.255 + IP:11.0.1.242/255.255.255.255 + IP:11.0.1.243/255.255.255.255 + IP:11.0.1.244/255.255.255.255 + IP:11.0.1.245/255.255.255.255 + IP:11.0.1.246/255.255.255.255 + IP:11.0.1.247/255.255.255.255 + IP:11.0.1.248/255.255.255.255 + IP:11.0.1.249/255.255.255.255 + IP:11.0.1.250/255.255.255.255 + IP:11.0.1.251/255.255.255.255 + IP:11.0.1.252/255.255.255.255 + IP:11.0.1.253/255.255.255.255 + IP:11.0.1.254/255.255.255.255 + IP:11.0.1.255/255.255.255.255 + IP:11.0.2.0/255.255.255.255 + IP:11.0.2.1/255.255.255.255 + IP:11.0.2.2/255.255.255.255 + IP:11.0.2.3/255.255.255.255 + IP:11.0.2.4/255.255.255.255 + IP:11.0.2.5/255.255.255.255 + IP:11.0.2.6/255.255.255.255 + IP:11.0.2.7/255.255.255.255 + IP:11.0.2.8/255.255.255.255 + IP:11.0.2.9/255.255.255.255 + IP:11.0.2.10/255.255.255.255 + IP:11.0.2.11/255.255.255.255 + IP:11.0.2.12/255.255.255.255 + IP:11.0.2.13/255.255.255.255 + IP:11.0.2.14/255.255.255.255 + IP:11.0.2.15/255.255.255.255 + IP:11.0.2.16/255.255.255.255 + IP:11.0.2.17/255.255.255.255 + IP:11.0.2.18/255.255.255.255 + IP:11.0.2.19/255.255.255.255 + IP:11.0.2.20/255.255.255.255 + IP:11.0.2.21/255.255.255.255 + IP:11.0.2.22/255.255.255.255 + IP:11.0.2.23/255.255.255.255 + IP:11.0.2.24/255.255.255.255 + IP:11.0.2.25/255.255.255.255 + IP:11.0.2.26/255.255.255.255 + IP:11.0.2.27/255.255.255.255 + IP:11.0.2.28/255.255.255.255 + IP:11.0.2.29/255.255.255.255 + IP:11.0.2.30/255.255.255.255 + IP:11.0.2.31/255.255.255.255 + IP:11.0.2.32/255.255.255.255 + IP:11.0.2.33/255.255.255.255 + IP:11.0.2.34/255.255.255.255 + IP:11.0.2.35/255.255.255.255 + IP:11.0.2.36/255.255.255.255 + IP:11.0.2.37/255.255.255.255 + IP:11.0.2.38/255.255.255.255 + IP:11.0.2.39/255.255.255.255 + IP:11.0.2.40/255.255.255.255 + IP:11.0.2.41/255.255.255.255 + IP:11.0.2.42/255.255.255.255 + IP:11.0.2.43/255.255.255.255 + IP:11.0.2.44/255.255.255.255 + IP:11.0.2.45/255.255.255.255 + IP:11.0.2.46/255.255.255.255 + IP:11.0.2.47/255.255.255.255 + IP:11.0.2.48/255.255.255.255 + IP:11.0.2.49/255.255.255.255 + IP:11.0.2.50/255.255.255.255 + IP:11.0.2.51/255.255.255.255 + IP:11.0.2.52/255.255.255.255 + IP:11.0.2.53/255.255.255.255 + IP:11.0.2.54/255.255.255.255 + IP:11.0.2.55/255.255.255.255 + IP:11.0.2.56/255.255.255.255 + IP:11.0.2.57/255.255.255.255 + IP:11.0.2.58/255.255.255.255 + IP:11.0.2.59/255.255.255.255 + IP:11.0.2.60/255.255.255.255 + IP:11.0.2.61/255.255.255.255 + IP:11.0.2.62/255.255.255.255 + IP:11.0.2.63/255.255.255.255 + IP:11.0.2.64/255.255.255.255 + IP:11.0.2.65/255.255.255.255 + IP:11.0.2.66/255.255.255.255 + IP:11.0.2.67/255.255.255.255 + IP:11.0.2.68/255.255.255.255 + IP:11.0.2.69/255.255.255.255 + IP:11.0.2.70/255.255.255.255 + IP:11.0.2.71/255.255.255.255 + IP:11.0.2.72/255.255.255.255 + IP:11.0.2.73/255.255.255.255 + IP:11.0.2.74/255.255.255.255 + IP:11.0.2.75/255.255.255.255 + IP:11.0.2.76/255.255.255.255 + IP:11.0.2.77/255.255.255.255 + IP:11.0.2.78/255.255.255.255 + IP:11.0.2.79/255.255.255.255 + IP:11.0.2.80/255.255.255.255 + IP:11.0.2.81/255.255.255.255 + IP:11.0.2.82/255.255.255.255 + IP:11.0.2.83/255.255.255.255 + IP:11.0.2.84/255.255.255.255 + IP:11.0.2.85/255.255.255.255 + IP:11.0.2.86/255.255.255.255 + IP:11.0.2.87/255.255.255.255 + IP:11.0.2.88/255.255.255.255 + IP:11.0.2.89/255.255.255.255 + IP:11.0.2.90/255.255.255.255 + IP:11.0.2.91/255.255.255.255 + IP:11.0.2.92/255.255.255.255 + IP:11.0.2.93/255.255.255.255 + IP:11.0.2.94/255.255.255.255 + IP:11.0.2.95/255.255.255.255 + IP:11.0.2.96/255.255.255.255 + IP:11.0.2.97/255.255.255.255 + IP:11.0.2.98/255.255.255.255 + IP:11.0.2.99/255.255.255.255 + IP:11.0.2.100/255.255.255.255 + IP:11.0.2.101/255.255.255.255 + IP:11.0.2.102/255.255.255.255 + IP:11.0.2.103/255.255.255.255 + IP:11.0.2.104/255.255.255.255 + IP:11.0.2.105/255.255.255.255 + IP:11.0.2.106/255.255.255.255 + IP:11.0.2.107/255.255.255.255 + IP:11.0.2.108/255.255.255.255 + IP:11.0.2.109/255.255.255.255 + IP:11.0.2.110/255.255.255.255 + IP:11.0.2.111/255.255.255.255 + IP:11.0.2.112/255.255.255.255 + IP:11.0.2.113/255.255.255.255 + IP:11.0.2.114/255.255.255.255 + IP:11.0.2.115/255.255.255.255 + IP:11.0.2.116/255.255.255.255 + IP:11.0.2.117/255.255.255.255 + IP:11.0.2.118/255.255.255.255 + IP:11.0.2.119/255.255.255.255 + IP:11.0.2.120/255.255.255.255 + IP:11.0.2.121/255.255.255.255 + IP:11.0.2.122/255.255.255.255 + IP:11.0.2.123/255.255.255.255 + IP:11.0.2.124/255.255.255.255 + IP:11.0.2.125/255.255.255.255 + IP:11.0.2.126/255.255.255.255 + IP:11.0.2.127/255.255.255.255 + IP:11.0.2.128/255.255.255.255 + IP:11.0.2.129/255.255.255.255 + IP:11.0.2.130/255.255.255.255 + IP:11.0.2.131/255.255.255.255 + IP:11.0.2.132/255.255.255.255 + IP:11.0.2.133/255.255.255.255 + IP:11.0.2.134/255.255.255.255 + IP:11.0.2.135/255.255.255.255 + IP:11.0.2.136/255.255.255.255 + IP:11.0.2.137/255.255.255.255 + IP:11.0.2.138/255.255.255.255 + IP:11.0.2.139/255.255.255.255 + IP:11.0.2.140/255.255.255.255 + IP:11.0.2.141/255.255.255.255 + IP:11.0.2.142/255.255.255.255 + IP:11.0.2.143/255.255.255.255 + IP:11.0.2.144/255.255.255.255 + IP:11.0.2.145/255.255.255.255 + IP:11.0.2.146/255.255.255.255 + IP:11.0.2.147/255.255.255.255 + IP:11.0.2.148/255.255.255.255 + IP:11.0.2.149/255.255.255.255 + IP:11.0.2.150/255.255.255.255 + IP:11.0.2.151/255.255.255.255 + IP:11.0.2.152/255.255.255.255 + IP:11.0.2.153/255.255.255.255 + IP:11.0.2.154/255.255.255.255 + IP:11.0.2.155/255.255.255.255 + IP:11.0.2.156/255.255.255.255 + IP:11.0.2.157/255.255.255.255 + IP:11.0.2.158/255.255.255.255 + IP:11.0.2.159/255.255.255.255 + IP:11.0.2.160/255.255.255.255 + IP:11.0.2.161/255.255.255.255 + IP:11.0.2.162/255.255.255.255 + IP:11.0.2.163/255.255.255.255 + IP:11.0.2.164/255.255.255.255 + IP:11.0.2.165/255.255.255.255 + IP:11.0.2.166/255.255.255.255 + IP:11.0.2.167/255.255.255.255 + IP:11.0.2.168/255.255.255.255 + IP:11.0.2.169/255.255.255.255 + IP:11.0.2.170/255.255.255.255 + IP:11.0.2.171/255.255.255.255 + IP:11.0.2.172/255.255.255.255 + IP:11.0.2.173/255.255.255.255 + IP:11.0.2.174/255.255.255.255 + IP:11.0.2.175/255.255.255.255 + IP:11.0.2.176/255.255.255.255 + IP:11.0.2.177/255.255.255.255 + IP:11.0.2.178/255.255.255.255 + IP:11.0.2.179/255.255.255.255 + IP:11.0.2.180/255.255.255.255 + IP:11.0.2.181/255.255.255.255 + IP:11.0.2.182/255.255.255.255 + IP:11.0.2.183/255.255.255.255 + IP:11.0.2.184/255.255.255.255 + IP:11.0.2.185/255.255.255.255 + IP:11.0.2.186/255.255.255.255 + IP:11.0.2.187/255.255.255.255 + IP:11.0.2.188/255.255.255.255 + IP:11.0.2.189/255.255.255.255 + IP:11.0.2.190/255.255.255.255 + IP:11.0.2.191/255.255.255.255 + IP:11.0.2.192/255.255.255.255 + IP:11.0.2.193/255.255.255.255 + IP:11.0.2.194/255.255.255.255 + IP:11.0.2.195/255.255.255.255 + IP:11.0.2.196/255.255.255.255 + IP:11.0.2.197/255.255.255.255 + IP:11.0.2.198/255.255.255.255 + IP:11.0.2.199/255.255.255.255 + IP:11.0.2.200/255.255.255.255 + IP:11.0.2.201/255.255.255.255 + IP:11.0.2.202/255.255.255.255 + IP:11.0.2.203/255.255.255.255 + IP:11.0.2.204/255.255.255.255 + IP:11.0.2.205/255.255.255.255 + IP:11.0.2.206/255.255.255.255 + IP:11.0.2.207/255.255.255.255 + IP:11.0.2.208/255.255.255.255 + IP:11.0.2.209/255.255.255.255 + IP:11.0.2.210/255.255.255.255 + IP:11.0.2.211/255.255.255.255 + IP:11.0.2.212/255.255.255.255 + IP:11.0.2.213/255.255.255.255 + IP:11.0.2.214/255.255.255.255 + IP:11.0.2.215/255.255.255.255 + IP:11.0.2.216/255.255.255.255 + IP:11.0.2.217/255.255.255.255 + IP:11.0.2.218/255.255.255.255 + IP:11.0.2.219/255.255.255.255 + IP:11.0.2.220/255.255.255.255 + IP:11.0.2.221/255.255.255.255 + IP:11.0.2.222/255.255.255.255 + IP:11.0.2.223/255.255.255.255 + IP:11.0.2.224/255.255.255.255 + IP:11.0.2.225/255.255.255.255 + IP:11.0.2.226/255.255.255.255 + IP:11.0.2.227/255.255.255.255 + IP:11.0.2.228/255.255.255.255 + IP:11.0.2.229/255.255.255.255 + IP:11.0.2.230/255.255.255.255 + IP:11.0.2.231/255.255.255.255 + IP:11.0.2.232/255.255.255.255 + IP:11.0.2.233/255.255.255.255 + IP:11.0.2.234/255.255.255.255 + IP:11.0.2.235/255.255.255.255 + IP:11.0.2.236/255.255.255.255 + IP:11.0.2.237/255.255.255.255 + IP:11.0.2.238/255.255.255.255 + IP:11.0.2.239/255.255.255.255 + IP:11.0.2.240/255.255.255.255 + IP:11.0.2.241/255.255.255.255 + IP:11.0.2.242/255.255.255.255 + IP:11.0.2.243/255.255.255.255 + IP:11.0.2.244/255.255.255.255 + IP:11.0.2.245/255.255.255.255 + IP:11.0.2.246/255.255.255.255 + IP:11.0.2.247/255.255.255.255 + IP:11.0.2.248/255.255.255.255 + IP:11.0.2.249/255.255.255.255 + IP:11.0.2.250/255.255.255.255 + IP:11.0.2.251/255.255.255.255 + IP:11.0.2.252/255.255.255.255 + IP:11.0.2.253/255.255.255.255 + IP:11.0.2.254/255.255.255.255 + IP:11.0.2.255/255.255.255.255 + IP:11.0.3.0/255.255.255.255 + IP:11.0.3.1/255.255.255.255 + IP:11.0.3.2/255.255.255.255 + IP:11.0.3.3/255.255.255.255 + IP:11.0.3.4/255.255.255.255 + IP:11.0.3.5/255.255.255.255 + IP:11.0.3.6/255.255.255.255 + IP:11.0.3.7/255.255.255.255 + IP:11.0.3.8/255.255.255.255 + IP:11.0.3.9/255.255.255.255 + IP:11.0.3.10/255.255.255.255 + IP:11.0.3.11/255.255.255.255 + IP:11.0.3.12/255.255.255.255 + IP:11.0.3.13/255.255.255.255 + IP:11.0.3.14/255.255.255.255 + IP:11.0.3.15/255.255.255.255 + IP:11.0.3.16/255.255.255.255 + IP:11.0.3.17/255.255.255.255 + IP:11.0.3.18/255.255.255.255 + IP:11.0.3.19/255.255.255.255 + IP:11.0.3.20/255.255.255.255 + IP:11.0.3.21/255.255.255.255 + IP:11.0.3.22/255.255.255.255 + IP:11.0.3.23/255.255.255.255 + IP:11.0.3.24/255.255.255.255 + IP:11.0.3.25/255.255.255.255 + IP:11.0.3.26/255.255.255.255 + IP:11.0.3.27/255.255.255.255 + IP:11.0.3.28/255.255.255.255 + IP:11.0.3.29/255.255.255.255 + IP:11.0.3.30/255.255.255.255 + IP:11.0.3.31/255.255.255.255 + IP:11.0.3.32/255.255.255.255 + IP:11.0.3.33/255.255.255.255 + IP:11.0.3.34/255.255.255.255 + IP:11.0.3.35/255.255.255.255 + IP:11.0.3.36/255.255.255.255 + IP:11.0.3.37/255.255.255.255 + IP:11.0.3.38/255.255.255.255 + IP:11.0.3.39/255.255.255.255 + IP:11.0.3.40/255.255.255.255 + IP:11.0.3.41/255.255.255.255 + IP:11.0.3.42/255.255.255.255 + IP:11.0.3.43/255.255.255.255 + IP:11.0.3.44/255.255.255.255 + IP:11.0.3.45/255.255.255.255 + IP:11.0.3.46/255.255.255.255 + IP:11.0.3.47/255.255.255.255 + IP:11.0.3.48/255.255.255.255 + IP:11.0.3.49/255.255.255.255 + IP:11.0.3.50/255.255.255.255 + IP:11.0.3.51/255.255.255.255 + IP:11.0.3.52/255.255.255.255 + IP:11.0.3.53/255.255.255.255 + IP:11.0.3.54/255.255.255.255 + IP:11.0.3.55/255.255.255.255 + IP:11.0.3.56/255.255.255.255 + IP:11.0.3.57/255.255.255.255 + IP:11.0.3.58/255.255.255.255 + IP:11.0.3.59/255.255.255.255 + IP:11.0.3.60/255.255.255.255 + IP:11.0.3.61/255.255.255.255 + IP:11.0.3.62/255.255.255.255 + IP:11.0.3.63/255.255.255.255 + IP:11.0.3.64/255.255.255.255 + IP:11.0.3.65/255.255.255.255 + IP:11.0.3.66/255.255.255.255 + IP:11.0.3.67/255.255.255.255 + IP:11.0.3.68/255.255.255.255 + IP:11.0.3.69/255.255.255.255 + IP:11.0.3.70/255.255.255.255 + IP:11.0.3.71/255.255.255.255 + IP:11.0.3.72/255.255.255.255 + IP:11.0.3.73/255.255.255.255 + IP:11.0.3.74/255.255.255.255 + IP:11.0.3.75/255.255.255.255 + IP:11.0.3.76/255.255.255.255 + IP:11.0.3.77/255.255.255.255 + IP:11.0.3.78/255.255.255.255 + IP:11.0.3.79/255.255.255.255 + IP:11.0.3.80/255.255.255.255 + IP:11.0.3.81/255.255.255.255 + IP:11.0.3.82/255.255.255.255 + IP:11.0.3.83/255.255.255.255 + IP:11.0.3.84/255.255.255.255 + IP:11.0.3.85/255.255.255.255 + IP:11.0.3.86/255.255.255.255 + IP:11.0.3.87/255.255.255.255 + IP:11.0.3.88/255.255.255.255 + IP:11.0.3.89/255.255.255.255 + IP:11.0.3.90/255.255.255.255 + IP:11.0.3.91/255.255.255.255 + IP:11.0.3.92/255.255.255.255 + IP:11.0.3.93/255.255.255.255 + IP:11.0.3.94/255.255.255.255 + IP:11.0.3.95/255.255.255.255 + IP:11.0.3.96/255.255.255.255 + IP:11.0.3.97/255.255.255.255 + IP:11.0.3.98/255.255.255.255 + IP:11.0.3.99/255.255.255.255 + IP:11.0.3.100/255.255.255.255 + IP:11.0.3.101/255.255.255.255 + IP:11.0.3.102/255.255.255.255 + IP:11.0.3.103/255.255.255.255 + IP:11.0.3.104/255.255.255.255 + IP:11.0.3.105/255.255.255.255 + IP:11.0.3.106/255.255.255.255 + IP:11.0.3.107/255.255.255.255 + IP:11.0.3.108/255.255.255.255 + IP:11.0.3.109/255.255.255.255 + IP:11.0.3.110/255.255.255.255 + IP:11.0.3.111/255.255.255.255 + IP:11.0.3.112/255.255.255.255 + IP:11.0.3.113/255.255.255.255 + IP:11.0.3.114/255.255.255.255 + IP:11.0.3.115/255.255.255.255 + IP:11.0.3.116/255.255.255.255 + IP:11.0.3.117/255.255.255.255 + IP:11.0.3.118/255.255.255.255 + IP:11.0.3.119/255.255.255.255 + IP:11.0.3.120/255.255.255.255 + IP:11.0.3.121/255.255.255.255 + IP:11.0.3.122/255.255.255.255 + IP:11.0.3.123/255.255.255.255 + IP:11.0.3.124/255.255.255.255 + IP:11.0.3.125/255.255.255.255 + IP:11.0.3.126/255.255.255.255 + IP:11.0.3.127/255.255.255.255 + IP:11.0.3.128/255.255.255.255 + IP:11.0.3.129/255.255.255.255 + IP:11.0.3.130/255.255.255.255 + IP:11.0.3.131/255.255.255.255 + IP:11.0.3.132/255.255.255.255 + IP:11.0.3.133/255.255.255.255 + IP:11.0.3.134/255.255.255.255 + IP:11.0.3.135/255.255.255.255 + IP:11.0.3.136/255.255.255.255 + IP:11.0.3.137/255.255.255.255 + IP:11.0.3.138/255.255.255.255 + IP:11.0.3.139/255.255.255.255 + IP:11.0.3.140/255.255.255.255 + IP:11.0.3.141/255.255.255.255 + IP:11.0.3.142/255.255.255.255 + IP:11.0.3.143/255.255.255.255 + IP:11.0.3.144/255.255.255.255 + IP:11.0.3.145/255.255.255.255 + IP:11.0.3.146/255.255.255.255 + IP:11.0.3.147/255.255.255.255 + IP:11.0.3.148/255.255.255.255 + IP:11.0.3.149/255.255.255.255 + IP:11.0.3.150/255.255.255.255 + IP:11.0.3.151/255.255.255.255 + IP:11.0.3.152/255.255.255.255 + IP:11.0.3.153/255.255.255.255 + IP:11.0.3.154/255.255.255.255 + IP:11.0.3.155/255.255.255.255 + IP:11.0.3.156/255.255.255.255 + IP:11.0.3.157/255.255.255.255 + IP:11.0.3.158/255.255.255.255 + IP:11.0.3.159/255.255.255.255 + IP:11.0.3.160/255.255.255.255 + IP:11.0.3.161/255.255.255.255 + IP:11.0.3.162/255.255.255.255 + IP:11.0.3.163/255.255.255.255 + IP:11.0.3.164/255.255.255.255 + IP:11.0.3.165/255.255.255.255 + IP:11.0.3.166/255.255.255.255 + IP:11.0.3.167/255.255.255.255 + IP:11.0.3.168/255.255.255.255 + IP:11.0.3.169/255.255.255.255 + IP:11.0.3.170/255.255.255.255 + IP:11.0.3.171/255.255.255.255 + IP:11.0.3.172/255.255.255.255 + IP:11.0.3.173/255.255.255.255 + IP:11.0.3.174/255.255.255.255 + IP:11.0.3.175/255.255.255.255 + IP:11.0.3.176/255.255.255.255 + IP:11.0.3.177/255.255.255.255 + IP:11.0.3.178/255.255.255.255 + IP:11.0.3.179/255.255.255.255 + IP:11.0.3.180/255.255.255.255 + IP:11.0.3.181/255.255.255.255 + IP:11.0.3.182/255.255.255.255 + IP:11.0.3.183/255.255.255.255 + IP:11.0.3.184/255.255.255.255 + IP:11.0.3.185/255.255.255.255 + IP:11.0.3.186/255.255.255.255 + IP:11.0.3.187/255.255.255.255 + IP:11.0.3.188/255.255.255.255 + IP:11.0.3.189/255.255.255.255 + IP:11.0.3.190/255.255.255.255 + IP:11.0.3.191/255.255.255.255 + IP:11.0.3.192/255.255.255.255 + IP:11.0.3.193/255.255.255.255 + IP:11.0.3.194/255.255.255.255 + IP:11.0.3.195/255.255.255.255 + IP:11.0.3.196/255.255.255.255 + IP:11.0.3.197/255.255.255.255 + IP:11.0.3.198/255.255.255.255 + IP:11.0.3.199/255.255.255.255 + IP:11.0.3.200/255.255.255.255 + IP:11.0.3.201/255.255.255.255 + IP:11.0.3.202/255.255.255.255 + IP:11.0.3.203/255.255.255.255 + IP:11.0.3.204/255.255.255.255 + IP:11.0.3.205/255.255.255.255 + IP:11.0.3.206/255.255.255.255 + IP:11.0.3.207/255.255.255.255 + IP:11.0.3.208/255.255.255.255 + IP:11.0.3.209/255.255.255.255 + IP:11.0.3.210/255.255.255.255 + IP:11.0.3.211/255.255.255.255 + IP:11.0.3.212/255.255.255.255 + IP:11.0.3.213/255.255.255.255 + IP:11.0.3.214/255.255.255.255 + IP:11.0.3.215/255.255.255.255 + IP:11.0.3.216/255.255.255.255 + IP:11.0.3.217/255.255.255.255 + IP:11.0.3.218/255.255.255.255 + IP:11.0.3.219/255.255.255.255 + IP:11.0.3.220/255.255.255.255 + IP:11.0.3.221/255.255.255.255 + IP:11.0.3.222/255.255.255.255 + IP:11.0.3.223/255.255.255.255 + IP:11.0.3.224/255.255.255.255 + IP:11.0.3.225/255.255.255.255 + IP:11.0.3.226/255.255.255.255 + IP:11.0.3.227/255.255.255.255 + IP:11.0.3.228/255.255.255.255 + IP:11.0.3.229/255.255.255.255 + IP:11.0.3.230/255.255.255.255 + IP:11.0.3.231/255.255.255.255 + IP:11.0.3.232/255.255.255.255 + IP:11.0.3.233/255.255.255.255 + IP:11.0.3.234/255.255.255.255 + IP:11.0.3.235/255.255.255.255 + IP:11.0.3.236/255.255.255.255 + IP:11.0.3.237/255.255.255.255 + IP:11.0.3.238/255.255.255.255 + IP:11.0.3.239/255.255.255.255 + IP:11.0.3.240/255.255.255.255 + IP:11.0.3.241/255.255.255.255 + IP:11.0.3.242/255.255.255.255 + IP:11.0.3.243/255.255.255.255 + IP:11.0.3.244/255.255.255.255 + IP:11.0.3.245/255.255.255.255 + IP:11.0.3.246/255.255.255.255 + IP:11.0.3.247/255.255.255.255 + IP:11.0.3.248/255.255.255.255 + IP:11.0.3.249/255.255.255.255 + IP:11.0.3.250/255.255.255.255 + IP:11.0.3.251/255.255.255.255 + IP:11.0.3.252/255.255.255.255 + IP:11.0.3.253/255.255.255.255 + IP:11.0.3.254/255.255.255.255 + IP:11.0.3.255/255.255.255.255 + IP:11.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 7a:02:f3:cd:04:f5:98:dc:c0:7a:aa:25:b5:a1:72:e5:09:99: + 3f:b8:54:a2:b7:28:72:61:af:46:c0:09:cc:63:fd:d4:1b:a6: + 36:c5:e2:62:bb:aa:71:f7:92:d2:7a:07:1b:35:ec:c7:2f:ad: + 44:86:6b:43:df:7a:49:05:ac:33:80:81:77:15:76:fb:be:03: + df:89:76:72:1e:c6:7a:ee:01:84:35:4f:a9:7f:67:5a:a5:e0: + 01:df:83:ac:02:ff:9f:77:d8:57:fc:07:ce:87:d1:24:e8:c0: + ac:dd:9b:46:3a:70:86:f9:94:02:c5:63:75:f6:70:10:55:99: + 14:11:57:22:65:30:56:54:2b:95:db:36:02:72:b0:95:87:98: + 87:42:40:44:ff:4a:16:9e:f8:14:c4:b4:d5:ea:a8:06:b4:7b: + fb:eb:0d:45:35:db:8b:1a:3d:2c:df:39:d4:cd:9e:54:e8:e8: + 4f:37:1c:42:25:45:52:e6:c4:42:e7:85:f5:c7:3d:25:db:7f: + a0:29:4d:35:26:f4:d9:c1:4b:64:08:a7:66:fa:8f:4c:d3:94: + bf:8e:60:f3:53:bc:e9:83:c4:96:a1:97:66:27:df:55:90:1f: + 01:8e:6f:90:89:57:18:da:81:26:f1:f4:ad:74:1f:3b:2a:63: + 53:bf:2a:3e +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKGCMAwwCocICwAAAP////8wCocICwAAAf////8w +CocICwAAAv////8wCocICwAAA/////8wCocICwAABP////8wCocICwAABf////8w +CocICwAABv////8wCocICwAAB/////8wCocICwAACP////8wCocICwAACf////8w +CocICwAACv////8wCocICwAAC/////8wCocICwAADP////8wCocICwAADf////8w +CocICwAADv////8wCocICwAAD/////8wCocICwAAEP////8wCocICwAAEf////8w +CocICwAAEv////8wCocICwAAE/////8wCocICwAAFP////8wCocICwAAFf////8w +CocICwAAFv////8wCocICwAAF/////8wCocICwAAGP////8wCocICwAAGf////8w +CocICwAAGv////8wCocICwAAG/////8wCocICwAAHP////8wCocICwAAHf////8w +CocICwAAHv////8wCocICwAAH/////8wCocICwAAIP////8wCocICwAAIf////8w +CocICwAAIv////8wCocICwAAI/////8wCocICwAAJP////8wCocICwAAJf////8w +CocICwAAJv////8wCocICwAAJ/////8wCocICwAAKP////8wCocICwAAKf////8w +CocICwAAKv////8wCocICwAAK/////8wCocICwAALP////8wCocICwAALf////8w +CocICwAALv////8wCocICwAAL/////8wCocICwAAMP////8wCocICwAAMf////8w +CocICwAAMv////8wCocICwAAM/////8wCocICwAANP////8wCocICwAANf////8w +CocICwAANv////8wCocICwAAN/////8wCocICwAAOP////8wCocICwAAOf////8w +CocICwAAOv////8wCocICwAAO/////8wCocICwAAPP////8wCocICwAAPf////8w +CocICwAAPv////8wCocICwAAP/////8wCocICwAAQP////8wCocICwAAQf////8w +CocICwAAQv////8wCocICwAAQ/////8wCocICwAARP////8wCocICwAARf////8w +CocICwAARv////8wCocICwAAR/////8wCocICwAASP////8wCocICwAASf////8w +CocICwAASv////8wCocICwAAS/////8wCocICwAATP////8wCocICwAATf////8w +CocICwAATv////8wCocICwAAT/////8wCocICwAAUP////8wCocICwAAUf////8w +CocICwAAUv////8wCocICwAAU/////8wCocICwAAVP////8wCocICwAAVf////8w +CocICwAAVv////8wCocICwAAV/////8wCocICwAAWP////8wCocICwAAWf////8w +CocICwAAWv////8wCocICwAAW/////8wCocICwAAXP////8wCocICwAAXf////8w +CocICwAAXv////8wCocICwAAX/////8wCocICwAAYP////8wCocICwAAYf////8w +CocICwAAYv////8wCocICwAAY/////8wCocICwAAZP////8wCocICwAAZf////8w +CocICwAAZv////8wCocICwAAZ/////8wCocICwAAaP////8wCocICwAAaf////8w +CocICwAAav////8wCocICwAAa/////8wCocICwAAbP////8wCocICwAAbf////8w +CocICwAAbv////8wCocICwAAb/////8wCocICwAAcP////8wCocICwAAcf////8w +CocICwAAcv////8wCocICwAAc/////8wCocICwAAdP////8wCocICwAAdf////8w +CocICwAAdv////8wCocICwAAd/////8wCocICwAAeP////8wCocICwAAef////8w +CocICwAAev////8wCocICwAAe/////8wCocICwAAfP////8wCocICwAAff////8w +CocICwAAfv////8wCocICwAAf/////8wCocICwAAgP////8wCocICwAAgf////8w +CocICwAAgv////8wCocICwAAg/////8wCocICwAAhP////8wCocICwAAhf////8w +CocICwAAhv////8wCocICwAAh/////8wCocICwAAiP////8wCocICwAAif////8w +CocICwAAiv////8wCocICwAAi/////8wCocICwAAjP////8wCocICwAAjf////8w +CocICwAAjv////8wCocICwAAj/////8wCocICwAAkP////8wCocICwAAkf////8w +CocICwAAkv////8wCocICwAAk/////8wCocICwAAlP////8wCocICwAAlf////8w +CocICwAAlv////8wCocICwAAl/////8wCocICwAAmP////8wCocICwAAmf////8w +CocICwAAmv////8wCocICwAAm/////8wCocICwAAnP////8wCocICwAAnf////8w +CocICwAAnv////8wCocICwAAn/////8wCocICwAAoP////8wCocICwAAof////8w +CocICwAAov////8wCocICwAAo/////8wCocICwAApP////8wCocICwAApf////8w +CocICwAApv////8wCocICwAAp/////8wCocICwAAqP////8wCocICwAAqf////8w +CocICwAAqv////8wCocICwAAq/////8wCocICwAArP////8wCocICwAArf////8w +CocICwAArv////8wCocICwAAr/////8wCocICwAAsP////8wCocICwAAsf////8w +CocICwAAsv////8wCocICwAAs/////8wCocICwAAtP////8wCocICwAAtf////8w +CocICwAAtv////8wCocICwAAt/////8wCocICwAAuP////8wCocICwAAuf////8w +CocICwAAuv////8wCocICwAAu/////8wCocICwAAvP////8wCocICwAAvf////8w +CocICwAAvv////8wCocICwAAv/////8wCocICwAAwP////8wCocICwAAwf////8w +CocICwAAwv////8wCocICwAAw/////8wCocICwAAxP////8wCocICwAAxf////8w +CocICwAAxv////8wCocICwAAx/////8wCocICwAAyP////8wCocICwAAyf////8w +CocICwAAyv////8wCocICwAAy/////8wCocICwAAzP////8wCocICwAAzf////8w +CocICwAAzv////8wCocICwAAz/////8wCocICwAA0P////8wCocICwAA0f////8w +CocICwAA0v////8wCocICwAA0/////8wCocICwAA1P////8wCocICwAA1f////8w +CocICwAA1v////8wCocICwAA1/////8wCocICwAA2P////8wCocICwAA2f////8w +CocICwAA2v////8wCocICwAA2/////8wCocICwAA3P////8wCocICwAA3f////8w +CocICwAA3v////8wCocICwAA3/////8wCocICwAA4P////8wCocICwAA4f////8w +CocICwAA4v////8wCocICwAA4/////8wCocICwAA5P////8wCocICwAA5f////8w +CocICwAA5v////8wCocICwAA5/////8wCocICwAA6P////8wCocICwAA6f////8w +CocICwAA6v////8wCocICwAA6/////8wCocICwAA7P////8wCocICwAA7f////8w +CocICwAA7v////8wCocICwAA7/////8wCocICwAA8P////8wCocICwAA8f////8w +CocICwAA8v////8wCocICwAA8/////8wCocICwAA9P////8wCocICwAA9f////8w +CocICwAA9v////8wCocICwAA9/////8wCocICwAA+P////8wCocICwAA+f////8w +CocICwAA+v////8wCocICwAA+/////8wCocICwAA/P////8wCocICwAA/f////8w +CocICwAA/v////8wCocICwAA//////8wCocICwABAP////8wCocICwABAf////8w +CocICwABAv////8wCocICwABA/////8wCocICwABBP////8wCocICwABBf////8w +CocICwABBv////8wCocICwABB/////8wCocICwABCP////8wCocICwABCf////8w +CocICwABCv////8wCocICwABC/////8wCocICwABDP////8wCocICwABDf////8w +CocICwABDv////8wCocICwABD/////8wCocICwABEP////8wCocICwABEf////8w +CocICwABEv////8wCocICwABE/////8wCocICwABFP////8wCocICwABFf////8w +CocICwABFv////8wCocICwABF/////8wCocICwABGP////8wCocICwABGf////8w +CocICwABGv////8wCocICwABG/////8wCocICwABHP////8wCocICwABHf////8w +CocICwABHv////8wCocICwABH/////8wCocICwABIP////8wCocICwABIf////8w +CocICwABIv////8wCocICwABI/////8wCocICwABJP////8wCocICwABJf////8w +CocICwABJv////8wCocICwABJ/////8wCocICwABKP////8wCocICwABKf////8w +CocICwABKv////8wCocICwABK/////8wCocICwABLP////8wCocICwABLf////8w +CocICwABLv////8wCocICwABL/////8wCocICwABMP////8wCocICwABMf////8w +CocICwABMv////8wCocICwABM/////8wCocICwABNP////8wCocICwABNf////8w +CocICwABNv////8wCocICwABN/////8wCocICwABOP////8wCocICwABOf////8w +CocICwABOv////8wCocICwABO/////8wCocICwABPP////8wCocICwABPf////8w +CocICwABPv////8wCocICwABP/////8wCocICwABQP////8wCocICwABQf////8w +CocICwABQv////8wCocICwABQ/////8wCocICwABRP////8wCocICwABRf////8w +CocICwABRv////8wCocICwABR/////8wCocICwABSP////8wCocICwABSf////8w +CocICwABSv////8wCocICwABS/////8wCocICwABTP////8wCocICwABTf////8w +CocICwABTv////8wCocICwABT/////8wCocICwABUP////8wCocICwABUf////8w +CocICwABUv////8wCocICwABU/////8wCocICwABVP////8wCocICwABVf////8w +CocICwABVv////8wCocICwABV/////8wCocICwABWP////8wCocICwABWf////8w +CocICwABWv////8wCocICwABW/////8wCocICwABXP////8wCocICwABXf////8w +CocICwABXv////8wCocICwABX/////8wCocICwABYP////8wCocICwABYf////8w +CocICwABYv////8wCocICwABY/////8wCocICwABZP////8wCocICwABZf////8w +CocICwABZv////8wCocICwABZ/////8wCocICwABaP////8wCocICwABaf////8w +CocICwABav////8wCocICwABa/////8wCocICwABbP////8wCocICwABbf////8w +CocICwABbv////8wCocICwABb/////8wCocICwABcP////8wCocICwABcf////8w +CocICwABcv////8wCocICwABc/////8wCocICwABdP////8wCocICwABdf////8w +CocICwABdv////8wCocICwABd/////8wCocICwABeP////8wCocICwABef////8w +CocICwABev////8wCocICwABe/////8wCocICwABfP////8wCocICwABff////8w +CocICwABfv////8wCocICwABf/////8wCocICwABgP////8wCocICwABgf////8w +CocICwABgv////8wCocICwABg/////8wCocICwABhP////8wCocICwABhf////8w +CocICwABhv////8wCocICwABh/////8wCocICwABiP////8wCocICwABif////8w +CocICwABiv////8wCocICwABi/////8wCocICwABjP////8wCocICwABjf////8w +CocICwABjv////8wCocICwABj/////8wCocICwABkP////8wCocICwABkf////8w +CocICwABkv////8wCocICwABk/////8wCocICwABlP////8wCocICwABlf////8w +CocICwABlv////8wCocICwABl/////8wCocICwABmP////8wCocICwABmf////8w +CocICwABmv////8wCocICwABm/////8wCocICwABnP////8wCocICwABnf////8w +CocICwABnv////8wCocICwABn/////8wCocICwABoP////8wCocICwABof////8w +CocICwABov////8wCocICwABo/////8wCocICwABpP////8wCocICwABpf////8w +CocICwABpv////8wCocICwABp/////8wCocICwABqP////8wCocICwABqf////8w +CocICwABqv////8wCocICwABq/////8wCocICwABrP////8wCocICwABrf////8w +CocICwABrv////8wCocICwABr/////8wCocICwABsP////8wCocICwABsf////8w +CocICwABsv////8wCocICwABs/////8wCocICwABtP////8wCocICwABtf////8w +CocICwABtv////8wCocICwABt/////8wCocICwABuP////8wCocICwABuf////8w +CocICwABuv////8wCocICwABu/////8wCocICwABvP////8wCocICwABvf////8w +CocICwABvv////8wCocICwABv/////8wCocICwABwP////8wCocICwABwf////8w +CocICwABwv////8wCocICwABw/////8wCocICwABxP////8wCocICwABxf////8w +CocICwABxv////8wCocICwABx/////8wCocICwAByP////8wCocICwAByf////8w +CocICwAByv////8wCocICwABy/////8wCocICwABzP////8wCocICwABzf////8w +CocICwABzv////8wCocICwABz/////8wCocICwAB0P////8wCocICwAB0f////8w +CocICwAB0v////8wCocICwAB0/////8wCocICwAB1P////8wCocICwAB1f////8w +CocICwAB1v////8wCocICwAB1/////8wCocICwAB2P////8wCocICwAB2f////8w +CocICwAB2v////8wCocICwAB2/////8wCocICwAB3P////8wCocICwAB3f////8w +CocICwAB3v////8wCocICwAB3/////8wCocICwAB4P////8wCocICwAB4f////8w +CocICwAB4v////8wCocICwAB4/////8wCocICwAB5P////8wCocICwAB5f////8w +CocICwAB5v////8wCocICwAB5/////8wCocICwAB6P////8wCocICwAB6f////8w +CocICwAB6v////8wCocICwAB6/////8wCocICwAB7P////8wCocICwAB7f////8w +CocICwAB7v////8wCocICwAB7/////8wCocICwAB8P////8wCocICwAB8f////8w +CocICwAB8v////8wCocICwAB8/////8wCocICwAB9P////8wCocICwAB9f////8w +CocICwAB9v////8wCocICwAB9/////8wCocICwAB+P////8wCocICwAB+f////8w +CocICwAB+v////8wCocICwAB+/////8wCocICwAB/P////8wCocICwAB/f////8w +CocICwAB/v////8wCocICwAB//////8wCocICwACAP////8wCocICwACAf////8w +CocICwACAv////8wCocICwACA/////8wCocICwACBP////8wCocICwACBf////8w +CocICwACBv////8wCocICwACB/////8wCocICwACCP////8wCocICwACCf////8w +CocICwACCv////8wCocICwACC/////8wCocICwACDP////8wCocICwACDf////8w +CocICwACDv////8wCocICwACD/////8wCocICwACEP////8wCocICwACEf////8w +CocICwACEv////8wCocICwACE/////8wCocICwACFP////8wCocICwACFf////8w +CocICwACFv////8wCocICwACF/////8wCocICwACGP////8wCocICwACGf////8w +CocICwACGv////8wCocICwACG/////8wCocICwACHP////8wCocICwACHf////8w +CocICwACHv////8wCocICwACH/////8wCocICwACIP////8wCocICwACIf////8w +CocICwACIv////8wCocICwACI/////8wCocICwACJP////8wCocICwACJf////8w +CocICwACJv////8wCocICwACJ/////8wCocICwACKP////8wCocICwACKf////8w +CocICwACKv////8wCocICwACK/////8wCocICwACLP////8wCocICwACLf////8w +CocICwACLv////8wCocICwACL/////8wCocICwACMP////8wCocICwACMf////8w +CocICwACMv////8wCocICwACM/////8wCocICwACNP////8wCocICwACNf////8w +CocICwACNv////8wCocICwACN/////8wCocICwACOP////8wCocICwACOf////8w +CocICwACOv////8wCocICwACO/////8wCocICwACPP////8wCocICwACPf////8w +CocICwACPv////8wCocICwACP/////8wCocICwACQP////8wCocICwACQf////8w +CocICwACQv////8wCocICwACQ/////8wCocICwACRP////8wCocICwACRf////8w +CocICwACRv////8wCocICwACR/////8wCocICwACSP////8wCocICwACSf////8w +CocICwACSv////8wCocICwACS/////8wCocICwACTP////8wCocICwACTf////8w +CocICwACTv////8wCocICwACT/////8wCocICwACUP////8wCocICwACUf////8w +CocICwACUv////8wCocICwACU/////8wCocICwACVP////8wCocICwACVf////8w +CocICwACVv////8wCocICwACV/////8wCocICwACWP////8wCocICwACWf////8w +CocICwACWv////8wCocICwACW/////8wCocICwACXP////8wCocICwACXf////8w +CocICwACXv////8wCocICwACX/////8wCocICwACYP////8wCocICwACYf////8w +CocICwACYv////8wCocICwACY/////8wCocICwACZP////8wCocICwACZf////8w +CocICwACZv////8wCocICwACZ/////8wCocICwACaP////8wCocICwACaf////8w +CocICwACav////8wCocICwACa/////8wCocICwACbP////8wCocICwACbf////8w +CocICwACbv////8wCocICwACb/////8wCocICwACcP////8wCocICwACcf////8w +CocICwACcv////8wCocICwACc/////8wCocICwACdP////8wCocICwACdf////8w +CocICwACdv////8wCocICwACd/////8wCocICwACeP////8wCocICwACef////8w +CocICwACev////8wCocICwACe/////8wCocICwACfP////8wCocICwACff////8w +CocICwACfv////8wCocICwACf/////8wCocICwACgP////8wCocICwACgf////8w +CocICwACgv////8wCocICwACg/////8wCocICwAChP////8wCocICwAChf////8w +CocICwAChv////8wCocICwACh/////8wCocICwACiP////8wCocICwACif////8w +CocICwACiv////8wCocICwACi/////8wCocICwACjP////8wCocICwACjf////8w +CocICwACjv////8wCocICwACj/////8wCocICwACkP////8wCocICwACkf////8w +CocICwACkv////8wCocICwACk/////8wCocICwAClP////8wCocICwAClf////8w +CocICwAClv////8wCocICwACl/////8wCocICwACmP////8wCocICwACmf////8w +CocICwACmv////8wCocICwACm/////8wCocICwACnP////8wCocICwACnf////8w +CocICwACnv////8wCocICwACn/////8wCocICwACoP////8wCocICwACof////8w +CocICwACov////8wCocICwACo/////8wCocICwACpP////8wCocICwACpf////8w +CocICwACpv////8wCocICwACp/////8wCocICwACqP////8wCocICwACqf////8w +CocICwACqv////8wCocICwACq/////8wCocICwACrP////8wCocICwACrf////8w +CocICwACrv////8wCocICwACr/////8wCocICwACsP////8wCocICwACsf////8w +CocICwACsv////8wCocICwACs/////8wCocICwACtP////8wCocICwACtf////8w +CocICwACtv////8wCocICwACt/////8wCocICwACuP////8wCocICwACuf////8w +CocICwACuv////8wCocICwACu/////8wCocICwACvP////8wCocICwACvf////8w +CocICwACvv////8wCocICwACv/////8wCocICwACwP////8wCocICwACwf////8w +CocICwACwv////8wCocICwACw/////8wCocICwACxP////8wCocICwACxf////8w +CocICwACxv////8wCocICwACx/////8wCocICwACyP////8wCocICwACyf////8w +CocICwACyv////8wCocICwACy/////8wCocICwACzP////8wCocICwACzf////8w +CocICwACzv////8wCocICwACz/////8wCocICwAC0P////8wCocICwAC0f////8w +CocICwAC0v////8wCocICwAC0/////8wCocICwAC1P////8wCocICwAC1f////8w +CocICwAC1v////8wCocICwAC1/////8wCocICwAC2P////8wCocICwAC2f////8w +CocICwAC2v////8wCocICwAC2/////8wCocICwAC3P////8wCocICwAC3f////8w +CocICwAC3v////8wCocICwAC3/////8wCocICwAC4P////8wCocICwAC4f////8w +CocICwAC4v////8wCocICwAC4/////8wCocICwAC5P////8wCocICwAC5f////8w +CocICwAC5v////8wCocICwAC5/////8wCocICwAC6P////8wCocICwAC6f////8w +CocICwAC6v////8wCocICwAC6/////8wCocICwAC7P////8wCocICwAC7f////8w +CocICwAC7v////8wCocICwAC7/////8wCocICwAC8P////8wCocICwAC8f////8w +CocICwAC8v////8wCocICwAC8/////8wCocICwAC9P////8wCocICwAC9f////8w +CocICwAC9v////8wCocICwAC9/////8wCocICwAC+P////8wCocICwAC+f////8w +CocICwAC+v////8wCocICwAC+/////8wCocICwAC/P////8wCocICwAC/f////8w +CocICwAC/v////8wCocICwAC//////8wCocICwADAP////8wCocICwADAf////8w +CocICwADAv////8wCocICwADA/////8wCocICwADBP////8wCocICwADBf////8w +CocICwADBv////8wCocICwADB/////8wCocICwADCP////8wCocICwADCf////8w +CocICwADCv////8wCocICwADC/////8wCocICwADDP////8wCocICwADDf////8w +CocICwADDv////8wCocICwADD/////8wCocICwADEP////8wCocICwADEf////8w +CocICwADEv////8wCocICwADE/////8wCocICwADFP////8wCocICwADFf////8w +CocICwADFv////8wCocICwADF/////8wCocICwADGP////8wCocICwADGf////8w +CocICwADGv////8wCocICwADG/////8wCocICwADHP////8wCocICwADHf////8w +CocICwADHv////8wCocICwADH/////8wCocICwADIP////8wCocICwADIf////8w +CocICwADIv////8wCocICwADI/////8wCocICwADJP////8wCocICwADJf////8w +CocICwADJv////8wCocICwADJ/////8wCocICwADKP////8wCocICwADKf////8w +CocICwADKv////8wCocICwADK/////8wCocICwADLP////8wCocICwADLf////8w +CocICwADLv////8wCocICwADL/////8wCocICwADMP////8wCocICwADMf////8w +CocICwADMv////8wCocICwADM/////8wCocICwADNP////8wCocICwADNf////8w +CocICwADNv////8wCocICwADN/////8wCocICwADOP////8wCocICwADOf////8w +CocICwADOv////8wCocICwADO/////8wCocICwADPP////8wCocICwADPf////8w +CocICwADPv////8wCocICwADP/////8wCocICwADQP////8wCocICwADQf////8w +CocICwADQv////8wCocICwADQ/////8wCocICwADRP////8wCocICwADRf////8w +CocICwADRv////8wCocICwADR/////8wCocICwADSP////8wCocICwADSf////8w +CocICwADSv////8wCocICwADS/////8wCocICwADTP////8wCocICwADTf////8w +CocICwADTv////8wCocICwADT/////8wCocICwADUP////8wCocICwADUf////8w +CocICwADUv////8wCocICwADU/////8wCocICwADVP////8wCocICwADVf////8w +CocICwADVv////8wCocICwADV/////8wCocICwADWP////8wCocICwADWf////8w +CocICwADWv////8wCocICwADW/////8wCocICwADXP////8wCocICwADXf////8w +CocICwADXv////8wCocICwADX/////8wCocICwADYP////8wCocICwADYf////8w +CocICwADYv////8wCocICwADY/////8wCocICwADZP////8wCocICwADZf////8w +CocICwADZv////8wCocICwADZ/////8wCocICwADaP////8wCocICwADaf////8w +CocICwADav////8wCocICwADa/////8wCocICwADbP////8wCocICwADbf////8w +CocICwADbv////8wCocICwADb/////8wCocICwADcP////8wCocICwADcf////8w +CocICwADcv////8wCocICwADc/////8wCocICwADdP////8wCocICwADdf////8w +CocICwADdv////8wCocICwADd/////8wCocICwADeP////8wCocICwADef////8w +CocICwADev////8wCocICwADe/////8wCocICwADfP////8wCocICwADff////8w +CocICwADfv////8wCocICwADf/////8wCocICwADgP////8wCocICwADgf////8w +CocICwADgv////8wCocICwADg/////8wCocICwADhP////8wCocICwADhf////8w +CocICwADhv////8wCocICwADh/////8wCocICwADiP////8wCocICwADif////8w +CocICwADiv////8wCocICwADi/////8wCocICwADjP////8wCocICwADjf////8w +CocICwADjv////8wCocICwADj/////8wCocICwADkP////8wCocICwADkf////8w +CocICwADkv////8wCocICwADk/////8wCocICwADlP////8wCocICwADlf////8w +CocICwADlv////8wCocICwADl/////8wCocICwADmP////8wCocICwADmf////8w +CocICwADmv////8wCocICwADm/////8wCocICwADnP////8wCocICwADnf////8w +CocICwADnv////8wCocICwADn/////8wCocICwADoP////8wCocICwADof////8w +CocICwADov////8wCocICwADo/////8wCocICwADpP////8wCocICwADpf////8w +CocICwADpv////8wCocICwADp/////8wCocICwADqP////8wCocICwADqf////8w +CocICwADqv////8wCocICwADq/////8wCocICwADrP////8wCocICwADrf////8w +CocICwADrv////8wCocICwADr/////8wCocICwADsP////8wCocICwADsf////8w +CocICwADsv////8wCocICwADs/////8wCocICwADtP////8wCocICwADtf////8w +CocICwADtv////8wCocICwADt/////8wCocICwADuP////8wCocICwADuf////8w +CocICwADuv////8wCocICwADu/////8wCocICwADvP////8wCocICwADvf////8w +CocICwADvv////8wCocICwADv/////8wCocICwADwP////8wCocICwADwf////8w +CocICwADwv////8wCocICwADw/////8wCocICwADxP////8wCocICwADxf////8w +CocICwADxv////8wCocICwADx/////8wCocICwADyP////8wCocICwADyf////8w +CocICwADyv////8wCocICwADy/////8wCocICwADzP////8wCocICwADzf////8w +CocICwADzv////8wCocICwADz/////8wCocICwAD0P////8wCocICwAD0f////8w +CocICwAD0v////8wCocICwAD0/////8wCocICwAD1P////8wCocICwAD1f////8w +CocICwAD1v////8wCocICwAD1/////8wCocICwAD2P////8wCocICwAD2f////8w +CocICwAD2v////8wCocICwAD2/////8wCocICwAD3P////8wCocICwAD3f////8w +CocICwAD3v////8wCocICwAD3/////8wCocICwAD4P////8wCocICwAD4f////8w +CocICwAD4v////8wCocICwAD4/////8wCocICwAD5P////8wCocICwAD5f////8w +CocICwAD5v////8wCocICwAD5/////8wCocICwAD6P////8wCocICwAD6f////8w +CocICwAD6v////8wCocICwAD6/////8wCocICwAD7P////8wCocICwAD7f////8w +CocICwAD7v////8wCocICwAD7/////8wCocICwAD8P////8wCocICwAD8f////8w +CocICwAD8v////8wCocICwAD8/////8wCocICwAD9P////8wCocICwAD9f////8w +CocICwAD9v////8wCocICwAD9/////8wCocICwAD+P////8wCocICwAD+f////8w +CocICwAD+v////8wCocICwAD+/////8wCocICwAD/P////8wCocICwAD/f////8w +CocICwAD/v////8wCocICwAD//////8wCocICwAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAHoC880E9ZjcwHqqJbWhcuUJmT+4VKK3KHJhr0bACcxj/dQbpjbF4mK7 +qnH3ktJ6Bxs17McvrUSGa0PfekkFrDOAgXcVdvu+A9+JdnIexnruAYQ1T6l/Z1ql +4AHfg6wC/5932Ff8B86H0STowKzdm0Y6cIb5lALFY3X2cBBVmRQRVyJlMFZUK5Xb +NgJysJWHmIdCQET/Shae+BTEtNXqqAa0e/vrDUU124saPSzfOdTNnlTo6E83HEIl +RVLmxELnhfXHPSXbf6ApTTUm9NnBS2QIp2b6j0zTlL+OYPNTvOmDxJahl2Yn31WQ +HwGOb5CJVxjagSbx9K10HzsqY1O/Kj4= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.cnf new file mode 100644 index 0000000000..0dbd217a95 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.cnf @@ -0,0 +1,4167 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_4.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +excluded;dirName.1 = nameConstraints_dirname_x1 +excluded;dirName.2 = nameConstraints_dirname_x2 +excluded;dirName.3 = nameConstraints_dirname_x3 +excluded;dirName.4 = nameConstraints_dirname_x4 +excluded;dirName.5 = nameConstraints_dirname_x5 +excluded;dirName.6 = nameConstraints_dirname_x6 +excluded;dirName.7 = nameConstraints_dirname_x7 +excluded;dirName.8 = nameConstraints_dirname_x8 +excluded;dirName.9 = nameConstraints_dirname_x9 +excluded;dirName.10 = nameConstraints_dirname_x10 +excluded;dirName.11 = nameConstraints_dirname_x11 +excluded;dirName.12 = nameConstraints_dirname_x12 +excluded;dirName.13 = nameConstraints_dirname_x13 +excluded;dirName.14 = nameConstraints_dirname_x14 +excluded;dirName.15 = nameConstraints_dirname_x15 +excluded;dirName.16 = nameConstraints_dirname_x16 +excluded;dirName.17 = nameConstraints_dirname_x17 +excluded;dirName.18 = nameConstraints_dirname_x18 +excluded;dirName.19 = nameConstraints_dirname_x19 +excluded;dirName.20 = nameConstraints_dirname_x20 +excluded;dirName.21 = nameConstraints_dirname_x21 +excluded;dirName.22 = nameConstraints_dirname_x22 +excluded;dirName.23 = nameConstraints_dirname_x23 +excluded;dirName.24 = nameConstraints_dirname_x24 +excluded;dirName.25 = nameConstraints_dirname_x25 +excluded;dirName.26 = nameConstraints_dirname_x26 +excluded;dirName.27 = nameConstraints_dirname_x27 +excluded;dirName.28 = nameConstraints_dirname_x28 +excluded;dirName.29 = nameConstraints_dirname_x29 +excluded;dirName.30 = nameConstraints_dirname_x30 +excluded;dirName.31 = nameConstraints_dirname_x31 +excluded;dirName.32 = nameConstraints_dirname_x32 +excluded;dirName.33 = nameConstraints_dirname_x33 +excluded;dirName.34 = nameConstraints_dirname_x34 +excluded;dirName.35 = nameConstraints_dirname_x35 +excluded;dirName.36 = nameConstraints_dirname_x36 +excluded;dirName.37 = nameConstraints_dirname_x37 +excluded;dirName.38 = nameConstraints_dirname_x38 +excluded;dirName.39 = nameConstraints_dirname_x39 +excluded;dirName.40 = nameConstraints_dirname_x40 +excluded;dirName.41 = nameConstraints_dirname_x41 +excluded;dirName.42 = nameConstraints_dirname_x42 +excluded;dirName.43 = nameConstraints_dirname_x43 +excluded;dirName.44 = nameConstraints_dirname_x44 +excluded;dirName.45 = nameConstraints_dirname_x45 +excluded;dirName.46 = nameConstraints_dirname_x46 +excluded;dirName.47 = nameConstraints_dirname_x47 +excluded;dirName.48 = nameConstraints_dirname_x48 +excluded;dirName.49 = nameConstraints_dirname_x49 +excluded;dirName.50 = nameConstraints_dirname_x50 +excluded;dirName.51 = nameConstraints_dirname_x51 +excluded;dirName.52 = nameConstraints_dirname_x52 +excluded;dirName.53 = nameConstraints_dirname_x53 +excluded;dirName.54 = nameConstraints_dirname_x54 +excluded;dirName.55 = nameConstraints_dirname_x55 +excluded;dirName.56 = nameConstraints_dirname_x56 +excluded;dirName.57 = nameConstraints_dirname_x57 +excluded;dirName.58 = nameConstraints_dirname_x58 +excluded;dirName.59 = nameConstraints_dirname_x59 +excluded;dirName.60 = nameConstraints_dirname_x60 +excluded;dirName.61 = nameConstraints_dirname_x61 +excluded;dirName.62 = nameConstraints_dirname_x62 +excluded;dirName.63 = nameConstraints_dirname_x63 +excluded;dirName.64 = nameConstraints_dirname_x64 +excluded;dirName.65 = nameConstraints_dirname_x65 +excluded;dirName.66 = nameConstraints_dirname_x66 +excluded;dirName.67 = nameConstraints_dirname_x67 +excluded;dirName.68 = nameConstraints_dirname_x68 +excluded;dirName.69 = nameConstraints_dirname_x69 +excluded;dirName.70 = nameConstraints_dirname_x70 +excluded;dirName.71 = nameConstraints_dirname_x71 +excluded;dirName.72 = nameConstraints_dirname_x72 +excluded;dirName.73 = nameConstraints_dirname_x73 +excluded;dirName.74 = nameConstraints_dirname_x74 +excluded;dirName.75 = nameConstraints_dirname_x75 +excluded;dirName.76 = nameConstraints_dirname_x76 +excluded;dirName.77 = nameConstraints_dirname_x77 +excluded;dirName.78 = nameConstraints_dirname_x78 +excluded;dirName.79 = nameConstraints_dirname_x79 +excluded;dirName.80 = nameConstraints_dirname_x80 +excluded;dirName.81 = nameConstraints_dirname_x81 +excluded;dirName.82 = nameConstraints_dirname_x82 +excluded;dirName.83 = nameConstraints_dirname_x83 +excluded;dirName.84 = nameConstraints_dirname_x84 +excluded;dirName.85 = nameConstraints_dirname_x85 +excluded;dirName.86 = nameConstraints_dirname_x86 +excluded;dirName.87 = nameConstraints_dirname_x87 +excluded;dirName.88 = nameConstraints_dirname_x88 +excluded;dirName.89 = nameConstraints_dirname_x89 +excluded;dirName.90 = nameConstraints_dirname_x90 +excluded;dirName.91 = nameConstraints_dirname_x91 +excluded;dirName.92 = nameConstraints_dirname_x92 +excluded;dirName.93 = nameConstraints_dirname_x93 +excluded;dirName.94 = nameConstraints_dirname_x94 +excluded;dirName.95 = nameConstraints_dirname_x95 +excluded;dirName.96 = nameConstraints_dirname_x96 +excluded;dirName.97 = nameConstraints_dirname_x97 +excluded;dirName.98 = nameConstraints_dirname_x98 +excluded;dirName.99 = nameConstraints_dirname_x99 +excluded;dirName.100 = nameConstraints_dirname_x100 +excluded;dirName.101 = nameConstraints_dirname_x101 +excluded;dirName.102 = nameConstraints_dirname_x102 +excluded;dirName.103 = nameConstraints_dirname_x103 +excluded;dirName.104 = nameConstraints_dirname_x104 +excluded;dirName.105 = nameConstraints_dirname_x105 +excluded;dirName.106 = nameConstraints_dirname_x106 +excluded;dirName.107 = nameConstraints_dirname_x107 +excluded;dirName.108 = nameConstraints_dirname_x108 +excluded;dirName.109 = nameConstraints_dirname_x109 +excluded;dirName.110 = nameConstraints_dirname_x110 +excluded;dirName.111 = nameConstraints_dirname_x111 +excluded;dirName.112 = nameConstraints_dirname_x112 +excluded;dirName.113 = nameConstraints_dirname_x113 +excluded;dirName.114 = nameConstraints_dirname_x114 +excluded;dirName.115 = nameConstraints_dirname_x115 +excluded;dirName.116 = nameConstraints_dirname_x116 +excluded;dirName.117 = nameConstraints_dirname_x117 +excluded;dirName.118 = nameConstraints_dirname_x118 +excluded;dirName.119 = nameConstraints_dirname_x119 +excluded;dirName.120 = nameConstraints_dirname_x120 +excluded;dirName.121 = nameConstraints_dirname_x121 +excluded;dirName.122 = nameConstraints_dirname_x122 +excluded;dirName.123 = nameConstraints_dirname_x123 +excluded;dirName.124 = nameConstraints_dirname_x124 +excluded;dirName.125 = nameConstraints_dirname_x125 +excluded;dirName.126 = nameConstraints_dirname_x126 +excluded;dirName.127 = nameConstraints_dirname_x127 +excluded;dirName.128 = nameConstraints_dirname_x128 +excluded;dirName.129 = nameConstraints_dirname_x129 +excluded;dirName.130 = nameConstraints_dirname_x130 +excluded;dirName.131 = nameConstraints_dirname_x131 +excluded;dirName.132 = nameConstraints_dirname_x132 +excluded;dirName.133 = nameConstraints_dirname_x133 +excluded;dirName.134 = nameConstraints_dirname_x134 +excluded;dirName.135 = nameConstraints_dirname_x135 +excluded;dirName.136 = nameConstraints_dirname_x136 +excluded;dirName.137 = nameConstraints_dirname_x137 +excluded;dirName.138 = nameConstraints_dirname_x138 +excluded;dirName.139 = nameConstraints_dirname_x139 +excluded;dirName.140 = nameConstraints_dirname_x140 +excluded;dirName.141 = nameConstraints_dirname_x141 +excluded;dirName.142 = nameConstraints_dirname_x142 +excluded;dirName.143 = nameConstraints_dirname_x143 +excluded;dirName.144 = nameConstraints_dirname_x144 +excluded;dirName.145 = nameConstraints_dirname_x145 +excluded;dirName.146 = nameConstraints_dirname_x146 +excluded;dirName.147 = nameConstraints_dirname_x147 +excluded;dirName.148 = nameConstraints_dirname_x148 +excluded;dirName.149 = nameConstraints_dirname_x149 +excluded;dirName.150 = nameConstraints_dirname_x150 +excluded;dirName.151 = nameConstraints_dirname_x151 +excluded;dirName.152 = nameConstraints_dirname_x152 +excluded;dirName.153 = nameConstraints_dirname_x153 +excluded;dirName.154 = nameConstraints_dirname_x154 +excluded;dirName.155 = nameConstraints_dirname_x155 +excluded;dirName.156 = nameConstraints_dirname_x156 +excluded;dirName.157 = nameConstraints_dirname_x157 +excluded;dirName.158 = nameConstraints_dirname_x158 +excluded;dirName.159 = nameConstraints_dirname_x159 +excluded;dirName.160 = nameConstraints_dirname_x160 +excluded;dirName.161 = nameConstraints_dirname_x161 +excluded;dirName.162 = nameConstraints_dirname_x162 +excluded;dirName.163 = nameConstraints_dirname_x163 +excluded;dirName.164 = nameConstraints_dirname_x164 +excluded;dirName.165 = nameConstraints_dirname_x165 +excluded;dirName.166 = nameConstraints_dirname_x166 +excluded;dirName.167 = nameConstraints_dirname_x167 +excluded;dirName.168 = nameConstraints_dirname_x168 +excluded;dirName.169 = nameConstraints_dirname_x169 +excluded;dirName.170 = nameConstraints_dirname_x170 +excluded;dirName.171 = nameConstraints_dirname_x171 +excluded;dirName.172 = nameConstraints_dirname_x172 +excluded;dirName.173 = nameConstraints_dirname_x173 +excluded;dirName.174 = nameConstraints_dirname_x174 +excluded;dirName.175 = nameConstraints_dirname_x175 +excluded;dirName.176 = nameConstraints_dirname_x176 +excluded;dirName.177 = nameConstraints_dirname_x177 +excluded;dirName.178 = nameConstraints_dirname_x178 +excluded;dirName.179 = nameConstraints_dirname_x179 +excluded;dirName.180 = nameConstraints_dirname_x180 +excluded;dirName.181 = nameConstraints_dirname_x181 +excluded;dirName.182 = nameConstraints_dirname_x182 +excluded;dirName.183 = nameConstraints_dirname_x183 +excluded;dirName.184 = nameConstraints_dirname_x184 +excluded;dirName.185 = nameConstraints_dirname_x185 +excluded;dirName.186 = nameConstraints_dirname_x186 +excluded;dirName.187 = nameConstraints_dirname_x187 +excluded;dirName.188 = nameConstraints_dirname_x188 +excluded;dirName.189 = nameConstraints_dirname_x189 +excluded;dirName.190 = nameConstraints_dirname_x190 +excluded;dirName.191 = nameConstraints_dirname_x191 +excluded;dirName.192 = nameConstraints_dirname_x192 +excluded;dirName.193 = nameConstraints_dirname_x193 +excluded;dirName.194 = nameConstraints_dirname_x194 +excluded;dirName.195 = nameConstraints_dirname_x195 +excluded;dirName.196 = nameConstraints_dirname_x196 +excluded;dirName.197 = nameConstraints_dirname_x197 +excluded;dirName.198 = nameConstraints_dirname_x198 +excluded;dirName.199 = nameConstraints_dirname_x199 +excluded;dirName.200 = nameConstraints_dirname_x200 +excluded;dirName.201 = nameConstraints_dirname_x201 +excluded;dirName.202 = nameConstraints_dirname_x202 +excluded;dirName.203 = nameConstraints_dirname_x203 +excluded;dirName.204 = nameConstraints_dirname_x204 +excluded;dirName.205 = nameConstraints_dirname_x205 +excluded;dirName.206 = nameConstraints_dirname_x206 +excluded;dirName.207 = nameConstraints_dirname_x207 +excluded;dirName.208 = nameConstraints_dirname_x208 +excluded;dirName.209 = nameConstraints_dirname_x209 +excluded;dirName.210 = nameConstraints_dirname_x210 +excluded;dirName.211 = nameConstraints_dirname_x211 +excluded;dirName.212 = nameConstraints_dirname_x212 +excluded;dirName.213 = nameConstraints_dirname_x213 +excluded;dirName.214 = nameConstraints_dirname_x214 +excluded;dirName.215 = nameConstraints_dirname_x215 +excluded;dirName.216 = nameConstraints_dirname_x216 +excluded;dirName.217 = nameConstraints_dirname_x217 +excluded;dirName.218 = nameConstraints_dirname_x218 +excluded;dirName.219 = nameConstraints_dirname_x219 +excluded;dirName.220 = nameConstraints_dirname_x220 +excluded;dirName.221 = nameConstraints_dirname_x221 +excluded;dirName.222 = nameConstraints_dirname_x222 +excluded;dirName.223 = nameConstraints_dirname_x223 +excluded;dirName.224 = nameConstraints_dirname_x224 +excluded;dirName.225 = nameConstraints_dirname_x225 +excluded;dirName.226 = nameConstraints_dirname_x226 +excluded;dirName.227 = nameConstraints_dirname_x227 +excluded;dirName.228 = nameConstraints_dirname_x228 +excluded;dirName.229 = nameConstraints_dirname_x229 +excluded;dirName.230 = nameConstraints_dirname_x230 +excluded;dirName.231 = nameConstraints_dirname_x231 +excluded;dirName.232 = nameConstraints_dirname_x232 +excluded;dirName.233 = nameConstraints_dirname_x233 +excluded;dirName.234 = nameConstraints_dirname_x234 +excluded;dirName.235 = nameConstraints_dirname_x235 +excluded;dirName.236 = nameConstraints_dirname_x236 +excluded;dirName.237 = nameConstraints_dirname_x237 +excluded;dirName.238 = nameConstraints_dirname_x238 +excluded;dirName.239 = nameConstraints_dirname_x239 +excluded;dirName.240 = nameConstraints_dirname_x240 +excluded;dirName.241 = nameConstraints_dirname_x241 +excluded;dirName.242 = nameConstraints_dirname_x242 +excluded;dirName.243 = nameConstraints_dirname_x243 +excluded;dirName.244 = nameConstraints_dirname_x244 +excluded;dirName.245 = nameConstraints_dirname_x245 +excluded;dirName.246 = nameConstraints_dirname_x246 +excluded;dirName.247 = nameConstraints_dirname_x247 +excluded;dirName.248 = nameConstraints_dirname_x248 +excluded;dirName.249 = nameConstraints_dirname_x249 +excluded;dirName.250 = nameConstraints_dirname_x250 +excluded;dirName.251 = nameConstraints_dirname_x251 +excluded;dirName.252 = nameConstraints_dirname_x252 +excluded;dirName.253 = nameConstraints_dirname_x253 +excluded;dirName.254 = nameConstraints_dirname_x254 +excluded;dirName.255 = nameConstraints_dirname_x255 +excluded;dirName.256 = nameConstraints_dirname_x256 +excluded;dirName.257 = nameConstraints_dirname_x257 +excluded;dirName.258 = nameConstraints_dirname_x258 +excluded;dirName.259 = nameConstraints_dirname_x259 +excluded;dirName.260 = nameConstraints_dirname_x260 +excluded;dirName.261 = nameConstraints_dirname_x261 +excluded;dirName.262 = nameConstraints_dirname_x262 +excluded;dirName.263 = nameConstraints_dirname_x263 +excluded;dirName.264 = nameConstraints_dirname_x264 +excluded;dirName.265 = nameConstraints_dirname_x265 +excluded;dirName.266 = nameConstraints_dirname_x266 +excluded;dirName.267 = nameConstraints_dirname_x267 +excluded;dirName.268 = nameConstraints_dirname_x268 +excluded;dirName.269 = nameConstraints_dirname_x269 +excluded;dirName.270 = nameConstraints_dirname_x270 +excluded;dirName.271 = nameConstraints_dirname_x271 +excluded;dirName.272 = nameConstraints_dirname_x272 +excluded;dirName.273 = nameConstraints_dirname_x273 +excluded;dirName.274 = nameConstraints_dirname_x274 +excluded;dirName.275 = nameConstraints_dirname_x275 +excluded;dirName.276 = nameConstraints_dirname_x276 +excluded;dirName.277 = nameConstraints_dirname_x277 +excluded;dirName.278 = nameConstraints_dirname_x278 +excluded;dirName.279 = nameConstraints_dirname_x279 +excluded;dirName.280 = nameConstraints_dirname_x280 +excluded;dirName.281 = nameConstraints_dirname_x281 +excluded;dirName.282 = nameConstraints_dirname_x282 +excluded;dirName.283 = nameConstraints_dirname_x283 +excluded;dirName.284 = nameConstraints_dirname_x284 +excluded;dirName.285 = nameConstraints_dirname_x285 +excluded;dirName.286 = nameConstraints_dirname_x286 +excluded;dirName.287 = nameConstraints_dirname_x287 +excluded;dirName.288 = nameConstraints_dirname_x288 +excluded;dirName.289 = nameConstraints_dirname_x289 +excluded;dirName.290 = nameConstraints_dirname_x290 +excluded;dirName.291 = nameConstraints_dirname_x291 +excluded;dirName.292 = nameConstraints_dirname_x292 +excluded;dirName.293 = nameConstraints_dirname_x293 +excluded;dirName.294 = nameConstraints_dirname_x294 +excluded;dirName.295 = nameConstraints_dirname_x295 +excluded;dirName.296 = nameConstraints_dirname_x296 +excluded;dirName.297 = nameConstraints_dirname_x297 +excluded;dirName.298 = nameConstraints_dirname_x298 +excluded;dirName.299 = nameConstraints_dirname_x299 +excluded;dirName.300 = nameConstraints_dirname_x300 +excluded;dirName.301 = nameConstraints_dirname_x301 +excluded;dirName.302 = nameConstraints_dirname_x302 +excluded;dirName.303 = nameConstraints_dirname_x303 +excluded;dirName.304 = nameConstraints_dirname_x304 +excluded;dirName.305 = nameConstraints_dirname_x305 +excluded;dirName.306 = nameConstraints_dirname_x306 +excluded;dirName.307 = nameConstraints_dirname_x307 +excluded;dirName.308 = nameConstraints_dirname_x308 +excluded;dirName.309 = nameConstraints_dirname_x309 +excluded;dirName.310 = nameConstraints_dirname_x310 +excluded;dirName.311 = nameConstraints_dirname_x311 +excluded;dirName.312 = nameConstraints_dirname_x312 +excluded;dirName.313 = nameConstraints_dirname_x313 +excluded;dirName.314 = nameConstraints_dirname_x314 +excluded;dirName.315 = nameConstraints_dirname_x315 +excluded;dirName.316 = nameConstraints_dirname_x316 +excluded;dirName.317 = nameConstraints_dirname_x317 +excluded;dirName.318 = nameConstraints_dirname_x318 +excluded;dirName.319 = nameConstraints_dirname_x319 +excluded;dirName.320 = nameConstraints_dirname_x320 +excluded;dirName.321 = nameConstraints_dirname_x321 +excluded;dirName.322 = nameConstraints_dirname_x322 +excluded;dirName.323 = nameConstraints_dirname_x323 +excluded;dirName.324 = nameConstraints_dirname_x324 +excluded;dirName.325 = nameConstraints_dirname_x325 +excluded;dirName.326 = nameConstraints_dirname_x326 +excluded;dirName.327 = nameConstraints_dirname_x327 +excluded;dirName.328 = nameConstraints_dirname_x328 +excluded;dirName.329 = nameConstraints_dirname_x329 +excluded;dirName.330 = nameConstraints_dirname_x330 +excluded;dirName.331 = nameConstraints_dirname_x331 +excluded;dirName.332 = nameConstraints_dirname_x332 +excluded;dirName.333 = nameConstraints_dirname_x333 +excluded;dirName.334 = nameConstraints_dirname_x334 +excluded;dirName.335 = nameConstraints_dirname_x335 +excluded;dirName.336 = nameConstraints_dirname_x336 +excluded;dirName.337 = nameConstraints_dirname_x337 +excluded;dirName.338 = nameConstraints_dirname_x338 +excluded;dirName.339 = nameConstraints_dirname_x339 +excluded;dirName.340 = nameConstraints_dirname_x340 +excluded;dirName.341 = nameConstraints_dirname_x341 +excluded;dirName.342 = nameConstraints_dirname_x342 +excluded;dirName.343 = nameConstraints_dirname_x343 +excluded;dirName.344 = nameConstraints_dirname_x344 +excluded;dirName.345 = nameConstraints_dirname_x345 +excluded;dirName.346 = nameConstraints_dirname_x346 +excluded;dirName.347 = nameConstraints_dirname_x347 +excluded;dirName.348 = nameConstraints_dirname_x348 +excluded;dirName.349 = nameConstraints_dirname_x349 +excluded;dirName.350 = nameConstraints_dirname_x350 +excluded;dirName.351 = nameConstraints_dirname_x351 +excluded;dirName.352 = nameConstraints_dirname_x352 +excluded;dirName.353 = nameConstraints_dirname_x353 +excluded;dirName.354 = nameConstraints_dirname_x354 +excluded;dirName.355 = nameConstraints_dirname_x355 +excluded;dirName.356 = nameConstraints_dirname_x356 +excluded;dirName.357 = nameConstraints_dirname_x357 +excluded;dirName.358 = nameConstraints_dirname_x358 +excluded;dirName.359 = nameConstraints_dirname_x359 +excluded;dirName.360 = nameConstraints_dirname_x360 +excluded;dirName.361 = nameConstraints_dirname_x361 +excluded;dirName.362 = nameConstraints_dirname_x362 +excluded;dirName.363 = nameConstraints_dirname_x363 +excluded;dirName.364 = nameConstraints_dirname_x364 +excluded;dirName.365 = nameConstraints_dirname_x365 +excluded;dirName.366 = nameConstraints_dirname_x366 +excluded;dirName.367 = nameConstraints_dirname_x367 +excluded;dirName.368 = nameConstraints_dirname_x368 +excluded;dirName.369 = nameConstraints_dirname_x369 +excluded;dirName.370 = nameConstraints_dirname_x370 +excluded;dirName.371 = nameConstraints_dirname_x371 +excluded;dirName.372 = nameConstraints_dirname_x372 +excluded;dirName.373 = nameConstraints_dirname_x373 +excluded;dirName.374 = nameConstraints_dirname_x374 +excluded;dirName.375 = nameConstraints_dirname_x375 +excluded;dirName.376 = nameConstraints_dirname_x376 +excluded;dirName.377 = nameConstraints_dirname_x377 +excluded;dirName.378 = nameConstraints_dirname_x378 +excluded;dirName.379 = nameConstraints_dirname_x379 +excluded;dirName.380 = nameConstraints_dirname_x380 +excluded;dirName.381 = nameConstraints_dirname_x381 +excluded;dirName.382 = nameConstraints_dirname_x382 +excluded;dirName.383 = nameConstraints_dirname_x383 +excluded;dirName.384 = nameConstraints_dirname_x384 +excluded;dirName.385 = nameConstraints_dirname_x385 +excluded;dirName.386 = nameConstraints_dirname_x386 +excluded;dirName.387 = nameConstraints_dirname_x387 +excluded;dirName.388 = nameConstraints_dirname_x388 +excluded;dirName.389 = nameConstraints_dirname_x389 +excluded;dirName.390 = nameConstraints_dirname_x390 +excluded;dirName.391 = nameConstraints_dirname_x391 +excluded;dirName.392 = nameConstraints_dirname_x392 +excluded;dirName.393 = nameConstraints_dirname_x393 +excluded;dirName.394 = nameConstraints_dirname_x394 +excluded;dirName.395 = nameConstraints_dirname_x395 +excluded;dirName.396 = nameConstraints_dirname_x396 +excluded;dirName.397 = nameConstraints_dirname_x397 +excluded;dirName.398 = nameConstraints_dirname_x398 +excluded;dirName.399 = nameConstraints_dirname_x399 +excluded;dirName.400 = nameConstraints_dirname_x400 +excluded;dirName.401 = nameConstraints_dirname_x401 +excluded;dirName.402 = nameConstraints_dirname_x402 +excluded;dirName.403 = nameConstraints_dirname_x403 +excluded;dirName.404 = nameConstraints_dirname_x404 +excluded;dirName.405 = nameConstraints_dirname_x405 +excluded;dirName.406 = nameConstraints_dirname_x406 +excluded;dirName.407 = nameConstraints_dirname_x407 +excluded;dirName.408 = nameConstraints_dirname_x408 +excluded;dirName.409 = nameConstraints_dirname_x409 +excluded;dirName.410 = nameConstraints_dirname_x410 +excluded;dirName.411 = nameConstraints_dirname_x411 +excluded;dirName.412 = nameConstraints_dirname_x412 +excluded;dirName.413 = nameConstraints_dirname_x413 +excluded;dirName.414 = nameConstraints_dirname_x414 +excluded;dirName.415 = nameConstraints_dirname_x415 +excluded;dirName.416 = nameConstraints_dirname_x416 +excluded;dirName.417 = nameConstraints_dirname_x417 +excluded;dirName.418 = nameConstraints_dirname_x418 +excluded;dirName.419 = nameConstraints_dirname_x419 +excluded;dirName.420 = nameConstraints_dirname_x420 +excluded;dirName.421 = nameConstraints_dirname_x421 +excluded;dirName.422 = nameConstraints_dirname_x422 +excluded;dirName.423 = nameConstraints_dirname_x423 +excluded;dirName.424 = nameConstraints_dirname_x424 +excluded;dirName.425 = nameConstraints_dirname_x425 +excluded;dirName.426 = nameConstraints_dirname_x426 +excluded;dirName.427 = nameConstraints_dirname_x427 +excluded;dirName.428 = nameConstraints_dirname_x428 +excluded;dirName.429 = nameConstraints_dirname_x429 +excluded;dirName.430 = nameConstraints_dirname_x430 +excluded;dirName.431 = nameConstraints_dirname_x431 +excluded;dirName.432 = nameConstraints_dirname_x432 +excluded;dirName.433 = nameConstraints_dirname_x433 +excluded;dirName.434 = nameConstraints_dirname_x434 +excluded;dirName.435 = nameConstraints_dirname_x435 +excluded;dirName.436 = nameConstraints_dirname_x436 +excluded;dirName.437 = nameConstraints_dirname_x437 +excluded;dirName.438 = nameConstraints_dirname_x438 +excluded;dirName.439 = nameConstraints_dirname_x439 +excluded;dirName.440 = nameConstraints_dirname_x440 +excluded;dirName.441 = nameConstraints_dirname_x441 +excluded;dirName.442 = nameConstraints_dirname_x442 +excluded;dirName.443 = nameConstraints_dirname_x443 +excluded;dirName.444 = nameConstraints_dirname_x444 +excluded;dirName.445 = nameConstraints_dirname_x445 +excluded;dirName.446 = nameConstraints_dirname_x446 +excluded;dirName.447 = nameConstraints_dirname_x447 +excluded;dirName.448 = nameConstraints_dirname_x448 +excluded;dirName.449 = nameConstraints_dirname_x449 +excluded;dirName.450 = nameConstraints_dirname_x450 +excluded;dirName.451 = nameConstraints_dirname_x451 +excluded;dirName.452 = nameConstraints_dirname_x452 +excluded;dirName.453 = nameConstraints_dirname_x453 +excluded;dirName.454 = nameConstraints_dirname_x454 +excluded;dirName.455 = nameConstraints_dirname_x455 +excluded;dirName.456 = nameConstraints_dirname_x456 +excluded;dirName.457 = nameConstraints_dirname_x457 +excluded;dirName.458 = nameConstraints_dirname_x458 +excluded;dirName.459 = nameConstraints_dirname_x459 +excluded;dirName.460 = nameConstraints_dirname_x460 +excluded;dirName.461 = nameConstraints_dirname_x461 +excluded;dirName.462 = nameConstraints_dirname_x462 +excluded;dirName.463 = nameConstraints_dirname_x463 +excluded;dirName.464 = nameConstraints_dirname_x464 +excluded;dirName.465 = nameConstraints_dirname_x465 +excluded;dirName.466 = nameConstraints_dirname_x466 +excluded;dirName.467 = nameConstraints_dirname_x467 +excluded;dirName.468 = nameConstraints_dirname_x468 +excluded;dirName.469 = nameConstraints_dirname_x469 +excluded;dirName.470 = nameConstraints_dirname_x470 +excluded;dirName.471 = nameConstraints_dirname_x471 +excluded;dirName.472 = nameConstraints_dirname_x472 +excluded;dirName.473 = nameConstraints_dirname_x473 +excluded;dirName.474 = nameConstraints_dirname_x474 +excluded;dirName.475 = nameConstraints_dirname_x475 +excluded;dirName.476 = nameConstraints_dirname_x476 +excluded;dirName.477 = nameConstraints_dirname_x477 +excluded;dirName.478 = nameConstraints_dirname_x478 +excluded;dirName.479 = nameConstraints_dirname_x479 +excluded;dirName.480 = nameConstraints_dirname_x480 +excluded;dirName.481 = nameConstraints_dirname_x481 +excluded;dirName.482 = nameConstraints_dirname_x482 +excluded;dirName.483 = nameConstraints_dirname_x483 +excluded;dirName.484 = nameConstraints_dirname_x484 +excluded;dirName.485 = nameConstraints_dirname_x485 +excluded;dirName.486 = nameConstraints_dirname_x486 +excluded;dirName.487 = nameConstraints_dirname_x487 +excluded;dirName.488 = nameConstraints_dirname_x488 +excluded;dirName.489 = nameConstraints_dirname_x489 +excluded;dirName.490 = nameConstraints_dirname_x490 +excluded;dirName.491 = nameConstraints_dirname_x491 +excluded;dirName.492 = nameConstraints_dirname_x492 +excluded;dirName.493 = nameConstraints_dirname_x493 +excluded;dirName.494 = nameConstraints_dirname_x494 +excluded;dirName.495 = nameConstraints_dirname_x495 +excluded;dirName.496 = nameConstraints_dirname_x496 +excluded;dirName.497 = nameConstraints_dirname_x497 +excluded;dirName.498 = nameConstraints_dirname_x498 +excluded;dirName.499 = nameConstraints_dirname_x499 +excluded;dirName.500 = nameConstraints_dirname_x500 +excluded;dirName.501 = nameConstraints_dirname_x501 +excluded;dirName.502 = nameConstraints_dirname_x502 +excluded;dirName.503 = nameConstraints_dirname_x503 +excluded;dirName.504 = nameConstraints_dirname_x504 +excluded;dirName.505 = nameConstraints_dirname_x505 +excluded;dirName.506 = nameConstraints_dirname_x506 +excluded;dirName.507 = nameConstraints_dirname_x507 +excluded;dirName.508 = nameConstraints_dirname_x508 +excluded;dirName.509 = nameConstraints_dirname_x509 +excluded;dirName.510 = nameConstraints_dirname_x510 +excluded;dirName.511 = nameConstraints_dirname_x511 +excluded;dirName.512 = nameConstraints_dirname_x512 +excluded;dirName.513 = nameConstraints_dirname_x513 +excluded;dirName.514 = nameConstraints_dirname_x514 +excluded;dirName.515 = nameConstraints_dirname_x515 +excluded;dirName.516 = nameConstraints_dirname_x516 +excluded;dirName.517 = nameConstraints_dirname_x517 +excluded;dirName.518 = nameConstraints_dirname_x518 +excluded;dirName.519 = nameConstraints_dirname_x519 +excluded;dirName.520 = nameConstraints_dirname_x520 +excluded;dirName.521 = nameConstraints_dirname_x521 +excluded;dirName.522 = nameConstraints_dirname_x522 +excluded;dirName.523 = nameConstraints_dirname_x523 +excluded;dirName.524 = nameConstraints_dirname_x524 +excluded;dirName.525 = nameConstraints_dirname_x525 +excluded;dirName.526 = nameConstraints_dirname_x526 +excluded;dirName.527 = nameConstraints_dirname_x527 +excluded;dirName.528 = nameConstraints_dirname_x528 +excluded;dirName.529 = nameConstraints_dirname_x529 +excluded;dirName.530 = nameConstraints_dirname_x530 +excluded;dirName.531 = nameConstraints_dirname_x531 +excluded;dirName.532 = nameConstraints_dirname_x532 +excluded;dirName.533 = nameConstraints_dirname_x533 +excluded;dirName.534 = nameConstraints_dirname_x534 +excluded;dirName.535 = nameConstraints_dirname_x535 +excluded;dirName.536 = nameConstraints_dirname_x536 +excluded;dirName.537 = nameConstraints_dirname_x537 +excluded;dirName.538 = nameConstraints_dirname_x538 +excluded;dirName.539 = nameConstraints_dirname_x539 +excluded;dirName.540 = nameConstraints_dirname_x540 +excluded;dirName.541 = nameConstraints_dirname_x541 +excluded;dirName.542 = nameConstraints_dirname_x542 +excluded;dirName.543 = nameConstraints_dirname_x543 +excluded;dirName.544 = nameConstraints_dirname_x544 +excluded;dirName.545 = nameConstraints_dirname_x545 +excluded;dirName.546 = nameConstraints_dirname_x546 +excluded;dirName.547 = nameConstraints_dirname_x547 +excluded;dirName.548 = nameConstraints_dirname_x548 +excluded;dirName.549 = nameConstraints_dirname_x549 +excluded;dirName.550 = nameConstraints_dirname_x550 +excluded;dirName.551 = nameConstraints_dirname_x551 +excluded;dirName.552 = nameConstraints_dirname_x552 +excluded;dirName.553 = nameConstraints_dirname_x553 +excluded;dirName.554 = nameConstraints_dirname_x554 +excluded;dirName.555 = nameConstraints_dirname_x555 +excluded;dirName.556 = nameConstraints_dirname_x556 +excluded;dirName.557 = nameConstraints_dirname_x557 +excluded;dirName.558 = nameConstraints_dirname_x558 +excluded;dirName.559 = nameConstraints_dirname_x559 +excluded;dirName.560 = nameConstraints_dirname_x560 +excluded;dirName.561 = nameConstraints_dirname_x561 +excluded;dirName.562 = nameConstraints_dirname_x562 +excluded;dirName.563 = nameConstraints_dirname_x563 +excluded;dirName.564 = nameConstraints_dirname_x564 +excluded;dirName.565 = nameConstraints_dirname_x565 +excluded;dirName.566 = nameConstraints_dirname_x566 +excluded;dirName.567 = nameConstraints_dirname_x567 +excluded;dirName.568 = nameConstraints_dirname_x568 +excluded;dirName.569 = nameConstraints_dirname_x569 +excluded;dirName.570 = nameConstraints_dirname_x570 +excluded;dirName.571 = nameConstraints_dirname_x571 +excluded;dirName.572 = nameConstraints_dirname_x572 +excluded;dirName.573 = nameConstraints_dirname_x573 +excluded;dirName.574 = nameConstraints_dirname_x574 +excluded;dirName.575 = nameConstraints_dirname_x575 +excluded;dirName.576 = nameConstraints_dirname_x576 +excluded;dirName.577 = nameConstraints_dirname_x577 +excluded;dirName.578 = nameConstraints_dirname_x578 +excluded;dirName.579 = nameConstraints_dirname_x579 +excluded;dirName.580 = nameConstraints_dirname_x580 +excluded;dirName.581 = nameConstraints_dirname_x581 +excluded;dirName.582 = nameConstraints_dirname_x582 +excluded;dirName.583 = nameConstraints_dirname_x583 +excluded;dirName.584 = nameConstraints_dirname_x584 +excluded;dirName.585 = nameConstraints_dirname_x585 +excluded;dirName.586 = nameConstraints_dirname_x586 +excluded;dirName.587 = nameConstraints_dirname_x587 +excluded;dirName.588 = nameConstraints_dirname_x588 +excluded;dirName.589 = nameConstraints_dirname_x589 +excluded;dirName.590 = nameConstraints_dirname_x590 +excluded;dirName.591 = nameConstraints_dirname_x591 +excluded;dirName.592 = nameConstraints_dirname_x592 +excluded;dirName.593 = nameConstraints_dirname_x593 +excluded;dirName.594 = nameConstraints_dirname_x594 +excluded;dirName.595 = nameConstraints_dirname_x595 +excluded;dirName.596 = nameConstraints_dirname_x596 +excluded;dirName.597 = nameConstraints_dirname_x597 +excluded;dirName.598 = nameConstraints_dirname_x598 +excluded;dirName.599 = nameConstraints_dirname_x599 +excluded;dirName.600 = nameConstraints_dirname_x600 +excluded;dirName.601 = nameConstraints_dirname_x601 +excluded;dirName.602 = nameConstraints_dirname_x602 +excluded;dirName.603 = nameConstraints_dirname_x603 +excluded;dirName.604 = nameConstraints_dirname_x604 +excluded;dirName.605 = nameConstraints_dirname_x605 +excluded;dirName.606 = nameConstraints_dirname_x606 +excluded;dirName.607 = nameConstraints_dirname_x607 +excluded;dirName.608 = nameConstraints_dirname_x608 +excluded;dirName.609 = nameConstraints_dirname_x609 +excluded;dirName.610 = nameConstraints_dirname_x610 +excluded;dirName.611 = nameConstraints_dirname_x611 +excluded;dirName.612 = nameConstraints_dirname_x612 +excluded;dirName.613 = nameConstraints_dirname_x613 +excluded;dirName.614 = nameConstraints_dirname_x614 +excluded;dirName.615 = nameConstraints_dirname_x615 +excluded;dirName.616 = nameConstraints_dirname_x616 +excluded;dirName.617 = nameConstraints_dirname_x617 +excluded;dirName.618 = nameConstraints_dirname_x618 +excluded;dirName.619 = nameConstraints_dirname_x619 +excluded;dirName.620 = nameConstraints_dirname_x620 +excluded;dirName.621 = nameConstraints_dirname_x621 +excluded;dirName.622 = nameConstraints_dirname_x622 +excluded;dirName.623 = nameConstraints_dirname_x623 +excluded;dirName.624 = nameConstraints_dirname_x624 +excluded;dirName.625 = nameConstraints_dirname_x625 +excluded;dirName.626 = nameConstraints_dirname_x626 +excluded;dirName.627 = nameConstraints_dirname_x627 +excluded;dirName.628 = nameConstraints_dirname_x628 +excluded;dirName.629 = nameConstraints_dirname_x629 +excluded;dirName.630 = nameConstraints_dirname_x630 +excluded;dirName.631 = nameConstraints_dirname_x631 +excluded;dirName.632 = nameConstraints_dirname_x632 +excluded;dirName.633 = nameConstraints_dirname_x633 +excluded;dirName.634 = nameConstraints_dirname_x634 +excluded;dirName.635 = nameConstraints_dirname_x635 +excluded;dirName.636 = nameConstraints_dirname_x636 +excluded;dirName.637 = nameConstraints_dirname_x637 +excluded;dirName.638 = nameConstraints_dirname_x638 +excluded;dirName.639 = nameConstraints_dirname_x639 +excluded;dirName.640 = nameConstraints_dirname_x640 +excluded;dirName.641 = nameConstraints_dirname_x641 +excluded;dirName.642 = nameConstraints_dirname_x642 +excluded;dirName.643 = nameConstraints_dirname_x643 +excluded;dirName.644 = nameConstraints_dirname_x644 +excluded;dirName.645 = nameConstraints_dirname_x645 +excluded;dirName.646 = nameConstraints_dirname_x646 +excluded;dirName.647 = nameConstraints_dirname_x647 +excluded;dirName.648 = nameConstraints_dirname_x648 +excluded;dirName.649 = nameConstraints_dirname_x649 +excluded;dirName.650 = nameConstraints_dirname_x650 +excluded;dirName.651 = nameConstraints_dirname_x651 +excluded;dirName.652 = nameConstraints_dirname_x652 +excluded;dirName.653 = nameConstraints_dirname_x653 +excluded;dirName.654 = nameConstraints_dirname_x654 +excluded;dirName.655 = nameConstraints_dirname_x655 +excluded;dirName.656 = nameConstraints_dirname_x656 +excluded;dirName.657 = nameConstraints_dirname_x657 +excluded;dirName.658 = nameConstraints_dirname_x658 +excluded;dirName.659 = nameConstraints_dirname_x659 +excluded;dirName.660 = nameConstraints_dirname_x660 +excluded;dirName.661 = nameConstraints_dirname_x661 +excluded;dirName.662 = nameConstraints_dirname_x662 +excluded;dirName.663 = nameConstraints_dirname_x663 +excluded;dirName.664 = nameConstraints_dirname_x664 +excluded;dirName.665 = nameConstraints_dirname_x665 +excluded;dirName.666 = nameConstraints_dirname_x666 +excluded;dirName.667 = nameConstraints_dirname_x667 +excluded;dirName.668 = nameConstraints_dirname_x668 +excluded;dirName.669 = nameConstraints_dirname_x669 +excluded;dirName.670 = nameConstraints_dirname_x670 +excluded;dirName.671 = nameConstraints_dirname_x671 +excluded;dirName.672 = nameConstraints_dirname_x672 +excluded;dirName.673 = nameConstraints_dirname_x673 +excluded;dirName.674 = nameConstraints_dirname_x674 +excluded;dirName.675 = nameConstraints_dirname_x675 +excluded;dirName.676 = nameConstraints_dirname_x676 +excluded;dirName.677 = nameConstraints_dirname_x677 +excluded;dirName.678 = nameConstraints_dirname_x678 +excluded;dirName.679 = nameConstraints_dirname_x679 +excluded;dirName.680 = nameConstraints_dirname_x680 +excluded;dirName.681 = nameConstraints_dirname_x681 +excluded;dirName.682 = nameConstraints_dirname_x682 +excluded;dirName.683 = nameConstraints_dirname_x683 +excluded;dirName.684 = nameConstraints_dirname_x684 +excluded;dirName.685 = nameConstraints_dirname_x685 +excluded;dirName.686 = nameConstraints_dirname_x686 +excluded;dirName.687 = nameConstraints_dirname_x687 +excluded;dirName.688 = nameConstraints_dirname_x688 +excluded;dirName.689 = nameConstraints_dirname_x689 +excluded;dirName.690 = nameConstraints_dirname_x690 +excluded;dirName.691 = nameConstraints_dirname_x691 +excluded;dirName.692 = nameConstraints_dirname_x692 +excluded;dirName.693 = nameConstraints_dirname_x693 +excluded;dirName.694 = nameConstraints_dirname_x694 +excluded;dirName.695 = nameConstraints_dirname_x695 +excluded;dirName.696 = nameConstraints_dirname_x696 +excluded;dirName.697 = nameConstraints_dirname_x697 +excluded;dirName.698 = nameConstraints_dirname_x698 +excluded;dirName.699 = nameConstraints_dirname_x699 +excluded;dirName.700 = nameConstraints_dirname_x700 +excluded;dirName.701 = nameConstraints_dirname_x701 +excluded;dirName.702 = nameConstraints_dirname_x702 +excluded;dirName.703 = nameConstraints_dirname_x703 +excluded;dirName.704 = nameConstraints_dirname_x704 +excluded;dirName.705 = nameConstraints_dirname_x705 +excluded;dirName.706 = nameConstraints_dirname_x706 +excluded;dirName.707 = nameConstraints_dirname_x707 +excluded;dirName.708 = nameConstraints_dirname_x708 +excluded;dirName.709 = nameConstraints_dirname_x709 +excluded;dirName.710 = nameConstraints_dirname_x710 +excluded;dirName.711 = nameConstraints_dirname_x711 +excluded;dirName.712 = nameConstraints_dirname_x712 +excluded;dirName.713 = nameConstraints_dirname_x713 +excluded;dirName.714 = nameConstraints_dirname_x714 +excluded;dirName.715 = nameConstraints_dirname_x715 +excluded;dirName.716 = nameConstraints_dirname_x716 +excluded;dirName.717 = nameConstraints_dirname_x717 +excluded;dirName.718 = nameConstraints_dirname_x718 +excluded;dirName.719 = nameConstraints_dirname_x719 +excluded;dirName.720 = nameConstraints_dirname_x720 +excluded;dirName.721 = nameConstraints_dirname_x721 +excluded;dirName.722 = nameConstraints_dirname_x722 +excluded;dirName.723 = nameConstraints_dirname_x723 +excluded;dirName.724 = nameConstraints_dirname_x724 +excluded;dirName.725 = nameConstraints_dirname_x725 +excluded;dirName.726 = nameConstraints_dirname_x726 +excluded;dirName.727 = nameConstraints_dirname_x727 +excluded;dirName.728 = nameConstraints_dirname_x728 +excluded;dirName.729 = nameConstraints_dirname_x729 +excluded;dirName.730 = nameConstraints_dirname_x730 +excluded;dirName.731 = nameConstraints_dirname_x731 +excluded;dirName.732 = nameConstraints_dirname_x732 +excluded;dirName.733 = nameConstraints_dirname_x733 +excluded;dirName.734 = nameConstraints_dirname_x734 +excluded;dirName.735 = nameConstraints_dirname_x735 +excluded;dirName.736 = nameConstraints_dirname_x736 +excluded;dirName.737 = nameConstraints_dirname_x737 +excluded;dirName.738 = nameConstraints_dirname_x738 +excluded;dirName.739 = nameConstraints_dirname_x739 +excluded;dirName.740 = nameConstraints_dirname_x740 +excluded;dirName.741 = nameConstraints_dirname_x741 +excluded;dirName.742 = nameConstraints_dirname_x742 +excluded;dirName.743 = nameConstraints_dirname_x743 +excluded;dirName.744 = nameConstraints_dirname_x744 +excluded;dirName.745 = nameConstraints_dirname_x745 +excluded;dirName.746 = nameConstraints_dirname_x746 +excluded;dirName.747 = nameConstraints_dirname_x747 +excluded;dirName.748 = nameConstraints_dirname_x748 +excluded;dirName.749 = nameConstraints_dirname_x749 +excluded;dirName.750 = nameConstraints_dirname_x750 +excluded;dirName.751 = nameConstraints_dirname_x751 +excluded;dirName.752 = nameConstraints_dirname_x752 +excluded;dirName.753 = nameConstraints_dirname_x753 +excluded;dirName.754 = nameConstraints_dirname_x754 +excluded;dirName.755 = nameConstraints_dirname_x755 +excluded;dirName.756 = nameConstraints_dirname_x756 +excluded;dirName.757 = nameConstraints_dirname_x757 +excluded;dirName.758 = nameConstraints_dirname_x758 +excluded;dirName.759 = nameConstraints_dirname_x759 +excluded;dirName.760 = nameConstraints_dirname_x760 +excluded;dirName.761 = nameConstraints_dirname_x761 +excluded;dirName.762 = nameConstraints_dirname_x762 +excluded;dirName.763 = nameConstraints_dirname_x763 +excluded;dirName.764 = nameConstraints_dirname_x764 +excluded;dirName.765 = nameConstraints_dirname_x765 +excluded;dirName.766 = nameConstraints_dirname_x766 +excluded;dirName.767 = nameConstraints_dirname_x767 +excluded;dirName.768 = nameConstraints_dirname_x768 +excluded;dirName.769 = nameConstraints_dirname_x769 +excluded;dirName.770 = nameConstraints_dirname_x770 +excluded;dirName.771 = nameConstraints_dirname_x771 +excluded;dirName.772 = nameConstraints_dirname_x772 +excluded;dirName.773 = nameConstraints_dirname_x773 +excluded;dirName.774 = nameConstraints_dirname_x774 +excluded;dirName.775 = nameConstraints_dirname_x775 +excluded;dirName.776 = nameConstraints_dirname_x776 +excluded;dirName.777 = nameConstraints_dirname_x777 +excluded;dirName.778 = nameConstraints_dirname_x778 +excluded;dirName.779 = nameConstraints_dirname_x779 +excluded;dirName.780 = nameConstraints_dirname_x780 +excluded;dirName.781 = nameConstraints_dirname_x781 +excluded;dirName.782 = nameConstraints_dirname_x782 +excluded;dirName.783 = nameConstraints_dirname_x783 +excluded;dirName.784 = nameConstraints_dirname_x784 +excluded;dirName.785 = nameConstraints_dirname_x785 +excluded;dirName.786 = nameConstraints_dirname_x786 +excluded;dirName.787 = nameConstraints_dirname_x787 +excluded;dirName.788 = nameConstraints_dirname_x788 +excluded;dirName.789 = nameConstraints_dirname_x789 +excluded;dirName.790 = nameConstraints_dirname_x790 +excluded;dirName.791 = nameConstraints_dirname_x791 +excluded;dirName.792 = nameConstraints_dirname_x792 +excluded;dirName.793 = nameConstraints_dirname_x793 +excluded;dirName.794 = nameConstraints_dirname_x794 +excluded;dirName.795 = nameConstraints_dirname_x795 +excluded;dirName.796 = nameConstraints_dirname_x796 +excluded;dirName.797 = nameConstraints_dirname_x797 +excluded;dirName.798 = nameConstraints_dirname_x798 +excluded;dirName.799 = nameConstraints_dirname_x799 +excluded;dirName.800 = nameConstraints_dirname_x800 +excluded;dirName.801 = nameConstraints_dirname_x801 +excluded;dirName.802 = nameConstraints_dirname_x802 +excluded;dirName.803 = nameConstraints_dirname_x803 +excluded;dirName.804 = nameConstraints_dirname_x804 +excluded;dirName.805 = nameConstraints_dirname_x805 +excluded;dirName.806 = nameConstraints_dirname_x806 +excluded;dirName.807 = nameConstraints_dirname_x807 +excluded;dirName.808 = nameConstraints_dirname_x808 +excluded;dirName.809 = nameConstraints_dirname_x809 +excluded;dirName.810 = nameConstraints_dirname_x810 +excluded;dirName.811 = nameConstraints_dirname_x811 +excluded;dirName.812 = nameConstraints_dirname_x812 +excluded;dirName.813 = nameConstraints_dirname_x813 +excluded;dirName.814 = nameConstraints_dirname_x814 +excluded;dirName.815 = nameConstraints_dirname_x815 +excluded;dirName.816 = nameConstraints_dirname_x816 +excluded;dirName.817 = nameConstraints_dirname_x817 +excluded;dirName.818 = nameConstraints_dirname_x818 +excluded;dirName.819 = nameConstraints_dirname_x819 +excluded;dirName.820 = nameConstraints_dirname_x820 +excluded;dirName.821 = nameConstraints_dirname_x821 +excluded;dirName.822 = nameConstraints_dirname_x822 +excluded;dirName.823 = nameConstraints_dirname_x823 +excluded;dirName.824 = nameConstraints_dirname_x824 +excluded;dirName.825 = nameConstraints_dirname_x825 +excluded;dirName.826 = nameConstraints_dirname_x826 +excluded;dirName.827 = nameConstraints_dirname_x827 +excluded;dirName.828 = nameConstraints_dirname_x828 +excluded;dirName.829 = nameConstraints_dirname_x829 +excluded;dirName.830 = nameConstraints_dirname_x830 +excluded;dirName.831 = nameConstraints_dirname_x831 +excluded;dirName.832 = nameConstraints_dirname_x832 +excluded;dirName.833 = nameConstraints_dirname_x833 +excluded;dirName.834 = nameConstraints_dirname_x834 +excluded;dirName.835 = nameConstraints_dirname_x835 +excluded;dirName.836 = nameConstraints_dirname_x836 +excluded;dirName.837 = nameConstraints_dirname_x837 +excluded;dirName.838 = nameConstraints_dirname_x838 +excluded;dirName.839 = nameConstraints_dirname_x839 +excluded;dirName.840 = nameConstraints_dirname_x840 +excluded;dirName.841 = nameConstraints_dirname_x841 +excluded;dirName.842 = nameConstraints_dirname_x842 +excluded;dirName.843 = nameConstraints_dirname_x843 +excluded;dirName.844 = nameConstraints_dirname_x844 +excluded;dirName.845 = nameConstraints_dirname_x845 +excluded;dirName.846 = nameConstraints_dirname_x846 +excluded;dirName.847 = nameConstraints_dirname_x847 +excluded;dirName.848 = nameConstraints_dirname_x848 +excluded;dirName.849 = nameConstraints_dirname_x849 +excluded;dirName.850 = nameConstraints_dirname_x850 +excluded;dirName.851 = nameConstraints_dirname_x851 +excluded;dirName.852 = nameConstraints_dirname_x852 +excluded;dirName.853 = nameConstraints_dirname_x853 +excluded;dirName.854 = nameConstraints_dirname_x854 +excluded;dirName.855 = nameConstraints_dirname_x855 +excluded;dirName.856 = nameConstraints_dirname_x856 +excluded;dirName.857 = nameConstraints_dirname_x857 +excluded;dirName.858 = nameConstraints_dirname_x858 +excluded;dirName.859 = nameConstraints_dirname_x859 +excluded;dirName.860 = nameConstraints_dirname_x860 +excluded;dirName.861 = nameConstraints_dirname_x861 +excluded;dirName.862 = nameConstraints_dirname_x862 +excluded;dirName.863 = nameConstraints_dirname_x863 +excluded;dirName.864 = nameConstraints_dirname_x864 +excluded;dirName.865 = nameConstraints_dirname_x865 +excluded;dirName.866 = nameConstraints_dirname_x866 +excluded;dirName.867 = nameConstraints_dirname_x867 +excluded;dirName.868 = nameConstraints_dirname_x868 +excluded;dirName.869 = nameConstraints_dirname_x869 +excluded;dirName.870 = nameConstraints_dirname_x870 +excluded;dirName.871 = nameConstraints_dirname_x871 +excluded;dirName.872 = nameConstraints_dirname_x872 +excluded;dirName.873 = nameConstraints_dirname_x873 +excluded;dirName.874 = nameConstraints_dirname_x874 +excluded;dirName.875 = nameConstraints_dirname_x875 +excluded;dirName.876 = nameConstraints_dirname_x876 +excluded;dirName.877 = nameConstraints_dirname_x877 +excluded;dirName.878 = nameConstraints_dirname_x878 +excluded;dirName.879 = nameConstraints_dirname_x879 +excluded;dirName.880 = nameConstraints_dirname_x880 +excluded;dirName.881 = nameConstraints_dirname_x881 +excluded;dirName.882 = nameConstraints_dirname_x882 +excluded;dirName.883 = nameConstraints_dirname_x883 +excluded;dirName.884 = nameConstraints_dirname_x884 +excluded;dirName.885 = nameConstraints_dirname_x885 +excluded;dirName.886 = nameConstraints_dirname_x886 +excluded;dirName.887 = nameConstraints_dirname_x887 +excluded;dirName.888 = nameConstraints_dirname_x888 +excluded;dirName.889 = nameConstraints_dirname_x889 +excluded;dirName.890 = nameConstraints_dirname_x890 +excluded;dirName.891 = nameConstraints_dirname_x891 +excluded;dirName.892 = nameConstraints_dirname_x892 +excluded;dirName.893 = nameConstraints_dirname_x893 +excluded;dirName.894 = nameConstraints_dirname_x894 +excluded;dirName.895 = nameConstraints_dirname_x895 +excluded;dirName.896 = nameConstraints_dirname_x896 +excluded;dirName.897 = nameConstraints_dirname_x897 +excluded;dirName.898 = nameConstraints_dirname_x898 +excluded;dirName.899 = nameConstraints_dirname_x899 +excluded;dirName.900 = nameConstraints_dirname_x900 +excluded;dirName.901 = nameConstraints_dirname_x901 +excluded;dirName.902 = nameConstraints_dirname_x902 +excluded;dirName.903 = nameConstraints_dirname_x903 +excluded;dirName.904 = nameConstraints_dirname_x904 +excluded;dirName.905 = nameConstraints_dirname_x905 +excluded;dirName.906 = nameConstraints_dirname_x906 +excluded;dirName.907 = nameConstraints_dirname_x907 +excluded;dirName.908 = nameConstraints_dirname_x908 +excluded;dirName.909 = nameConstraints_dirname_x909 +excluded;dirName.910 = nameConstraints_dirname_x910 +excluded;dirName.911 = nameConstraints_dirname_x911 +excluded;dirName.912 = nameConstraints_dirname_x912 +excluded;dirName.913 = nameConstraints_dirname_x913 +excluded;dirName.914 = nameConstraints_dirname_x914 +excluded;dirName.915 = nameConstraints_dirname_x915 +excluded;dirName.916 = nameConstraints_dirname_x916 +excluded;dirName.917 = nameConstraints_dirname_x917 +excluded;dirName.918 = nameConstraints_dirname_x918 +excluded;dirName.919 = nameConstraints_dirname_x919 +excluded;dirName.920 = nameConstraints_dirname_x920 +excluded;dirName.921 = nameConstraints_dirname_x921 +excluded;dirName.922 = nameConstraints_dirname_x922 +excluded;dirName.923 = nameConstraints_dirname_x923 +excluded;dirName.924 = nameConstraints_dirname_x924 +excluded;dirName.925 = nameConstraints_dirname_x925 +excluded;dirName.926 = nameConstraints_dirname_x926 +excluded;dirName.927 = nameConstraints_dirname_x927 +excluded;dirName.928 = nameConstraints_dirname_x928 +excluded;dirName.929 = nameConstraints_dirname_x929 +excluded;dirName.930 = nameConstraints_dirname_x930 +excluded;dirName.931 = nameConstraints_dirname_x931 +excluded;dirName.932 = nameConstraints_dirname_x932 +excluded;dirName.933 = nameConstraints_dirname_x933 +excluded;dirName.934 = nameConstraints_dirname_x934 +excluded;dirName.935 = nameConstraints_dirname_x935 +excluded;dirName.936 = nameConstraints_dirname_x936 +excluded;dirName.937 = nameConstraints_dirname_x937 +excluded;dirName.938 = nameConstraints_dirname_x938 +excluded;dirName.939 = nameConstraints_dirname_x939 +excluded;dirName.940 = nameConstraints_dirname_x940 +excluded;dirName.941 = nameConstraints_dirname_x941 +excluded;dirName.942 = nameConstraints_dirname_x942 +excluded;dirName.943 = nameConstraints_dirname_x943 +excluded;dirName.944 = nameConstraints_dirname_x944 +excluded;dirName.945 = nameConstraints_dirname_x945 +excluded;dirName.946 = nameConstraints_dirname_x946 +excluded;dirName.947 = nameConstraints_dirname_x947 +excluded;dirName.948 = nameConstraints_dirname_x948 +excluded;dirName.949 = nameConstraints_dirname_x949 +excluded;dirName.950 = nameConstraints_dirname_x950 +excluded;dirName.951 = nameConstraints_dirname_x951 +excluded;dirName.952 = nameConstraints_dirname_x952 +excluded;dirName.953 = nameConstraints_dirname_x953 +excluded;dirName.954 = nameConstraints_dirname_x954 +excluded;dirName.955 = nameConstraints_dirname_x955 +excluded;dirName.956 = nameConstraints_dirname_x956 +excluded;dirName.957 = nameConstraints_dirname_x957 +excluded;dirName.958 = nameConstraints_dirname_x958 +excluded;dirName.959 = nameConstraints_dirname_x959 +excluded;dirName.960 = nameConstraints_dirname_x960 +excluded;dirName.961 = nameConstraints_dirname_x961 +excluded;dirName.962 = nameConstraints_dirname_x962 +excluded;dirName.963 = nameConstraints_dirname_x963 +excluded;dirName.964 = nameConstraints_dirname_x964 +excluded;dirName.965 = nameConstraints_dirname_x965 +excluded;dirName.966 = nameConstraints_dirname_x966 +excluded;dirName.967 = nameConstraints_dirname_x967 +excluded;dirName.968 = nameConstraints_dirname_x968 +excluded;dirName.969 = nameConstraints_dirname_x969 +excluded;dirName.970 = nameConstraints_dirname_x970 +excluded;dirName.971 = nameConstraints_dirname_x971 +excluded;dirName.972 = nameConstraints_dirname_x972 +excluded;dirName.973 = nameConstraints_dirname_x973 +excluded;dirName.974 = nameConstraints_dirname_x974 +excluded;dirName.975 = nameConstraints_dirname_x975 +excluded;dirName.976 = nameConstraints_dirname_x976 +excluded;dirName.977 = nameConstraints_dirname_x977 +excluded;dirName.978 = nameConstraints_dirname_x978 +excluded;dirName.979 = nameConstraints_dirname_x979 +excluded;dirName.980 = nameConstraints_dirname_x980 +excluded;dirName.981 = nameConstraints_dirname_x981 +excluded;dirName.982 = nameConstraints_dirname_x982 +excluded;dirName.983 = nameConstraints_dirname_x983 +excluded;dirName.984 = nameConstraints_dirname_x984 +excluded;dirName.985 = nameConstraints_dirname_x985 +excluded;dirName.986 = nameConstraints_dirname_x986 +excluded;dirName.987 = nameConstraints_dirname_x987 +excluded;dirName.988 = nameConstraints_dirname_x988 +excluded;dirName.989 = nameConstraints_dirname_x989 +excluded;dirName.990 = nameConstraints_dirname_x990 +excluded;dirName.991 = nameConstraints_dirname_x991 +excluded;dirName.992 = nameConstraints_dirname_x992 +excluded;dirName.993 = nameConstraints_dirname_x993 +excluded;dirName.994 = nameConstraints_dirname_x994 +excluded;dirName.995 = nameConstraints_dirname_x995 +excluded;dirName.996 = nameConstraints_dirname_x996 +excluded;dirName.997 = nameConstraints_dirname_x997 +excluded;dirName.998 = nameConstraints_dirname_x998 +excluded;dirName.999 = nameConstraints_dirname_x999 +excluded;dirName.1000 = nameConstraints_dirname_x1000 +excluded;dirName.1001 = nameConstraints_dirname_x1001 +excluded;dirName.1002 = nameConstraints_dirname_x1002 +excluded;dirName.1003 = nameConstraints_dirname_x1003 +excluded;dirName.1004 = nameConstraints_dirname_x1004 +excluded;dirName.1005 = nameConstraints_dirname_x1005 +excluded;dirName.1006 = nameConstraints_dirname_x1006 +excluded;dirName.1007 = nameConstraints_dirname_x1007 +excluded;dirName.1008 = nameConstraints_dirname_x1008 +excluded;dirName.1009 = nameConstraints_dirname_x1009 +excluded;dirName.1010 = nameConstraints_dirname_x1010 +excluded;dirName.1011 = nameConstraints_dirname_x1011 +excluded;dirName.1012 = nameConstraints_dirname_x1012 +excluded;dirName.1013 = nameConstraints_dirname_x1013 +excluded;dirName.1014 = nameConstraints_dirname_x1014 +excluded;dirName.1015 = nameConstraints_dirname_x1015 +excluded;dirName.1016 = nameConstraints_dirname_x1016 +excluded;dirName.1017 = nameConstraints_dirname_x1017 +excluded;dirName.1018 = nameConstraints_dirname_x1018 +excluded;dirName.1019 = nameConstraints_dirname_x1019 +excluded;dirName.1020 = nameConstraints_dirname_x1020 +excluded;dirName.1021 = nameConstraints_dirname_x1021 +excluded;dirName.1022 = nameConstraints_dirname_x1022 +excluded;dirName.1023 = nameConstraints_dirname_x1023 +excluded;dirName.1024 = nameConstraints_dirname_x1024 +excluded;dirName.1025 = nameConstraints_dirname_x1025 + +[nameConstraints_dirname_x1] +commonName = "x0 + +[nameConstraints_dirname_x2] +commonName = "x1 + +[nameConstraints_dirname_x3] +commonName = "x2 + +[nameConstraints_dirname_x4] +commonName = "x3 + +[nameConstraints_dirname_x5] +commonName = "x4 + +[nameConstraints_dirname_x6] +commonName = "x5 + +[nameConstraints_dirname_x7] +commonName = "x6 + +[nameConstraints_dirname_x8] +commonName = "x7 + +[nameConstraints_dirname_x9] +commonName = "x8 + +[nameConstraints_dirname_x10] +commonName = "x9 + +[nameConstraints_dirname_x11] +commonName = "x10 + +[nameConstraints_dirname_x12] +commonName = "x11 + +[nameConstraints_dirname_x13] +commonName = "x12 + +[nameConstraints_dirname_x14] +commonName = "x13 + +[nameConstraints_dirname_x15] +commonName = "x14 + +[nameConstraints_dirname_x16] +commonName = "x15 + +[nameConstraints_dirname_x17] +commonName = "x16 + +[nameConstraints_dirname_x18] +commonName = "x17 + +[nameConstraints_dirname_x19] +commonName = "x18 + +[nameConstraints_dirname_x20] +commonName = "x19 + +[nameConstraints_dirname_x21] +commonName = "x20 + +[nameConstraints_dirname_x22] +commonName = "x21 + +[nameConstraints_dirname_x23] +commonName = "x22 + +[nameConstraints_dirname_x24] +commonName = "x23 + +[nameConstraints_dirname_x25] +commonName = "x24 + +[nameConstraints_dirname_x26] +commonName = "x25 + +[nameConstraints_dirname_x27] +commonName = "x26 + +[nameConstraints_dirname_x28] +commonName = "x27 + +[nameConstraints_dirname_x29] +commonName = "x28 + +[nameConstraints_dirname_x30] +commonName = "x29 + +[nameConstraints_dirname_x31] +commonName = "x30 + +[nameConstraints_dirname_x32] +commonName = "x31 + +[nameConstraints_dirname_x33] +commonName = "x32 + +[nameConstraints_dirname_x34] +commonName = "x33 + +[nameConstraints_dirname_x35] +commonName = "x34 + +[nameConstraints_dirname_x36] +commonName = "x35 + +[nameConstraints_dirname_x37] +commonName = "x36 + +[nameConstraints_dirname_x38] +commonName = "x37 + +[nameConstraints_dirname_x39] +commonName = "x38 + +[nameConstraints_dirname_x40] +commonName = "x39 + +[nameConstraints_dirname_x41] +commonName = "x40 + +[nameConstraints_dirname_x42] +commonName = "x41 + +[nameConstraints_dirname_x43] +commonName = "x42 + +[nameConstraints_dirname_x44] +commonName = "x43 + +[nameConstraints_dirname_x45] +commonName = "x44 + +[nameConstraints_dirname_x46] +commonName = "x45 + +[nameConstraints_dirname_x47] +commonName = "x46 + +[nameConstraints_dirname_x48] +commonName = "x47 + +[nameConstraints_dirname_x49] +commonName = "x48 + +[nameConstraints_dirname_x50] +commonName = "x49 + +[nameConstraints_dirname_x51] +commonName = "x50 + +[nameConstraints_dirname_x52] +commonName = "x51 + +[nameConstraints_dirname_x53] +commonName = "x52 + +[nameConstraints_dirname_x54] +commonName = "x53 + +[nameConstraints_dirname_x55] +commonName = "x54 + +[nameConstraints_dirname_x56] +commonName = "x55 + +[nameConstraints_dirname_x57] +commonName = "x56 + +[nameConstraints_dirname_x58] +commonName = "x57 + +[nameConstraints_dirname_x59] +commonName = "x58 + +[nameConstraints_dirname_x60] +commonName = "x59 + +[nameConstraints_dirname_x61] +commonName = "x60 + +[nameConstraints_dirname_x62] +commonName = "x61 + +[nameConstraints_dirname_x63] +commonName = "x62 + +[nameConstraints_dirname_x64] +commonName = "x63 + +[nameConstraints_dirname_x65] +commonName = "x64 + +[nameConstraints_dirname_x66] +commonName = "x65 + +[nameConstraints_dirname_x67] +commonName = "x66 + +[nameConstraints_dirname_x68] +commonName = "x67 + +[nameConstraints_dirname_x69] +commonName = "x68 + +[nameConstraints_dirname_x70] +commonName = "x69 + +[nameConstraints_dirname_x71] +commonName = "x70 + +[nameConstraints_dirname_x72] +commonName = "x71 + +[nameConstraints_dirname_x73] +commonName = "x72 + +[nameConstraints_dirname_x74] +commonName = "x73 + +[nameConstraints_dirname_x75] +commonName = "x74 + +[nameConstraints_dirname_x76] +commonName = "x75 + +[nameConstraints_dirname_x77] +commonName = "x76 + +[nameConstraints_dirname_x78] +commonName = "x77 + +[nameConstraints_dirname_x79] +commonName = "x78 + +[nameConstraints_dirname_x80] +commonName = "x79 + +[nameConstraints_dirname_x81] +commonName = "x80 + +[nameConstraints_dirname_x82] +commonName = "x81 + +[nameConstraints_dirname_x83] +commonName = "x82 + +[nameConstraints_dirname_x84] +commonName = "x83 + +[nameConstraints_dirname_x85] +commonName = "x84 + +[nameConstraints_dirname_x86] +commonName = "x85 + +[nameConstraints_dirname_x87] +commonName = "x86 + +[nameConstraints_dirname_x88] +commonName = "x87 + +[nameConstraints_dirname_x89] +commonName = "x88 + +[nameConstraints_dirname_x90] +commonName = "x89 + +[nameConstraints_dirname_x91] +commonName = "x90 + +[nameConstraints_dirname_x92] +commonName = "x91 + +[nameConstraints_dirname_x93] +commonName = "x92 + +[nameConstraints_dirname_x94] +commonName = "x93 + +[nameConstraints_dirname_x95] +commonName = "x94 + +[nameConstraints_dirname_x96] +commonName = "x95 + +[nameConstraints_dirname_x97] +commonName = "x96 + +[nameConstraints_dirname_x98] +commonName = "x97 + +[nameConstraints_dirname_x99] +commonName = "x98 + +[nameConstraints_dirname_x100] +commonName = "x99 + +[nameConstraints_dirname_x101] +commonName = "x100 + +[nameConstraints_dirname_x102] +commonName = "x101 + +[nameConstraints_dirname_x103] +commonName = "x102 + +[nameConstraints_dirname_x104] +commonName = "x103 + +[nameConstraints_dirname_x105] +commonName = "x104 + +[nameConstraints_dirname_x106] +commonName = "x105 + +[nameConstraints_dirname_x107] +commonName = "x106 + +[nameConstraints_dirname_x108] +commonName = "x107 + +[nameConstraints_dirname_x109] +commonName = "x108 + +[nameConstraints_dirname_x110] +commonName = "x109 + +[nameConstraints_dirname_x111] +commonName = "x110 + +[nameConstraints_dirname_x112] +commonName = "x111 + +[nameConstraints_dirname_x113] +commonName = "x112 + +[nameConstraints_dirname_x114] +commonName = "x113 + +[nameConstraints_dirname_x115] +commonName = "x114 + +[nameConstraints_dirname_x116] +commonName = "x115 + +[nameConstraints_dirname_x117] +commonName = "x116 + +[nameConstraints_dirname_x118] +commonName = "x117 + +[nameConstraints_dirname_x119] +commonName = "x118 + +[nameConstraints_dirname_x120] +commonName = "x119 + +[nameConstraints_dirname_x121] +commonName = "x120 + +[nameConstraints_dirname_x122] +commonName = "x121 + +[nameConstraints_dirname_x123] +commonName = "x122 + +[nameConstraints_dirname_x124] +commonName = "x123 + +[nameConstraints_dirname_x125] +commonName = "x124 + +[nameConstraints_dirname_x126] +commonName = "x125 + +[nameConstraints_dirname_x127] +commonName = "x126 + +[nameConstraints_dirname_x128] +commonName = "x127 + +[nameConstraints_dirname_x129] +commonName = "x128 + +[nameConstraints_dirname_x130] +commonName = "x129 + +[nameConstraints_dirname_x131] +commonName = "x130 + +[nameConstraints_dirname_x132] +commonName = "x131 + +[nameConstraints_dirname_x133] +commonName = "x132 + +[nameConstraints_dirname_x134] +commonName = "x133 + +[nameConstraints_dirname_x135] +commonName = "x134 + +[nameConstraints_dirname_x136] +commonName = "x135 + +[nameConstraints_dirname_x137] +commonName = "x136 + +[nameConstraints_dirname_x138] +commonName = "x137 + +[nameConstraints_dirname_x139] +commonName = "x138 + +[nameConstraints_dirname_x140] +commonName = "x139 + +[nameConstraints_dirname_x141] +commonName = "x140 + +[nameConstraints_dirname_x142] +commonName = "x141 + +[nameConstraints_dirname_x143] +commonName = "x142 + +[nameConstraints_dirname_x144] +commonName = "x143 + +[nameConstraints_dirname_x145] +commonName = "x144 + +[nameConstraints_dirname_x146] +commonName = "x145 + +[nameConstraints_dirname_x147] +commonName = "x146 + +[nameConstraints_dirname_x148] +commonName = "x147 + +[nameConstraints_dirname_x149] +commonName = "x148 + +[nameConstraints_dirname_x150] +commonName = "x149 + +[nameConstraints_dirname_x151] +commonName = "x150 + +[nameConstraints_dirname_x152] +commonName = "x151 + +[nameConstraints_dirname_x153] +commonName = "x152 + +[nameConstraints_dirname_x154] +commonName = "x153 + +[nameConstraints_dirname_x155] +commonName = "x154 + +[nameConstraints_dirname_x156] +commonName = "x155 + +[nameConstraints_dirname_x157] +commonName = "x156 + +[nameConstraints_dirname_x158] +commonName = "x157 + +[nameConstraints_dirname_x159] +commonName = "x158 + +[nameConstraints_dirname_x160] +commonName = "x159 + +[nameConstraints_dirname_x161] +commonName = "x160 + +[nameConstraints_dirname_x162] +commonName = "x161 + +[nameConstraints_dirname_x163] +commonName = "x162 + +[nameConstraints_dirname_x164] +commonName = "x163 + +[nameConstraints_dirname_x165] +commonName = "x164 + +[nameConstraints_dirname_x166] +commonName = "x165 + +[nameConstraints_dirname_x167] +commonName = "x166 + +[nameConstraints_dirname_x168] +commonName = "x167 + +[nameConstraints_dirname_x169] +commonName = "x168 + +[nameConstraints_dirname_x170] +commonName = "x169 + +[nameConstraints_dirname_x171] +commonName = "x170 + +[nameConstraints_dirname_x172] +commonName = "x171 + +[nameConstraints_dirname_x173] +commonName = "x172 + +[nameConstraints_dirname_x174] +commonName = "x173 + +[nameConstraints_dirname_x175] +commonName = "x174 + +[nameConstraints_dirname_x176] +commonName = "x175 + +[nameConstraints_dirname_x177] +commonName = "x176 + +[nameConstraints_dirname_x178] +commonName = "x177 + +[nameConstraints_dirname_x179] +commonName = "x178 + +[nameConstraints_dirname_x180] +commonName = "x179 + +[nameConstraints_dirname_x181] +commonName = "x180 + +[nameConstraints_dirname_x182] +commonName = "x181 + +[nameConstraints_dirname_x183] +commonName = "x182 + +[nameConstraints_dirname_x184] +commonName = "x183 + +[nameConstraints_dirname_x185] +commonName = "x184 + +[nameConstraints_dirname_x186] +commonName = "x185 + +[nameConstraints_dirname_x187] +commonName = "x186 + +[nameConstraints_dirname_x188] +commonName = "x187 + +[nameConstraints_dirname_x189] +commonName = "x188 + +[nameConstraints_dirname_x190] +commonName = "x189 + +[nameConstraints_dirname_x191] +commonName = "x190 + +[nameConstraints_dirname_x192] +commonName = "x191 + +[nameConstraints_dirname_x193] +commonName = "x192 + +[nameConstraints_dirname_x194] +commonName = "x193 + +[nameConstraints_dirname_x195] +commonName = "x194 + +[nameConstraints_dirname_x196] +commonName = "x195 + +[nameConstraints_dirname_x197] +commonName = "x196 + +[nameConstraints_dirname_x198] +commonName = "x197 + +[nameConstraints_dirname_x199] +commonName = "x198 + +[nameConstraints_dirname_x200] +commonName = "x199 + +[nameConstraints_dirname_x201] +commonName = "x200 + +[nameConstraints_dirname_x202] +commonName = "x201 + +[nameConstraints_dirname_x203] +commonName = "x202 + +[nameConstraints_dirname_x204] +commonName = "x203 + +[nameConstraints_dirname_x205] +commonName = "x204 + +[nameConstraints_dirname_x206] +commonName = "x205 + +[nameConstraints_dirname_x207] +commonName = "x206 + +[nameConstraints_dirname_x208] +commonName = "x207 + +[nameConstraints_dirname_x209] +commonName = "x208 + +[nameConstraints_dirname_x210] +commonName = "x209 + +[nameConstraints_dirname_x211] +commonName = "x210 + +[nameConstraints_dirname_x212] +commonName = "x211 + +[nameConstraints_dirname_x213] +commonName = "x212 + +[nameConstraints_dirname_x214] +commonName = "x213 + +[nameConstraints_dirname_x215] +commonName = "x214 + +[nameConstraints_dirname_x216] +commonName = "x215 + +[nameConstraints_dirname_x217] +commonName = "x216 + +[nameConstraints_dirname_x218] +commonName = "x217 + +[nameConstraints_dirname_x219] +commonName = "x218 + +[nameConstraints_dirname_x220] +commonName = "x219 + +[nameConstraints_dirname_x221] +commonName = "x220 + +[nameConstraints_dirname_x222] +commonName = "x221 + +[nameConstraints_dirname_x223] +commonName = "x222 + +[nameConstraints_dirname_x224] +commonName = "x223 + +[nameConstraints_dirname_x225] +commonName = "x224 + +[nameConstraints_dirname_x226] +commonName = "x225 + +[nameConstraints_dirname_x227] +commonName = "x226 + +[nameConstraints_dirname_x228] +commonName = "x227 + +[nameConstraints_dirname_x229] +commonName = "x228 + +[nameConstraints_dirname_x230] +commonName = "x229 + +[nameConstraints_dirname_x231] +commonName = "x230 + +[nameConstraints_dirname_x232] +commonName = "x231 + +[nameConstraints_dirname_x233] +commonName = "x232 + +[nameConstraints_dirname_x234] +commonName = "x233 + +[nameConstraints_dirname_x235] +commonName = "x234 + +[nameConstraints_dirname_x236] +commonName = "x235 + +[nameConstraints_dirname_x237] +commonName = "x236 + +[nameConstraints_dirname_x238] +commonName = "x237 + +[nameConstraints_dirname_x239] +commonName = "x238 + +[nameConstraints_dirname_x240] +commonName = "x239 + +[nameConstraints_dirname_x241] +commonName = "x240 + +[nameConstraints_dirname_x242] +commonName = "x241 + +[nameConstraints_dirname_x243] +commonName = "x242 + +[nameConstraints_dirname_x244] +commonName = "x243 + +[nameConstraints_dirname_x245] +commonName = "x244 + +[nameConstraints_dirname_x246] +commonName = "x245 + +[nameConstraints_dirname_x247] +commonName = "x246 + +[nameConstraints_dirname_x248] +commonName = "x247 + +[nameConstraints_dirname_x249] +commonName = "x248 + +[nameConstraints_dirname_x250] +commonName = "x249 + +[nameConstraints_dirname_x251] +commonName = "x250 + +[nameConstraints_dirname_x252] +commonName = "x251 + +[nameConstraints_dirname_x253] +commonName = "x252 + +[nameConstraints_dirname_x254] +commonName = "x253 + +[nameConstraints_dirname_x255] +commonName = "x254 + +[nameConstraints_dirname_x256] +commonName = "x255 + +[nameConstraints_dirname_x257] +commonName = "x256 + +[nameConstraints_dirname_x258] +commonName = "x257 + +[nameConstraints_dirname_x259] +commonName = "x258 + +[nameConstraints_dirname_x260] +commonName = "x259 + +[nameConstraints_dirname_x261] +commonName = "x260 + +[nameConstraints_dirname_x262] +commonName = "x261 + +[nameConstraints_dirname_x263] +commonName = "x262 + +[nameConstraints_dirname_x264] +commonName = "x263 + +[nameConstraints_dirname_x265] +commonName = "x264 + +[nameConstraints_dirname_x266] +commonName = "x265 + +[nameConstraints_dirname_x267] +commonName = "x266 + +[nameConstraints_dirname_x268] +commonName = "x267 + +[nameConstraints_dirname_x269] +commonName = "x268 + +[nameConstraints_dirname_x270] +commonName = "x269 + +[nameConstraints_dirname_x271] +commonName = "x270 + +[nameConstraints_dirname_x272] +commonName = "x271 + +[nameConstraints_dirname_x273] +commonName = "x272 + +[nameConstraints_dirname_x274] +commonName = "x273 + +[nameConstraints_dirname_x275] +commonName = "x274 + +[nameConstraints_dirname_x276] +commonName = "x275 + +[nameConstraints_dirname_x277] +commonName = "x276 + +[nameConstraints_dirname_x278] +commonName = "x277 + +[nameConstraints_dirname_x279] +commonName = "x278 + +[nameConstraints_dirname_x280] +commonName = "x279 + +[nameConstraints_dirname_x281] +commonName = "x280 + +[nameConstraints_dirname_x282] +commonName = "x281 + +[nameConstraints_dirname_x283] +commonName = "x282 + +[nameConstraints_dirname_x284] +commonName = "x283 + +[nameConstraints_dirname_x285] +commonName = "x284 + +[nameConstraints_dirname_x286] +commonName = "x285 + +[nameConstraints_dirname_x287] +commonName = "x286 + +[nameConstraints_dirname_x288] +commonName = "x287 + +[nameConstraints_dirname_x289] +commonName = "x288 + +[nameConstraints_dirname_x290] +commonName = "x289 + +[nameConstraints_dirname_x291] +commonName = "x290 + +[nameConstraints_dirname_x292] +commonName = "x291 + +[nameConstraints_dirname_x293] +commonName = "x292 + +[nameConstraints_dirname_x294] +commonName = "x293 + +[nameConstraints_dirname_x295] +commonName = "x294 + +[nameConstraints_dirname_x296] +commonName = "x295 + +[nameConstraints_dirname_x297] +commonName = "x296 + +[nameConstraints_dirname_x298] +commonName = "x297 + +[nameConstraints_dirname_x299] +commonName = "x298 + +[nameConstraints_dirname_x300] +commonName = "x299 + +[nameConstraints_dirname_x301] +commonName = "x300 + +[nameConstraints_dirname_x302] +commonName = "x301 + +[nameConstraints_dirname_x303] +commonName = "x302 + +[nameConstraints_dirname_x304] +commonName = "x303 + +[nameConstraints_dirname_x305] +commonName = "x304 + +[nameConstraints_dirname_x306] +commonName = "x305 + +[nameConstraints_dirname_x307] +commonName = "x306 + +[nameConstraints_dirname_x308] +commonName = "x307 + +[nameConstraints_dirname_x309] +commonName = "x308 + +[nameConstraints_dirname_x310] +commonName = "x309 + +[nameConstraints_dirname_x311] +commonName = "x310 + +[nameConstraints_dirname_x312] +commonName = "x311 + +[nameConstraints_dirname_x313] +commonName = "x312 + +[nameConstraints_dirname_x314] +commonName = "x313 + +[nameConstraints_dirname_x315] +commonName = "x314 + +[nameConstraints_dirname_x316] +commonName = "x315 + +[nameConstraints_dirname_x317] +commonName = "x316 + +[nameConstraints_dirname_x318] +commonName = "x317 + +[nameConstraints_dirname_x319] +commonName = "x318 + +[nameConstraints_dirname_x320] +commonName = "x319 + +[nameConstraints_dirname_x321] +commonName = "x320 + +[nameConstraints_dirname_x322] +commonName = "x321 + +[nameConstraints_dirname_x323] +commonName = "x322 + +[nameConstraints_dirname_x324] +commonName = "x323 + +[nameConstraints_dirname_x325] +commonName = "x324 + +[nameConstraints_dirname_x326] +commonName = "x325 + +[nameConstraints_dirname_x327] +commonName = "x326 + +[nameConstraints_dirname_x328] +commonName = "x327 + +[nameConstraints_dirname_x329] +commonName = "x328 + +[nameConstraints_dirname_x330] +commonName = "x329 + +[nameConstraints_dirname_x331] +commonName = "x330 + +[nameConstraints_dirname_x332] +commonName = "x331 + +[nameConstraints_dirname_x333] +commonName = "x332 + +[nameConstraints_dirname_x334] +commonName = "x333 + +[nameConstraints_dirname_x335] +commonName = "x334 + +[nameConstraints_dirname_x336] +commonName = "x335 + +[nameConstraints_dirname_x337] +commonName = "x336 + +[nameConstraints_dirname_x338] +commonName = "x337 + +[nameConstraints_dirname_x339] +commonName = "x338 + +[nameConstraints_dirname_x340] +commonName = "x339 + +[nameConstraints_dirname_x341] +commonName = "x340 + +[nameConstraints_dirname_x342] +commonName = "x341 + +[nameConstraints_dirname_x343] +commonName = "x342 + +[nameConstraints_dirname_x344] +commonName = "x343 + +[nameConstraints_dirname_x345] +commonName = "x344 + +[nameConstraints_dirname_x346] +commonName = "x345 + +[nameConstraints_dirname_x347] +commonName = "x346 + +[nameConstraints_dirname_x348] +commonName = "x347 + +[nameConstraints_dirname_x349] +commonName = "x348 + +[nameConstraints_dirname_x350] +commonName = "x349 + +[nameConstraints_dirname_x351] +commonName = "x350 + +[nameConstraints_dirname_x352] +commonName = "x351 + +[nameConstraints_dirname_x353] +commonName = "x352 + +[nameConstraints_dirname_x354] +commonName = "x353 + +[nameConstraints_dirname_x355] +commonName = "x354 + +[nameConstraints_dirname_x356] +commonName = "x355 + +[nameConstraints_dirname_x357] +commonName = "x356 + +[nameConstraints_dirname_x358] +commonName = "x357 + +[nameConstraints_dirname_x359] +commonName = "x358 + +[nameConstraints_dirname_x360] +commonName = "x359 + +[nameConstraints_dirname_x361] +commonName = "x360 + +[nameConstraints_dirname_x362] +commonName = "x361 + +[nameConstraints_dirname_x363] +commonName = "x362 + +[nameConstraints_dirname_x364] +commonName = "x363 + +[nameConstraints_dirname_x365] +commonName = "x364 + +[nameConstraints_dirname_x366] +commonName = "x365 + +[nameConstraints_dirname_x367] +commonName = "x366 + +[nameConstraints_dirname_x368] +commonName = "x367 + +[nameConstraints_dirname_x369] +commonName = "x368 + +[nameConstraints_dirname_x370] +commonName = "x369 + +[nameConstraints_dirname_x371] +commonName = "x370 + +[nameConstraints_dirname_x372] +commonName = "x371 + +[nameConstraints_dirname_x373] +commonName = "x372 + +[nameConstraints_dirname_x374] +commonName = "x373 + +[nameConstraints_dirname_x375] +commonName = "x374 + +[nameConstraints_dirname_x376] +commonName = "x375 + +[nameConstraints_dirname_x377] +commonName = "x376 + +[nameConstraints_dirname_x378] +commonName = "x377 + +[nameConstraints_dirname_x379] +commonName = "x378 + +[nameConstraints_dirname_x380] +commonName = "x379 + +[nameConstraints_dirname_x381] +commonName = "x380 + +[nameConstraints_dirname_x382] +commonName = "x381 + +[nameConstraints_dirname_x383] +commonName = "x382 + +[nameConstraints_dirname_x384] +commonName = "x383 + +[nameConstraints_dirname_x385] +commonName = "x384 + +[nameConstraints_dirname_x386] +commonName = "x385 + +[nameConstraints_dirname_x387] +commonName = "x386 + +[nameConstraints_dirname_x388] +commonName = "x387 + +[nameConstraints_dirname_x389] +commonName = "x388 + +[nameConstraints_dirname_x390] +commonName = "x389 + +[nameConstraints_dirname_x391] +commonName = "x390 + +[nameConstraints_dirname_x392] +commonName = "x391 + +[nameConstraints_dirname_x393] +commonName = "x392 + +[nameConstraints_dirname_x394] +commonName = "x393 + +[nameConstraints_dirname_x395] +commonName = "x394 + +[nameConstraints_dirname_x396] +commonName = "x395 + +[nameConstraints_dirname_x397] +commonName = "x396 + +[nameConstraints_dirname_x398] +commonName = "x397 + +[nameConstraints_dirname_x399] +commonName = "x398 + +[nameConstraints_dirname_x400] +commonName = "x399 + +[nameConstraints_dirname_x401] +commonName = "x400 + +[nameConstraints_dirname_x402] +commonName = "x401 + +[nameConstraints_dirname_x403] +commonName = "x402 + +[nameConstraints_dirname_x404] +commonName = "x403 + +[nameConstraints_dirname_x405] +commonName = "x404 + +[nameConstraints_dirname_x406] +commonName = "x405 + +[nameConstraints_dirname_x407] +commonName = "x406 + +[nameConstraints_dirname_x408] +commonName = "x407 + +[nameConstraints_dirname_x409] +commonName = "x408 + +[nameConstraints_dirname_x410] +commonName = "x409 + +[nameConstraints_dirname_x411] +commonName = "x410 + +[nameConstraints_dirname_x412] +commonName = "x411 + +[nameConstraints_dirname_x413] +commonName = "x412 + +[nameConstraints_dirname_x414] +commonName = "x413 + +[nameConstraints_dirname_x415] +commonName = "x414 + +[nameConstraints_dirname_x416] +commonName = "x415 + +[nameConstraints_dirname_x417] +commonName = "x416 + +[nameConstraints_dirname_x418] +commonName = "x417 + +[nameConstraints_dirname_x419] +commonName = "x418 + +[nameConstraints_dirname_x420] +commonName = "x419 + +[nameConstraints_dirname_x421] +commonName = "x420 + +[nameConstraints_dirname_x422] +commonName = "x421 + +[nameConstraints_dirname_x423] +commonName = "x422 + +[nameConstraints_dirname_x424] +commonName = "x423 + +[nameConstraints_dirname_x425] +commonName = "x424 + +[nameConstraints_dirname_x426] +commonName = "x425 + +[nameConstraints_dirname_x427] +commonName = "x426 + +[nameConstraints_dirname_x428] +commonName = "x427 + +[nameConstraints_dirname_x429] +commonName = "x428 + +[nameConstraints_dirname_x430] +commonName = "x429 + +[nameConstraints_dirname_x431] +commonName = "x430 + +[nameConstraints_dirname_x432] +commonName = "x431 + +[nameConstraints_dirname_x433] +commonName = "x432 + +[nameConstraints_dirname_x434] +commonName = "x433 + +[nameConstraints_dirname_x435] +commonName = "x434 + +[nameConstraints_dirname_x436] +commonName = "x435 + +[nameConstraints_dirname_x437] +commonName = "x436 + +[nameConstraints_dirname_x438] +commonName = "x437 + +[nameConstraints_dirname_x439] +commonName = "x438 + +[nameConstraints_dirname_x440] +commonName = "x439 + +[nameConstraints_dirname_x441] +commonName = "x440 + +[nameConstraints_dirname_x442] +commonName = "x441 + +[nameConstraints_dirname_x443] +commonName = "x442 + +[nameConstraints_dirname_x444] +commonName = "x443 + +[nameConstraints_dirname_x445] +commonName = "x444 + +[nameConstraints_dirname_x446] +commonName = "x445 + +[nameConstraints_dirname_x447] +commonName = "x446 + +[nameConstraints_dirname_x448] +commonName = "x447 + +[nameConstraints_dirname_x449] +commonName = "x448 + +[nameConstraints_dirname_x450] +commonName = "x449 + +[nameConstraints_dirname_x451] +commonName = "x450 + +[nameConstraints_dirname_x452] +commonName = "x451 + +[nameConstraints_dirname_x453] +commonName = "x452 + +[nameConstraints_dirname_x454] +commonName = "x453 + +[nameConstraints_dirname_x455] +commonName = "x454 + +[nameConstraints_dirname_x456] +commonName = "x455 + +[nameConstraints_dirname_x457] +commonName = "x456 + +[nameConstraints_dirname_x458] +commonName = "x457 + +[nameConstraints_dirname_x459] +commonName = "x458 + +[nameConstraints_dirname_x460] +commonName = "x459 + +[nameConstraints_dirname_x461] +commonName = "x460 + +[nameConstraints_dirname_x462] +commonName = "x461 + +[nameConstraints_dirname_x463] +commonName = "x462 + +[nameConstraints_dirname_x464] +commonName = "x463 + +[nameConstraints_dirname_x465] +commonName = "x464 + +[nameConstraints_dirname_x466] +commonName = "x465 + +[nameConstraints_dirname_x467] +commonName = "x466 + +[nameConstraints_dirname_x468] +commonName = "x467 + +[nameConstraints_dirname_x469] +commonName = "x468 + +[nameConstraints_dirname_x470] +commonName = "x469 + +[nameConstraints_dirname_x471] +commonName = "x470 + +[nameConstraints_dirname_x472] +commonName = "x471 + +[nameConstraints_dirname_x473] +commonName = "x472 + +[nameConstraints_dirname_x474] +commonName = "x473 + +[nameConstraints_dirname_x475] +commonName = "x474 + +[nameConstraints_dirname_x476] +commonName = "x475 + +[nameConstraints_dirname_x477] +commonName = "x476 + +[nameConstraints_dirname_x478] +commonName = "x477 + +[nameConstraints_dirname_x479] +commonName = "x478 + +[nameConstraints_dirname_x480] +commonName = "x479 + +[nameConstraints_dirname_x481] +commonName = "x480 + +[nameConstraints_dirname_x482] +commonName = "x481 + +[nameConstraints_dirname_x483] +commonName = "x482 + +[nameConstraints_dirname_x484] +commonName = "x483 + +[nameConstraints_dirname_x485] +commonName = "x484 + +[nameConstraints_dirname_x486] +commonName = "x485 + +[nameConstraints_dirname_x487] +commonName = "x486 + +[nameConstraints_dirname_x488] +commonName = "x487 + +[nameConstraints_dirname_x489] +commonName = "x488 + +[nameConstraints_dirname_x490] +commonName = "x489 + +[nameConstraints_dirname_x491] +commonName = "x490 + +[nameConstraints_dirname_x492] +commonName = "x491 + +[nameConstraints_dirname_x493] +commonName = "x492 + +[nameConstraints_dirname_x494] +commonName = "x493 + +[nameConstraints_dirname_x495] +commonName = "x494 + +[nameConstraints_dirname_x496] +commonName = "x495 + +[nameConstraints_dirname_x497] +commonName = "x496 + +[nameConstraints_dirname_x498] +commonName = "x497 + +[nameConstraints_dirname_x499] +commonName = "x498 + +[nameConstraints_dirname_x500] +commonName = "x499 + +[nameConstraints_dirname_x501] +commonName = "x500 + +[nameConstraints_dirname_x502] +commonName = "x501 + +[nameConstraints_dirname_x503] +commonName = "x502 + +[nameConstraints_dirname_x504] +commonName = "x503 + +[nameConstraints_dirname_x505] +commonName = "x504 + +[nameConstraints_dirname_x506] +commonName = "x505 + +[nameConstraints_dirname_x507] +commonName = "x506 + +[nameConstraints_dirname_x508] +commonName = "x507 + +[nameConstraints_dirname_x509] +commonName = "x508 + +[nameConstraints_dirname_x510] +commonName = "x509 + +[nameConstraints_dirname_x511] +commonName = "x510 + +[nameConstraints_dirname_x512] +commonName = "x511 + +[nameConstraints_dirname_x513] +commonName = "x512 + +[nameConstraints_dirname_x514] +commonName = "x513 + +[nameConstraints_dirname_x515] +commonName = "x514 + +[nameConstraints_dirname_x516] +commonName = "x515 + +[nameConstraints_dirname_x517] +commonName = "x516 + +[nameConstraints_dirname_x518] +commonName = "x517 + +[nameConstraints_dirname_x519] +commonName = "x518 + +[nameConstraints_dirname_x520] +commonName = "x519 + +[nameConstraints_dirname_x521] +commonName = "x520 + +[nameConstraints_dirname_x522] +commonName = "x521 + +[nameConstraints_dirname_x523] +commonName = "x522 + +[nameConstraints_dirname_x524] +commonName = "x523 + +[nameConstraints_dirname_x525] +commonName = "x524 + +[nameConstraints_dirname_x526] +commonName = "x525 + +[nameConstraints_dirname_x527] +commonName = "x526 + +[nameConstraints_dirname_x528] +commonName = "x527 + +[nameConstraints_dirname_x529] +commonName = "x528 + +[nameConstraints_dirname_x530] +commonName = "x529 + +[nameConstraints_dirname_x531] +commonName = "x530 + +[nameConstraints_dirname_x532] +commonName = "x531 + +[nameConstraints_dirname_x533] +commonName = "x532 + +[nameConstraints_dirname_x534] +commonName = "x533 + +[nameConstraints_dirname_x535] +commonName = "x534 + +[nameConstraints_dirname_x536] +commonName = "x535 + +[nameConstraints_dirname_x537] +commonName = "x536 + +[nameConstraints_dirname_x538] +commonName = "x537 + +[nameConstraints_dirname_x539] +commonName = "x538 + +[nameConstraints_dirname_x540] +commonName = "x539 + +[nameConstraints_dirname_x541] +commonName = "x540 + +[nameConstraints_dirname_x542] +commonName = "x541 + +[nameConstraints_dirname_x543] +commonName = "x542 + +[nameConstraints_dirname_x544] +commonName = "x543 + +[nameConstraints_dirname_x545] +commonName = "x544 + +[nameConstraints_dirname_x546] +commonName = "x545 + +[nameConstraints_dirname_x547] +commonName = "x546 + +[nameConstraints_dirname_x548] +commonName = "x547 + +[nameConstraints_dirname_x549] +commonName = "x548 + +[nameConstraints_dirname_x550] +commonName = "x549 + +[nameConstraints_dirname_x551] +commonName = "x550 + +[nameConstraints_dirname_x552] +commonName = "x551 + +[nameConstraints_dirname_x553] +commonName = "x552 + +[nameConstraints_dirname_x554] +commonName = "x553 + +[nameConstraints_dirname_x555] +commonName = "x554 + +[nameConstraints_dirname_x556] +commonName = "x555 + +[nameConstraints_dirname_x557] +commonName = "x556 + +[nameConstraints_dirname_x558] +commonName = "x557 + +[nameConstraints_dirname_x559] +commonName = "x558 + +[nameConstraints_dirname_x560] +commonName = "x559 + +[nameConstraints_dirname_x561] +commonName = "x560 + +[nameConstraints_dirname_x562] +commonName = "x561 + +[nameConstraints_dirname_x563] +commonName = "x562 + +[nameConstraints_dirname_x564] +commonName = "x563 + +[nameConstraints_dirname_x565] +commonName = "x564 + +[nameConstraints_dirname_x566] +commonName = "x565 + +[nameConstraints_dirname_x567] +commonName = "x566 + +[nameConstraints_dirname_x568] +commonName = "x567 + +[nameConstraints_dirname_x569] +commonName = "x568 + +[nameConstraints_dirname_x570] +commonName = "x569 + +[nameConstraints_dirname_x571] +commonName = "x570 + +[nameConstraints_dirname_x572] +commonName = "x571 + +[nameConstraints_dirname_x573] +commonName = "x572 + +[nameConstraints_dirname_x574] +commonName = "x573 + +[nameConstraints_dirname_x575] +commonName = "x574 + +[nameConstraints_dirname_x576] +commonName = "x575 + +[nameConstraints_dirname_x577] +commonName = "x576 + +[nameConstraints_dirname_x578] +commonName = "x577 + +[nameConstraints_dirname_x579] +commonName = "x578 + +[nameConstraints_dirname_x580] +commonName = "x579 + +[nameConstraints_dirname_x581] +commonName = "x580 + +[nameConstraints_dirname_x582] +commonName = "x581 + +[nameConstraints_dirname_x583] +commonName = "x582 + +[nameConstraints_dirname_x584] +commonName = "x583 + +[nameConstraints_dirname_x585] +commonName = "x584 + +[nameConstraints_dirname_x586] +commonName = "x585 + +[nameConstraints_dirname_x587] +commonName = "x586 + +[nameConstraints_dirname_x588] +commonName = "x587 + +[nameConstraints_dirname_x589] +commonName = "x588 + +[nameConstraints_dirname_x590] +commonName = "x589 + +[nameConstraints_dirname_x591] +commonName = "x590 + +[nameConstraints_dirname_x592] +commonName = "x591 + +[nameConstraints_dirname_x593] +commonName = "x592 + +[nameConstraints_dirname_x594] +commonName = "x593 + +[nameConstraints_dirname_x595] +commonName = "x594 + +[nameConstraints_dirname_x596] +commonName = "x595 + +[nameConstraints_dirname_x597] +commonName = "x596 + +[nameConstraints_dirname_x598] +commonName = "x597 + +[nameConstraints_dirname_x599] +commonName = "x598 + +[nameConstraints_dirname_x600] +commonName = "x599 + +[nameConstraints_dirname_x601] +commonName = "x600 + +[nameConstraints_dirname_x602] +commonName = "x601 + +[nameConstraints_dirname_x603] +commonName = "x602 + +[nameConstraints_dirname_x604] +commonName = "x603 + +[nameConstraints_dirname_x605] +commonName = "x604 + +[nameConstraints_dirname_x606] +commonName = "x605 + +[nameConstraints_dirname_x607] +commonName = "x606 + +[nameConstraints_dirname_x608] +commonName = "x607 + +[nameConstraints_dirname_x609] +commonName = "x608 + +[nameConstraints_dirname_x610] +commonName = "x609 + +[nameConstraints_dirname_x611] +commonName = "x610 + +[nameConstraints_dirname_x612] +commonName = "x611 + +[nameConstraints_dirname_x613] +commonName = "x612 + +[nameConstraints_dirname_x614] +commonName = "x613 + +[nameConstraints_dirname_x615] +commonName = "x614 + +[nameConstraints_dirname_x616] +commonName = "x615 + +[nameConstraints_dirname_x617] +commonName = "x616 + +[nameConstraints_dirname_x618] +commonName = "x617 + +[nameConstraints_dirname_x619] +commonName = "x618 + +[nameConstraints_dirname_x620] +commonName = "x619 + +[nameConstraints_dirname_x621] +commonName = "x620 + +[nameConstraints_dirname_x622] +commonName = "x621 + +[nameConstraints_dirname_x623] +commonName = "x622 + +[nameConstraints_dirname_x624] +commonName = "x623 + +[nameConstraints_dirname_x625] +commonName = "x624 + +[nameConstraints_dirname_x626] +commonName = "x625 + +[nameConstraints_dirname_x627] +commonName = "x626 + +[nameConstraints_dirname_x628] +commonName = "x627 + +[nameConstraints_dirname_x629] +commonName = "x628 + +[nameConstraints_dirname_x630] +commonName = "x629 + +[nameConstraints_dirname_x631] +commonName = "x630 + +[nameConstraints_dirname_x632] +commonName = "x631 + +[nameConstraints_dirname_x633] +commonName = "x632 + +[nameConstraints_dirname_x634] +commonName = "x633 + +[nameConstraints_dirname_x635] +commonName = "x634 + +[nameConstraints_dirname_x636] +commonName = "x635 + +[nameConstraints_dirname_x637] +commonName = "x636 + +[nameConstraints_dirname_x638] +commonName = "x637 + +[nameConstraints_dirname_x639] +commonName = "x638 + +[nameConstraints_dirname_x640] +commonName = "x639 + +[nameConstraints_dirname_x641] +commonName = "x640 + +[nameConstraints_dirname_x642] +commonName = "x641 + +[nameConstraints_dirname_x643] +commonName = "x642 + +[nameConstraints_dirname_x644] +commonName = "x643 + +[nameConstraints_dirname_x645] +commonName = "x644 + +[nameConstraints_dirname_x646] +commonName = "x645 + +[nameConstraints_dirname_x647] +commonName = "x646 + +[nameConstraints_dirname_x648] +commonName = "x647 + +[nameConstraints_dirname_x649] +commonName = "x648 + +[nameConstraints_dirname_x650] +commonName = "x649 + +[nameConstraints_dirname_x651] +commonName = "x650 + +[nameConstraints_dirname_x652] +commonName = "x651 + +[nameConstraints_dirname_x653] +commonName = "x652 + +[nameConstraints_dirname_x654] +commonName = "x653 + +[nameConstraints_dirname_x655] +commonName = "x654 + +[nameConstraints_dirname_x656] +commonName = "x655 + +[nameConstraints_dirname_x657] +commonName = "x656 + +[nameConstraints_dirname_x658] +commonName = "x657 + +[nameConstraints_dirname_x659] +commonName = "x658 + +[nameConstraints_dirname_x660] +commonName = "x659 + +[nameConstraints_dirname_x661] +commonName = "x660 + +[nameConstraints_dirname_x662] +commonName = "x661 + +[nameConstraints_dirname_x663] +commonName = "x662 + +[nameConstraints_dirname_x664] +commonName = "x663 + +[nameConstraints_dirname_x665] +commonName = "x664 + +[nameConstraints_dirname_x666] +commonName = "x665 + +[nameConstraints_dirname_x667] +commonName = "x666 + +[nameConstraints_dirname_x668] +commonName = "x667 + +[nameConstraints_dirname_x669] +commonName = "x668 + +[nameConstraints_dirname_x670] +commonName = "x669 + +[nameConstraints_dirname_x671] +commonName = "x670 + +[nameConstraints_dirname_x672] +commonName = "x671 + +[nameConstraints_dirname_x673] +commonName = "x672 + +[nameConstraints_dirname_x674] +commonName = "x673 + +[nameConstraints_dirname_x675] +commonName = "x674 + +[nameConstraints_dirname_x676] +commonName = "x675 + +[nameConstraints_dirname_x677] +commonName = "x676 + +[nameConstraints_dirname_x678] +commonName = "x677 + +[nameConstraints_dirname_x679] +commonName = "x678 + +[nameConstraints_dirname_x680] +commonName = "x679 + +[nameConstraints_dirname_x681] +commonName = "x680 + +[nameConstraints_dirname_x682] +commonName = "x681 + +[nameConstraints_dirname_x683] +commonName = "x682 + +[nameConstraints_dirname_x684] +commonName = "x683 + +[nameConstraints_dirname_x685] +commonName = "x684 + +[nameConstraints_dirname_x686] +commonName = "x685 + +[nameConstraints_dirname_x687] +commonName = "x686 + +[nameConstraints_dirname_x688] +commonName = "x687 + +[nameConstraints_dirname_x689] +commonName = "x688 + +[nameConstraints_dirname_x690] +commonName = "x689 + +[nameConstraints_dirname_x691] +commonName = "x690 + +[nameConstraints_dirname_x692] +commonName = "x691 + +[nameConstraints_dirname_x693] +commonName = "x692 + +[nameConstraints_dirname_x694] +commonName = "x693 + +[nameConstraints_dirname_x695] +commonName = "x694 + +[nameConstraints_dirname_x696] +commonName = "x695 + +[nameConstraints_dirname_x697] +commonName = "x696 + +[nameConstraints_dirname_x698] +commonName = "x697 + +[nameConstraints_dirname_x699] +commonName = "x698 + +[nameConstraints_dirname_x700] +commonName = "x699 + +[nameConstraints_dirname_x701] +commonName = "x700 + +[nameConstraints_dirname_x702] +commonName = "x701 + +[nameConstraints_dirname_x703] +commonName = "x702 + +[nameConstraints_dirname_x704] +commonName = "x703 + +[nameConstraints_dirname_x705] +commonName = "x704 + +[nameConstraints_dirname_x706] +commonName = "x705 + +[nameConstraints_dirname_x707] +commonName = "x706 + +[nameConstraints_dirname_x708] +commonName = "x707 + +[nameConstraints_dirname_x709] +commonName = "x708 + +[nameConstraints_dirname_x710] +commonName = "x709 + +[nameConstraints_dirname_x711] +commonName = "x710 + +[nameConstraints_dirname_x712] +commonName = "x711 + +[nameConstraints_dirname_x713] +commonName = "x712 + +[nameConstraints_dirname_x714] +commonName = "x713 + +[nameConstraints_dirname_x715] +commonName = "x714 + +[nameConstraints_dirname_x716] +commonName = "x715 + +[nameConstraints_dirname_x717] +commonName = "x716 + +[nameConstraints_dirname_x718] +commonName = "x717 + +[nameConstraints_dirname_x719] +commonName = "x718 + +[nameConstraints_dirname_x720] +commonName = "x719 + +[nameConstraints_dirname_x721] +commonName = "x720 + +[nameConstraints_dirname_x722] +commonName = "x721 + +[nameConstraints_dirname_x723] +commonName = "x722 + +[nameConstraints_dirname_x724] +commonName = "x723 + +[nameConstraints_dirname_x725] +commonName = "x724 + +[nameConstraints_dirname_x726] +commonName = "x725 + +[nameConstraints_dirname_x727] +commonName = "x726 + +[nameConstraints_dirname_x728] +commonName = "x727 + +[nameConstraints_dirname_x729] +commonName = "x728 + +[nameConstraints_dirname_x730] +commonName = "x729 + +[nameConstraints_dirname_x731] +commonName = "x730 + +[nameConstraints_dirname_x732] +commonName = "x731 + +[nameConstraints_dirname_x733] +commonName = "x732 + +[nameConstraints_dirname_x734] +commonName = "x733 + +[nameConstraints_dirname_x735] +commonName = "x734 + +[nameConstraints_dirname_x736] +commonName = "x735 + +[nameConstraints_dirname_x737] +commonName = "x736 + +[nameConstraints_dirname_x738] +commonName = "x737 + +[nameConstraints_dirname_x739] +commonName = "x738 + +[nameConstraints_dirname_x740] +commonName = "x739 + +[nameConstraints_dirname_x741] +commonName = "x740 + +[nameConstraints_dirname_x742] +commonName = "x741 + +[nameConstraints_dirname_x743] +commonName = "x742 + +[nameConstraints_dirname_x744] +commonName = "x743 + +[nameConstraints_dirname_x745] +commonName = "x744 + +[nameConstraints_dirname_x746] +commonName = "x745 + +[nameConstraints_dirname_x747] +commonName = "x746 + +[nameConstraints_dirname_x748] +commonName = "x747 + +[nameConstraints_dirname_x749] +commonName = "x748 + +[nameConstraints_dirname_x750] +commonName = "x749 + +[nameConstraints_dirname_x751] +commonName = "x750 + +[nameConstraints_dirname_x752] +commonName = "x751 + +[nameConstraints_dirname_x753] +commonName = "x752 + +[nameConstraints_dirname_x754] +commonName = "x753 + +[nameConstraints_dirname_x755] +commonName = "x754 + +[nameConstraints_dirname_x756] +commonName = "x755 + +[nameConstraints_dirname_x757] +commonName = "x756 + +[nameConstraints_dirname_x758] +commonName = "x757 + +[nameConstraints_dirname_x759] +commonName = "x758 + +[nameConstraints_dirname_x760] +commonName = "x759 + +[nameConstraints_dirname_x761] +commonName = "x760 + +[nameConstraints_dirname_x762] +commonName = "x761 + +[nameConstraints_dirname_x763] +commonName = "x762 + +[nameConstraints_dirname_x764] +commonName = "x763 + +[nameConstraints_dirname_x765] +commonName = "x764 + +[nameConstraints_dirname_x766] +commonName = "x765 + +[nameConstraints_dirname_x767] +commonName = "x766 + +[nameConstraints_dirname_x768] +commonName = "x767 + +[nameConstraints_dirname_x769] +commonName = "x768 + +[nameConstraints_dirname_x770] +commonName = "x769 + +[nameConstraints_dirname_x771] +commonName = "x770 + +[nameConstraints_dirname_x772] +commonName = "x771 + +[nameConstraints_dirname_x773] +commonName = "x772 + +[nameConstraints_dirname_x774] +commonName = "x773 + +[nameConstraints_dirname_x775] +commonName = "x774 + +[nameConstraints_dirname_x776] +commonName = "x775 + +[nameConstraints_dirname_x777] +commonName = "x776 + +[nameConstraints_dirname_x778] +commonName = "x777 + +[nameConstraints_dirname_x779] +commonName = "x778 + +[nameConstraints_dirname_x780] +commonName = "x779 + +[nameConstraints_dirname_x781] +commonName = "x780 + +[nameConstraints_dirname_x782] +commonName = "x781 + +[nameConstraints_dirname_x783] +commonName = "x782 + +[nameConstraints_dirname_x784] +commonName = "x783 + +[nameConstraints_dirname_x785] +commonName = "x784 + +[nameConstraints_dirname_x786] +commonName = "x785 + +[nameConstraints_dirname_x787] +commonName = "x786 + +[nameConstraints_dirname_x788] +commonName = "x787 + +[nameConstraints_dirname_x789] +commonName = "x788 + +[nameConstraints_dirname_x790] +commonName = "x789 + +[nameConstraints_dirname_x791] +commonName = "x790 + +[nameConstraints_dirname_x792] +commonName = "x791 + +[nameConstraints_dirname_x793] +commonName = "x792 + +[nameConstraints_dirname_x794] +commonName = "x793 + +[nameConstraints_dirname_x795] +commonName = "x794 + +[nameConstraints_dirname_x796] +commonName = "x795 + +[nameConstraints_dirname_x797] +commonName = "x796 + +[nameConstraints_dirname_x798] +commonName = "x797 + +[nameConstraints_dirname_x799] +commonName = "x798 + +[nameConstraints_dirname_x800] +commonName = "x799 + +[nameConstraints_dirname_x801] +commonName = "x800 + +[nameConstraints_dirname_x802] +commonName = "x801 + +[nameConstraints_dirname_x803] +commonName = "x802 + +[nameConstraints_dirname_x804] +commonName = "x803 + +[nameConstraints_dirname_x805] +commonName = "x804 + +[nameConstraints_dirname_x806] +commonName = "x805 + +[nameConstraints_dirname_x807] +commonName = "x806 + +[nameConstraints_dirname_x808] +commonName = "x807 + +[nameConstraints_dirname_x809] +commonName = "x808 + +[nameConstraints_dirname_x810] +commonName = "x809 + +[nameConstraints_dirname_x811] +commonName = "x810 + +[nameConstraints_dirname_x812] +commonName = "x811 + +[nameConstraints_dirname_x813] +commonName = "x812 + +[nameConstraints_dirname_x814] +commonName = "x813 + +[nameConstraints_dirname_x815] +commonName = "x814 + +[nameConstraints_dirname_x816] +commonName = "x815 + +[nameConstraints_dirname_x817] +commonName = "x816 + +[nameConstraints_dirname_x818] +commonName = "x817 + +[nameConstraints_dirname_x819] +commonName = "x818 + +[nameConstraints_dirname_x820] +commonName = "x819 + +[nameConstraints_dirname_x821] +commonName = "x820 + +[nameConstraints_dirname_x822] +commonName = "x821 + +[nameConstraints_dirname_x823] +commonName = "x822 + +[nameConstraints_dirname_x824] +commonName = "x823 + +[nameConstraints_dirname_x825] +commonName = "x824 + +[nameConstraints_dirname_x826] +commonName = "x825 + +[nameConstraints_dirname_x827] +commonName = "x826 + +[nameConstraints_dirname_x828] +commonName = "x827 + +[nameConstraints_dirname_x829] +commonName = "x828 + +[nameConstraints_dirname_x830] +commonName = "x829 + +[nameConstraints_dirname_x831] +commonName = "x830 + +[nameConstraints_dirname_x832] +commonName = "x831 + +[nameConstraints_dirname_x833] +commonName = "x832 + +[nameConstraints_dirname_x834] +commonName = "x833 + +[nameConstraints_dirname_x835] +commonName = "x834 + +[nameConstraints_dirname_x836] +commonName = "x835 + +[nameConstraints_dirname_x837] +commonName = "x836 + +[nameConstraints_dirname_x838] +commonName = "x837 + +[nameConstraints_dirname_x839] +commonName = "x838 + +[nameConstraints_dirname_x840] +commonName = "x839 + +[nameConstraints_dirname_x841] +commonName = "x840 + +[nameConstraints_dirname_x842] +commonName = "x841 + +[nameConstraints_dirname_x843] +commonName = "x842 + +[nameConstraints_dirname_x844] +commonName = "x843 + +[nameConstraints_dirname_x845] +commonName = "x844 + +[nameConstraints_dirname_x846] +commonName = "x845 + +[nameConstraints_dirname_x847] +commonName = "x846 + +[nameConstraints_dirname_x848] +commonName = "x847 + +[nameConstraints_dirname_x849] +commonName = "x848 + +[nameConstraints_dirname_x850] +commonName = "x849 + +[nameConstraints_dirname_x851] +commonName = "x850 + +[nameConstraints_dirname_x852] +commonName = "x851 + +[nameConstraints_dirname_x853] +commonName = "x852 + +[nameConstraints_dirname_x854] +commonName = "x853 + +[nameConstraints_dirname_x855] +commonName = "x854 + +[nameConstraints_dirname_x856] +commonName = "x855 + +[nameConstraints_dirname_x857] +commonName = "x856 + +[nameConstraints_dirname_x858] +commonName = "x857 + +[nameConstraints_dirname_x859] +commonName = "x858 + +[nameConstraints_dirname_x860] +commonName = "x859 + +[nameConstraints_dirname_x861] +commonName = "x860 + +[nameConstraints_dirname_x862] +commonName = "x861 + +[nameConstraints_dirname_x863] +commonName = "x862 + +[nameConstraints_dirname_x864] +commonName = "x863 + +[nameConstraints_dirname_x865] +commonName = "x864 + +[nameConstraints_dirname_x866] +commonName = "x865 + +[nameConstraints_dirname_x867] +commonName = "x866 + +[nameConstraints_dirname_x868] +commonName = "x867 + +[nameConstraints_dirname_x869] +commonName = "x868 + +[nameConstraints_dirname_x870] +commonName = "x869 + +[nameConstraints_dirname_x871] +commonName = "x870 + +[nameConstraints_dirname_x872] +commonName = "x871 + +[nameConstraints_dirname_x873] +commonName = "x872 + +[nameConstraints_dirname_x874] +commonName = "x873 + +[nameConstraints_dirname_x875] +commonName = "x874 + +[nameConstraints_dirname_x876] +commonName = "x875 + +[nameConstraints_dirname_x877] +commonName = "x876 + +[nameConstraints_dirname_x878] +commonName = "x877 + +[nameConstraints_dirname_x879] +commonName = "x878 + +[nameConstraints_dirname_x880] +commonName = "x879 + +[nameConstraints_dirname_x881] +commonName = "x880 + +[nameConstraints_dirname_x882] +commonName = "x881 + +[nameConstraints_dirname_x883] +commonName = "x882 + +[nameConstraints_dirname_x884] +commonName = "x883 + +[nameConstraints_dirname_x885] +commonName = "x884 + +[nameConstraints_dirname_x886] +commonName = "x885 + +[nameConstraints_dirname_x887] +commonName = "x886 + +[nameConstraints_dirname_x888] +commonName = "x887 + +[nameConstraints_dirname_x889] +commonName = "x888 + +[nameConstraints_dirname_x890] +commonName = "x889 + +[nameConstraints_dirname_x891] +commonName = "x890 + +[nameConstraints_dirname_x892] +commonName = "x891 + +[nameConstraints_dirname_x893] +commonName = "x892 + +[nameConstraints_dirname_x894] +commonName = "x893 + +[nameConstraints_dirname_x895] +commonName = "x894 + +[nameConstraints_dirname_x896] +commonName = "x895 + +[nameConstraints_dirname_x897] +commonName = "x896 + +[nameConstraints_dirname_x898] +commonName = "x897 + +[nameConstraints_dirname_x899] +commonName = "x898 + +[nameConstraints_dirname_x900] +commonName = "x899 + +[nameConstraints_dirname_x901] +commonName = "x900 + +[nameConstraints_dirname_x902] +commonName = "x901 + +[nameConstraints_dirname_x903] +commonName = "x902 + +[nameConstraints_dirname_x904] +commonName = "x903 + +[nameConstraints_dirname_x905] +commonName = "x904 + +[nameConstraints_dirname_x906] +commonName = "x905 + +[nameConstraints_dirname_x907] +commonName = "x906 + +[nameConstraints_dirname_x908] +commonName = "x907 + +[nameConstraints_dirname_x909] +commonName = "x908 + +[nameConstraints_dirname_x910] +commonName = "x909 + +[nameConstraints_dirname_x911] +commonName = "x910 + +[nameConstraints_dirname_x912] +commonName = "x911 + +[nameConstraints_dirname_x913] +commonName = "x912 + +[nameConstraints_dirname_x914] +commonName = "x913 + +[nameConstraints_dirname_x915] +commonName = "x914 + +[nameConstraints_dirname_x916] +commonName = "x915 + +[nameConstraints_dirname_x917] +commonName = "x916 + +[nameConstraints_dirname_x918] +commonName = "x917 + +[nameConstraints_dirname_x919] +commonName = "x918 + +[nameConstraints_dirname_x920] +commonName = "x919 + +[nameConstraints_dirname_x921] +commonName = "x920 + +[nameConstraints_dirname_x922] +commonName = "x921 + +[nameConstraints_dirname_x923] +commonName = "x922 + +[nameConstraints_dirname_x924] +commonName = "x923 + +[nameConstraints_dirname_x925] +commonName = "x924 + +[nameConstraints_dirname_x926] +commonName = "x925 + +[nameConstraints_dirname_x927] +commonName = "x926 + +[nameConstraints_dirname_x928] +commonName = "x927 + +[nameConstraints_dirname_x929] +commonName = "x928 + +[nameConstraints_dirname_x930] +commonName = "x929 + +[nameConstraints_dirname_x931] +commonName = "x930 + +[nameConstraints_dirname_x932] +commonName = "x931 + +[nameConstraints_dirname_x933] +commonName = "x932 + +[nameConstraints_dirname_x934] +commonName = "x933 + +[nameConstraints_dirname_x935] +commonName = "x934 + +[nameConstraints_dirname_x936] +commonName = "x935 + +[nameConstraints_dirname_x937] +commonName = "x936 + +[nameConstraints_dirname_x938] +commonName = "x937 + +[nameConstraints_dirname_x939] +commonName = "x938 + +[nameConstraints_dirname_x940] +commonName = "x939 + +[nameConstraints_dirname_x941] +commonName = "x940 + +[nameConstraints_dirname_x942] +commonName = "x941 + +[nameConstraints_dirname_x943] +commonName = "x942 + +[nameConstraints_dirname_x944] +commonName = "x943 + +[nameConstraints_dirname_x945] +commonName = "x944 + +[nameConstraints_dirname_x946] +commonName = "x945 + +[nameConstraints_dirname_x947] +commonName = "x946 + +[nameConstraints_dirname_x948] +commonName = "x947 + +[nameConstraints_dirname_x949] +commonName = "x948 + +[nameConstraints_dirname_x950] +commonName = "x949 + +[nameConstraints_dirname_x951] +commonName = "x950 + +[nameConstraints_dirname_x952] +commonName = "x951 + +[nameConstraints_dirname_x953] +commonName = "x952 + +[nameConstraints_dirname_x954] +commonName = "x953 + +[nameConstraints_dirname_x955] +commonName = "x954 + +[nameConstraints_dirname_x956] +commonName = "x955 + +[nameConstraints_dirname_x957] +commonName = "x956 + +[nameConstraints_dirname_x958] +commonName = "x957 + +[nameConstraints_dirname_x959] +commonName = "x958 + +[nameConstraints_dirname_x960] +commonName = "x959 + +[nameConstraints_dirname_x961] +commonName = "x960 + +[nameConstraints_dirname_x962] +commonName = "x961 + +[nameConstraints_dirname_x963] +commonName = "x962 + +[nameConstraints_dirname_x964] +commonName = "x963 + +[nameConstraints_dirname_x965] +commonName = "x964 + +[nameConstraints_dirname_x966] +commonName = "x965 + +[nameConstraints_dirname_x967] +commonName = "x966 + +[nameConstraints_dirname_x968] +commonName = "x967 + +[nameConstraints_dirname_x969] +commonName = "x968 + +[nameConstraints_dirname_x970] +commonName = "x969 + +[nameConstraints_dirname_x971] +commonName = "x970 + +[nameConstraints_dirname_x972] +commonName = "x971 + +[nameConstraints_dirname_x973] +commonName = "x972 + +[nameConstraints_dirname_x974] +commonName = "x973 + +[nameConstraints_dirname_x975] +commonName = "x974 + +[nameConstraints_dirname_x976] +commonName = "x975 + +[nameConstraints_dirname_x977] +commonName = "x976 + +[nameConstraints_dirname_x978] +commonName = "x977 + +[nameConstraints_dirname_x979] +commonName = "x978 + +[nameConstraints_dirname_x980] +commonName = "x979 + +[nameConstraints_dirname_x981] +commonName = "x980 + +[nameConstraints_dirname_x982] +commonName = "x981 + +[nameConstraints_dirname_x983] +commonName = "x982 + +[nameConstraints_dirname_x984] +commonName = "x983 + +[nameConstraints_dirname_x985] +commonName = "x984 + +[nameConstraints_dirname_x986] +commonName = "x985 + +[nameConstraints_dirname_x987] +commonName = "x986 + +[nameConstraints_dirname_x988] +commonName = "x987 + +[nameConstraints_dirname_x989] +commonName = "x988 + +[nameConstraints_dirname_x990] +commonName = "x989 + +[nameConstraints_dirname_x991] +commonName = "x990 + +[nameConstraints_dirname_x992] +commonName = "x991 + +[nameConstraints_dirname_x993] +commonName = "x992 + +[nameConstraints_dirname_x994] +commonName = "x993 + +[nameConstraints_dirname_x995] +commonName = "x994 + +[nameConstraints_dirname_x996] +commonName = "x995 + +[nameConstraints_dirname_x997] +commonName = "x996 + +[nameConstraints_dirname_x998] +commonName = "x997 + +[nameConstraints_dirname_x999] +commonName = "x998 + +[nameConstraints_dirname_x1000] +commonName = "x999 + +[nameConstraints_dirname_x1001] +commonName = "x1000 + +[nameConstraints_dirname_x1002] +commonName = "x1001 + +[nameConstraints_dirname_x1003] +commonName = "x1002 + +[nameConstraints_dirname_x1004] +commonName = "x1003 + +[nameConstraints_dirname_x1005] +commonName = "x1004 + +[nameConstraints_dirname_x1006] +commonName = "x1005 + +[nameConstraints_dirname_x1007] +commonName = "x1006 + +[nameConstraints_dirname_x1008] +commonName = "x1007 + +[nameConstraints_dirname_x1009] +commonName = "x1008 + +[nameConstraints_dirname_x1010] +commonName = "x1009 + +[nameConstraints_dirname_x1011] +commonName = "x1010 + +[nameConstraints_dirname_x1012] +commonName = "x1011 + +[nameConstraints_dirname_x1013] +commonName = "x1012 + +[nameConstraints_dirname_x1014] +commonName = "x1013 + +[nameConstraints_dirname_x1015] +commonName = "x1014 + +[nameConstraints_dirname_x1016] +commonName = "x1015 + +[nameConstraints_dirname_x1017] +commonName = "x1016 + +[nameConstraints_dirname_x1018] +commonName = "x1017 + +[nameConstraints_dirname_x1019] +commonName = "x1018 + +[nameConstraints_dirname_x1020] +commonName = "x1019 + +[nameConstraints_dirname_x1021] +commonName = "x1020 + +[nameConstraints_dirname_x1022] +commonName = "x1021 + +[nameConstraints_dirname_x1023] +commonName = "x1022 + +[nameConstraints_dirname_x1024] +commonName = "x1023 + +[nameConstraints_dirname_x1025] +commonName = "x1024 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.csr new file mode 100644 index 0000000000..53639207f1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.csr @@ -0,0 +1,464 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIJWijCCVXICAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoIJULDCC +VCgGCSqGSIb3DQEJDjGCVBkwglQVMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCU9EGA1UdHgSC +U8gwglPEoYJTwDARpA8wDTELMAkGA1UEAwwCeDAwEaQPMA0xCzAJBgNVBAMMAngx +MBGkDzANMQswCQYDVQQDDAJ4MjARpA8wDTELMAkGA1UEAwwCeDMwEaQPMA0xCzAJ +BgNVBAMMAng0MBGkDzANMQswCQYDVQQDDAJ4NTARpA8wDTELMAkGA1UEAwwCeDYw +EaQPMA0xCzAJBgNVBAMMAng3MBGkDzANMQswCQYDVQQDDAJ4ODARpA8wDTELMAkG +A1UEAwwCeDkwEqQQMA4xDDAKBgNVBAMMA3gxMDASpBAwDjEMMAoGA1UEAwwDeDEx +MBKkEDAOMQwwCgYDVQQDDAN4MTIwEqQQMA4xDDAKBgNVBAMMA3gxMzASpBAwDjEM +MAoGA1UEAwwDeDE0MBKkEDAOMQwwCgYDVQQDDAN4MTUwEqQQMA4xDDAKBgNVBAMM +A3gxNjASpBAwDjEMMAoGA1UEAwwDeDE3MBKkEDAOMQwwCgYDVQQDDAN4MTgwEqQQ +MA4xDDAKBgNVBAMMA3gxOTASpBAwDjEMMAoGA1UEAwwDeDIwMBKkEDAOMQwwCgYD +VQQDDAN4MjEwEqQQMA4xDDAKBgNVBAMMA3gyMjASpBAwDjEMMAoGA1UEAwwDeDIz +MBKkEDAOMQwwCgYDVQQDDAN4MjQwEqQQMA4xDDAKBgNVBAMMA3gyNTASpBAwDjEM +MAoGA1UEAwwDeDI2MBKkEDAOMQwwCgYDVQQDDAN4MjcwEqQQMA4xDDAKBgNVBAMM +A3gyODASpBAwDjEMMAoGA1UEAwwDeDI5MBKkEDAOMQwwCgYDVQQDDAN4MzAwEqQQ +MA4xDDAKBgNVBAMMA3gzMTASpBAwDjEMMAoGA1UEAwwDeDMyMBKkEDAOMQwwCgYD +VQQDDAN4MzMwEqQQMA4xDDAKBgNVBAMMA3gzNDASpBAwDjEMMAoGA1UEAwwDeDM1 +MBKkEDAOMQwwCgYDVQQDDAN4MzYwEqQQMA4xDDAKBgNVBAMMA3gzNzASpBAwDjEM +MAoGA1UEAwwDeDM4MBKkEDAOMQwwCgYDVQQDDAN4MzkwEqQQMA4xDDAKBgNVBAMM +A3g0MDASpBAwDjEMMAoGA1UEAwwDeDQxMBKkEDAOMQwwCgYDVQQDDAN4NDIwEqQQ +MA4xDDAKBgNVBAMMA3g0MzASpBAwDjEMMAoGA1UEAwwDeDQ0MBKkEDAOMQwwCgYD +VQQDDAN4NDUwEqQQMA4xDDAKBgNVBAMMA3g0NjASpBAwDjEMMAoGA1UEAwwDeDQ3 +MBKkEDAOMQwwCgYDVQQDDAN4NDgwEqQQMA4xDDAKBgNVBAMMA3g0OTASpBAwDjEM +MAoGA1UEAwwDeDUwMBKkEDAOMQwwCgYDVQQDDAN4NTEwEqQQMA4xDDAKBgNVBAMM +A3g1MjASpBAwDjEMMAoGA1UEAwwDeDUzMBKkEDAOMQwwCgYDVQQDDAN4NTQwEqQQ +MA4xDDAKBgNVBAMMA3g1NTASpBAwDjEMMAoGA1UEAwwDeDU2MBKkEDAOMQwwCgYD +VQQDDAN4NTcwEqQQMA4xDDAKBgNVBAMMA3g1ODASpBAwDjEMMAoGA1UEAwwDeDU5 +MBKkEDAOMQwwCgYDVQQDDAN4NjAwEqQQMA4xDDAKBgNVBAMMA3g2MTASpBAwDjEM +MAoGA1UEAwwDeDYyMBKkEDAOMQwwCgYDVQQDDAN4NjMwEqQQMA4xDDAKBgNVBAMM +A3g2NDASpBAwDjEMMAoGA1UEAwwDeDY1MBKkEDAOMQwwCgYDVQQDDAN4NjYwEqQQ +MA4xDDAKBgNVBAMMA3g2NzASpBAwDjEMMAoGA1UEAwwDeDY4MBKkEDAOMQwwCgYD +VQQDDAN4NjkwEqQQMA4xDDAKBgNVBAMMA3g3MDASpBAwDjEMMAoGA1UEAwwDeDcx +MBKkEDAOMQwwCgYDVQQDDAN4NzIwEqQQMA4xDDAKBgNVBAMMA3g3MzASpBAwDjEM +MAoGA1UEAwwDeDc0MBKkEDAOMQwwCgYDVQQDDAN4NzUwEqQQMA4xDDAKBgNVBAMM +A3g3NjASpBAwDjEMMAoGA1UEAwwDeDc3MBKkEDAOMQwwCgYDVQQDDAN4NzgwEqQQ +MA4xDDAKBgNVBAMMA3g3OTASpBAwDjEMMAoGA1UEAwwDeDgwMBKkEDAOMQwwCgYD +VQQDDAN4ODEwEqQQMA4xDDAKBgNVBAMMA3g4MjASpBAwDjEMMAoGA1UEAwwDeDgz +MBKkEDAOMQwwCgYDVQQDDAN4ODQwEqQQMA4xDDAKBgNVBAMMA3g4NTASpBAwDjEM +MAoGA1UEAwwDeDg2MBKkEDAOMQwwCgYDVQQDDAN4ODcwEqQQMA4xDDAKBgNVBAMM +A3g4ODASpBAwDjEMMAoGA1UEAwwDeDg5MBKkEDAOMQwwCgYDVQQDDAN4OTAwEqQQ +MA4xDDAKBgNVBAMMA3g5MTASpBAwDjEMMAoGA1UEAwwDeDkyMBKkEDAOMQwwCgYD +VQQDDAN4OTMwEqQQMA4xDDAKBgNVBAMMA3g5NDASpBAwDjEMMAoGA1UEAwwDeDk1 +MBKkEDAOMQwwCgYDVQQDDAN4OTYwEqQQMA4xDDAKBgNVBAMMA3g5NzASpBAwDjEM +MAoGA1UEAwwDeDk4MBKkEDAOMQwwCgYDVQQDDAN4OTkwE6QRMA8xDTALBgNVBAMM +BHgxMDAwE6QRMA8xDTALBgNVBAMMBHgxMDEwE6QRMA8xDTALBgNVBAMMBHgxMDIw +E6QRMA8xDTALBgNVBAMMBHgxMDMwE6QRMA8xDTALBgNVBAMMBHgxMDQwE6QRMA8x +DTALBgNVBAMMBHgxMDUwE6QRMA8xDTALBgNVBAMMBHgxMDYwE6QRMA8xDTALBgNV +BAMMBHgxMDcwE6QRMA8xDTALBgNVBAMMBHgxMDgwE6QRMA8xDTALBgNVBAMMBHgx +MDkwE6QRMA8xDTALBgNVBAMMBHgxMTAwE6QRMA8xDTALBgNVBAMMBHgxMTEwE6QR +MA8xDTALBgNVBAMMBHgxMTIwE6QRMA8xDTALBgNVBAMMBHgxMTMwE6QRMA8xDTAL +BgNVBAMMBHgxMTQwE6QRMA8xDTALBgNVBAMMBHgxMTUwE6QRMA8xDTALBgNVBAMM +BHgxMTYwE6QRMA8xDTALBgNVBAMMBHgxMTcwE6QRMA8xDTALBgNVBAMMBHgxMTgw +E6QRMA8xDTALBgNVBAMMBHgxMTkwE6QRMA8xDTALBgNVBAMMBHgxMjAwE6QRMA8x +DTALBgNVBAMMBHgxMjEwE6QRMA8xDTALBgNVBAMMBHgxMjIwE6QRMA8xDTALBgNV +BAMMBHgxMjMwE6QRMA8xDTALBgNVBAMMBHgxMjQwE6QRMA8xDTALBgNVBAMMBHgx +MjUwE6QRMA8xDTALBgNVBAMMBHgxMjYwE6QRMA8xDTALBgNVBAMMBHgxMjcwE6QR +MA8xDTALBgNVBAMMBHgxMjgwE6QRMA8xDTALBgNVBAMMBHgxMjkwE6QRMA8xDTAL +BgNVBAMMBHgxMzAwE6QRMA8xDTALBgNVBAMMBHgxMzEwE6QRMA8xDTALBgNVBAMM +BHgxMzIwE6QRMA8xDTALBgNVBAMMBHgxMzMwE6QRMA8xDTALBgNVBAMMBHgxMzQw +E6QRMA8xDTALBgNVBAMMBHgxMzUwE6QRMA8xDTALBgNVBAMMBHgxMzYwE6QRMA8x +DTALBgNVBAMMBHgxMzcwE6QRMA8xDTALBgNVBAMMBHgxMzgwE6QRMA8xDTALBgNV +BAMMBHgxMzkwE6QRMA8xDTALBgNVBAMMBHgxNDAwE6QRMA8xDTALBgNVBAMMBHgx +NDEwE6QRMA8xDTALBgNVBAMMBHgxNDIwE6QRMA8xDTALBgNVBAMMBHgxNDMwE6QR +MA8xDTALBgNVBAMMBHgxNDQwE6QRMA8xDTALBgNVBAMMBHgxNDUwE6QRMA8xDTAL +BgNVBAMMBHgxNDYwE6QRMA8xDTALBgNVBAMMBHgxNDcwE6QRMA8xDTALBgNVBAMM +BHgxNDgwE6QRMA8xDTALBgNVBAMMBHgxNDkwE6QRMA8xDTALBgNVBAMMBHgxNTAw +E6QRMA8xDTALBgNVBAMMBHgxNTEwE6QRMA8xDTALBgNVBAMMBHgxNTIwE6QRMA8x +DTALBgNVBAMMBHgxNTMwE6QRMA8xDTALBgNVBAMMBHgxNTQwE6QRMA8xDTALBgNV +BAMMBHgxNTUwE6QRMA8xDTALBgNVBAMMBHgxNTYwE6QRMA8xDTALBgNVBAMMBHgx +NTcwE6QRMA8xDTALBgNVBAMMBHgxNTgwE6QRMA8xDTALBgNVBAMMBHgxNTkwE6QR +MA8xDTALBgNVBAMMBHgxNjAwE6QRMA8xDTALBgNVBAMMBHgxNjEwE6QRMA8xDTAL +BgNVBAMMBHgxNjIwE6QRMA8xDTALBgNVBAMMBHgxNjMwE6QRMA8xDTALBgNVBAMM +BHgxNjQwE6QRMA8xDTALBgNVBAMMBHgxNjUwE6QRMA8xDTALBgNVBAMMBHgxNjYw +E6QRMA8xDTALBgNVBAMMBHgxNjcwE6QRMA8xDTALBgNVBAMMBHgxNjgwE6QRMA8x +DTALBgNVBAMMBHgxNjkwE6QRMA8xDTALBgNVBAMMBHgxNzAwE6QRMA8xDTALBgNV +BAMMBHgxNzEwE6QRMA8xDTALBgNVBAMMBHgxNzIwE6QRMA8xDTALBgNVBAMMBHgx +NzMwE6QRMA8xDTALBgNVBAMMBHgxNzQwE6QRMA8xDTALBgNVBAMMBHgxNzUwE6QR +MA8xDTALBgNVBAMMBHgxNzYwE6QRMA8xDTALBgNVBAMMBHgxNzcwE6QRMA8xDTAL +BgNVBAMMBHgxNzgwE6QRMA8xDTALBgNVBAMMBHgxNzkwE6QRMA8xDTALBgNVBAMM +BHgxODAwE6QRMA8xDTALBgNVBAMMBHgxODEwE6QRMA8xDTALBgNVBAMMBHgxODIw +E6QRMA8xDTALBgNVBAMMBHgxODMwE6QRMA8xDTALBgNVBAMMBHgxODQwE6QRMA8x +DTALBgNVBAMMBHgxODUwE6QRMA8xDTALBgNVBAMMBHgxODYwE6QRMA8xDTALBgNV +BAMMBHgxODcwE6QRMA8xDTALBgNVBAMMBHgxODgwE6QRMA8xDTALBgNVBAMMBHgx +ODkwE6QRMA8xDTALBgNVBAMMBHgxOTAwE6QRMA8xDTALBgNVBAMMBHgxOTEwE6QR +MA8xDTALBgNVBAMMBHgxOTIwE6QRMA8xDTALBgNVBAMMBHgxOTMwE6QRMA8xDTAL +BgNVBAMMBHgxOTQwE6QRMA8xDTALBgNVBAMMBHgxOTUwE6QRMA8xDTALBgNVBAMM +BHgxOTYwE6QRMA8xDTALBgNVBAMMBHgxOTcwE6QRMA8xDTALBgNVBAMMBHgxOTgw +E6QRMA8xDTALBgNVBAMMBHgxOTkwE6QRMA8xDTALBgNVBAMMBHgyMDAwE6QRMA8x +DTALBgNVBAMMBHgyMDEwE6QRMA8xDTALBgNVBAMMBHgyMDIwE6QRMA8xDTALBgNV +BAMMBHgyMDMwE6QRMA8xDTALBgNVBAMMBHgyMDQwE6QRMA8xDTALBgNVBAMMBHgy +MDUwE6QRMA8xDTALBgNVBAMMBHgyMDYwE6QRMA8xDTALBgNVBAMMBHgyMDcwE6QR +MA8xDTALBgNVBAMMBHgyMDgwE6QRMA8xDTALBgNVBAMMBHgyMDkwE6QRMA8xDTAL +BgNVBAMMBHgyMTAwE6QRMA8xDTALBgNVBAMMBHgyMTEwE6QRMA8xDTALBgNVBAMM +BHgyMTIwE6QRMA8xDTALBgNVBAMMBHgyMTMwE6QRMA8xDTALBgNVBAMMBHgyMTQw +E6QRMA8xDTALBgNVBAMMBHgyMTUwE6QRMA8xDTALBgNVBAMMBHgyMTYwE6QRMA8x +DTALBgNVBAMMBHgyMTcwE6QRMA8xDTALBgNVBAMMBHgyMTgwE6QRMA8xDTALBgNV +BAMMBHgyMTkwE6QRMA8xDTALBgNVBAMMBHgyMjAwE6QRMA8xDTALBgNVBAMMBHgy +MjEwE6QRMA8xDTALBgNVBAMMBHgyMjIwE6QRMA8xDTALBgNVBAMMBHgyMjMwE6QR +MA8xDTALBgNVBAMMBHgyMjQwE6QRMA8xDTALBgNVBAMMBHgyMjUwE6QRMA8xDTAL +BgNVBAMMBHgyMjYwE6QRMA8xDTALBgNVBAMMBHgyMjcwE6QRMA8xDTALBgNVBAMM +BHgyMjgwE6QRMA8xDTALBgNVBAMMBHgyMjkwE6QRMA8xDTALBgNVBAMMBHgyMzAw +E6QRMA8xDTALBgNVBAMMBHgyMzEwE6QRMA8xDTALBgNVBAMMBHgyMzIwE6QRMA8x +DTALBgNVBAMMBHgyMzMwE6QRMA8xDTALBgNVBAMMBHgyMzQwE6QRMA8xDTALBgNV +BAMMBHgyMzUwE6QRMA8xDTALBgNVBAMMBHgyMzYwE6QRMA8xDTALBgNVBAMMBHgy +MzcwE6QRMA8xDTALBgNVBAMMBHgyMzgwE6QRMA8xDTALBgNVBAMMBHgyMzkwE6QR +MA8xDTALBgNVBAMMBHgyNDAwE6QRMA8xDTALBgNVBAMMBHgyNDEwE6QRMA8xDTAL +BgNVBAMMBHgyNDIwE6QRMA8xDTALBgNVBAMMBHgyNDMwE6QRMA8xDTALBgNVBAMM +BHgyNDQwE6QRMA8xDTALBgNVBAMMBHgyNDUwE6QRMA8xDTALBgNVBAMMBHgyNDYw +E6QRMA8xDTALBgNVBAMMBHgyNDcwE6QRMA8xDTALBgNVBAMMBHgyNDgwE6QRMA8x +DTALBgNVBAMMBHgyNDkwE6QRMA8xDTALBgNVBAMMBHgyNTAwE6QRMA8xDTALBgNV +BAMMBHgyNTEwE6QRMA8xDTALBgNVBAMMBHgyNTIwE6QRMA8xDTALBgNVBAMMBHgy +NTMwE6QRMA8xDTALBgNVBAMMBHgyNTQwE6QRMA8xDTALBgNVBAMMBHgyNTUwE6QR +MA8xDTALBgNVBAMMBHgyNTYwE6QRMA8xDTALBgNVBAMMBHgyNTcwE6QRMA8xDTAL +BgNVBAMMBHgyNTgwE6QRMA8xDTALBgNVBAMMBHgyNTkwE6QRMA8xDTALBgNVBAMM +BHgyNjAwE6QRMA8xDTALBgNVBAMMBHgyNjEwE6QRMA8xDTALBgNVBAMMBHgyNjIw +E6QRMA8xDTALBgNVBAMMBHgyNjMwE6QRMA8xDTALBgNVBAMMBHgyNjQwE6QRMA8x +DTALBgNVBAMMBHgyNjUwE6QRMA8xDTALBgNVBAMMBHgyNjYwE6QRMA8xDTALBgNV +BAMMBHgyNjcwE6QRMA8xDTALBgNVBAMMBHgyNjgwE6QRMA8xDTALBgNVBAMMBHgy +NjkwE6QRMA8xDTALBgNVBAMMBHgyNzAwE6QRMA8xDTALBgNVBAMMBHgyNzEwE6QR +MA8xDTALBgNVBAMMBHgyNzIwE6QRMA8xDTALBgNVBAMMBHgyNzMwE6QRMA8xDTAL +BgNVBAMMBHgyNzQwE6QRMA8xDTALBgNVBAMMBHgyNzUwE6QRMA8xDTALBgNVBAMM +BHgyNzYwE6QRMA8xDTALBgNVBAMMBHgyNzcwE6QRMA8xDTALBgNVBAMMBHgyNzgw +E6QRMA8xDTALBgNVBAMMBHgyNzkwE6QRMA8xDTALBgNVBAMMBHgyODAwE6QRMA8x +DTALBgNVBAMMBHgyODEwE6QRMA8xDTALBgNVBAMMBHgyODIwE6QRMA8xDTALBgNV +BAMMBHgyODMwE6QRMA8xDTALBgNVBAMMBHgyODQwE6QRMA8xDTALBgNVBAMMBHgy +ODUwE6QRMA8xDTALBgNVBAMMBHgyODYwE6QRMA8xDTALBgNVBAMMBHgyODcwE6QR +MA8xDTALBgNVBAMMBHgyODgwE6QRMA8xDTALBgNVBAMMBHgyODkwE6QRMA8xDTAL +BgNVBAMMBHgyOTAwE6QRMA8xDTALBgNVBAMMBHgyOTEwE6QRMA8xDTALBgNVBAMM +BHgyOTIwE6QRMA8xDTALBgNVBAMMBHgyOTMwE6QRMA8xDTALBgNVBAMMBHgyOTQw +E6QRMA8xDTALBgNVBAMMBHgyOTUwE6QRMA8xDTALBgNVBAMMBHgyOTYwE6QRMA8x +DTALBgNVBAMMBHgyOTcwE6QRMA8xDTALBgNVBAMMBHgyOTgwE6QRMA8xDTALBgNV +BAMMBHgyOTkwE6QRMA8xDTALBgNVBAMMBHgzMDAwE6QRMA8xDTALBgNVBAMMBHgz +MDEwE6QRMA8xDTALBgNVBAMMBHgzMDIwE6QRMA8xDTALBgNVBAMMBHgzMDMwE6QR +MA8xDTALBgNVBAMMBHgzMDQwE6QRMA8xDTALBgNVBAMMBHgzMDUwE6QRMA8xDTAL +BgNVBAMMBHgzMDYwE6QRMA8xDTALBgNVBAMMBHgzMDcwE6QRMA8xDTALBgNVBAMM +BHgzMDgwE6QRMA8xDTALBgNVBAMMBHgzMDkwE6QRMA8xDTALBgNVBAMMBHgzMTAw +E6QRMA8xDTALBgNVBAMMBHgzMTEwE6QRMA8xDTALBgNVBAMMBHgzMTIwE6QRMA8x +DTALBgNVBAMMBHgzMTMwE6QRMA8xDTALBgNVBAMMBHgzMTQwE6QRMA8xDTALBgNV +BAMMBHgzMTUwE6QRMA8xDTALBgNVBAMMBHgzMTYwE6QRMA8xDTALBgNVBAMMBHgz +MTcwE6QRMA8xDTALBgNVBAMMBHgzMTgwE6QRMA8xDTALBgNVBAMMBHgzMTkwE6QR +MA8xDTALBgNVBAMMBHgzMjAwE6QRMA8xDTALBgNVBAMMBHgzMjEwE6QRMA8xDTAL +BgNVBAMMBHgzMjIwE6QRMA8xDTALBgNVBAMMBHgzMjMwE6QRMA8xDTALBgNVBAMM +BHgzMjQwE6QRMA8xDTALBgNVBAMMBHgzMjUwE6QRMA8xDTALBgNVBAMMBHgzMjYw +E6QRMA8xDTALBgNVBAMMBHgzMjcwE6QRMA8xDTALBgNVBAMMBHgzMjgwE6QRMA8x +DTALBgNVBAMMBHgzMjkwE6QRMA8xDTALBgNVBAMMBHgzMzAwE6QRMA8xDTALBgNV +BAMMBHgzMzEwE6QRMA8xDTALBgNVBAMMBHgzMzIwE6QRMA8xDTALBgNVBAMMBHgz +MzMwE6QRMA8xDTALBgNVBAMMBHgzMzQwE6QRMA8xDTALBgNVBAMMBHgzMzUwE6QR +MA8xDTALBgNVBAMMBHgzMzYwE6QRMA8xDTALBgNVBAMMBHgzMzcwE6QRMA8xDTAL +BgNVBAMMBHgzMzgwE6QRMA8xDTALBgNVBAMMBHgzMzkwE6QRMA8xDTALBgNVBAMM +BHgzNDAwE6QRMA8xDTALBgNVBAMMBHgzNDEwE6QRMA8xDTALBgNVBAMMBHgzNDIw +E6QRMA8xDTALBgNVBAMMBHgzNDMwE6QRMA8xDTALBgNVBAMMBHgzNDQwE6QRMA8x +DTALBgNVBAMMBHgzNDUwE6QRMA8xDTALBgNVBAMMBHgzNDYwE6QRMA8xDTALBgNV +BAMMBHgzNDcwE6QRMA8xDTALBgNVBAMMBHgzNDgwE6QRMA8xDTALBgNVBAMMBHgz +NDkwE6QRMA8xDTALBgNVBAMMBHgzNTAwE6QRMA8xDTALBgNVBAMMBHgzNTEwE6QR +MA8xDTALBgNVBAMMBHgzNTIwE6QRMA8xDTALBgNVBAMMBHgzNTMwE6QRMA8xDTAL +BgNVBAMMBHgzNTQwE6QRMA8xDTALBgNVBAMMBHgzNTUwE6QRMA8xDTALBgNVBAMM +BHgzNTYwE6QRMA8xDTALBgNVBAMMBHgzNTcwE6QRMA8xDTALBgNVBAMMBHgzNTgw +E6QRMA8xDTALBgNVBAMMBHgzNTkwE6QRMA8xDTALBgNVBAMMBHgzNjAwE6QRMA8x +DTALBgNVBAMMBHgzNjEwE6QRMA8xDTALBgNVBAMMBHgzNjIwE6QRMA8xDTALBgNV +BAMMBHgzNjMwE6QRMA8xDTALBgNVBAMMBHgzNjQwE6QRMA8xDTALBgNVBAMMBHgz +NjUwE6QRMA8xDTALBgNVBAMMBHgzNjYwE6QRMA8xDTALBgNVBAMMBHgzNjcwE6QR +MA8xDTALBgNVBAMMBHgzNjgwE6QRMA8xDTALBgNVBAMMBHgzNjkwE6QRMA8xDTAL +BgNVBAMMBHgzNzAwE6QRMA8xDTALBgNVBAMMBHgzNzEwE6QRMA8xDTALBgNVBAMM +BHgzNzIwE6QRMA8xDTALBgNVBAMMBHgzNzMwE6QRMA8xDTALBgNVBAMMBHgzNzQw +E6QRMA8xDTALBgNVBAMMBHgzNzUwE6QRMA8xDTALBgNVBAMMBHgzNzYwE6QRMA8x +DTALBgNVBAMMBHgzNzcwE6QRMA8xDTALBgNVBAMMBHgzNzgwE6QRMA8xDTALBgNV +BAMMBHgzNzkwE6QRMA8xDTALBgNVBAMMBHgzODAwE6QRMA8xDTALBgNVBAMMBHgz +ODEwE6QRMA8xDTALBgNVBAMMBHgzODIwE6QRMA8xDTALBgNVBAMMBHgzODMwE6QR +MA8xDTALBgNVBAMMBHgzODQwE6QRMA8xDTALBgNVBAMMBHgzODUwE6QRMA8xDTAL +BgNVBAMMBHgzODYwE6QRMA8xDTALBgNVBAMMBHgzODcwE6QRMA8xDTALBgNVBAMM +BHgzODgwE6QRMA8xDTALBgNVBAMMBHgzODkwE6QRMA8xDTALBgNVBAMMBHgzOTAw +E6QRMA8xDTALBgNVBAMMBHgzOTEwE6QRMA8xDTALBgNVBAMMBHgzOTIwE6QRMA8x +DTALBgNVBAMMBHgzOTMwE6QRMA8xDTALBgNVBAMMBHgzOTQwE6QRMA8xDTALBgNV +BAMMBHgzOTUwE6QRMA8xDTALBgNVBAMMBHgzOTYwE6QRMA8xDTALBgNVBAMMBHgz +OTcwE6QRMA8xDTALBgNVBAMMBHgzOTgwE6QRMA8xDTALBgNVBAMMBHgzOTkwE6QR +MA8xDTALBgNVBAMMBHg0MDAwE6QRMA8xDTALBgNVBAMMBHg0MDEwE6QRMA8xDTAL +BgNVBAMMBHg0MDIwE6QRMA8xDTALBgNVBAMMBHg0MDMwE6QRMA8xDTALBgNVBAMM +BHg0MDQwE6QRMA8xDTALBgNVBAMMBHg0MDUwE6QRMA8xDTALBgNVBAMMBHg0MDYw +E6QRMA8xDTALBgNVBAMMBHg0MDcwE6QRMA8xDTALBgNVBAMMBHg0MDgwE6QRMA8x +DTALBgNVBAMMBHg0MDkwE6QRMA8xDTALBgNVBAMMBHg0MTAwE6QRMA8xDTALBgNV +BAMMBHg0MTEwE6QRMA8xDTALBgNVBAMMBHg0MTIwE6QRMA8xDTALBgNVBAMMBHg0 +MTMwE6QRMA8xDTALBgNVBAMMBHg0MTQwE6QRMA8xDTALBgNVBAMMBHg0MTUwE6QR +MA8xDTALBgNVBAMMBHg0MTYwE6QRMA8xDTALBgNVBAMMBHg0MTcwE6QRMA8xDTAL +BgNVBAMMBHg0MTgwE6QRMA8xDTALBgNVBAMMBHg0MTkwE6QRMA8xDTALBgNVBAMM +BHg0MjAwE6QRMA8xDTALBgNVBAMMBHg0MjEwE6QRMA8xDTALBgNVBAMMBHg0MjIw +E6QRMA8xDTALBgNVBAMMBHg0MjMwE6QRMA8xDTALBgNVBAMMBHg0MjQwE6QRMA8x +DTALBgNVBAMMBHg0MjUwE6QRMA8xDTALBgNVBAMMBHg0MjYwE6QRMA8xDTALBgNV +BAMMBHg0MjcwE6QRMA8xDTALBgNVBAMMBHg0MjgwE6QRMA8xDTALBgNVBAMMBHg0 +MjkwE6QRMA8xDTALBgNVBAMMBHg0MzAwE6QRMA8xDTALBgNVBAMMBHg0MzEwE6QR +MA8xDTALBgNVBAMMBHg0MzIwE6QRMA8xDTALBgNVBAMMBHg0MzMwE6QRMA8xDTAL +BgNVBAMMBHg0MzQwE6QRMA8xDTALBgNVBAMMBHg0MzUwE6QRMA8xDTALBgNVBAMM +BHg0MzYwE6QRMA8xDTALBgNVBAMMBHg0MzcwE6QRMA8xDTALBgNVBAMMBHg0Mzgw +E6QRMA8xDTALBgNVBAMMBHg0MzkwE6QRMA8xDTALBgNVBAMMBHg0NDAwE6QRMA8x +DTALBgNVBAMMBHg0NDEwE6QRMA8xDTALBgNVBAMMBHg0NDIwE6QRMA8xDTALBgNV +BAMMBHg0NDMwE6QRMA8xDTALBgNVBAMMBHg0NDQwE6QRMA8xDTALBgNVBAMMBHg0 +NDUwE6QRMA8xDTALBgNVBAMMBHg0NDYwE6QRMA8xDTALBgNVBAMMBHg0NDcwE6QR +MA8xDTALBgNVBAMMBHg0NDgwE6QRMA8xDTALBgNVBAMMBHg0NDkwE6QRMA8xDTAL +BgNVBAMMBHg0NTAwE6QRMA8xDTALBgNVBAMMBHg0NTEwE6QRMA8xDTALBgNVBAMM +BHg0NTIwE6QRMA8xDTALBgNVBAMMBHg0NTMwE6QRMA8xDTALBgNVBAMMBHg0NTQw +E6QRMA8xDTALBgNVBAMMBHg0NTUwE6QRMA8xDTALBgNVBAMMBHg0NTYwE6QRMA8x +DTALBgNVBAMMBHg0NTcwE6QRMA8xDTALBgNVBAMMBHg0NTgwE6QRMA8xDTALBgNV +BAMMBHg0NTkwE6QRMA8xDTALBgNVBAMMBHg0NjAwE6QRMA8xDTALBgNVBAMMBHg0 +NjEwE6QRMA8xDTALBgNVBAMMBHg0NjIwE6QRMA8xDTALBgNVBAMMBHg0NjMwE6QR +MA8xDTALBgNVBAMMBHg0NjQwE6QRMA8xDTALBgNVBAMMBHg0NjUwE6QRMA8xDTAL +BgNVBAMMBHg0NjYwE6QRMA8xDTALBgNVBAMMBHg0NjcwE6QRMA8xDTALBgNVBAMM +BHg0NjgwE6QRMA8xDTALBgNVBAMMBHg0NjkwE6QRMA8xDTALBgNVBAMMBHg0NzAw +E6QRMA8xDTALBgNVBAMMBHg0NzEwE6QRMA8xDTALBgNVBAMMBHg0NzIwE6QRMA8x +DTALBgNVBAMMBHg0NzMwE6QRMA8xDTALBgNVBAMMBHg0NzQwE6QRMA8xDTALBgNV +BAMMBHg0NzUwE6QRMA8xDTALBgNVBAMMBHg0NzYwE6QRMA8xDTALBgNVBAMMBHg0 +NzcwE6QRMA8xDTALBgNVBAMMBHg0NzgwE6QRMA8xDTALBgNVBAMMBHg0NzkwE6QR +MA8xDTALBgNVBAMMBHg0ODAwE6QRMA8xDTALBgNVBAMMBHg0ODEwE6QRMA8xDTAL +BgNVBAMMBHg0ODIwE6QRMA8xDTALBgNVBAMMBHg0ODMwE6QRMA8xDTALBgNVBAMM +BHg0ODQwE6QRMA8xDTALBgNVBAMMBHg0ODUwE6QRMA8xDTALBgNVBAMMBHg0ODYw +E6QRMA8xDTALBgNVBAMMBHg0ODcwE6QRMA8xDTALBgNVBAMMBHg0ODgwE6QRMA8x +DTALBgNVBAMMBHg0ODkwE6QRMA8xDTALBgNVBAMMBHg0OTAwE6QRMA8xDTALBgNV +BAMMBHg0OTEwE6QRMA8xDTALBgNVBAMMBHg0OTIwE6QRMA8xDTALBgNVBAMMBHg0 +OTMwE6QRMA8xDTALBgNVBAMMBHg0OTQwE6QRMA8xDTALBgNVBAMMBHg0OTUwE6QR +MA8xDTALBgNVBAMMBHg0OTYwE6QRMA8xDTALBgNVBAMMBHg0OTcwE6QRMA8xDTAL +BgNVBAMMBHg0OTgwE6QRMA8xDTALBgNVBAMMBHg0OTkwE6QRMA8xDTALBgNVBAMM +BHg1MDAwE6QRMA8xDTALBgNVBAMMBHg1MDEwE6QRMA8xDTALBgNVBAMMBHg1MDIw +E6QRMA8xDTALBgNVBAMMBHg1MDMwE6QRMA8xDTALBgNVBAMMBHg1MDQwE6QRMA8x +DTALBgNVBAMMBHg1MDUwE6QRMA8xDTALBgNVBAMMBHg1MDYwE6QRMA8xDTALBgNV +BAMMBHg1MDcwE6QRMA8xDTALBgNVBAMMBHg1MDgwE6QRMA8xDTALBgNVBAMMBHg1 +MDkwE6QRMA8xDTALBgNVBAMMBHg1MTAwE6QRMA8xDTALBgNVBAMMBHg1MTEwE6QR +MA8xDTALBgNVBAMMBHg1MTIwE6QRMA8xDTALBgNVBAMMBHg1MTMwE6QRMA8xDTAL +BgNVBAMMBHg1MTQwE6QRMA8xDTALBgNVBAMMBHg1MTUwE6QRMA8xDTALBgNVBAMM +BHg1MTYwE6QRMA8xDTALBgNVBAMMBHg1MTcwE6QRMA8xDTALBgNVBAMMBHg1MTgw +E6QRMA8xDTALBgNVBAMMBHg1MTkwE6QRMA8xDTALBgNVBAMMBHg1MjAwE6QRMA8x +DTALBgNVBAMMBHg1MjEwE6QRMA8xDTALBgNVBAMMBHg1MjIwE6QRMA8xDTALBgNV +BAMMBHg1MjMwE6QRMA8xDTALBgNVBAMMBHg1MjQwE6QRMA8xDTALBgNVBAMMBHg1 +MjUwE6QRMA8xDTALBgNVBAMMBHg1MjYwE6QRMA8xDTALBgNVBAMMBHg1MjcwE6QR +MA8xDTALBgNVBAMMBHg1MjgwE6QRMA8xDTALBgNVBAMMBHg1MjkwE6QRMA8xDTAL +BgNVBAMMBHg1MzAwE6QRMA8xDTALBgNVBAMMBHg1MzEwE6QRMA8xDTALBgNVBAMM +BHg1MzIwE6QRMA8xDTALBgNVBAMMBHg1MzMwE6QRMA8xDTALBgNVBAMMBHg1MzQw +E6QRMA8xDTALBgNVBAMMBHg1MzUwE6QRMA8xDTALBgNVBAMMBHg1MzYwE6QRMA8x +DTALBgNVBAMMBHg1MzcwE6QRMA8xDTALBgNVBAMMBHg1MzgwE6QRMA8xDTALBgNV +BAMMBHg1MzkwE6QRMA8xDTALBgNVBAMMBHg1NDAwE6QRMA8xDTALBgNVBAMMBHg1 +NDEwE6QRMA8xDTALBgNVBAMMBHg1NDIwE6QRMA8xDTALBgNVBAMMBHg1NDMwE6QR +MA8xDTALBgNVBAMMBHg1NDQwE6QRMA8xDTALBgNVBAMMBHg1NDUwE6QRMA8xDTAL +BgNVBAMMBHg1NDYwE6QRMA8xDTALBgNVBAMMBHg1NDcwE6QRMA8xDTALBgNVBAMM +BHg1NDgwE6QRMA8xDTALBgNVBAMMBHg1NDkwE6QRMA8xDTALBgNVBAMMBHg1NTAw +E6QRMA8xDTALBgNVBAMMBHg1NTEwE6QRMA8xDTALBgNVBAMMBHg1NTIwE6QRMA8x +DTALBgNVBAMMBHg1NTMwE6QRMA8xDTALBgNVBAMMBHg1NTQwE6QRMA8xDTALBgNV +BAMMBHg1NTUwE6QRMA8xDTALBgNVBAMMBHg1NTYwE6QRMA8xDTALBgNVBAMMBHg1 +NTcwE6QRMA8xDTALBgNVBAMMBHg1NTgwE6QRMA8xDTALBgNVBAMMBHg1NTkwE6QR +MA8xDTALBgNVBAMMBHg1NjAwE6QRMA8xDTALBgNVBAMMBHg1NjEwE6QRMA8xDTAL +BgNVBAMMBHg1NjIwE6QRMA8xDTALBgNVBAMMBHg1NjMwE6QRMA8xDTALBgNVBAMM +BHg1NjQwE6QRMA8xDTALBgNVBAMMBHg1NjUwE6QRMA8xDTALBgNVBAMMBHg1NjYw +E6QRMA8xDTALBgNVBAMMBHg1NjcwE6QRMA8xDTALBgNVBAMMBHg1NjgwE6QRMA8x +DTALBgNVBAMMBHg1NjkwE6QRMA8xDTALBgNVBAMMBHg1NzAwE6QRMA8xDTALBgNV +BAMMBHg1NzEwE6QRMA8xDTALBgNVBAMMBHg1NzIwE6QRMA8xDTALBgNVBAMMBHg1 +NzMwE6QRMA8xDTALBgNVBAMMBHg1NzQwE6QRMA8xDTALBgNVBAMMBHg1NzUwE6QR +MA8xDTALBgNVBAMMBHg1NzYwE6QRMA8xDTALBgNVBAMMBHg1NzcwE6QRMA8xDTAL +BgNVBAMMBHg1NzgwE6QRMA8xDTALBgNVBAMMBHg1NzkwE6QRMA8xDTALBgNVBAMM +BHg1ODAwE6QRMA8xDTALBgNVBAMMBHg1ODEwE6QRMA8xDTALBgNVBAMMBHg1ODIw +E6QRMA8xDTALBgNVBAMMBHg1ODMwE6QRMA8xDTALBgNVBAMMBHg1ODQwE6QRMA8x +DTALBgNVBAMMBHg1ODUwE6QRMA8xDTALBgNVBAMMBHg1ODYwE6QRMA8xDTALBgNV +BAMMBHg1ODcwE6QRMA8xDTALBgNVBAMMBHg1ODgwE6QRMA8xDTALBgNVBAMMBHg1 +ODkwE6QRMA8xDTALBgNVBAMMBHg1OTAwE6QRMA8xDTALBgNVBAMMBHg1OTEwE6QR +MA8xDTALBgNVBAMMBHg1OTIwE6QRMA8xDTALBgNVBAMMBHg1OTMwE6QRMA8xDTAL +BgNVBAMMBHg1OTQwE6QRMA8xDTALBgNVBAMMBHg1OTUwE6QRMA8xDTALBgNVBAMM +BHg1OTYwE6QRMA8xDTALBgNVBAMMBHg1OTcwE6QRMA8xDTALBgNVBAMMBHg1OTgw +E6QRMA8xDTALBgNVBAMMBHg1OTkwE6QRMA8xDTALBgNVBAMMBHg2MDAwE6QRMA8x +DTALBgNVBAMMBHg2MDEwE6QRMA8xDTALBgNVBAMMBHg2MDIwE6QRMA8xDTALBgNV +BAMMBHg2MDMwE6QRMA8xDTALBgNVBAMMBHg2MDQwE6QRMA8xDTALBgNVBAMMBHg2 +MDUwE6QRMA8xDTALBgNVBAMMBHg2MDYwE6QRMA8xDTALBgNVBAMMBHg2MDcwE6QR +MA8xDTALBgNVBAMMBHg2MDgwE6QRMA8xDTALBgNVBAMMBHg2MDkwE6QRMA8xDTAL +BgNVBAMMBHg2MTAwE6QRMA8xDTALBgNVBAMMBHg2MTEwE6QRMA8xDTALBgNVBAMM +BHg2MTIwE6QRMA8xDTALBgNVBAMMBHg2MTMwE6QRMA8xDTALBgNVBAMMBHg2MTQw +E6QRMA8xDTALBgNVBAMMBHg2MTUwE6QRMA8xDTALBgNVBAMMBHg2MTYwE6QRMA8x +DTALBgNVBAMMBHg2MTcwE6QRMA8xDTALBgNVBAMMBHg2MTgwE6QRMA8xDTALBgNV +BAMMBHg2MTkwE6QRMA8xDTALBgNVBAMMBHg2MjAwE6QRMA8xDTALBgNVBAMMBHg2 +MjEwE6QRMA8xDTALBgNVBAMMBHg2MjIwE6QRMA8xDTALBgNVBAMMBHg2MjMwE6QR +MA8xDTALBgNVBAMMBHg2MjQwE6QRMA8xDTALBgNVBAMMBHg2MjUwE6QRMA8xDTAL +BgNVBAMMBHg2MjYwE6QRMA8xDTALBgNVBAMMBHg2MjcwE6QRMA8xDTALBgNVBAMM +BHg2MjgwE6QRMA8xDTALBgNVBAMMBHg2MjkwE6QRMA8xDTALBgNVBAMMBHg2MzAw +E6QRMA8xDTALBgNVBAMMBHg2MzEwE6QRMA8xDTALBgNVBAMMBHg2MzIwE6QRMA8x +DTALBgNVBAMMBHg2MzMwE6QRMA8xDTALBgNVBAMMBHg2MzQwE6QRMA8xDTALBgNV +BAMMBHg2MzUwE6QRMA8xDTALBgNVBAMMBHg2MzYwE6QRMA8xDTALBgNVBAMMBHg2 +MzcwE6QRMA8xDTALBgNVBAMMBHg2MzgwE6QRMA8xDTALBgNVBAMMBHg2MzkwE6QR +MA8xDTALBgNVBAMMBHg2NDAwE6QRMA8xDTALBgNVBAMMBHg2NDEwE6QRMA8xDTAL +BgNVBAMMBHg2NDIwE6QRMA8xDTALBgNVBAMMBHg2NDMwE6QRMA8xDTALBgNVBAMM +BHg2NDQwE6QRMA8xDTALBgNVBAMMBHg2NDUwE6QRMA8xDTALBgNVBAMMBHg2NDYw +E6QRMA8xDTALBgNVBAMMBHg2NDcwE6QRMA8xDTALBgNVBAMMBHg2NDgwE6QRMA8x +DTALBgNVBAMMBHg2NDkwE6QRMA8xDTALBgNVBAMMBHg2NTAwE6QRMA8xDTALBgNV +BAMMBHg2NTEwE6QRMA8xDTALBgNVBAMMBHg2NTIwE6QRMA8xDTALBgNVBAMMBHg2 +NTMwE6QRMA8xDTALBgNVBAMMBHg2NTQwE6QRMA8xDTALBgNVBAMMBHg2NTUwE6QR +MA8xDTALBgNVBAMMBHg2NTYwE6QRMA8xDTALBgNVBAMMBHg2NTcwE6QRMA8xDTAL +BgNVBAMMBHg2NTgwE6QRMA8xDTALBgNVBAMMBHg2NTkwE6QRMA8xDTALBgNVBAMM +BHg2NjAwE6QRMA8xDTALBgNVBAMMBHg2NjEwE6QRMA8xDTALBgNVBAMMBHg2NjIw +E6QRMA8xDTALBgNVBAMMBHg2NjMwE6QRMA8xDTALBgNVBAMMBHg2NjQwE6QRMA8x +DTALBgNVBAMMBHg2NjUwE6QRMA8xDTALBgNVBAMMBHg2NjYwE6QRMA8xDTALBgNV +BAMMBHg2NjcwE6QRMA8xDTALBgNVBAMMBHg2NjgwE6QRMA8xDTALBgNVBAMMBHg2 +NjkwE6QRMA8xDTALBgNVBAMMBHg2NzAwE6QRMA8xDTALBgNVBAMMBHg2NzEwE6QR +MA8xDTALBgNVBAMMBHg2NzIwE6QRMA8xDTALBgNVBAMMBHg2NzMwE6QRMA8xDTAL +BgNVBAMMBHg2NzQwE6QRMA8xDTALBgNVBAMMBHg2NzUwE6QRMA8xDTALBgNVBAMM +BHg2NzYwE6QRMA8xDTALBgNVBAMMBHg2NzcwE6QRMA8xDTALBgNVBAMMBHg2Nzgw +E6QRMA8xDTALBgNVBAMMBHg2NzkwE6QRMA8xDTALBgNVBAMMBHg2ODAwE6QRMA8x +DTALBgNVBAMMBHg2ODEwE6QRMA8xDTALBgNVBAMMBHg2ODIwE6QRMA8xDTALBgNV +BAMMBHg2ODMwE6QRMA8xDTALBgNVBAMMBHg2ODQwE6QRMA8xDTALBgNVBAMMBHg2 +ODUwE6QRMA8xDTALBgNVBAMMBHg2ODYwE6QRMA8xDTALBgNVBAMMBHg2ODcwE6QR +MA8xDTALBgNVBAMMBHg2ODgwE6QRMA8xDTALBgNVBAMMBHg2ODkwE6QRMA8xDTAL +BgNVBAMMBHg2OTAwE6QRMA8xDTALBgNVBAMMBHg2OTEwE6QRMA8xDTALBgNVBAMM +BHg2OTIwE6QRMA8xDTALBgNVBAMMBHg2OTMwE6QRMA8xDTALBgNVBAMMBHg2OTQw +E6QRMA8xDTALBgNVBAMMBHg2OTUwE6QRMA8xDTALBgNVBAMMBHg2OTYwE6QRMA8x +DTALBgNVBAMMBHg2OTcwE6QRMA8xDTALBgNVBAMMBHg2OTgwE6QRMA8xDTALBgNV +BAMMBHg2OTkwE6QRMA8xDTALBgNVBAMMBHg3MDAwE6QRMA8xDTALBgNVBAMMBHg3 +MDEwE6QRMA8xDTALBgNVBAMMBHg3MDIwE6QRMA8xDTALBgNVBAMMBHg3MDMwE6QR +MA8xDTALBgNVBAMMBHg3MDQwE6QRMA8xDTALBgNVBAMMBHg3MDUwE6QRMA8xDTAL +BgNVBAMMBHg3MDYwE6QRMA8xDTALBgNVBAMMBHg3MDcwE6QRMA8xDTALBgNVBAMM +BHg3MDgwE6QRMA8xDTALBgNVBAMMBHg3MDkwE6QRMA8xDTALBgNVBAMMBHg3MTAw +E6QRMA8xDTALBgNVBAMMBHg3MTEwE6QRMA8xDTALBgNVBAMMBHg3MTIwE6QRMA8x +DTALBgNVBAMMBHg3MTMwE6QRMA8xDTALBgNVBAMMBHg3MTQwE6QRMA8xDTALBgNV +BAMMBHg3MTUwE6QRMA8xDTALBgNVBAMMBHg3MTYwE6QRMA8xDTALBgNVBAMMBHg3 +MTcwE6QRMA8xDTALBgNVBAMMBHg3MTgwE6QRMA8xDTALBgNVBAMMBHg3MTkwE6QR +MA8xDTALBgNVBAMMBHg3MjAwE6QRMA8xDTALBgNVBAMMBHg3MjEwE6QRMA8xDTAL +BgNVBAMMBHg3MjIwE6QRMA8xDTALBgNVBAMMBHg3MjMwE6QRMA8xDTALBgNVBAMM +BHg3MjQwE6QRMA8xDTALBgNVBAMMBHg3MjUwE6QRMA8xDTALBgNVBAMMBHg3MjYw +E6QRMA8xDTALBgNVBAMMBHg3MjcwE6QRMA8xDTALBgNVBAMMBHg3MjgwE6QRMA8x +DTALBgNVBAMMBHg3MjkwE6QRMA8xDTALBgNVBAMMBHg3MzAwE6QRMA8xDTALBgNV +BAMMBHg3MzEwE6QRMA8xDTALBgNVBAMMBHg3MzIwE6QRMA8xDTALBgNVBAMMBHg3 +MzMwE6QRMA8xDTALBgNVBAMMBHg3MzQwE6QRMA8xDTALBgNVBAMMBHg3MzUwE6QR +MA8xDTALBgNVBAMMBHg3MzYwE6QRMA8xDTALBgNVBAMMBHg3MzcwE6QRMA8xDTAL +BgNVBAMMBHg3MzgwE6QRMA8xDTALBgNVBAMMBHg3MzkwE6QRMA8xDTALBgNVBAMM +BHg3NDAwE6QRMA8xDTALBgNVBAMMBHg3NDEwE6QRMA8xDTALBgNVBAMMBHg3NDIw +E6QRMA8xDTALBgNVBAMMBHg3NDMwE6QRMA8xDTALBgNVBAMMBHg3NDQwE6QRMA8x +DTALBgNVBAMMBHg3NDUwE6QRMA8xDTALBgNVBAMMBHg3NDYwE6QRMA8xDTALBgNV +BAMMBHg3NDcwE6QRMA8xDTALBgNVBAMMBHg3NDgwE6QRMA8xDTALBgNVBAMMBHg3 +NDkwE6QRMA8xDTALBgNVBAMMBHg3NTAwE6QRMA8xDTALBgNVBAMMBHg3NTEwE6QR +MA8xDTALBgNVBAMMBHg3NTIwE6QRMA8xDTALBgNVBAMMBHg3NTMwE6QRMA8xDTAL +BgNVBAMMBHg3NTQwE6QRMA8xDTALBgNVBAMMBHg3NTUwE6QRMA8xDTALBgNVBAMM +BHg3NTYwE6QRMA8xDTALBgNVBAMMBHg3NTcwE6QRMA8xDTALBgNVBAMMBHg3NTgw +E6QRMA8xDTALBgNVBAMMBHg3NTkwE6QRMA8xDTALBgNVBAMMBHg3NjAwE6QRMA8x +DTALBgNVBAMMBHg3NjEwE6QRMA8xDTALBgNVBAMMBHg3NjIwE6QRMA8xDTALBgNV +BAMMBHg3NjMwE6QRMA8xDTALBgNVBAMMBHg3NjQwE6QRMA8xDTALBgNVBAMMBHg3 +NjUwE6QRMA8xDTALBgNVBAMMBHg3NjYwE6QRMA8xDTALBgNVBAMMBHg3NjcwE6QR +MA8xDTALBgNVBAMMBHg3NjgwE6QRMA8xDTALBgNVBAMMBHg3NjkwE6QRMA8xDTAL +BgNVBAMMBHg3NzAwE6QRMA8xDTALBgNVBAMMBHg3NzEwE6QRMA8xDTALBgNVBAMM +BHg3NzIwE6QRMA8xDTALBgNVBAMMBHg3NzMwE6QRMA8xDTALBgNVBAMMBHg3NzQw +E6QRMA8xDTALBgNVBAMMBHg3NzUwE6QRMA8xDTALBgNVBAMMBHg3NzYwE6QRMA8x +DTALBgNVBAMMBHg3NzcwE6QRMA8xDTALBgNVBAMMBHg3NzgwE6QRMA8xDTALBgNV +BAMMBHg3NzkwE6QRMA8xDTALBgNVBAMMBHg3ODAwE6QRMA8xDTALBgNVBAMMBHg3 +ODEwE6QRMA8xDTALBgNVBAMMBHg3ODIwE6QRMA8xDTALBgNVBAMMBHg3ODMwE6QR +MA8xDTALBgNVBAMMBHg3ODQwE6QRMA8xDTALBgNVBAMMBHg3ODUwE6QRMA8xDTAL +BgNVBAMMBHg3ODYwE6QRMA8xDTALBgNVBAMMBHg3ODcwE6QRMA8xDTALBgNVBAMM +BHg3ODgwE6QRMA8xDTALBgNVBAMMBHg3ODkwE6QRMA8xDTALBgNVBAMMBHg3OTAw +E6QRMA8xDTALBgNVBAMMBHg3OTEwE6QRMA8xDTALBgNVBAMMBHg3OTIwE6QRMA8x +DTALBgNVBAMMBHg3OTMwE6QRMA8xDTALBgNVBAMMBHg3OTQwE6QRMA8xDTALBgNV +BAMMBHg3OTUwE6QRMA8xDTALBgNVBAMMBHg3OTYwE6QRMA8xDTALBgNVBAMMBHg3 +OTcwE6QRMA8xDTALBgNVBAMMBHg3OTgwE6QRMA8xDTALBgNVBAMMBHg3OTkwE6QR +MA8xDTALBgNVBAMMBHg4MDAwE6QRMA8xDTALBgNVBAMMBHg4MDEwE6QRMA8xDTAL +BgNVBAMMBHg4MDIwE6QRMA8xDTALBgNVBAMMBHg4MDMwE6QRMA8xDTALBgNVBAMM +BHg4MDQwE6QRMA8xDTALBgNVBAMMBHg4MDUwE6QRMA8xDTALBgNVBAMMBHg4MDYw +E6QRMA8xDTALBgNVBAMMBHg4MDcwE6QRMA8xDTALBgNVBAMMBHg4MDgwE6QRMA8x +DTALBgNVBAMMBHg4MDkwE6QRMA8xDTALBgNVBAMMBHg4MTAwE6QRMA8xDTALBgNV +BAMMBHg4MTEwE6QRMA8xDTALBgNVBAMMBHg4MTIwE6QRMA8xDTALBgNVBAMMBHg4 +MTMwE6QRMA8xDTALBgNVBAMMBHg4MTQwE6QRMA8xDTALBgNVBAMMBHg4MTUwE6QR +MA8xDTALBgNVBAMMBHg4MTYwE6QRMA8xDTALBgNVBAMMBHg4MTcwE6QRMA8xDTAL +BgNVBAMMBHg4MTgwE6QRMA8xDTALBgNVBAMMBHg4MTkwE6QRMA8xDTALBgNVBAMM +BHg4MjAwE6QRMA8xDTALBgNVBAMMBHg4MjEwE6QRMA8xDTALBgNVBAMMBHg4MjIw +E6QRMA8xDTALBgNVBAMMBHg4MjMwE6QRMA8xDTALBgNVBAMMBHg4MjQwE6QRMA8x +DTALBgNVBAMMBHg4MjUwE6QRMA8xDTALBgNVBAMMBHg4MjYwE6QRMA8xDTALBgNV +BAMMBHg4MjcwE6QRMA8xDTALBgNVBAMMBHg4MjgwE6QRMA8xDTALBgNVBAMMBHg4 +MjkwE6QRMA8xDTALBgNVBAMMBHg4MzAwE6QRMA8xDTALBgNVBAMMBHg4MzEwE6QR +MA8xDTALBgNVBAMMBHg4MzIwE6QRMA8xDTALBgNVBAMMBHg4MzMwE6QRMA8xDTAL +BgNVBAMMBHg4MzQwE6QRMA8xDTALBgNVBAMMBHg4MzUwE6QRMA8xDTALBgNVBAMM +BHg4MzYwE6QRMA8xDTALBgNVBAMMBHg4MzcwE6QRMA8xDTALBgNVBAMMBHg4Mzgw +E6QRMA8xDTALBgNVBAMMBHg4MzkwE6QRMA8xDTALBgNVBAMMBHg4NDAwE6QRMA8x +DTALBgNVBAMMBHg4NDEwE6QRMA8xDTALBgNVBAMMBHg4NDIwE6QRMA8xDTALBgNV +BAMMBHg4NDMwE6QRMA8xDTALBgNVBAMMBHg4NDQwE6QRMA8xDTALBgNVBAMMBHg4 +NDUwE6QRMA8xDTALBgNVBAMMBHg4NDYwE6QRMA8xDTALBgNVBAMMBHg4NDcwE6QR +MA8xDTALBgNVBAMMBHg4NDgwE6QRMA8xDTALBgNVBAMMBHg4NDkwE6QRMA8xDTAL +BgNVBAMMBHg4NTAwE6QRMA8xDTALBgNVBAMMBHg4NTEwE6QRMA8xDTALBgNVBAMM +BHg4NTIwE6QRMA8xDTALBgNVBAMMBHg4NTMwE6QRMA8xDTALBgNVBAMMBHg4NTQw +E6QRMA8xDTALBgNVBAMMBHg4NTUwE6QRMA8xDTALBgNVBAMMBHg4NTYwE6QRMA8x +DTALBgNVBAMMBHg4NTcwE6QRMA8xDTALBgNVBAMMBHg4NTgwE6QRMA8xDTALBgNV +BAMMBHg4NTkwE6QRMA8xDTALBgNVBAMMBHg4NjAwE6QRMA8xDTALBgNVBAMMBHg4 +NjEwE6QRMA8xDTALBgNVBAMMBHg4NjIwE6QRMA8xDTALBgNVBAMMBHg4NjMwE6QR +MA8xDTALBgNVBAMMBHg4NjQwE6QRMA8xDTALBgNVBAMMBHg4NjUwE6QRMA8xDTAL +BgNVBAMMBHg4NjYwE6QRMA8xDTALBgNVBAMMBHg4NjcwE6QRMA8xDTALBgNVBAMM +BHg4NjgwE6QRMA8xDTALBgNVBAMMBHg4NjkwE6QRMA8xDTALBgNVBAMMBHg4NzAw +E6QRMA8xDTALBgNVBAMMBHg4NzEwE6QRMA8xDTALBgNVBAMMBHg4NzIwE6QRMA8x +DTALBgNVBAMMBHg4NzMwE6QRMA8xDTALBgNVBAMMBHg4NzQwE6QRMA8xDTALBgNV +BAMMBHg4NzUwE6QRMA8xDTALBgNVBAMMBHg4NzYwE6QRMA8xDTALBgNVBAMMBHg4 +NzcwE6QRMA8xDTALBgNVBAMMBHg4NzgwE6QRMA8xDTALBgNVBAMMBHg4NzkwE6QR +MA8xDTALBgNVBAMMBHg4ODAwE6QRMA8xDTALBgNVBAMMBHg4ODEwE6QRMA8xDTAL +BgNVBAMMBHg4ODIwE6QRMA8xDTALBgNVBAMMBHg4ODMwE6QRMA8xDTALBgNVBAMM +BHg4ODQwE6QRMA8xDTALBgNVBAMMBHg4ODUwE6QRMA8xDTALBgNVBAMMBHg4ODYw +E6QRMA8xDTALBgNVBAMMBHg4ODcwE6QRMA8xDTALBgNVBAMMBHg4ODgwE6QRMA8x +DTALBgNVBAMMBHg4ODkwE6QRMA8xDTALBgNVBAMMBHg4OTAwE6QRMA8xDTALBgNV +BAMMBHg4OTEwE6QRMA8xDTALBgNVBAMMBHg4OTIwE6QRMA8xDTALBgNVBAMMBHg4 +OTMwE6QRMA8xDTALBgNVBAMMBHg4OTQwE6QRMA8xDTALBgNVBAMMBHg4OTUwE6QR +MA8xDTALBgNVBAMMBHg4OTYwE6QRMA8xDTALBgNVBAMMBHg4OTcwE6QRMA8xDTAL +BgNVBAMMBHg4OTgwE6QRMA8xDTALBgNVBAMMBHg4OTkwE6QRMA8xDTALBgNVBAMM +BHg5MDAwE6QRMA8xDTALBgNVBAMMBHg5MDEwE6QRMA8xDTALBgNVBAMMBHg5MDIw +E6QRMA8xDTALBgNVBAMMBHg5MDMwE6QRMA8xDTALBgNVBAMMBHg5MDQwE6QRMA8x +DTALBgNVBAMMBHg5MDUwE6QRMA8xDTALBgNVBAMMBHg5MDYwE6QRMA8xDTALBgNV +BAMMBHg5MDcwE6QRMA8xDTALBgNVBAMMBHg5MDgwE6QRMA8xDTALBgNVBAMMBHg5 +MDkwE6QRMA8xDTALBgNVBAMMBHg5MTAwE6QRMA8xDTALBgNVBAMMBHg5MTEwE6QR +MA8xDTALBgNVBAMMBHg5MTIwE6QRMA8xDTALBgNVBAMMBHg5MTMwE6QRMA8xDTAL +BgNVBAMMBHg5MTQwE6QRMA8xDTALBgNVBAMMBHg5MTUwE6QRMA8xDTALBgNVBAMM +BHg5MTYwE6QRMA8xDTALBgNVBAMMBHg5MTcwE6QRMA8xDTALBgNVBAMMBHg5MTgw +E6QRMA8xDTALBgNVBAMMBHg5MTkwE6QRMA8xDTALBgNVBAMMBHg5MjAwE6QRMA8x +DTALBgNVBAMMBHg5MjEwE6QRMA8xDTALBgNVBAMMBHg5MjIwE6QRMA8xDTALBgNV +BAMMBHg5MjMwE6QRMA8xDTALBgNVBAMMBHg5MjQwE6QRMA8xDTALBgNVBAMMBHg5 +MjUwE6QRMA8xDTALBgNVBAMMBHg5MjYwE6QRMA8xDTALBgNVBAMMBHg5MjcwE6QR +MA8xDTALBgNVBAMMBHg5MjgwE6QRMA8xDTALBgNVBAMMBHg5MjkwE6QRMA8xDTAL +BgNVBAMMBHg5MzAwE6QRMA8xDTALBgNVBAMMBHg5MzEwE6QRMA8xDTALBgNVBAMM +BHg5MzIwE6QRMA8xDTALBgNVBAMMBHg5MzMwE6QRMA8xDTALBgNVBAMMBHg5MzQw +E6QRMA8xDTALBgNVBAMMBHg5MzUwE6QRMA8xDTALBgNVBAMMBHg5MzYwE6QRMA8x +DTALBgNVBAMMBHg5MzcwE6QRMA8xDTALBgNVBAMMBHg5MzgwE6QRMA8xDTALBgNV +BAMMBHg5MzkwE6QRMA8xDTALBgNVBAMMBHg5NDAwE6QRMA8xDTALBgNVBAMMBHg5 +NDEwE6QRMA8xDTALBgNVBAMMBHg5NDIwE6QRMA8xDTALBgNVBAMMBHg5NDMwE6QR +MA8xDTALBgNVBAMMBHg5NDQwE6QRMA8xDTALBgNVBAMMBHg5NDUwE6QRMA8xDTAL +BgNVBAMMBHg5NDYwE6QRMA8xDTALBgNVBAMMBHg5NDcwE6QRMA8xDTALBgNVBAMM +BHg5NDgwE6QRMA8xDTALBgNVBAMMBHg5NDkwE6QRMA8xDTALBgNVBAMMBHg5NTAw +E6QRMA8xDTALBgNVBAMMBHg5NTEwE6QRMA8xDTALBgNVBAMMBHg5NTIwE6QRMA8x +DTALBgNVBAMMBHg5NTMwE6QRMA8xDTALBgNVBAMMBHg5NTQwE6QRMA8xDTALBgNV +BAMMBHg5NTUwE6QRMA8xDTALBgNVBAMMBHg5NTYwE6QRMA8xDTALBgNVBAMMBHg5 +NTcwE6QRMA8xDTALBgNVBAMMBHg5NTgwE6QRMA8xDTALBgNVBAMMBHg5NTkwE6QR +MA8xDTALBgNVBAMMBHg5NjAwE6QRMA8xDTALBgNVBAMMBHg5NjEwE6QRMA8xDTAL +BgNVBAMMBHg5NjIwE6QRMA8xDTALBgNVBAMMBHg5NjMwE6QRMA8xDTALBgNVBAMM +BHg5NjQwE6QRMA8xDTALBgNVBAMMBHg5NjUwE6QRMA8xDTALBgNVBAMMBHg5NjYw +E6QRMA8xDTALBgNVBAMMBHg5NjcwE6QRMA8xDTALBgNVBAMMBHg5NjgwE6QRMA8x +DTALBgNVBAMMBHg5NjkwE6QRMA8xDTALBgNVBAMMBHg5NzAwE6QRMA8xDTALBgNV +BAMMBHg5NzEwE6QRMA8xDTALBgNVBAMMBHg5NzIwE6QRMA8xDTALBgNVBAMMBHg5 +NzMwE6QRMA8xDTALBgNVBAMMBHg5NzQwE6QRMA8xDTALBgNVBAMMBHg5NzUwE6QR +MA8xDTALBgNVBAMMBHg5NzYwE6QRMA8xDTALBgNVBAMMBHg5NzcwE6QRMA8xDTAL +BgNVBAMMBHg5NzgwE6QRMA8xDTALBgNVBAMMBHg5NzkwE6QRMA8xDTALBgNVBAMM +BHg5ODAwE6QRMA8xDTALBgNVBAMMBHg5ODEwE6QRMA8xDTALBgNVBAMMBHg5ODIw +E6QRMA8xDTALBgNVBAMMBHg5ODMwE6QRMA8xDTALBgNVBAMMBHg5ODQwE6QRMA8x +DTALBgNVBAMMBHg5ODUwE6QRMA8xDTALBgNVBAMMBHg5ODYwE6QRMA8xDTALBgNV +BAMMBHg5ODcwE6QRMA8xDTALBgNVBAMMBHg5ODgwE6QRMA8xDTALBgNVBAMMBHg5 +ODkwE6QRMA8xDTALBgNVBAMMBHg5OTAwE6QRMA8xDTALBgNVBAMMBHg5OTEwE6QR +MA8xDTALBgNVBAMMBHg5OTIwE6QRMA8xDTALBgNVBAMMBHg5OTMwE6QRMA8xDTAL +BgNVBAMMBHg5OTQwE6QRMA8xDTALBgNVBAMMBHg5OTUwE6QRMA8xDTALBgNVBAMM +BHg5OTYwE6QRMA8xDTALBgNVBAMMBHg5OTcwE6QRMA8xDTALBgNVBAMMBHg5OTgw +E6QRMA8xDTALBgNVBAMMBHg5OTkwFKQSMBAxDjAMBgNVBAMMBXgxMDAwMBSkEjAQ +MQ4wDAYDVQQDDAV4MTAwMTAUpBIwEDEOMAwGA1UEAwwFeDEwMDIwFKQSMBAxDjAM +BgNVBAMMBXgxMDAzMBSkEjAQMQ4wDAYDVQQDDAV4MTAwNDAUpBIwEDEOMAwGA1UE +AwwFeDEwMDUwFKQSMBAxDjAMBgNVBAMMBXgxMDA2MBSkEjAQMQ4wDAYDVQQDDAV4 +MTAwNzAUpBIwEDEOMAwGA1UEAwwFeDEwMDgwFKQSMBAxDjAMBgNVBAMMBXgxMDA5 +MBSkEjAQMQ4wDAYDVQQDDAV4MTAxMDAUpBIwEDEOMAwGA1UEAwwFeDEwMTEwFKQS +MBAxDjAMBgNVBAMMBXgxMDEyMBSkEjAQMQ4wDAYDVQQDDAV4MTAxMzAUpBIwEDEO +MAwGA1UEAwwFeDEwMTQwFKQSMBAxDjAMBgNVBAMMBXgxMDE1MBSkEjAQMQ4wDAYD +VQQDDAV4MTAxNjAUpBIwEDEOMAwGA1UEAwwFeDEwMTcwFKQSMBAxDjAMBgNVBAMM +BXgxMDE4MBSkEjAQMQ4wDAYDVQQDDAV4MTAxOTAUpBIwEDEOMAwGA1UEAwwFeDEw +MjAwFKQSMBAxDjAMBgNVBAMMBXgxMDIxMBSkEjAQMQ4wDAYDVQQDDAV4MTAyMjAU +pBIwEDEOMAwGA1UEAwwFeDEwMjMwFKQSMBAxDjAMBgNVBAMMBXgxMDI0MA0GCSqG +SIb3DQEBCwUAA4IBAQBoJGSEQnLMMRBQqBZbt0mGMWg/kQ+gIMMrmDXlGZQOEqOS +dqVGnvNsatk/SuN23rCyK5q7Lk0zEzphAycTqBDOfbki6jeHBXGG0SNFnU2P6G6D +CUsHJpiNQhJvgmyZjvAAclFxw6E15lOnZ0JhoFadtORJfMU5m4TRmXXzgMcf06hp +42R/YH56YSqmgmTyKk6vr2feu70f2DMgyrnMWED+UB4EfzaVpqYVREKFO7z9DNPW +B20TDJ2Awiy18UlnAIDmmroBJiyxQQkeQInbmXPw3jOH+Bgv/NXoNcJOSclUmJlb +rlMfJ47MOUPqO0IaqSp3AZ3SHxTw9BXZF7cthZ00 +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.pem new file mode 100644 index 0000000000..5c9553ca67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_4.pem @@ -0,0 +1,1564 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + DirName: CN = x170 + DirName: CN = x171 + DirName: CN = x172 + DirName: CN = x173 + DirName: CN = x174 + DirName: CN = x175 + DirName: CN = x176 + DirName: CN = x177 + DirName: CN = x178 + DirName: CN = x179 + DirName: CN = x180 + DirName: CN = x181 + DirName: CN = x182 + DirName: CN = x183 + DirName: CN = x184 + DirName: CN = x185 + DirName: CN = x186 + DirName: CN = x187 + DirName: CN = x188 + DirName: CN = x189 + DirName: CN = x190 + DirName: CN = x191 + DirName: CN = x192 + DirName: CN = x193 + DirName: CN = x194 + DirName: CN = x195 + DirName: CN = x196 + DirName: CN = x197 + DirName: CN = x198 + DirName: CN = x199 + DirName: CN = x200 + DirName: CN = x201 + DirName: CN = x202 + DirName: CN = x203 + DirName: CN = x204 + DirName: CN = x205 + DirName: CN = x206 + DirName: CN = x207 + DirName: CN = x208 + DirName: CN = x209 + DirName: CN = x210 + DirName: CN = x211 + DirName: CN = x212 + DirName: CN = x213 + DirName: CN = x214 + DirName: CN = x215 + DirName: CN = x216 + DirName: CN = x217 + DirName: CN = x218 + DirName: CN = x219 + DirName: CN = x220 + DirName: CN = x221 + DirName: CN = x222 + DirName: CN = x223 + DirName: CN = x224 + DirName: CN = x225 + DirName: CN = x226 + DirName: CN = x227 + DirName: CN = x228 + DirName: CN = x229 + DirName: CN = x230 + DirName: CN = x231 + DirName: CN = x232 + DirName: CN = x233 + DirName: CN = x234 + DirName: CN = x235 + DirName: CN = x236 + DirName: CN = x237 + DirName: CN = x238 + DirName: CN = x239 + DirName: CN = x240 + DirName: CN = x241 + DirName: CN = x242 + DirName: CN = x243 + DirName: CN = x244 + DirName: CN = x245 + DirName: CN = x246 + DirName: CN = x247 + DirName: CN = x248 + DirName: CN = x249 + DirName: CN = x250 + DirName: CN = x251 + DirName: CN = x252 + DirName: CN = x253 + DirName: CN = x254 + DirName: CN = x255 + DirName: CN = x256 + DirName: CN = x257 + DirName: CN = x258 + DirName: CN = x259 + DirName: CN = x260 + DirName: CN = x261 + DirName: CN = x262 + DirName: CN = x263 + DirName: CN = x264 + DirName: CN = x265 + DirName: CN = x266 + DirName: CN = x267 + DirName: CN = x268 + DirName: CN = x269 + DirName: CN = x270 + DirName: CN = x271 + DirName: CN = x272 + DirName: CN = x273 + DirName: CN = x274 + DirName: CN = x275 + DirName: CN = x276 + DirName: CN = x277 + DirName: CN = x278 + DirName: CN = x279 + DirName: CN = x280 + DirName: CN = x281 + DirName: CN = x282 + DirName: CN = x283 + DirName: CN = x284 + DirName: CN = x285 + DirName: CN = x286 + DirName: CN = x287 + DirName: CN = x288 + DirName: CN = x289 + DirName: CN = x290 + DirName: CN = x291 + DirName: CN = x292 + DirName: CN = x293 + DirName: CN = x294 + DirName: CN = x295 + DirName: CN = x296 + DirName: CN = x297 + DirName: CN = x298 + DirName: CN = x299 + DirName: CN = x300 + DirName: CN = x301 + DirName: CN = x302 + DirName: CN = x303 + DirName: CN = x304 + DirName: CN = x305 + DirName: CN = x306 + DirName: CN = x307 + DirName: CN = x308 + DirName: CN = x309 + DirName: CN = x310 + DirName: CN = x311 + DirName: CN = x312 + DirName: CN = x313 + DirName: CN = x314 + DirName: CN = x315 + DirName: CN = x316 + DirName: CN = x317 + DirName: CN = x318 + DirName: CN = x319 + DirName: CN = x320 + DirName: CN = x321 + DirName: CN = x322 + DirName: CN = x323 + DirName: CN = x324 + DirName: CN = x325 + DirName: CN = x326 + DirName: CN = x327 + DirName: CN = x328 + DirName: CN = x329 + DirName: CN = x330 + DirName: CN = x331 + DirName: CN = x332 + DirName: CN = x333 + DirName: CN = x334 + DirName: CN = x335 + DirName: CN = x336 + DirName: CN = x337 + DirName: CN = x338 + DirName: CN = x339 + DirName: CN = x340 + DirName: CN = x341 + DirName: CN = x342 + DirName: CN = x343 + DirName: CN = x344 + DirName: CN = x345 + DirName: CN = x346 + DirName: CN = x347 + DirName: CN = x348 + DirName: CN = x349 + DirName: CN = x350 + DirName: CN = x351 + DirName: CN = x352 + DirName: CN = x353 + DirName: CN = x354 + DirName: CN = x355 + DirName: CN = x356 + DirName: CN = x357 + DirName: CN = x358 + DirName: CN = x359 + DirName: CN = x360 + DirName: CN = x361 + DirName: CN = x362 + DirName: CN = x363 + DirName: CN = x364 + DirName: CN = x365 + DirName: CN = x366 + DirName: CN = x367 + DirName: CN = x368 + DirName: CN = x369 + DirName: CN = x370 + DirName: CN = x371 + DirName: CN = x372 + DirName: CN = x373 + DirName: CN = x374 + DirName: CN = x375 + DirName: CN = x376 + DirName: CN = x377 + DirName: CN = x378 + DirName: CN = x379 + DirName: CN = x380 + DirName: CN = x381 + DirName: CN = x382 + DirName: CN = x383 + DirName: CN = x384 + DirName: CN = x385 + DirName: CN = x386 + DirName: CN = x387 + DirName: CN = x388 + DirName: CN = x389 + DirName: CN = x390 + DirName: CN = x391 + DirName: CN = x392 + DirName: CN = x393 + DirName: CN = x394 + DirName: CN = x395 + DirName: CN = x396 + DirName: CN = x397 + DirName: CN = x398 + DirName: CN = x399 + DirName: CN = x400 + DirName: CN = x401 + DirName: CN = x402 + DirName: CN = x403 + DirName: CN = x404 + DirName: CN = x405 + DirName: CN = x406 + DirName: CN = x407 + DirName: CN = x408 + DirName: CN = x409 + DirName: CN = x410 + DirName: CN = x411 + DirName: CN = x412 + DirName: CN = x413 + DirName: CN = x414 + DirName: CN = x415 + DirName: CN = x416 + DirName: CN = x417 + DirName: CN = x418 + DirName: CN = x419 + DirName: CN = x420 + DirName: CN = x421 + DirName: CN = x422 + DirName: CN = x423 + DirName: CN = x424 + DirName: CN = x425 + DirName: CN = x426 + DirName: CN = x427 + DirName: CN = x428 + DirName: CN = x429 + DirName: CN = x430 + DirName: CN = x431 + DirName: CN = x432 + DirName: CN = x433 + DirName: CN = x434 + DirName: CN = x435 + DirName: CN = x436 + DirName: CN = x437 + DirName: CN = x438 + DirName: CN = x439 + DirName: CN = x440 + DirName: CN = x441 + DirName: CN = x442 + DirName: CN = x443 + DirName: CN = x444 + DirName: CN = x445 + DirName: CN = x446 + DirName: CN = x447 + DirName: CN = x448 + DirName: CN = x449 + DirName: CN = x450 + DirName: CN = x451 + DirName: CN = x452 + DirName: CN = x453 + DirName: CN = x454 + DirName: CN = x455 + DirName: CN = x456 + DirName: CN = x457 + DirName: CN = x458 + DirName: CN = x459 + DirName: CN = x460 + DirName: CN = x461 + DirName: CN = x462 + DirName: CN = x463 + DirName: CN = x464 + DirName: CN = x465 + DirName: CN = x466 + DirName: CN = x467 + DirName: CN = x468 + DirName: CN = x469 + DirName: CN = x470 + DirName: CN = x471 + DirName: CN = x472 + DirName: CN = x473 + DirName: CN = x474 + DirName: CN = x475 + DirName: CN = x476 + DirName: CN = x477 + DirName: CN = x478 + DirName: CN = x479 + DirName: CN = x480 + DirName: CN = x481 + DirName: CN = x482 + DirName: CN = x483 + DirName: CN = x484 + DirName: CN = x485 + DirName: CN = x486 + DirName: CN = x487 + DirName: CN = x488 + DirName: CN = x489 + DirName: CN = x490 + DirName: CN = x491 + DirName: CN = x492 + DirName: CN = x493 + DirName: CN = x494 + DirName: CN = x495 + DirName: CN = x496 + DirName: CN = x497 + DirName: CN = x498 + DirName: CN = x499 + DirName: CN = x500 + DirName: CN = x501 + DirName: CN = x502 + DirName: CN = x503 + DirName: CN = x504 + DirName: CN = x505 + DirName: CN = x506 + DirName: CN = x507 + DirName: CN = x508 + DirName: CN = x509 + DirName: CN = x510 + DirName: CN = x511 + DirName: CN = x512 + DirName: CN = x513 + DirName: CN = x514 + DirName: CN = x515 + DirName: CN = x516 + DirName: CN = x517 + DirName: CN = x518 + DirName: CN = x519 + DirName: CN = x520 + DirName: CN = x521 + DirName: CN = x522 + DirName: CN = x523 + DirName: CN = x524 + DirName: CN = x525 + DirName: CN = x526 + DirName: CN = x527 + DirName: CN = x528 + DirName: CN = x529 + DirName: CN = x530 + DirName: CN = x531 + DirName: CN = x532 + DirName: CN = x533 + DirName: CN = x534 + DirName: CN = x535 + DirName: CN = x536 + DirName: CN = x537 + DirName: CN = x538 + DirName: CN = x539 + DirName: CN = x540 + DirName: CN = x541 + DirName: CN = x542 + DirName: CN = x543 + DirName: CN = x544 + DirName: CN = x545 + DirName: CN = x546 + DirName: CN = x547 + DirName: CN = x548 + DirName: CN = x549 + DirName: CN = x550 + DirName: CN = x551 + DirName: CN = x552 + DirName: CN = x553 + DirName: CN = x554 + DirName: CN = x555 + DirName: CN = x556 + DirName: CN = x557 + DirName: CN = x558 + DirName: CN = x559 + DirName: CN = x560 + DirName: CN = x561 + DirName: CN = x562 + DirName: CN = x563 + DirName: CN = x564 + DirName: CN = x565 + DirName: CN = x566 + DirName: CN = x567 + DirName: CN = x568 + DirName: CN = x569 + DirName: CN = x570 + DirName: CN = x571 + DirName: CN = x572 + DirName: CN = x573 + DirName: CN = x574 + DirName: CN = x575 + DirName: CN = x576 + DirName: CN = x577 + DirName: CN = x578 + DirName: CN = x579 + DirName: CN = x580 + DirName: CN = x581 + DirName: CN = x582 + DirName: CN = x583 + DirName: CN = x584 + DirName: CN = x585 + DirName: CN = x586 + DirName: CN = x587 + DirName: CN = x588 + DirName: CN = x589 + DirName: CN = x590 + DirName: CN = x591 + DirName: CN = x592 + DirName: CN = x593 + DirName: CN = x594 + DirName: CN = x595 + DirName: CN = x596 + DirName: CN = x597 + DirName: CN = x598 + DirName: CN = x599 + DirName: CN = x600 + DirName: CN = x601 + DirName: CN = x602 + DirName: CN = x603 + DirName: CN = x604 + DirName: CN = x605 + DirName: CN = x606 + DirName: CN = x607 + DirName: CN = x608 + DirName: CN = x609 + DirName: CN = x610 + DirName: CN = x611 + DirName: CN = x612 + DirName: CN = x613 + DirName: CN = x614 + DirName: CN = x615 + DirName: CN = x616 + DirName: CN = x617 + DirName: CN = x618 + DirName: CN = x619 + DirName: CN = x620 + DirName: CN = x621 + DirName: CN = x622 + DirName: CN = x623 + DirName: CN = x624 + DirName: CN = x625 + DirName: CN = x626 + DirName: CN = x627 + DirName: CN = x628 + DirName: CN = x629 + DirName: CN = x630 + DirName: CN = x631 + DirName: CN = x632 + DirName: CN = x633 + DirName: CN = x634 + DirName: CN = x635 + DirName: CN = x636 + DirName: CN = x637 + DirName: CN = x638 + DirName: CN = x639 + DirName: CN = x640 + DirName: CN = x641 + DirName: CN = x642 + DirName: CN = x643 + DirName: CN = x644 + DirName: CN = x645 + DirName: CN = x646 + DirName: CN = x647 + DirName: CN = x648 + DirName: CN = x649 + DirName: CN = x650 + DirName: CN = x651 + DirName: CN = x652 + DirName: CN = x653 + DirName: CN = x654 + DirName: CN = x655 + DirName: CN = x656 + DirName: CN = x657 + DirName: CN = x658 + DirName: CN = x659 + DirName: CN = x660 + DirName: CN = x661 + DirName: CN = x662 + DirName: CN = x663 + DirName: CN = x664 + DirName: CN = x665 + DirName: CN = x666 + DirName: CN = x667 + DirName: CN = x668 + DirName: CN = x669 + DirName: CN = x670 + DirName: CN = x671 + DirName: CN = x672 + DirName: CN = x673 + DirName: CN = x674 + DirName: CN = x675 + DirName: CN = x676 + DirName: CN = x677 + DirName: CN = x678 + DirName: CN = x679 + DirName: CN = x680 + DirName: CN = x681 + DirName: CN = x682 + DirName: CN = x683 + DirName: CN = x684 + DirName: CN = x685 + DirName: CN = x686 + DirName: CN = x687 + DirName: CN = x688 + DirName: CN = x689 + DirName: CN = x690 + DirName: CN = x691 + DirName: CN = x692 + DirName: CN = x693 + DirName: CN = x694 + DirName: CN = x695 + DirName: CN = x696 + DirName: CN = x697 + DirName: CN = x698 + DirName: CN = x699 + DirName: CN = x700 + DirName: CN = x701 + DirName: CN = x702 + DirName: CN = x703 + DirName: CN = x704 + DirName: CN = x705 + DirName: CN = x706 + DirName: CN = x707 + DirName: CN = x708 + DirName: CN = x709 + DirName: CN = x710 + DirName: CN = x711 + DirName: CN = x712 + DirName: CN = x713 + DirName: CN = x714 + DirName: CN = x715 + DirName: CN = x716 + DirName: CN = x717 + DirName: CN = x718 + DirName: CN = x719 + DirName: CN = x720 + DirName: CN = x721 + DirName: CN = x722 + DirName: CN = x723 + DirName: CN = x724 + DirName: CN = x725 + DirName: CN = x726 + DirName: CN = x727 + DirName: CN = x728 + DirName: CN = x729 + DirName: CN = x730 + DirName: CN = x731 + DirName: CN = x732 + DirName: CN = x733 + DirName: CN = x734 + DirName: CN = x735 + DirName: CN = x736 + DirName: CN = x737 + DirName: CN = x738 + DirName: CN = x739 + DirName: CN = x740 + DirName: CN = x741 + DirName: CN = x742 + DirName: CN = x743 + DirName: CN = x744 + DirName: CN = x745 + DirName: CN = x746 + DirName: CN = x747 + DirName: CN = x748 + DirName: CN = x749 + DirName: CN = x750 + DirName: CN = x751 + DirName: CN = x752 + DirName: CN = x753 + DirName: CN = x754 + DirName: CN = x755 + DirName: CN = x756 + DirName: CN = x757 + DirName: CN = x758 + DirName: CN = x759 + DirName: CN = x760 + DirName: CN = x761 + DirName: CN = x762 + DirName: CN = x763 + DirName: CN = x764 + DirName: CN = x765 + DirName: CN = x766 + DirName: CN = x767 + DirName: CN = x768 + DirName: CN = x769 + DirName: CN = x770 + DirName: CN = x771 + DirName: CN = x772 + DirName: CN = x773 + DirName: CN = x774 + DirName: CN = x775 + DirName: CN = x776 + DirName: CN = x777 + DirName: CN = x778 + DirName: CN = x779 + DirName: CN = x780 + DirName: CN = x781 + DirName: CN = x782 + DirName: CN = x783 + DirName: CN = x784 + DirName: CN = x785 + DirName: CN = x786 + DirName: CN = x787 + DirName: CN = x788 + DirName: CN = x789 + DirName: CN = x790 + DirName: CN = x791 + DirName: CN = x792 + DirName: CN = x793 + DirName: CN = x794 + DirName: CN = x795 + DirName: CN = x796 + DirName: CN = x797 + DirName: CN = x798 + DirName: CN = x799 + DirName: CN = x800 + DirName: CN = x801 + DirName: CN = x802 + DirName: CN = x803 + DirName: CN = x804 + DirName: CN = x805 + DirName: CN = x806 + DirName: CN = x807 + DirName: CN = x808 + DirName: CN = x809 + DirName: CN = x810 + DirName: CN = x811 + DirName: CN = x812 + DirName: CN = x813 + DirName: CN = x814 + DirName: CN = x815 + DirName: CN = x816 + DirName: CN = x817 + DirName: CN = x818 + DirName: CN = x819 + DirName: CN = x820 + DirName: CN = x821 + DirName: CN = x822 + DirName: CN = x823 + DirName: CN = x824 + DirName: CN = x825 + DirName: CN = x826 + DirName: CN = x827 + DirName: CN = x828 + DirName: CN = x829 + DirName: CN = x830 + DirName: CN = x831 + DirName: CN = x832 + DirName: CN = x833 + DirName: CN = x834 + DirName: CN = x835 + DirName: CN = x836 + DirName: CN = x837 + DirName: CN = x838 + DirName: CN = x839 + DirName: CN = x840 + DirName: CN = x841 + DirName: CN = x842 + DirName: CN = x843 + DirName: CN = x844 + DirName: CN = x845 + DirName: CN = x846 + DirName: CN = x847 + DirName: CN = x848 + DirName: CN = x849 + DirName: CN = x850 + DirName: CN = x851 + DirName: CN = x852 + DirName: CN = x853 + DirName: CN = x854 + DirName: CN = x855 + DirName: CN = x856 + DirName: CN = x857 + DirName: CN = x858 + DirName: CN = x859 + DirName: CN = x860 + DirName: CN = x861 + DirName: CN = x862 + DirName: CN = x863 + DirName: CN = x864 + DirName: CN = x865 + DirName: CN = x866 + DirName: CN = x867 + DirName: CN = x868 + DirName: CN = x869 + DirName: CN = x870 + DirName: CN = x871 + DirName: CN = x872 + DirName: CN = x873 + DirName: CN = x874 + DirName: CN = x875 + DirName: CN = x876 + DirName: CN = x877 + DirName: CN = x878 + DirName: CN = x879 + DirName: CN = x880 + DirName: CN = x881 + DirName: CN = x882 + DirName: CN = x883 + DirName: CN = x884 + DirName: CN = x885 + DirName: CN = x886 + DirName: CN = x887 + DirName: CN = x888 + DirName: CN = x889 + DirName: CN = x890 + DirName: CN = x891 + DirName: CN = x892 + DirName: CN = x893 + DirName: CN = x894 + DirName: CN = x895 + DirName: CN = x896 + DirName: CN = x897 + DirName: CN = x898 + DirName: CN = x899 + DirName: CN = x900 + DirName: CN = x901 + DirName: CN = x902 + DirName: CN = x903 + DirName: CN = x904 + DirName: CN = x905 + DirName: CN = x906 + DirName: CN = x907 + DirName: CN = x908 + DirName: CN = x909 + DirName: CN = x910 + DirName: CN = x911 + DirName: CN = x912 + DirName: CN = x913 + DirName: CN = x914 + DirName: CN = x915 + DirName: CN = x916 + DirName: CN = x917 + DirName: CN = x918 + DirName: CN = x919 + DirName: CN = x920 + DirName: CN = x921 + DirName: CN = x922 + DirName: CN = x923 + DirName: CN = x924 + DirName: CN = x925 + DirName: CN = x926 + DirName: CN = x927 + DirName: CN = x928 + DirName: CN = x929 + DirName: CN = x930 + DirName: CN = x931 + DirName: CN = x932 + DirName: CN = x933 + DirName: CN = x934 + DirName: CN = x935 + DirName: CN = x936 + DirName: CN = x937 + DirName: CN = x938 + DirName: CN = x939 + DirName: CN = x940 + DirName: CN = x941 + DirName: CN = x942 + DirName: CN = x943 + DirName: CN = x944 + DirName: CN = x945 + DirName: CN = x946 + DirName: CN = x947 + DirName: CN = x948 + DirName: CN = x949 + DirName: CN = x950 + DirName: CN = x951 + DirName: CN = x952 + DirName: CN = x953 + DirName: CN = x954 + DirName: CN = x955 + DirName: CN = x956 + DirName: CN = x957 + DirName: CN = x958 + DirName: CN = x959 + DirName: CN = x960 + DirName: CN = x961 + DirName: CN = x962 + DirName: CN = x963 + DirName: CN = x964 + DirName: CN = x965 + DirName: CN = x966 + DirName: CN = x967 + DirName: CN = x968 + DirName: CN = x969 + DirName: CN = x970 + DirName: CN = x971 + DirName: CN = x972 + DirName: CN = x973 + DirName: CN = x974 + DirName: CN = x975 + DirName: CN = x976 + DirName: CN = x977 + DirName: CN = x978 + DirName: CN = x979 + DirName: CN = x980 + DirName: CN = x981 + DirName: CN = x982 + DirName: CN = x983 + DirName: CN = x984 + DirName: CN = x985 + DirName: CN = x986 + DirName: CN = x987 + DirName: CN = x988 + DirName: CN = x989 + DirName: CN = x990 + DirName: CN = x991 + DirName: CN = x992 + DirName: CN = x993 + DirName: CN = x994 + DirName: CN = x995 + DirName: CN = x996 + DirName: CN = x997 + DirName: CN = x998 + DirName: CN = x999 + DirName: CN = x1000 + DirName: CN = x1001 + DirName: CN = x1002 + DirName: CN = x1003 + DirName: CN = x1004 + DirName: CN = x1005 + DirName: CN = x1006 + DirName: CN = x1007 + DirName: CN = x1008 + DirName: CN = x1009 + DirName: CN = x1010 + DirName: CN = x1011 + DirName: CN = x1012 + DirName: CN = x1013 + DirName: CN = x1014 + DirName: CN = x1015 + DirName: CN = x1016 + DirName: CN = x1017 + DirName: CN = x1018 + DirName: CN = x1019 + DirName: CN = x1020 + DirName: CN = x1021 + DirName: CN = x1022 + DirName: CN = x1023 + DirName: CN = x1024 + + Signature Algorithm: sha256WithRSAEncryption + 75:8f:ad:5f:a0:8c:a2:05:18:d8:98:a6:c5:1d:7c:b9:11:f4: + 14:6a:24:56:21:11:98:c7:df:0c:12:6c:43:3d:45:54:de:10: + 14:e5:7b:c0:d8:77:64:c2:01:8b:f3:d0:10:d8:03:43:fe:f9: + 50:79:c6:91:34:38:77:bf:0e:09:7f:1f:7f:8f:50:9f:2a:f2: + 31:5b:37:0e:04:55:13:2b:1b:34:32:0e:8d:db:a8:ed:34:d0: + 6a:83:a0:f9:31:d1:5f:2d:58:07:29:25:d3:1c:de:f8:7a:ac: + 3d:a7:67:4a:4c:ea:e0:f9:0f:91:ff:d8:48:dc:11:ec:a8:23: + a1:e4:62:51:b0:93:f8:6d:63:0f:26:c4:aa:09:e7:30:85:94: + cc:22:2d:a6:c1:e1:5a:77:70:e2:be:50:67:2b:7a:85:8e:56: + 35:f7:59:89:70:6f:8a:fe:1c:bd:16:b5:85:22:0e:f2:1e:d0: + 00:5b:63:7f:5b:eb:1e:23:c0:d5:c6:c9:97:9d:9a:a7:f6:2b: + 8d:54:64:0b:f7:db:26:5e:08:b2:0c:8e:dc:df:1f:e9:92:3a: + f1:cb:89:d4:1f:46:45:9c:e8:0c:b2:6c:aa:9f:55:fc:cd:02: + fc:3c:82:9c:a5:79:f2:27:a6:a5:83:83:64:7f:02:d0:8c:f3: + 8f:32:a7:e1 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKGCU8AwEaQPMA0xCzAJBgNVBAMMAngwMBGkDzAN +MQswCQYDVQQDDAJ4MTARpA8wDTELMAkGA1UEAwwCeDIwEaQPMA0xCzAJBgNVBAMM +AngzMBGkDzANMQswCQYDVQQDDAJ4NDARpA8wDTELMAkGA1UEAwwCeDUwEaQPMA0x +CzAJBgNVBAMMAng2MBGkDzANMQswCQYDVQQDDAJ4NzARpA8wDTELMAkGA1UEAwwC +eDgwEaQPMA0xCzAJBgNVBAMMAng5MBKkEDAOMQwwCgYDVQQDDAN4MTAwEqQQMA4x +DDAKBgNVBAMMA3gxMTASpBAwDjEMMAoGA1UEAwwDeDEyMBKkEDAOMQwwCgYDVQQD +DAN4MTMwEqQQMA4xDDAKBgNVBAMMA3gxNDASpBAwDjEMMAoGA1UEAwwDeDE1MBKk +EDAOMQwwCgYDVQQDDAN4MTYwEqQQMA4xDDAKBgNVBAMMA3gxNzASpBAwDjEMMAoG +A1UEAwwDeDE4MBKkEDAOMQwwCgYDVQQDDAN4MTkwEqQQMA4xDDAKBgNVBAMMA3gy +MDASpBAwDjEMMAoGA1UEAwwDeDIxMBKkEDAOMQwwCgYDVQQDDAN4MjIwEqQQMA4x +DDAKBgNVBAMMA3gyMzASpBAwDjEMMAoGA1UEAwwDeDI0MBKkEDAOMQwwCgYDVQQD +DAN4MjUwEqQQMA4xDDAKBgNVBAMMA3gyNjASpBAwDjEMMAoGA1UEAwwDeDI3MBKk +EDAOMQwwCgYDVQQDDAN4MjgwEqQQMA4xDDAKBgNVBAMMA3gyOTASpBAwDjEMMAoG +A1UEAwwDeDMwMBKkEDAOMQwwCgYDVQQDDAN4MzEwEqQQMA4xDDAKBgNVBAMMA3gz +MjASpBAwDjEMMAoGA1UEAwwDeDMzMBKkEDAOMQwwCgYDVQQDDAN4MzQwEqQQMA4x +DDAKBgNVBAMMA3gzNTASpBAwDjEMMAoGA1UEAwwDeDM2MBKkEDAOMQwwCgYDVQQD +DAN4MzcwEqQQMA4xDDAKBgNVBAMMA3gzODASpBAwDjEMMAoGA1UEAwwDeDM5MBKk +EDAOMQwwCgYDVQQDDAN4NDAwEqQQMA4xDDAKBgNVBAMMA3g0MTASpBAwDjEMMAoG +A1UEAwwDeDQyMBKkEDAOMQwwCgYDVQQDDAN4NDMwEqQQMA4xDDAKBgNVBAMMA3g0 +NDASpBAwDjEMMAoGA1UEAwwDeDQ1MBKkEDAOMQwwCgYDVQQDDAN4NDYwEqQQMA4x +DDAKBgNVBAMMA3g0NzASpBAwDjEMMAoGA1UEAwwDeDQ4MBKkEDAOMQwwCgYDVQQD +DAN4NDkwEqQQMA4xDDAKBgNVBAMMA3g1MDASpBAwDjEMMAoGA1UEAwwDeDUxMBKk +EDAOMQwwCgYDVQQDDAN4NTIwEqQQMA4xDDAKBgNVBAMMA3g1MzASpBAwDjEMMAoG +A1UEAwwDeDU0MBKkEDAOMQwwCgYDVQQDDAN4NTUwEqQQMA4xDDAKBgNVBAMMA3g1 +NjASpBAwDjEMMAoGA1UEAwwDeDU3MBKkEDAOMQwwCgYDVQQDDAN4NTgwEqQQMA4x +DDAKBgNVBAMMA3g1OTASpBAwDjEMMAoGA1UEAwwDeDYwMBKkEDAOMQwwCgYDVQQD +DAN4NjEwEqQQMA4xDDAKBgNVBAMMA3g2MjASpBAwDjEMMAoGA1UEAwwDeDYzMBKk +EDAOMQwwCgYDVQQDDAN4NjQwEqQQMA4xDDAKBgNVBAMMA3g2NTASpBAwDjEMMAoG +A1UEAwwDeDY2MBKkEDAOMQwwCgYDVQQDDAN4NjcwEqQQMA4xDDAKBgNVBAMMA3g2 +ODASpBAwDjEMMAoGA1UEAwwDeDY5MBKkEDAOMQwwCgYDVQQDDAN4NzAwEqQQMA4x +DDAKBgNVBAMMA3g3MTASpBAwDjEMMAoGA1UEAwwDeDcyMBKkEDAOMQwwCgYDVQQD +DAN4NzMwEqQQMA4xDDAKBgNVBAMMA3g3NDASpBAwDjEMMAoGA1UEAwwDeDc1MBKk +EDAOMQwwCgYDVQQDDAN4NzYwEqQQMA4xDDAKBgNVBAMMA3g3NzASpBAwDjEMMAoG +A1UEAwwDeDc4MBKkEDAOMQwwCgYDVQQDDAN4NzkwEqQQMA4xDDAKBgNVBAMMA3g4 +MDASpBAwDjEMMAoGA1UEAwwDeDgxMBKkEDAOMQwwCgYDVQQDDAN4ODIwEqQQMA4x +DDAKBgNVBAMMA3g4MzASpBAwDjEMMAoGA1UEAwwDeDg0MBKkEDAOMQwwCgYDVQQD +DAN4ODUwEqQQMA4xDDAKBgNVBAMMA3g4NjASpBAwDjEMMAoGA1UEAwwDeDg3MBKk +EDAOMQwwCgYDVQQDDAN4ODgwEqQQMA4xDDAKBgNVBAMMA3g4OTASpBAwDjEMMAoG +A1UEAwwDeDkwMBKkEDAOMQwwCgYDVQQDDAN4OTEwEqQQMA4xDDAKBgNVBAMMA3g5 +MjASpBAwDjEMMAoGA1UEAwwDeDkzMBKkEDAOMQwwCgYDVQQDDAN4OTQwEqQQMA4x +DDAKBgNVBAMMA3g5NTASpBAwDjEMMAoGA1UEAwwDeDk2MBKkEDAOMQwwCgYDVQQD +DAN4OTcwEqQQMA4xDDAKBgNVBAMMA3g5ODASpBAwDjEMMAoGA1UEAwwDeDk5MBOk +ETAPMQ0wCwYDVQQDDAR4MTAwMBOkETAPMQ0wCwYDVQQDDAR4MTAxMBOkETAPMQ0w +CwYDVQQDDAR4MTAyMBOkETAPMQ0wCwYDVQQDDAR4MTAzMBOkETAPMQ0wCwYDVQQD +DAR4MTA0MBOkETAPMQ0wCwYDVQQDDAR4MTA1MBOkETAPMQ0wCwYDVQQDDAR4MTA2 +MBOkETAPMQ0wCwYDVQQDDAR4MTA3MBOkETAPMQ0wCwYDVQQDDAR4MTA4MBOkETAP +MQ0wCwYDVQQDDAR4MTA5MBOkETAPMQ0wCwYDVQQDDAR4MTEwMBOkETAPMQ0wCwYD +VQQDDAR4MTExMBOkETAPMQ0wCwYDVQQDDAR4MTEyMBOkETAPMQ0wCwYDVQQDDAR4 +MTEzMBOkETAPMQ0wCwYDVQQDDAR4MTE0MBOkETAPMQ0wCwYDVQQDDAR4MTE1MBOk +ETAPMQ0wCwYDVQQDDAR4MTE2MBOkETAPMQ0wCwYDVQQDDAR4MTE3MBOkETAPMQ0w +CwYDVQQDDAR4MTE4MBOkETAPMQ0wCwYDVQQDDAR4MTE5MBOkETAPMQ0wCwYDVQQD +DAR4MTIwMBOkETAPMQ0wCwYDVQQDDAR4MTIxMBOkETAPMQ0wCwYDVQQDDAR4MTIy +MBOkETAPMQ0wCwYDVQQDDAR4MTIzMBOkETAPMQ0wCwYDVQQDDAR4MTI0MBOkETAP +MQ0wCwYDVQQDDAR4MTI1MBOkETAPMQ0wCwYDVQQDDAR4MTI2MBOkETAPMQ0wCwYD +VQQDDAR4MTI3MBOkETAPMQ0wCwYDVQQDDAR4MTI4MBOkETAPMQ0wCwYDVQQDDAR4 +MTI5MBOkETAPMQ0wCwYDVQQDDAR4MTMwMBOkETAPMQ0wCwYDVQQDDAR4MTMxMBOk +ETAPMQ0wCwYDVQQDDAR4MTMyMBOkETAPMQ0wCwYDVQQDDAR4MTMzMBOkETAPMQ0w +CwYDVQQDDAR4MTM0MBOkETAPMQ0wCwYDVQQDDAR4MTM1MBOkETAPMQ0wCwYDVQQD +DAR4MTM2MBOkETAPMQ0wCwYDVQQDDAR4MTM3MBOkETAPMQ0wCwYDVQQDDAR4MTM4 +MBOkETAPMQ0wCwYDVQQDDAR4MTM5MBOkETAPMQ0wCwYDVQQDDAR4MTQwMBOkETAP +MQ0wCwYDVQQDDAR4MTQxMBOkETAPMQ0wCwYDVQQDDAR4MTQyMBOkETAPMQ0wCwYD +VQQDDAR4MTQzMBOkETAPMQ0wCwYDVQQDDAR4MTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR4MTQ2MBOkETAPMQ0wCwYDVQQDDAR4MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4MTQ4MBOkETAPMQ0wCwYDVQQDDAR4MTQ5MBOkETAPMQ0w +CwYDVQQDDAR4MTUwMBOkETAPMQ0wCwYDVQQDDAR4MTUxMBOkETAPMQ0wCwYDVQQD +DAR4MTUyMBOkETAPMQ0wCwYDVQQDDAR4MTUzMBOkETAPMQ0wCwYDVQQDDAR4MTU0 +MBOkETAPMQ0wCwYDVQQDDAR4MTU1MBOkETAPMQ0wCwYDVQQDDAR4MTU2MBOkETAP +MQ0wCwYDVQQDDAR4MTU3MBOkETAPMQ0wCwYDVQQDDAR4MTU4MBOkETAPMQ0wCwYD +VQQDDAR4MTU5MBOkETAPMQ0wCwYDVQQDDAR4MTYwMBOkETAPMQ0wCwYDVQQDDAR4 +MTYxMBOkETAPMQ0wCwYDVQQDDAR4MTYyMBOkETAPMQ0wCwYDVQQDDAR4MTYzMBOk +ETAPMQ0wCwYDVQQDDAR4MTY0MBOkETAPMQ0wCwYDVQQDDAR4MTY1MBOkETAPMQ0w +CwYDVQQDDAR4MTY2MBOkETAPMQ0wCwYDVQQDDAR4MTY3MBOkETAPMQ0wCwYDVQQD +DAR4MTY4MBOkETAPMQ0wCwYDVQQDDAR4MTY5MBOkETAPMQ0wCwYDVQQDDAR4MTcw +MBOkETAPMQ0wCwYDVQQDDAR4MTcxMBOkETAPMQ0wCwYDVQQDDAR4MTcyMBOkETAP +MQ0wCwYDVQQDDAR4MTczMBOkETAPMQ0wCwYDVQQDDAR4MTc0MBOkETAPMQ0wCwYD +VQQDDAR4MTc1MBOkETAPMQ0wCwYDVQQDDAR4MTc2MBOkETAPMQ0wCwYDVQQDDAR4 +MTc3MBOkETAPMQ0wCwYDVQQDDAR4MTc4MBOkETAPMQ0wCwYDVQQDDAR4MTc5MBOk +ETAPMQ0wCwYDVQQDDAR4MTgwMBOkETAPMQ0wCwYDVQQDDAR4MTgxMBOkETAPMQ0w +CwYDVQQDDAR4MTgyMBOkETAPMQ0wCwYDVQQDDAR4MTgzMBOkETAPMQ0wCwYDVQQD +DAR4MTg0MBOkETAPMQ0wCwYDVQQDDAR4MTg1MBOkETAPMQ0wCwYDVQQDDAR4MTg2 +MBOkETAPMQ0wCwYDVQQDDAR4MTg3MBOkETAPMQ0wCwYDVQQDDAR4MTg4MBOkETAP +MQ0wCwYDVQQDDAR4MTg5MBOkETAPMQ0wCwYDVQQDDAR4MTkwMBOkETAPMQ0wCwYD +VQQDDAR4MTkxMBOkETAPMQ0wCwYDVQQDDAR4MTkyMBOkETAPMQ0wCwYDVQQDDAR4 +MTkzMBOkETAPMQ0wCwYDVQQDDAR4MTk0MBOkETAPMQ0wCwYDVQQDDAR4MTk1MBOk +ETAPMQ0wCwYDVQQDDAR4MTk2MBOkETAPMQ0wCwYDVQQDDAR4MTk3MBOkETAPMQ0w +CwYDVQQDDAR4MTk4MBOkETAPMQ0wCwYDVQQDDAR4MTk5MBOkETAPMQ0wCwYDVQQD +DAR4MjAwMBOkETAPMQ0wCwYDVQQDDAR4MjAxMBOkETAPMQ0wCwYDVQQDDAR4MjAy +MBOkETAPMQ0wCwYDVQQDDAR4MjAzMBOkETAPMQ0wCwYDVQQDDAR4MjA0MBOkETAP +MQ0wCwYDVQQDDAR4MjA1MBOkETAPMQ0wCwYDVQQDDAR4MjA2MBOkETAPMQ0wCwYD +VQQDDAR4MjA3MBOkETAPMQ0wCwYDVQQDDAR4MjA4MBOkETAPMQ0wCwYDVQQDDAR4 +MjA5MBOkETAPMQ0wCwYDVQQDDAR4MjEwMBOkETAPMQ0wCwYDVQQDDAR4MjExMBOk +ETAPMQ0wCwYDVQQDDAR4MjEyMBOkETAPMQ0wCwYDVQQDDAR4MjEzMBOkETAPMQ0w +CwYDVQQDDAR4MjE0MBOkETAPMQ0wCwYDVQQDDAR4MjE1MBOkETAPMQ0wCwYDVQQD +DAR4MjE2MBOkETAPMQ0wCwYDVQQDDAR4MjE3MBOkETAPMQ0wCwYDVQQDDAR4MjE4 +MBOkETAPMQ0wCwYDVQQDDAR4MjE5MBOkETAPMQ0wCwYDVQQDDAR4MjIwMBOkETAP +MQ0wCwYDVQQDDAR4MjIxMBOkETAPMQ0wCwYDVQQDDAR4MjIyMBOkETAPMQ0wCwYD +VQQDDAR4MjIzMBOkETAPMQ0wCwYDVQQDDAR4MjI0MBOkETAPMQ0wCwYDVQQDDAR4 +MjI1MBOkETAPMQ0wCwYDVQQDDAR4MjI2MBOkETAPMQ0wCwYDVQQDDAR4MjI3MBOk +ETAPMQ0wCwYDVQQDDAR4MjI4MBOkETAPMQ0wCwYDVQQDDAR4MjI5MBOkETAPMQ0w +CwYDVQQDDAR4MjMwMBOkETAPMQ0wCwYDVQQDDAR4MjMxMBOkETAPMQ0wCwYDVQQD +DAR4MjMyMBOkETAPMQ0wCwYDVQQDDAR4MjMzMBOkETAPMQ0wCwYDVQQDDAR4MjM0 +MBOkETAPMQ0wCwYDVQQDDAR4MjM1MBOkETAPMQ0wCwYDVQQDDAR4MjM2MBOkETAP +MQ0wCwYDVQQDDAR4MjM3MBOkETAPMQ0wCwYDVQQDDAR4MjM4MBOkETAPMQ0wCwYD +VQQDDAR4MjM5MBOkETAPMQ0wCwYDVQQDDAR4MjQwMBOkETAPMQ0wCwYDVQQDDAR4 +MjQxMBOkETAPMQ0wCwYDVQQDDAR4MjQyMBOkETAPMQ0wCwYDVQQDDAR4MjQzMBOk +ETAPMQ0wCwYDVQQDDAR4MjQ0MBOkETAPMQ0wCwYDVQQDDAR4MjQ1MBOkETAPMQ0w +CwYDVQQDDAR4MjQ2MBOkETAPMQ0wCwYDVQQDDAR4MjQ3MBOkETAPMQ0wCwYDVQQD +DAR4MjQ4MBOkETAPMQ0wCwYDVQQDDAR4MjQ5MBOkETAPMQ0wCwYDVQQDDAR4MjUw +MBOkETAPMQ0wCwYDVQQDDAR4MjUxMBOkETAPMQ0wCwYDVQQDDAR4MjUyMBOkETAP +MQ0wCwYDVQQDDAR4MjUzMBOkETAPMQ0wCwYDVQQDDAR4MjU0MBOkETAPMQ0wCwYD +VQQDDAR4MjU1MBOkETAPMQ0wCwYDVQQDDAR4MjU2MBOkETAPMQ0wCwYDVQQDDAR4 +MjU3MBOkETAPMQ0wCwYDVQQDDAR4MjU4MBOkETAPMQ0wCwYDVQQDDAR4MjU5MBOk +ETAPMQ0wCwYDVQQDDAR4MjYwMBOkETAPMQ0wCwYDVQQDDAR4MjYxMBOkETAPMQ0w +CwYDVQQDDAR4MjYyMBOkETAPMQ0wCwYDVQQDDAR4MjYzMBOkETAPMQ0wCwYDVQQD +DAR4MjY0MBOkETAPMQ0wCwYDVQQDDAR4MjY1MBOkETAPMQ0wCwYDVQQDDAR4MjY2 +MBOkETAPMQ0wCwYDVQQDDAR4MjY3MBOkETAPMQ0wCwYDVQQDDAR4MjY4MBOkETAP +MQ0wCwYDVQQDDAR4MjY5MBOkETAPMQ0wCwYDVQQDDAR4MjcwMBOkETAPMQ0wCwYD +VQQDDAR4MjcxMBOkETAPMQ0wCwYDVQQDDAR4MjcyMBOkETAPMQ0wCwYDVQQDDAR4 +MjczMBOkETAPMQ0wCwYDVQQDDAR4Mjc0MBOkETAPMQ0wCwYDVQQDDAR4Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR4Mjc2MBOkETAPMQ0wCwYDVQQDDAR4Mjc3MBOkETAPMQ0w +CwYDVQQDDAR4Mjc4MBOkETAPMQ0wCwYDVQQDDAR4Mjc5MBOkETAPMQ0wCwYDVQQD +DAR4MjgwMBOkETAPMQ0wCwYDVQQDDAR4MjgxMBOkETAPMQ0wCwYDVQQDDAR4Mjgy +MBOkETAPMQ0wCwYDVQQDDAR4MjgzMBOkETAPMQ0wCwYDVQQDDAR4Mjg0MBOkETAP +MQ0wCwYDVQQDDAR4Mjg1MBOkETAPMQ0wCwYDVQQDDAR4Mjg2MBOkETAPMQ0wCwYD +VQQDDAR4Mjg3MBOkETAPMQ0wCwYDVQQDDAR4Mjg4MBOkETAPMQ0wCwYDVQQDDAR4 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR4MjkwMBOkETAPMQ0wCwYDVQQDDAR4MjkxMBOk +ETAPMQ0wCwYDVQQDDAR4MjkyMBOkETAPMQ0wCwYDVQQDDAR4MjkzMBOkETAPMQ0w +CwYDVQQDDAR4Mjk0MBOkETAPMQ0wCwYDVQQDDAR4Mjk1MBOkETAPMQ0wCwYDVQQD +DAR4Mjk2MBOkETAPMQ0wCwYDVQQDDAR4Mjk3MBOkETAPMQ0wCwYDVQQDDAR4Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR4Mjk5MBOkETAPMQ0wCwYDVQQDDAR4MzAwMBOkETAP +MQ0wCwYDVQQDDAR4MzAxMBOkETAPMQ0wCwYDVQQDDAR4MzAyMBOkETAPMQ0wCwYD +VQQDDAR4MzAzMBOkETAPMQ0wCwYDVQQDDAR4MzA0MBOkETAPMQ0wCwYDVQQDDAR4 +MzA1MBOkETAPMQ0wCwYDVQQDDAR4MzA2MBOkETAPMQ0wCwYDVQQDDAR4MzA3MBOk +ETAPMQ0wCwYDVQQDDAR4MzA4MBOkETAPMQ0wCwYDVQQDDAR4MzA5MBOkETAPMQ0w +CwYDVQQDDAR4MzEwMBOkETAPMQ0wCwYDVQQDDAR4MzExMBOkETAPMQ0wCwYDVQQD +DAR4MzEyMBOkETAPMQ0wCwYDVQQDDAR4MzEzMBOkETAPMQ0wCwYDVQQDDAR4MzE0 +MBOkETAPMQ0wCwYDVQQDDAR4MzE1MBOkETAPMQ0wCwYDVQQDDAR4MzE2MBOkETAP +MQ0wCwYDVQQDDAR4MzE3MBOkETAPMQ0wCwYDVQQDDAR4MzE4MBOkETAPMQ0wCwYD +VQQDDAR4MzE5MBOkETAPMQ0wCwYDVQQDDAR4MzIwMBOkETAPMQ0wCwYDVQQDDAR4 +MzIxMBOkETAPMQ0wCwYDVQQDDAR4MzIyMBOkETAPMQ0wCwYDVQQDDAR4MzIzMBOk +ETAPMQ0wCwYDVQQDDAR4MzI0MBOkETAPMQ0wCwYDVQQDDAR4MzI1MBOkETAPMQ0w +CwYDVQQDDAR4MzI2MBOkETAPMQ0wCwYDVQQDDAR4MzI3MBOkETAPMQ0wCwYDVQQD +DAR4MzI4MBOkETAPMQ0wCwYDVQQDDAR4MzI5MBOkETAPMQ0wCwYDVQQDDAR4MzMw +MBOkETAPMQ0wCwYDVQQDDAR4MzMxMBOkETAPMQ0wCwYDVQQDDAR4MzMyMBOkETAP +MQ0wCwYDVQQDDAR4MzMzMBOkETAPMQ0wCwYDVQQDDAR4MzM0MBOkETAPMQ0wCwYD +VQQDDAR4MzM1MBOkETAPMQ0wCwYDVQQDDAR4MzM2MBOkETAPMQ0wCwYDVQQDDAR4 +MzM3MBOkETAPMQ0wCwYDVQQDDAR4MzM4MBOkETAPMQ0wCwYDVQQDDAR4MzM5MBOk +ETAPMQ0wCwYDVQQDDAR4MzQwMBOkETAPMQ0wCwYDVQQDDAR4MzQxMBOkETAPMQ0w +CwYDVQQDDAR4MzQyMBOkETAPMQ0wCwYDVQQDDAR4MzQzMBOkETAPMQ0wCwYDVQQD +DAR4MzQ0MBOkETAPMQ0wCwYDVQQDDAR4MzQ1MBOkETAPMQ0wCwYDVQQDDAR4MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4MzQ3MBOkETAPMQ0wCwYDVQQDDAR4MzQ4MBOkETAP +MQ0wCwYDVQQDDAR4MzQ5MBOkETAPMQ0wCwYDVQQDDAR4MzUwMBOkETAPMQ0wCwYD +VQQDDAR4MzUxMBOkETAPMQ0wCwYDVQQDDAR4MzUyMBOkETAPMQ0wCwYDVQQDDAR4 +MzUzMBOkETAPMQ0wCwYDVQQDDAR4MzU0MBOkETAPMQ0wCwYDVQQDDAR4MzU1MBOk +ETAPMQ0wCwYDVQQDDAR4MzU2MBOkETAPMQ0wCwYDVQQDDAR4MzU3MBOkETAPMQ0w +CwYDVQQDDAR4MzU4MBOkETAPMQ0wCwYDVQQDDAR4MzU5MBOkETAPMQ0wCwYDVQQD +DAR4MzYwMBOkETAPMQ0wCwYDVQQDDAR4MzYxMBOkETAPMQ0wCwYDVQQDDAR4MzYy +MBOkETAPMQ0wCwYDVQQDDAR4MzYzMBOkETAPMQ0wCwYDVQQDDAR4MzY0MBOkETAP +MQ0wCwYDVQQDDAR4MzY1MBOkETAPMQ0wCwYDVQQDDAR4MzY2MBOkETAPMQ0wCwYD +VQQDDAR4MzY3MBOkETAPMQ0wCwYDVQQDDAR4MzY4MBOkETAPMQ0wCwYDVQQDDAR4 +MzY5MBOkETAPMQ0wCwYDVQQDDAR4MzcwMBOkETAPMQ0wCwYDVQQDDAR4MzcxMBOk +ETAPMQ0wCwYDVQQDDAR4MzcyMBOkETAPMQ0wCwYDVQQDDAR4MzczMBOkETAPMQ0w +CwYDVQQDDAR4Mzc0MBOkETAPMQ0wCwYDVQQDDAR4Mzc1MBOkETAPMQ0wCwYDVQQD +DAR4Mzc2MBOkETAPMQ0wCwYDVQQDDAR4Mzc3MBOkETAPMQ0wCwYDVQQDDAR4Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Mzc5MBOkETAPMQ0wCwYDVQQDDAR4MzgwMBOkETAP +MQ0wCwYDVQQDDAR4MzgxMBOkETAPMQ0wCwYDVQQDDAR4MzgyMBOkETAPMQ0wCwYD +VQQDDAR4MzgzMBOkETAPMQ0wCwYDVQQDDAR4Mzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR4Mzg2MBOkETAPMQ0wCwYDVQQDDAR4Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Mzg4MBOkETAPMQ0wCwYDVQQDDAR4Mzg5MBOkETAPMQ0w +CwYDVQQDDAR4MzkwMBOkETAPMQ0wCwYDVQQDDAR4MzkxMBOkETAPMQ0wCwYDVQQD +DAR4MzkyMBOkETAPMQ0wCwYDVQQDDAR4MzkzMBOkETAPMQ0wCwYDVQQDDAR4Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Mzk1MBOkETAPMQ0wCwYDVQQDDAR4Mzk2MBOkETAP +MQ0wCwYDVQQDDAR4Mzk3MBOkETAPMQ0wCwYDVQQDDAR4Mzk4MBOkETAPMQ0wCwYD +VQQDDAR4Mzk5MBOkETAPMQ0wCwYDVQQDDAR4NDAwMBOkETAPMQ0wCwYDVQQDDAR4 +NDAxMBOkETAPMQ0wCwYDVQQDDAR4NDAyMBOkETAPMQ0wCwYDVQQDDAR4NDAzMBOk +ETAPMQ0wCwYDVQQDDAR4NDA0MBOkETAPMQ0wCwYDVQQDDAR4NDA1MBOkETAPMQ0w +CwYDVQQDDAR4NDA2MBOkETAPMQ0wCwYDVQQDDAR4NDA3MBOkETAPMQ0wCwYDVQQD +DAR4NDA4MBOkETAPMQ0wCwYDVQQDDAR4NDA5MBOkETAPMQ0wCwYDVQQDDAR4NDEw +MBOkETAPMQ0wCwYDVQQDDAR4NDExMBOkETAPMQ0wCwYDVQQDDAR4NDEyMBOkETAP +MQ0wCwYDVQQDDAR4NDEzMBOkETAPMQ0wCwYDVQQDDAR4NDE0MBOkETAPMQ0wCwYD +VQQDDAR4NDE1MBOkETAPMQ0wCwYDVQQDDAR4NDE2MBOkETAPMQ0wCwYDVQQDDAR4 +NDE3MBOkETAPMQ0wCwYDVQQDDAR4NDE4MBOkETAPMQ0wCwYDVQQDDAR4NDE5MBOk +ETAPMQ0wCwYDVQQDDAR4NDIwMBOkETAPMQ0wCwYDVQQDDAR4NDIxMBOkETAPMQ0w +CwYDVQQDDAR4NDIyMBOkETAPMQ0wCwYDVQQDDAR4NDIzMBOkETAPMQ0wCwYDVQQD +DAR4NDI0MBOkETAPMQ0wCwYDVQQDDAR4NDI1MBOkETAPMQ0wCwYDVQQDDAR4NDI2 +MBOkETAPMQ0wCwYDVQQDDAR4NDI3MBOkETAPMQ0wCwYDVQQDDAR4NDI4MBOkETAP +MQ0wCwYDVQQDDAR4NDI5MBOkETAPMQ0wCwYDVQQDDAR4NDMwMBOkETAPMQ0wCwYD +VQQDDAR4NDMxMBOkETAPMQ0wCwYDVQQDDAR4NDMyMBOkETAPMQ0wCwYDVQQDDAR4 +NDMzMBOkETAPMQ0wCwYDVQQDDAR4NDM0MBOkETAPMQ0wCwYDVQQDDAR4NDM1MBOk +ETAPMQ0wCwYDVQQDDAR4NDM2MBOkETAPMQ0wCwYDVQQDDAR4NDM3MBOkETAPMQ0w +CwYDVQQDDAR4NDM4MBOkETAPMQ0wCwYDVQQDDAR4NDM5MBOkETAPMQ0wCwYDVQQD +DAR4NDQwMBOkETAPMQ0wCwYDVQQDDAR4NDQxMBOkETAPMQ0wCwYDVQQDDAR4NDQy +MBOkETAPMQ0wCwYDVQQDDAR4NDQzMBOkETAPMQ0wCwYDVQQDDAR4NDQ0MBOkETAP +MQ0wCwYDVQQDDAR4NDQ1MBOkETAPMQ0wCwYDVQQDDAR4NDQ2MBOkETAPMQ0wCwYD +VQQDDAR4NDQ3MBOkETAPMQ0wCwYDVQQDDAR4NDQ4MBOkETAPMQ0wCwYDVQQDDAR4 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR4NDUwMBOkETAPMQ0wCwYDVQQDDAR4NDUxMBOk +ETAPMQ0wCwYDVQQDDAR4NDUyMBOkETAPMQ0wCwYDVQQDDAR4NDUzMBOkETAPMQ0w +CwYDVQQDDAR4NDU0MBOkETAPMQ0wCwYDVQQDDAR4NDU1MBOkETAPMQ0wCwYDVQQD +DAR4NDU2MBOkETAPMQ0wCwYDVQQDDAR4NDU3MBOkETAPMQ0wCwYDVQQDDAR4NDU4 +MBOkETAPMQ0wCwYDVQQDDAR4NDU5MBOkETAPMQ0wCwYDVQQDDAR4NDYwMBOkETAP +MQ0wCwYDVQQDDAR4NDYxMBOkETAPMQ0wCwYDVQQDDAR4NDYyMBOkETAPMQ0wCwYD +VQQDDAR4NDYzMBOkETAPMQ0wCwYDVQQDDAR4NDY0MBOkETAPMQ0wCwYDVQQDDAR4 +NDY1MBOkETAPMQ0wCwYDVQQDDAR4NDY2MBOkETAPMQ0wCwYDVQQDDAR4NDY3MBOk +ETAPMQ0wCwYDVQQDDAR4NDY4MBOkETAPMQ0wCwYDVQQDDAR4NDY5MBOkETAPMQ0w +CwYDVQQDDAR4NDcwMBOkETAPMQ0wCwYDVQQDDAR4NDcxMBOkETAPMQ0wCwYDVQQD +DAR4NDcyMBOkETAPMQ0wCwYDVQQDDAR4NDczMBOkETAPMQ0wCwYDVQQDDAR4NDc0 +MBOkETAPMQ0wCwYDVQQDDAR4NDc1MBOkETAPMQ0wCwYDVQQDDAR4NDc2MBOkETAP +MQ0wCwYDVQQDDAR4NDc3MBOkETAPMQ0wCwYDVQQDDAR4NDc4MBOkETAPMQ0wCwYD +VQQDDAR4NDc5MBOkETAPMQ0wCwYDVQQDDAR4NDgwMBOkETAPMQ0wCwYDVQQDDAR4 +NDgxMBOkETAPMQ0wCwYDVQQDDAR4NDgyMBOkETAPMQ0wCwYDVQQDDAR4NDgzMBOk +ETAPMQ0wCwYDVQQDDAR4NDg0MBOkETAPMQ0wCwYDVQQDDAR4NDg1MBOkETAPMQ0w +CwYDVQQDDAR4NDg2MBOkETAPMQ0wCwYDVQQDDAR4NDg3MBOkETAPMQ0wCwYDVQQD +DAR4NDg4MBOkETAPMQ0wCwYDVQQDDAR4NDg5MBOkETAPMQ0wCwYDVQQDDAR4NDkw +MBOkETAPMQ0wCwYDVQQDDAR4NDkxMBOkETAPMQ0wCwYDVQQDDAR4NDkyMBOkETAP +MQ0wCwYDVQQDDAR4NDkzMBOkETAPMQ0wCwYDVQQDDAR4NDk0MBOkETAPMQ0wCwYD +VQQDDAR4NDk1MBOkETAPMQ0wCwYDVQQDDAR4NDk2MBOkETAPMQ0wCwYDVQQDDAR4 +NDk3MBOkETAPMQ0wCwYDVQQDDAR4NDk4MBOkETAPMQ0wCwYDVQQDDAR4NDk5MBOk +ETAPMQ0wCwYDVQQDDAR4NTAwMBOkETAPMQ0wCwYDVQQDDAR4NTAxMBOkETAPMQ0w +CwYDVQQDDAR4NTAyMBOkETAPMQ0wCwYDVQQDDAR4NTAzMBOkETAPMQ0wCwYDVQQD +DAR4NTA0MBOkETAPMQ0wCwYDVQQDDAR4NTA1MBOkETAPMQ0wCwYDVQQDDAR4NTA2 +MBOkETAPMQ0wCwYDVQQDDAR4NTA3MBOkETAPMQ0wCwYDVQQDDAR4NTA4MBOkETAP +MQ0wCwYDVQQDDAR4NTA5MBOkETAPMQ0wCwYDVQQDDAR4NTEwMBOkETAPMQ0wCwYD +VQQDDAR4NTExMBOkETAPMQ0wCwYDVQQDDAR4NTEyMBOkETAPMQ0wCwYDVQQDDAR4 +NTEzMBOkETAPMQ0wCwYDVQQDDAR4NTE0MBOkETAPMQ0wCwYDVQQDDAR4NTE1MBOk +ETAPMQ0wCwYDVQQDDAR4NTE2MBOkETAPMQ0wCwYDVQQDDAR4NTE3MBOkETAPMQ0w +CwYDVQQDDAR4NTE4MBOkETAPMQ0wCwYDVQQDDAR4NTE5MBOkETAPMQ0wCwYDVQQD +DAR4NTIwMBOkETAPMQ0wCwYDVQQDDAR4NTIxMBOkETAPMQ0wCwYDVQQDDAR4NTIy +MBOkETAPMQ0wCwYDVQQDDAR4NTIzMBOkETAPMQ0wCwYDVQQDDAR4NTI0MBOkETAP +MQ0wCwYDVQQDDAR4NTI1MBOkETAPMQ0wCwYDVQQDDAR4NTI2MBOkETAPMQ0wCwYD +VQQDDAR4NTI3MBOkETAPMQ0wCwYDVQQDDAR4NTI4MBOkETAPMQ0wCwYDVQQDDAR4 +NTI5MBOkETAPMQ0wCwYDVQQDDAR4NTMwMBOkETAPMQ0wCwYDVQQDDAR4NTMxMBOk +ETAPMQ0wCwYDVQQDDAR4NTMyMBOkETAPMQ0wCwYDVQQDDAR4NTMzMBOkETAPMQ0w +CwYDVQQDDAR4NTM0MBOkETAPMQ0wCwYDVQQDDAR4NTM1MBOkETAPMQ0wCwYDVQQD +DAR4NTM2MBOkETAPMQ0wCwYDVQQDDAR4NTM3MBOkETAPMQ0wCwYDVQQDDAR4NTM4 +MBOkETAPMQ0wCwYDVQQDDAR4NTM5MBOkETAPMQ0wCwYDVQQDDAR4NTQwMBOkETAP +MQ0wCwYDVQQDDAR4NTQxMBOkETAPMQ0wCwYDVQQDDAR4NTQyMBOkETAPMQ0wCwYD +VQQDDAR4NTQzMBOkETAPMQ0wCwYDVQQDDAR4NTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR4NTQ2MBOkETAPMQ0wCwYDVQQDDAR4NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4NTQ4MBOkETAPMQ0wCwYDVQQDDAR4NTQ5MBOkETAPMQ0w +CwYDVQQDDAR4NTUwMBOkETAPMQ0wCwYDVQQDDAR4NTUxMBOkETAPMQ0wCwYDVQQD +DAR4NTUyMBOkETAPMQ0wCwYDVQQDDAR4NTUzMBOkETAPMQ0wCwYDVQQDDAR4NTU0 +MBOkETAPMQ0wCwYDVQQDDAR4NTU1MBOkETAPMQ0wCwYDVQQDDAR4NTU2MBOkETAP +MQ0wCwYDVQQDDAR4NTU3MBOkETAPMQ0wCwYDVQQDDAR4NTU4MBOkETAPMQ0wCwYD +VQQDDAR4NTU5MBOkETAPMQ0wCwYDVQQDDAR4NTYwMBOkETAPMQ0wCwYDVQQDDAR4 +NTYxMBOkETAPMQ0wCwYDVQQDDAR4NTYyMBOkETAPMQ0wCwYDVQQDDAR4NTYzMBOk +ETAPMQ0wCwYDVQQDDAR4NTY0MBOkETAPMQ0wCwYDVQQDDAR4NTY1MBOkETAPMQ0w +CwYDVQQDDAR4NTY2MBOkETAPMQ0wCwYDVQQDDAR4NTY3MBOkETAPMQ0wCwYDVQQD +DAR4NTY4MBOkETAPMQ0wCwYDVQQDDAR4NTY5MBOkETAPMQ0wCwYDVQQDDAR4NTcw +MBOkETAPMQ0wCwYDVQQDDAR4NTcxMBOkETAPMQ0wCwYDVQQDDAR4NTcyMBOkETAP +MQ0wCwYDVQQDDAR4NTczMBOkETAPMQ0wCwYDVQQDDAR4NTc0MBOkETAPMQ0wCwYD +VQQDDAR4NTc1MBOkETAPMQ0wCwYDVQQDDAR4NTc2MBOkETAPMQ0wCwYDVQQDDAR4 +NTc3MBOkETAPMQ0wCwYDVQQDDAR4NTc4MBOkETAPMQ0wCwYDVQQDDAR4NTc5MBOk +ETAPMQ0wCwYDVQQDDAR4NTgwMBOkETAPMQ0wCwYDVQQDDAR4NTgxMBOkETAPMQ0w +CwYDVQQDDAR4NTgyMBOkETAPMQ0wCwYDVQQDDAR4NTgzMBOkETAPMQ0wCwYDVQQD +DAR4NTg0MBOkETAPMQ0wCwYDVQQDDAR4NTg1MBOkETAPMQ0wCwYDVQQDDAR4NTg2 +MBOkETAPMQ0wCwYDVQQDDAR4NTg3MBOkETAPMQ0wCwYDVQQDDAR4NTg4MBOkETAP +MQ0wCwYDVQQDDAR4NTg5MBOkETAPMQ0wCwYDVQQDDAR4NTkwMBOkETAPMQ0wCwYD +VQQDDAR4NTkxMBOkETAPMQ0wCwYDVQQDDAR4NTkyMBOkETAPMQ0wCwYDVQQDDAR4 +NTkzMBOkETAPMQ0wCwYDVQQDDAR4NTk0MBOkETAPMQ0wCwYDVQQDDAR4NTk1MBOk +ETAPMQ0wCwYDVQQDDAR4NTk2MBOkETAPMQ0wCwYDVQQDDAR4NTk3MBOkETAPMQ0w +CwYDVQQDDAR4NTk4MBOkETAPMQ0wCwYDVQQDDAR4NTk5MBOkETAPMQ0wCwYDVQQD +DAR4NjAwMBOkETAPMQ0wCwYDVQQDDAR4NjAxMBOkETAPMQ0wCwYDVQQDDAR4NjAy +MBOkETAPMQ0wCwYDVQQDDAR4NjAzMBOkETAPMQ0wCwYDVQQDDAR4NjA0MBOkETAP +MQ0wCwYDVQQDDAR4NjA1MBOkETAPMQ0wCwYDVQQDDAR4NjA2MBOkETAPMQ0wCwYD +VQQDDAR4NjA3MBOkETAPMQ0wCwYDVQQDDAR4NjA4MBOkETAPMQ0wCwYDVQQDDAR4 +NjA5MBOkETAPMQ0wCwYDVQQDDAR4NjEwMBOkETAPMQ0wCwYDVQQDDAR4NjExMBOk +ETAPMQ0wCwYDVQQDDAR4NjEyMBOkETAPMQ0wCwYDVQQDDAR4NjEzMBOkETAPMQ0w +CwYDVQQDDAR4NjE0MBOkETAPMQ0wCwYDVQQDDAR4NjE1MBOkETAPMQ0wCwYDVQQD +DAR4NjE2MBOkETAPMQ0wCwYDVQQDDAR4NjE3MBOkETAPMQ0wCwYDVQQDDAR4NjE4 +MBOkETAPMQ0wCwYDVQQDDAR4NjE5MBOkETAPMQ0wCwYDVQQDDAR4NjIwMBOkETAP +MQ0wCwYDVQQDDAR4NjIxMBOkETAPMQ0wCwYDVQQDDAR4NjIyMBOkETAPMQ0wCwYD +VQQDDAR4NjIzMBOkETAPMQ0wCwYDVQQDDAR4NjI0MBOkETAPMQ0wCwYDVQQDDAR4 +NjI1MBOkETAPMQ0wCwYDVQQDDAR4NjI2MBOkETAPMQ0wCwYDVQQDDAR4NjI3MBOk +ETAPMQ0wCwYDVQQDDAR4NjI4MBOkETAPMQ0wCwYDVQQDDAR4NjI5MBOkETAPMQ0w +CwYDVQQDDAR4NjMwMBOkETAPMQ0wCwYDVQQDDAR4NjMxMBOkETAPMQ0wCwYDVQQD +DAR4NjMyMBOkETAPMQ0wCwYDVQQDDAR4NjMzMBOkETAPMQ0wCwYDVQQDDAR4NjM0 +MBOkETAPMQ0wCwYDVQQDDAR4NjM1MBOkETAPMQ0wCwYDVQQDDAR4NjM2MBOkETAP +MQ0wCwYDVQQDDAR4NjM3MBOkETAPMQ0wCwYDVQQDDAR4NjM4MBOkETAPMQ0wCwYD +VQQDDAR4NjM5MBOkETAPMQ0wCwYDVQQDDAR4NjQwMBOkETAPMQ0wCwYDVQQDDAR4 +NjQxMBOkETAPMQ0wCwYDVQQDDAR4NjQyMBOkETAPMQ0wCwYDVQQDDAR4NjQzMBOk +ETAPMQ0wCwYDVQQDDAR4NjQ0MBOkETAPMQ0wCwYDVQQDDAR4NjQ1MBOkETAPMQ0w +CwYDVQQDDAR4NjQ2MBOkETAPMQ0wCwYDVQQDDAR4NjQ3MBOkETAPMQ0wCwYDVQQD +DAR4NjQ4MBOkETAPMQ0wCwYDVQQDDAR4NjQ5MBOkETAPMQ0wCwYDVQQDDAR4NjUw +MBOkETAPMQ0wCwYDVQQDDAR4NjUxMBOkETAPMQ0wCwYDVQQDDAR4NjUyMBOkETAP +MQ0wCwYDVQQDDAR4NjUzMBOkETAPMQ0wCwYDVQQDDAR4NjU0MBOkETAPMQ0wCwYD +VQQDDAR4NjU1MBOkETAPMQ0wCwYDVQQDDAR4NjU2MBOkETAPMQ0wCwYDVQQDDAR4 +NjU3MBOkETAPMQ0wCwYDVQQDDAR4NjU4MBOkETAPMQ0wCwYDVQQDDAR4NjU5MBOk +ETAPMQ0wCwYDVQQDDAR4NjYwMBOkETAPMQ0wCwYDVQQDDAR4NjYxMBOkETAPMQ0w +CwYDVQQDDAR4NjYyMBOkETAPMQ0wCwYDVQQDDAR4NjYzMBOkETAPMQ0wCwYDVQQD +DAR4NjY0MBOkETAPMQ0wCwYDVQQDDAR4NjY1MBOkETAPMQ0wCwYDVQQDDAR4NjY2 +MBOkETAPMQ0wCwYDVQQDDAR4NjY3MBOkETAPMQ0wCwYDVQQDDAR4NjY4MBOkETAP +MQ0wCwYDVQQDDAR4NjY5MBOkETAPMQ0wCwYDVQQDDAR4NjcwMBOkETAPMQ0wCwYD +VQQDDAR4NjcxMBOkETAPMQ0wCwYDVQQDDAR4NjcyMBOkETAPMQ0wCwYDVQQDDAR4 +NjczMBOkETAPMQ0wCwYDVQQDDAR4Njc0MBOkETAPMQ0wCwYDVQQDDAR4Njc1MBOk +ETAPMQ0wCwYDVQQDDAR4Njc2MBOkETAPMQ0wCwYDVQQDDAR4Njc3MBOkETAPMQ0w +CwYDVQQDDAR4Njc4MBOkETAPMQ0wCwYDVQQDDAR4Njc5MBOkETAPMQ0wCwYDVQQD +DAR4NjgwMBOkETAPMQ0wCwYDVQQDDAR4NjgxMBOkETAPMQ0wCwYDVQQDDAR4Njgy +MBOkETAPMQ0wCwYDVQQDDAR4NjgzMBOkETAPMQ0wCwYDVQQDDAR4Njg0MBOkETAP +MQ0wCwYDVQQDDAR4Njg1MBOkETAPMQ0wCwYDVQQDDAR4Njg2MBOkETAPMQ0wCwYD +VQQDDAR4Njg3MBOkETAPMQ0wCwYDVQQDDAR4Njg4MBOkETAPMQ0wCwYDVQQDDAR4 +Njg5MBOkETAPMQ0wCwYDVQQDDAR4NjkwMBOkETAPMQ0wCwYDVQQDDAR4NjkxMBOk +ETAPMQ0wCwYDVQQDDAR4NjkyMBOkETAPMQ0wCwYDVQQDDAR4NjkzMBOkETAPMQ0w +CwYDVQQDDAR4Njk0MBOkETAPMQ0wCwYDVQQDDAR4Njk1MBOkETAPMQ0wCwYDVQQD +DAR4Njk2MBOkETAPMQ0wCwYDVQQDDAR4Njk3MBOkETAPMQ0wCwYDVQQDDAR4Njk4 +MBOkETAPMQ0wCwYDVQQDDAR4Njk5MBOkETAPMQ0wCwYDVQQDDAR4NzAwMBOkETAP +MQ0wCwYDVQQDDAR4NzAxMBOkETAPMQ0wCwYDVQQDDAR4NzAyMBOkETAPMQ0wCwYD +VQQDDAR4NzAzMBOkETAPMQ0wCwYDVQQDDAR4NzA0MBOkETAPMQ0wCwYDVQQDDAR4 +NzA1MBOkETAPMQ0wCwYDVQQDDAR4NzA2MBOkETAPMQ0wCwYDVQQDDAR4NzA3MBOk +ETAPMQ0wCwYDVQQDDAR4NzA4MBOkETAPMQ0wCwYDVQQDDAR4NzA5MBOkETAPMQ0w +CwYDVQQDDAR4NzEwMBOkETAPMQ0wCwYDVQQDDAR4NzExMBOkETAPMQ0wCwYDVQQD +DAR4NzEyMBOkETAPMQ0wCwYDVQQDDAR4NzEzMBOkETAPMQ0wCwYDVQQDDAR4NzE0 +MBOkETAPMQ0wCwYDVQQDDAR4NzE1MBOkETAPMQ0wCwYDVQQDDAR4NzE2MBOkETAP +MQ0wCwYDVQQDDAR4NzE3MBOkETAPMQ0wCwYDVQQDDAR4NzE4MBOkETAPMQ0wCwYD +VQQDDAR4NzE5MBOkETAPMQ0wCwYDVQQDDAR4NzIwMBOkETAPMQ0wCwYDVQQDDAR4 +NzIxMBOkETAPMQ0wCwYDVQQDDAR4NzIyMBOkETAPMQ0wCwYDVQQDDAR4NzIzMBOk +ETAPMQ0wCwYDVQQDDAR4NzI0MBOkETAPMQ0wCwYDVQQDDAR4NzI1MBOkETAPMQ0w +CwYDVQQDDAR4NzI2MBOkETAPMQ0wCwYDVQQDDAR4NzI3MBOkETAPMQ0wCwYDVQQD +DAR4NzI4MBOkETAPMQ0wCwYDVQQDDAR4NzI5MBOkETAPMQ0wCwYDVQQDDAR4NzMw +MBOkETAPMQ0wCwYDVQQDDAR4NzMxMBOkETAPMQ0wCwYDVQQDDAR4NzMyMBOkETAP +MQ0wCwYDVQQDDAR4NzMzMBOkETAPMQ0wCwYDVQQDDAR4NzM0MBOkETAPMQ0wCwYD +VQQDDAR4NzM1MBOkETAPMQ0wCwYDVQQDDAR4NzM2MBOkETAPMQ0wCwYDVQQDDAR4 +NzM3MBOkETAPMQ0wCwYDVQQDDAR4NzM4MBOkETAPMQ0wCwYDVQQDDAR4NzM5MBOk +ETAPMQ0wCwYDVQQDDAR4NzQwMBOkETAPMQ0wCwYDVQQDDAR4NzQxMBOkETAPMQ0w +CwYDVQQDDAR4NzQyMBOkETAPMQ0wCwYDVQQDDAR4NzQzMBOkETAPMQ0wCwYDVQQD +DAR4NzQ0MBOkETAPMQ0wCwYDVQQDDAR4NzQ1MBOkETAPMQ0wCwYDVQQDDAR4NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4NzQ3MBOkETAPMQ0wCwYDVQQDDAR4NzQ4MBOkETAP +MQ0wCwYDVQQDDAR4NzQ5MBOkETAPMQ0wCwYDVQQDDAR4NzUwMBOkETAPMQ0wCwYD +VQQDDAR4NzUxMBOkETAPMQ0wCwYDVQQDDAR4NzUyMBOkETAPMQ0wCwYDVQQDDAR4 +NzUzMBOkETAPMQ0wCwYDVQQDDAR4NzU0MBOkETAPMQ0wCwYDVQQDDAR4NzU1MBOk +ETAPMQ0wCwYDVQQDDAR4NzU2MBOkETAPMQ0wCwYDVQQDDAR4NzU3MBOkETAPMQ0w +CwYDVQQDDAR4NzU4MBOkETAPMQ0wCwYDVQQDDAR4NzU5MBOkETAPMQ0wCwYDVQQD +DAR4NzYwMBOkETAPMQ0wCwYDVQQDDAR4NzYxMBOkETAPMQ0wCwYDVQQDDAR4NzYy +MBOkETAPMQ0wCwYDVQQDDAR4NzYzMBOkETAPMQ0wCwYDVQQDDAR4NzY0MBOkETAP +MQ0wCwYDVQQDDAR4NzY1MBOkETAPMQ0wCwYDVQQDDAR4NzY2MBOkETAPMQ0wCwYD +VQQDDAR4NzY3MBOkETAPMQ0wCwYDVQQDDAR4NzY4MBOkETAPMQ0wCwYDVQQDDAR4 +NzY5MBOkETAPMQ0wCwYDVQQDDAR4NzcwMBOkETAPMQ0wCwYDVQQDDAR4NzcxMBOk +ETAPMQ0wCwYDVQQDDAR4NzcyMBOkETAPMQ0wCwYDVQQDDAR4NzczMBOkETAPMQ0w +CwYDVQQDDAR4Nzc0MBOkETAPMQ0wCwYDVQQDDAR4Nzc1MBOkETAPMQ0wCwYDVQQD +DAR4Nzc2MBOkETAPMQ0wCwYDVQQDDAR4Nzc3MBOkETAPMQ0wCwYDVQQDDAR4Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Nzc5MBOkETAPMQ0wCwYDVQQDDAR4NzgwMBOkETAP +MQ0wCwYDVQQDDAR4NzgxMBOkETAPMQ0wCwYDVQQDDAR4NzgyMBOkETAPMQ0wCwYD +VQQDDAR4NzgzMBOkETAPMQ0wCwYDVQQDDAR4Nzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR4Nzg2MBOkETAPMQ0wCwYDVQQDDAR4Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Nzg4MBOkETAPMQ0wCwYDVQQDDAR4Nzg5MBOkETAPMQ0w +CwYDVQQDDAR4NzkwMBOkETAPMQ0wCwYDVQQDDAR4NzkxMBOkETAPMQ0wCwYDVQQD +DAR4NzkyMBOkETAPMQ0wCwYDVQQDDAR4NzkzMBOkETAPMQ0wCwYDVQQDDAR4Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Nzk1MBOkETAPMQ0wCwYDVQQDDAR4Nzk2MBOkETAP +MQ0wCwYDVQQDDAR4Nzk3MBOkETAPMQ0wCwYDVQQDDAR4Nzk4MBOkETAPMQ0wCwYD +VQQDDAR4Nzk5MBOkETAPMQ0wCwYDVQQDDAR4ODAwMBOkETAPMQ0wCwYDVQQDDAR4 +ODAxMBOkETAPMQ0wCwYDVQQDDAR4ODAyMBOkETAPMQ0wCwYDVQQDDAR4ODAzMBOk +ETAPMQ0wCwYDVQQDDAR4ODA0MBOkETAPMQ0wCwYDVQQDDAR4ODA1MBOkETAPMQ0w +CwYDVQQDDAR4ODA2MBOkETAPMQ0wCwYDVQQDDAR4ODA3MBOkETAPMQ0wCwYDVQQD +DAR4ODA4MBOkETAPMQ0wCwYDVQQDDAR4ODA5MBOkETAPMQ0wCwYDVQQDDAR4ODEw +MBOkETAPMQ0wCwYDVQQDDAR4ODExMBOkETAPMQ0wCwYDVQQDDAR4ODEyMBOkETAP +MQ0wCwYDVQQDDAR4ODEzMBOkETAPMQ0wCwYDVQQDDAR4ODE0MBOkETAPMQ0wCwYD +VQQDDAR4ODE1MBOkETAPMQ0wCwYDVQQDDAR4ODE2MBOkETAPMQ0wCwYDVQQDDAR4 +ODE3MBOkETAPMQ0wCwYDVQQDDAR4ODE4MBOkETAPMQ0wCwYDVQQDDAR4ODE5MBOk +ETAPMQ0wCwYDVQQDDAR4ODIwMBOkETAPMQ0wCwYDVQQDDAR4ODIxMBOkETAPMQ0w +CwYDVQQDDAR4ODIyMBOkETAPMQ0wCwYDVQQDDAR4ODIzMBOkETAPMQ0wCwYDVQQD +DAR4ODI0MBOkETAPMQ0wCwYDVQQDDAR4ODI1MBOkETAPMQ0wCwYDVQQDDAR4ODI2 +MBOkETAPMQ0wCwYDVQQDDAR4ODI3MBOkETAPMQ0wCwYDVQQDDAR4ODI4MBOkETAP +MQ0wCwYDVQQDDAR4ODI5MBOkETAPMQ0wCwYDVQQDDAR4ODMwMBOkETAPMQ0wCwYD +VQQDDAR4ODMxMBOkETAPMQ0wCwYDVQQDDAR4ODMyMBOkETAPMQ0wCwYDVQQDDAR4 +ODMzMBOkETAPMQ0wCwYDVQQDDAR4ODM0MBOkETAPMQ0wCwYDVQQDDAR4ODM1MBOk +ETAPMQ0wCwYDVQQDDAR4ODM2MBOkETAPMQ0wCwYDVQQDDAR4ODM3MBOkETAPMQ0w +CwYDVQQDDAR4ODM4MBOkETAPMQ0wCwYDVQQDDAR4ODM5MBOkETAPMQ0wCwYDVQQD +DAR4ODQwMBOkETAPMQ0wCwYDVQQDDAR4ODQxMBOkETAPMQ0wCwYDVQQDDAR4ODQy +MBOkETAPMQ0wCwYDVQQDDAR4ODQzMBOkETAPMQ0wCwYDVQQDDAR4ODQ0MBOkETAP +MQ0wCwYDVQQDDAR4ODQ1MBOkETAPMQ0wCwYDVQQDDAR4ODQ2MBOkETAPMQ0wCwYD +VQQDDAR4ODQ3MBOkETAPMQ0wCwYDVQQDDAR4ODQ4MBOkETAPMQ0wCwYDVQQDDAR4 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR4ODUwMBOkETAPMQ0wCwYDVQQDDAR4ODUxMBOk +ETAPMQ0wCwYDVQQDDAR4ODUyMBOkETAPMQ0wCwYDVQQDDAR4ODUzMBOkETAPMQ0w +CwYDVQQDDAR4ODU0MBOkETAPMQ0wCwYDVQQDDAR4ODU1MBOkETAPMQ0wCwYDVQQD +DAR4ODU2MBOkETAPMQ0wCwYDVQQDDAR4ODU3MBOkETAPMQ0wCwYDVQQDDAR4ODU4 +MBOkETAPMQ0wCwYDVQQDDAR4ODU5MBOkETAPMQ0wCwYDVQQDDAR4ODYwMBOkETAP +MQ0wCwYDVQQDDAR4ODYxMBOkETAPMQ0wCwYDVQQDDAR4ODYyMBOkETAPMQ0wCwYD +VQQDDAR4ODYzMBOkETAPMQ0wCwYDVQQDDAR4ODY0MBOkETAPMQ0wCwYDVQQDDAR4 +ODY1MBOkETAPMQ0wCwYDVQQDDAR4ODY2MBOkETAPMQ0wCwYDVQQDDAR4ODY3MBOk +ETAPMQ0wCwYDVQQDDAR4ODY4MBOkETAPMQ0wCwYDVQQDDAR4ODY5MBOkETAPMQ0w +CwYDVQQDDAR4ODcwMBOkETAPMQ0wCwYDVQQDDAR4ODcxMBOkETAPMQ0wCwYDVQQD +DAR4ODcyMBOkETAPMQ0wCwYDVQQDDAR4ODczMBOkETAPMQ0wCwYDVQQDDAR4ODc0 +MBOkETAPMQ0wCwYDVQQDDAR4ODc1MBOkETAPMQ0wCwYDVQQDDAR4ODc2MBOkETAP +MQ0wCwYDVQQDDAR4ODc3MBOkETAPMQ0wCwYDVQQDDAR4ODc4MBOkETAPMQ0wCwYD +VQQDDAR4ODc5MBOkETAPMQ0wCwYDVQQDDAR4ODgwMBOkETAPMQ0wCwYDVQQDDAR4 +ODgxMBOkETAPMQ0wCwYDVQQDDAR4ODgyMBOkETAPMQ0wCwYDVQQDDAR4ODgzMBOk +ETAPMQ0wCwYDVQQDDAR4ODg0MBOkETAPMQ0wCwYDVQQDDAR4ODg1MBOkETAPMQ0w +CwYDVQQDDAR4ODg2MBOkETAPMQ0wCwYDVQQDDAR4ODg3MBOkETAPMQ0wCwYDVQQD +DAR4ODg4MBOkETAPMQ0wCwYDVQQDDAR4ODg5MBOkETAPMQ0wCwYDVQQDDAR4ODkw +MBOkETAPMQ0wCwYDVQQDDAR4ODkxMBOkETAPMQ0wCwYDVQQDDAR4ODkyMBOkETAP +MQ0wCwYDVQQDDAR4ODkzMBOkETAPMQ0wCwYDVQQDDAR4ODk0MBOkETAPMQ0wCwYD +VQQDDAR4ODk1MBOkETAPMQ0wCwYDVQQDDAR4ODk2MBOkETAPMQ0wCwYDVQQDDAR4 +ODk3MBOkETAPMQ0wCwYDVQQDDAR4ODk4MBOkETAPMQ0wCwYDVQQDDAR4ODk5MBOk +ETAPMQ0wCwYDVQQDDAR4OTAwMBOkETAPMQ0wCwYDVQQDDAR4OTAxMBOkETAPMQ0w +CwYDVQQDDAR4OTAyMBOkETAPMQ0wCwYDVQQDDAR4OTAzMBOkETAPMQ0wCwYDVQQD +DAR4OTA0MBOkETAPMQ0wCwYDVQQDDAR4OTA1MBOkETAPMQ0wCwYDVQQDDAR4OTA2 +MBOkETAPMQ0wCwYDVQQDDAR4OTA3MBOkETAPMQ0wCwYDVQQDDAR4OTA4MBOkETAP +MQ0wCwYDVQQDDAR4OTA5MBOkETAPMQ0wCwYDVQQDDAR4OTEwMBOkETAPMQ0wCwYD +VQQDDAR4OTExMBOkETAPMQ0wCwYDVQQDDAR4OTEyMBOkETAPMQ0wCwYDVQQDDAR4 +OTEzMBOkETAPMQ0wCwYDVQQDDAR4OTE0MBOkETAPMQ0wCwYDVQQDDAR4OTE1MBOk +ETAPMQ0wCwYDVQQDDAR4OTE2MBOkETAPMQ0wCwYDVQQDDAR4OTE3MBOkETAPMQ0w +CwYDVQQDDAR4OTE4MBOkETAPMQ0wCwYDVQQDDAR4OTE5MBOkETAPMQ0wCwYDVQQD +DAR4OTIwMBOkETAPMQ0wCwYDVQQDDAR4OTIxMBOkETAPMQ0wCwYDVQQDDAR4OTIy +MBOkETAPMQ0wCwYDVQQDDAR4OTIzMBOkETAPMQ0wCwYDVQQDDAR4OTI0MBOkETAP +MQ0wCwYDVQQDDAR4OTI1MBOkETAPMQ0wCwYDVQQDDAR4OTI2MBOkETAPMQ0wCwYD +VQQDDAR4OTI3MBOkETAPMQ0wCwYDVQQDDAR4OTI4MBOkETAPMQ0wCwYDVQQDDAR4 +OTI5MBOkETAPMQ0wCwYDVQQDDAR4OTMwMBOkETAPMQ0wCwYDVQQDDAR4OTMxMBOk +ETAPMQ0wCwYDVQQDDAR4OTMyMBOkETAPMQ0wCwYDVQQDDAR4OTMzMBOkETAPMQ0w +CwYDVQQDDAR4OTM0MBOkETAPMQ0wCwYDVQQDDAR4OTM1MBOkETAPMQ0wCwYDVQQD +DAR4OTM2MBOkETAPMQ0wCwYDVQQDDAR4OTM3MBOkETAPMQ0wCwYDVQQDDAR4OTM4 +MBOkETAPMQ0wCwYDVQQDDAR4OTM5MBOkETAPMQ0wCwYDVQQDDAR4OTQwMBOkETAP +MQ0wCwYDVQQDDAR4OTQxMBOkETAPMQ0wCwYDVQQDDAR4OTQyMBOkETAPMQ0wCwYD +VQQDDAR4OTQzMBOkETAPMQ0wCwYDVQQDDAR4OTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR4OTQ2MBOkETAPMQ0wCwYDVQQDDAR4OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4OTQ4MBOkETAPMQ0wCwYDVQQDDAR4OTQ5MBOkETAPMQ0w +CwYDVQQDDAR4OTUwMBOkETAPMQ0wCwYDVQQDDAR4OTUxMBOkETAPMQ0wCwYDVQQD +DAR4OTUyMBOkETAPMQ0wCwYDVQQDDAR4OTUzMBOkETAPMQ0wCwYDVQQDDAR4OTU0 +MBOkETAPMQ0wCwYDVQQDDAR4OTU1MBOkETAPMQ0wCwYDVQQDDAR4OTU2MBOkETAP +MQ0wCwYDVQQDDAR4OTU3MBOkETAPMQ0wCwYDVQQDDAR4OTU4MBOkETAPMQ0wCwYD +VQQDDAR4OTU5MBOkETAPMQ0wCwYDVQQDDAR4OTYwMBOkETAPMQ0wCwYDVQQDDAR4 +OTYxMBOkETAPMQ0wCwYDVQQDDAR4OTYyMBOkETAPMQ0wCwYDVQQDDAR4OTYzMBOk +ETAPMQ0wCwYDVQQDDAR4OTY0MBOkETAPMQ0wCwYDVQQDDAR4OTY1MBOkETAPMQ0w +CwYDVQQDDAR4OTY2MBOkETAPMQ0wCwYDVQQDDAR4OTY3MBOkETAPMQ0wCwYDVQQD +DAR4OTY4MBOkETAPMQ0wCwYDVQQDDAR4OTY5MBOkETAPMQ0wCwYDVQQDDAR4OTcw +MBOkETAPMQ0wCwYDVQQDDAR4OTcxMBOkETAPMQ0wCwYDVQQDDAR4OTcyMBOkETAP +MQ0wCwYDVQQDDAR4OTczMBOkETAPMQ0wCwYDVQQDDAR4OTc0MBOkETAPMQ0wCwYD +VQQDDAR4OTc1MBOkETAPMQ0wCwYDVQQDDAR4OTc2MBOkETAPMQ0wCwYDVQQDDAR4 +OTc3MBOkETAPMQ0wCwYDVQQDDAR4OTc4MBOkETAPMQ0wCwYDVQQDDAR4OTc5MBOk +ETAPMQ0wCwYDVQQDDAR4OTgwMBOkETAPMQ0wCwYDVQQDDAR4OTgxMBOkETAPMQ0w +CwYDVQQDDAR4OTgyMBOkETAPMQ0wCwYDVQQDDAR4OTgzMBOkETAPMQ0wCwYDVQQD +DAR4OTg0MBOkETAPMQ0wCwYDVQQDDAR4OTg1MBOkETAPMQ0wCwYDVQQDDAR4OTg2 +MBOkETAPMQ0wCwYDVQQDDAR4OTg3MBOkETAPMQ0wCwYDVQQDDAR4OTg4MBOkETAP +MQ0wCwYDVQQDDAR4OTg5MBOkETAPMQ0wCwYDVQQDDAR4OTkwMBOkETAPMQ0wCwYD +VQQDDAR4OTkxMBOkETAPMQ0wCwYDVQQDDAR4OTkyMBOkETAPMQ0wCwYDVQQDDAR4 +OTkzMBOkETAPMQ0wCwYDVQQDDAR4OTk0MBOkETAPMQ0wCwYDVQQDDAR4OTk1MBOk +ETAPMQ0wCwYDVQQDDAR4OTk2MBOkETAPMQ0wCwYDVQQDDAR4OTk3MBOkETAPMQ0w +CwYDVQQDDAR4OTk4MBOkETAPMQ0wCwYDVQQDDAR4OTk5MBSkEjAQMQ4wDAYDVQQD +DAV4MTAwMDAUpBIwEDEOMAwGA1UEAwwFeDEwMDEwFKQSMBAxDjAMBgNVBAMMBXgx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV4MTAwMzAUpBIwEDEOMAwGA1UEAwwFeDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXgxMDA1MBSkEjAQMQ4wDAYDVQQDDAV4MTAwNjAUpBIw +EDEOMAwGA1UEAwwFeDEwMDcwFKQSMBAxDjAMBgNVBAMMBXgxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV4MTAwOTAUpBIwEDEOMAwGA1UEAwwFeDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXgxMDExMBSkEjAQMQ4wDAYDVQQDDAV4MTAxMjAUpBIwEDEOMAwGA1UEAwwF +eDEwMTMwFKQSMBAxDjAMBgNVBAMMBXgxMDE0MBSkEjAQMQ4wDAYDVQQDDAV4MTAx +NTAUpBIwEDEOMAwGA1UEAwwFeDEwMTYwFKQSMBAxDjAMBgNVBAMMBXgxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV4MTAxODAUpBIwEDEOMAwGA1UEAwwFeDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXgxMDIwMBSkEjAQMQ4wDAYDVQQDDAV4MTAyMTAUpBIwEDEOMAwG +A1UEAwwFeDEwMjIwFKQSMBAxDjAMBgNVBAMMBXgxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV4MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAdY+tX6CMogUY2JimxR18uRH0FGok +ViERmMffDBJsQz1FVN4QFOV7wNh3ZMIBi/PQENgDQ/75UHnGkTQ4d78OCX8ff49Q +nyryMVs3DgRVEysbNDIOjduo7TTQaoOg+THRXy1YBykl0xze+HqsPadnSkzq4PkP +kf/YSNwR7KgjoeRiUbCT+G1jDybEqgnnMIWUzCItpsHhWndw4r5QZyt6hY5WNfdZ +iXBviv4cvRa1hSIO8h7QAFtjf1vrHiPA1cbJl52ap/YrjVRkC/fbJl4IsgyO3N8f +6ZI68cuJ1B9GRZzoDLJsqp9V/M0C/DyCnKV58iempYODZH8C0IzzjzKn4Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.cnf new file mode 100644 index 0000000000..e87c161023 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.cnf @@ -0,0 +1,1092 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_5.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +permitted;DNS.1 = t0.test +permitted;DNS.2 = t1.test +permitted;DNS.3 = t2.test +permitted;DNS.4 = t3.test +permitted;DNS.5 = t4.test +permitted;DNS.6 = t5.test +permitted;DNS.7 = t6.test +permitted;DNS.8 = t7.test +permitted;DNS.9 = t8.test +permitted;DNS.10 = t9.test +permitted;DNS.11 = t10.test +permitted;DNS.12 = t11.test +permitted;DNS.13 = t12.test +permitted;DNS.14 = t13.test +permitted;DNS.15 = t14.test +permitted;DNS.16 = t15.test +permitted;DNS.17 = t16.test +permitted;DNS.18 = t17.test +permitted;DNS.19 = t18.test +permitted;DNS.20 = t19.test +permitted;DNS.21 = t20.test +permitted;DNS.22 = t21.test +permitted;DNS.23 = t22.test +permitted;DNS.24 = t23.test +permitted;DNS.25 = t24.test +permitted;DNS.26 = t25.test +permitted;DNS.27 = t26.test +permitted;DNS.28 = t27.test +permitted;DNS.29 = t28.test +permitted;DNS.30 = t29.test +permitted;DNS.31 = t30.test +permitted;DNS.32 = t31.test +permitted;DNS.33 = t32.test +permitted;DNS.34 = t33.test +permitted;DNS.35 = t34.test +permitted;DNS.36 = t35.test +permitted;DNS.37 = t36.test +permitted;DNS.38 = t37.test +permitted;DNS.39 = t38.test +permitted;DNS.40 = t39.test +permitted;DNS.41 = t40.test +permitted;DNS.42 = t41.test +permitted;DNS.43 = t42.test +permitted;DNS.44 = t43.test +permitted;DNS.45 = t44.test +permitted;DNS.46 = t45.test +permitted;DNS.47 = t46.test +permitted;DNS.48 = t47.test +permitted;DNS.49 = t48.test +permitted;DNS.50 = t49.test +permitted;DNS.51 = t50.test +permitted;DNS.52 = t51.test +permitted;DNS.53 = t52.test +permitted;DNS.54 = t53.test +permitted;DNS.55 = t54.test +permitted;DNS.56 = t55.test +permitted;DNS.57 = t56.test +permitted;DNS.58 = t57.test +permitted;DNS.59 = t58.test +permitted;DNS.60 = t59.test +permitted;DNS.61 = t60.test +permitted;DNS.62 = t61.test +permitted;DNS.63 = t62.test +permitted;DNS.64 = t63.test +permitted;DNS.65 = t64.test +permitted;DNS.66 = t65.test +permitted;DNS.67 = t66.test +permitted;DNS.68 = t67.test +permitted;DNS.69 = t68.test +permitted;DNS.70 = t69.test +permitted;DNS.71 = t70.test +permitted;DNS.72 = t71.test +permitted;DNS.73 = t72.test +permitted;DNS.74 = t73.test +permitted;DNS.75 = t74.test +permitted;DNS.76 = t75.test +permitted;DNS.77 = t76.test +permitted;DNS.78 = t77.test +permitted;DNS.79 = t78.test +permitted;DNS.80 = t79.test +permitted;DNS.81 = t80.test +permitted;DNS.82 = t81.test +permitted;DNS.83 = t82.test +permitted;DNS.84 = t83.test +permitted;DNS.85 = t84.test +permitted;DNS.86 = t85.test +permitted;DNS.87 = t86.test +permitted;DNS.88 = t87.test +permitted;DNS.89 = t88.test +permitted;DNS.90 = t89.test +permitted;DNS.91 = t90.test +permitted;DNS.92 = t91.test +permitted;DNS.93 = t92.test +permitted;DNS.94 = t93.test +permitted;DNS.95 = t94.test +permitted;DNS.96 = t95.test +permitted;DNS.97 = t96.test +permitted;DNS.98 = t97.test +permitted;DNS.99 = t98.test +permitted;DNS.100 = t99.test +permitted;DNS.101 = t100.test +permitted;DNS.102 = t101.test +permitted;DNS.103 = t102.test +permitted;DNS.104 = t103.test +permitted;DNS.105 = t104.test +permitted;DNS.106 = t105.test +permitted;DNS.107 = t106.test +permitted;DNS.108 = t107.test +permitted;DNS.109 = t108.test +permitted;DNS.110 = t109.test +permitted;DNS.111 = t110.test +permitted;DNS.112 = t111.test +permitted;DNS.113 = t112.test +permitted;DNS.114 = t113.test +permitted;DNS.115 = t114.test +permitted;DNS.116 = t115.test +permitted;DNS.117 = t116.test +permitted;DNS.118 = t117.test +permitted;DNS.119 = t118.test +permitted;DNS.120 = t119.test +permitted;DNS.121 = t120.test +permitted;DNS.122 = t121.test +permitted;DNS.123 = t122.test +permitted;DNS.124 = t123.test +permitted;DNS.125 = t124.test +permitted;DNS.126 = t125.test +permitted;DNS.127 = t126.test +permitted;DNS.128 = t127.test +permitted;DNS.129 = t128.test +permitted;DNS.130 = t129.test +permitted;DNS.131 = t130.test +permitted;DNS.132 = t131.test +permitted;DNS.133 = t132.test +permitted;DNS.134 = t133.test +permitted;DNS.135 = t134.test +permitted;DNS.136 = t135.test +permitted;DNS.137 = t136.test +permitted;DNS.138 = t137.test +permitted;DNS.139 = t138.test +permitted;DNS.140 = t139.test +permitted;DNS.141 = t140.test +permitted;DNS.142 = t141.test +permitted;DNS.143 = t142.test +permitted;DNS.144 = t143.test +permitted;DNS.145 = t144.test +permitted;DNS.146 = t145.test +permitted;DNS.147 = t146.test +permitted;DNS.148 = t147.test +permitted;DNS.149 = t148.test +permitted;DNS.150 = t149.test +permitted;DNS.151 = t150.test +permitted;DNS.152 = t151.test +permitted;DNS.153 = t152.test +permitted;DNS.154 = t153.test +permitted;DNS.155 = t154.test +permitted;DNS.156 = t155.test +permitted;DNS.157 = t156.test +permitted;DNS.158 = t157.test +permitted;DNS.159 = t158.test +permitted;DNS.160 = t159.test +permitted;DNS.161 = t160.test +permitted;DNS.162 = t161.test +permitted;DNS.163 = t162.test +permitted;DNS.164 = t163.test +permitted;DNS.165 = t164.test +permitted;DNS.166 = t165.test +permitted;DNS.167 = t166.test +permitted;DNS.168 = t167.test +permitted;DNS.169 = t168.test +permitted;DNS.170 = t169.test +permitted;DNS.171 = t170.test +permitted;DNS.172 = t171.test +permitted;DNS.173 = t172.test +permitted;DNS.174 = t173.test +permitted;DNS.175 = t174.test +permitted;DNS.176 = t175.test +permitted;DNS.177 = t176.test +permitted;DNS.178 = t177.test +permitted;DNS.179 = t178.test +permitted;DNS.180 = t179.test +permitted;DNS.181 = t180.test +permitted;DNS.182 = t181.test +permitted;DNS.183 = t182.test +permitted;DNS.184 = t183.test +permitted;DNS.185 = t184.test +permitted;DNS.186 = t185.test +permitted;DNS.187 = t186.test +permitted;DNS.188 = t187.test +permitted;DNS.189 = t188.test +permitted;DNS.190 = t189.test +permitted;DNS.191 = t190.test +permitted;DNS.192 = t191.test +permitted;DNS.193 = t192.test +permitted;DNS.194 = t193.test +permitted;DNS.195 = t194.test +permitted;DNS.196 = t195.test +permitted;DNS.197 = t196.test +permitted;DNS.198 = t197.test +permitted;DNS.199 = t198.test +permitted;DNS.200 = t199.test +permitted;DNS.201 = t200.test +permitted;DNS.202 = t201.test +permitted;DNS.203 = t202.test +permitted;DNS.204 = t203.test +permitted;DNS.205 = t204.test +permitted;DNS.206 = t205.test +permitted;DNS.207 = t206.test +permitted;DNS.208 = t207.test +permitted;DNS.209 = t208.test +permitted;DNS.210 = t209.test +permitted;DNS.211 = t210.test +permitted;DNS.212 = t211.test +permitted;DNS.213 = t212.test +permitted;DNS.214 = t213.test +permitted;DNS.215 = t214.test +permitted;DNS.216 = t215.test +permitted;DNS.217 = t216.test +permitted;DNS.218 = t217.test +permitted;DNS.219 = t218.test +permitted;DNS.220 = t219.test +permitted;DNS.221 = t220.test +permitted;DNS.222 = t221.test +permitted;DNS.223 = t222.test +permitted;DNS.224 = t223.test +permitted;DNS.225 = t224.test +permitted;DNS.226 = t225.test +permitted;DNS.227 = t226.test +permitted;DNS.228 = t227.test +permitted;DNS.229 = t228.test +permitted;DNS.230 = t229.test +permitted;DNS.231 = t230.test +permitted;DNS.232 = t231.test +permitted;DNS.233 = t232.test +permitted;DNS.234 = t233.test +permitted;DNS.235 = t234.test +permitted;DNS.236 = t235.test +permitted;DNS.237 = t236.test +permitted;DNS.238 = t237.test +permitted;DNS.239 = t238.test +permitted;DNS.240 = t239.test +permitted;DNS.241 = t240.test +permitted;DNS.242 = t241.test +permitted;DNS.243 = t242.test +permitted;DNS.244 = t243.test +permitted;DNS.245 = t244.test +permitted;DNS.246 = t245.test +permitted;DNS.247 = t246.test +permitted;DNS.248 = t247.test +permitted;DNS.249 = t248.test +permitted;DNS.250 = t249.test +permitted;DNS.251 = t250.test +permitted;DNS.252 = t251.test +permitted;DNS.253 = t252.test +permitted;DNS.254 = t253.test +permitted;DNS.255 = t254.test +permitted;DNS.256 = t255.test +permitted;DNS.257 = t256.test +permitted;DNS.258 = t257.test +permitted;DNS.259 = t258.test +permitted;DNS.260 = t259.test +permitted;DNS.261 = t260.test +permitted;DNS.262 = t261.test +permitted;DNS.263 = t262.test +permitted;DNS.264 = t263.test +permitted;DNS.265 = t264.test +permitted;DNS.266 = t265.test +permitted;DNS.267 = t266.test +permitted;DNS.268 = t267.test +permitted;DNS.269 = t268.test +permitted;DNS.270 = t269.test +permitted;DNS.271 = t270.test +permitted;DNS.272 = t271.test +permitted;DNS.273 = t272.test +permitted;DNS.274 = t273.test +permitted;DNS.275 = t274.test +permitted;DNS.276 = t275.test +permitted;DNS.277 = t276.test +permitted;DNS.278 = t277.test +permitted;DNS.279 = t278.test +permitted;DNS.280 = t279.test +permitted;DNS.281 = t280.test +permitted;DNS.282 = t281.test +permitted;DNS.283 = t282.test +permitted;DNS.284 = t283.test +permitted;DNS.285 = t284.test +permitted;DNS.286 = t285.test +permitted;DNS.287 = t286.test +permitted;DNS.288 = t287.test +permitted;DNS.289 = t288.test +permitted;DNS.290 = t289.test +permitted;DNS.291 = t290.test +permitted;DNS.292 = t291.test +permitted;DNS.293 = t292.test +permitted;DNS.294 = t293.test +permitted;DNS.295 = t294.test +permitted;DNS.296 = t295.test +permitted;DNS.297 = t296.test +permitted;DNS.298 = t297.test +permitted;DNS.299 = t298.test +permitted;DNS.300 = t299.test +permitted;DNS.301 = t300.test +permitted;DNS.302 = t301.test +permitted;DNS.303 = t302.test +permitted;DNS.304 = t303.test +permitted;DNS.305 = t304.test +permitted;DNS.306 = t305.test +permitted;DNS.307 = t306.test +permitted;DNS.308 = t307.test +permitted;DNS.309 = t308.test +permitted;DNS.310 = t309.test +permitted;DNS.311 = t310.test +permitted;DNS.312 = t311.test +permitted;DNS.313 = t312.test +permitted;DNS.314 = t313.test +permitted;DNS.315 = t314.test +permitted;DNS.316 = t315.test +permitted;DNS.317 = t316.test +permitted;DNS.318 = t317.test +permitted;DNS.319 = t318.test +permitted;DNS.320 = t319.test +permitted;DNS.321 = t320.test +permitted;DNS.322 = t321.test +permitted;DNS.323 = t322.test +permitted;DNS.324 = t323.test +permitted;DNS.325 = t324.test +permitted;DNS.326 = t325.test +permitted;DNS.327 = t326.test +permitted;DNS.328 = t327.test +permitted;DNS.329 = t328.test +permitted;DNS.330 = t329.test +permitted;DNS.331 = t330.test +permitted;DNS.332 = t331.test +permitted;DNS.333 = t332.test +permitted;DNS.334 = t333.test +permitted;DNS.335 = t334.test +permitted;DNS.336 = t335.test +permitted;DNS.337 = t336.test +permitted;DNS.338 = t337.test +permitted;DNS.339 = t338.test +permitted;DNS.340 = t339.test +permitted;DNS.341 = t340.test +permitted;DNS.342 = t341.test +permitted;DNS.343 = t342.test +permitted;DNS.344 = t343.test +permitted;DNS.345 = t344.test +permitted;DNS.346 = t345.test +permitted;DNS.347 = t346.test +permitted;DNS.348 = t347.test +permitted;DNS.349 = t348.test +permitted;DNS.350 = t349.test +permitted;DNS.351 = t350.test +permitted;DNS.352 = t351.test +permitted;DNS.353 = t352.test +permitted;DNS.354 = t353.test +permitted;DNS.355 = t354.test +permitted;DNS.356 = t355.test +permitted;DNS.357 = t356.test +permitted;DNS.358 = t357.test +permitted;DNS.359 = t358.test +permitted;DNS.360 = t359.test +permitted;DNS.361 = t360.test +permitted;DNS.362 = t361.test +permitted;DNS.363 = t362.test +permitted;DNS.364 = t363.test +permitted;DNS.365 = t364.test +permitted;DNS.366 = t365.test +permitted;DNS.367 = t366.test +permitted;DNS.368 = t367.test +permitted;DNS.369 = t368.test +permitted;DNS.370 = t369.test +permitted;DNS.371 = t370.test +permitted;DNS.372 = t371.test +permitted;DNS.373 = t372.test +permitted;DNS.374 = t373.test +permitted;DNS.375 = t374.test +permitted;DNS.376 = t375.test +permitted;DNS.377 = t376.test +permitted;DNS.378 = t377.test +permitted;DNS.379 = t378.test +permitted;DNS.380 = t379.test +permitted;DNS.381 = t380.test +permitted;DNS.382 = t381.test +permitted;DNS.383 = t382.test +permitted;DNS.384 = t383.test +permitted;DNS.385 = t384.test +permitted;DNS.386 = t385.test +permitted;DNS.387 = t386.test +permitted;DNS.388 = t387.test +permitted;DNS.389 = t388.test +permitted;DNS.390 = t389.test +permitted;DNS.391 = t390.test +permitted;DNS.392 = t391.test +permitted;DNS.393 = t392.test +permitted;DNS.394 = t393.test +permitted;DNS.395 = t394.test +permitted;DNS.396 = t395.test +permitted;DNS.397 = t396.test +permitted;DNS.398 = t397.test +permitted;DNS.399 = t398.test +permitted;DNS.400 = t399.test +permitted;DNS.401 = t400.test +permitted;DNS.402 = t401.test +permitted;DNS.403 = t402.test +permitted;DNS.404 = t403.test +permitted;DNS.405 = t404.test +permitted;DNS.406 = t405.test +permitted;DNS.407 = t406.test +permitted;DNS.408 = t407.test +permitted;DNS.409 = t408.test +permitted;DNS.410 = t409.test +permitted;DNS.411 = t410.test +permitted;DNS.412 = t411.test +permitted;DNS.413 = t412.test +permitted;DNS.414 = t413.test +permitted;DNS.415 = t414.test +permitted;DNS.416 = t415.test +permitted;DNS.417 = t416.test +permitted;DNS.418 = t417.test +permitted;DNS.419 = t418.test +permitted;DNS.420 = t419.test +permitted;DNS.421 = t420.test +permitted;DNS.422 = t421.test +permitted;DNS.423 = t422.test +permitted;DNS.424 = t423.test +permitted;DNS.425 = t424.test +permitted;DNS.426 = t425.test +permitted;DNS.427 = t426.test +permitted;DNS.428 = t427.test +permitted;DNS.429 = t428.test +permitted;DNS.430 = t429.test +permitted;DNS.431 = t430.test +permitted;DNS.432 = t431.test +permitted;DNS.433 = t432.test +permitted;DNS.434 = t433.test +permitted;DNS.435 = t434.test +permitted;DNS.436 = t435.test +permitted;DNS.437 = t436.test +permitted;DNS.438 = t437.test +permitted;DNS.439 = t438.test +permitted;DNS.440 = t439.test +permitted;DNS.441 = t440.test +permitted;DNS.442 = t441.test +permitted;DNS.443 = t442.test +permitted;DNS.444 = t443.test +permitted;DNS.445 = t444.test +permitted;DNS.446 = t445.test +permitted;DNS.447 = t446.test +permitted;DNS.448 = t447.test +permitted;DNS.449 = t448.test +permitted;DNS.450 = t449.test +permitted;DNS.451 = t450.test +permitted;DNS.452 = t451.test +permitted;DNS.453 = t452.test +permitted;DNS.454 = t453.test +permitted;DNS.455 = t454.test +permitted;DNS.456 = t455.test +permitted;DNS.457 = t456.test +permitted;DNS.458 = t457.test +permitted;DNS.459 = t458.test +permitted;DNS.460 = t459.test +permitted;DNS.461 = t460.test +permitted;DNS.462 = t461.test +permitted;DNS.463 = t462.test +permitted;DNS.464 = t463.test +permitted;DNS.465 = t464.test +permitted;DNS.466 = t465.test +permitted;DNS.467 = t466.test +permitted;DNS.468 = t467.test +permitted;DNS.469 = t468.test +permitted;DNS.470 = t469.test +permitted;DNS.471 = t470.test +permitted;DNS.472 = t471.test +permitted;DNS.473 = t472.test +permitted;DNS.474 = t473.test +permitted;DNS.475 = t474.test +permitted;DNS.476 = t475.test +permitted;DNS.477 = t476.test +permitted;DNS.478 = t477.test +permitted;DNS.479 = t478.test +permitted;DNS.480 = t479.test +permitted;DNS.481 = t480.test +permitted;DNS.482 = t481.test +permitted;DNS.483 = t482.test +permitted;DNS.484 = t483.test +permitted;DNS.485 = t484.test +permitted;DNS.486 = t485.test +permitted;DNS.487 = t486.test +permitted;DNS.488 = t487.test +permitted;DNS.489 = t488.test +permitted;DNS.490 = t489.test +permitted;DNS.491 = t490.test +permitted;DNS.492 = t491.test +permitted;DNS.493 = t492.test +permitted;DNS.494 = t493.test +permitted;DNS.495 = t494.test +permitted;DNS.496 = t495.test +permitted;DNS.497 = t496.test +permitted;DNS.498 = t497.test +permitted;DNS.499 = t498.test +permitted;DNS.500 = t499.test +permitted;DNS.501 = t500.test +permitted;DNS.502 = t501.test +permitted;DNS.503 = t502.test +permitted;DNS.504 = t503.test +permitted;DNS.505 = t504.test +permitted;DNS.506 = t505.test +permitted;DNS.507 = t506.test +permitted;DNS.508 = t507.test +permitted;DNS.509 = t508.test +permitted;DNS.510 = t509.test +permitted;DNS.511 = t510.test +permitted;DNS.512 = t511.test +permitted;DNS.513 = t512.test +permitted;DNS.514 = t513.test +permitted;DNS.515 = t514.test +permitted;DNS.516 = t515.test +permitted;DNS.517 = t516.test +permitted;DNS.518 = t517.test +permitted;DNS.519 = t518.test +permitted;DNS.520 = t519.test +permitted;DNS.521 = t520.test +permitted;DNS.522 = t521.test +permitted;DNS.523 = t522.test +permitted;DNS.524 = t523.test +permitted;DNS.525 = t524.test +permitted;DNS.526 = t525.test +permitted;DNS.527 = t526.test +permitted;DNS.528 = t527.test +permitted;DNS.529 = t528.test +permitted;DNS.530 = t529.test +permitted;DNS.531 = t530.test +permitted;DNS.532 = t531.test +permitted;DNS.533 = t532.test +permitted;DNS.534 = t533.test +permitted;DNS.535 = t534.test +permitted;DNS.536 = t535.test +permitted;DNS.537 = t536.test +permitted;DNS.538 = t537.test +permitted;DNS.539 = t538.test +permitted;DNS.540 = t539.test +permitted;DNS.541 = t540.test +permitted;DNS.542 = t541.test +permitted;DNS.543 = t542.test +permitted;DNS.544 = t543.test +permitted;DNS.545 = t544.test +permitted;DNS.546 = t545.test +permitted;DNS.547 = t546.test +permitted;DNS.548 = t547.test +permitted;DNS.549 = t548.test +permitted;DNS.550 = t549.test +permitted;DNS.551 = t550.test +permitted;DNS.552 = t551.test +permitted;DNS.553 = t552.test +permitted;DNS.554 = t553.test +permitted;DNS.555 = t554.test +permitted;DNS.556 = t555.test +permitted;DNS.557 = t556.test +permitted;DNS.558 = t557.test +permitted;DNS.559 = t558.test +permitted;DNS.560 = t559.test +permitted;DNS.561 = t560.test +permitted;DNS.562 = t561.test +permitted;DNS.563 = t562.test +permitted;DNS.564 = t563.test +permitted;DNS.565 = t564.test +permitted;DNS.566 = t565.test +permitted;DNS.567 = t566.test +permitted;DNS.568 = t567.test +permitted;DNS.569 = t568.test +permitted;DNS.570 = t569.test +permitted;DNS.571 = t570.test +permitted;DNS.572 = t571.test +permitted;DNS.573 = t572.test +permitted;DNS.574 = t573.test +permitted;DNS.575 = t574.test +permitted;DNS.576 = t575.test +permitted;DNS.577 = t576.test +permitted;DNS.578 = t577.test +permitted;DNS.579 = t578.test +permitted;DNS.580 = t579.test +permitted;DNS.581 = t580.test +permitted;DNS.582 = t581.test +permitted;DNS.583 = t582.test +permitted;DNS.584 = t583.test +permitted;DNS.585 = t584.test +permitted;DNS.586 = t585.test +permitted;DNS.587 = t586.test +permitted;DNS.588 = t587.test +permitted;DNS.589 = t588.test +permitted;DNS.590 = t589.test +permitted;DNS.591 = t590.test +permitted;DNS.592 = t591.test +permitted;DNS.593 = t592.test +permitted;DNS.594 = t593.test +permitted;DNS.595 = t594.test +permitted;DNS.596 = t595.test +permitted;DNS.597 = t596.test +permitted;DNS.598 = t597.test +permitted;DNS.599 = t598.test +permitted;DNS.600 = t599.test +permitted;DNS.601 = t600.test +permitted;DNS.602 = t601.test +permitted;DNS.603 = t602.test +permitted;DNS.604 = t603.test +permitted;DNS.605 = t604.test +permitted;DNS.606 = t605.test +permitted;DNS.607 = t606.test +permitted;DNS.608 = t607.test +permitted;DNS.609 = t608.test +permitted;DNS.610 = t609.test +permitted;DNS.611 = t610.test +permitted;DNS.612 = t611.test +permitted;DNS.613 = t612.test +permitted;DNS.614 = t613.test +permitted;DNS.615 = t614.test +permitted;DNS.616 = t615.test +permitted;DNS.617 = t616.test +permitted;DNS.618 = t617.test +permitted;DNS.619 = t618.test +permitted;DNS.620 = t619.test +permitted;DNS.621 = t620.test +permitted;DNS.622 = t621.test +permitted;DNS.623 = t622.test +permitted;DNS.624 = t623.test +permitted;DNS.625 = t624.test +permitted;DNS.626 = t625.test +permitted;DNS.627 = t626.test +permitted;DNS.628 = t627.test +permitted;DNS.629 = t628.test +permitted;DNS.630 = t629.test +permitted;DNS.631 = t630.test +permitted;DNS.632 = t631.test +permitted;DNS.633 = t632.test +permitted;DNS.634 = t633.test +permitted;DNS.635 = t634.test +permitted;DNS.636 = t635.test +permitted;DNS.637 = t636.test +permitted;DNS.638 = t637.test +permitted;DNS.639 = t638.test +permitted;DNS.640 = t639.test +permitted;DNS.641 = t640.test +permitted;DNS.642 = t641.test +permitted;DNS.643 = t642.test +permitted;DNS.644 = t643.test +permitted;DNS.645 = t644.test +permitted;DNS.646 = t645.test +permitted;DNS.647 = t646.test +permitted;DNS.648 = t647.test +permitted;DNS.649 = t648.test +permitted;DNS.650 = t649.test +permitted;DNS.651 = t650.test +permitted;DNS.652 = t651.test +permitted;DNS.653 = t652.test +permitted;DNS.654 = t653.test +permitted;DNS.655 = t654.test +permitted;DNS.656 = t655.test +permitted;DNS.657 = t656.test +permitted;DNS.658 = t657.test +permitted;DNS.659 = t658.test +permitted;DNS.660 = t659.test +permitted;DNS.661 = t660.test +permitted;DNS.662 = t661.test +permitted;DNS.663 = t662.test +permitted;DNS.664 = t663.test +permitted;DNS.665 = t664.test +permitted;DNS.666 = t665.test +permitted;DNS.667 = t666.test +permitted;DNS.668 = t667.test +permitted;DNS.669 = t668.test +permitted;DNS.670 = t669.test +permitted;DNS.671 = t670.test +permitted;DNS.672 = t671.test +permitted;DNS.673 = t672.test +permitted;DNS.674 = t673.test +permitted;DNS.675 = t674.test +permitted;DNS.676 = t675.test +permitted;DNS.677 = t676.test +permitted;DNS.678 = t677.test +permitted;DNS.679 = t678.test +permitted;DNS.680 = t679.test +permitted;DNS.681 = t680.test +permitted;DNS.682 = t681.test +permitted;DNS.683 = t682.test +permitted;DNS.684 = t683.test +permitted;DNS.685 = t684.test +permitted;DNS.686 = t685.test +permitted;DNS.687 = t686.test +permitted;DNS.688 = t687.test +permitted;DNS.689 = t688.test +permitted;DNS.690 = t689.test +permitted;DNS.691 = t690.test +permitted;DNS.692 = t691.test +permitted;DNS.693 = t692.test +permitted;DNS.694 = t693.test +permitted;DNS.695 = t694.test +permitted;DNS.696 = t695.test +permitted;DNS.697 = t696.test +permitted;DNS.698 = t697.test +permitted;DNS.699 = t698.test +permitted;DNS.700 = t699.test +permitted;DNS.701 = t700.test +permitted;DNS.702 = t701.test +permitted;DNS.703 = t702.test +permitted;DNS.704 = t703.test +permitted;DNS.705 = t704.test +permitted;DNS.706 = t705.test +permitted;DNS.707 = t706.test +permitted;DNS.708 = t707.test +permitted;DNS.709 = t708.test +permitted;DNS.710 = t709.test +permitted;DNS.711 = t710.test +permitted;DNS.712 = t711.test +permitted;DNS.713 = t712.test +permitted;DNS.714 = t713.test +permitted;DNS.715 = t714.test +permitted;DNS.716 = t715.test +permitted;DNS.717 = t716.test +permitted;DNS.718 = t717.test +permitted;DNS.719 = t718.test +permitted;DNS.720 = t719.test +permitted;DNS.721 = t720.test +permitted;DNS.722 = t721.test +permitted;DNS.723 = t722.test +permitted;DNS.724 = t723.test +permitted;DNS.725 = t724.test +permitted;DNS.726 = t725.test +permitted;DNS.727 = t726.test +permitted;DNS.728 = t727.test +permitted;DNS.729 = t728.test +permitted;DNS.730 = t729.test +permitted;DNS.731 = t730.test +permitted;DNS.732 = t731.test +permitted;DNS.733 = t732.test +permitted;DNS.734 = t733.test +permitted;DNS.735 = t734.test +permitted;DNS.736 = t735.test +permitted;DNS.737 = t736.test +permitted;DNS.738 = t737.test +permitted;DNS.739 = t738.test +permitted;DNS.740 = t739.test +permitted;DNS.741 = t740.test +permitted;DNS.742 = t741.test +permitted;DNS.743 = t742.test +permitted;DNS.744 = t743.test +permitted;DNS.745 = t744.test +permitted;DNS.746 = t745.test +permitted;DNS.747 = t746.test +permitted;DNS.748 = t747.test +permitted;DNS.749 = t748.test +permitted;DNS.750 = t749.test +permitted;DNS.751 = t750.test +permitted;DNS.752 = t751.test +permitted;DNS.753 = t752.test +permitted;DNS.754 = t753.test +permitted;DNS.755 = t754.test +permitted;DNS.756 = t755.test +permitted;DNS.757 = t756.test +permitted;DNS.758 = t757.test +permitted;DNS.759 = t758.test +permitted;DNS.760 = t759.test +permitted;DNS.761 = t760.test +permitted;DNS.762 = t761.test +permitted;DNS.763 = t762.test +permitted;DNS.764 = t763.test +permitted;DNS.765 = t764.test +permitted;DNS.766 = t765.test +permitted;DNS.767 = t766.test +permitted;DNS.768 = t767.test +permitted;DNS.769 = t768.test +permitted;DNS.770 = t769.test +permitted;DNS.771 = t770.test +permitted;DNS.772 = t771.test +permitted;DNS.773 = t772.test +permitted;DNS.774 = t773.test +permitted;DNS.775 = t774.test +permitted;DNS.776 = t775.test +permitted;DNS.777 = t776.test +permitted;DNS.778 = t777.test +permitted;DNS.779 = t778.test +permitted;DNS.780 = t779.test +permitted;DNS.781 = t780.test +permitted;DNS.782 = t781.test +permitted;DNS.783 = t782.test +permitted;DNS.784 = t783.test +permitted;DNS.785 = t784.test +permitted;DNS.786 = t785.test +permitted;DNS.787 = t786.test +permitted;DNS.788 = t787.test +permitted;DNS.789 = t788.test +permitted;DNS.790 = t789.test +permitted;DNS.791 = t790.test +permitted;DNS.792 = t791.test +permitted;DNS.793 = t792.test +permitted;DNS.794 = t793.test +permitted;DNS.795 = t794.test +permitted;DNS.796 = t795.test +permitted;DNS.797 = t796.test +permitted;DNS.798 = t797.test +permitted;DNS.799 = t798.test +permitted;DNS.800 = t799.test +permitted;DNS.801 = t800.test +permitted;DNS.802 = t801.test +permitted;DNS.803 = t802.test +permitted;DNS.804 = t803.test +permitted;DNS.805 = t804.test +permitted;DNS.806 = t805.test +permitted;DNS.807 = t806.test +permitted;DNS.808 = t807.test +permitted;DNS.809 = t808.test +permitted;DNS.810 = t809.test +permitted;DNS.811 = t810.test +permitted;DNS.812 = t811.test +permitted;DNS.813 = t812.test +permitted;DNS.814 = t813.test +permitted;DNS.815 = t814.test +permitted;DNS.816 = t815.test +permitted;DNS.817 = t816.test +permitted;DNS.818 = t817.test +permitted;DNS.819 = t818.test +permitted;DNS.820 = t819.test +permitted;DNS.821 = t820.test +permitted;DNS.822 = t821.test +permitted;DNS.823 = t822.test +permitted;DNS.824 = t823.test +permitted;DNS.825 = t824.test +permitted;DNS.826 = t825.test +permitted;DNS.827 = t826.test +permitted;DNS.828 = t827.test +permitted;DNS.829 = t828.test +permitted;DNS.830 = t829.test +permitted;DNS.831 = t830.test +permitted;DNS.832 = t831.test +permitted;DNS.833 = t832.test +permitted;DNS.834 = t833.test +permitted;DNS.835 = t834.test +permitted;DNS.836 = t835.test +permitted;DNS.837 = t836.test +permitted;DNS.838 = t837.test +permitted;DNS.839 = t838.test +permitted;DNS.840 = t839.test +permitted;DNS.841 = t840.test +permitted;DNS.842 = t841.test +permitted;DNS.843 = t842.test +permitted;DNS.844 = t843.test +permitted;DNS.845 = t844.test +permitted;DNS.846 = t845.test +permitted;DNS.847 = t846.test +permitted;DNS.848 = t847.test +permitted;DNS.849 = t848.test +permitted;DNS.850 = t849.test +permitted;DNS.851 = t850.test +permitted;DNS.852 = t851.test +permitted;DNS.853 = t852.test +permitted;DNS.854 = t853.test +permitted;DNS.855 = t854.test +permitted;DNS.856 = t855.test +permitted;DNS.857 = t856.test +permitted;DNS.858 = t857.test +permitted;DNS.859 = t858.test +permitted;DNS.860 = t859.test +permitted;DNS.861 = t860.test +permitted;DNS.862 = t861.test +permitted;DNS.863 = t862.test +permitted;DNS.864 = t863.test +permitted;DNS.865 = t864.test +permitted;DNS.866 = t865.test +permitted;DNS.867 = t866.test +permitted;DNS.868 = t867.test +permitted;DNS.869 = t868.test +permitted;DNS.870 = t869.test +permitted;DNS.871 = t870.test +permitted;DNS.872 = t871.test +permitted;DNS.873 = t872.test +permitted;DNS.874 = t873.test +permitted;DNS.875 = t874.test +permitted;DNS.876 = t875.test +permitted;DNS.877 = t876.test +permitted;DNS.878 = t877.test +permitted;DNS.879 = t878.test +permitted;DNS.880 = t879.test +permitted;DNS.881 = t880.test +permitted;DNS.882 = t881.test +permitted;DNS.883 = t882.test +permitted;DNS.884 = t883.test +permitted;DNS.885 = t884.test +permitted;DNS.886 = t885.test +permitted;DNS.887 = t886.test +permitted;DNS.888 = t887.test +permitted;DNS.889 = t888.test +permitted;DNS.890 = t889.test +permitted;DNS.891 = t890.test +permitted;DNS.892 = t891.test +permitted;DNS.893 = t892.test +permitted;DNS.894 = t893.test +permitted;DNS.895 = t894.test +permitted;DNS.896 = t895.test +permitted;DNS.897 = t896.test +permitted;DNS.898 = t897.test +permitted;DNS.899 = t898.test +permitted;DNS.900 = t899.test +permitted;DNS.901 = t900.test +permitted;DNS.902 = t901.test +permitted;DNS.903 = t902.test +permitted;DNS.904 = t903.test +permitted;DNS.905 = t904.test +permitted;DNS.906 = t905.test +permitted;DNS.907 = t906.test +permitted;DNS.908 = t907.test +permitted;DNS.909 = t908.test +permitted;DNS.910 = t909.test +permitted;DNS.911 = t910.test +permitted;DNS.912 = t911.test +permitted;DNS.913 = t912.test +permitted;DNS.914 = t913.test +permitted;DNS.915 = t914.test +permitted;DNS.916 = t915.test +permitted;DNS.917 = t916.test +permitted;DNS.918 = t917.test +permitted;DNS.919 = t918.test +permitted;DNS.920 = t919.test +permitted;DNS.921 = t920.test +permitted;DNS.922 = t921.test +permitted;DNS.923 = t922.test +permitted;DNS.924 = t923.test +permitted;DNS.925 = t924.test +permitted;DNS.926 = t925.test +permitted;DNS.927 = t926.test +permitted;DNS.928 = t927.test +permitted;DNS.929 = t928.test +permitted;DNS.930 = t929.test +permitted;DNS.931 = t930.test +permitted;DNS.932 = t931.test +permitted;DNS.933 = t932.test +permitted;DNS.934 = t933.test +permitted;DNS.935 = t934.test +permitted;DNS.936 = t935.test +permitted;DNS.937 = t936.test +permitted;DNS.938 = t937.test +permitted;DNS.939 = t938.test +permitted;DNS.940 = t939.test +permitted;DNS.941 = t940.test +permitted;DNS.942 = t941.test +permitted;DNS.943 = t942.test +permitted;DNS.944 = t943.test +permitted;DNS.945 = t944.test +permitted;DNS.946 = t945.test +permitted;DNS.947 = t946.test +permitted;DNS.948 = t947.test +permitted;DNS.949 = t948.test +permitted;DNS.950 = t949.test +permitted;DNS.951 = t950.test +permitted;DNS.952 = t951.test +permitted;DNS.953 = t952.test +permitted;DNS.954 = t953.test +permitted;DNS.955 = t954.test +permitted;DNS.956 = t955.test +permitted;DNS.957 = t956.test +permitted;DNS.958 = t957.test +permitted;DNS.959 = t958.test +permitted;DNS.960 = t959.test +permitted;DNS.961 = t960.test +permitted;DNS.962 = t961.test +permitted;DNS.963 = t962.test +permitted;DNS.964 = t963.test +permitted;DNS.965 = t964.test +permitted;DNS.966 = t965.test +permitted;DNS.967 = t966.test +permitted;DNS.968 = t967.test +permitted;DNS.969 = t968.test +permitted;DNS.970 = t969.test +permitted;DNS.971 = t970.test +permitted;DNS.972 = t971.test +permitted;DNS.973 = t972.test +permitted;DNS.974 = t973.test +permitted;DNS.975 = t974.test +permitted;DNS.976 = t975.test +permitted;DNS.977 = t976.test +permitted;DNS.978 = t977.test +permitted;DNS.979 = t978.test +permitted;DNS.980 = t979.test +permitted;DNS.981 = t980.test +permitted;DNS.982 = t981.test +permitted;DNS.983 = t982.test +permitted;DNS.984 = t983.test +permitted;DNS.985 = t984.test +permitted;DNS.986 = t985.test +permitted;DNS.987 = t986.test +permitted;DNS.988 = t987.test +permitted;DNS.989 = t988.test +permitted;DNS.990 = t989.test +permitted;DNS.991 = t990.test +permitted;DNS.992 = t991.test +permitted;DNS.993 = t992.test +permitted;DNS.994 = t993.test +permitted;DNS.995 = t994.test +permitted;DNS.996 = t995.test +permitted;DNS.997 = t996.test +permitted;DNS.998 = t997.test +permitted;DNS.999 = t998.test +permitted;DNS.1000 = t999.test +permitted;DNS.1001 = t1000.test +permitted;DNS.1002 = t1001.test +permitted;DNS.1003 = t1002.test +permitted;DNS.1004 = t1003.test +permitted;DNS.1005 = t1004.test +permitted;DNS.1006 = t1005.test +permitted;DNS.1007 = t1006.test +permitted;DNS.1008 = t1007.test +permitted;DNS.1009 = t1008.test +permitted;DNS.1010 = t1009.test +permitted;DNS.1011 = t1010.test +permitted;DNS.1012 = t1011.test +permitted;DNS.1013 = t1012.test +permitted;DNS.1014 = t1013.test +permitted;DNS.1015 = t1014.test +permitted;DNS.1016 = t1015.test +permitted;DNS.1017 = t1016.test +permitted;DNS.1018 = t1017.test +permitted;DNS.1019 = t1018.test +permitted;DNS.1020 = t1019.test +permitted;DNS.1021 = t1020.test +permitted;DNS.1022 = t1021.test +permitted;DNS.1023 = t1022.test +permitted;DNS.1024 = t1023.test +permitted;DNS.1025 = t1024.test + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.csr new file mode 100644 index 0000000000..37d7374954 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.csr @@ -0,0 +1,293 @@ +-----BEGIN CERTIFICATE REQUEST----- +MII2gjCCNWoCAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoII0JDCC +NCAGCSqGSIb3DQEJDjGCNBEwgjQNMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCM8kGA1UdHgSC +M8AwgjO8oIIzuDAJggd0MC50ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0 +My50ZXN0MAmCB3Q0LnRlc3QwCYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRl +c3QwCYIHdDgudGVzdDAJggd0OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0 +MAqCCHQxMi50ZXN0MAqCCHQxMy50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0 +MAqCCHQxNi50ZXN0MAqCCHQxNy50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0 +MAqCCHQyMC50ZXN0MAqCCHQyMS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0 +MAqCCHQyNC50ZXN0MAqCCHQyNS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0 +MAqCCHQyOC50ZXN0MAqCCHQyOS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0 +MAqCCHQzMi50ZXN0MAqCCHQzMy50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0 +MAqCCHQzNi50ZXN0MAqCCHQzNy50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0 +MAqCCHQ0MC50ZXN0MAqCCHQ0MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0 +MAqCCHQ0NC50ZXN0MAqCCHQ0NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0 +MAqCCHQ0OC50ZXN0MAqCCHQ0OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0 +MAqCCHQ1Mi50ZXN0MAqCCHQ1My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0 +MAqCCHQ1Ni50ZXN0MAqCCHQ1Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0 +MAqCCHQ2MC50ZXN0MAqCCHQ2MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0 +MAqCCHQ2NC50ZXN0MAqCCHQ2NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0 +MAqCCHQ2OC50ZXN0MAqCCHQ2OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0 +MAqCCHQ3Mi50ZXN0MAqCCHQ3My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0 +MAqCCHQ3Ni50ZXN0MAqCCHQ3Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0 +MAqCCHQ4MC50ZXN0MAqCCHQ4MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0 +MAqCCHQ4NC50ZXN0MAqCCHQ4NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0 +MAqCCHQ4OC50ZXN0MAqCCHQ4OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0 +MAqCCHQ5Mi50ZXN0MAqCCHQ5My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0 +MAqCCHQ5Ni50ZXN0MAqCCHQ5Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0 +MAuCCXQxMDAudGVzdDALggl0MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMu +dGVzdDALggl0MTA0LnRlc3QwC4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0 +MTA3LnRlc3QwC4IJdDEwOC50ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3Qw +C4IJdDExMS50ZXN0MAuCCXQxMTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50 +ZXN0MAuCCXQxMTUudGVzdDALggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQx +MTgudGVzdDALggl0MTE5LnRlc3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDAL +ggl0MTIyLnRlc3QwC4IJdDEyMy50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRl +c3QwC4IJdDEyNi50ZXN0MAuCCXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEy +OS50ZXN0MAuCCXQxMzAudGVzdDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuC +CXQxMzMudGVzdDALggl0MTM0LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVz +dDALggl0MTM3LnRlc3QwC4IJdDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQw +LnRlc3QwC4IJdDE0MS50ZXN0MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJ +dDE0NC50ZXN0MAuCCXQxNDUudGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0 +MAuCCXQxNDgudGVzdDALggl0MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEu +dGVzdDALggl0MTUyLnRlc3QwC4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0 +MTU1LnRlc3QwC4IJdDE1Ni50ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3Qw +C4IJdDE1OS50ZXN0MAuCCXQxNjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50 +ZXN0MAuCCXQxNjMudGVzdDALggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQx +NjYudGVzdDALggl0MTY3LnRlc3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDAL +ggl0MTcwLnRlc3QwC4IJdDE3MS50ZXN0MAuCCXQxNzIudGVzdDALggl0MTczLnRl +c3QwC4IJdDE3NC50ZXN0MAuCCXQxNzUudGVzdDALggl0MTc2LnRlc3QwC4IJdDE3 +Ny50ZXN0MAuCCXQxNzgudGVzdDALggl0MTc5LnRlc3QwC4IJdDE4MC50ZXN0MAuC +CXQxODEudGVzdDALggl0MTgyLnRlc3QwC4IJdDE4My50ZXN0MAuCCXQxODQudGVz +dDALggl0MTg1LnRlc3QwC4IJdDE4Ni50ZXN0MAuCCXQxODcudGVzdDALggl0MTg4 +LnRlc3QwC4IJdDE4OS50ZXN0MAuCCXQxOTAudGVzdDALggl0MTkxLnRlc3QwC4IJ +dDE5Mi50ZXN0MAuCCXQxOTMudGVzdDALggl0MTk0LnRlc3QwC4IJdDE5NS50ZXN0 +MAuCCXQxOTYudGVzdDALggl0MTk3LnRlc3QwC4IJdDE5OC50ZXN0MAuCCXQxOTku +dGVzdDALggl0MjAwLnRlc3QwC4IJdDIwMS50ZXN0MAuCCXQyMDIudGVzdDALggl0 +MjAzLnRlc3QwC4IJdDIwNC50ZXN0MAuCCXQyMDUudGVzdDALggl0MjA2LnRlc3Qw +C4IJdDIwNy50ZXN0MAuCCXQyMDgudGVzdDALggl0MjA5LnRlc3QwC4IJdDIxMC50 +ZXN0MAuCCXQyMTEudGVzdDALggl0MjEyLnRlc3QwC4IJdDIxMy50ZXN0MAuCCXQy +MTQudGVzdDALggl0MjE1LnRlc3QwC4IJdDIxNi50ZXN0MAuCCXQyMTcudGVzdDAL +ggl0MjE4LnRlc3QwC4IJdDIxOS50ZXN0MAuCCXQyMjAudGVzdDALggl0MjIxLnRl +c3QwC4IJdDIyMi50ZXN0MAuCCXQyMjMudGVzdDALggl0MjI0LnRlc3QwC4IJdDIy +NS50ZXN0MAuCCXQyMjYudGVzdDALggl0MjI3LnRlc3QwC4IJdDIyOC50ZXN0MAuC +CXQyMjkudGVzdDALggl0MjMwLnRlc3QwC4IJdDIzMS50ZXN0MAuCCXQyMzIudGVz +dDALggl0MjMzLnRlc3QwC4IJdDIzNC50ZXN0MAuCCXQyMzUudGVzdDALggl0MjM2 +LnRlc3QwC4IJdDIzNy50ZXN0MAuCCXQyMzgudGVzdDALggl0MjM5LnRlc3QwC4IJ +dDI0MC50ZXN0MAuCCXQyNDEudGVzdDALggl0MjQyLnRlc3QwC4IJdDI0My50ZXN0 +MAuCCXQyNDQudGVzdDALggl0MjQ1LnRlc3QwC4IJdDI0Ni50ZXN0MAuCCXQyNDcu +dGVzdDALggl0MjQ4LnRlc3QwC4IJdDI0OS50ZXN0MAuCCXQyNTAudGVzdDALggl0 +MjUxLnRlc3QwC4IJdDI1Mi50ZXN0MAuCCXQyNTMudGVzdDALggl0MjU0LnRlc3Qw +C4IJdDI1NS50ZXN0MAuCCXQyNTYudGVzdDALggl0MjU3LnRlc3QwC4IJdDI1OC50 +ZXN0MAuCCXQyNTkudGVzdDALggl0MjYwLnRlc3QwC4IJdDI2MS50ZXN0MAuCCXQy +NjIudGVzdDALggl0MjYzLnRlc3QwC4IJdDI2NC50ZXN0MAuCCXQyNjUudGVzdDAL +ggl0MjY2LnRlc3QwC4IJdDI2Ny50ZXN0MAuCCXQyNjgudGVzdDALggl0MjY5LnRl +c3QwC4IJdDI3MC50ZXN0MAuCCXQyNzEudGVzdDALggl0MjcyLnRlc3QwC4IJdDI3 +My50ZXN0MAuCCXQyNzQudGVzdDALggl0Mjc1LnRlc3QwC4IJdDI3Ni50ZXN0MAuC +CXQyNzcudGVzdDALggl0Mjc4LnRlc3QwC4IJdDI3OS50ZXN0MAuCCXQyODAudGVz +dDALggl0MjgxLnRlc3QwC4IJdDI4Mi50ZXN0MAuCCXQyODMudGVzdDALggl0Mjg0 +LnRlc3QwC4IJdDI4NS50ZXN0MAuCCXQyODYudGVzdDALggl0Mjg3LnRlc3QwC4IJ +dDI4OC50ZXN0MAuCCXQyODkudGVzdDALggl0MjkwLnRlc3QwC4IJdDI5MS50ZXN0 +MAuCCXQyOTIudGVzdDALggl0MjkzLnRlc3QwC4IJdDI5NC50ZXN0MAuCCXQyOTUu +dGVzdDALggl0Mjk2LnRlc3QwC4IJdDI5Ny50ZXN0MAuCCXQyOTgudGVzdDALggl0 +Mjk5LnRlc3QwC4IJdDMwMC50ZXN0MAuCCXQzMDEudGVzdDALggl0MzAyLnRlc3Qw +C4IJdDMwMy50ZXN0MAuCCXQzMDQudGVzdDALggl0MzA1LnRlc3QwC4IJdDMwNi50 +ZXN0MAuCCXQzMDcudGVzdDALggl0MzA4LnRlc3QwC4IJdDMwOS50ZXN0MAuCCXQz +MTAudGVzdDALggl0MzExLnRlc3QwC4IJdDMxMi50ZXN0MAuCCXQzMTMudGVzdDAL +ggl0MzE0LnRlc3QwC4IJdDMxNS50ZXN0MAuCCXQzMTYudGVzdDALggl0MzE3LnRl +c3QwC4IJdDMxOC50ZXN0MAuCCXQzMTkudGVzdDALggl0MzIwLnRlc3QwC4IJdDMy +MS50ZXN0MAuCCXQzMjIudGVzdDALggl0MzIzLnRlc3QwC4IJdDMyNC50ZXN0MAuC +CXQzMjUudGVzdDALggl0MzI2LnRlc3QwC4IJdDMyNy50ZXN0MAuCCXQzMjgudGVz +dDALggl0MzI5LnRlc3QwC4IJdDMzMC50ZXN0MAuCCXQzMzEudGVzdDALggl0MzMy +LnRlc3QwC4IJdDMzMy50ZXN0MAuCCXQzMzQudGVzdDALggl0MzM1LnRlc3QwC4IJ +dDMzNi50ZXN0MAuCCXQzMzcudGVzdDALggl0MzM4LnRlc3QwC4IJdDMzOS50ZXN0 +MAuCCXQzNDAudGVzdDALggl0MzQxLnRlc3QwC4IJdDM0Mi50ZXN0MAuCCXQzNDMu +dGVzdDALggl0MzQ0LnRlc3QwC4IJdDM0NS50ZXN0MAuCCXQzNDYudGVzdDALggl0 +MzQ3LnRlc3QwC4IJdDM0OC50ZXN0MAuCCXQzNDkudGVzdDALggl0MzUwLnRlc3Qw +C4IJdDM1MS50ZXN0MAuCCXQzNTIudGVzdDALggl0MzUzLnRlc3QwC4IJdDM1NC50 +ZXN0MAuCCXQzNTUudGVzdDALggl0MzU2LnRlc3QwC4IJdDM1Ny50ZXN0MAuCCXQz +NTgudGVzdDALggl0MzU5LnRlc3QwC4IJdDM2MC50ZXN0MAuCCXQzNjEudGVzdDAL +ggl0MzYyLnRlc3QwC4IJdDM2My50ZXN0MAuCCXQzNjQudGVzdDALggl0MzY1LnRl +c3QwC4IJdDM2Ni50ZXN0MAuCCXQzNjcudGVzdDALggl0MzY4LnRlc3QwC4IJdDM2 +OS50ZXN0MAuCCXQzNzAudGVzdDALggl0MzcxLnRlc3QwC4IJdDM3Mi50ZXN0MAuC +CXQzNzMudGVzdDALggl0Mzc0LnRlc3QwC4IJdDM3NS50ZXN0MAuCCXQzNzYudGVz +dDALggl0Mzc3LnRlc3QwC4IJdDM3OC50ZXN0MAuCCXQzNzkudGVzdDALggl0Mzgw +LnRlc3QwC4IJdDM4MS50ZXN0MAuCCXQzODIudGVzdDALggl0MzgzLnRlc3QwC4IJ +dDM4NC50ZXN0MAuCCXQzODUudGVzdDALggl0Mzg2LnRlc3QwC4IJdDM4Ny50ZXN0 +MAuCCXQzODgudGVzdDALggl0Mzg5LnRlc3QwC4IJdDM5MC50ZXN0MAuCCXQzOTEu +dGVzdDALggl0MzkyLnRlc3QwC4IJdDM5My50ZXN0MAuCCXQzOTQudGVzdDALggl0 +Mzk1LnRlc3QwC4IJdDM5Ni50ZXN0MAuCCXQzOTcudGVzdDALggl0Mzk4LnRlc3Qw +C4IJdDM5OS50ZXN0MAuCCXQ0MDAudGVzdDALggl0NDAxLnRlc3QwC4IJdDQwMi50 +ZXN0MAuCCXQ0MDMudGVzdDALggl0NDA0LnRlc3QwC4IJdDQwNS50ZXN0MAuCCXQ0 +MDYudGVzdDALggl0NDA3LnRlc3QwC4IJdDQwOC50ZXN0MAuCCXQ0MDkudGVzdDAL +ggl0NDEwLnRlc3QwC4IJdDQxMS50ZXN0MAuCCXQ0MTIudGVzdDALggl0NDEzLnRl +c3QwC4IJdDQxNC50ZXN0MAuCCXQ0MTUudGVzdDALggl0NDE2LnRlc3QwC4IJdDQx +Ny50ZXN0MAuCCXQ0MTgudGVzdDALggl0NDE5LnRlc3QwC4IJdDQyMC50ZXN0MAuC +CXQ0MjEudGVzdDALggl0NDIyLnRlc3QwC4IJdDQyMy50ZXN0MAuCCXQ0MjQudGVz +dDALggl0NDI1LnRlc3QwC4IJdDQyNi50ZXN0MAuCCXQ0MjcudGVzdDALggl0NDI4 +LnRlc3QwC4IJdDQyOS50ZXN0MAuCCXQ0MzAudGVzdDALggl0NDMxLnRlc3QwC4IJ +dDQzMi50ZXN0MAuCCXQ0MzMudGVzdDALggl0NDM0LnRlc3QwC4IJdDQzNS50ZXN0 +MAuCCXQ0MzYudGVzdDALggl0NDM3LnRlc3QwC4IJdDQzOC50ZXN0MAuCCXQ0Mzku +dGVzdDALggl0NDQwLnRlc3QwC4IJdDQ0MS50ZXN0MAuCCXQ0NDIudGVzdDALggl0 +NDQzLnRlc3QwC4IJdDQ0NC50ZXN0MAuCCXQ0NDUudGVzdDALggl0NDQ2LnRlc3Qw +C4IJdDQ0Ny50ZXN0MAuCCXQ0NDgudGVzdDALggl0NDQ5LnRlc3QwC4IJdDQ1MC50 +ZXN0MAuCCXQ0NTEudGVzdDALggl0NDUyLnRlc3QwC4IJdDQ1My50ZXN0MAuCCXQ0 +NTQudGVzdDALggl0NDU1LnRlc3QwC4IJdDQ1Ni50ZXN0MAuCCXQ0NTcudGVzdDAL +ggl0NDU4LnRlc3QwC4IJdDQ1OS50ZXN0MAuCCXQ0NjAudGVzdDALggl0NDYxLnRl +c3QwC4IJdDQ2Mi50ZXN0MAuCCXQ0NjMudGVzdDALggl0NDY0LnRlc3QwC4IJdDQ2 +NS50ZXN0MAuCCXQ0NjYudGVzdDALggl0NDY3LnRlc3QwC4IJdDQ2OC50ZXN0MAuC +CXQ0NjkudGVzdDALggl0NDcwLnRlc3QwC4IJdDQ3MS50ZXN0MAuCCXQ0NzIudGVz +dDALggl0NDczLnRlc3QwC4IJdDQ3NC50ZXN0MAuCCXQ0NzUudGVzdDALggl0NDc2 +LnRlc3QwC4IJdDQ3Ny50ZXN0MAuCCXQ0NzgudGVzdDALggl0NDc5LnRlc3QwC4IJ +dDQ4MC50ZXN0MAuCCXQ0ODEudGVzdDALggl0NDgyLnRlc3QwC4IJdDQ4My50ZXN0 +MAuCCXQ0ODQudGVzdDALggl0NDg1LnRlc3QwC4IJdDQ4Ni50ZXN0MAuCCXQ0ODcu +dGVzdDALggl0NDg4LnRlc3QwC4IJdDQ4OS50ZXN0MAuCCXQ0OTAudGVzdDALggl0 +NDkxLnRlc3QwC4IJdDQ5Mi50ZXN0MAuCCXQ0OTMudGVzdDALggl0NDk0LnRlc3Qw +C4IJdDQ5NS50ZXN0MAuCCXQ0OTYudGVzdDALggl0NDk3LnRlc3QwC4IJdDQ5OC50 +ZXN0MAuCCXQ0OTkudGVzdDALggl0NTAwLnRlc3QwC4IJdDUwMS50ZXN0MAuCCXQ1 +MDIudGVzdDALggl0NTAzLnRlc3QwC4IJdDUwNC50ZXN0MAuCCXQ1MDUudGVzdDAL +ggl0NTA2LnRlc3QwC4IJdDUwNy50ZXN0MAuCCXQ1MDgudGVzdDALggl0NTA5LnRl +c3QwC4IJdDUxMC50ZXN0MAuCCXQ1MTEudGVzdDALggl0NTEyLnRlc3QwC4IJdDUx +My50ZXN0MAuCCXQ1MTQudGVzdDALggl0NTE1LnRlc3QwC4IJdDUxNi50ZXN0MAuC +CXQ1MTcudGVzdDALggl0NTE4LnRlc3QwC4IJdDUxOS50ZXN0MAuCCXQ1MjAudGVz +dDALggl0NTIxLnRlc3QwC4IJdDUyMi50ZXN0MAuCCXQ1MjMudGVzdDALggl0NTI0 +LnRlc3QwC4IJdDUyNS50ZXN0MAuCCXQ1MjYudGVzdDALggl0NTI3LnRlc3QwC4IJ +dDUyOC50ZXN0MAuCCXQ1MjkudGVzdDALggl0NTMwLnRlc3QwC4IJdDUzMS50ZXN0 +MAuCCXQ1MzIudGVzdDALggl0NTMzLnRlc3QwC4IJdDUzNC50ZXN0MAuCCXQ1MzUu +dGVzdDALggl0NTM2LnRlc3QwC4IJdDUzNy50ZXN0MAuCCXQ1MzgudGVzdDALggl0 +NTM5LnRlc3QwC4IJdDU0MC50ZXN0MAuCCXQ1NDEudGVzdDALggl0NTQyLnRlc3Qw +C4IJdDU0My50ZXN0MAuCCXQ1NDQudGVzdDALggl0NTQ1LnRlc3QwC4IJdDU0Ni50 +ZXN0MAuCCXQ1NDcudGVzdDALggl0NTQ4LnRlc3QwC4IJdDU0OS50ZXN0MAuCCXQ1 +NTAudGVzdDALggl0NTUxLnRlc3QwC4IJdDU1Mi50ZXN0MAuCCXQ1NTMudGVzdDAL +ggl0NTU0LnRlc3QwC4IJdDU1NS50ZXN0MAuCCXQ1NTYudGVzdDALggl0NTU3LnRl +c3QwC4IJdDU1OC50ZXN0MAuCCXQ1NTkudGVzdDALggl0NTYwLnRlc3QwC4IJdDU2 +MS50ZXN0MAuCCXQ1NjIudGVzdDALggl0NTYzLnRlc3QwC4IJdDU2NC50ZXN0MAuC +CXQ1NjUudGVzdDALggl0NTY2LnRlc3QwC4IJdDU2Ny50ZXN0MAuCCXQ1NjgudGVz +dDALggl0NTY5LnRlc3QwC4IJdDU3MC50ZXN0MAuCCXQ1NzEudGVzdDALggl0NTcy +LnRlc3QwC4IJdDU3My50ZXN0MAuCCXQ1NzQudGVzdDALggl0NTc1LnRlc3QwC4IJ +dDU3Ni50ZXN0MAuCCXQ1NzcudGVzdDALggl0NTc4LnRlc3QwC4IJdDU3OS50ZXN0 +MAuCCXQ1ODAudGVzdDALggl0NTgxLnRlc3QwC4IJdDU4Mi50ZXN0MAuCCXQ1ODMu +dGVzdDALggl0NTg0LnRlc3QwC4IJdDU4NS50ZXN0MAuCCXQ1ODYudGVzdDALggl0 +NTg3LnRlc3QwC4IJdDU4OC50ZXN0MAuCCXQ1ODkudGVzdDALggl0NTkwLnRlc3Qw +C4IJdDU5MS50ZXN0MAuCCXQ1OTIudGVzdDALggl0NTkzLnRlc3QwC4IJdDU5NC50 +ZXN0MAuCCXQ1OTUudGVzdDALggl0NTk2LnRlc3QwC4IJdDU5Ny50ZXN0MAuCCXQ1 +OTgudGVzdDALggl0NTk5LnRlc3QwC4IJdDYwMC50ZXN0MAuCCXQ2MDEudGVzdDAL +ggl0NjAyLnRlc3QwC4IJdDYwMy50ZXN0MAuCCXQ2MDQudGVzdDALggl0NjA1LnRl +c3QwC4IJdDYwNi50ZXN0MAuCCXQ2MDcudGVzdDALggl0NjA4LnRlc3QwC4IJdDYw +OS50ZXN0MAuCCXQ2MTAudGVzdDALggl0NjExLnRlc3QwC4IJdDYxMi50ZXN0MAuC +CXQ2MTMudGVzdDALggl0NjE0LnRlc3QwC4IJdDYxNS50ZXN0MAuCCXQ2MTYudGVz +dDALggl0NjE3LnRlc3QwC4IJdDYxOC50ZXN0MAuCCXQ2MTkudGVzdDALggl0NjIw +LnRlc3QwC4IJdDYyMS50ZXN0MAuCCXQ2MjIudGVzdDALggl0NjIzLnRlc3QwC4IJ +dDYyNC50ZXN0MAuCCXQ2MjUudGVzdDALggl0NjI2LnRlc3QwC4IJdDYyNy50ZXN0 +MAuCCXQ2MjgudGVzdDALggl0NjI5LnRlc3QwC4IJdDYzMC50ZXN0MAuCCXQ2MzEu +dGVzdDALggl0NjMyLnRlc3QwC4IJdDYzMy50ZXN0MAuCCXQ2MzQudGVzdDALggl0 +NjM1LnRlc3QwC4IJdDYzNi50ZXN0MAuCCXQ2MzcudGVzdDALggl0NjM4LnRlc3Qw +C4IJdDYzOS50ZXN0MAuCCXQ2NDAudGVzdDALggl0NjQxLnRlc3QwC4IJdDY0Mi50 +ZXN0MAuCCXQ2NDMudGVzdDALggl0NjQ0LnRlc3QwC4IJdDY0NS50ZXN0MAuCCXQ2 +NDYudGVzdDALggl0NjQ3LnRlc3QwC4IJdDY0OC50ZXN0MAuCCXQ2NDkudGVzdDAL +ggl0NjUwLnRlc3QwC4IJdDY1MS50ZXN0MAuCCXQ2NTIudGVzdDALggl0NjUzLnRl +c3QwC4IJdDY1NC50ZXN0MAuCCXQ2NTUudGVzdDALggl0NjU2LnRlc3QwC4IJdDY1 +Ny50ZXN0MAuCCXQ2NTgudGVzdDALggl0NjU5LnRlc3QwC4IJdDY2MC50ZXN0MAuC +CXQ2NjEudGVzdDALggl0NjYyLnRlc3QwC4IJdDY2My50ZXN0MAuCCXQ2NjQudGVz +dDALggl0NjY1LnRlc3QwC4IJdDY2Ni50ZXN0MAuCCXQ2NjcudGVzdDALggl0NjY4 +LnRlc3QwC4IJdDY2OS50ZXN0MAuCCXQ2NzAudGVzdDALggl0NjcxLnRlc3QwC4IJ +dDY3Mi50ZXN0MAuCCXQ2NzMudGVzdDALggl0Njc0LnRlc3QwC4IJdDY3NS50ZXN0 +MAuCCXQ2NzYudGVzdDALggl0Njc3LnRlc3QwC4IJdDY3OC50ZXN0MAuCCXQ2Nzku +dGVzdDALggl0NjgwLnRlc3QwC4IJdDY4MS50ZXN0MAuCCXQ2ODIudGVzdDALggl0 +NjgzLnRlc3QwC4IJdDY4NC50ZXN0MAuCCXQ2ODUudGVzdDALggl0Njg2LnRlc3Qw +C4IJdDY4Ny50ZXN0MAuCCXQ2ODgudGVzdDALggl0Njg5LnRlc3QwC4IJdDY5MC50 +ZXN0MAuCCXQ2OTEudGVzdDALggl0NjkyLnRlc3QwC4IJdDY5My50ZXN0MAuCCXQ2 +OTQudGVzdDALggl0Njk1LnRlc3QwC4IJdDY5Ni50ZXN0MAuCCXQ2OTcudGVzdDAL +ggl0Njk4LnRlc3QwC4IJdDY5OS50ZXN0MAuCCXQ3MDAudGVzdDALggl0NzAxLnRl +c3QwC4IJdDcwMi50ZXN0MAuCCXQ3MDMudGVzdDALggl0NzA0LnRlc3QwC4IJdDcw +NS50ZXN0MAuCCXQ3MDYudGVzdDALggl0NzA3LnRlc3QwC4IJdDcwOC50ZXN0MAuC +CXQ3MDkudGVzdDALggl0NzEwLnRlc3QwC4IJdDcxMS50ZXN0MAuCCXQ3MTIudGVz +dDALggl0NzEzLnRlc3QwC4IJdDcxNC50ZXN0MAuCCXQ3MTUudGVzdDALggl0NzE2 +LnRlc3QwC4IJdDcxNy50ZXN0MAuCCXQ3MTgudGVzdDALggl0NzE5LnRlc3QwC4IJ +dDcyMC50ZXN0MAuCCXQ3MjEudGVzdDALggl0NzIyLnRlc3QwC4IJdDcyMy50ZXN0 +MAuCCXQ3MjQudGVzdDALggl0NzI1LnRlc3QwC4IJdDcyNi50ZXN0MAuCCXQ3Mjcu +dGVzdDALggl0NzI4LnRlc3QwC4IJdDcyOS50ZXN0MAuCCXQ3MzAudGVzdDALggl0 +NzMxLnRlc3QwC4IJdDczMi50ZXN0MAuCCXQ3MzMudGVzdDALggl0NzM0LnRlc3Qw +C4IJdDczNS50ZXN0MAuCCXQ3MzYudGVzdDALggl0NzM3LnRlc3QwC4IJdDczOC50 +ZXN0MAuCCXQ3MzkudGVzdDALggl0NzQwLnRlc3QwC4IJdDc0MS50ZXN0MAuCCXQ3 +NDIudGVzdDALggl0NzQzLnRlc3QwC4IJdDc0NC50ZXN0MAuCCXQ3NDUudGVzdDAL +ggl0NzQ2LnRlc3QwC4IJdDc0Ny50ZXN0MAuCCXQ3NDgudGVzdDALggl0NzQ5LnRl +c3QwC4IJdDc1MC50ZXN0MAuCCXQ3NTEudGVzdDALggl0NzUyLnRlc3QwC4IJdDc1 +My50ZXN0MAuCCXQ3NTQudGVzdDALggl0NzU1LnRlc3QwC4IJdDc1Ni50ZXN0MAuC +CXQ3NTcudGVzdDALggl0NzU4LnRlc3QwC4IJdDc1OS50ZXN0MAuCCXQ3NjAudGVz +dDALggl0NzYxLnRlc3QwC4IJdDc2Mi50ZXN0MAuCCXQ3NjMudGVzdDALggl0NzY0 +LnRlc3QwC4IJdDc2NS50ZXN0MAuCCXQ3NjYudGVzdDALggl0NzY3LnRlc3QwC4IJ +dDc2OC50ZXN0MAuCCXQ3NjkudGVzdDALggl0NzcwLnRlc3QwC4IJdDc3MS50ZXN0 +MAuCCXQ3NzIudGVzdDALggl0NzczLnRlc3QwC4IJdDc3NC50ZXN0MAuCCXQ3NzUu +dGVzdDALggl0Nzc2LnRlc3QwC4IJdDc3Ny50ZXN0MAuCCXQ3NzgudGVzdDALggl0 +Nzc5LnRlc3QwC4IJdDc4MC50ZXN0MAuCCXQ3ODEudGVzdDALggl0NzgyLnRlc3Qw +C4IJdDc4My50ZXN0MAuCCXQ3ODQudGVzdDALggl0Nzg1LnRlc3QwC4IJdDc4Ni50 +ZXN0MAuCCXQ3ODcudGVzdDALggl0Nzg4LnRlc3QwC4IJdDc4OS50ZXN0MAuCCXQ3 +OTAudGVzdDALggl0NzkxLnRlc3QwC4IJdDc5Mi50ZXN0MAuCCXQ3OTMudGVzdDAL +ggl0Nzk0LnRlc3QwC4IJdDc5NS50ZXN0MAuCCXQ3OTYudGVzdDALggl0Nzk3LnRl +c3QwC4IJdDc5OC50ZXN0MAuCCXQ3OTkudGVzdDALggl0ODAwLnRlc3QwC4IJdDgw +MS50ZXN0MAuCCXQ4MDIudGVzdDALggl0ODAzLnRlc3QwC4IJdDgwNC50ZXN0MAuC +CXQ4MDUudGVzdDALggl0ODA2LnRlc3QwC4IJdDgwNy50ZXN0MAuCCXQ4MDgudGVz +dDALggl0ODA5LnRlc3QwC4IJdDgxMC50ZXN0MAuCCXQ4MTEudGVzdDALggl0ODEy +LnRlc3QwC4IJdDgxMy50ZXN0MAuCCXQ4MTQudGVzdDALggl0ODE1LnRlc3QwC4IJ +dDgxNi50ZXN0MAuCCXQ4MTcudGVzdDALggl0ODE4LnRlc3QwC4IJdDgxOS50ZXN0 +MAuCCXQ4MjAudGVzdDALggl0ODIxLnRlc3QwC4IJdDgyMi50ZXN0MAuCCXQ4MjMu +dGVzdDALggl0ODI0LnRlc3QwC4IJdDgyNS50ZXN0MAuCCXQ4MjYudGVzdDALggl0 +ODI3LnRlc3QwC4IJdDgyOC50ZXN0MAuCCXQ4MjkudGVzdDALggl0ODMwLnRlc3Qw +C4IJdDgzMS50ZXN0MAuCCXQ4MzIudGVzdDALggl0ODMzLnRlc3QwC4IJdDgzNC50 +ZXN0MAuCCXQ4MzUudGVzdDALggl0ODM2LnRlc3QwC4IJdDgzNy50ZXN0MAuCCXQ4 +MzgudGVzdDALggl0ODM5LnRlc3QwC4IJdDg0MC50ZXN0MAuCCXQ4NDEudGVzdDAL +ggl0ODQyLnRlc3QwC4IJdDg0My50ZXN0MAuCCXQ4NDQudGVzdDALggl0ODQ1LnRl +c3QwC4IJdDg0Ni50ZXN0MAuCCXQ4NDcudGVzdDALggl0ODQ4LnRlc3QwC4IJdDg0 +OS50ZXN0MAuCCXQ4NTAudGVzdDALggl0ODUxLnRlc3QwC4IJdDg1Mi50ZXN0MAuC +CXQ4NTMudGVzdDALggl0ODU0LnRlc3QwC4IJdDg1NS50ZXN0MAuCCXQ4NTYudGVz +dDALggl0ODU3LnRlc3QwC4IJdDg1OC50ZXN0MAuCCXQ4NTkudGVzdDALggl0ODYw +LnRlc3QwC4IJdDg2MS50ZXN0MAuCCXQ4NjIudGVzdDALggl0ODYzLnRlc3QwC4IJ +dDg2NC50ZXN0MAuCCXQ4NjUudGVzdDALggl0ODY2LnRlc3QwC4IJdDg2Ny50ZXN0 +MAuCCXQ4NjgudGVzdDALggl0ODY5LnRlc3QwC4IJdDg3MC50ZXN0MAuCCXQ4NzEu +dGVzdDALggl0ODcyLnRlc3QwC4IJdDg3My50ZXN0MAuCCXQ4NzQudGVzdDALggl0 +ODc1LnRlc3QwC4IJdDg3Ni50ZXN0MAuCCXQ4NzcudGVzdDALggl0ODc4LnRlc3Qw +C4IJdDg3OS50ZXN0MAuCCXQ4ODAudGVzdDALggl0ODgxLnRlc3QwC4IJdDg4Mi50 +ZXN0MAuCCXQ4ODMudGVzdDALggl0ODg0LnRlc3QwC4IJdDg4NS50ZXN0MAuCCXQ4 +ODYudGVzdDALggl0ODg3LnRlc3QwC4IJdDg4OC50ZXN0MAuCCXQ4ODkudGVzdDAL +ggl0ODkwLnRlc3QwC4IJdDg5MS50ZXN0MAuCCXQ4OTIudGVzdDALggl0ODkzLnRl +c3QwC4IJdDg5NC50ZXN0MAuCCXQ4OTUudGVzdDALggl0ODk2LnRlc3QwC4IJdDg5 +Ny50ZXN0MAuCCXQ4OTgudGVzdDALggl0ODk5LnRlc3QwC4IJdDkwMC50ZXN0MAuC +CXQ5MDEudGVzdDALggl0OTAyLnRlc3QwC4IJdDkwMy50ZXN0MAuCCXQ5MDQudGVz +dDALggl0OTA1LnRlc3QwC4IJdDkwNi50ZXN0MAuCCXQ5MDcudGVzdDALggl0OTA4 +LnRlc3QwC4IJdDkwOS50ZXN0MAuCCXQ5MTAudGVzdDALggl0OTExLnRlc3QwC4IJ +dDkxMi50ZXN0MAuCCXQ5MTMudGVzdDALggl0OTE0LnRlc3QwC4IJdDkxNS50ZXN0 +MAuCCXQ5MTYudGVzdDALggl0OTE3LnRlc3QwC4IJdDkxOC50ZXN0MAuCCXQ5MTku +dGVzdDALggl0OTIwLnRlc3QwC4IJdDkyMS50ZXN0MAuCCXQ5MjIudGVzdDALggl0 +OTIzLnRlc3QwC4IJdDkyNC50ZXN0MAuCCXQ5MjUudGVzdDALggl0OTI2LnRlc3Qw +C4IJdDkyNy50ZXN0MAuCCXQ5MjgudGVzdDALggl0OTI5LnRlc3QwC4IJdDkzMC50 +ZXN0MAuCCXQ5MzEudGVzdDALggl0OTMyLnRlc3QwC4IJdDkzMy50ZXN0MAuCCXQ5 +MzQudGVzdDALggl0OTM1LnRlc3QwC4IJdDkzNi50ZXN0MAuCCXQ5MzcudGVzdDAL +ggl0OTM4LnRlc3QwC4IJdDkzOS50ZXN0MAuCCXQ5NDAudGVzdDALggl0OTQxLnRl +c3QwC4IJdDk0Mi50ZXN0MAuCCXQ5NDMudGVzdDALggl0OTQ0LnRlc3QwC4IJdDk0 +NS50ZXN0MAuCCXQ5NDYudGVzdDALggl0OTQ3LnRlc3QwC4IJdDk0OC50ZXN0MAuC +CXQ5NDkudGVzdDALggl0OTUwLnRlc3QwC4IJdDk1MS50ZXN0MAuCCXQ5NTIudGVz +dDALggl0OTUzLnRlc3QwC4IJdDk1NC50ZXN0MAuCCXQ5NTUudGVzdDALggl0OTU2 +LnRlc3QwC4IJdDk1Ny50ZXN0MAuCCXQ5NTgudGVzdDALggl0OTU5LnRlc3QwC4IJ +dDk2MC50ZXN0MAuCCXQ5NjEudGVzdDALggl0OTYyLnRlc3QwC4IJdDk2My50ZXN0 +MAuCCXQ5NjQudGVzdDALggl0OTY1LnRlc3QwC4IJdDk2Ni50ZXN0MAuCCXQ5Njcu +dGVzdDALggl0OTY4LnRlc3QwC4IJdDk2OS50ZXN0MAuCCXQ5NzAudGVzdDALggl0 +OTcxLnRlc3QwC4IJdDk3Mi50ZXN0MAuCCXQ5NzMudGVzdDALggl0OTc0LnRlc3Qw +C4IJdDk3NS50ZXN0MAuCCXQ5NzYudGVzdDALggl0OTc3LnRlc3QwC4IJdDk3OC50 +ZXN0MAuCCXQ5NzkudGVzdDALggl0OTgwLnRlc3QwC4IJdDk4MS50ZXN0MAuCCXQ5 +ODIudGVzdDALggl0OTgzLnRlc3QwC4IJdDk4NC50ZXN0MAuCCXQ5ODUudGVzdDAL +ggl0OTg2LnRlc3QwC4IJdDk4Ny50ZXN0MAuCCXQ5ODgudGVzdDALggl0OTg5LnRl +c3QwC4IJdDk5MC50ZXN0MAuCCXQ5OTEudGVzdDALggl0OTkyLnRlc3QwC4IJdDk5 +My50ZXN0MAuCCXQ5OTQudGVzdDALggl0OTk1LnRlc3QwC4IJdDk5Ni50ZXN0MAuC +CXQ5OTcudGVzdDALggl0OTk4LnRlc3QwC4IJdDk5OS50ZXN0MAyCCnQxMDAwLnRl +c3QwDIIKdDEwMDEudGVzdDAMggp0MTAwMi50ZXN0MAyCCnQxMDAzLnRlc3QwDIIK +dDEwMDQudGVzdDAMggp0MTAwNS50ZXN0MAyCCnQxMDA2LnRlc3QwDIIKdDEwMDcu +dGVzdDAMggp0MTAwOC50ZXN0MAyCCnQxMDA5LnRlc3QwDIIKdDEwMTAudGVzdDAM +ggp0MTAxMS50ZXN0MAyCCnQxMDEyLnRlc3QwDIIKdDEwMTMudGVzdDAMggp0MTAx +NC50ZXN0MAyCCnQxMDE1LnRlc3QwDIIKdDEwMTYudGVzdDAMggp0MTAxNy50ZXN0 +MAyCCnQxMDE4LnRlc3QwDIIKdDEwMTkudGVzdDAMggp0MTAyMC50ZXN0MAyCCnQx +MDIxLnRlc3QwDIIKdDEwMjIudGVzdDAMggp0MTAyMy50ZXN0MAyCCnQxMDI0LnRl +c3QwDQYJKoZIhvcNAQELBQADggEBAKcMzH+dRmVIdcN2MKFq0gS/RVdJTrKJDtO2 +nUBVUxW//RJl8NhP8GdsTHwWIqRWJsMJnbcJxySgsgPSH7hrO4FXdY68wrkBvTbE +iOk5KTQhB76ETY/YVfFcZOs914dP247PVddmmME9el6VMBY/mF4OkmNkC8bDXarO +2x1netqw5Xl/qbKZpbWwJv5kHed1Q8VNG4Yh+Y53K/pLAIdVZt+K0sRwtQoD3/b0 +3Gtspe+aZ0hICrG2v0K3/B9z7kxiIFGB7Hqt/+krckAhuDw8s/IDdRFn7TXqbVKU +F6LbR+nvkdELUihwrdWPYfmbW0mafxgZNGIX3QtBTm7caIaHrDQ= +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.pem new file mode 100644 index 0000000000..df5c47cf7e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_5.pem @@ -0,0 +1,1394 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + DNS:t172.test + DNS:t173.test + DNS:t174.test + DNS:t175.test + DNS:t176.test + DNS:t177.test + DNS:t178.test + DNS:t179.test + DNS:t180.test + DNS:t181.test + DNS:t182.test + DNS:t183.test + DNS:t184.test + DNS:t185.test + DNS:t186.test + DNS:t187.test + DNS:t188.test + DNS:t189.test + DNS:t190.test + DNS:t191.test + DNS:t192.test + DNS:t193.test + DNS:t194.test + DNS:t195.test + DNS:t196.test + DNS:t197.test + DNS:t198.test + DNS:t199.test + DNS:t200.test + DNS:t201.test + DNS:t202.test + DNS:t203.test + DNS:t204.test + DNS:t205.test + DNS:t206.test + DNS:t207.test + DNS:t208.test + DNS:t209.test + DNS:t210.test + DNS:t211.test + DNS:t212.test + DNS:t213.test + DNS:t214.test + DNS:t215.test + DNS:t216.test + DNS:t217.test + DNS:t218.test + DNS:t219.test + DNS:t220.test + DNS:t221.test + DNS:t222.test + DNS:t223.test + DNS:t224.test + DNS:t225.test + DNS:t226.test + DNS:t227.test + DNS:t228.test + DNS:t229.test + DNS:t230.test + DNS:t231.test + DNS:t232.test + DNS:t233.test + DNS:t234.test + DNS:t235.test + DNS:t236.test + DNS:t237.test + DNS:t238.test + DNS:t239.test + DNS:t240.test + DNS:t241.test + DNS:t242.test + DNS:t243.test + DNS:t244.test + DNS:t245.test + DNS:t246.test + DNS:t247.test + DNS:t248.test + DNS:t249.test + DNS:t250.test + DNS:t251.test + DNS:t252.test + DNS:t253.test + DNS:t254.test + DNS:t255.test + DNS:t256.test + DNS:t257.test + DNS:t258.test + DNS:t259.test + DNS:t260.test + DNS:t261.test + DNS:t262.test + DNS:t263.test + DNS:t264.test + DNS:t265.test + DNS:t266.test + DNS:t267.test + DNS:t268.test + DNS:t269.test + DNS:t270.test + DNS:t271.test + DNS:t272.test + DNS:t273.test + DNS:t274.test + DNS:t275.test + DNS:t276.test + DNS:t277.test + DNS:t278.test + DNS:t279.test + DNS:t280.test + DNS:t281.test + DNS:t282.test + DNS:t283.test + DNS:t284.test + DNS:t285.test + DNS:t286.test + DNS:t287.test + DNS:t288.test + DNS:t289.test + DNS:t290.test + DNS:t291.test + DNS:t292.test + DNS:t293.test + DNS:t294.test + DNS:t295.test + DNS:t296.test + DNS:t297.test + DNS:t298.test + DNS:t299.test + DNS:t300.test + DNS:t301.test + DNS:t302.test + DNS:t303.test + DNS:t304.test + DNS:t305.test + DNS:t306.test + DNS:t307.test + DNS:t308.test + DNS:t309.test + DNS:t310.test + DNS:t311.test + DNS:t312.test + DNS:t313.test + DNS:t314.test + DNS:t315.test + DNS:t316.test + DNS:t317.test + DNS:t318.test + DNS:t319.test + DNS:t320.test + DNS:t321.test + DNS:t322.test + DNS:t323.test + DNS:t324.test + DNS:t325.test + DNS:t326.test + DNS:t327.test + DNS:t328.test + DNS:t329.test + DNS:t330.test + DNS:t331.test + DNS:t332.test + DNS:t333.test + DNS:t334.test + DNS:t335.test + DNS:t336.test + DNS:t337.test + DNS:t338.test + DNS:t339.test + DNS:t340.test + DNS:t341.test + DNS:t342.test + DNS:t343.test + DNS:t344.test + DNS:t345.test + DNS:t346.test + DNS:t347.test + DNS:t348.test + DNS:t349.test + DNS:t350.test + DNS:t351.test + DNS:t352.test + DNS:t353.test + DNS:t354.test + DNS:t355.test + DNS:t356.test + DNS:t357.test + DNS:t358.test + DNS:t359.test + DNS:t360.test + DNS:t361.test + DNS:t362.test + DNS:t363.test + DNS:t364.test + DNS:t365.test + DNS:t366.test + DNS:t367.test + DNS:t368.test + DNS:t369.test + DNS:t370.test + DNS:t371.test + DNS:t372.test + DNS:t373.test + DNS:t374.test + DNS:t375.test + DNS:t376.test + DNS:t377.test + DNS:t378.test + DNS:t379.test + DNS:t380.test + DNS:t381.test + DNS:t382.test + DNS:t383.test + DNS:t384.test + DNS:t385.test + DNS:t386.test + DNS:t387.test + DNS:t388.test + DNS:t389.test + DNS:t390.test + DNS:t391.test + DNS:t392.test + DNS:t393.test + DNS:t394.test + DNS:t395.test + DNS:t396.test + DNS:t397.test + DNS:t398.test + DNS:t399.test + DNS:t400.test + DNS:t401.test + DNS:t402.test + DNS:t403.test + DNS:t404.test + DNS:t405.test + DNS:t406.test + DNS:t407.test + DNS:t408.test + DNS:t409.test + DNS:t410.test + DNS:t411.test + DNS:t412.test + DNS:t413.test + DNS:t414.test + DNS:t415.test + DNS:t416.test + DNS:t417.test + DNS:t418.test + DNS:t419.test + DNS:t420.test + DNS:t421.test + DNS:t422.test + DNS:t423.test + DNS:t424.test + DNS:t425.test + DNS:t426.test + DNS:t427.test + DNS:t428.test + DNS:t429.test + DNS:t430.test + DNS:t431.test + DNS:t432.test + DNS:t433.test + DNS:t434.test + DNS:t435.test + DNS:t436.test + DNS:t437.test + DNS:t438.test + DNS:t439.test + DNS:t440.test + DNS:t441.test + DNS:t442.test + DNS:t443.test + DNS:t444.test + DNS:t445.test + DNS:t446.test + DNS:t447.test + DNS:t448.test + DNS:t449.test + DNS:t450.test + DNS:t451.test + DNS:t452.test + DNS:t453.test + DNS:t454.test + DNS:t455.test + DNS:t456.test + DNS:t457.test + DNS:t458.test + DNS:t459.test + DNS:t460.test + DNS:t461.test + DNS:t462.test + DNS:t463.test + DNS:t464.test + DNS:t465.test + DNS:t466.test + DNS:t467.test + DNS:t468.test + DNS:t469.test + DNS:t470.test + DNS:t471.test + DNS:t472.test + DNS:t473.test + DNS:t474.test + DNS:t475.test + DNS:t476.test + DNS:t477.test + DNS:t478.test + DNS:t479.test + DNS:t480.test + DNS:t481.test + DNS:t482.test + DNS:t483.test + DNS:t484.test + DNS:t485.test + DNS:t486.test + DNS:t487.test + DNS:t488.test + DNS:t489.test + DNS:t490.test + DNS:t491.test + DNS:t492.test + DNS:t493.test + DNS:t494.test + DNS:t495.test + DNS:t496.test + DNS:t497.test + DNS:t498.test + DNS:t499.test + DNS:t500.test + DNS:t501.test + DNS:t502.test + DNS:t503.test + DNS:t504.test + DNS:t505.test + DNS:t506.test + DNS:t507.test + DNS:t508.test + DNS:t509.test + DNS:t510.test + DNS:t511.test + DNS:t512.test + DNS:t513.test + DNS:t514.test + DNS:t515.test + DNS:t516.test + DNS:t517.test + DNS:t518.test + DNS:t519.test + DNS:t520.test + DNS:t521.test + DNS:t522.test + DNS:t523.test + DNS:t524.test + DNS:t525.test + DNS:t526.test + DNS:t527.test + DNS:t528.test + DNS:t529.test + DNS:t530.test + DNS:t531.test + DNS:t532.test + DNS:t533.test + DNS:t534.test + DNS:t535.test + DNS:t536.test + DNS:t537.test + DNS:t538.test + DNS:t539.test + DNS:t540.test + DNS:t541.test + DNS:t542.test + DNS:t543.test + DNS:t544.test + DNS:t545.test + DNS:t546.test + DNS:t547.test + DNS:t548.test + DNS:t549.test + DNS:t550.test + DNS:t551.test + DNS:t552.test + DNS:t553.test + DNS:t554.test + DNS:t555.test + DNS:t556.test + DNS:t557.test + DNS:t558.test + DNS:t559.test + DNS:t560.test + DNS:t561.test + DNS:t562.test + DNS:t563.test + DNS:t564.test + DNS:t565.test + DNS:t566.test + DNS:t567.test + DNS:t568.test + DNS:t569.test + DNS:t570.test + DNS:t571.test + DNS:t572.test + DNS:t573.test + DNS:t574.test + DNS:t575.test + DNS:t576.test + DNS:t577.test + DNS:t578.test + DNS:t579.test + DNS:t580.test + DNS:t581.test + DNS:t582.test + DNS:t583.test + DNS:t584.test + DNS:t585.test + DNS:t586.test + DNS:t587.test + DNS:t588.test + DNS:t589.test + DNS:t590.test + DNS:t591.test + DNS:t592.test + DNS:t593.test + DNS:t594.test + DNS:t595.test + DNS:t596.test + DNS:t597.test + DNS:t598.test + DNS:t599.test + DNS:t600.test + DNS:t601.test + DNS:t602.test + DNS:t603.test + DNS:t604.test + DNS:t605.test + DNS:t606.test + DNS:t607.test + DNS:t608.test + DNS:t609.test + DNS:t610.test + DNS:t611.test + DNS:t612.test + DNS:t613.test + DNS:t614.test + DNS:t615.test + DNS:t616.test + DNS:t617.test + DNS:t618.test + DNS:t619.test + DNS:t620.test + DNS:t621.test + DNS:t622.test + DNS:t623.test + DNS:t624.test + DNS:t625.test + DNS:t626.test + DNS:t627.test + DNS:t628.test + DNS:t629.test + DNS:t630.test + DNS:t631.test + DNS:t632.test + DNS:t633.test + DNS:t634.test + DNS:t635.test + DNS:t636.test + DNS:t637.test + DNS:t638.test + DNS:t639.test + DNS:t640.test + DNS:t641.test + DNS:t642.test + DNS:t643.test + DNS:t644.test + DNS:t645.test + DNS:t646.test + DNS:t647.test + DNS:t648.test + DNS:t649.test + DNS:t650.test + DNS:t651.test + DNS:t652.test + DNS:t653.test + DNS:t654.test + DNS:t655.test + DNS:t656.test + DNS:t657.test + DNS:t658.test + DNS:t659.test + DNS:t660.test + DNS:t661.test + DNS:t662.test + DNS:t663.test + DNS:t664.test + DNS:t665.test + DNS:t666.test + DNS:t667.test + DNS:t668.test + DNS:t669.test + DNS:t670.test + DNS:t671.test + DNS:t672.test + DNS:t673.test + DNS:t674.test + DNS:t675.test + DNS:t676.test + DNS:t677.test + DNS:t678.test + DNS:t679.test + DNS:t680.test + DNS:t681.test + DNS:t682.test + DNS:t683.test + DNS:t684.test + DNS:t685.test + DNS:t686.test + DNS:t687.test + DNS:t688.test + DNS:t689.test + DNS:t690.test + DNS:t691.test + DNS:t692.test + DNS:t693.test + DNS:t694.test + DNS:t695.test + DNS:t696.test + DNS:t697.test + DNS:t698.test + DNS:t699.test + DNS:t700.test + DNS:t701.test + DNS:t702.test + DNS:t703.test + DNS:t704.test + DNS:t705.test + DNS:t706.test + DNS:t707.test + DNS:t708.test + DNS:t709.test + DNS:t710.test + DNS:t711.test + DNS:t712.test + DNS:t713.test + DNS:t714.test + DNS:t715.test + DNS:t716.test + DNS:t717.test + DNS:t718.test + DNS:t719.test + DNS:t720.test + DNS:t721.test + DNS:t722.test + DNS:t723.test + DNS:t724.test + DNS:t725.test + DNS:t726.test + DNS:t727.test + DNS:t728.test + DNS:t729.test + DNS:t730.test + DNS:t731.test + DNS:t732.test + DNS:t733.test + DNS:t734.test + DNS:t735.test + DNS:t736.test + DNS:t737.test + DNS:t738.test + DNS:t739.test + DNS:t740.test + DNS:t741.test + DNS:t742.test + DNS:t743.test + DNS:t744.test + DNS:t745.test + DNS:t746.test + DNS:t747.test + DNS:t748.test + DNS:t749.test + DNS:t750.test + DNS:t751.test + DNS:t752.test + DNS:t753.test + DNS:t754.test + DNS:t755.test + DNS:t756.test + DNS:t757.test + DNS:t758.test + DNS:t759.test + DNS:t760.test + DNS:t761.test + DNS:t762.test + DNS:t763.test + DNS:t764.test + DNS:t765.test + DNS:t766.test + DNS:t767.test + DNS:t768.test + DNS:t769.test + DNS:t770.test + DNS:t771.test + DNS:t772.test + DNS:t773.test + DNS:t774.test + DNS:t775.test + DNS:t776.test + DNS:t777.test + DNS:t778.test + DNS:t779.test + DNS:t780.test + DNS:t781.test + DNS:t782.test + DNS:t783.test + DNS:t784.test + DNS:t785.test + DNS:t786.test + DNS:t787.test + DNS:t788.test + DNS:t789.test + DNS:t790.test + DNS:t791.test + DNS:t792.test + DNS:t793.test + DNS:t794.test + DNS:t795.test + DNS:t796.test + DNS:t797.test + DNS:t798.test + DNS:t799.test + DNS:t800.test + DNS:t801.test + DNS:t802.test + DNS:t803.test + DNS:t804.test + DNS:t805.test + DNS:t806.test + DNS:t807.test + DNS:t808.test + DNS:t809.test + DNS:t810.test + DNS:t811.test + DNS:t812.test + DNS:t813.test + DNS:t814.test + DNS:t815.test + DNS:t816.test + DNS:t817.test + DNS:t818.test + DNS:t819.test + DNS:t820.test + DNS:t821.test + DNS:t822.test + DNS:t823.test + DNS:t824.test + DNS:t825.test + DNS:t826.test + DNS:t827.test + DNS:t828.test + DNS:t829.test + DNS:t830.test + DNS:t831.test + DNS:t832.test + DNS:t833.test + DNS:t834.test + DNS:t835.test + DNS:t836.test + DNS:t837.test + DNS:t838.test + DNS:t839.test + DNS:t840.test + DNS:t841.test + DNS:t842.test + DNS:t843.test + DNS:t844.test + DNS:t845.test + DNS:t846.test + DNS:t847.test + DNS:t848.test + DNS:t849.test + DNS:t850.test + DNS:t851.test + DNS:t852.test + DNS:t853.test + DNS:t854.test + DNS:t855.test + DNS:t856.test + DNS:t857.test + DNS:t858.test + DNS:t859.test + DNS:t860.test + DNS:t861.test + DNS:t862.test + DNS:t863.test + DNS:t864.test + DNS:t865.test + DNS:t866.test + DNS:t867.test + DNS:t868.test + DNS:t869.test + DNS:t870.test + DNS:t871.test + DNS:t872.test + DNS:t873.test + DNS:t874.test + DNS:t875.test + DNS:t876.test + DNS:t877.test + DNS:t878.test + DNS:t879.test + DNS:t880.test + DNS:t881.test + DNS:t882.test + DNS:t883.test + DNS:t884.test + DNS:t885.test + DNS:t886.test + DNS:t887.test + DNS:t888.test + DNS:t889.test + DNS:t890.test + DNS:t891.test + DNS:t892.test + DNS:t893.test + DNS:t894.test + DNS:t895.test + DNS:t896.test + DNS:t897.test + DNS:t898.test + DNS:t899.test + DNS:t900.test + DNS:t901.test + DNS:t902.test + DNS:t903.test + DNS:t904.test + DNS:t905.test + DNS:t906.test + DNS:t907.test + DNS:t908.test + DNS:t909.test + DNS:t910.test + DNS:t911.test + DNS:t912.test + DNS:t913.test + DNS:t914.test + DNS:t915.test + DNS:t916.test + DNS:t917.test + DNS:t918.test + DNS:t919.test + DNS:t920.test + DNS:t921.test + DNS:t922.test + DNS:t923.test + DNS:t924.test + DNS:t925.test + DNS:t926.test + DNS:t927.test + DNS:t928.test + DNS:t929.test + DNS:t930.test + DNS:t931.test + DNS:t932.test + DNS:t933.test + DNS:t934.test + DNS:t935.test + DNS:t936.test + DNS:t937.test + DNS:t938.test + DNS:t939.test + DNS:t940.test + DNS:t941.test + DNS:t942.test + DNS:t943.test + DNS:t944.test + DNS:t945.test + DNS:t946.test + DNS:t947.test + DNS:t948.test + DNS:t949.test + DNS:t950.test + DNS:t951.test + DNS:t952.test + DNS:t953.test + DNS:t954.test + DNS:t955.test + DNS:t956.test + DNS:t957.test + DNS:t958.test + DNS:t959.test + DNS:t960.test + DNS:t961.test + DNS:t962.test + DNS:t963.test + DNS:t964.test + DNS:t965.test + DNS:t966.test + DNS:t967.test + DNS:t968.test + DNS:t969.test + DNS:t970.test + DNS:t971.test + DNS:t972.test + DNS:t973.test + DNS:t974.test + DNS:t975.test + DNS:t976.test + DNS:t977.test + DNS:t978.test + DNS:t979.test + DNS:t980.test + DNS:t981.test + DNS:t982.test + DNS:t983.test + DNS:t984.test + DNS:t985.test + DNS:t986.test + DNS:t987.test + DNS:t988.test + DNS:t989.test + DNS:t990.test + DNS:t991.test + DNS:t992.test + DNS:t993.test + DNS:t994.test + DNS:t995.test + DNS:t996.test + DNS:t997.test + DNS:t998.test + DNS:t999.test + DNS:t1000.test + DNS:t1001.test + DNS:t1002.test + DNS:t1003.test + DNS:t1004.test + DNS:t1005.test + DNS:t1006.test + DNS:t1007.test + DNS:t1008.test + DNS:t1009.test + DNS:t1010.test + DNS:t1011.test + DNS:t1012.test + DNS:t1013.test + DNS:t1014.test + DNS:t1015.test + DNS:t1016.test + DNS:t1017.test + DNS:t1018.test + DNS:t1019.test + DNS:t1020.test + DNS:t1021.test + DNS:t1022.test + DNS:t1023.test + DNS:t1024.test + + Signature Algorithm: sha256WithRSAEncryption + 2f:8c:9f:08:43:fa:e1:c2:16:9b:e6:5a:b9:8e:7b:d5:49:ef: + d6:de:02:25:9b:46:eb:a3:df:a8:8d:07:10:40:e7:de:fe:23: + 6a:5e:9d:eb:63:7f:a1:a9:8d:34:b9:c8:bd:5f:dc:4c:eb:b3: + 89:73:23:fa:90:a3:a2:cb:f0:1f:67:f2:e8:e1:e0:74:e2:86: + 03:96:28:20:4b:b9:fc:ba:4f:80:24:de:2b:c1:27:9b:21:e5: + d9:3e:2b:66:76:50:6c:90:a3:5a:89:3e:51:34:09:1c:37:ce: + 60:79:6a:89:9b:6b:18:f5:89:31:01:96:92:b9:a0:71:b4:50: + 3a:8c:f4:46:3a:58:54:ff:a2:34:dc:ee:86:4e:5f:ac:f8:1a: + f9:c0:22:40:82:be:5f:98:d8:3d:52:3a:18:a2:4f:e2:30:76: + ba:fa:ee:5e:1f:26:80:72:b0:06:f0:21:b7:84:2a:5d:ea:21: + 9d:e0:0f:35:80:93:d8:9d:1f:9b:a7:3d:6f:e2:1c:29:38:12: + 9d:3c:cd:4b:4c:9f:fa:d5:62:2b:56:ac:2a:3a:f8:5f:cc:32: + 0f:02:7c:a8:df:c0:c9:d1:1e:4d:a7:dc:9f:cb:4e:93:34:f6: + 6e:50:3a:1d:b3:49:e9:50:a3:19:78:a0:8d:c3:2b:5a:78:1d: + 53:55:35:47 +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKCCM7gwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDALggl0MTcyLnRl +c3QwC4IJdDE3My50ZXN0MAuCCXQxNzQudGVzdDALggl0MTc1LnRlc3QwC4IJdDE3 +Ni50ZXN0MAuCCXQxNzcudGVzdDALggl0MTc4LnRlc3QwC4IJdDE3OS50ZXN0MAuC +CXQxODAudGVzdDALggl0MTgxLnRlc3QwC4IJdDE4Mi50ZXN0MAuCCXQxODMudGVz +dDALggl0MTg0LnRlc3QwC4IJdDE4NS50ZXN0MAuCCXQxODYudGVzdDALggl0MTg3 +LnRlc3QwC4IJdDE4OC50ZXN0MAuCCXQxODkudGVzdDALggl0MTkwLnRlc3QwC4IJ +dDE5MS50ZXN0MAuCCXQxOTIudGVzdDALggl0MTkzLnRlc3QwC4IJdDE5NC50ZXN0 +MAuCCXQxOTUudGVzdDALggl0MTk2LnRlc3QwC4IJdDE5Ny50ZXN0MAuCCXQxOTgu +dGVzdDALggl0MTk5LnRlc3QwC4IJdDIwMC50ZXN0MAuCCXQyMDEudGVzdDALggl0 +MjAyLnRlc3QwC4IJdDIwMy50ZXN0MAuCCXQyMDQudGVzdDALggl0MjA1LnRlc3Qw +C4IJdDIwNi50ZXN0MAuCCXQyMDcudGVzdDALggl0MjA4LnRlc3QwC4IJdDIwOS50 +ZXN0MAuCCXQyMTAudGVzdDALggl0MjExLnRlc3QwC4IJdDIxMi50ZXN0MAuCCXQy +MTMudGVzdDALggl0MjE0LnRlc3QwC4IJdDIxNS50ZXN0MAuCCXQyMTYudGVzdDAL +ggl0MjE3LnRlc3QwC4IJdDIxOC50ZXN0MAuCCXQyMTkudGVzdDALggl0MjIwLnRl +c3QwC4IJdDIyMS50ZXN0MAuCCXQyMjIudGVzdDALggl0MjIzLnRlc3QwC4IJdDIy +NC50ZXN0MAuCCXQyMjUudGVzdDALggl0MjI2LnRlc3QwC4IJdDIyNy50ZXN0MAuC +CXQyMjgudGVzdDALggl0MjI5LnRlc3QwC4IJdDIzMC50ZXN0MAuCCXQyMzEudGVz +dDALggl0MjMyLnRlc3QwC4IJdDIzMy50ZXN0MAuCCXQyMzQudGVzdDALggl0MjM1 +LnRlc3QwC4IJdDIzNi50ZXN0MAuCCXQyMzcudGVzdDALggl0MjM4LnRlc3QwC4IJ +dDIzOS50ZXN0MAuCCXQyNDAudGVzdDALggl0MjQxLnRlc3QwC4IJdDI0Mi50ZXN0 +MAuCCXQyNDMudGVzdDALggl0MjQ0LnRlc3QwC4IJdDI0NS50ZXN0MAuCCXQyNDYu +dGVzdDALggl0MjQ3LnRlc3QwC4IJdDI0OC50ZXN0MAuCCXQyNDkudGVzdDALggl0 +MjUwLnRlc3QwC4IJdDI1MS50ZXN0MAuCCXQyNTIudGVzdDALggl0MjUzLnRlc3Qw +C4IJdDI1NC50ZXN0MAuCCXQyNTUudGVzdDALggl0MjU2LnRlc3QwC4IJdDI1Ny50 +ZXN0MAuCCXQyNTgudGVzdDALggl0MjU5LnRlc3QwC4IJdDI2MC50ZXN0MAuCCXQy +NjEudGVzdDALggl0MjYyLnRlc3QwC4IJdDI2My50ZXN0MAuCCXQyNjQudGVzdDAL +ggl0MjY1LnRlc3QwC4IJdDI2Ni50ZXN0MAuCCXQyNjcudGVzdDALggl0MjY4LnRl +c3QwC4IJdDI2OS50ZXN0MAuCCXQyNzAudGVzdDALggl0MjcxLnRlc3QwC4IJdDI3 +Mi50ZXN0MAuCCXQyNzMudGVzdDALggl0Mjc0LnRlc3QwC4IJdDI3NS50ZXN0MAuC +CXQyNzYudGVzdDALggl0Mjc3LnRlc3QwC4IJdDI3OC50ZXN0MAuCCXQyNzkudGVz +dDALggl0MjgwLnRlc3QwC4IJdDI4MS50ZXN0MAuCCXQyODIudGVzdDALggl0Mjgz +LnRlc3QwC4IJdDI4NC50ZXN0MAuCCXQyODUudGVzdDALggl0Mjg2LnRlc3QwC4IJ +dDI4Ny50ZXN0MAuCCXQyODgudGVzdDALggl0Mjg5LnRlc3QwC4IJdDI5MC50ZXN0 +MAuCCXQyOTEudGVzdDALggl0MjkyLnRlc3QwC4IJdDI5My50ZXN0MAuCCXQyOTQu +dGVzdDALggl0Mjk1LnRlc3QwC4IJdDI5Ni50ZXN0MAuCCXQyOTcudGVzdDALggl0 +Mjk4LnRlc3QwC4IJdDI5OS50ZXN0MAuCCXQzMDAudGVzdDALggl0MzAxLnRlc3Qw +C4IJdDMwMi50ZXN0MAuCCXQzMDMudGVzdDALggl0MzA0LnRlc3QwC4IJdDMwNS50 +ZXN0MAuCCXQzMDYudGVzdDALggl0MzA3LnRlc3QwC4IJdDMwOC50ZXN0MAuCCXQz +MDkudGVzdDALggl0MzEwLnRlc3QwC4IJdDMxMS50ZXN0MAuCCXQzMTIudGVzdDAL +ggl0MzEzLnRlc3QwC4IJdDMxNC50ZXN0MAuCCXQzMTUudGVzdDALggl0MzE2LnRl +c3QwC4IJdDMxNy50ZXN0MAuCCXQzMTgudGVzdDALggl0MzE5LnRlc3QwC4IJdDMy +MC50ZXN0MAuCCXQzMjEudGVzdDALggl0MzIyLnRlc3QwC4IJdDMyMy50ZXN0MAuC +CXQzMjQudGVzdDALggl0MzI1LnRlc3QwC4IJdDMyNi50ZXN0MAuCCXQzMjcudGVz +dDALggl0MzI4LnRlc3QwC4IJdDMyOS50ZXN0MAuCCXQzMzAudGVzdDALggl0MzMx +LnRlc3QwC4IJdDMzMi50ZXN0MAuCCXQzMzMudGVzdDALggl0MzM0LnRlc3QwC4IJ +dDMzNS50ZXN0MAuCCXQzMzYudGVzdDALggl0MzM3LnRlc3QwC4IJdDMzOC50ZXN0 +MAuCCXQzMzkudGVzdDALggl0MzQwLnRlc3QwC4IJdDM0MS50ZXN0MAuCCXQzNDIu +dGVzdDALggl0MzQzLnRlc3QwC4IJdDM0NC50ZXN0MAuCCXQzNDUudGVzdDALggl0 +MzQ2LnRlc3QwC4IJdDM0Ny50ZXN0MAuCCXQzNDgudGVzdDALggl0MzQ5LnRlc3Qw +C4IJdDM1MC50ZXN0MAuCCXQzNTEudGVzdDALggl0MzUyLnRlc3QwC4IJdDM1My50 +ZXN0MAuCCXQzNTQudGVzdDALggl0MzU1LnRlc3QwC4IJdDM1Ni50ZXN0MAuCCXQz +NTcudGVzdDALggl0MzU4LnRlc3QwC4IJdDM1OS50ZXN0MAuCCXQzNjAudGVzdDAL +ggl0MzYxLnRlc3QwC4IJdDM2Mi50ZXN0MAuCCXQzNjMudGVzdDALggl0MzY0LnRl +c3QwC4IJdDM2NS50ZXN0MAuCCXQzNjYudGVzdDALggl0MzY3LnRlc3QwC4IJdDM2 +OC50ZXN0MAuCCXQzNjkudGVzdDALggl0MzcwLnRlc3QwC4IJdDM3MS50ZXN0MAuC +CXQzNzIudGVzdDALggl0MzczLnRlc3QwC4IJdDM3NC50ZXN0MAuCCXQzNzUudGVz +dDALggl0Mzc2LnRlc3QwC4IJdDM3Ny50ZXN0MAuCCXQzNzgudGVzdDALggl0Mzc5 +LnRlc3QwC4IJdDM4MC50ZXN0MAuCCXQzODEudGVzdDALggl0MzgyLnRlc3QwC4IJ +dDM4My50ZXN0MAuCCXQzODQudGVzdDALggl0Mzg1LnRlc3QwC4IJdDM4Ni50ZXN0 +MAuCCXQzODcudGVzdDALggl0Mzg4LnRlc3QwC4IJdDM4OS50ZXN0MAuCCXQzOTAu +dGVzdDALggl0MzkxLnRlc3QwC4IJdDM5Mi50ZXN0MAuCCXQzOTMudGVzdDALggl0 +Mzk0LnRlc3QwC4IJdDM5NS50ZXN0MAuCCXQzOTYudGVzdDALggl0Mzk3LnRlc3Qw +C4IJdDM5OC50ZXN0MAuCCXQzOTkudGVzdDALggl0NDAwLnRlc3QwC4IJdDQwMS50 +ZXN0MAuCCXQ0MDIudGVzdDALggl0NDAzLnRlc3QwC4IJdDQwNC50ZXN0MAuCCXQ0 +MDUudGVzdDALggl0NDA2LnRlc3QwC4IJdDQwNy50ZXN0MAuCCXQ0MDgudGVzdDAL +ggl0NDA5LnRlc3QwC4IJdDQxMC50ZXN0MAuCCXQ0MTEudGVzdDALggl0NDEyLnRl +c3QwC4IJdDQxMy50ZXN0MAuCCXQ0MTQudGVzdDALggl0NDE1LnRlc3QwC4IJdDQx +Ni50ZXN0MAuCCXQ0MTcudGVzdDALggl0NDE4LnRlc3QwC4IJdDQxOS50ZXN0MAuC +CXQ0MjAudGVzdDALggl0NDIxLnRlc3QwC4IJdDQyMi50ZXN0MAuCCXQ0MjMudGVz +dDALggl0NDI0LnRlc3QwC4IJdDQyNS50ZXN0MAuCCXQ0MjYudGVzdDALggl0NDI3 +LnRlc3QwC4IJdDQyOC50ZXN0MAuCCXQ0MjkudGVzdDALggl0NDMwLnRlc3QwC4IJ +dDQzMS50ZXN0MAuCCXQ0MzIudGVzdDALggl0NDMzLnRlc3QwC4IJdDQzNC50ZXN0 +MAuCCXQ0MzUudGVzdDALggl0NDM2LnRlc3QwC4IJdDQzNy50ZXN0MAuCCXQ0Mzgu +dGVzdDALggl0NDM5LnRlc3QwC4IJdDQ0MC50ZXN0MAuCCXQ0NDEudGVzdDALggl0 +NDQyLnRlc3QwC4IJdDQ0My50ZXN0MAuCCXQ0NDQudGVzdDALggl0NDQ1LnRlc3Qw +C4IJdDQ0Ni50ZXN0MAuCCXQ0NDcudGVzdDALggl0NDQ4LnRlc3QwC4IJdDQ0OS50 +ZXN0MAuCCXQ0NTAudGVzdDALggl0NDUxLnRlc3QwC4IJdDQ1Mi50ZXN0MAuCCXQ0 +NTMudGVzdDALggl0NDU0LnRlc3QwC4IJdDQ1NS50ZXN0MAuCCXQ0NTYudGVzdDAL +ggl0NDU3LnRlc3QwC4IJdDQ1OC50ZXN0MAuCCXQ0NTkudGVzdDALggl0NDYwLnRl +c3QwC4IJdDQ2MS50ZXN0MAuCCXQ0NjIudGVzdDALggl0NDYzLnRlc3QwC4IJdDQ2 +NC50ZXN0MAuCCXQ0NjUudGVzdDALggl0NDY2LnRlc3QwC4IJdDQ2Ny50ZXN0MAuC +CXQ0NjgudGVzdDALggl0NDY5LnRlc3QwC4IJdDQ3MC50ZXN0MAuCCXQ0NzEudGVz +dDALggl0NDcyLnRlc3QwC4IJdDQ3My50ZXN0MAuCCXQ0NzQudGVzdDALggl0NDc1 +LnRlc3QwC4IJdDQ3Ni50ZXN0MAuCCXQ0NzcudGVzdDALggl0NDc4LnRlc3QwC4IJ +dDQ3OS50ZXN0MAuCCXQ0ODAudGVzdDALggl0NDgxLnRlc3QwC4IJdDQ4Mi50ZXN0 +MAuCCXQ0ODMudGVzdDALggl0NDg0LnRlc3QwC4IJdDQ4NS50ZXN0MAuCCXQ0ODYu +dGVzdDALggl0NDg3LnRlc3QwC4IJdDQ4OC50ZXN0MAuCCXQ0ODkudGVzdDALggl0 +NDkwLnRlc3QwC4IJdDQ5MS50ZXN0MAuCCXQ0OTIudGVzdDALggl0NDkzLnRlc3Qw +C4IJdDQ5NC50ZXN0MAuCCXQ0OTUudGVzdDALggl0NDk2LnRlc3QwC4IJdDQ5Ny50 +ZXN0MAuCCXQ0OTgudGVzdDALggl0NDk5LnRlc3QwC4IJdDUwMC50ZXN0MAuCCXQ1 +MDEudGVzdDALggl0NTAyLnRlc3QwC4IJdDUwMy50ZXN0MAuCCXQ1MDQudGVzdDAL +ggl0NTA1LnRlc3QwC4IJdDUwNi50ZXN0MAuCCXQ1MDcudGVzdDALggl0NTA4LnRl +c3QwC4IJdDUwOS50ZXN0MAuCCXQ1MTAudGVzdDALggl0NTExLnRlc3QwC4IJdDUx +Mi50ZXN0MAuCCXQ1MTMudGVzdDALggl0NTE0LnRlc3QwC4IJdDUxNS50ZXN0MAuC +CXQ1MTYudGVzdDALggl0NTE3LnRlc3QwC4IJdDUxOC50ZXN0MAuCCXQ1MTkudGVz +dDALggl0NTIwLnRlc3QwC4IJdDUyMS50ZXN0MAuCCXQ1MjIudGVzdDALggl0NTIz +LnRlc3QwC4IJdDUyNC50ZXN0MAuCCXQ1MjUudGVzdDALggl0NTI2LnRlc3QwC4IJ +dDUyNy50ZXN0MAuCCXQ1MjgudGVzdDALggl0NTI5LnRlc3QwC4IJdDUzMC50ZXN0 +MAuCCXQ1MzEudGVzdDALggl0NTMyLnRlc3QwC4IJdDUzMy50ZXN0MAuCCXQ1MzQu +dGVzdDALggl0NTM1LnRlc3QwC4IJdDUzNi50ZXN0MAuCCXQ1MzcudGVzdDALggl0 +NTM4LnRlc3QwC4IJdDUzOS50ZXN0MAuCCXQ1NDAudGVzdDALggl0NTQxLnRlc3Qw +C4IJdDU0Mi50ZXN0MAuCCXQ1NDMudGVzdDALggl0NTQ0LnRlc3QwC4IJdDU0NS50 +ZXN0MAuCCXQ1NDYudGVzdDALggl0NTQ3LnRlc3QwC4IJdDU0OC50ZXN0MAuCCXQ1 +NDkudGVzdDALggl0NTUwLnRlc3QwC4IJdDU1MS50ZXN0MAuCCXQ1NTIudGVzdDAL +ggl0NTUzLnRlc3QwC4IJdDU1NC50ZXN0MAuCCXQ1NTUudGVzdDALggl0NTU2LnRl +c3QwC4IJdDU1Ny50ZXN0MAuCCXQ1NTgudGVzdDALggl0NTU5LnRlc3QwC4IJdDU2 +MC50ZXN0MAuCCXQ1NjEudGVzdDALggl0NTYyLnRlc3QwC4IJdDU2My50ZXN0MAuC +CXQ1NjQudGVzdDALggl0NTY1LnRlc3QwC4IJdDU2Ni50ZXN0MAuCCXQ1NjcudGVz +dDALggl0NTY4LnRlc3QwC4IJdDU2OS50ZXN0MAuCCXQ1NzAudGVzdDALggl0NTcx +LnRlc3QwC4IJdDU3Mi50ZXN0MAuCCXQ1NzMudGVzdDALggl0NTc0LnRlc3QwC4IJ +dDU3NS50ZXN0MAuCCXQ1NzYudGVzdDALggl0NTc3LnRlc3QwC4IJdDU3OC50ZXN0 +MAuCCXQ1NzkudGVzdDALggl0NTgwLnRlc3QwC4IJdDU4MS50ZXN0MAuCCXQ1ODIu +dGVzdDALggl0NTgzLnRlc3QwC4IJdDU4NC50ZXN0MAuCCXQ1ODUudGVzdDALggl0 +NTg2LnRlc3QwC4IJdDU4Ny50ZXN0MAuCCXQ1ODgudGVzdDALggl0NTg5LnRlc3Qw +C4IJdDU5MC50ZXN0MAuCCXQ1OTEudGVzdDALggl0NTkyLnRlc3QwC4IJdDU5My50 +ZXN0MAuCCXQ1OTQudGVzdDALggl0NTk1LnRlc3QwC4IJdDU5Ni50ZXN0MAuCCXQ1 +OTcudGVzdDALggl0NTk4LnRlc3QwC4IJdDU5OS50ZXN0MAuCCXQ2MDAudGVzdDAL +ggl0NjAxLnRlc3QwC4IJdDYwMi50ZXN0MAuCCXQ2MDMudGVzdDALggl0NjA0LnRl +c3QwC4IJdDYwNS50ZXN0MAuCCXQ2MDYudGVzdDALggl0NjA3LnRlc3QwC4IJdDYw +OC50ZXN0MAuCCXQ2MDkudGVzdDALggl0NjEwLnRlc3QwC4IJdDYxMS50ZXN0MAuC +CXQ2MTIudGVzdDALggl0NjEzLnRlc3QwC4IJdDYxNC50ZXN0MAuCCXQ2MTUudGVz +dDALggl0NjE2LnRlc3QwC4IJdDYxNy50ZXN0MAuCCXQ2MTgudGVzdDALggl0NjE5 +LnRlc3QwC4IJdDYyMC50ZXN0MAuCCXQ2MjEudGVzdDALggl0NjIyLnRlc3QwC4IJ +dDYyMy50ZXN0MAuCCXQ2MjQudGVzdDALggl0NjI1LnRlc3QwC4IJdDYyNi50ZXN0 +MAuCCXQ2MjcudGVzdDALggl0NjI4LnRlc3QwC4IJdDYyOS50ZXN0MAuCCXQ2MzAu +dGVzdDALggl0NjMxLnRlc3QwC4IJdDYzMi50ZXN0MAuCCXQ2MzMudGVzdDALggl0 +NjM0LnRlc3QwC4IJdDYzNS50ZXN0MAuCCXQ2MzYudGVzdDALggl0NjM3LnRlc3Qw +C4IJdDYzOC50ZXN0MAuCCXQ2MzkudGVzdDALggl0NjQwLnRlc3QwC4IJdDY0MS50 +ZXN0MAuCCXQ2NDIudGVzdDALggl0NjQzLnRlc3QwC4IJdDY0NC50ZXN0MAuCCXQ2 +NDUudGVzdDALggl0NjQ2LnRlc3QwC4IJdDY0Ny50ZXN0MAuCCXQ2NDgudGVzdDAL +ggl0NjQ5LnRlc3QwC4IJdDY1MC50ZXN0MAuCCXQ2NTEudGVzdDALggl0NjUyLnRl +c3QwC4IJdDY1My50ZXN0MAuCCXQ2NTQudGVzdDALggl0NjU1LnRlc3QwC4IJdDY1 +Ni50ZXN0MAuCCXQ2NTcudGVzdDALggl0NjU4LnRlc3QwC4IJdDY1OS50ZXN0MAuC +CXQ2NjAudGVzdDALggl0NjYxLnRlc3QwC4IJdDY2Mi50ZXN0MAuCCXQ2NjMudGVz +dDALggl0NjY0LnRlc3QwC4IJdDY2NS50ZXN0MAuCCXQ2NjYudGVzdDALggl0NjY3 +LnRlc3QwC4IJdDY2OC50ZXN0MAuCCXQ2NjkudGVzdDALggl0NjcwLnRlc3QwC4IJ +dDY3MS50ZXN0MAuCCXQ2NzIudGVzdDALggl0NjczLnRlc3QwC4IJdDY3NC50ZXN0 +MAuCCXQ2NzUudGVzdDALggl0Njc2LnRlc3QwC4IJdDY3Ny50ZXN0MAuCCXQ2Nzgu +dGVzdDALggl0Njc5LnRlc3QwC4IJdDY4MC50ZXN0MAuCCXQ2ODEudGVzdDALggl0 +NjgyLnRlc3QwC4IJdDY4My50ZXN0MAuCCXQ2ODQudGVzdDALggl0Njg1LnRlc3Qw +C4IJdDY4Ni50ZXN0MAuCCXQ2ODcudGVzdDALggl0Njg4LnRlc3QwC4IJdDY4OS50 +ZXN0MAuCCXQ2OTAudGVzdDALggl0NjkxLnRlc3QwC4IJdDY5Mi50ZXN0MAuCCXQ2 +OTMudGVzdDALggl0Njk0LnRlc3QwC4IJdDY5NS50ZXN0MAuCCXQ2OTYudGVzdDAL +ggl0Njk3LnRlc3QwC4IJdDY5OC50ZXN0MAuCCXQ2OTkudGVzdDALggl0NzAwLnRl +c3QwC4IJdDcwMS50ZXN0MAuCCXQ3MDIudGVzdDALggl0NzAzLnRlc3QwC4IJdDcw +NC50ZXN0MAuCCXQ3MDUudGVzdDALggl0NzA2LnRlc3QwC4IJdDcwNy50ZXN0MAuC +CXQ3MDgudGVzdDALggl0NzA5LnRlc3QwC4IJdDcxMC50ZXN0MAuCCXQ3MTEudGVz +dDALggl0NzEyLnRlc3QwC4IJdDcxMy50ZXN0MAuCCXQ3MTQudGVzdDALggl0NzE1 +LnRlc3QwC4IJdDcxNi50ZXN0MAuCCXQ3MTcudGVzdDALggl0NzE4LnRlc3QwC4IJ +dDcxOS50ZXN0MAuCCXQ3MjAudGVzdDALggl0NzIxLnRlc3QwC4IJdDcyMi50ZXN0 +MAuCCXQ3MjMudGVzdDALggl0NzI0LnRlc3QwC4IJdDcyNS50ZXN0MAuCCXQ3MjYu +dGVzdDALggl0NzI3LnRlc3QwC4IJdDcyOC50ZXN0MAuCCXQ3MjkudGVzdDALggl0 +NzMwLnRlc3QwC4IJdDczMS50ZXN0MAuCCXQ3MzIudGVzdDALggl0NzMzLnRlc3Qw +C4IJdDczNC50ZXN0MAuCCXQ3MzUudGVzdDALggl0NzM2LnRlc3QwC4IJdDczNy50 +ZXN0MAuCCXQ3MzgudGVzdDALggl0NzM5LnRlc3QwC4IJdDc0MC50ZXN0MAuCCXQ3 +NDEudGVzdDALggl0NzQyLnRlc3QwC4IJdDc0My50ZXN0MAuCCXQ3NDQudGVzdDAL +ggl0NzQ1LnRlc3QwC4IJdDc0Ni50ZXN0MAuCCXQ3NDcudGVzdDALggl0NzQ4LnRl +c3QwC4IJdDc0OS50ZXN0MAuCCXQ3NTAudGVzdDALggl0NzUxLnRlc3QwC4IJdDc1 +Mi50ZXN0MAuCCXQ3NTMudGVzdDALggl0NzU0LnRlc3QwC4IJdDc1NS50ZXN0MAuC +CXQ3NTYudGVzdDALggl0NzU3LnRlc3QwC4IJdDc1OC50ZXN0MAuCCXQ3NTkudGVz +dDALggl0NzYwLnRlc3QwC4IJdDc2MS50ZXN0MAuCCXQ3NjIudGVzdDALggl0NzYz +LnRlc3QwC4IJdDc2NC50ZXN0MAuCCXQ3NjUudGVzdDALggl0NzY2LnRlc3QwC4IJ +dDc2Ny50ZXN0MAuCCXQ3NjgudGVzdDALggl0NzY5LnRlc3QwC4IJdDc3MC50ZXN0 +MAuCCXQ3NzEudGVzdDALggl0NzcyLnRlc3QwC4IJdDc3My50ZXN0MAuCCXQ3NzQu +dGVzdDALggl0Nzc1LnRlc3QwC4IJdDc3Ni50ZXN0MAuCCXQ3NzcudGVzdDALggl0 +Nzc4LnRlc3QwC4IJdDc3OS50ZXN0MAuCCXQ3ODAudGVzdDALggl0NzgxLnRlc3Qw +C4IJdDc4Mi50ZXN0MAuCCXQ3ODMudGVzdDALggl0Nzg0LnRlc3QwC4IJdDc4NS50 +ZXN0MAuCCXQ3ODYudGVzdDALggl0Nzg3LnRlc3QwC4IJdDc4OC50ZXN0MAuCCXQ3 +ODkudGVzdDALggl0NzkwLnRlc3QwC4IJdDc5MS50ZXN0MAuCCXQ3OTIudGVzdDAL +ggl0NzkzLnRlc3QwC4IJdDc5NC50ZXN0MAuCCXQ3OTUudGVzdDALggl0Nzk2LnRl +c3QwC4IJdDc5Ny50ZXN0MAuCCXQ3OTgudGVzdDALggl0Nzk5LnRlc3QwC4IJdDgw +MC50ZXN0MAuCCXQ4MDEudGVzdDALggl0ODAyLnRlc3QwC4IJdDgwMy50ZXN0MAuC +CXQ4MDQudGVzdDALggl0ODA1LnRlc3QwC4IJdDgwNi50ZXN0MAuCCXQ4MDcudGVz +dDALggl0ODA4LnRlc3QwC4IJdDgwOS50ZXN0MAuCCXQ4MTAudGVzdDALggl0ODEx +LnRlc3QwC4IJdDgxMi50ZXN0MAuCCXQ4MTMudGVzdDALggl0ODE0LnRlc3QwC4IJ +dDgxNS50ZXN0MAuCCXQ4MTYudGVzdDALggl0ODE3LnRlc3QwC4IJdDgxOC50ZXN0 +MAuCCXQ4MTkudGVzdDALggl0ODIwLnRlc3QwC4IJdDgyMS50ZXN0MAuCCXQ4MjIu +dGVzdDALggl0ODIzLnRlc3QwC4IJdDgyNC50ZXN0MAuCCXQ4MjUudGVzdDALggl0 +ODI2LnRlc3QwC4IJdDgyNy50ZXN0MAuCCXQ4MjgudGVzdDALggl0ODI5LnRlc3Qw +C4IJdDgzMC50ZXN0MAuCCXQ4MzEudGVzdDALggl0ODMyLnRlc3QwC4IJdDgzMy50 +ZXN0MAuCCXQ4MzQudGVzdDALggl0ODM1LnRlc3QwC4IJdDgzNi50ZXN0MAuCCXQ4 +MzcudGVzdDALggl0ODM4LnRlc3QwC4IJdDgzOS50ZXN0MAuCCXQ4NDAudGVzdDAL +ggl0ODQxLnRlc3QwC4IJdDg0Mi50ZXN0MAuCCXQ4NDMudGVzdDALggl0ODQ0LnRl +c3QwC4IJdDg0NS50ZXN0MAuCCXQ4NDYudGVzdDALggl0ODQ3LnRlc3QwC4IJdDg0 +OC50ZXN0MAuCCXQ4NDkudGVzdDALggl0ODUwLnRlc3QwC4IJdDg1MS50ZXN0MAuC +CXQ4NTIudGVzdDALggl0ODUzLnRlc3QwC4IJdDg1NC50ZXN0MAuCCXQ4NTUudGVz +dDALggl0ODU2LnRlc3QwC4IJdDg1Ny50ZXN0MAuCCXQ4NTgudGVzdDALggl0ODU5 +LnRlc3QwC4IJdDg2MC50ZXN0MAuCCXQ4NjEudGVzdDALggl0ODYyLnRlc3QwC4IJ +dDg2My50ZXN0MAuCCXQ4NjQudGVzdDALggl0ODY1LnRlc3QwC4IJdDg2Ni50ZXN0 +MAuCCXQ4NjcudGVzdDALggl0ODY4LnRlc3QwC4IJdDg2OS50ZXN0MAuCCXQ4NzAu +dGVzdDALggl0ODcxLnRlc3QwC4IJdDg3Mi50ZXN0MAuCCXQ4NzMudGVzdDALggl0 +ODc0LnRlc3QwC4IJdDg3NS50ZXN0MAuCCXQ4NzYudGVzdDALggl0ODc3LnRlc3Qw +C4IJdDg3OC50ZXN0MAuCCXQ4NzkudGVzdDALggl0ODgwLnRlc3QwC4IJdDg4MS50 +ZXN0MAuCCXQ4ODIudGVzdDALggl0ODgzLnRlc3QwC4IJdDg4NC50ZXN0MAuCCXQ4 +ODUudGVzdDALggl0ODg2LnRlc3QwC4IJdDg4Ny50ZXN0MAuCCXQ4ODgudGVzdDAL +ggl0ODg5LnRlc3QwC4IJdDg5MC50ZXN0MAuCCXQ4OTEudGVzdDALggl0ODkyLnRl +c3QwC4IJdDg5My50ZXN0MAuCCXQ4OTQudGVzdDALggl0ODk1LnRlc3QwC4IJdDg5 +Ni50ZXN0MAuCCXQ4OTcudGVzdDALggl0ODk4LnRlc3QwC4IJdDg5OS50ZXN0MAuC +CXQ5MDAudGVzdDALggl0OTAxLnRlc3QwC4IJdDkwMi50ZXN0MAuCCXQ5MDMudGVz +dDALggl0OTA0LnRlc3QwC4IJdDkwNS50ZXN0MAuCCXQ5MDYudGVzdDALggl0OTA3 +LnRlc3QwC4IJdDkwOC50ZXN0MAuCCXQ5MDkudGVzdDALggl0OTEwLnRlc3QwC4IJ +dDkxMS50ZXN0MAuCCXQ5MTIudGVzdDALggl0OTEzLnRlc3QwC4IJdDkxNC50ZXN0 +MAuCCXQ5MTUudGVzdDALggl0OTE2LnRlc3QwC4IJdDkxNy50ZXN0MAuCCXQ5MTgu +dGVzdDALggl0OTE5LnRlc3QwC4IJdDkyMC50ZXN0MAuCCXQ5MjEudGVzdDALggl0 +OTIyLnRlc3QwC4IJdDkyMy50ZXN0MAuCCXQ5MjQudGVzdDALggl0OTI1LnRlc3Qw +C4IJdDkyNi50ZXN0MAuCCXQ5MjcudGVzdDALggl0OTI4LnRlc3QwC4IJdDkyOS50 +ZXN0MAuCCXQ5MzAudGVzdDALggl0OTMxLnRlc3QwC4IJdDkzMi50ZXN0MAuCCXQ5 +MzMudGVzdDALggl0OTM0LnRlc3QwC4IJdDkzNS50ZXN0MAuCCXQ5MzYudGVzdDAL +ggl0OTM3LnRlc3QwC4IJdDkzOC50ZXN0MAuCCXQ5MzkudGVzdDALggl0OTQwLnRl +c3QwC4IJdDk0MS50ZXN0MAuCCXQ5NDIudGVzdDALggl0OTQzLnRlc3QwC4IJdDk0 +NC50ZXN0MAuCCXQ5NDUudGVzdDALggl0OTQ2LnRlc3QwC4IJdDk0Ny50ZXN0MAuC +CXQ5NDgudGVzdDALggl0OTQ5LnRlc3QwC4IJdDk1MC50ZXN0MAuCCXQ5NTEudGVz +dDALggl0OTUyLnRlc3QwC4IJdDk1My50ZXN0MAuCCXQ5NTQudGVzdDALggl0OTU1 +LnRlc3QwC4IJdDk1Ni50ZXN0MAuCCXQ5NTcudGVzdDALggl0OTU4LnRlc3QwC4IJ +dDk1OS50ZXN0MAuCCXQ5NjAudGVzdDALggl0OTYxLnRlc3QwC4IJdDk2Mi50ZXN0 +MAuCCXQ5NjMudGVzdDALggl0OTY0LnRlc3QwC4IJdDk2NS50ZXN0MAuCCXQ5NjYu +dGVzdDALggl0OTY3LnRlc3QwC4IJdDk2OC50ZXN0MAuCCXQ5NjkudGVzdDALggl0 +OTcwLnRlc3QwC4IJdDk3MS50ZXN0MAuCCXQ5NzIudGVzdDALggl0OTczLnRlc3Qw +C4IJdDk3NC50ZXN0MAuCCXQ5NzUudGVzdDALggl0OTc2LnRlc3QwC4IJdDk3Ny50 +ZXN0MAuCCXQ5NzgudGVzdDALggl0OTc5LnRlc3QwC4IJdDk4MC50ZXN0MAuCCXQ5 +ODEudGVzdDALggl0OTgyLnRlc3QwC4IJdDk4My50ZXN0MAuCCXQ5ODQudGVzdDAL +ggl0OTg1LnRlc3QwC4IJdDk4Ni50ZXN0MAuCCXQ5ODcudGVzdDALggl0OTg4LnRl +c3QwC4IJdDk4OS50ZXN0MAuCCXQ5OTAudGVzdDALggl0OTkxLnRlc3QwC4IJdDk5 +Mi50ZXN0MAuCCXQ5OTMudGVzdDALggl0OTk0LnRlc3QwC4IJdDk5NS50ZXN0MAuC +CXQ5OTYudGVzdDALggl0OTk3LnRlc3QwC4IJdDk5OC50ZXN0MAuCCXQ5OTkudGVz +dDAMggp0MTAwMC50ZXN0MAyCCnQxMDAxLnRlc3QwDIIKdDEwMDIudGVzdDAMggp0 +MTAwMy50ZXN0MAyCCnQxMDA0LnRlc3QwDIIKdDEwMDUudGVzdDAMggp0MTAwNi50 +ZXN0MAyCCnQxMDA3LnRlc3QwDIIKdDEwMDgudGVzdDAMggp0MTAwOS50ZXN0MAyC +CnQxMDEwLnRlc3QwDIIKdDEwMTEudGVzdDAMggp0MTAxMi50ZXN0MAyCCnQxMDEz +LnRlc3QwDIIKdDEwMTQudGVzdDAMggp0MTAxNS50ZXN0MAyCCnQxMDE2LnRlc3Qw +DIIKdDEwMTcudGVzdDAMggp0MTAxOC50ZXN0MAyCCnQxMDE5LnRlc3QwDIIKdDEw +MjAudGVzdDAMggp0MTAyMS50ZXN0MAyCCnQxMDIyLnRlc3QwDIIKdDEwMjMudGVz +dDAMggp0MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQAvjJ8IQ/rhwhab5lq5 +jnvVSe/W3gIlm0bro9+ojQcQQOfe/iNqXp3rY3+hqY00uci9X9xM67OJcyP6kKOi +y/AfZ/Lo4eB04oYDliggS7n8uk+AJN4rwSebIeXZPitmdlBskKNaiT5RNAkcN85g +eWqJm2sY9YkxAZaSuaBxtFA6jPRGOlhU/6I03O6GTl+s+Br5wCJAgr5fmNg9UjoY +ok/iMHa6+u5eHyaAcrAG8CG3hCpd6iGd4A81gJPYnR+bpz1v4hwpOBKdPM1LTJ/6 +1WIrVqwqOvhfzDIPAnyo38DJ0R5Np9yfy06TNPZuUDods0npUKMZeKCNwytaeB1T +VTVH +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.cnf new file mode 100644 index 0000000000..005bf366d2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.cnf @@ -0,0 +1,1092 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_6.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +permitted;IP.1 = 10.0.0.0/255.255.255.255 +permitted;IP.2 = 10.0.0.1/255.255.255.255 +permitted;IP.3 = 10.0.0.2/255.255.255.255 +permitted;IP.4 = 10.0.0.3/255.255.255.255 +permitted;IP.5 = 10.0.0.4/255.255.255.255 +permitted;IP.6 = 10.0.0.5/255.255.255.255 +permitted;IP.7 = 10.0.0.6/255.255.255.255 +permitted;IP.8 = 10.0.0.7/255.255.255.255 +permitted;IP.9 = 10.0.0.8/255.255.255.255 +permitted;IP.10 = 10.0.0.9/255.255.255.255 +permitted;IP.11 = 10.0.0.10/255.255.255.255 +permitted;IP.12 = 10.0.0.11/255.255.255.255 +permitted;IP.13 = 10.0.0.12/255.255.255.255 +permitted;IP.14 = 10.0.0.13/255.255.255.255 +permitted;IP.15 = 10.0.0.14/255.255.255.255 +permitted;IP.16 = 10.0.0.15/255.255.255.255 +permitted;IP.17 = 10.0.0.16/255.255.255.255 +permitted;IP.18 = 10.0.0.17/255.255.255.255 +permitted;IP.19 = 10.0.0.18/255.255.255.255 +permitted;IP.20 = 10.0.0.19/255.255.255.255 +permitted;IP.21 = 10.0.0.20/255.255.255.255 +permitted;IP.22 = 10.0.0.21/255.255.255.255 +permitted;IP.23 = 10.0.0.22/255.255.255.255 +permitted;IP.24 = 10.0.0.23/255.255.255.255 +permitted;IP.25 = 10.0.0.24/255.255.255.255 +permitted;IP.26 = 10.0.0.25/255.255.255.255 +permitted;IP.27 = 10.0.0.26/255.255.255.255 +permitted;IP.28 = 10.0.0.27/255.255.255.255 +permitted;IP.29 = 10.0.0.28/255.255.255.255 +permitted;IP.30 = 10.0.0.29/255.255.255.255 +permitted;IP.31 = 10.0.0.30/255.255.255.255 +permitted;IP.32 = 10.0.0.31/255.255.255.255 +permitted;IP.33 = 10.0.0.32/255.255.255.255 +permitted;IP.34 = 10.0.0.33/255.255.255.255 +permitted;IP.35 = 10.0.0.34/255.255.255.255 +permitted;IP.36 = 10.0.0.35/255.255.255.255 +permitted;IP.37 = 10.0.0.36/255.255.255.255 +permitted;IP.38 = 10.0.0.37/255.255.255.255 +permitted;IP.39 = 10.0.0.38/255.255.255.255 +permitted;IP.40 = 10.0.0.39/255.255.255.255 +permitted;IP.41 = 10.0.0.40/255.255.255.255 +permitted;IP.42 = 10.0.0.41/255.255.255.255 +permitted;IP.43 = 10.0.0.42/255.255.255.255 +permitted;IP.44 = 10.0.0.43/255.255.255.255 +permitted;IP.45 = 10.0.0.44/255.255.255.255 +permitted;IP.46 = 10.0.0.45/255.255.255.255 +permitted;IP.47 = 10.0.0.46/255.255.255.255 +permitted;IP.48 = 10.0.0.47/255.255.255.255 +permitted;IP.49 = 10.0.0.48/255.255.255.255 +permitted;IP.50 = 10.0.0.49/255.255.255.255 +permitted;IP.51 = 10.0.0.50/255.255.255.255 +permitted;IP.52 = 10.0.0.51/255.255.255.255 +permitted;IP.53 = 10.0.0.52/255.255.255.255 +permitted;IP.54 = 10.0.0.53/255.255.255.255 +permitted;IP.55 = 10.0.0.54/255.255.255.255 +permitted;IP.56 = 10.0.0.55/255.255.255.255 +permitted;IP.57 = 10.0.0.56/255.255.255.255 +permitted;IP.58 = 10.0.0.57/255.255.255.255 +permitted;IP.59 = 10.0.0.58/255.255.255.255 +permitted;IP.60 = 10.0.0.59/255.255.255.255 +permitted;IP.61 = 10.0.0.60/255.255.255.255 +permitted;IP.62 = 10.0.0.61/255.255.255.255 +permitted;IP.63 = 10.0.0.62/255.255.255.255 +permitted;IP.64 = 10.0.0.63/255.255.255.255 +permitted;IP.65 = 10.0.0.64/255.255.255.255 +permitted;IP.66 = 10.0.0.65/255.255.255.255 +permitted;IP.67 = 10.0.0.66/255.255.255.255 +permitted;IP.68 = 10.0.0.67/255.255.255.255 +permitted;IP.69 = 10.0.0.68/255.255.255.255 +permitted;IP.70 = 10.0.0.69/255.255.255.255 +permitted;IP.71 = 10.0.0.70/255.255.255.255 +permitted;IP.72 = 10.0.0.71/255.255.255.255 +permitted;IP.73 = 10.0.0.72/255.255.255.255 +permitted;IP.74 = 10.0.0.73/255.255.255.255 +permitted;IP.75 = 10.0.0.74/255.255.255.255 +permitted;IP.76 = 10.0.0.75/255.255.255.255 +permitted;IP.77 = 10.0.0.76/255.255.255.255 +permitted;IP.78 = 10.0.0.77/255.255.255.255 +permitted;IP.79 = 10.0.0.78/255.255.255.255 +permitted;IP.80 = 10.0.0.79/255.255.255.255 +permitted;IP.81 = 10.0.0.80/255.255.255.255 +permitted;IP.82 = 10.0.0.81/255.255.255.255 +permitted;IP.83 = 10.0.0.82/255.255.255.255 +permitted;IP.84 = 10.0.0.83/255.255.255.255 +permitted;IP.85 = 10.0.0.84/255.255.255.255 +permitted;IP.86 = 10.0.0.85/255.255.255.255 +permitted;IP.87 = 10.0.0.86/255.255.255.255 +permitted;IP.88 = 10.0.0.87/255.255.255.255 +permitted;IP.89 = 10.0.0.88/255.255.255.255 +permitted;IP.90 = 10.0.0.89/255.255.255.255 +permitted;IP.91 = 10.0.0.90/255.255.255.255 +permitted;IP.92 = 10.0.0.91/255.255.255.255 +permitted;IP.93 = 10.0.0.92/255.255.255.255 +permitted;IP.94 = 10.0.0.93/255.255.255.255 +permitted;IP.95 = 10.0.0.94/255.255.255.255 +permitted;IP.96 = 10.0.0.95/255.255.255.255 +permitted;IP.97 = 10.0.0.96/255.255.255.255 +permitted;IP.98 = 10.0.0.97/255.255.255.255 +permitted;IP.99 = 10.0.0.98/255.255.255.255 +permitted;IP.100 = 10.0.0.99/255.255.255.255 +permitted;IP.101 = 10.0.0.100/255.255.255.255 +permitted;IP.102 = 10.0.0.101/255.255.255.255 +permitted;IP.103 = 10.0.0.102/255.255.255.255 +permitted;IP.104 = 10.0.0.103/255.255.255.255 +permitted;IP.105 = 10.0.0.104/255.255.255.255 +permitted;IP.106 = 10.0.0.105/255.255.255.255 +permitted;IP.107 = 10.0.0.106/255.255.255.255 +permitted;IP.108 = 10.0.0.107/255.255.255.255 +permitted;IP.109 = 10.0.0.108/255.255.255.255 +permitted;IP.110 = 10.0.0.109/255.255.255.255 +permitted;IP.111 = 10.0.0.110/255.255.255.255 +permitted;IP.112 = 10.0.0.111/255.255.255.255 +permitted;IP.113 = 10.0.0.112/255.255.255.255 +permitted;IP.114 = 10.0.0.113/255.255.255.255 +permitted;IP.115 = 10.0.0.114/255.255.255.255 +permitted;IP.116 = 10.0.0.115/255.255.255.255 +permitted;IP.117 = 10.0.0.116/255.255.255.255 +permitted;IP.118 = 10.0.0.117/255.255.255.255 +permitted;IP.119 = 10.0.0.118/255.255.255.255 +permitted;IP.120 = 10.0.0.119/255.255.255.255 +permitted;IP.121 = 10.0.0.120/255.255.255.255 +permitted;IP.122 = 10.0.0.121/255.255.255.255 +permitted;IP.123 = 10.0.0.122/255.255.255.255 +permitted;IP.124 = 10.0.0.123/255.255.255.255 +permitted;IP.125 = 10.0.0.124/255.255.255.255 +permitted;IP.126 = 10.0.0.125/255.255.255.255 +permitted;IP.127 = 10.0.0.126/255.255.255.255 +permitted;IP.128 = 10.0.0.127/255.255.255.255 +permitted;IP.129 = 10.0.0.128/255.255.255.255 +permitted;IP.130 = 10.0.0.129/255.255.255.255 +permitted;IP.131 = 10.0.0.130/255.255.255.255 +permitted;IP.132 = 10.0.0.131/255.255.255.255 +permitted;IP.133 = 10.0.0.132/255.255.255.255 +permitted;IP.134 = 10.0.0.133/255.255.255.255 +permitted;IP.135 = 10.0.0.134/255.255.255.255 +permitted;IP.136 = 10.0.0.135/255.255.255.255 +permitted;IP.137 = 10.0.0.136/255.255.255.255 +permitted;IP.138 = 10.0.0.137/255.255.255.255 +permitted;IP.139 = 10.0.0.138/255.255.255.255 +permitted;IP.140 = 10.0.0.139/255.255.255.255 +permitted;IP.141 = 10.0.0.140/255.255.255.255 +permitted;IP.142 = 10.0.0.141/255.255.255.255 +permitted;IP.143 = 10.0.0.142/255.255.255.255 +permitted;IP.144 = 10.0.0.143/255.255.255.255 +permitted;IP.145 = 10.0.0.144/255.255.255.255 +permitted;IP.146 = 10.0.0.145/255.255.255.255 +permitted;IP.147 = 10.0.0.146/255.255.255.255 +permitted;IP.148 = 10.0.0.147/255.255.255.255 +permitted;IP.149 = 10.0.0.148/255.255.255.255 +permitted;IP.150 = 10.0.0.149/255.255.255.255 +permitted;IP.151 = 10.0.0.150/255.255.255.255 +permitted;IP.152 = 10.0.0.151/255.255.255.255 +permitted;IP.153 = 10.0.0.152/255.255.255.255 +permitted;IP.154 = 10.0.0.153/255.255.255.255 +permitted;IP.155 = 10.0.0.154/255.255.255.255 +permitted;IP.156 = 10.0.0.155/255.255.255.255 +permitted;IP.157 = 10.0.0.156/255.255.255.255 +permitted;IP.158 = 10.0.0.157/255.255.255.255 +permitted;IP.159 = 10.0.0.158/255.255.255.255 +permitted;IP.160 = 10.0.0.159/255.255.255.255 +permitted;IP.161 = 10.0.0.160/255.255.255.255 +permitted;IP.162 = 10.0.0.161/255.255.255.255 +permitted;IP.163 = 10.0.0.162/255.255.255.255 +permitted;IP.164 = 10.0.0.163/255.255.255.255 +permitted;IP.165 = 10.0.0.164/255.255.255.255 +permitted;IP.166 = 10.0.0.165/255.255.255.255 +permitted;IP.167 = 10.0.0.166/255.255.255.255 +permitted;IP.168 = 10.0.0.167/255.255.255.255 +permitted;IP.169 = 10.0.0.168/255.255.255.255 +permitted;IP.170 = 10.0.0.169/255.255.255.255 +permitted;IP.171 = 10.0.0.170/255.255.255.255 +permitted;IP.172 = 10.0.0.171/255.255.255.255 +permitted;IP.173 = 10.0.0.172/255.255.255.255 +permitted;IP.174 = 10.0.0.173/255.255.255.255 +permitted;IP.175 = 10.0.0.174/255.255.255.255 +permitted;IP.176 = 10.0.0.175/255.255.255.255 +permitted;IP.177 = 10.0.0.176/255.255.255.255 +permitted;IP.178 = 10.0.0.177/255.255.255.255 +permitted;IP.179 = 10.0.0.178/255.255.255.255 +permitted;IP.180 = 10.0.0.179/255.255.255.255 +permitted;IP.181 = 10.0.0.180/255.255.255.255 +permitted;IP.182 = 10.0.0.181/255.255.255.255 +permitted;IP.183 = 10.0.0.182/255.255.255.255 +permitted;IP.184 = 10.0.0.183/255.255.255.255 +permitted;IP.185 = 10.0.0.184/255.255.255.255 +permitted;IP.186 = 10.0.0.185/255.255.255.255 +permitted;IP.187 = 10.0.0.186/255.255.255.255 +permitted;IP.188 = 10.0.0.187/255.255.255.255 +permitted;IP.189 = 10.0.0.188/255.255.255.255 +permitted;IP.190 = 10.0.0.189/255.255.255.255 +permitted;IP.191 = 10.0.0.190/255.255.255.255 +permitted;IP.192 = 10.0.0.191/255.255.255.255 +permitted;IP.193 = 10.0.0.192/255.255.255.255 +permitted;IP.194 = 10.0.0.193/255.255.255.255 +permitted;IP.195 = 10.0.0.194/255.255.255.255 +permitted;IP.196 = 10.0.0.195/255.255.255.255 +permitted;IP.197 = 10.0.0.196/255.255.255.255 +permitted;IP.198 = 10.0.0.197/255.255.255.255 +permitted;IP.199 = 10.0.0.198/255.255.255.255 +permitted;IP.200 = 10.0.0.199/255.255.255.255 +permitted;IP.201 = 10.0.0.200/255.255.255.255 +permitted;IP.202 = 10.0.0.201/255.255.255.255 +permitted;IP.203 = 10.0.0.202/255.255.255.255 +permitted;IP.204 = 10.0.0.203/255.255.255.255 +permitted;IP.205 = 10.0.0.204/255.255.255.255 +permitted;IP.206 = 10.0.0.205/255.255.255.255 +permitted;IP.207 = 10.0.0.206/255.255.255.255 +permitted;IP.208 = 10.0.0.207/255.255.255.255 +permitted;IP.209 = 10.0.0.208/255.255.255.255 +permitted;IP.210 = 10.0.0.209/255.255.255.255 +permitted;IP.211 = 10.0.0.210/255.255.255.255 +permitted;IP.212 = 10.0.0.211/255.255.255.255 +permitted;IP.213 = 10.0.0.212/255.255.255.255 +permitted;IP.214 = 10.0.0.213/255.255.255.255 +permitted;IP.215 = 10.0.0.214/255.255.255.255 +permitted;IP.216 = 10.0.0.215/255.255.255.255 +permitted;IP.217 = 10.0.0.216/255.255.255.255 +permitted;IP.218 = 10.0.0.217/255.255.255.255 +permitted;IP.219 = 10.0.0.218/255.255.255.255 +permitted;IP.220 = 10.0.0.219/255.255.255.255 +permitted;IP.221 = 10.0.0.220/255.255.255.255 +permitted;IP.222 = 10.0.0.221/255.255.255.255 +permitted;IP.223 = 10.0.0.222/255.255.255.255 +permitted;IP.224 = 10.0.0.223/255.255.255.255 +permitted;IP.225 = 10.0.0.224/255.255.255.255 +permitted;IP.226 = 10.0.0.225/255.255.255.255 +permitted;IP.227 = 10.0.0.226/255.255.255.255 +permitted;IP.228 = 10.0.0.227/255.255.255.255 +permitted;IP.229 = 10.0.0.228/255.255.255.255 +permitted;IP.230 = 10.0.0.229/255.255.255.255 +permitted;IP.231 = 10.0.0.230/255.255.255.255 +permitted;IP.232 = 10.0.0.231/255.255.255.255 +permitted;IP.233 = 10.0.0.232/255.255.255.255 +permitted;IP.234 = 10.0.0.233/255.255.255.255 +permitted;IP.235 = 10.0.0.234/255.255.255.255 +permitted;IP.236 = 10.0.0.235/255.255.255.255 +permitted;IP.237 = 10.0.0.236/255.255.255.255 +permitted;IP.238 = 10.0.0.237/255.255.255.255 +permitted;IP.239 = 10.0.0.238/255.255.255.255 +permitted;IP.240 = 10.0.0.239/255.255.255.255 +permitted;IP.241 = 10.0.0.240/255.255.255.255 +permitted;IP.242 = 10.0.0.241/255.255.255.255 +permitted;IP.243 = 10.0.0.242/255.255.255.255 +permitted;IP.244 = 10.0.0.243/255.255.255.255 +permitted;IP.245 = 10.0.0.244/255.255.255.255 +permitted;IP.246 = 10.0.0.245/255.255.255.255 +permitted;IP.247 = 10.0.0.246/255.255.255.255 +permitted;IP.248 = 10.0.0.247/255.255.255.255 +permitted;IP.249 = 10.0.0.248/255.255.255.255 +permitted;IP.250 = 10.0.0.249/255.255.255.255 +permitted;IP.251 = 10.0.0.250/255.255.255.255 +permitted;IP.252 = 10.0.0.251/255.255.255.255 +permitted;IP.253 = 10.0.0.252/255.255.255.255 +permitted;IP.254 = 10.0.0.253/255.255.255.255 +permitted;IP.255 = 10.0.0.254/255.255.255.255 +permitted;IP.256 = 10.0.0.255/255.255.255.255 +permitted;IP.257 = 10.0.1.0/255.255.255.255 +permitted;IP.258 = 10.0.1.1/255.255.255.255 +permitted;IP.259 = 10.0.1.2/255.255.255.255 +permitted;IP.260 = 10.0.1.3/255.255.255.255 +permitted;IP.261 = 10.0.1.4/255.255.255.255 +permitted;IP.262 = 10.0.1.5/255.255.255.255 +permitted;IP.263 = 10.0.1.6/255.255.255.255 +permitted;IP.264 = 10.0.1.7/255.255.255.255 +permitted;IP.265 = 10.0.1.8/255.255.255.255 +permitted;IP.266 = 10.0.1.9/255.255.255.255 +permitted;IP.267 = 10.0.1.10/255.255.255.255 +permitted;IP.268 = 10.0.1.11/255.255.255.255 +permitted;IP.269 = 10.0.1.12/255.255.255.255 +permitted;IP.270 = 10.0.1.13/255.255.255.255 +permitted;IP.271 = 10.0.1.14/255.255.255.255 +permitted;IP.272 = 10.0.1.15/255.255.255.255 +permitted;IP.273 = 10.0.1.16/255.255.255.255 +permitted;IP.274 = 10.0.1.17/255.255.255.255 +permitted;IP.275 = 10.0.1.18/255.255.255.255 +permitted;IP.276 = 10.0.1.19/255.255.255.255 +permitted;IP.277 = 10.0.1.20/255.255.255.255 +permitted;IP.278 = 10.0.1.21/255.255.255.255 +permitted;IP.279 = 10.0.1.22/255.255.255.255 +permitted;IP.280 = 10.0.1.23/255.255.255.255 +permitted;IP.281 = 10.0.1.24/255.255.255.255 +permitted;IP.282 = 10.0.1.25/255.255.255.255 +permitted;IP.283 = 10.0.1.26/255.255.255.255 +permitted;IP.284 = 10.0.1.27/255.255.255.255 +permitted;IP.285 = 10.0.1.28/255.255.255.255 +permitted;IP.286 = 10.0.1.29/255.255.255.255 +permitted;IP.287 = 10.0.1.30/255.255.255.255 +permitted;IP.288 = 10.0.1.31/255.255.255.255 +permitted;IP.289 = 10.0.1.32/255.255.255.255 +permitted;IP.290 = 10.0.1.33/255.255.255.255 +permitted;IP.291 = 10.0.1.34/255.255.255.255 +permitted;IP.292 = 10.0.1.35/255.255.255.255 +permitted;IP.293 = 10.0.1.36/255.255.255.255 +permitted;IP.294 = 10.0.1.37/255.255.255.255 +permitted;IP.295 = 10.0.1.38/255.255.255.255 +permitted;IP.296 = 10.0.1.39/255.255.255.255 +permitted;IP.297 = 10.0.1.40/255.255.255.255 +permitted;IP.298 = 10.0.1.41/255.255.255.255 +permitted;IP.299 = 10.0.1.42/255.255.255.255 +permitted;IP.300 = 10.0.1.43/255.255.255.255 +permitted;IP.301 = 10.0.1.44/255.255.255.255 +permitted;IP.302 = 10.0.1.45/255.255.255.255 +permitted;IP.303 = 10.0.1.46/255.255.255.255 +permitted;IP.304 = 10.0.1.47/255.255.255.255 +permitted;IP.305 = 10.0.1.48/255.255.255.255 +permitted;IP.306 = 10.0.1.49/255.255.255.255 +permitted;IP.307 = 10.0.1.50/255.255.255.255 +permitted;IP.308 = 10.0.1.51/255.255.255.255 +permitted;IP.309 = 10.0.1.52/255.255.255.255 +permitted;IP.310 = 10.0.1.53/255.255.255.255 +permitted;IP.311 = 10.0.1.54/255.255.255.255 +permitted;IP.312 = 10.0.1.55/255.255.255.255 +permitted;IP.313 = 10.0.1.56/255.255.255.255 +permitted;IP.314 = 10.0.1.57/255.255.255.255 +permitted;IP.315 = 10.0.1.58/255.255.255.255 +permitted;IP.316 = 10.0.1.59/255.255.255.255 +permitted;IP.317 = 10.0.1.60/255.255.255.255 +permitted;IP.318 = 10.0.1.61/255.255.255.255 +permitted;IP.319 = 10.0.1.62/255.255.255.255 +permitted;IP.320 = 10.0.1.63/255.255.255.255 +permitted;IP.321 = 10.0.1.64/255.255.255.255 +permitted;IP.322 = 10.0.1.65/255.255.255.255 +permitted;IP.323 = 10.0.1.66/255.255.255.255 +permitted;IP.324 = 10.0.1.67/255.255.255.255 +permitted;IP.325 = 10.0.1.68/255.255.255.255 +permitted;IP.326 = 10.0.1.69/255.255.255.255 +permitted;IP.327 = 10.0.1.70/255.255.255.255 +permitted;IP.328 = 10.0.1.71/255.255.255.255 +permitted;IP.329 = 10.0.1.72/255.255.255.255 +permitted;IP.330 = 10.0.1.73/255.255.255.255 +permitted;IP.331 = 10.0.1.74/255.255.255.255 +permitted;IP.332 = 10.0.1.75/255.255.255.255 +permitted;IP.333 = 10.0.1.76/255.255.255.255 +permitted;IP.334 = 10.0.1.77/255.255.255.255 +permitted;IP.335 = 10.0.1.78/255.255.255.255 +permitted;IP.336 = 10.0.1.79/255.255.255.255 +permitted;IP.337 = 10.0.1.80/255.255.255.255 +permitted;IP.338 = 10.0.1.81/255.255.255.255 +permitted;IP.339 = 10.0.1.82/255.255.255.255 +permitted;IP.340 = 10.0.1.83/255.255.255.255 +permitted;IP.341 = 10.0.1.84/255.255.255.255 +permitted;IP.342 = 10.0.1.85/255.255.255.255 +permitted;IP.343 = 10.0.1.86/255.255.255.255 +permitted;IP.344 = 10.0.1.87/255.255.255.255 +permitted;IP.345 = 10.0.1.88/255.255.255.255 +permitted;IP.346 = 10.0.1.89/255.255.255.255 +permitted;IP.347 = 10.0.1.90/255.255.255.255 +permitted;IP.348 = 10.0.1.91/255.255.255.255 +permitted;IP.349 = 10.0.1.92/255.255.255.255 +permitted;IP.350 = 10.0.1.93/255.255.255.255 +permitted;IP.351 = 10.0.1.94/255.255.255.255 +permitted;IP.352 = 10.0.1.95/255.255.255.255 +permitted;IP.353 = 10.0.1.96/255.255.255.255 +permitted;IP.354 = 10.0.1.97/255.255.255.255 +permitted;IP.355 = 10.0.1.98/255.255.255.255 +permitted;IP.356 = 10.0.1.99/255.255.255.255 +permitted;IP.357 = 10.0.1.100/255.255.255.255 +permitted;IP.358 = 10.0.1.101/255.255.255.255 +permitted;IP.359 = 10.0.1.102/255.255.255.255 +permitted;IP.360 = 10.0.1.103/255.255.255.255 +permitted;IP.361 = 10.0.1.104/255.255.255.255 +permitted;IP.362 = 10.0.1.105/255.255.255.255 +permitted;IP.363 = 10.0.1.106/255.255.255.255 +permitted;IP.364 = 10.0.1.107/255.255.255.255 +permitted;IP.365 = 10.0.1.108/255.255.255.255 +permitted;IP.366 = 10.0.1.109/255.255.255.255 +permitted;IP.367 = 10.0.1.110/255.255.255.255 +permitted;IP.368 = 10.0.1.111/255.255.255.255 +permitted;IP.369 = 10.0.1.112/255.255.255.255 +permitted;IP.370 = 10.0.1.113/255.255.255.255 +permitted;IP.371 = 10.0.1.114/255.255.255.255 +permitted;IP.372 = 10.0.1.115/255.255.255.255 +permitted;IP.373 = 10.0.1.116/255.255.255.255 +permitted;IP.374 = 10.0.1.117/255.255.255.255 +permitted;IP.375 = 10.0.1.118/255.255.255.255 +permitted;IP.376 = 10.0.1.119/255.255.255.255 +permitted;IP.377 = 10.0.1.120/255.255.255.255 +permitted;IP.378 = 10.0.1.121/255.255.255.255 +permitted;IP.379 = 10.0.1.122/255.255.255.255 +permitted;IP.380 = 10.0.1.123/255.255.255.255 +permitted;IP.381 = 10.0.1.124/255.255.255.255 +permitted;IP.382 = 10.0.1.125/255.255.255.255 +permitted;IP.383 = 10.0.1.126/255.255.255.255 +permitted;IP.384 = 10.0.1.127/255.255.255.255 +permitted;IP.385 = 10.0.1.128/255.255.255.255 +permitted;IP.386 = 10.0.1.129/255.255.255.255 +permitted;IP.387 = 10.0.1.130/255.255.255.255 +permitted;IP.388 = 10.0.1.131/255.255.255.255 +permitted;IP.389 = 10.0.1.132/255.255.255.255 +permitted;IP.390 = 10.0.1.133/255.255.255.255 +permitted;IP.391 = 10.0.1.134/255.255.255.255 +permitted;IP.392 = 10.0.1.135/255.255.255.255 +permitted;IP.393 = 10.0.1.136/255.255.255.255 +permitted;IP.394 = 10.0.1.137/255.255.255.255 +permitted;IP.395 = 10.0.1.138/255.255.255.255 +permitted;IP.396 = 10.0.1.139/255.255.255.255 +permitted;IP.397 = 10.0.1.140/255.255.255.255 +permitted;IP.398 = 10.0.1.141/255.255.255.255 +permitted;IP.399 = 10.0.1.142/255.255.255.255 +permitted;IP.400 = 10.0.1.143/255.255.255.255 +permitted;IP.401 = 10.0.1.144/255.255.255.255 +permitted;IP.402 = 10.0.1.145/255.255.255.255 +permitted;IP.403 = 10.0.1.146/255.255.255.255 +permitted;IP.404 = 10.0.1.147/255.255.255.255 +permitted;IP.405 = 10.0.1.148/255.255.255.255 +permitted;IP.406 = 10.0.1.149/255.255.255.255 +permitted;IP.407 = 10.0.1.150/255.255.255.255 +permitted;IP.408 = 10.0.1.151/255.255.255.255 +permitted;IP.409 = 10.0.1.152/255.255.255.255 +permitted;IP.410 = 10.0.1.153/255.255.255.255 +permitted;IP.411 = 10.0.1.154/255.255.255.255 +permitted;IP.412 = 10.0.1.155/255.255.255.255 +permitted;IP.413 = 10.0.1.156/255.255.255.255 +permitted;IP.414 = 10.0.1.157/255.255.255.255 +permitted;IP.415 = 10.0.1.158/255.255.255.255 +permitted;IP.416 = 10.0.1.159/255.255.255.255 +permitted;IP.417 = 10.0.1.160/255.255.255.255 +permitted;IP.418 = 10.0.1.161/255.255.255.255 +permitted;IP.419 = 10.0.1.162/255.255.255.255 +permitted;IP.420 = 10.0.1.163/255.255.255.255 +permitted;IP.421 = 10.0.1.164/255.255.255.255 +permitted;IP.422 = 10.0.1.165/255.255.255.255 +permitted;IP.423 = 10.0.1.166/255.255.255.255 +permitted;IP.424 = 10.0.1.167/255.255.255.255 +permitted;IP.425 = 10.0.1.168/255.255.255.255 +permitted;IP.426 = 10.0.1.169/255.255.255.255 +permitted;IP.427 = 10.0.1.170/255.255.255.255 +permitted;IP.428 = 10.0.1.171/255.255.255.255 +permitted;IP.429 = 10.0.1.172/255.255.255.255 +permitted;IP.430 = 10.0.1.173/255.255.255.255 +permitted;IP.431 = 10.0.1.174/255.255.255.255 +permitted;IP.432 = 10.0.1.175/255.255.255.255 +permitted;IP.433 = 10.0.1.176/255.255.255.255 +permitted;IP.434 = 10.0.1.177/255.255.255.255 +permitted;IP.435 = 10.0.1.178/255.255.255.255 +permitted;IP.436 = 10.0.1.179/255.255.255.255 +permitted;IP.437 = 10.0.1.180/255.255.255.255 +permitted;IP.438 = 10.0.1.181/255.255.255.255 +permitted;IP.439 = 10.0.1.182/255.255.255.255 +permitted;IP.440 = 10.0.1.183/255.255.255.255 +permitted;IP.441 = 10.0.1.184/255.255.255.255 +permitted;IP.442 = 10.0.1.185/255.255.255.255 +permitted;IP.443 = 10.0.1.186/255.255.255.255 +permitted;IP.444 = 10.0.1.187/255.255.255.255 +permitted;IP.445 = 10.0.1.188/255.255.255.255 +permitted;IP.446 = 10.0.1.189/255.255.255.255 +permitted;IP.447 = 10.0.1.190/255.255.255.255 +permitted;IP.448 = 10.0.1.191/255.255.255.255 +permitted;IP.449 = 10.0.1.192/255.255.255.255 +permitted;IP.450 = 10.0.1.193/255.255.255.255 +permitted;IP.451 = 10.0.1.194/255.255.255.255 +permitted;IP.452 = 10.0.1.195/255.255.255.255 +permitted;IP.453 = 10.0.1.196/255.255.255.255 +permitted;IP.454 = 10.0.1.197/255.255.255.255 +permitted;IP.455 = 10.0.1.198/255.255.255.255 +permitted;IP.456 = 10.0.1.199/255.255.255.255 +permitted;IP.457 = 10.0.1.200/255.255.255.255 +permitted;IP.458 = 10.0.1.201/255.255.255.255 +permitted;IP.459 = 10.0.1.202/255.255.255.255 +permitted;IP.460 = 10.0.1.203/255.255.255.255 +permitted;IP.461 = 10.0.1.204/255.255.255.255 +permitted;IP.462 = 10.0.1.205/255.255.255.255 +permitted;IP.463 = 10.0.1.206/255.255.255.255 +permitted;IP.464 = 10.0.1.207/255.255.255.255 +permitted;IP.465 = 10.0.1.208/255.255.255.255 +permitted;IP.466 = 10.0.1.209/255.255.255.255 +permitted;IP.467 = 10.0.1.210/255.255.255.255 +permitted;IP.468 = 10.0.1.211/255.255.255.255 +permitted;IP.469 = 10.0.1.212/255.255.255.255 +permitted;IP.470 = 10.0.1.213/255.255.255.255 +permitted;IP.471 = 10.0.1.214/255.255.255.255 +permitted;IP.472 = 10.0.1.215/255.255.255.255 +permitted;IP.473 = 10.0.1.216/255.255.255.255 +permitted;IP.474 = 10.0.1.217/255.255.255.255 +permitted;IP.475 = 10.0.1.218/255.255.255.255 +permitted;IP.476 = 10.0.1.219/255.255.255.255 +permitted;IP.477 = 10.0.1.220/255.255.255.255 +permitted;IP.478 = 10.0.1.221/255.255.255.255 +permitted;IP.479 = 10.0.1.222/255.255.255.255 +permitted;IP.480 = 10.0.1.223/255.255.255.255 +permitted;IP.481 = 10.0.1.224/255.255.255.255 +permitted;IP.482 = 10.0.1.225/255.255.255.255 +permitted;IP.483 = 10.0.1.226/255.255.255.255 +permitted;IP.484 = 10.0.1.227/255.255.255.255 +permitted;IP.485 = 10.0.1.228/255.255.255.255 +permitted;IP.486 = 10.0.1.229/255.255.255.255 +permitted;IP.487 = 10.0.1.230/255.255.255.255 +permitted;IP.488 = 10.0.1.231/255.255.255.255 +permitted;IP.489 = 10.0.1.232/255.255.255.255 +permitted;IP.490 = 10.0.1.233/255.255.255.255 +permitted;IP.491 = 10.0.1.234/255.255.255.255 +permitted;IP.492 = 10.0.1.235/255.255.255.255 +permitted;IP.493 = 10.0.1.236/255.255.255.255 +permitted;IP.494 = 10.0.1.237/255.255.255.255 +permitted;IP.495 = 10.0.1.238/255.255.255.255 +permitted;IP.496 = 10.0.1.239/255.255.255.255 +permitted;IP.497 = 10.0.1.240/255.255.255.255 +permitted;IP.498 = 10.0.1.241/255.255.255.255 +permitted;IP.499 = 10.0.1.242/255.255.255.255 +permitted;IP.500 = 10.0.1.243/255.255.255.255 +permitted;IP.501 = 10.0.1.244/255.255.255.255 +permitted;IP.502 = 10.0.1.245/255.255.255.255 +permitted;IP.503 = 10.0.1.246/255.255.255.255 +permitted;IP.504 = 10.0.1.247/255.255.255.255 +permitted;IP.505 = 10.0.1.248/255.255.255.255 +permitted;IP.506 = 10.0.1.249/255.255.255.255 +permitted;IP.507 = 10.0.1.250/255.255.255.255 +permitted;IP.508 = 10.0.1.251/255.255.255.255 +permitted;IP.509 = 10.0.1.252/255.255.255.255 +permitted;IP.510 = 10.0.1.253/255.255.255.255 +permitted;IP.511 = 10.0.1.254/255.255.255.255 +permitted;IP.512 = 10.0.1.255/255.255.255.255 +permitted;IP.513 = 10.0.2.0/255.255.255.255 +permitted;IP.514 = 10.0.2.1/255.255.255.255 +permitted;IP.515 = 10.0.2.2/255.255.255.255 +permitted;IP.516 = 10.0.2.3/255.255.255.255 +permitted;IP.517 = 10.0.2.4/255.255.255.255 +permitted;IP.518 = 10.0.2.5/255.255.255.255 +permitted;IP.519 = 10.0.2.6/255.255.255.255 +permitted;IP.520 = 10.0.2.7/255.255.255.255 +permitted;IP.521 = 10.0.2.8/255.255.255.255 +permitted;IP.522 = 10.0.2.9/255.255.255.255 +permitted;IP.523 = 10.0.2.10/255.255.255.255 +permitted;IP.524 = 10.0.2.11/255.255.255.255 +permitted;IP.525 = 10.0.2.12/255.255.255.255 +permitted;IP.526 = 10.0.2.13/255.255.255.255 +permitted;IP.527 = 10.0.2.14/255.255.255.255 +permitted;IP.528 = 10.0.2.15/255.255.255.255 +permitted;IP.529 = 10.0.2.16/255.255.255.255 +permitted;IP.530 = 10.0.2.17/255.255.255.255 +permitted;IP.531 = 10.0.2.18/255.255.255.255 +permitted;IP.532 = 10.0.2.19/255.255.255.255 +permitted;IP.533 = 10.0.2.20/255.255.255.255 +permitted;IP.534 = 10.0.2.21/255.255.255.255 +permitted;IP.535 = 10.0.2.22/255.255.255.255 +permitted;IP.536 = 10.0.2.23/255.255.255.255 +permitted;IP.537 = 10.0.2.24/255.255.255.255 +permitted;IP.538 = 10.0.2.25/255.255.255.255 +permitted;IP.539 = 10.0.2.26/255.255.255.255 +permitted;IP.540 = 10.0.2.27/255.255.255.255 +permitted;IP.541 = 10.0.2.28/255.255.255.255 +permitted;IP.542 = 10.0.2.29/255.255.255.255 +permitted;IP.543 = 10.0.2.30/255.255.255.255 +permitted;IP.544 = 10.0.2.31/255.255.255.255 +permitted;IP.545 = 10.0.2.32/255.255.255.255 +permitted;IP.546 = 10.0.2.33/255.255.255.255 +permitted;IP.547 = 10.0.2.34/255.255.255.255 +permitted;IP.548 = 10.0.2.35/255.255.255.255 +permitted;IP.549 = 10.0.2.36/255.255.255.255 +permitted;IP.550 = 10.0.2.37/255.255.255.255 +permitted;IP.551 = 10.0.2.38/255.255.255.255 +permitted;IP.552 = 10.0.2.39/255.255.255.255 +permitted;IP.553 = 10.0.2.40/255.255.255.255 +permitted;IP.554 = 10.0.2.41/255.255.255.255 +permitted;IP.555 = 10.0.2.42/255.255.255.255 +permitted;IP.556 = 10.0.2.43/255.255.255.255 +permitted;IP.557 = 10.0.2.44/255.255.255.255 +permitted;IP.558 = 10.0.2.45/255.255.255.255 +permitted;IP.559 = 10.0.2.46/255.255.255.255 +permitted;IP.560 = 10.0.2.47/255.255.255.255 +permitted;IP.561 = 10.0.2.48/255.255.255.255 +permitted;IP.562 = 10.0.2.49/255.255.255.255 +permitted;IP.563 = 10.0.2.50/255.255.255.255 +permitted;IP.564 = 10.0.2.51/255.255.255.255 +permitted;IP.565 = 10.0.2.52/255.255.255.255 +permitted;IP.566 = 10.0.2.53/255.255.255.255 +permitted;IP.567 = 10.0.2.54/255.255.255.255 +permitted;IP.568 = 10.0.2.55/255.255.255.255 +permitted;IP.569 = 10.0.2.56/255.255.255.255 +permitted;IP.570 = 10.0.2.57/255.255.255.255 +permitted;IP.571 = 10.0.2.58/255.255.255.255 +permitted;IP.572 = 10.0.2.59/255.255.255.255 +permitted;IP.573 = 10.0.2.60/255.255.255.255 +permitted;IP.574 = 10.0.2.61/255.255.255.255 +permitted;IP.575 = 10.0.2.62/255.255.255.255 +permitted;IP.576 = 10.0.2.63/255.255.255.255 +permitted;IP.577 = 10.0.2.64/255.255.255.255 +permitted;IP.578 = 10.0.2.65/255.255.255.255 +permitted;IP.579 = 10.0.2.66/255.255.255.255 +permitted;IP.580 = 10.0.2.67/255.255.255.255 +permitted;IP.581 = 10.0.2.68/255.255.255.255 +permitted;IP.582 = 10.0.2.69/255.255.255.255 +permitted;IP.583 = 10.0.2.70/255.255.255.255 +permitted;IP.584 = 10.0.2.71/255.255.255.255 +permitted;IP.585 = 10.0.2.72/255.255.255.255 +permitted;IP.586 = 10.0.2.73/255.255.255.255 +permitted;IP.587 = 10.0.2.74/255.255.255.255 +permitted;IP.588 = 10.0.2.75/255.255.255.255 +permitted;IP.589 = 10.0.2.76/255.255.255.255 +permitted;IP.590 = 10.0.2.77/255.255.255.255 +permitted;IP.591 = 10.0.2.78/255.255.255.255 +permitted;IP.592 = 10.0.2.79/255.255.255.255 +permitted;IP.593 = 10.0.2.80/255.255.255.255 +permitted;IP.594 = 10.0.2.81/255.255.255.255 +permitted;IP.595 = 10.0.2.82/255.255.255.255 +permitted;IP.596 = 10.0.2.83/255.255.255.255 +permitted;IP.597 = 10.0.2.84/255.255.255.255 +permitted;IP.598 = 10.0.2.85/255.255.255.255 +permitted;IP.599 = 10.0.2.86/255.255.255.255 +permitted;IP.600 = 10.0.2.87/255.255.255.255 +permitted;IP.601 = 10.0.2.88/255.255.255.255 +permitted;IP.602 = 10.0.2.89/255.255.255.255 +permitted;IP.603 = 10.0.2.90/255.255.255.255 +permitted;IP.604 = 10.0.2.91/255.255.255.255 +permitted;IP.605 = 10.0.2.92/255.255.255.255 +permitted;IP.606 = 10.0.2.93/255.255.255.255 +permitted;IP.607 = 10.0.2.94/255.255.255.255 +permitted;IP.608 = 10.0.2.95/255.255.255.255 +permitted;IP.609 = 10.0.2.96/255.255.255.255 +permitted;IP.610 = 10.0.2.97/255.255.255.255 +permitted;IP.611 = 10.0.2.98/255.255.255.255 +permitted;IP.612 = 10.0.2.99/255.255.255.255 +permitted;IP.613 = 10.0.2.100/255.255.255.255 +permitted;IP.614 = 10.0.2.101/255.255.255.255 +permitted;IP.615 = 10.0.2.102/255.255.255.255 +permitted;IP.616 = 10.0.2.103/255.255.255.255 +permitted;IP.617 = 10.0.2.104/255.255.255.255 +permitted;IP.618 = 10.0.2.105/255.255.255.255 +permitted;IP.619 = 10.0.2.106/255.255.255.255 +permitted;IP.620 = 10.0.2.107/255.255.255.255 +permitted;IP.621 = 10.0.2.108/255.255.255.255 +permitted;IP.622 = 10.0.2.109/255.255.255.255 +permitted;IP.623 = 10.0.2.110/255.255.255.255 +permitted;IP.624 = 10.0.2.111/255.255.255.255 +permitted;IP.625 = 10.0.2.112/255.255.255.255 +permitted;IP.626 = 10.0.2.113/255.255.255.255 +permitted;IP.627 = 10.0.2.114/255.255.255.255 +permitted;IP.628 = 10.0.2.115/255.255.255.255 +permitted;IP.629 = 10.0.2.116/255.255.255.255 +permitted;IP.630 = 10.0.2.117/255.255.255.255 +permitted;IP.631 = 10.0.2.118/255.255.255.255 +permitted;IP.632 = 10.0.2.119/255.255.255.255 +permitted;IP.633 = 10.0.2.120/255.255.255.255 +permitted;IP.634 = 10.0.2.121/255.255.255.255 +permitted;IP.635 = 10.0.2.122/255.255.255.255 +permitted;IP.636 = 10.0.2.123/255.255.255.255 +permitted;IP.637 = 10.0.2.124/255.255.255.255 +permitted;IP.638 = 10.0.2.125/255.255.255.255 +permitted;IP.639 = 10.0.2.126/255.255.255.255 +permitted;IP.640 = 10.0.2.127/255.255.255.255 +permitted;IP.641 = 10.0.2.128/255.255.255.255 +permitted;IP.642 = 10.0.2.129/255.255.255.255 +permitted;IP.643 = 10.0.2.130/255.255.255.255 +permitted;IP.644 = 10.0.2.131/255.255.255.255 +permitted;IP.645 = 10.0.2.132/255.255.255.255 +permitted;IP.646 = 10.0.2.133/255.255.255.255 +permitted;IP.647 = 10.0.2.134/255.255.255.255 +permitted;IP.648 = 10.0.2.135/255.255.255.255 +permitted;IP.649 = 10.0.2.136/255.255.255.255 +permitted;IP.650 = 10.0.2.137/255.255.255.255 +permitted;IP.651 = 10.0.2.138/255.255.255.255 +permitted;IP.652 = 10.0.2.139/255.255.255.255 +permitted;IP.653 = 10.0.2.140/255.255.255.255 +permitted;IP.654 = 10.0.2.141/255.255.255.255 +permitted;IP.655 = 10.0.2.142/255.255.255.255 +permitted;IP.656 = 10.0.2.143/255.255.255.255 +permitted;IP.657 = 10.0.2.144/255.255.255.255 +permitted;IP.658 = 10.0.2.145/255.255.255.255 +permitted;IP.659 = 10.0.2.146/255.255.255.255 +permitted;IP.660 = 10.0.2.147/255.255.255.255 +permitted;IP.661 = 10.0.2.148/255.255.255.255 +permitted;IP.662 = 10.0.2.149/255.255.255.255 +permitted;IP.663 = 10.0.2.150/255.255.255.255 +permitted;IP.664 = 10.0.2.151/255.255.255.255 +permitted;IP.665 = 10.0.2.152/255.255.255.255 +permitted;IP.666 = 10.0.2.153/255.255.255.255 +permitted;IP.667 = 10.0.2.154/255.255.255.255 +permitted;IP.668 = 10.0.2.155/255.255.255.255 +permitted;IP.669 = 10.0.2.156/255.255.255.255 +permitted;IP.670 = 10.0.2.157/255.255.255.255 +permitted;IP.671 = 10.0.2.158/255.255.255.255 +permitted;IP.672 = 10.0.2.159/255.255.255.255 +permitted;IP.673 = 10.0.2.160/255.255.255.255 +permitted;IP.674 = 10.0.2.161/255.255.255.255 +permitted;IP.675 = 10.0.2.162/255.255.255.255 +permitted;IP.676 = 10.0.2.163/255.255.255.255 +permitted;IP.677 = 10.0.2.164/255.255.255.255 +permitted;IP.678 = 10.0.2.165/255.255.255.255 +permitted;IP.679 = 10.0.2.166/255.255.255.255 +permitted;IP.680 = 10.0.2.167/255.255.255.255 +permitted;IP.681 = 10.0.2.168/255.255.255.255 +permitted;IP.682 = 10.0.2.169/255.255.255.255 +permitted;IP.683 = 10.0.2.170/255.255.255.255 +permitted;IP.684 = 10.0.2.171/255.255.255.255 +permitted;IP.685 = 10.0.2.172/255.255.255.255 +permitted;IP.686 = 10.0.2.173/255.255.255.255 +permitted;IP.687 = 10.0.2.174/255.255.255.255 +permitted;IP.688 = 10.0.2.175/255.255.255.255 +permitted;IP.689 = 10.0.2.176/255.255.255.255 +permitted;IP.690 = 10.0.2.177/255.255.255.255 +permitted;IP.691 = 10.0.2.178/255.255.255.255 +permitted;IP.692 = 10.0.2.179/255.255.255.255 +permitted;IP.693 = 10.0.2.180/255.255.255.255 +permitted;IP.694 = 10.0.2.181/255.255.255.255 +permitted;IP.695 = 10.0.2.182/255.255.255.255 +permitted;IP.696 = 10.0.2.183/255.255.255.255 +permitted;IP.697 = 10.0.2.184/255.255.255.255 +permitted;IP.698 = 10.0.2.185/255.255.255.255 +permitted;IP.699 = 10.0.2.186/255.255.255.255 +permitted;IP.700 = 10.0.2.187/255.255.255.255 +permitted;IP.701 = 10.0.2.188/255.255.255.255 +permitted;IP.702 = 10.0.2.189/255.255.255.255 +permitted;IP.703 = 10.0.2.190/255.255.255.255 +permitted;IP.704 = 10.0.2.191/255.255.255.255 +permitted;IP.705 = 10.0.2.192/255.255.255.255 +permitted;IP.706 = 10.0.2.193/255.255.255.255 +permitted;IP.707 = 10.0.2.194/255.255.255.255 +permitted;IP.708 = 10.0.2.195/255.255.255.255 +permitted;IP.709 = 10.0.2.196/255.255.255.255 +permitted;IP.710 = 10.0.2.197/255.255.255.255 +permitted;IP.711 = 10.0.2.198/255.255.255.255 +permitted;IP.712 = 10.0.2.199/255.255.255.255 +permitted;IP.713 = 10.0.2.200/255.255.255.255 +permitted;IP.714 = 10.0.2.201/255.255.255.255 +permitted;IP.715 = 10.0.2.202/255.255.255.255 +permitted;IP.716 = 10.0.2.203/255.255.255.255 +permitted;IP.717 = 10.0.2.204/255.255.255.255 +permitted;IP.718 = 10.0.2.205/255.255.255.255 +permitted;IP.719 = 10.0.2.206/255.255.255.255 +permitted;IP.720 = 10.0.2.207/255.255.255.255 +permitted;IP.721 = 10.0.2.208/255.255.255.255 +permitted;IP.722 = 10.0.2.209/255.255.255.255 +permitted;IP.723 = 10.0.2.210/255.255.255.255 +permitted;IP.724 = 10.0.2.211/255.255.255.255 +permitted;IP.725 = 10.0.2.212/255.255.255.255 +permitted;IP.726 = 10.0.2.213/255.255.255.255 +permitted;IP.727 = 10.0.2.214/255.255.255.255 +permitted;IP.728 = 10.0.2.215/255.255.255.255 +permitted;IP.729 = 10.0.2.216/255.255.255.255 +permitted;IP.730 = 10.0.2.217/255.255.255.255 +permitted;IP.731 = 10.0.2.218/255.255.255.255 +permitted;IP.732 = 10.0.2.219/255.255.255.255 +permitted;IP.733 = 10.0.2.220/255.255.255.255 +permitted;IP.734 = 10.0.2.221/255.255.255.255 +permitted;IP.735 = 10.0.2.222/255.255.255.255 +permitted;IP.736 = 10.0.2.223/255.255.255.255 +permitted;IP.737 = 10.0.2.224/255.255.255.255 +permitted;IP.738 = 10.0.2.225/255.255.255.255 +permitted;IP.739 = 10.0.2.226/255.255.255.255 +permitted;IP.740 = 10.0.2.227/255.255.255.255 +permitted;IP.741 = 10.0.2.228/255.255.255.255 +permitted;IP.742 = 10.0.2.229/255.255.255.255 +permitted;IP.743 = 10.0.2.230/255.255.255.255 +permitted;IP.744 = 10.0.2.231/255.255.255.255 +permitted;IP.745 = 10.0.2.232/255.255.255.255 +permitted;IP.746 = 10.0.2.233/255.255.255.255 +permitted;IP.747 = 10.0.2.234/255.255.255.255 +permitted;IP.748 = 10.0.2.235/255.255.255.255 +permitted;IP.749 = 10.0.2.236/255.255.255.255 +permitted;IP.750 = 10.0.2.237/255.255.255.255 +permitted;IP.751 = 10.0.2.238/255.255.255.255 +permitted;IP.752 = 10.0.2.239/255.255.255.255 +permitted;IP.753 = 10.0.2.240/255.255.255.255 +permitted;IP.754 = 10.0.2.241/255.255.255.255 +permitted;IP.755 = 10.0.2.242/255.255.255.255 +permitted;IP.756 = 10.0.2.243/255.255.255.255 +permitted;IP.757 = 10.0.2.244/255.255.255.255 +permitted;IP.758 = 10.0.2.245/255.255.255.255 +permitted;IP.759 = 10.0.2.246/255.255.255.255 +permitted;IP.760 = 10.0.2.247/255.255.255.255 +permitted;IP.761 = 10.0.2.248/255.255.255.255 +permitted;IP.762 = 10.0.2.249/255.255.255.255 +permitted;IP.763 = 10.0.2.250/255.255.255.255 +permitted;IP.764 = 10.0.2.251/255.255.255.255 +permitted;IP.765 = 10.0.2.252/255.255.255.255 +permitted;IP.766 = 10.0.2.253/255.255.255.255 +permitted;IP.767 = 10.0.2.254/255.255.255.255 +permitted;IP.768 = 10.0.2.255/255.255.255.255 +permitted;IP.769 = 10.0.3.0/255.255.255.255 +permitted;IP.770 = 10.0.3.1/255.255.255.255 +permitted;IP.771 = 10.0.3.2/255.255.255.255 +permitted;IP.772 = 10.0.3.3/255.255.255.255 +permitted;IP.773 = 10.0.3.4/255.255.255.255 +permitted;IP.774 = 10.0.3.5/255.255.255.255 +permitted;IP.775 = 10.0.3.6/255.255.255.255 +permitted;IP.776 = 10.0.3.7/255.255.255.255 +permitted;IP.777 = 10.0.3.8/255.255.255.255 +permitted;IP.778 = 10.0.3.9/255.255.255.255 +permitted;IP.779 = 10.0.3.10/255.255.255.255 +permitted;IP.780 = 10.0.3.11/255.255.255.255 +permitted;IP.781 = 10.0.3.12/255.255.255.255 +permitted;IP.782 = 10.0.3.13/255.255.255.255 +permitted;IP.783 = 10.0.3.14/255.255.255.255 +permitted;IP.784 = 10.0.3.15/255.255.255.255 +permitted;IP.785 = 10.0.3.16/255.255.255.255 +permitted;IP.786 = 10.0.3.17/255.255.255.255 +permitted;IP.787 = 10.0.3.18/255.255.255.255 +permitted;IP.788 = 10.0.3.19/255.255.255.255 +permitted;IP.789 = 10.0.3.20/255.255.255.255 +permitted;IP.790 = 10.0.3.21/255.255.255.255 +permitted;IP.791 = 10.0.3.22/255.255.255.255 +permitted;IP.792 = 10.0.3.23/255.255.255.255 +permitted;IP.793 = 10.0.3.24/255.255.255.255 +permitted;IP.794 = 10.0.3.25/255.255.255.255 +permitted;IP.795 = 10.0.3.26/255.255.255.255 +permitted;IP.796 = 10.0.3.27/255.255.255.255 +permitted;IP.797 = 10.0.3.28/255.255.255.255 +permitted;IP.798 = 10.0.3.29/255.255.255.255 +permitted;IP.799 = 10.0.3.30/255.255.255.255 +permitted;IP.800 = 10.0.3.31/255.255.255.255 +permitted;IP.801 = 10.0.3.32/255.255.255.255 +permitted;IP.802 = 10.0.3.33/255.255.255.255 +permitted;IP.803 = 10.0.3.34/255.255.255.255 +permitted;IP.804 = 10.0.3.35/255.255.255.255 +permitted;IP.805 = 10.0.3.36/255.255.255.255 +permitted;IP.806 = 10.0.3.37/255.255.255.255 +permitted;IP.807 = 10.0.3.38/255.255.255.255 +permitted;IP.808 = 10.0.3.39/255.255.255.255 +permitted;IP.809 = 10.0.3.40/255.255.255.255 +permitted;IP.810 = 10.0.3.41/255.255.255.255 +permitted;IP.811 = 10.0.3.42/255.255.255.255 +permitted;IP.812 = 10.0.3.43/255.255.255.255 +permitted;IP.813 = 10.0.3.44/255.255.255.255 +permitted;IP.814 = 10.0.3.45/255.255.255.255 +permitted;IP.815 = 10.0.3.46/255.255.255.255 +permitted;IP.816 = 10.0.3.47/255.255.255.255 +permitted;IP.817 = 10.0.3.48/255.255.255.255 +permitted;IP.818 = 10.0.3.49/255.255.255.255 +permitted;IP.819 = 10.0.3.50/255.255.255.255 +permitted;IP.820 = 10.0.3.51/255.255.255.255 +permitted;IP.821 = 10.0.3.52/255.255.255.255 +permitted;IP.822 = 10.0.3.53/255.255.255.255 +permitted;IP.823 = 10.0.3.54/255.255.255.255 +permitted;IP.824 = 10.0.3.55/255.255.255.255 +permitted;IP.825 = 10.0.3.56/255.255.255.255 +permitted;IP.826 = 10.0.3.57/255.255.255.255 +permitted;IP.827 = 10.0.3.58/255.255.255.255 +permitted;IP.828 = 10.0.3.59/255.255.255.255 +permitted;IP.829 = 10.0.3.60/255.255.255.255 +permitted;IP.830 = 10.0.3.61/255.255.255.255 +permitted;IP.831 = 10.0.3.62/255.255.255.255 +permitted;IP.832 = 10.0.3.63/255.255.255.255 +permitted;IP.833 = 10.0.3.64/255.255.255.255 +permitted;IP.834 = 10.0.3.65/255.255.255.255 +permitted;IP.835 = 10.0.3.66/255.255.255.255 +permitted;IP.836 = 10.0.3.67/255.255.255.255 +permitted;IP.837 = 10.0.3.68/255.255.255.255 +permitted;IP.838 = 10.0.3.69/255.255.255.255 +permitted;IP.839 = 10.0.3.70/255.255.255.255 +permitted;IP.840 = 10.0.3.71/255.255.255.255 +permitted;IP.841 = 10.0.3.72/255.255.255.255 +permitted;IP.842 = 10.0.3.73/255.255.255.255 +permitted;IP.843 = 10.0.3.74/255.255.255.255 +permitted;IP.844 = 10.0.3.75/255.255.255.255 +permitted;IP.845 = 10.0.3.76/255.255.255.255 +permitted;IP.846 = 10.0.3.77/255.255.255.255 +permitted;IP.847 = 10.0.3.78/255.255.255.255 +permitted;IP.848 = 10.0.3.79/255.255.255.255 +permitted;IP.849 = 10.0.3.80/255.255.255.255 +permitted;IP.850 = 10.0.3.81/255.255.255.255 +permitted;IP.851 = 10.0.3.82/255.255.255.255 +permitted;IP.852 = 10.0.3.83/255.255.255.255 +permitted;IP.853 = 10.0.3.84/255.255.255.255 +permitted;IP.854 = 10.0.3.85/255.255.255.255 +permitted;IP.855 = 10.0.3.86/255.255.255.255 +permitted;IP.856 = 10.0.3.87/255.255.255.255 +permitted;IP.857 = 10.0.3.88/255.255.255.255 +permitted;IP.858 = 10.0.3.89/255.255.255.255 +permitted;IP.859 = 10.0.3.90/255.255.255.255 +permitted;IP.860 = 10.0.3.91/255.255.255.255 +permitted;IP.861 = 10.0.3.92/255.255.255.255 +permitted;IP.862 = 10.0.3.93/255.255.255.255 +permitted;IP.863 = 10.0.3.94/255.255.255.255 +permitted;IP.864 = 10.0.3.95/255.255.255.255 +permitted;IP.865 = 10.0.3.96/255.255.255.255 +permitted;IP.866 = 10.0.3.97/255.255.255.255 +permitted;IP.867 = 10.0.3.98/255.255.255.255 +permitted;IP.868 = 10.0.3.99/255.255.255.255 +permitted;IP.869 = 10.0.3.100/255.255.255.255 +permitted;IP.870 = 10.0.3.101/255.255.255.255 +permitted;IP.871 = 10.0.3.102/255.255.255.255 +permitted;IP.872 = 10.0.3.103/255.255.255.255 +permitted;IP.873 = 10.0.3.104/255.255.255.255 +permitted;IP.874 = 10.0.3.105/255.255.255.255 +permitted;IP.875 = 10.0.3.106/255.255.255.255 +permitted;IP.876 = 10.0.3.107/255.255.255.255 +permitted;IP.877 = 10.0.3.108/255.255.255.255 +permitted;IP.878 = 10.0.3.109/255.255.255.255 +permitted;IP.879 = 10.0.3.110/255.255.255.255 +permitted;IP.880 = 10.0.3.111/255.255.255.255 +permitted;IP.881 = 10.0.3.112/255.255.255.255 +permitted;IP.882 = 10.0.3.113/255.255.255.255 +permitted;IP.883 = 10.0.3.114/255.255.255.255 +permitted;IP.884 = 10.0.3.115/255.255.255.255 +permitted;IP.885 = 10.0.3.116/255.255.255.255 +permitted;IP.886 = 10.0.3.117/255.255.255.255 +permitted;IP.887 = 10.0.3.118/255.255.255.255 +permitted;IP.888 = 10.0.3.119/255.255.255.255 +permitted;IP.889 = 10.0.3.120/255.255.255.255 +permitted;IP.890 = 10.0.3.121/255.255.255.255 +permitted;IP.891 = 10.0.3.122/255.255.255.255 +permitted;IP.892 = 10.0.3.123/255.255.255.255 +permitted;IP.893 = 10.0.3.124/255.255.255.255 +permitted;IP.894 = 10.0.3.125/255.255.255.255 +permitted;IP.895 = 10.0.3.126/255.255.255.255 +permitted;IP.896 = 10.0.3.127/255.255.255.255 +permitted;IP.897 = 10.0.3.128/255.255.255.255 +permitted;IP.898 = 10.0.3.129/255.255.255.255 +permitted;IP.899 = 10.0.3.130/255.255.255.255 +permitted;IP.900 = 10.0.3.131/255.255.255.255 +permitted;IP.901 = 10.0.3.132/255.255.255.255 +permitted;IP.902 = 10.0.3.133/255.255.255.255 +permitted;IP.903 = 10.0.3.134/255.255.255.255 +permitted;IP.904 = 10.0.3.135/255.255.255.255 +permitted;IP.905 = 10.0.3.136/255.255.255.255 +permitted;IP.906 = 10.0.3.137/255.255.255.255 +permitted;IP.907 = 10.0.3.138/255.255.255.255 +permitted;IP.908 = 10.0.3.139/255.255.255.255 +permitted;IP.909 = 10.0.3.140/255.255.255.255 +permitted;IP.910 = 10.0.3.141/255.255.255.255 +permitted;IP.911 = 10.0.3.142/255.255.255.255 +permitted;IP.912 = 10.0.3.143/255.255.255.255 +permitted;IP.913 = 10.0.3.144/255.255.255.255 +permitted;IP.914 = 10.0.3.145/255.255.255.255 +permitted;IP.915 = 10.0.3.146/255.255.255.255 +permitted;IP.916 = 10.0.3.147/255.255.255.255 +permitted;IP.917 = 10.0.3.148/255.255.255.255 +permitted;IP.918 = 10.0.3.149/255.255.255.255 +permitted;IP.919 = 10.0.3.150/255.255.255.255 +permitted;IP.920 = 10.0.3.151/255.255.255.255 +permitted;IP.921 = 10.0.3.152/255.255.255.255 +permitted;IP.922 = 10.0.3.153/255.255.255.255 +permitted;IP.923 = 10.0.3.154/255.255.255.255 +permitted;IP.924 = 10.0.3.155/255.255.255.255 +permitted;IP.925 = 10.0.3.156/255.255.255.255 +permitted;IP.926 = 10.0.3.157/255.255.255.255 +permitted;IP.927 = 10.0.3.158/255.255.255.255 +permitted;IP.928 = 10.0.3.159/255.255.255.255 +permitted;IP.929 = 10.0.3.160/255.255.255.255 +permitted;IP.930 = 10.0.3.161/255.255.255.255 +permitted;IP.931 = 10.0.3.162/255.255.255.255 +permitted;IP.932 = 10.0.3.163/255.255.255.255 +permitted;IP.933 = 10.0.3.164/255.255.255.255 +permitted;IP.934 = 10.0.3.165/255.255.255.255 +permitted;IP.935 = 10.0.3.166/255.255.255.255 +permitted;IP.936 = 10.0.3.167/255.255.255.255 +permitted;IP.937 = 10.0.3.168/255.255.255.255 +permitted;IP.938 = 10.0.3.169/255.255.255.255 +permitted;IP.939 = 10.0.3.170/255.255.255.255 +permitted;IP.940 = 10.0.3.171/255.255.255.255 +permitted;IP.941 = 10.0.3.172/255.255.255.255 +permitted;IP.942 = 10.0.3.173/255.255.255.255 +permitted;IP.943 = 10.0.3.174/255.255.255.255 +permitted;IP.944 = 10.0.3.175/255.255.255.255 +permitted;IP.945 = 10.0.3.176/255.255.255.255 +permitted;IP.946 = 10.0.3.177/255.255.255.255 +permitted;IP.947 = 10.0.3.178/255.255.255.255 +permitted;IP.948 = 10.0.3.179/255.255.255.255 +permitted;IP.949 = 10.0.3.180/255.255.255.255 +permitted;IP.950 = 10.0.3.181/255.255.255.255 +permitted;IP.951 = 10.0.3.182/255.255.255.255 +permitted;IP.952 = 10.0.3.183/255.255.255.255 +permitted;IP.953 = 10.0.3.184/255.255.255.255 +permitted;IP.954 = 10.0.3.185/255.255.255.255 +permitted;IP.955 = 10.0.3.186/255.255.255.255 +permitted;IP.956 = 10.0.3.187/255.255.255.255 +permitted;IP.957 = 10.0.3.188/255.255.255.255 +permitted;IP.958 = 10.0.3.189/255.255.255.255 +permitted;IP.959 = 10.0.3.190/255.255.255.255 +permitted;IP.960 = 10.0.3.191/255.255.255.255 +permitted;IP.961 = 10.0.3.192/255.255.255.255 +permitted;IP.962 = 10.0.3.193/255.255.255.255 +permitted;IP.963 = 10.0.3.194/255.255.255.255 +permitted;IP.964 = 10.0.3.195/255.255.255.255 +permitted;IP.965 = 10.0.3.196/255.255.255.255 +permitted;IP.966 = 10.0.3.197/255.255.255.255 +permitted;IP.967 = 10.0.3.198/255.255.255.255 +permitted;IP.968 = 10.0.3.199/255.255.255.255 +permitted;IP.969 = 10.0.3.200/255.255.255.255 +permitted;IP.970 = 10.0.3.201/255.255.255.255 +permitted;IP.971 = 10.0.3.202/255.255.255.255 +permitted;IP.972 = 10.0.3.203/255.255.255.255 +permitted;IP.973 = 10.0.3.204/255.255.255.255 +permitted;IP.974 = 10.0.3.205/255.255.255.255 +permitted;IP.975 = 10.0.3.206/255.255.255.255 +permitted;IP.976 = 10.0.3.207/255.255.255.255 +permitted;IP.977 = 10.0.3.208/255.255.255.255 +permitted;IP.978 = 10.0.3.209/255.255.255.255 +permitted;IP.979 = 10.0.3.210/255.255.255.255 +permitted;IP.980 = 10.0.3.211/255.255.255.255 +permitted;IP.981 = 10.0.3.212/255.255.255.255 +permitted;IP.982 = 10.0.3.213/255.255.255.255 +permitted;IP.983 = 10.0.3.214/255.255.255.255 +permitted;IP.984 = 10.0.3.215/255.255.255.255 +permitted;IP.985 = 10.0.3.216/255.255.255.255 +permitted;IP.986 = 10.0.3.217/255.255.255.255 +permitted;IP.987 = 10.0.3.218/255.255.255.255 +permitted;IP.988 = 10.0.3.219/255.255.255.255 +permitted;IP.989 = 10.0.3.220/255.255.255.255 +permitted;IP.990 = 10.0.3.221/255.255.255.255 +permitted;IP.991 = 10.0.3.222/255.255.255.255 +permitted;IP.992 = 10.0.3.223/255.255.255.255 +permitted;IP.993 = 10.0.3.224/255.255.255.255 +permitted;IP.994 = 10.0.3.225/255.255.255.255 +permitted;IP.995 = 10.0.3.226/255.255.255.255 +permitted;IP.996 = 10.0.3.227/255.255.255.255 +permitted;IP.997 = 10.0.3.228/255.255.255.255 +permitted;IP.998 = 10.0.3.229/255.255.255.255 +permitted;IP.999 = 10.0.3.230/255.255.255.255 +permitted;IP.1000 = 10.0.3.231/255.255.255.255 +permitted;IP.1001 = 10.0.3.232/255.255.255.255 +permitted;IP.1002 = 10.0.3.233/255.255.255.255 +permitted;IP.1003 = 10.0.3.234/255.255.255.255 +permitted;IP.1004 = 10.0.3.235/255.255.255.255 +permitted;IP.1005 = 10.0.3.236/255.255.255.255 +permitted;IP.1006 = 10.0.3.237/255.255.255.255 +permitted;IP.1007 = 10.0.3.238/255.255.255.255 +permitted;IP.1008 = 10.0.3.239/255.255.255.255 +permitted;IP.1009 = 10.0.3.240/255.255.255.255 +permitted;IP.1010 = 10.0.3.241/255.255.255.255 +permitted;IP.1011 = 10.0.3.242/255.255.255.255 +permitted;IP.1012 = 10.0.3.243/255.255.255.255 +permitted;IP.1013 = 10.0.3.244/255.255.255.255 +permitted;IP.1014 = 10.0.3.245/255.255.255.255 +permitted;IP.1015 = 10.0.3.246/255.255.255.255 +permitted;IP.1016 = 10.0.3.247/255.255.255.255 +permitted;IP.1017 = 10.0.3.248/255.255.255.255 +permitted;IP.1018 = 10.0.3.249/255.255.255.255 +permitted;IP.1019 = 10.0.3.250/255.255.255.255 +permitted;IP.1020 = 10.0.3.251/255.255.255.255 +permitted;IP.1021 = 10.0.3.252/255.255.255.255 +permitted;IP.1022 = 10.0.3.253/255.255.255.255 +permitted;IP.1023 = 10.0.3.254/255.255.255.255 +permitted;IP.1024 = 10.0.3.255/255.255.255.255 +permitted;IP.1025 = 10.0.4.0/255.255.255.255 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.csr new file mode 100644 index 0000000000..26f50df068 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.csr @@ -0,0 +1,274 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIy1jCCMb4CAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoIIweDCC +MHQGCSqGSIb3DQEJDjGCMGUwgjBhMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCMB0GA1UdHgSC +MBQwgjAQoIIwDDAKhwgKAAAA/////zAKhwgKAAAB/////zAKhwgKAAAC/////zAK +hwgKAAAD/////zAKhwgKAAAE/////zAKhwgKAAAF/////zAKhwgKAAAG/////zAK +hwgKAAAH/////zAKhwgKAAAI/////zAKhwgKAAAJ/////zAKhwgKAAAK/////zAK +hwgKAAAL/////zAKhwgKAAAM/////zAKhwgKAAAN/////zAKhwgKAAAO/////zAK +hwgKAAAP/////zAKhwgKAAAQ/////zAKhwgKAAAR/////zAKhwgKAAAS/////zAK +hwgKAAAT/////zAKhwgKAAAU/////zAKhwgKAAAV/////zAKhwgKAAAW/////zAK +hwgKAAAX/////zAKhwgKAAAY/////zAKhwgKAAAZ/////zAKhwgKAAAa/////zAK +hwgKAAAb/////zAKhwgKAAAc/////zAKhwgKAAAd/////zAKhwgKAAAe/////zAK +hwgKAAAf/////zAKhwgKAAAg/////zAKhwgKAAAh/////zAKhwgKAAAi/////zAK +hwgKAAAj/////zAKhwgKAAAk/////zAKhwgKAAAl/////zAKhwgKAAAm/////zAK +hwgKAAAn/////zAKhwgKAAAo/////zAKhwgKAAAp/////zAKhwgKAAAq/////zAK +hwgKAAAr/////zAKhwgKAAAs/////zAKhwgKAAAt/////zAKhwgKAAAu/////zAK +hwgKAAAv/////zAKhwgKAAAw/////zAKhwgKAAAx/////zAKhwgKAAAy/////zAK +hwgKAAAz/////zAKhwgKAAA0/////zAKhwgKAAA1/////zAKhwgKAAA2/////zAK +hwgKAAA3/////zAKhwgKAAA4/////zAKhwgKAAA5/////zAKhwgKAAA6/////zAK +hwgKAAA7/////zAKhwgKAAA8/////zAKhwgKAAA9/////zAKhwgKAAA+/////zAK +hwgKAAA//////zAKhwgKAABA/////zAKhwgKAABB/////zAKhwgKAABC/////zAK +hwgKAABD/////zAKhwgKAABE/////zAKhwgKAABF/////zAKhwgKAABG/////zAK +hwgKAABH/////zAKhwgKAABI/////zAKhwgKAABJ/////zAKhwgKAABK/////zAK +hwgKAABL/////zAKhwgKAABM/////zAKhwgKAABN/////zAKhwgKAABO/////zAK +hwgKAABP/////zAKhwgKAABQ/////zAKhwgKAABR/////zAKhwgKAABS/////zAK +hwgKAABT/////zAKhwgKAABU/////zAKhwgKAABV/////zAKhwgKAABW/////zAK +hwgKAABX/////zAKhwgKAABY/////zAKhwgKAABZ/////zAKhwgKAABa/////zAK +hwgKAABb/////zAKhwgKAABc/////zAKhwgKAABd/////zAKhwgKAABe/////zAK +hwgKAABf/////zAKhwgKAABg/////zAKhwgKAABh/////zAKhwgKAABi/////zAK +hwgKAABj/////zAKhwgKAABk/////zAKhwgKAABl/////zAKhwgKAABm/////zAK +hwgKAABn/////zAKhwgKAABo/////zAKhwgKAABp/////zAKhwgKAABq/////zAK +hwgKAABr/////zAKhwgKAABs/////zAKhwgKAABt/////zAKhwgKAABu/////zAK +hwgKAABv/////zAKhwgKAABw/////zAKhwgKAABx/////zAKhwgKAABy/////zAK +hwgKAABz/////zAKhwgKAAB0/////zAKhwgKAAB1/////zAKhwgKAAB2/////zAK +hwgKAAB3/////zAKhwgKAAB4/////zAKhwgKAAB5/////zAKhwgKAAB6/////zAK +hwgKAAB7/////zAKhwgKAAB8/////zAKhwgKAAB9/////zAKhwgKAAB+/////zAK +hwgKAAB//////zAKhwgKAACA/////zAKhwgKAACB/////zAKhwgKAACC/////zAK +hwgKAACD/////zAKhwgKAACE/////zAKhwgKAACF/////zAKhwgKAACG/////zAK +hwgKAACH/////zAKhwgKAACI/////zAKhwgKAACJ/////zAKhwgKAACK/////zAK +hwgKAACL/////zAKhwgKAACM/////zAKhwgKAACN/////zAKhwgKAACO/////zAK +hwgKAACP/////zAKhwgKAACQ/////zAKhwgKAACR/////zAKhwgKAACS/////zAK +hwgKAACT/////zAKhwgKAACU/////zAKhwgKAACV/////zAKhwgKAACW/////zAK +hwgKAACX/////zAKhwgKAACY/////zAKhwgKAACZ/////zAKhwgKAACa/////zAK +hwgKAACb/////zAKhwgKAACc/////zAKhwgKAACd/////zAKhwgKAACe/////zAK +hwgKAACf/////zAKhwgKAACg/////zAKhwgKAACh/////zAKhwgKAACi/////zAK +hwgKAACj/////zAKhwgKAACk/////zAKhwgKAACl/////zAKhwgKAACm/////zAK +hwgKAACn/////zAKhwgKAACo/////zAKhwgKAACp/////zAKhwgKAACq/////zAK +hwgKAACr/////zAKhwgKAACs/////zAKhwgKAACt/////zAKhwgKAACu/////zAK +hwgKAACv/////zAKhwgKAACw/////zAKhwgKAACx/////zAKhwgKAACy/////zAK +hwgKAACz/////zAKhwgKAAC0/////zAKhwgKAAC1/////zAKhwgKAAC2/////zAK +hwgKAAC3/////zAKhwgKAAC4/////zAKhwgKAAC5/////zAKhwgKAAC6/////zAK +hwgKAAC7/////zAKhwgKAAC8/////zAKhwgKAAC9/////zAKhwgKAAC+/////zAK +hwgKAAC//////zAKhwgKAADA/////zAKhwgKAADB/////zAKhwgKAADC/////zAK +hwgKAADD/////zAKhwgKAADE/////zAKhwgKAADF/////zAKhwgKAADG/////zAK +hwgKAADH/////zAKhwgKAADI/////zAKhwgKAADJ/////zAKhwgKAADK/////zAK +hwgKAADL/////zAKhwgKAADM/////zAKhwgKAADN/////zAKhwgKAADO/////zAK +hwgKAADP/////zAKhwgKAADQ/////zAKhwgKAADR/////zAKhwgKAADS/////zAK +hwgKAADT/////zAKhwgKAADU/////zAKhwgKAADV/////zAKhwgKAADW/////zAK +hwgKAADX/////zAKhwgKAADY/////zAKhwgKAADZ/////zAKhwgKAADa/////zAK +hwgKAADb/////zAKhwgKAADc/////zAKhwgKAADd/////zAKhwgKAADe/////zAK +hwgKAADf/////zAKhwgKAADg/////zAKhwgKAADh/////zAKhwgKAADi/////zAK +hwgKAADj/////zAKhwgKAADk/////zAKhwgKAADl/////zAKhwgKAADm/////zAK +hwgKAADn/////zAKhwgKAADo/////zAKhwgKAADp/////zAKhwgKAADq/////zAK +hwgKAADr/////zAKhwgKAADs/////zAKhwgKAADt/////zAKhwgKAADu/////zAK +hwgKAADv/////zAKhwgKAADw/////zAKhwgKAADx/////zAKhwgKAADy/////zAK +hwgKAADz/////zAKhwgKAAD0/////zAKhwgKAAD1/////zAKhwgKAAD2/////zAK +hwgKAAD3/////zAKhwgKAAD4/////zAKhwgKAAD5/////zAKhwgKAAD6/////zAK +hwgKAAD7/////zAKhwgKAAD8/////zAKhwgKAAD9/////zAKhwgKAAD+/////zAK +hwgKAAD//////zAKhwgKAAEA/////zAKhwgKAAEB/////zAKhwgKAAEC/////zAK +hwgKAAED/////zAKhwgKAAEE/////zAKhwgKAAEF/////zAKhwgKAAEG/////zAK +hwgKAAEH/////zAKhwgKAAEI/////zAKhwgKAAEJ/////zAKhwgKAAEK/////zAK +hwgKAAEL/////zAKhwgKAAEM/////zAKhwgKAAEN/////zAKhwgKAAEO/////zAK +hwgKAAEP/////zAKhwgKAAEQ/////zAKhwgKAAER/////zAKhwgKAAES/////zAK +hwgKAAET/////zAKhwgKAAEU/////zAKhwgKAAEV/////zAKhwgKAAEW/////zAK +hwgKAAEX/////zAKhwgKAAEY/////zAKhwgKAAEZ/////zAKhwgKAAEa/////zAK +hwgKAAEb/////zAKhwgKAAEc/////zAKhwgKAAEd/////zAKhwgKAAEe/////zAK +hwgKAAEf/////zAKhwgKAAEg/////zAKhwgKAAEh/////zAKhwgKAAEi/////zAK +hwgKAAEj/////zAKhwgKAAEk/////zAKhwgKAAEl/////zAKhwgKAAEm/////zAK +hwgKAAEn/////zAKhwgKAAEo/////zAKhwgKAAEp/////zAKhwgKAAEq/////zAK +hwgKAAEr/////zAKhwgKAAEs/////zAKhwgKAAEt/////zAKhwgKAAEu/////zAK +hwgKAAEv/////zAKhwgKAAEw/////zAKhwgKAAEx/////zAKhwgKAAEy/////zAK +hwgKAAEz/////zAKhwgKAAE0/////zAKhwgKAAE1/////zAKhwgKAAE2/////zAK +hwgKAAE3/////zAKhwgKAAE4/////zAKhwgKAAE5/////zAKhwgKAAE6/////zAK +hwgKAAE7/////zAKhwgKAAE8/////zAKhwgKAAE9/////zAKhwgKAAE+/////zAK +hwgKAAE//////zAKhwgKAAFA/////zAKhwgKAAFB/////zAKhwgKAAFC/////zAK +hwgKAAFD/////zAKhwgKAAFE/////zAKhwgKAAFF/////zAKhwgKAAFG/////zAK +hwgKAAFH/////zAKhwgKAAFI/////zAKhwgKAAFJ/////zAKhwgKAAFK/////zAK +hwgKAAFL/////zAKhwgKAAFM/////zAKhwgKAAFN/////zAKhwgKAAFO/////zAK +hwgKAAFP/////zAKhwgKAAFQ/////zAKhwgKAAFR/////zAKhwgKAAFS/////zAK +hwgKAAFT/////zAKhwgKAAFU/////zAKhwgKAAFV/////zAKhwgKAAFW/////zAK +hwgKAAFX/////zAKhwgKAAFY/////zAKhwgKAAFZ/////zAKhwgKAAFa/////zAK +hwgKAAFb/////zAKhwgKAAFc/////zAKhwgKAAFd/////zAKhwgKAAFe/////zAK +hwgKAAFf/////zAKhwgKAAFg/////zAKhwgKAAFh/////zAKhwgKAAFi/////zAK +hwgKAAFj/////zAKhwgKAAFk/////zAKhwgKAAFl/////zAKhwgKAAFm/////zAK +hwgKAAFn/////zAKhwgKAAFo/////zAKhwgKAAFp/////zAKhwgKAAFq/////zAK +hwgKAAFr/////zAKhwgKAAFs/////zAKhwgKAAFt/////zAKhwgKAAFu/////zAK +hwgKAAFv/////zAKhwgKAAFw/////zAKhwgKAAFx/////zAKhwgKAAFy/////zAK +hwgKAAFz/////zAKhwgKAAF0/////zAKhwgKAAF1/////zAKhwgKAAF2/////zAK +hwgKAAF3/////zAKhwgKAAF4/////zAKhwgKAAF5/////zAKhwgKAAF6/////zAK +hwgKAAF7/////zAKhwgKAAF8/////zAKhwgKAAF9/////zAKhwgKAAF+/////zAK +hwgKAAF//////zAKhwgKAAGA/////zAKhwgKAAGB/////zAKhwgKAAGC/////zAK +hwgKAAGD/////zAKhwgKAAGE/////zAKhwgKAAGF/////zAKhwgKAAGG/////zAK +hwgKAAGH/////zAKhwgKAAGI/////zAKhwgKAAGJ/////zAKhwgKAAGK/////zAK +hwgKAAGL/////zAKhwgKAAGM/////zAKhwgKAAGN/////zAKhwgKAAGO/////zAK +hwgKAAGP/////zAKhwgKAAGQ/////zAKhwgKAAGR/////zAKhwgKAAGS/////zAK +hwgKAAGT/////zAKhwgKAAGU/////zAKhwgKAAGV/////zAKhwgKAAGW/////zAK +hwgKAAGX/////zAKhwgKAAGY/////zAKhwgKAAGZ/////zAKhwgKAAGa/////zAK +hwgKAAGb/////zAKhwgKAAGc/////zAKhwgKAAGd/////zAKhwgKAAGe/////zAK +hwgKAAGf/////zAKhwgKAAGg/////zAKhwgKAAGh/////zAKhwgKAAGi/////zAK +hwgKAAGj/////zAKhwgKAAGk/////zAKhwgKAAGl/////zAKhwgKAAGm/////zAK +hwgKAAGn/////zAKhwgKAAGo/////zAKhwgKAAGp/////zAKhwgKAAGq/////zAK +hwgKAAGr/////zAKhwgKAAGs/////zAKhwgKAAGt/////zAKhwgKAAGu/////zAK +hwgKAAGv/////zAKhwgKAAGw/////zAKhwgKAAGx/////zAKhwgKAAGy/////zAK +hwgKAAGz/////zAKhwgKAAG0/////zAKhwgKAAG1/////zAKhwgKAAG2/////zAK +hwgKAAG3/////zAKhwgKAAG4/////zAKhwgKAAG5/////zAKhwgKAAG6/////zAK +hwgKAAG7/////zAKhwgKAAG8/////zAKhwgKAAG9/////zAKhwgKAAG+/////zAK +hwgKAAG//////zAKhwgKAAHA/////zAKhwgKAAHB/////zAKhwgKAAHC/////zAK +hwgKAAHD/////zAKhwgKAAHE/////zAKhwgKAAHF/////zAKhwgKAAHG/////zAK +hwgKAAHH/////zAKhwgKAAHI/////zAKhwgKAAHJ/////zAKhwgKAAHK/////zAK +hwgKAAHL/////zAKhwgKAAHM/////zAKhwgKAAHN/////zAKhwgKAAHO/////zAK +hwgKAAHP/////zAKhwgKAAHQ/////zAKhwgKAAHR/////zAKhwgKAAHS/////zAK +hwgKAAHT/////zAKhwgKAAHU/////zAKhwgKAAHV/////zAKhwgKAAHW/////zAK +hwgKAAHX/////zAKhwgKAAHY/////zAKhwgKAAHZ/////zAKhwgKAAHa/////zAK +hwgKAAHb/////zAKhwgKAAHc/////zAKhwgKAAHd/////zAKhwgKAAHe/////zAK +hwgKAAHf/////zAKhwgKAAHg/////zAKhwgKAAHh/////zAKhwgKAAHi/////zAK +hwgKAAHj/////zAKhwgKAAHk/////zAKhwgKAAHl/////zAKhwgKAAHm/////zAK +hwgKAAHn/////zAKhwgKAAHo/////zAKhwgKAAHp/////zAKhwgKAAHq/////zAK +hwgKAAHr/////zAKhwgKAAHs/////zAKhwgKAAHt/////zAKhwgKAAHu/////zAK +hwgKAAHv/////zAKhwgKAAHw/////zAKhwgKAAHx/////zAKhwgKAAHy/////zAK +hwgKAAHz/////zAKhwgKAAH0/////zAKhwgKAAH1/////zAKhwgKAAH2/////zAK +hwgKAAH3/////zAKhwgKAAH4/////zAKhwgKAAH5/////zAKhwgKAAH6/////zAK +hwgKAAH7/////zAKhwgKAAH8/////zAKhwgKAAH9/////zAKhwgKAAH+/////zAK +hwgKAAH//////zAKhwgKAAIA/////zAKhwgKAAIB/////zAKhwgKAAIC/////zAK +hwgKAAID/////zAKhwgKAAIE/////zAKhwgKAAIF/////zAKhwgKAAIG/////zAK +hwgKAAIH/////zAKhwgKAAII/////zAKhwgKAAIJ/////zAKhwgKAAIK/////zAK +hwgKAAIL/////zAKhwgKAAIM/////zAKhwgKAAIN/////zAKhwgKAAIO/////zAK +hwgKAAIP/////zAKhwgKAAIQ/////zAKhwgKAAIR/////zAKhwgKAAIS/////zAK +hwgKAAIT/////zAKhwgKAAIU/////zAKhwgKAAIV/////zAKhwgKAAIW/////zAK +hwgKAAIX/////zAKhwgKAAIY/////zAKhwgKAAIZ/////zAKhwgKAAIa/////zAK +hwgKAAIb/////zAKhwgKAAIc/////zAKhwgKAAId/////zAKhwgKAAIe/////zAK +hwgKAAIf/////zAKhwgKAAIg/////zAKhwgKAAIh/////zAKhwgKAAIi/////zAK +hwgKAAIj/////zAKhwgKAAIk/////zAKhwgKAAIl/////zAKhwgKAAIm/////zAK +hwgKAAIn/////zAKhwgKAAIo/////zAKhwgKAAIp/////zAKhwgKAAIq/////zAK +hwgKAAIr/////zAKhwgKAAIs/////zAKhwgKAAIt/////zAKhwgKAAIu/////zAK +hwgKAAIv/////zAKhwgKAAIw/////zAKhwgKAAIx/////zAKhwgKAAIy/////zAK +hwgKAAIz/////zAKhwgKAAI0/////zAKhwgKAAI1/////zAKhwgKAAI2/////zAK +hwgKAAI3/////zAKhwgKAAI4/////zAKhwgKAAI5/////zAKhwgKAAI6/////zAK +hwgKAAI7/////zAKhwgKAAI8/////zAKhwgKAAI9/////zAKhwgKAAI+/////zAK +hwgKAAI//////zAKhwgKAAJA/////zAKhwgKAAJB/////zAKhwgKAAJC/////zAK +hwgKAAJD/////zAKhwgKAAJE/////zAKhwgKAAJF/////zAKhwgKAAJG/////zAK +hwgKAAJH/////zAKhwgKAAJI/////zAKhwgKAAJJ/////zAKhwgKAAJK/////zAK +hwgKAAJL/////zAKhwgKAAJM/////zAKhwgKAAJN/////zAKhwgKAAJO/////zAK +hwgKAAJP/////zAKhwgKAAJQ/////zAKhwgKAAJR/////zAKhwgKAAJS/////zAK +hwgKAAJT/////zAKhwgKAAJU/////zAKhwgKAAJV/////zAKhwgKAAJW/////zAK +hwgKAAJX/////zAKhwgKAAJY/////zAKhwgKAAJZ/////zAKhwgKAAJa/////zAK +hwgKAAJb/////zAKhwgKAAJc/////zAKhwgKAAJd/////zAKhwgKAAJe/////zAK +hwgKAAJf/////zAKhwgKAAJg/////zAKhwgKAAJh/////zAKhwgKAAJi/////zAK +hwgKAAJj/////zAKhwgKAAJk/////zAKhwgKAAJl/////zAKhwgKAAJm/////zAK +hwgKAAJn/////zAKhwgKAAJo/////zAKhwgKAAJp/////zAKhwgKAAJq/////zAK +hwgKAAJr/////zAKhwgKAAJs/////zAKhwgKAAJt/////zAKhwgKAAJu/////zAK +hwgKAAJv/////zAKhwgKAAJw/////zAKhwgKAAJx/////zAKhwgKAAJy/////zAK +hwgKAAJz/////zAKhwgKAAJ0/////zAKhwgKAAJ1/////zAKhwgKAAJ2/////zAK +hwgKAAJ3/////zAKhwgKAAJ4/////zAKhwgKAAJ5/////zAKhwgKAAJ6/////zAK +hwgKAAJ7/////zAKhwgKAAJ8/////zAKhwgKAAJ9/////zAKhwgKAAJ+/////zAK +hwgKAAJ//////zAKhwgKAAKA/////zAKhwgKAAKB/////zAKhwgKAAKC/////zAK +hwgKAAKD/////zAKhwgKAAKE/////zAKhwgKAAKF/////zAKhwgKAAKG/////zAK +hwgKAAKH/////zAKhwgKAAKI/////zAKhwgKAAKJ/////zAKhwgKAAKK/////zAK +hwgKAAKL/////zAKhwgKAAKM/////zAKhwgKAAKN/////zAKhwgKAAKO/////zAK +hwgKAAKP/////zAKhwgKAAKQ/////zAKhwgKAAKR/////zAKhwgKAAKS/////zAK +hwgKAAKT/////zAKhwgKAAKU/////zAKhwgKAAKV/////zAKhwgKAAKW/////zAK +hwgKAAKX/////zAKhwgKAAKY/////zAKhwgKAAKZ/////zAKhwgKAAKa/////zAK +hwgKAAKb/////zAKhwgKAAKc/////zAKhwgKAAKd/////zAKhwgKAAKe/////zAK +hwgKAAKf/////zAKhwgKAAKg/////zAKhwgKAAKh/////zAKhwgKAAKi/////zAK +hwgKAAKj/////zAKhwgKAAKk/////zAKhwgKAAKl/////zAKhwgKAAKm/////zAK +hwgKAAKn/////zAKhwgKAAKo/////zAKhwgKAAKp/////zAKhwgKAAKq/////zAK +hwgKAAKr/////zAKhwgKAAKs/////zAKhwgKAAKt/////zAKhwgKAAKu/////zAK +hwgKAAKv/////zAKhwgKAAKw/////zAKhwgKAAKx/////zAKhwgKAAKy/////zAK +hwgKAAKz/////zAKhwgKAAK0/////zAKhwgKAAK1/////zAKhwgKAAK2/////zAK +hwgKAAK3/////zAKhwgKAAK4/////zAKhwgKAAK5/////zAKhwgKAAK6/////zAK +hwgKAAK7/////zAKhwgKAAK8/////zAKhwgKAAK9/////zAKhwgKAAK+/////zAK +hwgKAAK//////zAKhwgKAALA/////zAKhwgKAALB/////zAKhwgKAALC/////zAK +hwgKAALD/////zAKhwgKAALE/////zAKhwgKAALF/////zAKhwgKAALG/////zAK +hwgKAALH/////zAKhwgKAALI/////zAKhwgKAALJ/////zAKhwgKAALK/////zAK +hwgKAALL/////zAKhwgKAALM/////zAKhwgKAALN/////zAKhwgKAALO/////zAK +hwgKAALP/////zAKhwgKAALQ/////zAKhwgKAALR/////zAKhwgKAALS/////zAK +hwgKAALT/////zAKhwgKAALU/////zAKhwgKAALV/////zAKhwgKAALW/////zAK +hwgKAALX/////zAKhwgKAALY/////zAKhwgKAALZ/////zAKhwgKAALa/////zAK +hwgKAALb/////zAKhwgKAALc/////zAKhwgKAALd/////zAKhwgKAALe/////zAK +hwgKAALf/////zAKhwgKAALg/////zAKhwgKAALh/////zAKhwgKAALi/////zAK +hwgKAALj/////zAKhwgKAALk/////zAKhwgKAALl/////zAKhwgKAALm/////zAK +hwgKAALn/////zAKhwgKAALo/////zAKhwgKAALp/////zAKhwgKAALq/////zAK +hwgKAALr/////zAKhwgKAALs/////zAKhwgKAALt/////zAKhwgKAALu/////zAK +hwgKAALv/////zAKhwgKAALw/////zAKhwgKAALx/////zAKhwgKAALy/////zAK +hwgKAALz/////zAKhwgKAAL0/////zAKhwgKAAL1/////zAKhwgKAAL2/////zAK +hwgKAAL3/////zAKhwgKAAL4/////zAKhwgKAAL5/////zAKhwgKAAL6/////zAK +hwgKAAL7/////zAKhwgKAAL8/////zAKhwgKAAL9/////zAKhwgKAAL+/////zAK +hwgKAAL//////zAKhwgKAAMA/////zAKhwgKAAMB/////zAKhwgKAAMC/////zAK +hwgKAAMD/////zAKhwgKAAME/////zAKhwgKAAMF/////zAKhwgKAAMG/////zAK +hwgKAAMH/////zAKhwgKAAMI/////zAKhwgKAAMJ/////zAKhwgKAAMK/////zAK +hwgKAAML/////zAKhwgKAAMM/////zAKhwgKAAMN/////zAKhwgKAAMO/////zAK +hwgKAAMP/////zAKhwgKAAMQ/////zAKhwgKAAMR/////zAKhwgKAAMS/////zAK +hwgKAAMT/////zAKhwgKAAMU/////zAKhwgKAAMV/////zAKhwgKAAMW/////zAK +hwgKAAMX/////zAKhwgKAAMY/////zAKhwgKAAMZ/////zAKhwgKAAMa/////zAK +hwgKAAMb/////zAKhwgKAAMc/////zAKhwgKAAMd/////zAKhwgKAAMe/////zAK +hwgKAAMf/////zAKhwgKAAMg/////zAKhwgKAAMh/////zAKhwgKAAMi/////zAK +hwgKAAMj/////zAKhwgKAAMk/////zAKhwgKAAMl/////zAKhwgKAAMm/////zAK +hwgKAAMn/////zAKhwgKAAMo/////zAKhwgKAAMp/////zAKhwgKAAMq/////zAK +hwgKAAMr/////zAKhwgKAAMs/////zAKhwgKAAMt/////zAKhwgKAAMu/////zAK +hwgKAAMv/////zAKhwgKAAMw/////zAKhwgKAAMx/////zAKhwgKAAMy/////zAK +hwgKAAMz/////zAKhwgKAAM0/////zAKhwgKAAM1/////zAKhwgKAAM2/////zAK +hwgKAAM3/////zAKhwgKAAM4/////zAKhwgKAAM5/////zAKhwgKAAM6/////zAK +hwgKAAM7/////zAKhwgKAAM8/////zAKhwgKAAM9/////zAKhwgKAAM+/////zAK +hwgKAAM//////zAKhwgKAANA/////zAKhwgKAANB/////zAKhwgKAANC/////zAK +hwgKAAND/////zAKhwgKAANE/////zAKhwgKAANF/////zAKhwgKAANG/////zAK +hwgKAANH/////zAKhwgKAANI/////zAKhwgKAANJ/////zAKhwgKAANK/////zAK +hwgKAANL/////zAKhwgKAANM/////zAKhwgKAANN/////zAKhwgKAANO/////zAK +hwgKAANP/////zAKhwgKAANQ/////zAKhwgKAANR/////zAKhwgKAANS/////zAK +hwgKAANT/////zAKhwgKAANU/////zAKhwgKAANV/////zAKhwgKAANW/////zAK +hwgKAANX/////zAKhwgKAANY/////zAKhwgKAANZ/////zAKhwgKAANa/////zAK +hwgKAANb/////zAKhwgKAANc/////zAKhwgKAANd/////zAKhwgKAANe/////zAK +hwgKAANf/////zAKhwgKAANg/////zAKhwgKAANh/////zAKhwgKAANi/////zAK +hwgKAANj/////zAKhwgKAANk/////zAKhwgKAANl/////zAKhwgKAANm/////zAK +hwgKAANn/////zAKhwgKAANo/////zAKhwgKAANp/////zAKhwgKAANq/////zAK +hwgKAANr/////zAKhwgKAANs/////zAKhwgKAANt/////zAKhwgKAANu/////zAK +hwgKAANv/////zAKhwgKAANw/////zAKhwgKAANx/////zAKhwgKAANy/////zAK +hwgKAANz/////zAKhwgKAAN0/////zAKhwgKAAN1/////zAKhwgKAAN2/////zAK +hwgKAAN3/////zAKhwgKAAN4/////zAKhwgKAAN5/////zAKhwgKAAN6/////zAK +hwgKAAN7/////zAKhwgKAAN8/////zAKhwgKAAN9/////zAKhwgKAAN+/////zAK +hwgKAAN//////zAKhwgKAAOA/////zAKhwgKAAOB/////zAKhwgKAAOC/////zAK +hwgKAAOD/////zAKhwgKAAOE/////zAKhwgKAAOF/////zAKhwgKAAOG/////zAK +hwgKAAOH/////zAKhwgKAAOI/////zAKhwgKAAOJ/////zAKhwgKAAOK/////zAK +hwgKAAOL/////zAKhwgKAAOM/////zAKhwgKAAON/////zAKhwgKAAOO/////zAK +hwgKAAOP/////zAKhwgKAAOQ/////zAKhwgKAAOR/////zAKhwgKAAOS/////zAK +hwgKAAOT/////zAKhwgKAAOU/////zAKhwgKAAOV/////zAKhwgKAAOW/////zAK +hwgKAAOX/////zAKhwgKAAOY/////zAKhwgKAAOZ/////zAKhwgKAAOa/////zAK +hwgKAAOb/////zAKhwgKAAOc/////zAKhwgKAAOd/////zAKhwgKAAOe/////zAK +hwgKAAOf/////zAKhwgKAAOg/////zAKhwgKAAOh/////zAKhwgKAAOi/////zAK +hwgKAAOj/////zAKhwgKAAOk/////zAKhwgKAAOl/////zAKhwgKAAOm/////zAK +hwgKAAOn/////zAKhwgKAAOo/////zAKhwgKAAOp/////zAKhwgKAAOq/////zAK +hwgKAAOr/////zAKhwgKAAOs/////zAKhwgKAAOt/////zAKhwgKAAOu/////zAK +hwgKAAOv/////zAKhwgKAAOw/////zAKhwgKAAOx/////zAKhwgKAAOy/////zAK +hwgKAAOz/////zAKhwgKAAO0/////zAKhwgKAAO1/////zAKhwgKAAO2/////zAK +hwgKAAO3/////zAKhwgKAAO4/////zAKhwgKAAO5/////zAKhwgKAAO6/////zAK +hwgKAAO7/////zAKhwgKAAO8/////zAKhwgKAAO9/////zAKhwgKAAO+/////zAK +hwgKAAO//////zAKhwgKAAPA/////zAKhwgKAAPB/////zAKhwgKAAPC/////zAK +hwgKAAPD/////zAKhwgKAAPE/////zAKhwgKAAPF/////zAKhwgKAAPG/////zAK +hwgKAAPH/////zAKhwgKAAPI/////zAKhwgKAAPJ/////zAKhwgKAAPK/////zAK +hwgKAAPL/////zAKhwgKAAPM/////zAKhwgKAAPN/////zAKhwgKAAPO/////zAK +hwgKAAPP/////zAKhwgKAAPQ/////zAKhwgKAAPR/////zAKhwgKAAPS/////zAK +hwgKAAPT/////zAKhwgKAAPU/////zAKhwgKAAPV/////zAKhwgKAAPW/////zAK +hwgKAAPX/////zAKhwgKAAPY/////zAKhwgKAAPZ/////zAKhwgKAAPa/////zAK +hwgKAAPb/////zAKhwgKAAPc/////zAKhwgKAAPd/////zAKhwgKAAPe/////zAK +hwgKAAPf/////zAKhwgKAAPg/////zAKhwgKAAPh/////zAKhwgKAAPi/////zAK +hwgKAAPj/////zAKhwgKAAPk/////zAKhwgKAAPl/////zAKhwgKAAPm/////zAK +hwgKAAPn/////zAKhwgKAAPo/////zAKhwgKAAPp/////zAKhwgKAAPq/////zAK +hwgKAAPr/////zAKhwgKAAPs/////zAKhwgKAAPt/////zAKhwgKAAPu/////zAK +hwgKAAPv/////zAKhwgKAAPw/////zAKhwgKAAPx/////zAKhwgKAAPy/////zAK +hwgKAAPz/////zAKhwgKAAP0/////zAKhwgKAAP1/////zAKhwgKAAP2/////zAK +hwgKAAP3/////zAKhwgKAAP4/////zAKhwgKAAP5/////zAKhwgKAAP6/////zAK +hwgKAAP7/////zAKhwgKAAP8/////zAKhwgKAAP9/////zAKhwgKAAP+/////zAK +hwgKAAP//////zAKhwgKAAQA/////zANBgkqhkiG9w0BAQsFAAOCAQEAaH39T2Dt +F1ADYlIKyjl79MiAdWg1kxAAd2a4y8QjtO9z/c5ygxphIadhfEBcNn3bV76eQjov +TgpAMoA5BbgjT4qUW7rgslmxpobNJwcI6HdGMhg+NHv2ndOCbN5pPMhXqH2e89bb +e3HssgsvTy/ReAsJnm0ps4sYDhFTpBAOhttO/Hryv0sQa7aS2bT/5DZwgzfOofFJ +fNo7ot1TjUXybB5oBa1DjEgyksB69KlJN7Q0sK9o4AdFItKzjdVcy5IN8DRnbzKw +9HJcQuYeq1LoNHVuZ4DouYpKgN25CremPkJvNUzjVTCkgtRIdAqPDE+pESn2oUDr +9Suo1r/I0VXDIA== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.pem new file mode 100644 index 0000000000..30ee03a71f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_6.pem @@ -0,0 +1,1374 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + IP:10.0.0.171/255.255.255.255 + IP:10.0.0.172/255.255.255.255 + IP:10.0.0.173/255.255.255.255 + IP:10.0.0.174/255.255.255.255 + IP:10.0.0.175/255.255.255.255 + IP:10.0.0.176/255.255.255.255 + IP:10.0.0.177/255.255.255.255 + IP:10.0.0.178/255.255.255.255 + IP:10.0.0.179/255.255.255.255 + IP:10.0.0.180/255.255.255.255 + IP:10.0.0.181/255.255.255.255 + IP:10.0.0.182/255.255.255.255 + IP:10.0.0.183/255.255.255.255 + IP:10.0.0.184/255.255.255.255 + IP:10.0.0.185/255.255.255.255 + IP:10.0.0.186/255.255.255.255 + IP:10.0.0.187/255.255.255.255 + IP:10.0.0.188/255.255.255.255 + IP:10.0.0.189/255.255.255.255 + IP:10.0.0.190/255.255.255.255 + IP:10.0.0.191/255.255.255.255 + IP:10.0.0.192/255.255.255.255 + IP:10.0.0.193/255.255.255.255 + IP:10.0.0.194/255.255.255.255 + IP:10.0.0.195/255.255.255.255 + IP:10.0.0.196/255.255.255.255 + IP:10.0.0.197/255.255.255.255 + IP:10.0.0.198/255.255.255.255 + IP:10.0.0.199/255.255.255.255 + IP:10.0.0.200/255.255.255.255 + IP:10.0.0.201/255.255.255.255 + IP:10.0.0.202/255.255.255.255 + IP:10.0.0.203/255.255.255.255 + IP:10.0.0.204/255.255.255.255 + IP:10.0.0.205/255.255.255.255 + IP:10.0.0.206/255.255.255.255 + IP:10.0.0.207/255.255.255.255 + IP:10.0.0.208/255.255.255.255 + IP:10.0.0.209/255.255.255.255 + IP:10.0.0.210/255.255.255.255 + IP:10.0.0.211/255.255.255.255 + IP:10.0.0.212/255.255.255.255 + IP:10.0.0.213/255.255.255.255 + IP:10.0.0.214/255.255.255.255 + IP:10.0.0.215/255.255.255.255 + IP:10.0.0.216/255.255.255.255 + IP:10.0.0.217/255.255.255.255 + IP:10.0.0.218/255.255.255.255 + IP:10.0.0.219/255.255.255.255 + IP:10.0.0.220/255.255.255.255 + IP:10.0.0.221/255.255.255.255 + IP:10.0.0.222/255.255.255.255 + IP:10.0.0.223/255.255.255.255 + IP:10.0.0.224/255.255.255.255 + IP:10.0.0.225/255.255.255.255 + IP:10.0.0.226/255.255.255.255 + IP:10.0.0.227/255.255.255.255 + IP:10.0.0.228/255.255.255.255 + IP:10.0.0.229/255.255.255.255 + IP:10.0.0.230/255.255.255.255 + IP:10.0.0.231/255.255.255.255 + IP:10.0.0.232/255.255.255.255 + IP:10.0.0.233/255.255.255.255 + IP:10.0.0.234/255.255.255.255 + IP:10.0.0.235/255.255.255.255 + IP:10.0.0.236/255.255.255.255 + IP:10.0.0.237/255.255.255.255 + IP:10.0.0.238/255.255.255.255 + IP:10.0.0.239/255.255.255.255 + IP:10.0.0.240/255.255.255.255 + IP:10.0.0.241/255.255.255.255 + IP:10.0.0.242/255.255.255.255 + IP:10.0.0.243/255.255.255.255 + IP:10.0.0.244/255.255.255.255 + IP:10.0.0.245/255.255.255.255 + IP:10.0.0.246/255.255.255.255 + IP:10.0.0.247/255.255.255.255 + IP:10.0.0.248/255.255.255.255 + IP:10.0.0.249/255.255.255.255 + IP:10.0.0.250/255.255.255.255 + IP:10.0.0.251/255.255.255.255 + IP:10.0.0.252/255.255.255.255 + IP:10.0.0.253/255.255.255.255 + IP:10.0.0.254/255.255.255.255 + IP:10.0.0.255/255.255.255.255 + IP:10.0.1.0/255.255.255.255 + IP:10.0.1.1/255.255.255.255 + IP:10.0.1.2/255.255.255.255 + IP:10.0.1.3/255.255.255.255 + IP:10.0.1.4/255.255.255.255 + IP:10.0.1.5/255.255.255.255 + IP:10.0.1.6/255.255.255.255 + IP:10.0.1.7/255.255.255.255 + IP:10.0.1.8/255.255.255.255 + IP:10.0.1.9/255.255.255.255 + IP:10.0.1.10/255.255.255.255 + IP:10.0.1.11/255.255.255.255 + IP:10.0.1.12/255.255.255.255 + IP:10.0.1.13/255.255.255.255 + IP:10.0.1.14/255.255.255.255 + IP:10.0.1.15/255.255.255.255 + IP:10.0.1.16/255.255.255.255 + IP:10.0.1.17/255.255.255.255 + IP:10.0.1.18/255.255.255.255 + IP:10.0.1.19/255.255.255.255 + IP:10.0.1.20/255.255.255.255 + IP:10.0.1.21/255.255.255.255 + IP:10.0.1.22/255.255.255.255 + IP:10.0.1.23/255.255.255.255 + IP:10.0.1.24/255.255.255.255 + IP:10.0.1.25/255.255.255.255 + IP:10.0.1.26/255.255.255.255 + IP:10.0.1.27/255.255.255.255 + IP:10.0.1.28/255.255.255.255 + IP:10.0.1.29/255.255.255.255 + IP:10.0.1.30/255.255.255.255 + IP:10.0.1.31/255.255.255.255 + IP:10.0.1.32/255.255.255.255 + IP:10.0.1.33/255.255.255.255 + IP:10.0.1.34/255.255.255.255 + IP:10.0.1.35/255.255.255.255 + IP:10.0.1.36/255.255.255.255 + IP:10.0.1.37/255.255.255.255 + IP:10.0.1.38/255.255.255.255 + IP:10.0.1.39/255.255.255.255 + IP:10.0.1.40/255.255.255.255 + IP:10.0.1.41/255.255.255.255 + IP:10.0.1.42/255.255.255.255 + IP:10.0.1.43/255.255.255.255 + IP:10.0.1.44/255.255.255.255 + IP:10.0.1.45/255.255.255.255 + IP:10.0.1.46/255.255.255.255 + IP:10.0.1.47/255.255.255.255 + IP:10.0.1.48/255.255.255.255 + IP:10.0.1.49/255.255.255.255 + IP:10.0.1.50/255.255.255.255 + IP:10.0.1.51/255.255.255.255 + IP:10.0.1.52/255.255.255.255 + IP:10.0.1.53/255.255.255.255 + IP:10.0.1.54/255.255.255.255 + IP:10.0.1.55/255.255.255.255 + IP:10.0.1.56/255.255.255.255 + IP:10.0.1.57/255.255.255.255 + IP:10.0.1.58/255.255.255.255 + IP:10.0.1.59/255.255.255.255 + IP:10.0.1.60/255.255.255.255 + IP:10.0.1.61/255.255.255.255 + IP:10.0.1.62/255.255.255.255 + IP:10.0.1.63/255.255.255.255 + IP:10.0.1.64/255.255.255.255 + IP:10.0.1.65/255.255.255.255 + IP:10.0.1.66/255.255.255.255 + IP:10.0.1.67/255.255.255.255 + IP:10.0.1.68/255.255.255.255 + IP:10.0.1.69/255.255.255.255 + IP:10.0.1.70/255.255.255.255 + IP:10.0.1.71/255.255.255.255 + IP:10.0.1.72/255.255.255.255 + IP:10.0.1.73/255.255.255.255 + IP:10.0.1.74/255.255.255.255 + IP:10.0.1.75/255.255.255.255 + IP:10.0.1.76/255.255.255.255 + IP:10.0.1.77/255.255.255.255 + IP:10.0.1.78/255.255.255.255 + IP:10.0.1.79/255.255.255.255 + IP:10.0.1.80/255.255.255.255 + IP:10.0.1.81/255.255.255.255 + IP:10.0.1.82/255.255.255.255 + IP:10.0.1.83/255.255.255.255 + IP:10.0.1.84/255.255.255.255 + IP:10.0.1.85/255.255.255.255 + IP:10.0.1.86/255.255.255.255 + IP:10.0.1.87/255.255.255.255 + IP:10.0.1.88/255.255.255.255 + IP:10.0.1.89/255.255.255.255 + IP:10.0.1.90/255.255.255.255 + IP:10.0.1.91/255.255.255.255 + IP:10.0.1.92/255.255.255.255 + IP:10.0.1.93/255.255.255.255 + IP:10.0.1.94/255.255.255.255 + IP:10.0.1.95/255.255.255.255 + IP:10.0.1.96/255.255.255.255 + IP:10.0.1.97/255.255.255.255 + IP:10.0.1.98/255.255.255.255 + IP:10.0.1.99/255.255.255.255 + IP:10.0.1.100/255.255.255.255 + IP:10.0.1.101/255.255.255.255 + IP:10.0.1.102/255.255.255.255 + IP:10.0.1.103/255.255.255.255 + IP:10.0.1.104/255.255.255.255 + IP:10.0.1.105/255.255.255.255 + IP:10.0.1.106/255.255.255.255 + IP:10.0.1.107/255.255.255.255 + IP:10.0.1.108/255.255.255.255 + IP:10.0.1.109/255.255.255.255 + IP:10.0.1.110/255.255.255.255 + IP:10.0.1.111/255.255.255.255 + IP:10.0.1.112/255.255.255.255 + IP:10.0.1.113/255.255.255.255 + IP:10.0.1.114/255.255.255.255 + IP:10.0.1.115/255.255.255.255 + IP:10.0.1.116/255.255.255.255 + IP:10.0.1.117/255.255.255.255 + IP:10.0.1.118/255.255.255.255 + IP:10.0.1.119/255.255.255.255 + IP:10.0.1.120/255.255.255.255 + IP:10.0.1.121/255.255.255.255 + IP:10.0.1.122/255.255.255.255 + IP:10.0.1.123/255.255.255.255 + IP:10.0.1.124/255.255.255.255 + IP:10.0.1.125/255.255.255.255 + IP:10.0.1.126/255.255.255.255 + IP:10.0.1.127/255.255.255.255 + IP:10.0.1.128/255.255.255.255 + IP:10.0.1.129/255.255.255.255 + IP:10.0.1.130/255.255.255.255 + IP:10.0.1.131/255.255.255.255 + IP:10.0.1.132/255.255.255.255 + IP:10.0.1.133/255.255.255.255 + IP:10.0.1.134/255.255.255.255 + IP:10.0.1.135/255.255.255.255 + IP:10.0.1.136/255.255.255.255 + IP:10.0.1.137/255.255.255.255 + IP:10.0.1.138/255.255.255.255 + IP:10.0.1.139/255.255.255.255 + IP:10.0.1.140/255.255.255.255 + IP:10.0.1.141/255.255.255.255 + IP:10.0.1.142/255.255.255.255 + IP:10.0.1.143/255.255.255.255 + IP:10.0.1.144/255.255.255.255 + IP:10.0.1.145/255.255.255.255 + IP:10.0.1.146/255.255.255.255 + IP:10.0.1.147/255.255.255.255 + IP:10.0.1.148/255.255.255.255 + IP:10.0.1.149/255.255.255.255 + IP:10.0.1.150/255.255.255.255 + IP:10.0.1.151/255.255.255.255 + IP:10.0.1.152/255.255.255.255 + IP:10.0.1.153/255.255.255.255 + IP:10.0.1.154/255.255.255.255 + IP:10.0.1.155/255.255.255.255 + IP:10.0.1.156/255.255.255.255 + IP:10.0.1.157/255.255.255.255 + IP:10.0.1.158/255.255.255.255 + IP:10.0.1.159/255.255.255.255 + IP:10.0.1.160/255.255.255.255 + IP:10.0.1.161/255.255.255.255 + IP:10.0.1.162/255.255.255.255 + IP:10.0.1.163/255.255.255.255 + IP:10.0.1.164/255.255.255.255 + IP:10.0.1.165/255.255.255.255 + IP:10.0.1.166/255.255.255.255 + IP:10.0.1.167/255.255.255.255 + IP:10.0.1.168/255.255.255.255 + IP:10.0.1.169/255.255.255.255 + IP:10.0.1.170/255.255.255.255 + IP:10.0.1.171/255.255.255.255 + IP:10.0.1.172/255.255.255.255 + IP:10.0.1.173/255.255.255.255 + IP:10.0.1.174/255.255.255.255 + IP:10.0.1.175/255.255.255.255 + IP:10.0.1.176/255.255.255.255 + IP:10.0.1.177/255.255.255.255 + IP:10.0.1.178/255.255.255.255 + IP:10.0.1.179/255.255.255.255 + IP:10.0.1.180/255.255.255.255 + IP:10.0.1.181/255.255.255.255 + IP:10.0.1.182/255.255.255.255 + IP:10.0.1.183/255.255.255.255 + IP:10.0.1.184/255.255.255.255 + IP:10.0.1.185/255.255.255.255 + IP:10.0.1.186/255.255.255.255 + IP:10.0.1.187/255.255.255.255 + IP:10.0.1.188/255.255.255.255 + IP:10.0.1.189/255.255.255.255 + IP:10.0.1.190/255.255.255.255 + IP:10.0.1.191/255.255.255.255 + IP:10.0.1.192/255.255.255.255 + IP:10.0.1.193/255.255.255.255 + IP:10.0.1.194/255.255.255.255 + IP:10.0.1.195/255.255.255.255 + IP:10.0.1.196/255.255.255.255 + IP:10.0.1.197/255.255.255.255 + IP:10.0.1.198/255.255.255.255 + IP:10.0.1.199/255.255.255.255 + IP:10.0.1.200/255.255.255.255 + IP:10.0.1.201/255.255.255.255 + IP:10.0.1.202/255.255.255.255 + IP:10.0.1.203/255.255.255.255 + IP:10.0.1.204/255.255.255.255 + IP:10.0.1.205/255.255.255.255 + IP:10.0.1.206/255.255.255.255 + IP:10.0.1.207/255.255.255.255 + IP:10.0.1.208/255.255.255.255 + IP:10.0.1.209/255.255.255.255 + IP:10.0.1.210/255.255.255.255 + IP:10.0.1.211/255.255.255.255 + IP:10.0.1.212/255.255.255.255 + IP:10.0.1.213/255.255.255.255 + IP:10.0.1.214/255.255.255.255 + IP:10.0.1.215/255.255.255.255 + IP:10.0.1.216/255.255.255.255 + IP:10.0.1.217/255.255.255.255 + IP:10.0.1.218/255.255.255.255 + IP:10.0.1.219/255.255.255.255 + IP:10.0.1.220/255.255.255.255 + IP:10.0.1.221/255.255.255.255 + IP:10.0.1.222/255.255.255.255 + IP:10.0.1.223/255.255.255.255 + IP:10.0.1.224/255.255.255.255 + IP:10.0.1.225/255.255.255.255 + IP:10.0.1.226/255.255.255.255 + IP:10.0.1.227/255.255.255.255 + IP:10.0.1.228/255.255.255.255 + IP:10.0.1.229/255.255.255.255 + IP:10.0.1.230/255.255.255.255 + IP:10.0.1.231/255.255.255.255 + IP:10.0.1.232/255.255.255.255 + IP:10.0.1.233/255.255.255.255 + IP:10.0.1.234/255.255.255.255 + IP:10.0.1.235/255.255.255.255 + IP:10.0.1.236/255.255.255.255 + IP:10.0.1.237/255.255.255.255 + IP:10.0.1.238/255.255.255.255 + IP:10.0.1.239/255.255.255.255 + IP:10.0.1.240/255.255.255.255 + IP:10.0.1.241/255.255.255.255 + IP:10.0.1.242/255.255.255.255 + IP:10.0.1.243/255.255.255.255 + IP:10.0.1.244/255.255.255.255 + IP:10.0.1.245/255.255.255.255 + IP:10.0.1.246/255.255.255.255 + IP:10.0.1.247/255.255.255.255 + IP:10.0.1.248/255.255.255.255 + IP:10.0.1.249/255.255.255.255 + IP:10.0.1.250/255.255.255.255 + IP:10.0.1.251/255.255.255.255 + IP:10.0.1.252/255.255.255.255 + IP:10.0.1.253/255.255.255.255 + IP:10.0.1.254/255.255.255.255 + IP:10.0.1.255/255.255.255.255 + IP:10.0.2.0/255.255.255.255 + IP:10.0.2.1/255.255.255.255 + IP:10.0.2.2/255.255.255.255 + IP:10.0.2.3/255.255.255.255 + IP:10.0.2.4/255.255.255.255 + IP:10.0.2.5/255.255.255.255 + IP:10.0.2.6/255.255.255.255 + IP:10.0.2.7/255.255.255.255 + IP:10.0.2.8/255.255.255.255 + IP:10.0.2.9/255.255.255.255 + IP:10.0.2.10/255.255.255.255 + IP:10.0.2.11/255.255.255.255 + IP:10.0.2.12/255.255.255.255 + IP:10.0.2.13/255.255.255.255 + IP:10.0.2.14/255.255.255.255 + IP:10.0.2.15/255.255.255.255 + IP:10.0.2.16/255.255.255.255 + IP:10.0.2.17/255.255.255.255 + IP:10.0.2.18/255.255.255.255 + IP:10.0.2.19/255.255.255.255 + IP:10.0.2.20/255.255.255.255 + IP:10.0.2.21/255.255.255.255 + IP:10.0.2.22/255.255.255.255 + IP:10.0.2.23/255.255.255.255 + IP:10.0.2.24/255.255.255.255 + IP:10.0.2.25/255.255.255.255 + IP:10.0.2.26/255.255.255.255 + IP:10.0.2.27/255.255.255.255 + IP:10.0.2.28/255.255.255.255 + IP:10.0.2.29/255.255.255.255 + IP:10.0.2.30/255.255.255.255 + IP:10.0.2.31/255.255.255.255 + IP:10.0.2.32/255.255.255.255 + IP:10.0.2.33/255.255.255.255 + IP:10.0.2.34/255.255.255.255 + IP:10.0.2.35/255.255.255.255 + IP:10.0.2.36/255.255.255.255 + IP:10.0.2.37/255.255.255.255 + IP:10.0.2.38/255.255.255.255 + IP:10.0.2.39/255.255.255.255 + IP:10.0.2.40/255.255.255.255 + IP:10.0.2.41/255.255.255.255 + IP:10.0.2.42/255.255.255.255 + IP:10.0.2.43/255.255.255.255 + IP:10.0.2.44/255.255.255.255 + IP:10.0.2.45/255.255.255.255 + IP:10.0.2.46/255.255.255.255 + IP:10.0.2.47/255.255.255.255 + IP:10.0.2.48/255.255.255.255 + IP:10.0.2.49/255.255.255.255 + IP:10.0.2.50/255.255.255.255 + IP:10.0.2.51/255.255.255.255 + IP:10.0.2.52/255.255.255.255 + IP:10.0.2.53/255.255.255.255 + IP:10.0.2.54/255.255.255.255 + IP:10.0.2.55/255.255.255.255 + IP:10.0.2.56/255.255.255.255 + IP:10.0.2.57/255.255.255.255 + IP:10.0.2.58/255.255.255.255 + IP:10.0.2.59/255.255.255.255 + IP:10.0.2.60/255.255.255.255 + IP:10.0.2.61/255.255.255.255 + IP:10.0.2.62/255.255.255.255 + IP:10.0.2.63/255.255.255.255 + IP:10.0.2.64/255.255.255.255 + IP:10.0.2.65/255.255.255.255 + IP:10.0.2.66/255.255.255.255 + IP:10.0.2.67/255.255.255.255 + IP:10.0.2.68/255.255.255.255 + IP:10.0.2.69/255.255.255.255 + IP:10.0.2.70/255.255.255.255 + IP:10.0.2.71/255.255.255.255 + IP:10.0.2.72/255.255.255.255 + IP:10.0.2.73/255.255.255.255 + IP:10.0.2.74/255.255.255.255 + IP:10.0.2.75/255.255.255.255 + IP:10.0.2.76/255.255.255.255 + IP:10.0.2.77/255.255.255.255 + IP:10.0.2.78/255.255.255.255 + IP:10.0.2.79/255.255.255.255 + IP:10.0.2.80/255.255.255.255 + IP:10.0.2.81/255.255.255.255 + IP:10.0.2.82/255.255.255.255 + IP:10.0.2.83/255.255.255.255 + IP:10.0.2.84/255.255.255.255 + IP:10.0.2.85/255.255.255.255 + IP:10.0.2.86/255.255.255.255 + IP:10.0.2.87/255.255.255.255 + IP:10.0.2.88/255.255.255.255 + IP:10.0.2.89/255.255.255.255 + IP:10.0.2.90/255.255.255.255 + IP:10.0.2.91/255.255.255.255 + IP:10.0.2.92/255.255.255.255 + IP:10.0.2.93/255.255.255.255 + IP:10.0.2.94/255.255.255.255 + IP:10.0.2.95/255.255.255.255 + IP:10.0.2.96/255.255.255.255 + IP:10.0.2.97/255.255.255.255 + IP:10.0.2.98/255.255.255.255 + IP:10.0.2.99/255.255.255.255 + IP:10.0.2.100/255.255.255.255 + IP:10.0.2.101/255.255.255.255 + IP:10.0.2.102/255.255.255.255 + IP:10.0.2.103/255.255.255.255 + IP:10.0.2.104/255.255.255.255 + IP:10.0.2.105/255.255.255.255 + IP:10.0.2.106/255.255.255.255 + IP:10.0.2.107/255.255.255.255 + IP:10.0.2.108/255.255.255.255 + IP:10.0.2.109/255.255.255.255 + IP:10.0.2.110/255.255.255.255 + IP:10.0.2.111/255.255.255.255 + IP:10.0.2.112/255.255.255.255 + IP:10.0.2.113/255.255.255.255 + IP:10.0.2.114/255.255.255.255 + IP:10.0.2.115/255.255.255.255 + IP:10.0.2.116/255.255.255.255 + IP:10.0.2.117/255.255.255.255 + IP:10.0.2.118/255.255.255.255 + IP:10.0.2.119/255.255.255.255 + IP:10.0.2.120/255.255.255.255 + IP:10.0.2.121/255.255.255.255 + IP:10.0.2.122/255.255.255.255 + IP:10.0.2.123/255.255.255.255 + IP:10.0.2.124/255.255.255.255 + IP:10.0.2.125/255.255.255.255 + IP:10.0.2.126/255.255.255.255 + IP:10.0.2.127/255.255.255.255 + IP:10.0.2.128/255.255.255.255 + IP:10.0.2.129/255.255.255.255 + IP:10.0.2.130/255.255.255.255 + IP:10.0.2.131/255.255.255.255 + IP:10.0.2.132/255.255.255.255 + IP:10.0.2.133/255.255.255.255 + IP:10.0.2.134/255.255.255.255 + IP:10.0.2.135/255.255.255.255 + IP:10.0.2.136/255.255.255.255 + IP:10.0.2.137/255.255.255.255 + IP:10.0.2.138/255.255.255.255 + IP:10.0.2.139/255.255.255.255 + IP:10.0.2.140/255.255.255.255 + IP:10.0.2.141/255.255.255.255 + IP:10.0.2.142/255.255.255.255 + IP:10.0.2.143/255.255.255.255 + IP:10.0.2.144/255.255.255.255 + IP:10.0.2.145/255.255.255.255 + IP:10.0.2.146/255.255.255.255 + IP:10.0.2.147/255.255.255.255 + IP:10.0.2.148/255.255.255.255 + IP:10.0.2.149/255.255.255.255 + IP:10.0.2.150/255.255.255.255 + IP:10.0.2.151/255.255.255.255 + IP:10.0.2.152/255.255.255.255 + IP:10.0.2.153/255.255.255.255 + IP:10.0.2.154/255.255.255.255 + IP:10.0.2.155/255.255.255.255 + IP:10.0.2.156/255.255.255.255 + IP:10.0.2.157/255.255.255.255 + IP:10.0.2.158/255.255.255.255 + IP:10.0.2.159/255.255.255.255 + IP:10.0.2.160/255.255.255.255 + IP:10.0.2.161/255.255.255.255 + IP:10.0.2.162/255.255.255.255 + IP:10.0.2.163/255.255.255.255 + IP:10.0.2.164/255.255.255.255 + IP:10.0.2.165/255.255.255.255 + IP:10.0.2.166/255.255.255.255 + IP:10.0.2.167/255.255.255.255 + IP:10.0.2.168/255.255.255.255 + IP:10.0.2.169/255.255.255.255 + IP:10.0.2.170/255.255.255.255 + IP:10.0.2.171/255.255.255.255 + IP:10.0.2.172/255.255.255.255 + IP:10.0.2.173/255.255.255.255 + IP:10.0.2.174/255.255.255.255 + IP:10.0.2.175/255.255.255.255 + IP:10.0.2.176/255.255.255.255 + IP:10.0.2.177/255.255.255.255 + IP:10.0.2.178/255.255.255.255 + IP:10.0.2.179/255.255.255.255 + IP:10.0.2.180/255.255.255.255 + IP:10.0.2.181/255.255.255.255 + IP:10.0.2.182/255.255.255.255 + IP:10.0.2.183/255.255.255.255 + IP:10.0.2.184/255.255.255.255 + IP:10.0.2.185/255.255.255.255 + IP:10.0.2.186/255.255.255.255 + IP:10.0.2.187/255.255.255.255 + IP:10.0.2.188/255.255.255.255 + IP:10.0.2.189/255.255.255.255 + IP:10.0.2.190/255.255.255.255 + IP:10.0.2.191/255.255.255.255 + IP:10.0.2.192/255.255.255.255 + IP:10.0.2.193/255.255.255.255 + IP:10.0.2.194/255.255.255.255 + IP:10.0.2.195/255.255.255.255 + IP:10.0.2.196/255.255.255.255 + IP:10.0.2.197/255.255.255.255 + IP:10.0.2.198/255.255.255.255 + IP:10.0.2.199/255.255.255.255 + IP:10.0.2.200/255.255.255.255 + IP:10.0.2.201/255.255.255.255 + IP:10.0.2.202/255.255.255.255 + IP:10.0.2.203/255.255.255.255 + IP:10.0.2.204/255.255.255.255 + IP:10.0.2.205/255.255.255.255 + IP:10.0.2.206/255.255.255.255 + IP:10.0.2.207/255.255.255.255 + IP:10.0.2.208/255.255.255.255 + IP:10.0.2.209/255.255.255.255 + IP:10.0.2.210/255.255.255.255 + IP:10.0.2.211/255.255.255.255 + IP:10.0.2.212/255.255.255.255 + IP:10.0.2.213/255.255.255.255 + IP:10.0.2.214/255.255.255.255 + IP:10.0.2.215/255.255.255.255 + IP:10.0.2.216/255.255.255.255 + IP:10.0.2.217/255.255.255.255 + IP:10.0.2.218/255.255.255.255 + IP:10.0.2.219/255.255.255.255 + IP:10.0.2.220/255.255.255.255 + IP:10.0.2.221/255.255.255.255 + IP:10.0.2.222/255.255.255.255 + IP:10.0.2.223/255.255.255.255 + IP:10.0.2.224/255.255.255.255 + IP:10.0.2.225/255.255.255.255 + IP:10.0.2.226/255.255.255.255 + IP:10.0.2.227/255.255.255.255 + IP:10.0.2.228/255.255.255.255 + IP:10.0.2.229/255.255.255.255 + IP:10.0.2.230/255.255.255.255 + IP:10.0.2.231/255.255.255.255 + IP:10.0.2.232/255.255.255.255 + IP:10.0.2.233/255.255.255.255 + IP:10.0.2.234/255.255.255.255 + IP:10.0.2.235/255.255.255.255 + IP:10.0.2.236/255.255.255.255 + IP:10.0.2.237/255.255.255.255 + IP:10.0.2.238/255.255.255.255 + IP:10.0.2.239/255.255.255.255 + IP:10.0.2.240/255.255.255.255 + IP:10.0.2.241/255.255.255.255 + IP:10.0.2.242/255.255.255.255 + IP:10.0.2.243/255.255.255.255 + IP:10.0.2.244/255.255.255.255 + IP:10.0.2.245/255.255.255.255 + IP:10.0.2.246/255.255.255.255 + IP:10.0.2.247/255.255.255.255 + IP:10.0.2.248/255.255.255.255 + IP:10.0.2.249/255.255.255.255 + IP:10.0.2.250/255.255.255.255 + IP:10.0.2.251/255.255.255.255 + IP:10.0.2.252/255.255.255.255 + IP:10.0.2.253/255.255.255.255 + IP:10.0.2.254/255.255.255.255 + IP:10.0.2.255/255.255.255.255 + IP:10.0.3.0/255.255.255.255 + IP:10.0.3.1/255.255.255.255 + IP:10.0.3.2/255.255.255.255 + IP:10.0.3.3/255.255.255.255 + IP:10.0.3.4/255.255.255.255 + IP:10.0.3.5/255.255.255.255 + IP:10.0.3.6/255.255.255.255 + IP:10.0.3.7/255.255.255.255 + IP:10.0.3.8/255.255.255.255 + IP:10.0.3.9/255.255.255.255 + IP:10.0.3.10/255.255.255.255 + IP:10.0.3.11/255.255.255.255 + IP:10.0.3.12/255.255.255.255 + IP:10.0.3.13/255.255.255.255 + IP:10.0.3.14/255.255.255.255 + IP:10.0.3.15/255.255.255.255 + IP:10.0.3.16/255.255.255.255 + IP:10.0.3.17/255.255.255.255 + IP:10.0.3.18/255.255.255.255 + IP:10.0.3.19/255.255.255.255 + IP:10.0.3.20/255.255.255.255 + IP:10.0.3.21/255.255.255.255 + IP:10.0.3.22/255.255.255.255 + IP:10.0.3.23/255.255.255.255 + IP:10.0.3.24/255.255.255.255 + IP:10.0.3.25/255.255.255.255 + IP:10.0.3.26/255.255.255.255 + IP:10.0.3.27/255.255.255.255 + IP:10.0.3.28/255.255.255.255 + IP:10.0.3.29/255.255.255.255 + IP:10.0.3.30/255.255.255.255 + IP:10.0.3.31/255.255.255.255 + IP:10.0.3.32/255.255.255.255 + IP:10.0.3.33/255.255.255.255 + IP:10.0.3.34/255.255.255.255 + IP:10.0.3.35/255.255.255.255 + IP:10.0.3.36/255.255.255.255 + IP:10.0.3.37/255.255.255.255 + IP:10.0.3.38/255.255.255.255 + IP:10.0.3.39/255.255.255.255 + IP:10.0.3.40/255.255.255.255 + IP:10.0.3.41/255.255.255.255 + IP:10.0.3.42/255.255.255.255 + IP:10.0.3.43/255.255.255.255 + IP:10.0.3.44/255.255.255.255 + IP:10.0.3.45/255.255.255.255 + IP:10.0.3.46/255.255.255.255 + IP:10.0.3.47/255.255.255.255 + IP:10.0.3.48/255.255.255.255 + IP:10.0.3.49/255.255.255.255 + IP:10.0.3.50/255.255.255.255 + IP:10.0.3.51/255.255.255.255 + IP:10.0.3.52/255.255.255.255 + IP:10.0.3.53/255.255.255.255 + IP:10.0.3.54/255.255.255.255 + IP:10.0.3.55/255.255.255.255 + IP:10.0.3.56/255.255.255.255 + IP:10.0.3.57/255.255.255.255 + IP:10.0.3.58/255.255.255.255 + IP:10.0.3.59/255.255.255.255 + IP:10.0.3.60/255.255.255.255 + IP:10.0.3.61/255.255.255.255 + IP:10.0.3.62/255.255.255.255 + IP:10.0.3.63/255.255.255.255 + IP:10.0.3.64/255.255.255.255 + IP:10.0.3.65/255.255.255.255 + IP:10.0.3.66/255.255.255.255 + IP:10.0.3.67/255.255.255.255 + IP:10.0.3.68/255.255.255.255 + IP:10.0.3.69/255.255.255.255 + IP:10.0.3.70/255.255.255.255 + IP:10.0.3.71/255.255.255.255 + IP:10.0.3.72/255.255.255.255 + IP:10.0.3.73/255.255.255.255 + IP:10.0.3.74/255.255.255.255 + IP:10.0.3.75/255.255.255.255 + IP:10.0.3.76/255.255.255.255 + IP:10.0.3.77/255.255.255.255 + IP:10.0.3.78/255.255.255.255 + IP:10.0.3.79/255.255.255.255 + IP:10.0.3.80/255.255.255.255 + IP:10.0.3.81/255.255.255.255 + IP:10.0.3.82/255.255.255.255 + IP:10.0.3.83/255.255.255.255 + IP:10.0.3.84/255.255.255.255 + IP:10.0.3.85/255.255.255.255 + IP:10.0.3.86/255.255.255.255 + IP:10.0.3.87/255.255.255.255 + IP:10.0.3.88/255.255.255.255 + IP:10.0.3.89/255.255.255.255 + IP:10.0.3.90/255.255.255.255 + IP:10.0.3.91/255.255.255.255 + IP:10.0.3.92/255.255.255.255 + IP:10.0.3.93/255.255.255.255 + IP:10.0.3.94/255.255.255.255 + IP:10.0.3.95/255.255.255.255 + IP:10.0.3.96/255.255.255.255 + IP:10.0.3.97/255.255.255.255 + IP:10.0.3.98/255.255.255.255 + IP:10.0.3.99/255.255.255.255 + IP:10.0.3.100/255.255.255.255 + IP:10.0.3.101/255.255.255.255 + IP:10.0.3.102/255.255.255.255 + IP:10.0.3.103/255.255.255.255 + IP:10.0.3.104/255.255.255.255 + IP:10.0.3.105/255.255.255.255 + IP:10.0.3.106/255.255.255.255 + IP:10.0.3.107/255.255.255.255 + IP:10.0.3.108/255.255.255.255 + IP:10.0.3.109/255.255.255.255 + IP:10.0.3.110/255.255.255.255 + IP:10.0.3.111/255.255.255.255 + IP:10.0.3.112/255.255.255.255 + IP:10.0.3.113/255.255.255.255 + IP:10.0.3.114/255.255.255.255 + IP:10.0.3.115/255.255.255.255 + IP:10.0.3.116/255.255.255.255 + IP:10.0.3.117/255.255.255.255 + IP:10.0.3.118/255.255.255.255 + IP:10.0.3.119/255.255.255.255 + IP:10.0.3.120/255.255.255.255 + IP:10.0.3.121/255.255.255.255 + IP:10.0.3.122/255.255.255.255 + IP:10.0.3.123/255.255.255.255 + IP:10.0.3.124/255.255.255.255 + IP:10.0.3.125/255.255.255.255 + IP:10.0.3.126/255.255.255.255 + IP:10.0.3.127/255.255.255.255 + IP:10.0.3.128/255.255.255.255 + IP:10.0.3.129/255.255.255.255 + IP:10.0.3.130/255.255.255.255 + IP:10.0.3.131/255.255.255.255 + IP:10.0.3.132/255.255.255.255 + IP:10.0.3.133/255.255.255.255 + IP:10.0.3.134/255.255.255.255 + IP:10.0.3.135/255.255.255.255 + IP:10.0.3.136/255.255.255.255 + IP:10.0.3.137/255.255.255.255 + IP:10.0.3.138/255.255.255.255 + IP:10.0.3.139/255.255.255.255 + IP:10.0.3.140/255.255.255.255 + IP:10.0.3.141/255.255.255.255 + IP:10.0.3.142/255.255.255.255 + IP:10.0.3.143/255.255.255.255 + IP:10.0.3.144/255.255.255.255 + IP:10.0.3.145/255.255.255.255 + IP:10.0.3.146/255.255.255.255 + IP:10.0.3.147/255.255.255.255 + IP:10.0.3.148/255.255.255.255 + IP:10.0.3.149/255.255.255.255 + IP:10.0.3.150/255.255.255.255 + IP:10.0.3.151/255.255.255.255 + IP:10.0.3.152/255.255.255.255 + IP:10.0.3.153/255.255.255.255 + IP:10.0.3.154/255.255.255.255 + IP:10.0.3.155/255.255.255.255 + IP:10.0.3.156/255.255.255.255 + IP:10.0.3.157/255.255.255.255 + IP:10.0.3.158/255.255.255.255 + IP:10.0.3.159/255.255.255.255 + IP:10.0.3.160/255.255.255.255 + IP:10.0.3.161/255.255.255.255 + IP:10.0.3.162/255.255.255.255 + IP:10.0.3.163/255.255.255.255 + IP:10.0.3.164/255.255.255.255 + IP:10.0.3.165/255.255.255.255 + IP:10.0.3.166/255.255.255.255 + IP:10.0.3.167/255.255.255.255 + IP:10.0.3.168/255.255.255.255 + IP:10.0.3.169/255.255.255.255 + IP:10.0.3.170/255.255.255.255 + IP:10.0.3.171/255.255.255.255 + IP:10.0.3.172/255.255.255.255 + IP:10.0.3.173/255.255.255.255 + IP:10.0.3.174/255.255.255.255 + IP:10.0.3.175/255.255.255.255 + IP:10.0.3.176/255.255.255.255 + IP:10.0.3.177/255.255.255.255 + IP:10.0.3.178/255.255.255.255 + IP:10.0.3.179/255.255.255.255 + IP:10.0.3.180/255.255.255.255 + IP:10.0.3.181/255.255.255.255 + IP:10.0.3.182/255.255.255.255 + IP:10.0.3.183/255.255.255.255 + IP:10.0.3.184/255.255.255.255 + IP:10.0.3.185/255.255.255.255 + IP:10.0.3.186/255.255.255.255 + IP:10.0.3.187/255.255.255.255 + IP:10.0.3.188/255.255.255.255 + IP:10.0.3.189/255.255.255.255 + IP:10.0.3.190/255.255.255.255 + IP:10.0.3.191/255.255.255.255 + IP:10.0.3.192/255.255.255.255 + IP:10.0.3.193/255.255.255.255 + IP:10.0.3.194/255.255.255.255 + IP:10.0.3.195/255.255.255.255 + IP:10.0.3.196/255.255.255.255 + IP:10.0.3.197/255.255.255.255 + IP:10.0.3.198/255.255.255.255 + IP:10.0.3.199/255.255.255.255 + IP:10.0.3.200/255.255.255.255 + IP:10.0.3.201/255.255.255.255 + IP:10.0.3.202/255.255.255.255 + IP:10.0.3.203/255.255.255.255 + IP:10.0.3.204/255.255.255.255 + IP:10.0.3.205/255.255.255.255 + IP:10.0.3.206/255.255.255.255 + IP:10.0.3.207/255.255.255.255 + IP:10.0.3.208/255.255.255.255 + IP:10.0.3.209/255.255.255.255 + IP:10.0.3.210/255.255.255.255 + IP:10.0.3.211/255.255.255.255 + IP:10.0.3.212/255.255.255.255 + IP:10.0.3.213/255.255.255.255 + IP:10.0.3.214/255.255.255.255 + IP:10.0.3.215/255.255.255.255 + IP:10.0.3.216/255.255.255.255 + IP:10.0.3.217/255.255.255.255 + IP:10.0.3.218/255.255.255.255 + IP:10.0.3.219/255.255.255.255 + IP:10.0.3.220/255.255.255.255 + IP:10.0.3.221/255.255.255.255 + IP:10.0.3.222/255.255.255.255 + IP:10.0.3.223/255.255.255.255 + IP:10.0.3.224/255.255.255.255 + IP:10.0.3.225/255.255.255.255 + IP:10.0.3.226/255.255.255.255 + IP:10.0.3.227/255.255.255.255 + IP:10.0.3.228/255.255.255.255 + IP:10.0.3.229/255.255.255.255 + IP:10.0.3.230/255.255.255.255 + IP:10.0.3.231/255.255.255.255 + IP:10.0.3.232/255.255.255.255 + IP:10.0.3.233/255.255.255.255 + IP:10.0.3.234/255.255.255.255 + IP:10.0.3.235/255.255.255.255 + IP:10.0.3.236/255.255.255.255 + IP:10.0.3.237/255.255.255.255 + IP:10.0.3.238/255.255.255.255 + IP:10.0.3.239/255.255.255.255 + IP:10.0.3.240/255.255.255.255 + IP:10.0.3.241/255.255.255.255 + IP:10.0.3.242/255.255.255.255 + IP:10.0.3.243/255.255.255.255 + IP:10.0.3.244/255.255.255.255 + IP:10.0.3.245/255.255.255.255 + IP:10.0.3.246/255.255.255.255 + IP:10.0.3.247/255.255.255.255 + IP:10.0.3.248/255.255.255.255 + IP:10.0.3.249/255.255.255.255 + IP:10.0.3.250/255.255.255.255 + IP:10.0.3.251/255.255.255.255 + IP:10.0.3.252/255.255.255.255 + IP:10.0.3.253/255.255.255.255 + IP:10.0.3.254/255.255.255.255 + IP:10.0.3.255/255.255.255.255 + IP:10.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 58:a8:fb:63:46:45:e4:1c:02:f9:5f:1a:8f:a3:1d:d4:d0:41: + 9a:13:72:6d:3a:7b:6a:24:dc:70:47:29:f6:c9:73:80:1a:5f: + ee:92:a6:ce:26:94:d0:7b:29:18:07:c8:69:a6:dd:d8:cf:65: + fa:9b:e1:00:a0:7e:ea:a3:a5:92:09:01:95:6d:52:66:12:5f: + c0:49:6b:38:aa:ba:bc:58:ac:c2:03:ee:6f:2d:5f:8e:73:71: + 19:8a:d8:04:4b:00:fd:94:d3:7f:fa:38:6d:21:15:ba:e5:8e: + 7c:5f:2c:5d:58:67:71:f6:37:14:a5:ac:d5:ff:44:ca:b0:2b: + 41:b3:2c:d4:93:25:0a:d2:ff:1d:bb:de:d4:43:fd:05:b7:5f: + 07:3f:b3:04:52:54:83:5d:1f:05:b3:ff:50:47:83:ec:6f:8a: + 92:9a:3b:27:82:05:ea:e2:6f:a2:4a:43:8b:7a:39:a9:6b:da: + 9c:63:39:5d:57:a8:b8:86:84:c9:fe:5b:2a:1e:07:6c:05:18: + d5:40:e7:6d:75:e3:31:1c:d2:1c:e6:3e:46:63:b4:7e:30:d3: + a1:14:77:40:28:6e:d3:3a:fc:e1:80:45:37:7e:5f:ec:5c:66: + bb:6f:4f:82:30:24:53:6c:8f:4a:db:6d:5a:8f:71:63:20:fa: + f9:b6:54:fc +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKCCMAwwCocICgAAAP////8wCocICgAAAf////8w +CocICgAAAv////8wCocICgAAA/////8wCocICgAABP////8wCocICgAABf////8w +CocICgAABv////8wCocICgAAB/////8wCocICgAACP////8wCocICgAACf////8w +CocICgAACv////8wCocICgAAC/////8wCocICgAADP////8wCocICgAADf////8w +CocICgAADv////8wCocICgAAD/////8wCocICgAAEP////8wCocICgAAEf////8w +CocICgAAEv////8wCocICgAAE/////8wCocICgAAFP////8wCocICgAAFf////8w +CocICgAAFv////8wCocICgAAF/////8wCocICgAAGP////8wCocICgAAGf////8w +CocICgAAGv////8wCocICgAAG/////8wCocICgAAHP////8wCocICgAAHf////8w +CocICgAAHv////8wCocICgAAH/////8wCocICgAAIP////8wCocICgAAIf////8w +CocICgAAIv////8wCocICgAAI/////8wCocICgAAJP////8wCocICgAAJf////8w +CocICgAAJv////8wCocICgAAJ/////8wCocICgAAKP////8wCocICgAAKf////8w +CocICgAAKv////8wCocICgAAK/////8wCocICgAALP////8wCocICgAALf////8w +CocICgAALv////8wCocICgAAL/////8wCocICgAAMP////8wCocICgAAMf////8w +CocICgAAMv////8wCocICgAAM/////8wCocICgAANP////8wCocICgAANf////8w +CocICgAANv////8wCocICgAAN/////8wCocICgAAOP////8wCocICgAAOf////8w +CocICgAAOv////8wCocICgAAO/////8wCocICgAAPP////8wCocICgAAPf////8w +CocICgAAPv////8wCocICgAAP/////8wCocICgAAQP////8wCocICgAAQf////8w +CocICgAAQv////8wCocICgAAQ/////8wCocICgAARP////8wCocICgAARf////8w +CocICgAARv////8wCocICgAAR/////8wCocICgAASP////8wCocICgAASf////8w +CocICgAASv////8wCocICgAAS/////8wCocICgAATP////8wCocICgAATf////8w +CocICgAATv////8wCocICgAAT/////8wCocICgAAUP////8wCocICgAAUf////8w +CocICgAAUv////8wCocICgAAU/////8wCocICgAAVP////8wCocICgAAVf////8w +CocICgAAVv////8wCocICgAAV/////8wCocICgAAWP////8wCocICgAAWf////8w +CocICgAAWv////8wCocICgAAW/////8wCocICgAAXP////8wCocICgAAXf////8w +CocICgAAXv////8wCocICgAAX/////8wCocICgAAYP////8wCocICgAAYf////8w +CocICgAAYv////8wCocICgAAY/////8wCocICgAAZP////8wCocICgAAZf////8w +CocICgAAZv////8wCocICgAAZ/////8wCocICgAAaP////8wCocICgAAaf////8w +CocICgAAav////8wCocICgAAa/////8wCocICgAAbP////8wCocICgAAbf////8w +CocICgAAbv////8wCocICgAAb/////8wCocICgAAcP////8wCocICgAAcf////8w +CocICgAAcv////8wCocICgAAc/////8wCocICgAAdP////8wCocICgAAdf////8w +CocICgAAdv////8wCocICgAAd/////8wCocICgAAeP////8wCocICgAAef////8w +CocICgAAev////8wCocICgAAe/////8wCocICgAAfP////8wCocICgAAff////8w +CocICgAAfv////8wCocICgAAf/////8wCocICgAAgP////8wCocICgAAgf////8w +CocICgAAgv////8wCocICgAAg/////8wCocICgAAhP////8wCocICgAAhf////8w +CocICgAAhv////8wCocICgAAh/////8wCocICgAAiP////8wCocICgAAif////8w +CocICgAAiv////8wCocICgAAi/////8wCocICgAAjP////8wCocICgAAjf////8w +CocICgAAjv////8wCocICgAAj/////8wCocICgAAkP////8wCocICgAAkf////8w +CocICgAAkv////8wCocICgAAk/////8wCocICgAAlP////8wCocICgAAlf////8w +CocICgAAlv////8wCocICgAAl/////8wCocICgAAmP////8wCocICgAAmf////8w +CocICgAAmv////8wCocICgAAm/////8wCocICgAAnP////8wCocICgAAnf////8w +CocICgAAnv////8wCocICgAAn/////8wCocICgAAoP////8wCocICgAAof////8w +CocICgAAov////8wCocICgAAo/////8wCocICgAApP////8wCocICgAApf////8w +CocICgAApv////8wCocICgAAp/////8wCocICgAAqP////8wCocICgAAqf////8w +CocICgAAqv////8wCocICgAAq/////8wCocICgAArP////8wCocICgAArf////8w +CocICgAArv////8wCocICgAAr/////8wCocICgAAsP////8wCocICgAAsf////8w +CocICgAAsv////8wCocICgAAs/////8wCocICgAAtP////8wCocICgAAtf////8w +CocICgAAtv////8wCocICgAAt/////8wCocICgAAuP////8wCocICgAAuf////8w +CocICgAAuv////8wCocICgAAu/////8wCocICgAAvP////8wCocICgAAvf////8w +CocICgAAvv////8wCocICgAAv/////8wCocICgAAwP////8wCocICgAAwf////8w +CocICgAAwv////8wCocICgAAw/////8wCocICgAAxP////8wCocICgAAxf////8w +CocICgAAxv////8wCocICgAAx/////8wCocICgAAyP////8wCocICgAAyf////8w +CocICgAAyv////8wCocICgAAy/////8wCocICgAAzP////8wCocICgAAzf////8w +CocICgAAzv////8wCocICgAAz/////8wCocICgAA0P////8wCocICgAA0f////8w +CocICgAA0v////8wCocICgAA0/////8wCocICgAA1P////8wCocICgAA1f////8w +CocICgAA1v////8wCocICgAA1/////8wCocICgAA2P////8wCocICgAA2f////8w +CocICgAA2v////8wCocICgAA2/////8wCocICgAA3P////8wCocICgAA3f////8w +CocICgAA3v////8wCocICgAA3/////8wCocICgAA4P////8wCocICgAA4f////8w +CocICgAA4v////8wCocICgAA4/////8wCocICgAA5P////8wCocICgAA5f////8w +CocICgAA5v////8wCocICgAA5/////8wCocICgAA6P////8wCocICgAA6f////8w +CocICgAA6v////8wCocICgAA6/////8wCocICgAA7P////8wCocICgAA7f////8w +CocICgAA7v////8wCocICgAA7/////8wCocICgAA8P////8wCocICgAA8f////8w +CocICgAA8v////8wCocICgAA8/////8wCocICgAA9P////8wCocICgAA9f////8w +CocICgAA9v////8wCocICgAA9/////8wCocICgAA+P////8wCocICgAA+f////8w +CocICgAA+v////8wCocICgAA+/////8wCocICgAA/P////8wCocICgAA/f////8w +CocICgAA/v////8wCocICgAA//////8wCocICgABAP////8wCocICgABAf////8w +CocICgABAv////8wCocICgABA/////8wCocICgABBP////8wCocICgABBf////8w +CocICgABBv////8wCocICgABB/////8wCocICgABCP////8wCocICgABCf////8w +CocICgABCv////8wCocICgABC/////8wCocICgABDP////8wCocICgABDf////8w +CocICgABDv////8wCocICgABD/////8wCocICgABEP////8wCocICgABEf////8w +CocICgABEv////8wCocICgABE/////8wCocICgABFP////8wCocICgABFf////8w +CocICgABFv////8wCocICgABF/////8wCocICgABGP////8wCocICgABGf////8w +CocICgABGv////8wCocICgABG/////8wCocICgABHP////8wCocICgABHf////8w +CocICgABHv////8wCocICgABH/////8wCocICgABIP////8wCocICgABIf////8w +CocICgABIv////8wCocICgABI/////8wCocICgABJP////8wCocICgABJf////8w +CocICgABJv////8wCocICgABJ/////8wCocICgABKP////8wCocICgABKf////8w +CocICgABKv////8wCocICgABK/////8wCocICgABLP////8wCocICgABLf////8w +CocICgABLv////8wCocICgABL/////8wCocICgABMP////8wCocICgABMf////8w +CocICgABMv////8wCocICgABM/////8wCocICgABNP////8wCocICgABNf////8w +CocICgABNv////8wCocICgABN/////8wCocICgABOP////8wCocICgABOf////8w +CocICgABOv////8wCocICgABO/////8wCocICgABPP////8wCocICgABPf////8w +CocICgABPv////8wCocICgABP/////8wCocICgABQP////8wCocICgABQf////8w +CocICgABQv////8wCocICgABQ/////8wCocICgABRP////8wCocICgABRf////8w +CocICgABRv////8wCocICgABR/////8wCocICgABSP////8wCocICgABSf////8w +CocICgABSv////8wCocICgABS/////8wCocICgABTP////8wCocICgABTf////8w +CocICgABTv////8wCocICgABT/////8wCocICgABUP////8wCocICgABUf////8w +CocICgABUv////8wCocICgABU/////8wCocICgABVP////8wCocICgABVf////8w +CocICgABVv////8wCocICgABV/////8wCocICgABWP////8wCocICgABWf////8w +CocICgABWv////8wCocICgABW/////8wCocICgABXP////8wCocICgABXf////8w +CocICgABXv////8wCocICgABX/////8wCocICgABYP////8wCocICgABYf////8w +CocICgABYv////8wCocICgABY/////8wCocICgABZP////8wCocICgABZf////8w +CocICgABZv////8wCocICgABZ/////8wCocICgABaP////8wCocICgABaf////8w +CocICgABav////8wCocICgABa/////8wCocICgABbP////8wCocICgABbf////8w +CocICgABbv////8wCocICgABb/////8wCocICgABcP////8wCocICgABcf////8w +CocICgABcv////8wCocICgABc/////8wCocICgABdP////8wCocICgABdf////8w +CocICgABdv////8wCocICgABd/////8wCocICgABeP////8wCocICgABef////8w +CocICgABev////8wCocICgABe/////8wCocICgABfP////8wCocICgABff////8w +CocICgABfv////8wCocICgABf/////8wCocICgABgP////8wCocICgABgf////8w +CocICgABgv////8wCocICgABg/////8wCocICgABhP////8wCocICgABhf////8w +CocICgABhv////8wCocICgABh/////8wCocICgABiP////8wCocICgABif////8w +CocICgABiv////8wCocICgABi/////8wCocICgABjP////8wCocICgABjf////8w +CocICgABjv////8wCocICgABj/////8wCocICgABkP////8wCocICgABkf////8w +CocICgABkv////8wCocICgABk/////8wCocICgABlP////8wCocICgABlf////8w +CocICgABlv////8wCocICgABl/////8wCocICgABmP////8wCocICgABmf////8w +CocICgABmv////8wCocICgABm/////8wCocICgABnP////8wCocICgABnf////8w +CocICgABnv////8wCocICgABn/////8wCocICgABoP////8wCocICgABof////8w +CocICgABov////8wCocICgABo/////8wCocICgABpP////8wCocICgABpf////8w +CocICgABpv////8wCocICgABp/////8wCocICgABqP////8wCocICgABqf////8w +CocICgABqv////8wCocICgABq/////8wCocICgABrP////8wCocICgABrf////8w +CocICgABrv////8wCocICgABr/////8wCocICgABsP////8wCocICgABsf////8w +CocICgABsv////8wCocICgABs/////8wCocICgABtP////8wCocICgABtf////8w +CocICgABtv////8wCocICgABt/////8wCocICgABuP////8wCocICgABuf////8w +CocICgABuv////8wCocICgABu/////8wCocICgABvP////8wCocICgABvf////8w +CocICgABvv////8wCocICgABv/////8wCocICgABwP////8wCocICgABwf////8w +CocICgABwv////8wCocICgABw/////8wCocICgABxP////8wCocICgABxf////8w +CocICgABxv////8wCocICgABx/////8wCocICgAByP////8wCocICgAByf////8w +CocICgAByv////8wCocICgABy/////8wCocICgABzP////8wCocICgABzf////8w +CocICgABzv////8wCocICgABz/////8wCocICgAB0P////8wCocICgAB0f////8w +CocICgAB0v////8wCocICgAB0/////8wCocICgAB1P////8wCocICgAB1f////8w +CocICgAB1v////8wCocICgAB1/////8wCocICgAB2P////8wCocICgAB2f////8w +CocICgAB2v////8wCocICgAB2/////8wCocICgAB3P////8wCocICgAB3f////8w +CocICgAB3v////8wCocICgAB3/////8wCocICgAB4P////8wCocICgAB4f////8w +CocICgAB4v////8wCocICgAB4/////8wCocICgAB5P////8wCocICgAB5f////8w +CocICgAB5v////8wCocICgAB5/////8wCocICgAB6P////8wCocICgAB6f////8w +CocICgAB6v////8wCocICgAB6/////8wCocICgAB7P////8wCocICgAB7f////8w +CocICgAB7v////8wCocICgAB7/////8wCocICgAB8P////8wCocICgAB8f////8w +CocICgAB8v////8wCocICgAB8/////8wCocICgAB9P////8wCocICgAB9f////8w +CocICgAB9v////8wCocICgAB9/////8wCocICgAB+P////8wCocICgAB+f////8w +CocICgAB+v////8wCocICgAB+/////8wCocICgAB/P////8wCocICgAB/f////8w +CocICgAB/v////8wCocICgAB//////8wCocICgACAP////8wCocICgACAf////8w +CocICgACAv////8wCocICgACA/////8wCocICgACBP////8wCocICgACBf////8w +CocICgACBv////8wCocICgACB/////8wCocICgACCP////8wCocICgACCf////8w +CocICgACCv////8wCocICgACC/////8wCocICgACDP////8wCocICgACDf////8w +CocICgACDv////8wCocICgACD/////8wCocICgACEP////8wCocICgACEf////8w +CocICgACEv////8wCocICgACE/////8wCocICgACFP////8wCocICgACFf////8w +CocICgACFv////8wCocICgACF/////8wCocICgACGP////8wCocICgACGf////8w +CocICgACGv////8wCocICgACG/////8wCocICgACHP////8wCocICgACHf////8w +CocICgACHv////8wCocICgACH/////8wCocICgACIP////8wCocICgACIf////8w +CocICgACIv////8wCocICgACI/////8wCocICgACJP////8wCocICgACJf////8w +CocICgACJv////8wCocICgACJ/////8wCocICgACKP////8wCocICgACKf////8w +CocICgACKv////8wCocICgACK/////8wCocICgACLP////8wCocICgACLf////8w +CocICgACLv////8wCocICgACL/////8wCocICgACMP////8wCocICgACMf////8w +CocICgACMv////8wCocICgACM/////8wCocICgACNP////8wCocICgACNf////8w +CocICgACNv////8wCocICgACN/////8wCocICgACOP////8wCocICgACOf////8w +CocICgACOv////8wCocICgACO/////8wCocICgACPP////8wCocICgACPf////8w +CocICgACPv////8wCocICgACP/////8wCocICgACQP////8wCocICgACQf////8w +CocICgACQv////8wCocICgACQ/////8wCocICgACRP////8wCocICgACRf////8w +CocICgACRv////8wCocICgACR/////8wCocICgACSP////8wCocICgACSf////8w +CocICgACSv////8wCocICgACS/////8wCocICgACTP////8wCocICgACTf////8w +CocICgACTv////8wCocICgACT/////8wCocICgACUP////8wCocICgACUf////8w +CocICgACUv////8wCocICgACU/////8wCocICgACVP////8wCocICgACVf////8w +CocICgACVv////8wCocICgACV/////8wCocICgACWP////8wCocICgACWf////8w +CocICgACWv////8wCocICgACW/////8wCocICgACXP////8wCocICgACXf////8w +CocICgACXv////8wCocICgACX/////8wCocICgACYP////8wCocICgACYf////8w +CocICgACYv////8wCocICgACY/////8wCocICgACZP////8wCocICgACZf////8w +CocICgACZv////8wCocICgACZ/////8wCocICgACaP////8wCocICgACaf////8w +CocICgACav////8wCocICgACa/////8wCocICgACbP////8wCocICgACbf////8w +CocICgACbv////8wCocICgACb/////8wCocICgACcP////8wCocICgACcf////8w +CocICgACcv////8wCocICgACc/////8wCocICgACdP////8wCocICgACdf////8w +CocICgACdv////8wCocICgACd/////8wCocICgACeP////8wCocICgACef////8w +CocICgACev////8wCocICgACe/////8wCocICgACfP////8wCocICgACff////8w +CocICgACfv////8wCocICgACf/////8wCocICgACgP////8wCocICgACgf////8w +CocICgACgv////8wCocICgACg/////8wCocICgAChP////8wCocICgAChf////8w +CocICgAChv////8wCocICgACh/////8wCocICgACiP////8wCocICgACif////8w +CocICgACiv////8wCocICgACi/////8wCocICgACjP////8wCocICgACjf////8w +CocICgACjv////8wCocICgACj/////8wCocICgACkP////8wCocICgACkf////8w +CocICgACkv////8wCocICgACk/////8wCocICgAClP////8wCocICgAClf////8w +CocICgAClv////8wCocICgACl/////8wCocICgACmP////8wCocICgACmf////8w +CocICgACmv////8wCocICgACm/////8wCocICgACnP////8wCocICgACnf////8w +CocICgACnv////8wCocICgACn/////8wCocICgACoP////8wCocICgACof////8w +CocICgACov////8wCocICgACo/////8wCocICgACpP////8wCocICgACpf////8w +CocICgACpv////8wCocICgACp/////8wCocICgACqP////8wCocICgACqf////8w +CocICgACqv////8wCocICgACq/////8wCocICgACrP////8wCocICgACrf////8w +CocICgACrv////8wCocICgACr/////8wCocICgACsP////8wCocICgACsf////8w +CocICgACsv////8wCocICgACs/////8wCocICgACtP////8wCocICgACtf////8w +CocICgACtv////8wCocICgACt/////8wCocICgACuP////8wCocICgACuf////8w +CocICgACuv////8wCocICgACu/////8wCocICgACvP////8wCocICgACvf////8w +CocICgACvv////8wCocICgACv/////8wCocICgACwP////8wCocICgACwf////8w +CocICgACwv////8wCocICgACw/////8wCocICgACxP////8wCocICgACxf////8w +CocICgACxv////8wCocICgACx/////8wCocICgACyP////8wCocICgACyf////8w +CocICgACyv////8wCocICgACy/////8wCocICgACzP////8wCocICgACzf////8w +CocICgACzv////8wCocICgACz/////8wCocICgAC0P////8wCocICgAC0f////8w +CocICgAC0v////8wCocICgAC0/////8wCocICgAC1P////8wCocICgAC1f////8w +CocICgAC1v////8wCocICgAC1/////8wCocICgAC2P////8wCocICgAC2f////8w +CocICgAC2v////8wCocICgAC2/////8wCocICgAC3P////8wCocICgAC3f////8w +CocICgAC3v////8wCocICgAC3/////8wCocICgAC4P////8wCocICgAC4f////8w +CocICgAC4v////8wCocICgAC4/////8wCocICgAC5P////8wCocICgAC5f////8w +CocICgAC5v////8wCocICgAC5/////8wCocICgAC6P////8wCocICgAC6f////8w +CocICgAC6v////8wCocICgAC6/////8wCocICgAC7P////8wCocICgAC7f////8w +CocICgAC7v////8wCocICgAC7/////8wCocICgAC8P////8wCocICgAC8f////8w +CocICgAC8v////8wCocICgAC8/////8wCocICgAC9P////8wCocICgAC9f////8w +CocICgAC9v////8wCocICgAC9/////8wCocICgAC+P////8wCocICgAC+f////8w +CocICgAC+v////8wCocICgAC+/////8wCocICgAC/P////8wCocICgAC/f////8w +CocICgAC/v////8wCocICgAC//////8wCocICgADAP////8wCocICgADAf////8w +CocICgADAv////8wCocICgADA/////8wCocICgADBP////8wCocICgADBf////8w +CocICgADBv////8wCocICgADB/////8wCocICgADCP////8wCocICgADCf////8w +CocICgADCv////8wCocICgADC/////8wCocICgADDP////8wCocICgADDf////8w +CocICgADDv////8wCocICgADD/////8wCocICgADEP////8wCocICgADEf////8w +CocICgADEv////8wCocICgADE/////8wCocICgADFP////8wCocICgADFf////8w +CocICgADFv////8wCocICgADF/////8wCocICgADGP////8wCocICgADGf////8w +CocICgADGv////8wCocICgADG/////8wCocICgADHP////8wCocICgADHf////8w +CocICgADHv////8wCocICgADH/////8wCocICgADIP////8wCocICgADIf////8w +CocICgADIv////8wCocICgADI/////8wCocICgADJP////8wCocICgADJf////8w +CocICgADJv////8wCocICgADJ/////8wCocICgADKP////8wCocICgADKf////8w +CocICgADKv////8wCocICgADK/////8wCocICgADLP////8wCocICgADLf////8w +CocICgADLv////8wCocICgADL/////8wCocICgADMP////8wCocICgADMf////8w +CocICgADMv////8wCocICgADM/////8wCocICgADNP////8wCocICgADNf////8w +CocICgADNv////8wCocICgADN/////8wCocICgADOP////8wCocICgADOf////8w +CocICgADOv////8wCocICgADO/////8wCocICgADPP////8wCocICgADPf////8w +CocICgADPv////8wCocICgADP/////8wCocICgADQP////8wCocICgADQf////8w +CocICgADQv////8wCocICgADQ/////8wCocICgADRP////8wCocICgADRf////8w +CocICgADRv////8wCocICgADR/////8wCocICgADSP////8wCocICgADSf////8w +CocICgADSv////8wCocICgADS/////8wCocICgADTP////8wCocICgADTf////8w +CocICgADTv////8wCocICgADT/////8wCocICgADUP////8wCocICgADUf////8w +CocICgADUv////8wCocICgADU/////8wCocICgADVP////8wCocICgADVf////8w +CocICgADVv////8wCocICgADV/////8wCocICgADWP////8wCocICgADWf////8w +CocICgADWv////8wCocICgADW/////8wCocICgADXP////8wCocICgADXf////8w +CocICgADXv////8wCocICgADX/////8wCocICgADYP////8wCocICgADYf////8w +CocICgADYv////8wCocICgADY/////8wCocICgADZP////8wCocICgADZf////8w +CocICgADZv////8wCocICgADZ/////8wCocICgADaP////8wCocICgADaf////8w +CocICgADav////8wCocICgADa/////8wCocICgADbP////8wCocICgADbf////8w +CocICgADbv////8wCocICgADb/////8wCocICgADcP////8wCocICgADcf////8w +CocICgADcv////8wCocICgADc/////8wCocICgADdP////8wCocICgADdf////8w +CocICgADdv////8wCocICgADd/////8wCocICgADeP////8wCocICgADef////8w +CocICgADev////8wCocICgADe/////8wCocICgADfP////8wCocICgADff////8w +CocICgADfv////8wCocICgADf/////8wCocICgADgP////8wCocICgADgf////8w +CocICgADgv////8wCocICgADg/////8wCocICgADhP////8wCocICgADhf////8w +CocICgADhv////8wCocICgADh/////8wCocICgADiP////8wCocICgADif////8w +CocICgADiv////8wCocICgADi/////8wCocICgADjP////8wCocICgADjf////8w +CocICgADjv////8wCocICgADj/////8wCocICgADkP////8wCocICgADkf////8w +CocICgADkv////8wCocICgADk/////8wCocICgADlP////8wCocICgADlf////8w +CocICgADlv////8wCocICgADl/////8wCocICgADmP////8wCocICgADmf////8w +CocICgADmv////8wCocICgADm/////8wCocICgADnP////8wCocICgADnf////8w +CocICgADnv////8wCocICgADn/////8wCocICgADoP////8wCocICgADof////8w +CocICgADov////8wCocICgADo/////8wCocICgADpP////8wCocICgADpf////8w +CocICgADpv////8wCocICgADp/////8wCocICgADqP////8wCocICgADqf////8w +CocICgADqv////8wCocICgADq/////8wCocICgADrP////8wCocICgADrf////8w +CocICgADrv////8wCocICgADr/////8wCocICgADsP////8wCocICgADsf////8w +CocICgADsv////8wCocICgADs/////8wCocICgADtP////8wCocICgADtf////8w +CocICgADtv////8wCocICgADt/////8wCocICgADuP////8wCocICgADuf////8w +CocICgADuv////8wCocICgADu/////8wCocICgADvP////8wCocICgADvf////8w +CocICgADvv////8wCocICgADv/////8wCocICgADwP////8wCocICgADwf////8w +CocICgADwv////8wCocICgADw/////8wCocICgADxP////8wCocICgADxf////8w +CocICgADxv////8wCocICgADx/////8wCocICgADyP////8wCocICgADyf////8w +CocICgADyv////8wCocICgADy/////8wCocICgADzP////8wCocICgADzf////8w +CocICgADzv////8wCocICgADz/////8wCocICgAD0P////8wCocICgAD0f////8w +CocICgAD0v////8wCocICgAD0/////8wCocICgAD1P////8wCocICgAD1f////8w +CocICgAD1v////8wCocICgAD1/////8wCocICgAD2P////8wCocICgAD2f////8w +CocICgAD2v////8wCocICgAD2/////8wCocICgAD3P////8wCocICgAD3f////8w +CocICgAD3v////8wCocICgAD3/////8wCocICgAD4P////8wCocICgAD4f////8w +CocICgAD4v////8wCocICgAD4/////8wCocICgAD5P////8wCocICgAD5f////8w +CocICgAD5v////8wCocICgAD5/////8wCocICgAD6P////8wCocICgAD6f////8w +CocICgAD6v////8wCocICgAD6/////8wCocICgAD7P////8wCocICgAD7f////8w +CocICgAD7v////8wCocICgAD7/////8wCocICgAD8P////8wCocICgAD8f////8w +CocICgAD8v////8wCocICgAD8/////8wCocICgAD9P////8wCocICgAD9f////8w +CocICgAD9v////8wCocICgAD9/////8wCocICgAD+P////8wCocICgAD+f////8w +CocICgAD+v////8wCocICgAD+/////8wCocICgAD/P////8wCocICgAD/f////8w +CocICgAD/v////8wCocICgAD//////8wCocICgAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAFio+2NGReQcAvlfGo+jHdTQQZoTcm06e2ok3HBHKfbJc4AaX+6Sps4m +lNB7KRgHyGmm3djPZfqb4QCgfuqjpZIJAZVtUmYSX8BJaziqurxYrMID7m8tX45z +cRmK2ARLAP2U03/6OG0hFbrljnxfLF1YZ3H2NxSlrNX/RMqwK0GzLNSTJQrS/x27 +3tRD/QW3Xwc/swRSVINdHwWz/1BHg+xvipKaOyeCBerib6JKQ4t6Oalr2pxjOV1X +qLiGhMn+WyoeB2wFGNVA52114zEc0hzmPkZjtH4w06EUd0AobtM6/OGARTd+X+xc +ZrtvT4IwJFNsj0rbbVqPcWMg+vm2VPw= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.cnf new file mode 100644 index 0000000000..dd306c0e05 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.cnf @@ -0,0 +1,4167 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +nameConstraints = @nameConstraints_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate_7.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[nameConstraints_info] +permitted;dirName.1 = nameConstraints_dirname_p1 +permitted;dirName.2 = nameConstraints_dirname_p2 +permitted;dirName.3 = nameConstraints_dirname_p3 +permitted;dirName.4 = nameConstraints_dirname_p4 +permitted;dirName.5 = nameConstraints_dirname_p5 +permitted;dirName.6 = nameConstraints_dirname_p6 +permitted;dirName.7 = nameConstraints_dirname_p7 +permitted;dirName.8 = nameConstraints_dirname_p8 +permitted;dirName.9 = nameConstraints_dirname_p9 +permitted;dirName.10 = nameConstraints_dirname_p10 +permitted;dirName.11 = nameConstraints_dirname_p11 +permitted;dirName.12 = nameConstraints_dirname_p12 +permitted;dirName.13 = nameConstraints_dirname_p13 +permitted;dirName.14 = nameConstraints_dirname_p14 +permitted;dirName.15 = nameConstraints_dirname_p15 +permitted;dirName.16 = nameConstraints_dirname_p16 +permitted;dirName.17 = nameConstraints_dirname_p17 +permitted;dirName.18 = nameConstraints_dirname_p18 +permitted;dirName.19 = nameConstraints_dirname_p19 +permitted;dirName.20 = nameConstraints_dirname_p20 +permitted;dirName.21 = nameConstraints_dirname_p21 +permitted;dirName.22 = nameConstraints_dirname_p22 +permitted;dirName.23 = nameConstraints_dirname_p23 +permitted;dirName.24 = nameConstraints_dirname_p24 +permitted;dirName.25 = nameConstraints_dirname_p25 +permitted;dirName.26 = nameConstraints_dirname_p26 +permitted;dirName.27 = nameConstraints_dirname_p27 +permitted;dirName.28 = nameConstraints_dirname_p28 +permitted;dirName.29 = nameConstraints_dirname_p29 +permitted;dirName.30 = nameConstraints_dirname_p30 +permitted;dirName.31 = nameConstraints_dirname_p31 +permitted;dirName.32 = nameConstraints_dirname_p32 +permitted;dirName.33 = nameConstraints_dirname_p33 +permitted;dirName.34 = nameConstraints_dirname_p34 +permitted;dirName.35 = nameConstraints_dirname_p35 +permitted;dirName.36 = nameConstraints_dirname_p36 +permitted;dirName.37 = nameConstraints_dirname_p37 +permitted;dirName.38 = nameConstraints_dirname_p38 +permitted;dirName.39 = nameConstraints_dirname_p39 +permitted;dirName.40 = nameConstraints_dirname_p40 +permitted;dirName.41 = nameConstraints_dirname_p41 +permitted;dirName.42 = nameConstraints_dirname_p42 +permitted;dirName.43 = nameConstraints_dirname_p43 +permitted;dirName.44 = nameConstraints_dirname_p44 +permitted;dirName.45 = nameConstraints_dirname_p45 +permitted;dirName.46 = nameConstraints_dirname_p46 +permitted;dirName.47 = nameConstraints_dirname_p47 +permitted;dirName.48 = nameConstraints_dirname_p48 +permitted;dirName.49 = nameConstraints_dirname_p49 +permitted;dirName.50 = nameConstraints_dirname_p50 +permitted;dirName.51 = nameConstraints_dirname_p51 +permitted;dirName.52 = nameConstraints_dirname_p52 +permitted;dirName.53 = nameConstraints_dirname_p53 +permitted;dirName.54 = nameConstraints_dirname_p54 +permitted;dirName.55 = nameConstraints_dirname_p55 +permitted;dirName.56 = nameConstraints_dirname_p56 +permitted;dirName.57 = nameConstraints_dirname_p57 +permitted;dirName.58 = nameConstraints_dirname_p58 +permitted;dirName.59 = nameConstraints_dirname_p59 +permitted;dirName.60 = nameConstraints_dirname_p60 +permitted;dirName.61 = nameConstraints_dirname_p61 +permitted;dirName.62 = nameConstraints_dirname_p62 +permitted;dirName.63 = nameConstraints_dirname_p63 +permitted;dirName.64 = nameConstraints_dirname_p64 +permitted;dirName.65 = nameConstraints_dirname_p65 +permitted;dirName.66 = nameConstraints_dirname_p66 +permitted;dirName.67 = nameConstraints_dirname_p67 +permitted;dirName.68 = nameConstraints_dirname_p68 +permitted;dirName.69 = nameConstraints_dirname_p69 +permitted;dirName.70 = nameConstraints_dirname_p70 +permitted;dirName.71 = nameConstraints_dirname_p71 +permitted;dirName.72 = nameConstraints_dirname_p72 +permitted;dirName.73 = nameConstraints_dirname_p73 +permitted;dirName.74 = nameConstraints_dirname_p74 +permitted;dirName.75 = nameConstraints_dirname_p75 +permitted;dirName.76 = nameConstraints_dirname_p76 +permitted;dirName.77 = nameConstraints_dirname_p77 +permitted;dirName.78 = nameConstraints_dirname_p78 +permitted;dirName.79 = nameConstraints_dirname_p79 +permitted;dirName.80 = nameConstraints_dirname_p80 +permitted;dirName.81 = nameConstraints_dirname_p81 +permitted;dirName.82 = nameConstraints_dirname_p82 +permitted;dirName.83 = nameConstraints_dirname_p83 +permitted;dirName.84 = nameConstraints_dirname_p84 +permitted;dirName.85 = nameConstraints_dirname_p85 +permitted;dirName.86 = nameConstraints_dirname_p86 +permitted;dirName.87 = nameConstraints_dirname_p87 +permitted;dirName.88 = nameConstraints_dirname_p88 +permitted;dirName.89 = nameConstraints_dirname_p89 +permitted;dirName.90 = nameConstraints_dirname_p90 +permitted;dirName.91 = nameConstraints_dirname_p91 +permitted;dirName.92 = nameConstraints_dirname_p92 +permitted;dirName.93 = nameConstraints_dirname_p93 +permitted;dirName.94 = nameConstraints_dirname_p94 +permitted;dirName.95 = nameConstraints_dirname_p95 +permitted;dirName.96 = nameConstraints_dirname_p96 +permitted;dirName.97 = nameConstraints_dirname_p97 +permitted;dirName.98 = nameConstraints_dirname_p98 +permitted;dirName.99 = nameConstraints_dirname_p99 +permitted;dirName.100 = nameConstraints_dirname_p100 +permitted;dirName.101 = nameConstraints_dirname_p101 +permitted;dirName.102 = nameConstraints_dirname_p102 +permitted;dirName.103 = nameConstraints_dirname_p103 +permitted;dirName.104 = nameConstraints_dirname_p104 +permitted;dirName.105 = nameConstraints_dirname_p105 +permitted;dirName.106 = nameConstraints_dirname_p106 +permitted;dirName.107 = nameConstraints_dirname_p107 +permitted;dirName.108 = nameConstraints_dirname_p108 +permitted;dirName.109 = nameConstraints_dirname_p109 +permitted;dirName.110 = nameConstraints_dirname_p110 +permitted;dirName.111 = nameConstraints_dirname_p111 +permitted;dirName.112 = nameConstraints_dirname_p112 +permitted;dirName.113 = nameConstraints_dirname_p113 +permitted;dirName.114 = nameConstraints_dirname_p114 +permitted;dirName.115 = nameConstraints_dirname_p115 +permitted;dirName.116 = nameConstraints_dirname_p116 +permitted;dirName.117 = nameConstraints_dirname_p117 +permitted;dirName.118 = nameConstraints_dirname_p118 +permitted;dirName.119 = nameConstraints_dirname_p119 +permitted;dirName.120 = nameConstraints_dirname_p120 +permitted;dirName.121 = nameConstraints_dirname_p121 +permitted;dirName.122 = nameConstraints_dirname_p122 +permitted;dirName.123 = nameConstraints_dirname_p123 +permitted;dirName.124 = nameConstraints_dirname_p124 +permitted;dirName.125 = nameConstraints_dirname_p125 +permitted;dirName.126 = nameConstraints_dirname_p126 +permitted;dirName.127 = nameConstraints_dirname_p127 +permitted;dirName.128 = nameConstraints_dirname_p128 +permitted;dirName.129 = nameConstraints_dirname_p129 +permitted;dirName.130 = nameConstraints_dirname_p130 +permitted;dirName.131 = nameConstraints_dirname_p131 +permitted;dirName.132 = nameConstraints_dirname_p132 +permitted;dirName.133 = nameConstraints_dirname_p133 +permitted;dirName.134 = nameConstraints_dirname_p134 +permitted;dirName.135 = nameConstraints_dirname_p135 +permitted;dirName.136 = nameConstraints_dirname_p136 +permitted;dirName.137 = nameConstraints_dirname_p137 +permitted;dirName.138 = nameConstraints_dirname_p138 +permitted;dirName.139 = nameConstraints_dirname_p139 +permitted;dirName.140 = nameConstraints_dirname_p140 +permitted;dirName.141 = nameConstraints_dirname_p141 +permitted;dirName.142 = nameConstraints_dirname_p142 +permitted;dirName.143 = nameConstraints_dirname_p143 +permitted;dirName.144 = nameConstraints_dirname_p144 +permitted;dirName.145 = nameConstraints_dirname_p145 +permitted;dirName.146 = nameConstraints_dirname_p146 +permitted;dirName.147 = nameConstraints_dirname_p147 +permitted;dirName.148 = nameConstraints_dirname_p148 +permitted;dirName.149 = nameConstraints_dirname_p149 +permitted;dirName.150 = nameConstraints_dirname_p150 +permitted;dirName.151 = nameConstraints_dirname_p151 +permitted;dirName.152 = nameConstraints_dirname_p152 +permitted;dirName.153 = nameConstraints_dirname_p153 +permitted;dirName.154 = nameConstraints_dirname_p154 +permitted;dirName.155 = nameConstraints_dirname_p155 +permitted;dirName.156 = nameConstraints_dirname_p156 +permitted;dirName.157 = nameConstraints_dirname_p157 +permitted;dirName.158 = nameConstraints_dirname_p158 +permitted;dirName.159 = nameConstraints_dirname_p159 +permitted;dirName.160 = nameConstraints_dirname_p160 +permitted;dirName.161 = nameConstraints_dirname_p161 +permitted;dirName.162 = nameConstraints_dirname_p162 +permitted;dirName.163 = nameConstraints_dirname_p163 +permitted;dirName.164 = nameConstraints_dirname_p164 +permitted;dirName.165 = nameConstraints_dirname_p165 +permitted;dirName.166 = nameConstraints_dirname_p166 +permitted;dirName.167 = nameConstraints_dirname_p167 +permitted;dirName.168 = nameConstraints_dirname_p168 +permitted;dirName.169 = nameConstraints_dirname_p169 +permitted;dirName.170 = nameConstraints_dirname_p170 +permitted;dirName.171 = nameConstraints_dirname_p171 +permitted;dirName.172 = nameConstraints_dirname_p172 +permitted;dirName.173 = nameConstraints_dirname_p173 +permitted;dirName.174 = nameConstraints_dirname_p174 +permitted;dirName.175 = nameConstraints_dirname_p175 +permitted;dirName.176 = nameConstraints_dirname_p176 +permitted;dirName.177 = nameConstraints_dirname_p177 +permitted;dirName.178 = nameConstraints_dirname_p178 +permitted;dirName.179 = nameConstraints_dirname_p179 +permitted;dirName.180 = nameConstraints_dirname_p180 +permitted;dirName.181 = nameConstraints_dirname_p181 +permitted;dirName.182 = nameConstraints_dirname_p182 +permitted;dirName.183 = nameConstraints_dirname_p183 +permitted;dirName.184 = nameConstraints_dirname_p184 +permitted;dirName.185 = nameConstraints_dirname_p185 +permitted;dirName.186 = nameConstraints_dirname_p186 +permitted;dirName.187 = nameConstraints_dirname_p187 +permitted;dirName.188 = nameConstraints_dirname_p188 +permitted;dirName.189 = nameConstraints_dirname_p189 +permitted;dirName.190 = nameConstraints_dirname_p190 +permitted;dirName.191 = nameConstraints_dirname_p191 +permitted;dirName.192 = nameConstraints_dirname_p192 +permitted;dirName.193 = nameConstraints_dirname_p193 +permitted;dirName.194 = nameConstraints_dirname_p194 +permitted;dirName.195 = nameConstraints_dirname_p195 +permitted;dirName.196 = nameConstraints_dirname_p196 +permitted;dirName.197 = nameConstraints_dirname_p197 +permitted;dirName.198 = nameConstraints_dirname_p198 +permitted;dirName.199 = nameConstraints_dirname_p199 +permitted;dirName.200 = nameConstraints_dirname_p200 +permitted;dirName.201 = nameConstraints_dirname_p201 +permitted;dirName.202 = nameConstraints_dirname_p202 +permitted;dirName.203 = nameConstraints_dirname_p203 +permitted;dirName.204 = nameConstraints_dirname_p204 +permitted;dirName.205 = nameConstraints_dirname_p205 +permitted;dirName.206 = nameConstraints_dirname_p206 +permitted;dirName.207 = nameConstraints_dirname_p207 +permitted;dirName.208 = nameConstraints_dirname_p208 +permitted;dirName.209 = nameConstraints_dirname_p209 +permitted;dirName.210 = nameConstraints_dirname_p210 +permitted;dirName.211 = nameConstraints_dirname_p211 +permitted;dirName.212 = nameConstraints_dirname_p212 +permitted;dirName.213 = nameConstraints_dirname_p213 +permitted;dirName.214 = nameConstraints_dirname_p214 +permitted;dirName.215 = nameConstraints_dirname_p215 +permitted;dirName.216 = nameConstraints_dirname_p216 +permitted;dirName.217 = nameConstraints_dirname_p217 +permitted;dirName.218 = nameConstraints_dirname_p218 +permitted;dirName.219 = nameConstraints_dirname_p219 +permitted;dirName.220 = nameConstraints_dirname_p220 +permitted;dirName.221 = nameConstraints_dirname_p221 +permitted;dirName.222 = nameConstraints_dirname_p222 +permitted;dirName.223 = nameConstraints_dirname_p223 +permitted;dirName.224 = nameConstraints_dirname_p224 +permitted;dirName.225 = nameConstraints_dirname_p225 +permitted;dirName.226 = nameConstraints_dirname_p226 +permitted;dirName.227 = nameConstraints_dirname_p227 +permitted;dirName.228 = nameConstraints_dirname_p228 +permitted;dirName.229 = nameConstraints_dirname_p229 +permitted;dirName.230 = nameConstraints_dirname_p230 +permitted;dirName.231 = nameConstraints_dirname_p231 +permitted;dirName.232 = nameConstraints_dirname_p232 +permitted;dirName.233 = nameConstraints_dirname_p233 +permitted;dirName.234 = nameConstraints_dirname_p234 +permitted;dirName.235 = nameConstraints_dirname_p235 +permitted;dirName.236 = nameConstraints_dirname_p236 +permitted;dirName.237 = nameConstraints_dirname_p237 +permitted;dirName.238 = nameConstraints_dirname_p238 +permitted;dirName.239 = nameConstraints_dirname_p239 +permitted;dirName.240 = nameConstraints_dirname_p240 +permitted;dirName.241 = nameConstraints_dirname_p241 +permitted;dirName.242 = nameConstraints_dirname_p242 +permitted;dirName.243 = nameConstraints_dirname_p243 +permitted;dirName.244 = nameConstraints_dirname_p244 +permitted;dirName.245 = nameConstraints_dirname_p245 +permitted;dirName.246 = nameConstraints_dirname_p246 +permitted;dirName.247 = nameConstraints_dirname_p247 +permitted;dirName.248 = nameConstraints_dirname_p248 +permitted;dirName.249 = nameConstraints_dirname_p249 +permitted;dirName.250 = nameConstraints_dirname_p250 +permitted;dirName.251 = nameConstraints_dirname_p251 +permitted;dirName.252 = nameConstraints_dirname_p252 +permitted;dirName.253 = nameConstraints_dirname_p253 +permitted;dirName.254 = nameConstraints_dirname_p254 +permitted;dirName.255 = nameConstraints_dirname_p255 +permitted;dirName.256 = nameConstraints_dirname_p256 +permitted;dirName.257 = nameConstraints_dirname_p257 +permitted;dirName.258 = nameConstraints_dirname_p258 +permitted;dirName.259 = nameConstraints_dirname_p259 +permitted;dirName.260 = nameConstraints_dirname_p260 +permitted;dirName.261 = nameConstraints_dirname_p261 +permitted;dirName.262 = nameConstraints_dirname_p262 +permitted;dirName.263 = nameConstraints_dirname_p263 +permitted;dirName.264 = nameConstraints_dirname_p264 +permitted;dirName.265 = nameConstraints_dirname_p265 +permitted;dirName.266 = nameConstraints_dirname_p266 +permitted;dirName.267 = nameConstraints_dirname_p267 +permitted;dirName.268 = nameConstraints_dirname_p268 +permitted;dirName.269 = nameConstraints_dirname_p269 +permitted;dirName.270 = nameConstraints_dirname_p270 +permitted;dirName.271 = nameConstraints_dirname_p271 +permitted;dirName.272 = nameConstraints_dirname_p272 +permitted;dirName.273 = nameConstraints_dirname_p273 +permitted;dirName.274 = nameConstraints_dirname_p274 +permitted;dirName.275 = nameConstraints_dirname_p275 +permitted;dirName.276 = nameConstraints_dirname_p276 +permitted;dirName.277 = nameConstraints_dirname_p277 +permitted;dirName.278 = nameConstraints_dirname_p278 +permitted;dirName.279 = nameConstraints_dirname_p279 +permitted;dirName.280 = nameConstraints_dirname_p280 +permitted;dirName.281 = nameConstraints_dirname_p281 +permitted;dirName.282 = nameConstraints_dirname_p282 +permitted;dirName.283 = nameConstraints_dirname_p283 +permitted;dirName.284 = nameConstraints_dirname_p284 +permitted;dirName.285 = nameConstraints_dirname_p285 +permitted;dirName.286 = nameConstraints_dirname_p286 +permitted;dirName.287 = nameConstraints_dirname_p287 +permitted;dirName.288 = nameConstraints_dirname_p288 +permitted;dirName.289 = nameConstraints_dirname_p289 +permitted;dirName.290 = nameConstraints_dirname_p290 +permitted;dirName.291 = nameConstraints_dirname_p291 +permitted;dirName.292 = nameConstraints_dirname_p292 +permitted;dirName.293 = nameConstraints_dirname_p293 +permitted;dirName.294 = nameConstraints_dirname_p294 +permitted;dirName.295 = nameConstraints_dirname_p295 +permitted;dirName.296 = nameConstraints_dirname_p296 +permitted;dirName.297 = nameConstraints_dirname_p297 +permitted;dirName.298 = nameConstraints_dirname_p298 +permitted;dirName.299 = nameConstraints_dirname_p299 +permitted;dirName.300 = nameConstraints_dirname_p300 +permitted;dirName.301 = nameConstraints_dirname_p301 +permitted;dirName.302 = nameConstraints_dirname_p302 +permitted;dirName.303 = nameConstraints_dirname_p303 +permitted;dirName.304 = nameConstraints_dirname_p304 +permitted;dirName.305 = nameConstraints_dirname_p305 +permitted;dirName.306 = nameConstraints_dirname_p306 +permitted;dirName.307 = nameConstraints_dirname_p307 +permitted;dirName.308 = nameConstraints_dirname_p308 +permitted;dirName.309 = nameConstraints_dirname_p309 +permitted;dirName.310 = nameConstraints_dirname_p310 +permitted;dirName.311 = nameConstraints_dirname_p311 +permitted;dirName.312 = nameConstraints_dirname_p312 +permitted;dirName.313 = nameConstraints_dirname_p313 +permitted;dirName.314 = nameConstraints_dirname_p314 +permitted;dirName.315 = nameConstraints_dirname_p315 +permitted;dirName.316 = nameConstraints_dirname_p316 +permitted;dirName.317 = nameConstraints_dirname_p317 +permitted;dirName.318 = nameConstraints_dirname_p318 +permitted;dirName.319 = nameConstraints_dirname_p319 +permitted;dirName.320 = nameConstraints_dirname_p320 +permitted;dirName.321 = nameConstraints_dirname_p321 +permitted;dirName.322 = nameConstraints_dirname_p322 +permitted;dirName.323 = nameConstraints_dirname_p323 +permitted;dirName.324 = nameConstraints_dirname_p324 +permitted;dirName.325 = nameConstraints_dirname_p325 +permitted;dirName.326 = nameConstraints_dirname_p326 +permitted;dirName.327 = nameConstraints_dirname_p327 +permitted;dirName.328 = nameConstraints_dirname_p328 +permitted;dirName.329 = nameConstraints_dirname_p329 +permitted;dirName.330 = nameConstraints_dirname_p330 +permitted;dirName.331 = nameConstraints_dirname_p331 +permitted;dirName.332 = nameConstraints_dirname_p332 +permitted;dirName.333 = nameConstraints_dirname_p333 +permitted;dirName.334 = nameConstraints_dirname_p334 +permitted;dirName.335 = nameConstraints_dirname_p335 +permitted;dirName.336 = nameConstraints_dirname_p336 +permitted;dirName.337 = nameConstraints_dirname_p337 +permitted;dirName.338 = nameConstraints_dirname_p338 +permitted;dirName.339 = nameConstraints_dirname_p339 +permitted;dirName.340 = nameConstraints_dirname_p340 +permitted;dirName.341 = nameConstraints_dirname_p341 +permitted;dirName.342 = nameConstraints_dirname_p342 +permitted;dirName.343 = nameConstraints_dirname_p343 +permitted;dirName.344 = nameConstraints_dirname_p344 +permitted;dirName.345 = nameConstraints_dirname_p345 +permitted;dirName.346 = nameConstraints_dirname_p346 +permitted;dirName.347 = nameConstraints_dirname_p347 +permitted;dirName.348 = nameConstraints_dirname_p348 +permitted;dirName.349 = nameConstraints_dirname_p349 +permitted;dirName.350 = nameConstraints_dirname_p350 +permitted;dirName.351 = nameConstraints_dirname_p351 +permitted;dirName.352 = nameConstraints_dirname_p352 +permitted;dirName.353 = nameConstraints_dirname_p353 +permitted;dirName.354 = nameConstraints_dirname_p354 +permitted;dirName.355 = nameConstraints_dirname_p355 +permitted;dirName.356 = nameConstraints_dirname_p356 +permitted;dirName.357 = nameConstraints_dirname_p357 +permitted;dirName.358 = nameConstraints_dirname_p358 +permitted;dirName.359 = nameConstraints_dirname_p359 +permitted;dirName.360 = nameConstraints_dirname_p360 +permitted;dirName.361 = nameConstraints_dirname_p361 +permitted;dirName.362 = nameConstraints_dirname_p362 +permitted;dirName.363 = nameConstraints_dirname_p363 +permitted;dirName.364 = nameConstraints_dirname_p364 +permitted;dirName.365 = nameConstraints_dirname_p365 +permitted;dirName.366 = nameConstraints_dirname_p366 +permitted;dirName.367 = nameConstraints_dirname_p367 +permitted;dirName.368 = nameConstraints_dirname_p368 +permitted;dirName.369 = nameConstraints_dirname_p369 +permitted;dirName.370 = nameConstraints_dirname_p370 +permitted;dirName.371 = nameConstraints_dirname_p371 +permitted;dirName.372 = nameConstraints_dirname_p372 +permitted;dirName.373 = nameConstraints_dirname_p373 +permitted;dirName.374 = nameConstraints_dirname_p374 +permitted;dirName.375 = nameConstraints_dirname_p375 +permitted;dirName.376 = nameConstraints_dirname_p376 +permitted;dirName.377 = nameConstraints_dirname_p377 +permitted;dirName.378 = nameConstraints_dirname_p378 +permitted;dirName.379 = nameConstraints_dirname_p379 +permitted;dirName.380 = nameConstraints_dirname_p380 +permitted;dirName.381 = nameConstraints_dirname_p381 +permitted;dirName.382 = nameConstraints_dirname_p382 +permitted;dirName.383 = nameConstraints_dirname_p383 +permitted;dirName.384 = nameConstraints_dirname_p384 +permitted;dirName.385 = nameConstraints_dirname_p385 +permitted;dirName.386 = nameConstraints_dirname_p386 +permitted;dirName.387 = nameConstraints_dirname_p387 +permitted;dirName.388 = nameConstraints_dirname_p388 +permitted;dirName.389 = nameConstraints_dirname_p389 +permitted;dirName.390 = nameConstraints_dirname_p390 +permitted;dirName.391 = nameConstraints_dirname_p391 +permitted;dirName.392 = nameConstraints_dirname_p392 +permitted;dirName.393 = nameConstraints_dirname_p393 +permitted;dirName.394 = nameConstraints_dirname_p394 +permitted;dirName.395 = nameConstraints_dirname_p395 +permitted;dirName.396 = nameConstraints_dirname_p396 +permitted;dirName.397 = nameConstraints_dirname_p397 +permitted;dirName.398 = nameConstraints_dirname_p398 +permitted;dirName.399 = nameConstraints_dirname_p399 +permitted;dirName.400 = nameConstraints_dirname_p400 +permitted;dirName.401 = nameConstraints_dirname_p401 +permitted;dirName.402 = nameConstraints_dirname_p402 +permitted;dirName.403 = nameConstraints_dirname_p403 +permitted;dirName.404 = nameConstraints_dirname_p404 +permitted;dirName.405 = nameConstraints_dirname_p405 +permitted;dirName.406 = nameConstraints_dirname_p406 +permitted;dirName.407 = nameConstraints_dirname_p407 +permitted;dirName.408 = nameConstraints_dirname_p408 +permitted;dirName.409 = nameConstraints_dirname_p409 +permitted;dirName.410 = nameConstraints_dirname_p410 +permitted;dirName.411 = nameConstraints_dirname_p411 +permitted;dirName.412 = nameConstraints_dirname_p412 +permitted;dirName.413 = nameConstraints_dirname_p413 +permitted;dirName.414 = nameConstraints_dirname_p414 +permitted;dirName.415 = nameConstraints_dirname_p415 +permitted;dirName.416 = nameConstraints_dirname_p416 +permitted;dirName.417 = nameConstraints_dirname_p417 +permitted;dirName.418 = nameConstraints_dirname_p418 +permitted;dirName.419 = nameConstraints_dirname_p419 +permitted;dirName.420 = nameConstraints_dirname_p420 +permitted;dirName.421 = nameConstraints_dirname_p421 +permitted;dirName.422 = nameConstraints_dirname_p422 +permitted;dirName.423 = nameConstraints_dirname_p423 +permitted;dirName.424 = nameConstraints_dirname_p424 +permitted;dirName.425 = nameConstraints_dirname_p425 +permitted;dirName.426 = nameConstraints_dirname_p426 +permitted;dirName.427 = nameConstraints_dirname_p427 +permitted;dirName.428 = nameConstraints_dirname_p428 +permitted;dirName.429 = nameConstraints_dirname_p429 +permitted;dirName.430 = nameConstraints_dirname_p430 +permitted;dirName.431 = nameConstraints_dirname_p431 +permitted;dirName.432 = nameConstraints_dirname_p432 +permitted;dirName.433 = nameConstraints_dirname_p433 +permitted;dirName.434 = nameConstraints_dirname_p434 +permitted;dirName.435 = nameConstraints_dirname_p435 +permitted;dirName.436 = nameConstraints_dirname_p436 +permitted;dirName.437 = nameConstraints_dirname_p437 +permitted;dirName.438 = nameConstraints_dirname_p438 +permitted;dirName.439 = nameConstraints_dirname_p439 +permitted;dirName.440 = nameConstraints_dirname_p440 +permitted;dirName.441 = nameConstraints_dirname_p441 +permitted;dirName.442 = nameConstraints_dirname_p442 +permitted;dirName.443 = nameConstraints_dirname_p443 +permitted;dirName.444 = nameConstraints_dirname_p444 +permitted;dirName.445 = nameConstraints_dirname_p445 +permitted;dirName.446 = nameConstraints_dirname_p446 +permitted;dirName.447 = nameConstraints_dirname_p447 +permitted;dirName.448 = nameConstraints_dirname_p448 +permitted;dirName.449 = nameConstraints_dirname_p449 +permitted;dirName.450 = nameConstraints_dirname_p450 +permitted;dirName.451 = nameConstraints_dirname_p451 +permitted;dirName.452 = nameConstraints_dirname_p452 +permitted;dirName.453 = nameConstraints_dirname_p453 +permitted;dirName.454 = nameConstraints_dirname_p454 +permitted;dirName.455 = nameConstraints_dirname_p455 +permitted;dirName.456 = nameConstraints_dirname_p456 +permitted;dirName.457 = nameConstraints_dirname_p457 +permitted;dirName.458 = nameConstraints_dirname_p458 +permitted;dirName.459 = nameConstraints_dirname_p459 +permitted;dirName.460 = nameConstraints_dirname_p460 +permitted;dirName.461 = nameConstraints_dirname_p461 +permitted;dirName.462 = nameConstraints_dirname_p462 +permitted;dirName.463 = nameConstraints_dirname_p463 +permitted;dirName.464 = nameConstraints_dirname_p464 +permitted;dirName.465 = nameConstraints_dirname_p465 +permitted;dirName.466 = nameConstraints_dirname_p466 +permitted;dirName.467 = nameConstraints_dirname_p467 +permitted;dirName.468 = nameConstraints_dirname_p468 +permitted;dirName.469 = nameConstraints_dirname_p469 +permitted;dirName.470 = nameConstraints_dirname_p470 +permitted;dirName.471 = nameConstraints_dirname_p471 +permitted;dirName.472 = nameConstraints_dirname_p472 +permitted;dirName.473 = nameConstraints_dirname_p473 +permitted;dirName.474 = nameConstraints_dirname_p474 +permitted;dirName.475 = nameConstraints_dirname_p475 +permitted;dirName.476 = nameConstraints_dirname_p476 +permitted;dirName.477 = nameConstraints_dirname_p477 +permitted;dirName.478 = nameConstraints_dirname_p478 +permitted;dirName.479 = nameConstraints_dirname_p479 +permitted;dirName.480 = nameConstraints_dirname_p480 +permitted;dirName.481 = nameConstraints_dirname_p481 +permitted;dirName.482 = nameConstraints_dirname_p482 +permitted;dirName.483 = nameConstraints_dirname_p483 +permitted;dirName.484 = nameConstraints_dirname_p484 +permitted;dirName.485 = nameConstraints_dirname_p485 +permitted;dirName.486 = nameConstraints_dirname_p486 +permitted;dirName.487 = nameConstraints_dirname_p487 +permitted;dirName.488 = nameConstraints_dirname_p488 +permitted;dirName.489 = nameConstraints_dirname_p489 +permitted;dirName.490 = nameConstraints_dirname_p490 +permitted;dirName.491 = nameConstraints_dirname_p491 +permitted;dirName.492 = nameConstraints_dirname_p492 +permitted;dirName.493 = nameConstraints_dirname_p493 +permitted;dirName.494 = nameConstraints_dirname_p494 +permitted;dirName.495 = nameConstraints_dirname_p495 +permitted;dirName.496 = nameConstraints_dirname_p496 +permitted;dirName.497 = nameConstraints_dirname_p497 +permitted;dirName.498 = nameConstraints_dirname_p498 +permitted;dirName.499 = nameConstraints_dirname_p499 +permitted;dirName.500 = nameConstraints_dirname_p500 +permitted;dirName.501 = nameConstraints_dirname_p501 +permitted;dirName.502 = nameConstraints_dirname_p502 +permitted;dirName.503 = nameConstraints_dirname_p503 +permitted;dirName.504 = nameConstraints_dirname_p504 +permitted;dirName.505 = nameConstraints_dirname_p505 +permitted;dirName.506 = nameConstraints_dirname_p506 +permitted;dirName.507 = nameConstraints_dirname_p507 +permitted;dirName.508 = nameConstraints_dirname_p508 +permitted;dirName.509 = nameConstraints_dirname_p509 +permitted;dirName.510 = nameConstraints_dirname_p510 +permitted;dirName.511 = nameConstraints_dirname_p511 +permitted;dirName.512 = nameConstraints_dirname_p512 +permitted;dirName.513 = nameConstraints_dirname_p513 +permitted;dirName.514 = nameConstraints_dirname_p514 +permitted;dirName.515 = nameConstraints_dirname_p515 +permitted;dirName.516 = nameConstraints_dirname_p516 +permitted;dirName.517 = nameConstraints_dirname_p517 +permitted;dirName.518 = nameConstraints_dirname_p518 +permitted;dirName.519 = nameConstraints_dirname_p519 +permitted;dirName.520 = nameConstraints_dirname_p520 +permitted;dirName.521 = nameConstraints_dirname_p521 +permitted;dirName.522 = nameConstraints_dirname_p522 +permitted;dirName.523 = nameConstraints_dirname_p523 +permitted;dirName.524 = nameConstraints_dirname_p524 +permitted;dirName.525 = nameConstraints_dirname_p525 +permitted;dirName.526 = nameConstraints_dirname_p526 +permitted;dirName.527 = nameConstraints_dirname_p527 +permitted;dirName.528 = nameConstraints_dirname_p528 +permitted;dirName.529 = nameConstraints_dirname_p529 +permitted;dirName.530 = nameConstraints_dirname_p530 +permitted;dirName.531 = nameConstraints_dirname_p531 +permitted;dirName.532 = nameConstraints_dirname_p532 +permitted;dirName.533 = nameConstraints_dirname_p533 +permitted;dirName.534 = nameConstraints_dirname_p534 +permitted;dirName.535 = nameConstraints_dirname_p535 +permitted;dirName.536 = nameConstraints_dirname_p536 +permitted;dirName.537 = nameConstraints_dirname_p537 +permitted;dirName.538 = nameConstraints_dirname_p538 +permitted;dirName.539 = nameConstraints_dirname_p539 +permitted;dirName.540 = nameConstraints_dirname_p540 +permitted;dirName.541 = nameConstraints_dirname_p541 +permitted;dirName.542 = nameConstraints_dirname_p542 +permitted;dirName.543 = nameConstraints_dirname_p543 +permitted;dirName.544 = nameConstraints_dirname_p544 +permitted;dirName.545 = nameConstraints_dirname_p545 +permitted;dirName.546 = nameConstraints_dirname_p546 +permitted;dirName.547 = nameConstraints_dirname_p547 +permitted;dirName.548 = nameConstraints_dirname_p548 +permitted;dirName.549 = nameConstraints_dirname_p549 +permitted;dirName.550 = nameConstraints_dirname_p550 +permitted;dirName.551 = nameConstraints_dirname_p551 +permitted;dirName.552 = nameConstraints_dirname_p552 +permitted;dirName.553 = nameConstraints_dirname_p553 +permitted;dirName.554 = nameConstraints_dirname_p554 +permitted;dirName.555 = nameConstraints_dirname_p555 +permitted;dirName.556 = nameConstraints_dirname_p556 +permitted;dirName.557 = nameConstraints_dirname_p557 +permitted;dirName.558 = nameConstraints_dirname_p558 +permitted;dirName.559 = nameConstraints_dirname_p559 +permitted;dirName.560 = nameConstraints_dirname_p560 +permitted;dirName.561 = nameConstraints_dirname_p561 +permitted;dirName.562 = nameConstraints_dirname_p562 +permitted;dirName.563 = nameConstraints_dirname_p563 +permitted;dirName.564 = nameConstraints_dirname_p564 +permitted;dirName.565 = nameConstraints_dirname_p565 +permitted;dirName.566 = nameConstraints_dirname_p566 +permitted;dirName.567 = nameConstraints_dirname_p567 +permitted;dirName.568 = nameConstraints_dirname_p568 +permitted;dirName.569 = nameConstraints_dirname_p569 +permitted;dirName.570 = nameConstraints_dirname_p570 +permitted;dirName.571 = nameConstraints_dirname_p571 +permitted;dirName.572 = nameConstraints_dirname_p572 +permitted;dirName.573 = nameConstraints_dirname_p573 +permitted;dirName.574 = nameConstraints_dirname_p574 +permitted;dirName.575 = nameConstraints_dirname_p575 +permitted;dirName.576 = nameConstraints_dirname_p576 +permitted;dirName.577 = nameConstraints_dirname_p577 +permitted;dirName.578 = nameConstraints_dirname_p578 +permitted;dirName.579 = nameConstraints_dirname_p579 +permitted;dirName.580 = nameConstraints_dirname_p580 +permitted;dirName.581 = nameConstraints_dirname_p581 +permitted;dirName.582 = nameConstraints_dirname_p582 +permitted;dirName.583 = nameConstraints_dirname_p583 +permitted;dirName.584 = nameConstraints_dirname_p584 +permitted;dirName.585 = nameConstraints_dirname_p585 +permitted;dirName.586 = nameConstraints_dirname_p586 +permitted;dirName.587 = nameConstraints_dirname_p587 +permitted;dirName.588 = nameConstraints_dirname_p588 +permitted;dirName.589 = nameConstraints_dirname_p589 +permitted;dirName.590 = nameConstraints_dirname_p590 +permitted;dirName.591 = nameConstraints_dirname_p591 +permitted;dirName.592 = nameConstraints_dirname_p592 +permitted;dirName.593 = nameConstraints_dirname_p593 +permitted;dirName.594 = nameConstraints_dirname_p594 +permitted;dirName.595 = nameConstraints_dirname_p595 +permitted;dirName.596 = nameConstraints_dirname_p596 +permitted;dirName.597 = nameConstraints_dirname_p597 +permitted;dirName.598 = nameConstraints_dirname_p598 +permitted;dirName.599 = nameConstraints_dirname_p599 +permitted;dirName.600 = nameConstraints_dirname_p600 +permitted;dirName.601 = nameConstraints_dirname_p601 +permitted;dirName.602 = nameConstraints_dirname_p602 +permitted;dirName.603 = nameConstraints_dirname_p603 +permitted;dirName.604 = nameConstraints_dirname_p604 +permitted;dirName.605 = nameConstraints_dirname_p605 +permitted;dirName.606 = nameConstraints_dirname_p606 +permitted;dirName.607 = nameConstraints_dirname_p607 +permitted;dirName.608 = nameConstraints_dirname_p608 +permitted;dirName.609 = nameConstraints_dirname_p609 +permitted;dirName.610 = nameConstraints_dirname_p610 +permitted;dirName.611 = nameConstraints_dirname_p611 +permitted;dirName.612 = nameConstraints_dirname_p612 +permitted;dirName.613 = nameConstraints_dirname_p613 +permitted;dirName.614 = nameConstraints_dirname_p614 +permitted;dirName.615 = nameConstraints_dirname_p615 +permitted;dirName.616 = nameConstraints_dirname_p616 +permitted;dirName.617 = nameConstraints_dirname_p617 +permitted;dirName.618 = nameConstraints_dirname_p618 +permitted;dirName.619 = nameConstraints_dirname_p619 +permitted;dirName.620 = nameConstraints_dirname_p620 +permitted;dirName.621 = nameConstraints_dirname_p621 +permitted;dirName.622 = nameConstraints_dirname_p622 +permitted;dirName.623 = nameConstraints_dirname_p623 +permitted;dirName.624 = nameConstraints_dirname_p624 +permitted;dirName.625 = nameConstraints_dirname_p625 +permitted;dirName.626 = nameConstraints_dirname_p626 +permitted;dirName.627 = nameConstraints_dirname_p627 +permitted;dirName.628 = nameConstraints_dirname_p628 +permitted;dirName.629 = nameConstraints_dirname_p629 +permitted;dirName.630 = nameConstraints_dirname_p630 +permitted;dirName.631 = nameConstraints_dirname_p631 +permitted;dirName.632 = nameConstraints_dirname_p632 +permitted;dirName.633 = nameConstraints_dirname_p633 +permitted;dirName.634 = nameConstraints_dirname_p634 +permitted;dirName.635 = nameConstraints_dirname_p635 +permitted;dirName.636 = nameConstraints_dirname_p636 +permitted;dirName.637 = nameConstraints_dirname_p637 +permitted;dirName.638 = nameConstraints_dirname_p638 +permitted;dirName.639 = nameConstraints_dirname_p639 +permitted;dirName.640 = nameConstraints_dirname_p640 +permitted;dirName.641 = nameConstraints_dirname_p641 +permitted;dirName.642 = nameConstraints_dirname_p642 +permitted;dirName.643 = nameConstraints_dirname_p643 +permitted;dirName.644 = nameConstraints_dirname_p644 +permitted;dirName.645 = nameConstraints_dirname_p645 +permitted;dirName.646 = nameConstraints_dirname_p646 +permitted;dirName.647 = nameConstraints_dirname_p647 +permitted;dirName.648 = nameConstraints_dirname_p648 +permitted;dirName.649 = nameConstraints_dirname_p649 +permitted;dirName.650 = nameConstraints_dirname_p650 +permitted;dirName.651 = nameConstraints_dirname_p651 +permitted;dirName.652 = nameConstraints_dirname_p652 +permitted;dirName.653 = nameConstraints_dirname_p653 +permitted;dirName.654 = nameConstraints_dirname_p654 +permitted;dirName.655 = nameConstraints_dirname_p655 +permitted;dirName.656 = nameConstraints_dirname_p656 +permitted;dirName.657 = nameConstraints_dirname_p657 +permitted;dirName.658 = nameConstraints_dirname_p658 +permitted;dirName.659 = nameConstraints_dirname_p659 +permitted;dirName.660 = nameConstraints_dirname_p660 +permitted;dirName.661 = nameConstraints_dirname_p661 +permitted;dirName.662 = nameConstraints_dirname_p662 +permitted;dirName.663 = nameConstraints_dirname_p663 +permitted;dirName.664 = nameConstraints_dirname_p664 +permitted;dirName.665 = nameConstraints_dirname_p665 +permitted;dirName.666 = nameConstraints_dirname_p666 +permitted;dirName.667 = nameConstraints_dirname_p667 +permitted;dirName.668 = nameConstraints_dirname_p668 +permitted;dirName.669 = nameConstraints_dirname_p669 +permitted;dirName.670 = nameConstraints_dirname_p670 +permitted;dirName.671 = nameConstraints_dirname_p671 +permitted;dirName.672 = nameConstraints_dirname_p672 +permitted;dirName.673 = nameConstraints_dirname_p673 +permitted;dirName.674 = nameConstraints_dirname_p674 +permitted;dirName.675 = nameConstraints_dirname_p675 +permitted;dirName.676 = nameConstraints_dirname_p676 +permitted;dirName.677 = nameConstraints_dirname_p677 +permitted;dirName.678 = nameConstraints_dirname_p678 +permitted;dirName.679 = nameConstraints_dirname_p679 +permitted;dirName.680 = nameConstraints_dirname_p680 +permitted;dirName.681 = nameConstraints_dirname_p681 +permitted;dirName.682 = nameConstraints_dirname_p682 +permitted;dirName.683 = nameConstraints_dirname_p683 +permitted;dirName.684 = nameConstraints_dirname_p684 +permitted;dirName.685 = nameConstraints_dirname_p685 +permitted;dirName.686 = nameConstraints_dirname_p686 +permitted;dirName.687 = nameConstraints_dirname_p687 +permitted;dirName.688 = nameConstraints_dirname_p688 +permitted;dirName.689 = nameConstraints_dirname_p689 +permitted;dirName.690 = nameConstraints_dirname_p690 +permitted;dirName.691 = nameConstraints_dirname_p691 +permitted;dirName.692 = nameConstraints_dirname_p692 +permitted;dirName.693 = nameConstraints_dirname_p693 +permitted;dirName.694 = nameConstraints_dirname_p694 +permitted;dirName.695 = nameConstraints_dirname_p695 +permitted;dirName.696 = nameConstraints_dirname_p696 +permitted;dirName.697 = nameConstraints_dirname_p697 +permitted;dirName.698 = nameConstraints_dirname_p698 +permitted;dirName.699 = nameConstraints_dirname_p699 +permitted;dirName.700 = nameConstraints_dirname_p700 +permitted;dirName.701 = nameConstraints_dirname_p701 +permitted;dirName.702 = nameConstraints_dirname_p702 +permitted;dirName.703 = nameConstraints_dirname_p703 +permitted;dirName.704 = nameConstraints_dirname_p704 +permitted;dirName.705 = nameConstraints_dirname_p705 +permitted;dirName.706 = nameConstraints_dirname_p706 +permitted;dirName.707 = nameConstraints_dirname_p707 +permitted;dirName.708 = nameConstraints_dirname_p708 +permitted;dirName.709 = nameConstraints_dirname_p709 +permitted;dirName.710 = nameConstraints_dirname_p710 +permitted;dirName.711 = nameConstraints_dirname_p711 +permitted;dirName.712 = nameConstraints_dirname_p712 +permitted;dirName.713 = nameConstraints_dirname_p713 +permitted;dirName.714 = nameConstraints_dirname_p714 +permitted;dirName.715 = nameConstraints_dirname_p715 +permitted;dirName.716 = nameConstraints_dirname_p716 +permitted;dirName.717 = nameConstraints_dirname_p717 +permitted;dirName.718 = nameConstraints_dirname_p718 +permitted;dirName.719 = nameConstraints_dirname_p719 +permitted;dirName.720 = nameConstraints_dirname_p720 +permitted;dirName.721 = nameConstraints_dirname_p721 +permitted;dirName.722 = nameConstraints_dirname_p722 +permitted;dirName.723 = nameConstraints_dirname_p723 +permitted;dirName.724 = nameConstraints_dirname_p724 +permitted;dirName.725 = nameConstraints_dirname_p725 +permitted;dirName.726 = nameConstraints_dirname_p726 +permitted;dirName.727 = nameConstraints_dirname_p727 +permitted;dirName.728 = nameConstraints_dirname_p728 +permitted;dirName.729 = nameConstraints_dirname_p729 +permitted;dirName.730 = nameConstraints_dirname_p730 +permitted;dirName.731 = nameConstraints_dirname_p731 +permitted;dirName.732 = nameConstraints_dirname_p732 +permitted;dirName.733 = nameConstraints_dirname_p733 +permitted;dirName.734 = nameConstraints_dirname_p734 +permitted;dirName.735 = nameConstraints_dirname_p735 +permitted;dirName.736 = nameConstraints_dirname_p736 +permitted;dirName.737 = nameConstraints_dirname_p737 +permitted;dirName.738 = nameConstraints_dirname_p738 +permitted;dirName.739 = nameConstraints_dirname_p739 +permitted;dirName.740 = nameConstraints_dirname_p740 +permitted;dirName.741 = nameConstraints_dirname_p741 +permitted;dirName.742 = nameConstraints_dirname_p742 +permitted;dirName.743 = nameConstraints_dirname_p743 +permitted;dirName.744 = nameConstraints_dirname_p744 +permitted;dirName.745 = nameConstraints_dirname_p745 +permitted;dirName.746 = nameConstraints_dirname_p746 +permitted;dirName.747 = nameConstraints_dirname_p747 +permitted;dirName.748 = nameConstraints_dirname_p748 +permitted;dirName.749 = nameConstraints_dirname_p749 +permitted;dirName.750 = nameConstraints_dirname_p750 +permitted;dirName.751 = nameConstraints_dirname_p751 +permitted;dirName.752 = nameConstraints_dirname_p752 +permitted;dirName.753 = nameConstraints_dirname_p753 +permitted;dirName.754 = nameConstraints_dirname_p754 +permitted;dirName.755 = nameConstraints_dirname_p755 +permitted;dirName.756 = nameConstraints_dirname_p756 +permitted;dirName.757 = nameConstraints_dirname_p757 +permitted;dirName.758 = nameConstraints_dirname_p758 +permitted;dirName.759 = nameConstraints_dirname_p759 +permitted;dirName.760 = nameConstraints_dirname_p760 +permitted;dirName.761 = nameConstraints_dirname_p761 +permitted;dirName.762 = nameConstraints_dirname_p762 +permitted;dirName.763 = nameConstraints_dirname_p763 +permitted;dirName.764 = nameConstraints_dirname_p764 +permitted;dirName.765 = nameConstraints_dirname_p765 +permitted;dirName.766 = nameConstraints_dirname_p766 +permitted;dirName.767 = nameConstraints_dirname_p767 +permitted;dirName.768 = nameConstraints_dirname_p768 +permitted;dirName.769 = nameConstraints_dirname_p769 +permitted;dirName.770 = nameConstraints_dirname_p770 +permitted;dirName.771 = nameConstraints_dirname_p771 +permitted;dirName.772 = nameConstraints_dirname_p772 +permitted;dirName.773 = nameConstraints_dirname_p773 +permitted;dirName.774 = nameConstraints_dirname_p774 +permitted;dirName.775 = nameConstraints_dirname_p775 +permitted;dirName.776 = nameConstraints_dirname_p776 +permitted;dirName.777 = nameConstraints_dirname_p777 +permitted;dirName.778 = nameConstraints_dirname_p778 +permitted;dirName.779 = nameConstraints_dirname_p779 +permitted;dirName.780 = nameConstraints_dirname_p780 +permitted;dirName.781 = nameConstraints_dirname_p781 +permitted;dirName.782 = nameConstraints_dirname_p782 +permitted;dirName.783 = nameConstraints_dirname_p783 +permitted;dirName.784 = nameConstraints_dirname_p784 +permitted;dirName.785 = nameConstraints_dirname_p785 +permitted;dirName.786 = nameConstraints_dirname_p786 +permitted;dirName.787 = nameConstraints_dirname_p787 +permitted;dirName.788 = nameConstraints_dirname_p788 +permitted;dirName.789 = nameConstraints_dirname_p789 +permitted;dirName.790 = nameConstraints_dirname_p790 +permitted;dirName.791 = nameConstraints_dirname_p791 +permitted;dirName.792 = nameConstraints_dirname_p792 +permitted;dirName.793 = nameConstraints_dirname_p793 +permitted;dirName.794 = nameConstraints_dirname_p794 +permitted;dirName.795 = nameConstraints_dirname_p795 +permitted;dirName.796 = nameConstraints_dirname_p796 +permitted;dirName.797 = nameConstraints_dirname_p797 +permitted;dirName.798 = nameConstraints_dirname_p798 +permitted;dirName.799 = nameConstraints_dirname_p799 +permitted;dirName.800 = nameConstraints_dirname_p800 +permitted;dirName.801 = nameConstraints_dirname_p801 +permitted;dirName.802 = nameConstraints_dirname_p802 +permitted;dirName.803 = nameConstraints_dirname_p803 +permitted;dirName.804 = nameConstraints_dirname_p804 +permitted;dirName.805 = nameConstraints_dirname_p805 +permitted;dirName.806 = nameConstraints_dirname_p806 +permitted;dirName.807 = nameConstraints_dirname_p807 +permitted;dirName.808 = nameConstraints_dirname_p808 +permitted;dirName.809 = nameConstraints_dirname_p809 +permitted;dirName.810 = nameConstraints_dirname_p810 +permitted;dirName.811 = nameConstraints_dirname_p811 +permitted;dirName.812 = nameConstraints_dirname_p812 +permitted;dirName.813 = nameConstraints_dirname_p813 +permitted;dirName.814 = nameConstraints_dirname_p814 +permitted;dirName.815 = nameConstraints_dirname_p815 +permitted;dirName.816 = nameConstraints_dirname_p816 +permitted;dirName.817 = nameConstraints_dirname_p817 +permitted;dirName.818 = nameConstraints_dirname_p818 +permitted;dirName.819 = nameConstraints_dirname_p819 +permitted;dirName.820 = nameConstraints_dirname_p820 +permitted;dirName.821 = nameConstraints_dirname_p821 +permitted;dirName.822 = nameConstraints_dirname_p822 +permitted;dirName.823 = nameConstraints_dirname_p823 +permitted;dirName.824 = nameConstraints_dirname_p824 +permitted;dirName.825 = nameConstraints_dirname_p825 +permitted;dirName.826 = nameConstraints_dirname_p826 +permitted;dirName.827 = nameConstraints_dirname_p827 +permitted;dirName.828 = nameConstraints_dirname_p828 +permitted;dirName.829 = nameConstraints_dirname_p829 +permitted;dirName.830 = nameConstraints_dirname_p830 +permitted;dirName.831 = nameConstraints_dirname_p831 +permitted;dirName.832 = nameConstraints_dirname_p832 +permitted;dirName.833 = nameConstraints_dirname_p833 +permitted;dirName.834 = nameConstraints_dirname_p834 +permitted;dirName.835 = nameConstraints_dirname_p835 +permitted;dirName.836 = nameConstraints_dirname_p836 +permitted;dirName.837 = nameConstraints_dirname_p837 +permitted;dirName.838 = nameConstraints_dirname_p838 +permitted;dirName.839 = nameConstraints_dirname_p839 +permitted;dirName.840 = nameConstraints_dirname_p840 +permitted;dirName.841 = nameConstraints_dirname_p841 +permitted;dirName.842 = nameConstraints_dirname_p842 +permitted;dirName.843 = nameConstraints_dirname_p843 +permitted;dirName.844 = nameConstraints_dirname_p844 +permitted;dirName.845 = nameConstraints_dirname_p845 +permitted;dirName.846 = nameConstraints_dirname_p846 +permitted;dirName.847 = nameConstraints_dirname_p847 +permitted;dirName.848 = nameConstraints_dirname_p848 +permitted;dirName.849 = nameConstraints_dirname_p849 +permitted;dirName.850 = nameConstraints_dirname_p850 +permitted;dirName.851 = nameConstraints_dirname_p851 +permitted;dirName.852 = nameConstraints_dirname_p852 +permitted;dirName.853 = nameConstraints_dirname_p853 +permitted;dirName.854 = nameConstraints_dirname_p854 +permitted;dirName.855 = nameConstraints_dirname_p855 +permitted;dirName.856 = nameConstraints_dirname_p856 +permitted;dirName.857 = nameConstraints_dirname_p857 +permitted;dirName.858 = nameConstraints_dirname_p858 +permitted;dirName.859 = nameConstraints_dirname_p859 +permitted;dirName.860 = nameConstraints_dirname_p860 +permitted;dirName.861 = nameConstraints_dirname_p861 +permitted;dirName.862 = nameConstraints_dirname_p862 +permitted;dirName.863 = nameConstraints_dirname_p863 +permitted;dirName.864 = nameConstraints_dirname_p864 +permitted;dirName.865 = nameConstraints_dirname_p865 +permitted;dirName.866 = nameConstraints_dirname_p866 +permitted;dirName.867 = nameConstraints_dirname_p867 +permitted;dirName.868 = nameConstraints_dirname_p868 +permitted;dirName.869 = nameConstraints_dirname_p869 +permitted;dirName.870 = nameConstraints_dirname_p870 +permitted;dirName.871 = nameConstraints_dirname_p871 +permitted;dirName.872 = nameConstraints_dirname_p872 +permitted;dirName.873 = nameConstraints_dirname_p873 +permitted;dirName.874 = nameConstraints_dirname_p874 +permitted;dirName.875 = nameConstraints_dirname_p875 +permitted;dirName.876 = nameConstraints_dirname_p876 +permitted;dirName.877 = nameConstraints_dirname_p877 +permitted;dirName.878 = nameConstraints_dirname_p878 +permitted;dirName.879 = nameConstraints_dirname_p879 +permitted;dirName.880 = nameConstraints_dirname_p880 +permitted;dirName.881 = nameConstraints_dirname_p881 +permitted;dirName.882 = nameConstraints_dirname_p882 +permitted;dirName.883 = nameConstraints_dirname_p883 +permitted;dirName.884 = nameConstraints_dirname_p884 +permitted;dirName.885 = nameConstraints_dirname_p885 +permitted;dirName.886 = nameConstraints_dirname_p886 +permitted;dirName.887 = nameConstraints_dirname_p887 +permitted;dirName.888 = nameConstraints_dirname_p888 +permitted;dirName.889 = nameConstraints_dirname_p889 +permitted;dirName.890 = nameConstraints_dirname_p890 +permitted;dirName.891 = nameConstraints_dirname_p891 +permitted;dirName.892 = nameConstraints_dirname_p892 +permitted;dirName.893 = nameConstraints_dirname_p893 +permitted;dirName.894 = nameConstraints_dirname_p894 +permitted;dirName.895 = nameConstraints_dirname_p895 +permitted;dirName.896 = nameConstraints_dirname_p896 +permitted;dirName.897 = nameConstraints_dirname_p897 +permitted;dirName.898 = nameConstraints_dirname_p898 +permitted;dirName.899 = nameConstraints_dirname_p899 +permitted;dirName.900 = nameConstraints_dirname_p900 +permitted;dirName.901 = nameConstraints_dirname_p901 +permitted;dirName.902 = nameConstraints_dirname_p902 +permitted;dirName.903 = nameConstraints_dirname_p903 +permitted;dirName.904 = nameConstraints_dirname_p904 +permitted;dirName.905 = nameConstraints_dirname_p905 +permitted;dirName.906 = nameConstraints_dirname_p906 +permitted;dirName.907 = nameConstraints_dirname_p907 +permitted;dirName.908 = nameConstraints_dirname_p908 +permitted;dirName.909 = nameConstraints_dirname_p909 +permitted;dirName.910 = nameConstraints_dirname_p910 +permitted;dirName.911 = nameConstraints_dirname_p911 +permitted;dirName.912 = nameConstraints_dirname_p912 +permitted;dirName.913 = nameConstraints_dirname_p913 +permitted;dirName.914 = nameConstraints_dirname_p914 +permitted;dirName.915 = nameConstraints_dirname_p915 +permitted;dirName.916 = nameConstraints_dirname_p916 +permitted;dirName.917 = nameConstraints_dirname_p917 +permitted;dirName.918 = nameConstraints_dirname_p918 +permitted;dirName.919 = nameConstraints_dirname_p919 +permitted;dirName.920 = nameConstraints_dirname_p920 +permitted;dirName.921 = nameConstraints_dirname_p921 +permitted;dirName.922 = nameConstraints_dirname_p922 +permitted;dirName.923 = nameConstraints_dirname_p923 +permitted;dirName.924 = nameConstraints_dirname_p924 +permitted;dirName.925 = nameConstraints_dirname_p925 +permitted;dirName.926 = nameConstraints_dirname_p926 +permitted;dirName.927 = nameConstraints_dirname_p927 +permitted;dirName.928 = nameConstraints_dirname_p928 +permitted;dirName.929 = nameConstraints_dirname_p929 +permitted;dirName.930 = nameConstraints_dirname_p930 +permitted;dirName.931 = nameConstraints_dirname_p931 +permitted;dirName.932 = nameConstraints_dirname_p932 +permitted;dirName.933 = nameConstraints_dirname_p933 +permitted;dirName.934 = nameConstraints_dirname_p934 +permitted;dirName.935 = nameConstraints_dirname_p935 +permitted;dirName.936 = nameConstraints_dirname_p936 +permitted;dirName.937 = nameConstraints_dirname_p937 +permitted;dirName.938 = nameConstraints_dirname_p938 +permitted;dirName.939 = nameConstraints_dirname_p939 +permitted;dirName.940 = nameConstraints_dirname_p940 +permitted;dirName.941 = nameConstraints_dirname_p941 +permitted;dirName.942 = nameConstraints_dirname_p942 +permitted;dirName.943 = nameConstraints_dirname_p943 +permitted;dirName.944 = nameConstraints_dirname_p944 +permitted;dirName.945 = nameConstraints_dirname_p945 +permitted;dirName.946 = nameConstraints_dirname_p946 +permitted;dirName.947 = nameConstraints_dirname_p947 +permitted;dirName.948 = nameConstraints_dirname_p948 +permitted;dirName.949 = nameConstraints_dirname_p949 +permitted;dirName.950 = nameConstraints_dirname_p950 +permitted;dirName.951 = nameConstraints_dirname_p951 +permitted;dirName.952 = nameConstraints_dirname_p952 +permitted;dirName.953 = nameConstraints_dirname_p953 +permitted;dirName.954 = nameConstraints_dirname_p954 +permitted;dirName.955 = nameConstraints_dirname_p955 +permitted;dirName.956 = nameConstraints_dirname_p956 +permitted;dirName.957 = nameConstraints_dirname_p957 +permitted;dirName.958 = nameConstraints_dirname_p958 +permitted;dirName.959 = nameConstraints_dirname_p959 +permitted;dirName.960 = nameConstraints_dirname_p960 +permitted;dirName.961 = nameConstraints_dirname_p961 +permitted;dirName.962 = nameConstraints_dirname_p962 +permitted;dirName.963 = nameConstraints_dirname_p963 +permitted;dirName.964 = nameConstraints_dirname_p964 +permitted;dirName.965 = nameConstraints_dirname_p965 +permitted;dirName.966 = nameConstraints_dirname_p966 +permitted;dirName.967 = nameConstraints_dirname_p967 +permitted;dirName.968 = nameConstraints_dirname_p968 +permitted;dirName.969 = nameConstraints_dirname_p969 +permitted;dirName.970 = nameConstraints_dirname_p970 +permitted;dirName.971 = nameConstraints_dirname_p971 +permitted;dirName.972 = nameConstraints_dirname_p972 +permitted;dirName.973 = nameConstraints_dirname_p973 +permitted;dirName.974 = nameConstraints_dirname_p974 +permitted;dirName.975 = nameConstraints_dirname_p975 +permitted;dirName.976 = nameConstraints_dirname_p976 +permitted;dirName.977 = nameConstraints_dirname_p977 +permitted;dirName.978 = nameConstraints_dirname_p978 +permitted;dirName.979 = nameConstraints_dirname_p979 +permitted;dirName.980 = nameConstraints_dirname_p980 +permitted;dirName.981 = nameConstraints_dirname_p981 +permitted;dirName.982 = nameConstraints_dirname_p982 +permitted;dirName.983 = nameConstraints_dirname_p983 +permitted;dirName.984 = nameConstraints_dirname_p984 +permitted;dirName.985 = nameConstraints_dirname_p985 +permitted;dirName.986 = nameConstraints_dirname_p986 +permitted;dirName.987 = nameConstraints_dirname_p987 +permitted;dirName.988 = nameConstraints_dirname_p988 +permitted;dirName.989 = nameConstraints_dirname_p989 +permitted;dirName.990 = nameConstraints_dirname_p990 +permitted;dirName.991 = nameConstraints_dirname_p991 +permitted;dirName.992 = nameConstraints_dirname_p992 +permitted;dirName.993 = nameConstraints_dirname_p993 +permitted;dirName.994 = nameConstraints_dirname_p994 +permitted;dirName.995 = nameConstraints_dirname_p995 +permitted;dirName.996 = nameConstraints_dirname_p996 +permitted;dirName.997 = nameConstraints_dirname_p997 +permitted;dirName.998 = nameConstraints_dirname_p998 +permitted;dirName.999 = nameConstraints_dirname_p999 +permitted;dirName.1000 = nameConstraints_dirname_p1000 +permitted;dirName.1001 = nameConstraints_dirname_p1001 +permitted;dirName.1002 = nameConstraints_dirname_p1002 +permitted;dirName.1003 = nameConstraints_dirname_p1003 +permitted;dirName.1004 = nameConstraints_dirname_p1004 +permitted;dirName.1005 = nameConstraints_dirname_p1005 +permitted;dirName.1006 = nameConstraints_dirname_p1006 +permitted;dirName.1007 = nameConstraints_dirname_p1007 +permitted;dirName.1008 = nameConstraints_dirname_p1008 +permitted;dirName.1009 = nameConstraints_dirname_p1009 +permitted;dirName.1010 = nameConstraints_dirname_p1010 +permitted;dirName.1011 = nameConstraints_dirname_p1011 +permitted;dirName.1012 = nameConstraints_dirname_p1012 +permitted;dirName.1013 = nameConstraints_dirname_p1013 +permitted;dirName.1014 = nameConstraints_dirname_p1014 +permitted;dirName.1015 = nameConstraints_dirname_p1015 +permitted;dirName.1016 = nameConstraints_dirname_p1016 +permitted;dirName.1017 = nameConstraints_dirname_p1017 +permitted;dirName.1018 = nameConstraints_dirname_p1018 +permitted;dirName.1019 = nameConstraints_dirname_p1019 +permitted;dirName.1020 = nameConstraints_dirname_p1020 +permitted;dirName.1021 = nameConstraints_dirname_p1021 +permitted;dirName.1022 = nameConstraints_dirname_p1022 +permitted;dirName.1023 = nameConstraints_dirname_p1023 +permitted;dirName.1024 = nameConstraints_dirname_p1024 +permitted;dirName.1025 = nameConstraints_dirname_p1025 + +[nameConstraints_dirname_p1] +commonName = "t0 + +[nameConstraints_dirname_p2] +commonName = "t1 + +[nameConstraints_dirname_p3] +commonName = "t2 + +[nameConstraints_dirname_p4] +commonName = "t3 + +[nameConstraints_dirname_p5] +commonName = "t4 + +[nameConstraints_dirname_p6] +commonName = "t5 + +[nameConstraints_dirname_p7] +commonName = "t6 + +[nameConstraints_dirname_p8] +commonName = "t7 + +[nameConstraints_dirname_p9] +commonName = "t8 + +[nameConstraints_dirname_p10] +commonName = "t9 + +[nameConstraints_dirname_p11] +commonName = "t10 + +[nameConstraints_dirname_p12] +commonName = "t11 + +[nameConstraints_dirname_p13] +commonName = "t12 + +[nameConstraints_dirname_p14] +commonName = "t13 + +[nameConstraints_dirname_p15] +commonName = "t14 + +[nameConstraints_dirname_p16] +commonName = "t15 + +[nameConstraints_dirname_p17] +commonName = "t16 + +[nameConstraints_dirname_p18] +commonName = "t17 + +[nameConstraints_dirname_p19] +commonName = "t18 + +[nameConstraints_dirname_p20] +commonName = "t19 + +[nameConstraints_dirname_p21] +commonName = "t20 + +[nameConstraints_dirname_p22] +commonName = "t21 + +[nameConstraints_dirname_p23] +commonName = "t22 + +[nameConstraints_dirname_p24] +commonName = "t23 + +[nameConstraints_dirname_p25] +commonName = "t24 + +[nameConstraints_dirname_p26] +commonName = "t25 + +[nameConstraints_dirname_p27] +commonName = "t26 + +[nameConstraints_dirname_p28] +commonName = "t27 + +[nameConstraints_dirname_p29] +commonName = "t28 + +[nameConstraints_dirname_p30] +commonName = "t29 + +[nameConstraints_dirname_p31] +commonName = "t30 + +[nameConstraints_dirname_p32] +commonName = "t31 + +[nameConstraints_dirname_p33] +commonName = "t32 + +[nameConstraints_dirname_p34] +commonName = "t33 + +[nameConstraints_dirname_p35] +commonName = "t34 + +[nameConstraints_dirname_p36] +commonName = "t35 + +[nameConstraints_dirname_p37] +commonName = "t36 + +[nameConstraints_dirname_p38] +commonName = "t37 + +[nameConstraints_dirname_p39] +commonName = "t38 + +[nameConstraints_dirname_p40] +commonName = "t39 + +[nameConstraints_dirname_p41] +commonName = "t40 + +[nameConstraints_dirname_p42] +commonName = "t41 + +[nameConstraints_dirname_p43] +commonName = "t42 + +[nameConstraints_dirname_p44] +commonName = "t43 + +[nameConstraints_dirname_p45] +commonName = "t44 + +[nameConstraints_dirname_p46] +commonName = "t45 + +[nameConstraints_dirname_p47] +commonName = "t46 + +[nameConstraints_dirname_p48] +commonName = "t47 + +[nameConstraints_dirname_p49] +commonName = "t48 + +[nameConstraints_dirname_p50] +commonName = "t49 + +[nameConstraints_dirname_p51] +commonName = "t50 + +[nameConstraints_dirname_p52] +commonName = "t51 + +[nameConstraints_dirname_p53] +commonName = "t52 + +[nameConstraints_dirname_p54] +commonName = "t53 + +[nameConstraints_dirname_p55] +commonName = "t54 + +[nameConstraints_dirname_p56] +commonName = "t55 + +[nameConstraints_dirname_p57] +commonName = "t56 + +[nameConstraints_dirname_p58] +commonName = "t57 + +[nameConstraints_dirname_p59] +commonName = "t58 + +[nameConstraints_dirname_p60] +commonName = "t59 + +[nameConstraints_dirname_p61] +commonName = "t60 + +[nameConstraints_dirname_p62] +commonName = "t61 + +[nameConstraints_dirname_p63] +commonName = "t62 + +[nameConstraints_dirname_p64] +commonName = "t63 + +[nameConstraints_dirname_p65] +commonName = "t64 + +[nameConstraints_dirname_p66] +commonName = "t65 + +[nameConstraints_dirname_p67] +commonName = "t66 + +[nameConstraints_dirname_p68] +commonName = "t67 + +[nameConstraints_dirname_p69] +commonName = "t68 + +[nameConstraints_dirname_p70] +commonName = "t69 + +[nameConstraints_dirname_p71] +commonName = "t70 + +[nameConstraints_dirname_p72] +commonName = "t71 + +[nameConstraints_dirname_p73] +commonName = "t72 + +[nameConstraints_dirname_p74] +commonName = "t73 + +[nameConstraints_dirname_p75] +commonName = "t74 + +[nameConstraints_dirname_p76] +commonName = "t75 + +[nameConstraints_dirname_p77] +commonName = "t76 + +[nameConstraints_dirname_p78] +commonName = "t77 + +[nameConstraints_dirname_p79] +commonName = "t78 + +[nameConstraints_dirname_p80] +commonName = "t79 + +[nameConstraints_dirname_p81] +commonName = "t80 + +[nameConstraints_dirname_p82] +commonName = "t81 + +[nameConstraints_dirname_p83] +commonName = "t82 + +[nameConstraints_dirname_p84] +commonName = "t83 + +[nameConstraints_dirname_p85] +commonName = "t84 + +[nameConstraints_dirname_p86] +commonName = "t85 + +[nameConstraints_dirname_p87] +commonName = "t86 + +[nameConstraints_dirname_p88] +commonName = "t87 + +[nameConstraints_dirname_p89] +commonName = "t88 + +[nameConstraints_dirname_p90] +commonName = "t89 + +[nameConstraints_dirname_p91] +commonName = "t90 + +[nameConstraints_dirname_p92] +commonName = "t91 + +[nameConstraints_dirname_p93] +commonName = "t92 + +[nameConstraints_dirname_p94] +commonName = "t93 + +[nameConstraints_dirname_p95] +commonName = "t94 + +[nameConstraints_dirname_p96] +commonName = "t95 + +[nameConstraints_dirname_p97] +commonName = "t96 + +[nameConstraints_dirname_p98] +commonName = "t97 + +[nameConstraints_dirname_p99] +commonName = "t98 + +[nameConstraints_dirname_p100] +commonName = "t99 + +[nameConstraints_dirname_p101] +commonName = "t100 + +[nameConstraints_dirname_p102] +commonName = "t101 + +[nameConstraints_dirname_p103] +commonName = "t102 + +[nameConstraints_dirname_p104] +commonName = "t103 + +[nameConstraints_dirname_p105] +commonName = "t104 + +[nameConstraints_dirname_p106] +commonName = "t105 + +[nameConstraints_dirname_p107] +commonName = "t106 + +[nameConstraints_dirname_p108] +commonName = "t107 + +[nameConstraints_dirname_p109] +commonName = "t108 + +[nameConstraints_dirname_p110] +commonName = "t109 + +[nameConstraints_dirname_p111] +commonName = "t110 + +[nameConstraints_dirname_p112] +commonName = "t111 + +[nameConstraints_dirname_p113] +commonName = "t112 + +[nameConstraints_dirname_p114] +commonName = "t113 + +[nameConstraints_dirname_p115] +commonName = "t114 + +[nameConstraints_dirname_p116] +commonName = "t115 + +[nameConstraints_dirname_p117] +commonName = "t116 + +[nameConstraints_dirname_p118] +commonName = "t117 + +[nameConstraints_dirname_p119] +commonName = "t118 + +[nameConstraints_dirname_p120] +commonName = "t119 + +[nameConstraints_dirname_p121] +commonName = "t120 + +[nameConstraints_dirname_p122] +commonName = "t121 + +[nameConstraints_dirname_p123] +commonName = "t122 + +[nameConstraints_dirname_p124] +commonName = "t123 + +[nameConstraints_dirname_p125] +commonName = "t124 + +[nameConstraints_dirname_p126] +commonName = "t125 + +[nameConstraints_dirname_p127] +commonName = "t126 + +[nameConstraints_dirname_p128] +commonName = "t127 + +[nameConstraints_dirname_p129] +commonName = "t128 + +[nameConstraints_dirname_p130] +commonName = "t129 + +[nameConstraints_dirname_p131] +commonName = "t130 + +[nameConstraints_dirname_p132] +commonName = "t131 + +[nameConstraints_dirname_p133] +commonName = "t132 + +[nameConstraints_dirname_p134] +commonName = "t133 + +[nameConstraints_dirname_p135] +commonName = "t134 + +[nameConstraints_dirname_p136] +commonName = "t135 + +[nameConstraints_dirname_p137] +commonName = "t136 + +[nameConstraints_dirname_p138] +commonName = "t137 + +[nameConstraints_dirname_p139] +commonName = "t138 + +[nameConstraints_dirname_p140] +commonName = "t139 + +[nameConstraints_dirname_p141] +commonName = "t140 + +[nameConstraints_dirname_p142] +commonName = "t141 + +[nameConstraints_dirname_p143] +commonName = "t142 + +[nameConstraints_dirname_p144] +commonName = "t143 + +[nameConstraints_dirname_p145] +commonName = "t144 + +[nameConstraints_dirname_p146] +commonName = "t145 + +[nameConstraints_dirname_p147] +commonName = "t146 + +[nameConstraints_dirname_p148] +commonName = "t147 + +[nameConstraints_dirname_p149] +commonName = "t148 + +[nameConstraints_dirname_p150] +commonName = "t149 + +[nameConstraints_dirname_p151] +commonName = "t150 + +[nameConstraints_dirname_p152] +commonName = "t151 + +[nameConstraints_dirname_p153] +commonName = "t152 + +[nameConstraints_dirname_p154] +commonName = "t153 + +[nameConstraints_dirname_p155] +commonName = "t154 + +[nameConstraints_dirname_p156] +commonName = "t155 + +[nameConstraints_dirname_p157] +commonName = "t156 + +[nameConstraints_dirname_p158] +commonName = "t157 + +[nameConstraints_dirname_p159] +commonName = "t158 + +[nameConstraints_dirname_p160] +commonName = "t159 + +[nameConstraints_dirname_p161] +commonName = "t160 + +[nameConstraints_dirname_p162] +commonName = "t161 + +[nameConstraints_dirname_p163] +commonName = "t162 + +[nameConstraints_dirname_p164] +commonName = "t163 + +[nameConstraints_dirname_p165] +commonName = "t164 + +[nameConstraints_dirname_p166] +commonName = "t165 + +[nameConstraints_dirname_p167] +commonName = "t166 + +[nameConstraints_dirname_p168] +commonName = "t167 + +[nameConstraints_dirname_p169] +commonName = "t168 + +[nameConstraints_dirname_p170] +commonName = "t169 + +[nameConstraints_dirname_p171] +commonName = "t170 + +[nameConstraints_dirname_p172] +commonName = "t171 + +[nameConstraints_dirname_p173] +commonName = "t172 + +[nameConstraints_dirname_p174] +commonName = "t173 + +[nameConstraints_dirname_p175] +commonName = "t174 + +[nameConstraints_dirname_p176] +commonName = "t175 + +[nameConstraints_dirname_p177] +commonName = "t176 + +[nameConstraints_dirname_p178] +commonName = "t177 + +[nameConstraints_dirname_p179] +commonName = "t178 + +[nameConstraints_dirname_p180] +commonName = "t179 + +[nameConstraints_dirname_p181] +commonName = "t180 + +[nameConstraints_dirname_p182] +commonName = "t181 + +[nameConstraints_dirname_p183] +commonName = "t182 + +[nameConstraints_dirname_p184] +commonName = "t183 + +[nameConstraints_dirname_p185] +commonName = "t184 + +[nameConstraints_dirname_p186] +commonName = "t185 + +[nameConstraints_dirname_p187] +commonName = "t186 + +[nameConstraints_dirname_p188] +commonName = "t187 + +[nameConstraints_dirname_p189] +commonName = "t188 + +[nameConstraints_dirname_p190] +commonName = "t189 + +[nameConstraints_dirname_p191] +commonName = "t190 + +[nameConstraints_dirname_p192] +commonName = "t191 + +[nameConstraints_dirname_p193] +commonName = "t192 + +[nameConstraints_dirname_p194] +commonName = "t193 + +[nameConstraints_dirname_p195] +commonName = "t194 + +[nameConstraints_dirname_p196] +commonName = "t195 + +[nameConstraints_dirname_p197] +commonName = "t196 + +[nameConstraints_dirname_p198] +commonName = "t197 + +[nameConstraints_dirname_p199] +commonName = "t198 + +[nameConstraints_dirname_p200] +commonName = "t199 + +[nameConstraints_dirname_p201] +commonName = "t200 + +[nameConstraints_dirname_p202] +commonName = "t201 + +[nameConstraints_dirname_p203] +commonName = "t202 + +[nameConstraints_dirname_p204] +commonName = "t203 + +[nameConstraints_dirname_p205] +commonName = "t204 + +[nameConstraints_dirname_p206] +commonName = "t205 + +[nameConstraints_dirname_p207] +commonName = "t206 + +[nameConstraints_dirname_p208] +commonName = "t207 + +[nameConstraints_dirname_p209] +commonName = "t208 + +[nameConstraints_dirname_p210] +commonName = "t209 + +[nameConstraints_dirname_p211] +commonName = "t210 + +[nameConstraints_dirname_p212] +commonName = "t211 + +[nameConstraints_dirname_p213] +commonName = "t212 + +[nameConstraints_dirname_p214] +commonName = "t213 + +[nameConstraints_dirname_p215] +commonName = "t214 + +[nameConstraints_dirname_p216] +commonName = "t215 + +[nameConstraints_dirname_p217] +commonName = "t216 + +[nameConstraints_dirname_p218] +commonName = "t217 + +[nameConstraints_dirname_p219] +commonName = "t218 + +[nameConstraints_dirname_p220] +commonName = "t219 + +[nameConstraints_dirname_p221] +commonName = "t220 + +[nameConstraints_dirname_p222] +commonName = "t221 + +[nameConstraints_dirname_p223] +commonName = "t222 + +[nameConstraints_dirname_p224] +commonName = "t223 + +[nameConstraints_dirname_p225] +commonName = "t224 + +[nameConstraints_dirname_p226] +commonName = "t225 + +[nameConstraints_dirname_p227] +commonName = "t226 + +[nameConstraints_dirname_p228] +commonName = "t227 + +[nameConstraints_dirname_p229] +commonName = "t228 + +[nameConstraints_dirname_p230] +commonName = "t229 + +[nameConstraints_dirname_p231] +commonName = "t230 + +[nameConstraints_dirname_p232] +commonName = "t231 + +[nameConstraints_dirname_p233] +commonName = "t232 + +[nameConstraints_dirname_p234] +commonName = "t233 + +[nameConstraints_dirname_p235] +commonName = "t234 + +[nameConstraints_dirname_p236] +commonName = "t235 + +[nameConstraints_dirname_p237] +commonName = "t236 + +[nameConstraints_dirname_p238] +commonName = "t237 + +[nameConstraints_dirname_p239] +commonName = "t238 + +[nameConstraints_dirname_p240] +commonName = "t239 + +[nameConstraints_dirname_p241] +commonName = "t240 + +[nameConstraints_dirname_p242] +commonName = "t241 + +[nameConstraints_dirname_p243] +commonName = "t242 + +[nameConstraints_dirname_p244] +commonName = "t243 + +[nameConstraints_dirname_p245] +commonName = "t244 + +[nameConstraints_dirname_p246] +commonName = "t245 + +[nameConstraints_dirname_p247] +commonName = "t246 + +[nameConstraints_dirname_p248] +commonName = "t247 + +[nameConstraints_dirname_p249] +commonName = "t248 + +[nameConstraints_dirname_p250] +commonName = "t249 + +[nameConstraints_dirname_p251] +commonName = "t250 + +[nameConstraints_dirname_p252] +commonName = "t251 + +[nameConstraints_dirname_p253] +commonName = "t252 + +[nameConstraints_dirname_p254] +commonName = "t253 + +[nameConstraints_dirname_p255] +commonName = "t254 + +[nameConstraints_dirname_p256] +commonName = "t255 + +[nameConstraints_dirname_p257] +commonName = "t256 + +[nameConstraints_dirname_p258] +commonName = "t257 + +[nameConstraints_dirname_p259] +commonName = "t258 + +[nameConstraints_dirname_p260] +commonName = "t259 + +[nameConstraints_dirname_p261] +commonName = "t260 + +[nameConstraints_dirname_p262] +commonName = "t261 + +[nameConstraints_dirname_p263] +commonName = "t262 + +[nameConstraints_dirname_p264] +commonName = "t263 + +[nameConstraints_dirname_p265] +commonName = "t264 + +[nameConstraints_dirname_p266] +commonName = "t265 + +[nameConstraints_dirname_p267] +commonName = "t266 + +[nameConstraints_dirname_p268] +commonName = "t267 + +[nameConstraints_dirname_p269] +commonName = "t268 + +[nameConstraints_dirname_p270] +commonName = "t269 + +[nameConstraints_dirname_p271] +commonName = "t270 + +[nameConstraints_dirname_p272] +commonName = "t271 + +[nameConstraints_dirname_p273] +commonName = "t272 + +[nameConstraints_dirname_p274] +commonName = "t273 + +[nameConstraints_dirname_p275] +commonName = "t274 + +[nameConstraints_dirname_p276] +commonName = "t275 + +[nameConstraints_dirname_p277] +commonName = "t276 + +[nameConstraints_dirname_p278] +commonName = "t277 + +[nameConstraints_dirname_p279] +commonName = "t278 + +[nameConstraints_dirname_p280] +commonName = "t279 + +[nameConstraints_dirname_p281] +commonName = "t280 + +[nameConstraints_dirname_p282] +commonName = "t281 + +[nameConstraints_dirname_p283] +commonName = "t282 + +[nameConstraints_dirname_p284] +commonName = "t283 + +[nameConstraints_dirname_p285] +commonName = "t284 + +[nameConstraints_dirname_p286] +commonName = "t285 + +[nameConstraints_dirname_p287] +commonName = "t286 + +[nameConstraints_dirname_p288] +commonName = "t287 + +[nameConstraints_dirname_p289] +commonName = "t288 + +[nameConstraints_dirname_p290] +commonName = "t289 + +[nameConstraints_dirname_p291] +commonName = "t290 + +[nameConstraints_dirname_p292] +commonName = "t291 + +[nameConstraints_dirname_p293] +commonName = "t292 + +[nameConstraints_dirname_p294] +commonName = "t293 + +[nameConstraints_dirname_p295] +commonName = "t294 + +[nameConstraints_dirname_p296] +commonName = "t295 + +[nameConstraints_dirname_p297] +commonName = "t296 + +[nameConstraints_dirname_p298] +commonName = "t297 + +[nameConstraints_dirname_p299] +commonName = "t298 + +[nameConstraints_dirname_p300] +commonName = "t299 + +[nameConstraints_dirname_p301] +commonName = "t300 + +[nameConstraints_dirname_p302] +commonName = "t301 + +[nameConstraints_dirname_p303] +commonName = "t302 + +[nameConstraints_dirname_p304] +commonName = "t303 + +[nameConstraints_dirname_p305] +commonName = "t304 + +[nameConstraints_dirname_p306] +commonName = "t305 + +[nameConstraints_dirname_p307] +commonName = "t306 + +[nameConstraints_dirname_p308] +commonName = "t307 + +[nameConstraints_dirname_p309] +commonName = "t308 + +[nameConstraints_dirname_p310] +commonName = "t309 + +[nameConstraints_dirname_p311] +commonName = "t310 + +[nameConstraints_dirname_p312] +commonName = "t311 + +[nameConstraints_dirname_p313] +commonName = "t312 + +[nameConstraints_dirname_p314] +commonName = "t313 + +[nameConstraints_dirname_p315] +commonName = "t314 + +[nameConstraints_dirname_p316] +commonName = "t315 + +[nameConstraints_dirname_p317] +commonName = "t316 + +[nameConstraints_dirname_p318] +commonName = "t317 + +[nameConstraints_dirname_p319] +commonName = "t318 + +[nameConstraints_dirname_p320] +commonName = "t319 + +[nameConstraints_dirname_p321] +commonName = "t320 + +[nameConstraints_dirname_p322] +commonName = "t321 + +[nameConstraints_dirname_p323] +commonName = "t322 + +[nameConstraints_dirname_p324] +commonName = "t323 + +[nameConstraints_dirname_p325] +commonName = "t324 + +[nameConstraints_dirname_p326] +commonName = "t325 + +[nameConstraints_dirname_p327] +commonName = "t326 + +[nameConstraints_dirname_p328] +commonName = "t327 + +[nameConstraints_dirname_p329] +commonName = "t328 + +[nameConstraints_dirname_p330] +commonName = "t329 + +[nameConstraints_dirname_p331] +commonName = "t330 + +[nameConstraints_dirname_p332] +commonName = "t331 + +[nameConstraints_dirname_p333] +commonName = "t332 + +[nameConstraints_dirname_p334] +commonName = "t333 + +[nameConstraints_dirname_p335] +commonName = "t334 + +[nameConstraints_dirname_p336] +commonName = "t335 + +[nameConstraints_dirname_p337] +commonName = "t336 + +[nameConstraints_dirname_p338] +commonName = "t337 + +[nameConstraints_dirname_p339] +commonName = "t338 + +[nameConstraints_dirname_p340] +commonName = "t339 + +[nameConstraints_dirname_p341] +commonName = "t340 + +[nameConstraints_dirname_p342] +commonName = "t341 + +[nameConstraints_dirname_p343] +commonName = "t342 + +[nameConstraints_dirname_p344] +commonName = "t343 + +[nameConstraints_dirname_p345] +commonName = "t344 + +[nameConstraints_dirname_p346] +commonName = "t345 + +[nameConstraints_dirname_p347] +commonName = "t346 + +[nameConstraints_dirname_p348] +commonName = "t347 + +[nameConstraints_dirname_p349] +commonName = "t348 + +[nameConstraints_dirname_p350] +commonName = "t349 + +[nameConstraints_dirname_p351] +commonName = "t350 + +[nameConstraints_dirname_p352] +commonName = "t351 + +[nameConstraints_dirname_p353] +commonName = "t352 + +[nameConstraints_dirname_p354] +commonName = "t353 + +[nameConstraints_dirname_p355] +commonName = "t354 + +[nameConstraints_dirname_p356] +commonName = "t355 + +[nameConstraints_dirname_p357] +commonName = "t356 + +[nameConstraints_dirname_p358] +commonName = "t357 + +[nameConstraints_dirname_p359] +commonName = "t358 + +[nameConstraints_dirname_p360] +commonName = "t359 + +[nameConstraints_dirname_p361] +commonName = "t360 + +[nameConstraints_dirname_p362] +commonName = "t361 + +[nameConstraints_dirname_p363] +commonName = "t362 + +[nameConstraints_dirname_p364] +commonName = "t363 + +[nameConstraints_dirname_p365] +commonName = "t364 + +[nameConstraints_dirname_p366] +commonName = "t365 + +[nameConstraints_dirname_p367] +commonName = "t366 + +[nameConstraints_dirname_p368] +commonName = "t367 + +[nameConstraints_dirname_p369] +commonName = "t368 + +[nameConstraints_dirname_p370] +commonName = "t369 + +[nameConstraints_dirname_p371] +commonName = "t370 + +[nameConstraints_dirname_p372] +commonName = "t371 + +[nameConstraints_dirname_p373] +commonName = "t372 + +[nameConstraints_dirname_p374] +commonName = "t373 + +[nameConstraints_dirname_p375] +commonName = "t374 + +[nameConstraints_dirname_p376] +commonName = "t375 + +[nameConstraints_dirname_p377] +commonName = "t376 + +[nameConstraints_dirname_p378] +commonName = "t377 + +[nameConstraints_dirname_p379] +commonName = "t378 + +[nameConstraints_dirname_p380] +commonName = "t379 + +[nameConstraints_dirname_p381] +commonName = "t380 + +[nameConstraints_dirname_p382] +commonName = "t381 + +[nameConstraints_dirname_p383] +commonName = "t382 + +[nameConstraints_dirname_p384] +commonName = "t383 + +[nameConstraints_dirname_p385] +commonName = "t384 + +[nameConstraints_dirname_p386] +commonName = "t385 + +[nameConstraints_dirname_p387] +commonName = "t386 + +[nameConstraints_dirname_p388] +commonName = "t387 + +[nameConstraints_dirname_p389] +commonName = "t388 + +[nameConstraints_dirname_p390] +commonName = "t389 + +[nameConstraints_dirname_p391] +commonName = "t390 + +[nameConstraints_dirname_p392] +commonName = "t391 + +[nameConstraints_dirname_p393] +commonName = "t392 + +[nameConstraints_dirname_p394] +commonName = "t393 + +[nameConstraints_dirname_p395] +commonName = "t394 + +[nameConstraints_dirname_p396] +commonName = "t395 + +[nameConstraints_dirname_p397] +commonName = "t396 + +[nameConstraints_dirname_p398] +commonName = "t397 + +[nameConstraints_dirname_p399] +commonName = "t398 + +[nameConstraints_dirname_p400] +commonName = "t399 + +[nameConstraints_dirname_p401] +commonName = "t400 + +[nameConstraints_dirname_p402] +commonName = "t401 + +[nameConstraints_dirname_p403] +commonName = "t402 + +[nameConstraints_dirname_p404] +commonName = "t403 + +[nameConstraints_dirname_p405] +commonName = "t404 + +[nameConstraints_dirname_p406] +commonName = "t405 + +[nameConstraints_dirname_p407] +commonName = "t406 + +[nameConstraints_dirname_p408] +commonName = "t407 + +[nameConstraints_dirname_p409] +commonName = "t408 + +[nameConstraints_dirname_p410] +commonName = "t409 + +[nameConstraints_dirname_p411] +commonName = "t410 + +[nameConstraints_dirname_p412] +commonName = "t411 + +[nameConstraints_dirname_p413] +commonName = "t412 + +[nameConstraints_dirname_p414] +commonName = "t413 + +[nameConstraints_dirname_p415] +commonName = "t414 + +[nameConstraints_dirname_p416] +commonName = "t415 + +[nameConstraints_dirname_p417] +commonName = "t416 + +[nameConstraints_dirname_p418] +commonName = "t417 + +[nameConstraints_dirname_p419] +commonName = "t418 + +[nameConstraints_dirname_p420] +commonName = "t419 + +[nameConstraints_dirname_p421] +commonName = "t420 + +[nameConstraints_dirname_p422] +commonName = "t421 + +[nameConstraints_dirname_p423] +commonName = "t422 + +[nameConstraints_dirname_p424] +commonName = "t423 + +[nameConstraints_dirname_p425] +commonName = "t424 + +[nameConstraints_dirname_p426] +commonName = "t425 + +[nameConstraints_dirname_p427] +commonName = "t426 + +[nameConstraints_dirname_p428] +commonName = "t427 + +[nameConstraints_dirname_p429] +commonName = "t428 + +[nameConstraints_dirname_p430] +commonName = "t429 + +[nameConstraints_dirname_p431] +commonName = "t430 + +[nameConstraints_dirname_p432] +commonName = "t431 + +[nameConstraints_dirname_p433] +commonName = "t432 + +[nameConstraints_dirname_p434] +commonName = "t433 + +[nameConstraints_dirname_p435] +commonName = "t434 + +[nameConstraints_dirname_p436] +commonName = "t435 + +[nameConstraints_dirname_p437] +commonName = "t436 + +[nameConstraints_dirname_p438] +commonName = "t437 + +[nameConstraints_dirname_p439] +commonName = "t438 + +[nameConstraints_dirname_p440] +commonName = "t439 + +[nameConstraints_dirname_p441] +commonName = "t440 + +[nameConstraints_dirname_p442] +commonName = "t441 + +[nameConstraints_dirname_p443] +commonName = "t442 + +[nameConstraints_dirname_p444] +commonName = "t443 + +[nameConstraints_dirname_p445] +commonName = "t444 + +[nameConstraints_dirname_p446] +commonName = "t445 + +[nameConstraints_dirname_p447] +commonName = "t446 + +[nameConstraints_dirname_p448] +commonName = "t447 + +[nameConstraints_dirname_p449] +commonName = "t448 + +[nameConstraints_dirname_p450] +commonName = "t449 + +[nameConstraints_dirname_p451] +commonName = "t450 + +[nameConstraints_dirname_p452] +commonName = "t451 + +[nameConstraints_dirname_p453] +commonName = "t452 + +[nameConstraints_dirname_p454] +commonName = "t453 + +[nameConstraints_dirname_p455] +commonName = "t454 + +[nameConstraints_dirname_p456] +commonName = "t455 + +[nameConstraints_dirname_p457] +commonName = "t456 + +[nameConstraints_dirname_p458] +commonName = "t457 + +[nameConstraints_dirname_p459] +commonName = "t458 + +[nameConstraints_dirname_p460] +commonName = "t459 + +[nameConstraints_dirname_p461] +commonName = "t460 + +[nameConstraints_dirname_p462] +commonName = "t461 + +[nameConstraints_dirname_p463] +commonName = "t462 + +[nameConstraints_dirname_p464] +commonName = "t463 + +[nameConstraints_dirname_p465] +commonName = "t464 + +[nameConstraints_dirname_p466] +commonName = "t465 + +[nameConstraints_dirname_p467] +commonName = "t466 + +[nameConstraints_dirname_p468] +commonName = "t467 + +[nameConstraints_dirname_p469] +commonName = "t468 + +[nameConstraints_dirname_p470] +commonName = "t469 + +[nameConstraints_dirname_p471] +commonName = "t470 + +[nameConstraints_dirname_p472] +commonName = "t471 + +[nameConstraints_dirname_p473] +commonName = "t472 + +[nameConstraints_dirname_p474] +commonName = "t473 + +[nameConstraints_dirname_p475] +commonName = "t474 + +[nameConstraints_dirname_p476] +commonName = "t475 + +[nameConstraints_dirname_p477] +commonName = "t476 + +[nameConstraints_dirname_p478] +commonName = "t477 + +[nameConstraints_dirname_p479] +commonName = "t478 + +[nameConstraints_dirname_p480] +commonName = "t479 + +[nameConstraints_dirname_p481] +commonName = "t480 + +[nameConstraints_dirname_p482] +commonName = "t481 + +[nameConstraints_dirname_p483] +commonName = "t482 + +[nameConstraints_dirname_p484] +commonName = "t483 + +[nameConstraints_dirname_p485] +commonName = "t484 + +[nameConstraints_dirname_p486] +commonName = "t485 + +[nameConstraints_dirname_p487] +commonName = "t486 + +[nameConstraints_dirname_p488] +commonName = "t487 + +[nameConstraints_dirname_p489] +commonName = "t488 + +[nameConstraints_dirname_p490] +commonName = "t489 + +[nameConstraints_dirname_p491] +commonName = "t490 + +[nameConstraints_dirname_p492] +commonName = "t491 + +[nameConstraints_dirname_p493] +commonName = "t492 + +[nameConstraints_dirname_p494] +commonName = "t493 + +[nameConstraints_dirname_p495] +commonName = "t494 + +[nameConstraints_dirname_p496] +commonName = "t495 + +[nameConstraints_dirname_p497] +commonName = "t496 + +[nameConstraints_dirname_p498] +commonName = "t497 + +[nameConstraints_dirname_p499] +commonName = "t498 + +[nameConstraints_dirname_p500] +commonName = "t499 + +[nameConstraints_dirname_p501] +commonName = "t500 + +[nameConstraints_dirname_p502] +commonName = "t501 + +[nameConstraints_dirname_p503] +commonName = "t502 + +[nameConstraints_dirname_p504] +commonName = "t503 + +[nameConstraints_dirname_p505] +commonName = "t504 + +[nameConstraints_dirname_p506] +commonName = "t505 + +[nameConstraints_dirname_p507] +commonName = "t506 + +[nameConstraints_dirname_p508] +commonName = "t507 + +[nameConstraints_dirname_p509] +commonName = "t508 + +[nameConstraints_dirname_p510] +commonName = "t509 + +[nameConstraints_dirname_p511] +commonName = "t510 + +[nameConstraints_dirname_p512] +commonName = "t511 + +[nameConstraints_dirname_p513] +commonName = "t512 + +[nameConstraints_dirname_p514] +commonName = "t513 + +[nameConstraints_dirname_p515] +commonName = "t514 + +[nameConstraints_dirname_p516] +commonName = "t515 + +[nameConstraints_dirname_p517] +commonName = "t516 + +[nameConstraints_dirname_p518] +commonName = "t517 + +[nameConstraints_dirname_p519] +commonName = "t518 + +[nameConstraints_dirname_p520] +commonName = "t519 + +[nameConstraints_dirname_p521] +commonName = "t520 + +[nameConstraints_dirname_p522] +commonName = "t521 + +[nameConstraints_dirname_p523] +commonName = "t522 + +[nameConstraints_dirname_p524] +commonName = "t523 + +[nameConstraints_dirname_p525] +commonName = "t524 + +[nameConstraints_dirname_p526] +commonName = "t525 + +[nameConstraints_dirname_p527] +commonName = "t526 + +[nameConstraints_dirname_p528] +commonName = "t527 + +[nameConstraints_dirname_p529] +commonName = "t528 + +[nameConstraints_dirname_p530] +commonName = "t529 + +[nameConstraints_dirname_p531] +commonName = "t530 + +[nameConstraints_dirname_p532] +commonName = "t531 + +[nameConstraints_dirname_p533] +commonName = "t532 + +[nameConstraints_dirname_p534] +commonName = "t533 + +[nameConstraints_dirname_p535] +commonName = "t534 + +[nameConstraints_dirname_p536] +commonName = "t535 + +[nameConstraints_dirname_p537] +commonName = "t536 + +[nameConstraints_dirname_p538] +commonName = "t537 + +[nameConstraints_dirname_p539] +commonName = "t538 + +[nameConstraints_dirname_p540] +commonName = "t539 + +[nameConstraints_dirname_p541] +commonName = "t540 + +[nameConstraints_dirname_p542] +commonName = "t541 + +[nameConstraints_dirname_p543] +commonName = "t542 + +[nameConstraints_dirname_p544] +commonName = "t543 + +[nameConstraints_dirname_p545] +commonName = "t544 + +[nameConstraints_dirname_p546] +commonName = "t545 + +[nameConstraints_dirname_p547] +commonName = "t546 + +[nameConstraints_dirname_p548] +commonName = "t547 + +[nameConstraints_dirname_p549] +commonName = "t548 + +[nameConstraints_dirname_p550] +commonName = "t549 + +[nameConstraints_dirname_p551] +commonName = "t550 + +[nameConstraints_dirname_p552] +commonName = "t551 + +[nameConstraints_dirname_p553] +commonName = "t552 + +[nameConstraints_dirname_p554] +commonName = "t553 + +[nameConstraints_dirname_p555] +commonName = "t554 + +[nameConstraints_dirname_p556] +commonName = "t555 + +[nameConstraints_dirname_p557] +commonName = "t556 + +[nameConstraints_dirname_p558] +commonName = "t557 + +[nameConstraints_dirname_p559] +commonName = "t558 + +[nameConstraints_dirname_p560] +commonName = "t559 + +[nameConstraints_dirname_p561] +commonName = "t560 + +[nameConstraints_dirname_p562] +commonName = "t561 + +[nameConstraints_dirname_p563] +commonName = "t562 + +[nameConstraints_dirname_p564] +commonName = "t563 + +[nameConstraints_dirname_p565] +commonName = "t564 + +[nameConstraints_dirname_p566] +commonName = "t565 + +[nameConstraints_dirname_p567] +commonName = "t566 + +[nameConstraints_dirname_p568] +commonName = "t567 + +[nameConstraints_dirname_p569] +commonName = "t568 + +[nameConstraints_dirname_p570] +commonName = "t569 + +[nameConstraints_dirname_p571] +commonName = "t570 + +[nameConstraints_dirname_p572] +commonName = "t571 + +[nameConstraints_dirname_p573] +commonName = "t572 + +[nameConstraints_dirname_p574] +commonName = "t573 + +[nameConstraints_dirname_p575] +commonName = "t574 + +[nameConstraints_dirname_p576] +commonName = "t575 + +[nameConstraints_dirname_p577] +commonName = "t576 + +[nameConstraints_dirname_p578] +commonName = "t577 + +[nameConstraints_dirname_p579] +commonName = "t578 + +[nameConstraints_dirname_p580] +commonName = "t579 + +[nameConstraints_dirname_p581] +commonName = "t580 + +[nameConstraints_dirname_p582] +commonName = "t581 + +[nameConstraints_dirname_p583] +commonName = "t582 + +[nameConstraints_dirname_p584] +commonName = "t583 + +[nameConstraints_dirname_p585] +commonName = "t584 + +[nameConstraints_dirname_p586] +commonName = "t585 + +[nameConstraints_dirname_p587] +commonName = "t586 + +[nameConstraints_dirname_p588] +commonName = "t587 + +[nameConstraints_dirname_p589] +commonName = "t588 + +[nameConstraints_dirname_p590] +commonName = "t589 + +[nameConstraints_dirname_p591] +commonName = "t590 + +[nameConstraints_dirname_p592] +commonName = "t591 + +[nameConstraints_dirname_p593] +commonName = "t592 + +[nameConstraints_dirname_p594] +commonName = "t593 + +[nameConstraints_dirname_p595] +commonName = "t594 + +[nameConstraints_dirname_p596] +commonName = "t595 + +[nameConstraints_dirname_p597] +commonName = "t596 + +[nameConstraints_dirname_p598] +commonName = "t597 + +[nameConstraints_dirname_p599] +commonName = "t598 + +[nameConstraints_dirname_p600] +commonName = "t599 + +[nameConstraints_dirname_p601] +commonName = "t600 + +[nameConstraints_dirname_p602] +commonName = "t601 + +[nameConstraints_dirname_p603] +commonName = "t602 + +[nameConstraints_dirname_p604] +commonName = "t603 + +[nameConstraints_dirname_p605] +commonName = "t604 + +[nameConstraints_dirname_p606] +commonName = "t605 + +[nameConstraints_dirname_p607] +commonName = "t606 + +[nameConstraints_dirname_p608] +commonName = "t607 + +[nameConstraints_dirname_p609] +commonName = "t608 + +[nameConstraints_dirname_p610] +commonName = "t609 + +[nameConstraints_dirname_p611] +commonName = "t610 + +[nameConstraints_dirname_p612] +commonName = "t611 + +[nameConstraints_dirname_p613] +commonName = "t612 + +[nameConstraints_dirname_p614] +commonName = "t613 + +[nameConstraints_dirname_p615] +commonName = "t614 + +[nameConstraints_dirname_p616] +commonName = "t615 + +[nameConstraints_dirname_p617] +commonName = "t616 + +[nameConstraints_dirname_p618] +commonName = "t617 + +[nameConstraints_dirname_p619] +commonName = "t618 + +[nameConstraints_dirname_p620] +commonName = "t619 + +[nameConstraints_dirname_p621] +commonName = "t620 + +[nameConstraints_dirname_p622] +commonName = "t621 + +[nameConstraints_dirname_p623] +commonName = "t622 + +[nameConstraints_dirname_p624] +commonName = "t623 + +[nameConstraints_dirname_p625] +commonName = "t624 + +[nameConstraints_dirname_p626] +commonName = "t625 + +[nameConstraints_dirname_p627] +commonName = "t626 + +[nameConstraints_dirname_p628] +commonName = "t627 + +[nameConstraints_dirname_p629] +commonName = "t628 + +[nameConstraints_dirname_p630] +commonName = "t629 + +[nameConstraints_dirname_p631] +commonName = "t630 + +[nameConstraints_dirname_p632] +commonName = "t631 + +[nameConstraints_dirname_p633] +commonName = "t632 + +[nameConstraints_dirname_p634] +commonName = "t633 + +[nameConstraints_dirname_p635] +commonName = "t634 + +[nameConstraints_dirname_p636] +commonName = "t635 + +[nameConstraints_dirname_p637] +commonName = "t636 + +[nameConstraints_dirname_p638] +commonName = "t637 + +[nameConstraints_dirname_p639] +commonName = "t638 + +[nameConstraints_dirname_p640] +commonName = "t639 + +[nameConstraints_dirname_p641] +commonName = "t640 + +[nameConstraints_dirname_p642] +commonName = "t641 + +[nameConstraints_dirname_p643] +commonName = "t642 + +[nameConstraints_dirname_p644] +commonName = "t643 + +[nameConstraints_dirname_p645] +commonName = "t644 + +[nameConstraints_dirname_p646] +commonName = "t645 + +[nameConstraints_dirname_p647] +commonName = "t646 + +[nameConstraints_dirname_p648] +commonName = "t647 + +[nameConstraints_dirname_p649] +commonName = "t648 + +[nameConstraints_dirname_p650] +commonName = "t649 + +[nameConstraints_dirname_p651] +commonName = "t650 + +[nameConstraints_dirname_p652] +commonName = "t651 + +[nameConstraints_dirname_p653] +commonName = "t652 + +[nameConstraints_dirname_p654] +commonName = "t653 + +[nameConstraints_dirname_p655] +commonName = "t654 + +[nameConstraints_dirname_p656] +commonName = "t655 + +[nameConstraints_dirname_p657] +commonName = "t656 + +[nameConstraints_dirname_p658] +commonName = "t657 + +[nameConstraints_dirname_p659] +commonName = "t658 + +[nameConstraints_dirname_p660] +commonName = "t659 + +[nameConstraints_dirname_p661] +commonName = "t660 + +[nameConstraints_dirname_p662] +commonName = "t661 + +[nameConstraints_dirname_p663] +commonName = "t662 + +[nameConstraints_dirname_p664] +commonName = "t663 + +[nameConstraints_dirname_p665] +commonName = "t664 + +[nameConstraints_dirname_p666] +commonName = "t665 + +[nameConstraints_dirname_p667] +commonName = "t666 + +[nameConstraints_dirname_p668] +commonName = "t667 + +[nameConstraints_dirname_p669] +commonName = "t668 + +[nameConstraints_dirname_p670] +commonName = "t669 + +[nameConstraints_dirname_p671] +commonName = "t670 + +[nameConstraints_dirname_p672] +commonName = "t671 + +[nameConstraints_dirname_p673] +commonName = "t672 + +[nameConstraints_dirname_p674] +commonName = "t673 + +[nameConstraints_dirname_p675] +commonName = "t674 + +[nameConstraints_dirname_p676] +commonName = "t675 + +[nameConstraints_dirname_p677] +commonName = "t676 + +[nameConstraints_dirname_p678] +commonName = "t677 + +[nameConstraints_dirname_p679] +commonName = "t678 + +[nameConstraints_dirname_p680] +commonName = "t679 + +[nameConstraints_dirname_p681] +commonName = "t680 + +[nameConstraints_dirname_p682] +commonName = "t681 + +[nameConstraints_dirname_p683] +commonName = "t682 + +[nameConstraints_dirname_p684] +commonName = "t683 + +[nameConstraints_dirname_p685] +commonName = "t684 + +[nameConstraints_dirname_p686] +commonName = "t685 + +[nameConstraints_dirname_p687] +commonName = "t686 + +[nameConstraints_dirname_p688] +commonName = "t687 + +[nameConstraints_dirname_p689] +commonName = "t688 + +[nameConstraints_dirname_p690] +commonName = "t689 + +[nameConstraints_dirname_p691] +commonName = "t690 + +[nameConstraints_dirname_p692] +commonName = "t691 + +[nameConstraints_dirname_p693] +commonName = "t692 + +[nameConstraints_dirname_p694] +commonName = "t693 + +[nameConstraints_dirname_p695] +commonName = "t694 + +[nameConstraints_dirname_p696] +commonName = "t695 + +[nameConstraints_dirname_p697] +commonName = "t696 + +[nameConstraints_dirname_p698] +commonName = "t697 + +[nameConstraints_dirname_p699] +commonName = "t698 + +[nameConstraints_dirname_p700] +commonName = "t699 + +[nameConstraints_dirname_p701] +commonName = "t700 + +[nameConstraints_dirname_p702] +commonName = "t701 + +[nameConstraints_dirname_p703] +commonName = "t702 + +[nameConstraints_dirname_p704] +commonName = "t703 + +[nameConstraints_dirname_p705] +commonName = "t704 + +[nameConstraints_dirname_p706] +commonName = "t705 + +[nameConstraints_dirname_p707] +commonName = "t706 + +[nameConstraints_dirname_p708] +commonName = "t707 + +[nameConstraints_dirname_p709] +commonName = "t708 + +[nameConstraints_dirname_p710] +commonName = "t709 + +[nameConstraints_dirname_p711] +commonName = "t710 + +[nameConstraints_dirname_p712] +commonName = "t711 + +[nameConstraints_dirname_p713] +commonName = "t712 + +[nameConstraints_dirname_p714] +commonName = "t713 + +[nameConstraints_dirname_p715] +commonName = "t714 + +[nameConstraints_dirname_p716] +commonName = "t715 + +[nameConstraints_dirname_p717] +commonName = "t716 + +[nameConstraints_dirname_p718] +commonName = "t717 + +[nameConstraints_dirname_p719] +commonName = "t718 + +[nameConstraints_dirname_p720] +commonName = "t719 + +[nameConstraints_dirname_p721] +commonName = "t720 + +[nameConstraints_dirname_p722] +commonName = "t721 + +[nameConstraints_dirname_p723] +commonName = "t722 + +[nameConstraints_dirname_p724] +commonName = "t723 + +[nameConstraints_dirname_p725] +commonName = "t724 + +[nameConstraints_dirname_p726] +commonName = "t725 + +[nameConstraints_dirname_p727] +commonName = "t726 + +[nameConstraints_dirname_p728] +commonName = "t727 + +[nameConstraints_dirname_p729] +commonName = "t728 + +[nameConstraints_dirname_p730] +commonName = "t729 + +[nameConstraints_dirname_p731] +commonName = "t730 + +[nameConstraints_dirname_p732] +commonName = "t731 + +[nameConstraints_dirname_p733] +commonName = "t732 + +[nameConstraints_dirname_p734] +commonName = "t733 + +[nameConstraints_dirname_p735] +commonName = "t734 + +[nameConstraints_dirname_p736] +commonName = "t735 + +[nameConstraints_dirname_p737] +commonName = "t736 + +[nameConstraints_dirname_p738] +commonName = "t737 + +[nameConstraints_dirname_p739] +commonName = "t738 + +[nameConstraints_dirname_p740] +commonName = "t739 + +[nameConstraints_dirname_p741] +commonName = "t740 + +[nameConstraints_dirname_p742] +commonName = "t741 + +[nameConstraints_dirname_p743] +commonName = "t742 + +[nameConstraints_dirname_p744] +commonName = "t743 + +[nameConstraints_dirname_p745] +commonName = "t744 + +[nameConstraints_dirname_p746] +commonName = "t745 + +[nameConstraints_dirname_p747] +commonName = "t746 + +[nameConstraints_dirname_p748] +commonName = "t747 + +[nameConstraints_dirname_p749] +commonName = "t748 + +[nameConstraints_dirname_p750] +commonName = "t749 + +[nameConstraints_dirname_p751] +commonName = "t750 + +[nameConstraints_dirname_p752] +commonName = "t751 + +[nameConstraints_dirname_p753] +commonName = "t752 + +[nameConstraints_dirname_p754] +commonName = "t753 + +[nameConstraints_dirname_p755] +commonName = "t754 + +[nameConstraints_dirname_p756] +commonName = "t755 + +[nameConstraints_dirname_p757] +commonName = "t756 + +[nameConstraints_dirname_p758] +commonName = "t757 + +[nameConstraints_dirname_p759] +commonName = "t758 + +[nameConstraints_dirname_p760] +commonName = "t759 + +[nameConstraints_dirname_p761] +commonName = "t760 + +[nameConstraints_dirname_p762] +commonName = "t761 + +[nameConstraints_dirname_p763] +commonName = "t762 + +[nameConstraints_dirname_p764] +commonName = "t763 + +[nameConstraints_dirname_p765] +commonName = "t764 + +[nameConstraints_dirname_p766] +commonName = "t765 + +[nameConstraints_dirname_p767] +commonName = "t766 + +[nameConstraints_dirname_p768] +commonName = "t767 + +[nameConstraints_dirname_p769] +commonName = "t768 + +[nameConstraints_dirname_p770] +commonName = "t769 + +[nameConstraints_dirname_p771] +commonName = "t770 + +[nameConstraints_dirname_p772] +commonName = "t771 + +[nameConstraints_dirname_p773] +commonName = "t772 + +[nameConstraints_dirname_p774] +commonName = "t773 + +[nameConstraints_dirname_p775] +commonName = "t774 + +[nameConstraints_dirname_p776] +commonName = "t775 + +[nameConstraints_dirname_p777] +commonName = "t776 + +[nameConstraints_dirname_p778] +commonName = "t777 + +[nameConstraints_dirname_p779] +commonName = "t778 + +[nameConstraints_dirname_p780] +commonName = "t779 + +[nameConstraints_dirname_p781] +commonName = "t780 + +[nameConstraints_dirname_p782] +commonName = "t781 + +[nameConstraints_dirname_p783] +commonName = "t782 + +[nameConstraints_dirname_p784] +commonName = "t783 + +[nameConstraints_dirname_p785] +commonName = "t784 + +[nameConstraints_dirname_p786] +commonName = "t785 + +[nameConstraints_dirname_p787] +commonName = "t786 + +[nameConstraints_dirname_p788] +commonName = "t787 + +[nameConstraints_dirname_p789] +commonName = "t788 + +[nameConstraints_dirname_p790] +commonName = "t789 + +[nameConstraints_dirname_p791] +commonName = "t790 + +[nameConstraints_dirname_p792] +commonName = "t791 + +[nameConstraints_dirname_p793] +commonName = "t792 + +[nameConstraints_dirname_p794] +commonName = "t793 + +[nameConstraints_dirname_p795] +commonName = "t794 + +[nameConstraints_dirname_p796] +commonName = "t795 + +[nameConstraints_dirname_p797] +commonName = "t796 + +[nameConstraints_dirname_p798] +commonName = "t797 + +[nameConstraints_dirname_p799] +commonName = "t798 + +[nameConstraints_dirname_p800] +commonName = "t799 + +[nameConstraints_dirname_p801] +commonName = "t800 + +[nameConstraints_dirname_p802] +commonName = "t801 + +[nameConstraints_dirname_p803] +commonName = "t802 + +[nameConstraints_dirname_p804] +commonName = "t803 + +[nameConstraints_dirname_p805] +commonName = "t804 + +[nameConstraints_dirname_p806] +commonName = "t805 + +[nameConstraints_dirname_p807] +commonName = "t806 + +[nameConstraints_dirname_p808] +commonName = "t807 + +[nameConstraints_dirname_p809] +commonName = "t808 + +[nameConstraints_dirname_p810] +commonName = "t809 + +[nameConstraints_dirname_p811] +commonName = "t810 + +[nameConstraints_dirname_p812] +commonName = "t811 + +[nameConstraints_dirname_p813] +commonName = "t812 + +[nameConstraints_dirname_p814] +commonName = "t813 + +[nameConstraints_dirname_p815] +commonName = "t814 + +[nameConstraints_dirname_p816] +commonName = "t815 + +[nameConstraints_dirname_p817] +commonName = "t816 + +[nameConstraints_dirname_p818] +commonName = "t817 + +[nameConstraints_dirname_p819] +commonName = "t818 + +[nameConstraints_dirname_p820] +commonName = "t819 + +[nameConstraints_dirname_p821] +commonName = "t820 + +[nameConstraints_dirname_p822] +commonName = "t821 + +[nameConstraints_dirname_p823] +commonName = "t822 + +[nameConstraints_dirname_p824] +commonName = "t823 + +[nameConstraints_dirname_p825] +commonName = "t824 + +[nameConstraints_dirname_p826] +commonName = "t825 + +[nameConstraints_dirname_p827] +commonName = "t826 + +[nameConstraints_dirname_p828] +commonName = "t827 + +[nameConstraints_dirname_p829] +commonName = "t828 + +[nameConstraints_dirname_p830] +commonName = "t829 + +[nameConstraints_dirname_p831] +commonName = "t830 + +[nameConstraints_dirname_p832] +commonName = "t831 + +[nameConstraints_dirname_p833] +commonName = "t832 + +[nameConstraints_dirname_p834] +commonName = "t833 + +[nameConstraints_dirname_p835] +commonName = "t834 + +[nameConstraints_dirname_p836] +commonName = "t835 + +[nameConstraints_dirname_p837] +commonName = "t836 + +[nameConstraints_dirname_p838] +commonName = "t837 + +[nameConstraints_dirname_p839] +commonName = "t838 + +[nameConstraints_dirname_p840] +commonName = "t839 + +[nameConstraints_dirname_p841] +commonName = "t840 + +[nameConstraints_dirname_p842] +commonName = "t841 + +[nameConstraints_dirname_p843] +commonName = "t842 + +[nameConstraints_dirname_p844] +commonName = "t843 + +[nameConstraints_dirname_p845] +commonName = "t844 + +[nameConstraints_dirname_p846] +commonName = "t845 + +[nameConstraints_dirname_p847] +commonName = "t846 + +[nameConstraints_dirname_p848] +commonName = "t847 + +[nameConstraints_dirname_p849] +commonName = "t848 + +[nameConstraints_dirname_p850] +commonName = "t849 + +[nameConstraints_dirname_p851] +commonName = "t850 + +[nameConstraints_dirname_p852] +commonName = "t851 + +[nameConstraints_dirname_p853] +commonName = "t852 + +[nameConstraints_dirname_p854] +commonName = "t853 + +[nameConstraints_dirname_p855] +commonName = "t854 + +[nameConstraints_dirname_p856] +commonName = "t855 + +[nameConstraints_dirname_p857] +commonName = "t856 + +[nameConstraints_dirname_p858] +commonName = "t857 + +[nameConstraints_dirname_p859] +commonName = "t858 + +[nameConstraints_dirname_p860] +commonName = "t859 + +[nameConstraints_dirname_p861] +commonName = "t860 + +[nameConstraints_dirname_p862] +commonName = "t861 + +[nameConstraints_dirname_p863] +commonName = "t862 + +[nameConstraints_dirname_p864] +commonName = "t863 + +[nameConstraints_dirname_p865] +commonName = "t864 + +[nameConstraints_dirname_p866] +commonName = "t865 + +[nameConstraints_dirname_p867] +commonName = "t866 + +[nameConstraints_dirname_p868] +commonName = "t867 + +[nameConstraints_dirname_p869] +commonName = "t868 + +[nameConstraints_dirname_p870] +commonName = "t869 + +[nameConstraints_dirname_p871] +commonName = "t870 + +[nameConstraints_dirname_p872] +commonName = "t871 + +[nameConstraints_dirname_p873] +commonName = "t872 + +[nameConstraints_dirname_p874] +commonName = "t873 + +[nameConstraints_dirname_p875] +commonName = "t874 + +[nameConstraints_dirname_p876] +commonName = "t875 + +[nameConstraints_dirname_p877] +commonName = "t876 + +[nameConstraints_dirname_p878] +commonName = "t877 + +[nameConstraints_dirname_p879] +commonName = "t878 + +[nameConstraints_dirname_p880] +commonName = "t879 + +[nameConstraints_dirname_p881] +commonName = "t880 + +[nameConstraints_dirname_p882] +commonName = "t881 + +[nameConstraints_dirname_p883] +commonName = "t882 + +[nameConstraints_dirname_p884] +commonName = "t883 + +[nameConstraints_dirname_p885] +commonName = "t884 + +[nameConstraints_dirname_p886] +commonName = "t885 + +[nameConstraints_dirname_p887] +commonName = "t886 + +[nameConstraints_dirname_p888] +commonName = "t887 + +[nameConstraints_dirname_p889] +commonName = "t888 + +[nameConstraints_dirname_p890] +commonName = "t889 + +[nameConstraints_dirname_p891] +commonName = "t890 + +[nameConstraints_dirname_p892] +commonName = "t891 + +[nameConstraints_dirname_p893] +commonName = "t892 + +[nameConstraints_dirname_p894] +commonName = "t893 + +[nameConstraints_dirname_p895] +commonName = "t894 + +[nameConstraints_dirname_p896] +commonName = "t895 + +[nameConstraints_dirname_p897] +commonName = "t896 + +[nameConstraints_dirname_p898] +commonName = "t897 + +[nameConstraints_dirname_p899] +commonName = "t898 + +[nameConstraints_dirname_p900] +commonName = "t899 + +[nameConstraints_dirname_p901] +commonName = "t900 + +[nameConstraints_dirname_p902] +commonName = "t901 + +[nameConstraints_dirname_p903] +commonName = "t902 + +[nameConstraints_dirname_p904] +commonName = "t903 + +[nameConstraints_dirname_p905] +commonName = "t904 + +[nameConstraints_dirname_p906] +commonName = "t905 + +[nameConstraints_dirname_p907] +commonName = "t906 + +[nameConstraints_dirname_p908] +commonName = "t907 + +[nameConstraints_dirname_p909] +commonName = "t908 + +[nameConstraints_dirname_p910] +commonName = "t909 + +[nameConstraints_dirname_p911] +commonName = "t910 + +[nameConstraints_dirname_p912] +commonName = "t911 + +[nameConstraints_dirname_p913] +commonName = "t912 + +[nameConstraints_dirname_p914] +commonName = "t913 + +[nameConstraints_dirname_p915] +commonName = "t914 + +[nameConstraints_dirname_p916] +commonName = "t915 + +[nameConstraints_dirname_p917] +commonName = "t916 + +[nameConstraints_dirname_p918] +commonName = "t917 + +[nameConstraints_dirname_p919] +commonName = "t918 + +[nameConstraints_dirname_p920] +commonName = "t919 + +[nameConstraints_dirname_p921] +commonName = "t920 + +[nameConstraints_dirname_p922] +commonName = "t921 + +[nameConstraints_dirname_p923] +commonName = "t922 + +[nameConstraints_dirname_p924] +commonName = "t923 + +[nameConstraints_dirname_p925] +commonName = "t924 + +[nameConstraints_dirname_p926] +commonName = "t925 + +[nameConstraints_dirname_p927] +commonName = "t926 + +[nameConstraints_dirname_p928] +commonName = "t927 + +[nameConstraints_dirname_p929] +commonName = "t928 + +[nameConstraints_dirname_p930] +commonName = "t929 + +[nameConstraints_dirname_p931] +commonName = "t930 + +[nameConstraints_dirname_p932] +commonName = "t931 + +[nameConstraints_dirname_p933] +commonName = "t932 + +[nameConstraints_dirname_p934] +commonName = "t933 + +[nameConstraints_dirname_p935] +commonName = "t934 + +[nameConstraints_dirname_p936] +commonName = "t935 + +[nameConstraints_dirname_p937] +commonName = "t936 + +[nameConstraints_dirname_p938] +commonName = "t937 + +[nameConstraints_dirname_p939] +commonName = "t938 + +[nameConstraints_dirname_p940] +commonName = "t939 + +[nameConstraints_dirname_p941] +commonName = "t940 + +[nameConstraints_dirname_p942] +commonName = "t941 + +[nameConstraints_dirname_p943] +commonName = "t942 + +[nameConstraints_dirname_p944] +commonName = "t943 + +[nameConstraints_dirname_p945] +commonName = "t944 + +[nameConstraints_dirname_p946] +commonName = "t945 + +[nameConstraints_dirname_p947] +commonName = "t946 + +[nameConstraints_dirname_p948] +commonName = "t947 + +[nameConstraints_dirname_p949] +commonName = "t948 + +[nameConstraints_dirname_p950] +commonName = "t949 + +[nameConstraints_dirname_p951] +commonName = "t950 + +[nameConstraints_dirname_p952] +commonName = "t951 + +[nameConstraints_dirname_p953] +commonName = "t952 + +[nameConstraints_dirname_p954] +commonName = "t953 + +[nameConstraints_dirname_p955] +commonName = "t954 + +[nameConstraints_dirname_p956] +commonName = "t955 + +[nameConstraints_dirname_p957] +commonName = "t956 + +[nameConstraints_dirname_p958] +commonName = "t957 + +[nameConstraints_dirname_p959] +commonName = "t958 + +[nameConstraints_dirname_p960] +commonName = "t959 + +[nameConstraints_dirname_p961] +commonName = "t960 + +[nameConstraints_dirname_p962] +commonName = "t961 + +[nameConstraints_dirname_p963] +commonName = "t962 + +[nameConstraints_dirname_p964] +commonName = "t963 + +[nameConstraints_dirname_p965] +commonName = "t964 + +[nameConstraints_dirname_p966] +commonName = "t965 + +[nameConstraints_dirname_p967] +commonName = "t966 + +[nameConstraints_dirname_p968] +commonName = "t967 + +[nameConstraints_dirname_p969] +commonName = "t968 + +[nameConstraints_dirname_p970] +commonName = "t969 + +[nameConstraints_dirname_p971] +commonName = "t970 + +[nameConstraints_dirname_p972] +commonName = "t971 + +[nameConstraints_dirname_p973] +commonName = "t972 + +[nameConstraints_dirname_p974] +commonName = "t973 + +[nameConstraints_dirname_p975] +commonName = "t974 + +[nameConstraints_dirname_p976] +commonName = "t975 + +[nameConstraints_dirname_p977] +commonName = "t976 + +[nameConstraints_dirname_p978] +commonName = "t977 + +[nameConstraints_dirname_p979] +commonName = "t978 + +[nameConstraints_dirname_p980] +commonName = "t979 + +[nameConstraints_dirname_p981] +commonName = "t980 + +[nameConstraints_dirname_p982] +commonName = "t981 + +[nameConstraints_dirname_p983] +commonName = "t982 + +[nameConstraints_dirname_p984] +commonName = "t983 + +[nameConstraints_dirname_p985] +commonName = "t984 + +[nameConstraints_dirname_p986] +commonName = "t985 + +[nameConstraints_dirname_p987] +commonName = "t986 + +[nameConstraints_dirname_p988] +commonName = "t987 + +[nameConstraints_dirname_p989] +commonName = "t988 + +[nameConstraints_dirname_p990] +commonName = "t989 + +[nameConstraints_dirname_p991] +commonName = "t990 + +[nameConstraints_dirname_p992] +commonName = "t991 + +[nameConstraints_dirname_p993] +commonName = "t992 + +[nameConstraints_dirname_p994] +commonName = "t993 + +[nameConstraints_dirname_p995] +commonName = "t994 + +[nameConstraints_dirname_p996] +commonName = "t995 + +[nameConstraints_dirname_p997] +commonName = "t996 + +[nameConstraints_dirname_p998] +commonName = "t997 + +[nameConstraints_dirname_p999] +commonName = "t998 + +[nameConstraints_dirname_p1000] +commonName = "t999 + +[nameConstraints_dirname_p1001] +commonName = "t1000 + +[nameConstraints_dirname_p1002] +commonName = "t1001 + +[nameConstraints_dirname_p1003] +commonName = "t1002 + +[nameConstraints_dirname_p1004] +commonName = "t1003 + +[nameConstraints_dirname_p1005] +commonName = "t1004 + +[nameConstraints_dirname_p1006] +commonName = "t1005 + +[nameConstraints_dirname_p1007] +commonName = "t1006 + +[nameConstraints_dirname_p1008] +commonName = "t1007 + +[nameConstraints_dirname_p1009] +commonName = "t1008 + +[nameConstraints_dirname_p1010] +commonName = "t1009 + +[nameConstraints_dirname_p1011] +commonName = "t1010 + +[nameConstraints_dirname_p1012] +commonName = "t1011 + +[nameConstraints_dirname_p1013] +commonName = "t1012 + +[nameConstraints_dirname_p1014] +commonName = "t1013 + +[nameConstraints_dirname_p1015] +commonName = "t1014 + +[nameConstraints_dirname_p1016] +commonName = "t1015 + +[nameConstraints_dirname_p1017] +commonName = "t1016 + +[nameConstraints_dirname_p1018] +commonName = "t1017 + +[nameConstraints_dirname_p1019] +commonName = "t1018 + +[nameConstraints_dirname_p1020] +commonName = "t1019 + +[nameConstraints_dirname_p1021] +commonName = "t1020 + +[nameConstraints_dirname_p1022] +commonName = "t1021 + +[nameConstraints_dirname_p1023] +commonName = "t1022 + +[nameConstraints_dirname_p1024] +commonName = "t1023 + +[nameConstraints_dirname_p1025] +commonName = "t1024 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.csr new file mode 100644 index 0000000000..0e6c732c53 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.csr @@ -0,0 +1,464 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIJWijCCVXICAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvbBG4X4FRSuiN3JLw043DZmZ5TXTMLqcxL +Ha4GJxiOVbqtEscdMlltwxYg22Kmd4AS4IdYUVXjZn/R4DoiZeVwJqIEBPBd+V9W +yNroD1cod26aoEpTNBpjN6JDqw5KzQcj3VWDRAAMcEHfNWTQxQ5qh9vK/DXV4luv +C6DmdaXS4XJOImMBQXO4lVAs/e3DYbY21IOVYcPgYf/0noroutzR9ontnTBElSf0 +0YvmLxRmVvHa8cwEG3eSpZ9YQAyfDDLWBcJMwMWf5aQwPUzpnQNsTAa25ZW9Ibjm +K6igvwa7QzMZPXsXWfFkTSRnsVEPNa7wcXV5rlsCNAQx42aGZQIDAQABoIJULDCC +VCgGCSqGSIb3DQEJDjGCVBkwglQVMB0GA1UdDgQWBBSSET+sEZbHZjfPg1ok8Dp3 +rzONfzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCCU9EGA1UdHgSC +U8gwglPEoIJTwDARpA8wDTELMAkGA1UEAwwCdDAwEaQPMA0xCzAJBgNVBAMMAnQx +MBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UEAwwCdDMwEaQPMA0xCzAJ +BgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8wDTELMAkGA1UEAwwCdDYw +EaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQDDAJ0ODARpA8wDTELMAkG +A1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAwDjEMMAoGA1UEAwwDdDEx +MBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNVBAMMA3QxMzASpBAwDjEM +MAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUwEqQQMA4xDDAKBgNVBAMM +A3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQwwCgYDVQQDDAN0MTgwEqQQ +MA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwDdDIwMBKkEDAOMQwwCgYD +VQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAwDjEMMAoGA1UEAwwDdDIz +MBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNVBAMMA3QyNTASpBAwDjEM +MAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0MjcwEqQQMA4xDDAKBgNVBAMM +A3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQwwCgYDVQQDDAN0MzAwEqQQ +MA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwDdDMyMBKkEDAOMQwwCgYD +VQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAwDjEMMAoGA1UEAwwDdDM1 +MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNVBAMMA3QzNzASpBAwDjEM +MAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0MzkwEqQQMA4xDDAKBgNVBAMM +A3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQwwCgYDVQQDDAN0NDIwEqQQ +MA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwDdDQ0MBKkEDAOMQwwCgYD +VQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAwDjEMMAoGA1UEAwwDdDQ3 +MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNVBAMMA3Q0OTASpBAwDjEM +MAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEwEqQQMA4xDDAKBgNVBAMM +A3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQwwCgYDVQQDDAN0NTQwEqQQ +MA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwDdDU2MBKkEDAOMQwwCgYD +VQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAwDjEMMAoGA1UEAwwDdDU5 +MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNVBAMMA3Q2MTASpBAwDjEM +MAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMwEqQQMA4xDDAKBgNVBAMM +A3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQwwCgYDVQQDDAN0NjYwEqQQ +MA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwDdDY4MBKkEDAOMQwwCgYD +VQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAwDjEMMAoGA1UEAwwDdDcx +MBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNVBAMMA3Q3MzASpBAwDjEM +MAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUwEqQQMA4xDDAKBgNVBAMM +A3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQwwCgYDVQQDDAN0NzgwEqQQ +MA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwDdDgwMBKkEDAOMQwwCgYD +VQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAwDjEMMAoGA1UEAwwDdDgz +MBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNVBAMMA3Q4NTASpBAwDjEM +MAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcwEqQQMA4xDDAKBgNVBAMM +A3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQwwCgYDVQQDDAN0OTAwEqQQ +MA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwDdDkyMBKkEDAOMQwwCgYD +VQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAwDjEMMAoGA1UEAwwDdDk1 +MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNVBAMMA3Q5NzASpBAwDjEM +MAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkwE6QRMA8xDTALBgNVBAMM +BHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8xDTALBgNVBAMMBHQxMDIw +E6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNVBAMMBHQxMDQwE6QRMA8x +DTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQxMDYwE6QRMA8xDTALBgNV +BAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QRMA8xDTALBgNVBAMMBHQx +MDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTALBgNVBAMMBHQxMTEwE6QR +MA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMMBHQxMTMwE6QRMA8xDTAL +BgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUwE6QRMA8xDTALBgNVBAMM +BHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8xDTALBgNVBAMMBHQxMTgw +E6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNVBAMMBHQxMjAwE6QRMA8x +DTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQxMjIwE6QRMA8xDTALBgNV +BAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QRMA8xDTALBgNVBAMMBHQx +MjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTALBgNVBAMMBHQxMjcwE6QR +MA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMMBHQxMjkwE6QRMA8xDTAL +BgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEwE6QRMA8xDTALBgNVBAMM +BHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8xDTALBgNVBAMMBHQxMzQw +E6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNVBAMMBHQxMzYwE6QRMA8x +DTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQxMzgwE6QRMA8xDTALBgNV +BAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QRMA8xDTALBgNVBAMMBHQx +NDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTALBgNVBAMMBHQxNDMwE6QR +MA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMMBHQxNDUwE6QRMA8xDTAL +BgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcwE6QRMA8xDTALBgNVBAMM +BHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8xDTALBgNVBAMMBHQxNTAw +E6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNVBAMMBHQxNTIwE6QRMA8x +DTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQxNTQwE6QRMA8xDTALBgNV +BAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QRMA8xDTALBgNVBAMMBHQx +NTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTALBgNVBAMMBHQxNTkwE6QR +MA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMMBHQxNjEwE6QRMA8xDTAL +BgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMwE6QRMA8xDTALBgNVBAMM +BHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8xDTALBgNVBAMMBHQxNjYw +E6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNVBAMMBHQxNjgwE6QRMA8x +DTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQxNzAwE6QRMA8xDTALBgNV +BAMMBHQxNzEwE6QRMA8xDTALBgNVBAMMBHQxNzIwE6QRMA8xDTALBgNVBAMMBHQx +NzMwE6QRMA8xDTALBgNVBAMMBHQxNzQwE6QRMA8xDTALBgNVBAMMBHQxNzUwE6QR +MA8xDTALBgNVBAMMBHQxNzYwE6QRMA8xDTALBgNVBAMMBHQxNzcwE6QRMA8xDTAL +BgNVBAMMBHQxNzgwE6QRMA8xDTALBgNVBAMMBHQxNzkwE6QRMA8xDTALBgNVBAMM +BHQxODAwE6QRMA8xDTALBgNVBAMMBHQxODEwE6QRMA8xDTALBgNVBAMMBHQxODIw +E6QRMA8xDTALBgNVBAMMBHQxODMwE6QRMA8xDTALBgNVBAMMBHQxODQwE6QRMA8x +DTALBgNVBAMMBHQxODUwE6QRMA8xDTALBgNVBAMMBHQxODYwE6QRMA8xDTALBgNV +BAMMBHQxODcwE6QRMA8xDTALBgNVBAMMBHQxODgwE6QRMA8xDTALBgNVBAMMBHQx +ODkwE6QRMA8xDTALBgNVBAMMBHQxOTAwE6QRMA8xDTALBgNVBAMMBHQxOTEwE6QR +MA8xDTALBgNVBAMMBHQxOTIwE6QRMA8xDTALBgNVBAMMBHQxOTMwE6QRMA8xDTAL +BgNVBAMMBHQxOTQwE6QRMA8xDTALBgNVBAMMBHQxOTUwE6QRMA8xDTALBgNVBAMM +BHQxOTYwE6QRMA8xDTALBgNVBAMMBHQxOTcwE6QRMA8xDTALBgNVBAMMBHQxOTgw +E6QRMA8xDTALBgNVBAMMBHQxOTkwE6QRMA8xDTALBgNVBAMMBHQyMDAwE6QRMA8x +DTALBgNVBAMMBHQyMDEwE6QRMA8xDTALBgNVBAMMBHQyMDIwE6QRMA8xDTALBgNV +BAMMBHQyMDMwE6QRMA8xDTALBgNVBAMMBHQyMDQwE6QRMA8xDTALBgNVBAMMBHQy +MDUwE6QRMA8xDTALBgNVBAMMBHQyMDYwE6QRMA8xDTALBgNVBAMMBHQyMDcwE6QR +MA8xDTALBgNVBAMMBHQyMDgwE6QRMA8xDTALBgNVBAMMBHQyMDkwE6QRMA8xDTAL +BgNVBAMMBHQyMTAwE6QRMA8xDTALBgNVBAMMBHQyMTEwE6QRMA8xDTALBgNVBAMM +BHQyMTIwE6QRMA8xDTALBgNVBAMMBHQyMTMwE6QRMA8xDTALBgNVBAMMBHQyMTQw +E6QRMA8xDTALBgNVBAMMBHQyMTUwE6QRMA8xDTALBgNVBAMMBHQyMTYwE6QRMA8x +DTALBgNVBAMMBHQyMTcwE6QRMA8xDTALBgNVBAMMBHQyMTgwE6QRMA8xDTALBgNV +BAMMBHQyMTkwE6QRMA8xDTALBgNVBAMMBHQyMjAwE6QRMA8xDTALBgNVBAMMBHQy +MjEwE6QRMA8xDTALBgNVBAMMBHQyMjIwE6QRMA8xDTALBgNVBAMMBHQyMjMwE6QR +MA8xDTALBgNVBAMMBHQyMjQwE6QRMA8xDTALBgNVBAMMBHQyMjUwE6QRMA8xDTAL +BgNVBAMMBHQyMjYwE6QRMA8xDTALBgNVBAMMBHQyMjcwE6QRMA8xDTALBgNVBAMM +BHQyMjgwE6QRMA8xDTALBgNVBAMMBHQyMjkwE6QRMA8xDTALBgNVBAMMBHQyMzAw +E6QRMA8xDTALBgNVBAMMBHQyMzEwE6QRMA8xDTALBgNVBAMMBHQyMzIwE6QRMA8x +DTALBgNVBAMMBHQyMzMwE6QRMA8xDTALBgNVBAMMBHQyMzQwE6QRMA8xDTALBgNV +BAMMBHQyMzUwE6QRMA8xDTALBgNVBAMMBHQyMzYwE6QRMA8xDTALBgNVBAMMBHQy +MzcwE6QRMA8xDTALBgNVBAMMBHQyMzgwE6QRMA8xDTALBgNVBAMMBHQyMzkwE6QR +MA8xDTALBgNVBAMMBHQyNDAwE6QRMA8xDTALBgNVBAMMBHQyNDEwE6QRMA8xDTAL +BgNVBAMMBHQyNDIwE6QRMA8xDTALBgNVBAMMBHQyNDMwE6QRMA8xDTALBgNVBAMM +BHQyNDQwE6QRMA8xDTALBgNVBAMMBHQyNDUwE6QRMA8xDTALBgNVBAMMBHQyNDYw +E6QRMA8xDTALBgNVBAMMBHQyNDcwE6QRMA8xDTALBgNVBAMMBHQyNDgwE6QRMA8x +DTALBgNVBAMMBHQyNDkwE6QRMA8xDTALBgNVBAMMBHQyNTAwE6QRMA8xDTALBgNV +BAMMBHQyNTEwE6QRMA8xDTALBgNVBAMMBHQyNTIwE6QRMA8xDTALBgNVBAMMBHQy +NTMwE6QRMA8xDTALBgNVBAMMBHQyNTQwE6QRMA8xDTALBgNVBAMMBHQyNTUwE6QR +MA8xDTALBgNVBAMMBHQyNTYwE6QRMA8xDTALBgNVBAMMBHQyNTcwE6QRMA8xDTAL +BgNVBAMMBHQyNTgwE6QRMA8xDTALBgNVBAMMBHQyNTkwE6QRMA8xDTALBgNVBAMM +BHQyNjAwE6QRMA8xDTALBgNVBAMMBHQyNjEwE6QRMA8xDTALBgNVBAMMBHQyNjIw +E6QRMA8xDTALBgNVBAMMBHQyNjMwE6QRMA8xDTALBgNVBAMMBHQyNjQwE6QRMA8x +DTALBgNVBAMMBHQyNjUwE6QRMA8xDTALBgNVBAMMBHQyNjYwE6QRMA8xDTALBgNV +BAMMBHQyNjcwE6QRMA8xDTALBgNVBAMMBHQyNjgwE6QRMA8xDTALBgNVBAMMBHQy +NjkwE6QRMA8xDTALBgNVBAMMBHQyNzAwE6QRMA8xDTALBgNVBAMMBHQyNzEwE6QR +MA8xDTALBgNVBAMMBHQyNzIwE6QRMA8xDTALBgNVBAMMBHQyNzMwE6QRMA8xDTAL +BgNVBAMMBHQyNzQwE6QRMA8xDTALBgNVBAMMBHQyNzUwE6QRMA8xDTALBgNVBAMM +BHQyNzYwE6QRMA8xDTALBgNVBAMMBHQyNzcwE6QRMA8xDTALBgNVBAMMBHQyNzgw +E6QRMA8xDTALBgNVBAMMBHQyNzkwE6QRMA8xDTALBgNVBAMMBHQyODAwE6QRMA8x +DTALBgNVBAMMBHQyODEwE6QRMA8xDTALBgNVBAMMBHQyODIwE6QRMA8xDTALBgNV +BAMMBHQyODMwE6QRMA8xDTALBgNVBAMMBHQyODQwE6QRMA8xDTALBgNVBAMMBHQy +ODUwE6QRMA8xDTALBgNVBAMMBHQyODYwE6QRMA8xDTALBgNVBAMMBHQyODcwE6QR +MA8xDTALBgNVBAMMBHQyODgwE6QRMA8xDTALBgNVBAMMBHQyODkwE6QRMA8xDTAL +BgNVBAMMBHQyOTAwE6QRMA8xDTALBgNVBAMMBHQyOTEwE6QRMA8xDTALBgNVBAMM +BHQyOTIwE6QRMA8xDTALBgNVBAMMBHQyOTMwE6QRMA8xDTALBgNVBAMMBHQyOTQw +E6QRMA8xDTALBgNVBAMMBHQyOTUwE6QRMA8xDTALBgNVBAMMBHQyOTYwE6QRMA8x +DTALBgNVBAMMBHQyOTcwE6QRMA8xDTALBgNVBAMMBHQyOTgwE6QRMA8xDTALBgNV +BAMMBHQyOTkwE6QRMA8xDTALBgNVBAMMBHQzMDAwE6QRMA8xDTALBgNVBAMMBHQz +MDEwE6QRMA8xDTALBgNVBAMMBHQzMDIwE6QRMA8xDTALBgNVBAMMBHQzMDMwE6QR +MA8xDTALBgNVBAMMBHQzMDQwE6QRMA8xDTALBgNVBAMMBHQzMDUwE6QRMA8xDTAL +BgNVBAMMBHQzMDYwE6QRMA8xDTALBgNVBAMMBHQzMDcwE6QRMA8xDTALBgNVBAMM +BHQzMDgwE6QRMA8xDTALBgNVBAMMBHQzMDkwE6QRMA8xDTALBgNVBAMMBHQzMTAw +E6QRMA8xDTALBgNVBAMMBHQzMTEwE6QRMA8xDTALBgNVBAMMBHQzMTIwE6QRMA8x +DTALBgNVBAMMBHQzMTMwE6QRMA8xDTALBgNVBAMMBHQzMTQwE6QRMA8xDTALBgNV +BAMMBHQzMTUwE6QRMA8xDTALBgNVBAMMBHQzMTYwE6QRMA8xDTALBgNVBAMMBHQz +MTcwE6QRMA8xDTALBgNVBAMMBHQzMTgwE6QRMA8xDTALBgNVBAMMBHQzMTkwE6QR +MA8xDTALBgNVBAMMBHQzMjAwE6QRMA8xDTALBgNVBAMMBHQzMjEwE6QRMA8xDTAL +BgNVBAMMBHQzMjIwE6QRMA8xDTALBgNVBAMMBHQzMjMwE6QRMA8xDTALBgNVBAMM +BHQzMjQwE6QRMA8xDTALBgNVBAMMBHQzMjUwE6QRMA8xDTALBgNVBAMMBHQzMjYw +E6QRMA8xDTALBgNVBAMMBHQzMjcwE6QRMA8xDTALBgNVBAMMBHQzMjgwE6QRMA8x +DTALBgNVBAMMBHQzMjkwE6QRMA8xDTALBgNVBAMMBHQzMzAwE6QRMA8xDTALBgNV +BAMMBHQzMzEwE6QRMA8xDTALBgNVBAMMBHQzMzIwE6QRMA8xDTALBgNVBAMMBHQz +MzMwE6QRMA8xDTALBgNVBAMMBHQzMzQwE6QRMA8xDTALBgNVBAMMBHQzMzUwE6QR +MA8xDTALBgNVBAMMBHQzMzYwE6QRMA8xDTALBgNVBAMMBHQzMzcwE6QRMA8xDTAL +BgNVBAMMBHQzMzgwE6QRMA8xDTALBgNVBAMMBHQzMzkwE6QRMA8xDTALBgNVBAMM +BHQzNDAwE6QRMA8xDTALBgNVBAMMBHQzNDEwE6QRMA8xDTALBgNVBAMMBHQzNDIw +E6QRMA8xDTALBgNVBAMMBHQzNDMwE6QRMA8xDTALBgNVBAMMBHQzNDQwE6QRMA8x +DTALBgNVBAMMBHQzNDUwE6QRMA8xDTALBgNVBAMMBHQzNDYwE6QRMA8xDTALBgNV +BAMMBHQzNDcwE6QRMA8xDTALBgNVBAMMBHQzNDgwE6QRMA8xDTALBgNVBAMMBHQz +NDkwE6QRMA8xDTALBgNVBAMMBHQzNTAwE6QRMA8xDTALBgNVBAMMBHQzNTEwE6QR +MA8xDTALBgNVBAMMBHQzNTIwE6QRMA8xDTALBgNVBAMMBHQzNTMwE6QRMA8xDTAL +BgNVBAMMBHQzNTQwE6QRMA8xDTALBgNVBAMMBHQzNTUwE6QRMA8xDTALBgNVBAMM +BHQzNTYwE6QRMA8xDTALBgNVBAMMBHQzNTcwE6QRMA8xDTALBgNVBAMMBHQzNTgw +E6QRMA8xDTALBgNVBAMMBHQzNTkwE6QRMA8xDTALBgNVBAMMBHQzNjAwE6QRMA8x +DTALBgNVBAMMBHQzNjEwE6QRMA8xDTALBgNVBAMMBHQzNjIwE6QRMA8xDTALBgNV +BAMMBHQzNjMwE6QRMA8xDTALBgNVBAMMBHQzNjQwE6QRMA8xDTALBgNVBAMMBHQz +NjUwE6QRMA8xDTALBgNVBAMMBHQzNjYwE6QRMA8xDTALBgNVBAMMBHQzNjcwE6QR +MA8xDTALBgNVBAMMBHQzNjgwE6QRMA8xDTALBgNVBAMMBHQzNjkwE6QRMA8xDTAL +BgNVBAMMBHQzNzAwE6QRMA8xDTALBgNVBAMMBHQzNzEwE6QRMA8xDTALBgNVBAMM +BHQzNzIwE6QRMA8xDTALBgNVBAMMBHQzNzMwE6QRMA8xDTALBgNVBAMMBHQzNzQw +E6QRMA8xDTALBgNVBAMMBHQzNzUwE6QRMA8xDTALBgNVBAMMBHQzNzYwE6QRMA8x +DTALBgNVBAMMBHQzNzcwE6QRMA8xDTALBgNVBAMMBHQzNzgwE6QRMA8xDTALBgNV +BAMMBHQzNzkwE6QRMA8xDTALBgNVBAMMBHQzODAwE6QRMA8xDTALBgNVBAMMBHQz +ODEwE6QRMA8xDTALBgNVBAMMBHQzODIwE6QRMA8xDTALBgNVBAMMBHQzODMwE6QR +MA8xDTALBgNVBAMMBHQzODQwE6QRMA8xDTALBgNVBAMMBHQzODUwE6QRMA8xDTAL +BgNVBAMMBHQzODYwE6QRMA8xDTALBgNVBAMMBHQzODcwE6QRMA8xDTALBgNVBAMM +BHQzODgwE6QRMA8xDTALBgNVBAMMBHQzODkwE6QRMA8xDTALBgNVBAMMBHQzOTAw +E6QRMA8xDTALBgNVBAMMBHQzOTEwE6QRMA8xDTALBgNVBAMMBHQzOTIwE6QRMA8x +DTALBgNVBAMMBHQzOTMwE6QRMA8xDTALBgNVBAMMBHQzOTQwE6QRMA8xDTALBgNV +BAMMBHQzOTUwE6QRMA8xDTALBgNVBAMMBHQzOTYwE6QRMA8xDTALBgNVBAMMBHQz +OTcwE6QRMA8xDTALBgNVBAMMBHQzOTgwE6QRMA8xDTALBgNVBAMMBHQzOTkwE6QR +MA8xDTALBgNVBAMMBHQ0MDAwE6QRMA8xDTALBgNVBAMMBHQ0MDEwE6QRMA8xDTAL +BgNVBAMMBHQ0MDIwE6QRMA8xDTALBgNVBAMMBHQ0MDMwE6QRMA8xDTALBgNVBAMM +BHQ0MDQwE6QRMA8xDTALBgNVBAMMBHQ0MDUwE6QRMA8xDTALBgNVBAMMBHQ0MDYw +E6QRMA8xDTALBgNVBAMMBHQ0MDcwE6QRMA8xDTALBgNVBAMMBHQ0MDgwE6QRMA8x +DTALBgNVBAMMBHQ0MDkwE6QRMA8xDTALBgNVBAMMBHQ0MTAwE6QRMA8xDTALBgNV +BAMMBHQ0MTEwE6QRMA8xDTALBgNVBAMMBHQ0MTIwE6QRMA8xDTALBgNVBAMMBHQ0 +MTMwE6QRMA8xDTALBgNVBAMMBHQ0MTQwE6QRMA8xDTALBgNVBAMMBHQ0MTUwE6QR +MA8xDTALBgNVBAMMBHQ0MTYwE6QRMA8xDTALBgNVBAMMBHQ0MTcwE6QRMA8xDTAL +BgNVBAMMBHQ0MTgwE6QRMA8xDTALBgNVBAMMBHQ0MTkwE6QRMA8xDTALBgNVBAMM +BHQ0MjAwE6QRMA8xDTALBgNVBAMMBHQ0MjEwE6QRMA8xDTALBgNVBAMMBHQ0MjIw +E6QRMA8xDTALBgNVBAMMBHQ0MjMwE6QRMA8xDTALBgNVBAMMBHQ0MjQwE6QRMA8x +DTALBgNVBAMMBHQ0MjUwE6QRMA8xDTALBgNVBAMMBHQ0MjYwE6QRMA8xDTALBgNV +BAMMBHQ0MjcwE6QRMA8xDTALBgNVBAMMBHQ0MjgwE6QRMA8xDTALBgNVBAMMBHQ0 +MjkwE6QRMA8xDTALBgNVBAMMBHQ0MzAwE6QRMA8xDTALBgNVBAMMBHQ0MzEwE6QR +MA8xDTALBgNVBAMMBHQ0MzIwE6QRMA8xDTALBgNVBAMMBHQ0MzMwE6QRMA8xDTAL +BgNVBAMMBHQ0MzQwE6QRMA8xDTALBgNVBAMMBHQ0MzUwE6QRMA8xDTALBgNVBAMM +BHQ0MzYwE6QRMA8xDTALBgNVBAMMBHQ0MzcwE6QRMA8xDTALBgNVBAMMBHQ0Mzgw +E6QRMA8xDTALBgNVBAMMBHQ0MzkwE6QRMA8xDTALBgNVBAMMBHQ0NDAwE6QRMA8x +DTALBgNVBAMMBHQ0NDEwE6QRMA8xDTALBgNVBAMMBHQ0NDIwE6QRMA8xDTALBgNV +BAMMBHQ0NDMwE6QRMA8xDTALBgNVBAMMBHQ0NDQwE6QRMA8xDTALBgNVBAMMBHQ0 +NDUwE6QRMA8xDTALBgNVBAMMBHQ0NDYwE6QRMA8xDTALBgNVBAMMBHQ0NDcwE6QR +MA8xDTALBgNVBAMMBHQ0NDgwE6QRMA8xDTALBgNVBAMMBHQ0NDkwE6QRMA8xDTAL +BgNVBAMMBHQ0NTAwE6QRMA8xDTALBgNVBAMMBHQ0NTEwE6QRMA8xDTALBgNVBAMM +BHQ0NTIwE6QRMA8xDTALBgNVBAMMBHQ0NTMwE6QRMA8xDTALBgNVBAMMBHQ0NTQw +E6QRMA8xDTALBgNVBAMMBHQ0NTUwE6QRMA8xDTALBgNVBAMMBHQ0NTYwE6QRMA8x +DTALBgNVBAMMBHQ0NTcwE6QRMA8xDTALBgNVBAMMBHQ0NTgwE6QRMA8xDTALBgNV +BAMMBHQ0NTkwE6QRMA8xDTALBgNVBAMMBHQ0NjAwE6QRMA8xDTALBgNVBAMMBHQ0 +NjEwE6QRMA8xDTALBgNVBAMMBHQ0NjIwE6QRMA8xDTALBgNVBAMMBHQ0NjMwE6QR +MA8xDTALBgNVBAMMBHQ0NjQwE6QRMA8xDTALBgNVBAMMBHQ0NjUwE6QRMA8xDTAL +BgNVBAMMBHQ0NjYwE6QRMA8xDTALBgNVBAMMBHQ0NjcwE6QRMA8xDTALBgNVBAMM +BHQ0NjgwE6QRMA8xDTALBgNVBAMMBHQ0NjkwE6QRMA8xDTALBgNVBAMMBHQ0NzAw +E6QRMA8xDTALBgNVBAMMBHQ0NzEwE6QRMA8xDTALBgNVBAMMBHQ0NzIwE6QRMA8x +DTALBgNVBAMMBHQ0NzMwE6QRMA8xDTALBgNVBAMMBHQ0NzQwE6QRMA8xDTALBgNV +BAMMBHQ0NzUwE6QRMA8xDTALBgNVBAMMBHQ0NzYwE6QRMA8xDTALBgNVBAMMBHQ0 +NzcwE6QRMA8xDTALBgNVBAMMBHQ0NzgwE6QRMA8xDTALBgNVBAMMBHQ0NzkwE6QR +MA8xDTALBgNVBAMMBHQ0ODAwE6QRMA8xDTALBgNVBAMMBHQ0ODEwE6QRMA8xDTAL +BgNVBAMMBHQ0ODIwE6QRMA8xDTALBgNVBAMMBHQ0ODMwE6QRMA8xDTALBgNVBAMM +BHQ0ODQwE6QRMA8xDTALBgNVBAMMBHQ0ODUwE6QRMA8xDTALBgNVBAMMBHQ0ODYw +E6QRMA8xDTALBgNVBAMMBHQ0ODcwE6QRMA8xDTALBgNVBAMMBHQ0ODgwE6QRMA8x +DTALBgNVBAMMBHQ0ODkwE6QRMA8xDTALBgNVBAMMBHQ0OTAwE6QRMA8xDTALBgNV +BAMMBHQ0OTEwE6QRMA8xDTALBgNVBAMMBHQ0OTIwE6QRMA8xDTALBgNVBAMMBHQ0 +OTMwE6QRMA8xDTALBgNVBAMMBHQ0OTQwE6QRMA8xDTALBgNVBAMMBHQ0OTUwE6QR +MA8xDTALBgNVBAMMBHQ0OTYwE6QRMA8xDTALBgNVBAMMBHQ0OTcwE6QRMA8xDTAL +BgNVBAMMBHQ0OTgwE6QRMA8xDTALBgNVBAMMBHQ0OTkwE6QRMA8xDTALBgNVBAMM +BHQ1MDAwE6QRMA8xDTALBgNVBAMMBHQ1MDEwE6QRMA8xDTALBgNVBAMMBHQ1MDIw +E6QRMA8xDTALBgNVBAMMBHQ1MDMwE6QRMA8xDTALBgNVBAMMBHQ1MDQwE6QRMA8x +DTALBgNVBAMMBHQ1MDUwE6QRMA8xDTALBgNVBAMMBHQ1MDYwE6QRMA8xDTALBgNV +BAMMBHQ1MDcwE6QRMA8xDTALBgNVBAMMBHQ1MDgwE6QRMA8xDTALBgNVBAMMBHQ1 +MDkwE6QRMA8xDTALBgNVBAMMBHQ1MTAwE6QRMA8xDTALBgNVBAMMBHQ1MTEwE6QR +MA8xDTALBgNVBAMMBHQ1MTIwE6QRMA8xDTALBgNVBAMMBHQ1MTMwE6QRMA8xDTAL +BgNVBAMMBHQ1MTQwE6QRMA8xDTALBgNVBAMMBHQ1MTUwE6QRMA8xDTALBgNVBAMM +BHQ1MTYwE6QRMA8xDTALBgNVBAMMBHQ1MTcwE6QRMA8xDTALBgNVBAMMBHQ1MTgw +E6QRMA8xDTALBgNVBAMMBHQ1MTkwE6QRMA8xDTALBgNVBAMMBHQ1MjAwE6QRMA8x +DTALBgNVBAMMBHQ1MjEwE6QRMA8xDTALBgNVBAMMBHQ1MjIwE6QRMA8xDTALBgNV +BAMMBHQ1MjMwE6QRMA8xDTALBgNVBAMMBHQ1MjQwE6QRMA8xDTALBgNVBAMMBHQ1 +MjUwE6QRMA8xDTALBgNVBAMMBHQ1MjYwE6QRMA8xDTALBgNVBAMMBHQ1MjcwE6QR +MA8xDTALBgNVBAMMBHQ1MjgwE6QRMA8xDTALBgNVBAMMBHQ1MjkwE6QRMA8xDTAL +BgNVBAMMBHQ1MzAwE6QRMA8xDTALBgNVBAMMBHQ1MzEwE6QRMA8xDTALBgNVBAMM +BHQ1MzIwE6QRMA8xDTALBgNVBAMMBHQ1MzMwE6QRMA8xDTALBgNVBAMMBHQ1MzQw +E6QRMA8xDTALBgNVBAMMBHQ1MzUwE6QRMA8xDTALBgNVBAMMBHQ1MzYwE6QRMA8x +DTALBgNVBAMMBHQ1MzcwE6QRMA8xDTALBgNVBAMMBHQ1MzgwE6QRMA8xDTALBgNV +BAMMBHQ1MzkwE6QRMA8xDTALBgNVBAMMBHQ1NDAwE6QRMA8xDTALBgNVBAMMBHQ1 +NDEwE6QRMA8xDTALBgNVBAMMBHQ1NDIwE6QRMA8xDTALBgNVBAMMBHQ1NDMwE6QR +MA8xDTALBgNVBAMMBHQ1NDQwE6QRMA8xDTALBgNVBAMMBHQ1NDUwE6QRMA8xDTAL +BgNVBAMMBHQ1NDYwE6QRMA8xDTALBgNVBAMMBHQ1NDcwE6QRMA8xDTALBgNVBAMM +BHQ1NDgwE6QRMA8xDTALBgNVBAMMBHQ1NDkwE6QRMA8xDTALBgNVBAMMBHQ1NTAw +E6QRMA8xDTALBgNVBAMMBHQ1NTEwE6QRMA8xDTALBgNVBAMMBHQ1NTIwE6QRMA8x +DTALBgNVBAMMBHQ1NTMwE6QRMA8xDTALBgNVBAMMBHQ1NTQwE6QRMA8xDTALBgNV +BAMMBHQ1NTUwE6QRMA8xDTALBgNVBAMMBHQ1NTYwE6QRMA8xDTALBgNVBAMMBHQ1 +NTcwE6QRMA8xDTALBgNVBAMMBHQ1NTgwE6QRMA8xDTALBgNVBAMMBHQ1NTkwE6QR +MA8xDTALBgNVBAMMBHQ1NjAwE6QRMA8xDTALBgNVBAMMBHQ1NjEwE6QRMA8xDTAL +BgNVBAMMBHQ1NjIwE6QRMA8xDTALBgNVBAMMBHQ1NjMwE6QRMA8xDTALBgNVBAMM +BHQ1NjQwE6QRMA8xDTALBgNVBAMMBHQ1NjUwE6QRMA8xDTALBgNVBAMMBHQ1NjYw +E6QRMA8xDTALBgNVBAMMBHQ1NjcwE6QRMA8xDTALBgNVBAMMBHQ1NjgwE6QRMA8x +DTALBgNVBAMMBHQ1NjkwE6QRMA8xDTALBgNVBAMMBHQ1NzAwE6QRMA8xDTALBgNV +BAMMBHQ1NzEwE6QRMA8xDTALBgNVBAMMBHQ1NzIwE6QRMA8xDTALBgNVBAMMBHQ1 +NzMwE6QRMA8xDTALBgNVBAMMBHQ1NzQwE6QRMA8xDTALBgNVBAMMBHQ1NzUwE6QR +MA8xDTALBgNVBAMMBHQ1NzYwE6QRMA8xDTALBgNVBAMMBHQ1NzcwE6QRMA8xDTAL +BgNVBAMMBHQ1NzgwE6QRMA8xDTALBgNVBAMMBHQ1NzkwE6QRMA8xDTALBgNVBAMM +BHQ1ODAwE6QRMA8xDTALBgNVBAMMBHQ1ODEwE6QRMA8xDTALBgNVBAMMBHQ1ODIw +E6QRMA8xDTALBgNVBAMMBHQ1ODMwE6QRMA8xDTALBgNVBAMMBHQ1ODQwE6QRMA8x +DTALBgNVBAMMBHQ1ODUwE6QRMA8xDTALBgNVBAMMBHQ1ODYwE6QRMA8xDTALBgNV +BAMMBHQ1ODcwE6QRMA8xDTALBgNVBAMMBHQ1ODgwE6QRMA8xDTALBgNVBAMMBHQ1 +ODkwE6QRMA8xDTALBgNVBAMMBHQ1OTAwE6QRMA8xDTALBgNVBAMMBHQ1OTEwE6QR +MA8xDTALBgNVBAMMBHQ1OTIwE6QRMA8xDTALBgNVBAMMBHQ1OTMwE6QRMA8xDTAL +BgNVBAMMBHQ1OTQwE6QRMA8xDTALBgNVBAMMBHQ1OTUwE6QRMA8xDTALBgNVBAMM +BHQ1OTYwE6QRMA8xDTALBgNVBAMMBHQ1OTcwE6QRMA8xDTALBgNVBAMMBHQ1OTgw +E6QRMA8xDTALBgNVBAMMBHQ1OTkwE6QRMA8xDTALBgNVBAMMBHQ2MDAwE6QRMA8x +DTALBgNVBAMMBHQ2MDEwE6QRMA8xDTALBgNVBAMMBHQ2MDIwE6QRMA8xDTALBgNV +BAMMBHQ2MDMwE6QRMA8xDTALBgNVBAMMBHQ2MDQwE6QRMA8xDTALBgNVBAMMBHQ2 +MDUwE6QRMA8xDTALBgNVBAMMBHQ2MDYwE6QRMA8xDTALBgNVBAMMBHQ2MDcwE6QR +MA8xDTALBgNVBAMMBHQ2MDgwE6QRMA8xDTALBgNVBAMMBHQ2MDkwE6QRMA8xDTAL +BgNVBAMMBHQ2MTAwE6QRMA8xDTALBgNVBAMMBHQ2MTEwE6QRMA8xDTALBgNVBAMM +BHQ2MTIwE6QRMA8xDTALBgNVBAMMBHQ2MTMwE6QRMA8xDTALBgNVBAMMBHQ2MTQw +E6QRMA8xDTALBgNVBAMMBHQ2MTUwE6QRMA8xDTALBgNVBAMMBHQ2MTYwE6QRMA8x +DTALBgNVBAMMBHQ2MTcwE6QRMA8xDTALBgNVBAMMBHQ2MTgwE6QRMA8xDTALBgNV +BAMMBHQ2MTkwE6QRMA8xDTALBgNVBAMMBHQ2MjAwE6QRMA8xDTALBgNVBAMMBHQ2 +MjEwE6QRMA8xDTALBgNVBAMMBHQ2MjIwE6QRMA8xDTALBgNVBAMMBHQ2MjMwE6QR +MA8xDTALBgNVBAMMBHQ2MjQwE6QRMA8xDTALBgNVBAMMBHQ2MjUwE6QRMA8xDTAL +BgNVBAMMBHQ2MjYwE6QRMA8xDTALBgNVBAMMBHQ2MjcwE6QRMA8xDTALBgNVBAMM +BHQ2MjgwE6QRMA8xDTALBgNVBAMMBHQ2MjkwE6QRMA8xDTALBgNVBAMMBHQ2MzAw +E6QRMA8xDTALBgNVBAMMBHQ2MzEwE6QRMA8xDTALBgNVBAMMBHQ2MzIwE6QRMA8x +DTALBgNVBAMMBHQ2MzMwE6QRMA8xDTALBgNVBAMMBHQ2MzQwE6QRMA8xDTALBgNV +BAMMBHQ2MzUwE6QRMA8xDTALBgNVBAMMBHQ2MzYwE6QRMA8xDTALBgNVBAMMBHQ2 +MzcwE6QRMA8xDTALBgNVBAMMBHQ2MzgwE6QRMA8xDTALBgNVBAMMBHQ2MzkwE6QR +MA8xDTALBgNVBAMMBHQ2NDAwE6QRMA8xDTALBgNVBAMMBHQ2NDEwE6QRMA8xDTAL +BgNVBAMMBHQ2NDIwE6QRMA8xDTALBgNVBAMMBHQ2NDMwE6QRMA8xDTALBgNVBAMM +BHQ2NDQwE6QRMA8xDTALBgNVBAMMBHQ2NDUwE6QRMA8xDTALBgNVBAMMBHQ2NDYw +E6QRMA8xDTALBgNVBAMMBHQ2NDcwE6QRMA8xDTALBgNVBAMMBHQ2NDgwE6QRMA8x +DTALBgNVBAMMBHQ2NDkwE6QRMA8xDTALBgNVBAMMBHQ2NTAwE6QRMA8xDTALBgNV +BAMMBHQ2NTEwE6QRMA8xDTALBgNVBAMMBHQ2NTIwE6QRMA8xDTALBgNVBAMMBHQ2 +NTMwE6QRMA8xDTALBgNVBAMMBHQ2NTQwE6QRMA8xDTALBgNVBAMMBHQ2NTUwE6QR +MA8xDTALBgNVBAMMBHQ2NTYwE6QRMA8xDTALBgNVBAMMBHQ2NTcwE6QRMA8xDTAL +BgNVBAMMBHQ2NTgwE6QRMA8xDTALBgNVBAMMBHQ2NTkwE6QRMA8xDTALBgNVBAMM +BHQ2NjAwE6QRMA8xDTALBgNVBAMMBHQ2NjEwE6QRMA8xDTALBgNVBAMMBHQ2NjIw +E6QRMA8xDTALBgNVBAMMBHQ2NjMwE6QRMA8xDTALBgNVBAMMBHQ2NjQwE6QRMA8x +DTALBgNVBAMMBHQ2NjUwE6QRMA8xDTALBgNVBAMMBHQ2NjYwE6QRMA8xDTALBgNV +BAMMBHQ2NjcwE6QRMA8xDTALBgNVBAMMBHQ2NjgwE6QRMA8xDTALBgNVBAMMBHQ2 +NjkwE6QRMA8xDTALBgNVBAMMBHQ2NzAwE6QRMA8xDTALBgNVBAMMBHQ2NzEwE6QR +MA8xDTALBgNVBAMMBHQ2NzIwE6QRMA8xDTALBgNVBAMMBHQ2NzMwE6QRMA8xDTAL +BgNVBAMMBHQ2NzQwE6QRMA8xDTALBgNVBAMMBHQ2NzUwE6QRMA8xDTALBgNVBAMM +BHQ2NzYwE6QRMA8xDTALBgNVBAMMBHQ2NzcwE6QRMA8xDTALBgNVBAMMBHQ2Nzgw +E6QRMA8xDTALBgNVBAMMBHQ2NzkwE6QRMA8xDTALBgNVBAMMBHQ2ODAwE6QRMA8x +DTALBgNVBAMMBHQ2ODEwE6QRMA8xDTALBgNVBAMMBHQ2ODIwE6QRMA8xDTALBgNV +BAMMBHQ2ODMwE6QRMA8xDTALBgNVBAMMBHQ2ODQwE6QRMA8xDTALBgNVBAMMBHQ2 +ODUwE6QRMA8xDTALBgNVBAMMBHQ2ODYwE6QRMA8xDTALBgNVBAMMBHQ2ODcwE6QR +MA8xDTALBgNVBAMMBHQ2ODgwE6QRMA8xDTALBgNVBAMMBHQ2ODkwE6QRMA8xDTAL +BgNVBAMMBHQ2OTAwE6QRMA8xDTALBgNVBAMMBHQ2OTEwE6QRMA8xDTALBgNVBAMM +BHQ2OTIwE6QRMA8xDTALBgNVBAMMBHQ2OTMwE6QRMA8xDTALBgNVBAMMBHQ2OTQw +E6QRMA8xDTALBgNVBAMMBHQ2OTUwE6QRMA8xDTALBgNVBAMMBHQ2OTYwE6QRMA8x +DTALBgNVBAMMBHQ2OTcwE6QRMA8xDTALBgNVBAMMBHQ2OTgwE6QRMA8xDTALBgNV +BAMMBHQ2OTkwE6QRMA8xDTALBgNVBAMMBHQ3MDAwE6QRMA8xDTALBgNVBAMMBHQ3 +MDEwE6QRMA8xDTALBgNVBAMMBHQ3MDIwE6QRMA8xDTALBgNVBAMMBHQ3MDMwE6QR +MA8xDTALBgNVBAMMBHQ3MDQwE6QRMA8xDTALBgNVBAMMBHQ3MDUwE6QRMA8xDTAL +BgNVBAMMBHQ3MDYwE6QRMA8xDTALBgNVBAMMBHQ3MDcwE6QRMA8xDTALBgNVBAMM +BHQ3MDgwE6QRMA8xDTALBgNVBAMMBHQ3MDkwE6QRMA8xDTALBgNVBAMMBHQ3MTAw +E6QRMA8xDTALBgNVBAMMBHQ3MTEwE6QRMA8xDTALBgNVBAMMBHQ3MTIwE6QRMA8x +DTALBgNVBAMMBHQ3MTMwE6QRMA8xDTALBgNVBAMMBHQ3MTQwE6QRMA8xDTALBgNV +BAMMBHQ3MTUwE6QRMA8xDTALBgNVBAMMBHQ3MTYwE6QRMA8xDTALBgNVBAMMBHQ3 +MTcwE6QRMA8xDTALBgNVBAMMBHQ3MTgwE6QRMA8xDTALBgNVBAMMBHQ3MTkwE6QR +MA8xDTALBgNVBAMMBHQ3MjAwE6QRMA8xDTALBgNVBAMMBHQ3MjEwE6QRMA8xDTAL +BgNVBAMMBHQ3MjIwE6QRMA8xDTALBgNVBAMMBHQ3MjMwE6QRMA8xDTALBgNVBAMM +BHQ3MjQwE6QRMA8xDTALBgNVBAMMBHQ3MjUwE6QRMA8xDTALBgNVBAMMBHQ3MjYw +E6QRMA8xDTALBgNVBAMMBHQ3MjcwE6QRMA8xDTALBgNVBAMMBHQ3MjgwE6QRMA8x +DTALBgNVBAMMBHQ3MjkwE6QRMA8xDTALBgNVBAMMBHQ3MzAwE6QRMA8xDTALBgNV +BAMMBHQ3MzEwE6QRMA8xDTALBgNVBAMMBHQ3MzIwE6QRMA8xDTALBgNVBAMMBHQ3 +MzMwE6QRMA8xDTALBgNVBAMMBHQ3MzQwE6QRMA8xDTALBgNVBAMMBHQ3MzUwE6QR +MA8xDTALBgNVBAMMBHQ3MzYwE6QRMA8xDTALBgNVBAMMBHQ3MzcwE6QRMA8xDTAL +BgNVBAMMBHQ3MzgwE6QRMA8xDTALBgNVBAMMBHQ3MzkwE6QRMA8xDTALBgNVBAMM +BHQ3NDAwE6QRMA8xDTALBgNVBAMMBHQ3NDEwE6QRMA8xDTALBgNVBAMMBHQ3NDIw +E6QRMA8xDTALBgNVBAMMBHQ3NDMwE6QRMA8xDTALBgNVBAMMBHQ3NDQwE6QRMA8x +DTALBgNVBAMMBHQ3NDUwE6QRMA8xDTALBgNVBAMMBHQ3NDYwE6QRMA8xDTALBgNV +BAMMBHQ3NDcwE6QRMA8xDTALBgNVBAMMBHQ3NDgwE6QRMA8xDTALBgNVBAMMBHQ3 +NDkwE6QRMA8xDTALBgNVBAMMBHQ3NTAwE6QRMA8xDTALBgNVBAMMBHQ3NTEwE6QR +MA8xDTALBgNVBAMMBHQ3NTIwE6QRMA8xDTALBgNVBAMMBHQ3NTMwE6QRMA8xDTAL +BgNVBAMMBHQ3NTQwE6QRMA8xDTALBgNVBAMMBHQ3NTUwE6QRMA8xDTALBgNVBAMM +BHQ3NTYwE6QRMA8xDTALBgNVBAMMBHQ3NTcwE6QRMA8xDTALBgNVBAMMBHQ3NTgw +E6QRMA8xDTALBgNVBAMMBHQ3NTkwE6QRMA8xDTALBgNVBAMMBHQ3NjAwE6QRMA8x +DTALBgNVBAMMBHQ3NjEwE6QRMA8xDTALBgNVBAMMBHQ3NjIwE6QRMA8xDTALBgNV +BAMMBHQ3NjMwE6QRMA8xDTALBgNVBAMMBHQ3NjQwE6QRMA8xDTALBgNVBAMMBHQ3 +NjUwE6QRMA8xDTALBgNVBAMMBHQ3NjYwE6QRMA8xDTALBgNVBAMMBHQ3NjcwE6QR +MA8xDTALBgNVBAMMBHQ3NjgwE6QRMA8xDTALBgNVBAMMBHQ3NjkwE6QRMA8xDTAL +BgNVBAMMBHQ3NzAwE6QRMA8xDTALBgNVBAMMBHQ3NzEwE6QRMA8xDTALBgNVBAMM +BHQ3NzIwE6QRMA8xDTALBgNVBAMMBHQ3NzMwE6QRMA8xDTALBgNVBAMMBHQ3NzQw +E6QRMA8xDTALBgNVBAMMBHQ3NzUwE6QRMA8xDTALBgNVBAMMBHQ3NzYwE6QRMA8x +DTALBgNVBAMMBHQ3NzcwE6QRMA8xDTALBgNVBAMMBHQ3NzgwE6QRMA8xDTALBgNV +BAMMBHQ3NzkwE6QRMA8xDTALBgNVBAMMBHQ3ODAwE6QRMA8xDTALBgNVBAMMBHQ3 +ODEwE6QRMA8xDTALBgNVBAMMBHQ3ODIwE6QRMA8xDTALBgNVBAMMBHQ3ODMwE6QR +MA8xDTALBgNVBAMMBHQ3ODQwE6QRMA8xDTALBgNVBAMMBHQ3ODUwE6QRMA8xDTAL +BgNVBAMMBHQ3ODYwE6QRMA8xDTALBgNVBAMMBHQ3ODcwE6QRMA8xDTALBgNVBAMM +BHQ3ODgwE6QRMA8xDTALBgNVBAMMBHQ3ODkwE6QRMA8xDTALBgNVBAMMBHQ3OTAw +E6QRMA8xDTALBgNVBAMMBHQ3OTEwE6QRMA8xDTALBgNVBAMMBHQ3OTIwE6QRMA8x +DTALBgNVBAMMBHQ3OTMwE6QRMA8xDTALBgNVBAMMBHQ3OTQwE6QRMA8xDTALBgNV +BAMMBHQ3OTUwE6QRMA8xDTALBgNVBAMMBHQ3OTYwE6QRMA8xDTALBgNVBAMMBHQ3 +OTcwE6QRMA8xDTALBgNVBAMMBHQ3OTgwE6QRMA8xDTALBgNVBAMMBHQ3OTkwE6QR +MA8xDTALBgNVBAMMBHQ4MDAwE6QRMA8xDTALBgNVBAMMBHQ4MDEwE6QRMA8xDTAL +BgNVBAMMBHQ4MDIwE6QRMA8xDTALBgNVBAMMBHQ4MDMwE6QRMA8xDTALBgNVBAMM +BHQ4MDQwE6QRMA8xDTALBgNVBAMMBHQ4MDUwE6QRMA8xDTALBgNVBAMMBHQ4MDYw +E6QRMA8xDTALBgNVBAMMBHQ4MDcwE6QRMA8xDTALBgNVBAMMBHQ4MDgwE6QRMA8x +DTALBgNVBAMMBHQ4MDkwE6QRMA8xDTALBgNVBAMMBHQ4MTAwE6QRMA8xDTALBgNV +BAMMBHQ4MTEwE6QRMA8xDTALBgNVBAMMBHQ4MTIwE6QRMA8xDTALBgNVBAMMBHQ4 +MTMwE6QRMA8xDTALBgNVBAMMBHQ4MTQwE6QRMA8xDTALBgNVBAMMBHQ4MTUwE6QR +MA8xDTALBgNVBAMMBHQ4MTYwE6QRMA8xDTALBgNVBAMMBHQ4MTcwE6QRMA8xDTAL +BgNVBAMMBHQ4MTgwE6QRMA8xDTALBgNVBAMMBHQ4MTkwE6QRMA8xDTALBgNVBAMM +BHQ4MjAwE6QRMA8xDTALBgNVBAMMBHQ4MjEwE6QRMA8xDTALBgNVBAMMBHQ4MjIw +E6QRMA8xDTALBgNVBAMMBHQ4MjMwE6QRMA8xDTALBgNVBAMMBHQ4MjQwE6QRMA8x +DTALBgNVBAMMBHQ4MjUwE6QRMA8xDTALBgNVBAMMBHQ4MjYwE6QRMA8xDTALBgNV +BAMMBHQ4MjcwE6QRMA8xDTALBgNVBAMMBHQ4MjgwE6QRMA8xDTALBgNVBAMMBHQ4 +MjkwE6QRMA8xDTALBgNVBAMMBHQ4MzAwE6QRMA8xDTALBgNVBAMMBHQ4MzEwE6QR +MA8xDTALBgNVBAMMBHQ4MzIwE6QRMA8xDTALBgNVBAMMBHQ4MzMwE6QRMA8xDTAL +BgNVBAMMBHQ4MzQwE6QRMA8xDTALBgNVBAMMBHQ4MzUwE6QRMA8xDTALBgNVBAMM +BHQ4MzYwE6QRMA8xDTALBgNVBAMMBHQ4MzcwE6QRMA8xDTALBgNVBAMMBHQ4Mzgw +E6QRMA8xDTALBgNVBAMMBHQ4MzkwE6QRMA8xDTALBgNVBAMMBHQ4NDAwE6QRMA8x +DTALBgNVBAMMBHQ4NDEwE6QRMA8xDTALBgNVBAMMBHQ4NDIwE6QRMA8xDTALBgNV +BAMMBHQ4NDMwE6QRMA8xDTALBgNVBAMMBHQ4NDQwE6QRMA8xDTALBgNVBAMMBHQ4 +NDUwE6QRMA8xDTALBgNVBAMMBHQ4NDYwE6QRMA8xDTALBgNVBAMMBHQ4NDcwE6QR +MA8xDTALBgNVBAMMBHQ4NDgwE6QRMA8xDTALBgNVBAMMBHQ4NDkwE6QRMA8xDTAL +BgNVBAMMBHQ4NTAwE6QRMA8xDTALBgNVBAMMBHQ4NTEwE6QRMA8xDTALBgNVBAMM +BHQ4NTIwE6QRMA8xDTALBgNVBAMMBHQ4NTMwE6QRMA8xDTALBgNVBAMMBHQ4NTQw +E6QRMA8xDTALBgNVBAMMBHQ4NTUwE6QRMA8xDTALBgNVBAMMBHQ4NTYwE6QRMA8x +DTALBgNVBAMMBHQ4NTcwE6QRMA8xDTALBgNVBAMMBHQ4NTgwE6QRMA8xDTALBgNV +BAMMBHQ4NTkwE6QRMA8xDTALBgNVBAMMBHQ4NjAwE6QRMA8xDTALBgNVBAMMBHQ4 +NjEwE6QRMA8xDTALBgNVBAMMBHQ4NjIwE6QRMA8xDTALBgNVBAMMBHQ4NjMwE6QR +MA8xDTALBgNVBAMMBHQ4NjQwE6QRMA8xDTALBgNVBAMMBHQ4NjUwE6QRMA8xDTAL +BgNVBAMMBHQ4NjYwE6QRMA8xDTALBgNVBAMMBHQ4NjcwE6QRMA8xDTALBgNVBAMM +BHQ4NjgwE6QRMA8xDTALBgNVBAMMBHQ4NjkwE6QRMA8xDTALBgNVBAMMBHQ4NzAw +E6QRMA8xDTALBgNVBAMMBHQ4NzEwE6QRMA8xDTALBgNVBAMMBHQ4NzIwE6QRMA8x +DTALBgNVBAMMBHQ4NzMwE6QRMA8xDTALBgNVBAMMBHQ4NzQwE6QRMA8xDTALBgNV +BAMMBHQ4NzUwE6QRMA8xDTALBgNVBAMMBHQ4NzYwE6QRMA8xDTALBgNVBAMMBHQ4 +NzcwE6QRMA8xDTALBgNVBAMMBHQ4NzgwE6QRMA8xDTALBgNVBAMMBHQ4NzkwE6QR +MA8xDTALBgNVBAMMBHQ4ODAwE6QRMA8xDTALBgNVBAMMBHQ4ODEwE6QRMA8xDTAL +BgNVBAMMBHQ4ODIwE6QRMA8xDTALBgNVBAMMBHQ4ODMwE6QRMA8xDTALBgNVBAMM +BHQ4ODQwE6QRMA8xDTALBgNVBAMMBHQ4ODUwE6QRMA8xDTALBgNVBAMMBHQ4ODYw +E6QRMA8xDTALBgNVBAMMBHQ4ODcwE6QRMA8xDTALBgNVBAMMBHQ4ODgwE6QRMA8x +DTALBgNVBAMMBHQ4ODkwE6QRMA8xDTALBgNVBAMMBHQ4OTAwE6QRMA8xDTALBgNV +BAMMBHQ4OTEwE6QRMA8xDTALBgNVBAMMBHQ4OTIwE6QRMA8xDTALBgNVBAMMBHQ4 +OTMwE6QRMA8xDTALBgNVBAMMBHQ4OTQwE6QRMA8xDTALBgNVBAMMBHQ4OTUwE6QR +MA8xDTALBgNVBAMMBHQ4OTYwE6QRMA8xDTALBgNVBAMMBHQ4OTcwE6QRMA8xDTAL +BgNVBAMMBHQ4OTgwE6QRMA8xDTALBgNVBAMMBHQ4OTkwE6QRMA8xDTALBgNVBAMM +BHQ5MDAwE6QRMA8xDTALBgNVBAMMBHQ5MDEwE6QRMA8xDTALBgNVBAMMBHQ5MDIw +E6QRMA8xDTALBgNVBAMMBHQ5MDMwE6QRMA8xDTALBgNVBAMMBHQ5MDQwE6QRMA8x +DTALBgNVBAMMBHQ5MDUwE6QRMA8xDTALBgNVBAMMBHQ5MDYwE6QRMA8xDTALBgNV +BAMMBHQ5MDcwE6QRMA8xDTALBgNVBAMMBHQ5MDgwE6QRMA8xDTALBgNVBAMMBHQ5 +MDkwE6QRMA8xDTALBgNVBAMMBHQ5MTAwE6QRMA8xDTALBgNVBAMMBHQ5MTEwE6QR +MA8xDTALBgNVBAMMBHQ5MTIwE6QRMA8xDTALBgNVBAMMBHQ5MTMwE6QRMA8xDTAL +BgNVBAMMBHQ5MTQwE6QRMA8xDTALBgNVBAMMBHQ5MTUwE6QRMA8xDTALBgNVBAMM +BHQ5MTYwE6QRMA8xDTALBgNVBAMMBHQ5MTcwE6QRMA8xDTALBgNVBAMMBHQ5MTgw +E6QRMA8xDTALBgNVBAMMBHQ5MTkwE6QRMA8xDTALBgNVBAMMBHQ5MjAwE6QRMA8x +DTALBgNVBAMMBHQ5MjEwE6QRMA8xDTALBgNVBAMMBHQ5MjIwE6QRMA8xDTALBgNV +BAMMBHQ5MjMwE6QRMA8xDTALBgNVBAMMBHQ5MjQwE6QRMA8xDTALBgNVBAMMBHQ5 +MjUwE6QRMA8xDTALBgNVBAMMBHQ5MjYwE6QRMA8xDTALBgNVBAMMBHQ5MjcwE6QR +MA8xDTALBgNVBAMMBHQ5MjgwE6QRMA8xDTALBgNVBAMMBHQ5MjkwE6QRMA8xDTAL +BgNVBAMMBHQ5MzAwE6QRMA8xDTALBgNVBAMMBHQ5MzEwE6QRMA8xDTALBgNVBAMM +BHQ5MzIwE6QRMA8xDTALBgNVBAMMBHQ5MzMwE6QRMA8xDTALBgNVBAMMBHQ5MzQw +E6QRMA8xDTALBgNVBAMMBHQ5MzUwE6QRMA8xDTALBgNVBAMMBHQ5MzYwE6QRMA8x +DTALBgNVBAMMBHQ5MzcwE6QRMA8xDTALBgNVBAMMBHQ5MzgwE6QRMA8xDTALBgNV +BAMMBHQ5MzkwE6QRMA8xDTALBgNVBAMMBHQ5NDAwE6QRMA8xDTALBgNVBAMMBHQ5 +NDEwE6QRMA8xDTALBgNVBAMMBHQ5NDIwE6QRMA8xDTALBgNVBAMMBHQ5NDMwE6QR +MA8xDTALBgNVBAMMBHQ5NDQwE6QRMA8xDTALBgNVBAMMBHQ5NDUwE6QRMA8xDTAL +BgNVBAMMBHQ5NDYwE6QRMA8xDTALBgNVBAMMBHQ5NDcwE6QRMA8xDTALBgNVBAMM +BHQ5NDgwE6QRMA8xDTALBgNVBAMMBHQ5NDkwE6QRMA8xDTALBgNVBAMMBHQ5NTAw +E6QRMA8xDTALBgNVBAMMBHQ5NTEwE6QRMA8xDTALBgNVBAMMBHQ5NTIwE6QRMA8x +DTALBgNVBAMMBHQ5NTMwE6QRMA8xDTALBgNVBAMMBHQ5NTQwE6QRMA8xDTALBgNV +BAMMBHQ5NTUwE6QRMA8xDTALBgNVBAMMBHQ5NTYwE6QRMA8xDTALBgNVBAMMBHQ5 +NTcwE6QRMA8xDTALBgNVBAMMBHQ5NTgwE6QRMA8xDTALBgNVBAMMBHQ5NTkwE6QR +MA8xDTALBgNVBAMMBHQ5NjAwE6QRMA8xDTALBgNVBAMMBHQ5NjEwE6QRMA8xDTAL +BgNVBAMMBHQ5NjIwE6QRMA8xDTALBgNVBAMMBHQ5NjMwE6QRMA8xDTALBgNVBAMM +BHQ5NjQwE6QRMA8xDTALBgNVBAMMBHQ5NjUwE6QRMA8xDTALBgNVBAMMBHQ5NjYw +E6QRMA8xDTALBgNVBAMMBHQ5NjcwE6QRMA8xDTALBgNVBAMMBHQ5NjgwE6QRMA8x +DTALBgNVBAMMBHQ5NjkwE6QRMA8xDTALBgNVBAMMBHQ5NzAwE6QRMA8xDTALBgNV +BAMMBHQ5NzEwE6QRMA8xDTALBgNVBAMMBHQ5NzIwE6QRMA8xDTALBgNVBAMMBHQ5 +NzMwE6QRMA8xDTALBgNVBAMMBHQ5NzQwE6QRMA8xDTALBgNVBAMMBHQ5NzUwE6QR +MA8xDTALBgNVBAMMBHQ5NzYwE6QRMA8xDTALBgNVBAMMBHQ5NzcwE6QRMA8xDTAL +BgNVBAMMBHQ5NzgwE6QRMA8xDTALBgNVBAMMBHQ5NzkwE6QRMA8xDTALBgNVBAMM +BHQ5ODAwE6QRMA8xDTALBgNVBAMMBHQ5ODEwE6QRMA8xDTALBgNVBAMMBHQ5ODIw +E6QRMA8xDTALBgNVBAMMBHQ5ODMwE6QRMA8xDTALBgNVBAMMBHQ5ODQwE6QRMA8x +DTALBgNVBAMMBHQ5ODUwE6QRMA8xDTALBgNVBAMMBHQ5ODYwE6QRMA8xDTALBgNV +BAMMBHQ5ODcwE6QRMA8xDTALBgNVBAMMBHQ5ODgwE6QRMA8xDTALBgNVBAMMBHQ5 +ODkwE6QRMA8xDTALBgNVBAMMBHQ5OTAwE6QRMA8xDTALBgNVBAMMBHQ5OTEwE6QR +MA8xDTALBgNVBAMMBHQ5OTIwE6QRMA8xDTALBgNVBAMMBHQ5OTMwE6QRMA8xDTAL +BgNVBAMMBHQ5OTQwE6QRMA8xDTALBgNVBAMMBHQ5OTUwE6QRMA8xDTALBgNVBAMM +BHQ5OTYwE6QRMA8xDTALBgNVBAMMBHQ5OTcwE6QRMA8xDTALBgNVBAMMBHQ5OTgw +E6QRMA8xDTALBgNVBAMMBHQ5OTkwFKQSMBAxDjAMBgNVBAMMBXQxMDAwMBSkEjAQ +MQ4wDAYDVQQDDAV0MTAwMTAUpBIwEDEOMAwGA1UEAwwFdDEwMDIwFKQSMBAxDjAM +BgNVBAMMBXQxMDAzMBSkEjAQMQ4wDAYDVQQDDAV0MTAwNDAUpBIwEDEOMAwGA1UE +AwwFdDEwMDUwFKQSMBAxDjAMBgNVBAMMBXQxMDA2MBSkEjAQMQ4wDAYDVQQDDAV0 +MTAwNzAUpBIwEDEOMAwGA1UEAwwFdDEwMDgwFKQSMBAxDjAMBgNVBAMMBXQxMDA5 +MBSkEjAQMQ4wDAYDVQQDDAV0MTAxMDAUpBIwEDEOMAwGA1UEAwwFdDEwMTEwFKQS +MBAxDjAMBgNVBAMMBXQxMDEyMBSkEjAQMQ4wDAYDVQQDDAV0MTAxMzAUpBIwEDEO +MAwGA1UEAwwFdDEwMTQwFKQSMBAxDjAMBgNVBAMMBXQxMDE1MBSkEjAQMQ4wDAYD +VQQDDAV0MTAxNjAUpBIwEDEOMAwGA1UEAwwFdDEwMTcwFKQSMBAxDjAMBgNVBAMM +BXQxMDE4MBSkEjAQMQ4wDAYDVQQDDAV0MTAxOTAUpBIwEDEOMAwGA1UEAwwFdDEw +MjAwFKQSMBAxDjAMBgNVBAMMBXQxMDIxMBSkEjAQMQ4wDAYDVQQDDAV0MTAyMjAU +pBIwEDEOMAwGA1UEAwwFdDEwMjMwFKQSMBAxDjAMBgNVBAMMBXQxMDI0MA0GCSqG +SIb3DQEBCwUAA4IBAQBNowuporu2SMjnxgEEnpU4xKJUfhh5LyPtRRk+RPOetaAn +AXaG/FlSCdIW2TXUvILCEuR8ro+IkJ5L7+ELV7Tzn90IFXN5WSiRv+2niWPmf/08 +IZa6fYK6HN8fkyNR1g/dTVTkesny+ph2e5WtK3p8SpCVpdnYT89Lp55RDxgDqVh0 +YSatC0+eIYXHCoFBMoq3l5Zs7y+e1wZ5N+XhNvZ3fQY5K/rOg4SbsJJjf1cDlFRj +ex5WoFcx0uEMc6lS01rr1+Zcyo0rX8cJu6QMwUy710HkDeAUItC05xBCiiF9X3hM +TRxhm6nbvynCECJdWMXUytOxvH3lCWmRneGVLfR/ +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.pem new file mode 100644 index 0000000000..6447d3c6a3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Intermediate_7.pem @@ -0,0 +1,1564 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + DirName: CN = t172 + DirName: CN = t173 + DirName: CN = t174 + DirName: CN = t175 + DirName: CN = t176 + DirName: CN = t177 + DirName: CN = t178 + DirName: CN = t179 + DirName: CN = t180 + DirName: CN = t181 + DirName: CN = t182 + DirName: CN = t183 + DirName: CN = t184 + DirName: CN = t185 + DirName: CN = t186 + DirName: CN = t187 + DirName: CN = t188 + DirName: CN = t189 + DirName: CN = t190 + DirName: CN = t191 + DirName: CN = t192 + DirName: CN = t193 + DirName: CN = t194 + DirName: CN = t195 + DirName: CN = t196 + DirName: CN = t197 + DirName: CN = t198 + DirName: CN = t199 + DirName: CN = t200 + DirName: CN = t201 + DirName: CN = t202 + DirName: CN = t203 + DirName: CN = t204 + DirName: CN = t205 + DirName: CN = t206 + DirName: CN = t207 + DirName: CN = t208 + DirName: CN = t209 + DirName: CN = t210 + DirName: CN = t211 + DirName: CN = t212 + DirName: CN = t213 + DirName: CN = t214 + DirName: CN = t215 + DirName: CN = t216 + DirName: CN = t217 + DirName: CN = t218 + DirName: CN = t219 + DirName: CN = t220 + DirName: CN = t221 + DirName: CN = t222 + DirName: CN = t223 + DirName: CN = t224 + DirName: CN = t225 + DirName: CN = t226 + DirName: CN = t227 + DirName: CN = t228 + DirName: CN = t229 + DirName: CN = t230 + DirName: CN = t231 + DirName: CN = t232 + DirName: CN = t233 + DirName: CN = t234 + DirName: CN = t235 + DirName: CN = t236 + DirName: CN = t237 + DirName: CN = t238 + DirName: CN = t239 + DirName: CN = t240 + DirName: CN = t241 + DirName: CN = t242 + DirName: CN = t243 + DirName: CN = t244 + DirName: CN = t245 + DirName: CN = t246 + DirName: CN = t247 + DirName: CN = t248 + DirName: CN = t249 + DirName: CN = t250 + DirName: CN = t251 + DirName: CN = t252 + DirName: CN = t253 + DirName: CN = t254 + DirName: CN = t255 + DirName: CN = t256 + DirName: CN = t257 + DirName: CN = t258 + DirName: CN = t259 + DirName: CN = t260 + DirName: CN = t261 + DirName: CN = t262 + DirName: CN = t263 + DirName: CN = t264 + DirName: CN = t265 + DirName: CN = t266 + DirName: CN = t267 + DirName: CN = t268 + DirName: CN = t269 + DirName: CN = t270 + DirName: CN = t271 + DirName: CN = t272 + DirName: CN = t273 + DirName: CN = t274 + DirName: CN = t275 + DirName: CN = t276 + DirName: CN = t277 + DirName: CN = t278 + DirName: CN = t279 + DirName: CN = t280 + DirName: CN = t281 + DirName: CN = t282 + DirName: CN = t283 + DirName: CN = t284 + DirName: CN = t285 + DirName: CN = t286 + DirName: CN = t287 + DirName: CN = t288 + DirName: CN = t289 + DirName: CN = t290 + DirName: CN = t291 + DirName: CN = t292 + DirName: CN = t293 + DirName: CN = t294 + DirName: CN = t295 + DirName: CN = t296 + DirName: CN = t297 + DirName: CN = t298 + DirName: CN = t299 + DirName: CN = t300 + DirName: CN = t301 + DirName: CN = t302 + DirName: CN = t303 + DirName: CN = t304 + DirName: CN = t305 + DirName: CN = t306 + DirName: CN = t307 + DirName: CN = t308 + DirName: CN = t309 + DirName: CN = t310 + DirName: CN = t311 + DirName: CN = t312 + DirName: CN = t313 + DirName: CN = t314 + DirName: CN = t315 + DirName: CN = t316 + DirName: CN = t317 + DirName: CN = t318 + DirName: CN = t319 + DirName: CN = t320 + DirName: CN = t321 + DirName: CN = t322 + DirName: CN = t323 + DirName: CN = t324 + DirName: CN = t325 + DirName: CN = t326 + DirName: CN = t327 + DirName: CN = t328 + DirName: CN = t329 + DirName: CN = t330 + DirName: CN = t331 + DirName: CN = t332 + DirName: CN = t333 + DirName: CN = t334 + DirName: CN = t335 + DirName: CN = t336 + DirName: CN = t337 + DirName: CN = t338 + DirName: CN = t339 + DirName: CN = t340 + DirName: CN = t341 + DirName: CN = t342 + DirName: CN = t343 + DirName: CN = t344 + DirName: CN = t345 + DirName: CN = t346 + DirName: CN = t347 + DirName: CN = t348 + DirName: CN = t349 + DirName: CN = t350 + DirName: CN = t351 + DirName: CN = t352 + DirName: CN = t353 + DirName: CN = t354 + DirName: CN = t355 + DirName: CN = t356 + DirName: CN = t357 + DirName: CN = t358 + DirName: CN = t359 + DirName: CN = t360 + DirName: CN = t361 + DirName: CN = t362 + DirName: CN = t363 + DirName: CN = t364 + DirName: CN = t365 + DirName: CN = t366 + DirName: CN = t367 + DirName: CN = t368 + DirName: CN = t369 + DirName: CN = t370 + DirName: CN = t371 + DirName: CN = t372 + DirName: CN = t373 + DirName: CN = t374 + DirName: CN = t375 + DirName: CN = t376 + DirName: CN = t377 + DirName: CN = t378 + DirName: CN = t379 + DirName: CN = t380 + DirName: CN = t381 + DirName: CN = t382 + DirName: CN = t383 + DirName: CN = t384 + DirName: CN = t385 + DirName: CN = t386 + DirName: CN = t387 + DirName: CN = t388 + DirName: CN = t389 + DirName: CN = t390 + DirName: CN = t391 + DirName: CN = t392 + DirName: CN = t393 + DirName: CN = t394 + DirName: CN = t395 + DirName: CN = t396 + DirName: CN = t397 + DirName: CN = t398 + DirName: CN = t399 + DirName: CN = t400 + DirName: CN = t401 + DirName: CN = t402 + DirName: CN = t403 + DirName: CN = t404 + DirName: CN = t405 + DirName: CN = t406 + DirName: CN = t407 + DirName: CN = t408 + DirName: CN = t409 + DirName: CN = t410 + DirName: CN = t411 + DirName: CN = t412 + DirName: CN = t413 + DirName: CN = t414 + DirName: CN = t415 + DirName: CN = t416 + DirName: CN = t417 + DirName: CN = t418 + DirName: CN = t419 + DirName: CN = t420 + DirName: CN = t421 + DirName: CN = t422 + DirName: CN = t423 + DirName: CN = t424 + DirName: CN = t425 + DirName: CN = t426 + DirName: CN = t427 + DirName: CN = t428 + DirName: CN = t429 + DirName: CN = t430 + DirName: CN = t431 + DirName: CN = t432 + DirName: CN = t433 + DirName: CN = t434 + DirName: CN = t435 + DirName: CN = t436 + DirName: CN = t437 + DirName: CN = t438 + DirName: CN = t439 + DirName: CN = t440 + DirName: CN = t441 + DirName: CN = t442 + DirName: CN = t443 + DirName: CN = t444 + DirName: CN = t445 + DirName: CN = t446 + DirName: CN = t447 + DirName: CN = t448 + DirName: CN = t449 + DirName: CN = t450 + DirName: CN = t451 + DirName: CN = t452 + DirName: CN = t453 + DirName: CN = t454 + DirName: CN = t455 + DirName: CN = t456 + DirName: CN = t457 + DirName: CN = t458 + DirName: CN = t459 + DirName: CN = t460 + DirName: CN = t461 + DirName: CN = t462 + DirName: CN = t463 + DirName: CN = t464 + DirName: CN = t465 + DirName: CN = t466 + DirName: CN = t467 + DirName: CN = t468 + DirName: CN = t469 + DirName: CN = t470 + DirName: CN = t471 + DirName: CN = t472 + DirName: CN = t473 + DirName: CN = t474 + DirName: CN = t475 + DirName: CN = t476 + DirName: CN = t477 + DirName: CN = t478 + DirName: CN = t479 + DirName: CN = t480 + DirName: CN = t481 + DirName: CN = t482 + DirName: CN = t483 + DirName: CN = t484 + DirName: CN = t485 + DirName: CN = t486 + DirName: CN = t487 + DirName: CN = t488 + DirName: CN = t489 + DirName: CN = t490 + DirName: CN = t491 + DirName: CN = t492 + DirName: CN = t493 + DirName: CN = t494 + DirName: CN = t495 + DirName: CN = t496 + DirName: CN = t497 + DirName: CN = t498 + DirName: CN = t499 + DirName: CN = t500 + DirName: CN = t501 + DirName: CN = t502 + DirName: CN = t503 + DirName: CN = t504 + DirName: CN = t505 + DirName: CN = t506 + DirName: CN = t507 + DirName: CN = t508 + DirName: CN = t509 + DirName: CN = t510 + DirName: CN = t511 + DirName: CN = t512 + DirName: CN = t513 + DirName: CN = t514 + DirName: CN = t515 + DirName: CN = t516 + DirName: CN = t517 + DirName: CN = t518 + DirName: CN = t519 + DirName: CN = t520 + DirName: CN = t521 + DirName: CN = t522 + DirName: CN = t523 + DirName: CN = t524 + DirName: CN = t525 + DirName: CN = t526 + DirName: CN = t527 + DirName: CN = t528 + DirName: CN = t529 + DirName: CN = t530 + DirName: CN = t531 + DirName: CN = t532 + DirName: CN = t533 + DirName: CN = t534 + DirName: CN = t535 + DirName: CN = t536 + DirName: CN = t537 + DirName: CN = t538 + DirName: CN = t539 + DirName: CN = t540 + DirName: CN = t541 + DirName: CN = t542 + DirName: CN = t543 + DirName: CN = t544 + DirName: CN = t545 + DirName: CN = t546 + DirName: CN = t547 + DirName: CN = t548 + DirName: CN = t549 + DirName: CN = t550 + DirName: CN = t551 + DirName: CN = t552 + DirName: CN = t553 + DirName: CN = t554 + DirName: CN = t555 + DirName: CN = t556 + DirName: CN = t557 + DirName: CN = t558 + DirName: CN = t559 + DirName: CN = t560 + DirName: CN = t561 + DirName: CN = t562 + DirName: CN = t563 + DirName: CN = t564 + DirName: CN = t565 + DirName: CN = t566 + DirName: CN = t567 + DirName: CN = t568 + DirName: CN = t569 + DirName: CN = t570 + DirName: CN = t571 + DirName: CN = t572 + DirName: CN = t573 + DirName: CN = t574 + DirName: CN = t575 + DirName: CN = t576 + DirName: CN = t577 + DirName: CN = t578 + DirName: CN = t579 + DirName: CN = t580 + DirName: CN = t581 + DirName: CN = t582 + DirName: CN = t583 + DirName: CN = t584 + DirName: CN = t585 + DirName: CN = t586 + DirName: CN = t587 + DirName: CN = t588 + DirName: CN = t589 + DirName: CN = t590 + DirName: CN = t591 + DirName: CN = t592 + DirName: CN = t593 + DirName: CN = t594 + DirName: CN = t595 + DirName: CN = t596 + DirName: CN = t597 + DirName: CN = t598 + DirName: CN = t599 + DirName: CN = t600 + DirName: CN = t601 + DirName: CN = t602 + DirName: CN = t603 + DirName: CN = t604 + DirName: CN = t605 + DirName: CN = t606 + DirName: CN = t607 + DirName: CN = t608 + DirName: CN = t609 + DirName: CN = t610 + DirName: CN = t611 + DirName: CN = t612 + DirName: CN = t613 + DirName: CN = t614 + DirName: CN = t615 + DirName: CN = t616 + DirName: CN = t617 + DirName: CN = t618 + DirName: CN = t619 + DirName: CN = t620 + DirName: CN = t621 + DirName: CN = t622 + DirName: CN = t623 + DirName: CN = t624 + DirName: CN = t625 + DirName: CN = t626 + DirName: CN = t627 + DirName: CN = t628 + DirName: CN = t629 + DirName: CN = t630 + DirName: CN = t631 + DirName: CN = t632 + DirName: CN = t633 + DirName: CN = t634 + DirName: CN = t635 + DirName: CN = t636 + DirName: CN = t637 + DirName: CN = t638 + DirName: CN = t639 + DirName: CN = t640 + DirName: CN = t641 + DirName: CN = t642 + DirName: CN = t643 + DirName: CN = t644 + DirName: CN = t645 + DirName: CN = t646 + DirName: CN = t647 + DirName: CN = t648 + DirName: CN = t649 + DirName: CN = t650 + DirName: CN = t651 + DirName: CN = t652 + DirName: CN = t653 + DirName: CN = t654 + DirName: CN = t655 + DirName: CN = t656 + DirName: CN = t657 + DirName: CN = t658 + DirName: CN = t659 + DirName: CN = t660 + DirName: CN = t661 + DirName: CN = t662 + DirName: CN = t663 + DirName: CN = t664 + DirName: CN = t665 + DirName: CN = t666 + DirName: CN = t667 + DirName: CN = t668 + DirName: CN = t669 + DirName: CN = t670 + DirName: CN = t671 + DirName: CN = t672 + DirName: CN = t673 + DirName: CN = t674 + DirName: CN = t675 + DirName: CN = t676 + DirName: CN = t677 + DirName: CN = t678 + DirName: CN = t679 + DirName: CN = t680 + DirName: CN = t681 + DirName: CN = t682 + DirName: CN = t683 + DirName: CN = t684 + DirName: CN = t685 + DirName: CN = t686 + DirName: CN = t687 + DirName: CN = t688 + DirName: CN = t689 + DirName: CN = t690 + DirName: CN = t691 + DirName: CN = t692 + DirName: CN = t693 + DirName: CN = t694 + DirName: CN = t695 + DirName: CN = t696 + DirName: CN = t697 + DirName: CN = t698 + DirName: CN = t699 + DirName: CN = t700 + DirName: CN = t701 + DirName: CN = t702 + DirName: CN = t703 + DirName: CN = t704 + DirName: CN = t705 + DirName: CN = t706 + DirName: CN = t707 + DirName: CN = t708 + DirName: CN = t709 + DirName: CN = t710 + DirName: CN = t711 + DirName: CN = t712 + DirName: CN = t713 + DirName: CN = t714 + DirName: CN = t715 + DirName: CN = t716 + DirName: CN = t717 + DirName: CN = t718 + DirName: CN = t719 + DirName: CN = t720 + DirName: CN = t721 + DirName: CN = t722 + DirName: CN = t723 + DirName: CN = t724 + DirName: CN = t725 + DirName: CN = t726 + DirName: CN = t727 + DirName: CN = t728 + DirName: CN = t729 + DirName: CN = t730 + DirName: CN = t731 + DirName: CN = t732 + DirName: CN = t733 + DirName: CN = t734 + DirName: CN = t735 + DirName: CN = t736 + DirName: CN = t737 + DirName: CN = t738 + DirName: CN = t739 + DirName: CN = t740 + DirName: CN = t741 + DirName: CN = t742 + DirName: CN = t743 + DirName: CN = t744 + DirName: CN = t745 + DirName: CN = t746 + DirName: CN = t747 + DirName: CN = t748 + DirName: CN = t749 + DirName: CN = t750 + DirName: CN = t751 + DirName: CN = t752 + DirName: CN = t753 + DirName: CN = t754 + DirName: CN = t755 + DirName: CN = t756 + DirName: CN = t757 + DirName: CN = t758 + DirName: CN = t759 + DirName: CN = t760 + DirName: CN = t761 + DirName: CN = t762 + DirName: CN = t763 + DirName: CN = t764 + DirName: CN = t765 + DirName: CN = t766 + DirName: CN = t767 + DirName: CN = t768 + DirName: CN = t769 + DirName: CN = t770 + DirName: CN = t771 + DirName: CN = t772 + DirName: CN = t773 + DirName: CN = t774 + DirName: CN = t775 + DirName: CN = t776 + DirName: CN = t777 + DirName: CN = t778 + DirName: CN = t779 + DirName: CN = t780 + DirName: CN = t781 + DirName: CN = t782 + DirName: CN = t783 + DirName: CN = t784 + DirName: CN = t785 + DirName: CN = t786 + DirName: CN = t787 + DirName: CN = t788 + DirName: CN = t789 + DirName: CN = t790 + DirName: CN = t791 + DirName: CN = t792 + DirName: CN = t793 + DirName: CN = t794 + DirName: CN = t795 + DirName: CN = t796 + DirName: CN = t797 + DirName: CN = t798 + DirName: CN = t799 + DirName: CN = t800 + DirName: CN = t801 + DirName: CN = t802 + DirName: CN = t803 + DirName: CN = t804 + DirName: CN = t805 + DirName: CN = t806 + DirName: CN = t807 + DirName: CN = t808 + DirName: CN = t809 + DirName: CN = t810 + DirName: CN = t811 + DirName: CN = t812 + DirName: CN = t813 + DirName: CN = t814 + DirName: CN = t815 + DirName: CN = t816 + DirName: CN = t817 + DirName: CN = t818 + DirName: CN = t819 + DirName: CN = t820 + DirName: CN = t821 + DirName: CN = t822 + DirName: CN = t823 + DirName: CN = t824 + DirName: CN = t825 + DirName: CN = t826 + DirName: CN = t827 + DirName: CN = t828 + DirName: CN = t829 + DirName: CN = t830 + DirName: CN = t831 + DirName: CN = t832 + DirName: CN = t833 + DirName: CN = t834 + DirName: CN = t835 + DirName: CN = t836 + DirName: CN = t837 + DirName: CN = t838 + DirName: CN = t839 + DirName: CN = t840 + DirName: CN = t841 + DirName: CN = t842 + DirName: CN = t843 + DirName: CN = t844 + DirName: CN = t845 + DirName: CN = t846 + DirName: CN = t847 + DirName: CN = t848 + DirName: CN = t849 + DirName: CN = t850 + DirName: CN = t851 + DirName: CN = t852 + DirName: CN = t853 + DirName: CN = t854 + DirName: CN = t855 + DirName: CN = t856 + DirName: CN = t857 + DirName: CN = t858 + DirName: CN = t859 + DirName: CN = t860 + DirName: CN = t861 + DirName: CN = t862 + DirName: CN = t863 + DirName: CN = t864 + DirName: CN = t865 + DirName: CN = t866 + DirName: CN = t867 + DirName: CN = t868 + DirName: CN = t869 + DirName: CN = t870 + DirName: CN = t871 + DirName: CN = t872 + DirName: CN = t873 + DirName: CN = t874 + DirName: CN = t875 + DirName: CN = t876 + DirName: CN = t877 + DirName: CN = t878 + DirName: CN = t879 + DirName: CN = t880 + DirName: CN = t881 + DirName: CN = t882 + DirName: CN = t883 + DirName: CN = t884 + DirName: CN = t885 + DirName: CN = t886 + DirName: CN = t887 + DirName: CN = t888 + DirName: CN = t889 + DirName: CN = t890 + DirName: CN = t891 + DirName: CN = t892 + DirName: CN = t893 + DirName: CN = t894 + DirName: CN = t895 + DirName: CN = t896 + DirName: CN = t897 + DirName: CN = t898 + DirName: CN = t899 + DirName: CN = t900 + DirName: CN = t901 + DirName: CN = t902 + DirName: CN = t903 + DirName: CN = t904 + DirName: CN = t905 + DirName: CN = t906 + DirName: CN = t907 + DirName: CN = t908 + DirName: CN = t909 + DirName: CN = t910 + DirName: CN = t911 + DirName: CN = t912 + DirName: CN = t913 + DirName: CN = t914 + DirName: CN = t915 + DirName: CN = t916 + DirName: CN = t917 + DirName: CN = t918 + DirName: CN = t919 + DirName: CN = t920 + DirName: CN = t921 + DirName: CN = t922 + DirName: CN = t923 + DirName: CN = t924 + DirName: CN = t925 + DirName: CN = t926 + DirName: CN = t927 + DirName: CN = t928 + DirName: CN = t929 + DirName: CN = t930 + DirName: CN = t931 + DirName: CN = t932 + DirName: CN = t933 + DirName: CN = t934 + DirName: CN = t935 + DirName: CN = t936 + DirName: CN = t937 + DirName: CN = t938 + DirName: CN = t939 + DirName: CN = t940 + DirName: CN = t941 + DirName: CN = t942 + DirName: CN = t943 + DirName: CN = t944 + DirName: CN = t945 + DirName: CN = t946 + DirName: CN = t947 + DirName: CN = t948 + DirName: CN = t949 + DirName: CN = t950 + DirName: CN = t951 + DirName: CN = t952 + DirName: CN = t953 + DirName: CN = t954 + DirName: CN = t955 + DirName: CN = t956 + DirName: CN = t957 + DirName: CN = t958 + DirName: CN = t959 + DirName: CN = t960 + DirName: CN = t961 + DirName: CN = t962 + DirName: CN = t963 + DirName: CN = t964 + DirName: CN = t965 + DirName: CN = t966 + DirName: CN = t967 + DirName: CN = t968 + DirName: CN = t969 + DirName: CN = t970 + DirName: CN = t971 + DirName: CN = t972 + DirName: CN = t973 + DirName: CN = t974 + DirName: CN = t975 + DirName: CN = t976 + DirName: CN = t977 + DirName: CN = t978 + DirName: CN = t979 + DirName: CN = t980 + DirName: CN = t981 + DirName: CN = t982 + DirName: CN = t983 + DirName: CN = t984 + DirName: CN = t985 + DirName: CN = t986 + DirName: CN = t987 + DirName: CN = t988 + DirName: CN = t989 + DirName: CN = t990 + DirName: CN = t991 + DirName: CN = t992 + DirName: CN = t993 + DirName: CN = t994 + DirName: CN = t995 + DirName: CN = t996 + DirName: CN = t997 + DirName: CN = t998 + DirName: CN = t999 + DirName: CN = t1000 + DirName: CN = t1001 + DirName: CN = t1002 + DirName: CN = t1003 + DirName: CN = t1004 + DirName: CN = t1005 + DirName: CN = t1006 + DirName: CN = t1007 + DirName: CN = t1008 + DirName: CN = t1009 + DirName: CN = t1010 + DirName: CN = t1011 + DirName: CN = t1012 + DirName: CN = t1013 + DirName: CN = t1014 + DirName: CN = t1015 + DirName: CN = t1016 + DirName: CN = t1017 + DirName: CN = t1018 + DirName: CN = t1019 + DirName: CN = t1020 + DirName: CN = t1021 + DirName: CN = t1022 + DirName: CN = t1023 + DirName: CN = t1024 + + Signature Algorithm: sha256WithRSAEncryption + 12:ce:60:d6:3b:b5:7e:7a:8e:9e:d0:f5:fd:a8:8a:33:24:95: + 6d:79:56:24:23:12:10:8f:12:7c:e0:13:99:ba:6d:b9:b2:51: + b4:cc:50:2c:06:28:b8:d1:18:1a:16:e6:03:b4:7f:cd:b7:f6: + 06:7b:c2:77:97:52:76:8f:81:d1:f6:2c:08:e2:70:27:76:3f: + 90:a7:52:f3:15:f0:1f:40:97:99:fb:fa:9a:c1:eb:10:fa:a0: + 74:df:f1:df:8a:d2:4b:67:11:2f:5c:a9:52:78:69:e8:4b:21: + be:f2:a9:65:62:cc:0e:d9:59:8e:7a:ca:5f:01:41:d9:d2:e9: + 89:5f:bc:3c:8c:bb:4f:90:80:06:05:37:be:0c:1f:a8:56:82: + e7:92:2d:c5:89:56:d8:d4:86:9d:8a:bc:5e:43:d3:07:65:da: + d4:08:75:27:e5:49:0e:e9:f8:54:2b:7a:53:99:37:29:9b:ea: + 14:de:80:68:a9:79:26:5e:64:ff:21:6c:da:83:ef:8f:a4:df: + 3a:20:6e:5c:d3:68:48:82:ab:b9:ac:4a:28:b6:2f:35:14:98: + 54:16:a8:fa:ee:30:c3:ba:c5:2d:33:bc:32:ae:96:c6:8a:17: + 49:32:78:d4:61:29:66:7f:75:ae:16:2e:81:b2:b9:fa:56:b1: + d5:c6:9e:77 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9v0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKCCU8AwEaQPMA0xCzAJBgNVBAMMAnQwMBGkDzAN +MQswCQYDVQQDDAJ0MTARpA8wDTELMAkGA1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMM +AnQzMBGkDzANMQswCQYDVQQDDAJ0NDARpA8wDTELMAkGA1UEAwwCdDUwEaQPMA0x +CzAJBgNVBAMMAnQ2MBGkDzANMQswCQYDVQQDDAJ0NzARpA8wDTELMAkGA1UEAwwC +dDgwEaQPMA0xCzAJBgNVBAMMAnQ5MBKkEDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4x +DDAKBgNVBAMMA3QxMTASpBAwDjEMMAoGA1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQD +DAN0MTMwEqQQMA4xDDAKBgNVBAMMA3QxNDASpBAwDjEMMAoGA1UEAwwDdDE1MBKk +EDAOMQwwCgYDVQQDDAN0MTYwEqQQMA4xDDAKBgNVBAMMA3QxNzASpBAwDjEMMAoG +A1UEAwwDdDE4MBKkEDAOMQwwCgYDVQQDDAN0MTkwEqQQMA4xDDAKBgNVBAMMA3Qy +MDASpBAwDjEMMAoGA1UEAwwDdDIxMBKkEDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4x +DDAKBgNVBAMMA3QyMzASpBAwDjEMMAoGA1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQD +DAN0MjUwEqQQMA4xDDAKBgNVBAMMA3QyNjASpBAwDjEMMAoGA1UEAwwDdDI3MBKk +EDAOMQwwCgYDVQQDDAN0MjgwEqQQMA4xDDAKBgNVBAMMA3QyOTASpBAwDjEMMAoG +A1UEAwwDdDMwMBKkEDAOMQwwCgYDVQQDDAN0MzEwEqQQMA4xDDAKBgNVBAMMA3Qz +MjASpBAwDjEMMAoGA1UEAwwDdDMzMBKkEDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4x +DDAKBgNVBAMMA3QzNTASpBAwDjEMMAoGA1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQD +DAN0MzcwEqQQMA4xDDAKBgNVBAMMA3QzODASpBAwDjEMMAoGA1UEAwwDdDM5MBKk +EDAOMQwwCgYDVQQDDAN0NDAwEqQQMA4xDDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoG +A1UEAwwDdDQyMBKkEDAOMQwwCgYDVQQDDAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0 +NDASpBAwDjEMMAoGA1UEAwwDdDQ1MBKkEDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4x +DDAKBgNVBAMMA3Q0NzASpBAwDjEMMAoGA1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQD +DAN0NDkwEqQQMA4xDDAKBgNVBAMMA3Q1MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKk +EDAOMQwwCgYDVQQDDAN0NTIwEqQQMA4xDDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoG +A1UEAwwDdDU0MBKkEDAOMQwwCgYDVQQDDAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1 +NjASpBAwDjEMMAoGA1UEAwwDdDU3MBKkEDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4x +DDAKBgNVBAMMA3Q1OTASpBAwDjEMMAoGA1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQD +DAN0NjEwEqQQMA4xDDAKBgNVBAMMA3Q2MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKk +EDAOMQwwCgYDVQQDDAN0NjQwEqQQMA4xDDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoG +A1UEAwwDdDY2MBKkEDAOMQwwCgYDVQQDDAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2 +ODASpBAwDjEMMAoGA1UEAwwDdDY5MBKkEDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4x +DDAKBgNVBAMMA3Q3MTASpBAwDjEMMAoGA1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQD +DAN0NzMwEqQQMA4xDDAKBgNVBAMMA3Q3NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKk +EDAOMQwwCgYDVQQDDAN0NzYwEqQQMA4xDDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoG +A1UEAwwDdDc4MBKkEDAOMQwwCgYDVQQDDAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4 +MDASpBAwDjEMMAoGA1UEAwwDdDgxMBKkEDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4x +DDAKBgNVBAMMA3Q4MzASpBAwDjEMMAoGA1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQD +DAN0ODUwEqQQMA4xDDAKBgNVBAMMA3Q4NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKk +EDAOMQwwCgYDVQQDDAN0ODgwEqQQMA4xDDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoG +A1UEAwwDdDkwMBKkEDAOMQwwCgYDVQQDDAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5 +MjASpBAwDjEMMAoGA1UEAwwDdDkzMBKkEDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4x +DDAKBgNVBAMMA3Q5NTASpBAwDjEMMAoGA1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQD +DAN0OTcwEqQQMA4xDDAKBgNVBAMMA3Q5ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOk +ETAPMQ0wCwYDVQQDDAR0MTAwMBOkETAPMQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0w +CwYDVQQDDAR0MTAyMBOkETAPMQ0wCwYDVQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQD +DAR0MTA0MBOkETAPMQ0wCwYDVQQDDAR0MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2 +MBOkETAPMQ0wCwYDVQQDDAR0MTA3MBOkETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAP +MQ0wCwYDVQQDDAR0MTA5MBOkETAPMQ0wCwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYD +VQQDDAR0MTExMBOkETAPMQ0wCwYDVQQDDAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0 +MTEzMBOkETAPMQ0wCwYDVQQDDAR0MTE0MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOk +ETAPMQ0wCwYDVQQDDAR0MTE2MBOkETAPMQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0w +CwYDVQQDDAR0MTE4MBOkETAPMQ0wCwYDVQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQD +DAR0MTIwMBOkETAPMQ0wCwYDVQQDDAR0MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIy +MBOkETAPMQ0wCwYDVQQDDAR0MTIzMBOkETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAP +MQ0wCwYDVQQDDAR0MTI1MBOkETAPMQ0wCwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYD +VQQDDAR0MTI3MBOkETAPMQ0wCwYDVQQDDAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0 +MTI5MBOkETAPMQ0wCwYDVQQDDAR0MTMwMBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOk +ETAPMQ0wCwYDVQQDDAR0MTMyMBOkETAPMQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0w +CwYDVQQDDAR0MTM0MBOkETAPMQ0wCwYDVQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQD +DAR0MTM2MBOkETAPMQ0wCwYDVQQDDAR0MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4 +MBOkETAPMQ0wCwYDVQQDDAR0MTM5MBOkETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAP +MQ0wCwYDVQQDDAR0MTQxMBOkETAPMQ0wCwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYD +VQQDDAR0MTQzMBOkETAPMQ0wCwYDVQQDDAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR0MTQ2MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0MTQ4MBOkETAPMQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0w +CwYDVQQDDAR0MTUwMBOkETAPMQ0wCwYDVQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQD +DAR0MTUyMBOkETAPMQ0wCwYDVQQDDAR0MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0 +MBOkETAPMQ0wCwYDVQQDDAR0MTU1MBOkETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAP +MQ0wCwYDVQQDDAR0MTU3MBOkETAPMQ0wCwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYD +VQQDDAR0MTU5MBOkETAPMQ0wCwYDVQQDDAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0 +MTYxMBOkETAPMQ0wCwYDVQQDDAR0MTYyMBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOk +ETAPMQ0wCwYDVQQDDAR0MTY0MBOkETAPMQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0w +CwYDVQQDDAR0MTY2MBOkETAPMQ0wCwYDVQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQD +DAR0MTY4MBOkETAPMQ0wCwYDVQQDDAR0MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcw +MBOkETAPMQ0wCwYDVQQDDAR0MTcxMBOkETAPMQ0wCwYDVQQDDAR0MTcyMBOkETAP +MQ0wCwYDVQQDDAR0MTczMBOkETAPMQ0wCwYDVQQDDAR0MTc0MBOkETAPMQ0wCwYD +VQQDDAR0MTc1MBOkETAPMQ0wCwYDVQQDDAR0MTc2MBOkETAPMQ0wCwYDVQQDDAR0 +MTc3MBOkETAPMQ0wCwYDVQQDDAR0MTc4MBOkETAPMQ0wCwYDVQQDDAR0MTc5MBOk +ETAPMQ0wCwYDVQQDDAR0MTgwMBOkETAPMQ0wCwYDVQQDDAR0MTgxMBOkETAPMQ0w +CwYDVQQDDAR0MTgyMBOkETAPMQ0wCwYDVQQDDAR0MTgzMBOkETAPMQ0wCwYDVQQD +DAR0MTg0MBOkETAPMQ0wCwYDVQQDDAR0MTg1MBOkETAPMQ0wCwYDVQQDDAR0MTg2 +MBOkETAPMQ0wCwYDVQQDDAR0MTg3MBOkETAPMQ0wCwYDVQQDDAR0MTg4MBOkETAP +MQ0wCwYDVQQDDAR0MTg5MBOkETAPMQ0wCwYDVQQDDAR0MTkwMBOkETAPMQ0wCwYD +VQQDDAR0MTkxMBOkETAPMQ0wCwYDVQQDDAR0MTkyMBOkETAPMQ0wCwYDVQQDDAR0 +MTkzMBOkETAPMQ0wCwYDVQQDDAR0MTk0MBOkETAPMQ0wCwYDVQQDDAR0MTk1MBOk +ETAPMQ0wCwYDVQQDDAR0MTk2MBOkETAPMQ0wCwYDVQQDDAR0MTk3MBOkETAPMQ0w +CwYDVQQDDAR0MTk4MBOkETAPMQ0wCwYDVQQDDAR0MTk5MBOkETAPMQ0wCwYDVQQD +DAR0MjAwMBOkETAPMQ0wCwYDVQQDDAR0MjAxMBOkETAPMQ0wCwYDVQQDDAR0MjAy +MBOkETAPMQ0wCwYDVQQDDAR0MjAzMBOkETAPMQ0wCwYDVQQDDAR0MjA0MBOkETAP +MQ0wCwYDVQQDDAR0MjA1MBOkETAPMQ0wCwYDVQQDDAR0MjA2MBOkETAPMQ0wCwYD +VQQDDAR0MjA3MBOkETAPMQ0wCwYDVQQDDAR0MjA4MBOkETAPMQ0wCwYDVQQDDAR0 +MjA5MBOkETAPMQ0wCwYDVQQDDAR0MjEwMBOkETAPMQ0wCwYDVQQDDAR0MjExMBOk +ETAPMQ0wCwYDVQQDDAR0MjEyMBOkETAPMQ0wCwYDVQQDDAR0MjEzMBOkETAPMQ0w +CwYDVQQDDAR0MjE0MBOkETAPMQ0wCwYDVQQDDAR0MjE1MBOkETAPMQ0wCwYDVQQD +DAR0MjE2MBOkETAPMQ0wCwYDVQQDDAR0MjE3MBOkETAPMQ0wCwYDVQQDDAR0MjE4 +MBOkETAPMQ0wCwYDVQQDDAR0MjE5MBOkETAPMQ0wCwYDVQQDDAR0MjIwMBOkETAP +MQ0wCwYDVQQDDAR0MjIxMBOkETAPMQ0wCwYDVQQDDAR0MjIyMBOkETAPMQ0wCwYD +VQQDDAR0MjIzMBOkETAPMQ0wCwYDVQQDDAR0MjI0MBOkETAPMQ0wCwYDVQQDDAR0 +MjI1MBOkETAPMQ0wCwYDVQQDDAR0MjI2MBOkETAPMQ0wCwYDVQQDDAR0MjI3MBOk +ETAPMQ0wCwYDVQQDDAR0MjI4MBOkETAPMQ0wCwYDVQQDDAR0MjI5MBOkETAPMQ0w +CwYDVQQDDAR0MjMwMBOkETAPMQ0wCwYDVQQDDAR0MjMxMBOkETAPMQ0wCwYDVQQD +DAR0MjMyMBOkETAPMQ0wCwYDVQQDDAR0MjMzMBOkETAPMQ0wCwYDVQQDDAR0MjM0 +MBOkETAPMQ0wCwYDVQQDDAR0MjM1MBOkETAPMQ0wCwYDVQQDDAR0MjM2MBOkETAP +MQ0wCwYDVQQDDAR0MjM3MBOkETAPMQ0wCwYDVQQDDAR0MjM4MBOkETAPMQ0wCwYD +VQQDDAR0MjM5MBOkETAPMQ0wCwYDVQQDDAR0MjQwMBOkETAPMQ0wCwYDVQQDDAR0 +MjQxMBOkETAPMQ0wCwYDVQQDDAR0MjQyMBOkETAPMQ0wCwYDVQQDDAR0MjQzMBOk +ETAPMQ0wCwYDVQQDDAR0MjQ0MBOkETAPMQ0wCwYDVQQDDAR0MjQ1MBOkETAPMQ0w +CwYDVQQDDAR0MjQ2MBOkETAPMQ0wCwYDVQQDDAR0MjQ3MBOkETAPMQ0wCwYDVQQD +DAR0MjQ4MBOkETAPMQ0wCwYDVQQDDAR0MjQ5MBOkETAPMQ0wCwYDVQQDDAR0MjUw +MBOkETAPMQ0wCwYDVQQDDAR0MjUxMBOkETAPMQ0wCwYDVQQDDAR0MjUyMBOkETAP +MQ0wCwYDVQQDDAR0MjUzMBOkETAPMQ0wCwYDVQQDDAR0MjU0MBOkETAPMQ0wCwYD +VQQDDAR0MjU1MBOkETAPMQ0wCwYDVQQDDAR0MjU2MBOkETAPMQ0wCwYDVQQDDAR0 +MjU3MBOkETAPMQ0wCwYDVQQDDAR0MjU4MBOkETAPMQ0wCwYDVQQDDAR0MjU5MBOk +ETAPMQ0wCwYDVQQDDAR0MjYwMBOkETAPMQ0wCwYDVQQDDAR0MjYxMBOkETAPMQ0w +CwYDVQQDDAR0MjYyMBOkETAPMQ0wCwYDVQQDDAR0MjYzMBOkETAPMQ0wCwYDVQQD +DAR0MjY0MBOkETAPMQ0wCwYDVQQDDAR0MjY1MBOkETAPMQ0wCwYDVQQDDAR0MjY2 +MBOkETAPMQ0wCwYDVQQDDAR0MjY3MBOkETAPMQ0wCwYDVQQDDAR0MjY4MBOkETAP +MQ0wCwYDVQQDDAR0MjY5MBOkETAPMQ0wCwYDVQQDDAR0MjcwMBOkETAPMQ0wCwYD +VQQDDAR0MjcxMBOkETAPMQ0wCwYDVQQDDAR0MjcyMBOkETAPMQ0wCwYDVQQDDAR0 +MjczMBOkETAPMQ0wCwYDVQQDDAR0Mjc0MBOkETAPMQ0wCwYDVQQDDAR0Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR0Mjc2MBOkETAPMQ0wCwYDVQQDDAR0Mjc3MBOkETAPMQ0w +CwYDVQQDDAR0Mjc4MBOkETAPMQ0wCwYDVQQDDAR0Mjc5MBOkETAPMQ0wCwYDVQQD +DAR0MjgwMBOkETAPMQ0wCwYDVQQDDAR0MjgxMBOkETAPMQ0wCwYDVQQDDAR0Mjgy +MBOkETAPMQ0wCwYDVQQDDAR0MjgzMBOkETAPMQ0wCwYDVQQDDAR0Mjg0MBOkETAP +MQ0wCwYDVQQDDAR0Mjg1MBOkETAPMQ0wCwYDVQQDDAR0Mjg2MBOkETAPMQ0wCwYD +VQQDDAR0Mjg3MBOkETAPMQ0wCwYDVQQDDAR0Mjg4MBOkETAPMQ0wCwYDVQQDDAR0 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR0MjkwMBOkETAPMQ0wCwYDVQQDDAR0MjkxMBOk +ETAPMQ0wCwYDVQQDDAR0MjkyMBOkETAPMQ0wCwYDVQQDDAR0MjkzMBOkETAPMQ0w +CwYDVQQDDAR0Mjk0MBOkETAPMQ0wCwYDVQQDDAR0Mjk1MBOkETAPMQ0wCwYDVQQD +DAR0Mjk2MBOkETAPMQ0wCwYDVQQDDAR0Mjk3MBOkETAPMQ0wCwYDVQQDDAR0Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR0Mjk5MBOkETAPMQ0wCwYDVQQDDAR0MzAwMBOkETAP +MQ0wCwYDVQQDDAR0MzAxMBOkETAPMQ0wCwYDVQQDDAR0MzAyMBOkETAPMQ0wCwYD +VQQDDAR0MzAzMBOkETAPMQ0wCwYDVQQDDAR0MzA0MBOkETAPMQ0wCwYDVQQDDAR0 +MzA1MBOkETAPMQ0wCwYDVQQDDAR0MzA2MBOkETAPMQ0wCwYDVQQDDAR0MzA3MBOk +ETAPMQ0wCwYDVQQDDAR0MzA4MBOkETAPMQ0wCwYDVQQDDAR0MzA5MBOkETAPMQ0w +CwYDVQQDDAR0MzEwMBOkETAPMQ0wCwYDVQQDDAR0MzExMBOkETAPMQ0wCwYDVQQD +DAR0MzEyMBOkETAPMQ0wCwYDVQQDDAR0MzEzMBOkETAPMQ0wCwYDVQQDDAR0MzE0 +MBOkETAPMQ0wCwYDVQQDDAR0MzE1MBOkETAPMQ0wCwYDVQQDDAR0MzE2MBOkETAP +MQ0wCwYDVQQDDAR0MzE3MBOkETAPMQ0wCwYDVQQDDAR0MzE4MBOkETAPMQ0wCwYD +VQQDDAR0MzE5MBOkETAPMQ0wCwYDVQQDDAR0MzIwMBOkETAPMQ0wCwYDVQQDDAR0 +MzIxMBOkETAPMQ0wCwYDVQQDDAR0MzIyMBOkETAPMQ0wCwYDVQQDDAR0MzIzMBOk +ETAPMQ0wCwYDVQQDDAR0MzI0MBOkETAPMQ0wCwYDVQQDDAR0MzI1MBOkETAPMQ0w +CwYDVQQDDAR0MzI2MBOkETAPMQ0wCwYDVQQDDAR0MzI3MBOkETAPMQ0wCwYDVQQD +DAR0MzI4MBOkETAPMQ0wCwYDVQQDDAR0MzI5MBOkETAPMQ0wCwYDVQQDDAR0MzMw +MBOkETAPMQ0wCwYDVQQDDAR0MzMxMBOkETAPMQ0wCwYDVQQDDAR0MzMyMBOkETAP +MQ0wCwYDVQQDDAR0MzMzMBOkETAPMQ0wCwYDVQQDDAR0MzM0MBOkETAPMQ0wCwYD +VQQDDAR0MzM1MBOkETAPMQ0wCwYDVQQDDAR0MzM2MBOkETAPMQ0wCwYDVQQDDAR0 +MzM3MBOkETAPMQ0wCwYDVQQDDAR0MzM4MBOkETAPMQ0wCwYDVQQDDAR0MzM5MBOk +ETAPMQ0wCwYDVQQDDAR0MzQwMBOkETAPMQ0wCwYDVQQDDAR0MzQxMBOkETAPMQ0w +CwYDVQQDDAR0MzQyMBOkETAPMQ0wCwYDVQQDDAR0MzQzMBOkETAPMQ0wCwYDVQQD +DAR0MzQ0MBOkETAPMQ0wCwYDVQQDDAR0MzQ1MBOkETAPMQ0wCwYDVQQDDAR0MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0MzQ3MBOkETAPMQ0wCwYDVQQDDAR0MzQ4MBOkETAP +MQ0wCwYDVQQDDAR0MzQ5MBOkETAPMQ0wCwYDVQQDDAR0MzUwMBOkETAPMQ0wCwYD +VQQDDAR0MzUxMBOkETAPMQ0wCwYDVQQDDAR0MzUyMBOkETAPMQ0wCwYDVQQDDAR0 +MzUzMBOkETAPMQ0wCwYDVQQDDAR0MzU0MBOkETAPMQ0wCwYDVQQDDAR0MzU1MBOk +ETAPMQ0wCwYDVQQDDAR0MzU2MBOkETAPMQ0wCwYDVQQDDAR0MzU3MBOkETAPMQ0w +CwYDVQQDDAR0MzU4MBOkETAPMQ0wCwYDVQQDDAR0MzU5MBOkETAPMQ0wCwYDVQQD +DAR0MzYwMBOkETAPMQ0wCwYDVQQDDAR0MzYxMBOkETAPMQ0wCwYDVQQDDAR0MzYy +MBOkETAPMQ0wCwYDVQQDDAR0MzYzMBOkETAPMQ0wCwYDVQQDDAR0MzY0MBOkETAP +MQ0wCwYDVQQDDAR0MzY1MBOkETAPMQ0wCwYDVQQDDAR0MzY2MBOkETAPMQ0wCwYD +VQQDDAR0MzY3MBOkETAPMQ0wCwYDVQQDDAR0MzY4MBOkETAPMQ0wCwYDVQQDDAR0 +MzY5MBOkETAPMQ0wCwYDVQQDDAR0MzcwMBOkETAPMQ0wCwYDVQQDDAR0MzcxMBOk +ETAPMQ0wCwYDVQQDDAR0MzcyMBOkETAPMQ0wCwYDVQQDDAR0MzczMBOkETAPMQ0w +CwYDVQQDDAR0Mzc0MBOkETAPMQ0wCwYDVQQDDAR0Mzc1MBOkETAPMQ0wCwYDVQQD +DAR0Mzc2MBOkETAPMQ0wCwYDVQQDDAR0Mzc3MBOkETAPMQ0wCwYDVQQDDAR0Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Mzc5MBOkETAPMQ0wCwYDVQQDDAR0MzgwMBOkETAP +MQ0wCwYDVQQDDAR0MzgxMBOkETAPMQ0wCwYDVQQDDAR0MzgyMBOkETAPMQ0wCwYD +VQQDDAR0MzgzMBOkETAPMQ0wCwYDVQQDDAR0Mzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR0Mzg2MBOkETAPMQ0wCwYDVQQDDAR0Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Mzg4MBOkETAPMQ0wCwYDVQQDDAR0Mzg5MBOkETAPMQ0w +CwYDVQQDDAR0MzkwMBOkETAPMQ0wCwYDVQQDDAR0MzkxMBOkETAPMQ0wCwYDVQQD +DAR0MzkyMBOkETAPMQ0wCwYDVQQDDAR0MzkzMBOkETAPMQ0wCwYDVQQDDAR0Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Mzk1MBOkETAPMQ0wCwYDVQQDDAR0Mzk2MBOkETAP +MQ0wCwYDVQQDDAR0Mzk3MBOkETAPMQ0wCwYDVQQDDAR0Mzk4MBOkETAPMQ0wCwYD +VQQDDAR0Mzk5MBOkETAPMQ0wCwYDVQQDDAR0NDAwMBOkETAPMQ0wCwYDVQQDDAR0 +NDAxMBOkETAPMQ0wCwYDVQQDDAR0NDAyMBOkETAPMQ0wCwYDVQQDDAR0NDAzMBOk +ETAPMQ0wCwYDVQQDDAR0NDA0MBOkETAPMQ0wCwYDVQQDDAR0NDA1MBOkETAPMQ0w +CwYDVQQDDAR0NDA2MBOkETAPMQ0wCwYDVQQDDAR0NDA3MBOkETAPMQ0wCwYDVQQD +DAR0NDA4MBOkETAPMQ0wCwYDVQQDDAR0NDA5MBOkETAPMQ0wCwYDVQQDDAR0NDEw +MBOkETAPMQ0wCwYDVQQDDAR0NDExMBOkETAPMQ0wCwYDVQQDDAR0NDEyMBOkETAP +MQ0wCwYDVQQDDAR0NDEzMBOkETAPMQ0wCwYDVQQDDAR0NDE0MBOkETAPMQ0wCwYD +VQQDDAR0NDE1MBOkETAPMQ0wCwYDVQQDDAR0NDE2MBOkETAPMQ0wCwYDVQQDDAR0 +NDE3MBOkETAPMQ0wCwYDVQQDDAR0NDE4MBOkETAPMQ0wCwYDVQQDDAR0NDE5MBOk +ETAPMQ0wCwYDVQQDDAR0NDIwMBOkETAPMQ0wCwYDVQQDDAR0NDIxMBOkETAPMQ0w +CwYDVQQDDAR0NDIyMBOkETAPMQ0wCwYDVQQDDAR0NDIzMBOkETAPMQ0wCwYDVQQD +DAR0NDI0MBOkETAPMQ0wCwYDVQQDDAR0NDI1MBOkETAPMQ0wCwYDVQQDDAR0NDI2 +MBOkETAPMQ0wCwYDVQQDDAR0NDI3MBOkETAPMQ0wCwYDVQQDDAR0NDI4MBOkETAP +MQ0wCwYDVQQDDAR0NDI5MBOkETAPMQ0wCwYDVQQDDAR0NDMwMBOkETAPMQ0wCwYD +VQQDDAR0NDMxMBOkETAPMQ0wCwYDVQQDDAR0NDMyMBOkETAPMQ0wCwYDVQQDDAR0 +NDMzMBOkETAPMQ0wCwYDVQQDDAR0NDM0MBOkETAPMQ0wCwYDVQQDDAR0NDM1MBOk +ETAPMQ0wCwYDVQQDDAR0NDM2MBOkETAPMQ0wCwYDVQQDDAR0NDM3MBOkETAPMQ0w +CwYDVQQDDAR0NDM4MBOkETAPMQ0wCwYDVQQDDAR0NDM5MBOkETAPMQ0wCwYDVQQD +DAR0NDQwMBOkETAPMQ0wCwYDVQQDDAR0NDQxMBOkETAPMQ0wCwYDVQQDDAR0NDQy +MBOkETAPMQ0wCwYDVQQDDAR0NDQzMBOkETAPMQ0wCwYDVQQDDAR0NDQ0MBOkETAP +MQ0wCwYDVQQDDAR0NDQ1MBOkETAPMQ0wCwYDVQQDDAR0NDQ2MBOkETAPMQ0wCwYD +VQQDDAR0NDQ3MBOkETAPMQ0wCwYDVQQDDAR0NDQ4MBOkETAPMQ0wCwYDVQQDDAR0 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR0NDUwMBOkETAPMQ0wCwYDVQQDDAR0NDUxMBOk +ETAPMQ0wCwYDVQQDDAR0NDUyMBOkETAPMQ0wCwYDVQQDDAR0NDUzMBOkETAPMQ0w +CwYDVQQDDAR0NDU0MBOkETAPMQ0wCwYDVQQDDAR0NDU1MBOkETAPMQ0wCwYDVQQD +DAR0NDU2MBOkETAPMQ0wCwYDVQQDDAR0NDU3MBOkETAPMQ0wCwYDVQQDDAR0NDU4 +MBOkETAPMQ0wCwYDVQQDDAR0NDU5MBOkETAPMQ0wCwYDVQQDDAR0NDYwMBOkETAP +MQ0wCwYDVQQDDAR0NDYxMBOkETAPMQ0wCwYDVQQDDAR0NDYyMBOkETAPMQ0wCwYD +VQQDDAR0NDYzMBOkETAPMQ0wCwYDVQQDDAR0NDY0MBOkETAPMQ0wCwYDVQQDDAR0 +NDY1MBOkETAPMQ0wCwYDVQQDDAR0NDY2MBOkETAPMQ0wCwYDVQQDDAR0NDY3MBOk +ETAPMQ0wCwYDVQQDDAR0NDY4MBOkETAPMQ0wCwYDVQQDDAR0NDY5MBOkETAPMQ0w +CwYDVQQDDAR0NDcwMBOkETAPMQ0wCwYDVQQDDAR0NDcxMBOkETAPMQ0wCwYDVQQD +DAR0NDcyMBOkETAPMQ0wCwYDVQQDDAR0NDczMBOkETAPMQ0wCwYDVQQDDAR0NDc0 +MBOkETAPMQ0wCwYDVQQDDAR0NDc1MBOkETAPMQ0wCwYDVQQDDAR0NDc2MBOkETAP +MQ0wCwYDVQQDDAR0NDc3MBOkETAPMQ0wCwYDVQQDDAR0NDc4MBOkETAPMQ0wCwYD +VQQDDAR0NDc5MBOkETAPMQ0wCwYDVQQDDAR0NDgwMBOkETAPMQ0wCwYDVQQDDAR0 +NDgxMBOkETAPMQ0wCwYDVQQDDAR0NDgyMBOkETAPMQ0wCwYDVQQDDAR0NDgzMBOk +ETAPMQ0wCwYDVQQDDAR0NDg0MBOkETAPMQ0wCwYDVQQDDAR0NDg1MBOkETAPMQ0w +CwYDVQQDDAR0NDg2MBOkETAPMQ0wCwYDVQQDDAR0NDg3MBOkETAPMQ0wCwYDVQQD +DAR0NDg4MBOkETAPMQ0wCwYDVQQDDAR0NDg5MBOkETAPMQ0wCwYDVQQDDAR0NDkw +MBOkETAPMQ0wCwYDVQQDDAR0NDkxMBOkETAPMQ0wCwYDVQQDDAR0NDkyMBOkETAP +MQ0wCwYDVQQDDAR0NDkzMBOkETAPMQ0wCwYDVQQDDAR0NDk0MBOkETAPMQ0wCwYD +VQQDDAR0NDk1MBOkETAPMQ0wCwYDVQQDDAR0NDk2MBOkETAPMQ0wCwYDVQQDDAR0 +NDk3MBOkETAPMQ0wCwYDVQQDDAR0NDk4MBOkETAPMQ0wCwYDVQQDDAR0NDk5MBOk +ETAPMQ0wCwYDVQQDDAR0NTAwMBOkETAPMQ0wCwYDVQQDDAR0NTAxMBOkETAPMQ0w +CwYDVQQDDAR0NTAyMBOkETAPMQ0wCwYDVQQDDAR0NTAzMBOkETAPMQ0wCwYDVQQD +DAR0NTA0MBOkETAPMQ0wCwYDVQQDDAR0NTA1MBOkETAPMQ0wCwYDVQQDDAR0NTA2 +MBOkETAPMQ0wCwYDVQQDDAR0NTA3MBOkETAPMQ0wCwYDVQQDDAR0NTA4MBOkETAP +MQ0wCwYDVQQDDAR0NTA5MBOkETAPMQ0wCwYDVQQDDAR0NTEwMBOkETAPMQ0wCwYD +VQQDDAR0NTExMBOkETAPMQ0wCwYDVQQDDAR0NTEyMBOkETAPMQ0wCwYDVQQDDAR0 +NTEzMBOkETAPMQ0wCwYDVQQDDAR0NTE0MBOkETAPMQ0wCwYDVQQDDAR0NTE1MBOk +ETAPMQ0wCwYDVQQDDAR0NTE2MBOkETAPMQ0wCwYDVQQDDAR0NTE3MBOkETAPMQ0w +CwYDVQQDDAR0NTE4MBOkETAPMQ0wCwYDVQQDDAR0NTE5MBOkETAPMQ0wCwYDVQQD +DAR0NTIwMBOkETAPMQ0wCwYDVQQDDAR0NTIxMBOkETAPMQ0wCwYDVQQDDAR0NTIy +MBOkETAPMQ0wCwYDVQQDDAR0NTIzMBOkETAPMQ0wCwYDVQQDDAR0NTI0MBOkETAP +MQ0wCwYDVQQDDAR0NTI1MBOkETAPMQ0wCwYDVQQDDAR0NTI2MBOkETAPMQ0wCwYD +VQQDDAR0NTI3MBOkETAPMQ0wCwYDVQQDDAR0NTI4MBOkETAPMQ0wCwYDVQQDDAR0 +NTI5MBOkETAPMQ0wCwYDVQQDDAR0NTMwMBOkETAPMQ0wCwYDVQQDDAR0NTMxMBOk +ETAPMQ0wCwYDVQQDDAR0NTMyMBOkETAPMQ0wCwYDVQQDDAR0NTMzMBOkETAPMQ0w +CwYDVQQDDAR0NTM0MBOkETAPMQ0wCwYDVQQDDAR0NTM1MBOkETAPMQ0wCwYDVQQD +DAR0NTM2MBOkETAPMQ0wCwYDVQQDDAR0NTM3MBOkETAPMQ0wCwYDVQQDDAR0NTM4 +MBOkETAPMQ0wCwYDVQQDDAR0NTM5MBOkETAPMQ0wCwYDVQQDDAR0NTQwMBOkETAP +MQ0wCwYDVQQDDAR0NTQxMBOkETAPMQ0wCwYDVQQDDAR0NTQyMBOkETAPMQ0wCwYD +VQQDDAR0NTQzMBOkETAPMQ0wCwYDVQQDDAR0NTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR0NTQ2MBOkETAPMQ0wCwYDVQQDDAR0NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0NTQ4MBOkETAPMQ0wCwYDVQQDDAR0NTQ5MBOkETAPMQ0w +CwYDVQQDDAR0NTUwMBOkETAPMQ0wCwYDVQQDDAR0NTUxMBOkETAPMQ0wCwYDVQQD +DAR0NTUyMBOkETAPMQ0wCwYDVQQDDAR0NTUzMBOkETAPMQ0wCwYDVQQDDAR0NTU0 +MBOkETAPMQ0wCwYDVQQDDAR0NTU1MBOkETAPMQ0wCwYDVQQDDAR0NTU2MBOkETAP +MQ0wCwYDVQQDDAR0NTU3MBOkETAPMQ0wCwYDVQQDDAR0NTU4MBOkETAPMQ0wCwYD +VQQDDAR0NTU5MBOkETAPMQ0wCwYDVQQDDAR0NTYwMBOkETAPMQ0wCwYDVQQDDAR0 +NTYxMBOkETAPMQ0wCwYDVQQDDAR0NTYyMBOkETAPMQ0wCwYDVQQDDAR0NTYzMBOk +ETAPMQ0wCwYDVQQDDAR0NTY0MBOkETAPMQ0wCwYDVQQDDAR0NTY1MBOkETAPMQ0w +CwYDVQQDDAR0NTY2MBOkETAPMQ0wCwYDVQQDDAR0NTY3MBOkETAPMQ0wCwYDVQQD +DAR0NTY4MBOkETAPMQ0wCwYDVQQDDAR0NTY5MBOkETAPMQ0wCwYDVQQDDAR0NTcw +MBOkETAPMQ0wCwYDVQQDDAR0NTcxMBOkETAPMQ0wCwYDVQQDDAR0NTcyMBOkETAP +MQ0wCwYDVQQDDAR0NTczMBOkETAPMQ0wCwYDVQQDDAR0NTc0MBOkETAPMQ0wCwYD +VQQDDAR0NTc1MBOkETAPMQ0wCwYDVQQDDAR0NTc2MBOkETAPMQ0wCwYDVQQDDAR0 +NTc3MBOkETAPMQ0wCwYDVQQDDAR0NTc4MBOkETAPMQ0wCwYDVQQDDAR0NTc5MBOk +ETAPMQ0wCwYDVQQDDAR0NTgwMBOkETAPMQ0wCwYDVQQDDAR0NTgxMBOkETAPMQ0w +CwYDVQQDDAR0NTgyMBOkETAPMQ0wCwYDVQQDDAR0NTgzMBOkETAPMQ0wCwYDVQQD +DAR0NTg0MBOkETAPMQ0wCwYDVQQDDAR0NTg1MBOkETAPMQ0wCwYDVQQDDAR0NTg2 +MBOkETAPMQ0wCwYDVQQDDAR0NTg3MBOkETAPMQ0wCwYDVQQDDAR0NTg4MBOkETAP +MQ0wCwYDVQQDDAR0NTg5MBOkETAPMQ0wCwYDVQQDDAR0NTkwMBOkETAPMQ0wCwYD +VQQDDAR0NTkxMBOkETAPMQ0wCwYDVQQDDAR0NTkyMBOkETAPMQ0wCwYDVQQDDAR0 +NTkzMBOkETAPMQ0wCwYDVQQDDAR0NTk0MBOkETAPMQ0wCwYDVQQDDAR0NTk1MBOk +ETAPMQ0wCwYDVQQDDAR0NTk2MBOkETAPMQ0wCwYDVQQDDAR0NTk3MBOkETAPMQ0w +CwYDVQQDDAR0NTk4MBOkETAPMQ0wCwYDVQQDDAR0NTk5MBOkETAPMQ0wCwYDVQQD +DAR0NjAwMBOkETAPMQ0wCwYDVQQDDAR0NjAxMBOkETAPMQ0wCwYDVQQDDAR0NjAy +MBOkETAPMQ0wCwYDVQQDDAR0NjAzMBOkETAPMQ0wCwYDVQQDDAR0NjA0MBOkETAP +MQ0wCwYDVQQDDAR0NjA1MBOkETAPMQ0wCwYDVQQDDAR0NjA2MBOkETAPMQ0wCwYD +VQQDDAR0NjA3MBOkETAPMQ0wCwYDVQQDDAR0NjA4MBOkETAPMQ0wCwYDVQQDDAR0 +NjA5MBOkETAPMQ0wCwYDVQQDDAR0NjEwMBOkETAPMQ0wCwYDVQQDDAR0NjExMBOk +ETAPMQ0wCwYDVQQDDAR0NjEyMBOkETAPMQ0wCwYDVQQDDAR0NjEzMBOkETAPMQ0w +CwYDVQQDDAR0NjE0MBOkETAPMQ0wCwYDVQQDDAR0NjE1MBOkETAPMQ0wCwYDVQQD +DAR0NjE2MBOkETAPMQ0wCwYDVQQDDAR0NjE3MBOkETAPMQ0wCwYDVQQDDAR0NjE4 +MBOkETAPMQ0wCwYDVQQDDAR0NjE5MBOkETAPMQ0wCwYDVQQDDAR0NjIwMBOkETAP +MQ0wCwYDVQQDDAR0NjIxMBOkETAPMQ0wCwYDVQQDDAR0NjIyMBOkETAPMQ0wCwYD +VQQDDAR0NjIzMBOkETAPMQ0wCwYDVQQDDAR0NjI0MBOkETAPMQ0wCwYDVQQDDAR0 +NjI1MBOkETAPMQ0wCwYDVQQDDAR0NjI2MBOkETAPMQ0wCwYDVQQDDAR0NjI3MBOk +ETAPMQ0wCwYDVQQDDAR0NjI4MBOkETAPMQ0wCwYDVQQDDAR0NjI5MBOkETAPMQ0w +CwYDVQQDDAR0NjMwMBOkETAPMQ0wCwYDVQQDDAR0NjMxMBOkETAPMQ0wCwYDVQQD +DAR0NjMyMBOkETAPMQ0wCwYDVQQDDAR0NjMzMBOkETAPMQ0wCwYDVQQDDAR0NjM0 +MBOkETAPMQ0wCwYDVQQDDAR0NjM1MBOkETAPMQ0wCwYDVQQDDAR0NjM2MBOkETAP +MQ0wCwYDVQQDDAR0NjM3MBOkETAPMQ0wCwYDVQQDDAR0NjM4MBOkETAPMQ0wCwYD +VQQDDAR0NjM5MBOkETAPMQ0wCwYDVQQDDAR0NjQwMBOkETAPMQ0wCwYDVQQDDAR0 +NjQxMBOkETAPMQ0wCwYDVQQDDAR0NjQyMBOkETAPMQ0wCwYDVQQDDAR0NjQzMBOk +ETAPMQ0wCwYDVQQDDAR0NjQ0MBOkETAPMQ0wCwYDVQQDDAR0NjQ1MBOkETAPMQ0w +CwYDVQQDDAR0NjQ2MBOkETAPMQ0wCwYDVQQDDAR0NjQ3MBOkETAPMQ0wCwYDVQQD +DAR0NjQ4MBOkETAPMQ0wCwYDVQQDDAR0NjQ5MBOkETAPMQ0wCwYDVQQDDAR0NjUw +MBOkETAPMQ0wCwYDVQQDDAR0NjUxMBOkETAPMQ0wCwYDVQQDDAR0NjUyMBOkETAP +MQ0wCwYDVQQDDAR0NjUzMBOkETAPMQ0wCwYDVQQDDAR0NjU0MBOkETAPMQ0wCwYD +VQQDDAR0NjU1MBOkETAPMQ0wCwYDVQQDDAR0NjU2MBOkETAPMQ0wCwYDVQQDDAR0 +NjU3MBOkETAPMQ0wCwYDVQQDDAR0NjU4MBOkETAPMQ0wCwYDVQQDDAR0NjU5MBOk +ETAPMQ0wCwYDVQQDDAR0NjYwMBOkETAPMQ0wCwYDVQQDDAR0NjYxMBOkETAPMQ0w +CwYDVQQDDAR0NjYyMBOkETAPMQ0wCwYDVQQDDAR0NjYzMBOkETAPMQ0wCwYDVQQD +DAR0NjY0MBOkETAPMQ0wCwYDVQQDDAR0NjY1MBOkETAPMQ0wCwYDVQQDDAR0NjY2 +MBOkETAPMQ0wCwYDVQQDDAR0NjY3MBOkETAPMQ0wCwYDVQQDDAR0NjY4MBOkETAP +MQ0wCwYDVQQDDAR0NjY5MBOkETAPMQ0wCwYDVQQDDAR0NjcwMBOkETAPMQ0wCwYD +VQQDDAR0NjcxMBOkETAPMQ0wCwYDVQQDDAR0NjcyMBOkETAPMQ0wCwYDVQQDDAR0 +NjczMBOkETAPMQ0wCwYDVQQDDAR0Njc0MBOkETAPMQ0wCwYDVQQDDAR0Njc1MBOk +ETAPMQ0wCwYDVQQDDAR0Njc2MBOkETAPMQ0wCwYDVQQDDAR0Njc3MBOkETAPMQ0w +CwYDVQQDDAR0Njc4MBOkETAPMQ0wCwYDVQQDDAR0Njc5MBOkETAPMQ0wCwYDVQQD +DAR0NjgwMBOkETAPMQ0wCwYDVQQDDAR0NjgxMBOkETAPMQ0wCwYDVQQDDAR0Njgy +MBOkETAPMQ0wCwYDVQQDDAR0NjgzMBOkETAPMQ0wCwYDVQQDDAR0Njg0MBOkETAP +MQ0wCwYDVQQDDAR0Njg1MBOkETAPMQ0wCwYDVQQDDAR0Njg2MBOkETAPMQ0wCwYD +VQQDDAR0Njg3MBOkETAPMQ0wCwYDVQQDDAR0Njg4MBOkETAPMQ0wCwYDVQQDDAR0 +Njg5MBOkETAPMQ0wCwYDVQQDDAR0NjkwMBOkETAPMQ0wCwYDVQQDDAR0NjkxMBOk +ETAPMQ0wCwYDVQQDDAR0NjkyMBOkETAPMQ0wCwYDVQQDDAR0NjkzMBOkETAPMQ0w +CwYDVQQDDAR0Njk0MBOkETAPMQ0wCwYDVQQDDAR0Njk1MBOkETAPMQ0wCwYDVQQD +DAR0Njk2MBOkETAPMQ0wCwYDVQQDDAR0Njk3MBOkETAPMQ0wCwYDVQQDDAR0Njk4 +MBOkETAPMQ0wCwYDVQQDDAR0Njk5MBOkETAPMQ0wCwYDVQQDDAR0NzAwMBOkETAP +MQ0wCwYDVQQDDAR0NzAxMBOkETAPMQ0wCwYDVQQDDAR0NzAyMBOkETAPMQ0wCwYD +VQQDDAR0NzAzMBOkETAPMQ0wCwYDVQQDDAR0NzA0MBOkETAPMQ0wCwYDVQQDDAR0 +NzA1MBOkETAPMQ0wCwYDVQQDDAR0NzA2MBOkETAPMQ0wCwYDVQQDDAR0NzA3MBOk +ETAPMQ0wCwYDVQQDDAR0NzA4MBOkETAPMQ0wCwYDVQQDDAR0NzA5MBOkETAPMQ0w +CwYDVQQDDAR0NzEwMBOkETAPMQ0wCwYDVQQDDAR0NzExMBOkETAPMQ0wCwYDVQQD +DAR0NzEyMBOkETAPMQ0wCwYDVQQDDAR0NzEzMBOkETAPMQ0wCwYDVQQDDAR0NzE0 +MBOkETAPMQ0wCwYDVQQDDAR0NzE1MBOkETAPMQ0wCwYDVQQDDAR0NzE2MBOkETAP +MQ0wCwYDVQQDDAR0NzE3MBOkETAPMQ0wCwYDVQQDDAR0NzE4MBOkETAPMQ0wCwYD +VQQDDAR0NzE5MBOkETAPMQ0wCwYDVQQDDAR0NzIwMBOkETAPMQ0wCwYDVQQDDAR0 +NzIxMBOkETAPMQ0wCwYDVQQDDAR0NzIyMBOkETAPMQ0wCwYDVQQDDAR0NzIzMBOk +ETAPMQ0wCwYDVQQDDAR0NzI0MBOkETAPMQ0wCwYDVQQDDAR0NzI1MBOkETAPMQ0w +CwYDVQQDDAR0NzI2MBOkETAPMQ0wCwYDVQQDDAR0NzI3MBOkETAPMQ0wCwYDVQQD +DAR0NzI4MBOkETAPMQ0wCwYDVQQDDAR0NzI5MBOkETAPMQ0wCwYDVQQDDAR0NzMw +MBOkETAPMQ0wCwYDVQQDDAR0NzMxMBOkETAPMQ0wCwYDVQQDDAR0NzMyMBOkETAP +MQ0wCwYDVQQDDAR0NzMzMBOkETAPMQ0wCwYDVQQDDAR0NzM0MBOkETAPMQ0wCwYD +VQQDDAR0NzM1MBOkETAPMQ0wCwYDVQQDDAR0NzM2MBOkETAPMQ0wCwYDVQQDDAR0 +NzM3MBOkETAPMQ0wCwYDVQQDDAR0NzM4MBOkETAPMQ0wCwYDVQQDDAR0NzM5MBOk +ETAPMQ0wCwYDVQQDDAR0NzQwMBOkETAPMQ0wCwYDVQQDDAR0NzQxMBOkETAPMQ0w +CwYDVQQDDAR0NzQyMBOkETAPMQ0wCwYDVQQDDAR0NzQzMBOkETAPMQ0wCwYDVQQD +DAR0NzQ0MBOkETAPMQ0wCwYDVQQDDAR0NzQ1MBOkETAPMQ0wCwYDVQQDDAR0NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0NzQ3MBOkETAPMQ0wCwYDVQQDDAR0NzQ4MBOkETAP +MQ0wCwYDVQQDDAR0NzQ5MBOkETAPMQ0wCwYDVQQDDAR0NzUwMBOkETAPMQ0wCwYD +VQQDDAR0NzUxMBOkETAPMQ0wCwYDVQQDDAR0NzUyMBOkETAPMQ0wCwYDVQQDDAR0 +NzUzMBOkETAPMQ0wCwYDVQQDDAR0NzU0MBOkETAPMQ0wCwYDVQQDDAR0NzU1MBOk +ETAPMQ0wCwYDVQQDDAR0NzU2MBOkETAPMQ0wCwYDVQQDDAR0NzU3MBOkETAPMQ0w +CwYDVQQDDAR0NzU4MBOkETAPMQ0wCwYDVQQDDAR0NzU5MBOkETAPMQ0wCwYDVQQD +DAR0NzYwMBOkETAPMQ0wCwYDVQQDDAR0NzYxMBOkETAPMQ0wCwYDVQQDDAR0NzYy +MBOkETAPMQ0wCwYDVQQDDAR0NzYzMBOkETAPMQ0wCwYDVQQDDAR0NzY0MBOkETAP +MQ0wCwYDVQQDDAR0NzY1MBOkETAPMQ0wCwYDVQQDDAR0NzY2MBOkETAPMQ0wCwYD +VQQDDAR0NzY3MBOkETAPMQ0wCwYDVQQDDAR0NzY4MBOkETAPMQ0wCwYDVQQDDAR0 +NzY5MBOkETAPMQ0wCwYDVQQDDAR0NzcwMBOkETAPMQ0wCwYDVQQDDAR0NzcxMBOk +ETAPMQ0wCwYDVQQDDAR0NzcyMBOkETAPMQ0wCwYDVQQDDAR0NzczMBOkETAPMQ0w +CwYDVQQDDAR0Nzc0MBOkETAPMQ0wCwYDVQQDDAR0Nzc1MBOkETAPMQ0wCwYDVQQD +DAR0Nzc2MBOkETAPMQ0wCwYDVQQDDAR0Nzc3MBOkETAPMQ0wCwYDVQQDDAR0Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Nzc5MBOkETAPMQ0wCwYDVQQDDAR0NzgwMBOkETAP +MQ0wCwYDVQQDDAR0NzgxMBOkETAPMQ0wCwYDVQQDDAR0NzgyMBOkETAPMQ0wCwYD +VQQDDAR0NzgzMBOkETAPMQ0wCwYDVQQDDAR0Nzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR0Nzg2MBOkETAPMQ0wCwYDVQQDDAR0Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Nzg4MBOkETAPMQ0wCwYDVQQDDAR0Nzg5MBOkETAPMQ0w +CwYDVQQDDAR0NzkwMBOkETAPMQ0wCwYDVQQDDAR0NzkxMBOkETAPMQ0wCwYDVQQD +DAR0NzkyMBOkETAPMQ0wCwYDVQQDDAR0NzkzMBOkETAPMQ0wCwYDVQQDDAR0Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Nzk1MBOkETAPMQ0wCwYDVQQDDAR0Nzk2MBOkETAP +MQ0wCwYDVQQDDAR0Nzk3MBOkETAPMQ0wCwYDVQQDDAR0Nzk4MBOkETAPMQ0wCwYD +VQQDDAR0Nzk5MBOkETAPMQ0wCwYDVQQDDAR0ODAwMBOkETAPMQ0wCwYDVQQDDAR0 +ODAxMBOkETAPMQ0wCwYDVQQDDAR0ODAyMBOkETAPMQ0wCwYDVQQDDAR0ODAzMBOk +ETAPMQ0wCwYDVQQDDAR0ODA0MBOkETAPMQ0wCwYDVQQDDAR0ODA1MBOkETAPMQ0w +CwYDVQQDDAR0ODA2MBOkETAPMQ0wCwYDVQQDDAR0ODA3MBOkETAPMQ0wCwYDVQQD +DAR0ODA4MBOkETAPMQ0wCwYDVQQDDAR0ODA5MBOkETAPMQ0wCwYDVQQDDAR0ODEw +MBOkETAPMQ0wCwYDVQQDDAR0ODExMBOkETAPMQ0wCwYDVQQDDAR0ODEyMBOkETAP +MQ0wCwYDVQQDDAR0ODEzMBOkETAPMQ0wCwYDVQQDDAR0ODE0MBOkETAPMQ0wCwYD +VQQDDAR0ODE1MBOkETAPMQ0wCwYDVQQDDAR0ODE2MBOkETAPMQ0wCwYDVQQDDAR0 +ODE3MBOkETAPMQ0wCwYDVQQDDAR0ODE4MBOkETAPMQ0wCwYDVQQDDAR0ODE5MBOk +ETAPMQ0wCwYDVQQDDAR0ODIwMBOkETAPMQ0wCwYDVQQDDAR0ODIxMBOkETAPMQ0w +CwYDVQQDDAR0ODIyMBOkETAPMQ0wCwYDVQQDDAR0ODIzMBOkETAPMQ0wCwYDVQQD +DAR0ODI0MBOkETAPMQ0wCwYDVQQDDAR0ODI1MBOkETAPMQ0wCwYDVQQDDAR0ODI2 +MBOkETAPMQ0wCwYDVQQDDAR0ODI3MBOkETAPMQ0wCwYDVQQDDAR0ODI4MBOkETAP +MQ0wCwYDVQQDDAR0ODI5MBOkETAPMQ0wCwYDVQQDDAR0ODMwMBOkETAPMQ0wCwYD +VQQDDAR0ODMxMBOkETAPMQ0wCwYDVQQDDAR0ODMyMBOkETAPMQ0wCwYDVQQDDAR0 +ODMzMBOkETAPMQ0wCwYDVQQDDAR0ODM0MBOkETAPMQ0wCwYDVQQDDAR0ODM1MBOk +ETAPMQ0wCwYDVQQDDAR0ODM2MBOkETAPMQ0wCwYDVQQDDAR0ODM3MBOkETAPMQ0w +CwYDVQQDDAR0ODM4MBOkETAPMQ0wCwYDVQQDDAR0ODM5MBOkETAPMQ0wCwYDVQQD +DAR0ODQwMBOkETAPMQ0wCwYDVQQDDAR0ODQxMBOkETAPMQ0wCwYDVQQDDAR0ODQy +MBOkETAPMQ0wCwYDVQQDDAR0ODQzMBOkETAPMQ0wCwYDVQQDDAR0ODQ0MBOkETAP +MQ0wCwYDVQQDDAR0ODQ1MBOkETAPMQ0wCwYDVQQDDAR0ODQ2MBOkETAPMQ0wCwYD +VQQDDAR0ODQ3MBOkETAPMQ0wCwYDVQQDDAR0ODQ4MBOkETAPMQ0wCwYDVQQDDAR0 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR0ODUwMBOkETAPMQ0wCwYDVQQDDAR0ODUxMBOk +ETAPMQ0wCwYDVQQDDAR0ODUyMBOkETAPMQ0wCwYDVQQDDAR0ODUzMBOkETAPMQ0w +CwYDVQQDDAR0ODU0MBOkETAPMQ0wCwYDVQQDDAR0ODU1MBOkETAPMQ0wCwYDVQQD +DAR0ODU2MBOkETAPMQ0wCwYDVQQDDAR0ODU3MBOkETAPMQ0wCwYDVQQDDAR0ODU4 +MBOkETAPMQ0wCwYDVQQDDAR0ODU5MBOkETAPMQ0wCwYDVQQDDAR0ODYwMBOkETAP +MQ0wCwYDVQQDDAR0ODYxMBOkETAPMQ0wCwYDVQQDDAR0ODYyMBOkETAPMQ0wCwYD +VQQDDAR0ODYzMBOkETAPMQ0wCwYDVQQDDAR0ODY0MBOkETAPMQ0wCwYDVQQDDAR0 +ODY1MBOkETAPMQ0wCwYDVQQDDAR0ODY2MBOkETAPMQ0wCwYDVQQDDAR0ODY3MBOk +ETAPMQ0wCwYDVQQDDAR0ODY4MBOkETAPMQ0wCwYDVQQDDAR0ODY5MBOkETAPMQ0w +CwYDVQQDDAR0ODcwMBOkETAPMQ0wCwYDVQQDDAR0ODcxMBOkETAPMQ0wCwYDVQQD +DAR0ODcyMBOkETAPMQ0wCwYDVQQDDAR0ODczMBOkETAPMQ0wCwYDVQQDDAR0ODc0 +MBOkETAPMQ0wCwYDVQQDDAR0ODc1MBOkETAPMQ0wCwYDVQQDDAR0ODc2MBOkETAP +MQ0wCwYDVQQDDAR0ODc3MBOkETAPMQ0wCwYDVQQDDAR0ODc4MBOkETAPMQ0wCwYD +VQQDDAR0ODc5MBOkETAPMQ0wCwYDVQQDDAR0ODgwMBOkETAPMQ0wCwYDVQQDDAR0 +ODgxMBOkETAPMQ0wCwYDVQQDDAR0ODgyMBOkETAPMQ0wCwYDVQQDDAR0ODgzMBOk +ETAPMQ0wCwYDVQQDDAR0ODg0MBOkETAPMQ0wCwYDVQQDDAR0ODg1MBOkETAPMQ0w +CwYDVQQDDAR0ODg2MBOkETAPMQ0wCwYDVQQDDAR0ODg3MBOkETAPMQ0wCwYDVQQD +DAR0ODg4MBOkETAPMQ0wCwYDVQQDDAR0ODg5MBOkETAPMQ0wCwYDVQQDDAR0ODkw +MBOkETAPMQ0wCwYDVQQDDAR0ODkxMBOkETAPMQ0wCwYDVQQDDAR0ODkyMBOkETAP +MQ0wCwYDVQQDDAR0ODkzMBOkETAPMQ0wCwYDVQQDDAR0ODk0MBOkETAPMQ0wCwYD +VQQDDAR0ODk1MBOkETAPMQ0wCwYDVQQDDAR0ODk2MBOkETAPMQ0wCwYDVQQDDAR0 +ODk3MBOkETAPMQ0wCwYDVQQDDAR0ODk4MBOkETAPMQ0wCwYDVQQDDAR0ODk5MBOk +ETAPMQ0wCwYDVQQDDAR0OTAwMBOkETAPMQ0wCwYDVQQDDAR0OTAxMBOkETAPMQ0w +CwYDVQQDDAR0OTAyMBOkETAPMQ0wCwYDVQQDDAR0OTAzMBOkETAPMQ0wCwYDVQQD +DAR0OTA0MBOkETAPMQ0wCwYDVQQDDAR0OTA1MBOkETAPMQ0wCwYDVQQDDAR0OTA2 +MBOkETAPMQ0wCwYDVQQDDAR0OTA3MBOkETAPMQ0wCwYDVQQDDAR0OTA4MBOkETAP +MQ0wCwYDVQQDDAR0OTA5MBOkETAPMQ0wCwYDVQQDDAR0OTEwMBOkETAPMQ0wCwYD +VQQDDAR0OTExMBOkETAPMQ0wCwYDVQQDDAR0OTEyMBOkETAPMQ0wCwYDVQQDDAR0 +OTEzMBOkETAPMQ0wCwYDVQQDDAR0OTE0MBOkETAPMQ0wCwYDVQQDDAR0OTE1MBOk +ETAPMQ0wCwYDVQQDDAR0OTE2MBOkETAPMQ0wCwYDVQQDDAR0OTE3MBOkETAPMQ0w +CwYDVQQDDAR0OTE4MBOkETAPMQ0wCwYDVQQDDAR0OTE5MBOkETAPMQ0wCwYDVQQD +DAR0OTIwMBOkETAPMQ0wCwYDVQQDDAR0OTIxMBOkETAPMQ0wCwYDVQQDDAR0OTIy +MBOkETAPMQ0wCwYDVQQDDAR0OTIzMBOkETAPMQ0wCwYDVQQDDAR0OTI0MBOkETAP +MQ0wCwYDVQQDDAR0OTI1MBOkETAPMQ0wCwYDVQQDDAR0OTI2MBOkETAPMQ0wCwYD +VQQDDAR0OTI3MBOkETAPMQ0wCwYDVQQDDAR0OTI4MBOkETAPMQ0wCwYDVQQDDAR0 +OTI5MBOkETAPMQ0wCwYDVQQDDAR0OTMwMBOkETAPMQ0wCwYDVQQDDAR0OTMxMBOk +ETAPMQ0wCwYDVQQDDAR0OTMyMBOkETAPMQ0wCwYDVQQDDAR0OTMzMBOkETAPMQ0w +CwYDVQQDDAR0OTM0MBOkETAPMQ0wCwYDVQQDDAR0OTM1MBOkETAPMQ0wCwYDVQQD +DAR0OTM2MBOkETAPMQ0wCwYDVQQDDAR0OTM3MBOkETAPMQ0wCwYDVQQDDAR0OTM4 +MBOkETAPMQ0wCwYDVQQDDAR0OTM5MBOkETAPMQ0wCwYDVQQDDAR0OTQwMBOkETAP +MQ0wCwYDVQQDDAR0OTQxMBOkETAPMQ0wCwYDVQQDDAR0OTQyMBOkETAPMQ0wCwYD +VQQDDAR0OTQzMBOkETAPMQ0wCwYDVQQDDAR0OTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR0OTQ2MBOkETAPMQ0wCwYDVQQDDAR0OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0OTQ4MBOkETAPMQ0wCwYDVQQDDAR0OTQ5MBOkETAPMQ0w +CwYDVQQDDAR0OTUwMBOkETAPMQ0wCwYDVQQDDAR0OTUxMBOkETAPMQ0wCwYDVQQD +DAR0OTUyMBOkETAPMQ0wCwYDVQQDDAR0OTUzMBOkETAPMQ0wCwYDVQQDDAR0OTU0 +MBOkETAPMQ0wCwYDVQQDDAR0OTU1MBOkETAPMQ0wCwYDVQQDDAR0OTU2MBOkETAP +MQ0wCwYDVQQDDAR0OTU3MBOkETAPMQ0wCwYDVQQDDAR0OTU4MBOkETAPMQ0wCwYD +VQQDDAR0OTU5MBOkETAPMQ0wCwYDVQQDDAR0OTYwMBOkETAPMQ0wCwYDVQQDDAR0 +OTYxMBOkETAPMQ0wCwYDVQQDDAR0OTYyMBOkETAPMQ0wCwYDVQQDDAR0OTYzMBOk +ETAPMQ0wCwYDVQQDDAR0OTY0MBOkETAPMQ0wCwYDVQQDDAR0OTY1MBOkETAPMQ0w +CwYDVQQDDAR0OTY2MBOkETAPMQ0wCwYDVQQDDAR0OTY3MBOkETAPMQ0wCwYDVQQD +DAR0OTY4MBOkETAPMQ0wCwYDVQQDDAR0OTY5MBOkETAPMQ0wCwYDVQQDDAR0OTcw +MBOkETAPMQ0wCwYDVQQDDAR0OTcxMBOkETAPMQ0wCwYDVQQDDAR0OTcyMBOkETAP +MQ0wCwYDVQQDDAR0OTczMBOkETAPMQ0wCwYDVQQDDAR0OTc0MBOkETAPMQ0wCwYD +VQQDDAR0OTc1MBOkETAPMQ0wCwYDVQQDDAR0OTc2MBOkETAPMQ0wCwYDVQQDDAR0 +OTc3MBOkETAPMQ0wCwYDVQQDDAR0OTc4MBOkETAPMQ0wCwYDVQQDDAR0OTc5MBOk +ETAPMQ0wCwYDVQQDDAR0OTgwMBOkETAPMQ0wCwYDVQQDDAR0OTgxMBOkETAPMQ0w +CwYDVQQDDAR0OTgyMBOkETAPMQ0wCwYDVQQDDAR0OTgzMBOkETAPMQ0wCwYDVQQD +DAR0OTg0MBOkETAPMQ0wCwYDVQQDDAR0OTg1MBOkETAPMQ0wCwYDVQQDDAR0OTg2 +MBOkETAPMQ0wCwYDVQQDDAR0OTg3MBOkETAPMQ0wCwYDVQQDDAR0OTg4MBOkETAP +MQ0wCwYDVQQDDAR0OTg5MBOkETAPMQ0wCwYDVQQDDAR0OTkwMBOkETAPMQ0wCwYD +VQQDDAR0OTkxMBOkETAPMQ0wCwYDVQQDDAR0OTkyMBOkETAPMQ0wCwYDVQQDDAR0 +OTkzMBOkETAPMQ0wCwYDVQQDDAR0OTk0MBOkETAPMQ0wCwYDVQQDDAR0OTk1MBOk +ETAPMQ0wCwYDVQQDDAR0OTk2MBOkETAPMQ0wCwYDVQQDDAR0OTk3MBOkETAPMQ0w +CwYDVQQDDAR0OTk4MBOkETAPMQ0wCwYDVQQDDAR0OTk5MBSkEjAQMQ4wDAYDVQQD +DAV0MTAwMDAUpBIwEDEOMAwGA1UEAwwFdDEwMDEwFKQSMBAxDjAMBgNVBAMMBXQx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV0MTAwMzAUpBIwEDEOMAwGA1UEAwwFdDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXQxMDA1MBSkEjAQMQ4wDAYDVQQDDAV0MTAwNjAUpBIw +EDEOMAwGA1UEAwwFdDEwMDcwFKQSMBAxDjAMBgNVBAMMBXQxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV0MTAwOTAUpBIwEDEOMAwGA1UEAwwFdDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXQxMDExMBSkEjAQMQ4wDAYDVQQDDAV0MTAxMjAUpBIwEDEOMAwGA1UEAwwF +dDEwMTMwFKQSMBAxDjAMBgNVBAMMBXQxMDE0MBSkEjAQMQ4wDAYDVQQDDAV0MTAx +NTAUpBIwEDEOMAwGA1UEAwwFdDEwMTYwFKQSMBAxDjAMBgNVBAMMBXQxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV0MTAxODAUpBIwEDEOMAwGA1UEAwwFdDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXQxMDIwMBSkEjAQMQ4wDAYDVQQDDAV0MTAyMTAUpBIwEDEOMAwG +A1UEAwwFdDEwMjIwFKQSMBAxDjAMBgNVBAMMBXQxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV0MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAEs5g1ju1fnqOntD1/aiKMySVbXlW +JCMSEI8SfOATmbptubJRtMxQLAYouNEYGhbmA7R/zbf2BnvCd5dSdo+B0fYsCOJw +J3Y/kKdS8xXwH0CXmfv6msHrEPqgdN/x34rSS2cRL1ypUnhp6EshvvKpZWLMDtlZ +jnrKXwFB2dLpiV+8PIy7T5CABgU3vgwfqFaC55ItxYlW2NSGnYq8XkPTB2Xa1Ah1 +J+VJDun4VCt6U5k3KZvqFN6AaKl5Jl5k/yFs2oPvj6TfOiBuXNNoSIKruaxKKLYv +NRSYVBao+u4ww7rFLTO8Mq6WxooXSTJ41GEpZn91rhYugbK5+lax1caedw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.cnf new file mode 100644 index 0000000000..5525d6b9df --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.cnf @@ -0,0 +1,64 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Root" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Root.pem +new_certs_dir = out +serial = out/Root.serial +database = out/Root.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Root.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Root.cer + +[crl_info] +URI.0 = http://url-for-crl/Root.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.csr new file mode 100644 index 0000000000..35b655d54f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwDzENMAsGA1UEAwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMx6z+y9oAHDJlHYKK6AtgvSdtcEhhis/fKPZOeS1tBCMk/N +0E3QrHGac4AKBHAgoy+gm/Q+Gc9pVLW+hd1usgsU3ye/LKG7sqcjDPuueGlrGm58 +OH8VXeXPJzJWKvGH/joWc+bdg/LyrjHIk9JJt7Fx9VXeu4XNyxl0HWFJ2oNE7Exe +qtWLMhrbd9Wxg4wAuVW3ZHhch8loWL3er1Diu70yzfo93zs9kxAWtm2QHdd96ep+ +Hi7IEKQUrWJyr2WVH6dugYSf34VOwD5/jAIK8GVYhHxq4VOvPPF6uTPI5/ntkkYA +UGLwiUFXHoHRBBKz/CVgF1wL66lGSgM5FhFN4XsCAwEAAaBRME8GCSqGSIb3DQEJ +DjFCMEAwHQYDVR0OBBYEFLbC75/RKcsPiYxMUtS9QLcRt3HdMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAeAAMmusgo +gWsmXpYh6t/w2qK9lucLwcQqZz/punJH5w0Muz4pzjARppljidGfWdM0scyqAbS0 +WKyUkw1mmi2DPYC6VV2wjSjwnHYqMr5zwMzwdY/hBxhPqYeGfLYxq93GhsOO+NFf +Fbj/2B6nTQbYVDJxotVXDm6mlJ39qNNKHisQf3cnqD0Jdj/1IAm9pdUoVEI04re/ +2o8jeXu/xmlulDkJjlbrUwBwKDq1053OhcFCoU8uQB/GWEFieD3dG5Jzr9gkEMX/ +DodDQrixdtqZVmVcstukqQHdGTN+dRMgkCepvAxhPr2J3WmkyR6q8Jy3iHRvFwb4 +ozuHquUL2zo8 +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db new file mode 100644 index 0000000000..4e6380ddf4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db @@ -0,0 +1,9 @@ +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F5 unknown /CN=Root +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F6 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F7 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F8 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F9 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FA unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FB unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FC unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FD unknown /CN=Intermediate diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr.old new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.old new file mode 100644 index 0000000000..d5e4256207 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.db.old @@ -0,0 +1,8 @@ +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F5 unknown /CN=Root +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F6 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F7 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F8 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6F9 unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FA unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FB unknown /CN=Intermediate +V 221005120000Z 3CE5FC818859A85016C17FD7E52AE5967FC2F6FC unknown /CN=Intermediate diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.pem new file mode 100644 index 0000000000..95b3ef60a0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial new file mode 100644 index 0000000000..d19eb29058 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial @@ -0,0 +1 @@ +3CE5FC818859A85016C17FD7E52AE5967FC2F6FE diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial.old b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial.old new file mode 100644 index 0000000000..30219eff8c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/Root.serial.old @@ -0,0 +1 @@ +3CE5FC818859A85016C17FD7E52AE5967FC2F6FD diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.cnf new file mode 100644 index 0000000000..c20d823d84 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.cnf @@ -0,0 +1,3142 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +DNS.1 = t0.test +DNS.2 = t1.test +DNS.3 = t2.test +DNS.4 = t3.test +DNS.5 = t4.test +DNS.6 = t5.test +DNS.7 = t6.test +DNS.8 = t7.test +DNS.9 = t8.test +DNS.10 = t9.test +DNS.11 = t10.test +DNS.12 = t11.test +DNS.13 = t12.test +DNS.14 = t13.test +DNS.15 = t14.test +DNS.16 = t15.test +DNS.17 = t16.test +DNS.18 = t17.test +DNS.19 = t18.test +DNS.20 = t19.test +DNS.21 = t20.test +DNS.22 = t21.test +DNS.23 = t22.test +DNS.24 = t23.test +DNS.25 = t24.test +DNS.26 = t25.test +DNS.27 = t26.test +DNS.28 = t27.test +DNS.29 = t28.test +DNS.30 = t29.test +DNS.31 = t30.test +DNS.32 = t31.test +DNS.33 = t32.test +DNS.34 = t33.test +DNS.35 = t34.test +DNS.36 = t35.test +DNS.37 = t36.test +DNS.38 = t37.test +DNS.39 = t38.test +DNS.40 = t39.test +DNS.41 = t40.test +DNS.42 = t41.test +DNS.43 = t42.test +DNS.44 = t43.test +DNS.45 = t44.test +DNS.46 = t45.test +DNS.47 = t46.test +DNS.48 = t47.test +DNS.49 = t48.test +DNS.50 = t49.test +DNS.51 = t50.test +DNS.52 = t51.test +DNS.53 = t52.test +DNS.54 = t53.test +DNS.55 = t54.test +DNS.56 = t55.test +DNS.57 = t56.test +DNS.58 = t57.test +DNS.59 = t58.test +DNS.60 = t59.test +DNS.61 = t60.test +DNS.62 = t61.test +DNS.63 = t62.test +DNS.64 = t63.test +DNS.65 = t64.test +DNS.66 = t65.test +DNS.67 = t66.test +DNS.68 = t67.test +DNS.69 = t68.test +DNS.70 = t69.test +DNS.71 = t70.test +DNS.72 = t71.test +DNS.73 = t72.test +DNS.74 = t73.test +DNS.75 = t74.test +DNS.76 = t75.test +DNS.77 = t76.test +DNS.78 = t77.test +DNS.79 = t78.test +DNS.80 = t79.test +DNS.81 = t80.test +DNS.82 = t81.test +DNS.83 = t82.test +DNS.84 = t83.test +DNS.85 = t84.test +DNS.86 = t85.test +DNS.87 = t86.test +DNS.88 = t87.test +DNS.89 = t88.test +DNS.90 = t89.test +DNS.91 = t90.test +DNS.92 = t91.test +DNS.93 = t92.test +DNS.94 = t93.test +DNS.95 = t94.test +DNS.96 = t95.test +DNS.97 = t96.test +DNS.98 = t97.test +DNS.99 = t98.test +DNS.100 = t99.test +DNS.101 = t100.test +DNS.102 = t101.test +DNS.103 = t102.test +DNS.104 = t103.test +DNS.105 = t104.test +DNS.106 = t105.test +DNS.107 = t106.test +DNS.108 = t107.test +DNS.109 = t108.test +DNS.110 = t109.test +DNS.111 = t110.test +DNS.112 = t111.test +DNS.113 = t112.test +DNS.114 = t113.test +DNS.115 = t114.test +DNS.116 = t115.test +DNS.117 = t116.test +DNS.118 = t117.test +DNS.119 = t118.test +DNS.120 = t119.test +DNS.121 = t120.test +DNS.122 = t121.test +DNS.123 = t122.test +DNS.124 = t123.test +DNS.125 = t124.test +DNS.126 = t125.test +DNS.127 = t126.test +DNS.128 = t127.test +DNS.129 = t128.test +DNS.130 = t129.test +DNS.131 = t130.test +DNS.132 = t131.test +DNS.133 = t132.test +DNS.134 = t133.test +DNS.135 = t134.test +DNS.136 = t135.test +DNS.137 = t136.test +DNS.138 = t137.test +DNS.139 = t138.test +DNS.140 = t139.test +DNS.141 = t140.test +DNS.142 = t141.test +DNS.143 = t142.test +DNS.144 = t143.test +DNS.145 = t144.test +DNS.146 = t145.test +DNS.147 = t146.test +DNS.148 = t147.test +DNS.149 = t148.test +DNS.150 = t149.test +DNS.151 = t150.test +DNS.152 = t151.test +DNS.153 = t152.test +DNS.154 = t153.test +DNS.155 = t154.test +DNS.156 = t155.test +DNS.157 = t156.test +DNS.158 = t157.test +DNS.159 = t158.test +DNS.160 = t159.test +DNS.161 = t160.test +DNS.162 = t161.test +DNS.163 = t162.test +DNS.164 = t163.test +DNS.165 = t164.test +DNS.166 = t165.test +DNS.167 = t166.test +DNS.168 = t167.test +DNS.169 = t168.test +DNS.170 = t169.test +DNS.171 = t170.test +DNS.172 = t171.test +DNS.173 = t172.test +DNS.174 = t173.test +DNS.175 = t174.test +DNS.176 = t175.test +DNS.177 = t176.test +DNS.178 = t177.test +DNS.179 = t178.test +DNS.180 = t179.test +DNS.181 = t180.test +DNS.182 = t181.test +DNS.183 = t182.test +DNS.184 = t183.test +DNS.185 = t184.test +DNS.186 = t185.test +DNS.187 = t186.test +DNS.188 = t187.test +DNS.189 = t188.test +DNS.190 = t189.test +DNS.191 = t190.test +DNS.192 = t191.test +DNS.193 = t192.test +DNS.194 = t193.test +DNS.195 = t194.test +DNS.196 = t195.test +DNS.197 = t196.test +DNS.198 = t197.test +DNS.199 = t198.test +DNS.200 = t199.test +DNS.201 = t200.test +DNS.202 = t201.test +DNS.203 = t202.test +DNS.204 = t203.test +DNS.205 = t204.test +DNS.206 = t205.test +DNS.207 = t206.test +DNS.208 = t207.test +DNS.209 = t208.test +DNS.210 = t209.test +DNS.211 = t210.test +DNS.212 = t211.test +DNS.213 = t212.test +DNS.214 = t213.test +DNS.215 = t214.test +DNS.216 = t215.test +DNS.217 = t216.test +DNS.218 = t217.test +DNS.219 = t218.test +DNS.220 = t219.test +DNS.221 = t220.test +DNS.222 = t221.test +DNS.223 = t222.test +DNS.224 = t223.test +DNS.225 = t224.test +DNS.226 = t225.test +DNS.227 = t226.test +DNS.228 = t227.test +DNS.229 = t228.test +DNS.230 = t229.test +DNS.231 = t230.test +DNS.232 = t231.test +DNS.233 = t232.test +DNS.234 = t233.test +DNS.235 = t234.test +DNS.236 = t235.test +DNS.237 = t236.test +DNS.238 = t237.test +DNS.239 = t238.test +DNS.240 = t239.test +DNS.241 = t240.test +DNS.242 = t241.test +DNS.243 = t242.test +DNS.244 = t243.test +DNS.245 = t244.test +DNS.246 = t245.test +DNS.247 = t246.test +DNS.248 = t247.test +DNS.249 = t248.test +DNS.250 = t249.test +DNS.251 = t250.test +DNS.252 = t251.test +DNS.253 = t252.test +DNS.254 = t253.test +DNS.255 = t254.test +DNS.256 = t255.test +DNS.257 = t256.test +DNS.258 = t257.test +DNS.259 = t258.test +DNS.260 = t259.test +DNS.261 = t260.test +DNS.262 = t261.test +DNS.263 = t262.test +DNS.264 = t263.test +DNS.265 = t264.test +DNS.266 = t265.test +DNS.267 = t266.test +DNS.268 = t267.test +DNS.269 = t268.test +DNS.270 = t269.test +DNS.271 = t270.test +DNS.272 = t271.test +DNS.273 = t272.test +DNS.274 = t273.test +DNS.275 = t274.test +DNS.276 = t275.test +DNS.277 = t276.test +DNS.278 = t277.test +DNS.279 = t278.test +DNS.280 = t279.test +DNS.281 = t280.test +DNS.282 = t281.test +DNS.283 = t282.test +DNS.284 = t283.test +DNS.285 = t284.test +DNS.286 = t285.test +DNS.287 = t286.test +DNS.288 = t287.test +DNS.289 = t288.test +DNS.290 = t289.test +DNS.291 = t290.test +DNS.292 = t291.test +DNS.293 = t292.test +DNS.294 = t293.test +DNS.295 = t294.test +DNS.296 = t295.test +DNS.297 = t296.test +DNS.298 = t297.test +DNS.299 = t298.test +DNS.300 = t299.test +DNS.301 = t300.test +DNS.302 = t301.test +DNS.303 = t302.test +DNS.304 = t303.test +DNS.305 = t304.test +DNS.306 = t305.test +DNS.307 = t306.test +DNS.308 = t307.test +DNS.309 = t308.test +DNS.310 = t309.test +DNS.311 = t310.test +DNS.312 = t311.test +DNS.313 = t312.test +DNS.314 = t313.test +DNS.315 = t314.test +DNS.316 = t315.test +DNS.317 = t316.test +DNS.318 = t317.test +DNS.319 = t318.test +DNS.320 = t319.test +DNS.321 = t320.test +DNS.322 = t321.test +DNS.323 = t322.test +DNS.324 = t323.test +DNS.325 = t324.test +DNS.326 = t325.test +DNS.327 = t326.test +DNS.328 = t327.test +DNS.329 = t328.test +DNS.330 = t329.test +DNS.331 = t330.test +DNS.332 = t331.test +DNS.333 = t332.test +DNS.334 = t333.test +DNS.335 = t334.test +DNS.336 = t335.test +DNS.337 = t336.test +DNS.338 = t337.test +DNS.339 = t338.test +DNS.340 = t339.test +DNS.341 = t340.test +IP.1 = 10.0.0.0 +IP.2 = 10.0.0.1 +IP.3 = 10.0.0.2 +IP.4 = 10.0.0.3 +IP.5 = 10.0.0.4 +IP.6 = 10.0.0.5 +IP.7 = 10.0.0.6 +IP.8 = 10.0.0.7 +IP.9 = 10.0.0.8 +IP.10 = 10.0.0.9 +IP.11 = 10.0.0.10 +IP.12 = 10.0.0.11 +IP.13 = 10.0.0.12 +IP.14 = 10.0.0.13 +IP.15 = 10.0.0.14 +IP.16 = 10.0.0.15 +IP.17 = 10.0.0.16 +IP.18 = 10.0.0.17 +IP.19 = 10.0.0.18 +IP.20 = 10.0.0.19 +IP.21 = 10.0.0.20 +IP.22 = 10.0.0.21 +IP.23 = 10.0.0.22 +IP.24 = 10.0.0.23 +IP.25 = 10.0.0.24 +IP.26 = 10.0.0.25 +IP.27 = 10.0.0.26 +IP.28 = 10.0.0.27 +IP.29 = 10.0.0.28 +IP.30 = 10.0.0.29 +IP.31 = 10.0.0.30 +IP.32 = 10.0.0.31 +IP.33 = 10.0.0.32 +IP.34 = 10.0.0.33 +IP.35 = 10.0.0.34 +IP.36 = 10.0.0.35 +IP.37 = 10.0.0.36 +IP.38 = 10.0.0.37 +IP.39 = 10.0.0.38 +IP.40 = 10.0.0.39 +IP.41 = 10.0.0.40 +IP.42 = 10.0.0.41 +IP.43 = 10.0.0.42 +IP.44 = 10.0.0.43 +IP.45 = 10.0.0.44 +IP.46 = 10.0.0.45 +IP.47 = 10.0.0.46 +IP.48 = 10.0.0.47 +IP.49 = 10.0.0.48 +IP.50 = 10.0.0.49 +IP.51 = 10.0.0.50 +IP.52 = 10.0.0.51 +IP.53 = 10.0.0.52 +IP.54 = 10.0.0.53 +IP.55 = 10.0.0.54 +IP.56 = 10.0.0.55 +IP.57 = 10.0.0.56 +IP.58 = 10.0.0.57 +IP.59 = 10.0.0.58 +IP.60 = 10.0.0.59 +IP.61 = 10.0.0.60 +IP.62 = 10.0.0.61 +IP.63 = 10.0.0.62 +IP.64 = 10.0.0.63 +IP.65 = 10.0.0.64 +IP.66 = 10.0.0.65 +IP.67 = 10.0.0.66 +IP.68 = 10.0.0.67 +IP.69 = 10.0.0.68 +IP.70 = 10.0.0.69 +IP.71 = 10.0.0.70 +IP.72 = 10.0.0.71 +IP.73 = 10.0.0.72 +IP.74 = 10.0.0.73 +IP.75 = 10.0.0.74 +IP.76 = 10.0.0.75 +IP.77 = 10.0.0.76 +IP.78 = 10.0.0.77 +IP.79 = 10.0.0.78 +IP.80 = 10.0.0.79 +IP.81 = 10.0.0.80 +IP.82 = 10.0.0.81 +IP.83 = 10.0.0.82 +IP.84 = 10.0.0.83 +IP.85 = 10.0.0.84 +IP.86 = 10.0.0.85 +IP.87 = 10.0.0.86 +IP.88 = 10.0.0.87 +IP.89 = 10.0.0.88 +IP.90 = 10.0.0.89 +IP.91 = 10.0.0.90 +IP.92 = 10.0.0.91 +IP.93 = 10.0.0.92 +IP.94 = 10.0.0.93 +IP.95 = 10.0.0.94 +IP.96 = 10.0.0.95 +IP.97 = 10.0.0.96 +IP.98 = 10.0.0.97 +IP.99 = 10.0.0.98 +IP.100 = 10.0.0.99 +IP.101 = 10.0.0.100 +IP.102 = 10.0.0.101 +IP.103 = 10.0.0.102 +IP.104 = 10.0.0.103 +IP.105 = 10.0.0.104 +IP.106 = 10.0.0.105 +IP.107 = 10.0.0.106 +IP.108 = 10.0.0.107 +IP.109 = 10.0.0.108 +IP.110 = 10.0.0.109 +IP.111 = 10.0.0.110 +IP.112 = 10.0.0.111 +IP.113 = 10.0.0.112 +IP.114 = 10.0.0.113 +IP.115 = 10.0.0.114 +IP.116 = 10.0.0.115 +IP.117 = 10.0.0.116 +IP.118 = 10.0.0.117 +IP.119 = 10.0.0.118 +IP.120 = 10.0.0.119 +IP.121 = 10.0.0.120 +IP.122 = 10.0.0.121 +IP.123 = 10.0.0.122 +IP.124 = 10.0.0.123 +IP.125 = 10.0.0.124 +IP.126 = 10.0.0.125 +IP.127 = 10.0.0.126 +IP.128 = 10.0.0.127 +IP.129 = 10.0.0.128 +IP.130 = 10.0.0.129 +IP.131 = 10.0.0.130 +IP.132 = 10.0.0.131 +IP.133 = 10.0.0.132 +IP.134 = 10.0.0.133 +IP.135 = 10.0.0.134 +IP.136 = 10.0.0.135 +IP.137 = 10.0.0.136 +IP.138 = 10.0.0.137 +IP.139 = 10.0.0.138 +IP.140 = 10.0.0.139 +IP.141 = 10.0.0.140 +IP.142 = 10.0.0.141 +IP.143 = 10.0.0.142 +IP.144 = 10.0.0.143 +IP.145 = 10.0.0.144 +IP.146 = 10.0.0.145 +IP.147 = 10.0.0.146 +IP.148 = 10.0.0.147 +IP.149 = 10.0.0.148 +IP.150 = 10.0.0.149 +IP.151 = 10.0.0.150 +IP.152 = 10.0.0.151 +IP.153 = 10.0.0.152 +IP.154 = 10.0.0.153 +IP.155 = 10.0.0.154 +IP.156 = 10.0.0.155 +IP.157 = 10.0.0.156 +IP.158 = 10.0.0.157 +IP.159 = 10.0.0.158 +IP.160 = 10.0.0.159 +IP.161 = 10.0.0.160 +IP.162 = 10.0.0.161 +IP.163 = 10.0.0.162 +IP.164 = 10.0.0.163 +IP.165 = 10.0.0.164 +IP.166 = 10.0.0.165 +IP.167 = 10.0.0.166 +IP.168 = 10.0.0.167 +IP.169 = 10.0.0.168 +IP.170 = 10.0.0.169 +IP.171 = 10.0.0.170 +IP.172 = 10.0.0.171 +IP.173 = 10.0.0.172 +IP.174 = 10.0.0.173 +IP.175 = 10.0.0.174 +IP.176 = 10.0.0.175 +IP.177 = 10.0.0.176 +IP.178 = 10.0.0.177 +IP.179 = 10.0.0.178 +IP.180 = 10.0.0.179 +IP.181 = 10.0.0.180 +IP.182 = 10.0.0.181 +IP.183 = 10.0.0.182 +IP.184 = 10.0.0.183 +IP.185 = 10.0.0.184 +IP.186 = 10.0.0.185 +IP.187 = 10.0.0.186 +IP.188 = 10.0.0.187 +IP.189 = 10.0.0.188 +IP.190 = 10.0.0.189 +IP.191 = 10.0.0.190 +IP.192 = 10.0.0.191 +IP.193 = 10.0.0.192 +IP.194 = 10.0.0.193 +IP.195 = 10.0.0.194 +IP.196 = 10.0.0.195 +IP.197 = 10.0.0.196 +IP.198 = 10.0.0.197 +IP.199 = 10.0.0.198 +IP.200 = 10.0.0.199 +IP.201 = 10.0.0.200 +IP.202 = 10.0.0.201 +IP.203 = 10.0.0.202 +IP.204 = 10.0.0.203 +IP.205 = 10.0.0.204 +IP.206 = 10.0.0.205 +IP.207 = 10.0.0.206 +IP.208 = 10.0.0.207 +IP.209 = 10.0.0.208 +IP.210 = 10.0.0.209 +IP.211 = 10.0.0.210 +IP.212 = 10.0.0.211 +IP.213 = 10.0.0.212 +IP.214 = 10.0.0.213 +IP.215 = 10.0.0.214 +IP.216 = 10.0.0.215 +IP.217 = 10.0.0.216 +IP.218 = 10.0.0.217 +IP.219 = 10.0.0.218 +IP.220 = 10.0.0.219 +IP.221 = 10.0.0.220 +IP.222 = 10.0.0.221 +IP.223 = 10.0.0.222 +IP.224 = 10.0.0.223 +IP.225 = 10.0.0.224 +IP.226 = 10.0.0.225 +IP.227 = 10.0.0.226 +IP.228 = 10.0.0.227 +IP.229 = 10.0.0.228 +IP.230 = 10.0.0.229 +IP.231 = 10.0.0.230 +IP.232 = 10.0.0.231 +IP.233 = 10.0.0.232 +IP.234 = 10.0.0.233 +IP.235 = 10.0.0.234 +IP.236 = 10.0.0.235 +IP.237 = 10.0.0.236 +IP.238 = 10.0.0.237 +IP.239 = 10.0.0.238 +IP.240 = 10.0.0.239 +IP.241 = 10.0.0.240 +IP.242 = 10.0.0.241 +IP.243 = 10.0.0.242 +IP.244 = 10.0.0.243 +IP.245 = 10.0.0.244 +IP.246 = 10.0.0.245 +IP.247 = 10.0.0.246 +IP.248 = 10.0.0.247 +IP.249 = 10.0.0.248 +IP.250 = 10.0.0.249 +IP.251 = 10.0.0.250 +IP.252 = 10.0.0.251 +IP.253 = 10.0.0.252 +IP.254 = 10.0.0.253 +IP.255 = 10.0.0.254 +IP.256 = 10.0.0.255 +IP.257 = 10.0.1.0 +IP.258 = 10.0.1.1 +IP.259 = 10.0.1.2 +IP.260 = 10.0.1.3 +IP.261 = 10.0.1.4 +IP.262 = 10.0.1.5 +IP.263 = 10.0.1.6 +IP.264 = 10.0.1.7 +IP.265 = 10.0.1.8 +IP.266 = 10.0.1.9 +IP.267 = 10.0.1.10 +IP.268 = 10.0.1.11 +IP.269 = 10.0.1.12 +IP.270 = 10.0.1.13 +IP.271 = 10.0.1.14 +IP.272 = 10.0.1.15 +IP.273 = 10.0.1.16 +IP.274 = 10.0.1.17 +IP.275 = 10.0.1.18 +IP.276 = 10.0.1.19 +IP.277 = 10.0.1.20 +IP.278 = 10.0.1.21 +IP.279 = 10.0.1.22 +IP.280 = 10.0.1.23 +IP.281 = 10.0.1.24 +IP.282 = 10.0.1.25 +IP.283 = 10.0.1.26 +IP.284 = 10.0.1.27 +IP.285 = 10.0.1.28 +IP.286 = 10.0.1.29 +IP.287 = 10.0.1.30 +IP.288 = 10.0.1.31 +IP.289 = 10.0.1.32 +IP.290 = 10.0.1.33 +IP.291 = 10.0.1.34 +IP.292 = 10.0.1.35 +IP.293 = 10.0.1.36 +IP.294 = 10.0.1.37 +IP.295 = 10.0.1.38 +IP.296 = 10.0.1.39 +IP.297 = 10.0.1.40 +IP.298 = 10.0.1.41 +IP.299 = 10.0.1.42 +IP.300 = 10.0.1.43 +IP.301 = 10.0.1.44 +IP.302 = 10.0.1.45 +IP.303 = 10.0.1.46 +IP.304 = 10.0.1.47 +IP.305 = 10.0.1.48 +IP.306 = 10.0.1.49 +IP.307 = 10.0.1.50 +IP.308 = 10.0.1.51 +IP.309 = 10.0.1.52 +IP.310 = 10.0.1.53 +IP.311 = 10.0.1.54 +IP.312 = 10.0.1.55 +IP.313 = 10.0.1.56 +IP.314 = 10.0.1.57 +IP.315 = 10.0.1.58 +IP.316 = 10.0.1.59 +IP.317 = 10.0.1.60 +IP.318 = 10.0.1.61 +IP.319 = 10.0.1.62 +IP.320 = 10.0.1.63 +IP.321 = 10.0.1.64 +IP.322 = 10.0.1.65 +IP.323 = 10.0.1.66 +IP.324 = 10.0.1.67 +IP.325 = 10.0.1.68 +IP.326 = 10.0.1.69 +IP.327 = 10.0.1.70 +IP.328 = 10.0.1.71 +IP.329 = 10.0.1.72 +IP.330 = 10.0.1.73 +IP.331 = 10.0.1.74 +IP.332 = 10.0.1.75 +IP.333 = 10.0.1.76 +IP.334 = 10.0.1.77 +IP.335 = 10.0.1.78 +IP.336 = 10.0.1.79 +IP.337 = 10.0.1.80 +IP.338 = 10.0.1.81 +IP.339 = 10.0.1.82 +IP.340 = 10.0.1.83 +IP.341 = 10.0.1.84 +dirName.1 = san_dirname1 +dirName.2 = san_dirname2 +dirName.3 = san_dirname3 +dirName.4 = san_dirname4 +dirName.5 = san_dirname5 +dirName.6 = san_dirname6 +dirName.7 = san_dirname7 +dirName.8 = san_dirname8 +dirName.9 = san_dirname9 +dirName.10 = san_dirname10 +dirName.11 = san_dirname11 +dirName.12 = san_dirname12 +dirName.13 = san_dirname13 +dirName.14 = san_dirname14 +dirName.15 = san_dirname15 +dirName.16 = san_dirname16 +dirName.17 = san_dirname17 +dirName.18 = san_dirname18 +dirName.19 = san_dirname19 +dirName.20 = san_dirname20 +dirName.21 = san_dirname21 +dirName.22 = san_dirname22 +dirName.23 = san_dirname23 +dirName.24 = san_dirname24 +dirName.25 = san_dirname25 +dirName.26 = san_dirname26 +dirName.27 = san_dirname27 +dirName.28 = san_dirname28 +dirName.29 = san_dirname29 +dirName.30 = san_dirname30 +dirName.31 = san_dirname31 +dirName.32 = san_dirname32 +dirName.33 = san_dirname33 +dirName.34 = san_dirname34 +dirName.35 = san_dirname35 +dirName.36 = san_dirname36 +dirName.37 = san_dirname37 +dirName.38 = san_dirname38 +dirName.39 = san_dirname39 +dirName.40 = san_dirname40 +dirName.41 = san_dirname41 +dirName.42 = san_dirname42 +dirName.43 = san_dirname43 +dirName.44 = san_dirname44 +dirName.45 = san_dirname45 +dirName.46 = san_dirname46 +dirName.47 = san_dirname47 +dirName.48 = san_dirname48 +dirName.49 = san_dirname49 +dirName.50 = san_dirname50 +dirName.51 = san_dirname51 +dirName.52 = san_dirname52 +dirName.53 = san_dirname53 +dirName.54 = san_dirname54 +dirName.55 = san_dirname55 +dirName.56 = san_dirname56 +dirName.57 = san_dirname57 +dirName.58 = san_dirname58 +dirName.59 = san_dirname59 +dirName.60 = san_dirname60 +dirName.61 = san_dirname61 +dirName.62 = san_dirname62 +dirName.63 = san_dirname63 +dirName.64 = san_dirname64 +dirName.65 = san_dirname65 +dirName.66 = san_dirname66 +dirName.67 = san_dirname67 +dirName.68 = san_dirname68 +dirName.69 = san_dirname69 +dirName.70 = san_dirname70 +dirName.71 = san_dirname71 +dirName.72 = san_dirname72 +dirName.73 = san_dirname73 +dirName.74 = san_dirname74 +dirName.75 = san_dirname75 +dirName.76 = san_dirname76 +dirName.77 = san_dirname77 +dirName.78 = san_dirname78 +dirName.79 = san_dirname79 +dirName.80 = san_dirname80 +dirName.81 = san_dirname81 +dirName.82 = san_dirname82 +dirName.83 = san_dirname83 +dirName.84 = san_dirname84 +dirName.85 = san_dirname85 +dirName.86 = san_dirname86 +dirName.87 = san_dirname87 +dirName.88 = san_dirname88 +dirName.89 = san_dirname89 +dirName.90 = san_dirname90 +dirName.91 = san_dirname91 +dirName.92 = san_dirname92 +dirName.93 = san_dirname93 +dirName.94 = san_dirname94 +dirName.95 = san_dirname95 +dirName.96 = san_dirname96 +dirName.97 = san_dirname97 +dirName.98 = san_dirname98 +dirName.99 = san_dirname99 +dirName.100 = san_dirname100 +dirName.101 = san_dirname101 +dirName.102 = san_dirname102 +dirName.103 = san_dirname103 +dirName.104 = san_dirname104 +dirName.105 = san_dirname105 +dirName.106 = san_dirname106 +dirName.107 = san_dirname107 +dirName.108 = san_dirname108 +dirName.109 = san_dirname109 +dirName.110 = san_dirname110 +dirName.111 = san_dirname111 +dirName.112 = san_dirname112 +dirName.113 = san_dirname113 +dirName.114 = san_dirname114 +dirName.115 = san_dirname115 +dirName.116 = san_dirname116 +dirName.117 = san_dirname117 +dirName.118 = san_dirname118 +dirName.119 = san_dirname119 +dirName.120 = san_dirname120 +dirName.121 = san_dirname121 +dirName.122 = san_dirname122 +dirName.123 = san_dirname123 +dirName.124 = san_dirname124 +dirName.125 = san_dirname125 +dirName.126 = san_dirname126 +dirName.127 = san_dirname127 +dirName.128 = san_dirname128 +dirName.129 = san_dirname129 +dirName.130 = san_dirname130 +dirName.131 = san_dirname131 +dirName.132 = san_dirname132 +dirName.133 = san_dirname133 +dirName.134 = san_dirname134 +dirName.135 = san_dirname135 +dirName.136 = san_dirname136 +dirName.137 = san_dirname137 +dirName.138 = san_dirname138 +dirName.139 = san_dirname139 +dirName.140 = san_dirname140 +dirName.141 = san_dirname141 +dirName.142 = san_dirname142 +dirName.143 = san_dirname143 +dirName.144 = san_dirname144 +dirName.145 = san_dirname145 +dirName.146 = san_dirname146 +dirName.147 = san_dirname147 +dirName.148 = san_dirname148 +dirName.149 = san_dirname149 +dirName.150 = san_dirname150 +dirName.151 = san_dirname151 +dirName.152 = san_dirname152 +dirName.153 = san_dirname153 +dirName.154 = san_dirname154 +dirName.155 = san_dirname155 +dirName.156 = san_dirname156 +dirName.157 = san_dirname157 +dirName.158 = san_dirname158 +dirName.159 = san_dirname159 +dirName.160 = san_dirname160 +dirName.161 = san_dirname161 +dirName.162 = san_dirname162 +dirName.163 = san_dirname163 +dirName.164 = san_dirname164 +dirName.165 = san_dirname165 +dirName.166 = san_dirname166 +dirName.167 = san_dirname167 +dirName.168 = san_dirname168 +dirName.169 = san_dirname169 +dirName.170 = san_dirname170 +dirName.171 = san_dirname171 +dirName.172 = san_dirname172 +dirName.173 = san_dirname173 +dirName.174 = san_dirname174 +dirName.175 = san_dirname175 +dirName.176 = san_dirname176 +dirName.177 = san_dirname177 +dirName.178 = san_dirname178 +dirName.179 = san_dirname179 +dirName.180 = san_dirname180 +dirName.181 = san_dirname181 +dirName.182 = san_dirname182 +dirName.183 = san_dirname183 +dirName.184 = san_dirname184 +dirName.185 = san_dirname185 +dirName.186 = san_dirname186 +dirName.187 = san_dirname187 +dirName.188 = san_dirname188 +dirName.189 = san_dirname189 +dirName.190 = san_dirname190 +dirName.191 = san_dirname191 +dirName.192 = san_dirname192 +dirName.193 = san_dirname193 +dirName.194 = san_dirname194 +dirName.195 = san_dirname195 +dirName.196 = san_dirname196 +dirName.197 = san_dirname197 +dirName.198 = san_dirname198 +dirName.199 = san_dirname199 +dirName.200 = san_dirname200 +dirName.201 = san_dirname201 +dirName.202 = san_dirname202 +dirName.203 = san_dirname203 +dirName.204 = san_dirname204 +dirName.205 = san_dirname205 +dirName.206 = san_dirname206 +dirName.207 = san_dirname207 +dirName.208 = san_dirname208 +dirName.209 = san_dirname209 +dirName.210 = san_dirname210 +dirName.211 = san_dirname211 +dirName.212 = san_dirname212 +dirName.213 = san_dirname213 +dirName.214 = san_dirname214 +dirName.215 = san_dirname215 +dirName.216 = san_dirname216 +dirName.217 = san_dirname217 +dirName.218 = san_dirname218 +dirName.219 = san_dirname219 +dirName.220 = san_dirname220 +dirName.221 = san_dirname221 +dirName.222 = san_dirname222 +dirName.223 = san_dirname223 +dirName.224 = san_dirname224 +dirName.225 = san_dirname225 +dirName.226 = san_dirname226 +dirName.227 = san_dirname227 +dirName.228 = san_dirname228 +dirName.229 = san_dirname229 +dirName.230 = san_dirname230 +dirName.231 = san_dirname231 +dirName.232 = san_dirname232 +dirName.233 = san_dirname233 +dirName.234 = san_dirname234 +dirName.235 = san_dirname235 +dirName.236 = san_dirname236 +dirName.237 = san_dirname237 +dirName.238 = san_dirname238 +dirName.239 = san_dirname239 +dirName.240 = san_dirname240 +dirName.241 = san_dirname241 +dirName.242 = san_dirname242 +dirName.243 = san_dirname243 +dirName.244 = san_dirname244 +dirName.245 = san_dirname245 +dirName.246 = san_dirname246 +dirName.247 = san_dirname247 +dirName.248 = san_dirname248 +dirName.249 = san_dirname249 +dirName.250 = san_dirname250 +dirName.251 = san_dirname251 +dirName.252 = san_dirname252 +dirName.253 = san_dirname253 +dirName.254 = san_dirname254 +dirName.255 = san_dirname255 +dirName.256 = san_dirname256 +dirName.257 = san_dirname257 +dirName.258 = san_dirname258 +dirName.259 = san_dirname259 +dirName.260 = san_dirname260 +dirName.261 = san_dirname261 +dirName.262 = san_dirname262 +dirName.263 = san_dirname263 +dirName.264 = san_dirname264 +dirName.265 = san_dirname265 +dirName.266 = san_dirname266 +dirName.267 = san_dirname267 +dirName.268 = san_dirname268 +dirName.269 = san_dirname269 +dirName.270 = san_dirname270 +dirName.271 = san_dirname271 +dirName.272 = san_dirname272 +dirName.273 = san_dirname273 +dirName.274 = san_dirname274 +dirName.275 = san_dirname275 +dirName.276 = san_dirname276 +dirName.277 = san_dirname277 +dirName.278 = san_dirname278 +dirName.279 = san_dirname279 +dirName.280 = san_dirname280 +dirName.281 = san_dirname281 +dirName.282 = san_dirname282 +dirName.283 = san_dirname283 +dirName.284 = san_dirname284 +dirName.285 = san_dirname285 +dirName.286 = san_dirname286 +dirName.287 = san_dirname287 +dirName.288 = san_dirname288 +dirName.289 = san_dirname289 +dirName.290 = san_dirname290 +dirName.291 = san_dirname291 +dirName.292 = san_dirname292 +dirName.293 = san_dirname293 +dirName.294 = san_dirname294 +dirName.295 = san_dirname295 +dirName.296 = san_dirname296 +dirName.297 = san_dirname297 +dirName.298 = san_dirname298 +dirName.299 = san_dirname299 +dirName.300 = san_dirname300 +dirName.301 = san_dirname301 +dirName.302 = san_dirname302 +dirName.303 = san_dirname303 +dirName.304 = san_dirname304 +dirName.305 = san_dirname305 +dirName.306 = san_dirname306 +dirName.307 = san_dirname307 +dirName.308 = san_dirname308 +dirName.309 = san_dirname309 +dirName.310 = san_dirname310 +dirName.311 = san_dirname311 +dirName.312 = san_dirname312 +dirName.313 = san_dirname313 +dirName.314 = san_dirname314 +dirName.315 = san_dirname315 +dirName.316 = san_dirname316 +dirName.317 = san_dirname317 +dirName.318 = san_dirname318 +dirName.319 = san_dirname319 +dirName.320 = san_dirname320 +dirName.321 = san_dirname321 +dirName.322 = san_dirname322 +dirName.323 = san_dirname323 +dirName.324 = san_dirname324 +dirName.325 = san_dirname325 +dirName.326 = san_dirname326 +dirName.327 = san_dirname327 +dirName.328 = san_dirname328 +dirName.329 = san_dirname329 +dirName.330 = san_dirname330 +dirName.331 = san_dirname331 +dirName.332 = san_dirname332 +dirName.333 = san_dirname333 +dirName.334 = san_dirname334 +dirName.335 = san_dirname335 +dirName.336 = san_dirname336 +dirName.337 = san_dirname337 +dirName.338 = san_dirname338 +dirName.339 = san_dirname339 +dirName.340 = san_dirname340 +dirName.341 = san_dirname341 +dirName.342 = san_dirname342 +URI.1 = http://test/0 +URI.2 = http://test/1 +URI.3 = http://test/2 +URI.4 = http://test/3 +URI.5 = http://test/4 +URI.6 = http://test/5 +URI.7 = http://test/6 +URI.8 = http://test/7 +URI.9 = http://test/8 +URI.10 = http://test/9 +URI.11 = http://test/10 +URI.12 = http://test/11 +URI.13 = http://test/12 +URI.14 = http://test/13 +URI.15 = http://test/14 +URI.16 = http://test/15 +URI.17 = http://test/16 +URI.18 = http://test/17 +URI.19 = http://test/18 +URI.20 = http://test/19 +URI.21 = http://test/20 +URI.22 = http://test/21 +URI.23 = http://test/22 +URI.24 = http://test/23 +URI.25 = http://test/24 +URI.26 = http://test/25 +URI.27 = http://test/26 +URI.28 = http://test/27 +URI.29 = http://test/28 +URI.30 = http://test/29 +URI.31 = http://test/30 +URI.32 = http://test/31 +URI.33 = http://test/32 +URI.34 = http://test/33 +URI.35 = http://test/34 +URI.36 = http://test/35 +URI.37 = http://test/36 +URI.38 = http://test/37 +URI.39 = http://test/38 +URI.40 = http://test/39 +URI.41 = http://test/40 +URI.42 = http://test/41 +URI.43 = http://test/42 +URI.44 = http://test/43 +URI.45 = http://test/44 +URI.46 = http://test/45 +URI.47 = http://test/46 +URI.48 = http://test/47 +URI.49 = http://test/48 +URI.50 = http://test/49 +URI.51 = http://test/50 +URI.52 = http://test/51 +URI.53 = http://test/52 +URI.54 = http://test/53 +URI.55 = http://test/54 +URI.56 = http://test/55 +URI.57 = http://test/56 +URI.58 = http://test/57 +URI.59 = http://test/58 +URI.60 = http://test/59 +URI.61 = http://test/60 +URI.62 = http://test/61 +URI.63 = http://test/62 +URI.64 = http://test/63 +URI.65 = http://test/64 +URI.66 = http://test/65 +URI.67 = http://test/66 +URI.68 = http://test/67 +URI.69 = http://test/68 +URI.70 = http://test/69 +URI.71 = http://test/70 +URI.72 = http://test/71 +URI.73 = http://test/72 +URI.74 = http://test/73 +URI.75 = http://test/74 +URI.76 = http://test/75 +URI.77 = http://test/76 +URI.78 = http://test/77 +URI.79 = http://test/78 +URI.80 = http://test/79 +URI.81 = http://test/80 +URI.82 = http://test/81 +URI.83 = http://test/82 +URI.84 = http://test/83 +URI.85 = http://test/84 +URI.86 = http://test/85 +URI.87 = http://test/86 +URI.88 = http://test/87 +URI.89 = http://test/88 +URI.90 = http://test/89 +URI.91 = http://test/90 +URI.92 = http://test/91 +URI.93 = http://test/92 +URI.94 = http://test/93 +URI.95 = http://test/94 +URI.96 = http://test/95 +URI.97 = http://test/96 +URI.98 = http://test/97 +URI.99 = http://test/98 +URI.100 = http://test/99 +URI.101 = http://test/100 +URI.102 = http://test/101 +URI.103 = http://test/102 +URI.104 = http://test/103 +URI.105 = http://test/104 +URI.106 = http://test/105 +URI.107 = http://test/106 +URI.108 = http://test/107 +URI.109 = http://test/108 +URI.110 = http://test/109 +URI.111 = http://test/110 +URI.112 = http://test/111 +URI.113 = http://test/112 +URI.114 = http://test/113 +URI.115 = http://test/114 +URI.116 = http://test/115 +URI.117 = http://test/116 +URI.118 = http://test/117 +URI.119 = http://test/118 +URI.120 = http://test/119 +URI.121 = http://test/120 +URI.122 = http://test/121 +URI.123 = http://test/122 +URI.124 = http://test/123 +URI.125 = http://test/124 +URI.126 = http://test/125 +URI.127 = http://test/126 +URI.128 = http://test/127 +URI.129 = http://test/128 +URI.130 = http://test/129 +URI.131 = http://test/130 +URI.132 = http://test/131 +URI.133 = http://test/132 +URI.134 = http://test/133 +URI.135 = http://test/134 +URI.136 = http://test/135 +URI.137 = http://test/136 +URI.138 = http://test/137 +URI.139 = http://test/138 +URI.140 = http://test/139 +URI.141 = http://test/140 +URI.142 = http://test/141 +URI.143 = http://test/142 +URI.144 = http://test/143 +URI.145 = http://test/144 +URI.146 = http://test/145 +URI.147 = http://test/146 +URI.148 = http://test/147 +URI.149 = http://test/148 +URI.150 = http://test/149 +URI.151 = http://test/150 +URI.152 = http://test/151 +URI.153 = http://test/152 +URI.154 = http://test/153 +URI.155 = http://test/154 +URI.156 = http://test/155 +URI.157 = http://test/156 +URI.158 = http://test/157 +URI.159 = http://test/158 +URI.160 = http://test/159 +URI.161 = http://test/160 +URI.162 = http://test/161 +URI.163 = http://test/162 +URI.164 = http://test/163 +URI.165 = http://test/164 +URI.166 = http://test/165 +URI.167 = http://test/166 +URI.168 = http://test/167 +URI.169 = http://test/168 +URI.170 = http://test/169 +URI.171 = http://test/170 +URI.172 = http://test/171 +URI.173 = http://test/172 +URI.174 = http://test/173 +URI.175 = http://test/174 +URI.176 = http://test/175 +URI.177 = http://test/176 +URI.178 = http://test/177 +URI.179 = http://test/178 +URI.180 = http://test/179 +URI.181 = http://test/180 +URI.182 = http://test/181 +URI.183 = http://test/182 +URI.184 = http://test/183 +URI.185 = http://test/184 +URI.186 = http://test/185 +URI.187 = http://test/186 +URI.188 = http://test/187 +URI.189 = http://test/188 +URI.190 = http://test/189 +URI.191 = http://test/190 +URI.192 = http://test/191 +URI.193 = http://test/192 +URI.194 = http://test/193 +URI.195 = http://test/194 +URI.196 = http://test/195 +URI.197 = http://test/196 +URI.198 = http://test/197 +URI.199 = http://test/198 +URI.200 = http://test/199 +URI.201 = http://test/200 +URI.202 = http://test/201 +URI.203 = http://test/202 +URI.204 = http://test/203 +URI.205 = http://test/204 +URI.206 = http://test/205 +URI.207 = http://test/206 +URI.208 = http://test/207 +URI.209 = http://test/208 +URI.210 = http://test/209 +URI.211 = http://test/210 +URI.212 = http://test/211 +URI.213 = http://test/212 +URI.214 = http://test/213 +URI.215 = http://test/214 +URI.216 = http://test/215 +URI.217 = http://test/216 +URI.218 = http://test/217 +URI.219 = http://test/218 +URI.220 = http://test/219 +URI.221 = http://test/220 +URI.222 = http://test/221 +URI.223 = http://test/222 +URI.224 = http://test/223 +URI.225 = http://test/224 +URI.226 = http://test/225 +URI.227 = http://test/226 +URI.228 = http://test/227 +URI.229 = http://test/228 +URI.230 = http://test/229 +URI.231 = http://test/230 +URI.232 = http://test/231 +URI.233 = http://test/232 +URI.234 = http://test/233 +URI.235 = http://test/234 +URI.236 = http://test/235 +URI.237 = http://test/236 +URI.238 = http://test/237 +URI.239 = http://test/238 +URI.240 = http://test/239 +URI.241 = http://test/240 +URI.242 = http://test/241 +URI.243 = http://test/242 +URI.244 = http://test/243 +URI.245 = http://test/244 +URI.246 = http://test/245 +URI.247 = http://test/246 +URI.248 = http://test/247 +URI.249 = http://test/248 +URI.250 = http://test/249 +URI.251 = http://test/250 +URI.252 = http://test/251 +URI.253 = http://test/252 +URI.254 = http://test/253 +URI.255 = http://test/254 +URI.256 = http://test/255 +URI.257 = http://test/256 +URI.258 = http://test/257 +URI.259 = http://test/258 +URI.260 = http://test/259 +URI.261 = http://test/260 +URI.262 = http://test/261 +URI.263 = http://test/262 +URI.264 = http://test/263 +URI.265 = http://test/264 +URI.266 = http://test/265 +URI.267 = http://test/266 +URI.268 = http://test/267 +URI.269 = http://test/268 +URI.270 = http://test/269 +URI.271 = http://test/270 +URI.272 = http://test/271 +URI.273 = http://test/272 +URI.274 = http://test/273 +URI.275 = http://test/274 +URI.276 = http://test/275 +URI.277 = http://test/276 +URI.278 = http://test/277 +URI.279 = http://test/278 +URI.280 = http://test/279 +URI.281 = http://test/280 +URI.282 = http://test/281 +URI.283 = http://test/282 +URI.284 = http://test/283 +URI.285 = http://test/284 +URI.286 = http://test/285 +URI.287 = http://test/286 +URI.288 = http://test/287 +URI.289 = http://test/288 +URI.290 = http://test/289 +URI.291 = http://test/290 +URI.292 = http://test/291 +URI.293 = http://test/292 +URI.294 = http://test/293 +URI.295 = http://test/294 +URI.296 = http://test/295 +URI.297 = http://test/296 +URI.298 = http://test/297 +URI.299 = http://test/298 +URI.300 = http://test/299 +URI.301 = http://test/300 +URI.302 = http://test/301 +URI.303 = http://test/302 +URI.304 = http://test/303 +URI.305 = http://test/304 +URI.306 = http://test/305 +URI.307 = http://test/306 +URI.308 = http://test/307 +URI.309 = http://test/308 +URI.310 = http://test/309 +URI.311 = http://test/310 +URI.312 = http://test/311 +URI.313 = http://test/312 +URI.314 = http://test/313 +URI.315 = http://test/314 +URI.316 = http://test/315 +URI.317 = http://test/316 +URI.318 = http://test/317 +URI.319 = http://test/318 +URI.320 = http://test/319 +URI.321 = http://test/320 +URI.322 = http://test/321 +URI.323 = http://test/322 +URI.324 = http://test/323 +URI.325 = http://test/324 +URI.326 = http://test/325 +URI.327 = http://test/326 +URI.328 = http://test/327 +URI.329 = http://test/328 +URI.330 = http://test/329 +URI.331 = http://test/330 +URI.332 = http://test/331 +URI.333 = http://test/332 +URI.334 = http://test/333 +URI.335 = http://test/334 +URI.336 = http://test/335 +URI.337 = http://test/336 +URI.338 = http://test/337 +URI.339 = http://test/338 +URI.340 = http://test/339 +URI.341 = http://test/340 +URI.342 = http://test/341 +URI.343 = http://test/342 +URI.344 = http://test/343 +URI.345 = http://test/344 +URI.346 = http://test/345 +URI.347 = http://test/346 +URI.348 = http://test/347 +URI.349 = http://test/348 +URI.350 = http://test/349 +URI.351 = http://test/350 +URI.352 = http://test/351 +URI.353 = http://test/352 +URI.354 = http://test/353 +URI.355 = http://test/354 +URI.356 = http://test/355 +URI.357 = http://test/356 +URI.358 = http://test/357 +URI.359 = http://test/358 +URI.360 = http://test/359 +URI.361 = http://test/360 +URI.362 = http://test/361 +URI.363 = http://test/362 +URI.364 = http://test/363 +URI.365 = http://test/364 +URI.366 = http://test/365 +URI.367 = http://test/366 +URI.368 = http://test/367 +URI.369 = http://test/368 +URI.370 = http://test/369 +URI.371 = http://test/370 +URI.372 = http://test/371 +URI.373 = http://test/372 +URI.374 = http://test/373 +URI.375 = http://test/374 +URI.376 = http://test/375 +URI.377 = http://test/376 +URI.378 = http://test/377 +URI.379 = http://test/378 +URI.380 = http://test/379 +URI.381 = http://test/380 +URI.382 = http://test/381 +URI.383 = http://test/382 +URI.384 = http://test/383 +URI.385 = http://test/384 +URI.386 = http://test/385 +URI.387 = http://test/386 +URI.388 = http://test/387 +URI.389 = http://test/388 +URI.390 = http://test/389 +URI.391 = http://test/390 +URI.392 = http://test/391 +URI.393 = http://test/392 +URI.394 = http://test/393 +URI.395 = http://test/394 +URI.396 = http://test/395 +URI.397 = http://test/396 +URI.398 = http://test/397 +URI.399 = http://test/398 +URI.400 = http://test/399 +URI.401 = http://test/400 +URI.402 = http://test/401 +URI.403 = http://test/402 +URI.404 = http://test/403 +URI.405 = http://test/404 +URI.406 = http://test/405 +URI.407 = http://test/406 +URI.408 = http://test/407 +URI.409 = http://test/408 +URI.410 = http://test/409 +URI.411 = http://test/410 +URI.412 = http://test/411 +URI.413 = http://test/412 +URI.414 = http://test/413 +URI.415 = http://test/414 +URI.416 = http://test/415 +URI.417 = http://test/416 +URI.418 = http://test/417 +URI.419 = http://test/418 +URI.420 = http://test/419 +URI.421 = http://test/420 +URI.422 = http://test/421 +URI.423 = http://test/422 +URI.424 = http://test/423 +URI.425 = http://test/424 +URI.426 = http://test/425 +URI.427 = http://test/426 +URI.428 = http://test/427 +URI.429 = http://test/428 +URI.430 = http://test/429 +URI.431 = http://test/430 +URI.432 = http://test/431 +URI.433 = http://test/432 +URI.434 = http://test/433 +URI.435 = http://test/434 +URI.436 = http://test/435 +URI.437 = http://test/436 +URI.438 = http://test/437 +URI.439 = http://test/438 +URI.440 = http://test/439 +URI.441 = http://test/440 +URI.442 = http://test/441 +URI.443 = http://test/442 +URI.444 = http://test/443 +URI.445 = http://test/444 +URI.446 = http://test/445 +URI.447 = http://test/446 +URI.448 = http://test/447 +URI.449 = http://test/448 +URI.450 = http://test/449 +URI.451 = http://test/450 +URI.452 = http://test/451 +URI.453 = http://test/452 +URI.454 = http://test/453 +URI.455 = http://test/454 +URI.456 = http://test/455 +URI.457 = http://test/456 +URI.458 = http://test/457 +URI.459 = http://test/458 +URI.460 = http://test/459 +URI.461 = http://test/460 +URI.462 = http://test/461 +URI.463 = http://test/462 +URI.464 = http://test/463 +URI.465 = http://test/464 +URI.466 = http://test/465 +URI.467 = http://test/466 +URI.468 = http://test/467 +URI.469 = http://test/468 +URI.470 = http://test/469 +URI.471 = http://test/470 +URI.472 = http://test/471 +URI.473 = http://test/472 +URI.474 = http://test/473 +URI.475 = http://test/474 +URI.476 = http://test/475 +URI.477 = http://test/476 +URI.478 = http://test/477 +URI.479 = http://test/478 +URI.480 = http://test/479 +URI.481 = http://test/480 +URI.482 = http://test/481 +URI.483 = http://test/482 +URI.484 = http://test/483 +URI.485 = http://test/484 +URI.486 = http://test/485 +URI.487 = http://test/486 +URI.488 = http://test/487 +URI.489 = http://test/488 +URI.490 = http://test/489 +URI.491 = http://test/490 +URI.492 = http://test/491 +URI.493 = http://test/492 +URI.494 = http://test/493 +URI.495 = http://test/494 +URI.496 = http://test/495 +URI.497 = http://test/496 +URI.498 = http://test/497 +URI.499 = http://test/498 +URI.500 = http://test/499 +URI.501 = http://test/500 +URI.502 = http://test/501 +URI.503 = http://test/502 +URI.504 = http://test/503 +URI.505 = http://test/504 +URI.506 = http://test/505 +URI.507 = http://test/506 +URI.508 = http://test/507 +URI.509 = http://test/508 +URI.510 = http://test/509 +URI.511 = http://test/510 +URI.512 = http://test/511 +URI.513 = http://test/512 +URI.514 = http://test/513 +URI.515 = http://test/514 +URI.516 = http://test/515 +URI.517 = http://test/516 +URI.518 = http://test/517 +URI.519 = http://test/518 +URI.520 = http://test/519 +URI.521 = http://test/520 +URI.522 = http://test/521 +URI.523 = http://test/522 +URI.524 = http://test/523 +URI.525 = http://test/524 +URI.526 = http://test/525 +URI.527 = http://test/526 +URI.528 = http://test/527 +URI.529 = http://test/528 +URI.530 = http://test/529 +URI.531 = http://test/530 +URI.532 = http://test/531 +URI.533 = http://test/532 +URI.534 = http://test/533 +URI.535 = http://test/534 +URI.536 = http://test/535 +URI.537 = http://test/536 +URI.538 = http://test/537 +URI.539 = http://test/538 +URI.540 = http://test/539 +URI.541 = http://test/540 +URI.542 = http://test/541 +URI.543 = http://test/542 +URI.544 = http://test/543 +URI.545 = http://test/544 +URI.546 = http://test/545 +URI.547 = http://test/546 +URI.548 = http://test/547 +URI.549 = http://test/548 +URI.550 = http://test/549 +URI.551 = http://test/550 +URI.552 = http://test/551 +URI.553 = http://test/552 +URI.554 = http://test/553 +URI.555 = http://test/554 +URI.556 = http://test/555 +URI.557 = http://test/556 +URI.558 = http://test/557 +URI.559 = http://test/558 +URI.560 = http://test/559 +URI.561 = http://test/560 +URI.562 = http://test/561 +URI.563 = http://test/562 +URI.564 = http://test/563 +URI.565 = http://test/564 +URI.566 = http://test/565 +URI.567 = http://test/566 +URI.568 = http://test/567 +URI.569 = http://test/568 +URI.570 = http://test/569 +URI.571 = http://test/570 +URI.572 = http://test/571 +URI.573 = http://test/572 +URI.574 = http://test/573 +URI.575 = http://test/574 +URI.576 = http://test/575 +URI.577 = http://test/576 +URI.578 = http://test/577 +URI.579 = http://test/578 +URI.580 = http://test/579 +URI.581 = http://test/580 +URI.582 = http://test/581 +URI.583 = http://test/582 +URI.584 = http://test/583 +URI.585 = http://test/584 +URI.586 = http://test/585 +URI.587 = http://test/586 +URI.588 = http://test/587 +URI.589 = http://test/588 +URI.590 = http://test/589 +URI.591 = http://test/590 +URI.592 = http://test/591 +URI.593 = http://test/592 +URI.594 = http://test/593 +URI.595 = http://test/594 +URI.596 = http://test/595 +URI.597 = http://test/596 +URI.598 = http://test/597 +URI.599 = http://test/598 +URI.600 = http://test/599 +URI.601 = http://test/600 +URI.602 = http://test/601 +URI.603 = http://test/602 +URI.604 = http://test/603 +URI.605 = http://test/604 +URI.606 = http://test/605 +URI.607 = http://test/606 +URI.608 = http://test/607 +URI.609 = http://test/608 +URI.610 = http://test/609 +URI.611 = http://test/610 +URI.612 = http://test/611 +URI.613 = http://test/612 +URI.614 = http://test/613 +URI.615 = http://test/614 +URI.616 = http://test/615 +URI.617 = http://test/616 +URI.618 = http://test/617 +URI.619 = http://test/618 +URI.620 = http://test/619 +URI.621 = http://test/620 +URI.622 = http://test/621 +URI.623 = http://test/622 +URI.624 = http://test/623 +URI.625 = http://test/624 +URI.626 = http://test/625 +URI.627 = http://test/626 +URI.628 = http://test/627 +URI.629 = http://test/628 +URI.630 = http://test/629 +URI.631 = http://test/630 +URI.632 = http://test/631 +URI.633 = http://test/632 +URI.634 = http://test/633 +URI.635 = http://test/634 +URI.636 = http://test/635 +URI.637 = http://test/636 +URI.638 = http://test/637 +URI.639 = http://test/638 +URI.640 = http://test/639 +URI.641 = http://test/640 +URI.642 = http://test/641 +URI.643 = http://test/642 +URI.644 = http://test/643 +URI.645 = http://test/644 +URI.646 = http://test/645 +URI.647 = http://test/646 +URI.648 = http://test/647 +URI.649 = http://test/648 +URI.650 = http://test/649 +URI.651 = http://test/650 +URI.652 = http://test/651 +URI.653 = http://test/652 +URI.654 = http://test/653 +URI.655 = http://test/654 +URI.656 = http://test/655 +URI.657 = http://test/656 +URI.658 = http://test/657 +URI.659 = http://test/658 +URI.660 = http://test/659 +URI.661 = http://test/660 +URI.662 = http://test/661 +URI.663 = http://test/662 +URI.664 = http://test/663 +URI.665 = http://test/664 +URI.666 = http://test/665 +URI.667 = http://test/666 +URI.668 = http://test/667 +URI.669 = http://test/668 +URI.670 = http://test/669 +URI.671 = http://test/670 +URI.672 = http://test/671 +URI.673 = http://test/672 +URI.674 = http://test/673 +URI.675 = http://test/674 +URI.676 = http://test/675 +URI.677 = http://test/676 +URI.678 = http://test/677 +URI.679 = http://test/678 +URI.680 = http://test/679 +URI.681 = http://test/680 +URI.682 = http://test/681 +URI.683 = http://test/682 +URI.684 = http://test/683 +URI.685 = http://test/684 +URI.686 = http://test/685 +URI.687 = http://test/686 +URI.688 = http://test/687 +URI.689 = http://test/688 +URI.690 = http://test/689 +URI.691 = http://test/690 +URI.692 = http://test/691 +URI.693 = http://test/692 +URI.694 = http://test/693 +URI.695 = http://test/694 +URI.696 = http://test/695 +URI.697 = http://test/696 +URI.698 = http://test/697 +URI.699 = http://test/698 +URI.700 = http://test/699 +URI.701 = http://test/700 +URI.702 = http://test/701 +URI.703 = http://test/702 +URI.704 = http://test/703 +URI.705 = http://test/704 +URI.706 = http://test/705 +URI.707 = http://test/706 +URI.708 = http://test/707 +URI.709 = http://test/708 +URI.710 = http://test/709 +URI.711 = http://test/710 +URI.712 = http://test/711 +URI.713 = http://test/712 +URI.714 = http://test/713 +URI.715 = http://test/714 +URI.716 = http://test/715 +URI.717 = http://test/716 +URI.718 = http://test/717 +URI.719 = http://test/718 +URI.720 = http://test/719 +URI.721 = http://test/720 +URI.722 = http://test/721 +URI.723 = http://test/722 +URI.724 = http://test/723 +URI.725 = http://test/724 +URI.726 = http://test/725 +URI.727 = http://test/726 +URI.728 = http://test/727 +URI.729 = http://test/728 +URI.730 = http://test/729 +URI.731 = http://test/730 +URI.732 = http://test/731 +URI.733 = http://test/732 +URI.734 = http://test/733 +URI.735 = http://test/734 +URI.736 = http://test/735 +URI.737 = http://test/736 +URI.738 = http://test/737 +URI.739 = http://test/738 +URI.740 = http://test/739 +URI.741 = http://test/740 +URI.742 = http://test/741 +URI.743 = http://test/742 +URI.744 = http://test/743 +URI.745 = http://test/744 +URI.746 = http://test/745 +URI.747 = http://test/746 +URI.748 = http://test/747 +URI.749 = http://test/748 +URI.750 = http://test/749 +URI.751 = http://test/750 +URI.752 = http://test/751 +URI.753 = http://test/752 +URI.754 = http://test/753 +URI.755 = http://test/754 +URI.756 = http://test/755 +URI.757 = http://test/756 +URI.758 = http://test/757 +URI.759 = http://test/758 +URI.760 = http://test/759 +URI.761 = http://test/760 +URI.762 = http://test/761 +URI.763 = http://test/762 +URI.764 = http://test/763 +URI.765 = http://test/764 +URI.766 = http://test/765 +URI.767 = http://test/766 +URI.768 = http://test/767 +URI.769 = http://test/768 +URI.770 = http://test/769 +URI.771 = http://test/770 +URI.772 = http://test/771 +URI.773 = http://test/772 +URI.774 = http://test/773 +URI.775 = http://test/774 +URI.776 = http://test/775 +URI.777 = http://test/776 +URI.778 = http://test/777 +URI.779 = http://test/778 +URI.780 = http://test/779 +URI.781 = http://test/780 +URI.782 = http://test/781 +URI.783 = http://test/782 +URI.784 = http://test/783 +URI.785 = http://test/784 +URI.786 = http://test/785 +URI.787 = http://test/786 +URI.788 = http://test/787 +URI.789 = http://test/788 +URI.790 = http://test/789 +URI.791 = http://test/790 +URI.792 = http://test/791 +URI.793 = http://test/792 +URI.794 = http://test/793 +URI.795 = http://test/794 +URI.796 = http://test/795 +URI.797 = http://test/796 +URI.798 = http://test/797 +URI.799 = http://test/798 +URI.800 = http://test/799 +URI.801 = http://test/800 +URI.802 = http://test/801 +URI.803 = http://test/802 +URI.804 = http://test/803 +URI.805 = http://test/804 +URI.806 = http://test/805 +URI.807 = http://test/806 +URI.808 = http://test/807 +URI.809 = http://test/808 +URI.810 = http://test/809 +URI.811 = http://test/810 +URI.812 = http://test/811 +URI.813 = http://test/812 +URI.814 = http://test/813 +URI.815 = http://test/814 +URI.816 = http://test/815 +URI.817 = http://test/816 +URI.818 = http://test/817 +URI.819 = http://test/818 +URI.820 = http://test/819 +URI.821 = http://test/820 +URI.822 = http://test/821 +URI.823 = http://test/822 +URI.824 = http://test/823 +URI.825 = http://test/824 +URI.826 = http://test/825 +URI.827 = http://test/826 +URI.828 = http://test/827 +URI.829 = http://test/828 +URI.830 = http://test/829 +URI.831 = http://test/830 +URI.832 = http://test/831 +URI.833 = http://test/832 +URI.834 = http://test/833 +URI.835 = http://test/834 +URI.836 = http://test/835 +URI.837 = http://test/836 +URI.838 = http://test/837 +URI.839 = http://test/838 +URI.840 = http://test/839 +URI.841 = http://test/840 +URI.842 = http://test/841 +URI.843 = http://test/842 +URI.844 = http://test/843 +URI.845 = http://test/844 +URI.846 = http://test/845 +URI.847 = http://test/846 +URI.848 = http://test/847 +URI.849 = http://test/848 +URI.850 = http://test/849 +URI.851 = http://test/850 +URI.852 = http://test/851 +URI.853 = http://test/852 +URI.854 = http://test/853 +URI.855 = http://test/854 +URI.856 = http://test/855 +URI.857 = http://test/856 +URI.858 = http://test/857 +URI.859 = http://test/858 +URI.860 = http://test/859 +URI.861 = http://test/860 +URI.862 = http://test/861 +URI.863 = http://test/862 +URI.864 = http://test/863 +URI.865 = http://test/864 +URI.866 = http://test/865 +URI.867 = http://test/866 +URI.868 = http://test/867 +URI.869 = http://test/868 +URI.870 = http://test/869 +URI.871 = http://test/870 +URI.872 = http://test/871 +URI.873 = http://test/872 +URI.874 = http://test/873 +URI.875 = http://test/874 +URI.876 = http://test/875 +URI.877 = http://test/876 +URI.878 = http://test/877 +URI.879 = http://test/878 +URI.880 = http://test/879 +URI.881 = http://test/880 +URI.882 = http://test/881 +URI.883 = http://test/882 +URI.884 = http://test/883 +URI.885 = http://test/884 +URI.886 = http://test/885 +URI.887 = http://test/886 +URI.888 = http://test/887 +URI.889 = http://test/888 +URI.890 = http://test/889 +URI.891 = http://test/890 +URI.892 = http://test/891 +URI.893 = http://test/892 +URI.894 = http://test/893 +URI.895 = http://test/894 +URI.896 = http://test/895 +URI.897 = http://test/896 +URI.898 = http://test/897 +URI.899 = http://test/898 +URI.900 = http://test/899 +URI.901 = http://test/900 +URI.902 = http://test/901 +URI.903 = http://test/902 +URI.904 = http://test/903 +URI.905 = http://test/904 +URI.906 = http://test/905 +URI.907 = http://test/906 +URI.908 = http://test/907 +URI.909 = http://test/908 +URI.910 = http://test/909 +URI.911 = http://test/910 +URI.912 = http://test/911 +URI.913 = http://test/912 +URI.914 = http://test/913 +URI.915 = http://test/914 +URI.916 = http://test/915 +URI.917 = http://test/916 +URI.918 = http://test/917 +URI.919 = http://test/918 +URI.920 = http://test/919 +URI.921 = http://test/920 +URI.922 = http://test/921 +URI.923 = http://test/922 +URI.924 = http://test/923 +URI.925 = http://test/924 +URI.926 = http://test/925 +URI.927 = http://test/926 +URI.928 = http://test/927 +URI.929 = http://test/928 +URI.930 = http://test/929 +URI.931 = http://test/930 +URI.932 = http://test/931 +URI.933 = http://test/932 +URI.934 = http://test/933 +URI.935 = http://test/934 +URI.936 = http://test/935 +URI.937 = http://test/936 +URI.938 = http://test/937 +URI.939 = http://test/938 +URI.940 = http://test/939 +URI.941 = http://test/940 +URI.942 = http://test/941 +URI.943 = http://test/942 +URI.944 = http://test/943 +URI.945 = http://test/944 +URI.946 = http://test/945 +URI.947 = http://test/946 +URI.948 = http://test/947 +URI.949 = http://test/948 +URI.950 = http://test/949 +URI.951 = http://test/950 +URI.952 = http://test/951 +URI.953 = http://test/952 +URI.954 = http://test/953 +URI.955 = http://test/954 +URI.956 = http://test/955 +URI.957 = http://test/956 +URI.958 = http://test/957 +URI.959 = http://test/958 +URI.960 = http://test/959 +URI.961 = http://test/960 +URI.962 = http://test/961 +URI.963 = http://test/962 +URI.964 = http://test/963 +URI.965 = http://test/964 +URI.966 = http://test/965 +URI.967 = http://test/966 +URI.968 = http://test/967 +URI.969 = http://test/968 +URI.970 = http://test/969 +URI.971 = http://test/970 +URI.972 = http://test/971 +URI.973 = http://test/972 +URI.974 = http://test/973 +URI.975 = http://test/974 +URI.976 = http://test/975 +URI.977 = http://test/976 +URI.978 = http://test/977 +URI.979 = http://test/978 +URI.980 = http://test/979 +URI.981 = http://test/980 +URI.982 = http://test/981 +URI.983 = http://test/982 +URI.984 = http://test/983 +URI.985 = http://test/984 +URI.986 = http://test/985 +URI.987 = http://test/986 +URI.988 = http://test/987 +URI.989 = http://test/988 +URI.990 = http://test/989 +URI.991 = http://test/990 +URI.992 = http://test/991 +URI.993 = http://test/992 +URI.994 = http://test/993 +URI.995 = http://test/994 +URI.996 = http://test/995 +URI.997 = http://test/996 +URI.998 = http://test/997 +URI.999 = http://test/998 +URI.1000 = http://test/999 +URI.1001 = http://test/1000 +URI.1002 = http://test/1001 +URI.1003 = http://test/1002 +URI.1004 = http://test/1003 +URI.1005 = http://test/1004 +URI.1006 = http://test/1005 +URI.1007 = http://test/1006 +URI.1008 = http://test/1007 +URI.1009 = http://test/1008 +URI.1010 = http://test/1009 +URI.1011 = http://test/1010 +URI.1012 = http://test/1011 +URI.1013 = http://test/1012 +URI.1014 = http://test/1013 +URI.1015 = http://test/1014 +URI.1016 = http://test/1015 +URI.1017 = http://test/1016 +URI.1018 = http://test/1017 +URI.1019 = http://test/1018 +URI.1020 = http://test/1019 +URI.1021 = http://test/1020 +URI.1022 = http://test/1021 +URI.1023 = http://test/1022 +URI.1024 = http://test/1023 +URI.1025 = http://test/1024 + +[san_dirname1] +commonName = "t0 + +[san_dirname2] +commonName = "t1 + +[san_dirname3] +commonName = "t2 + +[san_dirname4] +commonName = "t3 + +[san_dirname5] +commonName = "t4 + +[san_dirname6] +commonName = "t5 + +[san_dirname7] +commonName = "t6 + +[san_dirname8] +commonName = "t7 + +[san_dirname9] +commonName = "t8 + +[san_dirname10] +commonName = "t9 + +[san_dirname11] +commonName = "t10 + +[san_dirname12] +commonName = "t11 + +[san_dirname13] +commonName = "t12 + +[san_dirname14] +commonName = "t13 + +[san_dirname15] +commonName = "t14 + +[san_dirname16] +commonName = "t15 + +[san_dirname17] +commonName = "t16 + +[san_dirname18] +commonName = "t17 + +[san_dirname19] +commonName = "t18 + +[san_dirname20] +commonName = "t19 + +[san_dirname21] +commonName = "t20 + +[san_dirname22] +commonName = "t21 + +[san_dirname23] +commonName = "t22 + +[san_dirname24] +commonName = "t23 + +[san_dirname25] +commonName = "t24 + +[san_dirname26] +commonName = "t25 + +[san_dirname27] +commonName = "t26 + +[san_dirname28] +commonName = "t27 + +[san_dirname29] +commonName = "t28 + +[san_dirname30] +commonName = "t29 + +[san_dirname31] +commonName = "t30 + +[san_dirname32] +commonName = "t31 + +[san_dirname33] +commonName = "t32 + +[san_dirname34] +commonName = "t33 + +[san_dirname35] +commonName = "t34 + +[san_dirname36] +commonName = "t35 + +[san_dirname37] +commonName = "t36 + +[san_dirname38] +commonName = "t37 + +[san_dirname39] +commonName = "t38 + +[san_dirname40] +commonName = "t39 + +[san_dirname41] +commonName = "t40 + +[san_dirname42] +commonName = "t41 + +[san_dirname43] +commonName = "t42 + +[san_dirname44] +commonName = "t43 + +[san_dirname45] +commonName = "t44 + +[san_dirname46] +commonName = "t45 + +[san_dirname47] +commonName = "t46 + +[san_dirname48] +commonName = "t47 + +[san_dirname49] +commonName = "t48 + +[san_dirname50] +commonName = "t49 + +[san_dirname51] +commonName = "t50 + +[san_dirname52] +commonName = "t51 + +[san_dirname53] +commonName = "t52 + +[san_dirname54] +commonName = "t53 + +[san_dirname55] +commonName = "t54 + +[san_dirname56] +commonName = "t55 + +[san_dirname57] +commonName = "t56 + +[san_dirname58] +commonName = "t57 + +[san_dirname59] +commonName = "t58 + +[san_dirname60] +commonName = "t59 + +[san_dirname61] +commonName = "t60 + +[san_dirname62] +commonName = "t61 + +[san_dirname63] +commonName = "t62 + +[san_dirname64] +commonName = "t63 + +[san_dirname65] +commonName = "t64 + +[san_dirname66] +commonName = "t65 + +[san_dirname67] +commonName = "t66 + +[san_dirname68] +commonName = "t67 + +[san_dirname69] +commonName = "t68 + +[san_dirname70] +commonName = "t69 + +[san_dirname71] +commonName = "t70 + +[san_dirname72] +commonName = "t71 + +[san_dirname73] +commonName = "t72 + +[san_dirname74] +commonName = "t73 + +[san_dirname75] +commonName = "t74 + +[san_dirname76] +commonName = "t75 + +[san_dirname77] +commonName = "t76 + +[san_dirname78] +commonName = "t77 + +[san_dirname79] +commonName = "t78 + +[san_dirname80] +commonName = "t79 + +[san_dirname81] +commonName = "t80 + +[san_dirname82] +commonName = "t81 + +[san_dirname83] +commonName = "t82 + +[san_dirname84] +commonName = "t83 + +[san_dirname85] +commonName = "t84 + +[san_dirname86] +commonName = "t85 + +[san_dirname87] +commonName = "t86 + +[san_dirname88] +commonName = "t87 + +[san_dirname89] +commonName = "t88 + +[san_dirname90] +commonName = "t89 + +[san_dirname91] +commonName = "t90 + +[san_dirname92] +commonName = "t91 + +[san_dirname93] +commonName = "t92 + +[san_dirname94] +commonName = "t93 + +[san_dirname95] +commonName = "t94 + +[san_dirname96] +commonName = "t95 + +[san_dirname97] +commonName = "t96 + +[san_dirname98] +commonName = "t97 + +[san_dirname99] +commonName = "t98 + +[san_dirname100] +commonName = "t99 + +[san_dirname101] +commonName = "t100 + +[san_dirname102] +commonName = "t101 + +[san_dirname103] +commonName = "t102 + +[san_dirname104] +commonName = "t103 + +[san_dirname105] +commonName = "t104 + +[san_dirname106] +commonName = "t105 + +[san_dirname107] +commonName = "t106 + +[san_dirname108] +commonName = "t107 + +[san_dirname109] +commonName = "t108 + +[san_dirname110] +commonName = "t109 + +[san_dirname111] +commonName = "t110 + +[san_dirname112] +commonName = "t111 + +[san_dirname113] +commonName = "t112 + +[san_dirname114] +commonName = "t113 + +[san_dirname115] +commonName = "t114 + +[san_dirname116] +commonName = "t115 + +[san_dirname117] +commonName = "t116 + +[san_dirname118] +commonName = "t117 + +[san_dirname119] +commonName = "t118 + +[san_dirname120] +commonName = "t119 + +[san_dirname121] +commonName = "t120 + +[san_dirname122] +commonName = "t121 + +[san_dirname123] +commonName = "t122 + +[san_dirname124] +commonName = "t123 + +[san_dirname125] +commonName = "t124 + +[san_dirname126] +commonName = "t125 + +[san_dirname127] +commonName = "t126 + +[san_dirname128] +commonName = "t127 + +[san_dirname129] +commonName = "t128 + +[san_dirname130] +commonName = "t129 + +[san_dirname131] +commonName = "t130 + +[san_dirname132] +commonName = "t131 + +[san_dirname133] +commonName = "t132 + +[san_dirname134] +commonName = "t133 + +[san_dirname135] +commonName = "t134 + +[san_dirname136] +commonName = "t135 + +[san_dirname137] +commonName = "t136 + +[san_dirname138] +commonName = "t137 + +[san_dirname139] +commonName = "t138 + +[san_dirname140] +commonName = "t139 + +[san_dirname141] +commonName = "t140 + +[san_dirname142] +commonName = "t141 + +[san_dirname143] +commonName = "t142 + +[san_dirname144] +commonName = "t143 + +[san_dirname145] +commonName = "t144 + +[san_dirname146] +commonName = "t145 + +[san_dirname147] +commonName = "t146 + +[san_dirname148] +commonName = "t147 + +[san_dirname149] +commonName = "t148 + +[san_dirname150] +commonName = "t149 + +[san_dirname151] +commonName = "t150 + +[san_dirname152] +commonName = "t151 + +[san_dirname153] +commonName = "t152 + +[san_dirname154] +commonName = "t153 + +[san_dirname155] +commonName = "t154 + +[san_dirname156] +commonName = "t155 + +[san_dirname157] +commonName = "t156 + +[san_dirname158] +commonName = "t157 + +[san_dirname159] +commonName = "t158 + +[san_dirname160] +commonName = "t159 + +[san_dirname161] +commonName = "t160 + +[san_dirname162] +commonName = "t161 + +[san_dirname163] +commonName = "t162 + +[san_dirname164] +commonName = "t163 + +[san_dirname165] +commonName = "t164 + +[san_dirname166] +commonName = "t165 + +[san_dirname167] +commonName = "t166 + +[san_dirname168] +commonName = "t167 + +[san_dirname169] +commonName = "t168 + +[san_dirname170] +commonName = "t169 + +[san_dirname171] +commonName = "t170 + +[san_dirname172] +commonName = "t171 + +[san_dirname173] +commonName = "t172 + +[san_dirname174] +commonName = "t173 + +[san_dirname175] +commonName = "t174 + +[san_dirname176] +commonName = "t175 + +[san_dirname177] +commonName = "t176 + +[san_dirname178] +commonName = "t177 + +[san_dirname179] +commonName = "t178 + +[san_dirname180] +commonName = "t179 + +[san_dirname181] +commonName = "t180 + +[san_dirname182] +commonName = "t181 + +[san_dirname183] +commonName = "t182 + +[san_dirname184] +commonName = "t183 + +[san_dirname185] +commonName = "t184 + +[san_dirname186] +commonName = "t185 + +[san_dirname187] +commonName = "t186 + +[san_dirname188] +commonName = "t187 + +[san_dirname189] +commonName = "t188 + +[san_dirname190] +commonName = "t189 + +[san_dirname191] +commonName = "t190 + +[san_dirname192] +commonName = "t191 + +[san_dirname193] +commonName = "t192 + +[san_dirname194] +commonName = "t193 + +[san_dirname195] +commonName = "t194 + +[san_dirname196] +commonName = "t195 + +[san_dirname197] +commonName = "t196 + +[san_dirname198] +commonName = "t197 + +[san_dirname199] +commonName = "t198 + +[san_dirname200] +commonName = "t199 + +[san_dirname201] +commonName = "t200 + +[san_dirname202] +commonName = "t201 + +[san_dirname203] +commonName = "t202 + +[san_dirname204] +commonName = "t203 + +[san_dirname205] +commonName = "t204 + +[san_dirname206] +commonName = "t205 + +[san_dirname207] +commonName = "t206 + +[san_dirname208] +commonName = "t207 + +[san_dirname209] +commonName = "t208 + +[san_dirname210] +commonName = "t209 + +[san_dirname211] +commonName = "t210 + +[san_dirname212] +commonName = "t211 + +[san_dirname213] +commonName = "t212 + +[san_dirname214] +commonName = "t213 + +[san_dirname215] +commonName = "t214 + +[san_dirname216] +commonName = "t215 + +[san_dirname217] +commonName = "t216 + +[san_dirname218] +commonName = "t217 + +[san_dirname219] +commonName = "t218 + +[san_dirname220] +commonName = "t219 + +[san_dirname221] +commonName = "t220 + +[san_dirname222] +commonName = "t221 + +[san_dirname223] +commonName = "t222 + +[san_dirname224] +commonName = "t223 + +[san_dirname225] +commonName = "t224 + +[san_dirname226] +commonName = "t225 + +[san_dirname227] +commonName = "t226 + +[san_dirname228] +commonName = "t227 + +[san_dirname229] +commonName = "t228 + +[san_dirname230] +commonName = "t229 + +[san_dirname231] +commonName = "t230 + +[san_dirname232] +commonName = "t231 + +[san_dirname233] +commonName = "t232 + +[san_dirname234] +commonName = "t233 + +[san_dirname235] +commonName = "t234 + +[san_dirname236] +commonName = "t235 + +[san_dirname237] +commonName = "t236 + +[san_dirname238] +commonName = "t237 + +[san_dirname239] +commonName = "t238 + +[san_dirname240] +commonName = "t239 + +[san_dirname241] +commonName = "t240 + +[san_dirname242] +commonName = "t241 + +[san_dirname243] +commonName = "t242 + +[san_dirname244] +commonName = "t243 + +[san_dirname245] +commonName = "t244 + +[san_dirname246] +commonName = "t245 + +[san_dirname247] +commonName = "t246 + +[san_dirname248] +commonName = "t247 + +[san_dirname249] +commonName = "t248 + +[san_dirname250] +commonName = "t249 + +[san_dirname251] +commonName = "t250 + +[san_dirname252] +commonName = "t251 + +[san_dirname253] +commonName = "t252 + +[san_dirname254] +commonName = "t253 + +[san_dirname255] +commonName = "t254 + +[san_dirname256] +commonName = "t255 + +[san_dirname257] +commonName = "t256 + +[san_dirname258] +commonName = "t257 + +[san_dirname259] +commonName = "t258 + +[san_dirname260] +commonName = "t259 + +[san_dirname261] +commonName = "t260 + +[san_dirname262] +commonName = "t261 + +[san_dirname263] +commonName = "t262 + +[san_dirname264] +commonName = "t263 + +[san_dirname265] +commonName = "t264 + +[san_dirname266] +commonName = "t265 + +[san_dirname267] +commonName = "t266 + +[san_dirname268] +commonName = "t267 + +[san_dirname269] +commonName = "t268 + +[san_dirname270] +commonName = "t269 + +[san_dirname271] +commonName = "t270 + +[san_dirname272] +commonName = "t271 + +[san_dirname273] +commonName = "t272 + +[san_dirname274] +commonName = "t273 + +[san_dirname275] +commonName = "t274 + +[san_dirname276] +commonName = "t275 + +[san_dirname277] +commonName = "t276 + +[san_dirname278] +commonName = "t277 + +[san_dirname279] +commonName = "t278 + +[san_dirname280] +commonName = "t279 + +[san_dirname281] +commonName = "t280 + +[san_dirname282] +commonName = "t281 + +[san_dirname283] +commonName = "t282 + +[san_dirname284] +commonName = "t283 + +[san_dirname285] +commonName = "t284 + +[san_dirname286] +commonName = "t285 + +[san_dirname287] +commonName = "t286 + +[san_dirname288] +commonName = "t287 + +[san_dirname289] +commonName = "t288 + +[san_dirname290] +commonName = "t289 + +[san_dirname291] +commonName = "t290 + +[san_dirname292] +commonName = "t291 + +[san_dirname293] +commonName = "t292 + +[san_dirname294] +commonName = "t293 + +[san_dirname295] +commonName = "t294 + +[san_dirname296] +commonName = "t295 + +[san_dirname297] +commonName = "t296 + +[san_dirname298] +commonName = "t297 + +[san_dirname299] +commonName = "t298 + +[san_dirname300] +commonName = "t299 + +[san_dirname301] +commonName = "t300 + +[san_dirname302] +commonName = "t301 + +[san_dirname303] +commonName = "t302 + +[san_dirname304] +commonName = "t303 + +[san_dirname305] +commonName = "t304 + +[san_dirname306] +commonName = "t305 + +[san_dirname307] +commonName = "t306 + +[san_dirname308] +commonName = "t307 + +[san_dirname309] +commonName = "t308 + +[san_dirname310] +commonName = "t309 + +[san_dirname311] +commonName = "t310 + +[san_dirname312] +commonName = "t311 + +[san_dirname313] +commonName = "t312 + +[san_dirname314] +commonName = "t313 + +[san_dirname315] +commonName = "t314 + +[san_dirname316] +commonName = "t315 + +[san_dirname317] +commonName = "t316 + +[san_dirname318] +commonName = "t317 + +[san_dirname319] +commonName = "t318 + +[san_dirname320] +commonName = "t319 + +[san_dirname321] +commonName = "t320 + +[san_dirname322] +commonName = "t321 + +[san_dirname323] +commonName = "t322 + +[san_dirname324] +commonName = "t323 + +[san_dirname325] +commonName = "t324 + +[san_dirname326] +commonName = "t325 + +[san_dirname327] +commonName = "t326 + +[san_dirname328] +commonName = "t327 + +[san_dirname329] +commonName = "t328 + +[san_dirname330] +commonName = "t329 + +[san_dirname331] +commonName = "t330 + +[san_dirname332] +commonName = "t331 + +[san_dirname333] +commonName = "t332 + +[san_dirname334] +commonName = "t333 + +[san_dirname335] +commonName = "t334 + +[san_dirname336] +commonName = "t335 + +[san_dirname337] +commonName = "t336 + +[san_dirname338] +commonName = "t337 + +[san_dirname339] +commonName = "t338 + +[san_dirname340] +commonName = "t339 + +[san_dirname341] +commonName = "t340 + +[san_dirname342] +commonName = "t341 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.csr new file mode 100644 index 0000000000..731c0e5fce --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.csr @@ -0,0 +1,630 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIJ1sTCCdJkCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggnNdMIJzWQYJKoZIhvcN +AQkOMYJzSjCCc0YwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgnL0BgNV +HREEgnLrMIJy54IHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH +dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku +dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx +NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII +dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0 +ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl +c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu +dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz +OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII +dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0 +ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl +c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu +dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2 +Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII +dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0 +ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl +c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu +dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4 +Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII +dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0 +ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50 +ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC +CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw +OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl +c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ +dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy +LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz +dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0 +MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu +dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0 +ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx +NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50 +ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC +CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1 +Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl +c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ +dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw +LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz +dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0 +MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu +dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0 +ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx +OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50 +ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC +CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw +NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl +c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ +dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4 +LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz +dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0 +MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu +dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0 +ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy +NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50 +ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC +CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1 +My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRl +c3SCCXQyNTgudGVzdIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJ +dDI2Mi50ZXN0ggl0MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2 +LnRlc3SCCXQyNjcudGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVz +dIIJdDI3MS50ZXN0ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0 +Mjc1LnRlc3SCCXQyNzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzku +dGVzdIIJdDI4MC50ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0 +ggl0Mjg0LnRlc3SCCXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQy +ODgudGVzdIIJdDI4OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50 +ZXN0ggl0MjkzLnRlc3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SC +CXQyOTcudGVzdIIJdDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMw +MS50ZXN0ggl0MzAyLnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRl +c3SCCXQzMDYudGVzdIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJ +dDMxMC50ZXN0ggl0MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0 +LnRlc3SCCXQzMTUudGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVz +dIIJdDMxOS50ZXN0ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0 +MzIzLnRlc3SCCXQzMjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcu +dGVzdIIJdDMyOC50ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0 +ggl0MzMyLnRlc3SCCXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQz +MzYudGVzdIIJdDMzNy50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50 +ZXN0hwQKAAAAhwQKAAABhwQKAAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQK +AAAHhwQKAAAIhwQKAAAJhwQKAAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQK +AAAPhwQKAAAQhwQKAAARhwQKAAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQK +AAAXhwQKAAAYhwQKAAAZhwQKAAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQK +AAAfhwQKAAAghwQKAAAhhwQKAAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQK +AAAnhwQKAAAohwQKAAAphwQKAAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQK +AAAvhwQKAAAwhwQKAAAxhwQKAAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQK +AAA3hwQKAAA4hwQKAAA5hwQKAAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQK +AAA/hwQKAABAhwQKAABBhwQKAABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQK +AABHhwQKAABIhwQKAABJhwQKAABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQK +AABPhwQKAABQhwQKAABRhwQKAABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQK +AABXhwQKAABYhwQKAABZhwQKAABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQK +AABfhwQKAABghwQKAABhhwQKAABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQK +AABnhwQKAABohwQKAABphwQKAABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQK +AABvhwQKAABwhwQKAABxhwQKAAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQK +AAB3hwQKAAB4hwQKAAB5hwQKAAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQK +AAB/hwQKAACAhwQKAACBhwQKAACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQK +AACHhwQKAACIhwQKAACJhwQKAACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQK +AACPhwQKAACQhwQKAACRhwQKAACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQK +AACXhwQKAACYhwQKAACZhwQKAACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQK +AACfhwQKAACghwQKAAChhwQKAACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQK +AACnhwQKAACohwQKAACphwQKAACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQK +AACvhwQKAACwhwQKAACxhwQKAACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQK +AAC3hwQKAAC4hwQKAAC5hwQKAAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQK +AAC/hwQKAADAhwQKAADBhwQKAADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQK +AADHhwQKAADIhwQKAADJhwQKAADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQK +AADPhwQKAADQhwQKAADRhwQKAADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQK +AADXhwQKAADYhwQKAADZhwQKAADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQK +AADfhwQKAADghwQKAADhhwQKAADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQK +AADnhwQKAADohwQKAADphwQKAADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQK +AADvhwQKAADwhwQKAADxhwQKAADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQK +AAD3hwQKAAD4hwQKAAD5hwQKAAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQK +AAD/hwQKAAEAhwQKAAEBhwQKAAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQK +AAEHhwQKAAEIhwQKAAEJhwQKAAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQK +AAEPhwQKAAEQhwQKAAERhwQKAAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQK +AAEXhwQKAAEYhwQKAAEZhwQKAAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQK +AAEfhwQKAAEghwQKAAEhhwQKAAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQK +AAEnhwQKAAEohwQKAAEphwQKAAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQK +AAEvhwQKAAEwhwQKAAExhwQKAAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQK +AAE3hwQKAAE4hwQKAAE5hwQKAAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQK +AAE/hwQKAAFAhwQKAAFBhwQKAAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQK +AAFHhwQKAAFIhwQKAAFJhwQKAAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQK +AAFPhwQKAAFQhwQKAAFRhwQKAAFShwQKAAFThwQKAAFUpA8wDTELMAkGA1UEAwwC +dDCkDzANMQswCQYDVQQDDAJ0MaQPMA0xCzAJBgNVBAMMAnQypA8wDTELMAkGA1UE +AwwCdDOkDzANMQswCQYDVQQDDAJ0NKQPMA0xCzAJBgNVBAMMAnQ1pA8wDTELMAkG +A1UEAwwCdDakDzANMQswCQYDVQQDDAJ0N6QPMA0xCzAJBgNVBAMMAnQ4pA8wDTEL +MAkGA1UEAwwCdDmkEDAOMQwwCgYDVQQDDAN0MTCkEDAOMQwwCgYDVQQDDAN0MTGk +EDAOMQwwCgYDVQQDDAN0MTKkEDAOMQwwCgYDVQQDDAN0MTOkEDAOMQwwCgYDVQQD +DAN0MTSkEDAOMQwwCgYDVQQDDAN0MTWkEDAOMQwwCgYDVQQDDAN0MTakEDAOMQww +CgYDVQQDDAN0MTekEDAOMQwwCgYDVQQDDAN0MTikEDAOMQwwCgYDVQQDDAN0MTmk +EDAOMQwwCgYDVQQDDAN0MjCkEDAOMQwwCgYDVQQDDAN0MjGkEDAOMQwwCgYDVQQD +DAN0MjKkEDAOMQwwCgYDVQQDDAN0MjOkEDAOMQwwCgYDVQQDDAN0MjSkEDAOMQww +CgYDVQQDDAN0MjWkEDAOMQwwCgYDVQQDDAN0MjakEDAOMQwwCgYDVQQDDAN0Mjek +EDAOMQwwCgYDVQQDDAN0MjikEDAOMQwwCgYDVQQDDAN0MjmkEDAOMQwwCgYDVQQD +DAN0MzCkEDAOMQwwCgYDVQQDDAN0MzGkEDAOMQwwCgYDVQQDDAN0MzKkEDAOMQww +CgYDVQQDDAN0MzOkEDAOMQwwCgYDVQQDDAN0MzSkEDAOMQwwCgYDVQQDDAN0MzWk +EDAOMQwwCgYDVQQDDAN0MzakEDAOMQwwCgYDVQQDDAN0MzekEDAOMQwwCgYDVQQD +DAN0MzikEDAOMQwwCgYDVQQDDAN0MzmkEDAOMQwwCgYDVQQDDAN0NDCkEDAOMQww +CgYDVQQDDAN0NDGkEDAOMQwwCgYDVQQDDAN0NDKkEDAOMQwwCgYDVQQDDAN0NDOk +EDAOMQwwCgYDVQQDDAN0NDSkEDAOMQwwCgYDVQQDDAN0NDWkEDAOMQwwCgYDVQQD +DAN0NDakEDAOMQwwCgYDVQQDDAN0NDekEDAOMQwwCgYDVQQDDAN0NDikEDAOMQww +CgYDVQQDDAN0NDmkEDAOMQwwCgYDVQQDDAN0NTCkEDAOMQwwCgYDVQQDDAN0NTGk +EDAOMQwwCgYDVQQDDAN0NTKkEDAOMQwwCgYDVQQDDAN0NTOkEDAOMQwwCgYDVQQD +DAN0NTSkEDAOMQwwCgYDVQQDDAN0NTWkEDAOMQwwCgYDVQQDDAN0NTakEDAOMQww +CgYDVQQDDAN0NTekEDAOMQwwCgYDVQQDDAN0NTikEDAOMQwwCgYDVQQDDAN0NTmk +EDAOMQwwCgYDVQQDDAN0NjCkEDAOMQwwCgYDVQQDDAN0NjGkEDAOMQwwCgYDVQQD +DAN0NjKkEDAOMQwwCgYDVQQDDAN0NjOkEDAOMQwwCgYDVQQDDAN0NjSkEDAOMQww +CgYDVQQDDAN0NjWkEDAOMQwwCgYDVQQDDAN0NjakEDAOMQwwCgYDVQQDDAN0Njek +EDAOMQwwCgYDVQQDDAN0NjikEDAOMQwwCgYDVQQDDAN0NjmkEDAOMQwwCgYDVQQD +DAN0NzCkEDAOMQwwCgYDVQQDDAN0NzGkEDAOMQwwCgYDVQQDDAN0NzKkEDAOMQww +CgYDVQQDDAN0NzOkEDAOMQwwCgYDVQQDDAN0NzSkEDAOMQwwCgYDVQQDDAN0NzWk +EDAOMQwwCgYDVQQDDAN0NzakEDAOMQwwCgYDVQQDDAN0NzekEDAOMQwwCgYDVQQD +DAN0NzikEDAOMQwwCgYDVQQDDAN0NzmkEDAOMQwwCgYDVQQDDAN0ODCkEDAOMQww +CgYDVQQDDAN0ODGkEDAOMQwwCgYDVQQDDAN0ODKkEDAOMQwwCgYDVQQDDAN0ODOk +EDAOMQwwCgYDVQQDDAN0ODSkEDAOMQwwCgYDVQQDDAN0ODWkEDAOMQwwCgYDVQQD +DAN0ODakEDAOMQwwCgYDVQQDDAN0ODekEDAOMQwwCgYDVQQDDAN0ODikEDAOMQww +CgYDVQQDDAN0ODmkEDAOMQwwCgYDVQQDDAN0OTCkEDAOMQwwCgYDVQQDDAN0OTGk +EDAOMQwwCgYDVQQDDAN0OTKkEDAOMQwwCgYDVQQDDAN0OTOkEDAOMQwwCgYDVQQD +DAN0OTSkEDAOMQwwCgYDVQQDDAN0OTWkEDAOMQwwCgYDVQQDDAN0OTakEDAOMQww +CgYDVQQDDAN0OTekEDAOMQwwCgYDVQQDDAN0OTikEDAOMQwwCgYDVQQDDAN0OTmk +ETAPMQ0wCwYDVQQDDAR0MTAwpBEwDzENMAsGA1UEAwwEdDEwMaQRMA8xDTALBgNV +BAMMBHQxMDKkETAPMQ0wCwYDVQQDDAR0MTAzpBEwDzENMAsGA1UEAwwEdDEwNKQR +MA8xDTALBgNVBAMMBHQxMDWkETAPMQ0wCwYDVQQDDAR0MTA2pBEwDzENMAsGA1UE +AwwEdDEwN6QRMA8xDTALBgNVBAMMBHQxMDikETAPMQ0wCwYDVQQDDAR0MTA5pBEw +DzENMAsGA1UEAwwEdDExMKQRMA8xDTALBgNVBAMMBHQxMTGkETAPMQ0wCwYDVQQD +DAR0MTEypBEwDzENMAsGA1UEAwwEdDExM6QRMA8xDTALBgNVBAMMBHQxMTSkETAP +MQ0wCwYDVQQDDAR0MTE1pBEwDzENMAsGA1UEAwwEdDExNqQRMA8xDTALBgNVBAMM +BHQxMTekETAPMQ0wCwYDVQQDDAR0MTE4pBEwDzENMAsGA1UEAwwEdDExOaQRMA8x +DTALBgNVBAMMBHQxMjCkETAPMQ0wCwYDVQQDDAR0MTIxpBEwDzENMAsGA1UEAwwE +dDEyMqQRMA8xDTALBgNVBAMMBHQxMjOkETAPMQ0wCwYDVQQDDAR0MTI0pBEwDzEN +MAsGA1UEAwwEdDEyNaQRMA8xDTALBgNVBAMMBHQxMjakETAPMQ0wCwYDVQQDDAR0 +MTI3pBEwDzENMAsGA1UEAwwEdDEyOKQRMA8xDTALBgNVBAMMBHQxMjmkETAPMQ0w +CwYDVQQDDAR0MTMwpBEwDzENMAsGA1UEAwwEdDEzMaQRMA8xDTALBgNVBAMMBHQx +MzKkETAPMQ0wCwYDVQQDDAR0MTMzpBEwDzENMAsGA1UEAwwEdDEzNKQRMA8xDTAL +BgNVBAMMBHQxMzWkETAPMQ0wCwYDVQQDDAR0MTM2pBEwDzENMAsGA1UEAwwEdDEz +N6QRMA8xDTALBgNVBAMMBHQxMzikETAPMQ0wCwYDVQQDDAR0MTM5pBEwDzENMAsG +A1UEAwwEdDE0MKQRMA8xDTALBgNVBAMMBHQxNDGkETAPMQ0wCwYDVQQDDAR0MTQy +pBEwDzENMAsGA1UEAwwEdDE0M6QRMA8xDTALBgNVBAMMBHQxNDSkETAPMQ0wCwYD +VQQDDAR0MTQ1pBEwDzENMAsGA1UEAwwEdDE0NqQRMA8xDTALBgNVBAMMBHQxNDek +ETAPMQ0wCwYDVQQDDAR0MTQ4pBEwDzENMAsGA1UEAwwEdDE0OaQRMA8xDTALBgNV +BAMMBHQxNTCkETAPMQ0wCwYDVQQDDAR0MTUxpBEwDzENMAsGA1UEAwwEdDE1MqQR +MA8xDTALBgNVBAMMBHQxNTOkETAPMQ0wCwYDVQQDDAR0MTU0pBEwDzENMAsGA1UE +AwwEdDE1NaQRMA8xDTALBgNVBAMMBHQxNTakETAPMQ0wCwYDVQQDDAR0MTU3pBEw +DzENMAsGA1UEAwwEdDE1OKQRMA8xDTALBgNVBAMMBHQxNTmkETAPMQ0wCwYDVQQD +DAR0MTYwpBEwDzENMAsGA1UEAwwEdDE2MaQRMA8xDTALBgNVBAMMBHQxNjKkETAP +MQ0wCwYDVQQDDAR0MTYzpBEwDzENMAsGA1UEAwwEdDE2NKQRMA8xDTALBgNVBAMM +BHQxNjWkETAPMQ0wCwYDVQQDDAR0MTY2pBEwDzENMAsGA1UEAwwEdDE2N6QRMA8x +DTALBgNVBAMMBHQxNjikETAPMQ0wCwYDVQQDDAR0MTY5pBEwDzENMAsGA1UEAwwE +dDE3MKQRMA8xDTALBgNVBAMMBHQxNzGkETAPMQ0wCwYDVQQDDAR0MTcypBEwDzEN +MAsGA1UEAwwEdDE3M6QRMA8xDTALBgNVBAMMBHQxNzSkETAPMQ0wCwYDVQQDDAR0 +MTc1pBEwDzENMAsGA1UEAwwEdDE3NqQRMA8xDTALBgNVBAMMBHQxNzekETAPMQ0w +CwYDVQQDDAR0MTc4pBEwDzENMAsGA1UEAwwEdDE3OaQRMA8xDTALBgNVBAMMBHQx +ODCkETAPMQ0wCwYDVQQDDAR0MTgxpBEwDzENMAsGA1UEAwwEdDE4MqQRMA8xDTAL +BgNVBAMMBHQxODOkETAPMQ0wCwYDVQQDDAR0MTg0pBEwDzENMAsGA1UEAwwEdDE4 +NaQRMA8xDTALBgNVBAMMBHQxODakETAPMQ0wCwYDVQQDDAR0MTg3pBEwDzENMAsG +A1UEAwwEdDE4OKQRMA8xDTALBgNVBAMMBHQxODmkETAPMQ0wCwYDVQQDDAR0MTkw +pBEwDzENMAsGA1UEAwwEdDE5MaQRMA8xDTALBgNVBAMMBHQxOTKkETAPMQ0wCwYD +VQQDDAR0MTkzpBEwDzENMAsGA1UEAwwEdDE5NKQRMA8xDTALBgNVBAMMBHQxOTWk +ETAPMQ0wCwYDVQQDDAR0MTk2pBEwDzENMAsGA1UEAwwEdDE5N6QRMA8xDTALBgNV +BAMMBHQxOTikETAPMQ0wCwYDVQQDDAR0MTk5pBEwDzENMAsGA1UEAwwEdDIwMKQR +MA8xDTALBgNVBAMMBHQyMDGkETAPMQ0wCwYDVQQDDAR0MjAypBEwDzENMAsGA1UE +AwwEdDIwM6QRMA8xDTALBgNVBAMMBHQyMDSkETAPMQ0wCwYDVQQDDAR0MjA1pBEw +DzENMAsGA1UEAwwEdDIwNqQRMA8xDTALBgNVBAMMBHQyMDekETAPMQ0wCwYDVQQD +DAR0MjA4pBEwDzENMAsGA1UEAwwEdDIwOaQRMA8xDTALBgNVBAMMBHQyMTCkETAP +MQ0wCwYDVQQDDAR0MjExpBEwDzENMAsGA1UEAwwEdDIxMqQRMA8xDTALBgNVBAMM +BHQyMTOkETAPMQ0wCwYDVQQDDAR0MjE0pBEwDzENMAsGA1UEAwwEdDIxNaQRMA8x +DTALBgNVBAMMBHQyMTakETAPMQ0wCwYDVQQDDAR0MjE3pBEwDzENMAsGA1UEAwwE +dDIxOKQRMA8xDTALBgNVBAMMBHQyMTmkETAPMQ0wCwYDVQQDDAR0MjIwpBEwDzEN +MAsGA1UEAwwEdDIyMaQRMA8xDTALBgNVBAMMBHQyMjKkETAPMQ0wCwYDVQQDDAR0 +MjIzpBEwDzENMAsGA1UEAwwEdDIyNKQRMA8xDTALBgNVBAMMBHQyMjWkETAPMQ0w +CwYDVQQDDAR0MjI2pBEwDzENMAsGA1UEAwwEdDIyN6QRMA8xDTALBgNVBAMMBHQy +MjikETAPMQ0wCwYDVQQDDAR0MjI5pBEwDzENMAsGA1UEAwwEdDIzMKQRMA8xDTAL +BgNVBAMMBHQyMzGkETAPMQ0wCwYDVQQDDAR0MjMypBEwDzENMAsGA1UEAwwEdDIz +M6QRMA8xDTALBgNVBAMMBHQyMzSkETAPMQ0wCwYDVQQDDAR0MjM1pBEwDzENMAsG +A1UEAwwEdDIzNqQRMA8xDTALBgNVBAMMBHQyMzekETAPMQ0wCwYDVQQDDAR0MjM4 +pBEwDzENMAsGA1UEAwwEdDIzOaQRMA8xDTALBgNVBAMMBHQyNDCkETAPMQ0wCwYD +VQQDDAR0MjQxpBEwDzENMAsGA1UEAwwEdDI0MqQRMA8xDTALBgNVBAMMBHQyNDOk +ETAPMQ0wCwYDVQQDDAR0MjQ0pBEwDzENMAsGA1UEAwwEdDI0NaQRMA8xDTALBgNV +BAMMBHQyNDakETAPMQ0wCwYDVQQDDAR0MjQ3pBEwDzENMAsGA1UEAwwEdDI0OKQR +MA8xDTALBgNVBAMMBHQyNDmkETAPMQ0wCwYDVQQDDAR0MjUwpBEwDzENMAsGA1UE +AwwEdDI1MaQRMA8xDTALBgNVBAMMBHQyNTKkETAPMQ0wCwYDVQQDDAR0MjUzpBEw +DzENMAsGA1UEAwwEdDI1NKQRMA8xDTALBgNVBAMMBHQyNTWkETAPMQ0wCwYDVQQD +DAR0MjU2pBEwDzENMAsGA1UEAwwEdDI1N6QRMA8xDTALBgNVBAMMBHQyNTikETAP +MQ0wCwYDVQQDDAR0MjU5pBEwDzENMAsGA1UEAwwEdDI2MKQRMA8xDTALBgNVBAMM +BHQyNjGkETAPMQ0wCwYDVQQDDAR0MjYypBEwDzENMAsGA1UEAwwEdDI2M6QRMA8x +DTALBgNVBAMMBHQyNjSkETAPMQ0wCwYDVQQDDAR0MjY1pBEwDzENMAsGA1UEAwwE +dDI2NqQRMA8xDTALBgNVBAMMBHQyNjekETAPMQ0wCwYDVQQDDAR0MjY4pBEwDzEN +MAsGA1UEAwwEdDI2OaQRMA8xDTALBgNVBAMMBHQyNzCkETAPMQ0wCwYDVQQDDAR0 +MjcxpBEwDzENMAsGA1UEAwwEdDI3MqQRMA8xDTALBgNVBAMMBHQyNzOkETAPMQ0w +CwYDVQQDDAR0Mjc0pBEwDzENMAsGA1UEAwwEdDI3NaQRMA8xDTALBgNVBAMMBHQy +NzakETAPMQ0wCwYDVQQDDAR0Mjc3pBEwDzENMAsGA1UEAwwEdDI3OKQRMA8xDTAL +BgNVBAMMBHQyNzmkETAPMQ0wCwYDVQQDDAR0MjgwpBEwDzENMAsGA1UEAwwEdDI4 +MaQRMA8xDTALBgNVBAMMBHQyODKkETAPMQ0wCwYDVQQDDAR0MjgzpBEwDzENMAsG +A1UEAwwEdDI4NKQRMA8xDTALBgNVBAMMBHQyODWkETAPMQ0wCwYDVQQDDAR0Mjg2 +pBEwDzENMAsGA1UEAwwEdDI4N6QRMA8xDTALBgNVBAMMBHQyODikETAPMQ0wCwYD +VQQDDAR0Mjg5pBEwDzENMAsGA1UEAwwEdDI5MKQRMA8xDTALBgNVBAMMBHQyOTGk +ETAPMQ0wCwYDVQQDDAR0MjkypBEwDzENMAsGA1UEAwwEdDI5M6QRMA8xDTALBgNV +BAMMBHQyOTSkETAPMQ0wCwYDVQQDDAR0Mjk1pBEwDzENMAsGA1UEAwwEdDI5NqQR +MA8xDTALBgNVBAMMBHQyOTekETAPMQ0wCwYDVQQDDAR0Mjk4pBEwDzENMAsGA1UE +AwwEdDI5OaQRMA8xDTALBgNVBAMMBHQzMDCkETAPMQ0wCwYDVQQDDAR0MzAxpBEw +DzENMAsGA1UEAwwEdDMwMqQRMA8xDTALBgNVBAMMBHQzMDOkETAPMQ0wCwYDVQQD +DAR0MzA0pBEwDzENMAsGA1UEAwwEdDMwNaQRMA8xDTALBgNVBAMMBHQzMDakETAP +MQ0wCwYDVQQDDAR0MzA3pBEwDzENMAsGA1UEAwwEdDMwOKQRMA8xDTALBgNVBAMM +BHQzMDmkETAPMQ0wCwYDVQQDDAR0MzEwpBEwDzENMAsGA1UEAwwEdDMxMaQRMA8x +DTALBgNVBAMMBHQzMTKkETAPMQ0wCwYDVQQDDAR0MzEzpBEwDzENMAsGA1UEAwwE +dDMxNKQRMA8xDTALBgNVBAMMBHQzMTWkETAPMQ0wCwYDVQQDDAR0MzE2pBEwDzEN +MAsGA1UEAwwEdDMxN6QRMA8xDTALBgNVBAMMBHQzMTikETAPMQ0wCwYDVQQDDAR0 +MzE5pBEwDzENMAsGA1UEAwwEdDMyMKQRMA8xDTALBgNVBAMMBHQzMjGkETAPMQ0w +CwYDVQQDDAR0MzIypBEwDzENMAsGA1UEAwwEdDMyM6QRMA8xDTALBgNVBAMMBHQz +MjSkETAPMQ0wCwYDVQQDDAR0MzI1pBEwDzENMAsGA1UEAwwEdDMyNqQRMA8xDTAL +BgNVBAMMBHQzMjekETAPMQ0wCwYDVQQDDAR0MzI4pBEwDzENMAsGA1UEAwwEdDMy +OaQRMA8xDTALBgNVBAMMBHQzMzCkETAPMQ0wCwYDVQQDDAR0MzMxpBEwDzENMAsG +A1UEAwwEdDMzMqQRMA8xDTALBgNVBAMMBHQzMzOkETAPMQ0wCwYDVQQDDAR0MzM0 +pBEwDzENMAsGA1UEAwwEdDMzNaQRMA8xDTALBgNVBAMMBHQzMzakETAPMQ0wCwYD +VQQDDAR0MzM3pBEwDzENMAsGA1UEAwwEdDMzOKQRMA8xDTALBgNVBAMMBHQzMzmk +ETAPMQ0wCwYDVQQDDAR0MzQwpBEwDzENMAsGA1UEAwwEdDM0MYYNaHR0cDovL3Rl +c3QvMIYNaHR0cDovL3Rlc3QvMYYNaHR0cDovL3Rlc3QvMoYNaHR0cDovL3Rlc3Qv +M4YNaHR0cDovL3Rlc3QvNIYNaHR0cDovL3Rlc3QvNYYNaHR0cDovL3Rlc3QvNoYN +aHR0cDovL3Rlc3QvN4YNaHR0cDovL3Rlc3QvOIYNaHR0cDovL3Rlc3QvOYYOaHR0 +cDovL3Rlc3QvMTCGDmh0dHA6Ly90ZXN0LzExhg5odHRwOi8vdGVzdC8xMoYOaHR0 +cDovL3Rlc3QvMTOGDmh0dHA6Ly90ZXN0LzE0hg5odHRwOi8vdGVzdC8xNYYOaHR0 +cDovL3Rlc3QvMTaGDmh0dHA6Ly90ZXN0LzE3hg5odHRwOi8vdGVzdC8xOIYOaHR0 +cDovL3Rlc3QvMTmGDmh0dHA6Ly90ZXN0LzIwhg5odHRwOi8vdGVzdC8yMYYOaHR0 +cDovL3Rlc3QvMjKGDmh0dHA6Ly90ZXN0LzIzhg5odHRwOi8vdGVzdC8yNIYOaHR0 +cDovL3Rlc3QvMjWGDmh0dHA6Ly90ZXN0LzI2hg5odHRwOi8vdGVzdC8yN4YOaHR0 +cDovL3Rlc3QvMjiGDmh0dHA6Ly90ZXN0LzI5hg5odHRwOi8vdGVzdC8zMIYOaHR0 +cDovL3Rlc3QvMzGGDmh0dHA6Ly90ZXN0LzMyhg5odHRwOi8vdGVzdC8zM4YOaHR0 +cDovL3Rlc3QvMzSGDmh0dHA6Ly90ZXN0LzM1hg5odHRwOi8vdGVzdC8zNoYOaHR0 +cDovL3Rlc3QvMzeGDmh0dHA6Ly90ZXN0LzM4hg5odHRwOi8vdGVzdC8zOYYOaHR0 +cDovL3Rlc3QvNDCGDmh0dHA6Ly90ZXN0LzQxhg5odHRwOi8vdGVzdC80MoYOaHR0 +cDovL3Rlc3QvNDOGDmh0dHA6Ly90ZXN0LzQ0hg5odHRwOi8vdGVzdC80NYYOaHR0 +cDovL3Rlc3QvNDaGDmh0dHA6Ly90ZXN0LzQ3hg5odHRwOi8vdGVzdC80OIYOaHR0 +cDovL3Rlc3QvNDmGDmh0dHA6Ly90ZXN0LzUwhg5odHRwOi8vdGVzdC81MYYOaHR0 +cDovL3Rlc3QvNTKGDmh0dHA6Ly90ZXN0LzUzhg5odHRwOi8vdGVzdC81NIYOaHR0 +cDovL3Rlc3QvNTWGDmh0dHA6Ly90ZXN0LzU2hg5odHRwOi8vdGVzdC81N4YOaHR0 +cDovL3Rlc3QvNTiGDmh0dHA6Ly90ZXN0LzU5hg5odHRwOi8vdGVzdC82MIYOaHR0 +cDovL3Rlc3QvNjGGDmh0dHA6Ly90ZXN0LzYyhg5odHRwOi8vdGVzdC82M4YOaHR0 +cDovL3Rlc3QvNjSGDmh0dHA6Ly90ZXN0LzY1hg5odHRwOi8vdGVzdC82NoYOaHR0 +cDovL3Rlc3QvNjeGDmh0dHA6Ly90ZXN0LzY4hg5odHRwOi8vdGVzdC82OYYOaHR0 +cDovL3Rlc3QvNzCGDmh0dHA6Ly90ZXN0Lzcxhg5odHRwOi8vdGVzdC83MoYOaHR0 +cDovL3Rlc3QvNzOGDmh0dHA6Ly90ZXN0Lzc0hg5odHRwOi8vdGVzdC83NYYOaHR0 +cDovL3Rlc3QvNzaGDmh0dHA6Ly90ZXN0Lzc3hg5odHRwOi8vdGVzdC83OIYOaHR0 +cDovL3Rlc3QvNzmGDmh0dHA6Ly90ZXN0Lzgwhg5odHRwOi8vdGVzdC84MYYOaHR0 +cDovL3Rlc3QvODKGDmh0dHA6Ly90ZXN0Lzgzhg5odHRwOi8vdGVzdC84NIYOaHR0 +cDovL3Rlc3QvODWGDmh0dHA6Ly90ZXN0Lzg2hg5odHRwOi8vdGVzdC84N4YOaHR0 +cDovL3Rlc3QvODiGDmh0dHA6Ly90ZXN0Lzg5hg5odHRwOi8vdGVzdC85MIYOaHR0 +cDovL3Rlc3QvOTGGDmh0dHA6Ly90ZXN0Lzkyhg5odHRwOi8vdGVzdC85M4YOaHR0 +cDovL3Rlc3QvOTSGDmh0dHA6Ly90ZXN0Lzk1hg5odHRwOi8vdGVzdC85NoYOaHR0 +cDovL3Rlc3QvOTeGDmh0dHA6Ly90ZXN0Lzk4hg5odHRwOi8vdGVzdC85OYYPaHR0 +cDovL3Rlc3QvMTAwhg9odHRwOi8vdGVzdC8xMDGGD2h0dHA6Ly90ZXN0LzEwMoYP +aHR0cDovL3Rlc3QvMTAzhg9odHRwOi8vdGVzdC8xMDSGD2h0dHA6Ly90ZXN0LzEw +NYYPaHR0cDovL3Rlc3QvMTA2hg9odHRwOi8vdGVzdC8xMDeGD2h0dHA6Ly90ZXN0 +LzEwOIYPaHR0cDovL3Rlc3QvMTA5hg9odHRwOi8vdGVzdC8xMTCGD2h0dHA6Ly90 +ZXN0LzExMYYPaHR0cDovL3Rlc3QvMTEyhg9odHRwOi8vdGVzdC8xMTOGD2h0dHA6 +Ly90ZXN0LzExNIYPaHR0cDovL3Rlc3QvMTE1hg9odHRwOi8vdGVzdC8xMTaGD2h0 +dHA6Ly90ZXN0LzExN4YPaHR0cDovL3Rlc3QvMTE4hg9odHRwOi8vdGVzdC8xMTmG +D2h0dHA6Ly90ZXN0LzEyMIYPaHR0cDovL3Rlc3QvMTIxhg9odHRwOi8vdGVzdC8x +MjKGD2h0dHA6Ly90ZXN0LzEyM4YPaHR0cDovL3Rlc3QvMTI0hg9odHRwOi8vdGVz +dC8xMjWGD2h0dHA6Ly90ZXN0LzEyNoYPaHR0cDovL3Rlc3QvMTI3hg9odHRwOi8v +dGVzdC8xMjiGD2h0dHA6Ly90ZXN0LzEyOYYPaHR0cDovL3Rlc3QvMTMwhg9odHRw +Oi8vdGVzdC8xMzGGD2h0dHA6Ly90ZXN0LzEzMoYPaHR0cDovL3Rlc3QvMTMzhg9o +dHRwOi8vdGVzdC8xMzSGD2h0dHA6Ly90ZXN0LzEzNYYPaHR0cDovL3Rlc3QvMTM2 +hg9odHRwOi8vdGVzdC8xMzeGD2h0dHA6Ly90ZXN0LzEzOIYPaHR0cDovL3Rlc3Qv +MTM5hg9odHRwOi8vdGVzdC8xNDCGD2h0dHA6Ly90ZXN0LzE0MYYPaHR0cDovL3Rl +c3QvMTQyhg9odHRwOi8vdGVzdC8xNDOGD2h0dHA6Ly90ZXN0LzE0NIYPaHR0cDov +L3Rlc3QvMTQ1hg9odHRwOi8vdGVzdC8xNDaGD2h0dHA6Ly90ZXN0LzE0N4YPaHR0 +cDovL3Rlc3QvMTQ4hg9odHRwOi8vdGVzdC8xNDmGD2h0dHA6Ly90ZXN0LzE1MIYP +aHR0cDovL3Rlc3QvMTUxhg9odHRwOi8vdGVzdC8xNTKGD2h0dHA6Ly90ZXN0LzE1 +M4YPaHR0cDovL3Rlc3QvMTU0hg9odHRwOi8vdGVzdC8xNTWGD2h0dHA6Ly90ZXN0 +LzE1NoYPaHR0cDovL3Rlc3QvMTU3hg9odHRwOi8vdGVzdC8xNTiGD2h0dHA6Ly90 +ZXN0LzE1OYYPaHR0cDovL3Rlc3QvMTYwhg9odHRwOi8vdGVzdC8xNjGGD2h0dHA6 +Ly90ZXN0LzE2MoYPaHR0cDovL3Rlc3QvMTYzhg9odHRwOi8vdGVzdC8xNjSGD2h0 +dHA6Ly90ZXN0LzE2NYYPaHR0cDovL3Rlc3QvMTY2hg9odHRwOi8vdGVzdC8xNjeG +D2h0dHA6Ly90ZXN0LzE2OIYPaHR0cDovL3Rlc3QvMTY5hg9odHRwOi8vdGVzdC8x +NzCGD2h0dHA6Ly90ZXN0LzE3MYYPaHR0cDovL3Rlc3QvMTcyhg9odHRwOi8vdGVz +dC8xNzOGD2h0dHA6Ly90ZXN0LzE3NIYPaHR0cDovL3Rlc3QvMTc1hg9odHRwOi8v +dGVzdC8xNzaGD2h0dHA6Ly90ZXN0LzE3N4YPaHR0cDovL3Rlc3QvMTc4hg9odHRw +Oi8vdGVzdC8xNzmGD2h0dHA6Ly90ZXN0LzE4MIYPaHR0cDovL3Rlc3QvMTgxhg9o +dHRwOi8vdGVzdC8xODKGD2h0dHA6Ly90ZXN0LzE4M4YPaHR0cDovL3Rlc3QvMTg0 +hg9odHRwOi8vdGVzdC8xODWGD2h0dHA6Ly90ZXN0LzE4NoYPaHR0cDovL3Rlc3Qv +MTg3hg9odHRwOi8vdGVzdC8xODiGD2h0dHA6Ly90ZXN0LzE4OYYPaHR0cDovL3Rl +c3QvMTkwhg9odHRwOi8vdGVzdC8xOTGGD2h0dHA6Ly90ZXN0LzE5MoYPaHR0cDov +L3Rlc3QvMTkzhg9odHRwOi8vdGVzdC8xOTSGD2h0dHA6Ly90ZXN0LzE5NYYPaHR0 +cDovL3Rlc3QvMTk2hg9odHRwOi8vdGVzdC8xOTeGD2h0dHA6Ly90ZXN0LzE5OIYP +aHR0cDovL3Rlc3QvMTk5hg9odHRwOi8vdGVzdC8yMDCGD2h0dHA6Ly90ZXN0LzIw +MYYPaHR0cDovL3Rlc3QvMjAyhg9odHRwOi8vdGVzdC8yMDOGD2h0dHA6Ly90ZXN0 +LzIwNIYPaHR0cDovL3Rlc3QvMjA1hg9odHRwOi8vdGVzdC8yMDaGD2h0dHA6Ly90 +ZXN0LzIwN4YPaHR0cDovL3Rlc3QvMjA4hg9odHRwOi8vdGVzdC8yMDmGD2h0dHA6 +Ly90ZXN0LzIxMIYPaHR0cDovL3Rlc3QvMjExhg9odHRwOi8vdGVzdC8yMTKGD2h0 +dHA6Ly90ZXN0LzIxM4YPaHR0cDovL3Rlc3QvMjE0hg9odHRwOi8vdGVzdC8yMTWG +D2h0dHA6Ly90ZXN0LzIxNoYPaHR0cDovL3Rlc3QvMjE3hg9odHRwOi8vdGVzdC8y +MTiGD2h0dHA6Ly90ZXN0LzIxOYYPaHR0cDovL3Rlc3QvMjIwhg9odHRwOi8vdGVz +dC8yMjGGD2h0dHA6Ly90ZXN0LzIyMoYPaHR0cDovL3Rlc3QvMjIzhg9odHRwOi8v +dGVzdC8yMjSGD2h0dHA6Ly90ZXN0LzIyNYYPaHR0cDovL3Rlc3QvMjI2hg9odHRw +Oi8vdGVzdC8yMjeGD2h0dHA6Ly90ZXN0LzIyOIYPaHR0cDovL3Rlc3QvMjI5hg9o +dHRwOi8vdGVzdC8yMzCGD2h0dHA6Ly90ZXN0LzIzMYYPaHR0cDovL3Rlc3QvMjMy +hg9odHRwOi8vdGVzdC8yMzOGD2h0dHA6Ly90ZXN0LzIzNIYPaHR0cDovL3Rlc3Qv +MjM1hg9odHRwOi8vdGVzdC8yMzaGD2h0dHA6Ly90ZXN0LzIzN4YPaHR0cDovL3Rl +c3QvMjM4hg9odHRwOi8vdGVzdC8yMzmGD2h0dHA6Ly90ZXN0LzI0MIYPaHR0cDov +L3Rlc3QvMjQxhg9odHRwOi8vdGVzdC8yNDKGD2h0dHA6Ly90ZXN0LzI0M4YPaHR0 +cDovL3Rlc3QvMjQ0hg9odHRwOi8vdGVzdC8yNDWGD2h0dHA6Ly90ZXN0LzI0NoYP +aHR0cDovL3Rlc3QvMjQ3hg9odHRwOi8vdGVzdC8yNDiGD2h0dHA6Ly90ZXN0LzI0 +OYYPaHR0cDovL3Rlc3QvMjUwhg9odHRwOi8vdGVzdC8yNTGGD2h0dHA6Ly90ZXN0 +LzI1MoYPaHR0cDovL3Rlc3QvMjUzhg9odHRwOi8vdGVzdC8yNTSGD2h0dHA6Ly90 +ZXN0LzI1NYYPaHR0cDovL3Rlc3QvMjU2hg9odHRwOi8vdGVzdC8yNTeGD2h0dHA6 +Ly90ZXN0LzI1OIYPaHR0cDovL3Rlc3QvMjU5hg9odHRwOi8vdGVzdC8yNjCGD2h0 +dHA6Ly90ZXN0LzI2MYYPaHR0cDovL3Rlc3QvMjYyhg9odHRwOi8vdGVzdC8yNjOG +D2h0dHA6Ly90ZXN0LzI2NIYPaHR0cDovL3Rlc3QvMjY1hg9odHRwOi8vdGVzdC8y +NjaGD2h0dHA6Ly90ZXN0LzI2N4YPaHR0cDovL3Rlc3QvMjY4hg9odHRwOi8vdGVz +dC8yNjmGD2h0dHA6Ly90ZXN0LzI3MIYPaHR0cDovL3Rlc3QvMjcxhg9odHRwOi8v +dGVzdC8yNzKGD2h0dHA6Ly90ZXN0LzI3M4YPaHR0cDovL3Rlc3QvMjc0hg9odHRw +Oi8vdGVzdC8yNzWGD2h0dHA6Ly90ZXN0LzI3NoYPaHR0cDovL3Rlc3QvMjc3hg9o +dHRwOi8vdGVzdC8yNziGD2h0dHA6Ly90ZXN0LzI3OYYPaHR0cDovL3Rlc3QvMjgw +hg9odHRwOi8vdGVzdC8yODGGD2h0dHA6Ly90ZXN0LzI4MoYPaHR0cDovL3Rlc3Qv +Mjgzhg9odHRwOi8vdGVzdC8yODSGD2h0dHA6Ly90ZXN0LzI4NYYPaHR0cDovL3Rl +c3QvMjg2hg9odHRwOi8vdGVzdC8yODeGD2h0dHA6Ly90ZXN0LzI4OIYPaHR0cDov +L3Rlc3QvMjg5hg9odHRwOi8vdGVzdC8yOTCGD2h0dHA6Ly90ZXN0LzI5MYYPaHR0 +cDovL3Rlc3QvMjkyhg9odHRwOi8vdGVzdC8yOTOGD2h0dHA6Ly90ZXN0LzI5NIYP +aHR0cDovL3Rlc3QvMjk1hg9odHRwOi8vdGVzdC8yOTaGD2h0dHA6Ly90ZXN0LzI5 +N4YPaHR0cDovL3Rlc3QvMjk4hg9odHRwOi8vdGVzdC8yOTmGD2h0dHA6Ly90ZXN0 +LzMwMIYPaHR0cDovL3Rlc3QvMzAxhg9odHRwOi8vdGVzdC8zMDKGD2h0dHA6Ly90 +ZXN0LzMwM4YPaHR0cDovL3Rlc3QvMzA0hg9odHRwOi8vdGVzdC8zMDWGD2h0dHA6 +Ly90ZXN0LzMwNoYPaHR0cDovL3Rlc3QvMzA3hg9odHRwOi8vdGVzdC8zMDiGD2h0 +dHA6Ly90ZXN0LzMwOYYPaHR0cDovL3Rlc3QvMzEwhg9odHRwOi8vdGVzdC8zMTGG +D2h0dHA6Ly90ZXN0LzMxMoYPaHR0cDovL3Rlc3QvMzEzhg9odHRwOi8vdGVzdC8z +MTSGD2h0dHA6Ly90ZXN0LzMxNYYPaHR0cDovL3Rlc3QvMzE2hg9odHRwOi8vdGVz +dC8zMTeGD2h0dHA6Ly90ZXN0LzMxOIYPaHR0cDovL3Rlc3QvMzE5hg9odHRwOi8v +dGVzdC8zMjCGD2h0dHA6Ly90ZXN0LzMyMYYPaHR0cDovL3Rlc3QvMzIyhg9odHRw +Oi8vdGVzdC8zMjOGD2h0dHA6Ly90ZXN0LzMyNIYPaHR0cDovL3Rlc3QvMzI1hg9o +dHRwOi8vdGVzdC8zMjaGD2h0dHA6Ly90ZXN0LzMyN4YPaHR0cDovL3Rlc3QvMzI4 +hg9odHRwOi8vdGVzdC8zMjmGD2h0dHA6Ly90ZXN0LzMzMIYPaHR0cDovL3Rlc3Qv +MzMxhg9odHRwOi8vdGVzdC8zMzKGD2h0dHA6Ly90ZXN0LzMzM4YPaHR0cDovL3Rl +c3QvMzM0hg9odHRwOi8vdGVzdC8zMzWGD2h0dHA6Ly90ZXN0LzMzNoYPaHR0cDov +L3Rlc3QvMzM3hg9odHRwOi8vdGVzdC8zMziGD2h0dHA6Ly90ZXN0LzMzOYYPaHR0 +cDovL3Rlc3QvMzQwhg9odHRwOi8vdGVzdC8zNDGGD2h0dHA6Ly90ZXN0LzM0MoYP +aHR0cDovL3Rlc3QvMzQzhg9odHRwOi8vdGVzdC8zNDSGD2h0dHA6Ly90ZXN0LzM0 +NYYPaHR0cDovL3Rlc3QvMzQ2hg9odHRwOi8vdGVzdC8zNDeGD2h0dHA6Ly90ZXN0 +LzM0OIYPaHR0cDovL3Rlc3QvMzQ5hg9odHRwOi8vdGVzdC8zNTCGD2h0dHA6Ly90 +ZXN0LzM1MYYPaHR0cDovL3Rlc3QvMzUyhg9odHRwOi8vdGVzdC8zNTOGD2h0dHA6 +Ly90ZXN0LzM1NIYPaHR0cDovL3Rlc3QvMzU1hg9odHRwOi8vdGVzdC8zNTaGD2h0 +dHA6Ly90ZXN0LzM1N4YPaHR0cDovL3Rlc3QvMzU4hg9odHRwOi8vdGVzdC8zNTmG +D2h0dHA6Ly90ZXN0LzM2MIYPaHR0cDovL3Rlc3QvMzYxhg9odHRwOi8vdGVzdC8z +NjKGD2h0dHA6Ly90ZXN0LzM2M4YPaHR0cDovL3Rlc3QvMzY0hg9odHRwOi8vdGVz +dC8zNjWGD2h0dHA6Ly90ZXN0LzM2NoYPaHR0cDovL3Rlc3QvMzY3hg9odHRwOi8v +dGVzdC8zNjiGD2h0dHA6Ly90ZXN0LzM2OYYPaHR0cDovL3Rlc3QvMzcwhg9odHRw +Oi8vdGVzdC8zNzGGD2h0dHA6Ly90ZXN0LzM3MoYPaHR0cDovL3Rlc3QvMzczhg9o +dHRwOi8vdGVzdC8zNzSGD2h0dHA6Ly90ZXN0LzM3NYYPaHR0cDovL3Rlc3QvMzc2 +hg9odHRwOi8vdGVzdC8zNzeGD2h0dHA6Ly90ZXN0LzM3OIYPaHR0cDovL3Rlc3Qv +Mzc5hg9odHRwOi8vdGVzdC8zODCGD2h0dHA6Ly90ZXN0LzM4MYYPaHR0cDovL3Rl +c3QvMzgyhg9odHRwOi8vdGVzdC8zODOGD2h0dHA6Ly90ZXN0LzM4NIYPaHR0cDov +L3Rlc3QvMzg1hg9odHRwOi8vdGVzdC8zODaGD2h0dHA6Ly90ZXN0LzM4N4YPaHR0 +cDovL3Rlc3QvMzg4hg9odHRwOi8vdGVzdC8zODmGD2h0dHA6Ly90ZXN0LzM5MIYP +aHR0cDovL3Rlc3QvMzkxhg9odHRwOi8vdGVzdC8zOTKGD2h0dHA6Ly90ZXN0LzM5 +M4YPaHR0cDovL3Rlc3QvMzk0hg9odHRwOi8vdGVzdC8zOTWGD2h0dHA6Ly90ZXN0 +LzM5NoYPaHR0cDovL3Rlc3QvMzk3hg9odHRwOi8vdGVzdC8zOTiGD2h0dHA6Ly90 +ZXN0LzM5OYYPaHR0cDovL3Rlc3QvNDAwhg9odHRwOi8vdGVzdC80MDGGD2h0dHA6 +Ly90ZXN0LzQwMoYPaHR0cDovL3Rlc3QvNDAzhg9odHRwOi8vdGVzdC80MDSGD2h0 +dHA6Ly90ZXN0LzQwNYYPaHR0cDovL3Rlc3QvNDA2hg9odHRwOi8vdGVzdC80MDeG +D2h0dHA6Ly90ZXN0LzQwOIYPaHR0cDovL3Rlc3QvNDA5hg9odHRwOi8vdGVzdC80 +MTCGD2h0dHA6Ly90ZXN0LzQxMYYPaHR0cDovL3Rlc3QvNDEyhg9odHRwOi8vdGVz +dC80MTOGD2h0dHA6Ly90ZXN0LzQxNIYPaHR0cDovL3Rlc3QvNDE1hg9odHRwOi8v +dGVzdC80MTaGD2h0dHA6Ly90ZXN0LzQxN4YPaHR0cDovL3Rlc3QvNDE4hg9odHRw +Oi8vdGVzdC80MTmGD2h0dHA6Ly90ZXN0LzQyMIYPaHR0cDovL3Rlc3QvNDIxhg9o +dHRwOi8vdGVzdC80MjKGD2h0dHA6Ly90ZXN0LzQyM4YPaHR0cDovL3Rlc3QvNDI0 +hg9odHRwOi8vdGVzdC80MjWGD2h0dHA6Ly90ZXN0LzQyNoYPaHR0cDovL3Rlc3Qv +NDI3hg9odHRwOi8vdGVzdC80MjiGD2h0dHA6Ly90ZXN0LzQyOYYPaHR0cDovL3Rl +c3QvNDMwhg9odHRwOi8vdGVzdC80MzGGD2h0dHA6Ly90ZXN0LzQzMoYPaHR0cDov +L3Rlc3QvNDMzhg9odHRwOi8vdGVzdC80MzSGD2h0dHA6Ly90ZXN0LzQzNYYPaHR0 +cDovL3Rlc3QvNDM2hg9odHRwOi8vdGVzdC80MzeGD2h0dHA6Ly90ZXN0LzQzOIYP +aHR0cDovL3Rlc3QvNDM5hg9odHRwOi8vdGVzdC80NDCGD2h0dHA6Ly90ZXN0LzQ0 +MYYPaHR0cDovL3Rlc3QvNDQyhg9odHRwOi8vdGVzdC80NDOGD2h0dHA6Ly90ZXN0 +LzQ0NIYPaHR0cDovL3Rlc3QvNDQ1hg9odHRwOi8vdGVzdC80NDaGD2h0dHA6Ly90 +ZXN0LzQ0N4YPaHR0cDovL3Rlc3QvNDQ4hg9odHRwOi8vdGVzdC80NDmGD2h0dHA6 +Ly90ZXN0LzQ1MIYPaHR0cDovL3Rlc3QvNDUxhg9odHRwOi8vdGVzdC80NTKGD2h0 +dHA6Ly90ZXN0LzQ1M4YPaHR0cDovL3Rlc3QvNDU0hg9odHRwOi8vdGVzdC80NTWG +D2h0dHA6Ly90ZXN0LzQ1NoYPaHR0cDovL3Rlc3QvNDU3hg9odHRwOi8vdGVzdC80 +NTiGD2h0dHA6Ly90ZXN0LzQ1OYYPaHR0cDovL3Rlc3QvNDYwhg9odHRwOi8vdGVz +dC80NjGGD2h0dHA6Ly90ZXN0LzQ2MoYPaHR0cDovL3Rlc3QvNDYzhg9odHRwOi8v +dGVzdC80NjSGD2h0dHA6Ly90ZXN0LzQ2NYYPaHR0cDovL3Rlc3QvNDY2hg9odHRw +Oi8vdGVzdC80NjeGD2h0dHA6Ly90ZXN0LzQ2OIYPaHR0cDovL3Rlc3QvNDY5hg9o +dHRwOi8vdGVzdC80NzCGD2h0dHA6Ly90ZXN0LzQ3MYYPaHR0cDovL3Rlc3QvNDcy +hg9odHRwOi8vdGVzdC80NzOGD2h0dHA6Ly90ZXN0LzQ3NIYPaHR0cDovL3Rlc3Qv +NDc1hg9odHRwOi8vdGVzdC80NzaGD2h0dHA6Ly90ZXN0LzQ3N4YPaHR0cDovL3Rl +c3QvNDc4hg9odHRwOi8vdGVzdC80NzmGD2h0dHA6Ly90ZXN0LzQ4MIYPaHR0cDov +L3Rlc3QvNDgxhg9odHRwOi8vdGVzdC80ODKGD2h0dHA6Ly90ZXN0LzQ4M4YPaHR0 +cDovL3Rlc3QvNDg0hg9odHRwOi8vdGVzdC80ODWGD2h0dHA6Ly90ZXN0LzQ4NoYP +aHR0cDovL3Rlc3QvNDg3hg9odHRwOi8vdGVzdC80ODiGD2h0dHA6Ly90ZXN0LzQ4 +OYYPaHR0cDovL3Rlc3QvNDkwhg9odHRwOi8vdGVzdC80OTGGD2h0dHA6Ly90ZXN0 +LzQ5MoYPaHR0cDovL3Rlc3QvNDkzhg9odHRwOi8vdGVzdC80OTSGD2h0dHA6Ly90 +ZXN0LzQ5NYYPaHR0cDovL3Rlc3QvNDk2hg9odHRwOi8vdGVzdC80OTeGD2h0dHA6 +Ly90ZXN0LzQ5OIYPaHR0cDovL3Rlc3QvNDk5hg9odHRwOi8vdGVzdC81MDCGD2h0 +dHA6Ly90ZXN0LzUwMYYPaHR0cDovL3Rlc3QvNTAyhg9odHRwOi8vdGVzdC81MDOG +D2h0dHA6Ly90ZXN0LzUwNIYPaHR0cDovL3Rlc3QvNTA1hg9odHRwOi8vdGVzdC81 +MDaGD2h0dHA6Ly90ZXN0LzUwN4YPaHR0cDovL3Rlc3QvNTA4hg9odHRwOi8vdGVz +dC81MDmGD2h0dHA6Ly90ZXN0LzUxMIYPaHR0cDovL3Rlc3QvNTExhg9odHRwOi8v +dGVzdC81MTKGD2h0dHA6Ly90ZXN0LzUxM4YPaHR0cDovL3Rlc3QvNTE0hg9odHRw +Oi8vdGVzdC81MTWGD2h0dHA6Ly90ZXN0LzUxNoYPaHR0cDovL3Rlc3QvNTE3hg9o +dHRwOi8vdGVzdC81MTiGD2h0dHA6Ly90ZXN0LzUxOYYPaHR0cDovL3Rlc3QvNTIw +hg9odHRwOi8vdGVzdC81MjGGD2h0dHA6Ly90ZXN0LzUyMoYPaHR0cDovL3Rlc3Qv +NTIzhg9odHRwOi8vdGVzdC81MjSGD2h0dHA6Ly90ZXN0LzUyNYYPaHR0cDovL3Rl +c3QvNTI2hg9odHRwOi8vdGVzdC81MjeGD2h0dHA6Ly90ZXN0LzUyOIYPaHR0cDov +L3Rlc3QvNTI5hg9odHRwOi8vdGVzdC81MzCGD2h0dHA6Ly90ZXN0LzUzMYYPaHR0 +cDovL3Rlc3QvNTMyhg9odHRwOi8vdGVzdC81MzOGD2h0dHA6Ly90ZXN0LzUzNIYP +aHR0cDovL3Rlc3QvNTM1hg9odHRwOi8vdGVzdC81MzaGD2h0dHA6Ly90ZXN0LzUz +N4YPaHR0cDovL3Rlc3QvNTM4hg9odHRwOi8vdGVzdC81MzmGD2h0dHA6Ly90ZXN0 +LzU0MIYPaHR0cDovL3Rlc3QvNTQxhg9odHRwOi8vdGVzdC81NDKGD2h0dHA6Ly90 +ZXN0LzU0M4YPaHR0cDovL3Rlc3QvNTQ0hg9odHRwOi8vdGVzdC81NDWGD2h0dHA6 +Ly90ZXN0LzU0NoYPaHR0cDovL3Rlc3QvNTQ3hg9odHRwOi8vdGVzdC81NDiGD2h0 +dHA6Ly90ZXN0LzU0OYYPaHR0cDovL3Rlc3QvNTUwhg9odHRwOi8vdGVzdC81NTGG +D2h0dHA6Ly90ZXN0LzU1MoYPaHR0cDovL3Rlc3QvNTUzhg9odHRwOi8vdGVzdC81 +NTSGD2h0dHA6Ly90ZXN0LzU1NYYPaHR0cDovL3Rlc3QvNTU2hg9odHRwOi8vdGVz +dC81NTeGD2h0dHA6Ly90ZXN0LzU1OIYPaHR0cDovL3Rlc3QvNTU5hg9odHRwOi8v +dGVzdC81NjCGD2h0dHA6Ly90ZXN0LzU2MYYPaHR0cDovL3Rlc3QvNTYyhg9odHRw +Oi8vdGVzdC81NjOGD2h0dHA6Ly90ZXN0LzU2NIYPaHR0cDovL3Rlc3QvNTY1hg9o +dHRwOi8vdGVzdC81NjaGD2h0dHA6Ly90ZXN0LzU2N4YPaHR0cDovL3Rlc3QvNTY4 +hg9odHRwOi8vdGVzdC81NjmGD2h0dHA6Ly90ZXN0LzU3MIYPaHR0cDovL3Rlc3Qv +NTcxhg9odHRwOi8vdGVzdC81NzKGD2h0dHA6Ly90ZXN0LzU3M4YPaHR0cDovL3Rl +c3QvNTc0hg9odHRwOi8vdGVzdC81NzWGD2h0dHA6Ly90ZXN0LzU3NoYPaHR0cDov +L3Rlc3QvNTc3hg9odHRwOi8vdGVzdC81NziGD2h0dHA6Ly90ZXN0LzU3OYYPaHR0 +cDovL3Rlc3QvNTgwhg9odHRwOi8vdGVzdC81ODGGD2h0dHA6Ly90ZXN0LzU4MoYP +aHR0cDovL3Rlc3QvNTgzhg9odHRwOi8vdGVzdC81ODSGD2h0dHA6Ly90ZXN0LzU4 +NYYPaHR0cDovL3Rlc3QvNTg2hg9odHRwOi8vdGVzdC81ODeGD2h0dHA6Ly90ZXN0 +LzU4OIYPaHR0cDovL3Rlc3QvNTg5hg9odHRwOi8vdGVzdC81OTCGD2h0dHA6Ly90 +ZXN0LzU5MYYPaHR0cDovL3Rlc3QvNTkyhg9odHRwOi8vdGVzdC81OTOGD2h0dHA6 +Ly90ZXN0LzU5NIYPaHR0cDovL3Rlc3QvNTk1hg9odHRwOi8vdGVzdC81OTaGD2h0 +dHA6Ly90ZXN0LzU5N4YPaHR0cDovL3Rlc3QvNTk4hg9odHRwOi8vdGVzdC81OTmG +D2h0dHA6Ly90ZXN0LzYwMIYPaHR0cDovL3Rlc3QvNjAxhg9odHRwOi8vdGVzdC82 +MDKGD2h0dHA6Ly90ZXN0LzYwM4YPaHR0cDovL3Rlc3QvNjA0hg9odHRwOi8vdGVz +dC82MDWGD2h0dHA6Ly90ZXN0LzYwNoYPaHR0cDovL3Rlc3QvNjA3hg9odHRwOi8v +dGVzdC82MDiGD2h0dHA6Ly90ZXN0LzYwOYYPaHR0cDovL3Rlc3QvNjEwhg9odHRw +Oi8vdGVzdC82MTGGD2h0dHA6Ly90ZXN0LzYxMoYPaHR0cDovL3Rlc3QvNjEzhg9o +dHRwOi8vdGVzdC82MTSGD2h0dHA6Ly90ZXN0LzYxNYYPaHR0cDovL3Rlc3QvNjE2 +hg9odHRwOi8vdGVzdC82MTeGD2h0dHA6Ly90ZXN0LzYxOIYPaHR0cDovL3Rlc3Qv +NjE5hg9odHRwOi8vdGVzdC82MjCGD2h0dHA6Ly90ZXN0LzYyMYYPaHR0cDovL3Rl +c3QvNjIyhg9odHRwOi8vdGVzdC82MjOGD2h0dHA6Ly90ZXN0LzYyNIYPaHR0cDov +L3Rlc3QvNjI1hg9odHRwOi8vdGVzdC82MjaGD2h0dHA6Ly90ZXN0LzYyN4YPaHR0 +cDovL3Rlc3QvNjI4hg9odHRwOi8vdGVzdC82MjmGD2h0dHA6Ly90ZXN0LzYzMIYP +aHR0cDovL3Rlc3QvNjMxhg9odHRwOi8vdGVzdC82MzKGD2h0dHA6Ly90ZXN0LzYz +M4YPaHR0cDovL3Rlc3QvNjM0hg9odHRwOi8vdGVzdC82MzWGD2h0dHA6Ly90ZXN0 +LzYzNoYPaHR0cDovL3Rlc3QvNjM3hg9odHRwOi8vdGVzdC82MziGD2h0dHA6Ly90 +ZXN0LzYzOYYPaHR0cDovL3Rlc3QvNjQwhg9odHRwOi8vdGVzdC82NDGGD2h0dHA6 +Ly90ZXN0LzY0MoYPaHR0cDovL3Rlc3QvNjQzhg9odHRwOi8vdGVzdC82NDSGD2h0 +dHA6Ly90ZXN0LzY0NYYPaHR0cDovL3Rlc3QvNjQ2hg9odHRwOi8vdGVzdC82NDeG +D2h0dHA6Ly90ZXN0LzY0OIYPaHR0cDovL3Rlc3QvNjQ5hg9odHRwOi8vdGVzdC82 +NTCGD2h0dHA6Ly90ZXN0LzY1MYYPaHR0cDovL3Rlc3QvNjUyhg9odHRwOi8vdGVz +dC82NTOGD2h0dHA6Ly90ZXN0LzY1NIYPaHR0cDovL3Rlc3QvNjU1hg9odHRwOi8v +dGVzdC82NTaGD2h0dHA6Ly90ZXN0LzY1N4YPaHR0cDovL3Rlc3QvNjU4hg9odHRw +Oi8vdGVzdC82NTmGD2h0dHA6Ly90ZXN0LzY2MIYPaHR0cDovL3Rlc3QvNjYxhg9o +dHRwOi8vdGVzdC82NjKGD2h0dHA6Ly90ZXN0LzY2M4YPaHR0cDovL3Rlc3QvNjY0 +hg9odHRwOi8vdGVzdC82NjWGD2h0dHA6Ly90ZXN0LzY2NoYPaHR0cDovL3Rlc3Qv +NjY3hg9odHRwOi8vdGVzdC82NjiGD2h0dHA6Ly90ZXN0LzY2OYYPaHR0cDovL3Rl +c3QvNjcwhg9odHRwOi8vdGVzdC82NzGGD2h0dHA6Ly90ZXN0LzY3MoYPaHR0cDov +L3Rlc3QvNjczhg9odHRwOi8vdGVzdC82NzSGD2h0dHA6Ly90ZXN0LzY3NYYPaHR0 +cDovL3Rlc3QvNjc2hg9odHRwOi8vdGVzdC82NzeGD2h0dHA6Ly90ZXN0LzY3OIYP +aHR0cDovL3Rlc3QvNjc5hg9odHRwOi8vdGVzdC82ODCGD2h0dHA6Ly90ZXN0LzY4 +MYYPaHR0cDovL3Rlc3QvNjgyhg9odHRwOi8vdGVzdC82ODOGD2h0dHA6Ly90ZXN0 +LzY4NIYPaHR0cDovL3Rlc3QvNjg1hg9odHRwOi8vdGVzdC82ODaGD2h0dHA6Ly90 +ZXN0LzY4N4YPaHR0cDovL3Rlc3QvNjg4hg9odHRwOi8vdGVzdC82ODmGD2h0dHA6 +Ly90ZXN0LzY5MIYPaHR0cDovL3Rlc3QvNjkxhg9odHRwOi8vdGVzdC82OTKGD2h0 +dHA6Ly90ZXN0LzY5M4YPaHR0cDovL3Rlc3QvNjk0hg9odHRwOi8vdGVzdC82OTWG +D2h0dHA6Ly90ZXN0LzY5NoYPaHR0cDovL3Rlc3QvNjk3hg9odHRwOi8vdGVzdC82 +OTiGD2h0dHA6Ly90ZXN0LzY5OYYPaHR0cDovL3Rlc3QvNzAwhg9odHRwOi8vdGVz +dC83MDGGD2h0dHA6Ly90ZXN0LzcwMoYPaHR0cDovL3Rlc3QvNzAzhg9odHRwOi8v +dGVzdC83MDSGD2h0dHA6Ly90ZXN0LzcwNYYPaHR0cDovL3Rlc3QvNzA2hg9odHRw +Oi8vdGVzdC83MDeGD2h0dHA6Ly90ZXN0LzcwOIYPaHR0cDovL3Rlc3QvNzA5hg9o +dHRwOi8vdGVzdC83MTCGD2h0dHA6Ly90ZXN0LzcxMYYPaHR0cDovL3Rlc3QvNzEy +hg9odHRwOi8vdGVzdC83MTOGD2h0dHA6Ly90ZXN0LzcxNIYPaHR0cDovL3Rlc3Qv +NzE1hg9odHRwOi8vdGVzdC83MTaGD2h0dHA6Ly90ZXN0LzcxN4YPaHR0cDovL3Rl +c3QvNzE4hg9odHRwOi8vdGVzdC83MTmGD2h0dHA6Ly90ZXN0LzcyMIYPaHR0cDov +L3Rlc3QvNzIxhg9odHRwOi8vdGVzdC83MjKGD2h0dHA6Ly90ZXN0LzcyM4YPaHR0 +cDovL3Rlc3QvNzI0hg9odHRwOi8vdGVzdC83MjWGD2h0dHA6Ly90ZXN0LzcyNoYP +aHR0cDovL3Rlc3QvNzI3hg9odHRwOi8vdGVzdC83MjiGD2h0dHA6Ly90ZXN0Lzcy +OYYPaHR0cDovL3Rlc3QvNzMwhg9odHRwOi8vdGVzdC83MzGGD2h0dHA6Ly90ZXN0 +LzczMoYPaHR0cDovL3Rlc3QvNzMzhg9odHRwOi8vdGVzdC83MzSGD2h0dHA6Ly90 +ZXN0LzczNYYPaHR0cDovL3Rlc3QvNzM2hg9odHRwOi8vdGVzdC83MzeGD2h0dHA6 +Ly90ZXN0LzczOIYPaHR0cDovL3Rlc3QvNzM5hg9odHRwOi8vdGVzdC83NDCGD2h0 +dHA6Ly90ZXN0Lzc0MYYPaHR0cDovL3Rlc3QvNzQyhg9odHRwOi8vdGVzdC83NDOG +D2h0dHA6Ly90ZXN0Lzc0NIYPaHR0cDovL3Rlc3QvNzQ1hg9odHRwOi8vdGVzdC83 +NDaGD2h0dHA6Ly90ZXN0Lzc0N4YPaHR0cDovL3Rlc3QvNzQ4hg9odHRwOi8vdGVz +dC83NDmGD2h0dHA6Ly90ZXN0Lzc1MIYPaHR0cDovL3Rlc3QvNzUxhg9odHRwOi8v +dGVzdC83NTKGD2h0dHA6Ly90ZXN0Lzc1M4YPaHR0cDovL3Rlc3QvNzU0hg9odHRw +Oi8vdGVzdC83NTWGD2h0dHA6Ly90ZXN0Lzc1NoYPaHR0cDovL3Rlc3QvNzU3hg9o +dHRwOi8vdGVzdC83NTiGD2h0dHA6Ly90ZXN0Lzc1OYYPaHR0cDovL3Rlc3QvNzYw +hg9odHRwOi8vdGVzdC83NjGGD2h0dHA6Ly90ZXN0Lzc2MoYPaHR0cDovL3Rlc3Qv +NzYzhg9odHRwOi8vdGVzdC83NjSGD2h0dHA6Ly90ZXN0Lzc2NYYPaHR0cDovL3Rl +c3QvNzY2hg9odHRwOi8vdGVzdC83NjeGD2h0dHA6Ly90ZXN0Lzc2OIYPaHR0cDov +L3Rlc3QvNzY5hg9odHRwOi8vdGVzdC83NzCGD2h0dHA6Ly90ZXN0Lzc3MYYPaHR0 +cDovL3Rlc3QvNzcyhg9odHRwOi8vdGVzdC83NzOGD2h0dHA6Ly90ZXN0Lzc3NIYP +aHR0cDovL3Rlc3QvNzc1hg9odHRwOi8vdGVzdC83NzaGD2h0dHA6Ly90ZXN0Lzc3 +N4YPaHR0cDovL3Rlc3QvNzc4hg9odHRwOi8vdGVzdC83NzmGD2h0dHA6Ly90ZXN0 +Lzc4MIYPaHR0cDovL3Rlc3QvNzgxhg9odHRwOi8vdGVzdC83ODKGD2h0dHA6Ly90 +ZXN0Lzc4M4YPaHR0cDovL3Rlc3QvNzg0hg9odHRwOi8vdGVzdC83ODWGD2h0dHA6 +Ly90ZXN0Lzc4NoYPaHR0cDovL3Rlc3QvNzg3hg9odHRwOi8vdGVzdC83ODiGD2h0 +dHA6Ly90ZXN0Lzc4OYYPaHR0cDovL3Rlc3QvNzkwhg9odHRwOi8vdGVzdC83OTGG +D2h0dHA6Ly90ZXN0Lzc5MoYPaHR0cDovL3Rlc3QvNzkzhg9odHRwOi8vdGVzdC83 +OTSGD2h0dHA6Ly90ZXN0Lzc5NYYPaHR0cDovL3Rlc3QvNzk2hg9odHRwOi8vdGVz +dC83OTeGD2h0dHA6Ly90ZXN0Lzc5OIYPaHR0cDovL3Rlc3QvNzk5hg9odHRwOi8v +dGVzdC84MDCGD2h0dHA6Ly90ZXN0LzgwMYYPaHR0cDovL3Rlc3QvODAyhg9odHRw +Oi8vdGVzdC84MDOGD2h0dHA6Ly90ZXN0LzgwNIYPaHR0cDovL3Rlc3QvODA1hg9o +dHRwOi8vdGVzdC84MDaGD2h0dHA6Ly90ZXN0LzgwN4YPaHR0cDovL3Rlc3QvODA4 +hg9odHRwOi8vdGVzdC84MDmGD2h0dHA6Ly90ZXN0LzgxMIYPaHR0cDovL3Rlc3Qv +ODExhg9odHRwOi8vdGVzdC84MTKGD2h0dHA6Ly90ZXN0LzgxM4YPaHR0cDovL3Rl +c3QvODE0hg9odHRwOi8vdGVzdC84MTWGD2h0dHA6Ly90ZXN0LzgxNoYPaHR0cDov +L3Rlc3QvODE3hg9odHRwOi8vdGVzdC84MTiGD2h0dHA6Ly90ZXN0LzgxOYYPaHR0 +cDovL3Rlc3QvODIwhg9odHRwOi8vdGVzdC84MjGGD2h0dHA6Ly90ZXN0LzgyMoYP +aHR0cDovL3Rlc3QvODIzhg9odHRwOi8vdGVzdC84MjSGD2h0dHA6Ly90ZXN0Lzgy +NYYPaHR0cDovL3Rlc3QvODI2hg9odHRwOi8vdGVzdC84MjeGD2h0dHA6Ly90ZXN0 +LzgyOIYPaHR0cDovL3Rlc3QvODI5hg9odHRwOi8vdGVzdC84MzCGD2h0dHA6Ly90 +ZXN0LzgzMYYPaHR0cDovL3Rlc3QvODMyhg9odHRwOi8vdGVzdC84MzOGD2h0dHA6 +Ly90ZXN0LzgzNIYPaHR0cDovL3Rlc3QvODM1hg9odHRwOi8vdGVzdC84MzaGD2h0 +dHA6Ly90ZXN0LzgzN4YPaHR0cDovL3Rlc3QvODM4hg9odHRwOi8vdGVzdC84MzmG +D2h0dHA6Ly90ZXN0Lzg0MIYPaHR0cDovL3Rlc3QvODQxhg9odHRwOi8vdGVzdC84 +NDKGD2h0dHA6Ly90ZXN0Lzg0M4YPaHR0cDovL3Rlc3QvODQ0hg9odHRwOi8vdGVz +dC84NDWGD2h0dHA6Ly90ZXN0Lzg0NoYPaHR0cDovL3Rlc3QvODQ3hg9odHRwOi8v +dGVzdC84NDiGD2h0dHA6Ly90ZXN0Lzg0OYYPaHR0cDovL3Rlc3QvODUwhg9odHRw +Oi8vdGVzdC84NTGGD2h0dHA6Ly90ZXN0Lzg1MoYPaHR0cDovL3Rlc3QvODUzhg9o +dHRwOi8vdGVzdC84NTSGD2h0dHA6Ly90ZXN0Lzg1NYYPaHR0cDovL3Rlc3QvODU2 +hg9odHRwOi8vdGVzdC84NTeGD2h0dHA6Ly90ZXN0Lzg1OIYPaHR0cDovL3Rlc3Qv +ODU5hg9odHRwOi8vdGVzdC84NjCGD2h0dHA6Ly90ZXN0Lzg2MYYPaHR0cDovL3Rl +c3QvODYyhg9odHRwOi8vdGVzdC84NjOGD2h0dHA6Ly90ZXN0Lzg2NIYPaHR0cDov +L3Rlc3QvODY1hg9odHRwOi8vdGVzdC84NjaGD2h0dHA6Ly90ZXN0Lzg2N4YPaHR0 +cDovL3Rlc3QvODY4hg9odHRwOi8vdGVzdC84NjmGD2h0dHA6Ly90ZXN0Lzg3MIYP +aHR0cDovL3Rlc3QvODcxhg9odHRwOi8vdGVzdC84NzKGD2h0dHA6Ly90ZXN0Lzg3 +M4YPaHR0cDovL3Rlc3QvODc0hg9odHRwOi8vdGVzdC84NzWGD2h0dHA6Ly90ZXN0 +Lzg3NoYPaHR0cDovL3Rlc3QvODc3hg9odHRwOi8vdGVzdC84NziGD2h0dHA6Ly90 +ZXN0Lzg3OYYPaHR0cDovL3Rlc3QvODgwhg9odHRwOi8vdGVzdC84ODGGD2h0dHA6 +Ly90ZXN0Lzg4MoYPaHR0cDovL3Rlc3QvODgzhg9odHRwOi8vdGVzdC84ODSGD2h0 +dHA6Ly90ZXN0Lzg4NYYPaHR0cDovL3Rlc3QvODg2hg9odHRwOi8vdGVzdC84ODeG +D2h0dHA6Ly90ZXN0Lzg4OIYPaHR0cDovL3Rlc3QvODg5hg9odHRwOi8vdGVzdC84 +OTCGD2h0dHA6Ly90ZXN0Lzg5MYYPaHR0cDovL3Rlc3QvODkyhg9odHRwOi8vdGVz +dC84OTOGD2h0dHA6Ly90ZXN0Lzg5NIYPaHR0cDovL3Rlc3QvODk1hg9odHRwOi8v +dGVzdC84OTaGD2h0dHA6Ly90ZXN0Lzg5N4YPaHR0cDovL3Rlc3QvODk4hg9odHRw +Oi8vdGVzdC84OTmGD2h0dHA6Ly90ZXN0LzkwMIYPaHR0cDovL3Rlc3QvOTAxhg9o +dHRwOi8vdGVzdC85MDKGD2h0dHA6Ly90ZXN0LzkwM4YPaHR0cDovL3Rlc3QvOTA0 +hg9odHRwOi8vdGVzdC85MDWGD2h0dHA6Ly90ZXN0LzkwNoYPaHR0cDovL3Rlc3Qv +OTA3hg9odHRwOi8vdGVzdC85MDiGD2h0dHA6Ly90ZXN0LzkwOYYPaHR0cDovL3Rl +c3QvOTEwhg9odHRwOi8vdGVzdC85MTGGD2h0dHA6Ly90ZXN0LzkxMoYPaHR0cDov +L3Rlc3QvOTEzhg9odHRwOi8vdGVzdC85MTSGD2h0dHA6Ly90ZXN0LzkxNYYPaHR0 +cDovL3Rlc3QvOTE2hg9odHRwOi8vdGVzdC85MTeGD2h0dHA6Ly90ZXN0LzkxOIYP +aHR0cDovL3Rlc3QvOTE5hg9odHRwOi8vdGVzdC85MjCGD2h0dHA6Ly90ZXN0Lzky +MYYPaHR0cDovL3Rlc3QvOTIyhg9odHRwOi8vdGVzdC85MjOGD2h0dHA6Ly90ZXN0 +LzkyNIYPaHR0cDovL3Rlc3QvOTI1hg9odHRwOi8vdGVzdC85MjaGD2h0dHA6Ly90 +ZXN0LzkyN4YPaHR0cDovL3Rlc3QvOTI4hg9odHRwOi8vdGVzdC85MjmGD2h0dHA6 +Ly90ZXN0LzkzMIYPaHR0cDovL3Rlc3QvOTMxhg9odHRwOi8vdGVzdC85MzKGD2h0 +dHA6Ly90ZXN0LzkzM4YPaHR0cDovL3Rlc3QvOTM0hg9odHRwOi8vdGVzdC85MzWG +D2h0dHA6Ly90ZXN0LzkzNoYPaHR0cDovL3Rlc3QvOTM3hg9odHRwOi8vdGVzdC85 +MziGD2h0dHA6Ly90ZXN0LzkzOYYPaHR0cDovL3Rlc3QvOTQwhg9odHRwOi8vdGVz +dC85NDGGD2h0dHA6Ly90ZXN0Lzk0MoYPaHR0cDovL3Rlc3QvOTQzhg9odHRwOi8v +dGVzdC85NDSGD2h0dHA6Ly90ZXN0Lzk0NYYPaHR0cDovL3Rlc3QvOTQ2hg9odHRw +Oi8vdGVzdC85NDeGD2h0dHA6Ly90ZXN0Lzk0OIYPaHR0cDovL3Rlc3QvOTQ5hg9o +dHRwOi8vdGVzdC85NTCGD2h0dHA6Ly90ZXN0Lzk1MYYPaHR0cDovL3Rlc3QvOTUy +hg9odHRwOi8vdGVzdC85NTOGD2h0dHA6Ly90ZXN0Lzk1NIYPaHR0cDovL3Rlc3Qv +OTU1hg9odHRwOi8vdGVzdC85NTaGD2h0dHA6Ly90ZXN0Lzk1N4YPaHR0cDovL3Rl +c3QvOTU4hg9odHRwOi8vdGVzdC85NTmGD2h0dHA6Ly90ZXN0Lzk2MIYPaHR0cDov +L3Rlc3QvOTYxhg9odHRwOi8vdGVzdC85NjKGD2h0dHA6Ly90ZXN0Lzk2M4YPaHR0 +cDovL3Rlc3QvOTY0hg9odHRwOi8vdGVzdC85NjWGD2h0dHA6Ly90ZXN0Lzk2NoYP +aHR0cDovL3Rlc3QvOTY3hg9odHRwOi8vdGVzdC85NjiGD2h0dHA6Ly90ZXN0Lzk2 +OYYPaHR0cDovL3Rlc3QvOTcwhg9odHRwOi8vdGVzdC85NzGGD2h0dHA6Ly90ZXN0 +Lzk3MoYPaHR0cDovL3Rlc3QvOTczhg9odHRwOi8vdGVzdC85NzSGD2h0dHA6Ly90 +ZXN0Lzk3NYYPaHR0cDovL3Rlc3QvOTc2hg9odHRwOi8vdGVzdC85NzeGD2h0dHA6 +Ly90ZXN0Lzk3OIYPaHR0cDovL3Rlc3QvOTc5hg9odHRwOi8vdGVzdC85ODCGD2h0 +dHA6Ly90ZXN0Lzk4MYYPaHR0cDovL3Rlc3QvOTgyhg9odHRwOi8vdGVzdC85ODOG +D2h0dHA6Ly90ZXN0Lzk4NIYPaHR0cDovL3Rlc3QvOTg1hg9odHRwOi8vdGVzdC85 +ODaGD2h0dHA6Ly90ZXN0Lzk4N4YPaHR0cDovL3Rlc3QvOTg4hg9odHRwOi8vdGVz +dC85ODmGD2h0dHA6Ly90ZXN0Lzk5MIYPaHR0cDovL3Rlc3QvOTkxhg9odHRwOi8v +dGVzdC85OTKGD2h0dHA6Ly90ZXN0Lzk5M4YPaHR0cDovL3Rlc3QvOTk0hg9odHRw +Oi8vdGVzdC85OTWGD2h0dHA6Ly90ZXN0Lzk5NoYPaHR0cDovL3Rlc3QvOTk3hg9o +dHRwOi8vdGVzdC85OTiGD2h0dHA6Ly90ZXN0Lzk5OYYQaHR0cDovL3Rlc3QvMTAw +MIYQaHR0cDovL3Rlc3QvMTAwMYYQaHR0cDovL3Rlc3QvMTAwMoYQaHR0cDovL3Rl +c3QvMTAwM4YQaHR0cDovL3Rlc3QvMTAwNIYQaHR0cDovL3Rlc3QvMTAwNYYQaHR0 +cDovL3Rlc3QvMTAwNoYQaHR0cDovL3Rlc3QvMTAwN4YQaHR0cDovL3Rlc3QvMTAw +OIYQaHR0cDovL3Rlc3QvMTAwOYYQaHR0cDovL3Rlc3QvMTAxMIYQaHR0cDovL3Rl +c3QvMTAxMYYQaHR0cDovL3Rlc3QvMTAxMoYQaHR0cDovL3Rlc3QvMTAxM4YQaHR0 +cDovL3Rlc3QvMTAxNIYQaHR0cDovL3Rlc3QvMTAxNYYQaHR0cDovL3Rlc3QvMTAx +NoYQaHR0cDovL3Rlc3QvMTAxN4YQaHR0cDovL3Rlc3QvMTAxOIYQaHR0cDovL3Rl +c3QvMTAxOYYQaHR0cDovL3Rlc3QvMTAyMIYQaHR0cDovL3Rlc3QvMTAyMYYQaHR0 +cDovL3Rlc3QvMTAyMoYQaHR0cDovL3Rlc3QvMTAyM4YQaHR0cDovL3Rlc3QvMTAy +NDANBgkqhkiG9w0BAQsFAAOCAQEALVYcHsqOG3YUW1iZMC7ZmkTpgewab1xJGRDl +VY1qilCY73l/xdKD/2KHZeW1u3gWB3yv/asRDJNfU05uFEAzdbCrp7dmgh0o+jmE +PlgnEcxJ9mR7/mPY80ouACvqiq2q4T5OzuhEUf8nxxL0w/m/6wdyy+zSvuynXkWC +1Ym9bGlf+Bm/UivPWLttj7lVmATwd8Lf6stndJheAMBMTOFtBkJSd/uifuUKiuuM +7xkS9HSkqmZhImOwRISOFGuJVERrWdNVacTTz+TGRPZV544M/v5PygW6mLgb5/mJ +yeLOdsfh4GcAa1SdhMhG5/ALUnVMwnRU23LfD52DGG9U6uTTvQ== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.db b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.pem new file mode 100644 index 0000000000..c59ddf7a5e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.pem @@ -0,0 +1,705 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, URI:http://test/0, URI:http://test/1, URI:http://test/2, URI:http://test/3, URI:http://test/4, URI:http://test/5, URI:http://test/6, URI:http://test/7, URI:http://test/8, URI:http://test/9, URI:http://test/10, URI:http://test/11, URI:http://test/12, URI:http://test/13, URI:http://test/14, URI:http://test/15, URI:http://test/16, URI:http://test/17, URI:http://test/18, URI:http://test/19, URI:http://test/20, URI:http://test/21, URI:http://test/22, URI:http://test/23, URI:http://test/24, URI:http://test/25, URI:http://test/26, URI:http://test/27, URI:http://test/28, URI:http://test/29, URI:http://test/30, URI:http://test/31, URI:http://test/32, URI:http://test/33, URI:http://test/34, URI:http://test/35, URI:http://test/36, URI:http://test/37, URI:http://test/38, URI:http://test/39, URI:http://test/40, URI:http://test/41, URI:http://test/42, URI:http://test/43, URI:http://test/44, URI:http://test/45, URI:http://test/46, URI:http://test/47, URI:http://test/48, URI:http://test/49, URI:http://test/50, URI:http://test/51, URI:http://test/52, URI:http://test/53, URI:http://test/54, URI:http://test/55, URI:http://test/56, URI:http://test/57, URI:http://test/58, URI:http://test/59, URI:http://test/60, URI:http://test/61, URI:http://test/62, URI:http://test/63, URI:http://test/64, URI:http://test/65, URI:http://test/66, URI:http://test/67, URI:http://test/68, URI:http://test/69, URI:http://test/70, URI:http://test/71, URI:http://test/72, URI:http://test/73, URI:http://test/74, URI:http://test/75, URI:http://test/76, URI:http://test/77, URI:http://test/78, URI:http://test/79, URI:http://test/80, URI:http://test/81, URI:http://test/82, URI:http://test/83, URI:http://test/84, URI:http://test/85, URI:http://test/86, URI:http://test/87, URI:http://test/88, URI:http://test/89, URI:http://test/90, URI:http://test/91, URI:http://test/92, URI:http://test/93, URI:http://test/94, URI:http://test/95, URI:http://test/96, URI:http://test/97, URI:http://test/98, URI:http://test/99, URI:http://test/100, URI:http://test/101, URI:http://test/102, URI:http://test/103, URI:http://test/104, URI:http://test/105, URI:http://test/106, URI:http://test/107, URI:http://test/108, URI:http://test/109, URI:http://test/110, URI:http://test/111, URI:http://test/112, URI:http://test/113, URI:http://test/114, URI:http://test/115, URI:http://test/116, URI:http://test/117, URI:http://test/118, URI:http://test/119, URI:http://test/120, URI:http://test/121, URI:http://test/122, URI:http://test/123, URI:http://test/124, URI:http://test/125, URI:http://test/126, URI:http://test/127, URI:http://test/128, URI:http://test/129, URI:http://test/130, URI:http://test/131, URI:http://test/132, URI:http://test/133, URI:http://test/134, URI:http://test/135, URI:http://test/136, URI:http://test/137, URI:http://test/138, URI:http://test/139, URI:http://test/140, URI:http://test/141, URI:http://test/142, URI:http://test/143, URI:http://test/144, URI:http://test/145, URI:http://test/146, URI:http://test/147, URI:http://test/148, URI:http://test/149, URI:http://test/150, URI:http://test/151, URI:http://test/152, URI:http://test/153, URI:http://test/154, URI:http://test/155, URI:http://test/156, URI:http://test/157, URI:http://test/158, URI:http://test/159, URI:http://test/160, URI:http://test/161, URI:http://test/162, URI:http://test/163, URI:http://test/164, URI:http://test/165, URI:http://test/166, URI:http://test/167, URI:http://test/168, URI:http://test/169, URI:http://test/170, URI:http://test/171, URI:http://test/172, URI:http://test/173, URI:http://test/174, URI:http://test/175, URI:http://test/176, URI:http://test/177, URI:http://test/178, URI:http://test/179, URI:http://test/180, URI:http://test/181, URI:http://test/182, URI:http://test/183, URI:http://test/184, URI:http://test/185, URI:http://test/186, URI:http://test/187, URI:http://test/188, URI:http://test/189, URI:http://test/190, URI:http://test/191, URI:http://test/192, URI:http://test/193, URI:http://test/194, URI:http://test/195, URI:http://test/196, URI:http://test/197, URI:http://test/198, URI:http://test/199, URI:http://test/200, URI:http://test/201, URI:http://test/202, URI:http://test/203, URI:http://test/204, URI:http://test/205, URI:http://test/206, URI:http://test/207, URI:http://test/208, URI:http://test/209, URI:http://test/210, URI:http://test/211, URI:http://test/212, URI:http://test/213, URI:http://test/214, URI:http://test/215, URI:http://test/216, URI:http://test/217, URI:http://test/218, URI:http://test/219, URI:http://test/220, URI:http://test/221, URI:http://test/222, URI:http://test/223, URI:http://test/224, URI:http://test/225, URI:http://test/226, URI:http://test/227, URI:http://test/228, URI:http://test/229, URI:http://test/230, URI:http://test/231, URI:http://test/232, URI:http://test/233, URI:http://test/234, URI:http://test/235, URI:http://test/236, URI:http://test/237, URI:http://test/238, URI:http://test/239, URI:http://test/240, URI:http://test/241, URI:http://test/242, URI:http://test/243, URI:http://test/244, URI:http://test/245, URI:http://test/246, URI:http://test/247, URI:http://test/248, URI:http://test/249, URI:http://test/250, URI:http://test/251, URI:http://test/252, URI:http://test/253, URI:http://test/254, URI:http://test/255, URI:http://test/256, URI:http://test/257, URI:http://test/258, URI:http://test/259, URI:http://test/260, URI:http://test/261, URI:http://test/262, URI:http://test/263, URI:http://test/264, URI:http://test/265, URI:http://test/266, URI:http://test/267, URI:http://test/268, URI:http://test/269, URI:http://test/270, URI:http://test/271, URI:http://test/272, URI:http://test/273, URI:http://test/274, URI:http://test/275, URI:http://test/276, URI:http://test/277, URI:http://test/278, URI:http://test/279, URI:http://test/280, URI:http://test/281, URI:http://test/282, URI:http://test/283, URI:http://test/284, URI:http://test/285, URI:http://test/286, URI:http://test/287, URI:http://test/288, URI:http://test/289, URI:http://test/290, URI:http://test/291, URI:http://test/292, URI:http://test/293, URI:http://test/294, URI:http://test/295, URI:http://test/296, URI:http://test/297, URI:http://test/298, URI:http://test/299, URI:http://test/300, URI:http://test/301, URI:http://test/302, URI:http://test/303, URI:http://test/304, URI:http://test/305, URI:http://test/306, URI:http://test/307, URI:http://test/308, URI:http://test/309, URI:http://test/310, URI:http://test/311, URI:http://test/312, URI:http://test/313, URI:http://test/314, URI:http://test/315, URI:http://test/316, URI:http://test/317, URI:http://test/318, URI:http://test/319, URI:http://test/320, URI:http://test/321, URI:http://test/322, URI:http://test/323, URI:http://test/324, URI:http://test/325, URI:http://test/326, URI:http://test/327, URI:http://test/328, URI:http://test/329, URI:http://test/330, URI:http://test/331, URI:http://test/332, URI:http://test/333, URI:http://test/334, URI:http://test/335, URI:http://test/336, URI:http://test/337, URI:http://test/338, URI:http://test/339, URI:http://test/340, URI:http://test/341, URI:http://test/342, URI:http://test/343, URI:http://test/344, URI:http://test/345, URI:http://test/346, URI:http://test/347, URI:http://test/348, URI:http://test/349, URI:http://test/350, URI:http://test/351, URI:http://test/352, URI:http://test/353, URI:http://test/354, URI:http://test/355, URI:http://test/356, URI:http://test/357, URI:http://test/358, URI:http://test/359, URI:http://test/360, URI:http://test/361, URI:http://test/362, URI:http://test/363, URI:http://test/364, URI:http://test/365, URI:http://test/366, URI:http://test/367, URI:http://test/368, URI:http://test/369, URI:http://test/370, URI:http://test/371, URI:http://test/372, URI:http://test/373, URI:http://test/374, URI:http://test/375, URI:http://test/376, URI:http://test/377, URI:http://test/378, URI:http://test/379, URI:http://test/380, URI:http://test/381, URI:http://test/382, URI:http://test/383, URI:http://test/384, URI:http://test/385, URI:http://test/386, URI:http://test/387, URI:http://test/388, URI:http://test/389, URI:http://test/390, URI:http://test/391, URI:http://test/392, URI:http://test/393, URI:http://test/394, URI:http://test/395, URI:http://test/396, URI:http://test/397, URI:http://test/398, URI:http://test/399, URI:http://test/400, URI:http://test/401, URI:http://test/402, URI:http://test/403, URI:http://test/404, URI:http://test/405, URI:http://test/406, URI:http://test/407, URI:http://test/408, URI:http://test/409, URI:http://test/410, URI:http://test/411, URI:http://test/412, URI:http://test/413, URI:http://test/414, URI:http://test/415, URI:http://test/416, URI:http://test/417, URI:http://test/418, URI:http://test/419, URI:http://test/420, URI:http://test/421, URI:http://test/422, URI:http://test/423, URI:http://test/424, URI:http://test/425, URI:http://test/426, URI:http://test/427, URI:http://test/428, URI:http://test/429, URI:http://test/430, URI:http://test/431, URI:http://test/432, URI:http://test/433, URI:http://test/434, URI:http://test/435, URI:http://test/436, URI:http://test/437, URI:http://test/438, URI:http://test/439, URI:http://test/440, URI:http://test/441, URI:http://test/442, URI:http://test/443, URI:http://test/444, URI:http://test/445, URI:http://test/446, URI:http://test/447, URI:http://test/448, URI:http://test/449, URI:http://test/450, URI:http://test/451, URI:http://test/452, URI:http://test/453, URI:http://test/454, URI:http://test/455, URI:http://test/456, URI:http://test/457, URI:http://test/458, URI:http://test/459, URI:http://test/460, URI:http://test/461, URI:http://test/462, URI:http://test/463, URI:http://test/464, URI:http://test/465, URI:http://test/466, URI:http://test/467, URI:http://test/468, URI:http://test/469, URI:http://test/470, URI:http://test/471, URI:http://test/472, URI:http://test/473, URI:http://test/474, URI:http://test/475, URI:http://test/476, URI:http://test/477, URI:http://test/478, URI:http://test/479, URI:http://test/480, URI:http://test/481, URI:http://test/482, URI:http://test/483, URI:http://test/484, URI:http://test/485, URI:http://test/486, URI:http://test/487, URI:http://test/488, URI:http://test/489, URI:http://test/490, URI:http://test/491, URI:http://test/492, URI:http://test/493, URI:http://test/494, URI:http://test/495, URI:http://test/496, URI:http://test/497, URI:http://test/498, URI:http://test/499, URI:http://test/500, URI:http://test/501, URI:http://test/502, URI:http://test/503, URI:http://test/504, URI:http://test/505, URI:http://test/506, URI:http://test/507, URI:http://test/508, URI:http://test/509, URI:http://test/510, URI:http://test/511, URI:http://test/512, URI:http://test/513, URI:http://test/514, URI:http://test/515, URI:http://test/516, URI:http://test/517, URI:http://test/518, URI:http://test/519, URI:http://test/520, URI:http://test/521, URI:http://test/522, URI:http://test/523, URI:http://test/524, URI:http://test/525, URI:http://test/526, URI:http://test/527, URI:http://test/528, URI:http://test/529, URI:http://test/530, URI:http://test/531, URI:http://test/532, URI:http://test/533, URI:http://test/534, URI:http://test/535, URI:http://test/536, URI:http://test/537, URI:http://test/538, URI:http://test/539, URI:http://test/540, URI:http://test/541, URI:http://test/542, URI:http://test/543, URI:http://test/544, URI:http://test/545, URI:http://test/546, URI:http://test/547, URI:http://test/548, URI:http://test/549, URI:http://test/550, URI:http://test/551, URI:http://test/552, URI:http://test/553, URI:http://test/554, URI:http://test/555, URI:http://test/556, URI:http://test/557, URI:http://test/558, URI:http://test/559, URI:http://test/560, URI:http://test/561, URI:http://test/562, URI:http://test/563, URI:http://test/564, URI:http://test/565, URI:http://test/566, URI:http://test/567, URI:http://test/568, URI:http://test/569, URI:http://test/570, URI:http://test/571, URI:http://test/572, URI:http://test/573, URI:http://test/574, URI:http://test/575, URI:http://test/576, URI:http://test/577, URI:http://test/578, URI:http://test/579, URI:http://test/580, URI:http://test/581, URI:http://test/582, URI:http://test/583, URI:http://test/584, URI:http://test/585, URI:http://test/586, URI:http://test/587, URI:http://test/588, URI:http://test/589, URI:http://test/590, URI:http://test/591, URI:http://test/592, URI:http://test/593, URI:http://test/594, URI:http://test/595, URI:http://test/596, URI:http://test/597, URI:http://test/598, URI:http://test/599, URI:http://test/600, URI:http://test/601, URI:http://test/602, URI:http://test/603, URI:http://test/604, URI:http://test/605, URI:http://test/606, URI:http://test/607, URI:http://test/608, URI:http://test/609, URI:http://test/610, URI:http://test/611, URI:http://test/612, URI:http://test/613, URI:http://test/614, URI:http://test/615, URI:http://test/616, URI:http://test/617, URI:http://test/618, URI:http://test/619, URI:http://test/620, URI:http://test/621, URI:http://test/622, URI:http://test/623, URI:http://test/624, URI:http://test/625, URI:http://test/626, URI:http://test/627, URI:http://test/628, URI:http://test/629, URI:http://test/630, URI:http://test/631, URI:http://test/632, URI:http://test/633, URI:http://test/634, URI:http://test/635, URI:http://test/636, URI:http://test/637, URI:http://test/638, URI:http://test/639, URI:http://test/640, URI:http://test/641, URI:http://test/642, URI:http://test/643, URI:http://test/644, URI:http://test/645, URI:http://test/646, URI:http://test/647, URI:http://test/648, URI:http://test/649, URI:http://test/650, URI:http://test/651, URI:http://test/652, URI:http://test/653, URI:http://test/654, URI:http://test/655, URI:http://test/656, URI:http://test/657, URI:http://test/658, URI:http://test/659, URI:http://test/660, URI:http://test/661, URI:http://test/662, URI:http://test/663, URI:http://test/664, URI:http://test/665, URI:http://test/666, URI:http://test/667, URI:http://test/668, URI:http://test/669, URI:http://test/670, URI:http://test/671, URI:http://test/672, URI:http://test/673, URI:http://test/674, URI:http://test/675, URI:http://test/676, URI:http://test/677, URI:http://test/678, URI:http://test/679, URI:http://test/680, URI:http://test/681, URI:http://test/682, URI:http://test/683, URI:http://test/684, URI:http://test/685, URI:http://test/686, URI:http://test/687, URI:http://test/688, URI:http://test/689, URI:http://test/690, URI:http://test/691, URI:http://test/692, URI:http://test/693, URI:http://test/694, URI:http://test/695, URI:http://test/696, URI:http://test/697, URI:http://test/698, URI:http://test/699, URI:http://test/700, URI:http://test/701, URI:http://test/702, URI:http://test/703, URI:http://test/704, URI:http://test/705, URI:http://test/706, URI:http://test/707, URI:http://test/708, URI:http://test/709, URI:http://test/710, URI:http://test/711, URI:http://test/712, URI:http://test/713, URI:http://test/714, URI:http://test/715, URI:http://test/716, URI:http://test/717, URI:http://test/718, URI:http://test/719, URI:http://test/720, URI:http://test/721, URI:http://test/722, URI:http://test/723, URI:http://test/724, URI:http://test/725, URI:http://test/726, URI:http://test/727, URI:http://test/728, URI:http://test/729, URI:http://test/730, URI:http://test/731, URI:http://test/732, URI:http://test/733, URI:http://test/734, URI:http://test/735, URI:http://test/736, URI:http://test/737, URI:http://test/738, URI:http://test/739, URI:http://test/740, URI:http://test/741, URI:http://test/742, URI:http://test/743, URI:http://test/744, URI:http://test/745, URI:http://test/746, URI:http://test/747, URI:http://test/748, URI:http://test/749, URI:http://test/750, URI:http://test/751, URI:http://test/752, URI:http://test/753, URI:http://test/754, URI:http://test/755, URI:http://test/756, URI:http://test/757, URI:http://test/758, URI:http://test/759, URI:http://test/760, URI:http://test/761, URI:http://test/762, URI:http://test/763, URI:http://test/764, URI:http://test/765, URI:http://test/766, URI:http://test/767, URI:http://test/768, URI:http://test/769, URI:http://test/770, URI:http://test/771, URI:http://test/772, URI:http://test/773, URI:http://test/774, URI:http://test/775, URI:http://test/776, URI:http://test/777, URI:http://test/778, URI:http://test/779, URI:http://test/780, URI:http://test/781, URI:http://test/782, URI:http://test/783, URI:http://test/784, URI:http://test/785, URI:http://test/786, URI:http://test/787, URI:http://test/788, URI:http://test/789, URI:http://test/790, URI:http://test/791, URI:http://test/792, URI:http://test/793, URI:http://test/794, URI:http://test/795, URI:http://test/796, URI:http://test/797, URI:http://test/798, URI:http://test/799, URI:http://test/800, URI:http://test/801, URI:http://test/802, URI:http://test/803, URI:http://test/804, URI:http://test/805, URI:http://test/806, URI:http://test/807, URI:http://test/808, URI:http://test/809, URI:http://test/810, URI:http://test/811, URI:http://test/812, URI:http://test/813, URI:http://test/814, URI:http://test/815, URI:http://test/816, URI:http://test/817, URI:http://test/818, URI:http://test/819, URI:http://test/820, URI:http://test/821, URI:http://test/822, URI:http://test/823, URI:http://test/824, URI:http://test/825, URI:http://test/826, URI:http://test/827, URI:http://test/828, URI:http://test/829, URI:http://test/830, URI:http://test/831, URI:http://test/832, URI:http://test/833, URI:http://test/834, URI:http://test/835, URI:http://test/836, URI:http://test/837, URI:http://test/838, URI:http://test/839, URI:http://test/840, URI:http://test/841, URI:http://test/842, URI:http://test/843, URI:http://test/844, URI:http://test/845, URI:http://test/846, URI:http://test/847, URI:http://test/848, URI:http://test/849, URI:http://test/850, URI:http://test/851, URI:http://test/852, URI:http://test/853, URI:http://test/854, URI:http://test/855, URI:http://test/856, URI:http://test/857, URI:http://test/858, URI:http://test/859, URI:http://test/860, URI:http://test/861, URI:http://test/862, URI:http://test/863, URI:http://test/864, URI:http://test/865, URI:http://test/866, URI:http://test/867, URI:http://test/868, URI:http://test/869, URI:http://test/870, URI:http://test/871, URI:http://test/872, URI:http://test/873, URI:http://test/874, URI:http://test/875, URI:http://test/876, URI:http://test/877, URI:http://test/878, URI:http://test/879, URI:http://test/880, URI:http://test/881, URI:http://test/882, URI:http://test/883, URI:http://test/884, URI:http://test/885, URI:http://test/886, URI:http://test/887, URI:http://test/888, URI:http://test/889, URI:http://test/890, URI:http://test/891, URI:http://test/892, URI:http://test/893, URI:http://test/894, URI:http://test/895, URI:http://test/896, URI:http://test/897, URI:http://test/898, URI:http://test/899, URI:http://test/900, URI:http://test/901, URI:http://test/902, URI:http://test/903, URI:http://test/904, URI:http://test/905, URI:http://test/906, URI:http://test/907, URI:http://test/908, URI:http://test/909, URI:http://test/910, URI:http://test/911, URI:http://test/912, URI:http://test/913, URI:http://test/914, URI:http://test/915, URI:http://test/916, URI:http://test/917, URI:http://test/918, URI:http://test/919, URI:http://test/920, URI:http://test/921, URI:http://test/922, URI:http://test/923, URI:http://test/924, URI:http://test/925, URI:http://test/926, URI:http://test/927, URI:http://test/928, URI:http://test/929, URI:http://test/930, URI:http://test/931, URI:http://test/932, URI:http://test/933, URI:http://test/934, URI:http://test/935, URI:http://test/936, URI:http://test/937, URI:http://test/938, URI:http://test/939, URI:http://test/940, URI:http://test/941, URI:http://test/942, URI:http://test/943, URI:http://test/944, URI:http://test/945, URI:http://test/946, URI:http://test/947, URI:http://test/948, URI:http://test/949, URI:http://test/950, URI:http://test/951, URI:http://test/952, URI:http://test/953, URI:http://test/954, URI:http://test/955, URI:http://test/956, URI:http://test/957, URI:http://test/958, URI:http://test/959, URI:http://test/960, URI:http://test/961, URI:http://test/962, URI:http://test/963, URI:http://test/964, URI:http://test/965, URI:http://test/966, URI:http://test/967, URI:http://test/968, URI:http://test/969, URI:http://test/970, URI:http://test/971, URI:http://test/972, URI:http://test/973, URI:http://test/974, URI:http://test/975, URI:http://test/976, URI:http://test/977, URI:http://test/978, URI:http://test/979, URI:http://test/980, URI:http://test/981, URI:http://test/982, URI:http://test/983, URI:http://test/984, URI:http://test/985, URI:http://test/986, URI:http://test/987, URI:http://test/988, URI:http://test/989, URI:http://test/990, URI:http://test/991, URI:http://test/992, URI:http://test/993, URI:http://test/994, URI:http://test/995, URI:http://test/996, URI:http://test/997, URI:http://test/998, URI:http://test/999, URI:http://test/1000, URI:http://test/1001, URI:http://test/1002, URI:http://test/1003, URI:http://test/1004, URI:http://test/1005, URI:http://test/1006, URI:http://test/1007, URI:http://test/1008, URI:http://test/1009, URI:http://test/1010, URI:http://test/1011, URI:http://test/1012, URI:http://test/1013, URI:http://test/1014, URI:http://test/1015, URI:http://test/1016, URI:http://test/1017, URI:http://test/1018, URI:http://test/1019, URI:http://test/1020, URI:http://test/1021, URI:http://test/1022, URI:http://test/1023, URI:http://test/1024 + Signature Algorithm: sha256WithRSAEncryption + 08:00:7f:e0:40:75:d2:43:36:3f:e3:6c:cf:c1:4a:69:b2:0c: + 1b:a8:a8:6b:7a:ee:ed:d0:2d:ee:e2:52:d9:2a:1f:5d:ac:29: + f5:12:e2:af:3b:db:a0:6d:3a:b4:09:ef:76:fa:52:68:5f:07: + 5f:9f:a4:52:8f:1d:da:da:b6:93:54:87:47:d0:3c:66:7e:ff: + 1b:e3:1e:da:52:4c:00:46:5b:0c:eb:9e:b8:5e:1e:db:f7:ce: + dd:2c:0f:4e:23:1d:63:98:ed:e5:18:e8:04:9c:a1:1e:cd:58: + de:09:43:4d:bf:8d:4b:6d:8e:32:e9:a6:53:40:17:0c:e2:59: + 43:55:2d:3f:ab:af:aa:13:48:ac:00:ac:5b:df:16:c7:20:2a: + ea:50:ef:79:78:c9:34:d5:c5:7f:8f:27:d0:5a:42:3a:e8:13: + 01:51:bc:a3:b9:53:6f:1d:e4:73:52:8d:f0:c7:9c:d1:46:19: + aa:28:63:3e:cc:4a:5f:63:0d:1d:28:4b:e0:b4:37:83:db:85: + 8c:84:86:7e:37:15:a8:ed:a8:00:da:14:97:fd:f1:c8:ea:6e: + 3a:b7:19:c1:6f:53:6b:0b:ff:29:60:30:7d:b6:35:d6:b8:58: + 6f:55:32:18:c6:44:c3:08:d8:c4:95:25:7b:ba:13:04:26:34: + 7c:d4:0e:a1 +-----BEGIN CERTIFICATE----- +MIJ2lTCCdX2gAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCc+IwgnPeMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgnL0BgNVHREEgnLrMIJy54IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0hwQKAAAAhwQK +AAABhwQKAAAChwQKAAADhwQKAAAEhwQKAAAFhwQKAAAGhwQKAAAHhwQKAAAIhwQK +AAAJhwQKAAAKhwQKAAALhwQKAAAMhwQKAAANhwQKAAAOhwQKAAAPhwQKAAAQhwQK +AAARhwQKAAAShwQKAAAThwQKAAAUhwQKAAAVhwQKAAAWhwQKAAAXhwQKAAAYhwQK +AAAZhwQKAAAahwQKAAAbhwQKAAAchwQKAAAdhwQKAAAehwQKAAAfhwQKAAAghwQK +AAAhhwQKAAAihwQKAAAjhwQKAAAkhwQKAAAlhwQKAAAmhwQKAAAnhwQKAAAohwQK +AAAphwQKAAAqhwQKAAArhwQKAAAshwQKAAAthwQKAAAuhwQKAAAvhwQKAAAwhwQK +AAAxhwQKAAAyhwQKAAAzhwQKAAA0hwQKAAA1hwQKAAA2hwQKAAA3hwQKAAA4hwQK +AAA5hwQKAAA6hwQKAAA7hwQKAAA8hwQKAAA9hwQKAAA+hwQKAAA/hwQKAABAhwQK +AABBhwQKAABChwQKAABDhwQKAABEhwQKAABFhwQKAABGhwQKAABHhwQKAABIhwQK +AABJhwQKAABKhwQKAABLhwQKAABMhwQKAABNhwQKAABOhwQKAABPhwQKAABQhwQK +AABRhwQKAABShwQKAABThwQKAABUhwQKAABVhwQKAABWhwQKAABXhwQKAABYhwQK +AABZhwQKAABahwQKAABbhwQKAABchwQKAABdhwQKAABehwQKAABfhwQKAABghwQK +AABhhwQKAABihwQKAABjhwQKAABkhwQKAABlhwQKAABmhwQKAABnhwQKAABohwQK +AABphwQKAABqhwQKAABrhwQKAABshwQKAABthwQKAABuhwQKAABvhwQKAABwhwQK +AABxhwQKAAByhwQKAABzhwQKAAB0hwQKAAB1hwQKAAB2hwQKAAB3hwQKAAB4hwQK +AAB5hwQKAAB6hwQKAAB7hwQKAAB8hwQKAAB9hwQKAAB+hwQKAAB/hwQKAACAhwQK +AACBhwQKAACChwQKAACDhwQKAACEhwQKAACFhwQKAACGhwQKAACHhwQKAACIhwQK +AACJhwQKAACKhwQKAACLhwQKAACMhwQKAACNhwQKAACOhwQKAACPhwQKAACQhwQK +AACRhwQKAACShwQKAACThwQKAACUhwQKAACVhwQKAACWhwQKAACXhwQKAACYhwQK +AACZhwQKAACahwQKAACbhwQKAACchwQKAACdhwQKAACehwQKAACfhwQKAACghwQK +AAChhwQKAACihwQKAACjhwQKAACkhwQKAAClhwQKAACmhwQKAACnhwQKAACohwQK +AACphwQKAACqhwQKAACrhwQKAACshwQKAACthwQKAACuhwQKAACvhwQKAACwhwQK +AACxhwQKAACyhwQKAACzhwQKAAC0hwQKAAC1hwQKAAC2hwQKAAC3hwQKAAC4hwQK +AAC5hwQKAAC6hwQKAAC7hwQKAAC8hwQKAAC9hwQKAAC+hwQKAAC/hwQKAADAhwQK +AADBhwQKAADChwQKAADDhwQKAADEhwQKAADFhwQKAADGhwQKAADHhwQKAADIhwQK +AADJhwQKAADKhwQKAADLhwQKAADMhwQKAADNhwQKAADOhwQKAADPhwQKAADQhwQK +AADRhwQKAADShwQKAADThwQKAADUhwQKAADVhwQKAADWhwQKAADXhwQKAADYhwQK +AADZhwQKAADahwQKAADbhwQKAADchwQKAADdhwQKAADehwQKAADfhwQKAADghwQK +AADhhwQKAADihwQKAADjhwQKAADkhwQKAADlhwQKAADmhwQKAADnhwQKAADohwQK +AADphwQKAADqhwQKAADrhwQKAADshwQKAADthwQKAADuhwQKAADvhwQKAADwhwQK +AADxhwQKAADyhwQKAADzhwQKAAD0hwQKAAD1hwQKAAD2hwQKAAD3hwQKAAD4hwQK +AAD5hwQKAAD6hwQKAAD7hwQKAAD8hwQKAAD9hwQKAAD+hwQKAAD/hwQKAAEAhwQK +AAEBhwQKAAEChwQKAAEDhwQKAAEEhwQKAAEFhwQKAAEGhwQKAAEHhwQKAAEIhwQK +AAEJhwQKAAEKhwQKAAELhwQKAAEMhwQKAAENhwQKAAEOhwQKAAEPhwQKAAEQhwQK +AAERhwQKAAEShwQKAAEThwQKAAEUhwQKAAEVhwQKAAEWhwQKAAEXhwQKAAEYhwQK +AAEZhwQKAAEahwQKAAEbhwQKAAEchwQKAAEdhwQKAAEehwQKAAEfhwQKAAEghwQK +AAEhhwQKAAEihwQKAAEjhwQKAAEkhwQKAAElhwQKAAEmhwQKAAEnhwQKAAEohwQK +AAEphwQKAAEqhwQKAAErhwQKAAEshwQKAAEthwQKAAEuhwQKAAEvhwQKAAEwhwQK +AAExhwQKAAEyhwQKAAEzhwQKAAE0hwQKAAE1hwQKAAE2hwQKAAE3hwQKAAE4hwQK +AAE5hwQKAAE6hwQKAAE7hwQKAAE8hwQKAAE9hwQKAAE+hwQKAAE/hwQKAAFAhwQK +AAFBhwQKAAFChwQKAAFDhwQKAAFEhwQKAAFFhwQKAAFGhwQKAAFHhwQKAAFIhwQK +AAFJhwQKAAFKhwQKAAFLhwQKAAFMhwQKAAFNhwQKAAFOhwQKAAFPhwQKAAFQhwQK +AAFRhwQKAAFShwQKAAFThwQKAAFUpA8wDTELMAkGA1UEAwwCdDCkDzANMQswCQYD +VQQDDAJ0MaQPMA0xCzAJBgNVBAMMAnQypA8wDTELMAkGA1UEAwwCdDOkDzANMQsw +CQYDVQQDDAJ0NKQPMA0xCzAJBgNVBAMMAnQ1pA8wDTELMAkGA1UEAwwCdDakDzAN +MQswCQYDVQQDDAJ0N6QPMA0xCzAJBgNVBAMMAnQ4pA8wDTELMAkGA1UEAwwCdDmk +EDAOMQwwCgYDVQQDDAN0MTCkEDAOMQwwCgYDVQQDDAN0MTGkEDAOMQwwCgYDVQQD +DAN0MTKkEDAOMQwwCgYDVQQDDAN0MTOkEDAOMQwwCgYDVQQDDAN0MTSkEDAOMQww +CgYDVQQDDAN0MTWkEDAOMQwwCgYDVQQDDAN0MTakEDAOMQwwCgYDVQQDDAN0MTek +EDAOMQwwCgYDVQQDDAN0MTikEDAOMQwwCgYDVQQDDAN0MTmkEDAOMQwwCgYDVQQD +DAN0MjCkEDAOMQwwCgYDVQQDDAN0MjGkEDAOMQwwCgYDVQQDDAN0MjKkEDAOMQww +CgYDVQQDDAN0MjOkEDAOMQwwCgYDVQQDDAN0MjSkEDAOMQwwCgYDVQQDDAN0MjWk +EDAOMQwwCgYDVQQDDAN0MjakEDAOMQwwCgYDVQQDDAN0MjekEDAOMQwwCgYDVQQD +DAN0MjikEDAOMQwwCgYDVQQDDAN0MjmkEDAOMQwwCgYDVQQDDAN0MzCkEDAOMQww +CgYDVQQDDAN0MzGkEDAOMQwwCgYDVQQDDAN0MzKkEDAOMQwwCgYDVQQDDAN0MzOk +EDAOMQwwCgYDVQQDDAN0MzSkEDAOMQwwCgYDVQQDDAN0MzWkEDAOMQwwCgYDVQQD +DAN0MzakEDAOMQwwCgYDVQQDDAN0MzekEDAOMQwwCgYDVQQDDAN0MzikEDAOMQww +CgYDVQQDDAN0MzmkEDAOMQwwCgYDVQQDDAN0NDCkEDAOMQwwCgYDVQQDDAN0NDGk +EDAOMQwwCgYDVQQDDAN0NDKkEDAOMQwwCgYDVQQDDAN0NDOkEDAOMQwwCgYDVQQD +DAN0NDSkEDAOMQwwCgYDVQQDDAN0NDWkEDAOMQwwCgYDVQQDDAN0NDakEDAOMQww +CgYDVQQDDAN0NDekEDAOMQwwCgYDVQQDDAN0NDikEDAOMQwwCgYDVQQDDAN0NDmk +EDAOMQwwCgYDVQQDDAN0NTCkEDAOMQwwCgYDVQQDDAN0NTGkEDAOMQwwCgYDVQQD +DAN0NTKkEDAOMQwwCgYDVQQDDAN0NTOkEDAOMQwwCgYDVQQDDAN0NTSkEDAOMQww +CgYDVQQDDAN0NTWkEDAOMQwwCgYDVQQDDAN0NTakEDAOMQwwCgYDVQQDDAN0NTek +EDAOMQwwCgYDVQQDDAN0NTikEDAOMQwwCgYDVQQDDAN0NTmkEDAOMQwwCgYDVQQD +DAN0NjCkEDAOMQwwCgYDVQQDDAN0NjGkEDAOMQwwCgYDVQQDDAN0NjKkEDAOMQww +CgYDVQQDDAN0NjOkEDAOMQwwCgYDVQQDDAN0NjSkEDAOMQwwCgYDVQQDDAN0NjWk +EDAOMQwwCgYDVQQDDAN0NjakEDAOMQwwCgYDVQQDDAN0NjekEDAOMQwwCgYDVQQD +DAN0NjikEDAOMQwwCgYDVQQDDAN0NjmkEDAOMQwwCgYDVQQDDAN0NzCkEDAOMQww +CgYDVQQDDAN0NzGkEDAOMQwwCgYDVQQDDAN0NzKkEDAOMQwwCgYDVQQDDAN0NzOk +EDAOMQwwCgYDVQQDDAN0NzSkEDAOMQwwCgYDVQQDDAN0NzWkEDAOMQwwCgYDVQQD +DAN0NzakEDAOMQwwCgYDVQQDDAN0NzekEDAOMQwwCgYDVQQDDAN0NzikEDAOMQww +CgYDVQQDDAN0NzmkEDAOMQwwCgYDVQQDDAN0ODCkEDAOMQwwCgYDVQQDDAN0ODGk +EDAOMQwwCgYDVQQDDAN0ODKkEDAOMQwwCgYDVQQDDAN0ODOkEDAOMQwwCgYDVQQD +DAN0ODSkEDAOMQwwCgYDVQQDDAN0ODWkEDAOMQwwCgYDVQQDDAN0ODakEDAOMQww +CgYDVQQDDAN0ODekEDAOMQwwCgYDVQQDDAN0ODikEDAOMQwwCgYDVQQDDAN0ODmk +EDAOMQwwCgYDVQQDDAN0OTCkEDAOMQwwCgYDVQQDDAN0OTGkEDAOMQwwCgYDVQQD +DAN0OTKkEDAOMQwwCgYDVQQDDAN0OTOkEDAOMQwwCgYDVQQDDAN0OTSkEDAOMQww +CgYDVQQDDAN0OTWkEDAOMQwwCgYDVQQDDAN0OTakEDAOMQwwCgYDVQQDDAN0OTek +EDAOMQwwCgYDVQQDDAN0OTikEDAOMQwwCgYDVQQDDAN0OTmkETAPMQ0wCwYDVQQD +DAR0MTAwpBEwDzENMAsGA1UEAwwEdDEwMaQRMA8xDTALBgNVBAMMBHQxMDKkETAP +MQ0wCwYDVQQDDAR0MTAzpBEwDzENMAsGA1UEAwwEdDEwNKQRMA8xDTALBgNVBAMM +BHQxMDWkETAPMQ0wCwYDVQQDDAR0MTA2pBEwDzENMAsGA1UEAwwEdDEwN6QRMA8x +DTALBgNVBAMMBHQxMDikETAPMQ0wCwYDVQQDDAR0MTA5pBEwDzENMAsGA1UEAwwE +dDExMKQRMA8xDTALBgNVBAMMBHQxMTGkETAPMQ0wCwYDVQQDDAR0MTEypBEwDzEN +MAsGA1UEAwwEdDExM6QRMA8xDTALBgNVBAMMBHQxMTSkETAPMQ0wCwYDVQQDDAR0 +MTE1pBEwDzENMAsGA1UEAwwEdDExNqQRMA8xDTALBgNVBAMMBHQxMTekETAPMQ0w +CwYDVQQDDAR0MTE4pBEwDzENMAsGA1UEAwwEdDExOaQRMA8xDTALBgNVBAMMBHQx +MjCkETAPMQ0wCwYDVQQDDAR0MTIxpBEwDzENMAsGA1UEAwwEdDEyMqQRMA8xDTAL +BgNVBAMMBHQxMjOkETAPMQ0wCwYDVQQDDAR0MTI0pBEwDzENMAsGA1UEAwwEdDEy +NaQRMA8xDTALBgNVBAMMBHQxMjakETAPMQ0wCwYDVQQDDAR0MTI3pBEwDzENMAsG +A1UEAwwEdDEyOKQRMA8xDTALBgNVBAMMBHQxMjmkETAPMQ0wCwYDVQQDDAR0MTMw +pBEwDzENMAsGA1UEAwwEdDEzMaQRMA8xDTALBgNVBAMMBHQxMzKkETAPMQ0wCwYD +VQQDDAR0MTMzpBEwDzENMAsGA1UEAwwEdDEzNKQRMA8xDTALBgNVBAMMBHQxMzWk +ETAPMQ0wCwYDVQQDDAR0MTM2pBEwDzENMAsGA1UEAwwEdDEzN6QRMA8xDTALBgNV +BAMMBHQxMzikETAPMQ0wCwYDVQQDDAR0MTM5pBEwDzENMAsGA1UEAwwEdDE0MKQR +MA8xDTALBgNVBAMMBHQxNDGkETAPMQ0wCwYDVQQDDAR0MTQypBEwDzENMAsGA1UE +AwwEdDE0M6QRMA8xDTALBgNVBAMMBHQxNDSkETAPMQ0wCwYDVQQDDAR0MTQ1pBEw +DzENMAsGA1UEAwwEdDE0NqQRMA8xDTALBgNVBAMMBHQxNDekETAPMQ0wCwYDVQQD +DAR0MTQ4pBEwDzENMAsGA1UEAwwEdDE0OaQRMA8xDTALBgNVBAMMBHQxNTCkETAP +MQ0wCwYDVQQDDAR0MTUxpBEwDzENMAsGA1UEAwwEdDE1MqQRMA8xDTALBgNVBAMM +BHQxNTOkETAPMQ0wCwYDVQQDDAR0MTU0pBEwDzENMAsGA1UEAwwEdDE1NaQRMA8x +DTALBgNVBAMMBHQxNTakETAPMQ0wCwYDVQQDDAR0MTU3pBEwDzENMAsGA1UEAwwE +dDE1OKQRMA8xDTALBgNVBAMMBHQxNTmkETAPMQ0wCwYDVQQDDAR0MTYwpBEwDzEN +MAsGA1UEAwwEdDE2MaQRMA8xDTALBgNVBAMMBHQxNjKkETAPMQ0wCwYDVQQDDAR0 +MTYzpBEwDzENMAsGA1UEAwwEdDE2NKQRMA8xDTALBgNVBAMMBHQxNjWkETAPMQ0w +CwYDVQQDDAR0MTY2pBEwDzENMAsGA1UEAwwEdDE2N6QRMA8xDTALBgNVBAMMBHQx +NjikETAPMQ0wCwYDVQQDDAR0MTY5pBEwDzENMAsGA1UEAwwEdDE3MKQRMA8xDTAL +BgNVBAMMBHQxNzGkETAPMQ0wCwYDVQQDDAR0MTcypBEwDzENMAsGA1UEAwwEdDE3 +M6QRMA8xDTALBgNVBAMMBHQxNzSkETAPMQ0wCwYDVQQDDAR0MTc1pBEwDzENMAsG +A1UEAwwEdDE3NqQRMA8xDTALBgNVBAMMBHQxNzekETAPMQ0wCwYDVQQDDAR0MTc4 +pBEwDzENMAsGA1UEAwwEdDE3OaQRMA8xDTALBgNVBAMMBHQxODCkETAPMQ0wCwYD +VQQDDAR0MTgxpBEwDzENMAsGA1UEAwwEdDE4MqQRMA8xDTALBgNVBAMMBHQxODOk +ETAPMQ0wCwYDVQQDDAR0MTg0pBEwDzENMAsGA1UEAwwEdDE4NaQRMA8xDTALBgNV +BAMMBHQxODakETAPMQ0wCwYDVQQDDAR0MTg3pBEwDzENMAsGA1UEAwwEdDE4OKQR +MA8xDTALBgNVBAMMBHQxODmkETAPMQ0wCwYDVQQDDAR0MTkwpBEwDzENMAsGA1UE +AwwEdDE5MaQRMA8xDTALBgNVBAMMBHQxOTKkETAPMQ0wCwYDVQQDDAR0MTkzpBEw +DzENMAsGA1UEAwwEdDE5NKQRMA8xDTALBgNVBAMMBHQxOTWkETAPMQ0wCwYDVQQD +DAR0MTk2pBEwDzENMAsGA1UEAwwEdDE5N6QRMA8xDTALBgNVBAMMBHQxOTikETAP +MQ0wCwYDVQQDDAR0MTk5pBEwDzENMAsGA1UEAwwEdDIwMKQRMA8xDTALBgNVBAMM +BHQyMDGkETAPMQ0wCwYDVQQDDAR0MjAypBEwDzENMAsGA1UEAwwEdDIwM6QRMA8x +DTALBgNVBAMMBHQyMDSkETAPMQ0wCwYDVQQDDAR0MjA1pBEwDzENMAsGA1UEAwwE +dDIwNqQRMA8xDTALBgNVBAMMBHQyMDekETAPMQ0wCwYDVQQDDAR0MjA4pBEwDzEN +MAsGA1UEAwwEdDIwOaQRMA8xDTALBgNVBAMMBHQyMTCkETAPMQ0wCwYDVQQDDAR0 +MjExpBEwDzENMAsGA1UEAwwEdDIxMqQRMA8xDTALBgNVBAMMBHQyMTOkETAPMQ0w +CwYDVQQDDAR0MjE0pBEwDzENMAsGA1UEAwwEdDIxNaQRMA8xDTALBgNVBAMMBHQy +MTakETAPMQ0wCwYDVQQDDAR0MjE3pBEwDzENMAsGA1UEAwwEdDIxOKQRMA8xDTAL +BgNVBAMMBHQyMTmkETAPMQ0wCwYDVQQDDAR0MjIwpBEwDzENMAsGA1UEAwwEdDIy +MaQRMA8xDTALBgNVBAMMBHQyMjKkETAPMQ0wCwYDVQQDDAR0MjIzpBEwDzENMAsG +A1UEAwwEdDIyNKQRMA8xDTALBgNVBAMMBHQyMjWkETAPMQ0wCwYDVQQDDAR0MjI2 +pBEwDzENMAsGA1UEAwwEdDIyN6QRMA8xDTALBgNVBAMMBHQyMjikETAPMQ0wCwYD +VQQDDAR0MjI5pBEwDzENMAsGA1UEAwwEdDIzMKQRMA8xDTALBgNVBAMMBHQyMzGk +ETAPMQ0wCwYDVQQDDAR0MjMypBEwDzENMAsGA1UEAwwEdDIzM6QRMA8xDTALBgNV +BAMMBHQyMzSkETAPMQ0wCwYDVQQDDAR0MjM1pBEwDzENMAsGA1UEAwwEdDIzNqQR +MA8xDTALBgNVBAMMBHQyMzekETAPMQ0wCwYDVQQDDAR0MjM4pBEwDzENMAsGA1UE +AwwEdDIzOaQRMA8xDTALBgNVBAMMBHQyNDCkETAPMQ0wCwYDVQQDDAR0MjQxpBEw +DzENMAsGA1UEAwwEdDI0MqQRMA8xDTALBgNVBAMMBHQyNDOkETAPMQ0wCwYDVQQD +DAR0MjQ0pBEwDzENMAsGA1UEAwwEdDI0NaQRMA8xDTALBgNVBAMMBHQyNDakETAP +MQ0wCwYDVQQDDAR0MjQ3pBEwDzENMAsGA1UEAwwEdDI0OKQRMA8xDTALBgNVBAMM +BHQyNDmkETAPMQ0wCwYDVQQDDAR0MjUwpBEwDzENMAsGA1UEAwwEdDI1MaQRMA8x +DTALBgNVBAMMBHQyNTKkETAPMQ0wCwYDVQQDDAR0MjUzpBEwDzENMAsGA1UEAwwE +dDI1NKQRMA8xDTALBgNVBAMMBHQyNTWkETAPMQ0wCwYDVQQDDAR0MjU2pBEwDzEN +MAsGA1UEAwwEdDI1N6QRMA8xDTALBgNVBAMMBHQyNTikETAPMQ0wCwYDVQQDDAR0 +MjU5pBEwDzENMAsGA1UEAwwEdDI2MKQRMA8xDTALBgNVBAMMBHQyNjGkETAPMQ0w +CwYDVQQDDAR0MjYypBEwDzENMAsGA1UEAwwEdDI2M6QRMA8xDTALBgNVBAMMBHQy +NjSkETAPMQ0wCwYDVQQDDAR0MjY1pBEwDzENMAsGA1UEAwwEdDI2NqQRMA8xDTAL +BgNVBAMMBHQyNjekETAPMQ0wCwYDVQQDDAR0MjY4pBEwDzENMAsGA1UEAwwEdDI2 +OaQRMA8xDTALBgNVBAMMBHQyNzCkETAPMQ0wCwYDVQQDDAR0MjcxpBEwDzENMAsG +A1UEAwwEdDI3MqQRMA8xDTALBgNVBAMMBHQyNzOkETAPMQ0wCwYDVQQDDAR0Mjc0 +pBEwDzENMAsGA1UEAwwEdDI3NaQRMA8xDTALBgNVBAMMBHQyNzakETAPMQ0wCwYD +VQQDDAR0Mjc3pBEwDzENMAsGA1UEAwwEdDI3OKQRMA8xDTALBgNVBAMMBHQyNzmk +ETAPMQ0wCwYDVQQDDAR0MjgwpBEwDzENMAsGA1UEAwwEdDI4MaQRMA8xDTALBgNV +BAMMBHQyODKkETAPMQ0wCwYDVQQDDAR0MjgzpBEwDzENMAsGA1UEAwwEdDI4NKQR +MA8xDTALBgNVBAMMBHQyODWkETAPMQ0wCwYDVQQDDAR0Mjg2pBEwDzENMAsGA1UE +AwwEdDI4N6QRMA8xDTALBgNVBAMMBHQyODikETAPMQ0wCwYDVQQDDAR0Mjg5pBEw +DzENMAsGA1UEAwwEdDI5MKQRMA8xDTALBgNVBAMMBHQyOTGkETAPMQ0wCwYDVQQD +DAR0MjkypBEwDzENMAsGA1UEAwwEdDI5M6QRMA8xDTALBgNVBAMMBHQyOTSkETAP +MQ0wCwYDVQQDDAR0Mjk1pBEwDzENMAsGA1UEAwwEdDI5NqQRMA8xDTALBgNVBAMM +BHQyOTekETAPMQ0wCwYDVQQDDAR0Mjk4pBEwDzENMAsGA1UEAwwEdDI5OaQRMA8x +DTALBgNVBAMMBHQzMDCkETAPMQ0wCwYDVQQDDAR0MzAxpBEwDzENMAsGA1UEAwwE +dDMwMqQRMA8xDTALBgNVBAMMBHQzMDOkETAPMQ0wCwYDVQQDDAR0MzA0pBEwDzEN +MAsGA1UEAwwEdDMwNaQRMA8xDTALBgNVBAMMBHQzMDakETAPMQ0wCwYDVQQDDAR0 +MzA3pBEwDzENMAsGA1UEAwwEdDMwOKQRMA8xDTALBgNVBAMMBHQzMDmkETAPMQ0w +CwYDVQQDDAR0MzEwpBEwDzENMAsGA1UEAwwEdDMxMaQRMA8xDTALBgNVBAMMBHQz +MTKkETAPMQ0wCwYDVQQDDAR0MzEzpBEwDzENMAsGA1UEAwwEdDMxNKQRMA8xDTAL +BgNVBAMMBHQzMTWkETAPMQ0wCwYDVQQDDAR0MzE2pBEwDzENMAsGA1UEAwwEdDMx +N6QRMA8xDTALBgNVBAMMBHQzMTikETAPMQ0wCwYDVQQDDAR0MzE5pBEwDzENMAsG +A1UEAwwEdDMyMKQRMA8xDTALBgNVBAMMBHQzMjGkETAPMQ0wCwYDVQQDDAR0MzIy +pBEwDzENMAsGA1UEAwwEdDMyM6QRMA8xDTALBgNVBAMMBHQzMjSkETAPMQ0wCwYD +VQQDDAR0MzI1pBEwDzENMAsGA1UEAwwEdDMyNqQRMA8xDTALBgNVBAMMBHQzMjek +ETAPMQ0wCwYDVQQDDAR0MzI4pBEwDzENMAsGA1UEAwwEdDMyOaQRMA8xDTALBgNV +BAMMBHQzMzCkETAPMQ0wCwYDVQQDDAR0MzMxpBEwDzENMAsGA1UEAwwEdDMzMqQR +MA8xDTALBgNVBAMMBHQzMzOkETAPMQ0wCwYDVQQDDAR0MzM0pBEwDzENMAsGA1UE +AwwEdDMzNaQRMA8xDTALBgNVBAMMBHQzMzakETAPMQ0wCwYDVQQDDAR0MzM3pBEw +DzENMAsGA1UEAwwEdDMzOKQRMA8xDTALBgNVBAMMBHQzMzmkETAPMQ0wCwYDVQQD +DAR0MzQwpBEwDzENMAsGA1UEAwwEdDM0MYYNaHR0cDovL3Rlc3QvMIYNaHR0cDov +L3Rlc3QvMYYNaHR0cDovL3Rlc3QvMoYNaHR0cDovL3Rlc3QvM4YNaHR0cDovL3Rl +c3QvNIYNaHR0cDovL3Rlc3QvNYYNaHR0cDovL3Rlc3QvNoYNaHR0cDovL3Rlc3Qv +N4YNaHR0cDovL3Rlc3QvOIYNaHR0cDovL3Rlc3QvOYYOaHR0cDovL3Rlc3QvMTCG +Dmh0dHA6Ly90ZXN0LzExhg5odHRwOi8vdGVzdC8xMoYOaHR0cDovL3Rlc3QvMTOG +Dmh0dHA6Ly90ZXN0LzE0hg5odHRwOi8vdGVzdC8xNYYOaHR0cDovL3Rlc3QvMTaG +Dmh0dHA6Ly90ZXN0LzE3hg5odHRwOi8vdGVzdC8xOIYOaHR0cDovL3Rlc3QvMTmG +Dmh0dHA6Ly90ZXN0LzIwhg5odHRwOi8vdGVzdC8yMYYOaHR0cDovL3Rlc3QvMjKG +Dmh0dHA6Ly90ZXN0LzIzhg5odHRwOi8vdGVzdC8yNIYOaHR0cDovL3Rlc3QvMjWG +Dmh0dHA6Ly90ZXN0LzI2hg5odHRwOi8vdGVzdC8yN4YOaHR0cDovL3Rlc3QvMjiG +Dmh0dHA6Ly90ZXN0LzI5hg5odHRwOi8vdGVzdC8zMIYOaHR0cDovL3Rlc3QvMzGG +Dmh0dHA6Ly90ZXN0LzMyhg5odHRwOi8vdGVzdC8zM4YOaHR0cDovL3Rlc3QvMzSG +Dmh0dHA6Ly90ZXN0LzM1hg5odHRwOi8vdGVzdC8zNoYOaHR0cDovL3Rlc3QvMzeG +Dmh0dHA6Ly90ZXN0LzM4hg5odHRwOi8vdGVzdC8zOYYOaHR0cDovL3Rlc3QvNDCG +Dmh0dHA6Ly90ZXN0LzQxhg5odHRwOi8vdGVzdC80MoYOaHR0cDovL3Rlc3QvNDOG +Dmh0dHA6Ly90ZXN0LzQ0hg5odHRwOi8vdGVzdC80NYYOaHR0cDovL3Rlc3QvNDaG +Dmh0dHA6Ly90ZXN0LzQ3hg5odHRwOi8vdGVzdC80OIYOaHR0cDovL3Rlc3QvNDmG +Dmh0dHA6Ly90ZXN0LzUwhg5odHRwOi8vdGVzdC81MYYOaHR0cDovL3Rlc3QvNTKG +Dmh0dHA6Ly90ZXN0LzUzhg5odHRwOi8vdGVzdC81NIYOaHR0cDovL3Rlc3QvNTWG +Dmh0dHA6Ly90ZXN0LzU2hg5odHRwOi8vdGVzdC81N4YOaHR0cDovL3Rlc3QvNTiG +Dmh0dHA6Ly90ZXN0LzU5hg5odHRwOi8vdGVzdC82MIYOaHR0cDovL3Rlc3QvNjGG +Dmh0dHA6Ly90ZXN0LzYyhg5odHRwOi8vdGVzdC82M4YOaHR0cDovL3Rlc3QvNjSG +Dmh0dHA6Ly90ZXN0LzY1hg5odHRwOi8vdGVzdC82NoYOaHR0cDovL3Rlc3QvNjeG +Dmh0dHA6Ly90ZXN0LzY4hg5odHRwOi8vdGVzdC82OYYOaHR0cDovL3Rlc3QvNzCG +Dmh0dHA6Ly90ZXN0Lzcxhg5odHRwOi8vdGVzdC83MoYOaHR0cDovL3Rlc3QvNzOG +Dmh0dHA6Ly90ZXN0Lzc0hg5odHRwOi8vdGVzdC83NYYOaHR0cDovL3Rlc3QvNzaG +Dmh0dHA6Ly90ZXN0Lzc3hg5odHRwOi8vdGVzdC83OIYOaHR0cDovL3Rlc3QvNzmG +Dmh0dHA6Ly90ZXN0Lzgwhg5odHRwOi8vdGVzdC84MYYOaHR0cDovL3Rlc3QvODKG +Dmh0dHA6Ly90ZXN0Lzgzhg5odHRwOi8vdGVzdC84NIYOaHR0cDovL3Rlc3QvODWG +Dmh0dHA6Ly90ZXN0Lzg2hg5odHRwOi8vdGVzdC84N4YOaHR0cDovL3Rlc3QvODiG +Dmh0dHA6Ly90ZXN0Lzg5hg5odHRwOi8vdGVzdC85MIYOaHR0cDovL3Rlc3QvOTGG +Dmh0dHA6Ly90ZXN0Lzkyhg5odHRwOi8vdGVzdC85M4YOaHR0cDovL3Rlc3QvOTSG +Dmh0dHA6Ly90ZXN0Lzk1hg5odHRwOi8vdGVzdC85NoYOaHR0cDovL3Rlc3QvOTeG +Dmh0dHA6Ly90ZXN0Lzk4hg5odHRwOi8vdGVzdC85OYYPaHR0cDovL3Rlc3QvMTAw +hg9odHRwOi8vdGVzdC8xMDGGD2h0dHA6Ly90ZXN0LzEwMoYPaHR0cDovL3Rlc3Qv +MTAzhg9odHRwOi8vdGVzdC8xMDSGD2h0dHA6Ly90ZXN0LzEwNYYPaHR0cDovL3Rl +c3QvMTA2hg9odHRwOi8vdGVzdC8xMDeGD2h0dHA6Ly90ZXN0LzEwOIYPaHR0cDov +L3Rlc3QvMTA5hg9odHRwOi8vdGVzdC8xMTCGD2h0dHA6Ly90ZXN0LzExMYYPaHR0 +cDovL3Rlc3QvMTEyhg9odHRwOi8vdGVzdC8xMTOGD2h0dHA6Ly90ZXN0LzExNIYP +aHR0cDovL3Rlc3QvMTE1hg9odHRwOi8vdGVzdC8xMTaGD2h0dHA6Ly90ZXN0LzEx +N4YPaHR0cDovL3Rlc3QvMTE4hg9odHRwOi8vdGVzdC8xMTmGD2h0dHA6Ly90ZXN0 +LzEyMIYPaHR0cDovL3Rlc3QvMTIxhg9odHRwOi8vdGVzdC8xMjKGD2h0dHA6Ly90 +ZXN0LzEyM4YPaHR0cDovL3Rlc3QvMTI0hg9odHRwOi8vdGVzdC8xMjWGD2h0dHA6 +Ly90ZXN0LzEyNoYPaHR0cDovL3Rlc3QvMTI3hg9odHRwOi8vdGVzdC8xMjiGD2h0 +dHA6Ly90ZXN0LzEyOYYPaHR0cDovL3Rlc3QvMTMwhg9odHRwOi8vdGVzdC8xMzGG +D2h0dHA6Ly90ZXN0LzEzMoYPaHR0cDovL3Rlc3QvMTMzhg9odHRwOi8vdGVzdC8x +MzSGD2h0dHA6Ly90ZXN0LzEzNYYPaHR0cDovL3Rlc3QvMTM2hg9odHRwOi8vdGVz +dC8xMzeGD2h0dHA6Ly90ZXN0LzEzOIYPaHR0cDovL3Rlc3QvMTM5hg9odHRwOi8v +dGVzdC8xNDCGD2h0dHA6Ly90ZXN0LzE0MYYPaHR0cDovL3Rlc3QvMTQyhg9odHRw +Oi8vdGVzdC8xNDOGD2h0dHA6Ly90ZXN0LzE0NIYPaHR0cDovL3Rlc3QvMTQ1hg9o +dHRwOi8vdGVzdC8xNDaGD2h0dHA6Ly90ZXN0LzE0N4YPaHR0cDovL3Rlc3QvMTQ4 +hg9odHRwOi8vdGVzdC8xNDmGD2h0dHA6Ly90ZXN0LzE1MIYPaHR0cDovL3Rlc3Qv +MTUxhg9odHRwOi8vdGVzdC8xNTKGD2h0dHA6Ly90ZXN0LzE1M4YPaHR0cDovL3Rl +c3QvMTU0hg9odHRwOi8vdGVzdC8xNTWGD2h0dHA6Ly90ZXN0LzE1NoYPaHR0cDov +L3Rlc3QvMTU3hg9odHRwOi8vdGVzdC8xNTiGD2h0dHA6Ly90ZXN0LzE1OYYPaHR0 +cDovL3Rlc3QvMTYwhg9odHRwOi8vdGVzdC8xNjGGD2h0dHA6Ly90ZXN0LzE2MoYP +aHR0cDovL3Rlc3QvMTYzhg9odHRwOi8vdGVzdC8xNjSGD2h0dHA6Ly90ZXN0LzE2 +NYYPaHR0cDovL3Rlc3QvMTY2hg9odHRwOi8vdGVzdC8xNjeGD2h0dHA6Ly90ZXN0 +LzE2OIYPaHR0cDovL3Rlc3QvMTY5hg9odHRwOi8vdGVzdC8xNzCGD2h0dHA6Ly90 +ZXN0LzE3MYYPaHR0cDovL3Rlc3QvMTcyhg9odHRwOi8vdGVzdC8xNzOGD2h0dHA6 +Ly90ZXN0LzE3NIYPaHR0cDovL3Rlc3QvMTc1hg9odHRwOi8vdGVzdC8xNzaGD2h0 +dHA6Ly90ZXN0LzE3N4YPaHR0cDovL3Rlc3QvMTc4hg9odHRwOi8vdGVzdC8xNzmG +D2h0dHA6Ly90ZXN0LzE4MIYPaHR0cDovL3Rlc3QvMTgxhg9odHRwOi8vdGVzdC8x +ODKGD2h0dHA6Ly90ZXN0LzE4M4YPaHR0cDovL3Rlc3QvMTg0hg9odHRwOi8vdGVz +dC8xODWGD2h0dHA6Ly90ZXN0LzE4NoYPaHR0cDovL3Rlc3QvMTg3hg9odHRwOi8v +dGVzdC8xODiGD2h0dHA6Ly90ZXN0LzE4OYYPaHR0cDovL3Rlc3QvMTkwhg9odHRw +Oi8vdGVzdC8xOTGGD2h0dHA6Ly90ZXN0LzE5MoYPaHR0cDovL3Rlc3QvMTkzhg9o +dHRwOi8vdGVzdC8xOTSGD2h0dHA6Ly90ZXN0LzE5NYYPaHR0cDovL3Rlc3QvMTk2 +hg9odHRwOi8vdGVzdC8xOTeGD2h0dHA6Ly90ZXN0LzE5OIYPaHR0cDovL3Rlc3Qv +MTk5hg9odHRwOi8vdGVzdC8yMDCGD2h0dHA6Ly90ZXN0LzIwMYYPaHR0cDovL3Rl +c3QvMjAyhg9odHRwOi8vdGVzdC8yMDOGD2h0dHA6Ly90ZXN0LzIwNIYPaHR0cDov +L3Rlc3QvMjA1hg9odHRwOi8vdGVzdC8yMDaGD2h0dHA6Ly90ZXN0LzIwN4YPaHR0 +cDovL3Rlc3QvMjA4hg9odHRwOi8vdGVzdC8yMDmGD2h0dHA6Ly90ZXN0LzIxMIYP +aHR0cDovL3Rlc3QvMjExhg9odHRwOi8vdGVzdC8yMTKGD2h0dHA6Ly90ZXN0LzIx +M4YPaHR0cDovL3Rlc3QvMjE0hg9odHRwOi8vdGVzdC8yMTWGD2h0dHA6Ly90ZXN0 +LzIxNoYPaHR0cDovL3Rlc3QvMjE3hg9odHRwOi8vdGVzdC8yMTiGD2h0dHA6Ly90 +ZXN0LzIxOYYPaHR0cDovL3Rlc3QvMjIwhg9odHRwOi8vdGVzdC8yMjGGD2h0dHA6 +Ly90ZXN0LzIyMoYPaHR0cDovL3Rlc3QvMjIzhg9odHRwOi8vdGVzdC8yMjSGD2h0 +dHA6Ly90ZXN0LzIyNYYPaHR0cDovL3Rlc3QvMjI2hg9odHRwOi8vdGVzdC8yMjeG +D2h0dHA6Ly90ZXN0LzIyOIYPaHR0cDovL3Rlc3QvMjI5hg9odHRwOi8vdGVzdC8y +MzCGD2h0dHA6Ly90ZXN0LzIzMYYPaHR0cDovL3Rlc3QvMjMyhg9odHRwOi8vdGVz +dC8yMzOGD2h0dHA6Ly90ZXN0LzIzNIYPaHR0cDovL3Rlc3QvMjM1hg9odHRwOi8v +dGVzdC8yMzaGD2h0dHA6Ly90ZXN0LzIzN4YPaHR0cDovL3Rlc3QvMjM4hg9odHRw +Oi8vdGVzdC8yMzmGD2h0dHA6Ly90ZXN0LzI0MIYPaHR0cDovL3Rlc3QvMjQxhg9o +dHRwOi8vdGVzdC8yNDKGD2h0dHA6Ly90ZXN0LzI0M4YPaHR0cDovL3Rlc3QvMjQ0 +hg9odHRwOi8vdGVzdC8yNDWGD2h0dHA6Ly90ZXN0LzI0NoYPaHR0cDovL3Rlc3Qv +MjQ3hg9odHRwOi8vdGVzdC8yNDiGD2h0dHA6Ly90ZXN0LzI0OYYPaHR0cDovL3Rl +c3QvMjUwhg9odHRwOi8vdGVzdC8yNTGGD2h0dHA6Ly90ZXN0LzI1MoYPaHR0cDov +L3Rlc3QvMjUzhg9odHRwOi8vdGVzdC8yNTSGD2h0dHA6Ly90ZXN0LzI1NYYPaHR0 +cDovL3Rlc3QvMjU2hg9odHRwOi8vdGVzdC8yNTeGD2h0dHA6Ly90ZXN0LzI1OIYP +aHR0cDovL3Rlc3QvMjU5hg9odHRwOi8vdGVzdC8yNjCGD2h0dHA6Ly90ZXN0LzI2 +MYYPaHR0cDovL3Rlc3QvMjYyhg9odHRwOi8vdGVzdC8yNjOGD2h0dHA6Ly90ZXN0 +LzI2NIYPaHR0cDovL3Rlc3QvMjY1hg9odHRwOi8vdGVzdC8yNjaGD2h0dHA6Ly90 +ZXN0LzI2N4YPaHR0cDovL3Rlc3QvMjY4hg9odHRwOi8vdGVzdC8yNjmGD2h0dHA6 +Ly90ZXN0LzI3MIYPaHR0cDovL3Rlc3QvMjcxhg9odHRwOi8vdGVzdC8yNzKGD2h0 +dHA6Ly90ZXN0LzI3M4YPaHR0cDovL3Rlc3QvMjc0hg9odHRwOi8vdGVzdC8yNzWG +D2h0dHA6Ly90ZXN0LzI3NoYPaHR0cDovL3Rlc3QvMjc3hg9odHRwOi8vdGVzdC8y +NziGD2h0dHA6Ly90ZXN0LzI3OYYPaHR0cDovL3Rlc3QvMjgwhg9odHRwOi8vdGVz +dC8yODGGD2h0dHA6Ly90ZXN0LzI4MoYPaHR0cDovL3Rlc3QvMjgzhg9odHRwOi8v +dGVzdC8yODSGD2h0dHA6Ly90ZXN0LzI4NYYPaHR0cDovL3Rlc3QvMjg2hg9odHRw +Oi8vdGVzdC8yODeGD2h0dHA6Ly90ZXN0LzI4OIYPaHR0cDovL3Rlc3QvMjg5hg9o +dHRwOi8vdGVzdC8yOTCGD2h0dHA6Ly90ZXN0LzI5MYYPaHR0cDovL3Rlc3QvMjky +hg9odHRwOi8vdGVzdC8yOTOGD2h0dHA6Ly90ZXN0LzI5NIYPaHR0cDovL3Rlc3Qv +Mjk1hg9odHRwOi8vdGVzdC8yOTaGD2h0dHA6Ly90ZXN0LzI5N4YPaHR0cDovL3Rl +c3QvMjk4hg9odHRwOi8vdGVzdC8yOTmGD2h0dHA6Ly90ZXN0LzMwMIYPaHR0cDov +L3Rlc3QvMzAxhg9odHRwOi8vdGVzdC8zMDKGD2h0dHA6Ly90ZXN0LzMwM4YPaHR0 +cDovL3Rlc3QvMzA0hg9odHRwOi8vdGVzdC8zMDWGD2h0dHA6Ly90ZXN0LzMwNoYP +aHR0cDovL3Rlc3QvMzA3hg9odHRwOi8vdGVzdC8zMDiGD2h0dHA6Ly90ZXN0LzMw +OYYPaHR0cDovL3Rlc3QvMzEwhg9odHRwOi8vdGVzdC8zMTGGD2h0dHA6Ly90ZXN0 +LzMxMoYPaHR0cDovL3Rlc3QvMzEzhg9odHRwOi8vdGVzdC8zMTSGD2h0dHA6Ly90 +ZXN0LzMxNYYPaHR0cDovL3Rlc3QvMzE2hg9odHRwOi8vdGVzdC8zMTeGD2h0dHA6 +Ly90ZXN0LzMxOIYPaHR0cDovL3Rlc3QvMzE5hg9odHRwOi8vdGVzdC8zMjCGD2h0 +dHA6Ly90ZXN0LzMyMYYPaHR0cDovL3Rlc3QvMzIyhg9odHRwOi8vdGVzdC8zMjOG +D2h0dHA6Ly90ZXN0LzMyNIYPaHR0cDovL3Rlc3QvMzI1hg9odHRwOi8vdGVzdC8z +MjaGD2h0dHA6Ly90ZXN0LzMyN4YPaHR0cDovL3Rlc3QvMzI4hg9odHRwOi8vdGVz +dC8zMjmGD2h0dHA6Ly90ZXN0LzMzMIYPaHR0cDovL3Rlc3QvMzMxhg9odHRwOi8v +dGVzdC8zMzKGD2h0dHA6Ly90ZXN0LzMzM4YPaHR0cDovL3Rlc3QvMzM0hg9odHRw +Oi8vdGVzdC8zMzWGD2h0dHA6Ly90ZXN0LzMzNoYPaHR0cDovL3Rlc3QvMzM3hg9o +dHRwOi8vdGVzdC8zMziGD2h0dHA6Ly90ZXN0LzMzOYYPaHR0cDovL3Rlc3QvMzQw +hg9odHRwOi8vdGVzdC8zNDGGD2h0dHA6Ly90ZXN0LzM0MoYPaHR0cDovL3Rlc3Qv +MzQzhg9odHRwOi8vdGVzdC8zNDSGD2h0dHA6Ly90ZXN0LzM0NYYPaHR0cDovL3Rl +c3QvMzQ2hg9odHRwOi8vdGVzdC8zNDeGD2h0dHA6Ly90ZXN0LzM0OIYPaHR0cDov +L3Rlc3QvMzQ5hg9odHRwOi8vdGVzdC8zNTCGD2h0dHA6Ly90ZXN0LzM1MYYPaHR0 +cDovL3Rlc3QvMzUyhg9odHRwOi8vdGVzdC8zNTOGD2h0dHA6Ly90ZXN0LzM1NIYP +aHR0cDovL3Rlc3QvMzU1hg9odHRwOi8vdGVzdC8zNTaGD2h0dHA6Ly90ZXN0LzM1 +N4YPaHR0cDovL3Rlc3QvMzU4hg9odHRwOi8vdGVzdC8zNTmGD2h0dHA6Ly90ZXN0 +LzM2MIYPaHR0cDovL3Rlc3QvMzYxhg9odHRwOi8vdGVzdC8zNjKGD2h0dHA6Ly90 +ZXN0LzM2M4YPaHR0cDovL3Rlc3QvMzY0hg9odHRwOi8vdGVzdC8zNjWGD2h0dHA6 +Ly90ZXN0LzM2NoYPaHR0cDovL3Rlc3QvMzY3hg9odHRwOi8vdGVzdC8zNjiGD2h0 +dHA6Ly90ZXN0LzM2OYYPaHR0cDovL3Rlc3QvMzcwhg9odHRwOi8vdGVzdC8zNzGG +D2h0dHA6Ly90ZXN0LzM3MoYPaHR0cDovL3Rlc3QvMzczhg9odHRwOi8vdGVzdC8z +NzSGD2h0dHA6Ly90ZXN0LzM3NYYPaHR0cDovL3Rlc3QvMzc2hg9odHRwOi8vdGVz +dC8zNzeGD2h0dHA6Ly90ZXN0LzM3OIYPaHR0cDovL3Rlc3QvMzc5hg9odHRwOi8v +dGVzdC8zODCGD2h0dHA6Ly90ZXN0LzM4MYYPaHR0cDovL3Rlc3QvMzgyhg9odHRw +Oi8vdGVzdC8zODOGD2h0dHA6Ly90ZXN0LzM4NIYPaHR0cDovL3Rlc3QvMzg1hg9o +dHRwOi8vdGVzdC8zODaGD2h0dHA6Ly90ZXN0LzM4N4YPaHR0cDovL3Rlc3QvMzg4 +hg9odHRwOi8vdGVzdC8zODmGD2h0dHA6Ly90ZXN0LzM5MIYPaHR0cDovL3Rlc3Qv +Mzkxhg9odHRwOi8vdGVzdC8zOTKGD2h0dHA6Ly90ZXN0LzM5M4YPaHR0cDovL3Rl +c3QvMzk0hg9odHRwOi8vdGVzdC8zOTWGD2h0dHA6Ly90ZXN0LzM5NoYPaHR0cDov +L3Rlc3QvMzk3hg9odHRwOi8vdGVzdC8zOTiGD2h0dHA6Ly90ZXN0LzM5OYYPaHR0 +cDovL3Rlc3QvNDAwhg9odHRwOi8vdGVzdC80MDGGD2h0dHA6Ly90ZXN0LzQwMoYP +aHR0cDovL3Rlc3QvNDAzhg9odHRwOi8vdGVzdC80MDSGD2h0dHA6Ly90ZXN0LzQw +NYYPaHR0cDovL3Rlc3QvNDA2hg9odHRwOi8vdGVzdC80MDeGD2h0dHA6Ly90ZXN0 +LzQwOIYPaHR0cDovL3Rlc3QvNDA5hg9odHRwOi8vdGVzdC80MTCGD2h0dHA6Ly90 +ZXN0LzQxMYYPaHR0cDovL3Rlc3QvNDEyhg9odHRwOi8vdGVzdC80MTOGD2h0dHA6 +Ly90ZXN0LzQxNIYPaHR0cDovL3Rlc3QvNDE1hg9odHRwOi8vdGVzdC80MTaGD2h0 +dHA6Ly90ZXN0LzQxN4YPaHR0cDovL3Rlc3QvNDE4hg9odHRwOi8vdGVzdC80MTmG +D2h0dHA6Ly90ZXN0LzQyMIYPaHR0cDovL3Rlc3QvNDIxhg9odHRwOi8vdGVzdC80 +MjKGD2h0dHA6Ly90ZXN0LzQyM4YPaHR0cDovL3Rlc3QvNDI0hg9odHRwOi8vdGVz +dC80MjWGD2h0dHA6Ly90ZXN0LzQyNoYPaHR0cDovL3Rlc3QvNDI3hg9odHRwOi8v +dGVzdC80MjiGD2h0dHA6Ly90ZXN0LzQyOYYPaHR0cDovL3Rlc3QvNDMwhg9odHRw +Oi8vdGVzdC80MzGGD2h0dHA6Ly90ZXN0LzQzMoYPaHR0cDovL3Rlc3QvNDMzhg9o +dHRwOi8vdGVzdC80MzSGD2h0dHA6Ly90ZXN0LzQzNYYPaHR0cDovL3Rlc3QvNDM2 +hg9odHRwOi8vdGVzdC80MzeGD2h0dHA6Ly90ZXN0LzQzOIYPaHR0cDovL3Rlc3Qv +NDM5hg9odHRwOi8vdGVzdC80NDCGD2h0dHA6Ly90ZXN0LzQ0MYYPaHR0cDovL3Rl +c3QvNDQyhg9odHRwOi8vdGVzdC80NDOGD2h0dHA6Ly90ZXN0LzQ0NIYPaHR0cDov +L3Rlc3QvNDQ1hg9odHRwOi8vdGVzdC80NDaGD2h0dHA6Ly90ZXN0LzQ0N4YPaHR0 +cDovL3Rlc3QvNDQ4hg9odHRwOi8vdGVzdC80NDmGD2h0dHA6Ly90ZXN0LzQ1MIYP +aHR0cDovL3Rlc3QvNDUxhg9odHRwOi8vdGVzdC80NTKGD2h0dHA6Ly90ZXN0LzQ1 +M4YPaHR0cDovL3Rlc3QvNDU0hg9odHRwOi8vdGVzdC80NTWGD2h0dHA6Ly90ZXN0 +LzQ1NoYPaHR0cDovL3Rlc3QvNDU3hg9odHRwOi8vdGVzdC80NTiGD2h0dHA6Ly90 +ZXN0LzQ1OYYPaHR0cDovL3Rlc3QvNDYwhg9odHRwOi8vdGVzdC80NjGGD2h0dHA6 +Ly90ZXN0LzQ2MoYPaHR0cDovL3Rlc3QvNDYzhg9odHRwOi8vdGVzdC80NjSGD2h0 +dHA6Ly90ZXN0LzQ2NYYPaHR0cDovL3Rlc3QvNDY2hg9odHRwOi8vdGVzdC80NjeG +D2h0dHA6Ly90ZXN0LzQ2OIYPaHR0cDovL3Rlc3QvNDY5hg9odHRwOi8vdGVzdC80 +NzCGD2h0dHA6Ly90ZXN0LzQ3MYYPaHR0cDovL3Rlc3QvNDcyhg9odHRwOi8vdGVz +dC80NzOGD2h0dHA6Ly90ZXN0LzQ3NIYPaHR0cDovL3Rlc3QvNDc1hg9odHRwOi8v +dGVzdC80NzaGD2h0dHA6Ly90ZXN0LzQ3N4YPaHR0cDovL3Rlc3QvNDc4hg9odHRw +Oi8vdGVzdC80NzmGD2h0dHA6Ly90ZXN0LzQ4MIYPaHR0cDovL3Rlc3QvNDgxhg9o +dHRwOi8vdGVzdC80ODKGD2h0dHA6Ly90ZXN0LzQ4M4YPaHR0cDovL3Rlc3QvNDg0 +hg9odHRwOi8vdGVzdC80ODWGD2h0dHA6Ly90ZXN0LzQ4NoYPaHR0cDovL3Rlc3Qv +NDg3hg9odHRwOi8vdGVzdC80ODiGD2h0dHA6Ly90ZXN0LzQ4OYYPaHR0cDovL3Rl +c3QvNDkwhg9odHRwOi8vdGVzdC80OTGGD2h0dHA6Ly90ZXN0LzQ5MoYPaHR0cDov +L3Rlc3QvNDkzhg9odHRwOi8vdGVzdC80OTSGD2h0dHA6Ly90ZXN0LzQ5NYYPaHR0 +cDovL3Rlc3QvNDk2hg9odHRwOi8vdGVzdC80OTeGD2h0dHA6Ly90ZXN0LzQ5OIYP +aHR0cDovL3Rlc3QvNDk5hg9odHRwOi8vdGVzdC81MDCGD2h0dHA6Ly90ZXN0LzUw +MYYPaHR0cDovL3Rlc3QvNTAyhg9odHRwOi8vdGVzdC81MDOGD2h0dHA6Ly90ZXN0 +LzUwNIYPaHR0cDovL3Rlc3QvNTA1hg9odHRwOi8vdGVzdC81MDaGD2h0dHA6Ly90 +ZXN0LzUwN4YPaHR0cDovL3Rlc3QvNTA4hg9odHRwOi8vdGVzdC81MDmGD2h0dHA6 +Ly90ZXN0LzUxMIYPaHR0cDovL3Rlc3QvNTExhg9odHRwOi8vdGVzdC81MTKGD2h0 +dHA6Ly90ZXN0LzUxM4YPaHR0cDovL3Rlc3QvNTE0hg9odHRwOi8vdGVzdC81MTWG +D2h0dHA6Ly90ZXN0LzUxNoYPaHR0cDovL3Rlc3QvNTE3hg9odHRwOi8vdGVzdC81 +MTiGD2h0dHA6Ly90ZXN0LzUxOYYPaHR0cDovL3Rlc3QvNTIwhg9odHRwOi8vdGVz +dC81MjGGD2h0dHA6Ly90ZXN0LzUyMoYPaHR0cDovL3Rlc3QvNTIzhg9odHRwOi8v +dGVzdC81MjSGD2h0dHA6Ly90ZXN0LzUyNYYPaHR0cDovL3Rlc3QvNTI2hg9odHRw +Oi8vdGVzdC81MjeGD2h0dHA6Ly90ZXN0LzUyOIYPaHR0cDovL3Rlc3QvNTI5hg9o +dHRwOi8vdGVzdC81MzCGD2h0dHA6Ly90ZXN0LzUzMYYPaHR0cDovL3Rlc3QvNTMy +hg9odHRwOi8vdGVzdC81MzOGD2h0dHA6Ly90ZXN0LzUzNIYPaHR0cDovL3Rlc3Qv +NTM1hg9odHRwOi8vdGVzdC81MzaGD2h0dHA6Ly90ZXN0LzUzN4YPaHR0cDovL3Rl +c3QvNTM4hg9odHRwOi8vdGVzdC81MzmGD2h0dHA6Ly90ZXN0LzU0MIYPaHR0cDov +L3Rlc3QvNTQxhg9odHRwOi8vdGVzdC81NDKGD2h0dHA6Ly90ZXN0LzU0M4YPaHR0 +cDovL3Rlc3QvNTQ0hg9odHRwOi8vdGVzdC81NDWGD2h0dHA6Ly90ZXN0LzU0NoYP +aHR0cDovL3Rlc3QvNTQ3hg9odHRwOi8vdGVzdC81NDiGD2h0dHA6Ly90ZXN0LzU0 +OYYPaHR0cDovL3Rlc3QvNTUwhg9odHRwOi8vdGVzdC81NTGGD2h0dHA6Ly90ZXN0 +LzU1MoYPaHR0cDovL3Rlc3QvNTUzhg9odHRwOi8vdGVzdC81NTSGD2h0dHA6Ly90 +ZXN0LzU1NYYPaHR0cDovL3Rlc3QvNTU2hg9odHRwOi8vdGVzdC81NTeGD2h0dHA6 +Ly90ZXN0LzU1OIYPaHR0cDovL3Rlc3QvNTU5hg9odHRwOi8vdGVzdC81NjCGD2h0 +dHA6Ly90ZXN0LzU2MYYPaHR0cDovL3Rlc3QvNTYyhg9odHRwOi8vdGVzdC81NjOG +D2h0dHA6Ly90ZXN0LzU2NIYPaHR0cDovL3Rlc3QvNTY1hg9odHRwOi8vdGVzdC81 +NjaGD2h0dHA6Ly90ZXN0LzU2N4YPaHR0cDovL3Rlc3QvNTY4hg9odHRwOi8vdGVz +dC81NjmGD2h0dHA6Ly90ZXN0LzU3MIYPaHR0cDovL3Rlc3QvNTcxhg9odHRwOi8v +dGVzdC81NzKGD2h0dHA6Ly90ZXN0LzU3M4YPaHR0cDovL3Rlc3QvNTc0hg9odHRw +Oi8vdGVzdC81NzWGD2h0dHA6Ly90ZXN0LzU3NoYPaHR0cDovL3Rlc3QvNTc3hg9o +dHRwOi8vdGVzdC81NziGD2h0dHA6Ly90ZXN0LzU3OYYPaHR0cDovL3Rlc3QvNTgw +hg9odHRwOi8vdGVzdC81ODGGD2h0dHA6Ly90ZXN0LzU4MoYPaHR0cDovL3Rlc3Qv +NTgzhg9odHRwOi8vdGVzdC81ODSGD2h0dHA6Ly90ZXN0LzU4NYYPaHR0cDovL3Rl +c3QvNTg2hg9odHRwOi8vdGVzdC81ODeGD2h0dHA6Ly90ZXN0LzU4OIYPaHR0cDov +L3Rlc3QvNTg5hg9odHRwOi8vdGVzdC81OTCGD2h0dHA6Ly90ZXN0LzU5MYYPaHR0 +cDovL3Rlc3QvNTkyhg9odHRwOi8vdGVzdC81OTOGD2h0dHA6Ly90ZXN0LzU5NIYP +aHR0cDovL3Rlc3QvNTk1hg9odHRwOi8vdGVzdC81OTaGD2h0dHA6Ly90ZXN0LzU5 +N4YPaHR0cDovL3Rlc3QvNTk4hg9odHRwOi8vdGVzdC81OTmGD2h0dHA6Ly90ZXN0 +LzYwMIYPaHR0cDovL3Rlc3QvNjAxhg9odHRwOi8vdGVzdC82MDKGD2h0dHA6Ly90 +ZXN0LzYwM4YPaHR0cDovL3Rlc3QvNjA0hg9odHRwOi8vdGVzdC82MDWGD2h0dHA6 +Ly90ZXN0LzYwNoYPaHR0cDovL3Rlc3QvNjA3hg9odHRwOi8vdGVzdC82MDiGD2h0 +dHA6Ly90ZXN0LzYwOYYPaHR0cDovL3Rlc3QvNjEwhg9odHRwOi8vdGVzdC82MTGG +D2h0dHA6Ly90ZXN0LzYxMoYPaHR0cDovL3Rlc3QvNjEzhg9odHRwOi8vdGVzdC82 +MTSGD2h0dHA6Ly90ZXN0LzYxNYYPaHR0cDovL3Rlc3QvNjE2hg9odHRwOi8vdGVz +dC82MTeGD2h0dHA6Ly90ZXN0LzYxOIYPaHR0cDovL3Rlc3QvNjE5hg9odHRwOi8v +dGVzdC82MjCGD2h0dHA6Ly90ZXN0LzYyMYYPaHR0cDovL3Rlc3QvNjIyhg9odHRw +Oi8vdGVzdC82MjOGD2h0dHA6Ly90ZXN0LzYyNIYPaHR0cDovL3Rlc3QvNjI1hg9o +dHRwOi8vdGVzdC82MjaGD2h0dHA6Ly90ZXN0LzYyN4YPaHR0cDovL3Rlc3QvNjI4 +hg9odHRwOi8vdGVzdC82MjmGD2h0dHA6Ly90ZXN0LzYzMIYPaHR0cDovL3Rlc3Qv +NjMxhg9odHRwOi8vdGVzdC82MzKGD2h0dHA6Ly90ZXN0LzYzM4YPaHR0cDovL3Rl +c3QvNjM0hg9odHRwOi8vdGVzdC82MzWGD2h0dHA6Ly90ZXN0LzYzNoYPaHR0cDov +L3Rlc3QvNjM3hg9odHRwOi8vdGVzdC82MziGD2h0dHA6Ly90ZXN0LzYzOYYPaHR0 +cDovL3Rlc3QvNjQwhg9odHRwOi8vdGVzdC82NDGGD2h0dHA6Ly90ZXN0LzY0MoYP +aHR0cDovL3Rlc3QvNjQzhg9odHRwOi8vdGVzdC82NDSGD2h0dHA6Ly90ZXN0LzY0 +NYYPaHR0cDovL3Rlc3QvNjQ2hg9odHRwOi8vdGVzdC82NDeGD2h0dHA6Ly90ZXN0 +LzY0OIYPaHR0cDovL3Rlc3QvNjQ5hg9odHRwOi8vdGVzdC82NTCGD2h0dHA6Ly90 +ZXN0LzY1MYYPaHR0cDovL3Rlc3QvNjUyhg9odHRwOi8vdGVzdC82NTOGD2h0dHA6 +Ly90ZXN0LzY1NIYPaHR0cDovL3Rlc3QvNjU1hg9odHRwOi8vdGVzdC82NTaGD2h0 +dHA6Ly90ZXN0LzY1N4YPaHR0cDovL3Rlc3QvNjU4hg9odHRwOi8vdGVzdC82NTmG +D2h0dHA6Ly90ZXN0LzY2MIYPaHR0cDovL3Rlc3QvNjYxhg9odHRwOi8vdGVzdC82 +NjKGD2h0dHA6Ly90ZXN0LzY2M4YPaHR0cDovL3Rlc3QvNjY0hg9odHRwOi8vdGVz +dC82NjWGD2h0dHA6Ly90ZXN0LzY2NoYPaHR0cDovL3Rlc3QvNjY3hg9odHRwOi8v +dGVzdC82NjiGD2h0dHA6Ly90ZXN0LzY2OYYPaHR0cDovL3Rlc3QvNjcwhg9odHRw +Oi8vdGVzdC82NzGGD2h0dHA6Ly90ZXN0LzY3MoYPaHR0cDovL3Rlc3QvNjczhg9o +dHRwOi8vdGVzdC82NzSGD2h0dHA6Ly90ZXN0LzY3NYYPaHR0cDovL3Rlc3QvNjc2 +hg9odHRwOi8vdGVzdC82NzeGD2h0dHA6Ly90ZXN0LzY3OIYPaHR0cDovL3Rlc3Qv +Njc5hg9odHRwOi8vdGVzdC82ODCGD2h0dHA6Ly90ZXN0LzY4MYYPaHR0cDovL3Rl +c3QvNjgyhg9odHRwOi8vdGVzdC82ODOGD2h0dHA6Ly90ZXN0LzY4NIYPaHR0cDov +L3Rlc3QvNjg1hg9odHRwOi8vdGVzdC82ODaGD2h0dHA6Ly90ZXN0LzY4N4YPaHR0 +cDovL3Rlc3QvNjg4hg9odHRwOi8vdGVzdC82ODmGD2h0dHA6Ly90ZXN0LzY5MIYP +aHR0cDovL3Rlc3QvNjkxhg9odHRwOi8vdGVzdC82OTKGD2h0dHA6Ly90ZXN0LzY5 +M4YPaHR0cDovL3Rlc3QvNjk0hg9odHRwOi8vdGVzdC82OTWGD2h0dHA6Ly90ZXN0 +LzY5NoYPaHR0cDovL3Rlc3QvNjk3hg9odHRwOi8vdGVzdC82OTiGD2h0dHA6Ly90 +ZXN0LzY5OYYPaHR0cDovL3Rlc3QvNzAwhg9odHRwOi8vdGVzdC83MDGGD2h0dHA6 +Ly90ZXN0LzcwMoYPaHR0cDovL3Rlc3QvNzAzhg9odHRwOi8vdGVzdC83MDSGD2h0 +dHA6Ly90ZXN0LzcwNYYPaHR0cDovL3Rlc3QvNzA2hg9odHRwOi8vdGVzdC83MDeG +D2h0dHA6Ly90ZXN0LzcwOIYPaHR0cDovL3Rlc3QvNzA5hg9odHRwOi8vdGVzdC83 +MTCGD2h0dHA6Ly90ZXN0LzcxMYYPaHR0cDovL3Rlc3QvNzEyhg9odHRwOi8vdGVz +dC83MTOGD2h0dHA6Ly90ZXN0LzcxNIYPaHR0cDovL3Rlc3QvNzE1hg9odHRwOi8v +dGVzdC83MTaGD2h0dHA6Ly90ZXN0LzcxN4YPaHR0cDovL3Rlc3QvNzE4hg9odHRw +Oi8vdGVzdC83MTmGD2h0dHA6Ly90ZXN0LzcyMIYPaHR0cDovL3Rlc3QvNzIxhg9o +dHRwOi8vdGVzdC83MjKGD2h0dHA6Ly90ZXN0LzcyM4YPaHR0cDovL3Rlc3QvNzI0 +hg9odHRwOi8vdGVzdC83MjWGD2h0dHA6Ly90ZXN0LzcyNoYPaHR0cDovL3Rlc3Qv +NzI3hg9odHRwOi8vdGVzdC83MjiGD2h0dHA6Ly90ZXN0LzcyOYYPaHR0cDovL3Rl +c3QvNzMwhg9odHRwOi8vdGVzdC83MzGGD2h0dHA6Ly90ZXN0LzczMoYPaHR0cDov +L3Rlc3QvNzMzhg9odHRwOi8vdGVzdC83MzSGD2h0dHA6Ly90ZXN0LzczNYYPaHR0 +cDovL3Rlc3QvNzM2hg9odHRwOi8vdGVzdC83MzeGD2h0dHA6Ly90ZXN0LzczOIYP +aHR0cDovL3Rlc3QvNzM5hg9odHRwOi8vdGVzdC83NDCGD2h0dHA6Ly90ZXN0Lzc0 +MYYPaHR0cDovL3Rlc3QvNzQyhg9odHRwOi8vdGVzdC83NDOGD2h0dHA6Ly90ZXN0 +Lzc0NIYPaHR0cDovL3Rlc3QvNzQ1hg9odHRwOi8vdGVzdC83NDaGD2h0dHA6Ly90 +ZXN0Lzc0N4YPaHR0cDovL3Rlc3QvNzQ4hg9odHRwOi8vdGVzdC83NDmGD2h0dHA6 +Ly90ZXN0Lzc1MIYPaHR0cDovL3Rlc3QvNzUxhg9odHRwOi8vdGVzdC83NTKGD2h0 +dHA6Ly90ZXN0Lzc1M4YPaHR0cDovL3Rlc3QvNzU0hg9odHRwOi8vdGVzdC83NTWG +D2h0dHA6Ly90ZXN0Lzc1NoYPaHR0cDovL3Rlc3QvNzU3hg9odHRwOi8vdGVzdC83 +NTiGD2h0dHA6Ly90ZXN0Lzc1OYYPaHR0cDovL3Rlc3QvNzYwhg9odHRwOi8vdGVz +dC83NjGGD2h0dHA6Ly90ZXN0Lzc2MoYPaHR0cDovL3Rlc3QvNzYzhg9odHRwOi8v +dGVzdC83NjSGD2h0dHA6Ly90ZXN0Lzc2NYYPaHR0cDovL3Rlc3QvNzY2hg9odHRw +Oi8vdGVzdC83NjeGD2h0dHA6Ly90ZXN0Lzc2OIYPaHR0cDovL3Rlc3QvNzY5hg9o +dHRwOi8vdGVzdC83NzCGD2h0dHA6Ly90ZXN0Lzc3MYYPaHR0cDovL3Rlc3QvNzcy +hg9odHRwOi8vdGVzdC83NzOGD2h0dHA6Ly90ZXN0Lzc3NIYPaHR0cDovL3Rlc3Qv +Nzc1hg9odHRwOi8vdGVzdC83NzaGD2h0dHA6Ly90ZXN0Lzc3N4YPaHR0cDovL3Rl +c3QvNzc4hg9odHRwOi8vdGVzdC83NzmGD2h0dHA6Ly90ZXN0Lzc4MIYPaHR0cDov +L3Rlc3QvNzgxhg9odHRwOi8vdGVzdC83ODKGD2h0dHA6Ly90ZXN0Lzc4M4YPaHR0 +cDovL3Rlc3QvNzg0hg9odHRwOi8vdGVzdC83ODWGD2h0dHA6Ly90ZXN0Lzc4NoYP +aHR0cDovL3Rlc3QvNzg3hg9odHRwOi8vdGVzdC83ODiGD2h0dHA6Ly90ZXN0Lzc4 +OYYPaHR0cDovL3Rlc3QvNzkwhg9odHRwOi8vdGVzdC83OTGGD2h0dHA6Ly90ZXN0 +Lzc5MoYPaHR0cDovL3Rlc3QvNzkzhg9odHRwOi8vdGVzdC83OTSGD2h0dHA6Ly90 +ZXN0Lzc5NYYPaHR0cDovL3Rlc3QvNzk2hg9odHRwOi8vdGVzdC83OTeGD2h0dHA6 +Ly90ZXN0Lzc5OIYPaHR0cDovL3Rlc3QvNzk5hg9odHRwOi8vdGVzdC84MDCGD2h0 +dHA6Ly90ZXN0LzgwMYYPaHR0cDovL3Rlc3QvODAyhg9odHRwOi8vdGVzdC84MDOG +D2h0dHA6Ly90ZXN0LzgwNIYPaHR0cDovL3Rlc3QvODA1hg9odHRwOi8vdGVzdC84 +MDaGD2h0dHA6Ly90ZXN0LzgwN4YPaHR0cDovL3Rlc3QvODA4hg9odHRwOi8vdGVz +dC84MDmGD2h0dHA6Ly90ZXN0LzgxMIYPaHR0cDovL3Rlc3QvODExhg9odHRwOi8v +dGVzdC84MTKGD2h0dHA6Ly90ZXN0LzgxM4YPaHR0cDovL3Rlc3QvODE0hg9odHRw +Oi8vdGVzdC84MTWGD2h0dHA6Ly90ZXN0LzgxNoYPaHR0cDovL3Rlc3QvODE3hg9o +dHRwOi8vdGVzdC84MTiGD2h0dHA6Ly90ZXN0LzgxOYYPaHR0cDovL3Rlc3QvODIw +hg9odHRwOi8vdGVzdC84MjGGD2h0dHA6Ly90ZXN0LzgyMoYPaHR0cDovL3Rlc3Qv +ODIzhg9odHRwOi8vdGVzdC84MjSGD2h0dHA6Ly90ZXN0LzgyNYYPaHR0cDovL3Rl +c3QvODI2hg9odHRwOi8vdGVzdC84MjeGD2h0dHA6Ly90ZXN0LzgyOIYPaHR0cDov +L3Rlc3QvODI5hg9odHRwOi8vdGVzdC84MzCGD2h0dHA6Ly90ZXN0LzgzMYYPaHR0 +cDovL3Rlc3QvODMyhg9odHRwOi8vdGVzdC84MzOGD2h0dHA6Ly90ZXN0LzgzNIYP +aHR0cDovL3Rlc3QvODM1hg9odHRwOi8vdGVzdC84MzaGD2h0dHA6Ly90ZXN0Lzgz +N4YPaHR0cDovL3Rlc3QvODM4hg9odHRwOi8vdGVzdC84MzmGD2h0dHA6Ly90ZXN0 +Lzg0MIYPaHR0cDovL3Rlc3QvODQxhg9odHRwOi8vdGVzdC84NDKGD2h0dHA6Ly90 +ZXN0Lzg0M4YPaHR0cDovL3Rlc3QvODQ0hg9odHRwOi8vdGVzdC84NDWGD2h0dHA6 +Ly90ZXN0Lzg0NoYPaHR0cDovL3Rlc3QvODQ3hg9odHRwOi8vdGVzdC84NDiGD2h0 +dHA6Ly90ZXN0Lzg0OYYPaHR0cDovL3Rlc3QvODUwhg9odHRwOi8vdGVzdC84NTGG +D2h0dHA6Ly90ZXN0Lzg1MoYPaHR0cDovL3Rlc3QvODUzhg9odHRwOi8vdGVzdC84 +NTSGD2h0dHA6Ly90ZXN0Lzg1NYYPaHR0cDovL3Rlc3QvODU2hg9odHRwOi8vdGVz +dC84NTeGD2h0dHA6Ly90ZXN0Lzg1OIYPaHR0cDovL3Rlc3QvODU5hg9odHRwOi8v +dGVzdC84NjCGD2h0dHA6Ly90ZXN0Lzg2MYYPaHR0cDovL3Rlc3QvODYyhg9odHRw +Oi8vdGVzdC84NjOGD2h0dHA6Ly90ZXN0Lzg2NIYPaHR0cDovL3Rlc3QvODY1hg9o +dHRwOi8vdGVzdC84NjaGD2h0dHA6Ly90ZXN0Lzg2N4YPaHR0cDovL3Rlc3QvODY4 +hg9odHRwOi8vdGVzdC84NjmGD2h0dHA6Ly90ZXN0Lzg3MIYPaHR0cDovL3Rlc3Qv +ODcxhg9odHRwOi8vdGVzdC84NzKGD2h0dHA6Ly90ZXN0Lzg3M4YPaHR0cDovL3Rl +c3QvODc0hg9odHRwOi8vdGVzdC84NzWGD2h0dHA6Ly90ZXN0Lzg3NoYPaHR0cDov +L3Rlc3QvODc3hg9odHRwOi8vdGVzdC84NziGD2h0dHA6Ly90ZXN0Lzg3OYYPaHR0 +cDovL3Rlc3QvODgwhg9odHRwOi8vdGVzdC84ODGGD2h0dHA6Ly90ZXN0Lzg4MoYP +aHR0cDovL3Rlc3QvODgzhg9odHRwOi8vdGVzdC84ODSGD2h0dHA6Ly90ZXN0Lzg4 +NYYPaHR0cDovL3Rlc3QvODg2hg9odHRwOi8vdGVzdC84ODeGD2h0dHA6Ly90ZXN0 +Lzg4OIYPaHR0cDovL3Rlc3QvODg5hg9odHRwOi8vdGVzdC84OTCGD2h0dHA6Ly90 +ZXN0Lzg5MYYPaHR0cDovL3Rlc3QvODkyhg9odHRwOi8vdGVzdC84OTOGD2h0dHA6 +Ly90ZXN0Lzg5NIYPaHR0cDovL3Rlc3QvODk1hg9odHRwOi8vdGVzdC84OTaGD2h0 +dHA6Ly90ZXN0Lzg5N4YPaHR0cDovL3Rlc3QvODk4hg9odHRwOi8vdGVzdC84OTmG +D2h0dHA6Ly90ZXN0LzkwMIYPaHR0cDovL3Rlc3QvOTAxhg9odHRwOi8vdGVzdC85 +MDKGD2h0dHA6Ly90ZXN0LzkwM4YPaHR0cDovL3Rlc3QvOTA0hg9odHRwOi8vdGVz +dC85MDWGD2h0dHA6Ly90ZXN0LzkwNoYPaHR0cDovL3Rlc3QvOTA3hg9odHRwOi8v +dGVzdC85MDiGD2h0dHA6Ly90ZXN0LzkwOYYPaHR0cDovL3Rlc3QvOTEwhg9odHRw +Oi8vdGVzdC85MTGGD2h0dHA6Ly90ZXN0LzkxMoYPaHR0cDovL3Rlc3QvOTEzhg9o +dHRwOi8vdGVzdC85MTSGD2h0dHA6Ly90ZXN0LzkxNYYPaHR0cDovL3Rlc3QvOTE2 +hg9odHRwOi8vdGVzdC85MTeGD2h0dHA6Ly90ZXN0LzkxOIYPaHR0cDovL3Rlc3Qv +OTE5hg9odHRwOi8vdGVzdC85MjCGD2h0dHA6Ly90ZXN0LzkyMYYPaHR0cDovL3Rl +c3QvOTIyhg9odHRwOi8vdGVzdC85MjOGD2h0dHA6Ly90ZXN0LzkyNIYPaHR0cDov +L3Rlc3QvOTI1hg9odHRwOi8vdGVzdC85MjaGD2h0dHA6Ly90ZXN0LzkyN4YPaHR0 +cDovL3Rlc3QvOTI4hg9odHRwOi8vdGVzdC85MjmGD2h0dHA6Ly90ZXN0LzkzMIYP +aHR0cDovL3Rlc3QvOTMxhg9odHRwOi8vdGVzdC85MzKGD2h0dHA6Ly90ZXN0Lzkz +M4YPaHR0cDovL3Rlc3QvOTM0hg9odHRwOi8vdGVzdC85MzWGD2h0dHA6Ly90ZXN0 +LzkzNoYPaHR0cDovL3Rlc3QvOTM3hg9odHRwOi8vdGVzdC85MziGD2h0dHA6Ly90 +ZXN0LzkzOYYPaHR0cDovL3Rlc3QvOTQwhg9odHRwOi8vdGVzdC85NDGGD2h0dHA6 +Ly90ZXN0Lzk0MoYPaHR0cDovL3Rlc3QvOTQzhg9odHRwOi8vdGVzdC85NDSGD2h0 +dHA6Ly90ZXN0Lzk0NYYPaHR0cDovL3Rlc3QvOTQ2hg9odHRwOi8vdGVzdC85NDeG +D2h0dHA6Ly90ZXN0Lzk0OIYPaHR0cDovL3Rlc3QvOTQ5hg9odHRwOi8vdGVzdC85 +NTCGD2h0dHA6Ly90ZXN0Lzk1MYYPaHR0cDovL3Rlc3QvOTUyhg9odHRwOi8vdGVz +dC85NTOGD2h0dHA6Ly90ZXN0Lzk1NIYPaHR0cDovL3Rlc3QvOTU1hg9odHRwOi8v +dGVzdC85NTaGD2h0dHA6Ly90ZXN0Lzk1N4YPaHR0cDovL3Rlc3QvOTU4hg9odHRw +Oi8vdGVzdC85NTmGD2h0dHA6Ly90ZXN0Lzk2MIYPaHR0cDovL3Rlc3QvOTYxhg9o +dHRwOi8vdGVzdC85NjKGD2h0dHA6Ly90ZXN0Lzk2M4YPaHR0cDovL3Rlc3QvOTY0 +hg9odHRwOi8vdGVzdC85NjWGD2h0dHA6Ly90ZXN0Lzk2NoYPaHR0cDovL3Rlc3Qv +OTY3hg9odHRwOi8vdGVzdC85NjiGD2h0dHA6Ly90ZXN0Lzk2OYYPaHR0cDovL3Rl +c3QvOTcwhg9odHRwOi8vdGVzdC85NzGGD2h0dHA6Ly90ZXN0Lzk3MoYPaHR0cDov +L3Rlc3QvOTczhg9odHRwOi8vdGVzdC85NzSGD2h0dHA6Ly90ZXN0Lzk3NYYPaHR0 +cDovL3Rlc3QvOTc2hg9odHRwOi8vdGVzdC85NzeGD2h0dHA6Ly90ZXN0Lzk3OIYP +aHR0cDovL3Rlc3QvOTc5hg9odHRwOi8vdGVzdC85ODCGD2h0dHA6Ly90ZXN0Lzk4 +MYYPaHR0cDovL3Rlc3QvOTgyhg9odHRwOi8vdGVzdC85ODOGD2h0dHA6Ly90ZXN0 +Lzk4NIYPaHR0cDovL3Rlc3QvOTg1hg9odHRwOi8vdGVzdC85ODaGD2h0dHA6Ly90 +ZXN0Lzk4N4YPaHR0cDovL3Rlc3QvOTg4hg9odHRwOi8vdGVzdC85ODmGD2h0dHA6 +Ly90ZXN0Lzk5MIYPaHR0cDovL3Rlc3QvOTkxhg9odHRwOi8vdGVzdC85OTKGD2h0 +dHA6Ly90ZXN0Lzk5M4YPaHR0cDovL3Rlc3QvOTk0hg9odHRwOi8vdGVzdC85OTWG +D2h0dHA6Ly90ZXN0Lzk5NoYPaHR0cDovL3Rlc3QvOTk3hg9odHRwOi8vdGVzdC85 +OTiGD2h0dHA6Ly90ZXN0Lzk5OYYQaHR0cDovL3Rlc3QvMTAwMIYQaHR0cDovL3Rl +c3QvMTAwMYYQaHR0cDovL3Rlc3QvMTAwMoYQaHR0cDovL3Rlc3QvMTAwM4YQaHR0 +cDovL3Rlc3QvMTAwNIYQaHR0cDovL3Rlc3QvMTAwNYYQaHR0cDovL3Rlc3QvMTAw +NoYQaHR0cDovL3Rlc3QvMTAwN4YQaHR0cDovL3Rlc3QvMTAwOIYQaHR0cDovL3Rl +c3QvMTAwOYYQaHR0cDovL3Rlc3QvMTAxMIYQaHR0cDovL3Rlc3QvMTAxMYYQaHR0 +cDovL3Rlc3QvMTAxMoYQaHR0cDovL3Rlc3QvMTAxM4YQaHR0cDovL3Rlc3QvMTAx +NIYQaHR0cDovL3Rlc3QvMTAxNYYQaHR0cDovL3Rlc3QvMTAxNoYQaHR0cDovL3Rl +c3QvMTAxN4YQaHR0cDovL3Rlc3QvMTAxOIYQaHR0cDovL3Rlc3QvMTAxOYYQaHR0 +cDovL3Rlc3QvMTAyMIYQaHR0cDovL3Rlc3QvMTAyMYYQaHR0cDovL3Rlc3QvMTAy +MoYQaHR0cDovL3Rlc3QvMTAyM4YQaHR0cDovL3Rlc3QvMTAyNDANBgkqhkiG9w0B +AQsFAAOCAQEACAB/4EB10kM2P+Nsz8FKabIMG6ioa3ru7dAt7uJS2SofXawp9RLi +rzvboG06tAnvdvpSaF8HX5+kUo8d2tq2k1SHR9A8Zn7/G+Me2lJMAEZbDOueuF4e +2/fO3SwPTiMdY5jt5RjoBJyhHs1Y3glDTb+NS22OMummU0AXDOJZQ1UtP6uvqhNI +rACsW98WxyAq6lDveXjJNNXFf48n0FpCOugTAVG8o7lTbx3kc1KN8Mec0UYZqihj +PsxKX2MNHShL4LQ3g9uFjISGfjcVqO2oANoUl/3xyOpuOrcZwW9Tawv/KWAwfbY1 +1rhYb1UyGMZEwwjYxJUle7oTBCY0fNQOoQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.serial b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.serial new file mode 100644 index 0000000000..7d65bb030a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0.serial @@ -0,0 +1 @@ +4e051cb473343d0bb73feba2b428796a07e228cc diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.cnf new file mode 100644 index 0000000000..993796c831 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.cnf @@ -0,0 +1,2114 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_1.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +DNS.1 = t0.test +DNS.2 = t1.test +DNS.3 = t2.test +DNS.4 = t3.test +DNS.5 = t4.test +DNS.6 = t5.test +DNS.7 = t6.test +DNS.8 = t7.test +DNS.9 = t8.test +DNS.10 = t9.test +DNS.11 = t10.test +DNS.12 = t11.test +DNS.13 = t12.test +DNS.14 = t13.test +DNS.15 = t14.test +DNS.16 = t15.test +DNS.17 = t16.test +DNS.18 = t17.test +DNS.19 = t18.test +DNS.20 = t19.test +DNS.21 = t20.test +DNS.22 = t21.test +DNS.23 = t22.test +DNS.24 = t23.test +DNS.25 = t24.test +DNS.26 = t25.test +DNS.27 = t26.test +DNS.28 = t27.test +DNS.29 = t28.test +DNS.30 = t29.test +DNS.31 = t30.test +DNS.32 = t31.test +DNS.33 = t32.test +DNS.34 = t33.test +DNS.35 = t34.test +DNS.36 = t35.test +DNS.37 = t36.test +DNS.38 = t37.test +DNS.39 = t38.test +DNS.40 = t39.test +DNS.41 = t40.test +DNS.42 = t41.test +DNS.43 = t42.test +DNS.44 = t43.test +DNS.45 = t44.test +DNS.46 = t45.test +DNS.47 = t46.test +DNS.48 = t47.test +DNS.49 = t48.test +DNS.50 = t49.test +DNS.51 = t50.test +DNS.52 = t51.test +DNS.53 = t52.test +DNS.54 = t53.test +DNS.55 = t54.test +DNS.56 = t55.test +DNS.57 = t56.test +DNS.58 = t57.test +DNS.59 = t58.test +DNS.60 = t59.test +DNS.61 = t60.test +DNS.62 = t61.test +DNS.63 = t62.test +DNS.64 = t63.test +DNS.65 = t64.test +DNS.66 = t65.test +DNS.67 = t66.test +DNS.68 = t67.test +DNS.69 = t68.test +DNS.70 = t69.test +DNS.71 = t70.test +DNS.72 = t71.test +DNS.73 = t72.test +DNS.74 = t73.test +DNS.75 = t74.test +DNS.76 = t75.test +DNS.77 = t76.test +DNS.78 = t77.test +DNS.79 = t78.test +DNS.80 = t79.test +DNS.81 = t80.test +DNS.82 = t81.test +DNS.83 = t82.test +DNS.84 = t83.test +DNS.85 = t84.test +DNS.86 = t85.test +DNS.87 = t86.test +DNS.88 = t87.test +DNS.89 = t88.test +DNS.90 = t89.test +DNS.91 = t90.test +DNS.92 = t91.test +DNS.93 = t92.test +DNS.94 = t93.test +DNS.95 = t94.test +DNS.96 = t95.test +DNS.97 = t96.test +DNS.98 = t97.test +DNS.99 = t98.test +DNS.100 = t99.test +DNS.101 = t100.test +DNS.102 = t101.test +DNS.103 = t102.test +DNS.104 = t103.test +DNS.105 = t104.test +DNS.106 = t105.test +DNS.107 = t106.test +DNS.108 = t107.test +DNS.109 = t108.test +DNS.110 = t109.test +DNS.111 = t110.test +DNS.112 = t111.test +DNS.113 = t112.test +DNS.114 = t113.test +DNS.115 = t114.test +DNS.116 = t115.test +DNS.117 = t116.test +DNS.118 = t117.test +DNS.119 = t118.test +DNS.120 = t119.test +DNS.121 = t120.test +DNS.122 = t121.test +DNS.123 = t122.test +DNS.124 = t123.test +DNS.125 = t124.test +DNS.126 = t125.test +DNS.127 = t126.test +DNS.128 = t127.test +DNS.129 = t128.test +DNS.130 = t129.test +DNS.131 = t130.test +DNS.132 = t131.test +DNS.133 = t132.test +DNS.134 = t133.test +DNS.135 = t134.test +DNS.136 = t135.test +DNS.137 = t136.test +DNS.138 = t137.test +DNS.139 = t138.test +DNS.140 = t139.test +DNS.141 = t140.test +DNS.142 = t141.test +DNS.143 = t142.test +DNS.144 = t143.test +DNS.145 = t144.test +DNS.146 = t145.test +DNS.147 = t146.test +DNS.148 = t147.test +DNS.149 = t148.test +DNS.150 = t149.test +DNS.151 = t150.test +DNS.152 = t151.test +DNS.153 = t152.test +DNS.154 = t153.test +DNS.155 = t154.test +DNS.156 = t155.test +DNS.157 = t156.test +DNS.158 = t157.test +DNS.159 = t158.test +DNS.160 = t159.test +DNS.161 = t160.test +DNS.162 = t161.test +DNS.163 = t162.test +DNS.164 = t163.test +DNS.165 = t164.test +DNS.166 = t165.test +DNS.167 = t166.test +DNS.168 = t167.test +DNS.169 = t168.test +DNS.170 = t169.test +DNS.171 = t170.test +DNS.172 = t171.test +DNS.173 = t172.test +DNS.174 = t173.test +DNS.175 = t174.test +DNS.176 = t175.test +DNS.177 = t176.test +DNS.178 = t177.test +DNS.179 = t178.test +DNS.180 = t179.test +DNS.181 = t180.test +DNS.182 = t181.test +DNS.183 = t182.test +DNS.184 = t183.test +DNS.185 = t184.test +DNS.186 = t185.test +DNS.187 = t186.test +DNS.188 = t187.test +DNS.189 = t188.test +DNS.190 = t189.test +DNS.191 = t190.test +DNS.192 = t191.test +DNS.193 = t192.test +DNS.194 = t193.test +DNS.195 = t194.test +DNS.196 = t195.test +DNS.197 = t196.test +DNS.198 = t197.test +DNS.199 = t198.test +DNS.200 = t199.test +DNS.201 = t200.test +DNS.202 = t201.test +DNS.203 = t202.test +DNS.204 = t203.test +DNS.205 = t204.test +DNS.206 = t205.test +DNS.207 = t206.test +DNS.208 = t207.test +DNS.209 = t208.test +DNS.210 = t209.test +DNS.211 = t210.test +DNS.212 = t211.test +DNS.213 = t212.test +DNS.214 = t213.test +DNS.215 = t214.test +DNS.216 = t215.test +DNS.217 = t216.test +DNS.218 = t217.test +DNS.219 = t218.test +DNS.220 = t219.test +DNS.221 = t220.test +DNS.222 = t221.test +DNS.223 = t222.test +DNS.224 = t223.test +DNS.225 = t224.test +DNS.226 = t225.test +DNS.227 = t226.test +DNS.228 = t227.test +DNS.229 = t228.test +DNS.230 = t229.test +DNS.231 = t230.test +DNS.232 = t231.test +DNS.233 = t232.test +DNS.234 = t233.test +DNS.235 = t234.test +DNS.236 = t235.test +DNS.237 = t236.test +DNS.238 = t237.test +DNS.239 = t238.test +DNS.240 = t239.test +DNS.241 = t240.test +DNS.242 = t241.test +DNS.243 = t242.test +DNS.244 = t243.test +DNS.245 = t244.test +DNS.246 = t245.test +DNS.247 = t246.test +DNS.248 = t247.test +DNS.249 = t248.test +DNS.250 = t249.test +DNS.251 = t250.test +DNS.252 = t251.test +DNS.253 = t252.test +DNS.254 = t253.test +DNS.255 = t254.test +DNS.256 = t255.test +DNS.257 = t256.test +DNS.258 = t257.test +DNS.259 = t258.test +DNS.260 = t259.test +DNS.261 = t260.test +DNS.262 = t261.test +DNS.263 = t262.test +DNS.264 = t263.test +DNS.265 = t264.test +DNS.266 = t265.test +DNS.267 = t266.test +DNS.268 = t267.test +DNS.269 = t268.test +DNS.270 = t269.test +DNS.271 = t270.test +DNS.272 = t271.test +DNS.273 = t272.test +DNS.274 = t273.test +DNS.275 = t274.test +DNS.276 = t275.test +DNS.277 = t276.test +DNS.278 = t277.test +DNS.279 = t278.test +DNS.280 = t279.test +DNS.281 = t280.test +DNS.282 = t281.test +DNS.283 = t282.test +DNS.284 = t283.test +DNS.285 = t284.test +DNS.286 = t285.test +DNS.287 = t286.test +DNS.288 = t287.test +DNS.289 = t288.test +DNS.290 = t289.test +DNS.291 = t290.test +DNS.292 = t291.test +DNS.293 = t292.test +DNS.294 = t293.test +DNS.295 = t294.test +DNS.296 = t295.test +DNS.297 = t296.test +DNS.298 = t297.test +DNS.299 = t298.test +DNS.300 = t299.test +DNS.301 = t300.test +DNS.302 = t301.test +DNS.303 = t302.test +DNS.304 = t303.test +DNS.305 = t304.test +DNS.306 = t305.test +DNS.307 = t306.test +DNS.308 = t307.test +DNS.309 = t308.test +DNS.310 = t309.test +DNS.311 = t310.test +DNS.312 = t311.test +DNS.313 = t312.test +DNS.314 = t313.test +DNS.315 = t314.test +DNS.316 = t315.test +DNS.317 = t316.test +DNS.318 = t317.test +DNS.319 = t318.test +DNS.320 = t319.test +DNS.321 = t320.test +DNS.322 = t321.test +DNS.323 = t322.test +DNS.324 = t323.test +DNS.325 = t324.test +DNS.326 = t325.test +DNS.327 = t326.test +DNS.328 = t327.test +DNS.329 = t328.test +DNS.330 = t329.test +DNS.331 = t330.test +DNS.332 = t331.test +DNS.333 = t332.test +DNS.334 = t333.test +DNS.335 = t334.test +DNS.336 = t335.test +DNS.337 = t336.test +DNS.338 = t337.test +DNS.339 = t338.test +DNS.340 = t339.test +DNS.341 = t340.test +DNS.342 = t341.test +IP.1 = 10.0.0.0 +IP.2 = 10.0.0.1 +IP.3 = 10.0.0.2 +IP.4 = 10.0.0.3 +IP.5 = 10.0.0.4 +IP.6 = 10.0.0.5 +IP.7 = 10.0.0.6 +IP.8 = 10.0.0.7 +IP.9 = 10.0.0.8 +IP.10 = 10.0.0.9 +IP.11 = 10.0.0.10 +IP.12 = 10.0.0.11 +IP.13 = 10.0.0.12 +IP.14 = 10.0.0.13 +IP.15 = 10.0.0.14 +IP.16 = 10.0.0.15 +IP.17 = 10.0.0.16 +IP.18 = 10.0.0.17 +IP.19 = 10.0.0.18 +IP.20 = 10.0.0.19 +IP.21 = 10.0.0.20 +IP.22 = 10.0.0.21 +IP.23 = 10.0.0.22 +IP.24 = 10.0.0.23 +IP.25 = 10.0.0.24 +IP.26 = 10.0.0.25 +IP.27 = 10.0.0.26 +IP.28 = 10.0.0.27 +IP.29 = 10.0.0.28 +IP.30 = 10.0.0.29 +IP.31 = 10.0.0.30 +IP.32 = 10.0.0.31 +IP.33 = 10.0.0.32 +IP.34 = 10.0.0.33 +IP.35 = 10.0.0.34 +IP.36 = 10.0.0.35 +IP.37 = 10.0.0.36 +IP.38 = 10.0.0.37 +IP.39 = 10.0.0.38 +IP.40 = 10.0.0.39 +IP.41 = 10.0.0.40 +IP.42 = 10.0.0.41 +IP.43 = 10.0.0.42 +IP.44 = 10.0.0.43 +IP.45 = 10.0.0.44 +IP.46 = 10.0.0.45 +IP.47 = 10.0.0.46 +IP.48 = 10.0.0.47 +IP.49 = 10.0.0.48 +IP.50 = 10.0.0.49 +IP.51 = 10.0.0.50 +IP.52 = 10.0.0.51 +IP.53 = 10.0.0.52 +IP.54 = 10.0.0.53 +IP.55 = 10.0.0.54 +IP.56 = 10.0.0.55 +IP.57 = 10.0.0.56 +IP.58 = 10.0.0.57 +IP.59 = 10.0.0.58 +IP.60 = 10.0.0.59 +IP.61 = 10.0.0.60 +IP.62 = 10.0.0.61 +IP.63 = 10.0.0.62 +IP.64 = 10.0.0.63 +IP.65 = 10.0.0.64 +IP.66 = 10.0.0.65 +IP.67 = 10.0.0.66 +IP.68 = 10.0.0.67 +IP.69 = 10.0.0.68 +IP.70 = 10.0.0.69 +IP.71 = 10.0.0.70 +IP.72 = 10.0.0.71 +IP.73 = 10.0.0.72 +IP.74 = 10.0.0.73 +IP.75 = 10.0.0.74 +IP.76 = 10.0.0.75 +IP.77 = 10.0.0.76 +IP.78 = 10.0.0.77 +IP.79 = 10.0.0.78 +IP.80 = 10.0.0.79 +IP.81 = 10.0.0.80 +IP.82 = 10.0.0.81 +IP.83 = 10.0.0.82 +IP.84 = 10.0.0.83 +IP.85 = 10.0.0.84 +IP.86 = 10.0.0.85 +IP.87 = 10.0.0.86 +IP.88 = 10.0.0.87 +IP.89 = 10.0.0.88 +IP.90 = 10.0.0.89 +IP.91 = 10.0.0.90 +IP.92 = 10.0.0.91 +IP.93 = 10.0.0.92 +IP.94 = 10.0.0.93 +IP.95 = 10.0.0.94 +IP.96 = 10.0.0.95 +IP.97 = 10.0.0.96 +IP.98 = 10.0.0.97 +IP.99 = 10.0.0.98 +IP.100 = 10.0.0.99 +IP.101 = 10.0.0.100 +IP.102 = 10.0.0.101 +IP.103 = 10.0.0.102 +IP.104 = 10.0.0.103 +IP.105 = 10.0.0.104 +IP.106 = 10.0.0.105 +IP.107 = 10.0.0.106 +IP.108 = 10.0.0.107 +IP.109 = 10.0.0.108 +IP.110 = 10.0.0.109 +IP.111 = 10.0.0.110 +IP.112 = 10.0.0.111 +IP.113 = 10.0.0.112 +IP.114 = 10.0.0.113 +IP.115 = 10.0.0.114 +IP.116 = 10.0.0.115 +IP.117 = 10.0.0.116 +IP.118 = 10.0.0.117 +IP.119 = 10.0.0.118 +IP.120 = 10.0.0.119 +IP.121 = 10.0.0.120 +IP.122 = 10.0.0.121 +IP.123 = 10.0.0.122 +IP.124 = 10.0.0.123 +IP.125 = 10.0.0.124 +IP.126 = 10.0.0.125 +IP.127 = 10.0.0.126 +IP.128 = 10.0.0.127 +IP.129 = 10.0.0.128 +IP.130 = 10.0.0.129 +IP.131 = 10.0.0.130 +IP.132 = 10.0.0.131 +IP.133 = 10.0.0.132 +IP.134 = 10.0.0.133 +IP.135 = 10.0.0.134 +IP.136 = 10.0.0.135 +IP.137 = 10.0.0.136 +IP.138 = 10.0.0.137 +IP.139 = 10.0.0.138 +IP.140 = 10.0.0.139 +IP.141 = 10.0.0.140 +IP.142 = 10.0.0.141 +IP.143 = 10.0.0.142 +IP.144 = 10.0.0.143 +IP.145 = 10.0.0.144 +IP.146 = 10.0.0.145 +IP.147 = 10.0.0.146 +IP.148 = 10.0.0.147 +IP.149 = 10.0.0.148 +IP.150 = 10.0.0.149 +IP.151 = 10.0.0.150 +IP.152 = 10.0.0.151 +IP.153 = 10.0.0.152 +IP.154 = 10.0.0.153 +IP.155 = 10.0.0.154 +IP.156 = 10.0.0.155 +IP.157 = 10.0.0.156 +IP.158 = 10.0.0.157 +IP.159 = 10.0.0.158 +IP.160 = 10.0.0.159 +IP.161 = 10.0.0.160 +IP.162 = 10.0.0.161 +IP.163 = 10.0.0.162 +IP.164 = 10.0.0.163 +IP.165 = 10.0.0.164 +IP.166 = 10.0.0.165 +IP.167 = 10.0.0.166 +IP.168 = 10.0.0.167 +IP.169 = 10.0.0.168 +IP.170 = 10.0.0.169 +IP.171 = 10.0.0.170 +IP.172 = 10.0.0.171 +IP.173 = 10.0.0.172 +IP.174 = 10.0.0.173 +IP.175 = 10.0.0.174 +IP.176 = 10.0.0.175 +IP.177 = 10.0.0.176 +IP.178 = 10.0.0.177 +IP.179 = 10.0.0.178 +IP.180 = 10.0.0.179 +IP.181 = 10.0.0.180 +IP.182 = 10.0.0.181 +IP.183 = 10.0.0.182 +IP.184 = 10.0.0.183 +IP.185 = 10.0.0.184 +IP.186 = 10.0.0.185 +IP.187 = 10.0.0.186 +IP.188 = 10.0.0.187 +IP.189 = 10.0.0.188 +IP.190 = 10.0.0.189 +IP.191 = 10.0.0.190 +IP.192 = 10.0.0.191 +IP.193 = 10.0.0.192 +IP.194 = 10.0.0.193 +IP.195 = 10.0.0.194 +IP.196 = 10.0.0.195 +IP.197 = 10.0.0.196 +IP.198 = 10.0.0.197 +IP.199 = 10.0.0.198 +IP.200 = 10.0.0.199 +IP.201 = 10.0.0.200 +IP.202 = 10.0.0.201 +IP.203 = 10.0.0.202 +IP.204 = 10.0.0.203 +IP.205 = 10.0.0.204 +IP.206 = 10.0.0.205 +IP.207 = 10.0.0.206 +IP.208 = 10.0.0.207 +IP.209 = 10.0.0.208 +IP.210 = 10.0.0.209 +IP.211 = 10.0.0.210 +IP.212 = 10.0.0.211 +IP.213 = 10.0.0.212 +IP.214 = 10.0.0.213 +IP.215 = 10.0.0.214 +IP.216 = 10.0.0.215 +IP.217 = 10.0.0.216 +IP.218 = 10.0.0.217 +IP.219 = 10.0.0.218 +IP.220 = 10.0.0.219 +IP.221 = 10.0.0.220 +IP.222 = 10.0.0.221 +IP.223 = 10.0.0.222 +IP.224 = 10.0.0.223 +IP.225 = 10.0.0.224 +IP.226 = 10.0.0.225 +IP.227 = 10.0.0.226 +IP.228 = 10.0.0.227 +IP.229 = 10.0.0.228 +IP.230 = 10.0.0.229 +IP.231 = 10.0.0.230 +IP.232 = 10.0.0.231 +IP.233 = 10.0.0.232 +IP.234 = 10.0.0.233 +IP.235 = 10.0.0.234 +IP.236 = 10.0.0.235 +IP.237 = 10.0.0.236 +IP.238 = 10.0.0.237 +IP.239 = 10.0.0.238 +IP.240 = 10.0.0.239 +IP.241 = 10.0.0.240 +IP.242 = 10.0.0.241 +IP.243 = 10.0.0.242 +IP.244 = 10.0.0.243 +IP.245 = 10.0.0.244 +IP.246 = 10.0.0.245 +IP.247 = 10.0.0.246 +IP.248 = 10.0.0.247 +IP.249 = 10.0.0.248 +IP.250 = 10.0.0.249 +IP.251 = 10.0.0.250 +IP.252 = 10.0.0.251 +IP.253 = 10.0.0.252 +IP.254 = 10.0.0.253 +IP.255 = 10.0.0.254 +IP.256 = 10.0.0.255 +IP.257 = 10.0.1.0 +IP.258 = 10.0.1.1 +IP.259 = 10.0.1.2 +IP.260 = 10.0.1.3 +IP.261 = 10.0.1.4 +IP.262 = 10.0.1.5 +IP.263 = 10.0.1.6 +IP.264 = 10.0.1.7 +IP.265 = 10.0.1.8 +IP.266 = 10.0.1.9 +IP.267 = 10.0.1.10 +IP.268 = 10.0.1.11 +IP.269 = 10.0.1.12 +IP.270 = 10.0.1.13 +IP.271 = 10.0.1.14 +IP.272 = 10.0.1.15 +IP.273 = 10.0.1.16 +IP.274 = 10.0.1.17 +IP.275 = 10.0.1.18 +IP.276 = 10.0.1.19 +IP.277 = 10.0.1.20 +IP.278 = 10.0.1.21 +IP.279 = 10.0.1.22 +IP.280 = 10.0.1.23 +IP.281 = 10.0.1.24 +IP.282 = 10.0.1.25 +IP.283 = 10.0.1.26 +IP.284 = 10.0.1.27 +IP.285 = 10.0.1.28 +IP.286 = 10.0.1.29 +IP.287 = 10.0.1.30 +IP.288 = 10.0.1.31 +IP.289 = 10.0.1.32 +IP.290 = 10.0.1.33 +IP.291 = 10.0.1.34 +IP.292 = 10.0.1.35 +IP.293 = 10.0.1.36 +IP.294 = 10.0.1.37 +IP.295 = 10.0.1.38 +IP.296 = 10.0.1.39 +IP.297 = 10.0.1.40 +IP.298 = 10.0.1.41 +IP.299 = 10.0.1.42 +IP.300 = 10.0.1.43 +IP.301 = 10.0.1.44 +IP.302 = 10.0.1.45 +IP.303 = 10.0.1.46 +IP.304 = 10.0.1.47 +IP.305 = 10.0.1.48 +IP.306 = 10.0.1.49 +IP.307 = 10.0.1.50 +IP.308 = 10.0.1.51 +IP.309 = 10.0.1.52 +IP.310 = 10.0.1.53 +IP.311 = 10.0.1.54 +IP.312 = 10.0.1.55 +IP.313 = 10.0.1.56 +IP.314 = 10.0.1.57 +IP.315 = 10.0.1.58 +IP.316 = 10.0.1.59 +IP.317 = 10.0.1.60 +IP.318 = 10.0.1.61 +IP.319 = 10.0.1.62 +IP.320 = 10.0.1.63 +IP.321 = 10.0.1.64 +IP.322 = 10.0.1.65 +IP.323 = 10.0.1.66 +IP.324 = 10.0.1.67 +IP.325 = 10.0.1.68 +IP.326 = 10.0.1.69 +IP.327 = 10.0.1.70 +IP.328 = 10.0.1.71 +IP.329 = 10.0.1.72 +IP.330 = 10.0.1.73 +IP.331 = 10.0.1.74 +IP.332 = 10.0.1.75 +IP.333 = 10.0.1.76 +IP.334 = 10.0.1.77 +IP.335 = 10.0.1.78 +IP.336 = 10.0.1.79 +IP.337 = 10.0.1.80 +IP.338 = 10.0.1.81 +IP.339 = 10.0.1.82 +IP.340 = 10.0.1.83 +IP.341 = 10.0.1.84 +dirName.1 = san_dirname1 +dirName.2 = san_dirname2 +dirName.3 = san_dirname3 +dirName.4 = san_dirname4 +dirName.5 = san_dirname5 +dirName.6 = san_dirname6 +dirName.7 = san_dirname7 +dirName.8 = san_dirname8 +dirName.9 = san_dirname9 +dirName.10 = san_dirname10 +dirName.11 = san_dirname11 +dirName.12 = san_dirname12 +dirName.13 = san_dirname13 +dirName.14 = san_dirname14 +dirName.15 = san_dirname15 +dirName.16 = san_dirname16 +dirName.17 = san_dirname17 +dirName.18 = san_dirname18 +dirName.19 = san_dirname19 +dirName.20 = san_dirname20 +dirName.21 = san_dirname21 +dirName.22 = san_dirname22 +dirName.23 = san_dirname23 +dirName.24 = san_dirname24 +dirName.25 = san_dirname25 +dirName.26 = san_dirname26 +dirName.27 = san_dirname27 +dirName.28 = san_dirname28 +dirName.29 = san_dirname29 +dirName.30 = san_dirname30 +dirName.31 = san_dirname31 +dirName.32 = san_dirname32 +dirName.33 = san_dirname33 +dirName.34 = san_dirname34 +dirName.35 = san_dirname35 +dirName.36 = san_dirname36 +dirName.37 = san_dirname37 +dirName.38 = san_dirname38 +dirName.39 = san_dirname39 +dirName.40 = san_dirname40 +dirName.41 = san_dirname41 +dirName.42 = san_dirname42 +dirName.43 = san_dirname43 +dirName.44 = san_dirname44 +dirName.45 = san_dirname45 +dirName.46 = san_dirname46 +dirName.47 = san_dirname47 +dirName.48 = san_dirname48 +dirName.49 = san_dirname49 +dirName.50 = san_dirname50 +dirName.51 = san_dirname51 +dirName.52 = san_dirname52 +dirName.53 = san_dirname53 +dirName.54 = san_dirname54 +dirName.55 = san_dirname55 +dirName.56 = san_dirname56 +dirName.57 = san_dirname57 +dirName.58 = san_dirname58 +dirName.59 = san_dirname59 +dirName.60 = san_dirname60 +dirName.61 = san_dirname61 +dirName.62 = san_dirname62 +dirName.63 = san_dirname63 +dirName.64 = san_dirname64 +dirName.65 = san_dirname65 +dirName.66 = san_dirname66 +dirName.67 = san_dirname67 +dirName.68 = san_dirname68 +dirName.69 = san_dirname69 +dirName.70 = san_dirname70 +dirName.71 = san_dirname71 +dirName.72 = san_dirname72 +dirName.73 = san_dirname73 +dirName.74 = san_dirname74 +dirName.75 = san_dirname75 +dirName.76 = san_dirname76 +dirName.77 = san_dirname77 +dirName.78 = san_dirname78 +dirName.79 = san_dirname79 +dirName.80 = san_dirname80 +dirName.81 = san_dirname81 +dirName.82 = san_dirname82 +dirName.83 = san_dirname83 +dirName.84 = san_dirname84 +dirName.85 = san_dirname85 +dirName.86 = san_dirname86 +dirName.87 = san_dirname87 +dirName.88 = san_dirname88 +dirName.89 = san_dirname89 +dirName.90 = san_dirname90 +dirName.91 = san_dirname91 +dirName.92 = san_dirname92 +dirName.93 = san_dirname93 +dirName.94 = san_dirname94 +dirName.95 = san_dirname95 +dirName.96 = san_dirname96 +dirName.97 = san_dirname97 +dirName.98 = san_dirname98 +dirName.99 = san_dirname99 +dirName.100 = san_dirname100 +dirName.101 = san_dirname101 +dirName.102 = san_dirname102 +dirName.103 = san_dirname103 +dirName.104 = san_dirname104 +dirName.105 = san_dirname105 +dirName.106 = san_dirname106 +dirName.107 = san_dirname107 +dirName.108 = san_dirname108 +dirName.109 = san_dirname109 +dirName.110 = san_dirname110 +dirName.111 = san_dirname111 +dirName.112 = san_dirname112 +dirName.113 = san_dirname113 +dirName.114 = san_dirname114 +dirName.115 = san_dirname115 +dirName.116 = san_dirname116 +dirName.117 = san_dirname117 +dirName.118 = san_dirname118 +dirName.119 = san_dirname119 +dirName.120 = san_dirname120 +dirName.121 = san_dirname121 +dirName.122 = san_dirname122 +dirName.123 = san_dirname123 +dirName.124 = san_dirname124 +dirName.125 = san_dirname125 +dirName.126 = san_dirname126 +dirName.127 = san_dirname127 +dirName.128 = san_dirname128 +dirName.129 = san_dirname129 +dirName.130 = san_dirname130 +dirName.131 = san_dirname131 +dirName.132 = san_dirname132 +dirName.133 = san_dirname133 +dirName.134 = san_dirname134 +dirName.135 = san_dirname135 +dirName.136 = san_dirname136 +dirName.137 = san_dirname137 +dirName.138 = san_dirname138 +dirName.139 = san_dirname139 +dirName.140 = san_dirname140 +dirName.141 = san_dirname141 +dirName.142 = san_dirname142 +dirName.143 = san_dirname143 +dirName.144 = san_dirname144 +dirName.145 = san_dirname145 +dirName.146 = san_dirname146 +dirName.147 = san_dirname147 +dirName.148 = san_dirname148 +dirName.149 = san_dirname149 +dirName.150 = san_dirname150 +dirName.151 = san_dirname151 +dirName.152 = san_dirname152 +dirName.153 = san_dirname153 +dirName.154 = san_dirname154 +dirName.155 = san_dirname155 +dirName.156 = san_dirname156 +dirName.157 = san_dirname157 +dirName.158 = san_dirname158 +dirName.159 = san_dirname159 +dirName.160 = san_dirname160 +dirName.161 = san_dirname161 +dirName.162 = san_dirname162 +dirName.163 = san_dirname163 +dirName.164 = san_dirname164 +dirName.165 = san_dirname165 +dirName.166 = san_dirname166 +dirName.167 = san_dirname167 +dirName.168 = san_dirname168 +dirName.169 = san_dirname169 +dirName.170 = san_dirname170 +dirName.171 = san_dirname171 +dirName.172 = san_dirname172 +dirName.173 = san_dirname173 +dirName.174 = san_dirname174 +dirName.175 = san_dirname175 +dirName.176 = san_dirname176 +dirName.177 = san_dirname177 +dirName.178 = san_dirname178 +dirName.179 = san_dirname179 +dirName.180 = san_dirname180 +dirName.181 = san_dirname181 +dirName.182 = san_dirname182 +dirName.183 = san_dirname183 +dirName.184 = san_dirname184 +dirName.185 = san_dirname185 +dirName.186 = san_dirname186 +dirName.187 = san_dirname187 +dirName.188 = san_dirname188 +dirName.189 = san_dirname189 +dirName.190 = san_dirname190 +dirName.191 = san_dirname191 +dirName.192 = san_dirname192 +dirName.193 = san_dirname193 +dirName.194 = san_dirname194 +dirName.195 = san_dirname195 +dirName.196 = san_dirname196 +dirName.197 = san_dirname197 +dirName.198 = san_dirname198 +dirName.199 = san_dirname199 +dirName.200 = san_dirname200 +dirName.201 = san_dirname201 +dirName.202 = san_dirname202 +dirName.203 = san_dirname203 +dirName.204 = san_dirname204 +dirName.205 = san_dirname205 +dirName.206 = san_dirname206 +dirName.207 = san_dirname207 +dirName.208 = san_dirname208 +dirName.209 = san_dirname209 +dirName.210 = san_dirname210 +dirName.211 = san_dirname211 +dirName.212 = san_dirname212 +dirName.213 = san_dirname213 +dirName.214 = san_dirname214 +dirName.215 = san_dirname215 +dirName.216 = san_dirname216 +dirName.217 = san_dirname217 +dirName.218 = san_dirname218 +dirName.219 = san_dirname219 +dirName.220 = san_dirname220 +dirName.221 = san_dirname221 +dirName.222 = san_dirname222 +dirName.223 = san_dirname223 +dirName.224 = san_dirname224 +dirName.225 = san_dirname225 +dirName.226 = san_dirname226 +dirName.227 = san_dirname227 +dirName.228 = san_dirname228 +dirName.229 = san_dirname229 +dirName.230 = san_dirname230 +dirName.231 = san_dirname231 +dirName.232 = san_dirname232 +dirName.233 = san_dirname233 +dirName.234 = san_dirname234 +dirName.235 = san_dirname235 +dirName.236 = san_dirname236 +dirName.237 = san_dirname237 +dirName.238 = san_dirname238 +dirName.239 = san_dirname239 +dirName.240 = san_dirname240 +dirName.241 = san_dirname241 +dirName.242 = san_dirname242 +dirName.243 = san_dirname243 +dirName.244 = san_dirname244 +dirName.245 = san_dirname245 +dirName.246 = san_dirname246 +dirName.247 = san_dirname247 +dirName.248 = san_dirname248 +dirName.249 = san_dirname249 +dirName.250 = san_dirname250 +dirName.251 = san_dirname251 +dirName.252 = san_dirname252 +dirName.253 = san_dirname253 +dirName.254 = san_dirname254 +dirName.255 = san_dirname255 +dirName.256 = san_dirname256 +dirName.257 = san_dirname257 +dirName.258 = san_dirname258 +dirName.259 = san_dirname259 +dirName.260 = san_dirname260 +dirName.261 = san_dirname261 +dirName.262 = san_dirname262 +dirName.263 = san_dirname263 +dirName.264 = san_dirname264 +dirName.265 = san_dirname265 +dirName.266 = san_dirname266 +dirName.267 = san_dirname267 +dirName.268 = san_dirname268 +dirName.269 = san_dirname269 +dirName.270 = san_dirname270 +dirName.271 = san_dirname271 +dirName.272 = san_dirname272 +dirName.273 = san_dirname273 +dirName.274 = san_dirname274 +dirName.275 = san_dirname275 +dirName.276 = san_dirname276 +dirName.277 = san_dirname277 +dirName.278 = san_dirname278 +dirName.279 = san_dirname279 +dirName.280 = san_dirname280 +dirName.281 = san_dirname281 +dirName.282 = san_dirname282 +dirName.283 = san_dirname283 +dirName.284 = san_dirname284 +dirName.285 = san_dirname285 +dirName.286 = san_dirname286 +dirName.287 = san_dirname287 +dirName.288 = san_dirname288 +dirName.289 = san_dirname289 +dirName.290 = san_dirname290 +dirName.291 = san_dirname291 +dirName.292 = san_dirname292 +dirName.293 = san_dirname293 +dirName.294 = san_dirname294 +dirName.295 = san_dirname295 +dirName.296 = san_dirname296 +dirName.297 = san_dirname297 +dirName.298 = san_dirname298 +dirName.299 = san_dirname299 +dirName.300 = san_dirname300 +dirName.301 = san_dirname301 +dirName.302 = san_dirname302 +dirName.303 = san_dirname303 +dirName.304 = san_dirname304 +dirName.305 = san_dirname305 +dirName.306 = san_dirname306 +dirName.307 = san_dirname307 +dirName.308 = san_dirname308 +dirName.309 = san_dirname309 +dirName.310 = san_dirname310 +dirName.311 = san_dirname311 +dirName.312 = san_dirname312 +dirName.313 = san_dirname313 +dirName.314 = san_dirname314 +dirName.315 = san_dirname315 +dirName.316 = san_dirname316 +dirName.317 = san_dirname317 +dirName.318 = san_dirname318 +dirName.319 = san_dirname319 +dirName.320 = san_dirname320 +dirName.321 = san_dirname321 +dirName.322 = san_dirname322 +dirName.323 = san_dirname323 +dirName.324 = san_dirname324 +dirName.325 = san_dirname325 +dirName.326 = san_dirname326 +dirName.327 = san_dirname327 +dirName.328 = san_dirname328 +dirName.329 = san_dirname329 +dirName.330 = san_dirname330 +dirName.331 = san_dirname331 +dirName.332 = san_dirname332 +dirName.333 = san_dirname333 +dirName.334 = san_dirname334 +dirName.335 = san_dirname335 +dirName.336 = san_dirname336 +dirName.337 = san_dirname337 +dirName.338 = san_dirname338 +dirName.339 = san_dirname339 +dirName.340 = san_dirname340 +dirName.341 = san_dirname341 + +[san_dirname1] +commonName = "t0 + +[san_dirname2] +commonName = "t1 + +[san_dirname3] +commonName = "t2 + +[san_dirname4] +commonName = "t3 + +[san_dirname5] +commonName = "t4 + +[san_dirname6] +commonName = "t5 + +[san_dirname7] +commonName = "t6 + +[san_dirname8] +commonName = "t7 + +[san_dirname9] +commonName = "t8 + +[san_dirname10] +commonName = "t9 + +[san_dirname11] +commonName = "t10 + +[san_dirname12] +commonName = "t11 + +[san_dirname13] +commonName = "t12 + +[san_dirname14] +commonName = "t13 + +[san_dirname15] +commonName = "t14 + +[san_dirname16] +commonName = "t15 + +[san_dirname17] +commonName = "t16 + +[san_dirname18] +commonName = "t17 + +[san_dirname19] +commonName = "t18 + +[san_dirname20] +commonName = "t19 + +[san_dirname21] +commonName = "t20 + +[san_dirname22] +commonName = "t21 + +[san_dirname23] +commonName = "t22 + +[san_dirname24] +commonName = "t23 + +[san_dirname25] +commonName = "t24 + +[san_dirname26] +commonName = "t25 + +[san_dirname27] +commonName = "t26 + +[san_dirname28] +commonName = "t27 + +[san_dirname29] +commonName = "t28 + +[san_dirname30] +commonName = "t29 + +[san_dirname31] +commonName = "t30 + +[san_dirname32] +commonName = "t31 + +[san_dirname33] +commonName = "t32 + +[san_dirname34] +commonName = "t33 + +[san_dirname35] +commonName = "t34 + +[san_dirname36] +commonName = "t35 + +[san_dirname37] +commonName = "t36 + +[san_dirname38] +commonName = "t37 + +[san_dirname39] +commonName = "t38 + +[san_dirname40] +commonName = "t39 + +[san_dirname41] +commonName = "t40 + +[san_dirname42] +commonName = "t41 + +[san_dirname43] +commonName = "t42 + +[san_dirname44] +commonName = "t43 + +[san_dirname45] +commonName = "t44 + +[san_dirname46] +commonName = "t45 + +[san_dirname47] +commonName = "t46 + +[san_dirname48] +commonName = "t47 + +[san_dirname49] +commonName = "t48 + +[san_dirname50] +commonName = "t49 + +[san_dirname51] +commonName = "t50 + +[san_dirname52] +commonName = "t51 + +[san_dirname53] +commonName = "t52 + +[san_dirname54] +commonName = "t53 + +[san_dirname55] +commonName = "t54 + +[san_dirname56] +commonName = "t55 + +[san_dirname57] +commonName = "t56 + +[san_dirname58] +commonName = "t57 + +[san_dirname59] +commonName = "t58 + +[san_dirname60] +commonName = "t59 + +[san_dirname61] +commonName = "t60 + +[san_dirname62] +commonName = "t61 + +[san_dirname63] +commonName = "t62 + +[san_dirname64] +commonName = "t63 + +[san_dirname65] +commonName = "t64 + +[san_dirname66] +commonName = "t65 + +[san_dirname67] +commonName = "t66 + +[san_dirname68] +commonName = "t67 + +[san_dirname69] +commonName = "t68 + +[san_dirname70] +commonName = "t69 + +[san_dirname71] +commonName = "t70 + +[san_dirname72] +commonName = "t71 + +[san_dirname73] +commonName = "t72 + +[san_dirname74] +commonName = "t73 + +[san_dirname75] +commonName = "t74 + +[san_dirname76] +commonName = "t75 + +[san_dirname77] +commonName = "t76 + +[san_dirname78] +commonName = "t77 + +[san_dirname79] +commonName = "t78 + +[san_dirname80] +commonName = "t79 + +[san_dirname81] +commonName = "t80 + +[san_dirname82] +commonName = "t81 + +[san_dirname83] +commonName = "t82 + +[san_dirname84] +commonName = "t83 + +[san_dirname85] +commonName = "t84 + +[san_dirname86] +commonName = "t85 + +[san_dirname87] +commonName = "t86 + +[san_dirname88] +commonName = "t87 + +[san_dirname89] +commonName = "t88 + +[san_dirname90] +commonName = "t89 + +[san_dirname91] +commonName = "t90 + +[san_dirname92] +commonName = "t91 + +[san_dirname93] +commonName = "t92 + +[san_dirname94] +commonName = "t93 + +[san_dirname95] +commonName = "t94 + +[san_dirname96] +commonName = "t95 + +[san_dirname97] +commonName = "t96 + +[san_dirname98] +commonName = "t97 + +[san_dirname99] +commonName = "t98 + +[san_dirname100] +commonName = "t99 + +[san_dirname101] +commonName = "t100 + +[san_dirname102] +commonName = "t101 + +[san_dirname103] +commonName = "t102 + +[san_dirname104] +commonName = "t103 + +[san_dirname105] +commonName = "t104 + +[san_dirname106] +commonName = "t105 + +[san_dirname107] +commonName = "t106 + +[san_dirname108] +commonName = "t107 + +[san_dirname109] +commonName = "t108 + +[san_dirname110] +commonName = "t109 + +[san_dirname111] +commonName = "t110 + +[san_dirname112] +commonName = "t111 + +[san_dirname113] +commonName = "t112 + +[san_dirname114] +commonName = "t113 + +[san_dirname115] +commonName = "t114 + +[san_dirname116] +commonName = "t115 + +[san_dirname117] +commonName = "t116 + +[san_dirname118] +commonName = "t117 + +[san_dirname119] +commonName = "t118 + +[san_dirname120] +commonName = "t119 + +[san_dirname121] +commonName = "t120 + +[san_dirname122] +commonName = "t121 + +[san_dirname123] +commonName = "t122 + +[san_dirname124] +commonName = "t123 + +[san_dirname125] +commonName = "t124 + +[san_dirname126] +commonName = "t125 + +[san_dirname127] +commonName = "t126 + +[san_dirname128] +commonName = "t127 + +[san_dirname129] +commonName = "t128 + +[san_dirname130] +commonName = "t129 + +[san_dirname131] +commonName = "t130 + +[san_dirname132] +commonName = "t131 + +[san_dirname133] +commonName = "t132 + +[san_dirname134] +commonName = "t133 + +[san_dirname135] +commonName = "t134 + +[san_dirname136] +commonName = "t135 + +[san_dirname137] +commonName = "t136 + +[san_dirname138] +commonName = "t137 + +[san_dirname139] +commonName = "t138 + +[san_dirname140] +commonName = "t139 + +[san_dirname141] +commonName = "t140 + +[san_dirname142] +commonName = "t141 + +[san_dirname143] +commonName = "t142 + +[san_dirname144] +commonName = "t143 + +[san_dirname145] +commonName = "t144 + +[san_dirname146] +commonName = "t145 + +[san_dirname147] +commonName = "t146 + +[san_dirname148] +commonName = "t147 + +[san_dirname149] +commonName = "t148 + +[san_dirname150] +commonName = "t149 + +[san_dirname151] +commonName = "t150 + +[san_dirname152] +commonName = "t151 + +[san_dirname153] +commonName = "t152 + +[san_dirname154] +commonName = "t153 + +[san_dirname155] +commonName = "t154 + +[san_dirname156] +commonName = "t155 + +[san_dirname157] +commonName = "t156 + +[san_dirname158] +commonName = "t157 + +[san_dirname159] +commonName = "t158 + +[san_dirname160] +commonName = "t159 + +[san_dirname161] +commonName = "t160 + +[san_dirname162] +commonName = "t161 + +[san_dirname163] +commonName = "t162 + +[san_dirname164] +commonName = "t163 + +[san_dirname165] +commonName = "t164 + +[san_dirname166] +commonName = "t165 + +[san_dirname167] +commonName = "t166 + +[san_dirname168] +commonName = "t167 + +[san_dirname169] +commonName = "t168 + +[san_dirname170] +commonName = "t169 + +[san_dirname171] +commonName = "t170 + +[san_dirname172] +commonName = "t171 + +[san_dirname173] +commonName = "t172 + +[san_dirname174] +commonName = "t173 + +[san_dirname175] +commonName = "t174 + +[san_dirname176] +commonName = "t175 + +[san_dirname177] +commonName = "t176 + +[san_dirname178] +commonName = "t177 + +[san_dirname179] +commonName = "t178 + +[san_dirname180] +commonName = "t179 + +[san_dirname181] +commonName = "t180 + +[san_dirname182] +commonName = "t181 + +[san_dirname183] +commonName = "t182 + +[san_dirname184] +commonName = "t183 + +[san_dirname185] +commonName = "t184 + +[san_dirname186] +commonName = "t185 + +[san_dirname187] +commonName = "t186 + +[san_dirname188] +commonName = "t187 + +[san_dirname189] +commonName = "t188 + +[san_dirname190] +commonName = "t189 + +[san_dirname191] +commonName = "t190 + +[san_dirname192] +commonName = "t191 + +[san_dirname193] +commonName = "t192 + +[san_dirname194] +commonName = "t193 + +[san_dirname195] +commonName = "t194 + +[san_dirname196] +commonName = "t195 + +[san_dirname197] +commonName = "t196 + +[san_dirname198] +commonName = "t197 + +[san_dirname199] +commonName = "t198 + +[san_dirname200] +commonName = "t199 + +[san_dirname201] +commonName = "t200 + +[san_dirname202] +commonName = "t201 + +[san_dirname203] +commonName = "t202 + +[san_dirname204] +commonName = "t203 + +[san_dirname205] +commonName = "t204 + +[san_dirname206] +commonName = "t205 + +[san_dirname207] +commonName = "t206 + +[san_dirname208] +commonName = "t207 + +[san_dirname209] +commonName = "t208 + +[san_dirname210] +commonName = "t209 + +[san_dirname211] +commonName = "t210 + +[san_dirname212] +commonName = "t211 + +[san_dirname213] +commonName = "t212 + +[san_dirname214] +commonName = "t213 + +[san_dirname215] +commonName = "t214 + +[san_dirname216] +commonName = "t215 + +[san_dirname217] +commonName = "t216 + +[san_dirname218] +commonName = "t217 + +[san_dirname219] +commonName = "t218 + +[san_dirname220] +commonName = "t219 + +[san_dirname221] +commonName = "t220 + +[san_dirname222] +commonName = "t221 + +[san_dirname223] +commonName = "t222 + +[san_dirname224] +commonName = "t223 + +[san_dirname225] +commonName = "t224 + +[san_dirname226] +commonName = "t225 + +[san_dirname227] +commonName = "t226 + +[san_dirname228] +commonName = "t227 + +[san_dirname229] +commonName = "t228 + +[san_dirname230] +commonName = "t229 + +[san_dirname231] +commonName = "t230 + +[san_dirname232] +commonName = "t231 + +[san_dirname233] +commonName = "t232 + +[san_dirname234] +commonName = "t233 + +[san_dirname235] +commonName = "t234 + +[san_dirname236] +commonName = "t235 + +[san_dirname237] +commonName = "t236 + +[san_dirname238] +commonName = "t237 + +[san_dirname239] +commonName = "t238 + +[san_dirname240] +commonName = "t239 + +[san_dirname241] +commonName = "t240 + +[san_dirname242] +commonName = "t241 + +[san_dirname243] +commonName = "t242 + +[san_dirname244] +commonName = "t243 + +[san_dirname245] +commonName = "t244 + +[san_dirname246] +commonName = "t245 + +[san_dirname247] +commonName = "t246 + +[san_dirname248] +commonName = "t247 + +[san_dirname249] +commonName = "t248 + +[san_dirname250] +commonName = "t249 + +[san_dirname251] +commonName = "t250 + +[san_dirname252] +commonName = "t251 + +[san_dirname253] +commonName = "t252 + +[san_dirname254] +commonName = "t253 + +[san_dirname255] +commonName = "t254 + +[san_dirname256] +commonName = "t255 + +[san_dirname257] +commonName = "t256 + +[san_dirname258] +commonName = "t257 + +[san_dirname259] +commonName = "t258 + +[san_dirname260] +commonName = "t259 + +[san_dirname261] +commonName = "t260 + +[san_dirname262] +commonName = "t261 + +[san_dirname263] +commonName = "t262 + +[san_dirname264] +commonName = "t263 + +[san_dirname265] +commonName = "t264 + +[san_dirname266] +commonName = "t265 + +[san_dirname267] +commonName = "t266 + +[san_dirname268] +commonName = "t267 + +[san_dirname269] +commonName = "t268 + +[san_dirname270] +commonName = "t269 + +[san_dirname271] +commonName = "t270 + +[san_dirname272] +commonName = "t271 + +[san_dirname273] +commonName = "t272 + +[san_dirname274] +commonName = "t273 + +[san_dirname275] +commonName = "t274 + +[san_dirname276] +commonName = "t275 + +[san_dirname277] +commonName = "t276 + +[san_dirname278] +commonName = "t277 + +[san_dirname279] +commonName = "t278 + +[san_dirname280] +commonName = "t279 + +[san_dirname281] +commonName = "t280 + +[san_dirname282] +commonName = "t281 + +[san_dirname283] +commonName = "t282 + +[san_dirname284] +commonName = "t283 + +[san_dirname285] +commonName = "t284 + +[san_dirname286] +commonName = "t285 + +[san_dirname287] +commonName = "t286 + +[san_dirname288] +commonName = "t287 + +[san_dirname289] +commonName = "t288 + +[san_dirname290] +commonName = "t289 + +[san_dirname291] +commonName = "t290 + +[san_dirname292] +commonName = "t291 + +[san_dirname293] +commonName = "t292 + +[san_dirname294] +commonName = "t293 + +[san_dirname295] +commonName = "t294 + +[san_dirname296] +commonName = "t295 + +[san_dirname297] +commonName = "t296 + +[san_dirname298] +commonName = "t297 + +[san_dirname299] +commonName = "t298 + +[san_dirname300] +commonName = "t299 + +[san_dirname301] +commonName = "t300 + +[san_dirname302] +commonName = "t301 + +[san_dirname303] +commonName = "t302 + +[san_dirname304] +commonName = "t303 + +[san_dirname305] +commonName = "t304 + +[san_dirname306] +commonName = "t305 + +[san_dirname307] +commonName = "t306 + +[san_dirname308] +commonName = "t307 + +[san_dirname309] +commonName = "t308 + +[san_dirname310] +commonName = "t309 + +[san_dirname311] +commonName = "t310 + +[san_dirname312] +commonName = "t311 + +[san_dirname313] +commonName = "t312 + +[san_dirname314] +commonName = "t313 + +[san_dirname315] +commonName = "t314 + +[san_dirname316] +commonName = "t315 + +[san_dirname317] +commonName = "t316 + +[san_dirname318] +commonName = "t317 + +[san_dirname319] +commonName = "t318 + +[san_dirname320] +commonName = "t319 + +[san_dirname321] +commonName = "t320 + +[san_dirname322] +commonName = "t321 + +[san_dirname323] +commonName = "t322 + +[san_dirname324] +commonName = "t323 + +[san_dirname325] +commonName = "t324 + +[san_dirname326] +commonName = "t325 + +[san_dirname327] +commonName = "t326 + +[san_dirname328] +commonName = "t327 + +[san_dirname329] +commonName = "t328 + +[san_dirname330] +commonName = "t329 + +[san_dirname331] +commonName = "t330 + +[san_dirname332] +commonName = "t331 + +[san_dirname333] +commonName = "t332 + +[san_dirname334] +commonName = "t333 + +[san_dirname335] +commonName = "t334 + +[san_dirname336] +commonName = "t335 + +[san_dirname337] +commonName = "t336 + +[san_dirname338] +commonName = "t337 + +[san_dirname339] +commonName = "t338 + +[san_dirname340] +commonName = "t339 + +[san_dirname341] +commonName = "t340 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.csr new file mode 100644 index 0000000000..d5ea947afa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.csr @@ -0,0 +1,269 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIx7TCCMNUCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggi+ZMIIvlQYJKoZIhvcN +AQkOMYIvhjCCL4IwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgi8wBgNV +HREEgi8nMIIvI4IHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH +dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku +dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx +NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII +dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0 +ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl +c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu +dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz +OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII +dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0 +ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl +c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu +dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2 +Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII +dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0 +ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl +c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu +dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4 +Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII +dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0 +ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50 +ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC +CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw +OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl +c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ +dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy +LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz +dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0 +MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu +dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0 +ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx +NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50 +ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC +CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1 +Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl +c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ +dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw +LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz +dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0 +MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu +dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0 +ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx +OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50 +ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC +CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw +NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl +c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ +dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4 +LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz +dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0 +MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu +dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0 +ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy +NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50 +ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC +CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1 +My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRl +c3SCCXQyNTgudGVzdIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJ +dDI2Mi50ZXN0ggl0MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2 +LnRlc3SCCXQyNjcudGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVz +dIIJdDI3MS50ZXN0ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0 +Mjc1LnRlc3SCCXQyNzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzku +dGVzdIIJdDI4MC50ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0 +ggl0Mjg0LnRlc3SCCXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQy +ODgudGVzdIIJdDI4OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50 +ZXN0ggl0MjkzLnRlc3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SC +CXQyOTcudGVzdIIJdDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMw +MS50ZXN0ggl0MzAyLnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRl +c3SCCXQzMDYudGVzdIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJ +dDMxMC50ZXN0ggl0MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0 +LnRlc3SCCXQzMTUudGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVz +dIIJdDMxOS50ZXN0ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0 +MzIzLnRlc3SCCXQzMjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcu +dGVzdIIJdDMyOC50ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0 +ggl0MzMyLnRlc3SCCXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQz +MzYudGVzdIIJdDMzNy50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50 +ZXN0ggl0MzQxLnRlc3SHBAoAAACHBAoAAAGHBAoAAAKHBAoAAAOHBAoAAASHBAoA +AAWHBAoAAAaHBAoAAAeHBAoAAAiHBAoAAAmHBAoAAAqHBAoAAAuHBAoAAAyHBAoA +AA2HBAoAAA6HBAoAAA+HBAoAABCHBAoAABGHBAoAABKHBAoAABOHBAoAABSHBAoA +ABWHBAoAABaHBAoAABeHBAoAABiHBAoAABmHBAoAABqHBAoAABuHBAoAAByHBAoA +AB2HBAoAAB6HBAoAAB+HBAoAACCHBAoAACGHBAoAACKHBAoAACOHBAoAACSHBAoA +ACWHBAoAACaHBAoAACeHBAoAACiHBAoAACmHBAoAACqHBAoAACuHBAoAACyHBAoA +AC2HBAoAAC6HBAoAAC+HBAoAADCHBAoAADGHBAoAADKHBAoAADOHBAoAADSHBAoA +ADWHBAoAADaHBAoAADeHBAoAADiHBAoAADmHBAoAADqHBAoAADuHBAoAADyHBAoA +AD2HBAoAAD6HBAoAAD+HBAoAAECHBAoAAEGHBAoAAEKHBAoAAEOHBAoAAESHBAoA +AEWHBAoAAEaHBAoAAEeHBAoAAEiHBAoAAEmHBAoAAEqHBAoAAEuHBAoAAEyHBAoA +AE2HBAoAAE6HBAoAAE+HBAoAAFCHBAoAAFGHBAoAAFKHBAoAAFOHBAoAAFSHBAoA +AFWHBAoAAFaHBAoAAFeHBAoAAFiHBAoAAFmHBAoAAFqHBAoAAFuHBAoAAFyHBAoA +AF2HBAoAAF6HBAoAAF+HBAoAAGCHBAoAAGGHBAoAAGKHBAoAAGOHBAoAAGSHBAoA +AGWHBAoAAGaHBAoAAGeHBAoAAGiHBAoAAGmHBAoAAGqHBAoAAGuHBAoAAGyHBAoA +AG2HBAoAAG6HBAoAAG+HBAoAAHCHBAoAAHGHBAoAAHKHBAoAAHOHBAoAAHSHBAoA +AHWHBAoAAHaHBAoAAHeHBAoAAHiHBAoAAHmHBAoAAHqHBAoAAHuHBAoAAHyHBAoA +AH2HBAoAAH6HBAoAAH+HBAoAAICHBAoAAIGHBAoAAIKHBAoAAIOHBAoAAISHBAoA +AIWHBAoAAIaHBAoAAIeHBAoAAIiHBAoAAImHBAoAAIqHBAoAAIuHBAoAAIyHBAoA +AI2HBAoAAI6HBAoAAI+HBAoAAJCHBAoAAJGHBAoAAJKHBAoAAJOHBAoAAJSHBAoA +AJWHBAoAAJaHBAoAAJeHBAoAAJiHBAoAAJmHBAoAAJqHBAoAAJuHBAoAAJyHBAoA +AJ2HBAoAAJ6HBAoAAJ+HBAoAAKCHBAoAAKGHBAoAAKKHBAoAAKOHBAoAAKSHBAoA +AKWHBAoAAKaHBAoAAKeHBAoAAKiHBAoAAKmHBAoAAKqHBAoAAKuHBAoAAKyHBAoA +AK2HBAoAAK6HBAoAAK+HBAoAALCHBAoAALGHBAoAALKHBAoAALOHBAoAALSHBAoA +ALWHBAoAALaHBAoAALeHBAoAALiHBAoAALmHBAoAALqHBAoAALuHBAoAALyHBAoA +AL2HBAoAAL6HBAoAAL+HBAoAAMCHBAoAAMGHBAoAAMKHBAoAAMOHBAoAAMSHBAoA +AMWHBAoAAMaHBAoAAMeHBAoAAMiHBAoAAMmHBAoAAMqHBAoAAMuHBAoAAMyHBAoA +AM2HBAoAAM6HBAoAAM+HBAoAANCHBAoAANGHBAoAANKHBAoAANOHBAoAANSHBAoA +ANWHBAoAANaHBAoAANeHBAoAANiHBAoAANmHBAoAANqHBAoAANuHBAoAANyHBAoA +AN2HBAoAAN6HBAoAAN+HBAoAAOCHBAoAAOGHBAoAAOKHBAoAAOOHBAoAAOSHBAoA +AOWHBAoAAOaHBAoAAOeHBAoAAOiHBAoAAOmHBAoAAOqHBAoAAOuHBAoAAOyHBAoA +AO2HBAoAAO6HBAoAAO+HBAoAAPCHBAoAAPGHBAoAAPKHBAoAAPOHBAoAAPSHBAoA +APWHBAoAAPaHBAoAAPeHBAoAAPiHBAoAAPmHBAoAAPqHBAoAAPuHBAoAAPyHBAoA +AP2HBAoAAP6HBAoAAP+HBAoAAQCHBAoAAQGHBAoAAQKHBAoAAQOHBAoAAQSHBAoA +AQWHBAoAAQaHBAoAAQeHBAoAAQiHBAoAAQmHBAoAAQqHBAoAAQuHBAoAAQyHBAoA +AQ2HBAoAAQ6HBAoAAQ+HBAoAARCHBAoAARGHBAoAARKHBAoAAROHBAoAARSHBAoA +ARWHBAoAARaHBAoAAReHBAoAARiHBAoAARmHBAoAARqHBAoAARuHBAoAARyHBAoA +AR2HBAoAAR6HBAoAAR+HBAoAASCHBAoAASGHBAoAASKHBAoAASOHBAoAASSHBAoA +ASWHBAoAASaHBAoAASeHBAoAASiHBAoAASmHBAoAASqHBAoAASuHBAoAASyHBAoA +AS2HBAoAAS6HBAoAAS+HBAoAATCHBAoAATGHBAoAATKHBAoAATOHBAoAATSHBAoA +ATWHBAoAATaHBAoAATeHBAoAATiHBAoAATmHBAoAATqHBAoAATuHBAoAATyHBAoA +AT2HBAoAAT6HBAoAAT+HBAoAAUCHBAoAAUGHBAoAAUKHBAoAAUOHBAoAAUSHBAoA +AUWHBAoAAUaHBAoAAUeHBAoAAUiHBAoAAUmHBAoAAUqHBAoAAUuHBAoAAUyHBAoA +AU2HBAoAAU6HBAoAAU+HBAoAAVCHBAoAAVGHBAoAAVKHBAoAAVOHBAoAAVSkDzAN +MQswCQYDVQQDDAJ0MKQPMA0xCzAJBgNVBAMMAnQxpA8wDTELMAkGA1UEAwwCdDKk +DzANMQswCQYDVQQDDAJ0M6QPMA0xCzAJBgNVBAMMAnQ0pA8wDTELMAkGA1UEAwwC +dDWkDzANMQswCQYDVQQDDAJ0NqQPMA0xCzAJBgNVBAMMAnQ3pA8wDTELMAkGA1UE +AwwCdDikDzANMQswCQYDVQQDDAJ0OaQQMA4xDDAKBgNVBAMMA3QxMKQQMA4xDDAK +BgNVBAMMA3QxMaQQMA4xDDAKBgNVBAMMA3QxMqQQMA4xDDAKBgNVBAMMA3QxM6QQ +MA4xDDAKBgNVBAMMA3QxNKQQMA4xDDAKBgNVBAMMA3QxNaQQMA4xDDAKBgNVBAMM +A3QxNqQQMA4xDDAKBgNVBAMMA3QxN6QQMA4xDDAKBgNVBAMMA3QxOKQQMA4xDDAK +BgNVBAMMA3QxOaQQMA4xDDAKBgNVBAMMA3QyMKQQMA4xDDAKBgNVBAMMA3QyMaQQ +MA4xDDAKBgNVBAMMA3QyMqQQMA4xDDAKBgNVBAMMA3QyM6QQMA4xDDAKBgNVBAMM +A3QyNKQQMA4xDDAKBgNVBAMMA3QyNaQQMA4xDDAKBgNVBAMMA3QyNqQQMA4xDDAK +BgNVBAMMA3QyN6QQMA4xDDAKBgNVBAMMA3QyOKQQMA4xDDAKBgNVBAMMA3QyOaQQ +MA4xDDAKBgNVBAMMA3QzMKQQMA4xDDAKBgNVBAMMA3QzMaQQMA4xDDAKBgNVBAMM +A3QzMqQQMA4xDDAKBgNVBAMMA3QzM6QQMA4xDDAKBgNVBAMMA3QzNKQQMA4xDDAK +BgNVBAMMA3QzNaQQMA4xDDAKBgNVBAMMA3QzNqQQMA4xDDAKBgNVBAMMA3QzN6QQ +MA4xDDAKBgNVBAMMA3QzOKQQMA4xDDAKBgNVBAMMA3QzOaQQMA4xDDAKBgNVBAMM +A3Q0MKQQMA4xDDAKBgNVBAMMA3Q0MaQQMA4xDDAKBgNVBAMMA3Q0MqQQMA4xDDAK +BgNVBAMMA3Q0M6QQMA4xDDAKBgNVBAMMA3Q0NKQQMA4xDDAKBgNVBAMMA3Q0NaQQ +MA4xDDAKBgNVBAMMA3Q0NqQQMA4xDDAKBgNVBAMMA3Q0N6QQMA4xDDAKBgNVBAMM +A3Q0OKQQMA4xDDAKBgNVBAMMA3Q0OaQQMA4xDDAKBgNVBAMMA3Q1MKQQMA4xDDAK +BgNVBAMMA3Q1MaQQMA4xDDAKBgNVBAMMA3Q1MqQQMA4xDDAKBgNVBAMMA3Q1M6QQ +MA4xDDAKBgNVBAMMA3Q1NKQQMA4xDDAKBgNVBAMMA3Q1NaQQMA4xDDAKBgNVBAMM +A3Q1NqQQMA4xDDAKBgNVBAMMA3Q1N6QQMA4xDDAKBgNVBAMMA3Q1OKQQMA4xDDAK +BgNVBAMMA3Q1OaQQMA4xDDAKBgNVBAMMA3Q2MKQQMA4xDDAKBgNVBAMMA3Q2MaQQ +MA4xDDAKBgNVBAMMA3Q2MqQQMA4xDDAKBgNVBAMMA3Q2M6QQMA4xDDAKBgNVBAMM +A3Q2NKQQMA4xDDAKBgNVBAMMA3Q2NaQQMA4xDDAKBgNVBAMMA3Q2NqQQMA4xDDAK +BgNVBAMMA3Q2N6QQMA4xDDAKBgNVBAMMA3Q2OKQQMA4xDDAKBgNVBAMMA3Q2OaQQ +MA4xDDAKBgNVBAMMA3Q3MKQQMA4xDDAKBgNVBAMMA3Q3MaQQMA4xDDAKBgNVBAMM +A3Q3MqQQMA4xDDAKBgNVBAMMA3Q3M6QQMA4xDDAKBgNVBAMMA3Q3NKQQMA4xDDAK +BgNVBAMMA3Q3NaQQMA4xDDAKBgNVBAMMA3Q3NqQQMA4xDDAKBgNVBAMMA3Q3N6QQ +MA4xDDAKBgNVBAMMA3Q3OKQQMA4xDDAKBgNVBAMMA3Q3OaQQMA4xDDAKBgNVBAMM +A3Q4MKQQMA4xDDAKBgNVBAMMA3Q4MaQQMA4xDDAKBgNVBAMMA3Q4MqQQMA4xDDAK +BgNVBAMMA3Q4M6QQMA4xDDAKBgNVBAMMA3Q4NKQQMA4xDDAKBgNVBAMMA3Q4NaQQ +MA4xDDAKBgNVBAMMA3Q4NqQQMA4xDDAKBgNVBAMMA3Q4N6QQMA4xDDAKBgNVBAMM +A3Q4OKQQMA4xDDAKBgNVBAMMA3Q4OaQQMA4xDDAKBgNVBAMMA3Q5MKQQMA4xDDAK +BgNVBAMMA3Q5MaQQMA4xDDAKBgNVBAMMA3Q5MqQQMA4xDDAKBgNVBAMMA3Q5M6QQ +MA4xDDAKBgNVBAMMA3Q5NKQQMA4xDDAKBgNVBAMMA3Q5NaQQMA4xDDAKBgNVBAMM +A3Q5NqQQMA4xDDAKBgNVBAMMA3Q5N6QQMA4xDDAKBgNVBAMMA3Q5OKQQMA4xDDAK +BgNVBAMMA3Q5OaQRMA8xDTALBgNVBAMMBHQxMDCkETAPMQ0wCwYDVQQDDAR0MTAx +pBEwDzENMAsGA1UEAwwEdDEwMqQRMA8xDTALBgNVBAMMBHQxMDOkETAPMQ0wCwYD +VQQDDAR0MTA0pBEwDzENMAsGA1UEAwwEdDEwNaQRMA8xDTALBgNVBAMMBHQxMDak +ETAPMQ0wCwYDVQQDDAR0MTA3pBEwDzENMAsGA1UEAwwEdDEwOKQRMA8xDTALBgNV +BAMMBHQxMDmkETAPMQ0wCwYDVQQDDAR0MTEwpBEwDzENMAsGA1UEAwwEdDExMaQR +MA8xDTALBgNVBAMMBHQxMTKkETAPMQ0wCwYDVQQDDAR0MTEzpBEwDzENMAsGA1UE +AwwEdDExNKQRMA8xDTALBgNVBAMMBHQxMTWkETAPMQ0wCwYDVQQDDAR0MTE2pBEw +DzENMAsGA1UEAwwEdDExN6QRMA8xDTALBgNVBAMMBHQxMTikETAPMQ0wCwYDVQQD +DAR0MTE5pBEwDzENMAsGA1UEAwwEdDEyMKQRMA8xDTALBgNVBAMMBHQxMjGkETAP +MQ0wCwYDVQQDDAR0MTIypBEwDzENMAsGA1UEAwwEdDEyM6QRMA8xDTALBgNVBAMM +BHQxMjSkETAPMQ0wCwYDVQQDDAR0MTI1pBEwDzENMAsGA1UEAwwEdDEyNqQRMA8x +DTALBgNVBAMMBHQxMjekETAPMQ0wCwYDVQQDDAR0MTI4pBEwDzENMAsGA1UEAwwE +dDEyOaQRMA8xDTALBgNVBAMMBHQxMzCkETAPMQ0wCwYDVQQDDAR0MTMxpBEwDzEN +MAsGA1UEAwwEdDEzMqQRMA8xDTALBgNVBAMMBHQxMzOkETAPMQ0wCwYDVQQDDAR0 +MTM0pBEwDzENMAsGA1UEAwwEdDEzNaQRMA8xDTALBgNVBAMMBHQxMzakETAPMQ0w +CwYDVQQDDAR0MTM3pBEwDzENMAsGA1UEAwwEdDEzOKQRMA8xDTALBgNVBAMMBHQx +MzmkETAPMQ0wCwYDVQQDDAR0MTQwpBEwDzENMAsGA1UEAwwEdDE0MaQRMA8xDTAL +BgNVBAMMBHQxNDKkETAPMQ0wCwYDVQQDDAR0MTQzpBEwDzENMAsGA1UEAwwEdDE0 +NKQRMA8xDTALBgNVBAMMBHQxNDWkETAPMQ0wCwYDVQQDDAR0MTQ2pBEwDzENMAsG +A1UEAwwEdDE0N6QRMA8xDTALBgNVBAMMBHQxNDikETAPMQ0wCwYDVQQDDAR0MTQ5 +pBEwDzENMAsGA1UEAwwEdDE1MKQRMA8xDTALBgNVBAMMBHQxNTGkETAPMQ0wCwYD +VQQDDAR0MTUypBEwDzENMAsGA1UEAwwEdDE1M6QRMA8xDTALBgNVBAMMBHQxNTSk +ETAPMQ0wCwYDVQQDDAR0MTU1pBEwDzENMAsGA1UEAwwEdDE1NqQRMA8xDTALBgNV +BAMMBHQxNTekETAPMQ0wCwYDVQQDDAR0MTU4pBEwDzENMAsGA1UEAwwEdDE1OaQR +MA8xDTALBgNVBAMMBHQxNjCkETAPMQ0wCwYDVQQDDAR0MTYxpBEwDzENMAsGA1UE +AwwEdDE2MqQRMA8xDTALBgNVBAMMBHQxNjOkETAPMQ0wCwYDVQQDDAR0MTY0pBEw +DzENMAsGA1UEAwwEdDE2NaQRMA8xDTALBgNVBAMMBHQxNjakETAPMQ0wCwYDVQQD +DAR0MTY3pBEwDzENMAsGA1UEAwwEdDE2OKQRMA8xDTALBgNVBAMMBHQxNjmkETAP +MQ0wCwYDVQQDDAR0MTcwpBEwDzENMAsGA1UEAwwEdDE3MaQRMA8xDTALBgNVBAMM +BHQxNzKkETAPMQ0wCwYDVQQDDAR0MTczpBEwDzENMAsGA1UEAwwEdDE3NKQRMA8x +DTALBgNVBAMMBHQxNzWkETAPMQ0wCwYDVQQDDAR0MTc2pBEwDzENMAsGA1UEAwwE +dDE3N6QRMA8xDTALBgNVBAMMBHQxNzikETAPMQ0wCwYDVQQDDAR0MTc5pBEwDzEN +MAsGA1UEAwwEdDE4MKQRMA8xDTALBgNVBAMMBHQxODGkETAPMQ0wCwYDVQQDDAR0 +MTgypBEwDzENMAsGA1UEAwwEdDE4M6QRMA8xDTALBgNVBAMMBHQxODSkETAPMQ0w +CwYDVQQDDAR0MTg1pBEwDzENMAsGA1UEAwwEdDE4NqQRMA8xDTALBgNVBAMMBHQx +ODekETAPMQ0wCwYDVQQDDAR0MTg4pBEwDzENMAsGA1UEAwwEdDE4OaQRMA8xDTAL +BgNVBAMMBHQxOTCkETAPMQ0wCwYDVQQDDAR0MTkxpBEwDzENMAsGA1UEAwwEdDE5 +MqQRMA8xDTALBgNVBAMMBHQxOTOkETAPMQ0wCwYDVQQDDAR0MTk0pBEwDzENMAsG +A1UEAwwEdDE5NaQRMA8xDTALBgNVBAMMBHQxOTakETAPMQ0wCwYDVQQDDAR0MTk3 +pBEwDzENMAsGA1UEAwwEdDE5OKQRMA8xDTALBgNVBAMMBHQxOTmkETAPMQ0wCwYD +VQQDDAR0MjAwpBEwDzENMAsGA1UEAwwEdDIwMaQRMA8xDTALBgNVBAMMBHQyMDKk +ETAPMQ0wCwYDVQQDDAR0MjAzpBEwDzENMAsGA1UEAwwEdDIwNKQRMA8xDTALBgNV +BAMMBHQyMDWkETAPMQ0wCwYDVQQDDAR0MjA2pBEwDzENMAsGA1UEAwwEdDIwN6QR +MA8xDTALBgNVBAMMBHQyMDikETAPMQ0wCwYDVQQDDAR0MjA5pBEwDzENMAsGA1UE +AwwEdDIxMKQRMA8xDTALBgNVBAMMBHQyMTGkETAPMQ0wCwYDVQQDDAR0MjEypBEw +DzENMAsGA1UEAwwEdDIxM6QRMA8xDTALBgNVBAMMBHQyMTSkETAPMQ0wCwYDVQQD +DAR0MjE1pBEwDzENMAsGA1UEAwwEdDIxNqQRMA8xDTALBgNVBAMMBHQyMTekETAP +MQ0wCwYDVQQDDAR0MjE4pBEwDzENMAsGA1UEAwwEdDIxOaQRMA8xDTALBgNVBAMM +BHQyMjCkETAPMQ0wCwYDVQQDDAR0MjIxpBEwDzENMAsGA1UEAwwEdDIyMqQRMA8x +DTALBgNVBAMMBHQyMjOkETAPMQ0wCwYDVQQDDAR0MjI0pBEwDzENMAsGA1UEAwwE +dDIyNaQRMA8xDTALBgNVBAMMBHQyMjakETAPMQ0wCwYDVQQDDAR0MjI3pBEwDzEN +MAsGA1UEAwwEdDIyOKQRMA8xDTALBgNVBAMMBHQyMjmkETAPMQ0wCwYDVQQDDAR0 +MjMwpBEwDzENMAsGA1UEAwwEdDIzMaQRMA8xDTALBgNVBAMMBHQyMzKkETAPMQ0w +CwYDVQQDDAR0MjMzpBEwDzENMAsGA1UEAwwEdDIzNKQRMA8xDTALBgNVBAMMBHQy +MzWkETAPMQ0wCwYDVQQDDAR0MjM2pBEwDzENMAsGA1UEAwwEdDIzN6QRMA8xDTAL +BgNVBAMMBHQyMzikETAPMQ0wCwYDVQQDDAR0MjM5pBEwDzENMAsGA1UEAwwEdDI0 +MKQRMA8xDTALBgNVBAMMBHQyNDGkETAPMQ0wCwYDVQQDDAR0MjQypBEwDzENMAsG +A1UEAwwEdDI0M6QRMA8xDTALBgNVBAMMBHQyNDSkETAPMQ0wCwYDVQQDDAR0MjQ1 +pBEwDzENMAsGA1UEAwwEdDI0NqQRMA8xDTALBgNVBAMMBHQyNDekETAPMQ0wCwYD +VQQDDAR0MjQ4pBEwDzENMAsGA1UEAwwEdDI0OaQRMA8xDTALBgNVBAMMBHQyNTCk +ETAPMQ0wCwYDVQQDDAR0MjUxpBEwDzENMAsGA1UEAwwEdDI1MqQRMA8xDTALBgNV +BAMMBHQyNTOkETAPMQ0wCwYDVQQDDAR0MjU0pBEwDzENMAsGA1UEAwwEdDI1NaQR +MA8xDTALBgNVBAMMBHQyNTakETAPMQ0wCwYDVQQDDAR0MjU3pBEwDzENMAsGA1UE +AwwEdDI1OKQRMA8xDTALBgNVBAMMBHQyNTmkETAPMQ0wCwYDVQQDDAR0MjYwpBEw +DzENMAsGA1UEAwwEdDI2MaQRMA8xDTALBgNVBAMMBHQyNjKkETAPMQ0wCwYDVQQD +DAR0MjYzpBEwDzENMAsGA1UEAwwEdDI2NKQRMA8xDTALBgNVBAMMBHQyNjWkETAP +MQ0wCwYDVQQDDAR0MjY2pBEwDzENMAsGA1UEAwwEdDI2N6QRMA8xDTALBgNVBAMM +BHQyNjikETAPMQ0wCwYDVQQDDAR0MjY5pBEwDzENMAsGA1UEAwwEdDI3MKQRMA8x +DTALBgNVBAMMBHQyNzGkETAPMQ0wCwYDVQQDDAR0MjcypBEwDzENMAsGA1UEAwwE +dDI3M6QRMA8xDTALBgNVBAMMBHQyNzSkETAPMQ0wCwYDVQQDDAR0Mjc1pBEwDzEN +MAsGA1UEAwwEdDI3NqQRMA8xDTALBgNVBAMMBHQyNzekETAPMQ0wCwYDVQQDDAR0 +Mjc4pBEwDzENMAsGA1UEAwwEdDI3OaQRMA8xDTALBgNVBAMMBHQyODCkETAPMQ0w +CwYDVQQDDAR0MjgxpBEwDzENMAsGA1UEAwwEdDI4MqQRMA8xDTALBgNVBAMMBHQy +ODOkETAPMQ0wCwYDVQQDDAR0Mjg0pBEwDzENMAsGA1UEAwwEdDI4NaQRMA8xDTAL +BgNVBAMMBHQyODakETAPMQ0wCwYDVQQDDAR0Mjg3pBEwDzENMAsGA1UEAwwEdDI4 +OKQRMA8xDTALBgNVBAMMBHQyODmkETAPMQ0wCwYDVQQDDAR0MjkwpBEwDzENMAsG +A1UEAwwEdDI5MaQRMA8xDTALBgNVBAMMBHQyOTKkETAPMQ0wCwYDVQQDDAR0Mjkz +pBEwDzENMAsGA1UEAwwEdDI5NKQRMA8xDTALBgNVBAMMBHQyOTWkETAPMQ0wCwYD +VQQDDAR0Mjk2pBEwDzENMAsGA1UEAwwEdDI5N6QRMA8xDTALBgNVBAMMBHQyOTik +ETAPMQ0wCwYDVQQDDAR0Mjk5pBEwDzENMAsGA1UEAwwEdDMwMKQRMA8xDTALBgNV +BAMMBHQzMDGkETAPMQ0wCwYDVQQDDAR0MzAypBEwDzENMAsGA1UEAwwEdDMwM6QR +MA8xDTALBgNVBAMMBHQzMDSkETAPMQ0wCwYDVQQDDAR0MzA1pBEwDzENMAsGA1UE +AwwEdDMwNqQRMA8xDTALBgNVBAMMBHQzMDekETAPMQ0wCwYDVQQDDAR0MzA4pBEw +DzENMAsGA1UEAwwEdDMwOaQRMA8xDTALBgNVBAMMBHQzMTCkETAPMQ0wCwYDVQQD +DAR0MzExpBEwDzENMAsGA1UEAwwEdDMxMqQRMA8xDTALBgNVBAMMBHQzMTOkETAP +MQ0wCwYDVQQDDAR0MzE0pBEwDzENMAsGA1UEAwwEdDMxNaQRMA8xDTALBgNVBAMM +BHQzMTakETAPMQ0wCwYDVQQDDAR0MzE3pBEwDzENMAsGA1UEAwwEdDMxOKQRMA8x +DTALBgNVBAMMBHQzMTmkETAPMQ0wCwYDVQQDDAR0MzIwpBEwDzENMAsGA1UEAwwE +dDMyMaQRMA8xDTALBgNVBAMMBHQzMjKkETAPMQ0wCwYDVQQDDAR0MzIzpBEwDzEN +MAsGA1UEAwwEdDMyNKQRMA8xDTALBgNVBAMMBHQzMjWkETAPMQ0wCwYDVQQDDAR0 +MzI2pBEwDzENMAsGA1UEAwwEdDMyN6QRMA8xDTALBgNVBAMMBHQzMjikETAPMQ0w +CwYDVQQDDAR0MzI5pBEwDzENMAsGA1UEAwwEdDMzMKQRMA8xDTALBgNVBAMMBHQz +MzGkETAPMQ0wCwYDVQQDDAR0MzMypBEwDzENMAsGA1UEAwwEdDMzM6QRMA8xDTAL +BgNVBAMMBHQzMzSkETAPMQ0wCwYDVQQDDAR0MzM1pBEwDzENMAsGA1UEAwwEdDMz +NqQRMA8xDTALBgNVBAMMBHQzMzekETAPMQ0wCwYDVQQDDAR0MzM4pBEwDzENMAsG +A1UEAwwEdDMzOaQRMA8xDTALBgNVBAMMBHQzNDAwDQYJKoZIhvcNAQELBQADggEB +AD9lGsQ44lWttO8MroupRr76cU9sQgZ63z+1zAiQI6r98o2/eSOx2fA8JnUxIS+b +e2QXz+iln1bL/LkFq8X1M3VzEX43oIJDCZmHNMY4hxYxIR8XteXAzt73qzislxM2 +e1tuw0vdyzPEORvrxY7jmz7kzzBv6A6ZtlXwLlYykVbMhC/K+dgPs1ysgv0YWGpZ +JJ1Q4hCi6+DsvMeM6eph1HZE1dOUeYIl0DbcKcx3db54sYULNNM00F0Yl5EFb+kF +Qe8coGisSx3k0HG+EyitVf2pcebALZl4ya+aLN77CLOVliRMv+QzVwuX7uLPZrom +wVyvBts/YzoYuiHVAX38N/w= +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.pem new file mode 100644 index 0000000000..7ef7fdabb3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_1.pem @@ -0,0 +1,344 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340 + Signature Algorithm: sha256WithRSAEncryption + 90:c2:57:f6:92:e9:c7:58:4e:b5:bd:11:26:33:dd:b9:3d:c2: + 1e:6d:6b:21:74:04:85:22:1e:d2:1b:09:fb:99:24:d8:e6:ed: + 1c:55:14:34:b7:19:4e:f2:cc:37:2e:b3:d3:26:96:f2:6d:88: + d6:8d:b2:7b:1a:6f:eb:66:f1:d9:f3:a3:4f:b0:76:51:d2:1c: + e6:b0:ae:0f:28:38:bf:c6:94:d5:76:71:0f:f6:11:95:c8:07: + 26:be:81:aa:55:4d:17:17:36:90:bb:c2:b8:40:72:a2:cf:0f: + d3:55:b1:65:50:67:c8:57:4b:54:bd:5b:42:7f:d4:b4:46:0e: + fe:9d:f0:eb:a9:96:c2:53:ce:b5:fb:71:3c:da:51:37:94:c7: + 7b:1e:d6:5b:c1:1b:da:ae:09:b1:da:d0:2d:27:ae:46:c6:5e: + d0:72:cb:e0:29:a7:c8:40:e8:18:94:26:ad:d8:51:21:43:24: + f6:f9:a4:9e:f1:57:d1:4b:3e:74:71:97:8f:de:09:2d:d3:85: + b1:79:a8:9d:d0:6c:35:90:a8:62:2f:fb:45:ac:c5:5b:5c:cc: + ea:72:05:b0:2f:79:36:56:f2:75:5b:b4:30:8c:0c:9f:fc:e8: + da:7e:2c:dd:fc:5e:fc:23:04:c1:53:31:a7:e2:ce:18:10:28: + b8:d4:60:8e +-----BEGIN CERTIFICATE----- +MIIy0TCCMbmgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCMB4wgjAaMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgi8wBgNVHREEgi8nMIIvI4IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SHBAoAAACHBAoAAAGHBAoAAAKHBAoAAAOHBAoAAASHBAoAAAWHBAoAAAaHBAoA +AAeHBAoAAAiHBAoAAAmHBAoAAAqHBAoAAAuHBAoAAAyHBAoAAA2HBAoAAA6HBAoA +AA+HBAoAABCHBAoAABGHBAoAABKHBAoAABOHBAoAABSHBAoAABWHBAoAABaHBAoA +ABeHBAoAABiHBAoAABmHBAoAABqHBAoAABuHBAoAAByHBAoAAB2HBAoAAB6HBAoA +AB+HBAoAACCHBAoAACGHBAoAACKHBAoAACOHBAoAACSHBAoAACWHBAoAACaHBAoA +ACeHBAoAACiHBAoAACmHBAoAACqHBAoAACuHBAoAACyHBAoAAC2HBAoAAC6HBAoA +AC+HBAoAADCHBAoAADGHBAoAADKHBAoAADOHBAoAADSHBAoAADWHBAoAADaHBAoA +ADeHBAoAADiHBAoAADmHBAoAADqHBAoAADuHBAoAADyHBAoAAD2HBAoAAD6HBAoA +AD+HBAoAAECHBAoAAEGHBAoAAEKHBAoAAEOHBAoAAESHBAoAAEWHBAoAAEaHBAoA +AEeHBAoAAEiHBAoAAEmHBAoAAEqHBAoAAEuHBAoAAEyHBAoAAE2HBAoAAE6HBAoA +AE+HBAoAAFCHBAoAAFGHBAoAAFKHBAoAAFOHBAoAAFSHBAoAAFWHBAoAAFaHBAoA +AFeHBAoAAFiHBAoAAFmHBAoAAFqHBAoAAFuHBAoAAFyHBAoAAF2HBAoAAF6HBAoA +AF+HBAoAAGCHBAoAAGGHBAoAAGKHBAoAAGOHBAoAAGSHBAoAAGWHBAoAAGaHBAoA +AGeHBAoAAGiHBAoAAGmHBAoAAGqHBAoAAGuHBAoAAGyHBAoAAG2HBAoAAG6HBAoA +AG+HBAoAAHCHBAoAAHGHBAoAAHKHBAoAAHOHBAoAAHSHBAoAAHWHBAoAAHaHBAoA +AHeHBAoAAHiHBAoAAHmHBAoAAHqHBAoAAHuHBAoAAHyHBAoAAH2HBAoAAH6HBAoA +AH+HBAoAAICHBAoAAIGHBAoAAIKHBAoAAIOHBAoAAISHBAoAAIWHBAoAAIaHBAoA +AIeHBAoAAIiHBAoAAImHBAoAAIqHBAoAAIuHBAoAAIyHBAoAAI2HBAoAAI6HBAoA +AI+HBAoAAJCHBAoAAJGHBAoAAJKHBAoAAJOHBAoAAJSHBAoAAJWHBAoAAJaHBAoA +AJeHBAoAAJiHBAoAAJmHBAoAAJqHBAoAAJuHBAoAAJyHBAoAAJ2HBAoAAJ6HBAoA +AJ+HBAoAAKCHBAoAAKGHBAoAAKKHBAoAAKOHBAoAAKSHBAoAAKWHBAoAAKaHBAoA +AKeHBAoAAKiHBAoAAKmHBAoAAKqHBAoAAKuHBAoAAKyHBAoAAK2HBAoAAK6HBAoA +AK+HBAoAALCHBAoAALGHBAoAALKHBAoAALOHBAoAALSHBAoAALWHBAoAALaHBAoA +ALeHBAoAALiHBAoAALmHBAoAALqHBAoAALuHBAoAALyHBAoAAL2HBAoAAL6HBAoA +AL+HBAoAAMCHBAoAAMGHBAoAAMKHBAoAAMOHBAoAAMSHBAoAAMWHBAoAAMaHBAoA +AMeHBAoAAMiHBAoAAMmHBAoAAMqHBAoAAMuHBAoAAMyHBAoAAM2HBAoAAM6HBAoA +AM+HBAoAANCHBAoAANGHBAoAANKHBAoAANOHBAoAANSHBAoAANWHBAoAANaHBAoA +ANeHBAoAANiHBAoAANmHBAoAANqHBAoAANuHBAoAANyHBAoAAN2HBAoAAN6HBAoA +AN+HBAoAAOCHBAoAAOGHBAoAAOKHBAoAAOOHBAoAAOSHBAoAAOWHBAoAAOaHBAoA +AOeHBAoAAOiHBAoAAOmHBAoAAOqHBAoAAOuHBAoAAOyHBAoAAO2HBAoAAO6HBAoA +AO+HBAoAAPCHBAoAAPGHBAoAAPKHBAoAAPOHBAoAAPSHBAoAAPWHBAoAAPaHBAoA +APeHBAoAAPiHBAoAAPmHBAoAAPqHBAoAAPuHBAoAAPyHBAoAAP2HBAoAAP6HBAoA +AP+HBAoAAQCHBAoAAQGHBAoAAQKHBAoAAQOHBAoAAQSHBAoAAQWHBAoAAQaHBAoA +AQeHBAoAAQiHBAoAAQmHBAoAAQqHBAoAAQuHBAoAAQyHBAoAAQ2HBAoAAQ6HBAoA +AQ+HBAoAARCHBAoAARGHBAoAARKHBAoAAROHBAoAARSHBAoAARWHBAoAARaHBAoA +AReHBAoAARiHBAoAARmHBAoAARqHBAoAARuHBAoAARyHBAoAAR2HBAoAAR6HBAoA +AR+HBAoAASCHBAoAASGHBAoAASKHBAoAASOHBAoAASSHBAoAASWHBAoAASaHBAoA +ASeHBAoAASiHBAoAASmHBAoAASqHBAoAASuHBAoAASyHBAoAAS2HBAoAAS6HBAoA +AS+HBAoAATCHBAoAATGHBAoAATKHBAoAATOHBAoAATSHBAoAATWHBAoAATaHBAoA +ATeHBAoAATiHBAoAATmHBAoAATqHBAoAATuHBAoAATyHBAoAAT2HBAoAAT6HBAoA +AT+HBAoAAUCHBAoAAUGHBAoAAUKHBAoAAUOHBAoAAUSHBAoAAUWHBAoAAUaHBAoA +AUeHBAoAAUiHBAoAAUmHBAoAAUqHBAoAAUuHBAoAAUyHBAoAAU2HBAoAAU6HBAoA +AU+HBAoAAVCHBAoAAVGHBAoAAVKHBAoAAVOHBAoAAVSkDzANMQswCQYDVQQDDAJ0 +MKQPMA0xCzAJBgNVBAMMAnQxpA8wDTELMAkGA1UEAwwCdDKkDzANMQswCQYDVQQD +DAJ0M6QPMA0xCzAJBgNVBAMMAnQ0pA8wDTELMAkGA1UEAwwCdDWkDzANMQswCQYD +VQQDDAJ0NqQPMA0xCzAJBgNVBAMMAnQ3pA8wDTELMAkGA1UEAwwCdDikDzANMQsw +CQYDVQQDDAJ0OaQQMA4xDDAKBgNVBAMMA3QxMKQQMA4xDDAKBgNVBAMMA3QxMaQQ +MA4xDDAKBgNVBAMMA3QxMqQQMA4xDDAKBgNVBAMMA3QxM6QQMA4xDDAKBgNVBAMM +A3QxNKQQMA4xDDAKBgNVBAMMA3QxNaQQMA4xDDAKBgNVBAMMA3QxNqQQMA4xDDAK +BgNVBAMMA3QxN6QQMA4xDDAKBgNVBAMMA3QxOKQQMA4xDDAKBgNVBAMMA3QxOaQQ +MA4xDDAKBgNVBAMMA3QyMKQQMA4xDDAKBgNVBAMMA3QyMaQQMA4xDDAKBgNVBAMM +A3QyMqQQMA4xDDAKBgNVBAMMA3QyM6QQMA4xDDAKBgNVBAMMA3QyNKQQMA4xDDAK +BgNVBAMMA3QyNaQQMA4xDDAKBgNVBAMMA3QyNqQQMA4xDDAKBgNVBAMMA3QyN6QQ +MA4xDDAKBgNVBAMMA3QyOKQQMA4xDDAKBgNVBAMMA3QyOaQQMA4xDDAKBgNVBAMM +A3QzMKQQMA4xDDAKBgNVBAMMA3QzMaQQMA4xDDAKBgNVBAMMA3QzMqQQMA4xDDAK +BgNVBAMMA3QzM6QQMA4xDDAKBgNVBAMMA3QzNKQQMA4xDDAKBgNVBAMMA3QzNaQQ +MA4xDDAKBgNVBAMMA3QzNqQQMA4xDDAKBgNVBAMMA3QzN6QQMA4xDDAKBgNVBAMM +A3QzOKQQMA4xDDAKBgNVBAMMA3QzOaQQMA4xDDAKBgNVBAMMA3Q0MKQQMA4xDDAK +BgNVBAMMA3Q0MaQQMA4xDDAKBgNVBAMMA3Q0MqQQMA4xDDAKBgNVBAMMA3Q0M6QQ +MA4xDDAKBgNVBAMMA3Q0NKQQMA4xDDAKBgNVBAMMA3Q0NaQQMA4xDDAKBgNVBAMM +A3Q0NqQQMA4xDDAKBgNVBAMMA3Q0N6QQMA4xDDAKBgNVBAMMA3Q0OKQQMA4xDDAK +BgNVBAMMA3Q0OaQQMA4xDDAKBgNVBAMMA3Q1MKQQMA4xDDAKBgNVBAMMA3Q1MaQQ +MA4xDDAKBgNVBAMMA3Q1MqQQMA4xDDAKBgNVBAMMA3Q1M6QQMA4xDDAKBgNVBAMM +A3Q1NKQQMA4xDDAKBgNVBAMMA3Q1NaQQMA4xDDAKBgNVBAMMA3Q1NqQQMA4xDDAK +BgNVBAMMA3Q1N6QQMA4xDDAKBgNVBAMMA3Q1OKQQMA4xDDAKBgNVBAMMA3Q1OaQQ +MA4xDDAKBgNVBAMMA3Q2MKQQMA4xDDAKBgNVBAMMA3Q2MaQQMA4xDDAKBgNVBAMM +A3Q2MqQQMA4xDDAKBgNVBAMMA3Q2M6QQMA4xDDAKBgNVBAMMA3Q2NKQQMA4xDDAK +BgNVBAMMA3Q2NaQQMA4xDDAKBgNVBAMMA3Q2NqQQMA4xDDAKBgNVBAMMA3Q2N6QQ +MA4xDDAKBgNVBAMMA3Q2OKQQMA4xDDAKBgNVBAMMA3Q2OaQQMA4xDDAKBgNVBAMM +A3Q3MKQQMA4xDDAKBgNVBAMMA3Q3MaQQMA4xDDAKBgNVBAMMA3Q3MqQQMA4xDDAK +BgNVBAMMA3Q3M6QQMA4xDDAKBgNVBAMMA3Q3NKQQMA4xDDAKBgNVBAMMA3Q3NaQQ +MA4xDDAKBgNVBAMMA3Q3NqQQMA4xDDAKBgNVBAMMA3Q3N6QQMA4xDDAKBgNVBAMM +A3Q3OKQQMA4xDDAKBgNVBAMMA3Q3OaQQMA4xDDAKBgNVBAMMA3Q4MKQQMA4xDDAK +BgNVBAMMA3Q4MaQQMA4xDDAKBgNVBAMMA3Q4MqQQMA4xDDAKBgNVBAMMA3Q4M6QQ +MA4xDDAKBgNVBAMMA3Q4NKQQMA4xDDAKBgNVBAMMA3Q4NaQQMA4xDDAKBgNVBAMM +A3Q4NqQQMA4xDDAKBgNVBAMMA3Q4N6QQMA4xDDAKBgNVBAMMA3Q4OKQQMA4xDDAK +BgNVBAMMA3Q4OaQQMA4xDDAKBgNVBAMMA3Q5MKQQMA4xDDAKBgNVBAMMA3Q5MaQQ +MA4xDDAKBgNVBAMMA3Q5MqQQMA4xDDAKBgNVBAMMA3Q5M6QQMA4xDDAKBgNVBAMM +A3Q5NKQQMA4xDDAKBgNVBAMMA3Q5NaQQMA4xDDAKBgNVBAMMA3Q5NqQQMA4xDDAK +BgNVBAMMA3Q5N6QQMA4xDDAKBgNVBAMMA3Q5OKQQMA4xDDAKBgNVBAMMA3Q5OaQR +MA8xDTALBgNVBAMMBHQxMDCkETAPMQ0wCwYDVQQDDAR0MTAxpBEwDzENMAsGA1UE +AwwEdDEwMqQRMA8xDTALBgNVBAMMBHQxMDOkETAPMQ0wCwYDVQQDDAR0MTA0pBEw +DzENMAsGA1UEAwwEdDEwNaQRMA8xDTALBgNVBAMMBHQxMDakETAPMQ0wCwYDVQQD +DAR0MTA3pBEwDzENMAsGA1UEAwwEdDEwOKQRMA8xDTALBgNVBAMMBHQxMDmkETAP +MQ0wCwYDVQQDDAR0MTEwpBEwDzENMAsGA1UEAwwEdDExMaQRMA8xDTALBgNVBAMM +BHQxMTKkETAPMQ0wCwYDVQQDDAR0MTEzpBEwDzENMAsGA1UEAwwEdDExNKQRMA8x +DTALBgNVBAMMBHQxMTWkETAPMQ0wCwYDVQQDDAR0MTE2pBEwDzENMAsGA1UEAwwE +dDExN6QRMA8xDTALBgNVBAMMBHQxMTikETAPMQ0wCwYDVQQDDAR0MTE5pBEwDzEN +MAsGA1UEAwwEdDEyMKQRMA8xDTALBgNVBAMMBHQxMjGkETAPMQ0wCwYDVQQDDAR0 +MTIypBEwDzENMAsGA1UEAwwEdDEyM6QRMA8xDTALBgNVBAMMBHQxMjSkETAPMQ0w +CwYDVQQDDAR0MTI1pBEwDzENMAsGA1UEAwwEdDEyNqQRMA8xDTALBgNVBAMMBHQx +MjekETAPMQ0wCwYDVQQDDAR0MTI4pBEwDzENMAsGA1UEAwwEdDEyOaQRMA8xDTAL +BgNVBAMMBHQxMzCkETAPMQ0wCwYDVQQDDAR0MTMxpBEwDzENMAsGA1UEAwwEdDEz +MqQRMA8xDTALBgNVBAMMBHQxMzOkETAPMQ0wCwYDVQQDDAR0MTM0pBEwDzENMAsG +A1UEAwwEdDEzNaQRMA8xDTALBgNVBAMMBHQxMzakETAPMQ0wCwYDVQQDDAR0MTM3 +pBEwDzENMAsGA1UEAwwEdDEzOKQRMA8xDTALBgNVBAMMBHQxMzmkETAPMQ0wCwYD +VQQDDAR0MTQwpBEwDzENMAsGA1UEAwwEdDE0MaQRMA8xDTALBgNVBAMMBHQxNDKk +ETAPMQ0wCwYDVQQDDAR0MTQzpBEwDzENMAsGA1UEAwwEdDE0NKQRMA8xDTALBgNV +BAMMBHQxNDWkETAPMQ0wCwYDVQQDDAR0MTQ2pBEwDzENMAsGA1UEAwwEdDE0N6QR +MA8xDTALBgNVBAMMBHQxNDikETAPMQ0wCwYDVQQDDAR0MTQ5pBEwDzENMAsGA1UE +AwwEdDE1MKQRMA8xDTALBgNVBAMMBHQxNTGkETAPMQ0wCwYDVQQDDAR0MTUypBEw +DzENMAsGA1UEAwwEdDE1M6QRMA8xDTALBgNVBAMMBHQxNTSkETAPMQ0wCwYDVQQD +DAR0MTU1pBEwDzENMAsGA1UEAwwEdDE1NqQRMA8xDTALBgNVBAMMBHQxNTekETAP +MQ0wCwYDVQQDDAR0MTU4pBEwDzENMAsGA1UEAwwEdDE1OaQRMA8xDTALBgNVBAMM +BHQxNjCkETAPMQ0wCwYDVQQDDAR0MTYxpBEwDzENMAsGA1UEAwwEdDE2MqQRMA8x +DTALBgNVBAMMBHQxNjOkETAPMQ0wCwYDVQQDDAR0MTY0pBEwDzENMAsGA1UEAwwE +dDE2NaQRMA8xDTALBgNVBAMMBHQxNjakETAPMQ0wCwYDVQQDDAR0MTY3pBEwDzEN +MAsGA1UEAwwEdDE2OKQRMA8xDTALBgNVBAMMBHQxNjmkETAPMQ0wCwYDVQQDDAR0 +MTcwpBEwDzENMAsGA1UEAwwEdDE3MaQRMA8xDTALBgNVBAMMBHQxNzKkETAPMQ0w +CwYDVQQDDAR0MTczpBEwDzENMAsGA1UEAwwEdDE3NKQRMA8xDTALBgNVBAMMBHQx +NzWkETAPMQ0wCwYDVQQDDAR0MTc2pBEwDzENMAsGA1UEAwwEdDE3N6QRMA8xDTAL +BgNVBAMMBHQxNzikETAPMQ0wCwYDVQQDDAR0MTc5pBEwDzENMAsGA1UEAwwEdDE4 +MKQRMA8xDTALBgNVBAMMBHQxODGkETAPMQ0wCwYDVQQDDAR0MTgypBEwDzENMAsG +A1UEAwwEdDE4M6QRMA8xDTALBgNVBAMMBHQxODSkETAPMQ0wCwYDVQQDDAR0MTg1 +pBEwDzENMAsGA1UEAwwEdDE4NqQRMA8xDTALBgNVBAMMBHQxODekETAPMQ0wCwYD +VQQDDAR0MTg4pBEwDzENMAsGA1UEAwwEdDE4OaQRMA8xDTALBgNVBAMMBHQxOTCk +ETAPMQ0wCwYDVQQDDAR0MTkxpBEwDzENMAsGA1UEAwwEdDE5MqQRMA8xDTALBgNV +BAMMBHQxOTOkETAPMQ0wCwYDVQQDDAR0MTk0pBEwDzENMAsGA1UEAwwEdDE5NaQR +MA8xDTALBgNVBAMMBHQxOTakETAPMQ0wCwYDVQQDDAR0MTk3pBEwDzENMAsGA1UE +AwwEdDE5OKQRMA8xDTALBgNVBAMMBHQxOTmkETAPMQ0wCwYDVQQDDAR0MjAwpBEw +DzENMAsGA1UEAwwEdDIwMaQRMA8xDTALBgNVBAMMBHQyMDKkETAPMQ0wCwYDVQQD +DAR0MjAzpBEwDzENMAsGA1UEAwwEdDIwNKQRMA8xDTALBgNVBAMMBHQyMDWkETAP +MQ0wCwYDVQQDDAR0MjA2pBEwDzENMAsGA1UEAwwEdDIwN6QRMA8xDTALBgNVBAMM +BHQyMDikETAPMQ0wCwYDVQQDDAR0MjA5pBEwDzENMAsGA1UEAwwEdDIxMKQRMA8x +DTALBgNVBAMMBHQyMTGkETAPMQ0wCwYDVQQDDAR0MjEypBEwDzENMAsGA1UEAwwE +dDIxM6QRMA8xDTALBgNVBAMMBHQyMTSkETAPMQ0wCwYDVQQDDAR0MjE1pBEwDzEN +MAsGA1UEAwwEdDIxNqQRMA8xDTALBgNVBAMMBHQyMTekETAPMQ0wCwYDVQQDDAR0 +MjE4pBEwDzENMAsGA1UEAwwEdDIxOaQRMA8xDTALBgNVBAMMBHQyMjCkETAPMQ0w +CwYDVQQDDAR0MjIxpBEwDzENMAsGA1UEAwwEdDIyMqQRMA8xDTALBgNVBAMMBHQy +MjOkETAPMQ0wCwYDVQQDDAR0MjI0pBEwDzENMAsGA1UEAwwEdDIyNaQRMA8xDTAL +BgNVBAMMBHQyMjakETAPMQ0wCwYDVQQDDAR0MjI3pBEwDzENMAsGA1UEAwwEdDIy +OKQRMA8xDTALBgNVBAMMBHQyMjmkETAPMQ0wCwYDVQQDDAR0MjMwpBEwDzENMAsG +A1UEAwwEdDIzMaQRMA8xDTALBgNVBAMMBHQyMzKkETAPMQ0wCwYDVQQDDAR0MjMz +pBEwDzENMAsGA1UEAwwEdDIzNKQRMA8xDTALBgNVBAMMBHQyMzWkETAPMQ0wCwYD +VQQDDAR0MjM2pBEwDzENMAsGA1UEAwwEdDIzN6QRMA8xDTALBgNVBAMMBHQyMzik +ETAPMQ0wCwYDVQQDDAR0MjM5pBEwDzENMAsGA1UEAwwEdDI0MKQRMA8xDTALBgNV +BAMMBHQyNDGkETAPMQ0wCwYDVQQDDAR0MjQypBEwDzENMAsGA1UEAwwEdDI0M6QR +MA8xDTALBgNVBAMMBHQyNDSkETAPMQ0wCwYDVQQDDAR0MjQ1pBEwDzENMAsGA1UE +AwwEdDI0NqQRMA8xDTALBgNVBAMMBHQyNDekETAPMQ0wCwYDVQQDDAR0MjQ4pBEw +DzENMAsGA1UEAwwEdDI0OaQRMA8xDTALBgNVBAMMBHQyNTCkETAPMQ0wCwYDVQQD +DAR0MjUxpBEwDzENMAsGA1UEAwwEdDI1MqQRMA8xDTALBgNVBAMMBHQyNTOkETAP +MQ0wCwYDVQQDDAR0MjU0pBEwDzENMAsGA1UEAwwEdDI1NaQRMA8xDTALBgNVBAMM +BHQyNTakETAPMQ0wCwYDVQQDDAR0MjU3pBEwDzENMAsGA1UEAwwEdDI1OKQRMA8x +DTALBgNVBAMMBHQyNTmkETAPMQ0wCwYDVQQDDAR0MjYwpBEwDzENMAsGA1UEAwwE +dDI2MaQRMA8xDTALBgNVBAMMBHQyNjKkETAPMQ0wCwYDVQQDDAR0MjYzpBEwDzEN +MAsGA1UEAwwEdDI2NKQRMA8xDTALBgNVBAMMBHQyNjWkETAPMQ0wCwYDVQQDDAR0 +MjY2pBEwDzENMAsGA1UEAwwEdDI2N6QRMA8xDTALBgNVBAMMBHQyNjikETAPMQ0w +CwYDVQQDDAR0MjY5pBEwDzENMAsGA1UEAwwEdDI3MKQRMA8xDTALBgNVBAMMBHQy +NzGkETAPMQ0wCwYDVQQDDAR0MjcypBEwDzENMAsGA1UEAwwEdDI3M6QRMA8xDTAL +BgNVBAMMBHQyNzSkETAPMQ0wCwYDVQQDDAR0Mjc1pBEwDzENMAsGA1UEAwwEdDI3 +NqQRMA8xDTALBgNVBAMMBHQyNzekETAPMQ0wCwYDVQQDDAR0Mjc4pBEwDzENMAsG +A1UEAwwEdDI3OaQRMA8xDTALBgNVBAMMBHQyODCkETAPMQ0wCwYDVQQDDAR0Mjgx +pBEwDzENMAsGA1UEAwwEdDI4MqQRMA8xDTALBgNVBAMMBHQyODOkETAPMQ0wCwYD +VQQDDAR0Mjg0pBEwDzENMAsGA1UEAwwEdDI4NaQRMA8xDTALBgNVBAMMBHQyODak +ETAPMQ0wCwYDVQQDDAR0Mjg3pBEwDzENMAsGA1UEAwwEdDI4OKQRMA8xDTALBgNV +BAMMBHQyODmkETAPMQ0wCwYDVQQDDAR0MjkwpBEwDzENMAsGA1UEAwwEdDI5MaQR +MA8xDTALBgNVBAMMBHQyOTKkETAPMQ0wCwYDVQQDDAR0MjkzpBEwDzENMAsGA1UE +AwwEdDI5NKQRMA8xDTALBgNVBAMMBHQyOTWkETAPMQ0wCwYDVQQDDAR0Mjk2pBEw +DzENMAsGA1UEAwwEdDI5N6QRMA8xDTALBgNVBAMMBHQyOTikETAPMQ0wCwYDVQQD +DAR0Mjk5pBEwDzENMAsGA1UEAwwEdDMwMKQRMA8xDTALBgNVBAMMBHQzMDGkETAP +MQ0wCwYDVQQDDAR0MzAypBEwDzENMAsGA1UEAwwEdDMwM6QRMA8xDTALBgNVBAMM +BHQzMDSkETAPMQ0wCwYDVQQDDAR0MzA1pBEwDzENMAsGA1UEAwwEdDMwNqQRMA8x +DTALBgNVBAMMBHQzMDekETAPMQ0wCwYDVQQDDAR0MzA4pBEwDzENMAsGA1UEAwwE +dDMwOaQRMA8xDTALBgNVBAMMBHQzMTCkETAPMQ0wCwYDVQQDDAR0MzExpBEwDzEN +MAsGA1UEAwwEdDMxMqQRMA8xDTALBgNVBAMMBHQzMTOkETAPMQ0wCwYDVQQDDAR0 +MzE0pBEwDzENMAsGA1UEAwwEdDMxNaQRMA8xDTALBgNVBAMMBHQzMTakETAPMQ0w +CwYDVQQDDAR0MzE3pBEwDzENMAsGA1UEAwwEdDMxOKQRMA8xDTALBgNVBAMMBHQz +MTmkETAPMQ0wCwYDVQQDDAR0MzIwpBEwDzENMAsGA1UEAwwEdDMyMaQRMA8xDTAL +BgNVBAMMBHQzMjKkETAPMQ0wCwYDVQQDDAR0MzIzpBEwDzENMAsGA1UEAwwEdDMy +NKQRMA8xDTALBgNVBAMMBHQzMjWkETAPMQ0wCwYDVQQDDAR0MzI2pBEwDzENMAsG +A1UEAwwEdDMyN6QRMA8xDTALBgNVBAMMBHQzMjikETAPMQ0wCwYDVQQDDAR0MzI5 +pBEwDzENMAsGA1UEAwwEdDMzMKQRMA8xDTALBgNVBAMMBHQzMzGkETAPMQ0wCwYD +VQQDDAR0MzMypBEwDzENMAsGA1UEAwwEdDMzM6QRMA8xDTALBgNVBAMMBHQzMzSk +ETAPMQ0wCwYDVQQDDAR0MzM1pBEwDzENMAsGA1UEAwwEdDMzNqQRMA8xDTALBgNV +BAMMBHQzMzekETAPMQ0wCwYDVQQDDAR0MzM4pBEwDzENMAsGA1UEAwwEdDMzOaQR +MA8xDTALBgNVBAMMBHQzNDAwDQYJKoZIhvcNAQELBQADggEBAJDCV/aS6cdYTrW9 +ESYz3bk9wh5tayF0BIUiHtIbCfuZJNjm7RxVFDS3GU7yzDcus9MmlvJtiNaNsnsa +b+tm8dnzo0+wdlHSHOawrg8oOL/GlNV2cQ/2EZXIBya+gapVTRcXNpC7wrhAcqLP +D9NVsWVQZ8hXS1S9W0J/1LRGDv6d8OuplsJTzrX7cTzaUTeUx3se1lvBG9quCbHa +0C0nrkbGXtByy+App8hA6BiUJq3YUSFDJPb5pJ7xV9FLPnRxl4/eCS3ThbF5qJ3Q +bDWQqGIv+0WsxVtczOpyBbAveTZW8nVbtDCMDJ/86Np+LN38XvwjBMFTMafizhgQ +KLjUYI4= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.cnf new file mode 100644 index 0000000000..e7c2816a80 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.cnf @@ -0,0 +1,1091 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_2.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +DNS.1 = t0.test +DNS.2 = t1.test +DNS.3 = t2.test +DNS.4 = t3.test +DNS.5 = t4.test +DNS.6 = t5.test +DNS.7 = t6.test +DNS.8 = t7.test +DNS.9 = t8.test +DNS.10 = t9.test +DNS.11 = t10.test +DNS.12 = t11.test +DNS.13 = t12.test +DNS.14 = t13.test +DNS.15 = t14.test +DNS.16 = t15.test +DNS.17 = t16.test +DNS.18 = t17.test +DNS.19 = t18.test +DNS.20 = t19.test +DNS.21 = t20.test +DNS.22 = t21.test +DNS.23 = t22.test +DNS.24 = t23.test +DNS.25 = t24.test +DNS.26 = t25.test +DNS.27 = t26.test +DNS.28 = t27.test +DNS.29 = t28.test +DNS.30 = t29.test +DNS.31 = t30.test +DNS.32 = t31.test +DNS.33 = t32.test +DNS.34 = t33.test +DNS.35 = t34.test +DNS.36 = t35.test +DNS.37 = t36.test +DNS.38 = t37.test +DNS.39 = t38.test +DNS.40 = t39.test +DNS.41 = t40.test +DNS.42 = t41.test +DNS.43 = t42.test +DNS.44 = t43.test +DNS.45 = t44.test +DNS.46 = t45.test +DNS.47 = t46.test +DNS.48 = t47.test +DNS.49 = t48.test +DNS.50 = t49.test +DNS.51 = t50.test +DNS.52 = t51.test +DNS.53 = t52.test +DNS.54 = t53.test +DNS.55 = t54.test +DNS.56 = t55.test +DNS.57 = t56.test +DNS.58 = t57.test +DNS.59 = t58.test +DNS.60 = t59.test +DNS.61 = t60.test +DNS.62 = t61.test +DNS.63 = t62.test +DNS.64 = t63.test +DNS.65 = t64.test +DNS.66 = t65.test +DNS.67 = t66.test +DNS.68 = t67.test +DNS.69 = t68.test +DNS.70 = t69.test +DNS.71 = t70.test +DNS.72 = t71.test +DNS.73 = t72.test +DNS.74 = t73.test +DNS.75 = t74.test +DNS.76 = t75.test +DNS.77 = t76.test +DNS.78 = t77.test +DNS.79 = t78.test +DNS.80 = t79.test +DNS.81 = t80.test +DNS.82 = t81.test +DNS.83 = t82.test +DNS.84 = t83.test +DNS.85 = t84.test +DNS.86 = t85.test +DNS.87 = t86.test +DNS.88 = t87.test +DNS.89 = t88.test +DNS.90 = t89.test +DNS.91 = t90.test +DNS.92 = t91.test +DNS.93 = t92.test +DNS.94 = t93.test +DNS.95 = t94.test +DNS.96 = t95.test +DNS.97 = t96.test +DNS.98 = t97.test +DNS.99 = t98.test +DNS.100 = t99.test +DNS.101 = t100.test +DNS.102 = t101.test +DNS.103 = t102.test +DNS.104 = t103.test +DNS.105 = t104.test +DNS.106 = t105.test +DNS.107 = t106.test +DNS.108 = t107.test +DNS.109 = t108.test +DNS.110 = t109.test +DNS.111 = t110.test +DNS.112 = t111.test +DNS.113 = t112.test +DNS.114 = t113.test +DNS.115 = t114.test +DNS.116 = t115.test +DNS.117 = t116.test +DNS.118 = t117.test +DNS.119 = t118.test +DNS.120 = t119.test +DNS.121 = t120.test +DNS.122 = t121.test +DNS.123 = t122.test +DNS.124 = t123.test +DNS.125 = t124.test +DNS.126 = t125.test +DNS.127 = t126.test +DNS.128 = t127.test +DNS.129 = t128.test +DNS.130 = t129.test +DNS.131 = t130.test +DNS.132 = t131.test +DNS.133 = t132.test +DNS.134 = t133.test +DNS.135 = t134.test +DNS.136 = t135.test +DNS.137 = t136.test +DNS.138 = t137.test +DNS.139 = t138.test +DNS.140 = t139.test +DNS.141 = t140.test +DNS.142 = t141.test +DNS.143 = t142.test +DNS.144 = t143.test +DNS.145 = t144.test +DNS.146 = t145.test +DNS.147 = t146.test +DNS.148 = t147.test +DNS.149 = t148.test +DNS.150 = t149.test +DNS.151 = t150.test +DNS.152 = t151.test +DNS.153 = t152.test +DNS.154 = t153.test +DNS.155 = t154.test +DNS.156 = t155.test +DNS.157 = t156.test +DNS.158 = t157.test +DNS.159 = t158.test +DNS.160 = t159.test +DNS.161 = t160.test +DNS.162 = t161.test +DNS.163 = t162.test +DNS.164 = t163.test +DNS.165 = t164.test +DNS.166 = t165.test +DNS.167 = t166.test +DNS.168 = t167.test +DNS.169 = t168.test +DNS.170 = t169.test +DNS.171 = t170.test +DNS.172 = t171.test +DNS.173 = t172.test +DNS.174 = t173.test +DNS.175 = t174.test +DNS.176 = t175.test +DNS.177 = t176.test +DNS.178 = t177.test +DNS.179 = t178.test +DNS.180 = t179.test +DNS.181 = t180.test +DNS.182 = t181.test +DNS.183 = t182.test +DNS.184 = t183.test +DNS.185 = t184.test +DNS.186 = t185.test +DNS.187 = t186.test +DNS.188 = t187.test +DNS.189 = t188.test +DNS.190 = t189.test +DNS.191 = t190.test +DNS.192 = t191.test +DNS.193 = t192.test +DNS.194 = t193.test +DNS.195 = t194.test +DNS.196 = t195.test +DNS.197 = t196.test +DNS.198 = t197.test +DNS.199 = t198.test +DNS.200 = t199.test +DNS.201 = t200.test +DNS.202 = t201.test +DNS.203 = t202.test +DNS.204 = t203.test +DNS.205 = t204.test +DNS.206 = t205.test +DNS.207 = t206.test +DNS.208 = t207.test +DNS.209 = t208.test +DNS.210 = t209.test +DNS.211 = t210.test +DNS.212 = t211.test +DNS.213 = t212.test +DNS.214 = t213.test +DNS.215 = t214.test +DNS.216 = t215.test +DNS.217 = t216.test +DNS.218 = t217.test +DNS.219 = t218.test +DNS.220 = t219.test +DNS.221 = t220.test +DNS.222 = t221.test +DNS.223 = t222.test +DNS.224 = t223.test +DNS.225 = t224.test +DNS.226 = t225.test +DNS.227 = t226.test +DNS.228 = t227.test +DNS.229 = t228.test +DNS.230 = t229.test +DNS.231 = t230.test +DNS.232 = t231.test +DNS.233 = t232.test +DNS.234 = t233.test +DNS.235 = t234.test +DNS.236 = t235.test +DNS.237 = t236.test +DNS.238 = t237.test +DNS.239 = t238.test +DNS.240 = t239.test +DNS.241 = t240.test +DNS.242 = t241.test +DNS.243 = t242.test +DNS.244 = t243.test +DNS.245 = t244.test +DNS.246 = t245.test +DNS.247 = t246.test +DNS.248 = t247.test +DNS.249 = t248.test +DNS.250 = t249.test +DNS.251 = t250.test +DNS.252 = t251.test +DNS.253 = t252.test +DNS.254 = t253.test +DNS.255 = t254.test +DNS.256 = t255.test +DNS.257 = t256.test +DNS.258 = t257.test +DNS.259 = t258.test +DNS.260 = t259.test +DNS.261 = t260.test +DNS.262 = t261.test +DNS.263 = t262.test +DNS.264 = t263.test +DNS.265 = t264.test +DNS.266 = t265.test +DNS.267 = t266.test +DNS.268 = t267.test +DNS.269 = t268.test +DNS.270 = t269.test +DNS.271 = t270.test +DNS.272 = t271.test +DNS.273 = t272.test +DNS.274 = t273.test +DNS.275 = t274.test +DNS.276 = t275.test +DNS.277 = t276.test +DNS.278 = t277.test +DNS.279 = t278.test +DNS.280 = t279.test +DNS.281 = t280.test +DNS.282 = t281.test +DNS.283 = t282.test +DNS.284 = t283.test +DNS.285 = t284.test +DNS.286 = t285.test +DNS.287 = t286.test +DNS.288 = t287.test +DNS.289 = t288.test +DNS.290 = t289.test +DNS.291 = t290.test +DNS.292 = t291.test +DNS.293 = t292.test +DNS.294 = t293.test +DNS.295 = t294.test +DNS.296 = t295.test +DNS.297 = t296.test +DNS.298 = t297.test +DNS.299 = t298.test +DNS.300 = t299.test +DNS.301 = t300.test +DNS.302 = t301.test +DNS.303 = t302.test +DNS.304 = t303.test +DNS.305 = t304.test +DNS.306 = t305.test +DNS.307 = t306.test +DNS.308 = t307.test +DNS.309 = t308.test +DNS.310 = t309.test +DNS.311 = t310.test +DNS.312 = t311.test +DNS.313 = t312.test +DNS.314 = t313.test +DNS.315 = t314.test +DNS.316 = t315.test +DNS.317 = t316.test +DNS.318 = t317.test +DNS.319 = t318.test +DNS.320 = t319.test +DNS.321 = t320.test +DNS.322 = t321.test +DNS.323 = t322.test +DNS.324 = t323.test +DNS.325 = t324.test +DNS.326 = t325.test +DNS.327 = t326.test +DNS.328 = t327.test +DNS.329 = t328.test +DNS.330 = t329.test +DNS.331 = t330.test +DNS.332 = t331.test +DNS.333 = t332.test +DNS.334 = t333.test +DNS.335 = t334.test +DNS.336 = t335.test +DNS.337 = t336.test +DNS.338 = t337.test +DNS.339 = t338.test +DNS.340 = t339.test +DNS.341 = t340.test +DNS.342 = t341.test +DNS.343 = t342.test +DNS.344 = t343.test +DNS.345 = t344.test +DNS.346 = t345.test +DNS.347 = t346.test +DNS.348 = t347.test +DNS.349 = t348.test +DNS.350 = t349.test +DNS.351 = t350.test +DNS.352 = t351.test +DNS.353 = t352.test +DNS.354 = t353.test +DNS.355 = t354.test +DNS.356 = t355.test +DNS.357 = t356.test +DNS.358 = t357.test +DNS.359 = t358.test +DNS.360 = t359.test +DNS.361 = t360.test +DNS.362 = t361.test +DNS.363 = t362.test +DNS.364 = t363.test +DNS.365 = t364.test +DNS.366 = t365.test +DNS.367 = t366.test +DNS.368 = t367.test +DNS.369 = t368.test +DNS.370 = t369.test +DNS.371 = t370.test +DNS.372 = t371.test +DNS.373 = t372.test +DNS.374 = t373.test +DNS.375 = t374.test +DNS.376 = t375.test +DNS.377 = t376.test +DNS.378 = t377.test +DNS.379 = t378.test +DNS.380 = t379.test +DNS.381 = t380.test +DNS.382 = t381.test +DNS.383 = t382.test +DNS.384 = t383.test +DNS.385 = t384.test +DNS.386 = t385.test +DNS.387 = t386.test +DNS.388 = t387.test +DNS.389 = t388.test +DNS.390 = t389.test +DNS.391 = t390.test +DNS.392 = t391.test +DNS.393 = t392.test +DNS.394 = t393.test +DNS.395 = t394.test +DNS.396 = t395.test +DNS.397 = t396.test +DNS.398 = t397.test +DNS.399 = t398.test +DNS.400 = t399.test +DNS.401 = t400.test +DNS.402 = t401.test +DNS.403 = t402.test +DNS.404 = t403.test +DNS.405 = t404.test +DNS.406 = t405.test +DNS.407 = t406.test +DNS.408 = t407.test +DNS.409 = t408.test +DNS.410 = t409.test +DNS.411 = t410.test +DNS.412 = t411.test +DNS.413 = t412.test +DNS.414 = t413.test +DNS.415 = t414.test +DNS.416 = t415.test +DNS.417 = t416.test +DNS.418 = t417.test +DNS.419 = t418.test +DNS.420 = t419.test +DNS.421 = t420.test +DNS.422 = t421.test +DNS.423 = t422.test +DNS.424 = t423.test +DNS.425 = t424.test +DNS.426 = t425.test +DNS.427 = t426.test +DNS.428 = t427.test +DNS.429 = t428.test +DNS.430 = t429.test +DNS.431 = t430.test +DNS.432 = t431.test +DNS.433 = t432.test +DNS.434 = t433.test +DNS.435 = t434.test +DNS.436 = t435.test +DNS.437 = t436.test +DNS.438 = t437.test +DNS.439 = t438.test +DNS.440 = t439.test +DNS.441 = t440.test +DNS.442 = t441.test +DNS.443 = t442.test +DNS.444 = t443.test +DNS.445 = t444.test +DNS.446 = t445.test +DNS.447 = t446.test +DNS.448 = t447.test +DNS.449 = t448.test +DNS.450 = t449.test +DNS.451 = t450.test +DNS.452 = t451.test +DNS.453 = t452.test +DNS.454 = t453.test +DNS.455 = t454.test +DNS.456 = t455.test +DNS.457 = t456.test +DNS.458 = t457.test +DNS.459 = t458.test +DNS.460 = t459.test +DNS.461 = t460.test +DNS.462 = t461.test +DNS.463 = t462.test +DNS.464 = t463.test +DNS.465 = t464.test +DNS.466 = t465.test +DNS.467 = t466.test +DNS.468 = t467.test +DNS.469 = t468.test +DNS.470 = t469.test +DNS.471 = t470.test +DNS.472 = t471.test +DNS.473 = t472.test +DNS.474 = t473.test +DNS.475 = t474.test +DNS.476 = t475.test +DNS.477 = t476.test +DNS.478 = t477.test +DNS.479 = t478.test +DNS.480 = t479.test +DNS.481 = t480.test +DNS.482 = t481.test +DNS.483 = t482.test +DNS.484 = t483.test +DNS.485 = t484.test +DNS.486 = t485.test +DNS.487 = t486.test +DNS.488 = t487.test +DNS.489 = t488.test +DNS.490 = t489.test +DNS.491 = t490.test +DNS.492 = t491.test +DNS.493 = t492.test +DNS.494 = t493.test +DNS.495 = t494.test +DNS.496 = t495.test +DNS.497 = t496.test +DNS.498 = t497.test +DNS.499 = t498.test +DNS.500 = t499.test +DNS.501 = t500.test +DNS.502 = t501.test +DNS.503 = t502.test +DNS.504 = t503.test +DNS.505 = t504.test +DNS.506 = t505.test +DNS.507 = t506.test +DNS.508 = t507.test +DNS.509 = t508.test +DNS.510 = t509.test +DNS.511 = t510.test +DNS.512 = t511.test +DNS.513 = t512.test +DNS.514 = t513.test +DNS.515 = t514.test +DNS.516 = t515.test +DNS.517 = t516.test +DNS.518 = t517.test +DNS.519 = t518.test +DNS.520 = t519.test +DNS.521 = t520.test +DNS.522 = t521.test +DNS.523 = t522.test +DNS.524 = t523.test +DNS.525 = t524.test +DNS.526 = t525.test +DNS.527 = t526.test +DNS.528 = t527.test +DNS.529 = t528.test +DNS.530 = t529.test +DNS.531 = t530.test +DNS.532 = t531.test +DNS.533 = t532.test +DNS.534 = t533.test +DNS.535 = t534.test +DNS.536 = t535.test +DNS.537 = t536.test +DNS.538 = t537.test +DNS.539 = t538.test +DNS.540 = t539.test +DNS.541 = t540.test +DNS.542 = t541.test +DNS.543 = t542.test +DNS.544 = t543.test +DNS.545 = t544.test +DNS.546 = t545.test +DNS.547 = t546.test +DNS.548 = t547.test +DNS.549 = t548.test +DNS.550 = t549.test +DNS.551 = t550.test +DNS.552 = t551.test +DNS.553 = t552.test +DNS.554 = t553.test +DNS.555 = t554.test +DNS.556 = t555.test +DNS.557 = t556.test +DNS.558 = t557.test +DNS.559 = t558.test +DNS.560 = t559.test +DNS.561 = t560.test +DNS.562 = t561.test +DNS.563 = t562.test +DNS.564 = t563.test +DNS.565 = t564.test +DNS.566 = t565.test +DNS.567 = t566.test +DNS.568 = t567.test +DNS.569 = t568.test +DNS.570 = t569.test +DNS.571 = t570.test +DNS.572 = t571.test +DNS.573 = t572.test +DNS.574 = t573.test +DNS.575 = t574.test +DNS.576 = t575.test +DNS.577 = t576.test +DNS.578 = t577.test +DNS.579 = t578.test +DNS.580 = t579.test +DNS.581 = t580.test +DNS.582 = t581.test +DNS.583 = t582.test +DNS.584 = t583.test +DNS.585 = t584.test +DNS.586 = t585.test +DNS.587 = t586.test +DNS.588 = t587.test +DNS.589 = t588.test +DNS.590 = t589.test +DNS.591 = t590.test +DNS.592 = t591.test +DNS.593 = t592.test +DNS.594 = t593.test +DNS.595 = t594.test +DNS.596 = t595.test +DNS.597 = t596.test +DNS.598 = t597.test +DNS.599 = t598.test +DNS.600 = t599.test +DNS.601 = t600.test +DNS.602 = t601.test +DNS.603 = t602.test +DNS.604 = t603.test +DNS.605 = t604.test +DNS.606 = t605.test +DNS.607 = t606.test +DNS.608 = t607.test +DNS.609 = t608.test +DNS.610 = t609.test +DNS.611 = t610.test +DNS.612 = t611.test +DNS.613 = t612.test +DNS.614 = t613.test +DNS.615 = t614.test +DNS.616 = t615.test +DNS.617 = t616.test +DNS.618 = t617.test +DNS.619 = t618.test +DNS.620 = t619.test +DNS.621 = t620.test +DNS.622 = t621.test +DNS.623 = t622.test +DNS.624 = t623.test +DNS.625 = t624.test +DNS.626 = t625.test +DNS.627 = t626.test +DNS.628 = t627.test +DNS.629 = t628.test +DNS.630 = t629.test +DNS.631 = t630.test +DNS.632 = t631.test +DNS.633 = t632.test +DNS.634 = t633.test +DNS.635 = t634.test +DNS.636 = t635.test +DNS.637 = t636.test +DNS.638 = t637.test +DNS.639 = t638.test +DNS.640 = t639.test +DNS.641 = t640.test +DNS.642 = t641.test +DNS.643 = t642.test +DNS.644 = t643.test +DNS.645 = t644.test +DNS.646 = t645.test +DNS.647 = t646.test +DNS.648 = t647.test +DNS.649 = t648.test +DNS.650 = t649.test +DNS.651 = t650.test +DNS.652 = t651.test +DNS.653 = t652.test +DNS.654 = t653.test +DNS.655 = t654.test +DNS.656 = t655.test +DNS.657 = t656.test +DNS.658 = t657.test +DNS.659 = t658.test +DNS.660 = t659.test +DNS.661 = t660.test +DNS.662 = t661.test +DNS.663 = t662.test +DNS.664 = t663.test +DNS.665 = t664.test +DNS.666 = t665.test +DNS.667 = t666.test +DNS.668 = t667.test +DNS.669 = t668.test +DNS.670 = t669.test +DNS.671 = t670.test +DNS.672 = t671.test +DNS.673 = t672.test +DNS.674 = t673.test +DNS.675 = t674.test +DNS.676 = t675.test +DNS.677 = t676.test +DNS.678 = t677.test +DNS.679 = t678.test +DNS.680 = t679.test +DNS.681 = t680.test +DNS.682 = t681.test +DNS.683 = t682.test +DNS.684 = t683.test +DNS.685 = t684.test +DNS.686 = t685.test +DNS.687 = t686.test +DNS.688 = t687.test +DNS.689 = t688.test +DNS.690 = t689.test +DNS.691 = t690.test +DNS.692 = t691.test +DNS.693 = t692.test +DNS.694 = t693.test +DNS.695 = t694.test +DNS.696 = t695.test +DNS.697 = t696.test +DNS.698 = t697.test +DNS.699 = t698.test +DNS.700 = t699.test +DNS.701 = t700.test +DNS.702 = t701.test +DNS.703 = t702.test +DNS.704 = t703.test +DNS.705 = t704.test +DNS.706 = t705.test +DNS.707 = t706.test +DNS.708 = t707.test +DNS.709 = t708.test +DNS.710 = t709.test +DNS.711 = t710.test +DNS.712 = t711.test +DNS.713 = t712.test +DNS.714 = t713.test +DNS.715 = t714.test +DNS.716 = t715.test +DNS.717 = t716.test +DNS.718 = t717.test +DNS.719 = t718.test +DNS.720 = t719.test +DNS.721 = t720.test +DNS.722 = t721.test +DNS.723 = t722.test +DNS.724 = t723.test +DNS.725 = t724.test +DNS.726 = t725.test +DNS.727 = t726.test +DNS.728 = t727.test +DNS.729 = t728.test +DNS.730 = t729.test +DNS.731 = t730.test +DNS.732 = t731.test +DNS.733 = t732.test +DNS.734 = t733.test +DNS.735 = t734.test +DNS.736 = t735.test +DNS.737 = t736.test +DNS.738 = t737.test +DNS.739 = t738.test +DNS.740 = t739.test +DNS.741 = t740.test +DNS.742 = t741.test +DNS.743 = t742.test +DNS.744 = t743.test +DNS.745 = t744.test +DNS.746 = t745.test +DNS.747 = t746.test +DNS.748 = t747.test +DNS.749 = t748.test +DNS.750 = t749.test +DNS.751 = t750.test +DNS.752 = t751.test +DNS.753 = t752.test +DNS.754 = t753.test +DNS.755 = t754.test +DNS.756 = t755.test +DNS.757 = t756.test +DNS.758 = t757.test +DNS.759 = t758.test +DNS.760 = t759.test +DNS.761 = t760.test +DNS.762 = t761.test +DNS.763 = t762.test +DNS.764 = t763.test +DNS.765 = t764.test +DNS.766 = t765.test +DNS.767 = t766.test +DNS.768 = t767.test +DNS.769 = t768.test +DNS.770 = t769.test +DNS.771 = t770.test +DNS.772 = t771.test +DNS.773 = t772.test +DNS.774 = t773.test +DNS.775 = t774.test +DNS.776 = t775.test +DNS.777 = t776.test +DNS.778 = t777.test +DNS.779 = t778.test +DNS.780 = t779.test +DNS.781 = t780.test +DNS.782 = t781.test +DNS.783 = t782.test +DNS.784 = t783.test +DNS.785 = t784.test +DNS.786 = t785.test +DNS.787 = t786.test +DNS.788 = t787.test +DNS.789 = t788.test +DNS.790 = t789.test +DNS.791 = t790.test +DNS.792 = t791.test +DNS.793 = t792.test +DNS.794 = t793.test +DNS.795 = t794.test +DNS.796 = t795.test +DNS.797 = t796.test +DNS.798 = t797.test +DNS.799 = t798.test +DNS.800 = t799.test +DNS.801 = t800.test +DNS.802 = t801.test +DNS.803 = t802.test +DNS.804 = t803.test +DNS.805 = t804.test +DNS.806 = t805.test +DNS.807 = t806.test +DNS.808 = t807.test +DNS.809 = t808.test +DNS.810 = t809.test +DNS.811 = t810.test +DNS.812 = t811.test +DNS.813 = t812.test +DNS.814 = t813.test +DNS.815 = t814.test +DNS.816 = t815.test +DNS.817 = t816.test +DNS.818 = t817.test +DNS.819 = t818.test +DNS.820 = t819.test +DNS.821 = t820.test +DNS.822 = t821.test +DNS.823 = t822.test +DNS.824 = t823.test +DNS.825 = t824.test +DNS.826 = t825.test +DNS.827 = t826.test +DNS.828 = t827.test +DNS.829 = t828.test +DNS.830 = t829.test +DNS.831 = t830.test +DNS.832 = t831.test +DNS.833 = t832.test +DNS.834 = t833.test +DNS.835 = t834.test +DNS.836 = t835.test +DNS.837 = t836.test +DNS.838 = t837.test +DNS.839 = t838.test +DNS.840 = t839.test +DNS.841 = t840.test +DNS.842 = t841.test +DNS.843 = t842.test +DNS.844 = t843.test +DNS.845 = t844.test +DNS.846 = t845.test +DNS.847 = t846.test +DNS.848 = t847.test +DNS.849 = t848.test +DNS.850 = t849.test +DNS.851 = t850.test +DNS.852 = t851.test +DNS.853 = t852.test +DNS.854 = t853.test +DNS.855 = t854.test +DNS.856 = t855.test +DNS.857 = t856.test +DNS.858 = t857.test +DNS.859 = t858.test +DNS.860 = t859.test +DNS.861 = t860.test +DNS.862 = t861.test +DNS.863 = t862.test +DNS.864 = t863.test +DNS.865 = t864.test +DNS.866 = t865.test +DNS.867 = t866.test +DNS.868 = t867.test +DNS.869 = t868.test +DNS.870 = t869.test +DNS.871 = t870.test +DNS.872 = t871.test +DNS.873 = t872.test +DNS.874 = t873.test +DNS.875 = t874.test +DNS.876 = t875.test +DNS.877 = t876.test +DNS.878 = t877.test +DNS.879 = t878.test +DNS.880 = t879.test +DNS.881 = t880.test +DNS.882 = t881.test +DNS.883 = t882.test +DNS.884 = t883.test +DNS.885 = t884.test +DNS.886 = t885.test +DNS.887 = t886.test +DNS.888 = t887.test +DNS.889 = t888.test +DNS.890 = t889.test +DNS.891 = t890.test +DNS.892 = t891.test +DNS.893 = t892.test +DNS.894 = t893.test +DNS.895 = t894.test +DNS.896 = t895.test +DNS.897 = t896.test +DNS.898 = t897.test +DNS.899 = t898.test +DNS.900 = t899.test +DNS.901 = t900.test +DNS.902 = t901.test +DNS.903 = t902.test +DNS.904 = t903.test +DNS.905 = t904.test +DNS.906 = t905.test +DNS.907 = t906.test +DNS.908 = t907.test +DNS.909 = t908.test +DNS.910 = t909.test +DNS.911 = t910.test +DNS.912 = t911.test +DNS.913 = t912.test +DNS.914 = t913.test +DNS.915 = t914.test +DNS.916 = t915.test +DNS.917 = t916.test +DNS.918 = t917.test +DNS.919 = t918.test +DNS.920 = t919.test +DNS.921 = t920.test +DNS.922 = t921.test +DNS.923 = t922.test +DNS.924 = t923.test +DNS.925 = t924.test +DNS.926 = t925.test +DNS.927 = t926.test +DNS.928 = t927.test +DNS.929 = t928.test +DNS.930 = t929.test +DNS.931 = t930.test +DNS.932 = t931.test +DNS.933 = t932.test +DNS.934 = t933.test +DNS.935 = t934.test +DNS.936 = t935.test +DNS.937 = t936.test +DNS.938 = t937.test +DNS.939 = t938.test +DNS.940 = t939.test +DNS.941 = t940.test +DNS.942 = t941.test +DNS.943 = t942.test +DNS.944 = t943.test +DNS.945 = t944.test +DNS.946 = t945.test +DNS.947 = t946.test +DNS.948 = t947.test +DNS.949 = t948.test +DNS.950 = t949.test +DNS.951 = t950.test +DNS.952 = t951.test +DNS.953 = t952.test +DNS.954 = t953.test +DNS.955 = t954.test +DNS.956 = t955.test +DNS.957 = t956.test +DNS.958 = t957.test +DNS.959 = t958.test +DNS.960 = t959.test +DNS.961 = t960.test +DNS.962 = t961.test +DNS.963 = t962.test +DNS.964 = t963.test +DNS.965 = t964.test +DNS.966 = t965.test +DNS.967 = t966.test +DNS.968 = t967.test +DNS.969 = t968.test +DNS.970 = t969.test +DNS.971 = t970.test +DNS.972 = t971.test +DNS.973 = t972.test +DNS.974 = t973.test +DNS.975 = t974.test +DNS.976 = t975.test +DNS.977 = t976.test +DNS.978 = t977.test +DNS.979 = t978.test +DNS.980 = t979.test +DNS.981 = t980.test +DNS.982 = t981.test +DNS.983 = t982.test +DNS.984 = t983.test +DNS.985 = t984.test +DNS.986 = t985.test +DNS.987 = t986.test +DNS.988 = t987.test +DNS.989 = t988.test +DNS.990 = t989.test +DNS.991 = t990.test +DNS.992 = t991.test +DNS.993 = t992.test +DNS.994 = t993.test +DNS.995 = t994.test +DNS.996 = t995.test +DNS.997 = t996.test +DNS.998 = t997.test +DNS.999 = t998.test +DNS.1000 = t999.test +DNS.1001 = t1000.test +DNS.1002 = t1001.test +DNS.1003 = t1002.test +DNS.1004 = t1003.test +DNS.1005 = t1004.test +DNS.1006 = t1005.test +DNS.1007 = t1006.test +DNS.1008 = t1007.test +DNS.1009 = t1008.test +DNS.1010 = t1009.test +DNS.1011 = t1010.test +DNS.1012 = t1011.test +DNS.1013 = t1012.test +DNS.1014 = t1013.test +DNS.1015 = t1014.test +DNS.1016 = t1015.test +DNS.1017 = t1016.test +DNS.1018 = t1017.test +DNS.1019 = t1018.test +DNS.1020 = t1019.test +DNS.1021 = t1020.test +DNS.1022 = t1021.test +DNS.1023 = t1022.test +DNS.1024 = t1023.test + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.csr new file mode 100644 index 0000000000..cddc484d4f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.csr @@ -0,0 +1,250 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIudDCCLVwCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggiwgMIIsHAYJKoZIhvcN +AQkOMYIsDTCCLAkwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNV +HREEgiuuMIIrqoIHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH +dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku +dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx +NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII +dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0 +ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl +c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu +dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz +OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII +dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0 +ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl +c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu +dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2 +Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII +dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0 +ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl +c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu +dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4 +Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII +dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0 +ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50 +ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC +CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw +OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl +c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ +dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy +LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz +dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0 +MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu +dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0 +ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx +NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50 +ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC +CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1 +Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl +c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ +dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw +LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz +dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0 +MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu +dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0 +ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx +OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50 +ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC +CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw +NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl +c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ +dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4 +LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz +dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0 +MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu +dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0 +ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy +NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50 +ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC +CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1 +My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRl +c3SCCXQyNTgudGVzdIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJ +dDI2Mi50ZXN0ggl0MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2 +LnRlc3SCCXQyNjcudGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVz +dIIJdDI3MS50ZXN0ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0 +Mjc1LnRlc3SCCXQyNzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzku +dGVzdIIJdDI4MC50ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0 +ggl0Mjg0LnRlc3SCCXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQy +ODgudGVzdIIJdDI4OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50 +ZXN0ggl0MjkzLnRlc3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SC +CXQyOTcudGVzdIIJdDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMw +MS50ZXN0ggl0MzAyLnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRl +c3SCCXQzMDYudGVzdIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJ +dDMxMC50ZXN0ggl0MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0 +LnRlc3SCCXQzMTUudGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVz +dIIJdDMxOS50ZXN0ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0 +MzIzLnRlc3SCCXQzMjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcu +dGVzdIIJdDMyOC50ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0 +ggl0MzMyLnRlc3SCCXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQz +MzYudGVzdIIJdDMzNy50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50 +ZXN0ggl0MzQxLnRlc3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SC +CXQzNDUudGVzdIIJdDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0 +OS50ZXN0ggl0MzUwLnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRl +c3SCCXQzNTQudGVzdIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJ +dDM1OC50ZXN0ggl0MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYy +LnRlc3SCCXQzNjMudGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVz +dIIJdDM2Ny50ZXN0ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0 +MzcxLnRlc3SCCXQzNzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUu +dGVzdIIJdDM3Ni50ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0 +ggl0MzgwLnRlc3SCCXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQz +ODQudGVzdIIJdDM4NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50 +ZXN0ggl0Mzg5LnRlc3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SC +CXQzOTMudGVzdIIJdDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5 +Ny50ZXN0ggl0Mzk4LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRl +c3SCCXQ0MDIudGVzdIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJ +dDQwNi50ZXN0ggl0NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEw +LnRlc3SCCXQ0MTEudGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVz +dIIJdDQxNS50ZXN0ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0 +NDE5LnRlc3SCCXQ0MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMu +dGVzdIIJdDQyNC50ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0 +ggl0NDI4LnRlc3SCCXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0 +MzIudGVzdIIJdDQzMy50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50 +ZXN0ggl0NDM3LnRlc3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SC +CXQ0NDEudGVzdIIJdDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0 +NS50ZXN0ggl0NDQ2LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRl +c3SCCXQ0NTAudGVzdIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJ +dDQ1NC50ZXN0ggl0NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4 +LnRlc3SCCXQ0NTkudGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVz +dIIJdDQ2My50ZXN0ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0 +NDY3LnRlc3SCCXQ0NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEu +dGVzdIIJdDQ3Mi50ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0 +ggl0NDc2LnRlc3SCCXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0 +ODAudGVzdIIJdDQ4MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50 +ZXN0ggl0NDg1LnRlc3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SC +CXQ0ODkudGVzdIIJdDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5 +My50ZXN0ggl0NDk0LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRl +c3SCCXQ0OTgudGVzdIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJ +dDUwMi50ZXN0ggl0NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2 +LnRlc3SCCXQ1MDcudGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVz +dIIJdDUxMS50ZXN0ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0 +NTE1LnRlc3SCCXQ1MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTku +dGVzdIIJdDUyMC50ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0 +ggl0NTI0LnRlc3SCCXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1 +MjgudGVzdIIJdDUyOS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50 +ZXN0ggl0NTMzLnRlc3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SC +CXQ1MzcudGVzdIIJdDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0 +MS50ZXN0ggl0NTQyLnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRl +c3SCCXQ1NDYudGVzdIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJ +dDU1MC50ZXN0ggl0NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0 +LnRlc3SCCXQ1NTUudGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVz +dIIJdDU1OS50ZXN0ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0 +NTYzLnRlc3SCCXQ1NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1Njcu +dGVzdIIJdDU2OC50ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0 +ggl0NTcyLnRlc3SCCXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1 +NzYudGVzdIIJdDU3Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50 +ZXN0ggl0NTgxLnRlc3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SC +CXQ1ODUudGVzdIIJdDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4 +OS50ZXN0ggl0NTkwLnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRl +c3SCCXQ1OTQudGVzdIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJ +dDU5OC50ZXN0ggl0NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAy +LnRlc3SCCXQ2MDMudGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVz +dIIJdDYwNy50ZXN0ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0 +NjExLnRlc3SCCXQ2MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUu +dGVzdIIJdDYxNi50ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0 +ggl0NjIwLnRlc3SCCXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2 +MjQudGVzdIIJdDYyNS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50 +ZXN0ggl0NjI5LnRlc3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SC +CXQ2MzMudGVzdIIJdDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYz +Ny50ZXN0ggl0NjM4LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRl +c3SCCXQ2NDIudGVzdIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJ +dDY0Ni50ZXN0ggl0NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUw +LnRlc3SCCXQ2NTEudGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVz +dIIJdDY1NS50ZXN0ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0 +NjU5LnRlc3SCCXQ2NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMu +dGVzdIIJdDY2NC50ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0 +ggl0NjY4LnRlc3SCCXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2 +NzIudGVzdIIJdDY3My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50 +ZXN0ggl0Njc3LnRlc3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SC +CXQ2ODEudGVzdIIJdDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4 +NS50ZXN0ggl0Njg2LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRl +c3SCCXQ2OTAudGVzdIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJ +dDY5NC50ZXN0ggl0Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4 +LnRlc3SCCXQ2OTkudGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVz +dIIJdDcwMy50ZXN0ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0 +NzA3LnRlc3SCCXQ3MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEu +dGVzdIIJdDcxMi50ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0 +ggl0NzE2LnRlc3SCCXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3 +MjAudGVzdIIJdDcyMS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50 +ZXN0ggl0NzI1LnRlc3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SC +CXQ3MjkudGVzdIIJdDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDcz +My50ZXN0ggl0NzM0LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRl +c3SCCXQ3MzgudGVzdIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJ +dDc0Mi50ZXN0ggl0NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2 +LnRlc3SCCXQ3NDcudGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVz +dIIJdDc1MS50ZXN0ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0 +NzU1LnRlc3SCCXQ3NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTku +dGVzdIIJdDc2MC50ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0 +ggl0NzY0LnRlc3SCCXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3 +NjgudGVzdIIJdDc2OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50 +ZXN0ggl0NzczLnRlc3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SC +CXQ3NzcudGVzdIIJdDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4 +MS50ZXN0ggl0NzgyLnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRl +c3SCCXQ3ODYudGVzdIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJ +dDc5MC50ZXN0ggl0NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0 +LnRlc3SCCXQ3OTUudGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVz +dIIJdDc5OS50ZXN0ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0 +ODAzLnRlc3SCCXQ4MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcu +dGVzdIIJdDgwOC50ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0 +ggl0ODEyLnRlc3SCCXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4 +MTYudGVzdIIJdDgxNy50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50 +ZXN0ggl0ODIxLnRlc3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SC +CXQ4MjUudGVzdIIJdDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgy +OS50ZXN0ggl0ODMwLnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRl +c3SCCXQ4MzQudGVzdIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJ +dDgzOC50ZXN0ggl0ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQy +LnRlc3SCCXQ4NDMudGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVz +dIIJdDg0Ny50ZXN0ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0 +ODUxLnRlc3SCCXQ4NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUu +dGVzdIIJdDg1Ni50ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0 +ggl0ODYwLnRlc3SCCXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4 +NjQudGVzdIIJdDg2NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50 +ZXN0ggl0ODY5LnRlc3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SC +CXQ4NzMudGVzdIIJdDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3 +Ny50ZXN0ggl0ODc4LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRl +c3SCCXQ4ODIudGVzdIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJ +dDg4Ni50ZXN0ggl0ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkw +LnRlc3SCCXQ4OTEudGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVz +dIIJdDg5NS50ZXN0ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0 +ODk5LnRlc3SCCXQ5MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMu +dGVzdIIJdDkwNC50ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0 +ggl0OTA4LnRlc3SCCXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5 +MTIudGVzdIIJdDkxMy50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50 +ZXN0ggl0OTE3LnRlc3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SC +CXQ5MjEudGVzdIIJdDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDky +NS50ZXN0ggl0OTI2LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRl +c3SCCXQ5MzAudGVzdIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJ +dDkzNC50ZXN0ggl0OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4 +LnRlc3SCCXQ5MzkudGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVz +dIIJdDk0My50ZXN0ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0 +OTQ3LnRlc3SCCXQ5NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEu +dGVzdIIJdDk1Mi50ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0 +ggl0OTU2LnRlc3SCCXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5 +NjAudGVzdIIJdDk2MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50 +ZXN0ggl0OTY1LnRlc3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SC +CXQ5NjkudGVzdIIJdDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3 +My50ZXN0ggl0OTc0LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRl +c3SCCXQ5NzgudGVzdIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJ +dDk4Mi50ZXN0ggl0OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2 +LnRlc3SCCXQ5ODcudGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVz +dIIJdDk5MS50ZXN0ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0 +OTk1LnRlc3SCCXQ5OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTku +dGVzdIIKdDEwMDAudGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMu +dGVzdIIKdDEwMDQudGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcu +dGVzdIIKdDEwMDgudGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEu +dGVzdIIKdDEwMTIudGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUu +dGVzdIIKdDEwMTYudGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTku +dGVzdIIKdDEwMjAudGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMu +dGVzdDANBgkqhkiG9w0BAQsFAAOCAQEA0o00q1HNbJjS3Ssi+w5XIhTU4OEwH97f +BmAr/vddshl6urTb7BJf9Qf/kfzrN1TiJ7IA5wMoYXfeGZ9vH6PJpvWVXIcphSeE +GEzAFbpXGCW0710ar62X4Jwd70X61zqRQrEzJPzhtfixhcNIAH9wakSDHlQeEoys +l94K0JE4eM+I2kAGAk8pXp0htxrG47tW2vrJL7YY9O/dwc/qo5wyjY0amsu6YW2f +snkIM7OonB77X6i4rWuDKxxbovpQPRbY5qWKWPT7A++E9TUFQZqhGqcUEDK4iN5l +0ac9ppAG7me4/mzcDzABHFe2buy3gioN16PmRkvjAg+BnYTlT6oiFQ== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.pem new file mode 100644 index 0000000000..7afb574bfc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_2.pem @@ -0,0 +1,325 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + 74:b3:46:3e:05:7e:b3:03:85:e3:32:be:81:d2:63:14:24:b1: + 6d:3a:24:e1:79:b7:68:99:15:33:d9:63:6d:8b:b3:63:a5:a3: + a8:1d:c5:05:89:7d:5e:00:2e:16:9d:b3:7e:e3:d6:8b:ec:3b: + e6:00:e3:74:e9:d3:53:89:ee:33:54:c0:19:41:9f:35:62:41: + 32:87:21:e7:84:44:ca:21:2a:f8:33:33:f5:92:39:37:a3:3e: + 43:42:52:16:81:c3:6e:ce:71:d9:d9:4e:be:ee:87:14:39:7b: + 2a:13:67:85:e0:72:b9:05:b7:75:6a:4a:86:f4:bf:9a:67:19: + 75:7c:e6:01:da:42:13:58:ad:f9:1f:d1:63:a5:8c:27:fd:48: + 04:ca:b9:b7:4a:b5:62:12:ad:0f:0b:6f:ba:7f:d1:c4:1f:b6: + c0:6a:c6:88:d5:1b:3d:bd:64:34:fa:44:89:ad:05:47:4c:ac: + dd:72:2f:7c:fa:34:71:bb:41:f0:43:7d:97:3f:29:00:de:ab: + 4c:f7:cc:2b:ca:80:fb:2a:fb:34:81:5a:73:7b:77:da:54:5b: + 1e:09:3c:31:8d:7e:ed:c2:af:48:19:59:fd:59:68:56:c9:f5: + 3a:2d:ac:0f:57:6e:f1:ee:89:ea:69:71:d2:7a:ee:ee:9f:f6: + cc:15:7f:20 +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAdLNGPgV+swOF4zK+gdJjFCSxbTok4Xm3aJkVM9ljbYuzY6Wj +qB3FBYl9XgAuFp2zfuPWi+w75gDjdOnTU4nuM1TAGUGfNWJBMoch54REyiEq+DMz +9ZI5N6M+Q0JSFoHDbs5x2dlOvu6HFDl7KhNnheByuQW3dWpKhvS/mmcZdXzmAdpC +E1it+R/RY6WMJ/1IBMq5t0q1YhKtDwtvun/RxB+2wGrGiNUbPb1kNPpEia0FR0ys +3XIvfPo0cbtB8EN9lz8pAN6rTPfMK8qA+yr7NIFac3t32lRbHgk8MY1+7cKvSBlZ +/VloVsn1Oi2sD1du8e6J6mlx0nru7p/2zBV/IA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.cnf new file mode 100644 index 0000000000..03ea2c8255 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.cnf @@ -0,0 +1,1091 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_3.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +IP.1 = 10.0.0.0 +IP.2 = 10.0.0.1 +IP.3 = 10.0.0.2 +IP.4 = 10.0.0.3 +IP.5 = 10.0.0.4 +IP.6 = 10.0.0.5 +IP.7 = 10.0.0.6 +IP.8 = 10.0.0.7 +IP.9 = 10.0.0.8 +IP.10 = 10.0.0.9 +IP.11 = 10.0.0.10 +IP.12 = 10.0.0.11 +IP.13 = 10.0.0.12 +IP.14 = 10.0.0.13 +IP.15 = 10.0.0.14 +IP.16 = 10.0.0.15 +IP.17 = 10.0.0.16 +IP.18 = 10.0.0.17 +IP.19 = 10.0.0.18 +IP.20 = 10.0.0.19 +IP.21 = 10.0.0.20 +IP.22 = 10.0.0.21 +IP.23 = 10.0.0.22 +IP.24 = 10.0.0.23 +IP.25 = 10.0.0.24 +IP.26 = 10.0.0.25 +IP.27 = 10.0.0.26 +IP.28 = 10.0.0.27 +IP.29 = 10.0.0.28 +IP.30 = 10.0.0.29 +IP.31 = 10.0.0.30 +IP.32 = 10.0.0.31 +IP.33 = 10.0.0.32 +IP.34 = 10.0.0.33 +IP.35 = 10.0.0.34 +IP.36 = 10.0.0.35 +IP.37 = 10.0.0.36 +IP.38 = 10.0.0.37 +IP.39 = 10.0.0.38 +IP.40 = 10.0.0.39 +IP.41 = 10.0.0.40 +IP.42 = 10.0.0.41 +IP.43 = 10.0.0.42 +IP.44 = 10.0.0.43 +IP.45 = 10.0.0.44 +IP.46 = 10.0.0.45 +IP.47 = 10.0.0.46 +IP.48 = 10.0.0.47 +IP.49 = 10.0.0.48 +IP.50 = 10.0.0.49 +IP.51 = 10.0.0.50 +IP.52 = 10.0.0.51 +IP.53 = 10.0.0.52 +IP.54 = 10.0.0.53 +IP.55 = 10.0.0.54 +IP.56 = 10.0.0.55 +IP.57 = 10.0.0.56 +IP.58 = 10.0.0.57 +IP.59 = 10.0.0.58 +IP.60 = 10.0.0.59 +IP.61 = 10.0.0.60 +IP.62 = 10.0.0.61 +IP.63 = 10.0.0.62 +IP.64 = 10.0.0.63 +IP.65 = 10.0.0.64 +IP.66 = 10.0.0.65 +IP.67 = 10.0.0.66 +IP.68 = 10.0.0.67 +IP.69 = 10.0.0.68 +IP.70 = 10.0.0.69 +IP.71 = 10.0.0.70 +IP.72 = 10.0.0.71 +IP.73 = 10.0.0.72 +IP.74 = 10.0.0.73 +IP.75 = 10.0.0.74 +IP.76 = 10.0.0.75 +IP.77 = 10.0.0.76 +IP.78 = 10.0.0.77 +IP.79 = 10.0.0.78 +IP.80 = 10.0.0.79 +IP.81 = 10.0.0.80 +IP.82 = 10.0.0.81 +IP.83 = 10.0.0.82 +IP.84 = 10.0.0.83 +IP.85 = 10.0.0.84 +IP.86 = 10.0.0.85 +IP.87 = 10.0.0.86 +IP.88 = 10.0.0.87 +IP.89 = 10.0.0.88 +IP.90 = 10.0.0.89 +IP.91 = 10.0.0.90 +IP.92 = 10.0.0.91 +IP.93 = 10.0.0.92 +IP.94 = 10.0.0.93 +IP.95 = 10.0.0.94 +IP.96 = 10.0.0.95 +IP.97 = 10.0.0.96 +IP.98 = 10.0.0.97 +IP.99 = 10.0.0.98 +IP.100 = 10.0.0.99 +IP.101 = 10.0.0.100 +IP.102 = 10.0.0.101 +IP.103 = 10.0.0.102 +IP.104 = 10.0.0.103 +IP.105 = 10.0.0.104 +IP.106 = 10.0.0.105 +IP.107 = 10.0.0.106 +IP.108 = 10.0.0.107 +IP.109 = 10.0.0.108 +IP.110 = 10.0.0.109 +IP.111 = 10.0.0.110 +IP.112 = 10.0.0.111 +IP.113 = 10.0.0.112 +IP.114 = 10.0.0.113 +IP.115 = 10.0.0.114 +IP.116 = 10.0.0.115 +IP.117 = 10.0.0.116 +IP.118 = 10.0.0.117 +IP.119 = 10.0.0.118 +IP.120 = 10.0.0.119 +IP.121 = 10.0.0.120 +IP.122 = 10.0.0.121 +IP.123 = 10.0.0.122 +IP.124 = 10.0.0.123 +IP.125 = 10.0.0.124 +IP.126 = 10.0.0.125 +IP.127 = 10.0.0.126 +IP.128 = 10.0.0.127 +IP.129 = 10.0.0.128 +IP.130 = 10.0.0.129 +IP.131 = 10.0.0.130 +IP.132 = 10.0.0.131 +IP.133 = 10.0.0.132 +IP.134 = 10.0.0.133 +IP.135 = 10.0.0.134 +IP.136 = 10.0.0.135 +IP.137 = 10.0.0.136 +IP.138 = 10.0.0.137 +IP.139 = 10.0.0.138 +IP.140 = 10.0.0.139 +IP.141 = 10.0.0.140 +IP.142 = 10.0.0.141 +IP.143 = 10.0.0.142 +IP.144 = 10.0.0.143 +IP.145 = 10.0.0.144 +IP.146 = 10.0.0.145 +IP.147 = 10.0.0.146 +IP.148 = 10.0.0.147 +IP.149 = 10.0.0.148 +IP.150 = 10.0.0.149 +IP.151 = 10.0.0.150 +IP.152 = 10.0.0.151 +IP.153 = 10.0.0.152 +IP.154 = 10.0.0.153 +IP.155 = 10.0.0.154 +IP.156 = 10.0.0.155 +IP.157 = 10.0.0.156 +IP.158 = 10.0.0.157 +IP.159 = 10.0.0.158 +IP.160 = 10.0.0.159 +IP.161 = 10.0.0.160 +IP.162 = 10.0.0.161 +IP.163 = 10.0.0.162 +IP.164 = 10.0.0.163 +IP.165 = 10.0.0.164 +IP.166 = 10.0.0.165 +IP.167 = 10.0.0.166 +IP.168 = 10.0.0.167 +IP.169 = 10.0.0.168 +IP.170 = 10.0.0.169 +IP.171 = 10.0.0.170 +IP.172 = 10.0.0.171 +IP.173 = 10.0.0.172 +IP.174 = 10.0.0.173 +IP.175 = 10.0.0.174 +IP.176 = 10.0.0.175 +IP.177 = 10.0.0.176 +IP.178 = 10.0.0.177 +IP.179 = 10.0.0.178 +IP.180 = 10.0.0.179 +IP.181 = 10.0.0.180 +IP.182 = 10.0.0.181 +IP.183 = 10.0.0.182 +IP.184 = 10.0.0.183 +IP.185 = 10.0.0.184 +IP.186 = 10.0.0.185 +IP.187 = 10.0.0.186 +IP.188 = 10.0.0.187 +IP.189 = 10.0.0.188 +IP.190 = 10.0.0.189 +IP.191 = 10.0.0.190 +IP.192 = 10.0.0.191 +IP.193 = 10.0.0.192 +IP.194 = 10.0.0.193 +IP.195 = 10.0.0.194 +IP.196 = 10.0.0.195 +IP.197 = 10.0.0.196 +IP.198 = 10.0.0.197 +IP.199 = 10.0.0.198 +IP.200 = 10.0.0.199 +IP.201 = 10.0.0.200 +IP.202 = 10.0.0.201 +IP.203 = 10.0.0.202 +IP.204 = 10.0.0.203 +IP.205 = 10.0.0.204 +IP.206 = 10.0.0.205 +IP.207 = 10.0.0.206 +IP.208 = 10.0.0.207 +IP.209 = 10.0.0.208 +IP.210 = 10.0.0.209 +IP.211 = 10.0.0.210 +IP.212 = 10.0.0.211 +IP.213 = 10.0.0.212 +IP.214 = 10.0.0.213 +IP.215 = 10.0.0.214 +IP.216 = 10.0.0.215 +IP.217 = 10.0.0.216 +IP.218 = 10.0.0.217 +IP.219 = 10.0.0.218 +IP.220 = 10.0.0.219 +IP.221 = 10.0.0.220 +IP.222 = 10.0.0.221 +IP.223 = 10.0.0.222 +IP.224 = 10.0.0.223 +IP.225 = 10.0.0.224 +IP.226 = 10.0.0.225 +IP.227 = 10.0.0.226 +IP.228 = 10.0.0.227 +IP.229 = 10.0.0.228 +IP.230 = 10.0.0.229 +IP.231 = 10.0.0.230 +IP.232 = 10.0.0.231 +IP.233 = 10.0.0.232 +IP.234 = 10.0.0.233 +IP.235 = 10.0.0.234 +IP.236 = 10.0.0.235 +IP.237 = 10.0.0.236 +IP.238 = 10.0.0.237 +IP.239 = 10.0.0.238 +IP.240 = 10.0.0.239 +IP.241 = 10.0.0.240 +IP.242 = 10.0.0.241 +IP.243 = 10.0.0.242 +IP.244 = 10.0.0.243 +IP.245 = 10.0.0.244 +IP.246 = 10.0.0.245 +IP.247 = 10.0.0.246 +IP.248 = 10.0.0.247 +IP.249 = 10.0.0.248 +IP.250 = 10.0.0.249 +IP.251 = 10.0.0.250 +IP.252 = 10.0.0.251 +IP.253 = 10.0.0.252 +IP.254 = 10.0.0.253 +IP.255 = 10.0.0.254 +IP.256 = 10.0.0.255 +IP.257 = 10.0.1.0 +IP.258 = 10.0.1.1 +IP.259 = 10.0.1.2 +IP.260 = 10.0.1.3 +IP.261 = 10.0.1.4 +IP.262 = 10.0.1.5 +IP.263 = 10.0.1.6 +IP.264 = 10.0.1.7 +IP.265 = 10.0.1.8 +IP.266 = 10.0.1.9 +IP.267 = 10.0.1.10 +IP.268 = 10.0.1.11 +IP.269 = 10.0.1.12 +IP.270 = 10.0.1.13 +IP.271 = 10.0.1.14 +IP.272 = 10.0.1.15 +IP.273 = 10.0.1.16 +IP.274 = 10.0.1.17 +IP.275 = 10.0.1.18 +IP.276 = 10.0.1.19 +IP.277 = 10.0.1.20 +IP.278 = 10.0.1.21 +IP.279 = 10.0.1.22 +IP.280 = 10.0.1.23 +IP.281 = 10.0.1.24 +IP.282 = 10.0.1.25 +IP.283 = 10.0.1.26 +IP.284 = 10.0.1.27 +IP.285 = 10.0.1.28 +IP.286 = 10.0.1.29 +IP.287 = 10.0.1.30 +IP.288 = 10.0.1.31 +IP.289 = 10.0.1.32 +IP.290 = 10.0.1.33 +IP.291 = 10.0.1.34 +IP.292 = 10.0.1.35 +IP.293 = 10.0.1.36 +IP.294 = 10.0.1.37 +IP.295 = 10.0.1.38 +IP.296 = 10.0.1.39 +IP.297 = 10.0.1.40 +IP.298 = 10.0.1.41 +IP.299 = 10.0.1.42 +IP.300 = 10.0.1.43 +IP.301 = 10.0.1.44 +IP.302 = 10.0.1.45 +IP.303 = 10.0.1.46 +IP.304 = 10.0.1.47 +IP.305 = 10.0.1.48 +IP.306 = 10.0.1.49 +IP.307 = 10.0.1.50 +IP.308 = 10.0.1.51 +IP.309 = 10.0.1.52 +IP.310 = 10.0.1.53 +IP.311 = 10.0.1.54 +IP.312 = 10.0.1.55 +IP.313 = 10.0.1.56 +IP.314 = 10.0.1.57 +IP.315 = 10.0.1.58 +IP.316 = 10.0.1.59 +IP.317 = 10.0.1.60 +IP.318 = 10.0.1.61 +IP.319 = 10.0.1.62 +IP.320 = 10.0.1.63 +IP.321 = 10.0.1.64 +IP.322 = 10.0.1.65 +IP.323 = 10.0.1.66 +IP.324 = 10.0.1.67 +IP.325 = 10.0.1.68 +IP.326 = 10.0.1.69 +IP.327 = 10.0.1.70 +IP.328 = 10.0.1.71 +IP.329 = 10.0.1.72 +IP.330 = 10.0.1.73 +IP.331 = 10.0.1.74 +IP.332 = 10.0.1.75 +IP.333 = 10.0.1.76 +IP.334 = 10.0.1.77 +IP.335 = 10.0.1.78 +IP.336 = 10.0.1.79 +IP.337 = 10.0.1.80 +IP.338 = 10.0.1.81 +IP.339 = 10.0.1.82 +IP.340 = 10.0.1.83 +IP.341 = 10.0.1.84 +IP.342 = 10.0.1.85 +IP.343 = 10.0.1.86 +IP.344 = 10.0.1.87 +IP.345 = 10.0.1.88 +IP.346 = 10.0.1.89 +IP.347 = 10.0.1.90 +IP.348 = 10.0.1.91 +IP.349 = 10.0.1.92 +IP.350 = 10.0.1.93 +IP.351 = 10.0.1.94 +IP.352 = 10.0.1.95 +IP.353 = 10.0.1.96 +IP.354 = 10.0.1.97 +IP.355 = 10.0.1.98 +IP.356 = 10.0.1.99 +IP.357 = 10.0.1.100 +IP.358 = 10.0.1.101 +IP.359 = 10.0.1.102 +IP.360 = 10.0.1.103 +IP.361 = 10.0.1.104 +IP.362 = 10.0.1.105 +IP.363 = 10.0.1.106 +IP.364 = 10.0.1.107 +IP.365 = 10.0.1.108 +IP.366 = 10.0.1.109 +IP.367 = 10.0.1.110 +IP.368 = 10.0.1.111 +IP.369 = 10.0.1.112 +IP.370 = 10.0.1.113 +IP.371 = 10.0.1.114 +IP.372 = 10.0.1.115 +IP.373 = 10.0.1.116 +IP.374 = 10.0.1.117 +IP.375 = 10.0.1.118 +IP.376 = 10.0.1.119 +IP.377 = 10.0.1.120 +IP.378 = 10.0.1.121 +IP.379 = 10.0.1.122 +IP.380 = 10.0.1.123 +IP.381 = 10.0.1.124 +IP.382 = 10.0.1.125 +IP.383 = 10.0.1.126 +IP.384 = 10.0.1.127 +IP.385 = 10.0.1.128 +IP.386 = 10.0.1.129 +IP.387 = 10.0.1.130 +IP.388 = 10.0.1.131 +IP.389 = 10.0.1.132 +IP.390 = 10.0.1.133 +IP.391 = 10.0.1.134 +IP.392 = 10.0.1.135 +IP.393 = 10.0.1.136 +IP.394 = 10.0.1.137 +IP.395 = 10.0.1.138 +IP.396 = 10.0.1.139 +IP.397 = 10.0.1.140 +IP.398 = 10.0.1.141 +IP.399 = 10.0.1.142 +IP.400 = 10.0.1.143 +IP.401 = 10.0.1.144 +IP.402 = 10.0.1.145 +IP.403 = 10.0.1.146 +IP.404 = 10.0.1.147 +IP.405 = 10.0.1.148 +IP.406 = 10.0.1.149 +IP.407 = 10.0.1.150 +IP.408 = 10.0.1.151 +IP.409 = 10.0.1.152 +IP.410 = 10.0.1.153 +IP.411 = 10.0.1.154 +IP.412 = 10.0.1.155 +IP.413 = 10.0.1.156 +IP.414 = 10.0.1.157 +IP.415 = 10.0.1.158 +IP.416 = 10.0.1.159 +IP.417 = 10.0.1.160 +IP.418 = 10.0.1.161 +IP.419 = 10.0.1.162 +IP.420 = 10.0.1.163 +IP.421 = 10.0.1.164 +IP.422 = 10.0.1.165 +IP.423 = 10.0.1.166 +IP.424 = 10.0.1.167 +IP.425 = 10.0.1.168 +IP.426 = 10.0.1.169 +IP.427 = 10.0.1.170 +IP.428 = 10.0.1.171 +IP.429 = 10.0.1.172 +IP.430 = 10.0.1.173 +IP.431 = 10.0.1.174 +IP.432 = 10.0.1.175 +IP.433 = 10.0.1.176 +IP.434 = 10.0.1.177 +IP.435 = 10.0.1.178 +IP.436 = 10.0.1.179 +IP.437 = 10.0.1.180 +IP.438 = 10.0.1.181 +IP.439 = 10.0.1.182 +IP.440 = 10.0.1.183 +IP.441 = 10.0.1.184 +IP.442 = 10.0.1.185 +IP.443 = 10.0.1.186 +IP.444 = 10.0.1.187 +IP.445 = 10.0.1.188 +IP.446 = 10.0.1.189 +IP.447 = 10.0.1.190 +IP.448 = 10.0.1.191 +IP.449 = 10.0.1.192 +IP.450 = 10.0.1.193 +IP.451 = 10.0.1.194 +IP.452 = 10.0.1.195 +IP.453 = 10.0.1.196 +IP.454 = 10.0.1.197 +IP.455 = 10.0.1.198 +IP.456 = 10.0.1.199 +IP.457 = 10.0.1.200 +IP.458 = 10.0.1.201 +IP.459 = 10.0.1.202 +IP.460 = 10.0.1.203 +IP.461 = 10.0.1.204 +IP.462 = 10.0.1.205 +IP.463 = 10.0.1.206 +IP.464 = 10.0.1.207 +IP.465 = 10.0.1.208 +IP.466 = 10.0.1.209 +IP.467 = 10.0.1.210 +IP.468 = 10.0.1.211 +IP.469 = 10.0.1.212 +IP.470 = 10.0.1.213 +IP.471 = 10.0.1.214 +IP.472 = 10.0.1.215 +IP.473 = 10.0.1.216 +IP.474 = 10.0.1.217 +IP.475 = 10.0.1.218 +IP.476 = 10.0.1.219 +IP.477 = 10.0.1.220 +IP.478 = 10.0.1.221 +IP.479 = 10.0.1.222 +IP.480 = 10.0.1.223 +IP.481 = 10.0.1.224 +IP.482 = 10.0.1.225 +IP.483 = 10.0.1.226 +IP.484 = 10.0.1.227 +IP.485 = 10.0.1.228 +IP.486 = 10.0.1.229 +IP.487 = 10.0.1.230 +IP.488 = 10.0.1.231 +IP.489 = 10.0.1.232 +IP.490 = 10.0.1.233 +IP.491 = 10.0.1.234 +IP.492 = 10.0.1.235 +IP.493 = 10.0.1.236 +IP.494 = 10.0.1.237 +IP.495 = 10.0.1.238 +IP.496 = 10.0.1.239 +IP.497 = 10.0.1.240 +IP.498 = 10.0.1.241 +IP.499 = 10.0.1.242 +IP.500 = 10.0.1.243 +IP.501 = 10.0.1.244 +IP.502 = 10.0.1.245 +IP.503 = 10.0.1.246 +IP.504 = 10.0.1.247 +IP.505 = 10.0.1.248 +IP.506 = 10.0.1.249 +IP.507 = 10.0.1.250 +IP.508 = 10.0.1.251 +IP.509 = 10.0.1.252 +IP.510 = 10.0.1.253 +IP.511 = 10.0.1.254 +IP.512 = 10.0.1.255 +IP.513 = 10.0.2.0 +IP.514 = 10.0.2.1 +IP.515 = 10.0.2.2 +IP.516 = 10.0.2.3 +IP.517 = 10.0.2.4 +IP.518 = 10.0.2.5 +IP.519 = 10.0.2.6 +IP.520 = 10.0.2.7 +IP.521 = 10.0.2.8 +IP.522 = 10.0.2.9 +IP.523 = 10.0.2.10 +IP.524 = 10.0.2.11 +IP.525 = 10.0.2.12 +IP.526 = 10.0.2.13 +IP.527 = 10.0.2.14 +IP.528 = 10.0.2.15 +IP.529 = 10.0.2.16 +IP.530 = 10.0.2.17 +IP.531 = 10.0.2.18 +IP.532 = 10.0.2.19 +IP.533 = 10.0.2.20 +IP.534 = 10.0.2.21 +IP.535 = 10.0.2.22 +IP.536 = 10.0.2.23 +IP.537 = 10.0.2.24 +IP.538 = 10.0.2.25 +IP.539 = 10.0.2.26 +IP.540 = 10.0.2.27 +IP.541 = 10.0.2.28 +IP.542 = 10.0.2.29 +IP.543 = 10.0.2.30 +IP.544 = 10.0.2.31 +IP.545 = 10.0.2.32 +IP.546 = 10.0.2.33 +IP.547 = 10.0.2.34 +IP.548 = 10.0.2.35 +IP.549 = 10.0.2.36 +IP.550 = 10.0.2.37 +IP.551 = 10.0.2.38 +IP.552 = 10.0.2.39 +IP.553 = 10.0.2.40 +IP.554 = 10.0.2.41 +IP.555 = 10.0.2.42 +IP.556 = 10.0.2.43 +IP.557 = 10.0.2.44 +IP.558 = 10.0.2.45 +IP.559 = 10.0.2.46 +IP.560 = 10.0.2.47 +IP.561 = 10.0.2.48 +IP.562 = 10.0.2.49 +IP.563 = 10.0.2.50 +IP.564 = 10.0.2.51 +IP.565 = 10.0.2.52 +IP.566 = 10.0.2.53 +IP.567 = 10.0.2.54 +IP.568 = 10.0.2.55 +IP.569 = 10.0.2.56 +IP.570 = 10.0.2.57 +IP.571 = 10.0.2.58 +IP.572 = 10.0.2.59 +IP.573 = 10.0.2.60 +IP.574 = 10.0.2.61 +IP.575 = 10.0.2.62 +IP.576 = 10.0.2.63 +IP.577 = 10.0.2.64 +IP.578 = 10.0.2.65 +IP.579 = 10.0.2.66 +IP.580 = 10.0.2.67 +IP.581 = 10.0.2.68 +IP.582 = 10.0.2.69 +IP.583 = 10.0.2.70 +IP.584 = 10.0.2.71 +IP.585 = 10.0.2.72 +IP.586 = 10.0.2.73 +IP.587 = 10.0.2.74 +IP.588 = 10.0.2.75 +IP.589 = 10.0.2.76 +IP.590 = 10.0.2.77 +IP.591 = 10.0.2.78 +IP.592 = 10.0.2.79 +IP.593 = 10.0.2.80 +IP.594 = 10.0.2.81 +IP.595 = 10.0.2.82 +IP.596 = 10.0.2.83 +IP.597 = 10.0.2.84 +IP.598 = 10.0.2.85 +IP.599 = 10.0.2.86 +IP.600 = 10.0.2.87 +IP.601 = 10.0.2.88 +IP.602 = 10.0.2.89 +IP.603 = 10.0.2.90 +IP.604 = 10.0.2.91 +IP.605 = 10.0.2.92 +IP.606 = 10.0.2.93 +IP.607 = 10.0.2.94 +IP.608 = 10.0.2.95 +IP.609 = 10.0.2.96 +IP.610 = 10.0.2.97 +IP.611 = 10.0.2.98 +IP.612 = 10.0.2.99 +IP.613 = 10.0.2.100 +IP.614 = 10.0.2.101 +IP.615 = 10.0.2.102 +IP.616 = 10.0.2.103 +IP.617 = 10.0.2.104 +IP.618 = 10.0.2.105 +IP.619 = 10.0.2.106 +IP.620 = 10.0.2.107 +IP.621 = 10.0.2.108 +IP.622 = 10.0.2.109 +IP.623 = 10.0.2.110 +IP.624 = 10.0.2.111 +IP.625 = 10.0.2.112 +IP.626 = 10.0.2.113 +IP.627 = 10.0.2.114 +IP.628 = 10.0.2.115 +IP.629 = 10.0.2.116 +IP.630 = 10.0.2.117 +IP.631 = 10.0.2.118 +IP.632 = 10.0.2.119 +IP.633 = 10.0.2.120 +IP.634 = 10.0.2.121 +IP.635 = 10.0.2.122 +IP.636 = 10.0.2.123 +IP.637 = 10.0.2.124 +IP.638 = 10.0.2.125 +IP.639 = 10.0.2.126 +IP.640 = 10.0.2.127 +IP.641 = 10.0.2.128 +IP.642 = 10.0.2.129 +IP.643 = 10.0.2.130 +IP.644 = 10.0.2.131 +IP.645 = 10.0.2.132 +IP.646 = 10.0.2.133 +IP.647 = 10.0.2.134 +IP.648 = 10.0.2.135 +IP.649 = 10.0.2.136 +IP.650 = 10.0.2.137 +IP.651 = 10.0.2.138 +IP.652 = 10.0.2.139 +IP.653 = 10.0.2.140 +IP.654 = 10.0.2.141 +IP.655 = 10.0.2.142 +IP.656 = 10.0.2.143 +IP.657 = 10.0.2.144 +IP.658 = 10.0.2.145 +IP.659 = 10.0.2.146 +IP.660 = 10.0.2.147 +IP.661 = 10.0.2.148 +IP.662 = 10.0.2.149 +IP.663 = 10.0.2.150 +IP.664 = 10.0.2.151 +IP.665 = 10.0.2.152 +IP.666 = 10.0.2.153 +IP.667 = 10.0.2.154 +IP.668 = 10.0.2.155 +IP.669 = 10.0.2.156 +IP.670 = 10.0.2.157 +IP.671 = 10.0.2.158 +IP.672 = 10.0.2.159 +IP.673 = 10.0.2.160 +IP.674 = 10.0.2.161 +IP.675 = 10.0.2.162 +IP.676 = 10.0.2.163 +IP.677 = 10.0.2.164 +IP.678 = 10.0.2.165 +IP.679 = 10.0.2.166 +IP.680 = 10.0.2.167 +IP.681 = 10.0.2.168 +IP.682 = 10.0.2.169 +IP.683 = 10.0.2.170 +IP.684 = 10.0.2.171 +IP.685 = 10.0.2.172 +IP.686 = 10.0.2.173 +IP.687 = 10.0.2.174 +IP.688 = 10.0.2.175 +IP.689 = 10.0.2.176 +IP.690 = 10.0.2.177 +IP.691 = 10.0.2.178 +IP.692 = 10.0.2.179 +IP.693 = 10.0.2.180 +IP.694 = 10.0.2.181 +IP.695 = 10.0.2.182 +IP.696 = 10.0.2.183 +IP.697 = 10.0.2.184 +IP.698 = 10.0.2.185 +IP.699 = 10.0.2.186 +IP.700 = 10.0.2.187 +IP.701 = 10.0.2.188 +IP.702 = 10.0.2.189 +IP.703 = 10.0.2.190 +IP.704 = 10.0.2.191 +IP.705 = 10.0.2.192 +IP.706 = 10.0.2.193 +IP.707 = 10.0.2.194 +IP.708 = 10.0.2.195 +IP.709 = 10.0.2.196 +IP.710 = 10.0.2.197 +IP.711 = 10.0.2.198 +IP.712 = 10.0.2.199 +IP.713 = 10.0.2.200 +IP.714 = 10.0.2.201 +IP.715 = 10.0.2.202 +IP.716 = 10.0.2.203 +IP.717 = 10.0.2.204 +IP.718 = 10.0.2.205 +IP.719 = 10.0.2.206 +IP.720 = 10.0.2.207 +IP.721 = 10.0.2.208 +IP.722 = 10.0.2.209 +IP.723 = 10.0.2.210 +IP.724 = 10.0.2.211 +IP.725 = 10.0.2.212 +IP.726 = 10.0.2.213 +IP.727 = 10.0.2.214 +IP.728 = 10.0.2.215 +IP.729 = 10.0.2.216 +IP.730 = 10.0.2.217 +IP.731 = 10.0.2.218 +IP.732 = 10.0.2.219 +IP.733 = 10.0.2.220 +IP.734 = 10.0.2.221 +IP.735 = 10.0.2.222 +IP.736 = 10.0.2.223 +IP.737 = 10.0.2.224 +IP.738 = 10.0.2.225 +IP.739 = 10.0.2.226 +IP.740 = 10.0.2.227 +IP.741 = 10.0.2.228 +IP.742 = 10.0.2.229 +IP.743 = 10.0.2.230 +IP.744 = 10.0.2.231 +IP.745 = 10.0.2.232 +IP.746 = 10.0.2.233 +IP.747 = 10.0.2.234 +IP.748 = 10.0.2.235 +IP.749 = 10.0.2.236 +IP.750 = 10.0.2.237 +IP.751 = 10.0.2.238 +IP.752 = 10.0.2.239 +IP.753 = 10.0.2.240 +IP.754 = 10.0.2.241 +IP.755 = 10.0.2.242 +IP.756 = 10.0.2.243 +IP.757 = 10.0.2.244 +IP.758 = 10.0.2.245 +IP.759 = 10.0.2.246 +IP.760 = 10.0.2.247 +IP.761 = 10.0.2.248 +IP.762 = 10.0.2.249 +IP.763 = 10.0.2.250 +IP.764 = 10.0.2.251 +IP.765 = 10.0.2.252 +IP.766 = 10.0.2.253 +IP.767 = 10.0.2.254 +IP.768 = 10.0.2.255 +IP.769 = 10.0.3.0 +IP.770 = 10.0.3.1 +IP.771 = 10.0.3.2 +IP.772 = 10.0.3.3 +IP.773 = 10.0.3.4 +IP.774 = 10.0.3.5 +IP.775 = 10.0.3.6 +IP.776 = 10.0.3.7 +IP.777 = 10.0.3.8 +IP.778 = 10.0.3.9 +IP.779 = 10.0.3.10 +IP.780 = 10.0.3.11 +IP.781 = 10.0.3.12 +IP.782 = 10.0.3.13 +IP.783 = 10.0.3.14 +IP.784 = 10.0.3.15 +IP.785 = 10.0.3.16 +IP.786 = 10.0.3.17 +IP.787 = 10.0.3.18 +IP.788 = 10.0.3.19 +IP.789 = 10.0.3.20 +IP.790 = 10.0.3.21 +IP.791 = 10.0.3.22 +IP.792 = 10.0.3.23 +IP.793 = 10.0.3.24 +IP.794 = 10.0.3.25 +IP.795 = 10.0.3.26 +IP.796 = 10.0.3.27 +IP.797 = 10.0.3.28 +IP.798 = 10.0.3.29 +IP.799 = 10.0.3.30 +IP.800 = 10.0.3.31 +IP.801 = 10.0.3.32 +IP.802 = 10.0.3.33 +IP.803 = 10.0.3.34 +IP.804 = 10.0.3.35 +IP.805 = 10.0.3.36 +IP.806 = 10.0.3.37 +IP.807 = 10.0.3.38 +IP.808 = 10.0.3.39 +IP.809 = 10.0.3.40 +IP.810 = 10.0.3.41 +IP.811 = 10.0.3.42 +IP.812 = 10.0.3.43 +IP.813 = 10.0.3.44 +IP.814 = 10.0.3.45 +IP.815 = 10.0.3.46 +IP.816 = 10.0.3.47 +IP.817 = 10.0.3.48 +IP.818 = 10.0.3.49 +IP.819 = 10.0.3.50 +IP.820 = 10.0.3.51 +IP.821 = 10.0.3.52 +IP.822 = 10.0.3.53 +IP.823 = 10.0.3.54 +IP.824 = 10.0.3.55 +IP.825 = 10.0.3.56 +IP.826 = 10.0.3.57 +IP.827 = 10.0.3.58 +IP.828 = 10.0.3.59 +IP.829 = 10.0.3.60 +IP.830 = 10.0.3.61 +IP.831 = 10.0.3.62 +IP.832 = 10.0.3.63 +IP.833 = 10.0.3.64 +IP.834 = 10.0.3.65 +IP.835 = 10.0.3.66 +IP.836 = 10.0.3.67 +IP.837 = 10.0.3.68 +IP.838 = 10.0.3.69 +IP.839 = 10.0.3.70 +IP.840 = 10.0.3.71 +IP.841 = 10.0.3.72 +IP.842 = 10.0.3.73 +IP.843 = 10.0.3.74 +IP.844 = 10.0.3.75 +IP.845 = 10.0.3.76 +IP.846 = 10.0.3.77 +IP.847 = 10.0.3.78 +IP.848 = 10.0.3.79 +IP.849 = 10.0.3.80 +IP.850 = 10.0.3.81 +IP.851 = 10.0.3.82 +IP.852 = 10.0.3.83 +IP.853 = 10.0.3.84 +IP.854 = 10.0.3.85 +IP.855 = 10.0.3.86 +IP.856 = 10.0.3.87 +IP.857 = 10.0.3.88 +IP.858 = 10.0.3.89 +IP.859 = 10.0.3.90 +IP.860 = 10.0.3.91 +IP.861 = 10.0.3.92 +IP.862 = 10.0.3.93 +IP.863 = 10.0.3.94 +IP.864 = 10.0.3.95 +IP.865 = 10.0.3.96 +IP.866 = 10.0.3.97 +IP.867 = 10.0.3.98 +IP.868 = 10.0.3.99 +IP.869 = 10.0.3.100 +IP.870 = 10.0.3.101 +IP.871 = 10.0.3.102 +IP.872 = 10.0.3.103 +IP.873 = 10.0.3.104 +IP.874 = 10.0.3.105 +IP.875 = 10.0.3.106 +IP.876 = 10.0.3.107 +IP.877 = 10.0.3.108 +IP.878 = 10.0.3.109 +IP.879 = 10.0.3.110 +IP.880 = 10.0.3.111 +IP.881 = 10.0.3.112 +IP.882 = 10.0.3.113 +IP.883 = 10.0.3.114 +IP.884 = 10.0.3.115 +IP.885 = 10.0.3.116 +IP.886 = 10.0.3.117 +IP.887 = 10.0.3.118 +IP.888 = 10.0.3.119 +IP.889 = 10.0.3.120 +IP.890 = 10.0.3.121 +IP.891 = 10.0.3.122 +IP.892 = 10.0.3.123 +IP.893 = 10.0.3.124 +IP.894 = 10.0.3.125 +IP.895 = 10.0.3.126 +IP.896 = 10.0.3.127 +IP.897 = 10.0.3.128 +IP.898 = 10.0.3.129 +IP.899 = 10.0.3.130 +IP.900 = 10.0.3.131 +IP.901 = 10.0.3.132 +IP.902 = 10.0.3.133 +IP.903 = 10.0.3.134 +IP.904 = 10.0.3.135 +IP.905 = 10.0.3.136 +IP.906 = 10.0.3.137 +IP.907 = 10.0.3.138 +IP.908 = 10.0.3.139 +IP.909 = 10.0.3.140 +IP.910 = 10.0.3.141 +IP.911 = 10.0.3.142 +IP.912 = 10.0.3.143 +IP.913 = 10.0.3.144 +IP.914 = 10.0.3.145 +IP.915 = 10.0.3.146 +IP.916 = 10.0.3.147 +IP.917 = 10.0.3.148 +IP.918 = 10.0.3.149 +IP.919 = 10.0.3.150 +IP.920 = 10.0.3.151 +IP.921 = 10.0.3.152 +IP.922 = 10.0.3.153 +IP.923 = 10.0.3.154 +IP.924 = 10.0.3.155 +IP.925 = 10.0.3.156 +IP.926 = 10.0.3.157 +IP.927 = 10.0.3.158 +IP.928 = 10.0.3.159 +IP.929 = 10.0.3.160 +IP.930 = 10.0.3.161 +IP.931 = 10.0.3.162 +IP.932 = 10.0.3.163 +IP.933 = 10.0.3.164 +IP.934 = 10.0.3.165 +IP.935 = 10.0.3.166 +IP.936 = 10.0.3.167 +IP.937 = 10.0.3.168 +IP.938 = 10.0.3.169 +IP.939 = 10.0.3.170 +IP.940 = 10.0.3.171 +IP.941 = 10.0.3.172 +IP.942 = 10.0.3.173 +IP.943 = 10.0.3.174 +IP.944 = 10.0.3.175 +IP.945 = 10.0.3.176 +IP.946 = 10.0.3.177 +IP.947 = 10.0.3.178 +IP.948 = 10.0.3.179 +IP.949 = 10.0.3.180 +IP.950 = 10.0.3.181 +IP.951 = 10.0.3.182 +IP.952 = 10.0.3.183 +IP.953 = 10.0.3.184 +IP.954 = 10.0.3.185 +IP.955 = 10.0.3.186 +IP.956 = 10.0.3.187 +IP.957 = 10.0.3.188 +IP.958 = 10.0.3.189 +IP.959 = 10.0.3.190 +IP.960 = 10.0.3.191 +IP.961 = 10.0.3.192 +IP.962 = 10.0.3.193 +IP.963 = 10.0.3.194 +IP.964 = 10.0.3.195 +IP.965 = 10.0.3.196 +IP.966 = 10.0.3.197 +IP.967 = 10.0.3.198 +IP.968 = 10.0.3.199 +IP.969 = 10.0.3.200 +IP.970 = 10.0.3.201 +IP.971 = 10.0.3.202 +IP.972 = 10.0.3.203 +IP.973 = 10.0.3.204 +IP.974 = 10.0.3.205 +IP.975 = 10.0.3.206 +IP.976 = 10.0.3.207 +IP.977 = 10.0.3.208 +IP.978 = 10.0.3.209 +IP.979 = 10.0.3.210 +IP.980 = 10.0.3.211 +IP.981 = 10.0.3.212 +IP.982 = 10.0.3.213 +IP.983 = 10.0.3.214 +IP.984 = 10.0.3.215 +IP.985 = 10.0.3.216 +IP.986 = 10.0.3.217 +IP.987 = 10.0.3.218 +IP.988 = 10.0.3.219 +IP.989 = 10.0.3.220 +IP.990 = 10.0.3.221 +IP.991 = 10.0.3.222 +IP.992 = 10.0.3.223 +IP.993 = 10.0.3.224 +IP.994 = 10.0.3.225 +IP.995 = 10.0.3.226 +IP.996 = 10.0.3.227 +IP.997 = 10.0.3.228 +IP.998 = 10.0.3.229 +IP.999 = 10.0.3.230 +IP.1000 = 10.0.3.231 +IP.1001 = 10.0.3.232 +IP.1002 = 10.0.3.233 +IP.1003 = 10.0.3.234 +IP.1004 = 10.0.3.235 +IP.1005 = 10.0.3.236 +IP.1006 = 10.0.3.237 +IP.1007 = 10.0.3.238 +IP.1008 = 10.0.3.239 +IP.1009 = 10.0.3.240 +IP.1010 = 10.0.3.241 +IP.1011 = 10.0.3.242 +IP.1012 = 10.0.3.243 +IP.1013 = 10.0.3.244 +IP.1014 = 10.0.3.245 +IP.1015 = 10.0.3.246 +IP.1016 = 10.0.3.247 +IP.1017 = 10.0.3.248 +IP.1018 = 10.0.3.249 +IP.1019 = 10.0.3.250 +IP.1020 = 10.0.3.251 +IP.1021 = 10.0.3.252 +IP.1022 = 10.0.3.253 +IP.1023 = 10.0.3.254 +IP.1024 = 10.0.3.255 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.csr new file mode 100644 index 0000000000..20a991966d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.csr @@ -0,0 +1,145 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIayjCCGbICAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGgghh2MIIYcgYJKoZIhvcN +AQkOMYIYYzCCGF8wHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNV +HREEghgEMIIYAIcECgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcE +CgAABocECgAAB4cECgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcE +CgAADocECgAAD4cECgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcE +CgAAFocECgAAF4cECgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcE +CgAAHocECgAAH4cECgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcE +CgAAJocECgAAJ4cECgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcE +CgAALocECgAAL4cECgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcE +CgAANocECgAAN4cECgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcE +CgAAPocECgAAP4cECgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcE +CgAARocECgAAR4cECgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcE +CgAATocECgAAT4cECgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcE +CgAAVocECgAAV4cECgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcE +CgAAXocECgAAX4cECgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcE +CgAAZocECgAAZ4cECgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcE +CgAAbocECgAAb4cECgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcE +CgAAdocECgAAd4cECgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcE +CgAAfocECgAAf4cECgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcE +CgAAhocECgAAh4cECgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcE +CgAAjocECgAAj4cECgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcE +CgAAlocECgAAl4cECgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcE +CgAAnocECgAAn4cECgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcE +CgAApocECgAAp4cECgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcE +CgAArocECgAAr4cECgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcE +CgAAtocECgAAt4cECgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcE +CgAAvocECgAAv4cECgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcE +CgAAxocECgAAx4cECgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcE +CgAAzocECgAAz4cECgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcE +CgAA1ocECgAA14cECgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcE +CgAA3ocECgAA34cECgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcE +CgAA5ocECgAA54cECgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcE +CgAA7ocECgAA74cECgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcE +CgAA9ocECgAA94cECgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcE +CgAA/ocECgAA/4cECgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcE +CgABBocECgABB4cECgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcE +CgABDocECgABD4cECgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcE +CgABFocECgABF4cECgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcE +CgABHocECgABH4cECgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcE +CgABJocECgABJ4cECgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcE +CgABLocECgABL4cECgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcE +CgABNocECgABN4cECgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcE +CgABPocECgABP4cECgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcE +CgABRocECgABR4cECgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcE +CgABTocECgABT4cECgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcE +CgABVocECgABV4cECgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcE +CgABXocECgABX4cECgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcE +CgABZocECgABZ4cECgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcE +CgABbocECgABb4cECgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcE +CgABdocECgABd4cECgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcE +CgABfocECgABf4cECgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcE +CgABhocECgABh4cECgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcE +CgABjocECgABj4cECgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcE +CgABlocECgABl4cECgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcE +CgABnocECgABn4cECgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcE +CgABpocECgABp4cECgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcE +CgABrocECgABr4cECgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcE +CgABtocECgABt4cECgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcE +CgABvocECgABv4cECgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcE +CgABxocECgABx4cECgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcE +CgABzocECgABz4cECgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcE +CgAB1ocECgAB14cECgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcE +CgAB3ocECgAB34cECgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcE +CgAB5ocECgAB54cECgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcE +CgAB7ocECgAB74cECgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcE +CgAB9ocECgAB94cECgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcE +CgAB/ocECgAB/4cECgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcE +CgACBocECgACB4cECgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcE +CgACDocECgACD4cECgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcE +CgACFocECgACF4cECgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcE +CgACHocECgACH4cECgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcE +CgACJocECgACJ4cECgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcE +CgACLocECgACL4cECgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcE +CgACNocECgACN4cECgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcE +CgACPocECgACP4cECgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcE +CgACRocECgACR4cECgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcE +CgACTocECgACT4cECgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcE +CgACVocECgACV4cECgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcE +CgACXocECgACX4cECgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcE +CgACZocECgACZ4cECgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcE +CgACbocECgACb4cECgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcE +CgACdocECgACd4cECgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcE +CgACfocECgACf4cECgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcE +CgAChocECgACh4cECgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcE +CgACjocECgACj4cECgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcE +CgAClocECgACl4cECgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcE +CgACnocECgACn4cECgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcE +CgACpocECgACp4cECgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcE +CgACrocECgACr4cECgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcE +CgACtocECgACt4cECgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcE +CgACvocECgACv4cECgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcE +CgACxocECgACx4cECgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcE +CgACzocECgACz4cECgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcE +CgAC1ocECgAC14cECgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcE +CgAC3ocECgAC34cECgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcE +CgAC5ocECgAC54cECgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcE +CgAC7ocECgAC74cECgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcE +CgAC9ocECgAC94cECgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcE +CgAC/ocECgAC/4cECgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcE +CgADBocECgADB4cECgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcE +CgADDocECgADD4cECgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcE +CgADFocECgADF4cECgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcE +CgADHocECgADH4cECgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcE +CgADJocECgADJ4cECgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcE +CgADLocECgADL4cECgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcE +CgADNocECgADN4cECgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcE +CgADPocECgADP4cECgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcE +CgADRocECgADR4cECgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcE +CgADTocECgADT4cECgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcE +CgADVocECgADV4cECgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcE +CgADXocECgADX4cECgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcE +CgADZocECgADZ4cECgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcE +CgADbocECgADb4cECgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcE +CgADdocECgADd4cECgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcE +CgADfocECgADf4cECgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcE +CgADhocECgADh4cECgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcE +CgADjocECgADj4cECgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcE +CgADlocECgADl4cECgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcE +CgADnocECgADn4cECgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcE +CgADpocECgADp4cECgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcE +CgADrocECgADr4cECgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcE +CgADtocECgADt4cECgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcE +CgADvocECgADv4cECgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcE +CgADxocECgADx4cECgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcE +CgADzocECgADz4cECgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcE +CgAD1ocECgAD14cECgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcE +CgAD3ocECgAD34cECgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcE +CgAD5ocECgAD54cECgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcE +CgAD7ocECgAD74cECgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcE +CgAD9ocECgAD94cECgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcE +CgAD/ocECgAD/zANBgkqhkiG9w0BAQsFAAOCAQEAPvGfgaK1FKxTNxCDWV+yYfuz +EVUhxh4SNGwKdYj9/n829IE/40YKNo3o8hCQq1e0VtLvW1YyxZQ7Lsaaiaj3rgUE +jzI78mZBEIBvf4S2S1PFXNwx0EwsNyarImIFirDR/wyI/O3qHiDgDL+QZ0G9K4pe +yDoPHQWzRff5bczSyVTZESp/i6c0r4gB3S9dwmpJ40BJvGqDs7h3115K7KjT3Y7t +G/h70xGD1n+8X/HRQCc0inutWk0ToZdkRNEvzFlAqU34g2/eS+uyzntJWXAtO4nc +uAflue4l2NC2tR76MzNtHgvwFyiugvXjpQwT6oFgUmnyISfvhWprW1XaWqSVWw== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.pem new file mode 100644 index 0000000000..9782123c7d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_3.pem @@ -0,0 +1,220 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 24:e6:7f:49:27:e7:de:27:ca:06:88:0f:d2:64:ba:07:75:08: + c0:72:41:ce:67:9f:1a:d8:23:d7:b6:35:ab:d4:49:1b:7e:cb: + 46:74:25:52:65:fb:5b:2b:74:ab:2c:19:1c:bf:06:01:78:0c: + c7:a6:3c:e0:1a:d4:dc:8c:00:8b:a8:05:4c:c2:cf:82:41:c7: + 51:65:49:fc:6b:dc:b3:b6:57:f0:0a:3c:05:39:7d:6e:2c:cd: + 6b:f3:b0:38:c4:0b:1b:5f:bf:03:e9:59:f8:d4:c5:42:7a:c0: + 39:5e:a4:ef:45:39:aa:ab:91:35:9d:8e:65:3f:43:bc:59:6f: + 90:d1:da:eb:fe:b0:b5:3a:24:63:78:04:f3:75:58:43:79:b5: + 64:1f:96:ee:c9:3b:93:12:e1:c7:31:5b:9d:a9:58:48:03:f7: + 76:ad:0a:e8:b1:38:58:df:2e:04:8b:56:07:1c:9c:4e:e8:27: + 2b:9d:24:a0:09:a6:b7:c2:7f:f4:16:c0:2a:f7:ca:b0:f5:b9: + c2:0c:4b:e8:c2:16:e3:b4:dc:0b:a9:95:7f:60:35:b1:62:1b: + 53:14:94:c9:ea:74:ee:0e:05:64:ff:04:1b:b4:1d:8c:10:d2: + 3e:6e:0d:f0:87:0b:c5:29:0a:90:cb:86:ee:0a:ba:3f:d7:d4: + 12:e3:0a:e9 +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAJOZ/SSfn3ifKBogP0mS6B3UIwHJBzmefGtgj17Y1 +q9RJG37LRnQlUmX7Wyt0qywZHL8GAXgMx6Y84BrU3IwAi6gFTMLPgkHHUWVJ/Gvc +s7ZX8Ao8BTl9bizNa/OwOMQLG1+/A+lZ+NTFQnrAOV6k70U5qquRNZ2OZT9DvFlv +kNHa6/6wtTokY3gE83VYQ3m1ZB+W7sk7kxLhxzFbnalYSAP3dq0K6LE4WN8uBItW +BxycTugnK50koAmmt8J/9BbAKvfKsPW5wgxL6MIW47TcC6mVf2A1sWIbUxSUyep0 +7g4FZP8EG7QdjBDSPm4N8IcLxSkKkMuG7gq6P9fUEuMK6Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.cnf new file mode 100644 index 0000000000..f4ed185541 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.cnf @@ -0,0 +1,4163 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_4.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +dirName.1 = san_dirname1 +dirName.2 = san_dirname2 +dirName.3 = san_dirname3 +dirName.4 = san_dirname4 +dirName.5 = san_dirname5 +dirName.6 = san_dirname6 +dirName.7 = san_dirname7 +dirName.8 = san_dirname8 +dirName.9 = san_dirname9 +dirName.10 = san_dirname10 +dirName.11 = san_dirname11 +dirName.12 = san_dirname12 +dirName.13 = san_dirname13 +dirName.14 = san_dirname14 +dirName.15 = san_dirname15 +dirName.16 = san_dirname16 +dirName.17 = san_dirname17 +dirName.18 = san_dirname18 +dirName.19 = san_dirname19 +dirName.20 = san_dirname20 +dirName.21 = san_dirname21 +dirName.22 = san_dirname22 +dirName.23 = san_dirname23 +dirName.24 = san_dirname24 +dirName.25 = san_dirname25 +dirName.26 = san_dirname26 +dirName.27 = san_dirname27 +dirName.28 = san_dirname28 +dirName.29 = san_dirname29 +dirName.30 = san_dirname30 +dirName.31 = san_dirname31 +dirName.32 = san_dirname32 +dirName.33 = san_dirname33 +dirName.34 = san_dirname34 +dirName.35 = san_dirname35 +dirName.36 = san_dirname36 +dirName.37 = san_dirname37 +dirName.38 = san_dirname38 +dirName.39 = san_dirname39 +dirName.40 = san_dirname40 +dirName.41 = san_dirname41 +dirName.42 = san_dirname42 +dirName.43 = san_dirname43 +dirName.44 = san_dirname44 +dirName.45 = san_dirname45 +dirName.46 = san_dirname46 +dirName.47 = san_dirname47 +dirName.48 = san_dirname48 +dirName.49 = san_dirname49 +dirName.50 = san_dirname50 +dirName.51 = san_dirname51 +dirName.52 = san_dirname52 +dirName.53 = san_dirname53 +dirName.54 = san_dirname54 +dirName.55 = san_dirname55 +dirName.56 = san_dirname56 +dirName.57 = san_dirname57 +dirName.58 = san_dirname58 +dirName.59 = san_dirname59 +dirName.60 = san_dirname60 +dirName.61 = san_dirname61 +dirName.62 = san_dirname62 +dirName.63 = san_dirname63 +dirName.64 = san_dirname64 +dirName.65 = san_dirname65 +dirName.66 = san_dirname66 +dirName.67 = san_dirname67 +dirName.68 = san_dirname68 +dirName.69 = san_dirname69 +dirName.70 = san_dirname70 +dirName.71 = san_dirname71 +dirName.72 = san_dirname72 +dirName.73 = san_dirname73 +dirName.74 = san_dirname74 +dirName.75 = san_dirname75 +dirName.76 = san_dirname76 +dirName.77 = san_dirname77 +dirName.78 = san_dirname78 +dirName.79 = san_dirname79 +dirName.80 = san_dirname80 +dirName.81 = san_dirname81 +dirName.82 = san_dirname82 +dirName.83 = san_dirname83 +dirName.84 = san_dirname84 +dirName.85 = san_dirname85 +dirName.86 = san_dirname86 +dirName.87 = san_dirname87 +dirName.88 = san_dirname88 +dirName.89 = san_dirname89 +dirName.90 = san_dirname90 +dirName.91 = san_dirname91 +dirName.92 = san_dirname92 +dirName.93 = san_dirname93 +dirName.94 = san_dirname94 +dirName.95 = san_dirname95 +dirName.96 = san_dirname96 +dirName.97 = san_dirname97 +dirName.98 = san_dirname98 +dirName.99 = san_dirname99 +dirName.100 = san_dirname100 +dirName.101 = san_dirname101 +dirName.102 = san_dirname102 +dirName.103 = san_dirname103 +dirName.104 = san_dirname104 +dirName.105 = san_dirname105 +dirName.106 = san_dirname106 +dirName.107 = san_dirname107 +dirName.108 = san_dirname108 +dirName.109 = san_dirname109 +dirName.110 = san_dirname110 +dirName.111 = san_dirname111 +dirName.112 = san_dirname112 +dirName.113 = san_dirname113 +dirName.114 = san_dirname114 +dirName.115 = san_dirname115 +dirName.116 = san_dirname116 +dirName.117 = san_dirname117 +dirName.118 = san_dirname118 +dirName.119 = san_dirname119 +dirName.120 = san_dirname120 +dirName.121 = san_dirname121 +dirName.122 = san_dirname122 +dirName.123 = san_dirname123 +dirName.124 = san_dirname124 +dirName.125 = san_dirname125 +dirName.126 = san_dirname126 +dirName.127 = san_dirname127 +dirName.128 = san_dirname128 +dirName.129 = san_dirname129 +dirName.130 = san_dirname130 +dirName.131 = san_dirname131 +dirName.132 = san_dirname132 +dirName.133 = san_dirname133 +dirName.134 = san_dirname134 +dirName.135 = san_dirname135 +dirName.136 = san_dirname136 +dirName.137 = san_dirname137 +dirName.138 = san_dirname138 +dirName.139 = san_dirname139 +dirName.140 = san_dirname140 +dirName.141 = san_dirname141 +dirName.142 = san_dirname142 +dirName.143 = san_dirname143 +dirName.144 = san_dirname144 +dirName.145 = san_dirname145 +dirName.146 = san_dirname146 +dirName.147 = san_dirname147 +dirName.148 = san_dirname148 +dirName.149 = san_dirname149 +dirName.150 = san_dirname150 +dirName.151 = san_dirname151 +dirName.152 = san_dirname152 +dirName.153 = san_dirname153 +dirName.154 = san_dirname154 +dirName.155 = san_dirname155 +dirName.156 = san_dirname156 +dirName.157 = san_dirname157 +dirName.158 = san_dirname158 +dirName.159 = san_dirname159 +dirName.160 = san_dirname160 +dirName.161 = san_dirname161 +dirName.162 = san_dirname162 +dirName.163 = san_dirname163 +dirName.164 = san_dirname164 +dirName.165 = san_dirname165 +dirName.166 = san_dirname166 +dirName.167 = san_dirname167 +dirName.168 = san_dirname168 +dirName.169 = san_dirname169 +dirName.170 = san_dirname170 +dirName.171 = san_dirname171 +dirName.172 = san_dirname172 +dirName.173 = san_dirname173 +dirName.174 = san_dirname174 +dirName.175 = san_dirname175 +dirName.176 = san_dirname176 +dirName.177 = san_dirname177 +dirName.178 = san_dirname178 +dirName.179 = san_dirname179 +dirName.180 = san_dirname180 +dirName.181 = san_dirname181 +dirName.182 = san_dirname182 +dirName.183 = san_dirname183 +dirName.184 = san_dirname184 +dirName.185 = san_dirname185 +dirName.186 = san_dirname186 +dirName.187 = san_dirname187 +dirName.188 = san_dirname188 +dirName.189 = san_dirname189 +dirName.190 = san_dirname190 +dirName.191 = san_dirname191 +dirName.192 = san_dirname192 +dirName.193 = san_dirname193 +dirName.194 = san_dirname194 +dirName.195 = san_dirname195 +dirName.196 = san_dirname196 +dirName.197 = san_dirname197 +dirName.198 = san_dirname198 +dirName.199 = san_dirname199 +dirName.200 = san_dirname200 +dirName.201 = san_dirname201 +dirName.202 = san_dirname202 +dirName.203 = san_dirname203 +dirName.204 = san_dirname204 +dirName.205 = san_dirname205 +dirName.206 = san_dirname206 +dirName.207 = san_dirname207 +dirName.208 = san_dirname208 +dirName.209 = san_dirname209 +dirName.210 = san_dirname210 +dirName.211 = san_dirname211 +dirName.212 = san_dirname212 +dirName.213 = san_dirname213 +dirName.214 = san_dirname214 +dirName.215 = san_dirname215 +dirName.216 = san_dirname216 +dirName.217 = san_dirname217 +dirName.218 = san_dirname218 +dirName.219 = san_dirname219 +dirName.220 = san_dirname220 +dirName.221 = san_dirname221 +dirName.222 = san_dirname222 +dirName.223 = san_dirname223 +dirName.224 = san_dirname224 +dirName.225 = san_dirname225 +dirName.226 = san_dirname226 +dirName.227 = san_dirname227 +dirName.228 = san_dirname228 +dirName.229 = san_dirname229 +dirName.230 = san_dirname230 +dirName.231 = san_dirname231 +dirName.232 = san_dirname232 +dirName.233 = san_dirname233 +dirName.234 = san_dirname234 +dirName.235 = san_dirname235 +dirName.236 = san_dirname236 +dirName.237 = san_dirname237 +dirName.238 = san_dirname238 +dirName.239 = san_dirname239 +dirName.240 = san_dirname240 +dirName.241 = san_dirname241 +dirName.242 = san_dirname242 +dirName.243 = san_dirname243 +dirName.244 = san_dirname244 +dirName.245 = san_dirname245 +dirName.246 = san_dirname246 +dirName.247 = san_dirname247 +dirName.248 = san_dirname248 +dirName.249 = san_dirname249 +dirName.250 = san_dirname250 +dirName.251 = san_dirname251 +dirName.252 = san_dirname252 +dirName.253 = san_dirname253 +dirName.254 = san_dirname254 +dirName.255 = san_dirname255 +dirName.256 = san_dirname256 +dirName.257 = san_dirname257 +dirName.258 = san_dirname258 +dirName.259 = san_dirname259 +dirName.260 = san_dirname260 +dirName.261 = san_dirname261 +dirName.262 = san_dirname262 +dirName.263 = san_dirname263 +dirName.264 = san_dirname264 +dirName.265 = san_dirname265 +dirName.266 = san_dirname266 +dirName.267 = san_dirname267 +dirName.268 = san_dirname268 +dirName.269 = san_dirname269 +dirName.270 = san_dirname270 +dirName.271 = san_dirname271 +dirName.272 = san_dirname272 +dirName.273 = san_dirname273 +dirName.274 = san_dirname274 +dirName.275 = san_dirname275 +dirName.276 = san_dirname276 +dirName.277 = san_dirname277 +dirName.278 = san_dirname278 +dirName.279 = san_dirname279 +dirName.280 = san_dirname280 +dirName.281 = san_dirname281 +dirName.282 = san_dirname282 +dirName.283 = san_dirname283 +dirName.284 = san_dirname284 +dirName.285 = san_dirname285 +dirName.286 = san_dirname286 +dirName.287 = san_dirname287 +dirName.288 = san_dirname288 +dirName.289 = san_dirname289 +dirName.290 = san_dirname290 +dirName.291 = san_dirname291 +dirName.292 = san_dirname292 +dirName.293 = san_dirname293 +dirName.294 = san_dirname294 +dirName.295 = san_dirname295 +dirName.296 = san_dirname296 +dirName.297 = san_dirname297 +dirName.298 = san_dirname298 +dirName.299 = san_dirname299 +dirName.300 = san_dirname300 +dirName.301 = san_dirname301 +dirName.302 = san_dirname302 +dirName.303 = san_dirname303 +dirName.304 = san_dirname304 +dirName.305 = san_dirname305 +dirName.306 = san_dirname306 +dirName.307 = san_dirname307 +dirName.308 = san_dirname308 +dirName.309 = san_dirname309 +dirName.310 = san_dirname310 +dirName.311 = san_dirname311 +dirName.312 = san_dirname312 +dirName.313 = san_dirname313 +dirName.314 = san_dirname314 +dirName.315 = san_dirname315 +dirName.316 = san_dirname316 +dirName.317 = san_dirname317 +dirName.318 = san_dirname318 +dirName.319 = san_dirname319 +dirName.320 = san_dirname320 +dirName.321 = san_dirname321 +dirName.322 = san_dirname322 +dirName.323 = san_dirname323 +dirName.324 = san_dirname324 +dirName.325 = san_dirname325 +dirName.326 = san_dirname326 +dirName.327 = san_dirname327 +dirName.328 = san_dirname328 +dirName.329 = san_dirname329 +dirName.330 = san_dirname330 +dirName.331 = san_dirname331 +dirName.332 = san_dirname332 +dirName.333 = san_dirname333 +dirName.334 = san_dirname334 +dirName.335 = san_dirname335 +dirName.336 = san_dirname336 +dirName.337 = san_dirname337 +dirName.338 = san_dirname338 +dirName.339 = san_dirname339 +dirName.340 = san_dirname340 +dirName.341 = san_dirname341 +dirName.342 = san_dirname342 +dirName.343 = san_dirname343 +dirName.344 = san_dirname344 +dirName.345 = san_dirname345 +dirName.346 = san_dirname346 +dirName.347 = san_dirname347 +dirName.348 = san_dirname348 +dirName.349 = san_dirname349 +dirName.350 = san_dirname350 +dirName.351 = san_dirname351 +dirName.352 = san_dirname352 +dirName.353 = san_dirname353 +dirName.354 = san_dirname354 +dirName.355 = san_dirname355 +dirName.356 = san_dirname356 +dirName.357 = san_dirname357 +dirName.358 = san_dirname358 +dirName.359 = san_dirname359 +dirName.360 = san_dirname360 +dirName.361 = san_dirname361 +dirName.362 = san_dirname362 +dirName.363 = san_dirname363 +dirName.364 = san_dirname364 +dirName.365 = san_dirname365 +dirName.366 = san_dirname366 +dirName.367 = san_dirname367 +dirName.368 = san_dirname368 +dirName.369 = san_dirname369 +dirName.370 = san_dirname370 +dirName.371 = san_dirname371 +dirName.372 = san_dirname372 +dirName.373 = san_dirname373 +dirName.374 = san_dirname374 +dirName.375 = san_dirname375 +dirName.376 = san_dirname376 +dirName.377 = san_dirname377 +dirName.378 = san_dirname378 +dirName.379 = san_dirname379 +dirName.380 = san_dirname380 +dirName.381 = san_dirname381 +dirName.382 = san_dirname382 +dirName.383 = san_dirname383 +dirName.384 = san_dirname384 +dirName.385 = san_dirname385 +dirName.386 = san_dirname386 +dirName.387 = san_dirname387 +dirName.388 = san_dirname388 +dirName.389 = san_dirname389 +dirName.390 = san_dirname390 +dirName.391 = san_dirname391 +dirName.392 = san_dirname392 +dirName.393 = san_dirname393 +dirName.394 = san_dirname394 +dirName.395 = san_dirname395 +dirName.396 = san_dirname396 +dirName.397 = san_dirname397 +dirName.398 = san_dirname398 +dirName.399 = san_dirname399 +dirName.400 = san_dirname400 +dirName.401 = san_dirname401 +dirName.402 = san_dirname402 +dirName.403 = san_dirname403 +dirName.404 = san_dirname404 +dirName.405 = san_dirname405 +dirName.406 = san_dirname406 +dirName.407 = san_dirname407 +dirName.408 = san_dirname408 +dirName.409 = san_dirname409 +dirName.410 = san_dirname410 +dirName.411 = san_dirname411 +dirName.412 = san_dirname412 +dirName.413 = san_dirname413 +dirName.414 = san_dirname414 +dirName.415 = san_dirname415 +dirName.416 = san_dirname416 +dirName.417 = san_dirname417 +dirName.418 = san_dirname418 +dirName.419 = san_dirname419 +dirName.420 = san_dirname420 +dirName.421 = san_dirname421 +dirName.422 = san_dirname422 +dirName.423 = san_dirname423 +dirName.424 = san_dirname424 +dirName.425 = san_dirname425 +dirName.426 = san_dirname426 +dirName.427 = san_dirname427 +dirName.428 = san_dirname428 +dirName.429 = san_dirname429 +dirName.430 = san_dirname430 +dirName.431 = san_dirname431 +dirName.432 = san_dirname432 +dirName.433 = san_dirname433 +dirName.434 = san_dirname434 +dirName.435 = san_dirname435 +dirName.436 = san_dirname436 +dirName.437 = san_dirname437 +dirName.438 = san_dirname438 +dirName.439 = san_dirname439 +dirName.440 = san_dirname440 +dirName.441 = san_dirname441 +dirName.442 = san_dirname442 +dirName.443 = san_dirname443 +dirName.444 = san_dirname444 +dirName.445 = san_dirname445 +dirName.446 = san_dirname446 +dirName.447 = san_dirname447 +dirName.448 = san_dirname448 +dirName.449 = san_dirname449 +dirName.450 = san_dirname450 +dirName.451 = san_dirname451 +dirName.452 = san_dirname452 +dirName.453 = san_dirname453 +dirName.454 = san_dirname454 +dirName.455 = san_dirname455 +dirName.456 = san_dirname456 +dirName.457 = san_dirname457 +dirName.458 = san_dirname458 +dirName.459 = san_dirname459 +dirName.460 = san_dirname460 +dirName.461 = san_dirname461 +dirName.462 = san_dirname462 +dirName.463 = san_dirname463 +dirName.464 = san_dirname464 +dirName.465 = san_dirname465 +dirName.466 = san_dirname466 +dirName.467 = san_dirname467 +dirName.468 = san_dirname468 +dirName.469 = san_dirname469 +dirName.470 = san_dirname470 +dirName.471 = san_dirname471 +dirName.472 = san_dirname472 +dirName.473 = san_dirname473 +dirName.474 = san_dirname474 +dirName.475 = san_dirname475 +dirName.476 = san_dirname476 +dirName.477 = san_dirname477 +dirName.478 = san_dirname478 +dirName.479 = san_dirname479 +dirName.480 = san_dirname480 +dirName.481 = san_dirname481 +dirName.482 = san_dirname482 +dirName.483 = san_dirname483 +dirName.484 = san_dirname484 +dirName.485 = san_dirname485 +dirName.486 = san_dirname486 +dirName.487 = san_dirname487 +dirName.488 = san_dirname488 +dirName.489 = san_dirname489 +dirName.490 = san_dirname490 +dirName.491 = san_dirname491 +dirName.492 = san_dirname492 +dirName.493 = san_dirname493 +dirName.494 = san_dirname494 +dirName.495 = san_dirname495 +dirName.496 = san_dirname496 +dirName.497 = san_dirname497 +dirName.498 = san_dirname498 +dirName.499 = san_dirname499 +dirName.500 = san_dirname500 +dirName.501 = san_dirname501 +dirName.502 = san_dirname502 +dirName.503 = san_dirname503 +dirName.504 = san_dirname504 +dirName.505 = san_dirname505 +dirName.506 = san_dirname506 +dirName.507 = san_dirname507 +dirName.508 = san_dirname508 +dirName.509 = san_dirname509 +dirName.510 = san_dirname510 +dirName.511 = san_dirname511 +dirName.512 = san_dirname512 +dirName.513 = san_dirname513 +dirName.514 = san_dirname514 +dirName.515 = san_dirname515 +dirName.516 = san_dirname516 +dirName.517 = san_dirname517 +dirName.518 = san_dirname518 +dirName.519 = san_dirname519 +dirName.520 = san_dirname520 +dirName.521 = san_dirname521 +dirName.522 = san_dirname522 +dirName.523 = san_dirname523 +dirName.524 = san_dirname524 +dirName.525 = san_dirname525 +dirName.526 = san_dirname526 +dirName.527 = san_dirname527 +dirName.528 = san_dirname528 +dirName.529 = san_dirname529 +dirName.530 = san_dirname530 +dirName.531 = san_dirname531 +dirName.532 = san_dirname532 +dirName.533 = san_dirname533 +dirName.534 = san_dirname534 +dirName.535 = san_dirname535 +dirName.536 = san_dirname536 +dirName.537 = san_dirname537 +dirName.538 = san_dirname538 +dirName.539 = san_dirname539 +dirName.540 = san_dirname540 +dirName.541 = san_dirname541 +dirName.542 = san_dirname542 +dirName.543 = san_dirname543 +dirName.544 = san_dirname544 +dirName.545 = san_dirname545 +dirName.546 = san_dirname546 +dirName.547 = san_dirname547 +dirName.548 = san_dirname548 +dirName.549 = san_dirname549 +dirName.550 = san_dirname550 +dirName.551 = san_dirname551 +dirName.552 = san_dirname552 +dirName.553 = san_dirname553 +dirName.554 = san_dirname554 +dirName.555 = san_dirname555 +dirName.556 = san_dirname556 +dirName.557 = san_dirname557 +dirName.558 = san_dirname558 +dirName.559 = san_dirname559 +dirName.560 = san_dirname560 +dirName.561 = san_dirname561 +dirName.562 = san_dirname562 +dirName.563 = san_dirname563 +dirName.564 = san_dirname564 +dirName.565 = san_dirname565 +dirName.566 = san_dirname566 +dirName.567 = san_dirname567 +dirName.568 = san_dirname568 +dirName.569 = san_dirname569 +dirName.570 = san_dirname570 +dirName.571 = san_dirname571 +dirName.572 = san_dirname572 +dirName.573 = san_dirname573 +dirName.574 = san_dirname574 +dirName.575 = san_dirname575 +dirName.576 = san_dirname576 +dirName.577 = san_dirname577 +dirName.578 = san_dirname578 +dirName.579 = san_dirname579 +dirName.580 = san_dirname580 +dirName.581 = san_dirname581 +dirName.582 = san_dirname582 +dirName.583 = san_dirname583 +dirName.584 = san_dirname584 +dirName.585 = san_dirname585 +dirName.586 = san_dirname586 +dirName.587 = san_dirname587 +dirName.588 = san_dirname588 +dirName.589 = san_dirname589 +dirName.590 = san_dirname590 +dirName.591 = san_dirname591 +dirName.592 = san_dirname592 +dirName.593 = san_dirname593 +dirName.594 = san_dirname594 +dirName.595 = san_dirname595 +dirName.596 = san_dirname596 +dirName.597 = san_dirname597 +dirName.598 = san_dirname598 +dirName.599 = san_dirname599 +dirName.600 = san_dirname600 +dirName.601 = san_dirname601 +dirName.602 = san_dirname602 +dirName.603 = san_dirname603 +dirName.604 = san_dirname604 +dirName.605 = san_dirname605 +dirName.606 = san_dirname606 +dirName.607 = san_dirname607 +dirName.608 = san_dirname608 +dirName.609 = san_dirname609 +dirName.610 = san_dirname610 +dirName.611 = san_dirname611 +dirName.612 = san_dirname612 +dirName.613 = san_dirname613 +dirName.614 = san_dirname614 +dirName.615 = san_dirname615 +dirName.616 = san_dirname616 +dirName.617 = san_dirname617 +dirName.618 = san_dirname618 +dirName.619 = san_dirname619 +dirName.620 = san_dirname620 +dirName.621 = san_dirname621 +dirName.622 = san_dirname622 +dirName.623 = san_dirname623 +dirName.624 = san_dirname624 +dirName.625 = san_dirname625 +dirName.626 = san_dirname626 +dirName.627 = san_dirname627 +dirName.628 = san_dirname628 +dirName.629 = san_dirname629 +dirName.630 = san_dirname630 +dirName.631 = san_dirname631 +dirName.632 = san_dirname632 +dirName.633 = san_dirname633 +dirName.634 = san_dirname634 +dirName.635 = san_dirname635 +dirName.636 = san_dirname636 +dirName.637 = san_dirname637 +dirName.638 = san_dirname638 +dirName.639 = san_dirname639 +dirName.640 = san_dirname640 +dirName.641 = san_dirname641 +dirName.642 = san_dirname642 +dirName.643 = san_dirname643 +dirName.644 = san_dirname644 +dirName.645 = san_dirname645 +dirName.646 = san_dirname646 +dirName.647 = san_dirname647 +dirName.648 = san_dirname648 +dirName.649 = san_dirname649 +dirName.650 = san_dirname650 +dirName.651 = san_dirname651 +dirName.652 = san_dirname652 +dirName.653 = san_dirname653 +dirName.654 = san_dirname654 +dirName.655 = san_dirname655 +dirName.656 = san_dirname656 +dirName.657 = san_dirname657 +dirName.658 = san_dirname658 +dirName.659 = san_dirname659 +dirName.660 = san_dirname660 +dirName.661 = san_dirname661 +dirName.662 = san_dirname662 +dirName.663 = san_dirname663 +dirName.664 = san_dirname664 +dirName.665 = san_dirname665 +dirName.666 = san_dirname666 +dirName.667 = san_dirname667 +dirName.668 = san_dirname668 +dirName.669 = san_dirname669 +dirName.670 = san_dirname670 +dirName.671 = san_dirname671 +dirName.672 = san_dirname672 +dirName.673 = san_dirname673 +dirName.674 = san_dirname674 +dirName.675 = san_dirname675 +dirName.676 = san_dirname676 +dirName.677 = san_dirname677 +dirName.678 = san_dirname678 +dirName.679 = san_dirname679 +dirName.680 = san_dirname680 +dirName.681 = san_dirname681 +dirName.682 = san_dirname682 +dirName.683 = san_dirname683 +dirName.684 = san_dirname684 +dirName.685 = san_dirname685 +dirName.686 = san_dirname686 +dirName.687 = san_dirname687 +dirName.688 = san_dirname688 +dirName.689 = san_dirname689 +dirName.690 = san_dirname690 +dirName.691 = san_dirname691 +dirName.692 = san_dirname692 +dirName.693 = san_dirname693 +dirName.694 = san_dirname694 +dirName.695 = san_dirname695 +dirName.696 = san_dirname696 +dirName.697 = san_dirname697 +dirName.698 = san_dirname698 +dirName.699 = san_dirname699 +dirName.700 = san_dirname700 +dirName.701 = san_dirname701 +dirName.702 = san_dirname702 +dirName.703 = san_dirname703 +dirName.704 = san_dirname704 +dirName.705 = san_dirname705 +dirName.706 = san_dirname706 +dirName.707 = san_dirname707 +dirName.708 = san_dirname708 +dirName.709 = san_dirname709 +dirName.710 = san_dirname710 +dirName.711 = san_dirname711 +dirName.712 = san_dirname712 +dirName.713 = san_dirname713 +dirName.714 = san_dirname714 +dirName.715 = san_dirname715 +dirName.716 = san_dirname716 +dirName.717 = san_dirname717 +dirName.718 = san_dirname718 +dirName.719 = san_dirname719 +dirName.720 = san_dirname720 +dirName.721 = san_dirname721 +dirName.722 = san_dirname722 +dirName.723 = san_dirname723 +dirName.724 = san_dirname724 +dirName.725 = san_dirname725 +dirName.726 = san_dirname726 +dirName.727 = san_dirname727 +dirName.728 = san_dirname728 +dirName.729 = san_dirname729 +dirName.730 = san_dirname730 +dirName.731 = san_dirname731 +dirName.732 = san_dirname732 +dirName.733 = san_dirname733 +dirName.734 = san_dirname734 +dirName.735 = san_dirname735 +dirName.736 = san_dirname736 +dirName.737 = san_dirname737 +dirName.738 = san_dirname738 +dirName.739 = san_dirname739 +dirName.740 = san_dirname740 +dirName.741 = san_dirname741 +dirName.742 = san_dirname742 +dirName.743 = san_dirname743 +dirName.744 = san_dirname744 +dirName.745 = san_dirname745 +dirName.746 = san_dirname746 +dirName.747 = san_dirname747 +dirName.748 = san_dirname748 +dirName.749 = san_dirname749 +dirName.750 = san_dirname750 +dirName.751 = san_dirname751 +dirName.752 = san_dirname752 +dirName.753 = san_dirname753 +dirName.754 = san_dirname754 +dirName.755 = san_dirname755 +dirName.756 = san_dirname756 +dirName.757 = san_dirname757 +dirName.758 = san_dirname758 +dirName.759 = san_dirname759 +dirName.760 = san_dirname760 +dirName.761 = san_dirname761 +dirName.762 = san_dirname762 +dirName.763 = san_dirname763 +dirName.764 = san_dirname764 +dirName.765 = san_dirname765 +dirName.766 = san_dirname766 +dirName.767 = san_dirname767 +dirName.768 = san_dirname768 +dirName.769 = san_dirname769 +dirName.770 = san_dirname770 +dirName.771 = san_dirname771 +dirName.772 = san_dirname772 +dirName.773 = san_dirname773 +dirName.774 = san_dirname774 +dirName.775 = san_dirname775 +dirName.776 = san_dirname776 +dirName.777 = san_dirname777 +dirName.778 = san_dirname778 +dirName.779 = san_dirname779 +dirName.780 = san_dirname780 +dirName.781 = san_dirname781 +dirName.782 = san_dirname782 +dirName.783 = san_dirname783 +dirName.784 = san_dirname784 +dirName.785 = san_dirname785 +dirName.786 = san_dirname786 +dirName.787 = san_dirname787 +dirName.788 = san_dirname788 +dirName.789 = san_dirname789 +dirName.790 = san_dirname790 +dirName.791 = san_dirname791 +dirName.792 = san_dirname792 +dirName.793 = san_dirname793 +dirName.794 = san_dirname794 +dirName.795 = san_dirname795 +dirName.796 = san_dirname796 +dirName.797 = san_dirname797 +dirName.798 = san_dirname798 +dirName.799 = san_dirname799 +dirName.800 = san_dirname800 +dirName.801 = san_dirname801 +dirName.802 = san_dirname802 +dirName.803 = san_dirname803 +dirName.804 = san_dirname804 +dirName.805 = san_dirname805 +dirName.806 = san_dirname806 +dirName.807 = san_dirname807 +dirName.808 = san_dirname808 +dirName.809 = san_dirname809 +dirName.810 = san_dirname810 +dirName.811 = san_dirname811 +dirName.812 = san_dirname812 +dirName.813 = san_dirname813 +dirName.814 = san_dirname814 +dirName.815 = san_dirname815 +dirName.816 = san_dirname816 +dirName.817 = san_dirname817 +dirName.818 = san_dirname818 +dirName.819 = san_dirname819 +dirName.820 = san_dirname820 +dirName.821 = san_dirname821 +dirName.822 = san_dirname822 +dirName.823 = san_dirname823 +dirName.824 = san_dirname824 +dirName.825 = san_dirname825 +dirName.826 = san_dirname826 +dirName.827 = san_dirname827 +dirName.828 = san_dirname828 +dirName.829 = san_dirname829 +dirName.830 = san_dirname830 +dirName.831 = san_dirname831 +dirName.832 = san_dirname832 +dirName.833 = san_dirname833 +dirName.834 = san_dirname834 +dirName.835 = san_dirname835 +dirName.836 = san_dirname836 +dirName.837 = san_dirname837 +dirName.838 = san_dirname838 +dirName.839 = san_dirname839 +dirName.840 = san_dirname840 +dirName.841 = san_dirname841 +dirName.842 = san_dirname842 +dirName.843 = san_dirname843 +dirName.844 = san_dirname844 +dirName.845 = san_dirname845 +dirName.846 = san_dirname846 +dirName.847 = san_dirname847 +dirName.848 = san_dirname848 +dirName.849 = san_dirname849 +dirName.850 = san_dirname850 +dirName.851 = san_dirname851 +dirName.852 = san_dirname852 +dirName.853 = san_dirname853 +dirName.854 = san_dirname854 +dirName.855 = san_dirname855 +dirName.856 = san_dirname856 +dirName.857 = san_dirname857 +dirName.858 = san_dirname858 +dirName.859 = san_dirname859 +dirName.860 = san_dirname860 +dirName.861 = san_dirname861 +dirName.862 = san_dirname862 +dirName.863 = san_dirname863 +dirName.864 = san_dirname864 +dirName.865 = san_dirname865 +dirName.866 = san_dirname866 +dirName.867 = san_dirname867 +dirName.868 = san_dirname868 +dirName.869 = san_dirname869 +dirName.870 = san_dirname870 +dirName.871 = san_dirname871 +dirName.872 = san_dirname872 +dirName.873 = san_dirname873 +dirName.874 = san_dirname874 +dirName.875 = san_dirname875 +dirName.876 = san_dirname876 +dirName.877 = san_dirname877 +dirName.878 = san_dirname878 +dirName.879 = san_dirname879 +dirName.880 = san_dirname880 +dirName.881 = san_dirname881 +dirName.882 = san_dirname882 +dirName.883 = san_dirname883 +dirName.884 = san_dirname884 +dirName.885 = san_dirname885 +dirName.886 = san_dirname886 +dirName.887 = san_dirname887 +dirName.888 = san_dirname888 +dirName.889 = san_dirname889 +dirName.890 = san_dirname890 +dirName.891 = san_dirname891 +dirName.892 = san_dirname892 +dirName.893 = san_dirname893 +dirName.894 = san_dirname894 +dirName.895 = san_dirname895 +dirName.896 = san_dirname896 +dirName.897 = san_dirname897 +dirName.898 = san_dirname898 +dirName.899 = san_dirname899 +dirName.900 = san_dirname900 +dirName.901 = san_dirname901 +dirName.902 = san_dirname902 +dirName.903 = san_dirname903 +dirName.904 = san_dirname904 +dirName.905 = san_dirname905 +dirName.906 = san_dirname906 +dirName.907 = san_dirname907 +dirName.908 = san_dirname908 +dirName.909 = san_dirname909 +dirName.910 = san_dirname910 +dirName.911 = san_dirname911 +dirName.912 = san_dirname912 +dirName.913 = san_dirname913 +dirName.914 = san_dirname914 +dirName.915 = san_dirname915 +dirName.916 = san_dirname916 +dirName.917 = san_dirname917 +dirName.918 = san_dirname918 +dirName.919 = san_dirname919 +dirName.920 = san_dirname920 +dirName.921 = san_dirname921 +dirName.922 = san_dirname922 +dirName.923 = san_dirname923 +dirName.924 = san_dirname924 +dirName.925 = san_dirname925 +dirName.926 = san_dirname926 +dirName.927 = san_dirname927 +dirName.928 = san_dirname928 +dirName.929 = san_dirname929 +dirName.930 = san_dirname930 +dirName.931 = san_dirname931 +dirName.932 = san_dirname932 +dirName.933 = san_dirname933 +dirName.934 = san_dirname934 +dirName.935 = san_dirname935 +dirName.936 = san_dirname936 +dirName.937 = san_dirname937 +dirName.938 = san_dirname938 +dirName.939 = san_dirname939 +dirName.940 = san_dirname940 +dirName.941 = san_dirname941 +dirName.942 = san_dirname942 +dirName.943 = san_dirname943 +dirName.944 = san_dirname944 +dirName.945 = san_dirname945 +dirName.946 = san_dirname946 +dirName.947 = san_dirname947 +dirName.948 = san_dirname948 +dirName.949 = san_dirname949 +dirName.950 = san_dirname950 +dirName.951 = san_dirname951 +dirName.952 = san_dirname952 +dirName.953 = san_dirname953 +dirName.954 = san_dirname954 +dirName.955 = san_dirname955 +dirName.956 = san_dirname956 +dirName.957 = san_dirname957 +dirName.958 = san_dirname958 +dirName.959 = san_dirname959 +dirName.960 = san_dirname960 +dirName.961 = san_dirname961 +dirName.962 = san_dirname962 +dirName.963 = san_dirname963 +dirName.964 = san_dirname964 +dirName.965 = san_dirname965 +dirName.966 = san_dirname966 +dirName.967 = san_dirname967 +dirName.968 = san_dirname968 +dirName.969 = san_dirname969 +dirName.970 = san_dirname970 +dirName.971 = san_dirname971 +dirName.972 = san_dirname972 +dirName.973 = san_dirname973 +dirName.974 = san_dirname974 +dirName.975 = san_dirname975 +dirName.976 = san_dirname976 +dirName.977 = san_dirname977 +dirName.978 = san_dirname978 +dirName.979 = san_dirname979 +dirName.980 = san_dirname980 +dirName.981 = san_dirname981 +dirName.982 = san_dirname982 +dirName.983 = san_dirname983 +dirName.984 = san_dirname984 +dirName.985 = san_dirname985 +dirName.986 = san_dirname986 +dirName.987 = san_dirname987 +dirName.988 = san_dirname988 +dirName.989 = san_dirname989 +dirName.990 = san_dirname990 +dirName.991 = san_dirname991 +dirName.992 = san_dirname992 +dirName.993 = san_dirname993 +dirName.994 = san_dirname994 +dirName.995 = san_dirname995 +dirName.996 = san_dirname996 +dirName.997 = san_dirname997 +dirName.998 = san_dirname998 +dirName.999 = san_dirname999 +dirName.1000 = san_dirname1000 +dirName.1001 = san_dirname1001 +dirName.1002 = san_dirname1002 +dirName.1003 = san_dirname1003 +dirName.1004 = san_dirname1004 +dirName.1005 = san_dirname1005 +dirName.1006 = san_dirname1006 +dirName.1007 = san_dirname1007 +dirName.1008 = san_dirname1008 +dirName.1009 = san_dirname1009 +dirName.1010 = san_dirname1010 +dirName.1011 = san_dirname1011 +dirName.1012 = san_dirname1012 +dirName.1013 = san_dirname1013 +dirName.1014 = san_dirname1014 +dirName.1015 = san_dirname1015 +dirName.1016 = san_dirname1016 +dirName.1017 = san_dirname1017 +dirName.1018 = san_dirname1018 +dirName.1019 = san_dirname1019 +dirName.1020 = san_dirname1020 +dirName.1021 = san_dirname1021 +dirName.1022 = san_dirname1022 +dirName.1023 = san_dirname1023 +dirName.1024 = san_dirname1024 + +[san_dirname1] +commonName = "t0 + +[san_dirname2] +commonName = "t1 + +[san_dirname3] +commonName = "t2 + +[san_dirname4] +commonName = "t3 + +[san_dirname5] +commonName = "t4 + +[san_dirname6] +commonName = "t5 + +[san_dirname7] +commonName = "t6 + +[san_dirname8] +commonName = "t7 + +[san_dirname9] +commonName = "t8 + +[san_dirname10] +commonName = "t9 + +[san_dirname11] +commonName = "t10 + +[san_dirname12] +commonName = "t11 + +[san_dirname13] +commonName = "t12 + +[san_dirname14] +commonName = "t13 + +[san_dirname15] +commonName = "t14 + +[san_dirname16] +commonName = "t15 + +[san_dirname17] +commonName = "t16 + +[san_dirname18] +commonName = "t17 + +[san_dirname19] +commonName = "t18 + +[san_dirname20] +commonName = "t19 + +[san_dirname21] +commonName = "t20 + +[san_dirname22] +commonName = "t21 + +[san_dirname23] +commonName = "t22 + +[san_dirname24] +commonName = "t23 + +[san_dirname25] +commonName = "t24 + +[san_dirname26] +commonName = "t25 + +[san_dirname27] +commonName = "t26 + +[san_dirname28] +commonName = "t27 + +[san_dirname29] +commonName = "t28 + +[san_dirname30] +commonName = "t29 + +[san_dirname31] +commonName = "t30 + +[san_dirname32] +commonName = "t31 + +[san_dirname33] +commonName = "t32 + +[san_dirname34] +commonName = "t33 + +[san_dirname35] +commonName = "t34 + +[san_dirname36] +commonName = "t35 + +[san_dirname37] +commonName = "t36 + +[san_dirname38] +commonName = "t37 + +[san_dirname39] +commonName = "t38 + +[san_dirname40] +commonName = "t39 + +[san_dirname41] +commonName = "t40 + +[san_dirname42] +commonName = "t41 + +[san_dirname43] +commonName = "t42 + +[san_dirname44] +commonName = "t43 + +[san_dirname45] +commonName = "t44 + +[san_dirname46] +commonName = "t45 + +[san_dirname47] +commonName = "t46 + +[san_dirname48] +commonName = "t47 + +[san_dirname49] +commonName = "t48 + +[san_dirname50] +commonName = "t49 + +[san_dirname51] +commonName = "t50 + +[san_dirname52] +commonName = "t51 + +[san_dirname53] +commonName = "t52 + +[san_dirname54] +commonName = "t53 + +[san_dirname55] +commonName = "t54 + +[san_dirname56] +commonName = "t55 + +[san_dirname57] +commonName = "t56 + +[san_dirname58] +commonName = "t57 + +[san_dirname59] +commonName = "t58 + +[san_dirname60] +commonName = "t59 + +[san_dirname61] +commonName = "t60 + +[san_dirname62] +commonName = "t61 + +[san_dirname63] +commonName = "t62 + +[san_dirname64] +commonName = "t63 + +[san_dirname65] +commonName = "t64 + +[san_dirname66] +commonName = "t65 + +[san_dirname67] +commonName = "t66 + +[san_dirname68] +commonName = "t67 + +[san_dirname69] +commonName = "t68 + +[san_dirname70] +commonName = "t69 + +[san_dirname71] +commonName = "t70 + +[san_dirname72] +commonName = "t71 + +[san_dirname73] +commonName = "t72 + +[san_dirname74] +commonName = "t73 + +[san_dirname75] +commonName = "t74 + +[san_dirname76] +commonName = "t75 + +[san_dirname77] +commonName = "t76 + +[san_dirname78] +commonName = "t77 + +[san_dirname79] +commonName = "t78 + +[san_dirname80] +commonName = "t79 + +[san_dirname81] +commonName = "t80 + +[san_dirname82] +commonName = "t81 + +[san_dirname83] +commonName = "t82 + +[san_dirname84] +commonName = "t83 + +[san_dirname85] +commonName = "t84 + +[san_dirname86] +commonName = "t85 + +[san_dirname87] +commonName = "t86 + +[san_dirname88] +commonName = "t87 + +[san_dirname89] +commonName = "t88 + +[san_dirname90] +commonName = "t89 + +[san_dirname91] +commonName = "t90 + +[san_dirname92] +commonName = "t91 + +[san_dirname93] +commonName = "t92 + +[san_dirname94] +commonName = "t93 + +[san_dirname95] +commonName = "t94 + +[san_dirname96] +commonName = "t95 + +[san_dirname97] +commonName = "t96 + +[san_dirname98] +commonName = "t97 + +[san_dirname99] +commonName = "t98 + +[san_dirname100] +commonName = "t99 + +[san_dirname101] +commonName = "t100 + +[san_dirname102] +commonName = "t101 + +[san_dirname103] +commonName = "t102 + +[san_dirname104] +commonName = "t103 + +[san_dirname105] +commonName = "t104 + +[san_dirname106] +commonName = "t105 + +[san_dirname107] +commonName = "t106 + +[san_dirname108] +commonName = "t107 + +[san_dirname109] +commonName = "t108 + +[san_dirname110] +commonName = "t109 + +[san_dirname111] +commonName = "t110 + +[san_dirname112] +commonName = "t111 + +[san_dirname113] +commonName = "t112 + +[san_dirname114] +commonName = "t113 + +[san_dirname115] +commonName = "t114 + +[san_dirname116] +commonName = "t115 + +[san_dirname117] +commonName = "t116 + +[san_dirname118] +commonName = "t117 + +[san_dirname119] +commonName = "t118 + +[san_dirname120] +commonName = "t119 + +[san_dirname121] +commonName = "t120 + +[san_dirname122] +commonName = "t121 + +[san_dirname123] +commonName = "t122 + +[san_dirname124] +commonName = "t123 + +[san_dirname125] +commonName = "t124 + +[san_dirname126] +commonName = "t125 + +[san_dirname127] +commonName = "t126 + +[san_dirname128] +commonName = "t127 + +[san_dirname129] +commonName = "t128 + +[san_dirname130] +commonName = "t129 + +[san_dirname131] +commonName = "t130 + +[san_dirname132] +commonName = "t131 + +[san_dirname133] +commonName = "t132 + +[san_dirname134] +commonName = "t133 + +[san_dirname135] +commonName = "t134 + +[san_dirname136] +commonName = "t135 + +[san_dirname137] +commonName = "t136 + +[san_dirname138] +commonName = "t137 + +[san_dirname139] +commonName = "t138 + +[san_dirname140] +commonName = "t139 + +[san_dirname141] +commonName = "t140 + +[san_dirname142] +commonName = "t141 + +[san_dirname143] +commonName = "t142 + +[san_dirname144] +commonName = "t143 + +[san_dirname145] +commonName = "t144 + +[san_dirname146] +commonName = "t145 + +[san_dirname147] +commonName = "t146 + +[san_dirname148] +commonName = "t147 + +[san_dirname149] +commonName = "t148 + +[san_dirname150] +commonName = "t149 + +[san_dirname151] +commonName = "t150 + +[san_dirname152] +commonName = "t151 + +[san_dirname153] +commonName = "t152 + +[san_dirname154] +commonName = "t153 + +[san_dirname155] +commonName = "t154 + +[san_dirname156] +commonName = "t155 + +[san_dirname157] +commonName = "t156 + +[san_dirname158] +commonName = "t157 + +[san_dirname159] +commonName = "t158 + +[san_dirname160] +commonName = "t159 + +[san_dirname161] +commonName = "t160 + +[san_dirname162] +commonName = "t161 + +[san_dirname163] +commonName = "t162 + +[san_dirname164] +commonName = "t163 + +[san_dirname165] +commonName = "t164 + +[san_dirname166] +commonName = "t165 + +[san_dirname167] +commonName = "t166 + +[san_dirname168] +commonName = "t167 + +[san_dirname169] +commonName = "t168 + +[san_dirname170] +commonName = "t169 + +[san_dirname171] +commonName = "t170 + +[san_dirname172] +commonName = "t171 + +[san_dirname173] +commonName = "t172 + +[san_dirname174] +commonName = "t173 + +[san_dirname175] +commonName = "t174 + +[san_dirname176] +commonName = "t175 + +[san_dirname177] +commonName = "t176 + +[san_dirname178] +commonName = "t177 + +[san_dirname179] +commonName = "t178 + +[san_dirname180] +commonName = "t179 + +[san_dirname181] +commonName = "t180 + +[san_dirname182] +commonName = "t181 + +[san_dirname183] +commonName = "t182 + +[san_dirname184] +commonName = "t183 + +[san_dirname185] +commonName = "t184 + +[san_dirname186] +commonName = "t185 + +[san_dirname187] +commonName = "t186 + +[san_dirname188] +commonName = "t187 + +[san_dirname189] +commonName = "t188 + +[san_dirname190] +commonName = "t189 + +[san_dirname191] +commonName = "t190 + +[san_dirname192] +commonName = "t191 + +[san_dirname193] +commonName = "t192 + +[san_dirname194] +commonName = "t193 + +[san_dirname195] +commonName = "t194 + +[san_dirname196] +commonName = "t195 + +[san_dirname197] +commonName = "t196 + +[san_dirname198] +commonName = "t197 + +[san_dirname199] +commonName = "t198 + +[san_dirname200] +commonName = "t199 + +[san_dirname201] +commonName = "t200 + +[san_dirname202] +commonName = "t201 + +[san_dirname203] +commonName = "t202 + +[san_dirname204] +commonName = "t203 + +[san_dirname205] +commonName = "t204 + +[san_dirname206] +commonName = "t205 + +[san_dirname207] +commonName = "t206 + +[san_dirname208] +commonName = "t207 + +[san_dirname209] +commonName = "t208 + +[san_dirname210] +commonName = "t209 + +[san_dirname211] +commonName = "t210 + +[san_dirname212] +commonName = "t211 + +[san_dirname213] +commonName = "t212 + +[san_dirname214] +commonName = "t213 + +[san_dirname215] +commonName = "t214 + +[san_dirname216] +commonName = "t215 + +[san_dirname217] +commonName = "t216 + +[san_dirname218] +commonName = "t217 + +[san_dirname219] +commonName = "t218 + +[san_dirname220] +commonName = "t219 + +[san_dirname221] +commonName = "t220 + +[san_dirname222] +commonName = "t221 + +[san_dirname223] +commonName = "t222 + +[san_dirname224] +commonName = "t223 + +[san_dirname225] +commonName = "t224 + +[san_dirname226] +commonName = "t225 + +[san_dirname227] +commonName = "t226 + +[san_dirname228] +commonName = "t227 + +[san_dirname229] +commonName = "t228 + +[san_dirname230] +commonName = "t229 + +[san_dirname231] +commonName = "t230 + +[san_dirname232] +commonName = "t231 + +[san_dirname233] +commonName = "t232 + +[san_dirname234] +commonName = "t233 + +[san_dirname235] +commonName = "t234 + +[san_dirname236] +commonName = "t235 + +[san_dirname237] +commonName = "t236 + +[san_dirname238] +commonName = "t237 + +[san_dirname239] +commonName = "t238 + +[san_dirname240] +commonName = "t239 + +[san_dirname241] +commonName = "t240 + +[san_dirname242] +commonName = "t241 + +[san_dirname243] +commonName = "t242 + +[san_dirname244] +commonName = "t243 + +[san_dirname245] +commonName = "t244 + +[san_dirname246] +commonName = "t245 + +[san_dirname247] +commonName = "t246 + +[san_dirname248] +commonName = "t247 + +[san_dirname249] +commonName = "t248 + +[san_dirname250] +commonName = "t249 + +[san_dirname251] +commonName = "t250 + +[san_dirname252] +commonName = "t251 + +[san_dirname253] +commonName = "t252 + +[san_dirname254] +commonName = "t253 + +[san_dirname255] +commonName = "t254 + +[san_dirname256] +commonName = "t255 + +[san_dirname257] +commonName = "t256 + +[san_dirname258] +commonName = "t257 + +[san_dirname259] +commonName = "t258 + +[san_dirname260] +commonName = "t259 + +[san_dirname261] +commonName = "t260 + +[san_dirname262] +commonName = "t261 + +[san_dirname263] +commonName = "t262 + +[san_dirname264] +commonName = "t263 + +[san_dirname265] +commonName = "t264 + +[san_dirname266] +commonName = "t265 + +[san_dirname267] +commonName = "t266 + +[san_dirname268] +commonName = "t267 + +[san_dirname269] +commonName = "t268 + +[san_dirname270] +commonName = "t269 + +[san_dirname271] +commonName = "t270 + +[san_dirname272] +commonName = "t271 + +[san_dirname273] +commonName = "t272 + +[san_dirname274] +commonName = "t273 + +[san_dirname275] +commonName = "t274 + +[san_dirname276] +commonName = "t275 + +[san_dirname277] +commonName = "t276 + +[san_dirname278] +commonName = "t277 + +[san_dirname279] +commonName = "t278 + +[san_dirname280] +commonName = "t279 + +[san_dirname281] +commonName = "t280 + +[san_dirname282] +commonName = "t281 + +[san_dirname283] +commonName = "t282 + +[san_dirname284] +commonName = "t283 + +[san_dirname285] +commonName = "t284 + +[san_dirname286] +commonName = "t285 + +[san_dirname287] +commonName = "t286 + +[san_dirname288] +commonName = "t287 + +[san_dirname289] +commonName = "t288 + +[san_dirname290] +commonName = "t289 + +[san_dirname291] +commonName = "t290 + +[san_dirname292] +commonName = "t291 + +[san_dirname293] +commonName = "t292 + +[san_dirname294] +commonName = "t293 + +[san_dirname295] +commonName = "t294 + +[san_dirname296] +commonName = "t295 + +[san_dirname297] +commonName = "t296 + +[san_dirname298] +commonName = "t297 + +[san_dirname299] +commonName = "t298 + +[san_dirname300] +commonName = "t299 + +[san_dirname301] +commonName = "t300 + +[san_dirname302] +commonName = "t301 + +[san_dirname303] +commonName = "t302 + +[san_dirname304] +commonName = "t303 + +[san_dirname305] +commonName = "t304 + +[san_dirname306] +commonName = "t305 + +[san_dirname307] +commonName = "t306 + +[san_dirname308] +commonName = "t307 + +[san_dirname309] +commonName = "t308 + +[san_dirname310] +commonName = "t309 + +[san_dirname311] +commonName = "t310 + +[san_dirname312] +commonName = "t311 + +[san_dirname313] +commonName = "t312 + +[san_dirname314] +commonName = "t313 + +[san_dirname315] +commonName = "t314 + +[san_dirname316] +commonName = "t315 + +[san_dirname317] +commonName = "t316 + +[san_dirname318] +commonName = "t317 + +[san_dirname319] +commonName = "t318 + +[san_dirname320] +commonName = "t319 + +[san_dirname321] +commonName = "t320 + +[san_dirname322] +commonName = "t321 + +[san_dirname323] +commonName = "t322 + +[san_dirname324] +commonName = "t323 + +[san_dirname325] +commonName = "t324 + +[san_dirname326] +commonName = "t325 + +[san_dirname327] +commonName = "t326 + +[san_dirname328] +commonName = "t327 + +[san_dirname329] +commonName = "t328 + +[san_dirname330] +commonName = "t329 + +[san_dirname331] +commonName = "t330 + +[san_dirname332] +commonName = "t331 + +[san_dirname333] +commonName = "t332 + +[san_dirname334] +commonName = "t333 + +[san_dirname335] +commonName = "t334 + +[san_dirname336] +commonName = "t335 + +[san_dirname337] +commonName = "t336 + +[san_dirname338] +commonName = "t337 + +[san_dirname339] +commonName = "t338 + +[san_dirname340] +commonName = "t339 + +[san_dirname341] +commonName = "t340 + +[san_dirname342] +commonName = "t341 + +[san_dirname343] +commonName = "t342 + +[san_dirname344] +commonName = "t343 + +[san_dirname345] +commonName = "t344 + +[san_dirname346] +commonName = "t345 + +[san_dirname347] +commonName = "t346 + +[san_dirname348] +commonName = "t347 + +[san_dirname349] +commonName = "t348 + +[san_dirname350] +commonName = "t349 + +[san_dirname351] +commonName = "t350 + +[san_dirname352] +commonName = "t351 + +[san_dirname353] +commonName = "t352 + +[san_dirname354] +commonName = "t353 + +[san_dirname355] +commonName = "t354 + +[san_dirname356] +commonName = "t355 + +[san_dirname357] +commonName = "t356 + +[san_dirname358] +commonName = "t357 + +[san_dirname359] +commonName = "t358 + +[san_dirname360] +commonName = "t359 + +[san_dirname361] +commonName = "t360 + +[san_dirname362] +commonName = "t361 + +[san_dirname363] +commonName = "t362 + +[san_dirname364] +commonName = "t363 + +[san_dirname365] +commonName = "t364 + +[san_dirname366] +commonName = "t365 + +[san_dirname367] +commonName = "t366 + +[san_dirname368] +commonName = "t367 + +[san_dirname369] +commonName = "t368 + +[san_dirname370] +commonName = "t369 + +[san_dirname371] +commonName = "t370 + +[san_dirname372] +commonName = "t371 + +[san_dirname373] +commonName = "t372 + +[san_dirname374] +commonName = "t373 + +[san_dirname375] +commonName = "t374 + +[san_dirname376] +commonName = "t375 + +[san_dirname377] +commonName = "t376 + +[san_dirname378] +commonName = "t377 + +[san_dirname379] +commonName = "t378 + +[san_dirname380] +commonName = "t379 + +[san_dirname381] +commonName = "t380 + +[san_dirname382] +commonName = "t381 + +[san_dirname383] +commonName = "t382 + +[san_dirname384] +commonName = "t383 + +[san_dirname385] +commonName = "t384 + +[san_dirname386] +commonName = "t385 + +[san_dirname387] +commonName = "t386 + +[san_dirname388] +commonName = "t387 + +[san_dirname389] +commonName = "t388 + +[san_dirname390] +commonName = "t389 + +[san_dirname391] +commonName = "t390 + +[san_dirname392] +commonName = "t391 + +[san_dirname393] +commonName = "t392 + +[san_dirname394] +commonName = "t393 + +[san_dirname395] +commonName = "t394 + +[san_dirname396] +commonName = "t395 + +[san_dirname397] +commonName = "t396 + +[san_dirname398] +commonName = "t397 + +[san_dirname399] +commonName = "t398 + +[san_dirname400] +commonName = "t399 + +[san_dirname401] +commonName = "t400 + +[san_dirname402] +commonName = "t401 + +[san_dirname403] +commonName = "t402 + +[san_dirname404] +commonName = "t403 + +[san_dirname405] +commonName = "t404 + +[san_dirname406] +commonName = "t405 + +[san_dirname407] +commonName = "t406 + +[san_dirname408] +commonName = "t407 + +[san_dirname409] +commonName = "t408 + +[san_dirname410] +commonName = "t409 + +[san_dirname411] +commonName = "t410 + +[san_dirname412] +commonName = "t411 + +[san_dirname413] +commonName = "t412 + +[san_dirname414] +commonName = "t413 + +[san_dirname415] +commonName = "t414 + +[san_dirname416] +commonName = "t415 + +[san_dirname417] +commonName = "t416 + +[san_dirname418] +commonName = "t417 + +[san_dirname419] +commonName = "t418 + +[san_dirname420] +commonName = "t419 + +[san_dirname421] +commonName = "t420 + +[san_dirname422] +commonName = "t421 + +[san_dirname423] +commonName = "t422 + +[san_dirname424] +commonName = "t423 + +[san_dirname425] +commonName = "t424 + +[san_dirname426] +commonName = "t425 + +[san_dirname427] +commonName = "t426 + +[san_dirname428] +commonName = "t427 + +[san_dirname429] +commonName = "t428 + +[san_dirname430] +commonName = "t429 + +[san_dirname431] +commonName = "t430 + +[san_dirname432] +commonName = "t431 + +[san_dirname433] +commonName = "t432 + +[san_dirname434] +commonName = "t433 + +[san_dirname435] +commonName = "t434 + +[san_dirname436] +commonName = "t435 + +[san_dirname437] +commonName = "t436 + +[san_dirname438] +commonName = "t437 + +[san_dirname439] +commonName = "t438 + +[san_dirname440] +commonName = "t439 + +[san_dirname441] +commonName = "t440 + +[san_dirname442] +commonName = "t441 + +[san_dirname443] +commonName = "t442 + +[san_dirname444] +commonName = "t443 + +[san_dirname445] +commonName = "t444 + +[san_dirname446] +commonName = "t445 + +[san_dirname447] +commonName = "t446 + +[san_dirname448] +commonName = "t447 + +[san_dirname449] +commonName = "t448 + +[san_dirname450] +commonName = "t449 + +[san_dirname451] +commonName = "t450 + +[san_dirname452] +commonName = "t451 + +[san_dirname453] +commonName = "t452 + +[san_dirname454] +commonName = "t453 + +[san_dirname455] +commonName = "t454 + +[san_dirname456] +commonName = "t455 + +[san_dirname457] +commonName = "t456 + +[san_dirname458] +commonName = "t457 + +[san_dirname459] +commonName = "t458 + +[san_dirname460] +commonName = "t459 + +[san_dirname461] +commonName = "t460 + +[san_dirname462] +commonName = "t461 + +[san_dirname463] +commonName = "t462 + +[san_dirname464] +commonName = "t463 + +[san_dirname465] +commonName = "t464 + +[san_dirname466] +commonName = "t465 + +[san_dirname467] +commonName = "t466 + +[san_dirname468] +commonName = "t467 + +[san_dirname469] +commonName = "t468 + +[san_dirname470] +commonName = "t469 + +[san_dirname471] +commonName = "t470 + +[san_dirname472] +commonName = "t471 + +[san_dirname473] +commonName = "t472 + +[san_dirname474] +commonName = "t473 + +[san_dirname475] +commonName = "t474 + +[san_dirname476] +commonName = "t475 + +[san_dirname477] +commonName = "t476 + +[san_dirname478] +commonName = "t477 + +[san_dirname479] +commonName = "t478 + +[san_dirname480] +commonName = "t479 + +[san_dirname481] +commonName = "t480 + +[san_dirname482] +commonName = "t481 + +[san_dirname483] +commonName = "t482 + +[san_dirname484] +commonName = "t483 + +[san_dirname485] +commonName = "t484 + +[san_dirname486] +commonName = "t485 + +[san_dirname487] +commonName = "t486 + +[san_dirname488] +commonName = "t487 + +[san_dirname489] +commonName = "t488 + +[san_dirname490] +commonName = "t489 + +[san_dirname491] +commonName = "t490 + +[san_dirname492] +commonName = "t491 + +[san_dirname493] +commonName = "t492 + +[san_dirname494] +commonName = "t493 + +[san_dirname495] +commonName = "t494 + +[san_dirname496] +commonName = "t495 + +[san_dirname497] +commonName = "t496 + +[san_dirname498] +commonName = "t497 + +[san_dirname499] +commonName = "t498 + +[san_dirname500] +commonName = "t499 + +[san_dirname501] +commonName = "t500 + +[san_dirname502] +commonName = "t501 + +[san_dirname503] +commonName = "t502 + +[san_dirname504] +commonName = "t503 + +[san_dirname505] +commonName = "t504 + +[san_dirname506] +commonName = "t505 + +[san_dirname507] +commonName = "t506 + +[san_dirname508] +commonName = "t507 + +[san_dirname509] +commonName = "t508 + +[san_dirname510] +commonName = "t509 + +[san_dirname511] +commonName = "t510 + +[san_dirname512] +commonName = "t511 + +[san_dirname513] +commonName = "t512 + +[san_dirname514] +commonName = "t513 + +[san_dirname515] +commonName = "t514 + +[san_dirname516] +commonName = "t515 + +[san_dirname517] +commonName = "t516 + +[san_dirname518] +commonName = "t517 + +[san_dirname519] +commonName = "t518 + +[san_dirname520] +commonName = "t519 + +[san_dirname521] +commonName = "t520 + +[san_dirname522] +commonName = "t521 + +[san_dirname523] +commonName = "t522 + +[san_dirname524] +commonName = "t523 + +[san_dirname525] +commonName = "t524 + +[san_dirname526] +commonName = "t525 + +[san_dirname527] +commonName = "t526 + +[san_dirname528] +commonName = "t527 + +[san_dirname529] +commonName = "t528 + +[san_dirname530] +commonName = "t529 + +[san_dirname531] +commonName = "t530 + +[san_dirname532] +commonName = "t531 + +[san_dirname533] +commonName = "t532 + +[san_dirname534] +commonName = "t533 + +[san_dirname535] +commonName = "t534 + +[san_dirname536] +commonName = "t535 + +[san_dirname537] +commonName = "t536 + +[san_dirname538] +commonName = "t537 + +[san_dirname539] +commonName = "t538 + +[san_dirname540] +commonName = "t539 + +[san_dirname541] +commonName = "t540 + +[san_dirname542] +commonName = "t541 + +[san_dirname543] +commonName = "t542 + +[san_dirname544] +commonName = "t543 + +[san_dirname545] +commonName = "t544 + +[san_dirname546] +commonName = "t545 + +[san_dirname547] +commonName = "t546 + +[san_dirname548] +commonName = "t547 + +[san_dirname549] +commonName = "t548 + +[san_dirname550] +commonName = "t549 + +[san_dirname551] +commonName = "t550 + +[san_dirname552] +commonName = "t551 + +[san_dirname553] +commonName = "t552 + +[san_dirname554] +commonName = "t553 + +[san_dirname555] +commonName = "t554 + +[san_dirname556] +commonName = "t555 + +[san_dirname557] +commonName = "t556 + +[san_dirname558] +commonName = "t557 + +[san_dirname559] +commonName = "t558 + +[san_dirname560] +commonName = "t559 + +[san_dirname561] +commonName = "t560 + +[san_dirname562] +commonName = "t561 + +[san_dirname563] +commonName = "t562 + +[san_dirname564] +commonName = "t563 + +[san_dirname565] +commonName = "t564 + +[san_dirname566] +commonName = "t565 + +[san_dirname567] +commonName = "t566 + +[san_dirname568] +commonName = "t567 + +[san_dirname569] +commonName = "t568 + +[san_dirname570] +commonName = "t569 + +[san_dirname571] +commonName = "t570 + +[san_dirname572] +commonName = "t571 + +[san_dirname573] +commonName = "t572 + +[san_dirname574] +commonName = "t573 + +[san_dirname575] +commonName = "t574 + +[san_dirname576] +commonName = "t575 + +[san_dirname577] +commonName = "t576 + +[san_dirname578] +commonName = "t577 + +[san_dirname579] +commonName = "t578 + +[san_dirname580] +commonName = "t579 + +[san_dirname581] +commonName = "t580 + +[san_dirname582] +commonName = "t581 + +[san_dirname583] +commonName = "t582 + +[san_dirname584] +commonName = "t583 + +[san_dirname585] +commonName = "t584 + +[san_dirname586] +commonName = "t585 + +[san_dirname587] +commonName = "t586 + +[san_dirname588] +commonName = "t587 + +[san_dirname589] +commonName = "t588 + +[san_dirname590] +commonName = "t589 + +[san_dirname591] +commonName = "t590 + +[san_dirname592] +commonName = "t591 + +[san_dirname593] +commonName = "t592 + +[san_dirname594] +commonName = "t593 + +[san_dirname595] +commonName = "t594 + +[san_dirname596] +commonName = "t595 + +[san_dirname597] +commonName = "t596 + +[san_dirname598] +commonName = "t597 + +[san_dirname599] +commonName = "t598 + +[san_dirname600] +commonName = "t599 + +[san_dirname601] +commonName = "t600 + +[san_dirname602] +commonName = "t601 + +[san_dirname603] +commonName = "t602 + +[san_dirname604] +commonName = "t603 + +[san_dirname605] +commonName = "t604 + +[san_dirname606] +commonName = "t605 + +[san_dirname607] +commonName = "t606 + +[san_dirname608] +commonName = "t607 + +[san_dirname609] +commonName = "t608 + +[san_dirname610] +commonName = "t609 + +[san_dirname611] +commonName = "t610 + +[san_dirname612] +commonName = "t611 + +[san_dirname613] +commonName = "t612 + +[san_dirname614] +commonName = "t613 + +[san_dirname615] +commonName = "t614 + +[san_dirname616] +commonName = "t615 + +[san_dirname617] +commonName = "t616 + +[san_dirname618] +commonName = "t617 + +[san_dirname619] +commonName = "t618 + +[san_dirname620] +commonName = "t619 + +[san_dirname621] +commonName = "t620 + +[san_dirname622] +commonName = "t621 + +[san_dirname623] +commonName = "t622 + +[san_dirname624] +commonName = "t623 + +[san_dirname625] +commonName = "t624 + +[san_dirname626] +commonName = "t625 + +[san_dirname627] +commonName = "t626 + +[san_dirname628] +commonName = "t627 + +[san_dirname629] +commonName = "t628 + +[san_dirname630] +commonName = "t629 + +[san_dirname631] +commonName = "t630 + +[san_dirname632] +commonName = "t631 + +[san_dirname633] +commonName = "t632 + +[san_dirname634] +commonName = "t633 + +[san_dirname635] +commonName = "t634 + +[san_dirname636] +commonName = "t635 + +[san_dirname637] +commonName = "t636 + +[san_dirname638] +commonName = "t637 + +[san_dirname639] +commonName = "t638 + +[san_dirname640] +commonName = "t639 + +[san_dirname641] +commonName = "t640 + +[san_dirname642] +commonName = "t641 + +[san_dirname643] +commonName = "t642 + +[san_dirname644] +commonName = "t643 + +[san_dirname645] +commonName = "t644 + +[san_dirname646] +commonName = "t645 + +[san_dirname647] +commonName = "t646 + +[san_dirname648] +commonName = "t647 + +[san_dirname649] +commonName = "t648 + +[san_dirname650] +commonName = "t649 + +[san_dirname651] +commonName = "t650 + +[san_dirname652] +commonName = "t651 + +[san_dirname653] +commonName = "t652 + +[san_dirname654] +commonName = "t653 + +[san_dirname655] +commonName = "t654 + +[san_dirname656] +commonName = "t655 + +[san_dirname657] +commonName = "t656 + +[san_dirname658] +commonName = "t657 + +[san_dirname659] +commonName = "t658 + +[san_dirname660] +commonName = "t659 + +[san_dirname661] +commonName = "t660 + +[san_dirname662] +commonName = "t661 + +[san_dirname663] +commonName = "t662 + +[san_dirname664] +commonName = "t663 + +[san_dirname665] +commonName = "t664 + +[san_dirname666] +commonName = "t665 + +[san_dirname667] +commonName = "t666 + +[san_dirname668] +commonName = "t667 + +[san_dirname669] +commonName = "t668 + +[san_dirname670] +commonName = "t669 + +[san_dirname671] +commonName = "t670 + +[san_dirname672] +commonName = "t671 + +[san_dirname673] +commonName = "t672 + +[san_dirname674] +commonName = "t673 + +[san_dirname675] +commonName = "t674 + +[san_dirname676] +commonName = "t675 + +[san_dirname677] +commonName = "t676 + +[san_dirname678] +commonName = "t677 + +[san_dirname679] +commonName = "t678 + +[san_dirname680] +commonName = "t679 + +[san_dirname681] +commonName = "t680 + +[san_dirname682] +commonName = "t681 + +[san_dirname683] +commonName = "t682 + +[san_dirname684] +commonName = "t683 + +[san_dirname685] +commonName = "t684 + +[san_dirname686] +commonName = "t685 + +[san_dirname687] +commonName = "t686 + +[san_dirname688] +commonName = "t687 + +[san_dirname689] +commonName = "t688 + +[san_dirname690] +commonName = "t689 + +[san_dirname691] +commonName = "t690 + +[san_dirname692] +commonName = "t691 + +[san_dirname693] +commonName = "t692 + +[san_dirname694] +commonName = "t693 + +[san_dirname695] +commonName = "t694 + +[san_dirname696] +commonName = "t695 + +[san_dirname697] +commonName = "t696 + +[san_dirname698] +commonName = "t697 + +[san_dirname699] +commonName = "t698 + +[san_dirname700] +commonName = "t699 + +[san_dirname701] +commonName = "t700 + +[san_dirname702] +commonName = "t701 + +[san_dirname703] +commonName = "t702 + +[san_dirname704] +commonName = "t703 + +[san_dirname705] +commonName = "t704 + +[san_dirname706] +commonName = "t705 + +[san_dirname707] +commonName = "t706 + +[san_dirname708] +commonName = "t707 + +[san_dirname709] +commonName = "t708 + +[san_dirname710] +commonName = "t709 + +[san_dirname711] +commonName = "t710 + +[san_dirname712] +commonName = "t711 + +[san_dirname713] +commonName = "t712 + +[san_dirname714] +commonName = "t713 + +[san_dirname715] +commonName = "t714 + +[san_dirname716] +commonName = "t715 + +[san_dirname717] +commonName = "t716 + +[san_dirname718] +commonName = "t717 + +[san_dirname719] +commonName = "t718 + +[san_dirname720] +commonName = "t719 + +[san_dirname721] +commonName = "t720 + +[san_dirname722] +commonName = "t721 + +[san_dirname723] +commonName = "t722 + +[san_dirname724] +commonName = "t723 + +[san_dirname725] +commonName = "t724 + +[san_dirname726] +commonName = "t725 + +[san_dirname727] +commonName = "t726 + +[san_dirname728] +commonName = "t727 + +[san_dirname729] +commonName = "t728 + +[san_dirname730] +commonName = "t729 + +[san_dirname731] +commonName = "t730 + +[san_dirname732] +commonName = "t731 + +[san_dirname733] +commonName = "t732 + +[san_dirname734] +commonName = "t733 + +[san_dirname735] +commonName = "t734 + +[san_dirname736] +commonName = "t735 + +[san_dirname737] +commonName = "t736 + +[san_dirname738] +commonName = "t737 + +[san_dirname739] +commonName = "t738 + +[san_dirname740] +commonName = "t739 + +[san_dirname741] +commonName = "t740 + +[san_dirname742] +commonName = "t741 + +[san_dirname743] +commonName = "t742 + +[san_dirname744] +commonName = "t743 + +[san_dirname745] +commonName = "t744 + +[san_dirname746] +commonName = "t745 + +[san_dirname747] +commonName = "t746 + +[san_dirname748] +commonName = "t747 + +[san_dirname749] +commonName = "t748 + +[san_dirname750] +commonName = "t749 + +[san_dirname751] +commonName = "t750 + +[san_dirname752] +commonName = "t751 + +[san_dirname753] +commonName = "t752 + +[san_dirname754] +commonName = "t753 + +[san_dirname755] +commonName = "t754 + +[san_dirname756] +commonName = "t755 + +[san_dirname757] +commonName = "t756 + +[san_dirname758] +commonName = "t757 + +[san_dirname759] +commonName = "t758 + +[san_dirname760] +commonName = "t759 + +[san_dirname761] +commonName = "t760 + +[san_dirname762] +commonName = "t761 + +[san_dirname763] +commonName = "t762 + +[san_dirname764] +commonName = "t763 + +[san_dirname765] +commonName = "t764 + +[san_dirname766] +commonName = "t765 + +[san_dirname767] +commonName = "t766 + +[san_dirname768] +commonName = "t767 + +[san_dirname769] +commonName = "t768 + +[san_dirname770] +commonName = "t769 + +[san_dirname771] +commonName = "t770 + +[san_dirname772] +commonName = "t771 + +[san_dirname773] +commonName = "t772 + +[san_dirname774] +commonName = "t773 + +[san_dirname775] +commonName = "t774 + +[san_dirname776] +commonName = "t775 + +[san_dirname777] +commonName = "t776 + +[san_dirname778] +commonName = "t777 + +[san_dirname779] +commonName = "t778 + +[san_dirname780] +commonName = "t779 + +[san_dirname781] +commonName = "t780 + +[san_dirname782] +commonName = "t781 + +[san_dirname783] +commonName = "t782 + +[san_dirname784] +commonName = "t783 + +[san_dirname785] +commonName = "t784 + +[san_dirname786] +commonName = "t785 + +[san_dirname787] +commonName = "t786 + +[san_dirname788] +commonName = "t787 + +[san_dirname789] +commonName = "t788 + +[san_dirname790] +commonName = "t789 + +[san_dirname791] +commonName = "t790 + +[san_dirname792] +commonName = "t791 + +[san_dirname793] +commonName = "t792 + +[san_dirname794] +commonName = "t793 + +[san_dirname795] +commonName = "t794 + +[san_dirname796] +commonName = "t795 + +[san_dirname797] +commonName = "t796 + +[san_dirname798] +commonName = "t797 + +[san_dirname799] +commonName = "t798 + +[san_dirname800] +commonName = "t799 + +[san_dirname801] +commonName = "t800 + +[san_dirname802] +commonName = "t801 + +[san_dirname803] +commonName = "t802 + +[san_dirname804] +commonName = "t803 + +[san_dirname805] +commonName = "t804 + +[san_dirname806] +commonName = "t805 + +[san_dirname807] +commonName = "t806 + +[san_dirname808] +commonName = "t807 + +[san_dirname809] +commonName = "t808 + +[san_dirname810] +commonName = "t809 + +[san_dirname811] +commonName = "t810 + +[san_dirname812] +commonName = "t811 + +[san_dirname813] +commonName = "t812 + +[san_dirname814] +commonName = "t813 + +[san_dirname815] +commonName = "t814 + +[san_dirname816] +commonName = "t815 + +[san_dirname817] +commonName = "t816 + +[san_dirname818] +commonName = "t817 + +[san_dirname819] +commonName = "t818 + +[san_dirname820] +commonName = "t819 + +[san_dirname821] +commonName = "t820 + +[san_dirname822] +commonName = "t821 + +[san_dirname823] +commonName = "t822 + +[san_dirname824] +commonName = "t823 + +[san_dirname825] +commonName = "t824 + +[san_dirname826] +commonName = "t825 + +[san_dirname827] +commonName = "t826 + +[san_dirname828] +commonName = "t827 + +[san_dirname829] +commonName = "t828 + +[san_dirname830] +commonName = "t829 + +[san_dirname831] +commonName = "t830 + +[san_dirname832] +commonName = "t831 + +[san_dirname833] +commonName = "t832 + +[san_dirname834] +commonName = "t833 + +[san_dirname835] +commonName = "t834 + +[san_dirname836] +commonName = "t835 + +[san_dirname837] +commonName = "t836 + +[san_dirname838] +commonName = "t837 + +[san_dirname839] +commonName = "t838 + +[san_dirname840] +commonName = "t839 + +[san_dirname841] +commonName = "t840 + +[san_dirname842] +commonName = "t841 + +[san_dirname843] +commonName = "t842 + +[san_dirname844] +commonName = "t843 + +[san_dirname845] +commonName = "t844 + +[san_dirname846] +commonName = "t845 + +[san_dirname847] +commonName = "t846 + +[san_dirname848] +commonName = "t847 + +[san_dirname849] +commonName = "t848 + +[san_dirname850] +commonName = "t849 + +[san_dirname851] +commonName = "t850 + +[san_dirname852] +commonName = "t851 + +[san_dirname853] +commonName = "t852 + +[san_dirname854] +commonName = "t853 + +[san_dirname855] +commonName = "t854 + +[san_dirname856] +commonName = "t855 + +[san_dirname857] +commonName = "t856 + +[san_dirname858] +commonName = "t857 + +[san_dirname859] +commonName = "t858 + +[san_dirname860] +commonName = "t859 + +[san_dirname861] +commonName = "t860 + +[san_dirname862] +commonName = "t861 + +[san_dirname863] +commonName = "t862 + +[san_dirname864] +commonName = "t863 + +[san_dirname865] +commonName = "t864 + +[san_dirname866] +commonName = "t865 + +[san_dirname867] +commonName = "t866 + +[san_dirname868] +commonName = "t867 + +[san_dirname869] +commonName = "t868 + +[san_dirname870] +commonName = "t869 + +[san_dirname871] +commonName = "t870 + +[san_dirname872] +commonName = "t871 + +[san_dirname873] +commonName = "t872 + +[san_dirname874] +commonName = "t873 + +[san_dirname875] +commonName = "t874 + +[san_dirname876] +commonName = "t875 + +[san_dirname877] +commonName = "t876 + +[san_dirname878] +commonName = "t877 + +[san_dirname879] +commonName = "t878 + +[san_dirname880] +commonName = "t879 + +[san_dirname881] +commonName = "t880 + +[san_dirname882] +commonName = "t881 + +[san_dirname883] +commonName = "t882 + +[san_dirname884] +commonName = "t883 + +[san_dirname885] +commonName = "t884 + +[san_dirname886] +commonName = "t885 + +[san_dirname887] +commonName = "t886 + +[san_dirname888] +commonName = "t887 + +[san_dirname889] +commonName = "t888 + +[san_dirname890] +commonName = "t889 + +[san_dirname891] +commonName = "t890 + +[san_dirname892] +commonName = "t891 + +[san_dirname893] +commonName = "t892 + +[san_dirname894] +commonName = "t893 + +[san_dirname895] +commonName = "t894 + +[san_dirname896] +commonName = "t895 + +[san_dirname897] +commonName = "t896 + +[san_dirname898] +commonName = "t897 + +[san_dirname899] +commonName = "t898 + +[san_dirname900] +commonName = "t899 + +[san_dirname901] +commonName = "t900 + +[san_dirname902] +commonName = "t901 + +[san_dirname903] +commonName = "t902 + +[san_dirname904] +commonName = "t903 + +[san_dirname905] +commonName = "t904 + +[san_dirname906] +commonName = "t905 + +[san_dirname907] +commonName = "t906 + +[san_dirname908] +commonName = "t907 + +[san_dirname909] +commonName = "t908 + +[san_dirname910] +commonName = "t909 + +[san_dirname911] +commonName = "t910 + +[san_dirname912] +commonName = "t911 + +[san_dirname913] +commonName = "t912 + +[san_dirname914] +commonName = "t913 + +[san_dirname915] +commonName = "t914 + +[san_dirname916] +commonName = "t915 + +[san_dirname917] +commonName = "t916 + +[san_dirname918] +commonName = "t917 + +[san_dirname919] +commonName = "t918 + +[san_dirname920] +commonName = "t919 + +[san_dirname921] +commonName = "t920 + +[san_dirname922] +commonName = "t921 + +[san_dirname923] +commonName = "t922 + +[san_dirname924] +commonName = "t923 + +[san_dirname925] +commonName = "t924 + +[san_dirname926] +commonName = "t925 + +[san_dirname927] +commonName = "t926 + +[san_dirname928] +commonName = "t927 + +[san_dirname929] +commonName = "t928 + +[san_dirname930] +commonName = "t929 + +[san_dirname931] +commonName = "t930 + +[san_dirname932] +commonName = "t931 + +[san_dirname933] +commonName = "t932 + +[san_dirname934] +commonName = "t933 + +[san_dirname935] +commonName = "t934 + +[san_dirname936] +commonName = "t935 + +[san_dirname937] +commonName = "t936 + +[san_dirname938] +commonName = "t937 + +[san_dirname939] +commonName = "t938 + +[san_dirname940] +commonName = "t939 + +[san_dirname941] +commonName = "t940 + +[san_dirname942] +commonName = "t941 + +[san_dirname943] +commonName = "t942 + +[san_dirname944] +commonName = "t943 + +[san_dirname945] +commonName = "t944 + +[san_dirname946] +commonName = "t945 + +[san_dirname947] +commonName = "t946 + +[san_dirname948] +commonName = "t947 + +[san_dirname949] +commonName = "t948 + +[san_dirname950] +commonName = "t949 + +[san_dirname951] +commonName = "t950 + +[san_dirname952] +commonName = "t951 + +[san_dirname953] +commonName = "t952 + +[san_dirname954] +commonName = "t953 + +[san_dirname955] +commonName = "t954 + +[san_dirname956] +commonName = "t955 + +[san_dirname957] +commonName = "t956 + +[san_dirname958] +commonName = "t957 + +[san_dirname959] +commonName = "t958 + +[san_dirname960] +commonName = "t959 + +[san_dirname961] +commonName = "t960 + +[san_dirname962] +commonName = "t961 + +[san_dirname963] +commonName = "t962 + +[san_dirname964] +commonName = "t963 + +[san_dirname965] +commonName = "t964 + +[san_dirname966] +commonName = "t965 + +[san_dirname967] +commonName = "t966 + +[san_dirname968] +commonName = "t967 + +[san_dirname969] +commonName = "t968 + +[san_dirname970] +commonName = "t969 + +[san_dirname971] +commonName = "t970 + +[san_dirname972] +commonName = "t971 + +[san_dirname973] +commonName = "t972 + +[san_dirname974] +commonName = "t973 + +[san_dirname975] +commonName = "t974 + +[san_dirname976] +commonName = "t975 + +[san_dirname977] +commonName = "t976 + +[san_dirname978] +commonName = "t977 + +[san_dirname979] +commonName = "t978 + +[san_dirname980] +commonName = "t979 + +[san_dirname981] +commonName = "t980 + +[san_dirname982] +commonName = "t981 + +[san_dirname983] +commonName = "t982 + +[san_dirname984] +commonName = "t983 + +[san_dirname985] +commonName = "t984 + +[san_dirname986] +commonName = "t985 + +[san_dirname987] +commonName = "t986 + +[san_dirname988] +commonName = "t987 + +[san_dirname989] +commonName = "t988 + +[san_dirname990] +commonName = "t989 + +[san_dirname991] +commonName = "t990 + +[san_dirname992] +commonName = "t991 + +[san_dirname993] +commonName = "t992 + +[san_dirname994] +commonName = "t993 + +[san_dirname995] +commonName = "t994 + +[san_dirname996] +commonName = "t995 + +[san_dirname997] +commonName = "t996 + +[san_dirname998] +commonName = "t997 + +[san_dirname999] +commonName = "t998 + +[san_dirname1000] +commonName = "t999 + +[san_dirname1001] +commonName = "t1000 + +[san_dirname1002] +commonName = "t1001 + +[san_dirname1003] +commonName = "t1002 + +[san_dirname1004] +commonName = "t1003 + +[san_dirname1005] +commonName = "t1004 + +[san_dirname1006] +commonName = "t1005 + +[san_dirname1007] +commonName = "t1006 + +[san_dirname1008] +commonName = "t1007 + +[san_dirname1009] +commonName = "t1008 + +[san_dirname1010] +commonName = "t1009 + +[san_dirname1011] +commonName = "t1010 + +[san_dirname1012] +commonName = "t1011 + +[san_dirname1013] +commonName = "t1012 + +[san_dirname1014] +commonName = "t1013 + +[san_dirname1015] +commonName = "t1014 + +[san_dirname1016] +commonName = "t1015 + +[san_dirname1017] +commonName = "t1016 + +[san_dirname1018] +commonName = "t1017 + +[san_dirname1019] +commonName = "t1018 + +[san_dirname1020] +commonName = "t1019 + +[san_dirname1021] +commonName = "t1020 + +[san_dirname1022] +commonName = "t1021 + +[san_dirname1023] +commonName = "t1022 + +[san_dirname1024] +commonName = "t1023 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.csr new file mode 100644 index 0000000000..c8b892d0e0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.csr @@ -0,0 +1,421 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIJOdDCCTVwCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggkwgMIJMHAYJKoZIhvcN +AQkOMYJMDTCCTAkwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNV +HREEgkuuMIJLqqQPMA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzAN +MQswCQYDVQQDDAJ0MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSk +DzANMQswCQYDVQQDDAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwC +dDekDzANMQswCQYDVQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UE +AwwDdDEwpBAwDjEMMAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEM +MAoGA1UEAwwDdDEzpBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1 +pBAwDjEMMAoGA1UEAwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UE +AwwDdDE4pBAwDjEMMAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEM +MAoGA1UEAwwDdDIxpBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIz +pBAwDjEMMAoGA1UEAwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UE +AwwDdDI2pBAwDjEMMAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEM +MAoGA1UEAwwDdDI5pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMx +pBAwDjEMMAoGA1UEAwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UE +AwwDdDM0pBAwDjEMMAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEM +MAoGA1UEAwwDdDM3pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5 +pBAwDjEMMAoGA1UEAwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UE +AwwDdDQypBAwDjEMMAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEM +MAoGA1UEAwwDdDQ1pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3 +pBAwDjEMMAoGA1UEAwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UE +AwwDdDUwpBAwDjEMMAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEM +MAoGA1UEAwwDdDUzpBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1 +pBAwDjEMMAoGA1UEAwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UE +AwwDdDU4pBAwDjEMMAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEM +MAoGA1UEAwwDdDYxpBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYz +pBAwDjEMMAoGA1UEAwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UE +AwwDdDY2pBAwDjEMMAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEM +MAoGA1UEAwwDdDY5pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcx +pBAwDjEMMAoGA1UEAwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UE +AwwDdDc0pBAwDjEMMAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEM +MAoGA1UEAwwDdDc3pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5 +pBAwDjEMMAoGA1UEAwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UE +AwwDdDgypBAwDjEMMAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEM +MAoGA1UEAwwDdDg1pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3 +pBAwDjEMMAoGA1UEAwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UE +AwwDdDkwpBAwDjEMMAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEM +MAoGA1UEAwwDdDkzpBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1 +pBAwDjEMMAoGA1UEAwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UE +AwwDdDk4pBAwDjEMMAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8x +DTALBgNVBAMMBHQxMDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwE +dDEwM6QRMA8xDTALBgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzEN +MAsGA1UEAwwEdDEwNqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0 +MTA4pBEwDzENMAsGA1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0w +CwYDVQQDDAR0MTExpBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQx +MTOkETAPMQ0wCwYDVQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTAL +BgNVBAMMBHQxMTakETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDEx +OKQRMA8xDTALBgNVBAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsG +A1UEAwwEdDEyMaQRMA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIz +pBEwDzENMAsGA1UEAwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYD +VQQDDAR0MTI2pBEwDzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjik +ETAPMQ0wCwYDVQQDDAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNV +BAMMBHQxMzGkETAPMQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QR +MA8xDTALBgNVBAMMBHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UE +AwwEdDEzNqQRMA8xDTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEw +DzENMAsGA1UEAwwEdDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQD +DAR0MTQxpBEwDzENMAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAP +MQ0wCwYDVQQDDAR0MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMM +BHQxNDakETAPMQ0wCwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8x +DTALBgNVBAMMBHQxNDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwE +dDE1MaQRMA8xDTALBgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzEN +MAsGA1UEAwwEdDE1NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0 +MTU2pBEwDzENMAsGA1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0w +CwYDVQQDDAR0MTU5pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQx +NjGkETAPMQ0wCwYDVQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTAL +BgNVBAMMBHQxNjSkETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2 +NqQRMA8xDTALBgNVBAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsG +A1UEAwwEdDE2OaQRMA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcx +pBEwDzENMAsGA1UEAwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYD +VQQDDAR0MTc0pBEwDzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzak +ETAPMQ0wCwYDVQQDDAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNV +BAMMBHQxNzmkETAPMQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQR +MA8xDTALBgNVBAMMBHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UE +AwwEdDE4NKQRMA8xDTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEw +DzENMAsGA1UEAwwEdDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQD +DAR0MTg5pBEwDzENMAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAP +MQ0wCwYDVQQDDAR0MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMM +BHQxOTSkETAPMQ0wCwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8x +DTALBgNVBAMMBHQxOTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwE +dDE5OaQRMA8xDTALBgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzEN +MAsGA1UEAwwEdDIwMqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0 +MjA0pBEwDzENMAsGA1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0w +CwYDVQQDDAR0MjA3pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQy +MDmkETAPMQ0wCwYDVQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTAL +BgNVBAMMBHQyMTKkETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIx +NKQRMA8xDTALBgNVBAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsG +A1UEAwwEdDIxN6QRMA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5 +pBEwDzENMAsGA1UEAwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYD +VQQDDAR0MjIypBEwDzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSk +ETAPMQ0wCwYDVQQDDAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNV +BAMMBHQyMjekETAPMQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQR +MA8xDTALBgNVBAMMBHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UE +AwwEdDIzMqQRMA8xDTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEw +DzENMAsGA1UEAwwEdDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQD +DAR0MjM3pBEwDzENMAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAP +MQ0wCwYDVQQDDAR0MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMM +BHQyNDKkETAPMQ0wCwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8x +DTALBgNVBAMMBHQyNDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwE +dDI0N6QRMA8xDTALBgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzEN +MAsGA1UEAwwEdDI1MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0 +MjUypBEwDzENMAsGA1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0w +CwYDVQQDDAR0MjU1pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQy +NTekETAPMQ0wCwYDVQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTAL +BgNVBAMMBHQyNjCkETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2 +MqQRMA8xDTALBgNVBAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsG +A1UEAwwEdDI2NaQRMA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3 +pBEwDzENMAsGA1UEAwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYD +VQQDDAR0MjcwpBEwDzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKk +ETAPMQ0wCwYDVQQDDAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNV +BAMMBHQyNzWkETAPMQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QR +MA8xDTALBgNVBAMMBHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UE +AwwEdDI4MKQRMA8xDTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEw +DzENMAsGA1UEAwwEdDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQD +DAR0Mjg1pBEwDzENMAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAP +MQ0wCwYDVQQDDAR0Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMM +BHQyOTCkETAPMQ0wCwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8x +DTALBgNVBAMMBHQyOTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwE +dDI5NaQRMA8xDTALBgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzEN +MAsGA1UEAwwEdDI5OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0 +MzAwpBEwDzENMAsGA1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0w +CwYDVQQDDAR0MzAzpBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQz +MDWkETAPMQ0wCwYDVQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTAL +BgNVBAMMBHQzMDikETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMx +MKQRMA8xDTALBgNVBAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsG +A1UEAwwEdDMxM6QRMA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1 +pBEwDzENMAsGA1UEAwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYD +VQQDDAR0MzE4pBEwDzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCk +ETAPMQ0wCwYDVQQDDAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNV +BAMMBHQzMjOkETAPMQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQR +MA8xDTALBgNVBAMMBHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UE +AwwEdDMyOKQRMA8xDTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEw +DzENMAsGA1UEAwwEdDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQD +DAR0MzMzpBEwDzENMAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAP +MQ0wCwYDVQQDDAR0MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMM +BHQzMzikETAPMQ0wCwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8x +DTALBgNVBAMMBHQzNDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwE +dDM0M6QRMA8xDTALBgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzEN +MAsGA1UEAwwEdDM0NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0 +MzQ4pBEwDzENMAsGA1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0w +CwYDVQQDDAR0MzUxpBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQz +NTOkETAPMQ0wCwYDVQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTAL +BgNVBAMMBHQzNTakETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1 +OKQRMA8xDTALBgNVBAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsG +A1UEAwwEdDM2MaQRMA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYz +pBEwDzENMAsGA1UEAwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYD +VQQDDAR0MzY2pBEwDzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjik +ETAPMQ0wCwYDVQQDDAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNV +BAMMBHQzNzGkETAPMQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QR +MA8xDTALBgNVBAMMBHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UE +AwwEdDM3NqQRMA8xDTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEw +DzENMAsGA1UEAwwEdDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQD +DAR0MzgxpBEwDzENMAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAP +MQ0wCwYDVQQDDAR0Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMM +BHQzODakETAPMQ0wCwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8x +DTALBgNVBAMMBHQzODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwE +dDM5MaQRMA8xDTALBgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzEN +MAsGA1UEAwwEdDM5NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0 +Mzk2pBEwDzENMAsGA1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0w +CwYDVQQDDAR0Mzk5pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0 +MDGkETAPMQ0wCwYDVQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTAL +BgNVBAMMBHQ0MDSkETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQw +NqQRMA8xDTALBgNVBAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsG +A1UEAwwEdDQwOaQRMA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDEx +pBEwDzENMAsGA1UEAwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYD +VQQDDAR0NDE0pBEwDzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTak +ETAPMQ0wCwYDVQQDDAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNV +BAMMBHQ0MTmkETAPMQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQR +MA8xDTALBgNVBAMMBHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UE +AwwEdDQyNKQRMA8xDTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEw +DzENMAsGA1UEAwwEdDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQD +DAR0NDI5pBEwDzENMAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAP +MQ0wCwYDVQQDDAR0NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMM +BHQ0MzSkETAPMQ0wCwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8x +DTALBgNVBAMMBHQ0MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwE +dDQzOaQRMA8xDTALBgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzEN +MAsGA1UEAwwEdDQ0MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0 +NDQ0pBEwDzENMAsGA1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0w +CwYDVQQDDAR0NDQ3pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0 +NDmkETAPMQ0wCwYDVQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTAL +BgNVBAMMBHQ0NTKkETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1 +NKQRMA8xDTALBgNVBAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsG +A1UEAwwEdDQ1N6QRMA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5 +pBEwDzENMAsGA1UEAwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYD +VQQDDAR0NDYypBEwDzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSk +ETAPMQ0wCwYDVQQDDAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNV +BAMMBHQ0NjekETAPMQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQR +MA8xDTALBgNVBAMMBHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UE +AwwEdDQ3MqQRMA8xDTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEw +DzENMAsGA1UEAwwEdDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQD +DAR0NDc3pBEwDzENMAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAP +MQ0wCwYDVQQDDAR0NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMM +BHQ0ODKkETAPMQ0wCwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8x +DTALBgNVBAMMBHQ0ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwE +dDQ4N6QRMA8xDTALBgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzEN +MAsGA1UEAwwEdDQ5MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0 +NDkypBEwDzENMAsGA1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0w +CwYDVQQDDAR0NDk1pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0 +OTekETAPMQ0wCwYDVQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTAL +BgNVBAMMBHQ1MDCkETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUw +MqQRMA8xDTALBgNVBAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsG +A1UEAwwEdDUwNaQRMA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3 +pBEwDzENMAsGA1UEAwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYD +VQQDDAR0NTEwpBEwDzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKk +ETAPMQ0wCwYDVQQDDAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNV +BAMMBHQ1MTWkETAPMQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QR +MA8xDTALBgNVBAMMBHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UE +AwwEdDUyMKQRMA8xDTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEw +DzENMAsGA1UEAwwEdDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQD +DAR0NTI1pBEwDzENMAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAP +MQ0wCwYDVQQDDAR0NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMM +BHQ1MzCkETAPMQ0wCwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8x +DTALBgNVBAMMBHQ1MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwE +dDUzNaQRMA8xDTALBgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzEN +MAsGA1UEAwwEdDUzOKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0 +NTQwpBEwDzENMAsGA1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0w +CwYDVQQDDAR0NTQzpBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1 +NDWkETAPMQ0wCwYDVQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTAL +BgNVBAMMBHQ1NDikETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1 +MKQRMA8xDTALBgNVBAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsG +A1UEAwwEdDU1M6QRMA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1 +pBEwDzENMAsGA1UEAwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYD +VQQDDAR0NTU4pBEwDzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCk +ETAPMQ0wCwYDVQQDDAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNV +BAMMBHQ1NjOkETAPMQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQR +MA8xDTALBgNVBAMMBHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UE +AwwEdDU2OKQRMA8xDTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEw +DzENMAsGA1UEAwwEdDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQD +DAR0NTczpBEwDzENMAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAP +MQ0wCwYDVQQDDAR0NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMM +BHQ1NzikETAPMQ0wCwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8x +DTALBgNVBAMMBHQ1ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwE +dDU4M6QRMA8xDTALBgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzEN +MAsGA1UEAwwEdDU4NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0 +NTg4pBEwDzENMAsGA1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0w +CwYDVQQDDAR0NTkxpBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1 +OTOkETAPMQ0wCwYDVQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTAL +BgNVBAMMBHQ1OTakETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5 +OKQRMA8xDTALBgNVBAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsG +A1UEAwwEdDYwMaQRMA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAz +pBEwDzENMAsGA1UEAwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYD +VQQDDAR0NjA2pBEwDzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDik +ETAPMQ0wCwYDVQQDDAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNV +BAMMBHQ2MTGkETAPMQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QR +MA8xDTALBgNVBAMMBHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UE +AwwEdDYxNqQRMA8xDTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEw +DzENMAsGA1UEAwwEdDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQD +DAR0NjIxpBEwDzENMAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAP +MQ0wCwYDVQQDDAR0NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMM +BHQ2MjakETAPMQ0wCwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8x +DTALBgNVBAMMBHQ2MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwE +dDYzMaQRMA8xDTALBgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzEN +MAsGA1UEAwwEdDYzNKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0 +NjM2pBEwDzENMAsGA1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0w +CwYDVQQDDAR0NjM5pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2 +NDGkETAPMQ0wCwYDVQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTAL +BgNVBAMMBHQ2NDSkETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0 +NqQRMA8xDTALBgNVBAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsG +A1UEAwwEdDY0OaQRMA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUx +pBEwDzENMAsGA1UEAwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYD +VQQDDAR0NjU0pBEwDzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTak +ETAPMQ0wCwYDVQQDDAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNV +BAMMBHQ2NTmkETAPMQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQR +MA8xDTALBgNVBAMMBHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UE +AwwEdDY2NKQRMA8xDTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEw +DzENMAsGA1UEAwwEdDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQD +DAR0NjY5pBEwDzENMAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAP +MQ0wCwYDVQQDDAR0NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMM +BHQ2NzSkETAPMQ0wCwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8x +DTALBgNVBAMMBHQ2NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwE +dDY3OaQRMA8xDTALBgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzEN +MAsGA1UEAwwEdDY4MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0 +Njg0pBEwDzENMAsGA1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0w +CwYDVQQDDAR0Njg3pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2 +ODmkETAPMQ0wCwYDVQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTAL +BgNVBAMMBHQ2OTKkETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5 +NKQRMA8xDTALBgNVBAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsG +A1UEAwwEdDY5N6QRMA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5 +pBEwDzENMAsGA1UEAwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYD +VQQDDAR0NzAypBEwDzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSk +ETAPMQ0wCwYDVQQDDAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNV +BAMMBHQ3MDekETAPMQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQR +MA8xDTALBgNVBAMMBHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UE +AwwEdDcxMqQRMA8xDTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEw +DzENMAsGA1UEAwwEdDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQD +DAR0NzE3pBEwDzENMAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAP +MQ0wCwYDVQQDDAR0NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMM +BHQ3MjKkETAPMQ0wCwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8x +DTALBgNVBAMMBHQ3MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwE +dDcyN6QRMA8xDTALBgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzEN +MAsGA1UEAwwEdDczMKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0 +NzMypBEwDzENMAsGA1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0w +CwYDVQQDDAR0NzM1pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3 +MzekETAPMQ0wCwYDVQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTAL +BgNVBAMMBHQ3NDCkETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0 +MqQRMA8xDTALBgNVBAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsG +A1UEAwwEdDc0NaQRMA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3 +pBEwDzENMAsGA1UEAwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYD +VQQDDAR0NzUwpBEwDzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKk +ETAPMQ0wCwYDVQQDDAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNV +BAMMBHQ3NTWkETAPMQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QR +MA8xDTALBgNVBAMMBHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UE +AwwEdDc2MKQRMA8xDTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEw +DzENMAsGA1UEAwwEdDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQD +DAR0NzY1pBEwDzENMAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAP +MQ0wCwYDVQQDDAR0NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMM +BHQ3NzCkETAPMQ0wCwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8x +DTALBgNVBAMMBHQ3NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwE +dDc3NaQRMA8xDTALBgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzEN +MAsGA1UEAwwEdDc3OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0 +NzgwpBEwDzENMAsGA1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0w +CwYDVQQDDAR0NzgzpBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3 +ODWkETAPMQ0wCwYDVQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTAL +BgNVBAMMBHQ3ODikETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5 +MKQRMA8xDTALBgNVBAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsG +A1UEAwwEdDc5M6QRMA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1 +pBEwDzENMAsGA1UEAwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYD +VQQDDAR0Nzk4pBEwDzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCk +ETAPMQ0wCwYDVQQDDAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNV +BAMMBHQ4MDOkETAPMQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQR +MA8xDTALBgNVBAMMBHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UE +AwwEdDgwOKQRMA8xDTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEw +DzENMAsGA1UEAwwEdDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQD +DAR0ODEzpBEwDzENMAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAP +MQ0wCwYDVQQDDAR0ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMM +BHQ4MTikETAPMQ0wCwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8x +DTALBgNVBAMMBHQ4MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwE +dDgyM6QRMA8xDTALBgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzEN +MAsGA1UEAwwEdDgyNqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0 +ODI4pBEwDzENMAsGA1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0w +CwYDVQQDDAR0ODMxpBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4 +MzOkETAPMQ0wCwYDVQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTAL +BgNVBAMMBHQ4MzakETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgz +OKQRMA8xDTALBgNVBAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsG +A1UEAwwEdDg0MaQRMA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQz +pBEwDzENMAsGA1UEAwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYD +VQQDDAR0ODQ2pBEwDzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDik +ETAPMQ0wCwYDVQQDDAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNV +BAMMBHQ4NTGkETAPMQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QR +MA8xDTALBgNVBAMMBHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UE +AwwEdDg1NqQRMA8xDTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEw +DzENMAsGA1UEAwwEdDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQD +DAR0ODYxpBEwDzENMAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAP +MQ0wCwYDVQQDDAR0ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMM +BHQ4NjakETAPMQ0wCwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8x +DTALBgNVBAMMBHQ4NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwE +dDg3MaQRMA8xDTALBgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzEN +MAsGA1UEAwwEdDg3NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0 +ODc2pBEwDzENMAsGA1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0w +CwYDVQQDDAR0ODc5pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4 +ODGkETAPMQ0wCwYDVQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTAL +BgNVBAMMBHQ4ODSkETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4 +NqQRMA8xDTALBgNVBAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsG +A1UEAwwEdDg4OaQRMA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkx +pBEwDzENMAsGA1UEAwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYD +VQQDDAR0ODk0pBEwDzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTak +ETAPMQ0wCwYDVQQDDAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNV +BAMMBHQ4OTmkETAPMQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQR +MA8xDTALBgNVBAMMBHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UE +AwwEdDkwNKQRMA8xDTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEw +DzENMAsGA1UEAwwEdDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQD +DAR0OTA5pBEwDzENMAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAP +MQ0wCwYDVQQDDAR0OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMM +BHQ5MTSkETAPMQ0wCwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8x +DTALBgNVBAMMBHQ5MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwE +dDkxOaQRMA8xDTALBgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzEN +MAsGA1UEAwwEdDkyMqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0 +OTI0pBEwDzENMAsGA1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0w +CwYDVQQDDAR0OTI3pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5 +MjmkETAPMQ0wCwYDVQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTAL +BgNVBAMMBHQ5MzKkETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkz +NKQRMA8xDTALBgNVBAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsG +A1UEAwwEdDkzN6QRMA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5 +pBEwDzENMAsGA1UEAwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYD +VQQDDAR0OTQypBEwDzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSk +ETAPMQ0wCwYDVQQDDAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNV +BAMMBHQ5NDekETAPMQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQR +MA8xDTALBgNVBAMMBHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UE +AwwEdDk1MqQRMA8xDTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEw +DzENMAsGA1UEAwwEdDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQD +DAR0OTU3pBEwDzENMAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAP +MQ0wCwYDVQQDDAR0OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMM +BHQ5NjKkETAPMQ0wCwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8x +DTALBgNVBAMMBHQ5NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwE +dDk2N6QRMA8xDTALBgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzEN +MAsGA1UEAwwEdDk3MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0 +OTcypBEwDzENMAsGA1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0w +CwYDVQQDDAR0OTc1pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5 +NzekETAPMQ0wCwYDVQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTAL +BgNVBAMMBHQ5ODCkETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4 +MqQRMA8xDTALBgNVBAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsG +A1UEAwwEdDk4NaQRMA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3 +pBEwDzENMAsGA1UEAwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYD +VQQDDAR0OTkwpBEwDzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKk +ETAPMQ0wCwYDVQQDDAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNV +BAMMBHQ5OTWkETAPMQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QR +MA8xDTALBgNVBAMMBHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UE +AwwFdDEwMDCkEjAQMQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAy +pBIwEDEOMAwGA1UEAwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAM +BgNVBAMMBXQxMDA1pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0 +MTAwN6QSMBAxDjAMBgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQ +MQ4wDAYDVQQDDAV0MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UE +AwwFdDEwMTKkEjAQMQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0 +pBIwEDEOMAwGA1UEAwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAM +BgNVBAMMBXQxMDE3pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0 +MTAxOaQSMBAxDjAMBgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQ +MQ4wDAYDVQQDDAV0MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEB +CwUAA4IBAQCsaFcXH4XdFQ83K+/gx/oSaX6L9FVr5BYE7JyygYwt6eIvyj3LIbqE +IPqTcNodP2hPiofuebQdPUNOca515G/NBlA3FdzjNsFpNr+ybuClrxtb84Yapp5H +zyQSoVjFf4SQL50RV79vtJdsXogD45K+l3bM3cXLTSJbS5D35kqWpIUI3iPiWwLb +1wAmMk3kk+vHks8U2nb7+cQ7dIEyeheiT8D7OGftZ3H+K0ZRpA9exz47yyuDzdgz +z5jDX+HrnFsU4IE20NI8ctKqx7qmlyVFd6dXVIHFNEPR8D7kZmm/5fr5sAHPMEqz +uAXU6z2r+eHC83Jp/4CScmJkK0MOQfZg +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.pem new file mode 100644 index 0000000000..54fb25ecc2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_4.pem @@ -0,0 +1,496 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 9b:b4:29:30:f0:2d:7a:66:c7:f8:92:4c:cb:f4:08:11:f5:eb: + 66:c3:02:4a:24:12:f2:9d:19:a9:c7:51:3a:93:fe:71:34:93: + 27:32:14:a0:1b:f4:eb:ba:c2:4b:df:7e:a8:57:ce:7f:61:fa: + 9f:d2:ec:9a:02:51:30:13:a5:eb:6a:7c:04:b3:f0:e6:28:66: + 5c:f7:4e:70:66:8f:07:ae:42:77:c0:ec:ee:ff:10:34:83:4a: + b2:81:2c:df:c4:d8:f7:80:70:ea:ae:c8:7c:05:41:19:f8:40: + 23:c1:c0:40:e1:d7:f5:f8:7d:b0:83:b3:6b:3a:01:17:68:ca: + 0a:b2:77:c4:0c:43:5c:d8:4b:0f:21:f4:6f:7e:a8:f7:b4:bc: + 31:cd:02:9a:b6:72:5b:bb:45:0c:4c:97:61:98:24:b0:44:cd: + af:7f:7e:fc:72:55:5a:54:43:04:1d:40:bf:52:9d:4b:c1:58: + 2c:d2:9a:04:ee:0a:04:d8:dc:75:2e:ab:3f:87:08:7c:e2:f0: + 3f:6b:17:95:2f:77:e2:f6:30:93:6c:db:84:aa:c1:3d:70:5d: + fa:b4:40:c4:28:85:76:73:5b:4e:b5:3d:bc:fe:8d:7f:a8:f3: + 20:31:3e:69:d1:c7:fb:8c:79:21:cf:2f:32:e6:46:01:bf:4c: + f2:15:96:98 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQCbtCkw +8C16Zsf4kkzL9AgR9etmwwJKJBLynRmpx1E6k/5xNJMnMhSgG/TrusJL336oV85/ +Yfqf0uyaAlEwE6XranwEs/DmKGZc905wZo8HrkJ3wOzu/xA0g0qygSzfxNj3gHDq +rsh8BUEZ+EAjwcBA4df1+H2wg7NrOgEXaMoKsnfEDENc2EsPIfRvfqj3tLwxzQKa +tnJbu0UMTJdhmCSwRM2vf378clVaVEMEHUC/Up1LwVgs0poE7goE2Nx1Lqs/hwh8 +4vA/axeVL3fi9jCTbNuEqsE9cF36tEDEKIV2c1tOtT28/o1/qPMgMT5p0cf7jHkh +zy8y5kYBv0zyFZaY +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.cnf new file mode 100644 index 0000000000..37d2fc8b38 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.cnf @@ -0,0 +1,1091 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_5.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +DNS.1 = t0.test +DNS.2 = t1.test +DNS.3 = t2.test +DNS.4 = t3.test +DNS.5 = t4.test +DNS.6 = t5.test +DNS.7 = t6.test +DNS.8 = t7.test +DNS.9 = t8.test +DNS.10 = t9.test +DNS.11 = t10.test +DNS.12 = t11.test +DNS.13 = t12.test +DNS.14 = t13.test +DNS.15 = t14.test +DNS.16 = t15.test +DNS.17 = t16.test +DNS.18 = t17.test +DNS.19 = t18.test +DNS.20 = t19.test +DNS.21 = t20.test +DNS.22 = t21.test +DNS.23 = t22.test +DNS.24 = t23.test +DNS.25 = t24.test +DNS.26 = t25.test +DNS.27 = t26.test +DNS.28 = t27.test +DNS.29 = t28.test +DNS.30 = t29.test +DNS.31 = t30.test +DNS.32 = t31.test +DNS.33 = t32.test +DNS.34 = t33.test +DNS.35 = t34.test +DNS.36 = t35.test +DNS.37 = t36.test +DNS.38 = t37.test +DNS.39 = t38.test +DNS.40 = t39.test +DNS.41 = t40.test +DNS.42 = t41.test +DNS.43 = t42.test +DNS.44 = t43.test +DNS.45 = t44.test +DNS.46 = t45.test +DNS.47 = t46.test +DNS.48 = t47.test +DNS.49 = t48.test +DNS.50 = t49.test +DNS.51 = t50.test +DNS.52 = t51.test +DNS.53 = t52.test +DNS.54 = t53.test +DNS.55 = t54.test +DNS.56 = t55.test +DNS.57 = t56.test +DNS.58 = t57.test +DNS.59 = t58.test +DNS.60 = t59.test +DNS.61 = t60.test +DNS.62 = t61.test +DNS.63 = t62.test +DNS.64 = t63.test +DNS.65 = t64.test +DNS.66 = t65.test +DNS.67 = t66.test +DNS.68 = t67.test +DNS.69 = t68.test +DNS.70 = t69.test +DNS.71 = t70.test +DNS.72 = t71.test +DNS.73 = t72.test +DNS.74 = t73.test +DNS.75 = t74.test +DNS.76 = t75.test +DNS.77 = t76.test +DNS.78 = t77.test +DNS.79 = t78.test +DNS.80 = t79.test +DNS.81 = t80.test +DNS.82 = t81.test +DNS.83 = t82.test +DNS.84 = t83.test +DNS.85 = t84.test +DNS.86 = t85.test +DNS.87 = t86.test +DNS.88 = t87.test +DNS.89 = t88.test +DNS.90 = t89.test +DNS.91 = t90.test +DNS.92 = t91.test +DNS.93 = t92.test +DNS.94 = t93.test +DNS.95 = t94.test +DNS.96 = t95.test +DNS.97 = t96.test +DNS.98 = t97.test +DNS.99 = t98.test +DNS.100 = t99.test +DNS.101 = t100.test +DNS.102 = t101.test +DNS.103 = t102.test +DNS.104 = t103.test +DNS.105 = t104.test +DNS.106 = t105.test +DNS.107 = t106.test +DNS.108 = t107.test +DNS.109 = t108.test +DNS.110 = t109.test +DNS.111 = t110.test +DNS.112 = t111.test +DNS.113 = t112.test +DNS.114 = t113.test +DNS.115 = t114.test +DNS.116 = t115.test +DNS.117 = t116.test +DNS.118 = t117.test +DNS.119 = t118.test +DNS.120 = t119.test +DNS.121 = t120.test +DNS.122 = t121.test +DNS.123 = t122.test +DNS.124 = t123.test +DNS.125 = t124.test +DNS.126 = t125.test +DNS.127 = t126.test +DNS.128 = t127.test +DNS.129 = t128.test +DNS.130 = t129.test +DNS.131 = t130.test +DNS.132 = t131.test +DNS.133 = t132.test +DNS.134 = t133.test +DNS.135 = t134.test +DNS.136 = t135.test +DNS.137 = t136.test +DNS.138 = t137.test +DNS.139 = t138.test +DNS.140 = t139.test +DNS.141 = t140.test +DNS.142 = t141.test +DNS.143 = t142.test +DNS.144 = t143.test +DNS.145 = t144.test +DNS.146 = t145.test +DNS.147 = t146.test +DNS.148 = t147.test +DNS.149 = t148.test +DNS.150 = t149.test +DNS.151 = t150.test +DNS.152 = t151.test +DNS.153 = t152.test +DNS.154 = t153.test +DNS.155 = t154.test +DNS.156 = t155.test +DNS.157 = t156.test +DNS.158 = t157.test +DNS.159 = t158.test +DNS.160 = t159.test +DNS.161 = t160.test +DNS.162 = t161.test +DNS.163 = t162.test +DNS.164 = t163.test +DNS.165 = t164.test +DNS.166 = t165.test +DNS.167 = t166.test +DNS.168 = t167.test +DNS.169 = t168.test +DNS.170 = t169.test +DNS.171 = t170.test +DNS.172 = t171.test +DNS.173 = t172.test +DNS.174 = t173.test +DNS.175 = t174.test +DNS.176 = t175.test +DNS.177 = t176.test +DNS.178 = t177.test +DNS.179 = t178.test +DNS.180 = t179.test +DNS.181 = t180.test +DNS.182 = t181.test +DNS.183 = t182.test +DNS.184 = t183.test +DNS.185 = t184.test +DNS.186 = t185.test +DNS.187 = t186.test +DNS.188 = t187.test +DNS.189 = t188.test +DNS.190 = t189.test +DNS.191 = t190.test +DNS.192 = t191.test +DNS.193 = t192.test +DNS.194 = t193.test +DNS.195 = t194.test +DNS.196 = t195.test +DNS.197 = t196.test +DNS.198 = t197.test +DNS.199 = t198.test +DNS.200 = t199.test +DNS.201 = t200.test +DNS.202 = t201.test +DNS.203 = t202.test +DNS.204 = t203.test +DNS.205 = t204.test +DNS.206 = t205.test +DNS.207 = t206.test +DNS.208 = t207.test +DNS.209 = t208.test +DNS.210 = t209.test +DNS.211 = t210.test +DNS.212 = t211.test +DNS.213 = t212.test +DNS.214 = t213.test +DNS.215 = t214.test +DNS.216 = t215.test +DNS.217 = t216.test +DNS.218 = t217.test +DNS.219 = t218.test +DNS.220 = t219.test +DNS.221 = t220.test +DNS.222 = t221.test +DNS.223 = t222.test +DNS.224 = t223.test +DNS.225 = t224.test +DNS.226 = t225.test +DNS.227 = t226.test +DNS.228 = t227.test +DNS.229 = t228.test +DNS.230 = t229.test +DNS.231 = t230.test +DNS.232 = t231.test +DNS.233 = t232.test +DNS.234 = t233.test +DNS.235 = t234.test +DNS.236 = t235.test +DNS.237 = t236.test +DNS.238 = t237.test +DNS.239 = t238.test +DNS.240 = t239.test +DNS.241 = t240.test +DNS.242 = t241.test +DNS.243 = t242.test +DNS.244 = t243.test +DNS.245 = t244.test +DNS.246 = t245.test +DNS.247 = t246.test +DNS.248 = t247.test +DNS.249 = t248.test +DNS.250 = t249.test +DNS.251 = t250.test +DNS.252 = t251.test +DNS.253 = t252.test +DNS.254 = t253.test +DNS.255 = t254.test +DNS.256 = t255.test +DNS.257 = t256.test +DNS.258 = t257.test +DNS.259 = t258.test +DNS.260 = t259.test +DNS.261 = t260.test +DNS.262 = t261.test +DNS.263 = t262.test +DNS.264 = t263.test +DNS.265 = t264.test +DNS.266 = t265.test +DNS.267 = t266.test +DNS.268 = t267.test +DNS.269 = t268.test +DNS.270 = t269.test +DNS.271 = t270.test +DNS.272 = t271.test +DNS.273 = t272.test +DNS.274 = t273.test +DNS.275 = t274.test +DNS.276 = t275.test +DNS.277 = t276.test +DNS.278 = t277.test +DNS.279 = t278.test +DNS.280 = t279.test +DNS.281 = t280.test +DNS.282 = t281.test +DNS.283 = t282.test +DNS.284 = t283.test +DNS.285 = t284.test +DNS.286 = t285.test +DNS.287 = t286.test +DNS.288 = t287.test +DNS.289 = t288.test +DNS.290 = t289.test +DNS.291 = t290.test +DNS.292 = t291.test +DNS.293 = t292.test +DNS.294 = t293.test +DNS.295 = t294.test +DNS.296 = t295.test +DNS.297 = t296.test +DNS.298 = t297.test +DNS.299 = t298.test +DNS.300 = t299.test +DNS.301 = t300.test +DNS.302 = t301.test +DNS.303 = t302.test +DNS.304 = t303.test +DNS.305 = t304.test +DNS.306 = t305.test +DNS.307 = t306.test +DNS.308 = t307.test +DNS.309 = t308.test +DNS.310 = t309.test +DNS.311 = t310.test +DNS.312 = t311.test +DNS.313 = t312.test +DNS.314 = t313.test +DNS.315 = t314.test +DNS.316 = t315.test +DNS.317 = t316.test +DNS.318 = t317.test +DNS.319 = t318.test +DNS.320 = t319.test +DNS.321 = t320.test +DNS.322 = t321.test +DNS.323 = t322.test +DNS.324 = t323.test +DNS.325 = t324.test +DNS.326 = t325.test +DNS.327 = t326.test +DNS.328 = t327.test +DNS.329 = t328.test +DNS.330 = t329.test +DNS.331 = t330.test +DNS.332 = t331.test +DNS.333 = t332.test +DNS.334 = t333.test +DNS.335 = t334.test +DNS.336 = t335.test +DNS.337 = t336.test +DNS.338 = t337.test +DNS.339 = t338.test +DNS.340 = t339.test +DNS.341 = t340.test +DNS.342 = t341.test +DNS.343 = t342.test +DNS.344 = t343.test +DNS.345 = t344.test +DNS.346 = t345.test +DNS.347 = t346.test +DNS.348 = t347.test +DNS.349 = t348.test +DNS.350 = t349.test +DNS.351 = t350.test +DNS.352 = t351.test +DNS.353 = t352.test +DNS.354 = t353.test +DNS.355 = t354.test +DNS.356 = t355.test +DNS.357 = t356.test +DNS.358 = t357.test +DNS.359 = t358.test +DNS.360 = t359.test +DNS.361 = t360.test +DNS.362 = t361.test +DNS.363 = t362.test +DNS.364 = t363.test +DNS.365 = t364.test +DNS.366 = t365.test +DNS.367 = t366.test +DNS.368 = t367.test +DNS.369 = t368.test +DNS.370 = t369.test +DNS.371 = t370.test +DNS.372 = t371.test +DNS.373 = t372.test +DNS.374 = t373.test +DNS.375 = t374.test +DNS.376 = t375.test +DNS.377 = t376.test +DNS.378 = t377.test +DNS.379 = t378.test +DNS.380 = t379.test +DNS.381 = t380.test +DNS.382 = t381.test +DNS.383 = t382.test +DNS.384 = t383.test +DNS.385 = t384.test +DNS.386 = t385.test +DNS.387 = t386.test +DNS.388 = t387.test +DNS.389 = t388.test +DNS.390 = t389.test +DNS.391 = t390.test +DNS.392 = t391.test +DNS.393 = t392.test +DNS.394 = t393.test +DNS.395 = t394.test +DNS.396 = t395.test +DNS.397 = t396.test +DNS.398 = t397.test +DNS.399 = t398.test +DNS.400 = t399.test +DNS.401 = t400.test +DNS.402 = t401.test +DNS.403 = t402.test +DNS.404 = t403.test +DNS.405 = t404.test +DNS.406 = t405.test +DNS.407 = t406.test +DNS.408 = t407.test +DNS.409 = t408.test +DNS.410 = t409.test +DNS.411 = t410.test +DNS.412 = t411.test +DNS.413 = t412.test +DNS.414 = t413.test +DNS.415 = t414.test +DNS.416 = t415.test +DNS.417 = t416.test +DNS.418 = t417.test +DNS.419 = t418.test +DNS.420 = t419.test +DNS.421 = t420.test +DNS.422 = t421.test +DNS.423 = t422.test +DNS.424 = t423.test +DNS.425 = t424.test +DNS.426 = t425.test +DNS.427 = t426.test +DNS.428 = t427.test +DNS.429 = t428.test +DNS.430 = t429.test +DNS.431 = t430.test +DNS.432 = t431.test +DNS.433 = t432.test +DNS.434 = t433.test +DNS.435 = t434.test +DNS.436 = t435.test +DNS.437 = t436.test +DNS.438 = t437.test +DNS.439 = t438.test +DNS.440 = t439.test +DNS.441 = t440.test +DNS.442 = t441.test +DNS.443 = t442.test +DNS.444 = t443.test +DNS.445 = t444.test +DNS.446 = t445.test +DNS.447 = t446.test +DNS.448 = t447.test +DNS.449 = t448.test +DNS.450 = t449.test +DNS.451 = t450.test +DNS.452 = t451.test +DNS.453 = t452.test +DNS.454 = t453.test +DNS.455 = t454.test +DNS.456 = t455.test +DNS.457 = t456.test +DNS.458 = t457.test +DNS.459 = t458.test +DNS.460 = t459.test +DNS.461 = t460.test +DNS.462 = t461.test +DNS.463 = t462.test +DNS.464 = t463.test +DNS.465 = t464.test +DNS.466 = t465.test +DNS.467 = t466.test +DNS.468 = t467.test +DNS.469 = t468.test +DNS.470 = t469.test +DNS.471 = t470.test +DNS.472 = t471.test +DNS.473 = t472.test +DNS.474 = t473.test +DNS.475 = t474.test +DNS.476 = t475.test +DNS.477 = t476.test +DNS.478 = t477.test +DNS.479 = t478.test +DNS.480 = t479.test +DNS.481 = t480.test +DNS.482 = t481.test +DNS.483 = t482.test +DNS.484 = t483.test +DNS.485 = t484.test +DNS.486 = t485.test +DNS.487 = t486.test +DNS.488 = t487.test +DNS.489 = t488.test +DNS.490 = t489.test +DNS.491 = t490.test +DNS.492 = t491.test +DNS.493 = t492.test +DNS.494 = t493.test +DNS.495 = t494.test +DNS.496 = t495.test +DNS.497 = t496.test +DNS.498 = t497.test +DNS.499 = t498.test +DNS.500 = t499.test +DNS.501 = t500.test +DNS.502 = t501.test +DNS.503 = t502.test +DNS.504 = t503.test +DNS.505 = t504.test +DNS.506 = t505.test +DNS.507 = t506.test +DNS.508 = t507.test +DNS.509 = t508.test +DNS.510 = t509.test +DNS.511 = t510.test +DNS.512 = t511.test +DNS.513 = t512.test +DNS.514 = t513.test +DNS.515 = t514.test +DNS.516 = t515.test +DNS.517 = t516.test +DNS.518 = t517.test +DNS.519 = t518.test +DNS.520 = t519.test +DNS.521 = t520.test +DNS.522 = t521.test +DNS.523 = t522.test +DNS.524 = t523.test +DNS.525 = t524.test +DNS.526 = t525.test +DNS.527 = t526.test +DNS.528 = t527.test +DNS.529 = t528.test +DNS.530 = t529.test +DNS.531 = t530.test +DNS.532 = t531.test +DNS.533 = t532.test +DNS.534 = t533.test +DNS.535 = t534.test +DNS.536 = t535.test +DNS.537 = t536.test +DNS.538 = t537.test +DNS.539 = t538.test +DNS.540 = t539.test +DNS.541 = t540.test +DNS.542 = t541.test +DNS.543 = t542.test +DNS.544 = t543.test +DNS.545 = t544.test +DNS.546 = t545.test +DNS.547 = t546.test +DNS.548 = t547.test +DNS.549 = t548.test +DNS.550 = t549.test +DNS.551 = t550.test +DNS.552 = t551.test +DNS.553 = t552.test +DNS.554 = t553.test +DNS.555 = t554.test +DNS.556 = t555.test +DNS.557 = t556.test +DNS.558 = t557.test +DNS.559 = t558.test +DNS.560 = t559.test +DNS.561 = t560.test +DNS.562 = t561.test +DNS.563 = t562.test +DNS.564 = t563.test +DNS.565 = t564.test +DNS.566 = t565.test +DNS.567 = t566.test +DNS.568 = t567.test +DNS.569 = t568.test +DNS.570 = t569.test +DNS.571 = t570.test +DNS.572 = t571.test +DNS.573 = t572.test +DNS.574 = t573.test +DNS.575 = t574.test +DNS.576 = t575.test +DNS.577 = t576.test +DNS.578 = t577.test +DNS.579 = t578.test +DNS.580 = t579.test +DNS.581 = t580.test +DNS.582 = t581.test +DNS.583 = t582.test +DNS.584 = t583.test +DNS.585 = t584.test +DNS.586 = t585.test +DNS.587 = t586.test +DNS.588 = t587.test +DNS.589 = t588.test +DNS.590 = t589.test +DNS.591 = t590.test +DNS.592 = t591.test +DNS.593 = t592.test +DNS.594 = t593.test +DNS.595 = t594.test +DNS.596 = t595.test +DNS.597 = t596.test +DNS.598 = t597.test +DNS.599 = t598.test +DNS.600 = t599.test +DNS.601 = t600.test +DNS.602 = t601.test +DNS.603 = t602.test +DNS.604 = t603.test +DNS.605 = t604.test +DNS.606 = t605.test +DNS.607 = t606.test +DNS.608 = t607.test +DNS.609 = t608.test +DNS.610 = t609.test +DNS.611 = t610.test +DNS.612 = t611.test +DNS.613 = t612.test +DNS.614 = t613.test +DNS.615 = t614.test +DNS.616 = t615.test +DNS.617 = t616.test +DNS.618 = t617.test +DNS.619 = t618.test +DNS.620 = t619.test +DNS.621 = t620.test +DNS.622 = t621.test +DNS.623 = t622.test +DNS.624 = t623.test +DNS.625 = t624.test +DNS.626 = t625.test +DNS.627 = t626.test +DNS.628 = t627.test +DNS.629 = t628.test +DNS.630 = t629.test +DNS.631 = t630.test +DNS.632 = t631.test +DNS.633 = t632.test +DNS.634 = t633.test +DNS.635 = t634.test +DNS.636 = t635.test +DNS.637 = t636.test +DNS.638 = t637.test +DNS.639 = t638.test +DNS.640 = t639.test +DNS.641 = t640.test +DNS.642 = t641.test +DNS.643 = t642.test +DNS.644 = t643.test +DNS.645 = t644.test +DNS.646 = t645.test +DNS.647 = t646.test +DNS.648 = t647.test +DNS.649 = t648.test +DNS.650 = t649.test +DNS.651 = t650.test +DNS.652 = t651.test +DNS.653 = t652.test +DNS.654 = t653.test +DNS.655 = t654.test +DNS.656 = t655.test +DNS.657 = t656.test +DNS.658 = t657.test +DNS.659 = t658.test +DNS.660 = t659.test +DNS.661 = t660.test +DNS.662 = t661.test +DNS.663 = t662.test +DNS.664 = t663.test +DNS.665 = t664.test +DNS.666 = t665.test +DNS.667 = t666.test +DNS.668 = t667.test +DNS.669 = t668.test +DNS.670 = t669.test +DNS.671 = t670.test +DNS.672 = t671.test +DNS.673 = t672.test +DNS.674 = t673.test +DNS.675 = t674.test +DNS.676 = t675.test +DNS.677 = t676.test +DNS.678 = t677.test +DNS.679 = t678.test +DNS.680 = t679.test +DNS.681 = t680.test +DNS.682 = t681.test +DNS.683 = t682.test +DNS.684 = t683.test +DNS.685 = t684.test +DNS.686 = t685.test +DNS.687 = t686.test +DNS.688 = t687.test +DNS.689 = t688.test +DNS.690 = t689.test +DNS.691 = t690.test +DNS.692 = t691.test +DNS.693 = t692.test +DNS.694 = t693.test +DNS.695 = t694.test +DNS.696 = t695.test +DNS.697 = t696.test +DNS.698 = t697.test +DNS.699 = t698.test +DNS.700 = t699.test +DNS.701 = t700.test +DNS.702 = t701.test +DNS.703 = t702.test +DNS.704 = t703.test +DNS.705 = t704.test +DNS.706 = t705.test +DNS.707 = t706.test +DNS.708 = t707.test +DNS.709 = t708.test +DNS.710 = t709.test +DNS.711 = t710.test +DNS.712 = t711.test +DNS.713 = t712.test +DNS.714 = t713.test +DNS.715 = t714.test +DNS.716 = t715.test +DNS.717 = t716.test +DNS.718 = t717.test +DNS.719 = t718.test +DNS.720 = t719.test +DNS.721 = t720.test +DNS.722 = t721.test +DNS.723 = t722.test +DNS.724 = t723.test +DNS.725 = t724.test +DNS.726 = t725.test +DNS.727 = t726.test +DNS.728 = t727.test +DNS.729 = t728.test +DNS.730 = t729.test +DNS.731 = t730.test +DNS.732 = t731.test +DNS.733 = t732.test +DNS.734 = t733.test +DNS.735 = t734.test +DNS.736 = t735.test +DNS.737 = t736.test +DNS.738 = t737.test +DNS.739 = t738.test +DNS.740 = t739.test +DNS.741 = t740.test +DNS.742 = t741.test +DNS.743 = t742.test +DNS.744 = t743.test +DNS.745 = t744.test +DNS.746 = t745.test +DNS.747 = t746.test +DNS.748 = t747.test +DNS.749 = t748.test +DNS.750 = t749.test +DNS.751 = t750.test +DNS.752 = t751.test +DNS.753 = t752.test +DNS.754 = t753.test +DNS.755 = t754.test +DNS.756 = t755.test +DNS.757 = t756.test +DNS.758 = t757.test +DNS.759 = t758.test +DNS.760 = t759.test +DNS.761 = t760.test +DNS.762 = t761.test +DNS.763 = t762.test +DNS.764 = t763.test +DNS.765 = t764.test +DNS.766 = t765.test +DNS.767 = t766.test +DNS.768 = t767.test +DNS.769 = t768.test +DNS.770 = t769.test +DNS.771 = t770.test +DNS.772 = t771.test +DNS.773 = t772.test +DNS.774 = t773.test +DNS.775 = t774.test +DNS.776 = t775.test +DNS.777 = t776.test +DNS.778 = t777.test +DNS.779 = t778.test +DNS.780 = t779.test +DNS.781 = t780.test +DNS.782 = t781.test +DNS.783 = t782.test +DNS.784 = t783.test +DNS.785 = t784.test +DNS.786 = t785.test +DNS.787 = t786.test +DNS.788 = t787.test +DNS.789 = t788.test +DNS.790 = t789.test +DNS.791 = t790.test +DNS.792 = t791.test +DNS.793 = t792.test +DNS.794 = t793.test +DNS.795 = t794.test +DNS.796 = t795.test +DNS.797 = t796.test +DNS.798 = t797.test +DNS.799 = t798.test +DNS.800 = t799.test +DNS.801 = t800.test +DNS.802 = t801.test +DNS.803 = t802.test +DNS.804 = t803.test +DNS.805 = t804.test +DNS.806 = t805.test +DNS.807 = t806.test +DNS.808 = t807.test +DNS.809 = t808.test +DNS.810 = t809.test +DNS.811 = t810.test +DNS.812 = t811.test +DNS.813 = t812.test +DNS.814 = t813.test +DNS.815 = t814.test +DNS.816 = t815.test +DNS.817 = t816.test +DNS.818 = t817.test +DNS.819 = t818.test +DNS.820 = t819.test +DNS.821 = t820.test +DNS.822 = t821.test +DNS.823 = t822.test +DNS.824 = t823.test +DNS.825 = t824.test +DNS.826 = t825.test +DNS.827 = t826.test +DNS.828 = t827.test +DNS.829 = t828.test +DNS.830 = t829.test +DNS.831 = t830.test +DNS.832 = t831.test +DNS.833 = t832.test +DNS.834 = t833.test +DNS.835 = t834.test +DNS.836 = t835.test +DNS.837 = t836.test +DNS.838 = t837.test +DNS.839 = t838.test +DNS.840 = t839.test +DNS.841 = t840.test +DNS.842 = t841.test +DNS.843 = t842.test +DNS.844 = t843.test +DNS.845 = t844.test +DNS.846 = t845.test +DNS.847 = t846.test +DNS.848 = t847.test +DNS.849 = t848.test +DNS.850 = t849.test +DNS.851 = t850.test +DNS.852 = t851.test +DNS.853 = t852.test +DNS.854 = t853.test +DNS.855 = t854.test +DNS.856 = t855.test +DNS.857 = t856.test +DNS.858 = t857.test +DNS.859 = t858.test +DNS.860 = t859.test +DNS.861 = t860.test +DNS.862 = t861.test +DNS.863 = t862.test +DNS.864 = t863.test +DNS.865 = t864.test +DNS.866 = t865.test +DNS.867 = t866.test +DNS.868 = t867.test +DNS.869 = t868.test +DNS.870 = t869.test +DNS.871 = t870.test +DNS.872 = t871.test +DNS.873 = t872.test +DNS.874 = t873.test +DNS.875 = t874.test +DNS.876 = t875.test +DNS.877 = t876.test +DNS.878 = t877.test +DNS.879 = t878.test +DNS.880 = t879.test +DNS.881 = t880.test +DNS.882 = t881.test +DNS.883 = t882.test +DNS.884 = t883.test +DNS.885 = t884.test +DNS.886 = t885.test +DNS.887 = t886.test +DNS.888 = t887.test +DNS.889 = t888.test +DNS.890 = t889.test +DNS.891 = t890.test +DNS.892 = t891.test +DNS.893 = t892.test +DNS.894 = t893.test +DNS.895 = t894.test +DNS.896 = t895.test +DNS.897 = t896.test +DNS.898 = t897.test +DNS.899 = t898.test +DNS.900 = t899.test +DNS.901 = t900.test +DNS.902 = t901.test +DNS.903 = t902.test +DNS.904 = t903.test +DNS.905 = t904.test +DNS.906 = t905.test +DNS.907 = t906.test +DNS.908 = t907.test +DNS.909 = t908.test +DNS.910 = t909.test +DNS.911 = t910.test +DNS.912 = t911.test +DNS.913 = t912.test +DNS.914 = t913.test +DNS.915 = t914.test +DNS.916 = t915.test +DNS.917 = t916.test +DNS.918 = t917.test +DNS.919 = t918.test +DNS.920 = t919.test +DNS.921 = t920.test +DNS.922 = t921.test +DNS.923 = t922.test +DNS.924 = t923.test +DNS.925 = t924.test +DNS.926 = t925.test +DNS.927 = t926.test +DNS.928 = t927.test +DNS.929 = t928.test +DNS.930 = t929.test +DNS.931 = t930.test +DNS.932 = t931.test +DNS.933 = t932.test +DNS.934 = t933.test +DNS.935 = t934.test +DNS.936 = t935.test +DNS.937 = t936.test +DNS.938 = t937.test +DNS.939 = t938.test +DNS.940 = t939.test +DNS.941 = t940.test +DNS.942 = t941.test +DNS.943 = t942.test +DNS.944 = t943.test +DNS.945 = t944.test +DNS.946 = t945.test +DNS.947 = t946.test +DNS.948 = t947.test +DNS.949 = t948.test +DNS.950 = t949.test +DNS.951 = t950.test +DNS.952 = t951.test +DNS.953 = t952.test +DNS.954 = t953.test +DNS.955 = t954.test +DNS.956 = t955.test +DNS.957 = t956.test +DNS.958 = t957.test +DNS.959 = t958.test +DNS.960 = t959.test +DNS.961 = t960.test +DNS.962 = t961.test +DNS.963 = t962.test +DNS.964 = t963.test +DNS.965 = t964.test +DNS.966 = t965.test +DNS.967 = t966.test +DNS.968 = t967.test +DNS.969 = t968.test +DNS.970 = t969.test +DNS.971 = t970.test +DNS.972 = t971.test +DNS.973 = t972.test +DNS.974 = t973.test +DNS.975 = t974.test +DNS.976 = t975.test +DNS.977 = t976.test +DNS.978 = t977.test +DNS.979 = t978.test +DNS.980 = t979.test +DNS.981 = t980.test +DNS.982 = t981.test +DNS.983 = t982.test +DNS.984 = t983.test +DNS.985 = t984.test +DNS.986 = t985.test +DNS.987 = t986.test +DNS.988 = t987.test +DNS.989 = t988.test +DNS.990 = t989.test +DNS.991 = t990.test +DNS.992 = t991.test +DNS.993 = t992.test +DNS.994 = t993.test +DNS.995 = t994.test +DNS.996 = t995.test +DNS.997 = t996.test +DNS.998 = t997.test +DNS.999 = t998.test +DNS.1000 = t999.test +DNS.1001 = t1000.test +DNS.1002 = t1001.test +DNS.1003 = t1002.test +DNS.1004 = t1003.test +DNS.1005 = t1004.test +DNS.1006 = t1005.test +DNS.1007 = t1006.test +DNS.1008 = t1007.test +DNS.1009 = t1008.test +DNS.1010 = t1009.test +DNS.1011 = t1010.test +DNS.1012 = t1011.test +DNS.1013 = t1012.test +DNS.1014 = t1013.test +DNS.1015 = t1014.test +DNS.1016 = t1015.test +DNS.1017 = t1016.test +DNS.1018 = t1017.test +DNS.1019 = t1018.test +DNS.1020 = t1019.test +DNS.1021 = t1020.test +DNS.1022 = t1021.test +DNS.1023 = t1022.test +DNS.1024 = t1023.test + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.csr new file mode 100644 index 0000000000..cddc484d4f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.csr @@ -0,0 +1,250 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIudDCCLVwCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggiwgMIIsHAYJKoZIhvcN +AQkOMYIsDTCCLAkwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNV +HREEgiuuMIIrqoIHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH +dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku +dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx +NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII +dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0 +ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl +c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu +dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz +OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII +dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0 +ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl +c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu +dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2 +Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII +dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0 +ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl +c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu +dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4 +Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII +dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0 +ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50 +ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC +CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw +OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl +c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ +dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy +LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz +dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0 +MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu +dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0 +ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx +NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50 +ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC +CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1 +Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl +c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ +dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw +LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz +dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0 +MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu +dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0 +ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx +OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50 +ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC +CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw +NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl +c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ +dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4 +LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz +dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0 +MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu +dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0 +ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy +NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50 +ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC +CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1 +My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRl +c3SCCXQyNTgudGVzdIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJ +dDI2Mi50ZXN0ggl0MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2 +LnRlc3SCCXQyNjcudGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVz +dIIJdDI3MS50ZXN0ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0 +Mjc1LnRlc3SCCXQyNzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzku +dGVzdIIJdDI4MC50ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0 +ggl0Mjg0LnRlc3SCCXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQy +ODgudGVzdIIJdDI4OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50 +ZXN0ggl0MjkzLnRlc3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SC +CXQyOTcudGVzdIIJdDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMw +MS50ZXN0ggl0MzAyLnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRl +c3SCCXQzMDYudGVzdIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJ +dDMxMC50ZXN0ggl0MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0 +LnRlc3SCCXQzMTUudGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVz +dIIJdDMxOS50ZXN0ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0 +MzIzLnRlc3SCCXQzMjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcu +dGVzdIIJdDMyOC50ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0 +ggl0MzMyLnRlc3SCCXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQz +MzYudGVzdIIJdDMzNy50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50 +ZXN0ggl0MzQxLnRlc3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SC +CXQzNDUudGVzdIIJdDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0 +OS50ZXN0ggl0MzUwLnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRl +c3SCCXQzNTQudGVzdIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJ +dDM1OC50ZXN0ggl0MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYy +LnRlc3SCCXQzNjMudGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVz +dIIJdDM2Ny50ZXN0ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0 +MzcxLnRlc3SCCXQzNzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUu +dGVzdIIJdDM3Ni50ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0 +ggl0MzgwLnRlc3SCCXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQz +ODQudGVzdIIJdDM4NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50 +ZXN0ggl0Mzg5LnRlc3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SC +CXQzOTMudGVzdIIJdDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5 +Ny50ZXN0ggl0Mzk4LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRl +c3SCCXQ0MDIudGVzdIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJ +dDQwNi50ZXN0ggl0NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEw +LnRlc3SCCXQ0MTEudGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVz +dIIJdDQxNS50ZXN0ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0 +NDE5LnRlc3SCCXQ0MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMu +dGVzdIIJdDQyNC50ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0 +ggl0NDI4LnRlc3SCCXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0 +MzIudGVzdIIJdDQzMy50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50 +ZXN0ggl0NDM3LnRlc3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SC +CXQ0NDEudGVzdIIJdDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0 +NS50ZXN0ggl0NDQ2LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRl +c3SCCXQ0NTAudGVzdIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJ +dDQ1NC50ZXN0ggl0NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4 +LnRlc3SCCXQ0NTkudGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVz +dIIJdDQ2My50ZXN0ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0 +NDY3LnRlc3SCCXQ0NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEu +dGVzdIIJdDQ3Mi50ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0 +ggl0NDc2LnRlc3SCCXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0 +ODAudGVzdIIJdDQ4MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50 +ZXN0ggl0NDg1LnRlc3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SC +CXQ0ODkudGVzdIIJdDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5 +My50ZXN0ggl0NDk0LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRl +c3SCCXQ0OTgudGVzdIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJ +dDUwMi50ZXN0ggl0NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2 +LnRlc3SCCXQ1MDcudGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVz +dIIJdDUxMS50ZXN0ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0 +NTE1LnRlc3SCCXQ1MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTku +dGVzdIIJdDUyMC50ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0 +ggl0NTI0LnRlc3SCCXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1 +MjgudGVzdIIJdDUyOS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50 +ZXN0ggl0NTMzLnRlc3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SC +CXQ1MzcudGVzdIIJdDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0 +MS50ZXN0ggl0NTQyLnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRl +c3SCCXQ1NDYudGVzdIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJ +dDU1MC50ZXN0ggl0NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0 +LnRlc3SCCXQ1NTUudGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVz +dIIJdDU1OS50ZXN0ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0 +NTYzLnRlc3SCCXQ1NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1Njcu +dGVzdIIJdDU2OC50ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0 +ggl0NTcyLnRlc3SCCXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1 +NzYudGVzdIIJdDU3Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50 +ZXN0ggl0NTgxLnRlc3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SC +CXQ1ODUudGVzdIIJdDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4 +OS50ZXN0ggl0NTkwLnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRl +c3SCCXQ1OTQudGVzdIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJ +dDU5OC50ZXN0ggl0NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAy +LnRlc3SCCXQ2MDMudGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVz +dIIJdDYwNy50ZXN0ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0 +NjExLnRlc3SCCXQ2MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUu +dGVzdIIJdDYxNi50ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0 +ggl0NjIwLnRlc3SCCXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2 +MjQudGVzdIIJdDYyNS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50 +ZXN0ggl0NjI5LnRlc3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SC +CXQ2MzMudGVzdIIJdDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYz +Ny50ZXN0ggl0NjM4LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRl +c3SCCXQ2NDIudGVzdIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJ +dDY0Ni50ZXN0ggl0NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUw +LnRlc3SCCXQ2NTEudGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVz +dIIJdDY1NS50ZXN0ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0 +NjU5LnRlc3SCCXQ2NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMu +dGVzdIIJdDY2NC50ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0 +ggl0NjY4LnRlc3SCCXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2 +NzIudGVzdIIJdDY3My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50 +ZXN0ggl0Njc3LnRlc3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SC +CXQ2ODEudGVzdIIJdDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4 +NS50ZXN0ggl0Njg2LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRl +c3SCCXQ2OTAudGVzdIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJ +dDY5NC50ZXN0ggl0Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4 +LnRlc3SCCXQ2OTkudGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVz +dIIJdDcwMy50ZXN0ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0 +NzA3LnRlc3SCCXQ3MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEu +dGVzdIIJdDcxMi50ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0 +ggl0NzE2LnRlc3SCCXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3 +MjAudGVzdIIJdDcyMS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50 +ZXN0ggl0NzI1LnRlc3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SC +CXQ3MjkudGVzdIIJdDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDcz +My50ZXN0ggl0NzM0LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRl +c3SCCXQ3MzgudGVzdIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJ +dDc0Mi50ZXN0ggl0NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2 +LnRlc3SCCXQ3NDcudGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVz +dIIJdDc1MS50ZXN0ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0 +NzU1LnRlc3SCCXQ3NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTku +dGVzdIIJdDc2MC50ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0 +ggl0NzY0LnRlc3SCCXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3 +NjgudGVzdIIJdDc2OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50 +ZXN0ggl0NzczLnRlc3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SC +CXQ3NzcudGVzdIIJdDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4 +MS50ZXN0ggl0NzgyLnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRl +c3SCCXQ3ODYudGVzdIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJ +dDc5MC50ZXN0ggl0NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0 +LnRlc3SCCXQ3OTUudGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVz +dIIJdDc5OS50ZXN0ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0 +ODAzLnRlc3SCCXQ4MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcu +dGVzdIIJdDgwOC50ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0 +ggl0ODEyLnRlc3SCCXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4 +MTYudGVzdIIJdDgxNy50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50 +ZXN0ggl0ODIxLnRlc3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SC +CXQ4MjUudGVzdIIJdDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgy +OS50ZXN0ggl0ODMwLnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRl +c3SCCXQ4MzQudGVzdIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJ +dDgzOC50ZXN0ggl0ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQy +LnRlc3SCCXQ4NDMudGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVz +dIIJdDg0Ny50ZXN0ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0 +ODUxLnRlc3SCCXQ4NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUu +dGVzdIIJdDg1Ni50ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0 +ggl0ODYwLnRlc3SCCXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4 +NjQudGVzdIIJdDg2NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50 +ZXN0ggl0ODY5LnRlc3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SC +CXQ4NzMudGVzdIIJdDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3 +Ny50ZXN0ggl0ODc4LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRl +c3SCCXQ4ODIudGVzdIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJ +dDg4Ni50ZXN0ggl0ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkw +LnRlc3SCCXQ4OTEudGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVz +dIIJdDg5NS50ZXN0ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0 +ODk5LnRlc3SCCXQ5MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMu +dGVzdIIJdDkwNC50ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0 +ggl0OTA4LnRlc3SCCXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5 +MTIudGVzdIIJdDkxMy50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50 +ZXN0ggl0OTE3LnRlc3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SC +CXQ5MjEudGVzdIIJdDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDky +NS50ZXN0ggl0OTI2LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRl +c3SCCXQ5MzAudGVzdIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJ +dDkzNC50ZXN0ggl0OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4 +LnRlc3SCCXQ5MzkudGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVz +dIIJdDk0My50ZXN0ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0 +OTQ3LnRlc3SCCXQ5NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEu +dGVzdIIJdDk1Mi50ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0 +ggl0OTU2LnRlc3SCCXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5 +NjAudGVzdIIJdDk2MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50 +ZXN0ggl0OTY1LnRlc3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SC +CXQ5NjkudGVzdIIJdDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3 +My50ZXN0ggl0OTc0LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRl +c3SCCXQ5NzgudGVzdIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJ +dDk4Mi50ZXN0ggl0OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2 +LnRlc3SCCXQ5ODcudGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVz +dIIJdDk5MS50ZXN0ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0 +OTk1LnRlc3SCCXQ5OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTku +dGVzdIIKdDEwMDAudGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMu +dGVzdIIKdDEwMDQudGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcu +dGVzdIIKdDEwMDgudGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEu +dGVzdIIKdDEwMTIudGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUu +dGVzdIIKdDEwMTYudGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTku +dGVzdIIKdDEwMjAudGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMu +dGVzdDANBgkqhkiG9w0BAQsFAAOCAQEA0o00q1HNbJjS3Ssi+w5XIhTU4OEwH97f +BmAr/vddshl6urTb7BJf9Qf/kfzrN1TiJ7IA5wMoYXfeGZ9vH6PJpvWVXIcphSeE +GEzAFbpXGCW0710ar62X4Jwd70X61zqRQrEzJPzhtfixhcNIAH9wakSDHlQeEoys +l94K0JE4eM+I2kAGAk8pXp0htxrG47tW2vrJL7YY9O/dwc/qo5wyjY0amsu6YW2f +snkIM7OonB77X6i4rWuDKxxbovpQPRbY5qWKWPT7A++E9TUFQZqhGqcUEDK4iN5l +0ac9ppAG7me4/mzcDzABHFe2buy3gioN16PmRkvjAg+BnYTlT6oiFQ== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.pem new file mode 100644 index 0000000000..a79609b93c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_5.pem @@ -0,0 +1,325 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + b7:c8:45:e8:f3:e4:4f:01:a9:fd:50:ef:22:07:85:79:92:9d: + e2:75:89:b7:0d:59:6c:65:ad:83:73:bc:44:09:7c:8b:be:cc: + d4:f6:d5:47:64:7b:c6:c8:d6:dd:ed:f9:bf:77:12:af:21:93: + ce:a8:1c:e3:6b:07:a2:80:f4:a8:83:3e:67:59:63:ae:07:f0: + 70:5b:db:f8:50:76:34:0b:b0:3f:97:93:6b:45:b1:3c:af:0a: + d8:08:96:1d:fa:f1:1b:2c:6b:82:9a:d2:ad:1e:f5:3e:46:33: + 91:60:1d:4d:7a:9b:6d:75:3d:b8:a5:50:d1:0a:cd:ce:ab:24: + 9a:ab:89:d3:73:15:70:f8:c6:23:0d:85:fe:1b:78:e6:d6:69: + 5c:7c:b2:28:1f:39:16:98:bd:f6:e3:0c:1e:71:7f:a9:15:75: + 02:aa:6e:38:2c:a0:18:95:18:28:9e:00:92:2c:eb:78:0b:75: + 11:9c:e9:a9:b5:fa:f9:ea:96:18:58:46:3b:7a:ed:47:08:42: + 01:ac:48:2f:7d:bc:b2:16:e8:b4:1c:36:1e:16:85:d2:ae:26: + 24:36:b2:c3:9f:c7:a1:c3:4e:76:27:5a:ca:cc:33:7e:a4:60: + 7c:86:d7:a7:19:6f:60:1a:98:89:16:ad:4a:de:12:15:0e:d0: + eb:6a:78:1f +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAt8hF6PPkTwGp/VDvIgeFeZKd4nWJtw1ZbGWtg3O8RAl8i77M +1PbVR2R7xsjW3e35v3cSryGTzqgc42sHooD0qIM+Z1ljrgfwcFvb+FB2NAuwP5eT +a0WxPK8K2AiWHfrxGyxrgprSrR71PkYzkWAdTXqbbXU9uKVQ0QrNzqskmquJ03MV +cPjGIw2F/ht45tZpXHyyKB85Fpi99uMMHnF/qRV1AqpuOCygGJUYKJ4AkizreAt1 +EZzpqbX6+eqWGFhGO3rtRwhCAaxIL328shbotBw2HhaF0q4mJDayw5/HocNOdida +yswzfqRgfIbXpxlvYBqYiRatSt4SFQ7Q62p4Hw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.cnf new file mode 100644 index 0000000000..cd38c7037d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.cnf @@ -0,0 +1,1091 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_6.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +IP.1 = 10.0.0.0 +IP.2 = 10.0.0.1 +IP.3 = 10.0.0.2 +IP.4 = 10.0.0.3 +IP.5 = 10.0.0.4 +IP.6 = 10.0.0.5 +IP.7 = 10.0.0.6 +IP.8 = 10.0.0.7 +IP.9 = 10.0.0.8 +IP.10 = 10.0.0.9 +IP.11 = 10.0.0.10 +IP.12 = 10.0.0.11 +IP.13 = 10.0.0.12 +IP.14 = 10.0.0.13 +IP.15 = 10.0.0.14 +IP.16 = 10.0.0.15 +IP.17 = 10.0.0.16 +IP.18 = 10.0.0.17 +IP.19 = 10.0.0.18 +IP.20 = 10.0.0.19 +IP.21 = 10.0.0.20 +IP.22 = 10.0.0.21 +IP.23 = 10.0.0.22 +IP.24 = 10.0.0.23 +IP.25 = 10.0.0.24 +IP.26 = 10.0.0.25 +IP.27 = 10.0.0.26 +IP.28 = 10.0.0.27 +IP.29 = 10.0.0.28 +IP.30 = 10.0.0.29 +IP.31 = 10.0.0.30 +IP.32 = 10.0.0.31 +IP.33 = 10.0.0.32 +IP.34 = 10.0.0.33 +IP.35 = 10.0.0.34 +IP.36 = 10.0.0.35 +IP.37 = 10.0.0.36 +IP.38 = 10.0.0.37 +IP.39 = 10.0.0.38 +IP.40 = 10.0.0.39 +IP.41 = 10.0.0.40 +IP.42 = 10.0.0.41 +IP.43 = 10.0.0.42 +IP.44 = 10.0.0.43 +IP.45 = 10.0.0.44 +IP.46 = 10.0.0.45 +IP.47 = 10.0.0.46 +IP.48 = 10.0.0.47 +IP.49 = 10.0.0.48 +IP.50 = 10.0.0.49 +IP.51 = 10.0.0.50 +IP.52 = 10.0.0.51 +IP.53 = 10.0.0.52 +IP.54 = 10.0.0.53 +IP.55 = 10.0.0.54 +IP.56 = 10.0.0.55 +IP.57 = 10.0.0.56 +IP.58 = 10.0.0.57 +IP.59 = 10.0.0.58 +IP.60 = 10.0.0.59 +IP.61 = 10.0.0.60 +IP.62 = 10.0.0.61 +IP.63 = 10.0.0.62 +IP.64 = 10.0.0.63 +IP.65 = 10.0.0.64 +IP.66 = 10.0.0.65 +IP.67 = 10.0.0.66 +IP.68 = 10.0.0.67 +IP.69 = 10.0.0.68 +IP.70 = 10.0.0.69 +IP.71 = 10.0.0.70 +IP.72 = 10.0.0.71 +IP.73 = 10.0.0.72 +IP.74 = 10.0.0.73 +IP.75 = 10.0.0.74 +IP.76 = 10.0.0.75 +IP.77 = 10.0.0.76 +IP.78 = 10.0.0.77 +IP.79 = 10.0.0.78 +IP.80 = 10.0.0.79 +IP.81 = 10.0.0.80 +IP.82 = 10.0.0.81 +IP.83 = 10.0.0.82 +IP.84 = 10.0.0.83 +IP.85 = 10.0.0.84 +IP.86 = 10.0.0.85 +IP.87 = 10.0.0.86 +IP.88 = 10.0.0.87 +IP.89 = 10.0.0.88 +IP.90 = 10.0.0.89 +IP.91 = 10.0.0.90 +IP.92 = 10.0.0.91 +IP.93 = 10.0.0.92 +IP.94 = 10.0.0.93 +IP.95 = 10.0.0.94 +IP.96 = 10.0.0.95 +IP.97 = 10.0.0.96 +IP.98 = 10.0.0.97 +IP.99 = 10.0.0.98 +IP.100 = 10.0.0.99 +IP.101 = 10.0.0.100 +IP.102 = 10.0.0.101 +IP.103 = 10.0.0.102 +IP.104 = 10.0.0.103 +IP.105 = 10.0.0.104 +IP.106 = 10.0.0.105 +IP.107 = 10.0.0.106 +IP.108 = 10.0.0.107 +IP.109 = 10.0.0.108 +IP.110 = 10.0.0.109 +IP.111 = 10.0.0.110 +IP.112 = 10.0.0.111 +IP.113 = 10.0.0.112 +IP.114 = 10.0.0.113 +IP.115 = 10.0.0.114 +IP.116 = 10.0.0.115 +IP.117 = 10.0.0.116 +IP.118 = 10.0.0.117 +IP.119 = 10.0.0.118 +IP.120 = 10.0.0.119 +IP.121 = 10.0.0.120 +IP.122 = 10.0.0.121 +IP.123 = 10.0.0.122 +IP.124 = 10.0.0.123 +IP.125 = 10.0.0.124 +IP.126 = 10.0.0.125 +IP.127 = 10.0.0.126 +IP.128 = 10.0.0.127 +IP.129 = 10.0.0.128 +IP.130 = 10.0.0.129 +IP.131 = 10.0.0.130 +IP.132 = 10.0.0.131 +IP.133 = 10.0.0.132 +IP.134 = 10.0.0.133 +IP.135 = 10.0.0.134 +IP.136 = 10.0.0.135 +IP.137 = 10.0.0.136 +IP.138 = 10.0.0.137 +IP.139 = 10.0.0.138 +IP.140 = 10.0.0.139 +IP.141 = 10.0.0.140 +IP.142 = 10.0.0.141 +IP.143 = 10.0.0.142 +IP.144 = 10.0.0.143 +IP.145 = 10.0.0.144 +IP.146 = 10.0.0.145 +IP.147 = 10.0.0.146 +IP.148 = 10.0.0.147 +IP.149 = 10.0.0.148 +IP.150 = 10.0.0.149 +IP.151 = 10.0.0.150 +IP.152 = 10.0.0.151 +IP.153 = 10.0.0.152 +IP.154 = 10.0.0.153 +IP.155 = 10.0.0.154 +IP.156 = 10.0.0.155 +IP.157 = 10.0.0.156 +IP.158 = 10.0.0.157 +IP.159 = 10.0.0.158 +IP.160 = 10.0.0.159 +IP.161 = 10.0.0.160 +IP.162 = 10.0.0.161 +IP.163 = 10.0.0.162 +IP.164 = 10.0.0.163 +IP.165 = 10.0.0.164 +IP.166 = 10.0.0.165 +IP.167 = 10.0.0.166 +IP.168 = 10.0.0.167 +IP.169 = 10.0.0.168 +IP.170 = 10.0.0.169 +IP.171 = 10.0.0.170 +IP.172 = 10.0.0.171 +IP.173 = 10.0.0.172 +IP.174 = 10.0.0.173 +IP.175 = 10.0.0.174 +IP.176 = 10.0.0.175 +IP.177 = 10.0.0.176 +IP.178 = 10.0.0.177 +IP.179 = 10.0.0.178 +IP.180 = 10.0.0.179 +IP.181 = 10.0.0.180 +IP.182 = 10.0.0.181 +IP.183 = 10.0.0.182 +IP.184 = 10.0.0.183 +IP.185 = 10.0.0.184 +IP.186 = 10.0.0.185 +IP.187 = 10.0.0.186 +IP.188 = 10.0.0.187 +IP.189 = 10.0.0.188 +IP.190 = 10.0.0.189 +IP.191 = 10.0.0.190 +IP.192 = 10.0.0.191 +IP.193 = 10.0.0.192 +IP.194 = 10.0.0.193 +IP.195 = 10.0.0.194 +IP.196 = 10.0.0.195 +IP.197 = 10.0.0.196 +IP.198 = 10.0.0.197 +IP.199 = 10.0.0.198 +IP.200 = 10.0.0.199 +IP.201 = 10.0.0.200 +IP.202 = 10.0.0.201 +IP.203 = 10.0.0.202 +IP.204 = 10.0.0.203 +IP.205 = 10.0.0.204 +IP.206 = 10.0.0.205 +IP.207 = 10.0.0.206 +IP.208 = 10.0.0.207 +IP.209 = 10.0.0.208 +IP.210 = 10.0.0.209 +IP.211 = 10.0.0.210 +IP.212 = 10.0.0.211 +IP.213 = 10.0.0.212 +IP.214 = 10.0.0.213 +IP.215 = 10.0.0.214 +IP.216 = 10.0.0.215 +IP.217 = 10.0.0.216 +IP.218 = 10.0.0.217 +IP.219 = 10.0.0.218 +IP.220 = 10.0.0.219 +IP.221 = 10.0.0.220 +IP.222 = 10.0.0.221 +IP.223 = 10.0.0.222 +IP.224 = 10.0.0.223 +IP.225 = 10.0.0.224 +IP.226 = 10.0.0.225 +IP.227 = 10.0.0.226 +IP.228 = 10.0.0.227 +IP.229 = 10.0.0.228 +IP.230 = 10.0.0.229 +IP.231 = 10.0.0.230 +IP.232 = 10.0.0.231 +IP.233 = 10.0.0.232 +IP.234 = 10.0.0.233 +IP.235 = 10.0.0.234 +IP.236 = 10.0.0.235 +IP.237 = 10.0.0.236 +IP.238 = 10.0.0.237 +IP.239 = 10.0.0.238 +IP.240 = 10.0.0.239 +IP.241 = 10.0.0.240 +IP.242 = 10.0.0.241 +IP.243 = 10.0.0.242 +IP.244 = 10.0.0.243 +IP.245 = 10.0.0.244 +IP.246 = 10.0.0.245 +IP.247 = 10.0.0.246 +IP.248 = 10.0.0.247 +IP.249 = 10.0.0.248 +IP.250 = 10.0.0.249 +IP.251 = 10.0.0.250 +IP.252 = 10.0.0.251 +IP.253 = 10.0.0.252 +IP.254 = 10.0.0.253 +IP.255 = 10.0.0.254 +IP.256 = 10.0.0.255 +IP.257 = 10.0.1.0 +IP.258 = 10.0.1.1 +IP.259 = 10.0.1.2 +IP.260 = 10.0.1.3 +IP.261 = 10.0.1.4 +IP.262 = 10.0.1.5 +IP.263 = 10.0.1.6 +IP.264 = 10.0.1.7 +IP.265 = 10.0.1.8 +IP.266 = 10.0.1.9 +IP.267 = 10.0.1.10 +IP.268 = 10.0.1.11 +IP.269 = 10.0.1.12 +IP.270 = 10.0.1.13 +IP.271 = 10.0.1.14 +IP.272 = 10.0.1.15 +IP.273 = 10.0.1.16 +IP.274 = 10.0.1.17 +IP.275 = 10.0.1.18 +IP.276 = 10.0.1.19 +IP.277 = 10.0.1.20 +IP.278 = 10.0.1.21 +IP.279 = 10.0.1.22 +IP.280 = 10.0.1.23 +IP.281 = 10.0.1.24 +IP.282 = 10.0.1.25 +IP.283 = 10.0.1.26 +IP.284 = 10.0.1.27 +IP.285 = 10.0.1.28 +IP.286 = 10.0.1.29 +IP.287 = 10.0.1.30 +IP.288 = 10.0.1.31 +IP.289 = 10.0.1.32 +IP.290 = 10.0.1.33 +IP.291 = 10.0.1.34 +IP.292 = 10.0.1.35 +IP.293 = 10.0.1.36 +IP.294 = 10.0.1.37 +IP.295 = 10.0.1.38 +IP.296 = 10.0.1.39 +IP.297 = 10.0.1.40 +IP.298 = 10.0.1.41 +IP.299 = 10.0.1.42 +IP.300 = 10.0.1.43 +IP.301 = 10.0.1.44 +IP.302 = 10.0.1.45 +IP.303 = 10.0.1.46 +IP.304 = 10.0.1.47 +IP.305 = 10.0.1.48 +IP.306 = 10.0.1.49 +IP.307 = 10.0.1.50 +IP.308 = 10.0.1.51 +IP.309 = 10.0.1.52 +IP.310 = 10.0.1.53 +IP.311 = 10.0.1.54 +IP.312 = 10.0.1.55 +IP.313 = 10.0.1.56 +IP.314 = 10.0.1.57 +IP.315 = 10.0.1.58 +IP.316 = 10.0.1.59 +IP.317 = 10.0.1.60 +IP.318 = 10.0.1.61 +IP.319 = 10.0.1.62 +IP.320 = 10.0.1.63 +IP.321 = 10.0.1.64 +IP.322 = 10.0.1.65 +IP.323 = 10.0.1.66 +IP.324 = 10.0.1.67 +IP.325 = 10.0.1.68 +IP.326 = 10.0.1.69 +IP.327 = 10.0.1.70 +IP.328 = 10.0.1.71 +IP.329 = 10.0.1.72 +IP.330 = 10.0.1.73 +IP.331 = 10.0.1.74 +IP.332 = 10.0.1.75 +IP.333 = 10.0.1.76 +IP.334 = 10.0.1.77 +IP.335 = 10.0.1.78 +IP.336 = 10.0.1.79 +IP.337 = 10.0.1.80 +IP.338 = 10.0.1.81 +IP.339 = 10.0.1.82 +IP.340 = 10.0.1.83 +IP.341 = 10.0.1.84 +IP.342 = 10.0.1.85 +IP.343 = 10.0.1.86 +IP.344 = 10.0.1.87 +IP.345 = 10.0.1.88 +IP.346 = 10.0.1.89 +IP.347 = 10.0.1.90 +IP.348 = 10.0.1.91 +IP.349 = 10.0.1.92 +IP.350 = 10.0.1.93 +IP.351 = 10.0.1.94 +IP.352 = 10.0.1.95 +IP.353 = 10.0.1.96 +IP.354 = 10.0.1.97 +IP.355 = 10.0.1.98 +IP.356 = 10.0.1.99 +IP.357 = 10.0.1.100 +IP.358 = 10.0.1.101 +IP.359 = 10.0.1.102 +IP.360 = 10.0.1.103 +IP.361 = 10.0.1.104 +IP.362 = 10.0.1.105 +IP.363 = 10.0.1.106 +IP.364 = 10.0.1.107 +IP.365 = 10.0.1.108 +IP.366 = 10.0.1.109 +IP.367 = 10.0.1.110 +IP.368 = 10.0.1.111 +IP.369 = 10.0.1.112 +IP.370 = 10.0.1.113 +IP.371 = 10.0.1.114 +IP.372 = 10.0.1.115 +IP.373 = 10.0.1.116 +IP.374 = 10.0.1.117 +IP.375 = 10.0.1.118 +IP.376 = 10.0.1.119 +IP.377 = 10.0.1.120 +IP.378 = 10.0.1.121 +IP.379 = 10.0.1.122 +IP.380 = 10.0.1.123 +IP.381 = 10.0.1.124 +IP.382 = 10.0.1.125 +IP.383 = 10.0.1.126 +IP.384 = 10.0.1.127 +IP.385 = 10.0.1.128 +IP.386 = 10.0.1.129 +IP.387 = 10.0.1.130 +IP.388 = 10.0.1.131 +IP.389 = 10.0.1.132 +IP.390 = 10.0.1.133 +IP.391 = 10.0.1.134 +IP.392 = 10.0.1.135 +IP.393 = 10.0.1.136 +IP.394 = 10.0.1.137 +IP.395 = 10.0.1.138 +IP.396 = 10.0.1.139 +IP.397 = 10.0.1.140 +IP.398 = 10.0.1.141 +IP.399 = 10.0.1.142 +IP.400 = 10.0.1.143 +IP.401 = 10.0.1.144 +IP.402 = 10.0.1.145 +IP.403 = 10.0.1.146 +IP.404 = 10.0.1.147 +IP.405 = 10.0.1.148 +IP.406 = 10.0.1.149 +IP.407 = 10.0.1.150 +IP.408 = 10.0.1.151 +IP.409 = 10.0.1.152 +IP.410 = 10.0.1.153 +IP.411 = 10.0.1.154 +IP.412 = 10.0.1.155 +IP.413 = 10.0.1.156 +IP.414 = 10.0.1.157 +IP.415 = 10.0.1.158 +IP.416 = 10.0.1.159 +IP.417 = 10.0.1.160 +IP.418 = 10.0.1.161 +IP.419 = 10.0.1.162 +IP.420 = 10.0.1.163 +IP.421 = 10.0.1.164 +IP.422 = 10.0.1.165 +IP.423 = 10.0.1.166 +IP.424 = 10.0.1.167 +IP.425 = 10.0.1.168 +IP.426 = 10.0.1.169 +IP.427 = 10.0.1.170 +IP.428 = 10.0.1.171 +IP.429 = 10.0.1.172 +IP.430 = 10.0.1.173 +IP.431 = 10.0.1.174 +IP.432 = 10.0.1.175 +IP.433 = 10.0.1.176 +IP.434 = 10.0.1.177 +IP.435 = 10.0.1.178 +IP.436 = 10.0.1.179 +IP.437 = 10.0.1.180 +IP.438 = 10.0.1.181 +IP.439 = 10.0.1.182 +IP.440 = 10.0.1.183 +IP.441 = 10.0.1.184 +IP.442 = 10.0.1.185 +IP.443 = 10.0.1.186 +IP.444 = 10.0.1.187 +IP.445 = 10.0.1.188 +IP.446 = 10.0.1.189 +IP.447 = 10.0.1.190 +IP.448 = 10.0.1.191 +IP.449 = 10.0.1.192 +IP.450 = 10.0.1.193 +IP.451 = 10.0.1.194 +IP.452 = 10.0.1.195 +IP.453 = 10.0.1.196 +IP.454 = 10.0.1.197 +IP.455 = 10.0.1.198 +IP.456 = 10.0.1.199 +IP.457 = 10.0.1.200 +IP.458 = 10.0.1.201 +IP.459 = 10.0.1.202 +IP.460 = 10.0.1.203 +IP.461 = 10.0.1.204 +IP.462 = 10.0.1.205 +IP.463 = 10.0.1.206 +IP.464 = 10.0.1.207 +IP.465 = 10.0.1.208 +IP.466 = 10.0.1.209 +IP.467 = 10.0.1.210 +IP.468 = 10.0.1.211 +IP.469 = 10.0.1.212 +IP.470 = 10.0.1.213 +IP.471 = 10.0.1.214 +IP.472 = 10.0.1.215 +IP.473 = 10.0.1.216 +IP.474 = 10.0.1.217 +IP.475 = 10.0.1.218 +IP.476 = 10.0.1.219 +IP.477 = 10.0.1.220 +IP.478 = 10.0.1.221 +IP.479 = 10.0.1.222 +IP.480 = 10.0.1.223 +IP.481 = 10.0.1.224 +IP.482 = 10.0.1.225 +IP.483 = 10.0.1.226 +IP.484 = 10.0.1.227 +IP.485 = 10.0.1.228 +IP.486 = 10.0.1.229 +IP.487 = 10.0.1.230 +IP.488 = 10.0.1.231 +IP.489 = 10.0.1.232 +IP.490 = 10.0.1.233 +IP.491 = 10.0.1.234 +IP.492 = 10.0.1.235 +IP.493 = 10.0.1.236 +IP.494 = 10.0.1.237 +IP.495 = 10.0.1.238 +IP.496 = 10.0.1.239 +IP.497 = 10.0.1.240 +IP.498 = 10.0.1.241 +IP.499 = 10.0.1.242 +IP.500 = 10.0.1.243 +IP.501 = 10.0.1.244 +IP.502 = 10.0.1.245 +IP.503 = 10.0.1.246 +IP.504 = 10.0.1.247 +IP.505 = 10.0.1.248 +IP.506 = 10.0.1.249 +IP.507 = 10.0.1.250 +IP.508 = 10.0.1.251 +IP.509 = 10.0.1.252 +IP.510 = 10.0.1.253 +IP.511 = 10.0.1.254 +IP.512 = 10.0.1.255 +IP.513 = 10.0.2.0 +IP.514 = 10.0.2.1 +IP.515 = 10.0.2.2 +IP.516 = 10.0.2.3 +IP.517 = 10.0.2.4 +IP.518 = 10.0.2.5 +IP.519 = 10.0.2.6 +IP.520 = 10.0.2.7 +IP.521 = 10.0.2.8 +IP.522 = 10.0.2.9 +IP.523 = 10.0.2.10 +IP.524 = 10.0.2.11 +IP.525 = 10.0.2.12 +IP.526 = 10.0.2.13 +IP.527 = 10.0.2.14 +IP.528 = 10.0.2.15 +IP.529 = 10.0.2.16 +IP.530 = 10.0.2.17 +IP.531 = 10.0.2.18 +IP.532 = 10.0.2.19 +IP.533 = 10.0.2.20 +IP.534 = 10.0.2.21 +IP.535 = 10.0.2.22 +IP.536 = 10.0.2.23 +IP.537 = 10.0.2.24 +IP.538 = 10.0.2.25 +IP.539 = 10.0.2.26 +IP.540 = 10.0.2.27 +IP.541 = 10.0.2.28 +IP.542 = 10.0.2.29 +IP.543 = 10.0.2.30 +IP.544 = 10.0.2.31 +IP.545 = 10.0.2.32 +IP.546 = 10.0.2.33 +IP.547 = 10.0.2.34 +IP.548 = 10.0.2.35 +IP.549 = 10.0.2.36 +IP.550 = 10.0.2.37 +IP.551 = 10.0.2.38 +IP.552 = 10.0.2.39 +IP.553 = 10.0.2.40 +IP.554 = 10.0.2.41 +IP.555 = 10.0.2.42 +IP.556 = 10.0.2.43 +IP.557 = 10.0.2.44 +IP.558 = 10.0.2.45 +IP.559 = 10.0.2.46 +IP.560 = 10.0.2.47 +IP.561 = 10.0.2.48 +IP.562 = 10.0.2.49 +IP.563 = 10.0.2.50 +IP.564 = 10.0.2.51 +IP.565 = 10.0.2.52 +IP.566 = 10.0.2.53 +IP.567 = 10.0.2.54 +IP.568 = 10.0.2.55 +IP.569 = 10.0.2.56 +IP.570 = 10.0.2.57 +IP.571 = 10.0.2.58 +IP.572 = 10.0.2.59 +IP.573 = 10.0.2.60 +IP.574 = 10.0.2.61 +IP.575 = 10.0.2.62 +IP.576 = 10.0.2.63 +IP.577 = 10.0.2.64 +IP.578 = 10.0.2.65 +IP.579 = 10.0.2.66 +IP.580 = 10.0.2.67 +IP.581 = 10.0.2.68 +IP.582 = 10.0.2.69 +IP.583 = 10.0.2.70 +IP.584 = 10.0.2.71 +IP.585 = 10.0.2.72 +IP.586 = 10.0.2.73 +IP.587 = 10.0.2.74 +IP.588 = 10.0.2.75 +IP.589 = 10.0.2.76 +IP.590 = 10.0.2.77 +IP.591 = 10.0.2.78 +IP.592 = 10.0.2.79 +IP.593 = 10.0.2.80 +IP.594 = 10.0.2.81 +IP.595 = 10.0.2.82 +IP.596 = 10.0.2.83 +IP.597 = 10.0.2.84 +IP.598 = 10.0.2.85 +IP.599 = 10.0.2.86 +IP.600 = 10.0.2.87 +IP.601 = 10.0.2.88 +IP.602 = 10.0.2.89 +IP.603 = 10.0.2.90 +IP.604 = 10.0.2.91 +IP.605 = 10.0.2.92 +IP.606 = 10.0.2.93 +IP.607 = 10.0.2.94 +IP.608 = 10.0.2.95 +IP.609 = 10.0.2.96 +IP.610 = 10.0.2.97 +IP.611 = 10.0.2.98 +IP.612 = 10.0.2.99 +IP.613 = 10.0.2.100 +IP.614 = 10.0.2.101 +IP.615 = 10.0.2.102 +IP.616 = 10.0.2.103 +IP.617 = 10.0.2.104 +IP.618 = 10.0.2.105 +IP.619 = 10.0.2.106 +IP.620 = 10.0.2.107 +IP.621 = 10.0.2.108 +IP.622 = 10.0.2.109 +IP.623 = 10.0.2.110 +IP.624 = 10.0.2.111 +IP.625 = 10.0.2.112 +IP.626 = 10.0.2.113 +IP.627 = 10.0.2.114 +IP.628 = 10.0.2.115 +IP.629 = 10.0.2.116 +IP.630 = 10.0.2.117 +IP.631 = 10.0.2.118 +IP.632 = 10.0.2.119 +IP.633 = 10.0.2.120 +IP.634 = 10.0.2.121 +IP.635 = 10.0.2.122 +IP.636 = 10.0.2.123 +IP.637 = 10.0.2.124 +IP.638 = 10.0.2.125 +IP.639 = 10.0.2.126 +IP.640 = 10.0.2.127 +IP.641 = 10.0.2.128 +IP.642 = 10.0.2.129 +IP.643 = 10.0.2.130 +IP.644 = 10.0.2.131 +IP.645 = 10.0.2.132 +IP.646 = 10.0.2.133 +IP.647 = 10.0.2.134 +IP.648 = 10.0.2.135 +IP.649 = 10.0.2.136 +IP.650 = 10.0.2.137 +IP.651 = 10.0.2.138 +IP.652 = 10.0.2.139 +IP.653 = 10.0.2.140 +IP.654 = 10.0.2.141 +IP.655 = 10.0.2.142 +IP.656 = 10.0.2.143 +IP.657 = 10.0.2.144 +IP.658 = 10.0.2.145 +IP.659 = 10.0.2.146 +IP.660 = 10.0.2.147 +IP.661 = 10.0.2.148 +IP.662 = 10.0.2.149 +IP.663 = 10.0.2.150 +IP.664 = 10.0.2.151 +IP.665 = 10.0.2.152 +IP.666 = 10.0.2.153 +IP.667 = 10.0.2.154 +IP.668 = 10.0.2.155 +IP.669 = 10.0.2.156 +IP.670 = 10.0.2.157 +IP.671 = 10.0.2.158 +IP.672 = 10.0.2.159 +IP.673 = 10.0.2.160 +IP.674 = 10.0.2.161 +IP.675 = 10.0.2.162 +IP.676 = 10.0.2.163 +IP.677 = 10.0.2.164 +IP.678 = 10.0.2.165 +IP.679 = 10.0.2.166 +IP.680 = 10.0.2.167 +IP.681 = 10.0.2.168 +IP.682 = 10.0.2.169 +IP.683 = 10.0.2.170 +IP.684 = 10.0.2.171 +IP.685 = 10.0.2.172 +IP.686 = 10.0.2.173 +IP.687 = 10.0.2.174 +IP.688 = 10.0.2.175 +IP.689 = 10.0.2.176 +IP.690 = 10.0.2.177 +IP.691 = 10.0.2.178 +IP.692 = 10.0.2.179 +IP.693 = 10.0.2.180 +IP.694 = 10.0.2.181 +IP.695 = 10.0.2.182 +IP.696 = 10.0.2.183 +IP.697 = 10.0.2.184 +IP.698 = 10.0.2.185 +IP.699 = 10.0.2.186 +IP.700 = 10.0.2.187 +IP.701 = 10.0.2.188 +IP.702 = 10.0.2.189 +IP.703 = 10.0.2.190 +IP.704 = 10.0.2.191 +IP.705 = 10.0.2.192 +IP.706 = 10.0.2.193 +IP.707 = 10.0.2.194 +IP.708 = 10.0.2.195 +IP.709 = 10.0.2.196 +IP.710 = 10.0.2.197 +IP.711 = 10.0.2.198 +IP.712 = 10.0.2.199 +IP.713 = 10.0.2.200 +IP.714 = 10.0.2.201 +IP.715 = 10.0.2.202 +IP.716 = 10.0.2.203 +IP.717 = 10.0.2.204 +IP.718 = 10.0.2.205 +IP.719 = 10.0.2.206 +IP.720 = 10.0.2.207 +IP.721 = 10.0.2.208 +IP.722 = 10.0.2.209 +IP.723 = 10.0.2.210 +IP.724 = 10.0.2.211 +IP.725 = 10.0.2.212 +IP.726 = 10.0.2.213 +IP.727 = 10.0.2.214 +IP.728 = 10.0.2.215 +IP.729 = 10.0.2.216 +IP.730 = 10.0.2.217 +IP.731 = 10.0.2.218 +IP.732 = 10.0.2.219 +IP.733 = 10.0.2.220 +IP.734 = 10.0.2.221 +IP.735 = 10.0.2.222 +IP.736 = 10.0.2.223 +IP.737 = 10.0.2.224 +IP.738 = 10.0.2.225 +IP.739 = 10.0.2.226 +IP.740 = 10.0.2.227 +IP.741 = 10.0.2.228 +IP.742 = 10.0.2.229 +IP.743 = 10.0.2.230 +IP.744 = 10.0.2.231 +IP.745 = 10.0.2.232 +IP.746 = 10.0.2.233 +IP.747 = 10.0.2.234 +IP.748 = 10.0.2.235 +IP.749 = 10.0.2.236 +IP.750 = 10.0.2.237 +IP.751 = 10.0.2.238 +IP.752 = 10.0.2.239 +IP.753 = 10.0.2.240 +IP.754 = 10.0.2.241 +IP.755 = 10.0.2.242 +IP.756 = 10.0.2.243 +IP.757 = 10.0.2.244 +IP.758 = 10.0.2.245 +IP.759 = 10.0.2.246 +IP.760 = 10.0.2.247 +IP.761 = 10.0.2.248 +IP.762 = 10.0.2.249 +IP.763 = 10.0.2.250 +IP.764 = 10.0.2.251 +IP.765 = 10.0.2.252 +IP.766 = 10.0.2.253 +IP.767 = 10.0.2.254 +IP.768 = 10.0.2.255 +IP.769 = 10.0.3.0 +IP.770 = 10.0.3.1 +IP.771 = 10.0.3.2 +IP.772 = 10.0.3.3 +IP.773 = 10.0.3.4 +IP.774 = 10.0.3.5 +IP.775 = 10.0.3.6 +IP.776 = 10.0.3.7 +IP.777 = 10.0.3.8 +IP.778 = 10.0.3.9 +IP.779 = 10.0.3.10 +IP.780 = 10.0.3.11 +IP.781 = 10.0.3.12 +IP.782 = 10.0.3.13 +IP.783 = 10.0.3.14 +IP.784 = 10.0.3.15 +IP.785 = 10.0.3.16 +IP.786 = 10.0.3.17 +IP.787 = 10.0.3.18 +IP.788 = 10.0.3.19 +IP.789 = 10.0.3.20 +IP.790 = 10.0.3.21 +IP.791 = 10.0.3.22 +IP.792 = 10.0.3.23 +IP.793 = 10.0.3.24 +IP.794 = 10.0.3.25 +IP.795 = 10.0.3.26 +IP.796 = 10.0.3.27 +IP.797 = 10.0.3.28 +IP.798 = 10.0.3.29 +IP.799 = 10.0.3.30 +IP.800 = 10.0.3.31 +IP.801 = 10.0.3.32 +IP.802 = 10.0.3.33 +IP.803 = 10.0.3.34 +IP.804 = 10.0.3.35 +IP.805 = 10.0.3.36 +IP.806 = 10.0.3.37 +IP.807 = 10.0.3.38 +IP.808 = 10.0.3.39 +IP.809 = 10.0.3.40 +IP.810 = 10.0.3.41 +IP.811 = 10.0.3.42 +IP.812 = 10.0.3.43 +IP.813 = 10.0.3.44 +IP.814 = 10.0.3.45 +IP.815 = 10.0.3.46 +IP.816 = 10.0.3.47 +IP.817 = 10.0.3.48 +IP.818 = 10.0.3.49 +IP.819 = 10.0.3.50 +IP.820 = 10.0.3.51 +IP.821 = 10.0.3.52 +IP.822 = 10.0.3.53 +IP.823 = 10.0.3.54 +IP.824 = 10.0.3.55 +IP.825 = 10.0.3.56 +IP.826 = 10.0.3.57 +IP.827 = 10.0.3.58 +IP.828 = 10.0.3.59 +IP.829 = 10.0.3.60 +IP.830 = 10.0.3.61 +IP.831 = 10.0.3.62 +IP.832 = 10.0.3.63 +IP.833 = 10.0.3.64 +IP.834 = 10.0.3.65 +IP.835 = 10.0.3.66 +IP.836 = 10.0.3.67 +IP.837 = 10.0.3.68 +IP.838 = 10.0.3.69 +IP.839 = 10.0.3.70 +IP.840 = 10.0.3.71 +IP.841 = 10.0.3.72 +IP.842 = 10.0.3.73 +IP.843 = 10.0.3.74 +IP.844 = 10.0.3.75 +IP.845 = 10.0.3.76 +IP.846 = 10.0.3.77 +IP.847 = 10.0.3.78 +IP.848 = 10.0.3.79 +IP.849 = 10.0.3.80 +IP.850 = 10.0.3.81 +IP.851 = 10.0.3.82 +IP.852 = 10.0.3.83 +IP.853 = 10.0.3.84 +IP.854 = 10.0.3.85 +IP.855 = 10.0.3.86 +IP.856 = 10.0.3.87 +IP.857 = 10.0.3.88 +IP.858 = 10.0.3.89 +IP.859 = 10.0.3.90 +IP.860 = 10.0.3.91 +IP.861 = 10.0.3.92 +IP.862 = 10.0.3.93 +IP.863 = 10.0.3.94 +IP.864 = 10.0.3.95 +IP.865 = 10.0.3.96 +IP.866 = 10.0.3.97 +IP.867 = 10.0.3.98 +IP.868 = 10.0.3.99 +IP.869 = 10.0.3.100 +IP.870 = 10.0.3.101 +IP.871 = 10.0.3.102 +IP.872 = 10.0.3.103 +IP.873 = 10.0.3.104 +IP.874 = 10.0.3.105 +IP.875 = 10.0.3.106 +IP.876 = 10.0.3.107 +IP.877 = 10.0.3.108 +IP.878 = 10.0.3.109 +IP.879 = 10.0.3.110 +IP.880 = 10.0.3.111 +IP.881 = 10.0.3.112 +IP.882 = 10.0.3.113 +IP.883 = 10.0.3.114 +IP.884 = 10.0.3.115 +IP.885 = 10.0.3.116 +IP.886 = 10.0.3.117 +IP.887 = 10.0.3.118 +IP.888 = 10.0.3.119 +IP.889 = 10.0.3.120 +IP.890 = 10.0.3.121 +IP.891 = 10.0.3.122 +IP.892 = 10.0.3.123 +IP.893 = 10.0.3.124 +IP.894 = 10.0.3.125 +IP.895 = 10.0.3.126 +IP.896 = 10.0.3.127 +IP.897 = 10.0.3.128 +IP.898 = 10.0.3.129 +IP.899 = 10.0.3.130 +IP.900 = 10.0.3.131 +IP.901 = 10.0.3.132 +IP.902 = 10.0.3.133 +IP.903 = 10.0.3.134 +IP.904 = 10.0.3.135 +IP.905 = 10.0.3.136 +IP.906 = 10.0.3.137 +IP.907 = 10.0.3.138 +IP.908 = 10.0.3.139 +IP.909 = 10.0.3.140 +IP.910 = 10.0.3.141 +IP.911 = 10.0.3.142 +IP.912 = 10.0.3.143 +IP.913 = 10.0.3.144 +IP.914 = 10.0.3.145 +IP.915 = 10.0.3.146 +IP.916 = 10.0.3.147 +IP.917 = 10.0.3.148 +IP.918 = 10.0.3.149 +IP.919 = 10.0.3.150 +IP.920 = 10.0.3.151 +IP.921 = 10.0.3.152 +IP.922 = 10.0.3.153 +IP.923 = 10.0.3.154 +IP.924 = 10.0.3.155 +IP.925 = 10.0.3.156 +IP.926 = 10.0.3.157 +IP.927 = 10.0.3.158 +IP.928 = 10.0.3.159 +IP.929 = 10.0.3.160 +IP.930 = 10.0.3.161 +IP.931 = 10.0.3.162 +IP.932 = 10.0.3.163 +IP.933 = 10.0.3.164 +IP.934 = 10.0.3.165 +IP.935 = 10.0.3.166 +IP.936 = 10.0.3.167 +IP.937 = 10.0.3.168 +IP.938 = 10.0.3.169 +IP.939 = 10.0.3.170 +IP.940 = 10.0.3.171 +IP.941 = 10.0.3.172 +IP.942 = 10.0.3.173 +IP.943 = 10.0.3.174 +IP.944 = 10.0.3.175 +IP.945 = 10.0.3.176 +IP.946 = 10.0.3.177 +IP.947 = 10.0.3.178 +IP.948 = 10.0.3.179 +IP.949 = 10.0.3.180 +IP.950 = 10.0.3.181 +IP.951 = 10.0.3.182 +IP.952 = 10.0.3.183 +IP.953 = 10.0.3.184 +IP.954 = 10.0.3.185 +IP.955 = 10.0.3.186 +IP.956 = 10.0.3.187 +IP.957 = 10.0.3.188 +IP.958 = 10.0.3.189 +IP.959 = 10.0.3.190 +IP.960 = 10.0.3.191 +IP.961 = 10.0.3.192 +IP.962 = 10.0.3.193 +IP.963 = 10.0.3.194 +IP.964 = 10.0.3.195 +IP.965 = 10.0.3.196 +IP.966 = 10.0.3.197 +IP.967 = 10.0.3.198 +IP.968 = 10.0.3.199 +IP.969 = 10.0.3.200 +IP.970 = 10.0.3.201 +IP.971 = 10.0.3.202 +IP.972 = 10.0.3.203 +IP.973 = 10.0.3.204 +IP.974 = 10.0.3.205 +IP.975 = 10.0.3.206 +IP.976 = 10.0.3.207 +IP.977 = 10.0.3.208 +IP.978 = 10.0.3.209 +IP.979 = 10.0.3.210 +IP.980 = 10.0.3.211 +IP.981 = 10.0.3.212 +IP.982 = 10.0.3.213 +IP.983 = 10.0.3.214 +IP.984 = 10.0.3.215 +IP.985 = 10.0.3.216 +IP.986 = 10.0.3.217 +IP.987 = 10.0.3.218 +IP.988 = 10.0.3.219 +IP.989 = 10.0.3.220 +IP.990 = 10.0.3.221 +IP.991 = 10.0.3.222 +IP.992 = 10.0.3.223 +IP.993 = 10.0.3.224 +IP.994 = 10.0.3.225 +IP.995 = 10.0.3.226 +IP.996 = 10.0.3.227 +IP.997 = 10.0.3.228 +IP.998 = 10.0.3.229 +IP.999 = 10.0.3.230 +IP.1000 = 10.0.3.231 +IP.1001 = 10.0.3.232 +IP.1002 = 10.0.3.233 +IP.1003 = 10.0.3.234 +IP.1004 = 10.0.3.235 +IP.1005 = 10.0.3.236 +IP.1006 = 10.0.3.237 +IP.1007 = 10.0.3.238 +IP.1008 = 10.0.3.239 +IP.1009 = 10.0.3.240 +IP.1010 = 10.0.3.241 +IP.1011 = 10.0.3.242 +IP.1012 = 10.0.3.243 +IP.1013 = 10.0.3.244 +IP.1014 = 10.0.3.245 +IP.1015 = 10.0.3.246 +IP.1016 = 10.0.3.247 +IP.1017 = 10.0.3.248 +IP.1018 = 10.0.3.249 +IP.1019 = 10.0.3.250 +IP.1020 = 10.0.3.251 +IP.1021 = 10.0.3.252 +IP.1022 = 10.0.3.253 +IP.1023 = 10.0.3.254 +IP.1024 = 10.0.3.255 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.csr new file mode 100644 index 0000000000..20a991966d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.csr @@ -0,0 +1,145 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIayjCCGbICAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGgghh2MIIYcgYJKoZIhvcN +AQkOMYIYYzCCGF8wHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNV +HREEghgEMIIYAIcECgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcE +CgAABocECgAAB4cECgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcE +CgAADocECgAAD4cECgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcE +CgAAFocECgAAF4cECgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcE +CgAAHocECgAAH4cECgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcE +CgAAJocECgAAJ4cECgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcE +CgAALocECgAAL4cECgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcE +CgAANocECgAAN4cECgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcE +CgAAPocECgAAP4cECgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcE +CgAARocECgAAR4cECgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcE +CgAATocECgAAT4cECgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcE +CgAAVocECgAAV4cECgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcE +CgAAXocECgAAX4cECgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcE +CgAAZocECgAAZ4cECgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcE +CgAAbocECgAAb4cECgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcE +CgAAdocECgAAd4cECgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcE +CgAAfocECgAAf4cECgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcE +CgAAhocECgAAh4cECgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcE +CgAAjocECgAAj4cECgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcE +CgAAlocECgAAl4cECgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcE +CgAAnocECgAAn4cECgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcE +CgAApocECgAAp4cECgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcE +CgAArocECgAAr4cECgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcE +CgAAtocECgAAt4cECgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcE +CgAAvocECgAAv4cECgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcE +CgAAxocECgAAx4cECgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcE +CgAAzocECgAAz4cECgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcE +CgAA1ocECgAA14cECgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcE +CgAA3ocECgAA34cECgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcE +CgAA5ocECgAA54cECgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcE +CgAA7ocECgAA74cECgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcE +CgAA9ocECgAA94cECgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcE +CgAA/ocECgAA/4cECgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcE +CgABBocECgABB4cECgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcE +CgABDocECgABD4cECgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcE +CgABFocECgABF4cECgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcE +CgABHocECgABH4cECgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcE +CgABJocECgABJ4cECgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcE +CgABLocECgABL4cECgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcE +CgABNocECgABN4cECgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcE +CgABPocECgABP4cECgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcE +CgABRocECgABR4cECgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcE +CgABTocECgABT4cECgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcE +CgABVocECgABV4cECgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcE +CgABXocECgABX4cECgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcE +CgABZocECgABZ4cECgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcE +CgABbocECgABb4cECgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcE +CgABdocECgABd4cECgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcE +CgABfocECgABf4cECgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcE +CgABhocECgABh4cECgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcE +CgABjocECgABj4cECgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcE +CgABlocECgABl4cECgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcE +CgABnocECgABn4cECgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcE +CgABpocECgABp4cECgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcE +CgABrocECgABr4cECgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcE +CgABtocECgABt4cECgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcE +CgABvocECgABv4cECgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcE +CgABxocECgABx4cECgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcE +CgABzocECgABz4cECgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcE +CgAB1ocECgAB14cECgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcE +CgAB3ocECgAB34cECgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcE +CgAB5ocECgAB54cECgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcE +CgAB7ocECgAB74cECgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcE +CgAB9ocECgAB94cECgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcE +CgAB/ocECgAB/4cECgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcE +CgACBocECgACB4cECgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcE +CgACDocECgACD4cECgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcE +CgACFocECgACF4cECgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcE +CgACHocECgACH4cECgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcE +CgACJocECgACJ4cECgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcE +CgACLocECgACL4cECgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcE +CgACNocECgACN4cECgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcE +CgACPocECgACP4cECgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcE +CgACRocECgACR4cECgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcE +CgACTocECgACT4cECgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcE +CgACVocECgACV4cECgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcE +CgACXocECgACX4cECgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcE +CgACZocECgACZ4cECgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcE +CgACbocECgACb4cECgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcE +CgACdocECgACd4cECgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcE +CgACfocECgACf4cECgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcE +CgAChocECgACh4cECgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcE +CgACjocECgACj4cECgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcE +CgAClocECgACl4cECgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcE +CgACnocECgACn4cECgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcE +CgACpocECgACp4cECgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcE +CgACrocECgACr4cECgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcE +CgACtocECgACt4cECgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcE +CgACvocECgACv4cECgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcE +CgACxocECgACx4cECgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcE +CgACzocECgACz4cECgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcE +CgAC1ocECgAC14cECgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcE +CgAC3ocECgAC34cECgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcE +CgAC5ocECgAC54cECgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcE +CgAC7ocECgAC74cECgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcE +CgAC9ocECgAC94cECgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcE +CgAC/ocECgAC/4cECgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcE +CgADBocECgADB4cECgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcE +CgADDocECgADD4cECgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcE +CgADFocECgADF4cECgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcE +CgADHocECgADH4cECgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcE +CgADJocECgADJ4cECgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcE +CgADLocECgADL4cECgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcE +CgADNocECgADN4cECgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcE +CgADPocECgADP4cECgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcE +CgADRocECgADR4cECgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcE +CgADTocECgADT4cECgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcE +CgADVocECgADV4cECgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcE +CgADXocECgADX4cECgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcE +CgADZocECgADZ4cECgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcE +CgADbocECgADb4cECgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcE +CgADdocECgADd4cECgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcE +CgADfocECgADf4cECgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcE +CgADhocECgADh4cECgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcE +CgADjocECgADj4cECgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcE +CgADlocECgADl4cECgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcE +CgADnocECgADn4cECgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcE +CgADpocECgADp4cECgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcE +CgADrocECgADr4cECgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcE +CgADtocECgADt4cECgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcE +CgADvocECgADv4cECgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcE +CgADxocECgADx4cECgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcE +CgADzocECgADz4cECgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcE +CgAD1ocECgAD14cECgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcE +CgAD3ocECgAD34cECgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcE +CgAD5ocECgAD54cECgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcE +CgAD7ocECgAD74cECgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcE +CgAD9ocECgAD94cECgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcE +CgAD/ocECgAD/zANBgkqhkiG9w0BAQsFAAOCAQEAPvGfgaK1FKxTNxCDWV+yYfuz +EVUhxh4SNGwKdYj9/n829IE/40YKNo3o8hCQq1e0VtLvW1YyxZQ7Lsaaiaj3rgUE +jzI78mZBEIBvf4S2S1PFXNwx0EwsNyarImIFirDR/wyI/O3qHiDgDL+QZ0G9K4pe +yDoPHQWzRff5bczSyVTZESp/i6c0r4gB3S9dwmpJ40BJvGqDs7h3115K7KjT3Y7t +G/h70xGD1n+8X/HRQCc0inutWk0ToZdkRNEvzFlAqU34g2/eS+uyzntJWXAtO4nc +uAflue4l2NC2tR76MzNtHgvwFyiugvXjpQwT6oFgUmnyISfvhWprW1XaWqSVWw== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.pem new file mode 100644 index 0000000000..e32f370641 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_6.pem @@ -0,0 +1,220 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:da + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 13:e0:0d:71:4c:e5:af:98:fc:35:e0:79:60:26:93:28:ee:ef: + 83:73:c6:86:03:3d:4a:5c:b6:75:25:14:44:0d:af:bf:0b:ac: + 7a:f1:10:78:65:6d:f3:bc:ff:e2:aa:36:af:37:a4:6f:0c:b3: + c5:78:dc:81:a0:98:2a:d2:1c:b3:04:0f:cb:f7:47:b5:75:a2: + 1d:bc:69:2b:aa:62:ff:59:51:53:5b:f6:38:30:00:fa:2d:15: + 9c:9a:7b:b6:56:d7:f7:bc:1d:87:8b:4d:17:41:81:c0:72:c6: + 13:3e:ea:bc:e1:d9:6a:e2:ac:fa:02:a3:3b:c8:59:be:bb:e7: + 62:8c:86:23:f2:ec:d5:d0:f3:45:69:20:95:a2:c3:f4:40:eb: + 36:44:64:b6:11:9d:f8:51:8a:38:85:ef:f3:e0:3e:93:1c:29: + 80:93:4d:d5:75:8c:33:d1:66:9c:61:4e:eb:a2:9a:61:6e:55: + 13:2b:1c:2b:0a:73:6e:44:fb:87:74:c8:08:df:34:78:18:4b: + 66:42:54:11:ce:c4:88:38:4f:42:36:41:81:28:be:91:7d:ce: + 5c:81:71:0d:26:48:d9:65:cf:00:36:66:3b:88:cb:51:21:f5: + ce:e4:56:4f:10:cf:87:0e:40:2f:d9:b6:fc:0b:ae:e6:86:74: + 5c:bd:a5:aa +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAE+ANcUzlr5j8NeB5YCaTKO7vg3PGhgM9Sly2dSUU +RA2vvwusevEQeGVt87z/4qo2rzekbwyzxXjcgaCYKtIcswQPy/dHtXWiHbxpK6pi +/1lRU1v2ODAA+i0VnJp7tlbX97wdh4tNF0GBwHLGEz7qvOHZauKs+gKjO8hZvrvn +YoyGI/Ls1dDzRWkglaLD9EDrNkRkthGd+FGKOIXv8+A+kxwpgJNN1XWMM9FmnGFO +66KaYW5VEyscKwpzbkT7h3TICN80eBhLZkJUEc7EiDhPQjZBgSi+kX3OXIFxDSZI +2WXPADZmO4jLUSH1zuRWTxDPhw5AL9m2/Auu5oZ0XL2lqg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.cnf b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.cnf new file mode 100644 index 0000000000..60613384c8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.cnf @@ -0,0 +1,4163 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "t0" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @san_info + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/t0_7.pem +new_certs_dir = out +serial = out/t0.serial +database = out/t0.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/t0.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/t0.cer + +[crl_info] +URI.0 = http://url-for-crl/t0.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + +[san_info] +dirName.1 = san_dirname1 +dirName.2 = san_dirname2 +dirName.3 = san_dirname3 +dirName.4 = san_dirname4 +dirName.5 = san_dirname5 +dirName.6 = san_dirname6 +dirName.7 = san_dirname7 +dirName.8 = san_dirname8 +dirName.9 = san_dirname9 +dirName.10 = san_dirname10 +dirName.11 = san_dirname11 +dirName.12 = san_dirname12 +dirName.13 = san_dirname13 +dirName.14 = san_dirname14 +dirName.15 = san_dirname15 +dirName.16 = san_dirname16 +dirName.17 = san_dirname17 +dirName.18 = san_dirname18 +dirName.19 = san_dirname19 +dirName.20 = san_dirname20 +dirName.21 = san_dirname21 +dirName.22 = san_dirname22 +dirName.23 = san_dirname23 +dirName.24 = san_dirname24 +dirName.25 = san_dirname25 +dirName.26 = san_dirname26 +dirName.27 = san_dirname27 +dirName.28 = san_dirname28 +dirName.29 = san_dirname29 +dirName.30 = san_dirname30 +dirName.31 = san_dirname31 +dirName.32 = san_dirname32 +dirName.33 = san_dirname33 +dirName.34 = san_dirname34 +dirName.35 = san_dirname35 +dirName.36 = san_dirname36 +dirName.37 = san_dirname37 +dirName.38 = san_dirname38 +dirName.39 = san_dirname39 +dirName.40 = san_dirname40 +dirName.41 = san_dirname41 +dirName.42 = san_dirname42 +dirName.43 = san_dirname43 +dirName.44 = san_dirname44 +dirName.45 = san_dirname45 +dirName.46 = san_dirname46 +dirName.47 = san_dirname47 +dirName.48 = san_dirname48 +dirName.49 = san_dirname49 +dirName.50 = san_dirname50 +dirName.51 = san_dirname51 +dirName.52 = san_dirname52 +dirName.53 = san_dirname53 +dirName.54 = san_dirname54 +dirName.55 = san_dirname55 +dirName.56 = san_dirname56 +dirName.57 = san_dirname57 +dirName.58 = san_dirname58 +dirName.59 = san_dirname59 +dirName.60 = san_dirname60 +dirName.61 = san_dirname61 +dirName.62 = san_dirname62 +dirName.63 = san_dirname63 +dirName.64 = san_dirname64 +dirName.65 = san_dirname65 +dirName.66 = san_dirname66 +dirName.67 = san_dirname67 +dirName.68 = san_dirname68 +dirName.69 = san_dirname69 +dirName.70 = san_dirname70 +dirName.71 = san_dirname71 +dirName.72 = san_dirname72 +dirName.73 = san_dirname73 +dirName.74 = san_dirname74 +dirName.75 = san_dirname75 +dirName.76 = san_dirname76 +dirName.77 = san_dirname77 +dirName.78 = san_dirname78 +dirName.79 = san_dirname79 +dirName.80 = san_dirname80 +dirName.81 = san_dirname81 +dirName.82 = san_dirname82 +dirName.83 = san_dirname83 +dirName.84 = san_dirname84 +dirName.85 = san_dirname85 +dirName.86 = san_dirname86 +dirName.87 = san_dirname87 +dirName.88 = san_dirname88 +dirName.89 = san_dirname89 +dirName.90 = san_dirname90 +dirName.91 = san_dirname91 +dirName.92 = san_dirname92 +dirName.93 = san_dirname93 +dirName.94 = san_dirname94 +dirName.95 = san_dirname95 +dirName.96 = san_dirname96 +dirName.97 = san_dirname97 +dirName.98 = san_dirname98 +dirName.99 = san_dirname99 +dirName.100 = san_dirname100 +dirName.101 = san_dirname101 +dirName.102 = san_dirname102 +dirName.103 = san_dirname103 +dirName.104 = san_dirname104 +dirName.105 = san_dirname105 +dirName.106 = san_dirname106 +dirName.107 = san_dirname107 +dirName.108 = san_dirname108 +dirName.109 = san_dirname109 +dirName.110 = san_dirname110 +dirName.111 = san_dirname111 +dirName.112 = san_dirname112 +dirName.113 = san_dirname113 +dirName.114 = san_dirname114 +dirName.115 = san_dirname115 +dirName.116 = san_dirname116 +dirName.117 = san_dirname117 +dirName.118 = san_dirname118 +dirName.119 = san_dirname119 +dirName.120 = san_dirname120 +dirName.121 = san_dirname121 +dirName.122 = san_dirname122 +dirName.123 = san_dirname123 +dirName.124 = san_dirname124 +dirName.125 = san_dirname125 +dirName.126 = san_dirname126 +dirName.127 = san_dirname127 +dirName.128 = san_dirname128 +dirName.129 = san_dirname129 +dirName.130 = san_dirname130 +dirName.131 = san_dirname131 +dirName.132 = san_dirname132 +dirName.133 = san_dirname133 +dirName.134 = san_dirname134 +dirName.135 = san_dirname135 +dirName.136 = san_dirname136 +dirName.137 = san_dirname137 +dirName.138 = san_dirname138 +dirName.139 = san_dirname139 +dirName.140 = san_dirname140 +dirName.141 = san_dirname141 +dirName.142 = san_dirname142 +dirName.143 = san_dirname143 +dirName.144 = san_dirname144 +dirName.145 = san_dirname145 +dirName.146 = san_dirname146 +dirName.147 = san_dirname147 +dirName.148 = san_dirname148 +dirName.149 = san_dirname149 +dirName.150 = san_dirname150 +dirName.151 = san_dirname151 +dirName.152 = san_dirname152 +dirName.153 = san_dirname153 +dirName.154 = san_dirname154 +dirName.155 = san_dirname155 +dirName.156 = san_dirname156 +dirName.157 = san_dirname157 +dirName.158 = san_dirname158 +dirName.159 = san_dirname159 +dirName.160 = san_dirname160 +dirName.161 = san_dirname161 +dirName.162 = san_dirname162 +dirName.163 = san_dirname163 +dirName.164 = san_dirname164 +dirName.165 = san_dirname165 +dirName.166 = san_dirname166 +dirName.167 = san_dirname167 +dirName.168 = san_dirname168 +dirName.169 = san_dirname169 +dirName.170 = san_dirname170 +dirName.171 = san_dirname171 +dirName.172 = san_dirname172 +dirName.173 = san_dirname173 +dirName.174 = san_dirname174 +dirName.175 = san_dirname175 +dirName.176 = san_dirname176 +dirName.177 = san_dirname177 +dirName.178 = san_dirname178 +dirName.179 = san_dirname179 +dirName.180 = san_dirname180 +dirName.181 = san_dirname181 +dirName.182 = san_dirname182 +dirName.183 = san_dirname183 +dirName.184 = san_dirname184 +dirName.185 = san_dirname185 +dirName.186 = san_dirname186 +dirName.187 = san_dirname187 +dirName.188 = san_dirname188 +dirName.189 = san_dirname189 +dirName.190 = san_dirname190 +dirName.191 = san_dirname191 +dirName.192 = san_dirname192 +dirName.193 = san_dirname193 +dirName.194 = san_dirname194 +dirName.195 = san_dirname195 +dirName.196 = san_dirname196 +dirName.197 = san_dirname197 +dirName.198 = san_dirname198 +dirName.199 = san_dirname199 +dirName.200 = san_dirname200 +dirName.201 = san_dirname201 +dirName.202 = san_dirname202 +dirName.203 = san_dirname203 +dirName.204 = san_dirname204 +dirName.205 = san_dirname205 +dirName.206 = san_dirname206 +dirName.207 = san_dirname207 +dirName.208 = san_dirname208 +dirName.209 = san_dirname209 +dirName.210 = san_dirname210 +dirName.211 = san_dirname211 +dirName.212 = san_dirname212 +dirName.213 = san_dirname213 +dirName.214 = san_dirname214 +dirName.215 = san_dirname215 +dirName.216 = san_dirname216 +dirName.217 = san_dirname217 +dirName.218 = san_dirname218 +dirName.219 = san_dirname219 +dirName.220 = san_dirname220 +dirName.221 = san_dirname221 +dirName.222 = san_dirname222 +dirName.223 = san_dirname223 +dirName.224 = san_dirname224 +dirName.225 = san_dirname225 +dirName.226 = san_dirname226 +dirName.227 = san_dirname227 +dirName.228 = san_dirname228 +dirName.229 = san_dirname229 +dirName.230 = san_dirname230 +dirName.231 = san_dirname231 +dirName.232 = san_dirname232 +dirName.233 = san_dirname233 +dirName.234 = san_dirname234 +dirName.235 = san_dirname235 +dirName.236 = san_dirname236 +dirName.237 = san_dirname237 +dirName.238 = san_dirname238 +dirName.239 = san_dirname239 +dirName.240 = san_dirname240 +dirName.241 = san_dirname241 +dirName.242 = san_dirname242 +dirName.243 = san_dirname243 +dirName.244 = san_dirname244 +dirName.245 = san_dirname245 +dirName.246 = san_dirname246 +dirName.247 = san_dirname247 +dirName.248 = san_dirname248 +dirName.249 = san_dirname249 +dirName.250 = san_dirname250 +dirName.251 = san_dirname251 +dirName.252 = san_dirname252 +dirName.253 = san_dirname253 +dirName.254 = san_dirname254 +dirName.255 = san_dirname255 +dirName.256 = san_dirname256 +dirName.257 = san_dirname257 +dirName.258 = san_dirname258 +dirName.259 = san_dirname259 +dirName.260 = san_dirname260 +dirName.261 = san_dirname261 +dirName.262 = san_dirname262 +dirName.263 = san_dirname263 +dirName.264 = san_dirname264 +dirName.265 = san_dirname265 +dirName.266 = san_dirname266 +dirName.267 = san_dirname267 +dirName.268 = san_dirname268 +dirName.269 = san_dirname269 +dirName.270 = san_dirname270 +dirName.271 = san_dirname271 +dirName.272 = san_dirname272 +dirName.273 = san_dirname273 +dirName.274 = san_dirname274 +dirName.275 = san_dirname275 +dirName.276 = san_dirname276 +dirName.277 = san_dirname277 +dirName.278 = san_dirname278 +dirName.279 = san_dirname279 +dirName.280 = san_dirname280 +dirName.281 = san_dirname281 +dirName.282 = san_dirname282 +dirName.283 = san_dirname283 +dirName.284 = san_dirname284 +dirName.285 = san_dirname285 +dirName.286 = san_dirname286 +dirName.287 = san_dirname287 +dirName.288 = san_dirname288 +dirName.289 = san_dirname289 +dirName.290 = san_dirname290 +dirName.291 = san_dirname291 +dirName.292 = san_dirname292 +dirName.293 = san_dirname293 +dirName.294 = san_dirname294 +dirName.295 = san_dirname295 +dirName.296 = san_dirname296 +dirName.297 = san_dirname297 +dirName.298 = san_dirname298 +dirName.299 = san_dirname299 +dirName.300 = san_dirname300 +dirName.301 = san_dirname301 +dirName.302 = san_dirname302 +dirName.303 = san_dirname303 +dirName.304 = san_dirname304 +dirName.305 = san_dirname305 +dirName.306 = san_dirname306 +dirName.307 = san_dirname307 +dirName.308 = san_dirname308 +dirName.309 = san_dirname309 +dirName.310 = san_dirname310 +dirName.311 = san_dirname311 +dirName.312 = san_dirname312 +dirName.313 = san_dirname313 +dirName.314 = san_dirname314 +dirName.315 = san_dirname315 +dirName.316 = san_dirname316 +dirName.317 = san_dirname317 +dirName.318 = san_dirname318 +dirName.319 = san_dirname319 +dirName.320 = san_dirname320 +dirName.321 = san_dirname321 +dirName.322 = san_dirname322 +dirName.323 = san_dirname323 +dirName.324 = san_dirname324 +dirName.325 = san_dirname325 +dirName.326 = san_dirname326 +dirName.327 = san_dirname327 +dirName.328 = san_dirname328 +dirName.329 = san_dirname329 +dirName.330 = san_dirname330 +dirName.331 = san_dirname331 +dirName.332 = san_dirname332 +dirName.333 = san_dirname333 +dirName.334 = san_dirname334 +dirName.335 = san_dirname335 +dirName.336 = san_dirname336 +dirName.337 = san_dirname337 +dirName.338 = san_dirname338 +dirName.339 = san_dirname339 +dirName.340 = san_dirname340 +dirName.341 = san_dirname341 +dirName.342 = san_dirname342 +dirName.343 = san_dirname343 +dirName.344 = san_dirname344 +dirName.345 = san_dirname345 +dirName.346 = san_dirname346 +dirName.347 = san_dirname347 +dirName.348 = san_dirname348 +dirName.349 = san_dirname349 +dirName.350 = san_dirname350 +dirName.351 = san_dirname351 +dirName.352 = san_dirname352 +dirName.353 = san_dirname353 +dirName.354 = san_dirname354 +dirName.355 = san_dirname355 +dirName.356 = san_dirname356 +dirName.357 = san_dirname357 +dirName.358 = san_dirname358 +dirName.359 = san_dirname359 +dirName.360 = san_dirname360 +dirName.361 = san_dirname361 +dirName.362 = san_dirname362 +dirName.363 = san_dirname363 +dirName.364 = san_dirname364 +dirName.365 = san_dirname365 +dirName.366 = san_dirname366 +dirName.367 = san_dirname367 +dirName.368 = san_dirname368 +dirName.369 = san_dirname369 +dirName.370 = san_dirname370 +dirName.371 = san_dirname371 +dirName.372 = san_dirname372 +dirName.373 = san_dirname373 +dirName.374 = san_dirname374 +dirName.375 = san_dirname375 +dirName.376 = san_dirname376 +dirName.377 = san_dirname377 +dirName.378 = san_dirname378 +dirName.379 = san_dirname379 +dirName.380 = san_dirname380 +dirName.381 = san_dirname381 +dirName.382 = san_dirname382 +dirName.383 = san_dirname383 +dirName.384 = san_dirname384 +dirName.385 = san_dirname385 +dirName.386 = san_dirname386 +dirName.387 = san_dirname387 +dirName.388 = san_dirname388 +dirName.389 = san_dirname389 +dirName.390 = san_dirname390 +dirName.391 = san_dirname391 +dirName.392 = san_dirname392 +dirName.393 = san_dirname393 +dirName.394 = san_dirname394 +dirName.395 = san_dirname395 +dirName.396 = san_dirname396 +dirName.397 = san_dirname397 +dirName.398 = san_dirname398 +dirName.399 = san_dirname399 +dirName.400 = san_dirname400 +dirName.401 = san_dirname401 +dirName.402 = san_dirname402 +dirName.403 = san_dirname403 +dirName.404 = san_dirname404 +dirName.405 = san_dirname405 +dirName.406 = san_dirname406 +dirName.407 = san_dirname407 +dirName.408 = san_dirname408 +dirName.409 = san_dirname409 +dirName.410 = san_dirname410 +dirName.411 = san_dirname411 +dirName.412 = san_dirname412 +dirName.413 = san_dirname413 +dirName.414 = san_dirname414 +dirName.415 = san_dirname415 +dirName.416 = san_dirname416 +dirName.417 = san_dirname417 +dirName.418 = san_dirname418 +dirName.419 = san_dirname419 +dirName.420 = san_dirname420 +dirName.421 = san_dirname421 +dirName.422 = san_dirname422 +dirName.423 = san_dirname423 +dirName.424 = san_dirname424 +dirName.425 = san_dirname425 +dirName.426 = san_dirname426 +dirName.427 = san_dirname427 +dirName.428 = san_dirname428 +dirName.429 = san_dirname429 +dirName.430 = san_dirname430 +dirName.431 = san_dirname431 +dirName.432 = san_dirname432 +dirName.433 = san_dirname433 +dirName.434 = san_dirname434 +dirName.435 = san_dirname435 +dirName.436 = san_dirname436 +dirName.437 = san_dirname437 +dirName.438 = san_dirname438 +dirName.439 = san_dirname439 +dirName.440 = san_dirname440 +dirName.441 = san_dirname441 +dirName.442 = san_dirname442 +dirName.443 = san_dirname443 +dirName.444 = san_dirname444 +dirName.445 = san_dirname445 +dirName.446 = san_dirname446 +dirName.447 = san_dirname447 +dirName.448 = san_dirname448 +dirName.449 = san_dirname449 +dirName.450 = san_dirname450 +dirName.451 = san_dirname451 +dirName.452 = san_dirname452 +dirName.453 = san_dirname453 +dirName.454 = san_dirname454 +dirName.455 = san_dirname455 +dirName.456 = san_dirname456 +dirName.457 = san_dirname457 +dirName.458 = san_dirname458 +dirName.459 = san_dirname459 +dirName.460 = san_dirname460 +dirName.461 = san_dirname461 +dirName.462 = san_dirname462 +dirName.463 = san_dirname463 +dirName.464 = san_dirname464 +dirName.465 = san_dirname465 +dirName.466 = san_dirname466 +dirName.467 = san_dirname467 +dirName.468 = san_dirname468 +dirName.469 = san_dirname469 +dirName.470 = san_dirname470 +dirName.471 = san_dirname471 +dirName.472 = san_dirname472 +dirName.473 = san_dirname473 +dirName.474 = san_dirname474 +dirName.475 = san_dirname475 +dirName.476 = san_dirname476 +dirName.477 = san_dirname477 +dirName.478 = san_dirname478 +dirName.479 = san_dirname479 +dirName.480 = san_dirname480 +dirName.481 = san_dirname481 +dirName.482 = san_dirname482 +dirName.483 = san_dirname483 +dirName.484 = san_dirname484 +dirName.485 = san_dirname485 +dirName.486 = san_dirname486 +dirName.487 = san_dirname487 +dirName.488 = san_dirname488 +dirName.489 = san_dirname489 +dirName.490 = san_dirname490 +dirName.491 = san_dirname491 +dirName.492 = san_dirname492 +dirName.493 = san_dirname493 +dirName.494 = san_dirname494 +dirName.495 = san_dirname495 +dirName.496 = san_dirname496 +dirName.497 = san_dirname497 +dirName.498 = san_dirname498 +dirName.499 = san_dirname499 +dirName.500 = san_dirname500 +dirName.501 = san_dirname501 +dirName.502 = san_dirname502 +dirName.503 = san_dirname503 +dirName.504 = san_dirname504 +dirName.505 = san_dirname505 +dirName.506 = san_dirname506 +dirName.507 = san_dirname507 +dirName.508 = san_dirname508 +dirName.509 = san_dirname509 +dirName.510 = san_dirname510 +dirName.511 = san_dirname511 +dirName.512 = san_dirname512 +dirName.513 = san_dirname513 +dirName.514 = san_dirname514 +dirName.515 = san_dirname515 +dirName.516 = san_dirname516 +dirName.517 = san_dirname517 +dirName.518 = san_dirname518 +dirName.519 = san_dirname519 +dirName.520 = san_dirname520 +dirName.521 = san_dirname521 +dirName.522 = san_dirname522 +dirName.523 = san_dirname523 +dirName.524 = san_dirname524 +dirName.525 = san_dirname525 +dirName.526 = san_dirname526 +dirName.527 = san_dirname527 +dirName.528 = san_dirname528 +dirName.529 = san_dirname529 +dirName.530 = san_dirname530 +dirName.531 = san_dirname531 +dirName.532 = san_dirname532 +dirName.533 = san_dirname533 +dirName.534 = san_dirname534 +dirName.535 = san_dirname535 +dirName.536 = san_dirname536 +dirName.537 = san_dirname537 +dirName.538 = san_dirname538 +dirName.539 = san_dirname539 +dirName.540 = san_dirname540 +dirName.541 = san_dirname541 +dirName.542 = san_dirname542 +dirName.543 = san_dirname543 +dirName.544 = san_dirname544 +dirName.545 = san_dirname545 +dirName.546 = san_dirname546 +dirName.547 = san_dirname547 +dirName.548 = san_dirname548 +dirName.549 = san_dirname549 +dirName.550 = san_dirname550 +dirName.551 = san_dirname551 +dirName.552 = san_dirname552 +dirName.553 = san_dirname553 +dirName.554 = san_dirname554 +dirName.555 = san_dirname555 +dirName.556 = san_dirname556 +dirName.557 = san_dirname557 +dirName.558 = san_dirname558 +dirName.559 = san_dirname559 +dirName.560 = san_dirname560 +dirName.561 = san_dirname561 +dirName.562 = san_dirname562 +dirName.563 = san_dirname563 +dirName.564 = san_dirname564 +dirName.565 = san_dirname565 +dirName.566 = san_dirname566 +dirName.567 = san_dirname567 +dirName.568 = san_dirname568 +dirName.569 = san_dirname569 +dirName.570 = san_dirname570 +dirName.571 = san_dirname571 +dirName.572 = san_dirname572 +dirName.573 = san_dirname573 +dirName.574 = san_dirname574 +dirName.575 = san_dirname575 +dirName.576 = san_dirname576 +dirName.577 = san_dirname577 +dirName.578 = san_dirname578 +dirName.579 = san_dirname579 +dirName.580 = san_dirname580 +dirName.581 = san_dirname581 +dirName.582 = san_dirname582 +dirName.583 = san_dirname583 +dirName.584 = san_dirname584 +dirName.585 = san_dirname585 +dirName.586 = san_dirname586 +dirName.587 = san_dirname587 +dirName.588 = san_dirname588 +dirName.589 = san_dirname589 +dirName.590 = san_dirname590 +dirName.591 = san_dirname591 +dirName.592 = san_dirname592 +dirName.593 = san_dirname593 +dirName.594 = san_dirname594 +dirName.595 = san_dirname595 +dirName.596 = san_dirname596 +dirName.597 = san_dirname597 +dirName.598 = san_dirname598 +dirName.599 = san_dirname599 +dirName.600 = san_dirname600 +dirName.601 = san_dirname601 +dirName.602 = san_dirname602 +dirName.603 = san_dirname603 +dirName.604 = san_dirname604 +dirName.605 = san_dirname605 +dirName.606 = san_dirname606 +dirName.607 = san_dirname607 +dirName.608 = san_dirname608 +dirName.609 = san_dirname609 +dirName.610 = san_dirname610 +dirName.611 = san_dirname611 +dirName.612 = san_dirname612 +dirName.613 = san_dirname613 +dirName.614 = san_dirname614 +dirName.615 = san_dirname615 +dirName.616 = san_dirname616 +dirName.617 = san_dirname617 +dirName.618 = san_dirname618 +dirName.619 = san_dirname619 +dirName.620 = san_dirname620 +dirName.621 = san_dirname621 +dirName.622 = san_dirname622 +dirName.623 = san_dirname623 +dirName.624 = san_dirname624 +dirName.625 = san_dirname625 +dirName.626 = san_dirname626 +dirName.627 = san_dirname627 +dirName.628 = san_dirname628 +dirName.629 = san_dirname629 +dirName.630 = san_dirname630 +dirName.631 = san_dirname631 +dirName.632 = san_dirname632 +dirName.633 = san_dirname633 +dirName.634 = san_dirname634 +dirName.635 = san_dirname635 +dirName.636 = san_dirname636 +dirName.637 = san_dirname637 +dirName.638 = san_dirname638 +dirName.639 = san_dirname639 +dirName.640 = san_dirname640 +dirName.641 = san_dirname641 +dirName.642 = san_dirname642 +dirName.643 = san_dirname643 +dirName.644 = san_dirname644 +dirName.645 = san_dirname645 +dirName.646 = san_dirname646 +dirName.647 = san_dirname647 +dirName.648 = san_dirname648 +dirName.649 = san_dirname649 +dirName.650 = san_dirname650 +dirName.651 = san_dirname651 +dirName.652 = san_dirname652 +dirName.653 = san_dirname653 +dirName.654 = san_dirname654 +dirName.655 = san_dirname655 +dirName.656 = san_dirname656 +dirName.657 = san_dirname657 +dirName.658 = san_dirname658 +dirName.659 = san_dirname659 +dirName.660 = san_dirname660 +dirName.661 = san_dirname661 +dirName.662 = san_dirname662 +dirName.663 = san_dirname663 +dirName.664 = san_dirname664 +dirName.665 = san_dirname665 +dirName.666 = san_dirname666 +dirName.667 = san_dirname667 +dirName.668 = san_dirname668 +dirName.669 = san_dirname669 +dirName.670 = san_dirname670 +dirName.671 = san_dirname671 +dirName.672 = san_dirname672 +dirName.673 = san_dirname673 +dirName.674 = san_dirname674 +dirName.675 = san_dirname675 +dirName.676 = san_dirname676 +dirName.677 = san_dirname677 +dirName.678 = san_dirname678 +dirName.679 = san_dirname679 +dirName.680 = san_dirname680 +dirName.681 = san_dirname681 +dirName.682 = san_dirname682 +dirName.683 = san_dirname683 +dirName.684 = san_dirname684 +dirName.685 = san_dirname685 +dirName.686 = san_dirname686 +dirName.687 = san_dirname687 +dirName.688 = san_dirname688 +dirName.689 = san_dirname689 +dirName.690 = san_dirname690 +dirName.691 = san_dirname691 +dirName.692 = san_dirname692 +dirName.693 = san_dirname693 +dirName.694 = san_dirname694 +dirName.695 = san_dirname695 +dirName.696 = san_dirname696 +dirName.697 = san_dirname697 +dirName.698 = san_dirname698 +dirName.699 = san_dirname699 +dirName.700 = san_dirname700 +dirName.701 = san_dirname701 +dirName.702 = san_dirname702 +dirName.703 = san_dirname703 +dirName.704 = san_dirname704 +dirName.705 = san_dirname705 +dirName.706 = san_dirname706 +dirName.707 = san_dirname707 +dirName.708 = san_dirname708 +dirName.709 = san_dirname709 +dirName.710 = san_dirname710 +dirName.711 = san_dirname711 +dirName.712 = san_dirname712 +dirName.713 = san_dirname713 +dirName.714 = san_dirname714 +dirName.715 = san_dirname715 +dirName.716 = san_dirname716 +dirName.717 = san_dirname717 +dirName.718 = san_dirname718 +dirName.719 = san_dirname719 +dirName.720 = san_dirname720 +dirName.721 = san_dirname721 +dirName.722 = san_dirname722 +dirName.723 = san_dirname723 +dirName.724 = san_dirname724 +dirName.725 = san_dirname725 +dirName.726 = san_dirname726 +dirName.727 = san_dirname727 +dirName.728 = san_dirname728 +dirName.729 = san_dirname729 +dirName.730 = san_dirname730 +dirName.731 = san_dirname731 +dirName.732 = san_dirname732 +dirName.733 = san_dirname733 +dirName.734 = san_dirname734 +dirName.735 = san_dirname735 +dirName.736 = san_dirname736 +dirName.737 = san_dirname737 +dirName.738 = san_dirname738 +dirName.739 = san_dirname739 +dirName.740 = san_dirname740 +dirName.741 = san_dirname741 +dirName.742 = san_dirname742 +dirName.743 = san_dirname743 +dirName.744 = san_dirname744 +dirName.745 = san_dirname745 +dirName.746 = san_dirname746 +dirName.747 = san_dirname747 +dirName.748 = san_dirname748 +dirName.749 = san_dirname749 +dirName.750 = san_dirname750 +dirName.751 = san_dirname751 +dirName.752 = san_dirname752 +dirName.753 = san_dirname753 +dirName.754 = san_dirname754 +dirName.755 = san_dirname755 +dirName.756 = san_dirname756 +dirName.757 = san_dirname757 +dirName.758 = san_dirname758 +dirName.759 = san_dirname759 +dirName.760 = san_dirname760 +dirName.761 = san_dirname761 +dirName.762 = san_dirname762 +dirName.763 = san_dirname763 +dirName.764 = san_dirname764 +dirName.765 = san_dirname765 +dirName.766 = san_dirname766 +dirName.767 = san_dirname767 +dirName.768 = san_dirname768 +dirName.769 = san_dirname769 +dirName.770 = san_dirname770 +dirName.771 = san_dirname771 +dirName.772 = san_dirname772 +dirName.773 = san_dirname773 +dirName.774 = san_dirname774 +dirName.775 = san_dirname775 +dirName.776 = san_dirname776 +dirName.777 = san_dirname777 +dirName.778 = san_dirname778 +dirName.779 = san_dirname779 +dirName.780 = san_dirname780 +dirName.781 = san_dirname781 +dirName.782 = san_dirname782 +dirName.783 = san_dirname783 +dirName.784 = san_dirname784 +dirName.785 = san_dirname785 +dirName.786 = san_dirname786 +dirName.787 = san_dirname787 +dirName.788 = san_dirname788 +dirName.789 = san_dirname789 +dirName.790 = san_dirname790 +dirName.791 = san_dirname791 +dirName.792 = san_dirname792 +dirName.793 = san_dirname793 +dirName.794 = san_dirname794 +dirName.795 = san_dirname795 +dirName.796 = san_dirname796 +dirName.797 = san_dirname797 +dirName.798 = san_dirname798 +dirName.799 = san_dirname799 +dirName.800 = san_dirname800 +dirName.801 = san_dirname801 +dirName.802 = san_dirname802 +dirName.803 = san_dirname803 +dirName.804 = san_dirname804 +dirName.805 = san_dirname805 +dirName.806 = san_dirname806 +dirName.807 = san_dirname807 +dirName.808 = san_dirname808 +dirName.809 = san_dirname809 +dirName.810 = san_dirname810 +dirName.811 = san_dirname811 +dirName.812 = san_dirname812 +dirName.813 = san_dirname813 +dirName.814 = san_dirname814 +dirName.815 = san_dirname815 +dirName.816 = san_dirname816 +dirName.817 = san_dirname817 +dirName.818 = san_dirname818 +dirName.819 = san_dirname819 +dirName.820 = san_dirname820 +dirName.821 = san_dirname821 +dirName.822 = san_dirname822 +dirName.823 = san_dirname823 +dirName.824 = san_dirname824 +dirName.825 = san_dirname825 +dirName.826 = san_dirname826 +dirName.827 = san_dirname827 +dirName.828 = san_dirname828 +dirName.829 = san_dirname829 +dirName.830 = san_dirname830 +dirName.831 = san_dirname831 +dirName.832 = san_dirname832 +dirName.833 = san_dirname833 +dirName.834 = san_dirname834 +dirName.835 = san_dirname835 +dirName.836 = san_dirname836 +dirName.837 = san_dirname837 +dirName.838 = san_dirname838 +dirName.839 = san_dirname839 +dirName.840 = san_dirname840 +dirName.841 = san_dirname841 +dirName.842 = san_dirname842 +dirName.843 = san_dirname843 +dirName.844 = san_dirname844 +dirName.845 = san_dirname845 +dirName.846 = san_dirname846 +dirName.847 = san_dirname847 +dirName.848 = san_dirname848 +dirName.849 = san_dirname849 +dirName.850 = san_dirname850 +dirName.851 = san_dirname851 +dirName.852 = san_dirname852 +dirName.853 = san_dirname853 +dirName.854 = san_dirname854 +dirName.855 = san_dirname855 +dirName.856 = san_dirname856 +dirName.857 = san_dirname857 +dirName.858 = san_dirname858 +dirName.859 = san_dirname859 +dirName.860 = san_dirname860 +dirName.861 = san_dirname861 +dirName.862 = san_dirname862 +dirName.863 = san_dirname863 +dirName.864 = san_dirname864 +dirName.865 = san_dirname865 +dirName.866 = san_dirname866 +dirName.867 = san_dirname867 +dirName.868 = san_dirname868 +dirName.869 = san_dirname869 +dirName.870 = san_dirname870 +dirName.871 = san_dirname871 +dirName.872 = san_dirname872 +dirName.873 = san_dirname873 +dirName.874 = san_dirname874 +dirName.875 = san_dirname875 +dirName.876 = san_dirname876 +dirName.877 = san_dirname877 +dirName.878 = san_dirname878 +dirName.879 = san_dirname879 +dirName.880 = san_dirname880 +dirName.881 = san_dirname881 +dirName.882 = san_dirname882 +dirName.883 = san_dirname883 +dirName.884 = san_dirname884 +dirName.885 = san_dirname885 +dirName.886 = san_dirname886 +dirName.887 = san_dirname887 +dirName.888 = san_dirname888 +dirName.889 = san_dirname889 +dirName.890 = san_dirname890 +dirName.891 = san_dirname891 +dirName.892 = san_dirname892 +dirName.893 = san_dirname893 +dirName.894 = san_dirname894 +dirName.895 = san_dirname895 +dirName.896 = san_dirname896 +dirName.897 = san_dirname897 +dirName.898 = san_dirname898 +dirName.899 = san_dirname899 +dirName.900 = san_dirname900 +dirName.901 = san_dirname901 +dirName.902 = san_dirname902 +dirName.903 = san_dirname903 +dirName.904 = san_dirname904 +dirName.905 = san_dirname905 +dirName.906 = san_dirname906 +dirName.907 = san_dirname907 +dirName.908 = san_dirname908 +dirName.909 = san_dirname909 +dirName.910 = san_dirname910 +dirName.911 = san_dirname911 +dirName.912 = san_dirname912 +dirName.913 = san_dirname913 +dirName.914 = san_dirname914 +dirName.915 = san_dirname915 +dirName.916 = san_dirname916 +dirName.917 = san_dirname917 +dirName.918 = san_dirname918 +dirName.919 = san_dirname919 +dirName.920 = san_dirname920 +dirName.921 = san_dirname921 +dirName.922 = san_dirname922 +dirName.923 = san_dirname923 +dirName.924 = san_dirname924 +dirName.925 = san_dirname925 +dirName.926 = san_dirname926 +dirName.927 = san_dirname927 +dirName.928 = san_dirname928 +dirName.929 = san_dirname929 +dirName.930 = san_dirname930 +dirName.931 = san_dirname931 +dirName.932 = san_dirname932 +dirName.933 = san_dirname933 +dirName.934 = san_dirname934 +dirName.935 = san_dirname935 +dirName.936 = san_dirname936 +dirName.937 = san_dirname937 +dirName.938 = san_dirname938 +dirName.939 = san_dirname939 +dirName.940 = san_dirname940 +dirName.941 = san_dirname941 +dirName.942 = san_dirname942 +dirName.943 = san_dirname943 +dirName.944 = san_dirname944 +dirName.945 = san_dirname945 +dirName.946 = san_dirname946 +dirName.947 = san_dirname947 +dirName.948 = san_dirname948 +dirName.949 = san_dirname949 +dirName.950 = san_dirname950 +dirName.951 = san_dirname951 +dirName.952 = san_dirname952 +dirName.953 = san_dirname953 +dirName.954 = san_dirname954 +dirName.955 = san_dirname955 +dirName.956 = san_dirname956 +dirName.957 = san_dirname957 +dirName.958 = san_dirname958 +dirName.959 = san_dirname959 +dirName.960 = san_dirname960 +dirName.961 = san_dirname961 +dirName.962 = san_dirname962 +dirName.963 = san_dirname963 +dirName.964 = san_dirname964 +dirName.965 = san_dirname965 +dirName.966 = san_dirname966 +dirName.967 = san_dirname967 +dirName.968 = san_dirname968 +dirName.969 = san_dirname969 +dirName.970 = san_dirname970 +dirName.971 = san_dirname971 +dirName.972 = san_dirname972 +dirName.973 = san_dirname973 +dirName.974 = san_dirname974 +dirName.975 = san_dirname975 +dirName.976 = san_dirname976 +dirName.977 = san_dirname977 +dirName.978 = san_dirname978 +dirName.979 = san_dirname979 +dirName.980 = san_dirname980 +dirName.981 = san_dirname981 +dirName.982 = san_dirname982 +dirName.983 = san_dirname983 +dirName.984 = san_dirname984 +dirName.985 = san_dirname985 +dirName.986 = san_dirname986 +dirName.987 = san_dirname987 +dirName.988 = san_dirname988 +dirName.989 = san_dirname989 +dirName.990 = san_dirname990 +dirName.991 = san_dirname991 +dirName.992 = san_dirname992 +dirName.993 = san_dirname993 +dirName.994 = san_dirname994 +dirName.995 = san_dirname995 +dirName.996 = san_dirname996 +dirName.997 = san_dirname997 +dirName.998 = san_dirname998 +dirName.999 = san_dirname999 +dirName.1000 = san_dirname1000 +dirName.1001 = san_dirname1001 +dirName.1002 = san_dirname1002 +dirName.1003 = san_dirname1003 +dirName.1004 = san_dirname1004 +dirName.1005 = san_dirname1005 +dirName.1006 = san_dirname1006 +dirName.1007 = san_dirname1007 +dirName.1008 = san_dirname1008 +dirName.1009 = san_dirname1009 +dirName.1010 = san_dirname1010 +dirName.1011 = san_dirname1011 +dirName.1012 = san_dirname1012 +dirName.1013 = san_dirname1013 +dirName.1014 = san_dirname1014 +dirName.1015 = san_dirname1015 +dirName.1016 = san_dirname1016 +dirName.1017 = san_dirname1017 +dirName.1018 = san_dirname1018 +dirName.1019 = san_dirname1019 +dirName.1020 = san_dirname1020 +dirName.1021 = san_dirname1021 +dirName.1022 = san_dirname1022 +dirName.1023 = san_dirname1023 +dirName.1024 = san_dirname1024 + +[san_dirname1] +commonName = "t0 + +[san_dirname2] +commonName = "t1 + +[san_dirname3] +commonName = "t2 + +[san_dirname4] +commonName = "t3 + +[san_dirname5] +commonName = "t4 + +[san_dirname6] +commonName = "t5 + +[san_dirname7] +commonName = "t6 + +[san_dirname8] +commonName = "t7 + +[san_dirname9] +commonName = "t8 + +[san_dirname10] +commonName = "t9 + +[san_dirname11] +commonName = "t10 + +[san_dirname12] +commonName = "t11 + +[san_dirname13] +commonName = "t12 + +[san_dirname14] +commonName = "t13 + +[san_dirname15] +commonName = "t14 + +[san_dirname16] +commonName = "t15 + +[san_dirname17] +commonName = "t16 + +[san_dirname18] +commonName = "t17 + +[san_dirname19] +commonName = "t18 + +[san_dirname20] +commonName = "t19 + +[san_dirname21] +commonName = "t20 + +[san_dirname22] +commonName = "t21 + +[san_dirname23] +commonName = "t22 + +[san_dirname24] +commonName = "t23 + +[san_dirname25] +commonName = "t24 + +[san_dirname26] +commonName = "t25 + +[san_dirname27] +commonName = "t26 + +[san_dirname28] +commonName = "t27 + +[san_dirname29] +commonName = "t28 + +[san_dirname30] +commonName = "t29 + +[san_dirname31] +commonName = "t30 + +[san_dirname32] +commonName = "t31 + +[san_dirname33] +commonName = "t32 + +[san_dirname34] +commonName = "t33 + +[san_dirname35] +commonName = "t34 + +[san_dirname36] +commonName = "t35 + +[san_dirname37] +commonName = "t36 + +[san_dirname38] +commonName = "t37 + +[san_dirname39] +commonName = "t38 + +[san_dirname40] +commonName = "t39 + +[san_dirname41] +commonName = "t40 + +[san_dirname42] +commonName = "t41 + +[san_dirname43] +commonName = "t42 + +[san_dirname44] +commonName = "t43 + +[san_dirname45] +commonName = "t44 + +[san_dirname46] +commonName = "t45 + +[san_dirname47] +commonName = "t46 + +[san_dirname48] +commonName = "t47 + +[san_dirname49] +commonName = "t48 + +[san_dirname50] +commonName = "t49 + +[san_dirname51] +commonName = "t50 + +[san_dirname52] +commonName = "t51 + +[san_dirname53] +commonName = "t52 + +[san_dirname54] +commonName = "t53 + +[san_dirname55] +commonName = "t54 + +[san_dirname56] +commonName = "t55 + +[san_dirname57] +commonName = "t56 + +[san_dirname58] +commonName = "t57 + +[san_dirname59] +commonName = "t58 + +[san_dirname60] +commonName = "t59 + +[san_dirname61] +commonName = "t60 + +[san_dirname62] +commonName = "t61 + +[san_dirname63] +commonName = "t62 + +[san_dirname64] +commonName = "t63 + +[san_dirname65] +commonName = "t64 + +[san_dirname66] +commonName = "t65 + +[san_dirname67] +commonName = "t66 + +[san_dirname68] +commonName = "t67 + +[san_dirname69] +commonName = "t68 + +[san_dirname70] +commonName = "t69 + +[san_dirname71] +commonName = "t70 + +[san_dirname72] +commonName = "t71 + +[san_dirname73] +commonName = "t72 + +[san_dirname74] +commonName = "t73 + +[san_dirname75] +commonName = "t74 + +[san_dirname76] +commonName = "t75 + +[san_dirname77] +commonName = "t76 + +[san_dirname78] +commonName = "t77 + +[san_dirname79] +commonName = "t78 + +[san_dirname80] +commonName = "t79 + +[san_dirname81] +commonName = "t80 + +[san_dirname82] +commonName = "t81 + +[san_dirname83] +commonName = "t82 + +[san_dirname84] +commonName = "t83 + +[san_dirname85] +commonName = "t84 + +[san_dirname86] +commonName = "t85 + +[san_dirname87] +commonName = "t86 + +[san_dirname88] +commonName = "t87 + +[san_dirname89] +commonName = "t88 + +[san_dirname90] +commonName = "t89 + +[san_dirname91] +commonName = "t90 + +[san_dirname92] +commonName = "t91 + +[san_dirname93] +commonName = "t92 + +[san_dirname94] +commonName = "t93 + +[san_dirname95] +commonName = "t94 + +[san_dirname96] +commonName = "t95 + +[san_dirname97] +commonName = "t96 + +[san_dirname98] +commonName = "t97 + +[san_dirname99] +commonName = "t98 + +[san_dirname100] +commonName = "t99 + +[san_dirname101] +commonName = "t100 + +[san_dirname102] +commonName = "t101 + +[san_dirname103] +commonName = "t102 + +[san_dirname104] +commonName = "t103 + +[san_dirname105] +commonName = "t104 + +[san_dirname106] +commonName = "t105 + +[san_dirname107] +commonName = "t106 + +[san_dirname108] +commonName = "t107 + +[san_dirname109] +commonName = "t108 + +[san_dirname110] +commonName = "t109 + +[san_dirname111] +commonName = "t110 + +[san_dirname112] +commonName = "t111 + +[san_dirname113] +commonName = "t112 + +[san_dirname114] +commonName = "t113 + +[san_dirname115] +commonName = "t114 + +[san_dirname116] +commonName = "t115 + +[san_dirname117] +commonName = "t116 + +[san_dirname118] +commonName = "t117 + +[san_dirname119] +commonName = "t118 + +[san_dirname120] +commonName = "t119 + +[san_dirname121] +commonName = "t120 + +[san_dirname122] +commonName = "t121 + +[san_dirname123] +commonName = "t122 + +[san_dirname124] +commonName = "t123 + +[san_dirname125] +commonName = "t124 + +[san_dirname126] +commonName = "t125 + +[san_dirname127] +commonName = "t126 + +[san_dirname128] +commonName = "t127 + +[san_dirname129] +commonName = "t128 + +[san_dirname130] +commonName = "t129 + +[san_dirname131] +commonName = "t130 + +[san_dirname132] +commonName = "t131 + +[san_dirname133] +commonName = "t132 + +[san_dirname134] +commonName = "t133 + +[san_dirname135] +commonName = "t134 + +[san_dirname136] +commonName = "t135 + +[san_dirname137] +commonName = "t136 + +[san_dirname138] +commonName = "t137 + +[san_dirname139] +commonName = "t138 + +[san_dirname140] +commonName = "t139 + +[san_dirname141] +commonName = "t140 + +[san_dirname142] +commonName = "t141 + +[san_dirname143] +commonName = "t142 + +[san_dirname144] +commonName = "t143 + +[san_dirname145] +commonName = "t144 + +[san_dirname146] +commonName = "t145 + +[san_dirname147] +commonName = "t146 + +[san_dirname148] +commonName = "t147 + +[san_dirname149] +commonName = "t148 + +[san_dirname150] +commonName = "t149 + +[san_dirname151] +commonName = "t150 + +[san_dirname152] +commonName = "t151 + +[san_dirname153] +commonName = "t152 + +[san_dirname154] +commonName = "t153 + +[san_dirname155] +commonName = "t154 + +[san_dirname156] +commonName = "t155 + +[san_dirname157] +commonName = "t156 + +[san_dirname158] +commonName = "t157 + +[san_dirname159] +commonName = "t158 + +[san_dirname160] +commonName = "t159 + +[san_dirname161] +commonName = "t160 + +[san_dirname162] +commonName = "t161 + +[san_dirname163] +commonName = "t162 + +[san_dirname164] +commonName = "t163 + +[san_dirname165] +commonName = "t164 + +[san_dirname166] +commonName = "t165 + +[san_dirname167] +commonName = "t166 + +[san_dirname168] +commonName = "t167 + +[san_dirname169] +commonName = "t168 + +[san_dirname170] +commonName = "t169 + +[san_dirname171] +commonName = "t170 + +[san_dirname172] +commonName = "t171 + +[san_dirname173] +commonName = "t172 + +[san_dirname174] +commonName = "t173 + +[san_dirname175] +commonName = "t174 + +[san_dirname176] +commonName = "t175 + +[san_dirname177] +commonName = "t176 + +[san_dirname178] +commonName = "t177 + +[san_dirname179] +commonName = "t178 + +[san_dirname180] +commonName = "t179 + +[san_dirname181] +commonName = "t180 + +[san_dirname182] +commonName = "t181 + +[san_dirname183] +commonName = "t182 + +[san_dirname184] +commonName = "t183 + +[san_dirname185] +commonName = "t184 + +[san_dirname186] +commonName = "t185 + +[san_dirname187] +commonName = "t186 + +[san_dirname188] +commonName = "t187 + +[san_dirname189] +commonName = "t188 + +[san_dirname190] +commonName = "t189 + +[san_dirname191] +commonName = "t190 + +[san_dirname192] +commonName = "t191 + +[san_dirname193] +commonName = "t192 + +[san_dirname194] +commonName = "t193 + +[san_dirname195] +commonName = "t194 + +[san_dirname196] +commonName = "t195 + +[san_dirname197] +commonName = "t196 + +[san_dirname198] +commonName = "t197 + +[san_dirname199] +commonName = "t198 + +[san_dirname200] +commonName = "t199 + +[san_dirname201] +commonName = "t200 + +[san_dirname202] +commonName = "t201 + +[san_dirname203] +commonName = "t202 + +[san_dirname204] +commonName = "t203 + +[san_dirname205] +commonName = "t204 + +[san_dirname206] +commonName = "t205 + +[san_dirname207] +commonName = "t206 + +[san_dirname208] +commonName = "t207 + +[san_dirname209] +commonName = "t208 + +[san_dirname210] +commonName = "t209 + +[san_dirname211] +commonName = "t210 + +[san_dirname212] +commonName = "t211 + +[san_dirname213] +commonName = "t212 + +[san_dirname214] +commonName = "t213 + +[san_dirname215] +commonName = "t214 + +[san_dirname216] +commonName = "t215 + +[san_dirname217] +commonName = "t216 + +[san_dirname218] +commonName = "t217 + +[san_dirname219] +commonName = "t218 + +[san_dirname220] +commonName = "t219 + +[san_dirname221] +commonName = "t220 + +[san_dirname222] +commonName = "t221 + +[san_dirname223] +commonName = "t222 + +[san_dirname224] +commonName = "t223 + +[san_dirname225] +commonName = "t224 + +[san_dirname226] +commonName = "t225 + +[san_dirname227] +commonName = "t226 + +[san_dirname228] +commonName = "t227 + +[san_dirname229] +commonName = "t228 + +[san_dirname230] +commonName = "t229 + +[san_dirname231] +commonName = "t230 + +[san_dirname232] +commonName = "t231 + +[san_dirname233] +commonName = "t232 + +[san_dirname234] +commonName = "t233 + +[san_dirname235] +commonName = "t234 + +[san_dirname236] +commonName = "t235 + +[san_dirname237] +commonName = "t236 + +[san_dirname238] +commonName = "t237 + +[san_dirname239] +commonName = "t238 + +[san_dirname240] +commonName = "t239 + +[san_dirname241] +commonName = "t240 + +[san_dirname242] +commonName = "t241 + +[san_dirname243] +commonName = "t242 + +[san_dirname244] +commonName = "t243 + +[san_dirname245] +commonName = "t244 + +[san_dirname246] +commonName = "t245 + +[san_dirname247] +commonName = "t246 + +[san_dirname248] +commonName = "t247 + +[san_dirname249] +commonName = "t248 + +[san_dirname250] +commonName = "t249 + +[san_dirname251] +commonName = "t250 + +[san_dirname252] +commonName = "t251 + +[san_dirname253] +commonName = "t252 + +[san_dirname254] +commonName = "t253 + +[san_dirname255] +commonName = "t254 + +[san_dirname256] +commonName = "t255 + +[san_dirname257] +commonName = "t256 + +[san_dirname258] +commonName = "t257 + +[san_dirname259] +commonName = "t258 + +[san_dirname260] +commonName = "t259 + +[san_dirname261] +commonName = "t260 + +[san_dirname262] +commonName = "t261 + +[san_dirname263] +commonName = "t262 + +[san_dirname264] +commonName = "t263 + +[san_dirname265] +commonName = "t264 + +[san_dirname266] +commonName = "t265 + +[san_dirname267] +commonName = "t266 + +[san_dirname268] +commonName = "t267 + +[san_dirname269] +commonName = "t268 + +[san_dirname270] +commonName = "t269 + +[san_dirname271] +commonName = "t270 + +[san_dirname272] +commonName = "t271 + +[san_dirname273] +commonName = "t272 + +[san_dirname274] +commonName = "t273 + +[san_dirname275] +commonName = "t274 + +[san_dirname276] +commonName = "t275 + +[san_dirname277] +commonName = "t276 + +[san_dirname278] +commonName = "t277 + +[san_dirname279] +commonName = "t278 + +[san_dirname280] +commonName = "t279 + +[san_dirname281] +commonName = "t280 + +[san_dirname282] +commonName = "t281 + +[san_dirname283] +commonName = "t282 + +[san_dirname284] +commonName = "t283 + +[san_dirname285] +commonName = "t284 + +[san_dirname286] +commonName = "t285 + +[san_dirname287] +commonName = "t286 + +[san_dirname288] +commonName = "t287 + +[san_dirname289] +commonName = "t288 + +[san_dirname290] +commonName = "t289 + +[san_dirname291] +commonName = "t290 + +[san_dirname292] +commonName = "t291 + +[san_dirname293] +commonName = "t292 + +[san_dirname294] +commonName = "t293 + +[san_dirname295] +commonName = "t294 + +[san_dirname296] +commonName = "t295 + +[san_dirname297] +commonName = "t296 + +[san_dirname298] +commonName = "t297 + +[san_dirname299] +commonName = "t298 + +[san_dirname300] +commonName = "t299 + +[san_dirname301] +commonName = "t300 + +[san_dirname302] +commonName = "t301 + +[san_dirname303] +commonName = "t302 + +[san_dirname304] +commonName = "t303 + +[san_dirname305] +commonName = "t304 + +[san_dirname306] +commonName = "t305 + +[san_dirname307] +commonName = "t306 + +[san_dirname308] +commonName = "t307 + +[san_dirname309] +commonName = "t308 + +[san_dirname310] +commonName = "t309 + +[san_dirname311] +commonName = "t310 + +[san_dirname312] +commonName = "t311 + +[san_dirname313] +commonName = "t312 + +[san_dirname314] +commonName = "t313 + +[san_dirname315] +commonName = "t314 + +[san_dirname316] +commonName = "t315 + +[san_dirname317] +commonName = "t316 + +[san_dirname318] +commonName = "t317 + +[san_dirname319] +commonName = "t318 + +[san_dirname320] +commonName = "t319 + +[san_dirname321] +commonName = "t320 + +[san_dirname322] +commonName = "t321 + +[san_dirname323] +commonName = "t322 + +[san_dirname324] +commonName = "t323 + +[san_dirname325] +commonName = "t324 + +[san_dirname326] +commonName = "t325 + +[san_dirname327] +commonName = "t326 + +[san_dirname328] +commonName = "t327 + +[san_dirname329] +commonName = "t328 + +[san_dirname330] +commonName = "t329 + +[san_dirname331] +commonName = "t330 + +[san_dirname332] +commonName = "t331 + +[san_dirname333] +commonName = "t332 + +[san_dirname334] +commonName = "t333 + +[san_dirname335] +commonName = "t334 + +[san_dirname336] +commonName = "t335 + +[san_dirname337] +commonName = "t336 + +[san_dirname338] +commonName = "t337 + +[san_dirname339] +commonName = "t338 + +[san_dirname340] +commonName = "t339 + +[san_dirname341] +commonName = "t340 + +[san_dirname342] +commonName = "t341 + +[san_dirname343] +commonName = "t342 + +[san_dirname344] +commonName = "t343 + +[san_dirname345] +commonName = "t344 + +[san_dirname346] +commonName = "t345 + +[san_dirname347] +commonName = "t346 + +[san_dirname348] +commonName = "t347 + +[san_dirname349] +commonName = "t348 + +[san_dirname350] +commonName = "t349 + +[san_dirname351] +commonName = "t350 + +[san_dirname352] +commonName = "t351 + +[san_dirname353] +commonName = "t352 + +[san_dirname354] +commonName = "t353 + +[san_dirname355] +commonName = "t354 + +[san_dirname356] +commonName = "t355 + +[san_dirname357] +commonName = "t356 + +[san_dirname358] +commonName = "t357 + +[san_dirname359] +commonName = "t358 + +[san_dirname360] +commonName = "t359 + +[san_dirname361] +commonName = "t360 + +[san_dirname362] +commonName = "t361 + +[san_dirname363] +commonName = "t362 + +[san_dirname364] +commonName = "t363 + +[san_dirname365] +commonName = "t364 + +[san_dirname366] +commonName = "t365 + +[san_dirname367] +commonName = "t366 + +[san_dirname368] +commonName = "t367 + +[san_dirname369] +commonName = "t368 + +[san_dirname370] +commonName = "t369 + +[san_dirname371] +commonName = "t370 + +[san_dirname372] +commonName = "t371 + +[san_dirname373] +commonName = "t372 + +[san_dirname374] +commonName = "t373 + +[san_dirname375] +commonName = "t374 + +[san_dirname376] +commonName = "t375 + +[san_dirname377] +commonName = "t376 + +[san_dirname378] +commonName = "t377 + +[san_dirname379] +commonName = "t378 + +[san_dirname380] +commonName = "t379 + +[san_dirname381] +commonName = "t380 + +[san_dirname382] +commonName = "t381 + +[san_dirname383] +commonName = "t382 + +[san_dirname384] +commonName = "t383 + +[san_dirname385] +commonName = "t384 + +[san_dirname386] +commonName = "t385 + +[san_dirname387] +commonName = "t386 + +[san_dirname388] +commonName = "t387 + +[san_dirname389] +commonName = "t388 + +[san_dirname390] +commonName = "t389 + +[san_dirname391] +commonName = "t390 + +[san_dirname392] +commonName = "t391 + +[san_dirname393] +commonName = "t392 + +[san_dirname394] +commonName = "t393 + +[san_dirname395] +commonName = "t394 + +[san_dirname396] +commonName = "t395 + +[san_dirname397] +commonName = "t396 + +[san_dirname398] +commonName = "t397 + +[san_dirname399] +commonName = "t398 + +[san_dirname400] +commonName = "t399 + +[san_dirname401] +commonName = "t400 + +[san_dirname402] +commonName = "t401 + +[san_dirname403] +commonName = "t402 + +[san_dirname404] +commonName = "t403 + +[san_dirname405] +commonName = "t404 + +[san_dirname406] +commonName = "t405 + +[san_dirname407] +commonName = "t406 + +[san_dirname408] +commonName = "t407 + +[san_dirname409] +commonName = "t408 + +[san_dirname410] +commonName = "t409 + +[san_dirname411] +commonName = "t410 + +[san_dirname412] +commonName = "t411 + +[san_dirname413] +commonName = "t412 + +[san_dirname414] +commonName = "t413 + +[san_dirname415] +commonName = "t414 + +[san_dirname416] +commonName = "t415 + +[san_dirname417] +commonName = "t416 + +[san_dirname418] +commonName = "t417 + +[san_dirname419] +commonName = "t418 + +[san_dirname420] +commonName = "t419 + +[san_dirname421] +commonName = "t420 + +[san_dirname422] +commonName = "t421 + +[san_dirname423] +commonName = "t422 + +[san_dirname424] +commonName = "t423 + +[san_dirname425] +commonName = "t424 + +[san_dirname426] +commonName = "t425 + +[san_dirname427] +commonName = "t426 + +[san_dirname428] +commonName = "t427 + +[san_dirname429] +commonName = "t428 + +[san_dirname430] +commonName = "t429 + +[san_dirname431] +commonName = "t430 + +[san_dirname432] +commonName = "t431 + +[san_dirname433] +commonName = "t432 + +[san_dirname434] +commonName = "t433 + +[san_dirname435] +commonName = "t434 + +[san_dirname436] +commonName = "t435 + +[san_dirname437] +commonName = "t436 + +[san_dirname438] +commonName = "t437 + +[san_dirname439] +commonName = "t438 + +[san_dirname440] +commonName = "t439 + +[san_dirname441] +commonName = "t440 + +[san_dirname442] +commonName = "t441 + +[san_dirname443] +commonName = "t442 + +[san_dirname444] +commonName = "t443 + +[san_dirname445] +commonName = "t444 + +[san_dirname446] +commonName = "t445 + +[san_dirname447] +commonName = "t446 + +[san_dirname448] +commonName = "t447 + +[san_dirname449] +commonName = "t448 + +[san_dirname450] +commonName = "t449 + +[san_dirname451] +commonName = "t450 + +[san_dirname452] +commonName = "t451 + +[san_dirname453] +commonName = "t452 + +[san_dirname454] +commonName = "t453 + +[san_dirname455] +commonName = "t454 + +[san_dirname456] +commonName = "t455 + +[san_dirname457] +commonName = "t456 + +[san_dirname458] +commonName = "t457 + +[san_dirname459] +commonName = "t458 + +[san_dirname460] +commonName = "t459 + +[san_dirname461] +commonName = "t460 + +[san_dirname462] +commonName = "t461 + +[san_dirname463] +commonName = "t462 + +[san_dirname464] +commonName = "t463 + +[san_dirname465] +commonName = "t464 + +[san_dirname466] +commonName = "t465 + +[san_dirname467] +commonName = "t466 + +[san_dirname468] +commonName = "t467 + +[san_dirname469] +commonName = "t468 + +[san_dirname470] +commonName = "t469 + +[san_dirname471] +commonName = "t470 + +[san_dirname472] +commonName = "t471 + +[san_dirname473] +commonName = "t472 + +[san_dirname474] +commonName = "t473 + +[san_dirname475] +commonName = "t474 + +[san_dirname476] +commonName = "t475 + +[san_dirname477] +commonName = "t476 + +[san_dirname478] +commonName = "t477 + +[san_dirname479] +commonName = "t478 + +[san_dirname480] +commonName = "t479 + +[san_dirname481] +commonName = "t480 + +[san_dirname482] +commonName = "t481 + +[san_dirname483] +commonName = "t482 + +[san_dirname484] +commonName = "t483 + +[san_dirname485] +commonName = "t484 + +[san_dirname486] +commonName = "t485 + +[san_dirname487] +commonName = "t486 + +[san_dirname488] +commonName = "t487 + +[san_dirname489] +commonName = "t488 + +[san_dirname490] +commonName = "t489 + +[san_dirname491] +commonName = "t490 + +[san_dirname492] +commonName = "t491 + +[san_dirname493] +commonName = "t492 + +[san_dirname494] +commonName = "t493 + +[san_dirname495] +commonName = "t494 + +[san_dirname496] +commonName = "t495 + +[san_dirname497] +commonName = "t496 + +[san_dirname498] +commonName = "t497 + +[san_dirname499] +commonName = "t498 + +[san_dirname500] +commonName = "t499 + +[san_dirname501] +commonName = "t500 + +[san_dirname502] +commonName = "t501 + +[san_dirname503] +commonName = "t502 + +[san_dirname504] +commonName = "t503 + +[san_dirname505] +commonName = "t504 + +[san_dirname506] +commonName = "t505 + +[san_dirname507] +commonName = "t506 + +[san_dirname508] +commonName = "t507 + +[san_dirname509] +commonName = "t508 + +[san_dirname510] +commonName = "t509 + +[san_dirname511] +commonName = "t510 + +[san_dirname512] +commonName = "t511 + +[san_dirname513] +commonName = "t512 + +[san_dirname514] +commonName = "t513 + +[san_dirname515] +commonName = "t514 + +[san_dirname516] +commonName = "t515 + +[san_dirname517] +commonName = "t516 + +[san_dirname518] +commonName = "t517 + +[san_dirname519] +commonName = "t518 + +[san_dirname520] +commonName = "t519 + +[san_dirname521] +commonName = "t520 + +[san_dirname522] +commonName = "t521 + +[san_dirname523] +commonName = "t522 + +[san_dirname524] +commonName = "t523 + +[san_dirname525] +commonName = "t524 + +[san_dirname526] +commonName = "t525 + +[san_dirname527] +commonName = "t526 + +[san_dirname528] +commonName = "t527 + +[san_dirname529] +commonName = "t528 + +[san_dirname530] +commonName = "t529 + +[san_dirname531] +commonName = "t530 + +[san_dirname532] +commonName = "t531 + +[san_dirname533] +commonName = "t532 + +[san_dirname534] +commonName = "t533 + +[san_dirname535] +commonName = "t534 + +[san_dirname536] +commonName = "t535 + +[san_dirname537] +commonName = "t536 + +[san_dirname538] +commonName = "t537 + +[san_dirname539] +commonName = "t538 + +[san_dirname540] +commonName = "t539 + +[san_dirname541] +commonName = "t540 + +[san_dirname542] +commonName = "t541 + +[san_dirname543] +commonName = "t542 + +[san_dirname544] +commonName = "t543 + +[san_dirname545] +commonName = "t544 + +[san_dirname546] +commonName = "t545 + +[san_dirname547] +commonName = "t546 + +[san_dirname548] +commonName = "t547 + +[san_dirname549] +commonName = "t548 + +[san_dirname550] +commonName = "t549 + +[san_dirname551] +commonName = "t550 + +[san_dirname552] +commonName = "t551 + +[san_dirname553] +commonName = "t552 + +[san_dirname554] +commonName = "t553 + +[san_dirname555] +commonName = "t554 + +[san_dirname556] +commonName = "t555 + +[san_dirname557] +commonName = "t556 + +[san_dirname558] +commonName = "t557 + +[san_dirname559] +commonName = "t558 + +[san_dirname560] +commonName = "t559 + +[san_dirname561] +commonName = "t560 + +[san_dirname562] +commonName = "t561 + +[san_dirname563] +commonName = "t562 + +[san_dirname564] +commonName = "t563 + +[san_dirname565] +commonName = "t564 + +[san_dirname566] +commonName = "t565 + +[san_dirname567] +commonName = "t566 + +[san_dirname568] +commonName = "t567 + +[san_dirname569] +commonName = "t568 + +[san_dirname570] +commonName = "t569 + +[san_dirname571] +commonName = "t570 + +[san_dirname572] +commonName = "t571 + +[san_dirname573] +commonName = "t572 + +[san_dirname574] +commonName = "t573 + +[san_dirname575] +commonName = "t574 + +[san_dirname576] +commonName = "t575 + +[san_dirname577] +commonName = "t576 + +[san_dirname578] +commonName = "t577 + +[san_dirname579] +commonName = "t578 + +[san_dirname580] +commonName = "t579 + +[san_dirname581] +commonName = "t580 + +[san_dirname582] +commonName = "t581 + +[san_dirname583] +commonName = "t582 + +[san_dirname584] +commonName = "t583 + +[san_dirname585] +commonName = "t584 + +[san_dirname586] +commonName = "t585 + +[san_dirname587] +commonName = "t586 + +[san_dirname588] +commonName = "t587 + +[san_dirname589] +commonName = "t588 + +[san_dirname590] +commonName = "t589 + +[san_dirname591] +commonName = "t590 + +[san_dirname592] +commonName = "t591 + +[san_dirname593] +commonName = "t592 + +[san_dirname594] +commonName = "t593 + +[san_dirname595] +commonName = "t594 + +[san_dirname596] +commonName = "t595 + +[san_dirname597] +commonName = "t596 + +[san_dirname598] +commonName = "t597 + +[san_dirname599] +commonName = "t598 + +[san_dirname600] +commonName = "t599 + +[san_dirname601] +commonName = "t600 + +[san_dirname602] +commonName = "t601 + +[san_dirname603] +commonName = "t602 + +[san_dirname604] +commonName = "t603 + +[san_dirname605] +commonName = "t604 + +[san_dirname606] +commonName = "t605 + +[san_dirname607] +commonName = "t606 + +[san_dirname608] +commonName = "t607 + +[san_dirname609] +commonName = "t608 + +[san_dirname610] +commonName = "t609 + +[san_dirname611] +commonName = "t610 + +[san_dirname612] +commonName = "t611 + +[san_dirname613] +commonName = "t612 + +[san_dirname614] +commonName = "t613 + +[san_dirname615] +commonName = "t614 + +[san_dirname616] +commonName = "t615 + +[san_dirname617] +commonName = "t616 + +[san_dirname618] +commonName = "t617 + +[san_dirname619] +commonName = "t618 + +[san_dirname620] +commonName = "t619 + +[san_dirname621] +commonName = "t620 + +[san_dirname622] +commonName = "t621 + +[san_dirname623] +commonName = "t622 + +[san_dirname624] +commonName = "t623 + +[san_dirname625] +commonName = "t624 + +[san_dirname626] +commonName = "t625 + +[san_dirname627] +commonName = "t626 + +[san_dirname628] +commonName = "t627 + +[san_dirname629] +commonName = "t628 + +[san_dirname630] +commonName = "t629 + +[san_dirname631] +commonName = "t630 + +[san_dirname632] +commonName = "t631 + +[san_dirname633] +commonName = "t632 + +[san_dirname634] +commonName = "t633 + +[san_dirname635] +commonName = "t634 + +[san_dirname636] +commonName = "t635 + +[san_dirname637] +commonName = "t636 + +[san_dirname638] +commonName = "t637 + +[san_dirname639] +commonName = "t638 + +[san_dirname640] +commonName = "t639 + +[san_dirname641] +commonName = "t640 + +[san_dirname642] +commonName = "t641 + +[san_dirname643] +commonName = "t642 + +[san_dirname644] +commonName = "t643 + +[san_dirname645] +commonName = "t644 + +[san_dirname646] +commonName = "t645 + +[san_dirname647] +commonName = "t646 + +[san_dirname648] +commonName = "t647 + +[san_dirname649] +commonName = "t648 + +[san_dirname650] +commonName = "t649 + +[san_dirname651] +commonName = "t650 + +[san_dirname652] +commonName = "t651 + +[san_dirname653] +commonName = "t652 + +[san_dirname654] +commonName = "t653 + +[san_dirname655] +commonName = "t654 + +[san_dirname656] +commonName = "t655 + +[san_dirname657] +commonName = "t656 + +[san_dirname658] +commonName = "t657 + +[san_dirname659] +commonName = "t658 + +[san_dirname660] +commonName = "t659 + +[san_dirname661] +commonName = "t660 + +[san_dirname662] +commonName = "t661 + +[san_dirname663] +commonName = "t662 + +[san_dirname664] +commonName = "t663 + +[san_dirname665] +commonName = "t664 + +[san_dirname666] +commonName = "t665 + +[san_dirname667] +commonName = "t666 + +[san_dirname668] +commonName = "t667 + +[san_dirname669] +commonName = "t668 + +[san_dirname670] +commonName = "t669 + +[san_dirname671] +commonName = "t670 + +[san_dirname672] +commonName = "t671 + +[san_dirname673] +commonName = "t672 + +[san_dirname674] +commonName = "t673 + +[san_dirname675] +commonName = "t674 + +[san_dirname676] +commonName = "t675 + +[san_dirname677] +commonName = "t676 + +[san_dirname678] +commonName = "t677 + +[san_dirname679] +commonName = "t678 + +[san_dirname680] +commonName = "t679 + +[san_dirname681] +commonName = "t680 + +[san_dirname682] +commonName = "t681 + +[san_dirname683] +commonName = "t682 + +[san_dirname684] +commonName = "t683 + +[san_dirname685] +commonName = "t684 + +[san_dirname686] +commonName = "t685 + +[san_dirname687] +commonName = "t686 + +[san_dirname688] +commonName = "t687 + +[san_dirname689] +commonName = "t688 + +[san_dirname690] +commonName = "t689 + +[san_dirname691] +commonName = "t690 + +[san_dirname692] +commonName = "t691 + +[san_dirname693] +commonName = "t692 + +[san_dirname694] +commonName = "t693 + +[san_dirname695] +commonName = "t694 + +[san_dirname696] +commonName = "t695 + +[san_dirname697] +commonName = "t696 + +[san_dirname698] +commonName = "t697 + +[san_dirname699] +commonName = "t698 + +[san_dirname700] +commonName = "t699 + +[san_dirname701] +commonName = "t700 + +[san_dirname702] +commonName = "t701 + +[san_dirname703] +commonName = "t702 + +[san_dirname704] +commonName = "t703 + +[san_dirname705] +commonName = "t704 + +[san_dirname706] +commonName = "t705 + +[san_dirname707] +commonName = "t706 + +[san_dirname708] +commonName = "t707 + +[san_dirname709] +commonName = "t708 + +[san_dirname710] +commonName = "t709 + +[san_dirname711] +commonName = "t710 + +[san_dirname712] +commonName = "t711 + +[san_dirname713] +commonName = "t712 + +[san_dirname714] +commonName = "t713 + +[san_dirname715] +commonName = "t714 + +[san_dirname716] +commonName = "t715 + +[san_dirname717] +commonName = "t716 + +[san_dirname718] +commonName = "t717 + +[san_dirname719] +commonName = "t718 + +[san_dirname720] +commonName = "t719 + +[san_dirname721] +commonName = "t720 + +[san_dirname722] +commonName = "t721 + +[san_dirname723] +commonName = "t722 + +[san_dirname724] +commonName = "t723 + +[san_dirname725] +commonName = "t724 + +[san_dirname726] +commonName = "t725 + +[san_dirname727] +commonName = "t726 + +[san_dirname728] +commonName = "t727 + +[san_dirname729] +commonName = "t728 + +[san_dirname730] +commonName = "t729 + +[san_dirname731] +commonName = "t730 + +[san_dirname732] +commonName = "t731 + +[san_dirname733] +commonName = "t732 + +[san_dirname734] +commonName = "t733 + +[san_dirname735] +commonName = "t734 + +[san_dirname736] +commonName = "t735 + +[san_dirname737] +commonName = "t736 + +[san_dirname738] +commonName = "t737 + +[san_dirname739] +commonName = "t738 + +[san_dirname740] +commonName = "t739 + +[san_dirname741] +commonName = "t740 + +[san_dirname742] +commonName = "t741 + +[san_dirname743] +commonName = "t742 + +[san_dirname744] +commonName = "t743 + +[san_dirname745] +commonName = "t744 + +[san_dirname746] +commonName = "t745 + +[san_dirname747] +commonName = "t746 + +[san_dirname748] +commonName = "t747 + +[san_dirname749] +commonName = "t748 + +[san_dirname750] +commonName = "t749 + +[san_dirname751] +commonName = "t750 + +[san_dirname752] +commonName = "t751 + +[san_dirname753] +commonName = "t752 + +[san_dirname754] +commonName = "t753 + +[san_dirname755] +commonName = "t754 + +[san_dirname756] +commonName = "t755 + +[san_dirname757] +commonName = "t756 + +[san_dirname758] +commonName = "t757 + +[san_dirname759] +commonName = "t758 + +[san_dirname760] +commonName = "t759 + +[san_dirname761] +commonName = "t760 + +[san_dirname762] +commonName = "t761 + +[san_dirname763] +commonName = "t762 + +[san_dirname764] +commonName = "t763 + +[san_dirname765] +commonName = "t764 + +[san_dirname766] +commonName = "t765 + +[san_dirname767] +commonName = "t766 + +[san_dirname768] +commonName = "t767 + +[san_dirname769] +commonName = "t768 + +[san_dirname770] +commonName = "t769 + +[san_dirname771] +commonName = "t770 + +[san_dirname772] +commonName = "t771 + +[san_dirname773] +commonName = "t772 + +[san_dirname774] +commonName = "t773 + +[san_dirname775] +commonName = "t774 + +[san_dirname776] +commonName = "t775 + +[san_dirname777] +commonName = "t776 + +[san_dirname778] +commonName = "t777 + +[san_dirname779] +commonName = "t778 + +[san_dirname780] +commonName = "t779 + +[san_dirname781] +commonName = "t780 + +[san_dirname782] +commonName = "t781 + +[san_dirname783] +commonName = "t782 + +[san_dirname784] +commonName = "t783 + +[san_dirname785] +commonName = "t784 + +[san_dirname786] +commonName = "t785 + +[san_dirname787] +commonName = "t786 + +[san_dirname788] +commonName = "t787 + +[san_dirname789] +commonName = "t788 + +[san_dirname790] +commonName = "t789 + +[san_dirname791] +commonName = "t790 + +[san_dirname792] +commonName = "t791 + +[san_dirname793] +commonName = "t792 + +[san_dirname794] +commonName = "t793 + +[san_dirname795] +commonName = "t794 + +[san_dirname796] +commonName = "t795 + +[san_dirname797] +commonName = "t796 + +[san_dirname798] +commonName = "t797 + +[san_dirname799] +commonName = "t798 + +[san_dirname800] +commonName = "t799 + +[san_dirname801] +commonName = "t800 + +[san_dirname802] +commonName = "t801 + +[san_dirname803] +commonName = "t802 + +[san_dirname804] +commonName = "t803 + +[san_dirname805] +commonName = "t804 + +[san_dirname806] +commonName = "t805 + +[san_dirname807] +commonName = "t806 + +[san_dirname808] +commonName = "t807 + +[san_dirname809] +commonName = "t808 + +[san_dirname810] +commonName = "t809 + +[san_dirname811] +commonName = "t810 + +[san_dirname812] +commonName = "t811 + +[san_dirname813] +commonName = "t812 + +[san_dirname814] +commonName = "t813 + +[san_dirname815] +commonName = "t814 + +[san_dirname816] +commonName = "t815 + +[san_dirname817] +commonName = "t816 + +[san_dirname818] +commonName = "t817 + +[san_dirname819] +commonName = "t818 + +[san_dirname820] +commonName = "t819 + +[san_dirname821] +commonName = "t820 + +[san_dirname822] +commonName = "t821 + +[san_dirname823] +commonName = "t822 + +[san_dirname824] +commonName = "t823 + +[san_dirname825] +commonName = "t824 + +[san_dirname826] +commonName = "t825 + +[san_dirname827] +commonName = "t826 + +[san_dirname828] +commonName = "t827 + +[san_dirname829] +commonName = "t828 + +[san_dirname830] +commonName = "t829 + +[san_dirname831] +commonName = "t830 + +[san_dirname832] +commonName = "t831 + +[san_dirname833] +commonName = "t832 + +[san_dirname834] +commonName = "t833 + +[san_dirname835] +commonName = "t834 + +[san_dirname836] +commonName = "t835 + +[san_dirname837] +commonName = "t836 + +[san_dirname838] +commonName = "t837 + +[san_dirname839] +commonName = "t838 + +[san_dirname840] +commonName = "t839 + +[san_dirname841] +commonName = "t840 + +[san_dirname842] +commonName = "t841 + +[san_dirname843] +commonName = "t842 + +[san_dirname844] +commonName = "t843 + +[san_dirname845] +commonName = "t844 + +[san_dirname846] +commonName = "t845 + +[san_dirname847] +commonName = "t846 + +[san_dirname848] +commonName = "t847 + +[san_dirname849] +commonName = "t848 + +[san_dirname850] +commonName = "t849 + +[san_dirname851] +commonName = "t850 + +[san_dirname852] +commonName = "t851 + +[san_dirname853] +commonName = "t852 + +[san_dirname854] +commonName = "t853 + +[san_dirname855] +commonName = "t854 + +[san_dirname856] +commonName = "t855 + +[san_dirname857] +commonName = "t856 + +[san_dirname858] +commonName = "t857 + +[san_dirname859] +commonName = "t858 + +[san_dirname860] +commonName = "t859 + +[san_dirname861] +commonName = "t860 + +[san_dirname862] +commonName = "t861 + +[san_dirname863] +commonName = "t862 + +[san_dirname864] +commonName = "t863 + +[san_dirname865] +commonName = "t864 + +[san_dirname866] +commonName = "t865 + +[san_dirname867] +commonName = "t866 + +[san_dirname868] +commonName = "t867 + +[san_dirname869] +commonName = "t868 + +[san_dirname870] +commonName = "t869 + +[san_dirname871] +commonName = "t870 + +[san_dirname872] +commonName = "t871 + +[san_dirname873] +commonName = "t872 + +[san_dirname874] +commonName = "t873 + +[san_dirname875] +commonName = "t874 + +[san_dirname876] +commonName = "t875 + +[san_dirname877] +commonName = "t876 + +[san_dirname878] +commonName = "t877 + +[san_dirname879] +commonName = "t878 + +[san_dirname880] +commonName = "t879 + +[san_dirname881] +commonName = "t880 + +[san_dirname882] +commonName = "t881 + +[san_dirname883] +commonName = "t882 + +[san_dirname884] +commonName = "t883 + +[san_dirname885] +commonName = "t884 + +[san_dirname886] +commonName = "t885 + +[san_dirname887] +commonName = "t886 + +[san_dirname888] +commonName = "t887 + +[san_dirname889] +commonName = "t888 + +[san_dirname890] +commonName = "t889 + +[san_dirname891] +commonName = "t890 + +[san_dirname892] +commonName = "t891 + +[san_dirname893] +commonName = "t892 + +[san_dirname894] +commonName = "t893 + +[san_dirname895] +commonName = "t894 + +[san_dirname896] +commonName = "t895 + +[san_dirname897] +commonName = "t896 + +[san_dirname898] +commonName = "t897 + +[san_dirname899] +commonName = "t898 + +[san_dirname900] +commonName = "t899 + +[san_dirname901] +commonName = "t900 + +[san_dirname902] +commonName = "t901 + +[san_dirname903] +commonName = "t902 + +[san_dirname904] +commonName = "t903 + +[san_dirname905] +commonName = "t904 + +[san_dirname906] +commonName = "t905 + +[san_dirname907] +commonName = "t906 + +[san_dirname908] +commonName = "t907 + +[san_dirname909] +commonName = "t908 + +[san_dirname910] +commonName = "t909 + +[san_dirname911] +commonName = "t910 + +[san_dirname912] +commonName = "t911 + +[san_dirname913] +commonName = "t912 + +[san_dirname914] +commonName = "t913 + +[san_dirname915] +commonName = "t914 + +[san_dirname916] +commonName = "t915 + +[san_dirname917] +commonName = "t916 + +[san_dirname918] +commonName = "t917 + +[san_dirname919] +commonName = "t918 + +[san_dirname920] +commonName = "t919 + +[san_dirname921] +commonName = "t920 + +[san_dirname922] +commonName = "t921 + +[san_dirname923] +commonName = "t922 + +[san_dirname924] +commonName = "t923 + +[san_dirname925] +commonName = "t924 + +[san_dirname926] +commonName = "t925 + +[san_dirname927] +commonName = "t926 + +[san_dirname928] +commonName = "t927 + +[san_dirname929] +commonName = "t928 + +[san_dirname930] +commonName = "t929 + +[san_dirname931] +commonName = "t930 + +[san_dirname932] +commonName = "t931 + +[san_dirname933] +commonName = "t932 + +[san_dirname934] +commonName = "t933 + +[san_dirname935] +commonName = "t934 + +[san_dirname936] +commonName = "t935 + +[san_dirname937] +commonName = "t936 + +[san_dirname938] +commonName = "t937 + +[san_dirname939] +commonName = "t938 + +[san_dirname940] +commonName = "t939 + +[san_dirname941] +commonName = "t940 + +[san_dirname942] +commonName = "t941 + +[san_dirname943] +commonName = "t942 + +[san_dirname944] +commonName = "t943 + +[san_dirname945] +commonName = "t944 + +[san_dirname946] +commonName = "t945 + +[san_dirname947] +commonName = "t946 + +[san_dirname948] +commonName = "t947 + +[san_dirname949] +commonName = "t948 + +[san_dirname950] +commonName = "t949 + +[san_dirname951] +commonName = "t950 + +[san_dirname952] +commonName = "t951 + +[san_dirname953] +commonName = "t952 + +[san_dirname954] +commonName = "t953 + +[san_dirname955] +commonName = "t954 + +[san_dirname956] +commonName = "t955 + +[san_dirname957] +commonName = "t956 + +[san_dirname958] +commonName = "t957 + +[san_dirname959] +commonName = "t958 + +[san_dirname960] +commonName = "t959 + +[san_dirname961] +commonName = "t960 + +[san_dirname962] +commonName = "t961 + +[san_dirname963] +commonName = "t962 + +[san_dirname964] +commonName = "t963 + +[san_dirname965] +commonName = "t964 + +[san_dirname966] +commonName = "t965 + +[san_dirname967] +commonName = "t966 + +[san_dirname968] +commonName = "t967 + +[san_dirname969] +commonName = "t968 + +[san_dirname970] +commonName = "t969 + +[san_dirname971] +commonName = "t970 + +[san_dirname972] +commonName = "t971 + +[san_dirname973] +commonName = "t972 + +[san_dirname974] +commonName = "t973 + +[san_dirname975] +commonName = "t974 + +[san_dirname976] +commonName = "t975 + +[san_dirname977] +commonName = "t976 + +[san_dirname978] +commonName = "t977 + +[san_dirname979] +commonName = "t978 + +[san_dirname980] +commonName = "t979 + +[san_dirname981] +commonName = "t980 + +[san_dirname982] +commonName = "t981 + +[san_dirname983] +commonName = "t982 + +[san_dirname984] +commonName = "t983 + +[san_dirname985] +commonName = "t984 + +[san_dirname986] +commonName = "t985 + +[san_dirname987] +commonName = "t986 + +[san_dirname988] +commonName = "t987 + +[san_dirname989] +commonName = "t988 + +[san_dirname990] +commonName = "t989 + +[san_dirname991] +commonName = "t990 + +[san_dirname992] +commonName = "t991 + +[san_dirname993] +commonName = "t992 + +[san_dirname994] +commonName = "t993 + +[san_dirname995] +commonName = "t994 + +[san_dirname996] +commonName = "t995 + +[san_dirname997] +commonName = "t996 + +[san_dirname998] +commonName = "t997 + +[san_dirname999] +commonName = "t998 + +[san_dirname1000] +commonName = "t999 + +[san_dirname1001] +commonName = "t1000 + +[san_dirname1002] +commonName = "t1001 + +[san_dirname1003] +commonName = "t1002 + +[san_dirname1004] +commonName = "t1003 + +[san_dirname1005] +commonName = "t1004 + +[san_dirname1006] +commonName = "t1005 + +[san_dirname1007] +commonName = "t1006 + +[san_dirname1008] +commonName = "t1007 + +[san_dirname1009] +commonName = "t1008 + +[san_dirname1010] +commonName = "t1009 + +[san_dirname1011] +commonName = "t1010 + +[san_dirname1012] +commonName = "t1011 + +[san_dirname1013] +commonName = "t1012 + +[san_dirname1014] +commonName = "t1013 + +[san_dirname1015] +commonName = "t1014 + +[san_dirname1016] +commonName = "t1015 + +[san_dirname1017] +commonName = "t1016 + +[san_dirname1018] +commonName = "t1017 + +[san_dirname1019] +commonName = "t1018 + +[san_dirname1020] +commonName = "t1019 + +[san_dirname1021] +commonName = "t1020 + +[san_dirname1022] +commonName = "t1021 + +[san_dirname1023] +commonName = "t1022 + +[san_dirname1024] +commonName = "t1023 + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.csr b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.csr new file mode 100644 index 0000000000..c8b892d0e0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.csr @@ -0,0 +1,421 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIJOdDCCTVwCAQAwDTELMAkGA1UEAwwCdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDbLFMBzvkagzZSUSpbQmPeMnURan2woeR3R5tx5aYtZNeuWwTt +ej/H9sorK63NbIiljjb756IitX1UeenVelvKKylsDYQKEMQhtliYuw22DI1WWyyF +WQfKBkY2JRopjsQ5t8Mxzm5JwgHPsDsnQ4rj1QYfLZOd3XpFZW39tLHAEFlC8h6P +zkOslyXBfOJR4UQ1W5SqA27acS8lf1gwAeESFx7yqmwigLHJZep3lbMHxPdyODT+ +oEMzTGZtoeihBLxvFDk5RC44N3TJCiGFkSG3TrqwmUp2mHtYyhzTsEDD2Sp1++sZ +6uMamDFSl+l/pHshfy/cYoaP/f2oiOhLRFK9AgMBAAGggkwgMIJMHAYJKoZIhvcN +AQkOMYJMDTCCTAkwHQYDVR0OBBYEFDu0BcyqulE9/PL5HiVTcuE68prfMA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNV +HREEgkuuMIJLqqQPMA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzAN +MQswCQYDVQQDDAJ0MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSk +DzANMQswCQYDVQQDDAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwC +dDekDzANMQswCQYDVQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UE +AwwDdDEwpBAwDjEMMAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEM +MAoGA1UEAwwDdDEzpBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1 +pBAwDjEMMAoGA1UEAwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UE +AwwDdDE4pBAwDjEMMAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEM +MAoGA1UEAwwDdDIxpBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIz +pBAwDjEMMAoGA1UEAwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UE +AwwDdDI2pBAwDjEMMAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEM +MAoGA1UEAwwDdDI5pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMx +pBAwDjEMMAoGA1UEAwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UE +AwwDdDM0pBAwDjEMMAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEM +MAoGA1UEAwwDdDM3pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5 +pBAwDjEMMAoGA1UEAwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UE +AwwDdDQypBAwDjEMMAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEM +MAoGA1UEAwwDdDQ1pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3 +pBAwDjEMMAoGA1UEAwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UE +AwwDdDUwpBAwDjEMMAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEM +MAoGA1UEAwwDdDUzpBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1 +pBAwDjEMMAoGA1UEAwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UE +AwwDdDU4pBAwDjEMMAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEM +MAoGA1UEAwwDdDYxpBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYz +pBAwDjEMMAoGA1UEAwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UE +AwwDdDY2pBAwDjEMMAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEM +MAoGA1UEAwwDdDY5pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcx +pBAwDjEMMAoGA1UEAwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UE +AwwDdDc0pBAwDjEMMAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEM +MAoGA1UEAwwDdDc3pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5 +pBAwDjEMMAoGA1UEAwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UE +AwwDdDgypBAwDjEMMAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEM +MAoGA1UEAwwDdDg1pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3 +pBAwDjEMMAoGA1UEAwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UE +AwwDdDkwpBAwDjEMMAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEM +MAoGA1UEAwwDdDkzpBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1 +pBAwDjEMMAoGA1UEAwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UE +AwwDdDk4pBAwDjEMMAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8x +DTALBgNVBAMMBHQxMDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwE +dDEwM6QRMA8xDTALBgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzEN +MAsGA1UEAwwEdDEwNqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0 +MTA4pBEwDzENMAsGA1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0w +CwYDVQQDDAR0MTExpBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQx +MTOkETAPMQ0wCwYDVQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTAL +BgNVBAMMBHQxMTakETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDEx +OKQRMA8xDTALBgNVBAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsG +A1UEAwwEdDEyMaQRMA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIz +pBEwDzENMAsGA1UEAwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYD +VQQDDAR0MTI2pBEwDzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjik +ETAPMQ0wCwYDVQQDDAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNV +BAMMBHQxMzGkETAPMQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QR +MA8xDTALBgNVBAMMBHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UE +AwwEdDEzNqQRMA8xDTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEw +DzENMAsGA1UEAwwEdDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQD +DAR0MTQxpBEwDzENMAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAP +MQ0wCwYDVQQDDAR0MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMM +BHQxNDakETAPMQ0wCwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8x +DTALBgNVBAMMBHQxNDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwE +dDE1MaQRMA8xDTALBgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzEN +MAsGA1UEAwwEdDE1NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0 +MTU2pBEwDzENMAsGA1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0w +CwYDVQQDDAR0MTU5pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQx +NjGkETAPMQ0wCwYDVQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTAL +BgNVBAMMBHQxNjSkETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2 +NqQRMA8xDTALBgNVBAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsG +A1UEAwwEdDE2OaQRMA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcx +pBEwDzENMAsGA1UEAwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYD +VQQDDAR0MTc0pBEwDzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzak +ETAPMQ0wCwYDVQQDDAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNV +BAMMBHQxNzmkETAPMQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQR +MA8xDTALBgNVBAMMBHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UE +AwwEdDE4NKQRMA8xDTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEw +DzENMAsGA1UEAwwEdDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQD +DAR0MTg5pBEwDzENMAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAP +MQ0wCwYDVQQDDAR0MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMM +BHQxOTSkETAPMQ0wCwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8x +DTALBgNVBAMMBHQxOTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwE +dDE5OaQRMA8xDTALBgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzEN +MAsGA1UEAwwEdDIwMqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0 +MjA0pBEwDzENMAsGA1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0w +CwYDVQQDDAR0MjA3pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQy +MDmkETAPMQ0wCwYDVQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTAL +BgNVBAMMBHQyMTKkETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIx +NKQRMA8xDTALBgNVBAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsG +A1UEAwwEdDIxN6QRMA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5 +pBEwDzENMAsGA1UEAwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYD +VQQDDAR0MjIypBEwDzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSk +ETAPMQ0wCwYDVQQDDAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNV +BAMMBHQyMjekETAPMQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQR +MA8xDTALBgNVBAMMBHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UE +AwwEdDIzMqQRMA8xDTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEw +DzENMAsGA1UEAwwEdDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQD +DAR0MjM3pBEwDzENMAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAP +MQ0wCwYDVQQDDAR0MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMM +BHQyNDKkETAPMQ0wCwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8x +DTALBgNVBAMMBHQyNDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwE +dDI0N6QRMA8xDTALBgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzEN +MAsGA1UEAwwEdDI1MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0 +MjUypBEwDzENMAsGA1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0w +CwYDVQQDDAR0MjU1pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQy +NTekETAPMQ0wCwYDVQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTAL +BgNVBAMMBHQyNjCkETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2 +MqQRMA8xDTALBgNVBAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsG +A1UEAwwEdDI2NaQRMA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3 +pBEwDzENMAsGA1UEAwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYD +VQQDDAR0MjcwpBEwDzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKk +ETAPMQ0wCwYDVQQDDAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNV +BAMMBHQyNzWkETAPMQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QR +MA8xDTALBgNVBAMMBHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UE +AwwEdDI4MKQRMA8xDTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEw +DzENMAsGA1UEAwwEdDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQD +DAR0Mjg1pBEwDzENMAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAP +MQ0wCwYDVQQDDAR0Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMM +BHQyOTCkETAPMQ0wCwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8x +DTALBgNVBAMMBHQyOTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwE +dDI5NaQRMA8xDTALBgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzEN +MAsGA1UEAwwEdDI5OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0 +MzAwpBEwDzENMAsGA1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0w +CwYDVQQDDAR0MzAzpBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQz +MDWkETAPMQ0wCwYDVQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTAL +BgNVBAMMBHQzMDikETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMx +MKQRMA8xDTALBgNVBAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsG +A1UEAwwEdDMxM6QRMA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1 +pBEwDzENMAsGA1UEAwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYD +VQQDDAR0MzE4pBEwDzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCk +ETAPMQ0wCwYDVQQDDAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNV +BAMMBHQzMjOkETAPMQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQR +MA8xDTALBgNVBAMMBHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UE +AwwEdDMyOKQRMA8xDTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEw +DzENMAsGA1UEAwwEdDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQD +DAR0MzMzpBEwDzENMAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAP +MQ0wCwYDVQQDDAR0MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMM +BHQzMzikETAPMQ0wCwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8x +DTALBgNVBAMMBHQzNDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwE +dDM0M6QRMA8xDTALBgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzEN +MAsGA1UEAwwEdDM0NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0 +MzQ4pBEwDzENMAsGA1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0w +CwYDVQQDDAR0MzUxpBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQz +NTOkETAPMQ0wCwYDVQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTAL +BgNVBAMMBHQzNTakETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1 +OKQRMA8xDTALBgNVBAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsG +A1UEAwwEdDM2MaQRMA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYz +pBEwDzENMAsGA1UEAwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYD +VQQDDAR0MzY2pBEwDzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjik +ETAPMQ0wCwYDVQQDDAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNV +BAMMBHQzNzGkETAPMQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QR +MA8xDTALBgNVBAMMBHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UE +AwwEdDM3NqQRMA8xDTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEw +DzENMAsGA1UEAwwEdDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQD +DAR0MzgxpBEwDzENMAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAP +MQ0wCwYDVQQDDAR0Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMM +BHQzODakETAPMQ0wCwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8x +DTALBgNVBAMMBHQzODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwE +dDM5MaQRMA8xDTALBgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzEN +MAsGA1UEAwwEdDM5NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0 +Mzk2pBEwDzENMAsGA1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0w +CwYDVQQDDAR0Mzk5pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0 +MDGkETAPMQ0wCwYDVQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTAL +BgNVBAMMBHQ0MDSkETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQw +NqQRMA8xDTALBgNVBAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsG +A1UEAwwEdDQwOaQRMA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDEx +pBEwDzENMAsGA1UEAwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYD +VQQDDAR0NDE0pBEwDzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTak +ETAPMQ0wCwYDVQQDDAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNV +BAMMBHQ0MTmkETAPMQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQR +MA8xDTALBgNVBAMMBHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UE +AwwEdDQyNKQRMA8xDTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEw +DzENMAsGA1UEAwwEdDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQD +DAR0NDI5pBEwDzENMAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAP +MQ0wCwYDVQQDDAR0NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMM +BHQ0MzSkETAPMQ0wCwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8x +DTALBgNVBAMMBHQ0MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwE +dDQzOaQRMA8xDTALBgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzEN +MAsGA1UEAwwEdDQ0MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0 +NDQ0pBEwDzENMAsGA1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0w +CwYDVQQDDAR0NDQ3pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0 +NDmkETAPMQ0wCwYDVQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTAL +BgNVBAMMBHQ0NTKkETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1 +NKQRMA8xDTALBgNVBAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsG +A1UEAwwEdDQ1N6QRMA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5 +pBEwDzENMAsGA1UEAwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYD +VQQDDAR0NDYypBEwDzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSk +ETAPMQ0wCwYDVQQDDAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNV +BAMMBHQ0NjekETAPMQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQR +MA8xDTALBgNVBAMMBHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UE +AwwEdDQ3MqQRMA8xDTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEw +DzENMAsGA1UEAwwEdDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQD +DAR0NDc3pBEwDzENMAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAP +MQ0wCwYDVQQDDAR0NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMM +BHQ0ODKkETAPMQ0wCwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8x +DTALBgNVBAMMBHQ0ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwE +dDQ4N6QRMA8xDTALBgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzEN +MAsGA1UEAwwEdDQ5MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0 +NDkypBEwDzENMAsGA1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0w +CwYDVQQDDAR0NDk1pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0 +OTekETAPMQ0wCwYDVQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTAL +BgNVBAMMBHQ1MDCkETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUw +MqQRMA8xDTALBgNVBAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsG +A1UEAwwEdDUwNaQRMA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3 +pBEwDzENMAsGA1UEAwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYD +VQQDDAR0NTEwpBEwDzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKk +ETAPMQ0wCwYDVQQDDAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNV +BAMMBHQ1MTWkETAPMQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QR +MA8xDTALBgNVBAMMBHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UE +AwwEdDUyMKQRMA8xDTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEw +DzENMAsGA1UEAwwEdDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQD +DAR0NTI1pBEwDzENMAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAP +MQ0wCwYDVQQDDAR0NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMM +BHQ1MzCkETAPMQ0wCwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8x +DTALBgNVBAMMBHQ1MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwE +dDUzNaQRMA8xDTALBgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzEN +MAsGA1UEAwwEdDUzOKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0 +NTQwpBEwDzENMAsGA1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0w +CwYDVQQDDAR0NTQzpBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1 +NDWkETAPMQ0wCwYDVQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTAL +BgNVBAMMBHQ1NDikETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1 +MKQRMA8xDTALBgNVBAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsG +A1UEAwwEdDU1M6QRMA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1 +pBEwDzENMAsGA1UEAwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYD +VQQDDAR0NTU4pBEwDzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCk +ETAPMQ0wCwYDVQQDDAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNV +BAMMBHQ1NjOkETAPMQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQR +MA8xDTALBgNVBAMMBHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UE +AwwEdDU2OKQRMA8xDTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEw +DzENMAsGA1UEAwwEdDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQD +DAR0NTczpBEwDzENMAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAP +MQ0wCwYDVQQDDAR0NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMM +BHQ1NzikETAPMQ0wCwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8x +DTALBgNVBAMMBHQ1ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwE +dDU4M6QRMA8xDTALBgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzEN +MAsGA1UEAwwEdDU4NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0 +NTg4pBEwDzENMAsGA1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0w +CwYDVQQDDAR0NTkxpBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1 +OTOkETAPMQ0wCwYDVQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTAL +BgNVBAMMBHQ1OTakETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5 +OKQRMA8xDTALBgNVBAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsG +A1UEAwwEdDYwMaQRMA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAz +pBEwDzENMAsGA1UEAwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYD +VQQDDAR0NjA2pBEwDzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDik +ETAPMQ0wCwYDVQQDDAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNV +BAMMBHQ2MTGkETAPMQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QR +MA8xDTALBgNVBAMMBHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UE +AwwEdDYxNqQRMA8xDTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEw +DzENMAsGA1UEAwwEdDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQD +DAR0NjIxpBEwDzENMAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAP +MQ0wCwYDVQQDDAR0NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMM +BHQ2MjakETAPMQ0wCwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8x +DTALBgNVBAMMBHQ2MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwE +dDYzMaQRMA8xDTALBgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzEN +MAsGA1UEAwwEdDYzNKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0 +NjM2pBEwDzENMAsGA1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0w +CwYDVQQDDAR0NjM5pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2 +NDGkETAPMQ0wCwYDVQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTAL +BgNVBAMMBHQ2NDSkETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0 +NqQRMA8xDTALBgNVBAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsG +A1UEAwwEdDY0OaQRMA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUx +pBEwDzENMAsGA1UEAwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYD +VQQDDAR0NjU0pBEwDzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTak +ETAPMQ0wCwYDVQQDDAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNV +BAMMBHQ2NTmkETAPMQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQR +MA8xDTALBgNVBAMMBHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UE +AwwEdDY2NKQRMA8xDTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEw +DzENMAsGA1UEAwwEdDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQD +DAR0NjY5pBEwDzENMAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAP +MQ0wCwYDVQQDDAR0NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMM +BHQ2NzSkETAPMQ0wCwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8x +DTALBgNVBAMMBHQ2NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwE +dDY3OaQRMA8xDTALBgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzEN +MAsGA1UEAwwEdDY4MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0 +Njg0pBEwDzENMAsGA1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0w +CwYDVQQDDAR0Njg3pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2 +ODmkETAPMQ0wCwYDVQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTAL +BgNVBAMMBHQ2OTKkETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5 +NKQRMA8xDTALBgNVBAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsG +A1UEAwwEdDY5N6QRMA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5 +pBEwDzENMAsGA1UEAwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYD +VQQDDAR0NzAypBEwDzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSk +ETAPMQ0wCwYDVQQDDAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNV +BAMMBHQ3MDekETAPMQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQR +MA8xDTALBgNVBAMMBHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UE +AwwEdDcxMqQRMA8xDTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEw +DzENMAsGA1UEAwwEdDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQD +DAR0NzE3pBEwDzENMAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAP +MQ0wCwYDVQQDDAR0NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMM +BHQ3MjKkETAPMQ0wCwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8x +DTALBgNVBAMMBHQ3MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwE +dDcyN6QRMA8xDTALBgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzEN +MAsGA1UEAwwEdDczMKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0 +NzMypBEwDzENMAsGA1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0w +CwYDVQQDDAR0NzM1pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3 +MzekETAPMQ0wCwYDVQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTAL +BgNVBAMMBHQ3NDCkETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0 +MqQRMA8xDTALBgNVBAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsG +A1UEAwwEdDc0NaQRMA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3 +pBEwDzENMAsGA1UEAwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYD +VQQDDAR0NzUwpBEwDzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKk +ETAPMQ0wCwYDVQQDDAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNV +BAMMBHQ3NTWkETAPMQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QR +MA8xDTALBgNVBAMMBHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UE +AwwEdDc2MKQRMA8xDTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEw +DzENMAsGA1UEAwwEdDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQD +DAR0NzY1pBEwDzENMAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAP +MQ0wCwYDVQQDDAR0NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMM +BHQ3NzCkETAPMQ0wCwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8x +DTALBgNVBAMMBHQ3NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwE +dDc3NaQRMA8xDTALBgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzEN +MAsGA1UEAwwEdDc3OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0 +NzgwpBEwDzENMAsGA1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0w +CwYDVQQDDAR0NzgzpBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3 +ODWkETAPMQ0wCwYDVQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTAL +BgNVBAMMBHQ3ODikETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5 +MKQRMA8xDTALBgNVBAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsG +A1UEAwwEdDc5M6QRMA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1 +pBEwDzENMAsGA1UEAwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYD +VQQDDAR0Nzk4pBEwDzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCk +ETAPMQ0wCwYDVQQDDAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNV +BAMMBHQ4MDOkETAPMQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQR +MA8xDTALBgNVBAMMBHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UE +AwwEdDgwOKQRMA8xDTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEw +DzENMAsGA1UEAwwEdDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQD +DAR0ODEzpBEwDzENMAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAP +MQ0wCwYDVQQDDAR0ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMM +BHQ4MTikETAPMQ0wCwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8x +DTALBgNVBAMMBHQ4MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwE +dDgyM6QRMA8xDTALBgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzEN +MAsGA1UEAwwEdDgyNqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0 +ODI4pBEwDzENMAsGA1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0w +CwYDVQQDDAR0ODMxpBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4 +MzOkETAPMQ0wCwYDVQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTAL +BgNVBAMMBHQ4MzakETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgz +OKQRMA8xDTALBgNVBAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsG +A1UEAwwEdDg0MaQRMA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQz +pBEwDzENMAsGA1UEAwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYD +VQQDDAR0ODQ2pBEwDzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDik +ETAPMQ0wCwYDVQQDDAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNV +BAMMBHQ4NTGkETAPMQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QR +MA8xDTALBgNVBAMMBHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UE +AwwEdDg1NqQRMA8xDTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEw +DzENMAsGA1UEAwwEdDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQD +DAR0ODYxpBEwDzENMAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAP +MQ0wCwYDVQQDDAR0ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMM +BHQ4NjakETAPMQ0wCwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8x +DTALBgNVBAMMBHQ4NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwE +dDg3MaQRMA8xDTALBgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzEN +MAsGA1UEAwwEdDg3NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0 +ODc2pBEwDzENMAsGA1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0w +CwYDVQQDDAR0ODc5pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4 +ODGkETAPMQ0wCwYDVQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTAL +BgNVBAMMBHQ4ODSkETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4 +NqQRMA8xDTALBgNVBAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsG +A1UEAwwEdDg4OaQRMA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkx +pBEwDzENMAsGA1UEAwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYD +VQQDDAR0ODk0pBEwDzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTak +ETAPMQ0wCwYDVQQDDAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNV +BAMMBHQ4OTmkETAPMQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQR +MA8xDTALBgNVBAMMBHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UE +AwwEdDkwNKQRMA8xDTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEw +DzENMAsGA1UEAwwEdDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQD +DAR0OTA5pBEwDzENMAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAP +MQ0wCwYDVQQDDAR0OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMM +BHQ5MTSkETAPMQ0wCwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8x +DTALBgNVBAMMBHQ5MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwE +dDkxOaQRMA8xDTALBgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzEN +MAsGA1UEAwwEdDkyMqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0 +OTI0pBEwDzENMAsGA1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0w +CwYDVQQDDAR0OTI3pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5 +MjmkETAPMQ0wCwYDVQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTAL +BgNVBAMMBHQ5MzKkETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkz +NKQRMA8xDTALBgNVBAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsG +A1UEAwwEdDkzN6QRMA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5 +pBEwDzENMAsGA1UEAwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYD +VQQDDAR0OTQypBEwDzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSk +ETAPMQ0wCwYDVQQDDAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNV +BAMMBHQ5NDekETAPMQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQR +MA8xDTALBgNVBAMMBHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UE +AwwEdDk1MqQRMA8xDTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEw +DzENMAsGA1UEAwwEdDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQD +DAR0OTU3pBEwDzENMAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAP +MQ0wCwYDVQQDDAR0OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMM +BHQ5NjKkETAPMQ0wCwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8x +DTALBgNVBAMMBHQ5NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwE +dDk2N6QRMA8xDTALBgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzEN +MAsGA1UEAwwEdDk3MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0 +OTcypBEwDzENMAsGA1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0w +CwYDVQQDDAR0OTc1pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5 +NzekETAPMQ0wCwYDVQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTAL +BgNVBAMMBHQ5ODCkETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4 +MqQRMA8xDTALBgNVBAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsG +A1UEAwwEdDk4NaQRMA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3 +pBEwDzENMAsGA1UEAwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYD +VQQDDAR0OTkwpBEwDzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKk +ETAPMQ0wCwYDVQQDDAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNV +BAMMBHQ5OTWkETAPMQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QR +MA8xDTALBgNVBAMMBHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UE +AwwFdDEwMDCkEjAQMQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAy +pBIwEDEOMAwGA1UEAwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAM +BgNVBAMMBXQxMDA1pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0 +MTAwN6QSMBAxDjAMBgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQ +MQ4wDAYDVQQDDAV0MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UE +AwwFdDEwMTKkEjAQMQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0 +pBIwEDEOMAwGA1UEAwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAM +BgNVBAMMBXQxMDE3pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0 +MTAxOaQSMBAxDjAMBgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQ +MQ4wDAYDVQQDDAV0MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEB +CwUAA4IBAQCsaFcXH4XdFQ83K+/gx/oSaX6L9FVr5BYE7JyygYwt6eIvyj3LIbqE +IPqTcNodP2hPiofuebQdPUNOca515G/NBlA3FdzjNsFpNr+ybuClrxtb84Yapp5H +zyQSoVjFf4SQL50RV79vtJdsXogD45K+l3bM3cXLTSJbS5D35kqWpIUI3iPiWwLb +1wAmMk3kk+vHks8U2nb7+cQ7dIEyeheiT8D7OGftZ3H+K0ZRpA9exz47yyuDzdgz +z5jDX+HrnFsU4IE20NI8ctKqx7qmlyVFd6dXVIHFNEPR8D7kZmm/5fr5sAHPMEqz +uAXU6z2r+eHC83Jp/4CScmJkK0MOQfZg +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.pem new file mode 100644 index 0000000000..690368a460 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/out/t0_7.pem @@ -0,0 +1,496 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:db + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 77:af:27:9b:23:82:9d:90:b4:3c:02:1f:d4:a9:c8:0c:7f:58: + 19:ae:9a:86:fe:f5:b1:a4:ae:cb:af:46:3a:04:ff:3c:cf:ea: + 6b:df:16:cb:d1:89:8d:8c:a7:f9:11:e7:e9:90:92:6b:54:d5: + fa:aa:24:96:63:61:57:4a:81:da:7e:0b:2e:c8:04:34:6a:dd: + 6e:46:27:97:5a:9d:db:8c:2d:e8:5a:45:11:bf:7d:1a:25:7a: + ca:9e:b1:e3:1c:53:22:0b:37:b6:fa:d6:1e:83:6d:54:40:4d: + 71:b3:e3:52:dc:84:d1:95:fc:92:e4:f0:85:ce:6d:4e:36:a6: + 6c:b4:35:7e:0e:e8:b6:8b:09:b0:c8:4e:f1:b8:aa:fe:e8:28: + ba:8e:a3:31:ef:99:bd:da:9e:cb:5a:02:95:24:45:41:3c:ed: + 7a:92:94:bd:9d:fd:7e:07:51:8c:55:97:07:53:60:b4:dd:64: + 02:6c:2b:18:32:8d:df:ed:89:4a:dd:37:32:cb:66:9a:fa:b8: + e8:3d:87:8f:63:6a:3f:6f:2c:91:25:b3:85:71:0a:39:aa:24: + a5:8e:7b:c2:57:86:ed:3b:e7:33:6d:e9:a4:c1:cd:88:8b:0e: + c8:06:63:9b:40:40:2a:3c:b2:96:12:2d:1c:53:fe:83:ec:4a: + 50:be:c6:53 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQB3ryeb +I4KdkLQ8Ah/UqcgMf1gZrpqG/vWxpK7Lr0Y6BP88z+pr3xbL0YmNjKf5EefpkJJr +VNX6qiSWY2FXSoHafgsuyAQ0at1uRieXWp3bjC3oWkURv30aJXrKnrHjHFMiCze2 ++tYeg21UQE1xs+NS3ITRlfyS5PCFzm1ONqZstDV+Dui2iwmwyE7xuKr+6Ci6jqMx +75m92p7LWgKVJEVBPO16kpS9nf1+B1GMVZcHU2C03WQCbCsYMo3f7YlK3Tcyy2aa ++rjoPYePY2o/byyRJbOFcQo5qiSljnvCV4btO+czbemkwc2Iiw7IBmObQEAqPLKW +Ei0cU/6D7EpQvsZT +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.pem new file mode 100644 index 0000000000..159ea50748 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.pem @@ -0,0 +1,1877 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of different types of name +constraints and names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340 + Signature Algorithm: sha256WithRSAEncryption + 90:c2:57:f6:92:e9:c7:58:4e:b5:bd:11:26:33:dd:b9:3d:c2: + 1e:6d:6b:21:74:04:85:22:1e:d2:1b:09:fb:99:24:d8:e6:ed: + 1c:55:14:34:b7:19:4e:f2:cc:37:2e:b3:d3:26:96:f2:6d:88: + d6:8d:b2:7b:1a:6f:eb:66:f1:d9:f3:a3:4f:b0:76:51:d2:1c: + e6:b0:ae:0f:28:38:bf:c6:94:d5:76:71:0f:f6:11:95:c8:07: + 26:be:81:aa:55:4d:17:17:36:90:bb:c2:b8:40:72:a2:cf:0f: + d3:55:b1:65:50:67:c8:57:4b:54:bd:5b:42:7f:d4:b4:46:0e: + fe:9d:f0:eb:a9:96:c2:53:ce:b5:fb:71:3c:da:51:37:94:c7: + 7b:1e:d6:5b:c1:1b:da:ae:09:b1:da:d0:2d:27:ae:46:c6:5e: + d0:72:cb:e0:29:a7:c8:40:e8:18:94:26:ad:d8:51:21:43:24: + f6:f9:a4:9e:f1:57:d1:4b:3e:74:71:97:8f:de:09:2d:d3:85: + b1:79:a8:9d:d0:6c:35:90:a8:62:2f:fb:45:ac:c5:5b:5c:cc: + ea:72:05:b0:2f:79:36:56:f2:75:5b:b4:30:8c:0c:9f:fc:e8: + da:7e:2c:dd:fc:5e:fc:23:04:c1:53:31:a7:e2:ce:18:10:28: + b8:d4:60:8e +-----BEGIN CERTIFICATE----- +MIIy0TCCMbmgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCMB4wgjAaMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgi8wBgNVHREEgi8nMIIvI4IH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SHBAoAAACHBAoAAAGHBAoAAAKHBAoAAAOHBAoAAASHBAoAAAWHBAoAAAaHBAoA +AAeHBAoAAAiHBAoAAAmHBAoAAAqHBAoAAAuHBAoAAAyHBAoAAA2HBAoAAA6HBAoA +AA+HBAoAABCHBAoAABGHBAoAABKHBAoAABOHBAoAABSHBAoAABWHBAoAABaHBAoA +ABeHBAoAABiHBAoAABmHBAoAABqHBAoAABuHBAoAAByHBAoAAB2HBAoAAB6HBAoA +AB+HBAoAACCHBAoAACGHBAoAACKHBAoAACOHBAoAACSHBAoAACWHBAoAACaHBAoA +ACeHBAoAACiHBAoAACmHBAoAACqHBAoAACuHBAoAACyHBAoAAC2HBAoAAC6HBAoA +AC+HBAoAADCHBAoAADGHBAoAADKHBAoAADOHBAoAADSHBAoAADWHBAoAADaHBAoA +ADeHBAoAADiHBAoAADmHBAoAADqHBAoAADuHBAoAADyHBAoAAD2HBAoAAD6HBAoA +AD+HBAoAAECHBAoAAEGHBAoAAEKHBAoAAEOHBAoAAESHBAoAAEWHBAoAAEaHBAoA +AEeHBAoAAEiHBAoAAEmHBAoAAEqHBAoAAEuHBAoAAEyHBAoAAE2HBAoAAE6HBAoA +AE+HBAoAAFCHBAoAAFGHBAoAAFKHBAoAAFOHBAoAAFSHBAoAAFWHBAoAAFaHBAoA +AFeHBAoAAFiHBAoAAFmHBAoAAFqHBAoAAFuHBAoAAFyHBAoAAF2HBAoAAF6HBAoA +AF+HBAoAAGCHBAoAAGGHBAoAAGKHBAoAAGOHBAoAAGSHBAoAAGWHBAoAAGaHBAoA +AGeHBAoAAGiHBAoAAGmHBAoAAGqHBAoAAGuHBAoAAGyHBAoAAG2HBAoAAG6HBAoA +AG+HBAoAAHCHBAoAAHGHBAoAAHKHBAoAAHOHBAoAAHSHBAoAAHWHBAoAAHaHBAoA +AHeHBAoAAHiHBAoAAHmHBAoAAHqHBAoAAHuHBAoAAHyHBAoAAH2HBAoAAH6HBAoA +AH+HBAoAAICHBAoAAIGHBAoAAIKHBAoAAIOHBAoAAISHBAoAAIWHBAoAAIaHBAoA +AIeHBAoAAIiHBAoAAImHBAoAAIqHBAoAAIuHBAoAAIyHBAoAAI2HBAoAAI6HBAoA +AI+HBAoAAJCHBAoAAJGHBAoAAJKHBAoAAJOHBAoAAJSHBAoAAJWHBAoAAJaHBAoA +AJeHBAoAAJiHBAoAAJmHBAoAAJqHBAoAAJuHBAoAAJyHBAoAAJ2HBAoAAJ6HBAoA +AJ+HBAoAAKCHBAoAAKGHBAoAAKKHBAoAAKOHBAoAAKSHBAoAAKWHBAoAAKaHBAoA +AKeHBAoAAKiHBAoAAKmHBAoAAKqHBAoAAKuHBAoAAKyHBAoAAK2HBAoAAK6HBAoA +AK+HBAoAALCHBAoAALGHBAoAALKHBAoAALOHBAoAALSHBAoAALWHBAoAALaHBAoA +ALeHBAoAALiHBAoAALmHBAoAALqHBAoAALuHBAoAALyHBAoAAL2HBAoAAL6HBAoA +AL+HBAoAAMCHBAoAAMGHBAoAAMKHBAoAAMOHBAoAAMSHBAoAAMWHBAoAAMaHBAoA +AMeHBAoAAMiHBAoAAMmHBAoAAMqHBAoAAMuHBAoAAMyHBAoAAM2HBAoAAM6HBAoA +AM+HBAoAANCHBAoAANGHBAoAANKHBAoAANOHBAoAANSHBAoAANWHBAoAANaHBAoA +ANeHBAoAANiHBAoAANmHBAoAANqHBAoAANuHBAoAANyHBAoAAN2HBAoAAN6HBAoA +AN+HBAoAAOCHBAoAAOGHBAoAAOKHBAoAAOOHBAoAAOSHBAoAAOWHBAoAAOaHBAoA +AOeHBAoAAOiHBAoAAOmHBAoAAOqHBAoAAOuHBAoAAOyHBAoAAO2HBAoAAO6HBAoA +AO+HBAoAAPCHBAoAAPGHBAoAAPKHBAoAAPOHBAoAAPSHBAoAAPWHBAoAAPaHBAoA +APeHBAoAAPiHBAoAAPmHBAoAAPqHBAoAAPuHBAoAAPyHBAoAAP2HBAoAAP6HBAoA +AP+HBAoAAQCHBAoAAQGHBAoAAQKHBAoAAQOHBAoAAQSHBAoAAQWHBAoAAQaHBAoA +AQeHBAoAAQiHBAoAAQmHBAoAAQqHBAoAAQuHBAoAAQyHBAoAAQ2HBAoAAQ6HBAoA +AQ+HBAoAARCHBAoAARGHBAoAARKHBAoAAROHBAoAARSHBAoAARWHBAoAARaHBAoA +AReHBAoAARiHBAoAARmHBAoAARqHBAoAARuHBAoAARyHBAoAAR2HBAoAAR6HBAoA +AR+HBAoAASCHBAoAASGHBAoAASKHBAoAASOHBAoAASSHBAoAASWHBAoAASaHBAoA +ASeHBAoAASiHBAoAASmHBAoAASqHBAoAASuHBAoAASyHBAoAAS2HBAoAAS6HBAoA +AS+HBAoAATCHBAoAATGHBAoAATKHBAoAATOHBAoAATSHBAoAATWHBAoAATaHBAoA +ATeHBAoAATiHBAoAATmHBAoAATqHBAoAATuHBAoAATyHBAoAAT2HBAoAAT6HBAoA +AT+HBAoAAUCHBAoAAUGHBAoAAUKHBAoAAUOHBAoAAUSHBAoAAUWHBAoAAUaHBAoA +AUeHBAoAAUiHBAoAAUmHBAoAAUqHBAoAAUuHBAoAAUyHBAoAAU2HBAoAAU6HBAoA +AU+HBAoAAVCHBAoAAVGHBAoAAVKHBAoAAVOHBAoAAVSkDzANMQswCQYDVQQDDAJ0 +MKQPMA0xCzAJBgNVBAMMAnQxpA8wDTELMAkGA1UEAwwCdDKkDzANMQswCQYDVQQD +DAJ0M6QPMA0xCzAJBgNVBAMMAnQ0pA8wDTELMAkGA1UEAwwCdDWkDzANMQswCQYD +VQQDDAJ0NqQPMA0xCzAJBgNVBAMMAnQ3pA8wDTELMAkGA1UEAwwCdDikDzANMQsw +CQYDVQQDDAJ0OaQQMA4xDDAKBgNVBAMMA3QxMKQQMA4xDDAKBgNVBAMMA3QxMaQQ +MA4xDDAKBgNVBAMMA3QxMqQQMA4xDDAKBgNVBAMMA3QxM6QQMA4xDDAKBgNVBAMM +A3QxNKQQMA4xDDAKBgNVBAMMA3QxNaQQMA4xDDAKBgNVBAMMA3QxNqQQMA4xDDAK +BgNVBAMMA3QxN6QQMA4xDDAKBgNVBAMMA3QxOKQQMA4xDDAKBgNVBAMMA3QxOaQQ +MA4xDDAKBgNVBAMMA3QyMKQQMA4xDDAKBgNVBAMMA3QyMaQQMA4xDDAKBgNVBAMM +A3QyMqQQMA4xDDAKBgNVBAMMA3QyM6QQMA4xDDAKBgNVBAMMA3QyNKQQMA4xDDAK +BgNVBAMMA3QyNaQQMA4xDDAKBgNVBAMMA3QyNqQQMA4xDDAKBgNVBAMMA3QyN6QQ +MA4xDDAKBgNVBAMMA3QyOKQQMA4xDDAKBgNVBAMMA3QyOaQQMA4xDDAKBgNVBAMM +A3QzMKQQMA4xDDAKBgNVBAMMA3QzMaQQMA4xDDAKBgNVBAMMA3QzMqQQMA4xDDAK +BgNVBAMMA3QzM6QQMA4xDDAKBgNVBAMMA3QzNKQQMA4xDDAKBgNVBAMMA3QzNaQQ +MA4xDDAKBgNVBAMMA3QzNqQQMA4xDDAKBgNVBAMMA3QzN6QQMA4xDDAKBgNVBAMM +A3QzOKQQMA4xDDAKBgNVBAMMA3QzOaQQMA4xDDAKBgNVBAMMA3Q0MKQQMA4xDDAK +BgNVBAMMA3Q0MaQQMA4xDDAKBgNVBAMMA3Q0MqQQMA4xDDAKBgNVBAMMA3Q0M6QQ +MA4xDDAKBgNVBAMMA3Q0NKQQMA4xDDAKBgNVBAMMA3Q0NaQQMA4xDDAKBgNVBAMM +A3Q0NqQQMA4xDDAKBgNVBAMMA3Q0N6QQMA4xDDAKBgNVBAMMA3Q0OKQQMA4xDDAK +BgNVBAMMA3Q0OaQQMA4xDDAKBgNVBAMMA3Q1MKQQMA4xDDAKBgNVBAMMA3Q1MaQQ +MA4xDDAKBgNVBAMMA3Q1MqQQMA4xDDAKBgNVBAMMA3Q1M6QQMA4xDDAKBgNVBAMM +A3Q1NKQQMA4xDDAKBgNVBAMMA3Q1NaQQMA4xDDAKBgNVBAMMA3Q1NqQQMA4xDDAK +BgNVBAMMA3Q1N6QQMA4xDDAKBgNVBAMMA3Q1OKQQMA4xDDAKBgNVBAMMA3Q1OaQQ +MA4xDDAKBgNVBAMMA3Q2MKQQMA4xDDAKBgNVBAMMA3Q2MaQQMA4xDDAKBgNVBAMM +A3Q2MqQQMA4xDDAKBgNVBAMMA3Q2M6QQMA4xDDAKBgNVBAMMA3Q2NKQQMA4xDDAK +BgNVBAMMA3Q2NaQQMA4xDDAKBgNVBAMMA3Q2NqQQMA4xDDAKBgNVBAMMA3Q2N6QQ +MA4xDDAKBgNVBAMMA3Q2OKQQMA4xDDAKBgNVBAMMA3Q2OaQQMA4xDDAKBgNVBAMM +A3Q3MKQQMA4xDDAKBgNVBAMMA3Q3MaQQMA4xDDAKBgNVBAMMA3Q3MqQQMA4xDDAK +BgNVBAMMA3Q3M6QQMA4xDDAKBgNVBAMMA3Q3NKQQMA4xDDAKBgNVBAMMA3Q3NaQQ +MA4xDDAKBgNVBAMMA3Q3NqQQMA4xDDAKBgNVBAMMA3Q3N6QQMA4xDDAKBgNVBAMM +A3Q3OKQQMA4xDDAKBgNVBAMMA3Q3OaQQMA4xDDAKBgNVBAMMA3Q4MKQQMA4xDDAK +BgNVBAMMA3Q4MaQQMA4xDDAKBgNVBAMMA3Q4MqQQMA4xDDAKBgNVBAMMA3Q4M6QQ +MA4xDDAKBgNVBAMMA3Q4NKQQMA4xDDAKBgNVBAMMA3Q4NaQQMA4xDDAKBgNVBAMM +A3Q4NqQQMA4xDDAKBgNVBAMMA3Q4N6QQMA4xDDAKBgNVBAMMA3Q4OKQQMA4xDDAK +BgNVBAMMA3Q4OaQQMA4xDDAKBgNVBAMMA3Q5MKQQMA4xDDAKBgNVBAMMA3Q5MaQQ +MA4xDDAKBgNVBAMMA3Q5MqQQMA4xDDAKBgNVBAMMA3Q5M6QQMA4xDDAKBgNVBAMM +A3Q5NKQQMA4xDDAKBgNVBAMMA3Q5NaQQMA4xDDAKBgNVBAMMA3Q5NqQQMA4xDDAK +BgNVBAMMA3Q5N6QQMA4xDDAKBgNVBAMMA3Q5OKQQMA4xDDAKBgNVBAMMA3Q5OaQR +MA8xDTALBgNVBAMMBHQxMDCkETAPMQ0wCwYDVQQDDAR0MTAxpBEwDzENMAsGA1UE +AwwEdDEwMqQRMA8xDTALBgNVBAMMBHQxMDOkETAPMQ0wCwYDVQQDDAR0MTA0pBEw +DzENMAsGA1UEAwwEdDEwNaQRMA8xDTALBgNVBAMMBHQxMDakETAPMQ0wCwYDVQQD +DAR0MTA3pBEwDzENMAsGA1UEAwwEdDEwOKQRMA8xDTALBgNVBAMMBHQxMDmkETAP +MQ0wCwYDVQQDDAR0MTEwpBEwDzENMAsGA1UEAwwEdDExMaQRMA8xDTALBgNVBAMM +BHQxMTKkETAPMQ0wCwYDVQQDDAR0MTEzpBEwDzENMAsGA1UEAwwEdDExNKQRMA8x +DTALBgNVBAMMBHQxMTWkETAPMQ0wCwYDVQQDDAR0MTE2pBEwDzENMAsGA1UEAwwE +dDExN6QRMA8xDTALBgNVBAMMBHQxMTikETAPMQ0wCwYDVQQDDAR0MTE5pBEwDzEN +MAsGA1UEAwwEdDEyMKQRMA8xDTALBgNVBAMMBHQxMjGkETAPMQ0wCwYDVQQDDAR0 +MTIypBEwDzENMAsGA1UEAwwEdDEyM6QRMA8xDTALBgNVBAMMBHQxMjSkETAPMQ0w +CwYDVQQDDAR0MTI1pBEwDzENMAsGA1UEAwwEdDEyNqQRMA8xDTALBgNVBAMMBHQx +MjekETAPMQ0wCwYDVQQDDAR0MTI4pBEwDzENMAsGA1UEAwwEdDEyOaQRMA8xDTAL +BgNVBAMMBHQxMzCkETAPMQ0wCwYDVQQDDAR0MTMxpBEwDzENMAsGA1UEAwwEdDEz +MqQRMA8xDTALBgNVBAMMBHQxMzOkETAPMQ0wCwYDVQQDDAR0MTM0pBEwDzENMAsG +A1UEAwwEdDEzNaQRMA8xDTALBgNVBAMMBHQxMzakETAPMQ0wCwYDVQQDDAR0MTM3 +pBEwDzENMAsGA1UEAwwEdDEzOKQRMA8xDTALBgNVBAMMBHQxMzmkETAPMQ0wCwYD +VQQDDAR0MTQwpBEwDzENMAsGA1UEAwwEdDE0MaQRMA8xDTALBgNVBAMMBHQxNDKk +ETAPMQ0wCwYDVQQDDAR0MTQzpBEwDzENMAsGA1UEAwwEdDE0NKQRMA8xDTALBgNV +BAMMBHQxNDWkETAPMQ0wCwYDVQQDDAR0MTQ2pBEwDzENMAsGA1UEAwwEdDE0N6QR +MA8xDTALBgNVBAMMBHQxNDikETAPMQ0wCwYDVQQDDAR0MTQ5pBEwDzENMAsGA1UE +AwwEdDE1MKQRMA8xDTALBgNVBAMMBHQxNTGkETAPMQ0wCwYDVQQDDAR0MTUypBEw +DzENMAsGA1UEAwwEdDE1M6QRMA8xDTALBgNVBAMMBHQxNTSkETAPMQ0wCwYDVQQD +DAR0MTU1pBEwDzENMAsGA1UEAwwEdDE1NqQRMA8xDTALBgNVBAMMBHQxNTekETAP +MQ0wCwYDVQQDDAR0MTU4pBEwDzENMAsGA1UEAwwEdDE1OaQRMA8xDTALBgNVBAMM +BHQxNjCkETAPMQ0wCwYDVQQDDAR0MTYxpBEwDzENMAsGA1UEAwwEdDE2MqQRMA8x +DTALBgNVBAMMBHQxNjOkETAPMQ0wCwYDVQQDDAR0MTY0pBEwDzENMAsGA1UEAwwE +dDE2NaQRMA8xDTALBgNVBAMMBHQxNjakETAPMQ0wCwYDVQQDDAR0MTY3pBEwDzEN +MAsGA1UEAwwEdDE2OKQRMA8xDTALBgNVBAMMBHQxNjmkETAPMQ0wCwYDVQQDDAR0 +MTcwpBEwDzENMAsGA1UEAwwEdDE3MaQRMA8xDTALBgNVBAMMBHQxNzKkETAPMQ0w +CwYDVQQDDAR0MTczpBEwDzENMAsGA1UEAwwEdDE3NKQRMA8xDTALBgNVBAMMBHQx +NzWkETAPMQ0wCwYDVQQDDAR0MTc2pBEwDzENMAsGA1UEAwwEdDE3N6QRMA8xDTAL +BgNVBAMMBHQxNzikETAPMQ0wCwYDVQQDDAR0MTc5pBEwDzENMAsGA1UEAwwEdDE4 +MKQRMA8xDTALBgNVBAMMBHQxODGkETAPMQ0wCwYDVQQDDAR0MTgypBEwDzENMAsG +A1UEAwwEdDE4M6QRMA8xDTALBgNVBAMMBHQxODSkETAPMQ0wCwYDVQQDDAR0MTg1 +pBEwDzENMAsGA1UEAwwEdDE4NqQRMA8xDTALBgNVBAMMBHQxODekETAPMQ0wCwYD +VQQDDAR0MTg4pBEwDzENMAsGA1UEAwwEdDE4OaQRMA8xDTALBgNVBAMMBHQxOTCk +ETAPMQ0wCwYDVQQDDAR0MTkxpBEwDzENMAsGA1UEAwwEdDE5MqQRMA8xDTALBgNV +BAMMBHQxOTOkETAPMQ0wCwYDVQQDDAR0MTk0pBEwDzENMAsGA1UEAwwEdDE5NaQR +MA8xDTALBgNVBAMMBHQxOTakETAPMQ0wCwYDVQQDDAR0MTk3pBEwDzENMAsGA1UE +AwwEdDE5OKQRMA8xDTALBgNVBAMMBHQxOTmkETAPMQ0wCwYDVQQDDAR0MjAwpBEw +DzENMAsGA1UEAwwEdDIwMaQRMA8xDTALBgNVBAMMBHQyMDKkETAPMQ0wCwYDVQQD +DAR0MjAzpBEwDzENMAsGA1UEAwwEdDIwNKQRMA8xDTALBgNVBAMMBHQyMDWkETAP +MQ0wCwYDVQQDDAR0MjA2pBEwDzENMAsGA1UEAwwEdDIwN6QRMA8xDTALBgNVBAMM +BHQyMDikETAPMQ0wCwYDVQQDDAR0MjA5pBEwDzENMAsGA1UEAwwEdDIxMKQRMA8x +DTALBgNVBAMMBHQyMTGkETAPMQ0wCwYDVQQDDAR0MjEypBEwDzENMAsGA1UEAwwE +dDIxM6QRMA8xDTALBgNVBAMMBHQyMTSkETAPMQ0wCwYDVQQDDAR0MjE1pBEwDzEN +MAsGA1UEAwwEdDIxNqQRMA8xDTALBgNVBAMMBHQyMTekETAPMQ0wCwYDVQQDDAR0 +MjE4pBEwDzENMAsGA1UEAwwEdDIxOaQRMA8xDTALBgNVBAMMBHQyMjCkETAPMQ0w +CwYDVQQDDAR0MjIxpBEwDzENMAsGA1UEAwwEdDIyMqQRMA8xDTALBgNVBAMMBHQy +MjOkETAPMQ0wCwYDVQQDDAR0MjI0pBEwDzENMAsGA1UEAwwEdDIyNaQRMA8xDTAL +BgNVBAMMBHQyMjakETAPMQ0wCwYDVQQDDAR0MjI3pBEwDzENMAsGA1UEAwwEdDIy +OKQRMA8xDTALBgNVBAMMBHQyMjmkETAPMQ0wCwYDVQQDDAR0MjMwpBEwDzENMAsG +A1UEAwwEdDIzMaQRMA8xDTALBgNVBAMMBHQyMzKkETAPMQ0wCwYDVQQDDAR0MjMz +pBEwDzENMAsGA1UEAwwEdDIzNKQRMA8xDTALBgNVBAMMBHQyMzWkETAPMQ0wCwYD +VQQDDAR0MjM2pBEwDzENMAsGA1UEAwwEdDIzN6QRMA8xDTALBgNVBAMMBHQyMzik +ETAPMQ0wCwYDVQQDDAR0MjM5pBEwDzENMAsGA1UEAwwEdDI0MKQRMA8xDTALBgNV +BAMMBHQyNDGkETAPMQ0wCwYDVQQDDAR0MjQypBEwDzENMAsGA1UEAwwEdDI0M6QR +MA8xDTALBgNVBAMMBHQyNDSkETAPMQ0wCwYDVQQDDAR0MjQ1pBEwDzENMAsGA1UE +AwwEdDI0NqQRMA8xDTALBgNVBAMMBHQyNDekETAPMQ0wCwYDVQQDDAR0MjQ4pBEw +DzENMAsGA1UEAwwEdDI0OaQRMA8xDTALBgNVBAMMBHQyNTCkETAPMQ0wCwYDVQQD +DAR0MjUxpBEwDzENMAsGA1UEAwwEdDI1MqQRMA8xDTALBgNVBAMMBHQyNTOkETAP +MQ0wCwYDVQQDDAR0MjU0pBEwDzENMAsGA1UEAwwEdDI1NaQRMA8xDTALBgNVBAMM +BHQyNTakETAPMQ0wCwYDVQQDDAR0MjU3pBEwDzENMAsGA1UEAwwEdDI1OKQRMA8x +DTALBgNVBAMMBHQyNTmkETAPMQ0wCwYDVQQDDAR0MjYwpBEwDzENMAsGA1UEAwwE +dDI2MaQRMA8xDTALBgNVBAMMBHQyNjKkETAPMQ0wCwYDVQQDDAR0MjYzpBEwDzEN +MAsGA1UEAwwEdDI2NKQRMA8xDTALBgNVBAMMBHQyNjWkETAPMQ0wCwYDVQQDDAR0 +MjY2pBEwDzENMAsGA1UEAwwEdDI2N6QRMA8xDTALBgNVBAMMBHQyNjikETAPMQ0w +CwYDVQQDDAR0MjY5pBEwDzENMAsGA1UEAwwEdDI3MKQRMA8xDTALBgNVBAMMBHQy +NzGkETAPMQ0wCwYDVQQDDAR0MjcypBEwDzENMAsGA1UEAwwEdDI3M6QRMA8xDTAL +BgNVBAMMBHQyNzSkETAPMQ0wCwYDVQQDDAR0Mjc1pBEwDzENMAsGA1UEAwwEdDI3 +NqQRMA8xDTALBgNVBAMMBHQyNzekETAPMQ0wCwYDVQQDDAR0Mjc4pBEwDzENMAsG +A1UEAwwEdDI3OaQRMA8xDTALBgNVBAMMBHQyODCkETAPMQ0wCwYDVQQDDAR0Mjgx +pBEwDzENMAsGA1UEAwwEdDI4MqQRMA8xDTALBgNVBAMMBHQyODOkETAPMQ0wCwYD +VQQDDAR0Mjg0pBEwDzENMAsGA1UEAwwEdDI4NaQRMA8xDTALBgNVBAMMBHQyODak +ETAPMQ0wCwYDVQQDDAR0Mjg3pBEwDzENMAsGA1UEAwwEdDI4OKQRMA8xDTALBgNV +BAMMBHQyODmkETAPMQ0wCwYDVQQDDAR0MjkwpBEwDzENMAsGA1UEAwwEdDI5MaQR +MA8xDTALBgNVBAMMBHQyOTKkETAPMQ0wCwYDVQQDDAR0MjkzpBEwDzENMAsGA1UE +AwwEdDI5NKQRMA8xDTALBgNVBAMMBHQyOTWkETAPMQ0wCwYDVQQDDAR0Mjk2pBEw +DzENMAsGA1UEAwwEdDI5N6QRMA8xDTALBgNVBAMMBHQyOTikETAPMQ0wCwYDVQQD +DAR0Mjk5pBEwDzENMAsGA1UEAwwEdDMwMKQRMA8xDTALBgNVBAMMBHQzMDGkETAP +MQ0wCwYDVQQDDAR0MzAypBEwDzENMAsGA1UEAwwEdDMwM6QRMA8xDTALBgNVBAMM +BHQzMDSkETAPMQ0wCwYDVQQDDAR0MzA1pBEwDzENMAsGA1UEAwwEdDMwNqQRMA8x +DTALBgNVBAMMBHQzMDekETAPMQ0wCwYDVQQDDAR0MzA4pBEwDzENMAsGA1UEAwwE +dDMwOaQRMA8xDTALBgNVBAMMBHQzMTCkETAPMQ0wCwYDVQQDDAR0MzExpBEwDzEN +MAsGA1UEAwwEdDMxMqQRMA8xDTALBgNVBAMMBHQzMTOkETAPMQ0wCwYDVQQDDAR0 +MzE0pBEwDzENMAsGA1UEAwwEdDMxNaQRMA8xDTALBgNVBAMMBHQzMTakETAPMQ0w +CwYDVQQDDAR0MzE3pBEwDzENMAsGA1UEAwwEdDMxOKQRMA8xDTALBgNVBAMMBHQz +MTmkETAPMQ0wCwYDVQQDDAR0MzIwpBEwDzENMAsGA1UEAwwEdDMyMaQRMA8xDTAL +BgNVBAMMBHQzMjKkETAPMQ0wCwYDVQQDDAR0MzIzpBEwDzENMAsGA1UEAwwEdDMy +NKQRMA8xDTALBgNVBAMMBHQzMjWkETAPMQ0wCwYDVQQDDAR0MzI2pBEwDzENMAsG +A1UEAwwEdDMyN6QRMA8xDTALBgNVBAMMBHQzMjikETAPMQ0wCwYDVQQDDAR0MzI5 +pBEwDzENMAsGA1UEAwwEdDMzMKQRMA8xDTALBgNVBAMMBHQzMzGkETAPMQ0wCwYD +VQQDDAR0MzMypBEwDzENMAsGA1UEAwwEdDMzM6QRMA8xDTALBgNVBAMMBHQzMzSk +ETAPMQ0wCwYDVQQDDAR0MzM1pBEwDzENMAsGA1UEAwwEdDMzNqQRMA8xDTALBgNV +BAMMBHQzMzekETAPMQ0wCwYDVQQDDAR0MzM4pBEwDzENMAsGA1UEAwwEdDMzOaQR +MA8xDTALBgNVBAMMBHQzNDAwDQYJKoZIhvcNAQELBQADggEBAJDCV/aS6cdYTrW9 +ESYz3bk9wh5tayF0BIUiHtIbCfuZJNjm7RxVFDS3GU7yzDcus9MmlvJtiNaNsnsa +b+tm8dnzo0+wdlHSHOawrg8oOL/GlNV2cQ/2EZXIBya+gapVTRcXNpC7wrhAcqLP +D9NVsWVQZ8hXS1S9W0J/1LRGDv6d8OuplsJTzrX7cTzaUTeUx3se1lvBG9quCbHa +0C0nrkbGXtByy+App8hA6BiUJq3YUSFDJPb5pJ7xV9FLPnRxl4/eCS3ThbF5qJ3Q +bDWQqGIv+0WsxVtczOpyBbAveTZW8nVbtDCMDJ/86Np+LN38XvwjBMFTMafizhgQ +KLjUYI4= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + + Signature Algorithm: sha256WithRSAEncryption + 9f:cb:83:7b:e2:3c:57:27:25:ec:82:3f:30:c2:ff:12:51:71: + 3f:d5:94:05:1a:5b:58:44:80:b4:89:1e:e0:89:45:e5:e3:72: + 8b:c4:d8:ca:54:a3:db:f2:a3:fd:16:00:c1:86:21:e2:ed:e3: + 6c:94:7e:09:ae:ed:36:1c:e3:97:6f:3d:0a:b1:39:78:7a:b3: + b9:ce:c3:68:ee:60:27:7c:cb:6b:33:3c:5f:a2:6a:99:d4:08: + 2a:e9:21:04:ea:12:d9:28:53:1f:cc:af:ab:41:a3:6e:34:fa: + 56:56:44:d5:c5:10:bd:f4:37:3b:45:94:74:19:b2:49:cf:0f: + 98:94:75:68:ec:4e:6f:b0:41:ac:f7:38:02:1d:dd:1f:14:f6: + b5:c6:0c:a2:b2:a7:07:75:99:54:4e:fe:68:0c:1d:ae:a0:90: + d7:d5:64:60:15:ff:c7:fd:31:da:ab:50:43:44:b7:cc:3f:d2: + ee:e4:03:3e:a0:9d:8e:81:48:21:86:34:66:27:be:b2:73:01: + 2b:65:ee:51:3b:57:3f:76:51:ad:82:fc:7e:c9:ce:89:38:04: + 5f:c9:f6:41:62:32:60:b2:b9:d1:fe:4e:78:d6:a5:79:56:7b: + 57:e4:1d:42:7a:1f:aa:f7:b0:d0:82:ba:d4:f1:bb:f9:9c:ec: + ca:e7:f7:09 +-----BEGIN CERTIFICATE----- +MII/SzCCPjOgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCPJUwgjyRMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjvFBgNVHR4Egju8MII7uKCCHgAwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDAKhwgKAAAA//// +/zAKhwgKAAAB/////zAKhwgKAAAC/////zAKhwgKAAAD/////zAKhwgKAAAE//// +/zAKhwgKAAAF/////zAKhwgKAAAG/////zAKhwgKAAAH/////zAKhwgKAAAI//// +/zAKhwgKAAAJ/////zAKhwgKAAAK/////zAKhwgKAAAL/////zAKhwgKAAAM//// +/zAKhwgKAAAN/////zAKhwgKAAAO/////zAKhwgKAAAP/////zAKhwgKAAAQ//// +/zAKhwgKAAAR/////zAKhwgKAAAS/////zAKhwgKAAAT/////zAKhwgKAAAU//// +/zAKhwgKAAAV/////zAKhwgKAAAW/////zAKhwgKAAAX/////zAKhwgKAAAY//// +/zAKhwgKAAAZ/////zAKhwgKAAAa/////zAKhwgKAAAb/////zAKhwgKAAAc//// +/zAKhwgKAAAd/////zAKhwgKAAAe/////zAKhwgKAAAf/////zAKhwgKAAAg//// +/zAKhwgKAAAh/////zAKhwgKAAAi/////zAKhwgKAAAj/////zAKhwgKAAAk//// +/zAKhwgKAAAl/////zAKhwgKAAAm/////zAKhwgKAAAn/////zAKhwgKAAAo//// +/zAKhwgKAAAp/////zAKhwgKAAAq/////zAKhwgKAAAr/////zAKhwgKAAAs//// +/zAKhwgKAAAt/////zAKhwgKAAAu/////zAKhwgKAAAv/////zAKhwgKAAAw//// +/zAKhwgKAAAx/////zAKhwgKAAAy/////zAKhwgKAAAz/////zAKhwgKAAA0//// +/zAKhwgKAAA1/////zAKhwgKAAA2/////zAKhwgKAAA3/////zAKhwgKAAA4//// +/zAKhwgKAAA5/////zAKhwgKAAA6/////zAKhwgKAAA7/////zAKhwgKAAA8//// +/zAKhwgKAAA9/////zAKhwgKAAA+/////zAKhwgKAAA//////zAKhwgKAABA//// +/zAKhwgKAABB/////zAKhwgKAABC/////zAKhwgKAABD/////zAKhwgKAABE//// +/zAKhwgKAABF/////zAKhwgKAABG/////zAKhwgKAABH/////zAKhwgKAABI//// +/zAKhwgKAABJ/////zAKhwgKAABK/////zAKhwgKAABL/////zAKhwgKAABM//// +/zAKhwgKAABN/////zAKhwgKAABO/////zAKhwgKAABP/////zAKhwgKAABQ//// +/zAKhwgKAABR/////zAKhwgKAABS/////zAKhwgKAABT/////zAKhwgKAABU//// +/zAKhwgKAABV/////zAKhwgKAABW/////zAKhwgKAABX/////zAKhwgKAABY//// +/zAKhwgKAABZ/////zAKhwgKAABa/////zAKhwgKAABb/////zAKhwgKAABc//// +/zAKhwgKAABd/////zAKhwgKAABe/////zAKhwgKAABf/////zAKhwgKAABg//// +/zAKhwgKAABh/////zAKhwgKAABi/////zAKhwgKAABj/////zAKhwgKAABk//// +/zAKhwgKAABl/////zAKhwgKAABm/////zAKhwgKAABn/////zAKhwgKAABo//// +/zAKhwgKAABp/////zAKhwgKAABq/////zAKhwgKAABr/////zAKhwgKAABs//// +/zAKhwgKAABt/////zAKhwgKAABu/////zAKhwgKAABv/////zAKhwgKAABw//// +/zAKhwgKAABx/////zAKhwgKAABy/////zAKhwgKAABz/////zAKhwgKAAB0//// +/zAKhwgKAAB1/////zAKhwgKAAB2/////zAKhwgKAAB3/////zAKhwgKAAB4//// +/zAKhwgKAAB5/////zAKhwgKAAB6/////zAKhwgKAAB7/////zAKhwgKAAB8//// +/zAKhwgKAAB9/////zAKhwgKAAB+/////zAKhwgKAAB//////zAKhwgKAACA//// +/zAKhwgKAACB/////zAKhwgKAACC/////zAKhwgKAACD/////zAKhwgKAACE//// +/zAKhwgKAACF/////zAKhwgKAACG/////zAKhwgKAACH/////zAKhwgKAACI//// +/zAKhwgKAACJ/////zAKhwgKAACK/////zAKhwgKAACL/////zAKhwgKAACM//// +/zAKhwgKAACN/////zAKhwgKAACO/////zAKhwgKAACP/////zAKhwgKAACQ//// +/zAKhwgKAACR/////zAKhwgKAACS/////zAKhwgKAACT/////zAKhwgKAACU//// +/zAKhwgKAACV/////zAKhwgKAACW/////zAKhwgKAACX/////zAKhwgKAACY//// +/zAKhwgKAACZ/////zAKhwgKAACa/////zAKhwgKAACb/////zAKhwgKAACc//// +/zAKhwgKAACd/////zAKhwgKAACe/////zAKhwgKAACf/////zAKhwgKAACg//// +/zAKhwgKAACh/////zAKhwgKAACi/////zAKhwgKAACj/////zAKhwgKAACk//// +/zAKhwgKAACl/////zAKhwgKAACm/////zAKhwgKAACn/////zAKhwgKAACo//// +/zAKhwgKAACp/////zAKhwgKAACq/////zARpA8wDTELMAkGA1UEAwwCdDAwEaQP +MA0xCzAJBgNVBAMMAnQxMBGkDzANMQswCQYDVQQDDAJ0MjARpA8wDTELMAkGA1UE +AwwCdDMwEaQPMA0xCzAJBgNVBAMMAnQ0MBGkDzANMQswCQYDVQQDDAJ0NTARpA8w +DTELMAkGA1UEAwwCdDYwEaQPMA0xCzAJBgNVBAMMAnQ3MBGkDzANMQswCQYDVQQD +DAJ0ODARpA8wDTELMAkGA1UEAwwCdDkwEqQQMA4xDDAKBgNVBAMMA3QxMDASpBAw +DjEMMAoGA1UEAwwDdDExMBKkEDAOMQwwCgYDVQQDDAN0MTIwEqQQMA4xDDAKBgNV +BAMMA3QxMzASpBAwDjEMMAoGA1UEAwwDdDE0MBKkEDAOMQwwCgYDVQQDDAN0MTUw +EqQQMA4xDDAKBgNVBAMMA3QxNjASpBAwDjEMMAoGA1UEAwwDdDE3MBKkEDAOMQww +CgYDVQQDDAN0MTgwEqQQMA4xDDAKBgNVBAMMA3QxOTASpBAwDjEMMAoGA1UEAwwD +dDIwMBKkEDAOMQwwCgYDVQQDDAN0MjEwEqQQMA4xDDAKBgNVBAMMA3QyMjASpBAw +DjEMMAoGA1UEAwwDdDIzMBKkEDAOMQwwCgYDVQQDDAN0MjQwEqQQMA4xDDAKBgNV +BAMMA3QyNTASpBAwDjEMMAoGA1UEAwwDdDI2MBKkEDAOMQwwCgYDVQQDDAN0Mjcw +EqQQMA4xDDAKBgNVBAMMA3QyODASpBAwDjEMMAoGA1UEAwwDdDI5MBKkEDAOMQww +CgYDVQQDDAN0MzAwEqQQMA4xDDAKBgNVBAMMA3QzMTASpBAwDjEMMAoGA1UEAwwD +dDMyMBKkEDAOMQwwCgYDVQQDDAN0MzMwEqQQMA4xDDAKBgNVBAMMA3QzNDASpBAw +DjEMMAoGA1UEAwwDdDM1MBKkEDAOMQwwCgYDVQQDDAN0MzYwEqQQMA4xDDAKBgNV +BAMMA3QzNzASpBAwDjEMMAoGA1UEAwwDdDM4MBKkEDAOMQwwCgYDVQQDDAN0Mzkw +EqQQMA4xDDAKBgNVBAMMA3Q0MDASpBAwDjEMMAoGA1UEAwwDdDQxMBKkEDAOMQww +CgYDVQQDDAN0NDIwEqQQMA4xDDAKBgNVBAMMA3Q0MzASpBAwDjEMMAoGA1UEAwwD +dDQ0MBKkEDAOMQwwCgYDVQQDDAN0NDUwEqQQMA4xDDAKBgNVBAMMA3Q0NjASpBAw +DjEMMAoGA1UEAwwDdDQ3MBKkEDAOMQwwCgYDVQQDDAN0NDgwEqQQMA4xDDAKBgNV +BAMMA3Q0OTASpBAwDjEMMAoGA1UEAwwDdDUwMBKkEDAOMQwwCgYDVQQDDAN0NTEw +EqQQMA4xDDAKBgNVBAMMA3Q1MjASpBAwDjEMMAoGA1UEAwwDdDUzMBKkEDAOMQww +CgYDVQQDDAN0NTQwEqQQMA4xDDAKBgNVBAMMA3Q1NTASpBAwDjEMMAoGA1UEAwwD +dDU2MBKkEDAOMQwwCgYDVQQDDAN0NTcwEqQQMA4xDDAKBgNVBAMMA3Q1ODASpBAw +DjEMMAoGA1UEAwwDdDU5MBKkEDAOMQwwCgYDVQQDDAN0NjAwEqQQMA4xDDAKBgNV +BAMMA3Q2MTASpBAwDjEMMAoGA1UEAwwDdDYyMBKkEDAOMQwwCgYDVQQDDAN0NjMw +EqQQMA4xDDAKBgNVBAMMA3Q2NDASpBAwDjEMMAoGA1UEAwwDdDY1MBKkEDAOMQww +CgYDVQQDDAN0NjYwEqQQMA4xDDAKBgNVBAMMA3Q2NzASpBAwDjEMMAoGA1UEAwwD +dDY4MBKkEDAOMQwwCgYDVQQDDAN0NjkwEqQQMA4xDDAKBgNVBAMMA3Q3MDASpBAw +DjEMMAoGA1UEAwwDdDcxMBKkEDAOMQwwCgYDVQQDDAN0NzIwEqQQMA4xDDAKBgNV +BAMMA3Q3MzASpBAwDjEMMAoGA1UEAwwDdDc0MBKkEDAOMQwwCgYDVQQDDAN0NzUw +EqQQMA4xDDAKBgNVBAMMA3Q3NjASpBAwDjEMMAoGA1UEAwwDdDc3MBKkEDAOMQww +CgYDVQQDDAN0NzgwEqQQMA4xDDAKBgNVBAMMA3Q3OTASpBAwDjEMMAoGA1UEAwwD +dDgwMBKkEDAOMQwwCgYDVQQDDAN0ODEwEqQQMA4xDDAKBgNVBAMMA3Q4MjASpBAw +DjEMMAoGA1UEAwwDdDgzMBKkEDAOMQwwCgYDVQQDDAN0ODQwEqQQMA4xDDAKBgNV +BAMMA3Q4NTASpBAwDjEMMAoGA1UEAwwDdDg2MBKkEDAOMQwwCgYDVQQDDAN0ODcw +EqQQMA4xDDAKBgNVBAMMA3Q4ODASpBAwDjEMMAoGA1UEAwwDdDg5MBKkEDAOMQww +CgYDVQQDDAN0OTAwEqQQMA4xDDAKBgNVBAMMA3Q5MTASpBAwDjEMMAoGA1UEAwwD +dDkyMBKkEDAOMQwwCgYDVQQDDAN0OTMwEqQQMA4xDDAKBgNVBAMMA3Q5NDASpBAw +DjEMMAoGA1UEAwwDdDk1MBKkEDAOMQwwCgYDVQQDDAN0OTYwEqQQMA4xDDAKBgNV +BAMMA3Q5NzASpBAwDjEMMAoGA1UEAwwDdDk4MBKkEDAOMQwwCgYDVQQDDAN0OTkw +E6QRMA8xDTALBgNVBAMMBHQxMDAwE6QRMA8xDTALBgNVBAMMBHQxMDEwE6QRMA8x +DTALBgNVBAMMBHQxMDIwE6QRMA8xDTALBgNVBAMMBHQxMDMwE6QRMA8xDTALBgNV +BAMMBHQxMDQwE6QRMA8xDTALBgNVBAMMBHQxMDUwE6QRMA8xDTALBgNVBAMMBHQx +MDYwE6QRMA8xDTALBgNVBAMMBHQxMDcwE6QRMA8xDTALBgNVBAMMBHQxMDgwE6QR +MA8xDTALBgNVBAMMBHQxMDkwE6QRMA8xDTALBgNVBAMMBHQxMTAwE6QRMA8xDTAL +BgNVBAMMBHQxMTEwE6QRMA8xDTALBgNVBAMMBHQxMTIwE6QRMA8xDTALBgNVBAMM +BHQxMTMwE6QRMA8xDTALBgNVBAMMBHQxMTQwE6QRMA8xDTALBgNVBAMMBHQxMTUw +E6QRMA8xDTALBgNVBAMMBHQxMTYwE6QRMA8xDTALBgNVBAMMBHQxMTcwE6QRMA8x +DTALBgNVBAMMBHQxMTgwE6QRMA8xDTALBgNVBAMMBHQxMTkwE6QRMA8xDTALBgNV +BAMMBHQxMjAwE6QRMA8xDTALBgNVBAMMBHQxMjEwE6QRMA8xDTALBgNVBAMMBHQx +MjIwE6QRMA8xDTALBgNVBAMMBHQxMjMwE6QRMA8xDTALBgNVBAMMBHQxMjQwE6QR +MA8xDTALBgNVBAMMBHQxMjUwE6QRMA8xDTALBgNVBAMMBHQxMjYwE6QRMA8xDTAL +BgNVBAMMBHQxMjcwE6QRMA8xDTALBgNVBAMMBHQxMjgwE6QRMA8xDTALBgNVBAMM +BHQxMjkwE6QRMA8xDTALBgNVBAMMBHQxMzAwE6QRMA8xDTALBgNVBAMMBHQxMzEw +E6QRMA8xDTALBgNVBAMMBHQxMzIwE6QRMA8xDTALBgNVBAMMBHQxMzMwE6QRMA8x +DTALBgNVBAMMBHQxMzQwE6QRMA8xDTALBgNVBAMMBHQxMzUwE6QRMA8xDTALBgNV +BAMMBHQxMzYwE6QRMA8xDTALBgNVBAMMBHQxMzcwE6QRMA8xDTALBgNVBAMMBHQx +MzgwE6QRMA8xDTALBgNVBAMMBHQxMzkwE6QRMA8xDTALBgNVBAMMBHQxNDAwE6QR +MA8xDTALBgNVBAMMBHQxNDEwE6QRMA8xDTALBgNVBAMMBHQxNDIwE6QRMA8xDTAL +BgNVBAMMBHQxNDMwE6QRMA8xDTALBgNVBAMMBHQxNDQwE6QRMA8xDTALBgNVBAMM +BHQxNDUwE6QRMA8xDTALBgNVBAMMBHQxNDYwE6QRMA8xDTALBgNVBAMMBHQxNDcw +E6QRMA8xDTALBgNVBAMMBHQxNDgwE6QRMA8xDTALBgNVBAMMBHQxNDkwE6QRMA8x +DTALBgNVBAMMBHQxNTAwE6QRMA8xDTALBgNVBAMMBHQxNTEwE6QRMA8xDTALBgNV +BAMMBHQxNTIwE6QRMA8xDTALBgNVBAMMBHQxNTMwE6QRMA8xDTALBgNVBAMMBHQx +NTQwE6QRMA8xDTALBgNVBAMMBHQxNTUwE6QRMA8xDTALBgNVBAMMBHQxNTYwE6QR +MA8xDTALBgNVBAMMBHQxNTcwE6QRMA8xDTALBgNVBAMMBHQxNTgwE6QRMA8xDTAL +BgNVBAMMBHQxNTkwE6QRMA8xDTALBgNVBAMMBHQxNjAwE6QRMA8xDTALBgNVBAMM +BHQxNjEwE6QRMA8xDTALBgNVBAMMBHQxNjIwE6QRMA8xDTALBgNVBAMMBHQxNjMw +E6QRMA8xDTALBgNVBAMMBHQxNjQwE6QRMA8xDTALBgNVBAMMBHQxNjUwE6QRMA8x +DTALBgNVBAMMBHQxNjYwE6QRMA8xDTALBgNVBAMMBHQxNjcwE6QRMA8xDTALBgNV +BAMMBHQxNjgwE6QRMA8xDTALBgNVBAMMBHQxNjkwE6QRMA8xDTALBgNVBAMMBHQx +NzAwE6QRMA8xDTALBgNVBAMMBHQxNzGhgh2wMAmCB3gwLnRlc3QwCYIHeDEudGVz +dDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4NS50ZXN0MAmC +B3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRlc3QwCoIIeDEw +LnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRlc3QwCoIIeDE0 +LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRlc3QwCoIIeDE4 +LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRlc3QwCoIIeDIy +LnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRlc3QwCoIIeDI2 +LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRlc3QwCoIIeDMw +LnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRlc3QwCoIIeDM0 +LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRlc3QwCoIIeDM4 +LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRlc3QwCoIIeDQy +LnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRlc3QwCoIIeDQ2 +LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRlc3QwCoIIeDUw +LnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRlc3QwCoIIeDU0 +LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRlc3QwCoIIeDU4 +LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRlc3QwCoIIeDYy +LnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRlc3QwCoIIeDY2 +LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRlc3QwCoIIeDcw +LnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRlc3QwCoIIeDc0 +LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRlc3QwCoIIeDc4 +LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRlc3QwCoIIeDgy +LnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRlc3QwCoIIeDg2 +LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRlc3QwCoIIeDkw +LnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRlc3QwCoIIeDk0 +LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRlc3QwCoIIeDk4 +LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEudGVzdDALggl4 +MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4MTA1LnRlc3Qw +C4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3QwC4IJeDEwOS50 +ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50ZXN0MAuCCXgx +MTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgxMTYudGVzdDAL +ggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDALggl4MTIwLnRl +c3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRlc3QwC4IJeDEy +NC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEyNy50ZXN0MAuC +CXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuCCXgxMzEudGVz +dDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVzdDALggl4MTM1 +LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4LnRlc3QwC4IJ +eDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJeDE0Mi50ZXN0 +MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0MAuCCXgxNDYu +dGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDkudGVzdDALggl4 +MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4MTUzLnRlc3Qw +C4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3QwC4IJeDE1Ny50 +ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50ZXN0MAuCCXgx +NjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgxNjQudGVzdDAL +ggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDALggl4MTY4LnRl +c3QwC4IJeDE2OS50ZXN0MAqHCAsAAAD/////MAqHCAsAAAH/////MAqHCAsAAAL/ +////MAqHCAsAAAP/////MAqHCAsAAAT/////MAqHCAsAAAX/////MAqHCAsAAAb/ +////MAqHCAsAAAf/////MAqHCAsAAAj/////MAqHCAsAAAn/////MAqHCAsAAAr/ +////MAqHCAsAAAv/////MAqHCAsAAAz/////MAqHCAsAAA3/////MAqHCAsAAA7/ +////MAqHCAsAAA//////MAqHCAsAABD/////MAqHCAsAABH/////MAqHCAsAABL/ +////MAqHCAsAABP/////MAqHCAsAABT/////MAqHCAsAABX/////MAqHCAsAABb/ +////MAqHCAsAABf/////MAqHCAsAABj/////MAqHCAsAABn/////MAqHCAsAABr/ +////MAqHCAsAABv/////MAqHCAsAABz/////MAqHCAsAAB3/////MAqHCAsAAB7/ +////MAqHCAsAAB//////MAqHCAsAACD/////MAqHCAsAACH/////MAqHCAsAACL/ +////MAqHCAsAACP/////MAqHCAsAACT/////MAqHCAsAACX/////MAqHCAsAACb/ +////MAqHCAsAACf/////MAqHCAsAACj/////MAqHCAsAACn/////MAqHCAsAACr/ +////MAqHCAsAACv/////MAqHCAsAACz/////MAqHCAsAAC3/////MAqHCAsAAC7/ +////MAqHCAsAAC//////MAqHCAsAADD/////MAqHCAsAADH/////MAqHCAsAADL/ +////MAqHCAsAADP/////MAqHCAsAADT/////MAqHCAsAADX/////MAqHCAsAADb/ +////MAqHCAsAADf/////MAqHCAsAADj/////MAqHCAsAADn/////MAqHCAsAADr/ +////MAqHCAsAADv/////MAqHCAsAADz/////MAqHCAsAAD3/////MAqHCAsAAD7/ +////MAqHCAsAAD//////MAqHCAsAAED/////MAqHCAsAAEH/////MAqHCAsAAEL/ +////MAqHCAsAAEP/////MAqHCAsAAET/////MAqHCAsAAEX/////MAqHCAsAAEb/ +////MAqHCAsAAEf/////MAqHCAsAAEj/////MAqHCAsAAEn/////MAqHCAsAAEr/ +////MAqHCAsAAEv/////MAqHCAsAAEz/////MAqHCAsAAE3/////MAqHCAsAAE7/ +////MAqHCAsAAE//////MAqHCAsAAFD/////MAqHCAsAAFH/////MAqHCAsAAFL/ +////MAqHCAsAAFP/////MAqHCAsAAFT/////MAqHCAsAAFX/////MAqHCAsAAFb/ +////MAqHCAsAAFf/////MAqHCAsAAFj/////MAqHCAsAAFn/////MAqHCAsAAFr/ +////MAqHCAsAAFv/////MAqHCAsAAFz/////MAqHCAsAAF3/////MAqHCAsAAF7/ +////MAqHCAsAAF//////MAqHCAsAAGD/////MAqHCAsAAGH/////MAqHCAsAAGL/ +////MAqHCAsAAGP/////MAqHCAsAAGT/////MAqHCAsAAGX/////MAqHCAsAAGb/ +////MAqHCAsAAGf/////MAqHCAsAAGj/////MAqHCAsAAGn/////MAqHCAsAAGr/ +////MAqHCAsAAGv/////MAqHCAsAAGz/////MAqHCAsAAG3/////MAqHCAsAAG7/ +////MAqHCAsAAG//////MAqHCAsAAHD/////MAqHCAsAAHH/////MAqHCAsAAHL/ +////MAqHCAsAAHP/////MAqHCAsAAHT/////MAqHCAsAAHX/////MAqHCAsAAHb/ +////MAqHCAsAAHf/////MAqHCAsAAHj/////MAqHCAsAAHn/////MAqHCAsAAHr/ +////MAqHCAsAAHv/////MAqHCAsAAHz/////MAqHCAsAAH3/////MAqHCAsAAH7/ +////MAqHCAsAAH//////MAqHCAsAAID/////MAqHCAsAAIH/////MAqHCAsAAIL/ +////MAqHCAsAAIP/////MAqHCAsAAIT/////MAqHCAsAAIX/////MAqHCAsAAIb/ +////MAqHCAsAAIf/////MAqHCAsAAIj/////MAqHCAsAAIn/////MAqHCAsAAIr/ +////MAqHCAsAAIv/////MAqHCAsAAIz/////MAqHCAsAAI3/////MAqHCAsAAI7/ +////MAqHCAsAAI//////MAqHCAsAAJD/////MAqHCAsAAJH/////MAqHCAsAAJL/ +////MAqHCAsAAJP/////MAqHCAsAAJT/////MAqHCAsAAJX/////MAqHCAsAAJb/ +////MAqHCAsAAJf/////MAqHCAsAAJj/////MAqHCAsAAJn/////MAqHCAsAAJr/ +////MAqHCAsAAJv/////MAqHCAsAAJz/////MAqHCAsAAJ3/////MAqHCAsAAJ7/ +////MAqHCAsAAJ//////MAqHCAsAAKD/////MAqHCAsAAKH/////MAqHCAsAAKL/ +////MAqHCAsAAKP/////MAqHCAsAAKT/////MAqHCAsAAKX/////MAqHCAsAAKb/ +////MAqHCAsAAKf/////MAqHCAsAAKj/////MAqHCAsAAKn/////MBGkDzANMQsw +CQYDVQQDDAJ4MDARpA8wDTELMAkGA1UEAwwCeDEwEaQPMA0xCzAJBgNVBAMMAngy +MBGkDzANMQswCQYDVQQDDAJ4MzARpA8wDTELMAkGA1UEAwwCeDQwEaQPMA0xCzAJ +BgNVBAMMAng1MBGkDzANMQswCQYDVQQDDAJ4NjARpA8wDTELMAkGA1UEAwwCeDcw +EaQPMA0xCzAJBgNVBAMMAng4MBGkDzANMQswCQYDVQQDDAJ4OTASpBAwDjEMMAoG +A1UEAwwDeDEwMBKkEDAOMQwwCgYDVQQDDAN4MTEwEqQQMA4xDDAKBgNVBAMMA3gx +MjASpBAwDjEMMAoGA1UEAwwDeDEzMBKkEDAOMQwwCgYDVQQDDAN4MTQwEqQQMA4x +DDAKBgNVBAMMA3gxNTASpBAwDjEMMAoGA1UEAwwDeDE2MBKkEDAOMQwwCgYDVQQD +DAN4MTcwEqQQMA4xDDAKBgNVBAMMA3gxODASpBAwDjEMMAoGA1UEAwwDeDE5MBKk +EDAOMQwwCgYDVQQDDAN4MjAwEqQQMA4xDDAKBgNVBAMMA3gyMTASpBAwDjEMMAoG +A1UEAwwDeDIyMBKkEDAOMQwwCgYDVQQDDAN4MjMwEqQQMA4xDDAKBgNVBAMMA3gy +NDASpBAwDjEMMAoGA1UEAwwDeDI1MBKkEDAOMQwwCgYDVQQDDAN4MjYwEqQQMA4x +DDAKBgNVBAMMA3gyNzASpBAwDjEMMAoGA1UEAwwDeDI4MBKkEDAOMQwwCgYDVQQD +DAN4MjkwEqQQMA4xDDAKBgNVBAMMA3gzMDASpBAwDjEMMAoGA1UEAwwDeDMxMBKk +EDAOMQwwCgYDVQQDDAN4MzIwEqQQMA4xDDAKBgNVBAMMA3gzMzASpBAwDjEMMAoG +A1UEAwwDeDM0MBKkEDAOMQwwCgYDVQQDDAN4MzUwEqQQMA4xDDAKBgNVBAMMA3gz +NjASpBAwDjEMMAoGA1UEAwwDeDM3MBKkEDAOMQwwCgYDVQQDDAN4MzgwEqQQMA4x +DDAKBgNVBAMMA3gzOTASpBAwDjEMMAoGA1UEAwwDeDQwMBKkEDAOMQwwCgYDVQQD +DAN4NDEwEqQQMA4xDDAKBgNVBAMMA3g0MjASpBAwDjEMMAoGA1UEAwwDeDQzMBKk +EDAOMQwwCgYDVQQDDAN4NDQwEqQQMA4xDDAKBgNVBAMMA3g0NTASpBAwDjEMMAoG +A1UEAwwDeDQ2MBKkEDAOMQwwCgYDVQQDDAN4NDcwEqQQMA4xDDAKBgNVBAMMA3g0 +ODASpBAwDjEMMAoGA1UEAwwDeDQ5MBKkEDAOMQwwCgYDVQQDDAN4NTAwEqQQMA4x +DDAKBgNVBAMMA3g1MTASpBAwDjEMMAoGA1UEAwwDeDUyMBKkEDAOMQwwCgYDVQQD +DAN4NTMwEqQQMA4xDDAKBgNVBAMMA3g1NDASpBAwDjEMMAoGA1UEAwwDeDU1MBKk +EDAOMQwwCgYDVQQDDAN4NTYwEqQQMA4xDDAKBgNVBAMMA3g1NzASpBAwDjEMMAoG +A1UEAwwDeDU4MBKkEDAOMQwwCgYDVQQDDAN4NTkwEqQQMA4xDDAKBgNVBAMMA3g2 +MDASpBAwDjEMMAoGA1UEAwwDeDYxMBKkEDAOMQwwCgYDVQQDDAN4NjIwEqQQMA4x +DDAKBgNVBAMMA3g2MzASpBAwDjEMMAoGA1UEAwwDeDY0MBKkEDAOMQwwCgYDVQQD +DAN4NjUwEqQQMA4xDDAKBgNVBAMMA3g2NjASpBAwDjEMMAoGA1UEAwwDeDY3MBKk +EDAOMQwwCgYDVQQDDAN4NjgwEqQQMA4xDDAKBgNVBAMMA3g2OTASpBAwDjEMMAoG +A1UEAwwDeDcwMBKkEDAOMQwwCgYDVQQDDAN4NzEwEqQQMA4xDDAKBgNVBAMMA3g3 +MjASpBAwDjEMMAoGA1UEAwwDeDczMBKkEDAOMQwwCgYDVQQDDAN4NzQwEqQQMA4x +DDAKBgNVBAMMA3g3NTASpBAwDjEMMAoGA1UEAwwDeDc2MBKkEDAOMQwwCgYDVQQD +DAN4NzcwEqQQMA4xDDAKBgNVBAMMA3g3ODASpBAwDjEMMAoGA1UEAwwDeDc5MBKk +EDAOMQwwCgYDVQQDDAN4ODAwEqQQMA4xDDAKBgNVBAMMA3g4MTASpBAwDjEMMAoG +A1UEAwwDeDgyMBKkEDAOMQwwCgYDVQQDDAN4ODMwEqQQMA4xDDAKBgNVBAMMA3g4 +NDASpBAwDjEMMAoGA1UEAwwDeDg1MBKkEDAOMQwwCgYDVQQDDAN4ODYwEqQQMA4x +DDAKBgNVBAMMA3g4NzASpBAwDjEMMAoGA1UEAwwDeDg4MBKkEDAOMQwwCgYDVQQD +DAN4ODkwEqQQMA4xDDAKBgNVBAMMA3g5MDASpBAwDjEMMAoGA1UEAwwDeDkxMBKk +EDAOMQwwCgYDVQQDDAN4OTIwEqQQMA4xDDAKBgNVBAMMA3g5MzASpBAwDjEMMAoG +A1UEAwwDeDk0MBKkEDAOMQwwCgYDVQQDDAN4OTUwEqQQMA4xDDAKBgNVBAMMA3g5 +NjASpBAwDjEMMAoGA1UEAwwDeDk3MBKkEDAOMQwwCgYDVQQDDAN4OTgwEqQQMA4x +DDAKBgNVBAMMA3g5OTATpBEwDzENMAsGA1UEAwwEeDEwMDATpBEwDzENMAsGA1UE +AwwEeDEwMTATpBEwDzENMAsGA1UEAwwEeDEwMjATpBEwDzENMAsGA1UEAwwEeDEw +MzATpBEwDzENMAsGA1UEAwwEeDEwNDATpBEwDzENMAsGA1UEAwwEeDEwNTATpBEw +DzENMAsGA1UEAwwEeDEwNjATpBEwDzENMAsGA1UEAwwEeDEwNzATpBEwDzENMAsG +A1UEAwwEeDEwODATpBEwDzENMAsGA1UEAwwEeDEwOTATpBEwDzENMAsGA1UEAwwE +eDExMDATpBEwDzENMAsGA1UEAwwEeDExMTATpBEwDzENMAsGA1UEAwwEeDExMjAT +pBEwDzENMAsGA1UEAwwEeDExMzATpBEwDzENMAsGA1UEAwwEeDExNDATpBEwDzEN +MAsGA1UEAwwEeDExNTATpBEwDzENMAsGA1UEAwwEeDExNjATpBEwDzENMAsGA1UE +AwwEeDExNzATpBEwDzENMAsGA1UEAwwEeDExODATpBEwDzENMAsGA1UEAwwEeDEx +OTATpBEwDzENMAsGA1UEAwwEeDEyMDATpBEwDzENMAsGA1UEAwwEeDEyMTATpBEw +DzENMAsGA1UEAwwEeDEyMjATpBEwDzENMAsGA1UEAwwEeDEyMzATpBEwDzENMAsG +A1UEAwwEeDEyNDATpBEwDzENMAsGA1UEAwwEeDEyNTATpBEwDzENMAsGA1UEAwwE +eDEyNjATpBEwDzENMAsGA1UEAwwEeDEyNzATpBEwDzENMAsGA1UEAwwEeDEyODAT +pBEwDzENMAsGA1UEAwwEeDEyOTATpBEwDzENMAsGA1UEAwwEeDEzMDATpBEwDzEN +MAsGA1UEAwwEeDEzMTATpBEwDzENMAsGA1UEAwwEeDEzMjATpBEwDzENMAsGA1UE +AwwEeDEzMzATpBEwDzENMAsGA1UEAwwEeDEzNDATpBEwDzENMAsGA1UEAwwEeDEz +NTATpBEwDzENMAsGA1UEAwwEeDEzNjATpBEwDzENMAsGA1UEAwwEeDEzNzATpBEw +DzENMAsGA1UEAwwEeDEzODATpBEwDzENMAsGA1UEAwwEeDEzOTATpBEwDzENMAsG +A1UEAwwEeDE0MDATpBEwDzENMAsGA1UEAwwEeDE0MTATpBEwDzENMAsGA1UEAwwE +eDE0MjATpBEwDzENMAsGA1UEAwwEeDE0MzATpBEwDzENMAsGA1UEAwwEeDE0NDAT +pBEwDzENMAsGA1UEAwwEeDE0NTATpBEwDzENMAsGA1UEAwwEeDE0NjATpBEwDzEN +MAsGA1UEAwwEeDE0NzATpBEwDzENMAsGA1UEAwwEeDE0ODATpBEwDzENMAsGA1UE +AwwEeDE0OTATpBEwDzENMAsGA1UEAwwEeDE1MDATpBEwDzENMAsGA1UEAwwEeDE1 +MTATpBEwDzENMAsGA1UEAwwEeDE1MjATpBEwDzENMAsGA1UEAwwEeDE1MzATpBEw +DzENMAsGA1UEAwwEeDE1NDATpBEwDzENMAsGA1UEAwwEeDE1NTATpBEwDzENMAsG +A1UEAwwEeDE1NjATpBEwDzENMAsGA1UEAwwEeDE1NzATpBEwDzENMAsGA1UEAwwE +eDE1ODATpBEwDzENMAsGA1UEAwwEeDE1OTATpBEwDzENMAsGA1UEAwwEeDE2MDAT +pBEwDzENMAsGA1UEAwwEeDE2MTATpBEwDzENMAsGA1UEAwwEeDE2MjATpBEwDzEN +MAsGA1UEAwwEeDE2MzATpBEwDzENMAsGA1UEAwwEeDE2NDATpBEwDzENMAsGA1UE +AwwEeDE2NTATpBEwDzENMAsGA1UEAwwEeDE2NjATpBEwDzENMAsGA1UEAwwEeDE2 +NzATpBEwDzENMAsGA1UEAwwEeDE2ODATpBEwDzENMAsGA1UEAwwEeDE2OTANBgkq +hkiG9w0BAQsFAAOCAQEAn8uDe+I8Vycl7II/MML/ElFxP9WUBRpbWESAtIke4IlF +5eNyi8TYylSj2/Kj/RYAwYYh4u3jbJR+Ca7tNhzjl289CrE5eHqzuc7DaO5gJ3zL +azM8X6JqmdQIKukhBOoS2ShTH8yvq0GjbjT6VlZE1cUQvfQ3O0WUdBmySc8PmJR1 +aOxOb7BBrPc4Ah3dHxT2tcYMorKnB3WZVE7+aAwdrqCQ19VkYBX/x/0x2qtQQ0S3 +zD/S7uQDPqCdjoFIIYY0Zie+snMBK2XuUTtXP3ZRrYL8fsnOiTgEX8n2QWIyYLK5 +0f5OeNaleVZ7V+QdQnofqvew0IK61PG7+Zzsyuf3CQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.test new file mode 100644 index 0000000000..21c98a2f67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-all-types.test @@ -0,0 +1,8 @@ +chain: toomany-all-types.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem new file mode 100644 index 0000000000..5d15afebb1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.pem @@ -0,0 +1,2156 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of excluded directory name +constraints and directory names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 9b:b4:29:30:f0:2d:7a:66:c7:f8:92:4c:cb:f4:08:11:f5:eb: + 66:c3:02:4a:24:12:f2:9d:19:a9:c7:51:3a:93:fe:71:34:93: + 27:32:14:a0:1b:f4:eb:ba:c2:4b:df:7e:a8:57:ce:7f:61:fa: + 9f:d2:ec:9a:02:51:30:13:a5:eb:6a:7c:04:b3:f0:e6:28:66: + 5c:f7:4e:70:66:8f:07:ae:42:77:c0:ec:ee:ff:10:34:83:4a: + b2:81:2c:df:c4:d8:f7:80:70:ea:ae:c8:7c:05:41:19:f8:40: + 23:c1:c0:40:e1:d7:f5:f8:7d:b0:83:b3:6b:3a:01:17:68:ca: + 0a:b2:77:c4:0c:43:5c:d8:4b:0f:21:f4:6f:7e:a8:f7:b4:bc: + 31:cd:02:9a:b6:72:5b:bb:45:0c:4c:97:61:98:24:b0:44:cd: + af:7f:7e:fc:72:55:5a:54:43:04:1d:40:bf:52:9d:4b:c1:58: + 2c:d2:9a:04:ee:0a:04:d8:dc:75:2e:ab:3f:87:08:7c:e2:f0: + 3f:6b:17:95:2f:77:e2:f6:30:93:6c:db:84:aa:c1:3d:70:5d: + fa:b4:40:c4:28:85:76:73:5b:4e:b5:3d:bc:fe:8d:7f:a8:f3: + 20:31:3e:69:d1:c7:fb:8c:79:21:cf:2f:32:e6:46:01:bf:4c: + f2:15:96:98 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2DANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQCbtCkw +8C16Zsf4kkzL9AgR9etmwwJKJBLynRmpx1E6k/5xNJMnMhSgG/TrusJL336oV85/ +Yfqf0uyaAlEwE6XranwEs/DmKGZc905wZo8HrkJ3wOzu/xA0g0qygSzfxNj3gHDq +rsh8BUEZ+EAjwcBA4df1+H2wg7NrOgEXaMoKsnfEDENc2EsPIfRvfqj3tLwxzQKa +tnJbu0UMTJdhmCSwRM2vf378clVaVEMEHUC/Up1LwVgs0poE7goE2Nx1Lqs/hwh8 +4vA/axeVL3fi9jCTbNuEqsE9cF36tEDEKIV2c1tOtT28/o1/qPMgMT5p0cf7jHkh +zy8y5kYBv0zyFZaY +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DirName: CN = x0 + DirName: CN = x1 + DirName: CN = x2 + DirName: CN = x3 + DirName: CN = x4 + DirName: CN = x5 + DirName: CN = x6 + DirName: CN = x7 + DirName: CN = x8 + DirName: CN = x9 + DirName: CN = x10 + DirName: CN = x11 + DirName: CN = x12 + DirName: CN = x13 + DirName: CN = x14 + DirName: CN = x15 + DirName: CN = x16 + DirName: CN = x17 + DirName: CN = x18 + DirName: CN = x19 + DirName: CN = x20 + DirName: CN = x21 + DirName: CN = x22 + DirName: CN = x23 + DirName: CN = x24 + DirName: CN = x25 + DirName: CN = x26 + DirName: CN = x27 + DirName: CN = x28 + DirName: CN = x29 + DirName: CN = x30 + DirName: CN = x31 + DirName: CN = x32 + DirName: CN = x33 + DirName: CN = x34 + DirName: CN = x35 + DirName: CN = x36 + DirName: CN = x37 + DirName: CN = x38 + DirName: CN = x39 + DirName: CN = x40 + DirName: CN = x41 + DirName: CN = x42 + DirName: CN = x43 + DirName: CN = x44 + DirName: CN = x45 + DirName: CN = x46 + DirName: CN = x47 + DirName: CN = x48 + DirName: CN = x49 + DirName: CN = x50 + DirName: CN = x51 + DirName: CN = x52 + DirName: CN = x53 + DirName: CN = x54 + DirName: CN = x55 + DirName: CN = x56 + DirName: CN = x57 + DirName: CN = x58 + DirName: CN = x59 + DirName: CN = x60 + DirName: CN = x61 + DirName: CN = x62 + DirName: CN = x63 + DirName: CN = x64 + DirName: CN = x65 + DirName: CN = x66 + DirName: CN = x67 + DirName: CN = x68 + DirName: CN = x69 + DirName: CN = x70 + DirName: CN = x71 + DirName: CN = x72 + DirName: CN = x73 + DirName: CN = x74 + DirName: CN = x75 + DirName: CN = x76 + DirName: CN = x77 + DirName: CN = x78 + DirName: CN = x79 + DirName: CN = x80 + DirName: CN = x81 + DirName: CN = x82 + DirName: CN = x83 + DirName: CN = x84 + DirName: CN = x85 + DirName: CN = x86 + DirName: CN = x87 + DirName: CN = x88 + DirName: CN = x89 + DirName: CN = x90 + DirName: CN = x91 + DirName: CN = x92 + DirName: CN = x93 + DirName: CN = x94 + DirName: CN = x95 + DirName: CN = x96 + DirName: CN = x97 + DirName: CN = x98 + DirName: CN = x99 + DirName: CN = x100 + DirName: CN = x101 + DirName: CN = x102 + DirName: CN = x103 + DirName: CN = x104 + DirName: CN = x105 + DirName: CN = x106 + DirName: CN = x107 + DirName: CN = x108 + DirName: CN = x109 + DirName: CN = x110 + DirName: CN = x111 + DirName: CN = x112 + DirName: CN = x113 + DirName: CN = x114 + DirName: CN = x115 + DirName: CN = x116 + DirName: CN = x117 + DirName: CN = x118 + DirName: CN = x119 + DirName: CN = x120 + DirName: CN = x121 + DirName: CN = x122 + DirName: CN = x123 + DirName: CN = x124 + DirName: CN = x125 + DirName: CN = x126 + DirName: CN = x127 + DirName: CN = x128 + DirName: CN = x129 + DirName: CN = x130 + DirName: CN = x131 + DirName: CN = x132 + DirName: CN = x133 + DirName: CN = x134 + DirName: CN = x135 + DirName: CN = x136 + DirName: CN = x137 + DirName: CN = x138 + DirName: CN = x139 + DirName: CN = x140 + DirName: CN = x141 + DirName: CN = x142 + DirName: CN = x143 + DirName: CN = x144 + DirName: CN = x145 + DirName: CN = x146 + DirName: CN = x147 + DirName: CN = x148 + DirName: CN = x149 + DirName: CN = x150 + DirName: CN = x151 + DirName: CN = x152 + DirName: CN = x153 + DirName: CN = x154 + DirName: CN = x155 + DirName: CN = x156 + DirName: CN = x157 + DirName: CN = x158 + DirName: CN = x159 + DirName: CN = x160 + DirName: CN = x161 + DirName: CN = x162 + DirName: CN = x163 + DirName: CN = x164 + DirName: CN = x165 + DirName: CN = x166 + DirName: CN = x167 + DirName: CN = x168 + DirName: CN = x169 + DirName: CN = x170 + DirName: CN = x171 + DirName: CN = x172 + DirName: CN = x173 + DirName: CN = x174 + DirName: CN = x175 + DirName: CN = x176 + DirName: CN = x177 + DirName: CN = x178 + DirName: CN = x179 + DirName: CN = x180 + DirName: CN = x181 + DirName: CN = x182 + DirName: CN = x183 + DirName: CN = x184 + DirName: CN = x185 + DirName: CN = x186 + DirName: CN = x187 + DirName: CN = x188 + DirName: CN = x189 + DirName: CN = x190 + DirName: CN = x191 + DirName: CN = x192 + DirName: CN = x193 + DirName: CN = x194 + DirName: CN = x195 + DirName: CN = x196 + DirName: CN = x197 + DirName: CN = x198 + DirName: CN = x199 + DirName: CN = x200 + DirName: CN = x201 + DirName: CN = x202 + DirName: CN = x203 + DirName: CN = x204 + DirName: CN = x205 + DirName: CN = x206 + DirName: CN = x207 + DirName: CN = x208 + DirName: CN = x209 + DirName: CN = x210 + DirName: CN = x211 + DirName: CN = x212 + DirName: CN = x213 + DirName: CN = x214 + DirName: CN = x215 + DirName: CN = x216 + DirName: CN = x217 + DirName: CN = x218 + DirName: CN = x219 + DirName: CN = x220 + DirName: CN = x221 + DirName: CN = x222 + DirName: CN = x223 + DirName: CN = x224 + DirName: CN = x225 + DirName: CN = x226 + DirName: CN = x227 + DirName: CN = x228 + DirName: CN = x229 + DirName: CN = x230 + DirName: CN = x231 + DirName: CN = x232 + DirName: CN = x233 + DirName: CN = x234 + DirName: CN = x235 + DirName: CN = x236 + DirName: CN = x237 + DirName: CN = x238 + DirName: CN = x239 + DirName: CN = x240 + DirName: CN = x241 + DirName: CN = x242 + DirName: CN = x243 + DirName: CN = x244 + DirName: CN = x245 + DirName: CN = x246 + DirName: CN = x247 + DirName: CN = x248 + DirName: CN = x249 + DirName: CN = x250 + DirName: CN = x251 + DirName: CN = x252 + DirName: CN = x253 + DirName: CN = x254 + DirName: CN = x255 + DirName: CN = x256 + DirName: CN = x257 + DirName: CN = x258 + DirName: CN = x259 + DirName: CN = x260 + DirName: CN = x261 + DirName: CN = x262 + DirName: CN = x263 + DirName: CN = x264 + DirName: CN = x265 + DirName: CN = x266 + DirName: CN = x267 + DirName: CN = x268 + DirName: CN = x269 + DirName: CN = x270 + DirName: CN = x271 + DirName: CN = x272 + DirName: CN = x273 + DirName: CN = x274 + DirName: CN = x275 + DirName: CN = x276 + DirName: CN = x277 + DirName: CN = x278 + DirName: CN = x279 + DirName: CN = x280 + DirName: CN = x281 + DirName: CN = x282 + DirName: CN = x283 + DirName: CN = x284 + DirName: CN = x285 + DirName: CN = x286 + DirName: CN = x287 + DirName: CN = x288 + DirName: CN = x289 + DirName: CN = x290 + DirName: CN = x291 + DirName: CN = x292 + DirName: CN = x293 + DirName: CN = x294 + DirName: CN = x295 + DirName: CN = x296 + DirName: CN = x297 + DirName: CN = x298 + DirName: CN = x299 + DirName: CN = x300 + DirName: CN = x301 + DirName: CN = x302 + DirName: CN = x303 + DirName: CN = x304 + DirName: CN = x305 + DirName: CN = x306 + DirName: CN = x307 + DirName: CN = x308 + DirName: CN = x309 + DirName: CN = x310 + DirName: CN = x311 + DirName: CN = x312 + DirName: CN = x313 + DirName: CN = x314 + DirName: CN = x315 + DirName: CN = x316 + DirName: CN = x317 + DirName: CN = x318 + DirName: CN = x319 + DirName: CN = x320 + DirName: CN = x321 + DirName: CN = x322 + DirName: CN = x323 + DirName: CN = x324 + DirName: CN = x325 + DirName: CN = x326 + DirName: CN = x327 + DirName: CN = x328 + DirName: CN = x329 + DirName: CN = x330 + DirName: CN = x331 + DirName: CN = x332 + DirName: CN = x333 + DirName: CN = x334 + DirName: CN = x335 + DirName: CN = x336 + DirName: CN = x337 + DirName: CN = x338 + DirName: CN = x339 + DirName: CN = x340 + DirName: CN = x341 + DirName: CN = x342 + DirName: CN = x343 + DirName: CN = x344 + DirName: CN = x345 + DirName: CN = x346 + DirName: CN = x347 + DirName: CN = x348 + DirName: CN = x349 + DirName: CN = x350 + DirName: CN = x351 + DirName: CN = x352 + DirName: CN = x353 + DirName: CN = x354 + DirName: CN = x355 + DirName: CN = x356 + DirName: CN = x357 + DirName: CN = x358 + DirName: CN = x359 + DirName: CN = x360 + DirName: CN = x361 + DirName: CN = x362 + DirName: CN = x363 + DirName: CN = x364 + DirName: CN = x365 + DirName: CN = x366 + DirName: CN = x367 + DirName: CN = x368 + DirName: CN = x369 + DirName: CN = x370 + DirName: CN = x371 + DirName: CN = x372 + DirName: CN = x373 + DirName: CN = x374 + DirName: CN = x375 + DirName: CN = x376 + DirName: CN = x377 + DirName: CN = x378 + DirName: CN = x379 + DirName: CN = x380 + DirName: CN = x381 + DirName: CN = x382 + DirName: CN = x383 + DirName: CN = x384 + DirName: CN = x385 + DirName: CN = x386 + DirName: CN = x387 + DirName: CN = x388 + DirName: CN = x389 + DirName: CN = x390 + DirName: CN = x391 + DirName: CN = x392 + DirName: CN = x393 + DirName: CN = x394 + DirName: CN = x395 + DirName: CN = x396 + DirName: CN = x397 + DirName: CN = x398 + DirName: CN = x399 + DirName: CN = x400 + DirName: CN = x401 + DirName: CN = x402 + DirName: CN = x403 + DirName: CN = x404 + DirName: CN = x405 + DirName: CN = x406 + DirName: CN = x407 + DirName: CN = x408 + DirName: CN = x409 + DirName: CN = x410 + DirName: CN = x411 + DirName: CN = x412 + DirName: CN = x413 + DirName: CN = x414 + DirName: CN = x415 + DirName: CN = x416 + DirName: CN = x417 + DirName: CN = x418 + DirName: CN = x419 + DirName: CN = x420 + DirName: CN = x421 + DirName: CN = x422 + DirName: CN = x423 + DirName: CN = x424 + DirName: CN = x425 + DirName: CN = x426 + DirName: CN = x427 + DirName: CN = x428 + DirName: CN = x429 + DirName: CN = x430 + DirName: CN = x431 + DirName: CN = x432 + DirName: CN = x433 + DirName: CN = x434 + DirName: CN = x435 + DirName: CN = x436 + DirName: CN = x437 + DirName: CN = x438 + DirName: CN = x439 + DirName: CN = x440 + DirName: CN = x441 + DirName: CN = x442 + DirName: CN = x443 + DirName: CN = x444 + DirName: CN = x445 + DirName: CN = x446 + DirName: CN = x447 + DirName: CN = x448 + DirName: CN = x449 + DirName: CN = x450 + DirName: CN = x451 + DirName: CN = x452 + DirName: CN = x453 + DirName: CN = x454 + DirName: CN = x455 + DirName: CN = x456 + DirName: CN = x457 + DirName: CN = x458 + DirName: CN = x459 + DirName: CN = x460 + DirName: CN = x461 + DirName: CN = x462 + DirName: CN = x463 + DirName: CN = x464 + DirName: CN = x465 + DirName: CN = x466 + DirName: CN = x467 + DirName: CN = x468 + DirName: CN = x469 + DirName: CN = x470 + DirName: CN = x471 + DirName: CN = x472 + DirName: CN = x473 + DirName: CN = x474 + DirName: CN = x475 + DirName: CN = x476 + DirName: CN = x477 + DirName: CN = x478 + DirName: CN = x479 + DirName: CN = x480 + DirName: CN = x481 + DirName: CN = x482 + DirName: CN = x483 + DirName: CN = x484 + DirName: CN = x485 + DirName: CN = x486 + DirName: CN = x487 + DirName: CN = x488 + DirName: CN = x489 + DirName: CN = x490 + DirName: CN = x491 + DirName: CN = x492 + DirName: CN = x493 + DirName: CN = x494 + DirName: CN = x495 + DirName: CN = x496 + DirName: CN = x497 + DirName: CN = x498 + DirName: CN = x499 + DirName: CN = x500 + DirName: CN = x501 + DirName: CN = x502 + DirName: CN = x503 + DirName: CN = x504 + DirName: CN = x505 + DirName: CN = x506 + DirName: CN = x507 + DirName: CN = x508 + DirName: CN = x509 + DirName: CN = x510 + DirName: CN = x511 + DirName: CN = x512 + DirName: CN = x513 + DirName: CN = x514 + DirName: CN = x515 + DirName: CN = x516 + DirName: CN = x517 + DirName: CN = x518 + DirName: CN = x519 + DirName: CN = x520 + DirName: CN = x521 + DirName: CN = x522 + DirName: CN = x523 + DirName: CN = x524 + DirName: CN = x525 + DirName: CN = x526 + DirName: CN = x527 + DirName: CN = x528 + DirName: CN = x529 + DirName: CN = x530 + DirName: CN = x531 + DirName: CN = x532 + DirName: CN = x533 + DirName: CN = x534 + DirName: CN = x535 + DirName: CN = x536 + DirName: CN = x537 + DirName: CN = x538 + DirName: CN = x539 + DirName: CN = x540 + DirName: CN = x541 + DirName: CN = x542 + DirName: CN = x543 + DirName: CN = x544 + DirName: CN = x545 + DirName: CN = x546 + DirName: CN = x547 + DirName: CN = x548 + DirName: CN = x549 + DirName: CN = x550 + DirName: CN = x551 + DirName: CN = x552 + DirName: CN = x553 + DirName: CN = x554 + DirName: CN = x555 + DirName: CN = x556 + DirName: CN = x557 + DirName: CN = x558 + DirName: CN = x559 + DirName: CN = x560 + DirName: CN = x561 + DirName: CN = x562 + DirName: CN = x563 + DirName: CN = x564 + DirName: CN = x565 + DirName: CN = x566 + DirName: CN = x567 + DirName: CN = x568 + DirName: CN = x569 + DirName: CN = x570 + DirName: CN = x571 + DirName: CN = x572 + DirName: CN = x573 + DirName: CN = x574 + DirName: CN = x575 + DirName: CN = x576 + DirName: CN = x577 + DirName: CN = x578 + DirName: CN = x579 + DirName: CN = x580 + DirName: CN = x581 + DirName: CN = x582 + DirName: CN = x583 + DirName: CN = x584 + DirName: CN = x585 + DirName: CN = x586 + DirName: CN = x587 + DirName: CN = x588 + DirName: CN = x589 + DirName: CN = x590 + DirName: CN = x591 + DirName: CN = x592 + DirName: CN = x593 + DirName: CN = x594 + DirName: CN = x595 + DirName: CN = x596 + DirName: CN = x597 + DirName: CN = x598 + DirName: CN = x599 + DirName: CN = x600 + DirName: CN = x601 + DirName: CN = x602 + DirName: CN = x603 + DirName: CN = x604 + DirName: CN = x605 + DirName: CN = x606 + DirName: CN = x607 + DirName: CN = x608 + DirName: CN = x609 + DirName: CN = x610 + DirName: CN = x611 + DirName: CN = x612 + DirName: CN = x613 + DirName: CN = x614 + DirName: CN = x615 + DirName: CN = x616 + DirName: CN = x617 + DirName: CN = x618 + DirName: CN = x619 + DirName: CN = x620 + DirName: CN = x621 + DirName: CN = x622 + DirName: CN = x623 + DirName: CN = x624 + DirName: CN = x625 + DirName: CN = x626 + DirName: CN = x627 + DirName: CN = x628 + DirName: CN = x629 + DirName: CN = x630 + DirName: CN = x631 + DirName: CN = x632 + DirName: CN = x633 + DirName: CN = x634 + DirName: CN = x635 + DirName: CN = x636 + DirName: CN = x637 + DirName: CN = x638 + DirName: CN = x639 + DirName: CN = x640 + DirName: CN = x641 + DirName: CN = x642 + DirName: CN = x643 + DirName: CN = x644 + DirName: CN = x645 + DirName: CN = x646 + DirName: CN = x647 + DirName: CN = x648 + DirName: CN = x649 + DirName: CN = x650 + DirName: CN = x651 + DirName: CN = x652 + DirName: CN = x653 + DirName: CN = x654 + DirName: CN = x655 + DirName: CN = x656 + DirName: CN = x657 + DirName: CN = x658 + DirName: CN = x659 + DirName: CN = x660 + DirName: CN = x661 + DirName: CN = x662 + DirName: CN = x663 + DirName: CN = x664 + DirName: CN = x665 + DirName: CN = x666 + DirName: CN = x667 + DirName: CN = x668 + DirName: CN = x669 + DirName: CN = x670 + DirName: CN = x671 + DirName: CN = x672 + DirName: CN = x673 + DirName: CN = x674 + DirName: CN = x675 + DirName: CN = x676 + DirName: CN = x677 + DirName: CN = x678 + DirName: CN = x679 + DirName: CN = x680 + DirName: CN = x681 + DirName: CN = x682 + DirName: CN = x683 + DirName: CN = x684 + DirName: CN = x685 + DirName: CN = x686 + DirName: CN = x687 + DirName: CN = x688 + DirName: CN = x689 + DirName: CN = x690 + DirName: CN = x691 + DirName: CN = x692 + DirName: CN = x693 + DirName: CN = x694 + DirName: CN = x695 + DirName: CN = x696 + DirName: CN = x697 + DirName: CN = x698 + DirName: CN = x699 + DirName: CN = x700 + DirName: CN = x701 + DirName: CN = x702 + DirName: CN = x703 + DirName: CN = x704 + DirName: CN = x705 + DirName: CN = x706 + DirName: CN = x707 + DirName: CN = x708 + DirName: CN = x709 + DirName: CN = x710 + DirName: CN = x711 + DirName: CN = x712 + DirName: CN = x713 + DirName: CN = x714 + DirName: CN = x715 + DirName: CN = x716 + DirName: CN = x717 + DirName: CN = x718 + DirName: CN = x719 + DirName: CN = x720 + DirName: CN = x721 + DirName: CN = x722 + DirName: CN = x723 + DirName: CN = x724 + DirName: CN = x725 + DirName: CN = x726 + DirName: CN = x727 + DirName: CN = x728 + DirName: CN = x729 + DirName: CN = x730 + DirName: CN = x731 + DirName: CN = x732 + DirName: CN = x733 + DirName: CN = x734 + DirName: CN = x735 + DirName: CN = x736 + DirName: CN = x737 + DirName: CN = x738 + DirName: CN = x739 + DirName: CN = x740 + DirName: CN = x741 + DirName: CN = x742 + DirName: CN = x743 + DirName: CN = x744 + DirName: CN = x745 + DirName: CN = x746 + DirName: CN = x747 + DirName: CN = x748 + DirName: CN = x749 + DirName: CN = x750 + DirName: CN = x751 + DirName: CN = x752 + DirName: CN = x753 + DirName: CN = x754 + DirName: CN = x755 + DirName: CN = x756 + DirName: CN = x757 + DirName: CN = x758 + DirName: CN = x759 + DirName: CN = x760 + DirName: CN = x761 + DirName: CN = x762 + DirName: CN = x763 + DirName: CN = x764 + DirName: CN = x765 + DirName: CN = x766 + DirName: CN = x767 + DirName: CN = x768 + DirName: CN = x769 + DirName: CN = x770 + DirName: CN = x771 + DirName: CN = x772 + DirName: CN = x773 + DirName: CN = x774 + DirName: CN = x775 + DirName: CN = x776 + DirName: CN = x777 + DirName: CN = x778 + DirName: CN = x779 + DirName: CN = x780 + DirName: CN = x781 + DirName: CN = x782 + DirName: CN = x783 + DirName: CN = x784 + DirName: CN = x785 + DirName: CN = x786 + DirName: CN = x787 + DirName: CN = x788 + DirName: CN = x789 + DirName: CN = x790 + DirName: CN = x791 + DirName: CN = x792 + DirName: CN = x793 + DirName: CN = x794 + DirName: CN = x795 + DirName: CN = x796 + DirName: CN = x797 + DirName: CN = x798 + DirName: CN = x799 + DirName: CN = x800 + DirName: CN = x801 + DirName: CN = x802 + DirName: CN = x803 + DirName: CN = x804 + DirName: CN = x805 + DirName: CN = x806 + DirName: CN = x807 + DirName: CN = x808 + DirName: CN = x809 + DirName: CN = x810 + DirName: CN = x811 + DirName: CN = x812 + DirName: CN = x813 + DirName: CN = x814 + DirName: CN = x815 + DirName: CN = x816 + DirName: CN = x817 + DirName: CN = x818 + DirName: CN = x819 + DirName: CN = x820 + DirName: CN = x821 + DirName: CN = x822 + DirName: CN = x823 + DirName: CN = x824 + DirName: CN = x825 + DirName: CN = x826 + DirName: CN = x827 + DirName: CN = x828 + DirName: CN = x829 + DirName: CN = x830 + DirName: CN = x831 + DirName: CN = x832 + DirName: CN = x833 + DirName: CN = x834 + DirName: CN = x835 + DirName: CN = x836 + DirName: CN = x837 + DirName: CN = x838 + DirName: CN = x839 + DirName: CN = x840 + DirName: CN = x841 + DirName: CN = x842 + DirName: CN = x843 + DirName: CN = x844 + DirName: CN = x845 + DirName: CN = x846 + DirName: CN = x847 + DirName: CN = x848 + DirName: CN = x849 + DirName: CN = x850 + DirName: CN = x851 + DirName: CN = x852 + DirName: CN = x853 + DirName: CN = x854 + DirName: CN = x855 + DirName: CN = x856 + DirName: CN = x857 + DirName: CN = x858 + DirName: CN = x859 + DirName: CN = x860 + DirName: CN = x861 + DirName: CN = x862 + DirName: CN = x863 + DirName: CN = x864 + DirName: CN = x865 + DirName: CN = x866 + DirName: CN = x867 + DirName: CN = x868 + DirName: CN = x869 + DirName: CN = x870 + DirName: CN = x871 + DirName: CN = x872 + DirName: CN = x873 + DirName: CN = x874 + DirName: CN = x875 + DirName: CN = x876 + DirName: CN = x877 + DirName: CN = x878 + DirName: CN = x879 + DirName: CN = x880 + DirName: CN = x881 + DirName: CN = x882 + DirName: CN = x883 + DirName: CN = x884 + DirName: CN = x885 + DirName: CN = x886 + DirName: CN = x887 + DirName: CN = x888 + DirName: CN = x889 + DirName: CN = x890 + DirName: CN = x891 + DirName: CN = x892 + DirName: CN = x893 + DirName: CN = x894 + DirName: CN = x895 + DirName: CN = x896 + DirName: CN = x897 + DirName: CN = x898 + DirName: CN = x899 + DirName: CN = x900 + DirName: CN = x901 + DirName: CN = x902 + DirName: CN = x903 + DirName: CN = x904 + DirName: CN = x905 + DirName: CN = x906 + DirName: CN = x907 + DirName: CN = x908 + DirName: CN = x909 + DirName: CN = x910 + DirName: CN = x911 + DirName: CN = x912 + DirName: CN = x913 + DirName: CN = x914 + DirName: CN = x915 + DirName: CN = x916 + DirName: CN = x917 + DirName: CN = x918 + DirName: CN = x919 + DirName: CN = x920 + DirName: CN = x921 + DirName: CN = x922 + DirName: CN = x923 + DirName: CN = x924 + DirName: CN = x925 + DirName: CN = x926 + DirName: CN = x927 + DirName: CN = x928 + DirName: CN = x929 + DirName: CN = x930 + DirName: CN = x931 + DirName: CN = x932 + DirName: CN = x933 + DirName: CN = x934 + DirName: CN = x935 + DirName: CN = x936 + DirName: CN = x937 + DirName: CN = x938 + DirName: CN = x939 + DirName: CN = x940 + DirName: CN = x941 + DirName: CN = x942 + DirName: CN = x943 + DirName: CN = x944 + DirName: CN = x945 + DirName: CN = x946 + DirName: CN = x947 + DirName: CN = x948 + DirName: CN = x949 + DirName: CN = x950 + DirName: CN = x951 + DirName: CN = x952 + DirName: CN = x953 + DirName: CN = x954 + DirName: CN = x955 + DirName: CN = x956 + DirName: CN = x957 + DirName: CN = x958 + DirName: CN = x959 + DirName: CN = x960 + DirName: CN = x961 + DirName: CN = x962 + DirName: CN = x963 + DirName: CN = x964 + DirName: CN = x965 + DirName: CN = x966 + DirName: CN = x967 + DirName: CN = x968 + DirName: CN = x969 + DirName: CN = x970 + DirName: CN = x971 + DirName: CN = x972 + DirName: CN = x973 + DirName: CN = x974 + DirName: CN = x975 + DirName: CN = x976 + DirName: CN = x977 + DirName: CN = x978 + DirName: CN = x979 + DirName: CN = x980 + DirName: CN = x981 + DirName: CN = x982 + DirName: CN = x983 + DirName: CN = x984 + DirName: CN = x985 + DirName: CN = x986 + DirName: CN = x987 + DirName: CN = x988 + DirName: CN = x989 + DirName: CN = x990 + DirName: CN = x991 + DirName: CN = x992 + DirName: CN = x993 + DirName: CN = x994 + DirName: CN = x995 + DirName: CN = x996 + DirName: CN = x997 + DirName: CN = x998 + DirName: CN = x999 + DirName: CN = x1000 + DirName: CN = x1001 + DirName: CN = x1002 + DirName: CN = x1003 + DirName: CN = x1004 + DirName: CN = x1005 + DirName: CN = x1006 + DirName: CN = x1007 + DirName: CN = x1008 + DirName: CN = x1009 + DirName: CN = x1010 + DirName: CN = x1011 + DirName: CN = x1012 + DirName: CN = x1013 + DirName: CN = x1014 + DirName: CN = x1015 + DirName: CN = x1016 + DirName: CN = x1017 + DirName: CN = x1018 + DirName: CN = x1019 + DirName: CN = x1020 + DirName: CN = x1021 + DirName: CN = x1022 + DirName: CN = x1023 + DirName: CN = x1024 + + Signature Algorithm: sha256WithRSAEncryption + 75:8f:ad:5f:a0:8c:a2:05:18:d8:98:a6:c5:1d:7c:b9:11:f4: + 14:6a:24:56:21:11:98:c7:df:0c:12:6c:43:3d:45:54:de:10: + 14:e5:7b:c0:d8:77:64:c2:01:8b:f3:d0:10:d8:03:43:fe:f9: + 50:79:c6:91:34:38:77:bf:0e:09:7f:1f:7f:8f:50:9f:2a:f2: + 31:5b:37:0e:04:55:13:2b:1b:34:32:0e:8d:db:a8:ed:34:d0: + 6a:83:a0:f9:31:d1:5f:2d:58:07:29:25:d3:1c:de:f8:7a:ac: + 3d:a7:67:4a:4c:ea:e0:f9:0f:91:ff:d8:48:dc:11:ec:a8:23: + a1:e4:62:51:b0:93:f8:6d:63:0f:26:c4:aa:09:e7:30:85:94: + cc:22:2d:a6:c1:e1:5a:77:70:e2:be:50:67:2b:7a:85:8e:56: + 35:f7:59:89:70:6f:8a:fe:1c:bd:16:b5:85:22:0e:f2:1e:d0: + 00:5b:63:7f:5b:eb:1e:23:c0:d5:c6:c9:97:9d:9a:a7:f6:2b: + 8d:54:64:0b:f7:db:26:5e:08:b2:0c:8e:dc:df:1f:e9:92:3a: + f1:cb:89:d4:1f:46:45:9c:e8:0c:b2:6c:aa:9f:55:fc:cd:02: + fc:3c:82:9c:a5:79:f2:27:a6:a5:83:83:64:7f:02:d0:8c:f3: + 8f:32:a7:e1 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKGCU8AwEaQPMA0xCzAJBgNVBAMMAngwMBGkDzAN +MQswCQYDVQQDDAJ4MTARpA8wDTELMAkGA1UEAwwCeDIwEaQPMA0xCzAJBgNVBAMM +AngzMBGkDzANMQswCQYDVQQDDAJ4NDARpA8wDTELMAkGA1UEAwwCeDUwEaQPMA0x +CzAJBgNVBAMMAng2MBGkDzANMQswCQYDVQQDDAJ4NzARpA8wDTELMAkGA1UEAwwC +eDgwEaQPMA0xCzAJBgNVBAMMAng5MBKkEDAOMQwwCgYDVQQDDAN4MTAwEqQQMA4x +DDAKBgNVBAMMA3gxMTASpBAwDjEMMAoGA1UEAwwDeDEyMBKkEDAOMQwwCgYDVQQD +DAN4MTMwEqQQMA4xDDAKBgNVBAMMA3gxNDASpBAwDjEMMAoGA1UEAwwDeDE1MBKk +EDAOMQwwCgYDVQQDDAN4MTYwEqQQMA4xDDAKBgNVBAMMA3gxNzASpBAwDjEMMAoG +A1UEAwwDeDE4MBKkEDAOMQwwCgYDVQQDDAN4MTkwEqQQMA4xDDAKBgNVBAMMA3gy +MDASpBAwDjEMMAoGA1UEAwwDeDIxMBKkEDAOMQwwCgYDVQQDDAN4MjIwEqQQMA4x +DDAKBgNVBAMMA3gyMzASpBAwDjEMMAoGA1UEAwwDeDI0MBKkEDAOMQwwCgYDVQQD +DAN4MjUwEqQQMA4xDDAKBgNVBAMMA3gyNjASpBAwDjEMMAoGA1UEAwwDeDI3MBKk +EDAOMQwwCgYDVQQDDAN4MjgwEqQQMA4xDDAKBgNVBAMMA3gyOTASpBAwDjEMMAoG +A1UEAwwDeDMwMBKkEDAOMQwwCgYDVQQDDAN4MzEwEqQQMA4xDDAKBgNVBAMMA3gz +MjASpBAwDjEMMAoGA1UEAwwDeDMzMBKkEDAOMQwwCgYDVQQDDAN4MzQwEqQQMA4x +DDAKBgNVBAMMA3gzNTASpBAwDjEMMAoGA1UEAwwDeDM2MBKkEDAOMQwwCgYDVQQD +DAN4MzcwEqQQMA4xDDAKBgNVBAMMA3gzODASpBAwDjEMMAoGA1UEAwwDeDM5MBKk +EDAOMQwwCgYDVQQDDAN4NDAwEqQQMA4xDDAKBgNVBAMMA3g0MTASpBAwDjEMMAoG +A1UEAwwDeDQyMBKkEDAOMQwwCgYDVQQDDAN4NDMwEqQQMA4xDDAKBgNVBAMMA3g0 +NDASpBAwDjEMMAoGA1UEAwwDeDQ1MBKkEDAOMQwwCgYDVQQDDAN4NDYwEqQQMA4x +DDAKBgNVBAMMA3g0NzASpBAwDjEMMAoGA1UEAwwDeDQ4MBKkEDAOMQwwCgYDVQQD +DAN4NDkwEqQQMA4xDDAKBgNVBAMMA3g1MDASpBAwDjEMMAoGA1UEAwwDeDUxMBKk +EDAOMQwwCgYDVQQDDAN4NTIwEqQQMA4xDDAKBgNVBAMMA3g1MzASpBAwDjEMMAoG +A1UEAwwDeDU0MBKkEDAOMQwwCgYDVQQDDAN4NTUwEqQQMA4xDDAKBgNVBAMMA3g1 +NjASpBAwDjEMMAoGA1UEAwwDeDU3MBKkEDAOMQwwCgYDVQQDDAN4NTgwEqQQMA4x +DDAKBgNVBAMMA3g1OTASpBAwDjEMMAoGA1UEAwwDeDYwMBKkEDAOMQwwCgYDVQQD +DAN4NjEwEqQQMA4xDDAKBgNVBAMMA3g2MjASpBAwDjEMMAoGA1UEAwwDeDYzMBKk +EDAOMQwwCgYDVQQDDAN4NjQwEqQQMA4xDDAKBgNVBAMMA3g2NTASpBAwDjEMMAoG +A1UEAwwDeDY2MBKkEDAOMQwwCgYDVQQDDAN4NjcwEqQQMA4xDDAKBgNVBAMMA3g2 +ODASpBAwDjEMMAoGA1UEAwwDeDY5MBKkEDAOMQwwCgYDVQQDDAN4NzAwEqQQMA4x +DDAKBgNVBAMMA3g3MTASpBAwDjEMMAoGA1UEAwwDeDcyMBKkEDAOMQwwCgYDVQQD +DAN4NzMwEqQQMA4xDDAKBgNVBAMMA3g3NDASpBAwDjEMMAoGA1UEAwwDeDc1MBKk +EDAOMQwwCgYDVQQDDAN4NzYwEqQQMA4xDDAKBgNVBAMMA3g3NzASpBAwDjEMMAoG +A1UEAwwDeDc4MBKkEDAOMQwwCgYDVQQDDAN4NzkwEqQQMA4xDDAKBgNVBAMMA3g4 +MDASpBAwDjEMMAoGA1UEAwwDeDgxMBKkEDAOMQwwCgYDVQQDDAN4ODIwEqQQMA4x +DDAKBgNVBAMMA3g4MzASpBAwDjEMMAoGA1UEAwwDeDg0MBKkEDAOMQwwCgYDVQQD +DAN4ODUwEqQQMA4xDDAKBgNVBAMMA3g4NjASpBAwDjEMMAoGA1UEAwwDeDg3MBKk +EDAOMQwwCgYDVQQDDAN4ODgwEqQQMA4xDDAKBgNVBAMMA3g4OTASpBAwDjEMMAoG +A1UEAwwDeDkwMBKkEDAOMQwwCgYDVQQDDAN4OTEwEqQQMA4xDDAKBgNVBAMMA3g5 +MjASpBAwDjEMMAoGA1UEAwwDeDkzMBKkEDAOMQwwCgYDVQQDDAN4OTQwEqQQMA4x +DDAKBgNVBAMMA3g5NTASpBAwDjEMMAoGA1UEAwwDeDk2MBKkEDAOMQwwCgYDVQQD +DAN4OTcwEqQQMA4xDDAKBgNVBAMMA3g5ODASpBAwDjEMMAoGA1UEAwwDeDk5MBOk +ETAPMQ0wCwYDVQQDDAR4MTAwMBOkETAPMQ0wCwYDVQQDDAR4MTAxMBOkETAPMQ0w +CwYDVQQDDAR4MTAyMBOkETAPMQ0wCwYDVQQDDAR4MTAzMBOkETAPMQ0wCwYDVQQD +DAR4MTA0MBOkETAPMQ0wCwYDVQQDDAR4MTA1MBOkETAPMQ0wCwYDVQQDDAR4MTA2 +MBOkETAPMQ0wCwYDVQQDDAR4MTA3MBOkETAPMQ0wCwYDVQQDDAR4MTA4MBOkETAP +MQ0wCwYDVQQDDAR4MTA5MBOkETAPMQ0wCwYDVQQDDAR4MTEwMBOkETAPMQ0wCwYD +VQQDDAR4MTExMBOkETAPMQ0wCwYDVQQDDAR4MTEyMBOkETAPMQ0wCwYDVQQDDAR4 +MTEzMBOkETAPMQ0wCwYDVQQDDAR4MTE0MBOkETAPMQ0wCwYDVQQDDAR4MTE1MBOk +ETAPMQ0wCwYDVQQDDAR4MTE2MBOkETAPMQ0wCwYDVQQDDAR4MTE3MBOkETAPMQ0w +CwYDVQQDDAR4MTE4MBOkETAPMQ0wCwYDVQQDDAR4MTE5MBOkETAPMQ0wCwYDVQQD +DAR4MTIwMBOkETAPMQ0wCwYDVQQDDAR4MTIxMBOkETAPMQ0wCwYDVQQDDAR4MTIy +MBOkETAPMQ0wCwYDVQQDDAR4MTIzMBOkETAPMQ0wCwYDVQQDDAR4MTI0MBOkETAP +MQ0wCwYDVQQDDAR4MTI1MBOkETAPMQ0wCwYDVQQDDAR4MTI2MBOkETAPMQ0wCwYD +VQQDDAR4MTI3MBOkETAPMQ0wCwYDVQQDDAR4MTI4MBOkETAPMQ0wCwYDVQQDDAR4 +MTI5MBOkETAPMQ0wCwYDVQQDDAR4MTMwMBOkETAPMQ0wCwYDVQQDDAR4MTMxMBOk +ETAPMQ0wCwYDVQQDDAR4MTMyMBOkETAPMQ0wCwYDVQQDDAR4MTMzMBOkETAPMQ0w +CwYDVQQDDAR4MTM0MBOkETAPMQ0wCwYDVQQDDAR4MTM1MBOkETAPMQ0wCwYDVQQD +DAR4MTM2MBOkETAPMQ0wCwYDVQQDDAR4MTM3MBOkETAPMQ0wCwYDVQQDDAR4MTM4 +MBOkETAPMQ0wCwYDVQQDDAR4MTM5MBOkETAPMQ0wCwYDVQQDDAR4MTQwMBOkETAP +MQ0wCwYDVQQDDAR4MTQxMBOkETAPMQ0wCwYDVQQDDAR4MTQyMBOkETAPMQ0wCwYD +VQQDDAR4MTQzMBOkETAPMQ0wCwYDVQQDDAR4MTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR4MTQ2MBOkETAPMQ0wCwYDVQQDDAR4MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4MTQ4MBOkETAPMQ0wCwYDVQQDDAR4MTQ5MBOkETAPMQ0w +CwYDVQQDDAR4MTUwMBOkETAPMQ0wCwYDVQQDDAR4MTUxMBOkETAPMQ0wCwYDVQQD +DAR4MTUyMBOkETAPMQ0wCwYDVQQDDAR4MTUzMBOkETAPMQ0wCwYDVQQDDAR4MTU0 +MBOkETAPMQ0wCwYDVQQDDAR4MTU1MBOkETAPMQ0wCwYDVQQDDAR4MTU2MBOkETAP +MQ0wCwYDVQQDDAR4MTU3MBOkETAPMQ0wCwYDVQQDDAR4MTU4MBOkETAPMQ0wCwYD +VQQDDAR4MTU5MBOkETAPMQ0wCwYDVQQDDAR4MTYwMBOkETAPMQ0wCwYDVQQDDAR4 +MTYxMBOkETAPMQ0wCwYDVQQDDAR4MTYyMBOkETAPMQ0wCwYDVQQDDAR4MTYzMBOk +ETAPMQ0wCwYDVQQDDAR4MTY0MBOkETAPMQ0wCwYDVQQDDAR4MTY1MBOkETAPMQ0w +CwYDVQQDDAR4MTY2MBOkETAPMQ0wCwYDVQQDDAR4MTY3MBOkETAPMQ0wCwYDVQQD +DAR4MTY4MBOkETAPMQ0wCwYDVQQDDAR4MTY5MBOkETAPMQ0wCwYDVQQDDAR4MTcw +MBOkETAPMQ0wCwYDVQQDDAR4MTcxMBOkETAPMQ0wCwYDVQQDDAR4MTcyMBOkETAP +MQ0wCwYDVQQDDAR4MTczMBOkETAPMQ0wCwYDVQQDDAR4MTc0MBOkETAPMQ0wCwYD +VQQDDAR4MTc1MBOkETAPMQ0wCwYDVQQDDAR4MTc2MBOkETAPMQ0wCwYDVQQDDAR4 +MTc3MBOkETAPMQ0wCwYDVQQDDAR4MTc4MBOkETAPMQ0wCwYDVQQDDAR4MTc5MBOk +ETAPMQ0wCwYDVQQDDAR4MTgwMBOkETAPMQ0wCwYDVQQDDAR4MTgxMBOkETAPMQ0w +CwYDVQQDDAR4MTgyMBOkETAPMQ0wCwYDVQQDDAR4MTgzMBOkETAPMQ0wCwYDVQQD +DAR4MTg0MBOkETAPMQ0wCwYDVQQDDAR4MTg1MBOkETAPMQ0wCwYDVQQDDAR4MTg2 +MBOkETAPMQ0wCwYDVQQDDAR4MTg3MBOkETAPMQ0wCwYDVQQDDAR4MTg4MBOkETAP +MQ0wCwYDVQQDDAR4MTg5MBOkETAPMQ0wCwYDVQQDDAR4MTkwMBOkETAPMQ0wCwYD +VQQDDAR4MTkxMBOkETAPMQ0wCwYDVQQDDAR4MTkyMBOkETAPMQ0wCwYDVQQDDAR4 +MTkzMBOkETAPMQ0wCwYDVQQDDAR4MTk0MBOkETAPMQ0wCwYDVQQDDAR4MTk1MBOk +ETAPMQ0wCwYDVQQDDAR4MTk2MBOkETAPMQ0wCwYDVQQDDAR4MTk3MBOkETAPMQ0w +CwYDVQQDDAR4MTk4MBOkETAPMQ0wCwYDVQQDDAR4MTk5MBOkETAPMQ0wCwYDVQQD +DAR4MjAwMBOkETAPMQ0wCwYDVQQDDAR4MjAxMBOkETAPMQ0wCwYDVQQDDAR4MjAy +MBOkETAPMQ0wCwYDVQQDDAR4MjAzMBOkETAPMQ0wCwYDVQQDDAR4MjA0MBOkETAP +MQ0wCwYDVQQDDAR4MjA1MBOkETAPMQ0wCwYDVQQDDAR4MjA2MBOkETAPMQ0wCwYD +VQQDDAR4MjA3MBOkETAPMQ0wCwYDVQQDDAR4MjA4MBOkETAPMQ0wCwYDVQQDDAR4 +MjA5MBOkETAPMQ0wCwYDVQQDDAR4MjEwMBOkETAPMQ0wCwYDVQQDDAR4MjExMBOk +ETAPMQ0wCwYDVQQDDAR4MjEyMBOkETAPMQ0wCwYDVQQDDAR4MjEzMBOkETAPMQ0w +CwYDVQQDDAR4MjE0MBOkETAPMQ0wCwYDVQQDDAR4MjE1MBOkETAPMQ0wCwYDVQQD +DAR4MjE2MBOkETAPMQ0wCwYDVQQDDAR4MjE3MBOkETAPMQ0wCwYDVQQDDAR4MjE4 +MBOkETAPMQ0wCwYDVQQDDAR4MjE5MBOkETAPMQ0wCwYDVQQDDAR4MjIwMBOkETAP +MQ0wCwYDVQQDDAR4MjIxMBOkETAPMQ0wCwYDVQQDDAR4MjIyMBOkETAPMQ0wCwYD +VQQDDAR4MjIzMBOkETAPMQ0wCwYDVQQDDAR4MjI0MBOkETAPMQ0wCwYDVQQDDAR4 +MjI1MBOkETAPMQ0wCwYDVQQDDAR4MjI2MBOkETAPMQ0wCwYDVQQDDAR4MjI3MBOk +ETAPMQ0wCwYDVQQDDAR4MjI4MBOkETAPMQ0wCwYDVQQDDAR4MjI5MBOkETAPMQ0w +CwYDVQQDDAR4MjMwMBOkETAPMQ0wCwYDVQQDDAR4MjMxMBOkETAPMQ0wCwYDVQQD +DAR4MjMyMBOkETAPMQ0wCwYDVQQDDAR4MjMzMBOkETAPMQ0wCwYDVQQDDAR4MjM0 +MBOkETAPMQ0wCwYDVQQDDAR4MjM1MBOkETAPMQ0wCwYDVQQDDAR4MjM2MBOkETAP +MQ0wCwYDVQQDDAR4MjM3MBOkETAPMQ0wCwYDVQQDDAR4MjM4MBOkETAPMQ0wCwYD +VQQDDAR4MjM5MBOkETAPMQ0wCwYDVQQDDAR4MjQwMBOkETAPMQ0wCwYDVQQDDAR4 +MjQxMBOkETAPMQ0wCwYDVQQDDAR4MjQyMBOkETAPMQ0wCwYDVQQDDAR4MjQzMBOk +ETAPMQ0wCwYDVQQDDAR4MjQ0MBOkETAPMQ0wCwYDVQQDDAR4MjQ1MBOkETAPMQ0w +CwYDVQQDDAR4MjQ2MBOkETAPMQ0wCwYDVQQDDAR4MjQ3MBOkETAPMQ0wCwYDVQQD +DAR4MjQ4MBOkETAPMQ0wCwYDVQQDDAR4MjQ5MBOkETAPMQ0wCwYDVQQDDAR4MjUw +MBOkETAPMQ0wCwYDVQQDDAR4MjUxMBOkETAPMQ0wCwYDVQQDDAR4MjUyMBOkETAP +MQ0wCwYDVQQDDAR4MjUzMBOkETAPMQ0wCwYDVQQDDAR4MjU0MBOkETAPMQ0wCwYD +VQQDDAR4MjU1MBOkETAPMQ0wCwYDVQQDDAR4MjU2MBOkETAPMQ0wCwYDVQQDDAR4 +MjU3MBOkETAPMQ0wCwYDVQQDDAR4MjU4MBOkETAPMQ0wCwYDVQQDDAR4MjU5MBOk +ETAPMQ0wCwYDVQQDDAR4MjYwMBOkETAPMQ0wCwYDVQQDDAR4MjYxMBOkETAPMQ0w +CwYDVQQDDAR4MjYyMBOkETAPMQ0wCwYDVQQDDAR4MjYzMBOkETAPMQ0wCwYDVQQD +DAR4MjY0MBOkETAPMQ0wCwYDVQQDDAR4MjY1MBOkETAPMQ0wCwYDVQQDDAR4MjY2 +MBOkETAPMQ0wCwYDVQQDDAR4MjY3MBOkETAPMQ0wCwYDVQQDDAR4MjY4MBOkETAP +MQ0wCwYDVQQDDAR4MjY5MBOkETAPMQ0wCwYDVQQDDAR4MjcwMBOkETAPMQ0wCwYD +VQQDDAR4MjcxMBOkETAPMQ0wCwYDVQQDDAR4MjcyMBOkETAPMQ0wCwYDVQQDDAR4 +MjczMBOkETAPMQ0wCwYDVQQDDAR4Mjc0MBOkETAPMQ0wCwYDVQQDDAR4Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR4Mjc2MBOkETAPMQ0wCwYDVQQDDAR4Mjc3MBOkETAPMQ0w +CwYDVQQDDAR4Mjc4MBOkETAPMQ0wCwYDVQQDDAR4Mjc5MBOkETAPMQ0wCwYDVQQD +DAR4MjgwMBOkETAPMQ0wCwYDVQQDDAR4MjgxMBOkETAPMQ0wCwYDVQQDDAR4Mjgy +MBOkETAPMQ0wCwYDVQQDDAR4MjgzMBOkETAPMQ0wCwYDVQQDDAR4Mjg0MBOkETAP +MQ0wCwYDVQQDDAR4Mjg1MBOkETAPMQ0wCwYDVQQDDAR4Mjg2MBOkETAPMQ0wCwYD +VQQDDAR4Mjg3MBOkETAPMQ0wCwYDVQQDDAR4Mjg4MBOkETAPMQ0wCwYDVQQDDAR4 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR4MjkwMBOkETAPMQ0wCwYDVQQDDAR4MjkxMBOk +ETAPMQ0wCwYDVQQDDAR4MjkyMBOkETAPMQ0wCwYDVQQDDAR4MjkzMBOkETAPMQ0w +CwYDVQQDDAR4Mjk0MBOkETAPMQ0wCwYDVQQDDAR4Mjk1MBOkETAPMQ0wCwYDVQQD +DAR4Mjk2MBOkETAPMQ0wCwYDVQQDDAR4Mjk3MBOkETAPMQ0wCwYDVQQDDAR4Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR4Mjk5MBOkETAPMQ0wCwYDVQQDDAR4MzAwMBOkETAP +MQ0wCwYDVQQDDAR4MzAxMBOkETAPMQ0wCwYDVQQDDAR4MzAyMBOkETAPMQ0wCwYD +VQQDDAR4MzAzMBOkETAPMQ0wCwYDVQQDDAR4MzA0MBOkETAPMQ0wCwYDVQQDDAR4 +MzA1MBOkETAPMQ0wCwYDVQQDDAR4MzA2MBOkETAPMQ0wCwYDVQQDDAR4MzA3MBOk +ETAPMQ0wCwYDVQQDDAR4MzA4MBOkETAPMQ0wCwYDVQQDDAR4MzA5MBOkETAPMQ0w +CwYDVQQDDAR4MzEwMBOkETAPMQ0wCwYDVQQDDAR4MzExMBOkETAPMQ0wCwYDVQQD +DAR4MzEyMBOkETAPMQ0wCwYDVQQDDAR4MzEzMBOkETAPMQ0wCwYDVQQDDAR4MzE0 +MBOkETAPMQ0wCwYDVQQDDAR4MzE1MBOkETAPMQ0wCwYDVQQDDAR4MzE2MBOkETAP +MQ0wCwYDVQQDDAR4MzE3MBOkETAPMQ0wCwYDVQQDDAR4MzE4MBOkETAPMQ0wCwYD +VQQDDAR4MzE5MBOkETAPMQ0wCwYDVQQDDAR4MzIwMBOkETAPMQ0wCwYDVQQDDAR4 +MzIxMBOkETAPMQ0wCwYDVQQDDAR4MzIyMBOkETAPMQ0wCwYDVQQDDAR4MzIzMBOk +ETAPMQ0wCwYDVQQDDAR4MzI0MBOkETAPMQ0wCwYDVQQDDAR4MzI1MBOkETAPMQ0w +CwYDVQQDDAR4MzI2MBOkETAPMQ0wCwYDVQQDDAR4MzI3MBOkETAPMQ0wCwYDVQQD +DAR4MzI4MBOkETAPMQ0wCwYDVQQDDAR4MzI5MBOkETAPMQ0wCwYDVQQDDAR4MzMw +MBOkETAPMQ0wCwYDVQQDDAR4MzMxMBOkETAPMQ0wCwYDVQQDDAR4MzMyMBOkETAP +MQ0wCwYDVQQDDAR4MzMzMBOkETAPMQ0wCwYDVQQDDAR4MzM0MBOkETAPMQ0wCwYD +VQQDDAR4MzM1MBOkETAPMQ0wCwYDVQQDDAR4MzM2MBOkETAPMQ0wCwYDVQQDDAR4 +MzM3MBOkETAPMQ0wCwYDVQQDDAR4MzM4MBOkETAPMQ0wCwYDVQQDDAR4MzM5MBOk +ETAPMQ0wCwYDVQQDDAR4MzQwMBOkETAPMQ0wCwYDVQQDDAR4MzQxMBOkETAPMQ0w +CwYDVQQDDAR4MzQyMBOkETAPMQ0wCwYDVQQDDAR4MzQzMBOkETAPMQ0wCwYDVQQD +DAR4MzQ0MBOkETAPMQ0wCwYDVQQDDAR4MzQ1MBOkETAPMQ0wCwYDVQQDDAR4MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4MzQ3MBOkETAPMQ0wCwYDVQQDDAR4MzQ4MBOkETAP +MQ0wCwYDVQQDDAR4MzQ5MBOkETAPMQ0wCwYDVQQDDAR4MzUwMBOkETAPMQ0wCwYD +VQQDDAR4MzUxMBOkETAPMQ0wCwYDVQQDDAR4MzUyMBOkETAPMQ0wCwYDVQQDDAR4 +MzUzMBOkETAPMQ0wCwYDVQQDDAR4MzU0MBOkETAPMQ0wCwYDVQQDDAR4MzU1MBOk +ETAPMQ0wCwYDVQQDDAR4MzU2MBOkETAPMQ0wCwYDVQQDDAR4MzU3MBOkETAPMQ0w +CwYDVQQDDAR4MzU4MBOkETAPMQ0wCwYDVQQDDAR4MzU5MBOkETAPMQ0wCwYDVQQD +DAR4MzYwMBOkETAPMQ0wCwYDVQQDDAR4MzYxMBOkETAPMQ0wCwYDVQQDDAR4MzYy +MBOkETAPMQ0wCwYDVQQDDAR4MzYzMBOkETAPMQ0wCwYDVQQDDAR4MzY0MBOkETAP +MQ0wCwYDVQQDDAR4MzY1MBOkETAPMQ0wCwYDVQQDDAR4MzY2MBOkETAPMQ0wCwYD +VQQDDAR4MzY3MBOkETAPMQ0wCwYDVQQDDAR4MzY4MBOkETAPMQ0wCwYDVQQDDAR4 +MzY5MBOkETAPMQ0wCwYDVQQDDAR4MzcwMBOkETAPMQ0wCwYDVQQDDAR4MzcxMBOk +ETAPMQ0wCwYDVQQDDAR4MzcyMBOkETAPMQ0wCwYDVQQDDAR4MzczMBOkETAPMQ0w +CwYDVQQDDAR4Mzc0MBOkETAPMQ0wCwYDVQQDDAR4Mzc1MBOkETAPMQ0wCwYDVQQD +DAR4Mzc2MBOkETAPMQ0wCwYDVQQDDAR4Mzc3MBOkETAPMQ0wCwYDVQQDDAR4Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Mzc5MBOkETAPMQ0wCwYDVQQDDAR4MzgwMBOkETAP +MQ0wCwYDVQQDDAR4MzgxMBOkETAPMQ0wCwYDVQQDDAR4MzgyMBOkETAPMQ0wCwYD +VQQDDAR4MzgzMBOkETAPMQ0wCwYDVQQDDAR4Mzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR4Mzg2MBOkETAPMQ0wCwYDVQQDDAR4Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Mzg4MBOkETAPMQ0wCwYDVQQDDAR4Mzg5MBOkETAPMQ0w +CwYDVQQDDAR4MzkwMBOkETAPMQ0wCwYDVQQDDAR4MzkxMBOkETAPMQ0wCwYDVQQD +DAR4MzkyMBOkETAPMQ0wCwYDVQQDDAR4MzkzMBOkETAPMQ0wCwYDVQQDDAR4Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Mzk1MBOkETAPMQ0wCwYDVQQDDAR4Mzk2MBOkETAP +MQ0wCwYDVQQDDAR4Mzk3MBOkETAPMQ0wCwYDVQQDDAR4Mzk4MBOkETAPMQ0wCwYD +VQQDDAR4Mzk5MBOkETAPMQ0wCwYDVQQDDAR4NDAwMBOkETAPMQ0wCwYDVQQDDAR4 +NDAxMBOkETAPMQ0wCwYDVQQDDAR4NDAyMBOkETAPMQ0wCwYDVQQDDAR4NDAzMBOk +ETAPMQ0wCwYDVQQDDAR4NDA0MBOkETAPMQ0wCwYDVQQDDAR4NDA1MBOkETAPMQ0w +CwYDVQQDDAR4NDA2MBOkETAPMQ0wCwYDVQQDDAR4NDA3MBOkETAPMQ0wCwYDVQQD +DAR4NDA4MBOkETAPMQ0wCwYDVQQDDAR4NDA5MBOkETAPMQ0wCwYDVQQDDAR4NDEw +MBOkETAPMQ0wCwYDVQQDDAR4NDExMBOkETAPMQ0wCwYDVQQDDAR4NDEyMBOkETAP +MQ0wCwYDVQQDDAR4NDEzMBOkETAPMQ0wCwYDVQQDDAR4NDE0MBOkETAPMQ0wCwYD +VQQDDAR4NDE1MBOkETAPMQ0wCwYDVQQDDAR4NDE2MBOkETAPMQ0wCwYDVQQDDAR4 +NDE3MBOkETAPMQ0wCwYDVQQDDAR4NDE4MBOkETAPMQ0wCwYDVQQDDAR4NDE5MBOk +ETAPMQ0wCwYDVQQDDAR4NDIwMBOkETAPMQ0wCwYDVQQDDAR4NDIxMBOkETAPMQ0w +CwYDVQQDDAR4NDIyMBOkETAPMQ0wCwYDVQQDDAR4NDIzMBOkETAPMQ0wCwYDVQQD +DAR4NDI0MBOkETAPMQ0wCwYDVQQDDAR4NDI1MBOkETAPMQ0wCwYDVQQDDAR4NDI2 +MBOkETAPMQ0wCwYDVQQDDAR4NDI3MBOkETAPMQ0wCwYDVQQDDAR4NDI4MBOkETAP +MQ0wCwYDVQQDDAR4NDI5MBOkETAPMQ0wCwYDVQQDDAR4NDMwMBOkETAPMQ0wCwYD +VQQDDAR4NDMxMBOkETAPMQ0wCwYDVQQDDAR4NDMyMBOkETAPMQ0wCwYDVQQDDAR4 +NDMzMBOkETAPMQ0wCwYDVQQDDAR4NDM0MBOkETAPMQ0wCwYDVQQDDAR4NDM1MBOk +ETAPMQ0wCwYDVQQDDAR4NDM2MBOkETAPMQ0wCwYDVQQDDAR4NDM3MBOkETAPMQ0w +CwYDVQQDDAR4NDM4MBOkETAPMQ0wCwYDVQQDDAR4NDM5MBOkETAPMQ0wCwYDVQQD +DAR4NDQwMBOkETAPMQ0wCwYDVQQDDAR4NDQxMBOkETAPMQ0wCwYDVQQDDAR4NDQy +MBOkETAPMQ0wCwYDVQQDDAR4NDQzMBOkETAPMQ0wCwYDVQQDDAR4NDQ0MBOkETAP +MQ0wCwYDVQQDDAR4NDQ1MBOkETAPMQ0wCwYDVQQDDAR4NDQ2MBOkETAPMQ0wCwYD +VQQDDAR4NDQ3MBOkETAPMQ0wCwYDVQQDDAR4NDQ4MBOkETAPMQ0wCwYDVQQDDAR4 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR4NDUwMBOkETAPMQ0wCwYDVQQDDAR4NDUxMBOk +ETAPMQ0wCwYDVQQDDAR4NDUyMBOkETAPMQ0wCwYDVQQDDAR4NDUzMBOkETAPMQ0w +CwYDVQQDDAR4NDU0MBOkETAPMQ0wCwYDVQQDDAR4NDU1MBOkETAPMQ0wCwYDVQQD +DAR4NDU2MBOkETAPMQ0wCwYDVQQDDAR4NDU3MBOkETAPMQ0wCwYDVQQDDAR4NDU4 +MBOkETAPMQ0wCwYDVQQDDAR4NDU5MBOkETAPMQ0wCwYDVQQDDAR4NDYwMBOkETAP +MQ0wCwYDVQQDDAR4NDYxMBOkETAPMQ0wCwYDVQQDDAR4NDYyMBOkETAPMQ0wCwYD +VQQDDAR4NDYzMBOkETAPMQ0wCwYDVQQDDAR4NDY0MBOkETAPMQ0wCwYDVQQDDAR4 +NDY1MBOkETAPMQ0wCwYDVQQDDAR4NDY2MBOkETAPMQ0wCwYDVQQDDAR4NDY3MBOk +ETAPMQ0wCwYDVQQDDAR4NDY4MBOkETAPMQ0wCwYDVQQDDAR4NDY5MBOkETAPMQ0w +CwYDVQQDDAR4NDcwMBOkETAPMQ0wCwYDVQQDDAR4NDcxMBOkETAPMQ0wCwYDVQQD +DAR4NDcyMBOkETAPMQ0wCwYDVQQDDAR4NDczMBOkETAPMQ0wCwYDVQQDDAR4NDc0 +MBOkETAPMQ0wCwYDVQQDDAR4NDc1MBOkETAPMQ0wCwYDVQQDDAR4NDc2MBOkETAP +MQ0wCwYDVQQDDAR4NDc3MBOkETAPMQ0wCwYDVQQDDAR4NDc4MBOkETAPMQ0wCwYD +VQQDDAR4NDc5MBOkETAPMQ0wCwYDVQQDDAR4NDgwMBOkETAPMQ0wCwYDVQQDDAR4 +NDgxMBOkETAPMQ0wCwYDVQQDDAR4NDgyMBOkETAPMQ0wCwYDVQQDDAR4NDgzMBOk +ETAPMQ0wCwYDVQQDDAR4NDg0MBOkETAPMQ0wCwYDVQQDDAR4NDg1MBOkETAPMQ0w +CwYDVQQDDAR4NDg2MBOkETAPMQ0wCwYDVQQDDAR4NDg3MBOkETAPMQ0wCwYDVQQD +DAR4NDg4MBOkETAPMQ0wCwYDVQQDDAR4NDg5MBOkETAPMQ0wCwYDVQQDDAR4NDkw +MBOkETAPMQ0wCwYDVQQDDAR4NDkxMBOkETAPMQ0wCwYDVQQDDAR4NDkyMBOkETAP +MQ0wCwYDVQQDDAR4NDkzMBOkETAPMQ0wCwYDVQQDDAR4NDk0MBOkETAPMQ0wCwYD +VQQDDAR4NDk1MBOkETAPMQ0wCwYDVQQDDAR4NDk2MBOkETAPMQ0wCwYDVQQDDAR4 +NDk3MBOkETAPMQ0wCwYDVQQDDAR4NDk4MBOkETAPMQ0wCwYDVQQDDAR4NDk5MBOk +ETAPMQ0wCwYDVQQDDAR4NTAwMBOkETAPMQ0wCwYDVQQDDAR4NTAxMBOkETAPMQ0w +CwYDVQQDDAR4NTAyMBOkETAPMQ0wCwYDVQQDDAR4NTAzMBOkETAPMQ0wCwYDVQQD +DAR4NTA0MBOkETAPMQ0wCwYDVQQDDAR4NTA1MBOkETAPMQ0wCwYDVQQDDAR4NTA2 +MBOkETAPMQ0wCwYDVQQDDAR4NTA3MBOkETAPMQ0wCwYDVQQDDAR4NTA4MBOkETAP +MQ0wCwYDVQQDDAR4NTA5MBOkETAPMQ0wCwYDVQQDDAR4NTEwMBOkETAPMQ0wCwYD +VQQDDAR4NTExMBOkETAPMQ0wCwYDVQQDDAR4NTEyMBOkETAPMQ0wCwYDVQQDDAR4 +NTEzMBOkETAPMQ0wCwYDVQQDDAR4NTE0MBOkETAPMQ0wCwYDVQQDDAR4NTE1MBOk +ETAPMQ0wCwYDVQQDDAR4NTE2MBOkETAPMQ0wCwYDVQQDDAR4NTE3MBOkETAPMQ0w +CwYDVQQDDAR4NTE4MBOkETAPMQ0wCwYDVQQDDAR4NTE5MBOkETAPMQ0wCwYDVQQD +DAR4NTIwMBOkETAPMQ0wCwYDVQQDDAR4NTIxMBOkETAPMQ0wCwYDVQQDDAR4NTIy +MBOkETAPMQ0wCwYDVQQDDAR4NTIzMBOkETAPMQ0wCwYDVQQDDAR4NTI0MBOkETAP +MQ0wCwYDVQQDDAR4NTI1MBOkETAPMQ0wCwYDVQQDDAR4NTI2MBOkETAPMQ0wCwYD +VQQDDAR4NTI3MBOkETAPMQ0wCwYDVQQDDAR4NTI4MBOkETAPMQ0wCwYDVQQDDAR4 +NTI5MBOkETAPMQ0wCwYDVQQDDAR4NTMwMBOkETAPMQ0wCwYDVQQDDAR4NTMxMBOk +ETAPMQ0wCwYDVQQDDAR4NTMyMBOkETAPMQ0wCwYDVQQDDAR4NTMzMBOkETAPMQ0w +CwYDVQQDDAR4NTM0MBOkETAPMQ0wCwYDVQQDDAR4NTM1MBOkETAPMQ0wCwYDVQQD +DAR4NTM2MBOkETAPMQ0wCwYDVQQDDAR4NTM3MBOkETAPMQ0wCwYDVQQDDAR4NTM4 +MBOkETAPMQ0wCwYDVQQDDAR4NTM5MBOkETAPMQ0wCwYDVQQDDAR4NTQwMBOkETAP +MQ0wCwYDVQQDDAR4NTQxMBOkETAPMQ0wCwYDVQQDDAR4NTQyMBOkETAPMQ0wCwYD +VQQDDAR4NTQzMBOkETAPMQ0wCwYDVQQDDAR4NTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR4NTQ2MBOkETAPMQ0wCwYDVQQDDAR4NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4NTQ4MBOkETAPMQ0wCwYDVQQDDAR4NTQ5MBOkETAPMQ0w +CwYDVQQDDAR4NTUwMBOkETAPMQ0wCwYDVQQDDAR4NTUxMBOkETAPMQ0wCwYDVQQD +DAR4NTUyMBOkETAPMQ0wCwYDVQQDDAR4NTUzMBOkETAPMQ0wCwYDVQQDDAR4NTU0 +MBOkETAPMQ0wCwYDVQQDDAR4NTU1MBOkETAPMQ0wCwYDVQQDDAR4NTU2MBOkETAP +MQ0wCwYDVQQDDAR4NTU3MBOkETAPMQ0wCwYDVQQDDAR4NTU4MBOkETAPMQ0wCwYD +VQQDDAR4NTU5MBOkETAPMQ0wCwYDVQQDDAR4NTYwMBOkETAPMQ0wCwYDVQQDDAR4 +NTYxMBOkETAPMQ0wCwYDVQQDDAR4NTYyMBOkETAPMQ0wCwYDVQQDDAR4NTYzMBOk +ETAPMQ0wCwYDVQQDDAR4NTY0MBOkETAPMQ0wCwYDVQQDDAR4NTY1MBOkETAPMQ0w +CwYDVQQDDAR4NTY2MBOkETAPMQ0wCwYDVQQDDAR4NTY3MBOkETAPMQ0wCwYDVQQD +DAR4NTY4MBOkETAPMQ0wCwYDVQQDDAR4NTY5MBOkETAPMQ0wCwYDVQQDDAR4NTcw +MBOkETAPMQ0wCwYDVQQDDAR4NTcxMBOkETAPMQ0wCwYDVQQDDAR4NTcyMBOkETAP +MQ0wCwYDVQQDDAR4NTczMBOkETAPMQ0wCwYDVQQDDAR4NTc0MBOkETAPMQ0wCwYD +VQQDDAR4NTc1MBOkETAPMQ0wCwYDVQQDDAR4NTc2MBOkETAPMQ0wCwYDVQQDDAR4 +NTc3MBOkETAPMQ0wCwYDVQQDDAR4NTc4MBOkETAPMQ0wCwYDVQQDDAR4NTc5MBOk +ETAPMQ0wCwYDVQQDDAR4NTgwMBOkETAPMQ0wCwYDVQQDDAR4NTgxMBOkETAPMQ0w +CwYDVQQDDAR4NTgyMBOkETAPMQ0wCwYDVQQDDAR4NTgzMBOkETAPMQ0wCwYDVQQD +DAR4NTg0MBOkETAPMQ0wCwYDVQQDDAR4NTg1MBOkETAPMQ0wCwYDVQQDDAR4NTg2 +MBOkETAPMQ0wCwYDVQQDDAR4NTg3MBOkETAPMQ0wCwYDVQQDDAR4NTg4MBOkETAP +MQ0wCwYDVQQDDAR4NTg5MBOkETAPMQ0wCwYDVQQDDAR4NTkwMBOkETAPMQ0wCwYD +VQQDDAR4NTkxMBOkETAPMQ0wCwYDVQQDDAR4NTkyMBOkETAPMQ0wCwYDVQQDDAR4 +NTkzMBOkETAPMQ0wCwYDVQQDDAR4NTk0MBOkETAPMQ0wCwYDVQQDDAR4NTk1MBOk +ETAPMQ0wCwYDVQQDDAR4NTk2MBOkETAPMQ0wCwYDVQQDDAR4NTk3MBOkETAPMQ0w +CwYDVQQDDAR4NTk4MBOkETAPMQ0wCwYDVQQDDAR4NTk5MBOkETAPMQ0wCwYDVQQD +DAR4NjAwMBOkETAPMQ0wCwYDVQQDDAR4NjAxMBOkETAPMQ0wCwYDVQQDDAR4NjAy +MBOkETAPMQ0wCwYDVQQDDAR4NjAzMBOkETAPMQ0wCwYDVQQDDAR4NjA0MBOkETAP +MQ0wCwYDVQQDDAR4NjA1MBOkETAPMQ0wCwYDVQQDDAR4NjA2MBOkETAPMQ0wCwYD +VQQDDAR4NjA3MBOkETAPMQ0wCwYDVQQDDAR4NjA4MBOkETAPMQ0wCwYDVQQDDAR4 +NjA5MBOkETAPMQ0wCwYDVQQDDAR4NjEwMBOkETAPMQ0wCwYDVQQDDAR4NjExMBOk +ETAPMQ0wCwYDVQQDDAR4NjEyMBOkETAPMQ0wCwYDVQQDDAR4NjEzMBOkETAPMQ0w +CwYDVQQDDAR4NjE0MBOkETAPMQ0wCwYDVQQDDAR4NjE1MBOkETAPMQ0wCwYDVQQD +DAR4NjE2MBOkETAPMQ0wCwYDVQQDDAR4NjE3MBOkETAPMQ0wCwYDVQQDDAR4NjE4 +MBOkETAPMQ0wCwYDVQQDDAR4NjE5MBOkETAPMQ0wCwYDVQQDDAR4NjIwMBOkETAP +MQ0wCwYDVQQDDAR4NjIxMBOkETAPMQ0wCwYDVQQDDAR4NjIyMBOkETAPMQ0wCwYD +VQQDDAR4NjIzMBOkETAPMQ0wCwYDVQQDDAR4NjI0MBOkETAPMQ0wCwYDVQQDDAR4 +NjI1MBOkETAPMQ0wCwYDVQQDDAR4NjI2MBOkETAPMQ0wCwYDVQQDDAR4NjI3MBOk +ETAPMQ0wCwYDVQQDDAR4NjI4MBOkETAPMQ0wCwYDVQQDDAR4NjI5MBOkETAPMQ0w +CwYDVQQDDAR4NjMwMBOkETAPMQ0wCwYDVQQDDAR4NjMxMBOkETAPMQ0wCwYDVQQD +DAR4NjMyMBOkETAPMQ0wCwYDVQQDDAR4NjMzMBOkETAPMQ0wCwYDVQQDDAR4NjM0 +MBOkETAPMQ0wCwYDVQQDDAR4NjM1MBOkETAPMQ0wCwYDVQQDDAR4NjM2MBOkETAP +MQ0wCwYDVQQDDAR4NjM3MBOkETAPMQ0wCwYDVQQDDAR4NjM4MBOkETAPMQ0wCwYD +VQQDDAR4NjM5MBOkETAPMQ0wCwYDVQQDDAR4NjQwMBOkETAPMQ0wCwYDVQQDDAR4 +NjQxMBOkETAPMQ0wCwYDVQQDDAR4NjQyMBOkETAPMQ0wCwYDVQQDDAR4NjQzMBOk +ETAPMQ0wCwYDVQQDDAR4NjQ0MBOkETAPMQ0wCwYDVQQDDAR4NjQ1MBOkETAPMQ0w +CwYDVQQDDAR4NjQ2MBOkETAPMQ0wCwYDVQQDDAR4NjQ3MBOkETAPMQ0wCwYDVQQD +DAR4NjQ4MBOkETAPMQ0wCwYDVQQDDAR4NjQ5MBOkETAPMQ0wCwYDVQQDDAR4NjUw +MBOkETAPMQ0wCwYDVQQDDAR4NjUxMBOkETAPMQ0wCwYDVQQDDAR4NjUyMBOkETAP +MQ0wCwYDVQQDDAR4NjUzMBOkETAPMQ0wCwYDVQQDDAR4NjU0MBOkETAPMQ0wCwYD +VQQDDAR4NjU1MBOkETAPMQ0wCwYDVQQDDAR4NjU2MBOkETAPMQ0wCwYDVQQDDAR4 +NjU3MBOkETAPMQ0wCwYDVQQDDAR4NjU4MBOkETAPMQ0wCwYDVQQDDAR4NjU5MBOk +ETAPMQ0wCwYDVQQDDAR4NjYwMBOkETAPMQ0wCwYDVQQDDAR4NjYxMBOkETAPMQ0w +CwYDVQQDDAR4NjYyMBOkETAPMQ0wCwYDVQQDDAR4NjYzMBOkETAPMQ0wCwYDVQQD +DAR4NjY0MBOkETAPMQ0wCwYDVQQDDAR4NjY1MBOkETAPMQ0wCwYDVQQDDAR4NjY2 +MBOkETAPMQ0wCwYDVQQDDAR4NjY3MBOkETAPMQ0wCwYDVQQDDAR4NjY4MBOkETAP +MQ0wCwYDVQQDDAR4NjY5MBOkETAPMQ0wCwYDVQQDDAR4NjcwMBOkETAPMQ0wCwYD +VQQDDAR4NjcxMBOkETAPMQ0wCwYDVQQDDAR4NjcyMBOkETAPMQ0wCwYDVQQDDAR4 +NjczMBOkETAPMQ0wCwYDVQQDDAR4Njc0MBOkETAPMQ0wCwYDVQQDDAR4Njc1MBOk +ETAPMQ0wCwYDVQQDDAR4Njc2MBOkETAPMQ0wCwYDVQQDDAR4Njc3MBOkETAPMQ0w +CwYDVQQDDAR4Njc4MBOkETAPMQ0wCwYDVQQDDAR4Njc5MBOkETAPMQ0wCwYDVQQD +DAR4NjgwMBOkETAPMQ0wCwYDVQQDDAR4NjgxMBOkETAPMQ0wCwYDVQQDDAR4Njgy +MBOkETAPMQ0wCwYDVQQDDAR4NjgzMBOkETAPMQ0wCwYDVQQDDAR4Njg0MBOkETAP +MQ0wCwYDVQQDDAR4Njg1MBOkETAPMQ0wCwYDVQQDDAR4Njg2MBOkETAPMQ0wCwYD +VQQDDAR4Njg3MBOkETAPMQ0wCwYDVQQDDAR4Njg4MBOkETAPMQ0wCwYDVQQDDAR4 +Njg5MBOkETAPMQ0wCwYDVQQDDAR4NjkwMBOkETAPMQ0wCwYDVQQDDAR4NjkxMBOk +ETAPMQ0wCwYDVQQDDAR4NjkyMBOkETAPMQ0wCwYDVQQDDAR4NjkzMBOkETAPMQ0w +CwYDVQQDDAR4Njk0MBOkETAPMQ0wCwYDVQQDDAR4Njk1MBOkETAPMQ0wCwYDVQQD +DAR4Njk2MBOkETAPMQ0wCwYDVQQDDAR4Njk3MBOkETAPMQ0wCwYDVQQDDAR4Njk4 +MBOkETAPMQ0wCwYDVQQDDAR4Njk5MBOkETAPMQ0wCwYDVQQDDAR4NzAwMBOkETAP +MQ0wCwYDVQQDDAR4NzAxMBOkETAPMQ0wCwYDVQQDDAR4NzAyMBOkETAPMQ0wCwYD +VQQDDAR4NzAzMBOkETAPMQ0wCwYDVQQDDAR4NzA0MBOkETAPMQ0wCwYDVQQDDAR4 +NzA1MBOkETAPMQ0wCwYDVQQDDAR4NzA2MBOkETAPMQ0wCwYDVQQDDAR4NzA3MBOk +ETAPMQ0wCwYDVQQDDAR4NzA4MBOkETAPMQ0wCwYDVQQDDAR4NzA5MBOkETAPMQ0w +CwYDVQQDDAR4NzEwMBOkETAPMQ0wCwYDVQQDDAR4NzExMBOkETAPMQ0wCwYDVQQD +DAR4NzEyMBOkETAPMQ0wCwYDVQQDDAR4NzEzMBOkETAPMQ0wCwYDVQQDDAR4NzE0 +MBOkETAPMQ0wCwYDVQQDDAR4NzE1MBOkETAPMQ0wCwYDVQQDDAR4NzE2MBOkETAP +MQ0wCwYDVQQDDAR4NzE3MBOkETAPMQ0wCwYDVQQDDAR4NzE4MBOkETAPMQ0wCwYD +VQQDDAR4NzE5MBOkETAPMQ0wCwYDVQQDDAR4NzIwMBOkETAPMQ0wCwYDVQQDDAR4 +NzIxMBOkETAPMQ0wCwYDVQQDDAR4NzIyMBOkETAPMQ0wCwYDVQQDDAR4NzIzMBOk +ETAPMQ0wCwYDVQQDDAR4NzI0MBOkETAPMQ0wCwYDVQQDDAR4NzI1MBOkETAPMQ0w +CwYDVQQDDAR4NzI2MBOkETAPMQ0wCwYDVQQDDAR4NzI3MBOkETAPMQ0wCwYDVQQD +DAR4NzI4MBOkETAPMQ0wCwYDVQQDDAR4NzI5MBOkETAPMQ0wCwYDVQQDDAR4NzMw +MBOkETAPMQ0wCwYDVQQDDAR4NzMxMBOkETAPMQ0wCwYDVQQDDAR4NzMyMBOkETAP +MQ0wCwYDVQQDDAR4NzMzMBOkETAPMQ0wCwYDVQQDDAR4NzM0MBOkETAPMQ0wCwYD +VQQDDAR4NzM1MBOkETAPMQ0wCwYDVQQDDAR4NzM2MBOkETAPMQ0wCwYDVQQDDAR4 +NzM3MBOkETAPMQ0wCwYDVQQDDAR4NzM4MBOkETAPMQ0wCwYDVQQDDAR4NzM5MBOk +ETAPMQ0wCwYDVQQDDAR4NzQwMBOkETAPMQ0wCwYDVQQDDAR4NzQxMBOkETAPMQ0w +CwYDVQQDDAR4NzQyMBOkETAPMQ0wCwYDVQQDDAR4NzQzMBOkETAPMQ0wCwYDVQQD +DAR4NzQ0MBOkETAPMQ0wCwYDVQQDDAR4NzQ1MBOkETAPMQ0wCwYDVQQDDAR4NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR4NzQ3MBOkETAPMQ0wCwYDVQQDDAR4NzQ4MBOkETAP +MQ0wCwYDVQQDDAR4NzQ5MBOkETAPMQ0wCwYDVQQDDAR4NzUwMBOkETAPMQ0wCwYD +VQQDDAR4NzUxMBOkETAPMQ0wCwYDVQQDDAR4NzUyMBOkETAPMQ0wCwYDVQQDDAR4 +NzUzMBOkETAPMQ0wCwYDVQQDDAR4NzU0MBOkETAPMQ0wCwYDVQQDDAR4NzU1MBOk +ETAPMQ0wCwYDVQQDDAR4NzU2MBOkETAPMQ0wCwYDVQQDDAR4NzU3MBOkETAPMQ0w +CwYDVQQDDAR4NzU4MBOkETAPMQ0wCwYDVQQDDAR4NzU5MBOkETAPMQ0wCwYDVQQD +DAR4NzYwMBOkETAPMQ0wCwYDVQQDDAR4NzYxMBOkETAPMQ0wCwYDVQQDDAR4NzYy +MBOkETAPMQ0wCwYDVQQDDAR4NzYzMBOkETAPMQ0wCwYDVQQDDAR4NzY0MBOkETAP +MQ0wCwYDVQQDDAR4NzY1MBOkETAPMQ0wCwYDVQQDDAR4NzY2MBOkETAPMQ0wCwYD +VQQDDAR4NzY3MBOkETAPMQ0wCwYDVQQDDAR4NzY4MBOkETAPMQ0wCwYDVQQDDAR4 +NzY5MBOkETAPMQ0wCwYDVQQDDAR4NzcwMBOkETAPMQ0wCwYDVQQDDAR4NzcxMBOk +ETAPMQ0wCwYDVQQDDAR4NzcyMBOkETAPMQ0wCwYDVQQDDAR4NzczMBOkETAPMQ0w +CwYDVQQDDAR4Nzc0MBOkETAPMQ0wCwYDVQQDDAR4Nzc1MBOkETAPMQ0wCwYDVQQD +DAR4Nzc2MBOkETAPMQ0wCwYDVQQDDAR4Nzc3MBOkETAPMQ0wCwYDVQQDDAR4Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR4Nzc5MBOkETAPMQ0wCwYDVQQDDAR4NzgwMBOkETAP +MQ0wCwYDVQQDDAR4NzgxMBOkETAPMQ0wCwYDVQQDDAR4NzgyMBOkETAPMQ0wCwYD +VQQDDAR4NzgzMBOkETAPMQ0wCwYDVQQDDAR4Nzg0MBOkETAPMQ0wCwYDVQQDDAR4 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR4Nzg2MBOkETAPMQ0wCwYDVQQDDAR4Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR4Nzg4MBOkETAPMQ0wCwYDVQQDDAR4Nzg5MBOkETAPMQ0w +CwYDVQQDDAR4NzkwMBOkETAPMQ0wCwYDVQQDDAR4NzkxMBOkETAPMQ0wCwYDVQQD +DAR4NzkyMBOkETAPMQ0wCwYDVQQDDAR4NzkzMBOkETAPMQ0wCwYDVQQDDAR4Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR4Nzk1MBOkETAPMQ0wCwYDVQQDDAR4Nzk2MBOkETAP +MQ0wCwYDVQQDDAR4Nzk3MBOkETAPMQ0wCwYDVQQDDAR4Nzk4MBOkETAPMQ0wCwYD +VQQDDAR4Nzk5MBOkETAPMQ0wCwYDVQQDDAR4ODAwMBOkETAPMQ0wCwYDVQQDDAR4 +ODAxMBOkETAPMQ0wCwYDVQQDDAR4ODAyMBOkETAPMQ0wCwYDVQQDDAR4ODAzMBOk +ETAPMQ0wCwYDVQQDDAR4ODA0MBOkETAPMQ0wCwYDVQQDDAR4ODA1MBOkETAPMQ0w +CwYDVQQDDAR4ODA2MBOkETAPMQ0wCwYDVQQDDAR4ODA3MBOkETAPMQ0wCwYDVQQD +DAR4ODA4MBOkETAPMQ0wCwYDVQQDDAR4ODA5MBOkETAPMQ0wCwYDVQQDDAR4ODEw +MBOkETAPMQ0wCwYDVQQDDAR4ODExMBOkETAPMQ0wCwYDVQQDDAR4ODEyMBOkETAP +MQ0wCwYDVQQDDAR4ODEzMBOkETAPMQ0wCwYDVQQDDAR4ODE0MBOkETAPMQ0wCwYD +VQQDDAR4ODE1MBOkETAPMQ0wCwYDVQQDDAR4ODE2MBOkETAPMQ0wCwYDVQQDDAR4 +ODE3MBOkETAPMQ0wCwYDVQQDDAR4ODE4MBOkETAPMQ0wCwYDVQQDDAR4ODE5MBOk +ETAPMQ0wCwYDVQQDDAR4ODIwMBOkETAPMQ0wCwYDVQQDDAR4ODIxMBOkETAPMQ0w +CwYDVQQDDAR4ODIyMBOkETAPMQ0wCwYDVQQDDAR4ODIzMBOkETAPMQ0wCwYDVQQD +DAR4ODI0MBOkETAPMQ0wCwYDVQQDDAR4ODI1MBOkETAPMQ0wCwYDVQQDDAR4ODI2 +MBOkETAPMQ0wCwYDVQQDDAR4ODI3MBOkETAPMQ0wCwYDVQQDDAR4ODI4MBOkETAP +MQ0wCwYDVQQDDAR4ODI5MBOkETAPMQ0wCwYDVQQDDAR4ODMwMBOkETAPMQ0wCwYD +VQQDDAR4ODMxMBOkETAPMQ0wCwYDVQQDDAR4ODMyMBOkETAPMQ0wCwYDVQQDDAR4 +ODMzMBOkETAPMQ0wCwYDVQQDDAR4ODM0MBOkETAPMQ0wCwYDVQQDDAR4ODM1MBOk +ETAPMQ0wCwYDVQQDDAR4ODM2MBOkETAPMQ0wCwYDVQQDDAR4ODM3MBOkETAPMQ0w +CwYDVQQDDAR4ODM4MBOkETAPMQ0wCwYDVQQDDAR4ODM5MBOkETAPMQ0wCwYDVQQD +DAR4ODQwMBOkETAPMQ0wCwYDVQQDDAR4ODQxMBOkETAPMQ0wCwYDVQQDDAR4ODQy +MBOkETAPMQ0wCwYDVQQDDAR4ODQzMBOkETAPMQ0wCwYDVQQDDAR4ODQ0MBOkETAP +MQ0wCwYDVQQDDAR4ODQ1MBOkETAPMQ0wCwYDVQQDDAR4ODQ2MBOkETAPMQ0wCwYD +VQQDDAR4ODQ3MBOkETAPMQ0wCwYDVQQDDAR4ODQ4MBOkETAPMQ0wCwYDVQQDDAR4 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR4ODUwMBOkETAPMQ0wCwYDVQQDDAR4ODUxMBOk +ETAPMQ0wCwYDVQQDDAR4ODUyMBOkETAPMQ0wCwYDVQQDDAR4ODUzMBOkETAPMQ0w +CwYDVQQDDAR4ODU0MBOkETAPMQ0wCwYDVQQDDAR4ODU1MBOkETAPMQ0wCwYDVQQD +DAR4ODU2MBOkETAPMQ0wCwYDVQQDDAR4ODU3MBOkETAPMQ0wCwYDVQQDDAR4ODU4 +MBOkETAPMQ0wCwYDVQQDDAR4ODU5MBOkETAPMQ0wCwYDVQQDDAR4ODYwMBOkETAP +MQ0wCwYDVQQDDAR4ODYxMBOkETAPMQ0wCwYDVQQDDAR4ODYyMBOkETAPMQ0wCwYD +VQQDDAR4ODYzMBOkETAPMQ0wCwYDVQQDDAR4ODY0MBOkETAPMQ0wCwYDVQQDDAR4 +ODY1MBOkETAPMQ0wCwYDVQQDDAR4ODY2MBOkETAPMQ0wCwYDVQQDDAR4ODY3MBOk +ETAPMQ0wCwYDVQQDDAR4ODY4MBOkETAPMQ0wCwYDVQQDDAR4ODY5MBOkETAPMQ0w +CwYDVQQDDAR4ODcwMBOkETAPMQ0wCwYDVQQDDAR4ODcxMBOkETAPMQ0wCwYDVQQD +DAR4ODcyMBOkETAPMQ0wCwYDVQQDDAR4ODczMBOkETAPMQ0wCwYDVQQDDAR4ODc0 +MBOkETAPMQ0wCwYDVQQDDAR4ODc1MBOkETAPMQ0wCwYDVQQDDAR4ODc2MBOkETAP +MQ0wCwYDVQQDDAR4ODc3MBOkETAPMQ0wCwYDVQQDDAR4ODc4MBOkETAPMQ0wCwYD +VQQDDAR4ODc5MBOkETAPMQ0wCwYDVQQDDAR4ODgwMBOkETAPMQ0wCwYDVQQDDAR4 +ODgxMBOkETAPMQ0wCwYDVQQDDAR4ODgyMBOkETAPMQ0wCwYDVQQDDAR4ODgzMBOk +ETAPMQ0wCwYDVQQDDAR4ODg0MBOkETAPMQ0wCwYDVQQDDAR4ODg1MBOkETAPMQ0w +CwYDVQQDDAR4ODg2MBOkETAPMQ0wCwYDVQQDDAR4ODg3MBOkETAPMQ0wCwYDVQQD +DAR4ODg4MBOkETAPMQ0wCwYDVQQDDAR4ODg5MBOkETAPMQ0wCwYDVQQDDAR4ODkw +MBOkETAPMQ0wCwYDVQQDDAR4ODkxMBOkETAPMQ0wCwYDVQQDDAR4ODkyMBOkETAP +MQ0wCwYDVQQDDAR4ODkzMBOkETAPMQ0wCwYDVQQDDAR4ODk0MBOkETAPMQ0wCwYD +VQQDDAR4ODk1MBOkETAPMQ0wCwYDVQQDDAR4ODk2MBOkETAPMQ0wCwYDVQQDDAR4 +ODk3MBOkETAPMQ0wCwYDVQQDDAR4ODk4MBOkETAPMQ0wCwYDVQQDDAR4ODk5MBOk +ETAPMQ0wCwYDVQQDDAR4OTAwMBOkETAPMQ0wCwYDVQQDDAR4OTAxMBOkETAPMQ0w +CwYDVQQDDAR4OTAyMBOkETAPMQ0wCwYDVQQDDAR4OTAzMBOkETAPMQ0wCwYDVQQD +DAR4OTA0MBOkETAPMQ0wCwYDVQQDDAR4OTA1MBOkETAPMQ0wCwYDVQQDDAR4OTA2 +MBOkETAPMQ0wCwYDVQQDDAR4OTA3MBOkETAPMQ0wCwYDVQQDDAR4OTA4MBOkETAP +MQ0wCwYDVQQDDAR4OTA5MBOkETAPMQ0wCwYDVQQDDAR4OTEwMBOkETAPMQ0wCwYD +VQQDDAR4OTExMBOkETAPMQ0wCwYDVQQDDAR4OTEyMBOkETAPMQ0wCwYDVQQDDAR4 +OTEzMBOkETAPMQ0wCwYDVQQDDAR4OTE0MBOkETAPMQ0wCwYDVQQDDAR4OTE1MBOk +ETAPMQ0wCwYDVQQDDAR4OTE2MBOkETAPMQ0wCwYDVQQDDAR4OTE3MBOkETAPMQ0w +CwYDVQQDDAR4OTE4MBOkETAPMQ0wCwYDVQQDDAR4OTE5MBOkETAPMQ0wCwYDVQQD +DAR4OTIwMBOkETAPMQ0wCwYDVQQDDAR4OTIxMBOkETAPMQ0wCwYDVQQDDAR4OTIy +MBOkETAPMQ0wCwYDVQQDDAR4OTIzMBOkETAPMQ0wCwYDVQQDDAR4OTI0MBOkETAP +MQ0wCwYDVQQDDAR4OTI1MBOkETAPMQ0wCwYDVQQDDAR4OTI2MBOkETAPMQ0wCwYD +VQQDDAR4OTI3MBOkETAPMQ0wCwYDVQQDDAR4OTI4MBOkETAPMQ0wCwYDVQQDDAR4 +OTI5MBOkETAPMQ0wCwYDVQQDDAR4OTMwMBOkETAPMQ0wCwYDVQQDDAR4OTMxMBOk +ETAPMQ0wCwYDVQQDDAR4OTMyMBOkETAPMQ0wCwYDVQQDDAR4OTMzMBOkETAPMQ0w +CwYDVQQDDAR4OTM0MBOkETAPMQ0wCwYDVQQDDAR4OTM1MBOkETAPMQ0wCwYDVQQD +DAR4OTM2MBOkETAPMQ0wCwYDVQQDDAR4OTM3MBOkETAPMQ0wCwYDVQQDDAR4OTM4 +MBOkETAPMQ0wCwYDVQQDDAR4OTM5MBOkETAPMQ0wCwYDVQQDDAR4OTQwMBOkETAP +MQ0wCwYDVQQDDAR4OTQxMBOkETAPMQ0wCwYDVQQDDAR4OTQyMBOkETAPMQ0wCwYD +VQQDDAR4OTQzMBOkETAPMQ0wCwYDVQQDDAR4OTQ0MBOkETAPMQ0wCwYDVQQDDAR4 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR4OTQ2MBOkETAPMQ0wCwYDVQQDDAR4OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR4OTQ4MBOkETAPMQ0wCwYDVQQDDAR4OTQ5MBOkETAPMQ0w +CwYDVQQDDAR4OTUwMBOkETAPMQ0wCwYDVQQDDAR4OTUxMBOkETAPMQ0wCwYDVQQD +DAR4OTUyMBOkETAPMQ0wCwYDVQQDDAR4OTUzMBOkETAPMQ0wCwYDVQQDDAR4OTU0 +MBOkETAPMQ0wCwYDVQQDDAR4OTU1MBOkETAPMQ0wCwYDVQQDDAR4OTU2MBOkETAP +MQ0wCwYDVQQDDAR4OTU3MBOkETAPMQ0wCwYDVQQDDAR4OTU4MBOkETAPMQ0wCwYD +VQQDDAR4OTU5MBOkETAPMQ0wCwYDVQQDDAR4OTYwMBOkETAPMQ0wCwYDVQQDDAR4 +OTYxMBOkETAPMQ0wCwYDVQQDDAR4OTYyMBOkETAPMQ0wCwYDVQQDDAR4OTYzMBOk +ETAPMQ0wCwYDVQQDDAR4OTY0MBOkETAPMQ0wCwYDVQQDDAR4OTY1MBOkETAPMQ0w +CwYDVQQDDAR4OTY2MBOkETAPMQ0wCwYDVQQDDAR4OTY3MBOkETAPMQ0wCwYDVQQD +DAR4OTY4MBOkETAPMQ0wCwYDVQQDDAR4OTY5MBOkETAPMQ0wCwYDVQQDDAR4OTcw +MBOkETAPMQ0wCwYDVQQDDAR4OTcxMBOkETAPMQ0wCwYDVQQDDAR4OTcyMBOkETAP +MQ0wCwYDVQQDDAR4OTczMBOkETAPMQ0wCwYDVQQDDAR4OTc0MBOkETAPMQ0wCwYD +VQQDDAR4OTc1MBOkETAPMQ0wCwYDVQQDDAR4OTc2MBOkETAPMQ0wCwYDVQQDDAR4 +OTc3MBOkETAPMQ0wCwYDVQQDDAR4OTc4MBOkETAPMQ0wCwYDVQQDDAR4OTc5MBOk +ETAPMQ0wCwYDVQQDDAR4OTgwMBOkETAPMQ0wCwYDVQQDDAR4OTgxMBOkETAPMQ0w +CwYDVQQDDAR4OTgyMBOkETAPMQ0wCwYDVQQDDAR4OTgzMBOkETAPMQ0wCwYDVQQD +DAR4OTg0MBOkETAPMQ0wCwYDVQQDDAR4OTg1MBOkETAPMQ0wCwYDVQQDDAR4OTg2 +MBOkETAPMQ0wCwYDVQQDDAR4OTg3MBOkETAPMQ0wCwYDVQQDDAR4OTg4MBOkETAP +MQ0wCwYDVQQDDAR4OTg5MBOkETAPMQ0wCwYDVQQDDAR4OTkwMBOkETAPMQ0wCwYD +VQQDDAR4OTkxMBOkETAPMQ0wCwYDVQQDDAR4OTkyMBOkETAPMQ0wCwYDVQQDDAR4 +OTkzMBOkETAPMQ0wCwYDVQQDDAR4OTk0MBOkETAPMQ0wCwYDVQQDDAR4OTk1MBOk +ETAPMQ0wCwYDVQQDDAR4OTk2MBOkETAPMQ0wCwYDVQQDDAR4OTk3MBOkETAPMQ0w +CwYDVQQDDAR4OTk4MBOkETAPMQ0wCwYDVQQDDAR4OTk5MBSkEjAQMQ4wDAYDVQQD +DAV4MTAwMDAUpBIwEDEOMAwGA1UEAwwFeDEwMDEwFKQSMBAxDjAMBgNVBAMMBXgx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV4MTAwMzAUpBIwEDEOMAwGA1UEAwwFeDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXgxMDA1MBSkEjAQMQ4wDAYDVQQDDAV4MTAwNjAUpBIw +EDEOMAwGA1UEAwwFeDEwMDcwFKQSMBAxDjAMBgNVBAMMBXgxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV4MTAwOTAUpBIwEDEOMAwGA1UEAwwFeDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXgxMDExMBSkEjAQMQ4wDAYDVQQDDAV4MTAxMjAUpBIwEDEOMAwGA1UEAwwF +eDEwMTMwFKQSMBAxDjAMBgNVBAMMBXgxMDE0MBSkEjAQMQ4wDAYDVQQDDAV4MTAx +NTAUpBIwEDEOMAwGA1UEAwwFeDEwMTYwFKQSMBAxDjAMBgNVBAMMBXgxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV4MTAxODAUpBIwEDEOMAwGA1UEAwwFeDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXgxMDIwMBSkEjAQMQ4wDAYDVQQDDAV4MTAyMTAUpBIwEDEOMAwG +A1UEAwwFeDEwMjIwFKQSMBAxDjAMBgNVBAMMBXgxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV4MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAdY+tX6CMogUY2JimxR18uRH0FGok +ViERmMffDBJsQz1FVN4QFOV7wNh3ZMIBi/PQENgDQ/75UHnGkTQ4d78OCX8ff49Q +nyryMVs3DgRVEysbNDIOjduo7TTQaoOg+THRXy1YBykl0xze+HqsPadnSkzq4PkP +kf/YSNwR7KgjoeRiUbCT+G1jDybEqgnnMIWUzCItpsHhWndw4r5QZyt6hY5WNfdZ +iXBviv4cvRa1hSIO8h7QAFtjf1vrHiPA1cbJl52ap/YrjVRkC/fbJl4IsgyO3N8f +6ZI68cuJ1B9GRZzoDLJsqp9V/M0C/DyCnKV58iempYODZH8C0IzzjzKn4Q== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.test new file mode 100644 index 0000000000..f0b3b210e4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-excluded.test @@ -0,0 +1,8 @@ +chain: toomany-dirnames-excluded.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem new file mode 100644 index 0000000000..91acca564e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.pem @@ -0,0 +1,2156 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of permitted directory name +constraints and directory names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:db + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DirName:/CN=t0, DirName:/CN=t1, DirName:/CN=t2, DirName:/CN=t3, DirName:/CN=t4, DirName:/CN=t5, DirName:/CN=t6, DirName:/CN=t7, DirName:/CN=t8, DirName:/CN=t9, DirName:/CN=t10, DirName:/CN=t11, DirName:/CN=t12, DirName:/CN=t13, DirName:/CN=t14, DirName:/CN=t15, DirName:/CN=t16, DirName:/CN=t17, DirName:/CN=t18, DirName:/CN=t19, DirName:/CN=t20, DirName:/CN=t21, DirName:/CN=t22, DirName:/CN=t23, DirName:/CN=t24, DirName:/CN=t25, DirName:/CN=t26, DirName:/CN=t27, DirName:/CN=t28, DirName:/CN=t29, DirName:/CN=t30, DirName:/CN=t31, DirName:/CN=t32, DirName:/CN=t33, DirName:/CN=t34, DirName:/CN=t35, DirName:/CN=t36, DirName:/CN=t37, DirName:/CN=t38, DirName:/CN=t39, DirName:/CN=t40, DirName:/CN=t41, DirName:/CN=t42, DirName:/CN=t43, DirName:/CN=t44, DirName:/CN=t45, DirName:/CN=t46, DirName:/CN=t47, DirName:/CN=t48, DirName:/CN=t49, DirName:/CN=t50, DirName:/CN=t51, DirName:/CN=t52, DirName:/CN=t53, DirName:/CN=t54, DirName:/CN=t55, DirName:/CN=t56, DirName:/CN=t57, DirName:/CN=t58, DirName:/CN=t59, DirName:/CN=t60, DirName:/CN=t61, DirName:/CN=t62, DirName:/CN=t63, DirName:/CN=t64, DirName:/CN=t65, DirName:/CN=t66, DirName:/CN=t67, DirName:/CN=t68, DirName:/CN=t69, DirName:/CN=t70, DirName:/CN=t71, DirName:/CN=t72, DirName:/CN=t73, DirName:/CN=t74, DirName:/CN=t75, DirName:/CN=t76, DirName:/CN=t77, DirName:/CN=t78, DirName:/CN=t79, DirName:/CN=t80, DirName:/CN=t81, DirName:/CN=t82, DirName:/CN=t83, DirName:/CN=t84, DirName:/CN=t85, DirName:/CN=t86, DirName:/CN=t87, DirName:/CN=t88, DirName:/CN=t89, DirName:/CN=t90, DirName:/CN=t91, DirName:/CN=t92, DirName:/CN=t93, DirName:/CN=t94, DirName:/CN=t95, DirName:/CN=t96, DirName:/CN=t97, DirName:/CN=t98, DirName:/CN=t99, DirName:/CN=t100, DirName:/CN=t101, DirName:/CN=t102, DirName:/CN=t103, DirName:/CN=t104, DirName:/CN=t105, DirName:/CN=t106, DirName:/CN=t107, DirName:/CN=t108, DirName:/CN=t109, DirName:/CN=t110, DirName:/CN=t111, DirName:/CN=t112, DirName:/CN=t113, DirName:/CN=t114, DirName:/CN=t115, DirName:/CN=t116, DirName:/CN=t117, DirName:/CN=t118, DirName:/CN=t119, DirName:/CN=t120, DirName:/CN=t121, DirName:/CN=t122, DirName:/CN=t123, DirName:/CN=t124, DirName:/CN=t125, DirName:/CN=t126, DirName:/CN=t127, DirName:/CN=t128, DirName:/CN=t129, DirName:/CN=t130, DirName:/CN=t131, DirName:/CN=t132, DirName:/CN=t133, DirName:/CN=t134, DirName:/CN=t135, DirName:/CN=t136, DirName:/CN=t137, DirName:/CN=t138, DirName:/CN=t139, DirName:/CN=t140, DirName:/CN=t141, DirName:/CN=t142, DirName:/CN=t143, DirName:/CN=t144, DirName:/CN=t145, DirName:/CN=t146, DirName:/CN=t147, DirName:/CN=t148, DirName:/CN=t149, DirName:/CN=t150, DirName:/CN=t151, DirName:/CN=t152, DirName:/CN=t153, DirName:/CN=t154, DirName:/CN=t155, DirName:/CN=t156, DirName:/CN=t157, DirName:/CN=t158, DirName:/CN=t159, DirName:/CN=t160, DirName:/CN=t161, DirName:/CN=t162, DirName:/CN=t163, DirName:/CN=t164, DirName:/CN=t165, DirName:/CN=t166, DirName:/CN=t167, DirName:/CN=t168, DirName:/CN=t169, DirName:/CN=t170, DirName:/CN=t171, DirName:/CN=t172, DirName:/CN=t173, DirName:/CN=t174, DirName:/CN=t175, DirName:/CN=t176, DirName:/CN=t177, DirName:/CN=t178, DirName:/CN=t179, DirName:/CN=t180, DirName:/CN=t181, DirName:/CN=t182, DirName:/CN=t183, DirName:/CN=t184, DirName:/CN=t185, DirName:/CN=t186, DirName:/CN=t187, DirName:/CN=t188, DirName:/CN=t189, DirName:/CN=t190, DirName:/CN=t191, DirName:/CN=t192, DirName:/CN=t193, DirName:/CN=t194, DirName:/CN=t195, DirName:/CN=t196, DirName:/CN=t197, DirName:/CN=t198, DirName:/CN=t199, DirName:/CN=t200, DirName:/CN=t201, DirName:/CN=t202, DirName:/CN=t203, DirName:/CN=t204, DirName:/CN=t205, DirName:/CN=t206, DirName:/CN=t207, DirName:/CN=t208, DirName:/CN=t209, DirName:/CN=t210, DirName:/CN=t211, DirName:/CN=t212, DirName:/CN=t213, DirName:/CN=t214, DirName:/CN=t215, DirName:/CN=t216, DirName:/CN=t217, DirName:/CN=t218, DirName:/CN=t219, DirName:/CN=t220, DirName:/CN=t221, DirName:/CN=t222, DirName:/CN=t223, DirName:/CN=t224, DirName:/CN=t225, DirName:/CN=t226, DirName:/CN=t227, DirName:/CN=t228, DirName:/CN=t229, DirName:/CN=t230, DirName:/CN=t231, DirName:/CN=t232, DirName:/CN=t233, DirName:/CN=t234, DirName:/CN=t235, DirName:/CN=t236, DirName:/CN=t237, DirName:/CN=t238, DirName:/CN=t239, DirName:/CN=t240, DirName:/CN=t241, DirName:/CN=t242, DirName:/CN=t243, DirName:/CN=t244, DirName:/CN=t245, DirName:/CN=t246, DirName:/CN=t247, DirName:/CN=t248, DirName:/CN=t249, DirName:/CN=t250, DirName:/CN=t251, DirName:/CN=t252, DirName:/CN=t253, DirName:/CN=t254, DirName:/CN=t255, DirName:/CN=t256, DirName:/CN=t257, DirName:/CN=t258, DirName:/CN=t259, DirName:/CN=t260, DirName:/CN=t261, DirName:/CN=t262, DirName:/CN=t263, DirName:/CN=t264, DirName:/CN=t265, DirName:/CN=t266, DirName:/CN=t267, DirName:/CN=t268, DirName:/CN=t269, DirName:/CN=t270, DirName:/CN=t271, DirName:/CN=t272, DirName:/CN=t273, DirName:/CN=t274, DirName:/CN=t275, DirName:/CN=t276, DirName:/CN=t277, DirName:/CN=t278, DirName:/CN=t279, DirName:/CN=t280, DirName:/CN=t281, DirName:/CN=t282, DirName:/CN=t283, DirName:/CN=t284, DirName:/CN=t285, DirName:/CN=t286, DirName:/CN=t287, DirName:/CN=t288, DirName:/CN=t289, DirName:/CN=t290, DirName:/CN=t291, DirName:/CN=t292, DirName:/CN=t293, DirName:/CN=t294, DirName:/CN=t295, DirName:/CN=t296, DirName:/CN=t297, DirName:/CN=t298, DirName:/CN=t299, DirName:/CN=t300, DirName:/CN=t301, DirName:/CN=t302, DirName:/CN=t303, DirName:/CN=t304, DirName:/CN=t305, DirName:/CN=t306, DirName:/CN=t307, DirName:/CN=t308, DirName:/CN=t309, DirName:/CN=t310, DirName:/CN=t311, DirName:/CN=t312, DirName:/CN=t313, DirName:/CN=t314, DirName:/CN=t315, DirName:/CN=t316, DirName:/CN=t317, DirName:/CN=t318, DirName:/CN=t319, DirName:/CN=t320, DirName:/CN=t321, DirName:/CN=t322, DirName:/CN=t323, DirName:/CN=t324, DirName:/CN=t325, DirName:/CN=t326, DirName:/CN=t327, DirName:/CN=t328, DirName:/CN=t329, DirName:/CN=t330, DirName:/CN=t331, DirName:/CN=t332, DirName:/CN=t333, DirName:/CN=t334, DirName:/CN=t335, DirName:/CN=t336, DirName:/CN=t337, DirName:/CN=t338, DirName:/CN=t339, DirName:/CN=t340, DirName:/CN=t341, DirName:/CN=t342, DirName:/CN=t343, DirName:/CN=t344, DirName:/CN=t345, DirName:/CN=t346, DirName:/CN=t347, DirName:/CN=t348, DirName:/CN=t349, DirName:/CN=t350, DirName:/CN=t351, DirName:/CN=t352, DirName:/CN=t353, DirName:/CN=t354, DirName:/CN=t355, DirName:/CN=t356, DirName:/CN=t357, DirName:/CN=t358, DirName:/CN=t359, DirName:/CN=t360, DirName:/CN=t361, DirName:/CN=t362, DirName:/CN=t363, DirName:/CN=t364, DirName:/CN=t365, DirName:/CN=t366, DirName:/CN=t367, DirName:/CN=t368, DirName:/CN=t369, DirName:/CN=t370, DirName:/CN=t371, DirName:/CN=t372, DirName:/CN=t373, DirName:/CN=t374, DirName:/CN=t375, DirName:/CN=t376, DirName:/CN=t377, DirName:/CN=t378, DirName:/CN=t379, DirName:/CN=t380, DirName:/CN=t381, DirName:/CN=t382, DirName:/CN=t383, DirName:/CN=t384, DirName:/CN=t385, DirName:/CN=t386, DirName:/CN=t387, DirName:/CN=t388, DirName:/CN=t389, DirName:/CN=t390, DirName:/CN=t391, DirName:/CN=t392, DirName:/CN=t393, DirName:/CN=t394, DirName:/CN=t395, DirName:/CN=t396, DirName:/CN=t397, DirName:/CN=t398, DirName:/CN=t399, DirName:/CN=t400, DirName:/CN=t401, DirName:/CN=t402, DirName:/CN=t403, DirName:/CN=t404, DirName:/CN=t405, DirName:/CN=t406, DirName:/CN=t407, DirName:/CN=t408, DirName:/CN=t409, DirName:/CN=t410, DirName:/CN=t411, DirName:/CN=t412, DirName:/CN=t413, DirName:/CN=t414, DirName:/CN=t415, DirName:/CN=t416, DirName:/CN=t417, DirName:/CN=t418, DirName:/CN=t419, DirName:/CN=t420, DirName:/CN=t421, DirName:/CN=t422, DirName:/CN=t423, DirName:/CN=t424, DirName:/CN=t425, DirName:/CN=t426, DirName:/CN=t427, DirName:/CN=t428, DirName:/CN=t429, DirName:/CN=t430, DirName:/CN=t431, DirName:/CN=t432, DirName:/CN=t433, DirName:/CN=t434, DirName:/CN=t435, DirName:/CN=t436, DirName:/CN=t437, DirName:/CN=t438, DirName:/CN=t439, DirName:/CN=t440, DirName:/CN=t441, DirName:/CN=t442, DirName:/CN=t443, DirName:/CN=t444, DirName:/CN=t445, DirName:/CN=t446, DirName:/CN=t447, DirName:/CN=t448, DirName:/CN=t449, DirName:/CN=t450, DirName:/CN=t451, DirName:/CN=t452, DirName:/CN=t453, DirName:/CN=t454, DirName:/CN=t455, DirName:/CN=t456, DirName:/CN=t457, DirName:/CN=t458, DirName:/CN=t459, DirName:/CN=t460, DirName:/CN=t461, DirName:/CN=t462, DirName:/CN=t463, DirName:/CN=t464, DirName:/CN=t465, DirName:/CN=t466, DirName:/CN=t467, DirName:/CN=t468, DirName:/CN=t469, DirName:/CN=t470, DirName:/CN=t471, DirName:/CN=t472, DirName:/CN=t473, DirName:/CN=t474, DirName:/CN=t475, DirName:/CN=t476, DirName:/CN=t477, DirName:/CN=t478, DirName:/CN=t479, DirName:/CN=t480, DirName:/CN=t481, DirName:/CN=t482, DirName:/CN=t483, DirName:/CN=t484, DirName:/CN=t485, DirName:/CN=t486, DirName:/CN=t487, DirName:/CN=t488, DirName:/CN=t489, DirName:/CN=t490, DirName:/CN=t491, DirName:/CN=t492, DirName:/CN=t493, DirName:/CN=t494, DirName:/CN=t495, DirName:/CN=t496, DirName:/CN=t497, DirName:/CN=t498, DirName:/CN=t499, DirName:/CN=t500, DirName:/CN=t501, DirName:/CN=t502, DirName:/CN=t503, DirName:/CN=t504, DirName:/CN=t505, DirName:/CN=t506, DirName:/CN=t507, DirName:/CN=t508, DirName:/CN=t509, DirName:/CN=t510, DirName:/CN=t511, DirName:/CN=t512, DirName:/CN=t513, DirName:/CN=t514, DirName:/CN=t515, DirName:/CN=t516, DirName:/CN=t517, DirName:/CN=t518, DirName:/CN=t519, DirName:/CN=t520, DirName:/CN=t521, DirName:/CN=t522, DirName:/CN=t523, DirName:/CN=t524, DirName:/CN=t525, DirName:/CN=t526, DirName:/CN=t527, DirName:/CN=t528, DirName:/CN=t529, DirName:/CN=t530, DirName:/CN=t531, DirName:/CN=t532, DirName:/CN=t533, DirName:/CN=t534, DirName:/CN=t535, DirName:/CN=t536, DirName:/CN=t537, DirName:/CN=t538, DirName:/CN=t539, DirName:/CN=t540, DirName:/CN=t541, DirName:/CN=t542, DirName:/CN=t543, DirName:/CN=t544, DirName:/CN=t545, DirName:/CN=t546, DirName:/CN=t547, DirName:/CN=t548, DirName:/CN=t549, DirName:/CN=t550, DirName:/CN=t551, DirName:/CN=t552, DirName:/CN=t553, DirName:/CN=t554, DirName:/CN=t555, DirName:/CN=t556, DirName:/CN=t557, DirName:/CN=t558, DirName:/CN=t559, DirName:/CN=t560, DirName:/CN=t561, DirName:/CN=t562, DirName:/CN=t563, DirName:/CN=t564, DirName:/CN=t565, DirName:/CN=t566, DirName:/CN=t567, DirName:/CN=t568, DirName:/CN=t569, DirName:/CN=t570, DirName:/CN=t571, DirName:/CN=t572, DirName:/CN=t573, DirName:/CN=t574, DirName:/CN=t575, DirName:/CN=t576, DirName:/CN=t577, DirName:/CN=t578, DirName:/CN=t579, DirName:/CN=t580, DirName:/CN=t581, DirName:/CN=t582, DirName:/CN=t583, DirName:/CN=t584, DirName:/CN=t585, DirName:/CN=t586, DirName:/CN=t587, DirName:/CN=t588, DirName:/CN=t589, DirName:/CN=t590, DirName:/CN=t591, DirName:/CN=t592, DirName:/CN=t593, DirName:/CN=t594, DirName:/CN=t595, DirName:/CN=t596, DirName:/CN=t597, DirName:/CN=t598, DirName:/CN=t599, DirName:/CN=t600, DirName:/CN=t601, DirName:/CN=t602, DirName:/CN=t603, DirName:/CN=t604, DirName:/CN=t605, DirName:/CN=t606, DirName:/CN=t607, DirName:/CN=t608, DirName:/CN=t609, DirName:/CN=t610, DirName:/CN=t611, DirName:/CN=t612, DirName:/CN=t613, DirName:/CN=t614, DirName:/CN=t615, DirName:/CN=t616, DirName:/CN=t617, DirName:/CN=t618, DirName:/CN=t619, DirName:/CN=t620, DirName:/CN=t621, DirName:/CN=t622, DirName:/CN=t623, DirName:/CN=t624, DirName:/CN=t625, DirName:/CN=t626, DirName:/CN=t627, DirName:/CN=t628, DirName:/CN=t629, DirName:/CN=t630, DirName:/CN=t631, DirName:/CN=t632, DirName:/CN=t633, DirName:/CN=t634, DirName:/CN=t635, DirName:/CN=t636, DirName:/CN=t637, DirName:/CN=t638, DirName:/CN=t639, DirName:/CN=t640, DirName:/CN=t641, DirName:/CN=t642, DirName:/CN=t643, DirName:/CN=t644, DirName:/CN=t645, DirName:/CN=t646, DirName:/CN=t647, DirName:/CN=t648, DirName:/CN=t649, DirName:/CN=t650, DirName:/CN=t651, DirName:/CN=t652, DirName:/CN=t653, DirName:/CN=t654, DirName:/CN=t655, DirName:/CN=t656, DirName:/CN=t657, DirName:/CN=t658, DirName:/CN=t659, DirName:/CN=t660, DirName:/CN=t661, DirName:/CN=t662, DirName:/CN=t663, DirName:/CN=t664, DirName:/CN=t665, DirName:/CN=t666, DirName:/CN=t667, DirName:/CN=t668, DirName:/CN=t669, DirName:/CN=t670, DirName:/CN=t671, DirName:/CN=t672, DirName:/CN=t673, DirName:/CN=t674, DirName:/CN=t675, DirName:/CN=t676, DirName:/CN=t677, DirName:/CN=t678, DirName:/CN=t679, DirName:/CN=t680, DirName:/CN=t681, DirName:/CN=t682, DirName:/CN=t683, DirName:/CN=t684, DirName:/CN=t685, DirName:/CN=t686, DirName:/CN=t687, DirName:/CN=t688, DirName:/CN=t689, DirName:/CN=t690, DirName:/CN=t691, DirName:/CN=t692, DirName:/CN=t693, DirName:/CN=t694, DirName:/CN=t695, DirName:/CN=t696, DirName:/CN=t697, DirName:/CN=t698, DirName:/CN=t699, DirName:/CN=t700, DirName:/CN=t701, DirName:/CN=t702, DirName:/CN=t703, DirName:/CN=t704, DirName:/CN=t705, DirName:/CN=t706, DirName:/CN=t707, DirName:/CN=t708, DirName:/CN=t709, DirName:/CN=t710, DirName:/CN=t711, DirName:/CN=t712, DirName:/CN=t713, DirName:/CN=t714, DirName:/CN=t715, DirName:/CN=t716, DirName:/CN=t717, DirName:/CN=t718, DirName:/CN=t719, DirName:/CN=t720, DirName:/CN=t721, DirName:/CN=t722, DirName:/CN=t723, DirName:/CN=t724, DirName:/CN=t725, DirName:/CN=t726, DirName:/CN=t727, DirName:/CN=t728, DirName:/CN=t729, DirName:/CN=t730, DirName:/CN=t731, DirName:/CN=t732, DirName:/CN=t733, DirName:/CN=t734, DirName:/CN=t735, DirName:/CN=t736, DirName:/CN=t737, DirName:/CN=t738, DirName:/CN=t739, DirName:/CN=t740, DirName:/CN=t741, DirName:/CN=t742, DirName:/CN=t743, DirName:/CN=t744, DirName:/CN=t745, DirName:/CN=t746, DirName:/CN=t747, DirName:/CN=t748, DirName:/CN=t749, DirName:/CN=t750, DirName:/CN=t751, DirName:/CN=t752, DirName:/CN=t753, DirName:/CN=t754, DirName:/CN=t755, DirName:/CN=t756, DirName:/CN=t757, DirName:/CN=t758, DirName:/CN=t759, DirName:/CN=t760, DirName:/CN=t761, DirName:/CN=t762, DirName:/CN=t763, DirName:/CN=t764, DirName:/CN=t765, DirName:/CN=t766, DirName:/CN=t767, DirName:/CN=t768, DirName:/CN=t769, DirName:/CN=t770, DirName:/CN=t771, DirName:/CN=t772, DirName:/CN=t773, DirName:/CN=t774, DirName:/CN=t775, DirName:/CN=t776, DirName:/CN=t777, DirName:/CN=t778, DirName:/CN=t779, DirName:/CN=t780, DirName:/CN=t781, DirName:/CN=t782, DirName:/CN=t783, DirName:/CN=t784, DirName:/CN=t785, DirName:/CN=t786, DirName:/CN=t787, DirName:/CN=t788, DirName:/CN=t789, DirName:/CN=t790, DirName:/CN=t791, DirName:/CN=t792, DirName:/CN=t793, DirName:/CN=t794, DirName:/CN=t795, DirName:/CN=t796, DirName:/CN=t797, DirName:/CN=t798, DirName:/CN=t799, DirName:/CN=t800, DirName:/CN=t801, DirName:/CN=t802, DirName:/CN=t803, DirName:/CN=t804, DirName:/CN=t805, DirName:/CN=t806, DirName:/CN=t807, DirName:/CN=t808, DirName:/CN=t809, DirName:/CN=t810, DirName:/CN=t811, DirName:/CN=t812, DirName:/CN=t813, DirName:/CN=t814, DirName:/CN=t815, DirName:/CN=t816, DirName:/CN=t817, DirName:/CN=t818, DirName:/CN=t819, DirName:/CN=t820, DirName:/CN=t821, DirName:/CN=t822, DirName:/CN=t823, DirName:/CN=t824, DirName:/CN=t825, DirName:/CN=t826, DirName:/CN=t827, DirName:/CN=t828, DirName:/CN=t829, DirName:/CN=t830, DirName:/CN=t831, DirName:/CN=t832, DirName:/CN=t833, DirName:/CN=t834, DirName:/CN=t835, DirName:/CN=t836, DirName:/CN=t837, DirName:/CN=t838, DirName:/CN=t839, DirName:/CN=t840, DirName:/CN=t841, DirName:/CN=t842, DirName:/CN=t843, DirName:/CN=t844, DirName:/CN=t845, DirName:/CN=t846, DirName:/CN=t847, DirName:/CN=t848, DirName:/CN=t849, DirName:/CN=t850, DirName:/CN=t851, DirName:/CN=t852, DirName:/CN=t853, DirName:/CN=t854, DirName:/CN=t855, DirName:/CN=t856, DirName:/CN=t857, DirName:/CN=t858, DirName:/CN=t859, DirName:/CN=t860, DirName:/CN=t861, DirName:/CN=t862, DirName:/CN=t863, DirName:/CN=t864, DirName:/CN=t865, DirName:/CN=t866, DirName:/CN=t867, DirName:/CN=t868, DirName:/CN=t869, DirName:/CN=t870, DirName:/CN=t871, DirName:/CN=t872, DirName:/CN=t873, DirName:/CN=t874, DirName:/CN=t875, DirName:/CN=t876, DirName:/CN=t877, DirName:/CN=t878, DirName:/CN=t879, DirName:/CN=t880, DirName:/CN=t881, DirName:/CN=t882, DirName:/CN=t883, DirName:/CN=t884, DirName:/CN=t885, DirName:/CN=t886, DirName:/CN=t887, DirName:/CN=t888, DirName:/CN=t889, DirName:/CN=t890, DirName:/CN=t891, DirName:/CN=t892, DirName:/CN=t893, DirName:/CN=t894, DirName:/CN=t895, DirName:/CN=t896, DirName:/CN=t897, DirName:/CN=t898, DirName:/CN=t899, DirName:/CN=t900, DirName:/CN=t901, DirName:/CN=t902, DirName:/CN=t903, DirName:/CN=t904, DirName:/CN=t905, DirName:/CN=t906, DirName:/CN=t907, DirName:/CN=t908, DirName:/CN=t909, DirName:/CN=t910, DirName:/CN=t911, DirName:/CN=t912, DirName:/CN=t913, DirName:/CN=t914, DirName:/CN=t915, DirName:/CN=t916, DirName:/CN=t917, DirName:/CN=t918, DirName:/CN=t919, DirName:/CN=t920, DirName:/CN=t921, DirName:/CN=t922, DirName:/CN=t923, DirName:/CN=t924, DirName:/CN=t925, DirName:/CN=t926, DirName:/CN=t927, DirName:/CN=t928, DirName:/CN=t929, DirName:/CN=t930, DirName:/CN=t931, DirName:/CN=t932, DirName:/CN=t933, DirName:/CN=t934, DirName:/CN=t935, DirName:/CN=t936, DirName:/CN=t937, DirName:/CN=t938, DirName:/CN=t939, DirName:/CN=t940, DirName:/CN=t941, DirName:/CN=t942, DirName:/CN=t943, DirName:/CN=t944, DirName:/CN=t945, DirName:/CN=t946, DirName:/CN=t947, DirName:/CN=t948, DirName:/CN=t949, DirName:/CN=t950, DirName:/CN=t951, DirName:/CN=t952, DirName:/CN=t953, DirName:/CN=t954, DirName:/CN=t955, DirName:/CN=t956, DirName:/CN=t957, DirName:/CN=t958, DirName:/CN=t959, DirName:/CN=t960, DirName:/CN=t961, DirName:/CN=t962, DirName:/CN=t963, DirName:/CN=t964, DirName:/CN=t965, DirName:/CN=t966, DirName:/CN=t967, DirName:/CN=t968, DirName:/CN=t969, DirName:/CN=t970, DirName:/CN=t971, DirName:/CN=t972, DirName:/CN=t973, DirName:/CN=t974, DirName:/CN=t975, DirName:/CN=t976, DirName:/CN=t977, DirName:/CN=t978, DirName:/CN=t979, DirName:/CN=t980, DirName:/CN=t981, DirName:/CN=t982, DirName:/CN=t983, DirName:/CN=t984, DirName:/CN=t985, DirName:/CN=t986, DirName:/CN=t987, DirName:/CN=t988, DirName:/CN=t989, DirName:/CN=t990, DirName:/CN=t991, DirName:/CN=t992, DirName:/CN=t993, DirName:/CN=t994, DirName:/CN=t995, DirName:/CN=t996, DirName:/CN=t997, DirName:/CN=t998, DirName:/CN=t999, DirName:/CN=t1000, DirName:/CN=t1001, DirName:/CN=t1002, DirName:/CN=t1003, DirName:/CN=t1004, DirName:/CN=t1005, DirName:/CN=t1006, DirName:/CN=t1007, DirName:/CN=t1008, DirName:/CN=t1009, DirName:/CN=t1010, DirName:/CN=t1011, DirName:/CN=t1012, DirName:/CN=t1013, DirName:/CN=t1014, DirName:/CN=t1015, DirName:/CN=t1016, DirName:/CN=t1017, DirName:/CN=t1018, DirName:/CN=t1019, DirName:/CN=t1020, DirName:/CN=t1021, DirName:/CN=t1022, DirName:/CN=t1023 + Signature Algorithm: sha256WithRSAEncryption + 77:af:27:9b:23:82:9d:90:b4:3c:02:1f:d4:a9:c8:0c:7f:58: + 19:ae:9a:86:fe:f5:b1:a4:ae:cb:af:46:3a:04:ff:3c:cf:ea: + 6b:df:16:cb:d1:89:8d:8c:a7:f9:11:e7:e9:90:92:6b:54:d5: + fa:aa:24:96:63:61:57:4a:81:da:7e:0b:2e:c8:04:34:6a:dd: + 6e:46:27:97:5a:9d:db:8c:2d:e8:5a:45:11:bf:7d:1a:25:7a: + ca:9e:b1:e3:1c:53:22:0b:37:b6:fa:d6:1e:83:6d:54:40:4d: + 71:b3:e3:52:dc:84:d1:95:fc:92:e4:f0:85:ce:6d:4e:36:a6: + 6c:b4:35:7e:0e:e8:b6:8b:09:b0:c8:4e:f1:b8:aa:fe:e8:28: + ba:8e:a3:31:ef:99:bd:da:9e:cb:5a:02:95:24:45:41:3c:ed: + 7a:92:94:bd:9d:fd:7e:07:51:8c:55:97:07:53:60:b4:dd:64: + 02:6c:2b:18:32:8d:df:ed:89:4a:dd:37:32:cb:66:9a:fa:b8: + e8:3d:87:8f:63:6a:3f:6f:2c:91:25:b3:85:71:0a:39:aa:24: + a5:8e:7b:c2:57:86:ed:3b:e7:33:6d:e9:a4:c1:cd:88:8b:0e: + c8:06:63:9b:40:40:2a:3c:b2:96:12:2d:1c:53:fe:83:ec:4a: + 50:be:c6:53 +-----BEGIN CERTIFICATE----- +MIJPWDCCTkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCTKUwgkyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgku3BgNVHREEgkuuMIJLqqQP +MA0xCzAJBgNVBAMMAnQwpA8wDTELMAkGA1UEAwwCdDGkDzANMQswCQYDVQQDDAJ0 +MqQPMA0xCzAJBgNVBAMMAnQzpA8wDTELMAkGA1UEAwwCdDSkDzANMQswCQYDVQQD +DAJ0NaQPMA0xCzAJBgNVBAMMAnQ2pA8wDTELMAkGA1UEAwwCdDekDzANMQswCQYD +VQQDDAJ0OKQPMA0xCzAJBgNVBAMMAnQ5pBAwDjEMMAoGA1UEAwwDdDEwpBAwDjEM +MAoGA1UEAwwDdDExpBAwDjEMMAoGA1UEAwwDdDEypBAwDjEMMAoGA1UEAwwDdDEz +pBAwDjEMMAoGA1UEAwwDdDE0pBAwDjEMMAoGA1UEAwwDdDE1pBAwDjEMMAoGA1UE +AwwDdDE2pBAwDjEMMAoGA1UEAwwDdDE3pBAwDjEMMAoGA1UEAwwDdDE4pBAwDjEM +MAoGA1UEAwwDdDE5pBAwDjEMMAoGA1UEAwwDdDIwpBAwDjEMMAoGA1UEAwwDdDIx +pBAwDjEMMAoGA1UEAwwDdDIypBAwDjEMMAoGA1UEAwwDdDIzpBAwDjEMMAoGA1UE +AwwDdDI0pBAwDjEMMAoGA1UEAwwDdDI1pBAwDjEMMAoGA1UEAwwDdDI2pBAwDjEM +MAoGA1UEAwwDdDI3pBAwDjEMMAoGA1UEAwwDdDI4pBAwDjEMMAoGA1UEAwwDdDI5 +pBAwDjEMMAoGA1UEAwwDdDMwpBAwDjEMMAoGA1UEAwwDdDMxpBAwDjEMMAoGA1UE +AwwDdDMypBAwDjEMMAoGA1UEAwwDdDMzpBAwDjEMMAoGA1UEAwwDdDM0pBAwDjEM +MAoGA1UEAwwDdDM1pBAwDjEMMAoGA1UEAwwDdDM2pBAwDjEMMAoGA1UEAwwDdDM3 +pBAwDjEMMAoGA1UEAwwDdDM4pBAwDjEMMAoGA1UEAwwDdDM5pBAwDjEMMAoGA1UE +AwwDdDQwpBAwDjEMMAoGA1UEAwwDdDQxpBAwDjEMMAoGA1UEAwwDdDQypBAwDjEM +MAoGA1UEAwwDdDQzpBAwDjEMMAoGA1UEAwwDdDQ0pBAwDjEMMAoGA1UEAwwDdDQ1 +pBAwDjEMMAoGA1UEAwwDdDQ2pBAwDjEMMAoGA1UEAwwDdDQ3pBAwDjEMMAoGA1UE +AwwDdDQ4pBAwDjEMMAoGA1UEAwwDdDQ5pBAwDjEMMAoGA1UEAwwDdDUwpBAwDjEM +MAoGA1UEAwwDdDUxpBAwDjEMMAoGA1UEAwwDdDUypBAwDjEMMAoGA1UEAwwDdDUz +pBAwDjEMMAoGA1UEAwwDdDU0pBAwDjEMMAoGA1UEAwwDdDU1pBAwDjEMMAoGA1UE +AwwDdDU2pBAwDjEMMAoGA1UEAwwDdDU3pBAwDjEMMAoGA1UEAwwDdDU4pBAwDjEM +MAoGA1UEAwwDdDU5pBAwDjEMMAoGA1UEAwwDdDYwpBAwDjEMMAoGA1UEAwwDdDYx +pBAwDjEMMAoGA1UEAwwDdDYypBAwDjEMMAoGA1UEAwwDdDYzpBAwDjEMMAoGA1UE +AwwDdDY0pBAwDjEMMAoGA1UEAwwDdDY1pBAwDjEMMAoGA1UEAwwDdDY2pBAwDjEM +MAoGA1UEAwwDdDY3pBAwDjEMMAoGA1UEAwwDdDY4pBAwDjEMMAoGA1UEAwwDdDY5 +pBAwDjEMMAoGA1UEAwwDdDcwpBAwDjEMMAoGA1UEAwwDdDcxpBAwDjEMMAoGA1UE +AwwDdDcypBAwDjEMMAoGA1UEAwwDdDczpBAwDjEMMAoGA1UEAwwDdDc0pBAwDjEM +MAoGA1UEAwwDdDc1pBAwDjEMMAoGA1UEAwwDdDc2pBAwDjEMMAoGA1UEAwwDdDc3 +pBAwDjEMMAoGA1UEAwwDdDc4pBAwDjEMMAoGA1UEAwwDdDc5pBAwDjEMMAoGA1UE +AwwDdDgwpBAwDjEMMAoGA1UEAwwDdDgxpBAwDjEMMAoGA1UEAwwDdDgypBAwDjEM +MAoGA1UEAwwDdDgzpBAwDjEMMAoGA1UEAwwDdDg0pBAwDjEMMAoGA1UEAwwDdDg1 +pBAwDjEMMAoGA1UEAwwDdDg2pBAwDjEMMAoGA1UEAwwDdDg3pBAwDjEMMAoGA1UE +AwwDdDg4pBAwDjEMMAoGA1UEAwwDdDg5pBAwDjEMMAoGA1UEAwwDdDkwpBAwDjEM +MAoGA1UEAwwDdDkxpBAwDjEMMAoGA1UEAwwDdDkypBAwDjEMMAoGA1UEAwwDdDkz +pBAwDjEMMAoGA1UEAwwDdDk0pBAwDjEMMAoGA1UEAwwDdDk1pBAwDjEMMAoGA1UE +AwwDdDk2pBAwDjEMMAoGA1UEAwwDdDk3pBAwDjEMMAoGA1UEAwwDdDk4pBAwDjEM +MAoGA1UEAwwDdDk5pBEwDzENMAsGA1UEAwwEdDEwMKQRMA8xDTALBgNVBAMMBHQx +MDGkETAPMQ0wCwYDVQQDDAR0MTAypBEwDzENMAsGA1UEAwwEdDEwM6QRMA8xDTAL +BgNVBAMMBHQxMDSkETAPMQ0wCwYDVQQDDAR0MTA1pBEwDzENMAsGA1UEAwwEdDEw +NqQRMA8xDTALBgNVBAMMBHQxMDekETAPMQ0wCwYDVQQDDAR0MTA4pBEwDzENMAsG +A1UEAwwEdDEwOaQRMA8xDTALBgNVBAMMBHQxMTCkETAPMQ0wCwYDVQQDDAR0MTEx +pBEwDzENMAsGA1UEAwwEdDExMqQRMA8xDTALBgNVBAMMBHQxMTOkETAPMQ0wCwYD +VQQDDAR0MTE0pBEwDzENMAsGA1UEAwwEdDExNaQRMA8xDTALBgNVBAMMBHQxMTak +ETAPMQ0wCwYDVQQDDAR0MTE3pBEwDzENMAsGA1UEAwwEdDExOKQRMA8xDTALBgNV +BAMMBHQxMTmkETAPMQ0wCwYDVQQDDAR0MTIwpBEwDzENMAsGA1UEAwwEdDEyMaQR +MA8xDTALBgNVBAMMBHQxMjKkETAPMQ0wCwYDVQQDDAR0MTIzpBEwDzENMAsGA1UE +AwwEdDEyNKQRMA8xDTALBgNVBAMMBHQxMjWkETAPMQ0wCwYDVQQDDAR0MTI2pBEw +DzENMAsGA1UEAwwEdDEyN6QRMA8xDTALBgNVBAMMBHQxMjikETAPMQ0wCwYDVQQD +DAR0MTI5pBEwDzENMAsGA1UEAwwEdDEzMKQRMA8xDTALBgNVBAMMBHQxMzGkETAP +MQ0wCwYDVQQDDAR0MTMypBEwDzENMAsGA1UEAwwEdDEzM6QRMA8xDTALBgNVBAMM +BHQxMzSkETAPMQ0wCwYDVQQDDAR0MTM1pBEwDzENMAsGA1UEAwwEdDEzNqQRMA8x +DTALBgNVBAMMBHQxMzekETAPMQ0wCwYDVQQDDAR0MTM4pBEwDzENMAsGA1UEAwwE +dDEzOaQRMA8xDTALBgNVBAMMBHQxNDCkETAPMQ0wCwYDVQQDDAR0MTQxpBEwDzEN +MAsGA1UEAwwEdDE0MqQRMA8xDTALBgNVBAMMBHQxNDOkETAPMQ0wCwYDVQQDDAR0 +MTQ0pBEwDzENMAsGA1UEAwwEdDE0NaQRMA8xDTALBgNVBAMMBHQxNDakETAPMQ0w +CwYDVQQDDAR0MTQ3pBEwDzENMAsGA1UEAwwEdDE0OKQRMA8xDTALBgNVBAMMBHQx +NDmkETAPMQ0wCwYDVQQDDAR0MTUwpBEwDzENMAsGA1UEAwwEdDE1MaQRMA8xDTAL +BgNVBAMMBHQxNTKkETAPMQ0wCwYDVQQDDAR0MTUzpBEwDzENMAsGA1UEAwwEdDE1 +NKQRMA8xDTALBgNVBAMMBHQxNTWkETAPMQ0wCwYDVQQDDAR0MTU2pBEwDzENMAsG +A1UEAwwEdDE1N6QRMA8xDTALBgNVBAMMBHQxNTikETAPMQ0wCwYDVQQDDAR0MTU5 +pBEwDzENMAsGA1UEAwwEdDE2MKQRMA8xDTALBgNVBAMMBHQxNjGkETAPMQ0wCwYD +VQQDDAR0MTYypBEwDzENMAsGA1UEAwwEdDE2M6QRMA8xDTALBgNVBAMMBHQxNjSk +ETAPMQ0wCwYDVQQDDAR0MTY1pBEwDzENMAsGA1UEAwwEdDE2NqQRMA8xDTALBgNV +BAMMBHQxNjekETAPMQ0wCwYDVQQDDAR0MTY4pBEwDzENMAsGA1UEAwwEdDE2OaQR +MA8xDTALBgNVBAMMBHQxNzCkETAPMQ0wCwYDVQQDDAR0MTcxpBEwDzENMAsGA1UE +AwwEdDE3MqQRMA8xDTALBgNVBAMMBHQxNzOkETAPMQ0wCwYDVQQDDAR0MTc0pBEw +DzENMAsGA1UEAwwEdDE3NaQRMA8xDTALBgNVBAMMBHQxNzakETAPMQ0wCwYDVQQD +DAR0MTc3pBEwDzENMAsGA1UEAwwEdDE3OKQRMA8xDTALBgNVBAMMBHQxNzmkETAP +MQ0wCwYDVQQDDAR0MTgwpBEwDzENMAsGA1UEAwwEdDE4MaQRMA8xDTALBgNVBAMM +BHQxODKkETAPMQ0wCwYDVQQDDAR0MTgzpBEwDzENMAsGA1UEAwwEdDE4NKQRMA8x +DTALBgNVBAMMBHQxODWkETAPMQ0wCwYDVQQDDAR0MTg2pBEwDzENMAsGA1UEAwwE +dDE4N6QRMA8xDTALBgNVBAMMBHQxODikETAPMQ0wCwYDVQQDDAR0MTg5pBEwDzEN +MAsGA1UEAwwEdDE5MKQRMA8xDTALBgNVBAMMBHQxOTGkETAPMQ0wCwYDVQQDDAR0 +MTkypBEwDzENMAsGA1UEAwwEdDE5M6QRMA8xDTALBgNVBAMMBHQxOTSkETAPMQ0w +CwYDVQQDDAR0MTk1pBEwDzENMAsGA1UEAwwEdDE5NqQRMA8xDTALBgNVBAMMBHQx +OTekETAPMQ0wCwYDVQQDDAR0MTk4pBEwDzENMAsGA1UEAwwEdDE5OaQRMA8xDTAL +BgNVBAMMBHQyMDCkETAPMQ0wCwYDVQQDDAR0MjAxpBEwDzENMAsGA1UEAwwEdDIw +MqQRMA8xDTALBgNVBAMMBHQyMDOkETAPMQ0wCwYDVQQDDAR0MjA0pBEwDzENMAsG +A1UEAwwEdDIwNaQRMA8xDTALBgNVBAMMBHQyMDakETAPMQ0wCwYDVQQDDAR0MjA3 +pBEwDzENMAsGA1UEAwwEdDIwOKQRMA8xDTALBgNVBAMMBHQyMDmkETAPMQ0wCwYD +VQQDDAR0MjEwpBEwDzENMAsGA1UEAwwEdDIxMaQRMA8xDTALBgNVBAMMBHQyMTKk +ETAPMQ0wCwYDVQQDDAR0MjEzpBEwDzENMAsGA1UEAwwEdDIxNKQRMA8xDTALBgNV +BAMMBHQyMTWkETAPMQ0wCwYDVQQDDAR0MjE2pBEwDzENMAsGA1UEAwwEdDIxN6QR +MA8xDTALBgNVBAMMBHQyMTikETAPMQ0wCwYDVQQDDAR0MjE5pBEwDzENMAsGA1UE +AwwEdDIyMKQRMA8xDTALBgNVBAMMBHQyMjGkETAPMQ0wCwYDVQQDDAR0MjIypBEw +DzENMAsGA1UEAwwEdDIyM6QRMA8xDTALBgNVBAMMBHQyMjSkETAPMQ0wCwYDVQQD +DAR0MjI1pBEwDzENMAsGA1UEAwwEdDIyNqQRMA8xDTALBgNVBAMMBHQyMjekETAP +MQ0wCwYDVQQDDAR0MjI4pBEwDzENMAsGA1UEAwwEdDIyOaQRMA8xDTALBgNVBAMM +BHQyMzCkETAPMQ0wCwYDVQQDDAR0MjMxpBEwDzENMAsGA1UEAwwEdDIzMqQRMA8x +DTALBgNVBAMMBHQyMzOkETAPMQ0wCwYDVQQDDAR0MjM0pBEwDzENMAsGA1UEAwwE +dDIzNaQRMA8xDTALBgNVBAMMBHQyMzakETAPMQ0wCwYDVQQDDAR0MjM3pBEwDzEN +MAsGA1UEAwwEdDIzOKQRMA8xDTALBgNVBAMMBHQyMzmkETAPMQ0wCwYDVQQDDAR0 +MjQwpBEwDzENMAsGA1UEAwwEdDI0MaQRMA8xDTALBgNVBAMMBHQyNDKkETAPMQ0w +CwYDVQQDDAR0MjQzpBEwDzENMAsGA1UEAwwEdDI0NKQRMA8xDTALBgNVBAMMBHQy +NDWkETAPMQ0wCwYDVQQDDAR0MjQ2pBEwDzENMAsGA1UEAwwEdDI0N6QRMA8xDTAL +BgNVBAMMBHQyNDikETAPMQ0wCwYDVQQDDAR0MjQ5pBEwDzENMAsGA1UEAwwEdDI1 +MKQRMA8xDTALBgNVBAMMBHQyNTGkETAPMQ0wCwYDVQQDDAR0MjUypBEwDzENMAsG +A1UEAwwEdDI1M6QRMA8xDTALBgNVBAMMBHQyNTSkETAPMQ0wCwYDVQQDDAR0MjU1 +pBEwDzENMAsGA1UEAwwEdDI1NqQRMA8xDTALBgNVBAMMBHQyNTekETAPMQ0wCwYD +VQQDDAR0MjU4pBEwDzENMAsGA1UEAwwEdDI1OaQRMA8xDTALBgNVBAMMBHQyNjCk +ETAPMQ0wCwYDVQQDDAR0MjYxpBEwDzENMAsGA1UEAwwEdDI2MqQRMA8xDTALBgNV +BAMMBHQyNjOkETAPMQ0wCwYDVQQDDAR0MjY0pBEwDzENMAsGA1UEAwwEdDI2NaQR +MA8xDTALBgNVBAMMBHQyNjakETAPMQ0wCwYDVQQDDAR0MjY3pBEwDzENMAsGA1UE +AwwEdDI2OKQRMA8xDTALBgNVBAMMBHQyNjmkETAPMQ0wCwYDVQQDDAR0MjcwpBEw +DzENMAsGA1UEAwwEdDI3MaQRMA8xDTALBgNVBAMMBHQyNzKkETAPMQ0wCwYDVQQD +DAR0MjczpBEwDzENMAsGA1UEAwwEdDI3NKQRMA8xDTALBgNVBAMMBHQyNzWkETAP +MQ0wCwYDVQQDDAR0Mjc2pBEwDzENMAsGA1UEAwwEdDI3N6QRMA8xDTALBgNVBAMM +BHQyNzikETAPMQ0wCwYDVQQDDAR0Mjc5pBEwDzENMAsGA1UEAwwEdDI4MKQRMA8x +DTALBgNVBAMMBHQyODGkETAPMQ0wCwYDVQQDDAR0MjgypBEwDzENMAsGA1UEAwwE +dDI4M6QRMA8xDTALBgNVBAMMBHQyODSkETAPMQ0wCwYDVQQDDAR0Mjg1pBEwDzEN +MAsGA1UEAwwEdDI4NqQRMA8xDTALBgNVBAMMBHQyODekETAPMQ0wCwYDVQQDDAR0 +Mjg4pBEwDzENMAsGA1UEAwwEdDI4OaQRMA8xDTALBgNVBAMMBHQyOTCkETAPMQ0w +CwYDVQQDDAR0MjkxpBEwDzENMAsGA1UEAwwEdDI5MqQRMA8xDTALBgNVBAMMBHQy +OTOkETAPMQ0wCwYDVQQDDAR0Mjk0pBEwDzENMAsGA1UEAwwEdDI5NaQRMA8xDTAL +BgNVBAMMBHQyOTakETAPMQ0wCwYDVQQDDAR0Mjk3pBEwDzENMAsGA1UEAwwEdDI5 +OKQRMA8xDTALBgNVBAMMBHQyOTmkETAPMQ0wCwYDVQQDDAR0MzAwpBEwDzENMAsG +A1UEAwwEdDMwMaQRMA8xDTALBgNVBAMMBHQzMDKkETAPMQ0wCwYDVQQDDAR0MzAz +pBEwDzENMAsGA1UEAwwEdDMwNKQRMA8xDTALBgNVBAMMBHQzMDWkETAPMQ0wCwYD +VQQDDAR0MzA2pBEwDzENMAsGA1UEAwwEdDMwN6QRMA8xDTALBgNVBAMMBHQzMDik +ETAPMQ0wCwYDVQQDDAR0MzA5pBEwDzENMAsGA1UEAwwEdDMxMKQRMA8xDTALBgNV +BAMMBHQzMTGkETAPMQ0wCwYDVQQDDAR0MzEypBEwDzENMAsGA1UEAwwEdDMxM6QR +MA8xDTALBgNVBAMMBHQzMTSkETAPMQ0wCwYDVQQDDAR0MzE1pBEwDzENMAsGA1UE +AwwEdDMxNqQRMA8xDTALBgNVBAMMBHQzMTekETAPMQ0wCwYDVQQDDAR0MzE4pBEw +DzENMAsGA1UEAwwEdDMxOaQRMA8xDTALBgNVBAMMBHQzMjCkETAPMQ0wCwYDVQQD +DAR0MzIxpBEwDzENMAsGA1UEAwwEdDMyMqQRMA8xDTALBgNVBAMMBHQzMjOkETAP +MQ0wCwYDVQQDDAR0MzI0pBEwDzENMAsGA1UEAwwEdDMyNaQRMA8xDTALBgNVBAMM +BHQzMjakETAPMQ0wCwYDVQQDDAR0MzI3pBEwDzENMAsGA1UEAwwEdDMyOKQRMA8x +DTALBgNVBAMMBHQzMjmkETAPMQ0wCwYDVQQDDAR0MzMwpBEwDzENMAsGA1UEAwwE +dDMzMaQRMA8xDTALBgNVBAMMBHQzMzKkETAPMQ0wCwYDVQQDDAR0MzMzpBEwDzEN +MAsGA1UEAwwEdDMzNKQRMA8xDTALBgNVBAMMBHQzMzWkETAPMQ0wCwYDVQQDDAR0 +MzM2pBEwDzENMAsGA1UEAwwEdDMzN6QRMA8xDTALBgNVBAMMBHQzMzikETAPMQ0w +CwYDVQQDDAR0MzM5pBEwDzENMAsGA1UEAwwEdDM0MKQRMA8xDTALBgNVBAMMBHQz +NDGkETAPMQ0wCwYDVQQDDAR0MzQypBEwDzENMAsGA1UEAwwEdDM0M6QRMA8xDTAL +BgNVBAMMBHQzNDSkETAPMQ0wCwYDVQQDDAR0MzQ1pBEwDzENMAsGA1UEAwwEdDM0 +NqQRMA8xDTALBgNVBAMMBHQzNDekETAPMQ0wCwYDVQQDDAR0MzQ4pBEwDzENMAsG +A1UEAwwEdDM0OaQRMA8xDTALBgNVBAMMBHQzNTCkETAPMQ0wCwYDVQQDDAR0MzUx +pBEwDzENMAsGA1UEAwwEdDM1MqQRMA8xDTALBgNVBAMMBHQzNTOkETAPMQ0wCwYD +VQQDDAR0MzU0pBEwDzENMAsGA1UEAwwEdDM1NaQRMA8xDTALBgNVBAMMBHQzNTak +ETAPMQ0wCwYDVQQDDAR0MzU3pBEwDzENMAsGA1UEAwwEdDM1OKQRMA8xDTALBgNV +BAMMBHQzNTmkETAPMQ0wCwYDVQQDDAR0MzYwpBEwDzENMAsGA1UEAwwEdDM2MaQR +MA8xDTALBgNVBAMMBHQzNjKkETAPMQ0wCwYDVQQDDAR0MzYzpBEwDzENMAsGA1UE +AwwEdDM2NKQRMA8xDTALBgNVBAMMBHQzNjWkETAPMQ0wCwYDVQQDDAR0MzY2pBEw +DzENMAsGA1UEAwwEdDM2N6QRMA8xDTALBgNVBAMMBHQzNjikETAPMQ0wCwYDVQQD +DAR0MzY5pBEwDzENMAsGA1UEAwwEdDM3MKQRMA8xDTALBgNVBAMMBHQzNzGkETAP +MQ0wCwYDVQQDDAR0MzcypBEwDzENMAsGA1UEAwwEdDM3M6QRMA8xDTALBgNVBAMM +BHQzNzSkETAPMQ0wCwYDVQQDDAR0Mzc1pBEwDzENMAsGA1UEAwwEdDM3NqQRMA8x +DTALBgNVBAMMBHQzNzekETAPMQ0wCwYDVQQDDAR0Mzc4pBEwDzENMAsGA1UEAwwE +dDM3OaQRMA8xDTALBgNVBAMMBHQzODCkETAPMQ0wCwYDVQQDDAR0MzgxpBEwDzEN +MAsGA1UEAwwEdDM4MqQRMA8xDTALBgNVBAMMBHQzODOkETAPMQ0wCwYDVQQDDAR0 +Mzg0pBEwDzENMAsGA1UEAwwEdDM4NaQRMA8xDTALBgNVBAMMBHQzODakETAPMQ0w +CwYDVQQDDAR0Mzg3pBEwDzENMAsGA1UEAwwEdDM4OKQRMA8xDTALBgNVBAMMBHQz +ODmkETAPMQ0wCwYDVQQDDAR0MzkwpBEwDzENMAsGA1UEAwwEdDM5MaQRMA8xDTAL +BgNVBAMMBHQzOTKkETAPMQ0wCwYDVQQDDAR0MzkzpBEwDzENMAsGA1UEAwwEdDM5 +NKQRMA8xDTALBgNVBAMMBHQzOTWkETAPMQ0wCwYDVQQDDAR0Mzk2pBEwDzENMAsG +A1UEAwwEdDM5N6QRMA8xDTALBgNVBAMMBHQzOTikETAPMQ0wCwYDVQQDDAR0Mzk5 +pBEwDzENMAsGA1UEAwwEdDQwMKQRMA8xDTALBgNVBAMMBHQ0MDGkETAPMQ0wCwYD +VQQDDAR0NDAypBEwDzENMAsGA1UEAwwEdDQwM6QRMA8xDTALBgNVBAMMBHQ0MDSk +ETAPMQ0wCwYDVQQDDAR0NDA1pBEwDzENMAsGA1UEAwwEdDQwNqQRMA8xDTALBgNV +BAMMBHQ0MDekETAPMQ0wCwYDVQQDDAR0NDA4pBEwDzENMAsGA1UEAwwEdDQwOaQR +MA8xDTALBgNVBAMMBHQ0MTCkETAPMQ0wCwYDVQQDDAR0NDExpBEwDzENMAsGA1UE +AwwEdDQxMqQRMA8xDTALBgNVBAMMBHQ0MTOkETAPMQ0wCwYDVQQDDAR0NDE0pBEw +DzENMAsGA1UEAwwEdDQxNaQRMA8xDTALBgNVBAMMBHQ0MTakETAPMQ0wCwYDVQQD +DAR0NDE3pBEwDzENMAsGA1UEAwwEdDQxOKQRMA8xDTALBgNVBAMMBHQ0MTmkETAP +MQ0wCwYDVQQDDAR0NDIwpBEwDzENMAsGA1UEAwwEdDQyMaQRMA8xDTALBgNVBAMM +BHQ0MjKkETAPMQ0wCwYDVQQDDAR0NDIzpBEwDzENMAsGA1UEAwwEdDQyNKQRMA8x +DTALBgNVBAMMBHQ0MjWkETAPMQ0wCwYDVQQDDAR0NDI2pBEwDzENMAsGA1UEAwwE +dDQyN6QRMA8xDTALBgNVBAMMBHQ0MjikETAPMQ0wCwYDVQQDDAR0NDI5pBEwDzEN +MAsGA1UEAwwEdDQzMKQRMA8xDTALBgNVBAMMBHQ0MzGkETAPMQ0wCwYDVQQDDAR0 +NDMypBEwDzENMAsGA1UEAwwEdDQzM6QRMA8xDTALBgNVBAMMBHQ0MzSkETAPMQ0w +CwYDVQQDDAR0NDM1pBEwDzENMAsGA1UEAwwEdDQzNqQRMA8xDTALBgNVBAMMBHQ0 +MzekETAPMQ0wCwYDVQQDDAR0NDM4pBEwDzENMAsGA1UEAwwEdDQzOaQRMA8xDTAL +BgNVBAMMBHQ0NDCkETAPMQ0wCwYDVQQDDAR0NDQxpBEwDzENMAsGA1UEAwwEdDQ0 +MqQRMA8xDTALBgNVBAMMBHQ0NDOkETAPMQ0wCwYDVQQDDAR0NDQ0pBEwDzENMAsG +A1UEAwwEdDQ0NaQRMA8xDTALBgNVBAMMBHQ0NDakETAPMQ0wCwYDVQQDDAR0NDQ3 +pBEwDzENMAsGA1UEAwwEdDQ0OKQRMA8xDTALBgNVBAMMBHQ0NDmkETAPMQ0wCwYD +VQQDDAR0NDUwpBEwDzENMAsGA1UEAwwEdDQ1MaQRMA8xDTALBgNVBAMMBHQ0NTKk +ETAPMQ0wCwYDVQQDDAR0NDUzpBEwDzENMAsGA1UEAwwEdDQ1NKQRMA8xDTALBgNV +BAMMBHQ0NTWkETAPMQ0wCwYDVQQDDAR0NDU2pBEwDzENMAsGA1UEAwwEdDQ1N6QR +MA8xDTALBgNVBAMMBHQ0NTikETAPMQ0wCwYDVQQDDAR0NDU5pBEwDzENMAsGA1UE +AwwEdDQ2MKQRMA8xDTALBgNVBAMMBHQ0NjGkETAPMQ0wCwYDVQQDDAR0NDYypBEw +DzENMAsGA1UEAwwEdDQ2M6QRMA8xDTALBgNVBAMMBHQ0NjSkETAPMQ0wCwYDVQQD +DAR0NDY1pBEwDzENMAsGA1UEAwwEdDQ2NqQRMA8xDTALBgNVBAMMBHQ0NjekETAP +MQ0wCwYDVQQDDAR0NDY4pBEwDzENMAsGA1UEAwwEdDQ2OaQRMA8xDTALBgNVBAMM +BHQ0NzCkETAPMQ0wCwYDVQQDDAR0NDcxpBEwDzENMAsGA1UEAwwEdDQ3MqQRMA8x +DTALBgNVBAMMBHQ0NzOkETAPMQ0wCwYDVQQDDAR0NDc0pBEwDzENMAsGA1UEAwwE +dDQ3NaQRMA8xDTALBgNVBAMMBHQ0NzakETAPMQ0wCwYDVQQDDAR0NDc3pBEwDzEN +MAsGA1UEAwwEdDQ3OKQRMA8xDTALBgNVBAMMBHQ0NzmkETAPMQ0wCwYDVQQDDAR0 +NDgwpBEwDzENMAsGA1UEAwwEdDQ4MaQRMA8xDTALBgNVBAMMBHQ0ODKkETAPMQ0w +CwYDVQQDDAR0NDgzpBEwDzENMAsGA1UEAwwEdDQ4NKQRMA8xDTALBgNVBAMMBHQ0 +ODWkETAPMQ0wCwYDVQQDDAR0NDg2pBEwDzENMAsGA1UEAwwEdDQ4N6QRMA8xDTAL +BgNVBAMMBHQ0ODikETAPMQ0wCwYDVQQDDAR0NDg5pBEwDzENMAsGA1UEAwwEdDQ5 +MKQRMA8xDTALBgNVBAMMBHQ0OTGkETAPMQ0wCwYDVQQDDAR0NDkypBEwDzENMAsG +A1UEAwwEdDQ5M6QRMA8xDTALBgNVBAMMBHQ0OTSkETAPMQ0wCwYDVQQDDAR0NDk1 +pBEwDzENMAsGA1UEAwwEdDQ5NqQRMA8xDTALBgNVBAMMBHQ0OTekETAPMQ0wCwYD +VQQDDAR0NDk4pBEwDzENMAsGA1UEAwwEdDQ5OaQRMA8xDTALBgNVBAMMBHQ1MDCk +ETAPMQ0wCwYDVQQDDAR0NTAxpBEwDzENMAsGA1UEAwwEdDUwMqQRMA8xDTALBgNV +BAMMBHQ1MDOkETAPMQ0wCwYDVQQDDAR0NTA0pBEwDzENMAsGA1UEAwwEdDUwNaQR +MA8xDTALBgNVBAMMBHQ1MDakETAPMQ0wCwYDVQQDDAR0NTA3pBEwDzENMAsGA1UE +AwwEdDUwOKQRMA8xDTALBgNVBAMMBHQ1MDmkETAPMQ0wCwYDVQQDDAR0NTEwpBEw +DzENMAsGA1UEAwwEdDUxMaQRMA8xDTALBgNVBAMMBHQ1MTKkETAPMQ0wCwYDVQQD +DAR0NTEzpBEwDzENMAsGA1UEAwwEdDUxNKQRMA8xDTALBgNVBAMMBHQ1MTWkETAP +MQ0wCwYDVQQDDAR0NTE2pBEwDzENMAsGA1UEAwwEdDUxN6QRMA8xDTALBgNVBAMM +BHQ1MTikETAPMQ0wCwYDVQQDDAR0NTE5pBEwDzENMAsGA1UEAwwEdDUyMKQRMA8x +DTALBgNVBAMMBHQ1MjGkETAPMQ0wCwYDVQQDDAR0NTIypBEwDzENMAsGA1UEAwwE +dDUyM6QRMA8xDTALBgNVBAMMBHQ1MjSkETAPMQ0wCwYDVQQDDAR0NTI1pBEwDzEN +MAsGA1UEAwwEdDUyNqQRMA8xDTALBgNVBAMMBHQ1MjekETAPMQ0wCwYDVQQDDAR0 +NTI4pBEwDzENMAsGA1UEAwwEdDUyOaQRMA8xDTALBgNVBAMMBHQ1MzCkETAPMQ0w +CwYDVQQDDAR0NTMxpBEwDzENMAsGA1UEAwwEdDUzMqQRMA8xDTALBgNVBAMMBHQ1 +MzOkETAPMQ0wCwYDVQQDDAR0NTM0pBEwDzENMAsGA1UEAwwEdDUzNaQRMA8xDTAL +BgNVBAMMBHQ1MzakETAPMQ0wCwYDVQQDDAR0NTM3pBEwDzENMAsGA1UEAwwEdDUz +OKQRMA8xDTALBgNVBAMMBHQ1MzmkETAPMQ0wCwYDVQQDDAR0NTQwpBEwDzENMAsG +A1UEAwwEdDU0MaQRMA8xDTALBgNVBAMMBHQ1NDKkETAPMQ0wCwYDVQQDDAR0NTQz +pBEwDzENMAsGA1UEAwwEdDU0NKQRMA8xDTALBgNVBAMMBHQ1NDWkETAPMQ0wCwYD +VQQDDAR0NTQ2pBEwDzENMAsGA1UEAwwEdDU0N6QRMA8xDTALBgNVBAMMBHQ1NDik +ETAPMQ0wCwYDVQQDDAR0NTQ5pBEwDzENMAsGA1UEAwwEdDU1MKQRMA8xDTALBgNV +BAMMBHQ1NTGkETAPMQ0wCwYDVQQDDAR0NTUypBEwDzENMAsGA1UEAwwEdDU1M6QR +MA8xDTALBgNVBAMMBHQ1NTSkETAPMQ0wCwYDVQQDDAR0NTU1pBEwDzENMAsGA1UE +AwwEdDU1NqQRMA8xDTALBgNVBAMMBHQ1NTekETAPMQ0wCwYDVQQDDAR0NTU4pBEw +DzENMAsGA1UEAwwEdDU1OaQRMA8xDTALBgNVBAMMBHQ1NjCkETAPMQ0wCwYDVQQD +DAR0NTYxpBEwDzENMAsGA1UEAwwEdDU2MqQRMA8xDTALBgNVBAMMBHQ1NjOkETAP +MQ0wCwYDVQQDDAR0NTY0pBEwDzENMAsGA1UEAwwEdDU2NaQRMA8xDTALBgNVBAMM +BHQ1NjakETAPMQ0wCwYDVQQDDAR0NTY3pBEwDzENMAsGA1UEAwwEdDU2OKQRMA8x +DTALBgNVBAMMBHQ1NjmkETAPMQ0wCwYDVQQDDAR0NTcwpBEwDzENMAsGA1UEAwwE +dDU3MaQRMA8xDTALBgNVBAMMBHQ1NzKkETAPMQ0wCwYDVQQDDAR0NTczpBEwDzEN +MAsGA1UEAwwEdDU3NKQRMA8xDTALBgNVBAMMBHQ1NzWkETAPMQ0wCwYDVQQDDAR0 +NTc2pBEwDzENMAsGA1UEAwwEdDU3N6QRMA8xDTALBgNVBAMMBHQ1NzikETAPMQ0w +CwYDVQQDDAR0NTc5pBEwDzENMAsGA1UEAwwEdDU4MKQRMA8xDTALBgNVBAMMBHQ1 +ODGkETAPMQ0wCwYDVQQDDAR0NTgypBEwDzENMAsGA1UEAwwEdDU4M6QRMA8xDTAL +BgNVBAMMBHQ1ODSkETAPMQ0wCwYDVQQDDAR0NTg1pBEwDzENMAsGA1UEAwwEdDU4 +NqQRMA8xDTALBgNVBAMMBHQ1ODekETAPMQ0wCwYDVQQDDAR0NTg4pBEwDzENMAsG +A1UEAwwEdDU4OaQRMA8xDTALBgNVBAMMBHQ1OTCkETAPMQ0wCwYDVQQDDAR0NTkx +pBEwDzENMAsGA1UEAwwEdDU5MqQRMA8xDTALBgNVBAMMBHQ1OTOkETAPMQ0wCwYD +VQQDDAR0NTk0pBEwDzENMAsGA1UEAwwEdDU5NaQRMA8xDTALBgNVBAMMBHQ1OTak +ETAPMQ0wCwYDVQQDDAR0NTk3pBEwDzENMAsGA1UEAwwEdDU5OKQRMA8xDTALBgNV +BAMMBHQ1OTmkETAPMQ0wCwYDVQQDDAR0NjAwpBEwDzENMAsGA1UEAwwEdDYwMaQR +MA8xDTALBgNVBAMMBHQ2MDKkETAPMQ0wCwYDVQQDDAR0NjAzpBEwDzENMAsGA1UE +AwwEdDYwNKQRMA8xDTALBgNVBAMMBHQ2MDWkETAPMQ0wCwYDVQQDDAR0NjA2pBEw +DzENMAsGA1UEAwwEdDYwN6QRMA8xDTALBgNVBAMMBHQ2MDikETAPMQ0wCwYDVQQD +DAR0NjA5pBEwDzENMAsGA1UEAwwEdDYxMKQRMA8xDTALBgNVBAMMBHQ2MTGkETAP +MQ0wCwYDVQQDDAR0NjEypBEwDzENMAsGA1UEAwwEdDYxM6QRMA8xDTALBgNVBAMM +BHQ2MTSkETAPMQ0wCwYDVQQDDAR0NjE1pBEwDzENMAsGA1UEAwwEdDYxNqQRMA8x +DTALBgNVBAMMBHQ2MTekETAPMQ0wCwYDVQQDDAR0NjE4pBEwDzENMAsGA1UEAwwE +dDYxOaQRMA8xDTALBgNVBAMMBHQ2MjCkETAPMQ0wCwYDVQQDDAR0NjIxpBEwDzEN +MAsGA1UEAwwEdDYyMqQRMA8xDTALBgNVBAMMBHQ2MjOkETAPMQ0wCwYDVQQDDAR0 +NjI0pBEwDzENMAsGA1UEAwwEdDYyNaQRMA8xDTALBgNVBAMMBHQ2MjakETAPMQ0w +CwYDVQQDDAR0NjI3pBEwDzENMAsGA1UEAwwEdDYyOKQRMA8xDTALBgNVBAMMBHQ2 +MjmkETAPMQ0wCwYDVQQDDAR0NjMwpBEwDzENMAsGA1UEAwwEdDYzMaQRMA8xDTAL +BgNVBAMMBHQ2MzKkETAPMQ0wCwYDVQQDDAR0NjMzpBEwDzENMAsGA1UEAwwEdDYz +NKQRMA8xDTALBgNVBAMMBHQ2MzWkETAPMQ0wCwYDVQQDDAR0NjM2pBEwDzENMAsG +A1UEAwwEdDYzN6QRMA8xDTALBgNVBAMMBHQ2MzikETAPMQ0wCwYDVQQDDAR0NjM5 +pBEwDzENMAsGA1UEAwwEdDY0MKQRMA8xDTALBgNVBAMMBHQ2NDGkETAPMQ0wCwYD +VQQDDAR0NjQypBEwDzENMAsGA1UEAwwEdDY0M6QRMA8xDTALBgNVBAMMBHQ2NDSk +ETAPMQ0wCwYDVQQDDAR0NjQ1pBEwDzENMAsGA1UEAwwEdDY0NqQRMA8xDTALBgNV +BAMMBHQ2NDekETAPMQ0wCwYDVQQDDAR0NjQ4pBEwDzENMAsGA1UEAwwEdDY0OaQR +MA8xDTALBgNVBAMMBHQ2NTCkETAPMQ0wCwYDVQQDDAR0NjUxpBEwDzENMAsGA1UE +AwwEdDY1MqQRMA8xDTALBgNVBAMMBHQ2NTOkETAPMQ0wCwYDVQQDDAR0NjU0pBEw +DzENMAsGA1UEAwwEdDY1NaQRMA8xDTALBgNVBAMMBHQ2NTakETAPMQ0wCwYDVQQD +DAR0NjU3pBEwDzENMAsGA1UEAwwEdDY1OKQRMA8xDTALBgNVBAMMBHQ2NTmkETAP +MQ0wCwYDVQQDDAR0NjYwpBEwDzENMAsGA1UEAwwEdDY2MaQRMA8xDTALBgNVBAMM +BHQ2NjKkETAPMQ0wCwYDVQQDDAR0NjYzpBEwDzENMAsGA1UEAwwEdDY2NKQRMA8x +DTALBgNVBAMMBHQ2NjWkETAPMQ0wCwYDVQQDDAR0NjY2pBEwDzENMAsGA1UEAwwE +dDY2N6QRMA8xDTALBgNVBAMMBHQ2NjikETAPMQ0wCwYDVQQDDAR0NjY5pBEwDzEN +MAsGA1UEAwwEdDY3MKQRMA8xDTALBgNVBAMMBHQ2NzGkETAPMQ0wCwYDVQQDDAR0 +NjcypBEwDzENMAsGA1UEAwwEdDY3M6QRMA8xDTALBgNVBAMMBHQ2NzSkETAPMQ0w +CwYDVQQDDAR0Njc1pBEwDzENMAsGA1UEAwwEdDY3NqQRMA8xDTALBgNVBAMMBHQ2 +NzekETAPMQ0wCwYDVQQDDAR0Njc4pBEwDzENMAsGA1UEAwwEdDY3OaQRMA8xDTAL +BgNVBAMMBHQ2ODCkETAPMQ0wCwYDVQQDDAR0NjgxpBEwDzENMAsGA1UEAwwEdDY4 +MqQRMA8xDTALBgNVBAMMBHQ2ODOkETAPMQ0wCwYDVQQDDAR0Njg0pBEwDzENMAsG +A1UEAwwEdDY4NaQRMA8xDTALBgNVBAMMBHQ2ODakETAPMQ0wCwYDVQQDDAR0Njg3 +pBEwDzENMAsGA1UEAwwEdDY4OKQRMA8xDTALBgNVBAMMBHQ2ODmkETAPMQ0wCwYD +VQQDDAR0NjkwpBEwDzENMAsGA1UEAwwEdDY5MaQRMA8xDTALBgNVBAMMBHQ2OTKk +ETAPMQ0wCwYDVQQDDAR0NjkzpBEwDzENMAsGA1UEAwwEdDY5NKQRMA8xDTALBgNV +BAMMBHQ2OTWkETAPMQ0wCwYDVQQDDAR0Njk2pBEwDzENMAsGA1UEAwwEdDY5N6QR +MA8xDTALBgNVBAMMBHQ2OTikETAPMQ0wCwYDVQQDDAR0Njk5pBEwDzENMAsGA1UE +AwwEdDcwMKQRMA8xDTALBgNVBAMMBHQ3MDGkETAPMQ0wCwYDVQQDDAR0NzAypBEw +DzENMAsGA1UEAwwEdDcwM6QRMA8xDTALBgNVBAMMBHQ3MDSkETAPMQ0wCwYDVQQD +DAR0NzA1pBEwDzENMAsGA1UEAwwEdDcwNqQRMA8xDTALBgNVBAMMBHQ3MDekETAP +MQ0wCwYDVQQDDAR0NzA4pBEwDzENMAsGA1UEAwwEdDcwOaQRMA8xDTALBgNVBAMM +BHQ3MTCkETAPMQ0wCwYDVQQDDAR0NzExpBEwDzENMAsGA1UEAwwEdDcxMqQRMA8x +DTALBgNVBAMMBHQ3MTOkETAPMQ0wCwYDVQQDDAR0NzE0pBEwDzENMAsGA1UEAwwE +dDcxNaQRMA8xDTALBgNVBAMMBHQ3MTakETAPMQ0wCwYDVQQDDAR0NzE3pBEwDzEN +MAsGA1UEAwwEdDcxOKQRMA8xDTALBgNVBAMMBHQ3MTmkETAPMQ0wCwYDVQQDDAR0 +NzIwpBEwDzENMAsGA1UEAwwEdDcyMaQRMA8xDTALBgNVBAMMBHQ3MjKkETAPMQ0w +CwYDVQQDDAR0NzIzpBEwDzENMAsGA1UEAwwEdDcyNKQRMA8xDTALBgNVBAMMBHQ3 +MjWkETAPMQ0wCwYDVQQDDAR0NzI2pBEwDzENMAsGA1UEAwwEdDcyN6QRMA8xDTAL +BgNVBAMMBHQ3MjikETAPMQ0wCwYDVQQDDAR0NzI5pBEwDzENMAsGA1UEAwwEdDcz +MKQRMA8xDTALBgNVBAMMBHQ3MzGkETAPMQ0wCwYDVQQDDAR0NzMypBEwDzENMAsG +A1UEAwwEdDczM6QRMA8xDTALBgNVBAMMBHQ3MzSkETAPMQ0wCwYDVQQDDAR0NzM1 +pBEwDzENMAsGA1UEAwwEdDczNqQRMA8xDTALBgNVBAMMBHQ3MzekETAPMQ0wCwYD +VQQDDAR0NzM4pBEwDzENMAsGA1UEAwwEdDczOaQRMA8xDTALBgNVBAMMBHQ3NDCk +ETAPMQ0wCwYDVQQDDAR0NzQxpBEwDzENMAsGA1UEAwwEdDc0MqQRMA8xDTALBgNV +BAMMBHQ3NDOkETAPMQ0wCwYDVQQDDAR0NzQ0pBEwDzENMAsGA1UEAwwEdDc0NaQR +MA8xDTALBgNVBAMMBHQ3NDakETAPMQ0wCwYDVQQDDAR0NzQ3pBEwDzENMAsGA1UE +AwwEdDc0OKQRMA8xDTALBgNVBAMMBHQ3NDmkETAPMQ0wCwYDVQQDDAR0NzUwpBEw +DzENMAsGA1UEAwwEdDc1MaQRMA8xDTALBgNVBAMMBHQ3NTKkETAPMQ0wCwYDVQQD +DAR0NzUzpBEwDzENMAsGA1UEAwwEdDc1NKQRMA8xDTALBgNVBAMMBHQ3NTWkETAP +MQ0wCwYDVQQDDAR0NzU2pBEwDzENMAsGA1UEAwwEdDc1N6QRMA8xDTALBgNVBAMM +BHQ3NTikETAPMQ0wCwYDVQQDDAR0NzU5pBEwDzENMAsGA1UEAwwEdDc2MKQRMA8x +DTALBgNVBAMMBHQ3NjGkETAPMQ0wCwYDVQQDDAR0NzYypBEwDzENMAsGA1UEAwwE +dDc2M6QRMA8xDTALBgNVBAMMBHQ3NjSkETAPMQ0wCwYDVQQDDAR0NzY1pBEwDzEN +MAsGA1UEAwwEdDc2NqQRMA8xDTALBgNVBAMMBHQ3NjekETAPMQ0wCwYDVQQDDAR0 +NzY4pBEwDzENMAsGA1UEAwwEdDc2OaQRMA8xDTALBgNVBAMMBHQ3NzCkETAPMQ0w +CwYDVQQDDAR0NzcxpBEwDzENMAsGA1UEAwwEdDc3MqQRMA8xDTALBgNVBAMMBHQ3 +NzOkETAPMQ0wCwYDVQQDDAR0Nzc0pBEwDzENMAsGA1UEAwwEdDc3NaQRMA8xDTAL +BgNVBAMMBHQ3NzakETAPMQ0wCwYDVQQDDAR0Nzc3pBEwDzENMAsGA1UEAwwEdDc3 +OKQRMA8xDTALBgNVBAMMBHQ3NzmkETAPMQ0wCwYDVQQDDAR0NzgwpBEwDzENMAsG +A1UEAwwEdDc4MaQRMA8xDTALBgNVBAMMBHQ3ODKkETAPMQ0wCwYDVQQDDAR0Nzgz +pBEwDzENMAsGA1UEAwwEdDc4NKQRMA8xDTALBgNVBAMMBHQ3ODWkETAPMQ0wCwYD +VQQDDAR0Nzg2pBEwDzENMAsGA1UEAwwEdDc4N6QRMA8xDTALBgNVBAMMBHQ3ODik +ETAPMQ0wCwYDVQQDDAR0Nzg5pBEwDzENMAsGA1UEAwwEdDc5MKQRMA8xDTALBgNV +BAMMBHQ3OTGkETAPMQ0wCwYDVQQDDAR0NzkypBEwDzENMAsGA1UEAwwEdDc5M6QR +MA8xDTALBgNVBAMMBHQ3OTSkETAPMQ0wCwYDVQQDDAR0Nzk1pBEwDzENMAsGA1UE +AwwEdDc5NqQRMA8xDTALBgNVBAMMBHQ3OTekETAPMQ0wCwYDVQQDDAR0Nzk4pBEw +DzENMAsGA1UEAwwEdDc5OaQRMA8xDTALBgNVBAMMBHQ4MDCkETAPMQ0wCwYDVQQD +DAR0ODAxpBEwDzENMAsGA1UEAwwEdDgwMqQRMA8xDTALBgNVBAMMBHQ4MDOkETAP +MQ0wCwYDVQQDDAR0ODA0pBEwDzENMAsGA1UEAwwEdDgwNaQRMA8xDTALBgNVBAMM +BHQ4MDakETAPMQ0wCwYDVQQDDAR0ODA3pBEwDzENMAsGA1UEAwwEdDgwOKQRMA8x +DTALBgNVBAMMBHQ4MDmkETAPMQ0wCwYDVQQDDAR0ODEwpBEwDzENMAsGA1UEAwwE +dDgxMaQRMA8xDTALBgNVBAMMBHQ4MTKkETAPMQ0wCwYDVQQDDAR0ODEzpBEwDzEN +MAsGA1UEAwwEdDgxNKQRMA8xDTALBgNVBAMMBHQ4MTWkETAPMQ0wCwYDVQQDDAR0 +ODE2pBEwDzENMAsGA1UEAwwEdDgxN6QRMA8xDTALBgNVBAMMBHQ4MTikETAPMQ0w +CwYDVQQDDAR0ODE5pBEwDzENMAsGA1UEAwwEdDgyMKQRMA8xDTALBgNVBAMMBHQ4 +MjGkETAPMQ0wCwYDVQQDDAR0ODIypBEwDzENMAsGA1UEAwwEdDgyM6QRMA8xDTAL +BgNVBAMMBHQ4MjSkETAPMQ0wCwYDVQQDDAR0ODI1pBEwDzENMAsGA1UEAwwEdDgy +NqQRMA8xDTALBgNVBAMMBHQ4MjekETAPMQ0wCwYDVQQDDAR0ODI4pBEwDzENMAsG +A1UEAwwEdDgyOaQRMA8xDTALBgNVBAMMBHQ4MzCkETAPMQ0wCwYDVQQDDAR0ODMx +pBEwDzENMAsGA1UEAwwEdDgzMqQRMA8xDTALBgNVBAMMBHQ4MzOkETAPMQ0wCwYD +VQQDDAR0ODM0pBEwDzENMAsGA1UEAwwEdDgzNaQRMA8xDTALBgNVBAMMBHQ4Mzak +ETAPMQ0wCwYDVQQDDAR0ODM3pBEwDzENMAsGA1UEAwwEdDgzOKQRMA8xDTALBgNV +BAMMBHQ4MzmkETAPMQ0wCwYDVQQDDAR0ODQwpBEwDzENMAsGA1UEAwwEdDg0MaQR +MA8xDTALBgNVBAMMBHQ4NDKkETAPMQ0wCwYDVQQDDAR0ODQzpBEwDzENMAsGA1UE +AwwEdDg0NKQRMA8xDTALBgNVBAMMBHQ4NDWkETAPMQ0wCwYDVQQDDAR0ODQ2pBEw +DzENMAsGA1UEAwwEdDg0N6QRMA8xDTALBgNVBAMMBHQ4NDikETAPMQ0wCwYDVQQD +DAR0ODQ5pBEwDzENMAsGA1UEAwwEdDg1MKQRMA8xDTALBgNVBAMMBHQ4NTGkETAP +MQ0wCwYDVQQDDAR0ODUypBEwDzENMAsGA1UEAwwEdDg1M6QRMA8xDTALBgNVBAMM +BHQ4NTSkETAPMQ0wCwYDVQQDDAR0ODU1pBEwDzENMAsGA1UEAwwEdDg1NqQRMA8x +DTALBgNVBAMMBHQ4NTekETAPMQ0wCwYDVQQDDAR0ODU4pBEwDzENMAsGA1UEAwwE +dDg1OaQRMA8xDTALBgNVBAMMBHQ4NjCkETAPMQ0wCwYDVQQDDAR0ODYxpBEwDzEN +MAsGA1UEAwwEdDg2MqQRMA8xDTALBgNVBAMMBHQ4NjOkETAPMQ0wCwYDVQQDDAR0 +ODY0pBEwDzENMAsGA1UEAwwEdDg2NaQRMA8xDTALBgNVBAMMBHQ4NjakETAPMQ0w +CwYDVQQDDAR0ODY3pBEwDzENMAsGA1UEAwwEdDg2OKQRMA8xDTALBgNVBAMMBHQ4 +NjmkETAPMQ0wCwYDVQQDDAR0ODcwpBEwDzENMAsGA1UEAwwEdDg3MaQRMA8xDTAL +BgNVBAMMBHQ4NzKkETAPMQ0wCwYDVQQDDAR0ODczpBEwDzENMAsGA1UEAwwEdDg3 +NKQRMA8xDTALBgNVBAMMBHQ4NzWkETAPMQ0wCwYDVQQDDAR0ODc2pBEwDzENMAsG +A1UEAwwEdDg3N6QRMA8xDTALBgNVBAMMBHQ4NzikETAPMQ0wCwYDVQQDDAR0ODc5 +pBEwDzENMAsGA1UEAwwEdDg4MKQRMA8xDTALBgNVBAMMBHQ4ODGkETAPMQ0wCwYD +VQQDDAR0ODgypBEwDzENMAsGA1UEAwwEdDg4M6QRMA8xDTALBgNVBAMMBHQ4ODSk +ETAPMQ0wCwYDVQQDDAR0ODg1pBEwDzENMAsGA1UEAwwEdDg4NqQRMA8xDTALBgNV +BAMMBHQ4ODekETAPMQ0wCwYDVQQDDAR0ODg4pBEwDzENMAsGA1UEAwwEdDg4OaQR +MA8xDTALBgNVBAMMBHQ4OTCkETAPMQ0wCwYDVQQDDAR0ODkxpBEwDzENMAsGA1UE +AwwEdDg5MqQRMA8xDTALBgNVBAMMBHQ4OTOkETAPMQ0wCwYDVQQDDAR0ODk0pBEw +DzENMAsGA1UEAwwEdDg5NaQRMA8xDTALBgNVBAMMBHQ4OTakETAPMQ0wCwYDVQQD +DAR0ODk3pBEwDzENMAsGA1UEAwwEdDg5OKQRMA8xDTALBgNVBAMMBHQ4OTmkETAP +MQ0wCwYDVQQDDAR0OTAwpBEwDzENMAsGA1UEAwwEdDkwMaQRMA8xDTALBgNVBAMM +BHQ5MDKkETAPMQ0wCwYDVQQDDAR0OTAzpBEwDzENMAsGA1UEAwwEdDkwNKQRMA8x +DTALBgNVBAMMBHQ5MDWkETAPMQ0wCwYDVQQDDAR0OTA2pBEwDzENMAsGA1UEAwwE +dDkwN6QRMA8xDTALBgNVBAMMBHQ5MDikETAPMQ0wCwYDVQQDDAR0OTA5pBEwDzEN +MAsGA1UEAwwEdDkxMKQRMA8xDTALBgNVBAMMBHQ5MTGkETAPMQ0wCwYDVQQDDAR0 +OTEypBEwDzENMAsGA1UEAwwEdDkxM6QRMA8xDTALBgNVBAMMBHQ5MTSkETAPMQ0w +CwYDVQQDDAR0OTE1pBEwDzENMAsGA1UEAwwEdDkxNqQRMA8xDTALBgNVBAMMBHQ5 +MTekETAPMQ0wCwYDVQQDDAR0OTE4pBEwDzENMAsGA1UEAwwEdDkxOaQRMA8xDTAL +BgNVBAMMBHQ5MjCkETAPMQ0wCwYDVQQDDAR0OTIxpBEwDzENMAsGA1UEAwwEdDky +MqQRMA8xDTALBgNVBAMMBHQ5MjOkETAPMQ0wCwYDVQQDDAR0OTI0pBEwDzENMAsG +A1UEAwwEdDkyNaQRMA8xDTALBgNVBAMMBHQ5MjakETAPMQ0wCwYDVQQDDAR0OTI3 +pBEwDzENMAsGA1UEAwwEdDkyOKQRMA8xDTALBgNVBAMMBHQ5MjmkETAPMQ0wCwYD +VQQDDAR0OTMwpBEwDzENMAsGA1UEAwwEdDkzMaQRMA8xDTALBgNVBAMMBHQ5MzKk +ETAPMQ0wCwYDVQQDDAR0OTMzpBEwDzENMAsGA1UEAwwEdDkzNKQRMA8xDTALBgNV +BAMMBHQ5MzWkETAPMQ0wCwYDVQQDDAR0OTM2pBEwDzENMAsGA1UEAwwEdDkzN6QR +MA8xDTALBgNVBAMMBHQ5MzikETAPMQ0wCwYDVQQDDAR0OTM5pBEwDzENMAsGA1UE +AwwEdDk0MKQRMA8xDTALBgNVBAMMBHQ5NDGkETAPMQ0wCwYDVQQDDAR0OTQypBEw +DzENMAsGA1UEAwwEdDk0M6QRMA8xDTALBgNVBAMMBHQ5NDSkETAPMQ0wCwYDVQQD +DAR0OTQ1pBEwDzENMAsGA1UEAwwEdDk0NqQRMA8xDTALBgNVBAMMBHQ5NDekETAP +MQ0wCwYDVQQDDAR0OTQ4pBEwDzENMAsGA1UEAwwEdDk0OaQRMA8xDTALBgNVBAMM +BHQ5NTCkETAPMQ0wCwYDVQQDDAR0OTUxpBEwDzENMAsGA1UEAwwEdDk1MqQRMA8x +DTALBgNVBAMMBHQ5NTOkETAPMQ0wCwYDVQQDDAR0OTU0pBEwDzENMAsGA1UEAwwE +dDk1NaQRMA8xDTALBgNVBAMMBHQ5NTakETAPMQ0wCwYDVQQDDAR0OTU3pBEwDzEN +MAsGA1UEAwwEdDk1OKQRMA8xDTALBgNVBAMMBHQ5NTmkETAPMQ0wCwYDVQQDDAR0 +OTYwpBEwDzENMAsGA1UEAwwEdDk2MaQRMA8xDTALBgNVBAMMBHQ5NjKkETAPMQ0w +CwYDVQQDDAR0OTYzpBEwDzENMAsGA1UEAwwEdDk2NKQRMA8xDTALBgNVBAMMBHQ5 +NjWkETAPMQ0wCwYDVQQDDAR0OTY2pBEwDzENMAsGA1UEAwwEdDk2N6QRMA8xDTAL +BgNVBAMMBHQ5NjikETAPMQ0wCwYDVQQDDAR0OTY5pBEwDzENMAsGA1UEAwwEdDk3 +MKQRMA8xDTALBgNVBAMMBHQ5NzGkETAPMQ0wCwYDVQQDDAR0OTcypBEwDzENMAsG +A1UEAwwEdDk3M6QRMA8xDTALBgNVBAMMBHQ5NzSkETAPMQ0wCwYDVQQDDAR0OTc1 +pBEwDzENMAsGA1UEAwwEdDk3NqQRMA8xDTALBgNVBAMMBHQ5NzekETAPMQ0wCwYD +VQQDDAR0OTc4pBEwDzENMAsGA1UEAwwEdDk3OaQRMA8xDTALBgNVBAMMBHQ5ODCk +ETAPMQ0wCwYDVQQDDAR0OTgxpBEwDzENMAsGA1UEAwwEdDk4MqQRMA8xDTALBgNV +BAMMBHQ5ODOkETAPMQ0wCwYDVQQDDAR0OTg0pBEwDzENMAsGA1UEAwwEdDk4NaQR +MA8xDTALBgNVBAMMBHQ5ODakETAPMQ0wCwYDVQQDDAR0OTg3pBEwDzENMAsGA1UE +AwwEdDk4OKQRMA8xDTALBgNVBAMMBHQ5ODmkETAPMQ0wCwYDVQQDDAR0OTkwpBEw +DzENMAsGA1UEAwwEdDk5MaQRMA8xDTALBgNVBAMMBHQ5OTKkETAPMQ0wCwYDVQQD +DAR0OTkzpBEwDzENMAsGA1UEAwwEdDk5NKQRMA8xDTALBgNVBAMMBHQ5OTWkETAP +MQ0wCwYDVQQDDAR0OTk2pBEwDzENMAsGA1UEAwwEdDk5N6QRMA8xDTALBgNVBAMM +BHQ5OTikETAPMQ0wCwYDVQQDDAR0OTk5pBIwEDEOMAwGA1UEAwwFdDEwMDCkEjAQ +MQ4wDAYDVQQDDAV0MTAwMaQSMBAxDjAMBgNVBAMMBXQxMDAypBIwEDEOMAwGA1UE +AwwFdDEwMDOkEjAQMQ4wDAYDVQQDDAV0MTAwNKQSMBAxDjAMBgNVBAMMBXQxMDA1 +pBIwEDEOMAwGA1UEAwwFdDEwMDakEjAQMQ4wDAYDVQQDDAV0MTAwN6QSMBAxDjAM +BgNVBAMMBXQxMDA4pBIwEDEOMAwGA1UEAwwFdDEwMDmkEjAQMQ4wDAYDVQQDDAV0 +MTAxMKQSMBAxDjAMBgNVBAMMBXQxMDExpBIwEDEOMAwGA1UEAwwFdDEwMTKkEjAQ +MQ4wDAYDVQQDDAV0MTAxM6QSMBAxDjAMBgNVBAMMBXQxMDE0pBIwEDEOMAwGA1UE +AwwFdDEwMTWkEjAQMQ4wDAYDVQQDDAV0MTAxNqQSMBAxDjAMBgNVBAMMBXQxMDE3 +pBIwEDEOMAwGA1UEAwwFdDEwMTikEjAQMQ4wDAYDVQQDDAV0MTAxOaQSMBAxDjAM +BgNVBAMMBXQxMDIwpBIwEDEOMAwGA1UEAwwFdDEwMjGkEjAQMQ4wDAYDVQQDDAV0 +MTAyMqQSMBAxDjAMBgNVBAMMBXQxMDIzMA0GCSqGSIb3DQEBCwUAA4IBAQB3ryeb +I4KdkLQ8Ah/UqcgMf1gZrpqG/vWxpK7Lr0Y6BP88z+pr3xbL0YmNjKf5EefpkJJr +VNX6qiSWY2FXSoHafgsuyAQ0at1uRieXWp3bjC3oWkURv30aJXrKnrHjHFMiCze2 ++tYeg21UQE1xs+NS3ITRlfyS5PCFzm1ONqZstDV+Dui2iwmwyE7xuKr+6Ci6jqMx +75m92p7LWgKVJEVBPO16kpS9nf1+B1GMVZcHU2C03WQCbCsYMo3f7YlK3Tcyy2aa ++rjoPYePY2o/byyRJbOFcQo5qiSljnvCV4btO+czbemkwc2Iiw7IBmObQEAqPLKW +Ei0cU/6D7EpQvsZT +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DirName: CN = t0 + DirName: CN = t1 + DirName: CN = t2 + DirName: CN = t3 + DirName: CN = t4 + DirName: CN = t5 + DirName: CN = t6 + DirName: CN = t7 + DirName: CN = t8 + DirName: CN = t9 + DirName: CN = t10 + DirName: CN = t11 + DirName: CN = t12 + DirName: CN = t13 + DirName: CN = t14 + DirName: CN = t15 + DirName: CN = t16 + DirName: CN = t17 + DirName: CN = t18 + DirName: CN = t19 + DirName: CN = t20 + DirName: CN = t21 + DirName: CN = t22 + DirName: CN = t23 + DirName: CN = t24 + DirName: CN = t25 + DirName: CN = t26 + DirName: CN = t27 + DirName: CN = t28 + DirName: CN = t29 + DirName: CN = t30 + DirName: CN = t31 + DirName: CN = t32 + DirName: CN = t33 + DirName: CN = t34 + DirName: CN = t35 + DirName: CN = t36 + DirName: CN = t37 + DirName: CN = t38 + DirName: CN = t39 + DirName: CN = t40 + DirName: CN = t41 + DirName: CN = t42 + DirName: CN = t43 + DirName: CN = t44 + DirName: CN = t45 + DirName: CN = t46 + DirName: CN = t47 + DirName: CN = t48 + DirName: CN = t49 + DirName: CN = t50 + DirName: CN = t51 + DirName: CN = t52 + DirName: CN = t53 + DirName: CN = t54 + DirName: CN = t55 + DirName: CN = t56 + DirName: CN = t57 + DirName: CN = t58 + DirName: CN = t59 + DirName: CN = t60 + DirName: CN = t61 + DirName: CN = t62 + DirName: CN = t63 + DirName: CN = t64 + DirName: CN = t65 + DirName: CN = t66 + DirName: CN = t67 + DirName: CN = t68 + DirName: CN = t69 + DirName: CN = t70 + DirName: CN = t71 + DirName: CN = t72 + DirName: CN = t73 + DirName: CN = t74 + DirName: CN = t75 + DirName: CN = t76 + DirName: CN = t77 + DirName: CN = t78 + DirName: CN = t79 + DirName: CN = t80 + DirName: CN = t81 + DirName: CN = t82 + DirName: CN = t83 + DirName: CN = t84 + DirName: CN = t85 + DirName: CN = t86 + DirName: CN = t87 + DirName: CN = t88 + DirName: CN = t89 + DirName: CN = t90 + DirName: CN = t91 + DirName: CN = t92 + DirName: CN = t93 + DirName: CN = t94 + DirName: CN = t95 + DirName: CN = t96 + DirName: CN = t97 + DirName: CN = t98 + DirName: CN = t99 + DirName: CN = t100 + DirName: CN = t101 + DirName: CN = t102 + DirName: CN = t103 + DirName: CN = t104 + DirName: CN = t105 + DirName: CN = t106 + DirName: CN = t107 + DirName: CN = t108 + DirName: CN = t109 + DirName: CN = t110 + DirName: CN = t111 + DirName: CN = t112 + DirName: CN = t113 + DirName: CN = t114 + DirName: CN = t115 + DirName: CN = t116 + DirName: CN = t117 + DirName: CN = t118 + DirName: CN = t119 + DirName: CN = t120 + DirName: CN = t121 + DirName: CN = t122 + DirName: CN = t123 + DirName: CN = t124 + DirName: CN = t125 + DirName: CN = t126 + DirName: CN = t127 + DirName: CN = t128 + DirName: CN = t129 + DirName: CN = t130 + DirName: CN = t131 + DirName: CN = t132 + DirName: CN = t133 + DirName: CN = t134 + DirName: CN = t135 + DirName: CN = t136 + DirName: CN = t137 + DirName: CN = t138 + DirName: CN = t139 + DirName: CN = t140 + DirName: CN = t141 + DirName: CN = t142 + DirName: CN = t143 + DirName: CN = t144 + DirName: CN = t145 + DirName: CN = t146 + DirName: CN = t147 + DirName: CN = t148 + DirName: CN = t149 + DirName: CN = t150 + DirName: CN = t151 + DirName: CN = t152 + DirName: CN = t153 + DirName: CN = t154 + DirName: CN = t155 + DirName: CN = t156 + DirName: CN = t157 + DirName: CN = t158 + DirName: CN = t159 + DirName: CN = t160 + DirName: CN = t161 + DirName: CN = t162 + DirName: CN = t163 + DirName: CN = t164 + DirName: CN = t165 + DirName: CN = t166 + DirName: CN = t167 + DirName: CN = t168 + DirName: CN = t169 + DirName: CN = t170 + DirName: CN = t171 + DirName: CN = t172 + DirName: CN = t173 + DirName: CN = t174 + DirName: CN = t175 + DirName: CN = t176 + DirName: CN = t177 + DirName: CN = t178 + DirName: CN = t179 + DirName: CN = t180 + DirName: CN = t181 + DirName: CN = t182 + DirName: CN = t183 + DirName: CN = t184 + DirName: CN = t185 + DirName: CN = t186 + DirName: CN = t187 + DirName: CN = t188 + DirName: CN = t189 + DirName: CN = t190 + DirName: CN = t191 + DirName: CN = t192 + DirName: CN = t193 + DirName: CN = t194 + DirName: CN = t195 + DirName: CN = t196 + DirName: CN = t197 + DirName: CN = t198 + DirName: CN = t199 + DirName: CN = t200 + DirName: CN = t201 + DirName: CN = t202 + DirName: CN = t203 + DirName: CN = t204 + DirName: CN = t205 + DirName: CN = t206 + DirName: CN = t207 + DirName: CN = t208 + DirName: CN = t209 + DirName: CN = t210 + DirName: CN = t211 + DirName: CN = t212 + DirName: CN = t213 + DirName: CN = t214 + DirName: CN = t215 + DirName: CN = t216 + DirName: CN = t217 + DirName: CN = t218 + DirName: CN = t219 + DirName: CN = t220 + DirName: CN = t221 + DirName: CN = t222 + DirName: CN = t223 + DirName: CN = t224 + DirName: CN = t225 + DirName: CN = t226 + DirName: CN = t227 + DirName: CN = t228 + DirName: CN = t229 + DirName: CN = t230 + DirName: CN = t231 + DirName: CN = t232 + DirName: CN = t233 + DirName: CN = t234 + DirName: CN = t235 + DirName: CN = t236 + DirName: CN = t237 + DirName: CN = t238 + DirName: CN = t239 + DirName: CN = t240 + DirName: CN = t241 + DirName: CN = t242 + DirName: CN = t243 + DirName: CN = t244 + DirName: CN = t245 + DirName: CN = t246 + DirName: CN = t247 + DirName: CN = t248 + DirName: CN = t249 + DirName: CN = t250 + DirName: CN = t251 + DirName: CN = t252 + DirName: CN = t253 + DirName: CN = t254 + DirName: CN = t255 + DirName: CN = t256 + DirName: CN = t257 + DirName: CN = t258 + DirName: CN = t259 + DirName: CN = t260 + DirName: CN = t261 + DirName: CN = t262 + DirName: CN = t263 + DirName: CN = t264 + DirName: CN = t265 + DirName: CN = t266 + DirName: CN = t267 + DirName: CN = t268 + DirName: CN = t269 + DirName: CN = t270 + DirName: CN = t271 + DirName: CN = t272 + DirName: CN = t273 + DirName: CN = t274 + DirName: CN = t275 + DirName: CN = t276 + DirName: CN = t277 + DirName: CN = t278 + DirName: CN = t279 + DirName: CN = t280 + DirName: CN = t281 + DirName: CN = t282 + DirName: CN = t283 + DirName: CN = t284 + DirName: CN = t285 + DirName: CN = t286 + DirName: CN = t287 + DirName: CN = t288 + DirName: CN = t289 + DirName: CN = t290 + DirName: CN = t291 + DirName: CN = t292 + DirName: CN = t293 + DirName: CN = t294 + DirName: CN = t295 + DirName: CN = t296 + DirName: CN = t297 + DirName: CN = t298 + DirName: CN = t299 + DirName: CN = t300 + DirName: CN = t301 + DirName: CN = t302 + DirName: CN = t303 + DirName: CN = t304 + DirName: CN = t305 + DirName: CN = t306 + DirName: CN = t307 + DirName: CN = t308 + DirName: CN = t309 + DirName: CN = t310 + DirName: CN = t311 + DirName: CN = t312 + DirName: CN = t313 + DirName: CN = t314 + DirName: CN = t315 + DirName: CN = t316 + DirName: CN = t317 + DirName: CN = t318 + DirName: CN = t319 + DirName: CN = t320 + DirName: CN = t321 + DirName: CN = t322 + DirName: CN = t323 + DirName: CN = t324 + DirName: CN = t325 + DirName: CN = t326 + DirName: CN = t327 + DirName: CN = t328 + DirName: CN = t329 + DirName: CN = t330 + DirName: CN = t331 + DirName: CN = t332 + DirName: CN = t333 + DirName: CN = t334 + DirName: CN = t335 + DirName: CN = t336 + DirName: CN = t337 + DirName: CN = t338 + DirName: CN = t339 + DirName: CN = t340 + DirName: CN = t341 + DirName: CN = t342 + DirName: CN = t343 + DirName: CN = t344 + DirName: CN = t345 + DirName: CN = t346 + DirName: CN = t347 + DirName: CN = t348 + DirName: CN = t349 + DirName: CN = t350 + DirName: CN = t351 + DirName: CN = t352 + DirName: CN = t353 + DirName: CN = t354 + DirName: CN = t355 + DirName: CN = t356 + DirName: CN = t357 + DirName: CN = t358 + DirName: CN = t359 + DirName: CN = t360 + DirName: CN = t361 + DirName: CN = t362 + DirName: CN = t363 + DirName: CN = t364 + DirName: CN = t365 + DirName: CN = t366 + DirName: CN = t367 + DirName: CN = t368 + DirName: CN = t369 + DirName: CN = t370 + DirName: CN = t371 + DirName: CN = t372 + DirName: CN = t373 + DirName: CN = t374 + DirName: CN = t375 + DirName: CN = t376 + DirName: CN = t377 + DirName: CN = t378 + DirName: CN = t379 + DirName: CN = t380 + DirName: CN = t381 + DirName: CN = t382 + DirName: CN = t383 + DirName: CN = t384 + DirName: CN = t385 + DirName: CN = t386 + DirName: CN = t387 + DirName: CN = t388 + DirName: CN = t389 + DirName: CN = t390 + DirName: CN = t391 + DirName: CN = t392 + DirName: CN = t393 + DirName: CN = t394 + DirName: CN = t395 + DirName: CN = t396 + DirName: CN = t397 + DirName: CN = t398 + DirName: CN = t399 + DirName: CN = t400 + DirName: CN = t401 + DirName: CN = t402 + DirName: CN = t403 + DirName: CN = t404 + DirName: CN = t405 + DirName: CN = t406 + DirName: CN = t407 + DirName: CN = t408 + DirName: CN = t409 + DirName: CN = t410 + DirName: CN = t411 + DirName: CN = t412 + DirName: CN = t413 + DirName: CN = t414 + DirName: CN = t415 + DirName: CN = t416 + DirName: CN = t417 + DirName: CN = t418 + DirName: CN = t419 + DirName: CN = t420 + DirName: CN = t421 + DirName: CN = t422 + DirName: CN = t423 + DirName: CN = t424 + DirName: CN = t425 + DirName: CN = t426 + DirName: CN = t427 + DirName: CN = t428 + DirName: CN = t429 + DirName: CN = t430 + DirName: CN = t431 + DirName: CN = t432 + DirName: CN = t433 + DirName: CN = t434 + DirName: CN = t435 + DirName: CN = t436 + DirName: CN = t437 + DirName: CN = t438 + DirName: CN = t439 + DirName: CN = t440 + DirName: CN = t441 + DirName: CN = t442 + DirName: CN = t443 + DirName: CN = t444 + DirName: CN = t445 + DirName: CN = t446 + DirName: CN = t447 + DirName: CN = t448 + DirName: CN = t449 + DirName: CN = t450 + DirName: CN = t451 + DirName: CN = t452 + DirName: CN = t453 + DirName: CN = t454 + DirName: CN = t455 + DirName: CN = t456 + DirName: CN = t457 + DirName: CN = t458 + DirName: CN = t459 + DirName: CN = t460 + DirName: CN = t461 + DirName: CN = t462 + DirName: CN = t463 + DirName: CN = t464 + DirName: CN = t465 + DirName: CN = t466 + DirName: CN = t467 + DirName: CN = t468 + DirName: CN = t469 + DirName: CN = t470 + DirName: CN = t471 + DirName: CN = t472 + DirName: CN = t473 + DirName: CN = t474 + DirName: CN = t475 + DirName: CN = t476 + DirName: CN = t477 + DirName: CN = t478 + DirName: CN = t479 + DirName: CN = t480 + DirName: CN = t481 + DirName: CN = t482 + DirName: CN = t483 + DirName: CN = t484 + DirName: CN = t485 + DirName: CN = t486 + DirName: CN = t487 + DirName: CN = t488 + DirName: CN = t489 + DirName: CN = t490 + DirName: CN = t491 + DirName: CN = t492 + DirName: CN = t493 + DirName: CN = t494 + DirName: CN = t495 + DirName: CN = t496 + DirName: CN = t497 + DirName: CN = t498 + DirName: CN = t499 + DirName: CN = t500 + DirName: CN = t501 + DirName: CN = t502 + DirName: CN = t503 + DirName: CN = t504 + DirName: CN = t505 + DirName: CN = t506 + DirName: CN = t507 + DirName: CN = t508 + DirName: CN = t509 + DirName: CN = t510 + DirName: CN = t511 + DirName: CN = t512 + DirName: CN = t513 + DirName: CN = t514 + DirName: CN = t515 + DirName: CN = t516 + DirName: CN = t517 + DirName: CN = t518 + DirName: CN = t519 + DirName: CN = t520 + DirName: CN = t521 + DirName: CN = t522 + DirName: CN = t523 + DirName: CN = t524 + DirName: CN = t525 + DirName: CN = t526 + DirName: CN = t527 + DirName: CN = t528 + DirName: CN = t529 + DirName: CN = t530 + DirName: CN = t531 + DirName: CN = t532 + DirName: CN = t533 + DirName: CN = t534 + DirName: CN = t535 + DirName: CN = t536 + DirName: CN = t537 + DirName: CN = t538 + DirName: CN = t539 + DirName: CN = t540 + DirName: CN = t541 + DirName: CN = t542 + DirName: CN = t543 + DirName: CN = t544 + DirName: CN = t545 + DirName: CN = t546 + DirName: CN = t547 + DirName: CN = t548 + DirName: CN = t549 + DirName: CN = t550 + DirName: CN = t551 + DirName: CN = t552 + DirName: CN = t553 + DirName: CN = t554 + DirName: CN = t555 + DirName: CN = t556 + DirName: CN = t557 + DirName: CN = t558 + DirName: CN = t559 + DirName: CN = t560 + DirName: CN = t561 + DirName: CN = t562 + DirName: CN = t563 + DirName: CN = t564 + DirName: CN = t565 + DirName: CN = t566 + DirName: CN = t567 + DirName: CN = t568 + DirName: CN = t569 + DirName: CN = t570 + DirName: CN = t571 + DirName: CN = t572 + DirName: CN = t573 + DirName: CN = t574 + DirName: CN = t575 + DirName: CN = t576 + DirName: CN = t577 + DirName: CN = t578 + DirName: CN = t579 + DirName: CN = t580 + DirName: CN = t581 + DirName: CN = t582 + DirName: CN = t583 + DirName: CN = t584 + DirName: CN = t585 + DirName: CN = t586 + DirName: CN = t587 + DirName: CN = t588 + DirName: CN = t589 + DirName: CN = t590 + DirName: CN = t591 + DirName: CN = t592 + DirName: CN = t593 + DirName: CN = t594 + DirName: CN = t595 + DirName: CN = t596 + DirName: CN = t597 + DirName: CN = t598 + DirName: CN = t599 + DirName: CN = t600 + DirName: CN = t601 + DirName: CN = t602 + DirName: CN = t603 + DirName: CN = t604 + DirName: CN = t605 + DirName: CN = t606 + DirName: CN = t607 + DirName: CN = t608 + DirName: CN = t609 + DirName: CN = t610 + DirName: CN = t611 + DirName: CN = t612 + DirName: CN = t613 + DirName: CN = t614 + DirName: CN = t615 + DirName: CN = t616 + DirName: CN = t617 + DirName: CN = t618 + DirName: CN = t619 + DirName: CN = t620 + DirName: CN = t621 + DirName: CN = t622 + DirName: CN = t623 + DirName: CN = t624 + DirName: CN = t625 + DirName: CN = t626 + DirName: CN = t627 + DirName: CN = t628 + DirName: CN = t629 + DirName: CN = t630 + DirName: CN = t631 + DirName: CN = t632 + DirName: CN = t633 + DirName: CN = t634 + DirName: CN = t635 + DirName: CN = t636 + DirName: CN = t637 + DirName: CN = t638 + DirName: CN = t639 + DirName: CN = t640 + DirName: CN = t641 + DirName: CN = t642 + DirName: CN = t643 + DirName: CN = t644 + DirName: CN = t645 + DirName: CN = t646 + DirName: CN = t647 + DirName: CN = t648 + DirName: CN = t649 + DirName: CN = t650 + DirName: CN = t651 + DirName: CN = t652 + DirName: CN = t653 + DirName: CN = t654 + DirName: CN = t655 + DirName: CN = t656 + DirName: CN = t657 + DirName: CN = t658 + DirName: CN = t659 + DirName: CN = t660 + DirName: CN = t661 + DirName: CN = t662 + DirName: CN = t663 + DirName: CN = t664 + DirName: CN = t665 + DirName: CN = t666 + DirName: CN = t667 + DirName: CN = t668 + DirName: CN = t669 + DirName: CN = t670 + DirName: CN = t671 + DirName: CN = t672 + DirName: CN = t673 + DirName: CN = t674 + DirName: CN = t675 + DirName: CN = t676 + DirName: CN = t677 + DirName: CN = t678 + DirName: CN = t679 + DirName: CN = t680 + DirName: CN = t681 + DirName: CN = t682 + DirName: CN = t683 + DirName: CN = t684 + DirName: CN = t685 + DirName: CN = t686 + DirName: CN = t687 + DirName: CN = t688 + DirName: CN = t689 + DirName: CN = t690 + DirName: CN = t691 + DirName: CN = t692 + DirName: CN = t693 + DirName: CN = t694 + DirName: CN = t695 + DirName: CN = t696 + DirName: CN = t697 + DirName: CN = t698 + DirName: CN = t699 + DirName: CN = t700 + DirName: CN = t701 + DirName: CN = t702 + DirName: CN = t703 + DirName: CN = t704 + DirName: CN = t705 + DirName: CN = t706 + DirName: CN = t707 + DirName: CN = t708 + DirName: CN = t709 + DirName: CN = t710 + DirName: CN = t711 + DirName: CN = t712 + DirName: CN = t713 + DirName: CN = t714 + DirName: CN = t715 + DirName: CN = t716 + DirName: CN = t717 + DirName: CN = t718 + DirName: CN = t719 + DirName: CN = t720 + DirName: CN = t721 + DirName: CN = t722 + DirName: CN = t723 + DirName: CN = t724 + DirName: CN = t725 + DirName: CN = t726 + DirName: CN = t727 + DirName: CN = t728 + DirName: CN = t729 + DirName: CN = t730 + DirName: CN = t731 + DirName: CN = t732 + DirName: CN = t733 + DirName: CN = t734 + DirName: CN = t735 + DirName: CN = t736 + DirName: CN = t737 + DirName: CN = t738 + DirName: CN = t739 + DirName: CN = t740 + DirName: CN = t741 + DirName: CN = t742 + DirName: CN = t743 + DirName: CN = t744 + DirName: CN = t745 + DirName: CN = t746 + DirName: CN = t747 + DirName: CN = t748 + DirName: CN = t749 + DirName: CN = t750 + DirName: CN = t751 + DirName: CN = t752 + DirName: CN = t753 + DirName: CN = t754 + DirName: CN = t755 + DirName: CN = t756 + DirName: CN = t757 + DirName: CN = t758 + DirName: CN = t759 + DirName: CN = t760 + DirName: CN = t761 + DirName: CN = t762 + DirName: CN = t763 + DirName: CN = t764 + DirName: CN = t765 + DirName: CN = t766 + DirName: CN = t767 + DirName: CN = t768 + DirName: CN = t769 + DirName: CN = t770 + DirName: CN = t771 + DirName: CN = t772 + DirName: CN = t773 + DirName: CN = t774 + DirName: CN = t775 + DirName: CN = t776 + DirName: CN = t777 + DirName: CN = t778 + DirName: CN = t779 + DirName: CN = t780 + DirName: CN = t781 + DirName: CN = t782 + DirName: CN = t783 + DirName: CN = t784 + DirName: CN = t785 + DirName: CN = t786 + DirName: CN = t787 + DirName: CN = t788 + DirName: CN = t789 + DirName: CN = t790 + DirName: CN = t791 + DirName: CN = t792 + DirName: CN = t793 + DirName: CN = t794 + DirName: CN = t795 + DirName: CN = t796 + DirName: CN = t797 + DirName: CN = t798 + DirName: CN = t799 + DirName: CN = t800 + DirName: CN = t801 + DirName: CN = t802 + DirName: CN = t803 + DirName: CN = t804 + DirName: CN = t805 + DirName: CN = t806 + DirName: CN = t807 + DirName: CN = t808 + DirName: CN = t809 + DirName: CN = t810 + DirName: CN = t811 + DirName: CN = t812 + DirName: CN = t813 + DirName: CN = t814 + DirName: CN = t815 + DirName: CN = t816 + DirName: CN = t817 + DirName: CN = t818 + DirName: CN = t819 + DirName: CN = t820 + DirName: CN = t821 + DirName: CN = t822 + DirName: CN = t823 + DirName: CN = t824 + DirName: CN = t825 + DirName: CN = t826 + DirName: CN = t827 + DirName: CN = t828 + DirName: CN = t829 + DirName: CN = t830 + DirName: CN = t831 + DirName: CN = t832 + DirName: CN = t833 + DirName: CN = t834 + DirName: CN = t835 + DirName: CN = t836 + DirName: CN = t837 + DirName: CN = t838 + DirName: CN = t839 + DirName: CN = t840 + DirName: CN = t841 + DirName: CN = t842 + DirName: CN = t843 + DirName: CN = t844 + DirName: CN = t845 + DirName: CN = t846 + DirName: CN = t847 + DirName: CN = t848 + DirName: CN = t849 + DirName: CN = t850 + DirName: CN = t851 + DirName: CN = t852 + DirName: CN = t853 + DirName: CN = t854 + DirName: CN = t855 + DirName: CN = t856 + DirName: CN = t857 + DirName: CN = t858 + DirName: CN = t859 + DirName: CN = t860 + DirName: CN = t861 + DirName: CN = t862 + DirName: CN = t863 + DirName: CN = t864 + DirName: CN = t865 + DirName: CN = t866 + DirName: CN = t867 + DirName: CN = t868 + DirName: CN = t869 + DirName: CN = t870 + DirName: CN = t871 + DirName: CN = t872 + DirName: CN = t873 + DirName: CN = t874 + DirName: CN = t875 + DirName: CN = t876 + DirName: CN = t877 + DirName: CN = t878 + DirName: CN = t879 + DirName: CN = t880 + DirName: CN = t881 + DirName: CN = t882 + DirName: CN = t883 + DirName: CN = t884 + DirName: CN = t885 + DirName: CN = t886 + DirName: CN = t887 + DirName: CN = t888 + DirName: CN = t889 + DirName: CN = t890 + DirName: CN = t891 + DirName: CN = t892 + DirName: CN = t893 + DirName: CN = t894 + DirName: CN = t895 + DirName: CN = t896 + DirName: CN = t897 + DirName: CN = t898 + DirName: CN = t899 + DirName: CN = t900 + DirName: CN = t901 + DirName: CN = t902 + DirName: CN = t903 + DirName: CN = t904 + DirName: CN = t905 + DirName: CN = t906 + DirName: CN = t907 + DirName: CN = t908 + DirName: CN = t909 + DirName: CN = t910 + DirName: CN = t911 + DirName: CN = t912 + DirName: CN = t913 + DirName: CN = t914 + DirName: CN = t915 + DirName: CN = t916 + DirName: CN = t917 + DirName: CN = t918 + DirName: CN = t919 + DirName: CN = t920 + DirName: CN = t921 + DirName: CN = t922 + DirName: CN = t923 + DirName: CN = t924 + DirName: CN = t925 + DirName: CN = t926 + DirName: CN = t927 + DirName: CN = t928 + DirName: CN = t929 + DirName: CN = t930 + DirName: CN = t931 + DirName: CN = t932 + DirName: CN = t933 + DirName: CN = t934 + DirName: CN = t935 + DirName: CN = t936 + DirName: CN = t937 + DirName: CN = t938 + DirName: CN = t939 + DirName: CN = t940 + DirName: CN = t941 + DirName: CN = t942 + DirName: CN = t943 + DirName: CN = t944 + DirName: CN = t945 + DirName: CN = t946 + DirName: CN = t947 + DirName: CN = t948 + DirName: CN = t949 + DirName: CN = t950 + DirName: CN = t951 + DirName: CN = t952 + DirName: CN = t953 + DirName: CN = t954 + DirName: CN = t955 + DirName: CN = t956 + DirName: CN = t957 + DirName: CN = t958 + DirName: CN = t959 + DirName: CN = t960 + DirName: CN = t961 + DirName: CN = t962 + DirName: CN = t963 + DirName: CN = t964 + DirName: CN = t965 + DirName: CN = t966 + DirName: CN = t967 + DirName: CN = t968 + DirName: CN = t969 + DirName: CN = t970 + DirName: CN = t971 + DirName: CN = t972 + DirName: CN = t973 + DirName: CN = t974 + DirName: CN = t975 + DirName: CN = t976 + DirName: CN = t977 + DirName: CN = t978 + DirName: CN = t979 + DirName: CN = t980 + DirName: CN = t981 + DirName: CN = t982 + DirName: CN = t983 + DirName: CN = t984 + DirName: CN = t985 + DirName: CN = t986 + DirName: CN = t987 + DirName: CN = t988 + DirName: CN = t989 + DirName: CN = t990 + DirName: CN = t991 + DirName: CN = t992 + DirName: CN = t993 + DirName: CN = t994 + DirName: CN = t995 + DirName: CN = t996 + DirName: CN = t997 + DirName: CN = t998 + DirName: CN = t999 + DirName: CN = t1000 + DirName: CN = t1001 + DirName: CN = t1002 + DirName: CN = t1003 + DirName: CN = t1004 + DirName: CN = t1005 + DirName: CN = t1006 + DirName: CN = t1007 + DirName: CN = t1008 + DirName: CN = t1009 + DirName: CN = t1010 + DirName: CN = t1011 + DirName: CN = t1012 + DirName: CN = t1013 + DirName: CN = t1014 + DirName: CN = t1015 + DirName: CN = t1016 + DirName: CN = t1017 + DirName: CN = t1018 + DirName: CN = t1019 + DirName: CN = t1020 + DirName: CN = t1021 + DirName: CN = t1022 + DirName: CN = t1023 + DirName: CN = t1024 + + Signature Algorithm: sha256WithRSAEncryption + 12:ce:60:d6:3b:b5:7e:7a:8e:9e:d0:f5:fd:a8:8a:33:24:95: + 6d:79:56:24:23:12:10:8f:12:7c:e0:13:99:ba:6d:b9:b2:51: + b4:cc:50:2c:06:28:b8:d1:18:1a:16:e6:03:b4:7f:cd:b7:f6: + 06:7b:c2:77:97:52:76:8f:81:d1:f6:2c:08:e2:70:27:76:3f: + 90:a7:52:f3:15:f0:1f:40:97:99:fb:fa:9a:c1:eb:10:fa:a0: + 74:df:f1:df:8a:d2:4b:67:11:2f:5c:a9:52:78:69:e8:4b:21: + be:f2:a9:65:62:cc:0e:d9:59:8e:7a:ca:5f:01:41:d9:d2:e9: + 89:5f:bc:3c:8c:bb:4f:90:80:06:05:37:be:0c:1f:a8:56:82: + e7:92:2d:c5:89:56:d8:d4:86:9d:8a:bc:5e:43:d3:07:65:da: + d4:08:75:27:e5:49:0e:e9:f8:54:2b:7a:53:99:37:29:9b:ea: + 14:de:80:68:a9:79:26:5e:64:ff:21:6c:da:83:ef:8f:a4:df: + 3a:20:6e:5c:d3:68:48:82:ab:b9:ac:4a:28:b6:2f:35:14:98: + 54:16:a8:fa:ee:30:c3:ba:c5:2d:33:bc:32:ae:96:c6:8a:17: + 49:32:78:d4:61:29:66:7f:75:ae:16:2e:81:b2:b9:fa:56:b1: + d5:c6:9e:77 +-----BEGIN CERTIFICATE----- +MIJXVzCCVj+gAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9v0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCVKEwglSdMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wglPRBgNVHR4EglPIMIJTxKCCU8AwEaQPMA0xCzAJBgNVBAMMAnQwMBGkDzAN +MQswCQYDVQQDDAJ0MTARpA8wDTELMAkGA1UEAwwCdDIwEaQPMA0xCzAJBgNVBAMM +AnQzMBGkDzANMQswCQYDVQQDDAJ0NDARpA8wDTELMAkGA1UEAwwCdDUwEaQPMA0x +CzAJBgNVBAMMAnQ2MBGkDzANMQswCQYDVQQDDAJ0NzARpA8wDTELMAkGA1UEAwwC +dDgwEaQPMA0xCzAJBgNVBAMMAnQ5MBKkEDAOMQwwCgYDVQQDDAN0MTAwEqQQMA4x +DDAKBgNVBAMMA3QxMTASpBAwDjEMMAoGA1UEAwwDdDEyMBKkEDAOMQwwCgYDVQQD +DAN0MTMwEqQQMA4xDDAKBgNVBAMMA3QxNDASpBAwDjEMMAoGA1UEAwwDdDE1MBKk +EDAOMQwwCgYDVQQDDAN0MTYwEqQQMA4xDDAKBgNVBAMMA3QxNzASpBAwDjEMMAoG +A1UEAwwDdDE4MBKkEDAOMQwwCgYDVQQDDAN0MTkwEqQQMA4xDDAKBgNVBAMMA3Qy +MDASpBAwDjEMMAoGA1UEAwwDdDIxMBKkEDAOMQwwCgYDVQQDDAN0MjIwEqQQMA4x +DDAKBgNVBAMMA3QyMzASpBAwDjEMMAoGA1UEAwwDdDI0MBKkEDAOMQwwCgYDVQQD +DAN0MjUwEqQQMA4xDDAKBgNVBAMMA3QyNjASpBAwDjEMMAoGA1UEAwwDdDI3MBKk +EDAOMQwwCgYDVQQDDAN0MjgwEqQQMA4xDDAKBgNVBAMMA3QyOTASpBAwDjEMMAoG +A1UEAwwDdDMwMBKkEDAOMQwwCgYDVQQDDAN0MzEwEqQQMA4xDDAKBgNVBAMMA3Qz +MjASpBAwDjEMMAoGA1UEAwwDdDMzMBKkEDAOMQwwCgYDVQQDDAN0MzQwEqQQMA4x +DDAKBgNVBAMMA3QzNTASpBAwDjEMMAoGA1UEAwwDdDM2MBKkEDAOMQwwCgYDVQQD +DAN0MzcwEqQQMA4xDDAKBgNVBAMMA3QzODASpBAwDjEMMAoGA1UEAwwDdDM5MBKk +EDAOMQwwCgYDVQQDDAN0NDAwEqQQMA4xDDAKBgNVBAMMA3Q0MTASpBAwDjEMMAoG +A1UEAwwDdDQyMBKkEDAOMQwwCgYDVQQDDAN0NDMwEqQQMA4xDDAKBgNVBAMMA3Q0 +NDASpBAwDjEMMAoGA1UEAwwDdDQ1MBKkEDAOMQwwCgYDVQQDDAN0NDYwEqQQMA4x +DDAKBgNVBAMMA3Q0NzASpBAwDjEMMAoGA1UEAwwDdDQ4MBKkEDAOMQwwCgYDVQQD +DAN0NDkwEqQQMA4xDDAKBgNVBAMMA3Q1MDASpBAwDjEMMAoGA1UEAwwDdDUxMBKk +EDAOMQwwCgYDVQQDDAN0NTIwEqQQMA4xDDAKBgNVBAMMA3Q1MzASpBAwDjEMMAoG +A1UEAwwDdDU0MBKkEDAOMQwwCgYDVQQDDAN0NTUwEqQQMA4xDDAKBgNVBAMMA3Q1 +NjASpBAwDjEMMAoGA1UEAwwDdDU3MBKkEDAOMQwwCgYDVQQDDAN0NTgwEqQQMA4x +DDAKBgNVBAMMA3Q1OTASpBAwDjEMMAoGA1UEAwwDdDYwMBKkEDAOMQwwCgYDVQQD +DAN0NjEwEqQQMA4xDDAKBgNVBAMMA3Q2MjASpBAwDjEMMAoGA1UEAwwDdDYzMBKk +EDAOMQwwCgYDVQQDDAN0NjQwEqQQMA4xDDAKBgNVBAMMA3Q2NTASpBAwDjEMMAoG +A1UEAwwDdDY2MBKkEDAOMQwwCgYDVQQDDAN0NjcwEqQQMA4xDDAKBgNVBAMMA3Q2 +ODASpBAwDjEMMAoGA1UEAwwDdDY5MBKkEDAOMQwwCgYDVQQDDAN0NzAwEqQQMA4x +DDAKBgNVBAMMA3Q3MTASpBAwDjEMMAoGA1UEAwwDdDcyMBKkEDAOMQwwCgYDVQQD +DAN0NzMwEqQQMA4xDDAKBgNVBAMMA3Q3NDASpBAwDjEMMAoGA1UEAwwDdDc1MBKk +EDAOMQwwCgYDVQQDDAN0NzYwEqQQMA4xDDAKBgNVBAMMA3Q3NzASpBAwDjEMMAoG +A1UEAwwDdDc4MBKkEDAOMQwwCgYDVQQDDAN0NzkwEqQQMA4xDDAKBgNVBAMMA3Q4 +MDASpBAwDjEMMAoGA1UEAwwDdDgxMBKkEDAOMQwwCgYDVQQDDAN0ODIwEqQQMA4x +DDAKBgNVBAMMA3Q4MzASpBAwDjEMMAoGA1UEAwwDdDg0MBKkEDAOMQwwCgYDVQQD +DAN0ODUwEqQQMA4xDDAKBgNVBAMMA3Q4NjASpBAwDjEMMAoGA1UEAwwDdDg3MBKk +EDAOMQwwCgYDVQQDDAN0ODgwEqQQMA4xDDAKBgNVBAMMA3Q4OTASpBAwDjEMMAoG +A1UEAwwDdDkwMBKkEDAOMQwwCgYDVQQDDAN0OTEwEqQQMA4xDDAKBgNVBAMMA3Q5 +MjASpBAwDjEMMAoGA1UEAwwDdDkzMBKkEDAOMQwwCgYDVQQDDAN0OTQwEqQQMA4x +DDAKBgNVBAMMA3Q5NTASpBAwDjEMMAoGA1UEAwwDdDk2MBKkEDAOMQwwCgYDVQQD +DAN0OTcwEqQQMA4xDDAKBgNVBAMMA3Q5ODASpBAwDjEMMAoGA1UEAwwDdDk5MBOk +ETAPMQ0wCwYDVQQDDAR0MTAwMBOkETAPMQ0wCwYDVQQDDAR0MTAxMBOkETAPMQ0w +CwYDVQQDDAR0MTAyMBOkETAPMQ0wCwYDVQQDDAR0MTAzMBOkETAPMQ0wCwYDVQQD +DAR0MTA0MBOkETAPMQ0wCwYDVQQDDAR0MTA1MBOkETAPMQ0wCwYDVQQDDAR0MTA2 +MBOkETAPMQ0wCwYDVQQDDAR0MTA3MBOkETAPMQ0wCwYDVQQDDAR0MTA4MBOkETAP +MQ0wCwYDVQQDDAR0MTA5MBOkETAPMQ0wCwYDVQQDDAR0MTEwMBOkETAPMQ0wCwYD +VQQDDAR0MTExMBOkETAPMQ0wCwYDVQQDDAR0MTEyMBOkETAPMQ0wCwYDVQQDDAR0 +MTEzMBOkETAPMQ0wCwYDVQQDDAR0MTE0MBOkETAPMQ0wCwYDVQQDDAR0MTE1MBOk +ETAPMQ0wCwYDVQQDDAR0MTE2MBOkETAPMQ0wCwYDVQQDDAR0MTE3MBOkETAPMQ0w +CwYDVQQDDAR0MTE4MBOkETAPMQ0wCwYDVQQDDAR0MTE5MBOkETAPMQ0wCwYDVQQD +DAR0MTIwMBOkETAPMQ0wCwYDVQQDDAR0MTIxMBOkETAPMQ0wCwYDVQQDDAR0MTIy +MBOkETAPMQ0wCwYDVQQDDAR0MTIzMBOkETAPMQ0wCwYDVQQDDAR0MTI0MBOkETAP +MQ0wCwYDVQQDDAR0MTI1MBOkETAPMQ0wCwYDVQQDDAR0MTI2MBOkETAPMQ0wCwYD +VQQDDAR0MTI3MBOkETAPMQ0wCwYDVQQDDAR0MTI4MBOkETAPMQ0wCwYDVQQDDAR0 +MTI5MBOkETAPMQ0wCwYDVQQDDAR0MTMwMBOkETAPMQ0wCwYDVQQDDAR0MTMxMBOk +ETAPMQ0wCwYDVQQDDAR0MTMyMBOkETAPMQ0wCwYDVQQDDAR0MTMzMBOkETAPMQ0w +CwYDVQQDDAR0MTM0MBOkETAPMQ0wCwYDVQQDDAR0MTM1MBOkETAPMQ0wCwYDVQQD +DAR0MTM2MBOkETAPMQ0wCwYDVQQDDAR0MTM3MBOkETAPMQ0wCwYDVQQDDAR0MTM4 +MBOkETAPMQ0wCwYDVQQDDAR0MTM5MBOkETAPMQ0wCwYDVQQDDAR0MTQwMBOkETAP +MQ0wCwYDVQQDDAR0MTQxMBOkETAPMQ0wCwYDVQQDDAR0MTQyMBOkETAPMQ0wCwYD +VQQDDAR0MTQzMBOkETAPMQ0wCwYDVQQDDAR0MTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +MTQ1MBOkETAPMQ0wCwYDVQQDDAR0MTQ2MBOkETAPMQ0wCwYDVQQDDAR0MTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0MTQ4MBOkETAPMQ0wCwYDVQQDDAR0MTQ5MBOkETAPMQ0w +CwYDVQQDDAR0MTUwMBOkETAPMQ0wCwYDVQQDDAR0MTUxMBOkETAPMQ0wCwYDVQQD +DAR0MTUyMBOkETAPMQ0wCwYDVQQDDAR0MTUzMBOkETAPMQ0wCwYDVQQDDAR0MTU0 +MBOkETAPMQ0wCwYDVQQDDAR0MTU1MBOkETAPMQ0wCwYDVQQDDAR0MTU2MBOkETAP +MQ0wCwYDVQQDDAR0MTU3MBOkETAPMQ0wCwYDVQQDDAR0MTU4MBOkETAPMQ0wCwYD +VQQDDAR0MTU5MBOkETAPMQ0wCwYDVQQDDAR0MTYwMBOkETAPMQ0wCwYDVQQDDAR0 +MTYxMBOkETAPMQ0wCwYDVQQDDAR0MTYyMBOkETAPMQ0wCwYDVQQDDAR0MTYzMBOk +ETAPMQ0wCwYDVQQDDAR0MTY0MBOkETAPMQ0wCwYDVQQDDAR0MTY1MBOkETAPMQ0w +CwYDVQQDDAR0MTY2MBOkETAPMQ0wCwYDVQQDDAR0MTY3MBOkETAPMQ0wCwYDVQQD +DAR0MTY4MBOkETAPMQ0wCwYDVQQDDAR0MTY5MBOkETAPMQ0wCwYDVQQDDAR0MTcw +MBOkETAPMQ0wCwYDVQQDDAR0MTcxMBOkETAPMQ0wCwYDVQQDDAR0MTcyMBOkETAP +MQ0wCwYDVQQDDAR0MTczMBOkETAPMQ0wCwYDVQQDDAR0MTc0MBOkETAPMQ0wCwYD +VQQDDAR0MTc1MBOkETAPMQ0wCwYDVQQDDAR0MTc2MBOkETAPMQ0wCwYDVQQDDAR0 +MTc3MBOkETAPMQ0wCwYDVQQDDAR0MTc4MBOkETAPMQ0wCwYDVQQDDAR0MTc5MBOk +ETAPMQ0wCwYDVQQDDAR0MTgwMBOkETAPMQ0wCwYDVQQDDAR0MTgxMBOkETAPMQ0w +CwYDVQQDDAR0MTgyMBOkETAPMQ0wCwYDVQQDDAR0MTgzMBOkETAPMQ0wCwYDVQQD +DAR0MTg0MBOkETAPMQ0wCwYDVQQDDAR0MTg1MBOkETAPMQ0wCwYDVQQDDAR0MTg2 +MBOkETAPMQ0wCwYDVQQDDAR0MTg3MBOkETAPMQ0wCwYDVQQDDAR0MTg4MBOkETAP +MQ0wCwYDVQQDDAR0MTg5MBOkETAPMQ0wCwYDVQQDDAR0MTkwMBOkETAPMQ0wCwYD +VQQDDAR0MTkxMBOkETAPMQ0wCwYDVQQDDAR0MTkyMBOkETAPMQ0wCwYDVQQDDAR0 +MTkzMBOkETAPMQ0wCwYDVQQDDAR0MTk0MBOkETAPMQ0wCwYDVQQDDAR0MTk1MBOk +ETAPMQ0wCwYDVQQDDAR0MTk2MBOkETAPMQ0wCwYDVQQDDAR0MTk3MBOkETAPMQ0w +CwYDVQQDDAR0MTk4MBOkETAPMQ0wCwYDVQQDDAR0MTk5MBOkETAPMQ0wCwYDVQQD +DAR0MjAwMBOkETAPMQ0wCwYDVQQDDAR0MjAxMBOkETAPMQ0wCwYDVQQDDAR0MjAy +MBOkETAPMQ0wCwYDVQQDDAR0MjAzMBOkETAPMQ0wCwYDVQQDDAR0MjA0MBOkETAP +MQ0wCwYDVQQDDAR0MjA1MBOkETAPMQ0wCwYDVQQDDAR0MjA2MBOkETAPMQ0wCwYD +VQQDDAR0MjA3MBOkETAPMQ0wCwYDVQQDDAR0MjA4MBOkETAPMQ0wCwYDVQQDDAR0 +MjA5MBOkETAPMQ0wCwYDVQQDDAR0MjEwMBOkETAPMQ0wCwYDVQQDDAR0MjExMBOk +ETAPMQ0wCwYDVQQDDAR0MjEyMBOkETAPMQ0wCwYDVQQDDAR0MjEzMBOkETAPMQ0w +CwYDVQQDDAR0MjE0MBOkETAPMQ0wCwYDVQQDDAR0MjE1MBOkETAPMQ0wCwYDVQQD +DAR0MjE2MBOkETAPMQ0wCwYDVQQDDAR0MjE3MBOkETAPMQ0wCwYDVQQDDAR0MjE4 +MBOkETAPMQ0wCwYDVQQDDAR0MjE5MBOkETAPMQ0wCwYDVQQDDAR0MjIwMBOkETAP +MQ0wCwYDVQQDDAR0MjIxMBOkETAPMQ0wCwYDVQQDDAR0MjIyMBOkETAPMQ0wCwYD +VQQDDAR0MjIzMBOkETAPMQ0wCwYDVQQDDAR0MjI0MBOkETAPMQ0wCwYDVQQDDAR0 +MjI1MBOkETAPMQ0wCwYDVQQDDAR0MjI2MBOkETAPMQ0wCwYDVQQDDAR0MjI3MBOk +ETAPMQ0wCwYDVQQDDAR0MjI4MBOkETAPMQ0wCwYDVQQDDAR0MjI5MBOkETAPMQ0w +CwYDVQQDDAR0MjMwMBOkETAPMQ0wCwYDVQQDDAR0MjMxMBOkETAPMQ0wCwYDVQQD +DAR0MjMyMBOkETAPMQ0wCwYDVQQDDAR0MjMzMBOkETAPMQ0wCwYDVQQDDAR0MjM0 +MBOkETAPMQ0wCwYDVQQDDAR0MjM1MBOkETAPMQ0wCwYDVQQDDAR0MjM2MBOkETAP +MQ0wCwYDVQQDDAR0MjM3MBOkETAPMQ0wCwYDVQQDDAR0MjM4MBOkETAPMQ0wCwYD +VQQDDAR0MjM5MBOkETAPMQ0wCwYDVQQDDAR0MjQwMBOkETAPMQ0wCwYDVQQDDAR0 +MjQxMBOkETAPMQ0wCwYDVQQDDAR0MjQyMBOkETAPMQ0wCwYDVQQDDAR0MjQzMBOk +ETAPMQ0wCwYDVQQDDAR0MjQ0MBOkETAPMQ0wCwYDVQQDDAR0MjQ1MBOkETAPMQ0w +CwYDVQQDDAR0MjQ2MBOkETAPMQ0wCwYDVQQDDAR0MjQ3MBOkETAPMQ0wCwYDVQQD +DAR0MjQ4MBOkETAPMQ0wCwYDVQQDDAR0MjQ5MBOkETAPMQ0wCwYDVQQDDAR0MjUw +MBOkETAPMQ0wCwYDVQQDDAR0MjUxMBOkETAPMQ0wCwYDVQQDDAR0MjUyMBOkETAP +MQ0wCwYDVQQDDAR0MjUzMBOkETAPMQ0wCwYDVQQDDAR0MjU0MBOkETAPMQ0wCwYD +VQQDDAR0MjU1MBOkETAPMQ0wCwYDVQQDDAR0MjU2MBOkETAPMQ0wCwYDVQQDDAR0 +MjU3MBOkETAPMQ0wCwYDVQQDDAR0MjU4MBOkETAPMQ0wCwYDVQQDDAR0MjU5MBOk +ETAPMQ0wCwYDVQQDDAR0MjYwMBOkETAPMQ0wCwYDVQQDDAR0MjYxMBOkETAPMQ0w +CwYDVQQDDAR0MjYyMBOkETAPMQ0wCwYDVQQDDAR0MjYzMBOkETAPMQ0wCwYDVQQD +DAR0MjY0MBOkETAPMQ0wCwYDVQQDDAR0MjY1MBOkETAPMQ0wCwYDVQQDDAR0MjY2 +MBOkETAPMQ0wCwYDVQQDDAR0MjY3MBOkETAPMQ0wCwYDVQQDDAR0MjY4MBOkETAP +MQ0wCwYDVQQDDAR0MjY5MBOkETAPMQ0wCwYDVQQDDAR0MjcwMBOkETAPMQ0wCwYD +VQQDDAR0MjcxMBOkETAPMQ0wCwYDVQQDDAR0MjcyMBOkETAPMQ0wCwYDVQQDDAR0 +MjczMBOkETAPMQ0wCwYDVQQDDAR0Mjc0MBOkETAPMQ0wCwYDVQQDDAR0Mjc1MBOk +ETAPMQ0wCwYDVQQDDAR0Mjc2MBOkETAPMQ0wCwYDVQQDDAR0Mjc3MBOkETAPMQ0w +CwYDVQQDDAR0Mjc4MBOkETAPMQ0wCwYDVQQDDAR0Mjc5MBOkETAPMQ0wCwYDVQQD +DAR0MjgwMBOkETAPMQ0wCwYDVQQDDAR0MjgxMBOkETAPMQ0wCwYDVQQDDAR0Mjgy +MBOkETAPMQ0wCwYDVQQDDAR0MjgzMBOkETAPMQ0wCwYDVQQDDAR0Mjg0MBOkETAP +MQ0wCwYDVQQDDAR0Mjg1MBOkETAPMQ0wCwYDVQQDDAR0Mjg2MBOkETAPMQ0wCwYD +VQQDDAR0Mjg3MBOkETAPMQ0wCwYDVQQDDAR0Mjg4MBOkETAPMQ0wCwYDVQQDDAR0 +Mjg5MBOkETAPMQ0wCwYDVQQDDAR0MjkwMBOkETAPMQ0wCwYDVQQDDAR0MjkxMBOk +ETAPMQ0wCwYDVQQDDAR0MjkyMBOkETAPMQ0wCwYDVQQDDAR0MjkzMBOkETAPMQ0w +CwYDVQQDDAR0Mjk0MBOkETAPMQ0wCwYDVQQDDAR0Mjk1MBOkETAPMQ0wCwYDVQQD +DAR0Mjk2MBOkETAPMQ0wCwYDVQQDDAR0Mjk3MBOkETAPMQ0wCwYDVQQDDAR0Mjk4 +MBOkETAPMQ0wCwYDVQQDDAR0Mjk5MBOkETAPMQ0wCwYDVQQDDAR0MzAwMBOkETAP +MQ0wCwYDVQQDDAR0MzAxMBOkETAPMQ0wCwYDVQQDDAR0MzAyMBOkETAPMQ0wCwYD +VQQDDAR0MzAzMBOkETAPMQ0wCwYDVQQDDAR0MzA0MBOkETAPMQ0wCwYDVQQDDAR0 +MzA1MBOkETAPMQ0wCwYDVQQDDAR0MzA2MBOkETAPMQ0wCwYDVQQDDAR0MzA3MBOk +ETAPMQ0wCwYDVQQDDAR0MzA4MBOkETAPMQ0wCwYDVQQDDAR0MzA5MBOkETAPMQ0w +CwYDVQQDDAR0MzEwMBOkETAPMQ0wCwYDVQQDDAR0MzExMBOkETAPMQ0wCwYDVQQD +DAR0MzEyMBOkETAPMQ0wCwYDVQQDDAR0MzEzMBOkETAPMQ0wCwYDVQQDDAR0MzE0 +MBOkETAPMQ0wCwYDVQQDDAR0MzE1MBOkETAPMQ0wCwYDVQQDDAR0MzE2MBOkETAP +MQ0wCwYDVQQDDAR0MzE3MBOkETAPMQ0wCwYDVQQDDAR0MzE4MBOkETAPMQ0wCwYD +VQQDDAR0MzE5MBOkETAPMQ0wCwYDVQQDDAR0MzIwMBOkETAPMQ0wCwYDVQQDDAR0 +MzIxMBOkETAPMQ0wCwYDVQQDDAR0MzIyMBOkETAPMQ0wCwYDVQQDDAR0MzIzMBOk +ETAPMQ0wCwYDVQQDDAR0MzI0MBOkETAPMQ0wCwYDVQQDDAR0MzI1MBOkETAPMQ0w +CwYDVQQDDAR0MzI2MBOkETAPMQ0wCwYDVQQDDAR0MzI3MBOkETAPMQ0wCwYDVQQD +DAR0MzI4MBOkETAPMQ0wCwYDVQQDDAR0MzI5MBOkETAPMQ0wCwYDVQQDDAR0MzMw +MBOkETAPMQ0wCwYDVQQDDAR0MzMxMBOkETAPMQ0wCwYDVQQDDAR0MzMyMBOkETAP +MQ0wCwYDVQQDDAR0MzMzMBOkETAPMQ0wCwYDVQQDDAR0MzM0MBOkETAPMQ0wCwYD +VQQDDAR0MzM1MBOkETAPMQ0wCwYDVQQDDAR0MzM2MBOkETAPMQ0wCwYDVQQDDAR0 +MzM3MBOkETAPMQ0wCwYDVQQDDAR0MzM4MBOkETAPMQ0wCwYDVQQDDAR0MzM5MBOk +ETAPMQ0wCwYDVQQDDAR0MzQwMBOkETAPMQ0wCwYDVQQDDAR0MzQxMBOkETAPMQ0w +CwYDVQQDDAR0MzQyMBOkETAPMQ0wCwYDVQQDDAR0MzQzMBOkETAPMQ0wCwYDVQQD +DAR0MzQ0MBOkETAPMQ0wCwYDVQQDDAR0MzQ1MBOkETAPMQ0wCwYDVQQDDAR0MzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0MzQ3MBOkETAPMQ0wCwYDVQQDDAR0MzQ4MBOkETAP +MQ0wCwYDVQQDDAR0MzQ5MBOkETAPMQ0wCwYDVQQDDAR0MzUwMBOkETAPMQ0wCwYD +VQQDDAR0MzUxMBOkETAPMQ0wCwYDVQQDDAR0MzUyMBOkETAPMQ0wCwYDVQQDDAR0 +MzUzMBOkETAPMQ0wCwYDVQQDDAR0MzU0MBOkETAPMQ0wCwYDVQQDDAR0MzU1MBOk +ETAPMQ0wCwYDVQQDDAR0MzU2MBOkETAPMQ0wCwYDVQQDDAR0MzU3MBOkETAPMQ0w +CwYDVQQDDAR0MzU4MBOkETAPMQ0wCwYDVQQDDAR0MzU5MBOkETAPMQ0wCwYDVQQD +DAR0MzYwMBOkETAPMQ0wCwYDVQQDDAR0MzYxMBOkETAPMQ0wCwYDVQQDDAR0MzYy +MBOkETAPMQ0wCwYDVQQDDAR0MzYzMBOkETAPMQ0wCwYDVQQDDAR0MzY0MBOkETAP +MQ0wCwYDVQQDDAR0MzY1MBOkETAPMQ0wCwYDVQQDDAR0MzY2MBOkETAPMQ0wCwYD +VQQDDAR0MzY3MBOkETAPMQ0wCwYDVQQDDAR0MzY4MBOkETAPMQ0wCwYDVQQDDAR0 +MzY5MBOkETAPMQ0wCwYDVQQDDAR0MzcwMBOkETAPMQ0wCwYDVQQDDAR0MzcxMBOk +ETAPMQ0wCwYDVQQDDAR0MzcyMBOkETAPMQ0wCwYDVQQDDAR0MzczMBOkETAPMQ0w +CwYDVQQDDAR0Mzc0MBOkETAPMQ0wCwYDVQQDDAR0Mzc1MBOkETAPMQ0wCwYDVQQD +DAR0Mzc2MBOkETAPMQ0wCwYDVQQDDAR0Mzc3MBOkETAPMQ0wCwYDVQQDDAR0Mzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Mzc5MBOkETAPMQ0wCwYDVQQDDAR0MzgwMBOkETAP +MQ0wCwYDVQQDDAR0MzgxMBOkETAPMQ0wCwYDVQQDDAR0MzgyMBOkETAPMQ0wCwYD +VQQDDAR0MzgzMBOkETAPMQ0wCwYDVQQDDAR0Mzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Mzg1MBOkETAPMQ0wCwYDVQQDDAR0Mzg2MBOkETAPMQ0wCwYDVQQDDAR0Mzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Mzg4MBOkETAPMQ0wCwYDVQQDDAR0Mzg5MBOkETAPMQ0w +CwYDVQQDDAR0MzkwMBOkETAPMQ0wCwYDVQQDDAR0MzkxMBOkETAPMQ0wCwYDVQQD +DAR0MzkyMBOkETAPMQ0wCwYDVQQDDAR0MzkzMBOkETAPMQ0wCwYDVQQDDAR0Mzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Mzk1MBOkETAPMQ0wCwYDVQQDDAR0Mzk2MBOkETAP +MQ0wCwYDVQQDDAR0Mzk3MBOkETAPMQ0wCwYDVQQDDAR0Mzk4MBOkETAPMQ0wCwYD +VQQDDAR0Mzk5MBOkETAPMQ0wCwYDVQQDDAR0NDAwMBOkETAPMQ0wCwYDVQQDDAR0 +NDAxMBOkETAPMQ0wCwYDVQQDDAR0NDAyMBOkETAPMQ0wCwYDVQQDDAR0NDAzMBOk +ETAPMQ0wCwYDVQQDDAR0NDA0MBOkETAPMQ0wCwYDVQQDDAR0NDA1MBOkETAPMQ0w +CwYDVQQDDAR0NDA2MBOkETAPMQ0wCwYDVQQDDAR0NDA3MBOkETAPMQ0wCwYDVQQD +DAR0NDA4MBOkETAPMQ0wCwYDVQQDDAR0NDA5MBOkETAPMQ0wCwYDVQQDDAR0NDEw +MBOkETAPMQ0wCwYDVQQDDAR0NDExMBOkETAPMQ0wCwYDVQQDDAR0NDEyMBOkETAP +MQ0wCwYDVQQDDAR0NDEzMBOkETAPMQ0wCwYDVQQDDAR0NDE0MBOkETAPMQ0wCwYD +VQQDDAR0NDE1MBOkETAPMQ0wCwYDVQQDDAR0NDE2MBOkETAPMQ0wCwYDVQQDDAR0 +NDE3MBOkETAPMQ0wCwYDVQQDDAR0NDE4MBOkETAPMQ0wCwYDVQQDDAR0NDE5MBOk +ETAPMQ0wCwYDVQQDDAR0NDIwMBOkETAPMQ0wCwYDVQQDDAR0NDIxMBOkETAPMQ0w +CwYDVQQDDAR0NDIyMBOkETAPMQ0wCwYDVQQDDAR0NDIzMBOkETAPMQ0wCwYDVQQD +DAR0NDI0MBOkETAPMQ0wCwYDVQQDDAR0NDI1MBOkETAPMQ0wCwYDVQQDDAR0NDI2 +MBOkETAPMQ0wCwYDVQQDDAR0NDI3MBOkETAPMQ0wCwYDVQQDDAR0NDI4MBOkETAP +MQ0wCwYDVQQDDAR0NDI5MBOkETAPMQ0wCwYDVQQDDAR0NDMwMBOkETAPMQ0wCwYD +VQQDDAR0NDMxMBOkETAPMQ0wCwYDVQQDDAR0NDMyMBOkETAPMQ0wCwYDVQQDDAR0 +NDMzMBOkETAPMQ0wCwYDVQQDDAR0NDM0MBOkETAPMQ0wCwYDVQQDDAR0NDM1MBOk +ETAPMQ0wCwYDVQQDDAR0NDM2MBOkETAPMQ0wCwYDVQQDDAR0NDM3MBOkETAPMQ0w +CwYDVQQDDAR0NDM4MBOkETAPMQ0wCwYDVQQDDAR0NDM5MBOkETAPMQ0wCwYDVQQD +DAR0NDQwMBOkETAPMQ0wCwYDVQQDDAR0NDQxMBOkETAPMQ0wCwYDVQQDDAR0NDQy +MBOkETAPMQ0wCwYDVQQDDAR0NDQzMBOkETAPMQ0wCwYDVQQDDAR0NDQ0MBOkETAP +MQ0wCwYDVQQDDAR0NDQ1MBOkETAPMQ0wCwYDVQQDDAR0NDQ2MBOkETAPMQ0wCwYD +VQQDDAR0NDQ3MBOkETAPMQ0wCwYDVQQDDAR0NDQ4MBOkETAPMQ0wCwYDVQQDDAR0 +NDQ5MBOkETAPMQ0wCwYDVQQDDAR0NDUwMBOkETAPMQ0wCwYDVQQDDAR0NDUxMBOk +ETAPMQ0wCwYDVQQDDAR0NDUyMBOkETAPMQ0wCwYDVQQDDAR0NDUzMBOkETAPMQ0w +CwYDVQQDDAR0NDU0MBOkETAPMQ0wCwYDVQQDDAR0NDU1MBOkETAPMQ0wCwYDVQQD +DAR0NDU2MBOkETAPMQ0wCwYDVQQDDAR0NDU3MBOkETAPMQ0wCwYDVQQDDAR0NDU4 +MBOkETAPMQ0wCwYDVQQDDAR0NDU5MBOkETAPMQ0wCwYDVQQDDAR0NDYwMBOkETAP +MQ0wCwYDVQQDDAR0NDYxMBOkETAPMQ0wCwYDVQQDDAR0NDYyMBOkETAPMQ0wCwYD +VQQDDAR0NDYzMBOkETAPMQ0wCwYDVQQDDAR0NDY0MBOkETAPMQ0wCwYDVQQDDAR0 +NDY1MBOkETAPMQ0wCwYDVQQDDAR0NDY2MBOkETAPMQ0wCwYDVQQDDAR0NDY3MBOk +ETAPMQ0wCwYDVQQDDAR0NDY4MBOkETAPMQ0wCwYDVQQDDAR0NDY5MBOkETAPMQ0w +CwYDVQQDDAR0NDcwMBOkETAPMQ0wCwYDVQQDDAR0NDcxMBOkETAPMQ0wCwYDVQQD +DAR0NDcyMBOkETAPMQ0wCwYDVQQDDAR0NDczMBOkETAPMQ0wCwYDVQQDDAR0NDc0 +MBOkETAPMQ0wCwYDVQQDDAR0NDc1MBOkETAPMQ0wCwYDVQQDDAR0NDc2MBOkETAP +MQ0wCwYDVQQDDAR0NDc3MBOkETAPMQ0wCwYDVQQDDAR0NDc4MBOkETAPMQ0wCwYD +VQQDDAR0NDc5MBOkETAPMQ0wCwYDVQQDDAR0NDgwMBOkETAPMQ0wCwYDVQQDDAR0 +NDgxMBOkETAPMQ0wCwYDVQQDDAR0NDgyMBOkETAPMQ0wCwYDVQQDDAR0NDgzMBOk +ETAPMQ0wCwYDVQQDDAR0NDg0MBOkETAPMQ0wCwYDVQQDDAR0NDg1MBOkETAPMQ0w +CwYDVQQDDAR0NDg2MBOkETAPMQ0wCwYDVQQDDAR0NDg3MBOkETAPMQ0wCwYDVQQD +DAR0NDg4MBOkETAPMQ0wCwYDVQQDDAR0NDg5MBOkETAPMQ0wCwYDVQQDDAR0NDkw +MBOkETAPMQ0wCwYDVQQDDAR0NDkxMBOkETAPMQ0wCwYDVQQDDAR0NDkyMBOkETAP +MQ0wCwYDVQQDDAR0NDkzMBOkETAPMQ0wCwYDVQQDDAR0NDk0MBOkETAPMQ0wCwYD +VQQDDAR0NDk1MBOkETAPMQ0wCwYDVQQDDAR0NDk2MBOkETAPMQ0wCwYDVQQDDAR0 +NDk3MBOkETAPMQ0wCwYDVQQDDAR0NDk4MBOkETAPMQ0wCwYDVQQDDAR0NDk5MBOk +ETAPMQ0wCwYDVQQDDAR0NTAwMBOkETAPMQ0wCwYDVQQDDAR0NTAxMBOkETAPMQ0w +CwYDVQQDDAR0NTAyMBOkETAPMQ0wCwYDVQQDDAR0NTAzMBOkETAPMQ0wCwYDVQQD +DAR0NTA0MBOkETAPMQ0wCwYDVQQDDAR0NTA1MBOkETAPMQ0wCwYDVQQDDAR0NTA2 +MBOkETAPMQ0wCwYDVQQDDAR0NTA3MBOkETAPMQ0wCwYDVQQDDAR0NTA4MBOkETAP +MQ0wCwYDVQQDDAR0NTA5MBOkETAPMQ0wCwYDVQQDDAR0NTEwMBOkETAPMQ0wCwYD +VQQDDAR0NTExMBOkETAPMQ0wCwYDVQQDDAR0NTEyMBOkETAPMQ0wCwYDVQQDDAR0 +NTEzMBOkETAPMQ0wCwYDVQQDDAR0NTE0MBOkETAPMQ0wCwYDVQQDDAR0NTE1MBOk +ETAPMQ0wCwYDVQQDDAR0NTE2MBOkETAPMQ0wCwYDVQQDDAR0NTE3MBOkETAPMQ0w +CwYDVQQDDAR0NTE4MBOkETAPMQ0wCwYDVQQDDAR0NTE5MBOkETAPMQ0wCwYDVQQD +DAR0NTIwMBOkETAPMQ0wCwYDVQQDDAR0NTIxMBOkETAPMQ0wCwYDVQQDDAR0NTIy +MBOkETAPMQ0wCwYDVQQDDAR0NTIzMBOkETAPMQ0wCwYDVQQDDAR0NTI0MBOkETAP +MQ0wCwYDVQQDDAR0NTI1MBOkETAPMQ0wCwYDVQQDDAR0NTI2MBOkETAPMQ0wCwYD +VQQDDAR0NTI3MBOkETAPMQ0wCwYDVQQDDAR0NTI4MBOkETAPMQ0wCwYDVQQDDAR0 +NTI5MBOkETAPMQ0wCwYDVQQDDAR0NTMwMBOkETAPMQ0wCwYDVQQDDAR0NTMxMBOk +ETAPMQ0wCwYDVQQDDAR0NTMyMBOkETAPMQ0wCwYDVQQDDAR0NTMzMBOkETAPMQ0w +CwYDVQQDDAR0NTM0MBOkETAPMQ0wCwYDVQQDDAR0NTM1MBOkETAPMQ0wCwYDVQQD +DAR0NTM2MBOkETAPMQ0wCwYDVQQDDAR0NTM3MBOkETAPMQ0wCwYDVQQDDAR0NTM4 +MBOkETAPMQ0wCwYDVQQDDAR0NTM5MBOkETAPMQ0wCwYDVQQDDAR0NTQwMBOkETAP +MQ0wCwYDVQQDDAR0NTQxMBOkETAPMQ0wCwYDVQQDDAR0NTQyMBOkETAPMQ0wCwYD +VQQDDAR0NTQzMBOkETAPMQ0wCwYDVQQDDAR0NTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +NTQ1MBOkETAPMQ0wCwYDVQQDDAR0NTQ2MBOkETAPMQ0wCwYDVQQDDAR0NTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0NTQ4MBOkETAPMQ0wCwYDVQQDDAR0NTQ5MBOkETAPMQ0w +CwYDVQQDDAR0NTUwMBOkETAPMQ0wCwYDVQQDDAR0NTUxMBOkETAPMQ0wCwYDVQQD +DAR0NTUyMBOkETAPMQ0wCwYDVQQDDAR0NTUzMBOkETAPMQ0wCwYDVQQDDAR0NTU0 +MBOkETAPMQ0wCwYDVQQDDAR0NTU1MBOkETAPMQ0wCwYDVQQDDAR0NTU2MBOkETAP +MQ0wCwYDVQQDDAR0NTU3MBOkETAPMQ0wCwYDVQQDDAR0NTU4MBOkETAPMQ0wCwYD +VQQDDAR0NTU5MBOkETAPMQ0wCwYDVQQDDAR0NTYwMBOkETAPMQ0wCwYDVQQDDAR0 +NTYxMBOkETAPMQ0wCwYDVQQDDAR0NTYyMBOkETAPMQ0wCwYDVQQDDAR0NTYzMBOk +ETAPMQ0wCwYDVQQDDAR0NTY0MBOkETAPMQ0wCwYDVQQDDAR0NTY1MBOkETAPMQ0w +CwYDVQQDDAR0NTY2MBOkETAPMQ0wCwYDVQQDDAR0NTY3MBOkETAPMQ0wCwYDVQQD +DAR0NTY4MBOkETAPMQ0wCwYDVQQDDAR0NTY5MBOkETAPMQ0wCwYDVQQDDAR0NTcw +MBOkETAPMQ0wCwYDVQQDDAR0NTcxMBOkETAPMQ0wCwYDVQQDDAR0NTcyMBOkETAP +MQ0wCwYDVQQDDAR0NTczMBOkETAPMQ0wCwYDVQQDDAR0NTc0MBOkETAPMQ0wCwYD +VQQDDAR0NTc1MBOkETAPMQ0wCwYDVQQDDAR0NTc2MBOkETAPMQ0wCwYDVQQDDAR0 +NTc3MBOkETAPMQ0wCwYDVQQDDAR0NTc4MBOkETAPMQ0wCwYDVQQDDAR0NTc5MBOk +ETAPMQ0wCwYDVQQDDAR0NTgwMBOkETAPMQ0wCwYDVQQDDAR0NTgxMBOkETAPMQ0w +CwYDVQQDDAR0NTgyMBOkETAPMQ0wCwYDVQQDDAR0NTgzMBOkETAPMQ0wCwYDVQQD +DAR0NTg0MBOkETAPMQ0wCwYDVQQDDAR0NTg1MBOkETAPMQ0wCwYDVQQDDAR0NTg2 +MBOkETAPMQ0wCwYDVQQDDAR0NTg3MBOkETAPMQ0wCwYDVQQDDAR0NTg4MBOkETAP +MQ0wCwYDVQQDDAR0NTg5MBOkETAPMQ0wCwYDVQQDDAR0NTkwMBOkETAPMQ0wCwYD +VQQDDAR0NTkxMBOkETAPMQ0wCwYDVQQDDAR0NTkyMBOkETAPMQ0wCwYDVQQDDAR0 +NTkzMBOkETAPMQ0wCwYDVQQDDAR0NTk0MBOkETAPMQ0wCwYDVQQDDAR0NTk1MBOk +ETAPMQ0wCwYDVQQDDAR0NTk2MBOkETAPMQ0wCwYDVQQDDAR0NTk3MBOkETAPMQ0w +CwYDVQQDDAR0NTk4MBOkETAPMQ0wCwYDVQQDDAR0NTk5MBOkETAPMQ0wCwYDVQQD +DAR0NjAwMBOkETAPMQ0wCwYDVQQDDAR0NjAxMBOkETAPMQ0wCwYDVQQDDAR0NjAy +MBOkETAPMQ0wCwYDVQQDDAR0NjAzMBOkETAPMQ0wCwYDVQQDDAR0NjA0MBOkETAP +MQ0wCwYDVQQDDAR0NjA1MBOkETAPMQ0wCwYDVQQDDAR0NjA2MBOkETAPMQ0wCwYD +VQQDDAR0NjA3MBOkETAPMQ0wCwYDVQQDDAR0NjA4MBOkETAPMQ0wCwYDVQQDDAR0 +NjA5MBOkETAPMQ0wCwYDVQQDDAR0NjEwMBOkETAPMQ0wCwYDVQQDDAR0NjExMBOk +ETAPMQ0wCwYDVQQDDAR0NjEyMBOkETAPMQ0wCwYDVQQDDAR0NjEzMBOkETAPMQ0w +CwYDVQQDDAR0NjE0MBOkETAPMQ0wCwYDVQQDDAR0NjE1MBOkETAPMQ0wCwYDVQQD +DAR0NjE2MBOkETAPMQ0wCwYDVQQDDAR0NjE3MBOkETAPMQ0wCwYDVQQDDAR0NjE4 +MBOkETAPMQ0wCwYDVQQDDAR0NjE5MBOkETAPMQ0wCwYDVQQDDAR0NjIwMBOkETAP +MQ0wCwYDVQQDDAR0NjIxMBOkETAPMQ0wCwYDVQQDDAR0NjIyMBOkETAPMQ0wCwYD +VQQDDAR0NjIzMBOkETAPMQ0wCwYDVQQDDAR0NjI0MBOkETAPMQ0wCwYDVQQDDAR0 +NjI1MBOkETAPMQ0wCwYDVQQDDAR0NjI2MBOkETAPMQ0wCwYDVQQDDAR0NjI3MBOk +ETAPMQ0wCwYDVQQDDAR0NjI4MBOkETAPMQ0wCwYDVQQDDAR0NjI5MBOkETAPMQ0w +CwYDVQQDDAR0NjMwMBOkETAPMQ0wCwYDVQQDDAR0NjMxMBOkETAPMQ0wCwYDVQQD +DAR0NjMyMBOkETAPMQ0wCwYDVQQDDAR0NjMzMBOkETAPMQ0wCwYDVQQDDAR0NjM0 +MBOkETAPMQ0wCwYDVQQDDAR0NjM1MBOkETAPMQ0wCwYDVQQDDAR0NjM2MBOkETAP +MQ0wCwYDVQQDDAR0NjM3MBOkETAPMQ0wCwYDVQQDDAR0NjM4MBOkETAPMQ0wCwYD +VQQDDAR0NjM5MBOkETAPMQ0wCwYDVQQDDAR0NjQwMBOkETAPMQ0wCwYDVQQDDAR0 +NjQxMBOkETAPMQ0wCwYDVQQDDAR0NjQyMBOkETAPMQ0wCwYDVQQDDAR0NjQzMBOk +ETAPMQ0wCwYDVQQDDAR0NjQ0MBOkETAPMQ0wCwYDVQQDDAR0NjQ1MBOkETAPMQ0w +CwYDVQQDDAR0NjQ2MBOkETAPMQ0wCwYDVQQDDAR0NjQ3MBOkETAPMQ0wCwYDVQQD +DAR0NjQ4MBOkETAPMQ0wCwYDVQQDDAR0NjQ5MBOkETAPMQ0wCwYDVQQDDAR0NjUw +MBOkETAPMQ0wCwYDVQQDDAR0NjUxMBOkETAPMQ0wCwYDVQQDDAR0NjUyMBOkETAP +MQ0wCwYDVQQDDAR0NjUzMBOkETAPMQ0wCwYDVQQDDAR0NjU0MBOkETAPMQ0wCwYD +VQQDDAR0NjU1MBOkETAPMQ0wCwYDVQQDDAR0NjU2MBOkETAPMQ0wCwYDVQQDDAR0 +NjU3MBOkETAPMQ0wCwYDVQQDDAR0NjU4MBOkETAPMQ0wCwYDVQQDDAR0NjU5MBOk +ETAPMQ0wCwYDVQQDDAR0NjYwMBOkETAPMQ0wCwYDVQQDDAR0NjYxMBOkETAPMQ0w +CwYDVQQDDAR0NjYyMBOkETAPMQ0wCwYDVQQDDAR0NjYzMBOkETAPMQ0wCwYDVQQD +DAR0NjY0MBOkETAPMQ0wCwYDVQQDDAR0NjY1MBOkETAPMQ0wCwYDVQQDDAR0NjY2 +MBOkETAPMQ0wCwYDVQQDDAR0NjY3MBOkETAPMQ0wCwYDVQQDDAR0NjY4MBOkETAP +MQ0wCwYDVQQDDAR0NjY5MBOkETAPMQ0wCwYDVQQDDAR0NjcwMBOkETAPMQ0wCwYD +VQQDDAR0NjcxMBOkETAPMQ0wCwYDVQQDDAR0NjcyMBOkETAPMQ0wCwYDVQQDDAR0 +NjczMBOkETAPMQ0wCwYDVQQDDAR0Njc0MBOkETAPMQ0wCwYDVQQDDAR0Njc1MBOk +ETAPMQ0wCwYDVQQDDAR0Njc2MBOkETAPMQ0wCwYDVQQDDAR0Njc3MBOkETAPMQ0w +CwYDVQQDDAR0Njc4MBOkETAPMQ0wCwYDVQQDDAR0Njc5MBOkETAPMQ0wCwYDVQQD +DAR0NjgwMBOkETAPMQ0wCwYDVQQDDAR0NjgxMBOkETAPMQ0wCwYDVQQDDAR0Njgy +MBOkETAPMQ0wCwYDVQQDDAR0NjgzMBOkETAPMQ0wCwYDVQQDDAR0Njg0MBOkETAP +MQ0wCwYDVQQDDAR0Njg1MBOkETAPMQ0wCwYDVQQDDAR0Njg2MBOkETAPMQ0wCwYD +VQQDDAR0Njg3MBOkETAPMQ0wCwYDVQQDDAR0Njg4MBOkETAPMQ0wCwYDVQQDDAR0 +Njg5MBOkETAPMQ0wCwYDVQQDDAR0NjkwMBOkETAPMQ0wCwYDVQQDDAR0NjkxMBOk +ETAPMQ0wCwYDVQQDDAR0NjkyMBOkETAPMQ0wCwYDVQQDDAR0NjkzMBOkETAPMQ0w +CwYDVQQDDAR0Njk0MBOkETAPMQ0wCwYDVQQDDAR0Njk1MBOkETAPMQ0wCwYDVQQD +DAR0Njk2MBOkETAPMQ0wCwYDVQQDDAR0Njk3MBOkETAPMQ0wCwYDVQQDDAR0Njk4 +MBOkETAPMQ0wCwYDVQQDDAR0Njk5MBOkETAPMQ0wCwYDVQQDDAR0NzAwMBOkETAP +MQ0wCwYDVQQDDAR0NzAxMBOkETAPMQ0wCwYDVQQDDAR0NzAyMBOkETAPMQ0wCwYD +VQQDDAR0NzAzMBOkETAPMQ0wCwYDVQQDDAR0NzA0MBOkETAPMQ0wCwYDVQQDDAR0 +NzA1MBOkETAPMQ0wCwYDVQQDDAR0NzA2MBOkETAPMQ0wCwYDVQQDDAR0NzA3MBOk +ETAPMQ0wCwYDVQQDDAR0NzA4MBOkETAPMQ0wCwYDVQQDDAR0NzA5MBOkETAPMQ0w +CwYDVQQDDAR0NzEwMBOkETAPMQ0wCwYDVQQDDAR0NzExMBOkETAPMQ0wCwYDVQQD +DAR0NzEyMBOkETAPMQ0wCwYDVQQDDAR0NzEzMBOkETAPMQ0wCwYDVQQDDAR0NzE0 +MBOkETAPMQ0wCwYDVQQDDAR0NzE1MBOkETAPMQ0wCwYDVQQDDAR0NzE2MBOkETAP +MQ0wCwYDVQQDDAR0NzE3MBOkETAPMQ0wCwYDVQQDDAR0NzE4MBOkETAPMQ0wCwYD +VQQDDAR0NzE5MBOkETAPMQ0wCwYDVQQDDAR0NzIwMBOkETAPMQ0wCwYDVQQDDAR0 +NzIxMBOkETAPMQ0wCwYDVQQDDAR0NzIyMBOkETAPMQ0wCwYDVQQDDAR0NzIzMBOk +ETAPMQ0wCwYDVQQDDAR0NzI0MBOkETAPMQ0wCwYDVQQDDAR0NzI1MBOkETAPMQ0w +CwYDVQQDDAR0NzI2MBOkETAPMQ0wCwYDVQQDDAR0NzI3MBOkETAPMQ0wCwYDVQQD +DAR0NzI4MBOkETAPMQ0wCwYDVQQDDAR0NzI5MBOkETAPMQ0wCwYDVQQDDAR0NzMw +MBOkETAPMQ0wCwYDVQQDDAR0NzMxMBOkETAPMQ0wCwYDVQQDDAR0NzMyMBOkETAP +MQ0wCwYDVQQDDAR0NzMzMBOkETAPMQ0wCwYDVQQDDAR0NzM0MBOkETAPMQ0wCwYD +VQQDDAR0NzM1MBOkETAPMQ0wCwYDVQQDDAR0NzM2MBOkETAPMQ0wCwYDVQQDDAR0 +NzM3MBOkETAPMQ0wCwYDVQQDDAR0NzM4MBOkETAPMQ0wCwYDVQQDDAR0NzM5MBOk +ETAPMQ0wCwYDVQQDDAR0NzQwMBOkETAPMQ0wCwYDVQQDDAR0NzQxMBOkETAPMQ0w +CwYDVQQDDAR0NzQyMBOkETAPMQ0wCwYDVQQDDAR0NzQzMBOkETAPMQ0wCwYDVQQD +DAR0NzQ0MBOkETAPMQ0wCwYDVQQDDAR0NzQ1MBOkETAPMQ0wCwYDVQQDDAR0NzQ2 +MBOkETAPMQ0wCwYDVQQDDAR0NzQ3MBOkETAPMQ0wCwYDVQQDDAR0NzQ4MBOkETAP +MQ0wCwYDVQQDDAR0NzQ5MBOkETAPMQ0wCwYDVQQDDAR0NzUwMBOkETAPMQ0wCwYD +VQQDDAR0NzUxMBOkETAPMQ0wCwYDVQQDDAR0NzUyMBOkETAPMQ0wCwYDVQQDDAR0 +NzUzMBOkETAPMQ0wCwYDVQQDDAR0NzU0MBOkETAPMQ0wCwYDVQQDDAR0NzU1MBOk +ETAPMQ0wCwYDVQQDDAR0NzU2MBOkETAPMQ0wCwYDVQQDDAR0NzU3MBOkETAPMQ0w +CwYDVQQDDAR0NzU4MBOkETAPMQ0wCwYDVQQDDAR0NzU5MBOkETAPMQ0wCwYDVQQD +DAR0NzYwMBOkETAPMQ0wCwYDVQQDDAR0NzYxMBOkETAPMQ0wCwYDVQQDDAR0NzYy +MBOkETAPMQ0wCwYDVQQDDAR0NzYzMBOkETAPMQ0wCwYDVQQDDAR0NzY0MBOkETAP +MQ0wCwYDVQQDDAR0NzY1MBOkETAPMQ0wCwYDVQQDDAR0NzY2MBOkETAPMQ0wCwYD +VQQDDAR0NzY3MBOkETAPMQ0wCwYDVQQDDAR0NzY4MBOkETAPMQ0wCwYDVQQDDAR0 +NzY5MBOkETAPMQ0wCwYDVQQDDAR0NzcwMBOkETAPMQ0wCwYDVQQDDAR0NzcxMBOk +ETAPMQ0wCwYDVQQDDAR0NzcyMBOkETAPMQ0wCwYDVQQDDAR0NzczMBOkETAPMQ0w +CwYDVQQDDAR0Nzc0MBOkETAPMQ0wCwYDVQQDDAR0Nzc1MBOkETAPMQ0wCwYDVQQD +DAR0Nzc2MBOkETAPMQ0wCwYDVQQDDAR0Nzc3MBOkETAPMQ0wCwYDVQQDDAR0Nzc4 +MBOkETAPMQ0wCwYDVQQDDAR0Nzc5MBOkETAPMQ0wCwYDVQQDDAR0NzgwMBOkETAP +MQ0wCwYDVQQDDAR0NzgxMBOkETAPMQ0wCwYDVQQDDAR0NzgyMBOkETAPMQ0wCwYD +VQQDDAR0NzgzMBOkETAPMQ0wCwYDVQQDDAR0Nzg0MBOkETAPMQ0wCwYDVQQDDAR0 +Nzg1MBOkETAPMQ0wCwYDVQQDDAR0Nzg2MBOkETAPMQ0wCwYDVQQDDAR0Nzg3MBOk +ETAPMQ0wCwYDVQQDDAR0Nzg4MBOkETAPMQ0wCwYDVQQDDAR0Nzg5MBOkETAPMQ0w +CwYDVQQDDAR0NzkwMBOkETAPMQ0wCwYDVQQDDAR0NzkxMBOkETAPMQ0wCwYDVQQD +DAR0NzkyMBOkETAPMQ0wCwYDVQQDDAR0NzkzMBOkETAPMQ0wCwYDVQQDDAR0Nzk0 +MBOkETAPMQ0wCwYDVQQDDAR0Nzk1MBOkETAPMQ0wCwYDVQQDDAR0Nzk2MBOkETAP +MQ0wCwYDVQQDDAR0Nzk3MBOkETAPMQ0wCwYDVQQDDAR0Nzk4MBOkETAPMQ0wCwYD +VQQDDAR0Nzk5MBOkETAPMQ0wCwYDVQQDDAR0ODAwMBOkETAPMQ0wCwYDVQQDDAR0 +ODAxMBOkETAPMQ0wCwYDVQQDDAR0ODAyMBOkETAPMQ0wCwYDVQQDDAR0ODAzMBOk +ETAPMQ0wCwYDVQQDDAR0ODA0MBOkETAPMQ0wCwYDVQQDDAR0ODA1MBOkETAPMQ0w +CwYDVQQDDAR0ODA2MBOkETAPMQ0wCwYDVQQDDAR0ODA3MBOkETAPMQ0wCwYDVQQD +DAR0ODA4MBOkETAPMQ0wCwYDVQQDDAR0ODA5MBOkETAPMQ0wCwYDVQQDDAR0ODEw +MBOkETAPMQ0wCwYDVQQDDAR0ODExMBOkETAPMQ0wCwYDVQQDDAR0ODEyMBOkETAP +MQ0wCwYDVQQDDAR0ODEzMBOkETAPMQ0wCwYDVQQDDAR0ODE0MBOkETAPMQ0wCwYD +VQQDDAR0ODE1MBOkETAPMQ0wCwYDVQQDDAR0ODE2MBOkETAPMQ0wCwYDVQQDDAR0 +ODE3MBOkETAPMQ0wCwYDVQQDDAR0ODE4MBOkETAPMQ0wCwYDVQQDDAR0ODE5MBOk +ETAPMQ0wCwYDVQQDDAR0ODIwMBOkETAPMQ0wCwYDVQQDDAR0ODIxMBOkETAPMQ0w +CwYDVQQDDAR0ODIyMBOkETAPMQ0wCwYDVQQDDAR0ODIzMBOkETAPMQ0wCwYDVQQD +DAR0ODI0MBOkETAPMQ0wCwYDVQQDDAR0ODI1MBOkETAPMQ0wCwYDVQQDDAR0ODI2 +MBOkETAPMQ0wCwYDVQQDDAR0ODI3MBOkETAPMQ0wCwYDVQQDDAR0ODI4MBOkETAP +MQ0wCwYDVQQDDAR0ODI5MBOkETAPMQ0wCwYDVQQDDAR0ODMwMBOkETAPMQ0wCwYD +VQQDDAR0ODMxMBOkETAPMQ0wCwYDVQQDDAR0ODMyMBOkETAPMQ0wCwYDVQQDDAR0 +ODMzMBOkETAPMQ0wCwYDVQQDDAR0ODM0MBOkETAPMQ0wCwYDVQQDDAR0ODM1MBOk +ETAPMQ0wCwYDVQQDDAR0ODM2MBOkETAPMQ0wCwYDVQQDDAR0ODM3MBOkETAPMQ0w +CwYDVQQDDAR0ODM4MBOkETAPMQ0wCwYDVQQDDAR0ODM5MBOkETAPMQ0wCwYDVQQD +DAR0ODQwMBOkETAPMQ0wCwYDVQQDDAR0ODQxMBOkETAPMQ0wCwYDVQQDDAR0ODQy +MBOkETAPMQ0wCwYDVQQDDAR0ODQzMBOkETAPMQ0wCwYDVQQDDAR0ODQ0MBOkETAP +MQ0wCwYDVQQDDAR0ODQ1MBOkETAPMQ0wCwYDVQQDDAR0ODQ2MBOkETAPMQ0wCwYD +VQQDDAR0ODQ3MBOkETAPMQ0wCwYDVQQDDAR0ODQ4MBOkETAPMQ0wCwYDVQQDDAR0 +ODQ5MBOkETAPMQ0wCwYDVQQDDAR0ODUwMBOkETAPMQ0wCwYDVQQDDAR0ODUxMBOk +ETAPMQ0wCwYDVQQDDAR0ODUyMBOkETAPMQ0wCwYDVQQDDAR0ODUzMBOkETAPMQ0w +CwYDVQQDDAR0ODU0MBOkETAPMQ0wCwYDVQQDDAR0ODU1MBOkETAPMQ0wCwYDVQQD +DAR0ODU2MBOkETAPMQ0wCwYDVQQDDAR0ODU3MBOkETAPMQ0wCwYDVQQDDAR0ODU4 +MBOkETAPMQ0wCwYDVQQDDAR0ODU5MBOkETAPMQ0wCwYDVQQDDAR0ODYwMBOkETAP +MQ0wCwYDVQQDDAR0ODYxMBOkETAPMQ0wCwYDVQQDDAR0ODYyMBOkETAPMQ0wCwYD +VQQDDAR0ODYzMBOkETAPMQ0wCwYDVQQDDAR0ODY0MBOkETAPMQ0wCwYDVQQDDAR0 +ODY1MBOkETAPMQ0wCwYDVQQDDAR0ODY2MBOkETAPMQ0wCwYDVQQDDAR0ODY3MBOk +ETAPMQ0wCwYDVQQDDAR0ODY4MBOkETAPMQ0wCwYDVQQDDAR0ODY5MBOkETAPMQ0w +CwYDVQQDDAR0ODcwMBOkETAPMQ0wCwYDVQQDDAR0ODcxMBOkETAPMQ0wCwYDVQQD +DAR0ODcyMBOkETAPMQ0wCwYDVQQDDAR0ODczMBOkETAPMQ0wCwYDVQQDDAR0ODc0 +MBOkETAPMQ0wCwYDVQQDDAR0ODc1MBOkETAPMQ0wCwYDVQQDDAR0ODc2MBOkETAP +MQ0wCwYDVQQDDAR0ODc3MBOkETAPMQ0wCwYDVQQDDAR0ODc4MBOkETAPMQ0wCwYD +VQQDDAR0ODc5MBOkETAPMQ0wCwYDVQQDDAR0ODgwMBOkETAPMQ0wCwYDVQQDDAR0 +ODgxMBOkETAPMQ0wCwYDVQQDDAR0ODgyMBOkETAPMQ0wCwYDVQQDDAR0ODgzMBOk +ETAPMQ0wCwYDVQQDDAR0ODg0MBOkETAPMQ0wCwYDVQQDDAR0ODg1MBOkETAPMQ0w +CwYDVQQDDAR0ODg2MBOkETAPMQ0wCwYDVQQDDAR0ODg3MBOkETAPMQ0wCwYDVQQD +DAR0ODg4MBOkETAPMQ0wCwYDVQQDDAR0ODg5MBOkETAPMQ0wCwYDVQQDDAR0ODkw +MBOkETAPMQ0wCwYDVQQDDAR0ODkxMBOkETAPMQ0wCwYDVQQDDAR0ODkyMBOkETAP +MQ0wCwYDVQQDDAR0ODkzMBOkETAPMQ0wCwYDVQQDDAR0ODk0MBOkETAPMQ0wCwYD +VQQDDAR0ODk1MBOkETAPMQ0wCwYDVQQDDAR0ODk2MBOkETAPMQ0wCwYDVQQDDAR0 +ODk3MBOkETAPMQ0wCwYDVQQDDAR0ODk4MBOkETAPMQ0wCwYDVQQDDAR0ODk5MBOk +ETAPMQ0wCwYDVQQDDAR0OTAwMBOkETAPMQ0wCwYDVQQDDAR0OTAxMBOkETAPMQ0w +CwYDVQQDDAR0OTAyMBOkETAPMQ0wCwYDVQQDDAR0OTAzMBOkETAPMQ0wCwYDVQQD +DAR0OTA0MBOkETAPMQ0wCwYDVQQDDAR0OTA1MBOkETAPMQ0wCwYDVQQDDAR0OTA2 +MBOkETAPMQ0wCwYDVQQDDAR0OTA3MBOkETAPMQ0wCwYDVQQDDAR0OTA4MBOkETAP +MQ0wCwYDVQQDDAR0OTA5MBOkETAPMQ0wCwYDVQQDDAR0OTEwMBOkETAPMQ0wCwYD +VQQDDAR0OTExMBOkETAPMQ0wCwYDVQQDDAR0OTEyMBOkETAPMQ0wCwYDVQQDDAR0 +OTEzMBOkETAPMQ0wCwYDVQQDDAR0OTE0MBOkETAPMQ0wCwYDVQQDDAR0OTE1MBOk +ETAPMQ0wCwYDVQQDDAR0OTE2MBOkETAPMQ0wCwYDVQQDDAR0OTE3MBOkETAPMQ0w +CwYDVQQDDAR0OTE4MBOkETAPMQ0wCwYDVQQDDAR0OTE5MBOkETAPMQ0wCwYDVQQD +DAR0OTIwMBOkETAPMQ0wCwYDVQQDDAR0OTIxMBOkETAPMQ0wCwYDVQQDDAR0OTIy +MBOkETAPMQ0wCwYDVQQDDAR0OTIzMBOkETAPMQ0wCwYDVQQDDAR0OTI0MBOkETAP +MQ0wCwYDVQQDDAR0OTI1MBOkETAPMQ0wCwYDVQQDDAR0OTI2MBOkETAPMQ0wCwYD +VQQDDAR0OTI3MBOkETAPMQ0wCwYDVQQDDAR0OTI4MBOkETAPMQ0wCwYDVQQDDAR0 +OTI5MBOkETAPMQ0wCwYDVQQDDAR0OTMwMBOkETAPMQ0wCwYDVQQDDAR0OTMxMBOk +ETAPMQ0wCwYDVQQDDAR0OTMyMBOkETAPMQ0wCwYDVQQDDAR0OTMzMBOkETAPMQ0w +CwYDVQQDDAR0OTM0MBOkETAPMQ0wCwYDVQQDDAR0OTM1MBOkETAPMQ0wCwYDVQQD +DAR0OTM2MBOkETAPMQ0wCwYDVQQDDAR0OTM3MBOkETAPMQ0wCwYDVQQDDAR0OTM4 +MBOkETAPMQ0wCwYDVQQDDAR0OTM5MBOkETAPMQ0wCwYDVQQDDAR0OTQwMBOkETAP +MQ0wCwYDVQQDDAR0OTQxMBOkETAPMQ0wCwYDVQQDDAR0OTQyMBOkETAPMQ0wCwYD +VQQDDAR0OTQzMBOkETAPMQ0wCwYDVQQDDAR0OTQ0MBOkETAPMQ0wCwYDVQQDDAR0 +OTQ1MBOkETAPMQ0wCwYDVQQDDAR0OTQ2MBOkETAPMQ0wCwYDVQQDDAR0OTQ3MBOk +ETAPMQ0wCwYDVQQDDAR0OTQ4MBOkETAPMQ0wCwYDVQQDDAR0OTQ5MBOkETAPMQ0w +CwYDVQQDDAR0OTUwMBOkETAPMQ0wCwYDVQQDDAR0OTUxMBOkETAPMQ0wCwYDVQQD +DAR0OTUyMBOkETAPMQ0wCwYDVQQDDAR0OTUzMBOkETAPMQ0wCwYDVQQDDAR0OTU0 +MBOkETAPMQ0wCwYDVQQDDAR0OTU1MBOkETAPMQ0wCwYDVQQDDAR0OTU2MBOkETAP +MQ0wCwYDVQQDDAR0OTU3MBOkETAPMQ0wCwYDVQQDDAR0OTU4MBOkETAPMQ0wCwYD +VQQDDAR0OTU5MBOkETAPMQ0wCwYDVQQDDAR0OTYwMBOkETAPMQ0wCwYDVQQDDAR0 +OTYxMBOkETAPMQ0wCwYDVQQDDAR0OTYyMBOkETAPMQ0wCwYDVQQDDAR0OTYzMBOk +ETAPMQ0wCwYDVQQDDAR0OTY0MBOkETAPMQ0wCwYDVQQDDAR0OTY1MBOkETAPMQ0w +CwYDVQQDDAR0OTY2MBOkETAPMQ0wCwYDVQQDDAR0OTY3MBOkETAPMQ0wCwYDVQQD +DAR0OTY4MBOkETAPMQ0wCwYDVQQDDAR0OTY5MBOkETAPMQ0wCwYDVQQDDAR0OTcw +MBOkETAPMQ0wCwYDVQQDDAR0OTcxMBOkETAPMQ0wCwYDVQQDDAR0OTcyMBOkETAP +MQ0wCwYDVQQDDAR0OTczMBOkETAPMQ0wCwYDVQQDDAR0OTc0MBOkETAPMQ0wCwYD +VQQDDAR0OTc1MBOkETAPMQ0wCwYDVQQDDAR0OTc2MBOkETAPMQ0wCwYDVQQDDAR0 +OTc3MBOkETAPMQ0wCwYDVQQDDAR0OTc4MBOkETAPMQ0wCwYDVQQDDAR0OTc5MBOk +ETAPMQ0wCwYDVQQDDAR0OTgwMBOkETAPMQ0wCwYDVQQDDAR0OTgxMBOkETAPMQ0w +CwYDVQQDDAR0OTgyMBOkETAPMQ0wCwYDVQQDDAR0OTgzMBOkETAPMQ0wCwYDVQQD +DAR0OTg0MBOkETAPMQ0wCwYDVQQDDAR0OTg1MBOkETAPMQ0wCwYDVQQDDAR0OTg2 +MBOkETAPMQ0wCwYDVQQDDAR0OTg3MBOkETAPMQ0wCwYDVQQDDAR0OTg4MBOkETAP +MQ0wCwYDVQQDDAR0OTg5MBOkETAPMQ0wCwYDVQQDDAR0OTkwMBOkETAPMQ0wCwYD +VQQDDAR0OTkxMBOkETAPMQ0wCwYDVQQDDAR0OTkyMBOkETAPMQ0wCwYDVQQDDAR0 +OTkzMBOkETAPMQ0wCwYDVQQDDAR0OTk0MBOkETAPMQ0wCwYDVQQDDAR0OTk1MBOk +ETAPMQ0wCwYDVQQDDAR0OTk2MBOkETAPMQ0wCwYDVQQDDAR0OTk3MBOkETAPMQ0w +CwYDVQQDDAR0OTk4MBOkETAPMQ0wCwYDVQQDDAR0OTk5MBSkEjAQMQ4wDAYDVQQD +DAV0MTAwMDAUpBIwEDEOMAwGA1UEAwwFdDEwMDEwFKQSMBAxDjAMBgNVBAMMBXQx +MDAyMBSkEjAQMQ4wDAYDVQQDDAV0MTAwMzAUpBIwEDEOMAwGA1UEAwwFdDEwMDQw +FKQSMBAxDjAMBgNVBAMMBXQxMDA1MBSkEjAQMQ4wDAYDVQQDDAV0MTAwNjAUpBIw +EDEOMAwGA1UEAwwFdDEwMDcwFKQSMBAxDjAMBgNVBAMMBXQxMDA4MBSkEjAQMQ4w +DAYDVQQDDAV0MTAwOTAUpBIwEDEOMAwGA1UEAwwFdDEwMTAwFKQSMBAxDjAMBgNV +BAMMBXQxMDExMBSkEjAQMQ4wDAYDVQQDDAV0MTAxMjAUpBIwEDEOMAwGA1UEAwwF +dDEwMTMwFKQSMBAxDjAMBgNVBAMMBXQxMDE0MBSkEjAQMQ4wDAYDVQQDDAV0MTAx +NTAUpBIwEDEOMAwGA1UEAwwFdDEwMTYwFKQSMBAxDjAMBgNVBAMMBXQxMDE3MBSk +EjAQMQ4wDAYDVQQDDAV0MTAxODAUpBIwEDEOMAwGA1UEAwwFdDEwMTkwFKQSMBAx +DjAMBgNVBAMMBXQxMDIwMBSkEjAQMQ4wDAYDVQQDDAV0MTAyMTAUpBIwEDEOMAwG +A1UEAwwFdDEwMjIwFKQSMBAxDjAMBgNVBAMMBXQxMDIzMBSkEjAQMQ4wDAYDVQQD +DAV0MTAyNDANBgkqhkiG9w0BAQsFAAOCAQEAEs5g1ju1fnqOntD1/aiKMySVbXlW +JCMSEI8SfOATmbptubJRtMxQLAYouNEYGhbmA7R/zbf2BnvCd5dSdo+B0fYsCOJw +J3Y/kKdS8xXwH0CXmfv6msHrEPqgdN/x34rSS2cRL1ypUnhp6EshvvKpZWLMDtlZ +jnrKXwFB2dLpiV+8PIy7T5CABgU3vgwfqFaC55ItxYlW2NSGnYq8XkPTB2Xa1Ah1 +J+VJDun4VCt6U5k3KZvqFN6AaKl5Jl5k/yFs2oPvj6TfOiBuXNNoSIKruaxKKLYv +NRSYVBao+u4ww7rFLTO8Mq6WxooXSTJ41GEpZn91rhYugbK5+lax1caedw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.test new file mode 100644 index 0000000000..331b677ca4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dirnames-permitted.test @@ -0,0 +1,8 @@ +chain: toomany-dirnames-permitted.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem new file mode 100644 index 0000000000..b6f3f79705 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.pem @@ -0,0 +1,1815 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of excluded DNS name +constraints and DNS names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + 74:b3:46:3e:05:7e:b3:03:85:e3:32:be:81:d2:63:14:24:b1: + 6d:3a:24:e1:79:b7:68:99:15:33:d9:63:6d:8b:b3:63:a5:a3: + a8:1d:c5:05:89:7d:5e:00:2e:16:9d:b3:7e:e3:d6:8b:ec:3b: + e6:00:e3:74:e9:d3:53:89:ee:33:54:c0:19:41:9f:35:62:41: + 32:87:21:e7:84:44:ca:21:2a:f8:33:33:f5:92:39:37:a3:3e: + 43:42:52:16:81:c3:6e:ce:71:d9:d9:4e:be:ee:87:14:39:7b: + 2a:13:67:85:e0:72:b9:05:b7:75:6a:4a:86:f4:bf:9a:67:19: + 75:7c:e6:01:da:42:13:58:ad:f9:1f:d1:63:a5:8c:27:fd:48: + 04:ca:b9:b7:4a:b5:62:12:ad:0f:0b:6f:ba:7f:d1:c4:1f:b6: + c0:6a:c6:88:d5:1b:3d:bd:64:34:fa:44:89:ad:05:47:4c:ac: + dd:72:2f:7c:fa:34:71:bb:41:f0:43:7d:97:3f:29:00:de:ab: + 4c:f7:cc:2b:ca:80:fb:2a:fb:34:81:5a:73:7b:77:da:54:5b: + 1e:09:3c:31:8d:7e:ed:c2:af:48:19:59:fd:59:68:56:c9:f5: + 3a:2d:ac:0f:57:6e:f1:ee:89:ea:69:71:d2:7a:ee:ee:9f:f6: + cc:15:7f:20 +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAdLNGPgV+swOF4zK+gdJjFCSxbTok4Xm3aJkVM9ljbYuzY6Wj +qB3FBYl9XgAuFp2zfuPWi+w75gDjdOnTU4nuM1TAGUGfNWJBMoch54REyiEq+DMz +9ZI5N6M+Q0JSFoHDbs5x2dlOvu6HFDl7KhNnheByuQW3dWpKhvS/mmcZdXzmAdpC +E1it+R/RY6WMJ/1IBMq5t0q1YhKtDwtvun/RxB+2wGrGiNUbPb1kNPpEia0FR0ys +3XIvfPo0cbtB8EN9lz8pAN6rTPfMK8qA+yr7NIFac3t32lRbHgk8MY1+7cKvSBlZ +/VloVsn1Oi2sD1du8e6J6mlx0nru7p/2zBV/IA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + DNS:x0.test + DNS:x1.test + DNS:x2.test + DNS:x3.test + DNS:x4.test + DNS:x5.test + DNS:x6.test + DNS:x7.test + DNS:x8.test + DNS:x9.test + DNS:x10.test + DNS:x11.test + DNS:x12.test + DNS:x13.test + DNS:x14.test + DNS:x15.test + DNS:x16.test + DNS:x17.test + DNS:x18.test + DNS:x19.test + DNS:x20.test + DNS:x21.test + DNS:x22.test + DNS:x23.test + DNS:x24.test + DNS:x25.test + DNS:x26.test + DNS:x27.test + DNS:x28.test + DNS:x29.test + DNS:x30.test + DNS:x31.test + DNS:x32.test + DNS:x33.test + DNS:x34.test + DNS:x35.test + DNS:x36.test + DNS:x37.test + DNS:x38.test + DNS:x39.test + DNS:x40.test + DNS:x41.test + DNS:x42.test + DNS:x43.test + DNS:x44.test + DNS:x45.test + DNS:x46.test + DNS:x47.test + DNS:x48.test + DNS:x49.test + DNS:x50.test + DNS:x51.test + DNS:x52.test + DNS:x53.test + DNS:x54.test + DNS:x55.test + DNS:x56.test + DNS:x57.test + DNS:x58.test + DNS:x59.test + DNS:x60.test + DNS:x61.test + DNS:x62.test + DNS:x63.test + DNS:x64.test + DNS:x65.test + DNS:x66.test + DNS:x67.test + DNS:x68.test + DNS:x69.test + DNS:x70.test + DNS:x71.test + DNS:x72.test + DNS:x73.test + DNS:x74.test + DNS:x75.test + DNS:x76.test + DNS:x77.test + DNS:x78.test + DNS:x79.test + DNS:x80.test + DNS:x81.test + DNS:x82.test + DNS:x83.test + DNS:x84.test + DNS:x85.test + DNS:x86.test + DNS:x87.test + DNS:x88.test + DNS:x89.test + DNS:x90.test + DNS:x91.test + DNS:x92.test + DNS:x93.test + DNS:x94.test + DNS:x95.test + DNS:x96.test + DNS:x97.test + DNS:x98.test + DNS:x99.test + DNS:x100.test + DNS:x101.test + DNS:x102.test + DNS:x103.test + DNS:x104.test + DNS:x105.test + DNS:x106.test + DNS:x107.test + DNS:x108.test + DNS:x109.test + DNS:x110.test + DNS:x111.test + DNS:x112.test + DNS:x113.test + DNS:x114.test + DNS:x115.test + DNS:x116.test + DNS:x117.test + DNS:x118.test + DNS:x119.test + DNS:x120.test + DNS:x121.test + DNS:x122.test + DNS:x123.test + DNS:x124.test + DNS:x125.test + DNS:x126.test + DNS:x127.test + DNS:x128.test + DNS:x129.test + DNS:x130.test + DNS:x131.test + DNS:x132.test + DNS:x133.test + DNS:x134.test + DNS:x135.test + DNS:x136.test + DNS:x137.test + DNS:x138.test + DNS:x139.test + DNS:x140.test + DNS:x141.test + DNS:x142.test + DNS:x143.test + DNS:x144.test + DNS:x145.test + DNS:x146.test + DNS:x147.test + DNS:x148.test + DNS:x149.test + DNS:x150.test + DNS:x151.test + DNS:x152.test + DNS:x153.test + DNS:x154.test + DNS:x155.test + DNS:x156.test + DNS:x157.test + DNS:x158.test + DNS:x159.test + DNS:x160.test + DNS:x161.test + DNS:x162.test + DNS:x163.test + DNS:x164.test + DNS:x165.test + DNS:x166.test + DNS:x167.test + DNS:x168.test + DNS:x169.test + DNS:x170.test + DNS:x171.test + DNS:x172.test + DNS:x173.test + DNS:x174.test + DNS:x175.test + DNS:x176.test + DNS:x177.test + DNS:x178.test + DNS:x179.test + DNS:x180.test + DNS:x181.test + DNS:x182.test + DNS:x183.test + DNS:x184.test + DNS:x185.test + DNS:x186.test + DNS:x187.test + DNS:x188.test + DNS:x189.test + DNS:x190.test + DNS:x191.test + DNS:x192.test + DNS:x193.test + DNS:x194.test + DNS:x195.test + DNS:x196.test + DNS:x197.test + DNS:x198.test + DNS:x199.test + DNS:x200.test + DNS:x201.test + DNS:x202.test + DNS:x203.test + DNS:x204.test + DNS:x205.test + DNS:x206.test + DNS:x207.test + DNS:x208.test + DNS:x209.test + DNS:x210.test + DNS:x211.test + DNS:x212.test + DNS:x213.test + DNS:x214.test + DNS:x215.test + DNS:x216.test + DNS:x217.test + DNS:x218.test + DNS:x219.test + DNS:x220.test + DNS:x221.test + DNS:x222.test + DNS:x223.test + DNS:x224.test + DNS:x225.test + DNS:x226.test + DNS:x227.test + DNS:x228.test + DNS:x229.test + DNS:x230.test + DNS:x231.test + DNS:x232.test + DNS:x233.test + DNS:x234.test + DNS:x235.test + DNS:x236.test + DNS:x237.test + DNS:x238.test + DNS:x239.test + DNS:x240.test + DNS:x241.test + DNS:x242.test + DNS:x243.test + DNS:x244.test + DNS:x245.test + DNS:x246.test + DNS:x247.test + DNS:x248.test + DNS:x249.test + DNS:x250.test + DNS:x251.test + DNS:x252.test + DNS:x253.test + DNS:x254.test + DNS:x255.test + DNS:x256.test + DNS:x257.test + DNS:x258.test + DNS:x259.test + DNS:x260.test + DNS:x261.test + DNS:x262.test + DNS:x263.test + DNS:x264.test + DNS:x265.test + DNS:x266.test + DNS:x267.test + DNS:x268.test + DNS:x269.test + DNS:x270.test + DNS:x271.test + DNS:x272.test + DNS:x273.test + DNS:x274.test + DNS:x275.test + DNS:x276.test + DNS:x277.test + DNS:x278.test + DNS:x279.test + DNS:x280.test + DNS:x281.test + DNS:x282.test + DNS:x283.test + DNS:x284.test + DNS:x285.test + DNS:x286.test + DNS:x287.test + DNS:x288.test + DNS:x289.test + DNS:x290.test + DNS:x291.test + DNS:x292.test + DNS:x293.test + DNS:x294.test + DNS:x295.test + DNS:x296.test + DNS:x297.test + DNS:x298.test + DNS:x299.test + DNS:x300.test + DNS:x301.test + DNS:x302.test + DNS:x303.test + DNS:x304.test + DNS:x305.test + DNS:x306.test + DNS:x307.test + DNS:x308.test + DNS:x309.test + DNS:x310.test + DNS:x311.test + DNS:x312.test + DNS:x313.test + DNS:x314.test + DNS:x315.test + DNS:x316.test + DNS:x317.test + DNS:x318.test + DNS:x319.test + DNS:x320.test + DNS:x321.test + DNS:x322.test + DNS:x323.test + DNS:x324.test + DNS:x325.test + DNS:x326.test + DNS:x327.test + DNS:x328.test + DNS:x329.test + DNS:x330.test + DNS:x331.test + DNS:x332.test + DNS:x333.test + DNS:x334.test + DNS:x335.test + DNS:x336.test + DNS:x337.test + DNS:x338.test + DNS:x339.test + DNS:x340.test + DNS:x341.test + DNS:x342.test + DNS:x343.test + DNS:x344.test + DNS:x345.test + DNS:x346.test + DNS:x347.test + DNS:x348.test + DNS:x349.test + DNS:x350.test + DNS:x351.test + DNS:x352.test + DNS:x353.test + DNS:x354.test + DNS:x355.test + DNS:x356.test + DNS:x357.test + DNS:x358.test + DNS:x359.test + DNS:x360.test + DNS:x361.test + DNS:x362.test + DNS:x363.test + DNS:x364.test + DNS:x365.test + DNS:x366.test + DNS:x367.test + DNS:x368.test + DNS:x369.test + DNS:x370.test + DNS:x371.test + DNS:x372.test + DNS:x373.test + DNS:x374.test + DNS:x375.test + DNS:x376.test + DNS:x377.test + DNS:x378.test + DNS:x379.test + DNS:x380.test + DNS:x381.test + DNS:x382.test + DNS:x383.test + DNS:x384.test + DNS:x385.test + DNS:x386.test + DNS:x387.test + DNS:x388.test + DNS:x389.test + DNS:x390.test + DNS:x391.test + DNS:x392.test + DNS:x393.test + DNS:x394.test + DNS:x395.test + DNS:x396.test + DNS:x397.test + DNS:x398.test + DNS:x399.test + DNS:x400.test + DNS:x401.test + DNS:x402.test + DNS:x403.test + DNS:x404.test + DNS:x405.test + DNS:x406.test + DNS:x407.test + DNS:x408.test + DNS:x409.test + DNS:x410.test + DNS:x411.test + DNS:x412.test + DNS:x413.test + DNS:x414.test + DNS:x415.test + DNS:x416.test + DNS:x417.test + DNS:x418.test + DNS:x419.test + DNS:x420.test + DNS:x421.test + DNS:x422.test + DNS:x423.test + DNS:x424.test + DNS:x425.test + DNS:x426.test + DNS:x427.test + DNS:x428.test + DNS:x429.test + DNS:x430.test + DNS:x431.test + DNS:x432.test + DNS:x433.test + DNS:x434.test + DNS:x435.test + DNS:x436.test + DNS:x437.test + DNS:x438.test + DNS:x439.test + DNS:x440.test + DNS:x441.test + DNS:x442.test + DNS:x443.test + DNS:x444.test + DNS:x445.test + DNS:x446.test + DNS:x447.test + DNS:x448.test + DNS:x449.test + DNS:x450.test + DNS:x451.test + DNS:x452.test + DNS:x453.test + DNS:x454.test + DNS:x455.test + DNS:x456.test + DNS:x457.test + DNS:x458.test + DNS:x459.test + DNS:x460.test + DNS:x461.test + DNS:x462.test + DNS:x463.test + DNS:x464.test + DNS:x465.test + DNS:x466.test + DNS:x467.test + DNS:x468.test + DNS:x469.test + DNS:x470.test + DNS:x471.test + DNS:x472.test + DNS:x473.test + DNS:x474.test + DNS:x475.test + DNS:x476.test + DNS:x477.test + DNS:x478.test + DNS:x479.test + DNS:x480.test + DNS:x481.test + DNS:x482.test + DNS:x483.test + DNS:x484.test + DNS:x485.test + DNS:x486.test + DNS:x487.test + DNS:x488.test + DNS:x489.test + DNS:x490.test + DNS:x491.test + DNS:x492.test + DNS:x493.test + DNS:x494.test + DNS:x495.test + DNS:x496.test + DNS:x497.test + DNS:x498.test + DNS:x499.test + DNS:x500.test + DNS:x501.test + DNS:x502.test + DNS:x503.test + DNS:x504.test + DNS:x505.test + DNS:x506.test + DNS:x507.test + DNS:x508.test + DNS:x509.test + DNS:x510.test + DNS:x511.test + DNS:x512.test + DNS:x513.test + DNS:x514.test + DNS:x515.test + DNS:x516.test + DNS:x517.test + DNS:x518.test + DNS:x519.test + DNS:x520.test + DNS:x521.test + DNS:x522.test + DNS:x523.test + DNS:x524.test + DNS:x525.test + DNS:x526.test + DNS:x527.test + DNS:x528.test + DNS:x529.test + DNS:x530.test + DNS:x531.test + DNS:x532.test + DNS:x533.test + DNS:x534.test + DNS:x535.test + DNS:x536.test + DNS:x537.test + DNS:x538.test + DNS:x539.test + DNS:x540.test + DNS:x541.test + DNS:x542.test + DNS:x543.test + DNS:x544.test + DNS:x545.test + DNS:x546.test + DNS:x547.test + DNS:x548.test + DNS:x549.test + DNS:x550.test + DNS:x551.test + DNS:x552.test + DNS:x553.test + DNS:x554.test + DNS:x555.test + DNS:x556.test + DNS:x557.test + DNS:x558.test + DNS:x559.test + DNS:x560.test + DNS:x561.test + DNS:x562.test + DNS:x563.test + DNS:x564.test + DNS:x565.test + DNS:x566.test + DNS:x567.test + DNS:x568.test + DNS:x569.test + DNS:x570.test + DNS:x571.test + DNS:x572.test + DNS:x573.test + DNS:x574.test + DNS:x575.test + DNS:x576.test + DNS:x577.test + DNS:x578.test + DNS:x579.test + DNS:x580.test + DNS:x581.test + DNS:x582.test + DNS:x583.test + DNS:x584.test + DNS:x585.test + DNS:x586.test + DNS:x587.test + DNS:x588.test + DNS:x589.test + DNS:x590.test + DNS:x591.test + DNS:x592.test + DNS:x593.test + DNS:x594.test + DNS:x595.test + DNS:x596.test + DNS:x597.test + DNS:x598.test + DNS:x599.test + DNS:x600.test + DNS:x601.test + DNS:x602.test + DNS:x603.test + DNS:x604.test + DNS:x605.test + DNS:x606.test + DNS:x607.test + DNS:x608.test + DNS:x609.test + DNS:x610.test + DNS:x611.test + DNS:x612.test + DNS:x613.test + DNS:x614.test + DNS:x615.test + DNS:x616.test + DNS:x617.test + DNS:x618.test + DNS:x619.test + DNS:x620.test + DNS:x621.test + DNS:x622.test + DNS:x623.test + DNS:x624.test + DNS:x625.test + DNS:x626.test + DNS:x627.test + DNS:x628.test + DNS:x629.test + DNS:x630.test + DNS:x631.test + DNS:x632.test + DNS:x633.test + DNS:x634.test + DNS:x635.test + DNS:x636.test + DNS:x637.test + DNS:x638.test + DNS:x639.test + DNS:x640.test + DNS:x641.test + DNS:x642.test + DNS:x643.test + DNS:x644.test + DNS:x645.test + DNS:x646.test + DNS:x647.test + DNS:x648.test + DNS:x649.test + DNS:x650.test + DNS:x651.test + DNS:x652.test + DNS:x653.test + DNS:x654.test + DNS:x655.test + DNS:x656.test + DNS:x657.test + DNS:x658.test + DNS:x659.test + DNS:x660.test + DNS:x661.test + DNS:x662.test + DNS:x663.test + DNS:x664.test + DNS:x665.test + DNS:x666.test + DNS:x667.test + DNS:x668.test + DNS:x669.test + DNS:x670.test + DNS:x671.test + DNS:x672.test + DNS:x673.test + DNS:x674.test + DNS:x675.test + DNS:x676.test + DNS:x677.test + DNS:x678.test + DNS:x679.test + DNS:x680.test + DNS:x681.test + DNS:x682.test + DNS:x683.test + DNS:x684.test + DNS:x685.test + DNS:x686.test + DNS:x687.test + DNS:x688.test + DNS:x689.test + DNS:x690.test + DNS:x691.test + DNS:x692.test + DNS:x693.test + DNS:x694.test + DNS:x695.test + DNS:x696.test + DNS:x697.test + DNS:x698.test + DNS:x699.test + DNS:x700.test + DNS:x701.test + DNS:x702.test + DNS:x703.test + DNS:x704.test + DNS:x705.test + DNS:x706.test + DNS:x707.test + DNS:x708.test + DNS:x709.test + DNS:x710.test + DNS:x711.test + DNS:x712.test + DNS:x713.test + DNS:x714.test + DNS:x715.test + DNS:x716.test + DNS:x717.test + DNS:x718.test + DNS:x719.test + DNS:x720.test + DNS:x721.test + DNS:x722.test + DNS:x723.test + DNS:x724.test + DNS:x725.test + DNS:x726.test + DNS:x727.test + DNS:x728.test + DNS:x729.test + DNS:x730.test + DNS:x731.test + DNS:x732.test + DNS:x733.test + DNS:x734.test + DNS:x735.test + DNS:x736.test + DNS:x737.test + DNS:x738.test + DNS:x739.test + DNS:x740.test + DNS:x741.test + DNS:x742.test + DNS:x743.test + DNS:x744.test + DNS:x745.test + DNS:x746.test + DNS:x747.test + DNS:x748.test + DNS:x749.test + DNS:x750.test + DNS:x751.test + DNS:x752.test + DNS:x753.test + DNS:x754.test + DNS:x755.test + DNS:x756.test + DNS:x757.test + DNS:x758.test + DNS:x759.test + DNS:x760.test + DNS:x761.test + DNS:x762.test + DNS:x763.test + DNS:x764.test + DNS:x765.test + DNS:x766.test + DNS:x767.test + DNS:x768.test + DNS:x769.test + DNS:x770.test + DNS:x771.test + DNS:x772.test + DNS:x773.test + DNS:x774.test + DNS:x775.test + DNS:x776.test + DNS:x777.test + DNS:x778.test + DNS:x779.test + DNS:x780.test + DNS:x781.test + DNS:x782.test + DNS:x783.test + DNS:x784.test + DNS:x785.test + DNS:x786.test + DNS:x787.test + DNS:x788.test + DNS:x789.test + DNS:x790.test + DNS:x791.test + DNS:x792.test + DNS:x793.test + DNS:x794.test + DNS:x795.test + DNS:x796.test + DNS:x797.test + DNS:x798.test + DNS:x799.test + DNS:x800.test + DNS:x801.test + DNS:x802.test + DNS:x803.test + DNS:x804.test + DNS:x805.test + DNS:x806.test + DNS:x807.test + DNS:x808.test + DNS:x809.test + DNS:x810.test + DNS:x811.test + DNS:x812.test + DNS:x813.test + DNS:x814.test + DNS:x815.test + DNS:x816.test + DNS:x817.test + DNS:x818.test + DNS:x819.test + DNS:x820.test + DNS:x821.test + DNS:x822.test + DNS:x823.test + DNS:x824.test + DNS:x825.test + DNS:x826.test + DNS:x827.test + DNS:x828.test + DNS:x829.test + DNS:x830.test + DNS:x831.test + DNS:x832.test + DNS:x833.test + DNS:x834.test + DNS:x835.test + DNS:x836.test + DNS:x837.test + DNS:x838.test + DNS:x839.test + DNS:x840.test + DNS:x841.test + DNS:x842.test + DNS:x843.test + DNS:x844.test + DNS:x845.test + DNS:x846.test + DNS:x847.test + DNS:x848.test + DNS:x849.test + DNS:x850.test + DNS:x851.test + DNS:x852.test + DNS:x853.test + DNS:x854.test + DNS:x855.test + DNS:x856.test + DNS:x857.test + DNS:x858.test + DNS:x859.test + DNS:x860.test + DNS:x861.test + DNS:x862.test + DNS:x863.test + DNS:x864.test + DNS:x865.test + DNS:x866.test + DNS:x867.test + DNS:x868.test + DNS:x869.test + DNS:x870.test + DNS:x871.test + DNS:x872.test + DNS:x873.test + DNS:x874.test + DNS:x875.test + DNS:x876.test + DNS:x877.test + DNS:x878.test + DNS:x879.test + DNS:x880.test + DNS:x881.test + DNS:x882.test + DNS:x883.test + DNS:x884.test + DNS:x885.test + DNS:x886.test + DNS:x887.test + DNS:x888.test + DNS:x889.test + DNS:x890.test + DNS:x891.test + DNS:x892.test + DNS:x893.test + DNS:x894.test + DNS:x895.test + DNS:x896.test + DNS:x897.test + DNS:x898.test + DNS:x899.test + DNS:x900.test + DNS:x901.test + DNS:x902.test + DNS:x903.test + DNS:x904.test + DNS:x905.test + DNS:x906.test + DNS:x907.test + DNS:x908.test + DNS:x909.test + DNS:x910.test + DNS:x911.test + DNS:x912.test + DNS:x913.test + DNS:x914.test + DNS:x915.test + DNS:x916.test + DNS:x917.test + DNS:x918.test + DNS:x919.test + DNS:x920.test + DNS:x921.test + DNS:x922.test + DNS:x923.test + DNS:x924.test + DNS:x925.test + DNS:x926.test + DNS:x927.test + DNS:x928.test + DNS:x929.test + DNS:x930.test + DNS:x931.test + DNS:x932.test + DNS:x933.test + DNS:x934.test + DNS:x935.test + DNS:x936.test + DNS:x937.test + DNS:x938.test + DNS:x939.test + DNS:x940.test + DNS:x941.test + DNS:x942.test + DNS:x943.test + DNS:x944.test + DNS:x945.test + DNS:x946.test + DNS:x947.test + DNS:x948.test + DNS:x949.test + DNS:x950.test + DNS:x951.test + DNS:x952.test + DNS:x953.test + DNS:x954.test + DNS:x955.test + DNS:x956.test + DNS:x957.test + DNS:x958.test + DNS:x959.test + DNS:x960.test + DNS:x961.test + DNS:x962.test + DNS:x963.test + DNS:x964.test + DNS:x965.test + DNS:x966.test + DNS:x967.test + DNS:x968.test + DNS:x969.test + DNS:x970.test + DNS:x971.test + DNS:x972.test + DNS:x973.test + DNS:x974.test + DNS:x975.test + DNS:x976.test + DNS:x977.test + DNS:x978.test + DNS:x979.test + DNS:x980.test + DNS:x981.test + DNS:x982.test + DNS:x983.test + DNS:x984.test + DNS:x985.test + DNS:x986.test + DNS:x987.test + DNS:x988.test + DNS:x989.test + DNS:x990.test + DNS:x991.test + DNS:x992.test + DNS:x993.test + DNS:x994.test + DNS:x995.test + DNS:x996.test + DNS:x997.test + DNS:x998.test + DNS:x999.test + DNS:x1000.test + DNS:x1001.test + DNS:x1002.test + DNS:x1003.test + DNS:x1004.test + DNS:x1005.test + DNS:x1006.test + DNS:x1007.test + DNS:x1008.test + DNS:x1009.test + DNS:x1010.test + DNS:x1011.test + DNS:x1012.test + DNS:x1013.test + DNS:x1014.test + DNS:x1015.test + DNS:x1016.test + DNS:x1017.test + DNS:x1018.test + DNS:x1019.test + DNS:x1020.test + DNS:x1021.test + DNS:x1022.test + DNS:x1023.test + DNS:x1024.test + + Signature Algorithm: sha256WithRSAEncryption + a3:61:e0:bd:55:1b:55:36:05:4b:22:0a:7c:93:62:ba:08:ce: + 68:b5:8a:62:f7:57:27:6c:0f:d0:03:f4:57:f1:a0:e5:35:69: + 91:fe:66:af:27:ae:54:92:67:3b:a7:ce:86:7e:dd:66:e9:a4: + dc:69:49:6d:c3:96:da:fd:3d:4a:27:60:f1:24:f8:f1:be:34: + f6:b6:43:53:02:8a:0f:87:42:07:5d:91:d3:9d:96:39:93:9c: + b6:f2:38:fd:37:2f:7d:f4:02:67:3f:73:bb:96:7e:55:1b:38: + f2:6e:c8:35:90:28:1d:d9:c2:45:e7:17:03:33:96:f9:59:eb: + 0f:bc:2c:52:57:6a:fc:2f:3d:f0:f3:5c:1d:d7:1a:8d:e2:02: + a8:96:15:e0:61:95:d6:09:ba:b9:7b:c0:36:cc:ce:96:7b:7f: + ef:35:f7:f3:08:28:b6:ac:2a:41:a6:22:43:6c:76:c5:34:1d: + e8:47:bf:dd:56:7a:0f:7d:bd:2e:a9:6b:ed:92:39:a5:36:35: + 09:52:6b:fa:03:b0:6d:68:e2:83:2e:8f:7e:87:71:fc:42:2d: + f2:07:16:53:8d:1a:02:c0:03:55:d3:bf:1d:c1:07:f5:63:ec: + 3f:6f:26:4c:e7:47:d0:9d:e6:04:00:ad:b6:87:de:03:59:b0: + 80:10:78:3e +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKGCM7gwCYIHeDAudGVzdDAJggd4MS50ZXN0MAmC +B3gyLnRlc3QwCYIHeDMudGVzdDAJggd4NC50ZXN0MAmCB3g1LnRlc3QwCYIHeDYu +dGVzdDAJggd4Ny50ZXN0MAmCB3g4LnRlc3QwCYIHeDkudGVzdDAKggh4MTAudGVz +dDAKggh4MTEudGVzdDAKggh4MTIudGVzdDAKggh4MTMudGVzdDAKggh4MTQudGVz +dDAKggh4MTUudGVzdDAKggh4MTYudGVzdDAKggh4MTcudGVzdDAKggh4MTgudGVz +dDAKggh4MTkudGVzdDAKggh4MjAudGVzdDAKggh4MjEudGVzdDAKggh4MjIudGVz +dDAKggh4MjMudGVzdDAKggh4MjQudGVzdDAKggh4MjUudGVzdDAKggh4MjYudGVz +dDAKggh4MjcudGVzdDAKggh4MjgudGVzdDAKggh4MjkudGVzdDAKggh4MzAudGVz +dDAKggh4MzEudGVzdDAKggh4MzIudGVzdDAKggh4MzMudGVzdDAKggh4MzQudGVz +dDAKggh4MzUudGVzdDAKggh4MzYudGVzdDAKggh4MzcudGVzdDAKggh4MzgudGVz +dDAKggh4MzkudGVzdDAKggh4NDAudGVzdDAKggh4NDEudGVzdDAKggh4NDIudGVz +dDAKggh4NDMudGVzdDAKggh4NDQudGVzdDAKggh4NDUudGVzdDAKggh4NDYudGVz +dDAKggh4NDcudGVzdDAKggh4NDgudGVzdDAKggh4NDkudGVzdDAKggh4NTAudGVz +dDAKggh4NTEudGVzdDAKggh4NTIudGVzdDAKggh4NTMudGVzdDAKggh4NTQudGVz +dDAKggh4NTUudGVzdDAKggh4NTYudGVzdDAKggh4NTcudGVzdDAKggh4NTgudGVz +dDAKggh4NTkudGVzdDAKggh4NjAudGVzdDAKggh4NjEudGVzdDAKggh4NjIudGVz +dDAKggh4NjMudGVzdDAKggh4NjQudGVzdDAKggh4NjUudGVzdDAKggh4NjYudGVz +dDAKggh4NjcudGVzdDAKggh4NjgudGVzdDAKggh4NjkudGVzdDAKggh4NzAudGVz +dDAKggh4NzEudGVzdDAKggh4NzIudGVzdDAKggh4NzMudGVzdDAKggh4NzQudGVz +dDAKggh4NzUudGVzdDAKggh4NzYudGVzdDAKggh4NzcudGVzdDAKggh4NzgudGVz +dDAKggh4NzkudGVzdDAKggh4ODAudGVzdDAKggh4ODEudGVzdDAKggh4ODIudGVz +dDAKggh4ODMudGVzdDAKggh4ODQudGVzdDAKggh4ODUudGVzdDAKggh4ODYudGVz +dDAKggh4ODcudGVzdDAKggh4ODgudGVzdDAKggh4ODkudGVzdDAKggh4OTAudGVz +dDAKggh4OTEudGVzdDAKggh4OTIudGVzdDAKggh4OTMudGVzdDAKggh4OTQudGVz +dDAKggh4OTUudGVzdDAKggh4OTYudGVzdDAKggh4OTcudGVzdDAKggh4OTgudGVz +dDAKggh4OTkudGVzdDALggl4MTAwLnRlc3QwC4IJeDEwMS50ZXN0MAuCCXgxMDIu +dGVzdDALggl4MTAzLnRlc3QwC4IJeDEwNC50ZXN0MAuCCXgxMDUudGVzdDALggl4 +MTA2LnRlc3QwC4IJeDEwNy50ZXN0MAuCCXgxMDgudGVzdDALggl4MTA5LnRlc3Qw +C4IJeDExMC50ZXN0MAuCCXgxMTEudGVzdDALggl4MTEyLnRlc3QwC4IJeDExMy50 +ZXN0MAuCCXgxMTQudGVzdDALggl4MTE1LnRlc3QwC4IJeDExNi50ZXN0MAuCCXgx +MTcudGVzdDALggl4MTE4LnRlc3QwC4IJeDExOS50ZXN0MAuCCXgxMjAudGVzdDAL +ggl4MTIxLnRlc3QwC4IJeDEyMi50ZXN0MAuCCXgxMjMudGVzdDALggl4MTI0LnRl +c3QwC4IJeDEyNS50ZXN0MAuCCXgxMjYudGVzdDALggl4MTI3LnRlc3QwC4IJeDEy +OC50ZXN0MAuCCXgxMjkudGVzdDALggl4MTMwLnRlc3QwC4IJeDEzMS50ZXN0MAuC +CXgxMzIudGVzdDALggl4MTMzLnRlc3QwC4IJeDEzNC50ZXN0MAuCCXgxMzUudGVz +dDALggl4MTM2LnRlc3QwC4IJeDEzNy50ZXN0MAuCCXgxMzgudGVzdDALggl4MTM5 +LnRlc3QwC4IJeDE0MC50ZXN0MAuCCXgxNDEudGVzdDALggl4MTQyLnRlc3QwC4IJ +eDE0My50ZXN0MAuCCXgxNDQudGVzdDALggl4MTQ1LnRlc3QwC4IJeDE0Ni50ZXN0 +MAuCCXgxNDcudGVzdDALggl4MTQ4LnRlc3QwC4IJeDE0OS50ZXN0MAuCCXgxNTAu +dGVzdDALggl4MTUxLnRlc3QwC4IJeDE1Mi50ZXN0MAuCCXgxNTMudGVzdDALggl4 +MTU0LnRlc3QwC4IJeDE1NS50ZXN0MAuCCXgxNTYudGVzdDALggl4MTU3LnRlc3Qw +C4IJeDE1OC50ZXN0MAuCCXgxNTkudGVzdDALggl4MTYwLnRlc3QwC4IJeDE2MS50 +ZXN0MAuCCXgxNjIudGVzdDALggl4MTYzLnRlc3QwC4IJeDE2NC50ZXN0MAuCCXgx +NjUudGVzdDALggl4MTY2LnRlc3QwC4IJeDE2Ny50ZXN0MAuCCXgxNjgudGVzdDAL +ggl4MTY5LnRlc3QwC4IJeDE3MC50ZXN0MAuCCXgxNzEudGVzdDALggl4MTcyLnRl +c3QwC4IJeDE3My50ZXN0MAuCCXgxNzQudGVzdDALggl4MTc1LnRlc3QwC4IJeDE3 +Ni50ZXN0MAuCCXgxNzcudGVzdDALggl4MTc4LnRlc3QwC4IJeDE3OS50ZXN0MAuC +CXgxODAudGVzdDALggl4MTgxLnRlc3QwC4IJeDE4Mi50ZXN0MAuCCXgxODMudGVz +dDALggl4MTg0LnRlc3QwC4IJeDE4NS50ZXN0MAuCCXgxODYudGVzdDALggl4MTg3 +LnRlc3QwC4IJeDE4OC50ZXN0MAuCCXgxODkudGVzdDALggl4MTkwLnRlc3QwC4IJ +eDE5MS50ZXN0MAuCCXgxOTIudGVzdDALggl4MTkzLnRlc3QwC4IJeDE5NC50ZXN0 +MAuCCXgxOTUudGVzdDALggl4MTk2LnRlc3QwC4IJeDE5Ny50ZXN0MAuCCXgxOTgu +dGVzdDALggl4MTk5LnRlc3QwC4IJeDIwMC50ZXN0MAuCCXgyMDEudGVzdDALggl4 +MjAyLnRlc3QwC4IJeDIwMy50ZXN0MAuCCXgyMDQudGVzdDALggl4MjA1LnRlc3Qw +C4IJeDIwNi50ZXN0MAuCCXgyMDcudGVzdDALggl4MjA4LnRlc3QwC4IJeDIwOS50 +ZXN0MAuCCXgyMTAudGVzdDALggl4MjExLnRlc3QwC4IJeDIxMi50ZXN0MAuCCXgy +MTMudGVzdDALggl4MjE0LnRlc3QwC4IJeDIxNS50ZXN0MAuCCXgyMTYudGVzdDAL +ggl4MjE3LnRlc3QwC4IJeDIxOC50ZXN0MAuCCXgyMTkudGVzdDALggl4MjIwLnRl +c3QwC4IJeDIyMS50ZXN0MAuCCXgyMjIudGVzdDALggl4MjIzLnRlc3QwC4IJeDIy +NC50ZXN0MAuCCXgyMjUudGVzdDALggl4MjI2LnRlc3QwC4IJeDIyNy50ZXN0MAuC +CXgyMjgudGVzdDALggl4MjI5LnRlc3QwC4IJeDIzMC50ZXN0MAuCCXgyMzEudGVz +dDALggl4MjMyLnRlc3QwC4IJeDIzMy50ZXN0MAuCCXgyMzQudGVzdDALggl4MjM1 +LnRlc3QwC4IJeDIzNi50ZXN0MAuCCXgyMzcudGVzdDALggl4MjM4LnRlc3QwC4IJ +eDIzOS50ZXN0MAuCCXgyNDAudGVzdDALggl4MjQxLnRlc3QwC4IJeDI0Mi50ZXN0 +MAuCCXgyNDMudGVzdDALggl4MjQ0LnRlc3QwC4IJeDI0NS50ZXN0MAuCCXgyNDYu +dGVzdDALggl4MjQ3LnRlc3QwC4IJeDI0OC50ZXN0MAuCCXgyNDkudGVzdDALggl4 +MjUwLnRlc3QwC4IJeDI1MS50ZXN0MAuCCXgyNTIudGVzdDALggl4MjUzLnRlc3Qw +C4IJeDI1NC50ZXN0MAuCCXgyNTUudGVzdDALggl4MjU2LnRlc3QwC4IJeDI1Ny50 +ZXN0MAuCCXgyNTgudGVzdDALggl4MjU5LnRlc3QwC4IJeDI2MC50ZXN0MAuCCXgy +NjEudGVzdDALggl4MjYyLnRlc3QwC4IJeDI2My50ZXN0MAuCCXgyNjQudGVzdDAL +ggl4MjY1LnRlc3QwC4IJeDI2Ni50ZXN0MAuCCXgyNjcudGVzdDALggl4MjY4LnRl +c3QwC4IJeDI2OS50ZXN0MAuCCXgyNzAudGVzdDALggl4MjcxLnRlc3QwC4IJeDI3 +Mi50ZXN0MAuCCXgyNzMudGVzdDALggl4Mjc0LnRlc3QwC4IJeDI3NS50ZXN0MAuC +CXgyNzYudGVzdDALggl4Mjc3LnRlc3QwC4IJeDI3OC50ZXN0MAuCCXgyNzkudGVz +dDALggl4MjgwLnRlc3QwC4IJeDI4MS50ZXN0MAuCCXgyODIudGVzdDALggl4Mjgz +LnRlc3QwC4IJeDI4NC50ZXN0MAuCCXgyODUudGVzdDALggl4Mjg2LnRlc3QwC4IJ +eDI4Ny50ZXN0MAuCCXgyODgudGVzdDALggl4Mjg5LnRlc3QwC4IJeDI5MC50ZXN0 +MAuCCXgyOTEudGVzdDALggl4MjkyLnRlc3QwC4IJeDI5My50ZXN0MAuCCXgyOTQu +dGVzdDALggl4Mjk1LnRlc3QwC4IJeDI5Ni50ZXN0MAuCCXgyOTcudGVzdDALggl4 +Mjk4LnRlc3QwC4IJeDI5OS50ZXN0MAuCCXgzMDAudGVzdDALggl4MzAxLnRlc3Qw +C4IJeDMwMi50ZXN0MAuCCXgzMDMudGVzdDALggl4MzA0LnRlc3QwC4IJeDMwNS50 +ZXN0MAuCCXgzMDYudGVzdDALggl4MzA3LnRlc3QwC4IJeDMwOC50ZXN0MAuCCXgz +MDkudGVzdDALggl4MzEwLnRlc3QwC4IJeDMxMS50ZXN0MAuCCXgzMTIudGVzdDAL +ggl4MzEzLnRlc3QwC4IJeDMxNC50ZXN0MAuCCXgzMTUudGVzdDALggl4MzE2LnRl +c3QwC4IJeDMxNy50ZXN0MAuCCXgzMTgudGVzdDALggl4MzE5LnRlc3QwC4IJeDMy +MC50ZXN0MAuCCXgzMjEudGVzdDALggl4MzIyLnRlc3QwC4IJeDMyMy50ZXN0MAuC +CXgzMjQudGVzdDALggl4MzI1LnRlc3QwC4IJeDMyNi50ZXN0MAuCCXgzMjcudGVz +dDALggl4MzI4LnRlc3QwC4IJeDMyOS50ZXN0MAuCCXgzMzAudGVzdDALggl4MzMx +LnRlc3QwC4IJeDMzMi50ZXN0MAuCCXgzMzMudGVzdDALggl4MzM0LnRlc3QwC4IJ +eDMzNS50ZXN0MAuCCXgzMzYudGVzdDALggl4MzM3LnRlc3QwC4IJeDMzOC50ZXN0 +MAuCCXgzMzkudGVzdDALggl4MzQwLnRlc3QwC4IJeDM0MS50ZXN0MAuCCXgzNDIu +dGVzdDALggl4MzQzLnRlc3QwC4IJeDM0NC50ZXN0MAuCCXgzNDUudGVzdDALggl4 +MzQ2LnRlc3QwC4IJeDM0Ny50ZXN0MAuCCXgzNDgudGVzdDALggl4MzQ5LnRlc3Qw +C4IJeDM1MC50ZXN0MAuCCXgzNTEudGVzdDALggl4MzUyLnRlc3QwC4IJeDM1My50 +ZXN0MAuCCXgzNTQudGVzdDALggl4MzU1LnRlc3QwC4IJeDM1Ni50ZXN0MAuCCXgz +NTcudGVzdDALggl4MzU4LnRlc3QwC4IJeDM1OS50ZXN0MAuCCXgzNjAudGVzdDAL +ggl4MzYxLnRlc3QwC4IJeDM2Mi50ZXN0MAuCCXgzNjMudGVzdDALggl4MzY0LnRl +c3QwC4IJeDM2NS50ZXN0MAuCCXgzNjYudGVzdDALggl4MzY3LnRlc3QwC4IJeDM2 +OC50ZXN0MAuCCXgzNjkudGVzdDALggl4MzcwLnRlc3QwC4IJeDM3MS50ZXN0MAuC +CXgzNzIudGVzdDALggl4MzczLnRlc3QwC4IJeDM3NC50ZXN0MAuCCXgzNzUudGVz +dDALggl4Mzc2LnRlc3QwC4IJeDM3Ny50ZXN0MAuCCXgzNzgudGVzdDALggl4Mzc5 +LnRlc3QwC4IJeDM4MC50ZXN0MAuCCXgzODEudGVzdDALggl4MzgyLnRlc3QwC4IJ +eDM4My50ZXN0MAuCCXgzODQudGVzdDALggl4Mzg1LnRlc3QwC4IJeDM4Ni50ZXN0 +MAuCCXgzODcudGVzdDALggl4Mzg4LnRlc3QwC4IJeDM4OS50ZXN0MAuCCXgzOTAu +dGVzdDALggl4MzkxLnRlc3QwC4IJeDM5Mi50ZXN0MAuCCXgzOTMudGVzdDALggl4 +Mzk0LnRlc3QwC4IJeDM5NS50ZXN0MAuCCXgzOTYudGVzdDALggl4Mzk3LnRlc3Qw +C4IJeDM5OC50ZXN0MAuCCXgzOTkudGVzdDALggl4NDAwLnRlc3QwC4IJeDQwMS50 +ZXN0MAuCCXg0MDIudGVzdDALggl4NDAzLnRlc3QwC4IJeDQwNC50ZXN0MAuCCXg0 +MDUudGVzdDALggl4NDA2LnRlc3QwC4IJeDQwNy50ZXN0MAuCCXg0MDgudGVzdDAL +ggl4NDA5LnRlc3QwC4IJeDQxMC50ZXN0MAuCCXg0MTEudGVzdDALggl4NDEyLnRl +c3QwC4IJeDQxMy50ZXN0MAuCCXg0MTQudGVzdDALggl4NDE1LnRlc3QwC4IJeDQx +Ni50ZXN0MAuCCXg0MTcudGVzdDALggl4NDE4LnRlc3QwC4IJeDQxOS50ZXN0MAuC +CXg0MjAudGVzdDALggl4NDIxLnRlc3QwC4IJeDQyMi50ZXN0MAuCCXg0MjMudGVz +dDALggl4NDI0LnRlc3QwC4IJeDQyNS50ZXN0MAuCCXg0MjYudGVzdDALggl4NDI3 +LnRlc3QwC4IJeDQyOC50ZXN0MAuCCXg0MjkudGVzdDALggl4NDMwLnRlc3QwC4IJ +eDQzMS50ZXN0MAuCCXg0MzIudGVzdDALggl4NDMzLnRlc3QwC4IJeDQzNC50ZXN0 +MAuCCXg0MzUudGVzdDALggl4NDM2LnRlc3QwC4IJeDQzNy50ZXN0MAuCCXg0Mzgu +dGVzdDALggl4NDM5LnRlc3QwC4IJeDQ0MC50ZXN0MAuCCXg0NDEudGVzdDALggl4 +NDQyLnRlc3QwC4IJeDQ0My50ZXN0MAuCCXg0NDQudGVzdDALggl4NDQ1LnRlc3Qw +C4IJeDQ0Ni50ZXN0MAuCCXg0NDcudGVzdDALggl4NDQ4LnRlc3QwC4IJeDQ0OS50 +ZXN0MAuCCXg0NTAudGVzdDALggl4NDUxLnRlc3QwC4IJeDQ1Mi50ZXN0MAuCCXg0 +NTMudGVzdDALggl4NDU0LnRlc3QwC4IJeDQ1NS50ZXN0MAuCCXg0NTYudGVzdDAL +ggl4NDU3LnRlc3QwC4IJeDQ1OC50ZXN0MAuCCXg0NTkudGVzdDALggl4NDYwLnRl +c3QwC4IJeDQ2MS50ZXN0MAuCCXg0NjIudGVzdDALggl4NDYzLnRlc3QwC4IJeDQ2 +NC50ZXN0MAuCCXg0NjUudGVzdDALggl4NDY2LnRlc3QwC4IJeDQ2Ny50ZXN0MAuC +CXg0NjgudGVzdDALggl4NDY5LnRlc3QwC4IJeDQ3MC50ZXN0MAuCCXg0NzEudGVz +dDALggl4NDcyLnRlc3QwC4IJeDQ3My50ZXN0MAuCCXg0NzQudGVzdDALggl4NDc1 +LnRlc3QwC4IJeDQ3Ni50ZXN0MAuCCXg0NzcudGVzdDALggl4NDc4LnRlc3QwC4IJ +eDQ3OS50ZXN0MAuCCXg0ODAudGVzdDALggl4NDgxLnRlc3QwC4IJeDQ4Mi50ZXN0 +MAuCCXg0ODMudGVzdDALggl4NDg0LnRlc3QwC4IJeDQ4NS50ZXN0MAuCCXg0ODYu +dGVzdDALggl4NDg3LnRlc3QwC4IJeDQ4OC50ZXN0MAuCCXg0ODkudGVzdDALggl4 +NDkwLnRlc3QwC4IJeDQ5MS50ZXN0MAuCCXg0OTIudGVzdDALggl4NDkzLnRlc3Qw +C4IJeDQ5NC50ZXN0MAuCCXg0OTUudGVzdDALggl4NDk2LnRlc3QwC4IJeDQ5Ny50 +ZXN0MAuCCXg0OTgudGVzdDALggl4NDk5LnRlc3QwC4IJeDUwMC50ZXN0MAuCCXg1 +MDEudGVzdDALggl4NTAyLnRlc3QwC4IJeDUwMy50ZXN0MAuCCXg1MDQudGVzdDAL +ggl4NTA1LnRlc3QwC4IJeDUwNi50ZXN0MAuCCXg1MDcudGVzdDALggl4NTA4LnRl +c3QwC4IJeDUwOS50ZXN0MAuCCXg1MTAudGVzdDALggl4NTExLnRlc3QwC4IJeDUx +Mi50ZXN0MAuCCXg1MTMudGVzdDALggl4NTE0LnRlc3QwC4IJeDUxNS50ZXN0MAuC +CXg1MTYudGVzdDALggl4NTE3LnRlc3QwC4IJeDUxOC50ZXN0MAuCCXg1MTkudGVz +dDALggl4NTIwLnRlc3QwC4IJeDUyMS50ZXN0MAuCCXg1MjIudGVzdDALggl4NTIz +LnRlc3QwC4IJeDUyNC50ZXN0MAuCCXg1MjUudGVzdDALggl4NTI2LnRlc3QwC4IJ +eDUyNy50ZXN0MAuCCXg1MjgudGVzdDALggl4NTI5LnRlc3QwC4IJeDUzMC50ZXN0 +MAuCCXg1MzEudGVzdDALggl4NTMyLnRlc3QwC4IJeDUzMy50ZXN0MAuCCXg1MzQu +dGVzdDALggl4NTM1LnRlc3QwC4IJeDUzNi50ZXN0MAuCCXg1MzcudGVzdDALggl4 +NTM4LnRlc3QwC4IJeDUzOS50ZXN0MAuCCXg1NDAudGVzdDALggl4NTQxLnRlc3Qw +C4IJeDU0Mi50ZXN0MAuCCXg1NDMudGVzdDALggl4NTQ0LnRlc3QwC4IJeDU0NS50 +ZXN0MAuCCXg1NDYudGVzdDALggl4NTQ3LnRlc3QwC4IJeDU0OC50ZXN0MAuCCXg1 +NDkudGVzdDALggl4NTUwLnRlc3QwC4IJeDU1MS50ZXN0MAuCCXg1NTIudGVzdDAL +ggl4NTUzLnRlc3QwC4IJeDU1NC50ZXN0MAuCCXg1NTUudGVzdDALggl4NTU2LnRl +c3QwC4IJeDU1Ny50ZXN0MAuCCXg1NTgudGVzdDALggl4NTU5LnRlc3QwC4IJeDU2 +MC50ZXN0MAuCCXg1NjEudGVzdDALggl4NTYyLnRlc3QwC4IJeDU2My50ZXN0MAuC +CXg1NjQudGVzdDALggl4NTY1LnRlc3QwC4IJeDU2Ni50ZXN0MAuCCXg1NjcudGVz +dDALggl4NTY4LnRlc3QwC4IJeDU2OS50ZXN0MAuCCXg1NzAudGVzdDALggl4NTcx +LnRlc3QwC4IJeDU3Mi50ZXN0MAuCCXg1NzMudGVzdDALggl4NTc0LnRlc3QwC4IJ +eDU3NS50ZXN0MAuCCXg1NzYudGVzdDALggl4NTc3LnRlc3QwC4IJeDU3OC50ZXN0 +MAuCCXg1NzkudGVzdDALggl4NTgwLnRlc3QwC4IJeDU4MS50ZXN0MAuCCXg1ODIu +dGVzdDALggl4NTgzLnRlc3QwC4IJeDU4NC50ZXN0MAuCCXg1ODUudGVzdDALggl4 +NTg2LnRlc3QwC4IJeDU4Ny50ZXN0MAuCCXg1ODgudGVzdDALggl4NTg5LnRlc3Qw +C4IJeDU5MC50ZXN0MAuCCXg1OTEudGVzdDALggl4NTkyLnRlc3QwC4IJeDU5My50 +ZXN0MAuCCXg1OTQudGVzdDALggl4NTk1LnRlc3QwC4IJeDU5Ni50ZXN0MAuCCXg1 +OTcudGVzdDALggl4NTk4LnRlc3QwC4IJeDU5OS50ZXN0MAuCCXg2MDAudGVzdDAL +ggl4NjAxLnRlc3QwC4IJeDYwMi50ZXN0MAuCCXg2MDMudGVzdDALggl4NjA0LnRl +c3QwC4IJeDYwNS50ZXN0MAuCCXg2MDYudGVzdDALggl4NjA3LnRlc3QwC4IJeDYw +OC50ZXN0MAuCCXg2MDkudGVzdDALggl4NjEwLnRlc3QwC4IJeDYxMS50ZXN0MAuC +CXg2MTIudGVzdDALggl4NjEzLnRlc3QwC4IJeDYxNC50ZXN0MAuCCXg2MTUudGVz +dDALggl4NjE2LnRlc3QwC4IJeDYxNy50ZXN0MAuCCXg2MTgudGVzdDALggl4NjE5 +LnRlc3QwC4IJeDYyMC50ZXN0MAuCCXg2MjEudGVzdDALggl4NjIyLnRlc3QwC4IJ +eDYyMy50ZXN0MAuCCXg2MjQudGVzdDALggl4NjI1LnRlc3QwC4IJeDYyNi50ZXN0 +MAuCCXg2MjcudGVzdDALggl4NjI4LnRlc3QwC4IJeDYyOS50ZXN0MAuCCXg2MzAu +dGVzdDALggl4NjMxLnRlc3QwC4IJeDYzMi50ZXN0MAuCCXg2MzMudGVzdDALggl4 +NjM0LnRlc3QwC4IJeDYzNS50ZXN0MAuCCXg2MzYudGVzdDALggl4NjM3LnRlc3Qw +C4IJeDYzOC50ZXN0MAuCCXg2MzkudGVzdDALggl4NjQwLnRlc3QwC4IJeDY0MS50 +ZXN0MAuCCXg2NDIudGVzdDALggl4NjQzLnRlc3QwC4IJeDY0NC50ZXN0MAuCCXg2 +NDUudGVzdDALggl4NjQ2LnRlc3QwC4IJeDY0Ny50ZXN0MAuCCXg2NDgudGVzdDAL +ggl4NjQ5LnRlc3QwC4IJeDY1MC50ZXN0MAuCCXg2NTEudGVzdDALggl4NjUyLnRl +c3QwC4IJeDY1My50ZXN0MAuCCXg2NTQudGVzdDALggl4NjU1LnRlc3QwC4IJeDY1 +Ni50ZXN0MAuCCXg2NTcudGVzdDALggl4NjU4LnRlc3QwC4IJeDY1OS50ZXN0MAuC +CXg2NjAudGVzdDALggl4NjYxLnRlc3QwC4IJeDY2Mi50ZXN0MAuCCXg2NjMudGVz +dDALggl4NjY0LnRlc3QwC4IJeDY2NS50ZXN0MAuCCXg2NjYudGVzdDALggl4NjY3 +LnRlc3QwC4IJeDY2OC50ZXN0MAuCCXg2NjkudGVzdDALggl4NjcwLnRlc3QwC4IJ +eDY3MS50ZXN0MAuCCXg2NzIudGVzdDALggl4NjczLnRlc3QwC4IJeDY3NC50ZXN0 +MAuCCXg2NzUudGVzdDALggl4Njc2LnRlc3QwC4IJeDY3Ny50ZXN0MAuCCXg2Nzgu +dGVzdDALggl4Njc5LnRlc3QwC4IJeDY4MC50ZXN0MAuCCXg2ODEudGVzdDALggl4 +NjgyLnRlc3QwC4IJeDY4My50ZXN0MAuCCXg2ODQudGVzdDALggl4Njg1LnRlc3Qw +C4IJeDY4Ni50ZXN0MAuCCXg2ODcudGVzdDALggl4Njg4LnRlc3QwC4IJeDY4OS50 +ZXN0MAuCCXg2OTAudGVzdDALggl4NjkxLnRlc3QwC4IJeDY5Mi50ZXN0MAuCCXg2 +OTMudGVzdDALggl4Njk0LnRlc3QwC4IJeDY5NS50ZXN0MAuCCXg2OTYudGVzdDAL +ggl4Njk3LnRlc3QwC4IJeDY5OC50ZXN0MAuCCXg2OTkudGVzdDALggl4NzAwLnRl +c3QwC4IJeDcwMS50ZXN0MAuCCXg3MDIudGVzdDALggl4NzAzLnRlc3QwC4IJeDcw +NC50ZXN0MAuCCXg3MDUudGVzdDALggl4NzA2LnRlc3QwC4IJeDcwNy50ZXN0MAuC +CXg3MDgudGVzdDALggl4NzA5LnRlc3QwC4IJeDcxMC50ZXN0MAuCCXg3MTEudGVz +dDALggl4NzEyLnRlc3QwC4IJeDcxMy50ZXN0MAuCCXg3MTQudGVzdDALggl4NzE1 +LnRlc3QwC4IJeDcxNi50ZXN0MAuCCXg3MTcudGVzdDALggl4NzE4LnRlc3QwC4IJ +eDcxOS50ZXN0MAuCCXg3MjAudGVzdDALggl4NzIxLnRlc3QwC4IJeDcyMi50ZXN0 +MAuCCXg3MjMudGVzdDALggl4NzI0LnRlc3QwC4IJeDcyNS50ZXN0MAuCCXg3MjYu +dGVzdDALggl4NzI3LnRlc3QwC4IJeDcyOC50ZXN0MAuCCXg3MjkudGVzdDALggl4 +NzMwLnRlc3QwC4IJeDczMS50ZXN0MAuCCXg3MzIudGVzdDALggl4NzMzLnRlc3Qw +C4IJeDczNC50ZXN0MAuCCXg3MzUudGVzdDALggl4NzM2LnRlc3QwC4IJeDczNy50 +ZXN0MAuCCXg3MzgudGVzdDALggl4NzM5LnRlc3QwC4IJeDc0MC50ZXN0MAuCCXg3 +NDEudGVzdDALggl4NzQyLnRlc3QwC4IJeDc0My50ZXN0MAuCCXg3NDQudGVzdDAL +ggl4NzQ1LnRlc3QwC4IJeDc0Ni50ZXN0MAuCCXg3NDcudGVzdDALggl4NzQ4LnRl +c3QwC4IJeDc0OS50ZXN0MAuCCXg3NTAudGVzdDALggl4NzUxLnRlc3QwC4IJeDc1 +Mi50ZXN0MAuCCXg3NTMudGVzdDALggl4NzU0LnRlc3QwC4IJeDc1NS50ZXN0MAuC +CXg3NTYudGVzdDALggl4NzU3LnRlc3QwC4IJeDc1OC50ZXN0MAuCCXg3NTkudGVz +dDALggl4NzYwLnRlc3QwC4IJeDc2MS50ZXN0MAuCCXg3NjIudGVzdDALggl4NzYz +LnRlc3QwC4IJeDc2NC50ZXN0MAuCCXg3NjUudGVzdDALggl4NzY2LnRlc3QwC4IJ +eDc2Ny50ZXN0MAuCCXg3NjgudGVzdDALggl4NzY5LnRlc3QwC4IJeDc3MC50ZXN0 +MAuCCXg3NzEudGVzdDALggl4NzcyLnRlc3QwC4IJeDc3My50ZXN0MAuCCXg3NzQu +dGVzdDALggl4Nzc1LnRlc3QwC4IJeDc3Ni50ZXN0MAuCCXg3NzcudGVzdDALggl4 +Nzc4LnRlc3QwC4IJeDc3OS50ZXN0MAuCCXg3ODAudGVzdDALggl4NzgxLnRlc3Qw +C4IJeDc4Mi50ZXN0MAuCCXg3ODMudGVzdDALggl4Nzg0LnRlc3QwC4IJeDc4NS50 +ZXN0MAuCCXg3ODYudGVzdDALggl4Nzg3LnRlc3QwC4IJeDc4OC50ZXN0MAuCCXg3 +ODkudGVzdDALggl4NzkwLnRlc3QwC4IJeDc5MS50ZXN0MAuCCXg3OTIudGVzdDAL +ggl4NzkzLnRlc3QwC4IJeDc5NC50ZXN0MAuCCXg3OTUudGVzdDALggl4Nzk2LnRl +c3QwC4IJeDc5Ny50ZXN0MAuCCXg3OTgudGVzdDALggl4Nzk5LnRlc3QwC4IJeDgw +MC50ZXN0MAuCCXg4MDEudGVzdDALggl4ODAyLnRlc3QwC4IJeDgwMy50ZXN0MAuC +CXg4MDQudGVzdDALggl4ODA1LnRlc3QwC4IJeDgwNi50ZXN0MAuCCXg4MDcudGVz +dDALggl4ODA4LnRlc3QwC4IJeDgwOS50ZXN0MAuCCXg4MTAudGVzdDALggl4ODEx +LnRlc3QwC4IJeDgxMi50ZXN0MAuCCXg4MTMudGVzdDALggl4ODE0LnRlc3QwC4IJ +eDgxNS50ZXN0MAuCCXg4MTYudGVzdDALggl4ODE3LnRlc3QwC4IJeDgxOC50ZXN0 +MAuCCXg4MTkudGVzdDALggl4ODIwLnRlc3QwC4IJeDgyMS50ZXN0MAuCCXg4MjIu +dGVzdDALggl4ODIzLnRlc3QwC4IJeDgyNC50ZXN0MAuCCXg4MjUudGVzdDALggl4 +ODI2LnRlc3QwC4IJeDgyNy50ZXN0MAuCCXg4MjgudGVzdDALggl4ODI5LnRlc3Qw +C4IJeDgzMC50ZXN0MAuCCXg4MzEudGVzdDALggl4ODMyLnRlc3QwC4IJeDgzMy50 +ZXN0MAuCCXg4MzQudGVzdDALggl4ODM1LnRlc3QwC4IJeDgzNi50ZXN0MAuCCXg4 +MzcudGVzdDALggl4ODM4LnRlc3QwC4IJeDgzOS50ZXN0MAuCCXg4NDAudGVzdDAL +ggl4ODQxLnRlc3QwC4IJeDg0Mi50ZXN0MAuCCXg4NDMudGVzdDALggl4ODQ0LnRl +c3QwC4IJeDg0NS50ZXN0MAuCCXg4NDYudGVzdDALggl4ODQ3LnRlc3QwC4IJeDg0 +OC50ZXN0MAuCCXg4NDkudGVzdDALggl4ODUwLnRlc3QwC4IJeDg1MS50ZXN0MAuC +CXg4NTIudGVzdDALggl4ODUzLnRlc3QwC4IJeDg1NC50ZXN0MAuCCXg4NTUudGVz +dDALggl4ODU2LnRlc3QwC4IJeDg1Ny50ZXN0MAuCCXg4NTgudGVzdDALggl4ODU5 +LnRlc3QwC4IJeDg2MC50ZXN0MAuCCXg4NjEudGVzdDALggl4ODYyLnRlc3QwC4IJ +eDg2My50ZXN0MAuCCXg4NjQudGVzdDALggl4ODY1LnRlc3QwC4IJeDg2Ni50ZXN0 +MAuCCXg4NjcudGVzdDALggl4ODY4LnRlc3QwC4IJeDg2OS50ZXN0MAuCCXg4NzAu +dGVzdDALggl4ODcxLnRlc3QwC4IJeDg3Mi50ZXN0MAuCCXg4NzMudGVzdDALggl4 +ODc0LnRlc3QwC4IJeDg3NS50ZXN0MAuCCXg4NzYudGVzdDALggl4ODc3LnRlc3Qw +C4IJeDg3OC50ZXN0MAuCCXg4NzkudGVzdDALggl4ODgwLnRlc3QwC4IJeDg4MS50 +ZXN0MAuCCXg4ODIudGVzdDALggl4ODgzLnRlc3QwC4IJeDg4NC50ZXN0MAuCCXg4 +ODUudGVzdDALggl4ODg2LnRlc3QwC4IJeDg4Ny50ZXN0MAuCCXg4ODgudGVzdDAL +ggl4ODg5LnRlc3QwC4IJeDg5MC50ZXN0MAuCCXg4OTEudGVzdDALggl4ODkyLnRl +c3QwC4IJeDg5My50ZXN0MAuCCXg4OTQudGVzdDALggl4ODk1LnRlc3QwC4IJeDg5 +Ni50ZXN0MAuCCXg4OTcudGVzdDALggl4ODk4LnRlc3QwC4IJeDg5OS50ZXN0MAuC +CXg5MDAudGVzdDALggl4OTAxLnRlc3QwC4IJeDkwMi50ZXN0MAuCCXg5MDMudGVz +dDALggl4OTA0LnRlc3QwC4IJeDkwNS50ZXN0MAuCCXg5MDYudGVzdDALggl4OTA3 +LnRlc3QwC4IJeDkwOC50ZXN0MAuCCXg5MDkudGVzdDALggl4OTEwLnRlc3QwC4IJ +eDkxMS50ZXN0MAuCCXg5MTIudGVzdDALggl4OTEzLnRlc3QwC4IJeDkxNC50ZXN0 +MAuCCXg5MTUudGVzdDALggl4OTE2LnRlc3QwC4IJeDkxNy50ZXN0MAuCCXg5MTgu +dGVzdDALggl4OTE5LnRlc3QwC4IJeDkyMC50ZXN0MAuCCXg5MjEudGVzdDALggl4 +OTIyLnRlc3QwC4IJeDkyMy50ZXN0MAuCCXg5MjQudGVzdDALggl4OTI1LnRlc3Qw +C4IJeDkyNi50ZXN0MAuCCXg5MjcudGVzdDALggl4OTI4LnRlc3QwC4IJeDkyOS50 +ZXN0MAuCCXg5MzAudGVzdDALggl4OTMxLnRlc3QwC4IJeDkzMi50ZXN0MAuCCXg5 +MzMudGVzdDALggl4OTM0LnRlc3QwC4IJeDkzNS50ZXN0MAuCCXg5MzYudGVzdDAL +ggl4OTM3LnRlc3QwC4IJeDkzOC50ZXN0MAuCCXg5MzkudGVzdDALggl4OTQwLnRl +c3QwC4IJeDk0MS50ZXN0MAuCCXg5NDIudGVzdDALggl4OTQzLnRlc3QwC4IJeDk0 +NC50ZXN0MAuCCXg5NDUudGVzdDALggl4OTQ2LnRlc3QwC4IJeDk0Ny50ZXN0MAuC +CXg5NDgudGVzdDALggl4OTQ5LnRlc3QwC4IJeDk1MC50ZXN0MAuCCXg5NTEudGVz +dDALggl4OTUyLnRlc3QwC4IJeDk1My50ZXN0MAuCCXg5NTQudGVzdDALggl4OTU1 +LnRlc3QwC4IJeDk1Ni50ZXN0MAuCCXg5NTcudGVzdDALggl4OTU4LnRlc3QwC4IJ +eDk1OS50ZXN0MAuCCXg5NjAudGVzdDALggl4OTYxLnRlc3QwC4IJeDk2Mi50ZXN0 +MAuCCXg5NjMudGVzdDALggl4OTY0LnRlc3QwC4IJeDk2NS50ZXN0MAuCCXg5NjYu +dGVzdDALggl4OTY3LnRlc3QwC4IJeDk2OC50ZXN0MAuCCXg5NjkudGVzdDALggl4 +OTcwLnRlc3QwC4IJeDk3MS50ZXN0MAuCCXg5NzIudGVzdDALggl4OTczLnRlc3Qw +C4IJeDk3NC50ZXN0MAuCCXg5NzUudGVzdDALggl4OTc2LnRlc3QwC4IJeDk3Ny50 +ZXN0MAuCCXg5NzgudGVzdDALggl4OTc5LnRlc3QwC4IJeDk4MC50ZXN0MAuCCXg5 +ODEudGVzdDALggl4OTgyLnRlc3QwC4IJeDk4My50ZXN0MAuCCXg5ODQudGVzdDAL +ggl4OTg1LnRlc3QwC4IJeDk4Ni50ZXN0MAuCCXg5ODcudGVzdDALggl4OTg4LnRl +c3QwC4IJeDk4OS50ZXN0MAuCCXg5OTAudGVzdDALggl4OTkxLnRlc3QwC4IJeDk5 +Mi50ZXN0MAuCCXg5OTMudGVzdDALggl4OTk0LnRlc3QwC4IJeDk5NS50ZXN0MAuC +CXg5OTYudGVzdDALggl4OTk3LnRlc3QwC4IJeDk5OC50ZXN0MAuCCXg5OTkudGVz +dDAMggp4MTAwMC50ZXN0MAyCCngxMDAxLnRlc3QwDIIKeDEwMDIudGVzdDAMggp4 +MTAwMy50ZXN0MAyCCngxMDA0LnRlc3QwDIIKeDEwMDUudGVzdDAMggp4MTAwNi50 +ZXN0MAyCCngxMDA3LnRlc3QwDIIKeDEwMDgudGVzdDAMggp4MTAwOS50ZXN0MAyC +CngxMDEwLnRlc3QwDIIKeDEwMTEudGVzdDAMggp4MTAxMi50ZXN0MAyCCngxMDEz +LnRlc3QwDIIKeDEwMTQudGVzdDAMggp4MTAxNS50ZXN0MAyCCngxMDE2LnRlc3Qw +DIIKeDEwMTcudGVzdDAMggp4MTAxOC50ZXN0MAyCCngxMDE5LnRlc3QwDIIKeDEw +MjAudGVzdDAMggp4MTAyMS50ZXN0MAyCCngxMDIyLnRlc3QwDIIKeDEwMjMudGVz +dDAMggp4MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQCjYeC9VRtVNgVLIgp8 +k2K6CM5otYpi91cnbA/QA/RX8aDlNWmR/mavJ65Ukmc7p86Gft1m6aTcaUltw5ba +/T1KJ2DxJPjxvjT2tkNTAooPh0IHXZHTnZY5k5y28jj9Ny999AJnP3O7ln5VGzjy +bsg1kCgd2cJF5xcDM5b5WesPvCxSV2r8Lz3w81wd1xqN4gKolhXgYZXWCbq5e8A2 +zM6We3/vNffzCCi2rCpBpiJDbHbFNB3oR7/dVnoPfb0uqWvtkjmlNjUJUmv6A7Bt +aOKDLo9+h3H8Qi3yBxZTjRoCwANV078dwQf1Y+w/byZM50fQneYEAK22h94DWbCA +EHg+ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.test new file mode 100644 index 0000000000..5e5e8e4192 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-excluded.test @@ -0,0 +1,8 @@ +chain: toomany-dns-excluded.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem new file mode 100644 index 0000000000..a11fcc874e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.pem @@ -0,0 +1,1815 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of permitted DNS name +constraints and DNS names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:t0.test, DNS:t1.test, DNS:t2.test, DNS:t3.test, DNS:t4.test, DNS:t5.test, DNS:t6.test, DNS:t7.test, DNS:t8.test, DNS:t9.test, DNS:t10.test, DNS:t11.test, DNS:t12.test, DNS:t13.test, DNS:t14.test, DNS:t15.test, DNS:t16.test, DNS:t17.test, DNS:t18.test, DNS:t19.test, DNS:t20.test, DNS:t21.test, DNS:t22.test, DNS:t23.test, DNS:t24.test, DNS:t25.test, DNS:t26.test, DNS:t27.test, DNS:t28.test, DNS:t29.test, DNS:t30.test, DNS:t31.test, DNS:t32.test, DNS:t33.test, DNS:t34.test, DNS:t35.test, DNS:t36.test, DNS:t37.test, DNS:t38.test, DNS:t39.test, DNS:t40.test, DNS:t41.test, DNS:t42.test, DNS:t43.test, DNS:t44.test, DNS:t45.test, DNS:t46.test, DNS:t47.test, DNS:t48.test, DNS:t49.test, DNS:t50.test, DNS:t51.test, DNS:t52.test, DNS:t53.test, DNS:t54.test, DNS:t55.test, DNS:t56.test, DNS:t57.test, DNS:t58.test, DNS:t59.test, DNS:t60.test, DNS:t61.test, DNS:t62.test, DNS:t63.test, DNS:t64.test, DNS:t65.test, DNS:t66.test, DNS:t67.test, DNS:t68.test, DNS:t69.test, DNS:t70.test, DNS:t71.test, DNS:t72.test, DNS:t73.test, DNS:t74.test, DNS:t75.test, DNS:t76.test, DNS:t77.test, DNS:t78.test, DNS:t79.test, DNS:t80.test, DNS:t81.test, DNS:t82.test, DNS:t83.test, DNS:t84.test, DNS:t85.test, DNS:t86.test, DNS:t87.test, DNS:t88.test, DNS:t89.test, DNS:t90.test, DNS:t91.test, DNS:t92.test, DNS:t93.test, DNS:t94.test, DNS:t95.test, DNS:t96.test, DNS:t97.test, DNS:t98.test, DNS:t99.test, DNS:t100.test, DNS:t101.test, DNS:t102.test, DNS:t103.test, DNS:t104.test, DNS:t105.test, DNS:t106.test, DNS:t107.test, DNS:t108.test, DNS:t109.test, DNS:t110.test, DNS:t111.test, DNS:t112.test, DNS:t113.test, DNS:t114.test, DNS:t115.test, DNS:t116.test, DNS:t117.test, DNS:t118.test, DNS:t119.test, DNS:t120.test, DNS:t121.test, DNS:t122.test, DNS:t123.test, DNS:t124.test, DNS:t125.test, DNS:t126.test, DNS:t127.test, DNS:t128.test, DNS:t129.test, DNS:t130.test, DNS:t131.test, DNS:t132.test, DNS:t133.test, DNS:t134.test, DNS:t135.test, DNS:t136.test, DNS:t137.test, DNS:t138.test, DNS:t139.test, DNS:t140.test, DNS:t141.test, DNS:t142.test, DNS:t143.test, DNS:t144.test, DNS:t145.test, DNS:t146.test, DNS:t147.test, DNS:t148.test, DNS:t149.test, DNS:t150.test, DNS:t151.test, DNS:t152.test, DNS:t153.test, DNS:t154.test, DNS:t155.test, DNS:t156.test, DNS:t157.test, DNS:t158.test, DNS:t159.test, DNS:t160.test, DNS:t161.test, DNS:t162.test, DNS:t163.test, DNS:t164.test, DNS:t165.test, DNS:t166.test, DNS:t167.test, DNS:t168.test, DNS:t169.test, DNS:t170.test, DNS:t171.test, DNS:t172.test, DNS:t173.test, DNS:t174.test, DNS:t175.test, DNS:t176.test, DNS:t177.test, DNS:t178.test, DNS:t179.test, DNS:t180.test, DNS:t181.test, DNS:t182.test, DNS:t183.test, DNS:t184.test, DNS:t185.test, DNS:t186.test, DNS:t187.test, DNS:t188.test, DNS:t189.test, DNS:t190.test, DNS:t191.test, DNS:t192.test, DNS:t193.test, DNS:t194.test, DNS:t195.test, DNS:t196.test, DNS:t197.test, DNS:t198.test, DNS:t199.test, DNS:t200.test, DNS:t201.test, DNS:t202.test, DNS:t203.test, DNS:t204.test, DNS:t205.test, DNS:t206.test, DNS:t207.test, DNS:t208.test, DNS:t209.test, DNS:t210.test, DNS:t211.test, DNS:t212.test, DNS:t213.test, DNS:t214.test, DNS:t215.test, DNS:t216.test, DNS:t217.test, DNS:t218.test, DNS:t219.test, DNS:t220.test, DNS:t221.test, DNS:t222.test, DNS:t223.test, DNS:t224.test, DNS:t225.test, DNS:t226.test, DNS:t227.test, DNS:t228.test, DNS:t229.test, DNS:t230.test, DNS:t231.test, DNS:t232.test, DNS:t233.test, DNS:t234.test, DNS:t235.test, DNS:t236.test, DNS:t237.test, DNS:t238.test, DNS:t239.test, DNS:t240.test, DNS:t241.test, DNS:t242.test, DNS:t243.test, DNS:t244.test, DNS:t245.test, DNS:t246.test, DNS:t247.test, DNS:t248.test, DNS:t249.test, DNS:t250.test, DNS:t251.test, DNS:t252.test, DNS:t253.test, DNS:t254.test, DNS:t255.test, DNS:t256.test, DNS:t257.test, DNS:t258.test, DNS:t259.test, DNS:t260.test, DNS:t261.test, DNS:t262.test, DNS:t263.test, DNS:t264.test, DNS:t265.test, DNS:t266.test, DNS:t267.test, DNS:t268.test, DNS:t269.test, DNS:t270.test, DNS:t271.test, DNS:t272.test, DNS:t273.test, DNS:t274.test, DNS:t275.test, DNS:t276.test, DNS:t277.test, DNS:t278.test, DNS:t279.test, DNS:t280.test, DNS:t281.test, DNS:t282.test, DNS:t283.test, DNS:t284.test, DNS:t285.test, DNS:t286.test, DNS:t287.test, DNS:t288.test, DNS:t289.test, DNS:t290.test, DNS:t291.test, DNS:t292.test, DNS:t293.test, DNS:t294.test, DNS:t295.test, DNS:t296.test, DNS:t297.test, DNS:t298.test, DNS:t299.test, DNS:t300.test, DNS:t301.test, DNS:t302.test, DNS:t303.test, DNS:t304.test, DNS:t305.test, DNS:t306.test, DNS:t307.test, DNS:t308.test, DNS:t309.test, DNS:t310.test, DNS:t311.test, DNS:t312.test, DNS:t313.test, DNS:t314.test, DNS:t315.test, DNS:t316.test, DNS:t317.test, DNS:t318.test, DNS:t319.test, DNS:t320.test, DNS:t321.test, DNS:t322.test, DNS:t323.test, DNS:t324.test, DNS:t325.test, DNS:t326.test, DNS:t327.test, DNS:t328.test, DNS:t329.test, DNS:t330.test, DNS:t331.test, DNS:t332.test, DNS:t333.test, DNS:t334.test, DNS:t335.test, DNS:t336.test, DNS:t337.test, DNS:t338.test, DNS:t339.test, DNS:t340.test, DNS:t341.test, DNS:t342.test, DNS:t343.test, DNS:t344.test, DNS:t345.test, DNS:t346.test, DNS:t347.test, DNS:t348.test, DNS:t349.test, DNS:t350.test, DNS:t351.test, DNS:t352.test, DNS:t353.test, DNS:t354.test, DNS:t355.test, DNS:t356.test, DNS:t357.test, DNS:t358.test, DNS:t359.test, DNS:t360.test, DNS:t361.test, DNS:t362.test, DNS:t363.test, DNS:t364.test, DNS:t365.test, DNS:t366.test, DNS:t367.test, DNS:t368.test, DNS:t369.test, DNS:t370.test, DNS:t371.test, DNS:t372.test, DNS:t373.test, DNS:t374.test, DNS:t375.test, DNS:t376.test, DNS:t377.test, DNS:t378.test, DNS:t379.test, DNS:t380.test, DNS:t381.test, DNS:t382.test, DNS:t383.test, DNS:t384.test, DNS:t385.test, DNS:t386.test, DNS:t387.test, DNS:t388.test, DNS:t389.test, DNS:t390.test, DNS:t391.test, DNS:t392.test, DNS:t393.test, DNS:t394.test, DNS:t395.test, DNS:t396.test, DNS:t397.test, DNS:t398.test, DNS:t399.test, DNS:t400.test, DNS:t401.test, DNS:t402.test, DNS:t403.test, DNS:t404.test, DNS:t405.test, DNS:t406.test, DNS:t407.test, DNS:t408.test, DNS:t409.test, DNS:t410.test, DNS:t411.test, DNS:t412.test, DNS:t413.test, DNS:t414.test, DNS:t415.test, DNS:t416.test, DNS:t417.test, DNS:t418.test, DNS:t419.test, DNS:t420.test, DNS:t421.test, DNS:t422.test, DNS:t423.test, DNS:t424.test, DNS:t425.test, DNS:t426.test, DNS:t427.test, DNS:t428.test, DNS:t429.test, DNS:t430.test, DNS:t431.test, DNS:t432.test, DNS:t433.test, DNS:t434.test, DNS:t435.test, DNS:t436.test, DNS:t437.test, DNS:t438.test, DNS:t439.test, DNS:t440.test, DNS:t441.test, DNS:t442.test, DNS:t443.test, DNS:t444.test, DNS:t445.test, DNS:t446.test, DNS:t447.test, DNS:t448.test, DNS:t449.test, DNS:t450.test, DNS:t451.test, DNS:t452.test, DNS:t453.test, DNS:t454.test, DNS:t455.test, DNS:t456.test, DNS:t457.test, DNS:t458.test, DNS:t459.test, DNS:t460.test, DNS:t461.test, DNS:t462.test, DNS:t463.test, DNS:t464.test, DNS:t465.test, DNS:t466.test, DNS:t467.test, DNS:t468.test, DNS:t469.test, DNS:t470.test, DNS:t471.test, DNS:t472.test, DNS:t473.test, DNS:t474.test, DNS:t475.test, DNS:t476.test, DNS:t477.test, DNS:t478.test, DNS:t479.test, DNS:t480.test, DNS:t481.test, DNS:t482.test, DNS:t483.test, DNS:t484.test, DNS:t485.test, DNS:t486.test, DNS:t487.test, DNS:t488.test, DNS:t489.test, DNS:t490.test, DNS:t491.test, DNS:t492.test, DNS:t493.test, DNS:t494.test, DNS:t495.test, DNS:t496.test, DNS:t497.test, DNS:t498.test, DNS:t499.test, DNS:t500.test, DNS:t501.test, DNS:t502.test, DNS:t503.test, DNS:t504.test, DNS:t505.test, DNS:t506.test, DNS:t507.test, DNS:t508.test, DNS:t509.test, DNS:t510.test, DNS:t511.test, DNS:t512.test, DNS:t513.test, DNS:t514.test, DNS:t515.test, DNS:t516.test, DNS:t517.test, DNS:t518.test, DNS:t519.test, DNS:t520.test, DNS:t521.test, DNS:t522.test, DNS:t523.test, DNS:t524.test, DNS:t525.test, DNS:t526.test, DNS:t527.test, DNS:t528.test, DNS:t529.test, DNS:t530.test, DNS:t531.test, DNS:t532.test, DNS:t533.test, DNS:t534.test, DNS:t535.test, DNS:t536.test, DNS:t537.test, DNS:t538.test, DNS:t539.test, DNS:t540.test, DNS:t541.test, DNS:t542.test, DNS:t543.test, DNS:t544.test, DNS:t545.test, DNS:t546.test, DNS:t547.test, DNS:t548.test, DNS:t549.test, DNS:t550.test, DNS:t551.test, DNS:t552.test, DNS:t553.test, DNS:t554.test, DNS:t555.test, DNS:t556.test, DNS:t557.test, DNS:t558.test, DNS:t559.test, DNS:t560.test, DNS:t561.test, DNS:t562.test, DNS:t563.test, DNS:t564.test, DNS:t565.test, DNS:t566.test, DNS:t567.test, DNS:t568.test, DNS:t569.test, DNS:t570.test, DNS:t571.test, DNS:t572.test, DNS:t573.test, DNS:t574.test, DNS:t575.test, DNS:t576.test, DNS:t577.test, DNS:t578.test, DNS:t579.test, DNS:t580.test, DNS:t581.test, DNS:t582.test, DNS:t583.test, DNS:t584.test, DNS:t585.test, DNS:t586.test, DNS:t587.test, DNS:t588.test, DNS:t589.test, DNS:t590.test, DNS:t591.test, DNS:t592.test, DNS:t593.test, DNS:t594.test, DNS:t595.test, DNS:t596.test, DNS:t597.test, DNS:t598.test, DNS:t599.test, DNS:t600.test, DNS:t601.test, DNS:t602.test, DNS:t603.test, DNS:t604.test, DNS:t605.test, DNS:t606.test, DNS:t607.test, DNS:t608.test, DNS:t609.test, DNS:t610.test, DNS:t611.test, DNS:t612.test, DNS:t613.test, DNS:t614.test, DNS:t615.test, DNS:t616.test, DNS:t617.test, DNS:t618.test, DNS:t619.test, DNS:t620.test, DNS:t621.test, DNS:t622.test, DNS:t623.test, DNS:t624.test, DNS:t625.test, DNS:t626.test, DNS:t627.test, DNS:t628.test, DNS:t629.test, DNS:t630.test, DNS:t631.test, DNS:t632.test, DNS:t633.test, DNS:t634.test, DNS:t635.test, DNS:t636.test, DNS:t637.test, DNS:t638.test, DNS:t639.test, DNS:t640.test, DNS:t641.test, DNS:t642.test, DNS:t643.test, DNS:t644.test, DNS:t645.test, DNS:t646.test, DNS:t647.test, DNS:t648.test, DNS:t649.test, DNS:t650.test, DNS:t651.test, DNS:t652.test, DNS:t653.test, DNS:t654.test, DNS:t655.test, DNS:t656.test, DNS:t657.test, DNS:t658.test, DNS:t659.test, DNS:t660.test, DNS:t661.test, DNS:t662.test, DNS:t663.test, DNS:t664.test, DNS:t665.test, DNS:t666.test, DNS:t667.test, DNS:t668.test, DNS:t669.test, DNS:t670.test, DNS:t671.test, DNS:t672.test, DNS:t673.test, DNS:t674.test, DNS:t675.test, DNS:t676.test, DNS:t677.test, DNS:t678.test, DNS:t679.test, DNS:t680.test, DNS:t681.test, DNS:t682.test, DNS:t683.test, DNS:t684.test, DNS:t685.test, DNS:t686.test, DNS:t687.test, DNS:t688.test, DNS:t689.test, DNS:t690.test, DNS:t691.test, DNS:t692.test, DNS:t693.test, DNS:t694.test, DNS:t695.test, DNS:t696.test, DNS:t697.test, DNS:t698.test, DNS:t699.test, DNS:t700.test, DNS:t701.test, DNS:t702.test, DNS:t703.test, DNS:t704.test, DNS:t705.test, DNS:t706.test, DNS:t707.test, DNS:t708.test, DNS:t709.test, DNS:t710.test, DNS:t711.test, DNS:t712.test, DNS:t713.test, DNS:t714.test, DNS:t715.test, DNS:t716.test, DNS:t717.test, DNS:t718.test, DNS:t719.test, DNS:t720.test, DNS:t721.test, DNS:t722.test, DNS:t723.test, DNS:t724.test, DNS:t725.test, DNS:t726.test, DNS:t727.test, DNS:t728.test, DNS:t729.test, DNS:t730.test, DNS:t731.test, DNS:t732.test, DNS:t733.test, DNS:t734.test, DNS:t735.test, DNS:t736.test, DNS:t737.test, DNS:t738.test, DNS:t739.test, DNS:t740.test, DNS:t741.test, DNS:t742.test, DNS:t743.test, DNS:t744.test, DNS:t745.test, DNS:t746.test, DNS:t747.test, DNS:t748.test, DNS:t749.test, DNS:t750.test, DNS:t751.test, DNS:t752.test, DNS:t753.test, DNS:t754.test, DNS:t755.test, DNS:t756.test, DNS:t757.test, DNS:t758.test, DNS:t759.test, DNS:t760.test, DNS:t761.test, DNS:t762.test, DNS:t763.test, DNS:t764.test, DNS:t765.test, DNS:t766.test, DNS:t767.test, DNS:t768.test, DNS:t769.test, DNS:t770.test, DNS:t771.test, DNS:t772.test, DNS:t773.test, DNS:t774.test, DNS:t775.test, DNS:t776.test, DNS:t777.test, DNS:t778.test, DNS:t779.test, DNS:t780.test, DNS:t781.test, DNS:t782.test, DNS:t783.test, DNS:t784.test, DNS:t785.test, DNS:t786.test, DNS:t787.test, DNS:t788.test, DNS:t789.test, DNS:t790.test, DNS:t791.test, DNS:t792.test, DNS:t793.test, DNS:t794.test, DNS:t795.test, DNS:t796.test, DNS:t797.test, DNS:t798.test, DNS:t799.test, DNS:t800.test, DNS:t801.test, DNS:t802.test, DNS:t803.test, DNS:t804.test, DNS:t805.test, DNS:t806.test, DNS:t807.test, DNS:t808.test, DNS:t809.test, DNS:t810.test, DNS:t811.test, DNS:t812.test, DNS:t813.test, DNS:t814.test, DNS:t815.test, DNS:t816.test, DNS:t817.test, DNS:t818.test, DNS:t819.test, DNS:t820.test, DNS:t821.test, DNS:t822.test, DNS:t823.test, DNS:t824.test, DNS:t825.test, DNS:t826.test, DNS:t827.test, DNS:t828.test, DNS:t829.test, DNS:t830.test, DNS:t831.test, DNS:t832.test, DNS:t833.test, DNS:t834.test, DNS:t835.test, DNS:t836.test, DNS:t837.test, DNS:t838.test, DNS:t839.test, DNS:t840.test, DNS:t841.test, DNS:t842.test, DNS:t843.test, DNS:t844.test, DNS:t845.test, DNS:t846.test, DNS:t847.test, DNS:t848.test, DNS:t849.test, DNS:t850.test, DNS:t851.test, DNS:t852.test, DNS:t853.test, DNS:t854.test, DNS:t855.test, DNS:t856.test, DNS:t857.test, DNS:t858.test, DNS:t859.test, DNS:t860.test, DNS:t861.test, DNS:t862.test, DNS:t863.test, DNS:t864.test, DNS:t865.test, DNS:t866.test, DNS:t867.test, DNS:t868.test, DNS:t869.test, DNS:t870.test, DNS:t871.test, DNS:t872.test, DNS:t873.test, DNS:t874.test, DNS:t875.test, DNS:t876.test, DNS:t877.test, DNS:t878.test, DNS:t879.test, DNS:t880.test, DNS:t881.test, DNS:t882.test, DNS:t883.test, DNS:t884.test, DNS:t885.test, DNS:t886.test, DNS:t887.test, DNS:t888.test, DNS:t889.test, DNS:t890.test, DNS:t891.test, DNS:t892.test, DNS:t893.test, DNS:t894.test, DNS:t895.test, DNS:t896.test, DNS:t897.test, DNS:t898.test, DNS:t899.test, DNS:t900.test, DNS:t901.test, DNS:t902.test, DNS:t903.test, DNS:t904.test, DNS:t905.test, DNS:t906.test, DNS:t907.test, DNS:t908.test, DNS:t909.test, DNS:t910.test, DNS:t911.test, DNS:t912.test, DNS:t913.test, DNS:t914.test, DNS:t915.test, DNS:t916.test, DNS:t917.test, DNS:t918.test, DNS:t919.test, DNS:t920.test, DNS:t921.test, DNS:t922.test, DNS:t923.test, DNS:t924.test, DNS:t925.test, DNS:t926.test, DNS:t927.test, DNS:t928.test, DNS:t929.test, DNS:t930.test, DNS:t931.test, DNS:t932.test, DNS:t933.test, DNS:t934.test, DNS:t935.test, DNS:t936.test, DNS:t937.test, DNS:t938.test, DNS:t939.test, DNS:t940.test, DNS:t941.test, DNS:t942.test, DNS:t943.test, DNS:t944.test, DNS:t945.test, DNS:t946.test, DNS:t947.test, DNS:t948.test, DNS:t949.test, DNS:t950.test, DNS:t951.test, DNS:t952.test, DNS:t953.test, DNS:t954.test, DNS:t955.test, DNS:t956.test, DNS:t957.test, DNS:t958.test, DNS:t959.test, DNS:t960.test, DNS:t961.test, DNS:t962.test, DNS:t963.test, DNS:t964.test, DNS:t965.test, DNS:t966.test, DNS:t967.test, DNS:t968.test, DNS:t969.test, DNS:t970.test, DNS:t971.test, DNS:t972.test, DNS:t973.test, DNS:t974.test, DNS:t975.test, DNS:t976.test, DNS:t977.test, DNS:t978.test, DNS:t979.test, DNS:t980.test, DNS:t981.test, DNS:t982.test, DNS:t983.test, DNS:t984.test, DNS:t985.test, DNS:t986.test, DNS:t987.test, DNS:t988.test, DNS:t989.test, DNS:t990.test, DNS:t991.test, DNS:t992.test, DNS:t993.test, DNS:t994.test, DNS:t995.test, DNS:t996.test, DNS:t997.test, DNS:t998.test, DNS:t999.test, DNS:t1000.test, DNS:t1001.test, DNS:t1002.test, DNS:t1003.test, DNS:t1004.test, DNS:t1005.test, DNS:t1006.test, DNS:t1007.test, DNS:t1008.test, DNS:t1009.test, DNS:t1010.test, DNS:t1011.test, DNS:t1012.test, DNS:t1013.test, DNS:t1014.test, DNS:t1015.test, DNS:t1016.test, DNS:t1017.test, DNS:t1018.test, DNS:t1019.test, DNS:t1020.test, DNS:t1021.test, DNS:t1022.test, DNS:t1023.test + Signature Algorithm: sha256WithRSAEncryption + b7:c8:45:e8:f3:e4:4f:01:a9:fd:50:ef:22:07:85:79:92:9d: + e2:75:89:b7:0d:59:6c:65:ad:83:73:bc:44:09:7c:8b:be:cc: + d4:f6:d5:47:64:7b:c6:c8:d6:dd:ed:f9:bf:77:12:af:21:93: + ce:a8:1c:e3:6b:07:a2:80:f4:a8:83:3e:67:59:63:ae:07:f0: + 70:5b:db:f8:50:76:34:0b:b0:3f:97:93:6b:45:b1:3c:af:0a: + d8:08:96:1d:fa:f1:1b:2c:6b:82:9a:d2:ad:1e:f5:3e:46:33: + 91:60:1d:4d:7a:9b:6d:75:3d:b8:a5:50:d1:0a:cd:ce:ab:24: + 9a:ab:89:d3:73:15:70:f8:c6:23:0d:85:fe:1b:78:e6:d6:69: + 5c:7c:b2:28:1f:39:16:98:bd:f6:e3:0c:1e:71:7f:a9:15:75: + 02:aa:6e:38:2c:a0:18:95:18:28:9e:00:92:2c:eb:78:0b:75: + 11:9c:e9:a9:b5:fa:f9:ea:96:18:58:46:3b:7a:ed:47:08:42: + 01:ac:48:2f:7d:bc:b2:16:e8:b4:1c:36:1e:16:85:d2:ae:26: + 24:36:b2:c3:9f:c7:a1:c3:4e:76:27:5a:ca:cc:33:7e:a4:60: + 7c:86:d7:a7:19:6f:60:1a:98:89:16:ad:4a:de:12:15:0e:d0: + eb:6a:78:1f +-----BEGIN CERTIFICATE----- +MIIvWDCCLkCgAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2TANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCLKUwgiyhMB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgiu3BgNVHREEgiuuMIIrqoIH +dDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIHdDQudGVzdIIHdDUu +dGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDkudGVzdIIIdDEwLnRl +c3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQxNC50ZXN0ggh0MTUu +dGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIIIdDE5LnRlc3SCCHQy +MC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0ggh0MjQudGVzdIII +dDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRlc3SCCHQyOS50ZXN0 +ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMudGVzdIIIdDM0LnRl +c3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQzOC50ZXN0ggh0Mzku +dGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIIIdDQzLnRlc3SCCHQ0 +NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0ggh0NDgudGVzdIII +dDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRlc3SCCHQ1My50ZXN0 +ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcudGVzdIIIdDU4LnRl +c3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2Mi50ZXN0ggh0NjMu +dGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIIIdDY3LnRlc3SCCHQ2 +OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0ggh0NzIudGVzdIII +dDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRlc3SCCHQ3Ny50ZXN0 +ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEudGVzdIIIdDgyLnRl +c3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4Ni50ZXN0ggh0ODcu +dGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIIIdDkxLnRlc3SCCHQ5 +Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0ggh0OTYudGVzdIII +dDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50ZXN0ggl0MTAxLnRl +c3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SCCXQxMDUudGVzdIIJ +dDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEwOS50ZXN0ggl0MTEw +LnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRlc3SCCXQxMTQudGVz +dIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJdDExOC50ZXN0ggl0 +MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIyLnRlc3SCCXQxMjMu +dGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVzdIIJdDEyNy50ZXN0 +ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0MTMxLnRlc3SCCXQx +MzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUudGVzdIIJdDEzNi50 +ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0ggl0MTQwLnRlc3SC +CXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQxNDQudGVzdIIJdDE0 +NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50ZXN0ggl0MTQ5LnRl +c3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SCCXQxNTMudGVzdIIJ +dDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1Ny50ZXN0ggl0MTU4 +LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRlc3SCCXQxNjIudGVz +dIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJdDE2Ni50ZXN0ggl0 +MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcwLnRlc3SCCXQxNzEu +dGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVzdIIJdDE3NS50ZXN0 +ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0MTc5LnRlc3SCCXQx +ODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMudGVzdIIJdDE4NC50 +ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0ggl0MTg4LnRlc3SC +CXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQxOTIudGVzdIIJdDE5 +My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50ZXN0ggl0MTk3LnRl +c3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SCCXQyMDEudGVzdIIJ +dDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIwNS50ZXN0ggl0MjA2 +LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRlc3SCCXQyMTAudGVz +dIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJdDIxNC50ZXN0ggl0 +MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4LnRlc3SCCXQyMTku +dGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVzdIIJdDIyMy50ZXN0 +ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0MjI3LnRlc3SCCXQy +MjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEudGVzdIIJdDIzMi50 +ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0ggl0MjM2LnRlc3SC +CXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQyNDAudGVzdIIJdDI0 +MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50ZXN0ggl0MjQ1LnRl +c3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SCCXQyNDkudGVzdIIJ +dDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1My50ZXN0ggl0MjU0 +LnRlc3SCCXQyNTUudGVzdIIJdDI1Ni50ZXN0ggl0MjU3LnRlc3SCCXQyNTgudGVz +dIIJdDI1OS50ZXN0ggl0MjYwLnRlc3SCCXQyNjEudGVzdIIJdDI2Mi50ZXN0ggl0 +MjYzLnRlc3SCCXQyNjQudGVzdIIJdDI2NS50ZXN0ggl0MjY2LnRlc3SCCXQyNjcu +dGVzdIIJdDI2OC50ZXN0ggl0MjY5LnRlc3SCCXQyNzAudGVzdIIJdDI3MS50ZXN0 +ggl0MjcyLnRlc3SCCXQyNzMudGVzdIIJdDI3NC50ZXN0ggl0Mjc1LnRlc3SCCXQy +NzYudGVzdIIJdDI3Ny50ZXN0ggl0Mjc4LnRlc3SCCXQyNzkudGVzdIIJdDI4MC50 +ZXN0ggl0MjgxLnRlc3SCCXQyODIudGVzdIIJdDI4My50ZXN0ggl0Mjg0LnRlc3SC +CXQyODUudGVzdIIJdDI4Ni50ZXN0ggl0Mjg3LnRlc3SCCXQyODgudGVzdIIJdDI4 +OS50ZXN0ggl0MjkwLnRlc3SCCXQyOTEudGVzdIIJdDI5Mi50ZXN0ggl0MjkzLnRl +c3SCCXQyOTQudGVzdIIJdDI5NS50ZXN0ggl0Mjk2LnRlc3SCCXQyOTcudGVzdIIJ +dDI5OC50ZXN0ggl0Mjk5LnRlc3SCCXQzMDAudGVzdIIJdDMwMS50ZXN0ggl0MzAy +LnRlc3SCCXQzMDMudGVzdIIJdDMwNC50ZXN0ggl0MzA1LnRlc3SCCXQzMDYudGVz +dIIJdDMwNy50ZXN0ggl0MzA4LnRlc3SCCXQzMDkudGVzdIIJdDMxMC50ZXN0ggl0 +MzExLnRlc3SCCXQzMTIudGVzdIIJdDMxMy50ZXN0ggl0MzE0LnRlc3SCCXQzMTUu +dGVzdIIJdDMxNi50ZXN0ggl0MzE3LnRlc3SCCXQzMTgudGVzdIIJdDMxOS50ZXN0 +ggl0MzIwLnRlc3SCCXQzMjEudGVzdIIJdDMyMi50ZXN0ggl0MzIzLnRlc3SCCXQz +MjQudGVzdIIJdDMyNS50ZXN0ggl0MzI2LnRlc3SCCXQzMjcudGVzdIIJdDMyOC50 +ZXN0ggl0MzI5LnRlc3SCCXQzMzAudGVzdIIJdDMzMS50ZXN0ggl0MzMyLnRlc3SC +CXQzMzMudGVzdIIJdDMzNC50ZXN0ggl0MzM1LnRlc3SCCXQzMzYudGVzdIIJdDMz +Ny50ZXN0ggl0MzM4LnRlc3SCCXQzMzkudGVzdIIJdDM0MC50ZXN0ggl0MzQxLnRl +c3SCCXQzNDIudGVzdIIJdDM0My50ZXN0ggl0MzQ0LnRlc3SCCXQzNDUudGVzdIIJ +dDM0Ni50ZXN0ggl0MzQ3LnRlc3SCCXQzNDgudGVzdIIJdDM0OS50ZXN0ggl0MzUw +LnRlc3SCCXQzNTEudGVzdIIJdDM1Mi50ZXN0ggl0MzUzLnRlc3SCCXQzNTQudGVz +dIIJdDM1NS50ZXN0ggl0MzU2LnRlc3SCCXQzNTcudGVzdIIJdDM1OC50ZXN0ggl0 +MzU5LnRlc3SCCXQzNjAudGVzdIIJdDM2MS50ZXN0ggl0MzYyLnRlc3SCCXQzNjMu +dGVzdIIJdDM2NC50ZXN0ggl0MzY1LnRlc3SCCXQzNjYudGVzdIIJdDM2Ny50ZXN0 +ggl0MzY4LnRlc3SCCXQzNjkudGVzdIIJdDM3MC50ZXN0ggl0MzcxLnRlc3SCCXQz +NzIudGVzdIIJdDM3My50ZXN0ggl0Mzc0LnRlc3SCCXQzNzUudGVzdIIJdDM3Ni50 +ZXN0ggl0Mzc3LnRlc3SCCXQzNzgudGVzdIIJdDM3OS50ZXN0ggl0MzgwLnRlc3SC +CXQzODEudGVzdIIJdDM4Mi50ZXN0ggl0MzgzLnRlc3SCCXQzODQudGVzdIIJdDM4 +NS50ZXN0ggl0Mzg2LnRlc3SCCXQzODcudGVzdIIJdDM4OC50ZXN0ggl0Mzg5LnRl +c3SCCXQzOTAudGVzdIIJdDM5MS50ZXN0ggl0MzkyLnRlc3SCCXQzOTMudGVzdIIJ +dDM5NC50ZXN0ggl0Mzk1LnRlc3SCCXQzOTYudGVzdIIJdDM5Ny50ZXN0ggl0Mzk4 +LnRlc3SCCXQzOTkudGVzdIIJdDQwMC50ZXN0ggl0NDAxLnRlc3SCCXQ0MDIudGVz +dIIJdDQwMy50ZXN0ggl0NDA0LnRlc3SCCXQ0MDUudGVzdIIJdDQwNi50ZXN0ggl0 +NDA3LnRlc3SCCXQ0MDgudGVzdIIJdDQwOS50ZXN0ggl0NDEwLnRlc3SCCXQ0MTEu +dGVzdIIJdDQxMi50ZXN0ggl0NDEzLnRlc3SCCXQ0MTQudGVzdIIJdDQxNS50ZXN0 +ggl0NDE2LnRlc3SCCXQ0MTcudGVzdIIJdDQxOC50ZXN0ggl0NDE5LnRlc3SCCXQ0 +MjAudGVzdIIJdDQyMS50ZXN0ggl0NDIyLnRlc3SCCXQ0MjMudGVzdIIJdDQyNC50 +ZXN0ggl0NDI1LnRlc3SCCXQ0MjYudGVzdIIJdDQyNy50ZXN0ggl0NDI4LnRlc3SC +CXQ0MjkudGVzdIIJdDQzMC50ZXN0ggl0NDMxLnRlc3SCCXQ0MzIudGVzdIIJdDQz +My50ZXN0ggl0NDM0LnRlc3SCCXQ0MzUudGVzdIIJdDQzNi50ZXN0ggl0NDM3LnRl +c3SCCXQ0MzgudGVzdIIJdDQzOS50ZXN0ggl0NDQwLnRlc3SCCXQ0NDEudGVzdIIJ +dDQ0Mi50ZXN0ggl0NDQzLnRlc3SCCXQ0NDQudGVzdIIJdDQ0NS50ZXN0ggl0NDQ2 +LnRlc3SCCXQ0NDcudGVzdIIJdDQ0OC50ZXN0ggl0NDQ5LnRlc3SCCXQ0NTAudGVz +dIIJdDQ1MS50ZXN0ggl0NDUyLnRlc3SCCXQ0NTMudGVzdIIJdDQ1NC50ZXN0ggl0 +NDU1LnRlc3SCCXQ0NTYudGVzdIIJdDQ1Ny50ZXN0ggl0NDU4LnRlc3SCCXQ0NTku +dGVzdIIJdDQ2MC50ZXN0ggl0NDYxLnRlc3SCCXQ0NjIudGVzdIIJdDQ2My50ZXN0 +ggl0NDY0LnRlc3SCCXQ0NjUudGVzdIIJdDQ2Ni50ZXN0ggl0NDY3LnRlc3SCCXQ0 +NjgudGVzdIIJdDQ2OS50ZXN0ggl0NDcwLnRlc3SCCXQ0NzEudGVzdIIJdDQ3Mi50 +ZXN0ggl0NDczLnRlc3SCCXQ0NzQudGVzdIIJdDQ3NS50ZXN0ggl0NDc2LnRlc3SC +CXQ0NzcudGVzdIIJdDQ3OC50ZXN0ggl0NDc5LnRlc3SCCXQ0ODAudGVzdIIJdDQ4 +MS50ZXN0ggl0NDgyLnRlc3SCCXQ0ODMudGVzdIIJdDQ4NC50ZXN0ggl0NDg1LnRl +c3SCCXQ0ODYudGVzdIIJdDQ4Ny50ZXN0ggl0NDg4LnRlc3SCCXQ0ODkudGVzdIIJ +dDQ5MC50ZXN0ggl0NDkxLnRlc3SCCXQ0OTIudGVzdIIJdDQ5My50ZXN0ggl0NDk0 +LnRlc3SCCXQ0OTUudGVzdIIJdDQ5Ni50ZXN0ggl0NDk3LnRlc3SCCXQ0OTgudGVz +dIIJdDQ5OS50ZXN0ggl0NTAwLnRlc3SCCXQ1MDEudGVzdIIJdDUwMi50ZXN0ggl0 +NTAzLnRlc3SCCXQ1MDQudGVzdIIJdDUwNS50ZXN0ggl0NTA2LnRlc3SCCXQ1MDcu +dGVzdIIJdDUwOC50ZXN0ggl0NTA5LnRlc3SCCXQ1MTAudGVzdIIJdDUxMS50ZXN0 +ggl0NTEyLnRlc3SCCXQ1MTMudGVzdIIJdDUxNC50ZXN0ggl0NTE1LnRlc3SCCXQ1 +MTYudGVzdIIJdDUxNy50ZXN0ggl0NTE4LnRlc3SCCXQ1MTkudGVzdIIJdDUyMC50 +ZXN0ggl0NTIxLnRlc3SCCXQ1MjIudGVzdIIJdDUyMy50ZXN0ggl0NTI0LnRlc3SC +CXQ1MjUudGVzdIIJdDUyNi50ZXN0ggl0NTI3LnRlc3SCCXQ1MjgudGVzdIIJdDUy +OS50ZXN0ggl0NTMwLnRlc3SCCXQ1MzEudGVzdIIJdDUzMi50ZXN0ggl0NTMzLnRl +c3SCCXQ1MzQudGVzdIIJdDUzNS50ZXN0ggl0NTM2LnRlc3SCCXQ1MzcudGVzdIIJ +dDUzOC50ZXN0ggl0NTM5LnRlc3SCCXQ1NDAudGVzdIIJdDU0MS50ZXN0ggl0NTQy +LnRlc3SCCXQ1NDMudGVzdIIJdDU0NC50ZXN0ggl0NTQ1LnRlc3SCCXQ1NDYudGVz +dIIJdDU0Ny50ZXN0ggl0NTQ4LnRlc3SCCXQ1NDkudGVzdIIJdDU1MC50ZXN0ggl0 +NTUxLnRlc3SCCXQ1NTIudGVzdIIJdDU1My50ZXN0ggl0NTU0LnRlc3SCCXQ1NTUu +dGVzdIIJdDU1Ni50ZXN0ggl0NTU3LnRlc3SCCXQ1NTgudGVzdIIJdDU1OS50ZXN0 +ggl0NTYwLnRlc3SCCXQ1NjEudGVzdIIJdDU2Mi50ZXN0ggl0NTYzLnRlc3SCCXQ1 +NjQudGVzdIIJdDU2NS50ZXN0ggl0NTY2LnRlc3SCCXQ1NjcudGVzdIIJdDU2OC50 +ZXN0ggl0NTY5LnRlc3SCCXQ1NzAudGVzdIIJdDU3MS50ZXN0ggl0NTcyLnRlc3SC +CXQ1NzMudGVzdIIJdDU3NC50ZXN0ggl0NTc1LnRlc3SCCXQ1NzYudGVzdIIJdDU3 +Ny50ZXN0ggl0NTc4LnRlc3SCCXQ1NzkudGVzdIIJdDU4MC50ZXN0ggl0NTgxLnRl +c3SCCXQ1ODIudGVzdIIJdDU4My50ZXN0ggl0NTg0LnRlc3SCCXQ1ODUudGVzdIIJ +dDU4Ni50ZXN0ggl0NTg3LnRlc3SCCXQ1ODgudGVzdIIJdDU4OS50ZXN0ggl0NTkw +LnRlc3SCCXQ1OTEudGVzdIIJdDU5Mi50ZXN0ggl0NTkzLnRlc3SCCXQ1OTQudGVz +dIIJdDU5NS50ZXN0ggl0NTk2LnRlc3SCCXQ1OTcudGVzdIIJdDU5OC50ZXN0ggl0 +NTk5LnRlc3SCCXQ2MDAudGVzdIIJdDYwMS50ZXN0ggl0NjAyLnRlc3SCCXQ2MDMu +dGVzdIIJdDYwNC50ZXN0ggl0NjA1LnRlc3SCCXQ2MDYudGVzdIIJdDYwNy50ZXN0 +ggl0NjA4LnRlc3SCCXQ2MDkudGVzdIIJdDYxMC50ZXN0ggl0NjExLnRlc3SCCXQ2 +MTIudGVzdIIJdDYxMy50ZXN0ggl0NjE0LnRlc3SCCXQ2MTUudGVzdIIJdDYxNi50 +ZXN0ggl0NjE3LnRlc3SCCXQ2MTgudGVzdIIJdDYxOS50ZXN0ggl0NjIwLnRlc3SC +CXQ2MjEudGVzdIIJdDYyMi50ZXN0ggl0NjIzLnRlc3SCCXQ2MjQudGVzdIIJdDYy +NS50ZXN0ggl0NjI2LnRlc3SCCXQ2MjcudGVzdIIJdDYyOC50ZXN0ggl0NjI5LnRl +c3SCCXQ2MzAudGVzdIIJdDYzMS50ZXN0ggl0NjMyLnRlc3SCCXQ2MzMudGVzdIIJ +dDYzNC50ZXN0ggl0NjM1LnRlc3SCCXQ2MzYudGVzdIIJdDYzNy50ZXN0ggl0NjM4 +LnRlc3SCCXQ2MzkudGVzdIIJdDY0MC50ZXN0ggl0NjQxLnRlc3SCCXQ2NDIudGVz +dIIJdDY0My50ZXN0ggl0NjQ0LnRlc3SCCXQ2NDUudGVzdIIJdDY0Ni50ZXN0ggl0 +NjQ3LnRlc3SCCXQ2NDgudGVzdIIJdDY0OS50ZXN0ggl0NjUwLnRlc3SCCXQ2NTEu +dGVzdIIJdDY1Mi50ZXN0ggl0NjUzLnRlc3SCCXQ2NTQudGVzdIIJdDY1NS50ZXN0 +ggl0NjU2LnRlc3SCCXQ2NTcudGVzdIIJdDY1OC50ZXN0ggl0NjU5LnRlc3SCCXQ2 +NjAudGVzdIIJdDY2MS50ZXN0ggl0NjYyLnRlc3SCCXQ2NjMudGVzdIIJdDY2NC50 +ZXN0ggl0NjY1LnRlc3SCCXQ2NjYudGVzdIIJdDY2Ny50ZXN0ggl0NjY4LnRlc3SC +CXQ2NjkudGVzdIIJdDY3MC50ZXN0ggl0NjcxLnRlc3SCCXQ2NzIudGVzdIIJdDY3 +My50ZXN0ggl0Njc0LnRlc3SCCXQ2NzUudGVzdIIJdDY3Ni50ZXN0ggl0Njc3LnRl +c3SCCXQ2NzgudGVzdIIJdDY3OS50ZXN0ggl0NjgwLnRlc3SCCXQ2ODEudGVzdIIJ +dDY4Mi50ZXN0ggl0NjgzLnRlc3SCCXQ2ODQudGVzdIIJdDY4NS50ZXN0ggl0Njg2 +LnRlc3SCCXQ2ODcudGVzdIIJdDY4OC50ZXN0ggl0Njg5LnRlc3SCCXQ2OTAudGVz +dIIJdDY5MS50ZXN0ggl0NjkyLnRlc3SCCXQ2OTMudGVzdIIJdDY5NC50ZXN0ggl0 +Njk1LnRlc3SCCXQ2OTYudGVzdIIJdDY5Ny50ZXN0ggl0Njk4LnRlc3SCCXQ2OTku +dGVzdIIJdDcwMC50ZXN0ggl0NzAxLnRlc3SCCXQ3MDIudGVzdIIJdDcwMy50ZXN0 +ggl0NzA0LnRlc3SCCXQ3MDUudGVzdIIJdDcwNi50ZXN0ggl0NzA3LnRlc3SCCXQ3 +MDgudGVzdIIJdDcwOS50ZXN0ggl0NzEwLnRlc3SCCXQ3MTEudGVzdIIJdDcxMi50 +ZXN0ggl0NzEzLnRlc3SCCXQ3MTQudGVzdIIJdDcxNS50ZXN0ggl0NzE2LnRlc3SC +CXQ3MTcudGVzdIIJdDcxOC50ZXN0ggl0NzE5LnRlc3SCCXQ3MjAudGVzdIIJdDcy +MS50ZXN0ggl0NzIyLnRlc3SCCXQ3MjMudGVzdIIJdDcyNC50ZXN0ggl0NzI1LnRl +c3SCCXQ3MjYudGVzdIIJdDcyNy50ZXN0ggl0NzI4LnRlc3SCCXQ3MjkudGVzdIIJ +dDczMC50ZXN0ggl0NzMxLnRlc3SCCXQ3MzIudGVzdIIJdDczMy50ZXN0ggl0NzM0 +LnRlc3SCCXQ3MzUudGVzdIIJdDczNi50ZXN0ggl0NzM3LnRlc3SCCXQ3MzgudGVz +dIIJdDczOS50ZXN0ggl0NzQwLnRlc3SCCXQ3NDEudGVzdIIJdDc0Mi50ZXN0ggl0 +NzQzLnRlc3SCCXQ3NDQudGVzdIIJdDc0NS50ZXN0ggl0NzQ2LnRlc3SCCXQ3NDcu +dGVzdIIJdDc0OC50ZXN0ggl0NzQ5LnRlc3SCCXQ3NTAudGVzdIIJdDc1MS50ZXN0 +ggl0NzUyLnRlc3SCCXQ3NTMudGVzdIIJdDc1NC50ZXN0ggl0NzU1LnRlc3SCCXQ3 +NTYudGVzdIIJdDc1Ny50ZXN0ggl0NzU4LnRlc3SCCXQ3NTkudGVzdIIJdDc2MC50 +ZXN0ggl0NzYxLnRlc3SCCXQ3NjIudGVzdIIJdDc2My50ZXN0ggl0NzY0LnRlc3SC +CXQ3NjUudGVzdIIJdDc2Ni50ZXN0ggl0NzY3LnRlc3SCCXQ3NjgudGVzdIIJdDc2 +OS50ZXN0ggl0NzcwLnRlc3SCCXQ3NzEudGVzdIIJdDc3Mi50ZXN0ggl0NzczLnRl +c3SCCXQ3NzQudGVzdIIJdDc3NS50ZXN0ggl0Nzc2LnRlc3SCCXQ3NzcudGVzdIIJ +dDc3OC50ZXN0ggl0Nzc5LnRlc3SCCXQ3ODAudGVzdIIJdDc4MS50ZXN0ggl0Nzgy +LnRlc3SCCXQ3ODMudGVzdIIJdDc4NC50ZXN0ggl0Nzg1LnRlc3SCCXQ3ODYudGVz +dIIJdDc4Ny50ZXN0ggl0Nzg4LnRlc3SCCXQ3ODkudGVzdIIJdDc5MC50ZXN0ggl0 +NzkxLnRlc3SCCXQ3OTIudGVzdIIJdDc5My50ZXN0ggl0Nzk0LnRlc3SCCXQ3OTUu +dGVzdIIJdDc5Ni50ZXN0ggl0Nzk3LnRlc3SCCXQ3OTgudGVzdIIJdDc5OS50ZXN0 +ggl0ODAwLnRlc3SCCXQ4MDEudGVzdIIJdDgwMi50ZXN0ggl0ODAzLnRlc3SCCXQ4 +MDQudGVzdIIJdDgwNS50ZXN0ggl0ODA2LnRlc3SCCXQ4MDcudGVzdIIJdDgwOC50 +ZXN0ggl0ODA5LnRlc3SCCXQ4MTAudGVzdIIJdDgxMS50ZXN0ggl0ODEyLnRlc3SC +CXQ4MTMudGVzdIIJdDgxNC50ZXN0ggl0ODE1LnRlc3SCCXQ4MTYudGVzdIIJdDgx +Ny50ZXN0ggl0ODE4LnRlc3SCCXQ4MTkudGVzdIIJdDgyMC50ZXN0ggl0ODIxLnRl +c3SCCXQ4MjIudGVzdIIJdDgyMy50ZXN0ggl0ODI0LnRlc3SCCXQ4MjUudGVzdIIJ +dDgyNi50ZXN0ggl0ODI3LnRlc3SCCXQ4MjgudGVzdIIJdDgyOS50ZXN0ggl0ODMw +LnRlc3SCCXQ4MzEudGVzdIIJdDgzMi50ZXN0ggl0ODMzLnRlc3SCCXQ4MzQudGVz +dIIJdDgzNS50ZXN0ggl0ODM2LnRlc3SCCXQ4MzcudGVzdIIJdDgzOC50ZXN0ggl0 +ODM5LnRlc3SCCXQ4NDAudGVzdIIJdDg0MS50ZXN0ggl0ODQyLnRlc3SCCXQ4NDMu +dGVzdIIJdDg0NC50ZXN0ggl0ODQ1LnRlc3SCCXQ4NDYudGVzdIIJdDg0Ny50ZXN0 +ggl0ODQ4LnRlc3SCCXQ4NDkudGVzdIIJdDg1MC50ZXN0ggl0ODUxLnRlc3SCCXQ4 +NTIudGVzdIIJdDg1My50ZXN0ggl0ODU0LnRlc3SCCXQ4NTUudGVzdIIJdDg1Ni50 +ZXN0ggl0ODU3LnRlc3SCCXQ4NTgudGVzdIIJdDg1OS50ZXN0ggl0ODYwLnRlc3SC +CXQ4NjEudGVzdIIJdDg2Mi50ZXN0ggl0ODYzLnRlc3SCCXQ4NjQudGVzdIIJdDg2 +NS50ZXN0ggl0ODY2LnRlc3SCCXQ4NjcudGVzdIIJdDg2OC50ZXN0ggl0ODY5LnRl +c3SCCXQ4NzAudGVzdIIJdDg3MS50ZXN0ggl0ODcyLnRlc3SCCXQ4NzMudGVzdIIJ +dDg3NC50ZXN0ggl0ODc1LnRlc3SCCXQ4NzYudGVzdIIJdDg3Ny50ZXN0ggl0ODc4 +LnRlc3SCCXQ4NzkudGVzdIIJdDg4MC50ZXN0ggl0ODgxLnRlc3SCCXQ4ODIudGVz +dIIJdDg4My50ZXN0ggl0ODg0LnRlc3SCCXQ4ODUudGVzdIIJdDg4Ni50ZXN0ggl0 +ODg3LnRlc3SCCXQ4ODgudGVzdIIJdDg4OS50ZXN0ggl0ODkwLnRlc3SCCXQ4OTEu +dGVzdIIJdDg5Mi50ZXN0ggl0ODkzLnRlc3SCCXQ4OTQudGVzdIIJdDg5NS50ZXN0 +ggl0ODk2LnRlc3SCCXQ4OTcudGVzdIIJdDg5OC50ZXN0ggl0ODk5LnRlc3SCCXQ5 +MDAudGVzdIIJdDkwMS50ZXN0ggl0OTAyLnRlc3SCCXQ5MDMudGVzdIIJdDkwNC50 +ZXN0ggl0OTA1LnRlc3SCCXQ5MDYudGVzdIIJdDkwNy50ZXN0ggl0OTA4LnRlc3SC +CXQ5MDkudGVzdIIJdDkxMC50ZXN0ggl0OTExLnRlc3SCCXQ5MTIudGVzdIIJdDkx +My50ZXN0ggl0OTE0LnRlc3SCCXQ5MTUudGVzdIIJdDkxNi50ZXN0ggl0OTE3LnRl +c3SCCXQ5MTgudGVzdIIJdDkxOS50ZXN0ggl0OTIwLnRlc3SCCXQ5MjEudGVzdIIJ +dDkyMi50ZXN0ggl0OTIzLnRlc3SCCXQ5MjQudGVzdIIJdDkyNS50ZXN0ggl0OTI2 +LnRlc3SCCXQ5MjcudGVzdIIJdDkyOC50ZXN0ggl0OTI5LnRlc3SCCXQ5MzAudGVz +dIIJdDkzMS50ZXN0ggl0OTMyLnRlc3SCCXQ5MzMudGVzdIIJdDkzNC50ZXN0ggl0 +OTM1LnRlc3SCCXQ5MzYudGVzdIIJdDkzNy50ZXN0ggl0OTM4LnRlc3SCCXQ5Mzku +dGVzdIIJdDk0MC50ZXN0ggl0OTQxLnRlc3SCCXQ5NDIudGVzdIIJdDk0My50ZXN0 +ggl0OTQ0LnRlc3SCCXQ5NDUudGVzdIIJdDk0Ni50ZXN0ggl0OTQ3LnRlc3SCCXQ5 +NDgudGVzdIIJdDk0OS50ZXN0ggl0OTUwLnRlc3SCCXQ5NTEudGVzdIIJdDk1Mi50 +ZXN0ggl0OTUzLnRlc3SCCXQ5NTQudGVzdIIJdDk1NS50ZXN0ggl0OTU2LnRlc3SC +CXQ5NTcudGVzdIIJdDk1OC50ZXN0ggl0OTU5LnRlc3SCCXQ5NjAudGVzdIIJdDk2 +MS50ZXN0ggl0OTYyLnRlc3SCCXQ5NjMudGVzdIIJdDk2NC50ZXN0ggl0OTY1LnRl +c3SCCXQ5NjYudGVzdIIJdDk2Ny50ZXN0ggl0OTY4LnRlc3SCCXQ5NjkudGVzdIIJ +dDk3MC50ZXN0ggl0OTcxLnRlc3SCCXQ5NzIudGVzdIIJdDk3My50ZXN0ggl0OTc0 +LnRlc3SCCXQ5NzUudGVzdIIJdDk3Ni50ZXN0ggl0OTc3LnRlc3SCCXQ5NzgudGVz +dIIJdDk3OS50ZXN0ggl0OTgwLnRlc3SCCXQ5ODEudGVzdIIJdDk4Mi50ZXN0ggl0 +OTgzLnRlc3SCCXQ5ODQudGVzdIIJdDk4NS50ZXN0ggl0OTg2LnRlc3SCCXQ5ODcu +dGVzdIIJdDk4OC50ZXN0ggl0OTg5LnRlc3SCCXQ5OTAudGVzdIIJdDk5MS50ZXN0 +ggl0OTkyLnRlc3SCCXQ5OTMudGVzdIIJdDk5NC50ZXN0ggl0OTk1LnRlc3SCCXQ5 +OTYudGVzdIIJdDk5Ny50ZXN0ggl0OTk4LnRlc3SCCXQ5OTkudGVzdIIKdDEwMDAu +dGVzdIIKdDEwMDEudGVzdIIKdDEwMDIudGVzdIIKdDEwMDMudGVzdIIKdDEwMDQu +dGVzdIIKdDEwMDUudGVzdIIKdDEwMDYudGVzdIIKdDEwMDcudGVzdIIKdDEwMDgu +dGVzdIIKdDEwMDkudGVzdIIKdDEwMTAudGVzdIIKdDEwMTEudGVzdIIKdDEwMTIu +dGVzdIIKdDEwMTMudGVzdIIKdDEwMTQudGVzdIIKdDEwMTUudGVzdIIKdDEwMTYu +dGVzdIIKdDEwMTcudGVzdIIKdDEwMTgudGVzdIIKdDEwMTkudGVzdIIKdDEwMjAu +dGVzdIIKdDEwMjEudGVzdIIKdDEwMjIudGVzdIIKdDEwMjMudGVzdDANBgkqhkiG +9w0BAQsFAAOCAQEAt8hF6PPkTwGp/VDvIgeFeZKd4nWJtw1ZbGWtg3O8RAl8i77M +1PbVR2R7xsjW3e35v3cSryGTzqgc42sHooD0qIM+Z1ljrgfwcFvb+FB2NAuwP5eT +a0WxPK8K2AiWHfrxGyxrgprSrR71PkYzkWAdTXqbbXU9uKVQ0QrNzqskmquJ03MV +cPjGIw2F/ht45tZpXHyyKB85Fpi99uMMHnF/qRV1AqpuOCygGJUYKJ4AkizreAt1 +EZzpqbX6+eqWGFhGO3rtRwhCAaxIL328shbotBw2HhaF0q4mJDayw5/HocNOdida +yswzfqRgfIbXpxlvYBqYiRatSt4SFQ7Q62p4Hw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + DNS:t0.test + DNS:t1.test + DNS:t2.test + DNS:t3.test + DNS:t4.test + DNS:t5.test + DNS:t6.test + DNS:t7.test + DNS:t8.test + DNS:t9.test + DNS:t10.test + DNS:t11.test + DNS:t12.test + DNS:t13.test + DNS:t14.test + DNS:t15.test + DNS:t16.test + DNS:t17.test + DNS:t18.test + DNS:t19.test + DNS:t20.test + DNS:t21.test + DNS:t22.test + DNS:t23.test + DNS:t24.test + DNS:t25.test + DNS:t26.test + DNS:t27.test + DNS:t28.test + DNS:t29.test + DNS:t30.test + DNS:t31.test + DNS:t32.test + DNS:t33.test + DNS:t34.test + DNS:t35.test + DNS:t36.test + DNS:t37.test + DNS:t38.test + DNS:t39.test + DNS:t40.test + DNS:t41.test + DNS:t42.test + DNS:t43.test + DNS:t44.test + DNS:t45.test + DNS:t46.test + DNS:t47.test + DNS:t48.test + DNS:t49.test + DNS:t50.test + DNS:t51.test + DNS:t52.test + DNS:t53.test + DNS:t54.test + DNS:t55.test + DNS:t56.test + DNS:t57.test + DNS:t58.test + DNS:t59.test + DNS:t60.test + DNS:t61.test + DNS:t62.test + DNS:t63.test + DNS:t64.test + DNS:t65.test + DNS:t66.test + DNS:t67.test + DNS:t68.test + DNS:t69.test + DNS:t70.test + DNS:t71.test + DNS:t72.test + DNS:t73.test + DNS:t74.test + DNS:t75.test + DNS:t76.test + DNS:t77.test + DNS:t78.test + DNS:t79.test + DNS:t80.test + DNS:t81.test + DNS:t82.test + DNS:t83.test + DNS:t84.test + DNS:t85.test + DNS:t86.test + DNS:t87.test + DNS:t88.test + DNS:t89.test + DNS:t90.test + DNS:t91.test + DNS:t92.test + DNS:t93.test + DNS:t94.test + DNS:t95.test + DNS:t96.test + DNS:t97.test + DNS:t98.test + DNS:t99.test + DNS:t100.test + DNS:t101.test + DNS:t102.test + DNS:t103.test + DNS:t104.test + DNS:t105.test + DNS:t106.test + DNS:t107.test + DNS:t108.test + DNS:t109.test + DNS:t110.test + DNS:t111.test + DNS:t112.test + DNS:t113.test + DNS:t114.test + DNS:t115.test + DNS:t116.test + DNS:t117.test + DNS:t118.test + DNS:t119.test + DNS:t120.test + DNS:t121.test + DNS:t122.test + DNS:t123.test + DNS:t124.test + DNS:t125.test + DNS:t126.test + DNS:t127.test + DNS:t128.test + DNS:t129.test + DNS:t130.test + DNS:t131.test + DNS:t132.test + DNS:t133.test + DNS:t134.test + DNS:t135.test + DNS:t136.test + DNS:t137.test + DNS:t138.test + DNS:t139.test + DNS:t140.test + DNS:t141.test + DNS:t142.test + DNS:t143.test + DNS:t144.test + DNS:t145.test + DNS:t146.test + DNS:t147.test + DNS:t148.test + DNS:t149.test + DNS:t150.test + DNS:t151.test + DNS:t152.test + DNS:t153.test + DNS:t154.test + DNS:t155.test + DNS:t156.test + DNS:t157.test + DNS:t158.test + DNS:t159.test + DNS:t160.test + DNS:t161.test + DNS:t162.test + DNS:t163.test + DNS:t164.test + DNS:t165.test + DNS:t166.test + DNS:t167.test + DNS:t168.test + DNS:t169.test + DNS:t170.test + DNS:t171.test + DNS:t172.test + DNS:t173.test + DNS:t174.test + DNS:t175.test + DNS:t176.test + DNS:t177.test + DNS:t178.test + DNS:t179.test + DNS:t180.test + DNS:t181.test + DNS:t182.test + DNS:t183.test + DNS:t184.test + DNS:t185.test + DNS:t186.test + DNS:t187.test + DNS:t188.test + DNS:t189.test + DNS:t190.test + DNS:t191.test + DNS:t192.test + DNS:t193.test + DNS:t194.test + DNS:t195.test + DNS:t196.test + DNS:t197.test + DNS:t198.test + DNS:t199.test + DNS:t200.test + DNS:t201.test + DNS:t202.test + DNS:t203.test + DNS:t204.test + DNS:t205.test + DNS:t206.test + DNS:t207.test + DNS:t208.test + DNS:t209.test + DNS:t210.test + DNS:t211.test + DNS:t212.test + DNS:t213.test + DNS:t214.test + DNS:t215.test + DNS:t216.test + DNS:t217.test + DNS:t218.test + DNS:t219.test + DNS:t220.test + DNS:t221.test + DNS:t222.test + DNS:t223.test + DNS:t224.test + DNS:t225.test + DNS:t226.test + DNS:t227.test + DNS:t228.test + DNS:t229.test + DNS:t230.test + DNS:t231.test + DNS:t232.test + DNS:t233.test + DNS:t234.test + DNS:t235.test + DNS:t236.test + DNS:t237.test + DNS:t238.test + DNS:t239.test + DNS:t240.test + DNS:t241.test + DNS:t242.test + DNS:t243.test + DNS:t244.test + DNS:t245.test + DNS:t246.test + DNS:t247.test + DNS:t248.test + DNS:t249.test + DNS:t250.test + DNS:t251.test + DNS:t252.test + DNS:t253.test + DNS:t254.test + DNS:t255.test + DNS:t256.test + DNS:t257.test + DNS:t258.test + DNS:t259.test + DNS:t260.test + DNS:t261.test + DNS:t262.test + DNS:t263.test + DNS:t264.test + DNS:t265.test + DNS:t266.test + DNS:t267.test + DNS:t268.test + DNS:t269.test + DNS:t270.test + DNS:t271.test + DNS:t272.test + DNS:t273.test + DNS:t274.test + DNS:t275.test + DNS:t276.test + DNS:t277.test + DNS:t278.test + DNS:t279.test + DNS:t280.test + DNS:t281.test + DNS:t282.test + DNS:t283.test + DNS:t284.test + DNS:t285.test + DNS:t286.test + DNS:t287.test + DNS:t288.test + DNS:t289.test + DNS:t290.test + DNS:t291.test + DNS:t292.test + DNS:t293.test + DNS:t294.test + DNS:t295.test + DNS:t296.test + DNS:t297.test + DNS:t298.test + DNS:t299.test + DNS:t300.test + DNS:t301.test + DNS:t302.test + DNS:t303.test + DNS:t304.test + DNS:t305.test + DNS:t306.test + DNS:t307.test + DNS:t308.test + DNS:t309.test + DNS:t310.test + DNS:t311.test + DNS:t312.test + DNS:t313.test + DNS:t314.test + DNS:t315.test + DNS:t316.test + DNS:t317.test + DNS:t318.test + DNS:t319.test + DNS:t320.test + DNS:t321.test + DNS:t322.test + DNS:t323.test + DNS:t324.test + DNS:t325.test + DNS:t326.test + DNS:t327.test + DNS:t328.test + DNS:t329.test + DNS:t330.test + DNS:t331.test + DNS:t332.test + DNS:t333.test + DNS:t334.test + DNS:t335.test + DNS:t336.test + DNS:t337.test + DNS:t338.test + DNS:t339.test + DNS:t340.test + DNS:t341.test + DNS:t342.test + DNS:t343.test + DNS:t344.test + DNS:t345.test + DNS:t346.test + DNS:t347.test + DNS:t348.test + DNS:t349.test + DNS:t350.test + DNS:t351.test + DNS:t352.test + DNS:t353.test + DNS:t354.test + DNS:t355.test + DNS:t356.test + DNS:t357.test + DNS:t358.test + DNS:t359.test + DNS:t360.test + DNS:t361.test + DNS:t362.test + DNS:t363.test + DNS:t364.test + DNS:t365.test + DNS:t366.test + DNS:t367.test + DNS:t368.test + DNS:t369.test + DNS:t370.test + DNS:t371.test + DNS:t372.test + DNS:t373.test + DNS:t374.test + DNS:t375.test + DNS:t376.test + DNS:t377.test + DNS:t378.test + DNS:t379.test + DNS:t380.test + DNS:t381.test + DNS:t382.test + DNS:t383.test + DNS:t384.test + DNS:t385.test + DNS:t386.test + DNS:t387.test + DNS:t388.test + DNS:t389.test + DNS:t390.test + DNS:t391.test + DNS:t392.test + DNS:t393.test + DNS:t394.test + DNS:t395.test + DNS:t396.test + DNS:t397.test + DNS:t398.test + DNS:t399.test + DNS:t400.test + DNS:t401.test + DNS:t402.test + DNS:t403.test + DNS:t404.test + DNS:t405.test + DNS:t406.test + DNS:t407.test + DNS:t408.test + DNS:t409.test + DNS:t410.test + DNS:t411.test + DNS:t412.test + DNS:t413.test + DNS:t414.test + DNS:t415.test + DNS:t416.test + DNS:t417.test + DNS:t418.test + DNS:t419.test + DNS:t420.test + DNS:t421.test + DNS:t422.test + DNS:t423.test + DNS:t424.test + DNS:t425.test + DNS:t426.test + DNS:t427.test + DNS:t428.test + DNS:t429.test + DNS:t430.test + DNS:t431.test + DNS:t432.test + DNS:t433.test + DNS:t434.test + DNS:t435.test + DNS:t436.test + DNS:t437.test + DNS:t438.test + DNS:t439.test + DNS:t440.test + DNS:t441.test + DNS:t442.test + DNS:t443.test + DNS:t444.test + DNS:t445.test + DNS:t446.test + DNS:t447.test + DNS:t448.test + DNS:t449.test + DNS:t450.test + DNS:t451.test + DNS:t452.test + DNS:t453.test + DNS:t454.test + DNS:t455.test + DNS:t456.test + DNS:t457.test + DNS:t458.test + DNS:t459.test + DNS:t460.test + DNS:t461.test + DNS:t462.test + DNS:t463.test + DNS:t464.test + DNS:t465.test + DNS:t466.test + DNS:t467.test + DNS:t468.test + DNS:t469.test + DNS:t470.test + DNS:t471.test + DNS:t472.test + DNS:t473.test + DNS:t474.test + DNS:t475.test + DNS:t476.test + DNS:t477.test + DNS:t478.test + DNS:t479.test + DNS:t480.test + DNS:t481.test + DNS:t482.test + DNS:t483.test + DNS:t484.test + DNS:t485.test + DNS:t486.test + DNS:t487.test + DNS:t488.test + DNS:t489.test + DNS:t490.test + DNS:t491.test + DNS:t492.test + DNS:t493.test + DNS:t494.test + DNS:t495.test + DNS:t496.test + DNS:t497.test + DNS:t498.test + DNS:t499.test + DNS:t500.test + DNS:t501.test + DNS:t502.test + DNS:t503.test + DNS:t504.test + DNS:t505.test + DNS:t506.test + DNS:t507.test + DNS:t508.test + DNS:t509.test + DNS:t510.test + DNS:t511.test + DNS:t512.test + DNS:t513.test + DNS:t514.test + DNS:t515.test + DNS:t516.test + DNS:t517.test + DNS:t518.test + DNS:t519.test + DNS:t520.test + DNS:t521.test + DNS:t522.test + DNS:t523.test + DNS:t524.test + DNS:t525.test + DNS:t526.test + DNS:t527.test + DNS:t528.test + DNS:t529.test + DNS:t530.test + DNS:t531.test + DNS:t532.test + DNS:t533.test + DNS:t534.test + DNS:t535.test + DNS:t536.test + DNS:t537.test + DNS:t538.test + DNS:t539.test + DNS:t540.test + DNS:t541.test + DNS:t542.test + DNS:t543.test + DNS:t544.test + DNS:t545.test + DNS:t546.test + DNS:t547.test + DNS:t548.test + DNS:t549.test + DNS:t550.test + DNS:t551.test + DNS:t552.test + DNS:t553.test + DNS:t554.test + DNS:t555.test + DNS:t556.test + DNS:t557.test + DNS:t558.test + DNS:t559.test + DNS:t560.test + DNS:t561.test + DNS:t562.test + DNS:t563.test + DNS:t564.test + DNS:t565.test + DNS:t566.test + DNS:t567.test + DNS:t568.test + DNS:t569.test + DNS:t570.test + DNS:t571.test + DNS:t572.test + DNS:t573.test + DNS:t574.test + DNS:t575.test + DNS:t576.test + DNS:t577.test + DNS:t578.test + DNS:t579.test + DNS:t580.test + DNS:t581.test + DNS:t582.test + DNS:t583.test + DNS:t584.test + DNS:t585.test + DNS:t586.test + DNS:t587.test + DNS:t588.test + DNS:t589.test + DNS:t590.test + DNS:t591.test + DNS:t592.test + DNS:t593.test + DNS:t594.test + DNS:t595.test + DNS:t596.test + DNS:t597.test + DNS:t598.test + DNS:t599.test + DNS:t600.test + DNS:t601.test + DNS:t602.test + DNS:t603.test + DNS:t604.test + DNS:t605.test + DNS:t606.test + DNS:t607.test + DNS:t608.test + DNS:t609.test + DNS:t610.test + DNS:t611.test + DNS:t612.test + DNS:t613.test + DNS:t614.test + DNS:t615.test + DNS:t616.test + DNS:t617.test + DNS:t618.test + DNS:t619.test + DNS:t620.test + DNS:t621.test + DNS:t622.test + DNS:t623.test + DNS:t624.test + DNS:t625.test + DNS:t626.test + DNS:t627.test + DNS:t628.test + DNS:t629.test + DNS:t630.test + DNS:t631.test + DNS:t632.test + DNS:t633.test + DNS:t634.test + DNS:t635.test + DNS:t636.test + DNS:t637.test + DNS:t638.test + DNS:t639.test + DNS:t640.test + DNS:t641.test + DNS:t642.test + DNS:t643.test + DNS:t644.test + DNS:t645.test + DNS:t646.test + DNS:t647.test + DNS:t648.test + DNS:t649.test + DNS:t650.test + DNS:t651.test + DNS:t652.test + DNS:t653.test + DNS:t654.test + DNS:t655.test + DNS:t656.test + DNS:t657.test + DNS:t658.test + DNS:t659.test + DNS:t660.test + DNS:t661.test + DNS:t662.test + DNS:t663.test + DNS:t664.test + DNS:t665.test + DNS:t666.test + DNS:t667.test + DNS:t668.test + DNS:t669.test + DNS:t670.test + DNS:t671.test + DNS:t672.test + DNS:t673.test + DNS:t674.test + DNS:t675.test + DNS:t676.test + DNS:t677.test + DNS:t678.test + DNS:t679.test + DNS:t680.test + DNS:t681.test + DNS:t682.test + DNS:t683.test + DNS:t684.test + DNS:t685.test + DNS:t686.test + DNS:t687.test + DNS:t688.test + DNS:t689.test + DNS:t690.test + DNS:t691.test + DNS:t692.test + DNS:t693.test + DNS:t694.test + DNS:t695.test + DNS:t696.test + DNS:t697.test + DNS:t698.test + DNS:t699.test + DNS:t700.test + DNS:t701.test + DNS:t702.test + DNS:t703.test + DNS:t704.test + DNS:t705.test + DNS:t706.test + DNS:t707.test + DNS:t708.test + DNS:t709.test + DNS:t710.test + DNS:t711.test + DNS:t712.test + DNS:t713.test + DNS:t714.test + DNS:t715.test + DNS:t716.test + DNS:t717.test + DNS:t718.test + DNS:t719.test + DNS:t720.test + DNS:t721.test + DNS:t722.test + DNS:t723.test + DNS:t724.test + DNS:t725.test + DNS:t726.test + DNS:t727.test + DNS:t728.test + DNS:t729.test + DNS:t730.test + DNS:t731.test + DNS:t732.test + DNS:t733.test + DNS:t734.test + DNS:t735.test + DNS:t736.test + DNS:t737.test + DNS:t738.test + DNS:t739.test + DNS:t740.test + DNS:t741.test + DNS:t742.test + DNS:t743.test + DNS:t744.test + DNS:t745.test + DNS:t746.test + DNS:t747.test + DNS:t748.test + DNS:t749.test + DNS:t750.test + DNS:t751.test + DNS:t752.test + DNS:t753.test + DNS:t754.test + DNS:t755.test + DNS:t756.test + DNS:t757.test + DNS:t758.test + DNS:t759.test + DNS:t760.test + DNS:t761.test + DNS:t762.test + DNS:t763.test + DNS:t764.test + DNS:t765.test + DNS:t766.test + DNS:t767.test + DNS:t768.test + DNS:t769.test + DNS:t770.test + DNS:t771.test + DNS:t772.test + DNS:t773.test + DNS:t774.test + DNS:t775.test + DNS:t776.test + DNS:t777.test + DNS:t778.test + DNS:t779.test + DNS:t780.test + DNS:t781.test + DNS:t782.test + DNS:t783.test + DNS:t784.test + DNS:t785.test + DNS:t786.test + DNS:t787.test + DNS:t788.test + DNS:t789.test + DNS:t790.test + DNS:t791.test + DNS:t792.test + DNS:t793.test + DNS:t794.test + DNS:t795.test + DNS:t796.test + DNS:t797.test + DNS:t798.test + DNS:t799.test + DNS:t800.test + DNS:t801.test + DNS:t802.test + DNS:t803.test + DNS:t804.test + DNS:t805.test + DNS:t806.test + DNS:t807.test + DNS:t808.test + DNS:t809.test + DNS:t810.test + DNS:t811.test + DNS:t812.test + DNS:t813.test + DNS:t814.test + DNS:t815.test + DNS:t816.test + DNS:t817.test + DNS:t818.test + DNS:t819.test + DNS:t820.test + DNS:t821.test + DNS:t822.test + DNS:t823.test + DNS:t824.test + DNS:t825.test + DNS:t826.test + DNS:t827.test + DNS:t828.test + DNS:t829.test + DNS:t830.test + DNS:t831.test + DNS:t832.test + DNS:t833.test + DNS:t834.test + DNS:t835.test + DNS:t836.test + DNS:t837.test + DNS:t838.test + DNS:t839.test + DNS:t840.test + DNS:t841.test + DNS:t842.test + DNS:t843.test + DNS:t844.test + DNS:t845.test + DNS:t846.test + DNS:t847.test + DNS:t848.test + DNS:t849.test + DNS:t850.test + DNS:t851.test + DNS:t852.test + DNS:t853.test + DNS:t854.test + DNS:t855.test + DNS:t856.test + DNS:t857.test + DNS:t858.test + DNS:t859.test + DNS:t860.test + DNS:t861.test + DNS:t862.test + DNS:t863.test + DNS:t864.test + DNS:t865.test + DNS:t866.test + DNS:t867.test + DNS:t868.test + DNS:t869.test + DNS:t870.test + DNS:t871.test + DNS:t872.test + DNS:t873.test + DNS:t874.test + DNS:t875.test + DNS:t876.test + DNS:t877.test + DNS:t878.test + DNS:t879.test + DNS:t880.test + DNS:t881.test + DNS:t882.test + DNS:t883.test + DNS:t884.test + DNS:t885.test + DNS:t886.test + DNS:t887.test + DNS:t888.test + DNS:t889.test + DNS:t890.test + DNS:t891.test + DNS:t892.test + DNS:t893.test + DNS:t894.test + DNS:t895.test + DNS:t896.test + DNS:t897.test + DNS:t898.test + DNS:t899.test + DNS:t900.test + DNS:t901.test + DNS:t902.test + DNS:t903.test + DNS:t904.test + DNS:t905.test + DNS:t906.test + DNS:t907.test + DNS:t908.test + DNS:t909.test + DNS:t910.test + DNS:t911.test + DNS:t912.test + DNS:t913.test + DNS:t914.test + DNS:t915.test + DNS:t916.test + DNS:t917.test + DNS:t918.test + DNS:t919.test + DNS:t920.test + DNS:t921.test + DNS:t922.test + DNS:t923.test + DNS:t924.test + DNS:t925.test + DNS:t926.test + DNS:t927.test + DNS:t928.test + DNS:t929.test + DNS:t930.test + DNS:t931.test + DNS:t932.test + DNS:t933.test + DNS:t934.test + DNS:t935.test + DNS:t936.test + DNS:t937.test + DNS:t938.test + DNS:t939.test + DNS:t940.test + DNS:t941.test + DNS:t942.test + DNS:t943.test + DNS:t944.test + DNS:t945.test + DNS:t946.test + DNS:t947.test + DNS:t948.test + DNS:t949.test + DNS:t950.test + DNS:t951.test + DNS:t952.test + DNS:t953.test + DNS:t954.test + DNS:t955.test + DNS:t956.test + DNS:t957.test + DNS:t958.test + DNS:t959.test + DNS:t960.test + DNS:t961.test + DNS:t962.test + DNS:t963.test + DNS:t964.test + DNS:t965.test + DNS:t966.test + DNS:t967.test + DNS:t968.test + DNS:t969.test + DNS:t970.test + DNS:t971.test + DNS:t972.test + DNS:t973.test + DNS:t974.test + DNS:t975.test + DNS:t976.test + DNS:t977.test + DNS:t978.test + DNS:t979.test + DNS:t980.test + DNS:t981.test + DNS:t982.test + DNS:t983.test + DNS:t984.test + DNS:t985.test + DNS:t986.test + DNS:t987.test + DNS:t988.test + DNS:t989.test + DNS:t990.test + DNS:t991.test + DNS:t992.test + DNS:t993.test + DNS:t994.test + DNS:t995.test + DNS:t996.test + DNS:t997.test + DNS:t998.test + DNS:t999.test + DNS:t1000.test + DNS:t1001.test + DNS:t1002.test + DNS:t1003.test + DNS:t1004.test + DNS:t1005.test + DNS:t1006.test + DNS:t1007.test + DNS:t1008.test + DNS:t1009.test + DNS:t1010.test + DNS:t1011.test + DNS:t1012.test + DNS:t1013.test + DNS:t1014.test + DNS:t1015.test + DNS:t1016.test + DNS:t1017.test + DNS:t1018.test + DNS:t1019.test + DNS:t1020.test + DNS:t1021.test + DNS:t1022.test + DNS:t1023.test + DNS:t1024.test + + Signature Algorithm: sha256WithRSAEncryption + 2f:8c:9f:08:43:fa:e1:c2:16:9b:e6:5a:b9:8e:7b:d5:49:ef: + d6:de:02:25:9b:46:eb:a3:df:a8:8d:07:10:40:e7:de:fe:23: + 6a:5e:9d:eb:63:7f:a1:a9:8d:34:b9:c8:bd:5f:dc:4c:eb:b3: + 89:73:23:fa:90:a3:a2:cb:f0:1f:67:f2:e8:e1:e0:74:e2:86: + 03:96:28:20:4b:b9:fc:ba:4f:80:24:de:2b:c1:27:9b:21:e5: + d9:3e:2b:66:76:50:6c:90:a3:5a:89:3e:51:34:09:1c:37:ce: + 60:79:6a:89:9b:6b:18:f5:89:31:01:96:92:b9:a0:71:b4:50: + 3a:8c:f4:46:3a:58:54:ff:a2:34:dc:ee:86:4e:5f:ac:f8:1a: + f9:c0:22:40:82:be:5f:98:d8:3d:52:3a:18:a2:4f:e2:30:76: + ba:fa:ee:5e:1f:26:80:72:b0:06:f0:21:b7:84:2a:5d:ea:21: + 9d:e0:0f:35:80:93:d8:9d:1f:9b:a7:3d:6f:e2:1c:29:38:12: + 9d:3c:cd:4b:4c:9f:fa:d5:62:2b:56:ac:2a:3a:f8:5f:cc:32: + 0f:02:7c:a8:df:c0:c9:d1:1e:4d:a7:dc:9f:cb:4e:93:34:f6: + 6e:50:3a:1d:b3:49:e9:50:a3:19:78:a0:8d:c3:2b:5a:78:1d: + 53:55:35:47 +-----BEGIN CERTIFICATE----- +MII3TzCCNjegAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCNJkwgjSVMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjPJBgNVHR4EgjPAMIIzvKCCM7gwCYIHdDAudGVzdDAJggd0MS50ZXN0MAmC +B3QyLnRlc3QwCYIHdDMudGVzdDAJggd0NC50ZXN0MAmCB3Q1LnRlc3QwCYIHdDYu +dGVzdDAJggd0Ny50ZXN0MAmCB3Q4LnRlc3QwCYIHdDkudGVzdDAKggh0MTAudGVz +dDAKggh0MTEudGVzdDAKggh0MTIudGVzdDAKggh0MTMudGVzdDAKggh0MTQudGVz +dDAKggh0MTUudGVzdDAKggh0MTYudGVzdDAKggh0MTcudGVzdDAKggh0MTgudGVz +dDAKggh0MTkudGVzdDAKggh0MjAudGVzdDAKggh0MjEudGVzdDAKggh0MjIudGVz +dDAKggh0MjMudGVzdDAKggh0MjQudGVzdDAKggh0MjUudGVzdDAKggh0MjYudGVz +dDAKggh0MjcudGVzdDAKggh0MjgudGVzdDAKggh0MjkudGVzdDAKggh0MzAudGVz +dDAKggh0MzEudGVzdDAKggh0MzIudGVzdDAKggh0MzMudGVzdDAKggh0MzQudGVz +dDAKggh0MzUudGVzdDAKggh0MzYudGVzdDAKggh0MzcudGVzdDAKggh0MzgudGVz +dDAKggh0MzkudGVzdDAKggh0NDAudGVzdDAKggh0NDEudGVzdDAKggh0NDIudGVz +dDAKggh0NDMudGVzdDAKggh0NDQudGVzdDAKggh0NDUudGVzdDAKggh0NDYudGVz +dDAKggh0NDcudGVzdDAKggh0NDgudGVzdDAKggh0NDkudGVzdDAKggh0NTAudGVz +dDAKggh0NTEudGVzdDAKggh0NTIudGVzdDAKggh0NTMudGVzdDAKggh0NTQudGVz +dDAKggh0NTUudGVzdDAKggh0NTYudGVzdDAKggh0NTcudGVzdDAKggh0NTgudGVz +dDAKggh0NTkudGVzdDAKggh0NjAudGVzdDAKggh0NjEudGVzdDAKggh0NjIudGVz +dDAKggh0NjMudGVzdDAKggh0NjQudGVzdDAKggh0NjUudGVzdDAKggh0NjYudGVz +dDAKggh0NjcudGVzdDAKggh0NjgudGVzdDAKggh0NjkudGVzdDAKggh0NzAudGVz +dDAKggh0NzEudGVzdDAKggh0NzIudGVzdDAKggh0NzMudGVzdDAKggh0NzQudGVz +dDAKggh0NzUudGVzdDAKggh0NzYudGVzdDAKggh0NzcudGVzdDAKggh0NzgudGVz +dDAKggh0NzkudGVzdDAKggh0ODAudGVzdDAKggh0ODEudGVzdDAKggh0ODIudGVz +dDAKggh0ODMudGVzdDAKggh0ODQudGVzdDAKggh0ODUudGVzdDAKggh0ODYudGVz +dDAKggh0ODcudGVzdDAKggh0ODgudGVzdDAKggh0ODkudGVzdDAKggh0OTAudGVz +dDAKggh0OTEudGVzdDAKggh0OTIudGVzdDAKggh0OTMudGVzdDAKggh0OTQudGVz +dDAKggh0OTUudGVzdDAKggh0OTYudGVzdDAKggh0OTcudGVzdDAKggh0OTgudGVz +dDAKggh0OTkudGVzdDALggl0MTAwLnRlc3QwC4IJdDEwMS50ZXN0MAuCCXQxMDIu +dGVzdDALggl0MTAzLnRlc3QwC4IJdDEwNC50ZXN0MAuCCXQxMDUudGVzdDALggl0 +MTA2LnRlc3QwC4IJdDEwNy50ZXN0MAuCCXQxMDgudGVzdDALggl0MTA5LnRlc3Qw +C4IJdDExMC50ZXN0MAuCCXQxMTEudGVzdDALggl0MTEyLnRlc3QwC4IJdDExMy50 +ZXN0MAuCCXQxMTQudGVzdDALggl0MTE1LnRlc3QwC4IJdDExNi50ZXN0MAuCCXQx +MTcudGVzdDALggl0MTE4LnRlc3QwC4IJdDExOS50ZXN0MAuCCXQxMjAudGVzdDAL +ggl0MTIxLnRlc3QwC4IJdDEyMi50ZXN0MAuCCXQxMjMudGVzdDALggl0MTI0LnRl +c3QwC4IJdDEyNS50ZXN0MAuCCXQxMjYudGVzdDALggl0MTI3LnRlc3QwC4IJdDEy +OC50ZXN0MAuCCXQxMjkudGVzdDALggl0MTMwLnRlc3QwC4IJdDEzMS50ZXN0MAuC +CXQxMzIudGVzdDALggl0MTMzLnRlc3QwC4IJdDEzNC50ZXN0MAuCCXQxMzUudGVz +dDALggl0MTM2LnRlc3QwC4IJdDEzNy50ZXN0MAuCCXQxMzgudGVzdDALggl0MTM5 +LnRlc3QwC4IJdDE0MC50ZXN0MAuCCXQxNDEudGVzdDALggl0MTQyLnRlc3QwC4IJ +dDE0My50ZXN0MAuCCXQxNDQudGVzdDALggl0MTQ1LnRlc3QwC4IJdDE0Ni50ZXN0 +MAuCCXQxNDcudGVzdDALggl0MTQ4LnRlc3QwC4IJdDE0OS50ZXN0MAuCCXQxNTAu +dGVzdDALggl0MTUxLnRlc3QwC4IJdDE1Mi50ZXN0MAuCCXQxNTMudGVzdDALggl0 +MTU0LnRlc3QwC4IJdDE1NS50ZXN0MAuCCXQxNTYudGVzdDALggl0MTU3LnRlc3Qw +C4IJdDE1OC50ZXN0MAuCCXQxNTkudGVzdDALggl0MTYwLnRlc3QwC4IJdDE2MS50 +ZXN0MAuCCXQxNjIudGVzdDALggl0MTYzLnRlc3QwC4IJdDE2NC50ZXN0MAuCCXQx +NjUudGVzdDALggl0MTY2LnRlc3QwC4IJdDE2Ny50ZXN0MAuCCXQxNjgudGVzdDAL +ggl0MTY5LnRlc3QwC4IJdDE3MC50ZXN0MAuCCXQxNzEudGVzdDALggl0MTcyLnRl +c3QwC4IJdDE3My50ZXN0MAuCCXQxNzQudGVzdDALggl0MTc1LnRlc3QwC4IJdDE3 +Ni50ZXN0MAuCCXQxNzcudGVzdDALggl0MTc4LnRlc3QwC4IJdDE3OS50ZXN0MAuC +CXQxODAudGVzdDALggl0MTgxLnRlc3QwC4IJdDE4Mi50ZXN0MAuCCXQxODMudGVz +dDALggl0MTg0LnRlc3QwC4IJdDE4NS50ZXN0MAuCCXQxODYudGVzdDALggl0MTg3 +LnRlc3QwC4IJdDE4OC50ZXN0MAuCCXQxODkudGVzdDALggl0MTkwLnRlc3QwC4IJ +dDE5MS50ZXN0MAuCCXQxOTIudGVzdDALggl0MTkzLnRlc3QwC4IJdDE5NC50ZXN0 +MAuCCXQxOTUudGVzdDALggl0MTk2LnRlc3QwC4IJdDE5Ny50ZXN0MAuCCXQxOTgu +dGVzdDALggl0MTk5LnRlc3QwC4IJdDIwMC50ZXN0MAuCCXQyMDEudGVzdDALggl0 +MjAyLnRlc3QwC4IJdDIwMy50ZXN0MAuCCXQyMDQudGVzdDALggl0MjA1LnRlc3Qw +C4IJdDIwNi50ZXN0MAuCCXQyMDcudGVzdDALggl0MjA4LnRlc3QwC4IJdDIwOS50 +ZXN0MAuCCXQyMTAudGVzdDALggl0MjExLnRlc3QwC4IJdDIxMi50ZXN0MAuCCXQy +MTMudGVzdDALggl0MjE0LnRlc3QwC4IJdDIxNS50ZXN0MAuCCXQyMTYudGVzdDAL +ggl0MjE3LnRlc3QwC4IJdDIxOC50ZXN0MAuCCXQyMTkudGVzdDALggl0MjIwLnRl +c3QwC4IJdDIyMS50ZXN0MAuCCXQyMjIudGVzdDALggl0MjIzLnRlc3QwC4IJdDIy +NC50ZXN0MAuCCXQyMjUudGVzdDALggl0MjI2LnRlc3QwC4IJdDIyNy50ZXN0MAuC +CXQyMjgudGVzdDALggl0MjI5LnRlc3QwC4IJdDIzMC50ZXN0MAuCCXQyMzEudGVz +dDALggl0MjMyLnRlc3QwC4IJdDIzMy50ZXN0MAuCCXQyMzQudGVzdDALggl0MjM1 +LnRlc3QwC4IJdDIzNi50ZXN0MAuCCXQyMzcudGVzdDALggl0MjM4LnRlc3QwC4IJ +dDIzOS50ZXN0MAuCCXQyNDAudGVzdDALggl0MjQxLnRlc3QwC4IJdDI0Mi50ZXN0 +MAuCCXQyNDMudGVzdDALggl0MjQ0LnRlc3QwC4IJdDI0NS50ZXN0MAuCCXQyNDYu +dGVzdDALggl0MjQ3LnRlc3QwC4IJdDI0OC50ZXN0MAuCCXQyNDkudGVzdDALggl0 +MjUwLnRlc3QwC4IJdDI1MS50ZXN0MAuCCXQyNTIudGVzdDALggl0MjUzLnRlc3Qw +C4IJdDI1NC50ZXN0MAuCCXQyNTUudGVzdDALggl0MjU2LnRlc3QwC4IJdDI1Ny50 +ZXN0MAuCCXQyNTgudGVzdDALggl0MjU5LnRlc3QwC4IJdDI2MC50ZXN0MAuCCXQy +NjEudGVzdDALggl0MjYyLnRlc3QwC4IJdDI2My50ZXN0MAuCCXQyNjQudGVzdDAL +ggl0MjY1LnRlc3QwC4IJdDI2Ni50ZXN0MAuCCXQyNjcudGVzdDALggl0MjY4LnRl +c3QwC4IJdDI2OS50ZXN0MAuCCXQyNzAudGVzdDALggl0MjcxLnRlc3QwC4IJdDI3 +Mi50ZXN0MAuCCXQyNzMudGVzdDALggl0Mjc0LnRlc3QwC4IJdDI3NS50ZXN0MAuC +CXQyNzYudGVzdDALggl0Mjc3LnRlc3QwC4IJdDI3OC50ZXN0MAuCCXQyNzkudGVz +dDALggl0MjgwLnRlc3QwC4IJdDI4MS50ZXN0MAuCCXQyODIudGVzdDALggl0Mjgz +LnRlc3QwC4IJdDI4NC50ZXN0MAuCCXQyODUudGVzdDALggl0Mjg2LnRlc3QwC4IJ +dDI4Ny50ZXN0MAuCCXQyODgudGVzdDALggl0Mjg5LnRlc3QwC4IJdDI5MC50ZXN0 +MAuCCXQyOTEudGVzdDALggl0MjkyLnRlc3QwC4IJdDI5My50ZXN0MAuCCXQyOTQu +dGVzdDALggl0Mjk1LnRlc3QwC4IJdDI5Ni50ZXN0MAuCCXQyOTcudGVzdDALggl0 +Mjk4LnRlc3QwC4IJdDI5OS50ZXN0MAuCCXQzMDAudGVzdDALggl0MzAxLnRlc3Qw +C4IJdDMwMi50ZXN0MAuCCXQzMDMudGVzdDALggl0MzA0LnRlc3QwC4IJdDMwNS50 +ZXN0MAuCCXQzMDYudGVzdDALggl0MzA3LnRlc3QwC4IJdDMwOC50ZXN0MAuCCXQz +MDkudGVzdDALggl0MzEwLnRlc3QwC4IJdDMxMS50ZXN0MAuCCXQzMTIudGVzdDAL +ggl0MzEzLnRlc3QwC4IJdDMxNC50ZXN0MAuCCXQzMTUudGVzdDALggl0MzE2LnRl +c3QwC4IJdDMxNy50ZXN0MAuCCXQzMTgudGVzdDALggl0MzE5LnRlc3QwC4IJdDMy +MC50ZXN0MAuCCXQzMjEudGVzdDALggl0MzIyLnRlc3QwC4IJdDMyMy50ZXN0MAuC +CXQzMjQudGVzdDALggl0MzI1LnRlc3QwC4IJdDMyNi50ZXN0MAuCCXQzMjcudGVz +dDALggl0MzI4LnRlc3QwC4IJdDMyOS50ZXN0MAuCCXQzMzAudGVzdDALggl0MzMx +LnRlc3QwC4IJdDMzMi50ZXN0MAuCCXQzMzMudGVzdDALggl0MzM0LnRlc3QwC4IJ +dDMzNS50ZXN0MAuCCXQzMzYudGVzdDALggl0MzM3LnRlc3QwC4IJdDMzOC50ZXN0 +MAuCCXQzMzkudGVzdDALggl0MzQwLnRlc3QwC4IJdDM0MS50ZXN0MAuCCXQzNDIu +dGVzdDALggl0MzQzLnRlc3QwC4IJdDM0NC50ZXN0MAuCCXQzNDUudGVzdDALggl0 +MzQ2LnRlc3QwC4IJdDM0Ny50ZXN0MAuCCXQzNDgudGVzdDALggl0MzQ5LnRlc3Qw +C4IJdDM1MC50ZXN0MAuCCXQzNTEudGVzdDALggl0MzUyLnRlc3QwC4IJdDM1My50 +ZXN0MAuCCXQzNTQudGVzdDALggl0MzU1LnRlc3QwC4IJdDM1Ni50ZXN0MAuCCXQz +NTcudGVzdDALggl0MzU4LnRlc3QwC4IJdDM1OS50ZXN0MAuCCXQzNjAudGVzdDAL +ggl0MzYxLnRlc3QwC4IJdDM2Mi50ZXN0MAuCCXQzNjMudGVzdDALggl0MzY0LnRl +c3QwC4IJdDM2NS50ZXN0MAuCCXQzNjYudGVzdDALggl0MzY3LnRlc3QwC4IJdDM2 +OC50ZXN0MAuCCXQzNjkudGVzdDALggl0MzcwLnRlc3QwC4IJdDM3MS50ZXN0MAuC +CXQzNzIudGVzdDALggl0MzczLnRlc3QwC4IJdDM3NC50ZXN0MAuCCXQzNzUudGVz +dDALggl0Mzc2LnRlc3QwC4IJdDM3Ny50ZXN0MAuCCXQzNzgudGVzdDALggl0Mzc5 +LnRlc3QwC4IJdDM4MC50ZXN0MAuCCXQzODEudGVzdDALggl0MzgyLnRlc3QwC4IJ +dDM4My50ZXN0MAuCCXQzODQudGVzdDALggl0Mzg1LnRlc3QwC4IJdDM4Ni50ZXN0 +MAuCCXQzODcudGVzdDALggl0Mzg4LnRlc3QwC4IJdDM4OS50ZXN0MAuCCXQzOTAu +dGVzdDALggl0MzkxLnRlc3QwC4IJdDM5Mi50ZXN0MAuCCXQzOTMudGVzdDALggl0 +Mzk0LnRlc3QwC4IJdDM5NS50ZXN0MAuCCXQzOTYudGVzdDALggl0Mzk3LnRlc3Qw +C4IJdDM5OC50ZXN0MAuCCXQzOTkudGVzdDALggl0NDAwLnRlc3QwC4IJdDQwMS50 +ZXN0MAuCCXQ0MDIudGVzdDALggl0NDAzLnRlc3QwC4IJdDQwNC50ZXN0MAuCCXQ0 +MDUudGVzdDALggl0NDA2LnRlc3QwC4IJdDQwNy50ZXN0MAuCCXQ0MDgudGVzdDAL +ggl0NDA5LnRlc3QwC4IJdDQxMC50ZXN0MAuCCXQ0MTEudGVzdDALggl0NDEyLnRl +c3QwC4IJdDQxMy50ZXN0MAuCCXQ0MTQudGVzdDALggl0NDE1LnRlc3QwC4IJdDQx +Ni50ZXN0MAuCCXQ0MTcudGVzdDALggl0NDE4LnRlc3QwC4IJdDQxOS50ZXN0MAuC +CXQ0MjAudGVzdDALggl0NDIxLnRlc3QwC4IJdDQyMi50ZXN0MAuCCXQ0MjMudGVz +dDALggl0NDI0LnRlc3QwC4IJdDQyNS50ZXN0MAuCCXQ0MjYudGVzdDALggl0NDI3 +LnRlc3QwC4IJdDQyOC50ZXN0MAuCCXQ0MjkudGVzdDALggl0NDMwLnRlc3QwC4IJ +dDQzMS50ZXN0MAuCCXQ0MzIudGVzdDALggl0NDMzLnRlc3QwC4IJdDQzNC50ZXN0 +MAuCCXQ0MzUudGVzdDALggl0NDM2LnRlc3QwC4IJdDQzNy50ZXN0MAuCCXQ0Mzgu +dGVzdDALggl0NDM5LnRlc3QwC4IJdDQ0MC50ZXN0MAuCCXQ0NDEudGVzdDALggl0 +NDQyLnRlc3QwC4IJdDQ0My50ZXN0MAuCCXQ0NDQudGVzdDALggl0NDQ1LnRlc3Qw +C4IJdDQ0Ni50ZXN0MAuCCXQ0NDcudGVzdDALggl0NDQ4LnRlc3QwC4IJdDQ0OS50 +ZXN0MAuCCXQ0NTAudGVzdDALggl0NDUxLnRlc3QwC4IJdDQ1Mi50ZXN0MAuCCXQ0 +NTMudGVzdDALggl0NDU0LnRlc3QwC4IJdDQ1NS50ZXN0MAuCCXQ0NTYudGVzdDAL +ggl0NDU3LnRlc3QwC4IJdDQ1OC50ZXN0MAuCCXQ0NTkudGVzdDALggl0NDYwLnRl +c3QwC4IJdDQ2MS50ZXN0MAuCCXQ0NjIudGVzdDALggl0NDYzLnRlc3QwC4IJdDQ2 +NC50ZXN0MAuCCXQ0NjUudGVzdDALggl0NDY2LnRlc3QwC4IJdDQ2Ny50ZXN0MAuC +CXQ0NjgudGVzdDALggl0NDY5LnRlc3QwC4IJdDQ3MC50ZXN0MAuCCXQ0NzEudGVz +dDALggl0NDcyLnRlc3QwC4IJdDQ3My50ZXN0MAuCCXQ0NzQudGVzdDALggl0NDc1 +LnRlc3QwC4IJdDQ3Ni50ZXN0MAuCCXQ0NzcudGVzdDALggl0NDc4LnRlc3QwC4IJ +dDQ3OS50ZXN0MAuCCXQ0ODAudGVzdDALggl0NDgxLnRlc3QwC4IJdDQ4Mi50ZXN0 +MAuCCXQ0ODMudGVzdDALggl0NDg0LnRlc3QwC4IJdDQ4NS50ZXN0MAuCCXQ0ODYu +dGVzdDALggl0NDg3LnRlc3QwC4IJdDQ4OC50ZXN0MAuCCXQ0ODkudGVzdDALggl0 +NDkwLnRlc3QwC4IJdDQ5MS50ZXN0MAuCCXQ0OTIudGVzdDALggl0NDkzLnRlc3Qw +C4IJdDQ5NC50ZXN0MAuCCXQ0OTUudGVzdDALggl0NDk2LnRlc3QwC4IJdDQ5Ny50 +ZXN0MAuCCXQ0OTgudGVzdDALggl0NDk5LnRlc3QwC4IJdDUwMC50ZXN0MAuCCXQ1 +MDEudGVzdDALggl0NTAyLnRlc3QwC4IJdDUwMy50ZXN0MAuCCXQ1MDQudGVzdDAL +ggl0NTA1LnRlc3QwC4IJdDUwNi50ZXN0MAuCCXQ1MDcudGVzdDALggl0NTA4LnRl +c3QwC4IJdDUwOS50ZXN0MAuCCXQ1MTAudGVzdDALggl0NTExLnRlc3QwC4IJdDUx +Mi50ZXN0MAuCCXQ1MTMudGVzdDALggl0NTE0LnRlc3QwC4IJdDUxNS50ZXN0MAuC +CXQ1MTYudGVzdDALggl0NTE3LnRlc3QwC4IJdDUxOC50ZXN0MAuCCXQ1MTkudGVz +dDALggl0NTIwLnRlc3QwC4IJdDUyMS50ZXN0MAuCCXQ1MjIudGVzdDALggl0NTIz +LnRlc3QwC4IJdDUyNC50ZXN0MAuCCXQ1MjUudGVzdDALggl0NTI2LnRlc3QwC4IJ +dDUyNy50ZXN0MAuCCXQ1MjgudGVzdDALggl0NTI5LnRlc3QwC4IJdDUzMC50ZXN0 +MAuCCXQ1MzEudGVzdDALggl0NTMyLnRlc3QwC4IJdDUzMy50ZXN0MAuCCXQ1MzQu +dGVzdDALggl0NTM1LnRlc3QwC4IJdDUzNi50ZXN0MAuCCXQ1MzcudGVzdDALggl0 +NTM4LnRlc3QwC4IJdDUzOS50ZXN0MAuCCXQ1NDAudGVzdDALggl0NTQxLnRlc3Qw +C4IJdDU0Mi50ZXN0MAuCCXQ1NDMudGVzdDALggl0NTQ0LnRlc3QwC4IJdDU0NS50 +ZXN0MAuCCXQ1NDYudGVzdDALggl0NTQ3LnRlc3QwC4IJdDU0OC50ZXN0MAuCCXQ1 +NDkudGVzdDALggl0NTUwLnRlc3QwC4IJdDU1MS50ZXN0MAuCCXQ1NTIudGVzdDAL +ggl0NTUzLnRlc3QwC4IJdDU1NC50ZXN0MAuCCXQ1NTUudGVzdDALggl0NTU2LnRl +c3QwC4IJdDU1Ny50ZXN0MAuCCXQ1NTgudGVzdDALggl0NTU5LnRlc3QwC4IJdDU2 +MC50ZXN0MAuCCXQ1NjEudGVzdDALggl0NTYyLnRlc3QwC4IJdDU2My50ZXN0MAuC +CXQ1NjQudGVzdDALggl0NTY1LnRlc3QwC4IJdDU2Ni50ZXN0MAuCCXQ1NjcudGVz +dDALggl0NTY4LnRlc3QwC4IJdDU2OS50ZXN0MAuCCXQ1NzAudGVzdDALggl0NTcx +LnRlc3QwC4IJdDU3Mi50ZXN0MAuCCXQ1NzMudGVzdDALggl0NTc0LnRlc3QwC4IJ +dDU3NS50ZXN0MAuCCXQ1NzYudGVzdDALggl0NTc3LnRlc3QwC4IJdDU3OC50ZXN0 +MAuCCXQ1NzkudGVzdDALggl0NTgwLnRlc3QwC4IJdDU4MS50ZXN0MAuCCXQ1ODIu +dGVzdDALggl0NTgzLnRlc3QwC4IJdDU4NC50ZXN0MAuCCXQ1ODUudGVzdDALggl0 +NTg2LnRlc3QwC4IJdDU4Ny50ZXN0MAuCCXQ1ODgudGVzdDALggl0NTg5LnRlc3Qw +C4IJdDU5MC50ZXN0MAuCCXQ1OTEudGVzdDALggl0NTkyLnRlc3QwC4IJdDU5My50 +ZXN0MAuCCXQ1OTQudGVzdDALggl0NTk1LnRlc3QwC4IJdDU5Ni50ZXN0MAuCCXQ1 +OTcudGVzdDALggl0NTk4LnRlc3QwC4IJdDU5OS50ZXN0MAuCCXQ2MDAudGVzdDAL +ggl0NjAxLnRlc3QwC4IJdDYwMi50ZXN0MAuCCXQ2MDMudGVzdDALggl0NjA0LnRl +c3QwC4IJdDYwNS50ZXN0MAuCCXQ2MDYudGVzdDALggl0NjA3LnRlc3QwC4IJdDYw +OC50ZXN0MAuCCXQ2MDkudGVzdDALggl0NjEwLnRlc3QwC4IJdDYxMS50ZXN0MAuC +CXQ2MTIudGVzdDALggl0NjEzLnRlc3QwC4IJdDYxNC50ZXN0MAuCCXQ2MTUudGVz +dDALggl0NjE2LnRlc3QwC4IJdDYxNy50ZXN0MAuCCXQ2MTgudGVzdDALggl0NjE5 +LnRlc3QwC4IJdDYyMC50ZXN0MAuCCXQ2MjEudGVzdDALggl0NjIyLnRlc3QwC4IJ +dDYyMy50ZXN0MAuCCXQ2MjQudGVzdDALggl0NjI1LnRlc3QwC4IJdDYyNi50ZXN0 +MAuCCXQ2MjcudGVzdDALggl0NjI4LnRlc3QwC4IJdDYyOS50ZXN0MAuCCXQ2MzAu +dGVzdDALggl0NjMxLnRlc3QwC4IJdDYzMi50ZXN0MAuCCXQ2MzMudGVzdDALggl0 +NjM0LnRlc3QwC4IJdDYzNS50ZXN0MAuCCXQ2MzYudGVzdDALggl0NjM3LnRlc3Qw +C4IJdDYzOC50ZXN0MAuCCXQ2MzkudGVzdDALggl0NjQwLnRlc3QwC4IJdDY0MS50 +ZXN0MAuCCXQ2NDIudGVzdDALggl0NjQzLnRlc3QwC4IJdDY0NC50ZXN0MAuCCXQ2 +NDUudGVzdDALggl0NjQ2LnRlc3QwC4IJdDY0Ny50ZXN0MAuCCXQ2NDgudGVzdDAL +ggl0NjQ5LnRlc3QwC4IJdDY1MC50ZXN0MAuCCXQ2NTEudGVzdDALggl0NjUyLnRl +c3QwC4IJdDY1My50ZXN0MAuCCXQ2NTQudGVzdDALggl0NjU1LnRlc3QwC4IJdDY1 +Ni50ZXN0MAuCCXQ2NTcudGVzdDALggl0NjU4LnRlc3QwC4IJdDY1OS50ZXN0MAuC +CXQ2NjAudGVzdDALggl0NjYxLnRlc3QwC4IJdDY2Mi50ZXN0MAuCCXQ2NjMudGVz +dDALggl0NjY0LnRlc3QwC4IJdDY2NS50ZXN0MAuCCXQ2NjYudGVzdDALggl0NjY3 +LnRlc3QwC4IJdDY2OC50ZXN0MAuCCXQ2NjkudGVzdDALggl0NjcwLnRlc3QwC4IJ +dDY3MS50ZXN0MAuCCXQ2NzIudGVzdDALggl0NjczLnRlc3QwC4IJdDY3NC50ZXN0 +MAuCCXQ2NzUudGVzdDALggl0Njc2LnRlc3QwC4IJdDY3Ny50ZXN0MAuCCXQ2Nzgu +dGVzdDALggl0Njc5LnRlc3QwC4IJdDY4MC50ZXN0MAuCCXQ2ODEudGVzdDALggl0 +NjgyLnRlc3QwC4IJdDY4My50ZXN0MAuCCXQ2ODQudGVzdDALggl0Njg1LnRlc3Qw +C4IJdDY4Ni50ZXN0MAuCCXQ2ODcudGVzdDALggl0Njg4LnRlc3QwC4IJdDY4OS50 +ZXN0MAuCCXQ2OTAudGVzdDALggl0NjkxLnRlc3QwC4IJdDY5Mi50ZXN0MAuCCXQ2 +OTMudGVzdDALggl0Njk0LnRlc3QwC4IJdDY5NS50ZXN0MAuCCXQ2OTYudGVzdDAL +ggl0Njk3LnRlc3QwC4IJdDY5OC50ZXN0MAuCCXQ2OTkudGVzdDALggl0NzAwLnRl +c3QwC4IJdDcwMS50ZXN0MAuCCXQ3MDIudGVzdDALggl0NzAzLnRlc3QwC4IJdDcw +NC50ZXN0MAuCCXQ3MDUudGVzdDALggl0NzA2LnRlc3QwC4IJdDcwNy50ZXN0MAuC +CXQ3MDgudGVzdDALggl0NzA5LnRlc3QwC4IJdDcxMC50ZXN0MAuCCXQ3MTEudGVz +dDALggl0NzEyLnRlc3QwC4IJdDcxMy50ZXN0MAuCCXQ3MTQudGVzdDALggl0NzE1 +LnRlc3QwC4IJdDcxNi50ZXN0MAuCCXQ3MTcudGVzdDALggl0NzE4LnRlc3QwC4IJ +dDcxOS50ZXN0MAuCCXQ3MjAudGVzdDALggl0NzIxLnRlc3QwC4IJdDcyMi50ZXN0 +MAuCCXQ3MjMudGVzdDALggl0NzI0LnRlc3QwC4IJdDcyNS50ZXN0MAuCCXQ3MjYu +dGVzdDALggl0NzI3LnRlc3QwC4IJdDcyOC50ZXN0MAuCCXQ3MjkudGVzdDALggl0 +NzMwLnRlc3QwC4IJdDczMS50ZXN0MAuCCXQ3MzIudGVzdDALggl0NzMzLnRlc3Qw +C4IJdDczNC50ZXN0MAuCCXQ3MzUudGVzdDALggl0NzM2LnRlc3QwC4IJdDczNy50 +ZXN0MAuCCXQ3MzgudGVzdDALggl0NzM5LnRlc3QwC4IJdDc0MC50ZXN0MAuCCXQ3 +NDEudGVzdDALggl0NzQyLnRlc3QwC4IJdDc0My50ZXN0MAuCCXQ3NDQudGVzdDAL +ggl0NzQ1LnRlc3QwC4IJdDc0Ni50ZXN0MAuCCXQ3NDcudGVzdDALggl0NzQ4LnRl +c3QwC4IJdDc0OS50ZXN0MAuCCXQ3NTAudGVzdDALggl0NzUxLnRlc3QwC4IJdDc1 +Mi50ZXN0MAuCCXQ3NTMudGVzdDALggl0NzU0LnRlc3QwC4IJdDc1NS50ZXN0MAuC +CXQ3NTYudGVzdDALggl0NzU3LnRlc3QwC4IJdDc1OC50ZXN0MAuCCXQ3NTkudGVz +dDALggl0NzYwLnRlc3QwC4IJdDc2MS50ZXN0MAuCCXQ3NjIudGVzdDALggl0NzYz +LnRlc3QwC4IJdDc2NC50ZXN0MAuCCXQ3NjUudGVzdDALggl0NzY2LnRlc3QwC4IJ +dDc2Ny50ZXN0MAuCCXQ3NjgudGVzdDALggl0NzY5LnRlc3QwC4IJdDc3MC50ZXN0 +MAuCCXQ3NzEudGVzdDALggl0NzcyLnRlc3QwC4IJdDc3My50ZXN0MAuCCXQ3NzQu +dGVzdDALggl0Nzc1LnRlc3QwC4IJdDc3Ni50ZXN0MAuCCXQ3NzcudGVzdDALggl0 +Nzc4LnRlc3QwC4IJdDc3OS50ZXN0MAuCCXQ3ODAudGVzdDALggl0NzgxLnRlc3Qw +C4IJdDc4Mi50ZXN0MAuCCXQ3ODMudGVzdDALggl0Nzg0LnRlc3QwC4IJdDc4NS50 +ZXN0MAuCCXQ3ODYudGVzdDALggl0Nzg3LnRlc3QwC4IJdDc4OC50ZXN0MAuCCXQ3 +ODkudGVzdDALggl0NzkwLnRlc3QwC4IJdDc5MS50ZXN0MAuCCXQ3OTIudGVzdDAL +ggl0NzkzLnRlc3QwC4IJdDc5NC50ZXN0MAuCCXQ3OTUudGVzdDALggl0Nzk2LnRl +c3QwC4IJdDc5Ny50ZXN0MAuCCXQ3OTgudGVzdDALggl0Nzk5LnRlc3QwC4IJdDgw +MC50ZXN0MAuCCXQ4MDEudGVzdDALggl0ODAyLnRlc3QwC4IJdDgwMy50ZXN0MAuC +CXQ4MDQudGVzdDALggl0ODA1LnRlc3QwC4IJdDgwNi50ZXN0MAuCCXQ4MDcudGVz +dDALggl0ODA4LnRlc3QwC4IJdDgwOS50ZXN0MAuCCXQ4MTAudGVzdDALggl0ODEx +LnRlc3QwC4IJdDgxMi50ZXN0MAuCCXQ4MTMudGVzdDALggl0ODE0LnRlc3QwC4IJ +dDgxNS50ZXN0MAuCCXQ4MTYudGVzdDALggl0ODE3LnRlc3QwC4IJdDgxOC50ZXN0 +MAuCCXQ4MTkudGVzdDALggl0ODIwLnRlc3QwC4IJdDgyMS50ZXN0MAuCCXQ4MjIu +dGVzdDALggl0ODIzLnRlc3QwC4IJdDgyNC50ZXN0MAuCCXQ4MjUudGVzdDALggl0 +ODI2LnRlc3QwC4IJdDgyNy50ZXN0MAuCCXQ4MjgudGVzdDALggl0ODI5LnRlc3Qw +C4IJdDgzMC50ZXN0MAuCCXQ4MzEudGVzdDALggl0ODMyLnRlc3QwC4IJdDgzMy50 +ZXN0MAuCCXQ4MzQudGVzdDALggl0ODM1LnRlc3QwC4IJdDgzNi50ZXN0MAuCCXQ4 +MzcudGVzdDALggl0ODM4LnRlc3QwC4IJdDgzOS50ZXN0MAuCCXQ4NDAudGVzdDAL +ggl0ODQxLnRlc3QwC4IJdDg0Mi50ZXN0MAuCCXQ4NDMudGVzdDALggl0ODQ0LnRl +c3QwC4IJdDg0NS50ZXN0MAuCCXQ4NDYudGVzdDALggl0ODQ3LnRlc3QwC4IJdDg0 +OC50ZXN0MAuCCXQ4NDkudGVzdDALggl0ODUwLnRlc3QwC4IJdDg1MS50ZXN0MAuC +CXQ4NTIudGVzdDALggl0ODUzLnRlc3QwC4IJdDg1NC50ZXN0MAuCCXQ4NTUudGVz +dDALggl0ODU2LnRlc3QwC4IJdDg1Ny50ZXN0MAuCCXQ4NTgudGVzdDALggl0ODU5 +LnRlc3QwC4IJdDg2MC50ZXN0MAuCCXQ4NjEudGVzdDALggl0ODYyLnRlc3QwC4IJ +dDg2My50ZXN0MAuCCXQ4NjQudGVzdDALggl0ODY1LnRlc3QwC4IJdDg2Ni50ZXN0 +MAuCCXQ4NjcudGVzdDALggl0ODY4LnRlc3QwC4IJdDg2OS50ZXN0MAuCCXQ4NzAu +dGVzdDALggl0ODcxLnRlc3QwC4IJdDg3Mi50ZXN0MAuCCXQ4NzMudGVzdDALggl0 +ODc0LnRlc3QwC4IJdDg3NS50ZXN0MAuCCXQ4NzYudGVzdDALggl0ODc3LnRlc3Qw +C4IJdDg3OC50ZXN0MAuCCXQ4NzkudGVzdDALggl0ODgwLnRlc3QwC4IJdDg4MS50 +ZXN0MAuCCXQ4ODIudGVzdDALggl0ODgzLnRlc3QwC4IJdDg4NC50ZXN0MAuCCXQ4 +ODUudGVzdDALggl0ODg2LnRlc3QwC4IJdDg4Ny50ZXN0MAuCCXQ4ODgudGVzdDAL +ggl0ODg5LnRlc3QwC4IJdDg5MC50ZXN0MAuCCXQ4OTEudGVzdDALggl0ODkyLnRl +c3QwC4IJdDg5My50ZXN0MAuCCXQ4OTQudGVzdDALggl0ODk1LnRlc3QwC4IJdDg5 +Ni50ZXN0MAuCCXQ4OTcudGVzdDALggl0ODk4LnRlc3QwC4IJdDg5OS50ZXN0MAuC +CXQ5MDAudGVzdDALggl0OTAxLnRlc3QwC4IJdDkwMi50ZXN0MAuCCXQ5MDMudGVz +dDALggl0OTA0LnRlc3QwC4IJdDkwNS50ZXN0MAuCCXQ5MDYudGVzdDALggl0OTA3 +LnRlc3QwC4IJdDkwOC50ZXN0MAuCCXQ5MDkudGVzdDALggl0OTEwLnRlc3QwC4IJ +dDkxMS50ZXN0MAuCCXQ5MTIudGVzdDALggl0OTEzLnRlc3QwC4IJdDkxNC50ZXN0 +MAuCCXQ5MTUudGVzdDALggl0OTE2LnRlc3QwC4IJdDkxNy50ZXN0MAuCCXQ5MTgu +dGVzdDALggl0OTE5LnRlc3QwC4IJdDkyMC50ZXN0MAuCCXQ5MjEudGVzdDALggl0 +OTIyLnRlc3QwC4IJdDkyMy50ZXN0MAuCCXQ5MjQudGVzdDALggl0OTI1LnRlc3Qw +C4IJdDkyNi50ZXN0MAuCCXQ5MjcudGVzdDALggl0OTI4LnRlc3QwC4IJdDkyOS50 +ZXN0MAuCCXQ5MzAudGVzdDALggl0OTMxLnRlc3QwC4IJdDkzMi50ZXN0MAuCCXQ5 +MzMudGVzdDALggl0OTM0LnRlc3QwC4IJdDkzNS50ZXN0MAuCCXQ5MzYudGVzdDAL +ggl0OTM3LnRlc3QwC4IJdDkzOC50ZXN0MAuCCXQ5MzkudGVzdDALggl0OTQwLnRl +c3QwC4IJdDk0MS50ZXN0MAuCCXQ5NDIudGVzdDALggl0OTQzLnRlc3QwC4IJdDk0 +NC50ZXN0MAuCCXQ5NDUudGVzdDALggl0OTQ2LnRlc3QwC4IJdDk0Ny50ZXN0MAuC +CXQ5NDgudGVzdDALggl0OTQ5LnRlc3QwC4IJdDk1MC50ZXN0MAuCCXQ5NTEudGVz +dDALggl0OTUyLnRlc3QwC4IJdDk1My50ZXN0MAuCCXQ5NTQudGVzdDALggl0OTU1 +LnRlc3QwC4IJdDk1Ni50ZXN0MAuCCXQ5NTcudGVzdDALggl0OTU4LnRlc3QwC4IJ +dDk1OS50ZXN0MAuCCXQ5NjAudGVzdDALggl0OTYxLnRlc3QwC4IJdDk2Mi50ZXN0 +MAuCCXQ5NjMudGVzdDALggl0OTY0LnRlc3QwC4IJdDk2NS50ZXN0MAuCCXQ5NjYu +dGVzdDALggl0OTY3LnRlc3QwC4IJdDk2OC50ZXN0MAuCCXQ5NjkudGVzdDALggl0 +OTcwLnRlc3QwC4IJdDk3MS50ZXN0MAuCCXQ5NzIudGVzdDALggl0OTczLnRlc3Qw +C4IJdDk3NC50ZXN0MAuCCXQ5NzUudGVzdDALggl0OTc2LnRlc3QwC4IJdDk3Ny50 +ZXN0MAuCCXQ5NzgudGVzdDALggl0OTc5LnRlc3QwC4IJdDk4MC50ZXN0MAuCCXQ5 +ODEudGVzdDALggl0OTgyLnRlc3QwC4IJdDk4My50ZXN0MAuCCXQ5ODQudGVzdDAL +ggl0OTg1LnRlc3QwC4IJdDk4Ni50ZXN0MAuCCXQ5ODcudGVzdDALggl0OTg4LnRl +c3QwC4IJdDk4OS50ZXN0MAuCCXQ5OTAudGVzdDALggl0OTkxLnRlc3QwC4IJdDk5 +Mi50ZXN0MAuCCXQ5OTMudGVzdDALggl0OTk0LnRlc3QwC4IJdDk5NS50ZXN0MAuC +CXQ5OTYudGVzdDALggl0OTk3LnRlc3QwC4IJdDk5OC50ZXN0MAuCCXQ5OTkudGVz +dDAMggp0MTAwMC50ZXN0MAyCCnQxMDAxLnRlc3QwDIIKdDEwMDIudGVzdDAMggp0 +MTAwMy50ZXN0MAyCCnQxMDA0LnRlc3QwDIIKdDEwMDUudGVzdDAMggp0MTAwNi50 +ZXN0MAyCCnQxMDA3LnRlc3QwDIIKdDEwMDgudGVzdDAMggp0MTAwOS50ZXN0MAyC +CnQxMDEwLnRlc3QwDIIKdDEwMTEudGVzdDAMggp0MTAxMi50ZXN0MAyCCnQxMDEz +LnRlc3QwDIIKdDEwMTQudGVzdDAMggp0MTAxNS50ZXN0MAyCCnQxMDE2LnRlc3Qw +DIIKdDEwMTcudGVzdDAMggp0MTAxOC50ZXN0MAyCCnQxMDE5LnRlc3QwDIIKdDEw +MjAudGVzdDAMggp0MTAyMS50ZXN0MAyCCnQxMDIyLnRlc3QwDIIKdDEwMjMudGVz +dDAMggp0MTAyNC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQAvjJ8IQ/rhwhab5lq5 +jnvVSe/W3gIlm0bro9+ojQcQQOfe/iNqXp3rY3+hqY00uci9X9xM67OJcyP6kKOi +y/AfZ/Lo4eB04oYDliggS7n8uk+AJN4rwSebIeXZPitmdlBskKNaiT5RNAkcN85g +eWqJm2sY9YkxAZaSuaBxtFA6jPRGOlhU/6I03O6GTl+s+Br5wCJAgr5fmNg9UjoY +ok/iMHa6+u5eHyaAcrAG8CG3hCpd6iGd4A81gJPYnR+bpz1v4hwpOBKdPM1LTJ/6 +1WIrVqwqOvhfzDIPAnyo38DJ0R5Np9yfy06TNPZuUDods0npUKMZeKCNwytaeB1T +VTVH +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.test new file mode 100644 index 0000000000..552bb863c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-dns-permitted.test @@ -0,0 +1,8 @@ +chain: toomany-dns-permitted.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem new file mode 100644 index 0000000000..9a0ca5bd26 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.pem @@ -0,0 +1,1690 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of excluded IP name +constraints and IP names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:d7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 24:e6:7f:49:27:e7:de:27:ca:06:88:0f:d2:64:ba:07:75:08: + c0:72:41:ce:67:9f:1a:d8:23:d7:b6:35:ab:d4:49:1b:7e:cb: + 46:74:25:52:65:fb:5b:2b:74:ab:2c:19:1c:bf:06:01:78:0c: + c7:a6:3c:e0:1a:d4:dc:8c:00:8b:a8:05:4c:c2:cf:82:41:c7: + 51:65:49:fc:6b:dc:b3:b6:57:f0:0a:3c:05:39:7d:6e:2c:cd: + 6b:f3:b0:38:c4:0b:1b:5f:bf:03:e9:59:f8:d4:c5:42:7a:c0: + 39:5e:a4:ef:45:39:aa:ab:91:35:9d:8e:65:3f:43:bc:59:6f: + 90:d1:da:eb:fe:b0:b5:3a:24:63:78:04:f3:75:58:43:79:b5: + 64:1f:96:ee:c9:3b:93:12:e1:c7:31:5b:9d:a9:58:48:03:f7: + 76:ad:0a:e8:b1:38:58:df:2e:04:8b:56:07:1c:9c:4e:e8:27: + 2b:9d:24:a0:09:a6:b7:c2:7f:f4:16:c0:2a:f7:ca:b0:f5:b9: + c2:0c:4b:e8:c2:16:e3:b4:dc:0b:a9:95:7f:60:35:b1:62:1b: + 53:14:94:c9:ea:74:ee:0e:05:64:ff:04:1b:b4:1d:8c:10:d2: + 3e:6e:0d:f0:87:0b:c5:29:0a:90:cb:86:ee:0a:ba:3f:d7:d4: + 12:e3:0a:e9 +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY1zANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAJOZ/SSfn3ifKBogP0mS6B3UIwHJBzmefGtgj17Y1 +q9RJG37LRnQlUmX7Wyt0qywZHL8GAXgMx6Y84BrU3IwAi6gFTMLPgkHHUWVJ/Gvc +s7ZX8Ao8BTl9bizNa/OwOMQLG1+/A+lZ+NTFQnrAOV6k70U5qquRNZ2OZT9DvFlv +kNHa6/6wtTokY3gE83VYQ3m1ZB+W7sk7kxLhxzFbnalYSAP3dq0K6LE4WN8uBItW +BxycTugnK50koAmmt8J/9BbAKvfKsPW5wgxL6MIW47TcC6mVf2A1sWIbUxSUyep0 +7g4FZP8EG7QdjBDSPm4N8IcLxSkKkMuG7gq6P9fUEuMK6Q== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Excluded: + IP:11.0.0.0/255.255.255.255 + IP:11.0.0.1/255.255.255.255 + IP:11.0.0.2/255.255.255.255 + IP:11.0.0.3/255.255.255.255 + IP:11.0.0.4/255.255.255.255 + IP:11.0.0.5/255.255.255.255 + IP:11.0.0.6/255.255.255.255 + IP:11.0.0.7/255.255.255.255 + IP:11.0.0.8/255.255.255.255 + IP:11.0.0.9/255.255.255.255 + IP:11.0.0.10/255.255.255.255 + IP:11.0.0.11/255.255.255.255 + IP:11.0.0.12/255.255.255.255 + IP:11.0.0.13/255.255.255.255 + IP:11.0.0.14/255.255.255.255 + IP:11.0.0.15/255.255.255.255 + IP:11.0.0.16/255.255.255.255 + IP:11.0.0.17/255.255.255.255 + IP:11.0.0.18/255.255.255.255 + IP:11.0.0.19/255.255.255.255 + IP:11.0.0.20/255.255.255.255 + IP:11.0.0.21/255.255.255.255 + IP:11.0.0.22/255.255.255.255 + IP:11.0.0.23/255.255.255.255 + IP:11.0.0.24/255.255.255.255 + IP:11.0.0.25/255.255.255.255 + IP:11.0.0.26/255.255.255.255 + IP:11.0.0.27/255.255.255.255 + IP:11.0.0.28/255.255.255.255 + IP:11.0.0.29/255.255.255.255 + IP:11.0.0.30/255.255.255.255 + IP:11.0.0.31/255.255.255.255 + IP:11.0.0.32/255.255.255.255 + IP:11.0.0.33/255.255.255.255 + IP:11.0.0.34/255.255.255.255 + IP:11.0.0.35/255.255.255.255 + IP:11.0.0.36/255.255.255.255 + IP:11.0.0.37/255.255.255.255 + IP:11.0.0.38/255.255.255.255 + IP:11.0.0.39/255.255.255.255 + IP:11.0.0.40/255.255.255.255 + IP:11.0.0.41/255.255.255.255 + IP:11.0.0.42/255.255.255.255 + IP:11.0.0.43/255.255.255.255 + IP:11.0.0.44/255.255.255.255 + IP:11.0.0.45/255.255.255.255 + IP:11.0.0.46/255.255.255.255 + IP:11.0.0.47/255.255.255.255 + IP:11.0.0.48/255.255.255.255 + IP:11.0.0.49/255.255.255.255 + IP:11.0.0.50/255.255.255.255 + IP:11.0.0.51/255.255.255.255 + IP:11.0.0.52/255.255.255.255 + IP:11.0.0.53/255.255.255.255 + IP:11.0.0.54/255.255.255.255 + IP:11.0.0.55/255.255.255.255 + IP:11.0.0.56/255.255.255.255 + IP:11.0.0.57/255.255.255.255 + IP:11.0.0.58/255.255.255.255 + IP:11.0.0.59/255.255.255.255 + IP:11.0.0.60/255.255.255.255 + IP:11.0.0.61/255.255.255.255 + IP:11.0.0.62/255.255.255.255 + IP:11.0.0.63/255.255.255.255 + IP:11.0.0.64/255.255.255.255 + IP:11.0.0.65/255.255.255.255 + IP:11.0.0.66/255.255.255.255 + IP:11.0.0.67/255.255.255.255 + IP:11.0.0.68/255.255.255.255 + IP:11.0.0.69/255.255.255.255 + IP:11.0.0.70/255.255.255.255 + IP:11.0.0.71/255.255.255.255 + IP:11.0.0.72/255.255.255.255 + IP:11.0.0.73/255.255.255.255 + IP:11.0.0.74/255.255.255.255 + IP:11.0.0.75/255.255.255.255 + IP:11.0.0.76/255.255.255.255 + IP:11.0.0.77/255.255.255.255 + IP:11.0.0.78/255.255.255.255 + IP:11.0.0.79/255.255.255.255 + IP:11.0.0.80/255.255.255.255 + IP:11.0.0.81/255.255.255.255 + IP:11.0.0.82/255.255.255.255 + IP:11.0.0.83/255.255.255.255 + IP:11.0.0.84/255.255.255.255 + IP:11.0.0.85/255.255.255.255 + IP:11.0.0.86/255.255.255.255 + IP:11.0.0.87/255.255.255.255 + IP:11.0.0.88/255.255.255.255 + IP:11.0.0.89/255.255.255.255 + IP:11.0.0.90/255.255.255.255 + IP:11.0.0.91/255.255.255.255 + IP:11.0.0.92/255.255.255.255 + IP:11.0.0.93/255.255.255.255 + IP:11.0.0.94/255.255.255.255 + IP:11.0.0.95/255.255.255.255 + IP:11.0.0.96/255.255.255.255 + IP:11.0.0.97/255.255.255.255 + IP:11.0.0.98/255.255.255.255 + IP:11.0.0.99/255.255.255.255 + IP:11.0.0.100/255.255.255.255 + IP:11.0.0.101/255.255.255.255 + IP:11.0.0.102/255.255.255.255 + IP:11.0.0.103/255.255.255.255 + IP:11.0.0.104/255.255.255.255 + IP:11.0.0.105/255.255.255.255 + IP:11.0.0.106/255.255.255.255 + IP:11.0.0.107/255.255.255.255 + IP:11.0.0.108/255.255.255.255 + IP:11.0.0.109/255.255.255.255 + IP:11.0.0.110/255.255.255.255 + IP:11.0.0.111/255.255.255.255 + IP:11.0.0.112/255.255.255.255 + IP:11.0.0.113/255.255.255.255 + IP:11.0.0.114/255.255.255.255 + IP:11.0.0.115/255.255.255.255 + IP:11.0.0.116/255.255.255.255 + IP:11.0.0.117/255.255.255.255 + IP:11.0.0.118/255.255.255.255 + IP:11.0.0.119/255.255.255.255 + IP:11.0.0.120/255.255.255.255 + IP:11.0.0.121/255.255.255.255 + IP:11.0.0.122/255.255.255.255 + IP:11.0.0.123/255.255.255.255 + IP:11.0.0.124/255.255.255.255 + IP:11.0.0.125/255.255.255.255 + IP:11.0.0.126/255.255.255.255 + IP:11.0.0.127/255.255.255.255 + IP:11.0.0.128/255.255.255.255 + IP:11.0.0.129/255.255.255.255 + IP:11.0.0.130/255.255.255.255 + IP:11.0.0.131/255.255.255.255 + IP:11.0.0.132/255.255.255.255 + IP:11.0.0.133/255.255.255.255 + IP:11.0.0.134/255.255.255.255 + IP:11.0.0.135/255.255.255.255 + IP:11.0.0.136/255.255.255.255 + IP:11.0.0.137/255.255.255.255 + IP:11.0.0.138/255.255.255.255 + IP:11.0.0.139/255.255.255.255 + IP:11.0.0.140/255.255.255.255 + IP:11.0.0.141/255.255.255.255 + IP:11.0.0.142/255.255.255.255 + IP:11.0.0.143/255.255.255.255 + IP:11.0.0.144/255.255.255.255 + IP:11.0.0.145/255.255.255.255 + IP:11.0.0.146/255.255.255.255 + IP:11.0.0.147/255.255.255.255 + IP:11.0.0.148/255.255.255.255 + IP:11.0.0.149/255.255.255.255 + IP:11.0.0.150/255.255.255.255 + IP:11.0.0.151/255.255.255.255 + IP:11.0.0.152/255.255.255.255 + IP:11.0.0.153/255.255.255.255 + IP:11.0.0.154/255.255.255.255 + IP:11.0.0.155/255.255.255.255 + IP:11.0.0.156/255.255.255.255 + IP:11.0.0.157/255.255.255.255 + IP:11.0.0.158/255.255.255.255 + IP:11.0.0.159/255.255.255.255 + IP:11.0.0.160/255.255.255.255 + IP:11.0.0.161/255.255.255.255 + IP:11.0.0.162/255.255.255.255 + IP:11.0.0.163/255.255.255.255 + IP:11.0.0.164/255.255.255.255 + IP:11.0.0.165/255.255.255.255 + IP:11.0.0.166/255.255.255.255 + IP:11.0.0.167/255.255.255.255 + IP:11.0.0.168/255.255.255.255 + IP:11.0.0.169/255.255.255.255 + IP:11.0.0.170/255.255.255.255 + IP:11.0.0.171/255.255.255.255 + IP:11.0.0.172/255.255.255.255 + IP:11.0.0.173/255.255.255.255 + IP:11.0.0.174/255.255.255.255 + IP:11.0.0.175/255.255.255.255 + IP:11.0.0.176/255.255.255.255 + IP:11.0.0.177/255.255.255.255 + IP:11.0.0.178/255.255.255.255 + IP:11.0.0.179/255.255.255.255 + IP:11.0.0.180/255.255.255.255 + IP:11.0.0.181/255.255.255.255 + IP:11.0.0.182/255.255.255.255 + IP:11.0.0.183/255.255.255.255 + IP:11.0.0.184/255.255.255.255 + IP:11.0.0.185/255.255.255.255 + IP:11.0.0.186/255.255.255.255 + IP:11.0.0.187/255.255.255.255 + IP:11.0.0.188/255.255.255.255 + IP:11.0.0.189/255.255.255.255 + IP:11.0.0.190/255.255.255.255 + IP:11.0.0.191/255.255.255.255 + IP:11.0.0.192/255.255.255.255 + IP:11.0.0.193/255.255.255.255 + IP:11.0.0.194/255.255.255.255 + IP:11.0.0.195/255.255.255.255 + IP:11.0.0.196/255.255.255.255 + IP:11.0.0.197/255.255.255.255 + IP:11.0.0.198/255.255.255.255 + IP:11.0.0.199/255.255.255.255 + IP:11.0.0.200/255.255.255.255 + IP:11.0.0.201/255.255.255.255 + IP:11.0.0.202/255.255.255.255 + IP:11.0.0.203/255.255.255.255 + IP:11.0.0.204/255.255.255.255 + IP:11.0.0.205/255.255.255.255 + IP:11.0.0.206/255.255.255.255 + IP:11.0.0.207/255.255.255.255 + IP:11.0.0.208/255.255.255.255 + IP:11.0.0.209/255.255.255.255 + IP:11.0.0.210/255.255.255.255 + IP:11.0.0.211/255.255.255.255 + IP:11.0.0.212/255.255.255.255 + IP:11.0.0.213/255.255.255.255 + IP:11.0.0.214/255.255.255.255 + IP:11.0.0.215/255.255.255.255 + IP:11.0.0.216/255.255.255.255 + IP:11.0.0.217/255.255.255.255 + IP:11.0.0.218/255.255.255.255 + IP:11.0.0.219/255.255.255.255 + IP:11.0.0.220/255.255.255.255 + IP:11.0.0.221/255.255.255.255 + IP:11.0.0.222/255.255.255.255 + IP:11.0.0.223/255.255.255.255 + IP:11.0.0.224/255.255.255.255 + IP:11.0.0.225/255.255.255.255 + IP:11.0.0.226/255.255.255.255 + IP:11.0.0.227/255.255.255.255 + IP:11.0.0.228/255.255.255.255 + IP:11.0.0.229/255.255.255.255 + IP:11.0.0.230/255.255.255.255 + IP:11.0.0.231/255.255.255.255 + IP:11.0.0.232/255.255.255.255 + IP:11.0.0.233/255.255.255.255 + IP:11.0.0.234/255.255.255.255 + IP:11.0.0.235/255.255.255.255 + IP:11.0.0.236/255.255.255.255 + IP:11.0.0.237/255.255.255.255 + IP:11.0.0.238/255.255.255.255 + IP:11.0.0.239/255.255.255.255 + IP:11.0.0.240/255.255.255.255 + IP:11.0.0.241/255.255.255.255 + IP:11.0.0.242/255.255.255.255 + IP:11.0.0.243/255.255.255.255 + IP:11.0.0.244/255.255.255.255 + IP:11.0.0.245/255.255.255.255 + IP:11.0.0.246/255.255.255.255 + IP:11.0.0.247/255.255.255.255 + IP:11.0.0.248/255.255.255.255 + IP:11.0.0.249/255.255.255.255 + IP:11.0.0.250/255.255.255.255 + IP:11.0.0.251/255.255.255.255 + IP:11.0.0.252/255.255.255.255 + IP:11.0.0.253/255.255.255.255 + IP:11.0.0.254/255.255.255.255 + IP:11.0.0.255/255.255.255.255 + IP:11.0.1.0/255.255.255.255 + IP:11.0.1.1/255.255.255.255 + IP:11.0.1.2/255.255.255.255 + IP:11.0.1.3/255.255.255.255 + IP:11.0.1.4/255.255.255.255 + IP:11.0.1.5/255.255.255.255 + IP:11.0.1.6/255.255.255.255 + IP:11.0.1.7/255.255.255.255 + IP:11.0.1.8/255.255.255.255 + IP:11.0.1.9/255.255.255.255 + IP:11.0.1.10/255.255.255.255 + IP:11.0.1.11/255.255.255.255 + IP:11.0.1.12/255.255.255.255 + IP:11.0.1.13/255.255.255.255 + IP:11.0.1.14/255.255.255.255 + IP:11.0.1.15/255.255.255.255 + IP:11.0.1.16/255.255.255.255 + IP:11.0.1.17/255.255.255.255 + IP:11.0.1.18/255.255.255.255 + IP:11.0.1.19/255.255.255.255 + IP:11.0.1.20/255.255.255.255 + IP:11.0.1.21/255.255.255.255 + IP:11.0.1.22/255.255.255.255 + IP:11.0.1.23/255.255.255.255 + IP:11.0.1.24/255.255.255.255 + IP:11.0.1.25/255.255.255.255 + IP:11.0.1.26/255.255.255.255 + IP:11.0.1.27/255.255.255.255 + IP:11.0.1.28/255.255.255.255 + IP:11.0.1.29/255.255.255.255 + IP:11.0.1.30/255.255.255.255 + IP:11.0.1.31/255.255.255.255 + IP:11.0.1.32/255.255.255.255 + IP:11.0.1.33/255.255.255.255 + IP:11.0.1.34/255.255.255.255 + IP:11.0.1.35/255.255.255.255 + IP:11.0.1.36/255.255.255.255 + IP:11.0.1.37/255.255.255.255 + IP:11.0.1.38/255.255.255.255 + IP:11.0.1.39/255.255.255.255 + IP:11.0.1.40/255.255.255.255 + IP:11.0.1.41/255.255.255.255 + IP:11.0.1.42/255.255.255.255 + IP:11.0.1.43/255.255.255.255 + IP:11.0.1.44/255.255.255.255 + IP:11.0.1.45/255.255.255.255 + IP:11.0.1.46/255.255.255.255 + IP:11.0.1.47/255.255.255.255 + IP:11.0.1.48/255.255.255.255 + IP:11.0.1.49/255.255.255.255 + IP:11.0.1.50/255.255.255.255 + IP:11.0.1.51/255.255.255.255 + IP:11.0.1.52/255.255.255.255 + IP:11.0.1.53/255.255.255.255 + IP:11.0.1.54/255.255.255.255 + IP:11.0.1.55/255.255.255.255 + IP:11.0.1.56/255.255.255.255 + IP:11.0.1.57/255.255.255.255 + IP:11.0.1.58/255.255.255.255 + IP:11.0.1.59/255.255.255.255 + IP:11.0.1.60/255.255.255.255 + IP:11.0.1.61/255.255.255.255 + IP:11.0.1.62/255.255.255.255 + IP:11.0.1.63/255.255.255.255 + IP:11.0.1.64/255.255.255.255 + IP:11.0.1.65/255.255.255.255 + IP:11.0.1.66/255.255.255.255 + IP:11.0.1.67/255.255.255.255 + IP:11.0.1.68/255.255.255.255 + IP:11.0.1.69/255.255.255.255 + IP:11.0.1.70/255.255.255.255 + IP:11.0.1.71/255.255.255.255 + IP:11.0.1.72/255.255.255.255 + IP:11.0.1.73/255.255.255.255 + IP:11.0.1.74/255.255.255.255 + IP:11.0.1.75/255.255.255.255 + IP:11.0.1.76/255.255.255.255 + IP:11.0.1.77/255.255.255.255 + IP:11.0.1.78/255.255.255.255 + IP:11.0.1.79/255.255.255.255 + IP:11.0.1.80/255.255.255.255 + IP:11.0.1.81/255.255.255.255 + IP:11.0.1.82/255.255.255.255 + IP:11.0.1.83/255.255.255.255 + IP:11.0.1.84/255.255.255.255 + IP:11.0.1.85/255.255.255.255 + IP:11.0.1.86/255.255.255.255 + IP:11.0.1.87/255.255.255.255 + IP:11.0.1.88/255.255.255.255 + IP:11.0.1.89/255.255.255.255 + IP:11.0.1.90/255.255.255.255 + IP:11.0.1.91/255.255.255.255 + IP:11.0.1.92/255.255.255.255 + IP:11.0.1.93/255.255.255.255 + IP:11.0.1.94/255.255.255.255 + IP:11.0.1.95/255.255.255.255 + IP:11.0.1.96/255.255.255.255 + IP:11.0.1.97/255.255.255.255 + IP:11.0.1.98/255.255.255.255 + IP:11.0.1.99/255.255.255.255 + IP:11.0.1.100/255.255.255.255 + IP:11.0.1.101/255.255.255.255 + IP:11.0.1.102/255.255.255.255 + IP:11.0.1.103/255.255.255.255 + IP:11.0.1.104/255.255.255.255 + IP:11.0.1.105/255.255.255.255 + IP:11.0.1.106/255.255.255.255 + IP:11.0.1.107/255.255.255.255 + IP:11.0.1.108/255.255.255.255 + IP:11.0.1.109/255.255.255.255 + IP:11.0.1.110/255.255.255.255 + IP:11.0.1.111/255.255.255.255 + IP:11.0.1.112/255.255.255.255 + IP:11.0.1.113/255.255.255.255 + IP:11.0.1.114/255.255.255.255 + IP:11.0.1.115/255.255.255.255 + IP:11.0.1.116/255.255.255.255 + IP:11.0.1.117/255.255.255.255 + IP:11.0.1.118/255.255.255.255 + IP:11.0.1.119/255.255.255.255 + IP:11.0.1.120/255.255.255.255 + IP:11.0.1.121/255.255.255.255 + IP:11.0.1.122/255.255.255.255 + IP:11.0.1.123/255.255.255.255 + IP:11.0.1.124/255.255.255.255 + IP:11.0.1.125/255.255.255.255 + IP:11.0.1.126/255.255.255.255 + IP:11.0.1.127/255.255.255.255 + IP:11.0.1.128/255.255.255.255 + IP:11.0.1.129/255.255.255.255 + IP:11.0.1.130/255.255.255.255 + IP:11.0.1.131/255.255.255.255 + IP:11.0.1.132/255.255.255.255 + IP:11.0.1.133/255.255.255.255 + IP:11.0.1.134/255.255.255.255 + IP:11.0.1.135/255.255.255.255 + IP:11.0.1.136/255.255.255.255 + IP:11.0.1.137/255.255.255.255 + IP:11.0.1.138/255.255.255.255 + IP:11.0.1.139/255.255.255.255 + IP:11.0.1.140/255.255.255.255 + IP:11.0.1.141/255.255.255.255 + IP:11.0.1.142/255.255.255.255 + IP:11.0.1.143/255.255.255.255 + IP:11.0.1.144/255.255.255.255 + IP:11.0.1.145/255.255.255.255 + IP:11.0.1.146/255.255.255.255 + IP:11.0.1.147/255.255.255.255 + IP:11.0.1.148/255.255.255.255 + IP:11.0.1.149/255.255.255.255 + IP:11.0.1.150/255.255.255.255 + IP:11.0.1.151/255.255.255.255 + IP:11.0.1.152/255.255.255.255 + IP:11.0.1.153/255.255.255.255 + IP:11.0.1.154/255.255.255.255 + IP:11.0.1.155/255.255.255.255 + IP:11.0.1.156/255.255.255.255 + IP:11.0.1.157/255.255.255.255 + IP:11.0.1.158/255.255.255.255 + IP:11.0.1.159/255.255.255.255 + IP:11.0.1.160/255.255.255.255 + IP:11.0.1.161/255.255.255.255 + IP:11.0.1.162/255.255.255.255 + IP:11.0.1.163/255.255.255.255 + IP:11.0.1.164/255.255.255.255 + IP:11.0.1.165/255.255.255.255 + IP:11.0.1.166/255.255.255.255 + IP:11.0.1.167/255.255.255.255 + IP:11.0.1.168/255.255.255.255 + IP:11.0.1.169/255.255.255.255 + IP:11.0.1.170/255.255.255.255 + IP:11.0.1.171/255.255.255.255 + IP:11.0.1.172/255.255.255.255 + IP:11.0.1.173/255.255.255.255 + IP:11.0.1.174/255.255.255.255 + IP:11.0.1.175/255.255.255.255 + IP:11.0.1.176/255.255.255.255 + IP:11.0.1.177/255.255.255.255 + IP:11.0.1.178/255.255.255.255 + IP:11.0.1.179/255.255.255.255 + IP:11.0.1.180/255.255.255.255 + IP:11.0.1.181/255.255.255.255 + IP:11.0.1.182/255.255.255.255 + IP:11.0.1.183/255.255.255.255 + IP:11.0.1.184/255.255.255.255 + IP:11.0.1.185/255.255.255.255 + IP:11.0.1.186/255.255.255.255 + IP:11.0.1.187/255.255.255.255 + IP:11.0.1.188/255.255.255.255 + IP:11.0.1.189/255.255.255.255 + IP:11.0.1.190/255.255.255.255 + IP:11.0.1.191/255.255.255.255 + IP:11.0.1.192/255.255.255.255 + IP:11.0.1.193/255.255.255.255 + IP:11.0.1.194/255.255.255.255 + IP:11.0.1.195/255.255.255.255 + IP:11.0.1.196/255.255.255.255 + IP:11.0.1.197/255.255.255.255 + IP:11.0.1.198/255.255.255.255 + IP:11.0.1.199/255.255.255.255 + IP:11.0.1.200/255.255.255.255 + IP:11.0.1.201/255.255.255.255 + IP:11.0.1.202/255.255.255.255 + IP:11.0.1.203/255.255.255.255 + IP:11.0.1.204/255.255.255.255 + IP:11.0.1.205/255.255.255.255 + IP:11.0.1.206/255.255.255.255 + IP:11.0.1.207/255.255.255.255 + IP:11.0.1.208/255.255.255.255 + IP:11.0.1.209/255.255.255.255 + IP:11.0.1.210/255.255.255.255 + IP:11.0.1.211/255.255.255.255 + IP:11.0.1.212/255.255.255.255 + IP:11.0.1.213/255.255.255.255 + IP:11.0.1.214/255.255.255.255 + IP:11.0.1.215/255.255.255.255 + IP:11.0.1.216/255.255.255.255 + IP:11.0.1.217/255.255.255.255 + IP:11.0.1.218/255.255.255.255 + IP:11.0.1.219/255.255.255.255 + IP:11.0.1.220/255.255.255.255 + IP:11.0.1.221/255.255.255.255 + IP:11.0.1.222/255.255.255.255 + IP:11.0.1.223/255.255.255.255 + IP:11.0.1.224/255.255.255.255 + IP:11.0.1.225/255.255.255.255 + IP:11.0.1.226/255.255.255.255 + IP:11.0.1.227/255.255.255.255 + IP:11.0.1.228/255.255.255.255 + IP:11.0.1.229/255.255.255.255 + IP:11.0.1.230/255.255.255.255 + IP:11.0.1.231/255.255.255.255 + IP:11.0.1.232/255.255.255.255 + IP:11.0.1.233/255.255.255.255 + IP:11.0.1.234/255.255.255.255 + IP:11.0.1.235/255.255.255.255 + IP:11.0.1.236/255.255.255.255 + IP:11.0.1.237/255.255.255.255 + IP:11.0.1.238/255.255.255.255 + IP:11.0.1.239/255.255.255.255 + IP:11.0.1.240/255.255.255.255 + IP:11.0.1.241/255.255.255.255 + IP:11.0.1.242/255.255.255.255 + IP:11.0.1.243/255.255.255.255 + IP:11.0.1.244/255.255.255.255 + IP:11.0.1.245/255.255.255.255 + IP:11.0.1.246/255.255.255.255 + IP:11.0.1.247/255.255.255.255 + IP:11.0.1.248/255.255.255.255 + IP:11.0.1.249/255.255.255.255 + IP:11.0.1.250/255.255.255.255 + IP:11.0.1.251/255.255.255.255 + IP:11.0.1.252/255.255.255.255 + IP:11.0.1.253/255.255.255.255 + IP:11.0.1.254/255.255.255.255 + IP:11.0.1.255/255.255.255.255 + IP:11.0.2.0/255.255.255.255 + IP:11.0.2.1/255.255.255.255 + IP:11.0.2.2/255.255.255.255 + IP:11.0.2.3/255.255.255.255 + IP:11.0.2.4/255.255.255.255 + IP:11.0.2.5/255.255.255.255 + IP:11.0.2.6/255.255.255.255 + IP:11.0.2.7/255.255.255.255 + IP:11.0.2.8/255.255.255.255 + IP:11.0.2.9/255.255.255.255 + IP:11.0.2.10/255.255.255.255 + IP:11.0.2.11/255.255.255.255 + IP:11.0.2.12/255.255.255.255 + IP:11.0.2.13/255.255.255.255 + IP:11.0.2.14/255.255.255.255 + IP:11.0.2.15/255.255.255.255 + IP:11.0.2.16/255.255.255.255 + IP:11.0.2.17/255.255.255.255 + IP:11.0.2.18/255.255.255.255 + IP:11.0.2.19/255.255.255.255 + IP:11.0.2.20/255.255.255.255 + IP:11.0.2.21/255.255.255.255 + IP:11.0.2.22/255.255.255.255 + IP:11.0.2.23/255.255.255.255 + IP:11.0.2.24/255.255.255.255 + IP:11.0.2.25/255.255.255.255 + IP:11.0.2.26/255.255.255.255 + IP:11.0.2.27/255.255.255.255 + IP:11.0.2.28/255.255.255.255 + IP:11.0.2.29/255.255.255.255 + IP:11.0.2.30/255.255.255.255 + IP:11.0.2.31/255.255.255.255 + IP:11.0.2.32/255.255.255.255 + IP:11.0.2.33/255.255.255.255 + IP:11.0.2.34/255.255.255.255 + IP:11.0.2.35/255.255.255.255 + IP:11.0.2.36/255.255.255.255 + IP:11.0.2.37/255.255.255.255 + IP:11.0.2.38/255.255.255.255 + IP:11.0.2.39/255.255.255.255 + IP:11.0.2.40/255.255.255.255 + IP:11.0.2.41/255.255.255.255 + IP:11.0.2.42/255.255.255.255 + IP:11.0.2.43/255.255.255.255 + IP:11.0.2.44/255.255.255.255 + IP:11.0.2.45/255.255.255.255 + IP:11.0.2.46/255.255.255.255 + IP:11.0.2.47/255.255.255.255 + IP:11.0.2.48/255.255.255.255 + IP:11.0.2.49/255.255.255.255 + IP:11.0.2.50/255.255.255.255 + IP:11.0.2.51/255.255.255.255 + IP:11.0.2.52/255.255.255.255 + IP:11.0.2.53/255.255.255.255 + IP:11.0.2.54/255.255.255.255 + IP:11.0.2.55/255.255.255.255 + IP:11.0.2.56/255.255.255.255 + IP:11.0.2.57/255.255.255.255 + IP:11.0.2.58/255.255.255.255 + IP:11.0.2.59/255.255.255.255 + IP:11.0.2.60/255.255.255.255 + IP:11.0.2.61/255.255.255.255 + IP:11.0.2.62/255.255.255.255 + IP:11.0.2.63/255.255.255.255 + IP:11.0.2.64/255.255.255.255 + IP:11.0.2.65/255.255.255.255 + IP:11.0.2.66/255.255.255.255 + IP:11.0.2.67/255.255.255.255 + IP:11.0.2.68/255.255.255.255 + IP:11.0.2.69/255.255.255.255 + IP:11.0.2.70/255.255.255.255 + IP:11.0.2.71/255.255.255.255 + IP:11.0.2.72/255.255.255.255 + IP:11.0.2.73/255.255.255.255 + IP:11.0.2.74/255.255.255.255 + IP:11.0.2.75/255.255.255.255 + IP:11.0.2.76/255.255.255.255 + IP:11.0.2.77/255.255.255.255 + IP:11.0.2.78/255.255.255.255 + IP:11.0.2.79/255.255.255.255 + IP:11.0.2.80/255.255.255.255 + IP:11.0.2.81/255.255.255.255 + IP:11.0.2.82/255.255.255.255 + IP:11.0.2.83/255.255.255.255 + IP:11.0.2.84/255.255.255.255 + IP:11.0.2.85/255.255.255.255 + IP:11.0.2.86/255.255.255.255 + IP:11.0.2.87/255.255.255.255 + IP:11.0.2.88/255.255.255.255 + IP:11.0.2.89/255.255.255.255 + IP:11.0.2.90/255.255.255.255 + IP:11.0.2.91/255.255.255.255 + IP:11.0.2.92/255.255.255.255 + IP:11.0.2.93/255.255.255.255 + IP:11.0.2.94/255.255.255.255 + IP:11.0.2.95/255.255.255.255 + IP:11.0.2.96/255.255.255.255 + IP:11.0.2.97/255.255.255.255 + IP:11.0.2.98/255.255.255.255 + IP:11.0.2.99/255.255.255.255 + IP:11.0.2.100/255.255.255.255 + IP:11.0.2.101/255.255.255.255 + IP:11.0.2.102/255.255.255.255 + IP:11.0.2.103/255.255.255.255 + IP:11.0.2.104/255.255.255.255 + IP:11.0.2.105/255.255.255.255 + IP:11.0.2.106/255.255.255.255 + IP:11.0.2.107/255.255.255.255 + IP:11.0.2.108/255.255.255.255 + IP:11.0.2.109/255.255.255.255 + IP:11.0.2.110/255.255.255.255 + IP:11.0.2.111/255.255.255.255 + IP:11.0.2.112/255.255.255.255 + IP:11.0.2.113/255.255.255.255 + IP:11.0.2.114/255.255.255.255 + IP:11.0.2.115/255.255.255.255 + IP:11.0.2.116/255.255.255.255 + IP:11.0.2.117/255.255.255.255 + IP:11.0.2.118/255.255.255.255 + IP:11.0.2.119/255.255.255.255 + IP:11.0.2.120/255.255.255.255 + IP:11.0.2.121/255.255.255.255 + IP:11.0.2.122/255.255.255.255 + IP:11.0.2.123/255.255.255.255 + IP:11.0.2.124/255.255.255.255 + IP:11.0.2.125/255.255.255.255 + IP:11.0.2.126/255.255.255.255 + IP:11.0.2.127/255.255.255.255 + IP:11.0.2.128/255.255.255.255 + IP:11.0.2.129/255.255.255.255 + IP:11.0.2.130/255.255.255.255 + IP:11.0.2.131/255.255.255.255 + IP:11.0.2.132/255.255.255.255 + IP:11.0.2.133/255.255.255.255 + IP:11.0.2.134/255.255.255.255 + IP:11.0.2.135/255.255.255.255 + IP:11.0.2.136/255.255.255.255 + IP:11.0.2.137/255.255.255.255 + IP:11.0.2.138/255.255.255.255 + IP:11.0.2.139/255.255.255.255 + IP:11.0.2.140/255.255.255.255 + IP:11.0.2.141/255.255.255.255 + IP:11.0.2.142/255.255.255.255 + IP:11.0.2.143/255.255.255.255 + IP:11.0.2.144/255.255.255.255 + IP:11.0.2.145/255.255.255.255 + IP:11.0.2.146/255.255.255.255 + IP:11.0.2.147/255.255.255.255 + IP:11.0.2.148/255.255.255.255 + IP:11.0.2.149/255.255.255.255 + IP:11.0.2.150/255.255.255.255 + IP:11.0.2.151/255.255.255.255 + IP:11.0.2.152/255.255.255.255 + IP:11.0.2.153/255.255.255.255 + IP:11.0.2.154/255.255.255.255 + IP:11.0.2.155/255.255.255.255 + IP:11.0.2.156/255.255.255.255 + IP:11.0.2.157/255.255.255.255 + IP:11.0.2.158/255.255.255.255 + IP:11.0.2.159/255.255.255.255 + IP:11.0.2.160/255.255.255.255 + IP:11.0.2.161/255.255.255.255 + IP:11.0.2.162/255.255.255.255 + IP:11.0.2.163/255.255.255.255 + IP:11.0.2.164/255.255.255.255 + IP:11.0.2.165/255.255.255.255 + IP:11.0.2.166/255.255.255.255 + IP:11.0.2.167/255.255.255.255 + IP:11.0.2.168/255.255.255.255 + IP:11.0.2.169/255.255.255.255 + IP:11.0.2.170/255.255.255.255 + IP:11.0.2.171/255.255.255.255 + IP:11.0.2.172/255.255.255.255 + IP:11.0.2.173/255.255.255.255 + IP:11.0.2.174/255.255.255.255 + IP:11.0.2.175/255.255.255.255 + IP:11.0.2.176/255.255.255.255 + IP:11.0.2.177/255.255.255.255 + IP:11.0.2.178/255.255.255.255 + IP:11.0.2.179/255.255.255.255 + IP:11.0.2.180/255.255.255.255 + IP:11.0.2.181/255.255.255.255 + IP:11.0.2.182/255.255.255.255 + IP:11.0.2.183/255.255.255.255 + IP:11.0.2.184/255.255.255.255 + IP:11.0.2.185/255.255.255.255 + IP:11.0.2.186/255.255.255.255 + IP:11.0.2.187/255.255.255.255 + IP:11.0.2.188/255.255.255.255 + IP:11.0.2.189/255.255.255.255 + IP:11.0.2.190/255.255.255.255 + IP:11.0.2.191/255.255.255.255 + IP:11.0.2.192/255.255.255.255 + IP:11.0.2.193/255.255.255.255 + IP:11.0.2.194/255.255.255.255 + IP:11.0.2.195/255.255.255.255 + IP:11.0.2.196/255.255.255.255 + IP:11.0.2.197/255.255.255.255 + IP:11.0.2.198/255.255.255.255 + IP:11.0.2.199/255.255.255.255 + IP:11.0.2.200/255.255.255.255 + IP:11.0.2.201/255.255.255.255 + IP:11.0.2.202/255.255.255.255 + IP:11.0.2.203/255.255.255.255 + IP:11.0.2.204/255.255.255.255 + IP:11.0.2.205/255.255.255.255 + IP:11.0.2.206/255.255.255.255 + IP:11.0.2.207/255.255.255.255 + IP:11.0.2.208/255.255.255.255 + IP:11.0.2.209/255.255.255.255 + IP:11.0.2.210/255.255.255.255 + IP:11.0.2.211/255.255.255.255 + IP:11.0.2.212/255.255.255.255 + IP:11.0.2.213/255.255.255.255 + IP:11.0.2.214/255.255.255.255 + IP:11.0.2.215/255.255.255.255 + IP:11.0.2.216/255.255.255.255 + IP:11.0.2.217/255.255.255.255 + IP:11.0.2.218/255.255.255.255 + IP:11.0.2.219/255.255.255.255 + IP:11.0.2.220/255.255.255.255 + IP:11.0.2.221/255.255.255.255 + IP:11.0.2.222/255.255.255.255 + IP:11.0.2.223/255.255.255.255 + IP:11.0.2.224/255.255.255.255 + IP:11.0.2.225/255.255.255.255 + IP:11.0.2.226/255.255.255.255 + IP:11.0.2.227/255.255.255.255 + IP:11.0.2.228/255.255.255.255 + IP:11.0.2.229/255.255.255.255 + IP:11.0.2.230/255.255.255.255 + IP:11.0.2.231/255.255.255.255 + IP:11.0.2.232/255.255.255.255 + IP:11.0.2.233/255.255.255.255 + IP:11.0.2.234/255.255.255.255 + IP:11.0.2.235/255.255.255.255 + IP:11.0.2.236/255.255.255.255 + IP:11.0.2.237/255.255.255.255 + IP:11.0.2.238/255.255.255.255 + IP:11.0.2.239/255.255.255.255 + IP:11.0.2.240/255.255.255.255 + IP:11.0.2.241/255.255.255.255 + IP:11.0.2.242/255.255.255.255 + IP:11.0.2.243/255.255.255.255 + IP:11.0.2.244/255.255.255.255 + IP:11.0.2.245/255.255.255.255 + IP:11.0.2.246/255.255.255.255 + IP:11.0.2.247/255.255.255.255 + IP:11.0.2.248/255.255.255.255 + IP:11.0.2.249/255.255.255.255 + IP:11.0.2.250/255.255.255.255 + IP:11.0.2.251/255.255.255.255 + IP:11.0.2.252/255.255.255.255 + IP:11.0.2.253/255.255.255.255 + IP:11.0.2.254/255.255.255.255 + IP:11.0.2.255/255.255.255.255 + IP:11.0.3.0/255.255.255.255 + IP:11.0.3.1/255.255.255.255 + IP:11.0.3.2/255.255.255.255 + IP:11.0.3.3/255.255.255.255 + IP:11.0.3.4/255.255.255.255 + IP:11.0.3.5/255.255.255.255 + IP:11.0.3.6/255.255.255.255 + IP:11.0.3.7/255.255.255.255 + IP:11.0.3.8/255.255.255.255 + IP:11.0.3.9/255.255.255.255 + IP:11.0.3.10/255.255.255.255 + IP:11.0.3.11/255.255.255.255 + IP:11.0.3.12/255.255.255.255 + IP:11.0.3.13/255.255.255.255 + IP:11.0.3.14/255.255.255.255 + IP:11.0.3.15/255.255.255.255 + IP:11.0.3.16/255.255.255.255 + IP:11.0.3.17/255.255.255.255 + IP:11.0.3.18/255.255.255.255 + IP:11.0.3.19/255.255.255.255 + IP:11.0.3.20/255.255.255.255 + IP:11.0.3.21/255.255.255.255 + IP:11.0.3.22/255.255.255.255 + IP:11.0.3.23/255.255.255.255 + IP:11.0.3.24/255.255.255.255 + IP:11.0.3.25/255.255.255.255 + IP:11.0.3.26/255.255.255.255 + IP:11.0.3.27/255.255.255.255 + IP:11.0.3.28/255.255.255.255 + IP:11.0.3.29/255.255.255.255 + IP:11.0.3.30/255.255.255.255 + IP:11.0.3.31/255.255.255.255 + IP:11.0.3.32/255.255.255.255 + IP:11.0.3.33/255.255.255.255 + IP:11.0.3.34/255.255.255.255 + IP:11.0.3.35/255.255.255.255 + IP:11.0.3.36/255.255.255.255 + IP:11.0.3.37/255.255.255.255 + IP:11.0.3.38/255.255.255.255 + IP:11.0.3.39/255.255.255.255 + IP:11.0.3.40/255.255.255.255 + IP:11.0.3.41/255.255.255.255 + IP:11.0.3.42/255.255.255.255 + IP:11.0.3.43/255.255.255.255 + IP:11.0.3.44/255.255.255.255 + IP:11.0.3.45/255.255.255.255 + IP:11.0.3.46/255.255.255.255 + IP:11.0.3.47/255.255.255.255 + IP:11.0.3.48/255.255.255.255 + IP:11.0.3.49/255.255.255.255 + IP:11.0.3.50/255.255.255.255 + IP:11.0.3.51/255.255.255.255 + IP:11.0.3.52/255.255.255.255 + IP:11.0.3.53/255.255.255.255 + IP:11.0.3.54/255.255.255.255 + IP:11.0.3.55/255.255.255.255 + IP:11.0.3.56/255.255.255.255 + IP:11.0.3.57/255.255.255.255 + IP:11.0.3.58/255.255.255.255 + IP:11.0.3.59/255.255.255.255 + IP:11.0.3.60/255.255.255.255 + IP:11.0.3.61/255.255.255.255 + IP:11.0.3.62/255.255.255.255 + IP:11.0.3.63/255.255.255.255 + IP:11.0.3.64/255.255.255.255 + IP:11.0.3.65/255.255.255.255 + IP:11.0.3.66/255.255.255.255 + IP:11.0.3.67/255.255.255.255 + IP:11.0.3.68/255.255.255.255 + IP:11.0.3.69/255.255.255.255 + IP:11.0.3.70/255.255.255.255 + IP:11.0.3.71/255.255.255.255 + IP:11.0.3.72/255.255.255.255 + IP:11.0.3.73/255.255.255.255 + IP:11.0.3.74/255.255.255.255 + IP:11.0.3.75/255.255.255.255 + IP:11.0.3.76/255.255.255.255 + IP:11.0.3.77/255.255.255.255 + IP:11.0.3.78/255.255.255.255 + IP:11.0.3.79/255.255.255.255 + IP:11.0.3.80/255.255.255.255 + IP:11.0.3.81/255.255.255.255 + IP:11.0.3.82/255.255.255.255 + IP:11.0.3.83/255.255.255.255 + IP:11.0.3.84/255.255.255.255 + IP:11.0.3.85/255.255.255.255 + IP:11.0.3.86/255.255.255.255 + IP:11.0.3.87/255.255.255.255 + IP:11.0.3.88/255.255.255.255 + IP:11.0.3.89/255.255.255.255 + IP:11.0.3.90/255.255.255.255 + IP:11.0.3.91/255.255.255.255 + IP:11.0.3.92/255.255.255.255 + IP:11.0.3.93/255.255.255.255 + IP:11.0.3.94/255.255.255.255 + IP:11.0.3.95/255.255.255.255 + IP:11.0.3.96/255.255.255.255 + IP:11.0.3.97/255.255.255.255 + IP:11.0.3.98/255.255.255.255 + IP:11.0.3.99/255.255.255.255 + IP:11.0.3.100/255.255.255.255 + IP:11.0.3.101/255.255.255.255 + IP:11.0.3.102/255.255.255.255 + IP:11.0.3.103/255.255.255.255 + IP:11.0.3.104/255.255.255.255 + IP:11.0.3.105/255.255.255.255 + IP:11.0.3.106/255.255.255.255 + IP:11.0.3.107/255.255.255.255 + IP:11.0.3.108/255.255.255.255 + IP:11.0.3.109/255.255.255.255 + IP:11.0.3.110/255.255.255.255 + IP:11.0.3.111/255.255.255.255 + IP:11.0.3.112/255.255.255.255 + IP:11.0.3.113/255.255.255.255 + IP:11.0.3.114/255.255.255.255 + IP:11.0.3.115/255.255.255.255 + IP:11.0.3.116/255.255.255.255 + IP:11.0.3.117/255.255.255.255 + IP:11.0.3.118/255.255.255.255 + IP:11.0.3.119/255.255.255.255 + IP:11.0.3.120/255.255.255.255 + IP:11.0.3.121/255.255.255.255 + IP:11.0.3.122/255.255.255.255 + IP:11.0.3.123/255.255.255.255 + IP:11.0.3.124/255.255.255.255 + IP:11.0.3.125/255.255.255.255 + IP:11.0.3.126/255.255.255.255 + IP:11.0.3.127/255.255.255.255 + IP:11.0.3.128/255.255.255.255 + IP:11.0.3.129/255.255.255.255 + IP:11.0.3.130/255.255.255.255 + IP:11.0.3.131/255.255.255.255 + IP:11.0.3.132/255.255.255.255 + IP:11.0.3.133/255.255.255.255 + IP:11.0.3.134/255.255.255.255 + IP:11.0.3.135/255.255.255.255 + IP:11.0.3.136/255.255.255.255 + IP:11.0.3.137/255.255.255.255 + IP:11.0.3.138/255.255.255.255 + IP:11.0.3.139/255.255.255.255 + IP:11.0.3.140/255.255.255.255 + IP:11.0.3.141/255.255.255.255 + IP:11.0.3.142/255.255.255.255 + IP:11.0.3.143/255.255.255.255 + IP:11.0.3.144/255.255.255.255 + IP:11.0.3.145/255.255.255.255 + IP:11.0.3.146/255.255.255.255 + IP:11.0.3.147/255.255.255.255 + IP:11.0.3.148/255.255.255.255 + IP:11.0.3.149/255.255.255.255 + IP:11.0.3.150/255.255.255.255 + IP:11.0.3.151/255.255.255.255 + IP:11.0.3.152/255.255.255.255 + IP:11.0.3.153/255.255.255.255 + IP:11.0.3.154/255.255.255.255 + IP:11.0.3.155/255.255.255.255 + IP:11.0.3.156/255.255.255.255 + IP:11.0.3.157/255.255.255.255 + IP:11.0.3.158/255.255.255.255 + IP:11.0.3.159/255.255.255.255 + IP:11.0.3.160/255.255.255.255 + IP:11.0.3.161/255.255.255.255 + IP:11.0.3.162/255.255.255.255 + IP:11.0.3.163/255.255.255.255 + IP:11.0.3.164/255.255.255.255 + IP:11.0.3.165/255.255.255.255 + IP:11.0.3.166/255.255.255.255 + IP:11.0.3.167/255.255.255.255 + IP:11.0.3.168/255.255.255.255 + IP:11.0.3.169/255.255.255.255 + IP:11.0.3.170/255.255.255.255 + IP:11.0.3.171/255.255.255.255 + IP:11.0.3.172/255.255.255.255 + IP:11.0.3.173/255.255.255.255 + IP:11.0.3.174/255.255.255.255 + IP:11.0.3.175/255.255.255.255 + IP:11.0.3.176/255.255.255.255 + IP:11.0.3.177/255.255.255.255 + IP:11.0.3.178/255.255.255.255 + IP:11.0.3.179/255.255.255.255 + IP:11.0.3.180/255.255.255.255 + IP:11.0.3.181/255.255.255.255 + IP:11.0.3.182/255.255.255.255 + IP:11.0.3.183/255.255.255.255 + IP:11.0.3.184/255.255.255.255 + IP:11.0.3.185/255.255.255.255 + IP:11.0.3.186/255.255.255.255 + IP:11.0.3.187/255.255.255.255 + IP:11.0.3.188/255.255.255.255 + IP:11.0.3.189/255.255.255.255 + IP:11.0.3.190/255.255.255.255 + IP:11.0.3.191/255.255.255.255 + IP:11.0.3.192/255.255.255.255 + IP:11.0.3.193/255.255.255.255 + IP:11.0.3.194/255.255.255.255 + IP:11.0.3.195/255.255.255.255 + IP:11.0.3.196/255.255.255.255 + IP:11.0.3.197/255.255.255.255 + IP:11.0.3.198/255.255.255.255 + IP:11.0.3.199/255.255.255.255 + IP:11.0.3.200/255.255.255.255 + IP:11.0.3.201/255.255.255.255 + IP:11.0.3.202/255.255.255.255 + IP:11.0.3.203/255.255.255.255 + IP:11.0.3.204/255.255.255.255 + IP:11.0.3.205/255.255.255.255 + IP:11.0.3.206/255.255.255.255 + IP:11.0.3.207/255.255.255.255 + IP:11.0.3.208/255.255.255.255 + IP:11.0.3.209/255.255.255.255 + IP:11.0.3.210/255.255.255.255 + IP:11.0.3.211/255.255.255.255 + IP:11.0.3.212/255.255.255.255 + IP:11.0.3.213/255.255.255.255 + IP:11.0.3.214/255.255.255.255 + IP:11.0.3.215/255.255.255.255 + IP:11.0.3.216/255.255.255.255 + IP:11.0.3.217/255.255.255.255 + IP:11.0.3.218/255.255.255.255 + IP:11.0.3.219/255.255.255.255 + IP:11.0.3.220/255.255.255.255 + IP:11.0.3.221/255.255.255.255 + IP:11.0.3.222/255.255.255.255 + IP:11.0.3.223/255.255.255.255 + IP:11.0.3.224/255.255.255.255 + IP:11.0.3.225/255.255.255.255 + IP:11.0.3.226/255.255.255.255 + IP:11.0.3.227/255.255.255.255 + IP:11.0.3.228/255.255.255.255 + IP:11.0.3.229/255.255.255.255 + IP:11.0.3.230/255.255.255.255 + IP:11.0.3.231/255.255.255.255 + IP:11.0.3.232/255.255.255.255 + IP:11.0.3.233/255.255.255.255 + IP:11.0.3.234/255.255.255.255 + IP:11.0.3.235/255.255.255.255 + IP:11.0.3.236/255.255.255.255 + IP:11.0.3.237/255.255.255.255 + IP:11.0.3.238/255.255.255.255 + IP:11.0.3.239/255.255.255.255 + IP:11.0.3.240/255.255.255.255 + IP:11.0.3.241/255.255.255.255 + IP:11.0.3.242/255.255.255.255 + IP:11.0.3.243/255.255.255.255 + IP:11.0.3.244/255.255.255.255 + IP:11.0.3.245/255.255.255.255 + IP:11.0.3.246/255.255.255.255 + IP:11.0.3.247/255.255.255.255 + IP:11.0.3.248/255.255.255.255 + IP:11.0.3.249/255.255.255.255 + IP:11.0.3.250/255.255.255.255 + IP:11.0.3.251/255.255.255.255 + IP:11.0.3.252/255.255.255.255 + IP:11.0.3.253/255.255.255.255 + IP:11.0.3.254/255.255.255.255 + IP:11.0.3.255/255.255.255.255 + IP:11.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 7a:02:f3:cd:04:f5:98:dc:c0:7a:aa:25:b5:a1:72:e5:09:99: + 3f:b8:54:a2:b7:28:72:61:af:46:c0:09:cc:63:fd:d4:1b:a6: + 36:c5:e2:62:bb:aa:71:f7:92:d2:7a:07:1b:35:ec:c7:2f:ad: + 44:86:6b:43:df:7a:49:05:ac:33:80:81:77:15:76:fb:be:03: + df:89:76:72:1e:c6:7a:ee:01:84:35:4f:a9:7f:67:5a:a5:e0: + 01:df:83:ac:02:ff:9f:77:d8:57:fc:07:ce:87:d1:24:e8:c0: + ac:dd:9b:46:3a:70:86:f9:94:02:c5:63:75:f6:70:10:55:99: + 14:11:57:22:65:30:56:54:2b:95:db:36:02:72:b0:95:87:98: + 87:42:40:44:ff:4a:16:9e:f8:14:c4:b4:d5:ea:a8:06:b4:7b: + fb:eb:0d:45:35:db:8b:1a:3d:2c:df:39:d4:cd:9e:54:e8:e8: + 4f:37:1c:42:25:45:52:e6:c4:42:e7:85:f5:c7:3d:25:db:7f: + a0:29:4d:35:26:f4:d9:c1:4b:64:08:a7:66:fa:8f:4c:d3:94: + bf:8e:60:f3:53:bc:e9:83:c4:96:a1:97:66:27:df:55:90:1f: + 01:8e:6f:90:89:57:18:da:81:26:f1:f4:ad:74:1f:3b:2a:63: + 53:bf:2a:3e +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKGCMAwwCocICwAAAP////8wCocICwAAAf////8w +CocICwAAAv////8wCocICwAAA/////8wCocICwAABP////8wCocICwAABf////8w +CocICwAABv////8wCocICwAAB/////8wCocICwAACP////8wCocICwAACf////8w +CocICwAACv////8wCocICwAAC/////8wCocICwAADP////8wCocICwAADf////8w +CocICwAADv////8wCocICwAAD/////8wCocICwAAEP////8wCocICwAAEf////8w +CocICwAAEv////8wCocICwAAE/////8wCocICwAAFP////8wCocICwAAFf////8w +CocICwAAFv////8wCocICwAAF/////8wCocICwAAGP////8wCocICwAAGf////8w +CocICwAAGv////8wCocICwAAG/////8wCocICwAAHP////8wCocICwAAHf////8w +CocICwAAHv////8wCocICwAAH/////8wCocICwAAIP////8wCocICwAAIf////8w +CocICwAAIv////8wCocICwAAI/////8wCocICwAAJP////8wCocICwAAJf////8w +CocICwAAJv////8wCocICwAAJ/////8wCocICwAAKP////8wCocICwAAKf////8w +CocICwAAKv////8wCocICwAAK/////8wCocICwAALP////8wCocICwAALf////8w +CocICwAALv////8wCocICwAAL/////8wCocICwAAMP////8wCocICwAAMf////8w +CocICwAAMv////8wCocICwAAM/////8wCocICwAANP////8wCocICwAANf////8w +CocICwAANv////8wCocICwAAN/////8wCocICwAAOP////8wCocICwAAOf////8w +CocICwAAOv////8wCocICwAAO/////8wCocICwAAPP////8wCocICwAAPf////8w +CocICwAAPv////8wCocICwAAP/////8wCocICwAAQP////8wCocICwAAQf////8w +CocICwAAQv////8wCocICwAAQ/////8wCocICwAARP////8wCocICwAARf////8w +CocICwAARv////8wCocICwAAR/////8wCocICwAASP////8wCocICwAASf////8w +CocICwAASv////8wCocICwAAS/////8wCocICwAATP////8wCocICwAATf////8w +CocICwAATv////8wCocICwAAT/////8wCocICwAAUP////8wCocICwAAUf////8w +CocICwAAUv////8wCocICwAAU/////8wCocICwAAVP////8wCocICwAAVf////8w +CocICwAAVv////8wCocICwAAV/////8wCocICwAAWP////8wCocICwAAWf////8w +CocICwAAWv////8wCocICwAAW/////8wCocICwAAXP////8wCocICwAAXf////8w +CocICwAAXv////8wCocICwAAX/////8wCocICwAAYP////8wCocICwAAYf////8w +CocICwAAYv////8wCocICwAAY/////8wCocICwAAZP////8wCocICwAAZf////8w +CocICwAAZv////8wCocICwAAZ/////8wCocICwAAaP////8wCocICwAAaf////8w +CocICwAAav////8wCocICwAAa/////8wCocICwAAbP////8wCocICwAAbf////8w +CocICwAAbv////8wCocICwAAb/////8wCocICwAAcP////8wCocICwAAcf////8w +CocICwAAcv////8wCocICwAAc/////8wCocICwAAdP////8wCocICwAAdf////8w +CocICwAAdv////8wCocICwAAd/////8wCocICwAAeP////8wCocICwAAef////8w +CocICwAAev////8wCocICwAAe/////8wCocICwAAfP////8wCocICwAAff////8w +CocICwAAfv////8wCocICwAAf/////8wCocICwAAgP////8wCocICwAAgf////8w +CocICwAAgv////8wCocICwAAg/////8wCocICwAAhP////8wCocICwAAhf////8w +CocICwAAhv////8wCocICwAAh/////8wCocICwAAiP////8wCocICwAAif////8w +CocICwAAiv////8wCocICwAAi/////8wCocICwAAjP////8wCocICwAAjf////8w +CocICwAAjv////8wCocICwAAj/////8wCocICwAAkP////8wCocICwAAkf////8w +CocICwAAkv////8wCocICwAAk/////8wCocICwAAlP////8wCocICwAAlf////8w +CocICwAAlv////8wCocICwAAl/////8wCocICwAAmP////8wCocICwAAmf////8w +CocICwAAmv////8wCocICwAAm/////8wCocICwAAnP////8wCocICwAAnf////8w +CocICwAAnv////8wCocICwAAn/////8wCocICwAAoP////8wCocICwAAof////8w +CocICwAAov////8wCocICwAAo/////8wCocICwAApP////8wCocICwAApf////8w +CocICwAApv////8wCocICwAAp/////8wCocICwAAqP////8wCocICwAAqf////8w +CocICwAAqv////8wCocICwAAq/////8wCocICwAArP////8wCocICwAArf////8w +CocICwAArv////8wCocICwAAr/////8wCocICwAAsP////8wCocICwAAsf////8w +CocICwAAsv////8wCocICwAAs/////8wCocICwAAtP////8wCocICwAAtf////8w +CocICwAAtv////8wCocICwAAt/////8wCocICwAAuP////8wCocICwAAuf////8w +CocICwAAuv////8wCocICwAAu/////8wCocICwAAvP////8wCocICwAAvf////8w +CocICwAAvv////8wCocICwAAv/////8wCocICwAAwP////8wCocICwAAwf////8w +CocICwAAwv////8wCocICwAAw/////8wCocICwAAxP////8wCocICwAAxf////8w +CocICwAAxv////8wCocICwAAx/////8wCocICwAAyP////8wCocICwAAyf////8w +CocICwAAyv////8wCocICwAAy/////8wCocICwAAzP////8wCocICwAAzf////8w +CocICwAAzv////8wCocICwAAz/////8wCocICwAA0P////8wCocICwAA0f////8w +CocICwAA0v////8wCocICwAA0/////8wCocICwAA1P////8wCocICwAA1f////8w +CocICwAA1v////8wCocICwAA1/////8wCocICwAA2P////8wCocICwAA2f////8w +CocICwAA2v////8wCocICwAA2/////8wCocICwAA3P////8wCocICwAA3f////8w +CocICwAA3v////8wCocICwAA3/////8wCocICwAA4P////8wCocICwAA4f////8w +CocICwAA4v////8wCocICwAA4/////8wCocICwAA5P////8wCocICwAA5f////8w +CocICwAA5v////8wCocICwAA5/////8wCocICwAA6P////8wCocICwAA6f////8w +CocICwAA6v////8wCocICwAA6/////8wCocICwAA7P////8wCocICwAA7f////8w +CocICwAA7v////8wCocICwAA7/////8wCocICwAA8P////8wCocICwAA8f////8w +CocICwAA8v////8wCocICwAA8/////8wCocICwAA9P////8wCocICwAA9f////8w +CocICwAA9v////8wCocICwAA9/////8wCocICwAA+P////8wCocICwAA+f////8w +CocICwAA+v////8wCocICwAA+/////8wCocICwAA/P////8wCocICwAA/f////8w +CocICwAA/v////8wCocICwAA//////8wCocICwABAP////8wCocICwABAf////8w +CocICwABAv////8wCocICwABA/////8wCocICwABBP////8wCocICwABBf////8w +CocICwABBv////8wCocICwABB/////8wCocICwABCP////8wCocICwABCf////8w +CocICwABCv////8wCocICwABC/////8wCocICwABDP////8wCocICwABDf////8w +CocICwABDv////8wCocICwABD/////8wCocICwABEP////8wCocICwABEf////8w +CocICwABEv////8wCocICwABE/////8wCocICwABFP////8wCocICwABFf////8w +CocICwABFv////8wCocICwABF/////8wCocICwABGP////8wCocICwABGf////8w +CocICwABGv////8wCocICwABG/////8wCocICwABHP////8wCocICwABHf////8w +CocICwABHv////8wCocICwABH/////8wCocICwABIP////8wCocICwABIf////8w +CocICwABIv////8wCocICwABI/////8wCocICwABJP////8wCocICwABJf////8w +CocICwABJv////8wCocICwABJ/////8wCocICwABKP////8wCocICwABKf////8w +CocICwABKv////8wCocICwABK/////8wCocICwABLP////8wCocICwABLf////8w +CocICwABLv////8wCocICwABL/////8wCocICwABMP////8wCocICwABMf////8w +CocICwABMv////8wCocICwABM/////8wCocICwABNP////8wCocICwABNf////8w +CocICwABNv////8wCocICwABN/////8wCocICwABOP////8wCocICwABOf////8w +CocICwABOv////8wCocICwABO/////8wCocICwABPP////8wCocICwABPf////8w +CocICwABPv////8wCocICwABP/////8wCocICwABQP////8wCocICwABQf////8w +CocICwABQv////8wCocICwABQ/////8wCocICwABRP////8wCocICwABRf////8w +CocICwABRv////8wCocICwABR/////8wCocICwABSP////8wCocICwABSf////8w +CocICwABSv////8wCocICwABS/////8wCocICwABTP////8wCocICwABTf////8w +CocICwABTv////8wCocICwABT/////8wCocICwABUP////8wCocICwABUf////8w +CocICwABUv////8wCocICwABU/////8wCocICwABVP////8wCocICwABVf////8w +CocICwABVv////8wCocICwABV/////8wCocICwABWP////8wCocICwABWf////8w +CocICwABWv////8wCocICwABW/////8wCocICwABXP////8wCocICwABXf////8w +CocICwABXv////8wCocICwABX/////8wCocICwABYP////8wCocICwABYf////8w +CocICwABYv////8wCocICwABY/////8wCocICwABZP////8wCocICwABZf////8w +CocICwABZv////8wCocICwABZ/////8wCocICwABaP////8wCocICwABaf////8w +CocICwABav////8wCocICwABa/////8wCocICwABbP////8wCocICwABbf////8w +CocICwABbv////8wCocICwABb/////8wCocICwABcP////8wCocICwABcf////8w +CocICwABcv////8wCocICwABc/////8wCocICwABdP////8wCocICwABdf////8w +CocICwABdv////8wCocICwABd/////8wCocICwABeP////8wCocICwABef////8w +CocICwABev////8wCocICwABe/////8wCocICwABfP////8wCocICwABff////8w +CocICwABfv////8wCocICwABf/////8wCocICwABgP////8wCocICwABgf////8w +CocICwABgv////8wCocICwABg/////8wCocICwABhP////8wCocICwABhf////8w +CocICwABhv////8wCocICwABh/////8wCocICwABiP////8wCocICwABif////8w +CocICwABiv////8wCocICwABi/////8wCocICwABjP////8wCocICwABjf////8w +CocICwABjv////8wCocICwABj/////8wCocICwABkP////8wCocICwABkf////8w +CocICwABkv////8wCocICwABk/////8wCocICwABlP////8wCocICwABlf////8w +CocICwABlv////8wCocICwABl/////8wCocICwABmP////8wCocICwABmf////8w +CocICwABmv////8wCocICwABm/////8wCocICwABnP////8wCocICwABnf////8w +CocICwABnv////8wCocICwABn/////8wCocICwABoP////8wCocICwABof////8w +CocICwABov////8wCocICwABo/////8wCocICwABpP////8wCocICwABpf////8w +CocICwABpv////8wCocICwABp/////8wCocICwABqP////8wCocICwABqf////8w +CocICwABqv////8wCocICwABq/////8wCocICwABrP////8wCocICwABrf////8w +CocICwABrv////8wCocICwABr/////8wCocICwABsP////8wCocICwABsf////8w +CocICwABsv////8wCocICwABs/////8wCocICwABtP////8wCocICwABtf////8w +CocICwABtv////8wCocICwABt/////8wCocICwABuP////8wCocICwABuf////8w +CocICwABuv////8wCocICwABu/////8wCocICwABvP////8wCocICwABvf////8w +CocICwABvv////8wCocICwABv/////8wCocICwABwP////8wCocICwABwf////8w +CocICwABwv////8wCocICwABw/////8wCocICwABxP////8wCocICwABxf////8w +CocICwABxv////8wCocICwABx/////8wCocICwAByP////8wCocICwAByf////8w +CocICwAByv////8wCocICwABy/////8wCocICwABzP////8wCocICwABzf////8w +CocICwABzv////8wCocICwABz/////8wCocICwAB0P////8wCocICwAB0f////8w +CocICwAB0v////8wCocICwAB0/////8wCocICwAB1P////8wCocICwAB1f////8w +CocICwAB1v////8wCocICwAB1/////8wCocICwAB2P////8wCocICwAB2f////8w +CocICwAB2v////8wCocICwAB2/////8wCocICwAB3P////8wCocICwAB3f////8w +CocICwAB3v////8wCocICwAB3/////8wCocICwAB4P////8wCocICwAB4f////8w +CocICwAB4v////8wCocICwAB4/////8wCocICwAB5P////8wCocICwAB5f////8w +CocICwAB5v////8wCocICwAB5/////8wCocICwAB6P////8wCocICwAB6f////8w +CocICwAB6v////8wCocICwAB6/////8wCocICwAB7P////8wCocICwAB7f////8w +CocICwAB7v////8wCocICwAB7/////8wCocICwAB8P////8wCocICwAB8f////8w +CocICwAB8v////8wCocICwAB8/////8wCocICwAB9P////8wCocICwAB9f////8w +CocICwAB9v////8wCocICwAB9/////8wCocICwAB+P////8wCocICwAB+f////8w +CocICwAB+v////8wCocICwAB+/////8wCocICwAB/P////8wCocICwAB/f////8w +CocICwAB/v////8wCocICwAB//////8wCocICwACAP////8wCocICwACAf////8w +CocICwACAv////8wCocICwACA/////8wCocICwACBP////8wCocICwACBf////8w +CocICwACBv////8wCocICwACB/////8wCocICwACCP////8wCocICwACCf////8w +CocICwACCv////8wCocICwACC/////8wCocICwACDP////8wCocICwACDf////8w +CocICwACDv////8wCocICwACD/////8wCocICwACEP////8wCocICwACEf////8w +CocICwACEv////8wCocICwACE/////8wCocICwACFP////8wCocICwACFf////8w +CocICwACFv////8wCocICwACF/////8wCocICwACGP////8wCocICwACGf////8w +CocICwACGv////8wCocICwACG/////8wCocICwACHP////8wCocICwACHf////8w +CocICwACHv////8wCocICwACH/////8wCocICwACIP////8wCocICwACIf////8w +CocICwACIv////8wCocICwACI/////8wCocICwACJP////8wCocICwACJf////8w +CocICwACJv////8wCocICwACJ/////8wCocICwACKP////8wCocICwACKf////8w +CocICwACKv////8wCocICwACK/////8wCocICwACLP////8wCocICwACLf////8w +CocICwACLv////8wCocICwACL/////8wCocICwACMP////8wCocICwACMf////8w +CocICwACMv////8wCocICwACM/////8wCocICwACNP////8wCocICwACNf////8w +CocICwACNv////8wCocICwACN/////8wCocICwACOP////8wCocICwACOf////8w +CocICwACOv////8wCocICwACO/////8wCocICwACPP////8wCocICwACPf////8w +CocICwACPv////8wCocICwACP/////8wCocICwACQP////8wCocICwACQf////8w +CocICwACQv////8wCocICwACQ/////8wCocICwACRP////8wCocICwACRf////8w +CocICwACRv////8wCocICwACR/////8wCocICwACSP////8wCocICwACSf////8w +CocICwACSv////8wCocICwACS/////8wCocICwACTP////8wCocICwACTf////8w +CocICwACTv////8wCocICwACT/////8wCocICwACUP////8wCocICwACUf////8w +CocICwACUv////8wCocICwACU/////8wCocICwACVP////8wCocICwACVf////8w +CocICwACVv////8wCocICwACV/////8wCocICwACWP////8wCocICwACWf////8w +CocICwACWv////8wCocICwACW/////8wCocICwACXP////8wCocICwACXf////8w +CocICwACXv////8wCocICwACX/////8wCocICwACYP////8wCocICwACYf////8w +CocICwACYv////8wCocICwACY/////8wCocICwACZP////8wCocICwACZf////8w +CocICwACZv////8wCocICwACZ/////8wCocICwACaP////8wCocICwACaf////8w +CocICwACav////8wCocICwACa/////8wCocICwACbP////8wCocICwACbf////8w +CocICwACbv////8wCocICwACb/////8wCocICwACcP////8wCocICwACcf////8w +CocICwACcv////8wCocICwACc/////8wCocICwACdP////8wCocICwACdf////8w +CocICwACdv////8wCocICwACd/////8wCocICwACeP////8wCocICwACef////8w +CocICwACev////8wCocICwACe/////8wCocICwACfP////8wCocICwACff////8w +CocICwACfv////8wCocICwACf/////8wCocICwACgP////8wCocICwACgf////8w +CocICwACgv////8wCocICwACg/////8wCocICwAChP////8wCocICwAChf////8w +CocICwAChv////8wCocICwACh/////8wCocICwACiP////8wCocICwACif////8w +CocICwACiv////8wCocICwACi/////8wCocICwACjP////8wCocICwACjf////8w +CocICwACjv////8wCocICwACj/////8wCocICwACkP////8wCocICwACkf////8w +CocICwACkv////8wCocICwACk/////8wCocICwAClP////8wCocICwAClf////8w +CocICwAClv////8wCocICwACl/////8wCocICwACmP////8wCocICwACmf////8w +CocICwACmv////8wCocICwACm/////8wCocICwACnP////8wCocICwACnf////8w +CocICwACnv////8wCocICwACn/////8wCocICwACoP////8wCocICwACof////8w +CocICwACov////8wCocICwACo/////8wCocICwACpP////8wCocICwACpf////8w +CocICwACpv////8wCocICwACp/////8wCocICwACqP////8wCocICwACqf////8w +CocICwACqv////8wCocICwACq/////8wCocICwACrP////8wCocICwACrf////8w +CocICwACrv////8wCocICwACr/////8wCocICwACsP////8wCocICwACsf////8w +CocICwACsv////8wCocICwACs/////8wCocICwACtP////8wCocICwACtf////8w +CocICwACtv////8wCocICwACt/////8wCocICwACuP////8wCocICwACuf////8w +CocICwACuv////8wCocICwACu/////8wCocICwACvP////8wCocICwACvf////8w +CocICwACvv////8wCocICwACv/////8wCocICwACwP////8wCocICwACwf////8w +CocICwACwv////8wCocICwACw/////8wCocICwACxP////8wCocICwACxf////8w +CocICwACxv////8wCocICwACx/////8wCocICwACyP////8wCocICwACyf////8w +CocICwACyv////8wCocICwACy/////8wCocICwACzP////8wCocICwACzf////8w +CocICwACzv////8wCocICwACz/////8wCocICwAC0P////8wCocICwAC0f////8w +CocICwAC0v////8wCocICwAC0/////8wCocICwAC1P////8wCocICwAC1f////8w +CocICwAC1v////8wCocICwAC1/////8wCocICwAC2P////8wCocICwAC2f////8w +CocICwAC2v////8wCocICwAC2/////8wCocICwAC3P////8wCocICwAC3f////8w +CocICwAC3v////8wCocICwAC3/////8wCocICwAC4P////8wCocICwAC4f////8w +CocICwAC4v////8wCocICwAC4/////8wCocICwAC5P////8wCocICwAC5f////8w +CocICwAC5v////8wCocICwAC5/////8wCocICwAC6P////8wCocICwAC6f////8w +CocICwAC6v////8wCocICwAC6/////8wCocICwAC7P////8wCocICwAC7f////8w +CocICwAC7v////8wCocICwAC7/////8wCocICwAC8P////8wCocICwAC8f////8w +CocICwAC8v////8wCocICwAC8/////8wCocICwAC9P////8wCocICwAC9f////8w +CocICwAC9v////8wCocICwAC9/////8wCocICwAC+P////8wCocICwAC+f////8w +CocICwAC+v////8wCocICwAC+/////8wCocICwAC/P////8wCocICwAC/f////8w +CocICwAC/v////8wCocICwAC//////8wCocICwADAP////8wCocICwADAf////8w +CocICwADAv////8wCocICwADA/////8wCocICwADBP////8wCocICwADBf////8w +CocICwADBv////8wCocICwADB/////8wCocICwADCP////8wCocICwADCf////8w +CocICwADCv////8wCocICwADC/////8wCocICwADDP////8wCocICwADDf////8w +CocICwADDv////8wCocICwADD/////8wCocICwADEP////8wCocICwADEf////8w +CocICwADEv////8wCocICwADE/////8wCocICwADFP////8wCocICwADFf////8w +CocICwADFv////8wCocICwADF/////8wCocICwADGP////8wCocICwADGf////8w +CocICwADGv////8wCocICwADG/////8wCocICwADHP////8wCocICwADHf////8w +CocICwADHv////8wCocICwADH/////8wCocICwADIP////8wCocICwADIf////8w +CocICwADIv////8wCocICwADI/////8wCocICwADJP////8wCocICwADJf////8w +CocICwADJv////8wCocICwADJ/////8wCocICwADKP////8wCocICwADKf////8w +CocICwADKv////8wCocICwADK/////8wCocICwADLP////8wCocICwADLf////8w +CocICwADLv////8wCocICwADL/////8wCocICwADMP////8wCocICwADMf////8w +CocICwADMv////8wCocICwADM/////8wCocICwADNP////8wCocICwADNf////8w +CocICwADNv////8wCocICwADN/////8wCocICwADOP////8wCocICwADOf////8w +CocICwADOv////8wCocICwADO/////8wCocICwADPP////8wCocICwADPf////8w +CocICwADPv////8wCocICwADP/////8wCocICwADQP////8wCocICwADQf////8w +CocICwADQv////8wCocICwADQ/////8wCocICwADRP////8wCocICwADRf////8w +CocICwADRv////8wCocICwADR/////8wCocICwADSP////8wCocICwADSf////8w +CocICwADSv////8wCocICwADS/////8wCocICwADTP////8wCocICwADTf////8w +CocICwADTv////8wCocICwADT/////8wCocICwADUP////8wCocICwADUf////8w +CocICwADUv////8wCocICwADU/////8wCocICwADVP////8wCocICwADVf////8w +CocICwADVv////8wCocICwADV/////8wCocICwADWP////8wCocICwADWf////8w +CocICwADWv////8wCocICwADW/////8wCocICwADXP////8wCocICwADXf////8w +CocICwADXv////8wCocICwADX/////8wCocICwADYP////8wCocICwADYf////8w +CocICwADYv////8wCocICwADY/////8wCocICwADZP////8wCocICwADZf////8w +CocICwADZv////8wCocICwADZ/////8wCocICwADaP////8wCocICwADaf////8w +CocICwADav////8wCocICwADa/////8wCocICwADbP////8wCocICwADbf////8w +CocICwADbv////8wCocICwADb/////8wCocICwADcP////8wCocICwADcf////8w +CocICwADcv////8wCocICwADc/////8wCocICwADdP////8wCocICwADdf////8w +CocICwADdv////8wCocICwADd/////8wCocICwADeP////8wCocICwADef////8w +CocICwADev////8wCocICwADe/////8wCocICwADfP////8wCocICwADff////8w +CocICwADfv////8wCocICwADf/////8wCocICwADgP////8wCocICwADgf////8w +CocICwADgv////8wCocICwADg/////8wCocICwADhP////8wCocICwADhf////8w +CocICwADhv////8wCocICwADh/////8wCocICwADiP////8wCocICwADif////8w +CocICwADiv////8wCocICwADi/////8wCocICwADjP////8wCocICwADjf////8w +CocICwADjv////8wCocICwADj/////8wCocICwADkP////8wCocICwADkf////8w +CocICwADkv////8wCocICwADk/////8wCocICwADlP////8wCocICwADlf////8w +CocICwADlv////8wCocICwADl/////8wCocICwADmP////8wCocICwADmf////8w +CocICwADmv////8wCocICwADm/////8wCocICwADnP////8wCocICwADnf////8w +CocICwADnv////8wCocICwADn/////8wCocICwADoP////8wCocICwADof////8w +CocICwADov////8wCocICwADo/////8wCocICwADpP////8wCocICwADpf////8w +CocICwADpv////8wCocICwADp/////8wCocICwADqP////8wCocICwADqf////8w +CocICwADqv////8wCocICwADq/////8wCocICwADrP////8wCocICwADrf////8w +CocICwADrv////8wCocICwADr/////8wCocICwADsP////8wCocICwADsf////8w +CocICwADsv////8wCocICwADs/////8wCocICwADtP////8wCocICwADtf////8w +CocICwADtv////8wCocICwADt/////8wCocICwADuP////8wCocICwADuf////8w +CocICwADuv////8wCocICwADu/////8wCocICwADvP////8wCocICwADvf////8w +CocICwADvv////8wCocICwADv/////8wCocICwADwP////8wCocICwADwf////8w +CocICwADwv////8wCocICwADw/////8wCocICwADxP////8wCocICwADxf////8w +CocICwADxv////8wCocICwADx/////8wCocICwADyP////8wCocICwADyf////8w +CocICwADyv////8wCocICwADy/////8wCocICwADzP////8wCocICwADzf////8w +CocICwADzv////8wCocICwADz/////8wCocICwAD0P////8wCocICwAD0f////8w +CocICwAD0v////8wCocICwAD0/////8wCocICwAD1P////8wCocICwAD1f////8w +CocICwAD1v////8wCocICwAD1/////8wCocICwAD2P////8wCocICwAD2f////8w +CocICwAD2v////8wCocICwAD2/////8wCocICwAD3P////8wCocICwAD3f////8w +CocICwAD3v////8wCocICwAD3/////8wCocICwAD4P////8wCocICwAD4f////8w +CocICwAD4v////8wCocICwAD4/////8wCocICwAD5P////8wCocICwAD5f////8w +CocICwAD5v////8wCocICwAD5/////8wCocICwAD6P////8wCocICwAD6f////8w +CocICwAD6v////8wCocICwAD6/////8wCocICwAD7P////8wCocICwAD7f////8w +CocICwAD7v////8wCocICwAD7/////8wCocICwAD8P////8wCocICwAD8f////8w +CocICwAD8v////8wCocICwAD8/////8wCocICwAD9P////8wCocICwAD9f////8w +CocICwAD9v////8wCocICwAD9/////8wCocICwAD+P////8wCocICwAD+f////8w +CocICwAD+v////8wCocICwAD+/////8wCocICwAD/P////8wCocICwAD/f////8w +CocICwAD/v////8wCocICwAD//////8wCocICwAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAHoC880E9ZjcwHqqJbWhcuUJmT+4VKK3KHJhr0bACcxj/dQbpjbF4mK7 +qnH3ktJ6Bxs17McvrUSGa0PfekkFrDOAgXcVdvu+A9+JdnIexnruAYQ1T6l/Z1ql +4AHfg6wC/5932Ff8B86H0STowKzdm0Y6cIb5lALFY3X2cBBVmRQRVyJlMFZUK5Xb +NgJysJWHmIdCQET/Shae+BTEtNXqqAa0e/vrDUU124saPSzfOdTNnlTo6E83HEIl +RVLmxELnhfXHPSXbf6ApTTUm9NnBS2QIp2b6j0zTlL+OYPNTvOmDxJahl2Yn31WQ +HwGOb5CJVxjagSbx9K10HzsqY1O/Kj4= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.test new file mode 100644 index 0000000000..3032ced0d3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-excluded.test @@ -0,0 +1,8 @@ +chain: toomany-ips-excluded.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem new file mode 100644 index 0000000000..56bc9c89c4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.pem @@ -0,0 +1,1690 @@ +[Created by: ./generate-chains.py] + +A chain containing a large number of permitted IP name +constraints and IP names, above the limit. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:ab:b4:3d:dc:c0:77:80:2a:03:09:ad:43:74:02:bf:98:d8:da + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=t0 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:db:2c:53:01:ce:f9:1a:83:36:52:51:2a:5b:42: + 63:de:32:75:11:6a:7d:b0:a1:e4:77:47:9b:71:e5: + a6:2d:64:d7:ae:5b:04:ed:7a:3f:c7:f6:ca:2b:2b: + ad:cd:6c:88:a5:8e:36:fb:e7:a2:22:b5:7d:54:79: + e9:d5:7a:5b:ca:2b:29:6c:0d:84:0a:10:c4:21:b6: + 58:98:bb:0d:b6:0c:8d:56:5b:2c:85:59:07:ca:06: + 46:36:25:1a:29:8e:c4:39:b7:c3:31:ce:6e:49:c2: + 01:cf:b0:3b:27:43:8a:e3:d5:06:1f:2d:93:9d:dd: + 7a:45:65:6d:fd:b4:b1:c0:10:59:42:f2:1e:8f:ce: + 43:ac:97:25:c1:7c:e2:51:e1:44:35:5b:94:aa:03: + 6e:da:71:2f:25:7f:58:30:01:e1:12:17:1e:f2:aa: + 6c:22:80:b1:c9:65:ea:77:95:b3:07:c4:f7:72:38: + 34:fe:a0:43:33:4c:66:6d:a1:e8:a1:04:bc:6f:14: + 39:39:44:2e:38:37:74:c9:0a:21:85:91:21:b7:4e: + ba:b0:99:4a:76:98:7b:58:ca:1c:d3:b0:40:c3:d9: + 2a:75:fb:eb:19:ea:e3:1a:98:31:52:97:e9:7f:a4: + 7b:21:7f:2f:dc:62:86:8f:fd:fd:a8:88:e8:4b:44: + 52:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:B4:05:CC:AA:BA:51:3D:FC:F2:F9:1E:25:53:72:E1:3A:F2:9A:DF + X509v3 Authority Key Identifier: + keyid:92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:10.0.0.0, IP Address:10.0.0.1, IP Address:10.0.0.2, IP Address:10.0.0.3, IP Address:10.0.0.4, IP Address:10.0.0.5, IP Address:10.0.0.6, IP Address:10.0.0.7, IP Address:10.0.0.8, IP Address:10.0.0.9, IP Address:10.0.0.10, IP Address:10.0.0.11, IP Address:10.0.0.12, IP Address:10.0.0.13, IP Address:10.0.0.14, IP Address:10.0.0.15, IP Address:10.0.0.16, IP Address:10.0.0.17, IP Address:10.0.0.18, IP Address:10.0.0.19, IP Address:10.0.0.20, IP Address:10.0.0.21, IP Address:10.0.0.22, IP Address:10.0.0.23, IP Address:10.0.0.24, IP Address:10.0.0.25, IP Address:10.0.0.26, IP Address:10.0.0.27, IP Address:10.0.0.28, IP Address:10.0.0.29, IP Address:10.0.0.30, IP Address:10.0.0.31, IP Address:10.0.0.32, IP Address:10.0.0.33, IP Address:10.0.0.34, IP Address:10.0.0.35, IP Address:10.0.0.36, IP Address:10.0.0.37, IP Address:10.0.0.38, IP Address:10.0.0.39, IP Address:10.0.0.40, IP Address:10.0.0.41, IP Address:10.0.0.42, IP Address:10.0.0.43, IP Address:10.0.0.44, IP Address:10.0.0.45, IP Address:10.0.0.46, IP Address:10.0.0.47, IP Address:10.0.0.48, IP Address:10.0.0.49, IP Address:10.0.0.50, IP Address:10.0.0.51, IP Address:10.0.0.52, IP Address:10.0.0.53, IP Address:10.0.0.54, IP Address:10.0.0.55, IP Address:10.0.0.56, IP Address:10.0.0.57, IP Address:10.0.0.58, IP Address:10.0.0.59, IP Address:10.0.0.60, IP Address:10.0.0.61, IP Address:10.0.0.62, IP Address:10.0.0.63, IP Address:10.0.0.64, IP Address:10.0.0.65, IP Address:10.0.0.66, IP Address:10.0.0.67, IP Address:10.0.0.68, IP Address:10.0.0.69, IP Address:10.0.0.70, IP Address:10.0.0.71, IP Address:10.0.0.72, IP Address:10.0.0.73, IP Address:10.0.0.74, IP Address:10.0.0.75, IP Address:10.0.0.76, IP Address:10.0.0.77, IP Address:10.0.0.78, IP Address:10.0.0.79, IP Address:10.0.0.80, IP Address:10.0.0.81, IP Address:10.0.0.82, IP Address:10.0.0.83, IP Address:10.0.0.84, IP Address:10.0.0.85, IP Address:10.0.0.86, IP Address:10.0.0.87, IP Address:10.0.0.88, IP Address:10.0.0.89, IP Address:10.0.0.90, IP Address:10.0.0.91, IP Address:10.0.0.92, IP Address:10.0.0.93, IP Address:10.0.0.94, IP Address:10.0.0.95, IP Address:10.0.0.96, IP Address:10.0.0.97, IP Address:10.0.0.98, IP Address:10.0.0.99, IP Address:10.0.0.100, IP Address:10.0.0.101, IP Address:10.0.0.102, IP Address:10.0.0.103, IP Address:10.0.0.104, IP Address:10.0.0.105, IP Address:10.0.0.106, IP Address:10.0.0.107, IP Address:10.0.0.108, IP Address:10.0.0.109, IP Address:10.0.0.110, IP Address:10.0.0.111, IP Address:10.0.0.112, IP Address:10.0.0.113, IP Address:10.0.0.114, IP Address:10.0.0.115, IP Address:10.0.0.116, IP Address:10.0.0.117, IP Address:10.0.0.118, IP Address:10.0.0.119, IP Address:10.0.0.120, IP Address:10.0.0.121, IP Address:10.0.0.122, IP Address:10.0.0.123, IP Address:10.0.0.124, IP Address:10.0.0.125, IP Address:10.0.0.126, IP Address:10.0.0.127, IP Address:10.0.0.128, IP Address:10.0.0.129, IP Address:10.0.0.130, IP Address:10.0.0.131, IP Address:10.0.0.132, IP Address:10.0.0.133, IP Address:10.0.0.134, IP Address:10.0.0.135, IP Address:10.0.0.136, IP Address:10.0.0.137, IP Address:10.0.0.138, IP Address:10.0.0.139, IP Address:10.0.0.140, IP Address:10.0.0.141, IP Address:10.0.0.142, IP Address:10.0.0.143, IP Address:10.0.0.144, IP Address:10.0.0.145, IP Address:10.0.0.146, IP Address:10.0.0.147, IP Address:10.0.0.148, IP Address:10.0.0.149, IP Address:10.0.0.150, IP Address:10.0.0.151, IP Address:10.0.0.152, IP Address:10.0.0.153, IP Address:10.0.0.154, IP Address:10.0.0.155, IP Address:10.0.0.156, IP Address:10.0.0.157, IP Address:10.0.0.158, IP Address:10.0.0.159, IP Address:10.0.0.160, IP Address:10.0.0.161, IP Address:10.0.0.162, IP Address:10.0.0.163, IP Address:10.0.0.164, IP Address:10.0.0.165, IP Address:10.0.0.166, IP Address:10.0.0.167, IP Address:10.0.0.168, IP Address:10.0.0.169, IP Address:10.0.0.170, IP Address:10.0.0.171, IP Address:10.0.0.172, IP Address:10.0.0.173, IP Address:10.0.0.174, IP Address:10.0.0.175, IP Address:10.0.0.176, IP Address:10.0.0.177, IP Address:10.0.0.178, IP Address:10.0.0.179, IP Address:10.0.0.180, IP Address:10.0.0.181, IP Address:10.0.0.182, IP Address:10.0.0.183, IP Address:10.0.0.184, IP Address:10.0.0.185, IP Address:10.0.0.186, IP Address:10.0.0.187, IP Address:10.0.0.188, IP Address:10.0.0.189, IP Address:10.0.0.190, IP Address:10.0.0.191, IP Address:10.0.0.192, IP Address:10.0.0.193, IP Address:10.0.0.194, IP Address:10.0.0.195, IP Address:10.0.0.196, IP Address:10.0.0.197, IP Address:10.0.0.198, IP Address:10.0.0.199, IP Address:10.0.0.200, IP Address:10.0.0.201, IP Address:10.0.0.202, IP Address:10.0.0.203, IP Address:10.0.0.204, IP Address:10.0.0.205, IP Address:10.0.0.206, IP Address:10.0.0.207, IP Address:10.0.0.208, IP Address:10.0.0.209, IP Address:10.0.0.210, IP Address:10.0.0.211, IP Address:10.0.0.212, IP Address:10.0.0.213, IP Address:10.0.0.214, IP Address:10.0.0.215, IP Address:10.0.0.216, IP Address:10.0.0.217, IP Address:10.0.0.218, IP Address:10.0.0.219, IP Address:10.0.0.220, IP Address:10.0.0.221, IP Address:10.0.0.222, IP Address:10.0.0.223, IP Address:10.0.0.224, IP Address:10.0.0.225, IP Address:10.0.0.226, IP Address:10.0.0.227, IP Address:10.0.0.228, IP Address:10.0.0.229, IP Address:10.0.0.230, IP Address:10.0.0.231, IP Address:10.0.0.232, IP Address:10.0.0.233, IP Address:10.0.0.234, IP Address:10.0.0.235, IP Address:10.0.0.236, IP Address:10.0.0.237, IP Address:10.0.0.238, IP Address:10.0.0.239, IP Address:10.0.0.240, IP Address:10.0.0.241, IP Address:10.0.0.242, IP Address:10.0.0.243, IP Address:10.0.0.244, IP Address:10.0.0.245, IP Address:10.0.0.246, IP Address:10.0.0.247, IP Address:10.0.0.248, IP Address:10.0.0.249, IP Address:10.0.0.250, IP Address:10.0.0.251, IP Address:10.0.0.252, IP Address:10.0.0.253, IP Address:10.0.0.254, IP Address:10.0.0.255, IP Address:10.0.1.0, IP Address:10.0.1.1, IP Address:10.0.1.2, IP Address:10.0.1.3, IP Address:10.0.1.4, IP Address:10.0.1.5, IP Address:10.0.1.6, IP Address:10.0.1.7, IP Address:10.0.1.8, IP Address:10.0.1.9, IP Address:10.0.1.10, IP Address:10.0.1.11, IP Address:10.0.1.12, IP Address:10.0.1.13, IP Address:10.0.1.14, IP Address:10.0.1.15, IP Address:10.0.1.16, IP Address:10.0.1.17, IP Address:10.0.1.18, IP Address:10.0.1.19, IP Address:10.0.1.20, IP Address:10.0.1.21, IP Address:10.0.1.22, IP Address:10.0.1.23, IP Address:10.0.1.24, IP Address:10.0.1.25, IP Address:10.0.1.26, IP Address:10.0.1.27, IP Address:10.0.1.28, IP Address:10.0.1.29, IP Address:10.0.1.30, IP Address:10.0.1.31, IP Address:10.0.1.32, IP Address:10.0.1.33, IP Address:10.0.1.34, IP Address:10.0.1.35, IP Address:10.0.1.36, IP Address:10.0.1.37, IP Address:10.0.1.38, IP Address:10.0.1.39, IP Address:10.0.1.40, IP Address:10.0.1.41, IP Address:10.0.1.42, IP Address:10.0.1.43, IP Address:10.0.1.44, IP Address:10.0.1.45, IP Address:10.0.1.46, IP Address:10.0.1.47, IP Address:10.0.1.48, IP Address:10.0.1.49, IP Address:10.0.1.50, IP Address:10.0.1.51, IP Address:10.0.1.52, IP Address:10.0.1.53, IP Address:10.0.1.54, IP Address:10.0.1.55, IP Address:10.0.1.56, IP Address:10.0.1.57, IP Address:10.0.1.58, IP Address:10.0.1.59, IP Address:10.0.1.60, IP Address:10.0.1.61, IP Address:10.0.1.62, IP Address:10.0.1.63, IP Address:10.0.1.64, IP Address:10.0.1.65, IP Address:10.0.1.66, IP Address:10.0.1.67, IP Address:10.0.1.68, IP Address:10.0.1.69, IP Address:10.0.1.70, IP Address:10.0.1.71, IP Address:10.0.1.72, IP Address:10.0.1.73, IP Address:10.0.1.74, IP Address:10.0.1.75, IP Address:10.0.1.76, IP Address:10.0.1.77, IP Address:10.0.1.78, IP Address:10.0.1.79, IP Address:10.0.1.80, IP Address:10.0.1.81, IP Address:10.0.1.82, IP Address:10.0.1.83, IP Address:10.0.1.84, IP Address:10.0.1.85, IP Address:10.0.1.86, IP Address:10.0.1.87, IP Address:10.0.1.88, IP Address:10.0.1.89, IP Address:10.0.1.90, IP Address:10.0.1.91, IP Address:10.0.1.92, IP Address:10.0.1.93, IP Address:10.0.1.94, IP Address:10.0.1.95, IP Address:10.0.1.96, IP Address:10.0.1.97, IP Address:10.0.1.98, IP Address:10.0.1.99, IP Address:10.0.1.100, IP Address:10.0.1.101, IP Address:10.0.1.102, IP Address:10.0.1.103, IP Address:10.0.1.104, IP Address:10.0.1.105, IP Address:10.0.1.106, IP Address:10.0.1.107, IP Address:10.0.1.108, IP Address:10.0.1.109, IP Address:10.0.1.110, IP Address:10.0.1.111, IP Address:10.0.1.112, IP Address:10.0.1.113, IP Address:10.0.1.114, IP Address:10.0.1.115, IP Address:10.0.1.116, IP Address:10.0.1.117, IP Address:10.0.1.118, IP Address:10.0.1.119, IP Address:10.0.1.120, IP Address:10.0.1.121, IP Address:10.0.1.122, IP Address:10.0.1.123, IP Address:10.0.1.124, IP Address:10.0.1.125, IP Address:10.0.1.126, IP Address:10.0.1.127, IP Address:10.0.1.128, IP Address:10.0.1.129, IP Address:10.0.1.130, IP Address:10.0.1.131, IP Address:10.0.1.132, IP Address:10.0.1.133, IP Address:10.0.1.134, IP Address:10.0.1.135, IP Address:10.0.1.136, IP Address:10.0.1.137, IP Address:10.0.1.138, IP Address:10.0.1.139, IP Address:10.0.1.140, IP Address:10.0.1.141, IP Address:10.0.1.142, IP Address:10.0.1.143, IP Address:10.0.1.144, IP Address:10.0.1.145, IP Address:10.0.1.146, IP Address:10.0.1.147, IP Address:10.0.1.148, IP Address:10.0.1.149, IP Address:10.0.1.150, IP Address:10.0.1.151, IP Address:10.0.1.152, IP Address:10.0.1.153, IP Address:10.0.1.154, IP Address:10.0.1.155, IP Address:10.0.1.156, IP Address:10.0.1.157, IP Address:10.0.1.158, IP Address:10.0.1.159, IP Address:10.0.1.160, IP Address:10.0.1.161, IP Address:10.0.1.162, IP Address:10.0.1.163, IP Address:10.0.1.164, IP Address:10.0.1.165, IP Address:10.0.1.166, IP Address:10.0.1.167, IP Address:10.0.1.168, IP Address:10.0.1.169, IP Address:10.0.1.170, IP Address:10.0.1.171, IP Address:10.0.1.172, IP Address:10.0.1.173, IP Address:10.0.1.174, IP Address:10.0.1.175, IP Address:10.0.1.176, IP Address:10.0.1.177, IP Address:10.0.1.178, IP Address:10.0.1.179, IP Address:10.0.1.180, IP Address:10.0.1.181, IP Address:10.0.1.182, IP Address:10.0.1.183, IP Address:10.0.1.184, IP Address:10.0.1.185, IP Address:10.0.1.186, IP Address:10.0.1.187, IP Address:10.0.1.188, IP Address:10.0.1.189, IP Address:10.0.1.190, IP Address:10.0.1.191, IP Address:10.0.1.192, IP Address:10.0.1.193, IP Address:10.0.1.194, IP Address:10.0.1.195, IP Address:10.0.1.196, IP Address:10.0.1.197, IP Address:10.0.1.198, IP Address:10.0.1.199, IP Address:10.0.1.200, IP Address:10.0.1.201, IP Address:10.0.1.202, IP Address:10.0.1.203, IP Address:10.0.1.204, IP Address:10.0.1.205, IP Address:10.0.1.206, IP Address:10.0.1.207, IP Address:10.0.1.208, IP Address:10.0.1.209, IP Address:10.0.1.210, IP Address:10.0.1.211, IP Address:10.0.1.212, IP Address:10.0.1.213, IP Address:10.0.1.214, IP Address:10.0.1.215, IP Address:10.0.1.216, IP Address:10.0.1.217, IP Address:10.0.1.218, IP Address:10.0.1.219, IP Address:10.0.1.220, IP Address:10.0.1.221, IP Address:10.0.1.222, IP Address:10.0.1.223, IP Address:10.0.1.224, IP Address:10.0.1.225, IP Address:10.0.1.226, IP Address:10.0.1.227, IP Address:10.0.1.228, IP Address:10.0.1.229, IP Address:10.0.1.230, IP Address:10.0.1.231, IP Address:10.0.1.232, IP Address:10.0.1.233, IP Address:10.0.1.234, IP Address:10.0.1.235, IP Address:10.0.1.236, IP Address:10.0.1.237, IP Address:10.0.1.238, IP Address:10.0.1.239, IP Address:10.0.1.240, IP Address:10.0.1.241, IP Address:10.0.1.242, IP Address:10.0.1.243, IP Address:10.0.1.244, IP Address:10.0.1.245, IP Address:10.0.1.246, IP Address:10.0.1.247, IP Address:10.0.1.248, IP Address:10.0.1.249, IP Address:10.0.1.250, IP Address:10.0.1.251, IP Address:10.0.1.252, IP Address:10.0.1.253, IP Address:10.0.1.254, IP Address:10.0.1.255, IP Address:10.0.2.0, IP Address:10.0.2.1, IP Address:10.0.2.2, IP Address:10.0.2.3, IP Address:10.0.2.4, IP Address:10.0.2.5, IP Address:10.0.2.6, IP Address:10.0.2.7, IP Address:10.0.2.8, IP Address:10.0.2.9, IP Address:10.0.2.10, IP Address:10.0.2.11, IP Address:10.0.2.12, IP Address:10.0.2.13, IP Address:10.0.2.14, IP Address:10.0.2.15, IP Address:10.0.2.16, IP Address:10.0.2.17, IP Address:10.0.2.18, IP Address:10.0.2.19, IP Address:10.0.2.20, IP Address:10.0.2.21, IP Address:10.0.2.22, IP Address:10.0.2.23, IP Address:10.0.2.24, IP Address:10.0.2.25, IP Address:10.0.2.26, IP Address:10.0.2.27, IP Address:10.0.2.28, IP Address:10.0.2.29, IP Address:10.0.2.30, IP Address:10.0.2.31, IP Address:10.0.2.32, IP Address:10.0.2.33, IP Address:10.0.2.34, IP Address:10.0.2.35, IP Address:10.0.2.36, IP Address:10.0.2.37, IP Address:10.0.2.38, IP Address:10.0.2.39, IP Address:10.0.2.40, IP Address:10.0.2.41, IP Address:10.0.2.42, IP Address:10.0.2.43, IP Address:10.0.2.44, IP Address:10.0.2.45, IP Address:10.0.2.46, IP Address:10.0.2.47, IP Address:10.0.2.48, IP Address:10.0.2.49, IP Address:10.0.2.50, IP Address:10.0.2.51, IP Address:10.0.2.52, IP Address:10.0.2.53, IP Address:10.0.2.54, IP Address:10.0.2.55, IP Address:10.0.2.56, IP Address:10.0.2.57, IP Address:10.0.2.58, IP Address:10.0.2.59, IP Address:10.0.2.60, IP Address:10.0.2.61, IP Address:10.0.2.62, IP Address:10.0.2.63, IP Address:10.0.2.64, IP Address:10.0.2.65, IP Address:10.0.2.66, IP Address:10.0.2.67, IP Address:10.0.2.68, IP Address:10.0.2.69, IP Address:10.0.2.70, IP Address:10.0.2.71, IP Address:10.0.2.72, IP Address:10.0.2.73, IP Address:10.0.2.74, IP Address:10.0.2.75, IP Address:10.0.2.76, IP Address:10.0.2.77, IP Address:10.0.2.78, IP Address:10.0.2.79, IP Address:10.0.2.80, IP Address:10.0.2.81, IP Address:10.0.2.82, IP Address:10.0.2.83, IP Address:10.0.2.84, IP Address:10.0.2.85, IP Address:10.0.2.86, IP Address:10.0.2.87, IP Address:10.0.2.88, IP Address:10.0.2.89, IP Address:10.0.2.90, IP Address:10.0.2.91, IP Address:10.0.2.92, IP Address:10.0.2.93, IP Address:10.0.2.94, IP Address:10.0.2.95, IP Address:10.0.2.96, IP Address:10.0.2.97, IP Address:10.0.2.98, IP Address:10.0.2.99, IP Address:10.0.2.100, IP Address:10.0.2.101, IP Address:10.0.2.102, IP Address:10.0.2.103, IP Address:10.0.2.104, IP Address:10.0.2.105, IP Address:10.0.2.106, IP Address:10.0.2.107, IP Address:10.0.2.108, IP Address:10.0.2.109, IP Address:10.0.2.110, IP Address:10.0.2.111, IP Address:10.0.2.112, IP Address:10.0.2.113, IP Address:10.0.2.114, IP Address:10.0.2.115, IP Address:10.0.2.116, IP Address:10.0.2.117, IP Address:10.0.2.118, IP Address:10.0.2.119, IP Address:10.0.2.120, IP Address:10.0.2.121, IP Address:10.0.2.122, IP Address:10.0.2.123, IP Address:10.0.2.124, IP Address:10.0.2.125, IP Address:10.0.2.126, IP Address:10.0.2.127, IP Address:10.0.2.128, IP Address:10.0.2.129, IP Address:10.0.2.130, IP Address:10.0.2.131, IP Address:10.0.2.132, IP Address:10.0.2.133, IP Address:10.0.2.134, IP Address:10.0.2.135, IP Address:10.0.2.136, IP Address:10.0.2.137, IP Address:10.0.2.138, IP Address:10.0.2.139, IP Address:10.0.2.140, IP Address:10.0.2.141, IP Address:10.0.2.142, IP Address:10.0.2.143, IP Address:10.0.2.144, IP Address:10.0.2.145, IP Address:10.0.2.146, IP Address:10.0.2.147, IP Address:10.0.2.148, IP Address:10.0.2.149, IP Address:10.0.2.150, IP Address:10.0.2.151, IP Address:10.0.2.152, IP Address:10.0.2.153, IP Address:10.0.2.154, IP Address:10.0.2.155, IP Address:10.0.2.156, IP Address:10.0.2.157, IP Address:10.0.2.158, IP Address:10.0.2.159, IP Address:10.0.2.160, IP Address:10.0.2.161, IP Address:10.0.2.162, IP Address:10.0.2.163, IP Address:10.0.2.164, IP Address:10.0.2.165, IP Address:10.0.2.166, IP Address:10.0.2.167, IP Address:10.0.2.168, IP Address:10.0.2.169, IP Address:10.0.2.170, IP Address:10.0.2.171, IP Address:10.0.2.172, IP Address:10.0.2.173, IP Address:10.0.2.174, IP Address:10.0.2.175, IP Address:10.0.2.176, IP Address:10.0.2.177, IP Address:10.0.2.178, IP Address:10.0.2.179, IP Address:10.0.2.180, IP Address:10.0.2.181, IP Address:10.0.2.182, IP Address:10.0.2.183, IP Address:10.0.2.184, IP Address:10.0.2.185, IP Address:10.0.2.186, IP Address:10.0.2.187, IP Address:10.0.2.188, IP Address:10.0.2.189, IP Address:10.0.2.190, IP Address:10.0.2.191, IP Address:10.0.2.192, IP Address:10.0.2.193, IP Address:10.0.2.194, IP Address:10.0.2.195, IP Address:10.0.2.196, IP Address:10.0.2.197, IP Address:10.0.2.198, IP Address:10.0.2.199, IP Address:10.0.2.200, IP Address:10.0.2.201, IP Address:10.0.2.202, IP Address:10.0.2.203, IP Address:10.0.2.204, IP Address:10.0.2.205, IP Address:10.0.2.206, IP Address:10.0.2.207, IP Address:10.0.2.208, IP Address:10.0.2.209, IP Address:10.0.2.210, IP Address:10.0.2.211, IP Address:10.0.2.212, IP Address:10.0.2.213, IP Address:10.0.2.214, IP Address:10.0.2.215, IP Address:10.0.2.216, IP Address:10.0.2.217, IP Address:10.0.2.218, IP Address:10.0.2.219, IP Address:10.0.2.220, IP Address:10.0.2.221, IP Address:10.0.2.222, IP Address:10.0.2.223, IP Address:10.0.2.224, IP Address:10.0.2.225, IP Address:10.0.2.226, IP Address:10.0.2.227, IP Address:10.0.2.228, IP Address:10.0.2.229, IP Address:10.0.2.230, IP Address:10.0.2.231, IP Address:10.0.2.232, IP Address:10.0.2.233, IP Address:10.0.2.234, IP Address:10.0.2.235, IP Address:10.0.2.236, IP Address:10.0.2.237, IP Address:10.0.2.238, IP Address:10.0.2.239, IP Address:10.0.2.240, IP Address:10.0.2.241, IP Address:10.0.2.242, IP Address:10.0.2.243, IP Address:10.0.2.244, IP Address:10.0.2.245, IP Address:10.0.2.246, IP Address:10.0.2.247, IP Address:10.0.2.248, IP Address:10.0.2.249, IP Address:10.0.2.250, IP Address:10.0.2.251, IP Address:10.0.2.252, IP Address:10.0.2.253, IP Address:10.0.2.254, IP Address:10.0.2.255, IP Address:10.0.3.0, IP Address:10.0.3.1, IP Address:10.0.3.2, IP Address:10.0.3.3, IP Address:10.0.3.4, IP Address:10.0.3.5, IP Address:10.0.3.6, IP Address:10.0.3.7, IP Address:10.0.3.8, IP Address:10.0.3.9, IP Address:10.0.3.10, IP Address:10.0.3.11, IP Address:10.0.3.12, IP Address:10.0.3.13, IP Address:10.0.3.14, IP Address:10.0.3.15, IP Address:10.0.3.16, IP Address:10.0.3.17, IP Address:10.0.3.18, IP Address:10.0.3.19, IP Address:10.0.3.20, IP Address:10.0.3.21, IP Address:10.0.3.22, IP Address:10.0.3.23, IP Address:10.0.3.24, IP Address:10.0.3.25, IP Address:10.0.3.26, IP Address:10.0.3.27, IP Address:10.0.3.28, IP Address:10.0.3.29, IP Address:10.0.3.30, IP Address:10.0.3.31, IP Address:10.0.3.32, IP Address:10.0.3.33, IP Address:10.0.3.34, IP Address:10.0.3.35, IP Address:10.0.3.36, IP Address:10.0.3.37, IP Address:10.0.3.38, IP Address:10.0.3.39, IP Address:10.0.3.40, IP Address:10.0.3.41, IP Address:10.0.3.42, IP Address:10.0.3.43, IP Address:10.0.3.44, IP Address:10.0.3.45, IP Address:10.0.3.46, IP Address:10.0.3.47, IP Address:10.0.3.48, IP Address:10.0.3.49, IP Address:10.0.3.50, IP Address:10.0.3.51, IP Address:10.0.3.52, IP Address:10.0.3.53, IP Address:10.0.3.54, IP Address:10.0.3.55, IP Address:10.0.3.56, IP Address:10.0.3.57, IP Address:10.0.3.58, IP Address:10.0.3.59, IP Address:10.0.3.60, IP Address:10.0.3.61, IP Address:10.0.3.62, IP Address:10.0.3.63, IP Address:10.0.3.64, IP Address:10.0.3.65, IP Address:10.0.3.66, IP Address:10.0.3.67, IP Address:10.0.3.68, IP Address:10.0.3.69, IP Address:10.0.3.70, IP Address:10.0.3.71, IP Address:10.0.3.72, IP Address:10.0.3.73, IP Address:10.0.3.74, IP Address:10.0.3.75, IP Address:10.0.3.76, IP Address:10.0.3.77, IP Address:10.0.3.78, IP Address:10.0.3.79, IP Address:10.0.3.80, IP Address:10.0.3.81, IP Address:10.0.3.82, IP Address:10.0.3.83, IP Address:10.0.3.84, IP Address:10.0.3.85, IP Address:10.0.3.86, IP Address:10.0.3.87, IP Address:10.0.3.88, IP Address:10.0.3.89, IP Address:10.0.3.90, IP Address:10.0.3.91, IP Address:10.0.3.92, IP Address:10.0.3.93, IP Address:10.0.3.94, IP Address:10.0.3.95, IP Address:10.0.3.96, IP Address:10.0.3.97, IP Address:10.0.3.98, IP Address:10.0.3.99, IP Address:10.0.3.100, IP Address:10.0.3.101, IP Address:10.0.3.102, IP Address:10.0.3.103, IP Address:10.0.3.104, IP Address:10.0.3.105, IP Address:10.0.3.106, IP Address:10.0.3.107, IP Address:10.0.3.108, IP Address:10.0.3.109, IP Address:10.0.3.110, IP Address:10.0.3.111, IP Address:10.0.3.112, IP Address:10.0.3.113, IP Address:10.0.3.114, IP Address:10.0.3.115, IP Address:10.0.3.116, IP Address:10.0.3.117, IP Address:10.0.3.118, IP Address:10.0.3.119, IP Address:10.0.3.120, IP Address:10.0.3.121, IP Address:10.0.3.122, IP Address:10.0.3.123, IP Address:10.0.3.124, IP Address:10.0.3.125, IP Address:10.0.3.126, IP Address:10.0.3.127, IP Address:10.0.3.128, IP Address:10.0.3.129, IP Address:10.0.3.130, IP Address:10.0.3.131, IP Address:10.0.3.132, IP Address:10.0.3.133, IP Address:10.0.3.134, IP Address:10.0.3.135, IP Address:10.0.3.136, IP Address:10.0.3.137, IP Address:10.0.3.138, IP Address:10.0.3.139, IP Address:10.0.3.140, IP Address:10.0.3.141, IP Address:10.0.3.142, IP Address:10.0.3.143, IP Address:10.0.3.144, IP Address:10.0.3.145, IP Address:10.0.3.146, IP Address:10.0.3.147, IP Address:10.0.3.148, IP Address:10.0.3.149, IP Address:10.0.3.150, IP Address:10.0.3.151, IP Address:10.0.3.152, IP Address:10.0.3.153, IP Address:10.0.3.154, IP Address:10.0.3.155, IP Address:10.0.3.156, IP Address:10.0.3.157, IP Address:10.0.3.158, IP Address:10.0.3.159, IP Address:10.0.3.160, IP Address:10.0.3.161, IP Address:10.0.3.162, IP Address:10.0.3.163, IP Address:10.0.3.164, IP Address:10.0.3.165, IP Address:10.0.3.166, IP Address:10.0.3.167, IP Address:10.0.3.168, IP Address:10.0.3.169, IP Address:10.0.3.170, IP Address:10.0.3.171, IP Address:10.0.3.172, IP Address:10.0.3.173, IP Address:10.0.3.174, IP Address:10.0.3.175, IP Address:10.0.3.176, IP Address:10.0.3.177, IP Address:10.0.3.178, IP Address:10.0.3.179, IP Address:10.0.3.180, IP Address:10.0.3.181, IP Address:10.0.3.182, IP Address:10.0.3.183, IP Address:10.0.3.184, IP Address:10.0.3.185, IP Address:10.0.3.186, IP Address:10.0.3.187, IP Address:10.0.3.188, IP Address:10.0.3.189, IP Address:10.0.3.190, IP Address:10.0.3.191, IP Address:10.0.3.192, IP Address:10.0.3.193, IP Address:10.0.3.194, IP Address:10.0.3.195, IP Address:10.0.3.196, IP Address:10.0.3.197, IP Address:10.0.3.198, IP Address:10.0.3.199, IP Address:10.0.3.200, IP Address:10.0.3.201, IP Address:10.0.3.202, IP Address:10.0.3.203, IP Address:10.0.3.204, IP Address:10.0.3.205, IP Address:10.0.3.206, IP Address:10.0.3.207, IP Address:10.0.3.208, IP Address:10.0.3.209, IP Address:10.0.3.210, IP Address:10.0.3.211, IP Address:10.0.3.212, IP Address:10.0.3.213, IP Address:10.0.3.214, IP Address:10.0.3.215, IP Address:10.0.3.216, IP Address:10.0.3.217, IP Address:10.0.3.218, IP Address:10.0.3.219, IP Address:10.0.3.220, IP Address:10.0.3.221, IP Address:10.0.3.222, IP Address:10.0.3.223, IP Address:10.0.3.224, IP Address:10.0.3.225, IP Address:10.0.3.226, IP Address:10.0.3.227, IP Address:10.0.3.228, IP Address:10.0.3.229, IP Address:10.0.3.230, IP Address:10.0.3.231, IP Address:10.0.3.232, IP Address:10.0.3.233, IP Address:10.0.3.234, IP Address:10.0.3.235, IP Address:10.0.3.236, IP Address:10.0.3.237, IP Address:10.0.3.238, IP Address:10.0.3.239, IP Address:10.0.3.240, IP Address:10.0.3.241, IP Address:10.0.3.242, IP Address:10.0.3.243, IP Address:10.0.3.244, IP Address:10.0.3.245, IP Address:10.0.3.246, IP Address:10.0.3.247, IP Address:10.0.3.248, IP Address:10.0.3.249, IP Address:10.0.3.250, IP Address:10.0.3.251, IP Address:10.0.3.252, IP Address:10.0.3.253, IP Address:10.0.3.254, IP Address:10.0.3.255 + Signature Algorithm: sha256WithRSAEncryption + 13:e0:0d:71:4c:e5:af:98:fc:35:e0:79:60:26:93:28:ee:ef: + 83:73:c6:86:03:3d:4a:5c:b6:75:25:14:44:0d:af:bf:0b:ac: + 7a:f1:10:78:65:6d:f3:bc:ff:e2:aa:36:af:37:a4:6f:0c:b3: + c5:78:dc:81:a0:98:2a:d2:1c:b3:04:0f:cb:f7:47:b5:75:a2: + 1d:bc:69:2b:aa:62:ff:59:51:53:5b:f6:38:30:00:fa:2d:15: + 9c:9a:7b:b6:56:d7:f7:bc:1d:87:8b:4d:17:41:81:c0:72:c6: + 13:3e:ea:bc:e1:d9:6a:e2:ac:fa:02:a3:3b:c8:59:be:bb:e7: + 62:8c:86:23:f2:ec:d5:d0:f3:45:69:20:95:a2:c3:f4:40:eb: + 36:44:64:b6:11:9d:f8:51:8a:38:85:ef:f3:e0:3e:93:1c:29: + 80:93:4d:d5:75:8c:33:d1:66:9c:61:4e:eb:a2:9a:61:6e:55: + 13:2b:1c:2b:0a:73:6e:44:fb:87:74:c8:08:df:34:78:18:4b: + 66:42:54:11:ce:c4:88:38:4f:42:36:41:81:28:be:91:7d:ce: + 5c:81:71:0d:26:48:d9:65:cf:00:36:66:3b:88:cb:51:21:f5: + ce:e4:56:4f:10:cf:87:0e:40:2f:d9:b6:fc:0b:ae:e6:86:74: + 5c:bd:a5:aa +-----BEGIN CERTIFICATE----- +MIIbrjCCGpagAwIBAgITL6u0PdzAd4AqAwmtQ3QCv5jY2jANBgkqhkiG9w0BAQsF +ADAXMRUwEwYDVQQDDAxJbnRlcm1lZGlhdGUwHhcNMjExMDA1MTIwMDAwWhcNMjIx +MDA1MTIwMDAwWjANMQswCQYDVQQDDAJ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANssUwHO+RqDNlJRKltCY94ydRFqfbCh5HdHm3Hlpi1k165bBO16 +P8f2yisrrc1siKWONvvnoiK1fVR56dV6W8orKWwNhAoQxCG2WJi7DbYMjVZbLIVZ +B8oGRjYlGimOxDm3wzHObknCAc+wOydDiuPVBh8tk53dekVlbf20scAQWULyHo/O +Q6yXJcF84lHhRDVblKoDbtpxLyV/WDAB4RIXHvKqbCKAscll6neVswfE93I4NP6g +QzNMZm2h6KEEvG8UOTlELjg3dMkKIYWRIbdOurCZSnaYe1jKHNOwQMPZKnX76xnq +4xqYMVKX6X+keyF/L9xiho/9/aiI6EtEUr0CAwEAAaOCGPswghj3MB0GA1UdDgQW +BBQ7tAXMqrpRPfzy+R4lU3LhOvKa3zAfBgNVHSMEGDAWgBSSET+sEZbHZjfPg1ok +8Dp3rzONfzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwghgNBgNVHREEghgEMIIYAIcE +CgAAAIcECgAAAYcECgAAAocECgAAA4cECgAABIcECgAABYcECgAABocECgAAB4cE +CgAACIcECgAACYcECgAACocECgAAC4cECgAADIcECgAADYcECgAADocECgAAD4cE +CgAAEIcECgAAEYcECgAAEocECgAAE4cECgAAFIcECgAAFYcECgAAFocECgAAF4cE +CgAAGIcECgAAGYcECgAAGocECgAAG4cECgAAHIcECgAAHYcECgAAHocECgAAH4cE +CgAAIIcECgAAIYcECgAAIocECgAAI4cECgAAJIcECgAAJYcECgAAJocECgAAJ4cE +CgAAKIcECgAAKYcECgAAKocECgAAK4cECgAALIcECgAALYcECgAALocECgAAL4cE +CgAAMIcECgAAMYcECgAAMocECgAAM4cECgAANIcECgAANYcECgAANocECgAAN4cE +CgAAOIcECgAAOYcECgAAOocECgAAO4cECgAAPIcECgAAPYcECgAAPocECgAAP4cE +CgAAQIcECgAAQYcECgAAQocECgAAQ4cECgAARIcECgAARYcECgAARocECgAAR4cE +CgAASIcECgAASYcECgAASocECgAAS4cECgAATIcECgAATYcECgAATocECgAAT4cE +CgAAUIcECgAAUYcECgAAUocECgAAU4cECgAAVIcECgAAVYcECgAAVocECgAAV4cE +CgAAWIcECgAAWYcECgAAWocECgAAW4cECgAAXIcECgAAXYcECgAAXocECgAAX4cE +CgAAYIcECgAAYYcECgAAYocECgAAY4cECgAAZIcECgAAZYcECgAAZocECgAAZ4cE +CgAAaIcECgAAaYcECgAAaocECgAAa4cECgAAbIcECgAAbYcECgAAbocECgAAb4cE +CgAAcIcECgAAcYcECgAAcocECgAAc4cECgAAdIcECgAAdYcECgAAdocECgAAd4cE +CgAAeIcECgAAeYcECgAAeocECgAAe4cECgAAfIcECgAAfYcECgAAfocECgAAf4cE +CgAAgIcECgAAgYcECgAAgocECgAAg4cECgAAhIcECgAAhYcECgAAhocECgAAh4cE +CgAAiIcECgAAiYcECgAAiocECgAAi4cECgAAjIcECgAAjYcECgAAjocECgAAj4cE +CgAAkIcECgAAkYcECgAAkocECgAAk4cECgAAlIcECgAAlYcECgAAlocECgAAl4cE +CgAAmIcECgAAmYcECgAAmocECgAAm4cECgAAnIcECgAAnYcECgAAnocECgAAn4cE +CgAAoIcECgAAoYcECgAAoocECgAAo4cECgAApIcECgAApYcECgAApocECgAAp4cE +CgAAqIcECgAAqYcECgAAqocECgAAq4cECgAArIcECgAArYcECgAArocECgAAr4cE +CgAAsIcECgAAsYcECgAAsocECgAAs4cECgAAtIcECgAAtYcECgAAtocECgAAt4cE +CgAAuIcECgAAuYcECgAAuocECgAAu4cECgAAvIcECgAAvYcECgAAvocECgAAv4cE +CgAAwIcECgAAwYcECgAAwocECgAAw4cECgAAxIcECgAAxYcECgAAxocECgAAx4cE +CgAAyIcECgAAyYcECgAAyocECgAAy4cECgAAzIcECgAAzYcECgAAzocECgAAz4cE +CgAA0IcECgAA0YcECgAA0ocECgAA04cECgAA1IcECgAA1YcECgAA1ocECgAA14cE +CgAA2IcECgAA2YcECgAA2ocECgAA24cECgAA3IcECgAA3YcECgAA3ocECgAA34cE +CgAA4IcECgAA4YcECgAA4ocECgAA44cECgAA5IcECgAA5YcECgAA5ocECgAA54cE +CgAA6IcECgAA6YcECgAA6ocECgAA64cECgAA7IcECgAA7YcECgAA7ocECgAA74cE +CgAA8IcECgAA8YcECgAA8ocECgAA84cECgAA9IcECgAA9YcECgAA9ocECgAA94cE +CgAA+IcECgAA+YcECgAA+ocECgAA+4cECgAA/IcECgAA/YcECgAA/ocECgAA/4cE +CgABAIcECgABAYcECgABAocECgABA4cECgABBIcECgABBYcECgABBocECgABB4cE +CgABCIcECgABCYcECgABCocECgABC4cECgABDIcECgABDYcECgABDocECgABD4cE +CgABEIcECgABEYcECgABEocECgABE4cECgABFIcECgABFYcECgABFocECgABF4cE +CgABGIcECgABGYcECgABGocECgABG4cECgABHIcECgABHYcECgABHocECgABH4cE +CgABIIcECgABIYcECgABIocECgABI4cECgABJIcECgABJYcECgABJocECgABJ4cE +CgABKIcECgABKYcECgABKocECgABK4cECgABLIcECgABLYcECgABLocECgABL4cE +CgABMIcECgABMYcECgABMocECgABM4cECgABNIcECgABNYcECgABNocECgABN4cE +CgABOIcECgABOYcECgABOocECgABO4cECgABPIcECgABPYcECgABPocECgABP4cE +CgABQIcECgABQYcECgABQocECgABQ4cECgABRIcECgABRYcECgABRocECgABR4cE +CgABSIcECgABSYcECgABSocECgABS4cECgABTIcECgABTYcECgABTocECgABT4cE +CgABUIcECgABUYcECgABUocECgABU4cECgABVIcECgABVYcECgABVocECgABV4cE +CgABWIcECgABWYcECgABWocECgABW4cECgABXIcECgABXYcECgABXocECgABX4cE +CgABYIcECgABYYcECgABYocECgABY4cECgABZIcECgABZYcECgABZocECgABZ4cE +CgABaIcECgABaYcECgABaocECgABa4cECgABbIcECgABbYcECgABbocECgABb4cE +CgABcIcECgABcYcECgABcocECgABc4cECgABdIcECgABdYcECgABdocECgABd4cE +CgABeIcECgABeYcECgABeocECgABe4cECgABfIcECgABfYcECgABfocECgABf4cE +CgABgIcECgABgYcECgABgocECgABg4cECgABhIcECgABhYcECgABhocECgABh4cE +CgABiIcECgABiYcECgABiocECgABi4cECgABjIcECgABjYcECgABjocECgABj4cE +CgABkIcECgABkYcECgABkocECgABk4cECgABlIcECgABlYcECgABlocECgABl4cE +CgABmIcECgABmYcECgABmocECgABm4cECgABnIcECgABnYcECgABnocECgABn4cE +CgABoIcECgABoYcECgABoocECgABo4cECgABpIcECgABpYcECgABpocECgABp4cE +CgABqIcECgABqYcECgABqocECgABq4cECgABrIcECgABrYcECgABrocECgABr4cE +CgABsIcECgABsYcECgABsocECgABs4cECgABtIcECgABtYcECgABtocECgABt4cE +CgABuIcECgABuYcECgABuocECgABu4cECgABvIcECgABvYcECgABvocECgABv4cE +CgABwIcECgABwYcECgABwocECgABw4cECgABxIcECgABxYcECgABxocECgABx4cE +CgAByIcECgAByYcECgAByocECgABy4cECgABzIcECgABzYcECgABzocECgABz4cE +CgAB0IcECgAB0YcECgAB0ocECgAB04cECgAB1IcECgAB1YcECgAB1ocECgAB14cE +CgAB2IcECgAB2YcECgAB2ocECgAB24cECgAB3IcECgAB3YcECgAB3ocECgAB34cE +CgAB4IcECgAB4YcECgAB4ocECgAB44cECgAB5IcECgAB5YcECgAB5ocECgAB54cE +CgAB6IcECgAB6YcECgAB6ocECgAB64cECgAB7IcECgAB7YcECgAB7ocECgAB74cE +CgAB8IcECgAB8YcECgAB8ocECgAB84cECgAB9IcECgAB9YcECgAB9ocECgAB94cE +CgAB+IcECgAB+YcECgAB+ocECgAB+4cECgAB/IcECgAB/YcECgAB/ocECgAB/4cE +CgACAIcECgACAYcECgACAocECgACA4cECgACBIcECgACBYcECgACBocECgACB4cE +CgACCIcECgACCYcECgACCocECgACC4cECgACDIcECgACDYcECgACDocECgACD4cE +CgACEIcECgACEYcECgACEocECgACE4cECgACFIcECgACFYcECgACFocECgACF4cE +CgACGIcECgACGYcECgACGocECgACG4cECgACHIcECgACHYcECgACHocECgACH4cE +CgACIIcECgACIYcECgACIocECgACI4cECgACJIcECgACJYcECgACJocECgACJ4cE +CgACKIcECgACKYcECgACKocECgACK4cECgACLIcECgACLYcECgACLocECgACL4cE +CgACMIcECgACMYcECgACMocECgACM4cECgACNIcECgACNYcECgACNocECgACN4cE +CgACOIcECgACOYcECgACOocECgACO4cECgACPIcECgACPYcECgACPocECgACP4cE +CgACQIcECgACQYcECgACQocECgACQ4cECgACRIcECgACRYcECgACRocECgACR4cE +CgACSIcECgACSYcECgACSocECgACS4cECgACTIcECgACTYcECgACTocECgACT4cE +CgACUIcECgACUYcECgACUocECgACU4cECgACVIcECgACVYcECgACVocECgACV4cE +CgACWIcECgACWYcECgACWocECgACW4cECgACXIcECgACXYcECgACXocECgACX4cE +CgACYIcECgACYYcECgACYocECgACY4cECgACZIcECgACZYcECgACZocECgACZ4cE +CgACaIcECgACaYcECgACaocECgACa4cECgACbIcECgACbYcECgACbocECgACb4cE +CgACcIcECgACcYcECgACcocECgACc4cECgACdIcECgACdYcECgACdocECgACd4cE +CgACeIcECgACeYcECgACeocECgACe4cECgACfIcECgACfYcECgACfocECgACf4cE +CgACgIcECgACgYcECgACgocECgACg4cECgAChIcECgAChYcECgAChocECgACh4cE +CgACiIcECgACiYcECgACiocECgACi4cECgACjIcECgACjYcECgACjocECgACj4cE +CgACkIcECgACkYcECgACkocECgACk4cECgAClIcECgAClYcECgAClocECgACl4cE +CgACmIcECgACmYcECgACmocECgACm4cECgACnIcECgACnYcECgACnocECgACn4cE +CgACoIcECgACoYcECgACoocECgACo4cECgACpIcECgACpYcECgACpocECgACp4cE +CgACqIcECgACqYcECgACqocECgACq4cECgACrIcECgACrYcECgACrocECgACr4cE +CgACsIcECgACsYcECgACsocECgACs4cECgACtIcECgACtYcECgACtocECgACt4cE +CgACuIcECgACuYcECgACuocECgACu4cECgACvIcECgACvYcECgACvocECgACv4cE +CgACwIcECgACwYcECgACwocECgACw4cECgACxIcECgACxYcECgACxocECgACx4cE +CgACyIcECgACyYcECgACyocECgACy4cECgACzIcECgACzYcECgACzocECgACz4cE +CgAC0IcECgAC0YcECgAC0ocECgAC04cECgAC1IcECgAC1YcECgAC1ocECgAC14cE +CgAC2IcECgAC2YcECgAC2ocECgAC24cECgAC3IcECgAC3YcECgAC3ocECgAC34cE +CgAC4IcECgAC4YcECgAC4ocECgAC44cECgAC5IcECgAC5YcECgAC5ocECgAC54cE +CgAC6IcECgAC6YcECgAC6ocECgAC64cECgAC7IcECgAC7YcECgAC7ocECgAC74cE +CgAC8IcECgAC8YcECgAC8ocECgAC84cECgAC9IcECgAC9YcECgAC9ocECgAC94cE +CgAC+IcECgAC+YcECgAC+ocECgAC+4cECgAC/IcECgAC/YcECgAC/ocECgAC/4cE +CgADAIcECgADAYcECgADAocECgADA4cECgADBIcECgADBYcECgADBocECgADB4cE +CgADCIcECgADCYcECgADCocECgADC4cECgADDIcECgADDYcECgADDocECgADD4cE +CgADEIcECgADEYcECgADEocECgADE4cECgADFIcECgADFYcECgADFocECgADF4cE +CgADGIcECgADGYcECgADGocECgADG4cECgADHIcECgADHYcECgADHocECgADH4cE +CgADIIcECgADIYcECgADIocECgADI4cECgADJIcECgADJYcECgADJocECgADJ4cE +CgADKIcECgADKYcECgADKocECgADK4cECgADLIcECgADLYcECgADLocECgADL4cE +CgADMIcECgADMYcECgADMocECgADM4cECgADNIcECgADNYcECgADNocECgADN4cE +CgADOIcECgADOYcECgADOocECgADO4cECgADPIcECgADPYcECgADPocECgADP4cE +CgADQIcECgADQYcECgADQocECgADQ4cECgADRIcECgADRYcECgADRocECgADR4cE +CgADSIcECgADSYcECgADSocECgADS4cECgADTIcECgADTYcECgADTocECgADT4cE +CgADUIcECgADUYcECgADUocECgADU4cECgADVIcECgADVYcECgADVocECgADV4cE +CgADWIcECgADWYcECgADWocECgADW4cECgADXIcECgADXYcECgADXocECgADX4cE +CgADYIcECgADYYcECgADYocECgADY4cECgADZIcECgADZYcECgADZocECgADZ4cE +CgADaIcECgADaYcECgADaocECgADa4cECgADbIcECgADbYcECgADbocECgADb4cE +CgADcIcECgADcYcECgADcocECgADc4cECgADdIcECgADdYcECgADdocECgADd4cE +CgADeIcECgADeYcECgADeocECgADe4cECgADfIcECgADfYcECgADfocECgADf4cE +CgADgIcECgADgYcECgADgocECgADg4cECgADhIcECgADhYcECgADhocECgADh4cE +CgADiIcECgADiYcECgADiocECgADi4cECgADjIcECgADjYcECgADjocECgADj4cE +CgADkIcECgADkYcECgADkocECgADk4cECgADlIcECgADlYcECgADlocECgADl4cE +CgADmIcECgADmYcECgADmocECgADm4cECgADnIcECgADnYcECgADnocECgADn4cE +CgADoIcECgADoYcECgADoocECgADo4cECgADpIcECgADpYcECgADpocECgADp4cE +CgADqIcECgADqYcECgADqocECgADq4cECgADrIcECgADrYcECgADrocECgADr4cE +CgADsIcECgADsYcECgADsocECgADs4cECgADtIcECgADtYcECgADtocECgADt4cE +CgADuIcECgADuYcECgADuocECgADu4cECgADvIcECgADvYcECgADvocECgADv4cE +CgADwIcECgADwYcECgADwocECgADw4cECgADxIcECgADxYcECgADxocECgADx4cE +CgADyIcECgADyYcECgADyocECgADy4cECgADzIcECgADzYcECgADzocECgADz4cE +CgAD0IcECgAD0YcECgAD0ocECgAD04cECgAD1IcECgAD1YcECgAD1ocECgAD14cE +CgAD2IcECgAD2YcECgAD2ocECgAD24cECgAD3IcECgAD3YcECgAD3ocECgAD34cE +CgAD4IcECgAD4YcECgAD4ocECgAD44cECgAD5IcECgAD5YcECgAD5ocECgAD54cE +CgAD6IcECgAD6YcECgAD6ocECgAD64cECgAD7IcECgAD7YcECgAD7ocECgAD74cE +CgAD8IcECgAD8YcECgAD8ocECgAD84cECgAD9IcECgAD9YcECgAD9ocECgAD94cE +CgAD+IcECgAD+YcECgAD+ocECgAD+4cECgAD/IcECgAD/YcECgAD/ocECgAD/zAN +BgkqhkiG9w0BAQsFAAOCAQEAE+ANcUzlr5j8NeB5YCaTKO7vg3PGhgM9Sly2dSUU +RA2vvwusevEQeGVt87z/4qo2rzekbwyzxXjcgaCYKtIcswQPy/dHtXWiHbxpK6pi +/1lRU1v2ODAA+i0VnJp7tlbX97wdh4tNF0GBwHLGEz7qvOHZauKs+gKjO8hZvrvn +YoyGI/Ls1dDzRWkglaLD9EDrNkRkthGd+FGKOIXv8+A+kxwpgJNN1XWMM9FmnGFO +66KaYW5VEyscKwpzbkT7h3TICN80eBhLZkJUEc7EiDhPQjZBgSi+kX3OXIFxDSZI +2WXPADZmO4jLUSH1zuRWTxDPhw5AL9m2/Auu5oZ0XL2lqg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:fc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:3b:db:04:6e:17:e0:54:52:ba:23:77:24:bc: + 34:e3:70:d9:99:9e:53:5d:33:0b:a9:cc:4b:1d:ae: + 06:27:18:8e:55:ba:ad:12:c7:1d:32:59:6d:c3:16: + 20:db:62:a6:77:80:12:e0:87:58:51:55:e3:66:7f: + d1:e0:3a:22:65:e5:70:26:a2:04:04:f0:5d:f9:5f: + 56:c8:da:e8:0f:57:28:77:6e:9a:a0:4a:53:34:1a: + 63:37:a2:43:ab:0e:4a:cd:07:23:dd:55:83:44:00: + 0c:70:41:df:35:64:d0:c5:0e:6a:87:db:ca:fc:35: + d5:e2:5b:af:0b:a0:e6:75:a5:d2:e1:72:4e:22:63: + 01:41:73:b8:95:50:2c:fd:ed:c3:61:b6:36:d4:83: + 95:61:c3:e0:61:ff:f4:9e:8a:e8:ba:dc:d1:f6:89: + ed:9d:30:44:95:27:f4:d1:8b:e6:2f:14:66:56:f1: + da:f1:cc:04:1b:77:92:a5:9f:58:40:0c:9f:0c:32: + d6:05:c2:4c:c0:c5:9f:e5:a4:30:3d:4c:e9:9d:03: + 6c:4c:06:b6:e5:95:bd:21:b8:e6:2b:a8:a0:bf:06: + bb:43:33:19:3d:7b:17:59:f1:64:4d:24:67:b1:51: + 0f:35:ae:f0:71:75:79:ae:5b:02:34:04:31:e3:66: + 86:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:11:3F:AC:11:96:C7:66:37:CF:83:5A:24:F0:3A:77:AF:33:8D:7F + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Name Constraints: + Permitted: + IP:10.0.0.0/255.255.255.255 + IP:10.0.0.1/255.255.255.255 + IP:10.0.0.2/255.255.255.255 + IP:10.0.0.3/255.255.255.255 + IP:10.0.0.4/255.255.255.255 + IP:10.0.0.5/255.255.255.255 + IP:10.0.0.6/255.255.255.255 + IP:10.0.0.7/255.255.255.255 + IP:10.0.0.8/255.255.255.255 + IP:10.0.0.9/255.255.255.255 + IP:10.0.0.10/255.255.255.255 + IP:10.0.0.11/255.255.255.255 + IP:10.0.0.12/255.255.255.255 + IP:10.0.0.13/255.255.255.255 + IP:10.0.0.14/255.255.255.255 + IP:10.0.0.15/255.255.255.255 + IP:10.0.0.16/255.255.255.255 + IP:10.0.0.17/255.255.255.255 + IP:10.0.0.18/255.255.255.255 + IP:10.0.0.19/255.255.255.255 + IP:10.0.0.20/255.255.255.255 + IP:10.0.0.21/255.255.255.255 + IP:10.0.0.22/255.255.255.255 + IP:10.0.0.23/255.255.255.255 + IP:10.0.0.24/255.255.255.255 + IP:10.0.0.25/255.255.255.255 + IP:10.0.0.26/255.255.255.255 + IP:10.0.0.27/255.255.255.255 + IP:10.0.0.28/255.255.255.255 + IP:10.0.0.29/255.255.255.255 + IP:10.0.0.30/255.255.255.255 + IP:10.0.0.31/255.255.255.255 + IP:10.0.0.32/255.255.255.255 + IP:10.0.0.33/255.255.255.255 + IP:10.0.0.34/255.255.255.255 + IP:10.0.0.35/255.255.255.255 + IP:10.0.0.36/255.255.255.255 + IP:10.0.0.37/255.255.255.255 + IP:10.0.0.38/255.255.255.255 + IP:10.0.0.39/255.255.255.255 + IP:10.0.0.40/255.255.255.255 + IP:10.0.0.41/255.255.255.255 + IP:10.0.0.42/255.255.255.255 + IP:10.0.0.43/255.255.255.255 + IP:10.0.0.44/255.255.255.255 + IP:10.0.0.45/255.255.255.255 + IP:10.0.0.46/255.255.255.255 + IP:10.0.0.47/255.255.255.255 + IP:10.0.0.48/255.255.255.255 + IP:10.0.0.49/255.255.255.255 + IP:10.0.0.50/255.255.255.255 + IP:10.0.0.51/255.255.255.255 + IP:10.0.0.52/255.255.255.255 + IP:10.0.0.53/255.255.255.255 + IP:10.0.0.54/255.255.255.255 + IP:10.0.0.55/255.255.255.255 + IP:10.0.0.56/255.255.255.255 + IP:10.0.0.57/255.255.255.255 + IP:10.0.0.58/255.255.255.255 + IP:10.0.0.59/255.255.255.255 + IP:10.0.0.60/255.255.255.255 + IP:10.0.0.61/255.255.255.255 + IP:10.0.0.62/255.255.255.255 + IP:10.0.0.63/255.255.255.255 + IP:10.0.0.64/255.255.255.255 + IP:10.0.0.65/255.255.255.255 + IP:10.0.0.66/255.255.255.255 + IP:10.0.0.67/255.255.255.255 + IP:10.0.0.68/255.255.255.255 + IP:10.0.0.69/255.255.255.255 + IP:10.0.0.70/255.255.255.255 + IP:10.0.0.71/255.255.255.255 + IP:10.0.0.72/255.255.255.255 + IP:10.0.0.73/255.255.255.255 + IP:10.0.0.74/255.255.255.255 + IP:10.0.0.75/255.255.255.255 + IP:10.0.0.76/255.255.255.255 + IP:10.0.0.77/255.255.255.255 + IP:10.0.0.78/255.255.255.255 + IP:10.0.0.79/255.255.255.255 + IP:10.0.0.80/255.255.255.255 + IP:10.0.0.81/255.255.255.255 + IP:10.0.0.82/255.255.255.255 + IP:10.0.0.83/255.255.255.255 + IP:10.0.0.84/255.255.255.255 + IP:10.0.0.85/255.255.255.255 + IP:10.0.0.86/255.255.255.255 + IP:10.0.0.87/255.255.255.255 + IP:10.0.0.88/255.255.255.255 + IP:10.0.0.89/255.255.255.255 + IP:10.0.0.90/255.255.255.255 + IP:10.0.0.91/255.255.255.255 + IP:10.0.0.92/255.255.255.255 + IP:10.0.0.93/255.255.255.255 + IP:10.0.0.94/255.255.255.255 + IP:10.0.0.95/255.255.255.255 + IP:10.0.0.96/255.255.255.255 + IP:10.0.0.97/255.255.255.255 + IP:10.0.0.98/255.255.255.255 + IP:10.0.0.99/255.255.255.255 + IP:10.0.0.100/255.255.255.255 + IP:10.0.0.101/255.255.255.255 + IP:10.0.0.102/255.255.255.255 + IP:10.0.0.103/255.255.255.255 + IP:10.0.0.104/255.255.255.255 + IP:10.0.0.105/255.255.255.255 + IP:10.0.0.106/255.255.255.255 + IP:10.0.0.107/255.255.255.255 + IP:10.0.0.108/255.255.255.255 + IP:10.0.0.109/255.255.255.255 + IP:10.0.0.110/255.255.255.255 + IP:10.0.0.111/255.255.255.255 + IP:10.0.0.112/255.255.255.255 + IP:10.0.0.113/255.255.255.255 + IP:10.0.0.114/255.255.255.255 + IP:10.0.0.115/255.255.255.255 + IP:10.0.0.116/255.255.255.255 + IP:10.0.0.117/255.255.255.255 + IP:10.0.0.118/255.255.255.255 + IP:10.0.0.119/255.255.255.255 + IP:10.0.0.120/255.255.255.255 + IP:10.0.0.121/255.255.255.255 + IP:10.0.0.122/255.255.255.255 + IP:10.0.0.123/255.255.255.255 + IP:10.0.0.124/255.255.255.255 + IP:10.0.0.125/255.255.255.255 + IP:10.0.0.126/255.255.255.255 + IP:10.0.0.127/255.255.255.255 + IP:10.0.0.128/255.255.255.255 + IP:10.0.0.129/255.255.255.255 + IP:10.0.0.130/255.255.255.255 + IP:10.0.0.131/255.255.255.255 + IP:10.0.0.132/255.255.255.255 + IP:10.0.0.133/255.255.255.255 + IP:10.0.0.134/255.255.255.255 + IP:10.0.0.135/255.255.255.255 + IP:10.0.0.136/255.255.255.255 + IP:10.0.0.137/255.255.255.255 + IP:10.0.0.138/255.255.255.255 + IP:10.0.0.139/255.255.255.255 + IP:10.0.0.140/255.255.255.255 + IP:10.0.0.141/255.255.255.255 + IP:10.0.0.142/255.255.255.255 + IP:10.0.0.143/255.255.255.255 + IP:10.0.0.144/255.255.255.255 + IP:10.0.0.145/255.255.255.255 + IP:10.0.0.146/255.255.255.255 + IP:10.0.0.147/255.255.255.255 + IP:10.0.0.148/255.255.255.255 + IP:10.0.0.149/255.255.255.255 + IP:10.0.0.150/255.255.255.255 + IP:10.0.0.151/255.255.255.255 + IP:10.0.0.152/255.255.255.255 + IP:10.0.0.153/255.255.255.255 + IP:10.0.0.154/255.255.255.255 + IP:10.0.0.155/255.255.255.255 + IP:10.0.0.156/255.255.255.255 + IP:10.0.0.157/255.255.255.255 + IP:10.0.0.158/255.255.255.255 + IP:10.0.0.159/255.255.255.255 + IP:10.0.0.160/255.255.255.255 + IP:10.0.0.161/255.255.255.255 + IP:10.0.0.162/255.255.255.255 + IP:10.0.0.163/255.255.255.255 + IP:10.0.0.164/255.255.255.255 + IP:10.0.0.165/255.255.255.255 + IP:10.0.0.166/255.255.255.255 + IP:10.0.0.167/255.255.255.255 + IP:10.0.0.168/255.255.255.255 + IP:10.0.0.169/255.255.255.255 + IP:10.0.0.170/255.255.255.255 + IP:10.0.0.171/255.255.255.255 + IP:10.0.0.172/255.255.255.255 + IP:10.0.0.173/255.255.255.255 + IP:10.0.0.174/255.255.255.255 + IP:10.0.0.175/255.255.255.255 + IP:10.0.0.176/255.255.255.255 + IP:10.0.0.177/255.255.255.255 + IP:10.0.0.178/255.255.255.255 + IP:10.0.0.179/255.255.255.255 + IP:10.0.0.180/255.255.255.255 + IP:10.0.0.181/255.255.255.255 + IP:10.0.0.182/255.255.255.255 + IP:10.0.0.183/255.255.255.255 + IP:10.0.0.184/255.255.255.255 + IP:10.0.0.185/255.255.255.255 + IP:10.0.0.186/255.255.255.255 + IP:10.0.0.187/255.255.255.255 + IP:10.0.0.188/255.255.255.255 + IP:10.0.0.189/255.255.255.255 + IP:10.0.0.190/255.255.255.255 + IP:10.0.0.191/255.255.255.255 + IP:10.0.0.192/255.255.255.255 + IP:10.0.0.193/255.255.255.255 + IP:10.0.0.194/255.255.255.255 + IP:10.0.0.195/255.255.255.255 + IP:10.0.0.196/255.255.255.255 + IP:10.0.0.197/255.255.255.255 + IP:10.0.0.198/255.255.255.255 + IP:10.0.0.199/255.255.255.255 + IP:10.0.0.200/255.255.255.255 + IP:10.0.0.201/255.255.255.255 + IP:10.0.0.202/255.255.255.255 + IP:10.0.0.203/255.255.255.255 + IP:10.0.0.204/255.255.255.255 + IP:10.0.0.205/255.255.255.255 + IP:10.0.0.206/255.255.255.255 + IP:10.0.0.207/255.255.255.255 + IP:10.0.0.208/255.255.255.255 + IP:10.0.0.209/255.255.255.255 + IP:10.0.0.210/255.255.255.255 + IP:10.0.0.211/255.255.255.255 + IP:10.0.0.212/255.255.255.255 + IP:10.0.0.213/255.255.255.255 + IP:10.0.0.214/255.255.255.255 + IP:10.0.0.215/255.255.255.255 + IP:10.0.0.216/255.255.255.255 + IP:10.0.0.217/255.255.255.255 + IP:10.0.0.218/255.255.255.255 + IP:10.0.0.219/255.255.255.255 + IP:10.0.0.220/255.255.255.255 + IP:10.0.0.221/255.255.255.255 + IP:10.0.0.222/255.255.255.255 + IP:10.0.0.223/255.255.255.255 + IP:10.0.0.224/255.255.255.255 + IP:10.0.0.225/255.255.255.255 + IP:10.0.0.226/255.255.255.255 + IP:10.0.0.227/255.255.255.255 + IP:10.0.0.228/255.255.255.255 + IP:10.0.0.229/255.255.255.255 + IP:10.0.0.230/255.255.255.255 + IP:10.0.0.231/255.255.255.255 + IP:10.0.0.232/255.255.255.255 + IP:10.0.0.233/255.255.255.255 + IP:10.0.0.234/255.255.255.255 + IP:10.0.0.235/255.255.255.255 + IP:10.0.0.236/255.255.255.255 + IP:10.0.0.237/255.255.255.255 + IP:10.0.0.238/255.255.255.255 + IP:10.0.0.239/255.255.255.255 + IP:10.0.0.240/255.255.255.255 + IP:10.0.0.241/255.255.255.255 + IP:10.0.0.242/255.255.255.255 + IP:10.0.0.243/255.255.255.255 + IP:10.0.0.244/255.255.255.255 + IP:10.0.0.245/255.255.255.255 + IP:10.0.0.246/255.255.255.255 + IP:10.0.0.247/255.255.255.255 + IP:10.0.0.248/255.255.255.255 + IP:10.0.0.249/255.255.255.255 + IP:10.0.0.250/255.255.255.255 + IP:10.0.0.251/255.255.255.255 + IP:10.0.0.252/255.255.255.255 + IP:10.0.0.253/255.255.255.255 + IP:10.0.0.254/255.255.255.255 + IP:10.0.0.255/255.255.255.255 + IP:10.0.1.0/255.255.255.255 + IP:10.0.1.1/255.255.255.255 + IP:10.0.1.2/255.255.255.255 + IP:10.0.1.3/255.255.255.255 + IP:10.0.1.4/255.255.255.255 + IP:10.0.1.5/255.255.255.255 + IP:10.0.1.6/255.255.255.255 + IP:10.0.1.7/255.255.255.255 + IP:10.0.1.8/255.255.255.255 + IP:10.0.1.9/255.255.255.255 + IP:10.0.1.10/255.255.255.255 + IP:10.0.1.11/255.255.255.255 + IP:10.0.1.12/255.255.255.255 + IP:10.0.1.13/255.255.255.255 + IP:10.0.1.14/255.255.255.255 + IP:10.0.1.15/255.255.255.255 + IP:10.0.1.16/255.255.255.255 + IP:10.0.1.17/255.255.255.255 + IP:10.0.1.18/255.255.255.255 + IP:10.0.1.19/255.255.255.255 + IP:10.0.1.20/255.255.255.255 + IP:10.0.1.21/255.255.255.255 + IP:10.0.1.22/255.255.255.255 + IP:10.0.1.23/255.255.255.255 + IP:10.0.1.24/255.255.255.255 + IP:10.0.1.25/255.255.255.255 + IP:10.0.1.26/255.255.255.255 + IP:10.0.1.27/255.255.255.255 + IP:10.0.1.28/255.255.255.255 + IP:10.0.1.29/255.255.255.255 + IP:10.0.1.30/255.255.255.255 + IP:10.0.1.31/255.255.255.255 + IP:10.0.1.32/255.255.255.255 + IP:10.0.1.33/255.255.255.255 + IP:10.0.1.34/255.255.255.255 + IP:10.0.1.35/255.255.255.255 + IP:10.0.1.36/255.255.255.255 + IP:10.0.1.37/255.255.255.255 + IP:10.0.1.38/255.255.255.255 + IP:10.0.1.39/255.255.255.255 + IP:10.0.1.40/255.255.255.255 + IP:10.0.1.41/255.255.255.255 + IP:10.0.1.42/255.255.255.255 + IP:10.0.1.43/255.255.255.255 + IP:10.0.1.44/255.255.255.255 + IP:10.0.1.45/255.255.255.255 + IP:10.0.1.46/255.255.255.255 + IP:10.0.1.47/255.255.255.255 + IP:10.0.1.48/255.255.255.255 + IP:10.0.1.49/255.255.255.255 + IP:10.0.1.50/255.255.255.255 + IP:10.0.1.51/255.255.255.255 + IP:10.0.1.52/255.255.255.255 + IP:10.0.1.53/255.255.255.255 + IP:10.0.1.54/255.255.255.255 + IP:10.0.1.55/255.255.255.255 + IP:10.0.1.56/255.255.255.255 + IP:10.0.1.57/255.255.255.255 + IP:10.0.1.58/255.255.255.255 + IP:10.0.1.59/255.255.255.255 + IP:10.0.1.60/255.255.255.255 + IP:10.0.1.61/255.255.255.255 + IP:10.0.1.62/255.255.255.255 + IP:10.0.1.63/255.255.255.255 + IP:10.0.1.64/255.255.255.255 + IP:10.0.1.65/255.255.255.255 + IP:10.0.1.66/255.255.255.255 + IP:10.0.1.67/255.255.255.255 + IP:10.0.1.68/255.255.255.255 + IP:10.0.1.69/255.255.255.255 + IP:10.0.1.70/255.255.255.255 + IP:10.0.1.71/255.255.255.255 + IP:10.0.1.72/255.255.255.255 + IP:10.0.1.73/255.255.255.255 + IP:10.0.1.74/255.255.255.255 + IP:10.0.1.75/255.255.255.255 + IP:10.0.1.76/255.255.255.255 + IP:10.0.1.77/255.255.255.255 + IP:10.0.1.78/255.255.255.255 + IP:10.0.1.79/255.255.255.255 + IP:10.0.1.80/255.255.255.255 + IP:10.0.1.81/255.255.255.255 + IP:10.0.1.82/255.255.255.255 + IP:10.0.1.83/255.255.255.255 + IP:10.0.1.84/255.255.255.255 + IP:10.0.1.85/255.255.255.255 + IP:10.0.1.86/255.255.255.255 + IP:10.0.1.87/255.255.255.255 + IP:10.0.1.88/255.255.255.255 + IP:10.0.1.89/255.255.255.255 + IP:10.0.1.90/255.255.255.255 + IP:10.0.1.91/255.255.255.255 + IP:10.0.1.92/255.255.255.255 + IP:10.0.1.93/255.255.255.255 + IP:10.0.1.94/255.255.255.255 + IP:10.0.1.95/255.255.255.255 + IP:10.0.1.96/255.255.255.255 + IP:10.0.1.97/255.255.255.255 + IP:10.0.1.98/255.255.255.255 + IP:10.0.1.99/255.255.255.255 + IP:10.0.1.100/255.255.255.255 + IP:10.0.1.101/255.255.255.255 + IP:10.0.1.102/255.255.255.255 + IP:10.0.1.103/255.255.255.255 + IP:10.0.1.104/255.255.255.255 + IP:10.0.1.105/255.255.255.255 + IP:10.0.1.106/255.255.255.255 + IP:10.0.1.107/255.255.255.255 + IP:10.0.1.108/255.255.255.255 + IP:10.0.1.109/255.255.255.255 + IP:10.0.1.110/255.255.255.255 + IP:10.0.1.111/255.255.255.255 + IP:10.0.1.112/255.255.255.255 + IP:10.0.1.113/255.255.255.255 + IP:10.0.1.114/255.255.255.255 + IP:10.0.1.115/255.255.255.255 + IP:10.0.1.116/255.255.255.255 + IP:10.0.1.117/255.255.255.255 + IP:10.0.1.118/255.255.255.255 + IP:10.0.1.119/255.255.255.255 + IP:10.0.1.120/255.255.255.255 + IP:10.0.1.121/255.255.255.255 + IP:10.0.1.122/255.255.255.255 + IP:10.0.1.123/255.255.255.255 + IP:10.0.1.124/255.255.255.255 + IP:10.0.1.125/255.255.255.255 + IP:10.0.1.126/255.255.255.255 + IP:10.0.1.127/255.255.255.255 + IP:10.0.1.128/255.255.255.255 + IP:10.0.1.129/255.255.255.255 + IP:10.0.1.130/255.255.255.255 + IP:10.0.1.131/255.255.255.255 + IP:10.0.1.132/255.255.255.255 + IP:10.0.1.133/255.255.255.255 + IP:10.0.1.134/255.255.255.255 + IP:10.0.1.135/255.255.255.255 + IP:10.0.1.136/255.255.255.255 + IP:10.0.1.137/255.255.255.255 + IP:10.0.1.138/255.255.255.255 + IP:10.0.1.139/255.255.255.255 + IP:10.0.1.140/255.255.255.255 + IP:10.0.1.141/255.255.255.255 + IP:10.0.1.142/255.255.255.255 + IP:10.0.1.143/255.255.255.255 + IP:10.0.1.144/255.255.255.255 + IP:10.0.1.145/255.255.255.255 + IP:10.0.1.146/255.255.255.255 + IP:10.0.1.147/255.255.255.255 + IP:10.0.1.148/255.255.255.255 + IP:10.0.1.149/255.255.255.255 + IP:10.0.1.150/255.255.255.255 + IP:10.0.1.151/255.255.255.255 + IP:10.0.1.152/255.255.255.255 + IP:10.0.1.153/255.255.255.255 + IP:10.0.1.154/255.255.255.255 + IP:10.0.1.155/255.255.255.255 + IP:10.0.1.156/255.255.255.255 + IP:10.0.1.157/255.255.255.255 + IP:10.0.1.158/255.255.255.255 + IP:10.0.1.159/255.255.255.255 + IP:10.0.1.160/255.255.255.255 + IP:10.0.1.161/255.255.255.255 + IP:10.0.1.162/255.255.255.255 + IP:10.0.1.163/255.255.255.255 + IP:10.0.1.164/255.255.255.255 + IP:10.0.1.165/255.255.255.255 + IP:10.0.1.166/255.255.255.255 + IP:10.0.1.167/255.255.255.255 + IP:10.0.1.168/255.255.255.255 + IP:10.0.1.169/255.255.255.255 + IP:10.0.1.170/255.255.255.255 + IP:10.0.1.171/255.255.255.255 + IP:10.0.1.172/255.255.255.255 + IP:10.0.1.173/255.255.255.255 + IP:10.0.1.174/255.255.255.255 + IP:10.0.1.175/255.255.255.255 + IP:10.0.1.176/255.255.255.255 + IP:10.0.1.177/255.255.255.255 + IP:10.0.1.178/255.255.255.255 + IP:10.0.1.179/255.255.255.255 + IP:10.0.1.180/255.255.255.255 + IP:10.0.1.181/255.255.255.255 + IP:10.0.1.182/255.255.255.255 + IP:10.0.1.183/255.255.255.255 + IP:10.0.1.184/255.255.255.255 + IP:10.0.1.185/255.255.255.255 + IP:10.0.1.186/255.255.255.255 + IP:10.0.1.187/255.255.255.255 + IP:10.0.1.188/255.255.255.255 + IP:10.0.1.189/255.255.255.255 + IP:10.0.1.190/255.255.255.255 + IP:10.0.1.191/255.255.255.255 + IP:10.0.1.192/255.255.255.255 + IP:10.0.1.193/255.255.255.255 + IP:10.0.1.194/255.255.255.255 + IP:10.0.1.195/255.255.255.255 + IP:10.0.1.196/255.255.255.255 + IP:10.0.1.197/255.255.255.255 + IP:10.0.1.198/255.255.255.255 + IP:10.0.1.199/255.255.255.255 + IP:10.0.1.200/255.255.255.255 + IP:10.0.1.201/255.255.255.255 + IP:10.0.1.202/255.255.255.255 + IP:10.0.1.203/255.255.255.255 + IP:10.0.1.204/255.255.255.255 + IP:10.0.1.205/255.255.255.255 + IP:10.0.1.206/255.255.255.255 + IP:10.0.1.207/255.255.255.255 + IP:10.0.1.208/255.255.255.255 + IP:10.0.1.209/255.255.255.255 + IP:10.0.1.210/255.255.255.255 + IP:10.0.1.211/255.255.255.255 + IP:10.0.1.212/255.255.255.255 + IP:10.0.1.213/255.255.255.255 + IP:10.0.1.214/255.255.255.255 + IP:10.0.1.215/255.255.255.255 + IP:10.0.1.216/255.255.255.255 + IP:10.0.1.217/255.255.255.255 + IP:10.0.1.218/255.255.255.255 + IP:10.0.1.219/255.255.255.255 + IP:10.0.1.220/255.255.255.255 + IP:10.0.1.221/255.255.255.255 + IP:10.0.1.222/255.255.255.255 + IP:10.0.1.223/255.255.255.255 + IP:10.0.1.224/255.255.255.255 + IP:10.0.1.225/255.255.255.255 + IP:10.0.1.226/255.255.255.255 + IP:10.0.1.227/255.255.255.255 + IP:10.0.1.228/255.255.255.255 + IP:10.0.1.229/255.255.255.255 + IP:10.0.1.230/255.255.255.255 + IP:10.0.1.231/255.255.255.255 + IP:10.0.1.232/255.255.255.255 + IP:10.0.1.233/255.255.255.255 + IP:10.0.1.234/255.255.255.255 + IP:10.0.1.235/255.255.255.255 + IP:10.0.1.236/255.255.255.255 + IP:10.0.1.237/255.255.255.255 + IP:10.0.1.238/255.255.255.255 + IP:10.0.1.239/255.255.255.255 + IP:10.0.1.240/255.255.255.255 + IP:10.0.1.241/255.255.255.255 + IP:10.0.1.242/255.255.255.255 + IP:10.0.1.243/255.255.255.255 + IP:10.0.1.244/255.255.255.255 + IP:10.0.1.245/255.255.255.255 + IP:10.0.1.246/255.255.255.255 + IP:10.0.1.247/255.255.255.255 + IP:10.0.1.248/255.255.255.255 + IP:10.0.1.249/255.255.255.255 + IP:10.0.1.250/255.255.255.255 + IP:10.0.1.251/255.255.255.255 + IP:10.0.1.252/255.255.255.255 + IP:10.0.1.253/255.255.255.255 + IP:10.0.1.254/255.255.255.255 + IP:10.0.1.255/255.255.255.255 + IP:10.0.2.0/255.255.255.255 + IP:10.0.2.1/255.255.255.255 + IP:10.0.2.2/255.255.255.255 + IP:10.0.2.3/255.255.255.255 + IP:10.0.2.4/255.255.255.255 + IP:10.0.2.5/255.255.255.255 + IP:10.0.2.6/255.255.255.255 + IP:10.0.2.7/255.255.255.255 + IP:10.0.2.8/255.255.255.255 + IP:10.0.2.9/255.255.255.255 + IP:10.0.2.10/255.255.255.255 + IP:10.0.2.11/255.255.255.255 + IP:10.0.2.12/255.255.255.255 + IP:10.0.2.13/255.255.255.255 + IP:10.0.2.14/255.255.255.255 + IP:10.0.2.15/255.255.255.255 + IP:10.0.2.16/255.255.255.255 + IP:10.0.2.17/255.255.255.255 + IP:10.0.2.18/255.255.255.255 + IP:10.0.2.19/255.255.255.255 + IP:10.0.2.20/255.255.255.255 + IP:10.0.2.21/255.255.255.255 + IP:10.0.2.22/255.255.255.255 + IP:10.0.2.23/255.255.255.255 + IP:10.0.2.24/255.255.255.255 + IP:10.0.2.25/255.255.255.255 + IP:10.0.2.26/255.255.255.255 + IP:10.0.2.27/255.255.255.255 + IP:10.0.2.28/255.255.255.255 + IP:10.0.2.29/255.255.255.255 + IP:10.0.2.30/255.255.255.255 + IP:10.0.2.31/255.255.255.255 + IP:10.0.2.32/255.255.255.255 + IP:10.0.2.33/255.255.255.255 + IP:10.0.2.34/255.255.255.255 + IP:10.0.2.35/255.255.255.255 + IP:10.0.2.36/255.255.255.255 + IP:10.0.2.37/255.255.255.255 + IP:10.0.2.38/255.255.255.255 + IP:10.0.2.39/255.255.255.255 + IP:10.0.2.40/255.255.255.255 + IP:10.0.2.41/255.255.255.255 + IP:10.0.2.42/255.255.255.255 + IP:10.0.2.43/255.255.255.255 + IP:10.0.2.44/255.255.255.255 + IP:10.0.2.45/255.255.255.255 + IP:10.0.2.46/255.255.255.255 + IP:10.0.2.47/255.255.255.255 + IP:10.0.2.48/255.255.255.255 + IP:10.0.2.49/255.255.255.255 + IP:10.0.2.50/255.255.255.255 + IP:10.0.2.51/255.255.255.255 + IP:10.0.2.52/255.255.255.255 + IP:10.0.2.53/255.255.255.255 + IP:10.0.2.54/255.255.255.255 + IP:10.0.2.55/255.255.255.255 + IP:10.0.2.56/255.255.255.255 + IP:10.0.2.57/255.255.255.255 + IP:10.0.2.58/255.255.255.255 + IP:10.0.2.59/255.255.255.255 + IP:10.0.2.60/255.255.255.255 + IP:10.0.2.61/255.255.255.255 + IP:10.0.2.62/255.255.255.255 + IP:10.0.2.63/255.255.255.255 + IP:10.0.2.64/255.255.255.255 + IP:10.0.2.65/255.255.255.255 + IP:10.0.2.66/255.255.255.255 + IP:10.0.2.67/255.255.255.255 + IP:10.0.2.68/255.255.255.255 + IP:10.0.2.69/255.255.255.255 + IP:10.0.2.70/255.255.255.255 + IP:10.0.2.71/255.255.255.255 + IP:10.0.2.72/255.255.255.255 + IP:10.0.2.73/255.255.255.255 + IP:10.0.2.74/255.255.255.255 + IP:10.0.2.75/255.255.255.255 + IP:10.0.2.76/255.255.255.255 + IP:10.0.2.77/255.255.255.255 + IP:10.0.2.78/255.255.255.255 + IP:10.0.2.79/255.255.255.255 + IP:10.0.2.80/255.255.255.255 + IP:10.0.2.81/255.255.255.255 + IP:10.0.2.82/255.255.255.255 + IP:10.0.2.83/255.255.255.255 + IP:10.0.2.84/255.255.255.255 + IP:10.0.2.85/255.255.255.255 + IP:10.0.2.86/255.255.255.255 + IP:10.0.2.87/255.255.255.255 + IP:10.0.2.88/255.255.255.255 + IP:10.0.2.89/255.255.255.255 + IP:10.0.2.90/255.255.255.255 + IP:10.0.2.91/255.255.255.255 + IP:10.0.2.92/255.255.255.255 + IP:10.0.2.93/255.255.255.255 + IP:10.0.2.94/255.255.255.255 + IP:10.0.2.95/255.255.255.255 + IP:10.0.2.96/255.255.255.255 + IP:10.0.2.97/255.255.255.255 + IP:10.0.2.98/255.255.255.255 + IP:10.0.2.99/255.255.255.255 + IP:10.0.2.100/255.255.255.255 + IP:10.0.2.101/255.255.255.255 + IP:10.0.2.102/255.255.255.255 + IP:10.0.2.103/255.255.255.255 + IP:10.0.2.104/255.255.255.255 + IP:10.0.2.105/255.255.255.255 + IP:10.0.2.106/255.255.255.255 + IP:10.0.2.107/255.255.255.255 + IP:10.0.2.108/255.255.255.255 + IP:10.0.2.109/255.255.255.255 + IP:10.0.2.110/255.255.255.255 + IP:10.0.2.111/255.255.255.255 + IP:10.0.2.112/255.255.255.255 + IP:10.0.2.113/255.255.255.255 + IP:10.0.2.114/255.255.255.255 + IP:10.0.2.115/255.255.255.255 + IP:10.0.2.116/255.255.255.255 + IP:10.0.2.117/255.255.255.255 + IP:10.0.2.118/255.255.255.255 + IP:10.0.2.119/255.255.255.255 + IP:10.0.2.120/255.255.255.255 + IP:10.0.2.121/255.255.255.255 + IP:10.0.2.122/255.255.255.255 + IP:10.0.2.123/255.255.255.255 + IP:10.0.2.124/255.255.255.255 + IP:10.0.2.125/255.255.255.255 + IP:10.0.2.126/255.255.255.255 + IP:10.0.2.127/255.255.255.255 + IP:10.0.2.128/255.255.255.255 + IP:10.0.2.129/255.255.255.255 + IP:10.0.2.130/255.255.255.255 + IP:10.0.2.131/255.255.255.255 + IP:10.0.2.132/255.255.255.255 + IP:10.0.2.133/255.255.255.255 + IP:10.0.2.134/255.255.255.255 + IP:10.0.2.135/255.255.255.255 + IP:10.0.2.136/255.255.255.255 + IP:10.0.2.137/255.255.255.255 + IP:10.0.2.138/255.255.255.255 + IP:10.0.2.139/255.255.255.255 + IP:10.0.2.140/255.255.255.255 + IP:10.0.2.141/255.255.255.255 + IP:10.0.2.142/255.255.255.255 + IP:10.0.2.143/255.255.255.255 + IP:10.0.2.144/255.255.255.255 + IP:10.0.2.145/255.255.255.255 + IP:10.0.2.146/255.255.255.255 + IP:10.0.2.147/255.255.255.255 + IP:10.0.2.148/255.255.255.255 + IP:10.0.2.149/255.255.255.255 + IP:10.0.2.150/255.255.255.255 + IP:10.0.2.151/255.255.255.255 + IP:10.0.2.152/255.255.255.255 + IP:10.0.2.153/255.255.255.255 + IP:10.0.2.154/255.255.255.255 + IP:10.0.2.155/255.255.255.255 + IP:10.0.2.156/255.255.255.255 + IP:10.0.2.157/255.255.255.255 + IP:10.0.2.158/255.255.255.255 + IP:10.0.2.159/255.255.255.255 + IP:10.0.2.160/255.255.255.255 + IP:10.0.2.161/255.255.255.255 + IP:10.0.2.162/255.255.255.255 + IP:10.0.2.163/255.255.255.255 + IP:10.0.2.164/255.255.255.255 + IP:10.0.2.165/255.255.255.255 + IP:10.0.2.166/255.255.255.255 + IP:10.0.2.167/255.255.255.255 + IP:10.0.2.168/255.255.255.255 + IP:10.0.2.169/255.255.255.255 + IP:10.0.2.170/255.255.255.255 + IP:10.0.2.171/255.255.255.255 + IP:10.0.2.172/255.255.255.255 + IP:10.0.2.173/255.255.255.255 + IP:10.0.2.174/255.255.255.255 + IP:10.0.2.175/255.255.255.255 + IP:10.0.2.176/255.255.255.255 + IP:10.0.2.177/255.255.255.255 + IP:10.0.2.178/255.255.255.255 + IP:10.0.2.179/255.255.255.255 + IP:10.0.2.180/255.255.255.255 + IP:10.0.2.181/255.255.255.255 + IP:10.0.2.182/255.255.255.255 + IP:10.0.2.183/255.255.255.255 + IP:10.0.2.184/255.255.255.255 + IP:10.0.2.185/255.255.255.255 + IP:10.0.2.186/255.255.255.255 + IP:10.0.2.187/255.255.255.255 + IP:10.0.2.188/255.255.255.255 + IP:10.0.2.189/255.255.255.255 + IP:10.0.2.190/255.255.255.255 + IP:10.0.2.191/255.255.255.255 + IP:10.0.2.192/255.255.255.255 + IP:10.0.2.193/255.255.255.255 + IP:10.0.2.194/255.255.255.255 + IP:10.0.2.195/255.255.255.255 + IP:10.0.2.196/255.255.255.255 + IP:10.0.2.197/255.255.255.255 + IP:10.0.2.198/255.255.255.255 + IP:10.0.2.199/255.255.255.255 + IP:10.0.2.200/255.255.255.255 + IP:10.0.2.201/255.255.255.255 + IP:10.0.2.202/255.255.255.255 + IP:10.0.2.203/255.255.255.255 + IP:10.0.2.204/255.255.255.255 + IP:10.0.2.205/255.255.255.255 + IP:10.0.2.206/255.255.255.255 + IP:10.0.2.207/255.255.255.255 + IP:10.0.2.208/255.255.255.255 + IP:10.0.2.209/255.255.255.255 + IP:10.0.2.210/255.255.255.255 + IP:10.0.2.211/255.255.255.255 + IP:10.0.2.212/255.255.255.255 + IP:10.0.2.213/255.255.255.255 + IP:10.0.2.214/255.255.255.255 + IP:10.0.2.215/255.255.255.255 + IP:10.0.2.216/255.255.255.255 + IP:10.0.2.217/255.255.255.255 + IP:10.0.2.218/255.255.255.255 + IP:10.0.2.219/255.255.255.255 + IP:10.0.2.220/255.255.255.255 + IP:10.0.2.221/255.255.255.255 + IP:10.0.2.222/255.255.255.255 + IP:10.0.2.223/255.255.255.255 + IP:10.0.2.224/255.255.255.255 + IP:10.0.2.225/255.255.255.255 + IP:10.0.2.226/255.255.255.255 + IP:10.0.2.227/255.255.255.255 + IP:10.0.2.228/255.255.255.255 + IP:10.0.2.229/255.255.255.255 + IP:10.0.2.230/255.255.255.255 + IP:10.0.2.231/255.255.255.255 + IP:10.0.2.232/255.255.255.255 + IP:10.0.2.233/255.255.255.255 + IP:10.0.2.234/255.255.255.255 + IP:10.0.2.235/255.255.255.255 + IP:10.0.2.236/255.255.255.255 + IP:10.0.2.237/255.255.255.255 + IP:10.0.2.238/255.255.255.255 + IP:10.0.2.239/255.255.255.255 + IP:10.0.2.240/255.255.255.255 + IP:10.0.2.241/255.255.255.255 + IP:10.0.2.242/255.255.255.255 + IP:10.0.2.243/255.255.255.255 + IP:10.0.2.244/255.255.255.255 + IP:10.0.2.245/255.255.255.255 + IP:10.0.2.246/255.255.255.255 + IP:10.0.2.247/255.255.255.255 + IP:10.0.2.248/255.255.255.255 + IP:10.0.2.249/255.255.255.255 + IP:10.0.2.250/255.255.255.255 + IP:10.0.2.251/255.255.255.255 + IP:10.0.2.252/255.255.255.255 + IP:10.0.2.253/255.255.255.255 + IP:10.0.2.254/255.255.255.255 + IP:10.0.2.255/255.255.255.255 + IP:10.0.3.0/255.255.255.255 + IP:10.0.3.1/255.255.255.255 + IP:10.0.3.2/255.255.255.255 + IP:10.0.3.3/255.255.255.255 + IP:10.0.3.4/255.255.255.255 + IP:10.0.3.5/255.255.255.255 + IP:10.0.3.6/255.255.255.255 + IP:10.0.3.7/255.255.255.255 + IP:10.0.3.8/255.255.255.255 + IP:10.0.3.9/255.255.255.255 + IP:10.0.3.10/255.255.255.255 + IP:10.0.3.11/255.255.255.255 + IP:10.0.3.12/255.255.255.255 + IP:10.0.3.13/255.255.255.255 + IP:10.0.3.14/255.255.255.255 + IP:10.0.3.15/255.255.255.255 + IP:10.0.3.16/255.255.255.255 + IP:10.0.3.17/255.255.255.255 + IP:10.0.3.18/255.255.255.255 + IP:10.0.3.19/255.255.255.255 + IP:10.0.3.20/255.255.255.255 + IP:10.0.3.21/255.255.255.255 + IP:10.0.3.22/255.255.255.255 + IP:10.0.3.23/255.255.255.255 + IP:10.0.3.24/255.255.255.255 + IP:10.0.3.25/255.255.255.255 + IP:10.0.3.26/255.255.255.255 + IP:10.0.3.27/255.255.255.255 + IP:10.0.3.28/255.255.255.255 + IP:10.0.3.29/255.255.255.255 + IP:10.0.3.30/255.255.255.255 + IP:10.0.3.31/255.255.255.255 + IP:10.0.3.32/255.255.255.255 + IP:10.0.3.33/255.255.255.255 + IP:10.0.3.34/255.255.255.255 + IP:10.0.3.35/255.255.255.255 + IP:10.0.3.36/255.255.255.255 + IP:10.0.3.37/255.255.255.255 + IP:10.0.3.38/255.255.255.255 + IP:10.0.3.39/255.255.255.255 + IP:10.0.3.40/255.255.255.255 + IP:10.0.3.41/255.255.255.255 + IP:10.0.3.42/255.255.255.255 + IP:10.0.3.43/255.255.255.255 + IP:10.0.3.44/255.255.255.255 + IP:10.0.3.45/255.255.255.255 + IP:10.0.3.46/255.255.255.255 + IP:10.0.3.47/255.255.255.255 + IP:10.0.3.48/255.255.255.255 + IP:10.0.3.49/255.255.255.255 + IP:10.0.3.50/255.255.255.255 + IP:10.0.3.51/255.255.255.255 + IP:10.0.3.52/255.255.255.255 + IP:10.0.3.53/255.255.255.255 + IP:10.0.3.54/255.255.255.255 + IP:10.0.3.55/255.255.255.255 + IP:10.0.3.56/255.255.255.255 + IP:10.0.3.57/255.255.255.255 + IP:10.0.3.58/255.255.255.255 + IP:10.0.3.59/255.255.255.255 + IP:10.0.3.60/255.255.255.255 + IP:10.0.3.61/255.255.255.255 + IP:10.0.3.62/255.255.255.255 + IP:10.0.3.63/255.255.255.255 + IP:10.0.3.64/255.255.255.255 + IP:10.0.3.65/255.255.255.255 + IP:10.0.3.66/255.255.255.255 + IP:10.0.3.67/255.255.255.255 + IP:10.0.3.68/255.255.255.255 + IP:10.0.3.69/255.255.255.255 + IP:10.0.3.70/255.255.255.255 + IP:10.0.3.71/255.255.255.255 + IP:10.0.3.72/255.255.255.255 + IP:10.0.3.73/255.255.255.255 + IP:10.0.3.74/255.255.255.255 + IP:10.0.3.75/255.255.255.255 + IP:10.0.3.76/255.255.255.255 + IP:10.0.3.77/255.255.255.255 + IP:10.0.3.78/255.255.255.255 + IP:10.0.3.79/255.255.255.255 + IP:10.0.3.80/255.255.255.255 + IP:10.0.3.81/255.255.255.255 + IP:10.0.3.82/255.255.255.255 + IP:10.0.3.83/255.255.255.255 + IP:10.0.3.84/255.255.255.255 + IP:10.0.3.85/255.255.255.255 + IP:10.0.3.86/255.255.255.255 + IP:10.0.3.87/255.255.255.255 + IP:10.0.3.88/255.255.255.255 + IP:10.0.3.89/255.255.255.255 + IP:10.0.3.90/255.255.255.255 + IP:10.0.3.91/255.255.255.255 + IP:10.0.3.92/255.255.255.255 + IP:10.0.3.93/255.255.255.255 + IP:10.0.3.94/255.255.255.255 + IP:10.0.3.95/255.255.255.255 + IP:10.0.3.96/255.255.255.255 + IP:10.0.3.97/255.255.255.255 + IP:10.0.3.98/255.255.255.255 + IP:10.0.3.99/255.255.255.255 + IP:10.0.3.100/255.255.255.255 + IP:10.0.3.101/255.255.255.255 + IP:10.0.3.102/255.255.255.255 + IP:10.0.3.103/255.255.255.255 + IP:10.0.3.104/255.255.255.255 + IP:10.0.3.105/255.255.255.255 + IP:10.0.3.106/255.255.255.255 + IP:10.0.3.107/255.255.255.255 + IP:10.0.3.108/255.255.255.255 + IP:10.0.3.109/255.255.255.255 + IP:10.0.3.110/255.255.255.255 + IP:10.0.3.111/255.255.255.255 + IP:10.0.3.112/255.255.255.255 + IP:10.0.3.113/255.255.255.255 + IP:10.0.3.114/255.255.255.255 + IP:10.0.3.115/255.255.255.255 + IP:10.0.3.116/255.255.255.255 + IP:10.0.3.117/255.255.255.255 + IP:10.0.3.118/255.255.255.255 + IP:10.0.3.119/255.255.255.255 + IP:10.0.3.120/255.255.255.255 + IP:10.0.3.121/255.255.255.255 + IP:10.0.3.122/255.255.255.255 + IP:10.0.3.123/255.255.255.255 + IP:10.0.3.124/255.255.255.255 + IP:10.0.3.125/255.255.255.255 + IP:10.0.3.126/255.255.255.255 + IP:10.0.3.127/255.255.255.255 + IP:10.0.3.128/255.255.255.255 + IP:10.0.3.129/255.255.255.255 + IP:10.0.3.130/255.255.255.255 + IP:10.0.3.131/255.255.255.255 + IP:10.0.3.132/255.255.255.255 + IP:10.0.3.133/255.255.255.255 + IP:10.0.3.134/255.255.255.255 + IP:10.0.3.135/255.255.255.255 + IP:10.0.3.136/255.255.255.255 + IP:10.0.3.137/255.255.255.255 + IP:10.0.3.138/255.255.255.255 + IP:10.0.3.139/255.255.255.255 + IP:10.0.3.140/255.255.255.255 + IP:10.0.3.141/255.255.255.255 + IP:10.0.3.142/255.255.255.255 + IP:10.0.3.143/255.255.255.255 + IP:10.0.3.144/255.255.255.255 + IP:10.0.3.145/255.255.255.255 + IP:10.0.3.146/255.255.255.255 + IP:10.0.3.147/255.255.255.255 + IP:10.0.3.148/255.255.255.255 + IP:10.0.3.149/255.255.255.255 + IP:10.0.3.150/255.255.255.255 + IP:10.0.3.151/255.255.255.255 + IP:10.0.3.152/255.255.255.255 + IP:10.0.3.153/255.255.255.255 + IP:10.0.3.154/255.255.255.255 + IP:10.0.3.155/255.255.255.255 + IP:10.0.3.156/255.255.255.255 + IP:10.0.3.157/255.255.255.255 + IP:10.0.3.158/255.255.255.255 + IP:10.0.3.159/255.255.255.255 + IP:10.0.3.160/255.255.255.255 + IP:10.0.3.161/255.255.255.255 + IP:10.0.3.162/255.255.255.255 + IP:10.0.3.163/255.255.255.255 + IP:10.0.3.164/255.255.255.255 + IP:10.0.3.165/255.255.255.255 + IP:10.0.3.166/255.255.255.255 + IP:10.0.3.167/255.255.255.255 + IP:10.0.3.168/255.255.255.255 + IP:10.0.3.169/255.255.255.255 + IP:10.0.3.170/255.255.255.255 + IP:10.0.3.171/255.255.255.255 + IP:10.0.3.172/255.255.255.255 + IP:10.0.3.173/255.255.255.255 + IP:10.0.3.174/255.255.255.255 + IP:10.0.3.175/255.255.255.255 + IP:10.0.3.176/255.255.255.255 + IP:10.0.3.177/255.255.255.255 + IP:10.0.3.178/255.255.255.255 + IP:10.0.3.179/255.255.255.255 + IP:10.0.3.180/255.255.255.255 + IP:10.0.3.181/255.255.255.255 + IP:10.0.3.182/255.255.255.255 + IP:10.0.3.183/255.255.255.255 + IP:10.0.3.184/255.255.255.255 + IP:10.0.3.185/255.255.255.255 + IP:10.0.3.186/255.255.255.255 + IP:10.0.3.187/255.255.255.255 + IP:10.0.3.188/255.255.255.255 + IP:10.0.3.189/255.255.255.255 + IP:10.0.3.190/255.255.255.255 + IP:10.0.3.191/255.255.255.255 + IP:10.0.3.192/255.255.255.255 + IP:10.0.3.193/255.255.255.255 + IP:10.0.3.194/255.255.255.255 + IP:10.0.3.195/255.255.255.255 + IP:10.0.3.196/255.255.255.255 + IP:10.0.3.197/255.255.255.255 + IP:10.0.3.198/255.255.255.255 + IP:10.0.3.199/255.255.255.255 + IP:10.0.3.200/255.255.255.255 + IP:10.0.3.201/255.255.255.255 + IP:10.0.3.202/255.255.255.255 + IP:10.0.3.203/255.255.255.255 + IP:10.0.3.204/255.255.255.255 + IP:10.0.3.205/255.255.255.255 + IP:10.0.3.206/255.255.255.255 + IP:10.0.3.207/255.255.255.255 + IP:10.0.3.208/255.255.255.255 + IP:10.0.3.209/255.255.255.255 + IP:10.0.3.210/255.255.255.255 + IP:10.0.3.211/255.255.255.255 + IP:10.0.3.212/255.255.255.255 + IP:10.0.3.213/255.255.255.255 + IP:10.0.3.214/255.255.255.255 + IP:10.0.3.215/255.255.255.255 + IP:10.0.3.216/255.255.255.255 + IP:10.0.3.217/255.255.255.255 + IP:10.0.3.218/255.255.255.255 + IP:10.0.3.219/255.255.255.255 + IP:10.0.3.220/255.255.255.255 + IP:10.0.3.221/255.255.255.255 + IP:10.0.3.222/255.255.255.255 + IP:10.0.3.223/255.255.255.255 + IP:10.0.3.224/255.255.255.255 + IP:10.0.3.225/255.255.255.255 + IP:10.0.3.226/255.255.255.255 + IP:10.0.3.227/255.255.255.255 + IP:10.0.3.228/255.255.255.255 + IP:10.0.3.229/255.255.255.255 + IP:10.0.3.230/255.255.255.255 + IP:10.0.3.231/255.255.255.255 + IP:10.0.3.232/255.255.255.255 + IP:10.0.3.233/255.255.255.255 + IP:10.0.3.234/255.255.255.255 + IP:10.0.3.235/255.255.255.255 + IP:10.0.3.236/255.255.255.255 + IP:10.0.3.237/255.255.255.255 + IP:10.0.3.238/255.255.255.255 + IP:10.0.3.239/255.255.255.255 + IP:10.0.3.240/255.255.255.255 + IP:10.0.3.241/255.255.255.255 + IP:10.0.3.242/255.255.255.255 + IP:10.0.3.243/255.255.255.255 + IP:10.0.3.244/255.255.255.255 + IP:10.0.3.245/255.255.255.255 + IP:10.0.3.246/255.255.255.255 + IP:10.0.3.247/255.255.255.255 + IP:10.0.3.248/255.255.255.255 + IP:10.0.3.249/255.255.255.255 + IP:10.0.3.250/255.255.255.255 + IP:10.0.3.251/255.255.255.255 + IP:10.0.3.252/255.255.255.255 + IP:10.0.3.253/255.255.255.255 + IP:10.0.3.254/255.255.255.255 + IP:10.0.3.255/255.255.255.255 + IP:10.0.4.0/255.255.255.255 + + Signature Algorithm: sha256WithRSAEncryption + 58:a8:fb:63:46:45:e4:1c:02:f9:5f:1a:8f:a3:1d:d4:d0:41: + 9a:13:72:6d:3a:7b:6a:24:dc:70:47:29:f6:c9:73:80:1a:5f: + ee:92:a6:ce:26:94:d0:7b:29:18:07:c8:69:a6:dd:d8:cf:65: + fa:9b:e1:00:a0:7e:ea:a3:a5:92:09:01:95:6d:52:66:12:5f: + c0:49:6b:38:aa:ba:bc:58:ac:c2:03:ee:6f:2d:5f:8e:73:71: + 19:8a:d8:04:4b:00:fd:94:d3:7f:fa:38:6d:21:15:ba:e5:8e: + 7c:5f:2c:5d:58:67:71:f6:37:14:a5:ac:d5:ff:44:ca:b0:2b: + 41:b3:2c:d4:93:25:0a:d2:ff:1d:bb:de:d4:43:fd:05:b7:5f: + 07:3f:b3:04:52:54:83:5d:1f:05:b3:ff:50:47:83:ec:6f:8a: + 92:9a:3b:27:82:05:ea:e2:6f:a2:4a:43:8b:7a:39:a9:6b:da: + 9c:63:39:5d:57:a8:b8:86:84:c9:fe:5b:2a:1e:07:6c:05:18: + d5:40:e7:6d:75:e3:31:1c:d2:1c:e6:3e:46:63:b4:7e:30:d3: + a1:14:77:40:28:6e:d3:3a:fc:e1:80:45:37:7e:5f:ec:5c:66: + bb:6f:4f:82:30:24:53:6c:8f:4a:db:6d:5a:8f:71:63:20:fa: + f9:b6:54:fc +-----BEGIN CERTIFICATE----- +MIIzozCCMougAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALs72wRuF+BUUrojdyS8NONw2ZmeU10zC6nMSx2uBicYjlW6 +rRLHHTJZbcMWINtipneAEuCHWFFV42Z/0eA6ImXlcCaiBATwXflfVsja6A9XKHdu +mqBKUzQaYzeiQ6sOSs0HI91Vg0QADHBB3zVk0MUOaofbyvw11eJbrwug5nWl0uFy +TiJjAUFzuJVQLP3tw2G2NtSDlWHD4GH/9J6K6Lrc0faJ7Z0wRJUn9NGL5i8UZlbx +2vHMBBt3kqWfWEAMnwwy1gXCTMDFn+WkMD1M6Z0DbEwGtuWVvSG45iuooL8Gu0Mz +GT17F1nxZE0kZ7FRDzWu8HF1ea5bAjQEMeNmhmUCAwEAAaOCMO0wgjDpMB0GA1Ud +DgQWBBSSET+sEZbHZjfPg1ok8Dp3rzONfzAfBgNVHSMEGDAWgBS2wu+f0SnLD4mM +TFLUvUC3Ebdx3TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wgjAdBgNVHR4EgjAUMIIwEKCCMAwwCocICgAAAP////8wCocICgAAAf////8w +CocICgAAAv////8wCocICgAAA/////8wCocICgAABP////8wCocICgAABf////8w +CocICgAABv////8wCocICgAAB/////8wCocICgAACP////8wCocICgAACf////8w +CocICgAACv////8wCocICgAAC/////8wCocICgAADP////8wCocICgAADf////8w +CocICgAADv////8wCocICgAAD/////8wCocICgAAEP////8wCocICgAAEf////8w +CocICgAAEv////8wCocICgAAE/////8wCocICgAAFP////8wCocICgAAFf////8w +CocICgAAFv////8wCocICgAAF/////8wCocICgAAGP////8wCocICgAAGf////8w +CocICgAAGv////8wCocICgAAG/////8wCocICgAAHP////8wCocICgAAHf////8w +CocICgAAHv////8wCocICgAAH/////8wCocICgAAIP////8wCocICgAAIf////8w +CocICgAAIv////8wCocICgAAI/////8wCocICgAAJP////8wCocICgAAJf////8w +CocICgAAJv////8wCocICgAAJ/////8wCocICgAAKP////8wCocICgAAKf////8w +CocICgAAKv////8wCocICgAAK/////8wCocICgAALP////8wCocICgAALf////8w +CocICgAALv////8wCocICgAAL/////8wCocICgAAMP////8wCocICgAAMf////8w +CocICgAAMv////8wCocICgAAM/////8wCocICgAANP////8wCocICgAANf////8w +CocICgAANv////8wCocICgAAN/////8wCocICgAAOP////8wCocICgAAOf////8w +CocICgAAOv////8wCocICgAAO/////8wCocICgAAPP////8wCocICgAAPf////8w +CocICgAAPv////8wCocICgAAP/////8wCocICgAAQP////8wCocICgAAQf////8w +CocICgAAQv////8wCocICgAAQ/////8wCocICgAARP////8wCocICgAARf////8w +CocICgAARv////8wCocICgAAR/////8wCocICgAASP////8wCocICgAASf////8w +CocICgAASv////8wCocICgAAS/////8wCocICgAATP////8wCocICgAATf////8w +CocICgAATv////8wCocICgAAT/////8wCocICgAAUP////8wCocICgAAUf////8w +CocICgAAUv////8wCocICgAAU/////8wCocICgAAVP////8wCocICgAAVf////8w +CocICgAAVv////8wCocICgAAV/////8wCocICgAAWP////8wCocICgAAWf////8w +CocICgAAWv////8wCocICgAAW/////8wCocICgAAXP////8wCocICgAAXf////8w +CocICgAAXv////8wCocICgAAX/////8wCocICgAAYP////8wCocICgAAYf////8w +CocICgAAYv////8wCocICgAAY/////8wCocICgAAZP////8wCocICgAAZf////8w +CocICgAAZv////8wCocICgAAZ/////8wCocICgAAaP////8wCocICgAAaf////8w +CocICgAAav////8wCocICgAAa/////8wCocICgAAbP////8wCocICgAAbf////8w +CocICgAAbv////8wCocICgAAb/////8wCocICgAAcP////8wCocICgAAcf////8w +CocICgAAcv////8wCocICgAAc/////8wCocICgAAdP////8wCocICgAAdf////8w +CocICgAAdv////8wCocICgAAd/////8wCocICgAAeP////8wCocICgAAef////8w +CocICgAAev////8wCocICgAAe/////8wCocICgAAfP////8wCocICgAAff////8w +CocICgAAfv////8wCocICgAAf/////8wCocICgAAgP////8wCocICgAAgf////8w +CocICgAAgv////8wCocICgAAg/////8wCocICgAAhP////8wCocICgAAhf////8w +CocICgAAhv////8wCocICgAAh/////8wCocICgAAiP////8wCocICgAAif////8w +CocICgAAiv////8wCocICgAAi/////8wCocICgAAjP////8wCocICgAAjf////8w +CocICgAAjv////8wCocICgAAj/////8wCocICgAAkP////8wCocICgAAkf////8w +CocICgAAkv////8wCocICgAAk/////8wCocICgAAlP////8wCocICgAAlf////8w +CocICgAAlv////8wCocICgAAl/////8wCocICgAAmP////8wCocICgAAmf////8w +CocICgAAmv////8wCocICgAAm/////8wCocICgAAnP////8wCocICgAAnf////8w +CocICgAAnv////8wCocICgAAn/////8wCocICgAAoP////8wCocICgAAof////8w +CocICgAAov////8wCocICgAAo/////8wCocICgAApP////8wCocICgAApf////8w +CocICgAApv////8wCocICgAAp/////8wCocICgAAqP////8wCocICgAAqf////8w +CocICgAAqv////8wCocICgAAq/////8wCocICgAArP////8wCocICgAArf////8w +CocICgAArv////8wCocICgAAr/////8wCocICgAAsP////8wCocICgAAsf////8w +CocICgAAsv////8wCocICgAAs/////8wCocICgAAtP////8wCocICgAAtf////8w +CocICgAAtv////8wCocICgAAt/////8wCocICgAAuP////8wCocICgAAuf////8w +CocICgAAuv////8wCocICgAAu/////8wCocICgAAvP////8wCocICgAAvf////8w +CocICgAAvv////8wCocICgAAv/////8wCocICgAAwP////8wCocICgAAwf////8w +CocICgAAwv////8wCocICgAAw/////8wCocICgAAxP////8wCocICgAAxf////8w +CocICgAAxv////8wCocICgAAx/////8wCocICgAAyP////8wCocICgAAyf////8w +CocICgAAyv////8wCocICgAAy/////8wCocICgAAzP////8wCocICgAAzf////8w +CocICgAAzv////8wCocICgAAz/////8wCocICgAA0P////8wCocICgAA0f////8w +CocICgAA0v////8wCocICgAA0/////8wCocICgAA1P////8wCocICgAA1f////8w +CocICgAA1v////8wCocICgAA1/////8wCocICgAA2P////8wCocICgAA2f////8w +CocICgAA2v////8wCocICgAA2/////8wCocICgAA3P////8wCocICgAA3f////8w +CocICgAA3v////8wCocICgAA3/////8wCocICgAA4P////8wCocICgAA4f////8w +CocICgAA4v////8wCocICgAA4/////8wCocICgAA5P////8wCocICgAA5f////8w +CocICgAA5v////8wCocICgAA5/////8wCocICgAA6P////8wCocICgAA6f////8w +CocICgAA6v////8wCocICgAA6/////8wCocICgAA7P////8wCocICgAA7f////8w +CocICgAA7v////8wCocICgAA7/////8wCocICgAA8P////8wCocICgAA8f////8w +CocICgAA8v////8wCocICgAA8/////8wCocICgAA9P////8wCocICgAA9f////8w +CocICgAA9v////8wCocICgAA9/////8wCocICgAA+P////8wCocICgAA+f////8w +CocICgAA+v////8wCocICgAA+/////8wCocICgAA/P////8wCocICgAA/f////8w +CocICgAA/v////8wCocICgAA//////8wCocICgABAP////8wCocICgABAf////8w +CocICgABAv////8wCocICgABA/////8wCocICgABBP////8wCocICgABBf////8w +CocICgABBv////8wCocICgABB/////8wCocICgABCP////8wCocICgABCf////8w +CocICgABCv////8wCocICgABC/////8wCocICgABDP////8wCocICgABDf////8w +CocICgABDv////8wCocICgABD/////8wCocICgABEP////8wCocICgABEf////8w +CocICgABEv////8wCocICgABE/////8wCocICgABFP////8wCocICgABFf////8w +CocICgABFv////8wCocICgABF/////8wCocICgABGP////8wCocICgABGf////8w +CocICgABGv////8wCocICgABG/////8wCocICgABHP////8wCocICgABHf////8w +CocICgABHv////8wCocICgABH/////8wCocICgABIP////8wCocICgABIf////8w +CocICgABIv////8wCocICgABI/////8wCocICgABJP////8wCocICgABJf////8w +CocICgABJv////8wCocICgABJ/////8wCocICgABKP////8wCocICgABKf////8w +CocICgABKv////8wCocICgABK/////8wCocICgABLP////8wCocICgABLf////8w +CocICgABLv////8wCocICgABL/////8wCocICgABMP////8wCocICgABMf////8w +CocICgABMv////8wCocICgABM/////8wCocICgABNP////8wCocICgABNf////8w +CocICgABNv////8wCocICgABN/////8wCocICgABOP////8wCocICgABOf////8w +CocICgABOv////8wCocICgABO/////8wCocICgABPP////8wCocICgABPf////8w +CocICgABPv////8wCocICgABP/////8wCocICgABQP////8wCocICgABQf////8w +CocICgABQv////8wCocICgABQ/////8wCocICgABRP////8wCocICgABRf////8w +CocICgABRv////8wCocICgABR/////8wCocICgABSP////8wCocICgABSf////8w +CocICgABSv////8wCocICgABS/////8wCocICgABTP////8wCocICgABTf////8w +CocICgABTv////8wCocICgABT/////8wCocICgABUP////8wCocICgABUf////8w +CocICgABUv////8wCocICgABU/////8wCocICgABVP////8wCocICgABVf////8w +CocICgABVv////8wCocICgABV/////8wCocICgABWP////8wCocICgABWf////8w +CocICgABWv////8wCocICgABW/////8wCocICgABXP////8wCocICgABXf////8w +CocICgABXv////8wCocICgABX/////8wCocICgABYP////8wCocICgABYf////8w +CocICgABYv////8wCocICgABY/////8wCocICgABZP////8wCocICgABZf////8w +CocICgABZv////8wCocICgABZ/////8wCocICgABaP////8wCocICgABaf////8w +CocICgABav////8wCocICgABa/////8wCocICgABbP////8wCocICgABbf////8w +CocICgABbv////8wCocICgABb/////8wCocICgABcP////8wCocICgABcf////8w +CocICgABcv////8wCocICgABc/////8wCocICgABdP////8wCocICgABdf////8w +CocICgABdv////8wCocICgABd/////8wCocICgABeP////8wCocICgABef////8w +CocICgABev////8wCocICgABe/////8wCocICgABfP////8wCocICgABff////8w +CocICgABfv////8wCocICgABf/////8wCocICgABgP////8wCocICgABgf////8w +CocICgABgv////8wCocICgABg/////8wCocICgABhP////8wCocICgABhf////8w +CocICgABhv////8wCocICgABh/////8wCocICgABiP////8wCocICgABif////8w +CocICgABiv////8wCocICgABi/////8wCocICgABjP////8wCocICgABjf////8w +CocICgABjv////8wCocICgABj/////8wCocICgABkP////8wCocICgABkf////8w +CocICgABkv////8wCocICgABk/////8wCocICgABlP////8wCocICgABlf////8w +CocICgABlv////8wCocICgABl/////8wCocICgABmP////8wCocICgABmf////8w +CocICgABmv////8wCocICgABm/////8wCocICgABnP////8wCocICgABnf////8w +CocICgABnv////8wCocICgABn/////8wCocICgABoP////8wCocICgABof////8w +CocICgABov////8wCocICgABo/////8wCocICgABpP////8wCocICgABpf////8w +CocICgABpv////8wCocICgABp/////8wCocICgABqP////8wCocICgABqf////8w +CocICgABqv////8wCocICgABq/////8wCocICgABrP////8wCocICgABrf////8w +CocICgABrv////8wCocICgABr/////8wCocICgABsP////8wCocICgABsf////8w +CocICgABsv////8wCocICgABs/////8wCocICgABtP////8wCocICgABtf////8w +CocICgABtv////8wCocICgABt/////8wCocICgABuP////8wCocICgABuf////8w +CocICgABuv////8wCocICgABu/////8wCocICgABvP////8wCocICgABvf////8w +CocICgABvv////8wCocICgABv/////8wCocICgABwP////8wCocICgABwf////8w +CocICgABwv////8wCocICgABw/////8wCocICgABxP////8wCocICgABxf////8w +CocICgABxv////8wCocICgABx/////8wCocICgAByP////8wCocICgAByf////8w +CocICgAByv////8wCocICgABy/////8wCocICgABzP////8wCocICgABzf////8w +CocICgABzv////8wCocICgABz/////8wCocICgAB0P////8wCocICgAB0f////8w +CocICgAB0v////8wCocICgAB0/////8wCocICgAB1P////8wCocICgAB1f////8w +CocICgAB1v////8wCocICgAB1/////8wCocICgAB2P////8wCocICgAB2f////8w +CocICgAB2v////8wCocICgAB2/////8wCocICgAB3P////8wCocICgAB3f////8w +CocICgAB3v////8wCocICgAB3/////8wCocICgAB4P////8wCocICgAB4f////8w +CocICgAB4v////8wCocICgAB4/////8wCocICgAB5P////8wCocICgAB5f////8w +CocICgAB5v////8wCocICgAB5/////8wCocICgAB6P////8wCocICgAB6f////8w +CocICgAB6v////8wCocICgAB6/////8wCocICgAB7P////8wCocICgAB7f////8w +CocICgAB7v////8wCocICgAB7/////8wCocICgAB8P////8wCocICgAB8f////8w +CocICgAB8v////8wCocICgAB8/////8wCocICgAB9P////8wCocICgAB9f////8w +CocICgAB9v////8wCocICgAB9/////8wCocICgAB+P////8wCocICgAB+f////8w +CocICgAB+v////8wCocICgAB+/////8wCocICgAB/P////8wCocICgAB/f////8w +CocICgAB/v////8wCocICgAB//////8wCocICgACAP////8wCocICgACAf////8w +CocICgACAv////8wCocICgACA/////8wCocICgACBP////8wCocICgACBf////8w +CocICgACBv////8wCocICgACB/////8wCocICgACCP////8wCocICgACCf////8w +CocICgACCv////8wCocICgACC/////8wCocICgACDP////8wCocICgACDf////8w +CocICgACDv////8wCocICgACD/////8wCocICgACEP////8wCocICgACEf////8w +CocICgACEv////8wCocICgACE/////8wCocICgACFP////8wCocICgACFf////8w +CocICgACFv////8wCocICgACF/////8wCocICgACGP////8wCocICgACGf////8w +CocICgACGv////8wCocICgACG/////8wCocICgACHP////8wCocICgACHf////8w +CocICgACHv////8wCocICgACH/////8wCocICgACIP////8wCocICgACIf////8w +CocICgACIv////8wCocICgACI/////8wCocICgACJP////8wCocICgACJf////8w +CocICgACJv////8wCocICgACJ/////8wCocICgACKP////8wCocICgACKf////8w +CocICgACKv////8wCocICgACK/////8wCocICgACLP////8wCocICgACLf////8w +CocICgACLv////8wCocICgACL/////8wCocICgACMP////8wCocICgACMf////8w +CocICgACMv////8wCocICgACM/////8wCocICgACNP////8wCocICgACNf////8w +CocICgACNv////8wCocICgACN/////8wCocICgACOP////8wCocICgACOf////8w +CocICgACOv////8wCocICgACO/////8wCocICgACPP////8wCocICgACPf////8w +CocICgACPv////8wCocICgACP/////8wCocICgACQP////8wCocICgACQf////8w +CocICgACQv////8wCocICgACQ/////8wCocICgACRP////8wCocICgACRf////8w +CocICgACRv////8wCocICgACR/////8wCocICgACSP////8wCocICgACSf////8w +CocICgACSv////8wCocICgACS/////8wCocICgACTP////8wCocICgACTf////8w +CocICgACTv////8wCocICgACT/////8wCocICgACUP////8wCocICgACUf////8w +CocICgACUv////8wCocICgACU/////8wCocICgACVP////8wCocICgACVf////8w +CocICgACVv////8wCocICgACV/////8wCocICgACWP////8wCocICgACWf////8w +CocICgACWv////8wCocICgACW/////8wCocICgACXP////8wCocICgACXf////8w +CocICgACXv////8wCocICgACX/////8wCocICgACYP////8wCocICgACYf////8w +CocICgACYv////8wCocICgACY/////8wCocICgACZP////8wCocICgACZf////8w +CocICgACZv////8wCocICgACZ/////8wCocICgACaP////8wCocICgACaf////8w +CocICgACav////8wCocICgACa/////8wCocICgACbP////8wCocICgACbf////8w +CocICgACbv////8wCocICgACb/////8wCocICgACcP////8wCocICgACcf////8w +CocICgACcv////8wCocICgACc/////8wCocICgACdP////8wCocICgACdf////8w +CocICgACdv////8wCocICgACd/////8wCocICgACeP////8wCocICgACef////8w +CocICgACev////8wCocICgACe/////8wCocICgACfP////8wCocICgACff////8w +CocICgACfv////8wCocICgACf/////8wCocICgACgP////8wCocICgACgf////8w +CocICgACgv////8wCocICgACg/////8wCocICgAChP////8wCocICgAChf////8w +CocICgAChv////8wCocICgACh/////8wCocICgACiP////8wCocICgACif////8w +CocICgACiv////8wCocICgACi/////8wCocICgACjP////8wCocICgACjf////8w +CocICgACjv////8wCocICgACj/////8wCocICgACkP////8wCocICgACkf////8w +CocICgACkv////8wCocICgACk/////8wCocICgAClP////8wCocICgAClf////8w +CocICgAClv////8wCocICgACl/////8wCocICgACmP////8wCocICgACmf////8w +CocICgACmv////8wCocICgACm/////8wCocICgACnP////8wCocICgACnf////8w +CocICgACnv////8wCocICgACn/////8wCocICgACoP////8wCocICgACof////8w +CocICgACov////8wCocICgACo/////8wCocICgACpP////8wCocICgACpf////8w +CocICgACpv////8wCocICgACp/////8wCocICgACqP////8wCocICgACqf////8w +CocICgACqv////8wCocICgACq/////8wCocICgACrP////8wCocICgACrf////8w +CocICgACrv////8wCocICgACr/////8wCocICgACsP////8wCocICgACsf////8w +CocICgACsv////8wCocICgACs/////8wCocICgACtP////8wCocICgACtf////8w +CocICgACtv////8wCocICgACt/////8wCocICgACuP////8wCocICgACuf////8w +CocICgACuv////8wCocICgACu/////8wCocICgACvP////8wCocICgACvf////8w +CocICgACvv////8wCocICgACv/////8wCocICgACwP////8wCocICgACwf////8w +CocICgACwv////8wCocICgACw/////8wCocICgACxP////8wCocICgACxf////8w +CocICgACxv////8wCocICgACx/////8wCocICgACyP////8wCocICgACyf////8w +CocICgACyv////8wCocICgACy/////8wCocICgACzP////8wCocICgACzf////8w +CocICgACzv////8wCocICgACz/////8wCocICgAC0P////8wCocICgAC0f////8w +CocICgAC0v////8wCocICgAC0/////8wCocICgAC1P////8wCocICgAC1f////8w +CocICgAC1v////8wCocICgAC1/////8wCocICgAC2P////8wCocICgAC2f////8w +CocICgAC2v////8wCocICgAC2/////8wCocICgAC3P////8wCocICgAC3f////8w +CocICgAC3v////8wCocICgAC3/////8wCocICgAC4P////8wCocICgAC4f////8w +CocICgAC4v////8wCocICgAC4/////8wCocICgAC5P////8wCocICgAC5f////8w +CocICgAC5v////8wCocICgAC5/////8wCocICgAC6P////8wCocICgAC6f////8w +CocICgAC6v////8wCocICgAC6/////8wCocICgAC7P////8wCocICgAC7f////8w +CocICgAC7v////8wCocICgAC7/////8wCocICgAC8P////8wCocICgAC8f////8w +CocICgAC8v////8wCocICgAC8/////8wCocICgAC9P////8wCocICgAC9f////8w +CocICgAC9v////8wCocICgAC9/////8wCocICgAC+P////8wCocICgAC+f////8w +CocICgAC+v////8wCocICgAC+/////8wCocICgAC/P////8wCocICgAC/f////8w +CocICgAC/v////8wCocICgAC//////8wCocICgADAP////8wCocICgADAf////8w +CocICgADAv////8wCocICgADA/////8wCocICgADBP////8wCocICgADBf////8w +CocICgADBv////8wCocICgADB/////8wCocICgADCP////8wCocICgADCf////8w +CocICgADCv////8wCocICgADC/////8wCocICgADDP////8wCocICgADDf////8w +CocICgADDv////8wCocICgADD/////8wCocICgADEP////8wCocICgADEf////8w +CocICgADEv////8wCocICgADE/////8wCocICgADFP////8wCocICgADFf////8w +CocICgADFv////8wCocICgADF/////8wCocICgADGP////8wCocICgADGf////8w +CocICgADGv////8wCocICgADG/////8wCocICgADHP////8wCocICgADHf////8w +CocICgADHv////8wCocICgADH/////8wCocICgADIP////8wCocICgADIf////8w +CocICgADIv////8wCocICgADI/////8wCocICgADJP////8wCocICgADJf////8w +CocICgADJv////8wCocICgADJ/////8wCocICgADKP////8wCocICgADKf////8w +CocICgADKv////8wCocICgADK/////8wCocICgADLP////8wCocICgADLf////8w +CocICgADLv////8wCocICgADL/////8wCocICgADMP////8wCocICgADMf////8w +CocICgADMv////8wCocICgADM/////8wCocICgADNP////8wCocICgADNf////8w +CocICgADNv////8wCocICgADN/////8wCocICgADOP////8wCocICgADOf////8w +CocICgADOv////8wCocICgADO/////8wCocICgADPP////8wCocICgADPf////8w +CocICgADPv////8wCocICgADP/////8wCocICgADQP////8wCocICgADQf////8w +CocICgADQv////8wCocICgADQ/////8wCocICgADRP////8wCocICgADRf////8w +CocICgADRv////8wCocICgADR/////8wCocICgADSP////8wCocICgADSf////8w +CocICgADSv////8wCocICgADS/////8wCocICgADTP////8wCocICgADTf////8w +CocICgADTv////8wCocICgADT/////8wCocICgADUP////8wCocICgADUf////8w +CocICgADUv////8wCocICgADU/////8wCocICgADVP////8wCocICgADVf////8w +CocICgADVv////8wCocICgADV/////8wCocICgADWP////8wCocICgADWf////8w +CocICgADWv////8wCocICgADW/////8wCocICgADXP////8wCocICgADXf////8w +CocICgADXv////8wCocICgADX/////8wCocICgADYP////8wCocICgADYf////8w +CocICgADYv////8wCocICgADY/////8wCocICgADZP////8wCocICgADZf////8w +CocICgADZv////8wCocICgADZ/////8wCocICgADaP////8wCocICgADaf////8w +CocICgADav////8wCocICgADa/////8wCocICgADbP////8wCocICgADbf////8w +CocICgADbv////8wCocICgADb/////8wCocICgADcP////8wCocICgADcf////8w +CocICgADcv////8wCocICgADc/////8wCocICgADdP////8wCocICgADdf////8w +CocICgADdv////8wCocICgADd/////8wCocICgADeP////8wCocICgADef////8w +CocICgADev////8wCocICgADe/////8wCocICgADfP////8wCocICgADff////8w +CocICgADfv////8wCocICgADf/////8wCocICgADgP////8wCocICgADgf////8w +CocICgADgv////8wCocICgADg/////8wCocICgADhP////8wCocICgADhf////8w +CocICgADhv////8wCocICgADh/////8wCocICgADiP////8wCocICgADif////8w +CocICgADiv////8wCocICgADi/////8wCocICgADjP////8wCocICgADjf////8w +CocICgADjv////8wCocICgADj/////8wCocICgADkP////8wCocICgADkf////8w +CocICgADkv////8wCocICgADk/////8wCocICgADlP////8wCocICgADlf////8w +CocICgADlv////8wCocICgADl/////8wCocICgADmP////8wCocICgADmf////8w +CocICgADmv////8wCocICgADm/////8wCocICgADnP////8wCocICgADnf////8w +CocICgADnv////8wCocICgADn/////8wCocICgADoP////8wCocICgADof////8w +CocICgADov////8wCocICgADo/////8wCocICgADpP////8wCocICgADpf////8w +CocICgADpv////8wCocICgADp/////8wCocICgADqP////8wCocICgADqf////8w +CocICgADqv////8wCocICgADq/////8wCocICgADrP////8wCocICgADrf////8w +CocICgADrv////8wCocICgADr/////8wCocICgADsP////8wCocICgADsf////8w +CocICgADsv////8wCocICgADs/////8wCocICgADtP////8wCocICgADtf////8w +CocICgADtv////8wCocICgADt/////8wCocICgADuP////8wCocICgADuf////8w +CocICgADuv////8wCocICgADu/////8wCocICgADvP////8wCocICgADvf////8w +CocICgADvv////8wCocICgADv/////8wCocICgADwP////8wCocICgADwf////8w +CocICgADwv////8wCocICgADw/////8wCocICgADxP////8wCocICgADxf////8w +CocICgADxv////8wCocICgADx/////8wCocICgADyP////8wCocICgADyf////8w +CocICgADyv////8wCocICgADy/////8wCocICgADzP////8wCocICgADzf////8w +CocICgADzv////8wCocICgADz/////8wCocICgAD0P////8wCocICgAD0f////8w +CocICgAD0v////8wCocICgAD0/////8wCocICgAD1P////8wCocICgAD1f////8w +CocICgAD1v////8wCocICgAD1/////8wCocICgAD2P////8wCocICgAD2f////8w +CocICgAD2v////8wCocICgAD2/////8wCocICgAD3P////8wCocICgAD3f////8w +CocICgAD3v////8wCocICgAD3/////8wCocICgAD4P////8wCocICgAD4f////8w +CocICgAD4v////8wCocICgAD4/////8wCocICgAD5P////8wCocICgAD5f////8w +CocICgAD5v////8wCocICgAD5/////8wCocICgAD6P////8wCocICgAD6f////8w +CocICgAD6v////8wCocICgAD6/////8wCocICgAD7P////8wCocICgAD7f////8w +CocICgAD7v////8wCocICgAD7/////8wCocICgAD8P////8wCocICgAD8f////8w +CocICgAD8v////8wCocICgAD8/////8wCocICgAD9P////8wCocICgAD9f////8w +CocICgAD9v////8wCocICgAD9/////8wCocICgAD+P////8wCocICgAD+f////8w +CocICgAD+v////8wCocICgAD+/////8wCocICgAD/P////8wCocICgAD/f////8w +CocICgAD/v////8wCocICgAD//////8wCocICgAEAP////8wDQYJKoZIhvcNAQEL +BQADggEBAFio+2NGReQcAvlfGo+jHdTQQZoTcm06e2ok3HBHKfbJc4AaX+6Sps4m +lNB7KRgHyGmm3djPZfqb4QCgfuqjpZIJAZVtUmYSX8BJaziqurxYrMID7m8tX45z +cRmK2ARLAP2U03/6OG0hFbrljnxfLF1YZ3H2NxSlrNX/RMqwK0GzLNSTJQrS/x27 +3tRD/QW3Xwc/swRSVINdHwWz/1BHg+xvipKaOyeCBerib6JKQ4t6Oalr2pxjOV1X +qLiGhMn+WyoeB2wFGNVA52114zEc0hzmPkZjtH4w06EUd0AobtM6/OGARTd+X+xc +ZrtvT4IwJFNsj0rbbVqPcWMg+vm2VPw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:e5:fc:81:88:59:a8:50:16:c1:7f:d7:e5:2a:e5:96:7f:c2:f6:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cc:7a:cf:ec:bd:a0:01:c3:26:51:d8:28:ae:80: + b6:0b:d2:76:d7:04:86:18:ac:fd:f2:8f:64:e7:92: + d6:d0:42:32:4f:cd:d0:4d:d0:ac:71:9a:73:80:0a: + 04:70:20:a3:2f:a0:9b:f4:3e:19:cf:69:54:b5:be: + 85:dd:6e:b2:0b:14:df:27:bf:2c:a1:bb:b2:a7:23: + 0c:fb:ae:78:69:6b:1a:6e:7c:38:7f:15:5d:e5:cf: + 27:32:56:2a:f1:87:fe:3a:16:73:e6:dd:83:f2:f2: + ae:31:c8:93:d2:49:b7:b1:71:f5:55:de:bb:85:cd: + cb:19:74:1d:61:49:da:83:44:ec:4c:5e:aa:d5:8b: + 32:1a:db:77:d5:b1:83:8c:00:b9:55:b7:64:78:5c: + 87:c9:68:58:bd:de:af:50:e2:bb:bd:32:cd:fa:3d: + df:3b:3d:93:10:16:b6:6d:90:1d:d7:7d:e9:ea:7e: + 1e:2e:c8:10:a4:14:ad:62:72:af:65:95:1f:a7:6e: + 81:84:9f:df:85:4e:c0:3e:7f:8c:02:0a:f0:65:58: + 84:7c:6a:e1:53:af:3c:f1:7a:b9:33:c8:e7:f9:ed: + 92:46:00:50:62:f0:89:41:57:1e:81:d1:04:12:b3: + fc:25:60:17:5c:0b:eb:a9:46:4a:03:39:16:11:4d: + e1:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + X509v3 Authority Key Identifier: + keyid:B6:C2:EF:9F:D1:29:CB:0F:89:8C:4C:52:D4:BD:40:B7:11:B7:71:DD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3a:c4:f6:50:32:77:14:e2:a8:69:9b:ad:85:a0:fa:95:08:d2: + 22:cb:d3:aa:53:94:e5:1f:92:fa:d5:7b:c8:a5:b6:13:15:42: + 42:2c:ce:48:e9:f1:55:c7:cd:f4:29:b6:46:e9:08:81:8c:83: + 82:c5:d4:f7:1e:90:3c:2d:78:39:7f:be:e8:30:5e:f7:d4:72: + e4:db:0a:09:49:c0:ce:83:66:c0:16:73:f4:cf:67:ad:74:e3: + 10:60:72:16:77:4a:c8:08:88:93:62:c0:4a:23:0b:74:3e:63: + 98:9c:54:1d:34:d5:b6:da:bc:7c:5a:f2:68:22:e2:d9:15:12: + 84:04:f6:3e:b3:ac:97:bc:b4:54:93:3c:d4:0b:25:e4:c1:34: + 5a:98:bc:aa:de:78:bb:12:3f:33:82:a2:bf:5f:82:e6:9e:ad: + 85:21:21:d9:9d:41:5e:4f:72:a3:16:8d:7d:b4:1d:26:d8:77: + d8:29:22:13:a2:f6:d7:9f:1c:60:2f:17:9e:fd:f4:63:a3:c6: + ed:e3:47:43:b7:73:39:82:97:18:fa:4b:db:2e:ac:d3:7b:54: + cd:f8:d0:eb:70:13:03:8a:4b:9b:90:62:4e:b0:34:22:49:ec: + 78:2a:47:97:60:13:03:23:ed:09:ff:a8:00:59:6a:2c:d1:2e: + d0:93:0b:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUPOX8gYhZqFAWwX/X5Srlln/C9vUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDMes/svaABwyZR2CiugLYL0nbXBIYYrP3yj2TnktbQQjJPzdBN0KxxmnOA +CgRwIKMvoJv0PhnPaVS1voXdbrILFN8nvyyhu7KnIwz7rnhpaxpufDh/FV3lzycy +Virxh/46FnPm3YPy8q4xyJPSSbexcfVV3ruFzcsZdB1hSdqDROxMXqrVizIa23fV +sYOMALlVt2R4XIfJaFi93q9Q4ru9Ms36Pd87PZMQFrZtkB3Xfenqfh4uyBCkFK1i +cq9llR+nboGEn9+FTsA+f4wCCvBlWIR8auFTrzzxerkzyOf57ZJGAFBi8IlBVx6B +0QQSs/wlYBdcC+upRkoDORYRTeF7AgMBAAGjgcswgcgwHQYDVR0OBBYEFLbC75/R +KcsPiYxMUtS9QLcRt3HdMB8GA1UdIwQYMBaAFLbC75/RKcsPiYxMUtS9QLcRt3Hd +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAOsT2UDJ3FOKoaZuthaD6lQjSIsvTqlOU5R+S+tV7yKW2ExVC +QizOSOnxVcfN9Cm2RukIgYyDgsXU9x6QPC14OX++6DBe99Ry5NsKCUnAzoNmwBZz +9M9nrXTjEGByFndKyAiIk2LASiMLdD5jmJxUHTTVttq8fFryaCLi2RUShAT2PrOs +l7y0VJM81Asl5ME0Wpi8qt54uxI/M4Kiv1+C5p6thSEh2Z1BXk9yoxaNfbQdJth3 +2CkiE6L2158cYC8Xnv30Y6PG7eNHQ7dzOYKXGPpL2y6s03tUzfjQ63ATA4pLm5Bi +TrA0IknseCpHl2ATAyPtCf+oAFlqLNEu0JMLWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.test b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.test new file mode 100644 index 0000000000..542dcdd572 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/many-names/toomany-ips-permitted.test @@ -0,0 +1,8 @@ +chain: toomany-ips-permitted.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=t0) ----- +ERROR: Too many name constraints checks + diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/chain.pem b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/chain.pem new file mode 100644 index 0000000000..43b50ef318 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the root certificate is not self-signed (or +self-issued for that matter). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:8d:5e:30:60:e5:57:f6:f3:09:84:b2:6d:4f:a0:fb:9d:6f:5e:9d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ca:05:80:6e:cf:1f:63:66:cf:05:e3:dc:51:2c: + 12:41:1f:96:f5:a5:94:96:c5:5e:34:36:bc:90:df: + 85:73:5e:26:ed:f3:12:fb:90:a0:fb:05:b4:8e:05: + 71:07:4c:cc:32:ae:95:89:87:8c:9a:08:22:f0:a1: + 47:da:be:5c:12:c7:18:31:aa:19:61:59:3d:3a:7b: + e9:e9:1a:9f:56:d9:5b:31:b4:3f:bc:ad:da:1c:e9: + 0d:dc:40:5c:4d:5d:8c:5a:ad:78:97:ab:cf:28:fb: + 52:7d:74:6f:d3:27:da:5a:e4:37:7e:1a:56:8b:f3: + 85:55:c5:aa:f8:96:3d:51:52:5f:be:60:47:97:fd: + 82:ef:28:b7:cd:50:64:e2:70:43:7b:1f:5d:f3:9e: + d1:c2:dd:22:a6:08:85:94:e8:80:69:62:67:01:ed: + 12:bb:96:96:83:b4:02:4f:5a:a0:33:63:99:e2:1c: + 88:33:38:fa:b7:20:70:2d:91:e7:ca:27:9b:81:2f: + 29:a6:d6:f0:ea:ec:7b:a4:86:61:56:af:bd:30:26: + 91:e7:d9:18:e9:4e:90:6e:66:ab:1a:48:70:62:9d: + b9:0e:11:fa:49:d5:3c:8c:20:52:9b:b0:6a:71:85: + a5:92:66:22:ea:79:0c:53:b1:66:ab:82:3d:7c:16: + 78:fd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7F:FE:A1:79:97:34:D7:6D:63:C2:1A:94:43:45:AE:6E:0D:30:5A:18 + X509v3 Authority Key Identifier: + keyid:1E:C9:1C:45:5F:46:A4:0C:10:15:82:7C:01:23:5B:21:F4:AE:88:D9 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 43:bd:99:ce:cf:cd:0d:9f:ca:dd:ec:8c:34:35:33:1d:13:a8: + 30:88:bf:61:5b:fd:c4:be:b8:93:3c:30:64:f8:00:d9:37:c2: + 00:df:14:ab:f7:a5:17:16:eb:34:b7:78:0b:2e:90:28:91:08: + 07:1e:ff:05:0c:bb:54:68:cf:b8:69:47:0b:e0:ec:6d:44:03: + bd:a5:13:4e:d6:17:48:16:02:e9:eb:ff:76:f8:52:25:32:75: + f4:33:70:82:fa:87:96:58:3c:96:bc:e8:8e:2e:19:8e:bc:2a: + 35:d9:d2:34:dd:63:ef:42:ad:12:f6:a2:1b:98:fd:9e:07:10: + aa:32:a0:ca:cd:1c:32:45:be:60:bf:b1:bc:d3:6a:21:c2:b6: + 49:34:52:c4:6e:9e:21:54:35:5e:d6:ba:e9:05:26:44:0b:36: + a8:9c:9c:06:22:82:a0:b4:37:9e:e6:8a:af:d6:98:bc:2a:2e: + 68:21:52:8b:f7:88:ad:d4:5b:00:66:5d:99:b8:fe:74:b1:a2: + 45:4f:c2:7f:b5:b0:05:7a:87:99:f7:1d:23:94:23:e3:b0:6f: + ca:8c:04:58:26:85:a1:4d:e5:06:2e:5b:71:d1:c1:cd:d4:40: + 0b:f7:e5:99:d0:fb:00:d8:f6:b8:4f:ca:9e:ce:67:cf:26:72: + 22:ee:93:75 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUEo1eMGDlV/bzCYSybU+g+51vXp0wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAygWAbs8fY2bPBePcUSwSQR+W9aWUlsVeNDa8kN+Fc14m +7fMS+5Cg+wW0jgVxB0zMMq6ViYeMmggi8KFH2r5cEscYMaoZYVk9Onvp6RqfVtlb +MbQ/vK3aHOkN3EBcTV2MWq14l6vPKPtSfXRv0yfaWuQ3fhpWi/OFVcWq+JY9UVJf +vmBHl/2C7yi3zVBk4nBDex9d857Rwt0ipgiFlOiAaWJnAe0Su5aWg7QCT1qgM2OZ +4hyIMzj6tyBwLZHnyiebgS8pptbw6ux7pIZhVq+9MCaR59kY6U6QbmarGkhwYp25 +DhH6SdU8jCBSm7BqcYWlkmYi6nkMU7Fmq4I9fBZ4/QIDAQABo4HpMIHmMB0GA1Ud +DgQWBBR//qF5lzTXbWPCGpRDRa5uDTBaGDAfBgNVHSMEGDAWgBQeyRxFX0akDBAV +gnwBI1sh9K6I2TA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAEO9mc7PzQ2fyt3sjDQ1Mx0TqDCIv2Fb/cS+uJM8MGT4ANk3wgDfFKv3pRcW +6zS3eAsukCiRCAce/wUMu1Roz7hpRwvg7G1EA72lE07WF0gWAunr/3b4UiUydfQz +cIL6h5ZYPJa86I4uGY68KjXZ0jTdY+9CrRL2ohuY/Z4HEKoyoMrNHDJFvmC/sbzT +aiHCtkk0UsRuniFUNV7WuukFJkQLNqicnAYigqC0N57miq/WmLwqLmghUov3iK3U +WwBmXZm4/nSxokVPwn+1sAV6h5n3HSOUI+Owb8qMBFgmhaFN5QYuW3HRwc3UQAv3 +5ZnQ+wDY9rhPyp7OZ88mciLuk3U= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:24:c9:62:9e:9b:f4:e2:b7:3b:f4:4d:c4:01:48:be:71:f6:09:ac + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b8:b5:04:1a:b6:ce:13:85:6b:9b:9e:2d:2f:a5: + b4:b5:05:44:72:4b:8b:80:23:1e:0b:1e:1d:30:eb: + c0:f5:c1:a5:17:e6:13:5d:b4:2f:bf:7c:a9:95:38: + cc:88:9a:6e:26:e2:3a:22:68:fe:b1:a3:e4:70:04: + 73:70:78:b7:68:7a:c7:0d:86:c0:ad:3c:a4:ad:83: + a5:00:a8:a3:c2:59:53:3a:77:33:c7:f2:56:15:1b: + 85:7a:2f:b4:44:e1:40:5d:04:9a:ce:0c:4d:5c:33: + 40:4c:68:de:b9:58:48:f1:b6:cc:a4:02:48:86:46: + 66:32:0f:0e:3d:fd:fd:af:df:96:27:b1:60:5b:0d: + be:25:b5:dd:84:ec:f8:9d:da:21:44:95:df:46:16: + 3f:77:69:8e:70:bc:9a:78:ec:45:89:13:0f:be:34: + 7e:00:4d:83:cd:d3:f4:fe:3f:6c:ce:d0:6f:36:64: + 6c:c1:61:dd:c2:68:1d:b9:78:2d:2d:0b:32:96:75: + 3a:d6:a5:d3:3f:2d:55:0e:e7:9e:aa:7d:31:a0:4d: + ac:91:20:1e:46:41:85:3f:03:45:db:8f:98:c2:c2: + b8:7d:e1:f2:e7:b8:6f:a8:cb:b9:d6:7e:8a:29:98: + b3:b3:ed:38:a4:a7:fc:9d:c1:e1:63:68:00:64:a5: + e1:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:C9:1C:45:5F:46:A4:0C:10:15:82:7C:01:23:5B:21:F4:AE:88:D9 + X509v3 Authority Key Identifier: + keyid:91:D7:20:C6:1D:00:21:35:53:7D:FE:50:11:02:DD:E3:40:2B:9A:A8 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 55:46:1e:a5:5f:50:b7:20:a5:23:78:bc:54:8f:78:aa:70:37: + 0d:91:10:14:65:80:6a:5c:c1:de:c5:30:cd:a2:83:b8:be:17: + 29:2c:b0:9f:56:fc:5a:0a:f0:55:03:ba:1a:63:68:b2:68:8d: + 27:e3:1b:19:47:6e:6d:c0:38:2e:11:9f:b1:b9:f9:bb:18:2f: + cb:da:cd:ca:ac:4d:1b:18:ee:80:fa:df:af:76:5b:5d:62:45: + 97:b7:78:c6:d1:01:32:25:09:87:ec:e1:d2:86:05:ff:27:f4: + 9b:7e:bc:6e:b5:ba:0c:8e:b6:67:1c:36:0c:19:ad:bf:79:02: + 8c:87:fc:d3:de:60:49:5d:84:1e:dd:65:1c:45:22:5b:39:7b: + a3:86:e0:b0:fd:82:0b:ae:05:08:b9:f9:ba:17:49:c1:da:55: + 34:d8:37:b2:89:67:fc:c8:83:31:99:0c:6b:6f:60:1a:a4:00: + fa:e4:aa:f5:2f:37:89:a8:41:54:84:25:5d:0b:59:db:fe:f1: + 15:2a:c6:b8:be:b8:26:5a:a6:f8:ba:9a:ea:ce:69:39:e3:47: + ea:2d:9c:b3:b4:7c:bf:cb:80:59:81:00:1f:39:9d:66:7e:bb: + 9d:24:0f:8a:e4:e3:25:2b:fd:6c:2e:29:b1:39:37:36:bc:dd: + a4:b4:9a:9c +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUKSTJYp6b9OK3O/RNxAFIvnH2CawwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALi1BBq2zhOFa5ueLS+ltLUFRHJLi4AjHgseHTDrwPXBpRfm +E120L798qZU4zIiabibiOiJo/rGj5HAEc3B4t2h6xw2GwK08pK2DpQCoo8JZUzp3 +M8fyVhUbhXovtEThQF0Ems4MTVwzQExo3rlYSPG2zKQCSIZGZjIPDj39/a/fliex +YFsNviW13YTs+J3aIUSV30YWP3dpjnC8mnjsRYkTD740fgBNg83T9P4/bM7QbzZk +bMFh3cJoHbl4LS0LMpZ1Otal0z8tVQ7nnqp9MaBNrJEgHkZBhT8DRduPmMLCuH3h +8ue4b6jLudZ+iimYs7PtOKSn/J3B4WNoAGSl4b8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUHskcRV9GpAwQFYJ8ASNbIfSuiNkwHwYDVR0jBBgwFoAUkdcgxh0AITVTff5Q +EQLd40ArmqgwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBVRh6lX1C3IKUjeLxUj3iqcDcNkRAUZYBqXMHe +xTDNooO4vhcpLLCfVvxaCvBVA7oaY2iyaI0n4xsZR25twDguEZ+xufm7GC/L2s3K +rE0bGO6A+t+vdltdYkWXt3jG0QEyJQmH7OHShgX/J/SbfrxutboMjrZnHDYMGa2/ +eQKMh/zT3mBJXYQe3WUcRSJbOXujhuCw/YILrgUIufm6F0nB2lU02DeyiWf8yIMx +mQxrb2AapAD65Kr1LzeJqEFUhCVdC1nb/vEVKsa4vrgmWqb4uprqzmk540fqLZyz +tHy/y4BZgQAfOZ1mfrudJA+K5OMlK/1sLimxOTc2vN2ktJqc +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1e:8a:27:93:f7:53:8e:01:34:58:db:a9:3d:d0:8b:61:22:1b:4b:15 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=ShadowRoot + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:fa:87:39:cb:43:d9:24:e9:2c:54:cd:18:ea: + b8:87:ec:2f:d3:57:e3:9c:23:be:94:3c:26:41:db: + 61:40:b8:ad:07:53:f1:69:c5:b4:2c:6a:ad:de:e5: + 4a:bd:e3:0f:77:c4:59:fa:ee:d5:3a:1a:93:ca:cd: + b1:22:2a:24:42:5a:01:42:e8:57:74:f9:89:56:f8: + c1:13:f6:c9:42:9b:45:7b:ff:b7:aa:c1:1f:1b:e8: + 02:24:12:97:0d:84:b9:62:70:83:93:72:cd:9b:1a: + 26:27:92:34:46:51:c5:b7:c7:4a:b4:7a:8a:84:98: + e2:f7:90:4d:cc:cf:3d:ee:85:91:8d:75:60:38:0c: + e5:0b:00:e6:fe:e9:c3:19:64:3f:2d:c8:14:f1:d9: + a9:76:05:54:a8:5a:9e:64:56:ed:60:43:c5:98:db: + 7a:ae:da:2c:56:cb:87:00:6f:3d:83:3b:a3:5c:f5: + 55:0d:6c:ab:ed:68:c1:b8:1d:a5:d0:77:1d:b7:e6: + 52:ef:2c:75:3a:98:ec:51:6f:15:5f:64:82:f6:d1: + 90:bd:ee:01:28:e5:89:0e:01:ee:54:07:1d:0e:7a: + f0:82:9c:cc:c1:c5:4a:f6:a9:58:33:c5:cc:a3:86: + 17:72:19:92:2c:ae:6a:46:a8:a8:25:2a:cf:ba:70: + c1:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 91:D7:20:C6:1D:00:21:35:53:7D:FE:50:11:02:DD:E3:40:2B:9A:A8 + X509v3 Authority Key Identifier: + keyid:85:C5:B6:72:29:30:56:96:1B:80:37:79:29:18:A2:BD:48:F9:9E:4A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/ShadowRoot.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/ShadowRoot.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 1d:17:f8:d1:b0:00:d8:ef:47:e9:fa:46:9b:ca:95:9e:41:06: + c2:4c:91:1d:75:a3:58:c1:c0:ca:f7:63:5d:75:9f:be:65:80: + c7:59:16:f0:70:37:dd:e3:ac:6b:03:95:28:94:a9:84:54:1c: + a9:53:bc:d7:81:fc:bc:b3:cd:52:b1:78:77:ee:db:af:7e:0b: + 2a:da:c3:28:8d:c0:a1:3b:b8:96:b7:64:37:92:80:3b:d8:75: + d3:10:fd:03:10:1e:fe:d0:2e:5b:e7:b7:6f:1b:47:b6:4c:1d: + fe:e7:f6:50:91:0c:24:df:53:e8:f5:cc:92:a7:c5:69:d1:bc: + ab:2a:0c:86:9c:d8:6e:4c:9b:0b:13:12:f6:0a:40:de:79:62: + 8b:04:c2:10:06:d0:90:2b:1c:0c:3c:e8:ef:72:16:09:3d:1f: + 98:66:d6:8c:ae:8f:d2:67:56:0c:8e:a3:b2:3f:35:c1:82:01: + 3d:4f:c2:0c:5a:b0:15:28:f4:b4:b1:73:67:7b:0a:34:e2:a7: + aa:25:27:59:88:61:87:86:b4:e5:ef:c7:44:e2:86:3a:50:da: + 93:de:49:ec:b9:61:3b:34:9f:2a:94:e5:3f:44:44:f8:e4:58: + 43:eb:2e:74:6b:77:ff:ee:71:ad:98:41:66:bb:aa:04:7e:7c: + f1:bd:06:50 +-----BEGIN CERTIFICATE----- +MIIDijCCAnKgAwIBAgIUHoonk/dTjgE0WNupPdCLYSIbSxUwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKU2hhZG93Um9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEw +MDUxMjAwMDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC7+oc5y0PZJOksVM0Y6riH7C/TV+OcI76UPCZB22FAuK0HU/Fp +xbQsaq3e5Uq94w93xFn67tU6GpPKzbEiKiRCWgFC6Fd0+YlW+MET9slCm0V7/7eq +wR8b6AIkEpcNhLlicIOTcs2bGiYnkjRGUcW3x0q0eoqEmOL3kE3Mzz3uhZGNdWA4 +DOULAOb+6cMZZD8tyBTx2al2BVSoWp5kVu1gQ8WY23qu2ixWy4cAbz2DO6Nc9VUN +bKvtaMG4HaXQdx235lLvLHU6mOxRbxVfZIL20ZC97gEo5YkOAe5UBx0OevCCnMzB +xUr2qVgzxcyjhhdyGZIsrmpGqKglKs+6cMGJAgMBAAGjgdcwgdQwHQYDVR0OBBYE +FJHXIMYdACE1U33+UBEC3eNAK5qoMB8GA1UdIwQYMBaAFIXFtnIpMFaWG4A3eSkY +or1I+Z5KMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3VybC1m +b3ItYWlhL1NoYWRvd1Jvb3QuY2VyMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly91 +cmwtZm9yLWNybC9TaGFkb3dSb290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHRf40bAA2O9H6fpGm8qVnkEG +wkyRHXWjWMHAyvdjXXWfvmWAx1kW8HA33eOsawOVKJSphFQcqVO814H8vLPNUrF4 +d+7br34LKtrDKI3AoTu4lrdkN5KAO9h10xD9AxAe/tAuW+e3bxtHtkwd/uf2UJEM +JN9T6PXMkqfFadG8qyoMhpzYbkybCxMS9gpA3nliiwTCEAbQkCscDDzo73IWCT0f +mGbWjK6P0mdWDI6jsj81wYIBPU/CDFqwFSj0tLFzZ3sKNOKnqiUnWYhhh4a05e/H +ROKGOlDak95J7LlhOzSfKpTlP0RE+ORYQ+sudGt3/+5xrZhBZruqBH588b0GUA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/generate-chains.py new file mode 100755 index 0000000000..fbacc98a55 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root certificate is not self-signed (or +self-issued for that matter).""" + +import sys +sys.path += ['../..'] + +import gencerts + +shadow_root = gencerts.create_self_signed_root_certificate('ShadowRoot') + +# Non-self-signed root certificate. +root = gencerts.create_intermediate_certificate('Root', shadow_root) + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Intermediate.key new file mode 100644 index 0000000000..41a394e98b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuLUEGrbOE4Vrm54tL6W0tQVEckuLgCMeCx4dMOvA9cGlF+YT +XbQvv3yplTjMiJpuJuI6Imj+saPkcARzcHi3aHrHDYbArTykrYOlAKijwllTOncz +x/JWFRuFei+0ROFAXQSazgxNXDNATGjeuVhI8bbMpAJIhkZmMg8OPf39r9+WJ7Fg +Ww2+JbXdhOz4ndohRJXfRhY/d2mOcLyaeOxFiRMPvjR+AE2DzdP0/j9sztBvNmRs +wWHdwmgduXgtLQsylnU61qXTPy1VDueeqn0xoE2skSAeRkGFPwNF24+YwsK4feHy +57hvqMu51n6KKZizs+04pKf8ncHhY2gAZKXhvwIDAQABAoIBAQCs3US9F68gF/MQ +zmWtvSC1dfuMGGWzg6o/b2yUd1+84QF4r2wae2Ngi/ROYr0Rb659l6YexDLx39gQ +einr7h6Amr+mSiITP7lDZvxK9Ilmf6DkC+GbVJL56CrwoqrM+B77ry6Ofnb8Pj8E +A/XGcvi5t4IoULa9bC+C1BJZNFdze29SaJ8GLlMfYCSsZgejo8zPSsYLHEToWspW +v7DbQS/bPWX8GjMhNwqzlq8oKaGp1a86GUCqTtAJm81rb0tzlewix6l6cqUOrBDL +nqs19HDgNWuEvaN0bfWzVqYJum8XPcGLMZl8M6Gu/5PpXR29ahlUgfQxJck3dO5d +N800sHZ5AoGBAOD+lqj0eq13mkLFCeUfOiwlG1Vb0SWaSg4vOE0Slshbr2w1hD4q +HK3taZ0ObrzBmN5DPnIl66YjKy7jBqiHOz0JXo1uqKRCsb+YuOFUeYT2Z02iW2zS +LBxwzqhcv7dH0KNyTdZPUz4civ889qwfAwm0y228O6cVBs7oQ409SzbFAoGBANIp +KKroyYcd+iFivuj3CYCvo6dHPXEpDMZBs0jGgJU+7j3MtlioEuBTP18CAWevMUJk +Nd2K8r/eqetJ+KID2tZXN9uls8kAl+r1hfS9lrFufjK2/B7T3LysLePAWNlUhsVC +U2Cd1VCXB0w8glc/C7iV7zL11n5BwTImtKpUTZ6zAoGBAIlAZVHeCfRGENGId5fQ +6+DAJiN1Jmnk7CYpAhRqMZc57xJ4txphACvNt266vizhgMqdhLuHjHBF5fLtRUOL +c0SxsX9fsPq7QMlbdfTnXlYRJkWCtHj24TfcTQUBx2YcJhd/BCKnM2Whbd10KBop +tOW3550ihdVQC14u6/5+FKLtAoGAWkEEzwkz6wwLrKTMmh3lfddwL9mfYGahrs7u +YNWmyPGCvRWaRc7AdIgr0fB5i/6n5/xDScZvY8kLLhnRZjrDk4NXYMPzxuGzXFte +0PFOsxphpgQBmHeh94D2IDYtsf/j9Pj796Uww/BoWOwviapwrS/uzvLWz9gLUS9g +LToRL5MCgYAmy6Uei6LhCgZxpRnC+H4slDBxXoIaFfyfPAvomROFwHUIFuCeFBjG +x5d1iccGSJxEIKHXiQgs1u9oMKfpg5gf+/jpa5/YFCgddUs6zK0r4Bc6+TvLeEVu ++17EAMlbJnQOfRGFsmpodIuBu28ZxoInyVdhVUNcL6NS7Dk0Oc5NTw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Root.key new file mode 100644 index 0000000000..58abc8a8da --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu/qHOctD2STpLFTNGOq4h+wv01fjnCO+lDwmQdthQLitB1Px +acW0LGqt3uVKveMPd8RZ+u7VOhqTys2xIiokQloBQuhXdPmJVvjBE/bJQptFe/+3 +qsEfG+gCJBKXDYS5YnCDk3LNmxomJ5I0RlHFt8dKtHqKhJji95BNzM897oWRjXVg +OAzlCwDm/unDGWQ/LcgU8dmpdgVUqFqeZFbtYEPFmNt6rtosVsuHAG89gzujXPVV +DWyr7WjBuB2l0Hcdt+ZS7yx1OpjsUW8VX2SC9tGQve4BKOWJDgHuVAcdDnrwgpzM +wcVK9qlYM8XMo4YXchmSLK5qRqioJSrPunDBiQIDAQABAoIBAFTGY33ZAbxIPTBU +/joigR4rklYJ6QhdxnErv0UsHuwFXWNUpCdDlkIBynAfkFmasTsePkZAt8EAg26O +3Te/MaMK3E7EYczLTPkALnNGdPWo+Ok3JinH9rOrKmwCRkU+eiy++VfiCn/MhzCJ +azHbZwO+yR4jtZyfJpznY27ed9u9czMkhIZRmaVTn81opJtwzUOqXCGro8CxexJY +qgBXHB39VJYgomqVqGJthWZStG4AT87nQDzPuNk0D72pZw6XgIRViEsYWUmpqqG4 +5OapPHfxyGGIh/vlqoBP7fKtCBODZt6Mbu0sX2tPSDslh/OaFpckV5g+px9ufBWj +6+6Fz0ECgYEA4o9XLXE5X4mR8K512CUvGwIwT+SlwZl59FfX510WFaHjk73vNrbm +cY5BJ/EZNIRYqrUt6Hx57HYnHBEvmj44SR42IsXwOAla9TXksfjml/FxsXkoyDsh +PurtLZyszjlIE0OpXaij+JLi1SV6c3a9euK5gff7z/RE7JXqKANmSR0CgYEA1GfB +oHntnD4jxTY4y0lj322qjLd9hC6KgxnFpfBpcaqvKmBVnpwJC8AjwEc4JXf34cLY +gxXrmLBYZsElpV2GzFJDz0kADjHf7ubZFNyMGIkmFGMT7NedFYbx2DfmC+RPFIYw +d7YMY/VEAQrrG/rpBXUxKdbArLNrW+aPh9qkWl0CgYAfhGtPQgoGNWAdCFgSepHE +AxjvdFJuzUf+6t15LSTuW3gKTIjjpqwGLhD4Wnz0JlkjXlMFnZNkhsdIC0gBABja +ax6C1eBmGz8RD69B5utFRexYEQ/QUxF77DiUeNA9XBCfxXDhO52b7esqVa1kNKeF +WdcOso3QTx3rf6t0Z4yqLQKBgQCoyA3vpBOw/RvVgSGeQCIxj+ZfTQtbNtRwGtGY +67IOVbA9fzFqCNmTUcnW54DxHSSHbBo6B/gfa7nDZSWyAuCziYdCtuJpZS5pm1zS +m/JjKNBukNBremXjjkitJLYTqwc/6uWmqq2r3GB+Z5utrzLtWFOJyJFwal4cN9jD +/nRtLQKBgFvOpp9F399nWKYCgh1BkeALrqcF1QADZofQFePQkkvo8vkMYkqwFWmp +CSfJwG01bQImPN1gML/s64Hh+kSDAggAM6A2MOi529aqsc0pSRiCGmBuvn6oNdxw +W63fwbVRa+zxt5KRAf1aQ1TXwvCWqfMP+jEm42Zfp37nebc7HDHX +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/ShadowRoot.key b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/ShadowRoot.key new file mode 100644 index 0000000000..b7d2d1d56e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/ShadowRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAx0wIdVMhGdDlAaN/cK3t/urZSI4JfB8ul4qpbgFHvrMUt82v +0dIM1oYYTJ6L6KuC/LM7ZyrfCgY/lmxKjZdPDkB5peIabFpGH5/hFRoqUiduc8St +goodoa6XtgqcSXfpVniPqcLhA+fIedCcUX0cVIlpOoYm7Ix1pnelhfaXy0ZBV8xQ +m9qrx5fO6NmwVin77wV0YoW8teQjsDIDDExv0vcDieQ/AaaN6Z/amlvOOhb4sbdG +152K+oDkFsgY+FonDtvvMDmndYu9R5kMw2ogaAEQWve6HpXA4L9GT7sLhS1BaTSq +/2D0MYyMacWWZf1yTOKAecb3STVm8wel+HBbZwIDAQABAoIBAEBsWpuaeKvAtBZ4 +hJynDLUHs59ZksVVyxjfkO9naIrDluHnknsv/EhoZnh2E+Htd1U6luw9loXGCU4V +yW/Fxp9jxi8STNpTwDE+3GKW57FQ38p6fGAjR3rZVl9ZRLYXFg2GwWHuBhDeHxcJ +kU5iNAM7vBFYBkMXEHz0VkRctyrVA/p/SxjX4SqZF2o9kNxOZbBsFW/XRWPnNZVN +rAIASbT8/2FEKGoaSHaKmz7afzwZicx2w/bAe9ymqlLHl3P8roqIYMQtaZHZAUXc +Pr7+p2DlneluAfA77WaqEECtNOibmyQS1Xfnru3Pk+2DucbXgbJUSNSYEITUZV6Y +jTkVPPECgYEA6A2LylaGvmLgTQ3TVC19XV+TE9tjMR1UbEe4WZCIAF67mbnmfV5v +yXF9kaCswQ7Dg9P2LGOeZIy+rG+3YjqXXRxsrUzQn6JBsPRTJxJt8KwAkp8PJphe +zYyYuSu9Ued5yxJckTf/NH3vLcMo032+FbYe3g8oWP7JZ5gTx6EHkC8CgYEA290h +Ss2+oQ2KIa/ZTz4btTU+B+FhxzdmC3uHVl+evJtvrBorJdjh+qf5RkNQmgaFVBgm +Si3CSZ2kKixs8seerOgRRr1IdIGCfbxG5JOj6H4PLPCPPymtRQJx5W353PniQS98 +njwl3Mgp3Jn6BbaBmYrvJaaCYGji/58I8ft+IkkCgYEAyPJyC1XCeTvGYPOH/W0n +EqShCKEC1JVBdkLlMSonm6ptakHBhu8wfpD43BL3hnbyeEYk92uMziXTOB/F/hoe +2VK0CZ5rStGHcWUiXMNo0PEhzdZPmGx6LCWEW1W1LCf3IBNWdaq4JQypAkfuIrbQ +1JxRPpqBpg98+WiIOGcJ1aECgYAuDt/njLxPfseeEPmEGS2yw0mQWw2hryBIbYNH +e9aECkfVlNHPJuUIHmIg7v8WlSEfIcP7rCRUSZrXXuEf5uN9s0vTNtnT1kGg120+ +exNOJAJH1skbYT60AzQa7PP3770PDMSdXVpNKv1iAjuXMMlrgehhScVsLuzGwekc +0CN3SQKBgDz30CFdF6ZoC80WQtW5/x8Wqk7q+XQSYy1TIWJ5nSx75+aKg0gQb1gF +iuh77WWP4oZwPU5RX6863Me29YPrLUE3k7NKLMUu09jnJNce5PCtPyOzO4fcXwqL +JFCh78fubCVR9pirVKmJ9/A7lunD68U6UPtVvTtAeo1iEWFKZd4u +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Target.key new file mode 100644 index 0000000000..d83183f7f2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAygWAbs8fY2bPBePcUSwSQR+W9aWUlsVeNDa8kN+Fc14m7fMS ++5Cg+wW0jgVxB0zMMq6ViYeMmggi8KFH2r5cEscYMaoZYVk9Onvp6RqfVtlbMbQ/ +vK3aHOkN3EBcTV2MWq14l6vPKPtSfXRv0yfaWuQ3fhpWi/OFVcWq+JY9UVJfvmBH +l/2C7yi3zVBk4nBDex9d857Rwt0ipgiFlOiAaWJnAe0Su5aWg7QCT1qgM2OZ4hyI +Mzj6tyBwLZHnyiebgS8pptbw6ux7pIZhVq+9MCaR59kY6U6QbmarGkhwYp25DhH6 +SdU8jCBSm7BqcYWlkmYi6nkMU7Fmq4I9fBZ4/QIDAQABAoIBAQDC15uPQ+SaEkYJ +AEM1ZrQUa0tFkHVHFQROh5xGfc5P/ra9OHtOdadNc6s4brccu00WdJt1EW7iAIby +XhrXNlHHKo6DF/NymIcdKPXpBOw471mtDpOKfoKm73+WtdxQIbGEo1pzrhkXBY4B +wZM4rG9EymdbEDv4rt4iY4sKRpzNGFbcY9b+EVZyFoYAwc92+uVCamAkNMY65S8d +qAnEqwBrfg45FMmbls78UFC8sq98X5uXrvRuXXAb7753EO3AXtiRfSqCIFnp6+VQ +4/dQpWSiHmm7MAKHE8pBkv++dpSjQZB8Hg4Ye4DsbMeJpqPJyuH/+pqQzyErsHN3 +X31JWRwBAoGBAOXpaosSTMg0DW7ydX+s+sALLT7zu4MofZNswYU1WrfvYH8ImejZ +/9UXpkwZ5QF0bTRATN75luNTy7Tv47cLfnmGRUY9vQNcE97kuIimyhUI61co3Kmx +qks6xyVCk5IIYLWdT/hrO6NbFEAfYft3u950VDfWb/GxljWhpLWASTyhAoGBAODx +6lmYKFXinZnT7AjYwBVROyzGlUaRpMKAwd5EtN7W3/Fn9kJXqAPMi+SefVCIqYJ4 +x/9sK803de7DZtLwUA8GMsY4W9Ct9b5tRg2ckSqJZNlf6iMcds5uLstmy8Nzxw8M +pRB0tQlMmOc0SVMTpkiMNvE4etLJ8+zNhdXW9+LdAoGBALw4pJ3oRG3el2TOID1/ +SuVwAQG5njiZLH1GGwRIEtXkpjY5v27vEc/NhbpltKLFQyX0wjoFUW8YSfv+LInN +YiRxNUN1Bcm7VxUyYJSXH3erDqgTbtuJ9OWT4Ddz0sZKD4p/mFnCyFdLGEAKsTei +5W4QBGaWKp1PCq8rf2GL/ekhAoGBAMlqlAapYeSVR70Hrx+0xTnRRIUxQ1Su8LJg +jDczmii2ikskZbK9vmm4a8LHzzmfRPjYoWwqNYZJlMW4HYffOjBZwnkO2defDJ34 +RnPFr45A/BZP9dx+jjsFGc1zPBzEvIbTMbHsbnXnKjpL7SQAQjJPqpqPkhrQTiPJ +W39APzHZAoGASmTfmDOPRj/s1z6awTRisp2S92KldWwMEaczvjaPthEQqL5GkDSi +rECFVQ6SVCGKHMCf3iEZzReAB0d53UlTb4AeYbddxJAjpuYJqB/1/gOVamVzL+Bl ++Bz5IJAuJ8w9yEBGmCgBc6yffFpZqAKle+RYmLyjZKlO1jh7S2ZrWiA= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/main.test b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/ta-with-constraints.test new file mode 100644 index 0000000000..14a6e03b0a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/non-self-signed-root/ta-with-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.2.txt new file mode 100644 index 0000000000..859d749531 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=Bad Signed CA,O=Test Certificates 2011,C=US) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.3.txt new file mode 100644 index 0000000000..eca3c4ed90 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.3.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid EE Signature Test3,O=Test Certificates 2011,C=US) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.4.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.4.txt new file mode 100644 index 0000000000..5f822de7bd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.4.txt @@ -0,0 +1,6 @@ +----- Certificate i=0 (CN=Valid DSA Signatures EE Certificate Test4,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable signature algorithm + +----- Certificate i=1 (CN=DSA CA,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable public key + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.5.txt new file mode 100644 index 0000000000..bb7da49ba7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.5.txt @@ -0,0 +1,6 @@ +----- Certificate i=1 (CN=DSA Parameters Inherited CA,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable signature algorithm + +----- Certificate i=2 (CN=DSA CA,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable public key + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.6.txt new file mode 100644 index 0000000000..4f0fd645f5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.1.6.txt @@ -0,0 +1,6 @@ +----- Certificate i=0 (CN=Invalid DSA Signature EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable signature algorithm + +----- Certificate i=1 (CN=DSA CA,O=Test Certificates 2011,C=US) ----- +ERROR: Unacceptable public key + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.2.txt new file mode 100644 index 0000000000..708d5801e8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.3.txt new file mode 100644 index 0000000000..4056383b4d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.1.3.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.10.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.10.txt new file mode 100644 index 0000000000..361dcb75d9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.10.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Policy Mapping EE Certificate Test10,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.13.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.13.txt new file mode 100644 index 0000000000..70d5f44ab0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.13.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test13,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.2.txt new file mode 100644 index 0000000000..d47349e663 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.2.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Policy Mapping EE Certificate Test2,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.3.txt new file mode 100644 index 0000000000..cd2c8c08f1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.3.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test3,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.4.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.4.txt new file mode 100644 index 0000000000..7d35fa0553 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.4.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Policy Mapping EE Certificate Test4,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.5.txt new file mode 100644 index 0000000000..402aa0c66c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.5.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test5,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.6.txt new file mode 100644 index 0000000000..40f7d32a24 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.6.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid Policy Mapping EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.7.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.7.txt new file mode 100644 index 0000000000..6cc5c72666 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.7.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Invalid Mapping From anyPolicy EE Certificate Test7,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=Mapping From anyPolicy CA,O=Test Certificates 2011,C=US) ----- +ERROR: PolicyMappings must not map anyPolicy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.8.txt new file mode 100644 index 0000000000..d993d7e644 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.10.8.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Invalid Mapping To anyPolicy EE Certificate Test8,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=Mapping To anyPolicy CA,O=Test Certificates 2011,C=US) ----- +ERROR: PolicyMappings must not map anyPolicy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.1.txt new file mode 100644 index 0000000000..211b5f2036 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.1.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitPolicyMapping EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.10.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.10.txt new file mode 100644 index 0000000000..ab9d3f3af4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.10.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.11.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.11.txt new file mode 100644 index 0000000000..eaf1541f2a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.11.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.3.txt new file mode 100644 index 0000000000..3f860205df --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.3.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitPolicyMapping EE Certificate Test3,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.5.txt new file mode 100644 index 0000000000..f7113272ba --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.5.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitPolicyMapping EE Certificate Test5,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.6.txt new file mode 100644 index 0000000000..b61d2e0585 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.6.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitPolicyMapping EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.8.txt new file mode 100644 index 0000000000..1088ec7fb2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.8.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.9.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.9.txt new file mode 100644 index 0000000000..ecda3c1d0b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.11.9.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.1.txt new file mode 100644 index 0000000000..922e48c5b2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.1.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitAnyPolicy EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.10.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.10.txt new file mode 100644 index 0000000000..ec90ab8cae --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.10.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=inhibitAnyPolicy1 subCA2,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.3.txt new file mode 100644 index 0000000000..b2e999231d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.3.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=inhibitAnyPolicy EE Certificate Test3,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=inhibitAnyPolicy1 subCA1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.4.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.4.txt new file mode 100644 index 0000000000..5b93c9a6fe --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.4.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitAnyPolicy EE Certificate Test4,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.5.txt new file mode 100644 index 0000000000..5fcc4aa095 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.5.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitAnyPolicy EE Certificate Test5,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.6.txt new file mode 100644 index 0000000000..977bc68c38 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.6.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid inhibitAnyPolicy EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.8.txt new file mode 100644 index 0000000000..9fb9d17a34 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.12.8.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=inhibitAnyPolicy1 subsubCA2,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.10.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.10.txt new file mode 100644 index 0000000000..13c36ae405 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.10.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test10,OU=excludedSubtree1,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.12.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.12.txt new file mode 100644 index 0000000000..0cd6f36fae --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.12.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test12,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.13.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.13.txt new file mode 100644 index 0000000000..1c07d1ac40 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.13.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test13,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.15.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.15.txt new file mode 100644 index 0000000000..1b4073284b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.15.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test15,OU=excludedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.16.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.16.txt new file mode 100644 index 0000000000..904c8ee684 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.16.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test16,OU=excludedSubtree2,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.17.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.17.txt new file mode 100644 index 0000000000..e76b046667 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.17.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test17,OU=excludedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.2.txt new file mode 100644 index 0000000000..7e2ec26ba9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test2,OU=excludedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.20.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.20.txt new file mode 100644 index 0000000000..805516bfa3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.20.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=nameConstraints DN1 CA,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.21.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.21.txt new file mode 100644 index 0000000000..66feb3d5ef --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.21.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid RFC822 nameConstraints EE Certificate Test21,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.22.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.22.txt new file mode 100644 index 0000000000..9267598b0c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.22.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid RFC822 nameConstraints EE Certificate Test22,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.23.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.23.txt new file mode 100644 index 0000000000..40e6361b50 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.23.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid RFC822 nameConstraints EE Certificate Test23,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.24.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.24.txt new file mode 100644 index 0000000000..e2931dd9ed --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.24.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid RFC822 nameConstraints EE Certificate Test24,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.25.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.25.txt new file mode 100644 index 0000000000..70fb7bba6a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.25.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid RFC822 nameConstraints EE Certificate Test25,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.26.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.26.txt new file mode 100644 index 0000000000..bcec7c980e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.26.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid RFC822 nameConstraints EE Certificate Test26,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.27.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.27.txt new file mode 100644 index 0000000000..a581b115e6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.27.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid DN and RFC822 nameConstraints EE Certificate Test27,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.28.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.28.txt new file mode 100644 index 0000000000..bb047612d9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.28.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.29.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.29.txt new file mode 100644 index 0000000000..df0ad64868 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.29.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (emailAddress=Test29EE@invalidcertificates.gov,CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.3.txt new file mode 100644 index 0000000000..d68f8f2a72 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.3.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test3,OU=permittedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.31.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.31.txt new file mode 100644 index 0000000000..b8d90faea2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.31.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DNS nameConstraints EE Certificate Test31,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.33.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.33.txt new file mode 100644 index 0000000000..5eeb535b81 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.33.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DNS nameConstraints EE Certificate Test33,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.34.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.34.txt new file mode 100644 index 0000000000..6d0454c9ff --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.34.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid URI nameConstraints EE Certificate Test34,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.35.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.35.txt new file mode 100644 index 0000000000..0bb1cd1b56 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.35.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid URI nameConstraints EE Certificate Test35,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.36.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.36.txt new file mode 100644 index 0000000000..b92234ea89 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.36.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid URI nameConstraints EE Certificate Test36,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.37.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.37.txt new file mode 100644 index 0000000000..c36d64982d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.37.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid URI nameConstraints EE Certificate Test37,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.38.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.38.txt new file mode 100644 index 0000000000..72d4259609 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.38.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DNS nameConstraints EE Certificate Test38,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.7.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.7.txt new file mode 100644 index 0000000000..8336241346 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.7.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test7,OU=excludedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.8.txt new file mode 100644 index 0000000000..ae5a54aebd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.8.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test8,OU=excludedSubtree1,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.9.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.9.txt new file mode 100644 index 0000000000..5d4d983899 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.13.9.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid DN nameConstraints EE Certificate Test9,OU=excludedSubtree2,O=Test Certificates 2011,C=US) ----- +ERROR: Not permitted by name constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.16.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.16.2.txt new file mode 100644 index 0000000000..40c7a8f084 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.16.2.txt @@ -0,0 +1,5 @@ +----- Certificate i=0 (CN=Invalid Unknown Critical Certificate Extension EE Cert Test2,O=Test Certificates 2011,C=US) ----- +ERROR: Unconsumed critical extension + oid: 608648016502010C02 + value: 020100 + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.1.txt new file mode 100644 index 0000000000..ef170c0072 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.1.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=Bad notBefore Date CA,O=Test Certificates 2011,C=US) ----- +ERROR: Time is before notBefore + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.2.txt new file mode 100644 index 0000000000..a3c78b3ecb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid EE notBefore Date EE Certificate Test2,O=Test Certificates 2011,C=US) ----- +ERROR: Time is before notBefore + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.5.txt new file mode 100644 index 0000000000..38f44cf079 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.5.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=Bad notAfter Date CA,O=Test Certificates 2011,C=US) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.6.txt new file mode 100644 index 0000000000..f0f644830b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.6.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid EE notAfter Date EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.7.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.7.txt new file mode 100644 index 0000000000..95a07b4680 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.2.7.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7,O=Test Certificates 2011,C=US) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.1.txt new file mode 100644 index 0000000000..b48ab39f2c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.1.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid Name Chaining EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: subject does not match issuer + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.2.txt new file mode 100644 index 0000000000..41e18e3d24 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.3.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid Name Chaining Order EE Certificate Test2,O=Test Certificates 2011,C=US) ----- +ERROR: subject does not match issuer + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.1.txt new file mode 100644 index 0000000000..02c80daa06 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.1.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=Missing basicConstraints CA,O=Test Certificates 2011,C=US) ----- +ERROR: Does not have Basic Constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.10.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.10.txt new file mode 100644 index 0000000000..8cfcdca9b6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.10.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint6 subsubCA00,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.11.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.11.txt new file mode 100644 index 0000000000..7c37f13c85 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.11.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint6 subsubsubCA11X,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.12.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.12.txt new file mode 100644 index 0000000000..7c37f13c85 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.12.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint6 subsubsubCA11X,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.16.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.16.txt new file mode 100644 index 0000000000..f0c2aea721 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.16.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint0 subCA2,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.2.txt new file mode 100644 index 0000000000..fa2189f4ab --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=basicConstraints Critical cA False CA,O=Test Certificates 2011,C=US) ----- +ERROR: Basic Constraints indicates not a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.3.txt new file mode 100644 index 0000000000..efa7ce357f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.3.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=basicConstraints Not Critical cA False CA,O=Test Certificates 2011,C=US) ----- +ERROR: Basic Constraints indicates not a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.5.txt new file mode 100644 index 0000000000..ad9add7747 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.5.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint0 subCA,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.6.txt new file mode 100644 index 0000000000..ad9add7747 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.6.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint0 subCA,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.9.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.9.txt new file mode 100644 index 0000000000..8cfcdca9b6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.6.9.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=pathLenConstraint6 subsubCA00,O=Test Certificates 2011,C=US) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.1.txt new file mode 100644 index 0000000000..a7f4d2cd7b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.1.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=keyUsage Critical keyCertSign False CA,O=Test Certificates 2011,C=US) ----- +ERROR: keyCertSign bit is not set + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.2.txt new file mode 100644 index 0000000000..5e00116775 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.7.2.txt @@ -0,0 +1,3 @@ +----- Certificate i=1 (CN=keyUsage Not Critical keyCertSign False CA,O=Test Certificates 2011,C=US) ----- +ERROR: keyCertSign bit is not set + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.1.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.1.txt new file mode 100644 index 0000000000..5becaeb9cd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.1.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Valid EE Certificate Test1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.12.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.12.txt new file mode 100644 index 0000000000..8e9d122396 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.12.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test12,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.14.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.14.txt new file mode 100644 index 0000000000..70e720a5aa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.14.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=anyPolicy EE Certificate Test14,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.2.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.2.txt new file mode 100644 index 0000000000..85873bb538 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.2.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=All Certificates No Policies EE Certificate Test2,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=No Policies CA,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.3.txt new file mode 100644 index 0000000000..4cfb8e24f5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.3.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test3,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=Policies P2 subCA,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.4.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.4.txt new file mode 100644 index 0000000000..554731bbbe --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.4.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test4,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.5.txt new file mode 100644 index 0000000000..4cb38cb774 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.5.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test5,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.6.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.6.txt new file mode 100644 index 0000000000..c603390cef --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.6.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Overlapping Policies EE Certificate Test6,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.7.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.7.txt new file mode 100644 index 0000000000..eee8d475cc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.7.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test7,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.8.txt new file mode 100644 index 0000000000..7a875409c5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.8.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test8,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=Policies P12 subsubCAP1P2,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.9.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.9.txt new file mode 100644 index 0000000000..8c66d3955a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.8.9.txt @@ -0,0 +1,7 @@ +----- Certificate i=0 (CN=Different Policies EE Certificate Test9,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + +----- Certificate i=1 (CN=Policies P123 subsubsubCAP12P2P1,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.3.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.3.txt new file mode 100644 index 0000000000..3a3660e514 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.3.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid requireExplicitPolicy EE Certificate Test3,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.5.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.5.txt new file mode 100644 index 0000000000..39c136a46c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.5.txt @@ -0,0 +1,4 @@ +----- Certificate i=0 (CN=Invalid requireExplicitPolicy EE Certificate Test5,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.7.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.7.txt new file mode 100644 index 0000000000..f38427d9af --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.7.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.8.txt b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.8.txt new file mode 100644 index 0000000000..1b150bf2aa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/pkits_errors/4.9.8.txt @@ -0,0 +1,3 @@ +----- Certificate i=0 (CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8,O=Test Certificates 2011,C=US) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/chain.pem new file mode 100644 index 0000000000..3db64b80b9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/chain.pem @@ -0,0 +1,276 @@ +[Created by: ./generate-chains.py] + +Certificate chain with inhibitAnyPolicy on the root, and an intermediate +that uses anyPolicy. Should fail if the policyConstraints on the root are +enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5a:d9:1e:25:c2:df:a8:d3:08:03:19:0f:58:d0:d7:b7:19:da:11:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b1:df:79:78:69:06:41:4f:b2:c1:6a:83:99:da: + 2b:0b:0a:e3:a1:99:04:7f:24:50:ce:1a:97:b1:b2: + 42:cc:32:80:1b:34:f6:8e:6a:06:a0:46:ab:fb:0f: + 1b:a9:b7:01:5a:c3:25:82:6c:00:cd:1d:13:40:a4: + 70:88:96:e0:94:79:ed:2a:47:a9:d2:f3:7e:ac:1d: + 15:28:d8:88:32:9b:7a:2c:10:09:41:3a:8b:ef:f9: + 96:36:cd:27:11:02:f6:76:18:95:fe:4d:d7:e5:35: + 41:40:1f:05:46:c8:63:a1:52:45:43:30:54:83:9e: + 7c:eb:48:a1:66:ca:4a:21:69:25:d8:29:12:39:f5: + 4b:14:97:3b:42:f2:c7:7e:38:cd:2c:57:56:b9:92: + ea:f3:15:c3:33:7f:fe:92:41:a6:d3:b5:72:f6:87: + 31:66:bf:a2:5b:0b:66:ed:c8:f0:fe:b7:34:2c:dc: + 09:16:d2:54:c1:b6:d1:1c:6e:ff:55:28:29:44:bd: + b7:9f:40:ea:87:88:23:51:a4:23:25:61:25:b6:b9: + db:39:64:03:12:ba:17:86:f5:02:56:07:94:ff:f2: + 1c:d0:03:f6:60:19:5d:56:48:c1:0e:a7:2b:79:9b: + 8f:f4:0d:d2:eb:44:bb:85:18:64:f6:e4:46:3b:9c: + 68:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:FA:9C:59:69:9E:9A:82:47:3A:65:24:E7:00:9E:DC:54:53:54:5C + X509v3 Authority Key Identifier: + 48:8C:E1:C6:32:0E:AB:6E:B3:7B:4B:CB:28:2A:AF:69:BE:BC:96:E0 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 05:38:45:d0:f2:65:e1:0a:b8:35:e2:d0:5d:b0:e4:53:20:aa: + 0f:7e:2b:4c:74:b1:49:a3:04:88:89:58:1b:ac:f8:e7:03:ce: + d9:82:82:67:f2:6f:12:53:5e:7b:e4:d6:6c:a9:3d:c9:c4:12: + 18:d3:8b:29:ea:c7:9b:66:39:39:6e:dc:25:de:a4:f4:1d:34: + d3:50:50:7d:ff:7d:4a:5c:85:3f:30:d1:dd:14:9f:42:42:b5: + 4d:1a:47:66:f6:87:c6:fa:43:91:f0:3c:77:b0:79:71:94:06: + 14:da:a8:9e:02:6c:d2:d0:2b:af:72:d3:15:20:40:ca:2c:7a: + 8f:6e:58:d6:10:e5:fa:51:d4:80:00:eb:9b:b5:9d:43:d3:ff: + 78:7a:45:da:4f:e5:6a:80:87:e4:85:18:c2:8e:f2:cb:0f:ba: + fe:e5:95:b2:d6:bc:a2:bc:5c:66:b6:59:16:44:bd:da:d3:52: + 24:ea:31:cf:e7:2a:65:98:95:df:19:23:70:b4:45:ae:fb:6c: + 3a:f7:ce:ad:fd:76:97:89:59:b0:1e:e0:d5:08:0a:f4:0d:47: + b9:d8:eb:86:12:41:c8:25:7c:0d:ad:a9:59:c9:de:79:e7:4e: + ab:ce:18:91:a3:34:07:6f:09:a6:ff:fd:aa:43:15:4f:0d:1a: + c1:8d:ff:2a +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUWtkeJcLfqNMIAxkPWNDXtxnaEaEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAsd95eGkGQU+ywWqDmdorCwrjoZkEfyRQzhqXsbJCzDKA +GzT2jmoGoEar+w8bqbcBWsMlgmwAzR0TQKRwiJbglHntKkep0vN+rB0VKNiIMpt6 +LBAJQTqL7/mWNs0nEQL2dhiV/k3X5TVBQB8FRshjoVJFQzBUg55860ihZspKIWkl +2CkSOfVLFJc7QvLHfjjNLFdWuZLq8xXDM3/+kkGm07Vy9ocxZr+iWwtm7cjw/rc0 +LNwJFtJUwbbRHG7/VSgpRL23n0Dqh4gjUaQjJWEltrnbOWQDEroXhvUCVgeU//Ic +0AP2YBldVkjBDqcreZuP9A3S60S7hRhk9uRGO5xotQIDAQABo4H+MIH7MB0GA1Ud +DgQWBBSA+pxZaZ6agkc6ZSTnAJ7cVFNUXDAfBgNVHSMEGDAWgBRIjOHGMg6rbrN7 +S8soKq9pvryW4DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAAU4RdDyZeEKuDXi0F2w5FMgqg9+K0x0 +sUmjBIiJWBus+OcDztmCgmfybxJTXnvk1mypPcnEEhjTiynqx5tmOTlu3CXepPQd +NNNQUH3/fUpchT8w0d0Un0JCtU0aR2b2h8b6Q5HwPHeweXGUBhTaqJ4CbNLQK69y +0xUgQMoseo9uWNYQ5fpR1IAA65u1nUPT/3h6RdpP5WqAh+SFGMKO8ssPuv7llbLW +vKK8XGa2WRZEvdrTUiTqMc/nKmWYld8ZI3C0Ra77bDr3zq39dpeJWbAe4NUICvQN +R7nY64YSQcglfA2tqVnJ3nnnTqvOGJGjNAdvCab//apDFU8NGsGN/yo= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 27:31:77:a6:0a:3a:73:f3:ea:47:c4:6a:4b:cb:b8:a6:ba:0c:4b:fd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:1d:00:3e:0c:67:5d:f7:ff:70:1e:a1:33:e9: + b3:28:7a:3c:3f:5e:ab:a7:8d:b5:91:c2:02:8e:2c: + b1:93:90:43:4e:2a:d4:1b:80:bd:1c:8b:4c:5d:74: + 16:8a:fa:6f:88:2e:87:39:e0:11:c4:7c:4b:76:fd: + 87:f0:1f:38:0e:5c:6d:33:2d:16:00:3d:15:dc:14: + fb:ee:5f:bf:49:41:3c:ec:e7:43:74:1c:71:fb:bc: + 6b:ae:54:5f:5e:90:fb:5b:b0:93:8c:72:79:6a:d2: + 8e:c6:7b:1f:ac:d9:c1:d7:30:ee:d2:b1:39:cb:7d: + 44:96:9d:eb:31:d1:28:74:f8:b5:80:e3:62:86:73: + 28:02:62:83:12:32:e9:42:6a:ed:75:5b:ec:ba:7d: + 30:62:74:a0:2c:1e:1e:9b:10:85:22:1a:af:bf:f0: + 0c:4d:9b:bd:1e:fb:fd:a5:dc:e9:98:fb:35:61:4a: + ca:cb:6c:e0:4d:10:f4:fe:b8:17:ad:30:91:30:db: + 9a:53:6b:2f:1c:d9:ec:f2:28:d7:42:b9:b5:02:0d: + 5f:52:ed:9f:16:b6:14:7b:cf:28:d7:f7:5e:02:38: + df:0e:bc:60:40:6a:6f:65:64:a6:4a:ae:fd:d0:b7: + aa:5f:40:c6:e1:17:c1:dc:9a:25:1f:4e:56:90:9e: + ab:63 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 48:8C:E1:C6:32:0E:AB:6E:B3:7B:4B:CB:28:2A:AF:69:BE:BC:96:E0 + X509v3 Authority Key Identifier: + 99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: X509v3 Any Policy + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 88:09:58:2d:a5:73:dc:dd:1b:fd:8a:e2:31:38:5e:9a:b9:f8: + 5d:68:db:00:a5:48:92:8e:28:6e:51:f0:9a:7b:ad:ac:d3:05: + b2:30:5c:45:e0:5d:9e:e5:47:c5:96:d0:5e:87:66:ee:8c:96: + 4b:ab:cb:71:63:41:83:93:30:86:e9:a2:4b:27:fa:7d:0f:28: + 52:9a:a1:ad:82:79:ca:c7:b6:c0:26:9c:bb:9e:b7:17:98:11: + 9d:d0:6b:e3:de:0c:88:08:0d:17:68:77:4a:c9:62:0f:f2:c0: + 76:04:40:d6:8e:c1:14:39:50:be:63:09:cd:a7:38:06:8e:aa: + 3a:ee:9c:39:1f:bb:1d:fc:c2:09:e9:69:d3:91:b4:58:8f:e1: + d6:b3:fa:34:fa:b4:ef:45:e8:c5:fc:8b:10:57:a9:74:fc:6e: + 3f:37:2f:37:24:c4:e1:19:84:71:f1:27:aa:cf:f0:1f:37:33: + 20:f9:11:14:14:ad:21:f7:8b:59:51:af:a2:16:86:61:cc:df: + a2:5d:d0:1d:42:4a:6f:44:b8:78:ec:d7:98:2f:55:f7:78:42: + ec:21:0c:ba:ee:36:5f:d7:e5:d6:91:e0:63:cc:d2:ea:31:bd: + ce:09:ec:44:be:d9:0b:ed:d0:43:68:24:02:27:88:0a:4d:62: + f1:c0:2c:b5 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUJzF3pgo6c/PqR8RqS8u4proMS/0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMIdAD4MZ133/3AeoTPpsyh6PD9eq6eNtZHCAo4ssZOQQ04q +1BuAvRyLTF10For6b4guhzngEcR8S3b9h/AfOA5cbTMtFgA9FdwU++5fv0lBPOzn +Q3Qccfu8a65UX16Q+1uwk4xyeWrSjsZ7H6zZwdcw7tKxOct9RJad6zHRKHT4tYDj +YoZzKAJigxIy6UJq7XVb7Lp9MGJ0oCweHpsQhSIar7/wDE2bvR77/aXc6Zj7NWFK +ysts4E0Q9P64F60wkTDbmlNrLxzZ7PIo10K5tQINX1Ltnxa2FHvPKNf3XgI43w68 +YEBqb2Vkpkqu/dC3ql9AxuEXwdyaJR9OVpCeq2MCAwEAAaOB8jCB7zAdBgNVHQ4E +FgQUSIzhxjIOq26ze0vLKCqvab68luAwHwYDVR0jBBgwFoAUmVkApCHaczX60EZ8 +Xjpk58HKxHEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdJAEB/wQFMAOAAQAwFAYDVR0gAQH/BAowCDAGBgRVHSAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQCICVgtpXPc3Rv9iuIxOF6aufhdaNsApUiSjihuUfCae62s0wWy +MFxF4F2e5UfFltBeh2bujJZLq8txY0GDkzCG6aJLJ/p9DyhSmqGtgnnKx7bAJpy7 +nrcXmBGd0Gvj3gyICA0XaHdKyWIP8sB2BEDWjsEUOVC+YwnNpzgGjqo67pw5H7sd +/MIJ6WnTkbRYj+HWs/o0+rTvRejF/IsQV6l0/G4/Ny83JMThGYRx8Seqz/AfNzMg ++REUFK0h94tZUa+iFoZhzN+iXdAdQkpvRLh47NeYL1X3eELsIQy67jZf1+XWkeBj +zNLqMb3OCexEvtkL7dBDaCQCJ4gKTWLxwCy1 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 27:31:77:a6:0a:3a:73:f3:ea:47:c4:6a:4b:cb:b8:a6:ba:0c:4b:fc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:98:98:3f:4c:87:cb:65:52:40:92:de:70:8f:fe: + 49:25:11:9f:7b:10:6b:64:a6:04:81:89:5d:df:f9: + 01:1f:a8:f7:5a:a8:bf:36:f8:0f:37:bc:f6:8b:03: + 90:f9:cf:09:b4:9b:8b:7a:ee:1d:80:ad:fc:29:92: + d9:7e:51:f6:18:43:df:26:cb:1a:e2:43:d7:c4:bd: + bb:f8:95:7a:e4:54:3d:9c:7e:c3:31:d6:20:d5:13: + 84:ee:9c:a3:83:1d:70:27:e0:48:aa:62:df:81:1a: + ef:6c:5f:f6:69:7a:3a:e6:eb:86:22:37:3e:73:ee: + cf:b3:5f:7f:c5:fe:64:61:35:79:04:0f:3b:48:83: + c0:99:65:39:41:8f:b7:b4:6a:aa:ee:c9:e8:84:36: + 4e:5d:77:37:dd:0f:ff:20:5e:e2:a0:d8:45:48:36: + 1b:c5:89:40:71:0f:83:e8:de:90:7d:22:e1:e5:64: + 9a:35:77:31:8b:e1:3e:95:25:4a:03:d4:b4:30:ce: + b4:06:29:d7:8f:3a:03:2a:f0:fa:9a:9b:7d:45:b3: + 7d:81:4c:c8:ae:45:64:de:28:6c:d5:53:11:2d:03: + 37:35:45:88:7f:51:51:e3:36:c3:10:3e:71:d0:e6: + 78:5d:87:ae:39:2a:dd:2f:29:13:18:af:00:5c:71: + 1b:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71 + X509v3 Authority Key Identifier: + 99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Inhibit Any Policy: critical + 0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 84:91:b6:14:f8:76:93:b3:61:fc:65:c1:09:72:81:f9:a8:d4: + cb:b2:45:f6:15:a5:7b:6c:e0:c0:a6:b4:23:05:ed:c9:a0:ab: + 1a:bd:e4:1e:a0:2d:b9:5f:6a:64:8c:0c:00:be:87:85:55:ae: + a9:55:db:03:db:f9:76:0f:f7:44:a9:3a:f0:af:82:78:ea:aa: + 97:63:e3:99:d0:8e:36:29:4b:09:8d:85:75:9e:85:10:47:37: + 48:31:6e:7c:7c:3d:03:17:b5:52:f3:90:05:d9:93:81:0d:72: + d8:5f:6f:64:f5:3e:cc:15:a2:e2:18:15:4a:b4:6a:7a:ff:d5: + d6:9b:e2:ad:87:74:36:ec:2c:54:c7:79:86:14:a0:f0:26:e4: + 86:ae:62:45:6c:0f:69:e2:d9:05:9e:55:60:8d:ed:f8:de:6c: + 4d:ac:23:a2:94:2b:95:a3:e8:7c:c1:40:5e:c5:63:b4:4d:53: + 20:10:98:09:98:dd:ad:64:fe:dc:95:a0:c7:ca:3d:7a:f8:96: + 45:f1:96:07:ba:4f:13:22:7d:45:5f:89:1c:3f:e6:6c:78:67: + 54:69:6f:5f:c7:d9:d4:bb:34:27:6f:f4:e3:26:55:e6:79:14: + 76:64:c8:7e:e8:9d:de:7f:6a:85:a3:8f:d0:88:6c:ab:3f:5c: + 55:4b:88:38 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUJzF3pgo6c/PqR8RqS8u4proMS/wwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCYmD9Mh8tlUkCS3nCP/kklEZ97EGtkpgSBiV3f+QEfqPdaqL82+A83vPaL +A5D5zwm0m4t67h2Arfwpktl+UfYYQ98myxriQ9fEvbv4lXrkVD2cfsMx1iDVE4Tu +nKODHXAn4EiqYt+BGu9sX/Zpejrm64YiNz5z7s+zX3/F/mRhNXkEDztIg8CZZTlB +j7e0aqruyeiENk5ddzfdD/8gXuKg2EVINhvFiUBxD4Po3pB9IuHlZJo1dzGL4T6V +JUoD1LQwzrQGKdePOgMq8Pqam31Fs32BTMiuRWTeKGzVUxEtAzc1RYh/UVHjNsMQ +PnHQ5nhdh645Kt0vKRMYrwBccRtrAgMBAAGjgdowgdcwHQYDVR0OBBYEFJlZAKQh +2nM1+tBGfF46ZOfBysRxMB8GA1UdIwQYMBaAFJlZAKQh2nM1+tBGfF46ZOfBysRx +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYB +Af8EAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAhJG2FPh2k7Nh/GXBCXKB+ajUy7JF +9hWle2zgwKa0IwXtyaCrGr3kHqAtuV9qZIwMAL6HhVWuqVXbA9v5dg/3RKk68K+C +eOqql2PjmdCONilLCY2FdZ6FEEc3SDFufHw9Axe1UvOQBdmTgQ1y2F9vZPU+zBWi +4hgVSrRqev/V1pvirYd0NuwsVMd5hhSg8Cbkhq5iRWwPaeLZBZ5VYI3t+N5sTawj +opQrlaPofMFAXsVjtE1TIBCYCZjdrWT+3JWgx8o9eviWRfGWB7pPEyJ9RV+JHD/m +bHhnVGlvX8fZ1Ls0J2/04yZV5nkUdmTIfuid3n9qhaOP0Ihsqz9cVUuIOA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/generate-chains.py new file mode 100755 index 0000000000..dbf432f1b7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/generate-chains.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with inhibitAnyPolicy on the root, and an intermediate +that uses anyPolicy. Should fail if the policyConstraints on the root are +enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('inhibitAnyPolicy', 'critical,0') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,anyPolicy') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Intermediate.key new file mode 100644 index 0000000000..b6586389fe --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCHQA+DGdd9/9w +HqEz6bMoejw/XqunjbWRwgKOLLGTkENOKtQbgL0ci0xddBaK+m+ILoc54BHEfEt2 +/YfwHzgOXG0zLRYAPRXcFPvuX79JQTzs50N0HHH7vGuuVF9ekPtbsJOMcnlq0o7G +ex+s2cHXMO7SsTnLfUSWnesx0Sh0+LWA42KGcygCYoMSMulCau11W+y6fTBidKAs +Hh6bEIUiGq+/8AxNm70e+/2l3OmY+zVhSsrLbOBNEPT+uBetMJEw25pTay8c2ezy +KNdCubUCDV9S7Z8WthR7zyjX914CON8OvGBAam9lZKZKrv3Qt6pfQMbhF8HcmiUf +TlaQnqtjAgMBAAECggEAMEIPfl2NETKHgbNLtmFCVizVb5e0qyoy2rLV+cyotRvn +b7Z8Fv5RhZgn+w/STujl84BFxCCtqiCQjluHgS3xvLhDubZawuJs3dMlsuSA5NBg +OjFgdqxftgro5mU5dIQsyWXDuOX4w5LnRfb0L//PDhWvOhgvWySgeaV3BGKQYUvI +09DxqDuFBSgFYBqqoRad7oX5CM3P85S3rNsBHFA0uvmF/o9Lot9ClTqIbZ+ox86J +YSwkpZRNJF5Nrnqsb5lAFXzhcAif8fJYAHvg6aqnnOq+3aTjzHAShH+1vn74WOd9 +jlm/8plkjF2y+rTWcE/bSLn468vl3g8yplMzn9snSQKBgQDguCWVCzq5cAWvQEQQ +OafBhZpkmpVurHm3/XRlooIeNenrxUZs3jjqMn4G8j83oPGYCoKKJXI2zAM4A435 +jep7Mrta+/84okYxL764T9d/+SU8uCAYuQgyIS1XAFaYbSJms0VrZkYh1EvCNhsw +8u4PABICpXaOeGZD1kKXRcz5zQKBgQDdIjXuZVCT5LnF2ZGJbIwRgZ1OYrNYKlWs +NxsCL2MZLOvKBu3nvYZXmzHn7fxW7LhA6IViSu1nxOhvvjYHZd+5t/ijUevkdq0H +72qWBgMivJo0qu1t9aqBuvXgY3zHB6YCnK52lTTsnDOwzgw/jEB+ByCJaOpQsgpL +UbitYR5J7wKBgQDgmWyGoOiausoTtOnSRa3TkBMWBiLgsOYe7OXPRzNBuqUIDu4q +lZjRCpJHowtoMCYHzklWhcK33gRBkdvu1tbLN5NmhoM6OYZqVswKL1K2B3AeVfFO +hHEamWpVkHL8eeduOjNh+qCR4zus6qMWs1cYCvv1RSdPkiq0FowL4anS6QKBgAfj +io0ArEk6Za47PsfqSWzudNAxETjZ+ch1Bs+jJSPmyFqiuKYFyt8hODyP7uqi80fN +g8Sn66RCEBC8dmz5I2wathINgB7cZPvdfK3xdPcuR0oNtv6vPu/13YOtyOvIyBFb +yZWNaR/vyqBKGYHC3SIh2vVL+t/6Ggfp2G7HAi+dAoGAHsm7cWI9azwnrTQwOOWx +5jz0wLHWfqjcv3UhVv4Mgt5liC9jRrNeZ1zF0Lj/nymIMvNbYy/00pUc69sqDWVj +E9csUu3NELzOif9ZnlVWLxyyG3j6ULU1P6aQOj1yKd1IVMKOJDdleXi5N92LPhL5 +Qw4F+r1tNWElsfDkhZhy0jw= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Root.key new file mode 100644 index 0000000000..0602a25e8e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYmD9Mh8tlUkCS +3nCP/kklEZ97EGtkpgSBiV3f+QEfqPdaqL82+A83vPaLA5D5zwm0m4t67h2Arfwp +ktl+UfYYQ98myxriQ9fEvbv4lXrkVD2cfsMx1iDVE4TunKODHXAn4EiqYt+BGu9s +X/Zpejrm64YiNz5z7s+zX3/F/mRhNXkEDztIg8CZZTlBj7e0aqruyeiENk5ddzfd +D/8gXuKg2EVINhvFiUBxD4Po3pB9IuHlZJo1dzGL4T6VJUoD1LQwzrQGKdePOgMq +8Pqam31Fs32BTMiuRWTeKGzVUxEtAzc1RYh/UVHjNsMQPnHQ5nhdh645Kt0vKRMY +rwBccRtrAgMBAAECggEALrVXltjwMOz6+Bnfkavv/slErFpLzSymL3J5SjABoIvL +XzRNB4npupF8U/P9AgJWQbLlAHV3kWZwS9d3/Jsg/a901H6SFZVXrBC5w28aBV8l +1svUeuJE/YPyiklnIaC2rnYQOBt4t5+jjuRW3FV+RyXr0nhfhQQiDpFaXqQuXLSU +meybxNnbZU+k5ZDCbmSxFjTHSRYGGJZ9SVp3Vz8U/L+iJv30PZt4iuuNk04JCJen +ITYYUknEv8DFBEib/ervBp8YXnzKsgi5vpBxfHRuN9zJxWvVmuykuWTqHIgFcGid +PeBDC10CAdfzfpI56u6yydgwKD6XUCADnOftfhrtMQKBgQC2cmTqWXhoimwkCgld +oMGfy5gEW8sTQxgUA5PTI5B0zh2aZ2y8O8Dmf15xaztPgIDLeLpaLjoSH9a+c0l4 +z91PC5Ecg3KRWJKtGjXCSpshwQmnfDP91wBr8CRZYfQiZZVvrVvpHinPIv8x2WIg +0YhOVEpUPpmU9ODZ700s5JgMmwKBgQDWHO8iygC0Rs23jUxtjHovFM0/o8Kcue0h +nkm/wwRx6/aaR8AmbiA/+4EE7V5jmBizspnbkM/Vax2Wj0rbYuDTyTxapoQWAnEA +QQfjyefcGs0Ztcbr2E5p9p2Ge4r1vcLqR8LQ8XQCthXFT/qF0+NlkUUiywCrVHU8 +b5uKbyvRcQKBgFK6emH9YejdY33QA0EuRL4Fno/TY7j/QmrI2H3z8WvVjnzWCusr +mSOre5KoUgORvFUHEFEWBwTy5PgE5LrgXnSaRRmNzSR06kWNzfSkycU7d/o3Cog+ +tpU7FfBlx0LVlzZFgJirMcAYGWlsLd+9wzXpaK7cl92AUHjh1rfVi9CjAoGAR984 +ipYCPIGT5mxg3lkMXqd96kHfPtrOdb17hgpBgLgzdEBniL7oxnF3Mp83UvkoOZHX +QbPPgBVPvk1lVFVRoOXpA4jnx7eUFQC/VEBfOywn8txo5JwcXkdxQ0ZPNAQ53Iiw +JZEXXx2eGziooKmqqFpmObKpC9ny7JGORZ7ht5ECgYAuMRXGP8cYxRAijzCV6/Hi +rjsAiBMI1swdgzHZhl89djcw5PvnAnGu2FmMxTXqnvl0IYk9ONxCaV2YLWB7TaEn +bfgFM5i0LGcxFUbNUADONcEmHJzd991kXyb9YCIMoOb30SPrIHNVGEUAZEB+RkGf +LpQ+1tBW3QZBjpr2/fK0mA== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Target.key new file mode 100644 index 0000000000..26966ed8f7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCx33l4aQZBT7LB +aoOZ2isLCuOhmQR/JFDOGpexskLMMoAbNPaOagagRqv7DxuptwFawyWCbADNHRNA +pHCIluCUee0qR6nS836sHRUo2Igym3osEAlBOovv+ZY2zScRAvZ2GJX+TdflNUFA +HwVGyGOhUkVDMFSDnnzrSKFmykohaSXYKRI59UsUlztC8sd+OM0sV1a5kurzFcMz +f/6SQabTtXL2hzFmv6JbC2btyPD+tzQs3AkW0lTBttEcbv9VKClEvbefQOqHiCNR +pCMlYSW2uds5ZAMSuheG9QJWB5T/8hzQA/ZgGV1WSMEOpyt5m4/0DdLrRLuFGGT2 +5EY7nGi1AgMBAAECggEADL4cvqKPfyhNfwu5Z9E4Wi8qhY4nw0//tfQzv9gsbuKD +SO+vZh50YREPCwpXCf6BS1ZFnqVMHWWi1nOxWCeu6RQfCHNf2Cv3fC8NMALrJuz6 +gKOZdiHSmpt/xmdGEDLtIyK5xCEhgVsiVIykXSDH+muhaKHSvCcjfduTLID7dI8s +Cp7+tv6dolQ90n8VLLVFNxYUPr8uWOsJ1bUXr52jztXuXRBGdFVnNTMPRBDoTaox +kYaol2s2ZbSAP1uwtTGnS3VuKldHYfbzXyYRR/VEBbAnHkjierc/pq1/J8A3qSkd +hvL/2PxVMx05x3Vy4aI+A18JcRYO+P2eLm/P7vKqNQKBgQC9T4fCGGVZFHFSX8uS +FmK1d5f73Yecd+hK7SD4Z8XonFVjWUVsTfalSxp+CztuJXtQ7x/f9bbZR1QjutV3 +z2JXP6TgDS5pZUTYvHRNfLR73k8hZVmIj3GuizypRSCicuVg8919ri6mqUmP8vFy +IA1vdJY1LyN/uKeVfGZTX57Z6wKBgQDwiHbtjGpXsdr7jK4Rz70fs7IIUQivJog2 +92ve7E5MuLmw5xrdU+YvW2P9KW1gB5vJTVEsj2ygj3Al1kn443u/T7QnIvp5NtsE +5JuADTDV9aIijI6br7yH2VxRJXAqzSFOpAOj71ugg4iobbRll98sBiTbEe02ZdhK +pmLGRSN/3wKBgGjh6A/z3iqFNedyZWFxf4yUTqLe8CQTFqJ0UADv1WjzPCeHrPu9 +Efov6uSMKofywihr4xf8lSo553bIKz5uqkg2XY04IE+KKKN/fVv0zDWYS/TvprQO +7OfMAnaxcswtpcGaOktINlZlkfjrmzMkaO0oBZQ/ooY/crFSM4rbfjGzAoGAE5ha +b/G/fBNuLo4AZE0TMDD4cPsBBRvTfv7bF9cSbeeioQnCw4MhPnxogehNE8Sq6VRW +J5YrmEz3Ku3xKsiFfUll+MY9t4BDiXuCO4VXlCalpcDjoUVIy5xmi+nL4IDDlN+B +uGo4gbQVfvso9hnQQYril8I3G/ZiD3rMkzBwuusCgYEAicSxfJCfk4cI9TFKOWdG +eQs1pTXH9xNkDppmM2jd9Sb+h90+Ttgx16q02FE3aDJ/E3c1uZ8a8x1Fb7ZQNXFn +j95v6LNL0F+obD9LKhiX3y9ZEzurJRwEaoECQQSaAJbMlf0lbNrqixrHBnUl62K8 +4f9jsIhvR8jkYL5e4Sh/II0= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/main.test new file mode 100644 index 0000000000..de6d06f351 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.5 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/ta-with-constraints.test new file mode 100644 index 0000000000..add5736f7b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-fail/ta-with-constraints.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/chain.pem new file mode 100644 index 0000000000..410612b16b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/chain.pem @@ -0,0 +1,276 @@ +[Created by: ./generate-chains.py] + +Certificate chain with inhibitAnyPolicy=1 on the root, and an intermediate +that uses anyPolicy. Should succeed since anyPolicy is still allowed for +intermediate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1f:68:8f:ee:fd:60:39:09:33:64:83:cf:6f:a4:7c:43:a0:48:dd:fb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:0d:42:e9:f2:fa:b9:8c:97:53:ed:60:ed:92: + 0f:08:11:8d:65:ea:98:d7:d4:84:8f:53:b6:58:60: + 72:d6:c2:1d:76:c0:6c:93:27:32:58:1a:88:23:93: + 5a:a0:d8:6e:f5:5a:2c:1e:ba:5f:4d:e3:30:93:4c: + bd:04:0f:7b:b9:4b:17:b0:0d:22:a0:ca:ff:f7:9e: + f6:ff:08:d3:9d:ab:52:03:a1:f8:5c:14:de:6e:8d: + cc:16:8e:5d:fa:2b:40:d6:fb:9b:fa:a0:c1:08:10: + 80:c2:ea:68:ec:a1:52:a8:0b:97:5f:e0:17:6a:bc: + 0b:1e:43:1f:f6:ee:4f:c2:75:a1:9e:76:88:9b:06: + b2:3f:5e:3f:f0:a1:e9:e8:2e:af:70:ed:17:a6:39: + e3:74:82:b7:ff:94:9a:47:9e:e7:7b:75:1c:4d:7d: + 83:a6:0b:df:e5:fd:af:12:3d:33:b5:a0:83:91:21: + d7:02:82:47:cb:b5:5a:f6:5e:0c:96:1c:36:a5:f3: + 8a:a7:31:c5:8f:c5:b5:11:a3:af:1f:af:ba:46:a3: + 89:98:73:96:91:ee:34:83:22:f5:a2:e5:5f:e9:9a: + 97:12:36:0e:f4:11:8d:a4:10:2e:81:12:3d:44:a0: + 33:80:ff:a0:5a:95:81:f8:9f:32:80:f0:d4:44:62: + 40:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 84:09:4F:4B:7E:C1:B5:A8:C6:F1:92:14:50:B2:A2:82:63:56:F2:EB + X509v3 Authority Key Identifier: + 44:9B:0F:5D:73:05:AB:7F:5A:A4:88:72:CE:78:3F:D4:5F:1B:F7:5B + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 5e:38:2c:b0:f6:9b:52:fd:b9:00:87:8b:cb:59:05:a7:bd:d8: + 63:06:2c:21:14:1a:55:30:37:9b:30:3f:33:00:00:7c:89:01: + 55:26:81:89:82:5c:cf:43:90:b7:a9:62:29:56:60:a6:ff:6f: + 8c:5f:fb:01:56:79:49:63:40:dd:06:16:99:e5:6d:d5:2d:fc: + 33:28:cc:85:87:e9:eb:0c:5b:ca:48:c3:72:4b:68:91:01:6a: + e5:25:80:0b:e4:c4:71:0d:c6:c8:72:b9:16:8f:1c:9c:1d:94: + 34:29:b0:68:89:a4:ef:a8:cf:b6:90:6b:65:82:72:06:af:86: + 26:10:c6:dd:43:48:18:3c:b1:2a:e4:2f:47:d4:41:e9:1a:70: + bd:fe:35:48:9a:f9:06:49:c2:7e:9a:b4:aa:0d:a3:10:8a:1e: + b3:fb:66:41:2e:2d:c8:1f:65:74:e2:cf:7b:f8:59:85:01:ec: + 78:84:ee:3b:d8:9f:db:5c:54:5e:0c:b2:9d:4d:af:0a:5b:5a: + 9b:52:f6:2f:30:10:9b:58:64:73:71:5a:c7:c8:0b:57:d0:4a: + 21:60:1c:02:51:a9:03:63:ea:b0:92:82:d8:20:73:30:84:a9: + 33:95:0f:9f:42:84:61:c1:89:17:d2:42:03:77:ef:9d:04:2d: + 92:13:95:aa +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUH2iP7v1gOQkzZIPPb6R8Q6BI3fswDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArg1C6fL6uYyXU+1g7ZIPCBGNZeqY19SEj1O2WGBy1sId +dsBskycyWBqII5NaoNhu9VosHrpfTeMwk0y9BA97uUsXsA0ioMr/9572/wjTnatS +A6H4XBTebo3MFo5d+itA1vub+qDBCBCAwupo7KFSqAuXX+AXarwLHkMf9u5PwnWh +nnaImwayP14/8KHp6C6vcO0XpjnjdIK3/5SaR57ne3UcTX2Dpgvf5f2vEj0ztaCD +kSHXAoJHy7Va9l4Mlhw2pfOKpzHFj8W1EaOvH6+6RqOJmHOWke40gyL1ouVf6ZqX +EjYO9BGNpBAugRI9RKAzgP+gWpWB+J8ygPDURGJAJQIDAQABo4H+MIH7MB0GA1Ud +DgQWBBSECU9LfsG1qMbxkhRQsqKCY1by6zAfBgNVHSMEGDAWgBREmw9dcwWrf1qk +iHLOeD/UXxv3WzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAF44LLD2m1L9uQCHi8tZBae92GMGLCEU +GlUwN5swPzMAAHyJAVUmgYmCXM9DkLepYilWYKb/b4xf+wFWeUljQN0GFpnlbdUt +/DMozIWH6esMW8pIw3JLaJEBauUlgAvkxHENxshyuRaPHJwdlDQpsGiJpO+oz7aQ +a2WCcgavhiYQxt1DSBg8sSrkL0fUQekacL3+NUia+QZJwn6atKoNoxCKHrP7ZkEu +LcgfZXTiz3v4WYUB7HiE7jvYn9tcVF4Msp1NrwpbWptS9i8wEJtYZHNxWsfIC1fQ +SiFgHAJRqQNj6rCSgtggczCEqTOVD59ChGHBiRfSQgN3750ELZITlao= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:09:64:da:50:cc:c6:d4:9d:ae:e5:e6:0a:57:94:4b:37:e5:92:ff + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:89:26:5d:b6:91:69:ea:ce:b4:ed:b5:36:0b:7c: + c3:7e:e4:68:84:e8:9e:bb:52:76:dc:a5:f2:9e:76: + 26:51:b7:d2:db:9f:5f:f1:ae:9f:72:f3:16:e4:f1: + aa:b7:f6:d6:c9:1e:da:ef:d2:d5:f7:a2:b0:f9:e2: + 7b:01:01:33:40:2b:03:85:de:10:e4:e9:ff:5e:d4: + c3:72:f8:ee:51:1b:aa:ff:1e:c1:1d:83:ff:d6:c5: + 54:8e:b8:60:73:b1:bf:6f:bf:3f:02:b9:fb:7a:bd: + c9:c4:71:d1:d7:de:b0:c0:3b:69:cf:dd:2b:9f:88: + 81:12:b0:3b:61:bc:3c:29:56:71:2d:04:c1:1f:9f: + 74:77:de:d5:a5:ac:00:e9:d5:fd:a8:e1:76:0b:e8: + 8f:f2:a8:64:a6:59:6f:33:42:e6:e8:15:64:10:b2: + 8d:db:51:23:73:01:0e:bf:d3:ad:17:65:cc:b2:c2: + a0:06:f6:ba:16:9a:80:0d:ac:3c:9c:15:73:0f:15: + 64:dd:f6:99:55:70:b5:91:78:08:93:79:57:fb:83: + 89:e3:cd:b4:5a:b0:56:eb:00:6b:cc:7c:c0:02:e4: + ae:0a:84:63:e2:5f:c0:f3:a9:a1:16:cb:bb:f1:ef: + 56:75:95:d9:b8:bc:55:7d:61:45:73:32:e5:a5:87: + 56:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 44:9B:0F:5D:73:05:AB:7F:5A:A4:88:72:CE:78:3F:D4:5F:1B:F7:5B + X509v3 Authority Key Identifier: + FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: X509v3 Any Policy + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + da:6c:b3:22:9a:bf:00:10:72:85:11:8b:3e:23:63:52:f4:a2: + 63:ee:85:73:02:c0:61:da:8e:92:5d:8c:43:f5:a9:02:32:9d: + f2:10:0f:5c:df:1c:22:fd:dd:cf:23:4b:9f:1a:f3:b5:07:ea: + 81:00:06:a7:58:d4:f7:b1:12:ca:3a:67:2b:82:84:ed:38:da: + e5:c6:bf:0c:d0:af:dc:7a:17:b1:c9:33:9a:81:96:2f:61:9e: + c8:58:cb:96:35:e3:84:60:93:8b:a6:da:56:b4:63:f1:55:c7: + 19:c0:28:7e:05:df:1b:36:0b:52:31:bd:d1:3e:e5:7d:f7:bf: + d4:47:fa:08:d3:92:de:33:33:00:84:8c:1f:b2:bb:45:63:a5: + fb:9d:6b:d2:ee:ea:0b:c1:58:ae:de:31:d3:de:0e:6f:8e:cb: + 05:7a:75:6d:38:c3:b6:a9:5b:08:3c:93:35:0f:94:ca:ea:bc: + b2:1e:a5:70:04:65:4e:4b:99:5e:e3:09:a7:b6:de:6a:f9:a1: + 48:37:ae:24:20:45:88:ea:78:81:25:8b:57:90:3e:8c:0f:8d: + ec:00:e3:3e:c7:43:d1:e3:ca:6a:81:5f:e1:c8:c7:7f:23:55: + e3:e2:8c:8a:b7:4d:9c:e9:47:93:2d:60:ca:6e:f8:7f:7d:46: + 3f:14:d1:d9 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUcAlk2lDMxtSdruXmCleUSzflkv8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAIkmXbaRaerOtO21Ngt8w37kaITonrtSdtyl8p52JlG30tuf +X/Gun3LzFuTxqrf21ske2u/S1feisPniewEBM0ArA4XeEOTp/17Uw3L47lEbqv8e +wR2D/9bFVI64YHOxv2+/PwK5+3q9ycRx0dfesMA7ac/dK5+IgRKwO2G8PClWcS0E +wR+fdHfe1aWsAOnV/ajhdgvoj/KoZKZZbzNC5ugVZBCyjdtRI3MBDr/TrRdlzLLC +oAb2uhaagA2sPJwVcw8VZN32mVVwtZF4CJN5V/uDiePNtFqwVusAa8x8wALkrgqE +Y+JfwPOpoRbLu/HvVnWV2bi8VX1hRXMy5aWHVrsCAwEAAaOB8jCB7zAdBgNVHQ4E +FgQURJsPXXMFq39apIhyzng/1F8b91swHwYDVR0jBBgwFoAU+wmaqhFluHxnpW7E +q3T+X1QKoqcwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdJAEB/wQFMAOAAQAwFAYDVR0gAQH/BAowCDAGBgRVHSAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQDabLMimr8AEHKFEYs+I2NS9KJj7oVzAsBh2o6SXYxD9akCMp3y +EA9c3xwi/d3PI0ufGvO1B+qBAAanWNT3sRLKOmcrgoTtONrlxr8M0K/cehexyTOa +gZYvYZ7IWMuWNeOEYJOLptpWtGPxVccZwCh+Bd8bNgtSMb3RPuV997/UR/oI05Le +MzMAhIwfsrtFY6X7nWvS7uoLwViu3jHT3g5vjssFenVtOMO2qVsIPJM1D5TK6ryy +HqVwBGVOS5le4wmntt5q+aFIN64kIEWI6niBJYtXkD6MD43sAOM+x0PR48pqgV/h +yMd/I1Xj4oyKt02c6UeTLWDKbvh/fUY/FNHZ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:09:64:da:50:cc:c6:d4:9d:ae:e5:e6:0a:57:94:4b:37:e5:92:fe + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:da:86:a0:3a:dc:6f:58:98:e5:86:57:9e:07:6c: + f1:8c:87:54:d3:9b:7b:2c:aa:95:29:d5:86:b0:16: + b2:78:62:12:a4:09:3e:1a:38:7c:1f:32:be:bd:59: + 55:58:3a:8a:2e:9b:28:54:09:0c:ec:d7:e8:e5:ee: + 94:62:7f:f0:b7:cb:d1:36:d9:fc:71:bb:f5:74:bf: + d0:58:8e:bd:fc:1d:0e:ae:08:58:cc:17:cd:21:69: + 1c:db:1f:7a:ee:6b:40:ed:4b:6d:8f:43:32:f8:14: + 58:ac:94:dc:97:cc:35:04:e5:6f:17:66:53:c8:21: + ae:0e:8b:a8:bd:3b:41:66:af:fa:f6:b2:af:0c:a0: + c8:17:ea:d7:5c:cc:84:9b:9a:5b:cc:23:73:f7:b6: + a8:d3:05:27:b7:2a:95:ac:c8:1f:dd:5e:52:e3:6a: + 38:73:31:f6:f3:3a:ca:7d:57:d1:ff:a6:59:4e:9a: + 29:68:be:b5:8b:9a:b1:2f:d1:41:c2:fd:f7:fb:aa: + bc:07:34:56:a9:ea:8b:b3:87:54:c7:8b:15:41:2a: + 56:aa:42:00:27:5d:2c:36:68:1e:d3:02:76:3e:00: + 1f:90:4a:a6:f5:d9:9e:b2:aa:10:85:ba:73:65:09: + d1:fb:51:58:9f:a9:f0:d0:1f:a0:7d:56:d6:e9:ed: + f3:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 + X509v3 Authority Key Identifier: + FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Inhibit Any Policy: critical + 1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 06:70:58:59:b1:7c:e9:8f:75:42:27:f0:eb:e9:bd:b9:c1:11: + 47:12:18:e7:a7:11:c7:fe:6c:08:c2:40:5a:d7:90:8d:53:12: + b4:01:93:69:87:ec:dc:40:69:2e:d1:b1:04:1d:36:d4:ae:6f: + bd:22:d7:8d:9e:cf:ff:c7:14:f2:36:43:e6:a3:0c:54:0c:52: + 3f:65:ff:8e:4c:34:1b:83:6b:12:01:09:87:cd:f0:1a:67:89: + e0:2d:24:a9:85:af:25:7a:3b:d0:2a:d0:a5:8e:ee:9c:cf:fa: + 81:8a:db:1a:33:74:2f:e8:b4:73:67:26:20:c4:86:75:ae:2a: + ef:f6:6b:f8:3c:3f:d8:a2:be:b3:82:70:74:8b:d4:b8:cb:6b: + 31:de:29:77:22:22:85:46:8a:3f:7a:f4:8a:8b:40:77:3b:92: + 7a:59:57:ab:4d:84:84:c9:19:35:a6:45:95:65:41:3c:f1:4e: + a1:d3:c0:bd:c2:d4:bb:fe:32:26:1c:fc:25:3c:87:3b:c4:29: + ce:1b:1b:dd:9c:3f:1c:bf:b6:5b:9e:d4:46:79:ea:94:70:0b: + fb:5a:d0:9c:2e:be:0e:a8:fd:38:fc:2a:65:31:5b:a4:1d:52: + e0:e0:9f:07:76:72:e7:41:e9:95:6f:04:42:9e:88:a6:3c:d6: + ad:7d:6a:48 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUcAlk2lDMxtSdruXmCleUSzflkv4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDahqA63G9YmOWGV54HbPGMh1TTm3ssqpUp1YawFrJ4YhKkCT4aOHwfMr69 +WVVYOooumyhUCQzs1+jl7pRif/C3y9E22fxxu/V0v9BYjr38HQ6uCFjMF80haRzb +H3rua0DtS22PQzL4FFislNyXzDUE5W8XZlPIIa4Oi6i9O0Fmr/r2sq8MoMgX6tdc +zISbmlvMI3P3tqjTBSe3KpWsyB/dXlLjajhzMfbzOsp9V9H/pllOmilovrWLmrEv +0UHC/ff7qrwHNFap6ouzh1THixVBKlaqQgAnXSw2aB7TAnY+AB+QSqb12Z6yqhCF +unNlCdH7UVifqfDQH6B9Vtbp7fOlAgMBAAGjgdowgdcwHQYDVR0OBBYEFPsJmqoR +Zbh8Z6VuxKt0/l9UCqKnMB8GA1UdIwQYMBaAFPsJmqoRZbh8Z6VuxKt0/l9UCqKn +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYB +Af8EAwIBATANBgkqhkiG9w0BAQsFAAOCAQEABnBYWbF86Y91Qifw6+m9ucERRxIY +56cRx/5sCMJAWteQjVMStAGTaYfs3EBpLtGxBB021K5vvSLXjZ7P/8cU8jZD5qMM +VAxSP2X/jkw0G4NrEgEJh83wGmeJ4C0kqYWvJXo70CrQpY7unM/6gYrbGjN0L+i0 +c2cmIMSGda4q7/Zr+Dw/2KK+s4JwdIvUuMtrMd4pdyIihUaKP3r0iotAdzuSellX +q02EhMkZNaZFlWVBPPFOodPAvcLUu/4yJhz8JTyHO8Qpzhsb3Zw/HL+2W57URnnq +lHAL+1rQnC6+Dqj9OPwqZTFbpB1S4OCfB3Zy50HplW8EQp6IpjzWrX1qSA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/generate-chains.py new file mode 100755 index 0000000000..13c4491cc1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/generate-chains.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with inhibitAnyPolicy=1 on the root, and an intermediate +that uses anyPolicy. Should succeed since anyPolicy is still allowed for +intermediate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('inhibitAnyPolicy', 'critical,1') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,anyPolicy') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Intermediate.key new file mode 100644 index 0000000000..52a1a47ef5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCJJl22kWnqzrTt +tTYLfMN+5GiE6J67UnbcpfKediZRt9Lbn1/xrp9y8xbk8aq39tbJHtrv0tX3orD5 +4nsBATNAKwOF3hDk6f9e1MNy+O5RG6r/HsEdg//WxVSOuGBzsb9vvz8Cuft6vcnE +cdHX3rDAO2nP3SufiIESsDthvDwpVnEtBMEfn3R33tWlrADp1f2o4XYL6I/yqGSm +WW8zQuboFWQQso3bUSNzAQ6/060XZcyywqAG9roWmoANrDycFXMPFWTd9plVcLWR +eAiTeVf7g4njzbRasFbrAGvMfMAC5K4KhGPiX8DzqaEWy7vx71Z1ldm4vFV9YUVz +MuWlh1a7AgMBAAECggEAAmHX4jJCZwwHbn2QSRYgsH/iejSEKqLIYmrA0mnLnphq +dtrHfYOCoiorbUyZTNq3vlnlLvc4NOCZjFhCZLES+nwEx/rPIPrDhG/To+1Do8Wu +7FbUvzYqEnPuVRBKH0L+HUBy0BGk7EExqPzadT0ZUC14ArPybFygSU/QUuaZxj9Y +neHO0ignvayePdOaFOLa/qju3M7YolvYm58wdpQiz8Q4e5zbREHQJglKJirRrnnp +YqAzgHExO7FPSeR2eOe5yEbsuGpCJOScLUAkMqBaiyZfQKSb45ukl1dcVao44FYy +262OICKc68DcYr2p7B7Y5Y5RJQ/KE5uPBdKalsqxWQKBgQC34TFAVUCLFCHyaSTn +/smlxYcY09IXRDGb1Ln3P/stTFQkHGxD3gdYe1ePpLYICyYMx0dh0NOXLgYgz49N +voQM9fMf5tIjt916FOCUyjavR51Va2lf2odIk2Y+bTCzVrCUlnvteFI+b4WiHPmN +Njf4HOT9BmT8AYII50YuOwFAXwKBgQC+8SzGvUHsgF46UaCuNeA3doW5tQrT3ahq +7zRAdGHf3JdKCWmy6aFCRKA7/GNR2Nc0935c4HKrqumcEUQOkTXwVH7su2bAUerZ +UOQwXxAroCC8YCKK4BGfZmGAuc1264fdXEBt8CVpGJ4BUHez14Eqh/HZA2Q2T8z0 +HwMJtj+XJQKBgFKWPyOw5qNQsIqK9PuJ8RGWbT4WbSbsBwgBfGDziKHoxWXOqkW1 +JEF2bHZkuSlVsIpOut3RCCe/kRsNfkShy/dyQ/dRGZLXUw8w70mEpRkGpkCmVJar +tNVA9swVCKmTxw2FpTWcM/w85J1SPDdTYcH7YFHQnGyfVMMg9OFwuPgrAoGBALyV +xvujAPFs96Px6xkk7QbacMkyHjeSvTygdKMUT3aikGn3UgX66eJhlUCpzg6QdD1E +E/H3XEpgy8nw457fnL55NcLqdFmOjr2EP1vnCDmONcbXzEYNeFpO7A4PdPb3OYFQ +E/KBNPHP9n6l0xQ0zMYM7ri/uMJLnsmdt4poDfZhAoGBAIlv4TnXfa3yNVLxe48/ +TYIDZgHgcqRadoNYKFOnD1fcP5DD3pjhsCgyeD8pHvtdlM4t76/27TmJa+lDvA/H +Vd27m3WXVsksFWl1adZUuf3zIooN/VHrWv3d9EcpD2MTKE10CWkD+1BY33mmr+/9 +rrjOH1px6DSUzKOb8Bu0C2mG +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Root.key new file mode 100644 index 0000000000..d8e59521fc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDahqA63G9YmOWG +V54HbPGMh1TTm3ssqpUp1YawFrJ4YhKkCT4aOHwfMr69WVVYOooumyhUCQzs1+jl +7pRif/C3y9E22fxxu/V0v9BYjr38HQ6uCFjMF80haRzbH3rua0DtS22PQzL4FFis +lNyXzDUE5W8XZlPIIa4Oi6i9O0Fmr/r2sq8MoMgX6tdczISbmlvMI3P3tqjTBSe3 +KpWsyB/dXlLjajhzMfbzOsp9V9H/pllOmilovrWLmrEv0UHC/ff7qrwHNFap6ouz +h1THixVBKlaqQgAnXSw2aB7TAnY+AB+QSqb12Z6yqhCFunNlCdH7UVifqfDQH6B9 +Vtbp7fOlAgMBAAECggEAHzTghudZ404aYP/8KlVNfWMKIxnuEifeG1ZJ4LWtEPH4 +dYJ4Yug0GYR2prWuMWZSu2se7DlKpjwDH2rdt99LcgPiQbIJkfhkiiKmTy87RFil +8wZwH906Rw4qt8QcGxYn9Hs0DyRqj/Df5O1xPyBDZgqZvb64MjlVEPCyzSs8ILy3 +RIoTy0LJ7mumEJtPhE8AzzfwDmYgJiIdy1Agxs0KiAa2dFp7MJ0lSjIIj5k+DSx2 +0hiwj6uZKDFJEhPwzNyjeBJX/kvXCEY5WvFpofSVMW8dSG5ZZvBPhN8uk9lLLviM +okDPa1uwb8Tf7FGtCxNDS1TwBmnbrSViQXKRftZWtQKBgQD0MNNnd5fUVEjCrNKf +ewxEA/vh4SQLsVy0PxFdqPzwJ8l2d7f/AbDsk8Vzdsx4foRjkIYJR5yx1SU7FuT1 +a2Np3lCClK596WCoP9e+5PkzJbwaVsiTDG8YEaOt7l6YcovRWNegHIC0You9Gyo6 +Eil9eK5rHP891vKLfhsTe4jHbwKBgQDlGA8/jvJTYsJRL5+8KYpCnHNp+pzUNst+ +IAzaRt59HhCKKtfZBSz1fjHWqpZ2892opTpR9Rbw7TxJHla0wV38W0kZdCspTfnN +GYIbxQW4eZKKka+XI7DgcNheicaasJLCuEx+re9BQbjadFboo15rQIRdRD/ov/qF +pIjYwXjMKwKBgQC8Nw4bSBDc9gIHG1JU3nD7095HolM4OALuY1YtTN149hHQoEJP +6avHDbc5Yi4ECfBdFb5aVLowT8ucme7sQ1Oi/Fot7A/6uPFpfZv7ZV220LUF0DJV +NVZDxQTWQU7kThX6zHGW1aFWaEaxAckwbWNRdL1rjjQmJBFa915DTAqHPQKBgF8w +mw1euQO60mDnd+i4HfHFjhMoBcgLqIwUhyKfNc0pE9hFKwDKrL6om87FfNWaSKzN +UqlBPDIJcPY0u/RJMGMuDvablV+JPdVh1vTw7YqUQTaAiEQ1mUX4vX6yoqod2i08 +ZNRyMyqbQ1LJ6l6pmw7XdOhH9oIgWtjy38WoxieXAoGAfP6QfesstCiK+SY9ytzs +vfwCft8cQDWb+KNFYaEf+9W6Mdya31WSZzT59oThi6qucEdAhKT6Bz1qa9sPzW4e +0s4NJMIGFYnhXv78Aumdxy5LHzzu5D8s1Zo6aLJHdf0BYGM0isFgSSjIxsekCbhM +rlijHJqUWicASjaMA+BkrGU= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Target.key new file mode 100644 index 0000000000..0cbb30af10 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuDULp8vq5jJdT +7WDtkg8IEY1l6pjX1ISPU7ZYYHLWwh12wGyTJzJYGogjk1qg2G71Wiweul9N4zCT +TL0ED3u5SxewDSKgyv/3nvb/CNOdq1IDofhcFN5ujcwWjl36K0DW+5v6oMEIEIDC +6mjsoVKoC5df4BdqvAseQx/27k/CdaGedoibBrI/Xj/woenoLq9w7RemOeN0grf/ +lJpHnud7dRxNfYOmC9/l/a8SPTO1oIORIdcCgkfLtVr2XgyWHDal84qnMcWPxbUR +o68fr7pGo4mYc5aR7jSDIvWi5V/pmpcSNg70EY2kEC6BEj1EoDOA/6BalYH4nzKA +8NREYkAlAgMBAAECggEASDOLHwajOKaYPgIac+Ljpmq1l+ImLl5j8Rr+aRH1gZ47 +37+6Kp8XdNHoyK0/arrt6IzUAZk5oNNOmsQ6Ir2Tiw2aEXeZdk9PuLZyauCL/HuN +xaECqJwlm4Hp+C9tz7Hyr1vn3COkf8Zsy663APZ5FendDTImNKo2CIM69tHsN1Oq +qRW0pIiEEtdF1rjfzcBdyjPhewqeMxqwwcyJVXtXnx1kwzL/WFuU8GKbYmyrajzJ +MjvKXuH61GlPhSOCx+7rI0siLOOVdCutvthl5PADuursxknsdq+F9VZV91APCawz +vG3MvNzmIfxdzUorFY1dPYyCCapXqan8RqKPP7Uw/wKBgQDU9bfN7O9MvCADNobS +DmiDO7lUcHdkR92HQ0PJwgsBjiVpLBe68kvwWFQp8Bj4Ao8YEtQvBxMBtpHxAIke +oLUX+fx+3bCiFF5LCxeV79UUh3Zld/bJlCUWu220KuQiRRu+lNJgUuxWOdxfYzrk +I03JlmcdU5R2j1iArDs8iBSI/wKBgQDROn09jo8Xs4cARM7WrttqcL7VCm8M/RMQ +C+ou+4zHQhBXph15iOkMwj4+1auNu043vsJNI+EyUFQoo5CTjBUxAOh9D9yUEm7W +/gwts8Kquo0ooqddiZA3VTrIXgUbjr3DMEcgDvCUIB+OaPh1IfBu1SSMLbKFw3+U +dbtjvrDy2wKBgFjBeDOZFjsTBPyR0yrk2mYnlBw/K2NeGFPxkuUZvGCPj8P/nnxJ +06B+D8XSzXVAC8dqwYhAGInUP4sEQCHFtPQjOjrdxmomtw3rt47EADioJI4xq2dk +GPkacKRwY9hsmR2bBPskVF+ziccvojHHDPqBdsRgOzYWlDo8jguyY2ydAoGBAK3+ +GdBrEQwAu6+5iNh3KPhnMgswVhFTE9swTVsszXGWusho1/INrOBzWBgg0D1ZGj65 +YBOOVuPkcVgqTTymLalGvA/kdOaePZaERdRrvOMFqAW23b+nekrJkcy2g0Dbf2sm +Zr9+LQrBe/yNxrCBvNQuY+o+xkr+vMXU8jSMi9IpAoGALoL0HzZ2jvi5nsflRpsI +NkMfNOchQ9HSBoS3bCk9OpPXN/AU4ORRA+nYV1Byt6RFRC6avsev/hVqYQuL9R/c +xtqOiokW00uTIFV17i130P5nE6Eh/aw4vOAf08QQVV2LZbsOzfWCAGcR4+Mg8lnJ +0laOOXrAnwxZItjpTM0VD+M= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/main.test new file mode 100644 index 0000000000..de6d06f351 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.5 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/ta-with-constraints.test new file mode 100644 index 0000000000..8f00922795 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-anypolicy-by-root-ok/ta-with-constraints.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.5 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/chain.pem new file mode 100644 index 0000000000..7d3a7a7a25 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/chain.pem @@ -0,0 +1,279 @@ +[Created by: ./generate-chains.py] + +Certificate chain with inhibitPolicyMapping=0 on the root, and an +intermediate that uses policy mappings. Should fail if the policyConstraints on +the root are enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:76:f9:f2:35:f7:48:df:97:9c:e1:ca:67:ce:c0:01:f9:fb:00:81 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:f0:76:27:78:8b:e7:3d:f6:6c:ce:3e:88:0b: + 6a:fb:6d:7e:b0:d8:0b:45:91:ce:e5:d3:3f:70:3b: + 0e:f7:c1:92:d6:a5:9d:53:5a:91:93:f5:53:c3:8b: + 92:b5:f9:14:56:be:b7:81:c9:45:6f:a5:75:bf:5a: + e1:48:ba:03:eb:73:d6:50:27:de:f7:95:81:64:12: + 54:53:3c:75:da:39:8d:47:2a:f4:00:fb:22:bd:96: + c6:5f:10:85:b4:80:8b:f3:05:f4:6e:5d:a7:4a:6a: + b7:c8:10:73:e0:d5:7d:20:18:86:79:64:41:1b:76: + da:5f:10:ea:f2:b1:f5:f2:dc:81:66:9e:0e:ae:4d: + 01:bd:ac:76:96:d4:39:67:39:09:59:5e:71:7a:23: + 6d:8f:e1:23:92:48:ca:43:94:3f:7f:f3:a0:fb:60: + 2b:09:3c:e0:23:52:29:71:29:d3:c7:ba:31:28:61: + dd:d5:56:d8:b4:e8:c0:4a:b7:be:e9:39:c1:18:5e: + 61:8f:b4:6b:9b:30:c1:f7:a0:c9:fb:9d:ce:50:6d: + 57:39:9c:77:40:b8:eb:0a:63:76:eb:ca:d3:9c:b8: + b1:e5:46:9f:14:40:17:a2:98:3a:59:42:77:d6:b7: + e5:d9:78:cb:42:47:9b:dd:d2:05:ca:ef:24:78:66: + 99:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 12:B8:54:52:BE:E6:8E:00:AF:96:42:DB:BB:3E:B0:86:0F:D6:4D:08 + X509v3 Authority Key Identifier: + 7C:76:D4:23:43:F9:F8:0B:19:60:61:1F:7B:E9:3C:20:0A:0C:43:DC + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 8a:21:24:c8:76:6f:95:f9:3c:76:f0:be:90:20:74:dd:ef:6f: + 23:2b:c0:a8:71:64:47:7a:a2:e5:57:c7:3c:9b:4d:e5:56:0f: + a6:ab:17:0c:1f:7b:c7:b9:92:86:01:ef:79:8c:cd:71:72:ff: + 7c:e0:8e:b2:13:bf:70:56:4e:5d:e3:26:22:39:62:5c:a5:d6: + ef:a4:de:fa:b6:2c:0f:53:f9:d1:50:98:04:05:83:80:04:af: + d5:8c:9d:e5:85:5a:ba:f9:ca:29:0b:a4:90:3f:c6:74:e2:e5: + 89:dd:23:1b:f1:83:32:0c:e4:d1:10:e2:c1:0e:3d:b7:66:cb: + aa:a5:76:aa:9b:68:21:c6:6c:75:b1:37:4f:98:85:6e:23:56: + 09:58:d1:bf:ea:ff:ba:d0:82:43:2e:3a:7d:85:c3:17:5a:05: + 79:cb:dc:6e:62:c6:64:b5:2b:84:0b:bb:eb:e7:2b:92:14:7b: + 46:f2:2f:74:21:7b:8b:4d:3f:aa:46:b2:cd:57:ae:14:0a:a9: + a2:c3:7c:c2:1f:6e:33:76:df:8a:38:dc:07:7c:de:4d:82:3f: + 3f:2a:74:7f:49:65:63:8f:d0:13:fd:db:bf:1f:17:27:1a:3b: + 8d:5d:57:6a:26:91:b1:af:6d:42:8d:e8:8c:33:31:3d:ef:96: + 5a:28:f9:44 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUC3b58jX3SN+XnOHKZ87AAfn7AIEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAq/B2J3iL5z32bM4+iAtq+21+sNgLRZHO5dM/cDsO98GS +1qWdU1qRk/VTw4uStfkUVr63gclFb6V1v1rhSLoD63PWUCfe95WBZBJUUzx12jmN +Ryr0APsivZbGXxCFtICL8wX0bl2nSmq3yBBz4NV9IBiGeWRBG3baXxDq8rH18tyB +Zp4Ork0Bvax2ltQ5ZzkJWV5xeiNtj+EjkkjKQ5Q/f/Og+2ArCTzgI1IpcSnTx7ox +KGHd1VbYtOjASre+6TnBGF5hj7RrmzDB96DJ+53OUG1XOZx3QLjrCmN268rTnLix +5UafFEAXopg6WUJ31rfl2XjLQkeb3dIFyu8keGaZ+wIDAQABo4H+MIH7MB0GA1Ud +DgQWBBQSuFRSvuaOAK+WQtu7PrCGD9ZNCDAfBgNVHSMEGDAWgBR8dtQjQ/n4Cxlg +YR976TwgCgxD3DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAIohJMh2b5X5PHbwvpAgdN3vbyMrwKhx +ZEd6ouVXxzybTeVWD6arFwwfe8e5koYB73mMzXFy/3zgjrITv3BWTl3jJiI5Ylyl +1u+k3vq2LA9T+dFQmAQFg4AEr9WMneWFWrr5yikLpJA/xnTi5YndIxvxgzIM5NEQ +4sEOPbdmy6qldqqbaCHGbHWxN0+YhW4jVglY0b/q/7rQgkMuOn2FwxdaBXnL3G5i +xmS1K4QLu+vnK5IUe0byL3Qhe4tNP6pGss1XrhQKqaLDfMIfbjN234o43Ad83k2C +Pz8qdH9JZWOP0BP9278fFycaO41dV2omkbGvbUKN6IwzMT3vlloo+UQ= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0f:95:30:fc:3e:17:6a:62:ed:40:f3:c7:a6:75:62:19:01:11:d6:c3 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:4a:5c:fd:3a:bc:0a:ca:ac:d4:f4:32:8a:03: + 0b:e2:23:d7:6c:51:ef:77:db:00:49:ea:ae:5c:80: + 14:57:78:fb:d2:90:ed:56:07:6c:79:8f:d7:7f:2d: + e5:bc:f9:52:33:f7:b4:6f:55:49:68:10:cb:f2:50: + 27:86:b7:2e:a3:a0:78:f9:03:99:e2:dc:dd:52:3b: + 0d:6c:9d:b6:a0:c6:17:13:cb:9d:d1:1d:f9:f5:67: + 64:89:42:af:4f:26:76:bf:26:23:5c:5e:90:8f:23: + 97:4e:82:bf:10:cb:80:74:29:a1:07:b4:55:f8:75: + db:32:5d:fe:f6:ce:02:fb:16:a0:40:d8:40:85:ad: + 1b:17:33:e1:4f:91:fd:80:43:89:5d:37:b6:fd:ae: + fa:e9:d6:04:5d:9a:d7:66:b4:74:c9:7f:ad:21:1a: + 04:be:1b:5e:dc:7f:f6:e0:fe:9b:f7:44:60:2c:81: + 82:13:e7:09:2c:78:16:42:35:22:16:1b:31:90:5d: + a4:7b:cf:9a:50:3d:64:c9:f8:40:85:1d:49:4c:93: + 06:22:00:2f:3a:83:ee:fb:e8:ea:6d:cc:42:62:09: + 99:72:6c:92:e7:a0:11:9d:4a:a1:3f:35:f6:bb:70: + 34:c1:88:8b:2d:a4:7d:6e:d9:67:75:64:3b:98:f0: + 27:4b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7C:76:D4:23:43:F9:F8:0B:19:60:61:1F:7B:E9:3C:20:0A:0C:43:DC + X509v3 Authority Key Identifier: + 4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Mappings: critical + 1.2.3.4:1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + c3:ed:96:d8:4c:4e:77:b3:6a:52:a7:93:d9:6a:02:b3:38:3e: + 61:3f:dc:ad:bd:8c:2c:16:d8:4e:ec:2f:d7:de:06:d1:01:8a: + a2:ac:eb:83:f4:30:62:5f:ef:c2:48:51:f9:60:bf:73:c4:2f: + 1a:9d:91:c8:fa:7a:5f:7c:b2:c2:72:b2:b8:f2:62:48:53:3d: + be:f2:1c:0e:1a:59:d0:fc:2e:38:99:40:7d:72:90:e1:58:35: + 97:35:0a:65:18:3d:e3:12:a9:e7:43:2a:aa:47:05:76:e3:e0: + 4e:6d:87:a4:95:65:04:52:33:e0:ef:53:5c:42:71:2b:06:15: + 09:b2:cf:0c:9b:57:6e:2c:95:1d:b5:e4:cd:f0:68:83:14:ed: + f4:27:39:81:1e:45:fc:a0:d7:c5:22:e4:42:53:a4:3d:9e:0f: + 8b:76:39:8c:c1:db:25:b9:b5:6e:40:44:24:71:44:db:16:e8: + 02:c6:56:e1:81:5f:2e:43:7e:31:9e:6d:e2:ff:ca:66:6f:7c: + e3:36:34:fc:dc:63:cd:b5:db:39:7f:0a:6b:30:77:ed:6a:16: + 0d:8f:ff:27:1d:cd:d1:d7:6a:30:0e:18:18:34:96:b8:aa:e7: + 73:21:27:37:41:b7:5c:2a:e1:4d:9e:fa:46:2a:57:81:ab:f9: + a8:cd:14:52 +-----BEGIN CERTIFICATE----- +MIIDwjCCAqqgAwIBAgIUD5Uw/D4XamLtQPPHpnViGQER1sMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJdKXP06vArKrNT0MooDC+Ij12xR73fbAEnqrlyAFFd4+9KQ +7VYHbHmP138t5bz5UjP3tG9VSWgQy/JQJ4a3LqOgePkDmeLc3VI7DWydtqDGFxPL +ndEd+fVnZIlCr08mdr8mI1xekI8jl06CvxDLgHQpoQe0Vfh12zJd/vbOAvsWoEDY +QIWtGxcz4U+R/YBDiV03tv2u+unWBF2a12a0dMl/rSEaBL4bXtx/9uD+m/dEYCyB +ghPnCSx4FkI1IhYbMZBdpHvPmlA9ZMn4QIUdSUyTBiIALzqD7vvo6m3MQmIJmXJs +kuegEZ1KoT819rtwNMGIiy2kfW7ZZ3VkO5jwJ0sCAwEAAaOCAQwwggEIMB0GA1Ud +DgQWBBR8dtQjQ/n4CxlgYR976TwgCgxD3DAfBgNVHSMEGDAWgBRM8VCduElr1uaW +mRECNB/7fVH40TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDwYDVR0kAQH/BAUwA4ABADATBgNVHSABAf8ECTAHMAUGAyoDBDAYBgNVHSEB +Af8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3DQEBCwUAA4IBAQDD7ZbYTE53s2pS +p5PZagKzOD5hP9ytvYwsFthO7C/X3gbRAYqirOuD9DBiX+/CSFH5YL9zxC8anZHI ++npffLLCcrK48mJIUz2+8hwOGlnQ/C44mUB9cpDhWDWXNQplGD3jEqnnQyqqRwV2 +4+BObYeklWUEUjPg71NcQnErBhUJss8Mm1duLJUdteTN8GiDFO30JzmBHkX8oNfF +IuRCU6Q9ng+LdjmMwdslubVuQEQkcUTbFugCxlbhgV8uQ34xnm3i/8pmb3zjNjT8 +3GPNtds5fwprMHftahYNj/8nHc3R12owDhgYNJa4qudzISc3QbdcKuFNnvpGKleB +q/mozRRS +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0f:95:30:fc:3e:17:6a:62:ed:40:f3:c7:a6:75:62:19:01:11:d6:c2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ce:ca:2d:79:43:c4:eb:2a:86:64:22:6d:de:81: + 34:8b:20:fc:0f:d5:60:89:76:9f:af:4f:95:c7:fe: + 45:0f:fe:ab:93:a9:9d:02:08:f8:b1:ac:e2:d6:d0: + 1a:ac:73:7b:a1:bf:cc:21:b5:96:52:94:97:b7:47: + 16:eb:26:1f:7a:bd:72:2e:18:74:b6:39:67:26:b2: + bc:fa:06:17:72:f0:fd:62:48:cd:e2:0f:96:ad:f2: + 02:d1:28:d9:67:2f:3f:0f:99:92:fe:12:3e:71:bc: + 59:f6:3d:82:60:cd:65:b2:07:84:84:f2:2d:75:3c: + dd:07:00:43:89:ef:f4:97:01:b7:2b:a5:1b:1b:dd: + 03:81:ba:b6:22:c6:ba:3b:67:82:5d:c9:27:3a:e0: + ea:82:90:b0:d3:25:e0:a0:79:22:d6:ed:2c:76:3e: + 4b:b0:04:78:99:ae:6d:1c:c7:de:af:b2:34:46:86: + ff:f0:d4:35:2c:32:fe:ea:c5:19:45:73:a7:df:29: + 8b:15:92:ca:6f:5e:2e:15:f4:bd:ad:64:36:94:c8: + 8e:f7:32:e2:ef:60:df:fa:ac:d0:ff:3d:ba:36:8e: + ff:28:a5:bc:6a:2b:54:c3:d6:a6:6d:47:a4:48:2a: + b8:55:65:b3:7f:13:c4:58:86:fd:c1:f3:58:4f:51: + dc:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1 + X509v3 Authority Key Identifier: + 4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Inhibit Policy Mapping:0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + b9:d6:0f:a0:e7:d9:ed:fb:ba:ab:bf:ea:c8:68:04:58:9a:8a: + cc:8f:e5:3d:28:c1:f8:68:ad:26:cb:72:dc:5d:a3:b5:3d:50: + 1d:44:2c:72:5a:3a:c2:8a:fe:11:63:0b:d2:0d:f8:ea:df:d5: + ef:35:78:e7:0c:40:ef:a7:d4:a6:37:c7:2f:ba:d6:20:57:24: + b1:5e:b1:20:81:7d:b2:47:9a:31:86:39:e2:51:b3:dc:a6:47: + 14:f9:82:25:45:fc:9e:7b:38:de:02:db:d9:3b:fb:79:5b:f9: + 5a:40:f9:6e:f6:6b:8a:77:14:36:7e:53:90:6f:ec:40:c1:ec: + b5:f2:84:24:70:3a:30:95:8c:92:c5:a3:33:50:44:a8:04:ca: + bb:bf:1b:e6:ca:6b:7e:3a:29:54:c7:ba:d7:8f:b0:41:e6:d7: + be:c0:c7:d3:1f:a3:6f:d4:c2:29:ac:04:f6:be:46:1d:d2:ce: + 25:8f:41:d0:d8:a8:9f:40:e3:93:63:b7:d0:f5:8a:53:37:02: + f2:02:d1:f3:8d:52:8a:35:41:e7:96:3f:07:3a:d9:01:cb:19: + 1e:ab:9b:93:b0:10:e1:35:aa:56:eb:36:40:7a:b4:f3:54:60: + 09:b4:d0:ed:a5:b6:63:ea:8c:b8:35:22:83:d4:a8:33:a6:98: + 5f:14:5e:77 +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIUD5Uw/D4XamLtQPPHpnViGQER1sIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDOyi15Q8TrKoZkIm3egTSLIPwP1WCJdp+vT5XH/kUP/quTqZ0CCPixrOLW +0Bqsc3uhv8whtZZSlJe3RxbrJh96vXIuGHS2OWcmsrz6Bhdy8P1iSM3iD5at8gLR +KNlnLz8PmZL+Ej5xvFn2PYJgzWWyB4SE8i11PN0HAEOJ7/SXAbcrpRsb3QOBurYi +xro7Z4JdySc64OqCkLDTJeCgeSLW7Sx2PkuwBHiZrm0cx96vsjRGhv/w1DUsMv7q +xRlFc6ffKYsVkspvXi4V9L2tZDaUyI73MuLvYN/6rND/Pbo2jv8opbxqK1TD1qZt +R6RIKrhVZbN/E8RYhv3B81hPUdwvAgMBAAGjgdwwgdkwHQYDVR0OBBYEFEzxUJ24 +SWvW5paZEQI0H/t9UfjRMB8GA1UdIwQYMBaAFEzxUJ24SWvW5paZEQI0H/t9UfjR +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB +Af8EBTADgQEAMA0GCSqGSIb3DQEBCwUAA4IBAQC51g+g59nt+7qrv+rIaARYmorM +j+U9KMH4aK0my3LcXaO1PVAdRCxyWjrCiv4RYwvSDfjq39XvNXjnDEDvp9SmN8cv +utYgVySxXrEggX2yR5oxhjniUbPcpkcU+YIlRfyeezjeAtvZO/t5W/laQPlu9muK +dxQ2flOQb+xAwey18oQkcDowlYySxaMzUESoBMq7vxvmymt+OilUx7rXj7BB5te+ +wMfTH6Nv1MIprAT2vkYd0s4lj0HQ2KifQOOTY7fQ9YpTNwLyAtHzjVKKNUHnlj8H +OtkByxkeq5uTsBDhNapW6zZAerTzVGAJtNDtpbZj6oy4NSKD1KgzpphfFF53 +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/generate-chains.py new file mode 100755 index 0000000000..3c5f50185c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/generate-chains.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with inhibitPolicyMapping=0 on the root, and an +intermediate that uses policy mappings. Should fail if the policyConstraints on +the root are enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('policyConstraints', + 'critical,inhibitPolicyMapping:0') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') + +intermediate.get_extensions().set_property('policyMappings', + 'critical,@policy_mappings') +policy_mappings = intermediate.config.get_section('policy_mappings') +policy_mappings.set_property('1.2.3.4', '1.2.3.5') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Intermediate.key new file mode 100644 index 0000000000..6a3bd6fa60 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCXSlz9OrwKyqzU +9DKKAwviI9dsUe932wBJ6q5cgBRXePvSkO1WB2x5j9d/LeW8+VIz97RvVUloEMvy +UCeGty6joHj5A5ni3N1SOw1snbagxhcTy53RHfn1Z2SJQq9PJna/JiNcXpCPI5dO +gr8Qy4B0KaEHtFX4ddsyXf72zgL7FqBA2ECFrRsXM+FPkf2AQ4ldN7b9rvrp1gRd +mtdmtHTJf60hGgS+G17cf/bg/pv3RGAsgYIT5wkseBZCNSIWGzGQXaR7z5pQPWTJ ++ECFHUlMkwYiAC86g+776OptzEJiCZlybJLnoBGdSqE/Nfa7cDTBiIstpH1u2Wd1 +ZDuY8CdLAgMBAAECggEAPO/R5plqtjoORTQayyYQ+kQPd+zEtJT8V8lz84QPLXBo +ldaUEeupkIkUdoBpIaWWq6HhBlrm10i0rOQGF6fe3D89mqcNq6fkaUOp047uyXEg +SHPiHCGj1WmQwAyhChNnDvTwlzrrpQvj3Nai2MPu+FrwJmdHnWzzHiVoFcbCwpkq +rD55JaON/rHPfneAGJockJZ2SY03lqdtyJxEbhJlXWb3NccMUIrvZRrYjy7ZOv7x +3hP6xqisku3CQf2QK7EbIEGwP2cWpLEbKcr3OPV/piP+T0l4Rzd1mtWEdUXEmVtK +HCAV7E/t7SItIhNNHPjIr5UAq03Anm6HNm+4cDzkIQKBgQC6cEUazd5NugSMFV+r +nvXpTehZ8XoGl2LfCC7Sa9X5gIwmpozRtmZh4JFHc6JplY/E2/cZnNp00fTFpoxm +k5pBdUD6gMJqd2/V3Fssv19Z8k2U7pB6zMTr60wLxM2j0CL3DyVC3J8h37rzDKKw +lUt4yA04wU2oXIou0fhAMDaukQKBgQDPvOpWwpNYzOsTeMJFxqGqx3JxTovlb9C8 +2KVkkhBOWJdPYu8rGd56KB/HuHe+uVXoBrD6jPPlSa7+QSOYhEQaiojwJTStUB7q +tjKSpy0jCYJZ9iz++JsNogi/j3oOxoEcQmtrCd7TeFDm+jI5PPvDY9fvpTbbx+KR +R3IpNCreGwKBgEOhCCBB/1rYmF+sPSkHH5MC1L8Trj0H2zCmSj3AKj04WR6IGdrU +vGzSxkBR/N8qBp3VYNwknsXzh0PPN2zaLAGEpA56eIugSawdI+GmhdMd5vCYXUZ+ +Uwx1LP+z4xiCHrzZ/J01ZHAoNSuHMNi3P0pP3yPwUtg4wVNcjR3Tn3JRAoGAEtGp +ZPyxfnzp2tS4vLt2z9LLokocUEel4EW8DfVRdtd9tZpf0kbAqc5SurQSXPvLNX7N +r5TvT1kyeiQKhnmM9d6Q8zhboku80UR6JmDwrNjiryWnA94fpceFBV2JECeZcKbv +tj2pqvyeT55gyGCm6hd0a2hLJPPhqYmQZP0t2PsCgYA1tFRNTbj6Nk35i7j5T39D +2aEUHrWMlBLM0fZ0u//y4ErWgMStFHLpxH2EnVD45/R2uj+IjTi1BHFdsfOGKTcF +USQKKwuiQVZFZbrptHupfwLKLwEFJgGwrsKbJ8BKFYra0Wg4qEo+KjHMyCrRl4sd +/pKBBM1ePhun0EtH0B5zvg== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Root.key new file mode 100644 index 0000000000..99c39744e0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOyi15Q8TrKoZk +Im3egTSLIPwP1WCJdp+vT5XH/kUP/quTqZ0CCPixrOLW0Bqsc3uhv8whtZZSlJe3 +RxbrJh96vXIuGHS2OWcmsrz6Bhdy8P1iSM3iD5at8gLRKNlnLz8PmZL+Ej5xvFn2 +PYJgzWWyB4SE8i11PN0HAEOJ7/SXAbcrpRsb3QOBurYixro7Z4JdySc64OqCkLDT +JeCgeSLW7Sx2PkuwBHiZrm0cx96vsjRGhv/w1DUsMv7qxRlFc6ffKYsVkspvXi4V +9L2tZDaUyI73MuLvYN/6rND/Pbo2jv8opbxqK1TD1qZtR6RIKrhVZbN/E8RYhv3B +81hPUdwvAgMBAAECggEAOMRpvVtsSH6RDBYjgSyJBxST/ai+6p2k8pRvcsqLnPt1 +kIDEeFWMKAJk90GDwQmmy92CJVLbJGpkR8z9Lqp1g9VT7fGKwKd7eLUiiaR4dXZQ +qNWBp2hOHgxM16xWGixvLFIldxf9Cm4BaEa0buyT2U6VA4YUEpYVuyFIaSp1Q6qX +kc68+yoTNDTDeOaYfzSOg5Vnzk4Av/KdfneFkAEHKS9cFB6s9q1O3uecCYmwfi39 +rZZ3wAV2xSqUZ282zoKS6Xfb9cg9T5N2xXx+avKURuLv/mbacgQYN0Z+8xrh2lx5 +UpDz45Qcx6FdTc46jONxeix1Dg+ZtL+sNRUIH3PmkQKBgQDmo7eFEPszdN8juw+l +gxkPx2AWc+gHSwmwMMLqr54W4CLpZpwLD5oC9VLv8NttimsbMisqa8VuJTZCiFta +AfESICSwWYP5kpoB50a/4sES4ssEx6f16fnz6u6HrygPX3A+I8GbMnGlMTd8100v +iOlVa6elahpa21rqi5Q5jthR1wKBgQDlhxzUnDvktQyGf/1MC+OISQhM7cOcthPw +EfkJf6rHSktun92oo1feRG461RJVki6jx2PiECV9jWDcDwjbK96oL9FztH/PSRjy +LyyFHti1roBLfIaLn4bK4zzwQdCkNLr0M5LcCpNccth3BPzw7MLMB9agNbiLOMQv +8eWHC8ataQKBgGa+agO6Q91xY/Ib4+V8mE6CJ9j4u1V8ZQ17O2mm4EsagBLvpfX7 +dkV5GgBPkMCkmAAegkI8jk/5/cj3y5I2KTlE3nM8/WDRoQ/WApt6nT4XkA9KDhWr +rLCvaKFDMxpeDrdv4FCN0TigyzIvC3Bwkll+QsmakbEF5ON1WIunidAzAoGBAM9r +AgrABP/w/JivIN+P/tYx6WZbluIPSIUyOLL0xAfEg9Y8cbrroYQiotpXonHh4HPw +w7qOjNKg6F701zP4uQWT8Nt2yekwTXLOXpUOAxhr0VRl+9BBITZHk9IqJ7m8TRZR +ZO2kQPbScftcbpfp3T8z9ihhY5useN464wjfA3PBAoGAN192op7AonONsIHmemLQ +NxeQZM6Q6aSlAlr13eD2SA9MaqiI/7ZGaH+mGettF4qpL41pIsL2V38BPNbKVdA3 +pNhZTnayyr/5jZNxoE3Y5HPsWA88rWjGpZx56WaN0IdKxEuEmZSWmktNsQLUYqep +ZT/A8b4jHRGMvBMUt8/Exkc= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Target.key new file mode 100644 index 0000000000..911b521cdb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCr8HYneIvnPfZs +zj6IC2r7bX6w2AtFkc7l0z9wOw73wZLWpZ1TWpGT9VPDi5K1+RRWvreByUVvpXW/ +WuFIugPrc9ZQJ973lYFkElRTPHXaOY1HKvQA+yK9lsZfEIW0gIvzBfRuXadKarfI +EHPg1X0gGIZ5ZEEbdtpfEOrysfXy3IFmng6uTQG9rHaW1DlnOQlZXnF6I22P4SOS +SMpDlD9/86D7YCsJPOAjUilxKdPHujEoYd3VVti06MBKt77pOcEYXmGPtGubMMH3 +oMn7nc5QbVc5nHdAuOsKY3brytOcuLHlRp8UQBeimDpZQnfWt+XZeMtCR5vd0gXK +7yR4Zpn7AgMBAAECgf9zyeIuTDMeU885dt4/Jj4YraQ9c6bwZg2761QApvg6R1UC +BOxUaRAG+mKhs8MZL3DpYFMBFCOupb6l68D+bEad4v4KMALEUlDQrSDpU2ej9LeW +AopPuGms3Q/tW5l79RV9YIU7Z3AORwMWhMq30dpxwt8y4LdeLd9Hv7Z5U8WA+eKD +jRwP0Kt7jIKt+y/rZtQn6herB4bJsmY/+l4U9ub4QeE3xzIA6i/tYB3baBYi6yax +ztBrkvzQ0NRnZuf7kCkFL/uDxTdjLz58C4z31rb+P0A57hUjLMpwAa8Iy/DZxk6b +/4+XQfatrJdUtijZ6GuQij41FztV2CXrVyxL1AECgYEA5PERUbBAQJqDYUvhvOgs +nZ+dN/XKsomdjmyGk5JIdWFAkdkXcm/Y767irpGZnHbAP885xRGhf/SoEyRpgTgS +hZ57GuGU3nRD2B+nSDWWfSKD2/6JBsSPpZRcgqLVzxfnHwqnd7ar1ghy/5DbGJle +jtWltmbRUTEBjx9C/HMSePsCgYEAwEK2R/YknVqrLB5DdrQ5o58cU61yR3jdcGaI +3rJJu/ZepGexPWDMycjVk8WK9EhbOTLoFXS6YkT/3dNmbh+HPixz5zJZ3M5sRc5W +tSHP9HkbAyPwh9i8FoThWq8ACvtw0daavj/aaX4sQQMN2HbdGD5js4ZTfIeUDUud +d47UkwECgYEAxOMQmujxiN2YyQ8CFnyxCelfwuVtqXcx+W8ZmUW/bLrzVbqWMINB +1HbZWXm72lRB515mdzU/Z5RXCwdQeKFpRGJTyn1fkqP4SKCIM1BqmDkbnxFadGiM +hMB/gpVZPN14lTiLZyfAxbPEekbwNUqIiFvyRFhOAP4dMiGXcRXhOAsCgYEAoA1p +bdLNfGlkol+3TfSPH1Vv4YE8558IyW+ydaH6nA1nkHn6JNyW30zf8Bq9qMsrlhx4 +9JOuLey/DM3WMcrxbaLYAhn6kUUPAbXanQO++QhwolajAJQ/UIfiivmwkXPs4eNE +AylpC/VLpfuC5Tdeq7YUjfk/OyYq7D6MomE3OgECgYA51l7gVbZ5vSr+mcHX0Drj +dDPLVuAhQHbRwAYHpk3wrio4N1thQaa8Qpm0Avrw8DV5vkP6B6oNICqBtsNAn/M8 +CMAQvcc8rzzyILFOZQyOF/JULJtCaJhT3LsRz2nUmpE06lEv3h1ccRol3KV11YlG +UVFeD6vDOER0JVoIazq0Kw== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/ta-with-constraints.test new file mode 100644 index 0000000000..add5736f7b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-fail/ta-with-constraints.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/chain.pem new file mode 100644 index 0000000000..b0b2d6b9cb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/chain.pem @@ -0,0 +1,279 @@ +[Created by: ./generate-chains.py] + +Certificate chain with inhibitPolicyMapping:1 on the root, and an intermediate +that uses policy mappings. Should pass, since policy mapping will be allowed on +the intermediate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:75:aa:66:71:9f:a2:e4:f4:08:1c:39:12:b5:7f:3f:26:78:b9:b5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f3:c0:35:f0:bc:ce:63:f2:31:e5:ab:19:0b:db: + 9b:39:de:84:ac:f6:91:cd:04:b2:7f:77:c3:66:af: + 79:d4:63:5e:79:c6:12:9b:38:6c:9b:00:94:b3:c2: + f0:3e:21:d8:41:ba:3c:27:46:b3:35:0f:79:cc:ea: + 7d:5e:01:da:55:4a:8d:19:09:fd:70:51:1a:68:f8: + 64:ad:a5:a7:f9:bc:49:7f:49:55:17:c5:5b:7a:f8: + bb:78:56:66:16:86:6f:ec:aa:0f:d2:4d:60:57:22: + 45:45:d0:3e:03:f3:29:a1:33:5f:b8:bf:0f:d8:ce: + ab:39:37:dc:73:a1:f4:4d:b9:77:71:8d:70:29:69: + 56:07:8e:b1:c4:9f:a8:8f:8c:53:c6:18:4c:7d:91: + b6:9d:13:c6:29:db:27:ec:b9:3e:94:ba:5b:78:c4: + d3:e3:0f:a6:b1:f8:8b:db:09:e9:9d:fa:f1:90:23: + 75:fa:f5:76:26:f0:18:c2:a3:12:de:57:e3:72:2e: + 5e:2d:e3:55:2e:34:b6:5c:3f:fd:27:ac:48:61:44: + 0e:50:27:85:7e:28:fb:74:a8:72:1a:d2:e2:bc:bc: + 89:c3:6f:17:43:b4:1c:68:2f:41:12:37:51:5c:bc: + 65:36:97:dc:6f:3e:23:14:07:e1:b4:be:e0:df:d9: + 49:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9E:36:84:92:68:F5:BC:1A:E1:90:AE:C5:29:A6:8E:0E:B7:BC:23:23 + X509v3 Authority Key Identifier: + 6E:12:E7:F3:47:71:41:A0:FC:BD:3C:54:9B:CF:55:B3:41:4E:D0:9F + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 97:1b:a5:b9:8b:bd:71:67:64:1c:50:59:2e:b3:ae:d6:1c:2a: + b4:0c:f2:c2:65:41:90:f7:34:f0:d3:5a:f0:a7:21:f7:9a:5e: + 51:e2:ae:78:5c:ec:99:51:9c:72:47:9f:03:f4:59:ad:a2:86: + 98:8a:4f:15:c8:27:f7:81:3a:e8:1f:ff:d6:f3:7e:84:20:27: + ac:54:48:4d:f6:ff:d9:3e:b0:6e:bf:bf:d1:5f:fe:7b:94:c9: + e6:3e:36:7a:91:97:02:dc:f1:d0:92:05:29:64:ec:eb:f2:9d: + 69:33:41:b5:c2:01:cb:0a:7e:44:92:58:c4:d2:b8:96:8c:47: + 96:e1:b3:d3:ac:94:66:0e:2e:ff:86:ef:1b:a7:05:5e:27:4e: + 31:99:d5:65:48:79:c0:fb:22:64:63:c0:cc:11:e0:6c:c2:ba: + 1b:58:b5:b1:c3:f8:f4:b8:8b:c6:a1:17:9e:57:cd:d4:ff:f8: + d4:30:5a:ce:df:d1:07:43:99:40:1d:c4:6f:78:d1:46:74:12: + f3:d9:32:f0:94:2d:f4:ab:34:1b:1d:7f:20:d1:85:f9:bd:cd: + 0f:4c:31:58:25:63:24:33:28:dd:dc:81:94:5d:bc:99:b1:81: + 8c:26:15:ae:b6:2c:cc:31:b2:b4:68:e7:73:1d:d1:07:cd:c0: + 18:bc:65:c8 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUcXWqZnGfouT0CBw5ErV/PyZ4ubUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA88A18LzOY/Ix5asZC9ubOd6ErPaRzQSyf3fDZq951GNe +ecYSmzhsmwCUs8LwPiHYQbo8J0azNQ95zOp9XgHaVUqNGQn9cFEaaPhkraWn+bxJ +f0lVF8Vbevi7eFZmFoZv7KoP0k1gVyJFRdA+A/MpoTNfuL8P2M6rOTfcc6H0Tbl3 +cY1wKWlWB46xxJ+oj4xTxhhMfZG2nRPGKdsn7Lk+lLpbeMTT4w+msfiL2wnpnfrx +kCN1+vV2JvAYwqMS3lfjci5eLeNVLjS2XD/9J6xIYUQOUCeFfij7dKhyGtLivLyJ +w28XQ7QcaC9BEjdRXLxlNpfcbz4jFAfhtL7g39lJgQIDAQABo4H+MIH7MB0GA1Ud +DgQWBBSeNoSSaPW8GuGQrsUppo4Ot7wjIzAfBgNVHSMEGDAWgBRuEufzR3FBoPy9 +PFSbz1WzQU7QnzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAJcbpbmLvXFnZBxQWS6zrtYcKrQM8sJl +QZD3NPDTWvCnIfeaXlHirnhc7JlRnHJHnwP0Wa2ihpiKTxXIJ/eBOugf/9bzfoQg +J6xUSE32/9k+sG6/v9Ff/nuUyeY+NnqRlwLc8dCSBSlk7OvynWkzQbXCAcsKfkSS +WMTSuJaMR5bhs9OslGYOLv+G7xunBV4nTjGZ1WVIecD7ImRjwMwR4GzCuhtYtbHD ++PS4i8ahF55XzdT/+NQwWs7f0QdDmUAdxG940UZ0EvPZMvCULfSrNBsdfyDRhfm9 +zQ9MMVglYyQzKN3cgZRdvJmxgYwmFa62LMwxsrRo53Md0QfNwBi8Zcg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1a:3b:ce:d1:26:69:e6:02:a2:2d:6a:b7:12:bc:51:e8:a3:d6:ee:5f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:99:47:50:56:9f:bd:ac:ff:54:c8:d8:92:80:a1: + 82:ff:be:01:07:69:e9:a2:e0:25:84:4c:c5:04:6b: + d3:82:c0:1b:d0:70:26:79:34:c5:07:4f:25:00:29: + 62:d1:41:3c:ed:49:3b:11:d9:20:4d:f3:3c:0b:21: + be:46:4d:06:02:ab:fb:b1:89:cd:aa:f3:f3:2e:92: + 51:d5:13:1d:2c:78:dd:81:db:d0:60:5b:e9:09:03: + f4:f4:33:e2:f8:16:3d:bf:53:8b:5b:57:02:8c:4b: + 1c:2b:51:76:df:a5:7b:e2:47:07:ed:70:df:c3:02: + 61:9b:46:e1:1b:3d:d1:de:e2:9b:e4:77:5b:fc:8a: + 73:94:48:89:82:2b:4f:b1:3b:90:de:42:6c:b1:d7: + ee:bc:df:74:e4:a5:99:8c:81:7a:e9:ee:5d:60:53: + 68:77:e5:b8:27:a8:18:7b:f6:9b:93:39:3f:8f:d9: + bf:50:65:65:5c:e8:52:fe:c3:63:34:b5:4b:ee:c7: + 6a:5b:aa:36:4c:8d:05:e0:50:5d:af:e1:63:42:7b: + f7:82:24:f6:57:b6:5e:65:54:ed:02:0f:46:a3:08: + 3b:28:fa:ca:69:c3:f4:7e:9d:25:3a:12:4e:65:6b: + a7:04:43:7b:a6:d2:5f:e2:7f:bb:d4:70:ba:c8:a9: + b4:97 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6E:12:E7:F3:47:71:41:A0:FC:BD:3C:54:9B:CF:55:B3:41:4E:D0:9F + X509v3 Authority Key Identifier: + D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Mappings: critical + 1.2.3.4:1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 07:9b:f8:51:e0:5e:9c:5b:f7:64:f4:cd:c2:aa:8d:d0:83:fc: + ab:6a:8b:8f:8b:31:8c:79:05:ab:18:0c:31:5a:c4:22:31:3f: + 07:54:16:ad:2f:d8:12:5a:24:25:1f:88:8f:f0:2c:4e:2b:6d: + d4:60:4f:95:15:fb:6a:6c:1e:40:40:4f:b1:59:bf:2c:2f:97: + c7:89:33:52:68:d0:93:7d:06:a2:9a:d7:1e:44:ab:19:44:29: + 6d:02:63:a8:c2:0e:29:35:eb:11:04:57:cd:06:e9:0a:00:c2: + f1:a9:9d:4a:f8:09:d4:44:a7:32:89:5f:42:8c:cf:bc:5f:52: + c7:af:a6:92:8f:9c:c6:af:42:29:c7:de:db:e6:b5:40:ca:44: + 9d:7b:43:32:f2:e4:3f:e3:33:a0:c0:13:cb:15:bc:84:27:9a: + ef:92:b7:7d:e5:c9:5a:39:c9:b1:58:90:4e:da:1f:3b:98:7a: + de:d5:c6:3d:60:73:9f:1e:9a:4d:3d:d6:7c:8a:b9:4e:2e:17: + e6:69:9e:a1:80:a0:b9:b9:97:cd:0f:d4:78:88:28:f6:09:a9: + 45:b5:11:af:53:6d:84:4b:9c:09:42:eb:aa:7e:65:2a:be:8b: + 31:66:f3:68:10:fc:e4:71:84:3d:09:c7:f3:7b:61:fb:8d:f7: + b3:70:99:97 +-----BEGIN CERTIFICATE----- +MIIDwjCCAqqgAwIBAgIUGjvO0SZp5gKiLWq3ErxR6KPW7l8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJlHUFafvaz/VMjYkoChgv++AQdp6aLgJYRMxQRr04LAG9Bw +Jnk0xQdPJQApYtFBPO1JOxHZIE3zPAshvkZNBgKr+7GJzarz8y6SUdUTHSx43YHb +0GBb6QkD9PQz4vgWPb9Ti1tXAoxLHCtRdt+le+JHB+1w38MCYZtG4Rs90d7im+R3 +W/yKc5RIiYIrT7E7kN5CbLHX7rzfdOSlmYyBeunuXWBTaHfluCeoGHv2m5M5P4/Z +v1BlZVzoUv7DYzS1S+7HaluqNkyNBeBQXa/hY0J794Ik9le2XmVU7QIPRqMIOyj6 +ymnD9H6dJToSTmVrpwRDe6bSX+J/u9RwusiptJcCAwEAAaOCAQwwggEIMB0GA1Ud +DgQWBBRuEufzR3FBoPy9PFSbz1WzQU7QnzAfBgNVHSMEGDAWgBTXoL/T/S1PqEd5 +Z58MNS3Dvkni/TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 +cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs +LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDwYDVR0kAQH/BAUwA4ABADATBgNVHSABAf8ECTAHMAUGAyoDBDAYBgNVHSEB +Af8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3DQEBCwUAA4IBAQAHm/hR4F6cW/dk +9M3Cqo3Qg/yraouPizGMeQWrGAwxWsQiMT8HVBatL9gSWiQlH4iP8CxOK23UYE+V +FftqbB5AQE+xWb8sL5fHiTNSaNCTfQaimtceRKsZRCltAmOowg4pNesRBFfNBukK +AMLxqZ1K+AnURKcyiV9CjM+8X1LHr6aSj5zGr0Ipx97b5rVAykSde0My8uQ/4zOg +wBPLFbyEJ5rvkrd95claOcmxWJBO2h87mHre1cY9YHOfHppNPdZ8irlOLhfmaZ6h +gKC5uZfND9R4iCj2CalFtRGvU22ES5wJQuuqfmUqvosxZvNoEPzkcYQ9Ccfze2H7 +jfezcJmX +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1a:3b:ce:d1:26:69:e6:02:a2:2d:6a:b7:12:bc:51:e8:a3:d6:ee:5e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a0:cd:53:80:33:bf:64:5d:06:66:6f:65:b5:97: + de:4e:5c:0d:48:e1:63:b4:dc:72:9f:5a:70:43:ab: + 75:e0:74:03:06:c8:bf:87:6b:cf:a0:29:8d:45:c3: + 5a:eb:a0:57:63:0f:d2:4f:18:5c:cc:c0:41:17:37: + 31:7a:0c:0b:dd:f5:fa:c2:88:16:42:25:73:d5:fb: + 09:5f:43:f7:46:1c:2c:68:0a:b1:2b:1b:f6:71:f6: + bf:d3:c7:ff:66:f7:9d:be:a7:d8:ef:bb:ad:32:89: + 4e:5d:8d:9e:1d:cc:6b:a6:93:a4:3f:4f:e4:bd:a3: + c0:55:20:91:56:2f:a6:0b:2b:13:ce:fb:f4:24:86: + 5b:82:5a:35:9a:d5:98:10:d1:66:cc:88:dc:c4:6d: + 1d:d4:35:55:5b:00:5c:6a:10:07:77:59:b4:7a:9b: + a2:7a:c8:16:1c:b2:c4:bb:56:1c:cc:6a:01:28:4d: + 0a:fc:fa:dc:5d:a4:c0:c3:7d:d0:c5:8f:16:13:8b: + 59:dd:fb:c8:b3:11:8f:9f:9b:44:c7:48:8d:14:67: + f3:8a:68:a9:8e:aa:bf:c6:51:e9:dc:28:c4:d3:dd: + 9f:b1:e7:ab:d6:fe:f3:bb:6b:53:76:d1:ba:66:64: + 62:6a:6e:cf:2b:2b:cf:d6:c5:30:78:a0:ac:d1:4e: + 84:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD + X509v3 Authority Key Identifier: + D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Inhibit Policy Mapping:1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0f:1a:40:a5:f3:25:67:a6:7a:05:2e:d4:96:d4:45:51:62:db: + 39:77:4c:76:90:c7:e5:73:14:00:ab:3d:00:d9:ad:e8:da:80: + 94:7f:81:e6:aa:86:3c:6d:84:fc:19:de:1c:0e:4f:93:c3:88: + 0b:7f:f9:56:81:ac:c8:92:2e:5c:48:a2:bf:69:a0:d0:f4:42: + f6:54:5f:f5:c5:4f:dd:52:84:f9:a2:df:d7:dc:4d:78:7e:3b: + 2d:be:e6:f2:b4:53:ca:b3:28:69:a4:ab:57:e9:2f:47:19:27: + a7:8e:17:ef:90:f1:e0:42:74:0b:16:37:d6:47:5e:d5:9c:a1: + a5:d7:63:6b:9b:2f:e1:e1:34:41:c3:19:71:ef:08:61:6c:a7: + 29:0a:cb:c6:0f:72:f4:c9:31:59:52:b6:cd:0c:c4:8d:5f:e4: + 3f:0a:89:47:5a:fd:11:89:34:8d:b0:67:d8:07:d9:a6:d3:be: + db:c4:ed:96:6f:25:35:bb:42:45:1c:70:65:82:f9:bd:88:6b: + 8d:de:1b:84:e7:d6:80:aa:92:af:88:f0:f2:42:e7:20:5f:46: + b6:80:c8:49:49:ee:cc:a6:13:c3:86:26:7b:50:c5:f4:7b:41: + d3:ea:37:f4:11:46:66:09:d0:57:4e:33:e4:44:e0:f6:58:5d: + f7:5c:6c:d1 +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIUGjvO0SZp5gKiLWq3ErxR6KPW7l4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCgzVOAM79kXQZmb2W1l95OXA1I4WO03HKfWnBDq3XgdAMGyL+Ha8+gKY1F +w1rroFdjD9JPGFzMwEEXNzF6DAvd9frCiBZCJXPV+wlfQ/dGHCxoCrErG/Zx9r/T +x/9m952+p9jvu60yiU5djZ4dzGumk6Q/T+S9o8BVIJFWL6YLKxPO+/QkhluCWjWa +1ZgQ0WbMiNzEbR3UNVVbAFxqEAd3WbR6m6J6yBYcssS7VhzMagEoTQr8+txdpMDD +fdDFjxYTi1nd+8izEY+fm0THSI0UZ/OKaKmOqr/GUencKMTT3Z+x56vW/vO7a1N2 +0bpmZGJqbs8rK8/WxTB4oKzRToSlAgMBAAGjgdwwgdkwHQYDVR0OBBYEFNegv9P9 +LU+oR3lnnww1LcO+SeL9MB8GA1UdIwQYMBaAFNegv9P9LU+oR3lnnww1LcO+SeL9 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB +Af8EBTADgQEBMA0GCSqGSIb3DQEBCwUAA4IBAQAPGkCl8yVnpnoFLtSW1EVRYts5 +d0x2kMflcxQAqz0A2a3o2oCUf4HmqoY8bYT8Gd4cDk+Tw4gLf/lWgazIki5cSKK/ +aaDQ9EL2VF/1xU/dUoT5ot/X3E14fjstvubytFPKsyhppKtX6S9HGSenjhfvkPHg +QnQLFjfWR17VnKGl12Nrmy/h4TRBwxlx7whhbKcpCsvGD3L0yTFZUrbNDMSNX+Q/ +ColHWv0RiTSNsGfYB9mm077bxO2WbyU1u0JFHHBlgvm9iGuN3huE59aAqpKviPDy +QucgX0a2gMhJSe7MphPDhiZ7UMX0e0HT6jf0EUZmCdBXTjPkROD2WF33XGzR +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/generate-chains.py new file mode 100755 index 0000000000..0f4a6e6964 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/generate-chains.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with inhibitPolicyMapping=1 on the root, and an +intermediate that uses policy mappings. Should pass, since policy mapping will +be allowed on the intermediate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('policyConstraints', + 'critical,inhibitPolicyMapping:1') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') + +intermediate.get_extensions().set_property('policyMappings', + 'critical,@policy_mappings') +policy_mappings = intermediate.config.get_section('policy_mappings') +policy_mappings.set_property('1.2.3.4', '1.2.3.5') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Intermediate.key new file mode 100644 index 0000000000..afb5b0301a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCZR1BWn72s/1TI +2JKAoYL/vgEHaemi4CWETMUEa9OCwBvQcCZ5NMUHTyUAKWLRQTztSTsR2SBN8zwL +Ib5GTQYCq/uxic2q8/MuklHVEx0seN2B29BgW+kJA/T0M+L4Fj2/U4tbVwKMSxwr +UXbfpXviRwftcN/DAmGbRuEbPdHe4pvkd1v8inOUSImCK0+xO5DeQmyx1+6833Tk +pZmMgXrp7l1gU2h35bgnqBh79puTOT+P2b9QZWVc6FL+w2M0tUvux2pbqjZMjQXg +UF2v4WNCe/eCJPZXtl5lVO0CD0ajCDso+sppw/R+nSU6Ek5la6cEQ3um0l/if7vU +cLrIqbSXAgMBAAECggEAA6D/ZlQF2f15jmYoociXh2KCN7pRAInGzM92FdkceteX +Hco2vvitQxnWltH9niKpqwLob4KKenRfX/J+kYxSFhu1EjD6OfZPAM1DoeqZiDhp +Iu5UJdPg1bvOpgsMcDJmmwvPtgV+illefPZ1/NMekCIXLluIkKwsj2nDYcrtSxX2 +mKwbFfbBrfIA7zjwxutARhuY5ACW8Oh2LvFk3o4Kk9rVXXVO5v8N9x4s8FvCjAZ7 +6r+W4kcpUA7Izh3rOOKzj3Sgl4D607AP96MELU4Tt976gZIQ2YVdmD3hE7dRpe95 +eTYwdPsh0zOo6fGQxtmAfpwwqDJW0kXUYhDXHZlvwQKBgQDDgZdcOIDq3bnOkbx2 +xt9DxuRcEgOaEX0bKPFPB8/HI1/QbyfcwykpMvbD9Z5zkxLQwXxL2evIuVPhtkZV +56xiePOQXtmxv/wEuvyHcG21m5HZiE2MKv4e5qR8ZCk2vrgAVKGswKcYWoVKsN5w +SSc5lBGln7KGOoKyMs71G7HW8QKBgQDItMrrjzM8kcipciLzmegERWNgvni0P8bQ +n/1QZoP6V8ezPOOM1/xZqxVfD+XEYaeY6A2XDoX0aTkX12IaPEjJ9D7jzKRPxhm9 +asqYWzHG7+xuRNnab81yYHvSOeoxV9Hg1EWR0bPK7UTo/RREu3h5kCfs7kcEH3dr +MPjj9iIUBwKBgQCm2+3RGbB9w+uXcC7HuQhIknHIWt+UGSULjzAU4XfmYDygap48 +/pwcu5B8wx8PSREf9mMdYcqpL/N1itoQ63/nM4+9QhbObCqt5uEsvzoDa9lZLcnx +vafRu8vbFqlOPgxQy+qIxIxYbrmge7/9WZIOxF8jWl9FzJ5LdK3J6G8qIQKBgC+9 +uYsAvBpLPyT3LlMtp9/kNXhctk+B4CPd+p52VCxnVuxOrn3hHnih1mqPWIM3C2u2 +vwzQepKhuN/v7rj44AOR4qfDFM6Y+6Rv05McFiIRDfdIz11DPOZZBvsBpbBpCFZn +h8jgzdiWSc717C1RPp4D6UtVfnT/myNXOczXzlFfAoGBAI6k5zS1FRlCK1L8BTCM +h42Jmx8As3HjCEuJ3hmEOhseJfkO+c8H2HbJ2jZPrpIpQ5e0sumiQEpnDuliElfB +FZo55b9MVhaRQJ//epSfL6+kblH5w6rY6uvTYd3LQIUBGDSHMnPF1ucs2kpWtW7N +cF+IjUZcb/n/eEHQDJYlZDTs +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Root.key new file mode 100644 index 0000000000..b33a221a2f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgzVOAM79kXQZm +b2W1l95OXA1I4WO03HKfWnBDq3XgdAMGyL+Ha8+gKY1Fw1rroFdjD9JPGFzMwEEX +NzF6DAvd9frCiBZCJXPV+wlfQ/dGHCxoCrErG/Zx9r/Tx/9m952+p9jvu60yiU5d +jZ4dzGumk6Q/T+S9o8BVIJFWL6YLKxPO+/QkhluCWjWa1ZgQ0WbMiNzEbR3UNVVb +AFxqEAd3WbR6m6J6yBYcssS7VhzMagEoTQr8+txdpMDDfdDFjxYTi1nd+8izEY+f +m0THSI0UZ/OKaKmOqr/GUencKMTT3Z+x56vW/vO7a1N20bpmZGJqbs8rK8/WxTB4 +oKzRToSlAgMBAAECggEADYpMmjKBTsOwisadk2V24DVLHxRvj2ayti1o36Hb+qr6 +KEOWMSKIaK2nCjVRfh7RzPMjm+pqwgj8UiahIWxLQYT5eRD5gtdhgiax2tY/x6UO +rjIcSguAPIdxDrW8EWEPZOMAVuuAQY2jTihjJJI2jF/JSFWDZt6XjvN/mXjIrA7x +xxJiWgJP4wleb30mjMdQb137Wgsu9G1HpOtyHarSqHurlpPISg4JCpaGMxoyQaLm +HV5yTRYH1GN1SqvBDCQi4XGeXPYKxzwKxjXeCi10PCCYBnYuoxm6sL4lnfmOvE4s +AtEFIxelQKUl5BKqOA9ulpzFHeGV7+prjS4YhI9BzwKBgQDa3coM53JguDwk47iu +jeiokRxL1z8nNX3HezHi5lapLiobHf38ZHuspIwVIckeO2jUmuHhx/5iLj9Huenx +4BG+gpHIzQL7SssNNZnOpQ/858Xvv5fBBV2u6/CE58O/NXIABpu5vyJw7ZwsfH2v +qdPHqt1iIs3KYdxE7JyrlaaCfwKBgQC8FZR2DakUfwwpB6oG5wAo61wcZSQVHayI +jat+0iXzaeX/u1NooPD/Rzr9vKYwvo1CKE9dphF477arS1sOhSFZz/6zn2o8kRVQ +I7Irm2Pw/DvD9TTTmgHmx3YLTS0FKUqaW6r0Dz422doTRnlTU1i+ptNta4PoHYTQ +Mhsqym4e2wKBgQDVfH23tJMW0N6pxQ7CBV4p/tGxEJZjcoPr7rkscC2b/JHJvamf +ZYxVTHPvsPLycFTC/QjUKTZzIlVLa4dNDZmBUO9PBNqhr8T8b4pFzTAZKyMhxqsJ +9mf5Vd9YZJHFkyZN7CQ+PLglm0A5DH20uV0AaCRlszk07dvjx0DTBbhTlQKBgDXF +8bEizLFodWCRqWHZz2jjiW0w2XUUC8zqvBpBGMqT/0bzFrC2OtCxW8NJmTYcdKRy +g+ZhYWNzHYWxwLHRDCzyU36lWClCzZYg7oKbJaKzap7mzxikUmDZq/0lLnboTET/ +akvmw8HI3Rlfr7ZMAPZZGd+Rup+1ONCRUsUUJRG7AoGAT5VJN0ngr7V0KNTkh0/l +lflUnLTaKMbXy3mr+1Kv5lRj4Jr6fsNpcomp8+C4XYbTj5iBc08mJQASs6I0Eyke +VhOImLy40vNTV0fNQvkaRjl/m4b5A2U3nyfRVrwslzUZT8WGSC6crz70Gmw0Ujsa +HqBWbvSVd4t+PhWG1qI2TDk= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Target.key new file mode 100644 index 0000000000..7932c266df --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDzwDXwvM5j8jHl +qxkL25s53oSs9pHNBLJ/d8Nmr3nUY155xhKbOGybAJSzwvA+IdhBujwnRrM1D3nM +6n1eAdpVSo0ZCf1wURpo+GStpaf5vEl/SVUXxVt6+Lt4VmYWhm/sqg/STWBXIkVF +0D4D8ymhM1+4vw/Yzqs5N9xzofRNuXdxjXApaVYHjrHEn6iPjFPGGEx9kbadE8Yp +2yfsuT6Uult4xNPjD6ax+IvbCemd+vGQI3X69XYm8BjCoxLeV+NyLl4t41UuNLZc +P/0nrEhhRA5QJ4V+KPt0qHIa0uK8vInDbxdDtBxoL0ESN1FcvGU2l9xvPiMUB+G0 +vuDf2UmBAgMBAAECggEAZXCWgitxETMYBOahs8ee4AR03q52mwXbayTiUvewEe2Q +wcjmsWZX/GHPgMgdxx26rA/fPNE1f12DaP4lUlwfCuPNuJ/pszZtcUX+UC3irBHp +3GkeWpgtrA2bp0b9kV49chaMIw9Eir6eaaFyTZ6Csq14pqAM7kOECnnu6sh5rWY0 +HVVWw1HShH7PiChTULFBk6JxM3OfHtOOWSgOPLsdyTjaQT3hbc0DyOixCSX1ZFhm +8ToD5vvG2z8/ML+MWRoWqcofukeoNAe+Z8gNuPaTzctjeFEmOPI5FebErv9Qk8uQ +RsEoqz7+TfAFJ9E7euRNhDULi9Nn2PnfH1z3vqLqSQKBgQD4XjbfzW4n7tmLRqD3 +ea9WBKANPcwA3EX+dKmKjCzUq41aBik1SU4qbE1UkUFI4tFVX7ix/6+UHWRDdy7Q +Wh2bmEn1WAc5yVg0K3Nnh6mwHH5ELjlGSHsWSkNevw+gsPgburI9okZPZ+89sxQy +yQjj+OW9EenWcdZfxO4/ju0P0wKBgQD7PazXWb3jt5EDXByoU/A7AH0Z7jLA+ZC9 +ZSAf4DndykBnCxhkzZ60Nvv5wOxT97lzjNzHY4T6i2TziYcY2rVRS3obCd2CqgnS +ONkl3PFV8SrseFptcgKAmbK2h+WT+jHo/aE0JcckpA4zF73seNvONAqeQhmtEGi8 +NrLr9YhA2wKBgQDY2kHlNFN6sFPnA/rlOKy7WPx5szwcgDbozel925gE8+hN8tUl +/mQuLDN0pAKxZcDKXvI/D/S4SNVTBousRRJW2Sex/HMKpF7L5igz+8JPzwD7/LPr +RruZoaui3QUDE6D9bQvVPotPJ3s+js4S7W5Cxf2pECvwHaLEKYivm9YmGwKBgQDJ +4zKbzjJn5V9y+rbQkLrPPsJIbv970E990eAxnSYC0n5UDzdn8U8hc7mhZWTCyKLO +dpgG5TK7ff3+MTpNP5pKHEOfrJrCX88KjcH4ygVoUSZz5PaNUfsuydMxGBzkfz1S +A1VhqSXQjMAYUHC+sBO5LFqH94fYaQIwlCfMsn3t1wKBgEEsIVD1XreTC6LfMfLv +r5+idBfmDdQpE7na9Btj115150HJLyBAfMAxyFAko512yignphZX6kVKUvKrsap9 +Bcu1nJJzbP6OYa/eI6n4kjWTYbuToyQVq9WT9TTlg1OJ+w+w0YwMLVX8w0sCCgHp +7Ukkwb7MqgSUaOZLPyMsmc7f +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/ta-with-constraints.test new file mode 100644 index 0000000000..e8f7164064 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-inhibit-mapping-by-root-ok/ta-with-constraints.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-ok/chain.pem new file mode 100644 index 0000000000..494a59de6f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/chain.pem @@ -0,0 +1,272 @@ +[Created by: ./generate-chains.py] + +Certificate chain with policies and requireExplicitPolicy. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 76:08:4d:78:c1:3f:07:cd:a3:c6:78:9f:04:0f:8d:7f:53:59:b2:73 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:4e:54:b8:f3:a9:51:97:5a:ab:40:dd:8f:a8: + 4d:1c:3e:e2:4a:bc:ea:eb:f4:11:44:51:30:8c:9c: + b0:60:16:37:98:47:4a:c3:b8:b1:2e:b3:bd:c8:05: + 3f:70:4c:b8:2d:57:43:3b:6f:da:9b:72:57:f6:45: + db:8d:e1:c8:08:80:d6:10:94:c9:2a:58:92:e9:a4: + 2d:ce:a7:5b:64:bd:99:fc:16:ee:8e:87:fb:fc:05: + e8:06:13:b0:01:b7:c7:53:6f:20:34:40:c5:d4:0b: + e9:72:54:88:f8:38:2c:dc:6c:21:e0:9b:c5:d1:95: + 79:f3:f2:3a:38:8e:54:0b:af:d6:74:98:37:28:86: + 96:33:7c:63:e5:38:03:f2:7d:16:fe:fb:16:57:5b: + 59:81:f1:83:86:11:4f:4a:96:17:80:e1:22:00:e4: + e0:7f:6c:b6:4e:ad:22:10:90:fb:2c:61:9c:4e:25: + 23:c3:04:69:69:45:66:6a:e6:fc:0a:31:98:59:0f: + df:e5:45:37:68:d4:2d:b8:c4:20:16:f2:c0:db:c2: + 7e:93:5b:0b:e2:26:46:ba:78:e5:fa:b7:e1:b3:86: + 7a:72:85:26:ae:1c:c6:a6:e9:57:fd:c1:c7:6d:4e: + 5f:59:3a:7a:76:f8:d9:f6:1b:e5:e9:c6:96:c4:14: + ce:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3F:54:44:D9:08:0D:47:C0:7F:78:3F:FE:2A:09:5F:9A:11:8F:B3:5D + X509v3 Authority Key Identifier: + 3D:93:4F:05:1D:3B:34:80:2F:A2:A7:1F:CA:9C:28:DC:C1:55:E2:67 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 63:69:e9:e2:b0:09:40:6b:26:74:bb:fa:01:d5:fb:c7:b7:aa: + d1:bd:69:0d:ac:f0:94:56:21:8b:32:7e:4b:12:e9:a5:eb:ce: + 14:41:2a:23:17:eb:5f:df:dd:e0:e7:1a:9d:1e:cf:17:9f:26: + 81:9b:b4:b0:c3:28:67:5b:65:c9:d7:9f:21:9b:9c:01:97:a8: + ec:44:8d:04:7d:fc:72:01:93:aa:92:84:59:42:d2:da:49:08: + 35:8e:d6:7d:89:a0:c3:70:6d:05:f7:eb:30:08:6e:66:2c:90: + 7c:33:e7:b8:81:d9:04:cb:12:db:a2:34:1a:c9:fa:d6:ef:af: + 98:84:bc:c9:a9:af:4a:d6:23:ff:b3:6d:d4:3c:0f:d8:f8:bc: + 10:1e:c6:29:06:6c:7c:5b:b2:f3:4f:96:95:79:69:7b:00:c0: + 65:04:84:0f:2e:28:e9:b2:a2:98:2d:b8:35:8c:09:c3:d4:f1: + 69:f6:31:d7:37:85:5a:72:46:07:11:56:fc:48:79:b7:02:ed: + ba:a8:bd:4b:38:95:71:e8:e0:e0:99:2c:f9:19:bc:1e:61:f8: + a3:26:61:31:c8:af:07:d2:1b:58:96:82:42:b0:f3:f0:6c:4f: + 54:0a:bb:fa:44:a2:92:89:90:c5:fc:1d:31:e3:08:4d:fe:97: + b0:8e:b0:cc +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUdghNeME/B82jxnifBA+Nf1NZsnMwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwU5UuPOpUZdaq0Ddj6hNHD7iSrzq6/QRRFEwjJywYBY3 +mEdKw7ixLrO9yAU/cEy4LVdDO2/am3JX9kXbjeHICIDWEJTJKliS6aQtzqdbZL2Z +/Bbujof7/AXoBhOwAbfHU28gNEDF1AvpclSI+Dgs3Gwh4JvF0ZV58/I6OI5UC6/W +dJg3KIaWM3xj5TgD8n0W/vsWV1tZgfGDhhFPSpYXgOEiAOTgf2y2Tq0iEJD7LGGc +TiUjwwRpaUVmaub8CjGYWQ/f5UU3aNQtuMQgFvLA28J+k1sL4iZGunjl+rfhs4Z6 +coUmrhzGpulX/cHHbU5fWTp6dvjZ9hvl6caWxBTOnQIDAQABo4H+MIH7MB0GA1Ud +DgQWBBQ/VETZCA1HwH94P/4qCV+aEY+zXTAfBgNVHSMEGDAWgBQ9k08FHTs0gC+i +px/KnCjcwVXiZzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAGNp6eKwCUBrJnS7+gHV+8e3qtG9aQ2s +8JRWIYsyfksS6aXrzhRBKiMX61/f3eDnGp0ezxefJoGbtLDDKGdbZcnXnyGbnAGX +qOxEjQR9/HIBk6qShFlC0tpJCDWO1n2JoMNwbQX36zAIbmYskHwz57iB2QTLEtui +NBrJ+tbvr5iEvMmpr0rWI/+zbdQ8D9j4vBAexikGbHxbsvNPlpV5aXsAwGUEhA8u +KOmyopgtuDWMCcPU8Wn2Mdc3hVpyRgcRVvxIebcC7bqovUs4lXHo4OCZLPkZvB5h ++KMmYTHIrwfSG1iWgkKw8/BsT1QKu/pEopKJkMX8HTHjCE3+l7COsMw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6d:e0:57:1a:f3:9a:80:02:b6:c9:bd:be:0c:a5:21:0f:8b:78:67:70 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d4:36:ce:68:1f:c4:5f:a3:21:5a:43:7d:5e:54: + 8e:a7:77:c3:5e:48:80:e7:05:4a:05:a2:c4:36:30: + 2c:e2:0b:d9:8e:0c:df:98:4f:f0:6d:2b:12:ae:6c: + ae:3c:d9:d7:a8:c1:3c:0e:40:14:81:90:f9:ed:cf: + 3f:e4:93:f4:5a:dc:89:57:f4:4f:ca:0d:c7:8c:32: + a0:b0:7b:d1:d0:b1:45:e6:5a:2a:32:c9:dc:db:7f: + af:46:e6:5b:1a:02:72:46:be:66:3b:98:67:e2:33: + c8:05:60:05:2a:7b:03:42:14:ba:62:f0:62:c0:7b: + 75:58:06:c0:b4:b8:81:ad:23:e7:60:33:53:55:7e: + 7c:78:7c:97:a5:09:fc:97:2c:49:51:77:48:49:39: + 5f:fb:6f:b1:3f:eb:b0:6d:c4:d6:a5:9f:97:ba:8e: + 19:5f:fe:d9:71:ee:8a:6a:0d:08:6e:5c:09:54:6f: + 8c:f3:a1:74:08:6f:dc:36:69:00:e8:6a:40:82:6f: + de:ba:87:dd:32:f2:c8:60:f0:3f:5f:87:a3:e5:4c: + 76:7f:77:75:46:47:c0:fa:c0:03:ce:3f:57:dc:9a: + ee:0c:3e:27:65:39:4b:5c:fc:dd:09:c9:80:d8:6c: + 9c:ee:6c:8b:e7:99:43:b3:21:b5:10:9f:4a:aa:8e: + 0b:97 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3D:93:4F:05:1D:3B:34:80:2F:A2:A7:1F:CA:9C:28:DC:C1:55:E2:67 + X509v3 Authority Key Identifier: + B2:69:86:08:36:14:3E:66:79:B7:98:70:BE:30:9D:0B:73:00:6F:0E + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 28:a1:4e:4e:d5:82:36:24:6f:69:b8:2d:ab:a2:a6:64:32:48: + 7d:cd:18:0d:6a:d8:43:79:c1:6b:b9:f1:6b:70:ab:64:e3:b3: + 46:1f:06:61:99:92:21:ef:9e:18:38:4a:c0:3d:a2:b6:32:79: + 5d:c9:68:04:84:ba:a6:1a:a6:8c:f1:51:3e:ab:01:83:57:78: + f8:38:80:e9:38:d8:db:40:ac:9e:94:e1:da:13:d9:33:4c:20: + 98:3d:da:6b:95:d0:64:6f:fd:6c:37:f1:fe:1c:ea:a5:71:49: + 9e:b1:24:94:0a:84:ff:60:b0:b0:8d:2a:54:2c:25:74:0d:18: + 1c:7e:9a:67:d8:82:ec:af:fc:88:2a:fb:9c:29:ba:a6:a9:1a: + cc:cd:c0:71:b3:02:f3:d8:58:f2:d3:4f:0f:5a:19:da:28:3b: + f3:5a:38:b5:5a:40:1a:05:13:16:9c:0c:d7:df:ef:0b:2f:2b: + 81:7b:01:30:d7:88:2d:8d:e5:b6:89:b8:98:4b:40:aa:0f:46: + 65:15:09:40:49:8f:93:0c:10:5e:b2:34:1a:e0:8f:7b:7d:90: + 35:df:64:1c:ce:08:0e:38:fa:cb:cf:f0:e4:62:a6:e7:15:dd: + 07:a5:b5:42:3b:d8:77:e7:8b:d1:1c:2a:3c:6f:c2:33:2c:f2: + 7c:14:59:5f +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIUbeBXGvOagAK2yb2+DKUhD4t4Z3AwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANQ2zmgfxF+jIVpDfV5Ujqd3w15IgOcFSgWixDYwLOIL2Y4M +35hP8G0rEq5srjzZ16jBPA5AFIGQ+e3PP+ST9FrciVf0T8oNx4wyoLB70dCxReZa +KjLJ3Nt/r0bmWxoCcka+ZjuYZ+IzyAVgBSp7A0IUumLwYsB7dVgGwLS4ga0j52Az +U1V+fHh8l6UJ/JcsSVF3SEk5X/tvsT/rsG3E1qWfl7qOGV/+2XHuimoNCG5cCVRv +jPOhdAhv3DZpAOhqQIJv3rqH3TLyyGDwP1+Ho+VMdn93dUZHwPrAA84/V9ya7gw+ +J2U5S1z83QnJgNhsnO5si+eZQ7MhtRCfSqqOC5cCAwEAAaOB8TCB7jAdBgNVHQ4E +FgQUPZNPBR07NIAvoqcfypwo3MFV4mcwHwYDVR0jBBgwFoAUsmmGCDYUPmZ5t5hw +vjCdC3MAbw4wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN +AQELBQADggEBACihTk7VgjYkb2m4LauipmQySH3NGA1q2EN5wWu58Wtwq2Tjs0Yf +BmGZkiHvnhg4SsA9orYyeV3JaASEuqYapozxUT6rAYNXePg4gOk42NtArJ6U4doT +2TNMIJg92muV0GRv/Ww38f4c6qVxSZ6xJJQKhP9gsLCNKlQsJXQNGBx+mmfYguyv +/Igq+5wpuqapGszNwHGzAvPYWPLTTw9aGdooO/NaOLVaQBoFExacDNff7wsvK4F7 +ATDXiC2N5baJuJhLQKoPRmUVCUBJj5MMEF6yNBrgj3t9kDXfZBzOCA44+svP8ORi +pucV3QeltUI72Hfni9EcKjxvwjMs8nwUWV8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6d:e0:57:1a:f3:9a:80:02:b6:c9:bd:be:0c:a5:21:0f:8b:78:67:6f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b7:3b:ea:17:07:2b:f0:3b:dd:d2:24:53:f6:fa: + 9f:47:c2:a7:6e:fa:04:f1:b2:fe:74:ef:ec:24:75: + 07:fd:f3:7b:29:9c:17:1c:e5:41:df:34:4a:1c:2b: + 4a:5f:8d:36:44:1a:5f:67:92:7a:2a:a8:85:7b:49: + b7:83:1d:c7:7f:44:c3:a7:09:3a:75:5e:00:43:db: + dd:91:41:28:a1:cd:13:11:35:3b:7a:92:fc:ad:98: + 3c:ac:cb:85:77:a4:d0:3f:57:ed:67:69:9c:40:3b: + c4:0c:a3:32:3a:01:73:0c:ed:55:21:a8:be:b4:41: + ee:f3:6e:e9:04:10:9b:2c:7b:c5:2a:d2:87:52:ef: + 12:84:87:82:5e:40:e3:bf:6a:47:33:60:22:1a:42: + 63:45:ac:28:be:79:59:37:48:45:65:6b:13:89:bb: + 58:6e:d8:4e:8d:b3:26:30:d2:c0:3e:d6:16:f2:08: + 31:bf:2c:b1:c9:b7:c4:58:09:89:ee:52:21:fb:ab: + 7a:f1:4e:b3:7f:a1:20:c3:99:9b:74:0d:d3:c4:c3: + 3d:53:aa:cb:32:48:0e:8a:66:2b:07:09:8c:73:38: + ff:81:15:30:c9:12:39:d5:ec:44:32:81:df:ec:85: + c1:d3:45:d1:eb:82:61:f2:86:ad:1a:e1:a3:ee:a1: + a0:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B2:69:86:08:36:14:3E:66:79:B7:98:70:BE:30:9D:0B:73:00:6F:0E + X509v3 Authority Key Identifier: + B2:69:86:08:36:14:3E:66:79:B7:98:70:BE:30:9D:0B:73:00:6F:0E + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 55:ce:69:0a:bf:08:3a:d2:a3:2d:00:b0:5f:b4:f9:e1:26:3b: + 3b:28:e5:45:c5:e4:8f:46:f0:1a:a2:ae:d4:e7:a9:dd:39:08: + dd:d4:80:52:75:4d:35:95:50:b6:44:49:c0:48:c1:3f:c4:19: + 1b:b1:71:73:65:9b:78:a1:1d:79:01:09:d8:46:e8:b0:6b:e3: + 77:b3:a0:4e:6b:ff:1a:e1:63:12:56:b7:df:4d:d9:f4:ab:fc: + 5f:a5:e7:e1:38:28:80:a6:cb:fd:b1:ba:32:34:2e:c9:90:9f: + 9a:8f:c2:40:ab:04:42:8c:ea:b4:55:79:e3:e5:7d:73:e6:0f: + 63:95:76:49:94:44:16:57:7f:4f:2b:6a:28:16:ff:01:e4:1c: + ad:b8:14:10:d2:10:17:df:65:36:f7:08:98:c3:c3:f2:6c:c4: + 70:dc:8f:e1:67:f0:62:eb:19:21:8c:c0:a6:53:20:ff:4d:b8: + 80:a8:3d:6d:15:6b:23:5d:06:70:fa:2a:87:ec:ff:20:96:f8: + 31:1c:23:93:f5:a4:03:e9:11:c5:0b:da:cf:7e:60:86:a8:da: + c5:fe:5c:eb:dd:b8:67:72:5c:d9:16:c4:af:a8:41:aa:38:c4: + 40:0a:17:fd:06:89:b5:c4:7a:2a:1b:0d:49:23:9e:ed:55:e3: + c5:ec:48:3d +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUbeBXGvOagAK2yb2+DKUhD4t4Z28wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC3O+oXByvwO93SJFP2+p9Hwqdu+gTxsv507+wkdQf983spnBcc5UHfNEoc +K0pfjTZEGl9nknoqqIV7SbeDHcd/RMOnCTp1XgBD292RQSihzRMRNTt6kvytmDys +y4V3pNA/V+1naZxAO8QMozI6AXMM7VUhqL60Qe7zbukEEJsse8Uq0odS7xKEh4Je +QOO/akczYCIaQmNFrCi+eVk3SEVlaxOJu1hu2E6NsyYw0sA+1hbyCDG/LLHJt8RY +CYnuUiH7q3rxTrN/oSDDmZt0DdPEwz1TqssySA6KZisHCYxzOP+BFTDJEjnV7EQy +gd/shcHTRdHrgmHyhq0a4aPuoaApAgMBAAGjgcswgcgwHQYDVR0OBBYEFLJphgg2 +FD5mebeYcL4wnQtzAG8OMB8GA1UdIwQYMBaAFLJphgg2FD5mebeYcL4wnQtzAG8O +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAVc5pCr8IOtKjLQCwX7T54SY7OyjlRcXkj0bwGqKu1Oep3TkI +3dSAUnVNNZVQtkRJwEjBP8QZG7Fxc2WbeKEdeQEJ2EbosGvjd7OgTmv/GuFjEla3 +303Z9Kv8X6Xn4TgogKbL/bG6MjQuyZCfmo/CQKsEQozqtFV54+V9c+YPY5V2SZRE +Fld/TytqKBb/AeQcrbgUENIQF99lNvcImMPD8mzEcNyP4WfwYusZIYzAplMg/024 +gKg9bRVrI10GcPoqh+z/IJb4MRwjk/WkA+kRxQvaz35ghqjaxf5c6924Z3Jc2RbE +r6hBqjjEQAoX/QaJtcR6KhsNSSOe7VXjxexIPQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-ok/generate-chains.py new file mode 100755 index 0000000000..3d8f57ae8e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/generate-chains.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with policies and requireExplicitPolicy.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Intermediate.key new file mode 100644 index 0000000000..73a9c85945 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUNs5oH8RfoyFa +Q31eVI6nd8NeSIDnBUoFosQ2MCziC9mODN+YT/BtKxKubK482deowTwOQBSBkPnt +zz/kk/Ra3IlX9E/KDceMMqCwe9HQsUXmWioyydzbf69G5lsaAnJGvmY7mGfiM8gF +YAUqewNCFLpi8GLAe3VYBsC0uIGtI+dgM1NVfnx4fJelCfyXLElRd0hJOV/7b7E/ +67BtxNaln5e6jhlf/tlx7opqDQhuXAlUb4zzoXQIb9w2aQDoakCCb966h90y8shg +8D9fh6PlTHZ/d3VGR8D6wAPOP1fcmu4MPidlOUtc/N0JyYDYbJzubIvnmUOzIbUQ +n0qqjguXAgMBAAECggEANXCNvtPNGEZUtk3Lis8hU1PJ63q3lzWSQ+QOpBSyoMPa +J7bfMZRj16HipPDyWZmEANeUX4RMhaoz/epUTSPjA2SI45C+7QNWTlxLcdXkarjR +gOYQvVRvHQlE4sZMh7q4+06kIPrKokBm7M+WzXFHy0K8AwFE5PLSBHZC3d+erDIq +db3LNY8yBOzU2Oe3ExBTjiFh3t+ExZ/dh2cmSiavBJlW4wI9K/vki4Vc+0KLxPyB +NjpQvTrbF89SoQh2UxC3aNCvcrJhloB9tDRed8Y+I7VG1rWTkWT+BvzGsbd6V0El +O1bGjhIhMQdsn2Axin2GRv4C1SsLZ+DvWwg0MOw/ZQKBgQDh6bfW2FV33J37GThv +Q4N6UItydl6Lsi411dK6tuyKtMdDFXFCM8igihx4AJ2cozSawF6fwdF+lvtCwrOU +wZEib5Wfok6KqoszaQ8ZjJL+Mpl7MVDgqZW9D5IsCNhOfFUhIWXxSJVgfVpNgnSY +UaXQzaNAnlhQA/fq24ZIdwllAwKBgQDwegnU5qpmtjYGPYV/aoSGRuNxfS0/z+mB +EnXhcX3mDfSMBFSMbt9+ucxfC9oMlM3RHSbaYsAzksi0p35dhg0w8X4n/dVIMC/7 +9MybfK7kSgbCr+xcNh9MLlU9e4ROfknPfBzwNcY/uJMH61bpHu5vDIP9Y/uJAKo/ +amFIXANI3QKBgDlmtTt1xGGsQMfoZJqAwQt3I7d1tBgyseMj7WNbz0Z/IJI/BIQZ +vERuU0V6gpGmNluLvX9CNATCQB16cz684C+rwozJJMO/CZeKfjezrDXCjZTrtu0e +qdlb93wQ00U9+jNs1QY1tx7JOwSuvQlm1Yb0eSKWGUJbf8bA+KG4/T4ZAoGBAItv +N6Qq20MTA+A6a92ldZImKFr1qfcGJu6gNZmypL1v+gv1ttB2uUBRmx7BUH1bCrvl +m1GlUKyWv6mANNUllSB75hpqI/Dnf+sn1juR4BaelaztNK+C8kLJ2sL7i4u3zjRw +Upc1lu37p8U/v/UL6lSZfS6/emnF6PE8TYwXThBBAoGBAICtO7BEJjxKybFItQIT +Pi6WYSU2N6GGVlU3ZOLQ+pTiHcj75QEJJ32ja50kv7q2YL9lLCzFLcvCZq9g4M2u +T8XzUMzMAdte0SLsPN+n7SNfOZgXCjfnyj+c5++b/nopnF5ejP7P8Bd6NN8NyJyx +ZDWSs/ImnN4VaDuIdDdhY07w +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Root.key new file mode 100644 index 0000000000..7111ca97d0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3O+oXByvwO93S +JFP2+p9Hwqdu+gTxsv507+wkdQf983spnBcc5UHfNEocK0pfjTZEGl9nknoqqIV7 +SbeDHcd/RMOnCTp1XgBD292RQSihzRMRNTt6kvytmDysy4V3pNA/V+1naZxAO8QM +ozI6AXMM7VUhqL60Qe7zbukEEJsse8Uq0odS7xKEh4JeQOO/akczYCIaQmNFrCi+ +eVk3SEVlaxOJu1hu2E6NsyYw0sA+1hbyCDG/LLHJt8RYCYnuUiH7q3rxTrN/oSDD +mZt0DdPEwz1TqssySA6KZisHCYxzOP+BFTDJEjnV7EQygd/shcHTRdHrgmHyhq0a +4aPuoaApAgMBAAECggEAB2U9i9+kGjp+V9mTwn2H0XyFp7zjV3KFIujel/OZxpoN +y+aDB81ogNbiUVv9cNkZGjtSw7JFqERcO9dENwBsEYLP30Vn9L3+Jn8ApLjTqCEn +7ns+qvI1DNgexc4ilUtDhPT6beC1N+H5phVtpOnzT++hzp2aEdox5+UfdkSp0Kwe +LxXjC5lqidMp+wdOoohSntwxBdyOvFLb1x18XxyllMN4NkcZwx8tRhW9LAj4Ffkt +wDBkMCQYroXTbkkNuy0PGlSTDBQoasyDJu43WQVRN3i3FxveDVwISAXkJq3i8VmF +bcp+z5enEVKf5G4oHx8VZ8Y0h0H6VVrfr9GFizwmYQKBgQDiw5h7stuQnpaSqjkS +0OEPi9ANYr3gnOS9TnjzBwTNh56t6m1C+O4ldCEZO2M+LtZorhSjKMJwT5bOuH+m +TPJ3M9C4eE/ZiGyfPK2fNfkukK5jlHrSXh6LggY6nBLNpooJ6WU122uq3pd1/rBH +IELn5YBmDCS4yPl/S9hHFZo2yQKBgQDO25ma09Joh7dxTLZYqNtxZDJY0mpJA1Vb +yRsmBlrxflerGYvmO9bjCnJ2eQh43JgXJC5dJBmtiNa+kVl49F9QQIMfnD2UGv87 +eYGPEul+c18KOjOAQ9ovfhfYEgSJeV6wK3TWLdUkttTvljqf0u5rLP7LufWG3oy6 +LytMTCTuYQKBgGmBT8Td5sJWxv/eK0fR36T4DAjuVCHZXaOmiyensFhgLTgFxmhO +oZ7TdULkGryn1iJGPFvdbvoKTcRImzuouXc0qHvrnls72i4McUuONS2xKzIxtyOB +nvyRtow2aZk9TyRlby2rtWB+yEGiCipNnFOAuEjChaNj/pF3nF0Wc/XhAoGAZMNs +C5NrRyf1H+eyW3XFj3KzY7j7tR0+kztfUiJ+Ymyc3+fN0hUMFASexT8n9VffbkZd +n1laeMHTeXjsEJNZaopCVT+Sb3bHJX2Gst8Phl1EyoKXW7+xpLjTfJkqRJ0ulrpU +a5Bf50Z4a0zOudPR97svUqX/B/eYrYkUmlHtG4ECgYEAzKzQ00swZb9ooWpnEmTr +YnAYXeE6uIcZHQ95XL37QPeYghvbnVraAhFBrXrZPJgdve4cVcHRRp1oHC61U1jL +Buwl+9bLUcZwFfwQ7JfcRDp3ZwPVy0GcVHUYu6RsOPUHO3jTDlk1iW1F2GdMhyT1 +nl2R0v/UXH0CKlSH0QFRyeo= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Target.key new file mode 100644 index 0000000000..332019a9af --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBTlS486lRl1qr +QN2PqE0cPuJKvOrr9BFEUTCMnLBgFjeYR0rDuLEus73IBT9wTLgtV0M7b9qbclf2 +RduN4cgIgNYQlMkqWJLppC3Op1tkvZn8Fu6Oh/v8BegGE7ABt8dTbyA0QMXUC+ly +VIj4OCzcbCHgm8XRlXnz8jo4jlQLr9Z0mDcohpYzfGPlOAPyfRb++xZXW1mB8YOG +EU9KlheA4SIA5OB/bLZOrSIQkPssYZxOJSPDBGlpRWZq5vwKMZhZD9/lRTdo1C24 +xCAW8sDbwn6TWwviJka6eOX6t+GzhnpyhSauHMam6Vf9wcdtTl9ZOnp2+Nn2G+Xp +xpbEFM6dAgMBAAECggEAAP4zdxzA6XUIoSZGgElDliObjkZtdYDtzfpI/Wi4cWuD +y+UBdRAGKi2AFtHLrnqMAqc281kpS0QGQCYoap1QWMmioxF3ynjyGwzXgGWBlaE+ +TbPap1t696OaU/ep0orWLwjipmoQkHy8LWgFdeYoX6Lj9kJ0/NUSyPMQVsyIxLBk +NX71IVMNIl00ysrYrBTniXVUo/8hypSDImV+qaWdo5ERxTP6CV6dMI7THHY4cBtG +wSanHKeoKypjQ4nI9STntpXbT2Ol6LRrtL1pAY4E8CowoIaXQbrTtALIge5KA+co +E3je6KHuCKZZu5I+0488WLR15/iQiXFobROcOan26QKBgQDfZvLbV8VFL7O5Unas +Lu+wJBjrzkPbeA5YIp592z8kR2rGG13IaKR36IPEeQSXU2MMOlQigUXYHJQjwJc1 +fnkXhX9Xb1uPuxW/njQqPSy2WRsUrDigIgmsN8xqq84L8/R070Ce+M4pHrlLlfYf +RcPEBrRT1OscqDwtgz+JflUxtQKBgQDdgyiNOCZyk4NZGAer/6T2CPPPHFUieSLY +RDXmgVcc6Nma/to3ploDB9GiktkBAjyujMu/gu/wmlPuzsZ7gb/V9tVkzKJKJKcw +zgMrTDzTgU1FPO+Pqky2xRHo1ooPswtw037yKpzaAIAPM9YnESzqrkPVKqZaQH6F +urfLUxBaSQKBgH0UMcL3GF8NPy3yarkqqk5PV5im6r01MarM7zn+CBMy3Sg/6Dkt +xW/RQf092IE1Uc5l1fdfs5A1KAgAa2iq//dYahy1H2mQ0LNxSzme+Kq7pvrjFe0q +QYonz46l1H5Cv0q9LcwT97F0H0CfnKaTs/DL5CjPnDd2RgMhafB8SAzFAoGAbzDE +LUcPPZpAZ3uBdlwH8RyDTeY58ej+jbKHn+Iy2Sck/AGLhj2xly3YlBPEbBY0YaX5 +LHPMf2joUspmpV527i9N5KA3oqINbpkqzBQjwEN6hxPUaLgic+guWkM+4CyOxJ7V +bTforiFsJrVtfQTJGDBLingzMsCHAhe85IoYfkkCgYEAv7YawxZ+rGuN+ibFGn+b +zFhhkidPTUS/NgNZRwexci4hC+QN3LUjVPoOsT+EUaeyKXmbjVb8OTEKE6p7lEz6 +r5Gl4qIopfMc/FbdQr+dyymajJtOKfuF9veBZ90b0NbKXftA6pZQ/pqUhRa3RZqW +MAYbEzW8xO1B8LpE7GIbESQ= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-ok/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-ok/ta-with-constraints.test new file mode 100644 index 0000000000..e8f7164064 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-ok/ta-with-constraints.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/chain.pem new file mode 100644 index 0000000000..d243ad6945 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/chain.pem @@ -0,0 +1,280 @@ +[Created by: ./generate-chains.py] + +Certificate chain with policies and requireExplicitPolicy, including +policies on the root. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:12:ad:91:9d:43:e6:f6:6c:6e:ad:3b:72:4b:dc:54:82:9a:87:ab + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:56:11:e6:4f:80:6b:56:9a:4c:11:bf:0c:6a: + 42:ec:59:97:8a:29:4b:55:89:7b:28:f1:80:4e:9f: + fe:01:9b:72:d2:35:96:89:54:ad:db:9e:ae:23:da: + da:9e:1e:5f:7b:4d:a3:f9:c2:93:bd:cb:6a:8a:97: + 92:41:62:bd:f5:16:c0:4d:c4:59:98:7c:52:32:62: + 45:52:70:4e:48:f7:ac:b7:0e:4c:51:89:04:c3:d6: + ce:12:c7:be:8f:a1:fd:d0:4d:81:86:a5:c2:11:84: + 23:1f:de:76:84:d9:70:fb:d7:ad:5b:54:f7:09:fe: + ac:8b:de:4d:cf:a7:d9:dd:23:90:76:3a:de:c3:8b: + 5e:b4:3d:6e:2d:87:64:da:0f:a4:f5:34:81:ee:c3: + 9a:61:43:56:66:1f:c5:bf:f6:e5:a1:ed:80:49:48: + 92:f1:15:b8:f4:07:5c:9d:92:6d:87:19:ca:5c:c8: + 55:48:09:ce:f2:e0:af:1e:8b:d5:30:4f:92:b7:a7: + 02:84:76:b3:85:81:17:f1:0e:9b:a4:a3:ca:07:3a: + d8:a2:f5:15:40:07:5f:a7:97:27:ca:1d:2c:b8:ff: + c4:0b:43:c1:9e:18:91:fd:01:e7:20:a5:11:b2:db: + 71:c2:c9:60:f8:bc:d3:a8:f3:0b:fb:1f:eb:6a:94: + d2:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 15:C7:83:51:99:8A:EC:AA:F1:4A:2C:1C:04:C0:37:BD:64:8A:43:47 + X509v3 Authority Key Identifier: + CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 49:7a:a9:e0:0c:94:e5:f4:5f:63:a4:13:3d:95:d6:01:3b:7a: + 55:89:ca:74:25:5e:82:1e:ac:73:d7:b9:a2:a6:b6:cd:c5:05: + 47:47:fc:2e:a0:c9:5c:4c:f5:c4:b5:cb:82:cd:71:86:35:41: + 3e:43:6f:f6:6f:b9:b3:dc:b5:a8:bd:4b:1c:10:4a:0e:2b:d1: + 30:b5:71:6c:9b:26:92:10:78:7f:dd:7d:06:10:d7:76:64:eb: + b7:2e:90:25:9f:f9:f3:7d:d6:92:ad:cf:19:8c:63:c8:3f:8b: + e7:13:36:cf:48:b5:04:bf:95:14:f2:db:65:a3:60:56:94:16: + 10:ac:a4:6a:4b:b2:1f:1a:93:c2:0d:d8:1d:4a:a8:cb:31:84: + f1:d6:42:33:3d:52:8a:b2:97:aa:be:1d:3f:28:47:f0:f3:b0: + aa:10:f2:1a:d2:5d:8f:8a:51:9c:14:c0:1f:ba:55:3d:a8:b5: + e2:e4:c6:01:18:17:12:5a:c6:9d:c9:34:b4:7a:43:eb:97:04: + 93:6f:e5:10:60:b5:af:cf:68:22:ac:02:cb:86:62:e0:5f:80: + 7c:a2:61:4f:14:78:68:86:7b:c1:1c:04:65:2d:36:99:15:08: + f7:dc:69:3d:12:6d:70:c0:0b:06:78:c8:74:84:62:d8:41:85: + 9d:a3:2d:61 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUVxKtkZ1D5vZsbq07ckvcVIKah6swDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuFYR5k+Aa1aaTBG/DGpC7FmXiilLVYl7KPGATp/+AZty +0jWWiVSt256uI9ranh5fe02j+cKTvctqipeSQWK99RbATcRZmHxSMmJFUnBOSPes +tw5MUYkEw9bOEse+j6H90E2BhqXCEYQjH952hNlw+9etW1T3Cf6si95Nz6fZ3SOQ +djrew4tetD1uLYdk2g+k9TSB7sOaYUNWZh/Fv/bloe2ASUiS8RW49AdcnZJthxnK +XMhVSAnO8uCvHovVME+St6cChHazhYEX8Q6bpKPKBzrYovUVQAdfp5cnyh0suP/E +C0PBnhiR/QHnIKURsttxwslg+LzTqPML+x/rapTS+wIDAQABo4H+MIH7MB0GA1Ud +DgQWBBQVx4NRmYrsqvFKLBwEwDe9ZIpDRzAfBgNVHSMEGDAWgBTLxqg6gw5bQQw+ +wyBIvzdp21rchzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAEl6qeAMlOX0X2OkEz2V1gE7elWJynQl +XoIerHPXuaKmts3FBUdH/C6gyVxM9cS1y4LNcYY1QT5Db/ZvubPctai9SxwQSg4r +0TC1cWybJpIQeH/dfQYQ13Zk67cukCWf+fN91pKtzxmMY8g/i+cTNs9ItQS/lRTy +22WjYFaUFhCspGpLsh8ak8IN2B1KqMsxhPHWQjM9Uoqyl6q+HT8oR/DzsKoQ8hrS +XY+KUZwUwB+6VT2oteLkxgEYFxJaxp3JNLR6Q+uXBJNv5RBgta/PaCKsAsuGYuBf +gHyiYU8UeGiGe8EcBGUtNpkVCPfcaT0SbXDACwZ4yHSEYthBhZ2jLWE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:1b:a6:db:3e:59:79:2d:95:4e:a3:37:67:03:a7:c6:1f:54:ba:b8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:0c:ea:12:ab:57:9d:4a:f2:58:74:68:94:60: + 14:1e:5f:ff:fc:9d:62:f6:0d:34:6e:e9:2f:ca:d5: + 53:29:e6:a3:2f:c0:6b:6e:62:82:b1:5f:26:3d:2d: + 98:99:93:7d:6f:f5:1c:cf:54:d3:c4:4b:81:cb:b3: + a5:98:57:bd:fe:7f:19:76:af:99:ef:cc:62:cf:c0: + 1c:df:5e:f9:b6:94:49:33:6f:db:ba:bf:5b:e2:20: + 87:9d:3f:7e:c2:e7:94:76:3d:8b:7f:a0:49:f1:2d: + 30:77:7b:8b:2c:b6:ec:cd:1e:5e:bf:e5:1b:86:dd: + d8:c1:e1:0d:b4:57:f0:aa:0a:58:d4:c3:4d:5b:cb: + bf:0e:f9:c7:23:61:f8:a3:0e:ab:2d:0f:87:1a:4f: + 1d:0b:e6:39:0a:0a:35:be:f3:f9:55:f7:87:cd:f7: + 7a:d7:18:7d:b7:0c:1f:6a:7a:67:52:55:6d:b8:ed: + 87:28:a9:fe:eb:c3:c8:a8:66:bc:33:93:db:9e:20: + 44:6b:31:36:b8:15:1b:cf:37:c2:be:9d:45:7c:3d: + d2:13:36:a0:1d:d7:74:52:67:a3:b7:3b:4a:54:01: + c5:6e:72:71:9d:47:39:44:58:27:08:a2:54:15:b5: + 27:df:7b:3f:c9:f1:cb:23:be:cf:bd:8e:37:be:f2: + 8d:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 + X509v3 Authority Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 16:bd:d6:f6:5c:2e:12:33:ce:21:f8:12:59:4a:82:20:2d:05: + 88:4f:42:86:53:dc:7f:96:56:ac:cc:e8:23:77:c6:3c:de:ce: + 08:2c:f1:ed:26:c7:1f:7d:88:5c:7a:5c:b3:f0:f6:e0:51:41: + 0b:3e:7e:c5:09:6e:5c:1e:89:60:08:32:58:4b:c0:c0:9e:be: + e1:1e:43:7d:66:78:5b:fe:f8:38:8d:83:8a:4a:2d:4a:9d:1e: + ba:1b:71:98:ae:9d:cc:4d:1f:13:a2:7a:11:c7:e8:29:2b:c1: + ee:3c:95:eb:5b:97:93:e5:4a:22:c7:04:31:9f:f0:61:f3:bb: + b5:e3:b1:8e:97:c3:c3:50:5a:6d:89:59:9a:a2:19:5a:cc:e8: + 2a:01:4c:e2:56:4e:69:5a:61:ce:d6:05:11:4a:66:49:f9:a7: + c5:c2:fd:5f:30:19:0f:e3:79:21:e6:58:fc:a5:10:b5:30:be: + ac:b7:81:31:ce:4e:bd:3a:68:ff:06:1c:ee:1c:b0:dd:fd:13: + 47:9e:bb:ef:0b:f5:c8:ed:38:2f:06:32:99:54:d4:0f:dd:45: + e6:ac:04:6b:cc:e1:b7:88:16:ad:bb:09:d0:71:ad:e4:55:b3: + f9:3d:dc:41:72:bc:93:33:1f:3c:8e:d3:d9:6f:e3:17:5e:a8: + a5:c8:89:5a +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIUOBum2z5ZeS2VTqM3ZwOnxh9UurgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALkM6hKrV51K8lh0aJRgFB5f//ydYvYNNG7pL8rVUynmoy/A +a25igrFfJj0tmJmTfW/1HM9U08RLgcuzpZhXvf5/GXavme/MYs/AHN9e+baUSTNv +27q/W+Igh50/fsLnlHY9i3+gSfEtMHd7iyy27M0eXr/lG4bd2MHhDbRX8KoKWNTD +TVvLvw75xyNh+KMOqy0PhxpPHQvmOQoKNb7z+VX3h833etcYfbcMH2p6Z1JVbbjt +hyip/uvDyKhmvDOT254gRGsxNrgVG883wr6dRXw90hM2oB3XdFJno7c7SlQBxW5y +cZ1HOURYJwiiVBW1J997P8nxyyO+z72ON77yjY8CAwEAAaOB8TCB7jAdBgNVHQ4E +FgQUy8aoOoMOW0EMPsMgSL83adta3IcwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0wha +lGbuWv+oeTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN +AQELBQADggEBABa91vZcLhIzziH4EllKgiAtBYhPQoZT3H+WVqzM6CN3xjzezggs +8e0mxx99iFx6XLPw9uBRQQs+fsUJblweiWAIMlhLwMCevuEeQ31meFv++DiNg4pK +LUqdHrobcZiuncxNHxOiehHH6Ckrwe48letbl5PlSiLHBDGf8GHzu7XjsY6Xw8NQ +Wm2JWZqiGVrM6CoBTOJWTmlaYc7WBRFKZkn5p8XC/V8wGQ/jeSHmWPylELUwvqy3 +gTHOTr06aP8GHO4csN39E0eeu+8L9cjtOC8GMplU1A/dReasBGvM4beIFq27CdBx +reRVs/k93EFyvJMzHzyO09lv4xdeqKXIiVo= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:1b:a6:db:3e:59:79:2d:95:4e:a3:37:67:03:a7:c6:1f:54:ba:b7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:ae:84:aa:34:ef:4a:a7:14:8c:a4:e3:d7:7d: + ef:7e:3a:25:72:c0:9c:be:13:87:cd:a0:ae:fc:96: + cb:f7:80:6d:4f:d0:2b:c6:5e:b2:9a:0a:b6:af:ae: + 0a:92:93:99:f1:44:d1:ea:bd:01:54:11:4e:04:5f: + 00:16:85:81:26:4d:47:44:6b:e2:b7:92:e5:c8:41: + a5:7a:5f:23:c5:4e:7f:db:12:f4:8d:a2:2f:5c:83: + 64:b3:6a:fc:f1:36:53:0e:c2:90:88:18:f5:c3:d8: + 3d:e7:a6:7f:a0:c7:66:f1:24:aa:80:52:0a:50:96: + c3:14:ae:48:ba:ee:ee:34:9f:7e:99:d4:ee:00:c1: + 41:d8:6c:93:ab:2d:11:65:2b:17:cd:6b:f6:80:f2: + 66:5b:27:89:7f:92:1c:a6:d0:e1:f4:33:11:b6:7f: + a9:f6:4b:46:eb:2d:3c:8d:7f:7a:fd:cf:dd:43:64: + b0:14:b8:58:05:dc:f7:59:de:1f:c2:af:d6:89:4e: + 0e:98:68:21:30:3a:8b:23:00:6c:29:0f:91:fe:99: + d3:ac:fa:76:be:f7:f3:2c:87:e8:44:1b:1f:59:fe: + 81:db:70:88:2d:e3:84:65:e8:33:49:03:c3:f0:a1: + 39:a5:85:df:58:8d:6d:70:0f:8c:3d:20:fe:f0:ba: + 22:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + X509v3 Authority Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Constraints: critical + Require Explicit Policy:0, Inhibit Policy Mapping:0 + X509v3 Inhibit Any Policy: critical + 0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3e:d6:8d:77:e8:e1:83:0b:88:1b:aa:ca:56:aa:c7:4d:58:a2: + 8b:24:c6:66:21:ba:95:21:c2:a9:0c:54:09:01:b8:d6:46:e2: + 5c:2f:52:5e:f4:b5:a4:2d:5b:2d:10:5e:70:16:7f:0c:a0:93: + ec:25:d0:19:00:33:39:2d:48:1c:23:18:8e:51:ca:95:0a:c7: + 72:30:87:13:0f:a6:5b:6d:5c:3f:06:b6:09:f2:64:50:38:b6: + 9c:fd:34:3e:9a:18:bd:f6:ca:78:13:7d:5f:06:26:c6:ea:fe: + 17:9b:37:6d:94:65:47:37:63:94:16:49:be:a7:02:c5:70:63: + 62:1c:40:e4:6c:90:09:b5:88:1a:d2:40:48:9e:e4:a8:32:93: + fb:db:f2:69:23:45:ca:97:b7:97:e6:f4:ff:15:b1:fd:06:30: + 87:48:e9:34:5b:33:0f:7b:fd:78:6a:a9:94:35:ed:bd:9d:ca: + b0:c3:79:57:d6:a1:b1:99:35:a3:d3:e1:de:13:d9:72:d1:76: + 4d:a0:c0:ae:89:70:3d:31:0c:27:74:49:f5:34:f2:3e:2d:98: + 9d:d3:15:81:75:14:3f:90:a8:96:82:9b:90:39:9e:bc:c5:cf: + c9:c9:04:ec:f2:20:27:8d:39:85:3b:9e:27:5c:d3:9b:40:3d: + 4e:83:87:ab +-----BEGIN CERTIFICATE----- +MIIDsjCCApqgAwIBAgIUOBum2z5ZeS2VTqM3ZwOnxh9UurcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCoroSqNO9KpxSMpOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCrav +rgqSk5nxRNHqvQFUEU4EXwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2Sz +avzxNlMOwpCIGPXD2D3npn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOr +LRFlKxfNa/aA8mZbJ4l/khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ +3h/Cr9aJTg6YaCEwOosjAGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJ +A8PwoTmlhd9YjW1wD4w9IP7wuiIZAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQUBMzu +hRcsN0zS0whalGbuWv+oeTQwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0whalGbuWv+o +eTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1h +aWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3Js +L1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud +IAEB/wQJMAcwBQYDKgMEMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMC +AQAwDQYJKoZIhvcNAQELBQADggEBAD7WjXfo4YMLiBuqylaqx01YooskxmYhupUh +wqkMVAkBuNZG4lwvUl70taQtWy0QXnAWfwygk+wl0BkAMzktSBwjGI5RypUKx3Iw +hxMPplttXD8GtgnyZFA4tpz9ND6aGL32yngTfV8GJsbq/hebN22UZUc3Y5QWSb6n +AsVwY2IcQORskAm1iBrSQEie5Kgyk/vb8mkjRcqXt5fm9P8Vsf0GMIdI6TRbMw97 +/XhqqZQ17b2dyrDDeVfWobGZNaPT4d4T2XLRdk2gwK6JcD0xDCd0SfU08j4tmJ3T +FYF1FD+QqJaCm5A5nrzFz8nJBOzyICeNOYU7nidc05tAPU6Dh6s= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/generate-chains.py new file mode 100755 index 0000000000..99e12895c4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/generate-chains.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with policies and requireExplicitPolicy, including +policies on the root.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') +root.get_extensions().set_property( + 'policyConstraints', + 'critical,requireExplicitPolicy:0,inhibitPolicyMapping:0') +root.get_extensions().set_property('inhibitAnyPolicy', 'critical,0') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Intermediate.key new file mode 100644 index 0000000000..ce39f8bce8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5DOoSq1edSvJY +dGiUYBQeX//8nWL2DTRu6S/K1VMp5qMvwGtuYoKxXyY9LZiZk31v9RzPVNPES4HL +s6WYV73+fxl2r5nvzGLPwBzfXvm2lEkzb9u6v1viIIedP37C55R2PYt/oEnxLTB3 +e4sstuzNHl6/5RuG3djB4Q20V/CqCljUw01by78O+ccjYfijDqstD4caTx0L5jkK +CjW+8/lV94fN93rXGH23DB9qemdSVW247Ycoqf7rw8ioZrwzk9ueIERrMTa4FRvP +N8K+nUV8PdITNqAd13RSZ6O3O0pUAcVucnGdRzlEWCcIolQVtSffez/J8csjvs+9 +jje+8o2PAgMBAAECggEAFK+K4vdgXebo3FZ28k8jMJoOpZB6ZYLoX5WVkBj0qPRt +PYNG/xnn/ifiwGf+bPx9wywlQk/7NDA0nC7CzhrQ1Egk8o2CqbmxOgQBtj6Jr403 ++ZYBfAi0Hr0AK+XTJ7p3cBhFJcknOtyQVGrtDdyM8Aj7Enxr7VGTT2j2/TfvYTKC +B4wBOGFQAdyT5vioyDN/48KV8bghbnt2R3wIYyeChRo6p4v/IG2XCUWGKhJQgeAI +QmA30jd0HB0h5+UEtTEgVCRtpxMWVENaAS+8XgNND5JFtSNnfRItR22NF+o6xlil +kizNiSzHVbIZIMkoIpq2VVHDv96NqBokLtoJvltc8QKBgQDGLFzH3e0IKOu2YAeg +WA4ML9a5g6+quqr/Nf11Q+LpSLepou5pvq1OJRMqcOJduDCU28Ei7zzfw2YE4EjC +G8/IAhPcn0ggjt02qwrL8FSxVxuZEzA06P02GpY1yxF17UCE8nVTALKAoCKKiNsY +tS44DG9hHD54Dw0RUu+i+654gwKBgQDvDETyyH3n60au3Zx3tmkZvQxLcjVi2cLs +AoO0srN+dBk6bZ2x9n942kl82fzdosqMCu7z+AlPZUPnzt0rbSzJImqxDnzrsReH +DZxhmoIPHhkpk09uDiVuLNEPzUvpNTl2Vt14ayi58+bRlUs35BjCrPQ113uj6x4z +PBD3khiRBQKBgEXEGGXEm03kGhd6dzTbyxY/QTjOQ2m3jbuLJk/CNoAqOX5e/c/8 +cMayBq1KUGbuESxWsQe7cZLVF3VgAD1VzTB8isGA0cOkh/xW+tYRJb/JCs45Ex+N +ZpdFhNwrQVpiy/QB54vxEuZ1ebOLupZYMo1I0208pEFgCxmuOO8H68RBAoGAffei +ManTJy5FHgqr1C2sbqK/YtZ5KXEFFWcxzjvI+F7nmHGBAvGZNK8awI8CgCyzvV5Z +kvhmt47uXK4WwDaUvhzDyi+PRogYlNNoT8qitKKwscbtuVn9AXTeagxN70Nb129o +33bgjDTpshGRBI/POG75dZHqlnNkg60oZ7118p0CgYEAjOucizNAKerOcSnw0NW6 +Pqc8lZjZQz10P1saIxcBAOUl09HOOe/ARvcpXUawTHw3qls3CpzfuvPpTSap0SQf +dXa3vtD6iRn3FFklbU9LZDe+cLHxv4lJGByeLDt1SKuhICWyBvnTvgEo959cnKgF +aLZldjbJ2cb0XsM1J9Iqaro= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Root.key new file mode 100644 index 0000000000..fe4e250b31 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCoroSqNO9KpxSM +pOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCravrgqSk5nxRNHqvQFUEU4E +XwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2SzavzxNlMOwpCIGPXD2D3n +pn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOrLRFlKxfNa/aA8mZbJ4l/ +khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ3h/Cr9aJTg6YaCEwOosj +AGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJA8PwoTmlhd9YjW1wD4w9 +IP7wuiIZAgMBAAECggEAF7QqhWaZ59Ix04/KSrpyQLk4EPebLyS8dTtqy6j/MaEU ++13EAQTGsVnnESnyZ2WhgOOMYiG8QY2K+pdFAmUxYGoEpUtJ2UUl0C3VbKxY8P2W +fvkbb5nGcQgvyvyyXc0l/9F8kPt88c/95wMhNT1ALIvb/9tHgsqk0E+rfcVcqP0z +5fSazo8Tybq6IWmkC7qO4Q0dK3q+DJ8t+EiFmF9/RaPtrpiLrQ0pWn6JFUrk23/y +8jd8QLkGB9BuKu5rzR3uPV1h4j/5fZBcBZWAUBgebuR4rCy380jnD8VtfbUqJBUa +yHgLL1Vm+ZkpRBHY46DvJInzr0CMyd12VoAoZ4oKuQKBgQDrp/RvRlBmBzLDR37n +XpcN0zA1/d1p2UAASJxQ8sGTD4utgmVnbBtulvfIh8QMBSSgZ3vJ+C2gwbh1Vwm8 +3xDgItW+zKIjR6Yh3XdgvRcP9V3oioK4e69XJrgVb0q5M0Ye9DdPYL3mmJ4Lffz0 +rZMkhpYHn7f1miWp+xGY0sqVLQKBgQC3Pmq87yz7US1A5Tj1KKCPBs/ZrhK0x7KC +i1ps9Xp2itW/nVLAI7ryHt5jwHYzLqEGENZ/czFI35YvjdBnoKaOH8OQ8wqIkx7v +5VsSE5rQ7LsBnmCq/DlFAxaE14w662FCWbY8gHcmxgRRe5Qa1/wBtIMQtwGxTx37 +/9xdk+GsHQKBgQCY9PkZSMBimQV/7uYV8zWEibFfOhn+3D5IcNjVSdwPQiXdRyfe +izL7Aw5toIHFc4kkfEbC/01ObK73qrjtWLQxZyrpnxUWZSkWDhOwPMu9VfvQNidG +6zESFlWhxAzyTK+U49sKsLZR+HmM6AfKIOfC64ByDl9vENCllgsD8L4BOQKBgGr5 +8W5jYytE9NpR97KICVP2chlu2lTX0IsNt7ishtX1r1uyCMFLGrSG+OXbUiYHLtJP +uimlojwc65zPeb9FtnZ6bL2OZbPdz83VZBllgJg/29zSDTVFEloLt3XOMHulNp55 +qT4g8W6dY5/+OTSCqwiDzZBQhphwy9x2PrwSvUixAoGAK7FTBQo/UWZD6+bBgLMR +tPgZoKe4HvCKTVV5Dln+00r3rxFofGmVPN1yPNFOQGMxFQSPy/AUHFR4Rdqp39Jt +SSJAZynvdmOsNrdIoPR6zXxNj98WHuFjlhLKXema2+X/HY8YGLW5kiyli//LAeGi +mgfUONCqRvhNPasitWxFSlk= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Target.key new file mode 100644 index 0000000000..569c966f3e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4VhHmT4BrVppM +Eb8MakLsWZeKKUtViXso8YBOn/4Bm3LSNZaJVK3bnq4j2tqeHl97TaP5wpO9y2qK +l5JBYr31FsBNxFmYfFIyYkVScE5I96y3DkxRiQTD1s4Sx76Pof3QTYGGpcIRhCMf +3naE2XD7161bVPcJ/qyL3k3Pp9ndI5B2Ot7Di160PW4th2TaD6T1NIHuw5phQ1Zm +H8W/9uWh7YBJSJLxFbj0B1ydkm2HGcpcyFVICc7y4K8ei9UwT5K3pwKEdrOFgRfx +Dpuko8oHOtii9RVAB1+nlyfKHSy4/8QLQ8GeGJH9AecgpRGy23HCyWD4vNOo8wv7 +H+tqlNL7AgMBAAECggEAC7nl75m1GJ7st9QVLCwCT9ivLCnOUgWp4QPj3pyM4vtJ +hZfFGL1bRfJFL6C3cYGLH2Pj/3piPZuYDnLv6drnLJUi7I+GB445CF15/XGJeVjQ +EuEE99bYh8C9YTJ1q9tpMvwLNk6LFuQp+9gCABd4+XxR2dKA2JDr1wXwOzp5QHjr +5+K5W0Mu65v77sR9iMSpGV2tsdri70e1i8VbUdgroqgPg8F7HRx5JhEnXpEzEJHI +9wr7kFb6lrWT5QsG7LpMQBx5ja8ts4A8mh4An6MO865E67FUGtBX+f83HZOrJ2Ts +KvwIbT8cX8YF8889lfS8bTkq+3UjEzPSKsgBtl/06QKBgQDDebSF5zNFtqlSC1rx +l0HGxfMSFq8ddS8DhSRZtl+gNCVm0mkl74pWpEJY09/6ofJ3ONMkjMKByzWGeDQ6 +XBayDV7VIdmfjXKbkpvyTPShKomJl0pKv6fR7dgrFJc4GFrcH3bhvQPGco9bQQyA +AjM8OEAgmKYxHsTsnM0XvUsF1wKBgQDxaWtvxA5G346cjEGtlJWg5nE07F6eEiw4 +oRCZ9N37I3/gPt8BBMNO/z+NuNZFWKqzMHzcCI4LiBCvw/HL2IHEdHIzBlZgYJKf +1vMzCTo1CVInkGkpLh+kq5xorEOnb9JvNA/3Mjn4AW1X/vZfYwVGzHMCkBmsKNvQ ++lgzQxOvfQKBgQCJKUMUmlCN4EgbO8CKuRn8gjW3QZeK0gk1LR1+ncunvC9qYMZL +SjQF66hqb/FACpb6NTNi+CobrR1Xx8zODoQWV+9tGh18KWJ763nloT4eQJzVoQUO +QkFdusjuIbqiL+TBhIqEh364pvYUkCZXRDPzU30b4kDrQq3nYXc/6yFTbQKBgFrb +GxUoS1s/HfQrETjb1+iDcg3B++Yv3ra9X3sh3j17YdAquVEv0rWzeN7EttfIhA4G +bKd/DL6oSedsrl7SsBwY2zX6551EG0rO4h7OFTsKtAGx5vIZqs0VzTrTwm6Mtj0l +8fBN1eVR3C4nBeBmawD3Rz2qsA7MHdarsXAxiYIdAoGAVVDS5ydsWmY2tDpMyJzA +aCcnfIRuzumk1PfnxPuhzHE28VrnsRdpu2FxXoPKbBWstDCm1iv8O1pp3BrYcIxQ +d3AqR4WBotFIv3kBVr+1tKRqs7a4QpyYxrRjKL1bPBtGLc2Hx0PFDm4y1u2uwmrQ +a0EbGaI0e2FELc+qJBjk8yQ= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/ta-with-constraints.test new file mode 100644 index 0000000000..e8f7164064 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-ok/ta-with-constraints.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/chain.pem new file mode 100644 index 0000000000..c0fb9e0644 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/chain.pem @@ -0,0 +1,277 @@ +[Created by: ./generate-chains.py] + +Certificate chain with policies and requireExplicitPolicy, including +policies on the root which don't match the policies in the rest of the chain. +This should fail to verify if the policies on the root are processed. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:2e:4b:b8:dc:93:ec:5c:c1:45:8e:67:8e:80:9a:6b:e3:aa:78:d9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:21:b3:ab:6b:2d:0c:d8:f5:3c:a1:46:37:cb: + c2:6a:51:e6:07:3f:93:d6:71:fa:5f:e4:86:81:d0: + 50:97:aa:81:b7:a9:6d:86:d0:29:5c:00:d3:f3:c8: + 01:6c:33:df:7d:b4:1e:dd:c0:12:26:b4:51:3d:2e: + 71:37:e6:3c:3d:6d:05:70:75:a1:74:a6:c1:ad:32: + 3b:6c:a9:50:d0:c2:a3:31:a1:fc:bd:9f:e2:55:70: + ce:97:79:e0:79:ec:25:c8:0d:38:0e:81:3f:95:36: + bb:cc:68:4b:71:ae:60:f7:d6:1f:6a:70:cc:6d:20: + 05:d9:7a:e8:7a:27:c0:da:49:2a:79:64:f8:54:57: + 41:96:f1:18:10:c3:47:d4:4e:14:d1:3c:c1:f9:ab: + da:6a:ef:48:eb:21:5b:46:32:04:e4:03:93:1b:5d: + 18:17:b3:e9:0f:4f:a3:74:59:c5:a9:92:27:e8:b3: + c1:fc:f0:f1:8d:d4:89:b4:74:83:d3:1d:cb:e0:f8: + 1e:4a:93:e8:20:fc:26:1e:70:89:78:1d:c6:ae:de: + 50:03:a9:bd:ab:97:f5:2c:58:7e:de:c6:51:24:6b: + 80:58:a4:ec:b1:bb:34:6d:92:76:e7:4a:c4:f5:e6: + d3:42:4b:b3:5c:33:85:90:45:51:29:7d:7b:76:b8: + fc:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BC:A7:DB:3B:5C:A2:AA:2A:20:CA:D6:D5:B1:67:E9:2B:56:46:C7:EF + X509v3 Authority Key Identifier: + B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4b:cb:5c:2f:d3:ff:27:94:fa:a3:33:9a:c5:45:36:6e:52:b9: + dd:32:86:40:77:7a:bb:2b:4d:ba:e7:5a:f4:b1:1f:1b:61:39: + a1:94:38:5b:88:d0:b6:8e:62:fa:7b:cc:71:d2:6c:30:8f:dc: + cb:50:8b:52:64:ce:83:ea:d1:ed:41:81:a4:72:21:b6:73:d8: + 8e:c3:87:e8:c8:0c:18:eb:ba:6b:64:3d:eb:c0:ea:ac:e5:4c: + 52:d5:9b:b2:fb:9f:26:15:f3:3f:d4:8d:53:1f:af:f7:4e:23: + 35:4f:57:61:5a:ba:6d:79:36:1d:74:40:b8:03:40:fa:aa:bf: + 4a:25:42:13:a8:82:3d:e1:82:5d:6b:f7:e3:da:72:c4:23:0d: + a3:03:e8:b4:6c:ed:da:9a:40:b1:26:5f:7b:26:ec:67:2d:68: + 17:11:32:bc:14:aa:78:eb:90:4b:23:3a:2f:44:ae:69:ef:8c: + 12:ff:04:ff:b9:e5:6c:ba:84:10:3f:ac:f1:62:c4:ad:db:bd: + fb:65:f7:89:66:5a:a5:eb:31:af:a7:49:19:f3:22:b9:90:68: + 26:b9:f2:b7:3f:ca:87:c6:2d:a1:2d:6f:e1:bb:8b:95:28:c4: + 19:a9:f5:ed:f8:be:02:02:d9:d1:23:e3:8b:4d:b4:e0:5e:3b: + b2:e1:cd:43 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUXS5LuNyT7FzBRY5njoCaa+OqeNkwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuCGzq2stDNj1PKFGN8vCalHmBz+T1nH6X+SGgdBQl6qB +t6lthtApXADT88gBbDPffbQe3cASJrRRPS5xN+Y8PW0FcHWhdKbBrTI7bKlQ0MKj +MaH8vZ/iVXDOl3ngeewlyA04DoE/lTa7zGhLca5g99YfanDMbSAF2XroeifA2kkq +eWT4VFdBlvEYEMNH1E4U0TzB+avaau9I6yFbRjIE5AOTG10YF7PpD0+jdFnFqZIn +6LPB/PDxjdSJtHSD0x3L4PgeSpPoIPwmHnCJeB3Grt5QA6m9q5f1LFh+3sZRJGuA +WKTssbs0bZJ250rE9ebTQkuzXDOFkEVRKX17drj8XwIDAQABo4H+MIH7MB0GA1Ud +DgQWBBS8p9s7XKKqKiDK1tWxZ+krVkbH7zAfBgNVHSMEGDAWgBS21qqoA1zYUX2i +FDmiIcSyohI5tTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAEvLXC/T/yeU+qMzmsVFNm5Sud0yhkB3 +ersrTbrnWvSxHxthOaGUOFuI0LaOYvp7zHHSbDCP3MtQi1JkzoPq0e1BgaRyIbZz +2I7Dh+jIDBjrumtkPevA6qzlTFLVm7L7nyYV8z/UjVMfr/dOIzVPV2Faum15Nh10 +QLgDQPqqv0olQhOogj3hgl1r9+PacsQjDaMD6LRs7dqaQLEmX3sm7GctaBcRMrwU +qnjrkEsjOi9ErmnvjBL/BP+55Wy6hBA/rPFixK3bvftl94lmWqXrMa+nSRnzIrmQ +aCa58rc/yofGLaEtb+G7i5UoxBmp9e34vgIC2dEj44tNtOBeO7LhzUM= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:22 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b1:c3:a1:f6:8c:47:91:b3:e9:57:39:c8:d6:f6: + ed:cf:95:d3:59:45:e4:1f:66:27:30:1a:5e:4b:6e: + 26:cf:a1:6d:4a:44:28:88:89:5e:70:48:60:47:f1: + d5:dc:0e:52:e7:21:35:ce:f8:5f:8f:43:7f:ea:67: + d4:a2:86:20:6b:d7:9a:30:3e:0a:c5:15:20:47:ec: + dd:7a:c7:60:35:c7:0c:50:68:fb:e9:8d:75:3a:a1: + 47:3e:e6:28:c7:5f:3f:bd:76:60:b6:ff:0d:67:1e: + c1:3e:b5:14:a1:69:38:35:68:8f:b0:8f:d9:d3:7b: + a9:40:ef:db:e8:73:b6:4d:88:5f:bf:2c:98:d9:1b: + fa:9e:a7:51:0a:92:d1:bc:20:bd:03:42:fa:35:60: + 0c:d8:a3:b0:84:43:0e:58:59:16:5d:fd:c9:f1:b1: + 65:07:28:6a:dd:d9:68:22:6a:6e:c2:b1:94:92:d3: + b9:33:67:bc:a9:a2:8e:2b:12:b9:ef:5a:64:65:73: + 66:c9:de:04:4e:b2:3b:23:d9:f9:06:9c:bb:dd:36: + bc:ee:87:e4:58:f5:11:e5:4d:37:4d:4f:bd:0f:01: + 99:fc:65:97:0f:b5:17:3f:2f:d9:d3:63:09:f1:47: + bd:c7:0f:96:9b:b2:c5:7c:ee:7d:d6:cb:00:b7:1c: + 86:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5 + X509v3 Authority Key Identifier: + 43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 96:6b:6d:97:9b:d1:81:4e:a8:a1:30:85:52:73:40:57:a5:09: + c5:ac:af:21:9b:d2:fa:a2:81:00:50:d2:cf:74:76:d1:56:8b: + 94:95:09:7e:25:10:53:3c:bc:63:a1:50:1f:b7:9f:84:da:c7: + 28:f9:d9:98:02:9e:9d:02:7b:0e:5a:ce:ca:1f:d7:bc:7e:ea: + d5:aa:b6:9d:ef:d0:e4:7b:29:0a:b3:e9:06:d7:af:a6:b1:10: + 01:9c:8a:be:b2:91:12:ab:3c:da:22:db:8e:1e:f2:79:6a:b1: + 19:58:e1:3f:72:74:d3:17:68:00:af:fc:65:26:11:ec:5f:e6: + 27:dc:d8:df:50:f3:ce:95:aa:82:11:d6:cb:5f:90:39:b3:56: + c3:d7:d9:ea:9f:ea:13:e3:98:2e:86:8e:64:ef:94:9b:ba:ff: + 78:11:a7:b0:04:d4:f3:7c:7e:3f:f9:ed:25:8a:d8:18:13:23: + e8:5d:18:82:4a:ac:3e:f6:42:74:de:33:c2:52:b8:0b:29:73: + 1b:f4:ed:38:20:8b:ee:e9:e0:63:94:54:07:25:fa:a1:81:27: + e0:87:d8:b5:ed:61:34:72:02:d8:35:94:a5:94:5f:28:ea:e3: + 49:d6:77:65:93:15:21:e1:65:b4:06:d6:a6:be:ea:e6:3f:26: + ce:a0:c9:d0 +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALHDofaMR5Gz6Vc5yNb27c+V01lF5B9mJzAaXktuJs+hbUpE +KIiJXnBIYEfx1dwOUuchNc74X49Df+pn1KKGIGvXmjA+CsUVIEfs3XrHYDXHDFBo +++mNdTqhRz7mKMdfP712YLb/DWcewT61FKFpODVoj7CP2dN7qUDv2+hztk2IX78s +mNkb+p6nUQqS0bwgvQNC+jVgDNijsIRDDlhZFl39yfGxZQcoat3ZaCJqbsKxlJLT +uTNnvKmijisSue9aZGVzZsneBE6yOyPZ+Qacu902vO6H5Fj1EeVNN01PvQ8Bmfxl +lw+1Fz8v2dNjCfFHvccPlpuyxXzufdbLALcchkcCAwEAAaOB8TCB7jAdBgNVHQ4E +FgQUttaqqANc2FF9ohQ5oiHEsqISObUwHwYDVR0jBBgwFoAUQ0Q9ufiSDy+Csom5 +RrNROHAA4T0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN +AQELBQADggEBAJZrbZeb0YFOqKEwhVJzQFelCcWsryGb0vqigQBQ0s90dtFWi5SV +CX4lEFM8vGOhUB+3n4Taxyj52ZgCnp0Cew5azsof17x+6tWqtp3v0OR7KQqz6QbX +r6axEAGcir6ykRKrPNoi244e8nlqsRlY4T9ydNMXaACv/GUmEexf5ifc2N9Q886V +qoIR1stfkDmzVsPX2eqf6hPjmC6GjmTvlJu6/3gRp7AE1PN8fj/57SWK2BgTI+hd +GIJKrD72QnTeM8JSuAspcxv07Tggi+7p4GOUVAcl+qGBJ+CH2LXtYTRyAtg1lKWU +Xyjq40nWd2WTFSHhZbQG1qa+6uY/Js6gydA= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:21 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e1:6e:78:ca:b6:dd:31:40:ef:dc:08:cc:9d:7d: + 04:a7:e8:5a:43:63:58:ca:2a:8b:01:fd:ea:aa:9a: + 2a:c3:7b:86:0e:4a:28:b2:20:50:49:82:84:fc:9e: + 1a:90:ab:04:f1:20:89:11:79:b5:18:27:c7:88:f4: + d4:39:7b:6f:f0:26:ae:22:b1:3d:35:f8:78:8f:78: + 62:73:d5:80:e8:b2:01:37:1e:14:9d:22:44:87:2e: + 25:7f:42:72:7a:61:2e:24:f0:06:ed:c9:fc:da:c6: + 11:5a:d7:50:bf:2e:02:8f:1a:f0:32:4f:e9:e2:22: + 88:61:81:dd:ce:9f:f2:db:92:5c:e2:38:00:26:b7: + 3b:7d:ec:b2:98:b9:1b:23:b7:c4:2d:23:04:4c:0e: + bb:c6:3f:59:13:29:ba:55:ba:84:c8:6c:f8:a9:7c: + f2:bc:1c:ee:cb:d1:5a:dc:44:b8:c3:73:e5:4b:fc: + d1:53:ae:ea:75:b3:73:e9:f6:5c:a6:8c:62:0c:3a: + 78:cb:19:0a:a7:ce:a1:70:61:8f:8b:c1:f6:b4:7f: + 19:e0:c6:9b:bd:69:eb:36:1f:f6:bd:a1:04:da:2f: + 0e:4c:19:d2:ba:53:03:7e:3c:ca:e1:3f:56:0c:bf: + 11:ee:a7:a9:87:65:68:b1:22:54:bf:a6:fb:5b:bf: + 2a:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D + X509v3 Authority Key Identifier: + 43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + dc:37:26:f3:42:d7:1a:10:83:63:d1:85:bb:ae:f4:d4:ac:7b: + e2:55:1a:1b:19:6d:03:1f:e9:c7:94:83:15:ae:49:d3:9e:f4: + 4c:b1:69:2a:ad:78:1a:db:50:a8:85:3c:a2:bb:e7:79:05:6d: + 2f:21:a1:e2:64:7c:07:35:47:58:8a:df:5a:2c:08:2f:d2:57: + f7:59:bb:d3:38:56:74:fe:e5:c0:55:b2:df:f3:a2:92:95:39: + 0b:9d:73:1a:ba:91:c3:07:4d:59:bf:bf:e2:9c:34:33:84:6b: + 4f:5e:29:7c:7d:62:ac:ca:ee:6a:02:36:72:bc:7b:04:d0:16: + ff:3f:d0:7f:f8:b3:ca:be:7b:b7:55:2b:16:97:53:06:24:92: + ad:c5:a4:8b:6e:b8:41:85:7f:18:b4:83:b4:7c:5a:6f:62:9f: + 6b:33:74:39:b4:60:b7:a5:5d:cf:54:c2:a9:03:85:24:df:e6: + 4c:d4:b7:20:9b:fb:be:0c:d4:ff:90:4d:88:a6:b2:0c:3a:a0: + b6:76:60:39:97:2f:f3:5a:6a:6a:b0:ed:5c:69:b5:70:7e:b6: + af:c6:d8:89:76:ce:02:d9:90:9d:6c:51:cc:e3:77:83:d1:a1: + 8b:a7:4f:c1:0e:c6:60:04:95:36:03:1f:ca:90:2d:fa:00:f3: + a6:34:fa:cc +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDhbnjKtt0xQO/cCMydfQSn6FpDY1jKKosB/eqqmirDe4YOSiiyIFBJgoT8 +nhqQqwTxIIkRebUYJ8eI9NQ5e2/wJq4isT01+HiPeGJz1YDosgE3HhSdIkSHLiV/ +QnJ6YS4k8AbtyfzaxhFa11C/LgKPGvAyT+niIohhgd3On/LbklziOAAmtzt97LKY +uRsjt8QtIwRMDrvGP1kTKbpVuoTIbPipfPK8HO7L0VrcRLjDc+VL/NFTrup1s3Pp +9lymjGIMOnjLGQqnzqFwYY+Lwfa0fxngxpu9aes2H/a9oQTaLw5MGdK6UwN+PMrh +P1YMvxHup6mHZWixIlS/pvtbvyqZAgMBAAGjgeAwgd0wHQYDVR0OBBYEFENEPbn4 +kg8vgrKJuUazUThwAOE9MB8GA1UdIwQYMBaAFENEPbn4kg8vgrKJuUazUThwAOE9 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB +Af8ECTAHMAUGAyoDBTANBgkqhkiG9w0BAQsFAAOCAQEA3Dcm80LXGhCDY9GFu670 +1Kx74lUaGxltAx/px5SDFa5J0570TLFpKq14GttQqIU8orvneQVtLyGh4mR8BzVH +WIrfWiwIL9JX91m70zhWdP7lwFWy3/OikpU5C51zGrqRwwdNWb+/4pw0M4RrT14p +fH1irMruagI2crx7BNAW/z/Qf/izyr57t1UrFpdTBiSSrcWki264QYV/GLSDtHxa +b2KfazN0ObRgt6Vdz1TCqQOFJN/mTNS3IJv7vgzU/5BNiKayDDqgtnZgOZcv81pq +arDtXGm1cH62r8bYiXbOAtmQnWxRzON3g9Ghi6dPwQ7GYASVNgMfypAt+gDzpjT6 +zA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/generate-chains.py new file mode 100755 index 0000000000..3feab38cd7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/generate-chains.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with policies and requireExplicitPolicy, including +policies on the root which don't match the policies in the rest of the chain. +This should fail to verify if the policies on the root are processed.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Intermediate.key new file mode 100644 index 0000000000..0b8c04f7e5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCxw6H2jEeRs+lX +OcjW9u3PldNZReQfZicwGl5LbibPoW1KRCiIiV5wSGBH8dXcDlLnITXO+F+PQ3/q +Z9SihiBr15owPgrFFSBH7N16x2A1xwxQaPvpjXU6oUc+5ijHXz+9dmC2/w1nHsE+ +tRShaTg1aI+wj9nTe6lA79voc7ZNiF+/LJjZG/qep1EKktG8IL0DQvo1YAzYo7CE +Qw5YWRZd/cnxsWUHKGrd2Wgiam7CsZSS07kzZ7ypoo4rErnvWmRlc2bJ3gROsjsj +2fkGnLvdNrzuh+RY9RHlTTdNT70PAZn8ZZcPtRc/L9nTYwnxR73HD5abssV87n3W +ywC3HIZHAgMBAAECggEABTy7yVfsWzUUk1l5pX0EmEs+56WWU9HT0WgoI2Bylpxt +bAo3stTFP66fiORtm2b1TKee/mLf7IhzEioOoDPZFwRKSns8IFP/2E6jXyoqQftZ +eAcCdlOQwsecoembBaC0morhzOe/x9bRSl0rEe8Cf8RTCMMm35hdmLMDD2//93xt +QyOZIwUqRYe70nyxqkvaO//ZpkFkKaLcevEIpqSLerhA+B4Yifq0K/axcZgirXLv +JjHA9K5LUl4NQBxrMyoHIT/SWaKfr1r8X0WxxP2N4MqKuJQKdu46AYqGKwL6Lhhf +yNrqtxGcyF9VTWkJtYGsGst8Na9eoEYTGrL+rqAagQKBgQDwmbFcP86l4uvgNDRD +QjkTm6cZL1e1WwQVFyCsRhR3c69ihi/1AhqZzaxd0LPxtqq4Jqk0q6KjZP/IqTaz +0aEq8LQJHHkOCB5lSU2sVMVy9eG2YlyNQkZrZlcTzpL1ub8GSUt67QL6J5RXXQKj +A2XPWQcgv8IItukYijwfbyuqgQKBgQC9JFnPjcsdnkaFKPIajcStYTvNHyyXs9kA +SJVHLWZkRwpzeuvLXGrkwIKXmEgp4fuDEKxMekHcbysTW39wLF25RpHxOnJJ35o2 +pqHRKsKNeIBhHAL8AZ65+Prn9aWpSvo+294KGxhP9nfG3b940oT5cFG8N5zQWuM/ +w2KzXlT8xwKBgH3vBE2TvFdJykqlKIHX5MYln7Xn+NGdHSro2xow6D+J1tAMCogE +nOXKKKFGPxmSkhMncUN3Xv6FO/jM0SwX2nL+YE2wkJBOoZJEZxp/mIXOu2DaZTUu +7msCuytL4dIqchkZPh/OdNN46gU8Usf+XEjGgZubozUqgCFvIX8WklWBAoGACh/L +/uQkHy29sJsEeo9kG7O8s7obdPNXhkBcXTb86Bk1YgEOZhBIWH5Ffz/TfQpvoBBg +aKeSpu38bEjVhXeafLReU39BZtrlMk+xEbUsPM5acNhDAKJFkMbXB1uKxokQ5BR4 +yimxH3ad6rMr8Je0LnXoqh5/8lcrGtqmidteyTkCgYBL2Z1Kl/0xUzHDAoL0gU23 +Lk44uZOo1PvsXU1TLlmGE+HQnGFXUMYxUz6D4JUbmb4tjPlavOmexbnc0duJXXMQ +jncIstOIxWWwd4DXlcAJZFp4seWJ0uGr64HfXC4mEbSAx4U/2h1rSdYzsoi+KgTl +TOTJ5UM08jbpfmwFLkHugw== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Root.key new file mode 100644 index 0000000000..20510a1e67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhbnjKtt0xQO/c +CMydfQSn6FpDY1jKKosB/eqqmirDe4YOSiiyIFBJgoT8nhqQqwTxIIkRebUYJ8eI +9NQ5e2/wJq4isT01+HiPeGJz1YDosgE3HhSdIkSHLiV/QnJ6YS4k8AbtyfzaxhFa +11C/LgKPGvAyT+niIohhgd3On/LbklziOAAmtzt97LKYuRsjt8QtIwRMDrvGP1kT +KbpVuoTIbPipfPK8HO7L0VrcRLjDc+VL/NFTrup1s3Pp9lymjGIMOnjLGQqnzqFw +YY+Lwfa0fxngxpu9aes2H/a9oQTaLw5MGdK6UwN+PMrhP1YMvxHup6mHZWixIlS/ +pvtbvyqZAgMBAAECggEAEnS+a+5DtrQXzx5jTiN9nZeOyESacNbB0bRtoXEEvkNf +Ks1UfpzZpeMLKzlweFagDXO59RXPRz5+fg55T4l1FSa9i/aRydjhWfGjsdMRfjuQ +kOgkDOdQz/ZtuHkCsVVCd2C1WIN4cZrUsei94iEMsZWlg6D6R3rHSqBcvf1nXyV5 +nvlvQjH3uLpIWCjRMDuCstxRJiL3CuaXA+nKVkq0juSe/WeGyo8CWLTsgvsu4MbY +hLll28MD+jVrqYstPmqXORn5xaUANiezq1u7MaUbA7CJQHC7nnuX4hKI9ndfCKR9 +g5Igb3QvjYxtyi+YiRog9y4FIUaInbz6yu7UrUBlgQKBgQD2gADz85MD2a09CHDN +ibXwDzaI4X7mC36LrxgzjPTRfFBM1g0DYQMfGR4d4T5kuxxWAqK7PQkCdtCmfPYL +MPfpMZ0z8sK7akKt/cKZ5FVO2mjmjsHDKHbPuHv6nilJL4dvYA0W2uT/xJubChts +P/6ibJuEYrG7GKz+dVRXUMAg4QKBgQDqHpqo4Wxo8V/gUo8XbAbjrV6uTbbg+N4+ +qNrcNYfA0ayBXF7eV6a1x6496l0lutKkqISYDIoBzBnkctqKTdHY47fHc5qFYujU +yi15OfVR3EFVyyk5SMRU+eMbQU248kUKMzrMvDZbn6zQAUB1X10SVcuHJ3AA41yr +Gl26iQxouQKBgQDWUKyDbb7glh189x28VoMM2O09TXEbadr4b5/HEkK48DCQ3Xoq ++enQ2/HHYNLymYwla904lfSDY/I9DmCNkmG5Kh3X0LVmZRjcVckgK9nP2S1jZ7Mn +jsLeDzQbze9vZheGyigXOvHnPnVb8wmssGcfqPX9wCFu3iFqi3BtChRBgQKBgCAN +8qT+wEYaDkN7akYNr1/K4/S/hTOGP3+axORzm9OloZXQnNiabaPj5BJsHTbGPoL2 +47ihtt+KH11s8EkRYJLuksIHLPfoU/KWf+ViLxl3K6bgexNxyBfOYu7fYRHaceN0 +oi9X8aVX1mRgV3/6f5a8EnK9zpMAjjaLFJwumXlZAoGABFkwRWSI84au+PgoxRMJ +70ILdkbGHniHEEwZhLc9Fp1DIJSjK64nDHXocXLQTzIj7h8t60cV++kWm0h9/Tkp +3xs6/oOiisOGaUPb7JhFl510ulxsfyJoRjdquQ8gdxluvtstsdOID6vc1ex9mmlA +phl0GWHCJ3lB3ADBlE/zMrc= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Target.key new file mode 100644 index 0000000000..ca3b65377a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4IbOray0M2PU8 +oUY3y8JqUeYHP5PWcfpf5IaB0FCXqoG3qW2G0ClcANPzyAFsM999tB7dwBImtFE9 +LnE35jw9bQVwdaF0psGtMjtsqVDQwqMxofy9n+JVcM6XeeB57CXIDTgOgT+VNrvM +aEtxrmD31h9qcMxtIAXZeuh6J8DaSSp5ZPhUV0GW8RgQw0fUThTRPMH5q9pq70jr +IVtGMgTkA5MbXRgXs+kPT6N0WcWpkifos8H88PGN1Im0dIPTHcvg+B5Kk+gg/CYe +cIl4Hcau3lADqb2rl/UsWH7exlEka4BYpOyxuzRtknbnSsT15tNCS7NcM4WQRVEp +fXt2uPxfAgMBAAECggEABhoQYWJbNFQlGXlUIZUSqVQFmqV1gF7S/rzxUrmHKi5b +Y/Z/UC0FoLWHLAF0rXh6T3IHivfTr9+ptmNk0hkweABaq5N0olTEo92a7GGyA7EC +85fAtCsgSTL7TaWbXxpkDLN0A5sJ4LnpZNrrE2ZqBTfwFd1oWf5Fvsfl/HkuD623 +7EcOEvS3GCh8dresT6PbP+AlhZvdrlxiWhykAb5Kmk1/Y9zxmlvC/c1pkNEV4ij0 +vPj4bNnsmOR8MGR02vggajU2su45zmPQJhkIrJXO++f3okjq7VirRxE3Cy8D1DEp +lbHFrDfU0/2Vvp8IgpagmIzJy4xvXh+sD+iE3eFKLQKBgQDXt66jfDrK9DlYIk7L +tkRqi2gpJu6auvqx7xl6TsS3vb7oLbuuKyTGXlkHrTmGGbHjF5yrONHhx7tsxWHH +fmT1nh3ix0Z6i6+Ajqi3TQmeWR9OzL7t8Ftb4wbbKImRkO6JPjX4qN2Z/ouvn6zp +5fRov7noKjgeUcoEsUrQT18ohQKBgQDahBDnBnG3DXYUK+cH8qxuKaUuWgXZ4A7G +bgaI04YmLBMLcUZXm/2NSP3j5iJ23fzF4cDd4xKshwzi79J9Wiei+KBZjdpNpGYN +fwD9/K4T6KZY5Hlj79tR9fcOWbk2/j38uB3ySvwcViPIH2e8Rils3zU6tSzpkteO +bZrWhLtYkwKBgDIWWz1ojfor5Ni69pLEWnRmtCPB/2r7+VOxUbgda/3B1/7vB4H0 +UJCivYdTyGSDuNMi22TCR7Fl//XMityYU3bYZNYQMSQpJPHzrecJwy76QJO6ZKa4 +xW27dA8VBYRAI7LIOB3pj7K+8M4xhCO3Gh3sTo1CqE8Z7I9UXyupEk5FAoGBANRP +lQyi2kH9NkkLDwJN6vNuSyvqE91JMZHivT6cJq9YC3kGqk3dJlHsJaMUq0/LCBpL +6lSsmCxBW2fzlBRvUCusXkAk74KYxP8/8vrUU17MoTOlabyMBBByZ4Tt8GNaS2gM +jCwqZyIxH7sFqIjpsr4xcUqFVgnrvryICfV8KXs5AoGAbNw6YdBnSO6zdKMeyVjH +Y1u6KfqeXcAUWe4UbN2neQjl/R3C3sAsTKzdaDut2f0cEbgaKxh+lX9EmhQ0Qx8B +DzQFijOAaGHcJtv74cMbCyAMLLdG3HZ0AJDIQNuhAfW7iHvaKvK5l56bt6D2YaJa +T6PjH5WOWxRcK98dWWOZ6KQ= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/ta-with-constraints.test new file mode 100644 index 0000000000..add5736f7b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-on-root-wrong/ta-with-constraints.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/chain.pem new file mode 100644 index 0000000000..58e3ac9e60 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/chain.pem @@ -0,0 +1,269 @@ +[Created by: ./generate-chains.py] + +Certificate chain of length 3 with requireExplicitPolicy=2 on the root, +meaning an explicit policy should be required and the chain should fail to +verify if the root constraints are enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 43:bb:74:45:42:77:6d:81:39:a3:bb:aa:95:6e:18:9c:71:0d:ce:c5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:80:6c:45:ac:2b:3b:b4:5a:5f:54:06:e7:64: + 4b:a6:50:35:bf:f7:1d:be:87:40:a6:49:97:8c:d5: + d1:35:43:74:fc:d1:af:b5:ae:8e:c8:eb:d2:ee:bc: + 37:da:08:03:6e:bf:4e:e0:25:7e:91:a8:a4:07:2d: + cf:c1:fb:55:72:52:9a:e7:00:87:62:3f:7c:21:1c: + 31:65:56:ad:fe:73:df:94:d5:0f:25:a4:ca:a5:a9: + b4:04:0a:fd:e6:e1:60:9f:9c:85:85:11:65:1c:f1: + 38:a5:45:e5:7e:b2:89:8d:09:88:55:3f:29:81:89: + 66:20:f9:c1:7d:8e:2d:27:cf:1e:88:73:70:0f:f2: + 69:cc:a5:1c:3b:76:18:5a:4d:7a:20:27:c2:7c:68: + 91:12:23:1f:9f:e8:44:2c:0a:12:73:e6:c7:32:ec: + d0:bf:6d:9c:c8:da:4f:ec:92:40:7e:ff:75:eb:1e: + cd:89:b7:61:91:e8:a2:26:45:80:0e:40:4a:d4:cb: + a6:bc:c7:ae:1d:eb:d9:f7:6a:89:27:ab:64:69:fa: + 3d:f2:5e:28:49:b1:2f:f5:6a:1b:d7:56:1d:88:ab: + 5a:c6:42:9d:5b:2a:32:35:92:a2:29:92:05:c2:93: + 33:4e:8f:aa:5a:68:db:c5:27:15:19:18:90:2c:c9: + a3:03 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A7:95:1E:F9:32:14:D0:49:71:DD:EC:B6:B5:00:5E:2B:7C:BA:F9:3A + X509v3 Authority Key Identifier: + DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7f:7f:af:87:3f:0f:a4:bf:b7:1a:d3:83:c6:cb:d7:94:07:2c: + 47:8d:4a:50:71:70:65:87:70:8b:43:76:af:64:76:23:d1:f3: + ff:63:a7:21:20:12:50:f9:ec:c4:a7:15:49:8e:4b:c3:de:a0: + e0:55:05:7b:b8:e5:9c:48:44:ea:94:07:ca:cb:75:7e:17:92: + 5a:da:06:ff:09:3d:15:99:ce:bd:19:ec:85:36:a2:fc:fe:56: + 00:9e:6d:02:66:8a:fa:cc:e0:34:17:34:d6:af:1e:54:c6:20: + 09:cd:f0:a8:72:8d:7b:e5:5a:3b:c0:74:98:c5:e5:37:92:78: + ef:a5:15:8c:5c:b5:5a:2a:ed:5c:d1:73:e0:fb:60:b5:37:ff: + b6:be:9e:a3:92:d5:5a:9b:9c:f1:14:b5:82:e9:5f:56:8f:57: + 4f:e0:c1:14:8d:1a:f7:10:2d:2f:cf:20:3b:10:8d:c3:f5:76: + 3b:cf:66:f7:6d:52:ca:ae:1f:5b:79:43:0e:62:95:db:e9:70: + e3:d8:54:b1:d7:e6:68:77:55:79:7b:b3:83:79:f9:f4:a8:f7: + 5f:e2:bc:4f:44:39:ac:1e:03:8d:0f:57:e9:74:0b:fe:d4:26: + f1:03:7f:1e:7d:3d:64:b7:e9:58:26:d5:37:52:c5:0f:7b:0f: + 97:cf:0a:3a +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUQ7t0RUJ3bYE5o7uqlW4YnHENzsUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAxoBsRawrO7RaX1QG52RLplA1v/cdvodApkmXjNXRNUN0 +/NGvta6OyOvS7rw32ggDbr9O4CV+kaikBy3PwftVclKa5wCHYj98IRwxZVat/nPf +lNUPJaTKpam0BAr95uFgn5yFhRFlHPE4pUXlfrKJjQmIVT8pgYlmIPnBfY4tJ88e +iHNwD/JpzKUcO3YYWk16ICfCfGiREiMfn+hELAoSc+bHMuzQv22cyNpP7JJAfv91 +6x7NibdhkeiiJkWADkBK1MumvMeuHevZ92qJJ6tkafo98l4oSbEv9Wob11YdiKta +xkKdWyoyNZKiKZIFwpMzTo+qWmjbxScVGRiQLMmjAwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBSnlR75MhTQSXHd7La1AF4rfLr5OjAfBgNVHSMEGDAWgBTf6CDghPE9QQW1 +d0cPuRnDr0NppzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAH9/r4c/D6S/txrTg8bL15QHLEeNSlBxcGWHcItDdq9kdiPR8/9jpyEgElD5 +7MSnFUmOS8PeoOBVBXu45ZxIROqUB8rLdX4XklraBv8JPRWZzr0Z7IU2ovz+VgCe +bQJmivrM4DQXNNavHlTGIAnN8KhyjXvlWjvAdJjF5TeSeO+lFYxctVoq7VzRc+D7 +YLU3/7a+nqOS1VqbnPEUtYLpX1aPV0/gwRSNGvcQLS/PIDsQjcP1djvPZvdtUsqu +H1t5Qw5ildvpcOPYVLHX5mh3VXl7s4N5+fSo91/ivE9EOaweA40PV+l0C/7UJvED +fx59PWS36Vgm1TdSxQ97D5fPCjo= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:f1:4f:24:39:36:7a:84:f1:90:2a:ca:28:d7: + 46:34:ab:2c:c2:bc:44:69:d2:ee:9c:30:c2:cb:65: + 90:d9:b4:93:ca:ea:9b:aa:a8:6c:1a:38:67:3a:59: + 87:82:75:b8:57:55:d8:33:76:d1:1f:5d:57:0a:00: + d2:02:aa:97:b3:e0:58:97:68:97:ec:0d:26:15:32: + 70:da:db:c9:3b:24:3e:dd:3d:72:2a:b6:57:51:6c: + f6:9a:aa:75:fd:0b:88:84:65:93:d2:1c:27:d3:27: + 56:a3:ca:64:5e:44:05:09:5f:83:61:18:d8:69:8b: + 33:8e:72:1b:1f:74:09:aa:4c:90:29:a1:28:c4:78: + 80:9c:c5:ef:d5:12:be:22:47:f3:9a:02:38:ba:0a: + 08:f2:94:7e:65:03:5c:28:7c:09:70:13:0e:6a:a2: + 37:8b:53:94:78:f5:32:04:59:aa:fc:7f:b7:d6:34: + 96:9d:4e:01:84:7f:89:99:84:0a:51:14:99:ba:ac: + 0a:2b:0f:02:e5:4d:f4:db:03:a0:1c:f5:78:b2:76: + be:53:02:86:85:ed:3a:ae:42:ad:0f:85:6d:03:ba: + cd:a2:16:2b:76:a1:2d:77:91:d6:05:2f:5e:d5:f7: + b6:af:e9:86:fc:6f:ca:11:62:15:93:f8:e8:d9:e5: + 66:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7 + X509v3 Authority Key Identifier: + E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a6:be:bb:fc:11:76:e2:44:c3:35:04:4c:ad:28:b6:25:de:40: + 2b:e7:1c:f9:39:58:71:93:c0:be:13:45:c1:e0:0a:e8:fd:f5: + 34:b4:24:9c:81:ec:bb:6c:c6:7b:18:92:d7:de:42:e3:d9:90: + 4c:9a:3a:f5:e0:00:09:4b:10:c5:ca:32:50:cb:77:1b:f5:d7: + 11:60:5b:86:d6:c0:22:03:42:6f:13:c4:14:e1:ce:49:b4:2f: + c5:3b:cc:f5:5b:d4:a7:62:bc:63:67:4a:45:68:a1:27:02:a6: + 10:ee:7e:64:1a:d6:b5:d9:6e:c8:da:42:cc:6d:df:33:8d:b2: + 48:71:ab:70:12:55:f2:53:0a:2a:2c:53:e6:14:27:fb:0c:05: + 0b:35:95:7d:0c:1d:b0:7e:fc:c3:39:af:05:1a:f9:c5:52:cc: + a7:5c:27:cd:5a:ea:76:f6:07:8d:2b:32:68:5b:62:3c:cd:88: + e9:2c:a7:f7:63:18:7e:c0:4e:d6:a5:8e:9a:10:54:4c:13:ef: + 7a:5f:39:c0:30:fd:8f:44:67:0e:06:88:43:31:6d:40:95:78: + d5:00:b3:93:e3:78:d8:97:f0:51:16:24:34:3c:67:6a:b9:c2: + 60:da:cb:c5:c0:09:75:39:3a:96:a7:06:99:c8:47:4e:c8:2e: + b6:9b:a4:80 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABB0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMHxTyQ5NnqE8ZAqyijXRjSrLMK8RGnS7pwwwstlkNm0k8rq +m6qobBo4ZzpZh4J1uFdV2DN20R9dVwoA0gKql7PgWJdol+wNJhUycNrbyTskPt09 +ciq2V1Fs9pqqdf0LiIRlk9IcJ9MnVqPKZF5EBQlfg2EY2GmLM45yGx90CapMkCmh +KMR4gJzF79USviJH85oCOLoKCPKUfmUDXCh8CXATDmqiN4tTlHj1MgRZqvx/t9Y0 +lp1OAYR/iZmEClEUmbqsCisPAuVN9NsDoBz1eLJ2vlMChoXtOq5CrQ+FbQO6zaIW +K3ahLXeR1gUvXtX3tq/phvxvyhFiFZP46NnlZvsCAwEAAaOByzCByDAdBgNVHQ4E +FgQU3+gg4ITxPUEFtXdHD7kZw69DaacwHwYDVR0jBBgwFoAU4xg4D4E2rJuMBbEc +EYWghlWoj7QwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCmvrv8EXbiRMM1BEytKLYl3kAr5xz5OVhxk8C+ +E0XB4Aro/fU0tCScgey7bMZ7GJLX3kLj2ZBMmjr14AAJSxDFyjJQy3cb9dcRYFuG +1sAiA0JvE8QU4c5JtC/FO8z1W9SnYrxjZ0pFaKEnAqYQ7n5kGta12W7I2kLMbd8z +jbJIcatwElXyUwoqLFPmFCf7DAULNZV9DB2wfvzDOa8FGvnFUsynXCfNWup29geN +KzJoW2I8zYjpLKf3Yxh+wE7WpY6aEFRME+96XznAMP2PRGcOBohDMW1AlXjVALOT +43jYl/BRFiQ0PGdqucJg2svFwAl1OTqWpwaZyEdOyC62m6SA +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c5:cc:1c:e5:9a:d9:de:85:c0:83:0b:b9:35:56: + b6:65:47:94:ff:b7:ed:00:aa:ca:dd:80:6d:a6:a7: + 75:0a:61:57:4e:54:40:25:66:07:33:a7:62:68:ce: + 40:0a:65:8a:d5:37:70:b7:b6:75:94:3e:33:e9:66: + 27:b7:94:48:94:09:58:91:03:a9:6f:d6:21:72:ce: + 97:97:95:8c:71:56:2e:96:03:e6:c0:b7:7d:f6:98: + d0:d0:73:1a:49:dc:55:a4:34:7d:38:62:27:ad:8b: + e4:7a:eb:54:38:3e:93:aa:7a:e6:fc:29:fe:de:1c: + 93:bc:4f:d9:de:5a:da:c3:35:a4:0a:e4:8e:82:1d: + 99:7d:75:c4:f4:b1:77:60:5c:c0:c8:b9:7c:cb:65: + 85:54:18:54:63:fd:66:bd:56:62:1b:d0:d7:33:37: + db:b1:92:96:ad:5c:a6:dd:51:e4:82:18:cd:bd:c4: + 3d:6a:f3:af:5e:de:da:5e:5f:e6:d2:f2:66:ee:de: + 0c:6a:e5:72:58:0d:f1:21:1a:86:62:80:a1:e7:c3: + e3:eb:19:56:ef:88:a8:a8:c5:37:c6:98:48:f2:7d: + ea:b4:4a:e7:3e:9f:8b:14:6f:55:26:55:c9:ff:71: + bd:60:4a:82:d3:9c:20:10:76:ba:8c:75:c9:64:ad: + 14:a9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 + X509v3 Authority Key Identifier: + E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:2 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3a:2b:a5:f1:fe:ef:97:5b:90:2a:7c:af:77:fc:b7:e0:3e:6b: + f1:02:a1:a3:f9:e0:87:34:43:8b:52:6e:35:c0:1d:19:44:95: + ad:31:d5:35:85:85:3c:03:2c:98:61:61:3e:64:eb:ac:b3:d5: + 6c:85:f4:1c:02:a2:13:4d:42:f9:9c:99:c0:bf:7d:ce:30:fc: + 7c:e7:40:21:70:96:13:a9:c3:c2:90:d1:80:60:ea:25:6b:cb: + 30:95:46:1b:63:d3:6f:66:8b:f7:16:c1:da:42:de:3e:df:47: + 90:24:4d:07:3e:a8:73:38:48:cb:8b:fb:be:de:c3:ae:fd:ed: + ff:b1:99:dc:5c:fa:ef:51:7c:05:66:b6:2c:84:c6:7f:4e:10: + 17:7c:54:ac:a8:4d:b1:92:80:1f:c9:9b:95:84:9d:c2:97:b3: + 88:c2:ba:21:2c:60:f8:f2:23:8f:a5:b8:e1:5f:08:c3:c1:b7: + 86:1f:3f:08:77:df:01:31:80:b7:1e:01:ba:47:fd:25:91:5e: + aa:25:67:bd:cc:e1:4f:ee:74:1a:48:e4:b8:ec:e7:14:79:64: + 16:b7:74:9b:c6:30:a9:0f:d7:5e:43:15:c7:b3:32:cc:f5:df: + 04:cc:cb:b3:8e:90:ff:ca:d8:c4:ee:d9:9f:fc:ac:59:97:31: + 4e:bb:57:3c +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABBwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDFzBzlmtnehcCDC7k1VrZlR5T/t+0AqsrdgG2mp3UKYVdOVEAlZgczp2Jo +zkAKZYrVN3C3tnWUPjPpZie3lEiUCViRA6lv1iFyzpeXlYxxVi6WA+bAt332mNDQ +cxpJ3FWkNH04Yieti+R661Q4PpOqeub8Kf7eHJO8T9neWtrDNaQK5I6CHZl9dcT0 +sXdgXMDIuXzLZYVUGFRj/Wa9VmIb0NczN9uxkpatXKbdUeSCGM29xD1q869e3tpe +X+bS8mbu3gxq5XJYDfEhGoZigKHnw+PrGVbviKioxTfGmEjyfeq0Suc+n4sUb1Um +Vcn/cb1gSoLTnCAQdrqMdclkrRSpAgMBAAGjgdwwgdkwHQYDVR0OBBYEFOMYOA+B +NqybjAWxHBGFoIZVqI+0MB8GA1UdIwQYMBaAFOMYOA+BNqybjAWxHBGFoIZVqI+0 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB +Af8EBTADgAECMA0GCSqGSIb3DQEBCwUAA4IBAQA6K6Xx/u+XW5AqfK93/LfgPmvx +AqGj+eCHNEOLUm41wB0ZRJWtMdU1hYU8AyyYYWE+ZOuss9VshfQcAqITTUL5nJnA +v33OMPx850AhcJYTqcPCkNGAYOola8swlUYbY9NvZov3FsHaQt4+30eQJE0HPqhz +OEjLi/u+3sOu/e3/sZncXPrvUXwFZrYshMZ/ThAXfFSsqE2xkoAfyZuVhJ3Cl7OI +wrohLGD48iOPpbjhXwjDwbeGHz8Id98BMYC3HgG6R/0lkV6qJWe9zOFP7nQaSOS4 +7OcUeWQWt3SbxjCpD9deQxXHszLM9d8EzMuzjpD/ytjE7tmf/KxZlzFOu1c8 +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/generate-chains.py new file mode 100755 index 0000000000..a9b59f2618 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain of length 3 with requireExplicitPolicy=2 on the root, +meaning an explicit policy should be required and the chain should fail to +verify if the root constraints are enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:2') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Intermediate.key new file mode 100644 index 0000000000..7260449c5e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDB8U8kOTZ6hPGQ +Ksoo10Y0qyzCvERp0u6cMMLLZZDZtJPK6puqqGwaOGc6WYeCdbhXVdgzdtEfXVcK +ANICqpez4FiXaJfsDSYVMnDa28k7JD7dPXIqtldRbPaaqnX9C4iEZZPSHCfTJ1aj +ymReRAUJX4NhGNhpizOOchsfdAmqTJApoSjEeICcxe/VEr4iR/OaAji6CgjylH5l +A1wofAlwEw5qojeLU5R49TIEWar8f7fWNJadTgGEf4mZhApRFJm6rAorDwLlTfTb +A6Ac9Xiydr5TAoaF7TquQq0PhW0Dus2iFit2oS13kdYFL17V97av6Yb8b8oRYhWT ++OjZ5Wb7AgMBAAECggEARZ+CQMfFNfCZ455o2oaFroyw0evSR4cwn6Olmm0Itg7s +a5ETdw1lWXhcHodbbUsjdT7dEYSbCD5y66Vlvw1MzodAZoJm35fMzxk/iGIUeIXH +h5bycEDrUdDjKpz9JG1KgfURPwFajqP1p3EV3P1gLYA7YtUPg7w0MvPlpsH6Ykbf +tdI+TOv1/yOLIy9iQTtLPyTPRZcahd/Fw1NP4ji5+Cu5au1XkBDNy2kWHqU2MvKz +fbSqTJ72d6KCY1qsztl7fYHoVeVv9xeCMuHA+pNqXJ2BjDob3KHkSSW+nb8uXRbZ +f9+arOjynmHmnFMKXIenRYR5c/ABysQ7rC4wsMGd8QKBgQDQVUMZaCmGkD3QaHFj +pWkJSdCx/8SZ3Q0LA4W55pY+BS6LcWipJp0FRe1cY0u3yw8DXXgLHFKKlyZRqljt +hDoaau89+1+ELZcQs5q1FlZbBO2Mi7JcInj4R3JIGXwmLrfySPO7i2zPpTTRhBq4 +M6semLeNmVnSvLSR2b6Bjc1+owKBgQDuUScN/N4NrWn9bH55hl/4ktm+aa59Z2U5 +AKitX0JWHshVgVFLIf88YX6H4u+gQWoxevcmi7VNWtLbtRhfmsO69jxpvG9q6ILV +MvSJAVQ7lvhMu+cQXRos7si8lNOZVGpzE9ThqhMFYF38cFlsSIIQ6aOE2IgUT0UE +t/SaQQuzyQKBgHdLC0QGIBkciTjIRX1wnwehi+4Q7evI5woSd0Vu40MaRn+0beDF +6o21b+hCN35DuRINOIrsKduQF3IV4BwJZhfweZP9V8FhNaprnb/pzYMK/FdJOtWF +K83HY4ojhbJ7d/s1iNMwUBtKl0cNpRsrAuZfPmPHluaUBbWqgGrA3xWPAoGBAKAe +1G+4g3WLG1iTidKa72ZzPGuMVBmb283V3H9ILqjwW8ffcEBb4kKuerZQSpJRAUmn +heFXIwSLTnsiDPNHZ9T5VpPwcKfS+vzGFLjstKyo/cGIynIbK9gew665DAbMSg1x +uKm6fLczDVLsJZj0irdUU3KRjbSfog7OjkEKDRPJAoGAJAdhnjWWDzzA3U9DnL+7 +Cy8+9xhpb0dd8eCZzLoh4PaqJ50d3JOZaXpRZgNuP+Y/RXcP9sk0ZyjsoysQTSXS +pcCtRexR0HcfZWtHBHE62kkVoqtAbaj/JIBz8TjEVGVbYf//f9dbtqib+/eRgfDw +Fhytg1Eqzn3hyVX5C7YB3n0= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Root.key new file mode 100644 index 0000000000..57bd90bd49 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFzBzlmtnehcCD +C7k1VrZlR5T/t+0AqsrdgG2mp3UKYVdOVEAlZgczp2JozkAKZYrVN3C3tnWUPjPp +Zie3lEiUCViRA6lv1iFyzpeXlYxxVi6WA+bAt332mNDQcxpJ3FWkNH04Yieti+R6 +61Q4PpOqeub8Kf7eHJO8T9neWtrDNaQK5I6CHZl9dcT0sXdgXMDIuXzLZYVUGFRj +/Wa9VmIb0NczN9uxkpatXKbdUeSCGM29xD1q869e3tpeX+bS8mbu3gxq5XJYDfEh +GoZigKHnw+PrGVbviKioxTfGmEjyfeq0Suc+n4sUb1UmVcn/cb1gSoLTnCAQdrqM +dclkrRSpAgMBAAECggEABJT0d+ihAp+2TIrTWt4T+k9gzxYlgDIUojIpCBbhthB4 +b2Tx+fPNt6d5VvxtHRiKUWNYAfdw7JLOzMmsIptlnYFEaxKKxJ+RFYnd1tn034S7 +rkevmxf9C97xGl0KNzsKhFPfcTSL3wAqNiM4p5digAzaCC4YXHCMxwxR+42++s3b +MaqiBHe9B62LmtnZsNDb+sXzXCzKfzcxW+M7Q9LSnq4wxL97N02uwKLUFrCT+oJZ +Lfy4DFopPYxnlBdYN0b0z60TMlLRpRNjFO00WA63AgaDAzTptsQ+uX2T/lj1+uaA +YHxXV6uNYsdtYQ6+J9ZxkiJW0Pk1ZfOosyEhXd7RwQKBgQD4YzolbTZ6UrPY7nVc +LRmXl1AksNC/QyH5Sirq2KhmskGdFzjRk3WSH9dkG3z9LpGJLijDZZfTbl3/rNWu +2xxKbF3iTcHv2Ii91D8FjuxhBRQXPNL5evesMZmYqyX9xlpPLvhZU5JUlkQih1LF +4dkiYD5uEo1eroe54YEaiQSl6QKBgQDL2/hJPGc3jEv13U7A+gvn+XWhsHIiMyl6 +5RxBKK+CYNgFJi1gXZO+igICJefuKYF13tvodgKIicNAa3ICvr9aRNf/46z9bOcK +u/TxEXTAPoXjiQqe2md2eJhI2EwxBCKMiTo3aNh29WvG7tZLHa9NL5LYWnFR1BX4 +97Xuv0wAwQKBgHFB9ZJ5QPz31u/Uk4jrO58mrLF+OkDr4ILmMbmR/v+MymRR4WOW +hGaTxEfuTMi5Qj014fpuyZLr4UqiyXCIklbRIOH+qK6vonJEZFQpflki0q1h26VM +T8ChgTLe31ze4/D1LuK0O6X8Oqcv4ys9tx94mR7hsLp6hILac17hGVB5AoGAbuCU +WVjmFttS0UXuOJ2HbkNLDIdIfHtxOytzw6jaVMJRm/NYyMn8uqybTQnK7MlcZXyy +BOxykkrDjL0jxIR01ScOiFoP08KwozD5l0hURN98uPXndeD6VwBea3hhcGN8Ww2k +QVDgM0tmtEtg+HgLyaJvbwc6DTSaQtCP/mvDbcECgYEAkJ5CFAU6UHnjhPXwjPcC +aCva2VCMbIC8jwRRpkxqf70Z908leQ2mA++WQZF4odtYq7W3o0u0ZreFgxQTSEzy +d1Wx0DvWu1hdmG3ERYEtCRFcFFeD8qyW7KMo5ODSGfIwgZgyj0GISaylYPQu+zE7 +rPnpJOhEgPPazDZRKoR90is= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Target.key new file mode 100644 index 0000000000..2897faa0cf --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDGgGxFrCs7tFpf +VAbnZEumUDW/9x2+h0CmSZeM1dE1Q3T80a+1ro7I69LuvDfaCANuv07gJX6RqKQH +Lc/B+1VyUprnAIdiP3whHDFlVq3+c9+U1Q8lpMqlqbQECv3m4WCfnIWFEWUc8Til +ReV+somNCYhVPymBiWYg+cF9ji0nzx6Ic3AP8mnMpRw7dhhaTXogJ8J8aJESIx+f +6EQsChJz5scy7NC/bZzI2k/skkB+/3XrHs2Jt2GR6KImRYAOQErUy6a8x64d69n3 +aoknq2Rp+j3yXihJsS/1ahvXVh2Iq1rGQp1bKjI1kqIpkgXCkzNOj6paaNvFJxUZ +GJAsyaMDAgMBAAECggEAAgRG//7g95EnA+Xs0LKuVBO84A+Tf/Phfm8BTlR+dM3p +JTJqLcHcFdgo2J+/6i6qU5iM+sOsFrBsbjLoc/OTlCmZBPTL61Mddean7SbQILrY ++tWepZwYKk5gPlRFl8VoFRG4Mjhm2xWWT5OMt9ik2MfP2JyKKunpnYx8C0RZBW5V +hSlbYKTky5rpsH3eCtkdUulaJEafpO+w9bWIit+eihE/7QVPI8H4hKEVP1Y6H5i4 +EPybaxDnJt1HaJOb18WPjbppGbLPO5yJvpQ386AwXXo+546cKVkAuaPkYv1nbsbp ++H4FZrwrKvgSNLDPBoD42eBsUeY6CyY/KZeItwuYsQKBgQDk0FNb++LM4zbx1qF5 +NAFUCQ2ABn/B7f2k6P6tUon+dYzN+tfy0+gHwmt7pOnLa7Lvk/RHVG6IN2cDGF9K +FnqT1GAZhTYQgoyB7Tloud9P+3Mn1XAS96v9TOdAFOvhMg3Tpwgaa8LG3F4K8Bl+ +wbiIxNK+ih6ysilqjoT1Uy6MsQKBgQDeFh0uB8gPCfeReKxuLHPww/yyvmkAAuNT +FlSSA+xXyFlV1sgZ7/cGqi7L6o85nOAaSVJ7kYAhZ6tcVp+gIWW51pbvicEPsyuO ++bzPPDWPJS1ralVL3muyswoOns2GiZ4zmPvhzavEHE0xv8bxQZN3AwAQysLH+fO9 +9J4fySVH8wKBgGyzQ0apjP9E2e9dxWws9oyTmGQ/siXRB/R187cnRQMrmO6pwjlL +zikRhbpBiAfpbCJAqYXRaIkxuLBRvcMWlrjv5Y96J0sEmfeHWQSVeK8oh3ZfAVUh +cAVvqVRaHAzpmIP6D/FtTCTov4x2r8X2BdKDnpKCTz8ZQG+ssSFSmQShAoGAbUoe +o/dKWTRDc4AaAsG3cIVSBrgzPcEuE0ZK6ewqU2yRoe9nW3Q+cTYwf0L3ppdvpR/u +Ckco8cdtiaxLM2ccA175ufllW4+FYP+/DZCInt/hwRl7zjEveKooydcWNx3kD2o6 +kf0/iOuQhWnlwfXOVuPQFXNidTyo2RLW+bdntEcCgYBIgQ+nCBLGgnYr45tztrXU +KqHRXOHUqYsLV9oyHfzsed1B+JuSm73QyJw5QQx0Nx+IOB+8ywXRm6/W4XPTn9yN +4/9gbKgSVqScMjtkjR+Cx4CkBWrzNHMfuL+5SMyy/NRH9GVq96LWvMFJ+M15exYb +hL4rHofcl/9GTniS/uTpoQ== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/ta-with-constraints.test new file mode 100644 index 0000000000..1c27600d70 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-fail/ta-with-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/chain.pem new file mode 100644 index 0000000000..0713d7ee2b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/chain.pem @@ -0,0 +1,269 @@ +[Created by: ./generate-chains.py] + +Certificate chain of length 3 with requireExplicitPolicy=3 on the root, +meaning an explicit policy should not be required and the chain should verify +successfully regardless of if the root constraints are enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:5b:49:46:e8:31:a6:8f:13:4f:5b:90:90:91:c8:28:8e:e0:5a:d8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:56:11:e6:4f:80:6b:56:9a:4c:11:bf:0c:6a: + 42:ec:59:97:8a:29:4b:55:89:7b:28:f1:80:4e:9f: + fe:01:9b:72:d2:35:96:89:54:ad:db:9e:ae:23:da: + da:9e:1e:5f:7b:4d:a3:f9:c2:93:bd:cb:6a:8a:97: + 92:41:62:bd:f5:16:c0:4d:c4:59:98:7c:52:32:62: + 45:52:70:4e:48:f7:ac:b7:0e:4c:51:89:04:c3:d6: + ce:12:c7:be:8f:a1:fd:d0:4d:81:86:a5:c2:11:84: + 23:1f:de:76:84:d9:70:fb:d7:ad:5b:54:f7:09:fe: + ac:8b:de:4d:cf:a7:d9:dd:23:90:76:3a:de:c3:8b: + 5e:b4:3d:6e:2d:87:64:da:0f:a4:f5:34:81:ee:c3: + 9a:61:43:56:66:1f:c5:bf:f6:e5:a1:ed:80:49:48: + 92:f1:15:b8:f4:07:5c:9d:92:6d:87:19:ca:5c:c8: + 55:48:09:ce:f2:e0:af:1e:8b:d5:30:4f:92:b7:a7: + 02:84:76:b3:85:81:17:f1:0e:9b:a4:a3:ca:07:3a: + d8:a2:f5:15:40:07:5f:a7:97:27:ca:1d:2c:b8:ff: + c4:0b:43:c1:9e:18:91:fd:01:e7:20:a5:11:b2:db: + 71:c2:c9:60:f8:bc:d3:a8:f3:0b:fb:1f:eb:6a:94: + d2:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 15:C7:83:51:99:8A:EC:AA:F1:4A:2C:1C:04:C0:37:BD:64:8A:43:47 + X509v3 Authority Key Identifier: + CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3a:ae:fd:b2:ff:a8:4e:1f:f8:82:90:3d:d3:9e:db:9b:d8:2e: + af:72:cf:7e:f8:19:07:96:a6:64:00:e8:c2:96:38:48:d3:7d: + 0a:ee:ff:bb:e7:81:9e:84:4a:a3:b1:8b:4b:92:6c:54:b7:74: + 24:64:0b:4a:50:bf:dd:03:68:58:bf:7c:3d:e3:cc:e6:c8:29: + 5b:ab:ac:9d:9e:41:35:8f:83:18:fd:2d:82:34:4c:44:f6:25: + aa:42:50:b4:bc:4b:b2:9f:f5:39:9c:ab:90:02:ec:35:a1:f5: + 36:98:8e:fa:e3:ed:37:9e:59:62:b6:6e:61:8e:8a:fa:5c:22: + ec:ec:7b:c2:15:82:f8:35:29:e3:b4:d7:24:7e:6b:68:76:a8: + c1:44:c1:33:0c:aa:3f:78:46:84:86:df:a6:e7:33:f6:93:83: + ea:23:30:24:5a:ec:ff:3f:08:ab:28:fb:38:a5:e6:dc:65:c6: + 0a:d5:5d:fe:cd:3b:82:be:d4:d8:ac:4b:e8:27:ed:7f:9b:7e: + 36:0a:1e:a5:79:f4:48:5d:ee:8f:22:de:b2:9f:14:cd:27:5a: + d2:ad:3f:99:a4:8b:58:79:f3:b7:a3:97:65:b9:ea:50:3d:ee: + 1d:c0:a0:7a:ff:0c:bf:8a:98:f5:bd:87:97:8c:15:1b:9d:9f: + 69:b5:dc:7a +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUA1tJRugxpo8TT1uQkJHIKI7gWtgwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuFYR5k+Aa1aaTBG/DGpC7FmXiilLVYl7KPGATp/+AZty +0jWWiVSt256uI9ranh5fe02j+cKTvctqipeSQWK99RbATcRZmHxSMmJFUnBOSPes +tw5MUYkEw9bOEse+j6H90E2BhqXCEYQjH952hNlw+9etW1T3Cf6si95Nz6fZ3SOQ +djrew4tetD1uLYdk2g+k9TSB7sOaYUNWZh/Fv/bloe2ASUiS8RW49AdcnZJthxnK +XMhVSAnO8uCvHovVME+St6cChHazhYEX8Q6bpKPKBzrYovUVQAdfp5cnyh0suP/E +C0PBnhiR/QHnIKURsttxwslg+LzTqPML+x/rapTS+wIDAQABo4HpMIHmMB0GA1Ud +DgQWBBQVx4NRmYrsqvFKLBwEwDe9ZIpDRzAfBgNVHSMEGDAWgBTLxqg6gw5bQQw+ +wyBIvzdp21rchzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBADqu/bL/qE4f+IKQPdOe25vYLq9yz374GQeWpmQA6MKWOEjTfQru/7vngZ6E +SqOxi0uSbFS3dCRkC0pQv90DaFi/fD3jzObIKVurrJ2eQTWPgxj9LYI0TET2JapC +ULS8S7Kf9Tmcq5AC7DWh9TaYjvrj7TeeWWK2bmGOivpcIuzse8IVgvg1KeO01yR+ +a2h2qMFEwTMMqj94RoSG36bnM/aTg+ojMCRa7P8/CKso+zil5txlxgrVXf7NO4K+ +1NisS+gn7X+bfjYKHqV59Ehd7o8i3rKfFM0nWtKtP5mki1h587ejl2W56lA97h3A +oHr/DL+KmPW9h5eMFRudn2m13Ho= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:27 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:0c:ea:12:ab:57:9d:4a:f2:58:74:68:94:60: + 14:1e:5f:ff:fc:9d:62:f6:0d:34:6e:e9:2f:ca:d5: + 53:29:e6:a3:2f:c0:6b:6e:62:82:b1:5f:26:3d:2d: + 98:99:93:7d:6f:f5:1c:cf:54:d3:c4:4b:81:cb:b3: + a5:98:57:bd:fe:7f:19:76:af:99:ef:cc:62:cf:c0: + 1c:df:5e:f9:b6:94:49:33:6f:db:ba:bf:5b:e2:20: + 87:9d:3f:7e:c2:e7:94:76:3d:8b:7f:a0:49:f1:2d: + 30:77:7b:8b:2c:b6:ec:cd:1e:5e:bf:e5:1b:86:dd: + d8:c1:e1:0d:b4:57:f0:aa:0a:58:d4:c3:4d:5b:cb: + bf:0e:f9:c7:23:61:f8:a3:0e:ab:2d:0f:87:1a:4f: + 1d:0b:e6:39:0a:0a:35:be:f3:f9:55:f7:87:cd:f7: + 7a:d7:18:7d:b7:0c:1f:6a:7a:67:52:55:6d:b8:ed: + 87:28:a9:fe:eb:c3:c8:a8:66:bc:33:93:db:9e:20: + 44:6b:31:36:b8:15:1b:cf:37:c2:be:9d:45:7c:3d: + d2:13:36:a0:1d:d7:74:52:67:a3:b7:3b:4a:54:01: + c5:6e:72:71:9d:47:39:44:58:27:08:a2:54:15:b5: + 27:df:7b:3f:c9:f1:cb:23:be:cf:bd:8e:37:be:f2: + 8d:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 + X509v3 Authority Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7e:a0:5a:59:73:39:3f:56:aa:ad:33:92:7e:da:68:0f:30:65: + b8:4b:ec:6a:7c:e1:de:f6:c4:5e:96:15:6d:dc:87:35:1b:60: + 52:e6:0c:3c:c6:38:fc:75:f5:10:9a:6b:59:dd:53:7d:3e:26: + 74:b7:68:89:27:9a:4e:4c:c2:95:5c:ed:ba:4e:20:29:7d:a6: + 38:81:1c:b4:58:11:c4:d8:02:b2:76:34:23:bf:c5:43:82:6f: + 65:95:23:1c:cc:86:9a:d2:85:e0:a9:c8:61:74:97:9c:6e:90: + c0:47:d0:b2:ce:df:0f:b2:4d:40:1f:b0:70:a0:db:94:97:1a: + e6:c4:a0:ff:46:a6:9c:83:28:c2:fc:69:af:42:e6:ce:11:18: + ff:05:cb:54:c3:d5:35:3f:a0:1e:2d:76:67:83:b5:b8:79:70: + 4e:bd:36:cd:e7:82:d5:97:da:10:3f:b4:92:65:dd:c7:c1:d0: + 6f:30:91:a3:6d:be:22:0c:71:e9:b7:b3:a7:24:c1:28:d2:ac: + 93:ef:ed:3b:bc:51:b2:64:4d:f7:02:f1:04:80:9d:3f:f8:f7: + 55:62:d4:6e:62:1e:15:b9:a5:80:c6:30:e6:c4:e2:5d:d5:af: + 7f:69:5b:38:81:4a:8e:27:58:04:6e:f3:34:7f:7d:e8:c8:90: + a6:91:78:a6 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALkM6hKrV51K8lh0aJRgFB5f//ydYvYNNG7pL8rVUynmoy/A +a25igrFfJj0tmJmTfW/1HM9U08RLgcuzpZhXvf5/GXavme/MYs/AHN9e+baUSTNv +27q/W+Igh50/fsLnlHY9i3+gSfEtMHd7iyy27M0eXr/lG4bd2MHhDbRX8KoKWNTD +TVvLvw75xyNh+KMOqy0PhxpPHQvmOQoKNb7z+VX3h833etcYfbcMH2p6Z1JVbbjt +hyip/uvDyKhmvDOT254gRGsxNrgVG883wr6dRXw90hM2oB3XdFJno7c7SlQBxW5y +cZ1HOURYJwiiVBW1J997P8nxyyO+z72ON77yjY8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUy8aoOoMOW0EMPsMgSL83adta3IcwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0wha +lGbuWv+oeTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQB+oFpZczk/VqqtM5J+2mgPMGW4S+xqfOHe9sRe +lhVt3Ic1G2BS5gw8xjj8dfUQmmtZ3VN9PiZ0t2iJJ5pOTMKVXO26TiApfaY4gRy0 +WBHE2AKydjQjv8VDgm9llSMczIaa0oXgqchhdJecbpDAR9Cyzt8Psk1AH7BwoNuU +lxrmxKD/RqacgyjC/GmvQubOERj/BctUw9U1P6AeLXZng7W4eXBOvTbN54LVl9oQ +P7SSZd3HwdBvMJGjbb4iDHHpt7OnJMEo0qyT7+07vFGyZE33AvEEgJ0/+PdVYtRu +Yh4VuaWAxjDmxOJd1a9/aVs4gUqOJ1gEbvM0f33oyJCmkXim +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:26 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:ae:84:aa:34:ef:4a:a7:14:8c:a4:e3:d7:7d: + ef:7e:3a:25:72:c0:9c:be:13:87:cd:a0:ae:fc:96: + cb:f7:80:6d:4f:d0:2b:c6:5e:b2:9a:0a:b6:af:ae: + 0a:92:93:99:f1:44:d1:ea:bd:01:54:11:4e:04:5f: + 00:16:85:81:26:4d:47:44:6b:e2:b7:92:e5:c8:41: + a5:7a:5f:23:c5:4e:7f:db:12:f4:8d:a2:2f:5c:83: + 64:b3:6a:fc:f1:36:53:0e:c2:90:88:18:f5:c3:d8: + 3d:e7:a6:7f:a0:c7:66:f1:24:aa:80:52:0a:50:96: + c3:14:ae:48:ba:ee:ee:34:9f:7e:99:d4:ee:00:c1: + 41:d8:6c:93:ab:2d:11:65:2b:17:cd:6b:f6:80:f2: + 66:5b:27:89:7f:92:1c:a6:d0:e1:f4:33:11:b6:7f: + a9:f6:4b:46:eb:2d:3c:8d:7f:7a:fd:cf:dd:43:64: + b0:14:b8:58:05:dc:f7:59:de:1f:c2:af:d6:89:4e: + 0e:98:68:21:30:3a:8b:23:00:6c:29:0f:91:fe:99: + d3:ac:fa:76:be:f7:f3:2c:87:e8:44:1b:1f:59:fe: + 81:db:70:88:2d:e3:84:65:e8:33:49:03:c3:f0:a1: + 39:a5:85:df:58:8d:6d:70:0f:8c:3d:20:fe:f0:ba: + 22:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + X509v3 Authority Key Identifier: + 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:3 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 77:0f:1b:33:10:e7:d2:36:f1:7d:fb:68:33:9e:53:4a:08:c5: + b1:66:5c:8f:9f:ed:b0:2f:6a:4a:e7:b3:1e:33:94:66:17:59: + 86:47:32:e7:27:7f:34:1b:f8:7d:dd:93:40:9f:89:d0:7a:4c: + cc:8c:31:5a:23:3f:1d:41:4e:5b:40:c5:d2:c5:a5:7e:a6:8e: + 75:07:3a:db:6c:80:08:f0:a0:74:fa:94:b1:dc:9a:cc:f3:13: + e8:8d:af:7a:95:5b:4e:8c:2b:ce:42:bc:a1:65:bd:a0:1b:74: + 0f:28:1d:7e:05:8d:10:0f:b9:e6:dd:3b:4f:b8:a5:84:dd:1d: + 3d:4e:69:58:c1:5c:12:6f:c4:e5:8a:88:3b:9d:0f:c8:ef:f6: + 36:27:74:b5:e9:a4:b0:dc:3e:2c:eb:6a:74:af:4b:c7:c3:0d: + 60:f1:ef:ef:58:36:cd:74:c8:f1:f1:73:1c:fa:3d:a1:86:80: + 90:ee:25:f4:39:b1:08:a3:17:a2:d2:92:84:ff:4a:4a:ca:19: + 76:d4:91:23:56:e4:74:94:e9:21:e5:3b:bb:22:fe:95:18:a4: + ad:80:85:b6:f3:97:fe:1a:11:87:b7:c7:9a:f8:48:55:5a:a5: + 78:0e:55:70:4d:2d:20:b2:82:e1:51:f0:c5:1d:08:13:b7:26: + a7:81:e7:d5 +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCoroSqNO9KpxSMpOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCrav +rgqSk5nxRNHqvQFUEU4EXwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2Sz +avzxNlMOwpCIGPXD2D3npn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOr +LRFlKxfNa/aA8mZbJ4l/khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ +3h/Cr9aJTg6YaCEwOosjAGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJ +A8PwoTmlhd9YjW1wD4w9IP7wuiIZAgMBAAGjgdwwgdkwHQYDVR0OBBYEFATM7oUX +LDdM0tMIWpRm7lr/qHk0MB8GA1UdIwQYMBaAFATM7oUXLDdM0tMIWpRm7lr/qHk0 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB +Af8EBTADgAEDMA0GCSqGSIb3DQEBCwUAA4IBAQB3DxszEOfSNvF9+2gznlNKCMWx +ZlyPn+2wL2pK57MeM5RmF1mGRzLnJ380G/h93ZNAn4nQekzMjDFaIz8dQU5bQMXS +xaV+po51BzrbbIAI8KB0+pSx3JrM8xPoja96lVtOjCvOQryhZb2gG3QPKB1+BY0Q +D7nm3TtPuKWE3R09TmlYwVwSb8Tliog7nQ/I7/Y2J3S16aSw3D4s62p0r0vHww1g +8e/vWDbNdMjx8XMc+j2hhoCQ7iX0ObEIoxei0pKE/0pKyhl21JEjVuR0lOkh5Tu7 +Iv6VGKStgIW285f+GhGHt8ea+EhVWqV4DlVwTS0gsoLhUfDFHQgTtyangefV +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/generate-chains.py new file mode 100755 index 0000000000..737d6c57f1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain of length 3 with requireExplicitPolicy=3 on the root, +meaning an explicit policy should not be required and the chain should verify +successfully regardless of if the root constraints are enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:3') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Intermediate.key new file mode 100644 index 0000000000..ce39f8bce8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5DOoSq1edSvJY +dGiUYBQeX//8nWL2DTRu6S/K1VMp5qMvwGtuYoKxXyY9LZiZk31v9RzPVNPES4HL +s6WYV73+fxl2r5nvzGLPwBzfXvm2lEkzb9u6v1viIIedP37C55R2PYt/oEnxLTB3 +e4sstuzNHl6/5RuG3djB4Q20V/CqCljUw01by78O+ccjYfijDqstD4caTx0L5jkK +CjW+8/lV94fN93rXGH23DB9qemdSVW247Ycoqf7rw8ioZrwzk9ueIERrMTa4FRvP +N8K+nUV8PdITNqAd13RSZ6O3O0pUAcVucnGdRzlEWCcIolQVtSffez/J8csjvs+9 +jje+8o2PAgMBAAECggEAFK+K4vdgXebo3FZ28k8jMJoOpZB6ZYLoX5WVkBj0qPRt +PYNG/xnn/ifiwGf+bPx9wywlQk/7NDA0nC7CzhrQ1Egk8o2CqbmxOgQBtj6Jr403 ++ZYBfAi0Hr0AK+XTJ7p3cBhFJcknOtyQVGrtDdyM8Aj7Enxr7VGTT2j2/TfvYTKC +B4wBOGFQAdyT5vioyDN/48KV8bghbnt2R3wIYyeChRo6p4v/IG2XCUWGKhJQgeAI +QmA30jd0HB0h5+UEtTEgVCRtpxMWVENaAS+8XgNND5JFtSNnfRItR22NF+o6xlil +kizNiSzHVbIZIMkoIpq2VVHDv96NqBokLtoJvltc8QKBgQDGLFzH3e0IKOu2YAeg +WA4ML9a5g6+quqr/Nf11Q+LpSLepou5pvq1OJRMqcOJduDCU28Ei7zzfw2YE4EjC +G8/IAhPcn0ggjt02qwrL8FSxVxuZEzA06P02GpY1yxF17UCE8nVTALKAoCKKiNsY +tS44DG9hHD54Dw0RUu+i+654gwKBgQDvDETyyH3n60au3Zx3tmkZvQxLcjVi2cLs +AoO0srN+dBk6bZ2x9n942kl82fzdosqMCu7z+AlPZUPnzt0rbSzJImqxDnzrsReH +DZxhmoIPHhkpk09uDiVuLNEPzUvpNTl2Vt14ayi58+bRlUs35BjCrPQ113uj6x4z +PBD3khiRBQKBgEXEGGXEm03kGhd6dzTbyxY/QTjOQ2m3jbuLJk/CNoAqOX5e/c/8 +cMayBq1KUGbuESxWsQe7cZLVF3VgAD1VzTB8isGA0cOkh/xW+tYRJb/JCs45Ex+N +ZpdFhNwrQVpiy/QB54vxEuZ1ebOLupZYMo1I0208pEFgCxmuOO8H68RBAoGAffei +ManTJy5FHgqr1C2sbqK/YtZ5KXEFFWcxzjvI+F7nmHGBAvGZNK8awI8CgCyzvV5Z +kvhmt47uXK4WwDaUvhzDyi+PRogYlNNoT8qitKKwscbtuVn9AXTeagxN70Nb129o +33bgjDTpshGRBI/POG75dZHqlnNkg60oZ7118p0CgYEAjOucizNAKerOcSnw0NW6 +Pqc8lZjZQz10P1saIxcBAOUl09HOOe/ARvcpXUawTHw3qls3CpzfuvPpTSap0SQf +dXa3vtD6iRn3FFklbU9LZDe+cLHxv4lJGByeLDt1SKuhICWyBvnTvgEo959cnKgF +aLZldjbJ2cb0XsM1J9Iqaro= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Root.key new file mode 100644 index 0000000000..fe4e250b31 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCoroSqNO9KpxSM +pOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCravrgqSk5nxRNHqvQFUEU4E +XwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2SzavzxNlMOwpCIGPXD2D3n +pn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOrLRFlKxfNa/aA8mZbJ4l/ +khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ3h/Cr9aJTg6YaCEwOosj +AGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJA8PwoTmlhd9YjW1wD4w9 +IP7wuiIZAgMBAAECggEAF7QqhWaZ59Ix04/KSrpyQLk4EPebLyS8dTtqy6j/MaEU ++13EAQTGsVnnESnyZ2WhgOOMYiG8QY2K+pdFAmUxYGoEpUtJ2UUl0C3VbKxY8P2W +fvkbb5nGcQgvyvyyXc0l/9F8kPt88c/95wMhNT1ALIvb/9tHgsqk0E+rfcVcqP0z +5fSazo8Tybq6IWmkC7qO4Q0dK3q+DJ8t+EiFmF9/RaPtrpiLrQ0pWn6JFUrk23/y +8jd8QLkGB9BuKu5rzR3uPV1h4j/5fZBcBZWAUBgebuR4rCy380jnD8VtfbUqJBUa +yHgLL1Vm+ZkpRBHY46DvJInzr0CMyd12VoAoZ4oKuQKBgQDrp/RvRlBmBzLDR37n +XpcN0zA1/d1p2UAASJxQ8sGTD4utgmVnbBtulvfIh8QMBSSgZ3vJ+C2gwbh1Vwm8 +3xDgItW+zKIjR6Yh3XdgvRcP9V3oioK4e69XJrgVb0q5M0Ye9DdPYL3mmJ4Lffz0 +rZMkhpYHn7f1miWp+xGY0sqVLQKBgQC3Pmq87yz7US1A5Tj1KKCPBs/ZrhK0x7KC +i1ps9Xp2itW/nVLAI7ryHt5jwHYzLqEGENZ/czFI35YvjdBnoKaOH8OQ8wqIkx7v +5VsSE5rQ7LsBnmCq/DlFAxaE14w662FCWbY8gHcmxgRRe5Qa1/wBtIMQtwGxTx37 +/9xdk+GsHQKBgQCY9PkZSMBimQV/7uYV8zWEibFfOhn+3D5IcNjVSdwPQiXdRyfe +izL7Aw5toIHFc4kkfEbC/01ObK73qrjtWLQxZyrpnxUWZSkWDhOwPMu9VfvQNidG +6zESFlWhxAzyTK+U49sKsLZR+HmM6AfKIOfC64ByDl9vENCllgsD8L4BOQKBgGr5 +8W5jYytE9NpR97KICVP2chlu2lTX0IsNt7ishtX1r1uyCMFLGrSG+OXbUiYHLtJP +uimlojwc65zPeb9FtnZ6bL2OZbPdz83VZBllgJg/29zSDTVFEloLt3XOMHulNp55 +qT4g8W6dY5/+OTSCqwiDzZBQhphwy9x2PrwSvUixAoGAK7FTBQo/UWZD6+bBgLMR +tPgZoKe4HvCKTVV5Dln+00r3rxFofGmVPN1yPNFOQGMxFQSPy/AUHFR4Rdqp39Jt +SSJAZynvdmOsNrdIoPR6zXxNj98WHuFjlhLKXema2+X/HY8YGLW5kiyli//LAeGi +mgfUONCqRvhNPasitWxFSlk= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Target.key new file mode 100644 index 0000000000..569c966f3e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4VhHmT4BrVppM +Eb8MakLsWZeKKUtViXso8YBOn/4Bm3LSNZaJVK3bnq4j2tqeHl97TaP5wpO9y2qK +l5JBYr31FsBNxFmYfFIyYkVScE5I96y3DkxRiQTD1s4Sx76Pof3QTYGGpcIRhCMf +3naE2XD7161bVPcJ/qyL3k3Pp9ndI5B2Ot7Di160PW4th2TaD6T1NIHuw5phQ1Zm +H8W/9uWh7YBJSJLxFbj0B1ydkm2HGcpcyFVICc7y4K8ei9UwT5K3pwKEdrOFgRfx +Dpuko8oHOtii9RVAB1+nlyfKHSy4/8QLQ8GeGJH9AecgpRGy23HCyWD4vNOo8wv7 +H+tqlNL7AgMBAAECggEAC7nl75m1GJ7st9QVLCwCT9ivLCnOUgWp4QPj3pyM4vtJ +hZfFGL1bRfJFL6C3cYGLH2Pj/3piPZuYDnLv6drnLJUi7I+GB445CF15/XGJeVjQ +EuEE99bYh8C9YTJ1q9tpMvwLNk6LFuQp+9gCABd4+XxR2dKA2JDr1wXwOzp5QHjr +5+K5W0Mu65v77sR9iMSpGV2tsdri70e1i8VbUdgroqgPg8F7HRx5JhEnXpEzEJHI +9wr7kFb6lrWT5QsG7LpMQBx5ja8ts4A8mh4An6MO865E67FUGtBX+f83HZOrJ2Ts +KvwIbT8cX8YF8889lfS8bTkq+3UjEzPSKsgBtl/06QKBgQDDebSF5zNFtqlSC1rx +l0HGxfMSFq8ddS8DhSRZtl+gNCVm0mkl74pWpEJY09/6ofJ3ONMkjMKByzWGeDQ6 +XBayDV7VIdmfjXKbkpvyTPShKomJl0pKv6fR7dgrFJc4GFrcH3bhvQPGco9bQQyA +AjM8OEAgmKYxHsTsnM0XvUsF1wKBgQDxaWtvxA5G346cjEGtlJWg5nE07F6eEiw4 +oRCZ9N37I3/gPt8BBMNO/z+NuNZFWKqzMHzcCI4LiBCvw/HL2IHEdHIzBlZgYJKf +1vMzCTo1CVInkGkpLh+kq5xorEOnb9JvNA/3Mjn4AW1X/vZfYwVGzHMCkBmsKNvQ ++lgzQxOvfQKBgQCJKUMUmlCN4EgbO8CKuRn8gjW3QZeK0gk1LR1+ncunvC9qYMZL +SjQF66hqb/FACpb6NTNi+CobrR1Xx8zODoQWV+9tGh18KWJ763nloT4eQJzVoQUO +QkFdusjuIbqiL+TBhIqEh364pvYUkCZXRDPzU30b4kDrQq3nYXc/6yFTbQKBgFrb +GxUoS1s/HfQrETjb1+iDcg3B++Yv3ra9X3sh3j17YdAquVEv0rWzeN7EttfIhA4G +bKd/DL6oSedsrl7SsBwY2zX6551EG0rO4h7OFTsKtAGx5vIZqs0VzTrTwm6Mtj0l +8fBN1eVR3C4nBeBmawD3Rz2qsA7MHdarsXAxiYIdAoGAVVDS5ydsWmY2tDpMyJzA +aCcnfIRuzumk1PfnxPuhzHE28VrnsRdpu2FxXoPKbBWstDCm1iv8O1pp3BrYcIxQ +d3AqR4WBotFIv3kBVr+1tKRqs7a4QpyYxrRjKL1bPBtGLc2Hx0PFDm4y1u2uwmrQ +a0EbGaI0e2FELc+qJBjk8yQ= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/ta-with-constraints.test new file mode 100644 index 0000000000..14a6e03b0a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policies-required-by-root-ok/ta-with-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/chain.pem new file mode 100644 index 0000000000..73b37722f5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/chain.pem @@ -0,0 +1,279 @@ +[Created by: ./generate-chains.py] + +Certificate chain with policyMappings on the root, and the intermediate and +leaf using the issuerDomainPolicy value. Should fail if anchor constraints are +enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 43:8d:c6:ba:e1:ee:9d:3c:c5:aa:c8:68:1b:96:52:a2:da:44:1b:8e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:db:97:56:01:97:18:c9:86:bf:4a:dd:a5:fc:05: + 77:5c:f7:39:cf:23:b0:08:5e:a2:44:e0:ec:6e:38: + 42:0c:9a:63:ee:ab:fb:09:fe:fa:30:4f:c9:5c:60: + a3:8e:a5:18:ae:44:3d:46:2d:ee:9b:5e:e0:dc:95: + 7c:2a:2e:08:0d:a5:7f:bf:9b:d3:bc:00:22:47:d8: + b8:94:5b:fc:d9:4b:c9:d3:50:53:83:07:74:f5:25: + c3:6f:9a:e8:11:0f:09:6d:d3:23:14:d4:30:95:1d: + 68:9d:7d:f0:d4:d6:dc:56:b3:19:38:ea:02:96:eb: + 4e:e1:84:6e:2e:39:4d:85:5d:15:48:11:66:77:a8: + e5:2b:ca:38:80:db:46:d5:7c:23:88:82:63:9c:4f: + a6:dc:85:6a:03:14:2e:56:8a:13:54:37:29:04:53: + d9:10:9d:d0:8e:37:7e:25:b4:bb:85:2b:d4:24:7d: + 22:c5:23:ba:69:7b:3e:8c:ec:f4:9c:7c:b8:1a:16: + a4:50:d7:ab:ca:df:83:64:a8:bc:c8:97:29:5e:45: + 2f:91:0c:4e:e9:ad:c4:f3:7c:1e:d8:8a:f0:73:ef: + f4:86:49:47:33:b5:dc:ab:0d:cd:57:b6:a2:e6:d8: + 1c:b5:8b:b7:44:0f:27:cc:ba:1b:96:ff:29:61:11: + 8e:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5C:62:AD:13:BB:EE:2B:9C:B6:F3:04:CE:B5:AA:79:05:E6:CC:C6:6E + X509v3 Authority Key Identifier: + ED:76:C8:FD:F0:C5:92:46:E5:C4:2B:DB:6C:41:5E:AE:37:24:81:BC + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 35:e6:a8:77:3e:c3:cb:9b:b9:01:52:6a:e6:5c:85:e7:b6:4a: + cf:14:22:d6:93:94:0c:dd:68:c1:5f:c4:77:a3:86:0a:ab:c1: + 31:58:3e:7a:b6:69:66:51:ef:df:98:3b:91:87:b0:a7:b3:48: + 5a:fb:fb:8f:31:f2:25:ec:ee:ab:64:2d:80:c6:75:04:2c:22: + 99:54:a1:96:2f:bf:68:8c:69:9b:52:5a:98:9b:70:e8:0a:9a: + e6:4d:15:eb:77:1c:8c:27:01:c4:f8:17:64:64:da:71:4c:35: + c2:16:b4:05:4a:ac:21:74:db:9a:ad:8a:6a:47:6c:74:6c:65: + d7:63:12:75:42:62:47:48:5c:24:96:82:11:8d:65:e5:c4:fd: + d3:12:40:b4:47:c9:78:f5:21:b4:48:56:29:b5:4b:29:19:32: + 49:38:e5:8f:0f:f6:46:a1:ca:1f:5a:15:ac:4d:32:89:f6:5b: + 95:87:ae:a4:eb:0a:70:a5:a2:e1:05:46:c7:26:f0:29:bb:71: + 0b:b2:cf:25:8f:85:b1:7d:74:59:db:6e:38:bc:31:52:03:4a: + 53:53:5a:2b:a5:e1:0d:d1:c7:36:a5:35:cf:60:a8:ff:3b:b6: + c3:92:4a:cb:da:f1:9c:7b:d4:d0:d1:7e:e9:13:e6:64:d8:3c: + 0c:11:3e:85 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUQ43GuuHunTzFqshoG5ZSotpEG44wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA25dWAZcYyYa/St2l/AV3XPc5zyOwCF6iRODsbjhCDJpj +7qv7Cf76ME/JXGCjjqUYrkQ9Ri3um17g3JV8Ki4IDaV/v5vTvAAiR9i4lFv82UvJ +01BTgwd09SXDb5roEQ8JbdMjFNQwlR1onX3w1NbcVrMZOOoClutO4YRuLjlNhV0V +SBFmd6jlK8o4gNtG1XwjiIJjnE+m3IVqAxQuVooTVDcpBFPZEJ3Qjjd+JbS7hSvU +JH0ixSO6aXs+jOz0nHy4GhakUNeryt+DZKi8yJcpXkUvkQxO6a3E83we2Irwc+/0 +hklHM7Xcqw3NV7ai5tgctYu3RA8nzLoblv8pYRGOsQIDAQABo4H+MIH7MB0GA1Ud +DgQWBBRcYq0Tu+4rnLbzBM61qnkF5szGbjAfBgNVHSMEGDAWgBTtdsj98MWSRuXE +K9tsQV6uNySBvDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwQwDQYJKoZIhvcNAQELBQADggEBADXmqHc+w8ubuQFSauZchee2Ss8UItaT +lAzdaMFfxHejhgqrwTFYPnq2aWZR79+YO5GHsKezSFr7+48x8iXs7qtkLYDGdQQs +IplUoZYvv2iMaZtSWpibcOgKmuZNFet3HIwnAcT4F2Rk2nFMNcIWtAVKrCF025qt +impHbHRsZddjEnVCYkdIXCSWghGNZeXE/dMSQLRHyXj1IbRIVim1SykZMkk45Y8P +9kahyh9aFaxNMon2W5WHrqTrCnClouEFRscm8Cm7cQuyzyWPhbF9dFnbbji8MVID +SlNTWiul4Q3RxzalNc9gqP87tsOSSsva8Zx71NDRfukT5mTYPAwRPoU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 69:87:c1:3d:86:c3:7e:b1:e4:e3:9b:5f:80:b9:2a:e9:8b:94:77:c2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e7:f7:6f:4f:81:c9:16:07:ba:09:61:e2:27:36: + 95:50:ef:f4:37:8a:45:bc:b6:72:58:86:f4:c7:3c: + d1:8c:30:24:27:d5:8f:ff:ec:67:bd:a5:e6:30:99: + b1:c7:de:87:c4:dc:4d:45:34:ab:98:91:f8:3c:3b: + ba:e3:cc:8b:14:c2:ca:53:94:1c:e5:05:bf:0e:82: + dd:73:10:a2:e1:46:77:1e:0b:d4:8f:db:b7:ec:e8: + 69:62:23:c7:21:58:b9:ad:30:ff:53:6c:2b:f0:4c: + a7:e7:a6:a3:e9:c1:23:cd:75:d4:f5:9e:27:d6:32: + 5d:72:2f:9a:50:d8:c4:f6:01:53:a8:15:2d:81:c4: + ae:f2:b5:0b:cb:c3:63:07:c4:cd:02:4e:d4:c3:6d: + 1e:d3:91:14:f4:ed:c2:7a:cd:c8:49:fb:80:a7:9a: + d3:59:7e:1e:48:3e:4f:d3:9d:91:9b:64:b6:fc:d6: + 48:f5:a6:41:df:2c:1f:6f:4a:af:e7:de:84:73:6e: + 22:fd:c1:40:e4:2d:93:d4:45:52:d5:94:f5:d0:78: + 9c:c9:d4:78:57:6c:a7:15:53:ba:e8:a9:17:11:63: + 74:6d:e4:84:ee:fa:0a:c8:15:e3:6e:f2:37:f0:a5: + 6d:b7:3c:f4:c1:8a:22:71:f7:30:00:e1:5c:3f:12: + fd:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + ED:76:C8:FD:F0:C5:92:46:E5:C4:2B:DB:6C:41:5E:AE:37:24:81:BC + X509v3 Authority Key Identifier: + F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 8f:94:cc:66:f4:06:e6:8b:4b:78:52:c1:a6:1d:ee:b2:d8:58: + c5:bd:0b:aa:ab:3a:b3:34:d6:5d:6e:0d:a1:eb:80:05:c7:f1: + 07:39:37:31:f4:50:61:41:10:f8:ce:df:63:f8:fc:0c:01:5b: + ba:64:3f:73:82:4d:40:2d:cc:de:57:e0:29:bf:5b:7e:93:c3: + 73:7e:21:24:6a:21:17:36:45:99:41:68:9c:93:8c:a4:a8:3e: + d5:7f:b2:fd:03:14:ab:21:f5:fa:90:d1:bc:3d:25:bd:66:52: + 3c:c0:15:5f:86:c0:3d:1c:24:61:7b:70:b0:c1:be:54:65:93: + 63:e4:85:68:c9:f5:e4:f7:eb:d1:41:4c:ed:f0:47:f6:e9:e5: + 82:0f:57:72:57:ad:38:9d:11:4c:e3:3b:bb:b8:13:a4:49:3b: + cf:fb:9f:1b:85:c5:fd:d2:54:36:9f:f5:fc:ae:15:2e:a4:84: + b8:c5:70:2f:04:58:8c:a8:79:de:1c:b7:48:20:7b:76:53:c3: + ad:cc:c1:cd:6a:0d:33:e4:e9:ce:35:e2:93:68:f4:b5:c4:61: + 17:2e:77:cf:a7:e5:bc:54:41:dd:28:d1:d4:f1:9e:a0:b0:e9: + 55:58:33:1e:2e:09:38:6e:0a:1a:53:93:1d:c0:92:e5:74:89: + 3a:4b:24:2d +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIUaYfBPYbDfrHk45tfgLkq6YuUd8IwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOf3b0+ByRYHuglh4ic2lVDv9DeKRby2cliG9Mc80YwwJCfV +j//sZ72l5jCZscfeh8TcTUU0q5iR+Dw7uuPMixTCylOUHOUFvw6C3XMQouFGdx4L +1I/bt+zoaWIjxyFYua0w/1NsK/BMp+emo+nBI8111PWeJ9YyXXIvmlDYxPYBU6gV +LYHErvK1C8vDYwfEzQJO1MNtHtORFPTtwnrNyEn7gKea01l+Hkg+T9OdkZtktvzW +SPWmQd8sH29Kr+fehHNuIv3BQOQtk9RFUtWU9dB4nMnUeFdspxVTuuipFxFjdG3k +hO76CsgV427yN/Clbbc89MGKInH3MADhXD8S/cMCAwEAAaOB8TCB7jAdBgNVHQ4E +FgQU7XbI/fDFkkblxCvbbEFerjckgbwwHwYDVR0jBBgwFoAU9zKPezMr1XdjP3Mi +wYzidAFCeXIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdJAEB/wQFMAOAAQAwEwYDVR0gAQH/BAkwBzAFBgMqAwQwDQYJKoZIhvcN +AQELBQADggEBAI+UzGb0BuaLS3hSwaYd7rLYWMW9C6qrOrM01l1uDaHrgAXH8Qc5 +NzH0UGFBEPjO32P4/AwBW7pkP3OCTUAtzN5X4Cm/W36Tw3N+ISRqIRc2RZlBaJyT +jKSoPtV/sv0DFKsh9fqQ0bw9Jb1mUjzAFV+GwD0cJGF7cLDBvlRlk2PkhWjJ9eT3 +69FBTO3wR/bp5YIPV3JXrTidEUzjO7u4E6RJO8/7nxuFxf3SVDaf9fyuFS6khLjF +cC8EWIyoed4ct0gge3ZTw63Mwc1qDTPk6c414pNo9LXEYRcud8+n5bxUQd0o0dTx +nqCw6VVYMx4uCThuChpTkx3AkuV0iTpLJC0= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 69:87:c1:3d:86:c3:7e:b1:e4:e3:9b:5f:80:b9:2a:e9:8b:94:77:c1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:26:b8:0a:44:14:7c:69:58:4e:7f:22:bd:b7: + d9:02:d6:4b:3f:ec:66:b1:e3:d0:cb:5b:51:26:92: + 7b:91:fb:1d:40:6d:94:ef:5b:52:8c:92:83:22:9d: + f0:23:a7:3a:1e:f3:77:03:3f:fb:ad:7b:2a:7f:dd: + fe:31:fe:55:6d:c2:9d:00:1c:8c:a2:db:5d:ad:94: + 2e:c6:14:7f:fd:95:ec:77:55:97:5d:11:0d:6f:fd: + 40:c7:eb:a1:aa:02:b9:ac:3f:ea:67:d3:26:97:a3: + 2f:66:48:3d:4f:2e:db:4a:64:b9:41:d9:f3:ff:fc: + b8:a9:b2:b3:8a:88:85:e5:3a:b5:ff:25:d4:52:fd: + fd:c9:f5:f6:10:16:d4:52:ef:0e:2a:4e:24:e0:92: + 00:23:f0:3c:69:c4:1f:78:ee:6f:d8:35:c8:fe:03: + 09:ae:d8:67:7e:4f:d8:c8:ea:28:2c:d0:14:d7:d0: + b2:b6:46:ec:2d:6c:ff:71:c2:27:1e:f8:60:6a:06: + dd:04:09:1d:25:76:e5:e9:16:97:cb:58:01:7a:90: + 9a:9d:23:18:15:b1:be:7e:e0:e4:23:2a:5c:85:30: + d7:54:92:0f:ba:83:91:cf:4d:26:96:40:9b:bc:3c: + f2:8d:39:9a:b2:7b:3c:21:b2:d7:6e:ce:49:76:8c: + d7:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 + X509v3 Authority Key Identifier: + F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Mappings: critical + 1.2.3.4:1.2.3.6 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1c:0e:7b:a4:14:4d:3b:fa:44:6b:42:77:20:47:ae:d3:33:f5: + e2:2e:07:a8:ff:67:ff:85:b9:eb:7a:01:67:43:83:56:7f:43: + 51:ad:fa:9b:35:ca:a3:fa:12:1b:03:1e:e3:dc:e9:a1:8f:ee: + 8d:a0:00:ae:81:4c:23:85:ca:45:f1:46:37:f6:21:5c:b0:3e: + 2f:90:9c:e1:58:cd:42:a5:d2:c9:ef:40:d3:fe:b6:cb:7e:4b: + df:bd:f1:8f:b6:6f:76:4d:a2:7f:04:fc:64:21:77:53:e9:04: + 1d:d4:0d:36:8e:69:6f:27:44:ad:f4:2a:32:ef:f0:85:86:be: + 5d:4b:c0:53:7c:59:54:6f:31:28:0c:20:5f:61:f6:5b:e6:67: + d0:ac:1b:e3:fe:e1:4a:94:fc:ad:f9:1f:dd:dc:1b:18:bd:11: + b0:29:b9:b6:41:41:48:77:81:a9:68:3c:c6:c7:55:ec:1f:b1: + 6a:03:03:ca:19:2b:31:ec:e7:bc:0a:9e:0c:25:19:ea:c8:9d: + 7f:2e:e6:47:61:44:92:e3:63:c9:e2:49:aa:64:82:e4:49:80: + d0:b8:27:d6:da:8e:83:9b:44:ab:1a:b3:2c:9a:53:1a:82:b2: + 10:1c:66:4c:3d:9c:ef:b6:fc:6b:4a:61:60:51:27:a2:8c:24: + 0e:5f:83:ca +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUaYfBPYbDfrHk45tfgLkq6YuUd8EwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC+JrgKRBR8aVhOfyK9t9kC1ks/7Gax49DLW1EmknuR+x1AbZTvW1KMkoMi +nfAjpzoe83cDP/uteyp/3f4x/lVtwp0AHIyi212tlC7GFH/9lex3VZddEQ1v/UDH +66GqArmsP+pn0yaXoy9mSD1PLttKZLlB2fP//LipsrOKiIXlOrX/JdRS/f3J9fYQ +FtRS7w4qTiTgkgAj8DxpxB947m/YNcj+Awmu2Gd+T9jI6igs0BTX0LK2RuwtbP9x +wice+GBqBt0ECR0lduXpFpfLWAF6kJqdIxgVsb5+4OQjKlyFMNdUkg+6g5HPTSaW +QJu8PPKNOZqyezwhstduzkl2jNfjAgMBAAGjgfowgfcwHQYDVR0OBBYEFPcyj3sz +K9V3Yz9zIsGM4nQBQnlyMB8GA1UdIwQYMBaAFPcyj3szK9V3Yz9zIsGM4nQBQnly +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB +Af8ECTAHMAUGAyoDBDAYBgNVHSEBAf8EDjAMMAoGAyoDBAYDKgMGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAcDnukFE07+kRrQncgR67TM/XiLgeo/2f/hbnregFnQ4NWf0NR +rfqbNcqj+hIbAx7j3Omhj+6NoACugUwjhcpF8UY39iFcsD4vkJzhWM1CpdLJ70DT +/rbLfkvfvfGPtm92TaJ/BPxkIXdT6QQd1A02jmlvJ0St9Coy7/CFhr5dS8BTfFlU +bzEoDCBfYfZb5mfQrBvj/uFKlPyt+R/d3BsYvRGwKbm2QUFId4GpaDzGx1XsH7Fq +AwPKGSsx7Oe8Cp4MJRnqyJ1/LuZHYUSS42PJ4kmqZILkSYDQuCfW2o6Dm0SrGrMs +mlMagrIQHGZMPZzvtvxrSmFgUSeijCQOX4PK +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/generate-chains.py new file mode 100755 index 0000000000..a37a1c8055 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/generate-chains.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with policyMappings on the root, and the intermediate and +leaf using the issuerDomainPolicy value. Should fail if anchor constraints are +enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') +root.get_extensions().set_property('policyMappings', + 'critical,@policy_mappings') +policy_mappings = root.config.get_section('policy_mappings') +policy_mappings.set_property('1.2.3.4', '1.2.3.6') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.4') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Intermediate.key new file mode 100644 index 0000000000..8c835b8196 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDn929PgckWB7oJ +YeInNpVQ7/Q3ikW8tnJYhvTHPNGMMCQn1Y//7Ge9peYwmbHH3ofE3E1FNKuYkfg8 +O7rjzIsUwspTlBzlBb8Ogt1zEKLhRnceC9SP27fs6GliI8chWLmtMP9TbCvwTKfn +pqPpwSPNddT1nifWMl1yL5pQ2MT2AVOoFS2BxK7ytQvLw2MHxM0CTtTDbR7TkRT0 +7cJ6zchJ+4CnmtNZfh5IPk/TnZGbZLb81kj1pkHfLB9vSq/n3oRzbiL9wUDkLZPU +RVLVlPXQeJzJ1HhXbKcVU7roqRcRY3Rt5ITu+grIFeNu8jfwpW23PPTBiiJx9zAA +4Vw/Ev3DAgMBAAECggEACjsB3PVrmcRVeO+pB1m2h1waq6hphin1xeAndr7aVXh6 +EvFHgvefy6ymOyNMKyh68tYhTxmqx8I7h7LxFylNdc9X5QyPPOD4AC49XhAwK6Dt +kZTfMK91rF+Qf+Eo3/IHayzSCSsOjqNfp5PUS6bwN7H1GbAT/Oc6JjyubaP7a9Ry +dIGT6arF8c6rRQANKYl6BDGAsKH+rAZyngNLJ14Ril7g+fn7420MWBBZpCjmCdGt +TvWCF14rC93S5sBok1GIF/9b5dok9IfG81GimMNJCD0Z9gymbj+k9xoz/LsNLQIi +xWYJ1Ueh9N28OVgN2+mjQoXcSEKnWMhIg/S5FEX7wQKBgQDzBBjCNpOwDvV4OnYh +twUH6pBK0HOPWqiiALY3IAMUCNlK/BEbAFQ8OLXi3M+rx4Qgf7rWhUDiZSi9yGpO +HUKup4upoZyTATRdryQO3XdIu0S/s3FEi/nZy3w8pDhhH4TBNRFhTqjLgt1pnQz3 +6cM2Q8bZWH36a5HtHQz8zZPiuwKBgQD0XDTsq+IrDUk5QaZXWjj4z5XcTmx6dkIP +OEgFakWOu60SqaVmq0XSBQ5DCyCajR49A1dMK6S3XpYE7BejSS6g37Ol5DePv7GN +TmL9wHg2OtmuwKJKtShnFZ/Pj9gz/bFfTLv3eRNRAski9kpcOu+cVax87o/pOfCp +CsLZyv+0mQKBgHFTfcBD90dpEmvIx4IdeUkhx7w7zUgSvQUfU9oNIaJcJgjj145B +7wZOY/OxiV7QIfuN1TFo3sM07XTjWz+mQYx1MZofdYbQTv1JSYVtHc1bF0pWggG3 +TQKV9A/LfUc9jYkUGFDKf8i39EzmIkASUSijHr4ImGcJdvmeTIovzEE1AoGAF4Qk +J76m5mPB7zutKWzqXK+FiY0WjXaCBvrwm2zNwt222zvuSgIjlwGbjMIuYhFAnriK +ly8ADBGTOGgMIk+xqBO/MzDSVAgrqyCnECqMpxNkzZeGRtBGUh1Xot8B/Ibmofg9 +gqRpQnuVJcM0Bso5Mv9fuSowOU61JV9+vvz1PMkCgYEAi6T4/OyT0BW8OVFnAvwh +3pxbZq2FY1AgJvkOW+WcDfswGxDQl5OZx1VEGdCmEPxmmpXtFUc6RNh0fahFmvq0 +g0luFsrRuqtUgChu38KSjetQBybyrbS1BEDo01E3TPrkBMTZ2Xb3/3TWUncwpOXR +fAPQtmoZJL3IQ5f5+AqjkCI= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Root.key new file mode 100644 index 0000000000..d20ede7768 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+JrgKRBR8aVhO +fyK9t9kC1ks/7Gax49DLW1EmknuR+x1AbZTvW1KMkoMinfAjpzoe83cDP/uteyp/ +3f4x/lVtwp0AHIyi212tlC7GFH/9lex3VZddEQ1v/UDH66GqArmsP+pn0yaXoy9m +SD1PLttKZLlB2fP//LipsrOKiIXlOrX/JdRS/f3J9fYQFtRS7w4qTiTgkgAj8Dxp +xB947m/YNcj+Awmu2Gd+T9jI6igs0BTX0LK2RuwtbP9xwice+GBqBt0ECR0lduXp +FpfLWAF6kJqdIxgVsb5+4OQjKlyFMNdUkg+6g5HPTSaWQJu8PPKNOZqyezwhstdu +zkl2jNfjAgMBAAECggEAE5s/b8OMTzW3hsSCKwi5Zhr9gFZaUm5YmZdNW0pQVoGL +hxilejay4M68mcWqPKriCc310A55X25rN+sGalY8rcga0yeecq5mzt6QIhl8BwQ9 +8SIQrOZ0ub7lvpdzwGluhq3CeDkj6g/H8+Zv9+mvb9DJ71nPWG5RBiJoc9jW4YdJ +vJVF/LijzVWqxyQMrJJAWRDGZ2rr0jvyz7FUD7/+robC22YJtjilYjVa6/eVgvoB +pp4h2SLofyevYOP6SQgeeHgJ5EPLOReoZLUTNBoevaSzg8cLokq/GvS2nxsisXHS +MKGzZuFVgefQJoEZMf0vc6cxjMxeTH+xTKVmTTbxDQKBgQC+VFhGN0g70aw+9vCa +Nj8kiEpb7c/n1ahnHpa1HrNC5V6OPvLo08X644PFEHEg3ImjJoFYnAnfBC7bDxyc +E8X9lTVCqodMmHKJsKBm1qGM77ZDnnDW4Xa13ZZ9cWnz7V4uCcxDu+6VxEiiPqsQ +gN8p6ckJG44btC1YnCv2CAKpvwKBgQD/wqGp/a6nUc8BVsFGCnfFl+UoMyrVrmG0 +w9nfOJtsCxarnXujc1BD/6w7Edcrst3+Wb/s0P/Tewbs2EMwpw317lBxev1HTVHj +2YuBF6rP2fTfF+fdGibwsuAnK4T5+B+A6OKMpk2/jWusKjpP4jE8DsJVURJTLaF2 +GL/glScy3QKBgQC5jJq+YVifUKqee7lWbfoi0GfFtVMRjd7uIQkFq9dRKTGEdWP0 +jbid/b3RmVTgl3/rOTeyPfT1oStYziOzGSfVLuhMhNkAWEKZb0MA3s+CCZPj2gvh +wM4tQMhcpPuJHWjKcyza/9T51vCEk5nLrgdh4hPmOCHTalUm5KGK6oZGGwKBgQCv +rSkOcsn89ByUdtrbGWWbu/IT4tGRZO6IE98bjO51EEjKKKo8Y4DGtF/BU0fRJFOH +2m4SZJzUzrS7CvFcAeN9Ae0PhcNjrqCJOWyxh2g0zSl99BW3sbb9rmB5h1MXwG8j +RNQYeEL/SEylPXxAUsYu0pR5te44ZCd7zxQ9VzZNoQKBgB8Yu1n8KbJQy6kHvghe +GRKWSTNcuR+jRZB2DB5BCOktg1xIdCdG7Hb3/u6lE76FWzpuYkj1ETrB6T1I08jX +Kq5NnhXQ0ey5JRhkqOmHoXTcRDfFtVQA6lQKSqROtIudQJ7XVwfXlk10cuDAapiu +4Nmf0gkSc1fovD5UUkxVRuU6 +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Target.key new file mode 100644 index 0000000000..5eb8db4e09 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbl1YBlxjJhr9K +3aX8BXdc9znPI7AIXqJE4OxuOEIMmmPuq/sJ/vowT8lcYKOOpRiuRD1GLe6bXuDc +lXwqLggNpX+/m9O8ACJH2LiUW/zZS8nTUFODB3T1JcNvmugRDwlt0yMU1DCVHWid +ffDU1txWsxk46gKW607hhG4uOU2FXRVIEWZ3qOUryjiA20bVfCOIgmOcT6bchWoD +FC5WihNUNykEU9kQndCON34ltLuFK9QkfSLFI7ppez6M7PScfLgaFqRQ16vK34Nk +qLzIlyleRS+RDE7prcTzfB7YivBz7/SGSUcztdyrDc1XtqLm2By1i7dEDyfMuhuW +/ylhEY6xAgMBAAECggEAPksir2XNNtI+bv8MyL9GOr25jQ0LMXyjHNYPzD6yYf/k +TH9GQnIuSElCDq4th9hG9ZzPIxsBntreAEV5yT9wsmpaIKGUgbcqAma1CgVEZ+JL +mWImpruVTrwNQppXrgstehXU1GJTe+GxXUguazqenAvHonEkFesf3/LhDMTdvHCC +gawWdVraJ6iG7PIW/2hkTWlSkEgbkWXL6xTMA9a2RfqLUCCOOl/yC9yOCk4qlHlo +E5p3lktQwi9TzlGUCKXRT6a/C4IbZHs2vkzBwLo7xtiaCi3yx+xBuIxctToktffG +J03IrMnatN0NVFe9+0Q15prI/gX+QcAp5dDxHwcszwKBgQDwapEy+eMVvDJE5xaT +EJD99u4f6GrLnZ8vXBFuLQ75bRkqNLdbpotg5IWhDu6LQbwQ9FLsKPzz2xD+5hHf +KBwMBD2Xp/I0yHtJ6OJAhG7uAVQQ/98IvJ5/Ccdi08U8vaziIVNr6snnWvuwZZdv +bl+ZdRDLqhBugzHRVweTeLas7wKBgQDp0zMhUOgYx76xCcOoEKIIkMBSMaTJtbok +FeG1dgmWvlOsMnWJjaaO7D4VCY1pHeE7Mrf00kufaLERBoQG1b0TFxtjqs0mHinh +DBUG+dJJvNC4hcoZIU6CNNUfzL7KWtFBpqncmU8bdzivsrtfdvshTa0G7F9lsBVk +seZt6fK+XwKBgQCetbsk69H9hz+oPOWqMEWHYnvQlJ3rzSJJIX5gPV6lSmBSfHqP +BmL8k9+jczgGtl5w0tnrDSPv165gl4E00EWzqRkABN7f+XlqUVMLRGH2vOnCTyft +nJcFRm9ZznNmpdB7d4SauWSQVn/Q80AFT9fMdnuf96ThT7qTd+CIeigeAQKBgEuS +5Y25FqsbtDiITWK+rYBTOLXYMci4IceUAvWhhwvfzC91x6OD0veSx6YJBlmZPLjj +da19Ys/NCJ3WG0oSPyAycbnO9KuDSEnim9E7YYpPqq5ZH67rovJWnSPAC1Jf9A5i +DbitHHJmID45aHI8hIKJFomMUHEPbnqzPST9XmXFAoGAaY82mioGCyfXrO3ujEng +PyHkCrSioU6eUUKKcQCm+X97zvSD92AcM7JCRwJtvpQ1o/jDaMRJi4T+0rFgwdwC +hwgYyzvjmeSMlUyzgo2unJig4PWVEttBG0Ug0vcHpqF13c+pfwXguOVMXcFKjtRL +NDxGxWu3KUV3XOAvUNOKaMg= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/main.test b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/main.test new file mode 100644 index 0000000000..daaaf49a67 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/ta-with-constraints.test new file mode 100644 index 0000000000..add5736f7b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-fail/ta-with-constraints.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: No valid policy +ERROR: No valid policy + diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/chain.pem b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/chain.pem new file mode 100644 index 0000000000..8167c94975 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/chain.pem @@ -0,0 +1,278 @@ +[Created by: ./generate-chains.py] + +Certificate chain with policyMappings on the root, and appropriate policies +on the intermediate and leaf. Should pass. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5a:e9:b2:55:6d:14:8e:a6:58:4c:c4:d4:42:26:ad:b3:da:6c:6e:e2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:b5:55:2c:03:e1:5f:2a:e2:6b:38:51:05:21: + d4:60:d5:a4:6a:7a:1f:2a:a4:a5:d2:90:de:06:71: + cf:07:0c:70:96:8a:31:b9:ab:5c:f9:53:2a:02:96: + 42:b1:43:5a:43:29:95:01:5b:0e:57:00:e2:51:71: + b8:e6:8d:21:ee:a8:2c:82:1c:40:1b:5b:17:23:1f: + 40:61:eb:db:a6:e9:27:f2:ca:10:93:08:e0:06:44: + e6:2f:0b:17:e3:07:0a:bc:eb:79:16:42:f9:73:32: + 6a:84:d8:6c:2f:bc:1b:71:29:91:9d:e8:8e:b7:ae: + 2b:ba:7d:6d:62:75:67:32:8c:d1:25:45:32:66:c8: + b6:17:ba:61:55:a4:bd:61:98:13:d5:28:e7:77:21: + 22:5b:7b:89:52:7f:24:ee:80:43:d1:d1:9b:35:b4: + 7b:19:99:54:31:9f:c6:85:8a:91:57:c3:16:5a:7d: + 70:cd:5a:53:6b:b1:0f:14:1b:a3:8f:10:2f:82:68: + 2b:cb:f0:3d:60:45:ba:d8:5a:ab:a8:64:f5:dd:a1: + ab:8b:ae:22:74:42:79:3f:d1:b0:d7:37:9b:2e:7c: + c3:a9:fa:01:9e:77:21:3a:29:21:75:be:0c:0f:69: + 55:32:a7:27:07:d4:52:a1:79:10:77:6e:b6:d7:b4: + f6:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 89:AA:33:F0:29:99:24:A9:76:76:A9:42:19:F0:27:7C:A9:21:FB:92 + X509v3 Authority Key Identifier: + 23:15:56:0B:B2:09:04:1C:9D:21:49:EA:4E:E4:E0:EA:15:FC:E7:BF + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 60:9e:8e:5c:f2:af:67:d4:aa:66:1a:8b:21:ad:3f:84:8c:3d: + f0:72:39:61:6b:96:29:61:35:e2:c0:95:65:d0:e0:4d:4f:90: + 88:73:c9:fb:63:49:62:28:db:3d:d4:f5:86:69:8e:8f:88:1a: + d7:10:99:48:9d:1a:50:11:0c:6c:f2:9d:81:67:b6:15:3c:34: + ee:71:99:d2:c8:3c:1e:92:4d:04:c1:e0:4e:0b:f1:22:64:11: + f5:da:3f:2b:30:6c:fe:80:00:30:fa:5f:e1:6f:8e:13:ab:f7: + d2:1b:3d:ad:94:24:97:83:b1:ce:51:e5:ef:00:41:2f:4b:de: + 2b:1d:8d:f6:b6:4b:2f:5e:03:03:f3:62:56:9b:ef:86:6b:26: + 1c:d4:b7:e8:e7:b1:30:ee:34:18:c2:b3:9d:c4:ef:ba:80:10: + ed:be:44:03:42:e2:95:0c:32:61:ca:8b:47:de:b6:68:e1:1d: + 79:f2:00:d0:3d:d7:3b:3e:cd:87:67:57:00:f3:06:a5:09:f3: + f2:a1:b2:10:ca:f8:57:b9:42:a0:47:59:35:bb:42:30:59:c4: + ff:50:d4:f0:07:f4:bf:27:9a:45:23:39:65:a4:35:ac:5c:e6: + 6a:7d:cc:ac:c3:d9:74:81:4e:42:1d:a4:5a:a9:81:c8:7b:cb: + 19:0b:c9:5d +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIUWumyVW0UjqZYTMTUQiats9psbuIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAqLVVLAPhXyriazhRBSHUYNWkanofKqSl0pDeBnHPBwxw +looxuatc+VMqApZCsUNaQymVAVsOVwDiUXG45o0h7qgsghxAG1sXIx9AYevbpukn +8soQkwjgBkTmLwsX4wcKvOt5FkL5czJqhNhsL7wbcSmRneiOt64run1tYnVnMozR +JUUyZsi2F7phVaS9YZgT1SjndyEiW3uJUn8k7oBD0dGbNbR7GZlUMZ/GhYqRV8MW +Wn1wzVpTa7EPFBujjxAvgmgry/A9YEW62FqrqGT13aGri64idEJ5P9Gw1zebLnzD +qfoBnnchOikhdb4MD2lVMqcnB9RSoXkQd26217T2fwIDAQABo4H+MIH7MB0GA1Ud +DgQWBBSJqjPwKZkkqXZ2qUIZ8Cd8qSH7kjAfBgNVHSMEGDAWgBQjFVYLsgkEHJ0h +SepO5ODqFfznvzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF +BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAGCejlzyr2fUqmYaiyGtP4SMPfByOWFr +lilhNeLAlWXQ4E1PkIhzyftjSWIo2z3U9YZpjo+IGtcQmUidGlARDGzynYFnthU8 +NO5xmdLIPB6STQTB4E4L8SJkEfXaPyswbP6AADD6X+FvjhOr99IbPa2UJJeDsc5R +5e8AQS9L3isdjfa2Sy9eAwPzYlab74ZrJhzUt+jnsTDuNBjCs53E77qAEO2+RANC +4pUMMmHKi0fetmjhHXnyANA91zs+zYdnVwDzBqUJ8/KhshDK+Fe5QqBHWTW7QjBZ +xP9Q1PAH9L8nmkUjOWWkNaxc5mp9zKzD2XSBTkIdpFqpgch7yxkLyV0= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 25:ab:91:cd:cb:d4:6b:d6:d6:c9:c3:14:54:9c:9a:29:5f:02:ac:94 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:98:43:77:82:03:75:51:a8:61:e5:0f:2b:9b: + d2:31:9d:dd:0f:09:55:47:26:8d:33:0a:65:84:5c: + a6:d1:50:6f:f0:62:3a:3f:e7:8f:19:04:4a:24:e2: + 71:56:00:64:1a:64:42:81:96:2c:a7:fa:c7:30:58: + 77:6b:45:63:d1:e7:9d:4a:94:e0:0e:25:03:22:94: + eb:b5:4f:22:4d:b9:3c:60:80:ac:12:49:76:f0:37: + 72:04:1f:f0:69:98:6b:1f:00:76:30:9e:9f:ad:71: + 7a:dd:90:93:69:e3:9d:bd:ff:58:92:13:1f:3d:00: + b8:d5:7a:91:73:0f:e7:af:44:c5:aa:dd:80:23:ec: + 95:b0:fb:ab:1b:36:1b:5c:a3:7a:09:09:41:79:0e: + 86:1c:93:14:98:fa:ea:be:40:1b:bd:f4:46:28:2d: + 21:8f:85:6c:6f:8f:5e:70:2c:cf:f7:22:89:a6:3a: + 14:d4:3b:26:a6:3e:1f:1c:69:25:03:e8:8c:8a:18: + 91:25:33:39:2b:a3:34:72:af:e9:8c:35:66:7a:81: + 15:fd:36:21:a9:7d:5a:6c:39:bf:0f:05:cd:9d:cf: + 2f:7f:71:95:5c:f5:b3:5b:43:7c:8e:55:24:b7:2f: + f2:69:38:b5:53:49:bb:bf:57:cc:cf:96:22:3b:05: + 9c:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 23:15:56:0B:B2:09:04:1C:9D:21:49:EA:4E:E4:E0:EA:15:FC:E7:BF + X509v3 Authority Key Identifier: + 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Policy Constraints: critical + Require Explicit Policy:0 + X509v3 Certificate Policies: critical + Policy: 1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 5c:b4:05:b4:a0:61:80:8a:1f:21:c0:0f:18:5e:9d:8b:c9:12: + 45:db:06:c3:1f:0f:47:86:4b:61:0d:c1:fc:a6:7c:fb:4e:47: + dc:41:3a:fc:60:93:e9:4f:8b:d9:ec:a5:28:2e:5e:1f:41:48: + 0f:86:ba:fd:d5:a5:2f:5f:51:e6:f8:58:8f:5d:28:2b:d0:9e: + 1a:b7:2e:62:e6:03:ab:4a:f5:10:e4:01:52:ce:eb:6e:a4:f6: + 97:c6:3e:86:19:20:68:1f:e6:72:8f:65:ab:95:e0:a3:0e:2b: + 22:60:b1:9b:55:04:ca:a8:51:4c:82:46:db:e2:a4:1d:63:59: + 6e:28:82:85:94:4a:4f:44:5f:1e:eb:8e:d2:d7:ec:9b:b7:51: + 2a:88:58:4d:63:05:c0:0a:bc:a8:14:a6:79:5e:1d:c5:8d:b2: + 2f:cf:a8:d6:9d:51:76:28:64:3f:b5:69:f1:d2:2f:85:59:1b: + b4:a0:59:61:af:b9:76:ce:75:54:75:68:87:d0:63:18:96:8f: + e0:33:a4:9a:77:ef:91:bb:83:f6:5e:4a:33:23:ff:71:85:d1: + 66:b9:33:d7:2d:58:55:9f:1a:14:20:d3:5a:4d:20:84:44:88: + fa:1c:5c:41:41:1a:4e:bf:88:5f:14:c1:67:09:73:21:81:14: + 0d:61:41:a1 +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIUJauRzcvUa9bWycMUVJyaKV8CrJQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKmYQ3eCA3VRqGHlDyub0jGd3Q8JVUcmjTMKZYRcptFQb/Bi +Oj/njxkESiTicVYAZBpkQoGWLKf6xzBYd2tFY9HnnUqU4A4lAyKU67VPIk25PGCA +rBJJdvA3cgQf8GmYax8AdjCen61xet2Qk2njnb3/WJITHz0AuNV6kXMP569Exard +gCPslbD7qxs2G1yjegkJQXkOhhyTFJj66r5AG730RigtIY+FbG+PXnAsz/ciiaY6 +FNQ7JqY+HxxpJQPojIoYkSUzOSujNHKv6Yw1ZnqBFf02Ial9Wmw5vw8FzZ3PL39x +lVz1s1tDfI5VJLcv8mk4tVNJu79XzM+WIjsFnFkCAwEAAaOB8TCB7jAdBgNVHQ4E +FgQUIxVWC7IJBBydIUnqTuTg6hX8578wHwYDVR0jBBgwFoAUYLDpVE9bBmuTrxy7 +fpYnLQHcJIswNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdJAEB/wQFMAOAAQAwEwYDVR0gAQH/BAkwBzAFBgMqAwUwDQYJKoZIhvcN +AQELBQADggEBAFy0BbSgYYCKHyHADxhenYvJEkXbBsMfD0eGS2ENwfymfPtOR9xB +Ovxgk+lPi9nspSguXh9BSA+Guv3VpS9fUeb4WI9dKCvQnhq3LmLmA6tK9RDkAVLO +626k9pfGPoYZIGgf5nKPZauV4KMOKyJgsZtVBMqoUUyCRtvipB1jWW4ogoWUSk9E +Xx7rjtLX7Ju3USqIWE1jBcAKvKgUpnleHcWNsi/PqNadUXYoZD+1afHSL4VZG7Sg +WWGvuXbOdVR1aIfQYxiWj+AzpJp375G7g/ZeSjMj/3GF0Wa5M9ctWFWfGhQg01pN +IIREiPocXEFBGk6/iF8UwWcJcyGBFA1hQaE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 25:ab:91:cd:cb:d4:6b:d6:d6:c9:c3:14:54:9c:9a:29:5f:02:ac:93 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:b5:60:e3:ae:80:d9:8d:1b:a2:fc:e7:31:20: + f8:8a:f5:e1:10:65:40:74:80:4b:74:28:64:dc:ce: + 0f:9b:ac:ca:24:e5:0d:ac:f7:dc:ef:b4:10:8b:97: + 04:b9:81:1e:b8:fa:1a:1f:6c:a6:35:9f:1f:5b:19: + 61:65:3b:10:eb:5c:fa:f8:f6:89:b3:2a:98:19:6d: + 92:dd:c1:69:8e:be:52:2b:06:59:57:f2:8c:d0:08: + 40:1d:fc:73:be:06:a0:87:e6:72:6f:09:f5:ab:ae: + c4:38:fc:85:0b:3c:2c:62:b1:25:50:32:a5:83:ee: + 3c:2f:85:48:46:f1:ec:db:d9:aa:dd:b5:2a:a2:64: + 87:d0:75:a7:71:4f:e8:58:53:31:c8:ad:89:0f:a6: + 76:6d:de:78:0b:21:22:5d:35:1f:d4:5c:74:41:0b: + dd:72:fc:e4:84:30:bc:7b:b5:82:a6:84:4d:69:50: + f3:85:7d:f9:a1:10:fa:25:00:e4:53:cb:0e:0c:d6: + 26:9f:1c:d4:12:2f:c9:f2:fc:80:27:5c:23:72:28: + 30:d8:81:40:0b:80:6c:5a:f7:05:9c:13:db:98:66: + 4a:52:65:4f:14:da:55:eb:bd:52:81:2f:b1:8e:a0: + 99:8b:76:8a:77:51:64:f5:67:ff:98:1d:f3:8e:6f: + e3:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B + X509v3 Authority Key Identifier: + 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3.4 + X509v3 Policy Mappings: critical + 1.2.3.4:1.2.3.5 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1d:e9:a8:3e:aa:2d:d9:12:11:71:a8:0d:a8:5b:b7:c8:ae:6e: + bf:e0:8b:1e:d8:87:db:8f:97:1f:52:2e:87:05:73:3f:58:49: + d4:43:7a:44:57:7f:57:aa:97:4f:1a:98:0e:8f:cb:76:7f:a4: + 6a:e7:73:65:e3:bf:f3:12:38:6d:11:1d:ec:b1:e4:1a:23:c0: + 59:8c:7e:f7:6f:07:65:57:36:6b:3e:70:25:10:2f:c0:a3:15: + 9c:05:b3:b2:b4:a6:20:cb:3d:15:5f:61:ed:20:af:34:2f:3a: + 61:cc:f9:9b:e2:bf:98:df:ec:23:ab:4c:4c:f1:1a:cd:f3:84: + 7a:01:6b:1b:c4:18:af:1f:10:89:6b:66:95:b4:da:25:ae:3f: + cb:e0:eb:55:6b:10:06:3b:c4:16:b8:58:59:23:e7:10:f7:8a: + 8c:70:18:f7:0d:cf:72:25:15:f2:7f:6a:14:a5:18:40:7d:47: + 6a:16:e7:68:77:cf:cd:24:80:0a:52:0e:2e:d6:d3:8b:24:be: + 25:ab:85:a1:17:d0:2e:90:04:2d:c8:b5:cb:27:94:e4:4f:a1: + d4:6b:b1:92:20:bd:b7:5d:54:48:72:8f:3f:30:59:5c:33:e8: + 16:90:dd:b8:9f:ca:d4:46:5c:ed:85:0f:82:a8:1f:c8:c7:1f: + 65:b6:7c:96 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUJauRzcvUa9bWycMUVJyaKV8CrJMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6tWDjroDZjRui/OcxIPiK9eEQZUB0gEt0KGTczg+brMok5Q2s99zvtBCL +lwS5gR64+hofbKY1nx9bGWFlOxDrXPr49omzKpgZbZLdwWmOvlIrBllX8ozQCEAd +/HO+BqCH5nJvCfWrrsQ4/IULPCxisSVQMqWD7jwvhUhG8ezb2ardtSqiZIfQdadx +T+hYUzHIrYkPpnZt3ngLISJdNR/UXHRBC91y/OSEMLx7tYKmhE1pUPOFffmhEPol +AORTyw4M1iafHNQSL8ny/IAnXCNyKDDYgUALgGxa9wWcE9uYZkpSZU8U2lXrvVKB +L7GOoJmLdop3UWT1Z/+YHfOOb+NrAgMBAAGjgfowgfcwHQYDVR0OBBYEFGCw6VRP +WwZrk68cu36WJy0B3CSLMB8GA1UdIwQYMBaAFGCw6VRPWwZrk68cu36WJy0B3CSL +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB +Af8ECTAHMAUGAyoDBDAYBgNVHSEBAf8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3 +DQEBCwUAA4IBAQAd6ag+qi3ZEhFxqA2oW7fIrm6/4Ise2Ifbj5cfUi6HBXM/WEnU +Q3pEV39XqpdPGpgOj8t2f6Rq53Nl47/zEjhtER3sseQaI8BZjH73bwdlVzZrPnAl +EC/AoxWcBbOytKYgyz0VX2HtIK80LzphzPmb4r+Y3+wjq0xM8RrN84R6AWsbxBiv +HxCJa2aVtNolrj/L4OtVaxAGO8QWuFhZI+cQ94qMcBj3Dc9yJRXyf2oUpRhAfUdq +Fudod8/NJIAKUg4u1tOLJL4lq4WhF9AukAQtyLXLJ5TkT6HUa7GSIL23XVRIco8/ +MFlcM+gWkN24n8rURlzthQ+CqB/Ixx9ltnyW +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/generate-chains.py new file mode 100755 index 0000000000..e2d27d498f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/generate-chains.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain with policyMappings on the root, and appropriate policies +on the intermediate and leaf. Should pass.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') +root.get_extensions().set_property('policyMappings', + 'critical,@policy_mappings') +policy_mappings = root.config.get_section('policy_mappings') +policy_mappings.set_property('1.2.3.4', '1.2.3.5') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('policyConstraints', + 'critical,requireExplicitPolicy:0') +intermediate.get_extensions().set_property('certificatePolicies', + 'critical,1.2.3.5') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Intermediate.key new file mode 100644 index 0000000000..82d6cc445a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpmEN3ggN1Uahh +5Q8rm9Ixnd0PCVVHJo0zCmWEXKbRUG/wYjo/548ZBEok4nFWAGQaZEKBliyn+scw +WHdrRWPR551KlOAOJQMilOu1TyJNuTxggKwSSXbwN3IEH/BpmGsfAHYwnp+tcXrd +kJNp4529/1iSEx89ALjVepFzD+evRMWq3YAj7JWw+6sbNhtco3oJCUF5DoYckxSY ++uq+QBu99EYoLSGPhWxvj15wLM/3IommOhTUOyamPh8caSUD6IyKGJElMzkrozRy +r+mMNWZ6gRX9NiGpfVpsOb8PBc2dzy9/cZVc9bNbQ3yOVSS3L/JpOLVTSbu/V8zP +liI7BZxZAgMBAAECggEADu9xVZd2DYFk9kYRWXJOBv+Thaz5PRxYh/us6ASuzjUq +vn0wCwut7vKRQwFMINpE9owIzVe31A1COHA6CBDi0wv2LqjAuI4q4gNCZMO0zip3 +djourSeaGVqQqGtVpT7+hArq3apCfqhFPTjruoIIlMBlgOu9LwaewHIcWAk5Cpa7 +qmLSVRxVBsctLUBmdjhpPBAvpCrx22tJ4Z3RayUU9ynr9nnNraqA1UC5OW9rj7Ih +7mlHdHRbtBfYetwcpRC7OFvl/gR8teESVgSZjDdJ6THUYVfo5AN2aSW0j+ymkZ1q +QuYRwj8BMH/sZLi++ui+GBws1TKcS2W11dWHPYfN2QKBgQDMAVVnNgJHhObpoUIP +SEv+zQhLOT9nyPKnJxZIrbQh9Cy6V9nzs42rQfz8i9Nvmzxqoffd7hsjr9Rtrx0k +zS/i2csZZau80EEsoOvDxJlfms7wVtbv67kUDh9avi29bGpLA4ysLfuPYfyYmmAU +sYgsF9RVIUibWOwhRNyaBBFNXQKBgQDU0cNTMZ4B1LDj91284G3Fr9e5Wugcpa24 +kNg76iggMINBMIViFvP8ATaiHL3BAVwlg0jaAeDAySU/qsrQaZSzIeo6YrF7DezP +gXDHHDnAMYWWmC/x5PYtuRgTeLA1tMyUc7fQ7dQsu9x2lksrq816Hv3qjAb1r10W +v4Ool4PfLQKBgDfdqaCRBsDFIWMbWPbMaptFVJ8c90MZoXGq34xZnTmrH1CMXFBD +fGlIsdoLBITMsxfUcQdifCYisX6z9LwuQI3T7K1wzT3wndh13PqIbSPkRgVFEqkz +GUTntShpaic0eEtAlpZUJU6Xm8/CfstL7ql8gRYq/jIkgM1/iRXYRVC1AoGBAJsi +UWzqpVCWV1/GKQmO29YYKXvPPZXsW+dHhqieNyPH2VYC5agsLSyNQeMIanYv5Jjf +y5JHfitqNQHlITStUh0GYvSujsuxyec1Zx1tgNeOAeBWDdUZ3y5TV66R8nkj02F/ +vQXK6Di3tKypQCCUexNDVjrMWiJr88KqVnHmCNX9AoGAdqiNhrEHXkeJ+onCUoN5 +lzpt89Esq/40aM2hslOIezD+COQnOLascU022BV7skEUHVDA3u7kA4JC1MGLjc1A +6AgtE477vdVrFnW3e13RUXA0DRbRdhpwZzRcPks+DLtflurKmefqpOthnONUsNgU +Z/WRaBGfOPOynnrDmwUUwlk= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Root.key new file mode 100644 index 0000000000..c34b95b6de --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6tWDjroDZjRui +/OcxIPiK9eEQZUB0gEt0KGTczg+brMok5Q2s99zvtBCLlwS5gR64+hofbKY1nx9b +GWFlOxDrXPr49omzKpgZbZLdwWmOvlIrBllX8ozQCEAd/HO+BqCH5nJvCfWrrsQ4 +/IULPCxisSVQMqWD7jwvhUhG8ezb2ardtSqiZIfQdadxT+hYUzHIrYkPpnZt3ngL +ISJdNR/UXHRBC91y/OSEMLx7tYKmhE1pUPOFffmhEPolAORTyw4M1iafHNQSL8ny +/IAnXCNyKDDYgUALgGxa9wWcE9uYZkpSZU8U2lXrvVKBL7GOoJmLdop3UWT1Z/+Y +HfOOb+NrAgMBAAECggEAXDqbtWyuloi3VbBzLdgZHl+uQTCbAdGcNDF9/XrGyAI3 +SrlhI4e++iOrJqE/grkvKXXWMJ61jfhf/1rOuzhNt84S5ae3RqtsPedcLLHNiGco +ZLt6p9CXUW456fYaYIyagPdLoOE9G4U1xeare+zKCihyg6a5Dy5AScMffHgmJkUM +OoAmwwddhZ4gFtbCGldn7gF/wGFS3N6vOMDkyxBdFxnVWfuA89PINGWCPEzR6CxK +nApWHUlnAx7o2ulkwPrhrqs8AdvatQWkGUzt8jyJmpnKSImKqNAvHgSdHx9XyGcd +YlQS94r7r0bXqBR1V1pW6LAsbftBF+v9OP610N9LlQKBgQDYWeQ/sAdjnpXVN7Je +C9ps23Tika2KhGiqs7H1rUjghGm/J+Z/nzj9JaLPeSx6fEH0lw7ctI7u5wgjiCfn +7WLU7eBjHNYpzVFxNSTbtiJRCaxsanstNltbrh5EEmzNX6nK6YN481j7eorrFXCX +z1u6WLdc7hMti2UeKjemL8BjjwKBgQDc7M27mxjt3HM/Ln6R9uYDEvAJLV1V579u +FPcVeHP5UUsBVHZ47aEmMNCHA5AWf3KArGuUYa8iKTam3Ac2ittKcDtp0amdGYcS +hIbwN267zYltxEU9HcEp6jt8jI4SaSfu9MkbUoWF1mxVF2jxXS816fOoCn82lhuf +ZWpJh6+kZQKBgGWmlp91zYL4190+NggJ+a57zgdF+wvB+ot5snuD12Hl1OmDjcEY +xmXqcPyaKlPCXhrVfp4kF6QX2LMZHebSmkUBHxRyUA2D8mgGWDMC+EyrBuBJh2ZO +y83fmUjSf1xfPh+gZ61EaOJ/SRX7FNO/EZIUbNK06T3U6MWrgEoM1Y/xAoGAMaC4 +boZeyUAWW4EUSbHO5a3hYg5gwyV2KUJoZthSJRWP5dKVcoDfDHc2wL2aJpOmoyUY +XZK8Bs5/Smhu7l+u9z/S+OhyU6oiX5SJw3iQVXvMfW3zp9EBTWsixc3FNHmO0O0I +KC0XdYM/frXtixrFujS92WfSP+7kcaAUikQCvskCgYEApiCDNxxTAEPpAYeTE8YN +Ze6mFxbuIdwgzn1Px/Z6cLr4Wiay39ilFHYd8nC90dA/IRbiqpNnk6TFtoHZg6hy +RmUQScSlJJtciE64sG18Mn5J/I2flyozOED+kH6P7tdbNut2kZ0qUm3UENZnFPEb +lZ1QT0JWH3sKf5BBKZ7hjzM= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Target.key new file mode 100644 index 0000000000..ca40306912 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCotVUsA+FfKuJr +OFEFIdRg1aRqeh8qpKXSkN4Gcc8HDHCWijG5q1z5UyoClkKxQ1pDKZUBWw5XAOJR +cbjmjSHuqCyCHEAbWxcjH0Bh69um6SfyyhCTCOAGROYvCxfjBwq863kWQvlzMmqE +2GwvvBtxKZGd6I63riu6fW1idWcyjNElRTJmyLYXumFVpL1hmBPVKOd3ISJbe4lS +fyTugEPR0Zs1tHsZmVQxn8aFipFXwxZafXDNWlNrsQ8UG6OPEC+CaCvL8D1gRbrY +WquoZPXdoauLriJ0Qnk/0bDXN5sufMOp+gGedyE6KSF1vgwPaVUypycH1FKheRB3 +brbXtPZ/AgMBAAECggEAMAyxTN9wDWRP51y7SpxnegrvEHpmrQUGy3GCItDAN5A1 +8tI6NljVmpcylFkKdqUprI5Hx4KRE3uHec3LbTKOEwRn5Mi6A3COpuysMBd2UFQA +kjg1v0LcVzzBWG2u6HSlfMgODSaXGFWoG9zt9yx6nmDJ/fDx0OO0xaEaidvJQA5/ +NdqdWpq8/j+PO5FJlVVflUKaHTN6WPHSn9/+/WdciL8FTTnNLqpLJ9g9PLx4dqQz +RqrUeq6+NI3f3NC++gYh/RPSmGLdK/ACmiPYfnggtVe93p2R2wdgam6jQav/dFI/ +h1CIcS8OTv8oYs/hbq2KeQw63cnMdjGOwlvozn7IqQKBgQC7rTXGQuQ9MkqVwQyu +455opKivMGRHfX7n6hdQEnglloyotyX0fB8DUVYFU+t9z1A/w9Pgm+od65NmkFM6 +HUnDfcsV6ikBm38P7yrXr94/XaBsTDcEltsZsNaB+jceP9jH1fxNk9rwuSTvXEcu +QWXMGs7FvAi/tioera2W7mq2aQKBgQDmIFjySrgBpKxOhGVnjntmwYPwODuRiIhF +MPznObcMec2CHa9uArkrA3nKc68z26m4c4lS5KMnycBZMo9vaCVDEY5y9PdfcciB +QYUZnmxEhU50G6fonw71mRMlzpq4TPh1E3F7pg69CtVd8LoIcb7cmnqsKrLEQm79 +lZKkSok4pwKBgQCoB2hB3dnjQIeulGz6mChXoDS2xSjDKQTaNqgwtJiFbsj4tSFy +Rz6tBcFye7Q3q8k5jebBDlcJ+sS56zXYrihAsvuE32VfXwzgA03kVj0xlm3vCD2q +CjaYRc+IB7IZjyhToq6F9n7rT5hWBdRlAYBWwRmnx7Y9jqcfWHg2zbcVIQKBgQDb +2wOfV6s8RqsnyG1o5kMXBMKcedzPSXWHRSoZbpZnIOcp7Fpx68AkTAnLVYKJNM+N +HTSRMUZ++Mz/asKGWSVgUiGZylebpAU/F+2lcClXvVQasWFVaMDN+xTEBgLjGQY2 +NAEzdI6YJQV73kSdVK5X7G5Olex8fEu1kXSr6Vn3+QKBgQCaZMabuOtShCuTtz6n +kJTl4Mf4kjqvx01UeTGbX0B0PJeO6/kLIQp9Z30za4uCfLf7A69h4HLvlU2/gXXt +bV6nJlnP5EeBhkMHLrV768uBld5GXlOkrWkXgxmXELe0nl2JDvRyZyi9eyvIcAUf +/xV54XYa+xG4xwl3rJEhHVGNJg== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/main.test b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/main.test new file mode 100644 index 0000000000..de6d06f351 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/main.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.5 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/ta-with-constraints.test new file mode 100644 index 0000000000..e8f7164064 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/policy-mappings-on-root-ok/ta-with-constraints.test @@ -0,0 +1,6 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_user_constrained_policy_set: 1.2.3.4 +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/rebase-errors.py b/pki/testdata/verify_certificate_chain_unittest/rebase-errors.py new file mode 100755 index 0000000000..3096c8c9ce --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/rebase-errors.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Helper script to update the test error expectations based on actual results. + +This is useful for regenerating test expectations after making changes to the +error format. + +To use this run the affected tests, and then pass the input to this script +(either via stdin, or as the first argument). For instance: + + $ ./out/Release/net_unittests --gtest_filter="*VerifyCertificateChain*" | \ + net/data/verify_certificate_chain_unittest/rebase-errors.py + +The script works by scanning the stdout looking for gtest failures having a +particular format. The C++ test side should have been instrumented to dump out +the test file's path on mismatch. + +This script will then update the corresponding test/error file that contains the +error expectation. +""" + +import os +import sys +import re + +# Regular expression to find the failed errors in test stdout. +# * Group 1 of the match is file path (relative to //src) where the +# expected errors were read from. +# * Group 2 of the match is the actual error text +failed_test_regex = re.compile(r""" +Cert path errors don't match expectations \((.+?)\) + +EXPECTED: + +(?:.|\n)*? +ACTUAL: + +((?:.|\n)*?) +===> Use net/data/verify_certificate_chain_unittest/rebase-errors.py to rebaseline. +""", re.MULTILINE) + + +def read_file_to_string(path): + """Reads a file entirely to a string""" + with open(path, 'r') as f: + return f.read() + + +def write_string_to_file(data, path): + """Writes a string to a file""" + print("Writing file %s ..." % (path)) + with open(path, "w") as f: + f.write(data) + + +def get_src_root(): + """Returns the path to the enclosing //src directory. This assumes the + current script is inside the source tree.""" + cur_dir = os.path.dirname(os.path.realpath(__file__)) + + while True: + parent_dir, dirname = os.path.split(cur_dir) + # Check if it looks like the src/ root. + if dirname == "src" and os.path.isdir(os.path.join(cur_dir, "net")): + return cur_dir + if not parent_dir or parent_dir == cur_dir: + break + cur_dir = parent_dir + + print("Couldn't find src dir") + sys.exit(1) + + +def get_abs_path(rel_path): + """Converts |rel_path| (relative to src) to a full path""" + return os.path.join(get_src_root(), rel_path) + + +def fixup_errors_for_file(actual_errors, test_file_path): + """Updates the errors in |test_file_path| to match |actual_errors|""" + contents = read_file_to_string(test_file_path) + + header = "\nexpected_errors:\n" + index = contents.find(header) + if index < 0: + print("Couldn't find expected_errors") + sys.exit(1) + + # The rest of the file contains the errors (overwrite). + contents = contents[0:index] + header + actual_errors + + write_string_to_file(contents, test_file_path) + + +def main(): + if len(sys.argv) > 2: + print('Usage: %s [path-to-unittest-stdout]' % (sys.argv[0])) + sys.exit(1) + + # Read the input either from a file, or from stdin. + test_stdout = None + if len(sys.argv) == 2: + test_stdout = read_file_to_string(sys.argv[1]) + else: + print('Reading input from stdin...') + test_stdout = sys.stdin.read() + + for m in failed_test_regex.finditer(test_stdout): + src_relative_errors_path = m.group(1) + errors_path = get_abs_path(src_relative_errors_path) + actual_errors = m.group(2) + + if errors_path.endswith(".test"): + fixup_errors_for_file(actual_errors, errors_path) + elif errors_path.endswith(".txt"): + write_string_to_file(actual_errors, errors_path) + else: + print('Unknown file extension') + sys.exit(1) + + + +if __name__ == "__main__": + main() diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/chain.pem b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/chain.pem new file mode 100644 index 0000000000..e04f13e2c6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the root certificate contains a basic constraints +extension that indicates it is NOT a CA. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6a:33:a7:7b:9f:65:b9:e0:d2:be:48:ba:f7:f8:a0:3f:bd:05:6f:10 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:7d:07:29:33:df:ea:eb:78:7f:88:ef:13:78: + ff:42:10:a6:ae:9c:8d:9e:c6:48:37:77:a4:2c:27: + 81:cd:a9:b2:54:b5:84:cd:0a:a1:90:11:28:1d:85: + 0f:9a:88:a4:a1:75:36:42:53:19:71:4d:da:17:02: + 9f:80:94:58:55:87:23:47:47:be:8a:64:15:d6:15: + 6f:fe:73:a2:e7:e8:5a:01:48:33:ae:21:a1:7c:a3: + 3a:58:fc:2c:25:f5:ab:ff:bb:3d:ff:e1:2f:62:d8: + 79:ec:e5:d6:b0:33:dc:ce:68:ca:f5:96:b7:0e:5f: + 22:80:09:e8:ca:6c:14:64:84:97:a9:c0:bf:57:e4: + ad:42:46:c6:58:07:2d:12:18:a2:d1:1f:5d:40:0e: + 93:19:eb:a0:4b:49:f5:1e:f6:8b:f9:6f:37:96:e4: + 07:04:71:bc:da:d4:e0:3f:3d:4e:3e:71:40:e8:39: + 27:ab:c8:2d:b4:22:45:51:32:8a:c4:21:10:84:fe: + ba:74:3e:72:8e:64:66:24:f6:a2:7a:f9:10:29:9d: + 48:59:57:a9:0a:59:b4:00:60:5c:e1:93:4f:53:23: + a1:2e:a3:a3:eb:49:2c:8a:d1:2d:ba:bb:57:c3:a4: + 5f:78:85:4b:8d:b0:6a:89:f0:cc:ba:be:60:89:a8: + 9c:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 72:41:94:01:8B:5E:D8:39:1C:E1:A1:6F:76:49:3E:9F:93:09:60:3A + X509v3 Authority Key Identifier: + keyid:7A:10:56:B4:5F:2F:4E:7E:28:92:1A:46:EE:EB:8F:1E:A0:B6:3B:02 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 35:95:99:64:3a:7f:b4:cd:b7:14:89:22:99:11:0a:66:93:eb: + a3:b2:33:65:59:f7:e8:aa:b5:2f:19:41:11:15:b9:ea:72:34: + 26:75:26:61:6a:28:76:58:c3:78:ed:a1:c1:dc:06:1d:e0:10: + 0c:ba:d3:c2:b1:35:9e:19:9f:3b:fa:a0:2f:a3:49:48:89:ce: + 0e:3c:ab:e9:0a:5f:38:bd:a3:e0:c9:8c:6d:fb:67:d2:12:ef: + 98:46:be:ad:8d:f3:75:a3:20:c1:0b:e0:76:05:b0:b2:c4:c8: + ac:70:3c:db:34:3d:93:56:dd:b0:15:d2:1f:90:27:1e:08:5a: + 26:48:9d:96:69:32:4f:ed:75:fe:35:4a:b8:8d:74:c7:f1:54: + 2e:91:b7:2b:d7:c1:2d:1d:68:75:f9:0b:89:0a:9d:88:e9:98: + 1e:ce:08:59:36:ba:45:d1:80:19:a1:b4:38:4a:d3:bb:ef:ee: + e6:ef:24:29:1a:7c:c5:30:dd:69:25:78:af:ff:0e:98:2f:28: + 0f:2e:fc:49:e3:e2:f1:8f:42:63:a4:31:d5:64:b9:95:3f:4e: + a7:35:43:81:72:d8:50:d0:52:02:41:aa:40:34:df:20:13:71: + c8:3b:d6:2a:e3:86:dd:25:ce:5f:1f:e2:96:49:b3:59:89:8c: + 42:ff:25:05 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUajOne59lueDSvki69/igP70FbxAwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAs30HKTPf6ut4f4jvE3j/QhCmrpyNnsZIN3ekLCeBzamy +VLWEzQqhkBEoHYUPmoikoXU2QlMZcU3aFwKfgJRYVYcjR0e+imQV1hVv/nOi5+ha +AUgzriGhfKM6WPwsJfWr/7s9/+EvYth57OXWsDPczmjK9Za3Dl8igAnoymwUZISX +qcC/V+StQkbGWActEhii0R9dQA6TGeugS0n1HvaL+W83luQHBHG82tTgPz1OPnFA +6Dknq8gttCJFUTKKxCEQhP66dD5yjmRmJPaievkQKZ1IWVepClm0AGBc4ZNPUyOh +LqOj60ksitEturtXw6RfeIVLjbBqifDMur5giaicSQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRyQZQBi17YORzhoW92ST6fkwlgOjAfBgNVHSMEGDAWgBR6EFa0Xy9OfiiS +Gkbu648eoLY7AjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBADWVmWQ6f7TNtxSJIpkRCmaT66OyM2VZ9+iqtS8ZQREVuepyNCZ1JmFqKHZY +w3jtocHcBh3gEAy608KxNZ4Znzv6oC+jSUiJzg48q+kKXzi9o+DJjG37Z9IS75hG +vq2N83WjIMEL4HYFsLLEyKxwPNs0PZNW3bAV0h+QJx4IWiZInZZpMk/tdf41SriN +dMfxVC6RtyvXwS0daHX5C4kKnYjpmB7OCFk2ukXRgBmhtDhK07vv7ubvJCkafMUw +3WkleK//DpgvKA8u/Enj4vGPQmOkMdVkuZU/Tqc1Q4Fy2FDQUgJBqkA03yATccg7 +1irjht0lzl8f4pZJs1mJjEL/JQU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 17:c3:5e:ff:9e:fa:1b:f7:ec:b7:42:5e:7c:00:3a:7e:d7:5e:08:56 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:be:bc:29:e3:c0:a2:2b:12:a7:b2:77:ff:30: + a1:03:d7:b9:aa:0b:7d:b4:2a:4b:e4:cb:72:cb:5e: + ff:34:16:06:51:e2:e5:bf:a0:ae:0b:19:34:c3:45: + b1:2b:df:94:3c:9c:00:1c:bf:1f:69:a5:a6:08:04: + 20:c9:0a:0d:c2:69:0b:a6:63:63:ab:9b:76:5b:d0: + 1e:d1:20:32:02:bc:4d:4b:02:7e:8a:6c:90:34:b1: + 2b:ae:88:da:99:fd:e0:77:f6:97:54:dc:f5:53:64: + 83:87:70:f9:03:c4:aa:45:2c:78:bc:b0:9b:fa:11: + eb:a0:8c:a4:62:12:c2:82:ee:70:83:a8:8f:19:26: + 1c:f0:60:e4:17:20:bf:4c:d8:76:90:42:0d:cd:82: + fe:e9:38:39:ca:d8:72:c0:8f:cf:98:4d:af:47:82: + 77:63:a7:6e:c0:e8:ac:f8:4c:a8:b1:b0:20:09:03: + 74:67:cc:24:5f:91:24:4a:38:05:ca:64:3e:b7:e0: + 03:a5:79:44:71:32:19:31:cb:0a:02:84:39:8a:a7: + 10:c7:6b:60:72:81:16:3f:9c:ac:f8:af:46:c4:21: + f4:88:30:a8:8d:62:82:1c:36:8d:b0:d9:00:bb:b5: + 8c:e5:7a:89:de:6c:fd:3f:f0:e1:12:50:8c:1c:02: + 1f:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7A:10:56:B4:5F:2F:4E:7E:28:92:1A:46:EE:EB:8F:1E:A0:B6:3B:02 + X509v3 Authority Key Identifier: + keyid:9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2c:1c:2e:0a:e4:22:a2:d9:ec:79:c6:31:61:9e:18:05:6a:b6: + b3:f0:b9:51:72:36:81:88:01:aa:6b:9c:f9:8e:84:32:f7:9f: + 1c:06:2d:c0:39:81:37:c4:dc:3f:97:ba:9a:6b:fb:b1:27:f2: + de:c6:40:94:e7:54:8d:91:85:56:ee:16:af:07:bd:a7:11:7c: + e1:25:94:26:73:bb:13:62:11:ea:c2:a8:5e:8b:f3:55:5c:df: + 13:f0:ed:b9:35:e7:dd:9b:50:23:9d:e1:d0:3d:61:d2:d5:89: + e0:98:e9:1f:cd:27:70:65:5e:13:1b:62:1b:fd:7b:55:1d:04: + ea:6e:0b:f1:ae:71:93:47:91:98:88:9b:9a:a3:97:86:84:d2: + ac:5d:ba:c4:65:58:c2:80:38:9c:ae:ff:97:28:2a:c2:93:76: + b0:36:fb:04:b3:a1:41:37:ff:bc:60:27:95:b5:d2:85:9f:90: + 92:e9:e5:78:ee:cb:01:6e:25:9c:d3:e8:d0:44:9c:b9:96:e4: + 35:01:57:52:24:27:91:d8:3e:e3:db:df:57:f5:c3:7d:64:ff: + 39:e0:e7:c3:f9:be:8a:e8:d0:fa:63:5d:df:f7:17:f7:98:30: + df:86:f3:e9:68:33:23:92:e7:de:75:42:de:79:77:74:26:67: + 56:95:9c:4f +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUF8Ne/576G/fst0JefAA6ftdeCFYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALu+vCnjwKIrEqeyd/8woQPXuaoLfbQqS+TLcste/zQWBlHi +5b+grgsZNMNFsSvflDycABy/H2mlpggEIMkKDcJpC6ZjY6ubdlvQHtEgMgK8TUsC +fopskDSxK66I2pn94Hf2l1Tc9VNkg4dw+QPEqkUseLywm/oR66CMpGISwoLucIOo +jxkmHPBg5Bcgv0zYdpBCDc2C/uk4OcrYcsCPz5hNr0eCd2OnbsDorPhMqLGwIAkD +dGfMJF+RJEo4BcpkPrfgA6V5RHEyGTHLCgKEOYqnEMdrYHKBFj+crPivRsQh9Igw +qI1ighw2jbDZALu1jOV6id5s/T/w4RJQjBwCH+kCAwEAAaOByzCByDAdBgNVHQ4E +FgQUehBWtF8vTn4okhpG7uuPHqC2OwIwHwYDVR0jBBgwFoAUnhbLYwwCLufcuqrV +0hCw4PctFG0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAsHC4K5CKi2ex5xjFhnhgFaraz8LlRcjaBiAGq +a5z5joQy958cBi3AOYE3xNw/l7qaa/uxJ/LexkCU51SNkYVW7havB72nEXzhJZQm +c7sTYhHqwqhei/NVXN8T8O25Nefdm1AjneHQPWHS1YngmOkfzSdwZV4TG2Ib/XtV +HQTqbgvxrnGTR5GYiJuao5eGhNKsXbrEZVjCgDicrv+XKCrCk3awNvsEs6FBN/+8 +YCeVtdKFn5CS6eV47ssBbiWc0+jQRJy5luQ1AVdSJCeR2D7j299X9cN9ZP854OfD ++b6K6ND6Y13f9xf3mDDfhvPpaDMjkufedULeeXd0JmdWlZxP +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 17:c3:5e:ff:9e:fa:1b:f7:ec:b7:42:5e:7c:00:3a:7e:d7:5e:08:55 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a8:a5:0e:06:b7:99:51:ad:fd:57:50:ba:00:3c: + ce:4b:a5:f8:a1:6d:00:ae:32:93:30:ec:a3:1b:58: + e3:09:5e:4e:61:fa:7f:f1:21:1a:a6:8d:bd:72:21: + e6:6d:82:33:7e:20:be:66:54:a6:42:92:18:db:43: + ef:09:93:d8:b4:6e:64:78:ce:b4:3b:9f:44:62:9f: + 73:dd:e9:0f:11:ce:9a:a1:82:dd:32:04:71:f2:46: + 03:e2:a1:7c:36:2f:78:de:97:b8:7b:da:3a:6a:b8: + 81:7c:d1:76:17:72:3c:a6:ba:74:4b:38:db:6b:47: + d3:52:f1:e0:ad:17:4f:48:fe:2b:7a:a5:28:aa:52: + 12:4c:f6:c2:4e:23:b5:b2:eb:9c:e1:6b:91:05:b0: + a7:3f:64:6f:bc:08:96:78:de:9f:ed:27:5b:d8:33: + b6:80:aa:80:40:a7:a3:c4:96:37:71:9a:ef:a6:2b: + 5d:07:e9:8d:e5:9b:84:4a:ac:db:52:68:b9:80:74: + be:ce:a7:c2:fe:b7:45:37:b2:c2:e9:0f:f9:54:15: + ab:7e:e9:c6:86:05:4a:26:f8:b6:3f:ec:a7:0a:4e: + 00:a1:73:3e:f3:db:77:38:0f:bc:37:9b:7c:cb:4d: + fc:ab:4b:d1:a2:ff:7d:1d:b1:d2:14:0d:74:bc:a4: + 8d:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D + X509v3 Authority Key Identifier: + keyid:9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha256WithRSAEncryption + 14:3a:09:30:fd:00:d7:9d:11:56:f0:a8:22:0f:6b:be:c5:0b: + 5a:5d:b3:88:0f:9f:d2:7d:fc:9f:c7:ef:bd:dc:c8:3b:61:a7: + 3b:54:a0:2c:29:e7:4e:8b:b5:6f:39:de:57:bc:5b:4a:5f:0d: + 6d:49:40:5a:73:b3:8a:f0:dc:fc:f7:56:b0:2e:32:44:40:c9: + bb:19:07:ad:dd:e7:64:89:2e:31:3c:bb:4a:05:af:99:e3:74: + 05:46:62:a8:07:65:19:b5:2f:dd:23:87:06:4d:57:38:77:33: + b8:2b:67:a2:cc:8f:a0:bc:e4:22:b6:e5:b6:bb:f0:67:77:08: + f5:ea:3c:ea:d1:52:f6:64:c1:51:f4:fd:d1:01:8f:eb:29:5b: + 5b:77:69:2b:23:b2:ab:d6:4f:f4:70:bd:d1:ef:e3:94:63:f3: + b2:5e:86:3f:48:32:d4:03:c8:d0:e9:45:8a:36:16:64:4f:89: + e7:3a:be:2b:8a:d0:9d:3a:c8:92:36:92:2d:f5:dc:c4:19:cb: + a1:9a:e7:ab:42:17:e0:30:76:06:8d:9e:1f:dd:ab:d4:d9:34: + 6a:54:6c:43:1e:d8:a5:a6:b9:80:84:02:23:9e:40:0d:45:0b: + 23:d1:89:13:0a:af:10:17:bd:70:b3:26:b7:95:4c:f9:b4:1b: + 82:d4:1c:49 +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgIUF8Ne/576G/fst0JefAA6ftdeCFUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCopQ4Gt5lRrf1XULoAPM5LpfihbQCuMpMw7KMbWOMJXk5h+n/xIRqmjb1y +IeZtgjN+IL5mVKZCkhjbQ+8Jk9i0bmR4zrQ7n0Rin3Pd6Q8Rzpqhgt0yBHHyRgPi +oXw2L3jel7h72jpquIF80XYXcjymunRLONtrR9NS8eCtF09I/it6pSiqUhJM9sJO +I7Wy65zha5EFsKc/ZG+8CJZ43p/tJ1vYM7aAqoBAp6PEljdxmu+mK10H6Y3lm4RK +rNtSaLmAdL7Op8L+t0U3ssLpD/lUFat+6caGBUom+LY/7KcKTgChcz7z23c4D7w3 +m3zLTfyrS9Gi/30dsdIUDXS8pI0RAgMBAAGjgcgwgcUwHQYDVR0OBBYEFJ4Wy2MM +Ai7n3Lqq1dIQsOD3LRRtMB8GA1UdIwQYMBaAFJ4Wy2MMAi7n3Lqq1dIQsOD3LRRt +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B +AQsFAAOCAQEAFDoJMP0A150RVvCoIg9rvsULWl2ziA+f0n38n8fvvdzIO2GnO1Sg +LCnnTou1bzneV7xbSl8NbUlAWnOzivDc/PdWsC4yREDJuxkHrd3nZIkuMTy7SgWv +meN0BUZiqAdlGbUv3SOHBk1XOHczuCtnosyPoLzkIrbltrvwZ3cI9eo86tFS9mTB +UfT90QGP6ylbW3dpKyOyq9ZP9HC90e/jlGPzsl6GP0gy1API0OlFijYWZE+J5zq+ +K4rQnTrIkjaSLfXcxBnLoZrnq0IX4DB2Bo2eH92r1Nk0alRsQx7Ypaa5gIQCI55A +DUULI9GJEwqvEBe9cLMmt5VM+bQbgtQcSQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/generate-chains.py new file mode 100755 index 0000000000..2b47a15a07 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root certificate contains a basic constraints +extension that indicates it is NOT a CA.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate with non-CA basic constraints. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('basicConstraints', 'critical,CA:false') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Intermediate.key new file mode 100644 index 0000000000..548328bba6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu768KePAoisSp7J3/zChA9e5qgt9tCpL5Mtyy17/NBYGUeLl +v6CuCxk0w0WxK9+UPJwAHL8faaWmCAQgyQoNwmkLpmNjq5t2W9Ae0SAyArxNSwJ+ +imyQNLErrojamf3gd/aXVNz1U2SDh3D5A8SqRSx4vLCb+hHroIykYhLCgu5wg6iP +GSYc8GDkFyC/TNh2kEINzYL+6Tg5ythywI/PmE2vR4J3Y6duwOis+EyosbAgCQN0 +Z8wkX5EkSjgFymQ+t+ADpXlEcTIZMcsKAoQ5iqcQx2tgcoEWP5ys+K9GxCH0iDCo +jWKCHDaNsNkAu7WM5XqJ3mz9P/DhElCMHAIf6QIDAQABAoIBADB8QKHc1JnM3+N5 +Hq5Dw8F3S9aTYyJNLg5nUD0fSm8MJROuskC74VayasLnU6sN8X15mDnUTet9wRQe +5MymkQkdEcolrs7ZtkZdyCef1eqI8LknasCa6t8AxlQrubC9NOQmRcy/x4eC1Mj8 +rwJ/Hq4AnymzvoRlbmGnEKjXSW6AbYBFmFP+Rn87Pedo2kZ7cZZ6fq0tM2vGGvtW +oFTCgsMnnzoN0X7CffEM/ruKodVCZGR/m91W9BCovIhHh34taqaAJGmR8kiMi1Lr +wBbqoRuU21rhmGlie5i6fw8HGFdk1pZC4lPDXAdT/cGpEE4Rt7AwNBBMJ0gDgkpP +ldKco4ECgYEA9oSy3/aJ1vPi+F9BgLBIU5XSEKKZ+ESkvbzZelO3gVkuqw74kBx5 +tICKA+ljOULaW6u0+7h7UBero8lfysam0WdFqaKeJnQLXSBqVPzRGZfvK42/BeYK ++iaxsZOJT92R8/Wmnkt6H9lPFbG2KaMF+PQ1E4fmJ7zlzitNQCDGopECgYEAwvdV +wKglE5xMHDsuQAc/cNSnDwkun+z1hFoVXHmRY5/ApHNkO4TFI4wel4EmT1pxP3U4 +Unac39e2mEALvIoGpwUlCgQ2OHdab4ppTFvEs0hvdci/Ip1bs2kBnPF3On1FU+Hp +N14AKhMbbHnptialekp7xjk9ht8hfD1OWQggo9kCgYEArH7aM4Dtnq11alotGYFA +esxg+ybsGh7eL64Pd1tREn92+lc1cpGaT8WJzYbn2U+AP5j8wQ6rqrWFcswb7WXn +oKtkwXh6tWmJ8hYWkXV+UyxPPOioe9YmZDfjKuCTuoDN+ikv95/UyqhigEmjr6rV +KQiogwwa7j9thkAig/brRyECgYAgOJ4sc92Eyyzs8X7oSApdDFf7rSnOdmvxDq4/ +FTxI+artwsBK8dtez5ZytX5uWOUkdqvzPPUaLV1Y9iS6aRlGWxxO9nk7hcYlbvuO +ChCNDKiXD7E++ECievUwSdvJh9CAV3Kimt9uFLBQkilk2Cg6+LpR/T3E33V6QeuD +3Ur/qQKBgQCjC4YNlyBE8PE0NX+nRk0kVpsINLPEgDIuv4R77UTwXpcJqMc5LXIM +uzL+0eMh3yWHfY3+UiUslWKPBGs+5+VeKObr2zXZAn1D+8yVXkun1QGFdbaYySWF +QebCmhR08CPbjI+f/GrzBEd66P3GbWI3vTfoHAdhbvsLuELclMN5FQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Root.key new file mode 100644 index 0000000000..ad0e1ed745 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqKUOBreZUa39V1C6ADzOS6X4oW0ArjKTMOyjG1jjCV5OYfp/ +8SEapo29ciHmbYIzfiC+ZlSmQpIY20PvCZPYtG5keM60O59EYp9z3ekPEc6aoYLd +MgRx8kYD4qF8Ni943pe4e9o6ariBfNF2F3I8prp0Szjba0fTUvHgrRdPSP4reqUo +qlISTPbCTiO1suuc4WuRBbCnP2RvvAiWeN6f7Sdb2DO2gKqAQKejxJY3cZrvpitd +B+mN5ZuESqzbUmi5gHS+zqfC/rdFN7LC6Q/5VBWrfunGhgVKJvi2P+ynCk4AoXM+ +89t3OA+8N5t8y038q0vRov99HbHSFA10vKSNEQIDAQABAoIBAGRNFpSEKdncg2ql +BpsRjxiK897+d4MjbUuR0kh3i0CNKE05sVJ2f+VDM8NnyiajY4DGdLdj7SZ2wfXW +55popmBZr8PyHFvBk+icMUtwS5gpquoYbPpMjoCrh7AIn1mSzm6FCiIPXuMOLWVR +Js03Ej+PcY8zl7yskVEprpkD3hHosbLzKQDlc3CiWCGq8uifyiQUdT3KrcBOaJTl ++RN2Cumo1Mcu0HULGVSNVbu9UcjgxGQEp7fDQQWrr+wV0JxVSEBNre4a5SBn9vDr +IX+Vx4f0cfHOGlLx4r9TAeFavaEt3/0GBDka2Dz1hSzzThXdjaYF272AIGx+Tb8l +HXrpyUkCgYEA3nlcJzUv1IuIOw6cb0/R4M2sHGYgAH2PF+yqUBh6q3iXnPC2H6Iw +zwCuONjpFYdU7CSz/Cgoi8ejoigVkJ0q2vGhsB14E85HT23LHgGbajX6jgTPoic9 +XZFi5YhvuLB88wqn8qUvCKKIgYPGO7DuMiDyHQ9IS9f+GliKpAaEZc8CgYEAwg8P +DToInIdLgPTEO8oa/ZyQg2mQp4aT2yu1PvjE9X63jpCqtmiZaZWTIPXFSsChRYiG +ww9dOZiINP7+xQaeFXsK6+/MXvl/PboF/3F2e493aBlHeOQbJ0eI9fQvAQ51+efu +y6L4jqLjhO3CB7SxmlydjWkrkxN0GbA4yr9ndx8CgYEAivyIjNoWgpOVTUfohUX5 +mZcEUk2e6o+GiOzKzfUtFdjl5x8euI6MLZaAQXWJ0HBWppybcQnposHbQaAHMOxv +bI8Oc0dF0CHLvRybi6h3XphQas8opGYdWUpN3ZYqLdjchr3+hIGb66oW28rmWj5D +4T9h4rO8d919mxn7q1OC/VMCgYBWX8GBT51Znlaa9VcKjbBpxXAFLc12402YNeIc +PznbUyV8TSPOwMvX1P2BpCLGXOrrOhNRattBsYSeogjfxUxDn1qDHV7HvyFFZjEZ +O3VTFc4+BVJsmosDdrGdV6w8OiWEsBj3hng/dHz0Q6cjKugKHsL5mCAO/I+mh2sf +wwXYXQKBgQCkfXXZi1g51FoeU0Ck9izD5sEEiL7pY+ngsu6xb+QmWJDhGZ9bXh3c +XqP2nWfBMF1WCun+4wX/DXvI9sAUqqUH9JGodW6ZW/aQmBAQlWy+TBVdDrlHiW66 +JwC1eoL9rG5OBDexv+oEpKL+UzRHGBsHmU1CHYYqm48aLfOTm8R76w== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Target.key new file mode 100644 index 0000000000..4aa97b998b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAs30HKTPf6ut4f4jvE3j/QhCmrpyNnsZIN3ekLCeBzamyVLWE +zQqhkBEoHYUPmoikoXU2QlMZcU3aFwKfgJRYVYcjR0e+imQV1hVv/nOi5+haAUgz +riGhfKM6WPwsJfWr/7s9/+EvYth57OXWsDPczmjK9Za3Dl8igAnoymwUZISXqcC/ +V+StQkbGWActEhii0R9dQA6TGeugS0n1HvaL+W83luQHBHG82tTgPz1OPnFA6Dkn +q8gttCJFUTKKxCEQhP66dD5yjmRmJPaievkQKZ1IWVepClm0AGBc4ZNPUyOhLqOj +60ksitEturtXw6RfeIVLjbBqifDMur5giaicSQIDAQABAoIBAQCVgTY+xrvkFQFI +0gm6IZYVNINyfGqmbyjmMtzn/nxrj8dAMfaNSCatNu1AMX5+zQS8jEKG2msd6qgX +dJLhai9uBmOHUyZOZfGeYjroKu/t1adq2/ZYPCEkDV5jkqE/eTQsjo2lHq/22LQu +dH/wQzLQJ4+vIzwVV38IQbjLK12NH1NzxW0P6BN4J14zAkqu2eiwkbqVvElw1NK0 +KoYClz3VUNqym2srpY5kRvpmtUlbYt9xgYtQFvhSjZYb+qzRmJuKhrtVXOdEYp5a +6dC4+pekhJ6zoDUZHgiMZZvKb2Pqec432147Vsk0RSi2D3+gY10yIkwD+S2SXqyJ +zbxRHayBAoGBANuf9I+iIKVHoPpp2aFwoiUK74QohQH0WSkGxa9GkVCMRmKHumQL +fsEeWC6KaXaevs8RtrBT1Bwv8BroAq34ZyJfqsD3QyNXpudNHofLFhQx21Z+LL+J +bvarcp5zAr3Hyajf7umcftgUtNYweBUADp1OKb1T6znLvApmEd7v0QJxAoGBANE3 +S+wUc92ViUJAa+/quvAh22bf88fZq33hSK5vycxjbOWbS+GLm6O6P5hStWzgUFba +LUylhcbXc18NtnzLQCoXmuG+j04jeKKAErA0ycPyCPoYNmJX6Rq/EUMO1whcQ7u9 +AJrbJ4TWwu4p+tOtcz66XjC/LvnBRtCAHe7LRnNZAoGBAJagugbY1zMEUW/tsQl8 +SnjFa0hk0fRpNc1hi6uO5pMr4goptLhw+dpRiYFCBNsKPSufpoCAvfUnG7IYdd4D +hBibLG10KGPQ9fOlfM79hoMLPrevidlD1Qrww4fQsYyfvbtI+n7WiliAuxY739/n +Th6tQQtMxwO4q5smLhOMvvjBAoGALFATA6DdXayDkwXEFt/X0m7JYsPChazj9tiV +pWTGEEVq1kMLUm1YfNhBCglSpgno2kyB1b8lU5VkuVhVM591KrUvN+s9vSYkMf8A +dlPn/Fmybw5bzn6iP+kCRfrJrtqj+gqxKxuKBkfap8k6eEU/qKSeuKJ1166JSjYo +oOBrPpkCgYAXfwU+/L0OqmSp66DN2CaE69S50eY4vPl7JpXG7OdyfBSfbvKQ5bL7 +ADmMyAsa7zGvZOlpSAdKxABnHFUdLtuWuKhHfaCX7oNXJF2E6W/CLoWo2bFBMpBB +jEhLiS+6YoA9Kr+8LKkZ0MTARc+SbhCUkyJU6gY+dpLrhRYt1JwscQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/main.test b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/ta-with-constraints.test new file mode 100644 index 0000000000..0262385bfa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-basic-constraints-ca-false/ta-with-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Basic Constraints indicates not a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/chain.pem b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/chain.pem new file mode 100644 index 0000000000..f5b8415e3c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the root certificate restricts the extended key +usage to clientAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 77:30:29:4c:98:1d:55:e4:df:5e:92:14:f6:68:26:ef:11:01:dd:15 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c0:64:a7:01:b2:83:6c:47:bc:2d:30:01:f9:43: + 8c:fc:cc:6b:7c:a4:c7:1c:78:fa:a8:8c:be:1e:9a: + 72:d0:34:1a:56:80:67:67:76:48:8a:9f:c5:3a:68: + 9e:53:c2:35:ce:69:7e:4f:d5:c4:fb:0b:91:3c:af: + 00:26:f4:bf:77:ca:cd:ec:87:f9:6e:05:9b:0c:93: + 1b:f2:6e:c8:10:32:4e:7b:51:1c:22:77:4c:b8:a3: + bd:d6:dc:95:29:9b:4b:b5:d9:ce:ae:91:d8:05:c5: + c5:bf:4a:9c:b7:94:db:d5:a5:e6:b1:44:e1:02:4a: + 1a:dc:21:e5:e6:a6:ba:54:2e:2c:3f:40:f5:fd:5c: + 79:dd:55:6d:9e:e2:ab:db:3c:67:b4:84:db:ba:86: + fd:a0:b5:d8:8b:d0:b8:bc:8b:77:e9:32:31:51:68: + ee:18:17:09:e2:f1:27:79:ca:3c:72:a8:f3:96:25: + 31:24:3a:05:53:d4:89:0a:48:7a:9c:2d:6d:6a:84: + 97:df:34:c9:22:7f:d5:05:f2:2c:91:e9:c4:7f:ab: + d0:ae:76:22:64:ae:be:e2:7f:97:08:ec:86:8a:92: + bf:57:f0:22:f7:91:ff:86:17:62:92:e3:80:8b:19: + 84:14:60:19:00:91:d6:fe:51:96:77:5b:22:0d:32: + 50:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E8:27:22:F1:C3:94:E3:48:C4:4C:45:0D:D6:4E:1C:6E:CF:9D:1B:1B + X509v3 Authority Key Identifier: + keyid:8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 9b:da:f1:df:bb:7b:45:32:49:30:c9:75:1b:ca:cf:64:0c:3a: + e4:b3:68:73:da:46:87:7b:0f:ad:23:16:43:f6:9c:b3:e4:c1: + 6f:ad:32:3b:68:ce:47:c4:cd:70:a4:5d:c3:91:34:1e:ba:c4: + 73:e5:25:b4:4c:85:05:32:5b:fe:b4:98:88:f7:c9:aa:96:6d: + b1:ce:cc:3c:51:6c:ab:ec:c7:20:10:47:dc:6f:13:a6:4c:db: + 11:02:1f:98:ae:76:9d:75:28:56:f9:26:73:ef:fb:f9:51:d3: + 9a:65:21:70:27:f7:47:05:5c:f3:8c:38:6e:f9:58:c7:d3:f2: + 3e:8b:3c:3b:ed:b3:ba:0c:ac:c0:43:0a:c0:34:54:f9:9c:4e: + 44:76:1e:f5:a6:b6:7b:a7:dd:1b:22:0d:fa:ff:67:1c:d9:1c: + 66:9c:4c:30:88:4c:dc:d6:fb:ad:01:ed:5b:3d:aa:98:b7:27: + e6:68:94:33:2e:32:3d:56:33:88:8b:66:2c:91:3b:20:c1:10: + 43:e3:89:1c:ee:8a:ea:b0:66:45:6a:1f:23:ab:e1:d3:2c:a8: + 48:3a:6b:9d:f0:cd:52:b3:90:1b:a7:46:07:61:59:d9:aa:12: + 94:81:67:43:53:3a:6b:00:4e:e8:f3:3f:af:a3:6d:78:00:08: + 3a:4a:9f:a9 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUdzApTJgdVeTfXpIU9mgm7xEB3RUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwGSnAbKDbEe8LTAB+UOM/MxrfKTHHHj6qIy+Hppy0DQa +VoBnZ3ZIip/FOmieU8I1zml+T9XE+wuRPK8AJvS/d8rN7If5bgWbDJMb8m7IEDJO +e1EcIndMuKO91tyVKZtLtdnOrpHYBcXFv0qct5Tb1aXmsUThAkoa3CHl5qa6VC4s +P0D1/Vx53VVtnuKr2zxntITbuob9oLXYi9C4vIt36TIxUWjuGBcJ4vEneco8cqjz +liUxJDoFU9SJCkh6nC1taoSX3zTJIn/VBfIskenEf6vQrnYiZK6+4n+XCOyGipK/ +V/Ai95H/hhdikuOAixmEFGAZAJHW/lGWd1siDTJQBwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBToJyLxw5TjSMRMRQ3WThxuz50bGzAfBgNVHSMEGDAWgBSPfPg6JzPCq5ae +vQ9o4MlYuwt88jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAJva8d+7e0UySTDJdRvKz2QMOuSzaHPaRod7D60jFkP2nLPkwW+tMjtozkfE +zXCkXcORNB66xHPlJbRMhQUyW/60mIj3yaqWbbHOzDxRbKvsxyAQR9xvE6ZM2xEC +H5iudp11KFb5JnPv+/lR05plIXAn90cFXPOMOG75WMfT8j6LPDvts7oMrMBDCsA0 +VPmcTkR2HvWmtnun3RsiDfr/ZxzZHGacTDCITNzW+60B7Vs9qpi3J+ZolDMuMj1W +M4iLZiyROyDBEEPjiRzuiuqwZkVqHyOr4dMsqEg6a53wzVKzkBunRgdhWdmqEpSB +Z0NTOmsATujzP6+jbXgACDpKn6k= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:66 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a8:e7:5f:fa:d0:9d:f1:e1:e4:87:7f:62:7e:1c: + 89:02:66:64:9e:d5:a0:81:f3:65:68:d7:8d:02:37: + 99:da:e8:85:00:51:b4:69:e9:57:29:09:51:c2:78: + c8:ee:bb:87:62:4a:a8:46:c3:d4:06:e5:f0:c2:33: + 68:13:f7:55:c5:44:42:14:1e:d7:65:a4:a1:b6:67: + 38:e0:c2:72:65:ee:ad:f5:94:34:93:4f:e9:d8:a5: + 93:98:05:34:e5:f6:0f:3b:71:84:39:71:9b:b6:10: + 47:37:ef:87:d2:98:29:a4:f1:18:e7:f4:3b:52:af: + 34:b1:39:34:9a:49:b4:7a:ed:21:2c:60:b2:01:e8: + cb:b6:ad:f8:00:95:85:a9:87:91:90:05:54:0b:2e: + 9d:4c:79:c4:c8:6d:72:ab:23:5b:d0:2b:90:3c:5b: + 53:ed:da:56:39:38:37:45:43:17:3d:81:d5:49:97: + 23:88:83:9f:bf:86:8d:52:af:3d:86:45:f1:1e:e8: + dd:8f:4f:fe:da:b5:35:cb:e0:02:ba:8e:6b:61:4a: + f2:c6:5d:d7:02:95:71:23:9e:7b:99:96:cf:ac:df: + 20:2a:2d:fe:0c:42:72:c6:b8:c3:81:81:3e:a0:8d: + 62:41:17:14:f5:24:67:f1:6c:af:c6:0c:94:09:fb: + 56:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 + X509v3 Authority Key Identifier: + keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 31:06:ca:84:8d:bf:6c:6b:4f:31:e5:81:f1:ee:62:80:ef:83: + 63:8d:56:00:c0:b7:cd:fd:37:8b:99:ea:a1:01:43:99:19:b9: + 8b:5e:9e:f4:55:73:9b:1a:2f:33:97:ac:e3:6a:ae:4b:c4:e9: + e2:04:33:29:a8:55:08:af:4e:cc:2a:83:a4:12:af:11:54:62: + d2:19:ad:6b:6d:54:ac:f6:9c:15:77:0b:d4:68:78:5b:2b:04: + 0e:82:9a:98:ac:8f:bc:47:de:29:d2:95:6b:ed:8d:29:a2:60: + d8:86:fc:a1:92:18:85:2d:4f:56:27:d2:de:20:87:f7:35:dd: + 9d:a1:26:cb:ed:fe:e8:b6:87:b6:8a:eb:7c:bd:04:d5:be:2a: + 96:cd:95:f6:16:9b:29:e1:62:0c:a8:ca:6c:fb:70:08:3c:10: + 56:bf:e5:c4:57:19:42:87:5f:ef:fb:77:b9:10:62:1e:5f:e7: + 35:58:80:30:92:ef:69:ef:2d:dc:f8:30:58:97:28:8d:64:18: + f2:c8:f3:ce:ce:3f:8a:aa:a0:e8:27:95:b9:58:55:88:32:9c: + 27:56:71:54:c1:6e:0a:94:2d:0a:e6:70:7e:42:56:6a:b0:eb: + ad:8c:cd:93:6e:20:00:6e:81:8a:18:1b:30:0e:c2:27:f3:74: + 67:98:3a:58 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKjnX/rQnfHh5Id/Yn4ciQJmZJ7VoIHzZWjXjQI3mdrohQBR +tGnpVykJUcJ4yO67h2JKqEbD1Abl8MIzaBP3VcVEQhQe12WkobZnOODCcmXurfWU +NJNP6dilk5gFNOX2DztxhDlxm7YQRzfvh9KYKaTxGOf0O1KvNLE5NJpJtHrtISxg +sgHoy7at+ACVhamHkZAFVAsunUx5xMhtcqsjW9ArkDxbU+3aVjk4N0VDFz2B1UmX +I4iDn7+GjVKvPYZF8R7o3Y9P/tq1NcvgArqOa2FK8sZd1wKVcSOee5mWz6zfICot +/gxCcsa4w4GBPqCNYkEXFPUkZ/Fsr8YMlAn7VgcCAwEAAaOByzCByDAdBgNVHQ4E +FgQUj3z4OiczwquWnr0PaODJWLsLfPIwHwYDVR0jBBgwFoAUkWkNlDS1uq/x3Zki +iBUrg7E3slQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAxBsqEjb9sa08x5YHx7mKA74NjjVYAwLfN/TeL +meqhAUOZGbmLXp70VXObGi8zl6zjaq5LxOniBDMpqFUIr07MKoOkEq8RVGLSGa1r +bVSs9pwVdwvUaHhbKwQOgpqYrI+8R94p0pVr7Y0pomDYhvyhkhiFLU9WJ9LeIIf3 +Nd2doSbL7f7otoe2iut8vQTVviqWzZX2Fpsp4WIMqMps+3AIPBBWv+XEVxlCh1/v ++3e5EGIeX+c1WIAwku9p7y3c+DBYlyiNZBjyyPPOzj+KqqDoJ5W5WFWIMpwnVnFU +wW4KlC0K5nB+QlZqsOutjM2TbiAAboGKGBswDsIn83RnmDpY +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:65 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:af:9d:d7:d1:a5:91:6e:5d:17:d4:89:85:95:b8: + cf:e3:e3:fb:94:dd:cc:c0:99:59:24:ac:c0:4d:cc: + 4b:37:88:38:3c:a1:60:06:96:8d:1b:6b:e7:2b:b8: + 71:9e:54:4b:cd:c4:4d:93:b6:3b:3f:7a:a2:c6:3b: + ea:9f:36:8d:e5:b0:0f:9e:27:58:7c:f8:fb:6f:e8: + ae:0c:bb:69:02:60:21:d1:bd:dc:e1:33:23:8d:c5: + 5f:dc:ff:33:71:95:98:77:07:69:c0:71:2a:bf:62: + eb:b6:e5:cc:2e:3a:98:1c:7b:a4:a7:cb:ba:e5:ab: + 22:32:fb:d5:03:1a:03:b7:d1:9f:d9:56:69:ae:b1: + 51:e7:8d:06:ca:2a:f9:25:43:af:92:a1:f7:40:60: + 85:5a:33:67:2a:62:ad:6e:4a:9a:02:1b:c4:e3:89: + 38:d3:06:eb:a3:8c:ce:a8:c8:49:5a:4e:08:b2:7e: + 00:16:92:60:4b:ff:77:2d:53:e7:2c:f3:2c:51:b3: + 16:87:67:28:43:10:d3:6c:d6:c2:96:97:a3:c8:8e: + 0b:ae:f1:56:13:bb:1b:ca:7f:2d:59:cc:37:fc:47: + 9d:f7:c9:0a:66:19:87:3d:13:66:50:0b:52:0d:13: + 33:6c:0b:fc:fb:88:cf:34:7b:9f:6f:6e:7e:36:ac: + ec:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + X509v3 Authority Key Identifier: + keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 41:b1:b7:39:9a:c9:11:6c:57:42:5d:fa:b6:0f:4d:97:e8:37: + 82:fb:f7:b0:ff:db:1c:78:73:17:f3:cf:9f:15:b0:c8:6d:16: + 6f:a6:0b:5f:ea:f8:58:73:ad:37:74:f9:f4:8e:6e:db:6b:21: + 98:10:80:0c:2d:b5:de:d2:73:74:02:67:8b:0b:eb:40:92:f5: + da:66:a4:dd:84:ce:db:49:47:71:bd:24:b2:5c:b7:03:2f:52: + 9f:65:f2:9e:ab:13:09:76:a4:c8:94:3a:30:b1:5f:43:9a:af: + 86:c9:e8:e2:37:24:be:b4:d1:ab:34:45:df:3f:77:ff:cd:71: + 5d:de:7b:33:6e:60:04:45:d2:31:3e:3d:3f:5a:2e:bc:2e:00: + a2:67:3c:70:8e:90:b1:b5:d2:f7:1e:1b:23:2a:d6:0a:4e:26: + 98:35:e0:3b:2d:82:94:ce:b6:a3:1f:5f:67:e2:96:af:c6:89: + ed:28:47:9b:48:47:58:dc:fc:6a:7f:49:2b:6f:0e:6b:40:40: + 68:ec:53:fb:ef:16:55:1c:1d:77:1a:49:8f:13:0a:c6:06:16: + 09:0d:08:e4:12:ff:cb:a2:0e:42:18:fc:a8:5a:04:e3:72:09: + 2b:01:5f:1f:63:b8:aa:51:dd:ae:b6:13:f1:24:2c:b6:1c:87: + 95:70:db:97 +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCvndfRpZFuXRfUiYWVuM/j4/uU3czAmVkkrMBNzEs3iDg8oWAGlo0ba+cr +uHGeVEvNxE2Ttjs/eqLGO+qfNo3lsA+eJ1h8+Ptv6K4Mu2kCYCHRvdzhMyONxV/c +/zNxlZh3B2nAcSq/Yuu25cwuOpgce6Sny7rlqyIy+9UDGgO30Z/ZVmmusVHnjQbK +KvklQ6+SofdAYIVaM2cqYq1uSpoCG8TjiTjTBuujjM6oyElaTgiyfgAWkmBL/3ct +U+cs8yxRsxaHZyhDENNs1sKWl6PIjguu8VYTuxvKfy1ZzDf8R533yQpmGYc9E2ZQ +C1INEzNsC/z7iM80e59vbn42rOw5AgMBAAGjgeAwgd0wHQYDVR0OBBYEFJFpDZQ0 +tbqv8d2ZIogVK4OxN7JUMB8GA1UdIwQYMBaAFJFpDZQ0tbqv8d2ZIogVK4OxN7JU +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE +DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQbG3OZrJEWxXQl36tg9N +l+g3gvv3sP/bHHhzF/PPnxWwyG0Wb6YLX+r4WHOtN3T59I5u22shmBCADC213tJz +dAJniwvrQJL12mak3YTO20lHcb0ksly3Ay9Sn2XynqsTCXakyJQ6MLFfQ5qvhsno +4jckvrTRqzRF3z93/81xXd57M25gBEXSMT49P1ouvC4Aomc8cI6QsbXS9x4bIyrW +Ck4mmDXgOy2ClM62ox9fZ+KWr8aJ7ShHm0hHWNz8an9JK28Oa0BAaOxT++8WVRwd +dxpJjxMKxgYWCQ0I5BL/y6IOQhj8qFoE43IJKwFfH2O4qlHdrrYT8SQsthyHlXDb +lw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/generate-chains.py new file mode 100755 index 0000000000..dea784e055 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root certificate restricts the extended key +usage to clientAuth.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate with extended key usage of clientAuth. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('extendedKeyUsage', 'clientAuth') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Intermediate.key new file mode 100644 index 0000000000..17dcb987aa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAqOdf+tCd8eHkh39ifhyJAmZkntWggfNlaNeNAjeZ2uiFAFG0 +aelXKQlRwnjI7ruHYkqoRsPUBuXwwjNoE/dVxURCFB7XZaShtmc44MJyZe6t9ZQ0 +k0/p2KWTmAU05fYPO3GEOXGbthBHN++H0pgppPEY5/Q7Uq80sTk0mkm0eu0hLGCy +AejLtq34AJWFqYeRkAVUCy6dTHnEyG1yqyNb0CuQPFtT7dpWOTg3RUMXPYHVSZcj +iIOfv4aNUq89hkXxHujdj0/+2rU1y+ACuo5rYUryxl3XApVxI557mZbPrN8gKi3+ +DEJyxrjDgYE+oI1iQRcU9SRn8WyvxgyUCftWBwIDAQABAoIBAF8LA5lRdu87W6tb +ZQLt77LoB0rRjyZQ3gmm8XQD8ZGbMexCDbFjWmZ/FgDGktqzr7UBqbtYSqEvFtFQ +uAo0LZF5nW1RBYfuogjQANOI13LAYidEpGkYmNAOLAVpOKEGWv/qGqtwYFyMwGab +ZOR+N0DXYlpztkYKzS3EsPL48pQQnXCEVYD/PetjzWkStjKl5AeTBX1LJf7ehtLp +d3P+HYgBHcuJm7I3mQbTnURl5WYpvl/+hDWIK+3w2BfaU/EF42gVZJCOTZDQtiaa +5t5CcNICs7pPjXYbIl2wvzH/dQNCMH2lgpJfXeaMW/PrK22Ddr3Yxdmrx7MtfEQN +f0l6IqECgYEA1ibuFrLCrNUCmk6Ry1t1oGZVa0gTkglvtfm1K0Y+pGeeKS9QaFq9 +6QT/F3IjHn5zY7CXbl3s5ezWUrislBLZ9rv6UnWVYAbfIMqhN39NAHUDkqEYiYRm +zUEkuB/kpf+YYXEKt73XfAcpQI/OY511zsLQ44q+a5/MAwhmkJC2zi8CgYEAyejg +dCXsW8G9L9+UafqSyorWX5NwUnT5m5545cvJs8UjP/M8tlF882LeHdbZ/FsLeAqd +vlRHVEcHGTToL/Iqn/n+b4OdAX2W3P09T94S0Rbghw3o2nEV9zjoRWETZYm9ZWk5 +Q8fC1NTJbjM4tkVzGF0/mbTNoZUw40PV1VTpF6kCgYBVeNI8EvrqGlZgmg1MmeNX +sqBTIkBVYBjLC7AIZo/n9EdG7tBr5hO4Jjtd8zsbF6McXcYC0dAUcLOV7olKzD9c +X+hn8vA8lGGH5/fye4eTMCDN7Cgr8sFJGL/8ERakPmBmO8ToUwfnQ8BuOTdJwPXd +IRpYRu77a5r0duzgtDGSFwKBgGoQflAlV8s/s91BKtqdOZ1SX5inf/qg3jqEfefh +LJzV81V1ti/kEKpeBmZQZgRt41F06jaAWVQJV85C/7GoGgIdti3oSoLs8WI3WYzq +EKJrzRjFEswlWa+b4lAH1cOiHq72HpHfjxZ0jTfpimIdi3+CBJX+54J5N8w650qA +p025AoGAGtXM2FylEgDSTUFy0OSECV82Gyvywh7ShjVjch7hL+3/rrqnCUonx33W +vzMiuSHo8wtVcPkezdo4nfRvhgDQVKTRRFRfukC2+uY9RL3v4q0yvLTxQuSsxdfZ +tFJzjY0HypYIoEurGE76rrLSNQxmeuDash0HthJGjbb6lWz3rVA= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Root.key new file mode 100644 index 0000000000..aedf1e9390 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAr53X0aWRbl0X1ImFlbjP4+P7lN3MwJlZJKzATcxLN4g4PKFg +BpaNG2vnK7hxnlRLzcRNk7Y7P3qixjvqnzaN5bAPnidYfPj7b+iuDLtpAmAh0b3c +4TMjjcVf3P8zcZWYdwdpwHEqv2LrtuXMLjqYHHukp8u65asiMvvVAxoDt9Gf2VZp +rrFR540Gyir5JUOvkqH3QGCFWjNnKmKtbkqaAhvE44k40wbro4zOqMhJWk4Isn4A +FpJgS/93LVPnLPMsUbMWh2coQxDTbNbClpejyI4LrvFWE7sbyn8tWcw3/Eed98kK +ZhmHPRNmUAtSDRMzbAv8+4jPNHufb25+NqzsOQIDAQABAoIBAA5E5/1L06ZBACev +yN/idVnR82YkI3feveSB+NoZaF8pvVAH2LKQVwTMXqspwGmZ9dLRSXBgFS5SO5mZ +0rV/DEaGaK50CfeVj3CHWmUEcULVJspQ//p4WkIxsFlXjwmCmzHIs2oEh/GnCvoA +b/etoSBnV3ie0B/LKOs1lRg8a+Lqjd1PdtdgJPun8cExfa9rmLPUAAuTwVrzKNdT +S3IcxKBYBOtMJjGO41GG5bw0x7JrzBACxqXl7B3dC4XohtdL5bWhLYIxEUTF9e4L +QGFYX7NRzWzbEze8V15KY33sbj4HRbRJwjsQ8YG+BSy6NgXdSrRJAm9oNTOAsf7f +/ipDoGUCgYEA5gLFzzsLnKxgzfiXlpV40rKiV/QmoOz1E2cFN+DMW7gWBNKVcMll +b6xKjMBG3ALuGobcf/EFkeZD8IIlB1GkI+W6qFSFLktT2TGSOHgYeBJrPuZ4l58r +xF7VBpP1CBAudUbJ7oACvag/XlrNUbx76R8fsK7PwA3ofXL1RXGsdNcCgYEAw3Wt +fTrSvLE/rDE7v/nVJRyKFa3UBjza6vvxZbdnhC9bmYr2sLw51xipICeOK/MQ978i +EeDGcpWPOvPeyxjC5MXUB+zbj3DgYAGd8Fiho27pmlIWL7q5BII5O8RCAIvTwFdp +CqXyzLiqvRGvIkzfwprRiJ0rct9VF4bJQ9CAdW8CgYEAn2PWfge1wUl2/+S/71r/ +Ukr10ytexW/PWTWv2QwPsZN8trTTWEhH4b4sHyNzNy1UoM9J5+M27+b4t6cIT+0U +aMfetJ11eSI8JauDX1xh4HsrFHiTosZrhvYMezV2vLKx7xUyA/NzcsgvuYwE8hpC +Z8boqABL+RPqQ1yxeQEP+BsCgYEAmmaJJ5WiBwCVZbZ2lo4KO4ix47Iu/MZxwJJI +/KrGkPrAByho+u+VWT7Xyti0TC90ReCsTycaXEWcoVsnsZPb0NAdUC1gu4zVEcH1 +O3koJmxlCEyzzfxYTyF3iKjd4oSSPyxNg+XXSLTP2w7vI89KKvYVcy+EtPeKxkzp +DDLWZu0CgYEAjSeoIVpnaj62BJgvdcTfR1nfa0StW1XKjETfzrSrH47G2NVdfHRJ +nQOJpgdg5hEr5iRyTATZcbV+EPzcvsiUCGxo+0pRlsjo3K5RkHW8FSA1aBufj6/Q +ISLrrhCbDRV9iPFvqPnybXx21MK5qnOBW4fbc9aqvVTCc0dRC3qsX4U= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Target.key new file mode 100644 index 0000000000..bdf8209927 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAwGSnAbKDbEe8LTAB+UOM/MxrfKTHHHj6qIy+Hppy0DQaVoBn +Z3ZIip/FOmieU8I1zml+T9XE+wuRPK8AJvS/d8rN7If5bgWbDJMb8m7IEDJOe1Ec +IndMuKO91tyVKZtLtdnOrpHYBcXFv0qct5Tb1aXmsUThAkoa3CHl5qa6VC4sP0D1 +/Vx53VVtnuKr2zxntITbuob9oLXYi9C4vIt36TIxUWjuGBcJ4vEneco8cqjzliUx +JDoFU9SJCkh6nC1taoSX3zTJIn/VBfIskenEf6vQrnYiZK6+4n+XCOyGipK/V/Ai +95H/hhdikuOAixmEFGAZAJHW/lGWd1siDTJQBwIDAQABAoIBAQCTaows2MOqrCyb +0zUv8XqOGXQixX9raadmjrD+cgmXTtT/gtO4iwF6doGBB7iJJT5lMp/+PCX61hor +DUxojRBIkbTHkEim7NSpBe9cC1ZwUpugEb4lCpRWxeAoSkxg3QVeCc48JLQJeEjV +Ei6S3BS117C0E7r1LiL2mWK3IPmUlZhPy3HcNHXOliMblb6lK6zSNH7y9U4KJQv+ +Fok2uVNiJ2aU/8MYHlpfVtLoRXs8FdTMheWnfdDTu7q3w+UvlEhlLOCieiwr4DAv +daD2Ga4+TaamKdLNzlWlIxip961jw4d+HvqZl1h3VcpoD9i5wK9jlEu9bNrPdKrR +64UyetYBAoGBAOM7neYQ9l1vdDDOr6KZDPa63U3JrfSZKp6DCldt8+BhhmL2ICd9 +EjgkspNLeFAQr1iSXY7zaE18MfDIgfFhc/K8/mIGmDFsnaZEZB8+TuU4a+MzW+yr +LEzAby4z5JA2be5eTZPzbf/fAkUXRbPe/9ZYORWJG8/MgizqhrQXw0ahAoGBANi/ +6quOZpcXZeYOrQJZ6OAKVBBpOE0Zt7s4rtn1oTTGTQVPjAcgSv7cn058a0XlK85P +DZETJtUTkGm+3dbSwlRVZ4Lj2ozUxoKw4q0jq6co7XACqlW96I0IXdQRWT9lTyIg +Yy1LlX1Qd2+h5qKoIxgJYM7D4wrC9mPY+00Obx2nAoGBANytIxUxV/E5sh9MOmmw +NVTP+Of4ewXWUfuKy1pJH9TDIZ2t5WA0KKN5kCtX2cn3yjI8Qrv3S04k1OM/9mIT +AGW2gV11hgxJrXixZoKpIjmd57jIQfe/7M/E+rRmFQywr2YVE0Yh3KvnSe8LQNgE +M3VYTGfLtcTCmZFBWfxAL5bBAoGBAL7u2IcFawPf3ah59xeiIgzxrDnEpo7sf7gR +550izj4SDRkHiL9iSA4YRNE7sregeCVF6BqK92Mt18H/G6Y4hG0LyqI3m3cBnFjV +/ugsCvK2j+pivq/HGcrauuSr36WD1eCnDRaChY4dSwjwYp2YZUmwQTICxsbdFXTB +WCX5+BHzAoGBAI1K64rT7krwdaGgXXOopeDUIuPvzNLW5OkP8BkerhaDTEfoMR+H +C8Uo8mzSmKcxm1x9Usd9v+Kx/Li6FDlh6EQVZId60Q9T4dpV+EXN9eFI23H+YYP8 +pTcM0MIlMhBU94Gjkees/Zm8ibyLdKdY9cTTtchBmpx1FeRUHpyhsSAf +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-strict.test new file mode 100644 index 0000000000..556a117827 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-strict.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints-strict.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints-strict.test new file mode 100644 index 0000000000..347f0be30b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints-strict.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints.test new file mode 100644 index 0000000000..40ff1b530d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration-and-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration-and-constraints.test new file mode 100644 index 0000000000..503445ebbb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration-and-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION_AND_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration.test new file mode 100644 index 0000000000..fc8361e92e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-expiration.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-eku-clientauth/serverauth.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/chain.pem b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/chain.pem new file mode 100644 index 0000000000..f144a8c5f8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/chain.pem @@ -0,0 +1,273 @@ +[Created by: generate-chains.py] + +Certificate chain where the root certificate lacks a basic constraints +extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:30:93:e0:af:42:20:f7:92:d9:8d:63:e4:7e:ee:e3:df:49:cd:56 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e0:2c:39:1a:67:64:64:af:b8:19:4f:41:9e:78: + a6:a8:fc:a4:43:70:a7:7c:23:f9:27:a0:7f:98:37: + e7:ee:fe:be:2d:82:65:9e:46:15:1e:fc:3d:70:36: + 96:47:69:6a:c0:51:c5:f1:59:2a:d7:1e:3f:b3:2e: + df:ac:af:89:16:45:ed:71:ae:38:04:4d:5e:e7:b8: + d9:a1:45:14:a5:f9:a4:f7:e3:e7:e4:e9:ac:7e:82: + 95:e6:5c:8e:ac:da:14:d5:2f:04:ed:48:f7:56:4b: + 5a:98:72:0f:07:66:ca:17:a5:0e:b7:05:64:3b:6a: + 97:ad:b1:7e:4d:b3:8c:d4:2b:23:3d:88:bb:c9:80: + 04:d9:5b:1a:36:37:ab:d2:c7:06:a8:81:6f:62:b7: + c1:74:74:8e:ee:f6:6b:c0:15:28:44:50:85:dc:8d: + 3b:e7:0b:82:9d:bd:db:20:69:1a:55:68:48:0e:84: + 2a:25:26:ca:01:ad:16:7f:3c:30:d4:5b:47:9a:86: + fe:fc:90:b5:d0:bb:d3:ee:af:9a:80:3c:4c:da:46: + c8:db:36:68:89:51:fe:76:78:cf:22:eb:ce:62:d4: + 2c:2b:c7:7c:24:48:64:ca:9b:91:b2:90:fc:c9:29: + 65:70:83:60:05:1a:32:70:ca:12:f3:70:52:dd:3e: + 82:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 98:FA:6D:F3:B3:9E:A3:B9:81:22:1C:C5:19:24:06:BC:D9:D6:92:ED + X509v3 Authority Key Identifier: + keyid:C1:E9:0B:DE:AA:27:20:FA:0B:FF:DB:77:09:96:1E:9B:2C:0D:F7:70 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + b4:37:d0:b2:e6:04:26:d5:cf:ea:f2:91:5c:aa:03:17:35:07: + 21:bd:67:52:60:9c:c2:9e:79:6e:ef:5f:a2:05:74:6c:b4:75: + 7e:f1:3b:0f:2e:62:85:b2:33:3b:23:68:7c:67:e1:b6:e1:c4: + b0:af:50:29:a7:73:fc:aa:b9:e0:f2:fb:7e:f3:f5:27:07:e6: + 26:c0:b8:51:06:7c:42:9d:59:b5:b3:2f:ae:ea:f4:e5:0b:9c: + 63:00:34:2c:46:cd:df:22:55:21:3b:78:23:b0:8e:0d:69:8d: + 66:92:16:90:83:fd:ad:46:60:7f:5f:87:61:7f:2f:0f:c2:8c: + 0f:7a:dc:b4:6e:cc:a7:80:88:3b:49:17:ef:fb:95:48:9b:80: + b6:f4:32:95:e0:e8:e6:1a:97:2f:fe:c6:a7:ad:02:b8:ef:a7: + 25:42:cd:ea:bd:c1:64:6b:b0:89:6c:bb:fb:e6:9c:43:b8:51: + 03:0c:ed:03:01:44:5b:ef:ad:8e:59:aa:29:cd:2d:c4:c8:1f: + 55:66:c6:26:d8:6c:2d:07:ca:91:10:2e:04:54:5d:e1:ee:87: + 1b:22:ff:2a:b9:7a:e2:be:be:d7:51:d2:7f:3e:ee:e0:80:c8: + 58:fc:f1:7e:66:ca:6f:24:1a:bc:c0:98:a0:75:88:27:2e:28: + 59:30:f4:05 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUbzCT4K9CIPeS2Y1j5H7u499JzVYwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA4Cw5GmdkZK+4GU9BnnimqPykQ3CnfCP5J6B/mDfn7v6+ +LYJlnkYVHvw9cDaWR2lqwFHF8Vkq1x4/sy7frK+JFkXtca44BE1e57jZoUUUpfmk +9+Pn5OmsfoKV5lyOrNoU1S8E7Uj3VktamHIPB2bKF6UOtwVkO2qXrbF+TbOM1Csj +PYi7yYAE2VsaNjer0scGqIFvYrfBdHSO7vZrwBUoRFCF3I075wuCnb3bIGkaVWhI +DoQqJSbKAa0Wfzww1FtHmob+/JC10LvT7q+agDxM2kbI2zZoiVH+dnjPIuvOYtQs +K8d8JEhkypuRspD8ySllcINgBRoycMoS83BS3T6CsQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBSY+m3zs56juYEiHMUZJAa82daS7TAfBgNVHSMEGDAWgBTB6Qveqicg+gv/ +23cJlh6bLA33cDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBALQ30LLmBCbVz+rykVyqAxc1ByG9Z1JgnMKeeW7vX6IFdGy0dX7xOw8uYoWy +MzsjaHxn4bbhxLCvUCmnc/yqueDy+37z9ScH5ibAuFEGfEKdWbWzL67q9OULnGMA +NCxGzd8iVSE7eCOwjg1pjWaSFpCD/a1GYH9fh2F/Lw/CjA963LRuzKeAiDtJF+/7 +lUibgLb0MpXg6OYaly/+xqetArjvpyVCzeq9wWRrsIlsu/vmnEO4UQMM7QMBRFvv +rY5ZqinNLcTIH1VmxibYbC0HypEQLgRUXeHuhxsi/yq5euK+vtdR0n8+7uCAyFj8 +8X5mym8kGrzAmKB1iCcuKFkw9AU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:55:78:34:50:50:34:15:fe:10:58:e3:0b:cb:6b:c3:c6:56:3d:16 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:de:e6:c0:76:c5:4c:d0:8e:b3:87:07:91:66:aa: + f1:ae:93:8f:a2:83:2d:d5:05:91:b8:52:f6:2d:a5: + ff:fd:95:ee:85:0f:85:c3:eb:d7:8e:f7:6f:2a:c0: + 15:de:ae:1e:62:62:12:64:c3:f7:c1:0f:05:a4:0f: + b7:33:69:92:66:57:93:4f:4e:04:43:bb:23:bb:c3: + c6:29:0b:42:68:1f:26:81:77:2d:91:f6:62:b8:e3: + 9a:2c:78:2d:7c:1f:3a:f5:ce:f2:c2:75:39:5a:b7: + c2:23:f5:f5:ee:7e:a5:7a:45:c4:d4:1e:12:c8:a6: + 40:44:64:07:ff:33:a8:ce:41:df:77:c4:01:f5:c5: + 41:6b:4e:a0:ee:9d:36:63:5a:b0:e8:38:bb:bd:fb: + a5:7f:6e:5c:6d:c6:62:dd:05:2f:90:d4:fb:5b:18: + 71:84:57:e2:c9:d3:cc:c8:36:5f:d1:78:20:4c:68: + 83:1f:df:64:a3:11:9f:e8:bd:d4:bb:8e:04:63:0d: + 3d:6d:a9:43:30:5d:f0:ca:e3:62:8f:11:9e:8b:8f: + de:9a:6e:6d:03:e5:8c:0f:6f:00:6e:1a:72:2c:13: + e0:a1:78:93:ef:2c:6d:2c:0a:8a:5c:02:65:50:36: + fa:da:07:ba:36:b9:21:eb:01:14:97:ab:19:60:be: + 97:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C1:E9:0B:DE:AA:27:20:FA:0B:FF:DB:77:09:96:1E:9B:2C:0D:F7:70 + X509v3 Authority Key Identifier: + keyid:96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0a:11:c3:21:b5:94:3d:5f:ae:33:72:18:c4:74:c0:cb:15:b0: + 22:74:39:5d:76:7b:77:a9:91:0d:02:7c:1b:0c:fa:d1:dc:94: + f2:d3:38:01:f3:64:42:53:5b:0e:a7:a3:7e:8d:8d:0b:6f:1a: + 93:ab:17:3a:02:43:23:c6:c2:8c:40:32:fe:e9:e4:42:31:c2: + 4f:96:87:da:54:70:f0:85:31:7c:a3:a2:96:af:c6:a3:0a:26: + 68:3c:db:1b:dc:be:58:c6:c2:ef:62:a1:87:3e:01:4a:3c:c0: + aa:fa:f5:30:d7:7d:35:3c:3b:f0:ef:7b:e9:f8:67:5a:f7:75: + 5f:0f:ae:63:a6:61:98:5a:21:8a:36:ca:59:40:75:60:4b:6b: + cd:0e:99:d7:2f:fc:85:1d:81:4c:50:e0:66:1b:fe:8f:83:e4: + bf:00:07:48:3c:ea:16:c4:43:8d:53:3a:44:bf:64:99:58:1e: + 72:38:f9:ec:63:ad:4e:e3:5a:7b:b3:22:0a:54:d8:49:41:e7: + 4f:f6:ad:df:3b:f2:c2:3d:d5:e1:62:30:4a:61:30:09:ea:2a: + 66:98:1e:a7:51:e1:cc:08:c2:32:5e:c7:77:2c:93:c0:6b:77: + 89:99:e3:f5:89:bb:62:6b:3e:96:25:ac:a1:79:2e:82:9b:e3: + 1b:4b:28:96 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUCFV4NFBQNBX+EFjjC8trw8ZWPRYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN7mwHbFTNCOs4cHkWaq8a6Tj6KDLdUFkbhS9i2l//2V7oUP +hcPr1473byrAFd6uHmJiEmTD98EPBaQPtzNpkmZXk09OBEO7I7vDxikLQmgfJoF3 +LZH2Yrjjmix4LXwfOvXO8sJ1OVq3wiP19e5+pXpFxNQeEsimQERkB/8zqM5B33fE +AfXFQWtOoO6dNmNasOg4u737pX9uXG3GYt0FL5DU+1sYcYRX4snTzMg2X9F4IExo +gx/fZKMRn+i91LuOBGMNPW2pQzBd8MrjYo8RnouP3ppubQPljA9vAG4aciwT4KF4 +k+8sbSwKilwCZVA2+toHuja5IesBFJerGWC+l2sCAwEAAaOByzCByDAdBgNVHQ4E +FgQUwekL3qonIPoL/9t3CZYemywN93AwHwYDVR0jBBgwFoAUlp/LnFwNBp3xOiHV +IvdLdSx909MwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAKEcMhtZQ9X64zchjEdMDLFbAidDlddnt3qZEN +AnwbDPrR3JTy0zgB82RCU1sOp6N+jY0LbxqTqxc6AkMjxsKMQDL+6eRCMcJPlofa +VHDwhTF8o6KWr8ajCiZoPNsb3L5YxsLvYqGHPgFKPMCq+vUw1301PDvw73vp+Gda +93VfD65jpmGYWiGKNspZQHVgS2vNDpnXL/yFHYFMUOBmG/6Pg+S/AAdIPOoWxEON +UzpEv2SZWB5yOPnsY61O41p7syIKVNhJQedP9q3fO/LCPdXhYjBKYTAJ6ipmmB6n +UeHMCMIyXsd3LJPAa3eJmeP1ibtiaz6WJayheS6Cm+MbSyiW +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:55:78:34:50:50:34:15:fe:10:58:e3:0b:cb:6b:c3:c6:56:3d:15 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b7:0e:0c:2e:e1:46:5f:9d:dc:3a:16:51:56:2f: + 4c:5c:f7:92:93:2a:a1:bf:d1:bd:15:cd:8a:f8:e3: + 8a:a4:41:fa:9f:de:85:84:ff:cd:5b:7d:13:33:ca: + b8:8b:34:f6:85:73:a5:23:ef:ba:61:ca:18:9f:08: + ea:39:17:18:69:dd:3a:21:57:a5:6d:b2:63:a7:42: + ba:b6:8a:4e:e2:1f:ab:88:4f:ae:ca:1a:66:b8:79: + d2:94:73:b9:46:c4:be:89:31:53:c1:d8:b4:cc:1c: + 6b:d9:0c:a3:5a:e3:a5:20:7c:a0:bd:d4:14:7a:14: + 29:0c:b7:40:da:f5:fc:af:c3:91:65:78:b3:41:ee: + f5:9f:0b:22:0b:c1:f5:12:94:89:25:13:1b:dd:a3: + a3:44:7a:57:7c:40:17:e0:66:33:a9:27:7c:2e:6f: + 9f:38:d3:fa:4d:67:80:39:33:36:e5:41:fd:ac:6b: + 37:d0:84:75:e2:84:93:3b:8d:ce:8c:22:98:4e:05: + 64:7f:df:fb:96:85:c5:ea:0e:11:24:f9:84:bd:17: + ce:15:30:86:ad:c6:de:2c:48:84:d0:45:d4:0b:1f: + 13:e9:a4:ca:e7:69:c0:24:a1:23:5e:6b:4e:76:b4: + bd:d7:0d:96:94:b6:d9:8e:25:9b:1e:c9:a2:00:10: + 47:77 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 + X509v3 Authority Key Identifier: + keyid:96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + a0:63:51:25:66:b7:9a:52:c8:f3:a5:18:a4:76:b5:02:e8:a1: + 12:0e:f7:e0:92:32:6f:85:2a:d3:95:ae:c1:5d:11:11:53:c2: + bb:85:55:a5:5c:71:f5:65:c6:f2:88:8a:a5:10:66:b6:bb:36: + d6:d5:c3:c1:87:be:bc:5f:c6:47:87:63:de:ef:6a:d6:46:db: + ca:b6:09:17:07:39:76:6d:3a:ef:69:37:05:0d:c8:24:51:1f: + 24:a7:c0:bc:44:a4:a3:57:28:f3:4f:ca:52:3b:1c:1a:3c:18: + 07:17:26:8c:ed:22:d0:0a:41:05:ae:cc:2c:b9:24:80:d5:22: + 1e:c0:eb:a7:48:fd:3a:c3:ee:89:95:6d:25:0b:45:86:70:11: + 69:da:11:38:c9:7a:3a:c1:b0:a7:f3:df:15:85:d1:66:ae:8f: + 2d:52:38:2d:db:32:c5:12:ba:e2:fd:b1:77:8a:ef:1b:8d:cd: + 99:85:33:e3:82:bb:42:f2:f7:92:56:4d:5d:4e:8d:82:54:23: + e8:90:3b:32:d2:9e:24:a7:4b:58:86:ed:fe:bf:b5:8d:e5:a5: + c3:af:d8:fa:92:df:bb:ae:8b:00:8c:64:e0:6c:53:5e:d9:14: + bd:30:78:40:80:f4:58:cd:b1:92:50:c9:87:59:91:39:18:a9: + ea:18:44:e7 +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIUCFV4NFBQNBX+EFjjC8trw8ZWPRUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC3Dgwu4UZfndw6FlFWL0xc95KTKqG/0b0VzYr444qkQfqf3oWE/81bfRMz +yriLNPaFc6Uj77phyhifCOo5Fxhp3TohV6VtsmOnQrq2ik7iH6uIT67KGma4edKU +c7lGxL6JMVPB2LTMHGvZDKNa46UgfKC91BR6FCkMt0Da9fyvw5FleLNB7vWfCyIL +wfUSlIklExvdo6NEeld8QBfgZjOpJ3wub5840/pNZ4A5MzblQf2sazfQhHXihJM7 +jc6MIphOBWR/3/uWhcXqDhEk+YS9F84VMIatxt4sSITQRdQLHxPppMrnacAkoSNe +a052tL3XDZaUttmOJZseyaIAEEd3AgMBAAGjgbowgbcwHQYDVR0OBBYEFJafy5xc +DQad8Toh1SL3S3UsfdPTMB8GA1UdIwQYMBaAFJafy5xcDQad8Toh1SL3S3UsfdPT +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKBjUSVm +t5pSyPOlGKR2tQLooRIO9+CSMm+FKtOVrsFdERFTwruFVaVccfVlxvKIiqUQZra7 +NtbVw8GHvrxfxkeHY97vatZG28q2CRcHOXZtOu9pNwUNyCRRHySnwLxEpKNXKPNP +ylI7HBo8GAcXJoztItAKQQWuzCy5JIDVIh7A66dI/TrD7omVbSULRYZwEWnaETjJ +ejrBsKfz3xWF0Waujy1SOC3bMsUSuuL9sXeK7xuNzZmFM+OCu0Ly95JWTV1OjYJU +I+iQOzLSniSnS1iG7f6/tY3lpcOv2PqS37uuiwCMZOBsU17ZFL0weECA9FjNsZJQ +yYdZkTkYqeoYROc= +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/generate-chains.py new file mode 100755 index 0000000000..9cca59fd74 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root certificate lacks a basic constraints +extension.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().remove_property('basicConstraints') + +# Intermediate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Intermediate.key new file mode 100644 index 0000000000..b370a699f6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3ubAdsVM0I6zhweRZqrxrpOPooMt1QWRuFL2LaX//ZXuhQ+F +w+vXjvdvKsAV3q4eYmISZMP3wQ8FpA+3M2mSZleTT04EQ7sju8PGKQtCaB8mgXct +kfZiuOOaLHgtfB869c7ywnU5WrfCI/X17n6lekXE1B4SyKZARGQH/zOozkHfd8QB +9cVBa06g7p02Y1qw6Di7vfulf25cbcZi3QUvkNT7WxhxhFfiydPMyDZf0XggTGiD +H99koxGf6L3Uu44EYw09balDMF3wyuNijxGei4/emm5tA+WMD28AbhpyLBPgoXiT +7yxtLAqKXAJlUDb62ge6Nrkh6wEUl6sZYL6XawIDAQABAoIBAGFjfI/oIGm3D6Vd +nx+2bKYT/tvIaMv8BPD9/mVvc+t+CJrGb3Fsp9/lKAMLrgJ/HPNrWhIAtUz6nUJT +Q34JEFf6x3gM5Dwblb9CCGCCdN89TPuf8J8ngXa6qu/nCiiDFKW1Z8eipA6I3yAL +JQqw9uf3d8od4aMdUFMRSZUtIwIKYScFuF7iD8HZdHY3IFe+XWe8rDWFlB/U9//D +uE59SlNvxOA5Gp0tt7M0zeGbbmagPRG0z0GDFmd0uaIAD/4pHdrOQJiRd/ApFFqv +6Mxs2jp2+pE+bNoxCWBlOKpM0jUuO25CKkp+TCcmSmt4M5OElDNxqCOvSTLKTsA8 +NwbYTtECgYEA9GsDPG+7OX8ydGHlDOkGvFa3D7gTXI9lM7IJ4UmtITSK+A6HlNd8 +WhA3UqvlPAOnetm1ITAjQRcxndVotfy+t1GpKETpUoxte40fk0NeWXrCVtFN1wTG +ODZsFnChD8QZ6tS/sPOr1vowYV/9mcXUh6P0veT1WohVrcO+1JF4x1cCgYEA6Xa5 +lsKCIX4hzb+YFCyKOzb1Drk8eJho7i9Wp//m89YzKIuBsQsfVJOFQghZpqxfRD+Q +BgasR3/5Y6B8kLdBDw7QrahUOKZcqxCPTF6Dl/eiO06roGE8TGDrFlbB/nPGGaoO +DFW928q6uru7RxBdRGGPx5zQ14NlWUBckStUSA0CgYEAiaae+vF+AsKk+rCLW/r8 +xSMdE+g6Vz2W5EdXkx54N6Qsw8kDCItXSC2ryo5ump8AOorTnK5MnILgeaBPyXZf +PkTqPHia4tedbSCscLZXM5OUUWqtKPRSYiQcOYMS4hsx8XQBxTlmRLtAdgamf2zP +5dgrpKqGl4cCocsE9Rg8ah8CgYEApntBUN6XiWa2mE++FPTGBf/ktIEnPCADA4bC +Vr7HZK4kgQ8qhqOVzev8pN/rfk2BCdwByipMBBigMIkrCs+DF0fLS2qz1End3ybJ +6P2k/WNbTsuE27M7GoQqYB2x7M+GPprjtawW3XstuSdSHxTuTWr86q1Kx8QtK34Y +BHVPfqkCgYBJiU94uy0uxnwRuvLQ0LI4je8QKQCjs8/ASLEiD3x5l5mVST269URI +ZjXzYGNGyfhI7T9rNoHMB265BfBAp3pvuWB92rQz2im4ByeSOZo+oS2WL+2+GXoe +5juWrKuHzr8eKJXqQd/Db0VZpHZx7xtwb/7Qp2x8/X4bX5v07PgzkA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Root.key new file mode 100644 index 0000000000..9fc3d8bc12 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtw4MLuFGX53cOhZRVi9MXPeSkyqhv9G9Fc2K+OOKpEH6n96F +hP/NW30TM8q4izT2hXOlI++6YcoYnwjqORcYad06IVelbbJjp0K6topO4h+riE+u +yhpmuHnSlHO5RsS+iTFTwdi0zBxr2QyjWuOlIHygvdQUehQpDLdA2vX8r8ORZXiz +Qe71nwsiC8H1EpSJJRMb3aOjRHpXfEAX4GYzqSd8Lm+fONP6TWeAOTM25UH9rGs3 +0IR14oSTO43OjCKYTgVkf9/7loXF6g4RJPmEvRfOFTCGrcbeLEiE0EXUCx8T6aTK +52nAJKEjXmtOdrS91w2WlLbZjiWbHsmiABBHdwIDAQABAoIBAFLzeK3dw8gcfumL +p3wInvAZ+D/cN8P2xVqV8/3pDrB0fZ/odFTanjJxMTxtBsd+TqAW0aTBQ5KAxDt9 +DLamMpf2ehsV3o8hIWtwH7AMaMarV03D3g8Te6zo93XyIulgyn7c7XmQPA2qa2zF +/1h2hCN+llCvREA11ow+lpMimUkD8DI8rP2VU9QigVDpo1OxTeYSijkMQWPgvDgd +rVn2BpqKG3HMO28WkLgYcnX+RrAXEXIhlupvM0afXNEfC6lO3GiwvaFSQyRvPm7K +8sc1EuYjRt5q+ncmLGKfzEUBLXq6hMJPWFDdqXqMTSf4KIz+K2609d4JGqdsmmLH +K+NY9UECgYEA2d0BNX5D8SsaX+KPxPLd6ibXni2ItVFHm9xYaX54Ds6TYLg7co3u +5vzDL6XQnSAW4gS97O44eQDheDfeEnFrTiPhfE3lKE1YjEoFYnQCgSVU6UcW/7sG +C91Sg0PmthOEiClQH+4gMumK5Mwhrg/iujxtOd4SBLScJzqHR86gx2cCgYEA1xkw +3WBYKn1MjNMf6Uoi12iQ9yYX1ve2ysnnL5ENmjzTDSugGtjXCyeZnvr+FZYWY6gz +037JCJs0kOqEVZuz6b5yrMAb7Cy6GsyfWS2ukdlBYGcgDbbE3BgRB/AB7fQ5gVBW +Xodhoh/HwJPcxHDmUcN7evqLcqmDF7sTfNdqxXECgYAZB0vBQn05spL4GwYbQS9/ +W/D/agm/ktPgMwMxM2dFhDPoM6IYufeNL9KYobsCohIe6x6Knp98Pz6n2fs4MTF7 +q6GW7zf5VlFq5IIT2nIDNi+4EQOyY2EBce6tx9o0Zq+eGOjskiW+05eyS0U/QvHw +JUsDD+EQC1O5Kf8qn7FW1wKBgGwfNofg+RCKoWMccSsEYBUlc9E4Lb2aESFIclRf +tpW0Q2aYakd0fkwWIMtgYT4ajrCTiVGjpowT8E10BQc/WCWD3QLnImIKbZYxC1x5 +cQnRSmKaE+uw1q3Hzy/NPjsNi6Zr6q5joPksvm0YJl38Xln1SGmd7WC6wrG4EOit +I/eRAoGBAKN/g9pOqKIqVqb2CqlcTCkj/PJGe8k9fvZ8hIGxLC5oSLKoMnF+RluB +IXldP9WW/INDlW8n5Qb357U38a2pOtlYYIh2/b9qYdsfLIrnuuewpTraNTij9xYV +d7nojTLwHLCOu8Ck4lgbidUrPox+fF1wp4wfSCpPmR7jSsUxZmKY +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Target.key new file mode 100644 index 0000000000..9f20a14e36 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA4Cw5GmdkZK+4GU9BnnimqPykQ3CnfCP5J6B/mDfn7v6+LYJl +nkYVHvw9cDaWR2lqwFHF8Vkq1x4/sy7frK+JFkXtca44BE1e57jZoUUUpfmk9+Pn +5OmsfoKV5lyOrNoU1S8E7Uj3VktamHIPB2bKF6UOtwVkO2qXrbF+TbOM1CsjPYi7 +yYAE2VsaNjer0scGqIFvYrfBdHSO7vZrwBUoRFCF3I075wuCnb3bIGkaVWhIDoQq +JSbKAa0Wfzww1FtHmob+/JC10LvT7q+agDxM2kbI2zZoiVH+dnjPIuvOYtQsK8d8 +JEhkypuRspD8ySllcINgBRoycMoS83BS3T6CsQIDAQABAoIBAGVvvVsUQ9pHpP9W +3LNvlsJKp62YkUDcKkbjGjlvurRrcvS213KZ9b6ylr5rBO9FZTenCPGfzoHOvzY+ +VJoYR+jbNYlGMzTHKdWi0F9oGeLMpvhAmVL85b/NKTU21pyiheC9SPZyGPFkYZcv +rVtFCNdQKetpNiSoo//FnAhe4a+zCFmZVvY2jPeaSRnCvYTiYmgtZ6wZpyEv+oFC +kXka/6EJOYwh5GjGeiY39iqkE7g1dTirkPEkI7TFduJrDhgHGAzXV3IisVb27pkY +6kEWDJ3KNWQl2XEmzoCG3WkCkkL4G2pEmz3RuoQjaaNHxfhaSSnle2CX4NLQ+hXo +SyjZa20CgYEA+lco8648CSePxLjJgdG4NUN4VDVxCPG+cKM2qEmTL5jFQ20u1yAP +y5vABuE9d+8/k3Lbmp9pMNCvdQpNYM5mec9jIelxWisHKUksEHp140fJ0svnRQrD +K5zthjGU/6VaIyxMaC1CL+3BOhoHiL3d9Ghg4SxQaW+Blj+tgpsZk8MCgYEA5T2e +Mv/TowlKzjvd9ms9Y2tFGqVaYA264Kgx7pyMKzSAZz3L5vomU3n3cAjEAWPKyaLO +3ersNz8e8DIgKSmxkoxphII23n6kDXa4fRCkENkAM364MUE2YrNgS4rPTJccNm/R +FIxcKJIuc5x+6ST1DPGZGux6HHnxXiBhv3VFLHsCgYBC0gL/UDF8LBAm7T/0I9ts +dC7pIz6hqY0wmZAcSU89NCTrQ3huOYOd0FvoOjTjD3xDyjOtyQEV444Bypcu0Mjv +mJiYU6xK6hNGRN67I0TWPrIzTvPTLPU9bezElfV0a1ls7AUVBYeWLXsXHB2ItU1K +UJYTZHWuPvIy/Zo9s1KXawKBgDb0iZtSRwsbrCo6oeB0HvhZe+yCXWMPh5BZ4faA +4v1sjaeyYdJSf6OdZpseDtcCdFfYRt1edxhbcnBEo/8aNq6aKKWSjdLS60MrBdk9 +hwde7jRqGX/9UStiMyCI+18yDppiPe4+I826FZazmp0Ltg9PT9Prgu6WsS1OeABs +/ZNHAoGAT4kWsH14RcuR+co4es8napH9SzZcTscn06RU5DDpPi0OGNHb3ovu8F0B +teo4Lz3o+DuscFYVxIu19JvDj2D7yiuv/HW1lhj72eyFiUX7xLWruwNzvBPDTeWt +o7hNwP4FgLlDf56bo1fMHdAkUJ0sXAEL6JSEaLA52t6OkRKDCmo= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/main.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints-require-basic-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints-require-basic-constraints.test new file mode 100644 index 0000000000..77ad41b03b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints-require-basic-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS_REQUIRE_BASIC_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Does not have Basic Constraints + diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints.test new file mode 100644 index 0000000000..14a6e03b0a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-require-basic-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-require-basic-constraints.test new file mode 100644 index 0000000000..6d30ae35c9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-require-basic-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_REQUIRE_BASIC_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/chain.pem b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/chain.pem new file mode 100644 index 0000000000..fb858e4dbb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/chain.pem @@ -0,0 +1,266 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the root keyUsage extension is present but does not +contain keyCertSign. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4d:9c:b5:b6:68:93:5e:c6:e1:a7:65:67:49:b3:e4:0e:bd:5e:63:b4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b1:1c:a4:b9:20:81:72:4b:f5:2c:50:7e:3f:1a: + 85:27:5b:2d:50:7c:e5:36:fd:9c:ac:26:a0:7d:b7: + 94:d5:6b:fd:c3:46:1a:dc:4d:10:45:98:cc:87:8d: + af:fc:0e:bc:c9:b2:61:4b:8c:c2:9b:c8:da:7b:05: + b3:3b:e0:21:95:a5:9c:01:72:34:48:3d:e4:44:f2: + e7:b6:6b:58:f4:8d:60:92:c8:91:29:41:23:29:23: + fd:da:62:d0:c3:78:92:5f:01:09:55:2e:3a:a2:b3: + 2c:2d:c5:cd:79:26:7a:66:bc:e3:a5:17:51:ae:b7: + 29:50:75:10:6f:2c:55:a9:79:04:21:05:3b:14:32: + 65:7c:3a:2c:33:ea:6b:72:20:f1:87:31:f2:8f:27: + 69:4f:50:1d:c2:18:36:8e:b8:6d:c4:b8:0b:7a:23: + 87:e1:48:84:ec:44:98:77:df:a7:7a:06:37:4d:42: + 33:40:e2:b2:c9:67:2f:94:20:69:5c:6d:30:1a:b8: + c5:60:9e:32:6e:4d:b2:85:de:94:b9:86:50:f9:0c: + 72:06:34:bb:f0:4a:fc:cd:c8:89:7b:eb:69:e5:64: + e8:55:4c:12:79:cc:81:88:26:f6:59:22:d5:60:8c: + 36:4f:96:30:e2:ea:f4:10:dc:82:08:d2:3b:e2:05: + 13:77 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A9:6C:19:42:95:E3:95:C7:FF:D2:0F:BD:2C:E9:43:1F:2E:09:A2:C7 + X509v3 Authority Key Identifier: + 5E:60:7B:07:9D:3D:65:C3:D3:DE:FB:C8:28:BE:34:22:10:C9:C4:A2 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 14:bf:fa:03:43:bd:68:2c:77:55:2b:4a:49:ed:1b:71:4d:50: + 0c:91:f8:c0:2c:db:66:d8:a9:45:86:25:f6:cf:3a:db:94:e9: + c2:c9:76:3f:c1:b3:1f:58:08:e8:05:d2:2f:de:82:35:ad:87: + 56:c7:a8:d9:2c:e4:1a:a9:3f:91:52:cc:82:1b:2d:6d:83:99: + 7e:2a:0f:90:93:a7:d3:09:a6:53:49:bc:d2:73:08:73:77:9c: + 5d:d8:7b:3e:ae:42:e3:2d:d5:89:1c:45:de:06:3d:99:a9:e8: + 63:f9:27:f7:01:1c:aa:85:00:1e:37:11:8d:4b:c0:a0:b4:fe: + 16:30:6f:da:88:8e:a9:34:33:9b:9d:6c:d7:f2:c8:e6:86:9d: + f4:07:60:7e:86:fc:fb:4a:22:a4:cf:84:95:dc:da:cd:35:46: + 71:d3:d3:71:e2:50:0b:a9:8c:25:1e:dc:13:9d:f6:e2:90:fa: + dd:64:a2:d4:d8:04:fd:64:eb:77:c7:87:88:b5:1a:90:0b:d1: + e3:5f:5c:94:3a:8d:3b:6b:ad:f7:9c:27:8f:dd:a2:b7:de:64: + fb:2f:c1:8e:b0:49:88:30:e8:2e:c9:49:26:a2:ad:3f:f8:b5: + 4c:7a:d0:42:33:18:ae:fc:c1:29:66:8a:3d:7b:88:83:48:f6: + 77:c0:02:d1 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUTZy1tmiTXsbhp2VnSbPkDr1eY7QwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAsRykuSCBckv1LFB+PxqFJ1stUHzlNv2crCagfbeU1Wv9 +w0Ya3E0QRZjMh42v/A68ybJhS4zCm8jaewWzO+AhlaWcAXI0SD3kRPLntmtY9I1g +ksiRKUEjKSP92mLQw3iSXwEJVS46orMsLcXNeSZ6ZrzjpRdRrrcpUHUQbyxVqXkE +IQU7FDJlfDosM+prciDxhzHyjydpT1Adwhg2jrhtxLgLeiOH4UiE7ESYd9+negY3 +TUIzQOKyyWcvlCBpXG0wGrjFYJ4ybk2yhd6UuYZQ+QxyBjS78Er8zciJe+tp5WTo +VUwSecyBiCb2WSLVYIw2T5Yw4ur0ENyCCNI74gUTdwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBSpbBlCleOVx//SD70s6UMfLgmixzAfBgNVHSMEGDAWgBReYHsHnT1lw9Pe ++8govjQiEMnEojA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBABS/+gNDvWgsd1UrSkntG3FNUAyR+MAs22bYqUWGJfbPOtuU6cLJdj/Bsx9Y +COgF0i/egjWth1bHqNks5BqpP5FSzIIbLW2DmX4qD5CTp9MJplNJvNJzCHN3nF3Y +ez6uQuMt1YkcRd4GPZmp6GP5J/cBHKqFAB43EY1LwKC0/hYwb9qIjqk0M5udbNfy +yOaGnfQHYH6G/PtKIqTPhJXc2s01RnHT03HiUAupjCUe3BOd9uKQ+t1kotTYBP1k +63fHh4i1GpAL0eNfXJQ6jTtrrfecJ4/dorfeZPsvwY6wSYgw6C7JSSairT/4tUx6 +0EIzGK78wSlmij17iINI9nfAAtE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 54:e3:4d:7d:5e:fd:13:7b:9f:32:55:f3:77:55:e6:39:52:6f:ef:40 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9c:38:da:61:b8:ad:0d:aa:de:44:df:52:78:01: + 82:89:fb:5f:bd:fc:a9:79:d0:8d:10:5c:3c:4e:b7: + b5:43:36:bc:05:3a:0c:4e:54:88:00:45:fb:33:25: + ca:cf:3a:aa:ad:a4:de:d2:2e:c1:53:44:b8:f5:58: + e7:27:19:5a:70:34:71:c7:4d:77:1f:53:f2:66:b9: + 79:e8:c2:10:8c:2f:5d:19:17:7e:e3:26:7e:0c:5d: + 8e:ae:85:01:f7:05:ac:ce:18:5d:7c:a4:fa:fc:38: + e6:18:63:a5:4c:d0:a3:cb:a3:e6:47:ad:5f:ec:32: + fc:11:02:87:cb:fa:87:c9:38:aa:b8:b2:7e:98:99: + 1b:4e:f3:01:fc:48:6a:60:a5:29:80:3c:0c:50:23: + 3a:ae:0a:a6:d4:29:69:1e:15:34:ed:93:31:fb:30: + d4:d6:23:59:94:89:fa:99:b4:16:d8:04:63:d0:c3: + a9:2d:be:ff:6a:84:c7:54:bb:e8:eb:bd:16:5b:88: + 33:10:1b:6e:20:4f:60:49:56:09:86:dc:95:fc:c5: + d9:2c:de:03:32:88:fc:3a:84:06:48:92:10:7c:2d: + b9:6a:25:fd:93:c0:51:75:bd:54:e7:ba:0b:bb:d8: + b3:f5:60:55:9e:c7:06:70:fd:f3:f0:13:8e:a8:33: + 17:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5E:60:7B:07:9D:3D:65:C3:D3:DE:FB:C8:28:BE:34:22:10:C9:C4:A2 + X509v3 Authority Key Identifier: + 20:1D:40:05:AB:57:09:3B:3A:83:BE:19:65:15:EB:74:EF:0C:0D:D7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 12:3c:5d:46:a3:a4:11:4c:f6:d7:cc:92:61:b0:fd:ec:b6:12: + 37:3f:52:43:39:5e:8b:ff:5f:a9:09:3e:3b:3a:e4:c9:ec:59: + 00:8d:08:12:f9:b5:bd:8b:f4:41:dd:ff:d4:5c:5f:58:e7:e7: + 8c:a9:96:60:f0:78:27:7c:ca:da:24:67:93:ff:72:58:50:6b: + 8c:f2:11:da:8b:27:1b:68:9a:e0:9d:59:78:64:0d:d1:c4:c2: + 72:5f:9f:ef:32:d6:65:10:38:62:54:97:d5:03:cf:c4:a5:34: + f6:d2:d0:dd:b4:fc:08:49:2d:43:55:7c:2d:43:a1:1c:30:65: + b2:30:f8:5a:0a:ce:e8:1e:ad:c0:41:2d:d3:a2:64:76:3b:e8: + 82:3a:5b:93:f3:e8:84:de:7e:20:8d:05:06:2b:82:fd:6d:7c: + 35:6a:04:05:c0:6c:1b:91:6d:db:b3:a7:a5:35:42:9f:af:69: + 22:81:a9:f7:58:1c:fc:f1:31:54:26:f6:c5:b9:67:d0:da:eb: + 01:bd:69:10:de:ea:d3:95:29:ab:f2:59:8d:62:b9:01:b2:32: + 75:b7:47:3c:39:51:5d:be:46:48:da:19:f2:a8:61:8c:5f:cf: + 9c:a9:c9:92:a8:4e:ef:5c:8a:3f:73:fd:38:91:c2:90:33:c6: + 60:8e:67:22 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUVONNfV79E3ufMlXzd1XmOVJv70AwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJw42mG4rQ2q3kTfUngBgon7X738qXnQjRBcPE63tUM2vAU6 +DE5UiABF+zMlys86qq2k3tIuwVNEuPVY5ycZWnA0ccdNdx9T8ma5eejCEIwvXRkX +fuMmfgxdjq6FAfcFrM4YXXyk+vw45hhjpUzQo8uj5ketX+wy/BECh8v6h8k4qriy +fpiZG07zAfxIamClKYA8DFAjOq4KptQpaR4VNO2TMfsw1NYjWZSJ+pm0FtgEY9DD +qS2+/2qEx1S76Ou9FluIMxAbbiBPYElWCYbclfzF2SzeAzKI/DqEBkiSEHwtuWol +/ZPAUXW9VOe6C7vYs/VgVZ7HBnD98/ATjqgzF/8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUXmB7B509ZcPT3vvIKL40IhDJxKIwHwYDVR0jBBgwFoAUIB1ABatXCTs6g74Z +ZRXrdO8MDdcwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQASPF1Go6QRTPbXzJJhsP3sthI3P1JDOV6L/1+p +CT47OuTJ7FkAjQgS+bW9i/RB3f/UXF9Y5+eMqZZg8HgnfMraJGeT/3JYUGuM8hHa +iycbaJrgnVl4ZA3RxMJyX5/vMtZlEDhiVJfVA8/EpTT20tDdtPwISS1DVXwtQ6Ec +MGWyMPhaCs7oHq3AQS3TomR2O+iCOluT8+iE3n4gjQUGK4L9bXw1agQFwGwbkW3b +s6elNUKfr2kigan3WBz88TFUJvbFuWfQ2usBvWkQ3urTlSmr8lmNYrkBsjJ1t0c8 +OVFdvkZI2hnyqGGMX8+cqcmSqE7vXIo/c/04kcKQM8Zgjmci +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 54:e3:4d:7d:5e:fd:13:7b:9f:32:55:f3:77:55:e6:39:52:6f:ef:3f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9d:78:55:f3:0c:19:87:95:61:61:db:6c:07:71: + bb:94:fd:a5:8d:cc:a7:b2:d6:0a:36:85:0a:07:1c: + 6b:e2:06:63:06:2b:ca:c6:ac:a8:fe:9b:02:f4:c0: + bc:cf:12:cd:49:18:2c:90:35:55:16:a1:2b:49:77: + 0a:a3:e2:04:22:e8:2c:58:21:7c:f4:b6:bd:19:61: + c6:50:4f:a8:0f:b1:e9:96:e7:fc:f6:1d:bb:ad:58: + 69:25:e9:db:6d:91:cc:61:2b:e5:93:9d:a9:37:c3: + f3:29:74:58:cd:b9:85:48:b8:ca:49:14:7b:18:54: + ee:c5:c7:18:98:48:91:f8:c2:c2:ec:15:67:27:bf: + a6:1b:29:25:97:67:ce:07:25:13:56:1a:b0:42:c8: + 1d:1b:33:49:83:f4:da:67:52:79:22:3c:0d:9f:0c: + e5:91:87:5f:fe:f6:43:70:bc:2f:68:c8:d6:37:8f: + cf:97:7b:c9:d6:3f:9e:06:c6:b0:ea:20:b6:7f:b0: + 33:a0:0f:5b:05:2a:1a:02:b9:22:80:d8:1a:bb:dc: + 81:db:68:cb:d7:c1:99:6e:34:f7:f5:b2:72:94:94: + c4:0e:04:8c:6d:b7:5f:6b:bb:c5:3f:6b:50:08:42: + 9a:cc:5f:41:96:ff:a2:fd:67:37:38:77:6f:d3:f4: + 2c:93 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 20:1D:40:05:AB:57:09:3B:3A:83:BE:19:65:15:EB:74:EF:0C:0D:D7 + X509v3 Authority Key Identifier: + 20:1D:40:05:AB:57:09:3B:3A:83:BE:19:65:15:EB:74:EF:0C:0D:D7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 24:3d:9b:fe:64:91:03:db:33:58:d3:74:2a:57:a5:82:48:28: + 80:2e:57:82:09:ff:3d:6e:1a:f4:2d:c3:ee:90:9b:07:88:1d: + 25:97:65:5b:ef:90:54:b4:61:86:4c:15:5e:1a:a5:ee:d4:41: + af:6f:0a:2b:4e:b0:75:bd:d8:2c:8e:20:e9:6f:7a:d1:1b:4a: + b6:2d:c6:60:be:cb:56:7d:f1:c3:06:03:cd:c4:23:25:1f:09: + f5:44:d1:7c:9e:48:29:b4:a6:a7:55:40:f7:11:05:dc:45:5c: + 45:3f:2d:a6:23:54:e7:74:a8:d8:a3:81:23:00:77:64:9c:d3: + 1e:f1:f1:33:b6:a5:21:8e:af:a9:14:f5:37:6a:e3:6f:82:9f: + 65:6d:ab:de:0a:a5:29:62:d9:01:57:bf:69:48:c9:93:be:c2: + 2d:4b:e6:ed:0e:1e:e5:d8:fe:9c:8b:fc:36:09:08:45:f8:31: + 45:21:22:0b:62:c3:61:82:8f:65:bb:01:14:37:c2:b0:31:2f: + a2:40:b9:91:21:54:50:b6:24:39:6b:c1:a5:90:3f:b4:77:9c: + 13:d7:0a:dc:3d:85:ef:77:fa:53:6b:fc:cf:8a:3e:45:db:5c: + 8b:4b:6b:a5:d8:ee:0b:19:f2:c1:a3:02:e0:ba:36:43:c8:e8: + 8b:c8:9a:2f +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUVONNfV79E3ufMlXzd1XmOVJv7z8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCdeFXzDBmHlWFh22wHcbuU/aWNzKey1go2hQoHHGviBmMGK8rGrKj+mwL0 +wLzPEs1JGCyQNVUWoStJdwqj4gQi6CxYIXz0tr0ZYcZQT6gPsemW5/z2HbutWGkl +6dttkcxhK+WTnak3w/MpdFjNuYVIuMpJFHsYVO7FxxiYSJH4wsLsFWcnv6YbKSWX +Z84HJRNWGrBCyB0bM0mD9NpnUnkiPA2fDOWRh1/+9kNwvC9oyNY3j8+Xe8nWP54G +xrDqILZ/sDOgD1sFKhoCuSKA2Bq73IHbaMvXwZluNPf1snKUlMQOBIxtt19ru8U/ +a1AIQprMX0GW/6L9Zzc4d2/T9CyTAgMBAAGjgcswgcgwHQYDVR0OBBYEFCAdQAWr +Vwk7OoO+GWUV63TvDA3XMB8GA1UdIwQYMBaAFCAdQAWrVwk7OoO+GWUV63TvDA3X +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCBaAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAJD2b/mSRA9szWNN0KlelgkgogC5Xggn/PW4a9C3D7pCbB4gd +JZdlW++QVLRhhkwVXhql7tRBr28KK06wdb3YLI4g6W960RtKti3GYL7LVn3xwwYD +zcQjJR8J9UTRfJ5IKbSmp1VA9xEF3EVcRT8tpiNU53So2KOBIwB3ZJzTHvHxM7al +IY6vqRT1N2rjb4KfZW2r3gqlKWLZAVe/aUjJk77CLUvm7Q4e5dj+nIv8NgkIRfgx +RSEiC2LDYYKPZbsBFDfCsDEvokC5kSFUULYkOWvBpZA/tHecE9cK3D2F73f6U2v8 +z4o+Rdtci0trpdjuCxnywaMC4Lo2Q8joi8iaLw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/generate-chains.py new file mode 100755 index 0000000000..693a2e12bb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python3 +# Copyright 2022 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the root keyUsage extension is present but does not +contain keyCertSign.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate without keyCertSign. +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('keyUsage', + 'critical,digitalSignature,keyEncipherment') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Intermediate.key new file mode 100644 index 0000000000..c59282d550 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcONphuK0Nqt5E +31J4AYKJ+1+9/Kl50I0QXDxOt7VDNrwFOgxOVIgARfszJcrPOqqtpN7SLsFTRLj1 +WOcnGVpwNHHHTXcfU/JmuXnowhCML10ZF37jJn4MXY6uhQH3BazOGF18pPr8OOYY +Y6VM0KPLo+ZHrV/sMvwRAofL+ofJOKq4sn6YmRtO8wH8SGpgpSmAPAxQIzquCqbU +KWkeFTTtkzH7MNTWI1mUifqZtBbYBGPQw6ktvv9qhMdUu+jrvRZbiDMQG24gT2BJ +VgmG3JX8xdks3gMyiPw6hAZIkhB8LblqJf2TwFF1vVTnugu72LP1YFWexwZw/fPw +E46oMxf/AgMBAAECggEAB0L0EU3HXkn4E4utgCsfZiPunKl1atZt8C0K/crq3IlB +rraDiVKP92WvwJfI0d6GveD0UIdgcIS4889iZnFc84RxWeCSbgmo/1H7+WNBgXQ9 +wUntZntmdlNIK6y+dvAaSuj1oExLTe6kV2bhiwZs6EbU9rXEeyyyUph9BApZrHM1 +jwTbVsDRqq26gJq889SvvfIN2kwUaptFe9sAu7VNRlTU5XUVSEVwjaGs5ddDUKVT +TYHSPMBCRQMbgXxp3pBJAlBmSxRd+T2zsEOIPuUE/an3kyNSGXl7H+SBizNnqqsw +vkmq/e8yWnQW6niDJkdxm4Y8PetzdEl3zSZ43v5duQKBgQDAfN327WDp4Qyq0E3H +VnRzKJA/21eau9tHqO20lKccAH1E8YQAdNsA2pannU0z10vcKifT9Z32VqtjBNxQ +iOBah1q0EeKZL9oemmlc7MMpA8Ps3ddJuYgkt7wb/2PjnfHWXL+zfl0CC/nhAq8c +qMd9PLp22RkfaTvFBEcCFRYJdwKBgQDPxK6f678E9Rs1mtpt6iTZP5yfMJ9T/Jkh +4P8h/CDcaKKoyMz+0nx0mokIUXmn38RKeDf3/u8oe/9VL55etsSZy02BQWD4tFlP +3xv18DBpLPZbPqO5/FZDz43RWgiyoYm+4GOElMEhI3R+pXM0WtOS/vL8HPF6cZeR +xYOneBwHuQKBgB7+vFs7pCRk+b4zpqKXmE7G1FuD/VpML6YdXJF8cmA+7+z/Gutb +5bwAdsvst3bGj0+XdixaW6JEGHrsWHGbaM0LCJ8AVkWmf+/3m0m8Ujyzf4QPwM/9 +UR/geijj+fi4AS4sZy4HBgEDXqxN21a5Es5mzfu/P51gO6Cg7LI4JQFHAoGAcOiC +uXekzC3jRoNL1tWahtFR7RTAUSUBlu6t16srtHvMgYr2FDkQ11EvzOxx/2/UPWAN +kmDhWQ/hl0qUdwY92xInoWmFKELiEky95i5MMKv1iWqGEUl3G8zMVgvmlCTDNY69 +pkwslDSvVy/UZoxBVC3moGmeNRtL8jTzMexM10kCgYANE5y/x9O+dNCDaUd6lcR3 +eV54CEGgWliifpKNVmeZfUy0zjx3pOiUaDjvLwtKtYnNvvpNlxq0weMRRqqb3isx +R/HgGuqX5rdz9bz6pP7n2sqQ67Y/bN7HD8F+B3gn2UmjekscEW7p31sgPNtfa0+u +zONbHBAlP5YbWROTvuw6Wg== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Root.key new file mode 100644 index 0000000000..f92bfb36b0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCdeFXzDBmHlWFh +22wHcbuU/aWNzKey1go2hQoHHGviBmMGK8rGrKj+mwL0wLzPEs1JGCyQNVUWoStJ +dwqj4gQi6CxYIXz0tr0ZYcZQT6gPsemW5/z2HbutWGkl6dttkcxhK+WTnak3w/Mp +dFjNuYVIuMpJFHsYVO7FxxiYSJH4wsLsFWcnv6YbKSWXZ84HJRNWGrBCyB0bM0mD +9NpnUnkiPA2fDOWRh1/+9kNwvC9oyNY3j8+Xe8nWP54GxrDqILZ/sDOgD1sFKhoC +uSKA2Bq73IHbaMvXwZluNPf1snKUlMQOBIxtt19ru8U/a1AIQprMX0GW/6L9Zzc4 +d2/T9CyTAgMBAAECggEAOd1W5B2dogOECfQaEfA6qIi+lclPFHnvvdIMecl5YVDM +gZ+E/5XB8fFfWDYdC5DSq9n8wi8+6bZm1DOwzsEGmRcs+GOx6bDe8x1JRQjIbqAH +gMMV4xDQ/uV+mgaB8hUB//EkBycH4CyaxbBx04MpVaxF9S3X//xx026SfJ8qOLkx +VLGP2sIeOexuv7luEnRFCXLFLaEocZ0O6F55E3q4scl2iVs4QumE6PVHoz+TNkIv +jT5JFnxYAdpkmJZAne2T9cIJjBz4pUHlwhK5eIXzUEirJIT3Dfx5xkSjY+4rOiAU +Q0KtadzjTTCqMQpbp3lS9hFLd2xoLtW+C90kDzVoOQKBgQDNDAN1CoN2xcT4Wcwl +QfPrjzE8uh2Xb2kF9jjeoVx4Z+F40AebkrwVmsSP3DM3j3sI8ijHfDsu1/HsF421 +7WHDnRqsojTAY2hFLYFOJZikK4288wwE5RPLbXz6FqYxsyqDlPOYMgt0GDuMZrFU +Aw0Y5WjYAu0yz+DsyjQ0pMXFeQKBgQDEmbys+k9jbRF3mh7Ai7jP04rlHijH200p +u91xQKwFSGnErvEINvSUc6NAYDzk4u+WzDs8woi4ZOrK/Ayn6+vxJLxCn1NI/BjJ +H8XMuKvt6pAeX8ZYGPfjendq1E+RKVMYZifnEpPd6P4gY8oOHVbx91SJWB6U/MUy +HlUs99X7awKBgQC6Ux1dIMWfi01WpDrW7FybhE4osbMsJggYa8r3u0eM/lCr+NXA +8BDLzQyq8Vz1MwOJeIvH4kLhaUej0y9pzyEUoVFY6DjpTiu1GQm0GoPfQtiUh4M3 +e3aGV6LGmwhAh1+tnA/TED7KKy8JgVPIVNF0+xpPmDE1CCOK6J+R6tzweQKBgDk6 +Wy6rClLx28TJ6yu3QEvW0zaQieRrVNHSKsqdvbUn+AnVtrnibV2NL7c8jF1AJefq +eU/dfLjYP3Ro3DJBPYQLYnWuNSsonvpksko+c2WlAuCklnLsibQA4SQKu0KRGewf +SHw97ycIfHjnM1jad4Wlrkjwiq5pyekl5TtaxUITAoGAclnWjbVoNGwd+MKtKlHA +gYyVqTEDoMeaHOg+SkNE00BHpUG8XcdYBlUR56XWRHBWxRn3AotBeVUjJYe385y2 +2wBXEYZ6tBkWK9YYy3w5CylUNXIAz03itb+xGZ/r1ZpEdYGta9yDUfRoLJ2Y6Eej +xy1t92XPwm6o9yqrpa8KqwM= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Target.key new file mode 100644 index 0000000000..908f58cf8c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxHKS5IIFyS/Us +UH4/GoUnWy1QfOU2/ZysJqB9t5TVa/3DRhrcTRBFmMyHja/8DrzJsmFLjMKbyNp7 +BbM74CGVpZwBcjRIPeRE8ue2a1j0jWCSyJEpQSMpI/3aYtDDeJJfAQlVLjqisywt +xc15JnpmvOOlF1GutylQdRBvLFWpeQQhBTsUMmV8Oiwz6mtyIPGHMfKPJ2lPUB3C +GDaOuG3EuAt6I4fhSITsRJh336d6BjdNQjNA4rLJZy+UIGlcbTAauMVgnjJuTbKF +3pS5hlD5DHIGNLvwSvzNyIl762nlZOhVTBJ5zIGIJvZZItVgjDZPljDi6vQQ3III +0jviBRN3AgMBAAECggEAHvw1X0PuEZpzUqTkaVLQ78E2TMoE6dl1svJxCn13Ft11 +QFf/9AGxcpOYWLCzlKPZaGoCNo7yLwH1IyesozGDfqRCBki+F9NoH53lZtch8WrY +deWL680/AwAOdcnq3v+1j9RlFxdm37b76CgeWe8e4+Fw7B2Hx0q4+h/415JIjETa +OWUkhe77FaA1DUOjrgfv9jhLag/3OLzO9Ae/sFJIoYACVB5lbOPjBGy6bpXfDgOC +ppgn4NsUnkG/ouTm1c1SfgCxpYdpGZ9tQ08IqjuFwupd2dfBUb8mKnYf2gs5nnmt +IWxi+656pnaGhmUjJLFaQ4y8f31tSpudWddukzQWBQKBgQC+dDV4hvY0aL52eL+P +JKpYkAAWjXikg6KGYFQEl1MDIMhUQtWgxgfLU5uLD4ljST5qos6cWfO/ZWrriAAE +Na5ooT4l5wVwgaRLeqwU4+06fpGsuXFvutkDdULdR8evJfwsSQyDUHlu3fWwLcaB +irvbc/CVYIvIzg7orD/1GGAzkwKBgQDuEPGcXo8EN5HYD5LXtd2eT0LhouowHv5p +9aDKG1g4zFubkkB13UZgQXE5ivA5ll7pJIWv0dh9UDeSK1noE8vpniMd4+uxAqdw +sf2pPES43su24e7SfQpJEJ63sAYhWdJrzJ/qyxzroxO+65D8ozgUdeBlR/ECHCUA +m0i1RibXDQKBgQCbDKyDZQyHekak2ITLGkR8OS95LM9sz6W+1ClSW4e/Yi71OjwE +2XN6+qQEwC9PX0+rLMQb0bd4uC4ldeDdjH5iu/KGlN9+ymxg7outrilxl50tCwPo +vCr0f8BhuZA9bSUxQH8pYJibw6PDPGEBEVsCvA6+7Yyfe/HzRlgDR0b6dQKBgG9+ +Zflq26YI9HfxCz+VQB6VVmhgKTeyPEqZq90bo1yucLTScPgCUqRf4cwmQs1lnDuq +TCYErFQ8DlqZjPjA1L4rvpyQEuEKsip4YakxvamrRlL3SycvQnLnor26ZZSXAZJU ++gw3ZesBrAy9PGDlfC0w64/jen8XeUjocMvc9/G9AoGAUd3EFeCC1bCHDrzzYtEY +54WY1dV7zT3ePOFpVEZ0KHe4kgszdGHC/olRmmyxnsv+gyOuJ38uEH85WQ93Uxvu +gPp4xRUGmRMc40qKW8DKQhQru1p7I92D2Nplf65Uh7XR8AKc8fvzoowB3q95UzjC +lkPYeGUpv6L/Tt1IEy87iP8= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/main.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/ta-with-constraints.test new file mode 100644 index 0000000000..4ddcdb72aa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/root-lacks-keycertsign-key-usage/ta-with-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: keyCertSign bit is not set + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/chain.pem new file mode 100644 index 0000000000..54c69295ae --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Simple certificate chain for a serverAuth which is comprised of a root, +intermediate, and leaf certificate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 36:ca:7f:6d:80:1b:f8:bd:48:70:cd:9e:69:48:89:43:5e:d7:40:41 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ca:19:b1:9d:8f:85:f5:a4:a8:8a:0d:d3:7f:f3: + 67:67:b1:d1:db:3d:69:8c:fa:bb:53:58:28:50:14: + 2f:06:aa:7e:f5:c6:06:4d:7d:76:9f:ee:33:d8:c8: + 6c:16:e8:65:df:d0:c0:9a:62:49:60:2a:d9:53:b6: + 6d:c6:27:32:13:58:b2:c3:64:63:61:bf:6b:40:ea: + 24:9c:a6:15:ae:2b:38:e7:70:58:12:46:92:5f:a5: + 70:6c:ea:50:3c:7b:9b:33:50:54:93:a4:9c:41:e0: + 40:7e:18:87:8a:52:d5:1d:66:f3:f0:f7:54:3f:55: + 61:f5:66:1c:a6:0d:73:57:a3:78:1a:4c:99:7d:77: + e0:aa:c5:c5:5e:49:21:35:4e:47:3d:61:7d:43:9b: + e0:94:28:b7:65:4d:cf:7e:52:2c:2a:b3:93:94:8b: + 0f:04:f6:45:20:83:97:b7:a4:dd:ef:8d:1f:c7:c5: + 29:d4:55:9f:a3:90:38:14:46:f6:7e:13:9e:99:6d: + 41:b0:c4:00:69:58:e6:7f:ac:a5:0a:e4:ad:c8:e3: + c1:a1:2a:a1:77:83:e9:f0:d1:c2:5b:48:10:33:59: + 4e:8d:0e:d7:01:0a:3c:11:e0:bf:cf:e8:2f:47:4b: + f6:d6:95:4d:c0:73:a7:b5:21:a4:0a:98:dc:fa:9b: + 0d:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4A:80:F9:C0:2F:58:C5:F9:EB:98:BA:65:70:D0:81:0A:DA:16:C3:E0 + X509v3 Authority Key Identifier: + keyid:F3:3D:8D:B6:D6:56:60:17:BC:E3:79:08:BF:E8:D0:61:78:8E:0C:00 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 62:69:d8:82:46:7f:68:d7:c5:22:3c:f1:5f:7f:35:b5:1e:f1: + 5e:5c:d1:60:6e:12:2d:e9:5d:ce:d6:06:c9:71:c7:ad:0f:f9: + ed:b2:9c:3a:8c:6f:23:9d:23:7b:22:27:d3:9a:ae:2d:67:93: + 3f:ab:c1:29:94:c1:bd:ae:d9:1a:72:b9:6f:a9:b6:49:36:fb: + ec:33:82:f4:55:81:b1:a7:0c:bc:92:5e:ca:0b:b7:c8:a7:1d: + 22:13:4a:e6:f9:03:dc:e9:fa:f2:b4:b8:93:ea:de:c6:8e:4b: + 3c:9e:2a:07:9a:03:08:b2:44:fd:40:cb:33:85:d4:75:e0:76: + 8d:b1:ae:ce:6e:63:9d:47:7f:be:dd:c7:33:87:ec:cc:c7:c4: + 86:46:07:fe:9f:c9:b4:6e:d3:0f:44:88:88:23:65:72:fa:ad: + f8:31:99:e3:3c:93:72:fe:86:5f:33:4a:70:e8:b2:f1:d7:25: + be:65:0c:c3:53:f1:81:7d:fa:8d:62:db:67:6c:76:42:5d:3f: + 28:44:5b:47:7f:b4:75:84:a0:48:af:fc:e0:c2:62:61:cd:b4: + 8e:41:e1:af:35:49:15:51:60:cc:0b:f9:38:65:f4:7c:db:b3: + 6d:0d:9d:11:c3:70:fe:79:1d:dd:1e:f9:ac:46:54:b1:75:00: + 60:47:67:c9 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUNsp/bYAb+L1IcM2eaUiJQ17XQEEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyhmxnY+F9aSoig3Tf/NnZ7HR2z1pjPq7U1goUBQvBqp+ +9cYGTX12n+4z2MhsFuhl39DAmmJJYCrZU7ZtxicyE1iyw2RjYb9rQOoknKYVris4 +53BYEkaSX6VwbOpQPHubM1BUk6ScQeBAfhiHilLVHWbz8PdUP1Vh9WYcpg1zV6N4 +GkyZfXfgqsXFXkkhNU5HPWF9Q5vglCi3ZU3PflIsKrOTlIsPBPZFIIOXt6Td740f +x8Up1FWfo5A4FEb2fhOemW1BsMQAaVjmf6ylCuStyOPBoSqhd4Pp8NHCW0gQM1lO +jQ7XAQo8EeC/z+gvR0v21pVNwHOntSGkCpjc+psNhwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBRKgPnAL1jF+euYumVw0IEK2hbD4DAfBgNVHSMEGDAWgBTzPY221lZgF7zj +eQi/6NBheI4MADA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAGJp2IJGf2jXxSI88V9/NbUe8V5c0WBuEi3pXc7WBslxx60P+e2ynDqMbyOd +I3siJ9Oari1nkz+rwSmUwb2u2RpyuW+ptkk2++wzgvRVgbGnDLySXsoLt8inHSIT +Sub5A9zp+vK0uJPq3saOSzyeKgeaAwiyRP1AyzOF1HXgdo2xrs5uY51Hf77dxzOH +7MzHxIZGB/6fybRu0w9EiIgjZXL6rfgxmeM8k3L+hl8zSnDosvHXJb5lDMNT8YF9 ++o1i22dsdkJdPyhEW0d/tHWEoEiv/ODCYmHNtI5B4a81SRVRYMwL+Thl9Hzbs20N +nRHDcP55Hd0e+axGVLF1AGBHZ8k= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:35:7f:72:00:4e:18:f5:81:03:33:ce:54:3c:48:8b:a6:7d:a0:8c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bc:ef:ca:8a:95:3f:19:1b:19:eb:4e:fe:3d:fe: + 02:be:20:db:89:a3:06:b7:99:d8:af:c7:9a:a9:4d: + b8:82:5d:6a:06:66:fd:4d:b0:c9:f6:07:27:96:bd: + 31:1c:77:f4:04:ba:fe:d4:25:46:02:9a:8a:88:bd: + e7:c3:dc:61:0a:78:26:db:b6:9e:ff:43:cd:ed:ea: + c0:67:f0:3d:e3:f5:d9:5a:ec:db:ac:ef:06:2d:6e: + 37:fc:8d:c5:d3:a0:b0:d4:60:4e:0d:f8:ab:fa:68: + 1a:36:2b:ce:bb:91:14:3b:0e:16:1c:0b:c9:c4:46: + e7:c2:1a:86:cc:ad:07:68:eb:cb:6e:93:37:cc:1a: + cc:59:de:9a:12:ec:3c:0f:eb:bf:8c:f7:76:0f:7e: + f5:89:f9:85:0c:21:95:af:ac:3c:a2:9d:9e:ba:d3: + 06:aa:50:2d:25:c0:02:a8:a5:97:cf:7a:b3:ad:78: + c5:30:95:be:ce:0a:26:bd:4f:e2:5f:51:c6:f0:b9: + a1:bd:24:32:07:0d:b7:1b:2c:b2:ec:c8:c8:ef:77: + 8f:ab:6f:e9:e2:66:d9:30:02:49:96:11:16:ed:e2: + e8:85:cd:48:d6:a9:b1:20:02:95:ff:1b:79:9d:6b: + 21:6b:bd:d3:27:94:19:67:b1:9f:aa:06:d6:8c:69: + 11:33 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F3:3D:8D:B6:D6:56:60:17:BC:E3:79:08:BF:E8:D0:61:78:8E:0C:00 + X509v3 Authority Key Identifier: + keyid:EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 15:dd:ed:bc:ea:4b:0d:08:d5:11:d4:d1:41:ad:be:08:2b:60: + df:b9:95:09:1e:ad:44:35:53:80:64:c6:df:72:65:3e:6b:a7: + 6f:0b:cd:f2:e5:02:d5:14:af:a3:ff:9d:af:9c:5d:fd:97:7f: + 2a:c9:e0:9b:5a:1c:80:30:28:d2:13:25:ef:4b:37:6d:86:ce: + 17:46:51:e2:3f:5d:42:7f:09:8e:cc:82:a2:05:36:e5:ba:f3: + c6:a6:8a:0b:cf:91:f7:84:8d:07:a2:0e:c2:2a:31:03:08:a3: + 25:f9:4e:ed:66:0e:84:31:b8:83:82:a2:dd:f2:70:13:83:ea: + 3e:20:6e:be:12:d6:1b:9b:22:f3:d2:a9:91:84:a6:40:fb:8c: + 51:58:04:7c:de:33:0d:02:0c:74:85:dc:9b:fa:b5:1f:59:3f: + bb:7f:ab:4a:be:ef:64:e7:95:98:31:86:f1:41:08:83:26:15: + 90:24:34:e1:68:90:b3:50:ab:d3:a3:0d:42:61:10:45:f2:77: + 5b:8f:26:9d:ee:12:84:96:17:a6:94:3b:29:3a:de:b0:59:8c: + 4f:0a:a8:00:5a:cf:3c:82:04:49:e1:24:89:ce:33:75:fd:65: + 14:2b:ce:10:59:14:ac:e0:3b:56:8f:32:fe:85:1d:8a:49:5e: + 51:a9:07:40 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMTV/cgBOGPWBAzPOVDxIi6Z9oIwwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALzvyoqVPxkbGetO/j3+Ar4g24mjBreZ2K/HmqlNuIJdagZm +/U2wyfYHJ5a9MRx39AS6/tQlRgKaioi958PcYQp4Jtu2nv9Dze3qwGfwPeP12Vrs +26zvBi1uN/yNxdOgsNRgTg34q/poGjYrzruRFDsOFhwLycRG58IahsytB2jry26T +N8wazFnemhLsPA/rv4z3dg9+9Yn5hQwhla+sPKKdnrrTBqpQLSXAAqill896s614 +xTCVvs4KJr1P4l9RxvC5ob0kMgcNtxsssuzIyO93j6tv6eJm2TACSZYRFu3i6IXN +SNapsSAClf8beZ1rIWu90yeUGWexn6oG1oxpETMCAwEAAaOByzCByDAdBgNVHQ4E +FgQU8z2NttZWYBe843kIv+jQYXiODAAwHwYDVR0jBBgwFoAU7pJIroasaOSewT3U +TDSy34pd/4wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAV3e286ksNCNUR1NFBrb4IK2DfuZUJHq1ENVOA +ZMbfcmU+a6dvC83y5QLVFK+j/52vnF39l38qyeCbWhyAMCjSEyXvSzdths4XRlHi +P11CfwmOzIKiBTbluvPGpooLz5H3hI0Hog7CKjEDCKMl+U7tZg6EMbiDgqLd8nAT +g+o+IG6+EtYbmyLz0qmRhKZA+4xRWAR83jMNAgx0hdyb+rUfWT+7f6tKvu9k55WY +MYbxQQiDJhWQJDThaJCzUKvTow1CYRBF8ndbjyad7hKElhemlDspOt6wWYxPCqgA +Ws88ggRJ4SSJzjN1/WUUK84QWRSs4DtWjzL+hR2KSV5RqQdA +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:35:7f:72:00:4e:18:f5:81:03:33:ce:54:3c:48:8b:a6:7d:a0:8b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9b:9e:4a:8e:cd:47:0e:a6:2f:17:ad:24:c7:d6: + c7:40:5f:ba:90:b2:2c:4b:57:5c:3e:f2:de:80:f6: + fd:f2:28:12:9c:92:63:4a:11:c6:bb:74:d7:ad:ec: + 3e:9d:1a:7f:0a:30:98:df:1f:a2:98:11:a6:60:6f: + 69:5f:dd:28:35:06:39:b6:e2:91:df:59:be:07:c5: + 52:57:84:a4:ae:cb:5b:9b:b3:aa:56:77:fd:00:1a: + 55:96:00:27:12:6e:d1:f6:35:ff:a3:fa:b6:0b:0e: + 2a:46:75:6b:58:27:a6:a1:43:ba:37:74:1d:28:1a: + 3d:bf:e6:f2:10:bf:2c:ce:24:67:03:4e:4e:fc:aa: + 51:22:25:f8:e5:75:5c:c3:ad:da:03:56:b4:1b:8a: + 6f:26:e5:c8:ef:43:a9:d7:81:8b:0f:b1:8b:d6:cd: + 11:e9:4c:0c:cb:a2:ab:fa:34:2a:13:aa:a4:db:83: + 9c:d8:a6:45:ec:f5:fa:d0:cd:b0:6b:7a:1b:0e:ca: + d3:31:4b:cb:53:f1:5c:82:8c:96:f7:ca:b6:40:53: + d0:24:67:27:1a:8d:1a:f7:65:c9:a1:fc:f9:f4:85: + 3c:51:3c:fc:56:87:18:bf:a3:d5:dd:de:8e:e6:3b: + 67:29:e9:fd:4b:4f:ba:1a:ff:d7:ec:f1:da:bd:56: + 48:2b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C + X509v3 Authority Key Identifier: + keyid:EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 03:b0:3d:4b:d5:ca:61:57:cb:18:5b:a2:1d:01:91:ea:e5:0c: + 00:01:c8:4f:64:76:ff:40:96:4a:80:bf:d2:98:a4:4c:13:53: + fc:dc:fd:f5:7c:f0:ba:11:00:43:69:34:97:ea:42:3b:ef:91: + 5e:48:64:c8:47:f0:4b:ca:dd:08:d6:f3:f6:7c:fc:e1:01:41: + 8b:5f:0c:f0:f9:b6:83:66:7d:1d:ec:71:90:a5:85:68:83:b0: + 84:f8:d1:ee:28:52:64:9e:f2:89:72:3a:fd:b2:3a:6c:79:6b: + c8:a4:6e:40:dd:55:68:c0:d9:d4:28:1f:6e:cc:8e:1c:d3:98: + dc:c5:04:fa:23:25:fe:1b:e5:0c:40:34:38:57:5e:f2:2a:72: + ab:af:74:08:9e:f8:16:da:a7:fe:2f:68:4b:f4:66:d7:b9:19: + 1a:71:1e:81:f6:31:29:d9:4c:a2:91:cc:cd:23:ae:9d:6e:ee: + 6f:87:65:34:82:76:b0:ab:d5:4f:1a:80:1e:f3:f4:16:41:4f: + 1d:ce:8d:b2:18:ca:d0:a7:9c:d1:ea:23:ed:7e:49:78:4e:80: + 05:e8:e7:6c:9a:45:e4:09:4a:03:cd:79:05:f9:32:3e:fb:4a: + 94:ca:8f:2f:53:7f:b6:fe:7a:33:10:cf:54:ed:f8:a7:78:a9: + c8:20:e1:a1 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMTV/cgBOGPWBAzPOVDxIi6Z9oIswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCbnkqOzUcOpi8XrSTH1sdAX7qQsixLV1w+8t6A9v3yKBKckmNKEca7dNet +7D6dGn8KMJjfH6KYEaZgb2lf3Sg1Bjm24pHfWb4HxVJXhKSuy1ubs6pWd/0AGlWW +ACcSbtH2Nf+j+rYLDipGdWtYJ6ahQ7o3dB0oGj2/5vIQvyzOJGcDTk78qlEiJfjl +dVzDrdoDVrQbim8m5cjvQ6nXgYsPsYvWzRHpTAzLoqv6NCoTqqTbg5zYpkXs9frQ +zbBrehsOytMxS8tT8VyCjJb3yrZAU9AkZycajRr3Zcmh/Pn0hTxRPPxWhxi/o9Xd +3o7mO2cp6f1LT7oa/9fs8dq9VkgrAgMBAAGjgcswgcgwHQYDVR0OBBYEFO6SSK6G +rGjknsE91Ew0st+KXf+MMB8GA1UdIwQYMBaAFO6SSK6GrGjknsE91Ew0st+KXf+M +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAA7A9S9XKYVfLGFuiHQGR6uUMAAHIT2R2/0CWSoC/0pikTBNT +/Nz99XzwuhEAQ2k0l+pCO++RXkhkyEfwS8rdCNbz9nz84QFBi18M8Pm2g2Z9Hexx +kKWFaIOwhPjR7ihSZJ7yiXI6/bI6bHlryKRuQN1VaMDZ1CgfbsyOHNOY3MUE+iMl +/hvlDEA0OFde8ipyq690CJ74Ftqn/i9oS/Rm17kZGnEegfYxKdlMopHMzSOunW7u +b4dlNIJ2sKvVTxqAHvP0FkFPHc6NshjK0Kec0eoj7X5JeE6ABejnbJpF5AlKA815 +BfkyPvtKlMqPL1N/tv56MxDPVO34p3ipyCDhoQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root-expired.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root-expired.test new file mode 100644 index 0000000000..38a8db919a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root-expired.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: DISTRUSTED +utc_time: 170302120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Distrusted by trust store + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root.test new file mode 100644 index 0000000000..50bbf04c15 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: DISTRUSTED +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Distrusted by trust store + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/generate-chains.py new file mode 100755 index 0000000000..68b15ffafb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/generate-chains.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Simple certificate chain for a serverAuth which is comprised of a root, +intermediate, and leaf certificate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Intermediate.key new file mode 100644 index 0000000000..5efa9d78fa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvO/KipU/GRsZ607+Pf4CviDbiaMGt5nYr8eaqU24gl1qBmb9 +TbDJ9gcnlr0xHHf0BLr+1CVGApqKiL3nw9xhCngm27ae/0PN7erAZ/A94/XZWuzb +rO8GLW43/I3F06Cw1GBODfir+mgaNivOu5EUOw4WHAvJxEbnwhqGzK0HaOvLbpM3 +zBrMWd6aEuw8D+u/jPd2D371ifmFDCGVr6w8op2eutMGqlAtJcACqKWXz3qzrXjF +MJW+zgomvU/iX1HG8LmhvSQyBw23Gyyy7MjI73ePq2/p4mbZMAJJlhEW7eLohc1I +1qmxIAKV/xt5nWsha73TJ5QZZ7GfqgbWjGkRMwIDAQABAoIBAB4absEJ6pXLdaPC +YEvsTu+QOKqDaSyTvKy1NvVGxuEulRgUDMP2KRekKDCiUFLi4eRnDvcqQS9lBDGp +YGYalPOgFUDopgix+vuvbZyh8JqDr3AHUTEKnIdcilsZE64WalZMSeN7/ZrWP2bm +L/g+s2R9aBRr5Gf7jC2nIFc4MngK44Ksh9/MLsBviTWYBcyOD9AUi6q8L7odWo8c +3JWhZc3/1Z4IXQS5li+AbQSM9xiNcjf8nYwZHfq0i0RoNFj07UMvtfDpP930anun +SV+xBZPUi3N6kSkCS2ylfyvUzRogLG5rpryxo9e1oPN8Afq42CkIwKu2GnaiHmwN ++g/lv2ECgYEA7X8/lk+E7cBBYp+BbaCaxuJvLZ+MgGM04Tzk44AuF8rl7HIjrsBj +APnPOnIzOgg/NoQOqmrMbockjIlN+Z7dFjB3+sCYatCOdeS+OjlNRrdGvgL7oB+g +3h01G3do3s6OUuTwKmo0vhP1bfU7zXKnsnx0uRP0hCy77QAxpFzw+isCgYEAy6gI +NHqS3XUHVQn3cnv4XDL7UesSamfn+dm+iszW26bKrnZu1u5TFt1gBlAweZd2EGvI +zFoLjhAEMxBfpCzvHq3+Drl9MkVY2fKshZKe7aEeJ7W93uE8buouBjk7yPFB46yI +EVLNr37ytihAIhKrCtyhd1NY0wrktOona81PaRkCgYBUpWvGaOUZz9H+EpeQuRMx +G3dArYLoJ3Ora4awxvimpjw4f53UJOGkcWS4kgdMAbB1/68ycgoWwrf2FuHhvAtU +Y0X/6zDnsRl1T2e1XML8F0pxYqLIOT2erI5HEdIgx0HWrZ4jn+LYdEifPi5oVRsL +9Gutoz0c9syr9cu7pxyELQKBgQCO5s8rE78uCcolT6MEAB0bhOJ4brwzUcmitblP +57/zzKt3k77ercg7yQZyJ558E11S1G7HhX+KJY7szdZueuEm4+vbJSjGN4bLF88a +wvElyOJB9vLOC7m+EjBNSae7rh4PxaaMkU+mjyt7ye6GehbuvjXGZwNywrgMgik7 +KYtJMQKBgQDjOWu5ITFCDrChbKCIKuVB1FX5M3MC8Bv86dz2zLTi9ITG5YVa+ZMK +QWLZxEOapD86DP4hKHRa3p00UpKJkSbUBKsqjVKCURStYX7X/xhCSUZQCdkasvp8 +5nT4i6lgEUOjsgIELs7rX1mHVCtEhtyK5S8K/DQrfZSXjm73qdLw2Q== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Root.key new file mode 100644 index 0000000000..64fa7df8a7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAm55Kjs1HDqYvF60kx9bHQF+6kLIsS1dcPvLegPb98igSnJJj +ShHGu3TXrew+nRp/CjCY3x+imBGmYG9pX90oNQY5tuKR31m+B8VSV4Skrstbm7Oq +Vnf9ABpVlgAnEm7R9jX/o/q2Cw4qRnVrWCemoUO6N3QdKBo9v+byEL8sziRnA05O +/KpRIiX45XVcw63aA1a0G4pvJuXI70Op14GLD7GL1s0R6UwMy6Kr+jQqE6qk24Oc +2KZF7PX60M2wa3obDsrTMUvLU/FcgoyW98q2QFPQJGcnGo0a92XJofz59IU8UTz8 +VocYv6PV3d6O5jtnKen9S0+6Gv/X7PHavVZIKwIDAQABAoIBAB9cz3noNSHmrCcB +ZiBAUPfQUzFGN1cXzCeDmwQywwtCuD2F4yzSWFL/QVhz/Ep9RI0xLh4JqiMrq3RT +/9CqKahGEOuizfNNitbWFbo9qVLw+Q1wMCwtEngq1oTckwNMAlS0nUjXBklEGZEJ +qRCjLRnjJGx4okeqwjcivDZT0RvaOdTaS3QHunNQI8icx9d2axFj/8Rjk5YVVtRU +G+TmwViDO2c5PJ1kNmLSLZc8yFMt7f2Z/ebjFC7+2D5/JzRIfnoJa0DqbUqb0yKW +OeKJO0hfzEeqzCYw1nre8020qQhz3hzlGM2pTphnIHxiGvxyYA9P8OD07oTwOxr+ +RtachgECgYEAx66h1NcLC9badax1qpTpm+ZzczNPcMIvyOGBhtGEfDkmJe/Nb9c7 +7OqaisCTktTL04qwYVIVKKOrGBhog/1RdyfL+tculpbm0WWGRW4YLG4SZi8H0ktB +/ZGTHBD7KPEYIhSjHcCgj4s5kxpCOZV6KuqsgxqsyWbpsj6CHZqIK6ECgYEAx4Iu +QR5F1Pk4Jd0J68gm9xmmSyIoO3Qy4aFQ8MPh9PUoPYovKU6sqNBGTMTSrtCohlq/ +yE0FgMsEWWQOOxgbj9nRT4vHB10xqWFg8MRnYLMvLpTxyWTTyPl8z75wjU8ngmut +JCcmBuxbg1rliFuBQ6g2zl5rv/qpc3UxhnYBgEsCgYEAhPyCHR1G5xCll99O0lew +qbq2Qw/2JVO+vVuqhx58zLrG9FccDBNdfrDUUfpljlGYmf9w7q/bFaDDLx36ZYVN +Pz1K9XlgNryzZtvlq9Hh2Z1JNbK209B5V6YfQn7wttiyyOfTptoGVPNVWeoQFwe9 +QF3gnMQkNVIL7EEDKTIk5GECgYAM6E81x0+dR8JqMLLDnl9m/THVCpCvyATCtD0Y +VpP31SSVVqtWcNCa216w+MropHdCufxOaS1B9+CAKAkDqbuewujXzKNDxrO/0Z0D +9rD5gJ481UYPUYaiKgH5Lsj5W3Wi6nR5Mk8zg3coOGlBOSpTxj5Fe7Zc5UqxPZPG +rzvJoQKBgGHdT+gEzGlKfNr49kyvWipvZahjfERPlY8G+bVP1EkPblcMSUs1C0zy +ffZQomLc+eS8cdg4hlrVPyNdvc1ShPui6B7Hf3SB6zIR3JxQLwaT2xmDVBQoYMov +jdSA5/pg6Jms2BUEAySxGWH4W+pVbsMCiwKCkSgwrRTiIDTTs4HU +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Target.key new file mode 100644 index 0000000000..718e4cce6c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyhmxnY+F9aSoig3Tf/NnZ7HR2z1pjPq7U1goUBQvBqp+9cYG +TX12n+4z2MhsFuhl39DAmmJJYCrZU7ZtxicyE1iyw2RjYb9rQOoknKYVris453BY +EkaSX6VwbOpQPHubM1BUk6ScQeBAfhiHilLVHWbz8PdUP1Vh9WYcpg1zV6N4GkyZ +fXfgqsXFXkkhNU5HPWF9Q5vglCi3ZU3PflIsKrOTlIsPBPZFIIOXt6Td740fx8Up +1FWfo5A4FEb2fhOemW1BsMQAaVjmf6ylCuStyOPBoSqhd4Pp8NHCW0gQM1lOjQ7X +AQo8EeC/z+gvR0v21pVNwHOntSGkCpjc+psNhwIDAQABAoIBAG6vdcR6V366aIf7 +nIsmDssO64VsdAN/StsRnDqHY13+QLxwcQE9pptexUyEMBa3vxu+Y83p6I/fx9j+ +P87XpqhL2tQChh+By8botZaJq7QQ/gBbWhDgT8hMfm9YQQtvEwgehcO60s2NeSTW +YF1Ukl2hBhdCDgUFyTmybBxRn4suBZLgcpGeoj4YBAI6skW/g/cqObmrO7tUYVfD +7GmrOl3HiqN2+YJXoTz+inx/au5kn2XRHuCoZA2XbAhWTH2H5VoWKv0QKuuO/SDk +WfBNiyQeY/G8AiuirLx3U9hhnfnNuUidh49lIybxxzCw9DuScizHjWQvfedvkVEk +yGPQdgkCgYEA9BMXfZPOGbjMcc1H1cFDv9v07EVcVj7sx2CauKGqgPG21sXpO63L +ohVwudMU0U42/rblTh4Sl4oNOwxlRt3bu0sTJUKUkUMcb6LnDhdhlo/HdIAfpOHD +TzPuttezEgJm2crQQJ1fqPzw32b9S+Iez1zpYRz3BzaNtaPZ6mFPDsUCgYEA0/mV +p+tlGA5HvQI9Xdn6ROq2akP1rrQmbcnZVq9LyHU4Y6HAUtBi5HTTdthNjT+erjYQ +1LPVvs0QbpJeBlsf94w08a19lUCKca9oK/9gdc6ba4TaUQM91oi8KEuBJfcQO5y+ +fz7Z+qZD9Vx4erthOMxNJFKLBsPhD9NOWmtqb9sCgYEAmbPYLC3DMbGNlfD3VuYh +OxZSM+QuFOYFiD0O0kyEqjUNtkzl5r44qXalCXCjAHgn69nTp5EKlkHKuS/CK5GV +SWoqwWEfXCcOJkNJDDevLfiXW4c/5j6CF0OWBbDqROIcUPUGllpEno/DRHx/8KSS +UHWrRovOCM3TCdsIZTAocB0CgYAfz4W49Gdwa7wyTiK9cdfP/dUwL1CwThKySSdX +jej2hTjYIs8E3obot+uAG0fQGasLg8uU0AQUpRuBLG/1zjkG4kCTwDBndI8SLnuY +lrN4GnBSe1Zz7+OYzV5HQcV42BHUkFo6KEl4BvmN2bmu2W3moyo0eDqq4jxlLpXE +lfgcHwKBgD9dJRurAcxdDKxe2M8yKWcT9iGYtJ9mAXBGWivq42Kz9VY7lOI4/nQA ++RD59/nPHl9XTk0gyhcTfWhcqJWwAC6Huk1aMJUwb/KZkSR3IrAhum/X0j+dwbkR +hYLvkysISwwQ41/7BCcpQRPTBopkfYKRq8UGY1AdD1OSuddqUR0Y +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/main.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-constraints.test new file mode 100644 index 0000000000..14a6e03b0a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-constraints.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-expiration.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-expiration.test new file mode 100644 index 0000000000..fc8361e92e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/ta-with-expiration.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_EXPIRATION +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-and-trust_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-and-trust_anchor.test new file mode 100644 index 0000000000..417d1ac5f6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-and-trust_anchor.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_OR_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-root.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-root.test new file mode 100644 index 0000000000..de20dc4821 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/trusted_leaf-root.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Certificate is not a trust anchor + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/unspecified-trust-root.test b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/unspecified-trust-root.test new file mode 100644 index 0000000000..74b713690b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-and-intermediate/unspecified-trust-root.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: UNSPECIFIED +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=2 (CN=Root) ----- +ERROR: Certificate is not a trust anchor + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/any.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/chain.pem new file mode 100644 index 0000000000..1c58925cdd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:03:c9:50:e5:17:af:40:2c:6d:22:39:a4:70:4a:21:ec:34:b6:d1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + Any Extended Key Usage + Signature Algorithm: sha256WithRSAEncryption + c7:c1:e6:af:a5:32:88:83:e4:36:26:cc:da:ff:e8:fd:a9:a7: + 04:f2:32:37:24:8c:f9:2e:18:96:6b:aa:09:3e:4d:b3:8b:5f: + fa:7d:8c:1c:f9:74:84:0b:70:67:d6:e4:14:8c:cf:01:c4:d3: + 1b:cb:d7:8e:e3:c7:ae:04:4d:93:41:8f:1f:c4:84:bf:34:79: + 39:34:c9:6a:38:95:09:d1:c6:75:52:45:a3:dd:f1:af:ea:f2: + ec:4f:ab:2d:48:d5:1f:ef:63:0b:cc:bf:f1:4d:02:68:1a:29: + f4:4a:bd:07:2a:8a:ad:d1:89:fa:9a:eb:56:24:1c:55:fd:57: + 5e:97:bc:88:64:84:06:9f:a4:43:01:ee:ca:eb:2c:f9:0a:d8: + 1c:bb:4b:96:76:09:0c:65:82:79:ac:6d:33:09:78:b5:0e:cb: + 54:98:ba:b8:db:86:aa:81:82:ec:ce:7a:fd:0a:b0:65:78:11: + c0:bb:ed:77:b6:56:b9:bc:48:45:ca:91:e2:6c:2e:54:ff:55: + c9:8b:31:8d:b7:bb:22:22:07:f7:37:03:f3:68:44:e9:59:97: + f3:fc:b1:bd:64:25:df:d4:1e:ee:2b:ca:cb:75:ef:c3:14:e2: + 3f:73:4e:f7:56:4a:eb:ba:2d:08:62:91:a7:9d:11:cf:7e:e0: + a6:5b:91:ec +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIUPgPJUOUXr0AsbSI5pHBKIew0ttEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABo4HbMIHYMB0GA1Ud +DgQWBBRaFpwGhbb0d61yWKJPof4pz5eKKzAfBgNVHSMEGDAWgBQkuZFBOfEwXvjF +O8BRzBFYphNzszA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAPBgNVHSUECDAGBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQDHweavpTKIg+Q2 +Jsza/+j9qacE8jI3JIz5LhiWa6oJPk2zi1/6fYwc+XSEC3Bn1uQUjM8BxNMby9eO +48euBE2TQY8fxIS/NHk5NMlqOJUJ0cZ1UkWj3fGv6vLsT6stSNUf72MLzL/xTQJo +Gin0Sr0HKoqt0Yn6mutWJBxV/Vdel7yIZIQGn6RDAe7K6yz5Ctgcu0uWdgkMZYJ5 +rG0zCXi1DstUmLq424aqgYLsznr9CrBleBHAu+13tla5vEhFypHibC5U/1XJizGN +t7siIgf3NwPzaETpWZfz/LG9ZCXf1B7uK8rLde/DFOI/c073Vkrrui0IYpGnnRHP +fuCmW5Hs +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:00:a4:1e:40:78:0d:7c:f5:78:ab:24:e2:16:fa:d7:7b:c1:1c:bf + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 49:eb:02:ed:2a:dd:0d:ea:7a:cf:b3:22:3e:f6:7c:72:e0:9d: + dd:fc:98:2b:5f:de:c5:c8:52:7e:bd:87:25:c9:31:70:ca:e4: + c7:cc:39:ff:ad:8e:42:f0:d7:70:74:89:3b:fa:04:04:ee:f4: + 09:02:45:91:1f:d9:be:44:cf:bb:aa:2e:49:86:0c:fa:db:f7: + f8:79:33:2c:e3:04:8f:40:d6:ee:4f:09:66:80:cc:b4:10:d8: + 68:57:27:48:c1:d4:82:da:07:d7:92:74:33:23:67:ff:9f:a5: + 91:7e:c9:8f:c7:7a:a3:54:bc:5c:48:f8:3e:ce:0e:df:f6:f8: + fd:4f:45:2a:0d:15:58:ae:09:91:cf:17:54:56:34:52:a0:ed: + 30:3e:f8:9c:4d:0d:62:c4:39:f0:be:0f:aa:01:bf:bb:80:ba: + 34:da:0b:e5:9e:39:7d:7d:80:62:b4:c0:26:e7:92:f1:14:1d: + b2:6d:eb:ff:4c:23:94:94:fb:30:8d:0e:89:0d:aa:44:ec:f6: + 08:3f:98:b3:cd:5c:21:3b:b1:ca:65:fb:67:2d:d2:a9:4c:cf: + 82:3a:27:ad:54:c2:76:a4:1a:76:70:de:b3:1e:c9:5f:b3:9a: + c6:9f:68:cb:29:ab:0a:c5:20:5d:e4:9f:e7:7d:54:5e:b3:08: + 50:d0:fe:fd +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIULACkHkB4DXz1eKsk4hb613vBHL8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAO07u/KLIIHeQkHGJGMcS+VjsJMH/SJkUH3vj+1lqrr02a0M +aN1QsOoKXhie30iI7B/6a0o+2+okbrGjuwsS3h1J0zJ4JPnoT6qFkCGiLI9YlYxw +gI3NmWgDZw9I65YXY5Mrj3J3I1+XT4a9F9JwW1wY+AHWEdjA3DKy9L/d2mX7hiPA +pL3/wqS2h54QmNT0CcsmUB1Wg3IJxsG3zFKcYQkEu6oqY2alsQJghbwwkWK7b7Ak +M+i1mhMfOnOV1fu8qUjdFKKkYuGXGVexGtrBeZP9dMvh/wxJwnhXju/c32CWjuai +l2C5U2sXjq75Pb4x3UYYva+2pgL6SC/YxvAfvEMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwHwYDVR0jBBgwFoAUzW9M/qp6OmNdEnlt +9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBJ6wLtKt0N6nrPsyI+9nxy4J3d/JgrX97FyFJ+ +vYclyTFwyuTHzDn/rY5C8NdwdIk7+gQE7vQJAkWRH9m+RM+7qi5Jhgz62/f4eTMs +4wSPQNbuTwlmgMy0ENhoVydIwdSC2gfXknQzI2f/n6WRfsmPx3qjVLxcSPg+zg7f +9vj9T0UqDRVYrgmRzxdUVjRSoO0wPvicTQ1ixDnwvg+qAb+7gLo02gvlnjl9fYBi +tMAm55LxFB2ybev/TCOUlPswjQ6JDapE7PYIP5izzVwhO7HKZftnLdKpTM+COiet +VMJ2pBp2cN6zHslfs5rGn2jLKasKxSBd5J/nfVReswhQ0P79 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:00:a4:1e:40:78:0d:7c:f5:78:ab:24:e2:16:fa:d7:7b:c1:1c:be + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + ad:29:2e:53:15:47:00:7e:ac:fc:4d:99:bc:cc:1b:f6:7f:12: + 16:d5:f8:19:b3:38:4c:7e:18:40:0f:1f:24:32:09:6c:8f:ba: + e2:c3:d2:95:2b:35:54:b7:87:ec:88:fb:e2:7f:0a:9c:cc:61: + f2:bf:57:d4:09:d9:61:ee:76:4a:a1:af:3c:cc:ac:3b:68:31: + 8f:e3:1a:ef:2f:c8:6b:b6:34:b7:44:40:28:a7:a3:f4:56:6c: + 56:49:9e:af:ca:4b:ee:7b:7c:b9:b3:a6:69:d1:d2:6c:ad:ec: + c5:a8:67:4b:91:f5:86:7f:b7:b8:d2:b2:24:c7:f2:e7:05:b4: + c5:cd:70:ba:1d:d3:86:8c:53:78:2c:5c:24:1d:7f:60:d8:1b: + b4:83:a4:21:0e:13:d3:41:bf:2d:57:1f:5a:f7:e6:b8:eb:9a: + cd:e9:31:69:26:b7:79:c6:aa:f2:a2:86:3b:95:48:4f:8a:8d: + 59:d8:5f:aa:72:d0:d4:56:30:db:ab:e9:83:f6:8b:58:3a:38: + cc:ed:72:d8:36:4b:aa:fa:1c:22:03:ca:f8:48:93:49:91:10: + b0:53:2b:20:d9:b1:9f:56:a7:04:3b:58:cf:ec:f2:41:b2:2d: + 65:8c:40:ea:5f:d2:c8:6b:87:17:3f:4c:62:5b:7a:25:e1:a5: + a4:af:8d:54 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIULACkHkB4DXz1eKsk4hb613vBHL4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDoFzG2DoQQpJu/nq6eKbdvga7X30WJ0SlRDh45epZrf8B434jP27OrjUkP ++3BVhU+TnxKhplVcqa6NeU2mOjIDnL+tlcSLSR8CtSOgn9rTRcaM/OyXRlfdd1bG +okZ42qJZuyLq3mOUUBmRHBDNZ+BXEL3g3mlngG0xqEO8SSyK1kojD6Z49HTHTzdS +Oq+cA7KzbCarYmESbSIVZtrs1rgfmxS5BJybXrXLi2KVZ2qhV0QCd6KBPscgUqIW +LrrCKaFU7TNn8iomo7baCI1jbMpPxoSIuWAIz1COWj511+zXY8H+GD9O+wjeOUXS +gTSOiVpIzkm/yoTLJqzC9x9rPw1JAgMBAAGjgcswgcgwHQYDVR0OBBYEFM1vTP6q +ejpjXRJ5bfRMsCqKf/tsMB8GA1UdIwQYMBaAFM1vTP6qejpjXRJ5bfRMsCqKf/ts +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEArSkuUxVHAH6s/E2ZvMwb9n8SFtX4GbM4TH4YQA8fJDIJbI+6 +4sPSlSs1VLeH7Ij74n8KnMxh8r9X1AnZYe52SqGvPMysO2gxj+Ma7y/Ia7Y0t0RA +KKej9FZsVkmer8pL7nt8ubOmadHSbK3sxahnS5H1hn+3uNKyJMfy5wW0xc1wuh3T +hoxTeCxcJB1/YNgbtIOkIQ4T00G/LVcfWvfmuOuazekxaSa3ecaq8qKGO5VIT4qN +WdhfqnLQ1FYw26vpg/aLWDo4zO1y2DZLqvocIgPK+EiTSZEQsFMrINmxn1anBDtY +z+zyQbItZYxA6l/SyGuHFz9MYlt6JeGlpK+NVA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth-strict.test new file mode 100644 index 0000000000..e3e5c74fe6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth-strict.test @@ -0,0 +1,12 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage does not include client auth but instead includes anyExtendedKeyUsage +ERROR: The extended key usage does not include client auth + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth.test new file mode 100644 index 0000000000..cc89c25092 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/clientauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage does not include client auth but instead includes anyExtendedKeyUsage + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/generate-chains.py new file mode 100755 index 0000000000..319aaf8a86 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/generate-chains.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# Copyright 2022 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', 'anyExtendedKeyUsage') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Intermediate.key new file mode 100644 index 0000000000..2c027f45d0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA7Tu78osggd5CQcYkYxxL5WOwkwf9ImRQfe+P7WWquvTZrQxo +3VCw6gpeGJ7fSIjsH/prSj7b6iRusaO7CxLeHUnTMngk+ehPqoWQIaIsj1iVjHCA +jc2ZaANnD0jrlhdjkyuPcncjX5dPhr0X0nBbXBj4AdYR2MDcMrL0v93aZfuGI8Ck +vf/CpLaHnhCY1PQJyyZQHVaDcgnGwbfMUpxhCQS7qipjZqWxAmCFvDCRYrtvsCQz +6LWaEx86c5XV+7ypSN0UoqRi4ZcZV7Ea2sF5k/10y+H/DEnCeFeO79zfYJaO5qKX +YLlTaxeOrvk9vjHdRhi9r7amAvpIL9jG8B+8QwIDAQABAoIBAQDIGd2DTMTjpgR/ +FFF249RErZyvuEpU6wZV426kUF/9CDBfXZtKKhi/oHUUEVXHCe8ZXhGHc5PtYEOa +RL+tLIH7dFzXMi4GOWSRMc2MAQ3S72ZdKjvU4DnoWQ5h/yDv3dSYu2Joq4NDyw5C +WVcxoqH9AfaXHei5ypsxjG8TM19XKnyNq9MlO0o9LF696jabjnvcm8Ymq2EfrZWp +46XwPC/XSJeR4v3Bx4JQFDkuWeG6KWpLqmB1oX05WOoCvX7JonjX6QMim89L6zN/ +LKyZA8W9vlP9CBe5TwyaZC+JZOsJNZXajbPUMS0Pt3wec6hGyDNJK3DI8PV5p8Sb +DSHJlvjxAoGBAPj5J/8LdGqSsSG1WwiyvT0prcn76B3iH3h6G1yb+k+HYddYA/+j +5q2yE2AC4UtqVPn6n3sBka1S0ONuTOZXiEK/xyq/BdOW49AjjIOKCaXX89SaWG/q +0RHZrkMnhsxf1A09yh1sOIfznO1kmGkrFiyXn7w7Q8ZXcOwAeYcYRQZpAoGBAPPt +waIHhaoHVG1qJbq2bjU8jqSZ0oCmIIw3xqwhc8716lhXKH08uhNokym9r4sVfen5 +1Sdhmqk7L40P37A2wy7WBs6Sguh8tXJc3O00SnwCvoQU0w4YBnAHRx0Hhlw4JiEh +FW202Wiot+6bNH5xvA3Qn5LELGo5RNG9lDvod4/LAoGBAMry3uWJwtX0yar+mDxY +5uVqih2x2B4z6w9cCd3Nz5bwdpMBThEe27UPCbgj4N6GyMoUv9eXCdbNQTWC/fBt +vccbaRCxMeCuiPlrYOkApqinhjzxq9FfChmQ5fobyEfkfYhlq9GcG+DGdk8UxyBD +XQnwducLME4HjSbzpBy5bdqxAoGALKzX8PgVt/1drihpvpeY+bEcovL1RdCnV2cD +wRTjY/1QLVvRM5bCsblOcq+mDgAiro6uRmcu713CqMBGhLyS5OoYFw9oYHIuvUJa +yCrylWHfSMuTmBo4W55JnPx61DsIaLrpdM1RoER+Y3oTlDD6c0FJaJT7WX0hqJRj +KNG7zB8CgYEA3sjJXkYscwRAzxpaG31BiuBV28bjgEO72bi/LIby70nqc3CBEDs2 +O9CVCDNlA1aXJOKLHbEY0jPArim6d/rOUD4ca3YmyCdNmq/dntRq1+rv8b2Redq5 +0xQMbZ1rY39FzOwBQzSKnQ1prXS+2vQ6qEm4/vRbUvCvVxWO97qlFk8= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Root.key new file mode 100644 index 0000000000..c448450523 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6Bcxtg6EEKSbv56unim3b4Gu199FidEpUQ4eOXqWa3/AeN+I +z9uzq41JD/twVYVPk58SoaZVXKmujXlNpjoyA5y/rZXEi0kfArUjoJ/a00XGjPzs +l0ZX3XdWxqJGeNqiWbsi6t5jlFAZkRwQzWfgVxC94N5pZ4BtMahDvEksitZKIw+m +ePR0x083UjqvnAOys2wmq2JhEm0iFWba7Na4H5sUuQScm161y4tilWdqoVdEAnei +gT7HIFKiFi66wimhVO0zZ/IqJqO22giNY2zKT8aEiLlgCM9Qjlo+ddfs12PB/hg/ +TvsI3jlF0oE0jolaSM5Jv8qEyyaswvcfaz8NSQIDAQABAoIBAAe7/iQbB7umQKp6 +F0eeDEbjA3ieMCsPlVjmJ4uy0iBy+W8Nw/lpUOt+odiugGfZMXWx72UDrgSQgwij +6jqH5fLI3npia1JY9XeZob5QlXJE+QDpzNidt3/h4jpsXfzZDGABJIC/OIJQyQlU +7hpqQ8ei/zDnOIwCc6EcAmXb6mgV+9MA9xXX8PIbp5o9t0w1VO3w/WNl6aNxsKOa +0eJWqGD59zfxSL+9nxNCaOyvEe6yvjEFOMSUqs4vn5CSNvHFP/j84lUuUmdufNoW +LwJdkbrkoE/sdm89KvcPpj1vjx0pnSfAL00mClt5BM3DoW7+WAp6Ovm+0hKz2W57 +AUQraCECgYEA93FCVO+BEK5PIlVcIyZsnSIUGPNn5TfyY4Fu0ehSroenT4+o9x5F +TyJ85lylxVgNDWvhBeGbETnEEtNfBIC29rTS7I0cyHYxmU6sPGpEgB+tB7wXGYpf +O4dh8lBaH3hUo4i5o+xRKaueyJ81MtMvUXcm9O9dsmjRFOE9MJNOaosCgYEA8B4E +Zk586QPUvvaemky5pZgm5sHoE5tC8JhAiOHBm+wSsT7d6OKQoaJRguRciHpxBlKr ++E9Los/ERhhnrkllVX+mjAE0JA/9Vb2kZJno+11Nn+ZUouUqbo2ySLy5SJkc6ckj +pCM1psGuJiJd6uszs2OsUYjyeC8Ato2/lsszpfsCgYBugyES+hz0rEUfmmwaLtEX +pN7A/gUK9N/G3Un3agFzfZaWDB10sQpXe5m48OwApYC+282WaNpu6RPPLKQlSK9u +o/gIOkX+qfsg82gtW3DYoE0RRUoz1/8MgTyXkpeNsppqp2fx9FuTdtjl1WVXG8bo +ZYT6o+V/Bx1KbAZ+KWw+XQKBgBMMXo77JP+bNTJdACH/ei6/zj46Hb4IcBwECAKT +3jcPWEBFW3dRGeYoqUy37vtIs1SsFEZji/2De++PmhICco6AzOaIZemCdzdpDvSI +HSprsW/A5u/xPBd/GCibCBvRQbDuKuynemcbMESIL2kmdXiCrLXfJlUQbX8N6af9 +wMAnAoGBAM16yiiEMFXwOtXTKOIYXdWDduOUAFtzUJxhXBLYbQRCxp64JKIo7n1c +5KTpBiSZ4P4yIzy28cpqmLjQ+J5RUlMCq09qqBND7+eqeWQ/o0oBfVE+CNYsun9j +AsDPqp1k4rAtSx16d54sa19cA2cSeqE9v6zLgnOVCVHjwgY3uRw7 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Target.key new file mode 100644 index 0000000000..ea8d5811ca --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2SwnWp7 +hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLLR9dL +AAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWbLZmD +PAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGTrvoL +GEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8WvtPg +XOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABAoIBAHZQBUQLhQ47oRSI +2O6Sd5+cqSfsKonI4npa6KhYSuATUv4wLkd5yjfdjvzhoQfGSW9aN0K0aJ9TS21J ++4L0uRcqpRSaTq3x76wrK4W8FBMlL3duRijjoX4FxFuJRe7+go7FG9IlaOvzJ8qW +TlwekE0DSA3+m47wTulpuyDrV5ltMMzWDY+M8IPv/WK/mN4G3ONKPWiWA+Qlv2Rm +pmCMmSuI2ZgA/UW0VNvjAwrs5wuSCMkf+gaY1UbKJ4Au06DDCtCoSYC5nZqw/Zkk +LUiTUrVAB4TpwfSc8VoDkV+SJ54Gw776bd99Poyi0qoxjlPd+frHgerIVMN3rFfn +RHYRxeECgYEA6eVjjqeOD0bQ3nRKUWKZneqpPePtxxEAAMhRBPflPB3mR/Qq4SCb +ZeiWFxJ1mWEHTvUsaM5jlF/jZvF+H0PfQiHTB3hyEdbOVIDSIiyy5qD+8ubaslph +FB2Syq7lIeGTiN0bB7Ogz1+tfecbzz0vV/Ce43r6PHQYv0qwID7CQc0CgYEA1fv5 +KTCMG35Hzm3qvCLNlcmRYJJvJUOPMEhwlZKurrl4jiBGYHmDOK7qWpUJc4ewrkFg +WHrg5KUHDDUL1XoJrlDPMNOVP4kjX2f5Qs6kej/W53isDmdUxD9BMVPhHME4kmop +9LbyfMW1sGg416S9RJe68xUCo75Lb9Z7wGyMGF8CgYEAw5y+6J2lJ42YPZOQXARU +aUfKByLKx8Ol9wGRENCp/N8cqmzAN8vnaxFcBSvBAmetjxFo9LY3fe2752psioVf +AJX9QbAv5k95/B5In6A2dr+KuWbs3GDN897P14bxxqY7lykj5AsMoKJqHHPeRDHt +mGR63dEJ2ulVkRZLuowCNrkCgYApOZwtFU9I1LFc0cxRZpsY6nZ5lnyXP0bM1Ifs +KRBCVTUmnI0ydPaU6w33WZMykMe3Kp03LqU5J5oN/gJDpHlM/gCMtZahYPhRnyRk +fI8vhjEO8y6ir8Gi9VTH/hL2iTsu6gkfPkfFRgnU7J9W3EQifODlh/y0MysxZq78 +yWzMHQKBgQCUZAspO30NRKD0+wXDPHpD4S9YMjzdIhwExbp0zAtk/+6vKB+eusn8 +EWmnQoadShchg5jaLAy5cH13ssLav1yegm41QidLCZrWXeYUi77Lys5y6/JtAAy4 +gtXNgvRGYV5SHR/2yd5DyZDfN4rQfX+CMO7TxFBY5+Mcu6OfBuYBmA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth-strict.test new file mode 100644 index 0000000000..c5a0cbc04f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth-strict.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage does not include server auth but instead includes anyExtendeKeyUsage +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth.test new file mode 100644 index 0000000000..772808c7f9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-any/serverauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage does not include server auth but instead includes anyExtendeKeyUsage + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/any.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/chain.pem new file mode 100644 index 0000000000..50eaf71ad7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 51:d2:13:35:b6:8a:b2:3b:cd:22:15:03:93:0a:b2:a0:22:4d:e1:57 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 1c:5f:11:a4:9a:79:cd:bf:20:c5:ac:53:19:8c:6c:19:57:0c: + 58:fe:49:49:65:20:16:3d:04:32:e0:ec:32:92:cb:b2:15:2c: + d0:b0:3e:b9:72:bf:e5:4c:94:5e:29:04:36:f1:9e:af:5f:dc: + 8f:da:e3:d4:c7:89:fc:e4:2b:d4:a4:e6:40:a5:db:61:c8:6c: + 7a:4b:65:3c:31:d2:cd:08:92:2f:6c:47:95:e7:7e:b3:71:03: + 5b:46:e7:bb:5a:79:37:e1:34:bb:d4:79:a1:58:fe:df:38:38: + 21:ce:0d:85:5d:50:a0:1a:38:95:3c:63:bc:d0:71:af:89:29: + a0:be:1f:70:68:2f:f4:2c:4b:05:42:87:29:25:64:95:d1:40: + 26:c5:51:4c:a5:29:79:fb:50:0e:11:48:c8:57:f5:9e:d8:69: + 43:88:99:9a:e0:ef:71:38:60:8e:be:4d:59:f3:1f:64:6a:41: + 20:68:ed:e4:e2:01:68:99:3d:8a:75:1b:bf:4a:ba:90:10:fb: + 22:4a:4e:fc:d9:b9:98:f3:eb:a8:4e:13:c2:d1:87:8d:80:7e: + 22:5e:fb:72:ff:ca:07:d6:31:76:60:c9:c2:4f:09:eb:ef:e8: + 2b:e6:96:1e:87:08:0c:64:76:eb:af:d9:ca:b7:0f:d0:33:1c: + 58:5f:53:aa +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUUdITNbaKsjvNIhUDkwqyoCJN4VcwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABo4HfMIHcMB0GA1Ud +DgQWBBRaFpwGhbb0d61yWKJPof4pz5eKKzAfBgNVHSMEGDAWgBQkuZFBOfEwXvjF +O8BRzBFYphNzszA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAHF8RpJp5 +zb8gxaxTGYxsGVcMWP5JSWUgFj0EMuDsMpLLshUs0LA+uXK/5UyUXikENvGer1/c +j9rj1MeJ/OQr1KTmQKXbYchsektlPDHSzQiSL2xHled+s3EDW0bnu1p5N+E0u9R5 +oVj+3zg4Ic4NhV1QoBo4lTxjvNBxr4kpoL4fcGgv9CxLBUKHKSVkldFAJsVRTKUp +eftQDhFIyFf1nthpQ4iZmuDvcThgjr5NWfMfZGpBIGjt5OIBaJk9inUbv0q6kBD7 +IkpO/Nm5mPPrqE4TwtGHjYB+Il77cv/KB9YxdmDJwk8J6+/oK+aWHocIDGR266/Z +yrcP0DMcWF9Tqg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 21:b4:f1:0c:52:12:7e:ce:93:5e:dd:2d:2b:69:e9:bb:8c:4d:24:70 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 40:30:80:b6:34:db:16:10:36:41:bd:52:25:3a:93:3b:2c:f9: + cd:54:5a:a0:4e:b7:49:aa:ab:54:c9:68:bd:dd:f2:8f:14:c6: + f1:8d:33:65:48:81:ef:8a:06:81:5d:be:8b:0d:6c:02:8d:a7: + 7f:ab:5f:6f:67:78:7a:a4:85:f8:66:32:d7:6d:ae:7f:a9:3b: + 61:37:01:cc:fd:f9:45:5a:21:2d:d8:2a:50:e7:d6:59:31:0d: + 7b:4d:5e:fd:57:cc:ca:fd:77:48:3a:ac:cb:fe:41:8c:6c:9a: + 3c:00:b3:63:8b:a0:56:bc:54:d8:de:50:c1:f7:0c:ea:3f:52: + 11:ae:f3:c4:13:9c:99:52:02:3e:83:b9:38:c2:2c:a7:e5:85: + af:85:1f:b0:ff:2c:7c:85:14:d3:21:92:20:60:68:06:96:fb: + 58:2e:f1:78:8d:a0:db:5a:4b:aa:27:0c:37:ef:28:46:35:28: + 43:8c:88:99:36:68:ad:bc:b6:50:72:3c:f5:76:60:a6:df:70: + 70:a3:80:d0:d0:1d:93:8c:ee:c1:c6:5a:51:ae:96:3d:88:dd: + ee:8e:35:0b:89:4e:0f:96:47:ff:b0:1e:8c:d5:11:e6:ba:3c: + 0a:bc:bf:a4:8f:28:27:e6:44:d0:79:bc:b6:db:39:a5:96:90: + 52:66:07:0e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUIbTxDFISfs6TXt0tK2npu4xNJHAwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAO07u/KLIIHeQkHGJGMcS+VjsJMH/SJkUH3vj+1lqrr02a0M +aN1QsOoKXhie30iI7B/6a0o+2+okbrGjuwsS3h1J0zJ4JPnoT6qFkCGiLI9YlYxw +gI3NmWgDZw9I65YXY5Mrj3J3I1+XT4a9F9JwW1wY+AHWEdjA3DKy9L/d2mX7hiPA +pL3/wqS2h54QmNT0CcsmUB1Wg3IJxsG3zFKcYQkEu6oqY2alsQJghbwwkWK7b7Ak +M+i1mhMfOnOV1fu8qUjdFKKkYuGXGVexGtrBeZP9dMvh/wxJwnhXju/c32CWjuai +l2C5U2sXjq75Pb4x3UYYva+2pgL6SC/YxvAfvEMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwHwYDVR0jBBgwFoAUzW9M/qp6OmNdEnlt +9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBAMIC2NNsWEDZBvVIlOpM7LPnNVFqgTrdJqqtU +yWi93fKPFMbxjTNlSIHvigaBXb6LDWwCjad/q19vZ3h6pIX4ZjLXba5/qTthNwHM +/flFWiEt2CpQ59ZZMQ17TV79V8zK/XdIOqzL/kGMbJo8ALNji6BWvFTY3lDB9wzq +P1IRrvPEE5yZUgI+g7k4wiyn5YWvhR+w/yx8hRTTIZIgYGgGlvtYLvF4jaDbWkuq +Jww37yhGNShDjIiZNmitvLZQcjz1dmCm33Bwo4DQ0B2TjO7BxlpRrpY9iN3ujjUL +iU4Plkf/sB6M1RHmujwKvL+kjygn5kTQeby22zmllpBSZgcO +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 21:b4:f1:0c:52:12:7e:ce:93:5e:dd:2d:2b:69:e9:bb:8c:4d:24:6f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 69:17:0f:f1:d9:f0:b5:69:62:e5:de:ca:bf:8d:84:d4:fa:1d: + f7:32:c2:b2:15:93:94:11:bf:af:de:72:63:43:61:b9:83:6d: + a4:ac:2a:68:b2:a5:c7:92:ed:69:96:8d:6d:9b:bf:5b:dc:1e: + 6a:c4:e0:7b:00:35:7a:a7:44:74:95:16:92:72:2e:46:c7:fa: + 25:e0:1b:46:dc:fd:53:e1:28:51:07:5e:01:9e:dc:03:a9:90: + d7:ed:25:f7:e6:82:1b:d2:32:3f:b7:d6:fa:75:62:d6:12:7d: + 62:7f:d2:e6:fa:23:26:cd:a4:3c:bb:32:a0:2b:3f:15:3e:90: + 57:21:04:9c:65:49:af:44:a8:44:8f:41:3d:92:b4:f8:80:39: + 11:2e:1b:6a:a6:65:f3:31:5b:d1:cf:4f:6b:a9:39:56:8f:1d: + 29:57:6c:d0:07:ae:4a:48:01:b7:2f:0e:ce:1b:49:46:72:2b: + 28:70:34:ba:c0:88:01:11:0e:0f:85:65:b2:09:79:7b:d1:83: + 94:65:d3:d2:ef:ac:58:af:0b:fb:f3:ad:e1:d9:9d:c8:48:42: + 0b:8d:f4:40:d6:a7:12:82:cc:0c:34:a3:9e:d0:08:99:50:97: + 51:65:d5:e1:ce:d4:a7:89:88:46:50:64:b1:d3:47:c6:0b:86: + 65:d6:3b:18 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUIbTxDFISfs6TXt0tK2npu4xNJG8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDoFzG2DoQQpJu/nq6eKbdvga7X30WJ0SlRDh45epZrf8B434jP27OrjUkP ++3BVhU+TnxKhplVcqa6NeU2mOjIDnL+tlcSLSR8CtSOgn9rTRcaM/OyXRlfdd1bG +okZ42qJZuyLq3mOUUBmRHBDNZ+BXEL3g3mlngG0xqEO8SSyK1kojD6Z49HTHTzdS +Oq+cA7KzbCarYmESbSIVZtrs1rgfmxS5BJybXrXLi2KVZ2qhV0QCd6KBPscgUqIW +LrrCKaFU7TNn8iomo7baCI1jbMpPxoSIuWAIz1COWj511+zXY8H+GD9O+wjeOUXS +gTSOiVpIzkm/yoTLJqzC9x9rPw1JAgMBAAGjgcswgcgwHQYDVR0OBBYEFM1vTP6q +ejpjXRJ5bfRMsCqKf/tsMB8GA1UdIwQYMBaAFM1vTP6qejpjXRJ5bfRMsCqKf/ts +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAaRcP8dnwtWli5d7Kv42E1Pod9zLCshWTlBG/r95yY0NhuYNt +pKwqaLKlx5LtaZaNbZu/W9weasTgewA1eqdEdJUWknIuRsf6JeAbRtz9U+EoUQde +AZ7cA6mQ1+0l9+aCG9IyP7fW+nVi1hJ9Yn/S5vojJs2kPLsyoCs/FT6QVyEEnGVJ +r0SoRI9BPZK0+IA5ES4baqZl8zFb0c9Pa6k5Vo8dKVds0AeuSkgBty8OzhtJRnIr +KHA0usCIAREOD4Vlsgl5e9GDlGXT0u+sWK8L+/Ot4dmdyEhCC430QNanEoLMDDSj +ntAImVCXUWXV4c7Up4mIRlBksdNHxguGZdY7GA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth-strict.test new file mode 100644 index 0000000000..afb8d7e481 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth-strict.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test new file mode 100644 index 0000000000..39c290f687 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/generate-chains.py new file mode 100755 index 0000000000..1104d52852 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', 'clientAuth') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Intermediate.key new file mode 100644 index 0000000000..2c027f45d0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA7Tu78osggd5CQcYkYxxL5WOwkwf9ImRQfe+P7WWquvTZrQxo +3VCw6gpeGJ7fSIjsH/prSj7b6iRusaO7CxLeHUnTMngk+ehPqoWQIaIsj1iVjHCA +jc2ZaANnD0jrlhdjkyuPcncjX5dPhr0X0nBbXBj4AdYR2MDcMrL0v93aZfuGI8Ck +vf/CpLaHnhCY1PQJyyZQHVaDcgnGwbfMUpxhCQS7qipjZqWxAmCFvDCRYrtvsCQz +6LWaEx86c5XV+7ypSN0UoqRi4ZcZV7Ea2sF5k/10y+H/DEnCeFeO79zfYJaO5qKX +YLlTaxeOrvk9vjHdRhi9r7amAvpIL9jG8B+8QwIDAQABAoIBAQDIGd2DTMTjpgR/ +FFF249RErZyvuEpU6wZV426kUF/9CDBfXZtKKhi/oHUUEVXHCe8ZXhGHc5PtYEOa +RL+tLIH7dFzXMi4GOWSRMc2MAQ3S72ZdKjvU4DnoWQ5h/yDv3dSYu2Joq4NDyw5C +WVcxoqH9AfaXHei5ypsxjG8TM19XKnyNq9MlO0o9LF696jabjnvcm8Ymq2EfrZWp +46XwPC/XSJeR4v3Bx4JQFDkuWeG6KWpLqmB1oX05WOoCvX7JonjX6QMim89L6zN/ +LKyZA8W9vlP9CBe5TwyaZC+JZOsJNZXajbPUMS0Pt3wec6hGyDNJK3DI8PV5p8Sb +DSHJlvjxAoGBAPj5J/8LdGqSsSG1WwiyvT0prcn76B3iH3h6G1yb+k+HYddYA/+j +5q2yE2AC4UtqVPn6n3sBka1S0ONuTOZXiEK/xyq/BdOW49AjjIOKCaXX89SaWG/q +0RHZrkMnhsxf1A09yh1sOIfznO1kmGkrFiyXn7w7Q8ZXcOwAeYcYRQZpAoGBAPPt +waIHhaoHVG1qJbq2bjU8jqSZ0oCmIIw3xqwhc8716lhXKH08uhNokym9r4sVfen5 +1Sdhmqk7L40P37A2wy7WBs6Sguh8tXJc3O00SnwCvoQU0w4YBnAHRx0Hhlw4JiEh +FW202Wiot+6bNH5xvA3Qn5LELGo5RNG9lDvod4/LAoGBAMry3uWJwtX0yar+mDxY +5uVqih2x2B4z6w9cCd3Nz5bwdpMBThEe27UPCbgj4N6GyMoUv9eXCdbNQTWC/fBt +vccbaRCxMeCuiPlrYOkApqinhjzxq9FfChmQ5fobyEfkfYhlq9GcG+DGdk8UxyBD +XQnwducLME4HjSbzpBy5bdqxAoGALKzX8PgVt/1drihpvpeY+bEcovL1RdCnV2cD +wRTjY/1QLVvRM5bCsblOcq+mDgAiro6uRmcu713CqMBGhLyS5OoYFw9oYHIuvUJa +yCrylWHfSMuTmBo4W55JnPx61DsIaLrpdM1RoER+Y3oTlDD6c0FJaJT7WX0hqJRj +KNG7zB8CgYEA3sjJXkYscwRAzxpaG31BiuBV28bjgEO72bi/LIby70nqc3CBEDs2 +O9CVCDNlA1aXJOKLHbEY0jPArim6d/rOUD4ca3YmyCdNmq/dntRq1+rv8b2Redq5 +0xQMbZ1rY39FzOwBQzSKnQ1prXS+2vQ6qEm4/vRbUvCvVxWO97qlFk8= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Root.key new file mode 100644 index 0000000000..c448450523 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6Bcxtg6EEKSbv56unim3b4Gu199FidEpUQ4eOXqWa3/AeN+I +z9uzq41JD/twVYVPk58SoaZVXKmujXlNpjoyA5y/rZXEi0kfArUjoJ/a00XGjPzs +l0ZX3XdWxqJGeNqiWbsi6t5jlFAZkRwQzWfgVxC94N5pZ4BtMahDvEksitZKIw+m +ePR0x083UjqvnAOys2wmq2JhEm0iFWba7Na4H5sUuQScm161y4tilWdqoVdEAnei +gT7HIFKiFi66wimhVO0zZ/IqJqO22giNY2zKT8aEiLlgCM9Qjlo+ddfs12PB/hg/ +TvsI3jlF0oE0jolaSM5Jv8qEyyaswvcfaz8NSQIDAQABAoIBAAe7/iQbB7umQKp6 +F0eeDEbjA3ieMCsPlVjmJ4uy0iBy+W8Nw/lpUOt+odiugGfZMXWx72UDrgSQgwij +6jqH5fLI3npia1JY9XeZob5QlXJE+QDpzNidt3/h4jpsXfzZDGABJIC/OIJQyQlU +7hpqQ8ei/zDnOIwCc6EcAmXb6mgV+9MA9xXX8PIbp5o9t0w1VO3w/WNl6aNxsKOa +0eJWqGD59zfxSL+9nxNCaOyvEe6yvjEFOMSUqs4vn5CSNvHFP/j84lUuUmdufNoW +LwJdkbrkoE/sdm89KvcPpj1vjx0pnSfAL00mClt5BM3DoW7+WAp6Ovm+0hKz2W57 +AUQraCECgYEA93FCVO+BEK5PIlVcIyZsnSIUGPNn5TfyY4Fu0ehSroenT4+o9x5F +TyJ85lylxVgNDWvhBeGbETnEEtNfBIC29rTS7I0cyHYxmU6sPGpEgB+tB7wXGYpf +O4dh8lBaH3hUo4i5o+xRKaueyJ81MtMvUXcm9O9dsmjRFOE9MJNOaosCgYEA8B4E +Zk586QPUvvaemky5pZgm5sHoE5tC8JhAiOHBm+wSsT7d6OKQoaJRguRciHpxBlKr ++E9Los/ERhhnrkllVX+mjAE0JA/9Vb2kZJno+11Nn+ZUouUqbo2ySLy5SJkc6ckj +pCM1psGuJiJd6uszs2OsUYjyeC8Ato2/lsszpfsCgYBugyES+hz0rEUfmmwaLtEX +pN7A/gUK9N/G3Un3agFzfZaWDB10sQpXe5m48OwApYC+282WaNpu6RPPLKQlSK9u +o/gIOkX+qfsg82gtW3DYoE0RRUoz1/8MgTyXkpeNsppqp2fx9FuTdtjl1WVXG8bo +ZYT6o+V/Bx1KbAZ+KWw+XQKBgBMMXo77JP+bNTJdACH/ei6/zj46Hb4IcBwECAKT +3jcPWEBFW3dRGeYoqUy37vtIs1SsFEZji/2De++PmhICco6AzOaIZemCdzdpDvSI +HSprsW/A5u/xPBd/GCibCBvRQbDuKuynemcbMESIL2kmdXiCrLXfJlUQbX8N6af9 +wMAnAoGBAM16yiiEMFXwOtXTKOIYXdWDduOUAFtzUJxhXBLYbQRCxp64JKIo7n1c +5KTpBiSZ4P4yIzy28cpqmLjQ+J5RUlMCq09qqBND7+eqeWQ/o0oBfVE+CNYsun9j +AsDPqp1k4rAtSx16d54sa19cA2cSeqE9v6zLgnOVCVHjwgY3uRw7 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Target.key new file mode 100644 index 0000000000..ea8d5811ca --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2SwnWp7 +hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLLR9dL +AAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWbLZmD +PAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGTrvoL +GEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8WvtPg +XOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABAoIBAHZQBUQLhQ47oRSI +2O6Sd5+cqSfsKonI4npa6KhYSuATUv4wLkd5yjfdjvzhoQfGSW9aN0K0aJ9TS21J ++4L0uRcqpRSaTq3x76wrK4W8FBMlL3duRijjoX4FxFuJRe7+go7FG9IlaOvzJ8qW +TlwekE0DSA3+m47wTulpuyDrV5ltMMzWDY+M8IPv/WK/mN4G3ONKPWiWA+Qlv2Rm +pmCMmSuI2ZgA/UW0VNvjAwrs5wuSCMkf+gaY1UbKJ4Au06DDCtCoSYC5nZqw/Zkk +LUiTUrVAB4TpwfSc8VoDkV+SJ54Gw776bd99Poyi0qoxjlPd+frHgerIVMN3rFfn +RHYRxeECgYEA6eVjjqeOD0bQ3nRKUWKZneqpPePtxxEAAMhRBPflPB3mR/Qq4SCb +ZeiWFxJ1mWEHTvUsaM5jlF/jZvF+H0PfQiHTB3hyEdbOVIDSIiyy5qD+8ubaslph +FB2Syq7lIeGTiN0bB7Ogz1+tfecbzz0vV/Ce43r6PHQYv0qwID7CQc0CgYEA1fv5 +KTCMG35Hzm3qvCLNlcmRYJJvJUOPMEhwlZKurrl4jiBGYHmDOK7qWpUJc4ewrkFg +WHrg5KUHDDUL1XoJrlDPMNOVP4kjX2f5Qs6kej/W53isDmdUxD9BMVPhHME4kmop +9LbyfMW1sGg416S9RJe68xUCo75Lb9Z7wGyMGF8CgYEAw5y+6J2lJ42YPZOQXARU +aUfKByLKx8Ol9wGRENCp/N8cqmzAN8vnaxFcBSvBAmetjxFo9LY3fe2752psioVf +AJX9QbAv5k95/B5In6A2dr+KuWbs3GDN897P14bxxqY7lykj5AsMoKJqHHPeRDHt +mGR63dEJ2ulVkRZLuowCNrkCgYApOZwtFU9I1LFc0cxRZpsY6nZ5lnyXP0bM1Ifs +KRBCVTUmnI0ydPaU6w33WZMykMe3Kp03LqU5J5oN/gJDpHlM/gCMtZahYPhRnyRk +fI8vhjEO8y6ir8Gi9VTH/hL2iTsu6gkfPkfFRgnU7J9W3EQifODlh/y0MysxZq78 +yWzMHQKBgQCUZAspO30NRKD0+wXDPHpD4S9YMjzdIhwExbp0zAtk/+6vKB+eusn8 +EWmnQoadShchg5jaLAy5cH13ssLav1yegm41QidLCZrWXeYUi77Lys5y6/JtAAy4 +gtXNgvRGYV5SHR/2yd5DyZDfN4rQfX+CMO7TxFBY5+Mcu6OfBuYBmA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth-strict.test new file mode 100644 index 0000000000..36d5f934e6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth-strict.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth.test new file mode 100644 index 0000000000..5bd5f42539 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-clientauth/serverauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/any.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/chain.pem new file mode 100644 index 0000000000..c943710238 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/chain.pem @@ -0,0 +1,276 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:1d:2b:1d:12:7e:34:b6:2b:61:b2:78:f2:74:66:9a:dc:66:ad:cc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, OCSP Signing, Time Stamping + Signature Algorithm: sha256WithRSAEncryption + 4a:f1:10:7d:eb:77:f7:e9:8a:1a:e4:1a:2d:84:9c:1d:91:67: + f8:c2:d9:a7:f4:e9:97:5e:74:fe:d8:a3:8f:21:3d:51:bc:af: + eb:2a:e5:dd:76:61:de:31:4c:1b:ca:91:1c:79:5e:2c:5d:7b: + 41:b8:04:47:e0:92:ac:cd:39:c2:86:b3:e0:24:5b:62:c7:ef: + 79:8d:f5:09:60:29:74:16:80:94:ed:8c:93:15:32:ee:66:bb: + 31:db:6a:eb:00:b4:60:6e:ed:61:f6:1e:f9:e7:fd:de:2f:a2: + 4f:f1:3d:50:7e:86:04:8b:e0:a9:94:ee:83:fc:23:16:a5:3c: + 07:87:1b:b8:71:f2:22:2e:5b:cf:8d:86:be:ae:45:5d:81:8a: + 33:6e:36:32:8a:28:04:cb:39:f2:78:b0:e4:cf:21:fd:72:06: + 76:c1:83:06:6e:36:0c:69:5a:4c:90:42:60:64:56:db:b6:c8: + 29:56:d8:48:77:6b:2b:5b:2a:33:37:fd:6a:78:ae:a2:0a:29: + 8c:2b:5e:10:d7:04:ef:b7:19:6f:e5:82:1e:03:d1:8e:73:b0: + 1b:dd:4c:8a:ce:40:de:a5:02:29:8a:e3:ff:5a:bb:a9:8c:34: + 87:b0:6b:44:6b:ee:c3:dc:d0:51:d3:af:e8:ee:37:4f:b7:c1: + 0f:7e:5a:2c +-----BEGIN CERTIFICATE----- +MIIDwDCCAqigAwIBAgIUPx0rHRJ+NLYrYbJ48nRmmtxmrcwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABo4IBCDCCAQQwHQYD +VR0OBBYEFFoWnAaFtvR3rXJYok+h/inPl4orMB8GA1UdIwQYMBaAFCS5kUE58TBe ++MU7wFHMEVimE3OzMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDov +L3VybC1mb3ItYWlhL0ludGVybWVkaWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQD +AgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsG +AQUFBwMJBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEASvEQfet39+mKGuQa +LYScHZFn+MLZp/Tpl150/tijjyE9Ubyv6yrl3XZh3jFMG8qRHHleLF17QbgER+CS +rM05woaz4CRbYsfveY31CWApdBaAlO2MkxUy7ma7Mdtq6wC0YG7tYfYe+ef93i+i +T/E9UH6GBIvgqZTug/wjFqU8B4cbuHHyIi5bz42Gvq5FXYGKM242MoooBMs58niw +5M8h/XIGdsGDBm42DGlaTJBCYGRW27bIKVbYSHdrK1sqMzf9aniuogopjCteENcE +77cZb+WCHgPRjnOwG91Mis5A3qUCKYrj/1q7qYw0h7BrRGvuw9zQUdOv6O43T7fB +D35aLA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b5:72:33:3e:f7:8f:e4:b8:bb:1c:6d:25:34:ec:3f:2b:03:19: + c8:50:bd:f0:17:e8:5a:eb:43:6d:57:b0:e5:5e:90:18:c9:5d: + 96:e4:27:d3:09:35:ba:22:c7:5f:c3:b2:b0:2f:be:dc:50:57: + b3:1a:7b:60:fa:ba:99:85:d9:8b:cb:08:67:c5:4b:28:a7:f2: + 21:91:44:ac:aa:c2:d0:4e:15:59:1f:c0:91:06:fa:f8:09:b5: + 39:3f:6d:be:80:7b:10:72:fd:2c:fe:27:69:3a:36:63:e3:14: + 30:11:a0:77:83:f3:14:d2:fa:76:0c:c3:88:1a:3c:fa:f0:50: + ba:d4:69:4b:80:93:6d:01:38:2e:3e:81:e4:e5:f7:02:1c:bf: + ad:e7:be:6e:dd:a3:1d:3c:7c:df:58:7b:ea:06:56:2c:8e:e1: + 00:14:79:c3:a9:aa:b5:25:8d:fb:62:e2:18:75:27:d3:f4:09: + 3b:fa:49:f7:9e:fd:28:22:57:e4:fe:f4:b6:3e:17:91:46:2c: + 6d:b0:5a:36:b4:f1:47:fb:dd:28:2a:b4:c3:43:7e:dd:05:a5: + 35:05:60:8c:fc:1e:76:8d:28:a7:42:f0:6b:b3:4b:5c:77:ae: + ec:be:c3:9e:a6:50:be:5b:46:f4:b3:2d:e4:a5:f5:a1:4e:94: + 0a:09:e4:2e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAO07u/KLIIHeQkHGJGMcS+VjsJMH/SJkUH3vj+1lqrr02a0M +aN1QsOoKXhie30iI7B/6a0o+2+okbrGjuwsS3h1J0zJ4JPnoT6qFkCGiLI9YlYxw +gI3NmWgDZw9I65YXY5Mrj3J3I1+XT4a9F9JwW1wY+AHWEdjA3DKy9L/d2mX7hiPA +pL3/wqS2h54QmNT0CcsmUB1Wg3IJxsG3zFKcYQkEu6oqY2alsQJghbwwkWK7b7Ak +M+i1mhMfOnOV1fu8qUjdFKKkYuGXGVexGtrBeZP9dMvh/wxJwnhXju/c32CWjuai +l2C5U2sXjq75Pb4x3UYYva+2pgL6SC/YxvAfvEMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwHwYDVR0jBBgwFoAUzW9M/qp6OmNdEnlt +9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQC1cjM+94/kuLscbSU07D8rAxnIUL3wF+ha60Nt +V7DlXpAYyV2W5CfTCTW6Isdfw7KwL77cUFezGntg+rqZhdmLywhnxUsop/IhkUSs +qsLQThVZH8CRBvr4CbU5P22+gHsQcv0s/idpOjZj4xQwEaB3g/MU0vp2DMOIGjz6 +8FC61GlLgJNtATguPoHk5fcCHL+t575u3aMdPHzfWHvqBlYsjuEAFHnDqaq1JY37 +YuIYdSfT9Ak7+kn3nv0oIlfk/vS2PheRRixtsFo2tPFH+90oKrTDQ37dBaU1BWCM +/B52jSinQvBrs0tcd67svsOeplC+W0b0sy3kpfWhTpQKCeQu +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:18 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2e:3a:98:e7:b2:5c:e7:8d:50:e4:04:4d:82:34:86:f0:13:6b: + 02:e6:cd:c9:ae:cc:6c:0b:79:da:1f:9a:5e:9d:59:12:f2:c8: + aa:56:32:28:2a:ea:64:68:15:a1:9f:27:e6:26:b7:66:15:9c: + 65:3c:37:af:f9:27:78:63:42:cc:bb:d4:ea:49:e2:7d:31:6b: + 94:7e:d0:41:24:bc:f9:e1:b3:34:a7:60:35:d7:4a:05:ef:53: + 5f:9f:a7:9a:e8:25:40:35:94:3e:c0:2e:3a:3a:5e:00:f9:ec: + 45:16:e3:11:2c:29:8e:86:70:ae:8f:0e:f6:7a:3d:c3:01:ef: + b2:35:e7:00:3d:1a:4a:0c:8e:a8:fe:bb:11:b9:05:71:60:d4: + a6:94:4c:ee:1b:a1:88:68:13:87:e0:1d:25:ba:e3:71:fd:7a: + ee:3e:c1:8c:4e:a5:c9:c2:26:a4:c6:dc:de:73:7c:14:e9:a1: + 2d:a6:0a:82:09:8a:1a:bb:08:54:01:50:3b:fa:e9:1e:ca:96: + fd:93:6f:a6:9e:4c:02:18:0f:71:86:0b:14:92:a8:43:09:39: + 19:96:d1:5f:96:12:08:18:bd:46:53:28:df:19:37:1d:17:48: + 97:4d:57:4d:90:7b:d2:1e:be:32:cd:e6:4c:98:bd:15:c8:26: + cc:7f:8a:ff +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDoFzG2DoQQpJu/nq6eKbdvga7X30WJ0SlRDh45epZrf8B434jP27OrjUkP ++3BVhU+TnxKhplVcqa6NeU2mOjIDnL+tlcSLSR8CtSOgn9rTRcaM/OyXRlfdd1bG +okZ42qJZuyLq3mOUUBmRHBDNZ+BXEL3g3mlngG0xqEO8SSyK1kojD6Z49HTHTzdS +Oq+cA7KzbCarYmESbSIVZtrs1rgfmxS5BJybXrXLi2KVZ2qhV0QCd6KBPscgUqIW +LrrCKaFU7TNn8iomo7baCI1jbMpPxoSIuWAIz1COWj511+zXY8H+GD9O+wjeOUXS +gTSOiVpIzkm/yoTLJqzC9x9rPw1JAgMBAAGjgcswgcgwHQYDVR0OBBYEFM1vTP6q +ejpjXRJ5bfRMsCqKf/tsMB8GA1UdIwQYMBaAFM1vTP6qejpjXRJ5bfRMsCqKf/ts +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEALjqY57Jc541Q5ARNgjSG8BNrAubNya7MbAt52h+aXp1ZEvLI +qlYyKCrqZGgVoZ8n5ia3ZhWcZTw3r/kneGNCzLvU6knifTFrlH7QQSS8+eGzNKdg +NddKBe9TX5+nmuglQDWUPsAuOjpeAPnsRRbjESwpjoZwro8O9no9wwHvsjXnAD0a +SgyOqP67EbkFcWDUppRM7huhiGgTh+AdJbrjcf167j7BjE6lycImpMbc3nN8FOmh +LaYKggmKGrsIVAFQO/rpHsqW/ZNvpp5MAhgPcYYLFJKoQwk5GZbRX5YSCBi9RlMo +3xk3HRdIl01XTZB70h6+Ms3mTJi9FcgmzH+K/w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth-strict.test new file mode 100644 index 0000000000..3d008eeec3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth-strict.test @@ -0,0 +1,13 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage includes code signing which is not permitted for this use +ERROR: The extended key usage includes OCSP signing which is not permitted for this use +ERROR: The extended key usage includes time stamping which is not permitted for this use + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth.test new file mode 100644 index 0000000000..aad39c8d60 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/clientauth.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage includes code signing which is not permitted for this use +WARNING: The extended key usage includes OCSP signing which is not permitted for this use +WARNING: The extended key usage includes time stamping which is not permitted for this use + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/generate-chains.py new file mode 100755 index 0000000000..17a59e3b06 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2022 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the target certificate sets the extended key usage +to clientAuth. Neither the root nor the intermediate have an EKU.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property( + 'extendedKeyUsage', + 'clientAuth,serverAuth,codeSigning,OCSPSigning,timeStamping') +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Intermediate.key new file mode 100644 index 0000000000..2c027f45d0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA7Tu78osggd5CQcYkYxxL5WOwkwf9ImRQfe+P7WWquvTZrQxo +3VCw6gpeGJ7fSIjsH/prSj7b6iRusaO7CxLeHUnTMngk+ehPqoWQIaIsj1iVjHCA +jc2ZaANnD0jrlhdjkyuPcncjX5dPhr0X0nBbXBj4AdYR2MDcMrL0v93aZfuGI8Ck +vf/CpLaHnhCY1PQJyyZQHVaDcgnGwbfMUpxhCQS7qipjZqWxAmCFvDCRYrtvsCQz +6LWaEx86c5XV+7ypSN0UoqRi4ZcZV7Ea2sF5k/10y+H/DEnCeFeO79zfYJaO5qKX +YLlTaxeOrvk9vjHdRhi9r7amAvpIL9jG8B+8QwIDAQABAoIBAQDIGd2DTMTjpgR/ +FFF249RErZyvuEpU6wZV426kUF/9CDBfXZtKKhi/oHUUEVXHCe8ZXhGHc5PtYEOa +RL+tLIH7dFzXMi4GOWSRMc2MAQ3S72ZdKjvU4DnoWQ5h/yDv3dSYu2Joq4NDyw5C +WVcxoqH9AfaXHei5ypsxjG8TM19XKnyNq9MlO0o9LF696jabjnvcm8Ymq2EfrZWp +46XwPC/XSJeR4v3Bx4JQFDkuWeG6KWpLqmB1oX05WOoCvX7JonjX6QMim89L6zN/ +LKyZA8W9vlP9CBe5TwyaZC+JZOsJNZXajbPUMS0Pt3wec6hGyDNJK3DI8PV5p8Sb +DSHJlvjxAoGBAPj5J/8LdGqSsSG1WwiyvT0prcn76B3iH3h6G1yb+k+HYddYA/+j +5q2yE2AC4UtqVPn6n3sBka1S0ONuTOZXiEK/xyq/BdOW49AjjIOKCaXX89SaWG/q +0RHZrkMnhsxf1A09yh1sOIfznO1kmGkrFiyXn7w7Q8ZXcOwAeYcYRQZpAoGBAPPt +waIHhaoHVG1qJbq2bjU8jqSZ0oCmIIw3xqwhc8716lhXKH08uhNokym9r4sVfen5 +1Sdhmqk7L40P37A2wy7WBs6Sguh8tXJc3O00SnwCvoQU0w4YBnAHRx0Hhlw4JiEh +FW202Wiot+6bNH5xvA3Qn5LELGo5RNG9lDvod4/LAoGBAMry3uWJwtX0yar+mDxY +5uVqih2x2B4z6w9cCd3Nz5bwdpMBThEe27UPCbgj4N6GyMoUv9eXCdbNQTWC/fBt +vccbaRCxMeCuiPlrYOkApqinhjzxq9FfChmQ5fobyEfkfYhlq9GcG+DGdk8UxyBD +XQnwducLME4HjSbzpBy5bdqxAoGALKzX8PgVt/1drihpvpeY+bEcovL1RdCnV2cD +wRTjY/1QLVvRM5bCsblOcq+mDgAiro6uRmcu713CqMBGhLyS5OoYFw9oYHIuvUJa +yCrylWHfSMuTmBo4W55JnPx61DsIaLrpdM1RoER+Y3oTlDD6c0FJaJT7WX0hqJRj +KNG7zB8CgYEA3sjJXkYscwRAzxpaG31BiuBV28bjgEO72bi/LIby70nqc3CBEDs2 +O9CVCDNlA1aXJOKLHbEY0jPArim6d/rOUD4ca3YmyCdNmq/dntRq1+rv8b2Redq5 +0xQMbZ1rY39FzOwBQzSKnQ1prXS+2vQ6qEm4/vRbUvCvVxWO97qlFk8= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Root.key new file mode 100644 index 0000000000..c448450523 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6Bcxtg6EEKSbv56unim3b4Gu199FidEpUQ4eOXqWa3/AeN+I +z9uzq41JD/twVYVPk58SoaZVXKmujXlNpjoyA5y/rZXEi0kfArUjoJ/a00XGjPzs +l0ZX3XdWxqJGeNqiWbsi6t5jlFAZkRwQzWfgVxC94N5pZ4BtMahDvEksitZKIw+m +ePR0x083UjqvnAOys2wmq2JhEm0iFWba7Na4H5sUuQScm161y4tilWdqoVdEAnei +gT7HIFKiFi66wimhVO0zZ/IqJqO22giNY2zKT8aEiLlgCM9Qjlo+ddfs12PB/hg/ +TvsI3jlF0oE0jolaSM5Jv8qEyyaswvcfaz8NSQIDAQABAoIBAAe7/iQbB7umQKp6 +F0eeDEbjA3ieMCsPlVjmJ4uy0iBy+W8Nw/lpUOt+odiugGfZMXWx72UDrgSQgwij +6jqH5fLI3npia1JY9XeZob5QlXJE+QDpzNidt3/h4jpsXfzZDGABJIC/OIJQyQlU +7hpqQ8ei/zDnOIwCc6EcAmXb6mgV+9MA9xXX8PIbp5o9t0w1VO3w/WNl6aNxsKOa +0eJWqGD59zfxSL+9nxNCaOyvEe6yvjEFOMSUqs4vn5CSNvHFP/j84lUuUmdufNoW +LwJdkbrkoE/sdm89KvcPpj1vjx0pnSfAL00mClt5BM3DoW7+WAp6Ovm+0hKz2W57 +AUQraCECgYEA93FCVO+BEK5PIlVcIyZsnSIUGPNn5TfyY4Fu0ehSroenT4+o9x5F +TyJ85lylxVgNDWvhBeGbETnEEtNfBIC29rTS7I0cyHYxmU6sPGpEgB+tB7wXGYpf +O4dh8lBaH3hUo4i5o+xRKaueyJ81MtMvUXcm9O9dsmjRFOE9MJNOaosCgYEA8B4E +Zk586QPUvvaemky5pZgm5sHoE5tC8JhAiOHBm+wSsT7d6OKQoaJRguRciHpxBlKr ++E9Los/ERhhnrkllVX+mjAE0JA/9Vb2kZJno+11Nn+ZUouUqbo2ySLy5SJkc6ckj +pCM1psGuJiJd6uszs2OsUYjyeC8Ato2/lsszpfsCgYBugyES+hz0rEUfmmwaLtEX +pN7A/gUK9N/G3Un3agFzfZaWDB10sQpXe5m48OwApYC+282WaNpu6RPPLKQlSK9u +o/gIOkX+qfsg82gtW3DYoE0RRUoz1/8MgTyXkpeNsppqp2fx9FuTdtjl1WVXG8bo +ZYT6o+V/Bx1KbAZ+KWw+XQKBgBMMXo77JP+bNTJdACH/ei6/zj46Hb4IcBwECAKT +3jcPWEBFW3dRGeYoqUy37vtIs1SsFEZji/2De++PmhICco6AzOaIZemCdzdpDvSI +HSprsW/A5u/xPBd/GCibCBvRQbDuKuynemcbMESIL2kmdXiCrLXfJlUQbX8N6af9 +wMAnAoGBAM16yiiEMFXwOtXTKOIYXdWDduOUAFtzUJxhXBLYbQRCxp64JKIo7n1c +5KTpBiSZ4P4yIzy28cpqmLjQ+J5RUlMCq09qqBND7+eqeWQ/o0oBfVE+CNYsun9j +AsDPqp1k4rAtSx16d54sa19cA2cSeqE9v6zLgnOVCVHjwgY3uRw7 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Target.key new file mode 100644 index 0000000000..ea8d5811ca --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2SwnWp7 +hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLLR9dL +AAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWbLZmD +PAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGTrvoL +GEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8WvtPg +XOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABAoIBAHZQBUQLhQ47oRSI +2O6Sd5+cqSfsKonI4npa6KhYSuATUv4wLkd5yjfdjvzhoQfGSW9aN0K0aJ9TS21J ++4L0uRcqpRSaTq3x76wrK4W8FBMlL3duRijjoX4FxFuJRe7+go7FG9IlaOvzJ8qW +TlwekE0DSA3+m47wTulpuyDrV5ltMMzWDY+M8IPv/WK/mN4G3ONKPWiWA+Qlv2Rm +pmCMmSuI2ZgA/UW0VNvjAwrs5wuSCMkf+gaY1UbKJ4Au06DDCtCoSYC5nZqw/Zkk +LUiTUrVAB4TpwfSc8VoDkV+SJ54Gw776bd99Poyi0qoxjlPd+frHgerIVMN3rFfn +RHYRxeECgYEA6eVjjqeOD0bQ3nRKUWKZneqpPePtxxEAAMhRBPflPB3mR/Qq4SCb +ZeiWFxJ1mWEHTvUsaM5jlF/jZvF+H0PfQiHTB3hyEdbOVIDSIiyy5qD+8ubaslph +FB2Syq7lIeGTiN0bB7Ogz1+tfecbzz0vV/Ce43r6PHQYv0qwID7CQc0CgYEA1fv5 +KTCMG35Hzm3qvCLNlcmRYJJvJUOPMEhwlZKurrl4jiBGYHmDOK7qWpUJc4ewrkFg +WHrg5KUHDDUL1XoJrlDPMNOVP4kjX2f5Qs6kej/W53isDmdUxD9BMVPhHME4kmop +9LbyfMW1sGg416S9RJe68xUCo75Lb9Z7wGyMGF8CgYEAw5y+6J2lJ42YPZOQXARU +aUfKByLKx8Ol9wGRENCp/N8cqmzAN8vnaxFcBSvBAmetjxFo9LY3fe2752psioVf +AJX9QbAv5k95/B5In6A2dr+KuWbs3GDN897P14bxxqY7lykj5AsMoKJqHHPeRDHt +mGR63dEJ2ulVkRZLuowCNrkCgYApOZwtFU9I1LFc0cxRZpsY6nZ5lnyXP0bM1Ifs +KRBCVTUmnI0ydPaU6w33WZMykMe3Kp03LqU5J5oN/gJDpHlM/gCMtZahYPhRnyRk +fI8vhjEO8y6ir8Gi9VTH/hL2iTsu6gkfPkfFRgnU7J9W3EQifODlh/y0MysxZq78 +yWzMHQKBgQCUZAspO30NRKD0+wXDPHpD4S9YMjzdIhwExbp0zAtk/+6vKB+eusn8 +EWmnQoadShchg5jaLAy5cH13ssLav1yegm41QidLCZrWXeYUi77Lys5y6/JtAAy4 +gtXNgvRGYV5SHR/2yd5DyZDfN4rQfX+CMO7TxFBY5+Mcu6OfBuYBmA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/3F1D2B1D127E34B62B61B278F274669ADC66ADCC.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/3F1D2B1D127E34B62B61B278F274669ADC66ADCC.pem new file mode 100644 index 0000000000..5f2dfd782e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/3F1D2B1D127E34B62B61B278F274669ADC66ADCC.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:1d:2b:1d:12:7e:34:b6:2b:61:b2:78:f2:74:66:9a:dc:66:ad:cc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, OCSP Signing, Time Stamping + Signature Algorithm: sha256WithRSAEncryption + 4a:f1:10:7d:eb:77:f7:e9:8a:1a:e4:1a:2d:84:9c:1d:91:67: + f8:c2:d9:a7:f4:e9:97:5e:74:fe:d8:a3:8f:21:3d:51:bc:af: + eb:2a:e5:dd:76:61:de:31:4c:1b:ca:91:1c:79:5e:2c:5d:7b: + 41:b8:04:47:e0:92:ac:cd:39:c2:86:b3:e0:24:5b:62:c7:ef: + 79:8d:f5:09:60:29:74:16:80:94:ed:8c:93:15:32:ee:66:bb: + 31:db:6a:eb:00:b4:60:6e:ed:61:f6:1e:f9:e7:fd:de:2f:a2: + 4f:f1:3d:50:7e:86:04:8b:e0:a9:94:ee:83:fc:23:16:a5:3c: + 07:87:1b:b8:71:f2:22:2e:5b:cf:8d:86:be:ae:45:5d:81:8a: + 33:6e:36:32:8a:28:04:cb:39:f2:78:b0:e4:cf:21:fd:72:06: + 76:c1:83:06:6e:36:0c:69:5a:4c:90:42:60:64:56:db:b6:c8: + 29:56:d8:48:77:6b:2b:5b:2a:33:37:fd:6a:78:ae:a2:0a:29: + 8c:2b:5e:10:d7:04:ef:b7:19:6f:e5:82:1e:03:d1:8e:73:b0: + 1b:dd:4c:8a:ce:40:de:a5:02:29:8a:e3:ff:5a:bb:a9:8c:34: + 87:b0:6b:44:6b:ee:c3:dc:d0:51:d3:af:e8:ee:37:4f:b7:c1: + 0f:7e:5a:2c +-----BEGIN CERTIFICATE----- +MIIDwDCCAqigAwIBAgIUPx0rHRJ+NLYrYbJ48nRmmtxmrcwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABo4IBCDCCAQQwHQYD +VR0OBBYEFFoWnAaFtvR3rXJYok+h/inPl4orMB8GA1UdIwQYMBaAFCS5kUE58TBe ++MU7wFHMEVimE3OzMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDov +L3VybC1mb3ItYWlhL0ludGVybWVkaWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQD +AgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsG +AQUFBwMJBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEASvEQfet39+mKGuQa +LYScHZFn+MLZp/Tpl150/tijjyE9Ubyv6yrl3XZh3jFMG8qRHHleLF17QbgER+CS +rM05woaz4CRbYsfveY31CWApdBaAlO2MkxUy7ma7Mdtq6wC0YG7tYfYe+ef93i+i +T/E9UH6GBIvgqZTug/wjFqU8B4cbuHHyIi5bz42Gvq5FXYGKM242MoooBMs58niw +5M8h/XIGdsGDBm42DGlaTJBCYGRW27bIKVbYSHdrK1sqMzf9aniuogopjCteENcE +77cZb+WCHgPRjnOwG91Mis5A3qUCKYrj/1q7qYw0h7BrRGvuw9zQUdOv6O43T7fB +D35aLA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B18.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B18.pem new file mode 100644 index 0000000000..a25531b9c1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B18.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:18 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2e:3a:98:e7:b2:5c:e7:8d:50:e4:04:4d:82:34:86:f0:13:6b: + 02:e6:cd:c9:ae:cc:6c:0b:79:da:1f:9a:5e:9d:59:12:f2:c8: + aa:56:32:28:2a:ea:64:68:15:a1:9f:27:e6:26:b7:66:15:9c: + 65:3c:37:af:f9:27:78:63:42:cc:bb:d4:ea:49:e2:7d:31:6b: + 94:7e:d0:41:24:bc:f9:e1:b3:34:a7:60:35:d7:4a:05:ef:53: + 5f:9f:a7:9a:e8:25:40:35:94:3e:c0:2e:3a:3a:5e:00:f9:ec: + 45:16:e3:11:2c:29:8e:86:70:ae:8f:0e:f6:7a:3d:c3:01:ef: + b2:35:e7:00:3d:1a:4a:0c:8e:a8:fe:bb:11:b9:05:71:60:d4: + a6:94:4c:ee:1b:a1:88:68:13:87:e0:1d:25:ba:e3:71:fd:7a: + ee:3e:c1:8c:4e:a5:c9:c2:26:a4:c6:dc:de:73:7c:14:e9:a1: + 2d:a6:0a:82:09:8a:1a:bb:08:54:01:50:3b:fa:e9:1e:ca:96: + fd:93:6f:a6:9e:4c:02:18:0f:71:86:0b:14:92:a8:43:09:39: + 19:96:d1:5f:96:12:08:18:bd:46:53:28:df:19:37:1d:17:48: + 97:4d:57:4d:90:7b:d2:1e:be:32:cd:e6:4c:98:bd:15:c8:26: + cc:7f:8a:ff +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDoFzG2DoQQpJu/nq6eKbdvga7X30WJ0SlRDh45epZrf8B434jP27OrjUkP ++3BVhU+TnxKhplVcqa6NeU2mOjIDnL+tlcSLSR8CtSOgn9rTRcaM/OyXRlfdd1bG +okZ42qJZuyLq3mOUUBmRHBDNZ+BXEL3g3mlngG0xqEO8SSyK1kojD6Z49HTHTzdS +Oq+cA7KzbCarYmESbSIVZtrs1rgfmxS5BJybXrXLi2KVZ2qhV0QCd6KBPscgUqIW +LrrCKaFU7TNn8iomo7baCI1jbMpPxoSIuWAIz1COWj511+zXY8H+GD9O+wjeOUXS +gTSOiVpIzkm/yoTLJqzC9x9rPw1JAgMBAAGjgcswgcgwHQYDVR0OBBYEFM1vTP6q +ejpjXRJ5bfRMsCqKf/tsMB8GA1UdIwQYMBaAFM1vTP6qejpjXRJ5bfRMsCqKf/ts +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEALjqY57Jc541Q5ARNgjSG8BNrAubNya7MbAt52h+aXp1ZEvLI +qlYyKCrqZGgVoZ8n5ia3ZhWcZTw3r/kneGNCzLvU6knifTFrlH7QQSS8+eGzNKdg +NddKBe9TX5+nmuglQDWUPsAuOjpeAPnsRRbjESwpjoZwro8O9no9wwHvsjXnAD0a +SgyOqP67EbkFcWDUppRM7huhiGgTh+AdJbrjcf167j7BjE6lycImpMbc3nN8FOmh +LaYKggmKGrsIVAFQO/rpHsqW/ZNvpp5MAhgPcYYLFJKoQwk5GZbRX5YSCBi9RlMo +3xk3HRdIl01XTZB70h6+Ms3mTJi9FcgmzH+K/w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B19.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B19.pem new file mode 100644 index 0000000000..a9f492408b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/71F49EE7B5F73630C9845EA5B8398B58F3237B19.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b5:72:33:3e:f7:8f:e4:b8:bb:1c:6d:25:34:ec:3f:2b:03:19: + c8:50:bd:f0:17:e8:5a:eb:43:6d:57:b0:e5:5e:90:18:c9:5d: + 96:e4:27:d3:09:35:ba:22:c7:5f:c3:b2:b0:2f:be:dc:50:57: + b3:1a:7b:60:fa:ba:99:85:d9:8b:cb:08:67:c5:4b:28:a7:f2: + 21:91:44:ac:aa:c2:d0:4e:15:59:1f:c0:91:06:fa:f8:09:b5: + 39:3f:6d:be:80:7b:10:72:fd:2c:fe:27:69:3a:36:63:e3:14: + 30:11:a0:77:83:f3:14:d2:fa:76:0c:c3:88:1a:3c:fa:f0:50: + ba:d4:69:4b:80:93:6d:01:38:2e:3e:81:e4:e5:f7:02:1c:bf: + ad:e7:be:6e:dd:a3:1d:3c:7c:df:58:7b:ea:06:56:2c:8e:e1: + 00:14:79:c3:a9:aa:b5:25:8d:fb:62:e2:18:75:27:d3:f4:09: + 3b:fa:49:f7:9e:fd:28:22:57:e4:fe:f4:b6:3e:17:91:46:2c: + 6d:b0:5a:36:b4:f1:47:fb:dd:28:2a:b4:c3:43:7e:dd:05:a5: + 35:05:60:8c:fc:1e:76:8d:28:a7:42:f0:6b:b3:4b:5c:77:ae: + ec:be:c3:9e:a6:50:be:5b:46:f4:b3:2d:e4:a5:f5:a1:4e:94: + 0a:09:e4:2e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAO07u/KLIIHeQkHGJGMcS+VjsJMH/SJkUH3vj+1lqrr02a0M +aN1QsOoKXhie30iI7B/6a0o+2+okbrGjuwsS3h1J0zJ4JPnoT6qFkCGiLI9YlYxw +gI3NmWgDZw9I65YXY5Mrj3J3I1+XT4a9F9JwW1wY+AHWEdjA3DKy9L/d2mX7hiPA +pL3/wqS2h54QmNT0CcsmUB1Wg3IJxsG3zFKcYQkEu6oqY2alsQJghbwwkWK7b7Ak +M+i1mhMfOnOV1fu8qUjdFKKkYuGXGVexGtrBeZP9dMvh/wxJwnhXju/c32CWjuai +l2C5U2sXjq75Pb4x3UYYva+2pgL6SC/YxvAfvEMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwHwYDVR0jBBgwFoAUzW9M/qp6OmNdEnlt +9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQC1cjM+94/kuLscbSU07D8rAxnIUL3wF+ha60Nt +V7DlXpAYyV2W5CfTCTW6Isdfw7KwL77cUFezGntg+rqZhdmLywhnxUsop/IhkUSs +qsLQThVZH8CRBvr4CbU5P22+gHsQcv0s/idpOjZj4xQwEaB3g/MU0vp2DMOIGjz6 +8FC61GlLgJNtATguPoHk5fcCHL+t575u3aMdPHzfWHvqBlYsjuEAFHnDqaq1JY37 +YuIYdSfT9Ak7+kn3nv0oIlfk/vS2PheRRixtsFo2tPFH+90oKrTDQ37dBaU1BWCM +/B52jSinQvBrs0tcd67svsOeplC+W0b0sy3kpfWhTpQKCeQu +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.cnf b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.cnf new file mode 100644 index 0000000000..2aa48b2d2c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.cnf @@ -0,0 +1,64 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Intermediate" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Intermediate.pem +new_certs_dir = out +serial = out/Intermediate.serial +database = out/Intermediate.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Intermediate.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Intermediate.cer + +[crl_info] +URI.0 = http://url-for-crl/Intermediate.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.csr b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.csr new file mode 100644 index 0000000000..d4a90f4ad5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrTCCAZUCAQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Tu78osggd5CQcYkYxxL5WOwkwf9ImRQfe+P +7WWquvTZrQxo3VCw6gpeGJ7fSIjsH/prSj7b6iRusaO7CxLeHUnTMngk+ehPqoWQ +IaIsj1iVjHCAjc2ZaANnD0jrlhdjkyuPcncjX5dPhr0X0nBbXBj4AdYR2MDcMrL0 +v93aZfuGI8Ckvf/CpLaHnhCY1PQJyyZQHVaDcgnGwbfMUpxhCQS7qipjZqWxAmCF +vDCRYrtvsCQz6LWaEx86c5XV+7ypSN0UoqRi4ZcZV7Ea2sF5k/10y+H/DEnCeFeO +79zfYJaO5qKXYLlTaxeOrvk9vjHdRhi9r7amAvpIL9jG8B+8QwIDAQABoFEwTwYJ +KoZIhvcNAQkOMUIwQDAdBgNVHQ4EFgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AL8MfpH7/bX1WSuoRgJnZJpMKD9uw4if0Xn6Tsq+woqWANJE1UDolrweFGweTWHP +dNeIhQBpbssUIYnDIH5WsaSkBVFgDc3fld2orEwuMF5k1TNLtgtC9nLB+F7PQd+5 +ni7M78BW+F5ZwNO6lP2MfJjpmrbMhIszIUeJLEBl3CHjGfgDwBK34nfCCFCaMTpT +qQ/tkFkmo1jRcJIVjlBX6KXNQ/g/hFRsvbMEVWtRtgAtK7hX2rT96jtDxD07f6+R +PG8GCt2Y1MS1zoVGSzH1jOv5XK4KeElZFZI4XJOwXIxBg/4mBEle25Wnj5QdeK4R +fiA75GDwI+efWsNpenjnuNU= +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db new file mode 100644 index 0000000000..ccdda2b43b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db @@ -0,0 +1 @@ +V 221005120000Z 3F1D2B1D127E34B62B61B278F274669ADC66ADCC unknown /CN=Target diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.attr b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.attr new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.old b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.db.old new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.pem new file mode 100644 index 0000000000..a9f492408b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b5:72:33:3e:f7:8f:e4:b8:bb:1c:6d:25:34:ec:3f:2b:03:19: + c8:50:bd:f0:17:e8:5a:eb:43:6d:57:b0:e5:5e:90:18:c9:5d: + 96:e4:27:d3:09:35:ba:22:c7:5f:c3:b2:b0:2f:be:dc:50:57: + b3:1a:7b:60:fa:ba:99:85:d9:8b:cb:08:67:c5:4b:28:a7:f2: + 21:91:44:ac:aa:c2:d0:4e:15:59:1f:c0:91:06:fa:f8:09:b5: + 39:3f:6d:be:80:7b:10:72:fd:2c:fe:27:69:3a:36:63:e3:14: + 30:11:a0:77:83:f3:14:d2:fa:76:0c:c3:88:1a:3c:fa:f0:50: + ba:d4:69:4b:80:93:6d:01:38:2e:3e:81:e4:e5:f7:02:1c:bf: + ad:e7:be:6e:dd:a3:1d:3c:7c:df:58:7b:ea:06:56:2c:8e:e1: + 00:14:79:c3:a9:aa:b5:25:8d:fb:62:e2:18:75:27:d3:f4:09: + 3b:fa:49:f7:9e:fd:28:22:57:e4:fe:f4:b6:3e:17:91:46:2c: + 6d:b0:5a:36:b4:f1:47:fb:dd:28:2a:b4:c3:43:7e:dd:05:a5: + 35:05:60:8c:fc:1e:76:8d:28:a7:42:f0:6b:b3:4b:5c:77:ae: + ec:be:c3:9e:a6:50:be:5b:46:f4:b3:2d:e4:a5:f5:a1:4e:94: + 0a:09:e4:2e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAO07u/KLIIHeQkHGJGMcS+VjsJMH/SJkUH3vj+1lqrr02a0M +aN1QsOoKXhie30iI7B/6a0o+2+okbrGjuwsS3h1J0zJ4JPnoT6qFkCGiLI9YlYxw +gI3NmWgDZw9I65YXY5Mrj3J3I1+XT4a9F9JwW1wY+AHWEdjA3DKy9L/d2mX7hiPA +pL3/wqS2h54QmNT0CcsmUB1Wg3IJxsG3zFKcYQkEu6oqY2alsQJghbwwkWK7b7Ak +M+i1mhMfOnOV1fu8qUjdFKKkYuGXGVexGtrBeZP9dMvh/wxJwnhXju/c32CWjuai +l2C5U2sXjq75Pb4x3UYYva+2pgL6SC/YxvAfvEMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUJLmRQTnxMF74xTvAUcwRWKYTc7MwHwYDVR0jBBgwFoAUzW9M/qp6OmNdEnlt +9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQC1cjM+94/kuLscbSU07D8rAxnIUL3wF+ha60Nt +V7DlXpAYyV2W5CfTCTW6Isdfw7KwL77cUFezGntg+rqZhdmLywhnxUsop/IhkUSs +qsLQThVZH8CRBvr4CbU5P22+gHsQcv0s/idpOjZj4xQwEaB3g/MU0vp2DMOIGjz6 +8FC61GlLgJNtATguPoHk5fcCHL+t575u3aMdPHzfWHvqBlYsjuEAFHnDqaq1JY37 +YuIYdSfT9Ak7+kn3nv0oIlfk/vS2PheRRixtsFo2tPFH+90oKrTDQ37dBaU1BWCM +/B52jSinQvBrs0tcd67svsOeplC+W0b0sy3kpfWhTpQKCeQu +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial new file mode 100644 index 0000000000..cf31e8d3b9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial @@ -0,0 +1 @@ +3F1D2B1D127E34B62B61B278F274669ADC66ADCD diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial.old b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial.old new file mode 100644 index 0000000000..9e8d818323 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Intermediate.serial.old @@ -0,0 +1 @@ +3f1d2b1d127e34b62b61b278f274669adc66adcc diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.db b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.serial b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.serial new file mode 100644 index 0000000000..ecf3f52873 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Issuer.serial @@ -0,0 +1 @@ +7dce8fe3e857ca744822009ee1c071adf6aff6bd diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.cnf b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.cnf new file mode 100644 index 0000000000..5525d6b9df --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.cnf @@ -0,0 +1,64 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Root" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Root.pem +new_certs_dir = out +serial = out/Root.serial +database = out/Root.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Root.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Root.cer + +[crl_info] +URI.0 = http://url-for-crl/Root.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.csr b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.csr new file mode 100644 index 0000000000..af13689df0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwDzENMAsGA1UEAwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOgXMbYOhBCkm7+erp4pt2+BrtffRYnRKVEOHjl6lmt/wHjf +iM/bs6uNSQ/7cFWFT5OfEqGmVVypro15TaY6MgOcv62VxItJHwK1I6Cf2tNFxoz8 +7JdGV913VsaiRnjaolm7IureY5RQGZEcEM1n4FcQveDeaWeAbTGoQ7xJLIrWSiMP +pnj0dMdPN1I6r5wDsrNsJqtiYRJtIhVm2uzWuB+bFLkEnJtetcuLYpVnaqFXRAJ3 +ooE+xyBSohYuusIpoVTtM2fyKiajttoIjWNsyk/GhIi5YAjPUI5aPnXX7Ndjwf4Y +P077CN45RdKBNI6JWkjOSb/KhMsmrML3H2s/DUkCAwEAAaBRME8GCSqGSIb3DQEJ +DjFCMEAwHQYDVR0OBBYEFM1vTP6qejpjXRJ5bfRMsCqKf/tsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAOI+wtRA5k +H6nQ7FASXZ4BkI2ZQb/ZcDD9OO8cKqMFslyksK8FvmdfNZKVvs+96NZYan+fe3nv +Mhd226KdtQDdsnsbLmJMptJwCAquOm8DC9Hq/adYP8KDmbf+bEDMgS+CkHYUDEfK +xL1gryBVli26eQnu3hIFTX222/ydKhe1Pa/IfIJlghHzWHbYmKh7LsyMhVWUShep +XShqCFztctvpbQLco+ZDVzJN+bO/OuZKsiEzXjZ0uC8Ri0pVWNF7pZJfV8aTS73D +PSnTJIE//y2EVoNKjaBxJb5al19Xsd+B35NmaJ8GnmnPbf1PJU5bv/B1UtJKXCt7 +0EybEMHhaz3H +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db new file mode 100644 index 0000000000..e22c1037eb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db @@ -0,0 +1,2 @@ +V 221005120000Z 71F49EE7B5F73630C9845EA5B8398B58F3237B18 unknown /CN=Root +V 221005120000Z 71F49EE7B5F73630C9845EA5B8398B58F3237B19 unknown /CN=Intermediate diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr.old b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr.old new file mode 100644 index 0000000000..3a7e39e6ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.old b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.old new file mode 100644 index 0000000000..01aa816ea6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.db.old @@ -0,0 +1 @@ +V 221005120000Z 71F49EE7B5F73630C9845EA5B8398B58F3237B18 unknown /CN=Root diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.pem new file mode 100644 index 0000000000..a25531b9c1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f4:9e:e7:b5:f7:36:30:c9:84:5e:a5:b8:39:8b:58:f3:23:7b:18 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 2e:3a:98:e7:b2:5c:e7:8d:50:e4:04:4d:82:34:86:f0:13:6b: + 02:e6:cd:c9:ae:cc:6c:0b:79:da:1f:9a:5e:9d:59:12:f2:c8: + aa:56:32:28:2a:ea:64:68:15:a1:9f:27:e6:26:b7:66:15:9c: + 65:3c:37:af:f9:27:78:63:42:cc:bb:d4:ea:49:e2:7d:31:6b: + 94:7e:d0:41:24:bc:f9:e1:b3:34:a7:60:35:d7:4a:05:ef:53: + 5f:9f:a7:9a:e8:25:40:35:94:3e:c0:2e:3a:3a:5e:00:f9:ec: + 45:16:e3:11:2c:29:8e:86:70:ae:8f:0e:f6:7a:3d:c3:01:ef: + b2:35:e7:00:3d:1a:4a:0c:8e:a8:fe:bb:11:b9:05:71:60:d4: + a6:94:4c:ee:1b:a1:88:68:13:87:e0:1d:25:ba:e3:71:fd:7a: + ee:3e:c1:8c:4e:a5:c9:c2:26:a4:c6:dc:de:73:7c:14:e9:a1: + 2d:a6:0a:82:09:8a:1a:bb:08:54:01:50:3b:fa:e9:1e:ca:96: + fd:93:6f:a6:9e:4c:02:18:0f:71:86:0b:14:92:a8:43:09:39: + 19:96:d1:5f:96:12:08:18:bd:46:53:28:df:19:37:1d:17:48: + 97:4d:57:4d:90:7b:d2:1e:be:32:cd:e6:4c:98:bd:15:c8:26: + cc:7f:8a:ff +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcfSe57X3NjDJhF6luDmLWPMjexgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDoFzG2DoQQpJu/nq6eKbdvga7X30WJ0SlRDh45epZrf8B434jP27OrjUkP ++3BVhU+TnxKhplVcqa6NeU2mOjIDnL+tlcSLSR8CtSOgn9rTRcaM/OyXRlfdd1bG +okZ42qJZuyLq3mOUUBmRHBDNZ+BXEL3g3mlngG0xqEO8SSyK1kojD6Z49HTHTzdS +Oq+cA7KzbCarYmESbSIVZtrs1rgfmxS5BJybXrXLi2KVZ2qhV0QCd6KBPscgUqIW +LrrCKaFU7TNn8iomo7baCI1jbMpPxoSIuWAIz1COWj511+zXY8H+GD9O+wjeOUXS +gTSOiVpIzkm/yoTLJqzC9x9rPw1JAgMBAAGjgcswgcgwHQYDVR0OBBYEFM1vTP6q +ejpjXRJ5bfRMsCqKf/tsMB8GA1UdIwQYMBaAFM1vTP6qejpjXRJ5bfRMsCqKf/ts +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEALjqY57Jc541Q5ARNgjSG8BNrAubNya7MbAt52h+aXp1ZEvLI +qlYyKCrqZGgVoZ8n5ia3ZhWcZTw3r/kneGNCzLvU6knifTFrlH7QQSS8+eGzNKdg +NddKBe9TX5+nmuglQDWUPsAuOjpeAPnsRRbjESwpjoZwro8O9no9wwHvsjXnAD0a +SgyOqP67EbkFcWDUppRM7huhiGgTh+AdJbrjcf167j7BjE6lycImpMbc3nN8FOmh +LaYKggmKGrsIVAFQO/rpHsqW/ZNvpp5MAhgPcYYLFJKoQwk5GZbRX5YSCBi9RlMo +3xk3HRdIl01XTZB70h6+Ms3mTJi9FcgmzH+K/w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial new file mode 100644 index 0000000000..ec3595e6a2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial @@ -0,0 +1 @@ +71F49EE7B5F73630C9845EA5B8398B58F3237B1A diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial.old b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial.old new file mode 100644 index 0000000000..662e34920d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Root.serial.old @@ -0,0 +1 @@ +71F49EE7B5F73630C9845EA5B8398B58F3237B19 diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.cnf b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.cnf new file mode 100644 index 0000000000..7c297e44dc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.cnf @@ -0,0 +1,64 @@ +[req] +encrypt_key = no +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[req_dn] +commonName = "Target" + +[req_ext] +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = clientAuth,serverAuth,codeSigning,OCSPSigning,timeStamping + +[ca] +default_ca = root_ca + +[root_ca] +certificate = out/Target.pem +new_certs_dir = out +serial = out/Target.serial +database = out/Target.db +unique_subject = no +default_days = 365 +default_md = sha256 +policy = policy_anything +email_in_dn = no +preserve = yes +name_opt = multiline,-esc_msb,utf8 +cert_opt = ca_default +copy_extensions = copy +x509_extensions = signing_ca_ext +default_crl_days = 30 +crl_extensions = crl_ext +private_key = keys/Target.key + +[policy_anything] +domainComponent = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[signing_ca_ext] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info + +[issuer_info] +caIssuers;URI.0 = http://url-for-aia/Target.cer + +[crl_info] +URI.0 = http://url-for-crl/Target.crl + +[crl_ext] +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.csr b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.csr new file mode 100644 index 0000000000..ef8b5538ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC0zCCAbsCAQAwETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABoH0wewYJKoZIhvcN +AQkOMW4wbDAdBgNVHQ4EFgQUWhacBoW29HetcliiT6H+Kc+XiiswDgYDVR0PAQH/ +BAQDAgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMG +CCsGAQUFBwMJBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAfJHTJvha20G6 +3Kp/n9avFm1r67ZlVJ0v7v/LPrLa28NEZ9FN8hzP4llXEz5GhLo3q44ndcJl4VxJ +uEEnddSdNA9ZvGvGV80ESe/UgziP+BnhZBg6G7L0M3eiFyTjI5riyGnQ/vRJM52q +YGg1BQSypyeyKhlKJLCURSZabqb+Jni7aBMcRcoscGYCrQRgp3w5/D8PiWcEhV3f +HQZCUw6SYEXuW8hVALEanS4Y5axjmccMuG5Ys0lBj3tTbCBCec9ja7DWP6rC4c40 +dFld44KnR1kkuJv+gp6/gPM5Qhicp8eHsrBeVTKvf6daYdIUBZfzFamWc34nJtgU +kBj+xR4iWw== +-----END CERTIFICATE REQUEST----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.db b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.pem new file mode 100644 index 0000000000..5f2dfd782e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:1d:2b:1d:12:7e:34:b6:2b:61:b2:78:f2:74:66:9a:dc:66:ad:cc + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, OCSP Signing, Time Stamping + Signature Algorithm: sha256WithRSAEncryption + 4a:f1:10:7d:eb:77:f7:e9:8a:1a:e4:1a:2d:84:9c:1d:91:67: + f8:c2:d9:a7:f4:e9:97:5e:74:fe:d8:a3:8f:21:3d:51:bc:af: + eb:2a:e5:dd:76:61:de:31:4c:1b:ca:91:1c:79:5e:2c:5d:7b: + 41:b8:04:47:e0:92:ac:cd:39:c2:86:b3:e0:24:5b:62:c7:ef: + 79:8d:f5:09:60:29:74:16:80:94:ed:8c:93:15:32:ee:66:bb: + 31:db:6a:eb:00:b4:60:6e:ed:61:f6:1e:f9:e7:fd:de:2f:a2: + 4f:f1:3d:50:7e:86:04:8b:e0:a9:94:ee:83:fc:23:16:a5:3c: + 07:87:1b:b8:71:f2:22:2e:5b:cf:8d:86:be:ae:45:5d:81:8a: + 33:6e:36:32:8a:28:04:cb:39:f2:78:b0:e4:cf:21:fd:72:06: + 76:c1:83:06:6e:36:0c:69:5a:4c:90:42:60:64:56:db:b6:c8: + 29:56:d8:48:77:6b:2b:5b:2a:33:37:fd:6a:78:ae:a2:0a:29: + 8c:2b:5e:10:d7:04:ef:b7:19:6f:e5:82:1e:03:d1:8e:73:b0: + 1b:dd:4c:8a:ce:40:de:a5:02:29:8a:e3:ff:5a:bb:a9:8c:34: + 87:b0:6b:44:6b:ee:c3:dc:d0:51:d3:af:e8:ee:37:4f:b7:c1: + 0f:7e:5a:2c +-----BEGIN CERTIFICATE----- +MIIDwDCCAqigAwIBAgIUPx0rHRJ+NLYrYbJ48nRmmtxmrcwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2Sw +nWp7hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLL +R9dLAAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWb +LZmDPAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGT +rvoLGEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8W +vtPgXOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABo4IBCDCCAQQwHQYD +VR0OBBYEFFoWnAaFtvR3rXJYok+h/inPl4orMB8GA1UdIwQYMBaAFCS5kUE58TBe ++MU7wFHMEVimE3OzMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDov +L3VybC1mb3ItYWlhL0ludGVybWVkaWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQD +AgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsG +AQUFBwMJBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEASvEQfet39+mKGuQa +LYScHZFn+MLZp/Tpl150/tijjyE9Ubyv6yrl3XZh3jFMG8qRHHleLF17QbgER+CS +rM05woaz4CRbYsfveY31CWApdBaAlO2MkxUy7ma7Mdtq6wC0YG7tYfYe+ef93i+i +T/E9UH6GBIvgqZTug/wjFqU8B4cbuHHyIi5bz42Gvq5FXYGKM242MoooBMs58niw +5M8h/XIGdsGDBm42DGlaTJBCYGRW27bIKVbYSHdrK1sqMzf9aniuogopjCteENcE +77cZb+WCHgPRjnOwG91Mis5A3qUCKYrj/1q7qYw0h7BrRGvuw9zQUdOv6O43T7fB +D35aLA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.serial b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.serial new file mode 100644 index 0000000000..3819d47b2c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/out/Target.serial @@ -0,0 +1 @@ +1407b97c84b89757ac724c89d88d25efdc52a432 diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth-strict.test new file mode 100644 index 0000000000..9b9c3c487b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth-strict.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage includes code signing which is not permitted for this use +ERROR: The extended key usage includes OCSP signing which is not permitted for this use +ERROR: The extended key usage includes time stamping which is not permitted for this use + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth.test new file mode 100644 index 0000000000..e7b53f2b73 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-many/serverauth.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: The extended key usage includes code signing which is not permitted for this use +WARNING: The extended key usage includes OCSP signing which is not permitted for this use +WARNING: The extended key usage includes time stamping which is not permitted for this use + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/any.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/any.test new file mode 100644 index 0000000000..4d092a967d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/any.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: ANY_EKU +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/chain.pem new file mode 100644 index 0000000000..b04afb368c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/chain.pem @@ -0,0 +1,272 @@ +[Created by: generate-chains.py] + +Certificate chain where the leaf certificate lacks an extended key usage +extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7f:73:f7:58:6c:9c:cb:aa:d7:aa:99:67:42:a3:18:c8:ae:3e:20:ea + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c0:9e:a5:77:70:28:bc:8f:18:ce:a2:39:65:81: + 18:d9:31:0a:ee:23:09:81:cd:82:36:98:a5:82:2e: + b1:fc:59:a8:46:49:06:16:60:eb:12:46:2c:85:a8: + c0:75:7b:2d:45:0f:09:ba:d6:a9:fd:88:0f:d6:97: + 78:1e:5d:51:cc:1a:94:1e:2e:b8:82:4e:e3:0c:aa: + 58:1b:c6:dd:fd:d2:a3:92:6c:0a:ae:5e:ca:56:87: + 9a:6c:bd:89:32:99:5b:da:33:dd:7a:ed:a7:c5:e1: + 02:de:25:5b:17:6a:f5:15:8a:31:71:c7:c0:24:7c: + 55:c4:8e:cf:4c:03:fd:7f:f4:e1:90:cc:1a:5e:b5: + f1:4b:2e:7a:2f:69:06:2a:86:76:33:88:ef:b2:e0: + 84:52:98:03:eb:98:7b:16:25:65:6a:a6:5a:fa:37: + b5:a1:70:74:5e:96:87:62:78:a4:d4:05:60:97:3a: + f9:4c:86:49:0d:54:db:79:8d:68:56:58:83:ee:8f: + 1a:da:d7:3a:06:78:6e:75:f0:a9:99:3a:22:a3:06: + ee:58:a2:2b:d1:ea:4a:a7:8a:c8:bd:43:f8:b1:70: + 4f:fb:51:b6:22:78:cf:5c:c6:dc:80:33:3d:f5:92: + 6d:91:c9:1b:7e:87:37:28:76:b4:ff:7f:6d:52:9b: + c7:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:EA:B2:99:05:EC:D6:35:F4:11:A5:DD:F1:99:31:AE:C0:D8:B8:08 + X509v3 Authority Key Identifier: + keyid:7C:05:F1:0D:0B:C4:F8:8E:33:4C:F1:AE:78:6A:2C:16:AD:79:D0:A6 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 6a:9a:5e:84:45:65:db:25:7e:aa:12:b8:d8:53:b8:e1:cb:fa: + 91:31:75:a3:9f:74:15:2f:6e:a3:4d:86:26:43:ac:80:37:77: + 03:a6:e6:4c:6a:5e:3f:16:f5:3a:e1:6c:86:b7:d3:d4:95:08: + 6f:7e:ca:5c:1b:b0:63:1b:bd:15:44:c5:5e:26:9c:f3:38:69: + 7b:ae:23:80:e9:20:62:c3:58:30:1c:3f:fb:a5:06:eb:e9:d7: + ad:d6:52:5d:c8:fb:f8:41:81:c7:6f:f9:e8:3e:73:86:08:eb: + bd:7a:fa:95:39:cc:2f:3a:ed:09:cc:d8:d8:a0:66:99:fc:d2: + e8:33:f8:cd:a2:bd:31:7a:77:3a:6b:e2:bc:38:c4:ad:7e:33: + 23:e0:5f:c1:30:d7:cb:48:96:33:08:f4:c7:28:a5:4a:ee:2e: + 16:fd:dd:35:bf:6e:21:27:28:e5:f3:eb:13:65:f0:99:a4:89: + 2f:db:a9:1f:98:81:dc:a4:78:4f:8a:78:1a:64:d1:35:41:00: + d8:d6:25:cd:1c:5e:bb:50:9c:a3:f3:cc:04:16:9d:b0:8f:94: + e9:db:7a:5a:07:6c:13:4a:b9:0e:7b:00:40:8c:72:a1:d1:ea: + fc:49:c4:1c:c5:45:28:85:8b:33:af:fd:c9:89:ed:2a:6f:d4: + 20:c6:c2:6c +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIUf3P3WGycy6rXqplnQqMYyK4+IOowDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwJ6ld3AovI8YzqI5ZYEY2TEK7iMJgc2CNpilgi6x/Fmo +RkkGFmDrEkYshajAdXstRQ8Jutap/YgP1pd4Hl1RzBqUHi64gk7jDKpYG8bd/dKj +kmwKrl7KVoeabL2JMplb2jPdeu2nxeEC3iVbF2r1FYoxccfAJHxVxI7PTAP9f/Th +kMwaXrXxSy56L2kGKoZ2M4jvsuCEUpgD65h7FiVlaqZa+je1oXB0XpaHYnik1AVg +lzr5TIZJDVTbeY1oVliD7o8a2tc6BnhudfCpmToiowbuWKIr0epKp4rIvUP4sXBP ++1G2InjPXMbcgDM99ZJtkckbfoc3KHa0/39tUpvH5QIDAQABo4HKMIHHMB0GA1Ud +DgQWBBRJ6rKZBezWNfQRpd3xmTGuwNi4CDAfBgNVHSMEGDAWgBR8BfENC8T4jjNM +8a54aiwWrXnQpjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDANBgkqhkiG9w0BAQsFAAOCAQEAappehEVl2yV+qhK42FO44cv6kTF1o590FS9u +o02GJkOsgDd3A6bmTGpePxb1OuFshrfT1JUIb37KXBuwYxu9FUTFXiac8zhpe64j +gOkgYsNYMBw/+6UG6+nXrdZSXcj7+EGBx2/56D5zhgjrvXr6lTnMLzrtCczY2KBm +mfzS6DP4zaK9MXp3OmvivDjErX4zI+BfwTDXy0iWMwj0xyilSu4uFv3dNb9uISco +5fPrE2XwmaSJL9upH5iB3KR4T4p4GmTRNUEA2NYlzRxeu1Cco/PMBBadsI+U6dt6 +WgdsE0q5DnsAQIxyodHq/EnEHMVFKIWLM6/9yYntKm/UIMbCbA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 09:de:a4:e8:b3:85:c2:b7:74:4d:d4:dd:42:5f:7f:11:3b:90:4f:38 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:96:3d:06:43:c1:e6:7e:de:e8:e7:d0:e0:3e:d5: + a8:1f:08:fe:98:ef:b9:a3:3d:0f:14:a5:3e:85:27: + 6a:a2:aa:8c:3b:f6:21:43:12:2d:c8:9c:b3:cf:a8: + ee:4f:8c:b7:3f:7f:49:49:a3:dc:17:3b:4b:28:2a: + 93:ae:e1:df:7e:22:b2:1d:9c:5f:43:59:a5:4e:55: + dd:db:55:46:55:83:6d:48:76:ef:3f:77:24:58:d3: + 7b:78:28:05:7c:66:7c:79:90:99:61:b6:cc:2d:b6: + ef:36:ca:11:3b:b5:65:c8:73:91:b0:10:12:17:a3: + e1:1c:ea:c7:dc:9c:b3:66:3d:ec:bb:a3:3e:99:e0: + 04:98:4d:9c:b5:62:ad:16:71:22:00:68:ef:e6:42: + f6:05:28:4d:88:16:05:51:82:f6:d8:83:91:0c:13: + 4c:3c:6e:d6:22:2a:52:da:37:56:a9:24:18:ba:8f: + 2e:65:d9:3a:4b:e0:a3:69:94:3b:16:5e:4a:cc:a8: + 6e:32:6d:f8:74:15:32:c8:9f:af:06:11:81:db:9a: + 65:cf:01:05:2f:65:4b:71:4e:92:1c:06:51:7f:29: + 57:e9:24:9f:89:f9:80:63:25:97:90:42:56:f8:e1: + 26:61:b2:48:b3:20:9b:9a:9b:34:4e:2f:03:06:a7: + dc:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7C:05:F1:0D:0B:C4:F8:8E:33:4C:F1:AE:78:6A:2C:16:AD:79:D0:A6 + X509v3 Authority Key Identifier: + keyid:F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c9:14:d8:f9:3b:c3:32:e8:6c:69:14:04:5d:27:d0:22:de:68: + 87:3d:d4:df:f5:4d:98:f4:eb:c3:06:39:7a:58:46:0d:06:72: + 4d:89:86:dd:40:b5:c1:42:7d:d4:33:72:5b:13:af:bd:cb:d9: + 64:22:a3:cb:6c:41:6f:e4:cc:65:94:58:8a:10:95:0e:a3:02: + 6b:4e:d1:44:bc:fa:1a:4a:86:89:49:f0:d9:2c:17:03:b0:9e: + 57:54:ff:ae:90:5e:de:11:31:3a:7f:eb:63:3c:a3:d0:3b:ab: + 6d:10:c1:8f:60:3e:19:1b:92:7f:77:1c:81:ad:0f:1d:80:dd: + be:dc:b4:b9:46:ce:98:36:31:e8:5f:03:70:4a:36:a9:99:93: + 0b:15:78:06:62:b8:d3:84:06:ff:6b:28:cf:ea:f3:2e:52:4f: + 67:01:fe:61:28:bb:ec:23:2e:34:03:1d:b2:8a:43:5f:bc:e5: + 3b:1a:c0:a3:9c:5e:57:b1:63:8b:10:9c:ec:aa:ee:bb:bc:2d: + 4c:2a:11:bb:e7:90:46:63:d7:f7:18:cc:df:e1:51:41:dc:db: + 91:41:ff:0a:6c:c9:9d:ff:0d:07:66:46:39:fd:cc:d1:4d:0d: + b9:be:1e:36:d7:ad:e7:8a:f9:10:6a:3f:15:4e:06:64:c1:a7: + 96:fc:4f:a5 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUCd6k6LOFwrd0TdTdQl9/ETuQTzgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJY9BkPB5n7e6OfQ4D7VqB8I/pjvuaM9DxSlPoUnaqKqjDv2 +IUMSLcics8+o7k+Mtz9/SUmj3Bc7Sygqk67h334ish2cX0NZpU5V3dtVRlWDbUh2 +7z93JFjTe3goBXxmfHmQmWG2zC227zbKETu1ZchzkbAQEhej4Rzqx9ycs2Y97Luj +PpngBJhNnLVirRZxIgBo7+ZC9gUoTYgWBVGC9tiDkQwTTDxu1iIqUto3VqkkGLqP +LmXZOkvgo2mUOxZeSsyobjJt+HQVMsifrwYRgduaZc8BBS9lS3FOkhwGUX8pV+kk +n4n5gGMll5BCVvjhJmGySLMgm5qbNE4vAwan3BECAwEAAaOByzCByDAdBgNVHQ4E +FgQUfAXxDQvE+I4zTPGueGosFq150KYwHwYDVR0jBBgwFoAU8iaxzzn0Hnelodpl +S8TQEslTJa4wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQDJFNj5O8My6GxpFARdJ9Ai3miHPdTf9U2Y9OvD +Bjl6WEYNBnJNiYbdQLXBQn3UM3JbE6+9y9lkIqPLbEFv5MxllFiKEJUOowJrTtFE +vPoaSoaJSfDZLBcDsJ5XVP+ukF7eETE6f+tjPKPQO6ttEMGPYD4ZG5J/dxyBrQ8d +gN2+3LS5Rs6YNjHoXwNwSjapmZMLFXgGYrjThAb/ayjP6vMuUk9nAf5hKLvsIy40 +Ax2yikNfvOU7GsCjnF5XsWOLEJzsqu67vC1MKhG755BGY9f3GMzf4VFB3NuRQf8K +bMmd/w0HZkY5/czRTQ25vh42163nivkQaj8VTgZkwaeW/E+l +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 09:de:a4:e8:b3:85:c2:b7:74:4d:d4:dd:42:5f:7f:11:3b:90:4f:37 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cd:e5:09:a9:89:90:93:c8:33:6e:5b:db:e8:8e: + 12:b1:4a:dd:a2:3a:60:ad:e7:26:98:bc:5f:63:12: + 8d:39:97:38:53:96:ef:65:d9:43:06:fb:e7:1f:8d: + ac:32:87:84:ae:50:cc:8f:48:fa:b2:e2:7e:58:32: + 2c:78:a0:c6:82:41:3c:4d:a1:01:43:0f:c4:a7:9d: + 5d:24:16:39:b4:13:7b:09:b1:dc:3f:e5:ac:3b:d7: + 53:b6:59:52:80:87:b2:12:65:6c:9c:fe:24:92:88: + ca:5a:ec:e4:04:81:a4:88:b2:3f:39:e1:4d:6b:91: + db:17:76:c3:0e:67:a4:5d:c8:e4:76:16:44:f7:76: + ae:db:63:7f:37:70:d0:e5:fc:df:08:0f:2e:f9:08: + 72:f6:65:4f:af:15:97:a3:4c:03:f9:8f:5f:69:f8: + 97:d8:dd:fe:e7:2c:1d:a3:d8:53:46:df:5c:c5:8e: + d8:38:41:ce:d7:ea:7f:f1:3b:0c:dd:13:dd:e7:2f: + 44:24:aa:25:e3:eb:a1:8e:43:b1:5b:e3:b8:ad:aa: + 1e:49:f0:77:40:64:ef:90:ad:72:a4:a0:d3:95:69: + 96:4b:6d:08:34:97:cc:5e:5c:a5:08:c9:fa:66:60: + ec:f9:aa:86:d8:bc:21:b7:78:bf:f2:28:01:41:3d: + a4:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + X509v3 Authority Key Identifier: + keyid:F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b5:df:1a:a1:ed:15:d9:ad:63:2e:b9:04:35:7c:fa:4c:fa:1f: + 89:a8:2b:ce:5e:80:58:f4:5f:af:6f:20:3e:3a:bd:79:8f:ea: + c0:ae:19:f2:a5:ea:d8:a1:fb:a0:b7:15:60:e6:d4:e1:70:e4: + d4:67:87:02:e0:aa:f9:c3:74:04:97:54:2a:5a:22:18:94:1f: + ab:51:61:2f:14:bf:a8:97:46:49:b6:92:53:d1:f9:85:c9:6d: + 74:f8:dc:94:b3:3a:04:cb:16:4c:5e:d5:8b:b8:b9:b8:4e:58: + 87:b9:bb:c8:f2:4e:99:55:4d:70:c0:7e:e4:e9:b8:7b:7e:6f: + ca:42:bc:f5:ad:ce:ab:2e:32:88:e0:0a:a9:0d:47:b2:c6:ed: + 13:6a:45:51:8f:3a:43:ed:0e:23:41:ca:b0:23:d2:14:3d:e3: + 92:3a:36:50:09:a2:8c:56:cc:c9:ee:d7:b2:5c:e3:35:a9:b3: + a6:34:54:53:c6:4e:72:7b:1a:77:14:4c:ab:ca:99:c2:ec:af: + e1:96:87:f5:94:5d:90:8d:b6:29:ec:8e:18:85:3c:33:49:61: + b4:8e:82:f4:37:62:9e:dd:06:66:df:95:3e:9a:c7:c0:a2:c6: + 2f:b2:26:4d:e1:b8:e0:69:a0:36:ba:30:3a:01:b4:c2:02:35: + 99:08:e7:99 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUCd6k6LOFwrd0TdTdQl9/ETuQTzcwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDN5QmpiZCTyDNuW9vojhKxSt2iOmCt5yaYvF9jEo05lzhTlu9l2UMG++cf +jawyh4SuUMyPSPqy4n5YMix4oMaCQTxNoQFDD8SnnV0kFjm0E3sJsdw/5aw711O2 +WVKAh7ISZWyc/iSSiMpa7OQEgaSIsj854U1rkdsXdsMOZ6RdyOR2FkT3dq7bY383 +cNDl/N8IDy75CHL2ZU+vFZejTAP5j19p+JfY3f7nLB2j2FNG31zFjtg4Qc7X6n/x +OwzdE93nL0QkqiXj66GOQ7Fb47itqh5J8HdAZO+QrXKkoNOVaZZLbQg0l8xeXKUI +yfpmYOz5qobYvCG3eL/yKAFBPaSdAgMBAAGjgcswgcgwHQYDVR0OBBYEFPImsc85 +9B53paHaZUvE0BLJUyWuMB8GA1UdIwQYMBaAFPImsc859B53paHaZUvE0BLJUyWu +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAtd8aoe0V2a1jLrkENXz6TPofiagrzl6AWPRfr28gPjq9eY/q +wK4Z8qXq2KH7oLcVYObU4XDk1GeHAuCq+cN0BJdUKloiGJQfq1FhLxS/qJdGSbaS +U9H5hcltdPjclLM6BMsWTF7Vi7i5uE5Yh7m7yPJOmVVNcMB+5Om4e35vykK89a3O +qy4yiOAKqQ1HssbtE2pFUY86Q+0OI0HKsCPSFD3jkjo2UAmijFbMye7XslzjNamz +pjRUU8ZOcnsadxRMq8qZwuyv4ZaH9ZRdkI22KeyOGIU8M0lhtI6C9Ddint0GZt+V +PprHwKLGL7ImTeG44GmgNrowOgG0wgI1mQjnmQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test new file mode 100644 index 0000000000..701f22adf4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test @@ -0,0 +1,12 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage +ERROR: The extended key usage does not include client auth + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test~ new file mode 100644 index 0000000000..034e2199be --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth-strict.test~ @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes any auth +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth.test new file mode 100644 index 0000000000..597786b059 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/clientauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/generate-chains.py new file mode 100755 index 0000000000..bc6ef79a42 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the leaf certificate lacks an extended key usage +extension.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().remove_property('extendedKeyUsage') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Intermediate.key new file mode 100644 index 0000000000..04e085410c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAlj0GQ8Hmft7o59DgPtWoHwj+mO+5oz0PFKU+hSdqoqqMO/Yh +QxItyJyzz6juT4y3P39JSaPcFztLKCqTruHffiKyHZxfQ1mlTlXd21VGVYNtSHbv +P3ckWNN7eCgFfGZ8eZCZYbbMLbbvNsoRO7VlyHORsBASF6PhHOrH3JyzZj3su6M+ +meAEmE2ctWKtFnEiAGjv5kL2BShNiBYFUYL22IORDBNMPG7WIipS2jdWqSQYuo8u +Zdk6S+CjaZQ7Fl5KzKhuMm34dBUyyJ+vBhGB25plzwEFL2VLcU6SHAZRfylX6SSf +ifmAYyWXkEJW+OEmYbJIsyCbmps0Ti8DBqfcEQIDAQABAoIBAEa6YemiLiYKQPFp +ZziNk0FRFbLgIK/VvfTFOmKrRMthqPVNkSknNMCd7RTU/aQbpeVRwinV53ZUZrR5 +Ht+U3IdgRCQmir6FRIpVaEWqppr5bYhQ3Z8uMsFShmzxwmtnQDBmv5691O+skH9l +r6lBY7JzneGaHzpb302ixgZ5CwgVZGa6TpCipyuKsj8GRob6IAyLsB+jKkydon8B +zZL58iH+KFVmsxEWB/IwcWRVGMIjBASflMWykGcrfFOEA1RFtQVbBzH91RAsfUzF +ZH88IEbnCEgbUvrbOCV0VsCZVrviJjBv2YQ4KrmJOwMUjNZPtyLElxJG8TNNqQ2Y +idr+9gECgYEAxQLzjhPpSQjZwL1N9u4MUXCavMVatcdXkN2yq002jD9tx73SCj+U +LbXGZzfN7uEYbdbU2BslHyACxu3RMgLLjku+p8OgS6bcbMR2AMliqE5hInJpPC2S +XOa/ukz+DXQaZd0Bq8wZvGCsx9P1spjMvIKVxQ9mzIfaayWbo61gJCECgYEAwzji +OgUpSlcwXrBUMMIbMQnYkODXLObqyjfdYHc4u+nCJ29nHW5cpRYE86bOKPwUnGFg +/t40LQNTkHALCIsFvGuJ5Nv44zDtWrqEflj0ldYUp0cn2jbmnP0bpfmY5Ss0Gcdi +RSFjNrUMlXOzX33Jxk8YcydY90FtWjQSK3PKufECgYA0eL/DtJvqntfYVNMiFG7l +dfdQlcO+LJSu+c0vgMYpfm9PxsfdgOeHcSWhsiRAHmWyQ4i28ivl6VG0B/0ys7nh +cV0bM6hK3etRcNX5CaokJ5QJZ62NoJmd8rtX9E+p56VsQfvC9P5ZxOnf4x1KbxYA +k0sujBaWHQzYgtC8PF4h4QKBgAMPKiRknlAG68AgHUGiWRC8qcMjctvGRpmipHp1 +g9MWB6/chA4nA5amsK8sxwBHav9EW2PDEag+7BlQWCvrGczpFoEanVzaEG4ijB76 +v+J1N1+jstEtmRGOudcxAR9ePPPGdxjEPCzIS4kwBfiSHQ5ZgPWVAUTmppMKS9qY +du3RAoGAJo1XbdpF3eiSlSMP7N2ocfsbyLdunJcU4puKGYGHsthPhT132ZFwvvjB +N5fKCI/sYV552E7HsPnvJIl7qWQKCLIO9zqzLyYXSPxVqMHImvKyDTHur9AoDzkH +JMDnfHD0EsxInQqXJIWxY2gqo44rJ1IwBtwTDrhanFmJBaWU9Mg= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Root.key new file mode 100644 index 0000000000..c6f1b8479a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzeUJqYmQk8gzblvb6I4SsUrdojpgrecmmLxfYxKNOZc4U5bv +ZdlDBvvnH42sMoeErlDMj0j6suJ+WDIseKDGgkE8TaEBQw/Ep51dJBY5tBN7CbHc +P+WsO9dTtllSgIeyEmVsnP4kkojKWuzkBIGkiLI/OeFNa5HbF3bDDmekXcjkdhZE +93au22N/N3DQ5fzfCA8u+Qhy9mVPrxWXo0wD+Y9fafiX2N3+5ywdo9hTRt9cxY7Y +OEHO1+p/8TsM3RPd5y9EJKol4+uhjkOxW+O4raoeSfB3QGTvkK1ypKDTlWmWS20I +NJfMXlylCMn6ZmDs+aqG2Lwht3i/8igBQT2knQIDAQABAoIBAHqErik6eNPXr/Md +qlBKKolheV1Ny7Xv9KGyhjhYE72PZK8pA6/hhucjArdeAHfY+HUaE3+396Z27KPi +x1/InBdqZk3zXuLfATCUjZYpu5CSfwaX1e4X51N8oI3DvTpKhQY5YFZTTMP9rhxJ +Fq4vzw6gssrobL9z/aGKxCtQNRiwnm5mrj/x26j8t1bh3xHzvBb8jcK4j9R/F26k +clZgTSXWjXTeAqgmwOfANtlDthNuLCXuC0DZkbm9wgDBJG1Wg5c9fBuSSRblP4cb +XPu/xtd0wfykD3Qoygr1eGhoFS36EBCfm7eWbsUP0foXDLYq72O5dDvzkJruuuP+ +djxJ80ECgYEA95xAZf46CfVnSxTBs13MrUMUcb5ns6NNMMC5OLqHgdgtNLdufvLO ++kAf9GfJBpoO2X0ZQP/rUAKBH9Gfg8n5ihHTGWYzmANryBmJ1gC99tx5yb4Qwzrh +2C6NSzL+f2tVEOHeyee53cDJdZP23dIAg5JRGdK9vkqaokJhvchG8jkCgYEA1N7y +yiWms6muh/Pv8jHY8+bE2nVqu0YhRam8qiU8KwT2HulXxwNGN9oSdYDxfPf9JAGP +6AW/NSVRPwxn1twttnWNMcmKkkfO712gX4RkuCVtIj2PTSRnGWgkTpT176mUZWmp +rjP14HdGLXzTl5bVgtfYWywK4ieyKWEzzzYcNYUCgYEA21iHk9KKB5hlUJWqogJN +9o6d5cUOiIv5LV8MtbxHnjaqlTCJqdvejsGPjSsDYd3HmdLANFyBT/dn+4/vBwg9 +DpqLrsximB8vs6sr92/g2HanTJgasVfQCXnzoNIjsSybxsDQY3vrow3NaWMSJZ6K +5gMP5RhTDed45JR5kW2Bq8ECgYEAtmJbFRXTUYXlcrhvckyBPOAQ87e8fb4ljcFT +U1hZx+YVVgDJY0sL45ilTiXvQgpbynjIKpyZ6dgSV3mykmXNiNII6opqftClnXLT +kGMnxJrUeYzS9d5ls2AGE4oPeYsLCSTR6967INowt5KG3A+w2c1Do0IGBSTLwiZ1 +NGmBG90CgYEAhPMpBUyTUMxfyfgItIVIN/1IKnOTVMMdJ8jnk0GUqQIP9v5Xslzg +/PJexDcm9aAUAhiN/Q8dXSHZ2dgx1HkIyf4B+jkeGLlHfYopYReOOBMjTDaEk25v +Rgc6fTtlmKCXa83BH3m8fGOoA49h0vA7r0JZqSFtMk5LKBf1GeE5hOU= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Target.key new file mode 100644 index 0000000000..3f9b93e131 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwJ6ld3AovI8YzqI5ZYEY2TEK7iMJgc2CNpilgi6x/FmoRkkG +FmDrEkYshajAdXstRQ8Jutap/YgP1pd4Hl1RzBqUHi64gk7jDKpYG8bd/dKjkmwK +rl7KVoeabL2JMplb2jPdeu2nxeEC3iVbF2r1FYoxccfAJHxVxI7PTAP9f/ThkMwa +XrXxSy56L2kGKoZ2M4jvsuCEUpgD65h7FiVlaqZa+je1oXB0XpaHYnik1AVglzr5 +TIZJDVTbeY1oVliD7o8a2tc6BnhudfCpmToiowbuWKIr0epKp4rIvUP4sXBP+1G2 +InjPXMbcgDM99ZJtkckbfoc3KHa0/39tUpvH5QIDAQABAoIBABqPhceTerqNjOEp +c3qws4l3fsdZo3z3pqX6pI/v+nEOt+qBNUqusJuDe64ul+NbSeHE8hWGdkhUk8KG +fnTJb3cSjyweSykE0cA0WRPzdzcB7bZKGarzvTjzV/L4q8uDZCwRjM/fp4vcvDV/ +tzDiecsvlCPZZIBjeLwy6RjVUAZts3feWh5zhrhb+R+8xsVfY8ePD2JcF6NsQa/d +zDg/SEeejxfS0oAgUZn3/5/xX74fhtyWkVaDDH3IXKXtOn7cMhzTEw1W7CcqzGeu +CGitu660+B8ECRWBaxjlqp0RkYWlB2lcrofKh6EcdTM18zuMloeG005pOZyg3xa7 +6qAzmz0CgYEA91n/GiXL+9dHvkEU4dvrUk/5iuIiilXIPX9SHXukiLQSg7yVJJr/ +0TU7qtNdiC9ojxbDeGO7Q51ISI+NmQf21xJlVE2F1hxYMqVU5hFm5iC3s9V2IXfJ +00xuInvZPSFhTumGxPOCU0D3cDyvDcQr0v9hIIHdt84Y0KOt8FHIsbMCgYEAx1rB +C/vnzQ9uPdKu8mrQ7kP2/alLyVVz7sIuDss2mX5hHQ7z8ZGB1xQeyhdAD3wYjjD3 +YM+9evmrrhKKQ9hRujOw/RJYzFt3sbsRGIXPUR6MVj70LMFW+wP0Eb1KQIc7pcHg +eXS7orrXUU4M1HPrhDfGX74vEDK447fiVU/3ZAcCgYEAvIPepPMBkCL3Ds1TOP// +TXCeY3cNlBjkz9nln4rIT1fOdJCZqphnN+82Vm9Y7Z4UNlnHCE4aPuH0YTjnViZ3 +vlrK14Ft600W+yJ+ngnNPr7YwzqBGejN7ThnB+kUHD8Ahr/8csaUIRd2fhgB4qAM +Nndkcv4HGTr+NqVIv8vVBXkCgYAD2dr00k7uBShKBXHfuPSERcfVqpmOMBpnOFUP +cBmD6Y8SsqE/v2HUt8zIdp6ELg+DX6rHsfulDoGkgTMukFUz1Z/Lo7kXaYTsaAKy +iJMyq/ZmDB1HaAy4GKF0XkW67WHXl+EwN3MQd6+FII7a48pe6XzpiJD8LR6pN3ol +z7+lrQKBgQC6Sg3ccLIbxKMN8gP/Ox/kK88FNLsjeAuYk2DrSXa6SuE0wkozd7Y/ +yeXgFhkLhE1jrBM4NX1TPy+YRkNiY+cfhdoC+4hv9gLT2VQQJuDATgjMJ8DUL4jB +CQYbGDIzWS43E//cMNJ103X4zQyLILny2eIwNZqUIOCR1e+QlL+IZg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test new file mode 100644 index 0000000000..ae03f4ae63 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test~ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test~ new file mode 100644 index 0000000000..5840823d8b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth-strict.test~ @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +WARNING: The extended key usage does not include server auth but instead includes any auth +ERROR: The extended key usage does not include server auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth.test b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth.test new file mode 100644 index 0000000000..36181bbfb1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-eku-none/serverauth.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/chain.pem new file mode 100644 index 0000000000..c044e54779 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/chain.pem @@ -0,0 +1,258 @@ +[Created by: generate-chains.py] + +Valid certificate chain where the target certificate contains a public key +with a 512-bit modulus (weak). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 67:e6:43:1c:a1:b5:ee:5f:34:22:dc:ea:e2:6b:c2:18:43:17:fb:dd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (512 bit) + Modulus: + 00:d5:13:bb:52:bf:ca:19:1a:06:19:68:07:1d:e6: + 87:16:d3:f0:e0:12:ba:a2:b5:2a:3d:ed:b3:64:16: + 06:a3:50:fc:b0:a4:49:f2:f9:ab:34:ad:4f:db:0a: + 3d:2b:25:92:86:3f:94:df:fb:fc:54:f2:c7:6d:9e: + d2:10:e0:cd:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E9:D8:44:8D:24:EE:A1:82:18:6F:21:FA:4E:EC:FB:DF:D1:91:57:9D + X509v3 Authority Key Identifier: + keyid:CC:47:D8:FF:8B:67:33:FB:F5:CD:D0:A7:B6:12:A0:19:27:27:D1:57 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + ae:21:58:ab:33:36:c9:86:ae:4b:d6:74:08:a5:7d:f5:14:f3: + 98:05:b3:28:1b:6c:b5:a4:de:4b:3a:32:6a:b1:97:16:c5:37: + dc:25:d5:01:cb:dc:b0:29:86:15:a3:2a:b6:4e:1b:46:b4:30: + e5:b7:63:b5:2a:6e:31:d7:b8:ec:98:9b:0c:8d:66:87:94:54: + 54:82:36:21:55:f6:ff:73:c9:25:5a:35:48:4f:dd:c7:31:2f: + 42:55:59:9a:0b:e4:6e:49:eb:ef:77:53:27:bb:72:b0:e6:97: + 41:a0:9e:a3:a5:83:32:dd:a5:4a:37:d9:c0:0e:49:84:21:73: + 8c:ae:b2:44:df:18:e3:58:dd:fa:d7:f2:2f:1a:9f:67:ca:45: + 08:5f:53:78:f3:88:76:52:fb:bd:5a:1e:bf:86:d6:0c:ec:1c: + 1c:1d:c5:9a:3d:26:03:c2:a8:32:b4:2b:f9:d0:0d:80:5f:8f: + 5c:e1:a0:29:be:bc:2b:9a:92:bf:7b:8a:f6:7c:d0:00:bd:a6: + 72:73:9c:70:80:04:18:1d:9b:2c:6f:6e:80:67:8f:10:fc:f1: + 1c:ed:fb:aa:39:53:28:78:35:86:a0:7c:02:50:ef:ab:a6:0e: + b8:e5:ac:f4:76:82:ab:cc:b4:5b:94:3e:3e:8e:7e:34:1f:fe: + d5:48:37:ed +-----BEGIN CERTIFICATE----- +MIIC2DCCAcCgAwIBAgIUZ+ZDHKG17l80Itzq4mvCGEMX+90wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MFwwDQYJKoZIhvcNAQEBBQAD +SwAwSAJBANUTu1K/yhkaBhloBx3mhxbT8OASuqK1Kj3ts2QWBqNQ/LCkSfL5qzSt +T9sKPSslkoY/lN/7/FTyx22e0hDgzQ0CAwEAAaOB6TCB5jAdBgNVHQ4EFgQU6dhE +jSTuoYIYbyH6Tuz739GRV50wHwYDVR0jBBgwFoAUzEfY/4tnM/v1zdCnthKgGScn +0VcwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNodHRwOi8vdXJsLWZvci1h +aWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vdXJs +LWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCuIVir +MzbJhq5L1nQIpX31FPOYBbMoG2y1pN5LOjJqsZcWxTfcJdUBy9ywKYYVoyq2ThtG +tDDlt2O1Km4x17jsmJsMjWaHlFRUgjYhVfb/c8klWjVIT93HMS9CVVmaC+RuSevv +d1Mnu3Kw5pdBoJ6jpYMy3aVKN9nADkmEIXOMrrJE3xjjWN361/IvGp9nykUIX1N4 +84h2Uvu9Wh6/htYM7BwcHcWaPSYDwqgytCv50A2AX49c4aApvrwrmpK/e4r2fNAA +vaZyc5xwgAQYHZssb26AZ48Q/PEc7fuqOVMoeDWGoHwCUO+rpg645az0doKrzLRb +lD4+jn40H/7VSDft +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:42:88:cd:72:5f:2b:00:a2:67:88:f3:ee:8d:e7:a5:6b:77:3c:c6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bf:5d:ac:94:a4:6d:90:41:e2:b8:a8:23:44:d3: + 0b:a0:16:0f:a9:d1:86:a6:7d:16:1b:0a:74:78:ef: + 7e:fd:66:74:8d:d7:9e:d4:6b:ec:82:a7:18:59:1b: + a6:36:7d:b3:69:ac:5d:70:74:88:37:49:2a:5b:d2: + eb:db:56:de:54:f7:35:5a:3c:b6:b2:69:23:c5:f6: + 73:95:78:80:8c:62:95:0d:2f:8d:0e:64:e2:66:2a: + 05:7e:fd:70:23:ad:00:39:6d:2d:33:a7:00:af:37: + 74:41:bf:67:49:bd:51:c1:54:c8:d3:1e:87:f1:87: + 13:7a:c0:e4:20:52:15:fc:f1:4c:9e:84:30:72:93: + df:0e:71:94:54:7c:12:4e:4a:31:a6:77:94:8b:98: + 35:02:fa:1f:aa:e8:51:c6:a6:6c:b9:40:3b:2d:a3: + 3f:01:33:7d:5b:60:b3:db:12:cc:1c:a1:7f:94:4b: + 3b:b8:2a:13:a2:da:d4:cb:5a:b7:a9:60:90:19:b5: + d2:83:c0:a2:84:52:44:61:1f:26:ff:3e:e2:43:32: + 15:a4:96:33:34:3b:7c:90:4b:f0:db:7d:e8:f4:34: + 65:60:e1:09:06:5a:1c:8a:89:6c:cc:cc:81:c7:e5: + d5:56:24:d6:6f:a1:2c:c8:9f:77:ab:8b:17:0b:98: + fe:c5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:47:D8:FF:8B:67:33:FB:F5:CD:D0:A7:B6:12:A0:19:27:27:D1:57 + X509v3 Authority Key Identifier: + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9c:f6:dc:5c:26:04:37:cc:b7:75:48:e5:3a:7a:ca:41:f1:99: + 09:9e:82:04:24:c7:98:28:5b:7c:fc:bd:03:42:53:ec:f3:e9: + 50:7d:18:44:74:75:8a:e3:63:91:36:36:b2:48:06:b5:91:9d: + 89:1d:83:a6:b9:91:a4:09:11:60:95:3e:5b:d2:50:ca:fc:42: + 1f:3c:6b:6b:f1:bf:5a:5b:32:fb:1a:b5:c7:85:6b:13:af:5d: + 75:6b:3c:c7:40:a5:4d:c5:23:de:48:cf:82:86:77:49:ee:77: + 25:8e:7a:23:ed:c7:1c:84:0d:49:6a:4b:3f:9a:f2:2e:75:70: + a0:b5:28:9a:a8:24:25:0d:25:ba:08:92:f1:65:81:95:b4:b1: + 34:72:66:b0:1b:0e:80:27:a5:7d:c5:ed:dc:3f:71:75:4a:b5: + 67:1e:d1:b2:54:57:4f:29:a4:7c:1d:4d:59:3e:c9:5f:c0:33: + f7:04:9b:96:d2:22:96:ec:00:29:4c:7f:7e:7c:3a:ca:f2:6b: + a2:39:ac:cc:c7:07:3c:1e:aa:df:2d:4b:95:b6:cb:b6:c7:41: + 46:38:7f:08:ae:3e:6d:23:81:40:63:b1:ae:8d:42:32:1a:ed: + b0:71:bd:ec:76:2b:4c:ff:a0:28:1b:42:f2:3f:ed:e2:63:fb: + db:c9:c6:14 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUTkKIzXJfKwCiZ4jz7o3npWt3PMYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAL9drJSkbZBB4rioI0TTC6AWD6nRhqZ9FhsKdHjvfv1mdI3X +ntRr7IKnGFkbpjZ9s2msXXB0iDdJKlvS69tW3lT3NVo8trJpI8X2c5V4gIxilQ0v +jQ5k4mYqBX79cCOtADltLTOnAK83dEG/Z0m9UcFUyNMeh/GHE3rA5CBSFfzxTJ6E +MHKT3w5xlFR8Ek5KMaZ3lIuYNQL6H6roUcambLlAOy2jPwEzfVtgs9sSzByhf5RL +O7gqE6La1Mtat6lgkBm10oPAooRSRGEfJv8+4kMyFaSWMzQ7fJBL8Nt96PQ0ZWDh +CQZaHIqJbMzMgcfl1VYk1m+hLMifd6uLFwuY/sUCAwEAAaOByzCByDAdBgNVHQ4E +FgQUzEfY/4tnM/v1zdCnthKgGScn0VcwHwYDVR0jBBgwFoAUvjNyR8Kxl0GZwDFX +UlYMtVN4WqQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCc9txcJgQ3zLd1SOU6espB8ZkJnoIEJMeYKFt8 +/L0DQlPs8+lQfRhEdHWK42ORNjaySAa1kZ2JHYOmuZGkCRFglT5b0lDK/EIfPGtr +8b9aWzL7GrXHhWsTr111azzHQKVNxSPeSM+ChndJ7ncljnoj7ccchA1Jaks/mvIu +dXCgtSiaqCQlDSW6CJLxZYGVtLE0cmawGw6AJ6V9xe3cP3F1SrVnHtGyVFdPKaR8 +HU1ZPslfwDP3BJuW0iKW7AApTH9+fDrK8muiOazMxwc8HqrfLUuVtsu2x0FGOH8I +rj5tI4FAY7GujUIyGu2wcb3sditM/6AoG0LyP+3iY/vbycYU +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:42:88:cd:72:5f:2b:00:a2:67:88:f3:ee:8d:e7:a5:6b:77:3c:c5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ca:3f:f8:1f:42:8f:55:98:f8:9f:fb:94:03:42: + 2a:c1:42:3a:2b:2a:f3:54:14:f3:fe:67:25:24:d3: + 9a:7f:66:1a:60:0b:9d:d8:bd:65:71:b5:f5:d9:fe: + eb:f6:04:72:57:97:bc:23:b0:be:bd:ce:94:9e:58: + 1a:10:e7:33:09:0b:57:a8:1c:6f:fa:f7:ce:d1:31: + 34:90:1a:b4:60:2d:d2:7f:29:9b:4e:ec:f4:6e:99: + 21:6b:98:9c:90:09:fc:bd:2f:55:c3:34:38:48:4a: + 73:fe:58:e2:09:b9:d9:f9:53:f6:84:e2:5d:fc:eb: + 3c:ba:92:f5:bc:97:cc:ef:43:54:f7:4f:c9:b4:2c: + 86:95:32:a6:e8:91:f5:8e:31:f8:de:b5:d9:c9:3d: + 4d:d7:24:4c:8c:58:aa:8a:c5:79:ab:e7:cd:3b:5c: + 84:67:52:5a:88:33:c3:55:d5:a9:2e:c9:5b:61:7c: + 87:05:c1:0b:d7:19:4a:fe:bd:ba:af:d7:e5:70:d1: + a4:92:08:d2:f2:ca:2b:b1:94:d0:84:57:f9:30:92: + fc:3a:67:82:10:6e:e3:89:9f:b3:df:75:6e:99:46: + bd:ce:b1:e8:ac:a2:3b:21:80:da:11:13:bd:df:93: + 0e:0e:ee:5d:f5:39:a2:a8:f7:41:c8:cb:00:5c:ac: + ee:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + X509v3 Authority Key Identifier: + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 79:71:89:c7:04:97:a9:de:39:10:63:99:20:38:e4:13:7d:94: + 2c:07:c5:13:68:a8:60:86:94:40:b0:29:ba:f9:d9:34:a0:d1: + 00:9c:29:63:96:5e:45:d4:10:18:4e:0c:5c:34:36:43:5b:8c: + 10:6e:b6:81:1f:04:f8:81:5e:3e:37:ad:f3:95:dc:32:34:ee: + 11:69:1f:63:2c:c6:08:d8:32:0d:29:f8:0d:ac:8d:6b:d1:aa: + 1c:54:43:13:8d:a4:45:dc:8d:d5:81:c5:bc:fd:64:44:3f:7e: + 6c:40:dd:6f:24:69:61:cb:ad:c2:f9:29:f8:53:01:02:9b:99: + 5b:3e:c0:b5:61:5f:9b:8e:21:d2:1b:c3:14:f6:7d:a9:20:9d: + ac:f5:3d:2c:de:29:6f:db:af:5a:a6:c2:75:37:f6:aa:a0:f3: + e5:dc:b9:26:00:47:af:f2:37:ff:04:1f:c8:3c:8d:c0:5a:64: + 6b:60:09:e4:d1:b0:ca:97:e2:ae:64:8c:fa:eb:f8:e0:83:f4: + 05:bc:dc:79:17:91:eb:06:72:26:ac:0b:09:59:9f:75:6d:3b: + 8c:67:52:b9:3c:9d:44:28:46:fc:b6:cd:18:cc:51:33:30:cf: + 5f:65:1c:d8:f7:49:bf:60:77:f7:9e:b7:60:6a:bd:04:a3:e7: + 9c:09:95:b7 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUTkKIzXJfKwCiZ4jz7o3npWt3PMUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDKP/gfQo9VmPif+5QDQirBQjorKvNUFPP+ZyUk05p/ZhpgC53YvWVxtfXZ +/uv2BHJXl7wjsL69zpSeWBoQ5zMJC1eoHG/6987RMTSQGrRgLdJ/KZtO7PRumSFr +mJyQCfy9L1XDNDhISnP+WOIJudn5U/aE4l386zy6kvW8l8zvQ1T3T8m0LIaVMqbo +kfWOMfjetdnJPU3XJEyMWKqKxXmr5807XIRnUlqIM8NV1akuyVthfIcFwQvXGUr+ +vbqv1+Vw0aSSCNLyyiuxlNCEV/kwkvw6Z4IQbuOJn7PfdW6ZRr3OseisojshgNoR +E73fkw4O7l31OaKo90HIywBcrO6xAgMBAAGjgcswgcgwHQYDVR0OBBYEFL4zckfC +sZdBmcAxV1JWDLVTeFqkMB8GA1UdIwQYMBaAFL4zckfCsZdBmcAxV1JWDLVTeFqk +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAeXGJxwSXqd45EGOZIDjkE32ULAfFE2ioYIaUQLApuvnZNKDR +AJwpY5ZeRdQQGE4MXDQ2Q1uMEG62gR8E+IFePjet85XcMjTuEWkfYyzGCNgyDSn4 +DayNa9GqHFRDE42kRdyN1YHFvP1kRD9+bEDdbyRpYcutwvkp+FMBApuZWz7AtWFf +m44h0hvDFPZ9qSCdrPU9LN4pb9uvWqbCdTf2qqDz5dy5JgBHr/I3/wQfyDyNwFpk +a2AJ5NGwypfirmSM+uv44IP0BbzceReR6wZyJqwLCVmfdW07jGdSuTydRChG/LbN +GMxRMzDPX2Uc2PdJv2B39563YGq9BKPnnAmVtw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/generate-chains.py new file mode 100755 index 0000000000..bcae9d5e2f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Valid certificate chain where the target certificate contains a public key +with a 512-bit modulus (weak).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.set_key(gencerts.get_or_generate_rsa_key( + 512, gencerts.create_key_path(target.name))) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Intermediate.key new file mode 100644 index 0000000000..32e8c7ae3a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAv12slKRtkEHiuKgjRNMLoBYPqdGGpn0WGwp0eO9+/WZ0jdee +1GvsgqcYWRumNn2zaaxdcHSIN0kqW9Lr21beVPc1Wjy2smkjxfZzlXiAjGKVDS+N +DmTiZioFfv1wI60AOW0tM6cArzd0Qb9nSb1RwVTI0x6H8YcTesDkIFIV/PFMnoQw +cpPfDnGUVHwSTkoxpneUi5g1AvofquhRxqZsuUA7LaM/ATN9W2Cz2xLMHKF/lEs7 +uCoTotrUy1q3qWCQGbXSg8CihFJEYR8m/z7iQzIVpJYzNDt8kEvw233o9DRlYOEJ +BlociolszMyBx+XVViTWb6EsyJ93q4sXC5j+xQIDAQABAoIBACi3TZjywz0GR67y +V061eKu/BeYj5npV8vYd61ov2t0fh30Ge4zGybOiydNrxpmhdSLuwZLDuJfKwXB4 +GCa6/OMnFfr1IAolxK7CGSWcVf2InB4KGAEQBfumxTSXx9xPWtTdHdj3l3WwXtP+ +XYOa/GIeH/yLanFBRCvCDsexr2v5rO/miB7hynZJ5YFZwtf99iqu8S1ULEE+UZ5c +1C1DhB/BzoUUB/g3DeNLGAxLq6UtsQqZFYL1ZmwVjeecrVIuYjn/LAHnNGkjwabN +tpf5b0HYS18LAH+JP6p2yLz/Ur0EeJ+I+U3MPKg8Q6vJ0u8nWb/W134aa05Uni31 +vGrZQwECgYEA6x0CKeyq0q62AFqiw+IquCk1M7vJXK8GWxgUgkrGBIdF5TCntIlf +26/KJeXPfPpK3sayUY5049d27Oi1IrybAdH7mFf2g1HW3dJMUJjXEnIolpKBFUJj +TOQrA7Q1+YZipbbyCPiQzcSy+bZITyg3e3u9aYT+yPS0JD4HIvIekW0CgYEA0F3B +CKB1lNFVI0O9UsvelyVV12gqBjMm+Vyo4HuWprP/p6uRZ9/6S0QGQ4EqMeQKI88G +67RNeAdjbb0lkIom2g9NbkqS7bHRasUtpyY4rfm6rTNz284fSZnMRMRvJ7+kaH6T +oTJBjUI47gUVoCxX+RQdREnrgcazuZquNZggI7kCgYAsBLxY+RRqaYdtvYpnvjpd +TGnHi8sBbUt1VqbQVguI4YK2jEt5w5aM3Pat7b7RGVNXLkBIgLFlzvtXE6KGJGWp +C5VdSmq+312pHixnkpYBwBnVRwyf3FQXG0jqYp0QYJari/r4rwD9ZWxU0EnteAwb +NGmcDehd22K2vl47rrUGaQKBgGux2YCs9rj5TSjR7TurFZxHdsvEEdxsedtu0fZc +ymvVIvE1kwz+Te6y9Q3U58srkzYY3fnbkiLUpsZkedLwJM6WFC5KKxDh1Fx8F3GK +Jsd9CMhWjK5yJeezr0lnwg/oVICR05oAULNDJAuZ4yiLYtjhVZMjJa9I1UG8OgiH +XS05AoGAFz3V0aPTlD9isEUbz5KYm5t7nr3GpCKy5Ss+hkmQWDCeJb78vgW3P+H1 +OwV7nvVmOSM7AYIngp2q7VsGRx8nmsVwm/KDRnbnPxmPPLsHQS+TKHwbcOG9LWb0 +R0TkmMFIdwJrtBO997T9/gCGDxmw86OwvzeqkbYW7/RtrwJFk8Y= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Root.key new file mode 100644 index 0000000000..3034b86cfa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyj/4H0KPVZj4n/uUA0IqwUI6KyrzVBTz/mclJNOaf2YaYAud +2L1lcbX12f7r9gRyV5e8I7C+vc6UnlgaEOczCQtXqBxv+vfO0TE0kBq0YC3Sfymb +Tuz0bpkha5ickAn8vS9VwzQ4SEpz/ljiCbnZ+VP2hOJd/Os8upL1vJfM70NU90/J +tCyGlTKm6JH1jjH43rXZyT1N1yRMjFiqisV5q+fNO1yEZ1JaiDPDVdWpLslbYXyH +BcEL1xlK/r26r9flcNGkkgjS8sorsZTQhFf5MJL8OmeCEG7jiZ+z33VumUa9zrHo +rKI7IYDaERO935MODu5d9TmiqPdByMsAXKzusQIDAQABAoIBAEiBrGtQimBOifuY +zpRoeTl1i7MEH93p8RsoUTmlnsLDkPsTzw/vvlmIuU3gxSkaqP9cB3foGkmjsMYf +oaCjsjkw1skPANpBUuTONiDfYgEFDGzINsSR0IOB5GhVevNskS4ltSJZK0BHaNQr +e0WvWkS3ZC55lOZiUxA0NWLaLP8tSXdWoaUK3XBwCi+yg5E+enM88Hx69kAY5Xxs +1D3GxPpCPXTT6xVuutA7eaozb7QQuMQro/T279YpFN7DblFs4CxYpGFJHsJ3+y9m +4jj1vDSA5lZvj20x4EhiS40rsF/5pjBq0SZG39Gv9cUwJjgbgwAPRjufv5Hjd4vo +b2X36v0CgYEA+mm1qlKHLEtnDVZK+6gX5gO6O7YF+u/Nj+jzsZ7/2/O0LMDs37kd +jq+8KJz/xsSyU0s+1r+ddY8GuIGHqyGiRVKyIUcA90vd9SrxYcRbbV7G0QZym+F4 +fuJ3jRbFK6fDz9BwkaE7/uOFsckWNiSH7ChSQss8nIQ8AdH4bBjyJ2cCgYEAzsMq +V2Pc9dXYsKQVoCbSvcWqizh0GrOoZUKfytBNnGacS9wU1mfdNknTS3fwLWfaBu7e +mS3MdFQoM0g4kOGEhv09vb1bNiAe+x37cXQvFzKeH9Aj3LTnJQHIbnEBnZGM+VMA +9e2TsS6b/L1L/4+zz6yCecZHpezpQjcslk8A4icCgYBgrHDS6Xt/8Tg+oOLf1twr +E6NRLAuQ/gU5GrECEKUscCBN6slH8bpkfJnCgCIKxaMmnvUKiP0sBmSM1Izg12JD +KxLT4AqSbjqpTMPVf63gQme1CK00Ws5fBeUrle/W07S3xPvAbSOxWnsh0MT/cAj9 +de+UE8w5jJ9yAHLMoLDT3wKBgDOUUlK8sdmOAGGIfXCXXslCr1nNuoESwnaIWU6C +Cmpy2pi+DWCzRmcNoa1Y/UyGdMh3/IXf+/olKGYqpRnXeHUoZaeYvlFRUAk7IIfc +AQdbdEDhbqDXbDY6LKMIg+un7LAh+cJgAxEXXIh/PJ9DXQr4sQ/p2+PTpxkCpJfW +m5TPAoGAYIdAPSVITlwvEJZHOy0TJ5/1f8oAcNp16hhhfmxN8NCad5JaW8G5QSDG +ck7RvwV6Zt3z5LaXYCyz8JbMxTGnCMdf5xKrRkTN+i515BGBYQqbkNqrdIdYKzmF +wDHaQFVtWi7cH1j6fygW9luZt3Jh0+euPEewMmLzZ1AglSYDwUQ= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Target.key new file mode 100644 index 0000000000..5f4989f7cd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/keys/Target.key @@ -0,0 +1,10 @@ +openssl genrsa 512 +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBANUTu1K/yhkaBhloBx3mhxbT8OASuqK1Kj3ts2QWBqNQ/LCkSfL5 +qzStT9sKPSslkoY/lN/7/FTyx22e0hDgzQ0CAwEAAQJAbZBW20b5QY0LI9dFCY/3 +WLqkemPHClFDplJq0wUsZp8XCIDjkx8RzNBOjN1i4WV25z5q5lOGeYopYgE4g5AQ +QQIhAO0ZkvzLX7A08d5guXp7AZYIbX3z43fzBaaAPkgRaC9RAiEA5g/uXR1+NxrK +a88zei/oADF6tixOoTI41Hkg3CCK6v0CIE6GPskcbfeEwWod7K/k1zSiW+jwAjDy +urdXF8l0gmXRAiBNtcnlKAYvJNyFCAsyVaY/EneJu3Of3W/2zSd9U3y5HQIgXa7O +cDEGpXaGf862y0kEzrHPnG8morJkL6zjUOtI6ZA= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/main.test b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/main.test new file mode 100644 index 0000000000..8b3e8696ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-512bit-rsa-key/main.test @@ -0,0 +1,11 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: RSA modulus too small + actual: 512 + minimum: 1024 +ERROR: Unacceptable public key + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/chain.pem new file mode 100644 index 0000000000..0bd5b9bf25 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/chain.pem @@ -0,0 +1,268 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the leaf has a basic constraints extension with +CA=true + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:bc:87:56:5b:c5:c0:7d:88:48:cc:cc:ca:97:dd:d6:7e:b8:ae:e7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:16:a4:92:0f:af:f6:da:90:19:3e:26:29:a9: + 04:35:24:67:db:93:b7:89:61:5c:c2:84:07:ff:db: + 83:9a:1b:5c:9d:2f:ac:f6:20:87:74:fd:5a:f7:96: + da:aa:8b:77:d0:7d:cb:87:cf:96:37:2d:04:ef:19: + f7:09:6d:aa:73:74:16:b9:1c:f1:7b:15:9f:50:a9: + be:33:08:86:9f:88:9e:0c:b4:3b:2a:98:06:43:0f: + bb:14:ac:65:27:0f:c1:6c:58:d0:54:ce:62:89:ed: + 03:99:3c:c7:f0:2e:ab:c5:f3:f0:5a:b6:91:68:6f: + aa:4b:37:e9:d8:dd:63:0f:6c:a2:0b:f7:72:0e:6f: + a3:ee:b9:7e:c7:4b:a4:cd:69:6c:b8:a3:66:14:14: + 46:96:95:ca:60:64:af:58:93:0b:a2:d8:17:04:5c: + cd:ec:48:85:7a:4b:5b:c2:84:00:52:fa:8f:25:7b: + ce:0b:9b:14:a6:21:cc:48:f6:14:d5:c1:1b:3a:8b: + ba:ae:ef:15:55:0d:63:4d:f6:ea:f1:ca:1c:11:04: + 3a:c9:f8:87:13:c2:8f:cb:f1:1d:18:79:2f:66:1d: + 10:45:2d:4c:55:49:4c:3b:68:28:25:4a:8b:99:a9: + 8d:27:66:86:71:4a:6d:f1:f8:fb:58:7e:db:3b:2d: + 9e:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F8:96:4F:23:BA:6B:B3:8F:4B:07:6E:24:86:07:55:F1:E9:8E:6E:02 + X509v3 Authority Key Identifier: + 0D:33:4F:98:F6:3C:94:C8:20:5B:51:C9:BD:ED:09:3B:F0:B4:F3:D6 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2f:f3:3e:5f:9a:ed:43:1c:58:2e:15:aa:94:d8:d7:37:87:83: + 79:ff:a8:7d:d2:bf:3d:4d:3c:99:91:78:93:84:7b:ce:1e:07: + 55:f8:bd:5d:d1:e6:82:c4:a9:c0:6b:bf:e4:73:df:d0:b6:38: + 09:66:84:23:50:e3:16:37:15:88:89:78:08:31:7d:52:e0:56: + a2:2d:ef:a6:75:5a:a3:44:c5:ae:23:a3:fc:92:81:b6:cf:3f: + bc:ba:a1:4d:da:6d:0a:18:04:95:7a:4f:b3:74:e7:1b:19:97: + fd:c3:32:c3:77:17:15:7a:d5:9b:6c:54:9c:16:1b:3f:37:3e: + b9:ed:97:69:f9:da:3d:cf:e4:aa:2a:39:45:28:2b:2e:4e:d7: + 60:bb:fd:cb:3d:c2:19:85:e0:f6:1d:1e:bb:21:4c:f4:ee:a1: + cf:dc:c9:24:53:cb:80:44:5f:d3:cf:83:09:90:17:1c:32:a8: + c5:49:c1:c9:e6:28:f0:88:7d:36:d1:fe:0b:dc:a9:3f:79:ae: + c9:89:4c:04:ec:49:ac:6d:58:24:67:20:d3:8f:29:c1:87:84: + 2f:69:4f:da:18:7d:f6:a0:88:92:ea:db:47:8d:f0:b3:a3:c9: + 15:6a:c8:e5:84:79:74:cd:e1:ee:fa:02:79:05:1f:5c:76:4a: + 71:ae:58:b8 +-----BEGIN CERTIFICATE----- +MIIDsTCCApmgAwIBAgIUCLyHVlvFwH2ISMzMypfd1n64rucwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvhakkg+v9tqQGT4mKakENSRn25O3iWFcwoQH/9uDmhtc +nS+s9iCHdP1a95baqot30H3Lh8+WNy0E7xn3CW2qc3QWuRzxexWfUKm+MwiGn4ie +DLQ7KpgGQw+7FKxlJw/BbFjQVM5iie0DmTzH8C6rxfPwWraRaG+qSzfp2N1jD2yi +C/dyDm+j7rl+x0ukzWlsuKNmFBRGlpXKYGSvWJMLotgXBFzN7EiFektbwoQAUvqP +JXvOC5sUpiHMSPYU1cEbOou6ru8VVQ1jTfbq8cocEQQ6yfiHE8KPy/EdGHkvZh0Q +RS1MVUlMO2goJUqLmamNJ2aGcUpt8fj7WH7bOy2eiwIDAQABo4H6MIH3MB0GA1Ud +DgQWBBT4lk8jumuzj0sHbiSGB1Xx6Y5uAjAfBgNVHSMEGDAWgBQNM0+Y9jyUyCBb +Ucm97Qk78LTz1jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAL/M+X5rtQxxYLhWqlNjXN4eDef+ofdK/PU08 +mZF4k4R7zh4HVfi9XdHmgsSpwGu/5HPf0LY4CWaEI1DjFjcViIl4CDF9UuBWoi3v +pnVao0TFriOj/JKBts8/vLqhTdptChgElXpPs3TnGxmX/cMyw3cXFXrVm2xUnBYb +Pzc+ue2XafnaPc/kqio5RSgrLk7XYLv9yz3CGYXg9h0euyFM9O6hz9zJJFPLgERf +08+DCZAXHDKoxUnByeYo8Ih9NtH+C9ypP3muyYlMBOxJrG1YJGcg048pwYeEL2lP +2hh99qCIkurbR43ws6PJFWrI5YR5dM3h7voCeQUfXHZKca5YuA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:6e:e9:d7:f8:5d:44:ad:34:05:15:23:70:65:9e:cc:e0:a7:66:53 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c5:8c:3e:44:f5:7d:89:d5:8d:77:86:f9:d5:a0: + 8b:dc:1d:0f:3e:d0:f8:d1:72:c4:5b:d0:83:56:b5: + 98:0c:4e:0c:3d:48:f7:db:06:e8:c2:eb:5c:fc:f4: + 2f:b0:23:74:fc:95:23:0c:7d:3d:be:29:89:6f:d5: + 97:d3:8b:6f:bf:36:4d:99:4e:c9:fe:59:a2:9a:56: + df:3c:a6:e0:f4:8e:2b:20:00:4a:4d:6e:15:c9:7f: + c0:35:8f:5a:48:08:0b:41:d1:cf:84:c0:fd:99:71: + 26:96:7b:b5:6f:1d:ce:db:74:b1:d3:1d:39:37:70: + d0:e1:53:d5:44:72:e2:80:c2:bb:c7:71:93:4e:02: + 40:ac:a0:af:33:72:a1:6d:9a:44:9b:45:ad:22:74: + fc:18:74:e0:84:34:00:00:76:46:2a:77:f9:ff:a8: + af:71:b9:e6:e6:32:9a:d4:d2:a7:dd:71:f9:2a:49: + 2a:fe:c2:8e:cf:9c:77:f7:39:7d:d3:99:09:b1:49: + 30:35:e5:8d:3a:c3:3e:6c:1d:d6:b7:26:bb:90:e4: + 3b:c3:2e:aa:37:18:bb:28:f3:79:d2:69:9c:87:7f: + 78:5f:c5:97:d1:d8:45:14:17:38:6d:66:23:2e:90: + dd:25:c1:60:3c:7c:f5:9a:d2:16:05:c0:7f:89:3e: + 10:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 0D:33:4F:98:F6:3C:94:C8:20:5B:51:C9:BD:ED:09:3B:F0:B4:F3:D6 + X509v3 Authority Key Identifier: + 7A:98:A9:3F:BA:80:DD:68:1B:1C:87:57:2E:42:3F:5F:B3:50:5D:A8 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 76:1d:d7:22:f9:e8:d8:a6:ec:b0:bf:06:92:7c:2a:82:cd:8a: + 7b:13:bd:c6:d9:da:4b:b3:94:12:82:59:a8:16:76:c1:05:c0: + 7e:7d:19:b4:8f:35:c7:58:73:ff:7d:9e:8c:55:6f:0b:b3:e3: + 5f:d0:e8:57:c0:92:6c:47:a7:55:84:77:90:19:c1:67:1f:8a: + 32:70:0c:3e:de:01:6f:c6:79:1e:a0:10:15:a2:ec:f6:1a:19: + 10:ac:aa:bf:63:0b:52:88:3d:61:5e:e9:6b:76:4d:b1:f5:16: + a7:09:4f:68:67:1b:47:b5:62:37:b2:6b:66:e0:e7:51:86:50: + 32:54:b7:b7:e8:77:5c:d8:ff:8d:3b:6e:49:ac:5c:ce:33:38: + 52:0f:41:80:1d:b0:fd:35:8d:37:23:06:e3:1c:89:f4:d3:6c: + 73:d0:d3:8f:72:db:9a:7a:34:40:54:77:97:ae:9f:5b:4d:d8: + 94:99:a7:89:11:04:bb:52:06:ba:32:fd:f9:16:b7:ee:a6:03: + 55:39:31:4f:89:3b:9c:9b:d3:61:4b:a0:f2:ab:24:ad:95:46: + 2e:5e:27:be:03:f2:e0:4d:70:27:63:9a:c1:f9:1b:00:ab:6b: + de:e7:f1:04:a7:b5:bd:85:31:a6:32:4b:0e:e8:a5:ab:8d:c1: + 52:19:f2:b6 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUAm7p1/hdRK00BRUjcGWezOCnZlMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMWMPkT1fYnVjXeG+dWgi9wdDz7Q+NFyxFvQg1a1mAxODD1I +99sG6MLrXPz0L7AjdPyVIwx9Pb4piW/Vl9OLb782TZlOyf5ZoppW3zym4PSOKyAA +Sk1uFcl/wDWPWkgIC0HRz4TA/ZlxJpZ7tW8dztt0sdMdOTdw0OFT1URy4oDCu8dx +k04CQKygrzNyoW2aRJtFrSJ0/Bh04IQ0AAB2Rip3+f+or3G55uYymtTSp91x+SpJ +Kv7Cjs+cd/c5fdOZCbFJMDXljTrDPmwd1rcmu5DkO8MuqjcYuyjzedJpnId/eF/F +l9HYRRQXOG1mIy6Q3SXBYDx89ZrSFgXAf4k+EIcCAwEAAaOByzCByDAdBgNVHQ4E +FgQUDTNPmPY8lMggW1HJve0JO/C089YwHwYDVR0jBBgwFoAUepipP7qA3WgbHIdX +LkI/X7NQXagwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQB2Hdci+ejYpuywvwaSfCqCzYp7E73G2dpLs5QS +glmoFnbBBcB+fRm0jzXHWHP/fZ6MVW8Ls+Nf0OhXwJJsR6dVhHeQGcFnH4oycAw+ +3gFvxnkeoBAVouz2GhkQrKq/YwtSiD1hXulrdk2x9RanCU9oZxtHtWI3smtm4OdR +hlAyVLe36Hdc2P+NO25JrFzOMzhSD0GAHbD9NY03IwbjHIn002xz0NOPctuaejRA +VHeXrp9bTdiUmaeJEQS7Uga6Mv35FrfupgNVOTFPiTucm9NhS6DyqyStlUYuXie+ +A/LgTXAnY5rB+RsAq2ve5/EEp7W9hTGmMksO6KWrjcFSGfK2 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:6e:e9:d7:f8:5d:44:ad:34:05:15:23:70:65:9e:cc:e0:a7:66:52 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:af:0c:3f:db:02:4b:9e:87:03:a5:64:a7:18:9a: + c1:4c:c8:bf:1b:e7:5a:04:52:70:6c:a2:bc:19:99: + 33:44:f9:9a:6b:30:d8:57:5b:be:a0:dc:8c:97:91: + 20:97:f8:04:ef:21:1d:b1:c7:a3:1b:57:02:c9:bd: + 53:54:f8:58:96:f3:c2:d7:5e:ae:61:c1:d5:08:ff: + 88:bf:80:c1:ef:c8:6d:99:ac:8e:55:f6:e0:da:8f: + f3:31:f1:e5:02:82:2c:f9:42:cb:7c:4c:2b:ba:97: + eb:ef:cd:b0:d5:31:a1:09:f8:5e:62:74:4e:29:02: + 9b:7e:de:0b:31:36:b6:fd:36:e5:a6:a8:ac:05:1f: + 5f:32:e6:60:f7:5f:8f:f3:a5:6e:3d:c4:ec:dd:23: + ac:4b:69:ab:df:41:65:2b:bd:f2:ed:51:e0:94:e4: + 5f:35:6c:be:c8:be:2a:10:27:55:92:6b:82:ac:72: + b7:c4:de:47:04:03:6c:57:fd:de:f1:17:3b:16:0c: + d7:cd:26:28:84:b2:df:19:e7:2f:45:87:2f:91:82: + d5:21:4b:0a:49:77:a0:46:39:2d:fc:ab:63:1f:76: + 2d:c1:4a:03:1c:d8:e0:dc:a3:4d:c8:56:aa:41:1c: + e9:11:63:10:c6:55:03:4e:c8:be:53:7e:3c:a9:d7: + 13:af + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7A:98:A9:3F:BA:80:DD:68:1B:1C:87:57:2E:42:3F:5F:B3:50:5D:A8 + X509v3 Authority Key Identifier: + 7A:98:A9:3F:BA:80:DD:68:1B:1C:87:57:2E:42:3F:5F:B3:50:5D:A8 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 07:9d:ea:d3:5a:05:0f:1d:14:12:d4:a3:1f:1e:29:e7:5b:8c: + 8f:9f:3e:b9:f3:85:d2:5e:73:9c:41:7c:81:bf:75:fe:61:49: + dd:d9:69:95:43:4c:46:8d:b7:49:1b:b8:4e:a0:e8:f7:ab:dc: + c1:6c:85:43:4b:f1:94:a0:3c:b6:06:db:20:70:fe:cb:b4:a3: + ee:d3:12:93:70:c1:c1:97:30:8e:78:7a:7e:31:f6:35:d4:b6: + e8:f4:9e:1c:11:c9:5b:51:8b:18:da:c3:65:48:d8:0c:9d:7e: + 73:27:26:b1:3c:25:b2:9c:12:79:a8:3e:37:18:14:ca:a9:33: + 78:17:03:12:bd:42:48:6f:78:0a:4f:8d:b5:c0:88:c4:d2:a5: + 99:84:2b:a5:d9:40:85:65:67:aa:12:74:4f:c9:b6:0a:64:17: + d7:af:51:3b:13:08:70:ce:65:af:36:59:46:32:b3:40:45:c3: + 1a:8b:56:3e:2b:81:5d:81:48:a6:f9:8e:5b:26:c2:1a:1a:68: + 57:a1:22:8a:42:2e:9a:51:8c:18:f8:fe:d6:a4:89:b5:7d:64: + 14:5b:b1:5d:26:92:f1:17:54:8a:bb:e6:d7:97:82:6c:e1:b4: + 39:42:68:d1:69:64:a9:21:1c:28:e1:ae:bd:eb:09:78:76:c9: + 7f:cd:79:90 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUAm7p1/hdRK00BRUjcGWezOCnZlIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCvDD/bAkuehwOlZKcYmsFMyL8b51oEUnBsorwZmTNE+ZprMNhXW76g3IyX +kSCX+ATvIR2xx6MbVwLJvVNU+FiW88LXXq5hwdUI/4i/gMHvyG2ZrI5V9uDaj/Mx +8eUCgiz5Qst8TCu6l+vvzbDVMaEJ+F5idE4pApt+3gsxNrb9NuWmqKwFH18y5mD3 +X4/zpW49xOzdI6xLaavfQWUrvfLtUeCU5F81bL7IvioQJ1WSa4KscrfE3kcEA2xX +/d7xFzsWDNfNJiiEst8Z5y9Fhy+RgtUhSwpJd6BGOS38q2Mfdi3BSgMc2ODco03I +VqpBHOkRYxDGVQNOyL5Tfjyp1xOvAgMBAAGjgcswgcgwHQYDVR0OBBYEFHqYqT+6 +gN1oGxyHVy5CP1+zUF2oMB8GA1UdIwQYMBaAFHqYqT+6gN1oGxyHVy5CP1+zUF2o +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAB53q01oFDx0UEtSjHx4p51uMj58+ufOF0l5znEF8gb91/mFJ +3dlplUNMRo23SRu4TqDo96vcwWyFQ0vxlKA8tgbbIHD+y7Sj7tMSk3DBwZcwjnh6 +fjH2NdS26PSeHBHJW1GLGNrDZUjYDJ1+cycmsTwlspwSeag+NxgUyqkzeBcDEr1C +SG94Ck+NtcCIxNKlmYQrpdlAhWVnqhJ0T8m2CmQX169ROxMIcM5lrzZZRjKzQEXD +GotWPiuBXYFIpvmOWybCGhpoV6EiikIumlGMGPj+1qSJtX1kFFuxXSaS8RdUirvm +15eCbOG0OUJo0WlkqSEcKOGuvesJeHbJf815kA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/generate-chains.py new file mode 100755 index 0000000000..8530a7a7e2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/generate-chains.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the leaf has a basic constraints extension with +CA=true""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (end entity, but has pathlen set). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('basicConstraints', 'critical,CA:true') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') +gencerts.write_chain(__doc__, [target], 'target_only.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Intermediate.key new file mode 100644 index 0000000000..6a35ec49d1 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFjD5E9X2J1Y13 +hvnVoIvcHQ8+0PjRcsRb0INWtZgMTgw9SPfbBujC61z89C+wI3T8lSMMfT2+KYlv +1ZfTi2+/Nk2ZTsn+WaKaVt88puD0jisgAEpNbhXJf8A1j1pICAtB0c+EwP2ZcSaW +e7VvHc7bdLHTHTk3cNDhU9VEcuKAwrvHcZNOAkCsoK8zcqFtmkSbRa0idPwYdOCE +NAAAdkYqd/n/qK9xuebmMprU0qfdcfkqSSr+wo7PnHf3OX3TmQmxSTA15Y06wz5s +Hda3JruQ5DvDLqo3GLso83nSaZyHf3hfxZfR2EUUFzhtZiMukN0lwWA8fPWa0hYF +wH+JPhCHAgMBAAECggEAFLiD9Di/EmeUyfOdnf4+h/fWWF4+qGgo14E/XXzOYNqz +kZ68khFJ9d65J2E3j/qlc97yyQW+pa/MANp/F+CEIqLVWzN2oC1nuaz2B8cbSRuR +GMS0W9B5tuPQVe3ePY2hHKYfZbXWg93opcJ+bT7LqpzgEBxRxZJu88uWzvIGob8G +j4/XV6+UuTXo7fQXSLt445NnWEutlo/abiTVXrhJvwucCRAlz5Dp+YH8ZK0Cdr3Y +66QopLyIKj0hi8Ra5m7CmZ/1CFq8bPj/dUvH4nhNUX6bLecPq2bJxKvFu8S2utz/ +cpqfbgx/sTSisqqu0gL5O35RUtjAaszWcB3mcEMceQKBgQD3EbeSx0F15ccB/2JX +S+DCbdhYG52Xm6/SbT3gKEX2CeQbqha+z3FfSn25CBb34xBo0u1g2HVhCqlezDkk +xSsX4bOLZbPbnr7fBs0BXd6x9JRFBCfj4DSvevH4BOOUmvTBlqQIDGT/z3nT/xof +q0zNX/ENs50r806iQTag8wpB/wKBgQDMsEZBOA9MmzFceGGaNmCo4Aks/dc0VqGN +Z2kXuVdXuwiHW6PFSKYIqcdk+YZvGFebuAB7p+yavQy6YZ5pGkjjgJNtpd22HTCe +DH5aiArzpvp9VASslrePsA8PYPMiZj4lyNY1qrOZ9vyFghOGp8z2YCtL2AOyW7Zt +Fa4XIx0heQKBgEnH9a0Uadz+UE6taD2vgCAv02KEZKxoprnNO6QcAsB1tbP5OC+l +HTMauK6v1sQR/81957t7CJqBJ5ESpaHwa20HTqm7JlnYbyGFE2VsFdvIsRpnIk5v +nuwkZ+vr8dZn691/0d5BbUvjNntze+anLhlKpF62G6KLVxknJlwsGA0bAoGACpzh +J6SGdoxdZNQBC4PiQx9KmoCW1enf+nrwIgDEHJJgANSpiyMXKL/UzNF7POtgL3y8 +2ax9QhCnRkqlcgGg4draygadlkGxMaCoNH11Q+jWeAURMPmnjtWsEjoOoSv38PGW +2bV+Fm+N7EYwSP0OTX/y/r22g1rp/IHxQtXZPtECgYBvOBHX/bNN5/QPnaf2cht1 +m1TzZ4HqRTcad7mzrH7lUBGrBT9PobcO8UzvnIV7Oq/mEDiKYSN3AFaktKwSw9Nn +C6/Qu8hix+fA3kikz4zVVOl6WHKDqNDS52WmEOvLF0hdGTiftv93mjlle0iIQmnq +dQmE+pR3AxQXxjtFon74XA== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Root.key new file mode 100644 index 0000000000..0304d57040 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvDD/bAkuehwOl +ZKcYmsFMyL8b51oEUnBsorwZmTNE+ZprMNhXW76g3IyXkSCX+ATvIR2xx6MbVwLJ +vVNU+FiW88LXXq5hwdUI/4i/gMHvyG2ZrI5V9uDaj/Mx8eUCgiz5Qst8TCu6l+vv +zbDVMaEJ+F5idE4pApt+3gsxNrb9NuWmqKwFH18y5mD3X4/zpW49xOzdI6xLaavf +QWUrvfLtUeCU5F81bL7IvioQJ1WSa4KscrfE3kcEA2xX/d7xFzsWDNfNJiiEst8Z +5y9Fhy+RgtUhSwpJd6BGOS38q2Mfdi3BSgMc2ODco03IVqpBHOkRYxDGVQNOyL5T +fjyp1xOvAgMBAAECggEAANrOdQNN2zhNjEExj60xxG42gKxghCTi56Tjxjw5Q9z0 +JBHY/JQ2GhL5nMPYpOVRINnIi1WuNjP2j4WdIo0T4ajPCr4rm86We7TDtiuqxsDz +yAxPpZvO/UI2rcfAloKMNatd0v2MOR0Eyeb3NhNH9gSAcXqf5xNcLwJmi5b4zcO0 +x4vE01JKaUrzGOihCpbu63Or4HwvV0Y7VqY911FydiB0qPVV1G11CODOoxO00Igz +9sCyz0ulyj2HwnKiMrl1hZWoVRwbIdesMv5Da8PcDiTvYCHNcs4GdfuHoXeakvbC +4c7IUWKjEFHSalzOC3edKVQBjf0EP08o+twyP+KUAQKBgQC/wn9FbO4zRAYZroFY +jAwaBaCCEh3PF0gtsbk2Aw3gAbZJhqFv5aYw66LA6Y2XLjYdymIgDh6Ll2LDwh3d +LwEaBKyMVshB5g7cRLhm6ehfxlqMARv/ZUCm44UakPGVrEnoFdfgWccA8XbaVduD +wMAJLNpu2A4LW0NYsTv85BDYRwKBgQDpsIXnUn/JEPzEMq/bOtG4thHBEV+ab6wz +33fKtg6mdhL17KpN5r77/tVmCyA7ADHMHlW+HmIQUF8PAMKwq/XuoghcctDoQsv6 +TNANIpiOMMPerAqUAW+Px4LJBfArZU3+0IOioLS3J0Pc5k4GSKLFif/tIp7HsMuQ +0VFcgemFWQKBgAQULQTbBk4M2lxde97YS8GZ8QoTPJMVGbHvH9NoSTlEkA4MUQ7C +QcC0omecECjxELGdhmzMIBY0CCPF00DLKSjWhJ0Pk37jV9mTlKCLxSeUXoSv2Vqb +Wr6yBDjGcH0QhxnqrQbWogcBG9gVD3BD/1GypIrLCbFwJYSTcIU2jK0tAoGBAK8D +zyURejZhjIx70YyEnrCRWvaXRlxpKjSnNhYRByPP5h9cIae6GmqrzbJgvsCxQpo2 +VczPAG5rYuXfke+yubsAivaB3sczz4QjpuVPdaV4DBlmC34RHTY3G1HmKpq1ghZG +n29aoD1TINX9fY3jNFRxJ8S3Wub/F1XcDe0UNonxAoGACE74clb0g0v5ROuODuT5 +5lI9UKkdEbT2s/sRAY3FgJFbEhs7JHzXqV9Y96vmrUiBRLw3GkpPCCGGR9vi02Je +yt0NFTgBw2sGXWQ+fmidtf42O9Uiku2daaMr0xLd12ouujdMHjtKP7qQOGVzRuXc +mBnf8njMO+RrQsxfpmIDNk0= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Target.key new file mode 100644 index 0000000000..27adebb3ee --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+FqSSD6/22pAZ +PiYpqQQ1JGfbk7eJYVzChAf/24OaG1ydL6z2IId0/Vr3ltqqi3fQfcuHz5Y3LQTv +GfcJbapzdBa5HPF7FZ9Qqb4zCIafiJ4MtDsqmAZDD7sUrGUnD8FsWNBUzmKJ7QOZ +PMfwLqvF8/BatpFob6pLN+nY3WMPbKIL93IOb6PuuX7HS6TNaWy4o2YUFEaWlcpg +ZK9Ykwui2BcEXM3sSIV6S1vChABS+o8le84LmxSmIcxI9hTVwRs6i7qu7xVVDWNN +9urxyhwRBDrJ+IcTwo/L8R0YeS9mHRBFLUxVSUw7aCglSouZqY0nZoZxSm3x+PtY +fts7LZ6LAgMBAAECggEABaIs0vObRKF5EWZyykqeTKNKGs9r6kRi88fEmspQZEfh +chz9VYgo/9DdlfeJGAN+IJp+EUoPZo4mmuIegzX0J6eFgjYj6fgxJTHpCphH0vgn +izs9x0C2r9zGBSM6jdBWqBfE74Ce3nUr5XbYnQOlE9ynTBwkOsyGiTk2DrcoaM9d +GqVV4TK18ZQgSStL2OByYXLwS26VIBq77OT4KuI2jhLgLp5cR2r84gl2PeJZsHn+ +3ZNs87+enHnadHH9fS5xsIig/MYll024QzUxSIBQFxIhOkdhR2NvTdo/DrKkYTj4 +VuJUxoLod5qi/4YJGinmJ8L2erG/hT59uYXXbVpmkQKBgQDVozh+pO4/xuZILmrI +y6BTacTD4eJLw0qjafHtfRO/ENBuCUDHvBuf5Us2IgXuxWUGpCmRfR8bA+ocesv7 +ywhLriw7s2DUOIPMgSQFGowXr+oFCHesKe0UlhtGfhAzFnQZ5EnkXcBCrYKcnhNS +NoBaarTsLuhM2DltJUJWEP4xNwKBgQDjyAJZGFdhKj22OW++DkJsBmD+9JIbMaYu +cgiTckRTFnRbQ+HOa4gMaJAy/8DRZ494E8eLIhm98JtC3C66eufGzua4dTqbWx8P +ZLeX7EvgFRnjs64vGM2NUUrZTuGzIiio7n+zfocLpfxUUyX9T5MXj0sdVgTEAOWr +MgK8Ggo3TQKBgHUwmdbuxjp58ux5ed43xPS8ulDxYd9Je3H0td8ek2xl3s/dh4mJ +KGYns4A4XaTC504jUyIZzqxVE2EYAzlWAHDzVBRTq7P+ZF4UIRwjmeGMgATOxkbM +oN6AEOo0UNKVaI6jad05iDOLVnBvTg31E6eFjUVZ3df5bFbw71ii7a01AoGBANwg +w5wkuPUu5FrBYSr0Dt7kv0JFSxm6vpXuIDmWWU9OyP4WORfKtb0AJDMVFNuKUI1D +2DiuqN/1saZIsWQIOQvZkgE7UXsn8Xln5UGN27nfyphSYggj2So0ILin0djTLyYq +7wChS5NHQvafMHyANW+0TGw6X/qnv0zV1OzB4ZOVAoGBAJIX1DNJggAakxcMCIYu +CqN61ZH9pt4txSjMyeJWfgnvmKCXo6YlNeIxcBMvqOha3XGjzeSZliOUaD9vNrx3 +i+Qk6P++mPkCtRtDgAvvibm+GnqpQ9rOYbWqiKGMeae6Nf45u1bRO4ZotYvqRD7f +akAqiSd4xmHiXitPwszCCizK +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/main.test b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/main.test new file mode 100644 index 0000000000..741ec48e4a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate has Basic Constraints indicating it is a CA when it should not be a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/strict.test b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/strict.test new file mode 100644 index 0000000000..ad5b666a18 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/strict.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Certificate has Basic Constraints indicating it is a CA when it should not be a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf-strict.test b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf-strict.test new file mode 100644 index 0000000000..290a4035cd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf-strict.test @@ -0,0 +1,5 @@ +chain: target_only.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf.test b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf.test new file mode 100644 index 0000000000..1b1a40e032 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only-trusted_leaf.test @@ -0,0 +1,5 @@ +chain: target_only.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only.pem b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only.pem new file mode 100644 index 0000000000..9eaed8e531 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-ca-basic-constraints/target_only.pem @@ -0,0 +1,94 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the leaf has a basic constraints extension with +CA=true + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:bc:87:56:5b:c5:c0:7d:88:48:cc:cc:ca:97:dd:d6:7e:b8:ae:e7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:16:a4:92:0f:af:f6:da:90:19:3e:26:29:a9: + 04:35:24:67:db:93:b7:89:61:5c:c2:84:07:ff:db: + 83:9a:1b:5c:9d:2f:ac:f6:20:87:74:fd:5a:f7:96: + da:aa:8b:77:d0:7d:cb:87:cf:96:37:2d:04:ef:19: + f7:09:6d:aa:73:74:16:b9:1c:f1:7b:15:9f:50:a9: + be:33:08:86:9f:88:9e:0c:b4:3b:2a:98:06:43:0f: + bb:14:ac:65:27:0f:c1:6c:58:d0:54:ce:62:89:ed: + 03:99:3c:c7:f0:2e:ab:c5:f3:f0:5a:b6:91:68:6f: + aa:4b:37:e9:d8:dd:63:0f:6c:a2:0b:f7:72:0e:6f: + a3:ee:b9:7e:c7:4b:a4:cd:69:6c:b8:a3:66:14:14: + 46:96:95:ca:60:64:af:58:93:0b:a2:d8:17:04:5c: + cd:ec:48:85:7a:4b:5b:c2:84:00:52:fa:8f:25:7b: + ce:0b:9b:14:a6:21:cc:48:f6:14:d5:c1:1b:3a:8b: + ba:ae:ef:15:55:0d:63:4d:f6:ea:f1:ca:1c:11:04: + 3a:c9:f8:87:13:c2:8f:cb:f1:1d:18:79:2f:66:1d: + 10:45:2d:4c:55:49:4c:3b:68:28:25:4a:8b:99:a9: + 8d:27:66:86:71:4a:6d:f1:f8:fb:58:7e:db:3b:2d: + 9e:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F8:96:4F:23:BA:6B:B3:8F:4B:07:6E:24:86:07:55:F1:E9:8E:6E:02 + X509v3 Authority Key Identifier: + 0D:33:4F:98:F6:3C:94:C8:20:5B:51:C9:BD:ED:09:3B:F0:B4:F3:D6 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2f:f3:3e:5f:9a:ed:43:1c:58:2e:15:aa:94:d8:d7:37:87:83: + 79:ff:a8:7d:d2:bf:3d:4d:3c:99:91:78:93:84:7b:ce:1e:07: + 55:f8:bd:5d:d1:e6:82:c4:a9:c0:6b:bf:e4:73:df:d0:b6:38: + 09:66:84:23:50:e3:16:37:15:88:89:78:08:31:7d:52:e0:56: + a2:2d:ef:a6:75:5a:a3:44:c5:ae:23:a3:fc:92:81:b6:cf:3f: + bc:ba:a1:4d:da:6d:0a:18:04:95:7a:4f:b3:74:e7:1b:19:97: + fd:c3:32:c3:77:17:15:7a:d5:9b:6c:54:9c:16:1b:3f:37:3e: + b9:ed:97:69:f9:da:3d:cf:e4:aa:2a:39:45:28:2b:2e:4e:d7: + 60:bb:fd:cb:3d:c2:19:85:e0:f6:1d:1e:bb:21:4c:f4:ee:a1: + cf:dc:c9:24:53:cb:80:44:5f:d3:cf:83:09:90:17:1c:32:a8: + c5:49:c1:c9:e6:28:f0:88:7d:36:d1:fe:0b:dc:a9:3f:79:ae: + c9:89:4c:04:ec:49:ac:6d:58:24:67:20:d3:8f:29:c1:87:84: + 2f:69:4f:da:18:7d:f6:a0:88:92:ea:db:47:8d:f0:b3:a3:c9: + 15:6a:c8:e5:84:79:74:cd:e1:ee:fa:02:79:05:1f:5c:76:4a: + 71:ae:58:b8 +-----BEGIN CERTIFICATE----- +MIIDsTCCApmgAwIBAgIUCLyHVlvFwH2ISMzMypfd1n64rucwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvhakkg+v9tqQGT4mKakENSRn25O3iWFcwoQH/9uDmhtc +nS+s9iCHdP1a95baqot30H3Lh8+WNy0E7xn3CW2qc3QWuRzxexWfUKm+MwiGn4ie +DLQ7KpgGQw+7FKxlJw/BbFjQVM5iie0DmTzH8C6rxfPwWraRaG+qSzfp2N1jD2yi +C/dyDm+j7rl+x0ukzWlsuKNmFBRGlpXKYGSvWJMLotgXBFzN7EiFektbwoQAUvqP +JXvOC5sUpiHMSPYU1cEbOou6ru8VVQ1jTfbq8cocEQQ6yfiHE8KPy/EdGHkvZh0Q +RS1MVUlMO2goJUqLmamNJ2aGcUpt8fj7WH7bOy2eiwIDAQABo4H6MIH3MB0GA1Ud +DgQWBBT4lk8jumuzj0sHbiSGB1Xx6Y5uAjAfBgNVHSMEGDAWgBQNM0+Y9jyUyCBb +Ucm97Qk78LTz1jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAL/M+X5rtQxxYLhWqlNjXN4eDef+ofdK/PU08 +mZF4k4R7zh4HVfi9XdHmgsSpwGu/5HPf0LY4CWaEI1DjFjcViIl4CDF9UuBWoi3v +pnVao0TFriOj/JKBts8/vLqhTdptChgElXpPs3TnGxmX/cMyw3cXFXrVm2xUnBYb +Pzc+ue2XafnaPc/kqio5RSgrLk7XYLv9yz3CGYXg9h0euyFM9O6hz9zJJFPLgERf +08+DCZAXHDKoxUnByeYo8Ih9NtH+C9ypP3muyYlMBOxJrG1YJGcg048pwYeEL2lP +2hh99qCIkurbR43ws6PJFWrI5YR5dM3h7voCeQUfXHZKca5YuA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/chain.pem new file mode 100644 index 0000000000..4443c782ab --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/chain.pem @@ -0,0 +1,276 @@ +[Created by: generate-chains.py] + +Certificate chain where the leaf certificate asserts the keyCertSign key +usage, however does not have CA=true in the basic constraints extension to +indicate it is a CA. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:e0:65:d2:8a:72:7c:60:7d:f8:7e:88:6d:f0:a6:80:23:e1:38:a9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d5:97:4d:ce:b9:89:7b:00:4f:e4:1f:f6:b0:1d: + 26:7d:c5:42:70:21:40:3a:a6:f9:07:5b:11:c6:fb: + 0f:8e:79:46:78:ad:34:71:46:b4:fa:96:75:06:c8: + 3e:c7:e9:1a:ae:f0:47:7f:4b:53:4a:f2:46:83:89: + 92:b0:11:11:0c:04:7c:33:e1:4b:7e:b5:b5:b2:54: + a7:28:64:31:7b:e2:5c:4a:00:30:3f:8c:21:e0:61: + f6:15:e8:20:03:bf:ce:d3:b4:ec:6e:27:88:fb:a9: + b0:9a:73:79:26:46:55:a3:05:ac:25:ba:6f:24:3c: + 17:7d:17:6c:25:ad:14:68:0b:fd:a6:d6:5f:5a:9a: + 4a:9d:6d:86:e5:77:b9:50:9c:40:2b:40:af:1d:92: + 4e:22:7a:c1:eb:57:17:16:4d:fa:12:e3:8c:25:8e: + 8d:4b:74:4f:3e:67:cd:84:2a:63:46:43:3c:45:7f: + ad:bc:dd:5c:00:46:7e:25:36:43:d9:98:15:a1:f4: + f6:29:5d:54:9d:20:b8:b6:e1:4c:e3:f1:3c:91:47: + 9d:eb:d7:f8:a2:f1:c5:f8:bc:7b:bf:bd:40:38:39: + 01:3b:98:33:12:d9:de:c6:f9:eb:4b:e3:82:8e:98: + 4b:28:1b:cd:ba:22:d5:b3:02:12:fc:40:86:ec:3e: + e7:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1B:6F:D1:A8:67:1C:5F:A0:86:1B:FF:7B:E0:F4:72:33:CF:7C:F0:26 + X509v3 Authority Key Identifier: + keyid:B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Certificate Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 06:a9:9a:f5:d2:51:8d:b1:ce:45:ae:22:20:c9:61:c3:28:71: + ca:cf:e3:f7:86:a8:62:8d:88:90:f0:b5:8a:a0:04:e4:aa:34: + 95:f6:c9:91:50:b0:79:c8:6d:ef:19:cd:f1:ae:2b:7f:3f:e6: + da:99:a6:bb:28:55:f9:8b:4e:e2:90:bf:d9:1d:6b:3b:2c:53: + 0e:3b:7e:ba:d8:3f:83:18:02:43:01:e2:de:d6:98:47:bb:72: + 62:5f:f0:90:61:07:fa:ca:15:d2:d1:f3:61:b9:f3:0a:3a:13: + 43:7a:fb:50:01:63:e9:b6:0c:f4:1a:90:22:21:9d:3e:68:4e: + 46:d8:a1:4d:67:58:26:58:c8:30:0f:d5:6e:f0:28:2c:cc:5a: + 70:75:a3:1a:98:0d:4e:f2:bf:dd:9d:d1:72:3c:85:57:3d:eb: + 77:11:5f:c3:a7:01:82:15:fe:86:cd:b0:6c:9b:2b:5b:48:0e: + 35:d6:4c:10:39:aa:b7:69:d5:5b:b0:af:17:4b:26:6d:01:ea: + 55:3d:74:2e:e5:df:f6:7a:d2:78:81:73:42:2a:bb:72:a5:1f: + 17:25:6b:36:65:42:96:2f:6c:8e:d3:65:b5:95:10:13:99:9d: + bb:ea:9f:cf:42:a5:9f:57:3e:f5:fc:47:d6:cf:a3:33:b4:96: + 92:f1:ba:a2 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUDeBl0opyfGB9+H6IbfCmgCPhOKkwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA1ZdNzrmJewBP5B/2sB0mfcVCcCFAOqb5B1sRxvsPjnlG +eK00cUa0+pZ1Bsg+x+karvBHf0tTSvJGg4mSsBERDAR8M+FLfrW1slSnKGQxe+Jc +SgAwP4wh4GH2FeggA7/O07TsbieI+6mwmnN5JkZVowWsJbpvJDwXfRdsJa0UaAv9 +ptZfWppKnW2G5Xe5UJxAK0CvHZJOInrB61cXFk36EuOMJY6NS3RPPmfNhCpjRkM8 +RX+tvN1cAEZ+JTZD2ZgVofT2KV1UnSC4tuFM4/E8kUed69f4ovHF+Lx7v71AODkB +O5gzEtnexvnrS+OCjphLKBvNuiLVswIS/ECG7D7nUQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBQbb9GoZxxfoIYb/3vg9HIzz3zwJjAfBgNVHSMEGDAWgBSywMIz/Y/1N0tS +hYLdMV3Ooplx0DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIC +pDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAapmvXSUY2xzkWuIiDJYcMoccrP4/eGqGKNiJDwtYqgBOSqNJX2yZFQsHnI +be8ZzfGuK38/5tqZprsoVfmLTuKQv9kdazssUw47frrYP4MYAkMB4t7WmEe7cmJf +8JBhB/rKFdLR82G58wo6E0N6+1ABY+m2DPQakCIhnT5oTkbYoU1nWCZYyDAP1W7w +KCzMWnB1oxqYDU7yv92d0XI8hVc963cRX8OnAYIV/obNsGybK1tIDjXWTBA5qrdp +1VuwrxdLJm0B6lU9dC7l3/Z60niBc0Iqu3KlHxclazZlQpYvbI7TZbWVEBOZnbvq +n89CpZ9XPvX8R9bPozO0lpLxuqI= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:26 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c6:14:bf:96:32:0d:cf:bb:58:2a:b4:3c:97:e5: + 6c:22:92:ff:d3:14:e2:b9:0b:c9:fe:0d:09:d0:c6: + b5:48:ed:e0:2a:25:04:2e:16:08:6b:55:da:d1:f3: + b1:c1:1a:49:85:33:f4:bb:7c:d6:38:45:c8:af:4d: + d4:a9:43:a7:56:cf:9c:40:a5:2b:b8:13:7f:ee:6b: + fe:98:3b:ed:74:2a:5e:c7:9f:7c:e0:73:6c:a7:c4: + d8:f1:e3:55:79:6c:02:7c:b4:e8:3f:1a:93:57:62: + 3a:86:5b:24:db:70:f2:fd:94:91:95:6b:68:72:73: + 31:44:a5:36:32:e6:77:37:bb:e1:cb:6d:b5:aa:20: + 3a:02:7e:ff:44:6d:79:e4:7d:e6:d3:72:92:e9:59: + 92:57:ff:be:e8:e2:d9:84:47:f8:a9:f6:11:ee:cf: + 5b:7f:92:d8:19:44:7f:96:40:52:19:09:80:af:2f: + 36:65:14:9a:fe:ef:aa:aa:c9:00:fb:ac:d3:87:59: + 14:ab:69:52:4c:4f:87:0f:74:49:ab:c5:f2:fb:73: + 23:c0:91:c9:93:82:6f:28:8d:23:f9:2d:f3:92:cc: + f5:68:20:86:0d:37:35:d7:46:da:dd:4a:fc:92:3b: + 32:a2:67:ba:f5:b3:49:13:76:e9:5e:78:a0:86:3e: + de:2d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 + X509v3 Authority Key Identifier: + keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7b:29:9f:c7:c8:ce:5d:3f:cd:53:a3:2a:6e:8e:02:7a:b7:22: + 6d:02:dc:50:3b:51:bc:25:b7:4f:d4:97:6d:c3:3c:dc:f2:17: + be:47:94:48:14:db:9f:89:73:18:b2:75:a6:91:92:5d:84:54: + d8:6c:f9:fe:e4:1f:be:53:e7:9d:c2:df:59:a0:ba:63:b6:67: + db:05:a1:a5:0a:f9:9b:8a:b4:33:71:1b:a9:c7:91:9a:fa:c4: + 2e:f9:2d:6a:7d:f3:34:81:51:72:99:4f:74:00:95:9a:9d:19: + ee:6d:1b:b0:25:5d:ae:e5:fa:9a:ac:a6:ff:9b:63:51:f4:93: + 41:bc:35:5b:da:f3:64:4c:53:46:23:07:08:1e:82:ff:86:25: + fd:6e:26:dc:f2:bb:e9:62:84:24:ac:a0:f3:18:29:02:9a:11: + 1e:30:c5:db:8e:cc:ef:f0:4b:75:25:1e:8e:8d:3b:81:93:ec: + 25:d3:56:f6:a8:7c:85:f6:9c:6e:ff:c8:c3:dd:58:c7:3e:d3: + 4a:a2:23:88:81:fd:25:6d:40:8f:e7:94:1c:a7:62:48:cd:de: + 7a:22:de:55:4c:00:4a:75:e2:3d:29:a6:c1:c8:f0:69:cb:b1: + de:0c:37:49:dd:8a:5a:88:63:8c:8b:e9:44:a2:a8:9a:18:d9: + d5:33:07:ec +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUAx724NVktXF96/VtvwPacabZ6yYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMYUv5YyDc+7WCq0PJflbCKS/9MU4rkLyf4NCdDGtUjt4Col +BC4WCGtV2tHzscEaSYUz9Lt81jhFyK9N1KlDp1bPnEClK7gTf+5r/pg77XQqXsef +fOBzbKfE2PHjVXlsAny06D8ak1diOoZbJNtw8v2UkZVraHJzMUSlNjLmdze74ctt +taogOgJ+/0RteeR95tNykulZklf/vuji2YRH+Kn2Ee7PW3+S2BlEf5ZAUhkJgK8v +NmUUmv7vqqrJAPus04dZFKtpUkxPhw90SavF8vtzI8CRyZOCbyiNI/kt85LM9Wgg +hg03NddG2t1K/JI7MqJnuvWzSRN26V54oIY+3i0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUssDCM/2P9TdLUoWC3TFdzqKZcdAwHwYDVR0jBBgwFoAUJNu03j4/qh2wV3od +fM2G6WvQFW8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQB7KZ/HyM5dP81ToypujgJ6tyJtAtxQO1G8JbdP +1Jdtwzzc8he+R5RIFNufiXMYsnWmkZJdhFTYbPn+5B++U+edwt9ZoLpjtmfbBaGl +CvmbirQzcRupx5Ga+sQu+S1qffM0gVFymU90AJWanRnubRuwJV2u5fqarKb/m2NR +9JNBvDVb2vNkTFNGIwcIHoL/hiX9bibc8rvpYoQkrKDzGCkCmhEeMMXbjszv8Et1 +JR6OjTuBk+wl01b2qHyF9pxu/8jD3VjHPtNKoiOIgf0lbUCP55Qcp2JIzd56It5V +TABKdeI9KabByPBpy7HeDDdJ3YpaiGOMi+lEoqiaGNnVMwfs +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:25 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e4:4e:96:f6:de:02:05:e7:16:80:fa:ed:b1:3c: + f3:19:ea:7b:d2:fe:ed:93:b7:09:37:7d:c1:98:9b: + 65:a9:84:09:72:cd:e5:d8:da:21:44:c2:2e:92:95: + 12:fe:35:0c:66:34:ad:f3:4f:c5:2f:d0:2e:57:41: + 1c:3b:ce:c9:51:17:05:eb:06:f7:4f:fb:6e:27:9d: + 06:d8:10:87:f4:97:5f:0f:9d:5d:d7:2b:d3:3b:21: + 5b:5a:8f:20:e0:97:16:7b:15:39:d6:3f:ff:1d:06: + 53:74:62:78:68:5b:ed:c2:05:e7:86:8b:1a:63:3a: + d3:e4:a9:25:8f:0e:92:13:df:39:d6:31:82:bf:bd: + ef:d4:21:9d:0e:7f:c9:90:ef:1d:c5:f3:c4:00:1e: + 4a:03:61:f4:5e:cf:e9:58:e5:12:49:37:31:49:89: + 54:d8:59:40:78:eb:e2:3f:75:9c:a5:ff:1c:33:b8: + 6c:26:26:5a:8f:28:12:1f:4e:81:e5:a6:aa:dd:c6: + d9:c9:94:6a:15:3c:9e:7a:59:29:92:cb:7a:f5:67: + c4:d4:dd:4c:c5:6e:fb:b3:c2:5a:9d:f1:0b:35:17: + 92:b6:85:dc:fd:45:c5:3f:13:f3:cd:fc:bc:b6:59: + c0:17:0b:ce:b3:e1:47:d1:2f:34:74:a4:5c:ba:a9: + cf:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F + X509v3 Authority Key Identifier: + keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 29:e6:c6:f3:9d:9a:53:9b:3c:f8:79:c9:e3:d3:33:c6:2f:1c: + 50:a2:de:7d:69:75:40:75:ba:af:8a:61:b0:f2:fc:3c:39:01: + df:d6:c2:f6:df:a1:a5:3f:b3:f1:8e:09:3a:fb:87:ca:4c:cd: + 5f:89:ca:d1:5d:d1:38:94:36:af:52:32:e3:67:9b:ad:6a:e6: + f9:dc:92:1e:35:dd:81:9d:d7:5d:ce:75:14:74:2b:4a:16:ef: + a0:74:ee:76:a5:4b:90:70:6f:de:d8:0a:1b:e3:0c:b5:f5:33: + eb:74:dc:8e:f8:ef:a8:0e:52:74:b8:d4:4e:fb:42:e5:3d:8c: + c3:71:d8:99:df:bf:c3:bf:87:e6:cd:84:89:ac:df:5d:c7:a6: + 8e:b5:10:a5:8a:2f:66:3f:2f:79:c6:e7:9b:76:3b:5e:4f:ce: + cf:cc:24:bd:6d:38:6d:b8:17:a6:31:ed:c2:d9:81:84:74:f6: + 94:a9:6a:28:52:56:cd:a8:62:8d:c7:2f:73:e5:db:8e:f0:9d: + a3:c9:b7:c4:07:10:99:be:b7:9f:66:bf:b1:51:30:ee:f5:55: + ba:1e:39:a8:73:ca:10:68:7e:29:c7:42:9f:01:6b:47:cd:47: + 08:52:80:3d:b1:f0:94:a7:35:21:37:47:d8:d9:c8:5a:a5:be: + 75:37:89:fb +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUAx724NVktXF96/VtvwPacabZ6yUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDkTpb23gIF5xaA+u2xPPMZ6nvS/u2Ttwk3fcGYm2WphAlyzeXY2iFEwi6S +lRL+NQxmNK3zT8Uv0C5XQRw7zslRFwXrBvdP+24nnQbYEIf0l18PnV3XK9M7IVta +jyDglxZ7FTnWP/8dBlN0YnhoW+3CBeeGixpjOtPkqSWPDpIT3znWMYK/ve/UIZ0O +f8mQ7x3F88QAHkoDYfRez+lY5RJJNzFJiVTYWUB46+I/dZyl/xwzuGwmJlqPKBIf +ToHlpqrdxtnJlGoVPJ56WSmSy3r1Z8TU3UzFbvuzwlqd8Qs1F5K2hdz9RcU/E/PN +/Ly2WcAXC86z4UfRLzR0pFy6qc8NAgMBAAGjgcswgcgwHQYDVR0OBBYEFCTbtN4+ +P6odsFd6HXzNhulr0BVvMB8GA1UdIwQYMBaAFCTbtN4+P6odsFd6HXzNhulr0BVv +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAKebG852aU5s8+HnJ49Mzxi8cUKLefWl1QHW6r4phsPL8PDkB +39bC9t+hpT+z8Y4JOvuHykzNX4nK0V3ROJQ2r1Iy42ebrWrm+dySHjXdgZ3XXc51 +FHQrShbvoHTudqVLkHBv3tgKG+MMtfUz63TcjvjvqA5SdLjUTvtC5T2Mw3HYmd+/ +w7+H5s2EiazfXcemjrUQpYovZj8vecbnm3Y7Xk/Oz8wkvW04bbgXpjHtwtmBhHT2 +lKlqKFJWzahijccvc+XbjvCdo8m3xAcQmb63n2a/sVEw7vVVuh45qHPKEGh+KcdC +nwFrR81HCFKAPbHwlKc1ITdH2NnIWqW+dTeJ+w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/generate-chains.py new file mode 100755 index 0000000000..bdc10014cc --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/generate-chains.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the leaf certificate asserts the keyCertSign key +usage, however does not have CA=true in the basic constraints extension to +indicate it is a CA.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (end entity but has keyCertSign bit set). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('keyUsage', + 'critical,digitalSignature,keyEncipherment,keyCertSign') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Intermediate.key new file mode 100644 index 0000000000..6752b434e9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxhS/ljINz7tYKrQ8l+VsIpL/0xTiuQvJ/g0J0Ma1SO3gKiUE +LhYIa1Xa0fOxwRpJhTP0u3zWOEXIr03UqUOnVs+cQKUruBN/7mv+mDvtdCpex598 +4HNsp8TY8eNVeWwCfLToPxqTV2I6hlsk23Dy/ZSRlWtocnMxRKU2MuZ3N7vhy221 +qiA6An7/RG155H3m03KS6VmSV/++6OLZhEf4qfYR7s9bf5LYGUR/lkBSGQmAry82 +ZRSa/u+qqskA+6zTh1kUq2lSTE+HD3RJq8Xy+3MjwJHJk4JvKI0j+S3zksz1aCCG +DTc110ba3Ur8kjsyome69bNJE3bpXnighj7eLQIDAQABAoIBAFDl/HFNNBLZQuL+ +BZlL2+QrAUymRQqqY+7cSFv6K+QDMwBDafegjAO6ZspEqx5grBI47AT+sUb+ST4/ +nVEcDmYIGJrWWoqtfBxWAv8Nyqcc/uSsoIXS3leOr8Pqwuf6UvG3uPq80dxog9qH +sv/km3kxilvqKBhGL6MHjqEvOxWJcEi0R5y7EAE0NbzDjfKPKEyeq/UZISY/Qf7f +wwo1FD1aQZ17JBXibJbFgj+ZZL7ab/lxIitsNGujT6myoB2Mi3LWGPDPbe21sj8a +2YlEHVfglD5hvMOOlnN+MlWUqzKSN9RmLhpH+qTacKDv8dsP7sFW01ar9U9gHf4s +TquESoECgYEA64AyJTZaN3QD1VekSSyGfsAnYSNmvGMRbMA6km44/y92U2IXI0zA +JAMMpW6YfKcyoF3x2a2MUw8hMdgRFYc69BlQ/GuxmjBLTS+AwtBVjB8qktQiUqak +/pQ7Hb1y16PACUg46J++cqvHF6Mp50yRb9ATEYOras2i6zEAu5MkAx0CgYEA11K0 +5RZXnGgRi4Kvflxxpm/syd47T+13go2j6spOufKkVA/+MlXXyYTICO7nbv0folJ9 +2VD13v95vQHoAt3lMMCE5I3plKwPPqFVGKysMUMGUnWDHjGZzOm+QaY664HP0kG0 +hGwEZLRHQuEPcFWeV8i7aj+1sPt2BPctlxjpylECgYBewgxrUL1oRrQsKcGe991+ +Ls8plNcHwk0Glyp6NQOWGoDf+D4bJAzD8L4r6p5MufHy+RoRXnVyDkprBeeJ5Ani +ojUl/CdQRVJnUk/bE3z4jqnQvq641vjYvsgypUIKZocktPzBDVXSSjAn4K1Btltm +xDCIAZT9upRtUiBbWU9KOQKBgEySgvX87gcXEzYzsUkUgu4XW3Ombh1Ma3Wn/STf +8QM7gKjMTy+DS4vEhoZ2vyK/LWLCRzLjEazN2XMXnHR4iKq/rALDXM+cKIezQ9nU +fh++oB7u30P7i6BNd3VNMiLSNR+mchWtfBp76eOkuaLPL9Iz9kIgifJ4Wk4FwNa8 +61chAoGBALHsMI1wXncmrWiIB/sP3VRlEPUesDNgOiYNjn8SqaWBvh2r2gztiVP/ +h57ViPOWVB1sUMHpu4n/Ratl4esyIbwVHuqJvlSyUL6CHqzWBokTl8em9IZZmgZN +iRtfDP3nNGSaUgDIIAElzVomvJ4fYGsGBYoqj/yKnHZyVSLoAUS/ +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Root.key new file mode 100644 index 0000000000..b6f60bc042 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5E6W9t4CBecWgPrtsTzzGep70v7tk7cJN33BmJtlqYQJcs3l +2NohRMIukpUS/jUMZjSt80/FL9AuV0EcO87JURcF6wb3T/tuJ50G2BCH9JdfD51d +1yvTOyFbWo8g4JcWexU51j//HQZTdGJ4aFvtwgXnhosaYzrT5Kkljw6SE9851jGC +v73v1CGdDn/JkO8dxfPEAB5KA2H0Xs/pWOUSSTcxSYlU2FlAeOviP3Wcpf8cM7hs +JiZajygSH06B5aaq3cbZyZRqFTyeelkpkst69WfE1N1MxW77s8JanfELNReStoXc +/UXFPxPzzfy8tlnAFwvOs+FH0S80dKRcuqnPDQIDAQABAoIBAQDRL3EDIMeZwPLN +mxzOmJnl1QM/gHUOM1cukPshaMDtYR2HI0DGQJba+VDS3eRZJyIFQ59eoGh8NrM/ +H1lPM1kiA4ZYojlX/3ges7HhpsPrSAbBt96TmIQiWZ3qi9oD7muauwgTVu/ZGEK/ +ELpiZFikveQ1Up8K7IvZp2HSgfc2XEbWicDU7CI2f8Grl+yg5Z5j18kaMlzmbYrd +3aO0sKeLiqlUB20pf0jk7YiRvGX/ituog7BavoHomgaDi0vDFuDl3CqCzZ8tJj+u +GNQQsHut1b1Mg4LwG4BQ+wOh2ZFRdlVX/CfxUF08xrKgJrlIa6pT+kzBHgqBpWVH +1N3d0OQBAoGBAPlFLB71lIsByY3+vHD4ZohZscAgiNIgcA5xne/0+LDpLcRdYnfk +Q3CgxW4KFEseYBjRayL9LAGoFdw+2/NPfvB0ryeIjvCDyU7cmpRWRbibEe8QKEYo +PRzAv31fqe8Qh+zavUuSFXt2aVP4X8NMkm0PsokS2gFO6CZZZtvvXBFdAoGBAOp4 +h8eoaN5uvvTAZDkuP99khgkeBGtMSb/ztRI1qC8v8BkYaxHzSCRozPhoG9h4eXLl +ef6/Un3X4I5KPJqqvnW8HoQUK96uR/EOQhYvVpJoLSIWjuXJ4WD5/R1gQmPJZase +NzVX2WRmFU+FA8xCrAccM68avbF3gB59N7++E2lxAoGAejyrmDsBrvEfb9x9eEC3 +tyGVAwxxS+nQSaT5uFQ/KDIQ2XyZ7wUm9TJB3uZecT/iDAmWKkBQtjdBERJaNgTD +0RLHWfGjdtqJe3y+6QMtiYuxzbP0rALLhTAYN1kUMkG/Bi12KnrmwfadTCo+e70v +CQBrosB127JgMX4h7LSCR5kCgYBfumgNPxfZwLNb7/S7V8OiLEOBE21QdWwi35hM +3/VTlqnbRRnp0T7iBpuwy6iav80t+LzPIkPGt02qKmsF5rIuFWkMGcQzfUpIA789 +mYQp8DiFE1qyPLM0ybvqs3NHlGFa9NIriDtsfzUyKyd6zLm5iW0cj7lk7Fo1mIAb +W7pHMQKBgQCHQ21z30euoIILqeaaRT2RlUx+AJOikGCPDUWQmF/E+1R+45RfbKXa +iH/Fj0J4rnmvYnjXBxUkPKBalGyFU2KI7POMKXOMKQuKu0FKYWHB4TKRd/pOzS8B +NZV8zsR9Gxo8Lfcah0KMlAnUw1MqP+/X/GDCQmpgcgiscNq4wtOYMQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Target.key new file mode 100644 index 0000000000..4678f1dd02 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1ZdNzrmJewBP5B/2sB0mfcVCcCFAOqb5B1sRxvsPjnlGeK00 +cUa0+pZ1Bsg+x+karvBHf0tTSvJGg4mSsBERDAR8M+FLfrW1slSnKGQxe+JcSgAw +P4wh4GH2FeggA7/O07TsbieI+6mwmnN5JkZVowWsJbpvJDwXfRdsJa0UaAv9ptZf +WppKnW2G5Xe5UJxAK0CvHZJOInrB61cXFk36EuOMJY6NS3RPPmfNhCpjRkM8RX+t +vN1cAEZ+JTZD2ZgVofT2KV1UnSC4tuFM4/E8kUed69f4ovHF+Lx7v71AODkBO5gz +EtnexvnrS+OCjphLKBvNuiLVswIS/ECG7D7nUQIDAQABAoIBAHlaLK/eRFkpFTsE +WhE3jq34jEXO7oIkaeqe+Fu4Ot900fAwYFJXnO2e3ECNNvY335wzEjwlnN5BBoUn +fbshBzFvvu1u/IiyTthSNmLBgkfjlRHKR59jS8ADiGBr8PyQVr971LTFK5Pollk6 +cEOpxHAKAgOxiAHrTmEZFK3XR3fRBddMYaVsB5avjz3ILCxXfM4WJdj7/vxw29j6 +Ybg40GEW+gIwj7zLzyUygEua4w9VK1f0y9JwiazkS/fAy3gROwXxh1vdT8IZHgvl +tlKEk2WF8uwGPhEae2pPDCJVeKnTuugt4f2QzF7FgJFenSDxkOVALnTDloCmZArI +nPLzYu0CgYEA+0Bbiogs7NUZ+KenJXAQjy++jVMZ9voJT9aIC6JLjGdM3wA5faQh +DCcLZTkqvwI227tkDlqn/5Va0dqltIrX1SwKNanFcSxHszKuzXBBZ/THnreaNmHw +AGfUdHVhDFvm/u+fwXe2XINrWLje9a546I6Ea851vxEybuXOQwqHdDcCgYEA2aC7 +d0kYpj/oGI/zVteMXTXfZvD3N3B/MbPaNlR4EtXJU14eMLUV8vCEql0H+EsrZoUk +nC2aeXu3jz/29VER7BthQG/wzUIopJGApbfM9+pBt8Gyy6uvuc3N3Xc3jrjOlV9t +y9j0nry9sXVz9BU6qQ8N8r+HoxeCX0Pk5egpzLcCgYEAtILngd8WT81HDIP/LYGX +FBicUdLrq6q2d/rM4XbnymcJLoptw5vg9mcy47WvxW2k1jeKyllNq+21Q2JQfSbn +rEsoxqdDqGzE0rVOK2FETJjrtld43yt8D/6JAGa4o/V/P5gPciM9DLiKrkKcRWzl +h0elUgMSS4TidBR9HWN6L/8CgYAsjbxzYlKajpDMnoPZ7oz89C+FWqWyAuT3XvO4 +lbhzWrM5zxXtMNWKg/UVD7C3A2SiO3XQR4HNhyeAOz8q3+sEZGKXl5M74mSBtIwa +4TMkOiA0J4KcMczrBBg2U9ba8DjS2dOXnRYPfWJ0dzBC8ymsPLnFTbLOD90P9c1h +yBLupwKBgQDu8MerAHew7lVgbB292XZUvZUKMtRaEZexFL/oLMzFKWEYcDx5/lXS +hxLh0IXvGQtabATIT3ybSxE8XrqFUZF1pYDSq1ur12L+W1JovBOuNvFEF9i0LrlF +8RX4nRfhV1CcFKw2JBua1ZJCwATx+mNu9kjFohMQlhYb/kk4gtpuPg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/main.test b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/chain.pem new file mode 100644 index 0000000000..44ab7c5103 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/chain.pem @@ -0,0 +1,277 @@ +[Created by: generate-chains.py] + +Certificate chain where the leaf has a basic constraints extension with +CA=false, however specifies the optional pathlen. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:58:fd:1c:9f:8b:f0:cb:61:00:36:cc:88:b7:31:82:91:15:f5:15 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:80:5c:f0:d7:23:f0:69:d9:b7:8f:fc:c3:d4: + 47:a2:41:29:77:01:50:3c:84:8f:52:f7:11:6d:c4: + 75:04:84:48:98:8c:4e:bb:f6:4b:e2:cb:4d:be:01: + dc:b2:8e:48:b6:da:76:4d:b0:28:75:94:28:d7:44: + 2c:0d:a5:70:fe:b8:ec:c3:d0:0d:8b:74:4a:18:b9: + 13:bb:b1:99:80:09:d0:bd:00:a3:20:64:70:bb:18: + 00:7c:61:1f:5d:d2:dc:23:6a:6a:e3:8a:6c:13:9b: + a3:c5:7b:dc:91:71:29:46:4e:1c:8e:82:2a:d6:bb: + f9:5a:91:be:f0:a7:a9:b2:d5:8c:df:a2:d2:eb:3a: + e4:49:30:8b:83:20:6d:fb:af:90:19:3e:44:b5:d3: + bb:05:a1:15:a1:0d:4c:61:82:63:5e:24:a5:94:df: + a9:35:5a:0f:56:eb:8c:1d:a5:0e:80:4a:16:d1:ef: + dd:cf:84:f6:45:55:65:55:b8:73:ae:ca:1c:f8:c7: + e2:67:e8:8a:42:5e:eb:f6:2c:bf:55:1c:18:39:51: + 5b:15:16:1b:0a:06:ba:b0:ad:bc:45:2d:23:5c:3a: + ca:2b:04:c9:a2:4f:a6:80:ec:d2:b8:d7:98:44:69: + 3c:3c:2e:ab:b4:44:e2:50:6a:b8:a6:59:db:d4:61: + 54:fd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:3D:C4:92:95:A9:93:D8:29:1F:56:EB:DA:A0:3C:1A:C0:BD:5D:AB + X509v3 Authority Key Identifier: + keyid:FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Basic Constraints: critical + CA:FALSE, pathlen:1 + Signature Algorithm: sha256WithRSAEncryption + 18:c7:ef:53:96:6c:fc:7d:06:87:5a:b7:cc:77:67:82:54:10: + eb:8e:21:a6:57:f3:83:cf:ee:ba:c0:59:cc:95:d3:1b:2a:92: + 19:86:20:ee:7a:62:5c:cb:27:b9:71:22:a8:bb:f2:26:f6:15: + a7:5a:57:79:d1:d0:4a:06:17:4f:95:f9:37:ab:13:6e:dd:57: + 3c:87:5e:dd:69:be:53:3a:51:3e:fc:7c:38:75:e3:20:cd:34: + 0f:23:d1:35:c2:00:03:9e:64:51:00:1d:e1:56:04:9a:6c:73: + bd:fb:e3:f0:63:f3:11:04:59:83:42:19:7e:1d:a5:25:25:e0: + 12:9c:60:87:07:6d:a7:99:3d:24:1f:dd:a6:c7:f7:dd:34:d9: + be:96:9c:e7:5a:21:f8:6b:8e:1b:77:7c:d8:04:6d:e4:7c:7a: + fd:ba:44:4a:13:1d:8c:c0:64:59:de:95:5d:50:3c:13:9d:26: + ee:36:08:d0:d0:fc:79:72:e1:af:d1:71:9c:7b:16:14:4b:2d: + eb:e7:c2:6d:0a:cd:cd:ff:02:95:ff:60:af:32:42:58:69:8f: + 08:b1:a3:d6:37:80:6f:ce:93:83:c9:c5:52:8d:60:c3:6c:8c: + 62:20:7f:75:64:03:10:30:24:34:7b:20:b9:dc:21:83:fc:fa: + b9:b5:11:03 +-----BEGIN CERTIFICATE----- +MIIDsTCCApmgAwIBAgIULVj9HJ+L8MthADbMiLcxgpEV9RUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuoBc8Ncj8GnZt4/8w9RHokEpdwFQPISPUvcRbcR1BIRI +mIxOu/ZL4stNvgHcso5Ittp2TbAodZQo10QsDaVw/rjsw9ANi3RKGLkTu7GZgAnQ +vQCjIGRwuxgAfGEfXdLcI2pq44psE5ujxXvckXEpRk4cjoIq1rv5WpG+8KepstWM +36LS6zrkSTCLgyBt+6+QGT5EtdO7BaEVoQ1MYYJjXiSllN+pNVoPVuuMHaUOgEoW +0e/dz4T2RVVlVbhzrsoc+MfiZ+iKQl7r9iy/VRwYOVFbFRYbCga6sK28RS0jXDrK +KwTJok+mgOzSuNeYRGk8PC6rtETiUGq4plnb1GFU/QIDAQABo4H6MIH3MB0GA1Ud +DgQWBBRbPcSSlamT2CkfVuvaoDwawL1dqzAfBgNVHSMEGDAWgBT7OkOcukCJclu9 +Joo7JXccwfAsfjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwIB +ATANBgkqhkiG9w0BAQsFAAOCAQEAGMfvU5Zs/H0Gh1q3zHdnglQQ644hplfzg8/u +usBZzJXTGyqSGYYg7npiXMsnuXEiqLvyJvYVp1pXedHQSgYXT5X5N6sTbt1XPIde +3Wm+UzpRPvx8OHXjIM00DyPRNcIAA55kUQAd4VYEmmxzvfvj8GPzEQRZg0IZfh2l +JSXgEpxghwdtp5k9JB/dpsf33TTZvpac51oh+GuOG3d82ARt5Hx6/bpEShMdjMBk +Wd6VXVA8E50m7jYI0ND8eXLhr9FxnHsWFEst6+fCbQrNzf8Clf9grzJCWGmPCLGj +1jeAb86Tg8nFUo1gw2yMYiB/dWQDEDAkNHsgudwhg/z6ubURAw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fe + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b1:bb:78:97:4a:b5:56:42:fa:f9:6b:63:6c:f3: + 0e:54:92:6c:84:d4:c7:53:48:24:c1:bd:6f:d0:83: + ad:f3:7a:5c:93:f1:74:38:ba:46:f1:19:db:0e:fb: + 1b:b4:f2:9e:8b:c4:10:8e:97:b1:ff:f8:2d:03:cd: + 36:91:8a:2c:e8:d8:da:a4:7e:58:8d:fb:ff:99:2b: + d5:e1:b3:63:7f:ec:2c:66:b5:0d:ca:ba:e1:74:5e: + b3:ad:bf:49:65:74:52:30:78:ed:ea:7c:08:26:32: + f1:d5:e3:ea:01:7e:3a:fc:0e:84:d6:17:aa:98:f8: + 92:63:77:4d:5c:d3:13:61:af:e3:d8:35:0c:ff:1e: + 39:91:0c:24:a9:ec:89:ab:28:97:97:56:eb:2a:73: + 70:e7:46:17:89:1e:42:73:a5:f6:b6:de:5a:bc:24: + 69:5d:41:09:31:f6:12:d3:57:2d:dc:96:9c:0a:4d: + 64:f0:c4:24:44:8e:1d:66:37:a1:01:1a:d5:89:a8: + 9c:81:82:00:d9:f5:56:e9:58:df:ea:5d:32:7e:fb: + 2d:19:1b:39:b4:fb:77:2c:2e:e1:ae:f5:ea:b0:ad: + b7:d4:2e:35:86:26:9f:96:c6:e3:4c:27:7b:6a:7d: + a2:4e:bf:cb:59:33:85:6f:d1:98:e4:27:3c:95:3f: + fd:ad + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E + X509v3 Authority Key Identifier: + keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a9:df:02:10:a3:f8:14:af:a4:b2:3d:bf:3a:5e:e1:0f:9e:fa: + e1:d0:5a:be:e8:a4:f4:db:b7:a6:1c:40:7a:06:0a:77:39:6f: + f5:b9:7f:3b:5d:61:05:fc:0f:2e:de:40:89:2e:1b:11:12:35: + 96:44:a8:be:0b:35:f9:73:2f:81:bc:47:5c:01:b2:b8:22:7e: + ca:c9:56:54:68:1a:4a:98:ac:6f:43:06:4b:a5:12:4f:05:ec: + 23:36:a5:5e:8e:a0:36:6b:35:12:e1:76:ad:84:77:af:eb:b6: + b8:f6:4b:21:98:53:c2:32:74:03:ff:7f:67:bf:0d:31:58:6b: + b5:bd:e7:c5:dc:e3:c4:04:1d:e0:c5:84:d9:6d:74:a3:21:66: + 5e:99:af:18:9e:db:49:8d:83:92:34:00:a2:e7:89:d2:4b:f5: + 6a:5e:02:a9:ab:3b:3d:23:01:34:c7:ee:99:3f:0e:75:55:ed: + 99:c1:28:b1:39:da:2e:25:03:59:82:ed:7a:e8:32:8a:9a:fc: + fa:2a:e6:d1:13:0b:2b:9b:d7:a7:3e:23:e2:45:1a:a1:c1:e5: + 4d:fb:a5:3c:a0:5e:ef:c0:d4:9a:d6:53:e7:4a:48:6c:31:8a: + 92:60:7d:e8:d4:60:4a:6a:96:b0:f5:c2:a8:83:22:42:e0:1c: + aa:15:1b:af +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALG7eJdKtVZC+vlrY2zzDlSSbITUx1NIJMG9b9CDrfN6XJPx +dDi6RvEZ2w77G7TynovEEI6Xsf/4LQPNNpGKLOjY2qR+WI37/5kr1eGzY3/sLGa1 +Dcq64XRes62/SWV0UjB47ep8CCYy8dXj6gF+OvwOhNYXqpj4kmN3TVzTE2Gv49g1 +DP8eOZEMJKnsiasol5dW6ypzcOdGF4keQnOl9rbeWrwkaV1BCTH2EtNXLdyWnApN +ZPDEJESOHWY3oQEa1YmonIGCANn1VulY3+pdMn77LRkbObT7dywu4a716rCtt9Qu +NYYmn5bG40wne2p9ok6/y1kzhW/RmOQnPJU//a0CAwEAAaOByzCByDAdBgNVHQ4E +FgQU+zpDnLpAiXJbvSaKOyV3HMHwLH4wHwYDVR0jBBgwFoAUj05eeBmuKIJpL88z +lQTBzXXR9v8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCp3wIQo/gUr6SyPb86XuEPnvrh0Fq+6KT027em +HEB6Bgp3OW/1uX87XWEF/A8u3kCJLhsREjWWRKi+CzX5cy+BvEdcAbK4In7KyVZU +aBpKmKxvQwZLpRJPBewjNqVejqA2azUS4XathHev67a49kshmFPCMnQD/39nvw0x +WGu1vefF3OPEBB3gxYTZbXSjIWZema8YnttJjYOSNACi54nSS/VqXgKpqzs9IwE0 +x+6ZPw51Ve2ZwSixOdouJQNZgu166DKKmvz6KubREwsrm9enPiPiRRqhweVN+6U8 +oF7vwNSa1lPnSkhsMYqSYH3o1GBKapaw9cKogyJC4ByqFRuv +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fd + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:59:c0:d6:b0:f3:cb:31:46:9d:ef:de:63:f3: + 1a:24:10:36:fb:e8:ee:05:76:21:51:51:fd:52:47: + 97:12:13:46:42:bc:94:37:5e:e6:41:d2:d8:75:27: + 2c:3d:04:bc:e1:ac:bc:a8:f6:d8:74:63:9a:be:a9: + 7b:d2:1b:96:87:25:3b:ce:d1:ff:b4:dd:fa:29:64: + ae:df:4c:1b:b4:fb:9e:8a:9a:6c:74:ba:2a:76:45: + 03:b7:91:7e:90:ba:04:3d:dc:0a:17:77:b3:5f:dc: + 56:07:eb:63:5e:2b:54:c9:d7:b3:4b:f3:42:6b:9e: + 2a:80:9c:71:52:5d:0f:6d:97:c6:d3:f6:c4:7a:7a: + ee:ea:22:4f:1c:e8:42:55:6e:b2:2a:56:cf:86:3c: + 94:d1:e7:e0:7c:78:8c:94:05:05:b0:3f:b2:70:18: + da:92:d2:9a:ba:57:7c:fb:52:4b:0f:34:cb:dc:ab: + 40:a0:76:4e:cc:11:b9:57:be:f2:e2:fa:2b:ba:20: + b0:c8:ee:8d:0a:11:a2:02:d4:f7:38:3d:f4:a8:49: + f4:b4:8a:08:ff:d0:c3:25:21:0e:dc:f0:17:22:f2: + bf:07:3d:e7:5f:4c:b2:cd:1a:18:f1:fd:3a:5a:42: + 79:b3:82:47:ad:ad:e0:02:7f:0b:19:34:5d:3b:90: + 81:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF + X509v3 Authority Key Identifier: + keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 70:f6:5a:6d:fe:7b:04:4d:4f:e1:d2:c5:92:07:20:6d:68:d3: + 86:51:6c:60:3a:07:0a:1b:27:7d:99:88:db:01:a6:0e:f0:3a: + 3d:a2:37:0e:bd:32:48:e1:36:3c:ac:a3:89:2f:33:d0:ab:ba: + 7a:90:db:28:61:3d:7b:b5:4b:cd:df:3d:20:c6:a1:fb:81:ec: + 69:2a:f8:c3:4c:c6:48:87:39:34:84:3e:4d:2d:eb:c9:dd:26: + 70:8b:71:23:8c:0d:d1:fd:5b:0e:0e:58:86:20:0c:4e:aa:a1: + d1:b0:e9:56:bf:9f:9a:4d:a8:0d:76:6a:48:a2:dd:19:92:25: + 93:7f:90:8f:a2:c0:ac:1d:d3:63:17:d6:a5:07:98:27:cb:a7: + 44:60:17:aa:f2:22:0f:0d:c9:7d:58:1c:00:54:e6:99:84:d3: + a0:6e:e9:fb:8d:97:21:24:79:c4:b8:23:81:2c:65:da:cc:0e: + 09:9c:82:8a:23:74:54:10:56:e4:a2:f0:e8:ce:8f:d5:cf:03: + d9:0e:37:f3:86:66:e0:4e:c0:55:fc:e1:1b:7b:cc:8a:ad:41: + 2f:7b:02:4a:42:f1:e4:b9:4e:86:f3:30:bb:8a:bf:f2:79:c7: + 5d:68:02:b5:fb:40:cf:3f:5d:55:55:58:05:ef:95:34:ee:ea: + 3e:6e:91:59 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCzWcDWsPPLMUad795j8xokEDb76O4FdiFRUf1SR5cSE0ZCvJQ3XuZB0th1 +Jyw9BLzhrLyo9th0Y5q+qXvSG5aHJTvO0f+03fopZK7fTBu0+56Kmmx0uip2RQO3 +kX6QugQ93AoXd7Nf3FYH62NeK1TJ17NL80JrniqAnHFSXQ9tl8bT9sR6eu7qIk8c +6EJVbrIqVs+GPJTR5+B8eIyUBQWwP7JwGNqS0pq6V3z7UksPNMvcq0Cgdk7MEblX +vvLi+iu6ILDI7o0KEaIC1Pc4PfSoSfS0igj/0MMlIQ7c8Bci8r8HPedfTLLNGhjx +/TpaQnmzgketreACfwsZNF07kIEjAgMBAAGjgcswgcgwHQYDVR0OBBYEFI9OXngZ +riiCaS/PM5UEwc110fb/MB8GA1UdIwQYMBaAFI9OXngZriiCaS/PM5UEwc110fb/ +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAcPZabf57BE1P4dLFkgcgbWjThlFsYDoHChsnfZmI2wGmDvA6 +PaI3Dr0ySOE2PKyjiS8z0Ku6epDbKGE9e7VLzd89IMah+4HsaSr4w0zGSIc5NIQ+ +TS3ryd0mcItxI4wN0f1bDg5YhiAMTqqh0bDpVr+fmk2oDXZqSKLdGZIlk3+Qj6LA +rB3TYxfWpQeYJ8unRGAXqvIiDw3JfVgcAFTmmYTToG7p+42XISR5xLgjgSxl2swO +CZyCiiN0VBBW5KLw6M6P1c8D2Q4384Zm4E7AVfzhG3vMiq1BL3sCSkLx5LlOhvMw +u4q/8nnHXWgCtftAzz9dVVVYBe+VNO7qPm6RWQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/generate-chains.py new file mode 100755 index 0000000000..c82fcda263 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the leaf has a basic constraints extension with +CA=false, however specifies the optional pathlen.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (end entity, but has pathlen set). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('basicConstraints', + 'critical,CA:false,pathlen:1') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Intermediate.key new file mode 100644 index 0000000000..221e09b00f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsbt4l0q1VkL6+WtjbPMOVJJshNTHU0gkwb1v0IOt83pck/F0 +OLpG8RnbDvsbtPKei8QQjpex//gtA802kYos6NjapH5Yjfv/mSvV4bNjf+wsZrUN +yrrhdF6zrb9JZXRSMHjt6nwIJjLx1ePqAX46/A6E1heqmPiSY3dNXNMTYa/j2DUM +/x45kQwkqeyJqyiXl1brKnNw50YXiR5Cc6X2tt5avCRpXUEJMfYS01ct3JacCk1k +8MQkRI4dZjehARrViaicgYIA2fVW6Vjf6l0yfvstGRs5tPt3LC7hrvXqsK231C41 +hiaflsbjTCd7an2iTr/LWTOFb9GY5Cc8lT/9rQIDAQABAoIBADJWFww6M2tv4ua6 +/FjB6cAYDDX+kUlL+GUKgt16PczkTc30p2bdkvP7z6fJhIpV4INTDyFjYx1Mq2sV +Nqw3hwqXSC0oP2pPAY/e819N0BNNzzFze6l8DhhILfk6YM4kCJcD2NX9NM2kxgs+ +1mp/1rLGZebAoydZ1xPmmPl+KlIS5pQGU4qXtIcfCmvpAUNYUIGZG9O9VKK2UIfA +kfcrifXhCDe0hEPPDObkZKAaEiDzSH/fnfktD2dfWKnpEh8z57RdjMb9YBswYWyE +ed6Q0QTlf/roYAkf5XyLDULvSV/8eAT2P0zUv4QxHRJnddCR5yoFn+14y8HYaZHZ +meDLrEECgYEA4xa/h0l/IiGTLpIenm56pI6EUksiKEwgrlmJTrQkuybfDpT4FSa4 +uvR4ORB7ukI2Sh//8OVI27llYZemYopeRx0fXdMAigpfjzzZhXM5NW8V2RsVXw0K +3WCFTrCFCtMlxQQLD+9dNVktSMOIwMu/e1FOcdXGDxcPiebp+Dybbn0CgYEAyFwZ +r1mGxiHCLW25kqFM8yHY6H9qxEgTT9y3SQQZ3vRu7ncTcq0ErOJY/YSWwy9F3Cru +k+h2WfwmSrhEzmkxLAoRpjotyNcNx2K1sKAtW/imBdpZ1iqmpsgqXrUO2Q/cjP3s +m7SpDadBLVwo8G/9lkgXBjFBqxuA+wAenD1QAvECgYBnSUFz1wnsDDlVRUCH7tf5 +YJjulR3EFlwG8NJy6ZyLQvLRPxBXDnWXEvpbehPMc7EdpdBTUPYCeiCSctdKmoSm +86gAlKf6IR21mIeXGwE6PHxDcv4VbWkzp2L6l27rrX3QTjZ52PUb/qOKJOVeS02c +WS7Et+aNln+KyWxBa8+GQQKBgHVWouAzkR+F879BLFX4SyV0pCB9RpzPDShPPbPw +R+pvwmu7ptMZCszo/m7ycIy8qbAoIHLUyEMozZAi3ID50AdXmkB8gAXIFFS5tWhM +VmQveaOh3cz0S4cPYOj4Jkru5B5aM3B43CyX0C7tczhkjeGuNHW28RtxTxcwWbzs +l2gxAoGBAKCrSgF4pIMQP2KxjTxS87TAHK7xFMQwNhVDfz4WFHC4zStk/Kq3Rb7Y +JqhgyggQ8BAXyr5WRKAHR4b7YNQL7XZfuei1Q9d6ZsbHrBRL3rsfuPbREueNkR8n +A6jcPNY4kQC/fhy9oJgJputd7HEbsMpYsyoBSCUYfhtZPV97KD+D +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Root.key new file mode 100644 index 0000000000..413fd20b0e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs1nA1rDzyzFGne/eY/MaJBA2++juBXYhUVH9UkeXEhNGQryU +N17mQdLYdScsPQS84ay8qPbYdGOavql70huWhyU7ztH/tN36KWSu30wbtPueipps +dLoqdkUDt5F+kLoEPdwKF3ezX9xWB+tjXitUydezS/NCa54qgJxxUl0PbZfG0/bE +enru6iJPHOhCVW6yKlbPhjyU0efgfHiMlAUFsD+ycBjaktKauld8+1JLDzTL3KtA +oHZOzBG5V77y4voruiCwyO6NChGiAtT3OD30qEn0tIoI/9DDJSEO3PAXIvK/Bz3n +X0yyzRoY8f06WkJ5s4JHra3gAn8LGTRdO5CBIwIDAQABAoIBAHh7oPoY4Y3syl2r +GCDY3QTBB87uyYdNtlAk3iJ6CViRLjAC8ybHT7OEavk4mZVcK28HVa3ENeDqULgo +rw+UjOi48JadqEPeowFPq9JCFJLePcEqwBUiQwg0kKyuxvF+pP7RZM4jEZMiN4EW +dih6v3jguIgbINGe7Tp83fvQnF6n6IhjA7DoOoT+yPdGxcyK6iNp3plNw7aJGK1V +RFQe+yqJ3hC/E48i1KB1ankkTbZwU1pb2HrrHqNFxBL5x2/WZAYgc+zYRPyNv+EL +9KaGC10aQtCmwJQNOB65JnHGW1eicYEtLc4N7cmnzb4WNrnWHvRo9xg0bLrqxPTe +4jYn+QECgYEA6GSTtFZDe8MNhTVTNURzggoPKOhNwJ9NtlFbHwMPylWNFqsaj8+h +GkxaDroHBIVRnmt5fXXz2poGGpWgu5xPe+3LsgkeOYZ0Ep9+58Ufza4eLJpmtOUM +MYL9XwN2JYCz2dT+wks3yNJuO7LM3QXrFdfN9Fe0CZ5RlSAXr265r0ECgYEAxZHN +H6HloMeYckaqnhQVBlbkVb0WEpCcPUXu0ac4hjRZaCGIwEEFruHI2SxhNCvc3Sjo +/eP6orkJxl0vwDQzOriYD+UtnnYe+HetV2kB+YLI63lFDvxembpSRJLeeW5wAvtL +GCCtkEiIfacuGo143eUf76QbC71YA414auyt+2MCgYEAjaFGV4C/Tfz5D3cJSAx4 +rQb+aDrzr/ImhXedpg/Snsh23RrYbE7o60MfG5yKTFoH/RmZCDpLrK10DN2mANDp +rCinnNBryDlGIldsG0qK8GouX5aWA6cYQFCJpE9SwNZoRdjGjpkS3WRJ5D47FnTV +6hEEpuaQhdAj/lN5u+QqbEECgYBnXAXCHMKzQHiCoHG2Ta9KJ79BE7EueTUj4Sg1 +ypQJse1sSs7uNZYxjbGz3EHmN2RO14489T40TzXL7wiCN0zt1ZDIEA+zrPw65PFs +n2UHEeLnPgRg+KrNJerQMT3urVYwWSNKNh5XM3sksYevIIAxJiN1DZeQprga87Ih +zjyfHQKBgD97iv5W/AWvhU2he/sRW85Np6XKuE+SdUl5aK+x3oc3mdi1smhYPZ2M +txOW1dS5bq0Slpae7PK4KVaC5+E+TuC2MK0J8vR/26/7r0+uh1U0pfoyxxUfgbXG +cSqcqcQMdC0uaA00usPEcFVfTq4RwvNhiN/rDUGI9VyKX8l24u5T +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Target.key new file mode 100644 index 0000000000..c204fc77d3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuoBc8Ncj8GnZt4/8w9RHokEpdwFQPISPUvcRbcR1BIRImIxO +u/ZL4stNvgHcso5Ittp2TbAodZQo10QsDaVw/rjsw9ANi3RKGLkTu7GZgAnQvQCj +IGRwuxgAfGEfXdLcI2pq44psE5ujxXvckXEpRk4cjoIq1rv5WpG+8KepstWM36LS +6zrkSTCLgyBt+6+QGT5EtdO7BaEVoQ1MYYJjXiSllN+pNVoPVuuMHaUOgEoW0e/d +z4T2RVVlVbhzrsoc+MfiZ+iKQl7r9iy/VRwYOVFbFRYbCga6sK28RS0jXDrKKwTJ +ok+mgOzSuNeYRGk8PC6rtETiUGq4plnb1GFU/QIDAQABAoIBAQCUp+htGC9PXC/r +/ttNBJGspR/1+ZgJBOhxCvpbcjKLzR1Iat3/OIy4U7C9+SH/OSaAiZWuyvEU92mu +XGp43hw5DRG76sRBGgpNtogiHafqxOgbHrzn/udUWgdZHNkxofdSS2qzwAvxfSeH +K/ld/MMXhP+CIAMhcmeJZ464qAu9vNndMB9S3640Zt+QMw3DUNojlbxLipLHYjCA +KLq0GhbLVS1K0+juBrOKHsmiA/0VDuQwVEDS58qH4JKrJFz5RJW70n7/fEke+9fo +4BKqiTO7f/Ec013tlidEWh5NKBtSEB7xmN49CY9ukF5pusjMRx5x5f1lCG5H4cy4 +eeoVZ+vJAoGBANqQPilJqsyIrNMIMZ01m/yplLlUyJNQDZeIp4c3gIWT8ksAibDQ +t+yIdIQxmxWUeFgA16heeAGkT5x2ogE5E/7dxiIRqyFDRlZwAGw3ObnLyv3u943l +PXfif4iwfac57JknXL48mkxeYDe3iZbtlj6glyofYev+CeRkaIveTakDAoGBANpy +PKQ0w3nGO7NtYmwGQJiPY8KD0HahJ8HemmOblK9zv9ofp8Nl1zjObxfV3Eh7okMF +PDuPzdaH5X8buSXk1zOtGBCZigEYtj5KAMohgGdS73/U+NoURUXF0CyqJfhsYugO +CXNZrGQzRW76KdsAR3c3ndJZWre/sRHCZTC30an/AoGBAKRezFDytP/DXe4LgHyR +n7Ehu9axe3LGRqKKxCr9w6sxu4tKaULPhTLe4Hm2cMKG+QZ+A7H88dWSQ8kQsv+m +dHI9SU+/5+pJFPHWo4q+8avYJt5YRFaza0nozi73RFhqSJRZtPbgzs3WQBhG8LPQ +FCkfTu//z/3R/JCGLtXZpqAPAoGAQjrsg+Szd5JQu3/onVPv9dFTr8ADTlRiF3eE +W7rqA6AWhO2gEbAo5sJAEHv4w8koUyWdM3nQMMEXJcikBAcz8CkE6NOEcfyqFIyf +XKl3otwUXS+XG5eVwSfOjBwyUvWZrz3CQ8TmbaLV5GXYltuoz05/fS02QgvOhdHo +mDLDUMUCgYBJBIAZhTvzaZP/c1STgHKBoGGv68g3/QAHW/untRBkFzXDwnoMUwA3 +dTb1807dnt6cNMt5XjRnsQP1YOQwUS51SmL++HF+xg5VWAsqgMP6z1iPo3SwLZ7j ++dQ6nzlzUUAnlyKPtFXktbjS0xjWWTBOhlx515i6wnKVpYFzb+yhXw== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/main.test b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/chain.pem new file mode 100644 index 0000000000..724b8f9b1c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/chain.pem @@ -0,0 +1,269 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the target certificate contains an +MSApplicationPolicies extension that is marked as critical and +also contains an extendedKeyUsage extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5f:ba:be:0d:0e:03:3a:d8:7e:ea:37:ed:8a:b5:54:b2:6f:ae:c4:ab + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:ef:39:2d:3e:82:ed:41:24:9b:af:4e:c7:37: + e2:c9:a9:47:32:16:5b:52:3f:82:14:63:bb:6e:b1: + cc:9d:a2:b4:df:90:42:73:14:c1:24:98:83:e5:58: + c4:bd:4c:0d:01:31:b4:c5:4e:a2:a4:e1:8f:ff:d8: + 95:4a:7f:90:50:18:81:74:04:e0:29:82:d7:a8:be: + c7:b5:c8:43:93:31:99:33:04:7b:b1:3f:8c:77:44: + f3:66:85:93:10:88:79:f2:30:1d:a5:3a:78:82:ae: + bb:b4:21:2a:64:00:5b:42:07:04:b7:a0:fb:f0:4b: + 74:e8:23:53:da:8e:0c:39:da:f2:b2:df:d3:88:91: + 11:b5:60:68:26:8e:58:81:a3:d3:06:2a:e7:e0:df: + ba:8b:07:0f:d2:98:6c:6a:4b:54:9d:b6:34:e0:99: + c4:04:b8:02:04:ec:7d:e5:04:f2:4f:1e:50:38:d4: + f0:ca:c7:ca:e8:b3:93:d5:40:14:1b:77:25:45:38: + 77:49:92:b4:41:fa:f4:3e:cc:d7:b2:35:72:94:67: + cf:76:e8:e3:9e:5a:67:d9:6d:44:e9:12:4c:40:f6: + 56:b9:21:d7:51:4e:68:f5:5b:70:c4:9a:82:38:12: + e3:60:f3:dc:c3:90:e1:41:31:d5:db:8b:87:96:b6: + 45:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 08:E2:C4:5E:E8:5A:C1:B2:5A:B5:7E:1C:A2:8B:FB:31:B2:94:58:70 + X509v3 Authority Key Identifier: + C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + 1.3.6.1.4.1.311.21.10: critical + .... + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 18:3c:42:10:c8:bf:96:cf:17:23:7f:43:d4:bb:5b:d4:fb:4e: + fe:ae:33:af:b3:15:0b:42:20:71:29:08:a6:98:0f:1e:89:b8: + d3:f7:d9:12:13:80:3e:d7:db:a7:ee:1e:d8:fd:e7:ba:47:b1: + 5e:cb:42:30:d7:f6:6c:1e:5b:93:0f:4e:d0:76:2a:24:c8:9c: + d2:fc:39:05:70:47:71:17:05:67:d1:b5:91:b3:40:12:c7:b8: + 9c:de:71:7e:f6:b6:cc:68:f1:44:bb:2e:08:e6:b8:39:37:b4: + 90:00:0c:f9:56:9d:e0:83:fc:14:1c:0d:e5:1f:e3:7f:6d:4d: + 0c:9d:58:5f:cf:78:9a:d1:f6:bb:56:b7:dd:e2:33:74:f6:25: + 06:42:1f:f4:66:74:c0:56:a5:f9:31:16:70:c8:55:eb:fa:b3: + 02:4f:c5:46:c4:86:42:ac:29:7c:5e:40:97:e2:11:a2:d0:2a: + 60:64:07:fc:f3:8f:d9:ca:64:6d:ec:8e:43:38:ab:6b:d4:62: + 93:4a:e4:06:e2:3c:82:4a:3f:af:ea:78:41:51:28:84:69:87: + 1f:52:7b:00:aa:67:05:ec:1f:02:8d:31:34:ae:5e:f5:81:17: + de:72:5a:ef:8d:32:90:fd:fb:c8:a1:b7:eb:31:9c:a8:b2:36: + bd:08:c2:44 +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIUX7q+DQ4DOth+6jftirVUsm+uxKswDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3O85LT6C7UEkm69OxzfiyalHMhZbUj+CFGO7brHMnaK0 +35BCcxTBJJiD5VjEvUwNATG0xU6ipOGP/9iVSn+QUBiBdATgKYLXqL7HtchDkzGZ +MwR7sT+Md0TzZoWTEIh58jAdpTp4gq67tCEqZABbQgcEt6D78Et06CNT2o4MOdry +st/TiJERtWBoJo5YgaPTBirn4N+6iwcP0phsaktUnbY04JnEBLgCBOx95QTyTx5Q +ONTwysfK6LOT1UAUG3clRTh3SZK0Qfr0PszXsjVylGfPdujjnlpn2W1E6RJMQPZW +uSHXUU5o9VtwxJqCOBLjYPPcw5DhQTHV24uHlrZFdQIDAQABo4H1MIHyMB0GA1Ud +DgQWBBQI4sRe6FrBslq1fhyii/sxspRYcDAfBgNVHSMEGDAWgBTJxS7Em+SKkUs4 +75tHDsVD8rJemzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgkrBgEEAYI3FQoBAf8EBAECAwQwDQYJ +KoZIhvcNAQELBQADggEBABg8QhDIv5bPFyN/Q9S7W9T7Tv6uM6+zFQtCIHEpCKaY +Dx6JuNP32RITgD7X26fuHtj957pHsV7LQjDX9mweW5MPTtB2KiTInNL8OQVwR3EX +BWfRtZGzQBLHuJzecX72tsxo8US7LgjmuDk3tJAADPlWneCD/BQcDeUf439tTQyd +WF/PeJrR9rtWt93iM3T2JQZCH/RmdMBWpfkxFnDIVev6swJPxUbEhkKsKXxeQJfi +EaLQKmBkB/zzj9nKZG3sjkM4q2vUYpNK5AbiPIJKP6/qeEFRKIRphx9SewCqZwXs +HwKNMTSuXvWBF95yWu+NMpD9+8iht+sxnKiyNr0IwkQ= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:33:ee:4f:ce:05:2b:47:de:9a:ce:d8:36:a9:40:43:e0:1c:fc:42 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:4d:9e:0c:43:a9:0d:f0:5c:d4:7b:cf:3a:a0: + 8b:01:6e:cb:30:1c:92:3b:b7:49:92:4b:36:7e:bb: + e3:e6:03:98:60:87:ba:52:12:98:9c:6b:e5:f4:6e: + 98:46:8c:fc:c7:c2:af:c5:70:b3:be:bd:b9:ba:7e: + 15:29:e3:34:96:2f:94:70:9f:70:35:a2:da:70:c8: + 62:e0:30:78:5d:b6:81:ee:91:4a:cc:b4:65:62:f3: + 1b:99:c2:65:8b:d5:79:3f:d6:86:e5:58:d5:60:ef: + 27:0a:9c:80:a6:49:a2:d0:50:a6:ae:1f:e3:d4:e3: + 63:4c:33:9d:ab:8e:b2:37:da:9a:7e:8b:36:c3:5f: + 24:9b:b1:51:2b:2a:b4:fd:1f:2a:99:ee:21:71:c8: + 61:65:1c:56:be:7f:91:46:49:15:82:08:50:54:15: + 83:3f:ab:ef:0b:3d:87:ab:d3:82:2d:25:d2:2f:de: + 82:95:b9:25:53:98:4a:16:b8:f8:d4:f7:26:9a:a8: + 97:5e:15:ec:25:5c:fa:f6:2a:f5:2e:48:2c:11:2e: + b2:b4:5c:79:4a:c1:66:49:c6:3a:cd:fd:8b:e3:87: + f2:5f:99:3f:37:00:1e:22:64:86:0a:d0:fb:79:fa: + 2e:e1:54:ac:38:ba:82:c6:bc:48:9c:5e:aa:a3:e9: + 27:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B + X509v3 Authority Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0b:d4:58:a1:0b:ab:a6:15:de:06:ff:0d:2a:90:7b:b7:33:53: + 47:15:9e:58:69:68:d8:29:72:bc:8f:30:26:c4:51:f0:9c:51: + d8:7a:01:25:1f:ef:7b:4e:80:4d:f8:71:98:94:3a:2e:05:0e: + 95:6f:9b:84:32:bd:2e:4b:de:f2:20:ba:39:9e:81:94:0c:35: + 02:48:93:be:de:8f:d1:10:69:3d:77:e0:2d:19:6a:f5:fb:50: + eb:8d:07:14:73:db:66:0f:20:82:8f:a5:1d:8a:0b:b5:62:63: + bf:c0:a1:61:f3:b6:9b:f9:72:60:40:66:9a:c4:59:fe:61:60: + 76:64:d9:e2:de:59:55:2a:12:25:e9:21:0a:ed:50:e1:5e:71: + 57:b9:4e:a9:d8:92:9a:47:79:ac:88:d0:4d:7c:96:73:d4:b6: + 38:b5:39:54:49:63:2a:f8:e8:7e:87:3e:49:26:d6:0f:35:79: + ad:df:b2:3b:08:61:e5:b8:ca:ee:58:71:b3:5c:bd:18:02:ae: + ec:c6:4c:69:65:c3:81:eb:52:0d:d9:9c:12:65:10:28:50:2d: + 4c:95:8f:df:e0:f5:57:7e:55:9d:98:74:2e:d9:a9:d6:0c:6d: + 12:61:f9:b6:6d:51:f8:be:27:93:f8:49:06:72:cc:39:a2:a8: + 2d:ac:fb:0a +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUfDPuT84FK0fems7YNqlAQ+Ac/EIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJdNngxDqQ3wXNR7zzqgiwFuyzAckju3SZJLNn674+YDmGCH +ulISmJxr5fRumEaM/MfCr8Vws769ubp+FSnjNJYvlHCfcDWi2nDIYuAweF22ge6R +Ssy0ZWLzG5nCZYvVeT/WhuVY1WDvJwqcgKZJotBQpq4f49TjY0wznauOsjfamn6L +NsNfJJuxUSsqtP0fKpnuIXHIYWUcVr5/kUZJFYIIUFQVgz+r7ws9h6vTgi0l0i/e +gpW5JVOYSha4+NT3Jpqol14V7CVc+vYq9S5ILBEusrRceUrBZknGOs39i+OH8l+Z +PzcAHiJkhgrQ+3n6LuFUrDi6gsa8SJxeqqPpJ98CAwEAAaOByzCByDAdBgNVHQ4E +FgQUycUuxJvkipFLOO+bRw7FQ/KyXpswHwYDVR0jBBgwFoAUyRsKJ0PF7+VyvJSF +1+X4meFQJI0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAL1FihC6umFd4G/w0qkHu3M1NHFZ5YaWjYKXK8 +jzAmxFHwnFHYegElH+97ToBN+HGYlDouBQ6Vb5uEMr0uS97yILo5noGUDDUCSJO+ +3o/REGk9d+AtGWr1+1DrjQcUc9tmDyCCj6Udigu1YmO/wKFh87ab+XJgQGaaxFn+ +YWB2ZNni3llVKhIl6SEK7VDhXnFXuU6p2JKaR3msiNBNfJZz1LY4tTlUSWMq+Oh+ +hz5JJtYPNXmt37I7CGHluMruWHGzXL0YAq7sxkxpZcOB61IN2ZwSZRAoUC1MlY/f +4PVXflWdmHQu2anWDG0SYfm2bVH4vieT+EkGcsw5oqgtrPsK +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:33:ee:4f:ce:05:2b:47:de:9a:ce:d8:36:a9:40:43:e0:1c:fc:41 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:4d:67:95:5f:5c:db:5a:55:2a:c8:09:cf:ed: + c9:1c:4c:38:f4:53:65:24:ec:f0:15:8d:fb:c5:1b: + 42:fe:b1:59:1d:16:6b:7d:59:62:72:62:9c:b5:08: + c9:c7:f8:d3:02:29:0c:c1:9d:ff:1d:f7:e3:f3:bd: + 33:08:05:ac:2a:52:46:48:f9:41:a7:9a:00:59:78: + 68:17:6a:17:59:0b:b2:e7:3a:de:a7:2d:b4:19:76: + 52:85:22:0c:d5:15:10:7c:a3:25:ca:75:ed:b5:74: + 96:a0:f4:8d:0c:17:42:8e:44:c2:9a:53:ee:58:4a: + f3:0f:ec:c1:20:d9:f7:9b:07:13:b5:59:a7:8d:91: + 5e:51:a8:12:7e:db:e9:ad:ec:da:e7:52:b5:2b:85: + 7c:dd:77:8f:6f:6a:12:24:b7:f5:d7:74:7d:98:e9: + 21:1c:21:ba:e7:fc:52:e4:8d:05:a7:1a:9f:98:a3: + 76:6c:a5:3a:5a:a1:6b:ae:be:bc:25:a5:eb:c1:ad: + 79:5c:d1:03:ca:c9:a6:d3:14:8d:f4:ed:28:6a:16: + 9a:f7:48:32:9b:d2:93:c5:44:f3:23:b0:4b:ff:b1: + aa:06:d3:ba:4e:e4:e3:3d:29:e2:d4:39:05:49:ba: + 1f:4d:f1:7a:c6:df:95:45:bd:07:34:c2:13:14:6c: + 6c:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + X509v3 Authority Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4b:0a:eb:db:66:15:dd:13:18:04:94:a1:cc:10:25:94:50:1d: + 0c:f8:01:c9:c7:ca:00:11:a2:8c:29:39:99:e6:17:0c:4f:8d: + bc:71:ee:b2:b6:9b:22:6b:fa:ec:cf:fd:c6:e8:e5:87:86:8e: + 99:b7:eb:cf:74:25:29:c2:71:76:5a:22:48:49:f1:5a:37:e6: + f7:ff:99:78:10:ca:6f:c0:73:73:71:48:8e:07:50:63:56:98: + 79:f2:f6:46:9a:1c:be:ef:71:c3:37:89:21:6c:a6:d5:24:72: + 8d:79:5a:ec:ef:a1:50:a5:f0:ae:37:af:18:ce:e4:81:2c:30: + 83:1e:14:e0:95:70:b0:ab:c2:8f:72:38:17:07:7a:51:2f:3e: + d3:30:3a:aa:02:6c:35:fe:f3:29:52:fd:b3:fc:d0:d0:80:35: + 3b:bb:58:4e:d0:78:2a:d9:eb:a6:75:aa:4f:df:3c:66:1a:3a: + 03:98:69:cf:97:15:bf:06:ff:9f:6b:4c:78:b6:b2:9c:f9:80: + 41:3d:0f:25:77:63:3c:d8:15:f6:38:b8:fb:94:b1:bf:a9:39: + ef:18:47:f2:88:7d:a6:88:f6:4e:58:c1:59:db:29:dd:e0:3a: + 6f:5b:e2:3e:2b:60:2e:58:18:1c:72:3a:99:eb:99:bb:e6:d7: + c5:07:d5:fa +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUfDPuT84FK0fems7YNqlAQ+Ac/EEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDCTWeVX1zbWlUqyAnP7ckcTDj0U2Uk7PAVjfvFG0L+sVkdFmt9WWJyYpy1 +CMnH+NMCKQzBnf8d9+PzvTMIBawqUkZI+UGnmgBZeGgXahdZC7LnOt6nLbQZdlKF +IgzVFRB8oyXKde21dJag9I0MF0KORMKaU+5YSvMP7MEg2febBxO1WaeNkV5RqBJ+ +2+mt7NrnUrUrhXzdd49vahIkt/XXdH2Y6SEcIbrn/FLkjQWnGp+Yo3ZspTpaoWuu +vrwlpevBrXlc0QPKyabTFI307ShqFpr3SDKb0pPFRPMjsEv/saoG07pO5OM9KeLU +OQVJuh9N8XrG35VFvQc0whMUbGwjAgMBAAGjgcswgcgwHQYDVR0OBBYEFMkbCidD +xe/lcryUhdfl+JnhUCSNMB8GA1UdIwQYMBaAFMkbCidDxe/lcryUhdfl+JnhUCSN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEASwrr22YV3RMYBJShzBAllFAdDPgBycfKABGijCk5meYXDE+N +vHHusrabImv67M/9xujlh4aOmbfrz3QlKcJxdloiSEnxWjfm9/+ZeBDKb8Bzc3FI +jgdQY1aYefL2Rpocvu9xwzeJIWym1SRyjXla7O+hUKXwrjevGM7kgSwwgx4U4JVw +sKvCj3I4Fwd6US8+0zA6qgJsNf7zKVL9s/zQ0IA1O7tYTtB4KtnrpnWqT988Zho6 +A5hpz5cVvwb/n2tMeLaynPmAQT0PJXdjPNgV9ji4+5Sxv6k57xhH8oh9poj2TljB +Wdsp3eA6b1viPitgLlgYHHI6meuZu+bXxQfV+g== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/generate-chains.py new file mode 100755 index 0000000000..b703cc8914 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the target certificate contains an +MSApplicationPolicies extension that is marked as critical and +also contains an extendedKeyUsage extension.""" + +import sys + +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (has unknown critical extension). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().add_property('1.3.6.1.4.1.311.21.10', + 'critical,DER:01:02:03:04') +target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Intermediate.key new file mode 100644 index 0000000000..2fb331e31e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCXTZ4MQ6kN8FzU +e886oIsBbsswHJI7t0mSSzZ+u+PmA5hgh7pSEpica+X0bphGjPzHwq/FcLO+vbm6 +fhUp4zSWL5Rwn3A1otpwyGLgMHhdtoHukUrMtGVi8xuZwmWL1Xk/1oblWNVg7ycK +nICmSaLQUKauH+PU42NMM52rjrI32pp+izbDXySbsVErKrT9HyqZ7iFxyGFlHFa+ +f5FGSRWCCFBUFYM/q+8LPYer04ItJdIv3oKVuSVTmEoWuPjU9yaaqJdeFewlXPr2 +KvUuSCwRLrK0XHlKwWZJxjrN/Yvjh/JfmT83AB4iZIYK0Pt5+i7hVKw4uoLGvEic +Xqqj6SffAgMBAAECggEAIRVNq6zXuD6IbcWsqEsWWffZ4ek9aGVJZv2fKtL2oALF +PMYwzWVXjUxiebH9BeAqHZvKR0e/ZcOias7K3d/aTcSVlpKmPHQhg2utgwvWJdeU +TY/jZSNE0AAMVvCUt6Cz5GuKD3f/IDTqun1B/Bo5yYb5CzXZ4WDfA3h9z1diTKff +2lEUoEDMYHoIQEVkxA/1ZoPwQKK/r8gp40o7BzhjR7h7R59pvnKW65sOE5zQtxkw +ZBDPHP4k92FyP5MQkAiQJed9xzZtGAskQFfzEOpnQor9fGSCUTllImgcoaAuAT2T +mXdrjl9uF4YWNJYKMyyeSM5SztgssAyR2U+zB3PH4QKBgQDOUV6KP/y5uEP9Tqyc +sNVOXhB/F3CHTvh6h8/NFoO5R/tZhb3fnyo+/iwsVnLj7NHxc5c1iHlZSxZrW599 +7Xe2jwrE05XGvxOztKna8CgF2VPzIQhhDV2VZpgAd9yFQmJiwfDLl5mKivtS6ZVD +hBpgFGz6k+rXpE/NI7BbhWRBSQKBgQC7vNM6DHO8Jk4NLvZFAUenmKFz0ruaKEsP +o0QAVCdbS72pvHcgwNXprcdCj6vt9vorvpRZD3EjyvA+iddXw0iyflBU1T4TxtKL +eOGL2KDXxo13KdH0w/OMXL6yyM4tJ+zFsPglM1+jAmq0h3NDdiCqgoGD47Z83HGF +nuIujJ9H5wKBgQCEDPxvjAjbbZ7GkAZWu6+q2vXAAmaZk+fhtO9Bmrlwayvq3njq +mdrWOqRXNHWQgFDXM16CevkAN9j/mcL5PHY0uFTyKWJhtIaNrIJSiQd0xua+ZFQS +mhVdvC5pjk3sVNLX1r2h8UPqso2tQaexcOnYuPoPX4EdyCLzb3Y+/Z9vUQKBgHy6 +TgeSAE5vkImXusxLtmR1tkZyKmuX+46PJP2m62LvZjnf2bGsDDKtXuYs98govzrS +6lJlPQDPsl+KSsSnHKRh4VMLPav7+yPoksjLisjwxEn4QeKBUUzezV+Qo9JCZT9O +fP6SLCbr0yLPnteiIr/F5vBOGI7KEq34ykKs8KHfAoGBAKI+hlLGLnXsztKPOkbi +CGz0TOe3mNRjj79y6Wt3kqLB0IhuvX/JmDuY12hBrKJUvvZrMfQ2VNNlLgCKYtdx +NV3OtbI6d8oVWtEKZ9dHUJKOZSRcKFeUk0c0Vj3H24FM/QhsvGDrxqcMSx5aCdXR +yiy09lmLtH2U2/C8lL9wUcpv +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Root.key new file mode 100644 index 0000000000..520472bd52 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCTWeVX1zbWlUq +yAnP7ckcTDj0U2Uk7PAVjfvFG0L+sVkdFmt9WWJyYpy1CMnH+NMCKQzBnf8d9+Pz +vTMIBawqUkZI+UGnmgBZeGgXahdZC7LnOt6nLbQZdlKFIgzVFRB8oyXKde21dJag +9I0MF0KORMKaU+5YSvMP7MEg2febBxO1WaeNkV5RqBJ+2+mt7NrnUrUrhXzdd49v +ahIkt/XXdH2Y6SEcIbrn/FLkjQWnGp+Yo3ZspTpaoWuuvrwlpevBrXlc0QPKyabT +FI307ShqFpr3SDKb0pPFRPMjsEv/saoG07pO5OM9KeLUOQVJuh9N8XrG35VFvQc0 +whMUbGwjAgMBAAECggEASeclEeR+rhPytt31FXgs+S1osE2T9/KC8r/ZVkQjPDp6 +WZzwb3HzBuzJC/Z2wS+8GmNArdgJc/2YX1nEMjXuIP7AKvtbZIMnxOAOP3GjxcO0 +XUy/6Thx+wlNI8Qqu1VSuwVW12X5bv4UWM4LY+Do+LHgjtCDpGOFhbYYUwV0ryrc +OXr3S1e/QyDvmpiNgoVw5scmSkwEUoziDj6y1TChaKkxcGB55J9gbA5oN7/zPYNi +80+FwieUjivDpTWudT3eUzkbl1jP3RKthflRaoFl60wTHfnf+dkZj4OhL50icAGO +OtM1skSasBgmMpA2jOfU6SM4g+tyA9I/ol0VGtyy+QKBgQD5J4dEAKNrf7ZcTRYP +pSyGEC5jpa9kCV0bAu8RpM9/UyXIkWZR7gA/UaS29SigRLqckbUZv6XNO+I8sLqb +nWZDBEVBnFC1hCZnVy047zAapxAdJObR5Qf43NOIzh4LTAiurjPK15cUyl4MjFcI +Bv/Qusqg9JiQ/xN4ueIDRhi73wKBgQDHpBCOMDYrzz27ny1sZruCrFDEKX7l/xyo +FztZBzCafVaVTKuBqUvGLHses4bU1va6ur5UHSnAeVCGvUKvW5TFXyULL5EleXVT +IlH2Hog7GL+/X+ahoisjiJn+w49A3Vs3DU929p4uCMfj7rwsjX/nRPHHdQv+6Y/r +AZwxXm1YPQKBgQCihEIa/T+bUwakVjPZqKfOGqfnn58z5Vex0swV+ibOqnGuzgir +0E6g/qQuIuOJBsuibPhv/y4rHLCJXc2ay6R0ekiib0/F1pkmNxrsVDhQakB8giF9 +L6NvlLr2NVwrikDvj/mAifemPAn0rWXneolKoUyiiGkryvXsfXMLJ6HiiQKBgQCA +9xs6vyo/YsEeUtWlEThQUcBa9/Nh4EtCyr8r49kh85XbHIwuVo78lf9y9cZD+Bmq +xrfs3mn6TGQYpmpNnXudhLkJYNECxFNmQOVxeIfIpVQ47FqwT3JOog/Y47vGyzgB +eDe9QdMtKb73H2Gv5jiZzY/iqVn2cirmRUQBIF7CgQKBgQDq2kBpy/LQm6vpGsWj +0mPpHx+uOtHD0340UT/B0AXGSihPYZ3qTf+HswMEEzqU258tkgLbd5oLujzm62Np ++kEbcGAfrNxaKWXak+LGtsQsWFbGNyA7s/Ug7Sl0WQVUPxx3bZFzS6AFOHCGrfkS +FQqsl9vf69EDqFfa/wXhnH/cMA== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Target.key new file mode 100644 index 0000000000..6f448a7431 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDc7zktPoLtQSSb +r07HN+LJqUcyFltSP4IUY7tuscydorTfkEJzFMEkmIPlWMS9TA0BMbTFTqKk4Y// +2JVKf5BQGIF0BOApgteovse1yEOTMZkzBHuxP4x3RPNmhZMQiHnyMB2lOniCrru0 +ISpkAFtCBwS3oPvwS3ToI1Pajgw52vKy39OIkRG1YGgmjliBo9MGKufg37qLBw/S +mGxqS1SdtjTgmcQEuAIE7H3lBPJPHlA41PDKx8ros5PVQBQbdyVFOHdJkrRB+vQ+ +zNeyNXKUZ8926OOeWmfZbUTpEkxA9la5IddRTmj1W3DEmoI4EuNg89zDkOFBMdXb +i4eWtkV1AgMBAAECggEAGfzQ/WzudUjl16LnLHt644dUDA9hfjW2hSkhXskZjUCa +b6JQ5qd+Joytaw37f7FmkDQ6vsCxVJ1W/7GysdjPw/7LRLc0Gj3n7yiYZjNgcNEd +453h4idcTEU3L4vZENH01349u8s6af4dWc1S5qtnZfIHEIXQ92LGJW4jtWq4WRpG +KJBuctBXTlZaWhOBF8zFdZ9L5Q4TGkL4T1kUciinoJYhN5JvPHXYmkPjkQ1KdDZO +Th/guT8OKzERa7sQ+dSS8HLkV8WWr1bUj0B7j9mUqk2OUZNOoKY8AYV1glseb7+F +iaYrLcit4Ig7PoBqI150vN0yq60AsWWQc6S0Zfj26wKBgQD47ITCEwpW7FG0h7fq +WS9VT2NmilBqUceBYViVzni6pJ9zMGKUpwA/pbZtVxEalQHaq16i++bLQqb/UpGf +bz+aQx+ig7BWN/feMe6MFhO24x77jPEz1J14dovQ5h9eKssp2rVxAiYiNfKR7E8Q +ARhc/eVlfxejc048uTmE8yi0iwKBgQDjNwTGa+iGb+R3C3CzdyiVhchS5SznxW+q ++BjGcdrJ+UB+zhCrWqYYgBrKEjMcSq0qU4MxpgoiyrK2uNnKrligYJCLUMa0uifi +euMgu2SalPHSljYLuNyOP3s9z2CPBpQdv2koDNJ8zesRIbVPioGeqEmhqZrUr4Ld +zBEWBAot/wKBgCIFSVuw+H/Kypvu1J8N019Ie2BfVQBC7w5qvI2062Eu8K/wk/iX +HnyUbGtjM+47IUa+ly+VWAS9tk88/LQao0m1FNTERMxz18ehcWXp+oXLYsekiq63 +x1HYeeFyIiVfmea9goDQd1/DmcSB1IhubeL/vGNzzEpFjxLTid320cBjAoGBAL7W +5j7WQY4xCt5mEHncGo1DuZbOgGIG9ZzPFtgOpuo/XMlkwKF72Mf5SQbyNFWN71X+ +oNGhmR/RyjsolVzkBPJnSOCKrur69CcIeh5y5rPjaB0tJyW/Vhhv/05SENLwfpVh +wKvv4RcMSWSxQD0Xo3kj9fw/nRkIdU1fafZo3Df3AoGBAPAFfbTfh9ly3sJbd6OC +TjlUDN841nIzRiyP6XDRnOQICW3QghfS770dt8SWbD5qNqHkxbRapm2d4deExf/M +3MZqGGYFyW8o1WHwMM9ER+3xvEFc2DtDsMt5XQ6+w4O9CXFRConFC2kRr8AJZbDC +c4mCN5e/xAbKeV177t8zWybn +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/main.test b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-and-eku/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/chain.pem new file mode 100644 index 0000000000..9be1583c7f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/chain.pem @@ -0,0 +1,267 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the target certificate contains an +MSApplicationPolicies extension that is marked as critical and +does not contain an extendedKeyUsage extension. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1c:c2:ac:ef:39:90:fd:0d:2e:ae:a2:26:22:5f:34:30:06:a4:a3:f3 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:ef:39:2d:3e:82:ed:41:24:9b:af:4e:c7:37: + e2:c9:a9:47:32:16:5b:52:3f:82:14:63:bb:6e:b1: + cc:9d:a2:b4:df:90:42:73:14:c1:24:98:83:e5:58: + c4:bd:4c:0d:01:31:b4:c5:4e:a2:a4:e1:8f:ff:d8: + 95:4a:7f:90:50:18:81:74:04:e0:29:82:d7:a8:be: + c7:b5:c8:43:93:31:99:33:04:7b:b1:3f:8c:77:44: + f3:66:85:93:10:88:79:f2:30:1d:a5:3a:78:82:ae: + bb:b4:21:2a:64:00:5b:42:07:04:b7:a0:fb:f0:4b: + 74:e8:23:53:da:8e:0c:39:da:f2:b2:df:d3:88:91: + 11:b5:60:68:26:8e:58:81:a3:d3:06:2a:e7:e0:df: + ba:8b:07:0f:d2:98:6c:6a:4b:54:9d:b6:34:e0:99: + c4:04:b8:02:04:ec:7d:e5:04:f2:4f:1e:50:38:d4: + f0:ca:c7:ca:e8:b3:93:d5:40:14:1b:77:25:45:38: + 77:49:92:b4:41:fa:f4:3e:cc:d7:b2:35:72:94:67: + cf:76:e8:e3:9e:5a:67:d9:6d:44:e9:12:4c:40:f6: + 56:b9:21:d7:51:4e:68:f5:5b:70:c4:9a:82:38:12: + e3:60:f3:dc:c3:90:e1:41:31:d5:db:8b:87:96:b6: + 45:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 08:E2:C4:5E:E8:5A:C1:B2:5A:B5:7E:1C:A2:8B:FB:31:B2:94:58:70 + X509v3 Authority Key Identifier: + C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + 1.3.6.1.4.1.311.21.10: critical + .... + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 51:39:30:77:b2:7a:4c:83:f5:cb:ad:60:6f:73:cd:b9:35:1f: + dd:a6:8c:da:43:37:65:42:41:95:a5:73:d6:3e:d7:d0:4f:a2: + cd:8d:ee:35:1b:e2:b6:74:68:00:f0:ae:d5:45:75:6f:8f:d9: + 30:f3:10:1d:07:3e:d4:c4:43:39:aa:bd:8f:0c:b7:81:a7:b8: + c5:e7:ad:61:24:a5:33:43:d8:1e:0a:a1:4c:82:61:69:56:0b: + 71:ae:48:7e:80:42:1a:6c:76:04:94:48:ca:0e:05:e1:76:39: + 4b:55:07:4a:bb:ff:3f:9a:48:aa:14:8a:69:ad:35:cd:af:32: + 2e:c2:6e:f3:5d:21:c1:a8:0c:45:af:1b:e5:e4:c5:12:66:ff: + 94:43:6d:9f:4b:c5:b5:7a:a7:4f:42:34:1f:ae:b7:60:dc:81: + 69:5f:23:74:17:52:28:e0:93:ce:d3:5b:83:14:f4:cf:87:d8: + 22:ac:af:d8:05:76:ba:0c:5e:73:ec:b6:12:74:6e:c6:92:be: + f5:8f:2c:cc:7b:4e:b0:32:91:a1:ee:65:06:1c:a0:25:94:1c: + ea:75:f4:50:e6:65:a9:74:ed:b3:f7:ba:7b:45:d7:e2:28:4b: + 3b:d3:66:c6:d9:7f:1d:1d:d7:cc:81:85:ed:0a:8d:f1:5c:c1: + dc:eb:3b:cf +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUHMKs7zmQ/Q0urqImIl80MAako/MwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3O85LT6C7UEkm69OxzfiyalHMhZbUj+CFGO7brHMnaK0 +35BCcxTBJJiD5VjEvUwNATG0xU6ipOGP/9iVSn+QUBiBdATgKYLXqL7HtchDkzGZ +MwR7sT+Md0TzZoWTEIh58jAdpTp4gq67tCEqZABbQgcEt6D78Et06CNT2o4MOdry +st/TiJERtWBoJo5YgaPTBirn4N+6iwcP0phsaktUnbY04JnEBLgCBOx95QTyTx5Q +ONTwysfK6LOT1UAUG3clRTh3SZK0Qfr0PszXsjVylGfPdujjnlpn2W1E6RJMQPZW +uSHXUU5o9VtwxJqCOBLjYPPcw5DhQTHV24uHlrZFdQIDAQABo4HgMIHdMB0GA1Ud +DgQWBBQI4sRe6FrBslq1fhyii/sxspRYcDAfBgNVHSMEGDAWgBTJxS7Em+SKkUs4 +75tHDsVD8rJemzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAUBgkrBgEEAYI3FQoBAf8EBAECAwQwDQYJKoZIhvcNAQELBQADggEBAFE5MHey +ekyD9cutYG9zzbk1H92mjNpDN2VCQZWlc9Y+19BPos2N7jUb4rZ0aADwrtVFdW+P +2TDzEB0HPtTEQzmqvY8Mt4GnuMXnrWEkpTND2B4KoUyCYWlWC3GuSH6AQhpsdgSU +SMoOBeF2OUtVB0q7/z+aSKoUimmtNc2vMi7CbvNdIcGoDEWvG+XkxRJm/5RDbZ9L +xbV6p09CNB+ut2DcgWlfI3QXUijgk87TW4MU9M+H2CKsr9gFdroMXnPsthJ0bsaS +vvWPLMx7TrAykaHuZQYcoCWUHOp19FDmZal07bP3untF1+IoSzvTZsbZfx0d18yB +he0KjfFcwdzrO88= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:69:1e:f2:d2:50:52:75:0d:f7:2f:a6:37:4f:1c:8e:68:ba:05:14 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:4d:9e:0c:43:a9:0d:f0:5c:d4:7b:cf:3a:a0: + 8b:01:6e:cb:30:1c:92:3b:b7:49:92:4b:36:7e:bb: + e3:e6:03:98:60:87:ba:52:12:98:9c:6b:e5:f4:6e: + 98:46:8c:fc:c7:c2:af:c5:70:b3:be:bd:b9:ba:7e: + 15:29:e3:34:96:2f:94:70:9f:70:35:a2:da:70:c8: + 62:e0:30:78:5d:b6:81:ee:91:4a:cc:b4:65:62:f3: + 1b:99:c2:65:8b:d5:79:3f:d6:86:e5:58:d5:60:ef: + 27:0a:9c:80:a6:49:a2:d0:50:a6:ae:1f:e3:d4:e3: + 63:4c:33:9d:ab:8e:b2:37:da:9a:7e:8b:36:c3:5f: + 24:9b:b1:51:2b:2a:b4:fd:1f:2a:99:ee:21:71:c8: + 61:65:1c:56:be:7f:91:46:49:15:82:08:50:54:15: + 83:3f:ab:ef:0b:3d:87:ab:d3:82:2d:25:d2:2f:de: + 82:95:b9:25:53:98:4a:16:b8:f8:d4:f7:26:9a:a8: + 97:5e:15:ec:25:5c:fa:f6:2a:f5:2e:48:2c:11:2e: + b2:b4:5c:79:4a:c1:66:49:c6:3a:cd:fd:8b:e3:87: + f2:5f:99:3f:37:00:1e:22:64:86:0a:d0:fb:79:fa: + 2e:e1:54:ac:38:ba:82:c6:bc:48:9c:5e:aa:a3:e9: + 27:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B + X509v3 Authority Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 6f:9c:74:6f:bc:bd:6e:dc:06:00:4d:f0:a8:e3:e0:0d:56:82: + 09:94:bf:95:95:b9:a4:31:0c:8a:0f:19:55:e2:b7:d8:d3:c4: + 6f:55:b6:ae:19:77:39:4e:43:82:58:3f:7c:da:2a:8c:47:8c: + b0:18:5e:d4:00:0c:af:2f:72:e5:40:aa:42:db:a4:7a:03:9d: + f1:22:f1:c6:ac:cf:18:81:61:73:dd:00:29:63:fd:ca:5a:51: + 69:94:ab:c4:c8:c4:fc:ff:70:1d:a7:5e:11:03:c1:18:41:9b: + 92:e8:03:50:7d:fd:01:d9:32:bf:d5:68:4b:e2:90:88:7c:62: + eb:9f:4b:36:4f:37:8d:63:a0:eb:fb:e5:32:bd:87:3f:4d:9a: + 4f:2c:8b:32:3f:c4:55:a5:d6:e3:cb:83:4a:5a:9e:9f:3d:ec: + 45:5c:d4:ec:5e:51:1d:eb:98:8c:b1:bb:be:5f:a5:0f:7c:75: + b9:2b:a0:63:71:9c:42:76:fc:52:7d:01:54:8f:9c:1a:e0:4d: + 6b:7e:e7:84:6c:8e:af:87:6b:cd:aa:e0:08:1e:8b:7d:d6:e7: + c8:7f:66:3f:ea:d3:2d:99:75:20:f6:8d:34:bd:f0:36:ea:4b: + 3b:70:f1:57:b7:c8:55:a4:11:9b:ce:17:18:21:03:d0:d5:02: + 12:25:23:17 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUcGke8tJQUnUN9y+mN08cjmi6BRQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJdNngxDqQ3wXNR7zzqgiwFuyzAckju3SZJLNn674+YDmGCH +ulISmJxr5fRumEaM/MfCr8Vws769ubp+FSnjNJYvlHCfcDWi2nDIYuAweF22ge6R +Ssy0ZWLzG5nCZYvVeT/WhuVY1WDvJwqcgKZJotBQpq4f49TjY0wznauOsjfamn6L +NsNfJJuxUSsqtP0fKpnuIXHIYWUcVr5/kUZJFYIIUFQVgz+r7ws9h6vTgi0l0i/e +gpW5JVOYSha4+NT3Jpqol14V7CVc+vYq9S5ILBEusrRceUrBZknGOs39i+OH8l+Z +PzcAHiJkhgrQ+3n6LuFUrDi6gsa8SJxeqqPpJ98CAwEAAaOByzCByDAdBgNVHQ4E +FgQUycUuxJvkipFLOO+bRw7FQ/KyXpswHwYDVR0jBBgwFoAUyRsKJ0PF7+VyvJSF +1+X4meFQJI0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBvnHRvvL1u3AYATfCo4+ANVoIJlL+VlbmkMQyK +DxlV4rfY08RvVbauGXc5TkOCWD982iqMR4ywGF7UAAyvL3LlQKpC26R6A53xIvHG +rM8YgWFz3QApY/3KWlFplKvEyMT8/3Adp14RA8EYQZuS6ANQff0B2TK/1WhL4pCI +fGLrn0s2TzeNY6Dr++UyvYc/TZpPLIsyP8RVpdbjy4NKWp6fPexFXNTsXlEd65iM +sbu+X6UPfHW5K6BjcZxCdvxSfQFUj5wa4E1rfueEbI6vh2vNquAIHot91ufIf2Y/ +6tMtmXUg9o00vfA26ks7cPFXt8hVpBGbzhcYIQPQ1QISJSMX +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:69:1e:f2:d2:50:52:75:0d:f7:2f:a6:37:4f:1c:8e:68:ba:05:13 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:4d:67:95:5f:5c:db:5a:55:2a:c8:09:cf:ed: + c9:1c:4c:38:f4:53:65:24:ec:f0:15:8d:fb:c5:1b: + 42:fe:b1:59:1d:16:6b:7d:59:62:72:62:9c:b5:08: + c9:c7:f8:d3:02:29:0c:c1:9d:ff:1d:f7:e3:f3:bd: + 33:08:05:ac:2a:52:46:48:f9:41:a7:9a:00:59:78: + 68:17:6a:17:59:0b:b2:e7:3a:de:a7:2d:b4:19:76: + 52:85:22:0c:d5:15:10:7c:a3:25:ca:75:ed:b5:74: + 96:a0:f4:8d:0c:17:42:8e:44:c2:9a:53:ee:58:4a: + f3:0f:ec:c1:20:d9:f7:9b:07:13:b5:59:a7:8d:91: + 5e:51:a8:12:7e:db:e9:ad:ec:da:e7:52:b5:2b:85: + 7c:dd:77:8f:6f:6a:12:24:b7:f5:d7:74:7d:98:e9: + 21:1c:21:ba:e7:fc:52:e4:8d:05:a7:1a:9f:98:a3: + 76:6c:a5:3a:5a:a1:6b:ae:be:bc:25:a5:eb:c1:ad: + 79:5c:d1:03:ca:c9:a6:d3:14:8d:f4:ed:28:6a:16: + 9a:f7:48:32:9b:d2:93:c5:44:f3:23:b0:4b:ff:b1: + aa:06:d3:ba:4e:e4:e3:3d:29:e2:d4:39:05:49:ba: + 1f:4d:f1:7a:c6:df:95:45:bd:07:34:c2:13:14:6c: + 6c:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + X509v3 Authority Key Identifier: + C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7e:aa:d8:8d:d4:41:51:cf:31:32:fb:1d:02:85:65:63:ca:15: + 1d:03:de:f5:9e:21:15:d0:6c:df:f8:13:ea:54:09:d9:4a:bb: + 28:3c:bc:a1:82:b4:86:c6:05:42:73:ce:7d:4e:a1:15:b5:20: + bc:d8:d7:45:71:cc:f0:7e:77:c9:41:b9:2d:dd:43:a8:54:a5: + 02:d5:eb:6d:af:9b:40:bd:74:28:8e:76:8d:c6:b0:7d:c7:d5: + fe:7e:ec:7f:5a:a9:1e:81:a1:c7:bd:86:b3:fa:8d:09:c7:3e: + 6c:a9:fd:45:8e:c4:2b:ff:3e:9d:49:0b:aa:9e:a7:9e:1c:e0: + d2:4c:56:db:4c:f9:9b:93:09:0e:51:57:11:20:7d:6a:fb:c3: + 57:b9:35:23:3c:4f:39:38:e1:d2:e6:39:d9:2b:9c:1a:1b:42: + c7:11:a3:cc:b8:19:5e:fb:93:e8:27:38:95:fb:d3:00:ee:19: + 30:5a:5e:38:0f:42:fe:58:2b:f9:e2:3e:66:2f:5b:54:5c:23: + 29:83:09:d2:62:7d:96:a1:16:b9:6c:c7:54:66:77:5b:18:2a: + dd:af:fb:fa:01:16:fc:7d:4c:16:77:e2:60:2c:7b:4f:c3:db: + 72:a1:e0:cf:6e:31:28:1e:9a:15:7f:a8:25:2b:a6:b0:e3:0c: + 7a:8a:91:ca +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUcGke8tJQUnUN9y+mN08cjmi6BRMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDCTWeVX1zbWlUqyAnP7ckcTDj0U2Uk7PAVjfvFG0L+sVkdFmt9WWJyYpy1 +CMnH+NMCKQzBnf8d9+PzvTMIBawqUkZI+UGnmgBZeGgXahdZC7LnOt6nLbQZdlKF +IgzVFRB8oyXKde21dJag9I0MF0KORMKaU+5YSvMP7MEg2febBxO1WaeNkV5RqBJ+ +2+mt7NrnUrUrhXzdd49vahIkt/XXdH2Y6SEcIbrn/FLkjQWnGp+Yo3ZspTpaoWuu +vrwlpevBrXlc0QPKyabTFI307ShqFpr3SDKb0pPFRPMjsEv/saoG07pO5OM9KeLU +OQVJuh9N8XrG35VFvQc0whMUbGwjAgMBAAGjgcswgcgwHQYDVR0OBBYEFMkbCidD +xe/lcryUhdfl+JnhUCSNMB8GA1UdIwQYMBaAFMkbCidDxe/lcryUhdfl+JnhUCSN +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAfqrYjdRBUc8xMvsdAoVlY8oVHQPe9Z4hFdBs3/gT6lQJ2Uq7 +KDy8oYK0hsYFQnPOfU6hFbUgvNjXRXHM8H53yUG5Ld1DqFSlAtXrba+bQL10KI52 +jcawfcfV/n7sf1qpHoGhx72Gs/qNCcc+bKn9RY7EK/8+nUkLqp6nnhzg0kxW20z5 +m5MJDlFXESB9avvDV7k1IzxPOTjh0uY52SucGhtCxxGjzLgZXvuT6Cc4lfvTAO4Z +MFpeOA9C/lgr+eI+Zi9bVFwjKYMJ0mJ9lqEWuWzHVGZ3Wxgq3a/7+gEW/H1MFnfi +YCx7T8PbcqHgz24xKB6aFX+oJSumsOMMeoqRyg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/generate-chains.py new file mode 100755 index 0000000000..a2f34a7666 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the target certificate contains an +MSApplicationPolicies extension that is marked as critical and +does not contain an extendedKeyUsage extension.""" + +import sys + +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (has unknown critical extension). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().add_property('1.3.6.1.4.1.311.21.10', + 'critical,DER:01:02:03:04') +target.get_extensions().remove_property('extendedKeyUsage') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Intermediate.key new file mode 100644 index 0000000000..2fb331e31e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Intermediate.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCXTZ4MQ6kN8FzU +e886oIsBbsswHJI7t0mSSzZ+u+PmA5hgh7pSEpica+X0bphGjPzHwq/FcLO+vbm6 +fhUp4zSWL5Rwn3A1otpwyGLgMHhdtoHukUrMtGVi8xuZwmWL1Xk/1oblWNVg7ycK +nICmSaLQUKauH+PU42NMM52rjrI32pp+izbDXySbsVErKrT9HyqZ7iFxyGFlHFa+ +f5FGSRWCCFBUFYM/q+8LPYer04ItJdIv3oKVuSVTmEoWuPjU9yaaqJdeFewlXPr2 +KvUuSCwRLrK0XHlKwWZJxjrN/Yvjh/JfmT83AB4iZIYK0Pt5+i7hVKw4uoLGvEic +Xqqj6SffAgMBAAECggEAIRVNq6zXuD6IbcWsqEsWWffZ4ek9aGVJZv2fKtL2oALF +PMYwzWVXjUxiebH9BeAqHZvKR0e/ZcOias7K3d/aTcSVlpKmPHQhg2utgwvWJdeU +TY/jZSNE0AAMVvCUt6Cz5GuKD3f/IDTqun1B/Bo5yYb5CzXZ4WDfA3h9z1diTKff +2lEUoEDMYHoIQEVkxA/1ZoPwQKK/r8gp40o7BzhjR7h7R59pvnKW65sOE5zQtxkw +ZBDPHP4k92FyP5MQkAiQJed9xzZtGAskQFfzEOpnQor9fGSCUTllImgcoaAuAT2T +mXdrjl9uF4YWNJYKMyyeSM5SztgssAyR2U+zB3PH4QKBgQDOUV6KP/y5uEP9Tqyc +sNVOXhB/F3CHTvh6h8/NFoO5R/tZhb3fnyo+/iwsVnLj7NHxc5c1iHlZSxZrW599 +7Xe2jwrE05XGvxOztKna8CgF2VPzIQhhDV2VZpgAd9yFQmJiwfDLl5mKivtS6ZVD +hBpgFGz6k+rXpE/NI7BbhWRBSQKBgQC7vNM6DHO8Jk4NLvZFAUenmKFz0ruaKEsP +o0QAVCdbS72pvHcgwNXprcdCj6vt9vorvpRZD3EjyvA+iddXw0iyflBU1T4TxtKL +eOGL2KDXxo13KdH0w/OMXL6yyM4tJ+zFsPglM1+jAmq0h3NDdiCqgoGD47Z83HGF +nuIujJ9H5wKBgQCEDPxvjAjbbZ7GkAZWu6+q2vXAAmaZk+fhtO9Bmrlwayvq3njq +mdrWOqRXNHWQgFDXM16CevkAN9j/mcL5PHY0uFTyKWJhtIaNrIJSiQd0xua+ZFQS +mhVdvC5pjk3sVNLX1r2h8UPqso2tQaexcOnYuPoPX4EdyCLzb3Y+/Z9vUQKBgHy6 +TgeSAE5vkImXusxLtmR1tkZyKmuX+46PJP2m62LvZjnf2bGsDDKtXuYs98govzrS +6lJlPQDPsl+KSsSnHKRh4VMLPav7+yPoksjLisjwxEn4QeKBUUzezV+Qo9JCZT9O +fP6SLCbr0yLPnteiIr/F5vBOGI7KEq34ykKs8KHfAoGBAKI+hlLGLnXsztKPOkbi +CGz0TOe3mNRjj79y6Wt3kqLB0IhuvX/JmDuY12hBrKJUvvZrMfQ2VNNlLgCKYtdx +NV3OtbI6d8oVWtEKZ9dHUJKOZSRcKFeUk0c0Vj3H24FM/QhsvGDrxqcMSx5aCdXR +yiy09lmLtH2U2/C8lL9wUcpv +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Root.key new file mode 100644 index 0000000000..520472bd52 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCTWeVX1zbWlUq +yAnP7ckcTDj0U2Uk7PAVjfvFG0L+sVkdFmt9WWJyYpy1CMnH+NMCKQzBnf8d9+Pz +vTMIBawqUkZI+UGnmgBZeGgXahdZC7LnOt6nLbQZdlKFIgzVFRB8oyXKde21dJag +9I0MF0KORMKaU+5YSvMP7MEg2febBxO1WaeNkV5RqBJ+2+mt7NrnUrUrhXzdd49v +ahIkt/XXdH2Y6SEcIbrn/FLkjQWnGp+Yo3ZspTpaoWuuvrwlpevBrXlc0QPKyabT +FI307ShqFpr3SDKb0pPFRPMjsEv/saoG07pO5OM9KeLUOQVJuh9N8XrG35VFvQc0 +whMUbGwjAgMBAAECggEASeclEeR+rhPytt31FXgs+S1osE2T9/KC8r/ZVkQjPDp6 +WZzwb3HzBuzJC/Z2wS+8GmNArdgJc/2YX1nEMjXuIP7AKvtbZIMnxOAOP3GjxcO0 +XUy/6Thx+wlNI8Qqu1VSuwVW12X5bv4UWM4LY+Do+LHgjtCDpGOFhbYYUwV0ryrc +OXr3S1e/QyDvmpiNgoVw5scmSkwEUoziDj6y1TChaKkxcGB55J9gbA5oN7/zPYNi +80+FwieUjivDpTWudT3eUzkbl1jP3RKthflRaoFl60wTHfnf+dkZj4OhL50icAGO +OtM1skSasBgmMpA2jOfU6SM4g+tyA9I/ol0VGtyy+QKBgQD5J4dEAKNrf7ZcTRYP +pSyGEC5jpa9kCV0bAu8RpM9/UyXIkWZR7gA/UaS29SigRLqckbUZv6XNO+I8sLqb +nWZDBEVBnFC1hCZnVy047zAapxAdJObR5Qf43NOIzh4LTAiurjPK15cUyl4MjFcI +Bv/Qusqg9JiQ/xN4ueIDRhi73wKBgQDHpBCOMDYrzz27ny1sZruCrFDEKX7l/xyo +FztZBzCafVaVTKuBqUvGLHses4bU1va6ur5UHSnAeVCGvUKvW5TFXyULL5EleXVT +IlH2Hog7GL+/X+ahoisjiJn+w49A3Vs3DU929p4uCMfj7rwsjX/nRPHHdQv+6Y/r +AZwxXm1YPQKBgQCihEIa/T+bUwakVjPZqKfOGqfnn58z5Vex0swV+ibOqnGuzgir +0E6g/qQuIuOJBsuibPhv/y4rHLCJXc2ay6R0ekiib0/F1pkmNxrsVDhQakB8giF9 +L6NvlLr2NVwrikDvj/mAifemPAn0rWXneolKoUyiiGkryvXsfXMLJ6HiiQKBgQCA +9xs6vyo/YsEeUtWlEThQUcBa9/Nh4EtCyr8r49kh85XbHIwuVo78lf9y9cZD+Bmq +xrfs3mn6TGQYpmpNnXudhLkJYNECxFNmQOVxeIfIpVQ47FqwT3JOog/Y47vGyzgB +eDe9QdMtKb73H2Gv5jiZzY/iqVn2cirmRUQBIF7CgQKBgQDq2kBpy/LQm6vpGsWj +0mPpHx+uOtHD0340UT/B0AXGSihPYZ3qTf+HswMEEzqU258tkgLbd5oLujzm62Np ++kEbcGAfrNxaKWXak+LGtsQsWFbGNyA7s/Ug7Sl0WQVUPxx3bZFzS6AFOHCGrfkS +FQqsl9vf69EDqFfa/wXhnH/cMA== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Target.key new file mode 100644 index 0000000000..6f448a7431 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDc7zktPoLtQSSb +r07HN+LJqUcyFltSP4IUY7tuscydorTfkEJzFMEkmIPlWMS9TA0BMbTFTqKk4Y// +2JVKf5BQGIF0BOApgteovse1yEOTMZkzBHuxP4x3RPNmhZMQiHnyMB2lOniCrru0 +ISpkAFtCBwS3oPvwS3ToI1Pajgw52vKy39OIkRG1YGgmjliBo9MGKufg37qLBw/S +mGxqS1SdtjTgmcQEuAIE7H3lBPJPHlA41PDKx8ros5PVQBQbdyVFOHdJkrRB+vQ+ +zNeyNXKUZ8926OOeWmfZbUTpEkxA9la5IddRTmj1W3DEmoI4EuNg89zDkOFBMdXb +i4eWtkV1AgMBAAECggEAGfzQ/WzudUjl16LnLHt644dUDA9hfjW2hSkhXskZjUCa +b6JQ5qd+Joytaw37f7FmkDQ6vsCxVJ1W/7GysdjPw/7LRLc0Gj3n7yiYZjNgcNEd +453h4idcTEU3L4vZENH01349u8s6af4dWc1S5qtnZfIHEIXQ92LGJW4jtWq4WRpG +KJBuctBXTlZaWhOBF8zFdZ9L5Q4TGkL4T1kUciinoJYhN5JvPHXYmkPjkQ1KdDZO +Th/guT8OKzERa7sQ+dSS8HLkV8WWr1bUj0B7j9mUqk2OUZNOoKY8AYV1glseb7+F +iaYrLcit4Ig7PoBqI150vN0yq60AsWWQc6S0Zfj26wKBgQD47ITCEwpW7FG0h7fq +WS9VT2NmilBqUceBYViVzni6pJ9zMGKUpwA/pbZtVxEalQHaq16i++bLQqb/UpGf +bz+aQx+ig7BWN/feMe6MFhO24x77jPEz1J14dovQ5h9eKssp2rVxAiYiNfKR7E8Q +ARhc/eVlfxejc048uTmE8yi0iwKBgQDjNwTGa+iGb+R3C3CzdyiVhchS5SznxW+q ++BjGcdrJ+UB+zhCrWqYYgBrKEjMcSq0qU4MxpgoiyrK2uNnKrligYJCLUMa0uifi +euMgu2SalPHSljYLuNyOP3s9z2CPBpQdv2koDNJ8zesRIbVPioGeqEmhqZrUr4Ld +zBEWBAot/wKBgCIFSVuw+H/Kypvu1J8N019Ie2BfVQBC7w5qvI2062Eu8K/wk/iX +HnyUbGtjM+47IUa+ly+VWAS9tk88/LQao0m1FNTERMxz18ehcWXp+oXLYsekiq63 +x1HYeeFyIiVfmea9goDQd1/DmcSB1IhubeL/vGNzzEpFjxLTid320cBjAoGBAL7W +5j7WQY4xCt5mEHncGo1DuZbOgGIG9ZzPFtgOpuo/XMlkwKF72Mf5SQbyNFWN71X+ +oNGhmR/RyjsolVzkBPJnSOCKrur69CcIeh5y5rPjaB0tJyW/Vhhv/05SENLwfpVh +wKvv4RcMSWSxQD0Xo3kj9fw/nRkIdU1fafZo3Df3AoGBAPAFfbTfh9ly3sJbd6OC +TjlUDN841nIzRiyP6XDRnOQICW3QghfS770dt8SWbD5qNqHkxbRapm2d4deExf/M +3MZqGGYFyW8o1WHwMM9ER+3xvEFc2DtDsMt5XQ6+w4O9CXFRConFC2kRr8AJZbDC +c4mCN5e/xAbKeV177t8zWybn +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/main.test b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/main.test new file mode 100644 index 0000000000..39a8c275ad --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-msapplicationpolicies-no-eku/main.test @@ -0,0 +1,11 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage +ERROR: Unconsumed critical extension + oid: 2B060104018237150A + value: 01020304 + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/chain.pem new file mode 100644 index 0000000000..b87e6a3c51 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/chain.pem @@ -0,0 +1,275 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate is a CA rather than an +end-entity certificate (based on the basic constraints extension). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4d:a4:86:6a:41:8e:28:fd:af:66:05:2a:fc:73:db:94:88:ab:21:08 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:45:4e:2d:c7:c9:c2:ab:e9:b7:ff:2f:3a:09: + f2:64:ea:bc:ea:9c:34:fa:39:c1:2d:c2:38:c3:51: + ec:7b:06:6e:21:c6:7b:a0:04:ec:e3:dd:5a:72:0a: + 0f:bc:73:37:7f:01:7e:02:3d:d5:cb:7a:2d:cc:b3: + c7:d9:cb:44:0e:d6:a3:1d:dc:69:08:80:50:ce:2b: + 9b:a3:8d:3f:4e:79:55:ea:cc:94:81:7a:9d:fc:54: + f5:15:9e:17:99:e2:30:9b:67:55:4c:79:cc:85:13: + ca:38:af:ec:df:a5:50:bc:b8:ff:0a:4e:12:be:5e: + de:64:d3:ac:7d:f5:cc:3f:9a:b5:94:32:75:65:8e: + 47:b0:81:d7:c8:27:5f:7c:44:31:53:6d:93:36:6f: + 54:99:dc:82:24:7c:ab:14:eb:67:2f:3b:10:a4:cb: + 56:34:05:f4:b1:fc:12:42:dd:3c:dc:16:0f:d1:8f: + f0:87:fa:07:b4:fa:3d:7a:47:c0:dc:95:09:77:9c: + 28:b3:a3:ae:9e:72:d3:bc:3b:a5:57:f7:31:3b:4f: + 76:30:a2:43:56:74:f9:3b:7b:f7:ec:43:64:3e:56: + aa:93:53:d4:4a:5a:84:8b:fb:68:43:17:a4:20:13: + 07:e0:aa:7f:b1:c3:36:15:8b:b3:ec:e2:e6:d6:4a: + 5f:83 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 93:E1:6A:2B:C0:A8:CA:CA:A9:B3:28:0E:8B:11:FF:0B:B0:24:73:F6 + X509v3 Authority Key Identifier: + keyid:9A:2E:6F:0B:96:F4:DF:5E:32:32:96:E5:03:2A:FA:DD:98:12:55:EE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3b:1b:cf:43:25:88:9a:60:97:96:37:99:75:4d:6c:e6:51:fb: + f7:4e:bc:90:c5:d4:3b:ce:62:22:11:26:fd:56:58:7c:7b:c4: + b7:d4:50:ce:89:6d:4f:4d:7f:dc:42:e5:d4:78:aa:7b:0f:78: + 5c:9b:17:be:d5:6e:7c:8e:7a:29:eb:eb:19:64:98:b9:94:ea: + fe:bc:1b:7a:52:b3:1b:c5:7f:b2:9b:1a:fc:f5:13:40:5b:14: + 3d:cb:c2:b5:e6:d9:5b:69:5f:66:09:9a:d2:68:8a:34:5b:3f: + 8b:d1:e9:dc:00:d1:fa:f2:0a:5a:71:c9:63:55:87:8a:f2:af: + 72:34:94:31:8f:06:5c:45:80:fa:e4:32:70:6d:8d:39:c8:2c: + 78:8e:10:c6:ef:a0:ec:c1:4f:ba:49:2f:9b:8c:43:e0:4c:47: + 7f:d5:c9:92:db:ac:36:9a:71:f4:aa:d6:7c:45:c1:a7:e9:3e: + 39:f1:e7:88:e0:ca:f5:93:d0:ba:c7:ab:36:09:5e:49:e7:8c: + 9a:aa:98:aa:86:47:77:87:1f:34:4f:f6:56:84:be:5e:e7:f4: + 6e:f7:23:d1:7c:3c:98:82:5c:89:b9:cc:ba:d4:f2:f9:4d:ec: + 3a:63:80:06:1a:a3:25:48:80:c6:22:dd:09:6c:c6:d2:20:68: + 49:23:f2:ab +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIUTaSGakGOKP2vZgUq/HPblIirIQgwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEApUVOLcfJwqvpt/8vOgnyZOq86pw0+jnBLcI4w1HsewZu +IcZ7oATs491acgoPvHM3fwF+Aj3Vy3otzLPH2ctEDtajHdxpCIBQziubo40/TnlV +6syUgXqd/FT1FZ4XmeIwm2dVTHnMhRPKOK/s36VQvLj/Ck4Svl7eZNOsffXMP5q1 +lDJ1ZY5HsIHXyCdffEQxU22TNm9UmdyCJHyrFOtnLzsQpMtWNAX0sfwSQt083BYP +0Y/wh/oHtPo9ekfA3JUJd5wos6OunnLTvDulV/cxO092MKJDVnT5O3v37ENkPlaq +k1PUSlqEi/toQxekIBMH4Kp/scM2FYuz7OLm1kpfgwIDAQABo4HbMIHYMB0GA1Ud +DgQWBBST4WorwKjKyqmzKA6LEf8LsCRz9jAfBgNVHSMEGDAWgBSaLm8LlvTfXjIy +luUDKvrdmBJV7jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA7G89DJYiaYJeW +N5l1TWzmUfv3TryQxdQ7zmIiESb9Vlh8e8S31FDOiW1PTX/cQuXUeKp7D3hcmxe+ +1W58jnop6+sZZJi5lOr+vBt6UrMbxX+ymxr89RNAWxQ9y8K15tlbaV9mCZrSaIo0 +Wz+L0encANH68gpaccljVYeK8q9yNJQxjwZcRYD65DJwbY05yCx4jhDG76DswU+6 +SS+bjEPgTEd/1cmS26w2mnH0qtZ8RcGn6T458eeI4Mr1k9C6x6s2CV5J54yaqpiq +hkd3hx80T/ZWhL5e5/Ru9yPRfDyYglyJucy61PL5Tew6Y4AGGqMlSIDGIt0JbMbS +IGhJI/Kr +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1e:c3:39:90:77:32:c2:7e:ea:1a:68:8b:35:f3:20:6c:3d:1d:57:65 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:94:35:8b:85:75:a2:74:1e:b4:bd:5c:9b:e2: + 7a:87:32:a1:df:63:d4:5c:10:c8:3c:c2:7e:aa:53: + 09:d8:fa:ce:14:bd:80:a7:b3:cb:4b:84:af:fc:c8: + de:97:38:d8:17:cd:1d:6a:65:39:b5:27:36:bc:64: + 9a:4f:2d:91:5f:34:2b:f2:83:fa:2b:ea:1c:6e:5f: + 60:09:c3:70:94:0f:bd:0c:eb:e2:a0:ba:43:5a:3a: + dd:3e:02:99:52:4a:28:e2:e4:dc:18:95:3a:bd:44: + 6f:c1:a2:3e:6f:43:57:60:a4:70:17:ae:42:d1:9c: + 7c:08:7f:f0:77:93:78:59:b2:c4:39:db:28:cd:19: + 42:78:c5:00:a2:3a:6f:ef:57:a7:22:d5:87:6a:26: + c4:d1:9f:18:70:05:43:9c:72:a1:03:79:47:ba:f5: + 64:f9:0f:63:c1:fe:70:3f:f0:5c:92:44:e6:71:88: + 0e:ec:13:0c:45:33:93:b8:3c:c2:fe:07:7d:0e:b2: + bb:2f:19:69:d0:d1:9c:77:77:48:54:ca:5d:0f:8e: + 6d:8d:27:37:61:45:12:de:22:6c:da:2f:23:9f:d1: + 0f:38:03:75:b4:53:ba:81:17:4a:83:93:19:4b:56: + 4e:31:63:12:6f:89:5c:5c:7b:1b:49:fc:6a:a0:8a: + 54:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9A:2E:6F:0B:96:F4:DF:5E:32:32:96:E5:03:2A:FA:DD:98:12:55:EE + X509v3 Authority Key Identifier: + keyid:19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 44:62:37:44:99:36:0e:d9:27:a8:40:bb:43:49:e2:ff:17:8b: + a8:0c:f8:ab:18:c3:f8:6f:07:bb:cd:e6:3b:33:05:2e:34:2d: + b8:01:53:9c:88:27:b8:c0:74:d1:23:e3:36:1f:43:05:98:38: + 6c:26:94:67:62:73:77:73:d7:c0:b0:57:65:f2:cb:7d:03:ef: + a0:46:0b:ff:52:f0:db:cf:f3:9d:d9:21:bf:f3:ae:59:d7:03: + ce:e0:0c:34:ec:53:20:8b:be:16:55:a2:96:86:e6:2e:18:d2: + 4f:bd:49:71:aa:52:19:ce:a5:d7:01:28:53:2a:42:3d:e1:a2: + 22:84:72:86:f6:40:f5:3b:78:80:0e:c9:f4:70:30:00:31:ed: + 53:37:7e:9e:e0:fe:2d:6d:b4:6a:1c:10:d4:59:d8:e3:09:d5: + 62:8a:a3:37:06:74:51:18:f0:63:26:9b:2a:3f:8c:c3:2e:14: + e7:71:69:2e:f3:d2:c9:39:cf:28:c7:16:be:68:b4:c5:25:da: + 15:f0:9d:05:9b:54:0d:61:d1:d1:d4:2e:8c:85:6b:c2:eb:9c: + 89:89:62:1b:e2:f7:96:f6:d7:8b:c0:0a:b7:51:3c:41:e1:f2: + b7:46:30:92:e9:e3:4e:eb:66:a7:c0:47:44:bb:e8:62:42:8d: + 71:39:ab:1e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUHsM5kHcywn7qGmiLNfMgbD0dV2UwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALKUNYuFdaJ0HrS9XJvieocyod9j1FwQyDzCfqpTCdj6zhS9 +gKezy0uEr/zI3pc42BfNHWplObUnNrxkmk8tkV80K/KD+ivqHG5fYAnDcJQPvQzr +4qC6Q1o63T4CmVJKKOLk3BiVOr1Eb8GiPm9DV2CkcBeuQtGcfAh/8HeTeFmyxDnb +KM0ZQnjFAKI6b+9XpyLVh2omxNGfGHAFQ5xyoQN5R7r1ZPkPY8H+cD/wXJJE5nGI +DuwTDEUzk7g8wv4HfQ6yuy8ZadDRnHd3SFTKXQ+ObY0nN2FFEt4ibNovI5/RDzgD +dbRTuoEXSoOTGUtWTjFjEm+JXFx7G0n8aqCKVI0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUmi5vC5b0314yMpblAyr63ZgSVe4wHwYDVR0jBBgwFoAUGftSLrHXdhnbiwWD +vmLKC0hudQ4wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBEYjdEmTYO2SeoQLtDSeL/F4uoDPirGMP4bwe7 +zeY7MwUuNC24AVOciCe4wHTRI+M2H0MFmDhsJpRnYnN3c9fAsFdl8st9A++gRgv/ +UvDbz/Od2SG/865Z1wPO4Aw07FMgi74WVaKWhuYuGNJPvUlxqlIZzqXXAShTKkI9 +4aIihHKG9kD1O3iADsn0cDAAMe1TN36e4P4tbbRqHBDUWdjjCdViiqM3BnRRGPBj +JpsqP4zDLhTncWku89LJOc8oxxa+aLTFJdoV8J0Fm1QNYdHR1C6MhWvC65yJiWIb +4veW9teLwAq3UTxB4fK3RjCS6eNO62anwEdEu+hiQo1xOase +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1e:c3:39:90:77:32:c2:7e:ea:1a:68:8b:35:f3:20:6c:3d:1d:57:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cd:cf:00:37:2d:30:07:b1:79:ce:1c:2f:e5:de: + 14:66:f0:c4:c9:65:94:d5:d8:86:9b:f8:3e:fa:8f: + 2a:f6:45:59:3f:2b:e2:ca:27:da:e1:63:8b:cd:3d: + 9d:f7:9c:fd:a8:c0:34:87:d3:7a:ff:50:a2:43:8c: + 96:db:d7:a9:43:bd:e9:f9:ac:f2:6c:85:e7:46:33: + 4b:4b:32:2f:62:fb:86:5e:f7:70:74:24:b7:a7:9b: + f5:1c:ba:d2:06:93:d4:2c:7e:94:de:64:d4:df:a5: + d7:07:f0:57:32:76:e8:d8:dc:10:37:54:24:73:34: + 1d:7f:fe:8a:5f:21:40:b4:cd:aa:ab:a6:ea:9b:f3: + 6e:eb:45:0f:52:f2:0b:aa:5f:0c:bd:69:b4:bc:c5: + ba:eb:36:29:07:62:9c:f1:26:59:89:04:b7:87:c6: + 5b:9e:e9:93:af:81:f2:29:21:8a:fc:99:93:2d:d9: + 8a:0e:5a:43:b1:d8:31:42:e3:70:ab:5d:ed:7c:bc: + 08:71:27:e9:8f:f2:ac:09:12:be:28:91:31:c7:89: + a4:e3:0a:07:e5:c0:f4:6c:fa:53:4f:1f:71:3a:42: + c7:b3:25:56:fc:69:ce:98:99:d6:fa:b4:e2:3d:c7: + 4c:b8:f2:a9:c7:39:3e:dd:60:e6:06:dd:68:f9:ec: + 55:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E + X509v3 Authority Key Identifier: + keyid:19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 20:f5:24:c4:1a:b4:5e:99:ec:db:65:89:a5:41:d3:eb:0e:78: + 85:18:3a:db:c2:37:ca:c7:3c:d7:ba:ac:14:bf:ce:31:8c:fb: + 8b:8c:53:a1:bd:c6:1f:13:82:e3:90:0a:a8:9e:bb:58:00:8f: + 37:bb:04:59:60:87:56:04:3f:0b:0a:60:e0:57:54:29:81:b3: + 07:d1:05:01:b6:72:ba:28:55:c1:d1:62:af:9c:f8:c8:4b:fa: + c4:6a:51:94:13:63:74:2a:61:9a:c9:f5:75:1b:3c:db:d4:0a: + 8b:cb:ef:f8:ae:9e:f5:ae:e3:9f:8e:94:54:08:80:45:f4:50: + 5a:41:cb:f2:ae:58:b3:cf:c0:97:16:af:19:7a:d6:17:39:8e: + 17:49:8b:a4:70:de:af:ee:80:01:dc:1f:29:52:70:16:9f:61: + ef:1c:a4:44:90:17:9d:b3:b0:cc:c6:d5:cc:6a:14:d7:92:a3: + e5:09:9f:96:23:c8:08:4c:09:4c:c1:a3:03:cf:b5:56:1a:49: + 12:52:f4:f7:a7:78:d4:f0:89:89:97:ff:52:21:0a:05:7a:6d: + e8:4b:b6:8f:a5:4d:ed:a0:13:06:97:d0:75:5d:d4:00:d9:31: + 2a:3c:cd:45:e1:fc:0f:be:a5:58:a6:94:52:0c:96:95:39:4c: + e7:64:73:4e +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUHsM5kHcywn7qGmiLNfMgbD0dV2QwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDNzwA3LTAHsXnOHC/l3hRm8MTJZZTV2Iab+D76jyr2RVk/K+LKJ9rhY4vN +PZ33nP2owDSH03r/UKJDjJbb16lDven5rPJshedGM0tLMi9i+4Ze93B0JLenm/Uc +utIGk9QsfpTeZNTfpdcH8FcydujY3BA3VCRzNB1//opfIUC0zaqrpuqb827rRQ9S +8guqXwy9abS8xbrrNikHYpzxJlmJBLeHxlue6ZOvgfIpIYr8mZMt2YoOWkOx2DFC +43CrXe18vAhxJ+mP8qwJEr4okTHHiaTjCgflwPRs+lNPH3E6QsezJVb8ac6Ymdb6 +tOI9x0y48qnHOT7dYOYG3Wj57FU7AgMBAAGjgcswgcgwHQYDVR0OBBYEFBn7Ui6x +13YZ24sFg75iygtIbnUOMB8GA1UdIwQYMBaAFBn7Ui6x13YZ24sFg75iygtIbnUO +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAIPUkxBq0Xpns22WJpUHT6w54hRg628I3ysc817qsFL/OMYz7 +i4xTob3GHxOC45AKqJ67WACPN7sEWWCHVgQ/Cwpg4FdUKYGzB9EFAbZyuihVwdFi +r5z4yEv6xGpRlBNjdCphmsn1dRs829QKi8vv+K6e9a7jn46UVAiARfRQWkHL8q5Y +s8/AlxavGXrWFzmOF0mLpHDer+6AAdwfKVJwFp9h7xykRJAXnbOwzMbVzGoU15Kj +5QmfliPICEwJTMGjA8+1VhpJElL096d41PCJiZf/UiEKBXpt6Eu2j6VN7aATBpfQ +dV3UANkxKjzNReH8D76lWKaUUgyWlTlM52RzTg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/generate-chains.py new file mode 100755 index 0000000000..89a0a3b930 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/generate-chains.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate is a CA rather than an +end-entity certificate (based on the basic constraints extension).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (is also a CA) +target = gencerts.create_intermediate_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Intermediate.key new file mode 100644 index 0000000000..4bf5ec428b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAspQ1i4V1onQetL1cm+J6hzKh32PUXBDIPMJ+qlMJ2PrOFL2A +p7PLS4Sv/MjelzjYF80damU5tSc2vGSaTy2RXzQr8oP6K+ocbl9gCcNwlA+9DOvi +oLpDWjrdPgKZUkoo4uTcGJU6vURvwaI+b0NXYKRwF65C0Zx8CH/wd5N4WbLEOdso +zRlCeMUAojpv71enItWHaibE0Z8YcAVDnHKhA3lHuvVk+Q9jwf5wP/BckkTmcYgO +7BMMRTOTuDzC/gd9DrK7Lxlp0NGcd3dIVMpdD45tjSc3YUUS3iJs2i8jn9EPOAN1 +tFO6gRdKg5MZS1ZOMWMSb4lcXHsbSfxqoIpUjQIDAQABAoIBAEty1OCaxWWam/KO +4ta1rED8wmloeytep8sL/YomxU1YQcN/gSDZlLXWXKh3kZvgl2QO9DOkiuofpD+a +XZvAS+AmYb73xbXSFqsHPsNBQIo90AjqjHiN2bEAl8MARBkBXh7mxJraSdP3WyQ7 +URefIwag0v8eT/rRm5HXxBgxRTLX4Mihcf+kknv8iw29AF0naoQj+PTwZo6sl8rZ +vNrO9rbO3/UQaydyvJ19q5jF4iS6SQDlMY0gKBoPDycZn4gg0wMT0F5R7sfHK6Q/ +hBW9FlfD03dDHm0XJ9UBVQHZrHeIJlH/VhwFLJbWBUL5i5ouSI3gYp7YW2Di3LGu +FAA8lIECgYEA3YmAwpy/OnKWjbDCMxf3yvOApZu4zbxbbsXLpc1G/Tu/k8XMpug4 +RnlACoUVHxeIYY6fRzdU5ygcwtYKJwOQhn/QoFiCr7OXU7YjzcomowUIPmVp8AVa +7XDfBH7F3ZHUFurFaKOxaHTmI/w1cFdJmZXMdbikTZe3tRRmoFh6+60CgYEAzlvw +a76gS9zhnjzPp0PwDoWRzNHdl2G24GBBelaZ14U3e0hy5iMhBdEc6e/phBwar/8n +Eo4W/hrLdBpgLxrnbxWCX089iyPk6CwcWCoMukhpjHEnIkhPBmzMrRr0Rw0fZHkp +c3JnMuY3AuMhNQ28HU/norQTN/lI9t6RcD7T2GECgYEAp4y9Y3LldjEACL2swrPX +5xjvLVFvHbrddBQIh6ePjyrHI94vf/SVy0cc1lf8t3022oHhmR0SC5nc1sbG+ubJ +QdAdW4hVnsk3JErXHWdMfXLq3zYYPz3tnTMGmQHAaGlIfOSm1RMotBXlkUXIrOR3 +d79B2a8CJOUgPcXmMFN7ACkCgYEAsi8nCRH//aGLW4Qs1cRO62sgOxhX25gvPc0/ +nLBchIFuJ9CmDdv1br1i1wkmvME7tg5+oYH5jo56cRU5SlNT1VJgUYXtoVBsHqHA +E8yzUsKmCPPHk82WFvkpPqvQk+1b1vjb9uio/YVVqPOQP+xNK45Md+w/0Aw7mZcT +RDWr3OECgYEArGFyqhzyE8zMLbFSeYVwtccqveYCiXET/mjyOJOPbBby2as0L6VD +7ZiUalARGCoxFLoh5UXvgJhjlhuOqHaZJJCrIksRPEBWDBNr9+UqgnG+oOn9XCit +FeXN3jqu69K7ehjXkCzbuGhml7rf+q7ZUW61TsRLbbxkCL41Xyl2Qyo= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Root.key new file mode 100644 index 0000000000..ab235bcf1d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzc8ANy0wB7F5zhwv5d4UZvDEyWWU1diGm/g++o8q9kVZPyvi +yifa4WOLzT2d95z9qMA0h9N6/1CiQ4yW29epQ73p+azybIXnRjNLSzIvYvuGXvdw +dCS3p5v1HLrSBpPULH6U3mTU36XXB/BXMnbo2NwQN1QkczQdf/6KXyFAtM2qq6bq +m/Nu60UPUvILql8MvWm0vMW66zYpB2Kc8SZZiQS3h8ZbnumTr4HyKSGK/JmTLdmK +DlpDsdgxQuNwq13tfLwIcSfpj/KsCRK+KJExx4mk4woH5cD0bPpTTx9xOkLHsyVW +/GnOmJnW+rTiPcdMuPKpxzk+3WDmBt1o+exVOwIDAQABAoIBAQCtmE/XOp9LrfBO +4Mmp+3N8DNQACFXNNrD7+B2vHHmhdoc72JmX6JwgBuZR/Qo0ZNA0ucLVWpVhq7Li +hUBuOO9F+3fSqIVm8l9MgFGfILqFpCEIE3BgFuRuVQcf75jeAW0zBqYtHCHOb0T8 +JkZ2g4QN/zkSYj/IiInlf19ZtGOu3FO9ugigRZzMBmrLG3hty711wMVfvf+4TzFS +GrAjGOyqI1jy8b/5lSzRezJ1wWnDOIIuyE03IR8jVSuwEPp4yCFjt4KfFsqyJdfB +AMOkddhHi9UKwRu3EEml1vyPHKCf9HVIZmHFjXfhj84zolUy0Ke1W3eBANHkkg0B +/eWhLcWJAoGBAPG/GQz49K+APlOEwBzB/BDNktyXWcAxLWsy2k0lDihQ6ZtwdOPJ +LzmX6JloB/2GXdYlncNH2zOPEkBrLR+EAgvxb578nB6HMfxnVreM9gmPO3+eghru +Bk+6lRU/IhWfzQiuBWhyd9kBCe7upQEoGIFyvi3Un2jeYndkF+7gGsU/AoGBANnx +daE8saw7uUaEV6jx+N8iUj9WaqcckckN8+5/80/IqNe8Qlyq5jX1KZTEsbCGdsTB +YqnWq8nbhLUqcC+8t4PP9E34yKyGbE8IiW22aul41EbUsxga66HIiJpyZ0Cxudlu +e5WMgBknXMfb+H9xYNnaTPgdAFhC24s0YHT4I8UFAoGBAKjaodS9z6sGGIKdptJv +bHEQJhSOYtIrh13pFzHrQAhI++Lmmb7BN4sy3/THBU3AHKsHezp7ZlCNDmKQeeQZ +gJR2/1A9gY6RQAjc5WUvwGrM8PIi9R16RE5MNPWyM0yHYd8+LejWi3+3igiqB/bW +2scQLmY0rWPCcWSTNWRUhF5hAoGAWmnlVsKLItyT/EEi7J+Vk1v1qvj6veEISdRU +AflqwwqHoRgkn7T2VCQk3+bJoGXoF6/ycmrwUYmUAGReri8oIrK+syomdgw+Gnt8 +J9updrn9tnS+550ja7Z5lTkoxJn2c9F1y5DCA61kvDTxXk121GnPzI6begIiehl8 +eooGrNECgYEAsG+d777oPfrCphPE5LzbpzbFUEyE8VTabFP6scRBaimRh4p6kUCV +OCheEgcmltN+2oBmpk7cdqIjdXknWPxpVpTTbO2N2fp1aNCvg7vsi5Fn6d68HEmm +2T/otkPanmPIMFIfpYCXGub7nr9pwtKCDArDTdcpjqAg+XsVEu/kCU0= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Target.key new file mode 100644 index 0000000000..949186b295 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApUVOLcfJwqvpt/8vOgnyZOq86pw0+jnBLcI4w1HsewZuIcZ7 +oATs491acgoPvHM3fwF+Aj3Vy3otzLPH2ctEDtajHdxpCIBQziubo40/TnlV6syU +gXqd/FT1FZ4XmeIwm2dVTHnMhRPKOK/s36VQvLj/Ck4Svl7eZNOsffXMP5q1lDJ1 +ZY5HsIHXyCdffEQxU22TNm9UmdyCJHyrFOtnLzsQpMtWNAX0sfwSQt083BYP0Y/w +h/oHtPo9ekfA3JUJd5wos6OunnLTvDulV/cxO092MKJDVnT5O3v37ENkPlaqk1PU +SlqEi/toQxekIBMH4Kp/scM2FYuz7OLm1kpfgwIDAQABAoIBAB1LsLT6wi/oy1Ab +QuLV2oq69Wvc7qMgU7bpw6gTwIh6NlF0XnuaA+fMV/j5AZsVDVRNDmoVTe14pd+w +So+3sUO0Fkv3wwKHxEsXfco7AmrFpU4un3BoLNMKuDrxwBs99gHGCl+5A2DfhiwQ +OzvVkP8zB7pq5nWqWV+kCeJ2DJOFbxO61tara1HEoB/K0mVwBaqrTEW7LDMf9QZb +arkKKtajoYIytXwg6uekdSJqHb1XABAy1EOzTSJGGToHvaLi+OSotF51Oymkd6J2 +TZMkSMVzfFUYpFQahNkS4rBVMgl/oIZ5GZtM88Gy4td99IF3iAA+hNVZ99/4+d89 +KBNQMnECgYEA0kNG3tpiBNz3cbLpOx3lz6tNDHmM2uwgcRJOzbv0HAJtM+CO2rU4 +w7CdrdqNadlBNYrhzk/4Kas70Zj9wLYpCLYOC6RvZBzGukMyYoaaLJ/g5rmBh4yj +XV2ea7NIyRWyu1P+pSks8S7breiABjhw6sgosB3MJdvUszdjq4rEQJkCgYEAyTiX +9+mYJx9ChHwAPKW21Zk1gaszkmANSmGn255cpJqliDGOLehkc00lFGrL4ydlYd0E +SW6wmYkRDEKU6Ruh7nlIoZs77JEmcOTRo79RhEsf5O7JnPyYOfd6WAjxCLW0WfJd +7k+Y06ypgua6WL6T//fb+7LBM2W0DaPHZRDxxnsCgYBaCOLtBHhaesAeWK0UWl4Q +ydppUBcnm1rc8Cj8YdJKuCNIxoyFTHptGVC7pE1PmO8aXUkJziaGuUMZIjjub1Is +38At7hCgvs297o5BsD+OgjuMsLytbWR6017F4XR2Xqs1Ged9k58h+52n31oKz9pS +PrlliKzlPTfcMgik6PvWaQKBgBDbLs/Tv603TykuAg8Sirhl9zd/kfhnF3XtrFQX +dgdL9SXtkM2DtDZ8dei58Y571GBYVW2ZWi3ib40pXrQQXoZNnqn7CRAOMLwwTud6 +tWdxq6BP6I/AETh55MPPK/Hg1tTaGshF3rWMtz6B+YZJoLhGmSUCmnClymmCGMf8 +nWRVAoGBAMFuDnOxV16L27wkh0DCLGvRjgfWcVEXWyzh3SrJk+gOx4nF/T0u+h5Q +13UPvpnN4nVZ9QM7xdJG/e4gzWrDcB1OL0v+gxcz2n4FVErL7Fofmel2gUXAq8uz +7zqe9lzqRnYBI6+cMiniOpKirtW4zjIdg8EGiX5+1w+i8nj5K1q/ +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/main.test b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/main.test new file mode 100644 index 0000000000..bfd0adb641 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/main.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage +WARNING: Certificate has Basic Constraints indicating it is a CA when it should not be a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/strict.test b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/strict.test new file mode 100644 index 0000000000..bc22d53ebf --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-not-end-entity/strict.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH_STRICT +expected_errors: +----- Certificate i=0 (CN=Target) ----- +WARNING: Certificate does not have extended key usage +ERROR: The extended key usage does not include server auth +ERROR: Certificate has Basic Constraints indicating it is a CA when it should not be a CA + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-only/chain.pem new file mode 100644 index 0000000000..de58a6e530 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/chain.pem @@ -0,0 +1,91 @@ +[Created by: ./generate-chains.py] + +Single certificate chain for a serverAuth which does not contain the +issuer. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 35:12:6a:b0:cd:e2:f6:40:40:9a:22:3d:fe:27:08:3f:7d:71:7d:d1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ea:e1:3e:63:76:66:4c:6b:31:4e:d4:83:fb:8b: + 61:8e:aa:20:2f:55:00:64:d5:5b:b8:ed:4c:b2:a6: + 49:67:98:e7:dd:db:9e:b3:7b:08:ec:35:04:6d:f8: + 8b:7f:4d:e7:99:2c:b8:ad:a6:6a:fd:2e:10:86:7a: + 0a:eb:ee:e4:63:fb:c9:36:4d:f9:46:e8:27:d3:15: + ee:ab:6e:23:2f:9e:f5:f0:ba:80:79:e0:1b:e3:61: + a8:39:a4:f5:56:b3:79:c1:bf:2a:dd:63:de:de:a0: + 15:76:8b:aa:08:6d:4f:f7:7e:71:f6:2c:c6:28:7d: + 70:6d:b1:d9:d3:66:7c:6c:a0:ab:48:d5:b3:d2:60: + 52:3c:f9:c1:20:87:7f:8e:71:92:ab:36:a8:1f:8e: + 1e:c6:0f:2e:f9:eb:3b:8a:bd:f4:b5:5e:6c:35:b9: + 51:7d:69:bb:7d:81:ca:ab:de:74:00:69:1d:0f:9f: + 4c:e3:31:e6:65:b1:ea:0c:b5:90:7b:13:7a:04:f3: + 14:b7:6b:7c:6a:f8:67:dc:c0:a3:98:80:9f:e8:b3: + 36:cb:8a:57:a4:a2:9f:71:8b:c7:44:6a:40:79:82: + ba:9f:b5:dd:9e:1d:bb:fe:6f:b0:1d:02:3d:54:a2: + 64:e2:65:82:5e:56:48:d3:82:c9:2a:6d:53:f8:6a: + b3:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EA:12:3B:77:27:9D:E2:D9:81:4A:F2:DC:E5:05:D0:D9:4E:80:D8:49 + X509v3 Authority Key Identifier: + 44:CB:96:F2:0A:48:4B:A1:7E:F1:D9:AB:0D:8F:E6:80:1C:CB:27:B0 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 00:9a:8f:94:e0:66:d4:ac:54:6b:f0:ae:0b:31:1f:1a:00:11: + 42:35:3c:96:2f:c6:e1:6e:c1:7c:61:c9:c9:1d:51:79:ba:7b: + c6:05:db:a2:04:2c:f0:b5:5a:74:0b:08:5f:18:77:f8:cc:9e: + 84:aa:5e:e6:28:3f:b7:c4:59:c8:34:6d:08:68:87:20:40:c7: + 39:8c:31:b0:10:50:ec:96:79:9b:f2:10:44:54:f5:c5:ea:07: + e0:51:da:58:c5:f4:a4:ae:d7:1a:61:94:fc:cd:9d:9f:d3:f2: + 50:8e:6e:9e:d1:d0:52:68:79:74:a1:e1:47:40:1d:47:4f:b9: + 23:d9:7c:a8:bc:05:6d:54:c1:0c:e0:89:5b:35:10:ad:4f:8e: + f7:9d:30:ac:ed:64:4c:36:9e:97:a3:1c:a3:92:c5:33:02:17: + b2:d7:e9:d6:59:3a:20:d2:a7:c5:35:44:54:52:65:6e:7f:15: + 09:9d:0b:ef:95:ca:d9:fa:54:fc:a0:89:0b:59:c6:49:f9:8e: + 6e:e3:77:4d:4f:46:6b:90:2c:8b:1d:cb:f2:15:4a:d5:bf:2f: + db:cb:24:0c:26:dc:c2:3a:04:e1:2d:7e:cc:a4:f9:36:bb:91: + 35:9d:0c:bb:46:86:4e:7c:a2:3c:3e:02:20:06:ad:eb:06:ee: + 43:c3:e7:a5 +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIUNRJqsM3i9kBAmiI9/icIP31xfdEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBExDzANBgNVBAMMBlRhcmdldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAOrhPmN2ZkxrMU7Ug/uLYY6qIC9VAGTVW7jtTLKmSWeY593bnrN7COw1 +BG34i39N55ksuK2mav0uEIZ6Cuvu5GP7yTZN+UboJ9MV7qtuIy+e9fC6gHngG+Nh +qDmk9VazecG/Kt1j3t6gFXaLqghtT/d+cfYsxih9cG2x2dNmfGygq0jVs9JgUjz5 +wSCHf45xkqs2qB+OHsYPLvnrO4q99LVebDW5UX1pu32ByqvedABpHQ+fTOMx5mWx +6gy1kHsTegTzFLdrfGr4Z9zAo5iAn+izNsuKV6Sin3GLx0RqQHmCup+13Z4du/5v +sB0CPVSiZOJlgl5WSNOCySptU/hqs4ECAwEAAaOBzzCBzDAdBgNVHQ4EFgQU6hI7 +dyed4tmBSvLc5QXQ2U6A2EkwHwYDVR0jBBgwFoAURMuW8gpIS6F+8dmrDY/mgBzL +J7AwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1h +aWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3Js +L1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAN +BgkqhkiG9w0BAQsFAAOCAQEAAJqPlOBm1KxUa/CuCzEfGgARQjU8li/G4W7BfGHJ +yR1Rebp7xgXbogQs8LVadAsIXxh3+MyehKpe5ig/t8RZyDRtCGiHIEDHOYwxsBBQ +7JZ5m/IQRFT1xeoH4FHaWMX0pK7XGmGU/M2dn9PyUI5untHQUmh5dKHhR0AdR0+5 +I9l8qLwFbVTBDOCJWzUQrU+O950wrO1kTDael6Mco5LFMwIXstfp1lk6INKnxTVE +VFJlbn8VCZ0L75XK2fpU/KCJC1nGSfmObuN3TU9Ga5Asix3L8hVK1b8v28skDCbc +wjoE4S1+zKT5NruRNZ0Mu0aGTnyiPD4CIAat6wbuQ8PnpQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-only/generate-chains.py new file mode 100755 index 0000000000..061386f983 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/generate-chains.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Single certificate chain for a serverAuth which does not contain the +issuer.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', root) +target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') + +chain = [target] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Root.key new file mode 100644 index 0000000000..de90cbe447 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Root.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC+f6p56lw5YxdG +U2EhWCY3NiFeuO6yWveA/1Y9AbNv7H5ZO/6wjXxlyDBP5Cwj3ENYvWKUqrMVTo6g +hmD8d6I4e9OpTcMGnQVucmlzF3TryHucnXJZ+4HWM51tPgFmtdYhqyeOUbSZ5iV5 +IczbBulsd8uvBspefbECLue/CWYyc3weYK0z/vXLE9ZPwkkK3wMavx+HYAp4mbN8 +auYFf4AOB2s5etlhlMzxR4jas69KfQYWa/+XqMKMaE+92QBT8NI72KbhUaDrwGoy +HOQfBy707DwzDIWIQ0lQtX2l2PxOqhHhJnfgXkEO3t9vLpdWwK47vKsHxpz8HGFw +zVZuxsgHAgMBAAECggEAHV5CMmRqjmBT7MAa99CGp7ldIKTDC9URVh5HNcWG28jq +W6hvpdlSJcDcjdx/35FsAojD42aDkFPZki7VUebBqBKS+YVm/SSE+1eBIUCrAlSY +lfcB85ReGl8/tGE8RxDeb7datEqtXJKKEWggFF4260V2rceOuE2JVexURvPUgQ9f +eBknU4i5saf+Y0cDFjhxxWB7V5BJkCjdauhz8MSmftG+HRGIFf2+Dj9143rspAIL +DyLYaR7RpL2QS8ve5/rpQeBRWYWfPwlaVwho1zFiuGkuF5sghZGnRbKo+gMdkgIp +TVp9CZ/4/mmdAlL1nvegPE9vgpYL0Zm1+nkH0M4QoQKBgQDMq+4HhfpMH31XL2eI +LsP3r40Bd5I3xjAgYiya0Z3kIyb6F98K825tqKl3VduyKqaOGQfFa7gukXJ7IBLm +tRZFtxIAIbk1/2RJmo87HONeODAv0DBQzAphOS9/1smdMPHLfi4UATjifI4hXuXX +1cxq1Btwgy4CcZ0vpl/P22GNIQKBgQDuRdMvmd+WfhoTDdKNv2WtW1pv2dGR3yKm +/Fka3YPnQpPMAop1cYlt0KsJtCdupuIiklrGar8JOrEwi5O8dRbLytu6BZd18PGI +1ZyjVIHYkl9TJbOzStgVGHMvuEdxIMrgrjQQNBprphN9iugzL2K7E54+R7IFFSGy +OSDVaxlIJwKBgArD1D4zDsooMdh/Fsvz4bzKT/lOx7MFSoy5fS0bb1mLe8ZVsRaL +XTiJUXiEXIzPb3kz2dPJaaORZNsTAct+pNA/48N8ApjTePviFDyAtXjELcyl/5SQ +Vs9sSZJIwsvwwhb46QWGVu6arIMW0bH7fcf0pgjR7X6VaTYTYyC0ojnhAoGALaVs +xsK4pbD0t8+/FW6kQOiuU50r28Eed1UCkPX8zfHgNIYMFmGwzTvbeFlt8HHCApN9 +FmPewxreVQl4PPNFcbckDugBUxPcgbVCc7u9wEqSPnCLk350FN6BOpQYA6EfnJli +2fPRV+wR8cwJnbynMmWYvB+qB/U7ZlQxaRFCX6MCgYAwyDJ0p4+qdJUuU2GS6C86 +Lj+wpb8cYgIAGNf7PlMd4LqmmzaCDd1h80/WqnNOH/wIU3Uu9oFyQMKwhCSP9IhE +LozpKpJm/H+E1S5YGh05AAgnLH0cBrnvBgzBLi02qF9Lr0D8jxEB9LDi025+WHvU +DF7507xknyPuq4bgeYPfig== +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Target.key new file mode 100644 index 0000000000..68fd0197eb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDq4T5jdmZMazFO +1IP7i2GOqiAvVQBk1Vu47UyypklnmOfd256zewjsNQRt+It/TeeZLLitpmr9LhCG +egrr7uRj+8k2TflG6CfTFe6rbiMvnvXwuoB54BvjYag5pPVWs3nBvyrdY97eoBV2 +i6oIbU/3fnH2LMYofXBtsdnTZnxsoKtI1bPSYFI8+cEgh3+OcZKrNqgfjh7GDy75 +6zuKvfS1Xmw1uVF9abt9gcqr3nQAaR0Pn0zjMeZlseoMtZB7E3oE8xS3a3xq+Gfc +wKOYgJ/oszbLilekop9xi8dEakB5grqftd2eHbv+b7AdAj1UomTiZYJeVkjTgskq +bVP4arOBAgMBAAECggEAAWF5wS5mTOXMm9QKtuWkiRjupqkUvxcAkJzpYnepEOc7 +khasIVXyXyc7UoM9fJIFZ/l4+CU9Qd3rqSr4F9+hEU326oUzK2aukuB1LU4I3iMY +kv/JbPf9cXrsyQKXYjEswJv3Wkb7ubhIKoTRAv7To3jPbioQj9b3kG9FLI+cuLuu +3jTsVFa2ZaRZPlLA3g7xL/SyTTLNZBpsh30fyVfhlGIwC2UsFHZIHnPEVg90QkfL +4jT8vlIsj9I6vH04V3L0OyvknsS7wwM73ecHnmPVxIfxULhQmU8H+nmqqZSL4Uf1 +7uDxXYhNSYtFRxnEtadtOFeSB/HP5rmUj0tIcFIwQQKBgQDuFX96eDZmZ2krdZsS +2EaGEUxMzm1uvd33UUeVsr2qLvI7cM6oqfTEl4Qej91QH2F81LoxqhcTfEyssLNN +5Elb4k4DRYDHRXQUIc4Y7Pfyw2+C6dPMmpfwM/0kf3YqMkvLMm6r6hzF1m5VRHg2 +T/OmIokABb8DP+T8CKmVlRKDwQKBgQD8jgVaFIWGTrsYBPEC94Rp7z4wpw51ebkB +JYgWHtKWPrBuIv5Mf8iClYpcL5RpITque58xVyo0mnDRxs+Xj5BtZQUz4/N4lp2l +m+5dP45YHognBNAMb8anouBjoBeMeO2De8V4LMPbJmt6Y+STASUlqym5hM9l3LiY +m4Uww8EfwQKBgHIpSswt0l/+HBbjuK0rmX110/FMVnrwffu2NK4aXAm7oxlPeTi0 +7hJKWObSsxtVQMi7tGBWH+SPCLERtZiW63ospJ26+QoUSpnQr+OR1T7J6bGLb6y/ +QDXEqBCVMdL/9QoFL74tbwiKTrOCNmZMphc2nhytpK7pN2KGwNJh/dPBAoGBAJvi +ARWnov7SK5LYwfXl1roYLBeVlUwXNISrqMKWhb6stPNV8AZBvP401PCvgXgeRX0a +2ph2x5suVEJ25v0SZL/Q4ZQ0t7uPo4BrrYWqy+5B8iG7S7rRZxljZAK59q8CmP9V +7v2NC9qBbUdezt+ZjlcgvaE/g0/JG7s+Csidmt9BAoGADyyJsd4Fcvc56wkp0oTD +HilZUnbKQw2utDMEw9p33fOUmL/NVq/OO+JBwWIulwlic/45i8vjb6WyCafgheMu +wWdve2RT+HQLnBFfIg3cKX+ckEhBWv/8CfKONYaJmccjCj/oBjnuDNwGyP398axf +XkMb9Q0AgREz7a7A34raiNY= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_anchor.test new file mode 100644 index 0000000000..a79783c863 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_anchor.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Certificate is not a trust anchor + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-and-trust_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-and-trust_anchor.test new file mode 100644 index 0000000000..417d1ac5f6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-and-trust_anchor.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_OR_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-not_after.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-not_after.test new file mode 100644 index 0000000000..82d940e533 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-not_after.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: 221102120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-wrong_eku.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-wrong_eku.test new file mode 100644 index 0000000000..98c65896f7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf-wrong_eku.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf.test new file mode 100644 index 0000000000..15fb7ad07f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf_require_self_signed.test b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf_require_self_signed.test new file mode 100644 index 0000000000..8cf374a87f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-only/trusted_leaf_require_self_signed.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF_REQUIRE_SELF_SIGNED +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: subject does not match issuer + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/chain.pem new file mode 100644 index 0000000000..432fd6c196 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/chain.pem @@ -0,0 +1,91 @@ +[Created by: ./generate-chains.py] + +Single certificate chain for serverAuth which is self-issued but which +does not contain the signer cert. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 73:f5:5b:8d:17:9d:ba:8d:59:71:5e:38:1d:d0:01:8d:84:75:bf:49 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Target + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a1:f7:b5:df:d1:da:50:b0:ad:3d:2a:e0:1e:e0: + b6:fe:1c:12:77:86:d8:f5:99:90:a3:01:e4:4d:0a: + c1:f6:c6:a4:95:89:8d:2a:79:9f:9b:c4:78:17:9a: + c6:c9:48:44:39:d0:ef:25:31:7b:87:d8:fe:cc:6d: + fa:db:06:46:41:1a:7c:a3:57:49:1f:be:bf:cc:fa: + 61:49:bb:03:52:2a:14:14:57:02:05:87:da:2f:15: + 27:1b:0b:35:a3:ce:a5:eb:2c:a3:2f:36:52:77:46: + fe:2a:6f:5d:c4:a4:bc:12:98:4c:07:4e:94:39:37: + 2c:d6:46:b2:75:89:dc:fa:08:f1:c5:1d:e2:75:2b: + d8:cf:aa:fc:3a:c3:c0:d4:be:87:c7:bf:ad:5d:67: + 2b:77:f9:4b:7a:2d:97:db:11:a0:aa:aa:80:5f:45: + cb:b7:06:39:ac:f0:30:69:23:b2:02:72:80:14:76: + 38:99:d1:69:17:33:2c:00:c6:83:2e:ba:65:a6:47: + 82:24:69:fd:40:9a:88:5e:42:23:95:2d:ac:ec:56: + 87:f5:fb:c7:92:b8:23:a0:77:24:64:5a:c6:9e:3f: + 10:5b:e3:b0:4e:84:eb:01:5e:74:a1:95:32:93:0c: + 18:90:70:95:31:66:83:8f:ce:eb:a4:cf:eb:6d:5c: + ab:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D9:1C:70:B1:1F:02:26:78:72:A7:2C:36:B0:8C:0C:ED:68:B1:90:56 + X509v3 Authority Key Identifier: + 2A:DB:22:61:80:8B:5C:25:21:6F:4E:19:1F:88:31:86:6E:5C:D1:B0 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Target.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Target.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1a:76:79:ad:36:3f:2b:c4:af:6b:2c:30:53:8f:c2:a2:87:95: + 07:64:6b:b4:3b:3a:05:f6:41:e6:53:9a:d1:84:54:90:1c:a2: + a6:84:ee:df:b7:ec:20:c0:ff:18:dd:28:59:38:18:5e:05:80: + 70:7c:5f:7d:53:e7:ae:47:9e:be:cc:ae:9f:8f:70:c8:f0:4d: + 06:33:f2:cb:99:ba:fe:44:ba:a3:56:1c:26:4b:8b:da:81:ad: + d9:a3:c3:ff:98:15:ab:49:7b:f4:57:f2:09:83:ed:bd:0f:89: + a8:ab:fe:e9:d0:be:87:08:12:b3:07:45:cc:eb:da:c3:bb:00: + 44:e8:f6:bd:99:62:df:54:4f:df:cb:ad:12:bf:a6:3e:f9:f3: + d1:0f:0f:ee:95:e4:82:c1:bf:43:8b:4d:b0:b8:93:8f:6d:df: + 95:10:da:2d:a7:cc:45:ad:f0:55:63:ce:d6:1f:e4:2f:94:d7: + 5c:b4:be:bc:8c:fc:29:27:60:8f:1a:3e:a2:72:75:01:b0:68: + 14:46:96:1f:e3:e4:a2:81:c6:31:d4:9c:60:47:93:e6:5d:5d: + be:01:2c:c2:26:d5:65:f5:2f:59:96:45:ad:8e:d0:62:7e:af: + 05:8f:c7:53:26:00:f0:77:86:3d:94:91:44:1e:32:2a:57:e4: + 5f:f2:d1:81 +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUc/VbjReduo1ZcV44HdABjYR1v0kwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGVGFyZ2V0MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +MDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAofe139HaULCtPSrgHuC2/hwSd4bY9ZmQowHkTQrB9saklYmNKnmf +m8R4F5rGyUhEOdDvJTF7h9j+zG362wZGQRp8o1dJH76/zPphSbsDUioUFFcCBYfa +LxUnGws1o86l6yyjLzZSd0b+Km9dxKS8EphMB06UOTcs1kaydYnc+gjxxR3idSvY +z6r8OsPA1L6Hx7+tXWcrd/lLei2X2xGgqqqAX0XLtwY5rPAwaSOyAnKAFHY4mdFp +FzMsAMaDLrplpkeCJGn9QJqIXkIjlS2s7FaH9fvHkrgjoHckZFrGnj8QW+OwToTr +AV50oZUykwwYkHCVMWaDj87rpM/rbVyrEQIDAQABo4HTMIHQMB0GA1UdDgQWBBTZ +HHCxHwImeHKnLDawjAztaLGQVjAfBgNVHSMEGDAWgBQq2yJhgItcJSFvThkfiDGG +blzRsDA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAKGHWh0dHA6Ly91cmwtZm9y +LWFpYS9UYXJnZXQuY2VyMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly91cmwtZm9y +LWNybC9UYXJnZXQuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF +BQcDATANBgkqhkiG9w0BAQsFAAOCAQEAGnZ5rTY/K8SvaywwU4/CooeVB2RrtDs6 +BfZB5lOa0YRUkByipoTu37fsIMD/GN0oWTgYXgWAcHxffVPnrkeevsyun49wyPBN +BjPyy5m6/kS6o1YcJkuL2oGt2aPD/5gVq0l79FfyCYPtvQ+JqKv+6dC+hwgSswdF +zOvaw7sAROj2vZli31RP38utEr+mPvnz0Q8P7pXkgsG/Q4tNsLiTj23flRDaLafM +Ra3wVWPO1h/kL5TXXLS+vIz8KSdgjxo+onJ1AbBoFEaWH+PkooHGMdScYEeT5l1d +vgEswibVZfUvWZZFrY7QYn6vBY/HUyYA8HeGPZSRRB4yKlfkX/LRgQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/generate-chains.py new file mode 100755 index 0000000000..034189a6ec --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/generate-chains.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Single certificate chain for serverAuth which is self-issued but which +does not contain the signer cert.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate with same name as target. +root = gencerts.create_self_signed_root_certificate('Target') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', root) +target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') + +chain = [target] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target.key new file mode 100644 index 0000000000..f881b226df --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi3KmAFWVB9rh0 +KbiO0E+SWxPJNazgopc+EiNwj9Rag8CtL9yXZU4C7VzbZFnY2otSQnQcScoO1tKM +gmAS+PBQcaLuS+93IcFUQZGUSMgYw4FGG/wphosTmjXDD/39qKP4Q2HDOswXIZme +4B+plQiprpQQ7cbKbwrBynVQ4m3kb+rCvesMR91vGvpi9g4R6F7aJGOKdcHC3Ghl +leuHQG/sOjn9ScWrLxl7/gC+NYC8wYUYV2cg2hW2W9tVrvZ7S2UbwFC5pz1KJ/Fz +N2HHuTNnIEfZXnY0fyOIJZO5ZSVoaZAVZPWxqfbbrBg2HQ7wwQ+A6otDS98LMPMD +e+eC4G01AgMBAAECggEAFmipU+vdumVRvP4OnGvyPu+UOd/OUTxd9hb11GOd8vRk ++w92WUiBoup5F+DnceykNeXZ5xiKGl+Zqea4hHPHUTJJmmNNaEV3Pfolp1MaYTnp +XDW2jRorob9avWPCbXgaU6sl1QCOm3Iumos5IBLXFc3lJq0o6Kq9vqt2V/JH76H0 +DP2BqFdYKdj9+ltpcOG26kEPKqK9zIJC0z/A+vtmrTTXPkne8n+cODvrNpB31b63 +TTzYpJQo6S6ZUZyjD7pHoWgYGH/eS0dCH8dAI+B8Uwm2I9+2ej+9iOrMAjX7xIXl +h9jRbT+klV1yRIN8Hn/VIDcqcaYjtViC9NvgMrS+wwKBgQDkoR4S9+rR1OtWB8BY +QxQc9rkGlMRZBsWiFHNzqjZ8aqRtxA+yV9VzUi6kX8n6TmhnBs19VfwYDyikexsN +4/pBUpFDpccUG1xBvecw5vWIJT4xDkcDPlQQqjja5IFs+yuA3vgxoMODr9DcXoeK +Vb0mp8u7tl/XLBfArpgaTGI5iwKBgQC2W/LOs4N0sZ30EDkF9OUKi17x8OI2S0v7 +F52kg1UM6VjrHx6lEML3i6ZMGi5rjfjnrRCjRpQxe3ARDCzO39A6b2kfB/tHSRGD +MWC3PZuXgxBYIPWDkgTeL6l/lZ/UAbanyJ6cEE1StT7Kg25hML3TwOkF1gH6zHRj +ctwFdr1MPwKBgQDDaU56KfpDlLf81S06g0LaqqpkjJzx9s7PBKnVL6PYXZHi29QK +u/YN1i1VgyXwUjn77R2PxgFtUu+K/kmWasgIMxlD95qbffMxoa3L52vvDN4GMczS +YeCaSdPEi9BvpJJ/WJRMXrsdgBWFdSpmO3grZPnGnE94axB2OQR6XdUKlwKBgASl +lyxZOrJQjFvZxfo24VdBcevsXXdQt+DwGx5EEni/wXpMUrWWFcHFFzm9OQ2Yko0k +xdXDSKdyI8rraoDjByVWDXGy/F42qHGVYoeI1FwqBNKaFGeD4wfeYw1TPL1kRclE +vXXwnGfNIop6iueDHHM26Tky2N4RM64NETo6alx1AoGAR8akm/fH4JO6ES+XtpKP +WnnexlsgsKA1Uq0zJoG8jZrZ8nKL70AlI6WzXcrnQMvy4lx5pUFDOG07fo9H7DAC +Py3Tw6Fq79O4fpLuetVidGZ80gzDG1DR5ooFX7d4XG9pSebg/lO1Ukc5+P5UmmEW +Vxkc2YrloiJkEReq6RA9StU= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target_1.key b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target_1.key new file mode 100644 index 0000000000..3c0df64527 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/keys/Target_1.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCh97Xf0dpQsK09 +KuAe4Lb+HBJ3htj1mZCjAeRNCsH2xqSViY0qeZ+bxHgXmsbJSEQ50O8lMXuH2P7M +bfrbBkZBGnyjV0kfvr/M+mFJuwNSKhQUVwIFh9ovFScbCzWjzqXrLKMvNlJ3Rv4q +b13EpLwSmEwHTpQ5NyzWRrJ1idz6CPHFHeJ1K9jPqvw6w8DUvofHv61dZyt3+Ut6 +LZfbEaCqqoBfRcu3Bjms8DBpI7ICcoAUdjiZ0WkXMywAxoMuumWmR4Ikaf1Amohe +QiOVLazsVof1+8eSuCOgdyRkWsaePxBb47BOhOsBXnShlTKTDBiQcJUxZoOPzuuk +z+ttXKsRAgMBAAECggEABKoY+GgHXuNFq/EqCO2dC4KktAFDyofogs9FQ0Q764bT +OtS+JmLgCjj9YeWk06tjfpxCJNqw1WvWA65npured1XDUONswU+pn6Y2yswqV3GL +iD3suprL2WcFLCnVmsDy5YvQq8WHWLTIUVHJfCYn3eu5pcy5J1Ar2ARrc4fbv64a +REqUH73eN+4QLO8o2j0Ium5a26G4GT5obcEwRpVMTvnpxDbnBcnXAiNOd+3aajzB +lJOHmBx6Z2RZGu2/i2Y/EgAc+dBqAP0yzUzwHRA5XDsXkpRxqR8g3ecQjjdGbmYp +JVC1OR2pogonRIhwffLtCNGazud9jojNWqg4vW3uAQKBgQDXLlrKT54jjCgrMMr4 +VMgqKlMGhcn/SQpWhACPYy/38COcpsLQ96tHkxKYXAZ/3+hLg0OJNj67Vb9PV08N +3asjQDub+xG9BkHxchnAv0/pusiqyGUMhxfDJ1ycYdEGlqoTT2lb9XZChjKwlMJC +Y+iYD/NAZSwlDZY49K9DtPyGEQKBgQDAsTLWdFOTWQFenJFwXalLOUc+hXmAn4Me +Pcs730dRTnpgvq1ePv4Pp/0U23GeKI1zk6zn5aPeaqCBFe3fvRb+roUpqxSgRdkM +3CdhZOKA0mBmqGx/Y8CGT9hUH8qDqfqtVKg831rAU3U9cBmV2Or6HoGNfkfEyxy4 +hqVba5TVAQKBgE2ihtUpRpfysGds0j4ocJNt88iNqqR1WMqAE6eoFJ1ywZZ6QB2e +zegj8viPczTdtvTPpiUyMg3q0PwyNu58xIsSWK9dNTgqss4G6a22GIHuhwm/BV4w +u20InYw6amzjHPeclhm8hO9ZdZ5p/XBwlXGPh6b7GaNAtKtV9IoMGXPRAoGAPy9b +zjqi1SRQcKfCgSgVRVdo5zV5XBXyNs5ogB99EUo8ktCzpL3fLV8We+phXU1K5OU9 +w2Tn0R0BuJJqR/2HNsgfXkR9JPkCbVcbirI8G6Xgeokr2rHpBaHU+/DYxUfNrVyf +Nia/aWV0gkrp+NsCYjXyoWURP5SivFdajZm/WgECgYEAq0yMSjgU6WlNTmz67+Op +Kt27uiWWCXu6fbfKTtAP98fs6KnW/QYTWRgN3X0TCYIDsx6JTqQ6hYfJlDW8/99t +e4m4iinQ5f++c3LeYm1Lz9Wbo6Knqez5+UutBrsOG4iYv7w+xmO3IN2NfbnPWxIU +DubbA6DqjCKGam7IFCr5GQI= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_anchor.test new file mode 100644 index 0000000000..a79783c863 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_anchor.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Certificate is not a trust anchor + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf-and-trust_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf-and-trust_anchor.test new file mode 100644 index 0000000000..417d1ac5f6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf-and-trust_anchor.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_OR_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf.test b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf.test new file mode 100644 index 0000000000..15fb7ad07f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf_require_self_signed.test b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf_require_self_signed.test new file mode 100644 index 0000000000..fe38e84a20 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfissued/trusted_leaf_require_self_signed.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF_REQUIRE_SELF_SIGNED +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/chain.pem new file mode 100644 index 0000000000..3f06702c44 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/chain.pem @@ -0,0 +1,90 @@ +[Created by: ./generate-chains.py] + +Single certificate chain for serverAuth which is self-signed. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:d7:5c:94:d3:bf:ee:e0:4d:80:0e:c2:98:2a:67:92:1d:ce:1b:10 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Target + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bc:fe:7e:a2:9b:ee:f4:72:63:7c:4f:98:bd:f8: + 1c:c6:73:19:a2:b2:69:86:32:7d:90:a2:74:fe:0d: + 5d:89:6d:2f:70:44:c3:ef:3a:83:ef:11:6d:3b:41: + 22:f7:57:e5:39:f5:e0:46:fc:77:03:93:2a:af:02: + 92:22:fd:6b:7b:78:d7:8c:b3:84:69:33:30:3f:d2: + 27:cd:99:7c:1e:07:65:e8:5c:37:48:c0:81:72:28: + a3:cd:96:e4:49:85:6b:33:c9:dc:01:fb:5e:9a:63: + 79:54:78:3b:4e:97:60:10:d8:6b:5a:59:a8:93:12: + 3f:b5:65:1b:9f:7a:f3:16:f9:dc:c4:69:3b:21:70: + bb:fb:c7:7a:28:9e:e6:92:97:be:f9:7b:b0:21:9a: + 36:29:2f:21:a2:26:d8:d6:7d:57:aa:c7:aa:bf:2c: + 89:3a:9b:80:64:f1:12:1f:80:7a:0d:6e:31:00:9f: + 43:16:b8:23:19:4f:fc:ab:b5:33:8a:6b:14:60:cf: + ca:6d:cb:8a:f2:c6:ec:17:96:1c:b2:8a:39:80:f9: + 45:d0:d1:6d:67:ac:e2:93:29:a2:04:42:8f:e5:c4: + 93:65:9a:40:5e:6d:18:97:0a:16:8d:7c:97:72:25: + 54:cc:b9:6e:b5:d9:73:3d:31:e0:d4:f1:a9:31:3b: + db:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A1:1A:D0:4E:4C:C7:EC:D6:20:D5:32:6A:A5:22:02:37:FE:A8:F6:E7 + X509v3 Authority Key Identifier: + A1:1A:D0:4E:4C:C7:EC:D6:20:D5:32:6A:A5:22:02:37:FE:A8:F6:E7 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Target.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Target.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 86:83:3e:bc:d4:7a:a5:48:75:9e:16:fb:5e:a9:eb:53:47:d7: + c9:4d:88:27:10:67:70:4e:07:bc:7a:60:3b:de:4c:51:8e:a2: + af:d3:3d:28:87:bc:6b:51:d1:85:b6:31:45:32:f0:25:8c:e3: + ff:0d:6a:2d:b9:7e:db:0e:fc:7d:09:5c:e6:d8:f5:d8:30:6f: + 37:09:ba:c9:ce:ac:13:34:22:f9:dd:de:3a:45:65:68:ba:65: + ba:7f:be:d1:0b:2e:21:15:24:53:1a:ff:d7:d9:7a:8b:ff:1b: + 46:a9:72:f1:35:c5:e7:29:5a:5a:95:51:42:31:29:a6:0b:51: + 37:f4:e3:45:78:9b:f7:86:69:af:1a:a4:d4:25:b6:36:e3:fb: + 6e:15:5c:13:22:f8:4b:fc:78:bd:15:94:82:64:dc:e7:e1:04: + f6:3a:35:bc:d2:0c:c4:85:cd:43:59:d0:c5:e6:67:38:2a:64: + ea:7e:99:ed:b5:b4:18:c0:3b:a7:2a:45:1f:1e:bf:94:56:57: + ee:1f:9d:dc:5d:24:2a:36:64:cc:09:1a:b9:64:6f:26:79:49: + 2f:2a:08:42:35:5f:53:b1:e3:b4:37:64:e4:c1:43:10:ef:cb: + 7f:5f:cd:dd:ed:10:8b:2d:21:25:4f:12:c6:c7:6b:c6:ea:c8: + 4c:3a:d3:1d +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUUNdclNO/7uBNgA7CmCpnkh3OGxAwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGVGFyZ2V0MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAwNTEy +MDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAvP5+opvu9HJjfE+YvfgcxnMZorJphjJ9kKJ0/g1diW0vcETD7zqD +7xFtO0Ei91flOfXgRvx3A5MqrwKSIv1re3jXjLOEaTMwP9InzZl8Hgdl6Fw3SMCB +ciijzZbkSYVrM8ncAftemmN5VHg7TpdgENhrWlmokxI/tWUbn3rzFvncxGk7IXC7 ++8d6KJ7mkpe++XuwIZo2KS8hoibY1n1XqseqvyyJOpuAZPESH4B6DW4xAJ9DFrgj +GU/8q7UzimsUYM/KbcuK8sbsF5Ycsoo5gPlF0NFtZ6zikymiBEKP5cSTZZpAXm0Y +lwoWjXyXciVUzLlutdlzPTHg1PGpMTvbpQIDAQABo4HTMIHQMB0GA1UdDgQWBBSh +GtBOTMfs1iDVMmqlIgI3/qj25zAfBgNVHSMEGDAWgBShGtBOTMfs1iDVMmqlIgI3 +/qj25zA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAKGHWh0dHA6Ly91cmwtZm9y +LWFpYS9UYXJnZXQuY2VyMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly91cmwtZm9y +LWNybC9UYXJnZXQuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF +BQcDATANBgkqhkiG9w0BAQsFAAOCAQEAhoM+vNR6pUh1nhb7XqnrU0fXyU2IJxBn +cE4HvHpgO95MUY6ir9M9KIe8a1HRhbYxRTLwJYzj/w1qLbl+2w78fQlc5tj12DBv +Nwm6yc6sEzQi+d3eOkVlaLplun++0QsuIRUkUxr/19l6i/8bRqly8TXF5ylaWpVR +QjEppgtRN/TjRXib94Zprxqk1CW2NuP7bhVcEyL4S/x4vRWUgmTc5+EE9jo1vNIM +xIXNQ1nQxeZnOCpk6n6Z7bW0GMA7pypFHx6/lFZX7h+d3F0kKjZkzAkauWRvJnlJ +LyoIQjVfU7HjtDdk5MFDEO/Lf1/N3e0Qiy0hJU8SxsdrxurITDrTHQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/generate-chains.py new file mode 100755 index 0000000000..d1d7f5dab9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/generate-chains.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +# Copyright 2023 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Single certificate chain for serverAuth which is self-signed.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed target certificate. +target = gencerts.create_self_signed_end_entity_certificate('Target') +target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') + +chain = [target] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/keys/Target.key new file mode 100644 index 0000000000..07086cd93d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/keys/Target.key @@ -0,0 +1,29 @@ +openssl genrsa 2048 +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8/n6im+70cmN8 +T5i9+BzGcxmismmGMn2QonT+DV2JbS9wRMPvOoPvEW07QSL3V+U59eBG/HcDkyqv +ApIi/Wt7eNeMs4RpMzA/0ifNmXweB2XoXDdIwIFyKKPNluRJhWszydwB+16aY3lU +eDtOl2AQ2GtaWaiTEj+1ZRufevMW+dzEaTshcLv7x3oonuaSl775e7AhmjYpLyGi +JtjWfVeqx6q/LIk6m4Bk8RIfgHoNbjEAn0MWuCMZT/yrtTOKaxRgz8pty4ryxuwX +lhyyijmA+UXQ0W1nrOKTKaIEQo/lxJNlmkBebRiXChaNfJdyJVTMuW612XM9MeDU +8akxO9ulAgMBAAECggEABdbzQMECtCjorAmllZEaCoO58g4DNrNOr+5lIQh2sG1g +Pt7REw5Cz1tBfcg4dV4Q5iaTxH2+i6y7b+brbwtXi9wjBOTzHXEId6BdvHuWmzLt +Ui2vQ583ILjivtJ/wUnPEy2Uj7cdqDWUpSiF5JrGzB5zyrnkfI7eyxMRtG7PHhGS +rjX/3JhU5glt/h0F8IXZZ1jolQRKDtcS7d8uC0Hr49/axDBdjFldEgnJpWT5Xitl +s8oqi3yc99bPXXKSBUJnik5Cy3sodeJgQGYZEE3BYA4HMXcqwXalKbsYCl08RNn9 +K08ut5LdZbCu6Hng8nEFdB6hyu1MZ1TK7cKeHPWpDQKBgQD5gjTK6rsz7Btltdnm +B8FGc5UQPhdsceqzODL9ryQj9Eyn77UZGtLxzjWOKClpkW0iqvhwl7mH+KsdfXrM +lDH4M4666Rt11LT2yThwk7EzsP0dJCXErFASVfw2ES8e76GBjyRrqSyuiInW8zGw +cjtisNU4PDmJxTqoZYYHo4OKkwKBgQDB6T7sB6gRjzAvTpyKhg9+0baYD2UR4pzT +75CAM95Np5hiwexIduXVVUPV/VRwi5Vc0U6J+ZoLdR7XT1u3w/sQNBsfOhsq2zb7 +ZxmZnMjhri4QNoyIKYzGE+6etlwNdUhcYz9XNDrbAXg1V7JCnQ6/RThLAsdQKxPi +hr0wFQSL5wKBgDyvkq+YEBg84R0H8guk7zl3e1YMBB54RqF4lc5l/uBP1yUxhFaq +04vEn/oHgqsOmADKnMql3JZZwSTXFDsWAGFiCOElOWybY7hykKuxAHSWI7omxJjl +YERVbZao71ES77FXY4BcEWYSB5Skaf2EizUh1XpsC4Ka2f2DU+oftyrJAoGAaqBc +RiOLqmQnJcw/TfibqquckQ7eD7ChdfSka6qZ0e+XXq6tw8cFaIJjM9cCSISolApP ++pSyvRwg4loz39+3PVi5lTk5WR6DpEg0DoDlARvrHmUwb2sRipXJP6KdCZV1PcAh +Q01oE6dCN2rKjdCZHFnus2iKuq2FWKmofDkCb/8CgYEAz3LdceZC6fe7kVEtMz7C +cfep/LKAcN2u8a+0LGflhu7D/6xxALNysH9kJBb+AydosV21S+xZqexLLtFZ1060 +6dAa+MVs8R59CLrgfTC4xMwcHv1idpGCvnhT2jTT+6X5JORJ/Gyg4lEEKGGT+lRW +WfipJBX6uQetwP0MACnFzro= +-----END PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-and-trust_anchor.test b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-and-trust_anchor.test new file mode 100644 index 0000000000..417d1ac5f6 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-and-trust_anchor.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_OR_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-not_after.test b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-not_after.test new file mode 100644 index 0000000000..82d940e533 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-not_after.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: 221102120000Z +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is after notAfter + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-wrong_eku.test b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-wrong_eku.test new file mode 100644 index 0000000000..98c65896f7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf-wrong_eku.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: CLIENT_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include client auth + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf.test b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf.test new file mode 100644 index 0000000000..15fb7ad07f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf_require_self_signed.test b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf_require_self_signed.test new file mode 100644 index 0000000000..b11e365a78 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-selfsigned/trusted_leaf_require_self_signed.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_LEAF_REQUIRE_SELF_SIGNED +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.pem new file mode 100644 index 0000000000..b9d1514f88 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.pem @@ -0,0 +1,260 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a EC key and has the single key usage decipherOnly + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:3f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:64:c7:4b:c6:a0:87:b5:c2:07:13:ac:b8:0d: + 37:95:90:e4:e2:82:95:31:6f:62:e5:1f:b0:59:30: + e9:2b:c6:e0:b4:83:9b:54:9d:61:56:d6:04:10:b7: + f3:b9:5e:31:e6:cf:af:40:0e:aa:7a:2a:d8:1c:ee: + 5d:d1:5c:17:64:c7:37:f7:34:3d:42:6c:10:0c:ad: + e3:27:a9:ef:e6:02:48:66:0f:61:92:37:fe:26:53: + 2c:9f:79:a7:29:7c:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:7D:41:4C:94:83:61:60:ED:FA:58:3C:92:33:58:E5:79:C2:07:A0 + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Decipher Only + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 99:27:6a:c2:c1:fa:99:62:9e:7e:cd:a0:95:15:46:60:06:75: + 26:c8:d2:b1:3f:96:36:a1:bb:e1:20:42:2e:6a:f0:dd:cd:33: + 1a:31:7e:10:c3:6c:34:c9:22:b8:c5:46:28:6d:32:9f:8c:7c: + c8:c5:8f:bc:0b:2a:06:68:ed:9f:36:26:fb:bb:88:17:3f:43: + 87:aa:16:da:c9:c5:a5:2f:65:2d:cf:23:fd:09:e0:81:4c:b9: + a6:25:67:1c:53:74:38:35:9c:f8:64:87:6f:db:99:39:36:b3: + 38:f2:6e:28:32:c4:2a:f4:c5:3d:3a:41:80:ef:22:a6:2c:ab: + 1c:eb:f1:d6:e8:a4:19:ad:67:b5:2c:be:23:00:e4:91:50:f2: + 21:d0:07:ae:c0:5a:cb:e7:09:9f:c5:a3:4e:41:10:6f:ca:4c: + f8:5e:23:6e:77:f3:7b:ed:ef:2b:fa:15:07:3d:a6:47:52:b0: + 0b:c0:5c:24:a4:31:3a:ea:84:e5:f0:f0:2e:70:17:b9:df:7c: + e0:cd:b4:a8:19:51:b2:9f:14:c3:92:19:2c:99:b6:b8:1d:bf: + 7a:25:89:7d:32:6f:ba:bb:ac:5a:6a:64:50:50:76:62:87:48: + 3b:3c:63:e5:87:fa:cd:d1:f8:3c:a6:9b:e3:5e:f7:c1:4a:bf: + 38:b1:4f:e8 +-----BEGIN CERTIFICATE----- +MIIC6TCCAdGgAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYT8wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEamTHS8agh7XCBxOsuA03lZDk4oKVMW9i5R+wWTDpK8bgtIObVJ1hVtYE +ELfzuV4x5s+vQA6qeirYHO5d0VwXZMc39zQ9QmwQDK3jJ6nv5gJIZg9hkjf+JlMs +n3mnKXxMo4HgMIHdMB0GA1UdDgQWBBTefUFMlINhYO36WDySM1jlecIHoDAfBgNV +HSMEGDAWgBSAFB4ExqDEKCUwKFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYI +KwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQG +A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUu +Y3JsMA8GA1UdDwEB/wQFAwMHAIAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZI +hvcNAQELBQADggEBAJknasLB+plinn7NoJUVRmAGdSbI0rE/ljahu+EgQi5q8N3N +MxoxfhDDbDTJIrjFRihtMp+MfMjFj7wLKgZo7Z82Jvu7iBc/Q4eqFtrJxaUvZS3P +I/0J4IFMuaYlZxxTdDg1nPhkh2/bmTk2szjybigyxCr0xT06QYDvIqYsqxzr8dbo +pBmtZ7UsviMA5JFQ8iHQB67AWsvnCZ/Fo05BEG/KTPheI25383vt7yv6FQc9pkdS +sAvAXCSkMTrqhOXw8C5wF7nffODNtKgZUbKfFMOSGSyZtrgdv3oliX0yb7q7rFpq +ZFBQdmKHSDs8Y+WH+s3R+Dymm+Ne98FKvzixT+g= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.test new file mode 100644 index 0000000000..18207d0bc9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.test @@ -0,0 +1,5 @@ +chain: ec-decipherOnly.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.pem new file mode 100644 index 0000000000..b216f84a6c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.pem @@ -0,0 +1,260 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a EC key and has the single key usage digitalSignature + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:40 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:64:c7:4b:c6:a0:87:b5:c2:07:13:ac:b8:0d: + 37:95:90:e4:e2:82:95:31:6f:62:e5:1f:b0:59:30: + e9:2b:c6:e0:b4:83:9b:54:9d:61:56:d6:04:10:b7: + f3:b9:5e:31:e6:cf:af:40:0e:aa:7a:2a:d8:1c:ee: + 5d:d1:5c:17:64:c7:37:f7:34:3d:42:6c:10:0c:ad: + e3:27:a9:ef:e6:02:48:66:0f:61:92:37:fe:26:53: + 2c:9f:79:a7:29:7c:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:7D:41:4C:94:83:61:60:ED:FA:58:3C:92:33:58:E5:79:C2:07:A0 + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 78:ef:6f:37:e0:d7:e6:d3:89:ec:7a:7e:a1:82:26:e9:e5:3e: + 58:cd:97:d8:c0:fc:95:a2:8f:77:9b:d5:e5:b0:a9:93:d7:48: + 76:44:7a:ed:d1:b2:36:a7:31:92:6b:83:af:bc:2a:d7:34:f6: + e4:07:5c:25:22:9f:10:47:c1:f9:c4:d1:3e:c8:8a:9d:2d:bf: + 2b:c0:1f:b2:a4:0e:34:2c:2d:cb:69:84:5c:e5:cd:92:8d:70: + aa:78:f0:25:b6:10:00:50:f9:0c:6f:f5:50:f8:ff:3e:f4:83: + b1:ac:76:4d:25:20:7c:93:4f:9c:0f:56:0b:96:ea:f1:bb:bd: + 5d:e5:ab:e0:17:82:fe:7c:cf:92:b8:9a:de:11:12:53:47:49: + c4:6b:11:60:7b:26:06:ab:fc:76:6a:d7:64:92:d6:73:7e:bd: + 4d:b9:75:e7:4f:e9:b0:2f:9f:b1:ac:fb:14:0e:64:bb:e8:57: + c0:e4:d9:db:d9:fb:38:6e:d9:be:f9:59:48:e7:7c:66:0d:57: + 43:fb:0d:27:2c:f2:0b:59:84:8e:67:5f:43:d7:7c:56:64:c6: + 26:58:ad:0e:33:c5:c5:41:e6:99:e5:3c:27:66:0a:e0:53:23: + 32:e3:96:bc:92:e6:3d:76:ba:eb:8a:2a:c6:a1:b1:d0:d1:a7: + 24:89:37:aa +-----BEGIN CERTIFICATE----- +MIIC6DCCAdCgAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUAwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEamTHS8agh7XCBxOsuA03lZDk4oKVMW9i5R+wWTDpK8bgtIObVJ1hVtYE +ELfzuV4x5s+vQA6qeirYHO5d0VwXZMc39zQ9QmwQDK3jJ6nv5gJIZg9hkjf+JlMs +n3mnKXxMo4HfMIHcMB0GA1UdDgQWBBTefUFMlINhYO36WDySM1jlecIHoDAfBgNV +HSMEGDAWgBSAFB4ExqDEKCUwKFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYI +KwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQG +A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUu +Y3JsMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAQEAeO9vN+DX5tOJ7Hp+oYIm6eU+WM2X2MD8laKPd5vV5bCpk9dI +dkR67dGyNqcxkmuDr7wq1zT25AdcJSKfEEfB+cTRPsiKnS2/K8AfsqQONCwty2mE +XOXNko1wqnjwJbYQAFD5DG/1UPj/PvSDsax2TSUgfJNPnA9WC5bq8bu9XeWr4BeC +/nzPkria3hESU0dJxGsRYHsmBqv8dmrXZJLWc369Tbl150/psC+fsaz7FA5ku+hX +wOTZ29n7OG7ZvvlZSOd8Zg1XQ/sNJyzyC1mEjmdfQ9d8VmTGJlitDjPFxUHmmeU8 +J2YK4FMjMuOWvJLmPXa664oqxqGx0NGnJIk3qg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.test new file mode 100644 index 0000000000..5bbb44233b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.test @@ -0,0 +1,5 @@ +chain: ec-digitalSignature.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.pem new file mode 100644 index 0000000000..b2bd09f881 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.pem @@ -0,0 +1,260 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a EC key and has the single key usage keyAgreement + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:41 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:64:c7:4b:c6:a0:87:b5:c2:07:13:ac:b8:0d: + 37:95:90:e4:e2:82:95:31:6f:62:e5:1f:b0:59:30: + e9:2b:c6:e0:b4:83:9b:54:9d:61:56:d6:04:10:b7: + f3:b9:5e:31:e6:cf:af:40:0e:aa:7a:2a:d8:1c:ee: + 5d:d1:5c:17:64:c7:37:f7:34:3d:42:6c:10:0c:ad: + e3:27:a9:ef:e6:02:48:66:0f:61:92:37:fe:26:53: + 2c:9f:79:a7:29:7c:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:7D:41:4C:94:83:61:60:ED:FA:58:3C:92:33:58:E5:79:C2:07:A0 + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 9e:5f:f7:4c:11:a6:50:d2:09:1d:85:f4:f4:1f:67:4f:69:82: + 3d:0b:de:ed:d6:83:a8:28:40:15:18:8c:73:09:34:cc:35:00: + f9:8a:27:db:38:4f:d6:8a:34:b3:70:ec:27:7e:02:5a:06:93: + 17:02:c4:53:1b:7e:0d:0c:40:b4:6b:1c:5d:af:ef:64:85:f8: + a0:6c:df:45:02:f9:98:5b:e4:24:13:c1:a2:ce:7c:df:8a:bb: + 91:d4:f4:cb:a3:31:0d:ae:dd:66:0a:c1:b6:5b:1a:56:14:86: + 6f:04:26:6d:4f:13:e2:1e:f0:76:90:2f:11:cd:5a:74:f9:70: + 27:8e:f0:93:26:12:dd:77:6f:c9:04:3e:8d:df:fb:eb:5d:79: + 22:a0:cf:b5:c0:ff:9f:02:e1:8a:9b:95:bb:8c:a1:44:42:d5: + b8:8f:85:57:66:e3:08:9d:4c:db:a8:83:7f:d3:29:4d:0f:f8: + 1f:7b:c6:ee:f8:43:3b:a9:31:59:35:94:0b:97:8d:a8:33:dc: + 1d:e0:f2:bc:a7:cc:3d:ee:55:fc:49:ad:af:f6:62:fe:d3:e0: + 77:38:d1:e8:2b:52:71:f7:32:11:a6:74:a6:69:b8:d7:1d:3e: + 74:5f:c6:12:2b:eb:28:36:62:f6:d0:cd:b4:1a:d2:40:b0:94: + 22:ef:d4:d4 +-----BEGIN CERTIFICATE----- +MIIC6DCCAdCgAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUEwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEamTHS8agh7XCBxOsuA03lZDk4oKVMW9i5R+wWTDpK8bgtIObVJ1hVtYE +ELfzuV4x5s+vQA6qeirYHO5d0VwXZMc39zQ9QmwQDK3jJ6nv5gJIZg9hkjf+JlMs +n3mnKXxMo4HfMIHcMB0GA1UdDgQWBBTefUFMlINhYO36WDySM1jlecIHoDAfBgNV +HSMEGDAWgBSAFB4ExqDEKCUwKFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYI +KwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQG +A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUu +Y3JsMA4GA1UdDwEB/wQEAwIDCDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAQEAnl/3TBGmUNIJHYX09B9nT2mCPQve7daDqChAFRiMcwk0zDUA ++Yon2zhP1oo0s3DsJ34CWgaTFwLEUxt+DQxAtGscXa/vZIX4oGzfRQL5mFvkJBPB +os5834q7kdT0y6MxDa7dZgrBtlsaVhSGbwQmbU8T4h7wdpAvEc1adPlwJ47wkyYS +3XdvyQQ+jd/76115IqDPtcD/nwLhipuVu4yhRELVuI+FV2bjCJ1M26iDf9MpTQ/4 +H3vG7vhDO6kxWTWUC5eNqDPcHeDyvKfMPe5V/Emtr/Zi/tPgdzjR6CtScfcyEaZ0 +pmm41x0+dF/GEivrKDZi9tDNtBrSQLCUIu/U1A== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.test new file mode 100644 index 0000000000..38a1e789bf --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyAgreement.test @@ -0,0 +1,5 @@ +chain: ec-keyAgreement.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.pem new file mode 100644 index 0000000000..5807b51f8f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.pem @@ -0,0 +1,260 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a EC key and has the single key usage keyEncipherment + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:42 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:64:c7:4b:c6:a0:87:b5:c2:07:13:ac:b8:0d: + 37:95:90:e4:e2:82:95:31:6f:62:e5:1f:b0:59:30: + e9:2b:c6:e0:b4:83:9b:54:9d:61:56:d6:04:10:b7: + f3:b9:5e:31:e6:cf:af:40:0e:aa:7a:2a:d8:1c:ee: + 5d:d1:5c:17:64:c7:37:f7:34:3d:42:6c:10:0c:ad: + e3:27:a9:ef:e6:02:48:66:0f:61:92:37:fe:26:53: + 2c:9f:79:a7:29:7c:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:7D:41:4C:94:83:61:60:ED:FA:58:3C:92:33:58:E5:79:C2:07:A0 + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 11:8c:07:49:83:c8:7a:c0:eb:1e:34:78:94:97:c7:df:2f:a3: + ba:22:4c:71:57:4f:c7:0c:8b:a6:a3:2e:58:4f:0a:b6:6f:9d: + 36:a5:52:29:b5:d4:c9:d7:3f:fa:1c:cf:55:28:7d:9f:81:f4: + d9:f9:7b:7a:d4:55:db:61:85:78:08:0a:52:04:9a:bd:79:5f: + 94:1b:30:e2:7f:2f:2f:d8:a9:c6:c4:5d:dc:1f:33:d4:93:6c: + ed:6d:74:44:2b:a7:6a:c8:0d:ce:af:2c:a3:e6:39:02:61:84: + a8:28:f3:3b:1f:3d:c1:01:14:77:08:cf:61:ca:a6:86:ef:01: + d8:55:bf:37:50:93:e8:36:39:12:17:03:ea:2c:b6:1d:0f:65: + 26:8a:c2:00:e4:a1:94:53:a1:ff:6d:ce:23:6e:63:01:b9:71: + d5:ee:ce:b9:52:82:31:75:e9:8b:08:b9:9e:29:64:dc:4e:bb: + be:97:74:8e:84:37:6f:3f:76:05:53:6e:98:cb:70:07:14:20: + 6c:73:dc:be:ee:3b:d1:70:26:4d:4b:1c:ae:e0:19:22:d8:a5: + 7e:77:00:7f:bc:fd:1c:d2:75:78:8d:7b:2b:6c:98:1f:95:e9: + 2e:ac:3d:b8:d9:95:35:8b:de:03:c5:6e:82:85:cb:4e:9a:6d: + d1:1b:aa:a9 +-----BEGIN CERTIFICATE----- +MIIC6DCCAdCgAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEamTHS8agh7XCBxOsuA03lZDk4oKVMW9i5R+wWTDpK8bgtIObVJ1hVtYE +ELfzuV4x5s+vQA6qeirYHO5d0VwXZMc39zQ9QmwQDK3jJ6nv5gJIZg9hkjf+JlMs +n3mnKXxMo4HfMIHcMB0GA1UdDgQWBBTefUFMlINhYO36WDySM1jlecIHoDAfBgNV +HSMEGDAWgBSAFB4ExqDEKCUwKFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYI +KwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQG +A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUu +Y3JsMA4GA1UdDwEB/wQEAwIFIDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAQEAEYwHSYPIesDrHjR4lJfH3y+juiJMcVdPxwyLpqMuWE8Ktm+d +NqVSKbXUydc/+hzPVSh9n4H02fl7etRV22GFeAgKUgSavXlflBsw4n8vL9ipxsRd +3B8z1JNs7W10RCunasgNzq8so+Y5AmGEqCjzOx89wQEUdwjPYcqmhu8B2FW/N1CT +6DY5EhcD6iy2HQ9lJorCAOShlFOh/23OI25jAblx1e7OuVKCMXXpiwi5nilk3E67 +vpd0joQ3bz92BVNumMtwBxQgbHPcvu470XAmTUscruAZItilfncAf7z9HNJ1eI17 +K2yYH5XpLqw9uNmVNYveA8VugoXLTppt0RuqqQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.test new file mode 100644 index 0000000000..506e8db95d --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-keyEncipherment.test @@ -0,0 +1,5 @@ +chain: ec-keyEncipherment.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py new file mode 100755 index 0000000000..fb0a02fdd3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python +# Copyright 2017 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Generates a variety of chains where the target certificate varies in its key +type and key usages.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate (used as trust anchor). +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Use either an RSA key, or an EC key for the target certificate. Generate the +# possible keys ahead of time so as not to duplicate the work. + +KEYS = { + 'rsa': gencerts.get_or_generate_rsa_key( + 2048, gencerts.create_key_path('Target-rsa')), + 'ec': gencerts.get_or_generate_ec_key( + 'secp384r1', gencerts.create_key_path('Target-ec')) +}; + +KEY_USAGES = [ 'decipherOnly', + 'digitalSignature', + 'keyAgreement', + 'keyEncipherment' ] + +# The proper key usage depends on the key purpose (serverAuth in this case), +# and the key type. Generate a variety of combinations. +for key_type in sorted(KEYS.keys()): + for key_usage in KEY_USAGES: + # Target certificate. + target = gencerts.create_end_entity_certificate('Target', intermediate) + target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') + target.get_extensions().set_property('keyUsage', + 'critical,%s' % (key_usage)) + + # Set the key. + target.set_key(KEYS[key_type]) + + # Write the chain. + chain = [target, intermediate, root] + description = ('Certificate chain where the target certificate uses a %s ' + 'key and has the single key usage %s') % (key_type.upper(), + key_usage) + gencerts.write_chain(description, chain, + '%s-%s.pem' % (key_type, key_usage)) diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Intermediate.key new file mode 100644 index 0000000000..ab93eea45b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAreojDNwxVT0jeqMPXhaeYkTkKL8LsHajXnHnqYVSHq47KyEN +lTVzwsCgeBPT/CdXipjeg+OPoxOlIKepv8j1AhsIGi6lBHoRJKFZET3AO1c1Ys0q +Qc1cFTWsyGb4qfLUHAy03J17mfkHG8nwA2pscdjmy3rsx6e3NgvwSSI3IvR38xqm +V1kLbGo7uNFH30isVO6CHjkU3KacqzO3h087cFWv20DlJqkPvFmPYZJHCjRz3vsl ++vG9pAM1k15Xo6M/E+YJaMVRKSBTuF76is7oCu+eB25V9/bB5xKfIsFyuCqvJTTr +CCg2c472gHAhFoqBK2lHYsXvft2AfAlObVeGTwIDAQABAoIBAG9V25hpAkACQstI +xhbCviRE3BdlrnMKkC1vGBJDIj435fMHVu21aWU88b3NW8Ep4nX8xT6DmLmaYvTT +wOzhFlCBw58XS1bhWkYr8JwD/yM+AhQ9KZc0g4WkdfdZTEloBffq/oHZY34/mRhm +H3vgTopXg/CxwhFSwgwcengnKkr6TQELBWwY1XU4uY95HrDhe/TjrZCCtOl5DOGG +n+CYPelthmTbNdquLyoJObsjuXspxs5h/j7F9j/bnO34c2KZOTzEEw4dv7Othr7Z +sMQBwok8JkbNARGB+wi8x9csIZtt+lpmErB+p64bSwBhvtNN+5MPzgpOp00CX1Nj +Tq2IqoECgYEA5gWfaSyS+2TdGDbqtziolxLMPmQxcwba1pfhjQFzu0RBAjtM8y+o +fIMKD+SgAPbNNiZIQQpWnvievq63ageP8XCDx7sjaGZsMGqv70/WRo16OEVZKRYr +NBN8twjXvI9cd9RdP7MPQniKPRiHXGQUVlibvfyMKtoIzdc/7fJOuEECgYEAwY5X +pPnS3Fpsrbewk1Xtoznf0D5KTb7XYhzXvmRYgsFYiYMeSxNrANKXQy0HVVGXTILe +wyGgV8Cxz9Q/iAoJszh8IqGZ2AIyhXqNtlN0VbyPGFU/7mceXr82fum6Neiqi+JU +ohKS5V5FJWjIiZnigtp+se7Hd0mhLbGNxKqoGo8CgYEA4IhajIrjSxyxKaLpyUI4 +Z4gE8V5SWss1MUZ++GqTcxh0MN58BeLen/Q2DT+J5IcF2DbUTxDtby6XnuDjz09k +djTznjMRpCZes4BhDsSrEKGnzWf8Wbv3HlVrZyvtk3WJuLsG71g1rBgIMQ1RjKFw +rLzAAluU43uEHpJgKEBgEUECgYA8GfUBF0nwfmuMraM4vM/jhU8IHK954K6Emqwr +RIFvaJYTbRF1AnyRbtLlWxAR4Bn4+hItyT0+wmj0PdXUajmE2x9AqalZt6T0aY+j +c9qF3N0aEy6c2oxFo15Knkzh/HMoqIjbIqVWb6VM7nKGt6/sLeh1W824LrbLt3xr ++wnj5QKBgDWwwXIUlP89zmrUwE2Jz860aVsUuQOfv2L/UTrGirMDr705etuZ1Qgi +P92AtS1v2F1pQ49RsrPWdQEkkd5NIruXOGXhppvlMI5/nlH+3XR7bdcyiJ37JByv +c3Vfch9jDgyA6DC6qX3cLsQwjIRod0v+ho0R1jnG+wraS33dkrh6 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Root.key new file mode 100644 index 0000000000..ec146d1736 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAst8LC6KKnJxorST5+eaV7+RxHgD77L+xy27WQDBCejiHnlvN +WD63MVyNDYR6vu/mmLpOxa4rL2aysj/nwKiLdWBhKmeK0lVyg+L/3nbWY1h5upHB +gOEGGzWcs+kZ+MchgN2eBBg13t8AgCEJBjxsmt4Q0f1NLydeViREZ4hI5CVSzMcX +P2kfdvyxg0VIXTfagD49f/aN7IMA1i/EQV15rq0UTCSzXh7+7eg5F0pLyusQXW6v +OFixEqVpvb1j3fUhcSw2N3JROzrejx6g4mtF2gKtfgS308hkNMb0CKDlyQIbb0Ii +vtOLe2NuOcSXF8aaup4mm+Flpk1Kk16yThidwQIDAQABAoIBAA9Qb1aorOtprMCe +ONS/fDjUuyaReQA1DVjYfXlzaE2kh1/0hik2/WI5hU4R+JxeV8Tdtp7QIZxmU4hV +Vlc1VvNOtCL4SHdnn21RQwzd6c8JpSpnDkUlfutXdLomi/WzvteUodHB7OLO/vD5 +YxdolvfPaWtBH5mY6ke/xSeEEJGPx9Uu/DiwRX/mUSTAEQVRUrg6sfl+y8TWx1p4 +YMkOwSLlKu/e/m+2VmDhJtEAYlHKjDSFBKGU7AFOvDC0d/syxr4aUb5GpOsfeYFI +AiVbXFGPQkWYNqzn3bH0cYvEXsHRSo6XFBCJwzmskJS5PUp/KWgELergXiWamRDa +WlHmzS0CgYEA3LBWuyA0z5odyaCbmNkv6TdPrISrEWQOieBOU8YR8kLER/eAP/xk +drkJTsq4nvo3/fiN6V+9kMS3PjXINUf6nOdh8EaRX7RR//7BaWIXp2Ij8kcUCL6H +lw/IHWqBEYJh494X1/YBgvn7xmXWJUnHG3iPDvHRixwyY5411QCxq28CgYEAz33P +bFViSwTM+SyQsZjR94Kg0Aa2JRZSmjeL+QQwpa/I9bXfJ9c49DCx2hhpMPtdV+Ca +F+XEKV+NprKWNKtL3oP+M3s9mSmiiHs3a4rXw0p+Js3j2d+elAfVwNhYYT9ei8us +M4iLDVJgHanITTnJ2M+mtMsJGaPB/qly/yTtcc8CgYBKXZGcVOn22vQWsWw9QVKH +v/+1Hq+WmKTdiRxb1m7Nt/n0Vk59QUuJRikAyAcWazLa/hqz/XMfiWpGKFFiwvKM +VNwH33+1REotfWcnX8qguM1sIs95ctq16LeCUhVUFR9vbbOTLm6r+BkDbeWPgyD4 +/NMYMhxuR/4i23lAYY99OQKBgAVwcN2QJ3F8ALuPdYOSU/6/B+QsKN40BZpRVnQC +rhvJzeTTDbSHqdCM7jyfYzKLhFjnZGK3/TpwbNAv4kwjKWv93c4Prv+y3bXiNQO2 +sg1GiKQPxadSe1+6DNpvUXHLLXlQr4TyUWLaA/cDGmMb3rS2TNJ0eBqZ9l3spz0V +BLx1AoGBAK11vNY+xfquOQeFj2Auw/GV8vpMJwznv0qa4OC84cQ0JI6eD2XY1Der +feeQmypv5NwR+p7AoXCCPLztb8bxAz0wJEk2ESh0/ca5NkNAcom1sxUSA9DLsvf4 +tsBCaU1FkecIGZvDEDnWAWSEoUDGDeV6OTPnn4bi/WGqRRrgRFJC +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-ec.key b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-ec.key new file mode 100644 index 0000000000..93b408d617 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-ec.key @@ -0,0 +1,10 @@ +openssl ecparam -name secp384r1 -genkey +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDCzK1e0D3pjhdCX9UeDKl9gw9X08NEeuXcM/rpYQaGRPnvtGUpyfGYh +MwSA7esyvi2gBwYFK4EEACKhZANiAARqZMdLxqCHtcIHE6y4DTeVkOTigpUxb2Ll +H7BZMOkrxuC0g5tUnWFW1gQQt/O5XjHmz69ADqp6Ktgc7l3RXBdkxzf3ND1CbBAM +reMnqe/mAkhmD2GSN/4mUyyfeacpfEw= +-----END EC PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-rsa.key b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-rsa.key new file mode 100644 index 0000000000..4c7cf0077e --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/keys/Target-rsa.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyPTD/66ZRNwHGWJZHboOE9B4tqB/ynRPpMJc3gTi6iLZKE1F +VBRM6FbUe4pk+vnkFCPArcwlYzhZVQBR4oKsrkc72uKVeRy1lsrSSjz3uHrMnuKN +0BcLvG4OPMIFOiFkANvDCLXmz3hdKzy6VKlaZE4b2DrrFNNardpv1qLhfg//znGF +FMf+VGX5xkdzrm6bgedVy37qdqhI+WIlQA7Rz5CPaPeUIGmkFIoUJFM9VbhaMa58 +NnTSwizOe+mDaVYW7Pm7fLAUb5US2nywI7hdQdy8rSTZtmo/gmx0oHNoWtPk8gqT +uRzuu87i2IaGjuAkWOPs9eOENummYnJcSwycFQIDAQABAoIBAQCIO48ILciQKw3R +AqBhi7lxa1n6jRI1IObBTlaA2RUwH1HShZfjaSO+OucvnWHZ10Ds+lPsPsJ14kSF +YIMiqO4B9B66w/MLORBN2s/3Lh/N+8nuSK5VDNqS8pVKUUoT34EZJ+KvbAm+St32 +quOy82BpMZ6k10R5SNNnmvdIrgFqYKCDyhMwW5tR4pQkjuHfsv8dJpvM/B+HoLTH +/+jP1+nt4jD4Najn01nPJ8uETiJj/CLvHpRuuBep0BMWjwtlZaEuwILVCWGdSym6 +em9fuQog6ghPWk9LdGcB8eSm07S27NCFlZjcr1PEBS1IxzZHkSyUb6dnPOPgCDhe +CjtOLHWdAoGBAOxR+ZuY94vVDwjkG6KxEE3WoqWl2uKoYFKH30bZAiZy0gJ/h+3y +yZRXOi3yVOiRWKNVaHbOI+jRTjCIvquR0VNeZZTjwX+FohkeJ+9HTerMcl9WeLLT +KBnwwzE1I1KvBPVrBPQ/IP6ydthdSXcF/7AvWy1d3NCmPywzzjEaZU1DAoGBANmw +4E1n4nj/+Jxt1Ja0Jr9Le32iR3Aa7/r07U44rDb7hvKtk6qv5B/V6wsCFZ378gMS +rl+iCWqtFMZNpDy83QpKAcOEQDs1BgZLCxwtIiEKtUIAXCAf3uHPxTeXZtAIoBl6 +b+OU7RkPWSa4orO63v1G77Lz4GaXSTHxRcMXZO/HAoGADHvQGb4c5ZAduTSDmTaN +S+9YrDN0uqB2ZiWzT8TK7kkGewdNoO5AY8uv0RmKDrcO3aH3YL9G+leEL+ApYlrT +mfnUl+boI9plU7paFbPIk+y05gBlY9zvs18akJDkCswgEO7UViq3jXzT9l4HMXhp +p175DA53SbZeg/FApStlyo0CgYAkPTu55xdeiU47zFTdmbPxmIFAUumNkg5tOqTe +prSUmp7Ge3rfqVRSsGvmczxiBnUtaci5huIGbjXNJVO4AMDTW6qbf8KpmJQeLBP3 +ZtQNqBiwmhq8BlI2ST5NmNi2vRjZ5PYHbt1hlJqExavgO7WveEWjBtJOgdTfiYjR +h214NQKBgEuj8vmd0Vgt/hmc7vVi/cfCOvbJEzpM3f19k7YyHze9UaUYrzNF830C +r0pNX0fEv8mKsCyFBfmmCjy6yVodUZ8pWmbwMTNbYiMPy9SBOSQr5+QTr3BOU3pM +b2jrvBzMkuf4NwuzqDLsbf2iury0wkPQWpILghY1Adc4mjylPJdD +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.pem new file mode 100644 index 0000000000..658eb7b3e9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a RSA key and has the single key usage decipherOnly + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:43 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:f4:c3:ff:ae:99:44:dc:07:19:62:59:1d:ba: + 0e:13:d0:78:b6:a0:7f:ca:74:4f:a4:c2:5c:de:04: + e2:ea:22:d9:28:4d:45:54:14:4c:e8:56:d4:7b:8a: + 64:fa:f9:e4:14:23:c0:ad:cc:25:63:38:59:55:00: + 51:e2:82:ac:ae:47:3b:da:e2:95:79:1c:b5:96:ca: + d2:4a:3c:f7:b8:7a:cc:9e:e2:8d:d0:17:0b:bc:6e: + 0e:3c:c2:05:3a:21:64:00:db:c3:08:b5:e6:cf:78: + 5d:2b:3c:ba:54:a9:5a:64:4e:1b:d8:3a:eb:14:d3: + 5a:ad:da:6f:d6:a2:e1:7e:0f:ff:ce:71:85:14:c7: + fe:54:65:f9:c6:47:73:ae:6e:9b:81:e7:55:cb:7e: + ea:76:a8:48:f9:62:25:40:0e:d1:cf:90:8f:68:f7: + 94:20:69:a4:14:8a:14:24:53:3d:55:b8:5a:31:ae: + 7c:36:74:d2:c2:2c:ce:7b:e9:83:69:56:16:ec:f9: + bb:7c:b0:14:6f:95:12:da:7c:b0:23:b8:5d:41:dc: + bc:ad:24:d9:b6:6a:3f:82:6c:74:a0:73:68:5a:d3: + e4:f2:0a:93:b9:1c:ee:bb:ce:e2:d8:86:86:8e:e0: + 24:58:e3:ec:f5:e3:84:36:e9:a6:62:72:5c:4b:0c: + 9c:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F1:A9:E2:E9:58:C3:31:AD:E2:60:9B:55:C0:A2:0A:80:7B:15:10:2D + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Decipher Only + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 2a:6c:e4:3f:22:4b:fa:95:7b:03:b8:c0:3f:24:52:bf:32:f8: + a2:59:81:9c:ad:62:5d:80:a9:80:94:8d:00:89:9f:c6:c9:7a: + 6d:33:0d:f7:bb:5a:86:92:8d:09:ab:8b:93:a1:d1:0f:16:a3: + b9:59:cd:ce:d2:76:f7:e2:08:40:4d:15:0c:da:10:dd:a7:f1: + 67:33:13:96:70:6b:d7:3d:45:69:8d:de:0d:8f:c1:92:ce:0c: + dc:ea:13:d0:23:fd:cf:88:c1:69:42:a9:a9:3a:49:ba:8e:d2: + 45:f7:c2:4d:5d:54:a2:78:e0:fb:45:c6:f2:cc:af:e8:82:8c: + 36:d2:7d:ad:e4:19:c6:e2:c2:71:16:3d:11:cc:46:23:e7:37: + 30:f1:95:6a:20:80:92:24:63:f8:38:18:e8:61:f5:b1:5a:0b: + 81:f6:fa:ad:95:3b:6b:d0:08:12:07:53:9d:9f:43:7b:c3:d6: + 35:75:38:4a:db:16:d8:c6:8c:c0:a0:69:62:1e:95:db:b2:67: + ee:8d:b2:76:ee:2c:f0:20:e9:c7:02:1b:11:fa:08:71:f8:11: + b9:28:8b:fa:3c:66:c9:03:a7:05:bc:4a:3e:c5:6f:75:f5:32: + 96:0a:09:08:8d:ea:b5:a1:3f:6f:93:b1:fc:ee:a6:db:b0:9f: + 5d:b3:7e:e4 +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUMwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyPTD/66ZRNwHGWJZHboOE9B4tqB/ynRPpMJc3gTi6iLZ +KE1FVBRM6FbUe4pk+vnkFCPArcwlYzhZVQBR4oKsrkc72uKVeRy1lsrSSjz3uHrM +nuKN0BcLvG4OPMIFOiFkANvDCLXmz3hdKzy6VKlaZE4b2DrrFNNardpv1qLhfg// +znGFFMf+VGX5xkdzrm6bgedVy37qdqhI+WIlQA7Rz5CPaPeUIGmkFIoUJFM9Vbha +Ma58NnTSwizOe+mDaVYW7Pm7fLAUb5US2nywI7hdQdy8rSTZtmo/gmx0oHNoWtPk +8gqTuRzuu87i2IaGjuAkWOPs9eOENummYnJcSwycFQIDAQABo4HgMIHdMB0GA1Ud +DgQWBBTxqeLpWMMxreJgm1XAogqAexUQLTAfBgNVHSMEGDAWgBSAFB4ExqDEKCUw +KFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA8GA1UdDwEB/wQFAwMH +AIAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBACps5D8i +S/qVewO4wD8kUr8y+KJZgZytYl2AqYCUjQCJn8bJem0zDfe7WoaSjQmri5Oh0Q8W +o7lZzc7SdvfiCEBNFQzaEN2n8WczE5Zwa9c9RWmN3g2PwZLODNzqE9Aj/c+IwWlC +qak6SbqO0kX3wk1dVKJ44PtFxvLMr+iCjDbSfa3kGcbiwnEWPRHMRiPnNzDxlWog +gJIkY/g4GOhh9bFaC4H2+q2VO2vQCBIHU52fQ3vD1jV1OErbFtjGjMCgaWIelduy +Z+6NsnbuLPAg6ccCGxH6CHH4Ebkoi/o8ZskDpwW8Sj7Fb3X1MpYKCQiN6rWhP2+T +sfzuptuwn12zfuQ= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.test new file mode 100644 index 0000000000..03af9cad38 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-decipherOnly.test @@ -0,0 +1,5 @@ +chain: rsa-decipherOnly.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.pem new file mode 100644 index 0000000000..594335e913 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a RSA key and has the single key usage digitalSignature + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:44 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:f4:c3:ff:ae:99:44:dc:07:19:62:59:1d:ba: + 0e:13:d0:78:b6:a0:7f:ca:74:4f:a4:c2:5c:de:04: + e2:ea:22:d9:28:4d:45:54:14:4c:e8:56:d4:7b:8a: + 64:fa:f9:e4:14:23:c0:ad:cc:25:63:38:59:55:00: + 51:e2:82:ac:ae:47:3b:da:e2:95:79:1c:b5:96:ca: + d2:4a:3c:f7:b8:7a:cc:9e:e2:8d:d0:17:0b:bc:6e: + 0e:3c:c2:05:3a:21:64:00:db:c3:08:b5:e6:cf:78: + 5d:2b:3c:ba:54:a9:5a:64:4e:1b:d8:3a:eb:14:d3: + 5a:ad:da:6f:d6:a2:e1:7e:0f:ff:ce:71:85:14:c7: + fe:54:65:f9:c6:47:73:ae:6e:9b:81:e7:55:cb:7e: + ea:76:a8:48:f9:62:25:40:0e:d1:cf:90:8f:68:f7: + 94:20:69:a4:14:8a:14:24:53:3d:55:b8:5a:31:ae: + 7c:36:74:d2:c2:2c:ce:7b:e9:83:69:56:16:ec:f9: + bb:7c:b0:14:6f:95:12:da:7c:b0:23:b8:5d:41:dc: + bc:ad:24:d9:b6:6a:3f:82:6c:74:a0:73:68:5a:d3: + e4:f2:0a:93:b9:1c:ee:bb:ce:e2:d8:86:86:8e:e0: + 24:58:e3:ec:f5:e3:84:36:e9:a6:62:72:5c:4b:0c: + 9c:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F1:A9:E2:E9:58:C3:31:AD:E2:60:9B:55:C0:A2:0A:80:7B:15:10:2D + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 71:3c:0b:f7:3f:2e:4a:5d:67:f5:79:3a:f9:b2:c4:1b:67:96: + 30:19:57:02:88:f1:76:68:86:c0:9d:ed:17:0f:fe:1a:a0:55: + 4f:6d:49:94:ca:a4:a0:16:c3:66:f8:8c:5b:e2:1d:b3:79:31: + 02:a1:ea:a0:5d:b7:9d:f1:5e:b5:c3:34:e4:bf:1f:a4:31:40: + 36:6f:7f:cf:55:53:8a:6b:b2:bd:20:e8:68:3d:74:fe:f1:15: + 1f:56:75:47:d0:2b:8f:c2:de:05:61:c9:ac:01:52:69:58:82: + 7c:d7:55:ce:0d:f7:5f:75:aa:2e:e8:5a:4a:cb:bb:f6:cd:6b: + e3:dd:0b:4d:8e:53:3b:b4:aa:75:69:28:66:29:09:a8:a3:49: + 12:e6:36:f7:53:ec:60:bf:d8:76:87:ad:2c:54:ba:21:11:62: + 01:9b:f3:35:e0:c7:7b:b4:9d:d8:56:36:c3:7d:3a:23:3b:02: + d0:eb:90:03:4f:d6:eb:1d:12:36:62:00:ca:11:9e:68:e7:1a: + 7a:2f:ea:77:81:8b:4b:bf:9e:50:33:d2:2c:bd:74:74:7c:94: + b9:3f:3a:6d:5d:b8:fb:4f:23:aa:1f:60:2f:6a:16:89:11:e5: + 4e:e3:d0:52:f6:6f:ef:d5:2c:c4:ec:82:81:b2:2c:05:50:ac: + 4f:2a:20:dc +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUQwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyPTD/66ZRNwHGWJZHboOE9B4tqB/ynRPpMJc3gTi6iLZ +KE1FVBRM6FbUe4pk+vnkFCPArcwlYzhZVQBR4oKsrkc72uKVeRy1lsrSSjz3uHrM +nuKN0BcLvG4OPMIFOiFkANvDCLXmz3hdKzy6VKlaZE4b2DrrFNNardpv1qLhfg// +znGFFMf+VGX5xkdzrm6bgedVy37qdqhI+WIlQA7Rz5CPaPeUIGmkFIoUJFM9Vbha +Ma58NnTSwizOe+mDaVYW7Pm7fLAUb5US2nywI7hdQdy8rSTZtmo/gmx0oHNoWtPk +8gqTuRzuu87i2IaGjuAkWOPs9eOENummYnJcSwycFQIDAQABo4HfMIHcMB0GA1Ud +DgQWBBTxqeLpWMMxreJgm1XAogqAexUQLTAfBgNVHSMEGDAWgBSAFB4ExqDEKCUw +KFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIH +gDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAcTwL9z8u +Sl1n9Xk6+bLEG2eWMBlXAojxdmiGwJ3tFw/+GqBVT21JlMqkoBbDZviMW+Ids3kx +AqHqoF23nfFetcM05L8fpDFANm9/z1VTimuyvSDoaD10/vEVH1Z1R9Arj8LeBWHJ +rAFSaViCfNdVzg33X3WqLuhaSsu79s1r490LTY5TO7SqdWkoZikJqKNJEuY291Ps +YL/YdoetLFS6IRFiAZvzNeDHe7Sd2FY2w306IzsC0OuQA0/W6x0SNmIAyhGeaOca +ei/qd4GLS7+eUDPSLL10dHyUuT86bV24+08jqh9gL2oWiRHlTuPQUvZv79UsxOyC +gbIsBVCsTyog3A== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.test new file mode 100644 index 0000000000..b7aa3df4de --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-digitalSignature.test @@ -0,0 +1,5 @@ +chain: rsa-digitalSignature.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.pem new file mode 100644 index 0000000000..f846aa3aa5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a RSA key and has the single key usage keyAgreement + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:45 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:f4:c3:ff:ae:99:44:dc:07:19:62:59:1d:ba: + 0e:13:d0:78:b6:a0:7f:ca:74:4f:a4:c2:5c:de:04: + e2:ea:22:d9:28:4d:45:54:14:4c:e8:56:d4:7b:8a: + 64:fa:f9:e4:14:23:c0:ad:cc:25:63:38:59:55:00: + 51:e2:82:ac:ae:47:3b:da:e2:95:79:1c:b5:96:ca: + d2:4a:3c:f7:b8:7a:cc:9e:e2:8d:d0:17:0b:bc:6e: + 0e:3c:c2:05:3a:21:64:00:db:c3:08:b5:e6:cf:78: + 5d:2b:3c:ba:54:a9:5a:64:4e:1b:d8:3a:eb:14:d3: + 5a:ad:da:6f:d6:a2:e1:7e:0f:ff:ce:71:85:14:c7: + fe:54:65:f9:c6:47:73:ae:6e:9b:81:e7:55:cb:7e: + ea:76:a8:48:f9:62:25:40:0e:d1:cf:90:8f:68:f7: + 94:20:69:a4:14:8a:14:24:53:3d:55:b8:5a:31:ae: + 7c:36:74:d2:c2:2c:ce:7b:e9:83:69:56:16:ec:f9: + bb:7c:b0:14:6f:95:12:da:7c:b0:23:b8:5d:41:dc: + bc:ad:24:d9:b6:6a:3f:82:6c:74:a0:73:68:5a:d3: + e4:f2:0a:93:b9:1c:ee:bb:ce:e2:d8:86:86:8e:e0: + 24:58:e3:ec:f5:e3:84:36:e9:a6:62:72:5c:4b:0c: + 9c:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F1:A9:E2:E9:58:C3:31:AD:E2:60:9B:55:C0:A2:0A:80:7B:15:10:2D + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 9a:25:4a:ec:49:35:20:7d:f2:12:81:7a:ec:1f:a4:4d:77:bd: + a1:ff:4e:7f:49:6d:a1:dc:b4:bd:3e:f9:5a:e9:db:92:42:43: + 8c:ca:22:fe:35:8b:20:e6:7d:55:8d:44:ef:7b:58:bf:37:b0: + 6d:21:b7:bb:e6:0f:9a:d5:95:ba:5a:1a:b7:12:0b:1a:c7:b8: + ca:bc:1b:31:37:5b:f7:c1:0a:2f:6b:c4:d9:86:a9:33:39:3a: + d0:f7:0f:b5:33:b2:41:f4:20:9a:bf:66:18:5a:d1:b3:c1:99: + 2a:64:4d:4d:ca:71:1e:95:a0:b0:53:0d:62:6a:46:90:1b:6d: + ab:a1:e9:3c:a7:15:6f:f1:bd:33:75:b1:8f:7d:d6:41:47:ce: + ad:34:37:2c:fb:17:d5:9c:0b:c6:67:7f:20:ca:33:10:52:47: + d9:15:1a:8e:c2:99:d7:b3:a8:33:ca:f7:d5:9b:63:43:3c:5b: + a4:20:47:ec:99:44:cb:59:a5:6b:29:c4:16:51:52:20:8c:fe: + d6:f1:2b:12:9d:b9:d4:d9:1c:ed:53:b7:5a:82:b7:b8:ce:4f: + a3:a3:93:40:19:91:15:e1:f4:22:cb:ce:65:9f:0e:0f:54:58: + aa:41:02:50:d2:6c:90:4c:8b:08:4a:81:08:54:8d:96:fe:cb: + db:d0:48:3f +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyPTD/66ZRNwHGWJZHboOE9B4tqB/ynRPpMJc3gTi6iLZ +KE1FVBRM6FbUe4pk+vnkFCPArcwlYzhZVQBR4oKsrkc72uKVeRy1lsrSSjz3uHrM +nuKN0BcLvG4OPMIFOiFkANvDCLXmz3hdKzy6VKlaZE4b2DrrFNNardpv1qLhfg// +znGFFMf+VGX5xkdzrm6bgedVy37qdqhI+WIlQA7Rz5CPaPeUIGmkFIoUJFM9Vbha +Ma58NnTSwizOe+mDaVYW7Pm7fLAUb5US2nywI7hdQdy8rSTZtmo/gmx0oHNoWtPk +8gqTuRzuu87i2IaGjuAkWOPs9eOENummYnJcSwycFQIDAQABo4HfMIHcMB0GA1Ud +DgQWBBTxqeLpWMMxreJgm1XAogqAexUQLTAfBgNVHSMEGDAWgBSAFB4ExqDEKCUw +KFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwID +CDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAmiVK7Ek1 +IH3yEoF67B+kTXe9of9Of0ltody0vT75WunbkkJDjMoi/jWLIOZ9VY1E73tYvzew +bSG3u+YPmtWVuloatxILGse4yrwbMTdb98EKL2vE2YapMzk60PcPtTOyQfQgmr9m +GFrRs8GZKmRNTcpxHpWgsFMNYmpGkBttq6HpPKcVb/G9M3Wxj33WQUfOrTQ3LPsX +1ZwLxmd/IMozEFJH2RUajsKZ17OoM8r31ZtjQzxbpCBH7JlEy1mlaynEFlFSIIz+ +1vErEp251Nkc7VO3WoK3uM5Po6OTQBmRFeH0IsvOZZ8OD1RYqkECUNJskEyLCEqB +CFSNlv7L29BIPw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.test new file mode 100644 index 0000000000..8c86a507eb --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.test @@ -0,0 +1,5 @@ +chain: rsa-keyAgreement.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.pem b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.pem new file mode 100644 index 0000000000..d040bd4f5a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate uses a RSA key and has the single key usage keyEncipherment + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:41:46:e2:6f:47:ae:e6:ef:ca:22:1e:bc:61:9b:ed:27:e8:61:46 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:f4:c3:ff:ae:99:44:dc:07:19:62:59:1d:ba: + 0e:13:d0:78:b6:a0:7f:ca:74:4f:a4:c2:5c:de:04: + e2:ea:22:d9:28:4d:45:54:14:4c:e8:56:d4:7b:8a: + 64:fa:f9:e4:14:23:c0:ad:cc:25:63:38:59:55:00: + 51:e2:82:ac:ae:47:3b:da:e2:95:79:1c:b5:96:ca: + d2:4a:3c:f7:b8:7a:cc:9e:e2:8d:d0:17:0b:bc:6e: + 0e:3c:c2:05:3a:21:64:00:db:c3:08:b5:e6:cf:78: + 5d:2b:3c:ba:54:a9:5a:64:4e:1b:d8:3a:eb:14:d3: + 5a:ad:da:6f:d6:a2:e1:7e:0f:ff:ce:71:85:14:c7: + fe:54:65:f9:c6:47:73:ae:6e:9b:81:e7:55:cb:7e: + ea:76:a8:48:f9:62:25:40:0e:d1:cf:90:8f:68:f7: + 94:20:69:a4:14:8a:14:24:53:3d:55:b8:5a:31:ae: + 7c:36:74:d2:c2:2c:ce:7b:e9:83:69:56:16:ec:f9: + bb:7c:b0:14:6f:95:12:da:7c:b0:23:b8:5d:41:dc: + bc:ad:24:d9:b6:6a:3f:82:6c:74:a0:73:68:5a:d3: + e4:f2:0a:93:b9:1c:ee:bb:ce:e2:d8:86:86:8e:e0: + 24:58:e3:ec:f5:e3:84:36:e9:a6:62:72:5c:4b:0c: + 9c:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F1:A9:E2:E9:58:C3:31:AD:E2:60:9B:55:C0:A2:0A:80:7B:15:10:2D + X509v3 Authority Key Identifier: + keyid:80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 17:3c:bc:3f:74:4f:8e:91:91:64:c4:e6:54:94:84:2d:a9:64: + 0f:fc:2c:42:da:2e:19:bd:8b:f0:a7:51:eb:d3:74:04:17:f9: + 89:c1:d5:04:33:67:3a:d1:c9:eb:c4:61:68:ef:6a:e3:b3:95: + 36:5f:4f:72:02:81:b9:4e:7a:68:65:3e:bb:19:ad:d9:ac:e4: + 96:45:55:07:ae:94:d5:55:14:4a:c4:b2:9e:df:a6:8d:22:c4: + ce:56:4b:92:da:3d:4a:7d:23:53:a4:6c:61:60:f4:f7:68:6d: + 22:79:3c:5f:28:75:69:15:7c:86:55:81:5e:67:b1:fd:40:4a: + 5a:3e:c9:9a:54:8a:ff:17:f6:80:10:fb:8f:e4:8f:ef:5d:0f: + 00:94:3d:c1:67:f1:e7:a5:b0:b8:e2:b7:9b:1f:f1:4c:3b:7d: + 92:ca:d4:57:16:f5:1b:37:6a:49:48:58:da:ec:2b:8c:e2:d8: + 42:7a:a9:c1:b0:a9:94:cd:5e:4d:35:ca:85:44:3b:36:64:76: + e1:85:c4:c8:a1:d9:77:54:ae:73:b8:2e:47:18:ba:b1:34:34: + 9b:21:42:64:9f:26:b3:8b:d7:72:55:6e:43:70:cb:b2:79:5b: + 34:80:52:ac:d0:d7:04:0d:64:5f:70:d1:02:ba:f5:ec:80:e8: + 10:d6:8a:ff +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUckFG4m9HrubvyiIevGGb7SfoYUYwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAyPTD/66ZRNwHGWJZHboOE9B4tqB/ynRPpMJc3gTi6iLZ +KE1FVBRM6FbUe4pk+vnkFCPArcwlYzhZVQBR4oKsrkc72uKVeRy1lsrSSjz3uHrM +nuKN0BcLvG4OPMIFOiFkANvDCLXmz3hdKzy6VKlaZE4b2DrrFNNardpv1qLhfg// +znGFFMf+VGX5xkdzrm6bgedVy37qdqhI+WIlQA7Rz5CPaPeUIGmkFIoUJFM9Vbha +Ma58NnTSwizOe+mDaVYW7Pm7fLAUb5US2nywI7hdQdy8rSTZtmo/gmx0oHNoWtPk +8gqTuRzuu87i2IaGjuAkWOPs9eOENummYnJcSwycFQIDAQABo4HfMIHcMB0GA1Ud +DgQWBBTxqeLpWMMxreJgm1XAogqAexUQLTAfBgNVHSMEGDAWgBSAFB4ExqDEKCUw +KFm9QBplBwUYODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +IDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAFzy8P3RP +jpGRZMTmVJSELalkD/wsQtouGb2L8KdR69N0BBf5icHVBDNnOtHJ68RhaO9q47OV +Nl9PcgKBuU56aGU+uxmt2azklkVVB66U1VUUSsSynt+mjSLEzlZLkto9Sn0jU6Rs +YWD092htInk8Xyh1aRV8hlWBXmex/UBKWj7JmlSK/xf2gBD7j+SP710PAJQ9wWfx +56WwuOK3mx/xTDt9ksrUVxb1GzdqSUhY2uwrjOLYQnqpwbCplM1eTTXKhUQ7NmR2 +4YXEyKHZd1Suc7guRxi6sTQ0myFCZJ8ms4vXclVuQ3DLsnlbNIBSrNDXBA1kX3DR +Arr17IDoENaK/w== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ad:ea:23:0c:dc:31:55:3d:23:7a:a3:0f:5e:16: + 9e:62:44:e4:28:bf:0b:b0:76:a3:5e:71:e7:a9:85: + 52:1e:ae:3b:2b:21:0d:95:35:73:c2:c0:a0:78:13: + d3:fc:27:57:8a:98:de:83:e3:8f:a3:13:a5:20:a7: + a9:bf:c8:f5:02:1b:08:1a:2e:a5:04:7a:11:24:a1: + 59:11:3d:c0:3b:57:35:62:cd:2a:41:cd:5c:15:35: + ac:c8:66:f8:a9:f2:d4:1c:0c:b4:dc:9d:7b:99:f9: + 07:1b:c9:f0:03:6a:6c:71:d8:e6:cb:7a:ec:c7:a7: + b7:36:0b:f0:49:22:37:22:f4:77:f3:1a:a6:57:59: + 0b:6c:6a:3b:b8:d1:47:df:48:ac:54:ee:82:1e:39: + 14:dc:a6:9c:ab:33:b7:87:4f:3b:70:55:af:db:40: + e5:26:a9:0f:bc:59:8f:61:92:47:0a:34:73:de:fb: + 25:fa:f1:bd:a4:03:35:93:5e:57:a3:a3:3f:13:e6: + 09:68:c5:51:29:20:53:b8:5e:fa:8a:ce:e8:0a:ef: + 9e:07:6e:55:f7:f6:c1:e7:12:9f:22:c1:72:b8:2a: + af:25:34:eb:08:28:36:73:8e:f6:80:70:21:16:8a: + 81:2b:69:47:62:c5:ef:7e:dd:80:7c:09:4e:6d:57: + 86:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 80:14:1E:04:C6:A0:C4:28:25:30:28:59:BD:40:1A:65:07:05:18:38 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:a2:b5:c1:e1:98:7e:0f:1d:2a:0e:eb:b8:65:57:0f:4d:78: + 85:7e:81:cb:0f:8c:04:5c:1a:40:6b:f1:00:71:61:59:0b:19: + 3a:f0:97:a3:94:38:55:35:65:9b:b7:0c:a3:a0:99:eb:1d:f7: + 68:ed:3c:21:90:99:80:69:52:00:71:3d:b1:1d:64:66:62:c3: + 37:4e:f4:38:1e:c9:14:3f:50:66:2f:b9:f5:11:31:2c:87:30: + 1e:f1:1b:14:c3:90:05:ba:bc:57:06:39:6a:e9:46:f1:67:6a: + a9:9b:16:04:b9:bd:93:bb:df:48:5a:77:9d:03:07:bb:8b:2e: + 2d:88:4d:aa:de:d3:73:2e:d8:04:e8:25:8b:ea:9b:e0:c5:87: + 5f:64:56:ac:b4:4e:74:ac:21:ac:ec:6a:a9:54:cd:77:24:2e: + bd:56:b6:70:26:a8:81:b6:1a:69:31:4a:53:5e:93:46:f4:28: + 40:90:6b:65:44:94:3b:61:f8:5f:8c:b7:31:e7:46:a6:79:e0: + 33:38:69:27:6b:b3:6e:5c:e4:f7:5a:2f:f9:bc:67:57:3e:e3: + dd:3a:99:5f:3a:ac:c7:5f:b7:5b:38:4b:ab:e1:1a:12:ec:e1: + 95:0a:2d:54:a4:99:30:d0:93:78:27:5b:a4:d5:69:5b:c8:c1: + ef:ff:84:02 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk8wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK3qIwzcMVU9I3qjD14WnmJE5Ci/C7B2o15x56mFUh6uOysh +DZU1c8LAoHgT0/wnV4qY3oPjj6MTpSCnqb/I9QIbCBoupQR6ESShWRE9wDtXNWLN +KkHNXBU1rMhm+Kny1BwMtNyde5n5BxvJ8ANqbHHY5st67MentzYL8EkiNyL0d/Ma +pldZC2xqO7jRR99IrFTugh45FNymnKszt4dPO3BVr9tA5SapD7xZj2GSRwo0c977 +JfrxvaQDNZNeV6OjPxPmCWjFUSkgU7he+orO6ArvngduVff2wecSnyLBcrgqryU0 +6wgoNnOO9oBwIRaKgStpR2LF737dgHwJTm1Xhk8CAwEAAaOByzCByDAdBgNVHQ4E +FgQUgBQeBMagxCglMChZvUAaZQcFGDgwHwYDVR0jBBgwFoAUcVBSNZJp91SxigzB +k4c+hOm+XIAwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCborXB4Zh+Dx0qDuu4ZVcPTXiFfoHLD4wEXBpA +a/EAcWFZCxk68JejlDhVNWWbtwyjoJnrHfdo7TwhkJmAaVIAcT2xHWRmYsM3TvQ4 +HskUP1BmL7n1ETEshzAe8RsUw5AFurxXBjlq6UbxZ2qpmxYEub2Tu99IWnedAwe7 +iy4tiE2q3tNzLtgE6CWL6pvgxYdfZFastE50rCGs7GqpVM13JC69VrZwJqiBthpp +MUpTXpNG9ChAkGtlRJQ7YfhfjLcx50ameeAzOGkna7NuXOT3Wi/5vGdXPuPdOplf +OqzHX7dbOEur4RoS7OGVCi1UpJkw0JN4J1uk1WlbyMHv/4QC +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:2c:98:11:ad:7d:7c:47:ab:8a:21:e3:43:a7:12:a0:c9:a9:32:4e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:df:0b:0b:a2:8a:9c:9c:68:ad:24:f9:f9:e6: + 95:ef:e4:71:1e:00:fb:ec:bf:b1:cb:6e:d6:40:30: + 42:7a:38:87:9e:5b:cd:58:3e:b7:31:5c:8d:0d:84: + 7a:be:ef:e6:98:ba:4e:c5:ae:2b:2f:66:b2:b2:3f: + e7:c0:a8:8b:75:60:61:2a:67:8a:d2:55:72:83:e2: + ff:de:76:d6:63:58:79:ba:91:c1:80:e1:06:1b:35: + 9c:b3:e9:19:f8:c7:21:80:dd:9e:04:18:35:de:df: + 00:80:21:09:06:3c:6c:9a:de:10:d1:fd:4d:2f:27: + 5e:56:24:44:67:88:48:e4:25:52:cc:c7:17:3f:69: + 1f:76:fc:b1:83:45:48:5d:37:da:80:3e:3d:7f:f6: + 8d:ec:83:00:d6:2f:c4:41:5d:79:ae:ad:14:4c:24: + b3:5e:1e:fe:ed:e8:39:17:4a:4b:ca:eb:10:5d:6e: + af:38:58:b1:12:a5:69:bd:bd:63:dd:f5:21:71:2c: + 36:37:72:51:3b:3a:de:8f:1e:a0:e2:6b:45:da:02: + ad:7e:04:b7:d3:c8:64:34:c6:f4:08:a0:e5:c9:02: + 1b:6f:42:22:be:d3:8b:7b:63:6e:39:c4:97:17:c6: + 9a:ba:9e:26:9b:e1:65:a6:4d:4a:93:5e:b2:4e:18: + 9d:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + X509v3 Authority Key Identifier: + keyid:71:50:52:35:92:69:F7:54:B1:8A:0C:C1:93:87:3E:84:E9:BE:5C:80 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6f:c2:f5:0d:cc:f7:a8:c4:03:50:ff:33:02:72:38:ac:72:19: + da:fe:1e:d0:20:79:44:d9:ce:cf:22:b1:09:78:16:5d:12:12: + aa:bd:9b:27:08:6f:18:08:08:7d:d2:06:52:a1:ae:19:35:61: + be:27:8f:20:e4:59:d5:f3:4e:56:55:77:28:2b:f8:a4:9c:8d: + 75:d8:4f:99:92:75:0f:a1:79:c5:47:6b:32:c7:86:a2:ce:17: + 55:ab:78:b0:ac:b4:15:04:19:0f:55:f3:09:ca:48:84:bf:32: + 01:58:04:33:75:84:57:8e:67:32:53:a7:09:1b:13:c0:3a:9f: + 65:2e:e2:82:26:1a:9c:47:c2:4f:bb:b9:c4:d2:b9:b3:cc:86: + bc:25:03:3c:6a:66:e2:82:58:03:fb:3e:dd:f5:a3:cc:d5:b9: + 1f:53:d5:63:6a:2c:a2:36:0a:8a:a8:15:bf:63:50:ad:db:98: + e8:40:97:24:2c:80:27:35:e1:53:27:da:26:86:72:67:ea:b7: + a1:30:5a:67:3f:ff:2c:3e:a4:7f:8a:6e:ff:e2:41:f2:02:34: + 8e:12:59:c0:c6:80:3b:78:d9:fd:1a:b8:e1:b5:b7:7f:c8:63: + 27:30:4d:00:7a:96:f1:4d:6e:a0:e9:da:9f:11:a2:b4:69:2f: + 8d:d4:9c:1a +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUMSyYEa19fEeriiHjQ6cSoMmpMk4wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCy3wsLooqcnGitJPn55pXv5HEeAPvsv7HLbtZAMEJ6OIeeW81YPrcxXI0N +hHq+7+aYuk7FrisvZrKyP+fAqIt1YGEqZ4rSVXKD4v/edtZjWHm6kcGA4QYbNZyz +6Rn4xyGA3Z4EGDXe3wCAIQkGPGya3hDR/U0vJ15WJERniEjkJVLMxxc/aR92/LGD +RUhdN9qAPj1/9o3sgwDWL8RBXXmurRRMJLNeHv7t6DkXSkvK6xBdbq84WLESpWm9 +vWPd9SFxLDY3clE7Ot6PHqDia0XaAq1+BLfTyGQ0xvQIoOXJAhtvQiK+04t7Y245 +xJcXxpq6niab4WWmTUqTXrJOGJ3BAgMBAAGjgcswgcgwHQYDVR0OBBYEFHFQUjWS +afdUsYoMwZOHPoTpvlyAMB8GA1UdIwQYMBaAFHFQUjWSafdUsYoMwZOHPoTpvlyA +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAb8L1Dcz3qMQDUP8zAnI4rHIZ2v4e0CB5RNnOzyKxCXgWXRIS +qr2bJwhvGAgIfdIGUqGuGTVhviePIORZ1fNOVlV3KCv4pJyNddhPmZJ1D6F5xUdr +MseGos4XVat4sKy0FQQZD1XzCcpIhL8yAVgEM3WEV45nMlOnCRsTwDqfZS7igiYa +nEfCT7u5xNK5s8yGvCUDPGpm4oJYA/s+3fWjzNW5H1PVY2osojYKiqgVv2NQrduY +6ECXJCyAJzXhUyfaJoZyZ+q3oTBaZz//LD6kf4pu/+JB8gI0jhJZwMaAO3jZ/Rq4 +4bW3f8hjJzBNAHqW8U1uoOnanxGitGkvjdScGg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.test b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.test new file mode 100644 index 0000000000..d5ea8c2379 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.test @@ -0,0 +1,5 @@ +chain: rsa-keyEncipherment.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/chain.pem new file mode 100644 index 0000000000..33f3e0fcf7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/chain.pem @@ -0,0 +1,243 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate is signed using a weak RSA +key (512-bit modulus). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 73:1d:79:3f:16:15:f2:fa:19:a6:58:c1:bc:00:3c:16:5c:12:fe:f0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f2:42:db:44:b2:6b:f2:0a:41:04:53:7d:0b:34: + a4:fe:8d:d5:3a:ff:e5:a9:0c:5d:e4:2d:69:fe:e3: + dd:8a:47:2f:e8:9e:5a:54:ab:0b:95:84:16:af:fa: + 29:11:43:5c:c9:59:15:30:59:77:bb:62:dd:d6:e4: + 27:3a:bf:a9:82:cb:b8:f4:3c:5c:1d:74:87:8d:57: + af:0a:69:91:68:b4:aa:f6:14:8b:25:14:60:68:c9: + 8d:56:09:06:a6:ad:12:8a:cb:05:33:b0:1e:11:03: + 52:bf:af:7d:87:b0:97:22:fb:5a:f4:ea:5b:14:56: + cc:ad:03:2a:da:75:59:35:8b:88:3a:b7:66:3b:18: + a8:7c:c4:29:4f:66:ac:da:1f:ba:ec:ef:fc:55:01: + 1e:31:7a:af:ca:5c:5d:cf:73:49:2f:50:b9:0d:3b: + 4c:0c:d9:b0:d6:25:86:ea:3d:4d:ea:de:3b:9c:2a: + 79:b3:c6:13:9a:bb:22:53:62:7c:a9:05:a6:a3:c7: + f5:28:72:24:c0:d6:ec:6f:66:eb:5a:85:91:5e:cd: + a5:95:cc:9f:60:88:a1:bc:95:33:1f:f4:8f:99:68: + 56:64:39:4c:a4:df:f3:41:10:14:50:e5:ba:42:e5: + c6:ec:50:37:44:26:de:0d:28:71:b8:63:bb:38:7e: + 04:a9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 78:F8:8D:81:56:D4:CD:CF:11:9F:9E:DD:3D:6C:F2:07:FE:0F:37:7D + X509v3 Authority Key Identifier: + keyid:E9:D8:44:8D:24:EE:A1:82:18:6F:21:FA:4E:EC:FB:DF:D1:91:57:9D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 73:a5:fd:61:cc:8d:7a:32:37:84:d8:e6:70:7e:df:30:2d:b3: + b5:31:dd:66:e6:bd:7b:1f:36:c3:b9:7a:9d:ca:6c:01:25:92: + 3d:7e:8a:9f:c4:11:76:f7:a1:07:83:b2:5b:29:04:58:e0:6b: + 4f:10:97:69:ff:14:7e:e4:c4:0b +-----BEGIN CERTIFICATE----- +MIIC3jCCAoigAwIBAgIUcx15PxYV8voZpljBvAA8FlwS/vAwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA8kLbRLJr8gpBBFN9CzSk/o3VOv/lqQxd5C1p/uPdikcv +6J5aVKsLlYQWr/opEUNcyVkVMFl3u2Ld1uQnOr+pgsu49DxcHXSHjVevCmmRaLSq +9hSLJRRgaMmNVgkGpq0SissFM7AeEQNSv699h7CXIvta9OpbFFbMrQMq2nVZNYuI +OrdmOxiofMQpT2as2h+67O/8VQEeMXqvylxdz3NJL1C5DTtMDNmw1iWG6j1N6t47 +nCp5s8YTmrsiU2J8qQWmo8f1KHIkwNbsb2brWoWRXs2llcyfYIihvJUzH/SPmWhW +ZDlMpN/zQRAUUOW6QuXG7FA3RCbeDShxuGO7OH4EqQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBR4+I2BVtTNzxGfnt09bPIH/g83fTAfBgNVHSMEGDAWgBTp2ESNJO6hghhv +IfpO7Pvf0ZFXnTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +QQBzpf1hzI16MjeE2OZwft8wLbO1Md1m5r17HzbDuXqdymwBJZI9foqfxBF296EH +g7JbKQRY4GtPEJdp/xR+5MQL +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1d:a9:8e:36:2e:87:ea:b5:92:e3:42:05:50:07:2b:bc:5f:13:0d:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (512 bit) + Modulus: + 00:d5:13:bb:52:bf:ca:19:1a:06:19:68:07:1d:e6: + 87:16:d3:f0:e0:12:ba:a2:b5:2a:3d:ed:b3:64:16: + 06:a3:50:fc:b0:a4:49:f2:f9:ab:34:ad:4f:db:0a: + 3d:2b:25:92:86:3f:94:df:fb:fc:54:f2:c7:6d:9e: + d2:10:e0:cd:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E9:D8:44:8D:24:EE:A1:82:18:6F:21:FA:4E:EC:FB:DF:D1:91:57:9D + X509v3 Authority Key Identifier: + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9c:90:c3:6a:14:6d:3c:2c:21:37:40:b3:8e:57:c7:89:f0:28: + 90:73:52:d8:e9:af:cf:46:47:95:5b:56:ed:c7:a5:6c:bb:c8: + e2:fc:60:7b:c2:fd:61:96:52:86:28:8e:c3:b5:b0:8b:e8:47: + 0f:cc:b9:2f:dc:1c:6b:d3:e6:0b:cf:7b:f9:c1:95:1a:cc:54: + 9c:90:78:37:cc:2b:1a:b4:c9:97:86:b0:76:95:21:f6:96:c1: + 74:1d:39:da:bd:b5:f4:1e:0d:7e:9c:11:41:a4:fc:68:60:6d: + da:82:d3:37:66:bb:44:1b:9c:38:ad:b5:04:cd:0c:66:54:a0: + 09:e2:29:25:2e:c3:c4:f5:5c:2a:86:71:49:f4:c4:c8:2d:e0: + 9e:c0:31:40:e2:b9:47:de:6b:68:fe:cc:26:3e:41:ca:9c:de: + f6:19:69:08:2a:d6:fe:09:ea:28:72:00:b6:3f:1b:6c:39:84: + f1:ec:44:bd:4d:77:ab:b5:9f:98:1d:79:a4:91:2e:64:50:89: + 66:28:b9:aa:e9:64:4b:26:ce:51:87:0e:73:8e:d9:46:1b:65: + b1:d4:45:16:f7:88:f0:d6:d3:a0:ad:63:10:d0:2d:36:37:16: + 7c:85:66:2a:90:15:c9:e2:05:8a:06:3b:b3:c4:c0:39:57:37: + 94:73:c3:73 +-----BEGIN CERTIFICATE----- +MIICuDCCAaCgAwIBAgIUHamONi6H6rWS40IFUAcrvF8TDWQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTBcMA0GCSqGSIb3DQEBAQUAA0sA +MEgCQQDVE7tSv8oZGgYZaAcd5ocW0/DgErqitSo97bNkFgajUPywpEny+as0rU/b +Cj0rJZKGP5Tf+/xU8sdtntIQ4M0NAgMBAAGjgcswgcgwHQYDVR0OBBYEFOnYRI0k +7qGCGG8h+k7s+9/RkVedMB8GA1UdIwQYMBaAFL4zckfCsZdBmcAxV1JWDLVTeFqk +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAnJDDahRtPCwhN0CzjlfHifAokHNS2Omvz0ZHlVtW7celbLvI +4vxge8L9YZZShiiOw7Wwi+hHD8y5L9wca9PmC897+cGVGsxUnJB4N8wrGrTJl4aw +dpUh9pbBdB052r219B4NfpwRQaT8aGBt2oLTN2a7RBucOK21BM0MZlSgCeIpJS7D +xPVcKoZxSfTEyC3gnsAxQOK5R95raP7MJj5Bypze9hlpCCrW/gnqKHIAtj8bbDmE +8exEvU13q7WfmB15pJEuZFCJZii5qulkSybOUYcOc47ZRhtlsdRFFveI8NbToK1j +ENAtNjcWfIVmKpAVyeIFigY7s8TAOVc3lHPDcw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1d:a9:8e:36:2e:87:ea:b5:92:e3:42:05:50:07:2b:bc:5f:13:0d:63 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ca:3f:f8:1f:42:8f:55:98:f8:9f:fb:94:03:42: + 2a:c1:42:3a:2b:2a:f3:54:14:f3:fe:67:25:24:d3: + 9a:7f:66:1a:60:0b:9d:d8:bd:65:71:b5:f5:d9:fe: + eb:f6:04:72:57:97:bc:23:b0:be:bd:ce:94:9e:58: + 1a:10:e7:33:09:0b:57:a8:1c:6f:fa:f7:ce:d1:31: + 34:90:1a:b4:60:2d:d2:7f:29:9b:4e:ec:f4:6e:99: + 21:6b:98:9c:90:09:fc:bd:2f:55:c3:34:38:48:4a: + 73:fe:58:e2:09:b9:d9:f9:53:f6:84:e2:5d:fc:eb: + 3c:ba:92:f5:bc:97:cc:ef:43:54:f7:4f:c9:b4:2c: + 86:95:32:a6:e8:91:f5:8e:31:f8:de:b5:d9:c9:3d: + 4d:d7:24:4c:8c:58:aa:8a:c5:79:ab:e7:cd:3b:5c: + 84:67:52:5a:88:33:c3:55:d5:a9:2e:c9:5b:61:7c: + 87:05:c1:0b:d7:19:4a:fe:bd:ba:af:d7:e5:70:d1: + a4:92:08:d2:f2:ca:2b:b1:94:d0:84:57:f9:30:92: + fc:3a:67:82:10:6e:e3:89:9f:b3:df:75:6e:99:46: + bd:ce:b1:e8:ac:a2:3b:21:80:da:11:13:bd:df:93: + 0e:0e:ee:5d:f5:39:a2:a8:f7:41:c8:cb:00:5c:ac: + ee:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + X509v3 Authority Key Identifier: + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:b0:03:7c:77:94:40:3a:ef:ac:01:43:e5:78:d5:4f:27:a7: + 41:d4:83:01:d1:f4:cb:02:06:96:26:6e:53:88:2a:78:ac:9f: + 77:04:1f:fa:1c:57:a2:af:c9:d8:5d:f0:9f:e6:c6:47:a6:2a: + 61:bb:22:3a:73:65:ad:ae:c3:e2:79:e8:87:01:de:96:f7:ad: + d9:db:b6:9b:77:d4:e0:96:45:d8:3e:1e:2f:c1:1b:e7:0e:de: + 4e:58:42:11:00:fd:6e:b8:53:9a:8f:9f:5e:f0:2c:84:bc:3f: + 41:5a:f2:96:0f:b3:fd:35:10:21:d4:27:ed:c9:8c:d5:d0:c8: + b7:09:cb:d5:50:64:ff:dc:a3:86:7c:56:0f:58:bf:0b:5f:55: + 64:43:c5:df:e3:fa:96:2b:ac:15:fc:12:53:01:19:da:61:47: + 1d:28:d1:3b:18:4d:4c:78:49:a3:2e:eb:5f:0d:b7:71:f1:74: + 94:7d:1e:df:97:3b:96:cd:25:38:86:0d:66:a2:b6:2f:7a:4d: + 77:c6:70:f3:7b:a1:0e:01:84:e6:19:cc:b9:c0:e1:07:10:36: + 9a:b0:f9:0a:6b:22:a6:c0:18:3d:c8:34:86:34:d3:14:e2:c6: + a9:c7:7b:07:b2:6c:a1:14:6b:a0:70:01:6c:ab:ff:0a:08:f4: + ab:8d:05:09 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUHamONi6H6rWS40IFUAcrvF8TDWMwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDKP/gfQo9VmPif+5QDQirBQjorKvNUFPP+ZyUk05p/ZhpgC53YvWVxtfXZ +/uv2BHJXl7wjsL69zpSeWBoQ5zMJC1eoHG/6987RMTSQGrRgLdJ/KZtO7PRumSFr +mJyQCfy9L1XDNDhISnP+WOIJudn5U/aE4l386zy6kvW8l8zvQ1T3T8m0LIaVMqbo +kfWOMfjetdnJPU3XJEyMWKqKxXmr5807XIRnUlqIM8NV1akuyVthfIcFwQvXGUr+ +vbqv1+Vw0aSSCNLyyiuxlNCEV/kwkvw6Z4IQbuOJn7PfdW6ZRr3OseisojshgNoR +E73fkw4O7l31OaKo90HIywBcrO6xAgMBAAGjgcswgcgwHQYDVR0OBBYEFL4zckfC +sZdBmcAxV1JWDLVTeFqkMB8GA1UdIwQYMBaAFL4zckfCsZdBmcAxV1JWDLVTeFqk +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEADrADfHeUQDrvrAFD5XjVTyenQdSDAdH0ywIGliZuU4gqeKyf +dwQf+hxXoq/J2F3wn+bGR6YqYbsiOnNlra7D4nnohwHelvet2du2m3fU4JZF2D4e +L8Eb5w7eTlhCEQD9brhTmo+fXvAshLw/QVrylg+z/TUQIdQn7cmM1dDItwnL1VBk +/9yjhnxWD1i/C19VZEPF3+P6liusFfwSUwEZ2mFHHSjROxhNTHhJoy7rXw23cfF0 +lH0e35c7ls0lOIYNZqK2L3pNd8Zw83uhDgGE5hnMucDhBxA2mrD5CmsipsAYPcg0 +hjTTFOLGqcd7B7JsoRRroHABbKv/Cgj0q40FCQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/generate-chains.py new file mode 100755 index 0000000000..14536b441f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/generate-chains.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate is signed using a weak RSA +key (512-bit modulus).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate with a very weak key size (512-bit RSA). +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_key(gencerts.get_or_generate_rsa_key( + 512, gencerts.create_key_path(intermediate.name))) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Intermediate.key new file mode 100644 index 0000000000..5f4989f7cd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Intermediate.key @@ -0,0 +1,10 @@ +openssl genrsa 512 +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBANUTu1K/yhkaBhloBx3mhxbT8OASuqK1Kj3ts2QWBqNQ/LCkSfL5 +qzStT9sKPSslkoY/lN/7/FTyx22e0hDgzQ0CAwEAAQJAbZBW20b5QY0LI9dFCY/3 +WLqkemPHClFDplJq0wUsZp8XCIDjkx8RzNBOjN1i4WV25z5q5lOGeYopYgE4g5AQ +QQIhAO0ZkvzLX7A08d5guXp7AZYIbX3z43fzBaaAPkgRaC9RAiEA5g/uXR1+NxrK +a88zei/oADF6tixOoTI41Hkg3CCK6v0CIE6GPskcbfeEwWod7K/k1zSiW+jwAjDy +urdXF8l0gmXRAiBNtcnlKAYvJNyFCAsyVaY/EneJu3Of3W/2zSd9U3y5HQIgXa7O +cDEGpXaGf862y0kEzrHPnG8morJkL6zjUOtI6ZA= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Root.key new file mode 100644 index 0000000000..3034b86cfa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyj/4H0KPVZj4n/uUA0IqwUI6KyrzVBTz/mclJNOaf2YaYAud +2L1lcbX12f7r9gRyV5e8I7C+vc6UnlgaEOczCQtXqBxv+vfO0TE0kBq0YC3Sfymb +Tuz0bpkha5ickAn8vS9VwzQ4SEpz/ljiCbnZ+VP2hOJd/Os8upL1vJfM70NU90/J +tCyGlTKm6JH1jjH43rXZyT1N1yRMjFiqisV5q+fNO1yEZ1JaiDPDVdWpLslbYXyH +BcEL1xlK/r26r9flcNGkkgjS8sorsZTQhFf5MJL8OmeCEG7jiZ+z33VumUa9zrHo +rKI7IYDaERO935MODu5d9TmiqPdByMsAXKzusQIDAQABAoIBAEiBrGtQimBOifuY +zpRoeTl1i7MEH93p8RsoUTmlnsLDkPsTzw/vvlmIuU3gxSkaqP9cB3foGkmjsMYf +oaCjsjkw1skPANpBUuTONiDfYgEFDGzINsSR0IOB5GhVevNskS4ltSJZK0BHaNQr +e0WvWkS3ZC55lOZiUxA0NWLaLP8tSXdWoaUK3XBwCi+yg5E+enM88Hx69kAY5Xxs +1D3GxPpCPXTT6xVuutA7eaozb7QQuMQro/T279YpFN7DblFs4CxYpGFJHsJ3+y9m +4jj1vDSA5lZvj20x4EhiS40rsF/5pjBq0SZG39Gv9cUwJjgbgwAPRjufv5Hjd4vo +b2X36v0CgYEA+mm1qlKHLEtnDVZK+6gX5gO6O7YF+u/Nj+jzsZ7/2/O0LMDs37kd +jq+8KJz/xsSyU0s+1r+ddY8GuIGHqyGiRVKyIUcA90vd9SrxYcRbbV7G0QZym+F4 +fuJ3jRbFK6fDz9BwkaE7/uOFsckWNiSH7ChSQss8nIQ8AdH4bBjyJ2cCgYEAzsMq +V2Pc9dXYsKQVoCbSvcWqizh0GrOoZUKfytBNnGacS9wU1mfdNknTS3fwLWfaBu7e +mS3MdFQoM0g4kOGEhv09vb1bNiAe+x37cXQvFzKeH9Aj3LTnJQHIbnEBnZGM+VMA +9e2TsS6b/L1L/4+zz6yCecZHpezpQjcslk8A4icCgYBgrHDS6Xt/8Tg+oOLf1twr +E6NRLAuQ/gU5GrECEKUscCBN6slH8bpkfJnCgCIKxaMmnvUKiP0sBmSM1Izg12JD +KxLT4AqSbjqpTMPVf63gQme1CK00Ws5fBeUrle/W07S3xPvAbSOxWnsh0MT/cAj9 +de+UE8w5jJ9yAHLMoLDT3wKBgDOUUlK8sdmOAGGIfXCXXslCr1nNuoESwnaIWU6C +Cmpy2pi+DWCzRmcNoa1Y/UyGdMh3/IXf+/olKGYqpRnXeHUoZaeYvlFRUAk7IIfc +AQdbdEDhbqDXbDY6LKMIg+un7LAh+cJgAxEXXIh/PJ9DXQr4sQ/p2+PTpxkCpJfW +m5TPAoGAYIdAPSVITlwvEJZHOy0TJ5/1f8oAcNp16hhhfmxN8NCad5JaW8G5QSDG +ck7RvwV6Zt3z5LaXYCyz8JbMxTGnCMdf5xKrRkTN+i515BGBYQqbkNqrdIdYKzmF +wDHaQFVtWi7cH1j6fygW9luZt3Jh0+euPEewMmLzZ1AglSYDwUQ= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Target.key new file mode 100644 index 0000000000..1cba9eb9fd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA8kLbRLJr8gpBBFN9CzSk/o3VOv/lqQxd5C1p/uPdikcv6J5a +VKsLlYQWr/opEUNcyVkVMFl3u2Ld1uQnOr+pgsu49DxcHXSHjVevCmmRaLSq9hSL +JRRgaMmNVgkGpq0SissFM7AeEQNSv699h7CXIvta9OpbFFbMrQMq2nVZNYuIOrdm +OxiofMQpT2as2h+67O/8VQEeMXqvylxdz3NJL1C5DTtMDNmw1iWG6j1N6t47nCp5 +s8YTmrsiU2J8qQWmo8f1KHIkwNbsb2brWoWRXs2llcyfYIihvJUzH/SPmWhWZDlM +pN/zQRAUUOW6QuXG7FA3RCbeDShxuGO7OH4EqQIDAQABAoIBAG/CCdcKHCP/OPke +7qtxsL/BfGGIVVED5HhzvtcYFUZKCr7b9j3i3iguVC0AUVumYLJ+BvlT/JkURdRx +UeuXKUKuanc5NSFddX7tuVErXCoaVlfJKFuFp+gPOsU6yrevVcNzXsX2dBhTGSRW +d6lV/JLls5MSXcvnMuqJcIZw5iN9ghfzsFjXSkliXLb7izq1cjexqQ19uIwbuowH +B8njrtmd/vMWRmuKpS77djrllh00JXrvKGATNX6ggPlaJgnIG0qvGGJCqDShtlJ+ +F9jtjVPNWKGFmmfSiNGpSftMWTUSGSQWmUFRLqb0zWqa839/FvQAOnoOF1PhVKz8 +UXY5VDUCgYEA/w+ILmeryXYGrWYGLUdg4Pch+UMYvfzlf0CXuJHEN4Wk2aINO1qo +TqC0qc2IIUEw36M5lu1ihXhd/L8221VuQWxjUOI7zu4U/M3ksky7V6C4KrxS9FCU +DaK1Z25aUDoKvEMpVL5Eo/rdgpbhvtEd7WiEtPfBf4vqG91ABePTxvcCgYEA8ydB +4MiDftZm3CauEWQeC2AvD5nFkuKfcl36OtRnECCq3DvyKU3rXh0VKqe0U96SZrVo +HXQHQyns53HrBx2igz6AqzTJIASU2L3HQ7kLCuny3Fz3VgTYsHuSdLfod3d0ChGe +pwccJwbUs/3NxZ7svTLRbHvK6LRMH9SLFce7iV8CgYEAg+IlGVGTuwzjMP/DC+CP +kGNY1slB3uMIS787dD0zBz58Wef4DYu34Ugpgm97By7tNYXxvj+qpLbzaj/4/npz +EzMXO3hvUnU6tulDaopQiGPbNoXAIwITO+W5BO1Dl54bdPMJSP9FAMEzjlW0DnWU +kvBrRiOhkvDmsVe6xhDirUsCgYEA0zSAVp4VCjF1uzil7llGd58egbCSG1paIV9c +IYmp1Cpr/0zateIG1gLxBdISIt+rzyc3vo2wWTirnQYonk+xf8rkvNHm+bbBC9sc +oMi0vNAlsh/Wf5NKHVHZDyVH+a16z9wqMO9OFuAqFgYZnNTE0jq4CkElKSijDurx +vQN29IUCgYAjhVZQWSStTO/v+PM6NuJ6kbdsYIcx6O3cAK25XsGErJdogyNKloqP +rW5U0sroKlWUOEodjod6dDuUaQUCmO0Np4mHZTRwkXKor9nYYqiSVBh6PJLZLBUH +X6U9dSsRaQ1EaM63wNPIGvM/aAe8KpiEcpVtTJmS/yMf1+vI0cEbqA== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/main.test b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/main.test new file mode 100644 index 0000000000..6af47f5068 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/main.test @@ -0,0 +1,11 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: RSA modulus too small + actual: 512 + minimum: 1024 +ERROR: Unacceptable public key + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/chain.pem new file mode 100644 index 0000000000..9bed1a63e3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/chain.pem @@ -0,0 +1,251 @@ +[Created by: generate-chains.py] + +Certificate chain where the root certificate holds an RSA key, intermediate +certificate holds an EC key, and target certificate holds an RSA key. The +target certificate has a valid signature using ECDSA. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 41:40:39:26:f7:3c:b3:a7:c4:58:60:3a:f3:20:9a:3a:ee:e3:c5:56 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e6:90:14:d7:6c:5e:85:24:21:17:7a:ce:f2:8a: + 3e:83:20:e4:3e:eb:cf:4c:06:bb:0a:d5:21:d9:2b: + e1:2e:14:8a:20:16:c8:c9:4b:55:ed:e9:ea:48:ed: + ef:03:2b:de:25:dd:41:9b:0c:0b:bd:f8:58:e2:a0: + ba:92:3f:03:de:ca:e6:35:42:be:ab:e1:33:17:ac: + 3e:bc:fc:90:2a:d2:c7:76:1f:51:d2:ca:e9:80:e0: + 76:39:ab:88:65:b4:e3:ea:05:dd:c5:8e:fe:4c:86: + c3:06:49:0c:ab:69:a5:4f:14:cc:82:1f:b1:3d:f6: + f9:d5:d4:61:41:35:e5:d4:f7:4f:1a:af:fb:a8:ff: + ef:7b:38:95:40:c5:56:32:a5:cf:8f:d6:04:df:23: + eb:5b:f7:32:a3:d7:a1:df:cb:67:35:25:d6:63:92: + d7:da:d9:83:20:52:58:1d:ef:6e:3c:88:91:14:08: + c7:70:85:b7:b3:93:c1:9a:51:57:d8:d5:4c:81:83: + 96:91:b6:5a:b9:b5:7e:fb:90:bd:71:2e:09:04:6e: + f9:0b:ff:51:43:d4:20:77:ee:31:34:98:f8:e8:8f: + 5a:2e:75:f1:0f:bf:64:35:a5:00:cb:4a:00:6e:45: + a3:01:d7:97:46:49:55:c1:df:2d:31:c4:98:ae:25: + b2:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:D4:34:B4:BC:27:68:8C:38:A0:8F:3A:CF:6E:58:5F:57:97:44:B8 + X509v3 Authority Key Identifier: + keyid:B1:0E:68:94:5F:A9:F7:F8:4B:09:42:7D:AE:5A:7A:05:BF:E4:A1:F1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:bf:ee:04:f4:3a:0a:2c:ba:41:33:77:1e:dc: + e3:ae:85:f0:ac:29:06:88:ab:a1:58:98:eb:1f:e4:8e:66:9f: + dd:1c:6e:96:7f:57:ba:27:4f:f5:21:a0:ad:5a:1f:38:93:02: + 31:00:c0:58:7d:64:1d:a0:43:1d:04:26:68:14:08:41:bf:a9: + 7d:56:78:a6:95:74:a4:d3:db:88:6b:64:4c:e7:ee:b5:a0:49: + 71:00:39:63:19:31:b0:8f:86:7b:c1:b5:dd:f4 +-----BEGIN CERTIFICATE----- +MIIDADCCAoWgAwIBAgIUQUA5Jvc8s6fEWGA68yCaOu7jxVYwCgYIKoZIzj0EAwIw +FzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAw +NTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5pAU12xehSQhF3rO8oo+gyDkPuvPTAa7CtUh2SvhLhSKIBbI +yUtV7enqSO3vAyveJd1BmwwLvfhY4qC6kj8D3srmNUK+q+EzF6w+vPyQKtLHdh9R +0srpgOB2OauIZbTj6gXdxY7+TIbDBkkMq2mlTxTMgh+xPfb51dRhQTXl1PdPGq/7 +qP/veziVQMVWMqXPj9YE3yPrW/cyo9eh38tnNSXWY5LX2tmDIFJYHe9uPIiRFAjH +cIW3s5PBmlFX2NVMgYOWkbZaubV++5C9cS4JBG75C/9RQ9Qgd+4xNJj46I9aLnXx +D79kNaUAy0oAbkWjAdeXRklVwd8tMcSYriWyswIDAQABo4HpMIHmMB0GA1UdDgQW +BBSg1DS0vCdojDigjzrPblhfV5dEuDAfBgNVHSMEGDAWgBSxDmiUX6n3+EsJQn2u +WnoFv+Sh8TA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwt +Zm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6 +Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDaQAwZgIx +AL/uBPQ6Ciy6QTN3HtzjroXwrCkGiKuhWJjrH+SOZp/dHG6Wf1e6J0/1IaCtWh84 +kwIxAMBYfWQdoEMdBCZoFAhBv6l9VnimlXSk09uIa2RM5+61oElxADljGTGwj4Z7 +wbXd9A== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:20:1f:53:92:38:2c:47:67:4d:1d:04:41:2d:53:ab:1e:d4:5c:aa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f3:8f:d7:88:9f:98:67:05:36:a9:16:7c:85:b2: + cf:8e:02:72:19:eb:ab:48:14:1e:6f:6a:13:93:3e: + 80:b9:aa:7f:53:9c:91:91:9e:b1:79:76:ec:31:ef: + 97:46:30:d8:f4:ad:9c:60:c0:a6:00:88:62:5a:68: + 9e:3e:00:f3:6c:b4:1a:10:0b:78:12:f3:fe:5f:47: + 40:14:e7:2d:c0:82:cc:cf:df:93:fb:21:8e:ed:59: + b2:70:1e:7b:70:0c:e5 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:0E:68:94:5F:A9:F7:F8:4B:09:42:7D:AE:5A:7A:05:BF:E4:A1:F1 + X509v3 Authority Key Identifier: + keyid:43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8d:18:e4:44:8c:d8:6b:90:61:40:38:87:fb:85:bf:25:b8:c6: + a6:8b:6a:95:28:46:a9:19:3a:59:83:df:1a:d1:73:b0:20:7d: + 96:41:bc:0e:77:0c:b9:65:8d:54:f4:0b:a5:69:b1:5a:9a:49: + 21:f0:92:fe:88:00:79:01:57:47:4a:d4:a7:06:ca:49:69:fc: + c7:e9:40:90:58:0f:d6:3b:66:a7:39:f5:11:d8:de:5e:bf:3d: + 04:08:92:c2:ba:c1:d1:9b:c3:63:08:22:48:a4:9b:23:12:86: + 95:cf:b3:9f:7e:94:01:6d:3b:e7:fa:4f:b5:29:43:5d:34:98: + 01:f5:26:96:7e:c6:46:77:8f:41:7c:74:ad:e1:f7:60:5a:bd: + fa:28:f6:c1:d9:5c:e2:0d:a3:9c:f3:72:69:c0:7e:ca:b6:5d: + e3:19:0f:90:c6:e8:08:64:b7:38:17:56:9d:16:ac:49:17:d9: + 18:08:1c:eb:02:e5:11:5d:22:92:e2:7f:28:ec:cf:73:c5:25: + d5:13:17:b3:d1:88:e2:4b:5d:e7:b1:39:73:9b:52:9c:3e:6d: + 02:d2:f1:be:ac:6a:20:f1:93:9e:51:60:e4:50:da:c9:b4:99: + 79:85:cf:de:19:81:0c:8d:fa:2a:28:c9:da:51:db:66:51:da: + 1e:c0:90:54 +-----BEGIN CERTIFICATE----- +MIIC0jCCAbqgAwIBAgIUYiAfU5I4LEdnTR0EQS1Tqx7UXKowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABPOP14ifmGcFNqkWfIWyz44Cchnrq0gUHm9qE5M+gLmqf1OckZGesXl27DHv +l0Yw2PStnGDApgCIYlponj4A82y0GhALeBLz/l9HQBTnLcCCzM/fk/shju1ZsnAe +e3AM5aOByzCByDAdBgNVHQ4EFgQUsQ5olF+p9/hLCUJ9rlp6Bb/kofEwHwYDVR0j +BBgwFoAUQ+fMPEU+WKdt0pBWjxaTni/zBi4wNwYIKwYBBQUHAQEEKzApMCcGCCsG +AQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAh +oB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCNGOREjNhrkGFA +OIf7hb8luMami2qVKEapGTpZg98a0XOwIH2WQbwOdwy5ZY1U9AulabFamkkh8JL+ +iAB5AVdHStSnBspJafzH6UCQWA/WO2anOfUR2N5evz0ECJLCusHRm8NjCCJIpJsj +EoaVz7OffpQBbTvn+k+1KUNdNJgB9SaWfsZGd49BfHSt4fdgWr36KPbB2VziDaOc +83JpwH7Ktl3jGQ+QxugIZLc4F1adFqxJF9kYCBzrAuURXSKS4n8o7M9zxSXVExez +0YjiS13nsTlzm1KcPm0C0vG+rGog8ZOeUWDkUNrJtJl5hc/eGYEMjfoqKMnaUdtm +UdoewJBU +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:20:1f:53:92:38:2c:47:67:4d:1d:04:41:2d:53:ab:1e:d4:5c:a9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f5:c6:4e:ee:3f:f0:7c:64:c3:5d:09:15:02:1c: + 1b:f3:43:19:a5:c1:a9:a0:fb:f9:98:ee:e4:af:7c: + e2:ad:51:6d:c5:74:03:4d:db:f1:e0:69:ed:9a:23: + d8:cd:34:0b:83:6a:32:4e:1d:c0:91:fc:88:17:02: + 0d:bd:6d:d9:b9:92:71:6b:8f:23:40:f9:48:fe:16: + 59:af:f4:9c:33:7d:3f:08:65:ff:f1:e5:9c:4d:e8: + e8:7b:4a:c3:16:6d:53:9d:92:d7:86:9b:95:fb:5d: + 86:6d:af:00:dd:6f:25:0d:53:70:7e:b6:36:11:94: + d1:90:b5:f1:6d:a8:b0:e8:2d:0d:c5:85:b5:50:4b: + 7e:b0:57:8d:82:6d:bb:e0:82:64:3b:a4:d6:c4:d7: + 0a:2c:89:61:47:99:67:5e:71:1f:5c:66:14:08:fa: + 29:88:09:3b:38:60:4d:01:67:53:fe:16:85:70:54: + bf:e1:5e:76:b8:33:e3:9c:17:08:a4:0f:f2:c5:e1: + ac:99:94:7e:10:47:7d:51:43:42:85:df:e2:9a:53: + 07:c4:2f:c8:bf:56:da:0b:7f:41:6d:8f:76:42:b0: + 25:3c:fb:0a:f4:d0:d0:b3:79:72:70:0d:07:95:97: + c1:11:82:ff:c4:13:ec:0f:cf:bb:4e:b8:4a:ed:ca: + 3c:a3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E + X509v3 Authority Key Identifier: + keyid:43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + d2:50:10:c9:a0:28:ad:dc:18:87:68:2b:7c:a7:6c:e8:1a:07: + 38:9f:f0:dc:45:7a:75:f4:24:47:16:ce:4a:60:76:c0:0e:2a: + 61:f0:b1:55:42:23:08:f9:b1:f4:4f:9a:0e:ad:9a:4f:b9:bb: + 42:d4:98:13:87:ce:1e:55:f3:1b:25:cf:fa:a4:f5:5b:d6:d2: + cb:28:ca:86:aa:f8:e2:8b:d2:8b:e3:0c:0e:d9:e3:9f:ee:27: + 03:c6:13:e8:9d:a5:b1:64:c8:a2:e5:c0:f0:07:03:58:a1:20: + 0c:7b:47:a2:db:67:86:e9:68:25:04:ad:c9:1f:dc:2d:b1:0e: + 52:a8:6f:de:6c:29:02:17:58:30:df:0c:7c:f3:1f:e6:9e:d7: + bd:40:0d:e3:eb:af:49:1f:d8:e9:3f:0b:ee:54:97:b1:93:1e: + 77:f2:26:51:6a:5a:be:e4:82:ff:5f:fc:b5:23:74:dd:82:45: + ea:f5:7a:31:7d:9d:fd:62:4a:2d:99:67:4b:ba:62:5e:47:cb: + 4a:63:d9:b4:6e:ea:39:ac:d6:3e:6c:53:92:d1:9a:ae:a1:1f: + 6f:f2:ff:75:07:26:24:53:76:1e:e0:d7:2a:3b:59:74:45:54: + 94:b6:7e:45:aa:26:b3:96:22:c0:ca:c5:d0:e2:5d:a4:f6:74: + b7:3a:66:d1 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUYiAfU5I4LEdnTR0EQS1Tqx7UXKkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQD1xk7uP/B8ZMNdCRUCHBvzQxmlwamg+/mY7uSvfOKtUW3FdANN2/Hgae2a +I9jNNAuDajJOHcCR/IgXAg29bdm5knFrjyNA+Uj+Flmv9JwzfT8IZf/x5ZxN6Oh7 +SsMWbVOdkteGm5X7XYZtrwDdbyUNU3B+tjYRlNGQtfFtqLDoLQ3FhbVQS36wV42C +bbvggmQ7pNbE1wosiWFHmWdecR9cZhQI+imICTs4YE0BZ1P+FoVwVL/hXna4M+Oc +FwikD/LF4ayZlH4QR31RQ0KF3+KaUwfEL8i/VtoLf0Ftj3ZCsCU8+wr00NCzeXJw +DQeVl8ERgv/EE+wPz7tOuErtyjyjAgMBAAGjgcswgcgwHQYDVR0OBBYEFEPnzDxF +PlinbdKQVo8Wk54v8wYuMB8GA1UdIwQYMBaAFEPnzDxFPlinbdKQVo8Wk54v8wYu +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEA0lAQyaAordwYh2grfKds6BoHOJ/w3EV6dfQkRxbOSmB2wA4q +YfCxVUIjCPmx9E+aDq2aT7m7QtSYE4fOHlXzGyXP+qT1W9bSyyjKhqr44ovSi+MM +Dtnjn+4nA8YT6J2lsWTIouXA8AcDWKEgDHtHottnhuloJQStyR/cLbEOUqhv3mwp +AhdYMN8MfPMf5p7XvUAN4+uvSR/Y6T8L7lSXsZMed/ImUWpavuSC/1/8tSN03YJF +6vV6MX2d/WJKLZlnS7piXkfLSmPZtG7qOazWPmxTktGarqEfb/L/dQcmJFN2HuDX +KjtZdEVUlLZ+Raoms5YiwMrF0OJdpPZ0tzpm0Q== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/generate-chains.py new file mode 100755 index 0000000000..4f72e492d9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/generate-chains.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the root certificate holds an RSA key, intermediate +certificate holds an EC key, and target certificate holds an RSA key. The +target certificate has a valid signature using ECDSA.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate using an RSA key. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate using an EC key for the P-384 curve. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.set_key(gencerts.get_or_generate_ec_key( + 'secp384r1', gencerts.create_key_path(intermediate.name))) + +# Target certificate contains an RSA key (but is signed using ECDSA). +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Intermediate.key new file mode 100644 index 0000000000..ebac5bfa44 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Intermediate.key @@ -0,0 +1,10 @@ +openssl ecparam -name secp384r1 -genkey +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDAzb/UOUefhWzR7oqjNIN5Kp1Smw8QgXe6oBCNitxyprV2Qg/9O0mVP +e2ZPkkGcnbSgBwYFK4EEACKhZANiAATzj9eIn5hnBTapFnyFss+OAnIZ66tIFB5v +ahOTPoC5qn9TnJGRnrF5duwx75dGMNj0rZxgwKYAiGJaaJ4+APNstBoQC3gS8/5f +R0AU5y3AgszP35P7IY7tWbJwHntwDOU= +-----END EC PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Root.key new file mode 100644 index 0000000000..e6ed5c1528 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA9cZO7j/wfGTDXQkVAhwb80MZpcGpoPv5mO7kr3zirVFtxXQD +Tdvx4GntmiPYzTQLg2oyTh3AkfyIFwINvW3ZuZJxa48jQPlI/hZZr/ScM30/CGX/ +8eWcTejoe0rDFm1TnZLXhpuV+12Gba8A3W8lDVNwfrY2EZTRkLXxbaiw6C0NxYW1 +UEt+sFeNgm274IJkO6TWxNcKLIlhR5lnXnEfXGYUCPopiAk7OGBNAWdT/haFcFS/ +4V52uDPjnBcIpA/yxeGsmZR+EEd9UUNChd/imlMHxC/Iv1baC39BbY92QrAlPPsK +9NDQs3lycA0HlZfBEYL/xBPsD8+7TrhK7co8owIDAQABAoIBAQDMyBVQMnpgS1z0 +kfKtNVqckFY4ZGrANfM8WCC3j6kXnHeIRCfUoeShheFxw1iLckf9kWik6elgOjfy +Y8WrBnKZSsmyQyuuoYcOHvVPxNK5nCv/BW4C0bwwtlWvFRYEA8fdzVJDWDPZo420 +qlJgLpGCzvk2uv/GGmea2d517k6ow+9cl5Pna8sqfrea6v/8hf3iDnRzl/HHJUPI +2xDT5bHAOmlILvjvc4FhytYFR75+8gVjfX9G8FtVeBYc2UZJ6YLr0ImC90IS2Ubg +LfgEsofQoVpcNgbi0cW5GWm4Gd8ztQS2BwcflDC1L/pSvS/rKVn3P19Y5ECgQ4Ak +gVVhIs3xAoGBAP76VM3YD4vt8lRiab2pkeQjKV372FfkxhefIyLhtm0+j++8MaDq +oIeyAdEm9evrGo10iVdG+VAhkv5+XlX1AtXNzIEEe2eI03N4R5DiGENUpWGk9u8X +ENnakEdDGDLwXFwxp37eHQZvSiV9lb2a91Od3ppaPDz6mTwcOJ18rGzdAoGBAPbC +iEd6Vfu/9UeOjKqgo1wn/TMI8GtYBDH5GmtPTuhu/yMY1AreLZlLHC9mE0noUeG8 +apEnRAhSmNokONtTBjCH9sQlVrkAHCpbjZGd4Skin9eopejjyA5pLSW4i9Z3Fy9C +Yo2foIVCjzjU6g+I/8wtYSzJ+qtDqYqqFgRZI/d/AoGBAL1u2mZ8KUC6rZlH7Gt+ +eedWwDsVCqxySUHvdzlJHDGZk3J3DSAScOWfuH3dRkPaTcXeWNNA5aVE7GKrHAcc +mtihp1gLLmvDWeWl7PWVJJWRY7VhzBvhtSFFon9vN6FQti3ArkIxXrsTH7Eu1nsh +kLLMzT873xkmzYW9KcrHf4r5AoGBAN2bvVo8IwZR0c1u1yPR2oREIZ/40joFNNdQ +eQqQkjQqoxX5EU2lVVxLWUe0K3R/oTHSzf4IPpAe5clbKHjIalGheduUEPtafvEH +ge+Z04Hm55h9jGrITn2qtXIf9+4my/qUav/3sOic6xVGGeLTza6nvpLD3kx7GsM+ +l0FWcPevAoGBAMN75VPtZ3MemJFjvKsGEd1Dj7g3VEZrIoRPUjp67mNUCDxMD8nf +3w4KpbrHWbizf/IZxMInifAzdXkSsUAq5Lm3vRjR4QtpAbVfK0a4icdpWmduvhSx +w/ya3X1GAz2TxbQA6r4qYP7Jn7lSxkoKreTjOCuvX2fxg1uENsloPKQc +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Target.key new file mode 100644 index 0000000000..5aba065eda --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5pAU12xehSQhF3rO8oo+gyDkPuvPTAa7CtUh2SvhLhSKIBbI +yUtV7enqSO3vAyveJd1BmwwLvfhY4qC6kj8D3srmNUK+q+EzF6w+vPyQKtLHdh9R +0srpgOB2OauIZbTj6gXdxY7+TIbDBkkMq2mlTxTMgh+xPfb51dRhQTXl1PdPGq/7 +qP/veziVQMVWMqXPj9YE3yPrW/cyo9eh38tnNSXWY5LX2tmDIFJYHe9uPIiRFAjH +cIW3s5PBmlFX2NVMgYOWkbZaubV++5C9cS4JBG75C/9RQ9Qgd+4xNJj46I9aLnXx +D79kNaUAy0oAbkWjAdeXRklVwd8tMcSYriWyswIDAQABAoIBAGwv75emIjQXX+/E +kJb+h5bAOFnODNd/0QSkPd3J2T/mI2orRswtrYSV3nmaLC0wyGy8BazbWicqAYtW +IDW/m/FPA/a5+v5sDa1uBYJogL2XakDjMWHYFPmEWfV1p+sRlmCZoBazomAGXDz2 +yhsk14zkFZJ5jJGm8lSD857Fy7LB9Sr9wSyGww8q4UmzQ3ST1foM+tvhZ5cKG+MY +NV6m5zqy9DKY6zj5935nbX8Kk0/u7obv+c+vxd06eNkoPxApqiqYJfSaLi4mgj/6 +2KdZYOD23QnQkNlJ6Y2ypwgMMKds8LhrYv9R2GkMZechacFxRY4ahJV9eOva+bTA +XuJ5iwECgYEA+OMDuCQUWxLAKf+N4syDlWZiKmyLLLiUp6djsu+gw0yic+tExwY1 +2pH1LBN7rh/SwA1S0i/Z8IXydOwJxRE0QB4x2jAfMnF1+2jSdVTFI5xuRtdV/0Op +Nk1qPnJTigvox4lUpmKbLTFkDFZxzWW4WM9tX5/Abs7Kl49/57D7Z9cCgYEA7Sb/ +zwWFKBJPhkFP2VxZjFxO6uPX2Zs+9KH6yfxzlPoksUZhh8Hy58D8o9yy/4749Zsa +HTa8HWFOiPza84rR2EX/SKmDsBJD5/Kq5YdZHFRb0V4a2LYnscLr7xLTvuG7aqRd +AEO+hekKwOF4bNDrACVcedkhsIdLJeLIqCylQIUCgYEA5T/F10F0docI9iZsvPGA +aobJ+SXN9D14wAzRKqrKu9nE8V1OFrzDsjYrTJQNok+xwjEDjpOA/amDsOsR/LFi +HYUyijU1JzOXZyIgaO7SP4EBmsMSdXQPUvNv32FTTZ62pcT7cd717GTIMQ0W+giu +Cy/VIPV3PRnBRmVpfTJqADUCgYBamVSO9U/qgBxLcPYdVu+K9NTdXY/fvTRu5tbV +hZFub6XG59losMqoiQy7WRw1D5zCz69JS9jP7JXBNcA73GPQmOUvEDuT71Zr7UQm +je+YKA4vzSC6e9RsT8gsvGeSe9BKrGIvMLI/nEkUaM7F24Z7tso+bpo1Q2qNHbeE +sBGttQKBgQDpGOOyWrSnBWIc69/psIIsDvklRz26eYsbCzKqI/dlHhJjWshyKB15 +pZb5OaacfQykWxd0kIRVSghbbwxllOvlU/+sV2eag16zxotVt0l5mx1dCBOEDTFq +SeR+aKlGCw4Xowuh85r3Uy5Zanp8AE0h/e+OiSkYgOMYGOT7Sq8j5A== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/main.test b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-using-ecdsa/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/chain.pem new file mode 100644 index 0000000000..a9ecd52bfe --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/chain.pem @@ -0,0 +1,266 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate used MD5 to sign the target +certificate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:d9:89:cf:ff:cd:53:9f:5d:75:66:a5:53:93:03:4c:a0:64:cf:c3 + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a7:b8:bc:92:74:b1:bc:8f:5b:d5:3c:81:a6:8f: + d2:bf:7e:b8:f6:cd:49:5b:fd:18:ee:07:5c:32:cf: + f1:7f:51:06:98:53:91:16:4e:c0:2c:34:16:b8:12: + 9d:10:5d:72:42:ec:00:e9:6b:4a:fb:17:bf:3a:35: + f9:a7:f5:50:df:80:bf:d9:6a:3d:74:93:4b:ce:13: + 5f:57:3c:a1:60:55:10:e9:32:0f:84:ce:c2:d7:51: + be:16:b1:54:3f:86:5b:9e:9c:ec:5e:10:87:10:08: + ac:78:ee:da:97:5a:af:52:84:de:8d:2d:e4:91:30: + 09:a1:e7:2b:8b:8b:b8:70:a0:43:0f:db:15:48:a5: + c2:94:af:f9:82:e4:86:57:d3:1c:e8:0c:71:11:06: + fe:f5:5e:ad:a6:26:d3:51:0b:f2:f0:5c:99:05:fe: + 51:a1:d7:4a:e6:7f:f3:54:eb:82:07:f9:3a:83:bb: + c4:b5:41:07:df:76:95:9a:ed:04:34:4a:1f:bd:91: + 19:78:6b:e0:24:4c:cc:ad:21:80:61:20:03:96:1c: + e8:d8:ca:e9:bc:ee:5f:93:eb:f8:48:ee:93:01:eb: + c3:a4:83:6b:3d:03:0e:fa:a7:aa:22:4d:66:40:8b: + ff:e4:9e:39:4f:b1:13:1f:ee:cd:70:21:10:26:96: + 9b:03 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BF:EB:3A:84:42:B2:07:20:64:80:5F:29:BC:F8:61:4A:F6:05:54:0D + X509v3 Authority Key Identifier: + EE:50:7B:40:71:90:A0:CE:F2:A3:28:0D:EC:1C:F2:D9:7E:A8:F3:0E + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha1WithRSAEncryption + Signature Value: + 65:d3:67:22:0d:6b:50:98:f7:3a:a9:d5:e8:8d:e3:b8:ed:eb: + f9:14:95:e7:7c:d0:43:00:df:be:57:69:5b:57:02:47:54:41: + 57:9f:38:bd:b7:80:25:0d:1f:0c:6c:7f:c3:72:2d:b0:2b:fb: + 97:bf:50:cb:9f:b2:c9:79:4d:8a:03:a1:83:5d:1e:35:17:97: + 6d:65:e1:14:28:6b:1f:d5:2b:f3:5e:73:08:19:4a:c3:6a:70: + e5:57:9a:1c:fe:74:e9:a6:07:44:b3:94:55:4c:8c:d1:d4:95: + 7d:5e:c1:a6:8b:0d:00:fe:d3:59:4b:f1:e1:e9:3e:3f:67:05: + d2:c4:33:1b:e0:b5:7d:8c:c4:42:8f:44:2f:2c:6c:d8:16:bb: + 03:91:76:09:07:6e:4a:d3:bf:d5:41:42:ba:6e:e1:70:47:cf: + 9c:fd:e8:46:1a:ed:90:f3:47:05:c6:8d:07:92:1d:5a:b6:fd: + cc:75:49:4a:47:5b:35:36:ce:b1:0c:af:21:87:72:4b:7d:eb: + 18:87:b0:98:55:f3:33:53:5f:15:f6:c2:a1:b9:3a:78:c5:65: + 45:e7:aa:04:ce:07:a5:db:ef:84:57:29:23:24:78:54:7e:39: + 8c:f8:ca:d5:4a:d8:12:fd:b4:3a:d3:b3:31:78:a7:57:b2:d1: + 2d:a7:e2:b5 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUL9mJz//NU59ddWalU5MDTKBkz8MwDQYJKoZIhvcNAQEF +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAp7i8knSxvI9b1TyBpo/Sv3649s1JW/0Y7gdcMs/xf1EG +mFORFk7ALDQWuBKdEF1yQuwA6WtK+xe/OjX5p/VQ34C/2Wo9dJNLzhNfVzyhYFUQ +6TIPhM7C11G+FrFUP4ZbnpzsXhCHEAiseO7al1qvUoTejS3kkTAJoecri4u4cKBD +D9sVSKXClK/5guSGV9Mc6AxxEQb+9V6tpibTUQvy8FyZBf5RoddK5n/zVOuCB/k6 +g7vEtUEH33aVmu0ENEofvZEZeGvgJEzMrSGAYSADlhzo2MrpvO5fk+v4SO6TAevD +pINrPQMO+qeqIk1mQIv/5J45T7ETH+7NcCEQJpabAwIDAQABo4HpMIHmMB0GA1Ud +DgQWBBS/6zqEQrIHIGSAXym8+GFK9gVUDTAfBgNVHSMEGDAWgBTuUHtAcZCgzvKj +KA3sHPLZfqjzDjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQAD +ggEBAGXTZyINa1CY9zqp1eiN47jt6/kUled80EMA375XaVtXAkdUQVefOL23gCUN +Hwxsf8NyLbAr+5e/UMufssl5TYoDoYNdHjUXl21l4RQoax/VK/NecwgZSsNqcOVX +mhz+dOmmB0SzlFVMjNHUlX1ewaaLDQD+01lL8eHpPj9nBdLEMxvgtX2MxEKPRC8s +bNgWuwORdgkHbkrTv9VBQrpu4XBHz5z96EYa7ZDzRwXGjQeSHVq2/cx1SUpHWzU2 +zrEMryGHckt96xiHsJhV8zNTXxX2wqG5OnjFZUXnqgTOB6Xb74RXKSMkeFR+OYz4 +ytVK2BL9tDrTszF4p1ey0S2n4rU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:60:d8:eb:62:e8:49:d5:85:e5:1c:23:ef:72:aa:9e:40:48:b4:9b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d9:cf:a3:72:11:43:a1:d1:78:59:5e:27:cb:ee: + f6:2e:52:4e:9d:79:d1:c4:1e:bd:bb:e9:d4:cb:5e: + 95:9f:ba:0c:7c:aa:b3:1b:97:57:82:a9:6c:f1:e6: + 89:4b:37:fc:68:8c:93:2b:c8:35:58:e4:f5:6a:c9: + 9d:cc:a3:3f:25:98:a3:6f:81:6c:97:67:30:b8:7a: + ab:47:42:6a:7c:93:a1:c9:1d:3e:b9:02:fb:1c:71: + 40:2d:9a:a3:46:35:5c:4e:db:a9:2d:9a:09:d6:d1: + 9d:7c:99:93:a9:fd:25:98:90:ba:84:a7:74:bf:4f: + 9a:8e:5b:a2:2e:6b:5d:23:c4:77:42:77:0b:8a:f4: + e1:55:21:66:18:43:a7:a6:08:41:99:42:cc:f3:1c: + 90:93:21:12:5d:67:1d:af:fd:f0:f6:c1:ce:26:83: + 85:02:6e:dc:ca:9a:d4:81:55:19:9c:57:a0:56:17: + 4c:a7:1a:7b:f0:89:cf:9a:fd:27:56:9b:b6:24:00: + a4:8a:1b:82:5a:39:fc:3a:d1:e9:ae:03:0d:aa:8d: + 95:c4:31:50:18:b5:0b:c5:4f:95:85:00:1d:de:e4: + d4:1f:fa:c3:90:12:47:d4:60:75:ca:5a:1b:37:22: + 5a:21:14:21:89:8a:07:1b:10:5d:9f:35:b5:50:3f: + d2:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:50:7B:40:71:90:A0:CE:F2:A3:28:0D:EC:1C:F2:D9:7E:A8:F3:0E + X509v3 Authority Key Identifier: + 92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 73:f0:17:ef:dd:b4:30:ef:d3:9a:09:30:ff:dc:4f:17:d8:65: + 11:06:5e:45:2c:08:23:6a:b2:8c:e5:94:ef:47:dc:ef:c9:c3: + f1:a7:7e:85:d5:20:b6:d6:d3:70:33:a4:86:d0:1a:bc:ee:b6: + e5:d5:62:3b:ff:94:eb:b9:74:12:9c:c0:0e:28:2a:d9:5e:30: + bd:4c:ba:47:8e:74:f7:ab:e5:b6:00:41:bf:27:06:4b:ad:17: + 8d:b0:d1:3c:28:04:79:39:e2:13:3e:05:cb:05:6c:4c:4e:eb: + 7c:a3:13:c6:71:c6:f3:93:79:f5:bb:c0:d6:61:d7:2b:43:8b: + 0b:eb:77:a8:24:9b:07:d2:c5:25:bb:e0:c0:b0:e2:fe:1c:20: + d6:cb:d8:2a:58:e5:eb:ef:d1:ec:79:d1:74:6a:2e:1f:ef:19: + 8a:19:95:ae:1a:ef:96:78:09:f2:95:00:53:69:34:42:0c:26: + 08:4e:7a:ed:fc:ee:1a:ef:c1:0d:84:42:1e:e3:81:f5:57:0f: + 52:ae:a0:fa:58:50:eb:e1:48:95:c5:9d:e6:b8:4f:5a:2f:b3: + f5:35:63:23:80:06:05:f0:f0:86:ab:4e:ae:34:18:3b:7c:e0: + d8:2b:2c:4d:14:16:1b:9c:ba:35:45:6c:6d:ed:87:4b:e4:1b: + db:2d:5d:3e +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUbmDY62LoSdWF5Rwj73KqnkBItJswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANnPo3IRQ6HReFleJ8vu9i5STp150cQevbvp1MtelZ+6DHyq +sxuXV4KpbPHmiUs3/GiMkyvINVjk9WrJncyjPyWYo2+BbJdnMLh6q0dCanyTockd +PrkC+xxxQC2ao0Y1XE7bqS2aCdbRnXyZk6n9JZiQuoSndL9Pmo5boi5rXSPEd0J3 +C4r04VUhZhhDp6YIQZlCzPMckJMhEl1nHa/98PbBziaDhQJu3Mqa1IFVGZxXoFYX +TKcae/CJz5r9J1abtiQApIobglo5/DrR6a4DDaqNlcQxUBi1C8VPlYUAHd7k1B/6 +w5ASR9RgdcpaGzciWiEUIYmKBxsQXZ81tVA/0ikCAwEAAaOByzCByDAdBgNVHQ4E +FgQU7lB7QHGQoM7yoygN7Bzy2X6o8w4wHwYDVR0jBBgwFoAUko6rvFqtpsjqo3um +I1v0T7D6YPowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBz8Bfv3bQw79OaCTD/3E8X2GURBl5FLAgjarKM +5ZTvR9zvycPxp36F1SC21tNwM6SG0Bq87rbl1WI7/5TruXQSnMAOKCrZXjC9TLpH +jnT3q+W2AEG/JwZLrReNsNE8KAR5OeITPgXLBWxMTut8oxPGccbzk3n1u8DWYdcr +Q4sL63eoJJsH0sUlu+DAsOL+HCDWy9gqWOXr79HsedF0ai4f7xmKGZWuGu+WeAny +lQBTaTRCDCYITnrt/O4a78ENhEIe44H1Vw9SrqD6WFDr4UiVxZ3muE9aL7P1NWMj +gAYF8PCGq06uNBg7fODYKyxNFBYbnLo1RWxt7YdL5BvbLV0+ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:60:d8:eb:62:e8:49:d5:85:e5:1c:23:ef:72:aa:9e:40:48:b4:9a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f6:22:a8:ce:1d:94:88:97:b9:e7:e7:ab:56:da: + 1c:7c:06:27:7b:06:ac:a5:75:b0:b8:8b:44:d9:8f: + 07:38:8f:c8:15:46:49:46:c7:33:07:74:fa:4c:30: + a7:e6:48:eb:5c:03:14:0b:da:f9:66:be:0b:f4:04: + e2:d6:d8:79:cf:3c:0c:1d:61:27:4e:8e:0e:21:4f: + b6:2b:e0:bf:dd:67:0d:31:7b:38:36:8c:89:f0:50: + 2c:35:f0:a6:1f:46:85:f2:78:59:2e:e0:f0:a3:a5: + d7:d5:25:a9:6e:d3:6e:6f:80:57:64:a0:c0:d3:75: + 94:62:72:99:1f:a3:df:6e:b9:e3:39:6b:d3:94:83: + db:99:91:fa:d3:98:e2:c0:e3:66:71:1c:ff:ee:40: + 14:75:eb:47:79:21:01:b5:60:86:81:1e:40:c7:e6: + b8:48:95:2c:07:50:49:40:65:9f:c4:91:6c:00:ee: + cc:98:1e:c5:d2:ef:fe:09:74:f2:b8:d9:91:48:01: + 48:27:d9:50:b5:4f:44:e8:f3:fa:03:12:08:a5:fa: + b9:55:b1:45:59:76:87:c9:d4:c4:d7:65:ad:b4:c5: + 82:79:ea:f0:b7:5c:75:18:4d:33:4c:bc:f6:05:e8: + 22:30:6b:5b:d8:2a:14:2a:6a:11:7c:48:6a:7c:0e: + e7:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA + X509v3 Authority Key Identifier: + 92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0f:97:b8:d9:f8:02:d9:00:29:30:2f:23:ec:9f:25:e7:6b:4e: + ae:a8:e0:fc:8a:44:e1:8c:18:bd:5b:0c:e4:e5:84:59:51:2a: + 5c:c0:8d:5f:e0:01:34:8d:95:e5:0e:e3:e9:9b:7a:14:64:31: + f7:b1:19:38:94:16:bc:c3:db:9f:f0:53:d6:7a:28:ae:0a:ee: + ff:ca:d7:4b:82:a7:60:f8:f8:80:2e:d8:34:39:d8:70:c6:fa: + 23:ba:72:62:bb:e6:25:be:74:84:40:e1:3a:37:32:a8:f4:89: + 1a:5c:70:cd:b0:d2:88:ca:4c:a5:0e:dd:f3:d8:f9:3d:e4:d3: + 71:d2:ef:dd:88:99:d3:2b:e7:ca:77:38:6b:2b:ec:12:1a:07: + 04:78:e3:25:86:61:34:b3:f0:85:46:65:20:85:f5:d0:d1:25: + 25:a4:df:27:4b:0d:c8:d9:95:74:3b:e9:2a:ff:31:d6:c4:3d: + 96:bb:3b:78:2a:c2:b7:51:72:2a:cb:2a:33:e3:65:a1:04:8c: + 58:db:ce:a0:35:03:a7:40:48:4f:bb:1d:cb:40:38:f0:02:49: + 56:29:58:45:f7:c8:5a:f2:00:58:d7:2a:a8:6b:1e:6a:79:86: + a9:11:26:e8:ca:6c:63:fa:df:19:c7:7b:dd:6e:3d:de:6b:c8: + 0a:ef:4d:2e +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUbmDY62LoSdWF5Rwj73KqnkBItJowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQD2IqjOHZSIl7nn56tW2hx8Bid7BqyldbC4i0TZjwc4j8gVRklGxzMHdPpM +MKfmSOtcAxQL2vlmvgv0BOLW2HnPPAwdYSdOjg4hT7Yr4L/dZw0xezg2jInwUCw1 +8KYfRoXyeFku4PCjpdfVJalu025vgFdkoMDTdZRicpkfo99uueM5a9OUg9uZkfrT +mOLA42ZxHP/uQBR160d5IQG1YIaBHkDH5rhIlSwHUElAZZ/EkWwA7syYHsXS7/4J +dPK42ZFIAUgn2VC1T0To8/oDEgil+rlVsUVZdofJ1MTXZa20xYJ56vC3XHUYTTNM +vPYF6CIwa1vYKhQqahF8SGp8DufpAgMBAAGjgcswgcgwHQYDVR0OBBYEFJKOq7xa +rabI6qN7piNb9E+w+mD6MB8GA1UdIwQYMBaAFJKOq7xarabI6qN7piNb9E+w+mD6 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAD5e42fgC2QApMC8j7J8l52tOrqjg/IpE4YwYvVsM5OWEWVEq +XMCNX+ABNI2V5Q7j6Zt6FGQx97EZOJQWvMPbn/BT1noorgru/8rXS4KnYPj4gC7Y +NDnYcMb6I7pyYrvmJb50hEDhOjcyqPSJGlxwzbDSiMpMpQ7d89j5PeTTcdLv3YiZ +0yvnync4ayvsEhoHBHjjJYZhNLPwhUZlIIX10NElJaTfJ0sNyNmVdDvpKv8x1sQ9 +lrs7eCrCt1FyKssqM+NloQSMWNvOoDUDp0BIT7sdy0A48AJJVilYRffIWvIAWNcq +qGseanmGqREm6MpsY/rfGcd73W493mvICu9NLg== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/generate-chains.py new file mode 100755 index 0000000000..63501101ce --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/generate-chains.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +"""Certificate chain where the intermediate used MD5 to sign the target +certificate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.set_signature_hash('sha1') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Intermediate.key new file mode 100644 index 0000000000..46ffc6c3af --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2c+jchFDodF4WV4ny+72LlJOnXnRxB69u+nUy16Vn7oMfKqz +G5dXgqls8eaJSzf8aIyTK8g1WOT1asmdzKM/JZijb4Fsl2cwuHqrR0JqfJOhyR0+ +uQL7HHFALZqjRjVcTtupLZoJ1tGdfJmTqf0lmJC6hKd0v0+ajluiLmtdI8R3QncL +ivThVSFmGEOnpghBmULM8xyQkyESXWcdr/3w9sHOJoOFAm7cyprUgVUZnFegVhdM +pxp78InPmv0nVpu2JACkihuCWjn8OtHprgMNqo2VxDFQGLULxU+VhQAd3uTUH/rD +kBJH1GB1ylobNyJaIRQhiYoHGxBdnzW1UD/SKQIDAQABAoIBAQCQI7K8R+SD78U/ +DuozMP5FhT51RCqnKNjSxFmIBB3sSAj/b098ENlepJRuOOvelTw6S90Q+jsjitFG +TApbZCTj0nFF11Zvk2BQlQ1H6RHjQyermejqMqjPF7sq8szeJ23g2cjJXsjoGmuo +C1IHCnmYzx4/rzm5aQqU7tsS8QYAJkk2zfn1wh6Z0cICNlnEFkLCAKFmyAtQSj2X +LA7Vv2lidM7bD46hnUiVo+hqSB/3Fd9l781tGVRY216Z+1HI4DeqYsYdClnRz4s+ +D7snKD2GiWWrj3zx+e0QxyHMK1QxOcidPmABsJE36Vku79y583Z3WMlr053/0IMX +4eFj4loBAoGBAPRIy8qx2NIDSmi8P6Inq0kUSYdPuHUq3WNa5frLhoh6lBfo6gFD +1RSsQ4dKvsEoouZEWzM3myPTpjX8+rAiHoApaTbAbh+YJwoloLGXSHOT6Jz8rWbV +94ld6zSIF//OdEXHkBOo535crgKv214G6wbGVDfrDrz424kJya5iRC4JAoGBAORB +0QasM4/wmL2oXvJdxLAgj4XW5ritQfv/CSVuh3HrGdXtVRSgD4cNtE3fivy9ksKF +55IRziwN07maFDLfzxoILUufw/DYzZs4lD9VAYZSVr9+ceGgMs046cC41ISycfxF +aoCuWClcJtgn72xqu/3/J+/rZkDepyL+J1j6f4shAoGAdjcgP/fu6DrlcGfhF3TB +BD2IE641oqXauzEK6GJDuZowPp3dWD1eSYHPsBIw28LxiiN8Sv3W2vCal7fUDRaF +0hm4K+HVqP51rghlimueiSgDwqzYsVJMVzKXFzXg/08Gn5oilBEB7fmlz/EQZKFO +bVne+ayL1lFL1DZjXjt5qRkCgYBR70I+F/BGWgIqCldSvtAMvRNn4rVdU2wdLfY1 +hpB+FvtmLFRfG/mW7Bdt4LF+efpFc1WlvFh6vdfjhuh7PpWT7Z18yPPH77sWXd/x +P+1VLxdOk/ADIsM5oZVfBbnbjEaYXL6XRH4HEroq22L5UvL6gO3wFFrXLFVonTy4 +lurToQKBgQDE3bXuI4w48PRiIVIgZSMXUtj4Qo5uB0mZY6PUrtHA6XqeGeystlPd +DIrcNsRWarj1Dt+Jq9fYKC/5d60LAUzHz4j0O7B26PV37LIxBCIGIFXIPOEMpl4e +jG2bKmsncIpCEGTKot+klgMypIcmb9z7iKDFXsaoXJGkVrtJ0Xc+DQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Root.key new file mode 100644 index 0000000000..0647c1ae2a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA9iKozh2UiJe55+erVtocfAYnewaspXWwuItE2Y8HOI/IFUZJ +RsczB3T6TDCn5kjrXAMUC9r5Zr4L9ATi1th5zzwMHWEnTo4OIU+2K+C/3WcNMXs4 +NoyJ8FAsNfCmH0aF8nhZLuDwo6XX1SWpbtNub4BXZKDA03WUYnKZH6PfbrnjOWvT +lIPbmZH605jiwONmcRz/7kAUdetHeSEBtWCGgR5Ax+a4SJUsB1BJQGWfxJFsAO7M +mB7F0u/+CXTyuNmRSAFIJ9lQtU9E6PP6AxIIpfq5VbFFWXaHydTE12WttMWCeerw +t1x1GE0zTLz2BegiMGtb2CoUKmoRfEhqfA7n6QIDAQABAoIBAEtPB38pJc01Pzhp +dc85JQX9jA7kV+a4P733PrWiQX9Y3stDmiAByuc5L2woZvba0MhyWKvX7/8znsym +whEiYwK5SKukkjZC2Kfwj7iVJ59CbJL7NJPcJEhW/2/xlaJ0HX+2uvLQ+E/Z6lPZ +FiJGpr+O8S5k0RriGuiUT62SokZqGDQeM/nAceQhg6HSOW9p7EX4LcOIJC64ipwy +rzN51Zz0cT/PB7ybnz4ZnS0CcjBI+LRBR+kt7QAyZVCUbFrsysW4HsjRTe1sYqEk +btSCob8HBO1Ey3R2l4OVcLpSVY/t/M8nIxqvJZhMCR8Hr7sourzcQgS9wMF8rDnV +ub4wblECgYEA+5uyod2JuJEQEbQ96Iyo1zscrdwMNLSX4R4EZP6HHNqfHh2dE1o7 +uoHjEd1zHbUSk1xcr04B8lSKhqib0RA8ICFgzKHwCwciPY/jaYvCbpfpuKIIMLcn +t3hJMGWHCaOJBuqKLqc9HsFymaNk7MymF62FsLPG5LTiqqkXOJ9CClMCgYEA+m6B +rtR9E+j0nFNrlW1upuhSfby+KvDPHmSK7M+nm7Yy905P4VkjntjO9+Bfi/vYZ9HX +kFADUNYwSToDz85j3himCttYdijPUdXijZgg5cQ2o86NCROmplBBoWs+MGwXMbPK +IcpwHz6tpJoQgbS7jo0Fcle2ggtkml7wMQvoVVMCgYEA4RlCjx2sALuHLM+cM1jk +FOqFleWv5ddLqdM5C0HLjzzn7gGAbbfkh898XpdITeOZYszW/t9DTpHj/OULwdZM +dFJoT6rxHmybbYg1ZE/s+xRdvRj5StwRZErw76NlVHJCPTXHukVUoRdgd6N+v3u3 +fKd5W8T6w9Iwl43/gGC6rJECgYEAmtcCtd9J6qqJu7JUfZKo7OgOQRIXHqO/3BHc +V+lYv40a3A/+kd20iX2SEm8XhIzV0/NJ7j+anTuhpVUKkE0TMHpbB7Fxc7Vt4jJ1 +noimJop4IjYOu8L7si9DNRQC4puih6ebXeM2CguN/40Gkbv2j4AgEv+qp6N1s4Dp +z9mF8GMCgYBw3TY0vpuEGAZpLx3gqrUif8/KZome9cTB9GlPpnYtUhJt9lGoQNnd +bXyIbcZ99YTOdE3GwtQYo1qvliM5ixaXPWwK1w13E1xXNOP/JSP7+EJ5RriI55Jf +bUyE1xeNdmVvM/Y/V/K2RnOxSKfI6q67dE62I9Wnu4ZCvw0jETo0kg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Target.key new file mode 100644 index 0000000000..8faf8c55a0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAp7i8knSxvI9b1TyBpo/Sv3649s1JW/0Y7gdcMs/xf1EGmFOR +Fk7ALDQWuBKdEF1yQuwA6WtK+xe/OjX5p/VQ34C/2Wo9dJNLzhNfVzyhYFUQ6TIP +hM7C11G+FrFUP4ZbnpzsXhCHEAiseO7al1qvUoTejS3kkTAJoecri4u4cKBDD9sV +SKXClK/5guSGV9Mc6AxxEQb+9V6tpibTUQvy8FyZBf5RoddK5n/zVOuCB/k6g7vE +tUEH33aVmu0ENEofvZEZeGvgJEzMrSGAYSADlhzo2MrpvO5fk+v4SO6TAevDpINr +PQMO+qeqIk1mQIv/5J45T7ETH+7NcCEQJpabAwIDAQABAoIBADUsGxRvTH3UETAc +G5pblFvDaA5ObMhuB/5GdRNi21QasvWN4LxqwQACj4VR2Vt71KKkwXE+46mREL36 +qKh33GjPH4Nk7BDONcUiXSKCBUNOFKtphIP9LMYokxQMqgHtrZQueb0kjj0mEs/Q +IZrEVDrcBtZJS2JAEX2zlRmLdTC3Crt0zjhJjp65pE0DdGMBswSy3bYo3Zvuh8h1 +HA2WPQWBR1tY98IHY/cq/CoSf5MuIx9/A7HuIZdG0bBcOZfu+EnxrQKKI+2AWpy2 +E1wrRlKbAovckedU7q4dgBNPRmnOFQyiGeZMJO5AObEZfQfJkk/RUa4KvzxbqckW +OhTkNxECgYEA1S6/tuIJB+6rBUg7h1Dzf7x40awQ0XG7j5vhmgbStsNUuOQoQft9 +Fwo8O4UD+37xGeZxL6bwgkNAYEBlqVJq2Txk5QMgqXA7ZxURKrQVlru2ayA9vZ3X +wkOJq5T/eAvOGYpwP5+EY+43YQBnGg6LQbVIZS+s5yoD6r2OPC2DMqkCgYEAyWiC +9UMLF58nNPteWUZaE0C4sUKNq9W4VpIKUlShqb1+l9XVlE0YS8HDESpldCfk31QK +FxI10LD31pzhTRrptXWHixyBKbicbd+E20K5fiQzcSedR3nZY8XaavQ8EVM7+gij +a/oTniSvXxwRxAEhD30M5IIKGEg8y777IDpmV8sCgYEAvsK6YtgY5LQ47N0aB5f0 +jFUGd/jUg9aV04fVdJKuc0SOx3PCYmi8IqXSCCCa061f6aE/nzhu9uFe9cIqNj29 +xu44CoWl8Hixbyh22BOVTfBi57FODiL0Mq1kv9jwUWee4VPz5brEKPe9LlvB5psl +GYMyaPkkayY5oxBD+q1vPSECgYAnfAWwb2RNTTYyfNUSS2h9PcL3fUSo2004K4k6 +erz2ud+HhLRKTpLkxyemxdj93JRR8/fGbht+vjLYMAk7RHtsx427B+uKcla4c4lo +MryKri4nkMyUpp6noLIhJaBhBSBM9ESVdoFCD48R5j7VXiNNFgbhBV1VRVQl3Vr+ +BnTp4QKBgQCJoF+gm4kkOQ9nrXjkorrFGNTrglNm4ABu2aKs2TJA6/v5mv9VzH44 +XdQ8D+cEq1BAmIkyo/mr/F2/CeLDhygYFFAyMerTEuWc7j8dupjBLXvZ4DKSoVg5 +hYdGE0ZGXaBRsHMgrOHWwGXJrYAZwfmU4e/gSwqCFfEHBeZUBUsUNg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/main.test b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/main.test new file mode 100644 index 0000000000..1f4e2db96f --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-signed-with-sha1/main.test @@ -0,0 +1,9 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +digest_policy: STRONG +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Unacceptable signature algorithm + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/chain.pem new file mode 100644 index 0000000000..7c68d004ab --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/chain.pem @@ -0,0 +1,268 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the target certificate contains an unknown X.509v3 +extension (OID=1.2.3.4) that is marked as critical. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:9a:ac:ff:32:38:c0:2f:b6:e5:63:63:94:45:6d:aa:aa:c4:b6:e5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:05:ea:3a:1c:14:a1:db:ad:2c:18:3d:25:9c: + dc:1c:0f:2b:1e:42:df:c2:7c:b4:39:e6:4b:45:eb: + d3:a2:1c:2b:dc:f2:8c:08:f5:81:df:bd:fa:a2:1a: + 1c:5c:99:cb:00:c7:31:02:c8:44:5f:31:cf:9c:82: + 6d:3c:0c:5d:f7:d6:cc:91:fe:f3:e7:7a:08:17:85: + d5:75:61:ee:dd:66:55:3c:e2:68:98:36:19:20:e4: + 9b:cd:24:6c:a3:5d:89:84:80:2e:c7:11:4e:c1:82: + b2:80:ce:0f:e9:6a:42:54:10:fb:c0:0a:53:be:19: + 01:38:ba:06:c5:93:93:1c:84:aa:25:c7:c5:9a:4d: + 32:2e:a4:13:5e:6d:07:d6:9d:e5:b0:29:63:da:14: + b7:62:51:63:93:dc:28:ae:4a:bc:35:ac:c0:06:ea: + ea:0b:d5:70:61:3b:05:78:e4:d3:ad:c3:ad:95:f1: + 48:e5:79:a6:dc:12:1f:14:4f:21:9f:ca:6f:7a:dd: + d6:45:c8:8a:60:96:1c:02:06:16:18:80:21:58:6a: + f6:83:3e:1a:98:b8:b2:a9:22:44:c2:25:e9:dc:a9: + aa:bf:1d:2e:3f:2e:a1:78:08:93:04:4c:c4:1f:f9: + b3:34:9f:a7:78:5b:02:a6:ca:d3:1f:fa:ba:4d:34: + a2:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D6:55:4E:AC:07:84:35:A9:0D:9A:63:45:82:73:4E:A4:CC:53:B0:02 + X509v3 Authority Key Identifier: + 8A:E3:E6:F6:58:6F:1C:90:B4:67:A5:14:D8:64:E7:F7:00:77:61:01 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + 1.2.3.4: critical + .... + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2d:da:b3:73:a9:3c:2f:ac:6f:a6:db:80:c2:82:ea:0f:6e:bd: + 58:35:f5:d5:69:3f:73:26:e6:80:cd:39:d1:cf:38:f8:19:dd: + f7:cf:57:70:44:3b:83:5a:8d:91:7b:02:a9:e8:ef:06:1e:b6: + 4b:97:ff:0e:96:ee:fe:85:ea:b4:93:ba:0e:b1:15:ef:ff:f6: + be:0d:f2:2a:d6:2d:df:43:a9:e8:a0:e3:50:bb:56:af:51:05: + 1d:50:f3:58:f4:41:f0:ea:b4:1e:34:99:ac:d5:b8:34:78:96: + 73:2e:62:e5:7e:b5:1d:e4:08:52:b4:8f:28:bf:b7:75:23:71: + f2:31:b2:ad:eb:4c:94:ec:79:09:0c:8b:94:38:a8:c8:82:e8: + 42:e4:72:50:bc:4b:8e:0d:e8:c0:77:a7:94:8e:d4:35:36:73: + d4:1e:32:8f:19:14:8e:eb:26:61:bb:c9:9c:b5:71:08:40:61: + 52:8f:1e:a3:3d:01:2c:c8:a5:b5:c7:ac:42:ee:75:2b:a2:e7: + 77:65:98:1d:02:1c:95:d3:8a:1d:17:71:82:86:5c:f3:a9:44: + e0:54:c5:51:84:b4:3c:c9:f1:bd:25:2d:cb:23:f2:72:d2:8c: + f9:2d:c5:2a:4b:14:f5:df:65:53:e5:fb:2e:71:02:03:c5:6e: + 6f:0a:68:69 +-----BEGIN CERTIFICATE----- +MIIDsDCCApigAwIBAgIUTpqs/zI4wC+25WNjlEVtqqrEtuUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvQXqOhwUodutLBg9JZzcHA8rHkLfwny0OeZLRevTohwr +3PKMCPWB3736ohocXJnLAMcxAshEXzHPnIJtPAxd99bMkf7z53oIF4XVdWHu3WZV +POJomDYZIOSbzSRso12JhIAuxxFOwYKygM4P6WpCVBD7wApTvhkBOLoGxZOTHISq +JcfFmk0yLqQTXm0H1p3lsClj2hS3YlFjk9workq8NazABurqC9VwYTsFeOTTrcOt +lfFI5Xmm3BIfFE8hn8pvet3WRciKYJYcAgYWGIAhWGr2gz4amLiyqSJEwiXp3Kmq +vx0uPy6heAiTBEzEH/mzNJ+neFsCpsrTH/q6TTSiuwIDAQABo4H5MIH2MB0GA1Ud +DgQWBBTWVU6sB4Q1qQ2aY0WCc06kzFOwAjAfBgNVHSMEGDAWgBSK4+b2WG8ckLRn +pRTYZOf3AHdhATA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDKgMEAQH/BAQBAgME +MA0GCSqGSIb3DQEBCwUAA4IBAQAt2rNzqTwvrG+m24DCguoPbr1YNfXVaT9zJuaA +zTnRzzj4Gd33z1dwRDuDWo2RewKp6O8GHrZLl/8Olu7+heq0k7oOsRXv//a+DfIq +1i3fQ6nooONQu1avUQUdUPNY9EHw6rQeNJms1bg0eJZzLmLlfrUd5AhStI8ov7d1 +I3HyMbKt60yU7HkJDIuUOKjIguhC5HJQvEuODejAd6eUjtQ1NnPUHjKPGRSO6yZh +u8mctXEIQGFSjx6jPQEsyKW1x6xC7nUroud3ZZgdAhyV04odF3GChlzzqUTgVMVR +hLQ8yfG9JS3LI/Jy0oz5LcUqSxT132VT5fsucQIDxW5vCmhp +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:66:51:84:c2:7e:fc:0c:cf:05:27:4c:bc:d3:55:23:ed:cb:19:f9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:cf:91:dd:b5:74:07:ba:8a:93:3c:ca:0c:11: + 5d:36:29:ec:53:1e:32:8b:90:ae:f9:c0:db:d2:7e: + 78:ea:3c:58:57:5f:70:4a:96:9a:93:58:d3:7e:42: + 60:bd:78:07:38:6b:e4:16:8f:32:17:30:b1:76:95: + 56:6d:7e:e5:9e:f9:0f:f8:5a:99:ee:80:e1:e6:fc: + d6:af:33:61:aa:da:19:98:7f:da:27:2f:80:bc:96: + 2e:51:81:f8:1a:63:27:0b:ce:ee:02:16:55:4a:96: + 0a:c5:c1:7e:99:95:e8:70:e7:4d:2b:2f:bf:d3:d2: + 2d:25:7d:0f:b2:50:96:36:95:e5:2c:ca:0e:59:b5: + d4:7c:31:57:96:fa:be:c6:d5:9a:83:b5:96:f2:1c: + 4a:20:cf:be:0e:7f:42:4f:a7:b4:5b:e2:01:f4:ed: + 59:c4:6e:51:a1:a5:aa:a7:1f:04:ce:e0:d2:2c:ff: + a3:74:c7:e4:2a:a8:d2:7f:cd:f1:56:86:67:fe:75: + 22:05:f7:2d:3b:3b:ce:5c:b9:95:4e:e5:ca:d8:89: + f6:b3:12:27:b4:22:6b:fb:83:f9:0e:de:a8:be:38: + 5b:15:66:81:3b:62:d7:50:12:29:69:5b:c5:5a:99: + 97:aa:51:c3:36:88:97:c9:c1:90:53:4f:b3:ec:99: + 3c:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8A:E3:E6:F6:58:6F:1C:90:B4:67:A5:14:D8:64:E7:F7:00:77:61:01 + X509v3 Authority Key Identifier: + 52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 03:01:bd:9d:2d:b0:21:65:4d:11:4b:8d:72:4a:45:c5:cf:0a: + b3:df:9c:a4:0a:2c:c0:10:61:ce:91:c2:79:ef:f8:90:9e:66: + aa:ba:b0:2a:05:bf:76:8d:4d:1b:43:ff:cd:24:d7:79:f9:49: + 73:25:6b:47:d8:3a:59:ab:fa:da:11:5e:7e:ce:bb:07:21:e4: + ea:30:b5:14:b6:34:36:f9:b4:94:ec:31:ae:1f:f2:02:96:68: + 6b:d2:3c:ce:29:7f:0d:af:35:c5:a7:c3:1c:75:b3:c8:04:96: + 7b:3e:b7:10:fa:25:00:8e:f4:f3:65:46:fc:09:5c:19:c4:69: + 56:44:49:1f:db:04:09:04:0b:3e:72:fb:f8:ac:d6:23:31:ec: + 37:70:fa:8b:db:d1:80:25:1f:44:68:ff:48:e0:c2:c0:8e:9d: + 02:ee:ff:e3:b6:ac:22:1f:7e:c4:59:94:f7:06:05:19:23:ff: + 4a:c9:16:99:94:3e:2e:ba:86:6c:01:31:01:1d:17:2c:f7:0b: + 5c:02:8a:2d:28:73:a7:81:b9:8f:91:f7:a3:0b:2a:16:98:e7: + 8d:5c:31:95:48:59:ce:1b:7e:2b:8c:79:1e:c1:27:11:20:07: + 83:ad:b5:1c:aa:77:57:7e:bb:13:19:52:6a:13:6b:5d:32:bf: + 2a:26:5b:5c +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUBmZRhMJ+/AzPBSdMvNNVI+3LGfkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALjPkd21dAe6ipM8ygwRXTYp7FMeMouQrvnA29J+eOo8WFdf +cEqWmpNY035CYL14Bzhr5BaPMhcwsXaVVm1+5Z75D/hame6A4eb81q8zYaraGZh/ +2icvgLyWLlGB+BpjJwvO7gIWVUqWCsXBfpmV6HDnTSsvv9PSLSV9D7JQljaV5SzK +Dlm11HwxV5b6vsbVmoO1lvIcSiDPvg5/Qk+ntFviAfTtWcRuUaGlqqcfBM7g0iz/ +o3TH5Cqo0n/N8VaGZ/51IgX3LTs7zly5lU7lytiJ9rMSJ7Qia/uD+Q7eqL44WxVm +gTti11ASKWlbxVqZl6pRwzaIl8nBkFNPs+yZPPMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUiuPm9lhvHJC0Z6UU2GTn9wB3YQEwHwYDVR0jBBgwFoAUUgCkvotfI2NeMQWH +9GtQpwFwY9owNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQADAb2dLbAhZU0RS41ySkXFzwqz35ykCizAEGHO +kcJ57/iQnmaqurAqBb92jU0bQ//NJNd5+UlzJWtH2DpZq/raEV5+zrsHIeTqMLUU +tjQ2+bSU7DGuH/IClmhr0jzOKX8NrzXFp8McdbPIBJZ7PrcQ+iUAjvTzZUb8CVwZ +xGlWREkf2wQJBAs+cvv4rNYjMew3cPqL29GAJR9EaP9I4MLAjp0C7v/jtqwiH37E +WZT3BgUZI/9KyRaZlD4uuoZsATEBHRcs9wtcAootKHOngbmPkfejCyoWmOeNXDGV +SFnOG34rjHkewScRIAeDrbUcqndXfrsTGVJqE2tdMr8qJltc +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:66:51:84:c2:7e:fc:0c:cf:05:27:4c:bc:d3:55:23:ed:cb:19:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:8e:83:7c:7e:0c:6a:e8:93:2c:f8:e6:80:17: + e6:2a:91:f2:1d:1a:b1:51:6e:3e:4d:96:bd:a1:29: + f3:bd:ce:46:17:dc:5f:ed:b7:33:d8:17:31:80:b1: + 12:f3:bb:86:1d:4a:a7:61:dd:51:15:a8:9d:50:25: + 4f:93:5b:8c:a6:43:30:a5:46:7e:80:74:51:17:66: + 61:ba:c0:9d:f5:53:e4:4d:02:58:a4:27:ac:ef:35: + eb:01:e6:0d:0f:a2:67:b3:95:1d:33:d3:70:55:6d: + 73:80:dd:c7:dc:21:c6:58:9a:7d:cb:e6:9d:e2:af: + 7f:14:02:7c:f8:45:ff:5c:74:7a:7d:b1:35:1f:74: + 0f:e7:0d:97:51:58:15:41:07:fa:12:99:2a:84:92: + 48:9b:08:ee:ad:26:37:15:3e:7e:7b:b6:1e:94:36: + be:b9:d8:b6:6f:27:71:13:d1:3e:b7:9e:9d:d6:1e: + e1:cb:7b:2b:ab:20:46:e0:08:9c:54:5b:c6:db:c2: + 57:d3:67:ee:00:cf:d2:cb:0b:64:31:a7:9c:97:f5: + 4b:37:db:7d:d5:dd:91:a7:ed:dc:0c:2f:9c:04:42: + 50:46:8a:59:d2:9c:10:d7:0c:25:d9:79:de:e1:4c: + 3d:4a:5a:3f:2c:6c:20:a1:60:9f:24:69:1a:0a:f9: + 6e:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA + X509v3 Authority Key Identifier: + 52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Root.crl + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 8c:cc:8d:39:d4:a7:3f:73:9f:db:20:71:ed:d6:e0:94:76:4f: + ce:d3:05:24:82:bf:31:94:30:bd:7a:77:88:09:95:0e:79:79: + 20:48:59:6a:3c:a6:a0:f3:3b:54:f0:3c:af:83:3d:22:a1:07: + 7a:5b:f0:16:97:b8:ee:a4:d5:5a:f4:1e:89:e5:d3:fb:d0:b2: + cc:81:13:65:57:0f:2c:52:cc:b2:8b:a6:2d:b0:eb:e6:4e:12: + ae:31:e4:5a:5c:c4:65:33:8d:3b:fe:55:c5:65:74:80:92:25: + ef:e3:25:92:f1:b2:90:3f:59:c0:94:0b:fb:26:d8:4e:2f:21: + b2:69:7c:37:fd:28:36:b5:10:c8:04:46:28:3e:ff:5e:39:74: + 50:4d:59:ab:a2:75:bf:ad:78:3a:b2:b6:0c:37:21:78:0f:8c: + 73:b8:cc:36:02:ba:5f:1c:eb:c5:7b:77:c5:50:9e:3b:7e:17: + ce:17:73:50:d0:4c:46:86:f8:0c:d9:d1:eb:bb:3f:e7:f3:6e: + 09:27:49:0b:8f:70:2e:64:8b:15:2e:f2:16:a2:fe:0f:01:87: + 45:b8:2d:a3:a9:e2:5b:0c:f0:e8:79:db:cd:30:45:86:4e:49: + e7:37:38:b8:71:28:92:3a:0e:ac:1c:81:25:d7:d3:1a:c8:e5: + 1d:47:8d:5b +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUBmZRhMJ+/AzPBSdMvNNVI+3LGfgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDAjoN8fgxq6JMs+OaAF+YqkfIdGrFRbj5Nlr2hKfO9zkYX3F/ttzPYFzGA +sRLzu4YdSqdh3VEVqJ1QJU+TW4ymQzClRn6AdFEXZmG6wJ31U+RNAlikJ6zvNesB +5g0PomezlR0z03BVbXOA3cfcIcZYmn3L5p3ir38UAnz4Rf9cdHp9sTUfdA/nDZdR +WBVBB/oSmSqEkkibCO6tJjcVPn57th6UNr652LZvJ3ET0T63np3WHuHLeyurIEbg +CJxUW8bbwlfTZ+4Az9LLC2Qxp5yX9Us3233V3ZGn7dwML5wEQlBGilnSnBDXDCXZ +ed7hTD1KWj8sbCChYJ8kaRoK+W55AgMBAAGjgcswgcgwHQYDVR0OBBYEFFIApL6L +XyNjXjEFh/RrUKcBcGPaMB8GA1UdIwQYMBaAFFIApL6LXyNjXjEFh/RrUKcBcGPa +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAjMyNOdSnP3Of2yBx7dbglHZPztMFJIK/MZQwvXp3iAmVDnl5 +IEhZajymoPM7VPA8r4M9IqEHelvwFpe47qTVWvQeieXT+9CyzIETZVcPLFLMsoum +LbDr5k4SrjHkWlzEZTONO/5VxWV0gJIl7+MlkvGykD9ZwJQL+ybYTi8hsml8N/0o +NrUQyARGKD7/Xjl0UE1Zq6J1v614OrK2DDcheA+Mc7jMNgK6XxzrxXt3xVCeO34X +zhdzUNBMRob4DNnR67s/5/NuCSdJC49wLmSLFS7yFqL+DwGHRbgto6niWwzw6Hnb +zTBFhk5J5zc4uHEokjoOrByBJdfTGsjlHUeNWw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/generate-chains.py new file mode 100755 index 0000000000..b4b60d6972 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate contains an unknown X.509v3 +extension (OID=1.2.3.4) that is marked as critical.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Target certificate (has unknown critical extension). +target = gencerts.create_end_entity_certificate('Target', intermediate) +target.get_extensions().add_property('1.2.3.4', + 'critical,DER:01:02:03:04') + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') + +gencerts.write_chain(__doc__, [target], 'target_only.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Intermediate.key new file mode 100644 index 0000000000..c314ae48ef --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuM+R3bV0B7qKkzzKDBFdNinsUx4yi5Cu+cDb0n546jxYV19w +Spaak1jTfkJgvXgHOGvkFo8yFzCxdpVWbX7lnvkP+FqZ7oDh5vzWrzNhqtoZmH/a +Jy+AvJYuUYH4GmMnC87uAhZVSpYKxcF+mZXocOdNKy+/09ItJX0PslCWNpXlLMoO +WbXUfDFXlvq+xtWag7WW8hxKIM++Dn9CT6e0W+IB9O1ZxG5RoaWqpx8EzuDSLP+j +dMfkKqjSf83xVoZn/nUiBfctOzvOXLmVTuXK2In2sxIntCJr+4P5Dt6ovjhbFWaB +O2LXUBIpaVvFWpmXqlHDNoiXycGQU0+z7Jk88wIDAQABAoIBAC5H7ON0uWXmFSXi +J0b2Yj1aKlB2U3oX9XmeDm6cNXOTQRxATkKfjH4x1GTeApPwJv6+JhRwL78W9poX +s9kf2ikBfjpXlgzgQbIyxyCA4YiDrb0+50bA4qBXi6nlvlf9VJ3kaD4lkZ5oDLKR +Tj7wB5GemvihsIw/KgclVnT1MWjhm6mtK2KhFEldi3FcTz2wa+Le3VgK51UUIQu7 +iliAfi5+gBf8HTvzCVCKqig7BJtjC2hYII1XSlCblnFZK4dzvBlpX0d58lgfWbOQ +Y7jxDg06Va94mjuW3YWVo50Rf1+WawhOLDg2LurQjNxS+XZ8aJcQgyfuBBHXwST8 +6RQ1j4ECgYEA5y8Qo918sdyWsVeaywQ5WPCl8TJcRjcSFhtvOpAqa8XPcxdWR33R +9Jh9I7/e3uXNoUsJx6QU7j7gno3iC31LDxOOqvj8NfH3GrSJLqhmSpCbGsK8ijR8 +BYyNfoMukqogqOwH6d7x8pvnV8Yd44giTtp0H52rR+RoYCVbuzNpP0MCgYEAzKYs +Y+/kq+nC4WneWg3crxX7XcOdVZYUaX7wfTvrfaLqNip0nHnk2ETudYNHL3tEoBPB +7vJ00nuxoZ4yE6K2JP0IpVVWZ/+uHj3midHJc/Qx8u8NBnD4bhnPFvxqUtUsDsX1 +Q1epX3p2MfWagiZ7Ct0TcyxIISpbsyGxHbSHeJECgYBDTiiCDJGpFpeoueCPCoPH +qQgm2IqUxqO1W/deDWrMRaLH1xt/ZNojY+HK7qlsK2tacgY+4T5WvmeWwaf1wFyB +3yfCDwseiXtvgvANbWmae88sU1Wgxvb0hp8LHhYJDQ7FHzKOnCHEiC8qFrvM6m1S +l7cHHVgobg8VLssuDSGvEQKBgQC+BDFFXbISWYuEZxt4vFRDEYMDDaVhmWc8iQvd +DCzcy87yGjuKKrfsgxxyakFHego/I/k211LXONi2+r7+cl7zOyqy8Oi4ybMvC0Sq +hOqrSnqyWXnbmDtjZ31cl2RVou80jGPtclCmgXuLacNbw0UN0jXEA8K5YK4iRk9B +CKWcsQKBgDg+eGqp3IUubm8spHDJuVWsX1ARHLtzDKwKIlKgyLNuBdiBP5W3cOI8 +n7Bv2wQeQCOEgf/PjQnlkHzHGbx3ggOcg8JsOQmlGMGAe17lqXaju8aB7/nGlGjn +gdyjpP26b1OYqDdnYmYFOWrqN1yqiNlzXOydO72m3Ra6j6R8KACj +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Root.key new file mode 100644 index 0000000000..402ab760f5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAwI6DfH4MauiTLPjmgBfmKpHyHRqxUW4+TZa9oSnzvc5GF9xf +7bcz2BcxgLES87uGHUqnYd1RFaidUCVPk1uMpkMwpUZ+gHRRF2ZhusCd9VPkTQJY +pCes7zXrAeYND6Jns5UdM9NwVW1zgN3H3CHGWJp9y+ad4q9/FAJ8+EX/XHR6fbE1 +H3QP5w2XUVgVQQf6EpkqhJJImwjurSY3FT5+e7YelDa+udi2bydxE9E+t56d1h7h +y3srqyBG4AicVFvG28JX02fuAM/SywtkMaecl/VLN9t91d2Rp+3cDC+cBEJQRopZ +0pwQ1wwl2Xne4Uw9Slo/LGwgoWCfJGkaCvlueQIDAQABAoIBAQCI58rMxMIHcPzT +SNR51oQrWEEQOF5CS2O4vqhs4esO1I45gNIjrdIKndLwcPXMnVOpl96SUkzIXW4c +AasmVj0WKUd4+zoOEqVlQcHSigjE2LTFnBlx/VOTcH56hxpaN1oL8MUmh/qigoNQ +6F6lQM5JSO6P/pPbDHQJwgsgaoQ5MsvHFBv8mrjRB+Dq78W4zYkN3IfBmsAjkAjF +FU2C5FEP8D3B59czbsxym0A6KtHc+Q9tGAcym6ANy9Qjv/pCYMBqViN1J5LH7ld1 +WtrRsdJi5CUyjbq4MH8bc1xwdHtShOCdxqEGl5QorPkBrGwN00Tuh5+Xsb5d7bzu +OUQ1385BAoGBAOZG6wVFPlnbQ+ugfHpBU4HzUyzLUFiVeVsgxBD55JmpY1zJGbdY +P9fktK0+xax9Y8f6tbwnBkafvbnaLZOK2swJN+UnMR/2/8FRSHcGrrISQ8v6Cp7Z +fsyIYzYeTzbGL63W5zCa3lPi7VHT+r23tXnvAllqrHCjHgKB4/6OH4uFAoGBANYQ +7o/tmZAYOPJ15F7NlNt6xfiirJ9EyQUoqpFkrOuAPDjey5RGNDKBAA5S0eI4w2o0 +xMkyQMvwnmGZsDxaJ/upm3KWtGu4Rm9hnnHx1LLw0Cc79C4AX8jnROWB1jjErO8H +wqMtt3tU2mhCCHLsXfvNueCeP/6raNtJ/O4Lt8dlAoGBAOOxx/2kJCzxdE1umObB +5XKfSOUH/GA7HI4Q7g3jKjkOlqNObdEuv6IYENclNIyER7+blUuAQuJeXVmB9ILp +T8NkchJyGE8FCor6dm7K+r409Tih+xJq+MgBLCh8+9KrUMXRszQKTkAgKI06z7n8 +BsOUo3wK0ItnnurXyLsRiPuJAoGBAKm2Zsxo/RRGf++KE/ItXtTa81V58w2aRRz3 +7rKydH2I/zW/PPti5UMdDuRMOOX3RsZO66zvUHvfWlHavOQ8PfLBtuIUJRo50G3B +oRKJPa5YSU6xs5c86LOo1vB2DVaYZtpi9qbUOeFnlniN0ZD7YE+f/Lvd+rJ3RvyE +HijD1YIZAoGBAJoEUyIjaN6rR25bD7nG1aVKaSWulMP4fOaZRjbClltWcMbo0szE +oCdyFh6XFRU2lOtiUxJTj6s/uSPlRFNVFYoVuR4qqiFlX4U6xrFAULQV5VfDf9D0 +2mwKGHBrJdajiCA43yCF+28YQXIVHbq+XBsnP+rgga5uFrx6Zc94twjk +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Target.key new file mode 100644 index 0000000000..3618047853 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvQXqOhwUodutLBg9JZzcHA8rHkLfwny0OeZLRevTohwr3PKM +CPWB3736ohocXJnLAMcxAshEXzHPnIJtPAxd99bMkf7z53oIF4XVdWHu3WZVPOJo +mDYZIOSbzSRso12JhIAuxxFOwYKygM4P6WpCVBD7wApTvhkBOLoGxZOTHISqJcfF +mk0yLqQTXm0H1p3lsClj2hS3YlFjk9workq8NazABurqC9VwYTsFeOTTrcOtlfFI +5Xmm3BIfFE8hn8pvet3WRciKYJYcAgYWGIAhWGr2gz4amLiyqSJEwiXp3Kmqvx0u +Py6heAiTBEzEH/mzNJ+neFsCpsrTH/q6TTSiuwIDAQABAoIBAFlzgSK6wzDNqqfh +WJ6CGs/Uhc0uTIHXTdrQlvKh5Wcj+cX3qjlbJXjiiMdJn/5acW0O1qzAZUq/YcZp +GpR+LcHpjqnQg1AZudaX6SpBjC6ODOxhIKpXf5DHXsu33wl4bGmd14UxNZnx5dN6 +sKD/PiBWYSzCNlsRrjhQIIBDlCy78xwXdqEpc3wPpm7G5heo1h1bbLs/BTlKqexv +IQlZm5KDHDhW4acDFn/Zbcg3yYT7JBM0N0sKT+G+W3prLI+q3scmMzVsdHpuhlex +D4mUDAbmEZIvb4FfJaW9j8XTPkdpfUmQycITGcZQvjDZowlrSvF08mXRlE+MPx4r +VMeGMVECgYEA4afnmif4B6nrPqUL9i7xLNXXlBHO0I4re48gcZAYU4Ej8hqwnNn9 +k0jLgmyyMjTQhxmuqbkU4eLnzc7VFpG4RC91wS/cGNBmrgg0xXx6eXqEQR1If5mX +mUjB4DEaJmTdjwWZAHDNcYX4h0AQ4cfC+juqY/jgyogzlxfSqJ7OpGUCgYEA1nDx +0/p+3JXEHmpTHKliSU1W3NGRycVXOWWuFWDnNFJ71srfAjaTOYDWSAxutT5WrCMD +Dyyk/z+bGDo+1cINoCSNuBylOdsLOD0DSwH7q9ZsB1ybcAjMSSD07OZ4TqWtQ6q9 +jVnrnR9Ky9C3RVraOLGkOUoON+l+iDMPES3N6J8CgYEA1oKiq+yq374rntWO1Wwy +YAi4ck2raJ59v2uDz/DG7zqoTRIKKlEfuM9OhqGFlCyYvpUvcLA8pa7p5L9l2ZqU +rFzhd9BjTkNuGKo8YC/AzZIl/zAzJvl/H3wGsXR8A1uHMtqDY+PXqL9OTmQcqEUZ +mH73ryl7p4xqXouK+jhc//ECgYEAuUH2CbX850CTn9snVjmXadBg3IBIvNG52yJW +1K1U0MT5q8S0CMtxQVpmxPPIqNfkNO5CdFeTa9hdev7GzhDJiLJLpOVKcMMl3D4J +nEFoVTn3NhzxREa1he/s6MTq5rcHCtB01ar7fFBOY+o6irZElHoTcFLkGbWk1LGX +sLWrj+0CgYAtTDDY2yvAPEYaaNFLmx92xQHCBjzepyoB3mipr0V4nO/VcM1ycUOz +09ZRn6eRUK8CsIps2CQJc8jeH7LUzUn1MU0b4l1YYE1wVSuIt1aOaCFkZP2V+GA1 +8A6E0cvGBcD2foLFrWlOq8TOBKuzt7OZv95obn2prn5R31ZQixYZqg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/main.test b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/main.test new file mode 100644 index 0000000000..d3efd0a270 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/main.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only-trusted_leaf.test b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only-trusted_leaf.test new file mode 100644 index 0000000000..95b53feffa --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only-trusted_leaf.test @@ -0,0 +1,10 @@ +chain: target_only.pem +last_cert_trust: TRUSTED_LEAF +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only.pem b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only.pem new file mode 100644 index 0000000000..0a9bf791ca --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-unknown-critical-extension/target_only.pem @@ -0,0 +1,94 @@ +[Created by: ./generate-chains.py] + +Certificate chain where the target certificate contains an unknown X.509v3 +extension (OID=1.2.3.4) that is marked as critical. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:9a:ac:ff:32:38:c0:2f:b6:e5:63:63:94:45:6d:aa:aa:c4:b6:e5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:05:ea:3a:1c:14:a1:db:ad:2c:18:3d:25:9c: + dc:1c:0f:2b:1e:42:df:c2:7c:b4:39:e6:4b:45:eb: + d3:a2:1c:2b:dc:f2:8c:08:f5:81:df:bd:fa:a2:1a: + 1c:5c:99:cb:00:c7:31:02:c8:44:5f:31:cf:9c:82: + 6d:3c:0c:5d:f7:d6:cc:91:fe:f3:e7:7a:08:17:85: + d5:75:61:ee:dd:66:55:3c:e2:68:98:36:19:20:e4: + 9b:cd:24:6c:a3:5d:89:84:80:2e:c7:11:4e:c1:82: + b2:80:ce:0f:e9:6a:42:54:10:fb:c0:0a:53:be:19: + 01:38:ba:06:c5:93:93:1c:84:aa:25:c7:c5:9a:4d: + 32:2e:a4:13:5e:6d:07:d6:9d:e5:b0:29:63:da:14: + b7:62:51:63:93:dc:28:ae:4a:bc:35:ac:c0:06:ea: + ea:0b:d5:70:61:3b:05:78:e4:d3:ad:c3:ad:95:f1: + 48:e5:79:a6:dc:12:1f:14:4f:21:9f:ca:6f:7a:dd: + d6:45:c8:8a:60:96:1c:02:06:16:18:80:21:58:6a: + f6:83:3e:1a:98:b8:b2:a9:22:44:c2:25:e9:dc:a9: + aa:bf:1d:2e:3f:2e:a1:78:08:93:04:4c:c4:1f:f9: + b3:34:9f:a7:78:5b:02:a6:ca:d3:1f:fa:ba:4d:34: + a2:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D6:55:4E:AC:07:84:35:A9:0D:9A:63:45:82:73:4E:A4:CC:53:B0:02 + X509v3 Authority Key Identifier: + 8A:E3:E6:F6:58:6F:1C:90:B4:67:A5:14:D8:64:E7:F7:00:77:61:01 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + X509v3 CRL Distribution Points: + Full Name: + URI:http://url-for-crl/Intermediate.crl + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + 1.2.3.4: critical + .... + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2d:da:b3:73:a9:3c:2f:ac:6f:a6:db:80:c2:82:ea:0f:6e:bd: + 58:35:f5:d5:69:3f:73:26:e6:80:cd:39:d1:cf:38:f8:19:dd: + f7:cf:57:70:44:3b:83:5a:8d:91:7b:02:a9:e8:ef:06:1e:b6: + 4b:97:ff:0e:96:ee:fe:85:ea:b4:93:ba:0e:b1:15:ef:ff:f6: + be:0d:f2:2a:d6:2d:df:43:a9:e8:a0:e3:50:bb:56:af:51:05: + 1d:50:f3:58:f4:41:f0:ea:b4:1e:34:99:ac:d5:b8:34:78:96: + 73:2e:62:e5:7e:b5:1d:e4:08:52:b4:8f:28:bf:b7:75:23:71: + f2:31:b2:ad:eb:4c:94:ec:79:09:0c:8b:94:38:a8:c8:82:e8: + 42:e4:72:50:bc:4b:8e:0d:e8:c0:77:a7:94:8e:d4:35:36:73: + d4:1e:32:8f:19:14:8e:eb:26:61:bb:c9:9c:b5:71:08:40:61: + 52:8f:1e:a3:3d:01:2c:c8:a5:b5:c7:ac:42:ee:75:2b:a2:e7: + 77:65:98:1d:02:1c:95:d3:8a:1d:17:71:82:86:5c:f3:a9:44: + e0:54:c5:51:84:b4:3c:c9:f1:bd:25:2d:cb:23:f2:72:d2:8c: + f9:2d:c5:2a:4b:14:f5:df:65:53:e5:fb:2e:71:02:03:c5:6e: + 6f:0a:68:69 +-----BEGIN CERTIFICATE----- +MIIDsDCCApigAwIBAgIUTpqs/zI4wC+25WNjlEVtqqrEtuUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvQXqOhwUodutLBg9JZzcHA8rHkLfwny0OeZLRevTohwr +3PKMCPWB3736ohocXJnLAMcxAshEXzHPnIJtPAxd99bMkf7z53oIF4XVdWHu3WZV +POJomDYZIOSbzSRso12JhIAuxxFOwYKygM4P6WpCVBD7wApTvhkBOLoGxZOTHISq +JcfFmk0yLqQTXm0H1p3lsClj2hS3YlFjk9workq8NazABurqC9VwYTsFeOTTrcOt +lfFI5Xmm3BIfFE8hn8pvet3WRciKYJYcAgYWGIAhWGr2gz4amLiyqSJEwiXp3Kmq +vx0uPy6heAiTBEzEH/mzNJ+neFsCpsrTH/q6TTSiuwIDAQABo4H5MIH2MB0GA1Ud +DgQWBBTWVU6sB4Q1qQ2aY0WCc06kzFOwAjAfBgNVHSMEGDAWgBSK4+b2WG8ckLRn +pRTYZOf3AHdhATA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDKgMEAQH/BAQBAgME +MA0GCSqGSIb3DQEBCwUAA4IBAQAt2rNzqTwvrG+m24DCguoPbr1YNfXVaT9zJuaA +zTnRzzj4Gd33z1dwRDuDWo2RewKp6O8GHrZLl/8Olu7+heq0k7oOsRXv//a+DfIq +1i3fQ6nooONQu1avUQUdUPNY9EHw6rQeNJms1bg0eJZzLmLlfrUd5AhStI8ov7d1 +I3HyMbKt60yU7HkJDIuUOKjIguhC5HJQvEuODejAd6eUjtQ1NnPUHjKPGRSO6yZh +u8mctXEIQGFSjx6jPQEsyKW1x6xC7nUroud3ZZgdAhyV04odF3GChlzzqUTgVMVR +hLQ8yfG9JS3LI/Jy0oz5LcUqSxT132VT5fsucQIDxW5vCmhp +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/chain.pem new file mode 100644 index 0000000000..eb29d0800a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/chain.pem @@ -0,0 +1,278 @@ +[Created by: generate-chains.py] + +Certificate chain where the target was signed by a different +certificate with a different key. The target lacks an +authorityKeyIdentifier extension as some verifiers will not try verifying with +the bogus intermediate if the authorityKeyIdentifier does not match the +intermediate's subjectKeyIdentifier. + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:6b:f0:a5:aa:60:49:5e:d6:8b:7f:f5:b2:89:be:f7:78:1d:89:d2 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b6:34:1b:30:e4:7d:b9:40:ec:8c:d8:b7:d5:4d: + a0:0c:85:66:25:a7:bf:16:c2:d8:4e:6a:b5:d1:3c: + c1:63:a8:ff:96:24:87:59:14:9b:e0:00:8b:75:7a: + 52:5d:7d:a5:1d:fc:1d:f8:4b:eb:e3:74:b5:8d:e8: + 43:8d:dc:b9:3d:d5:47:86:fb:c7:d8:56:b6:91:03: + 76:56:ba:f9:35:6b:b6:71:44:51:a2:7c:24:02:e5: + f0:7c:67:34:21:e0:10:31:54:f9:6d:96:43:33:a6: + bb:ca:4c:f8:31:a4:16:93:6d:15:50:0a:5e:43:77: + ab:2d:4b:ce:79:80:ec:95:0c:a2:9b:7a:72:7d:f5: + a6:4a:28:14:a3:b8:eb:8f:88:84:08:e5:00:86:30: + aa:53:6f:b2:9e:5f:85:85:29:dd:94:aa:94:28:8a: + ca:50:13:f9:ac:08:64:8c:b9:80:65:ff:65:c1:a6: + 48:75:df:b0:9a:8c:0b:c8:d0:07:a9:8b:9f:16:69: + 51:81:c9:8a:33:81:3f:04:57:2c:06:53:c6:2e:c7: + 4c:99:6d:65:2b:a4:c0:b6:6a:ca:37:05:38:2a:64: + b0:7f:e5:ad:3b:90:77:bd:86:53:34:18:00:46:6a: + 37:0f:85:39:c5:95:96:ab:bd:a3:81:09:69:40:22: + 09:b7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7A:1C:A0:65:5A:CD:B7:F6:57:2D:AA:6C:C2:A7:B0:AE:60:FE:61:02 + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example + Signature Algorithm: sha256WithRSAEncryption + 42:20:d3:44:c7:c2:bf:44:3f:d3:c7:df:6f:15:17:34:04:40: + 4d:c6:d4:a9:2c:06:b1:41:78:4a:57:00:f3:65:22:17:ed:42: + 5a:e9:5d:a6:22:25:c0:9a:e0:1d:0b:5c:c6:fd:0e:05:6c:11: + b8:ae:cd:ad:91:bf:b9:4e:bb:81:28:a7:7e:47:01:0b:e4:73: + 29:4b:9a:6e:cd:01:0e:e6:3e:f0:19:49:24:1d:8e:04:5e:4d: + 1f:64:ad:5a:90:d8:22:18:7a:66:10:cd:4d:6a:2c:f4:31:82: + f0:31:e4:c5:2e:a5:1e:3c:52:77:de:c5:02:fc:0f:68:ee:8c: + 1c:24:4a:da:41:ba:ed:bc:4d:c0:f7:f0:27:7b:44:8f:ac:be: + e0:d5:49:89:c1:98:53:6c:7e:f3:27:82:70:a5:03:01:0e:39: + 82:b0:53:6e:26:5d:5e:a7:e6:8a:bf:8c:4e:00:38:1c:65:42: + c0:ff:8c:36:4f:fe:2f:1a:fd:3c:6a:75:3d:05:19:88:23:f3: + 84:eb:fd:53:2c:f4:98:c1:38:bb:a5:fb:a8:f7:b5:9d:1d:d1: + 20:33:2d:b1:68:f8:55:8b:63:df:20:f4:3b:88:0d:03:e0:4a: + 75:b4:b3:0b:c5:03:49:1d:18:78:65:93:bc:b0:66:61:e5:64: + b4:0a:e0:e6 +-----BEGIN CERTIFICATE----- +MIIDmDCCAoCgAwIBAgIULGvwpapgSV7Wi3/1som+93gdidIwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtjQbMOR9uUDsjNi31U2gDIVmJae/FsLYTmq10TzBY6j/ +liSHWRSb4ACLdXpSXX2lHfwd+Evr43S1jehDjdy5PdVHhvvH2Fa2kQN2Vrr5NWu2 +cURRonwkAuXwfGc0IeAQMVT5bZZDM6a7ykz4MaQWk20VUApeQ3erLUvOeYDslQyi +m3pyffWmSigUo7jrj4iECOUAhjCqU2+ynl+FhSndlKqUKIrKUBP5rAhkjLmAZf9l +waZIdd+wmowLyNAHqYufFmlRgcmKM4E/BFcsBlPGLsdMmW1lK6TAtmrKNwU4KmSw +f+WtO5B3vYZTNBgARmo3D4U5xZWWq72jgQlpQCIJtwIDAQABo4HhMIHeMB0GA1Ud +DgQWBBR6HKBlWs239lctqmzCp7CuYP5hAjA/BggrBgEFBQcBAQQzMDEwLwYIKwYB +BQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1Ud +HwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3Js +MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +FwYDVR0RBBAwDoIMdGVzdC5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQBCINNE +x8K/RD/Tx99vFRc0BEBNxtSpLAaxQXhKVwDzZSIX7UJa6V2mIiXAmuAdC1zG/Q4F +bBG4rs2tkb+5TruBKKd+RwEL5HMpS5puzQEO5j7wGUkkHY4EXk0fZK1akNgiGHpm +EM1Naiz0MYLwMeTFLqUePFJ33sUC/A9o7owcJEraQbrtvE3A9/Ane0SPrL7g1UmJ +wZhTbH7zJ4JwpQMBDjmCsFNuJl1ep+aKv4xOADgcZULA/4w2T/4vGv08anU9BRmI +I/OE6/1TLPSYwTi7pfuo97WdHdEgMy2xaPhVi2PfIPQ7iA0D4Ep1tLMLxQNJHRh4 +ZZO8sGZh5WS0CuDm +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7d:8c:81:7c:3f:7c:cd:c0:85:4b:99:ee:b9:df:b6:b1:07:4e:88:46 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b4:e3:56:b9:b0:39:df:ba:72:ab:22:55:10:91: + 0b:ac:73:32:70:19:51:96:6b:17:ba:78:a2:c8:77: + cc:d2:b2:0e:9d:de:b5:3f:6b:8a:49:80:b9:a6:23: + 9e:96:82:ff:41:65:bd:86:e3:bd:a4:bf:b9:19:85: + f2:0a:c8:3a:b7:87:d5:d6:6f:2e:c3:72:35:36:46: + 98:ec:d9:fd:0e:61:cb:0a:d4:65:c5:5d:a7:e0:cd: + 6f:ed:92:40:03:62:1b:00:c6:c2:02:1a:de:f1:67: + d5:f6:0b:82:aa:7f:dc:72:08:5e:be:81:57:1d:66: + 9a:82:bb:d5:b1:78:de:f7:6f:b2:d7:26:5c:b5:47: + 65:32:91:41:70:0f:3e:23:89:70:e3:0a:be:aa:a9: + dd:0e:e2:6e:8d:49:30:af:bb:ad:bb:3e:4d:0f:6d: + 43:c2:3c:41:20:26:68:af:a7:ec:83:6c:2e:2d:43: + 7e:16:5b:93:8e:b4:6c:ba:e7:26:8c:d1:60:93:4b: + 78:10:e6:a6:cb:97:b9:4f:fb:fc:3f:f0:68:a1:22: + f0:20:bf:5f:21:89:a8:5b:8b:fb:7d:a9:b2:ed:13: + a3:3c:d1:4c:c7:e5:ba:8c:ca:8c:76:f6:89:aa:8f: + 6d:44:0a:a4:d1:18:66:65:e5:04:25:b1:86:84:e4: + 2a:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 51:9D:BA:B2:87:A5:E9:E6:E3:E1:DB:F3:1B:0C:67:CB:6C:D1:C5:A8 + X509v3 Authority Key Identifier: + keyid:FA:79:49:F6:69:64:80:41:9B:1E:E6:2C:39:F8:36:2C:0F:F4:82:66 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 99:68:59:0b:1e:31:c3:e6:9a:27:95:89:cc:0a:79:cf:95:39: + 77:83:21:22:e3:65:77:26:19:ab:f2:5f:14:7d:50:cb:82:1c: + 92:06:d0:6d:c2:dd:34:17:69:fe:a4:34:8a:fe:b4:5d:e5:29: + 6f:f4:88:82:4f:2c:3d:97:a7:b6:7a:2d:df:23:89:50:a8:21: + da:70:78:d7:c3:c3:3e:c0:1e:29:53:97:d0:5e:cd:c5:9e:7d: + 05:20:be:7a:29:8d:5e:31:84:4c:de:57:6b:55:91:30:06:60: + b2:73:94:99:98:8c:cb:6f:aa:81:00:49:99:48:a5:04:cb:cf: + bf:af:9f:0c:d8:43:16:7d:d9:a0:42:37:b8:3d:ec:f9:81:2d: + 4a:09:ce:69:14:99:95:92:69:ba:4f:9f:04:05:af:a7:7c:4b: + 93:44:90:fb:00:73:1f:0e:87:1c:53:1f:db:48:c7:b3:8f:94: + a2:06:e2:66:8d:35:16:3f:6f:53:f9:4d:3f:43:ac:0b:7f:d9: + 41:85:b3:7c:6e:33:b6:31:99:fc:ce:dd:c4:22:2d:65:dc:97: + e8:56:20:a8:80:d2:1e:b6:2a:19:e7:cb:fb:ff:26:f6:53:37: + 2f:23:52:eb:d7:89:e7:78:22:f7:e6:8e:fb:cb:15:25:4f:4e: + 79:81:72:6c +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUfYyBfD98zcCFS5nuud+2sQdOiEYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTjVrmwOd+6cqsiVRCRC6xzMnAZUZZrF7p4osh3zNKyDp3e +tT9rikmAuaYjnpaC/0FlvYbjvaS/uRmF8grIOreH1dZvLsNyNTZGmOzZ/Q5hywrU +ZcVdp+DNb+2SQANiGwDGwgIa3vFn1fYLgqp/3HIIXr6BVx1mmoK71bF43vdvstcm +XLVHZTKRQXAPPiOJcOMKvqqp3Q7ibo1JMK+7rbs+TQ9tQ8I8QSAmaK+n7INsLi1D +fhZbk460bLrnJozRYJNLeBDmpsuXuU/7/D/waKEi8CC/XyGJqFuL+32psu0TozzR +TMfluozKjHb2iaqPbUQKpNEYZmXlBCWxhoTkKnMCAwEAAaOByzCByDAdBgNVHQ4E +FgQUUZ26soel6ebj4dvzGwxny2zRxagwHwYDVR0jBBgwFoAU+nlJ9mlkgEGbHuYs +Ofg2LA/0gmYwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCZaFkLHjHD5ponlYnMCnnPlTl3gyEi42V3Jhmr +8l8UfVDLghySBtBtwt00F2n+pDSK/rRd5Slv9IiCTyw9l6e2ei3fI4lQqCHacHjX +w8M+wB4pU5fQXs3Fnn0FIL56KY1eMYRM3ldrVZEwBmCyc5SZmIzLb6qBAEmZSKUE +y8+/r58M2EMWfdmgQje4Pez5gS1KCc5pFJmVkmm6T58EBa+nfEuTRJD7AHMfDocc +Ux/bSMezj5SiBuJmjTUWP29T+U0/Q6wLf9lBhbN8bjO2MZn8zt3EIi1l3JfoViCo +gNIetioZ58v7/yb2UzcvI1Lr14nneCL35o77yxUlT055gXJs +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7d:8c:81:7c:3f:7c:cd:c0:85:4b:99:ee:b9:df:b6:b1:07:4e:88:44 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:f9:00:80:eb:0d:65:6c:30:78:a7:66:72:14: + df:06:ab:f7:a6:30:bc:62:50:81:94:e1:45:f7:47: + 38:1f:35:99:9a:b9:26:e5:7b:32:a3:71:df:02:84: + 22:a0:09:32:13:6b:05:5a:8c:3b:2a:59:1a:89:0e: + 08:58:d0:a5:74:bf:96:7a:16:67:00:22:23:7c:07: + 37:f8:da:e3:7c:8e:a2:d6:81:18:fb:51:b1:f5:e5: + 0d:c5:28:4f:17:59:25:42:08:e8:f0:14:1d:8d:03: + d7:1c:48:94:f3:2f:70:2d:c4:03:7c:06:c5:ca:dd: + 15:d3:1b:d4:c8:e4:af:e7:c0:a9:90:f9:a4:c6:d3: + e6:28:0f:b0:34:a4:aa:7b:a6:df:45:2e:8f:cc:ba: + e1:86:e6:98:74:22:07:cd:33:a3:8e:d3:79:5a:28: + a1:d4:a1:e6:b2:7d:c3:6d:9c:61:67:ce:ca:74:b6: + 6f:d7:32:4c:c9:f8:d8:f2:f0:60:97:3d:2b:e2:b4: + 67:6c:69:08:23:bd:8a:71:65:a9:3e:62:7f:15:76: + 08:0e:cb:a9:b2:68:51:5e:5c:19:b0:83:8f:41:98: + d8:b1:0e:ef:26:ac:c5:f7:e6:34:8d:71:5f:1e:bd: + d4:db:c5:69:47:47:7c:91:88:d0:8b:c4:e1:7a:61: + a4:45 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FA:79:49:F6:69:64:80:41:9B:1E:E6:2C:39:F8:36:2C:0F:F4:82:66 + X509v3 Authority Key Identifier: + keyid:FA:79:49:F6:69:64:80:41:9B:1E:E6:2C:39:F8:36:2C:0F:F4:82:66 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 56:35:08:8f:8b:5e:ea:62:f3:6f:49:49:c3:45:54:12:cd:de: + ba:f2:66:12:99:c3:1f:01:bd:ac:08:3a:5e:12:3e:63:c5:b9: + 1f:05:81:3a:05:90:9b:d1:52:4a:bc:d2:61:2b:88:03:9b:03: + 5b:4c:da:04:c2:57:6a:e9:d9:ef:a4:50:d0:ae:af:99:0b:4a: + 98:e9:91:9a:4b:0c:3f:34:bb:c6:dd:c0:31:ba:28:1b:32:e9: + 12:48:90:3a:ec:cf:e1:82:95:34:93:02:69:c1:75:ba:57:3f: + 22:e2:76:f1:fa:8d:dd:d1:e2:ed:74:f4:69:c4:2c:79:ba:a7: + 86:e2:5c:fb:ab:2f:e6:67:b8:46:01:ab:23:d3:77:3b:1f:47: + 7b:a1:e0:66:7a:1f:c8:d8:b8:f1:91:94:70:4d:9a:c7:f6:ec: + a8:c5:b5:87:f6:df:5e:b0:6f:8f:6c:c8:18:6c:62:13:8a:ee: + 81:ff:7b:02:54:ab:e4:19:58:f5:57:e7:74:00:9b:e1:45:ac: + 1b:ef:89:c2:f9:e2:73:20:ba:ab:48:36:a3:d5:a4:a1:9e:1a: + 22:82:08:b0:9e:0d:46:dc:d2:4c:06:e2:80:b5:40:ef:c1:23: + 99:f7:79:62:5f:19:5b:1c:01:3c:70:0a:5f:d3:c4:43:ee:21: + 8a:dc:d3:ba +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUfYyBfD98zcCFS5nuud+2sQdOiEQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6+QCA6w1lbDB4p2ZyFN8Gq/emMLxiUIGU4UX3RzgfNZmauSblezKjcd8C +hCKgCTITawVajDsqWRqJDghY0KV0v5Z6FmcAIiN8Bzf42uN8jqLWgRj7UbH15Q3F +KE8XWSVCCOjwFB2NA9ccSJTzL3AtxAN8BsXK3RXTG9TI5K/nwKmQ+aTG0+YoD7A0 +pKp7pt9FLo/MuuGG5ph0IgfNM6OO03laKKHUoeayfcNtnGFnzsp0tm/XMkzJ+Njy +8GCXPSvitGdsaQgjvYpxZak+Yn8VdggOy6myaFFeXBmwg49BmNixDu8mrMX35jSN +cV8evdTbxWlHR3yRiNCLxOF6YaRFAgMBAAGjgcswgcgwHQYDVR0OBBYEFPp5SfZp +ZIBBmx7mLDn4NiwP9IJmMB8GA1UdIwQYMBaAFPp5SfZpZIBBmx7mLDn4NiwP9IJm +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAVjUIj4te6mLzb0lJw0VUEs3euvJmEpnDHwG9rAg6XhI+Y8W5 +HwWBOgWQm9FSSrzSYSuIA5sDW0zaBMJXaunZ76RQ0K6vmQtKmOmRmksMPzS7xt3A +MbooGzLpEkiQOuzP4YKVNJMCacF1ulc/IuJ28fqN3dHi7XT0acQsebqnhuJc+6sv +5me4RgGrI9N3Ox9He6HgZnofyNi48ZGUcE2ax/bsqMW1h/bfXrBvj2zIGGxiE4ru +gf97AlSr5BlY9VfndACb4UWsG++JwvnicyC6q0g2o9WkoZ4aIoIIsJ4NRtzSTAbi +gLVA78Ejmfd5Yl8ZWxwBPHAKX9PEQ+4hitzTug== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/generate-chains.py new file mode 100755 index 0000000000..18b1cfe8e7 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/generate-chains.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python +# Copyright 2019 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target was signed by a different +certificate with a different key. The target lacks an +authorityKeyIdentifier extension as some verifiers will not try verifying with +the bogus intermediate if the authorityKeyIdentifier does not match the +intermediate's subjectKeyIdentifier. +""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate, which actually signed the leaf. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +section = intermediate.config.get_section('signing_ca_ext') +# Don't include authorityKeyIdentifier extension in the target issued by +# the real intermediate, otherwise the verifier might not even try to validate +# the signature against the bogus intermediate. +section.remove_property('authorityKeyIdentifier') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) +# TODO(eroman): Set subjectAltName by default rather than specifically in +# this test. +target.get_extensions().set_property('subjectAltName', 'DNS:test.example') + +# Intermediate certificate issued by root, but which did not sign target. +bogus_intermediate = gencerts.create_intermediate_certificate('Intermediate', + root) + +chain = [target, bogus_intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate.key new file mode 100644 index 0000000000..5029e05d35 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4RLD2z64JItol6WLSHDUU2g01K6rkOAWdSNzlcU32O9y6KsZ +WWEvfLcUQGULVwSXwWm4RiRvE2qwO4PfHFJDZoTWSOwS/u3XeO7tIvDyQlYXHN4e +UcEkzJ/JjnWN3D7JMsp9ysY8zwzvbbPvRICMLB2o7JtoCZBPZQYLAHlaRN7Ux1do +oXy7C7t9A0msm5ZGz0lQVOeDlUlMOpkOV8rh0IT2awXmZxwGcPXDmIht8IU3Aem/ +WJke7U3MuRhi9X5C0R6w3IsmpibaDdk6rQFCyP/9u0wdf3rtjusbhJnou6b356Ex +IsWpao2/5/g08kAT5yjXXMvnP8Y3WXEEtXQZXwIDAQABAoIBAHb7KYh8VnITNF5+ +R+wqoUPaYZtRHyc+HwEblZ3GHSjUJEW1NXhXdPgT/GOyRtVgeyzmy2BhIEr+al17 +7/UT08edT35LNhuH9hFbFQcUoqzIv/0lupdzaBW4Hp/tqumUU15DR05rj3fRGb0/ +kqv+3Jrxrvwth0kO/bmlASnl/P9MYtbQYsU21xLAk1bSaCrm2XBDYdD+7BR/C5Ff +Xi8Rxg1eYcqdeh+DXHvPIONReMMRZA5OC6PpH63Fz4MhICKt4CfyWbhh4wJu8h43 +oURUggYvPYYZGpMBT5SBmeIfqVBHL7eX8uBeu+2uCZ3+1JugjeurX4puiGo+x2jB +S8iRqCkCgYEA+1PRaQCsIBE6MWRGa5GnSFP06ju6svgzyr/ZXhhPwnKZlsQfQXhh +XaDk59/Vd/ukWj20QVOyrr9EjrDlKihDl9c38wprfGU7YRfev+2Bd801sw1DzEzT +ZO2T/NU+d29dhk8tJCaGcQA6wdtExMXnn4OGqV0dWpOfr5PzAIdk0OUCgYEA5UH9 +4nGUEDJsB0wfRiwKyjO8meiqqvKVerzHigNJ31SqNtV3RpJ0yW9Z3bxF1gJIA+FB +WjYTxjD3TJT11IYZrv1mbCoSwM+At1btUrTBxM0Q7XRp+6yQFzqg7ZQDVIKOnyyH +VUlg72viMYuBF0M4rUjeFwya5TCST/Ec8octkPMCgYEAriGJwsWrfGBTQGtoexkk +nPFGjI+rsFpVkBFSamZPxLqf/ZyOx06/rx5N2vXzsjjQy5Fa9bQm5foxZufbL1VM +V8TOx/6dMEf3VzMxqyrEfBvbK95x7fgAszoEQbYBnMC1PNxYu2ZR2bM+ApiIUgmI +jLWVNH0GXH5RslXAlMo6KJ0CgYBpLqHA5sM7uyZ9IpumokZBBwOcyXaj/7A9I6eY +1nFqGXoOtlmG82LJmGDurpaL3XgU76AAN5dS8txDMoSnAO9/rZr0PUllVM6FT0iL +DYtpM3x0tVh6s21YevmihqoQd+XfeZqNsqDat/CLMqoDdj/moOvkP1BBnstCCilx +zDtHqQKBgQDsGJgCMHD0S7u+TfYXfFPSHI/gv4+B/Uuxs6v8qtFelMwER0/zY10u +Ijle5MwznwuI+6zJ5LT/sxbkLlxTtPs4xCz5Gr7xkaO2m/BZEYSgTRKTaUiVY/Ky +4tyr8Rs5gSdKySofwVcFGLje6gxQWIqNPjP/v1gV5rLGizXjSKu4tg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate_1.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate_1.key new file mode 100644 index 0000000000..399aa06069 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAtONWubA537pyqyJVEJELrHMycBlRlmsXuniiyHfM0rIOnd61 +P2uKSYC5piOeloL/QWW9huO9pL+5GYXyCsg6t4fV1m8uw3I1NkaY7Nn9DmHLCtRl +xV2n4M1v7ZJAA2IbAMbCAhre8WfV9guCqn/ccghevoFXHWaagrvVsXje92+y1yZc +tUdlMpFBcA8+I4lw4wq+qqndDuJujUkwr7utuz5ND21DwjxBICZor6fsg2wuLUN+ +FluTjrRsuucmjNFgk0t4EOamy5e5T/v8P/BooSLwIL9fIYmoW4v7famy7ROjPNFM +x+W6jMqMdvaJqo9tRAqk0RhmZeUEJbGGhOQqcwIDAQABAoIBABpYVgQ7Z2JvXE4S +dQMxrNqT+I+dEGXw+Qa+lS7PS/SP3FMf4ZP4DK8B4YgR/gH72ENlFwJzXuaEyeeu +u37YhLzAOuO9U7lBhACArbspUJLsqU7NenkRV+cE5L1cJJiZjEdDq3P1B+1u6xmn +uYMtliTBlVL3sYFltTE/PDNZ4Fd3HYz/9YYyGVb9I6VzDbFjkA9xySv0BabBlaZI +NmZJq4hfpnv14sWkNxg5XCCLJ1qSGGYjvce3V+FZngyi/LSHjWdjW1cbrl6ZmTvp +x/tVQpjCtAdEnX5OUW0s6WsK9C5F3uMFvYCc7wWFnI02jXwhTKzvnwu72UU1CpFh +Ehrf/+ECgYEA1+fZN/o3uwWLOxdAaVIk2LxaMAfJGlRV3QIdQbvyAd7Ln3u16Bl6 +wxOR0cmjaIYFlTh+pggukfF3d/ii0wz5wFQf02V1OrRBBl4C/Fv1teU6Y1WDFVuE +ZIZLI0UJhImxrb727zaej/uYfs8kQB+XwzCEJGhvUdoynGJMUjIUMCMCgYEA1nrA +2++qe+9uZHhv6Q4wEW601PdUeWGNjMzN/Yd1aByfxE3knHFmJkEi1cSXjB+xIcmB +BHwAcRZz35c/Aa78SofVSgEpBXgUl2MS1JKZlWs5jZKMASxKoSeOSSmtQ3aBEPVf +1g/N+ZuclOpHhuqPlHPo4QhulcO3WKby2zpSmXECgYBp2/aoOJn8q+IxTdw6B5mj +Xu6FYDvdGf6jhzbbFRC6lAeYoap2K5ACd+TmTIw/Yn74RCPsulRDIHaoLxN+kX0f +LOAR4UwSRXEgcxXZsCkQT11KeRH1ddK7CxFqMJ5TCsRAYUJn1Yr3I7AIdP3cJuFd +Rbt0snPqWSa5gITVRFKbqwKBgBVPvTodZmNKNz3kebo+nqgcx/shWFN3TglfkFhQ +zWm67mUjGEQzQGMstbln/2b8/yzMSPWZHLIf+QOOk8QnDwqY1Ki11M2mUOV6ArT8 +nCYssVtP5Hl5XTEGLS035u99JvX4a71pdJ4IyFZDsTfGtt2ZZtp1bAeVmvJEJH2E +HhEBAoGAeW/9h/kMEJ76hZQkIPFqnrJnM0Dzs/t9n6j7GU8zGXxgLZdqec+kvUqz +jXgpm5KloUYGarX02FICOGGq/txm9ec+mF0xrdJqG5oUxHmLdqd3uOaE2hZ+1oxL +N1RsGMTt5OO5uO/m0d1hTb02lES3aKF+iqlaFTGGdDJ3rFzeFUY= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Root.key new file mode 100644 index 0000000000..b120c45429 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAuvkAgOsNZWwweKdmchTfBqv3pjC8YlCBlOFF90c4HzWZmrkm +5Xsyo3HfAoQioAkyE2sFWow7KlkaiQ4IWNCldL+WehZnACIjfAc3+NrjfI6i1oEY ++1Gx9eUNxShPF1klQgjo8BQdjQPXHEiU8y9wLcQDfAbFyt0V0xvUyOSv58CpkPmk +xtPmKA+wNKSqe6bfRS6PzLrhhuaYdCIHzTOjjtN5Wiih1KHmsn3DbZxhZ87KdLZv +1zJMyfjY8vBglz0r4rRnbGkII72KcWWpPmJ/FXYIDsupsmhRXlwZsIOPQZjYsQ7v +JqzF9+Y0jXFfHr3U28VpR0d8kYjQi8ThemGkRQIDAQABAoIBAF+GVi6HaKm3s7AA +/sMsTKHw/C7JWYX1Ua8JxSBIH7E6RkcZb3jxD3cX93MmpTYUXKQ1GmAfox7ItVju +dW9C8jWKqMupZGhaCL0WRw96bZ02lpV3EZddLsnNg9KF/JqWLgXl3XTDIjHok19c +6dSxGOQY8BrOrwEtIThhUL5usDx7f5QqhnNA7QBXkrSp/Z/dYatUwemjd5/Utb1O +ybT/21j28cllwun5inaXveJhqxbCL48DyuidEOdoJPv7RIQ7MVuFerGkUWcZFjR1 +ASNCkej2AxSg/AludF3K2LitRQnN9wraqRnZ6jz5cz9XIAoHPYX2A3vdf4tRtd0+ +mlQ8BgECgYEA5b8guNfEjm6KUq2GD8yh7yJ9/wlRCBOLG9OEM4WObJ1Svdjl3Mb+ +OesioSy0XawU8SyI0fwJ96B9Y4NBZ4tDMrkeP4R7XDOMJvnSloTso0tD9i4HaRYr +TAXk6jKDLaeKy9RuU4TSvJRY3hz3Z3dVnhQAiYIIzYuEt7A5inJmNcUCgYEA0FaX +N7grNY3cGujFuo9AYQifUpfmKIr0/gPUknW8n33cH4ACqI1fQhMhc4LDC06RDoJz +aCpChdStFXOYnPNruJjRJ+ew+OlkZezCEv1yq0Quz/2HdOFtjKwL4dqi8hjEPXd8 +LTmOlqil/kVl2zvacZjSDUVTRTV0mBbstfnzHIECgYBYst+ZPYRfUQIKRYAanXBv +eKuYSSqFqbXtOk4x7gA8osiNDy4/fHwuND+cZjwEZil3qy/vkhTvC4EdaFFZ/oQl +Ex9Aeo9921Diw1SwVAVgTfChHMgzpCF3Kldkq7fFaofFhfBKQl9x+vwMVLaXtZTS +gPpsHE31vUWx/VFZyCz52QKBgEW65av5kUTAcU30YNG7RpHzn9e2DYu+TpeCUrCe +hX5gUr+cScd+YcasvoJ53qw3JKfVk6jmlBNVBoVqhkbp1kEXrNGNY5c8DqVqo95V +Q/78uCpXMfI1zUPLBcMXOXiMP4pPJpnAbPASDFTZh2jkVI22138nl+JPLPIGoj2a +JfuBAoGAdtofEu4Xrp5/dB8LQQ61rNjb3ANOOylhZrFVnm4KAALc+1pf5LHeELDz +vVVK0x9qri5Mh9eHuiOqyzPyGgcsGkdClXQPxnOf1dJ7NxV4Q9IY0yR/wP3CMFI3 +Zh3XWoruzRPzPGpki+uEKXODE8usUY1rKiXBQxgWPyoPPb+TbDA= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Target.key new file mode 100644 index 0000000000..5060037fcd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtjQbMOR9uUDsjNi31U2gDIVmJae/FsLYTmq10TzBY6j/liSH +WRSb4ACLdXpSXX2lHfwd+Evr43S1jehDjdy5PdVHhvvH2Fa2kQN2Vrr5NWu2cURR +onwkAuXwfGc0IeAQMVT5bZZDM6a7ykz4MaQWk20VUApeQ3erLUvOeYDslQyim3py +ffWmSigUo7jrj4iECOUAhjCqU2+ynl+FhSndlKqUKIrKUBP5rAhkjLmAZf9lwaZI +dd+wmowLyNAHqYufFmlRgcmKM4E/BFcsBlPGLsdMmW1lK6TAtmrKNwU4KmSwf+Wt +O5B3vYZTNBgARmo3D4U5xZWWq72jgQlpQCIJtwIDAQABAoIBACZ4F+mZxIWxlIAk +XaP2kL00CR4YLbtThjIAS8USq84r51K/AaioNkT0OH2kRvGgTpVnHrjG5tYOVSrS +CDlSifXpKwHv9QDTRhaWAY1MSsOhq1J81zOUPFI0VDMf4xzn3uNbipI9sJCeOnX7 +DEgG2hFkbaSJm99oy8Zzg/OZadoKBmPoNJryr4K8lvJU15KjQc2zUoyW880ZIBRg +zpnq+yKu7fSgACjQ26xmhdW+eCx8cm7hvstMaSOY8fTqV8cGbk/emYfwRaHjZpHp +6k8ZDCuItBe5MaBgKDvpgEHKT3OMuV9miHhewrYkD0/q5OY4ottGD1WKqAcDqFhW +SbmyLgECgYEA6qBT2exrwNycFcuGj3s8H5Gzu/SX8pOpE2M+c88bxbW5oQFp/UFp +52o4ew0tt8gfIZbSeakt2tkHR15vBDgwI253o1/Oo7ebQzKpvPgA/Vb+TeWZIsT2 +MFemLiYFTYXGMIbAf5pO+cUbxAAViJymtWYjd38Ku9xlZMVcIKqsmrcCgYEAxs09 +C/6BP2jYgOPuKpR1dO6wWPCqHr5x9SQPdN0eX4zn8kqh8Vwg0ioXECRiqD2VsJPp +ElPvHwBwetIXN9mDym2hUorPoldlIiXGS5IQMa2RYzFRIq39POkM3zOa0m17iMJK +iM4ioXUUvijQCWmvNZYyoBMJE8yq+bSdwosjCQECgYBov7mP4pBc42FADcR+jGtU +QM14jYPFBg2HHVjFhWKFy1MbwbDbI3gvm+mpbkHJ+iuD6H0BWfmh6iDoyQ1RWfCL +8QayxtRPnWpQ/u5u8l4mvM7+YhITRtIO1SLZGZpmeOH5yj9o+LBnrItv3wW+HwoC +lJ4i/HIDWytdaQtvfiNfUwKBgQCZ8w/GPQVb1FZsoZWq9aJrtfdsOJqVCkf3XUB2 +8FD4D4cC81arMPvdpGiNwI+B14cW4cPIxKTVLiLsicsfHdtYJEOcRxB5mBIiOnxv +wyG1RsLivKsnHvOPeq3UHwNS1yOmCUds36yjuaYhiDtqPqRG7BQyL+uEoKb6jirp +H5Q3AQKBgDZUqsflVB4ltD7zWLsjedqZflEaDaiHmzAmTLmxX/BLrJEl4NnK6Fad +bAo07eHnCfvAEVYJb2+/2eBm/p+vVa5k5/M0vMevtEkJy/3SwXsNDUsv22K4XrPB +YiEO8AoNGRGw6gS820jAKglKD9Na2T0pofajhHGCGc8CIzqbZP/x +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/main.test b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/main.test new file mode 100644 index 0000000000..59e794c948 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature-no-authority-key-identifier/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/chain.pem b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/chain.pem new file mode 100644 index 0000000000..c6db4fea03 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/chain.pem @@ -0,0 +1,274 @@ +[Created by: generate-chains.py] + +Certificate chain where the target certificate has an incorrect signature. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 64:12:b2:41:aa:b4:4c:d7:9a:e2:15:7a:bc:3b:e5:1c:2e:2f:6f:9a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a3:10:52:35:1d:ac:4e:a5:23:41:40:b1:1d:66: + 30:25:bc:dd:a5:62:66:d1:74:db:5f:bd:5d:96:07: + 08:94:c4:61:a4:e9:07:31:f9:e8:6a:52:f5:8a:3d: + 1c:6d:00:c8:47:51:30:99:42:8b:27:11:48:e9:c6: + de:db:ff:7f:ee:6e:29:cf:48:77:1e:63:11:bc:2a: + 81:fb:3a:5d:4e:d2:b8:0c:ce:68:6b:61:f2:bf:64: + da:aa:3f:06:74:47:77:72:08:d2:a3:c3:35:cf:e5: + dd:13:f7:d3:45:21:f5:9c:cf:7e:50:56:53:11:c8: + eb:90:f2:a2:eb:8f:9d:c1:07:c4:b8:4b:38:04:3d: + 7f:be:73:36:3e:5f:c4:7e:37:a7:0c:88:8b:a8:63: + 79:74:b4:2c:c6:7c:52:61:e1:03:d3:ff:4f:c5:50: + 63:19:83:eb:f3:89:a3:91:e5:90:ab:80:43:18:3e: + c8:77:ac:69:97:cf:2f:5b:be:a9:59:89:99:3a:5d: + 87:c4:4f:97:4a:60:18:ea:ea:a5:b7:1e:61:57:98: + 50:55:91:13:34:0d:03:65:a4:f4:bb:63:e6:bb:3e: + 9f:03:84:f7:e6:63:d0:f3:82:5b:0c:96:b1:32:f2: + 2f:2a:55:5b:24:a6:b6:33:62:6e:ed:0b:f2:77:f8: + f8:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:59:39:C0:2B:03:0A:9B:BF:AA:A8:AB:B2:FB:AF:95:88:63:CA:6E + X509v3 Authority Key Identifier: + keyid:CC:47:D8:FF:8B:67:33:FB:F5:CD:D0:A7:B6:12:A0:19:27:27:D1:57 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 56:c1:31:dc:59:0e:4f:9d:6f:91:77:f7:6b:55:54:a5:34:37: + 8a:e8:37:88:d6:84:d6:d9:b2:80:61:3c:8a:68:01:bb:ef:f4: + ee:23:51:ca:58:ea:a4:62:cd:93:78:a9:e2:79:49:aa:d4:02: + da:55:55:98:8e:15:70:08:b1:0d:01:2e:3a:0e:27:10:76:03: + 41:2d:3f:1a:7e:45:ba:8e:fc:9a:d0:19:be:85:72:db:cc:ff: + 7a:87:39:07:87:c0:89:b5:bd:d2:43:db:86:6b:0e:9a:08:1d: + d3:ea:c6:ca:68:5b:88:b2:89:1c:55:72:a5:8f:c0:0e:19:db: + fd:65:42:5c:6b:fe:a7:83:6a:63:96:a8:27:dd:16:61:31:03: + 74:9d:bc:f5:90:20:90:31:8e:94:9e:a9:99:15:55:47:a1:20: + 49:82:a4:38:a9:6b:eb:73:56:1d:e7:80:f0:46:76:4a:f9:8a: + 9b:d0:dd:ab:9c:ab:eb:63:f8:e1:90:a2:b5:85:54:8d:90:e0: + 56:a3:0c:46:bd:7a:c5:f6:11:96:7e:da:d1:f0:38:c6:91:f3: + ed:8d:2a:a0:4a:6b:60:76:a4:7f:57:0f:ff:14:26:d5:3d:6f: + 4a:96:c0:14:c3:2d:62:e0:17:65:b2:4f:42:08:dc:9e:52:e6: + 27:66:45:ce +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUZBKyQaq0TNea4hV6vDvlHC4vb5owDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAoxBSNR2sTqUjQUCxHWYwJbzdpWJm0XTbX71dlgcIlMRh +pOkHMfnoalL1ij0cbQDIR1EwmUKLJxFI6cbe2/9/7m4pz0h3HmMRvCqB+zpdTtK4 +DM5oa2Hyv2Taqj8GdEd3cgjSo8M1z+XdE/fTRSH1nM9+UFZTEcjrkPKi64+dwQfE +uEs4BD1/vnM2Pl/EfjenDIiLqGN5dLQsxnxSYeED0/9PxVBjGYPr84mjkeWQq4BD +GD7Id6xpl88vW76pWYmZOl2HxE+XSmAY6uqltx5hV5hQVZETNA0DZaT0u2Pmuz6f +A4T35mPQ84JbDJaxMvIvKlVbJKa2M2Ju7Qvyd/j48wIDAQABo4HpMIHmMB0GA1Ud +DgQWBBQZWTnAKwMKm7+qqKuy+6+ViGPKbjAfBgNVHSMEGDAWgBTMR9j/i2cz+/XN +0Ke2EqAZJyfRVzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAFbBMdxZDk+db5F392tVVKU0N4roN4jWhNbZsoBhPIpoAbvv9O4jUcpY6qRi +zZN4qeJ5SarUAtpVVZiOFXAIsQ0BLjoOJxB2A0EtPxp+RbqO/JrQGb6FctvM/3qH +OQeHwIm1vdJD24ZrDpoIHdPqxspoW4iyiRxVcqWPwA4Z2/1lQlxr/qeDamOWqCfd +FmExA3SdvPWQIJAxjpSeqZkVVUehIEmCpDipa+tzVh3ngPBGdkr5ipvQ3aucq+tj ++OGQorWFVI2Q4FajDEa9esX2EZZ+2tHwOMaR8+2NKqBKa2B2pH9XD/8UJtU9b0qW +wBTDLWLgF2WyT0II3J5S5idmRc4= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6a:9f:ff:3a:b6:b8:fe:7d:22:0c:6a:3b:9d:e9:cc:59:3d:d5:60:ed + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e8:a7:ff:7c:21:83:d4:bd:ed:f4:09:73:79:69: + 0c:ec:79:18:79:54:2e:a6:87:f3:7b:65:e8:73:6a: + a5:af:fd:00:6b:c9:ed:86:50:18:f0:4c:d9:12:17: + 3a:23:ae:7a:49:3d:71:7c:6e:da:4f:7b:ed:55:73: + e8:71:5c:72:13:84:8f:83:aa:30:4f:0a:bc:38:51: + 75:47:67:c3:6c:5e:e8:af:96:07:4a:0c:f7:5d:c1: + 82:ea:02:e2:c3:da:57:68:2c:03:1a:a0:d9:51:05: + ef:ec:67:cc:fd:c4:09:b4:f7:2f:c7:5a:df:84:7f: + 15:60:32:9d:17:4e:4b:3c:15:48:a7:42:a1:f5:d4: + 04:82:bb:cc:18:3a:ab:07:d1:66:82:9b:0d:b0:ef: + d8:47:18:71:78:e6:07:47:97:29:24:0c:7a:12:ab: + 2f:4b:14:ec:35:7a:d2:a3:2a:16:0c:0b:91:5a:e2: + f2:64:93:85:1d:e2:27:7e:7e:cd:eb:5f:83:d7:07: + 0c:06:b8:8f:44:91:0c:37:d8:86:65:23:1a:fe:8f: + 69:3e:bb:20:bb:ef:1b:18:1b:fd:2f:bf:5b:d3:be: + da:2d:9f:9a:57:6b:4b:73:3f:34:04:99:5d:a1:73: + b5:08:d1:bb:9a:5c:88:a0:f8:65:1c:e7:7f:f3:95: + d0:fd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:51:BA:4C:14:B3:B7:2B:E2:AE:4C:1C:35:21:7C:DB:92:18:AB:53 + X509v3 Authority Key Identifier: + keyid:5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + d4:1e:bf:d9:98:97:43:3d:5d:ca:eb:f0:2c:40:8b:91:46:f1: + 4c:f9:61:ac:c0:72:b1:07:5e:67:23:46:ba:ea:ce:1b:e6:f7: + 69:7a:14:30:0b:8c:4e:b0:ff:c3:11:ab:e6:fb:1e:a2:f9:f4: + f0:41:0d:ce:0f:4c:82:5b:b6:fd:a6:1b:8a:8f:da:8e:0f:a9: + 19:0a:26:59:c4:42:84:a2:b9:60:ed:6a:11:6e:f0:05:18:67: + bb:18:e6:de:00:dd:a0:a7:42:29:c6:a1:b4:aa:81:56:e4:12: + 39:1f:8a:0e:5b:2c:f7:07:7d:ad:db:be:86:89:f2:24:ee:b3: + 34:f6:75:fe:5c:4e:fa:1f:6a:fc:2e:93:ca:0e:6e:33:a6:ba: + 7e:a8:3f:66:2c:cb:16:b0:93:80:91:50:7e:7b:76:af:e4:7c: + fc:35:a2:f5:b1:4a:07:7b:b4:8e:da:76:c0:43:91:83:81:47: + 10:2f:bb:2b:63:a0:63:e6:a4:24:01:75:69:ad:0c:62:ad:24: + 3f:01:b4:a9:b4:77:85:b9:4a:79:4f:35:9b:e8:1e:7e:e5:0e: + 22:ce:f6:76:ad:58:f9:53:7f:d9:d5:0c:43:5a:c4:7b:1e:a4: + 7d:af:03:9c:a0:56:92:6f:b4:bc:f7:71:08:1a:6a:07:a1:f2: + 79:8d:a4:4a +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUap//Ora4/n0iDGo7nenMWT3VYO0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOin/3whg9S97fQJc3lpDOx5GHlULqaH83tl6HNqpa/9AGvJ +7YZQGPBM2RIXOiOuekk9cXxu2k977VVz6HFcchOEj4OqME8KvDhRdUdnw2xe6K+W +B0oM913BguoC4sPaV2gsAxqg2VEF7+xnzP3ECbT3L8da34R/FWAynRdOSzwVSKdC +ofXUBIK7zBg6qwfRZoKbDbDv2EcYcXjmB0eXKSQMehKrL0sU7DV60qMqFgwLkVri +8mSThR3iJ35+zetfg9cHDAa4j0SRDDfYhmUjGv6PaT67ILvvGxgb/S+/W9O+2i2f +mldrS3M/NASZXaFztQjRu5pciKD4ZRznf/OV0P0CAwEAAaOByzCByDAdBgNVHQ4E +FgQUHlG6TBSztyvirkwcNSF825IYq1MwHwYDVR0jBBgwFoAUWyJOsDJ3m5Immzvp +djHO+0OHoyowNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQDUHr/ZmJdDPV3K6/AsQIuRRvFM+WGswHKxB15n +I0a66s4b5vdpehQwC4xOsP/DEavm+x6i+fTwQQ3OD0yCW7b9phuKj9qOD6kZCiZZ +xEKEorlg7WoRbvAFGGe7GObeAN2gp0IpxqG0qoFW5BI5H4oOWyz3B32t276GifIk +7rM09nX+XE76H2r8LpPKDm4zprp+qD9mLMsWsJOAkVB+e3av5Hz8NaL1sUoHe7SO +2nbAQ5GDgUcQL7srY6Bj5qQkAXVprQxirSQ/AbSptHeFuUp5TzWb6B5+5Q4izvZ2 +rVj5U3/Z1QxDWsR7HqR9rwOcoFaSb7S893EIGmoHofJ5jaRK +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6a:9f:ff:3a:b6:b8:fe:7d:22:0c:6a:3b:9d:e9:cc:59:3d:d5:60:eb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:df:f9:b3:49:5f:c8:1f:a6:a5:bc:9e:5d:08:17: + 7e:a5:87:b6:d2:53:a6:c2:ce:73:29:cb:f4:35:07: + 26:c5:b0:ef:87:ca:a0:64:db:7f:e4:2c:05:da:81: + 8e:98:b8:80:d2:f1:c3:e5:d6:6c:1a:ac:90:8f:f0: + 4d:43:fd:09:f4:eb:17:fa:c4:cb:da:2a:56:7e:b6: + d2:ce:6d:5f:d5:ec:01:67:af:02:3a:d6:18:a2:61: + 43:f6:ff:45:10:c4:8e:c1:15:1b:a0:88:77:45:82: + 39:10:f8:d7:2c:26:13:df:20:62:0f:9a:5d:69:d1: + ae:4e:c2:28:30:0c:dd:d5:6e:8e:23:d0:45:f3:4f: + 2c:9a:f6:f7:d4:fd:b8:6e:28:32:74:57:94:5d:f8: + 3f:51:ef:11:21:09:27:3c:05:46:86:78:63:f6:c5: + 0d:7c:28:e5:b7:1a:66:f4:91:59:f2:91:16:a2:7b: + 0a:34:e7:30:78:72:73:10:dc:b7:60:cd:d3:ea:8b: + 09:0e:7c:9c:01:f9:f5:d8:ce:35:86:8f:60:e4:00: + 38:98:81:ac:36:1a:25:7e:c6:59:bd:79:53:5b:83: + f0:72:50:78:a2:3f:53:45:fc:64:56:40:ed:64:5d: + 7d:df:62:4f:a0:01:25:19:59:9f:84:e6:c7:21:04: + b8:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A + X509v3 Authority Key Identifier: + keyid:5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 16:d1:9e:75:72:6b:30:1b:89:1b:ea:97:b9:28:bf:93:75:1b: + 51:3c:89:47:1e:58:59:87:1e:f8:aa:8a:d7:b9:7d:60:42:44: + 39:da:8d:84:f2:e1:97:8f:9c:db:46:cf:49:54:f0:af:fd:7a: + 38:77:9b:c1:d1:1b:21:4f:05:3c:2e:19:e4:42:76:35:f3:ef: + 38:45:a1:a5:b3:ab:e1:8b:13:32:3e:89:4c:49:f9:32:df:02: + c1:f3:1f:d5:77:9c:c8:87:c7:73:0b:94:e1:74:65:64:8a:ca: + 69:b0:c4:81:91:be:05:a2:6d:09:e4:29:78:66:af:89:54:96: + 9c:bd:ad:bc:1e:e6:64:01:48:93:63:d5:aa:72:87:0d:65:98: + 2c:b3:b4:85:97:b5:4e:fe:b3:31:0c:e8:85:eb:c4:5f:65:c6: + f4:00:a4:26:7b:ae:17:b7:6c:89:95:db:e5:c1:50:65:ee:f5: + 73:28:26:21:24:0b:b3:4a:e6:24:e9:c1:b9:e1:5a:6a:86:35: + c3:44:8e:b1:30:10:79:38:fe:96:1c:07:ad:43:22:ec:58:c6: + 1f:66:93:50:52:4a:7e:a6:74:4b:c3:31:53:c0:3e:f9:a3:3a: + ea:0c:e9:b5:c1:8d:c3:93:e9:f5:89:12:98:cd:85:63:33:12: + b7:6e:63:cd +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUap//Ora4/n0iDGo7nenMWT3VYOswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDf+bNJX8gfpqW8nl0IF36lh7bSU6bCznMpy/Q1BybFsO+HyqBk23/kLAXa +gY6YuIDS8cPl1mwarJCP8E1D/Qn06xf6xMvaKlZ+ttLObV/V7AFnrwI61hiiYUP2 +/0UQxI7BFRugiHdFgjkQ+NcsJhPfIGIPml1p0a5OwigwDN3Vbo4j0EXzTyya9vfU +/bhuKDJ0V5Rd+D9R7xEhCSc8BUaGeGP2xQ18KOW3Gmb0kVnykRaiewo05zB4cnMQ +3LdgzdPqiwkOfJwB+fXYzjWGj2DkADiYgaw2GiV+xlm9eVNbg/ByUHiiP1NF/GRW +QO1kXX3fYk+gASUZWZ+E5schBLgvAgMBAAGjgcswgcgwHQYDVR0OBBYEFFsiTrAy +d5uSJps76XYxzvtDh6MqMB8GA1UdIwQYMBaAFFsiTrAyd5uSJps76XYxzvtDh6Mq +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAFtGedXJrMBuJG+qXuSi/k3UbUTyJRx5YWYce+KqK17l9YEJE +OdqNhPLhl4+c20bPSVTwr/16OHebwdEbIU8FPC4Z5EJ2NfPvOEWhpbOr4YsTMj6J +TEn5Mt8CwfMf1XecyIfHcwuU4XRlZIrKabDEgZG+BaJtCeQpeGaviVSWnL2tvB7m +ZAFIk2PVqnKHDWWYLLO0hZe1Tv6zMQzohevEX2XG9ACkJnuuF7dsiZXb5cFQZe71 +cygmISQLs0rmJOnBueFaaoY1w0SOsTAQeTj+lhwHrUMi7FjGH2aTUFJKfqZ0S8Mx +U8A++aM66gzptcGNw5Pp9YkSmM2FYzMSt25jzQ== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/generate-chains.py new file mode 100755 index 0000000000..76dca75931 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/generate-chains.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the target certificate has an incorrect signature.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate certificate to include in the certificate chain. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) + +# Actual intermediate that was used to sign the target certificate. It has the +# same subject as expected, but a different RSA key from the certificate +# included in the actual chain. +wrong_intermediate = gencerts.create_intermediate_certificate('Intermediate', + root) + +# Target certificate, signed using |wrong_intermediate| NOT |intermediate|. +target = gencerts.create_end_entity_certificate('Target', wrong_intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate.key new file mode 100644 index 0000000000..32e8c7ae3a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAv12slKRtkEHiuKgjRNMLoBYPqdGGpn0WGwp0eO9+/WZ0jdee +1GvsgqcYWRumNn2zaaxdcHSIN0kqW9Lr21beVPc1Wjy2smkjxfZzlXiAjGKVDS+N +DmTiZioFfv1wI60AOW0tM6cArzd0Qb9nSb1RwVTI0x6H8YcTesDkIFIV/PFMnoQw +cpPfDnGUVHwSTkoxpneUi5g1AvofquhRxqZsuUA7LaM/ATN9W2Cz2xLMHKF/lEs7 +uCoTotrUy1q3qWCQGbXSg8CihFJEYR8m/z7iQzIVpJYzNDt8kEvw233o9DRlYOEJ +BlociolszMyBx+XVViTWb6EsyJ93q4sXC5j+xQIDAQABAoIBACi3TZjywz0GR67y +V061eKu/BeYj5npV8vYd61ov2t0fh30Ge4zGybOiydNrxpmhdSLuwZLDuJfKwXB4 +GCa6/OMnFfr1IAolxK7CGSWcVf2InB4KGAEQBfumxTSXx9xPWtTdHdj3l3WwXtP+ +XYOa/GIeH/yLanFBRCvCDsexr2v5rO/miB7hynZJ5YFZwtf99iqu8S1ULEE+UZ5c +1C1DhB/BzoUUB/g3DeNLGAxLq6UtsQqZFYL1ZmwVjeecrVIuYjn/LAHnNGkjwabN +tpf5b0HYS18LAH+JP6p2yLz/Ur0EeJ+I+U3MPKg8Q6vJ0u8nWb/W134aa05Uni31 +vGrZQwECgYEA6x0CKeyq0q62AFqiw+IquCk1M7vJXK8GWxgUgkrGBIdF5TCntIlf +26/KJeXPfPpK3sayUY5049d27Oi1IrybAdH7mFf2g1HW3dJMUJjXEnIolpKBFUJj +TOQrA7Q1+YZipbbyCPiQzcSy+bZITyg3e3u9aYT+yPS0JD4HIvIekW0CgYEA0F3B +CKB1lNFVI0O9UsvelyVV12gqBjMm+Vyo4HuWprP/p6uRZ9/6S0QGQ4EqMeQKI88G +67RNeAdjbb0lkIom2g9NbkqS7bHRasUtpyY4rfm6rTNz284fSZnMRMRvJ7+kaH6T +oTJBjUI47gUVoCxX+RQdREnrgcazuZquNZggI7kCgYAsBLxY+RRqaYdtvYpnvjpd +TGnHi8sBbUt1VqbQVguI4YK2jEt5w5aM3Pat7b7RGVNXLkBIgLFlzvtXE6KGJGWp +C5VdSmq+312pHixnkpYBwBnVRwyf3FQXG0jqYp0QYJari/r4rwD9ZWxU0EnteAwb +NGmcDehd22K2vl47rrUGaQKBgGux2YCs9rj5TSjR7TurFZxHdsvEEdxsedtu0fZc +ymvVIvE1kwz+Te6y9Q3U58srkzYY3fnbkiLUpsZkedLwJM6WFC5KKxDh1Fx8F3GK +Jsd9CMhWjK5yJeezr0lnwg/oVICR05oAULNDJAuZ4yiLYtjhVZMjJa9I1UG8OgiH +XS05AoGAFz3V0aPTlD9isEUbz5KYm5t7nr3GpCKy5Ss+hkmQWDCeJb78vgW3P+H1 +OwV7nvVmOSM7AYIngp2q7VsGRx8nmsVwm/KDRnbnPxmPPLsHQS+TKHwbcOG9LWb0 +R0TkmMFIdwJrtBO997T9/gCGDxmw86OwvzeqkbYW7/RtrwJFk8Y= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate_1.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate_1.key new file mode 100644 index 0000000000..9dee1041fd --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA6Kf/fCGD1L3t9AlzeWkM7HkYeVQupofze2Xoc2qlr/0Aa8nt +hlAY8EzZEhc6I656ST1xfG7aT3vtVXPocVxyE4SPg6owTwq8OFF1R2fDbF7or5YH +Sgz3XcGC6gLiw9pXaCwDGqDZUQXv7GfM/cQJtPcvx1rfhH8VYDKdF05LPBVIp0Kh +9dQEgrvMGDqrB9FmgpsNsO/YRxhxeOYHR5cpJAx6EqsvSxTsNXrSoyoWDAuRWuLy +ZJOFHeInfn7N61+D1wcMBriPRJEMN9iGZSMa/o9pPrsgu+8bGBv9L79b077aLZ+a +V2tLcz80BJldoXO1CNG7mlyIoPhlHOd/85XQ/QIDAQABAoIBAQCK9DutAb9hAobq +J/Ll4o4rdi/d1x99qtkLLFRnCp0mvS7RMetBOvmKG/vRyDmbMgwrTh1HulV8/4FC +dlWvzwz7B0NH2g+8Racg49Xt7dVUFmNW634zBgd/4aG07kBNxUxLFW5NKyBgOfGP ++nb+YWWCxdetc2LoGZbEu7YDQ2m/2briCRdXWrGvNYCCXEyPDUo0zY1d1Jj9hnrM +lAFsQlOmq6JRGTN3WMdFTI/AnlLWl3hd0ofTTtLk38QxlIJlndT/fNvFTch3dY2T +TA38byGmXDbUmbu2ZiWlInCvdD+uadHS0thqkF76cz/s9mhAMDBuyly3YsNdtuEp +TDphQOsBAoGBAPWE7aW/N4N/t4up9I9jMqi4zBHGKnvuGOYqWMspZz61oHGDzer0 +ModOrH62FbixICCB8q+sTQegL6hvSkA3OCQ6kr1UYjIfOnoe40lFI/+1AqrfRWOx +SaZ+2sb34Dr2d6NV60sGfzWG2Ll65DUCpI2m648LUZIaf2KpU1R2sBadAoGBAPKW +gDHGf1qHg94eNyafNKmoHVKRHeyIuDoLGlx25rsB+cFKT+oeerNLARmKLUK0O1tc +U7pHAaH5hto/lfOgc/TMskm873/rQqEOXXgxlSPpJZUZLJ2vw2w7Vetl5WL0yYjT +0/73SffLIokia9WHU6E/bTVFpq6vAf8qxrp5nmXhAoGBAMt3phq+JRttNIciCfLq +mokI3NW+DGc4IppcbcmwPkfR7W0ldflI9rb7lChObiHpaF6IUr8TY6L2NYi48ifV +m0kq4YDV9arkBmo+Ps3x5qt7LwK8lZzQx+CbMGPD+KfkqbFK+vvqHnIVlnXgSk9E +KWra8kxRbQBPxVHWUaCl27hhAoGBAI9iBUNmX7/SeU6/7TkWwLnGdA5pV5aG+NzV +0y7z2EyQTl7A3ZsziLKQkoXV9gqHHM5TM+nWLlDee6ZkDu2A2QjINFkBI04ob6li +JDz2kYA4Pc5yorxRNuCx8YbBI2Pp63TEP3lkEIQ1vKPxhGshIX0dUB88m9iD+Fop +nmx5lfYBAoGBAONbYH0azDLsDim7E1m+em7srzXGXAsPWcLycGUiE4uylrMHB0f3 +9wUBF1JJMux41VBVydZueMjlPHhgRHiyiUp1s0af2fHXdiEi19I15S7G2j4HViWo +aNgPF1Kjyrtcc79AUieTX00Od/HpNy2Z11KxyrkmNOzbcjsWDiDA9bNo +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Root.key new file mode 100644 index 0000000000..c8b05b8c55 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA3/mzSV/IH6alvJ5dCBd+pYe20lOmws5zKcv0NQcmxbDvh8qg +ZNt/5CwF2oGOmLiA0vHD5dZsGqyQj/BNQ/0J9OsX+sTL2ipWfrbSzm1f1ewBZ68C +OtYYomFD9v9FEMSOwRUboIh3RYI5EPjXLCYT3yBiD5pdadGuTsIoMAzd1W6OI9BF +808smvb31P24bigydFeUXfg/Ue8RIQknPAVGhnhj9sUNfCjltxpm9JFZ8pEWonsK +NOcweHJzENy3YM3T6osJDnycAfn12M41ho9g5AA4mIGsNholfsZZvXlTW4PwclB4 +oj9TRfxkVkDtZF1932JPoAElGVmfhObHIQS4LwIDAQABAoIBAHz0n0zZThoybBbO +N1LzYKnTDHFNUCUw7tkru2P2SHBUpV4Z8uAyAaj30pA0ZazYiq6lSUiqFwfOrJxR +UZoTywFEQ82ZC638nuL09qlKJgSANcx1vAW9OmMlZrifdBXFw2r/brliSUCTRWkt +m0Y7PCzosSzJT0JhRCEWeztLglu21g//050d/3JtQE9/avKnBu9tzxJ0HMZnj0wd +j1CEWHV/FTO/dPgo3jgTBTmhRU22IN9IxRpJ9yTiK5/hNTRr9thnWQ1+pMrnD6AO +jJU2Yfo0qATJRBErpuoCbPKUADQiyU+6xZVTVeOJZeNGpV0zoBD/rozGBkfoKucL +fHaQPtkCgYEA8KMPLjV0ZBZgluEM/buBzrL64lcQBplyM7l2RD/rAxKBG5UNmQX1 +5sEPk8H363zHRW1jSKeYsv38m8KQHM2ajCKq9EmXPj24NcAnHtyLDKbhVs0oBnq0 +/movh9ZJJL91GVsMQxe2+5wTeHK9SqhMy9WFnl83QU7FBWnsI/sNzgMCgYEA7kZT +mq3fZn/V3waUnrR04IyEBR0AvyJOy9xeYrNfSRq6Abj8s+8ceBbkZeXdfNWk+HvK +ZHxyPMN0+e2xMDrm2xz27mMraI1i3w59/A17aUKutu8yStdMbCAucnpiLNSKQSeb +jVVtCN5SaWp7BrY0dv8dyiBqiNHhSPSHzN7de2UCgYEAjpMuNWS6l2qixAKHnfZx +DLUC7QREnIRiI79pETsF1YYrNNp1egsMDTKqNhOg/sepkbskLjIOyU6vUuJOXKJ9 +RTZtL9xCXkBXWpGFHEXzpQVjUfiwFFaz0mG707HlGH7PtLw7Ya01X5Kz/pONECTz +i3nxd0pXBLzVA0YlAZSIM10CgYBzSuYjPySMtShoTQfWrxyqlnM/AiSdV11nOQ8W +lRJzDhKYyMjFy9orpXAIeiwsvjef4E4zRyADlNPiJwgIfUe9GAvHl4amhVsk8R82 +udNQQGrHq3/bRMf+vaebzun4JTNsiVy0C3TByMl5poM24S0Lsy/X4M2LvHpU0bVw +BRqIHQKBgHy/NnpMumJTUDQdq48nSGbQkt3DJHLlDoSgZNGi9CcUa7dJ7gBpHn1I +Spp/RlN4aQ2Nn1nczQcKNHAgDnaoc7aoU6fo47ldjwf6kaUC5Yq0mmhB6KlFCV7r +nVbecPLicRBVLR6Xa47M/+zV87G79SvugEAAoKX0ids4t9BbFEEz +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Target.key new file mode 100644 index 0000000000..ff6d46e0b9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAoxBSNR2sTqUjQUCxHWYwJbzdpWJm0XTbX71dlgcIlMRhpOkH +MfnoalL1ij0cbQDIR1EwmUKLJxFI6cbe2/9/7m4pz0h3HmMRvCqB+zpdTtK4DM5o +a2Hyv2Taqj8GdEd3cgjSo8M1z+XdE/fTRSH1nM9+UFZTEcjrkPKi64+dwQfEuEs4 +BD1/vnM2Pl/EfjenDIiLqGN5dLQsxnxSYeED0/9PxVBjGYPr84mjkeWQq4BDGD7I +d6xpl88vW76pWYmZOl2HxE+XSmAY6uqltx5hV5hQVZETNA0DZaT0u2Pmuz6fA4T3 +5mPQ84JbDJaxMvIvKlVbJKa2M2Ju7Qvyd/j48wIDAQABAoIBAQCN9F5sqSlgybhY +TRYjTtupbrLSEEkMHRwBS9xWCEd7Iz8SDl9aLYIcVZ42Ox8s8ZppI5AYS+rSFuUP +xzYp9VKM4dB6CE7S4FIHKkY/zD6AqUbatzIGEZ3+6rDFttpKjhC48F9Xe1C0bRq6 +EGwW6gpk+emvzIbCm9QfOmuEgGFIMbRP9sm+HO9/VCMYRjVn3bCSIq+KDOfRnw1l +mJLvIzSPMHIohBeugJABWm1qCquMqqWGHoUP9SgiEIAB19b7TQg1pFIBmF1lHKXU +arg7FJZ8RtDuZ8QYUTJRRXB5mhgYDXViJgwLU3WGsg7dKFXL3SJe41lIHPRQbuN2 +48HIZ1iBAoGBANAD8OA1rWFvl3kK3NEW/+Kx7RQqupv7icodPK/cIY2Cju8zmx7T +UNxRA6vJQtHhky/TMQSR4O3Q/LI/Er2CNcYk4C0KVfLlsDbYjv2+HacxCYgQlCM4 +q9v4WbPGD21BwaUYbkE9Cjs+xOEv2KGtwsTElsGwimdPHowNNqYe1nszAoGBAMit +0uOZ/6DCT9uRWRQ669N8LaSeTQwOOL5vu86ojs9178keJJAP+g4kG4gQGuyGGU7M +8a4PvSbEtLrxLLthWoxg3YbsoeJl1eXPI7RCVep1eGHJ4xOHLUouexLMvxoOgVzV +LlUf7Vb3oWuiAq1IxG8mLXuYOKoZKqo57F4e5YtBAoGAXjLKq93i7BLKt2ex44XU +zuXgBJfs9aINHdfrmX/IOfr7m1r1ThpHrd2KGgsEFWNfcfLjabxd7ZQMOvPRGryS +eW5Njlf14A8fo1aiOkoTx5ivRkyrqN+LBAwNIxn39nQmqwrLMwPfVEDyiz9NjLnR +T6Xu1zuJEYuEu8toCgZA/n0CgYEAqYjf7tQ890zxNid2v/Z/IG16CeaKZLLnEUtH +uHECJRYXeyrx7Jryv1uVvr8MX+FyI/ZT/p7hR41Kudvh1HOMkaeLvt7ObHtn1vvF +yBV6i9at2r86DVdX1aGq69j5YUP72bdnqxaL5brSLiHybP5apSP1rMKOrHUSbDj/ +DQzBE4ECgYEAqI/Q6kwajIXA+G+8aFLPgERMUrpD0whP8lCeFS+s007KJ1mV/DTi +WxkBTNozSDElCgWL9Oz/n3Ls0f+gsEHvKqh5K9CFpCh3Y5gWgzTbej0PICYPwV5w +SM5OIE/d8HfUDjlJAANQS2AGjpbFz7L2ILHKh4zXb636rG5/HMwXUco= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/main.test b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/main.test new file mode 100644 index 0000000000..59e794c948 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/target-wrong-signature/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=0 (CN=Target) ----- +ERROR: VerifySignedData failed + diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/chain.pem b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/chain.pem new file mode 100644 index 0000000000..859b15aa80 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has a policies extension marked as +critical, and contains an unknown policy qualifer (1.2.3.4). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:0a:fc:bd:a1:b1:c5:a4:95:da:e7:62:79:b3:82:f3:22:28:98:e5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:03:58:01:b1:2f:7b:fb:b2:71:dc:49:d0:cb: + 06:76:30:64:f7:61:bf:da:55:93:73:29:49:0f:cb: + 0a:33:bd:41:0b:28:03:45:35:72:a9:b4:4b:a7:ec: + 52:77:3a:8c:ba:cb:87:56:28:3b:39:8d:47:7b:70: + 7f:5a:8f:76:8c:7e:13:e8:61:17:19:1d:72:e3:6e: + 69:20:bc:83:f7:5b:11:85:6e:1a:b8:fb:7b:f8:fe: + 2b:e2:d2:bd:1a:0a:65:62:b0:84:a7:0a:ac:75:ea: + e6:74:c4:1d:2c:e8:04:62:76:4b:4d:04:b6:52:2f: + a6:ba:66:bb:fe:45:d6:6a:21:05:16:e5:f3:25:ae: + 94:fd:17:84:80:2f:ac:62:d9:83:e3:17:b0:03:1c: + 01:02:8b:47:7f:65:2e:f9:40:cf:ad:92:33:07:8a: + 14:44:5e:c2:ed:68:48:a4:d1:f0:7b:f9:67:91:28: + d9:9f:2c:f0:5e:12:92:52:92:97:27:7b:12:dd:c5: + d5:7f:32:8c:9b:26:05:eb:47:e1:26:99:ea:6a:a9: + 25:93:64:31:e5:6c:f4:cf:02:27:29:b3:9f:17:94: + 0d:38:9c:54:f1:80:ef:b9:b0:4b:6a:12:eb:ca:53: + 91:2a:95:ee:16:bf:12:9f:8a:32:a7:8a:81:dd:4c: + 02:91 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EF:56:67:1C:5E:24:60:78:3E:F2:35:40:2E:1A:58:65:4D:B3:4E:BE + X509v3 Authority Key Identifier: + keyid:47:8C:F1:C9:1E:F8:EC:25:A8:31:F3:1C:CE:BC:C5:70:9F:11:87:63 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 07:fb:42:4a:92:11:ca:8f:d6:40:8b:92:3a:09:71:d7:28:a4: + a3:9b:6b:de:b0:c1:e5:17:17:66:bf:97:db:a8:5e:fd:af:4a: + 61:11:01:26:22:7b:dd:f7:e9:15:a4:68:91:c0:f8:34:e9:4a: + 56:e2:d1:94:e2:a1:37:ae:76:f8:e2:88:f8:13:2b:aa:58:aa: + cd:b9:d5:a8:1d:b8:04:ef:70:9e:36:c4:ee:1c:94:cd:f6:f0: + 4f:6a:db:89:59:7e:8f:69:41:92:47:41:7f:f5:5d:1e:a7:d9: + 76:d1:7c:e1:51:5d:af:53:ae:34:e6:36:47:e3:44:11:ac:12: + 23:1f:48:d2:87:68:91:9b:4d:3a:d7:f4:c2:b1:1d:aa:ba:17: + af:4f:a0:ad:4a:c8:7d:04:96:3c:82:7c:b7:86:63:90:d2:d1: + d7:fe:02:7f:11:a3:f1:d2:84:30:8a:d1:ed:ce:3c:51:ff:49: + ce:64:96:c1:77:0f:3b:f1:e5:82:bb:5c:57:2c:93:60:e7:b4: + ee:8a:d1:44:75:ac:b6:1b:c2:c6:59:40:76:e8:36:ea:18:54: + 2c:91:63:5b:0d:2e:ff:4a:13:1d:55:8d:f3:02:6e:f4:e8:f4: + a4:27:6a:88:2e:27:9a:f2:2b:4f:7c:49:3b:f2:fd:b8:53:18: + ea:17:41:d0 +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUEQr8vaGxxaSV2udiebOC8yIomOUwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwQNYAbEve/uycdxJ0MsGdjBk92G/2lWTcylJD8sKM71B +CygDRTVyqbRLp+xSdzqMusuHVig7OY1He3B/Wo92jH4T6GEXGR1y425pILyD91sR +hW4auPt7+P4r4tK9GgplYrCEpwqsdermdMQdLOgEYnZLTQS2Ui+muma7/kXWaiEF +FuXzJa6U/ReEgC+sYtmD4xewAxwBAotHf2Uu+UDPrZIzB4oURF7C7WhIpNHwe/ln +kSjZnyzwXhKSUpKXJ3sS3cXVfzKMmyYF60fhJpnqaqklk2Qx5Wz0zwInKbOfF5QN +OJxU8YDvubBLahLrylORKpXuFr8Sn4oyp4qB3UwCkQIDAQABo4HpMIHmMB0GA1Ud +DgQWBBTvVmccXiRgeD7yNUAuGlhlTbNOvjAfBgNVHSMEGDAWgBRHjPHJHvjsJagx +8xzOvMVwnxGHYzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAAf7QkqSEcqP1kCLkjoJcdcopKOba96wweUXF2a/l9uoXv2vSmERASYie933 +6RWkaJHA+DTpSlbi0ZTioTeudvjiiPgTK6pYqs251agduATvcJ42xO4clM328E9q +24lZfo9pQZJHQX/1XR6n2XbRfOFRXa9TrjTmNkfjRBGsEiMfSNKHaJGbTTrX9MKx +Haq6F69PoK1KyH0EljyCfLeGY5DS0df+An8Ro/HShDCK0e3OPFH/Sc5klsF3Dzvx +5YK7XFcsk2DntO6K0UR1rLYbwsZZQHboNuoYVCyRY1sNLv9KEx1VjfMCbvTo9KQn +aoguJ5ryK098STvy/bhTGOoXQdA= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 22:d5:d3:ab:e1:db:b6:4e:c6:30:5b:f4:c2:c2:ff:37:2e:43:2d:1a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:0f:08:80:56:6b:27:51:76:78:18:c5:92:b1: + b4:d1:7a:4f:8f:57:6a:6a:96:70:e3:ca:4a:68:9d: + 0b:5d:2e:fd:34:1b:2a:d7:f2:a0:e0:3d:98:f8:2c: + 88:d1:7e:25:5d:80:80:30:f0:1c:65:a5:e4:60:ed: + 7a:31:df:97:20:c3:0c:4e:d0:2a:d8:93:54:d2:21: + fe:9f:85:7d:fe:9d:45:fc:66:14:10:a5:6a:38:e7: + e0:1e:71:fa:fe:9a:c0:79:73:98:87:80:17:a8:e3: + c8:84:cb:9a:a8:db:d2:59:d5:26:40:cc:8b:29:03: + 8a:75:3d:05:01:ed:bf:05:57:27:94:e2:a3:7e:2e: + 06:95:8b:a2:99:8d:69:d3:3a:86:35:2b:23:19:cd: + 53:92:55:fe:7e:75:43:08:4c:05:51:db:1a:14:5d: + 6c:bb:4f:de:ef:7f:24:53:b1:e6:fc:90:a0:8a:39: + 22:f1:1d:1f:4a:3b:5b:c0:df:ca:a9:57:f2:c8:16: + f5:e0:f4:fa:79:77:9b:93:0d:b8:5a:9d:9b:48:98: + 69:75:11:0f:2d:b9:8e:cd:34:4c:06:62:f8:a2:de: + 07:d8:7e:a0:5a:88:b0:d1:72:0b:49:67:42:5c:08: + 3b:bc:10:60:01:c2:15:ab:f8:31:8f:5d:bb:a2:e6: + da:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 47:8C:F1:C9:1E:F8:EC:25:A8:31:F3:1C:CE:BC:C5:70:9F:11:87:63 + X509v3 Authority Key Identifier: + keyid:BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: critical + Policy: 1.2.3 + Unknown Qualifier: 1.2.3.4 + + Signature Algorithm: sha256WithRSAEncryption + 49:0a:83:40:26:72:8f:2b:d7:44:4b:1e:62:27:3b:58:b3:8d: + 5d:ff:52:5b:1a:14:a5:e1:4b:79:98:ae:13:4a:0d:fd:ee:d1: + 8c:10:26:8b:a4:71:31:9d:c6:a5:16:10:c4:d4:ae:22:87:da: + 27:da:2e:ae:e0:9c:83:1e:c0:10:ac:7d:63:df:17:a7:be:27: + f1:e7:6f:6f:0a:53:25:7b:88:78:fe:2b:e9:b7:95:6d:f3:37: + 10:23:df:31:39:c9:cf:23:3f:76:1f:37:0f:21:27:8d:7e:19: + 84:89:14:c7:ac:06:97:c3:69:15:09:24:c3:b2:f7:b6:1c:0c: + ae:c0:c3:62:31:32:ca:f4:8d:4d:5a:3d:5c:7c:9f:af:1b:82: + 6c:ca:a9:65:9b:5e:3b:15:93:30:28:83:6e:11:fe:fd:23:96: + 20:d6:cc:df:f0:cf:a8:57:8f:52:6f:77:d2:ed:bc:64:65:54: + db:c1:aa:e0:43:0f:0f:07:4d:1f:7f:bd:a0:fc:0e:ea:8c:95: + e9:18:cc:b3:c8:25:a1:98:30:22:39:73:96:23:be:27:38:f8: + 27:7a:4d:82:d1:a3:92:ed:bd:50:6c:54:eb:55:76:f8:11:b1: + e1:02:c1:d8:a9:8c:ae:54:f6:00:8e:19:59:9f:88:c7:bc:30: + 45:58:b6:19 +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIUItXTq+Hbtk7GMFv0wsL/Ny5DLRowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALoPCIBWaydRdngYxZKxtNF6T49XamqWcOPKSmidC10u/TQb +KtfyoOA9mPgsiNF+JV2AgDDwHGWl5GDtejHflyDDDE7QKtiTVNIh/p+Fff6dRfxm +FBClajjn4B5x+v6awHlzmIeAF6jjyITLmqjb0lnVJkDMiykDinU9BQHtvwVXJ5Ti +o34uBpWLopmNadM6hjUrIxnNU5JV/n51QwhMBVHbGhRdbLtP3u9/JFOx5vyQoIo5 +IvEdH0o7W8DfyqlX8sgW9eD0+nl3m5MNuFqdm0iYaXURDy25js00TAZi+KLeB9h+ +oFqIsNFyC0lnQlwIO7wQYAHCFav4MY9du6Lm2vsCAwEAAaOB7DCB6TAdBgNVHQ4E +FgQUR4zxyR747CWoMfMczrzFcJ8Rh2MwHwYDVR0jBBgwFoAUvRqRFdlIEPV+07jO +BtgpEK5DzkIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB8GA1UdIAEB/wQVMBMwEQYCKgMwCzAJBgMqAwQMAmhpMA0GCSqGSIb3DQEBCwUA +A4IBAQBJCoNAJnKPK9dESx5iJztYs41d/1JbGhSl4Ut5mK4TSg397tGMECaLpHEx +ncalFhDE1K4ih9on2i6u4JyDHsAQrH1j3xenvifx529vClMle4h4/ivpt5Vt8zcQ +I98xOcnPIz92HzcPISeNfhmEiRTHrAaXw2kVCSTDsve2HAyuwMNiMTLK9I1NWj1c +fJ+vG4Jsyqllm147FZMwKINuEf79I5Yg1szf8M+oV49Sb3fS7bxkZVTbwargQw8P +B00ff72g/A7qjJXpGMyzyCWhmDAiOXOWI74nOPgnek2C0aOS7b1QbFTrVXb4EbHh +AsHYqYyuVPYAjhlZn4jHvDBFWLYZ +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 22:d5:d3:ab:e1:db:b6:4e:c6:30:5b:f4:c2:c2:ff:37:2e:43:2d:19 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:3d:c2:46:f3:d5:1b:65:5e:43:a3:bc:db:43: + 94:e9:9c:20:e1:ea:84:98:c6:65:51:6d:1c:1d:5f: + 8d:f9:81:47:1a:06:18:d9:7c:57:8f:6c:55:5c:36: + 63:c2:c6:db:be:47:61:5c:35:46:30:ec:e1:e5:0e: + 10:4f:9d:d4:62:58:56:83:00:3a:63:f0:cb:b2:50: + e5:50:52:27:60:41:3e:db:07:61:92:db:d6:60:c2: + 66:f8:89:b6:aa:99:cb:5e:9d:74:db:cc:bc:3e:7d: + 0b:13:87:29:b8:fa:32:11:e9:fc:9a:e9:77:0d:7c: + 03:15:f7:7c:85:6c:f0:2c:2b:b0:32:5b:d9:6f:f8: + f0:82:71:9e:f4:63:5c:6d:98:c9:ea:12:ad:d3:66: + 22:da:67:26:3c:ae:b3:23:0e:68:91:b7:28:65:81: + b8:2c:04:34:92:bb:a0:00:39:51:06:53:14:c7:e9: + ae:31:ef:5a:d7:21:28:44:9f:ca:53:cf:ac:4f:60: + 56:a9:f4:92:20:ee:c0:db:46:da:83:bd:28:b4:dd: + d2:73:af:93:b5:31:84:55:e8:80:a0:6f:c5:f6:0c: + 54:50:dc:3d:b4:26:71:f9:fd:16:3f:62:b1:96:c9: + de:45:b4:28:86:8d:8e:34:ce:aa:41:7c:66:e4:04: + 72:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42 + X509v3 Authority Key Identifier: + keyid:BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 5b:e3:48:3a:63:d0:61:a7:99:8f:80:6a:42:fa:70:34:d6:69: + cb:fe:88:9f:a0:91:2d:3f:97:a1:a5:1f:e2:40:31:f3:2e:be: + f9:fb:6f:31:6e:6b:de:15:47:ac:c3:83:6c:d2:f9:30:dc:b6: + c2:26:b5:9c:c7:2b:e1:d7:bc:f5:98:54:3b:8c:c4:86:18:8f: + 70:99:31:46:d1:c6:a9:a0:38:dc:a0:55:fa:c9:5d:83:44:a8: + ae:a9:4f:b2:bd:e1:89:20:60:1c:07:b6:81:c3:d8:81:c7:dc: + 82:68:ae:43:e0:14:95:e3:c9:b4:fe:0d:fb:10:41:33:9b:bf: + 0b:32:35:3e:fa:c4:91:72:57:66:cd:77:1d:2c:0b:6b:6f:14: + e6:5e:a3:a5:f0:01:6b:5e:42:18:ba:e1:32:4b:25:4b:46:c8: + 2f:b1:4d:dc:b8:91:a1:15:b8:1b:09:5f:bc:a9:b6:ab:5e:14: + 1e:4a:c4:f2:b0:b1:1c:4e:ad:41:ba:c0:4a:3a:15:9b:6d:ba: + a9:95:3f:23:27:b7:20:d4:7c:48:81:2a:39:eb:ff:3e:24:cb: + 6d:27:3a:1e:f6:6c:59:2f:1e:50:64:aa:ee:9a:68:20:d6:8b: + 20:17:ec:51:13:3c:86:42:52:b6:e3:1a:b6:ef:e8:11:82:e9: + 06:49:30:1f +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUItXTq+Hbtk7GMFv0wsL/Ny5DLRkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6PcJG89UbZV5Do7zbQ5TpnCDh6oSYxmVRbRwdX435gUcaBhjZfFePbFVc +NmPCxtu+R2FcNUYw7OHlDhBPndRiWFaDADpj8MuyUOVQUidgQT7bB2GS29Zgwmb4 +ibaqmctenXTbzLw+fQsThym4+jIR6fya6XcNfAMV93yFbPAsK7AyW9lv+PCCcZ70 +Y1xtmMnqEq3TZiLaZyY8rrMjDmiRtyhlgbgsBDSSu6AAOVEGUxTH6a4x71rXIShE +n8pTz6xPYFap9JIg7sDbRtqDvSi03dJzr5O1MYRV6ICgb8X2DFRQ3D20JnH5/RY/ +YrGWyd5FtCiGjY40zqpBfGbkBHK7AgMBAAGjgcswgcgwHQYDVR0OBBYEFL0akRXZ +SBD1ftO4zgbYKRCuQ85CMB8GA1UdIwQYMBaAFL0akRXZSBD1ftO4zgbYKRCuQ85C +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAW+NIOmPQYaeZj4BqQvpwNNZpy/6In6CRLT+XoaUf4kAx8y6+ ++ftvMW5r3hVHrMODbNL5MNy2wia1nMcr4de89ZhUO4zEhhiPcJkxRtHGqaA43KBV ++sldg0SorqlPsr3hiSBgHAe2gcPYgcfcgmiuQ+AUlePJtP4N+xBBM5u/CzI1PvrE +kXJXZs13HSwLa28U5l6jpfABa15CGLrhMkslS0bIL7FN3LiRoRW4GwlfvKm2q14U +HkrE8rCxHE6tQbrASjoVm226qZU/Iye3INR8SIEqOev/PiTLbSc6HvZsWS8eUGSq +7ppoINaLIBfsURM8hkJStuMatu/oEYLpBkkwHw== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/generate-chains.py new file mode 100755 index 0000000000..84c7fd848a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate has a policies extension marked as +critical, and contains an unknown policy qualifer (1.2.3.4).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate that has a critical policies extension containing an unknown +# policy qualifer. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().add_property( + '2.5.29.32', ('critical,DER:30:13:30:11:06:02:2a:03:30:0b:30:09:06:03:' + '2a:03:04:0c:02:68:69')) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Intermediate.key new file mode 100644 index 0000000000..1b54756cae --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAug8IgFZrJ1F2eBjFkrG00XpPj1dqapZw48pKaJ0LXS79NBsq +1/Kg4D2Y+CyI0X4lXYCAMPAcZaXkYO16Md+XIMMMTtAq2JNU0iH+n4V9/p1F/GYU +EKVqOOfgHnH6/prAeXOYh4AXqOPIhMuaqNvSWdUmQMyLKQOKdT0FAe2/BVcnlOKj +fi4GlYuimY1p0zqGNSsjGc1TklX+fnVDCEwFUdsaFF1su0/e738kU7Hm/JCgijki +8R0fSjtbwN/KqVfyyBb14PT6eXebkw24Wp2bSJhpdREPLbmOzTRMBmL4ot4H2H6g +Woiw0XILSWdCXAg7vBBgAcIVq/gxj127ouba+wIDAQABAoIBACtWTxOdjW3mEqMc +mgB2NfjI9Xkc0mOrUPYt6zD8y2XUCRQ2877C++ffUR8VOHUbXdaulK1RcDvY7R4K +knjFbK0r4VUGNcSmZI5hbq53aIaC2YdVu3y5GsnQcKqGwADHyOdBHpkJI/mpvM35 +oreMJC3acQOM4SkXcwulv+HYH7M9WQKWENG+4u8FaUbBrpyMG6K7HtrWM0bhRoTA +HDeAgZxMNly8Lq293ouoKX8ahF3abRX8t+FcQJfblXWYsEC4HTfcBRB+a0QwNGEz +GWkGEWmUI6MewhFKi/nK31qA/Txwe4nMjWHVpkDbg6mh/hk5NoWnBZ4/YZjZdz1s +Hh/erHECgYEA3gLuvHcgYpjGFTkUcRNwhsFDDJRil4UvmNDAKWtxh6xF831tg1X1 +RXZjdBma2AGMlvTp0QudISUo+tX3Jx49NAWyrxzhltTAGY/czQNms70EnL265+Ke +CC8pvYUHUxU9JoKvCJ/yrcNg71yzXwYDTvsVDvk7O5W7JU6N0d3lU3kCgYEA1osK +xT0GfCjFeu012bQN8ss3owp9MmYOrVrRTvL1EerHvGZ+wUQBU25c/V3CrcXsl+xi +jsnX52b+Q/xUqNG36xV8KKM/e4w9raAe0FaaS5Ymc/8XJNxhDSkWSyHg4AHz3EhX +v5ozqzyXf44XBbYxM/JHDA1bTUMU2QWBjX/DsRMCgYEAknVYzRfBU4n5UtLe+2GZ +oCwqcUgKam7AYY2E1048DQbG9sRN1JCGR5a8MUEa91i+SG+1N+TzeYQsLp2seC/o +rEL+B6uD3p7nQ3W2ccDGpdgSDNzVSlgjbL7ASHhTxqmCN7+KfKQX0i3L6tw6sHsk +/5t/3urn+nzigs/5mvNJb/ECgYB8HNmxOtl6kDeWIo4pkDEViRx5lILS2hmZjdVS +P9kocVL1GbIwaf/+XPUsmcYas0popRZrFjdxpbJocBwlwZUNSVOXSsFZ3sp7nArX +aZI/MfCy4Bpqd5cpfuBnvIST8m05vRwOOs2zPQ1DfFazNjAGph0VytBLxQfVeIr2 +6beywwKBgQC6DWEYDLoGDeW+6tunPQEniYG1/+TsLTS+y+uCayr+L42AfhyVLC0r +6So3ZezfMgjO/yRoOPmLmN05ON9OsxSMwnwz5ETMCx2xKCk5xEJ8foThTDa6TBkS +YXiL+PjJcLNazGK+LZXGd8QeKCQuuQM4XaPjlhfy1EpVdskrig8vAg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Root.key new file mode 100644 index 0000000000..85565dce11 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAuj3CRvPVG2VeQ6O820OU6Zwg4eqEmMZlUW0cHV+N+YFHGgYY +2XxXj2xVXDZjwsbbvkdhXDVGMOzh5Q4QT53UYlhWgwA6Y/DLslDlUFInYEE+2wdh +ktvWYMJm+Im2qpnLXp1028y8Pn0LE4cpuPoyEen8mul3DXwDFfd8hWzwLCuwMlvZ +b/jwgnGe9GNcbZjJ6hKt02Yi2mcmPK6zIw5okbcoZYG4LAQ0krugADlRBlMUx+mu +Me9a1yEoRJ/KU8+sT2BWqfSSIO7A20bag70otN3Sc6+TtTGEVeiAoG/F9gxUUNw9 +tCZx+f0WP2KxlsneRbQoho2ONM6qQXxm5ARyuwIDAQABAoIBAQCsXK3plo6a/TTB +as9FKgWuMoWoL7Ap6Csqsc08TgwKZx/TsOLcnRw4K23QmrG3OO1z64HqoY9lhkYG +A/8KgCpoHhNqyBJCHj+WtxGTRYUVqyyt7uXZ0cVU5XYA/QrmVtGFrjnRlmh9eKKA +ny34+OzP8XqMMBezjhsZAGPo5ApfBTeF5FLd5zLOrC1wEWD8WOBMj0+cOuzHoTQP +hTRdd0jmfvgTtJlMeLDAXMxBRA9nBiUqNEczxA+sLhlp23f1/Ox6usdbTnfSHfiq +wfn9lEkMwKVEOJLcN22W3onD0Nzynqjwi7JJKBRhx06u8EpZcDXtTzflVGgGlIsu +7gR9uuJ5AoGBAOC5u9dK5FvBI0tnKsJJqNwZId2Yc1DjLYrE9mhbjCi2n8qSFSPv +QRsgubYmejqTWpEGmIVEFoqyp2qHwk2KLfheMn0BT2i2d/bukO2THeW0pzGUw1QO +HCGbHvXYLJEtZMcdbHbJ+OB7xiEXPBoMvRviAd2722691CFvGy298LkvAoGBANQo +83DKVIbAUpWqBRm79t14vvUYl/6FiipcloFxg0ts/48lgHipu6UHZvNxq5obI6ZV +iNnIIR3WML25q6vCGjPqh8XFNBACQl9W9NYrxBw6okHIUk46TSnXZABWKkIpVycY +qoNvMEaYxMOJcWP5yYAdAuHGAVpcY84BipfTNKQ1AoGAJPboKvWqsl0GjTSfF+49 +1FZd97FH5po3t4fGcEv+tgO0LQHycEK+ltO/OHMDz/bFAu3u0JzuiEnyt9c04sRD +44K7E0zP3w2Elh2PwURdupcImWM67eyUPALkCNRSIF8zIH16hd+bDHHPmUnVHQPT +Z265l9t6sLCQ4B8CfXeszQkCgYEAwD6PQQAGEciJzNYwIv6AlnTITB1J9TcaWIJn +Wsn6F8mf1R09SZk70DFh52xz+4NmDV3qULUY1Ql2RyTMWynaRnrZJqsoHu19KRkJ +aFxmKtIynvsfIYWQ0D49flSVnDgLogCm2cxR6VaazThoyBfar70aFG0wYqnfQheB +d0vJopUCgYEAtxIwbKzpFwDi+559shpDbGGSFRYYM7VuLYHGwEvm+sTlYAeNC5BU +cszZ9psyYsa3euS29aTN2SwdDoV1dLmgadkROXtI+PoApE0G0LGmo7zv+rjrN/8+ +2a6K1uUw6d6zeOHGQjPknxWpZxyp6RVoWciU2o6oIWqKARwo+U0tQo4= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Target.key new file mode 100644 index 0000000000..9dc522068a --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwQNYAbEve/uycdxJ0MsGdjBk92G/2lWTcylJD8sKM71BCygD +RTVyqbRLp+xSdzqMusuHVig7OY1He3B/Wo92jH4T6GEXGR1y425pILyD91sRhW4a +uPt7+P4r4tK9GgplYrCEpwqsdermdMQdLOgEYnZLTQS2Ui+muma7/kXWaiEFFuXz +Ja6U/ReEgC+sYtmD4xewAxwBAotHf2Uu+UDPrZIzB4oURF7C7WhIpNHwe/lnkSjZ +nyzwXhKSUpKXJ3sS3cXVfzKMmyYF60fhJpnqaqklk2Qx5Wz0zwInKbOfF5QNOJxU +8YDvubBLahLrylORKpXuFr8Sn4oyp4qB3UwCkQIDAQABAoIBABPYFipGX01t+VC/ +h09SMF3iZ98PS7xU5A4JBpv7Ehdzs8ZD3OI2to1AHi8rmubrPCDQYB+5jy1Bm0HT +tSRIb7XOGJnhsZBBeNhtN53IBAFgeZKwWUr/gCV/bF+rrwmIXBgjceACtuyAtCT5 +LM67JAhDhUZr35rfj1LG0Tk5UOwkPwN9/av8c+K9Cz3SGobmMYgzo+n7QqBWU3KH +1zrLWmBx7qkH8hXQJVbgl1UcSh7hZh15+R4Z9ksDL9MW8rNjYHfEivLbb1uH111v +XCFciwJdE9nHljgGOe9iP4sFQXa735HX0pAMLR9K3eD9UWAyUr/w5wYzNBF5wYAO +Vk12zwkCgYEA9b001ze5qbONg1uWZXKPmgma1zxirTpxra4I+27t/tbhqn8CCach +G6KePodCl/XWu3IxTyjLKrt2ERASKsq5MyUMAsM/lbCeK0oL6qh/B80cUVPJu3SQ +7eFWVTNp7NeoMExVuXZrkZFAfm+rOkyKELq4N0JI9NtsatFzeLk0JmcCgYEAyRKH +pukWvPdJMDjWDa6vQ3/HT0EYIskNOSE/3gfoY7qjf2DX3H/TOl0uQiER2Dar3e9l +UcX5p6jJOru/WTNq39R/qnvgpLzRJbt/iCHUz6kFVhPbNB55BIL6geZM3ozr2fhh +fcZbw2SK9aL5f5YdR4NBhjt9tGwhUJ6zoZQOREcCgYEAzZaO16OSW+yQ7x23tIXk +qB1zArFNaNnlc0WP1DMZP8QspgR+Au9lHoatV2i4CQQus0G1CSH633RYMaw9Vrml +uak75C/PSX+qxFK9p4NyS2eJUm0D8CV0ft+v57YM344I8udaLMBq/C0GRQFNwod4 +VsiwB+MXwGq2yKMUtSJVA+8CgYEAl9bIXYDTTOuodyPUcQyjCWPqzKypX0tYEvZK +1o4+LWF5qe0l1Tsp9X78Oa/jW9UdQEFRz8ii2LsbCqFQxDmR0WkU51cYsw5rGgVX +LyPtIsvOXcws0lTYqlGGfqW9Eqp0SGvKo0IxdYHtdcUWiASCI8i4qHcwXBjzp3/Q +womdpG0CgYB/ipbn+ikc/9b0+A9RdooSrcpaNwncv1OKKm//2hrE+DX8pcadLEgI +l6M64Pg68EM2VXMBKgvLgT3ELmEMbNs5cwLln5ICHqNHfjPuSufyQq6h0iAy+3Q/ +wX0WTuMzMFuSr/5/5Xh1K/PPiosF72X2ZxpOK2//r2/1CvAeUwLy/Q== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/main.test b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/main.test new file mode 100644 index 0000000000..cce20d1f17 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-critical-policy-qualifier/main.test @@ -0,0 +1,10 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unconsumed critical extension + oid: 551D20 + value: 3013301106022A03300B300906032A03040C026869 + diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/chain.pem b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/chain.pem new file mode 100644 index 0000000000..8d1c2ff053 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/chain.pem @@ -0,0 +1,280 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate has a policies extension (not +marked as critical) which contains an unknown policy qualifer (1.2.3.4). + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:6a:f9:bd:60:f3:6d:85:80:16:84:85:c0:6e:f2:0e:9a:01:52:0b + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:be:d9:c3:94:6a:c2:d7:1b:b4:33:1a:29:0d:ca: + 48:e2:f1:94:93:27:36:71:c1:a2:dc:67:0e:5d:67: + b0:a9:08:9c:67:08:ba:d9:74:5f:01:62:5d:7f:2a: + bb:32:ed:0c:af:c8:5a:b5:02:24:45:6f:90:4c:83: + ab:0e:30:19:c2:df:bc:d5:25:99:b0:f3:5e:e1:27: + 5b:06:2f:ca:3e:d6:49:fb:87:8d:d3:fd:b9:b9:27: + 80:be:b5:88:72:3b:1b:20:3f:04:69:04:89:66:ee: + 20:f7:c2:90:c1:27:aa:29:fa:88:ff:2f:10:3b:81: + cf:d0:b9:e9:a7:84:dc:f1:a7:d0:49:e0:6e:17:b2: + ba:09:ed:be:9c:a3:f2:66:37:dd:20:98:43:31:bd: + 02:d1:55:63:88:f6:55:13:20:b7:b9:0b:c9:c9:fb: + a3:5b:0f:90:56:e8:8a:dc:a5:7a:92:bc:46:5d:82: + a4:e1:42:2c:7c:76:65:63:87:f4:e0:5a:cf:15:22: + 13:49:1d:aa:0d:ea:25:08:7c:63:19:39:2f:1d:15: + 2e:7c:9a:e7:d5:03:21:76:6c:22:1a:be:12:8b:72: + c5:cb:0f:41:ef:0f:d3:be:78:1d:12:e0:c2:29:eb: + d7:36:28:54:ad:8d:ce:c8:79:2f:4f:13:c1:2b:3b: + e4:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FE:3D:1B:76:A0:3D:EE:69:00:5B:D4:61:90:68:18:E3:29:EC:66:A3 + X509v3 Authority Key Identifier: + keyid:49:F0:C4:09:BE:16:68:CF:0A:C1:E0:EF:8F:A6:34:1F:94:63:6F:E6 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + cd:09:85:57:ee:4d:de:bf:78:64:b7:93:a6:41:f5:00:d0:b6: + 99:be:21:2d:55:f6:07:84:26:25:32:9e:82:b6:07:90:3e:b5: + b2:a2:1a:c1:8a:ed:59:18:be:75:ca:90:ae:df:ad:aa:fc:70: + af:7b:31:ff:cb:20:0a:4d:27:a2:77:90:53:e1:5f:ba:4c:c0: + 25:79:a4:78:b2:7a:52:62:02:d1:09:ee:78:1f:14:65:a7:f4: + ec:aa:49:bb:fd:a2:e5:97:b2:6d:fe:d8:50:81:38:74:5a:e4: + 3e:37:eb:41:58:7c:88:35:78:05:3c:76:82:c4:4d:09:f5:50: + b3:66:ca:8f:38:14:d9:c3:19:8a:8e:dd:08:c2:23:45:92:5f: + 17:35:57:b9:02:90:6c:2e:e5:c4:7c:c4:56:ad:1f:7c:20:46: + 20:df:f4:4b:01:d2:3a:1a:d1:82:26:e7:8c:49:d9:15:49:65: + 13:db:91:2b:90:75:62:57:a0:ee:45:29:96:d2:86:55:2e:f1: + 4d:04:3c:90:c5:cf:f7:43:7d:f3:d8:74:cf:0f:d7:d9:b9:3c: + 07:93:d0:1c:da:cd:ae:18:ce:c3:59:c0:8f:9d:a1:30:9d:b0: + 7a:21:3d:44:9e:0c:c9:8d:97:99:44:51:89:b0:77:0a:16:b1: + a3:cd:bf:7f +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIUMWr5vWDzbYWAFoSFwG7yDpoBUgswDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy +MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvtnDlGrC1xu0MxopDcpI4vGUkyc2ccGi3GcOXWewqQic +Zwi62XRfAWJdfyq7Mu0Mr8hatQIkRW+QTIOrDjAZwt+81SWZsPNe4SdbBi/KPtZJ ++4eN0/25uSeAvrWIcjsbID8EaQSJZu4g98KQwSeqKfqI/y8QO4HP0Lnpp4Tc8afQ +SeBuF7K6Ce2+nKPyZjfdIJhDMb0C0VVjiPZVEyC3uQvJyfujWw+QVuiK3KV6krxG +XYKk4UIsfHZlY4f04FrPFSITSR2qDeolCHxjGTkvHRUufJrn1QMhdmwiGr4Si3LF +yw9B7w/TvngdEuDCKevXNihUrY3OyHkvTxPBKzvk/wIDAQABo4HpMIHmMB0GA1Ud +DgQWBBT+PRt2oD3uaQBb1GGQaBjjKexmozAfBgNVHSMEGDAWgBRJ8MQJvhZozwrB +4O+PpjQflGNv5jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 +cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 +dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF +oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD +ggEBAM0JhVfuTd6/eGS3k6ZB9QDQtpm+IS1V9geEJiUynoK2B5A+tbKiGsGK7VkY +vnXKkK7frar8cK97Mf/LIApNJ6J3kFPhX7pMwCV5pHiyelJiAtEJ7ngfFGWn9Oyq +Sbv9ouWXsm3+2FCBOHRa5D4360FYfIg1eAU8doLETQn1ULNmyo84FNnDGYqO3QjC +I0WSXxc1V7kCkGwu5cR8xFatH3wgRiDf9EsB0joa0YIm54xJ2RVJZRPbkSuQdWJX +oO5FKZbShlUu8U0EPJDFz/dDffPYdM8P19m5PAeT0Bzaza4YzsNZwI+doTCdsHoh +PUSeDMmNl5lEUYmwdwoWsaPNv38= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1a:97:5a:9c:80:bc:38:51:fe:e9:06:6c:9c:24:16:bd:7b:49:b2:42 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d9:74:6c:03:22:ab:05:1b:af:d1:34:43:ac:2a: + a3:bd:5d:dc:13:39:5f:df:ff:f4:bd:3c:bd:56:1e: + b5:e9:b2:19:1d:49:ff:9c:5a:31:9c:20:74:87:27: + 81:22:50:a3:c2:90:da:48:da:c2:cd:4a:4d:dd:ec: + 75:d7:61:5b:32:57:1e:1d:63:82:54:69:49:f1:ff: + 3e:a5:67:46:b2:77:73:61:ce:30:9c:d5:f7:36:1f: + 83:0e:12:f8:37:48:a9:36:e6:38:61:13:5a:1d:a7: + 70:17:d2:0d:81:87:f0:cf:02:3c:13:56:fc:e9:79: + 96:c0:6d:8a:5d:a7:ad:e7:c5:3f:09:28:aa:e9:a8: + 6b:23:a3:78:fe:34:11:ba:d0:12:59:cf:b3:8a:68: + df:96:2f:44:b0:b9:72:54:cf:ba:1b:2c:8c:56:a4: + 9d:db:b8:55:72:42:04:13:77:cc:75:04:3d:e9:b1: + fa:a4:19:1b:3d:6f:0a:c2:7a:48:37:8b:35:c6:e1: + cc:c6:50:b5:45:c0:f2:30:ca:ff:df:75:af:4b:c3: + c7:63:11:da:fb:54:bf:53:57:a0:ce:75:18:53:8e: + c7:49:c3:4a:79:88:a4:1d:34:a4:e0:d2:f4:63:ca: + 5a:02:89:c3:94:a3:38:32:f6:3b:e1:06:e4:02:e4: + d0:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:F0:C4:09:BE:16:68:CF:0A:C1:E0:EF:8F:A6:34:1F:94:63:6F:E6 + X509v3 Authority Key Identifier: + keyid:27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.2.3 + Unknown Qualifier: 1.2.3.4 + + Signature Algorithm: sha256WithRSAEncryption + 08:cc:26:16:ce:4f:8d:4c:1c:de:1b:3e:9b:04:f9:a9:73:a1: + 3b:c8:36:df:48:ac:09:26:82:fa:61:11:8f:56:c8:db:5e:2c: + e4:3a:16:18:bf:59:5f:04:43:5f:6d:ba:c2:2e:94:af:34:a6: + 7e:c5:fa:87:18:dc:fa:a5:dc:a5:a6:ea:39:5e:63:c5:7f:99: + 2f:ce:89:ea:bc:d7:03:05:9f:81:48:f2:7a:53:98:13:8c:75: + 44:e3:18:16:ba:07:1f:e6:24:4a:3b:bf:b1:6c:83:bd:35:66: + 84:a3:c1:ec:04:ff:53:b7:20:85:00:f6:65:aa:e5:ff:13:0e: + 34:9e:b0:c8:ee:34:21:ea:0f:1c:65:f1:ed:fb:b9:03:75:d5: + d4:7e:51:1b:23:60:79:cd:f5:9d:14:58:38:2f:e9:22:75:70: + d6:33:41:94:a6:87:29:61:e0:92:59:2b:f1:e5:46:2c:3c:4f: + a8:51:0b:a8:77:0f:39:66:75:a6:0a:10:14:f6:41:28:0b:91: + 5b:17:c9:c1:86:f6:08:0c:ef:ad:66:30:0b:b3:87:2c:b1:2b: + 15:cd:76:da:00:f0:1c:1a:db:fc:1a:7d:3b:86:b4:21:c0:9a: + 13:c2:e3:b6:b8:13:64:21:fc:73:37:a5:d6:92:d7:42:ea:f3: + d9:cc:f4:9c +-----BEGIN CERTIFICATE----- +MIIDnjCCAoagAwIBAgIUGpdanIC8OFH+6QZsnCQWvXtJskIwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANl0bAMiqwUbr9E0Q6wqo71d3BM5X9//9L08vVYetemyGR1J +/5xaMZwgdIcngSJQo8KQ2kjaws1KTd3sdddhWzJXHh1jglRpSfH/PqVnRrJ3c2HO +MJzV9zYfgw4S+DdIqTbmOGETWh2ncBfSDYGH8M8CPBNW/Ol5lsBtil2nrefFPwko +qumoayOjeP40EbrQElnPs4po35YvRLC5clTPuhssjFakndu4VXJCBBN3zHUEPemx ++qQZGz1vCsJ6SDeLNcbhzMZQtUXA8jDK/991r0vDx2MR2vtUv1NXoM51GFOOx0nD +SnmIpB00pODS9GPKWgKJw5SjODL2O+EG5ALk0CUCAwEAAaOB6TCB5jAdBgNVHQ4E +FgQUSfDECb4WaM8KweDvj6Y0H5Rjb+YwHwYDVR0jBBgwFoAUJw3QVYhd3hw3lqBi +FMIZPMakH9EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs +LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m +b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MBwGA1UdIAQVMBMwEQYCKgMwCzAJBgMqAwQMAmhpMA0GCSqGSIb3DQEBCwUAA4IB +AQAIzCYWzk+NTBzeGz6bBPmpc6E7yDbfSKwJJoL6YRGPVsjbXizkOhYYv1lfBENf +bbrCLpSvNKZ+xfqHGNz6pdylpuo5XmPFf5kvzonqvNcDBZ+BSPJ6U5gTjHVE4xgW +ugcf5iRKO7+xbIO9NWaEo8HsBP9TtyCFAPZlquX/Ew40nrDI7jQh6g8cZfHt+7kD +ddXUflEbI2B5zfWdFFg4L+kidXDWM0GUpocpYeCSWSvx5UYsPE+oUQuodw85ZnWm +ChAU9kEoC5FbF8nBhvYIDO+tZjALs4cssSsVzXbaAPAcGtv8Gn07hrQhwJoTwuO2 +uBNkIfxzN6XWktdC6vPZzPSc +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1a:97:5a:9c:80:bc:38:51:fe:e9:06:6c:9c:24:16:bd:7b:49:b2:41 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a0:f9:c1:fa:93:42:7b:bf:e5:1e:21:e2:f5:cd: + db:f7:61:04:6e:ea:06:4c:fc:d5:2e:9f:5e:6e:97: + b2:d4:c3:f1:4c:18:01:5e:3e:85:e2:c0:73:ce:56: + fb:cc:4c:4e:f0:37:b5:e0:c6:31:5c:c0:06:5a:90: + 24:d8:5d:88:ab:e3:53:2b:12:90:0b:16:c6:db:19: + 74:e7:29:63:53:d9:5b:f3:e7:80:8c:5e:86:ff:e8: + e3:72:6b:09:6c:64:6b:92:34:f2:9c:bd:f4:b7:c1: + 31:6f:74:00:31:3a:45:70:9f:5d:a5:d3:9c:91:7f: + fb:87:95:ef:07:f3:8d:8e:c9:a5:cb:ed:cc:2d:23: + bf:e4:98:93:88:8d:be:bc:50:02:2c:3a:0d:52:53: + 7e:9a:20:04:da:52:db:a4:e5:72:bc:d6:40:40:7f: + 51:86:29:d7:f5:f7:db:85:b3:a0:7d:7a:c5:04:3e: + e9:73:ca:65:3c:13:91:46:a1:b4:fb:6b:8b:a0:5e: + 7c:c9:9d:3c:5e:c5:f6:2a:99:df:2e:13:1e:7d:d8: + db:30:02:52:d7:94:16:93:b8:20:5d:77:4d:26:6e: + 9c:c8:5e:0a:56:ad:ba:d9:26:c0:80:dd:66:aa:09: + 09:18:41:fa:f2:5c:7f:ae:10:45:25:ba:cc:0d:5d: + d8:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 + X509v3 Authority Key Identifier: + keyid:27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 55:3d:3d:02:2c:1e:b3:e2:47:78:ae:81:b1:b2:f5:a4:a0:37: + 30:32:52:5e:c6:b4:d0:c2:6d:22:19:53:94:7c:e5:89:28:84: + ff:ad:fe:8e:af:c4:3a:a1:91:6d:0f:48:15:66:83:98:65:7c: + 6c:69:f4:c4:ea:ab:29:9a:d0:a7:6e:a9:c7:67:9b:26:bc:94: + e9:df:4a:79:02:48:65:28:b4:59:0b:57:93:66:55:b5:87:9b: + de:40:48:2e:3c:24:e1:63:08:05:66:f9:8d:95:9c:95:1a:46: + 0d:60:5f:9a:c3:53:10:ee:18:36:b5:b8:90:74:89:8b:0d:fb: + a2:d5:ee:4c:b8:02:bc:f7:4e:3f:9c:d5:17:bd:4f:37:33:39: + b4:ba:34:db:bf:53:37:d6:da:43:94:59:1e:ea:30:04:99:30: + 7d:c0:5f:04:3b:97:0e:ad:d9:3c:e4:10:6b:82:fd:12:9d:2c: + f0:89:a5:22:3c:9e:7d:fb:d7:cc:10:8e:af:c2:6d:22:e0:5e: + 76:56:e1:de:cd:01:85:96:12:4c:f0:8d:f2:4b:b5:bd:2e:51: + d8:9c:13:02:0c:0b:ff:47:c2:61:d3:8e:eb:55:af:b7:10:ff: + fa:d7:80:ba:a4:99:d9:10:8c:89:3c:ac:ec:46:d7:c5:62:e3: + a7:ed:d4:de +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUGpdanIC8OFH+6QZsnCQWvXtJskEwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCg+cH6k0J7v+UeIeL1zdv3YQRu6gZM/NUun15ul7LUw/FMGAFePoXiwHPO +VvvMTE7wN7XgxjFcwAZakCTYXYir41MrEpALFsbbGXTnKWNT2Vvz54CMXob/6ONy +awlsZGuSNPKcvfS3wTFvdAAxOkVwn12l05yRf/uHle8H842OyaXL7cwtI7/kmJOI +jb68UAIsOg1SU36aIATaUtuk5XK81kBAf1GGKdf199uFs6B9esUEPulzymU8E5FG +obT7a4ugXnzJnTxexfYqmd8uEx592NswAlLXlBaTuCBdd00mbpzIXgpWrbrZJsCA +3WaqCQkYQfryXH+uEEUluswNXdg7AgMBAAGjgcswgcgwHQYDVR0OBBYEFCcN0FWI +Xd4cN5agYhTCGTzGpB/RMB8GA1UdIwQYMBaAFCcN0FWIXd4cN5agYhTCGTzGpB/R +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAVT09Aiwes+JHeK6BsbL1pKA3MDJSXsa00MJtIhlTlHzliSiE +/63+jq/EOqGRbQ9IFWaDmGV8bGn0xOqrKZrQp26px2ebJryU6d9KeQJIZSi0WQtX +k2ZVtYeb3kBILjwk4WMIBWb5jZWclRpGDWBfmsNTEO4YNrW4kHSJiw37otXuTLgC +vPdOP5zVF71PNzM5tLo0279TN9baQ5RZHuowBJkwfcBfBDuXDq3ZPOQQa4L9Ep0s +8ImlIjyeffvXzBCOr8JtIuBedlbh3s0BhZYSTPCN8ku1vS5R2JwTAgwL/0fCYdOO +61WvtxD/+teAuqSZ2RCMiTys7EbXxWLjp+3U3g== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/generate-chains.py new file mode 100755 index 0000000000..58bfa98aa2 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/generate-chains.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate has a policies extension (not +marked as critical) which contains an unknown policy qualifer (1.2.3.4).""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate that has a non-critical policies extension containing an unknown +# policy qualifer. +intermediate = gencerts.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().add_property( + '2.5.29.32', ('DER:30:13:30:11:06:02:2a:03:30:0b:30:09:06:03:' + '2a:03:04:0c:02:68:69')) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Intermediate.key b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Intermediate.key new file mode 100644 index 0000000000..07d4190c4b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2XRsAyKrBRuv0TRDrCqjvV3cEzlf3//0vTy9Vh616bIZHUn/ +nFoxnCB0hyeBIlCjwpDaSNrCzUpN3ex112FbMlceHWOCVGlJ8f8+pWdGsndzYc4w +nNX3Nh+DDhL4N0ipNuY4YRNaHadwF9INgYfwzwI8E1b86XmWwG2KXaet58U/CSiq +6ahrI6N4/jQRutASWc+zimjfli9EsLlyVM+6GyyMVqSd27hVckIEE3fMdQQ96bH6 +pBkbPW8KwnpIN4s1xuHMxlC1RcDyMMr/33WvS8PHYxHa+1S/U1egznUYU47HScNK +eYikHTSk4NL0Y8paAonDlKM4MvY74QbkAuTQJQIDAQABAoIBABiUgGEaWhqJtqX/ +MmcTqs6M/YNuyNeZJyD87Kn/brCr4QregnY5+8GaKZHddUtbsiccGJCDqeFqtMKR +KADgkF5wWocX6HOCM0mXgI1Rzzv9JJ25oOUZiogjp7y/iC83l2kNPPI8LcOMWa9X +nw81PpMnvYKyIoSBqfi2aR2NBqtb+xxjMgtHzQVBS4LvvbO93QGqAo/81Y6TKUJf +P4UCKuU+rcKbwxrpo4NnLzq4SY5T3MnOOY+or8UY3yBWvylxVtLXXxdVRf82IO7I +MSOmvVhaatTs3eb0quUiHmYw/PygPYpQNgrkgNsy0LjW/EXO+rryb0RrHcyyqzKp +t5+5TUECgYEA7i9OTN31L2IVrXaLsFE35qY0I48aPgC+nYdboWCKdDgPqbshcgop +N4mlLMktAfaJouWTJiJYaeGIgsiHbPsKS9CjTx3ow9uTKbYz7n+DSNuHtTIIbqXt +pjm/tL7xSlXRkBTxtiqHF0KRyDy8tp85B/1ZAg1ggQm67VOMMonzYpcCgYEA6bgv +BIao/nvx2KdWhuPxKg8mMr8PaD05pMI66stL6UtIdjEGA8cqimHiatpX6cgbHrDN +b2V58HfM83oFrDthY3V6I5PMHPCr18pylAGtzd1xmAUXJfswS6EpN4XcKU4B+pLk +Xb05iqcWj++R6vD3CcxWjd7QvPkcn6WjQOd+hqMCgYEAm/QvgZcHNioz5WssVZso +TgZfNzU4yoY0SPLa5VRP837NiqXzZTcP+8RNeYCTzqg9QIKvEZYFa/Z3KqLgQVQy +TqfidigwQyWfOv2JDU1Cic7sEZEcAk70xxUi19b6KGD+oSeFiHBaGbnFuGVEbxLc +BcY1pGlb2cGkOkatEl5PFSsCgYAKhEwxUvHlyaP/UMBW/4jJkLbyT6Cc2yxt2oOW +LyGyVL3k+52+q8ahRXhPwJV2Ipf90Izd913+URW62wHIVz+xnwao9SyZHMdOxYBU +YqL0gYNsCMaa4euxa4YURoS6oxT5toRqJ2qgb5ZXUbtqK/+hxD0c0yrnZfpAwM5Q +zFnoKwKBgDgOT/MACPSDx+kEp85Gs20bVGgl+sSNFH7X4n3645sQPyfnJ/cjsGs/ +atiklVbME2d+mN0Zr6zchz0truajvgDvt1969z5qqo7JQTkaAFaZ+HMiRYLEe/3f +Mvqaj4Jbrf4RQH8hGstxIYVb0aBVwva3LQNzCBl7YYVJXIl7E7rz +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Root.key new file mode 100644 index 0000000000..ae353211af --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAoPnB+pNCe7/lHiHi9c3b92EEbuoGTPzVLp9ebpey1MPxTBgB +Xj6F4sBzzlb7zExO8De14MYxXMAGWpAk2F2Iq+NTKxKQCxbG2xl05yljU9lb8+eA +jF6G/+jjcmsJbGRrkjTynL30t8Exb3QAMTpFcJ9dpdOckX/7h5XvB/ONjsmly+3M +LSO/5JiTiI2+vFACLDoNUlN+miAE2lLbpOVyvNZAQH9RhinX9ffbhbOgfXrFBD7p +c8plPBORRqG0+2uLoF58yZ08XsX2KpnfLhMefdjbMAJS15QWk7ggXXdNJm6cyF4K +Vq262SbAgN1mqgkJGEH68lx/rhBFJbrMDV3YOwIDAQABAoIBAQCB7lY2DNqizBcB +JVTuFkUv/Wz4oYiIZ6MiyJwOI//CYI3JX67rBQhIKBLRP8Bp/EXS+wSg8xgwxwXZ +33L9+TExnIEqyQbfDHlhq8CCPRPhQBZKXleR9VJ+CNpdJiwrAzsYfgg9n82A7D0c +usLU+TXHW7rY+F7tyiGaJNkUz+84ih59oIP3Nf++abxfi97de6CT/wFQ+uM2RWTJ +lC7V7SaH6p5366ugf7q94AEhAO61rpD4aFg2wEpQ672gyYZrpqZ0ChaYk9vKWkLB +4n3eU4Y5Lx8Y5C2QMMn83yqy2dfZtey1ASzxqd/7hdJ7FnWcHcGU+c9U6AqTzkyZ +Y3++alAxAoGBANOQBFxDWAaCodX/X7JA1AlJjqGvEKvouQ4vJMDUdqN4VqL/hNqS +/xRZBCsFnu7dlbRgxWboJKLm4grsgY32e92KcyHtMjVZFm+3f1VnIqH3Clgmgklb +WX1LVs705fGJxHoOTpf9A7EabZG4l/KWcHUX0Uzc4kwozkrxXOYrjuPVAoGBAMLJ +ngeub0QDWCpZx9YjS+VzqcJNugdZ0F9aIhJdJ+2WM/2HPNN693Mf2N+uOuN6aVhE +pxrPb9KRe9Pvt/2lQQ0Ih9oHvTXHzD9ChMkrrnGk2n48e6P9S/ZHvtQ14FDXZduh +SFwGwnNCPh062MirE1QnzEVc/6D7LDyB2z7LN6PPAoGAboqKbLbXUJeC/fCwTNAo +ui2P9BUn7drsjme9mW+qCaIACqzd+uLhmv0j+2K1d3OaHCSQIEPdmKxwoWqQCuAm +Okxz+d8Y490HpxnG05XO97e/1O1SGAg+CwSJeBtn5juoyGmfUTTnb+syIvjDlAJd +AiGOv82OBGMx3uCcPLu3rn0CgYEAgQZyEl5+P0wD05HC6FpbBLMXyKgZyJK6jt6y +YP2p3Bu5dn9lUCRM0spOquPLCDFmpFxdYEn1pUJPBrTsaCxVqZ9z9X1Y3M3qwiB6 +upKfq5FqVWIU+Cxpa8pcYk8JtiLnypLLzoF/vj8ry8rWHB4N4Jm4Gl4eyfB2feH6 +a17LDUsCgYEAr+zVvi5uZDUKSGfSad3HZDmGHy57sCWEkddQ+4cS6mmUbEoBhaWt +39siTyF4nMclHiKqSiqPNDiZaA7+68QsNrYgatGaXveq7rC7JMPJDk4H9YGCTQWM +vJSqEH00PYP8n9cR9P9wQRNEtD58r4Fq/9imxpUi1oU6K4FEaeJXvlU= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Target.key new file mode 100644 index 0000000000..592f8b6ce0 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvtnDlGrC1xu0MxopDcpI4vGUkyc2ccGi3GcOXWewqQicZwi6 +2XRfAWJdfyq7Mu0Mr8hatQIkRW+QTIOrDjAZwt+81SWZsPNe4SdbBi/KPtZJ+4eN +0/25uSeAvrWIcjsbID8EaQSJZu4g98KQwSeqKfqI/y8QO4HP0Lnpp4Tc8afQSeBu +F7K6Ce2+nKPyZjfdIJhDMb0C0VVjiPZVEyC3uQvJyfujWw+QVuiK3KV6krxGXYKk +4UIsfHZlY4f04FrPFSITSR2qDeolCHxjGTkvHRUufJrn1QMhdmwiGr4Si3LFyw9B +7w/TvngdEuDCKevXNihUrY3OyHkvTxPBKzvk/wIDAQABAoIBAAEpdD5gFAWZPpSd +ESjrVVxEWkI3F+bDZglvey/oZLPywHkEHZcbVUS945HVocQim1QqpRq7A5uEnV1J +4+23L0D3eb/WdcQVBzvZsH0uJ04QoeytG5jxz4KoEemXU1hWsciVeaJmC6wbwQmh +Hp5+blPJGbJsB+5E0Q4VQ63oaivydegcANCd65qX0gwlTEItjelKx5r0lvMhvrwJ +cCj0C4fx0H7souk4oD0eWCXh6vORCfKGcpldXADnuFs0VzbNHdjuOjtw+f/GB3bO +0B+kbp3+D04QXAJnfavmfMYZEPLQ6aQ9LRZpfs5RAZxMMCo2iagRvIAXVIX15i0/ +h3NaDOkCgYEA7sMSMm+BQczHD4NtGeftJaDhKTBgxYsV3f87Dwkxn1JM03Ex98h1 +MsqWZ/5TRyeH73mH1lMi3a1B7HGyCmmez/5UJ214pSDRBS+ftLiaTDeYhHrQBlCk +2QUCxcaIogM6ScqhNk3QtjwdAqTDB092yHo9a1qLVmnlmXHS82+rdosCgYEAzKEr +UG6eZpYP0SAM4c/lST3UCiKZQKlAP747d9Uw3qnkiMzVUx9pTvSHN+VWKDNkIUaI +hYhf36RlEQ2eeCrQHJKV/1GQ2NDZdAB2tcjYdtWndfUs/9L276aQEOK/WssJWop9 +4EPXCRlA2CZiufRP7Z9vW6P14rBuSMb8WGVEjd0CgYBxEbhAYkXYH131nsvABPFt +bG60ztBFPMSySPhy+muhg5wWVfjP2wKFdyMbRHmzrKjXY7pMaTqNuEsL6hviinpH +Da5UracArDXQOulq8DFB/uIfevmgw/gNPi498vMpplWoNGl8CgXZB0bFxbkGcT9T +WXBUsqBh3+x3akv4NN4CWQKBgFgNrl7RCvZn8mxx1zlARZDruxeVZc7uRchoKpzZ +L0tRXhcD1XQMWztve9Qwqo9n9dlfyZV0ZpUM37Sj4KIjAiSZa1RPm/3AeSIypOJ6 +h7MzIvleRDvdYwci7HFnsSH3ppHAcIQVjS3MIRwiAG+2UsKUzc1oU4F1nC9S+Pls +skA9AoGBALxWatyTfR2QkQOXhbiRWdACACsLtbBMbjbulzewspZjGNffixyOWkxc +Y/u2WEuI1uoHK7qJLZ3f4LEk/CdsaC7mX0pZ4DWozxwJJDpIHvURTLfn2uFRiN5l +UphJQEkK+7ojHqve/ebMYs8LrBtHCVLvHptb/YAcuf2Bvp9IpPdf +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/main.test b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/unknown-non-critical-policy-qualifier/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/chain.pem b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/chain.pem new file mode 100644 index 0000000000..0074968bd3 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/chain.pem @@ -0,0 +1,366 @@ +[Created by: generate-chains.py] + +Certificate chain where the intermediate sets pathlen=0, however +violates this by issuing another (non-self-issued) intermediate. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6c:9c:41:88:f3:dd:f7:23:b5:c4:3d:82:f4:20:ea:b9:2e:9e:c5:ef + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate2 + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c6:80:ed:2c:42:bf:ef:7c:65:e7:f7:d5:37:8f: + b8:ed:bf:09:be:83:b5:22:ba:8d:8e:5f:63:cb:98: + 69:ba:fc:79:a6:2c:02:70:b2:11:49:24:32:59:6a: + 10:ec:da:8a:fa:51:27:d2:95:a6:08:03:1d:39:20: + 61:4b:c0:a0:f3:54:1a:53:f4:53:34:42:66:af:d3: + 08:5c:0e:ab:ca:c5:97:1f:76:60:0d:5c:06:56:96: + 42:a6:73:fc:63:0b:e9:02:a2:64:7b:18:4e:6d:7e: + 88:b9:65:bf:52:bb:e5:57:ee:af:81:54:b0:6f:b3: + c5:22:da:9c:7d:40:d1:86:01:9d:db:37:be:91:50: + 94:9b:a8:7e:d9:54:32:81:50:fd:14:54:6a:a3:8b: + b5:2c:1e:c0:9a:a8:de:fc:96:f5:1a:ca:97:70:60: + 79:94:5e:67:e8:90:fe:c3:68:63:f0:5d:64:e5:ec: + 89:a7:75:61:0c:68:2a:fe:b0:d3:85:17:0b:5e:f9: + 1b:ff:1b:7e:f4:52:ff:20:56:0f:7b:50:15:db:96: + 77:3c:09:4e:98:2b:c7:8e:55:bb:59:7c:52:b7:6e: + 45:20:d7:b6:c7:7e:4f:71:d7:dd:e6:b9:58:04:60: + 2a:e4:40:64:5e:2c:8e:30:96:bc:84:db:42:b9:66: + 8b:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 34:29:52:19:D8:05:D8:C6:BF:24:AE:2A:40:05:81:8A:A8:86:D0:CC + X509v3 Authority Key Identifier: + keyid:B3:4F:7C:A1:46:15:63:82:54:3A:AF:D2:F7:40:56:21:7B:14:44:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate2.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 11:40:e4:4a:02:0c:9e:51:0f:63:de:a2:8d:7f:d4:b8:a9:30: + ee:d4:68:94:62:28:53:54:dc:7b:4a:3c:6a:a6:2a:33:c6:bc: + 87:53:e3:ca:ca:88:08:7e:0f:f9:56:10:16:33:44:ea:95:73: + 4f:b1:69:d0:78:c7:e7:2e:ed:fc:73:c2:85:4a:e6:73:ae:84: + 9d:35:c2:1d:f6:42:e6:6d:f9:e3:3e:b0:5d:17:56:13:9e:63: + d3:a2:4b:6a:ec:35:43:de:b1:99:33:62:73:c2:81:5c:fc:f0: + 35:fc:39:52:1e:48:1c:16:0e:bf:66:22:08:9f:33:5e:b9:0f: + 54:68:6c:58:bc:02:62:46:ca:e5:f7:75:46:b4:88:ca:67:e5: + 76:39:8f:ad:f7:9e:d5:af:a3:ed:5e:59:47:eb:45:df:92:3f: + 37:1e:57:d3:6f:a5:5e:d3:f7:ee:1c:85:56:3f:f7:27:17:2a: + f3:57:e9:86:69:77:f3:d1:9f:c4:81:ff:48:c8:88:18:f2:ab: + fe:00:3d:72:97:e7:79:0c:3f:a6:4c:1f:1f:19:43:75:01:a6: + 0b:76:25:e8:00:55:82:48:ef:8a:85:25:f0:f5:cd:3d:93:82: + 69:52:35:19:1c:02:96:d8:77:64:de:e8:a3:25:8f:2c:fc:74: + 81:a4:7e:f8 +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIUbJxBiPPd9yO1xD2C9CDquS6exe8wDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNSW50ZXJtZWRpYXRlMjAeFw0yMTEwMDUxMjAwMDBaFw0y +MjEwMDUxMjAwMDBaMBExDzANBgNVBAMMBlRhcmdldDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMaA7SxCv+98Zef31TePuO2/Cb6DtSK6jY5fY8uYabr8 +eaYsAnCyEUkkMllqEOzaivpRJ9KVpggDHTkgYUvAoPNUGlP0UzRCZq/TCFwOq8rF +lx92YA1cBlaWQqZz/GML6QKiZHsYTm1+iLllv1K75Vfur4FUsG+zxSLanH1A0YYB +nds3vpFQlJuoftlUMoFQ/RRUaqOLtSwewJqo3vyW9RrKl3BgeZReZ+iQ/sNoY/Bd +ZOXsiad1YQxoKv6w04UXC175G/8bfvRS/yBWD3tQFduWdzwJTpgrx45Vu1l8Urdu +RSDXtsd+T3HX3ea5WARgKuRAZF4sjjCWvITbQrlmi5UCAwEAAaOB6zCB6DAdBgNV +HQ4EFgQUNClSGdgF2Ma/JK4qQAWBiqiG0MwwHwYDVR0jBBgwFoAUs098oUYVY4JU +Oq/S90BWIXsURFEwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8v +dXJsLWZvci1haWEvSW50ZXJtZWRpYXRlMi5jZXIwNQYDVR0fBC4wLDAqoCigJoYk +aHR0cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZTIuY3JsMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL +BQADggEBABFA5EoCDJ5RD2Peoo1/1LipMO7UaJRiKFNU3HtKPGqmKjPGvIdT48rK +iAh+D/lWEBYzROqVc0+xadB4x+cu7fxzwoVK5nOuhJ01wh32QuZt+eM+sF0XVhOe +Y9OiS2rsNUPesZkzYnPCgVz88DX8OVIeSBwWDr9mIgifM165D1RobFi8AmJGyuX3 +dUa0iMpn5XY5j633ntWvo+1eWUfrRd+SPzceV9NvpV7T9+4chVY/9ycXKvNX6YZp +d/PRn8SB/0jIiBjyq/4APXKX53kMP6ZMHx8ZQ3UBpgt2JegAVYJI74qFJfD1zT2T +gmlSNRkcApbYd2Te6KMljyz8dIGkfvg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 17:8c:9b:75:3d:af:a1:29:c3:af:35:d8:95:1a:c4:3f:ab:fb:b8:e8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate1 + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:da:13:9b:86:a9:21:3f:1b:20:2d:25:a0:65: + 28:27:5c:0c:2c:f5:ff:28:2a:4c:5c:63:4a:08:c6: + 90:06:55:13:54:d9:6d:c4:83:64:22:c0:1c:40:b1: + c9:f5:64:af:1d:cf:55:74:02:e8:97:af:3b:fe:ba: + 32:f9:3a:10:79:6f:5b:81:b8:cf:d6:25:3b:36:7f: + fb:17:a4:75:32:96:d3:b5:c5:97:87:8f:cd:63:e7: + 0f:28:3c:8e:0a:1e:46:91:a9:64:8b:70:7c:c8:ef: + b1:fa:82:50:2f:56:5c:17:b3:18:b9:4b:26:e2:a5: + 53:a8:27:a0:b7:d0:61:12:93:a7:5f:9a:1d:41:5c: + 53:c3:29:bd:96:44:8d:a6:1f:f9:e7:74:13:5a:84: + e3:3c:a5:41:cd:e9:86:72:c2:12:ea:2a:78:76:f8: + 88:93:f6:8a:d0:de:3e:b0:33:a0:96:fa:40:cb:c0: + e0:49:4d:c1:e8:46:40:b3:7f:a3:e5:01:d3:4e:9b: + e0:6c:21:6e:4a:d3:d6:e5:0c:1b:e1:1d:39:54:ca: + 35:4f:2a:1a:b0:b3:66:40:4e:f7:e9:72:70:f4:70: + 83:c6:81:12:bd:c9:c3:cc:53:95:fa:e4:21:74:f5: + 1e:f6:69:1c:42:6b:ba:ec:b5:83:33:41:7b:72:b8: + a4:9f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:4F:7C:A1:46:15:63:82:54:3A:AF:D2:F7:40:56:21:7B:14:44:51 + X509v3 Authority Key Identifier: + keyid:78:A0:50:E7:F0:D8:50:C1:A8:AE:40:CC:35:8A:73:B1:2C:78:51:4A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate1.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + Signature Algorithm: sha256WithRSAEncryption + 8a:26:3f:42:59:66:41:5c:e4:e4:df:2c:f8:32:db:5c:52:d1: + b5:14:af:08:45:41:be:cd:f4:a4:e7:77:43:a7:b9:99:e1:dc: + de:01:6b:6c:39:d6:ab:51:0c:e9:16:a3:94:e2:59:18:90:06: + ba:47:aa:37:49:74:8c:6d:d2:13:59:e2:b9:d6:39:a7:00:66: + 95:01:fc:d6:94:e6:9e:08:0b:74:2f:fb:9f:34:b0:db:36:b7: + 5c:0f:90:dc:d6:09:3c:d6:0d:90:cb:8b:d0:0a:d8:ce:56:6e: + 44:36:50:72:48:61:70:d1:72:e5:41:4b:6c:c3:91:ef:ef:d6: + 72:be:5b:3e:fa:00:e5:aa:3f:7a:5b:27:6d:b3:fe:02:cc:c3: + ee:67:09:3d:90:91:66:62:6c:66:5a:ee:59:38:b5:ff:1b:69: + 7f:97:d5:81:7c:59:04:6b:cb:20:89:4a:ce:7b:a6:d0:0a:df: + d3:58:34:1b:4a:25:d2:2c:63:49:95:22:f9:16:95:56:ee:6f: + 0f:28:5b:b1:65:69:1f:11:1c:99:01:a4:df:f2:8a:6e:03:c9: + 6e:5c:47:dd:ec:4f:62:26:59:bb:a2:a3:f4:fc:89:c7:ec:67: + 23:1e:a4:52:32:9e:fb:bb:f3:f0:7b:7f:4b:cd:28:4f:34:7d: + ac:af:65:76 +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIUF4ybdT2voSnDrzXYlRrEP6v7uOgwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNSW50ZXJtZWRpYXRlMTAeFw0yMTEwMDUxMjAwMDBaFw0y +MjEwMDUxMjAwMDBaMBgxFjAUBgNVBAMMDUludGVybWVkaWF0ZTIwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl2hObhqkhPxsgLSWgZSgnXAws9f8oKkxc +Y0oIxpAGVRNU2W3Eg2QiwBxAscn1ZK8dz1V0AuiXrzv+ujL5OhB5b1uBuM/WJTs2 +f/sXpHUyltO1xZeHj81j5w8oPI4KHkaRqWSLcHzI77H6glAvVlwXsxi5SybipVOo +J6C30GESk6dfmh1BXFPDKb2WRI2mH/nndBNahOM8pUHN6YZywhLqKnh2+IiT9orQ +3j6wM6CW+kDLwOBJTcHoRkCzf6PlAdNOm+BsIW5K09blDBvhHTlUyjVPKhqws2ZA +TvfpcnD0cIPGgRK9ycPMU5X65CF09R72aRxCa7rstYMzQXtyuKSfAgMBAAGjgeAw +gd0wHQYDVR0OBBYEFLNPfKFGFWOCVDqv0vdAViF7FERRMB8GA1UdIwQYMBaAFHig +UOfw2FDBqK5AzDWKc7EseFFKMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYk +aHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVkaWF0ZTEuY2VyMDUGA1UdHwQuMCww +KqAooCaGJGh0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUxLmNybDAOBgNV +HQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOC +AQEAiiY/QllmQVzk5N8s+DLbXFLRtRSvCEVBvs30pOd3Q6e5meHc3gFrbDnWq1EM +6RajlOJZGJAGukeqN0l0jG3SE1niudY5pwBmlQH81pTmnggLdC/7nzSw2za3XA+Q +3NYJPNYNkMuL0ArYzlZuRDZQckhhcNFy5UFLbMOR7+/Wcr5bPvoA5ao/elsnbbP+ +AszD7mcJPZCRZmJsZlruWTi1/xtpf5fVgXxZBGvLIIlKznum0Arf01g0G0ol0ixj +SZUi+RaVVu5vDyhbsWVpHxEcmQGk3/KKbgPJblxH3exPYiZZu6Kj9PyJx+xnIx6k +UjKe+7vz8Ht/S80oTzR9rK9ldg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 51:a0:bf:32:38:48:73:e8:3d:c1:b2:cc:5c:f8:d9:94:14:a9:2a:db + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a1:53:d3:7c:15:ee:13:ee:f8:8a:57:2c:76:df: + 71:f0:10:21:58:fd:6c:9e:02:b8:6b:09:77:40:de: + d2:cf:62:8b:5b:9f:29:fe:11:a3:6b:c8:fb:f3:7f: + aa:22:13:87:7f:c1:3f:41:40:3f:1b:21:51:ae:5a: + 03:ae:86:c2:68:7c:8d:3d:1b:0e:d9:62:98:5a:66: + d9:3b:8f:88:2a:44:b6:df:c9:2b:1c:78:95:d3:e1: + 50:7b:18:42:3b:f3:1b:41:bb:48:d9:31:54:6a:d9: + ef:7e:8a:a6:fe:ce:bb:5e:f8:13:68:f2:61:be:75: + a2:65:5f:d0:c5:87:fa:f6:e1:04:05:2b:50:a0:88: + ac:e2:d5:af:b6:83:6b:b8:b3:a0:1a:2d:65:71:5f: + 67:a6:97:3e:43:a2:5e:80:c5:fe:36:40:34:05:ea: + 79:31:0a:fa:b9:68:9a:58:f3:28:b6:7a:dd:6a:06: + 4c:da:76:f5:a5:63:70:8a:27:64:29:87:c1:8b:77: + fa:f0:cd:ef:56:a9:4c:7f:14:6d:da:c8:b8:b5:80: + 8d:df:68:60:61:6f:e3:31:f3:d7:47:8e:0e:58:f0: + f1:9f:f1:7e:d4:d9:41:b9:6a:f4:33:4d:f5:7f:ef: + d4:b4:91:50:4b:4b:65:d9:8d:de:cc:a4:d3:88:17: + ca:3f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 78:A0:50:E7:F0:D8:50:C1:A8:AE:40:CC:35:8A:73:B1:2C:78:51:4A + X509v3 Authority Key Identifier: + keyid:FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + Signature Algorithm: sha256WithRSAEncryption + 76:17:bf:d0:09:fc:6b:7b:58:0d:62:ef:d4:5f:3f:56:69:d2: + d9:9e:b0:fb:e6:79:da:80:99:b0:42:6c:5f:f0:2b:7e:d1:7e: + 06:dd:26:14:7e:34:31:86:18:5e:cc:b4:0b:25:43:0e:78:f2: + db:dc:e0:05:8e:b7:d5:4a:fd:7e:b0:76:6f:65:c5:78:d8:4b: + 2a:03:4b:50:25:68:30:e2:a2:58:49:e2:98:2a:ea:c9:c2:25: + 4f:7b:a5:e8:0a:50:f7:34:b4:b8:f5:e1:79:8e:f3:e4:bc:67: + 89:aa:bd:e5:2b:ee:c2:8d:6b:23:ca:89:97:7f:c9:a9:9b:64: + 24:04:99:3c:a8:40:02:f9:a2:00:f6:fe:15:6c:1a:ad:cd:e8: + 39:d4:18:12:f6:2f:dc:ff:fd:e4:55:77:9f:80:7c:1f:b9:9a: + d2:ab:19:f2:fb:44:6e:14:6c:08:56:3a:61:c9:c6:30:0a:19: + 67:05:f4:c7:11:a7:c9:da:63:0e:d1:b1:a6:53:1f:1d:c4:f3: + 2b:86:f8:eb:47:af:27:f4:70:44:19:21:08:c0:a8:3b:70:e8: + 34:58:e4:63:ec:a5:12:0f:ed:b0:4a:2f:33:6d:77:86:66:ab: + 12:17:ce:59:0a:cd:68:67:66:c9:80:57:75:e8:07:4a:69:e8: + 61:a5:69:90 +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUUaC/MjhIc+g9wbLMXPjZlBSpKtswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBgxFjAUBgNVBAMMDUludGVybWVkaWF0ZTEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQChU9N8Fe4T7viKVyx233HwECFY/WyeArhrCXdA3tLPYotb +nyn+EaNryPvzf6oiE4d/wT9BQD8bIVGuWgOuhsJofI09Gw7ZYphaZtk7j4gqRLbf +ySsceJXT4VB7GEI78xtBu0jZMVRq2e9+iqb+zrte+BNo8mG+daJlX9DFh/r24QQF +K1CgiKzi1a+2g2u4s6AaLWVxX2emlz5Dol6Axf42QDQF6nkxCvq5aJpY8yi2et1q +BkzadvWlY3CKJ2Qph8GLd/rwze9WqUx/FG3ayLi1gI3faGBhb+Mx89dHjg5Y8PGf +8X7U2UG5avQzTfV/79S0kVBLS2XZjd7MpNOIF8o/AgMBAAGjgc4wgcswHQYDVR0O +BBYEFHigUOfw2FDBqK5AzDWKc7EseFFKMB8GA1UdIwQYMBaAFPtEWg8DqTo8dbQ+ +hy6ZmS5zBA4PMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3Vy +bC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwt +Zm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAdhe/0An8a3tYDWLv1F8/VmnS2Z6w++Z5 +2oCZsEJsX/ArftF+Bt0mFH40MYYYXsy0CyVDDnjy29zgBY631Ur9frB2b2XFeNhL +KgNLUCVoMOKiWEnimCrqycIlT3ul6ApQ9zS0uPXheY7z5Lxniaq95Svuwo1rI8qJ +l3/JqZtkJASZPKhAAvmiAPb+FWwarc3oOdQYEvYv3P/95FV3n4B8H7ma0qsZ8vtE +bhRsCFY6YcnGMAoZZwX0xxGnydpjDtGxplMfHcTzK4b460evJ/RwRBkhCMCoO3Do +NFjkY+ylEg/tsEovM213hmarEhfOWQrNaGdmyYBXdegHSmnoYaVpkA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 51:a0:bf:32:38:48:73:e8:3d:c1:b2:cc:5c:f8:d9:94:14:a9:2a:da + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:92:08:56:82:b9:30:af:14:a4:b9:10:66:49:4d: + 2a:e7:3c:3b:38:4e:a9:b3:1e:76:0f:32:75:73:d0: + d9:c6:21:3a:86:77:01:b7:a9:ec:52:96:d6:01:97: + a4:90:f3:63:24:da:ed:9e:57:98:05:ee:e9:22:69: + 00:02:c6:cf:16:fb:54:7b:00:33:31:2b:0a:cc:c3: + 54:98:7a:a0:11:c8:45:78:b5:e7:3a:17:7e:4f:5b: + a6:e8:97:9f:73:6a:fc:49:38:d7:4b:3c:51:05:e9: + aa:a1:0b:a9:f5:86:52:b7:d3:3d:31:ec:ca:82:64: + 15:f9:8a:e8:8e:c8:f6:88:35:ae:7c:b1:ba:4a:86: + 07:f0:85:0e:99:6a:30:a9:a4:a8:0c:d5:21:57:e0: + cd:95:96:47:22:bf:93:bc:62:78:c2:59:ab:ae:69: + 12:75:69:11:c0:60:8d:9d:d7:54:6e:e4:4a:44:0d: + 75:4c:4b:e4:0e:96:69:0c:5a:be:97:fd:5f:29:8a: + a8:46:60:10:b8:a3:c5:ae:47:2d:9a:3f:79:1e:90: + 44:f7:9d:c9:1b:3e:ad:35:45:83:5f:5d:89:c6:24: + a7:b5:bf:09:47:22:f8:30:b8:94:34:85:4f:21:89: + 52:63:fa:db:01:e5:0f:e0:f3:36:97:5d:2e:6c:6c: + 3d:57 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F + X509v3 Authority Key Identifier: + keyid:FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 23:f1:e7:b1:85:a0:fe:b3:e5:1a:e9:91:d2:ca:de:17:c3:f5: + 60:bc:98:f5:59:7f:37:3a:f6:4f:7f:f2:f5:f2:d8:aa:2f:fa: + f2:a5:cd:96:a5:4b:37:3a:82:b5:19:49:c3:c8:d6:20:71:aa: + 8b:3e:fe:bb:f7:dc:1b:ef:d5:62:75:d5:fe:1a:65:11:23:3e: + b5:9c:66:e4:dd:85:0d:cf:e3:28:91:69:8d:07:c0:84:fc:5f: + f9:1f:12:be:ab:90:53:7c:16:05:0a:85:b3:3f:72:e9:d2:49: + ba:f8:1c:c6:48:38:e2:ad:81:ea:60:60:c7:e3:ab:db:ef:47: + c6:a4:04:5f:ab:7d:a0:e8:08:fe:b9:03:32:dc:b3:cf:4f:7b: + 41:27:98:06:f3:a9:d4:20:d8:c9:ae:6a:c9:b0:76:7e:36:27: + a7:39:4f:c8:c1:a8:9a:76:6c:4f:a3:ef:61:07:1d:23:ea:2f: + fc:d0:2c:43:de:e7:93:0c:21:46:d8:3f:da:d9:59:da:0a:08: + ea:ee:43:2a:81:57:7b:96:35:dc:6d:c6:76:47:43:3e:78:cd: + 9b:00:f2:17:da:ba:c6:da:d6:8f:d3:31:bf:c9:a0:c5:ec:f7: + 67:3c:cf:0c:26:63:c7:3b:3c:82:e2:b1:01:c8:19:8a:2f:e7: + 00:b4:50:fb +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIUUaC/MjhIc+g9wbLMXPjZlBSpKtowDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCSCFaCuTCvFKS5EGZJTSrnPDs4TqmzHnYPMnVz0NnGITqGdwG3qexSltYB +l6SQ82Mk2u2eV5gF7ukiaQACxs8W+1R7ADMxKwrMw1SYeqARyEV4tec6F35PW6bo +l59zavxJONdLPFEF6aqhC6n1hlK30z0x7MqCZBX5iuiOyPaINa58sbpKhgfwhQ6Z +ajCppKgM1SFX4M2Vlkciv5O8YnjCWauuaRJ1aRHAYI2d11Ru5EpEDXVMS+QOlmkM +Wr6X/V8piqhGYBC4o8WuRy2aP3kekET3nckbPq01RYNfXYnGJKe1vwlHIvgwuJQ0 +hU8hiVJj+tsB5Q/g8zaXXS5sbD1XAgMBAAGjgcswgcgwHQYDVR0OBBYEFPtEWg8D +qTo8dbQ+hy6ZmS5zBA4PMB8GA1UdIwQYMBaAFPtEWg8DqTo8dbQ+hy6ZmS5zBA4P +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAI/HnsYWg/rPlGumR0sreF8P1YLyY9Vl/Nzr2T3/y9fLYqi/6 +8qXNlqVLNzqCtRlJw8jWIHGqiz7+u/fcG+/VYnXV/hplESM+tZxm5N2FDc/jKJFp +jQfAhPxf+R8SvquQU3wWBQqFsz9y6dJJuvgcxkg44q2B6mBgx+Or2+9HxqQEX6t9 +oOgI/rkDMtyzz097QSeYBvOp1CDYya5qybB2fjYnpzlPyMGomnZsT6PvYQcdI+ov +/NAsQ97nkwwhRtg/2tlZ2goI6u5DKoFXe5Y13G3GdkdDPnjNmwDyF9q6xtrWj9Mx +v8mgxez3ZzzPDCZjxzs8guKxAcgZii/nALRQ+w== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/generate-chains.py new file mode 100755 index 0000000000..9344809963 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/generate-chains.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain where the intermediate sets pathlen=0, however +violates this by issuing another (non-self-issued) intermediate.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate. +root = gencerts.create_self_signed_root_certificate('Root') + +# Intermediate with pathlen 0 +intermediate1 = gencerts.create_intermediate_certificate('Intermediate1', root) +intermediate1.get_extensions().set_property('basicConstraints', + 'critical,CA:true,pathlen:0') + +# Another intermediate (with the same pathlen restriction) +intermediate2 = gencerts.create_intermediate_certificate('Intermediate2', + intermediate1) +intermediate2.get_extensions().set_property('basicConstraints', + 'critical,CA:true,pathlen:0') + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate2) + +chain = [target, intermediate2, intermediate1, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate1.key b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate1.key new file mode 100644 index 0000000000..51aeeab3ad --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAoVPTfBXuE+74ilcsdt9x8BAhWP1sngK4awl3QN7Sz2KLW58p +/hGja8j783+qIhOHf8E/QUA/GyFRrloDrobCaHyNPRsO2WKYWmbZO4+IKkS238kr +HHiV0+FQexhCO/MbQbtI2TFUatnvfoqm/s67XvgTaPJhvnWiZV/QxYf69uEEBStQ +oIis4tWvtoNruLOgGi1lcV9nppc+Q6JegMX+NkA0Bep5MQr6uWiaWPMotnrdagZM +2nb1pWNwiidkKYfBi3f68M3vVqlMfxRt2si4tYCN32hgYW/jMfPXR44OWPDxn/F+ +1NlBuWr0M031f+/UtJFQS0tl2Y3ezKTTiBfKPwIDAQABAoIBAHQRalOZN4vR37Ew +XMY9pqzP/h4XXoEkdehUjB748XTRcm/9yGmJ6SiQFm0vCYmwwUjyEP9yKLTtOOYW +zxVO0Sn5imhPQlS2ceSAoIQQlSfL/kJtan32Z91j+tJFNsoI8zBMfXH94r1phLxn +JxSmSfpewyA7WoV7/tWupPapCa96Oh2J31vA9Zxx3LssGpcqj+sq4n8Lbch/wqVU +1ZI6p+9wiBSjMurNPRb25OjCMPO6h/Hc2Endo0ajmphkYEV42fp8o1hDGDe8Rqub +kluyAecQIGz/ykhvIHiZn4KianvrWztjG2okia1xffBxwU8FJy49ZYKuwT6r+n/b +FkyYV7kCgYEA0oljEKaMBrKxQ7Qger/jga/b+YccEYk9vLKWKpWp9ulxcJff8Mjm +B8Ry+1MxSnkLMLct3umIWFbyIW/jP3HxhP7cq6eTxuYirYCRYTlEnRtenKdHHZn0 +68X4ZTnic0Tp4q+PrBZbXRhZN8pcOoq5h+YCLUzHorh/7nhx1pmuygUCgYEAxCoe +hITTLX22570rHMeuiwwpvt2FTdn+0vaQNoIDFGaLtp2Z0lamaxSaFTBnh84PoB8/ +0Io8bWg0onLlMk7C7blQbGNS4XT7DpnRTY8rEYORZ4vRJieGCZhqZkEFjEltHmXV +b+xBkuVHCLLDeTQ70hLtkMlQ+1TjK7X1BvozAnMCgYB2jbajIaWn/+eh4ESJ2pQZ +6xVLpbFAjq+dGlNFF5Hl3/5pEJyh0f72UMEOlQIklZSfkgbah1anqA4glgi5KUh/ +Q6SvZGXqkpzkZol23fCtJ0RXojqBiLhKK+h71+SUVDH/3CxjExPPkG5s5B6bOJLQ +28xOBfZEwvAHMPuphFDQoQKBgAZel78V0QWZH2dG7S9yDGjXbEOWTc3JVkzjVKtw +bUksSz0SwPvjdGPlt1sYx0PRnRBF83yCAJRM3eiocmi/xfSSH9plHzvS4JQIypMK +Iwveicoi8BedEO0e1dWcJuH3QGPMSrHnqflrGHNf2pkE6SxZEP2yi76dcwLoVZx0 +Y1OhAoGAAkvp7odVUcwRIx5j72DTkL/84BZrX00AOzihrV59hVIsAHkIDVW4clbm +Wzk3cGgv+wp77myQnRku12Eh29lSceJan+kShsV/2GHI9t90RaDHyAPBpgpCJ0FJ +HB2hZUsNGAT11sbN2h8psKxUESJharttP74jLSacDRVuCxqZDTk= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate2.key b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate2.key new file mode 100644 index 0000000000..6dad70d4d9 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Intermediate2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApdoTm4apIT8bIC0loGUoJ1wMLPX/KCpMXGNKCMaQBlUTVNlt +xINkIsAcQLHJ9WSvHc9VdALol687/roy+ToQeW9bgbjP1iU7Nn/7F6R1MpbTtcWX +h4/NY+cPKDyOCh5Gkalki3B8yO+x+oJQL1ZcF7MYuUsm4qVTqCegt9BhEpOnX5od +QVxTwym9lkSNph/553QTWoTjPKVBzemGcsIS6ip4dviIk/aK0N4+sDOglvpAy8Dg +SU3B6EZAs3+j5QHTTpvgbCFuStPW5Qwb4R05VMo1TyoasLNmQE736XJw9HCDxoES +vcnDzFOV+uQhdPUe9mkcQmu67LWDM0F7criknwIDAQABAoIBAE+nsYsc3dYt7OVD +SbMDYomk1+QwMeAkkJA+z6vvUfT4n1Q9KU8cm9dk1SztNsY5GTIEBlK1ouhXLUVm +QF0a2ha4uQZQsOF0+D9wsDPmtLMbZYsD34coNckpjEoS61VIvTPwW23tFMGc/aoH +NGPH4msvhUxZH8/y/37fqX0fA8BbjBGgf+x+vScCCUi/2d0L7NdLqTulx2TPdhvM +aKO5oHBgva5Idg4KcuSYufgNPFt5v1A9pGMuV45O11yV4HCyyQZzRo8MY1B2zPf1 +vCJWWr0uOJ+EDd0xGLzz2hUeArtnvnfzKQx3l09kNk0T6z8dOS4Kb2FCVkQ5ICTa +KWB91EECgYEA1fl2SRHliXt89KK8RnhEaM6arZkA8fXpDgCN814b2fTtheu82nu2 +79Qc5Tl3uD8g5hk7sFAS+sDIMUfRyJYirpxJna/HiUA6XOMlRV9hDkG95pR9b11+ +7MxLygM5EIzX5jtICV+ShU5rvOT4PVPumYq5GsI5MmEgtWTVjIhTNNcCgYEAxm0I +QtI0HgFH3beQtx3vRCncF+kl9pcyqayb/Fr/yKOBm3YzFrMZodOzutxGbbi24SOQ +Tvh1itVT6rIiiw+7YDit1QQ5eQ7xE1gfvKSGWbKUq4fq/Z9nsqEIbMb1nLV1mE79 +0aR7NO97NRw2+Vkj/lF4IrgbcGKYUIG5JdeATXkCgYEAgLUOhoNiW6FRF2Hv+D+N +frGP7w4SuHhf2FFTEWmxPRiL6ztSnOU/s+EWBHfd4JDwfBf/hF2WHQjrImF9+bb9 +Y6SUz2oVjyR4NrlXCPSHT+kRjmoRTXSizVNR31Cy+ZaOo2lTOngnjVIPkk70Vwdu +hSMhlsvvVbOA1juyDFdQHX8CgYAw173k1OFHUYFjLkBNEu1Glhc7O4TAwk8SPQ7Y +e33i4XyRy/Kfb86ravUe1gHwGDvMB3kKN1aXqhNR/i9Kk8DH2qvPd46+IdNts498 +W/NGORMndfl+HLLl4YW1YPQscu5TY35PEHHTge+ODzfpAOw/OcacpTz72QktKAFv +MzC94QKBgA4iH7k22s6kYBK00htUjyzk3rcjQbeWMEEO2QO2nIXczXoH1TYD7YX0 +A7VzLjUEtxv6gR0Nr+R+8NSiG0M72L+JbLfUG1NLmRxIJt9z8riYNc0xhDksS9jQ +MopKqvkRNhh0zopfOul6DhbCRb7FTf+HhmAuX+df7KQqTDOqhqU7 +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Root.key new file mode 100644 index 0000000000..1252b5d033 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAkghWgrkwrxSkuRBmSU0q5zw7OE6psx52DzJ1c9DZxiE6hncB +t6nsUpbWAZekkPNjJNrtnleYBe7pImkAAsbPFvtUewAzMSsKzMNUmHqgEchFeLXn +Ohd+T1um6Jefc2r8STjXSzxRBemqoQup9YZSt9M9MezKgmQV+Yrojsj2iDWufLG6 +SoYH8IUOmWowqaSoDNUhV+DNlZZHIr+TvGJ4wlmrrmkSdWkRwGCNnddUbuRKRA11 +TEvkDpZpDFq+l/1fKYqoRmAQuKPFrkctmj95HpBE953JGz6tNUWDX12JxiSntb8J +RyL4MLiUNIVPIYlSY/rbAeUP4PM2l10ubGw9VwIDAQABAoIBAAupos8Z3yt8aJNn +HeQox45kHw6mKaNmgWNBUmQHf/z01mm6w2ZZqcgGx9yksb3p0jc1TNjigf+nTvMy +k4+lNRDOzbZtE6mPmHM1/mGXGYWSCwpS7L6U9b98wF2/Djr3hmKKqZcWoBnqyXfH +KLG1IpIPyslb8ehr+d1OHLiakCXclMqTQSxCVX46Zv4MJMyn6z/KjaWMYsCCXjam +0XuVgcNBbVVfl8/jdWhcAyKHoYA9jUFSCPQTTZ9jRJ8tYdFJqpy4GyUoF8+e1T0O +9LMMgrUEZ0nY7G7izbdN5sdrt2gSozzc11GgceMLeDnefEV2PYk9wmq4sxqBIO3/ +tfokMMECgYEAwi1t5g/EoP47TSK6Nsd7OwFjyZ4RobMbggHEsrUNprmOXDXadaa3 +uwZzZzBQmmccFMHdAzTY1B9S+KTt8vxnWTIbwhmk4THGn1v7Afi7A+JkCP9jTseP +q33DCCDDJYKoDKLgCLtcG+9A3tjl+kXzOEICwBfE+QQDDSmpdRPy25ECgYEAwIbT +WJs7ZfDTbebVZoZFmnLAmx7Ciaby9TUUsoslmrpIZVgI7gZjmtG5uHMQjmh5+eRv +6zCTv+HqhLqr14JfipgemA0S+3/jEydYHdZ6S+Ek4fYQ48nKwjmhrrtmT1cMiRlS +0H4X4XcbAkc9mbobMF0Wi2LhfeiRTV8xbSZIhmcCgYEAlDerIKY+mAkXaPyuGWxR +Qyv/aIGwwbX+tFD3PNX40p/m67nrxEx7CFaXNlfp3sH/7FRCiNUJAXnbkpIKU6SY +mrwl9hYvBfpBu5ixU8LxtbhUVY3j1tl7cBKyEX04mGRQND0LN38UgvowkSoM+en1 +CqdQhCJgpxeJ4L1BbW3JvhECgYBuSg4yWSLKwA3ujGi9RbgDxS7u7c0Vm+zcaV8E +9M9C9unYHHlpGYHfw7r3nfrjCZiufZ1bhsVtC5cUF/evCkF/HKuSARNZvaYwZ76D +wUTnyP8e7p44T3X2k5s6hKIUW1KUC0y0oTc+8sMnJ/Zy5PkEWJ88lBWG0j7CqwCe +fWrYiwKBgQCo0+qvqueeNudt725/SWTnTIip4Bn9zYTLd1i8npImaMMzcMEzIHzc +/zU4LIObVh07afZQjLsdGzWwZCopxKgraNcm4A+UO2oAxCa2aAFGfESGT+2/oh7j +a8GkBsbfthY5WbeFbFx6RxbRYvh4NBqws4k7RUqiPJFz2VbMRHu6tg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Target.key new file mode 100644 index 0000000000..e43522b63c --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAxoDtLEK/73xl5/fVN4+47b8JvoO1IrqNjl9jy5hpuvx5piwC +cLIRSSQyWWoQ7NqK+lEn0pWmCAMdOSBhS8Cg81QaU/RTNEJmr9MIXA6rysWXH3Zg +DVwGVpZCpnP8YwvpAqJkexhObX6IuWW/UrvlV+6vgVSwb7PFItqcfUDRhgGd2ze+ +kVCUm6h+2VQygVD9FFRqo4u1LB7Amqje/Jb1GsqXcGB5lF5n6JD+w2hj8F1k5eyJ +p3VhDGgq/rDThRcLXvkb/xt+9FL/IFYPe1AV25Z3PAlOmCvHjlW7WXxSt25FINe2 +x35Pcdfd5rlYBGAq5EBkXiyOMJa8hNtCuWaLlQIDAQABAoIBAQCkx7OaUVLJN8fU +dxvtAoat/S7WkrjTum715+OMx9nFGf7V3aSs7nSA9eZB6VVheM1zm9jl68omzob8 +vA9odeBl/cPZO3GyaQibHiDLYnZjXgDkYjy7+k9co2FykcfKZMGpqSqmMHgyVp6i +4H6g7E8m3oGcZ7QLFf0owLa1FxCXHtr1nBLGLKfaAvkvvYphoza79b+xcpTaz3Zq +nZJUT/TjCevxqAId6ka1US78lZAykhC+P/YZFEBfr+3eqN4McmagDoP2pOn/Dqxa +v1Y/wMTvCeFmotWH4oUJLuKVWcwx7Yr+FmDZTIJ90tgDsGy53BtyW4FCAsg/FYMk +eWsHVBdhAoGBAPRJl9FmzabKbKt+wm68tZ4l5R6XBgdxmFw3kNsCRSU50rQnYkPf +Uh/jUsLRgQoJkNJH5KIa8Qd1uX0NoiNKCU8/LWvvUQH5WXVp5bxKGWjkG2GFCrP9 +wAblyAibiD18cDgml7Xw7LqecBSDA1C+wepwsT71Jel8x/p7Zc/McVo9AoGBANAF +YNAUViZv2zpGycoO/syD3nNBV2z2maRLNUeybPxugA8pj0abACDj84pWRaXvM731 +lcg2xjGQF9G8ClUWA3nsYGxH+NN/gpsovC8waKkGOXGrb7nvP7olsMUzeEofeG4h +rm9kwb1bxKEe+CBXmCzkhJMMgPlnepeVN8UcSoQ5AoGAf3UOY1FyJ34iaPBAXirT +z+oRu34sxSF9z0+mor5yeVPMHfcWjDcu0Dh5a/CHlUccarrcDcBk1fGUkCzW1fbB +GLnr5w78gz0ocdyI407+Jv4tUxppVTQmRvMJBYSw9vPAUWvBaEqGGXClJe6dgjml +T77wm9qop0RVytkra9pNojkCgYEAzvOKzXht/O9rex7RwmQIug63UJLBF3Z+hCUO +bLXmF30Xif4evG+YQSCHOil6QQsovuOEkBtuMgDYsaAR53RvIO05QICZ3FAO764n +CgtvFDlNDPkxvhl3nQnCQ25hTdzhQy/fCpOC65BQnrrgv8xlaMQv4NuftIBuRj/9 +q+vpdoECgYEA17cUaGCfnRWtMLnR1gSd9SdjjtwIWu40KmNtY5OXNsrzODWpqSks +jV9wsSG8npYxXLusRc9EOl+VPgeeBidDtYU5/7quqSwp5NvpSLFA4LvGSPRx6iz0 +zn3Yz262mKxtcr2SG6kU/6IAdpO5VW3ilKrd1zAQtg8h6/lO/m8QPOg= +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/main.test b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/main.test new file mode 100644 index 0000000000..9c04bc1378 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0/main.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/chain.pem b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/chain.pem new file mode 100644 index 0000000000..ec51495dce --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/chain.pem @@ -0,0 +1,367 @@ +[Created by: generate-chains.py] + +Certificate chain with 2 intermediates and one end entity certificate. The +root certificate has a pathlen:1 restriction. Ordinarily this would be an +invalid chain, however constraints on this trust anchor are not enforced. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:b6:20:7f:8e:28:e1:ab:46:5c:ea:21:e3:04:e6:9e:26:6c:cd:7a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate2 + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9d:b0:80:41:9a:d5:31:ea:d0:f6:46:1d:cd:f5: + e0:b8:d1:d4:21:fa:7b:01:03:9a:2a:dc:f0:f1:91: + 75:4e:57:cb:b6:d2:03:4d:49:16:cf:85:87:a7:e8: + b5:de:55:67:d1:9f:1a:2a:19:2c:00:91:00:81:c4: + 92:cc:03:be:c1:f2:c5:72:39:94:b6:1e:5f:4a:70: + 83:7d:5a:05:2d:02:a7:84:25:2a:da:11:c4:d4:e8: + 7f:1a:fb:88:6b:52:f9:8c:c9:c7:99:21:75:35:c3: + 84:a0:a1:b1:32:6e:1f:e4:b4:bc:21:5b:e4:7b:e0: + 85:06:3d:bf:fb:c0:92:66:1e:53:ff:d0:16:3b:a5: + 7c:32:07:10:54:b7:98:3d:70:2f:fc:ee:54:3e:74: + a8:ec:4b:45:11:e5:08:d1:54:2b:a9:78:83:bc:55: + 92:3e:71:e4:ba:ac:67:28:f2:4d:3e:8c:8f:26:88: + 02:fc:04:82:a9:88:bf:c7:95:4d:8c:d5:0e:17:2d: + ea:90:ad:6e:e4:7e:76:89:c6:0d:f4:5a:35:1a:72: + d4:91:38:50:cc:f3:1b:05:ff:80:d3:b2:e9:0a:5d: + 8a:9f:b8:b2:2a:20:a8:76:b5:41:1b:80:33:7c:79: + 12:fa:ff:36:df:61:22:c5:fa:27:4a:88:75:a8:f5: + 5d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + ED:D0:2C:C2:73:F7:C3:03:A2:08:6E:44:C9:E5:97:16:A5:B9:C9:EC + X509v3 Authority Key Identifier: + keyid:48:81:22:AA:57:F7:0B:70:A7:D6:32:4B:AA:85:CD:7C:F2:85:30:2B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate2.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 4d:7e:4c:ef:2d:23:0a:e0:2d:63:8c:cd:69:6e:aa:b3:66:07: + b7:f7:7f:0f:47:7d:0a:2b:62:ad:75:da:9e:77:61:6e:eb:81: + f2:11:4b:85:61:f0:80:5c:52:b5:f7:ad:35:d3:6b:a1:58:8c: + 14:24:ae:f7:9e:d0:4b:65:a3:ab:9d:4c:3f:c5:6d:97:59:fd: + b5:17:d9:93:71:76:0d:c2:51:94:68:e4:04:9d:66:db:8d:81: + 5a:44:a5:d8:c9:36:d2:5d:e2:9b:58:71:7a:43:c8:b4:31:d9: + 39:4a:e9:d0:2c:9e:0d:8a:7c:b8:5b:57:71:8b:cd:62:b5:82: + e8:cc:ce:85:13:10:e2:59:dd:50:4e:0a:8f:1f:7c:5c:c1:f8: + d5:73:79:be:e9:0e:b2:7b:e3:04:59:31:4f:c6:e6:b8:5a:f4: + 81:bf:d2:b6:b7:56:d8:50:97:39:af:89:1a:9e:db:c7:c1:5e: + 6f:53:50:23:e7:ac:52:09:16:62:89:c6:05:71:84:98:a8:98: + 46:55:12:4e:b5:6b:14:28:d0:5a:76:db:98:5f:d0:56:da:4a: + 3d:7a:e2:d0:66:f4:61:6f:40:cb:b5:95:ef:7b:57:80:8e:c0: + e4:25:54:f2:1d:ec:46:47:64:3f:86:55:95:94:9f:87:11:f4: + e2:04:04:c9 +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIUb7Ygf44o4atGXOoh4wTmniZszXowDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNSW50ZXJtZWRpYXRlMjAeFw0yMTEwMDUxMjAwMDBaFw0y +MjEwMDUxMjAwMDBaMBExDzANBgNVBAMMBlRhcmdldDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJ2wgEGa1THq0PZGHc314LjR1CH6ewEDmirc8PGRdU5X +y7bSA01JFs+Fh6fotd5VZ9GfGioZLACRAIHEkswDvsHyxXI5lLYeX0pwg31aBS0C +p4QlKtoRxNTofxr7iGtS+YzJx5khdTXDhKChsTJuH+S0vCFb5HvghQY9v/vAkmYe +U//QFjulfDIHEFS3mD1wL/zuVD50qOxLRRHlCNFUK6l4g7xVkj5x5LqsZyjyTT6M +jyaIAvwEgqmIv8eVTYzVDhct6pCtbuR+donGDfRaNRpy1JE4UMzzGwX/gNOy6Qpd +ip+4siogqHa1QRuAM3x5Evr/Nt9hIsX6J0qIdaj1XUkCAwEAAaOB6zCB6DAdBgNV +HQ4EFgQU7dAswnP3wwOiCG5EyeWXFqW5yewwHwYDVR0jBBgwFoAUSIEiqlf3C3Cn +1jJLqoXNfPKFMCswQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8v +dXJsLWZvci1haWEvSW50ZXJtZWRpYXRlMi5jZXIwNQYDVR0fBC4wLDAqoCigJoYk +aHR0cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZTIuY3JsMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL +BQADggEBAE1+TO8tIwrgLWOMzWluqrNmB7f3fw9HfQorYq112p53YW7rgfIRS4Vh +8IBcUrX3rTXTa6FYjBQkrvee0Etlo6udTD/FbZdZ/bUX2ZNxdg3CUZRo5ASdZtuN +gVpEpdjJNtJd4ptYcXpDyLQx2TlK6dAsng2KfLhbV3GLzWK1gujMzoUTEOJZ3VBO +Co8ffFzB+NVzeb7pDrJ74wRZMU/G5rha9IG/0ra3VthQlzmviRqe28fBXm9TUCPn +rFIJFmKJxgVxhJiomEZVEk61axQo0Fp225hf0FbaSj164tBm9GFvQMu1le97V4CO +wOQlVPId7EZHZD+GVZWUn4cR9OIEBMk= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:9a:a5:a2:a4:4b:4d:13:90:3b:56:a2:99:01:90:63:01:79:c0:69 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate1 + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b9:41:a3:79:b8:9d:70:a4:25:58:5b:47:07:ad: + 0a:23:3e:36:c4:44:c3:27:bb:cd:ab:c8:1b:4e:b8: + ba:d7:33:af:4a:59:74:cb:c1:5f:8c:8f:b6:0d:89: + ad:43:1f:3c:f4:64:11:0a:dc:ec:65:6d:85:5c:97: + 7e:8d:79:4d:bf:2c:bc:7e:31:59:bc:b7:cb:1c:8b: + 9a:10:ae:12:ed:93:50:72:66:45:c0:af:be:e7:e2: + 0a:cd:b4:60:f8:03:3e:6a:e2:ca:ff:75:52:20:73: + d3:2b:af:72:91:1b:ee:31:ea:74:9b:a0:aa:b2:3a: + 84:96:f3:00:65:a4:a7:21:e0:b1:96:d2:32:45:c6: + bd:6e:17:67:74:34:89:71:a8:2e:18:6b:12:1f:f1: + 97:07:10:61:b2:c2:38:ac:44:97:e4:fb:99:33:4b: + 7d:60:52:86:44:d4:df:91:0b:2d:04:37:b5:7e:5c: + fa:3d:46:9e:cf:0b:4f:1a:43:d9:9a:68:56:47:b5: + f0:68:80:67:a0:e4:d9:e2:25:d4:ff:3c:1a:b3:e0: + 5f:d5:44:ec:d5:1b:e0:b2:be:fd:d1:26:89:25:4a: + 18:4a:ca:44:d0:94:74:cb:a8:39:75:64:5a:19:21: + d1:4c:d9:b2:13:f0:d1:4f:6f:45:02:b7:3e:6e:10: + fe:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 48:81:22:AA:57:F7:0B:70:A7:D6:32:4B:AA:85:CD:7C:F2:85:30:2B + X509v3 Authority Key Identifier: + keyid:A7:AB:30:41:BC:BB:CC:D3:7C:21:06:CA:C4:71:84:FF:FA:00:FC:D3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate1.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + c0:be:40:38:07:07:a8:77:d8:a2:61:2f:b8:21:c1:75:c1:41: + 96:8c:af:f3:b9:74:84:3b:59:6e:1b:05:0a:ad:a1:7c:ae:ed: + aa:85:7b:91:7a:97:39:02:9f:bd:e9:d8:f7:ed:d1:f3:cb:04: + be:01:69:e2:8d:83:c2:fb:8f:db:0a:73:2e:c7:be:92:1a:2b: + b5:e6:84:4b:e4:5e:78:ae:ea:b4:41:8a:ec:30:4a:90:8f:66: + b9:2f:17:1f:a3:6e:a8:44:38:46:01:be:00:07:5a:4e:4c:f6: + e7:b3:6f:22:48:fe:ad:74:48:0b:6d:85:eb:22:3b:cf:2c:53: + c2:6b:d5:bf:3e:39:ff:1e:87:03:3f:37:8c:ee:6c:3f:ee:33: + 71:b4:bb:0a:62:a7:cc:58:99:b4:c2:3a:8b:02:e0:14:50:7d: + 2c:3d:32:e2:2d:cc:41:5f:e3:5a:f6:74:2c:a5:50:d6:ad:ce: + e2:ce:c7:2f:9a:75:20:53:9b:85:65:48:fc:61:c4:39:2f:b2: + d6:2b:77:c2:b9:fd:93:57:d6:40:01:8b:6a:23:5e:63:2f:fa: + b4:96:93:01:8e:2e:70:ce:4f:9b:d9:aa:e0:5c:a3:2b:c0:b0: + ef:20:7e:bd:6d:f4:5b:7a:49:a6:39:79:19:0c:e7:15:05:55: + 35:37:7f:4e +-----BEGIN CERTIFICATE----- +MIIDnDCCAoSgAwIBAgIUa5qloqRLTROQO1aimQGQYwF5wGkwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNSW50ZXJtZWRpYXRlMTAeFw0yMTEwMDUxMjAwMDBaFw0y +MjEwMDUxMjAwMDBaMBgxFjAUBgNVBAMMDUludGVybWVkaWF0ZTIwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5QaN5uJ1wpCVYW0cHrQojPjbERMMnu82r +yBtOuLrXM69KWXTLwV+Mj7YNia1DHzz0ZBEK3OxlbYVcl36NeU2/LLx+MVm8t8sc +i5oQrhLtk1ByZkXAr77n4grNtGD4Az5q4sr/dVIgc9Mrr3KRG+4x6nSboKqyOoSW +8wBlpKch4LGW0jJFxr1uF2d0NIlxqC4YaxIf8ZcHEGGywjisRJfk+5kzS31gUoZE +1N+RCy0EN7V+XPo9Rp7PC08aQ9maaFZHtfBogGeg5NniJdT/PBqz4F/VROzVG+Cy +vv3RJoklShhKykTQlHTLqDl1ZFoZIdFM2bIT8NFPb0UCtz5uEP5fAgMBAAGjgd0w +gdowHQYDVR0OBBYEFEiBIqpX9wtwp9YyS6qFzXzyhTArMB8GA1UdIwQYMBaAFKer +MEG8u8zTfCEGysRxhP/6APzTMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYk +aHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVkaWF0ZTEuY2VyMDUGA1UdHwQuMCww +KqAooCaGJGh0dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUxLmNybDAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA +wL5AOAcHqHfYomEvuCHBdcFBloyv87l0hDtZbhsFCq2hfK7tqoV7kXqXOQKfvenY +9+3R88sEvgFp4o2DwvuP2wpzLse+khorteaES+ReeK7qtEGK7DBKkI9muS8XH6Nu +qEQ4RgG+AAdaTkz257NvIkj+rXRIC22F6yI7zyxTwmvVvz45/x6HAz83jO5sP+4z +cbS7CmKnzFiZtMI6iwLgFFB9LD0y4i3MQV/jWvZ0LKVQ1q3O4s7HL5p1IFObhWVI +/GHEOS+y1it3wrn9k1fWQAGLaiNeYy/6tJaTAY4ucM5Pm9mq4FyjK8Cw7yB+vW30 +W3pJpjl5GQznFQVVNTd/Tg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 18:cb:b5:af:52:5d:40:86:d1:39:30:e5:fe:1a:28:65:33:e0:37:a9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Intermediate1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:37:3b:43:f5:80:3a:6f:88:94:a1:ea:18:3b: + 56:7b:bc:4d:3e:b3:3c:dc:99:4a:aa:11:0c:3e:95: + ee:ed:76:27:5b:a5:81:59:73:69:dc:33:da:20:35: + 48:00:ac:3e:43:5e:df:10:17:d8:d3:e9:11:da:00: + 72:e7:d3:42:54:f1:93:39:0b:18:7a:0c:69:4d:12: + 50:73:0c:f6:4f:44:8d:5f:c0:62:89:e5:f0:63:78: + 1b:92:bb:23:67:8f:77:b1:d3:3f:b1:67:de:6b:aa: + 0f:73:c3:d3:f2:69:84:7e:e3:04:34:25:69:23:13: + 23:92:4d:d5:08:55:7d:77:b8:42:96:fd:f7:09:35: + 20:4a:bf:8e:3d:16:9c:93:5d:81:a2:ed:9d:b4:b3: + 43:06:74:f2:79:f1:26:d8:1a:b8:3c:35:e6:cd:d6: + 36:79:5c:2d:3f:3e:df:1c:08:e9:5a:7a:cb:e4:e7: + aa:54:db:7e:96:38:a0:0c:39:65:68:88:3a:a0:05: + 5a:79:ee:8e:dd:96:08:86:8d:3e:79:b1:7e:28:bd: + 0f:9a:26:f5:de:8c:6c:7a:d8:e7:79:c4:9a:48:35: + 26:2c:ac:1c:ce:d4:7f:a4:a2:75:e3:27:0f:0f:de: + 5a:ba:7a:59:c7:ef:d8:39:8d:74:81:fc:37:a6:b1: + b7:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A7:AB:30:41:BC:BB:CC:D3:7C:21:06:CA:C4:71:84:FF:FA:00:FC:D3 + X509v3 Authority Key Identifier: + keyid:2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 45:d1:1e:ed:5a:d0:33:9c:56:d6:af:c1:32:74:ba:13:b2:c6: + b6:4c:30:64:82:e9:ea:47:e5:4e:7f:f3:e3:52:9c:3e:fb:ae: + cf:ab:4f:1a:e9:63:c6:5c:ff:d3:3f:ab:5d:a0:63:4d:fa:d5: + 04:8a:c5:53:8e:0a:a1:05:07:e1:4d:8c:7b:05:12:28:df:fb: + 53:71:2f:80:fb:c6:dd:db:3e:46:8c:ec:57:6f:85:e3:44:a8: + 3a:59:5a:f7:90:8f:bb:d9:d7:e4:e5:3d:fb:5e:56:0d:d8:83: + 00:e1:9d:48:9b:c4:ab:fb:42:15:fc:47:57:51:13:42:af:49: + c4:39:86:37:b9:f5:8b:60:bb:9f:ab:e8:62:5c:2a:fd:17:0c: + 5f:10:4c:99:8e:f3:ac:78:e0:db:f7:23:b7:ac:9f:c3:b3:08: + 73:1b:27:7c:e4:7f:9e:5a:32:aa:49:d7:08:d9:65:d3:f9:2e: + 0f:e4:dc:41:47:42:50:01:ef:89:9c:60:a8:f9:1e:71:8b:54: + 1c:d1:34:38:68:fe:5c:da:de:a0:14:aa:9e:bb:99:d1:4f:5c: + f4:cb:23:37:ed:ea:8f:a8:75:bd:69:c6:41:f7:40:80:c1:a6: + 3a:45:55:c0:ee:6e:06:bb:d0:fb:ad:a8:dd:26:87:38:b0:6b: + e2:e5:1b:6b +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIUGMu1r1JdQIbROTDl/hooZTPgN6kwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMBgxFjAUBgNVBAMMDUludGVybWVkaWF0ZTEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDBNztD9YA6b4iUoeoYO1Z7vE0+szzcmUqqEQw+le7tdidb +pYFZc2ncM9ogNUgArD5DXt8QF9jT6RHaAHLn00JU8ZM5Cxh6DGlNElBzDPZPRI1f +wGKJ5fBjeBuSuyNnj3ex0z+xZ95rqg9zw9PyaYR+4wQ0JWkjEyOSTdUIVX13uEKW +/fcJNSBKv449FpyTXYGi7Z20s0MGdPJ58SbYGrg8NebN1jZ5XC0/Pt8cCOlaesvk +56pU236WOKAMOWVoiDqgBVp57o7dlgiGjT55sX4ovQ+aJvXejGx62Od5xJpINSYs +rBzO1H+konXjJw8P3lq6elnH79g5jXSB/DemsbdNAgMBAAGjgcswgcgwHQYDVR0O +BBYEFKerMEG8u8zTfCEGysRxhP/6APzTMB8GA1UdIwQYMBaAFCqpyu8YFT7TrMTs +LaE8jxn47lG1MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3Vy +bC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwt +Zm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEARdEe7VrQM5xW1q/BMnS6E7LGtkwwZILp6kfl +Tn/z41KcPvuuz6tPGuljxlz/0z+rXaBjTfrVBIrFU44KoQUH4U2MewUSKN/7U3Ev +gPvG3ds+RozsV2+F40SoOlla95CPu9nX5OU9+15WDdiDAOGdSJvEq/tCFfxHV1ET +Qq9JxDmGN7n1i2C7n6voYlwq/RcMXxBMmY7zrHjg2/cjt6yfw7MIcxsnfOR/nloy +qknXCNll0/kuD+TcQUdCUAHviZxgqPkecYtUHNE0OGj+XNreoBSqnruZ0U9c9Msj +N+3qj6h1vWnGQfdAgMGmOkVVwO5uBrvQ+62o3SaHOLBr4uUbaw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 18:cb:b5:af:52:5d:40:86:d1:39:30:e5:fe:1a:28:65:33:e0:37:a8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Oct 5 12:00:00 2021 GMT + Not After : Oct 5 12:00:00 2022 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b6:f5:2f:2d:0b:bf:09:20:92:56:ed:6f:1b:b3: + 4e:2c:7b:1b:7d:8e:97:f1:ee:95:bf:2e:b7:63:de: + 9c:5b:35:3e:c1:5b:78:1e:6c:fd:94:fe:23:7d:6c: + 28:bf:da:ac:d4:47:58:b4:ba:00:9e:aa:ce:23:44: + c6:a3:84:7a:5b:53:99:bc:20:f7:f9:76:10:1c:3d: + c4:45:af:b4:55:7f:03:26:54:6f:92:15:3c:e1:ea: + 3d:00:c7:02:fb:ce:59:f9:5c:21:17:b2:18:9c:b8: + d2:d5:36:56:8d:7c:24:a0:76:66:7e:2e:18:88:d0: + ae:18:d8:65:98:56:33:0a:50:e8:28:eb:a9:fe:7e: + 2e:b7:c7:39:93:61:2c:6b:04:80:fa:5b:c3:b5:3f: + 82:b3:81:b3:92:2a:0a:ab:b0:1c:0d:3b:88:63:5e: + 19:dd:bd:c4:0a:43:b6:a2:f8:c9:e7:86:33:7e:4a: + b4:8b:1d:87:24:a4:67:6a:1d:32:41:a9:73:74:05: + dd:09:34:b9:42:63:fd:2c:bc:53:6e:06:51:f4:9f: + eb:b0:8d:0f:ec:9c:4b:61:6e:18:e0:d0:e4:03:34: + 34:66:1c:7c:33:64:f7:4d:4f:89:2d:a9:c3:b5:43: + 08:82:df:ad:0b:03:0d:20:6b:cf:27:81:cb:a7:53: + 7d:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 + X509v3 Authority Key Identifier: + keyid:2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 + Signature Algorithm: sha256WithRSAEncryption + 68:a8:4b:73:15:52:f9:1f:62:a3:fd:d7:b2:32:45:bd:cd:a9: + d0:9d:6b:6a:f9:34:dc:35:9e:52:36:ea:b7:b3:9d:ce:28:27: + 5c:f3:c8:b5:3a:8f:9c:56:41:e3:0a:c4:eb:f9:05:5d:be:01: + e7:69:39:f9:0e:04:24:ef:23:21:1f:28:84:ac:97:6c:bd:01: + 23:ad:10:3a:78:3c:7d:82:c6:5e:25:e2:51:2b:7e:76:ac:b1: + 6c:7e:8b:cc:9f:12:5e:27:ee:79:bf:bf:68:93:a0:7c:cc:da: + 8c:c8:ee:ef:4c:c0:65:6a:a4:2b:aa:ce:71:62:3a:ef:a9:c8: + d2:76:53:13:0b:47:3b:ad:6a:46:b7:60:b2:87:c5:b1:5a:75: + 23:87:57:de:1d:55:46:76:99:e7:f9:f1:90:7a:8a:6a:af:4b: + 9d:61:b7:fd:a2:71:c8:29:a5:ec:4a:d8:2b:e2:91:3b:0a:a5: + 69:65:f1:9e:1b:bb:23:c9:d8:00:7c:44:6b:91:b2:92:e7:02: + f8:80:57:0f:31:72:e9:ed:f0:24:96:a0:50:f9:b4:18:94:11: + 31:05:ba:b4:7e:21:73:1a:f2:5f:37:2a:de:ac:14:36:1c:25: + d7:a6:81:c6:69:6b:63:a2:9a:a7:e1:8e:43:86:d2:bd:95:b3: + 78:d3:5e:20 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIUGMu1r1JdQIbROTDl/hooZTPgN6gwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw +MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC29S8tC78JIJJW7W8bs04sext9jpfx7pW/Lrdj3pxbNT7BW3gebP2U/iN9 +bCi/2qzUR1i0ugCeqs4jRMajhHpbU5m8IPf5dhAcPcRFr7RVfwMmVG+SFTzh6j0A +xwL7zln5XCEXshicuNLVNlaNfCSgdmZ+LhiI0K4Y2GWYVjMKUOgo66n+fi63xzmT +YSxrBID6W8O1P4KzgbOSKgqrsBwNO4hjXhndvcQKQ7ai+MnnhjN+SrSLHYckpGdq +HTJBqXN0Bd0JNLlCY/0svFNuBlH0n+uwjQ/snEthbhjg0OQDNDRmHHwzZPdNT4kt +qcO1QwiC360LAw0ga88ngcunU30TAgMBAAGjgc4wgcswHQYDVR0OBBYEFCqpyu8Y +FT7TrMTsLaE8jxn47lG1MB8GA1UdIwQYMBaAFCqpyu8YFT7TrMTsLaE8jxn47lG1 +MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh +L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S +b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkq +hkiG9w0BAQsFAAOCAQEAaKhLcxVS+R9io/3XsjJFvc2p0J1ravk03DWeUjbqt7Od +zignXPPItTqPnFZB4wrE6/kFXb4B52k5+Q4EJO8jIR8ohKyXbL0BI60QOng8fYLG +XiXiUSt+dqyxbH6LzJ8SXifueb+/aJOgfMzajMju70zAZWqkK6rOcWI676nI0nZT +EwtHO61qRrdgsofFsVp1I4dX3h1VRnaZ5/nxkHqKaq9LnWG3/aJxyCml7ErYK+KR +OwqlaWXxnhu7I8nYAHxEa5GykucC+IBXDzFy6e3wJJagUPm0GJQRMQW6tH4hcxry +Xzcq3qwUNhwl16aBxmlrY6Kap+GOQ4bSvZWzeNNeIA== +-----END CERTIFICATE----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/generate-chains.py b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/generate-chains.py new file mode 100755 index 0000000000..fd7fe7f490 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/generate-chains.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python +# Copyright 2016 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 2 intermediates and one end entity certificate. The +root certificate has a pathlen:1 restriction. Ordinarily this would be an +invalid chain, however constraints on this trust anchor are not enforced.""" + +import sys +sys.path += ['../..'] + +import gencerts + +# Self-signed root certificate (used as trust anchor). +root = gencerts.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('basicConstraints', + 'critical,CA:true,pathlen:1') + +# Intermediate 1 (no pathlen restriction). +intermediate1 = gencerts.create_intermediate_certificate('Intermediate1', root) + +# Intermediate 2 (no pathlen restriction). +intermediate2 = gencerts.create_intermediate_certificate('Intermediate2', + intermediate1) + +# Target certificate. +target = gencerts.create_end_entity_certificate('Target', intermediate2) + +chain = [target, intermediate2, intermediate1, root] +gencerts.write_chain(__doc__, chain, 'chain.pem') diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate1.key b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate1.key new file mode 100644 index 0000000000..a0359feab4 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwTc7Q/WAOm+IlKHqGDtWe7xNPrM83JlKqhEMPpXu7XYnW6WB +WXNp3DPaIDVIAKw+Q17fEBfY0+kR2gBy59NCVPGTOQsYegxpTRJQcwz2T0SNX8Bi +ieXwY3gbkrsjZ493sdM/sWfea6oPc8PT8mmEfuMENCVpIxMjkk3VCFV9d7hClv33 +CTUgSr+OPRack12Bou2dtLNDBnTyefEm2Bq4PDXmzdY2eVwtPz7fHAjpWnrL5Oeq +VNt+ljigDDllaIg6oAVaee6O3ZYIho0+ebF+KL0Pmib13oxsetjnecSaSDUmLKwc +ztR/pKJ14ycPD95aunpZx+/YOY10gfw3prG3TQIDAQABAoIBAQCQMvdBNeTYN8s4 +GksKgKZ/vD3uEHjYrnMBz61SvDVP9cFT7YZGyxLza6NcLEercOEbCJ/zc8i4Bpbz +GyimiY1UteJJTVWcKM0h3ww5gTAGYsQb9QnVns00fzwc2xuGO5V6Go3Lihh+Q7I6 +lKkGnudqh2Towg7gRXVjyEC4co0sHgLCrGfBD+NP9f9LHnpXEA5dVCaVz2VmVVqp +7EiN4H3C3bkj2MZNM/hEBR59MlGvNz5WXcyq6UrBYxM8NuBGm/bF/35aRjASDpAJ +2azrzTRwrY1HBd+IuuyCrf1HqBkS7oYPzTFO5Lw6wI7AvlPl8xvOCtlaZV7/dbI1 +GoBv4jWBAoGBAPw6F3Jv82m+KfCxi7HKZPmUua5DCvnoqOgMlFSaRHYEENVCl/Ce +uBiep8cGgSuHp3S8ujpnqXiQ+/7ADdojuMCtXTSiMDlG3KHZ/dOT378YCPx4JUs+ +imWu9+gddQaJyk278Ob0H5FE1EejMj1o3uQaSPUl9fQyLBHIy8XMfSvhAoGBAMQb +J8Xv+wwEEIIg+XTsTwa4rpF9HATFtHYq5XZzvdwTdQnqPaDY4tl0/92VAq2gct6p +c4Uu7eul5S6z8adIqVLhq833FPMu4OAYay8OEW6uoPs55h9O/7uYrrxTTnABhPE0 +t4pvbOEaf3gcQ+lockW6nbAJobN5U3xjAKZ5ExjtAoGBAMqkLWROl0SUeIOdUTt0 +/S0blRZxXKctik5slNtn2arrV07PIt0513RIO0mGa066vQnn+sKjuB9adGrWiAqC ++pMqdaCs0Yui5+3NAsXynyebOtUD/gp246AQM7IzwGqRV4yee0xCQ/5lSxuG/P0j +fTfL+mOirPkVOhzLsxNmWAZhAoGAO2NZ5Siq51WnxjDEOvOBbzCotSilPpC8+Pg+ +q2ObwLUnwYvtg/OKp342Kl2BBSHNB79bW579sFp6EG2wJg/sL0xmYiaMcqTktxjO +BN8GynUaDVrYZOzgp2gyqpez7lmXcBCd8M+Tsov6xF4S9vGJgbJlJLWWAashbE7z +GHccIHUCgYAETXU7OKN2WEdnBQo/lC4E2ZqM06FdDls70RyqWYT7yanXKIsFIDpg +w/2I6GoeFDyXSQPPZ/5olbZ0EA/dB8D/uLnLvaSaU0u15pvR/6uzKg+XtT/3EFt7 +nVrCPka0YY2w4vxjIt4c11d1BrlLoCpvErEdb1iN/zYQW8qaj1+exg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate2.key b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate2.key new file mode 100644 index 0000000000..4a3b2e1584 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Intermediate2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuUGjebidcKQlWFtHB60KIz42xETDJ7vNq8gbTri61zOvSll0 +y8FfjI+2DYmtQx889GQRCtzsZW2FXJd+jXlNvyy8fjFZvLfLHIuaEK4S7ZNQcmZF +wK++5+IKzbRg+AM+auLK/3VSIHPTK69ykRvuMep0m6CqsjqElvMAZaSnIeCxltIy +Rca9bhdndDSJcaguGGsSH/GXBxBhssI4rESX5PuZM0t9YFKGRNTfkQstBDe1flz6 +PUaezwtPGkPZmmhWR7XwaIBnoOTZ4iXU/zwas+Bf1UTs1Rvgsr790SaJJUoYSspE +0JR0y6g5dWRaGSHRTNmyE/DRT29FArc+bhD+XwIDAQABAoIBAHd3e8uoIWedgzPK +kTDDB1GY8kp5qXx7IPQRdIK8oEjdXMJOlAI97rc/igCK83/gqjdUPKVLuOrjyOfg +Dk1/l4Kcf+XFP4By6fm7kRwGldA9eth7Waob67mvzJXBJ/NobB0TqiM5bj/dUaXP +W8t2PpJUBuTBpLKRCCYsCOqDVwCBxDGVhZBmVXUrUOQpc0u8SZrumIHggebcC5eC +7aOB4fwO/lnZP5BN1M1tC1ubobbZB45riDGjPbPs04vd1tfn99dB7oL5C0nxmdmP +zOSXYTzh+NqP1rM0nhrW0sSV3spC6awpj2SMjfia2gTsA3H4OsJxnqgQ4JjayVOr +j2EiJ1ECgYEA3rmojHlV2UTouBDV8xu1ZIqrMgPMfpfftLgjNgZXN2AN6DTazycs +ba7H/bzamabzyxaMJ0/nP4JV9+yop5oWOk65nLEqL583i6subPhRkHYjNedQI/gB +31OhmD30drVAUMg1fsXuHaWCnFfhs0hT528xNhJGoiJpI7uwhmrKYgkCgYEA1O7y +28BjNvefcpT+tA7NQRGx02xOpmEKZAoheMNVEz2PuM1/4cSAN00aZCj2Os229zhW +h3uBMCquZu3TlaVAEOqpV+JYq59Zb/JmWvWDCjGzp8j3UKNRqgEU5QrgyWdlbs/9 +/FUkklJnFuYZEIDvRdRy4GoSRN/xP9Vz0RFTVycCgYEAy173up0oeKXlYf1tfvj0 +HwRH4fl6BrYi/N+Ot0v+439/82If0jvQ465OyzBg4yCBSBYkj9j0LReT7Dhan/+h +AEjWT2+uN6HIlG4QjEwKHkDhUd0PXmidPREeYudfi+1g9uJ5hnKxRLzWkG/mlVAb +3R2478isWmvVWV2OiI6GkhECgYAV7zNnPa86t1FefUirhabRICCAVfTYIMDwQzbl +eMGnxLysXcbhm9tVVwTz8mBC+HPzjYMkW62YJ51ljvQvwyERXQrqua9GppiQ9phi +oE3KXApUq1gGn3xHFetwGKnFNXh2bMiOGLs2s3RZIITOdWmweM0InwSYwbTZTYSr +sawzGwKBgQDJz23W6oeOBsLJuZ/EzKQiQDld7JABJdDVBoGnqJDwsHulfM3RHouw +jtUynlR6bC5Fb9w+sCY6b2pwhO5TVXGbJ17HDBHce+yTy3YfxyCC+QH4UXa8kM1i +TAr7dj1fzCA5wCb8CWu9XmjC8Jx9plXxrSAGRRaiX0BwSyE73cb4RQ== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Root.key b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Root.key new file mode 100644 index 0000000000..11ab68fad8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtvUvLQu/CSCSVu1vG7NOLHsbfY6X8e6Vvy63Y96cWzU+wVt4 +Hmz9lP4jfWwov9qs1EdYtLoAnqrOI0TGo4R6W1OZvCD3+XYQHD3ERa+0VX8DJlRv +khU84eo9AMcC+85Z+VwhF7IYnLjS1TZWjXwkoHZmfi4YiNCuGNhlmFYzClDoKOup +/n4ut8c5k2EsawSA+lvDtT+Cs4GzkioKq7AcDTuIY14Z3b3ECkO2ovjJ54Yzfkq0 +ix2HJKRnah0yQalzdAXdCTS5QmP9LLxTbgZR9J/rsI0P7JxLYW4Y4NDkAzQ0Zhx8 +M2T3TU+JLanDtUMIgt+tCwMNIGvPJ4HLp1N9EwIDAQABAoIBAGxEPzyK3OuLyM2E +B+H+g14zI5tzTFswcpEGFiQVUbVvlslZVYW7vXvzwBCydpLB1tBvwACCqWc7cGzS +gDG3baipmioH4HZQ9UuhCYqrZS3K0ZRXFwb9Zl/R+3OAUTWtcPTtHfAlxgbIIItn +cmSbeBk0t4YnxQEBbGTreYNiTyXkpl4XZ4T32rvbc5OcS2MxHWmm6EnapCblaPM/ ++uyEQJ+QJXk1Pzk1xBKBrI3pIkqF53J1M92v9jDUqlXOY7vcaS+d+CfIYxY7iiXq +cO24m7Kq7cpUcI6DCYVlPENmb2/sqGwHSyKGtWlEE2+glyjLNLcjeORVs/eAmj1k +8HEqX2ECgYEA5DJSDeTS24yp2XWuNCllcIEKv+mQOoOe2Rp0tXsA8AXWlw/cH8SW +lKuyc8lv02A5H9Kpj00p0v6gfnoSECSWcjsdGKZES4olhrRAlhaEbsEh2WDrEKLZ +7GPgizAZJuVPROJV2cxNdYNxcPODUFMGm+2no1rGzyH6MLczkqmk9UkCgYEAzT/R +4Rdqc8QcjCaf34GHZwIIxhxh5E3D4ewhcVwmk5mMb6xx4X/6F3w1JM4DAD9ZULbO +qfFQw/IxF7jyXoz5M37OZBsd4Jlz6kg9Rn8QScJSHnmZtrXfhVbiybBvlZMMV17P +68ET49ppvaMQ+qRtrx5i7lJrAGzPDRkPF3vLi3sCgYB3SN6fqKeYYJVAuUVQuvrt +rmbCHwNnsvnMHwo2+49n6IVd/cphSNA18vKbmAa+haQWwHYmFH3yb2vR8VmT2qxS +FhiFlBRLMHGhUoQYcLjVdFuPWBxIW/hym1r7Jy9ep6uiJHYgHa236ffYxVI1INFp +nPduartV9zrjUEDDP66dEQKBgQDFlsHC0tr9NXdSCMDx1u114cR2i85FjgOcE8ki +K1dL0o8a1sUPFDe7siwrEVRcQaAHDuWnPpPE/vv53WceVNJ2m4WvY1eA59lqWj77 +Bcm1aCfMBL5Q4YecAsfy6DKTqOtBlRnO2KIAQTx4fmoTEIYzBqqwyZEO6LDu6Afa +UKfjzwKBgQCG88lqCoOjB2TxCL83487yv1xXb7HDf3OV6px5i5QEaw5+la6aRsrY +GPDRHuRhufwfc9vAMb3VFlTU5zrI28VruX0sHXVsJXY5owd9qwBSaBm39bZcuZuw +OJtbQ0XSng8mK81EUivoYkDQAxvX6uo5EoEfor4EiyDTLiTAXUN64g== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Target.key b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Target.key new file mode 100644 index 0000000000..580c585a9b --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/keys/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnbCAQZrVMerQ9kYdzfXguNHUIfp7AQOaKtzw8ZF1TlfLttID +TUkWz4WHp+i13lVn0Z8aKhksAJEAgcSSzAO+wfLFcjmUth5fSnCDfVoFLQKnhCUq +2hHE1Oh/GvuIa1L5jMnHmSF1NcOEoKGxMm4f5LS8IVvke+CFBj2/+8CSZh5T/9AW +O6V8MgcQVLeYPXAv/O5UPnSo7EtFEeUI0VQrqXiDvFWSPnHkuqxnKPJNPoyPJogC +/ASCqYi/x5VNjNUOFy3qkK1u5H52icYN9Fo1GnLUkThQzPMbBf+A07LpCl2Kn7iy +KiCodrVBG4AzfHkS+v8232EixfonSoh1qPVdSQIDAQABAoIBAFSEY1nGWPpWNwWo +cxUO8hFdNWu4yvCyM5FBtkpjghIpcGBek7J6uCUmFp1iVwgBkpGByw5BS5pKHZFw +AJYkc7uUGUutnQ03ni9RusgW1atYPtzO5vbWiz7qFiYqJuYPJP3WsIpcqmvUjWNj +BoxXBfUZAbSHgiD7J5E+y4Vto4njZAGM9atK3AJE8nizIebSPr7Fa7uoWO37t8Mf +on/8tBQ9fJya6+QQJGbXVpuQ+RgOd0PWC819WIYiXVOj8YhQemAR/hKsoe+ADyFX +qHJbRd6CTWNAZsjhZylK/8gtIQLYnvK6RE9V+ibkNadF4i0QF7UVhIrlYoHyeCR9 +weWEIgECgYEAzmn0q/kUdNE33OuIi5EUe9/6TET6OG9L7DtYq3//y/lufTO18dYk +tppptxsXwu3jm2hR5tuFBVO48y2TyO1rLggIJb4GJbPk1EkpQCZd2lUgsZElECW2 +H+g1x8YP77GP8lFCniDhyjIVPjXAtLv4LGO3wizvGc8cnqvK9UlwiGkCgYEAw5IW +5Ch4sRvMlhf3+gQmI7q9ALF1Cr6kurIkQA04pkmShkNrbQx1Dpc7hTGcpTcNj7DD +PP/aj5pT1Vyd4cMYhWCU3edJvyN/CtrWIhzYMIugnXyKwv97BDiqRj5MsH7oX2u0 +5MiGjqWnzjkkKWMvdV6r1F8dSz8n20YtNbg6keECgYEAkAB5clSFwe2H9HbZPs0L +JlSekQD6M87pf7fzZ0oYEZxFSdF+mGXWHRJiuByNmi9OP8gqg00YYxwChpyAYofH +40g1Lud/8GOtO7CCt79McJo9AcQJwFce1OmyQ1nZGlac3udz+09jViVUjp7/ftc4 +DvfOZgflEvNbuxKMuEzw1ikCgYBADqfEz6TIjgxy1SL6F0XOyimCAp4NiOg35oWN +HUeC3/JIW+jh7QSiZNKwC9H9I40jlYg9gKg8BRaUeiOUgOyVM09PZ6R2INBJ4+fj +gIMnU3SmYNaqjDfk6BKNs3Y3ETpXltXHYg8Axi2ylHDNxZkT3pB1nTnhHayWW+QP +BmrYwQKBgQCgGKJVP79a4E3s0O5DOvBiM6mReCVxeHp9URfWKjC4pPeJ5iSE5arh +9BzqBjnbf+RVM1sOLFgg9dFWnlAfj+MWrVe9ayhkwPQt8+6jDHcQvKxYygx0qG6Y +TW7zX7amVWX4IzaneuO5t5nkPe4w29GLW2E+bLHN7QUc9V90RMTSSg== +-----END RSA PRIVATE KEY----- diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/main.test b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/main.test new file mode 100644 index 0000000000..c898fa45b8 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/main.test @@ -0,0 +1,5 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: diff --git a/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/ta-with-constraints.test b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/ta-with-constraints.test new file mode 100644 index 0000000000..420e0028b5 --- /dev/null +++ b/pki/testdata/verify_certificate_chain_unittest/violates-pathlen-1-from-root/ta-with-constraints.test @@ -0,0 +1,8 @@ +chain: chain.pem +last_cert_trust: TRUSTED_ANCHOR_WITH_CONSTRAINTS +utc_time: DEFAULT +key_purpose: SERVER_AUTH +expected_errors: +----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-dupe_attr.pem new file mode 100644 index 0000000000..33df73f19c --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-dupe_attr.pem @@ -0,0 +1,37 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBcjELMAkGA1UEBhMCVVMxGTAXBgNVBAgeEABuAEUAVwAgAHkATwBSAEsxggFGMIGgBgNVBAce +gZgAYQBiAGMAZABlAGYAZwBoAGkAagBrAGwAbQBuAG8AcABxAHIAcwB0AHUAdgB3AHgAeQB6ACAA +QQBCAEMARABFAEYARwBIAEkASgBLAEwATQBOAE8AUABRAFIAUwBUAFUAVgBXAFgAWQBaACAAMAAx +ADIAMwA0ADUANgA3ADgAOQAgACcAKAApACsALAAtAC4ALwA6AD0APzCBoAYDVQQHHoGYAGEAYgBj +AGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgAEEAQgBDAEQA +RQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgADAAMQAyADMANAA1 +ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_attr.pem new file mode 100644 index 0000000000..81a8d3a393 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_attr.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"nEW yORK" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u"nAME OF COMPANY" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIH1MQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAG4ARQBXACAAeQBPAFIASzGByjAlBgNVBAoeHgBu +AEEATQBFACAATwBGACAAQwBPAE0AUABBAE4AWTCBoAYDVQQHHoGYAGEAYgBjAGQAZQBmAGcAaABp +AGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgAEEAQgBDAEQARQBGAEcASABJAEoA +SwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgADAAMQAyADMANAA1ADYANwA4ADkAIAAn +ACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_rdn.pem new file mode 100644 index 0000000000..ea043da562 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_rdn.pem @@ -0,0 +1,37 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u"nAME OF COMPANY" } + } + } +} +-----BEGIN NAME----- +MIH3MQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAG4ARQBXACAAeQBPAFIASzGBozCBoAYDVQQHHoGY +AGEAYgBjAGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgAEEA +QgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgADAAMQAy +ADMANAA1ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8xJzAlBgNVBAoeHgBuAEEATQBF +ACAATwBGACAAQwBPAE0AUABBAE4AWQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap.pem new file mode 100644 index 0000000000..0562ca3bd7 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap.pem @@ -0,0 +1,29 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHOMQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAG4ARQBXACAAeQBPAFIASzGBozCBoAYDVQQHHoGY +AGEAYgBjAGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgAEEA +QgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgADAAMQAy +ADMANAA1ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-dupe_attr.pem new file mode 100644 index 0000000000..f45bcf4a62 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-dupe_attr.pem @@ -0,0 +1,38 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIIBpjELMAkGA1UEBhMCVVMxJTAjBgNVBAgeHAAgACAATgBlAHcAIAAgACAAWQBvAHIAawAgACAx +ggFuMIG0BgNVBAcegawAIAAgAEEAQgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMA +VABVAFYAVwBYAFkAWgAgACAAIABhAGIAYwBkAGUAZgBnAGgAaQBqAGsAbABtAG4AbwBwAHEAcgBz +AHQAdQB2AHcAeAB5AHoAIAAgACAAMAAxADIAMwA0ADUANgA3ADgAOQAgACAAIAAnACgAKQArACwA +LQAuAC8AOgA9AD8AIAAgMIG0BgNVBAcegawAIAAgAEEAQgBDAEQARQBGAEcASABJAEoASwBMAE0A +TgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgACAAIABhAGIAYwBkAGUAZgBnAGgAaQBqAGsAbABt +AG4AbwBwAHEAcgBzAHQAdQB2AHcAeAB5AHoAIAAgACAAMAAxADIAMwA0ADUANgA3ADgAOQAgACAA +IAAnACgAKQArACwALQAuAC8AOgA9AD8AIAAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_attr.pem new file mode 100644 index 0000000000..233fada59e --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_attr.pem @@ -0,0 +1,36 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u" New York " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u" Name of company " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIIBJTELMAkGA1UEBhMCVVMxJTAjBgNVBAgeHAAgACAATgBlAHcAIAAgACAAWQBvAHIAawAgACAx +ge4wNQYDVQQKHi4AIAAgAE4AYQBtAGUAIAAgACAAbwBmACAAIAAgAGMAbwBtAHAAYQBuAHkAIAAg +MIG0BgNVBAcegawAIAAgAEEAQgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABV +AFYAVwBYAFkAWgAgACAAIABhAGIAYwBkAGUAZgBnAGgAaQBqAGsAbABtAG4AbwBwAHEAcgBzAHQA +dQB2AHcAeAB5AHoAIAAgACAAMAAxADIAMwA0ADUANgA3ADgAOQAgACAAIAAnACgAKQArACwALQAu +AC8AOgA9AD8AIAAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_rdn.pem new file mode 100644 index 0000000000..47c73aabed --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_rdn.pem @@ -0,0 +1,38 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u" Name of company " } + } + } +} +-----BEGIN NAME----- +MIIBJzELMAkGA1UEBhMCVVMxJTAjBgNVBAgeHAAgACAATgBlAHcAIAAgACAAWQBvAHIAawAgACAx +gbcwgbQGA1UEBx6BrAAgACAAQQBCAEMARABFAEYARwBIAEkASgBLAEwATQBOAE8AUABRAFIAUwBU +AFUAVgBXAFgAWQBaACAAIAAgAGEAYgBjAGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMA +dAB1AHYAdwB4AHkAegAgACAAIAAwADEAMgAzADQANQA2ADcAOAA5ACAAIAAgACcAKAApACsALAAt +AC4ALwA6AD0APwAgACAxNzA1BgNVBAoeLgAgACAATgBhAG0AZQAgACAAIABvAGYAIAAgACAAYwBv +AG0AcABhAG4AeQAgACA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace.pem new file mode 100644 index 0000000000..b07c1da062 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace.pem @@ -0,0 +1,30 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIHuMQswCQYDVQQGEwJVUzElMCMGA1UECB4cACAAIABOAGUAdwAgACAAIABZAG8AcgBrACAAIDGB +tzCBtAYDVQQHHoGsACAAIABBAEIAQwBEAEUARgBHAEgASQBKAEsATABNAE4ATwBQAFEAUgBTAFQA +VQBWAFcAWABZAFoAIAAgACAAYQBiAGMAZABlAGYAZwBoAGkAagBrAGwAbQBuAG8AcABxAHIAcwB0 +AHUAdgB3AHgAeQB6ACAAIAAgADAAMQAyADMANAA1ADYANwA4ADkAIAAgACAAJwAoACkAKwAsAC0A +LgAvADoAPQA/ACAAIA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-dupe_attr.pem new file mode 100644 index 0000000000..90844982c0 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-dupe_attr.pem @@ -0,0 +1,37 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBcjELMAkGA1UEBhMCVVMxGTAXBgNVBAgeEABOAGUAdwAgAFkAbwByAGsxggFGMIGgBgNVBAce +gZgAQQBCAEMARABFAEYARwBIAEkASgBLAEwATQBOAE8AUABRAFIAUwBUAFUAVgBXAFgAWQBaACAA +YQBiAGMAZABlAGYAZwBoAGkAagBrAGwAbQBuAG8AcABxAHIAcwB0AHUAdgB3AHgAeQB6ACAAMAAx +ADIAMwA0ADUANgA3ADgAOQAgACcAKAApACsALAAtAC4ALwA6AD0APzCBoAYDVQQHHoGYAEEAQgBD +AEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgAGEAYgBjAGQA +ZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgADAAMQAyADMANAA1 +ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_attr.pem new file mode 100644 index 0000000000..ed93dd19a2 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_attr.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"New York" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u"Name of company" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIH1MQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAE4AZQB3ACAAWQBvAHIAazGByjAlBgNVBAoeHgBO +AGEAbQBlACAAbwBmACAAYwBvAG0AcABhAG4AeTCBoAYDVQQHHoGYAEEAQgBDAEQARQBGAEcASABJ +AEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgAGEAYgBjAGQAZQBmAGcAaABpAGoA +awBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgADAAMQAyADMANAA1ADYANwA4ADkAIAAn +ACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_rdn.pem new file mode 100644 index 0000000000..d4152c8cab --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_rdn.pem @@ -0,0 +1,37 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u"Name of company" } + } + } +} +-----BEGIN NAME----- +MIH3MQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAE4AZQB3ACAAWQBvAHIAazGBozCBoAYDVQQHHoGY +AEEAQgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgAGEA +YgBjAGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgADAAMQAy +ADMANAA1ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8xJzAlBgNVBAoeHgBOAGEAbQBl +ACAAbwBmACAAYwBvAG0AcABhAG4AeQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled.pem new file mode 100644 index 0000000000..ed846eb61f --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled.pem @@ -0,0 +1,29 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + BMPString { u"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHOMQswCQYDVQQGEwJVUzEZMBcGA1UECB4QAE4AZQB3ACAAWQBvAHIAazGBozCBoAYDVQQHHoGY +AEEAQgBDAEQARQBGAEcASABJAEoASwBMAE0ATgBPAFAAUQBSAFMAVABVAFYAVwBYAFkAWgAgAGEA +YgBjAGQAZQBmAGcAaABpAGoAawBsAG0AbgBvAHAAcQByAHMAdAB1AHYAdwB4AHkAegAgADAAMQAy +ADMANAA1ADYANwA4ADkAIAAnACgAKQArACwALQAuAC8AOgA9AD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-dupe_attr.pem new file mode 100644 index 0000000000..dd75e61e6b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECBMIbkVXIHlPUksxgaowUwYDVQQHE0xhYmNkZWZnaGlq +a2xtbm9wcXJzdHV2d3h5eiBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBxNMYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_attr.pem new file mode 100644 index 0000000000..1dab96c9ec --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "nEW yORK" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "nAME OF COMPANY" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECBMIbkVXIHlPUksxbTAWBgNVBAoTD25BTUUgT0YgQ09N +UEFOWTBTBgNVBAcTTGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BR +UlNUVVZXWFlaIDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_rdn.pem new file mode 100644 index 0000000000..65e7972f47 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "nAME OF COMPANY" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBMIbkVXIHlPUksxVTBTBgNVBAcTTGFiY2RlZmdoaWpr +bG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoTD25BTUUgT0YgQ09NUEFOWQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap.pem new file mode 100644 index 0000000000..b07c15dbd6 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhuRVcgeU9SSzFVMFMGA1UEBxNMYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-dupe_attr.pem new file mode 100644 index 0000000000..eca27ce289 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-dupe_attr.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIHnMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOICBOZXcgICBZb3JrICAxgb4wXQYDVQQHE1YgIEFC +Q0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaICAgYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogICAw +MTIzNDU2Nzg5ICAgJygpKywtLi86PT8gIDBdBgNVBAcTViAgQUJDREVGR0hJSktMTU5PUFFSU1RV +VldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAxMjM0NTY3ODkgICAnKCkrLC0u +Lzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_attr.pem new file mode 100644 index 0000000000..ae49244a6b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { " New York " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { " Name of company " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGnMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOICBOZXcgICBZb3JrICAxfzAeBgNVBAoTFyAgTmFt +ZSAgIG9mICAgY29tcGFueSAgMF0GA1UEBxNWICBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAg +IGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6ICAgMDEyMzQ1Njc4OSAgICcoKSssLS4vOj0/ICA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_rdn.pem new file mode 100644 index 0000000000..aed311e95e --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_rdn.pem @@ -0,0 +1,36 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { " Name of company " } + } + } +} +-----BEGIN NAME----- +MIGpMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOICBOZXcgICBZb3JrICAxXzBdBgNVBAcTViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAgMSAwHgYDVQQKExcgIE5hbWUgICBvZiAgIGNvbXBhbnkg +IA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace.pem new file mode 100644 index 0000000000..e8b756f4cc --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGHMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOICBOZXcgICBZb3JrICAxXzBdBgNVBAcTViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_1.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_1.pem new file mode 100644 index 0000000000..25ce504b57 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_1.pem @@ -0,0 +1,17 @@ +SEQUENCE { + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "locality" } + } + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { " state" } + } + } +} +-----BEGIN NAME----- +MCUxIzAPBgNVBAcTCGxvY2FsaXR5MBAGA1UECBMJICAgIHN0YXRl +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_2.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_2.pem new file mode 100644 index 0000000000..3156bdd6a2 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_2.pem @@ -0,0 +1,17 @@ +SEQUENCE { + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "state" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " locality" } + } + } +} +-----BEGIN NAME----- +MCIxIDAMBgNVBAgTBXN0YXRlMBAGA1UEBxMJIGxvY2FsaXR5 +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-dupe_attr.pem new file mode 100644 index 0000000000..e8954751e7 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxgaowUwYDVQQHE0xBQkNERUZHSElK +S0xNTk9QUVJTVFVWV1hZWiBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBxNMQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_attr.pem new file mode 100644 index 0000000000..b5817afe40 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "New York" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Name of company" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxbTAWBgNVBAoTD05hbWUgb2YgY29t +cGFueTBTBgNVBAcTTEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3Bx +cnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_rdn.pem new file mode 100644 index 0000000000..d1214cd7ee --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "Name of company" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxVTBTBgNVBAcTTEFCQ0RFRkdISUpL +TE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoTD05hbWUgb2YgY29tcGFueQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled.pem new file mode 100644 index 0000000000..1e3fd8c1f5 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + PrintableString { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazFVMFMGA1UEBxNMQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-dupe_attr.pem new file mode 100644 index 0000000000..83263e9935 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECBQIbkVXIHlPUksxgaowUwYDVQQHFExhYmNkZWZnaGlq +a2xtbm9wcXJzdHV2d3h5eiBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBxRMYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_attr.pem new file mode 100644 index 0000000000..e1c1c3045c --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { "nAME OF COMPANY" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECBQIbkVXIHlPUksxbTAWBgNVBAoUD25BTUUgT0YgQ09N +UEFOWTBTBgNVBAcUTGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BR +UlNUVVZXWFlaIDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_rdn.pem new file mode 100644 index 0000000000..fc0a035182 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { "nAME OF COMPANY" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBQIbkVXIHlPUksxVTBTBgNVBAcUTGFiY2RlZmdoaWpr +bG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoUD25BTUUgT0YgQ09NUEFOWQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap.pem new file mode 100644 index 0000000000..b11b093ea9 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-case_swap.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIFAhuRVcgeU9SSzFVMFMGA1UEBxRMYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-dupe_attr.pem new file mode 100644 index 0000000000..8b853ffe02 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-dupe_attr.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIHnMQswCQYDVQQGEwJVUzEXMBUGA1UECBQOICBOZXcgICBZb3JrICAxgb4wXQYDVQQHFFYgIEFC +Q0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaICAgYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogICAw +MTIzNDU2Nzg5ICAgJygpKywtLi86PT8gIDBdBgNVBAcUViAgQUJDREVGR0hJSktMTU5PUFFSU1RV +VldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAxMjM0NTY3ODkgICAnKCkrLC0u +Lzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_attr.pem new file mode 100644 index 0000000000..8d747f9e5f --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " New York " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { " Name of company " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGnMQswCQYDVQQGEwJVUzEXMBUGA1UECBQOICBOZXcgICBZb3JrICAxfzAeBgNVBAoUFyAgTmFt +ZSAgIG9mICAgY29tcGFueSAgMF0GA1UEBxRWICBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAg +IGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6ICAgMDEyMzQ1Njc4OSAgICcoKSssLS4vOj0/ICA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_rdn.pem new file mode 100644 index 0000000000..10cd838af2 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_rdn.pem @@ -0,0 +1,36 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { " Name of company " } + } + } +} +-----BEGIN NAME----- +MIGpMQswCQYDVQQGEwJVUzEXMBUGA1UECBQOICBOZXcgICBZb3JrICAxXzBdBgNVBAcUViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAgMSAwHgYDVQQKFBcgIE5hbWUgICBvZiAgIGNvbXBhbnkg +IA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace.pem new file mode 100644 index 0000000000..6837f51733 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGHMQswCQYDVQQGEwJVUzEXMBUGA1UECBQOICBOZXcgICBZb3JrICAxXzBdBgNVBAcUViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-dupe_attr.pem new file mode 100644 index 0000000000..e240cdcf14 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECBQITmV3IFlvcmsxgaowUwYDVQQHFExBQkNERUZHSElK +S0xNTk9QUVJTVFVWV1hZWiBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBxRMQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_attr.pem new file mode 100644 index 0000000000..621e07ece4 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "New York" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { "Name of company" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECBQITmV3IFlvcmsxbTAWBgNVBAoUD05hbWUgb2YgY29t +cGFueTBTBgNVBAcUTEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3Bx +cnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_rdn.pem new file mode 100644 index 0000000000..b9286fb0a8 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + T61String { "Name of company" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBQITmV3IFlvcmsxVTBTBgNVBAcUTEFCQ0RFRkdISUpL +TE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoUD05hbWUgb2YgY29tcGFueQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled.pem new file mode 100644 index 0000000000..6d76c48206 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-T61STRING-unmangled.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + T61String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIFAhOZXcgWW9yazFVMFMGA1UEBxRMQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-dupe_attr.pem new file mode 100644 index 0000000000..f5978b4a22 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-dupe_attr.pem @@ -0,0 +1,43 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIICtjELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAG4AAABFAAAAVwAAACAAAAB5AAAATwAAAFIA +AABLMYICejCCATkGA1UEBxyCATAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkA +AABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAA +AHgAAAB5AAAAegAAACAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAA +SwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZ +AAAAWgAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/MIIBOQYDVQQHHIIBMAAAAGEA +AABiAAAAYwAAAGQAAABlAAAAZgAAAGcAAABoAAAAaQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAA +AHAAAABxAAAAcgAAAHMAAAB0AAAAdQAAAHYAAAB3AAAAeAAAAHkAAAB6AAAAIAAAAEEAAABCAAAA +QwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAAAFAAAABR +AAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAIAAAADAAAAAxAAAAMgAAADMA +AAA0AAAANQAAADYAAAA3AAAAOAAAADkAAAAgAAAAJwAAACgAAAApAAAAKwAAACwAAAAtAAAALgAA +AC8AAAA6AAAAPQAAAD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_attr.pem new file mode 100644 index 0000000000..52cf2a008e --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_attr.pem @@ -0,0 +1,38 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"nEW yORK" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U"nAME OF COMPANY" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBvjELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAG4AAABFAAAAVwAAACAAAAB5AAAATwAAAFIA +AABLMYIBgjBDBgNVBAocPAAAAG4AAABBAAAATQAAAEUAAAAgAAAATwAAAEYAAAAgAAAAQwAAAE8A +AABNAAAAUAAAAEEAAABOAAAAWTCCATkGA1UEBxyCATAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYA +AABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAA +AHUAAAB2AAAAdwAAAHgAAAB5AAAAegAAACAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAA +SAAAAEkAAABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABW +AAAAVwAAAFgAAABZAAAAWgAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgA +AAA5AAAAIAAAACcAAAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/ +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_rdn.pem new file mode 100644 index 0000000000..44faff40bf --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_rdn.pem @@ -0,0 +1,40 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U"nAME OF COMPANY" } + } + } +} +-----BEGIN NAME----- +MIIBwDELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAG4AAABFAAAAVwAAACAAAAB5AAAATwAAAFIA +AABLMYIBPTCCATkGA1UEBxyCATAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkA +AABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAA +AHgAAAB5AAAAegAAACAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAA +SwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZ +AAAAWgAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/MUUwQwYDVQQKHDwAAABuAAAA +QQAAAE0AAABFAAAAIAAAAE8AAABGAAAAIAAAAEMAAABPAAAATQAAAFAAAABBAAAATgAAAFk= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap.pem new file mode 100644 index 0000000000..c3bdaa5921 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap.pem @@ -0,0 +1,32 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBeTELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAG4AAABFAAAAVwAAACAAAAB5AAAATwAAAFIA +AABLMYIBPTCCATkGA1UEBxyCATAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkA +AABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAA +AHgAAAB5AAAAegAAACAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAA +SwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZ +AAAAWgAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/ +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-dupe_attr.pem new file mode 100644 index 0000000000..f8335421b1 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-dupe_attr.pem @@ -0,0 +1,45 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIIDHjELMAkGA1UEBhMCVVMxQTA/BgNVBAgcOAAAACAAAAAgAAAATgAAAGUAAAB3AAAAIAAAACAA +AAAgAAAAWQAAAG8AAAByAAAAawAAACAAAAAgMYICyjCCAWEGA1UEBxyCAVgAAAAgAAAAIAAAAEEA +AABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAA +AFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAIAAAACAAAAAgAAAA +YQAAAGIAAABjAAAAZAAAAGUAAABmAAAAZwAAAGgAAABpAAAAagAAAGsAAABsAAAAbQAAAG4AAABv +AAAAcAAAAHEAAAByAAAAcwAAAHQAAAB1AAAAdgAAAHcAAAB4AAAAeQAAAHoAAAAgAAAAIAAAACAA +AAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACAAAAAgAAAAJwAA +ACgAAAApAAAAKwAAACwAAAAtAAAALgAAAC8AAAA6AAAAPQAAAD8AAAAgAAAAIDCCAWEGA1UEBxyC +AVgAAAAgAAAAIAAAAEEAAABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAA +TAAAAE0AAABOAAAATwAAAFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABa +AAAAIAAAACAAAAAgAAAAYQAAAGIAAABjAAAAZAAAAGUAAABmAAAAZwAAAGgAAABpAAAAagAAAGsA +AABsAAAAbQAAAG4AAABvAAAAcAAAAHEAAAByAAAAcwAAAHQAAAB1AAAAdgAAAHcAAAB4AAAAeQAA +AHoAAAAgAAAAIAAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAA +IAAAACAAAAAgAAAAJwAAACgAAAApAAAAKwAAACwAAAAtAAAALgAAAC8AAAA6AAAAPQAAAD8AAAAg +AAAAIA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_attr.pem new file mode 100644 index 0000000000..b432e0c057 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_attr.pem @@ -0,0 +1,40 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U" New York " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U" Name of company " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIICHjELMAkGA1UEBhMCVVMxQTA/BgNVBAgcOAAAACAAAAAgAAAATgAAAGUAAAB3AAAAIAAAACAA +AAAgAAAAWQAAAG8AAAByAAAAawAAACAAAAAgMYIByjBjBgNVBAocXAAAACAAAAAgAAAATgAAAGEA +AABtAAAAZQAAACAAAAAgAAAAIAAAAG8AAABmAAAAIAAAACAAAAAgAAAAYwAAAG8AAABtAAAAcAAA +AGEAAABuAAAAeQAAACAAAAAgMIIBYQYDVQQHHIIBWAAAACAAAAAgAAAAQQAAAEIAAABDAAAARAAA +AEUAAABGAAAARwAAAEgAAABJAAAASgAAAEsAAABMAAAATQAAAE4AAABPAAAAUAAAAFEAAABSAAAA +UwAAAFQAAABVAAAAVgAAAFcAAABYAAAAWQAAAFoAAAAgAAAAIAAAACAAAABhAAAAYgAAAGMAAABk +AAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIA +AABzAAAAdAAAAHUAAAB2AAAAdwAAAHgAAAB5AAAAegAAACAAAAAgAAAAIAAAADAAAAAxAAAAMgAA +ADMAAAA0AAAANQAAADYAAAA3AAAAOAAAADkAAAAgAAAAIAAAACAAAAAnAAAAKAAAACkAAAArAAAA +LAAAAC0AAAAuAAAALwAAADoAAAA9AAAAPwAAACAAAAAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_rdn.pem new file mode 100644 index 0000000000..0f4facdba4 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_rdn.pem @@ -0,0 +1,42 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U" Name of company " } + } + } +} +-----BEGIN NAME----- +MIICIDELMAkGA1UEBhMCVVMxQTA/BgNVBAgcOAAAACAAAAAgAAAATgAAAGUAAAB3AAAAIAAAACAA +AAAgAAAAWQAAAG8AAAByAAAAawAAACAAAAAgMYIBZTCCAWEGA1UEBxyCAVgAAAAgAAAAIAAAAEEA +AABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAA +AFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAIAAAACAAAAAgAAAA +YQAAAGIAAABjAAAAZAAAAGUAAABmAAAAZwAAAGgAAABpAAAAagAAAGsAAABsAAAAbQAAAG4AAABv +AAAAcAAAAHEAAAByAAAAcwAAAHQAAAB1AAAAdgAAAHcAAAB4AAAAeQAAAHoAAAAgAAAAIAAAACAA +AAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACAAAAAgAAAAJwAA +ACgAAAApAAAAKwAAACwAAAAtAAAALgAAAC8AAAA6AAAAPQAAAD8AAAAgAAAAIDFlMGMGA1UEChxc +AAAAIAAAACAAAABOAAAAYQAAAG0AAABlAAAAIAAAACAAAAAgAAAAbwAAAGYAAAAgAAAAIAAAACAA +AABjAAAAbwAAAG0AAABwAAAAYQAAAG4AAAB5AAAAIAAAACA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace.pem new file mode 100644 index 0000000000..ffebd7e87d --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U" New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U" ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIIBuTELMAkGA1UEBhMCVVMxQTA/BgNVBAgcOAAAACAAAAAgAAAATgAAAGUAAAB3AAAAIAAAACAA +AAAgAAAAWQAAAG8AAAByAAAAawAAACAAAAAgMYIBZTCCAWEGA1UEBxyCAVgAAAAgAAAAIAAAAEEA +AABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAA +AFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAIAAAACAAAAAgAAAA +YQAAAGIAAABjAAAAZAAAAGUAAABmAAAAZwAAAGgAAABpAAAAagAAAGsAAABsAAAAbQAAAG4AAABv +AAAAcAAAAHEAAAByAAAAcwAAAHQAAAB1AAAAdgAAAHcAAAB4AAAAeQAAAHoAAAAgAAAAIAAAACAA +AAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACAAAAAgAAAAJwAA +ACgAAAApAAAAKwAAACwAAAAtAAAALgAAAC8AAAA6AAAAPQAAAD8AAAAgAAAAIA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-dupe_attr.pem new file mode 100644 index 0000000000..8cf1eb2fbb --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-dupe_attr.pem @@ -0,0 +1,43 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIICtjELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAE4AAABlAAAAdwAAACAAAABZAAAAbwAAAHIA +AABrMYICejCCATkGA1UEBxyCATAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkA +AABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAA +AFgAAABZAAAAWgAAACAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAA +awAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAAAHgAAAB5 +AAAAegAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/MIIBOQYDVQQHHIIBMAAAAEEA +AABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAA +AFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAIAAAAGEAAABiAAAA +YwAAAGQAAABlAAAAZgAAAGcAAABoAAAAaQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABx +AAAAcgAAAHMAAAB0AAAAdQAAAHYAAAB3AAAAeAAAAHkAAAB6AAAAIAAAADAAAAAxAAAAMgAAADMA +AAA0AAAANQAAADYAAAA3AAAAOAAAADkAAAAgAAAAJwAAACgAAAApAAAAKwAAACwAAAAtAAAALgAA +AC8AAAA6AAAAPQAAAD8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_attr.pem new file mode 100644 index 0000000000..a24afa946b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_attr.pem @@ -0,0 +1,38 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"New York" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U"Name of company" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBvjELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAE4AAABlAAAAdwAAACAAAABZAAAAbwAAAHIA +AABrMYIBgjBDBgNVBAocPAAAAE4AAABhAAAAbQAAAGUAAAAgAAAAbwAAAGYAAAAgAAAAYwAAAG8A +AABtAAAAcAAAAGEAAABuAAAAeTCCATkGA1UEBxyCATAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYA +AABHAAAASAAAAEkAAABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAA +AFUAAABWAAAAVwAAAFgAAABZAAAAWgAAACAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAA +aAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2 +AAAAdwAAAHgAAAB5AAAAegAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgA +AAA5AAAAIAAAACcAAAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/ +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_rdn.pem new file mode 100644 index 0000000000..854b47978b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_rdn.pem @@ -0,0 +1,40 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UniversalString { U"Name of company" } + } + } +} +-----BEGIN NAME----- +MIIBwDELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAE4AAABlAAAAdwAAACAAAABZAAAAbwAAAHIA +AABrMYIBPTCCATkGA1UEBxyCATAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkA +AABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAA +AFgAAABZAAAAWgAAACAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAA +awAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAAAHgAAAB5 +AAAAegAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/MUUwQwYDVQQKHDwAAABOAAAA +YQAAAG0AAABlAAAAIAAAAG8AAABmAAAAIAAAAGMAAABvAAAAbQAAAHAAAABhAAAAbgAAAHk= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled.pem new file mode 100644 index 0000000000..78608e90f2 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled.pem @@ -0,0 +1,32 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UniversalString { U"New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIIBeTELMAkGA1UEBhMCVVMxKTAnBgNVBAgcIAAAAE4AAABlAAAAdwAAACAAAABZAAAAbwAAAHIA +AABrMYIBPTCCATkGA1UEBxyCATAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkA +AABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAA +AFgAAABZAAAAWgAAACAAAABhAAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAA +awAAAGwAAABtAAAAbgAAAG8AAABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAAAHgAAAB5 +AAAAegAAACAAAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAIAAAACcA +AAAoAAAAKQAAACsAAAAsAAAALQAAAC4AAAAvAAAAOgAAAD0AAAA/ +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-dupe_attr.pem new file mode 100644 index 0000000000..eb30942fbb --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECAwIbkVXIHlPUksxgaowUwYDVQQHDExhYmNkZWZnaGlq +a2xtbm9wcXJzdHV2d3h5eiBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBwxMYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_attr.pem new file mode 100644 index 0000000000..3d6e02b7f6 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "nAME OF COMPANY" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwIbkVXIHlPUksxbTAWBgNVBAoMD25BTUUgT0YgQ09N +UEFOWTBTBgNVBAcMTGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BR +UlNUVVZXWFlaIDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_rdn.pem new file mode 100644 index 0000000000..c484d1a2e2 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "nAME OF COMPANY" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECAwIbkVXIHlPUksxVTBTBgNVBAcMTGFiY2RlZmdoaWpr +bG1ub3BxcnN0dXZ3eHl6IEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoMD25BTUUgT0YgQ09NUEFOWQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap.pem new file mode 100644 index 0000000000..2d290fad43 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-case_swap.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "nEW yORK" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhuRVcgeU9SSzFVMFMGA1UEBwxMYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-dupe_attr.pem new file mode 100644 index 0000000000..2262bf2c18 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-dupe_attr.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIHnMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOICBOZXcgICBZb3JrICAxgb4wXQYDVQQHDFYgIEFC +Q0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaICAgYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogICAw +MTIzNDU2Nzg5ICAgJygpKywtLi86PT8gIDBdBgNVBAcMViAgQUJDREVGR0hJSktMTU5PUFFSU1RV +VldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAxMjM0NTY3ODkgICAnKCkrLC0u +Lzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_attr.pem new file mode 100644 index 0000000000..ec6f5fddc7 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { " New York " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { " Name of company " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGnMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOICBOZXcgICBZb3JrICAxfzAeBgNVBAoMFyAgTmFt +ZSAgIG9mICAgY29tcGFueSAgMF0GA1UEBwxWICBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAg +IGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6ICAgMDEyMzQ1Njc4OSAgICcoKSssLS4vOj0/ICA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_rdn.pem new file mode 100644 index 0000000000..8362ebed3f --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_rdn.pem @@ -0,0 +1,36 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { " Name of company " } + } + } +} +-----BEGIN NAME----- +MIGpMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOICBOZXcgICBZb3JrICAxXzBdBgNVBAcMViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAgMSAwHgYDVQQKDBcgIE5hbWUgICBvZiAgIGNvbXBhbnkg +IA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace.pem new file mode 100644 index 0000000000..72276cac15 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { " New York " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { " ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=? " } + } + } +} +-----BEGIN NAME----- +MIGHMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOICBOZXcgICBZb3JrICAxXzBdBgNVBAcMViAgQUJD +REVGR0hJSktMTU5PUFFSU1RVVldYWVogICBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAgIDAx +MjM0NTY3ODkgICAnKCkrLC0uLzo9PyAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-dupe_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-dupe_attr.pem new file mode 100644 index 0000000000..f0e3e90261 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-dupe_attr.pem @@ -0,0 +1,34 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIHNMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxgaowUwYDVQQHDExBQkNERUZHSElK +S0xNTk9QUVJTVFVWV1hZWiBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwMTIzNDU2Nzg5ICco +KSssLS4vOj0/MFMGA1UEBwxMQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamts +bW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkrLC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_attr.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_attr.pem new file mode 100644 index 0000000000..9fb60a0346 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_attr.pem @@ -0,0 +1,33 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "New York" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "Name of company" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxbTAWBgNVBAoMD05hbWUgb2YgY29t +cGFueTBTBgNVBAcMTEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3Bx +cnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygpKywtLi86PT8= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_rdn.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_rdn.pem new file mode 100644 index 0000000000..eac605761c --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_rdn.pem @@ -0,0 +1,35 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { "Name of company" } + } + } +} +-----BEGIN NAME----- +MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxVTBTBgNVBAcMTEFCQ0RFRkdISUpL +TE1OT1BRUlNUVVZXWFlaIGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDAxMjM0NTY3ODkgJygp +KywtLi86PT8xGDAWBgNVBAoMD05hbWUgb2YgY29tcGFueQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled.pem new file mode 100644 index 0000000000..72f15390b7 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-UTF8-unmangled.pem @@ -0,0 +1,28 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "New York" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 '()+,-./:=?" } + } + } +} +-----BEGIN NAME----- +MHcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazFVMFMGA1UEBwxMQUJDREVGR0hJSktM +TU5PUFFSU1RVVldYWVogYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXogMDEyMzQ1Njc4OSAnKCkr +LC0uLzo9Pw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_1.pem b/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_1.pem new file mode 100644 index 0000000000..1f0c4349f7 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_1.pem @@ -0,0 +1,30 @@ +SEQUENCE { + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "NEw" } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { "wWw" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " yORk " } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { "eXaMple" } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { " cOm" } + } + } +} +-----BEGIN NAME----- +MGQxYjAKBgNVBAcTA05FdzARBgoJkiaJk/IsZAEZFgN3V3cwEgYDVQQHEwsgICB5T1JrICAgIDAV +BgoJkiaJk/IsZAEZFgdlWGFNcGxlMBYGCgmSJomT8ixkARkWCCAgICAgY09t +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_2.pem b/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_2.pem new file mode 100644 index 0000000000..95eac57677 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_2.pem @@ -0,0 +1,30 @@ +SEQUENCE { + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "yoRK" } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { "cOM" } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { "eXampLE" } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { " Www " } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { " nEw " } + } + } +} +-----BEGIN NAME----- +MG0xazALBgNVBAcTBHlvUkswEQYKCZImiZPyLGQBGRYDY09NMBUGCgmSJomT8ixkARkWB2VYYW1w +TEUwFwYKCZImiZPyLGQBGRYJICAgIFd3dyAgMBkGA1UEBxMSICAgbkV3ICAgICAgICAgICAg +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/custom-custom-normalized.pem b/pki/testdata/verify_name_match_unittest/names/custom-custom-normalized.pem new file mode 100644 index 0000000000..2ded12733d --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/custom-custom-normalized.pem @@ -0,0 +1,10 @@ + 0:d=0 hl=2 l= 29 cons: SEQUENCE + 2:d=1 hl=2 l= 27 cons: SET + 4:d=2 hl=2 l= 25 cons: SEQUENCE + 6:d=3 hl=2 l= 12 prim: OBJECT :1.2.840.113554.4.1.72585.1 + 20:d=3 hl=2 l= 9 cons: cont [ 0 ] + 22:d=4 hl=2 l= 7 cons: priv [ 1 ] + 24:d=5 hl=2 l= 5 prim: appl [ 2 ] +-----BEGIN NAME----- +MB0xGzAZBgwqhkiG9xIEAYS3CQGgCeEHQgVoZWxsbw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-badAttributeType.pem b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-badAttributeType.pem new file mode 100644 index 0000000000..3c0bf6af33 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-badAttributeType.pem @@ -0,0 +1,11 @@ +SEQUENCE { + SET { + SEQUENCE { + PrintableString { "hello world" } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MBUxEzAREwtoZWxsbyB3b3JsZBMCVVM= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-empty.pem b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-empty.pem new file mode 100644 index 0000000000..0cea4322aa --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-empty.pem @@ -0,0 +1,8 @@ +SEQUENCE { + SET { + SEQUENCE {} + } +} +-----BEGIN NAME----- +MAQxAjAA +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-extradata.pem b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-extradata.pem new file mode 100644 index 0000000000..64446eeee8 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-extradata.pem @@ -0,0 +1,13 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + PrintableString { "hello world" } + } + } +} +-----BEGIN NAME----- +MBoxGDAWBgNVBAYTAlVTEwtoZWxsbyB3b3JsZA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-onlyOneElement.pem b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-onlyOneElement.pem new file mode 100644 index 0000000000..f998aedce8 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-onlyOneElement.pem @@ -0,0 +1,11 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + } + } +} +-----BEGIN NAME----- +MAkxBzAFBgNVBAY= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-setNotSequence.pem b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-setNotSequence.pem new file mode 100644 index 0000000000..36785b1e86 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-setNotSequence.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SET { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MA0xCzEJBgNVBAYTAlVT +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-Name-setInsteadOfSequence.pem b/pki/testdata/verify_name_match_unittest/names/invalid-Name-setInsteadOfSequence.pem new file mode 100644 index 0000000000..c637db0187 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-Name-setInsteadOfSequence.pem @@ -0,0 +1,12 @@ +SET { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MQ0xCzAJBgNVBAYTAlVT +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-RDN-empty.pem b/pki/testdata/verify_name_match_unittest/names/invalid-RDN-empty.pem new file mode 100644 index 0000000000..92dfd3339b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-RDN-empty.pem @@ -0,0 +1,6 @@ +SEQUENCE { + SET {} +} +-----BEGIN NAME----- +MAIxAA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/invalid-RDN-sequenceInsteadOfSet.pem b/pki/testdata/verify_name_match_unittest/names/invalid-RDN-sequenceInsteadOfSet.pem new file mode 100644 index 0000000000..47856224a9 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/invalid-RDN-sequenceInsteadOfSet.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SEQUENCE { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MA0wCzAJBgNVBAYTAlVT +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode-mixed-normalized.pem b/pki/testdata/verify_name_match_unittest/names/unicode-mixed-normalized.pem new file mode 100644 index 0000000000..3ffe5d374a --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode-mixed-normalized.pem @@ -0,0 +1,57 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + UTF8String { "aa" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { `6162e69db1e4baac` } + } + SEQUENCE { + # organizationUnitName + OBJECT_IDENTIFIER { 2.5.4.11 } + UTF8String { `f09d90802061206263` } + } + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " AbCd Ef " } + } + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + UTF8String { `616220e69db1e4baac206364` } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + UTF8String { "example" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "aaa" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "aaa" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "cccc" } + } + } +} +-----BEGIN NAME----- +MIGaMW8wCQYDVQQGDAJhYTAPBgNVBAcMCGFi5p2x5LqsMBAGA1UECwwJ8J2QgCBhIGJjMBMGA1UE +CBQMICBBYkNkICBFZiAgMBMGA1UECgwMYWIg5p2x5LqsIGNkMBUGCgmSJomT8ixkARkMB2V4YW1w +bGUxGDAKBgNVBAcMA2FhYTAKBgNVBAcMA2FhYTENMAsGA1UEBwwEY2NjYw== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem b/pki/testdata/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem new file mode 100644 index 0000000000..8d6c4e190b --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem @@ -0,0 +1,58 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AA" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { `20204162e69db1e4baac20` } + } + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + T61String { " AbCd Ef " } + } + SEQUENCE { + OBJECT_IDENTIFIER { 0.9.2342.19200300.100.1.25 } + IA5String { "eXaMpLe" } + } + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + BMPString { u" aB 東京 cD " } + } + SEQUENCE { + # organizationUnitName + OBJECT_IDENTIFIER { 2.5.4.11 } + UniversalString { U" 𝐀 A bC " } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { "AAA" } + } + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"aaa" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + PrintableString { "cCcC" } + } + } +} +-----BEGIN NAME----- +MIHMMYGdMAkGA1UEBhMCQUEwEgYDVQQHDAsgIEFi5p2x5LqsIDATBgNVBAgUDCAgQWJDZCAgRWYg +IDAVBgoJkiaJk/IsZAEZFgdlWGFNcExlMB8GA1UECh4YACAAYQBCACAAIGdxTqwAIAAgAGMARAAg +MC8GA1UECxwoAAAAIAAB1AAAAAAgAAAAIAAAAEEAAAAgAAAAIAAAAGIAAABDAAAAIDEbMAoGA1UE +BwwDQUFBMA0GA1UEBx4GAGEAYQBhMQ0wCwYDVQQHEwRjQ2ND +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode_bmp-BMPSTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-BMPSTRING-unmangled.pem new file mode 100644 index 0000000000..5b4e637aec --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-BMPSTRING-unmangled.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + BMPString { u"東京" } + } + } +} +-----BEGIN NAME----- +MBwxCzAJBgNVBAYTAkpQMQ0wCwYDVQQHHgRncU6s +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UNIVERSALSTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UNIVERSALSTRING-unmangled.pem new file mode 100644 index 0000000000..49b26e3df6 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UNIVERSALSTRING-unmangled.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"東京" } + } + } +} +-----BEGIN NAME----- +MCAxCzAJBgNVBAYTAkpQMREwDwYDVQQHHAgAAGdxAABOrA== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UTF8-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UTF8-unmangled.pem new file mode 100644 index 0000000000..41ff8df45f --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode_bmp-UTF8-unmangled.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { `e69db1e4baac` } + } + } +} +-----BEGIN NAME----- +MB4xCzAJBgNVBAYTAkpQMQ8wDQYDVQQHDAbmnbHkuqw= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UNIVERSALSTRING-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UNIVERSALSTRING-unmangled.pem new file mode 100644 index 0000000000..14f6a15911 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UNIVERSALSTRING-unmangled.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UniversalString { U"𝐀𝐙" } + } + } +} +-----BEGIN NAME----- +MCAxCzAJBgNVBAYTAkpQMREwDwYDVQQHHAgAAdQAAAHUGQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UTF8-unmangled.pem b/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UTF8-unmangled.pem new file mode 100644 index 0000000000..d1d80409c3 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/unicode_supplementary-UTF8-unmangled.pem @@ -0,0 +1,19 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "JP" } + } + } + SET { + SEQUENCE { + # localityName + OBJECT_IDENTIFIER { 2.5.4.7 } + UTF8String { `f09d9080f09d9099` } + } + } +} +-----BEGIN NAME----- +MCAxCzAJBgNVBAYTAkpQMREwDwYDVQQHDAjwnZCA8J2QmQ== +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/valid-Name-empty.pem b/pki/testdata/verify_name_match_unittest/names/valid-Name-empty.pem new file mode 100644 index 0000000000..8f4c898799 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/valid-Name-empty.pem @@ -0,0 +1,4 @@ +SEQUENCE {} +-----BEGIN NAME----- +MAA= +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/names/valid-minimal.pem b/pki/testdata/verify_name_match_unittest/names/valid-minimal.pem new file mode 100644 index 0000000000..abf1ab60b0 --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/names/valid-minimal.pem @@ -0,0 +1,12 @@ +SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "US" } + } + } +} +-----BEGIN NAME----- +MA0xCzAJBgNVBAYTAlVT +-----END NAME----- diff --git a/pki/testdata/verify_name_match_unittest/scripts/generate_names.py b/pki/testdata/verify_name_match_unittest/scripts/generate_names.py new file mode 100755 index 0000000000..63d3ffeced --- /dev/null +++ b/pki/testdata/verify_name_match_unittest/scripts/generate_names.py @@ -0,0 +1,372 @@ +#!/usr/bin/env python3 +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import base64 +import copy +import os +import subprocess +import tempfile + + +class RDN: + def __init__(self): + self.attrs = [] + + def add_attr(self, attr_type, attr_value_type, attr_value, + attr_modifier=None): + self.attrs.append((attr_type, attr_value_type, attr_value, attr_modifier)) + return self + + def __str__(self): + s = '' + for n, attr in enumerate(self.attrs): + s += 'attrTypeAndValue%i=SEQUENCE:attrTypeAndValueSequence%i_%i\n' % ( + n, id(self), n) + + s += '\n' + for n, attr in enumerate(self.attrs): + attr_type, attr_value_type, attr_value, attr_modifier = attr + s += '[attrTypeAndValueSequence%i_%i]\n' % (id(self), n) + # Note the quotes around the string value here, which is necessary for + # trailing whitespace to be included by openssl. + s += 'type=OID:%s\n' % attr_type + s += 'value=' + if attr_modifier: + s += attr_modifier + ',' + s += '%s:"%s"\n' % (attr_value_type, attr_value) + + return s + + +class NameGenerator: + def __init__(self): + self.rdns = [] + + def token(self): + return b"NAME" + + def add_rdn(self): + rdn = RDN() + self.rdns.append(rdn) + return rdn + + def __str__(self): + s = 'asn1 = SEQUENCE:rdnSequence%i\n\n[rdnSequence%i]\n' % ( + id(self), id(self)) + for n, rdn in enumerate(self.rdns): + s += 'rdn%i = SET:rdnSet%i_%i\n' % (n, id(self), n) + + s += '\n' + + for n, rdn in enumerate(self.rdns): + s += '[rdnSet%i_%i]\n%s\n' % (id(self), n, rdn) + + return s + + +def generate(s, fn): + out_fn = os.path.join('..', 'names', fn + '.pem') + conf_tempfile = tempfile.NamedTemporaryFile(mode='wt', encoding='utf-8') + conf_tempfile.write(str(s)) + conf_tempfile.flush() + der_tmpfile = tempfile.NamedTemporaryFile() + subprocess.check_call([ + 'openssl', 'asn1parse', '-genconf', conf_tempfile.name, '-i', '-out', + der_tmpfile.name + ], + stdout=subprocess.DEVNULL) + conf_tempfile.close() + + description_tmpfile = tempfile.NamedTemporaryFile() + subprocess.check_call(['der2ascii', '-i', der_tmpfile.name], + stdout=description_tmpfile) + + output_file = open(out_fn, 'wb') + description_tmpfile.seek(0) + output_file.write(description_tmpfile.read()) + output_file.write(b'-----BEGIN NAME-----\n') + output_file.write(base64.encodebytes(der_tmpfile.read())) + output_file.write(b'-----END NAME-----\n') + output_file.close() + + +def unmangled(s): + return s + + +def extra_whitespace(s): + return ' ' + s.replace(' ', ' ') + ' ' + + +def case_swap(s): + return s.swapcase() + + +def main(): + for valuetype in ('PRINTABLESTRING', 'T61STRING', 'UTF8', 'BMPSTRING', + 'UNIVERSALSTRING'): + for string_mangler in (unmangled, extra_whitespace, case_swap): + n=NameGenerator() + n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'US') + n.add_rdn().add_attr('stateOrProvinceName', + valuetype, + string_mangler('New York')) + n.add_rdn().add_attr('localityName', + valuetype, + string_mangler("ABCDEFGHIJKLMNOPQRSTUVWXYZ " + "abcdefghijklmnopqrstuvwxyz " + "0123456789 '()+,-./:=?")) + + n_extra_attr = copy.deepcopy(n) + n_extra_attr.rdns[-1].add_attr('organizationName', + valuetype, + string_mangler('Name of company')) + + n_dupe_attr = copy.deepcopy(n) + n_dupe_attr.rdns[-1].add_attr(*n_dupe_attr.rdns[-1].attrs[-1]) + + n_extra_rdn = copy.deepcopy(n) + n_extra_rdn.add_rdn().add_attr('organizationName', + valuetype, + string_mangler('Name of company')) + + filename_base = 'ascii-' + valuetype + '-' + string_mangler.__name__ + + generate(n, filename_base) + generate(n_extra_attr, filename_base + '-extra_attr') + generate(n_dupe_attr, filename_base + '-dupe_attr') + generate(n_extra_rdn, filename_base + '-extra_rdn') + + for valuetype in ('UTF8', 'BMPSTRING', 'UNIVERSALSTRING'): + n=NameGenerator() + n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP') + n.add_rdn().add_attr('localityName', valuetype, "\u6771\u4eac", + "FORMAT:UTF8") + + filename_base = 'unicode_bmp-' + valuetype + '-' + 'unmangled' + generate(n, filename_base) + + for valuetype in ('UTF8', 'UNIVERSALSTRING'): + n=NameGenerator() + n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP') + n.add_rdn().add_attr('localityName', valuetype, "\U0001d400\U0001d419", + "FORMAT:UTF8") + + filename_base = 'unicode_supplementary-' + valuetype + '-' + 'unmangled' + generate(n, filename_base) + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +value=PRINTABLESTRING:"US" +extra=PRINTABLESTRING:"hello world" +""", "invalid-AttributeTypeAndValue-extradata") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +""", "invalid-AttributeTypeAndValue-onlyOneElement") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +""", "invalid-AttributeTypeAndValue-empty") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=PRINTABLESTRING:"hello world" +value=PRINTABLESTRING:"US" +""", "invalid-AttributeTypeAndValue-badAttributeType") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SET:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +value=PRINTABLESTRING:"US" +""", "invalid-AttributeTypeAndValue-setNotSequence") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SEQUENCE:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +value=PRINTABLESTRING:"US" +""", "invalid-RDN-sequenceInsteadOfSet") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +""", "invalid-RDN-empty") + + generate("""asn1 = SET:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +value=PRINTABLESTRING:"US" +""", "invalid-Name-setInsteadOfSequence") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +""", "valid-Name-empty") + + # Certs with a RDN that is sorted differently due to length of the values, but + # which should compare equal when normalized. + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1 +[attrTypeAndValueSequence0_0] +type=OID:stateOrProvinceName +value=PRINTABLESTRING:" state" +[attrTypeAndValueSequence0_1] +type=OID:localityName +value=PRINTABLESTRING:"locality" +""", "ascii-PRINTABLESTRING-rdn_sorting_1") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1 +[attrTypeAndValueSequence0_0] +type=OID:stateOrProvinceName +value=PRINTABLESTRING:"state" +[attrTypeAndValueSequence0_1] +type=OID:localityName +value=PRINTABLESTRING:" locality" +""", "ascii-PRINTABLESTRING-rdn_sorting_2") + + # Certs with a RDN that is sorted differently due to length of the values, and + # also contains multiple values with the same type. + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1 +attrTypeAndValue2=SEQUENCE:attrTypeAndValueSequence0_2 +attrTypeAndValue3=SEQUENCE:attrTypeAndValueSequence0_3 +attrTypeAndValue4=SEQUENCE:attrTypeAndValueSequence0_4 +[attrTypeAndValueSequence0_0] +type=OID:domainComponent +value=IA5STRING:" cOm" +[attrTypeAndValueSequence0_1] +type=OID:domainComponent +value=IA5STRING:"eXaMple" +[attrTypeAndValueSequence0_2] +type=OID:domainComponent +value=IA5STRING:"wWw" +[attrTypeAndValueSequence0_3] +type=OID:localityName +value=PRINTABLESTRING:"NEw" +[attrTypeAndValueSequence0_4] +type=OID:localityName +value=PRINTABLESTRING:" yORk " +""", "ascii-mixed-rdn_dupetype_sorting_1") + + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1 +attrTypeAndValue2=SEQUENCE:attrTypeAndValueSequence0_2 +attrTypeAndValue3=SEQUENCE:attrTypeAndValueSequence0_3 +attrTypeAndValue4=SEQUENCE:attrTypeAndValueSequence0_4 +[attrTypeAndValueSequence0_0] +type=OID:domainComponent +value=IA5STRING:"cOM" +[attrTypeAndValueSequence0_1] +type=OID:domainComponent +value=IA5STRING:"eXampLE" +[attrTypeAndValueSequence0_2] +type=OID:domainComponent +value=IA5STRING:" Www " +[attrTypeAndValueSequence0_3] +type=OID:localityName +value=PRINTABLESTRING:" nEw " +[attrTypeAndValueSequence0_4] +type=OID:localityName +value=PRINTABLESTRING:"yoRK" +""", "ascii-mixed-rdn_dupetype_sorting_2") + + # Minimal valid config. Copy and modify this one when generating new invalid + # configs. + generate("""asn1 = SEQUENCE:rdnSequence +[rdnSequence] +rdn0 = SET:rdnSet0 +[rdnSet0] +attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0 +[attrTypeAndValueSequence0_0] +type=OID:countryName +value=PRINTABLESTRING:"US" +""", "valid-minimal") + + # Single Name that exercises all of the string types, unicode (basic and + # supplemental planes), whitespace collapsing, case folding, as well as SET + # sorting. + n = NameGenerator() + rdn1 = n.add_rdn() + rdn1.add_attr('countryName', 'PRINTABLESTRING', 'AA') + rdn1.add_attr('stateOrProvinceName', 'T61STRING', ' AbCd Ef ') + rdn1.add_attr('localityName', 'UTF8', " Ab\u6771\u4eac ", "FORMAT:UTF8") + rdn1.add_attr('organizationName', 'BMPSTRING', " aB \u6771\u4eac cD ", + "FORMAT:UTF8") + rdn1.add_attr('organizationalUnitName', 'UNIVERSALSTRING', + " \U0001d400 A bC ", "FORMAT:UTF8") + rdn1.add_attr('domainComponent', 'IA5STRING', 'eXaMpLe') + rdn2 = n.add_rdn() + rdn2.add_attr('localityName', 'UTF8', "AAA") + rdn2.add_attr('localityName', 'BMPSTRING', "aaa") + rdn3 = n.add_rdn() + rdn3.add_attr('localityName', 'PRINTABLESTRING', "cCcC") + generate(n, "unicode-mixed-unnormalized") + # Expected normalized version of above. + n = NameGenerator() + rdn1 = n.add_rdn() + rdn1.add_attr('countryName', 'UTF8', 'aa') + rdn1.add_attr('stateOrProvinceName', 'T61STRING', ' AbCd Ef ') + rdn1.add_attr('localityName', 'UTF8', "ab\u6771\u4eac", "FORMAT:UTF8") + rdn1.add_attr('organizationName', 'UTF8', "ab \u6771\u4eac cd", "FORMAT:UTF8") + rdn1.add_attr('organizationalUnitName', 'UTF8', "\U0001d400 a bc", + "FORMAT:UTF8") + rdn1.add_attr('domainComponent', 'UTF8', 'example') + rdn2 = n.add_rdn() + rdn2.add_attr('localityName', 'UTF8', "aaa") + rdn2.add_attr('localityName', 'UTF8', "aaa") + rdn3 = n.add_rdn() + rdn3.add_attr('localityName', 'UTF8', "cccc") + generate(n, "unicode-mixed-normalized") + + +if __name__ == '__main__': + main() diff --git a/pki/testdata/verify_signed_data_unittest/README b/pki/testdata/verify_signed_data_unittest/README new file mode 100644 index 0000000000..2acf6e62a0 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/README @@ -0,0 +1,35 @@ +This directory contains test data for testing net::VerifySignedData(). + +When adding or changing test data, run the script + $ python annotate_test_data.py + +This script will apply a uniform formatting. For instance it will add a +comment showing what the parsed ASN.1 looks like, and reformat the base64 to +have consistent line breaks. + +The general format for the test files is as follows: + + + + + -----BEGIN PUBLIC KEY----- + + -----END PUBLIC KEY----- + + -----BEGIN ALGORITHM----- + + -----END ALGORITHM----- + + -----BEGIN DATA----- + + -----END DATA----- + + -----BEGIN SIGNATURE----- + + -----END SIGNATURE----- + + +Comments for a PEM block should be placed immediately below that block. +The script will also insert a comment after the block describing its parsed +ASN.1 structure (your extra comments need to be above the script-generated +comments or they will be stripped). diff --git a/pki/testdata/verify_signed_data_unittest/annotate_test_data.py b/pki/testdata/verify_signed_data_unittest/annotate_test_data.py new file mode 100755 index 0000000000..9e6b478b67 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/annotate_test_data.py @@ -0,0 +1,164 @@ +#!/usr/bin/env python +# Copyright 2015 The Chromium Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""This script is called without any arguments to re-format all of the *.pem +files in the script's parent directory. + +The main formatting change is to run "openssl asn1parse" for each of the PEM +block sections (except for DATA), and add that output to the comment. + +Refer to the README file for more information. +""" + +import glob +import os +import re +import base64 +import subprocess + + +def Transform(file_data): + """Returns a transformed (formatted) version of file_data""" + + result = '' + + for block in GetPemBlocks(file_data): + if len(result) != 0: + result += '\n' + + # If there was a user comment (non-script-generated comment) associated + # with the block, output it immediately before the block. + user_comment = GetUserComment(block.comment) + if user_comment: + result += user_comment + + # For every block except for DATA, try to pretty print the parsed ASN.1. + # DATA blocks likely would be DER in practice, but for the purposes of + # these tests seeing its structure doesn't clarify + # anything and is just a distraction. + if block.name != 'DATA': + generated_comment = GenerateCommentForBlock(block.name, block.data) + result += generated_comment + '\n' + + + result += MakePemBlockString(block.name, block.data) + + return result + + +def GenerateCommentForBlock(block_name, block_data): + """Returns a string describing the ASN.1 structure of block_data""" + + p = subprocess.Popen(['openssl', 'asn1parse', '-i', '-inform', 'DER'], + stdout=subprocess.PIPE, stdin=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(input=block_data) + generated_comment = '$ openssl asn1parse -i < [%s]\n%s' % (block_name, + stdout_data) + return generated_comment.strip('\n') + + + +def GetUserComment(comment): + """Removes any script-generated lines (everything after the $ openssl line)""" + + # Consider everything after "$ openssl" to be a generated comment. + comment = comment.split('$ openssl asn1parse -i', 1)[0] + if IsEntirelyWhiteSpace(comment): + comment = '' + return comment + + +def MakePemBlockString(name, data): + return ('-----BEGIN %s-----\n' + '%s' + '-----END %s-----\n') % (name, EncodeDataForPem(data), name) + + +def GetPemFilePaths(): + """Returns an iterable for all the paths to the PEM test files""" + + base_dir = os.path.dirname(os.path.realpath(__file__)) + return glob.iglob(os.path.join(base_dir, '*.pem')) + + +def ReadFileToString(path): + with open(path, 'r') as f: + return f.read() + + +def WrapTextToLineWidth(text, column_width): + result = '' + pos = 0 + while pos < len(text): + result += text[pos : pos + column_width] + '\n' + pos += column_width + return result + + +def EncodeDataForPem(data): + result = base64.b64encode(data) + return WrapTextToLineWidth(result, 75) + + +class PemBlock(object): + def __init__(self): + self.name = None + self.data = None + self.comment = None + + +def StripAllWhitespace(text): + pattern = re.compile(r'\s+') + return re.sub(pattern, '', text) + + +def IsEntirelyWhiteSpace(text): + return len(StripAllWhitespace(text)) == 0 + + +def DecodePemBlockData(text): + text = StripAllWhitespace(text) + return base64.b64decode(text) + + +def GetPemBlocks(data): + """Returns an iterable of PemBlock""" + + comment_start = 0 + + regex = re.compile(r'-----BEGIN ([\w ]+)-----(.*?)-----END \1-----', + re.DOTALL) + + for match in regex.finditer(data): + block = PemBlock() + + block.name = match.group(1) + block.data = DecodePemBlockData(match.group(2)) + + # Keep track of any non-PEM text above blocks + block.comment = data[comment_start : match.start()].strip() + comment_start = match.end() + + yield block + + +def WriteStringToFile(data, path): + with open(path, "w") as f: + f.write(data) + + +def main(): + for path in GetPemFilePaths(): + print "Processing %s ..." % (path) + original_data = ReadFileToString(path) + transformed_data = Transform(original_data) + if original_data != transformed_data: + WriteStringToFile(transformed_data, path) + print "Rewrote %s" % (path) + + +if __name__ == "__main__": + main() diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem new file mode 100644 index 0000000000..cf5cb2f75f --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem @@ -0,0 +1,35 @@ +This is the same test as ecdsa-prime256v1-sha512.pem except the public key's +algorithm has been tampered with. The parameters for ecPublicKey should be a +namedCurve, but here they have been replaced by NULL. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 81 cons: SEQUENCE + 2:d=1 hl=2 l= 11 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 0 prim: NULL + 15:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFEwCwYHKoZIzj0CAQUAA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb3LVEjOhe +IkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-unused-bits-signature.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-unused-bits-signature.pem new file mode 100644 index 0000000000..a7c4960dc4 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-unused-bits-signature.pem @@ -0,0 +1,43 @@ +This is the same test as ecdsa-prime256v1-sha512.pem, however the SIGNATURE has +been changed to a (valid) BIT STRING containing two unused bits. + +Note that the last two bits of the original signature were 0, so the +DER-encoded bytes portion of the mutated BIT STRING remains the same. All that +changes is the octet at the start which indicates the number of unused bits. + +In other words SIGNATURE changes from: + 03 47 00 30 ... 84 +To: + 03 47 02 30 ... 84 + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cCMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem new file mode 100644 index 0000000000..b0174324f6 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem @@ -0,0 +1,38 @@ +This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the +algorithm OID for the public key has been changed from id-ecPublicKey +(1.2.840.10045.2.1) to id-ecDH (1.3.132.1.12) + +This test should fail because the public key's algorithm does not match that of +the signature algorithm. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 87 cons: SEQUENCE + 2:d=1 hl=2 l= 17 cons: SEQUENCE + 4:d=2 hl=2 l= 5 prim: OBJECT :1.3.132.1.12 + 11:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 21:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFcwEQYFK4EEAQwGCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb +3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem new file mode 100644 index 0000000000..23f4605cf3 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem @@ -0,0 +1,38 @@ +This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the +algorithm OID for the public key has been changed from id-ecPublicKey +(1.2.840.10045.2.1) to id-ecMQV (1.3.132.1.13) + +This test should fail because the public key's algorithm does not match that of +the signature algorithm. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 87 cons: SEQUENCE + 2:d=1 hl=2 l= 17 cons: SEQUENCE + 4:d=2 hl=2 l= 5 prim: OBJECT :1.3.132.1.13 + 11:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 21:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFcwEQYFK4EEAQ0GCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb +3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem new file mode 100644 index 0000000000..f2b2168b20 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem @@ -0,0 +1,38 @@ +This test specified a valid ECDSA signature and EC key (the same as ecdsa-prime256v1-sha512.pem) + +The problem however is the signature algorithm is indicated as being RSA PKCS#1 v1.5. + +Signature verification consequently should fail. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha512WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBDQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem new file mode 100644 index 0000000000..58c2e2c95c --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem @@ -0,0 +1,37 @@ +This is the same as ecdsa-prime256v1-sha512.pem, except the signature is wrong. + +Rather than encoding the signature into a DER-encoded Ecdsa-Sig-Value, it is a +concatenation of the r and s values. This is the format that WebCrypto uses for +ECDSA signature, but not what is used for digital signatures. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 65 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0EAS5+R5ChShyYaHRySPPYZzVLBdc/n8b5gpSWMYQNIuj0oxF+QHXHEGymGOOwNaoXX/LDDO7/ +sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem new file mode 100644 index 0000000000..6e104e841b --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem @@ -0,0 +1,39 @@ +The key, message, and signature come from: +http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip (SigVer.rsp) + +The algorithm DER was synthesized to match, and the signature (provided as an r +and s tuple) was encoded into a Ecdsa-Sig-Value and then a BIT STRING. + +It uses ECDSA verification, using curve prime256v1 and SHA-512 + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem new file mode 100644 index 0000000000..5cb5358f53 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem @@ -0,0 +1,43 @@ +This is the same test as ecdsa-secp384r1-sha256.pem, except the DATA section +has been corrupted. The third byte has been set to 0. + +This signature should NOT verify successfully. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 118 cons: SEQUENCE + 2:d=1 hl=2 l= 16 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 5 prim: OBJECT :secp384r1 + 20:d=1 hl=2 l= 98 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q +qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5 +emYjLtvDsQ +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIA6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem new file mode 100644 index 0000000000..b417714f8f --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem @@ -0,0 +1,74 @@ +This test data was produced by creating a self-signed EC cert using OpenSSL, +and then extracting the relevant fields. + +It uses ECDSA with curve secp384r1 an SHA-256. + +(1) Generate self-signed certificate + + openssl ecparam -out ec_key.pem -name secp384r1 -genkey + openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (496 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 496 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (508 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 508 + base64 sig + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 118 cons: SEQUENCE + 2:d=1 hl=2 l= 16 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 5 prim: OBJECT :secp384r1 + 20:d=1 hl=2 l= 98 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q +qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5 +emYjLtvDsQ +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/ecdsa-using-rsa-key.pem b/pki/testdata/verify_signed_data_unittest/ecdsa-using-rsa-key.pem new file mode 100644 index 0000000000..06d18ef882 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/ecdsa-using-rsa-key.pem @@ -0,0 +1,41 @@ +This test specifies an ECDSA signature algorithm (and a valid ecdsa signature), +HOWEVER it provides an RSA key. Verification should fail. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem new file mode 100644 index 0000000000..c2ee87077f --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem @@ -0,0 +1,34 @@ +Same test as rsa-pkcs1-sha1.pem except the length of the first SEQUENCE has +been increased by 2 (which makes it invalid). + + +$ openssl asn1parse -i < [PUBLIC KEY] +Error in encoding +-----BEGIN PUBLIC KEY----- +MIOfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem new file mode 100644 index 0000000000..a88a806366 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem @@ -0,0 +1,42 @@ +Same test as rsa-pkcs1-sha1.pem except an extra NULL (0x05, 0x00) has been +appended to the SPKI. + +The DER can still be parsed, however it should fail due to the unconsumed data +at the end. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + 162:d=0 hl=2 l= 0 prim: NULL +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQABBQA= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem new file mode 100644 index 0000000000..58d18cc5fb --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem @@ -0,0 +1,39 @@ +Same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified so the +algorithm parameters are absent rather than NULL. + +This should fail because RFC 3279 says the parameters MUST be NULL. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGdMAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 +62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC +cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem new file mode 100644 index 0000000000..ae6e9cf0a0 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem @@ -0,0 +1,41 @@ +This is the same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified +so that the key algorithm is rsaPss (1.2.840.113549.1.1.10) with absent +parameters. + +Subsequently this should fail, as a PSS key should not be used with a signature +algorithm for PKCS#1 v1.5. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGdMAsGCSqGSIb3DQEBCgOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 +62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC +cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem new file mode 100644 index 0000000000..5d848cfcc8 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem @@ -0,0 +1,38 @@ +This is the same as rsa-pkcs1-sha1.pem, however the ALGORITHM has been change +to have SHA256 instead of SHA1. Using this algorithm verification should fail. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1.pem new file mode 100644 index 0000000000..c696af789e --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha1.pem @@ -0,0 +1,43 @@ +The key, message, and signature come from Example 1 of: +ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt + +(The algorithm DER was synthesized to match, and the signature enclosed in a BIT STRING). + +It uses an RSA key with modulus length of 1024 bits, PKCS#1 v1.5 padding, and +SHA-1 as the digest. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem new file mode 100644 index 0000000000..8488c1b016 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem @@ -0,0 +1,52 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been encoded +using a non-minimal length for the outermost SEQUENCE. + +Under DER, the tag-length-value encodings should be minimal and hence this should fail. + +Specifically the SPKI start was changed from: + 30 81 9f +To: + 30 82 00 9f + +(the length of 0x9F is being expressed using 2 bytes instead of 1) + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=4 l= 159 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIIAnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx0 +94X+QD8mooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFed +qqcTffKVMQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem new file mode 100644 index 0000000000..daecea64d6 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem @@ -0,0 +1,49 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered +with. The parameters have been changed from NULL to an INTEGER. + +This was done by changing: + + 05 00 (NULL) +To: + 02 00 (INTEGER) + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: INTEGER :00 + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQIAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem new file mode 100644 index 0000000000..e5650999f7 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem @@ -0,0 +1,45 @@ +This test specified a valid RSA PKCS#1 v.1.5 signature and RSA key (the same as rsa-pkcs1-sha256.pem). + +The problem however is the signature algorithm is indicated as being ECDSA. + +Signature verification consequently should fail. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem new file mode 100644 index 0000000000..f5b223915c --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem @@ -0,0 +1,44 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered +with. Rather than using an rsaEncryption OID for the key's algorithm, it uses +id-ea-rsa (2.5.8.1.1). + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 154 cons: SEQUENCE + 3:d=1 hl=2 l= 8 cons: SEQUENCE + 5:d=2 hl=2 l= 4 prim: OBJECT :rsa + 11:d=2 hl=2 l= 0 prim: NULL + 13:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGaMAgGBFUIAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx094X+QD8m +ooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFedqqcTffKV +MQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256.pem b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256.pem new file mode 100644 index 0000000000..0fda8c22c3 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pkcs1-sha256.pem @@ -0,0 +1,76 @@ +This test data was produced by creating a self-signed EC cert using OpenSSL, +and then extracting the relevant fields. + +It uses RSA PKCS#1 v1.5 with SHA-256 and a 1024-bit key. + +(1) Generate self-signed certificate + + openssl genrsa -out rsa_key.pem 1024 + openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (491 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 491 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (506 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 506 + base64 sig + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-using-pss-key-with-params.pem b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-using-pss-key-with-params.pem new file mode 100644 index 0000000000..4adbdecc90 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-using-pss-key-with-params.pem @@ -0,0 +1,71 @@ +This is the same test as rsa-pss-sha256.pem except instead of specifying +the SPKI using rsaEncryption it is specified using rsaPss along with +parameters that match those of the signature algorithm. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=4 l= 342 cons: SEQUENCE + 4:d=1 hl=2 l= 65 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 17:d=2 hl=2 l= 52 cons: SEQUENCE + 19:d=3 hl=2 l= 15 cons: cont [ 0 ] + 21:d=4 hl=2 l= 13 cons: SEQUENCE + 23:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 34:d=5 hl=2 l= 0 prim: NULL + 36:d=3 hl=2 l= 28 cons: cont [ 1 ] + 38:d=4 hl=2 l= 26 cons: SEQUENCE + 40:d=5 hl=2 l= 9 prim: OBJECT :mgf1 + 51:d=5 hl=2 l= 13 cons: SEQUENCE + 53:d=6 hl=2 l= 9 prim: OBJECT :sha256 + 64:d=6 hl=2 l= 0 prim: NULL + 66:d=3 hl=2 l= 3 cons: cont [ 2 ] + 68:d=4 hl=2 l= 1 prim: INTEGER :20 + 71:d=1 hl=4 l= 271 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIIBVjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcN +AQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEPADCCAQoCggEBAJ+eocEuecvSRuYF +5E0C15v0OB0iXT/5BAoM7TDELaoIr/kHS9CeTO20DW1Cu2YWbeaREuU9B4yXCBDQ +b4Vxc1Gd6wTjKeMhEhS1qEi9Kri9AwGkV/2bmak/jsOiz3ZMJb9SaSodN8pasQhm +8NWyBSBLBa6ekA53Uj1SNYn3dkH2Hvn3UULhfHpmhrudDikUoM4kAedCRyg9M0bI +dXIFHEE8hlIhY9p3RV8NQD88pVNvqLmLq5jd2Qq73D9if6oEHQMw2EUP26v7+yzW +EHPhrnfhCMxN/vbKcm51kYtmi65xsMAQmbP26nOusGitKcx/M/5g8GwdmUiGpegE +RdIllF0CAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :20 +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw +DQYJYIZIAWUDBAIBBQCiAwIBIA== +-----END ALGORITHM----- + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=4 l= 257 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4IBAQAhgPL8PV86dM9W4p1s7IWu8+9oXpPnFgutfKffNrPRny+7zUmJFER/JUDB +7gnb4qiDRqKftRIpizyrZb0M4Vrhq1CyINHM1anqinZESRy8npVvhrYv4QiHZnYX +vXtDjgBg3Rw2DufTOKgxs+nX8a050aHsuMulTRCwR6NuHkChJlJfg6p0b1losgcL +jKlu7EqTUUkY7Mt0WyCobxIKGbgrSVJsjV8La6rPh3LpA3d9i0Ik1HkyM1w+7utn +h2eT/FKO8W1BtB8haiyuhatuZ1c/2uttLBSZa8hK/2W4YuomUEoWz8JIP9xXQkoq +u0P2zB7MXW5jPJwpUX0fKXqFNSry +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem new file mode 100644 index 0000000000..6b641de01e --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem @@ -0,0 +1,61 @@ +This is the same as rsa-pss-sha256.pem, except the signature was generated +with a salt length of 33 instead of 32, while the algorithm still reports +the standard value of 32. + +The public key in SPKI form: +$ openssl pkey -in key.pem -pubout +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLX +m/Q4HSJdP/kECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFz +UZ3rBOMp4yESFLWoSL0quL0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIF +IEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUc +QTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gu +d+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWU +XQIDAQAB +-----END PUBLIC KEY----- + +The signing algorithm: + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :20 +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw +DQYJYIZIAWUDBAIBBQCiAwIBIA== +-----END ALGORITHM----- + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + +The signature was generated with: +$ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \ + -sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE] + +Then the signature was wrapped in a BIT STRING. + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=4 l= 257 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9q +FqHao1+idLj+WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0 +KJ4QFOJe05wYO+p/zHZ4Oiyhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqk +iyxsJrXsibuFnFnBe6BytBdlKF/CHFuve6z5aLauuuQtA17I6YRZ4cdKceD9I3Hs +NVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrzBhPZPDtzfF++4Ag2Vd2O +GFvPoL8xTp3S8QG5iVs90BkW8GvL +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256.pem b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256.pem new file mode 100644 index 0000000000..a01984bc4a --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256.pem @@ -0,0 +1,92 @@ +The key and signature were generated with OpenSSL. +It uses an RSA key with modulus length of 1024 bits, PSS padding, +SHA-256 as the digest, MGF1 with SHA-256, and salt length of 10. + +The key was generated with: + +$ openssl genrsa -out key.pem 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAn56hwS55y9JG5gXkTQLXm/Q4HSJdP/kECgztMMQtqgiv+QdL +0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFzUZ3rBOMp4yESFLWoSL0quL0DAaRX +/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIFIEsFrp6QDndSPVI1ifd2QfYe+fdR +QuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUcQTyGUiFj2ndFXw1APzylU2+ouYur +mN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gud+EIzE3+9spybnWRi2aLrnGwwBCZ +s/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWUXQIDAQABAoIBAHKu+AsjiFDgSR5V +111ZkG41vud33EXtdXB/LyAdo62KRl0HV/qQ8jbLaeY5zwkfTmEdlNTtz3G8xgfG +qonXJILckpJVYLAW/7WvezSf7YUEEJfqa2oElRfcWYfIf4TAW1KmNHcUvRP/qzid +NaZkHHjCTlfTBy/NnWH/ogX5rZbfy1mqfBkGCsBAKrIp8OxIdc2gvy7fzjmOc9Bj +wSIswqGWu5YCeJ5S6tQ3PCYwb9A/gJS4/DMz2Mq0wj1r0dn9xVtMcQZRrG3JsvHt +Q4ImTXE3gTDS1gw8a0iB1UHlnOuq19O74ImupndpbpS2AZ3r8/GB2hGc+p3RXV+D +2MdlVEUCgYEA0h1yM5qJcAQQH5xFXK/eFF3DHeQNl10ugqiq8dF1+uFVodNhu/ZI +OGddhgxSrYDy7ryoZLGnZxcgrdxsfgfIHFOIp8sn9DO6wxfNQEBMGrWAXlgM+0js +EZ5FG/hHsZycM5/LXAncXmPDacu5AJ0UFv84iFahSsmaPR/FB3SdiO8CgYEAwno5 +eywaSdo2AWu/QeCtfN+Db9CmStjhHJY5NidppoeLcKwO5Jlh1DqbYvE38+SmUCeq +nZoXmj2EBsHU8xHY7U8pS0JHW8Uj+Ii6KxzMx1cdyUXy9bCmVVj4wtfaQIHdYruj +T7eD31NZ/sQHplsVT7EdTprVFPys7GPgy321/3MCgYEAxS25BFBb9fD6KJAAT7ED +Gd27w4tGbeuWQCuE8JX+v8dDEzBJoZjHwZbPH4Lk+8ntMLl+1bAaRxZfJomajtNC +qcKCleSCxBrfg0IM7eTpBo+Zve+njxGp6Aa9GDhxH26274Nf1imy0imRMvFp1feS +6Nnt9ZRGnOaAhigQQKThSaUCgYBVS9Y6N7Wv/o0BQoi4FBsDUeUL/a9x1H2nVBvz +rIWiDIEUAeLmUH+f3bSZSMMJrZdkQIGMbjE77Q8jB5Cmq4VBUB8EayVxEp4cO5ur +nQ4TwBnIVW2iZMAPXt58Vr/a2xqGW1XdeNfV83DdVI0mYXyPX1dDSpV6hvgxFf1a +QuC4EQKBgQCtapB1LkCJ0ro6BDK1uxyMd4/uJWR2Ke6vZD1P+MgUDCbIwBCecick +WUzTx9Uc8ZfRH8s3JAMz6f8XpJoxvwFVpDqOB5X1y/8TNo5kEooQB1BnwLPL169O +Pqi9SE06v7syvuXBbFRQFOxmGvK7jYi0G1VGuc7OcjDw9SRGENtTKQ== +-----END RSA PRIVATE KEY----- + +The public key in SPKI form: +$ openssl pkey -in key.pem -pubout +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLX +m/Q4HSJdP/kECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFz +UZ3rBOMp4yESFLWoSL0quL0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIF +IEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUc +QTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gu +d+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWU +XQIDAQAB +-----END PUBLIC KEY----- + +The signing algorithm: + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :20 +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw +DQYJYIZIAWUDBAIBBQCiAwIBIA== +-----END ALGORITHM----- + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + +The signature was generated with: +$ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \ + -sigopt rsa_pss_saltlen:32 < [DATA] > [SIGNATURE] + +Then the signature was wrapped in a BIT STRING. + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=4 l= 257 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4IBAQAhgPL8PV86dM9W4p1s7IWu8+9oXpPnFgutfKffNrPRny+7zUmJFER/JUDB +7gnb4qiDRqKftRIpizyrZb0M4Vrhq1CyINHM1anqinZESRy8npVvhrYv4QiHZnYX +vXtDjgBg3Rw2DufTOKgxs+nX8a050aHsuMulTRCwR6NuHkChJlJfg6p0b1losgcL +jKlu7EqTUUkY7Mt0WyCobxIKGbgrSVJsjV8La6rPh3LpA3d9i0Ik1HkyM1w+7utn +h2eT/FKO8W1BtB8haiyuhatuZ1c/2uttLBSZa8hK/2W4YuomUEoWz8JIP9xXQkoq +u0P2zB7MXW5jPJwpUX0fKXqFNSry +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa-using-ec-key.pem b/pki/testdata/verify_signed_data_unittest/rsa-using-ec-key.pem new file mode 100644 index 0000000000..b39b0be778 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa-using-ec-key.pem @@ -0,0 +1,42 @@ +This test specifies an RSA PKCS#1 v1.5 signature algorithm (and a valid RSA +signature), HOWEVER it provides an EC key. Verification should fail. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- diff --git a/pki/testdata/verify_signed_data_unittest/rsa2048-pkcs1-sha512.pem b/pki/testdata/verify_signed_data_unittest/rsa2048-pkcs1-sha512.pem new file mode 100644 index 0000000000..4ebb23a086 --- /dev/null +++ b/pki/testdata/verify_signed_data_unittest/rsa2048-pkcs1-sha512.pem @@ -0,0 +1,83 @@ +This test data was produced by creating a self-signed RSA cert using OpenSSL, +and then extracting the relevant fields. + +It uses RSA PKCS#1 v1.5 with SHA-512 and a 2048-bit key. + +(1) Generate self-signed certificate + + openssl genrsa -out rsa_key.pem 2048 + openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -sha512 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (589 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 589 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (506 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 506 + base64 sig + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=4 l= 290 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=4 l= 271 prim: BIT STRING +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcu2shJRrXFAwMkf30y2AY1zIg9VF/h +egYcejzdR2AzUb8vU2TXld2i8pp44l+DrvtqmzS7G+yxx3uOx+zsoqBaUT0c9HfkbE+IRmcLkQF +vYpSpm6Eu8OS14CSmEtiR91Et8LR0+bd0Gn3pgmb+epFJBaBPeDSiI/smqKCs7yP04+tS4Q4r47 +G04LhSp4/hmqH32b4Gcm9nsihHV9FfPfVdxDQUEJp3AgyBPwhPZEAyhoQS73TjjxXHqJRSz37Sl +ueMVPuNncqbT4nAMKz25J1CtRlQh21uZzfY2QRP3m6rAZquQUos1febC6A7qmhQljWKKmXtfVY+ +fAamstdHrWwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha512WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBDQUA +-----END ALGORITHM----- + +-----BEGIN DATA----- +MIICRaADAgECAgkA7jWRLkwHvHswDQYJKoZIhvcNAQENBQAwRTELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNT +A3MjgwMjIyMzFaFw0xNjA3MjcwMjIyMzFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lL +VN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDNy7ayElGtcUDAyR/fTLYBjXMiD1UX+F6Bhx6PN1HYDNRvy9TZNeV +3aLymnjiX4Ou+2qbNLsb7LHHe47H7OyioFpRPRz0d+RsT4hGZwuRAW9ilKmboS7w5LXgJKYS2JH +3US3wtHT5t3QafemCZv56kUkFoE94NKIj+yaooKzvI/Tj61LhDivjsbTguFKnj+GaoffZvgZyb2 +eyKEdX0V899V3ENBQQmncCDIE/CE9kQDKGhBLvdOOPFceolFLPftKW54xU+42dyptPicAwrPbkn +UK1GVCHbW5nN9jZBE/ebqsBmq5BSizV95sLoDuqaFCWNYoqZe19Vj58Bqay10etbAgMBAAGjUDB +OMB0GA1UdDgQWBBRsCPajkEscZM6SpLbNTa/7dY5azzAfBgNVHSMEGDAWgBRsCPajkEscZM6SpL +bNTa/7dY5azzAMBgNVHRMEBTADAQH/ +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=4 l= 257 prim: BIT STRING +-----BEGIN SIGNATURE----- +A4IBAQAhKSNq+X/CfzhtNsMo6MJpTBjJBV5fhHerIZr6e3ozCTBCR29vYsVnJ4/6i5lL1pNeOhM +ldthnuSlMzTS1Zme1OqRWB3U8QmwCFwhDxW/i4fdT8kxDAmELNp4z0GcXbe27V895PE0R/m8P47 +B6xbra+SQlEMW12K1EndUqrO6vgLbobV14mveWdgc0KIOnDKgsTHV8NTV1w3qtp1ujfvizYfBZu +yyMOA1yZPDpREZtClro7lufwDQ7+LgSdtNLMDAMzapfIjAEPVNVLmJzMgzaHqMsZM8gP8vWAdfc +R4mCmWXVotrM6d1rjJGdRADAONYCC4/+d1IMkVGoVfpaej6I +-----END SIGNATURE----- diff --git a/pki/trust_store.cc b/pki/trust_store.cc new file mode 100644 index 0000000000..8ca4120a0f --- /dev/null +++ b/pki/trust_store.cc @@ -0,0 +1,175 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "trust_store.h" + +#include "string_util.h" + +namespace bssl { + +namespace { + +constexpr char kUnspecifiedStr[] = "UNSPECIFIED"; +constexpr char kDistrustedStr[] = "DISTRUSTED"; +constexpr char kTrustedAnchorStr[] = "TRUSTED_ANCHOR"; +constexpr char kTrustedAnchorOrLeafStr[] = "TRUSTED_ANCHOR_OR_LEAF"; +constexpr char kTrustedLeafStr[] = "TRUSTED_LEAF"; + +constexpr char kEnforceAnchorExpiry[] = "enforce_anchor_expiry"; +constexpr char kEnforceAnchorConstraints[] = "enforce_anchor_constraints"; +constexpr char kRequireAnchorBasicConstraints[] = + "require_anchor_basic_constraints"; +constexpr char kRequireLeafSelfsigned[] = "require_leaf_selfsigned"; + +} // namespace + +bool CertificateTrust::IsTrustAnchor() const { + switch (type) { + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_LEAF: + return false; + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + return true; + } + + assert(0); // NOTREACHED + return false; +} + +bool CertificateTrust::IsTrustLeaf() const { + switch (type) { + case CertificateTrustType::TRUSTED_LEAF: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + return true; + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_ANCHOR: + return false; + } + + assert(0); // NOTREACHED + return false; +} + +bool CertificateTrust::IsDistrusted() const { + switch (type) { + case CertificateTrustType::DISTRUSTED: + return true; + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + case CertificateTrustType::TRUSTED_LEAF: + return false; + } + + assert(0); // NOTREACHED + return false; +} + +bool CertificateTrust::HasUnspecifiedTrust() const { + switch (type) { + case CertificateTrustType::UNSPECIFIED: + return true; + case CertificateTrustType::DISTRUSTED: + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + case CertificateTrustType::TRUSTED_LEAF: + return false; + } + + assert(0); // NOTREACHED + return true; +} + +std::string CertificateTrust::ToDebugString() const { + std::string result; + switch (type) { + case CertificateTrustType::UNSPECIFIED: + result = kUnspecifiedStr; + break; + case CertificateTrustType::DISTRUSTED: + result = kDistrustedStr; + break; + case CertificateTrustType::TRUSTED_ANCHOR: + result = kTrustedAnchorStr; + break; + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + result = kTrustedAnchorOrLeafStr; + break; + case CertificateTrustType::TRUSTED_LEAF: + result = kTrustedLeafStr; + break; + } + if (enforce_anchor_expiry) { + result += '+'; + result += kEnforceAnchorExpiry; + } + if (enforce_anchor_constraints) { + result += '+'; + result += kEnforceAnchorConstraints; + } + if (require_anchor_basic_constraints) { + result += '+'; + result += kRequireAnchorBasicConstraints; + } + if (require_leaf_selfsigned) { + result += '+'; + result += kRequireLeafSelfsigned; + } + return result; +} + +// static +std::optional CertificateTrust::FromDebugString( + const std::string& trust_string) { + std::vector split = + string_util::SplitString(trust_string, '+'); + + if (split.empty()) { + return std::nullopt; + } + + CertificateTrust trust; + + if (string_util::IsEqualNoCase(split[0], kUnspecifiedStr)) { + trust = CertificateTrust::ForUnspecified(); + } else if (string_util::IsEqualNoCase(split[0], kDistrustedStr)) { + trust = CertificateTrust::ForDistrusted(); + } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorStr)) { + trust = CertificateTrust::ForTrustAnchor(); + } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorOrLeafStr)) { + trust = CertificateTrust::ForTrustAnchorOrLeaf(); + } else if (string_util::IsEqualNoCase(split[0], kTrustedLeafStr)) { + trust = CertificateTrust::ForTrustedLeaf(); + } else { + return std::nullopt; + } + + for (auto i = ++split.begin(); i != split.end(); ++i) { + if (string_util::IsEqualNoCase(*i, kEnforceAnchorExpiry)) { + trust = trust.WithEnforceAnchorExpiry(); + } else if (string_util::IsEqualNoCase(*i, kEnforceAnchorConstraints)) { + trust = trust.WithEnforceAnchorConstraints(); + } else if (string_util::IsEqualNoCase(*i, kRequireAnchorBasicConstraints)) { + trust = trust.WithRequireAnchorBasicConstraints(); + } else if (string_util::IsEqualNoCase(*i, kRequireLeafSelfsigned)) { + trust = trust.WithRequireLeafSelfSigned(); + } else { + return std::nullopt; + } + } + + return trust; +} + +TrustStore::TrustStore() = default; + +void TrustStore::AsyncGetIssuersOf(const ParsedCertificate* cert, + std::unique_ptr* out_req) { + out_req->reset(); +} + +} // namespace net diff --git a/pki/trust_store.h b/pki/trust_store.h new file mode 100644 index 0000000000..2f8eeb9486 --- /dev/null +++ b/pki/trust_store.h @@ -0,0 +1,152 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_TRUST_STORE_H_ +#define BSSL_PKI_TRUST_STORE_H_ + +#include "fillins/openssl_util.h" + + +#include "cert_issuer_source.h" +#include "parsed_certificate.h" +#include + +namespace bssl { + +enum class CertificateTrustType { + // This certificate is explicitly blocked (distrusted). + DISTRUSTED, + + // The trustedness of this certificate is unknown (inherits trust from + // its issuer). + UNSPECIFIED, + + // This certificate is a trust anchor (as defined by RFC 5280). + TRUSTED_ANCHOR, + + // This certificate can be used as a trust anchor (as defined by RFC 5280) or + // a trusted leaf, depending on context. + TRUSTED_ANCHOR_OR_LEAF, + + // This certificate is a directly trusted leaf. + TRUSTED_LEAF, + + LAST = TRUSTED_ANCHOR +}; + +// Describes the level of trust in a certificate. +struct OPENSSL_EXPORT CertificateTrust { + static constexpr CertificateTrust ForTrustAnchor() { + CertificateTrust result; + result.type = CertificateTrustType::TRUSTED_ANCHOR; + return result; + } + + static constexpr CertificateTrust ForTrustAnchorOrLeaf() { + CertificateTrust result; + result.type = CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF; + return result; + } + + static constexpr CertificateTrust ForTrustedLeaf() { + CertificateTrust result; + result.type = CertificateTrustType::TRUSTED_LEAF; + return result; + } + + static constexpr CertificateTrust ForUnspecified() { + CertificateTrust result; + return result; + } + + static constexpr CertificateTrust ForDistrusted() { + CertificateTrust result; + result.type = CertificateTrustType::DISTRUSTED; + return result; + } + + constexpr CertificateTrust WithEnforceAnchorExpiry(bool value = true) const { + CertificateTrust result = *this; + result.enforce_anchor_expiry = value; + return result; + } + + constexpr CertificateTrust WithEnforceAnchorConstraints( + bool value = true) const { + CertificateTrust result = *this; + result.enforce_anchor_constraints = value; + return result; + } + + constexpr CertificateTrust WithRequireAnchorBasicConstraints( + bool value = true) const { + CertificateTrust result = *this; + result.require_anchor_basic_constraints = value; + return result; + } + + constexpr CertificateTrust WithRequireLeafSelfSigned( + bool value = true) const { + CertificateTrust result = *this; + result.require_leaf_selfsigned = value; + return result; + } + + bool IsTrustAnchor() const; + bool IsTrustLeaf() const; + bool IsDistrusted() const; + bool HasUnspecifiedTrust() const; + + std::string ToDebugString() const; + + static std::optional FromDebugString( + const std::string& trust_string); + + // The overall type of trust. + CertificateTrustType type = CertificateTrustType::UNSPECIFIED; + + // Optionally, enforce extra bits on trust anchors. If these are false, the + // only fields in a trust anchor certificate that are meaningful are its + // name and SPKI. + bool enforce_anchor_expiry = false; + bool enforce_anchor_constraints = false; + // Require that X.509v3 trust anchors have a basicConstraints extension. + // X.509v1 and X.509v2 trust anchors do not support basicConstraints and are + // not affected. + // Additionally, this setting only has effect if `enforce_anchor_constraints` + // is true, which also requires that the extension assert CA=true. + bool require_anchor_basic_constraints = false; + + // Optionally, require trusted leafs to be self-signed to be trusted. + bool require_leaf_selfsigned = false; +}; + +// Interface for finding intermediates / trust anchors, and testing the +// trustedness of certificates. +class OPENSSL_EXPORT TrustStore : public CertIssuerSource { + public: + TrustStore(); + + TrustStore(const TrustStore&) = delete; + TrustStore& operator=(const TrustStore&) = delete; + + // Returns the trusted of |cert|, which must be non-null. + // + // Optionally, if |debug_data| is non-null, debug information may be added + // (any added Data must implement the Clone method.) The same |debug_data| + // object may be passed to multiple GetTrust calls for a single verification, + // so implementations should check whether they already added data with a + // certain key and update it instead of overwriting it. + virtual CertificateTrust GetTrust(const ParsedCertificate* cert, + void* debug_data) = 0; + + // Disable async issuers for TrustStore, as it isn't needed. + // TODO(mattm): Pass debug_data here too. + void AsyncGetIssuersOf(const ParsedCertificate* cert, + std::unique_ptr* out_req) final; +}; + +} // namespace net + +#endif // BSSL_PKI_TRUST_STORE_H_ diff --git a/pki/trust_store_collection.cc b/pki/trust_store_collection.cc new file mode 100644 index 0000000000..f6108c7006 --- /dev/null +++ b/pki/trust_store_collection.cc @@ -0,0 +1,46 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "trust_store_collection.h" + +namespace bssl { + +TrustStoreCollection::TrustStoreCollection() = default; +TrustStoreCollection::~TrustStoreCollection() = default; + +void TrustStoreCollection::AddTrustStore(TrustStore* store) { + DCHECK(store); + stores_.push_back(store); +} + +void TrustStoreCollection::SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) { + for (auto* store : stores_) { + store->SyncGetIssuersOf(cert, issuers); + } +} + +CertificateTrust TrustStoreCollection::GetTrust( + const ParsedCertificate* cert, + void* debug_data) { + // The current aggregate result. + CertificateTrust result = CertificateTrust::ForUnspecified(); + + for (auto* store : stores_) { + CertificateTrust cur_trust = store->GetTrust(cert, debug_data); + + // * If any stores distrust the certificate, consider it untrusted. + // * If multiple stores consider it trusted, use the trust result from the + // last one + if (!cur_trust.HasUnspecifiedTrust()) { + result = cur_trust; + if (result.IsDistrusted()) + break; + } + } + + return result; +} + +} // namespace net diff --git a/pki/trust_store_collection.h b/pki/trust_store_collection.h new file mode 100644 index 0000000000..e92ad2cd17 --- /dev/null +++ b/pki/trust_store_collection.h @@ -0,0 +1,44 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_TRUST_STORE_COLLECTION_H_ +#define BSSL_PKI_TRUST_STORE_COLLECTION_H_ + +#include "fillins/openssl_util.h" + +#include "trust_store.h" + +namespace bssl { + +// TrustStoreCollection is an implementation of TrustStore which combines the +// results from multiple TrustStores. +// +// The order of the matches will correspond to a concatenation of matches in +// the order the stores were added. +class OPENSSL_EXPORT TrustStoreCollection : public TrustStore { + public: + TrustStoreCollection(); + + TrustStoreCollection(const TrustStoreCollection&) = delete; + TrustStoreCollection& operator=(const TrustStoreCollection&) = delete; + + ~TrustStoreCollection() override; + + // Includes results from |store| in the combined output. |store| must + // outlive the TrustStoreCollection. + void AddTrustStore(TrustStore* store); + + // TrustStore implementation: + void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) override; + CertificateTrust GetTrust(const ParsedCertificate* cert, + void* debug_data) override; + + private: + std::vector stores_; +}; + +} // namespace net + +#endif // BSSL_PKI_TRUST_STORE_COLLECTION_H_ diff --git a/pki/trust_store_collection_unittest.cc b/pki/trust_store_collection_unittest.cc new file mode 100644 index 0000000000..6d52726c0c --- /dev/null +++ b/pki/trust_store_collection_unittest.cc @@ -0,0 +1,192 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "trust_store_collection.h" + +#include "test_helpers.h" +#include "trust_store_in_memory.h" +#include + +namespace bssl { + +namespace { + +class TrustStoreCollectionTest : public testing::Test { + public: + void SetUp() override { + ParsedCertificateList chain; + ASSERT_TRUE(ReadCertChainFromFile( + "testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem", + &chain)); + + ASSERT_EQ(3U, chain.size()); + target_ = chain[0]; + oldintermediate_ = chain[1]; + oldroot_ = chain[2]; + ASSERT_TRUE(target_); + ASSERT_TRUE(oldintermediate_); + ASSERT_TRUE(oldroot_); + + ASSERT_TRUE( + ReadCertChainFromFile("testdata/verify_certificate_chain_unittest/" + "key-rollover/longrolloverchain.pem", + &chain)); + + ASSERT_EQ(5U, chain.size()); + newintermediate_ = chain[1]; + newroot_ = chain[2]; + newrootrollover_ = chain[3]; + ASSERT_TRUE(newintermediate_); + ASSERT_TRUE(newroot_); + ASSERT_TRUE(newrootrollover_); + } + + protected: + std::shared_ptr oldroot_; + std::shared_ptr newroot_; + std::shared_ptr newrootrollover_; + + std::shared_ptr target_; + std::shared_ptr oldintermediate_; + std::shared_ptr newintermediate_; +}; + +// Collection contains no stores, should return no results. +TEST_F(TrustStoreCollectionTest, NoStores) { + ParsedCertificateList issuers; + + TrustStoreCollection collection; + collection.SyncGetIssuersOf(target_.get(), &issuers); + + EXPECT_TRUE(issuers.empty()); +} + +// Collection contains only one store. +TEST_F(TrustStoreCollectionTest, OneStore) { + ParsedCertificateList issuers; + + TrustStoreCollection collection; + TrustStoreInMemory in_memory; + in_memory.AddTrustAnchor(newroot_); + collection.AddTrustStore(&in_memory); + collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); + + ASSERT_EQ(1U, issuers.size()); + EXPECT_EQ(newroot_.get(), issuers[0].get()); + + // newroot_ is trusted. + CertificateTrust trust = + collection.GetTrust(newroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(), + trust.ToDebugString()); + + // oldroot_ is not. + trust = collection.GetTrust(oldroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(), + trust.ToDebugString()); +} + +// SyncGetIssuersOf() should append to its output parameters rather than assign +// them. +TEST_F(TrustStoreCollectionTest, OutputVectorsAppendedTo) { + ParsedCertificateList issuers; + + // Populate the out-parameter with some values. + issuers.resize(3); + + TrustStoreCollection collection; + TrustStoreInMemory in_memory; + in_memory.AddTrustAnchor(newroot_); + collection.AddTrustStore(&in_memory); + collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); + + ASSERT_EQ(4U, issuers.size()); + EXPECT_EQ(newroot_.get(), issuers[3].get()); + + // newroot_ is trusted. + CertificateTrust trust = + collection.GetTrust(newroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(), + trust.ToDebugString()); + + // newrootrollover_ is not. + trust = collection.GetTrust(newrootrollover_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(), + trust.ToDebugString()); +} + +// Collection contains two stores. +TEST_F(TrustStoreCollectionTest, TwoStores) { + ParsedCertificateList issuers; + + TrustStoreCollection collection; + TrustStoreInMemory in_memory1; + TrustStoreInMemory in_memory2; + in_memory1.AddTrustAnchor(newroot_); + in_memory2.AddTrustAnchor(oldroot_); + collection.AddTrustStore(&in_memory1); + collection.AddTrustStore(&in_memory2); + collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); + + ASSERT_EQ(2U, issuers.size()); + EXPECT_EQ(newroot_.get(), issuers[0].get()); + EXPECT_EQ(oldroot_.get(), issuers[1].get()); + + // newroot_ is trusted. + CertificateTrust trust = + collection.GetTrust(newroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(), + trust.ToDebugString()); + + // oldroot_ is trusted. + trust = collection.GetTrust(oldroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(), + trust.ToDebugString()); + + // newrootrollover_ is not. + trust = collection.GetTrust(newrootrollover_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(), + trust.ToDebugString()); +} + +// Collection contains two stores. The certificate is marked as trusted in one, +// but distrusted in the other. +TEST_F(TrustStoreCollectionTest, DistrustTakesPriority) { + ParsedCertificateList issuers; + + TrustStoreCollection collection; + TrustStoreInMemory in_memory1; + TrustStoreInMemory in_memory2; + + // newroot_ is trusted in store1, distrusted in store2. + in_memory1.AddTrustAnchor(newroot_); + in_memory2.AddDistrustedCertificateForTest(newroot_); + + // oldintermediate is distrusted in store1, trusted in store2. + in_memory1.AddDistrustedCertificateForTest(oldintermediate_); + in_memory2.AddTrustAnchor(oldintermediate_); + + collection.AddTrustStore(&in_memory1); + collection.AddTrustStore(&in_memory2); + + // newroot_ is distrusted.. + CertificateTrust trust = + collection.GetTrust(newroot_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(), + trust.ToDebugString()); + + // oldintermediate_ is distrusted. + trust = collection.GetTrust(oldintermediate_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(), + trust.ToDebugString()); + + // newrootrollover_ is unspecified. + trust = collection.GetTrust(newrootrollover_.get(), /*debug_data=*/nullptr); + EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(), + trust.ToDebugString()); +} + +} // namespace + +} // namespace net diff --git a/pki/trust_store_in_memory.cc b/pki/trust_store_in_memory.cc new file mode 100644 index 0000000000..d85f86b4ed --- /dev/null +++ b/pki/trust_store_in_memory.cc @@ -0,0 +1,95 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "trust_store_in_memory.h" + +namespace bssl { + +TrustStoreInMemory::TrustStoreInMemory() = default; +TrustStoreInMemory::~TrustStoreInMemory() = default; + +bool TrustStoreInMemory::IsEmpty() const { + return entries_.empty(); +} + +void TrustStoreInMemory::Clear() { + entries_.clear(); +} + +void TrustStoreInMemory::AddTrustAnchor( + std::shared_ptr cert) { + AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor()); +} + +void TrustStoreInMemory::AddTrustAnchorWithExpiration( + std::shared_ptr cert) { + AddCertificate(std::move(cert), + CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry()); +} + +void TrustStoreInMemory::AddTrustAnchorWithConstraints( + std::shared_ptr cert) { + AddCertificate( + std::move(cert), + CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints()); +} + +void TrustStoreInMemory::AddDistrustedCertificateForTest( + std::shared_ptr cert) { + AddCertificate(std::move(cert), CertificateTrust::ForDistrusted()); +} + +void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust( + std::shared_ptr cert) { + AddCertificate(std::move(cert), CertificateTrust::ForUnspecified()); +} + +void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) { + auto range = entries_.equal_range(cert->normalized_issuer().AsStringView()); + for (auto it = range.first; it != range.second; ++it) + issuers->push_back(it->second.cert); +} + +CertificateTrust TrustStoreInMemory::GetTrust( + const ParsedCertificate* cert, + void* debug_data) { + const Entry* entry = GetEntry(cert); + return entry ? entry->trust : CertificateTrust::ForUnspecified(); +} + +bool TrustStoreInMemory::Contains(const ParsedCertificate* cert) const { + return GetEntry(cert) != nullptr; +} + +TrustStoreInMemory::Entry::Entry() = default; +TrustStoreInMemory::Entry::Entry(const Entry& other) = default; +TrustStoreInMemory::Entry::~Entry() = default; + +void TrustStoreInMemory::AddCertificate( + std::shared_ptr cert, + const CertificateTrust& trust) { + Entry entry; + entry.cert = std::move(cert); + entry.trust = trust; + + // TODO(mattm): should this check for duplicate certificates? + entries_.insert( + std::make_pair(entry.cert->normalized_subject().AsStringView(), entry)); +} + +const TrustStoreInMemory::Entry* TrustStoreInMemory::GetEntry( + const ParsedCertificate* cert) const { + auto range = entries_.equal_range(cert->normalized_subject().AsStringView()); + for (auto it = range.first; it != range.second; ++it) { + if (cert == it->second.cert.get() || + cert->der_cert() == it->second.cert->der_cert()) { + // NOTE: ambiguity when there are duplicate entries. + return &it->second; + } + } + return nullptr; +} + +} // namespace net diff --git a/pki/trust_store_in_memory.h b/pki/trust_store_in_memory.h new file mode 100644 index 0000000000..033c1d1207 --- /dev/null +++ b/pki/trust_store_in_memory.h @@ -0,0 +1,92 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_TRUST_STORE_IN_MEMORY_H_ +#define BSSL_PKI_TRUST_STORE_IN_MEMORY_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "trust_store.h" + +namespace bssl { + +// A very simple implementation of a TrustStore, which contains a set of +// certificates and their trustedness. +class OPENSSL_EXPORT TrustStoreInMemory : public TrustStore { + public: + TrustStoreInMemory(); + + TrustStoreInMemory(const TrustStoreInMemory&) = delete; + TrustStoreInMemory& operator=(const TrustStoreInMemory&) = delete; + + ~TrustStoreInMemory() override; + + // Returns whether the TrustStore is in the initial empty state. + bool IsEmpty() const; + + // Empties the trust store, resetting it to original state. + void Clear(); + + // Adds a certificate with the specified trust settings. Both trusted and + // distrusted certificates require a full DER match. + void AddCertificate(std::shared_ptr cert, + const CertificateTrust& trust); + + // Adds a certificate as a trust anchor (only the SPKI and subject will be + // used during verification). + void AddTrustAnchor(std::shared_ptr cert); + + // Adds a certificate as a trust anchor which will have expiration enforced. + // See VerifyCertificateChain for details. + void AddTrustAnchorWithExpiration( + std::shared_ptr cert); + + // Adds a certificate as a trust anchor and extracts anchor constraints from + // the certificate. See VerifyCertificateChain for details. + void AddTrustAnchorWithConstraints( + std::shared_ptr cert); + + // TODO(eroman): This is marked "ForTest" as the current implementation + // requires an exact match on the certificate DER (a wider match by say + // issuer/serial is probably what we would want for a real implementation). + void AddDistrustedCertificateForTest( + std::shared_ptr cert); + + // Adds a certificate to the store, that is neither trusted nor untrusted. + void AddCertificateWithUnspecifiedTrust( + std::shared_ptr cert); + + // TrustStore implementation: + void SyncGetIssuersOf(const ParsedCertificate* cert, + ParsedCertificateList* issuers) override; + CertificateTrust GetTrust(const ParsedCertificate* cert, + void* debug_data) override; + + // Returns true if the trust store contains the given ParsedCertificate + // (matches by DER). + bool Contains(const ParsedCertificate* cert) const; + + private: + struct Entry { + Entry(); + Entry(const Entry& other); + ~Entry(); + + std::shared_ptr cert; + CertificateTrust trust; + }; + + // Multimap from normalized subject -> Entry. + std::unordered_multimap entries_; + + // Returns the `Entry` matching `cert`, or `nullptr` if not in the trust + // store. + const Entry* GetEntry(const ParsedCertificate* cert) const; +}; + +} // namespace net + +#endif // BSSL_PKI_TRUST_STORE_IN_MEMORY_H_ diff --git a/pki/verify_certificate_chain.cc b/pki/verify_certificate_chain.cc new file mode 100644 index 0000000000..ff9af04f0e --- /dev/null +++ b/pki/verify_certificate_chain.cc @@ -0,0 +1,1658 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_certificate_chain.h" + +#include +#include + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "common_cert_errors.h" +#include "extended_key_usage.h" +#include "name_constraints.h" +#include "parse_certificate.h" +#include "signature_algorithm.h" +#include "trust_store.h" +#include "verify_signed_data.h" +#include "input.h" + +namespace bssl { + +namespace { + +bool IsHandledCriticalExtension(const ParsedExtension& extension, + const ParsedCertificate& cert) { + if (extension.oid == der::Input(kBasicConstraintsOid)) + return true; + // Key Usage is NOT processed for end-entity certificates (this is the + // responsibility of callers), however it is considered "handled" here in + // order to allow being marked as critical. + if (extension.oid == der::Input(kKeyUsageOid)) + return true; + if (extension.oid == der::Input(kExtKeyUsageOid)) + return true; + if (extension.oid == der::Input(kNameConstraintsOid)) + return true; + if (extension.oid == der::Input(kSubjectAltNameOid)) + return true; + if (extension.oid == der::Input(kCertificatePoliciesOid)) { + // Policy qualifiers are skipped during processing, so if the + // extension is marked critical need to ensure there weren't any + // qualifiers other than User Notice / CPS. + // + // This follows from RFC 5280 section 4.2.1.4: + // + // If this extension is critical, the path validation software MUST + // be able to interpret this extension (including the optional + // qualifier), or MUST reject the certificate. + std::vector unused_policies; + CertErrors unused_errors; + return ParseCertificatePoliciesExtensionOids( + extension.value, true /*fail_parsing_unknown_qualifier_oids*/, + &unused_policies, &unused_errors); + + // TODO(eroman): Give a better error message. + } + if (extension.oid == der::Input(kPolicyMappingsOid)) + return true; + if (extension.oid == der::Input(kPolicyConstraintsOid)) + return true; + if (extension.oid == der::Input(kInhibitAnyPolicyOid)) + return true; + if (extension.oid == der::Input(kMSApplicationPoliciesOid)) { + // Per https://crbug.com/1439638 and + // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/supported-extensions#msapplicationpolicies + // The MSApplicationPolicies extension may be ignored if the + // extendedKeyUsage extension is also present. + return cert.has_extended_key_usage(); + } + + return false; +} + +// Adds errors to |errors| if the certificate contains unconsumed _critical_ +// extensions. +void VerifyNoUnconsumedCriticalExtensions(const ParsedCertificate& cert, + CertErrors* errors) { + for (const auto& it : cert.extensions()) { + const ParsedExtension& extension = it.second; + if (extension.critical && !IsHandledCriticalExtension(extension, cert)) { + errors->AddError(cert_errors::kUnconsumedCriticalExtension, + CreateCertErrorParams2Der("oid", extension.oid, "value", + extension.value)); + } + } +} + +// Returns true if |cert| was self-issued. The definition of self-issuance +// comes from RFC 5280 section 6.1: +// +// A certificate is self-issued if the same DN appears in the subject +// and issuer fields (the two DNs are the same if they match according +// to the rules specified in Section 7.1). In general, the issuer and +// subject of the certificates that make up a path are different for +// each certificate. However, a CA may issue a certificate to itself to +// support key rollover or changes in certificate policies. These +// self-issued certificates are not counted when evaluating path length +// or name constraints. +[[nodiscard]] bool IsSelfIssued(const ParsedCertificate& cert) { + return cert.normalized_subject() == cert.normalized_issuer(); +} + +// Adds errors to |errors| if |cert| is not valid at time |time|. +// +// The certificate's validity requirements are described by RFC 5280 section +// 4.1.2.5: +// +// The validity period for a certificate is the period of time from +// notBefore through notAfter, inclusive. +void VerifyTimeValidity(const ParsedCertificate& cert, + const der::GeneralizedTime& time, + CertErrors* errors) { + if (time < cert.tbs().validity_not_before) + errors->AddError(cert_errors::kValidityFailedNotBefore); + + if (cert.tbs().validity_not_after < time) + errors->AddError(cert_errors::kValidityFailedNotAfter); +} + +// Adds errors to |errors| if |cert| has internally inconsistent signature +// algorithms. +// +// X.509 certificates contain two different signature algorithms: +// (1) The signatureAlgorithm field of Certificate +// (2) The signature field of TBSCertificate +// +// According to RFC 5280 section 4.1.1.2 and 4.1.2.3 these two fields must be +// equal: +// +// This field MUST contain the same algorithm identifier as the +// signature field in the sequence tbsCertificate (Section 4.1.2.3). +// +// The spec is not explicit about what "the same algorithm identifier" means. +// Our interpretation is that the two DER-encoded fields must be byte-for-byte +// identical. +// +// In practice however there are certificates which use different encodings for +// specifying RSA with SHA1 (different OIDs). This is special-cased for +// compatibility sake. +bool VerifySignatureAlgorithmsMatch(const ParsedCertificate& cert, + CertErrors* errors) { + const der::Input& alg1_tlv = cert.signature_algorithm_tlv(); + const der::Input& alg2_tlv = cert.tbs().signature_algorithm_tlv; + + // Ensure that the two DER-encoded signature algorithms are byte-for-byte + // equal. + if (alg1_tlv == alg2_tlv) + return true; + + // But make a compatibility concession if alternate encodings are used + // TODO(eroman): Turn this warning into an error. + // TODO(eroman): Add a unit-test that exercises this case. + std::optional alg1 = ParseSignatureAlgorithm(alg1_tlv); + if (!alg1) { + errors->AddError(cert_errors::kUnacceptableSignatureAlgorithm); + return false; + } + std::optional alg2 = ParseSignatureAlgorithm(alg2_tlv); + if (!alg2) { + errors->AddError(cert_errors::kUnacceptableSignatureAlgorithm); + return false; + } + + if (*alg1 == *alg2) { + errors->AddWarning( + cert_errors::kSignatureAlgorithmsDifferentEncoding, + CreateCertErrorParams2Der("Certificate.algorithm", alg1_tlv, + "TBSCertificate.signature", alg2_tlv)); + return true; + } + + errors->AddError( + cert_errors::kSignatureAlgorithmMismatch, + CreateCertErrorParams2Der("Certificate.algorithm", alg1_tlv, + "TBSCertificate.signature", alg2_tlv)); + return false; +} + +// Verify that |cert| can be used for |required_key_purpose|. +void VerifyExtendedKeyUsage(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + CertErrors* errors, + bool is_target_cert, + bool is_target_cert_issuer) { + // We treat a required KeyPurpose of ANY_EKU to mean "Do not check EKU" + if (required_key_purpose == KeyPurpose::ANY_EKU) { + return; + } + bool has_any_eku = false; + bool has_server_auth_eku = false; + bool has_client_auth_eku = false; + bool has_code_signing_eku = false; + bool has_time_stamping_eku = false; + bool has_ocsp_signing_eku = false; + bool has_nsgc = false; + if (cert.has_extended_key_usage()) { + for (const auto& key_purpose_oid : cert.extended_key_usage()) { + if (key_purpose_oid == der::Input(kAnyEKU)) { + has_any_eku = true; + } + if (key_purpose_oid == der::Input(kServerAuth)) { + has_server_auth_eku = true; + } + if (key_purpose_oid == der::Input(kClientAuth)) { + has_client_auth_eku = true; + } + if (key_purpose_oid == der::Input(kCodeSigning)) { + has_code_signing_eku = true; + } + if (key_purpose_oid == der::Input(kTimeStamping)) { + has_time_stamping_eku = true; + } + if (key_purpose_oid == der::Input(kOCSPSigning)) { + has_ocsp_signing_eku = true; + } + if (key_purpose_oid == der::Input(kNetscapeServerGatedCrypto)) { + has_nsgc = true; + } + } + } + + auto add_error_if_strict = [&](CertErrorId id) { + if (required_key_purpose == KeyPurpose::SERVER_AUTH_STRICT || + required_key_purpose == KeyPurpose::CLIENT_AUTH_STRICT) { + errors->AddError(id); + } else { + errors->AddWarning(id); + } + }; + if (is_target_cert) { + // Loosely based upon CABF BR version 1.8.4, 7.1.2.3(f). We are more + // permissive in that we still allow EKU any to be present in a leaf + // certificate, but we ignore it for purposes of server or client auth. We + // are less permissive in that we prohibit Code Signing, OCSP Signing, and + // Time Stamping which are currently only a SHOULD NOT. The BR does + // explicitly allow Email authentication to be present, as this still exists + // in the wild (2022), so we do not prohibit Email authentication here (and + // by extension must allow it to be present in the signer, below). + if (!cert.has_extended_key_usage()) { + // This is added as a warning, an error will be added in STRICT modes + // if we then lack client or server auth due to this not being present. + errors->AddWarning(cert_errors::kEkuNotPresent); + } else { + if (has_code_signing_eku) { + add_error_if_strict(cert_errors::kEkuHasProhibitedCodeSigning); + } + if (has_ocsp_signing_eku) { + add_error_if_strict(cert_errors::kEkuHasProhibitedOCSPSigning); + } + if (has_time_stamping_eku) { + add_error_if_strict(cert_errors::kEkuHasProhibitedTimeStamping); + } + } + } else if (is_target_cert_issuer) { + // Handle the decision to overload EKU as a constraint on issuers. + // + // CABF BR version 1.8.4, 7.1.2.2(g) pertains to the case of "Certs used to + // issue TLS certificates", While the BR refers to the entire chain of + // intermediates, there are a number of exceptions regarding CA ownership + // and cross signing which are impossible for us to know or enforce here. + // Therefore, we can only enforce at the level of the intermediate that + // issued our target certificate. This means we we differ in the following + // ways: + // - We only enforce at the issuer of the TLS certificate. + // - We allow email protection to exist in the issuer, since without + // this it can not be allowed in the client (other than via EKU any)) + // - As in the leaf certificate case, we allow EKU any to be present, but + // we ignore it for the purposes of server or client auth. + // + // At this time (until at least 2023) some intermediates are lacking EKU in + // the world at large from common CA's, so we allow the noEKU case to permit + // everything. + // TODO(bbe): enforce requiring EKU in the issuer when we can manage it. + if (cert.has_extended_key_usage()) { + if (has_code_signing_eku) { + add_error_if_strict(cert_errors::kEkuHasProhibitedCodeSigning); + } + if (has_time_stamping_eku) { + add_error_if_strict(cert_errors::kEkuHasProhibitedTimeStamping); + } + } + } + // Otherwise, we are a parent of an issuer of a TLS certificate. The CABF + // BR version 1.8.4, 7.1.2.2(g) goes as far as permitting EKU any in certain + // cases of Cross Signing and CA Ownership, having permitted cases where EKU + // is permitted to not be present at all. These cases are not practical to + // differentiate here and therefore we don't attempt to enforce any further + // EKU "constraints" on such certificates. Unlike the above cases we also + // allow the use of EKU any for client or server auth constraint purposes. + + switch (required_key_purpose) { + case KeyPurpose::ANY_EKU: + assert(0); // NOTREACHED + return; + case KeyPurpose::SERVER_AUTH: + case KeyPurpose::SERVER_AUTH_STRICT: { + bool nsgc_hack = false; + if (has_any_eku && !has_server_auth_eku) { + if (is_target_cert || is_target_cert_issuer) { + errors->AddWarning(cert_errors::kEkuLacksServerAuthButHasAnyEKU); + } else { + // Accept anyEKU for server auth below target issuer. + has_server_auth_eku = true; + } + } + if (is_target_cert_issuer && !cert.has_extended_key_usage()) { + // Accept noEKU for server auth in target issuer. + // TODO(bbe): remove this once BR requirements catch up with CA's. + has_server_auth_eku = true; + } + if (has_nsgc && !has_server_auth_eku) { + errors->AddWarning(cert_errors::kEkuLacksServerAuthButHasGatedCrypto); + + // Allow NSGC for legacy RSA SHA1 intermediates, for compatibility + // with platform verifiers. + // + // In practice the chain will be rejected with or without this + // compatibility hack. The difference is whether the final error will + // be ERR_CERT_WEAK_SIGNATURE_ALGORITHM (with compatibility hack) vs + // ERR_CERT_INVALID (without hack). + // + // TODO(https://crbug.com/843735): Remove this once error-for-error + // equivalence between builtin verifier and platform verifier is less + // important. + if ((cert.has_basic_constraints() && cert.basic_constraints().is_ca) && + cert.signature_algorithm() == SignatureAlgorithm::kRsaPkcs1Sha1) { + nsgc_hack = true; + } + } + if (required_key_purpose == KeyPurpose::SERVER_AUTH) { + // Legacy compatible. + if (cert.has_extended_key_usage() && !has_server_auth_eku && + !has_any_eku && !nsgc_hack) { + errors->AddError(cert_errors::kEkuLacksServerAuth); + } + } else { + if (!has_server_auth_eku) { + errors->AddError(cert_errors::kEkuLacksServerAuth); + } + } + break; + } + case KeyPurpose::CLIENT_AUTH: + case KeyPurpose::CLIENT_AUTH_STRICT: { + if (has_any_eku && !has_client_auth_eku) { + if (is_target_cert || is_target_cert_issuer) { + errors->AddWarning(cert_errors::kEkuLacksClientAuthButHasAnyEKU); + } else { + // accept anyEKU for client auth. + has_client_auth_eku = true; + } + } + if (required_key_purpose == KeyPurpose::CLIENT_AUTH) { + // Legacy-compatible. + if (cert.has_extended_key_usage() && !has_client_auth_eku && + !has_any_eku) { + errors->AddError(cert_errors::kEkuLacksClientAuth); + } + } else { + if (!has_client_auth_eku) { + errors->AddError(cert_errors::kEkuLacksClientAuth); + } + } + break; + } + } +} + +// Representation of RFC 5280's "valid_policy_tree", used to keep track of the +// valid policies and policy re-mappings. This structure is defined in +// section 6.1.2. +// +// ValidPolicyGraph differs from RFC 5280's description in that: +// +// (1) It does not track "qualifier_set". This is not needed as it is not +// output by this implementation. +// +// (2) It builds a directed acyclic graph, rather than a tree. When a given +// policy matches multiple parents, RFC 5280 makes a separate node for +// each parent. This representation condenses them into one node with +// multiple parents. +// +// (3) It does not track "expected_policy_set" or anyPolicy nodes directly. +// Rather it maintains, only for the most recent level, whether there is an +// anyPolicy node and an inverted map of all "expected_policy_set" values. +// +// (4) Some pruning steps are deferred to when policies are evaluated, as a +// reachability pass. +class ValidPolicyGraph { + public: + ValidPolicyGraph() = default; + + ValidPolicyGraph(const ValidPolicyGraph&) = delete; + ValidPolicyGraph& operator=(const ValidPolicyGraph&) = delete; + + // A Node is an entry in the policy graph. It contains information about some + // policy asserted by a certificate in the chain. The policy OID itself is + // omitted because it is the key in the Level map. + struct Node { + // The list of "valid_policy" values for all nodes which are a parent of + // this node, other than anyPolicy. If empty, this node has a single parent, + // anyPolicy. + // + // Nodes whose parent is anyPolicy are root policies, and may be returned + // in the authorities-constrained-policy-set. Nodes with a concrete policy + // as a parent are derived from that policy in the issuer certificate, + // possibly with a policy mapping applied. + // + // Note it is not possible for a policy to have both anyPolicy and a + // concrete policy as a parent. Section 6.1.3, step d.1.ii only runs if + // there was no match in step d.1.i. + std::vector parent_policies; + + // Whether this node matches a policy mapping in the certificate. If true, + // its "expected_policy_set" comes from the policy mappings extension. If + // false, its "expected_policy_set" is itself. + bool mapped = false; + + // Whether this node is reachable from some valid policy in the end-entity + // certificate. Computed during GetValidRootPolicySet(). + bool reachable = false; + }; + + // The policy graph is organized into "levels", each corresponding to a + // certificate in the chain. We maintain a map from "valid_policy" to the + // corresponding Node. This is the set of policies asserted by this + // certificate. The special anyPolicy OID is handled separately below. + using Level = std::map; + + // Additional per-level information that only needs to be maintained for the + // bottom-most level. + struct LevelDetails { + // Maintains the "expected_policy_set" values for nodes in a level of the + // graph, but the map is inverted from RFC 5280's formulation. For a given + // policy OID P, other than anyPolicy, this map gives the set of nodes where + // P appears in the node's "expected_policy_set". anyPolicy is handled + // separately below. + std::map> expected_policy_map; + + // Whether there is a node at this level whose "valid_policy" is anyPolicy. + // + // Note anyPolicy's "expected_policy_set" always {anyPolicy}, and anyPolicy + // will never appear in the "expected_policy_set" of any other policy. That + // means this field also captures how anyPolicy appears in + // "expected_policy_set". + bool has_any_policy = false; + }; + + // Initializes the ValidPolicyGraph. + void Init() { + SetNull(); + StartLevel(); + AddAnyPolicyNode(); + } + + // In RFC 5280 valid_policy_tree may be set to null. That is represented here + // by emptiness. + bool IsNull() const { + return !current_level_.has_any_policy && + (levels_.empty() || levels_.back().empty()); + } + void SetNull() { + levels_.clear(); + current_level_ = LevelDetails{}; + } + + // Completes the previous level, returning a corresponding LevelDetails + // structure, and starts a new level. + LevelDetails StartLevel() { + // Finish building expected_policy_map for the previous level. + if (!levels_.empty()) { + for (const auto& [policy, node] : levels_.back()) { + if (!node.mapped) { + current_level_.expected_policy_map[policy].push_back(policy); + } + } + } + + LevelDetails prev_level = std::move(current_level_); + levels_.emplace_back(); + current_level_ = LevelDetails{}; + return prev_level; + } + + // Gets the set of policies (in terms of root authority's policy domain) that + // are valid at the bottom level of the policy graph, intersected with + // |user_initial_policy_set|. This is what X.509 calls + // "user-constrained-policy-set". + // + // This method may only be called once, after the policy graph is constructed. + std::set GetUserConstrainedPolicySet( + const std::set& user_initial_policy_set) { + if (levels_.empty()) { + return {}; + } + + bool user_has_any_policy = + user_initial_policy_set.count(der::Input(kAnyPolicyOid)) != 0; + if (current_level_.has_any_policy) { + if (user_has_any_policy) { + return {der::Input(kAnyPolicyOid)}; + } + return user_initial_policy_set; + } + + // The root's policy domain is determined by nodes with anyPolicy as a + // parent. However, we must limit to those which are reachable from the + // end-entity certificate because we defer some pruning steps. + for (auto& [policy, node] : levels_.back()) { + // GCC before 8.1 tracks individual unused bindings and does not support + // marking them [[maybe_unused]]. + (void)policy; + node.reachable = true; + } + std::set policy_set; + for (size_t i = levels_.size() - 1; i < levels_.size(); i--) { + for (auto& [policy, node] : levels_[i]) { + if (!node.reachable) { + continue; + } + if (node.parent_policies.empty()) { + // |node|'s parent is anyPolicy, so this is in the root policy domain. + // Add it to the set if it is also in user's list. + if (user_has_any_policy || + user_initial_policy_set.count(policy) > 0) { + policy_set.insert(policy); + } + } else if (i > 0) { + // Otherwise, continue searching the previous level. + for (der::Input parent : node.parent_policies) { + auto iter = levels_[i - 1].find(parent); + if (iter != levels_[i - 1].end()) { + iter->second.reachable = true; + } + } + } + } + } + return policy_set; + } + + // Adds a node with policy anyPolicy to the current level. + void AddAnyPolicyNode() { + assert(!levels_.empty()); + current_level_.has_any_policy = true; + } + + // Adds a node to the current level which is a child of |parent_policies| with + // the specified policy. + void AddNode(der::Input policy, std::vector parent_policies) { + assert(policy != der::Input(kAnyPolicyOid)); + AddNodeReturningIterator(policy, std::move(parent_policies)); + } + + // Adds a node to the current level which is a child of anyPolicy with the + // specified policy. + void AddNodeWithParentAnyPolicy(der::Input policy) { + // An empty parent set represents a node parented by anyPolicy. + AddNode(policy, {}); + } + + // Maps |issuer_policy| to |subject_policy|, as in RFC 5280, section 6.1.4, + // step b.1. + void AddPolicyMapping(der::Input issuer_policy, der::Input subject_policy) { + assert(issuer_policy != der::Input(kAnyPolicyOid)); + assert(subject_policy != der::Input(kAnyPolicyOid)); + if (levels_.empty()) { + return; + } + + // The mapping only applies if |issuer_policy| exists in the current level. + auto issuer_policy_iter = levels_.back().find(issuer_policy); + if (issuer_policy_iter == levels_.back().end()) { + // If there is no match, it can instead match anyPolicy. + if (!current_level_.has_any_policy) { + return; + } + + // From RFC 5280, section 6.1.4, step b.1: + // + // If no node of depth i in the valid_policy_tree has a + // valid_policy of ID-P but there is a node of depth i with a + // valid_policy of anyPolicy, then generate a child node of + // the node of depth i-1 that has a valid_policy of anyPolicy + // as follows: [...] + // + // The anyPolicy node of depth i-1 is referring to the parent of the + // anyPolicy node of depth i. The parent of anyPolicy is always anyPolicy. + issuer_policy_iter = AddNodeReturningIterator(issuer_policy, {}); + } + + // Unmapped nodes have a singleton "expected_policy_set" containing their + // valid_policy. Track whether nodes have been mapped so this can be filled + // in at StartLevel(). + issuer_policy_iter->second.mapped = true; + + // Add |subject_policy| to |issuer_policy|'s "expected_policy_set". + current_level_.expected_policy_map[subject_policy].push_back(issuer_policy); + } + + // Removes the node with the specified policy from the current level. + void DeleteNode(der::Input policy) { + if (!levels_.empty()) { + levels_.back().erase(policy); + } + } + + private: + Level::iterator AddNodeReturningIterator( + der::Input policy, + std::vector parent_policies) { + assert(policy != der::Input(kAnyPolicyOid)); + auto [iter, inserted] = levels_.back().insert( + std::pair{policy, Node{std::move(parent_policies)}}); + // GCC before 8.1 tracks individual unused bindings and does not support + // marking them [[maybe_unused]]. + (void)inserted; + assert(inserted); + return iter; + } + + // The list of levels, starting from the root. + std::vector levels_; + // Additional information about the current level. + LevelDetails current_level_; +}; + +// Class that encapsulates the state variables used by certificate path +// validation. +class PathVerifier { + public: + // Same parameters and meaning as VerifyCertificateChain(). + void Run(const ParsedCertificateList& certs, + const CertificateTrust& last_cert_trust, + VerifyCertificateChainDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit, + std::set* user_constrained_policy_set, + CertPathErrors* errors); + + private: + // Verifies and updates the valid policies. This corresponds with RFC 5280 + // section 6.1.3 steps d-f. + void VerifyPolicies(const ParsedCertificate& cert, + bool is_target_cert, + CertErrors* errors); + + // Applies the policy mappings. This corresponds with RFC 5280 section 6.1.4 + // steps a-b. + void VerifyPolicyMappings(const ParsedCertificate& cert, CertErrors* errors); + + // Applies policyConstraints and inhibitAnyPolicy. This corresponds with RFC + // 5280 section 6.1.4 steps i-j. + void ApplyPolicyConstraints(const ParsedCertificate& cert); + + // This function corresponds to RFC 5280 section 6.1.3's "Basic Certificate + // Processing" procedure. + void BasicCertificateProcessing(const ParsedCertificate& cert, + bool is_target_cert, + bool is_target_cert_issuer, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors, + bool* shortcircuit_chain_validation); + + // This function corresponds to RFC 5280 section 6.1.4's "Preparation for + // Certificate i+1" procedure. |cert| is expected to be an intermediate. + void PrepareForNextCertificate(const ParsedCertificate& cert, + CertErrors* errors); + + // This function corresponds with RFC 5280 section 6.1.5's "Wrap-Up + // Procedure". It does processing for the final certificate (the target cert). + void WrapUp(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + const std::set& user_initial_policy_set, + CertErrors* errors); + + // Enforces trust anchor constraints compatibile with RFC 5937. + // + // Note that the anchor constraints are encoded via the attached certificate + // itself. + void ApplyTrustAnchorConstraints(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + CertErrors* errors); + + // Initializes the path validation algorithm given anchor constraints. This + // follows the description in RFC 5937 + void ProcessRootCertificate(const ParsedCertificate& cert, + const CertificateTrust& trust, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors, + bool* shortcircuit_chain_validation); + + // Processes verification when the input is a single certificate. This is not + // defined by any standard. We attempt to match the de-facto behaviour of + // Operating System verifiers. + void ProcessSingleCertChain(const ParsedCertificate& cert, + const CertificateTrust& trust, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors); + + // Parses |spki| to an EVP_PKEY and checks whether the public key is accepted + // by |delegate_|. On failure parsing returns nullptr. If either parsing the + // key or key policy failed, adds a high-severity error to |errors|. + bssl::UniquePtr ParseAndCheckPublicKey(const der::Input& spki, + CertErrors* errors); + + ValidPolicyGraph valid_policy_graph_; + + std::set user_constrained_policy_set_; + + // Will contain a NameConstraints for each previous cert in the chain which + // had nameConstraints. This corresponds to the permitted_subtrees and + // excluded_subtrees state variables from RFC 5280. + std::vector name_constraints_list_; + + // |explicit_policy_| corresponds with the same named variable from RFC 5280 + // section 6.1.2: + // + // explicit_policy: an integer that indicates if a non-NULL + // valid_policy_tree is required. The integer indicates the + // number of non-self-issued certificates to be processed before + // this requirement is imposed. Once set, this variable may be + // decreased, but may not be increased. That is, if a certificate in the + // path requires a non-NULL valid_policy_tree, a later certificate cannot + // remove this requirement. If initial-explicit-policy is set, then the + // initial value is 0, otherwise the initial value is n+1. + size_t explicit_policy_; + + // |inhibit_any_policy_| corresponds with the same named variable from RFC + // 5280 section 6.1.2: + // + // inhibit_anyPolicy: an integer that indicates whether the + // anyPolicy policy identifier is considered a match. The + // integer indicates the number of non-self-issued certificates + // to be processed before the anyPolicy OID, if asserted in a + // certificate other than an intermediate self-issued + // certificate, is ignored. Once set, this variable may be + // decreased, but may not be increased. That is, if a + // certificate in the path inhibits processing of anyPolicy, a + // later certificate cannot permit it. If initial-any-policy- + // inhibit is set, then the initial value is 0, otherwise the + // initial value is n+1. + size_t inhibit_any_policy_; + + // |policy_mapping_| corresponds with the same named variable from RFC 5280 + // section 6.1.2: + // + // policy_mapping: an integer that indicates if policy mapping + // is permitted. The integer indicates the number of non-self- + // issued certificates to be processed before policy mapping is + // inhibited. Once set, this variable may be decreased, but may + // not be increased. That is, if a certificate in the path + // specifies that policy mapping is not permitted, it cannot be + // overridden by a later certificate. If initial-policy- + // mapping-inhibit is set, then the initial value is 0, + // otherwise the initial value is n+1. + size_t policy_mapping_; + + // |working_public_key_| is an amalgamation of 3 separate variables from RFC + // 5280: + // * working_public_key + // * working_public_key_algorithm + // * working_public_key_parameters + // + // They are combined for simplicity since the signature verification takes an + // EVP_PKEY, and the parameter inheritence is not applicable for the supported + // key types. |working_public_key_| may be null if parsing failed. + // + // An approximate explanation of |working_public_key_| is this description + // from RFC 5280 section 6.1.2: + // + // working_public_key: the public key used to verify the + // signature of a certificate. + bssl::UniquePtr working_public_key_; + + // |working_normalized_issuer_name_| is the normalized value of the + // working_issuer_name variable in RFC 5280 section 6.1.2: + // + // working_issuer_name: the issuer distinguished name expected + // in the next certificate in the chain. + der::Input working_normalized_issuer_name_; + + // |max_path_length_| corresponds with the same named variable in RFC 5280 + // section 6.1.2. + // + // max_path_length: this integer is initialized to n, is + // decremented for each non-self-issued certificate in the path, + // and may be reduced to the value in the path length constraint + // field within the basic constraints extension of a CA + // certificate. + size_t max_path_length_; + + VerifyCertificateChainDelegate* delegate_; +}; + +void PathVerifier::VerifyPolicies(const ParsedCertificate& cert, + bool is_target_cert, + CertErrors* errors) { + // From RFC 5280 section 6.1.3: + // + // (d) If the certificate policies extension is present in the + // certificate and the valid_policy_tree is not NULL, process + // the policy information by performing the following steps in + // order: + if (cert.has_policy_oids() && !valid_policy_graph_.IsNull()) { + ValidPolicyGraph::LevelDetails previous_level = + valid_policy_graph_.StartLevel(); + + // (1) For each policy P not equal to anyPolicy in the + // certificate policies extension, let P-OID denote the OID + // for policy P and P-Q denote the qualifier set for policy + // P. Perform the following steps in order: + bool cert_has_any_policy = false; + for (const der::Input& p_oid : cert.policy_oids()) { + if (p_oid == der::Input(kAnyPolicyOid)) { + cert_has_any_policy = true; + continue; + } + + // (i) For each node of depth i-1 in the valid_policy_tree + // where P-OID is in the expected_policy_set, create a + // child node as follows: set the valid_policy to P-OID, + // set the qualifier_set to P-Q, and set the + // expected_policy_set to {P-OID}. + auto iter = previous_level.expected_policy_map.find(p_oid); + if (iter != previous_level.expected_policy_map.end()) { + valid_policy_graph_.AddNode( + p_oid, /*parent_policies=*/std::move(iter->second)); + previous_level.expected_policy_map.erase(iter); + } else if (previous_level.has_any_policy) { + // (ii) If there was no match in step (i) and the + // valid_policy_tree includes a node of depth i-1 with + // the valid_policy anyPolicy, generate a child node with + // the following values: set the valid_policy to P-OID, + // set the qualifier_set to P-Q, and set the + // expected_policy_set to {P-OID}. + valid_policy_graph_.AddNodeWithParentAnyPolicy(p_oid); + } + } + + // (2) If the certificate policies extension includes the policy + // anyPolicy with the qualifier set AP-Q and either (a) + // inhibit_anyPolicy is greater than 0 or (b) i 0) || + (!is_target_cert && IsSelfIssued(cert)))) { + for (auto& [p_oid, parent_policies] : + previous_level.expected_policy_map) { + valid_policy_graph_.AddNode(p_oid, std::move(parent_policies)); + } + if (previous_level.has_any_policy) { + valid_policy_graph_.AddAnyPolicyNode(); + } + } + + // (3) If there is a node in the valid_policy_tree of depth i-1 + // or less without any child nodes, delete that node. Repeat + // this step until there are no nodes of depth i-1 or less + // without children. + // + // This implementation does this as part of GetUserConstrainedPolicySet(). + // Only the current level needs to be pruned to compute the policy graph. + } + + // (e) If the certificate policies extension is not present, set the + // valid_policy_tree to NULL. + if (!cert.has_policy_oids()) + valid_policy_graph_.SetNull(); + + // (f) Verify that either explicit_policy is greater than 0 or the + // valid_policy_tree is not equal to NULL; + if (!((explicit_policy_ > 0) || !valid_policy_graph_.IsNull())) + errors->AddError(cert_errors::kNoValidPolicy); +} + +void PathVerifier::VerifyPolicyMappings(const ParsedCertificate& cert, + CertErrors* errors) { + if (!cert.has_policy_mappings()) + return; + + // From RFC 5280 section 6.1.4: + // + // (a) If a policy mappings extension is present, verify that the + // special value anyPolicy does not appear as an + // issuerDomainPolicy or a subjectDomainPolicy. + for (const ParsedPolicyMapping& mapping : cert.policy_mappings()) { + if (mapping.issuer_domain_policy == der::Input(kAnyPolicyOid) || + mapping.subject_domain_policy == der::Input(kAnyPolicyOid)) { + // Because this implementation continues processing certificates after + // this error, clear the valid policy graph to ensure the + // "user_constrained_policy_set" output upon failure is empty. + valid_policy_graph_.SetNull(); + errors->AddError(cert_errors::kPolicyMappingAnyPolicy); + return; + } + } + + // (b) If a policy mappings extension is present, then for each + // issuerDomainPolicy ID-P in the policy mappings extension: + // + // (1) If the policy_mapping variable is greater than 0, for each + // node in the valid_policy_tree of depth i where ID-P is the + // valid_policy, set expected_policy_set to the set of + // subjectDomainPolicy values that are specified as + // equivalent to ID-P by the policy mappings extension. + // + // If no node of depth i in the valid_policy_tree has a + // valid_policy of ID-P but there is a node of depth i with a + // valid_policy of anyPolicy, then generate a child node of + // the node of depth i-1 that has a valid_policy of anyPolicy + // as follows: + // + // (i) set the valid_policy to ID-P; + // + // (ii) set the qualifier_set to the qualifier set of the + // policy anyPolicy in the certificate policies + // extension of certificate i; and + // + // (iii) set the expected_policy_set to the set of + // subjectDomainPolicy values that are specified as + // equivalent to ID-P by the policy mappings extension. + // + if (policy_mapping_ > 0) { + for (const ParsedPolicyMapping& mapping : cert.policy_mappings()) { + valid_policy_graph_.AddPolicyMapping(mapping.issuer_domain_policy, + mapping.subject_domain_policy); + } + } + + // (b) If a policy mappings extension is present, then for each + // issuerDomainPolicy ID-P in the policy mappings extension: + // + // ... + // + // (2) If the policy_mapping variable is equal to 0: + // + // (i) delete each node of depth i in the valid_policy_tree + // where ID-P is the valid_policy. + // + // (ii) If there is a node in the valid_policy_tree of depth + // i-1 or less without any child nodes, delete that + // node. Repeat this step until there are no nodes of + // depth i-1 or less without children. + // + // Step (ii) is deferred to part of GetUserConstrainedPolicySet(). + if (policy_mapping_ == 0) { + for (const ParsedPolicyMapping& mapping : cert.policy_mappings()) { + valid_policy_graph_.DeleteNode(mapping.issuer_domain_policy); + } + } +} + +void PathVerifier::ApplyPolicyConstraints(const ParsedCertificate& cert) { + // RFC 5280 section 6.1.4 step i-j: + // (i) If a policy constraints extension is included in the + // certificate, modify the explicit_policy and policy_mapping + // state variables as follows: + if (cert.has_policy_constraints()) { + // (1) If requireExplicitPolicy is present and is less than + // explicit_policy, set explicit_policy to the value of + // requireExplicitPolicy. + if (cert.policy_constraints().require_explicit_policy && + cert.policy_constraints().require_explicit_policy.value() < + explicit_policy_) { + explicit_policy_ = + cert.policy_constraints().require_explicit_policy.value(); + } + + // (2) If inhibitPolicyMapping is present and is less than + // policy_mapping, set policy_mapping to the value of + // inhibitPolicyMapping. + if (cert.policy_constraints().inhibit_policy_mapping && + cert.policy_constraints().inhibit_policy_mapping.value() < + policy_mapping_) { + policy_mapping_ = + cert.policy_constraints().inhibit_policy_mapping.value(); + } + } + + // (j) If the inhibitAnyPolicy extension is included in the + // certificate and is less than inhibit_anyPolicy, set + // inhibit_anyPolicy to the value of inhibitAnyPolicy. + if (cert.has_inhibit_any_policy() && + cert.inhibit_any_policy() < inhibit_any_policy_) { + inhibit_any_policy_ = cert.inhibit_any_policy(); + } +} + +void PathVerifier::BasicCertificateProcessing( + const ParsedCertificate& cert, + bool is_target_cert, + bool is_target_cert_issuer, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors, + bool* shortcircuit_chain_validation) { + *shortcircuit_chain_validation = false; + // Check that the signature algorithms in Certificate vs TBSCertificate + // match. This isn't part of RFC 5280 section 6.1.3, but is mandated by + // sections 4.1.1.2 and 4.1.2.3. + if (!VerifySignatureAlgorithmsMatch(cert, errors)) { + CHECK(errors->ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH)); + *shortcircuit_chain_validation = true; + } + + // Check whether this signature algorithm is allowed. + if (!cert.signature_algorithm().has_value() || + !delegate_->IsSignatureAlgorithmAcceptable(*cert.signature_algorithm(), + errors)) { + *shortcircuit_chain_validation = true; + errors->AddError(cert_errors::kUnacceptableSignatureAlgorithm); + return; + } + + if (working_public_key_) { + // Verify the digital signature using the previous certificate's key (RFC + // 5280 section 6.1.3 step a.1). + if (!VerifySignedData(*cert.signature_algorithm(), + cert.tbs_certificate_tlv(), cert.signature_value(), + working_public_key_.get(), + delegate_->GetVerifyCache())) { + *shortcircuit_chain_validation = true; + errors->AddError(cert_errors::kVerifySignedDataFailed); + } + } + if (*shortcircuit_chain_validation) + return; + + // Check the time range for the certificate's validity, ensuring it is valid + // at |time|. + // (RFC 5280 section 6.1.3 step a.2) + VerifyTimeValidity(cert, time, errors); + + // RFC 5280 section 6.1.3 step a.3 calls for checking the certificate's + // revocation status here. In this implementation revocation checking is + // implemented separately from path validation. + + // Verify the certificate's issuer name matches the issuing certificate's + // subject name. (RFC 5280 section 6.1.3 step a.4) + if (cert.normalized_issuer() != working_normalized_issuer_name_) + errors->AddError(cert_errors::kSubjectDoesNotMatchIssuer); + + // Name constraints (RFC 5280 section 6.1.3 step b & c) + // If certificate i is self-issued and it is not the final certificate in the + // path, skip this step for certificate i. + if (!name_constraints_list_.empty() && + (!IsSelfIssued(cert) || is_target_cert)) { + for (const NameConstraints* nc : name_constraints_list_) { + nc->IsPermittedCert(cert.normalized_subject(), cert.subject_alt_names(), + errors); + } + } + + // RFC 5280 section 6.1.3 step d - f. + VerifyPolicies(cert, is_target_cert, errors); + + // The key purpose is checked not just for the end-entity certificate, but + // also interpreted as a constraint when it appears in intermediates. This + // goes beyond what RFC 5280 describes, but is the de-facto standard. See + // https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Frequently_Asked_Questions + VerifyExtendedKeyUsage(cert, required_key_purpose, errors, is_target_cert, + is_target_cert_issuer); +} + +void PathVerifier::PrepareForNextCertificate(const ParsedCertificate& cert, + CertErrors* errors) { + // RFC 5280 section 6.1.4 step a-b + VerifyPolicyMappings(cert, errors); + + // From RFC 5280 section 6.1.4 step c: + // + // Assign the certificate subject name to working_normalized_issuer_name. + working_normalized_issuer_name_ = cert.normalized_subject(); + + // From RFC 5280 section 6.1.4 step d: + // + // Assign the certificate subjectPublicKey to working_public_key. + working_public_key_ = ParseAndCheckPublicKey(cert.tbs().spki_tlv, errors); + + // Note that steps e and f are omitted as they are handled by + // the assignment to |working_spki| above. See the definition + // of |working_spki|. + + // From RFC 5280 section 6.1.4 step g: + if (cert.has_name_constraints()) + name_constraints_list_.push_back(&cert.name_constraints()); + + // (h) If certificate i is not self-issued: + if (!IsSelfIssued(cert)) { + // (1) If explicit_policy is not 0, decrement explicit_policy by + // 1. + if (explicit_policy_ > 0) + explicit_policy_ -= 1; + + // (2) If policy_mapping is not 0, decrement policy_mapping by 1. + if (policy_mapping_ > 0) + policy_mapping_ -= 1; + + // (3) If inhibit_anyPolicy is not 0, decrement inhibit_anyPolicy + // by 1. + if (inhibit_any_policy_ > 0) + inhibit_any_policy_ -= 1; + } + + // RFC 5280 section 6.1.4 step i-j: + ApplyPolicyConstraints(cert); + + // From RFC 5280 section 6.1.4 step k: + // + // If certificate i is a version 3 certificate, verify that the + // basicConstraints extension is present and that cA is set to + // TRUE. (If certificate i is a version 1 or version 2 + // certificate, then the application MUST either verify that + // certificate i is a CA certificate through out-of-band means + // or reject the certificate. Conforming implementations may + // choose to reject all version 1 and version 2 intermediate + // certificates.) + // + // This code implicitly rejects non version 3 intermediates, since they + // can't contain a BasicConstraints extension. + if (!cert.has_basic_constraints()) { + errors->AddError(cert_errors::kMissingBasicConstraints); + } else if (!cert.basic_constraints().is_ca) { + errors->AddError(cert_errors::kBasicConstraintsIndicatesNotCa); + } + + // From RFC 5280 section 6.1.4 step l: + // + // If the certificate was not self-issued, verify that + // max_path_length is greater than zero and decrement + // max_path_length by 1. + if (!IsSelfIssued(cert)) { + if (max_path_length_ == 0) { + errors->AddError(cert_errors::kMaxPathLengthViolated); + } else { + --max_path_length_; + } + } + + // From RFC 5280 section 6.1.4 step m: + // + // If pathLenConstraint is present in the certificate and is + // less than max_path_length, set max_path_length to the value + // of pathLenConstraint. + if (cert.has_basic_constraints() && cert.basic_constraints().has_path_len && + cert.basic_constraints().path_len < max_path_length_) { + max_path_length_ = cert.basic_constraints().path_len; + } + + // From RFC 5280 section 6.1.4 step n: + // + // If a key usage extension is present, verify that the + // keyCertSign bit is set. + if (cert.has_key_usage() && + !cert.key_usage().AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)) { + errors->AddError(cert_errors::kKeyCertSignBitNotSet); + } + + // From RFC 5280 section 6.1.4 step o: + // + // Recognize and process any other critical extension present in + // the certificate. Process any other recognized non-critical + // extension present in the certificate that is relevant to path + // processing. + VerifyNoUnconsumedCriticalExtensions(cert, errors); +} + +// Checks if the target certificate has the CA bit set. If it does, add +// the appropriate error or warning to |errors|. +void VerifyTargetCertIsNotCA(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + CertErrors* errors) { + if (cert.has_basic_constraints() && cert.basic_constraints().is_ca) { + // In spite of RFC 5280 4.2.1.9 which says the CA properties MAY exist in + // an end entity certificate, the CABF Baseline Requirements version + // 1.8.4, 7.1.2.3(d) prohibit the CA bit being set in an end entity + // certificate. + switch (required_key_purpose) { + case KeyPurpose::ANY_EKU: + break; + case KeyPurpose::SERVER_AUTH: + case KeyPurpose::CLIENT_AUTH: + errors->AddWarning(cert_errors::kTargetCertShouldNotBeCa); + break; + case KeyPurpose::SERVER_AUTH_STRICT: + case KeyPurpose::CLIENT_AUTH_STRICT: + errors->AddError(cert_errors::kTargetCertShouldNotBeCa); + break; + } + } +} + +void PathVerifier::WrapUp(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + const std::set& user_initial_policy_set, + CertErrors* errors) { + // From RFC 5280 section 6.1.5: + // (a) If explicit_policy is not 0, decrement explicit_policy by 1. + if (explicit_policy_ > 0) + explicit_policy_ -= 1; + + // (b) If a policy constraints extension is included in the + // certificate and requireExplicitPolicy is present and has a + // value of 0, set the explicit_policy state variable to 0. + if (cert.has_policy_constraints() && + cert.policy_constraints().require_explicit_policy.has_value() && + cert.policy_constraints().require_explicit_policy == 0) { + explicit_policy_ = 0; + } + + // Note step c-e are omitted as the verification function does + // not output the working public key. + + // From RFC 5280 section 6.1.5 step f: + // + // Recognize and process any other critical extension present in + // the certificate n. Process any other recognized non-critical + // extension present in certificate n that is relevant to path + // processing. + // + // Note that this is duplicated by PrepareForNextCertificate() so as to + // directly match the procedures in RFC 5280's section 6.1. + VerifyNoUnconsumedCriticalExtensions(cert, errors); + + // This calculates the intersection from RFC 5280 section 6.1.5 step g, as + // well as applying the deferred recursive node that were skipped earlier in + // the process. + user_constrained_policy_set_ = + valid_policy_graph_.GetUserConstrainedPolicySet(user_initial_policy_set); + + // From RFC 5280 section 6.1.5 step g: + // + // If either (1) the value of explicit_policy variable is greater than + // zero or (2) the valid_policy_tree is not NULL, then path processing + // has succeeded. + if (explicit_policy_ == 0 && user_constrained_policy_set_.empty()) { + errors->AddError(cert_errors::kNoValidPolicy); + } + + // The following check is NOT part of RFC 5280 6.1.5's "Wrap-Up Procedure", + // however is implied by RFC 5280 section 4.2.1.9, as well as CABF Base + // Requirements. + VerifyTargetCertIsNotCA(cert, required_key_purpose, errors); + + // Check the public key for the target certificate. The public key for the + // other certificates is already checked by PrepareForNextCertificate(). + // Note that this step is not part of RFC 5280 6.1.5. + ParseAndCheckPublicKey(cert.tbs().spki_tlv, errors); +} + +void PathVerifier::ApplyTrustAnchorConstraints(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + CertErrors* errors) { + // If certificatePolicies is present, process the policies. This matches the + // handling for intermediates from RFC 5280 section 6.1.3.d (except that for + // intermediates it is non-optional). It intentionally deviates from RFC 5937 + // section 3.2 which says to intersect with user-initial-policy-set, since + // processing as part of user-initial-policy-set has subtly different + // semantics from being handled as part of the chain processing (see + // https://crbug.com/1403258). + if (cert.has_policy_oids()) { + VerifyPolicies(cert, /*is_target_cert=*/false, errors); + } + + // Process policyMappings, if present. This matches the handling for + // intermediates from RFC 5280 section 6.1.4 step a-b. + VerifyPolicyMappings(cert, errors); + + // Process policyConstraints and inhibitAnyPolicy. This matches the + // handling for intermediates from RFC 5280 section 6.1.4 step i-j. + // This intentionally deviates from RFC 5937 section 3.2 which says to + // initialize the initial-any-policy-inhibit, initial-explicit-policy, and/or + // initial-policy-mapping-inhibit inputs to verification. Those are all + // bools, so they cannot properly represent the constraints encoded in the + // policyConstraints and inhibitAnyPolicy extensions. + ApplyPolicyConstraints(cert); + + // If keyUsage is present, verify that |cert| has correct keyUsage bits for a + // CA. This matches the handling for intermediates from RFC 5280 section + // 6.1.4 step n. + if (cert.has_key_usage() && + !cert.key_usage().AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)) { + errors->AddError(cert_errors::kKeyCertSignBitNotSet); + } + + // This is not part of RFC 5937 nor RFC 5280, but matches the EKU handling + // done for intermediates (described in Web PKI's Baseline Requirements). + VerifyExtendedKeyUsage(cert, required_key_purpose, errors, + /*is_target_cert=*/false, + /*is_target_cert_issuer=*/false); + + // The following enforcements follow from RFC 5937 (primarily section 3.2): + + // Initialize name constraints initial-permitted/excluded-subtrees. + if (cert.has_name_constraints()) + name_constraints_list_.push_back(&cert.name_constraints()); + + if (cert.has_basic_constraints()) { + // Enforce CA=true if basicConstraints is present. This matches behavior of + // other verifiers, and seems like a good thing to do to avoid a + // certificate being used in the wrong context if it was specifically + // marked as not being a CA. + if (!cert.basic_constraints().is_ca) { + errors->AddError(cert_errors::kBasicConstraintsIndicatesNotCa); + } + // From RFC 5937 section 3.2: + // + // If a basic constraints extension is associated with the trust + // anchor and contains a pathLenConstraint value, set the + // max_path_length state variable equal to the pathLenConstraint + // value from the basic constraints extension. + // + if (cert.basic_constraints().has_path_len) { + max_path_length_ = cert.basic_constraints().path_len; + } + } + + // From RFC 5937 section 2: + // + // Extensions may be marked critical or not critical. When trust anchor + // constraints are enforced, clients MUST reject certification paths + // containing a trust anchor with unrecognized critical extensions. + VerifyNoUnconsumedCriticalExtensions(cert, errors); +} + +void PathVerifier::ProcessRootCertificate(const ParsedCertificate& cert, + const CertificateTrust& trust, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors, + bool* shortcircuit_chain_validation) { + *shortcircuit_chain_validation = false; + switch (trust.type) { + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_LEAF: + // Doesn't chain to a trust anchor - implicitly distrusted + errors->AddError(cert_errors::kCertIsNotTrustAnchor); + *shortcircuit_chain_validation = true; + break; + case CertificateTrustType::DISTRUSTED: + // Chains to an actively distrusted certificate. + errors->AddError(cert_errors::kDistrustedByTrustStore); + *shortcircuit_chain_validation = true; + break; + case CertificateTrustType::TRUSTED_ANCHOR: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + break; + } + if (*shortcircuit_chain_validation) + return; + + if (trust.enforce_anchor_expiry) { + VerifyTimeValidity(cert, time, errors); + } + if (trust.enforce_anchor_constraints) { + if (trust.require_anchor_basic_constraints && + !cert.has_basic_constraints()) { + switch (cert.tbs().version) { + case CertificateVersion::V1: + case CertificateVersion::V2: + break; + case CertificateVersion::V3: + errors->AddError(cert_errors::kMissingBasicConstraints); + break; + } + } + ApplyTrustAnchorConstraints(cert, required_key_purpose, errors); + } + + // Use the certificate's SPKI and subject when verifying the next certificate. + working_public_key_ = ParseAndCheckPublicKey(cert.tbs().spki_tlv, errors); + working_normalized_issuer_name_ = cert.normalized_subject(); +} + +void PathVerifier::ProcessSingleCertChain(const ParsedCertificate& cert, + const CertificateTrust& trust, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertErrors* errors) { + switch (trust.type) { + case CertificateTrustType::UNSPECIFIED: + case CertificateTrustType::TRUSTED_ANCHOR: + // Target doesn't have a chain and isn't a directly trusted leaf - + // implicitly distrusted. + errors->AddError(cert_errors::kCertIsNotTrustAnchor); + return; + case CertificateTrustType::DISTRUSTED: + // Target is directly distrusted. + errors->AddError(cert_errors::kDistrustedByTrustStore); + return; + case CertificateTrustType::TRUSTED_LEAF: + case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF: + break; + } + + // Check the public key for the target certificate regardless of whether + // `require_leaf_selfsigned` is true. This matches the check in WrapUp and + // fulfills the documented behavior of the IsPublicKeyAcceptable delegate. + ParseAndCheckPublicKey(cert.tbs().spki_tlv, errors); + + if (trust.require_leaf_selfsigned) { + if (!VerifyCertificateIsSelfSigned(cert, delegate_->GetVerifyCache(), + errors)) { + // VerifyCertificateIsSelfSigned should have added an error, but just + // double check to be safe. + if (!errors->ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH)) { + errors->AddError(cert_errors::kInternalError); + } + return; + } + } + + // There is no standard for what it means to verify a directly trusted leaf + // certificate, so this is basically just checking common sense things that + // also mirror what we observed to be enforced with the Operating System + // native verifiers. + VerifyTimeValidity(cert, time, errors); + VerifyExtendedKeyUsage(cert, required_key_purpose, errors, + /*is_target_cert=*/true, + /*is_target_cert_issuer=*/false); + + // Checking for unknown critical extensions matches Windows, but is stricter + // than the Mac verifier. + VerifyNoUnconsumedCriticalExtensions(cert, errors); +} + +bssl::UniquePtr PathVerifier::ParseAndCheckPublicKey( + const der::Input& spki, + CertErrors* errors) { + // Parse the public key. + bssl::UniquePtr pkey; + if (!ParsePublicKey(spki, &pkey)) { + errors->AddError(cert_errors::kFailedParsingSpki); + return nullptr; + } + + // Check if the key is acceptable by the delegate. + if (!delegate_->IsPublicKeyAcceptable(pkey.get(), errors)) + errors->AddError(cert_errors::kUnacceptablePublicKey); + + return pkey; +} + +void PathVerifier::Run( + const ParsedCertificateList& certs, + const CertificateTrust& last_cert_trust, + VerifyCertificateChainDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit, + std::set* user_constrained_policy_set, + CertPathErrors* errors) { + // This implementation is structured to mimic the description of certificate + // path verification given by RFC 5280 section 6.1. + DCHECK(delegate); + DCHECK(errors); + + delegate_ = delegate; + + // An empty chain is necessarily invalid. + if (certs.empty()) { + errors->GetOtherErrors()->AddError(cert_errors::kChainIsEmpty); + return; + } + + // Verifying a trusted leaf certificate isn't a well-specified operation, so + // it's handled separately from the RFC 5280 defined verification process. + if (certs.size() == 1) { + ProcessSingleCertChain(*certs.front(), last_cert_trust, time, + required_key_purpose, errors->GetErrorsForCert(0)); + return; + } + + // RFC 5280's "n" variable is the length of the path, which does not count + // the trust anchor. (Although in practice it doesn't really change behaviors + // if n is used in place of n+1). + const size_t n = certs.size() - 1; + + valid_policy_graph_.Init(); + + // RFC 5280 section section 6.1.2: + // + // If initial-explicit-policy is set, then the initial value + // [of explicit_policy] is 0, otherwise the initial value is n+1. + explicit_policy_ = + initial_explicit_policy == InitialExplicitPolicy::kTrue ? 0 : n + 1; + + // RFC 5280 section section 6.1.2: + // + // If initial-any-policy-inhibit is set, then the initial value + // [of inhibit_anyPolicy] is 0, otherwise the initial value is n+1. + inhibit_any_policy_ = + initial_any_policy_inhibit == InitialAnyPolicyInhibit::kTrue ? 0 : n + 1; + + // RFC 5280 section section 6.1.2: + // + // If initial-policy-mapping-inhibit is set, then the initial value + // [of policy_mapping] is 0, otherwise the initial value is n+1. + policy_mapping_ = + initial_policy_mapping_inhibit == InitialPolicyMappingInhibit::kTrue + ? 0 + : n + 1; + + // RFC 5280 section section 6.1.2: + // + // max_path_length: this integer is initialized to n, ... + max_path_length_ = n; + + // Iterate over all the certificates in the reverse direction: starting from + // the root certificate and progressing towards the target certificate. + // + // * i=0 : Root certificate (i.e. trust anchor) + // * i=1 : Certificate issued by root + // * i=x : Certificate i=x is issued by certificate i=x-1 + // * i=n : Target certificate. + for (size_t i = 0; i < certs.size(); ++i) { + const size_t index_into_certs = certs.size() - i - 1; + + // |is_target_cert| is true if the current certificate is the target + // certificate being verified. The target certificate isn't necessarily an + // end-entity certificate. + const bool is_target_cert = index_into_certs == 0; + const bool is_target_cert_issuer = index_into_certs == 1; + const bool is_root_cert = i == 0; + + const ParsedCertificate& cert = *certs[index_into_certs]; + + // Output errors for the current certificate into an error bucket that is + // associated with that certificate. + CertErrors* cert_errors = errors->GetErrorsForCert(index_into_certs); + + if (is_root_cert) { + bool shortcircuit_chain_validation = false; + ProcessRootCertificate(cert, last_cert_trust, time, required_key_purpose, + cert_errors, &shortcircuit_chain_validation); + if (shortcircuit_chain_validation) { + // Chains that don't start from a trusted root should short-circuit the + // rest of the verification, as accumulating more errors from untrusted + // certificates would not be meaningful. + CHECK(cert_errors->ContainsAnyErrorWithSeverity( + CertError::SEVERITY_HIGH)); + return; + } + + // Don't do any other checks for root certificates. + continue; + } + + bool shortcircuit_chain_validation = false; + // Per RFC 5280 section 6.1: + // * Do basic processing for each certificate + // * If it is the last certificate in the path (target certificate) + // - Then run "Wrap up" + // - Otherwise run "Prepare for Next cert" + BasicCertificateProcessing(cert, is_target_cert, is_target_cert_issuer, + time, required_key_purpose, cert_errors, + &shortcircuit_chain_validation); + if (shortcircuit_chain_validation) { + // Signature errors should short-circuit the rest of the verification, as + // accumulating more errors from untrusted certificates would not be + // meaningful. + CHECK( + cert_errors->ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH)); + return; + } + if (!is_target_cert) { + PrepareForNextCertificate(cert, cert_errors); + } else { + WrapUp(cert, required_key_purpose, user_initial_policy_set, cert_errors); + } + } + + if (user_constrained_policy_set) { + *user_constrained_policy_set = user_constrained_policy_set_; + } + + // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: + // + // A certificate MUST NOT appear more than once in a prospective + // certification path. +} + +} // namespace + +VerifyCertificateChainDelegate::~VerifyCertificateChainDelegate() = default; + +void VerifyCertificateChain( + const ParsedCertificateList& certs, + const CertificateTrust& last_cert_trust, + VerifyCertificateChainDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit, + std::set* user_constrained_policy_set, + CertPathErrors* errors) { + PathVerifier verifier; + verifier.Run(certs, last_cert_trust, delegate, time, required_key_purpose, + initial_explicit_policy, user_initial_policy_set, + initial_policy_mapping_inhibit, initial_any_policy_inhibit, + user_constrained_policy_set, errors); +} + +bool VerifyCertificateIsSelfSigned(const ParsedCertificate& cert, + SignatureVerifyCache* cache, + CertErrors* errors) { + if (cert.normalized_subject() != cert.normalized_issuer()) { + if (errors) { + errors->AddError(cert_errors::kSubjectDoesNotMatchIssuer); + } + return false; + } + + // Note that we do not restrict the available algorithms when determining if + // something is a self-signed cert. The signature isn't very important on a + // self-signed cert so just allow any supported algorithm here, to avoid + // breakage. + if (!cert.signature_algorithm().has_value()) { + if (errors) { + errors->AddError(cert_errors::kUnacceptableSignatureAlgorithm); + } + return false; + } + + if (!VerifySignedData(*cert.signature_algorithm(), cert.tbs_certificate_tlv(), + cert.signature_value(), cert.tbs().spki_tlv, cache)) { + if (errors) { + errors->AddError(cert_errors::kVerifySignedDataFailed); + } + return false; + } + + return true; +} + +} // namespace net diff --git a/pki/verify_certificate_chain.h b/pki/verify_certificate_chain.h new file mode 100644 index 0000000000..e6f44d9684 --- /dev/null +++ b/pki/verify_certificate_chain.h @@ -0,0 +1,266 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_H_ +#define BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_H_ + +#include "fillins/openssl_util.h" +#include + + +#include "cert_errors.h" +#include "parsed_certificate.h" +#include "signature_verify_cache.h" +#include "input.h" +#include + +namespace bssl { + +namespace der { +struct GeneralizedTime; +} + +struct CertificateTrust; + +// The key purpose (extended key usage) to check for during verification. +enum class KeyPurpose { + ANY_EKU, + SERVER_AUTH, + CLIENT_AUTH, + SERVER_AUTH_STRICT, // Skip ANY_EKU when checking, require EKU present in + // certificate. + CLIENT_AUTH_STRICT, // Skip ANY_EKU when checking, require EKU present in + // certificate. +}; + +enum class InitialExplicitPolicy { + kFalse, + kTrue, +}; + +enum class InitialPolicyMappingInhibit { + kFalse, + kTrue, +}; + +enum class InitialAnyPolicyInhibit { + kFalse, + kTrue, +}; + +// VerifyCertificateChainDelegate exposes delegate methods used when verifying a +// chain. +class OPENSSL_EXPORT VerifyCertificateChainDelegate { + public: + // Implementations should return true if |signature_algorithm| is allowed for + // certificate signing, false otherwise. When returning false implementations + // can optionally add high-severity errors to |errors| with details on why it + // was rejected. + virtual bool IsSignatureAlgorithmAcceptable( + SignatureAlgorithm signature_algorithm, + CertErrors* errors) = 0; + + // Implementations should return true if |public_key| is acceptable. This is + // called for each certificate in the chain, including the target certificate. + // When returning false implementations can optionally add high-severity + // errors to |errors| with details on why it was rejected. + // + // |public_key| can be assumed to be non-null. + virtual bool IsPublicKeyAcceptable(EVP_PKEY* public_key, + CertErrors* errors) = 0; + + // This is called during verification to obtain a pointer to a signature + // verification cache if one exists. nullptr may be returned indicating there + // is no verification cache. + virtual SignatureVerifyCache* GetVerifyCache() = 0; + + virtual ~VerifyCertificateChainDelegate(); +}; + +// VerifyCertificateChain() verifies an ordered certificate path in accordance +// with RFC 5280's "Certification Path Validation" algorithm (section 6). +// +// ----------------------------------------- +// Deviations from RFC 5280 +// ----------------------------------------- +// +// * If Extended Key Usage appears on intermediates, it is treated as +// a restriction on subordinate certificates. +// * No revocation checking is performed. +// +// ----------------------------------------- +// Additional responsibilities of the caller +// ----------------------------------------- +// +// After successful path verification, the caller is responsible for +// subsequently checking: +// +// * The end-entity's KeyUsage before using its SPKI. +// * The end-entity's name/subjectAltName. Name constraints from intermediates +// will have already been applied, so it is sufficient to check the +// end-entity for a match. The caller MUST NOT check hostnames on the +// commonName field because this implementation does not apply dnsName +// constraints on commonName. +// +// --------- +// Inputs +// --------- +// +// certs: +// A non-empty chain of DER-encoded certificates, listed in the +// "forward" direction. The first certificate is the target +// certificate to verify, and the last certificate has trustedness +// given by |last_cert_trust| (generally a trust anchor). +// +// * certs[0] is the target certificate to verify. +// * certs[i+1] holds the certificate that issued cert_chain[i]. +// * certs[N-1] the root certificate +// +// Note that THIS IS NOT identical in meaning to the same named +// "certs" input defined in RFC 5280 section 6.1.1.a. The differences +// are: +// +// * The order of certificates is reversed +// * In RFC 5280 "certs" DOES NOT include the trust anchor +// +// last_cert_trust: +// Trustedness of |certs.back()|. The trustedness of |certs.back()| +// MUST BE decided by the caller -- this function takes it purely as +// an input. Moreover, the CertificateTrust can be used to specify +// trust anchor constraints. +// +// This combined with |certs.back()| (the root certificate) fills a +// similar role to "trust anchor information" defined in RFC 5280 +// section 6.1.1.d. +// +// delegate: +// |delegate| must be non-null. It is used to answer policy questions such +// as whether a signature algorithm is acceptable, or a public key is strong +// enough. +// +// time: +// The UTC time to use for expiration checks. This is equivalent to +// the input from RFC 5280 section 6.1.1: +// +// (b) the current date/time. +// +// required_key_purpose: +// The key purpose that the target certificate needs to be valid for. +// +// user_initial_policy_set: +// This is equivalent to the same named input in RFC 5280 section +// 6.1.1: +// +// (c) user-initial-policy-set: A set of certificate policy +// identifiers naming the policies that are acceptable to the +// certificate user. The user-initial-policy-set contains the +// special value any-policy if the user is not concerned about +// certificate policy. +// +// initial_policy_mapping_inhibit: +// This is equivalent to the same named input in RFC 5280 section +// 6.1.1: +// +// (e) initial-policy-mapping-inhibit, which indicates if policy +// mapping is allowed in the certification path. +// +// initial_explicit_policy: +// This is equivalent to the same named input in RFC 5280 section +// 6.1.1: +// +// (f) initial-explicit-policy, which indicates if the path must be +// valid for at least one of the certificate policies in the +// user-initial-policy-set. +// +// initial_any_policy_inhibit: +// This is equivalent to the same named input in RFC 5280 section +// 6.1.1: +// +// (g) initial-any-policy-inhibit, which indicates whether the +// anyPolicy OID should be processed if it is included in a +// certificate. +// +// --------- +// Outputs +// --------- +// +// user_constrained_policy_set: +// Can be null. If non-null, |user_constrained_policy_set| will be filled +// with the matching policies (intersected with user_initial_policy_set). +// This is equivalent to the same named output in X.509 section 10.2. +// Note that it is OK for this to point to input user_initial_policy_set. +// +// errors: +// Must be non-null. The set of errors/warnings encountered while +// validating the path are appended to this structure. If verification +// failed, then there is guaranteed to be at least 1 high severity error +// written to |errors|. +// +// ------------------------- +// Trust Anchor constraints +// ------------------------- +// +// Conceptually, VerifyCertificateChain() sets RFC 5937's +// "enforceTrustAnchorConstraints" to true. +// +// One specifies trust anchor constraints using the |last_cert_trust| +// parameter in conjunction with extensions appearing in |certs.back()|. +// +// The trust anchor |certs.back()| is always passed as a certificate to +// this function, however the manner in which that certificate is +// interpreted depends on |last_cert_trust|: +// +// TRUSTED_ANCHOR: +// +// No properties from the root certificate, other than its Subject and +// SPKI, are checked during verification. This is the usual +// interpretation for a "trust anchor". +// +// enforce_anchor_expiry=true: +// +// The validity period of the root is checked, in addition to Subject and SPKI. +// +// enforce_anchor_constraints=true: +// +// Only a subset of extensions and properties from the certificate are checked. +// In general, constraints encoded by extensions are only enforced if the +// extension is present. +// +// * Signature: No +// * Validity (expiration): No +// * Key usage: Yes +// * Extended key usage: Yes (required if required_key_purpose is STRICT) +// * Basic constraints: Yes +// * Name constraints: Yes +// * Certificate policies: Yes +// * Policy Mappings: Yes +// * inhibitAnyPolicy: Yes +// * PolicyConstraints: Yes +// +// The presence of any other unrecognized extension marked as critical fails +// validation. +OPENSSL_EXPORT void VerifyCertificateChain( + const ParsedCertificateList& certs, + const CertificateTrust& last_cert_trust, + VerifyCertificateChainDelegate* delegate, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + InitialExplicitPolicy initial_explicit_policy, + const std::set& user_initial_policy_set, + InitialPolicyMappingInhibit initial_policy_mapping_inhibit, + InitialAnyPolicyInhibit initial_any_policy_inhibit, + std::set* user_constrained_policy_set, + CertPathErrors* errors); + +// Returns true if `cert` is self-signed. Returns false `cert` is not +// self-signed or there was an error. If `errors` is non-null, it will contain +// additional information about the problem. If `cache` is non-null, it will be +// used to cache the signature verification step. +OPENSSL_EXPORT bool VerifyCertificateIsSelfSigned(const ParsedCertificate& cert, + SignatureVerifyCache* cache, + CertErrors* errors); + +} // namespace net + +#endif // BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_H_ diff --git a/pki/verify_certificate_chain_pkits_unittest.cc b/pki/verify_certificate_chain_pkits_unittest.cc new file mode 100644 index 0000000000..f36efa62f4 --- /dev/null +++ b/pki/verify_certificate_chain_pkits_unittest.cc @@ -0,0 +1,129 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_certificate_chain.h" + +#include "parsed_certificate.h" +#include "simple_path_builder_delegate.h" +#include "trust_store.h" +#include "input.h" +#include + +// These require CRL support, which is not implemented at the +// VerifyCertificateChain level. +#define Section7InvalidkeyUsageCriticalcRLSignFalseTest4 \ + DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 +#define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ + DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 + +#include "nist_pkits_unittest.h" + +namespace bssl { + +namespace { + +class VerifyCertificateChainPkitsTestDelegate { + public: + static void RunTest(std::vector cert_ders, + std::vector crl_ders, + const PkitsTestInfo& info) { + ASSERT_FALSE(cert_ders.empty()); + + // PKITS lists chains from trust anchor to target, whereas + // VerifyCertificateChain takes them starting with the target and ending + // with the trust anchor. + std::vector> input_chain; + CertErrors parsing_errors; + for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { + ASSERT_TRUE(ParsedCertificate::CreateAndAddToVector( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(i->data()), i->size(), nullptr)), + {}, &input_chain, &parsing_errors)) + << parsing_errors.ToDebugString(); + } + + SimplePathBuilderDelegate path_builder_delegate( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + + std::set user_constrained_policy_set; + + CertPathErrors path_errors; + VerifyCertificateChain( + input_chain, CertificateTrust::ForTrustAnchor(), &path_builder_delegate, + info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy, + info.initial_policy_set, info.initial_policy_mapping_inhibit, + info.initial_inhibit_any_policy, &user_constrained_policy_set, + &path_errors); + bool did_succeed = !path_errors.ContainsHighSeverityErrors(); + + EXPECT_EQ(info.should_validate, did_succeed); + EXPECT_EQ(info.user_constrained_policy_set, user_constrained_policy_set); + + // Check that the errors match expectations. The errors are saved in a + // parallel file, as they don't apply generically to the third_party + // PKITS data. + if (!info.should_validate && !did_succeed) { + std::string errors_file_path = + std::string( + "testdata/verify_certificate_chain_unittest/pkits_errors/") + + info.test_number + std::string(".txt"); + + std::string expected_errors = ReadTestFileToString(errors_file_path); + + // Check that the errors match. + VerifyCertPathErrors(expected_errors, path_errors, input_chain, + errors_file_path); + } else if (!did_succeed) { + // If it failed and wasn't supposed to fail, print the errors. + EXPECT_EQ("", path_errors.ToDebugString(input_chain)); + } + } +}; + +} // namespace + +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest01SignatureVerification, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest02ValidityPeriods, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest03VerifyingNameChaining, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest06VerifyingBasicConstraints, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest07KeyUsage, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest08CertificatePolicies, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest09RequireExplicitPolicy, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest10PolicyMappings, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest11InhibitPolicyMapping, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest12InhibitAnyPolicy, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest13NameConstraints, + VerifyCertificateChainPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + PkitsTest16PrivateCertificateExtensions, + VerifyCertificateChainPkitsTestDelegate); + +// These require CRL support, which is not implemented at the +// VerifyCertificateChain level: +// PkitsTest04BasicCertificateRevocationTests, +// PkitsTest05VerifyingPathswithSelfIssuedCertificates, +// PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs + +} // namespace net diff --git a/pki/verify_certificate_chain_typed_unittest.h b/pki/verify_certificate_chain_typed_unittest.h new file mode 100644 index 0000000000..ba4b51ac80 --- /dev/null +++ b/pki/verify_certificate_chain_typed_unittest.h @@ -0,0 +1,347 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ +#define BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ + +#include "pem.h" +#include "parsed_certificate.h" +#include "simple_path_builder_delegate.h" +#include "test_helpers.h" +#include "trust_store.h" +#include "verify_certificate_chain.h" +#include "input.h" +#include + +namespace bssl { + +template +class VerifyCertificateChainTest : public ::testing::Test { + public: + void RunTest(const char* file_name) { + VerifyCertChainTest test; + + std::string path = + std::string("testdata/verify_certificate_chain_unittest/") + file_name; + + SCOPED_TRACE("Test file: " + path); + + if (!ReadVerifyCertChainTestFromFile(path, &test)) { + ADD_FAILURE() << "Couldn't load test case: " << path; + return; + } + + TestDelegate::Verify(test, path); + } +}; + +// Tests that have only one root. These can be tested without requiring any +// path-building ability. +template +class VerifyCertificateChainSingleRootTest + : public VerifyCertificateChainTest {}; + +TYPED_TEST_SUITE_P(VerifyCertificateChainSingleRootTest); + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Simple) { + this->RunTest("target-and-intermediate/main.test"); + this->RunTest("target-and-intermediate/ta-with-expiration.test"); + this->RunTest("target-and-intermediate/ta-with-constraints.test"); + this->RunTest("target-and-intermediate/trusted_leaf-and-trust_anchor.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, BasicConstraintsCa) { + this->RunTest("intermediate-lacks-basic-constraints/main.test"); + this->RunTest("intermediate-basic-constraints-ca-false/main.test"); + this->RunTest("intermediate-basic-constraints-not-critical/main.test"); + this->RunTest("root-lacks-basic-constraints/main.test"); + this->RunTest("root-lacks-basic-constraints/ta-with-constraints.test"); + this->RunTest( + "root-lacks-basic-constraints/ta-with-require-basic-constraints.test"); + this->RunTest( + "root-lacks-basic-constraints/" + "ta-with-constraints-require-basic-constraints.test"); + this->RunTest("root-basic-constraints-ca-false/main.test"); + this->RunTest("root-basic-constraints-ca-false/ta-with-constraints.test"); + + this->RunTest("target-has-ca-basic-constraints/main.test"); + this->RunTest("target-has-ca-basic-constraints/strict.test"); + this->RunTest( + "target-has-ca-basic-constraints/target_only-trusted_leaf.test"); + this->RunTest( + "target-has-ca-basic-constraints/target_only-trusted_leaf-strict.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, BasicConstraintsPathlen) { + this->RunTest("violates-basic-constraints-pathlen-0/main.test"); + this->RunTest("basic-constraints-pathlen-0-self-issued/main.test"); + this->RunTest("target-has-pathlen-but-not-ca/main.test"); + this->RunTest("violates-pathlen-1-from-root/main.test"); + this->RunTest("violates-pathlen-1-from-root/ta-with-constraints.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, UnknownExtension) { + this->RunTest("intermediate-unknown-critical-extension/main.test"); + this->RunTest("intermediate-unknown-non-critical-extension/main.test"); + this->RunTest("target-unknown-critical-extension/main.test"); + this->RunTest( + "target-unknown-critical-extension/target_only-trusted_leaf.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, MSApplicationPolicies) { + this->RunTest("target-msapplicationpolicies-no-eku/main.test"); + this->RunTest("target-msapplicationpolicies-and-eku/main.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, WeakSignature) { + this->RunTest("target-signed-with-sha1/main.test"); + this->RunTest("intermediate-signed-with-sha1/main.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, WrongSignature) { + this->RunTest("target-wrong-signature/main.test"); + this->RunTest("intermediate-and-target-wrong-signature/main.test"); + this->RunTest("incorrect-trust-anchor/main.test"); + this->RunTest("target-wrong-signature-no-authority-key-identifier/main.test"); + this->RunTest( + "intermediate-wrong-signature-no-authority-key-identifier/main.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, LastCertificateNotTrusted) { + this->RunTest("target-and-intermediate/distrusted-root.test"); + this->RunTest("target-and-intermediate/distrusted-root-expired.test"); + this->RunTest("target-and-intermediate/unspecified-trust-root.test"); + this->RunTest("target-and-intermediate/trusted_leaf-root.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, WeakPublicKey) { + this->RunTest("target-signed-by-512bit-rsa/main.test"); + this->RunTest("target-has-512bit-rsa-key/main.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetSignedUsingEcdsa) { + this->RunTest("target-signed-using-ecdsa/main.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Expired) { + this->RunTest("expired-target/not-before.test"); + this->RunTest("expired-target/not-after.test"); + this->RunTest("expired-intermediate/not-before.test"); + this->RunTest("expired-intermediate/not-after.test"); + this->RunTest("expired-root/not-before.test"); + this->RunTest("expired-root/not-before-ta-with-expiration.test"); + this->RunTest("expired-root/not-after.test"); + this->RunTest("expired-root/not-after-ta-with-expiration.test"); + this->RunTest("expired-root/not-after-ta-with-constraints.test"); + this->RunTest( + "expired-root/not-after-ta-with-expiration-and-constraints.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetNotEndEntity) { + this->RunTest("target-not-end-entity/main.test"); + this->RunTest("target-not-end-entity/strict.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyUsage) { + this->RunTest("intermediate-lacks-signing-key-usage/main.test"); + this->RunTest("target-has-keycertsign-but-not-ca/main.test"); + + this->RunTest("target-serverauth-various-keyusages/rsa-decipherOnly.test"); + this->RunTest( + "target-serverauth-various-keyusages/rsa-digitalSignature.test"); + this->RunTest("target-serverauth-various-keyusages/rsa-keyAgreement.test"); + this->RunTest("target-serverauth-various-keyusages/rsa-keyEncipherment.test"); + + this->RunTest("target-serverauth-various-keyusages/ec-decipherOnly.test"); + this->RunTest("target-serverauth-various-keyusages/ec-digitalSignature.test"); + this->RunTest("target-serverauth-various-keyusages/ec-keyAgreement.test"); + this->RunTest("target-serverauth-various-keyusages/ec-keyEncipherment.test"); + + this->RunTest("root-lacks-keycertsign-key-usage/main.test"); + this->RunTest("root-lacks-keycertsign-key-usage/ta-with-constraints.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExtendedKeyUsage) { + this->RunTest("intermediate-eku-clientauth/any.test"); + this->RunTest("intermediate-eku-clientauth/serverauth.test"); + this->RunTest("intermediate-eku-clientauth/clientauth.test"); + this->RunTest("intermediate-eku-clientauth/serverauth-strict.test"); + this->RunTest("intermediate-eku-clientauth/clientauth-strict.test"); + this->RunTest("intermediate-eku-any-and-clientauth/any.test"); + this->RunTest("intermediate-eku-any-and-clientauth/serverauth.test"); + this->RunTest("intermediate-eku-any-and-clientauth/serverauth-strict.test"); + this->RunTest("intermediate-eku-any-and-clientauth/clientauth.test"); + this->RunTest("intermediate-eku-any-and-clientauth/clientauth-strict.test"); + this->RunTest("target-eku-clientauth/any.test"); + this->RunTest("target-eku-clientauth/serverauth.test"); + this->RunTest("target-eku-clientauth/clientauth.test"); + this->RunTest("target-eku-clientauth/serverauth-strict.test"); + this->RunTest("target-eku-clientauth/clientauth-strict.test"); + this->RunTest("target-eku-any/any.test"); + this->RunTest("target-eku-any/serverauth.test"); + this->RunTest("target-eku-any/clientauth.test"); + this->RunTest("target-eku-any/serverauth-strict.test"); + this->RunTest("target-eku-any/clientauth-strict.test"); + this->RunTest("target-eku-many/any.test"); + this->RunTest("target-eku-many/serverauth.test"); + this->RunTest("target-eku-many/clientauth.test"); + this->RunTest("target-eku-many/serverauth-strict.test"); + this->RunTest("target-eku-many/clientauth-strict.test"); + this->RunTest("target-eku-none/any.test"); + this->RunTest("target-eku-none/serverauth.test"); + this->RunTest("target-eku-none/clientauth.test"); + this->RunTest("target-eku-none/serverauth-strict.test"); + this->RunTest("target-eku-none/clientauth-strict.test"); + this->RunTest("root-eku-clientauth/serverauth.test"); + this->RunTest("root-eku-clientauth/serverauth-strict.test"); + this->RunTest("root-eku-clientauth/serverauth-ta-with-constraints.test"); + this->RunTest("root-eku-clientauth/serverauth-ta-with-expiration.test"); + this->RunTest( + "root-eku-clientauth/serverauth-ta-with-expiration-and-constraints.test"); + this->RunTest( + "root-eku-clientauth/serverauth-ta-with-constraints-strict.test"); + this->RunTest("intermediate-eku-server-gated-crypto/sha1-eku-any.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha1-eku-clientAuth-strict.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha1-eku-serverAuth-strict.test"); + this->RunTest("intermediate-eku-server-gated-crypto/sha256-eku-any.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha256-eku-clientAuth-strict.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test"); + this->RunTest( + "intermediate-eku-server-gated-crypto/sha256-eku-serverAuth-strict.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, + IssuerAndSubjectNotByteForByteEqual) { + this->RunTest("issuer-and-subject-not-byte-for-byte-equal/target.test"); + this->RunTest("issuer-and-subject-not-byte-for-byte-equal/anchor.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TrustAnchorNotSelfSigned) { + this->RunTest("non-self-signed-root/main.test"); + this->RunTest("non-self-signed-root/ta-with-constraints.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyRollover) { + this->RunTest("key-rollover/oldchain.test"); + this->RunTest("key-rollover/rolloverchain.test"); + this->RunTest("key-rollover/longrolloverchain.test"); + this->RunTest("key-rollover/newchain.test"); +} + +// Test coverage of policies comes primarily from the PKITS tests. The +// tests here only cover aspects not already tested by PKITS. +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Policies) { + this->RunTest("unknown-critical-policy-qualifier/main.test"); + this->RunTest("unknown-non-critical-policy-qualifier/main.test"); + + this->RunTest("policies-ok/main.test"); + this->RunTest("policies-ok/ta-with-constraints.test"); + + this->RunTest("policies-on-root-ok/main.test"); + this->RunTest("policies-on-root-ok/ta-with-constraints.test"); + this->RunTest("policies-on-root-wrong/main.test"); + this->RunTest("policies-on-root-wrong/ta-with-constraints.test"); + + this->RunTest("policies-required-by-root-ok/main.test"); + this->RunTest("policies-required-by-root-ok/ta-with-constraints.test"); + this->RunTest("policies-required-by-root-fail/main.test"); + this->RunTest("policies-required-by-root-fail/ta-with-constraints.test"); + + this->RunTest("policies-inhibit-mapping-by-root-ok/main.test"); + this->RunTest("policies-inhibit-mapping-by-root-ok/ta-with-constraints.test"); + this->RunTest("policies-inhibit-mapping-by-root-fail/main.test"); + this->RunTest( + "policies-inhibit-mapping-by-root-fail/ta-with-constraints.test"); + + this->RunTest("policy-mappings-on-root-ok/main.test"); + this->RunTest("policy-mappings-on-root-ok/ta-with-constraints.test"); + this->RunTest("policy-mappings-on-root-fail/main.test"); + this->RunTest("policy-mappings-on-root-fail/ta-with-constraints.test"); + + this->RunTest("policies-inhibit-anypolicy-by-root-ok/main.test"); + this->RunTest( + "policies-inhibit-anypolicy-by-root-ok/ta-with-constraints.test"); + this->RunTest("policies-inhibit-anypolicy-by-root-fail/main.test"); + this->RunTest( + "policies-inhibit-anypolicy-by-root-fail/ta-with-constraints.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) { + // TODO(bbe) fix this to run these with correct numbers. +#if 0 + this->RunTest("many-names/ok-all-types.test"); + this->RunTest("many-names/toomany-all-types.test"); + this->RunTest("many-names/toomany-dns-excluded.test"); + this->RunTest("many-names/toomany-dns-permitted.test"); + this->RunTest("many-names/toomany-ips-excluded.test"); + this->RunTest("many-names/toomany-ips-permitted.test"); + this->RunTest("many-names/toomany-dirnames-excluded.test"); + this->RunTest("many-names/toomany-dirnames-permitted.test"); +#endif +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetOnly) { + this->RunTest("target-only/trusted_anchor.test"); + this->RunTest("target-only/trusted_leaf-and-trust_anchor.test"); + this->RunTest("target-only/trusted_leaf.test"); + this->RunTest("target-only/trusted_leaf_require_self_signed.test"); + this->RunTest("target-only/trusted_leaf-not_after.test"); + this->RunTest("target-only/trusted_leaf-wrong_eku.test"); + + this->RunTest("target-selfissued/trusted_anchor.test"); + this->RunTest("target-selfissued/trusted_leaf-and-trust_anchor.test"); + this->RunTest("target-selfissued/trusted_leaf.test"); + this->RunTest("target-selfissued/trusted_leaf_require_self_signed.test"); +} + +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetSelfSigned) { + // Note that there is not a test here of target-selfsigned with + // TRUSTED_ANCHOR, since it will have different results when run under + // verify_certificate_chain_unittest.cc and + // path_builder_verify_certificate_chain_unittest.cc + + this->RunTest("target-selfsigned/trusted_leaf-and-trust_anchor.test"); + this->RunTest("target-selfsigned/trusted_leaf.test"); + this->RunTest("target-selfsigned/trusted_leaf_require_self_signed.test"); + this->RunTest("target-selfsigned/trusted_leaf-not_after.test"); + this->RunTest("target-selfsigned/trusted_leaf-wrong_eku.test"); +} + +// TODO(eroman): Add test that invalid validity dates where the day or month +// ordinal not in range, like "March 39, 2016" are rejected. + +REGISTER_TYPED_TEST_SUITE_P(VerifyCertificateChainSingleRootTest, + Simple, + BasicConstraintsCa, + BasicConstraintsPathlen, + UnknownExtension, + MSApplicationPolicies, + WeakSignature, + WrongSignature, + LastCertificateNotTrusted, + WeakPublicKey, + TargetSignedUsingEcdsa, + Expired, + TargetNotEndEntity, + KeyUsage, + ExtendedKeyUsage, + IssuerAndSubjectNotByteForByteEqual, + TrustAnchorNotSelfSigned, + KeyRollover, + Policies, + ManyNames, + TargetOnly, + TargetSelfSigned); + +} // namespace net + +#endif // BSSL_PKI_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ diff --git a/pki/verify_certificate_chain_unittest.cc b/pki/verify_certificate_chain_unittest.cc new file mode 100644 index 0000000000..bebd4dd623 --- /dev/null +++ b/pki/verify_certificate_chain_unittest.cc @@ -0,0 +1,128 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_certificate_chain.h" + +#include "cert_errors.h" +#include "common_cert_errors.h" +#include "mock_signature_verify_cache.h" +#include "simple_path_builder_delegate.h" +#include "test_helpers.h" +#include "trust_store.h" +#include "verify_certificate_chain_typed_unittest.h" + +namespace bssl { + +namespace { + +class VerifyCertificateChainTestDelegate { + public: + static void Verify(const VerifyCertChainTest& test, + const std::string& test_file_path) { + SimplePathBuilderDelegate delegate(1024, test.digest_policy); + + CertPathErrors errors; + std::set user_constrained_policy_set; + VerifyCertificateChain( + test.chain, test.last_cert_trust, &delegate, test.time, + test.key_purpose, test.initial_explicit_policy, + test.user_initial_policy_set, test.initial_policy_mapping_inhibit, + test.initial_any_policy_inhibit, &user_constrained_policy_set, &errors); + VerifyCertPathErrors(test.expected_errors, errors, test.chain, + test_file_path); + VerifyUserConstrainedPolicySet(test.expected_user_constrained_policy_set, + user_constrained_policy_set, test_file_path); + } +}; + +} // namespace + +INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, + VerifyCertificateChainSingleRootTest, + VerifyCertificateChainTestDelegate); + +TEST(VerifyCertificateIsSelfSigned, TargetOnly) { + auto cert = ReadCertFromFile( + "testdata/verify_certificate_chain_unittest/target-only/chain.pem"); + ASSERT_TRUE(cert); + + // Test with null cache and errors. + EXPECT_FALSE(VerifyCertificateIsSelfSigned(*cert, /*cache=*/nullptr, + /*errors=*/nullptr)); + + // Test with cache and errors. + CertErrors errors; + MockSignatureVerifyCache cache; + EXPECT_FALSE(VerifyCertificateIsSelfSigned(*cert, &cache, &errors)); + + EXPECT_TRUE( + errors.ContainsAnyErrorWithSeverity(CertError::Severity::SEVERITY_HIGH)); + EXPECT_TRUE(errors.ContainsError(cert_errors::kSubjectDoesNotMatchIssuer)); + + // Should not try to verify signature if names don't match. + EXPECT_EQ(cache.CacheHits(), 0U); + EXPECT_EQ(cache.CacheMisses(), 0U); + EXPECT_EQ(cache.CacheStores(), 0U); +} + +TEST(VerifyCertificateIsSelfSigned, SelfIssued) { + auto cert = ReadCertFromFile( + "testdata/verify_certificate_chain_unittest/target-selfissued/chain.pem"); + ASSERT_TRUE(cert); + + // Test with null cache and errors. + EXPECT_FALSE(VerifyCertificateIsSelfSigned(*cert, /*cache=*/nullptr, + /*errors=*/nullptr)); + + // Test with cache and errors. + CertErrors errors; + MockSignatureVerifyCache cache; + EXPECT_FALSE(VerifyCertificateIsSelfSigned(*cert, &cache, &errors)); + + EXPECT_TRUE( + errors.ContainsAnyErrorWithSeverity(CertError::Severity::SEVERITY_HIGH)); + EXPECT_TRUE(errors.ContainsError(cert_errors::kVerifySignedDataFailed)); + + EXPECT_EQ(cache.CacheHits(), 0U); + EXPECT_EQ(cache.CacheMisses(), 1U); + EXPECT_EQ(cache.CacheStores(), 1U); + + // Trying again should use cached signature verification result. + EXPECT_FALSE(VerifyCertificateIsSelfSigned(*cert, &cache, &errors)); + EXPECT_EQ(cache.CacheHits(), 1U); + EXPECT_EQ(cache.CacheMisses(), 1U); + EXPECT_EQ(cache.CacheStores(), 1U); +} + +TEST(VerifyCertificateIsSelfSigned, SelfSigned) { + auto cert = ReadCertFromFile( + "testdata/verify_certificate_chain_unittest/target-selfsigned/chain.pem"); + ASSERT_TRUE(cert); + + // Test with null cache and errors. + EXPECT_TRUE(VerifyCertificateIsSelfSigned(*cert, /*cache=*/nullptr, + /*errors=*/nullptr)); + + // Test with cache and errors. + CertErrors errors; + MockSignatureVerifyCache cache; + EXPECT_TRUE(VerifyCertificateIsSelfSigned(*cert, &cache, &errors)); + + EXPECT_FALSE(errors.ContainsAnyErrorWithSeverity( + CertError::Severity::SEVERITY_WARNING)); + EXPECT_FALSE( + errors.ContainsAnyErrorWithSeverity(CertError::Severity::SEVERITY_HIGH)); + + EXPECT_EQ(cache.CacheHits(), 0U); + EXPECT_EQ(cache.CacheMisses(), 1U); + EXPECT_EQ(cache.CacheStores(), 1U); + + // Trying again should use cached signature verification result. + EXPECT_TRUE(VerifyCertificateIsSelfSigned(*cert, &cache, &errors)); + EXPECT_EQ(cache.CacheHits(), 1U); + EXPECT_EQ(cache.CacheMisses(), 1U); + EXPECT_EQ(cache.CacheStores(), 1U); +} + +} // namespace net diff --git a/pki/verify_name_match.cc b/pki/verify_name_match.cc new file mode 100644 index 0000000000..7f880e1310 --- /dev/null +++ b/pki/verify_name_match.cc @@ -0,0 +1,419 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_name_match.h" + +#include "cert_error_params.h" +#include "cert_errors.h" +#include "parse_name.h" +#include "input.h" +#include "parser.h" +#include "tag.h" +#include + +namespace bssl { + +DEFINE_CERT_ERROR_ID(kFailedConvertingAttributeValue, + "Failed converting AttributeValue to string"); +DEFINE_CERT_ERROR_ID(kFailedNormalizingString, "Failed normalizing string"); + +namespace { + +// Types of character set checking that NormalizeDirectoryString can perform. +enum CharsetEnforcement { + NO_ENFORCEMENT, + ENFORCE_PRINTABLE_STRING, + ENFORCE_ASCII, +}; + +// Normalizes |output|, a UTF-8 encoded string, as if it contained +// only ASCII characters. +// +// This could be considered a partial subset of RFC 5280 rules, and +// is compatible with RFC 2459/3280. +// +// In particular, RFC 5280, Section 7.1 describes how UTF8String +// and PrintableString should be compared - using the LDAP StringPrep +// profile of RFC 4518, with case folding and whitespace compression. +// However, because it is optional for 2459/3280 implementations and because +// it's desirable to avoid the size cost of the StringPrep tables, +// this function treats |output| as if it was composed of ASCII. +// +// That is, rather than folding all whitespace characters, it only +// folds ' '. Rather than case folding using locale-aware handling, +// it only folds A-Z to a-z. +// +// This gives better results than outright rejecting (due to mismatched +// encodings), or from doing a strict binary comparison (the minimum +// required by RFC 3280), and is sufficient for those certificates +// publicly deployed. +// +// If |charset_enforcement| is not NO_ENFORCEMENT and |output| contains any +// characters not allowed in the specified charset, returns false. +// +// NOTE: |output| will be modified regardless of the return. +[[nodiscard]] bool NormalizeDirectoryString( + CharsetEnforcement charset_enforcement, + std::string* output) { + // Normalized version will always be equal or shorter than input. + // Normalize in place and then truncate the output if necessary. + std::string::const_iterator read_iter = output->begin(); + std::string::iterator write_iter = output->begin(); + + for (; read_iter != output->end() && *read_iter == ' '; ++read_iter) { + // Ignore leading whitespace. + } + + for (; read_iter != output->end(); ++read_iter) { + const unsigned char c = *read_iter; + if (c == ' ') { + // If there are non-whitespace characters remaining in input, compress + // multiple whitespace chars to a single space, otherwise ignore trailing + // whitespace. + std::string::const_iterator next_iter = read_iter + 1; + if (next_iter != output->end() && *next_iter != ' ') + *(write_iter++) = ' '; + } else if (c >= 'A' && c <= 'Z') { + // Fold case. + *(write_iter++) = c + ('a' - 'A'); + } else { + // Note that these checks depend on the characters allowed by earlier + // conditions also being valid for the enforced charset. + switch (charset_enforcement) { + case ENFORCE_PRINTABLE_STRING: + // See NormalizePrintableStringValue comment for the acceptable list + // of characters. + if (!((c >= 'a' && c <= 'z') || (c >= '\'' && c <= ':') || c == '=' || + c == '?')) + return false; + break; + case ENFORCE_ASCII: + if (c > 0x7F) + return false; + break; + case NO_ENFORCEMENT: + break; + } + *(write_iter++) = c; + } + } + if (write_iter != output->end()) + output->erase(write_iter, output->end()); + return true; +} + +// Converts the value of X509NameAttribute |attribute| to UTF-8, normalizes it, +// and stores in |output|. The type of |attribute| must be one of the types for +// which IsNormalizableDirectoryString is true. +// +// If the value of |attribute| can be normalized, returns true and sets +// |output| to the case folded, normalized value. If the value of |attribute| +// is invalid, returns false. +// NOTE: |output| will be modified regardless of the return. +[[nodiscard]] bool NormalizeValue(X509NameAttribute attribute, + std::string* output, + CertErrors* errors) { + DCHECK(errors); + + if (!attribute.ValueAsStringUnsafe(output)) { + errors->AddError(kFailedConvertingAttributeValue, + CreateCertErrorParams1SizeT("tag", attribute.value_tag)); + return false; + } + + bool success = false; + switch (attribute.value_tag) { + case der::kPrintableString: + success = NormalizeDirectoryString(ENFORCE_PRINTABLE_STRING, output); + break; + case der::kBmpString: + case der::kUniversalString: + case der::kUtf8String: + success = NormalizeDirectoryString(NO_ENFORCEMENT, output); + break; + case der::kIA5String: + success = NormalizeDirectoryString(ENFORCE_ASCII, output); + break; + default: + // NOTREACHED + success = false; + break; + } + + if (!success) { + errors->AddError(kFailedNormalizingString, + CreateCertErrorParams1SizeT("tag", attribute.value_tag)); + } + + return success; +} + +// Returns true if |tag| is a string type that NormalizeValue can handle. +bool IsNormalizableDirectoryString(der::Tag tag) { + switch (tag) { + case der::kPrintableString: + case der::kUtf8String: + // RFC 5280 only requires handling IA5String for comparing domainComponent + // values, but handling it here avoids the need to special case anything. + case der::kIA5String: + case der::kUniversalString: + case der::kBmpString: + return true; + // TeletexString isn't normalized. Section 8 of RFC 5280 briefly + // describes the historical confusion between treating TeletexString + // as Latin1String vs T.61, and there are even incompatibilities within + // T.61 implementations. As this time is virtually unused, simply + // treat it with a binary comparison, as permitted by RFC 3280/5280. + default: + return false; + } +} + +// Returns true if the value of X509NameAttribute |a| matches |b|. +bool VerifyValueMatch(X509NameAttribute a, X509NameAttribute b) { + if (IsNormalizableDirectoryString(a.value_tag) && + IsNormalizableDirectoryString(b.value_tag)) { + std::string a_normalized, b_normalized; + // TODO(eroman): Plumb this down. + CertErrors unused_errors; + if (!NormalizeValue(a, &a_normalized, &unused_errors) || + !NormalizeValue(b, &b_normalized, &unused_errors)) + return false; + return a_normalized == b_normalized; + } + // Attributes encoded with different types may be assumed to be unequal. + if (a.value_tag != b.value_tag) + return false; + // All other types use binary comparison. + return a.value == b.value; +} + +// Verifies that |a_parser| and |b_parser| are the same length and that every +// AttributeTypeAndValue in |a_parser| has a matching AttributeTypeAndValue in +// |b_parser|. +bool VerifyRdnMatch(der::Parser* a_parser, der::Parser* b_parser) { + RelativeDistinguishedName a_type_and_values, b_type_and_values; + if (!ReadRdn(a_parser, &a_type_and_values) || + !ReadRdn(b_parser, &b_type_and_values)) + return false; + + // RFC 5280 section 7.1: + // Two relative distinguished names RDN1 and RDN2 match if they have the same + // number of naming attributes and for each naming attribute in RDN1 there is + // a matching naming attribute in RDN2. + if (a_type_and_values.size() != b_type_and_values.size()) + return false; + + // The ordering of elements may differ due to denormalized values sorting + // differently in the DER encoding. Since the number of elements should be + // small, a naive linear search for each element should be fine. (Hostile + // certificates already have ways to provoke pathological behavior.) + for (const auto& a : a_type_and_values) { + auto b_iter = b_type_and_values.begin(); + for (; b_iter != b_type_and_values.end(); ++b_iter) { + const auto& b = *b_iter; + if (a.type == b.type && VerifyValueMatch(a, b)) { + break; + } + } + if (b_iter == b_type_and_values.end()) + return false; + // Remove the matched element from b_type_and_values to ensure duplicate + // elements in a_type_and_values can't match the same element in + // b_type_and_values multiple times. + b_type_and_values.erase(b_iter); + } + + // Every element in |a_type_and_values| had a matching element in + // |b_type_and_values|. + return true; +} + +enum NameMatchType { + EXACT_MATCH, + SUBTREE_MATCH, +}; + +// Verify that |a| matches |b|. If |match_type| is EXACT_MATCH, returns true if +// they are an exact match as defined by RFC 5280 7.1. If |match_type| is +// SUBTREE_MATCH, returns true if |a| is within the subtree defined by |b| as +// defined by RFC 5280 7.1. +// +// |a| and |b| are ASN.1 RDNSequence values (not including the Sequence tag), +// defined in RFC 5280 section 4.1.2.4: +// +// Name ::= CHOICE { -- only one possibility for now -- +// rdnSequence RDNSequence } +// +// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName +// +// RelativeDistinguishedName ::= +// SET SIZE (1..MAX) OF AttributeTypeAndValue +bool VerifyNameMatchInternal(const der::Input& a, + const der::Input& b, + NameMatchType match_type) { + // Empty Names are allowed. RFC 5280 section 4.1.2.4 requires "The issuer + // field MUST contain a non-empty distinguished name (DN)", while section + // 4.1.2.6 allows for the Subject to be empty in certain cases. The caller is + // assumed to have verified those conditions. + + // RFC 5280 section 7.1: + // Two distinguished names DN1 and DN2 match if they have the same number of + // RDNs, for each RDN in DN1 there is a matching RDN in DN2, and the matching + // RDNs appear in the same order in both DNs. + + // As an optimization, first just compare the number of RDNs: + der::Parser a_rdn_sequence_counter(a); + der::Parser b_rdn_sequence_counter(b); + while (a_rdn_sequence_counter.HasMore() && b_rdn_sequence_counter.HasMore()) { + if (!a_rdn_sequence_counter.SkipTag(der::kSet) || + !b_rdn_sequence_counter.SkipTag(der::kSet)) { + return false; + } + } + // If doing exact match and either of the sequences has more elements than the + // other, not a match. If doing a subtree match, the first Name may have more + // RDNs than the second. + if (b_rdn_sequence_counter.HasMore()) + return false; + if (match_type == EXACT_MATCH && a_rdn_sequence_counter.HasMore()) + return false; + + // Verify that RDNs in |a| and |b| match. + der::Parser a_rdn_sequence(a); + der::Parser b_rdn_sequence(b); + while (a_rdn_sequence.HasMore() && b_rdn_sequence.HasMore()) { + der::Parser a_rdn, b_rdn; + if (!a_rdn_sequence.ReadConstructed(der::kSet, &a_rdn) || + !b_rdn_sequence.ReadConstructed(der::kSet, &b_rdn)) { + return false; + } + if (!VerifyRdnMatch(&a_rdn, &b_rdn)) + return false; + } + + return true; +} + +} // namespace + +bool NormalizeName(const der::Input& name_rdn_sequence, + std::string* normalized_rdn_sequence, + CertErrors* errors) { + DCHECK(errors); + + // RFC 5280 section 4.1.2.4 + // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + der::Parser rdn_sequence_parser(name_rdn_sequence); + + bssl::ScopedCBB cbb; + if (!CBB_init(cbb.get(), 0)) + return false; + + while (rdn_sequence_parser.HasMore()) { + // RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue + der::Parser rdn_parser; + if (!rdn_sequence_parser.ReadConstructed(der::kSet, &rdn_parser)) + return false; + RelativeDistinguishedName type_and_values; + if (!ReadRdn(&rdn_parser, &type_and_values)) + return false; + + CBB rdn_cbb; + if (!CBB_add_asn1(cbb.get(), &rdn_cbb, CBS_ASN1_SET)) + return false; + + for (const auto& type_and_value : type_and_values) { + // AttributeTypeAndValue ::= SEQUENCE { + // type AttributeType, + // value AttributeValue } + CBB attribute_type_and_value_cbb, type_cbb, value_cbb; + if (!CBB_add_asn1(&rdn_cbb, &attribute_type_and_value_cbb, + CBS_ASN1_SEQUENCE)) { + return false; + } + + // AttributeType ::= OBJECT IDENTIFIER + if (!CBB_add_asn1(&attribute_type_and_value_cbb, &type_cbb, + CBS_ASN1_OBJECT) || + !CBB_add_bytes(&type_cbb, type_and_value.type.UnsafeData(), + type_and_value.type.Length())) { + return false; + } + + // AttributeValue ::= ANY -- DEFINED BY AttributeType + if (IsNormalizableDirectoryString(type_and_value.value_tag)) { + std::string normalized_value; + if (!NormalizeValue(type_and_value, &normalized_value, errors)) + return false; + if (!CBB_add_asn1(&attribute_type_and_value_cbb, &value_cbb, + CBS_ASN1_UTF8STRING) || + !CBB_add_bytes( + &value_cbb, + reinterpret_cast(normalized_value.data()), + normalized_value.size())) + return false; + } else { + if (!CBB_add_asn1(&attribute_type_and_value_cbb, &value_cbb, + type_and_value.value_tag) || + !CBB_add_bytes(&value_cbb, type_and_value.value.UnsafeData(), + type_and_value.value.Length())) + return false; + } + + if (!CBB_flush(&rdn_cbb)) + return false; + } + + // Ensure the encoded AttributeTypeAndValue values in the SET OF are sorted. + if (!CBB_flush_asn1_set_of(&rdn_cbb) || !CBB_flush(cbb.get())) + return false; + } + + normalized_rdn_sequence->assign(CBB_data(cbb.get()), + CBB_data(cbb.get()) + CBB_len(cbb.get())); + return true; +} + +bool VerifyNameMatch(const der::Input& a_rdn_sequence, + const der::Input& b_rdn_sequence) { + return VerifyNameMatchInternal(a_rdn_sequence, b_rdn_sequence, EXACT_MATCH); +} + +bool VerifyNameInSubtree(const der::Input& name_rdn_sequence, + const der::Input& parent_rdn_sequence) { + return VerifyNameMatchInternal(name_rdn_sequence, parent_rdn_sequence, + SUBTREE_MATCH); +} + +bool FindEmailAddressesInName( + const der::Input& name_rdn_sequence, + std::vector* contained_email_addresses) { + contained_email_addresses->clear(); + + der::Parser rdn_sequence_parser(name_rdn_sequence); + while (rdn_sequence_parser.HasMore()) { + der::Parser rdn_parser; + if (!rdn_sequence_parser.ReadConstructed(der::kSet, &rdn_parser)) + return false; + + RelativeDistinguishedName type_and_values; + if (!ReadRdn(&rdn_parser, &type_and_values)) + return false; + + for (const auto& type_and_value : type_and_values) { + if (type_and_value.type == der::Input(kTypeEmailAddressOid)) { + std::string email_address; + if (!type_and_value.ValueAsString(&email_address)) { + return false; + } + contained_email_addresses->push_back(std::move(email_address)); + } + } + } + + return true; +} + +} // namespace net diff --git a/pki/verify_name_match.h b/pki/verify_name_match.h new file mode 100644 index 0000000000..a32824527d --- /dev/null +++ b/pki/verify_name_match.h @@ -0,0 +1,62 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_VERIFY_NAME_MATCH_H_ +#define BSSL_PKI_VERIFY_NAME_MATCH_H_ + +#include "fillins/openssl_util.h" +#include +#include + + + +namespace bssl { + +class CertErrors; + +namespace der { +class Input; +} // namespace der + +// Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not +// include the Sequence tag). If successful, returns true and stores the +// normalized DER-encoded Name into |normalized_rdn_sequence| (not including an +// outer Sequence tag). Returns false if there was an error parsing or +// normalizing the input, and adds error information to |errors|. |errors| must +// be non-null. +OPENSSL_EXPORT bool NormalizeName(const der::Input& name_rdn_sequence, + std::string* normalized_rdn_sequence, + CertErrors* errors); + +// Compares DER-encoded X.501 Name values according to RFC 5280 rules. +// |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence +// values (not including the Sequence tag). +// Returns true if |a_rdn_sequence| and |b_rdn_sequence| match. +OPENSSL_EXPORT bool VerifyNameMatch(const der::Input& a_rdn_sequence, + const der::Input& b_rdn_sequence); + +// Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if +// |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as +// defined by RFC 5280 section 7.1. |name_rdn_sequence| and +// |parent_rdn_sequence| should be the DER-encoded sequence values (not +// including the Sequence tag). +OPENSSL_EXPORT bool VerifyNameInSubtree(const der::Input& name_rdn_sequence, + const der::Input& parent_rdn_sequence); + +// Helper functions: + +// Find all emailAddress attribute values in |name_rdn_sequence|. +// Returns true if parsing was successful, in which case +// |*contained_email_address| will contain zero or more values. The values +// returned in |*contained_email_addresses| will be UTF8 strings and have been +// checked that they were valid strings for the string type of the attribute +// tag, but otherwise have not been validated. +// Returns false if there was a parsing error. +[[nodiscard]] bool FindEmailAddressesInName( + const der::Input& name_rdn_sequence, + std::vector* contained_email_addresses); + +} // namespace net + +#endif // BSSL_PKI_VERIFY_NAME_MATCH_H_ diff --git a/pki/verify_name_match_fuzzer.cc b/pki/verify_name_match_fuzzer.cc new file mode 100644 index 0000000000..d76abc6a65 --- /dev/null +++ b/pki/verify_name_match_fuzzer.cc @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_name_match.h" + +#include +#include + +#include + +#include + +#include "input.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + + // Intentionally using uint16_t here to avoid empty |second_part|. + size_t first_part_size = fuzzed_data.ConsumeIntegral(); + std::vector first_part = + fuzzed_data.ConsumeBytes(first_part_size); + std::vector second_part = + fuzzed_data.ConsumeRemainingBytes(); + + bssl::der::Input in1(first_part.data(), first_part.size()); + bssl::der::Input in2(second_part.data(), second_part.size()); + bool match = net::VerifyNameMatch(in1, in2); + bool reverse_order_match = net::VerifyNameMatch(in2, in1); + // Result should be the same regardless of argument order. + CHECK_EQ(match, reverse_order_match); + return 0; +} diff --git a/pki/verify_name_match_normalizename_fuzzer.cc b/pki/verify_name_match_normalizename_fuzzer.cc new file mode 100644 index 0000000000..96f4608fb0 --- /dev/null +++ b/pki/verify_name_match_normalizename_fuzzer.cc @@ -0,0 +1,26 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_name_match.h" + +#include "cert_errors.h" +#include "input.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + bssl::der::Input in(data, size); + std::string normalized_der; + bssl::CertErrors errors; + bool success = net::NormalizeName(in, &normalized_der, &errors); + if (success) { + // If the input was successfully normalized, re-normalizing it should + // produce the same output again. + std::string renormalized_der; + bool renormalize_success = net::NormalizeName( + bssl::der::Input(&normalized_der), &renormalized_der, &errors); + CHECK(renormalize_success); + CHECK_EQ(normalized_der, renormalized_der); + } + return 0; +} diff --git a/pki/verify_name_match_unittest.cc b/pki/verify_name_match_unittest.cc new file mode 100644 index 0000000000..7bdacb2b2d --- /dev/null +++ b/pki/verify_name_match_unittest.cc @@ -0,0 +1,613 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_name_match.h" + +#include "string_util.h" +#include "test_helpers.h" +#include + +namespace bssl { +namespace { + +// Loads test data from file. The filename is constructed from the parameters: +// |prefix| describes the type of data being tested, e.g. "ascii", +// "unicode_bmp", "unicode_supplementary", and "invalid". +// |value_type| indicates what ASN.1 type is used to encode the data. +// |suffix| indicates any additional modifications, such as caseswapping, +// whitespace adding, etc. +::testing::AssertionResult LoadTestData(const std::string& prefix, + const std::string& value_type, + const std::string& suffix, + std::string* result) { + std::string path = "testdata/verify_name_match_unittest/names/" + prefix + + "-" + value_type + "-" + suffix + ".pem"; + + const PemBlockMapping mappings[] = { + {"NAME", result}, + }; + + return ReadTestDataFromPemFile(path, mappings); +} + +bool TypesAreComparable(const std::string& type_1, const std::string& type_2) { + if (type_1 == type_2) + return true; + if ((type_1 == "PRINTABLESTRING" || type_1 == "UTF8" || + type_1 == "BMPSTRING" || type_1 == "UNIVERSALSTRING") && + (type_2 == "PRINTABLESTRING" || type_2 == "UTF8" || + type_2 == "BMPSTRING" || type_2 == "UNIVERSALSTRING")) { + return true; + } + return false; +} + +// All string types. +static const char* kValueTypes[] = {"PRINTABLESTRING", "T61STRING", "UTF8", + "BMPSTRING", "UNIVERSALSTRING"}; +// String types that can encode the Unicode Basic Multilingual Plane. +static const char* kUnicodeBMPValueTypes[] = {"UTF8", "BMPSTRING", + "UNIVERSALSTRING"}; +// String types that can encode the Unicode Supplementary Planes. +static const char* kUnicodeSupplementaryValueTypes[] = {"UTF8", + "UNIVERSALSTRING"}; + +static const char* kMangleTypes[] = {"unmangled", "case_swap", + "extra_whitespace"}; + +} // namespace + +class VerifyNameMatchSimpleTest + : public ::testing::TestWithParam< + ::testing::tuple> { + public: + std::string value_type() const { return ::testing::get<0>(GetParam()); } + std::string suffix() const { return ::testing::get<1>(GetParam()); } +}; + +// Compare each input against itself, verifies that all input data is parsed +// successfully. +TEST_P(VerifyNameMatchSimpleTest, ExactEquality) { + std::string der; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix(), &der)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der), + SequenceValueFromString(&der))); + + std::string der_extra_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-extra_attr", + &der_extra_attr)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der_extra_attr), + SequenceValueFromString(&der_extra_attr))); + + std::string der_extra_rdn; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-extra_rdn", + &der_extra_rdn)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der_extra_rdn), + SequenceValueFromString(&der_extra_rdn))); +} + +// Ensure that a Name does not match another Name which is exactly the same but +// with an extra attribute in one Relative Distinguished Name. +TEST_P(VerifyNameMatchSimpleTest, ExtraAttrDoesNotMatch) { + std::string der; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix(), &der)); + std::string der_extra_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-extra_attr", + &der_extra_attr)); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der), + SequenceValueFromString(&der_extra_attr))); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der_extra_attr), + SequenceValueFromString(&der))); +} + +// Ensure that a Name does not match another Name which has the same number of +// RDNs and attributes, but where one of the attributes is duplicated in one of +// the names but not in the other. +TEST_P(VerifyNameMatchSimpleTest, DupeAttrDoesNotMatch) { + std::string der_dupe_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-dupe_attr", + &der_dupe_attr)); + std::string der_extra_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-extra_attr", + &der_extra_attr)); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der_dupe_attr), + SequenceValueFromString(&der_extra_attr))); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der_extra_attr), + SequenceValueFromString(&der_dupe_attr))); + // However, the name with a dupe attribute should match itself. + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der_dupe_attr), + SequenceValueFromString(&der_dupe_attr))); +} + +// Ensure that a Name does not match another Name which is exactly the same but +// with an extra Relative Distinguished Name. +TEST_P(VerifyNameMatchSimpleTest, ExtraRdnDoesNotMatch) { + std::string der; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix(), &der)); + std::string der_extra_rdn; + ASSERT_TRUE(LoadTestData("ascii", value_type(), suffix() + "-extra_rdn", + &der_extra_rdn)); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der), + SequenceValueFromString(&der_extra_rdn))); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der_extra_rdn), + SequenceValueFromString(&der))); +} + +// Runs VerifyNameMatchSimpleTest for all combinations of value_type and and +// suffix. +INSTANTIATE_TEST_SUITE_P(InstantiationName, + VerifyNameMatchSimpleTest, + ::testing::Combine(::testing::ValuesIn(kValueTypes), + ::testing::ValuesIn(kMangleTypes))); + +class VerifyNameMatchNormalizationTest + : public ::testing::TestWithParam<::testing::tuple> { + public: + bool expected_result() const { return ::testing::get<0>(GetParam()); } + std::string value_type() const { return ::testing::get<1>(GetParam()); } +}; + +// Verify matching is case insensitive (for the types which currently support +// normalization). +TEST_P(VerifyNameMatchNormalizationTest, CaseInsensitivity) { + std::string normal; + ASSERT_TRUE(LoadTestData("ascii", value_type(), "unmangled", &normal)); + std::string case_swap; + ASSERT_TRUE(LoadTestData("ascii", value_type(), "case_swap", &case_swap)); + EXPECT_EQ(expected_result(), + VerifyNameMatch(SequenceValueFromString(&normal), + SequenceValueFromString(&case_swap))); + EXPECT_EQ(expected_result(), + VerifyNameMatch(SequenceValueFromString(&case_swap), + SequenceValueFromString(&normal))); +} + +// Verify matching folds whitespace (for the types which currently support +// normalization). +TEST_P(VerifyNameMatchNormalizationTest, CollapseWhitespace) { + std::string normal; + ASSERT_TRUE(LoadTestData("ascii", value_type(), "unmangled", &normal)); + std::string whitespace; + ASSERT_TRUE( + LoadTestData("ascii", value_type(), "extra_whitespace", &whitespace)); + EXPECT_EQ(expected_result(), + VerifyNameMatch(SequenceValueFromString(&normal), + SequenceValueFromString(&whitespace))); + EXPECT_EQ(expected_result(), + VerifyNameMatch(SequenceValueFromString(&whitespace), + SequenceValueFromString(&normal))); +} + +// Runs VerifyNameMatchNormalizationTest for each (expected_result, value_type) +// tuple. +INSTANTIATE_TEST_SUITE_P( + InstantiationName, + VerifyNameMatchNormalizationTest, + ::testing::Values( + ::testing::make_tuple(true, + static_cast("PRINTABLESTRING")), + ::testing::make_tuple(false, static_cast("T61STRING")), + ::testing::make_tuple(true, static_cast("UTF8")), + ::testing::make_tuple(true, static_cast("BMPSTRING")), + ::testing::make_tuple(true, + static_cast("UNIVERSALSTRING")))); + +class VerifyNameMatchDifferingTypesTest + : public ::testing::TestWithParam< + ::testing::tuple> { + public: + std::string value_type_1() const { return ::testing::get<0>(GetParam()); } + std::string value_type_2() const { return ::testing::get<1>(GetParam()); } +}; + +TEST_P(VerifyNameMatchDifferingTypesTest, NormalizableTypesAreEqual) { + std::string der_1; + ASSERT_TRUE(LoadTestData("ascii", value_type_1(), "unmangled", &der_1)); + std::string der_2; + ASSERT_TRUE(LoadTestData("ascii", value_type_2(), "unmangled", &der_2)); + if (TypesAreComparable(value_type_1(), value_type_2())) { + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2))); + } else { + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2))); + } +} + +TEST_P(VerifyNameMatchDifferingTypesTest, NormalizableTypesInSubtrees) { + std::string der_1; + ASSERT_TRUE(LoadTestData("ascii", value_type_1(), "unmangled", &der_1)); + std::string der_1_extra_rdn; + ASSERT_TRUE(LoadTestData("ascii", value_type_1(), "unmangled-extra_rdn", + &der_1_extra_rdn)); + std::string der_1_extra_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type_1(), "unmangled-extra_attr", + &der_1_extra_attr)); + std::string der_2; + ASSERT_TRUE(LoadTestData("ascii", value_type_2(), "unmangled", &der_2)); + std::string der_2_extra_rdn; + ASSERT_TRUE(LoadTestData("ascii", value_type_2(), "unmangled-extra_rdn", + &der_2_extra_rdn)); + std::string der_2_extra_attr; + ASSERT_TRUE(LoadTestData("ascii", value_type_2(), "unmangled-extra_attr", + &der_2_extra_attr)); + + if (TypesAreComparable(value_type_1(), value_type_2())) { + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2))); + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&der_2), + SequenceValueFromString(&der_1))); + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&der_1_extra_rdn), + SequenceValueFromString(&der_2))); + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&der_2_extra_rdn), + SequenceValueFromString(&der_1))); + } else { + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_2), + SequenceValueFromString(&der_1))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_1_extra_rdn), + SequenceValueFromString(&der_2))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_2_extra_rdn), + SequenceValueFromString(&der_1))); + } + + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2_extra_rdn))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_2), + SequenceValueFromString(&der_1_extra_rdn))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_1_extra_attr), + SequenceValueFromString(&der_2))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_2_extra_attr), + SequenceValueFromString(&der_1))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2_extra_attr))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&der_2), + SequenceValueFromString(&der_1_extra_attr))); +} + +// Runs VerifyNameMatchDifferingTypesTest for all combinations of value types in +// value_type1 and value_type_2. +INSTANTIATE_TEST_SUITE_P(InstantiationName, + VerifyNameMatchDifferingTypesTest, + ::testing::Combine(::testing::ValuesIn(kValueTypes), + ::testing::ValuesIn(kValueTypes))); + +class VerifyNameMatchUnicodeConversionTest + : public ::testing::TestWithParam< + ::testing::tuple>> { + public: + std::string prefix() const { return ::testing::get<0>(GetParam()); } + std::string value_type_1() const { + return ::testing::get<0>(::testing::get<1>(GetParam())); + } + std::string value_type_2() const { + return ::testing::get<1>(::testing::get<1>(GetParam())); + } +}; + +TEST_P(VerifyNameMatchUnicodeConversionTest, UnicodeConversionsAreEqual) { + std::string der_1; + ASSERT_TRUE(LoadTestData(prefix(), value_type_1(), "unmangled", &der_1)); + std::string der_2; + ASSERT_TRUE(LoadTestData(prefix(), value_type_2(), "unmangled", &der_2)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&der_1), + SequenceValueFromString(&der_2))); +} + +// Runs VerifyNameMatchUnicodeConversionTest with prefix="unicode_bmp" for all +// combinations of Basic Multilingual Plane-capable value types in value_type1 +// and value_type_2. +INSTANTIATE_TEST_SUITE_P( + BMPConversion, + VerifyNameMatchUnicodeConversionTest, + ::testing::Combine( + ::testing::Values("unicode_bmp"), + ::testing::Combine(::testing::ValuesIn(kUnicodeBMPValueTypes), + ::testing::ValuesIn(kUnicodeBMPValueTypes)))); + +// Runs VerifyNameMatchUnicodeConversionTest with prefix="unicode_supplementary" +// for all combinations of Unicode Supplementary Plane-capable value types in +// value_type1 and value_type_2. +INSTANTIATE_TEST_SUITE_P( + SMPConversion, + VerifyNameMatchUnicodeConversionTest, + ::testing::Combine( + ::testing::Values("unicode_supplementary"), + ::testing::Combine( + ::testing::ValuesIn(kUnicodeSupplementaryValueTypes), + ::testing::ValuesIn(kUnicodeSupplementaryValueTypes)))); + +// Matching should fail if a PrintableString contains invalid characters. +TEST(VerifyNameMatchInvalidDataTest, FailOnInvalidPrintableStringChars) { + std::string der; + ASSERT_TRUE(LoadTestData("ascii", "PRINTABLESTRING", "unmangled", &der)); + // Find a known location inside a PrintableString in the DER-encoded data. + size_t replace_location = der.find("0123456789"); + ASSERT_NE(std::string::npos, replace_location); + for (int c = 0; c < 256; ++c) { + SCOPED_TRACE(c); + if ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || + (c >= '0' && c <= '9')) { + continue; + } + switch (c) { + case ' ': + case '\'': + case '(': + case ')': + case '*': + case '+': + case ',': + case '-': + case '.': + case '/': + case ':': + case '=': + case '?': + continue; + } + der.replace(replace_location, 1, 1, c); + // Verification should fail due to the invalid character. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der), + SequenceValueFromString(&der))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE( + NormalizeName(SequenceValueFromString(&der), &normalized_der, &errors)); + } +} + +// Matching should fail if an IA5String contains invalid characters. +TEST(VerifyNameMatchInvalidDataTest, FailOnInvalidIA5StringChars) { + std::string der; + ASSERT_TRUE(LoadTestData("ascii", "mixed", "rdn_dupetype_sorting_1", &der)); + // Find a known location inside an IA5String in the DER-encoded data. + size_t replace_location = der.find("eXaMple"); + ASSERT_NE(std::string::npos, replace_location); + for (int c = 0; c < 256; ++c) { + SCOPED_TRACE(c); + der.replace(replace_location, 1, 1, c); + bool expected_result = (c <= 127); + EXPECT_EQ(expected_result, VerifyNameMatch(SequenceValueFromString(&der), + SequenceValueFromString(&der))); + std::string normalized_der; + CertErrors errors; + EXPECT_EQ(expected_result, NormalizeName(SequenceValueFromString(&der), + &normalized_der, &errors)); + } +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueExtraData) { + std::string invalid; + ASSERT_TRUE( + LoadTestData("invalid", "AttributeTypeAndValue", "extradata", &invalid)); + // Verification should fail due to extra element in AttributeTypeAndValue + // sequence. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueShort) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "AttributeTypeAndValue", "onlyOneElement", + &invalid)); + // Verification should fail due to AttributeTypeAndValue sequence having only + // one element. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueEmpty) { + std::string invalid; + ASSERT_TRUE( + LoadTestData("invalid", "AttributeTypeAndValue", "empty", &invalid)); + // Verification should fail due to empty AttributeTypeAndValue sequence. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnBadAttributeType) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "AttributeTypeAndValue", + "badAttributeType", &invalid)); + // Verification should fail due to Attribute Type not being an OID. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueNotSequence) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "AttributeTypeAndValue", "setNotSequence", + &invalid)); + // Verification should fail due to AttributeTypeAndValue being a Set instead + // of a Sequence. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnRdnNotSet) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "RDN", "sequenceInsteadOfSet", &invalid)); + // Verification should fail due to RDN being a Sequence instead of a Set. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchInvalidDataTest, FailOnEmptyRdn) { + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "RDN", "empty", &invalid)); + // Verification should fail due to RDN having zero AttributeTypeAndValues. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +// Matching should fail if a BMPString contains surrogates. +TEST(VerifyNameMatchInvalidDataTest, FailOnBmpStringSurrogates) { + std::string normal; + ASSERT_TRUE(LoadTestData("unicode_bmp", "BMPSTRING", "unmangled", &normal)); + // Find a known location inside a BMPSTRING in the DER-encoded data. + size_t replace_location = normal.find("\x67\x71\x4e\xac"); + ASSERT_NE(std::string::npos, replace_location); + // Replace with U+1D400 MATHEMATICAL BOLD CAPITAL A, which requires surrogates + // to represent. + std::string invalid = + normal.replace(replace_location, 4, std::string("\xd8\x35\xdc\x00", 4)); + // Verification should fail due to the invalid codepoints. + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); + std::string normalized_der; + CertErrors errors; + EXPECT_FALSE(NormalizeName(SequenceValueFromString(&invalid), &normalized_der, + &errors)); +} + +TEST(VerifyNameMatchTest, EmptyNameMatching) { + std::string empty; + ASSERT_TRUE(LoadTestData("valid", "Name", "empty", &empty)); + // Empty names are equal. + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&empty), + SequenceValueFromString(&empty))); + // An empty name normalized is unchanged. + std::string normalized_empty_der; + CertErrors errors; + EXPECT_TRUE(NormalizeName(SequenceValueFromString(&empty), + &normalized_empty_der, &errors)); + EXPECT_EQ(SequenceValueFromString(&empty), der::Input(&normalized_empty_der)); + + // An empty name is not equal to non-empty name. + std::string non_empty; + ASSERT_TRUE( + LoadTestData("ascii", "PRINTABLESTRING", "unmangled", &non_empty)); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&empty), + SequenceValueFromString(&non_empty))); + EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&non_empty), + SequenceValueFromString(&empty))); +} + +// Matching should succeed when the RDNs are sorted differently but are still +// equal after normalizing. +TEST(VerifyNameMatchRDNSorting, Simple) { + std::string a; + ASSERT_TRUE(LoadTestData("ascii", "PRINTABLESTRING", "rdn_sorting_1", &a)); + std::string b; + ASSERT_TRUE(LoadTestData("ascii", "PRINTABLESTRING", "rdn_sorting_2", &b)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&a), + SequenceValueFromString(&b))); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&b), + SequenceValueFromString(&a))); +} + +// Matching should succeed when the RDNs are sorted differently but are still +// equal after normalizing, even in malformed RDNs that contain multiple +// elements with the same type. +TEST(VerifyNameMatchRDNSorting, DuplicateTypes) { + std::string a; + ASSERT_TRUE(LoadTestData("ascii", "mixed", "rdn_dupetype_sorting_1", &a)); + std::string b; + ASSERT_TRUE(LoadTestData("ascii", "mixed", "rdn_dupetype_sorting_2", &b)); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&a), + SequenceValueFromString(&b))); + EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&b), + SequenceValueFromString(&a))); +} + +TEST(VerifyNameInSubtreeInvalidDataTest, FailOnEmptyRdn) { + std::string valid; + ASSERT_TRUE(LoadTestData("ascii", "PRINTABLESTRING", "unmangled", &valid)); + std::string invalid; + ASSERT_TRUE(LoadTestData("invalid", "RDN", "empty", &invalid)); + // For both |name| and |parent|, a RelativeDistinguishedName must have at + // least one AttributeTypeAndValue. + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&valid), + SequenceValueFromString(&invalid))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&invalid), + SequenceValueFromString(&valid))); + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&invalid), + SequenceValueFromString(&invalid))); +} + +TEST(VerifyNameInSubtreeTest, EmptyNameMatching) { + std::string empty; + ASSERT_TRUE(LoadTestData("valid", "Name", "empty", &empty)); + std::string non_empty; + ASSERT_TRUE( + LoadTestData("ascii", "PRINTABLESTRING", "unmangled", &non_empty)); + // Empty name is in the subtree defined by empty name. + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&empty), + SequenceValueFromString(&empty))); + // Any non-empty name is in the subtree defined by empty name. + EXPECT_TRUE(VerifyNameInSubtree(SequenceValueFromString(&non_empty), + SequenceValueFromString(&empty))); + // Empty name is not in the subtree defined by non-empty name. + EXPECT_FALSE(VerifyNameInSubtree(SequenceValueFromString(&empty), + SequenceValueFromString(&non_empty))); +} + +// Verify that the normalized output matches the pre-generated expected value +// for a single larger input that exercises all of the string types, unicode +// (basic and supplemental planes), whitespace collapsing, case folding, as +// well as SET sorting. +TEST(NameNormalizationTest, TestEverything) { + std::string expected_normalized_der; + ASSERT_TRUE( + LoadTestData("unicode", "mixed", "normalized", &expected_normalized_der)); + + std::string raw_der; + ASSERT_TRUE(LoadTestData("unicode", "mixed", "unnormalized", &raw_der)); + std::string normalized_der; + CertErrors errors; + ASSERT_TRUE(NormalizeName(SequenceValueFromString(&raw_der), &normalized_der, + &errors)); + EXPECT_EQ(SequenceValueFromString(&expected_normalized_der), + der::Input(&normalized_der)); + // Re-normalizing an already normalized Name should not change it. + std::string renormalized_der; + ASSERT_TRUE( + NormalizeName(der::Input(&normalized_der), &renormalized_der, &errors)); + EXPECT_EQ(normalized_der, renormalized_der); +} + +// Unknown AttributeValue types normalize as-is, even non-primitive tags. +TEST(NameNormalizationTest, NormalizeCustom) { + std::string raw_der; + ASSERT_TRUE(LoadTestData("custom", "custom", "normalized", &raw_der)); + + std::string normalized_der; + CertErrors errors; + ASSERT_TRUE(NormalizeName(SequenceValueFromString(&raw_der), &normalized_der, + &errors)); + EXPECT_EQ(SequenceValueFromString(&raw_der), der::Input(&normalized_der)); +} + +} // namespace net diff --git a/pki/verify_name_match_verifynameinsubtree_fuzzer.cc b/pki/verify_name_match_verifynameinsubtree_fuzzer.cc new file mode 100644 index 0000000000..94cc3bf8d8 --- /dev/null +++ b/pki/verify_name_match_verifynameinsubtree_fuzzer.cc @@ -0,0 +1,35 @@ +// Copyright 2016 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_name_match.h" + +#include +#include + +#include + +#include + +#include "input.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + + // Intentionally using uint16_t here to avoid empty |second_part|. + size_t first_part_size = fuzzed_data.ConsumeIntegral(); + std::vector first_part = + fuzzed_data.ConsumeBytes(first_part_size); + std::vector second_part = + fuzzed_data.ConsumeRemainingBytes(); + + bssl::der::Input in1(first_part.data(), first_part.size()); + bssl::der::Input in2(second_part.data(), second_part.size()); + bool match = net::VerifyNameInSubtree(in1, in2); + bool reverse_order_match = net::VerifyNameInSubtree(in2, in1); + // If both InSubtree matches are true, then in1 == in2 (modulo normalization). + if (match && reverse_order_match) + CHECK(net::VerifyNameMatch(in1, in2)); + return 0; +} diff --git a/pki/verify_signed_data.cc b/pki/verify_signed_data.cc new file mode 100644 index 0000000000..a7a2cf63e1 --- /dev/null +++ b/pki/verify_signed_data.cc @@ -0,0 +1,290 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_signed_data.h" + +#include "fillins/openssl_util.h" +#include "cert_errors.h" +#include "signature_algorithm.h" +#include "signature_verify_cache.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include +#include +#include +#include +#include + +namespace bssl { + +namespace { + +bool SHA256UpdateWithLengthPrefixedData(SHA256_CTX* s_ctx, + const uint8_t* data, + uint64_t length) { + return (SHA256_Update(s_ctx, reinterpret_cast(&length), + sizeof(length)) && + SHA256_Update(s_ctx, data, length)); +} + +// Increase to make incompatible changes in the computation of the +// cache key. +constexpr uint32_t VerifyCacheKeyVersion = 1; + +std::string SignatureVerifyCacheKey(std::string_view algorithm_name, + const der::Input& signed_data, + const der::Input& signature_value_bytes, + EVP_PKEY* public_key) { + SHA256_CTX s_ctx; + bssl::ScopedCBB public_key_cbb; + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t version = VerifyCacheKeyVersion; + if (CBB_init(public_key_cbb.get(), 128) && + EVP_marshal_public_key(public_key_cbb.get(), public_key) && + SHA256_Init(&s_ctx) && + SHA256_Update(&s_ctx, reinterpret_cast(&version), + sizeof(version)) && + SHA256UpdateWithLengthPrefixedData( + &s_ctx, reinterpret_cast(algorithm_name.data()), + algorithm_name.length()) && + SHA256UpdateWithLengthPrefixedData(&s_ctx, CBB_data(public_key_cbb.get()), + CBB_len(public_key_cbb.get())) && + SHA256UpdateWithLengthPrefixedData(&s_ctx, + signature_value_bytes.UnsafeData(), + signature_value_bytes.Length()) && + SHA256UpdateWithLengthPrefixedData(&s_ctx, signed_data.UnsafeData(), + signed_data.Length()) && + SHA256_Final(digest, &s_ctx)) { + return std::string(reinterpret_cast(digest), sizeof(digest)); + } + return std::string(); +} + +} // namespace + +// Parses an RSA public key or EC public key from SPKI to an EVP_PKEY. Returns +// true on success. +// +// This function only recognizes the "pk-rsa" (rsaEncryption) flavor of RSA +// public key from RFC 5912. +// +// pk-rsa PUBLIC-KEY ::= { +// IDENTIFIER rsaEncryption +// KEY RSAPublicKey +// PARAMS TYPE NULL ARE absent +// -- Private key format not in this module -- +// CERT-KEY-USAGE {digitalSignature, nonRepudiation, +// keyEncipherment, dataEncipherment, keyCertSign, cRLSign} +// } +// +// COMPATIBILITY NOTE: RFC 5912 and RFC 3279 are in disagreement on the value +// of parameters for rsaEncryption. Whereas RFC 5912 says they must be absent, +// RFC 3279 says they must be NULL: +// +// The rsaEncryption OID is intended to be used in the algorithm field +// of a value of type AlgorithmIdentifier. The parameters field MUST +// have ASN.1 type NULL for this algorithm identifier. +// +// Following RFC 3279 in this case. +// +// In the case of parsing EC keys, RFC 5912 describes all the ECDSA +// signature algorithms as requiring a public key of type "pk-ec": +// +// pk-ec PUBLIC-KEY ::= { +// IDENTIFIER id-ecPublicKey +// KEY ECPoint +// PARAMS TYPE ECParameters ARE required +// -- Private key format not in this module -- +// CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement, +// keyCertSign, cRLSign } +// } +// +// Moreover RFC 5912 stipulates what curves are allowed. The ECParameters +// MUST NOT use an implicitCurve or specificCurve for PKIX: +// +// ECParameters ::= CHOICE { +// namedCurve CURVE.&id({NamedCurve}) +// -- implicitCurve NULL +// -- implicitCurve MUST NOT be used in PKIX +// -- specifiedCurve SpecifiedCurve +// -- specifiedCurve MUST NOT be used in PKIX +// -- Details for specifiedCurve can be found in [X9.62] +// -- Any future additions to this CHOICE should be coordinated +// -- with ANSI X.9. +// } +// -- If you need to be able to decode ANSI X.9 parameter structures, +// -- uncomment the implicitCurve and specifiedCurve above, and also +// -- uncomment the following: +// --(WITH COMPONENTS {namedCurve PRESENT}) +// +// The namedCurves are extensible. The ones described by RFC 5912 are: +// +// NamedCurve CURVE ::= { +// { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } | +// { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } | +// { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } | +// { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } | +// { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 }, +// ... -- Extensible +// } +bool ParsePublicKey(const der::Input& public_key_spki, + bssl::UniquePtr* public_key) { + // Parse the SPKI to an EVP_PKEY. + fillins::OpenSSLErrStackTracer err_tracer; + + CBS cbs; + CBS_init(&cbs, public_key_spki.UnsafeData(), public_key_spki.Length()); + public_key->reset(EVP_parse_public_key(&cbs)); + if (!*public_key || CBS_len(&cbs) != 0) { + public_key->reset(); + return false; + } + return true; +} + +bool VerifySignedData(SignatureAlgorithm algorithm, + const der::Input& signed_data, + const der::BitString& signature_value, + EVP_PKEY* public_key, + SignatureVerifyCache* cache) { + int expected_pkey_id = 1; + const EVP_MD* digest = nullptr; + bool is_rsa_pss = false; + std::string_view cache_algorithm_name; + switch (algorithm) { + case SignatureAlgorithm::kRsaPkcs1Sha1: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha1(); + cache_algorithm_name = "RsaPkcs1Sha1"; + break; + case SignatureAlgorithm::kRsaPkcs1Sha256: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha256(); + cache_algorithm_name = "RsaPkcs1Sha256"; + break; + case SignatureAlgorithm::kRsaPkcs1Sha384: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha384(); + cache_algorithm_name = "RsaPkcs1Sha384"; + break; + case SignatureAlgorithm::kRsaPkcs1Sha512: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha512(); + cache_algorithm_name = "RsaPkcs1Sha512"; + break; + + case SignatureAlgorithm::kEcdsaSha1: + expected_pkey_id = EVP_PKEY_EC; + digest = EVP_sha1(); + cache_algorithm_name = "EcdsaSha1"; + break; + case SignatureAlgorithm::kEcdsaSha256: + expected_pkey_id = EVP_PKEY_EC; + digest = EVP_sha256(); + cache_algorithm_name = "EcdsaSha256"; + break; + case SignatureAlgorithm::kEcdsaSha384: + expected_pkey_id = EVP_PKEY_EC; + digest = EVP_sha384(); + cache_algorithm_name = "EcdsaSha384"; + break; + case SignatureAlgorithm::kEcdsaSha512: + expected_pkey_id = EVP_PKEY_EC; + digest = EVP_sha512(); + cache_algorithm_name = "EcdsaSha512"; + break; + + case SignatureAlgorithm::kRsaPssSha256: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha256(); + cache_algorithm_name = "RsaPssSha256"; + is_rsa_pss = true; + break; + case SignatureAlgorithm::kRsaPssSha384: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha384(); + cache_algorithm_name = "RsaPssSha384"; + is_rsa_pss = true; + break; + case SignatureAlgorithm::kRsaPssSha512: + expected_pkey_id = EVP_PKEY_RSA; + digest = EVP_sha512(); + cache_algorithm_name = "RsaPssSha512"; + is_rsa_pss = true; + break; + } + + if (expected_pkey_id != EVP_PKEY_id(public_key)) + return false; + + // For the supported algorithms the signature value must be a whole + // number of bytes. + if (signature_value.unused_bits() != 0) + return false; + const der::Input& signature_value_bytes = signature_value.bytes(); + + std::string cache_key; + if (cache) { + cache_key = SignatureVerifyCacheKey(cache_algorithm_name, signed_data, + signature_value_bytes, public_key); + if (!cache_key.empty()) { + switch (cache->Check(cache_key)) { + case SignatureVerifyCache::Value::kValid: + return true; + case SignatureVerifyCache::Value::kInvalid: + return false; + case SignatureVerifyCache::Value::kUnknown: + break; + } + } + } + + fillins::OpenSSLErrStackTracer err_tracer; + + bssl::ScopedEVP_MD_CTX ctx; + EVP_PKEY_CTX* pctx = nullptr; // Owned by |ctx|. + + if (!EVP_DigestVerifyInit(ctx.get(), &pctx, digest, nullptr, public_key)) + return false; + + if (is_rsa_pss) { + // All supported RSASSA-PSS algorithms match signing and MGF-1 digest. They + // also use the digest length as the salt length, which is specified with -1 + // in OpenSSL's API. + if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) { + return false; + } + } + + if (!EVP_DigestVerifyUpdate(ctx.get(), signed_data.UnsafeData(), + signed_data.Length())) { + return false; + } + + bool ret = + 1 == EVP_DigestVerifyFinal(ctx.get(), signature_value_bytes.UnsafeData(), + signature_value_bytes.Length()); + if (!cache_key.empty()) { + cache->Store(cache_key, ret ? SignatureVerifyCache::Value::kValid + : SignatureVerifyCache::Value::kInvalid); + } + + return ret; +} + +bool VerifySignedData(SignatureAlgorithm algorithm, + const der::Input& signed_data, + const der::BitString& signature_value, + const der::Input& public_key_spki, + SignatureVerifyCache* cache) { + bssl::UniquePtr public_key; + if (!ParsePublicKey(public_key_spki, &public_key)) + return false; + return VerifySignedData(algorithm, signed_data, signature_value, + public_key.get(), cache); +} + +} // namespace net diff --git a/pki/verify_signed_data.h b/pki/verify_signed_data.h new file mode 100644 index 0000000000..27b5af51a2 --- /dev/null +++ b/pki/verify_signed_data.h @@ -0,0 +1,53 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_VERIFY_SIGNED_DATA_H_ +#define BSSL_PKI_VERIFY_SIGNED_DATA_H_ + +#include "fillins/openssl_util.h" +#include "fillins/openssl_util.h" + +#include "signature_algorithm.h" +#include "signature_verify_cache.h" +#include + +namespace bssl { + +namespace der { +class BitString; +class Input; +} // namespace der + +// Verifies that |signature_value| is a valid signature of |signed_data| using +// the algorithm |algorithm| and the public key |public_key|. +// +// |algorithm| - The parsed AlgorithmIdentifier +// |signed_data| - The blob of data to verify +// |signature_value| - The BIT STRING for the signature's value +// |public_key| - The parsed (non-null) public key. +// +// Returns true if verification was successful. +[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData( + SignatureAlgorithm algorithm, + const der::Input& signed_data, + const der::BitString& signature_value, + EVP_PKEY* public_key, + SignatureVerifyCache* cache); + +// Same as above overload, only the public key is inputted as an SPKI and will +// be parsed internally. +[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData( + SignatureAlgorithm algorithm, + const der::Input& signed_data, + const der::BitString& signature_value, + const der::Input& public_key_spki, + SignatureVerifyCache* cache); + +[[nodiscard]] OPENSSL_EXPORT bool ParsePublicKey( + const der::Input& public_key_spki, + bssl::UniquePtr* public_key); + +} // namespace net + +#endif // BSSL_PKI_VERIFY_SIGNED_DATA_H_ diff --git a/pki/verify_signed_data_unittest.cc b/pki/verify_signed_data_unittest.cc new file mode 100644 index 0000000000..3dd5702acd --- /dev/null +++ b/pki/verify_signed_data_unittest.cc @@ -0,0 +1,242 @@ +// Copyright 2015 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "verify_signed_data.h" + +#include +#include + +#include "cert_errors.h" +#include "mock_signature_verify_cache.h" +#include "signature_algorithm.h" +#include "test_helpers.h" +#include "input.h" +#include "parse_values.h" +#include "parser.h" +#include +#include + +namespace bssl { + +namespace { + +enum VerifyResult { + SUCCESS, + FAILURE, +}; + +// Reads test data from |file_name| and runs VerifySignedData() over its +// inputs. +// +// If expected_result was SUCCESS then the test will only succeed if +// VerifySignedData() returns true. +// +// If expected_result was FAILURE then the test will only succeed if +// VerifySignedData() returns false. +void RunTestCase(VerifyResult expected_result, + const char* file_name, + SignatureVerifyCache* cache) { + std::string path = + std::string("testdata/verify_signed_data_unittest/") + file_name; + + std::string public_key; + std::string algorithm; + std::string signed_data; + std::string signature_value; + + const PemBlockMapping mappings[] = { + {"PUBLIC KEY", &public_key}, + {"ALGORITHM", &algorithm}, + {"DATA", &signed_data}, + {"SIGNATURE", &signature_value}, + }; + + ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings)); + + std::optional signature_algorithm = + ParseSignatureAlgorithm(der::Input(&algorithm)); + ASSERT_TRUE(signature_algorithm); + + der::Parser signature_value_parser((der::Input(&signature_value))); + std::optional signature_value_bit_string = + signature_value_parser.ReadBitString(); + ASSERT_TRUE(signature_value_bit_string.has_value()) + << "The signature value is not a valid BIT STRING"; + + bool expected_result_bool = expected_result == SUCCESS; + + bool result = VerifySignedData(*signature_algorithm, der::Input(&signed_data), + signature_value_bit_string.value(), + der::Input(&public_key), cache); + + EXPECT_EQ(expected_result_bool, result); +} + +void RunTestCase(VerifyResult expected_result, const char* file_name) { + RunTestCase(expected_result, file_name, /*cache=*/nullptr); +} + +// Read the descriptions in the test files themselves for details on what is +// being tested. + +TEST(VerifySignedDataTest, RsaPkcs1Sha1) { + RunTestCase(SUCCESS, "rsa-pkcs1-sha1.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha256) { + RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem"); +} + +TEST(VerifySignedDataTest, Rsa2048Pkcs1Sha512) { + RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha256KeyEncodedBer) { + RunTestCase(FAILURE, "rsa-pkcs1-sha256-key-encoded-ber.pem"); +} + +TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256) { + RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512) { + RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); +} + +TEST(VerifySignedDataTest, RsaPssSha256) { + RunTestCase(SUCCESS, "rsa-pss-sha256.pem"); +} + +TEST(VerifySignedDataTest, RsaPssSha256WrongSalt) { + RunTestCase(FAILURE, "rsa-pss-sha256-wrong-salt.pem"); +} + +TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256CorruptedData) { + RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha1WrongAlgorithm) { + RunTestCase(FAILURE, "rsa-pkcs1-sha1-wrong-algorithm.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512WrongSignatureFormat) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-wrong-signature-format.pem"); +} + +TEST(VerifySignedDataTest, EcdsaUsingRsaKey) { + RunTestCase(FAILURE, "ecdsa-using-rsa-key.pem"); +} + +TEST(VerifySignedDataTest, RsaUsingEcKey) { + RunTestCase(FAILURE, "rsa-using-ec-key.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerNull) { + RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-null.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerLength) { + RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-length.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingEcdsaAlgorithm) { + RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingRsaAlgorithm) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcdhKey) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcmqvKey) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha1KeyParamsAbsent) { + RunTestCase(FAILURE, "rsa-pkcs1-sha1-key-params-absent.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha1UsingPssKeyNoParams) { + RunTestCase(FAILURE, "rsa-pkcs1-sha1-using-pss-key-no-params.pem"); +} + +TEST(VerifySignedDataTest, RsaPssSha256UsingPssKeyWithParams) { + // We do not support RSA-PSS SPKIs. + RunTestCase(FAILURE, "rsa-pss-sha256-using-pss-key-with-params.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SpkiParamsNull) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-spki-params-null.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingIdEaRsa) { + RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-id-ea-rsa.pem"); +} + +TEST(VerifySignedDataTest, RsaPkcs1Sha256SpkiNonNullParams) { + RunTestCase(FAILURE, "rsa-pkcs1-sha256-spki-non-null-params.pem"); +} + +TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) { + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem"); +} + +TEST(VerifySignedDataTest, Ecdsa384) { + // Using the regular policy both secp384r1 and secp256r1 should be accepted. + RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); + RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); +} + +TEST(VerifySignedDataTestWithCache, TestVerifyCache) { + MockSignatureVerifyCache verify_cache; + // Trivially, with no cache, all stats should be 0. + RunTestCase(SUCCESS, "rsa-pss-sha256.pem", /*cache=*/nullptr); + EXPECT_EQ(verify_cache.CacheHits(), 0U); + EXPECT_EQ(verify_cache.CacheMisses(), 0U); + EXPECT_EQ(verify_cache.CacheStores(), 0U); + // Use the cache, with a successful verification should see a miss and a + // store. + RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache); + EXPECT_EQ(verify_cache.CacheHits(), 0U); + EXPECT_EQ(verify_cache.CacheMisses(), 1U); + EXPECT_EQ(verify_cache.CacheStores(), 1U); + // Repeating the previous successful verification should show cache hits. + RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache); + RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache); + RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache); + EXPECT_EQ(verify_cache.CacheHits(), 3U); + EXPECT_EQ(verify_cache.CacheMisses(), 1U); + EXPECT_EQ(verify_cache.CacheStores(), 1U); + // Failures which are not due to a failed signature check should have no + // effect as they must not be cached. + RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem", + &verify_cache); + EXPECT_EQ(verify_cache.CacheHits(), 3U); + EXPECT_EQ(verify_cache.CacheMisses(), 1U); + EXPECT_EQ(verify_cache.CacheStores(), 1U); + // Failures which are due to a failed signature check should see a miss and a + // store. + RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem", + &verify_cache); + EXPECT_EQ(verify_cache.CacheHits(), 3U); + EXPECT_EQ(verify_cache.CacheMisses(), 2U); + EXPECT_EQ(verify_cache.CacheStores(), 2U); + // Repeating the previous failed verification should show cache hits. + RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem", + &verify_cache); + RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem", + &verify_cache); + RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem", + &verify_cache); + EXPECT_EQ(verify_cache.CacheHits(), 6U); + EXPECT_EQ(verify_cache.CacheMisses(), 2U); + EXPECT_EQ(verify_cache.CacheStores(), 2U); +} + +} // namespace + +} // namespace net diff --git a/pki/x509_cert_types.h b/pki/x509_cert_types.h new file mode 100644 index 0000000000..42f92384f0 --- /dev/null +++ b/pki/x509_cert_types.h @@ -0,0 +1,63 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_X509_CERT_TYPES_H_ +#define BSSL_PKI_X509_CERT_TYPES_H_ + +#include "fillins/openssl_util.h" +#include +#include + + +#include "input.h" + +namespace bssl { + +// CertPrincipal represents the issuer or subject field of an X.509 certificate. +struct OPENSSL_EXPORT CertPrincipal { + CertPrincipal(); + CertPrincipal(const CertPrincipal&); + CertPrincipal(CertPrincipal&&); + ~CertPrincipal(); + + // Configures handling of PrintableString values in the DistinguishedName. Do + // not use non-default handling without consulting //net owners. With + // kAsUTF8Hack, PrintableStrings are interpreted as UTF-8 strings. + enum class PrintableStringHandling { kDefault, kAsUTF8Hack }; + + // Parses a BER-format DistinguishedName. + bool ParseDistinguishedName( + der::Input ber_name_data, + PrintableStringHandling printable_string_handling = + PrintableStringHandling::kDefault); + + // Returns a name that can be used to represent the issuer. It tries in this + // order: CN, O and OU and returns the first non-empty one found. + std::string GetDisplayName() const; + + // True if this object is equal to `other`. This is only exposed for testing, + // as a CertPrincipal object does not fully represent the X.509 Name it was + // parsed from, and comparing them likely does not mean what you want. + bool EqualsForTesting(const CertPrincipal& other) const; + + // The different attributes for a principal, stored in UTF-8. They may be "". + // Note that some of them can have several values. + + std::string common_name; + std::string locality_name; + std::string state_or_province_name; + std::string country_name; + + std::vector organization_names; + std::vector organization_unit_names; + + private: + // Comparison operator is private and only defined for use by + // EqualsForTesting, see comment there for more details. + bool operator==(const CertPrincipal& other) const; +}; + +} // namespace net + +#endif // BSSL_PKI_X509_CERT_TYPES_H_ diff --git a/pki/x509_certificate.cc b/pki/x509_certificate.cc new file mode 100644 index 0000000000..1505c71be4 --- /dev/null +++ b/pki/x509_certificate.cc @@ -0,0 +1,784 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "fillins/bits.h" +#include "string_util.h" +#include "x509_certificate.h" + +#include +#include + +#include +#include +#include + +#include "fillins/base64.h" + +#include +#include "base/logging.h" + + +#include + +#include "fillins/string_util.h" + + +#include "fillins/openssl_util.h" +#include "fillins/ip_address.h" +#include "base/registry_controlled_domains/registry_controlled_domain.h" +#include "base/tracing.h" +#include "base/url_util.h" +#include "asn1_util.h" +#include "pem.h" +#include "cert_errors.h" +#include "name_constraints.h" +#include "parsed_certificate.h" +#include "signature_algorithm.h" +#include "verify_certificate_chain.h" +#include "verify_name_match.h" +#include "verify_signed_data.h" +#include "time_conversions.h" +#include "fillins/x509_util.h" +#include "parser.h" + +#include +#include +#include +#include "url/url_canon.h" + +namespace bssl { + +namespace { + +// Indicates the order to use when trying to decode binary data, which is +// based on (speculation) as to what will be most common -> least common +const X509Certificate::Format kFormatDecodePriority[] = { + X509Certificate::FORMAT_SINGLE_CERTIFICATE, + X509Certificate::FORMAT_PKCS7 +}; + +// The PEM block header used for DER certificates +const char kCertificateHeader[] = "CERTIFICATE"; +// The PEM block header used for PKCS#7 data +const char kPKCS7Header[] = "PKCS7"; + +// Utility to split |src| on the first occurrence of |c|, if any. |right| will +// either be empty if |c| was not found, or will contain the remainder of the +// string including the split character itself. +void SplitOnChar(std::string_view src, + char c, + std::string_view* left, + std::string_view* right) { + size_t pos = src.find(c); + if (pos == std::string_view::npos) { + *left = src; + *right = std::string_view(); + } else { + *left = src.substr(0, pos); + *right = src.substr(pos); + } +} + +// Sets |value| to the Value from a DER Sequence Tag-Length-Value and return +// true, or return false if the TLV was not a valid DER Sequence. +[[nodiscard]] bool ParseSequenceValue(const der::Input& tlv, + der::Input* value) { + der::Parser parser(tlv); + return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); +} + +// Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning +// true on success or false if there was a parsing error. +bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert, + std::string* out_normalized_issuer) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCertificate( + der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)), + &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, + nullptr)) { + return false; + } + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + x509_util::DefaultParseCertificateOptions(), &tbs, + nullptr)) + return false; + + der::Input issuer_value; + if (!ParseSequenceValue(tbs.issuer_tlv, &issuer_value)) + return false; + + CertErrors errors; + return NormalizeName(issuer_value, out_normalized_issuer, &errors); +} + +bssl::UniquePtr CreateCertBufferFromBytesWithSanityCheck( + bssl::Span data) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + // Do a bare minimum of DER parsing here to see if the input looks + // certificate-ish. + if (!ParseCertificate(der::Input(data.data(), data.size()), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return nullptr; + } + return x509_util::CreateCryptoBuffer(data); +} + +} // namespace + +// static +std::shared_ptr X509Certificate::CreateFromBuffer( + bssl::UniquePtr cert_buffer, + std::vector> intermediates) { + return CreateFromBufferUnsafeOptions(std::move(cert_buffer), + std::move(intermediates), {}); +} + +// static +std::shared_ptr X509Certificate::CreateFromBufferUnsafeOptions( + bssl::UniquePtr cert_buffer, + std::vector> intermediates, + UnsafeCreateOptions options) { + DCHECK(cert_buffer); + ParsedFields parsed; + if (!parsed.Initialize(cert_buffer.get(), options)) { + return nullptr; + } + return base::WrapRefCounted(new X509Certificate( + std::move(parsed), std::move(cert_buffer), std::move(intermediates))); +} + +// static +std::shared_ptr X509Certificate::CreateFromDERCertChain( + const std::vector& der_certs) { + return CreateFromDERCertChainUnsafeOptions(der_certs, {}); +} + +// static +std::shared_ptr +X509Certificate::CreateFromDERCertChainUnsafeOptions( + const std::vector& der_certs, + UnsafeCreateOptions options) { + TRACE_EVENT0("io", "X509Certificate::CreateFromDERCertChain"); + if (der_certs.empty()) + return nullptr; + + std::vector> intermediate_ca_certs; + intermediate_ca_certs.reserve(der_certs.size() - 1); + for (size_t i = 1; i < der_certs.size(); i++) { + intermediate_ca_certs.push_back( + x509_util::CreateCryptoBuffer(der_certs[i])); + } + + return CreateFromBufferUnsafeOptions( + x509_util::CreateCryptoBuffer(der_certs[0]), + std::move(intermediate_ca_certs), options); +} + +// static +std::shared_ptr X509Certificate::CreateFromBytes( + bssl::Span data) { + return CreateFromBytesUnsafeOptions(data, {}); +} + +// static +std::shared_ptr X509Certificate::CreateFromBytesUnsafeOptions( + bssl::Span data, + UnsafeCreateOptions options) { + std::shared_ptr cert = CreateFromBufferUnsafeOptions( + x509_util::CreateCryptoBuffer(data), {}, options); + return cert; +} + +// static +std::shared_ptr X509Certificate::CreateFromPickle( + base::PickleIterator* pickle_iter) { + return CreateFromPickleUnsafeOptions(pickle_iter, {}); +} + +// static +std::shared_ptr X509Certificate::CreateFromPickleUnsafeOptions( + base::PickleIterator* pickle_iter, + UnsafeCreateOptions options) { + size_t chain_length = 0; + if (!pickle_iter->ReadLength(&chain_length)) + return nullptr; + + std::vector cert_chain; + const char* data = nullptr; + size_t data_length = 0; + for (size_t i = 0; i < chain_length; ++i) { + if (!pickle_iter->ReadData(&data, &data_length)) + return nullptr; + cert_chain.emplace_back(data, data_length); + } + return CreateFromDERCertChainUnsafeOptions(cert_chain, options); +} + +// static +CertificateList X509Certificate::CreateCertificateListFromBytes( + bssl::Span data, + int format) { + std::vector> certificates; + + // Check to see if it is in a PEM-encoded form. This check is performed + // first, as both OS X and NSS will both try to convert if they detect + // PEM encoding, except they don't do it consistently between the two. + std::string_view data_string(reinterpret_cast(data.data()), + data.size()); + std::vector pem_headers; + + // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally + // valid PEM block header for any format. + pem_headers.push_back(kCertificateHeader); + if (format & FORMAT_PKCS7) + pem_headers.push_back(kPKCS7Header); + + PEMTokenizer pem_tokenizer(data_string, pem_headers); + while (pem_tokenizer.GetNext()) { + std::string decoded(pem_tokenizer.data()); + + bssl::UniquePtr handle; + if (format & FORMAT_PEM_CERT_SEQUENCE) { + handle = CreateCertBufferFromBytesWithSanityCheck( + fillins::as_bytes(bssl::MakeSpan(decoded))); + } + if (handle) { + // Parsed a DER encoded certificate. All PEM blocks that follow must + // also be DER encoded certificates wrapped inside of PEM blocks. + format = FORMAT_PEM_CERT_SEQUENCE; + certificates.push_back(std::move(handle)); + continue; + } + + // If the first block failed to parse as a DER certificate, and + // formats other than PEM are acceptable, check to see if the decoded + // data is one of the accepted formats. + if (format & ~FORMAT_PEM_CERT_SEQUENCE) { + for (size_t i = 0; + certificates.empty() && i < std::size(kFormatDecodePriority); ++i) { + if (format & kFormatDecodePriority[i]) { + certificates = CreateCertBuffersFromBytes( + fillins::as_bytes(bssl::MakeSpan(decoded)), + kFormatDecodePriority[i]); + } + } + } + + // Stop parsing after the first block for any format but a sequence of + // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE + // is handled above, and continues processing until a certificate fails + // to parse. + break; + } + + // Try each of the formats, in order of parse preference, to see if |data| + // contains the binary representation of a Format, if it failed to parse + // as a PEM certificate/chain. + for (size_t i = 0; + certificates.empty() && i < std::size(kFormatDecodePriority); ++i) { + if (format & kFormatDecodePriority[i]) + certificates = CreateCertBuffersFromBytes(data, kFormatDecodePriority[i]); + } + + CertificateList results; + // No certificates parsed. + if (certificates.empty()) + return results; + + for (auto& it : certificates) { + std::shared_ptr cert = CreateFromBuffer(std::move(it), {}); + if (cert) + results.push_back(std::move(cert)); + } + + return results; +} + +std::shared_ptr X509Certificate::CloneWithDifferentIntermediates( + std::vector> intermediates) { + // If intermediates are the same, return another reference to the same + // object. Note that this only does a pointer equality comparison on the + // CRYPTO_BUFFERs, which is generally sufficient, but in some edge cases + // buffers have equal contents but with different addresses. This is + // acceptable as this is just an optimization. + if (intermediates == intermediate_ca_certs_) { + return this; + } + + return base::WrapRefCounted( + new X509Certificate(*this, std::move(intermediates))); +} + +void X509Certificate::Persist(base::Pickle* pickle) const { + DCHECK(cert_buffer_); + // This would be an absolutely insane number of intermediates. + if (intermediate_ca_certs_.size() > static_cast(INT_MAX) - 1) { + abort(); //NOTREACHED; + return; + } + pickle->WriteInt(static_cast(intermediate_ca_certs_.size() + 1)); + pickle->WriteString(x509_util::CryptoBufferAsStringPiece(cert_buffer_.get())); + for (const auto& intermediate : intermediate_ca_certs_) { + pickle->WriteString( + x509_util::CryptoBufferAsStringPiece(intermediate.get())); + } +} + +bool X509Certificate::GetSubjectAltName( + std::vector* dns_names, + std::vector* ip_addrs) const { + if (dns_names) + dns_names->clear(); + if (ip_addrs) + ip_addrs->clear(); + + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_buffer_.get()), + CRYPTO_BUFFER_len(cert_buffer_.get())), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return false; + } + + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + x509_util::DefaultParseCertificateOptions(), &tbs, + nullptr)) + return false; + if (!tbs.extensions_tlv) + return false; + + std::map extensions; + if (!ParseExtensions(tbs.extensions_tlv.value(), &extensions)) + return false; + + ParsedExtension subject_alt_names_extension; + if (!ConsumeExtension(der::Input(kSubjectAltNameOid), &extensions, + &subject_alt_names_extension)) { + return false; + } + + CertErrors errors; + std::unique_ptr subject_alt_names = + GeneralNames::Create(subject_alt_names_extension.value, &errors); + if (!subject_alt_names) + return false; + + if (dns_names) { + for (const auto& dns_name : subject_alt_names->dns_names) + dns_names->push_back(std::string(dns_name)); + } + if (ip_addrs) { + for (const fillins::IPAddress& addr : subject_alt_names->ip_addresses) { + ip_addrs->push_back( + std::string(reinterpret_cast(addr.bytes().data()), + addr.bytes().size())); + } + } + + return !subject_alt_names->dns_names.empty() || + !subject_alt_names->ip_addresses.empty(); +} + +bool X509Certificate::HasExpired() const { + return absl::Now() > valid_expiry(); +} + +bool X509Certificate::EqualsExcludingChain(const X509Certificate* other) const { + return x509_util::CryptoBufferEqual(cert_buffer_.get(), + other->cert_buffer_.get()); +} + +bool X509Certificate::EqualsIncludingChain(const X509Certificate* other) const { + if (intermediate_ca_certs_.size() != other->intermediate_ca_certs_.size() || + !EqualsExcludingChain(other)) { + return false; + } + for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { + if (!x509_util::CryptoBufferEqual(intermediate_ca_certs_[i].get(), + other->intermediate_ca_certs_[i].get())) { + return false; + } + } + return true; +} + +bool X509Certificate::IsIssuedByEncoded( + const std::vector& valid_issuers) const { + std::vector normalized_issuers; + CertErrors errors; + for (const auto& raw_issuer : valid_issuers) { + der::Input issuer_value; + std::string normalized_issuer; + if (!ParseSequenceValue(der::Input(&raw_issuer), &issuer_value) || + !NormalizeName(issuer_value, &normalized_issuer, &errors)) { + continue; + } + normalized_issuers.push_back(std::move(normalized_issuer)); + } + + std::string normalized_cert_issuer; + if (!GetNormalizedCertIssuer(cert_buffer_.get(), &normalized_cert_issuer)) + return false; + if (base::Contains(normalized_issuers, normalized_cert_issuer)) + return true; + + for (const auto& intermediate : intermediate_ca_certs_) { + if (!GetNormalizedCertIssuer(intermediate.get(), &normalized_cert_issuer)) + return false; + if (base::Contains(normalized_issuers, normalized_cert_issuer)) + return true; + } + return false; +} + +// static +bool X509Certificate::VerifyHostname( + const std::string& hostname, + const std::vector& cert_san_dns_names, + const std::vector& cert_san_ip_addrs) { + DCHECK(!hostname.empty()); + + if (cert_san_dns_names.empty() && cert_san_ip_addrs.empty()) { + // Either a dNSName or iPAddress subjectAltName MUST be present in order + // to match, so fail quickly if not. + return false; + } + + // Perform name verification following http://tools.ietf.org/html/rfc6125. + // The terminology used in this method is as per that RFC:- + // Reference identifier == the host the local user/agent is intending to + // access, i.e. the thing displayed in the URL bar. + // Presented identifier(s) == name(s) the server knows itself as, in its cert. + + // CanonicalizeHost requires surrounding brackets to parse an IPv6 address. + const std::string host_or_ip = hostname.find(':') != std::string::npos ? + "[" + hostname + "]" : hostname; + url::CanonHostInfo host_info; + std::string reference_name = CanonicalizeHost(host_or_ip, &host_info); + + // If the host cannot be canonicalized, fail fast. + if (reference_name.empty()) + return false; + + // Fully handle all cases where |hostname| contains an IP address. + if (host_info.IsIPAddress()) { + std::string_view ip_addr_string( + reinterpret_cast(host_info.address), + host_info.AddressLength()); + return base::Contains(cert_san_ip_addrs, ip_addr_string); + } + + // The host portion of a URL may support a variety of name resolution formats + // and services. However, the only supported name types in this code are IP + // addresses, which have been handled above via iPAddress subjectAltNames, + // and DNS names, via dNSName subjectAltNames. + // Validate that the host conforms to the DNS preferred name syntax, in + // either relative or absolute form, and exclude the "root" label for DNS. + if (reference_name == "." || !IsCanonicalizedHostCompliant(reference_name)) + return false; + + // CanonicalizeHost does not normalize absolute vs relative DNS names. If + // the input name was absolute (included trailing .), normalize it as if it + // was relative. + if (reference_name.back() == '.') + reference_name.pop_back(); + + // |reference_domain| is the remainder of |host| after the leading host + // component is stripped off, but includes the leading dot e.g. + // "www.f.com" -> ".f.com". + // If there is no meaningful domain part to |host| (e.g. it contains no dots) + // then |reference_domain| will be empty. + std::string_view reference_host, reference_domain; + SplitOnChar(reference_name, '.', &reference_host, &reference_domain); + bool allow_wildcards = false; + if (!reference_domain.empty()) { + DCHECK(bssl::string_util::StartsWith(reference_domain, ".")); + + // Do not allow wildcards for public/ICANN registry controlled domains - + // that is, prevent *.com or *.co.uk as valid presented names, but do not + // prevent *.appspot.com (a private registry controlled domain). + // In addition, unknown top-level domains (such as 'intranet' domains or + // new TLDs/gTLDs not yet added to the registry controlled domain dataset) + // are also implicitly prevented. + // Because |reference_domain| must contain at least one name component that + // is not registry controlled, this ensures that all reference domains + // contain at least three domain components when using wildcards. + size_t registry_length = + registry_controlled_domains::GetCanonicalHostRegistryLength( + reference_name, + registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, + registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); + + // Because |reference_name| was already canonicalized, the following + // should never happen. + CHECK_NE(std::string::npos, registry_length); + + // Account for the leading dot in |reference_domain|. + bool is_registry_controlled = + registry_length != 0 && + registry_length == (reference_domain.size() - 1); + + // Additionally, do not attempt wildcard matching for purely numeric + // hostnames. + allow_wildcards = + !is_registry_controlled && + reference_name.find_first_not_of("0123456789.") != std::string::npos; + } + + // Now step through the DNS names doing wild card comparison (if necessary) + // on each against the reference name. + for (const auto& cert_san_dns_name : cert_san_dns_names) { + // Catch badly corrupt cert names up front. + if (cert_san_dns_name.empty() || + cert_san_dns_name.find('\0') != std::string::npos) { + continue; + } + std::string presented_name(base::ToLowerASCII(cert_san_dns_name)); + + // Remove trailing dot, if any. + if (*presented_name.rbegin() == '.') + presented_name.resize(presented_name.length() - 1); + + // The hostname must be at least as long as the cert name it is matching, + // as we require the wildcard (if present) to match at least one character. + if (presented_name.length() > reference_name.length()) + continue; + + std::string_view presented_host, presented_domain; + SplitOnChar(presented_name, '.', &presented_host, &presented_domain); + + if (presented_domain != reference_domain) + continue; + + if (presented_host != "*") { + if (presented_host == reference_host) + return true; + continue; + } + + if (!allow_wildcards) + continue; + + return true; + } + return false; +} + +bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { + std::vector dns_names, ip_addrs; + GetSubjectAltName(&dns_names, &ip_addrs); + return VerifyHostname(hostname, dns_names, ip_addrs); +} + +// static +bool X509Certificate::GetPEMEncodedFromDER(std::string_view der_encoded, + std::string* pem_encoded) { + if (der_encoded.empty()) + return false; + + *pem_encoded = PEMEncode(der_encoded, "CERTIFICATE"); + return true; +} + +// static +bool X509Certificate::GetPEMEncoded(const CRYPTO_BUFFER* cert_buffer, + std::string* pem_encoded) { + return GetPEMEncodedFromDER(x509_util::CryptoBufferAsStringPiece(cert_buffer), + pem_encoded); +} + +bool X509Certificate::GetPEMEncodedChain( + std::vector* pem_encoded) const { + std::vector encoded_chain; + std::string pem_data; + if (!GetPEMEncoded(cert_buffer(), &pem_data)) + return false; + encoded_chain.push_back(pem_data); + for (const auto& intermediate_ca_cert : intermediate_ca_certs_) { + if (!GetPEMEncoded(intermediate_ca_cert.get(), &pem_data)) + return false; + encoded_chain.push_back(pem_data); + } + pem_encoded->swap(encoded_chain); + return true; +} + +// static +void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + size_t* size_bits, + PublicKeyType* type) { + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + + std::string_view spki; + if (!asn1::ExtractSPKIFromDERCert( + std::string_view( + reinterpret_cast(CRYPTO_BUFFER_data(cert_buffer)), + CRYPTO_BUFFER_len(cert_buffer)), + &spki)) { + return; + } + + bssl::UniquePtr pkey; + fillins::OpenSSLErrStackTracer err_tracer; + CBS cbs; + CBS_init(&cbs, reinterpret_cast(spki.data()), spki.size()); + pkey.reset(EVP_parse_public_key(&cbs)); + if (!pkey) + return; + + switch (EVP_PKEY_id(pkey.get())) { + case EVP_PKEY_RSA: + *type = kPublicKeyTypeRSA; + break; + case EVP_PKEY_DSA: + *type = kPublicKeyTypeDSA; + break; + case EVP_PKEY_EC: + *type = kPublicKeyTypeECDSA; + break; + case EVP_PKEY_DH: + *type = kPublicKeyTypeDH; + break; + } + *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); +} + +// static +std::vector> +X509Certificate::CreateCertBuffersFromBytes(bssl::Span data, + Format format) { + std::vector> results; + + switch (format) { + case FORMAT_SINGLE_CERTIFICATE: { + bssl::UniquePtr handle = + CreateCertBufferFromBytesWithSanityCheck(data); + if (handle) + results.push_back(std::move(handle)); + break; + } + case FORMAT_PKCS7: { + x509_util::CreateCertBuffersFromPKCS7Bytes(data, &results); + break; + } + default: { + abort(); //NOTREACHED << "Certificate format " << format << " unimplemented"; + break; + } + } + + return results; +} + +// static +SHA256HashValue X509Certificate::CalculateFingerprint256( + const CRYPTO_BUFFER* cert) { + SHA256HashValue sha256; + + SHA256(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert), sha256.data); + return sha256; +} + +SHA256HashValue X509Certificate::CalculateChainFingerprint256() const { + SHA256HashValue sha256; + memset(sha256.data, 0, sizeof(sha256.data)); + + SHA256_CTX sha256_ctx; + SHA256_Init(&sha256_ctx); + SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert_buffer_.get()), + CRYPTO_BUFFER_len(cert_buffer_.get())); + for (const auto& cert : intermediate_ca_certs_) { + SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert.get()), + CRYPTO_BUFFER_len(cert.get())); + } + SHA256_Final(sha256.data, &sha256_ctx); + + return sha256; +} + +// static +bool X509Certificate::IsSelfSigned(CRYPTO_BUFFER* cert_buffer) { + std::shared_ptr parsed_cert = + ParsedCertificate::Create(bssl::UpRef(cert_buffer), + x509_util::DefaultParseCertificateOptions(), + /*errors=*/nullptr); + if (!parsed_cert) { + return false; + } + return VerifyCertificateIsSelfSigned(*parsed_cert, /*cache=*/nullptr, + /*errors=*/nullptr); +} + +X509Certificate::X509Certificate( + ParsedFields parsed, + bssl::UniquePtr cert_buffer, + std::vector> intermediates) + : parsed_(std::move(parsed)), + cert_buffer_(std::move(cert_buffer)), + intermediate_ca_certs_(std::move(intermediates)) {} + +X509Certificate::X509Certificate( + const X509Certificate& other, + std::vector> intermediates) + : parsed_(other.parsed_), + cert_buffer_(bssl::UpRef(other.cert_buffer_)), + intermediate_ca_certs_(std::move(intermediates)) {} + +X509Certificate::~X509Certificate() = default; + +X509Certificate::ParsedFields::ParsedFields() = default; +X509Certificate::ParsedFields::ParsedFields(const ParsedFields&) = default; +X509Certificate::ParsedFields::ParsedFields(ParsedFields&&) = default; +X509Certificate::ParsedFields::~ParsedFields() = default; + +bool X509Certificate::ParsedFields::Initialize( + const CRYPTO_BUFFER* cert_buffer, + X509Certificate::UnsafeCreateOptions options) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + + if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_buffer), + CRYPTO_BUFFER_len(cert_buffer)), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return false; + } + + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + x509_util::DefaultParseCertificateOptions(), &tbs, + nullptr)) + return false; + + CertPrincipal::PrintableStringHandling printable_string_handling = + options.printable_string_is_utf8 + ? CertPrincipal::PrintableStringHandling::kAsUTF8Hack + : CertPrincipal::PrintableStringHandling::kDefault; + if (!subject_.ParseDistinguishedName(tbs.subject_tlv, + printable_string_handling) || + !issuer_.ParseDistinguishedName(tbs.issuer_tlv, + printable_string_handling)) { + return false; + } + + if (!GeneralizedTimeToTime(tbs.validity_not_before, &valid_start_) || + !GeneralizedTimeToTime(tbs.validity_not_after, &valid_expiry_)) { + return false; + } + serial_number_ = tbs.serial_number.AsString(); + return true; +} + +} // namespace net diff --git a/pki/x509_certificate.h b/pki/x509_certificate.h new file mode 100644 index 0000000000..bc2d8d111d --- /dev/null +++ b/pki/x509_certificate.h @@ -0,0 +1,343 @@ +// Copyright 2012 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BSSL_PKI_X509_CERTIFICATE_H_ +#define BSSL_PKI_X509_CERTIFICATE_H_ + +#include "fillins/openssl_util.h" +#include "fillins/time.h" +#include +#include + +#include +#include + +#include + +#include +#include + + +#include "fillins/hash_value.h" + +#include "x509_cert_types.h" +#include + +namespace base { +class Pickle; +class PickleIterator; +} + +namespace bssl { + +class X509Certificate; + +typedef std::vector > CertificateList; + +// A X.509 certificate represents a particular identity or end-entity +// certificate, such as an SSL server identity or an SSL client certificate. An +// X509Certificate contains this leaf certificate accessible via cert_buffer(). +// An X509Certificate may also contain 0 or more intermediary X.509 certificates +// that are used to build a path to a root certificate. These are accessed via +// intermediate_buffers(). +class OPENSSL_EXPORT X509Certificate + { + public: + enum PublicKeyType { + kPublicKeyTypeUnknown, + kPublicKeyTypeRSA, + kPublicKeyTypeDSA, + kPublicKeyTypeECDSA, + kPublicKeyTypeDH, + kPublicKeyTypeECDH + }; + + enum Format { + // The data contains a single DER-encoded certificate, or a PEM-encoded + // DER certificate with the PEM encoding block name of "CERTIFICATE". + // Any subsequent blocks will be ignored. + FORMAT_SINGLE_CERTIFICATE = 1 << 0, + + // The data contains a sequence of one or more PEM-encoded, DER + // certificates, with the PEM encoding block name of "CERTIFICATE". + // All PEM blocks will be parsed, until the first error is encountered. + FORMAT_PEM_CERT_SEQUENCE = 1 << 1, + + // The data contains a PKCS#7 SignedData structure, whose certificates + // member is to be used to initialize the certificate and intermediates. + // The data may further be encoded using PEM, specifying block names of + // either "PKCS7" or "CERTIFICATE". + FORMAT_PKCS7 = 1 << 2, + + // Automatically detect the format. + FORMAT_AUTO = FORMAT_SINGLE_CERTIFICATE | FORMAT_PEM_CERT_SEQUENCE | + FORMAT_PKCS7, + }; + + // Create an X509Certificate from a CRYPTO_BUFFER containing the DER-encoded + // representation. Returns NULL on failure to parse or extract data from the + // the certificate. Note that this does not guarantee the certificate is + // fully parsed and validated, only that the members of this class, such as + // subject, issuer, expiry times, and serial number, could be successfully + // initialized from the certificate. + static std::shared_ptr CreateFromBuffer( + bssl::UniquePtr cert_buffer, + std::vector> intermediates); + + // Options for configuring certificate parsing. + // Do not use without consulting //net owners. + struct UnsafeCreateOptions { + bool printable_string_is_utf8 = false; + }; + // Create an X509Certificate with non-standard parsing options. + // Do not use without consulting //net owners. + static std::shared_ptr CreateFromBufferUnsafeOptions( + bssl::UniquePtr cert_buffer, + std::vector> intermediates, + UnsafeCreateOptions options); + + // Create an X509Certificate from a chain of DER encoded certificates. The + // first certificate in the chain is the end-entity certificate to which a + // handle is returned. The other certificates in the chain are intermediate + // certificates. + static std::shared_ptr CreateFromDERCertChain( + const std::vector& der_certs); + + // Create an X509Certificate from a chain of DER encoded certificates with + // non-standard parsing options. + // Do not use without consulting //net owners. + static std::shared_ptr CreateFromDERCertChainUnsafeOptions( + const std::vector& der_certs, + UnsafeCreateOptions options); + + // Create an X509Certificate from the DER-encoded representation. + // Returns NULL on failure. + static std::shared_ptr CreateFromBytes( + bssl::Span data); + + // Create an X509Certificate with non-standard parsing options. + // Do not use without consulting //net owners. + static std::shared_ptr CreateFromBytesUnsafeOptions( + bssl::Span data, + UnsafeCreateOptions options); + + // Create an X509Certificate from the representation stored in the given + // pickle. The data for this object is found relative to the given + // pickle_iter, which should be passed to the pickle's various Read* methods. + // Returns NULL on failure. + static std::shared_ptr CreateFromPickle( + base::PickleIterator* pickle_iter); + + // Create an X509Certificate from the representation stored in the given + // pickle with non-standard parsing options. + // Do not use without consulting //net owners. + static std::shared_ptr CreateFromPickleUnsafeOptions( + base::PickleIterator* pickle_iter, + UnsafeCreateOptions options); + + // Parses all of the certificates possible from |data|. |format| is a + // bit-wise OR of Format, indicating the possible formats the + // certificates may have been serialized as. If an error occurs, an empty + // collection will be returned. + static CertificateList CreateCertificateListFromBytes( + bssl::Span data, + int format); + + // Return a X509Certificate object representing the same certificate but + // with a different set of intermediates. If |intermediates| are the same as + // |intermediate_ca_certs_|, it will return a reference to the same + // X509Certificate object rather than cloning. + std::shared_ptr CloneWithDifferentIntermediates( + std::vector> intermediates); + + X509Certificate(const X509Certificate&) = delete; + X509Certificate& operator=(const X509Certificate&) = delete; + + // Appends a representation of this object to the given pickle. + // The Pickle contains the certificate and any certificates that were + // stored in |intermediate_ca_certs_| at the time it was serialized. + // The format is [int count], [data - this certificate], + // [data - intermediate1], ... [data - intermediateN]. + // All certificates are stored in DER form. + void Persist(base::Pickle* pickle) const; + + // The serial number, DER encoded, possibly including a leading 00 byte. + const std::string& serial_number() const { return parsed_.serial_number_; } + + // The subject of the certificate. For HTTPS server certificates, this + // represents the web server. The common name of the subject should match + // the host name of the web server. + const CertPrincipal& subject() const { return parsed_.subject_; } + + // The issuer of the certificate. + const CertPrincipal& issuer() const { return parsed_.issuer_; } + + // Time period during which the certificate is valid. More precisely, this + // certificate is invalid before the |valid_start| date and invalid after + // the |valid_expiry| date. + // If we were unable to parse either date from the certificate (or if the cert + // lacks either date), the date will be null (i.e., is_null() will be true). + const absl::Time& valid_start() const { return parsed_.valid_start_; } + const absl::Time& valid_expiry() const { return parsed_.valid_expiry_; } + + // Gets the subjectAltName extension field from the certificate, if any. + // For future extension; currently this only returns those name types that + // are required for HTTP certificate name verification - see VerifyHostname. + // Returns true if any dNSName or iPAddress SAN was present. If |dns_names| + // is non-null, it will be set to all dNSNames present. If |ip_addrs| is + // non-null, it will be set to all iPAddresses present. + bool GetSubjectAltName(std::vector* dns_names, + std::vector* ip_addrs) const; + + // Convenience method that returns whether this certificate has expired as of + // now. + bool HasExpired() const; + + // Returns true if this object and |other| represent the same certificate. + // Does not consider any associated intermediates. + bool EqualsExcludingChain(const X509Certificate* other) const; + + // Returns true if this object and |other| represent the same certificate + // and intermediates. + bool EqualsIncludingChain(const X509Certificate* other) const; + + // Do any of the given issuer names appear in this cert's chain of trust? + // |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames. + bool IsIssuedByEncoded(const std::vector& valid_issuers) const; + + // Verifies that |hostname| matches this certificate. + // Does not verify that the certificate is valid, only that the certificate + // matches this host. + bool VerifyNameMatch(const std::string& hostname) const; + + // Returns the PEM encoded data from a DER encoded certificate. If the + // return value is true, then the PEM encoded certificate is written to + // |pem_encoded|. + static bool GetPEMEncodedFromDER(std::string_view der_encoded, + std::string* pem_encoded); + + // Returns the PEM encoded data from a CRYPTO_BUFFER. If the return value is + // true, then the PEM encoded certificate is written to |pem_encoded|. + static bool GetPEMEncoded(const CRYPTO_BUFFER* cert_buffer, + std::string* pem_encoded); + + // Encodes the entire certificate chain (this certificate and any + // intermediate certificates stored in |intermediate_ca_certs_|) as a series + // of PEM encoded strings. Returns true if all certificates were encoded, + // storing the result in |*pem_encoded|, with this certificate stored as + // the first element. + bool GetPEMEncodedChain(std::vector* pem_encoded) const; + + // Sets |*size_bits| to be the length of the public key in bits, and sets + // |*type| to one of the |PublicKeyType| values. In case of + // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. + static void GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + size_t* size_bits, + PublicKeyType* type); + + // Returns the CRYPTO_BUFFER holding this certificate's DER encoded data. The + // data is not guaranteed to be valid DER or to encode a valid Certificate + // object. + CRYPTO_BUFFER* cert_buffer() const { return cert_buffer_.get(); } + + // Returns the associated intermediate certificates that were specified + // during creation of this object, if any. The intermediates are not + // guaranteed to be valid DER or to encode valid Certificate objects. + // Ownership follows the "get" rule: it is the caller's responsibility to + // retain the elements of the result. + const std::vector>& intermediate_buffers() + const { + return intermediate_ca_certs_; + } + + // Creates all possible CRYPTO_BUFFERs from |data| encoded in a specific + // |format|. Returns an empty collection on failure. + static std::vector> CreateCertBuffersFromBytes( + bssl::Span data, + Format format); + + // Calculates the SHA-256 fingerprint of the certificate. Returns an empty + // (all zero) fingerprint on failure. + static SHA256HashValue CalculateFingerprint256( + const CRYPTO_BUFFER* cert_buffer); + + // Calculates the SHA-256 fingerprint for the complete chain, including the + // leaf certificate and all intermediate CA certificates. Returns an empty + // (all zero) fingerprint on failure. + SHA256HashValue CalculateChainFingerprint256() const; + + // Returns true if the certificate is self-signed. + static bool IsSelfSigned(CRYPTO_BUFFER* cert_buffer); + + private: + + friend class TestRootCerts; // For unit tests + + + + + class ParsedFields { + public: + ParsedFields(); + ParsedFields(const ParsedFields&); + ParsedFields(ParsedFields&&); + ~ParsedFields(); + + bool Initialize(const CRYPTO_BUFFER* cert_buffer, + UnsafeCreateOptions options); + + // The subject of the certificate. + CertPrincipal subject_; + + // The issuer of the certificate. + CertPrincipal issuer_; + + // This certificate is not valid before |valid_start_| + absl::Time valid_start_; + + // This certificate is not valid after |valid_expiry_| + absl::Time valid_expiry_; + + // The serial number of this certificate, DER encoded. + std::string serial_number_; + }; + + // Construct an X509Certificate from a CRYPTO_BUFFER containing the + // DER-encoded representation. + X509Certificate(ParsedFields parsed, + bssl::UniquePtr cert_buffer, + std::vector> intermediates); + + // Copy |other|, except with a different set of intermediates. + X509Certificate(const X509Certificate& other, + std::vector> intermediates); + + ~X509Certificate(); + + // Verifies that |hostname| matches one of the certificate names or IP + // addresses supplied, based on TLS name matching rules - specifically, + // following http://tools.ietf.org/html/rfc6125. + // The members of |cert_san_dns_names| and |cert_san_ipaddrs| must be filled + // from the dNSName and iPAddress components of the subject alternative name + // extension, if present. Note these IP addresses are NOT ascii-encoded: + // they must be 4 or 16 bytes of network-ordered data, for IPv4 and IPv6 + // addresses, respectively. + static bool VerifyHostname(const std::string& hostname, + const std::vector& cert_san_dns_names, + const std::vector& cert_san_ip_addrs); + + // Fields that were parsed from |cert_buffer_|. + const ParsedFields parsed_; + + // A handle to the DER encoded certificate data. + const bssl::UniquePtr cert_buffer_; + + // Untrusted intermediate certificates associated with this certificate + // that may be needed for chain building. + const std::vector> intermediate_ca_certs_; +}; + +} // namespace net + +#endif // BSSL_PKI_X509_CERTIFICATE_H_ diff --git a/util/all_tests.json b/util/all_tests.json index b8992027d8..18d4d94f2d 100644 --- a/util/all_tests.json +++ b/util/all_tests.json @@ -45,5 +45,8 @@ }, { "cmd": ["ssl/ssl_test"] + }, + { + "cmd": ["pki/pki_test"] } ] From e79649ba4d515a1b5f57e397431d81f079ff158e Mon Sep 17 00:00:00 2001 From: Alex Gough Date: Thu, 15 Jun 2023 09:44:35 -0700 Subject: [PATCH 40/42] Use ProcessPrng instead of RtlGenRandom on Windows The Windows system RNG[1] lives in bcryptprimitives.dll which exports the function ProcessPrng[2] to supply random bytes from its internal generators. These are seeded and reseeded from the operating system using a device connection to \\Device\CNG which is opened when bcryptprimitives.dll is first loaded. After this CL boringssl calls ProcessPrng() directly. Before this CL boringssl got its system randomness (on non-UWP desktop Windows) from calls to RtlGenRandom[3]. This function is undocumented and unsupported, but has always been available by linking to SystemFunction036 in advadpi32.dll. In Windows 10 and later, this export simply forwards to cryptbase.dll!SystemFunction036 which calls ProcessPrng() directly. cryptbase!SystemFunction036 decompiled: ``` BOOLEAN SystemFunction036(PVOID RandomBuffer,ULONG RandomBufferLength) { BOOL retval; retval = ProcessPrng(RandomBuffer,RandomBufferLength); return retval != 0; } ``` Loading cryptbase.dll has the side effect of opening a device handle to \\Device\KsecDD which is not used by boringssl's random number wrappers. Calling ProcessPrng() directly allows sandboxed programs such as Chromium to avoid having this handle if they do not need it. ProcessPrng() also takes a size_t length rather than a u32 length, allowing some simplification of the calling code. After this CL we require bcryptprimitives to be loaded before the first call to CRYPTO_srand(). Applications using the library should either load the module themselves or call CRYPTO_pre_sandbox_init(). Before this CL boringssl required that advapi32, cryptbase and bcryptprimitives were all loaded so this should not represent a breaking change. [1] https://learn.microsoft.com/en-us/windows/win32/seccng/processprng [2] https://download.microsoft.com/download/1/c/9/1c9813b8-089c-4fef-b2ad-ad80e79403ba/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf [3] https://docs.google.com/document/d/13n1t5ak0yofzcadQCF7Ew5TewSUkNfQ3n-IYodjeRYc/edit Bug: chromium:74242 Change-Id: Ifb1d6ef1a4539ff6e9a2c36cc119b7700ca2be8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60825 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/rand/internal.h | 10 ++++--- crypto/rand_extra/windows.c | 50 +++++++++++++++++++++---------- 2 files changed, 41 insertions(+), 19 deletions(-) diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index 3c996f17e0..56fae233ec 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -70,11 +70,15 @@ void CRYPTO_sysrand(uint8_t *buf, size_t len); // depending on the vendor's configuration. void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len); -#if defined(OPENSSL_URANDOM) +#if defined(OPENSSL_URANDOM) || defined(OPENSSL_WINDOWS) // CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy // from the operating system. void CRYPTO_init_sysrand(void); +#else +OPENSSL_INLINE void CRYPTO_init_sysrand(void) {} +#endif // defined(OPENSSL_URANDOM) || defined(OPENSSL_WINDOWS) +#if defined(OPENSSL_URANDOM) // CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the // operating system, or early /dev/urandom data, and returns 1, _if_ the entropy // pool is initialized or if getrandom() is not available and not in FIPS mode. @@ -82,13 +86,11 @@ void CRYPTO_init_sysrand(void); // return 0. int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len); #else -OPENSSL_INLINE void CRYPTO_init_sysrand(void) {} - OPENSSL_INLINE int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) { CRYPTO_sysrand(buf, len); return 1; } -#endif +#endif // defined(OPENSSL_URANDOM) // rand_fork_unsafe_buffering_enabled returns whether fork-unsafe buffering has // been enabled via |RAND_enable_fork_unsafe_buffering|. diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c index 8ade68969d..0dbc0e3601 100644 --- a/crypto/rand_extra/windows.c +++ b/crypto/rand_extra/windows.c @@ -27,43 +27,63 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) #include OPENSSL_MSVC_PRAGMA(comment(lib, "bcrypt.lib")) -#else -// #define needed to link in RtlGenRandom(), a.k.a. SystemFunction036. See the -// "Community Additions" comment on MSDN here: -// http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694.aspx -#define SystemFunction036 NTAPI SystemFunction036 -#include -#undef SystemFunction036 #endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP OPENSSL_MSVC_PRAGMA(warning(pop)) #include "../fipsmodule/rand/internal.h" +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ + !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) +void CRYPTO_init_sysrand(void) {} +#else +// See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng +typedef BOOL (WINAPI *ProcessPrngFunction)(PBYTE pbData, SIZE_T cbData); +static ProcessPrngFunction g_processprng_fn = NULL; + +static void init_processprng(void) { + HMODULE hmod = LoadLibraryW(L"bcryptprimitives"); + if (hmod == NULL) { + abort(); + } + g_processprng_fn = (ProcessPrngFunction)GetProcAddress(hmod, "ProcessPrng"); + if (g_processprng_fn == NULL) { + abort(); + } +} + +void CRYPTO_init_sysrand(void) { + static CRYPTO_once_t once = CRYPTO_ONCE_INIT; + CRYPTO_once(&once, init_processprng); +} +#endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP void CRYPTO_sysrand(uint8_t *out, size_t requested) { +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ + !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) while (requested > 0) { ULONG output_bytes_this_pass = ULONG_MAX; if (requested < output_bytes_this_pass) { output_bytes_this_pass = (ULONG)requested; } - // On non-UWP configurations, use RtlGenRandom instead of BCryptGenRandom - // to avoid accessing resources that may be unavailable inside the - // Chromium sandbox. See https://crbug.com/boringssl/307 -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ - !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) if (!BCRYPT_SUCCESS(BCryptGenRandom( /*hAlgorithm=*/NULL, out, output_bytes_this_pass, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { -#else - if (RtlGenRandom(out, output_bytes_this_pass) == FALSE) { -#endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP abort(); } requested -= output_bytes_this_pass; out += output_bytes_this_pass; } return; +#else + CRYPTO_init_sysrand(); + // On non-UWP configurations, use ProcessPrng instead of BCryptGenRandom + // to avoid accessing resources that may be unavailable inside the + // Chromium sandbox. See https://crbug.com/74242 + if (!g_processprng_fn(out, requested)) { + abort(); + } +#endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP } void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { From a905bbb52a7bac5099f2cbee008c6f3eae96218c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 12 Jun 2023 18:11:13 -0400 Subject: [PATCH 41/42] Consistently include BTI markers in every assembly file Trying to migrate Chromium to the "link all the asm files together" strategy broke the aarch64 Android build because some of the ifdef'd out assembly files were missing the .note.gnu.property section for BTI. If we add support for IBT, that'll be another one. To fix this, introduce , which must be included at the start of every assembly file (before the target ifdefs). This does a couple things: - It emits BTI and noexecstack markers into every assembly file, even those that ifdef themselves out. - It resolves the MSan -> OPENSSL_NO_ASM logic, so we only need to do it once. - It defines the same OPENSSL_X86_64, etc., defines we set elsewhere, so we can ensure they're consistent. This required carving files up a bit. has a lot of things, such that trying to guard everything in it on __ASSEMBLER__ would be tedious. Instead, I moved the target defines to a new . Then is the new header that pulls in all those things. Bug: 542 Change-Id: I1682b4d929adea72908655fa1bb15765a6b3473b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60765 Reviewed-by: Bob Beck Commit-Queue: David Benjamin --- crypto/curve25519/asm/x25519-asm-arm.S | 18 +- crypto/fipsmodule/CMakeLists.txt | 4 + crypto/hrss/asm/poly_rq_mul.S | 10 +- crypto/perlasm/arm-xlate.pl | 19 +- crypto/perlasm/x86_64-xlate.pl | 21 +- crypto/perlasm/x86asm.pl | 19 +- crypto/poly1305/poly1305_arm_asm.S | 18 +- include/openssl/arm_arch.h | 123 +----------- include/openssl/asm_base.h | 188 ++++++++++++++++++ include/openssl/base.h | 124 +----------- include/openssl/target.h | 151 ++++++++++++++ .../fiat/asm/fiat_curve25519_adx_mul.S | 12 +- .../fiat/asm/fiat_curve25519_adx_square.S | 12 +- 13 files changed, 373 insertions(+), 346 deletions(-) create mode 100644 include/openssl/asm_base.h create mode 100644 include/openssl/target.h diff --git a/crypto/curve25519/asm/x25519-asm-arm.S b/crypto/curve25519/asm/x25519-asm-arm.S index ab84c104be..ef3b40961d 100644 --- a/crypto/curve25519/asm/x25519-asm-arm.S +++ b/crypto/curve25519/asm/x25519-asm-arm.S @@ -17,17 +17,9 @@ * domain licensed but the standard ISC license is included above to keep * licensing simple. */ -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif -#endif +#include -#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__) - -#if defined(BORINGSSL_PREFIX) -#include -#endif +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__) .fpu neon .text @@ -2129,8 +2121,4 @@ mov sp,r12 vpop {q4,q5,q6,q7} bx lr -#endif /* !OPENSSL_NO_ASM && __ARMEL__ && __ELF__ */ - -#if defined(__ELF__) -.section .note.GNU-stack,"",%progbits -#endif +#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM && __ELF__ */ diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index 3858e8b1b3..6c18791adf 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -85,12 +85,16 @@ if(FIPS_DELOCATE) -cc ${CMAKE_ASM_COMPILER} -cc-flags "${TARGET} $CMAKE_ASM_FLAGS" ${PROJECT_SOURCE_DIR}/include/openssl/arm_arch.h + ${PROJECT_SOURCE_DIR}/include/openssl/asm_base.h + ${PROJECT_SOURCE_DIR}/include/openssl/target.h ${BCM_SOURCES_ASM_USED} DEPENDS bcm_c_generated_asm delocate ${BCM_SOURCES_ASM_USED} ${PROJECT_SOURCE_DIR}/include/openssl/arm_arch.h + ${PROJECT_SOURCE_DIR}/include/openssl/asm_base.h + ${PROJECT_SOURCE_DIR}/include/openssl/target.h WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) diff --git a/crypto/hrss/asm/poly_rq_mul.S b/crypto/hrss/asm/poly_rq_mul.S index eaf45a8732..6d8b423287 100644 --- a/crypto/hrss/asm/poly_rq_mul.S +++ b/crypto/hrss/asm/poly_rq_mul.S @@ -12,11 +12,9 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && defined(__linux__) && defined(__x86_64__) +#include -#if defined(BORINGSSL_PREFIX) -#include -#endif +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && defined(OPENSSL_LINUX) && defined(OPENSSL_X86_64) // This is the polynomial multiplication function from [HRSS], provided by kind // permission of the authors. @@ -8487,7 +8485,3 @@ ret .size poly_Rq_mul,.-poly_Rq_mul #endif - -#if defined(__ELF__) -.section .note.GNU-stack,"",%progbits -#endif diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index e876c8b273..546f77e09e 100755 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -153,9 +153,9 @@ sub expand_line { my ($arch_defines, $target_defines); if ($flavour =~ /32/) { - $arch_defines = "defined(__ARMEL__)"; + $arch_defines = "defined(OPENSSL_ARM)"; } elsif ($flavour =~ /64/) { - $arch_defines = "defined(__AARCH64EL__)"; + $arch_defines = "defined(OPENSSL_AARCH64)"; } else { die "unknown architecture: $flavour"; } @@ -177,20 +177,11 @@ sub expand_line { // This file is generated from a similarly-named Perl script in the BoringSSL // source tree. Do not edit by hand. -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif +#include #if !defined(OPENSSL_NO_ASM) && $arch_defines && $target_defines ___ -print "#if defined(BORINGSSL_PREFIX)\n"; -print "#include \n"; -print "#endif\n"; - while(my $line=<>) { if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } @@ -260,10 +251,6 @@ sub expand_line { print <<___; #endif // !OPENSSL_NO_ASM && $arch_defines && $target_defines -#if defined(__ELF__) -// See https://www.airs.com/blog/archives/518. -.section .note.GNU-stack,"",\%progbits -#endif ___ close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 16a7846835..b998050ef2 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1522,16 +1522,9 @@ sub rxb { die "unknown target: $flavour"; } print <<___; -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif -#endif - -#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && $target -#if defined(BORINGSSL_PREFIX) -#include -#endif +#include + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && $target ___ } @@ -1627,13 +1620,7 @@ sub process_line { if ($masm) { print "END\n"; } elsif ($gas) { - print <<___; -#endif -#if defined(__ELF__) -// See https://www.airs.com/blog/archives/518. -.section .note.GNU-stack,"",\%progbits -#endif -___ + print "#endif\n"; } elsif ($nasm) { print <<___; \%else diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index d66255ed6f..f0d631067f 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -307,24 +307,13 @@ sub ::asm_finish } print <<___; -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif -#endif - -#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && $target -#if defined(BORINGSSL_PREFIX) -#include -#endif +#include + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && $target ___ print @out; print <<___; -#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && $target -#if defined(__ELF__) -// See https://www.airs.com/blog/archives/518. -.section .note.GNU-stack,"",\%progbits -#endif +#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && $target ___ } } diff --git a/crypto/poly1305/poly1305_arm_asm.S b/crypto/poly1305/poly1305_arm_asm.S index 7895ab49da..619984e2d2 100644 --- a/crypto/poly1305/poly1305_arm_asm.S +++ b/crypto/poly1305/poly1305_arm_asm.S @@ -1,14 +1,6 @@ -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif -#endif +#include -#if defined(__ARMEL__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__) - -#if defined(BORINGSSL_PREFIX) -#include -#endif +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__) # This implementation was taken from the public domain, neon2 version in # SUPERCOP by D. J. Bernstein and Peter Schwabe. @@ -2022,8 +2014,4 @@ vst1.8 d4,[r0,: 64] add sp,sp,#0 bx lr -#endif /* __ARMEL__ && !OPENSSL_NO_ASM && __ELF__ */ - -#if defined(__ELF__) -.section .note.GNU-stack,"",%progbits -#endif +#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM && __ELF__ */ diff --git a/include/openssl/arm_arch.h b/include/openssl/arm_arch.h index 7215f62eb2..60b30f5d98 100644 --- a/include/openssl/arm_arch.h +++ b/include/openssl/arm_arch.h @@ -53,12 +53,13 @@ #ifndef OPENSSL_HEADER_ARM_ARCH_H #define OPENSSL_HEADER_ARM_ARCH_H +#include + // arm_arch.h contains symbols used by ARM assembly, and the C code that calls // it. It is included as a public header to simplify the build, but is not // intended for external use. -#if defined(__ARMEL__) || defined(_M_ARM) || defined(__AARCH64EL__) || \ - defined(_M_ARM64) +#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) // ARMV7_NEON is true when a NEON unit is present in the current CPU. #define ARMV7_NEON (1 << 0) @@ -97,124 +98,8 @@ // will be included. #define __ARM_MAX_ARCH__ 8 -// Support macros for -// - Armv8.3-A Pointer Authentication and -// - Armv8.5-A Branch Target Identification -// features which require emitting a .note.gnu.property section with the -// appropriate architecture-dependent feature bits set. -// -// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to -// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be -// used immediately before saving the LR register (x30) to the stack. -// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring -// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone -// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also -// have the same value at the two points. For example: -// -// .global f -// f: -// AARCH64_SIGN_LINK_REGISTER -// stp x29, x30, [sp, #-96]! -// mov x29, sp -// ... -// ldp x29, x30, [sp], #96 -// AARCH64_VALIDATE_LINK_REGISTER -// ret -// -// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or -// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an -// indirect call target. In particular, all symbols exported from a file must -// begin with one of these macros. For example, a leaf function that does not -// save LR can instead use |AARCH64_VALID_CALL_TARGET|: -// -// .globl return_zero -// return_zero: -// AARCH64_VALID_CALL_TARGET -// mov x0, #0 -// ret -// -// A non-leaf function which does not immediately save LR may need both macros -// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function -// may jump to an alternate implementation before setting up the stack: -// -// .globl with_early_jump -// with_early_jump: -// AARCH64_VALID_CALL_TARGET -// cmp x0, #128 -// b.lt .Lwith_early_jump_128 -// AARCH64_SIGN_LINK_REGISTER -// stp x29, x30, [sp, #-96]! -// mov x29, sp -// ... -// ldp x29, x30, [sp], #96 -// AARCH64_VALIDATE_LINK_REGISTER -// ret -// -// .Lwith_early_jump_128: -// ... -// ret -// -// These annotations are only required with indirect calls. Private symbols that -// are only the target of direct calls do not require annotations. Also note -// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not -// indirect jumps (BR). Indirect jumps in assembly are currently not supported -// and would require a macro for BTI 'j'. -// -// Although not necessary, it is safe to use these macros in 32-bit ARM -// assembly. This may be used to simplify dual 32-bit and 64-bit files. -// -// References: -// - "ELF for the Arm® 64-bit Architecture" -// https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst -// - "Providing protection for complex software" -// https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software - -#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 -#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification -#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c' -#else -#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification -#define AARCH64_VALID_CALL_TARGET -#endif - -#if defined(__ARM_FEATURE_PAC_DEFAULT) && \ - (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 // Signed with A-key -#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ - (1 << 1) // Has Pointer Authentication -#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP -#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP -#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \ - (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 // Signed with B-key -#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ - (1 << 1) // Has Pointer Authentication -#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP -#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP -#else -#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication -#if GNU_PROPERTY_AARCH64_BTI != 0 -#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET -#else -#define AARCH64_SIGN_LINK_REGISTER -#endif -#define AARCH64_VALIDATE_LINK_REGISTER -#endif - -#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 -.pushsection .note.gnu.property, "a"; -.balign 8; -.long 4; -.long 0x10; -.long 0x5; -.asciz "GNU"; -.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ -.long 4; -.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); -.long 0; -.popsection; -#endif - #endif // __ASSEMBLER__ -#endif // __ARMEL__ || _M_ARM || __AARCH64EL__ || _M_ARM64 +#endif // ARM || AARCH64 #endif // OPENSSL_HEADER_ARM_ARCH_H diff --git a/include/openssl/asm_base.h b/include/openssl/asm_base.h new file mode 100644 index 0000000000..57a7d4af35 --- /dev/null +++ b/include/openssl/asm_base.h @@ -0,0 +1,188 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_ASM_BASE_H +#define OPENSSL_HEADER_ASM_BASE_H + +#include + + +// This header contains symbols and common sections used by assembly files. It +// is included as a public header to simplify the build, but is not intended for +// external use. +// +// Every assembly file must include this header. Some linker features require +// all object files to be tagged with some section metadata. This header file, +// when included in assembly, adds that metadata. It also makes defines like +// |OPENSSL_X86_64| available and includes the prefixing macros. +// +// Including this header in an assembly file imples: +// +// - The file does not require an executable stack. +// +// - The file, on aarch64, uses the macros defined below to be compatible with +// BTI and PAC. + +#if defined(__ASSEMBLER__) + +#if defined(BORINGSSL_PREFIX) +#include +#endif + +#if defined(__ELF__) +// Every ELF object file, even empty ones, should disable executable stacks. See +// https://www.airs.com/blog/archives/518. +.pushsection .note.GNU-stack, "", %progbits +.popsection +#endif + +#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) + +// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language +// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does +// not implement ACLE, but we require Clang's assembler on Windows. +#if !defined(__ARM_ARCH) +#error "ARM assembler must define __ARM_ARCH" +#endif + +// __ARM_ARCH__ is used by OpenSSL assembly to determine the minimum target ARM +// version. +// +// TODO(davidben): Switch the assembly to use |__ARM_ARCH| directly. +#define __ARM_ARCH__ __ARM_ARCH + +// Even when building for 32-bit ARM, support for aarch64 crypto instructions +// will be included. +#define __ARM_MAX_ARCH__ 8 + +// Support macros for +// - Armv8.3-A Pointer Authentication and +// - Armv8.5-A Branch Target Identification +// features which require emitting a .note.gnu.property section with the +// appropriate architecture-dependent feature bits set. +// +// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to +// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be +// used immediately before saving the LR register (x30) to the stack. +// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring +// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone +// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also +// have the same value at the two points. For example: +// +// .global f +// f: +// AARCH64_SIGN_LINK_REGISTER +// stp x29, x30, [sp, #-96]! +// mov x29, sp +// ... +// ldp x29, x30, [sp], #96 +// AARCH64_VALIDATE_LINK_REGISTER +// ret +// +// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or +// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an +// indirect call target. In particular, all symbols exported from a file must +// begin with one of these macros. For example, a leaf function that does not +// save LR can instead use |AARCH64_VALID_CALL_TARGET|: +// +// .globl return_zero +// return_zero: +// AARCH64_VALID_CALL_TARGET +// mov x0, #0 +// ret +// +// A non-leaf function which does not immediately save LR may need both macros +// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function +// may jump to an alternate implementation before setting up the stack: +// +// .globl with_early_jump +// with_early_jump: +// AARCH64_VALID_CALL_TARGET +// cmp x0, #128 +// b.lt .Lwith_early_jump_128 +// AARCH64_SIGN_LINK_REGISTER +// stp x29, x30, [sp, #-96]! +// mov x29, sp +// ... +// ldp x29, x30, [sp], #96 +// AARCH64_VALIDATE_LINK_REGISTER +// ret +// +// .Lwith_early_jump_128: +// ... +// ret +// +// These annotations are only required with indirect calls. Private symbols that +// are only the target of direct calls do not require annotations. Also note +// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not +// indirect jumps (BR). Indirect jumps in assembly are currently not supported +// and would require a macro for BTI 'j'. +// +// Although not necessary, it is safe to use these macros in 32-bit ARM +// assembly. This may be used to simplify dual 32-bit and 64-bit files. +// +// References: +// - "ELF for the Arm® 64-bit Architecture" +// https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst +// - "Providing protection for complex software" +// https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software + +#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 +#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification +#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c' +#else +#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification +#define AARCH64_VALID_CALL_TARGET +#endif + +#if defined(__ARM_FEATURE_PAC_DEFAULT) && \ + (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 // Signed with A-key +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) // Has Pointer Authentication +#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP +#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP +#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \ + (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 // Signed with B-key +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) // Has Pointer Authentication +#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP +#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP +#else +#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication +#if GNU_PROPERTY_AARCH64_BTI != 0 +#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET +#else +#define AARCH64_SIGN_LINK_REGISTER +#endif +#define AARCH64_VALIDATE_LINK_REGISTER +#endif + +#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 +.pushsection .note.gnu.property, "a"; +.balign 8; +.long 4; +.long 0x10; +.long 0x5; +.asciz "GNU"; +.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ +.long 4; +.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); +.long 0; +.popsection; +#endif +#endif // ARM || AARCH64 + +#endif // __ASSEMBLER__ + +#endif // OPENSSL_HEADER_ASM_BASE_H diff --git a/include/openssl/base.h b/include/openssl/base.h index cd7b75fbf4..1cdad8440c 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -74,6 +74,7 @@ // opensslconf.h. #include #include +#include // IWYU pragma: export #if defined(BORINGSSL_PREFIX) #include @@ -84,48 +85,7 @@ extern "C" { #endif -#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) -#define OPENSSL_64_BIT -#define OPENSSL_X86_64 -#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) -#define OPENSSL_32_BIT -#define OPENSSL_X86 -#elif defined(__AARCH64EL__) || defined(_M_ARM64) -#define OPENSSL_64_BIT -#define OPENSSL_AARCH64 -#elif defined(__ARMEL__) || defined(_M_ARM) -#define OPENSSL_32_BIT -#define OPENSSL_ARM -#elif defined(__MIPSEL__) && !defined(__LP64__) -#define OPENSSL_32_BIT -#define OPENSSL_MIPS -#elif defined(__MIPSEL__) && defined(__LP64__) -#define OPENSSL_64_BIT -#define OPENSSL_MIPS64 -#elif defined(__riscv) && __SIZEOF_POINTER__ == 8 -#define OPENSSL_64_BIT -#define OPENSSL_RISCV64 -#elif defined(__riscv) && __SIZEOF_POINTER__ == 4 -#define OPENSSL_32_BIT -#elif defined(__pnacl__) -#define OPENSSL_32_BIT -#define OPENSSL_PNACL -#elif defined(__wasm__) -#define OPENSSL_32_BIT -#elif defined(__asmjs__) -#define OPENSSL_32_BIT -#elif defined(__myriad2__) -#define OPENSSL_32_BIT -#else -// Note BoringSSL only supports standard 32-bit and 64-bit two's-complement, -// little-endian architectures. Functions will not produce the correct answer -// on other systems. Run the crypto_test binary, notably -// crypto/compiler_test.cc, before adding a new architecture. -#error "Unknown target CPU" -#endif - #if defined(__APPLE__) -#define OPENSSL_APPLE // Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX| // targets macOS specifically. #if defined(TARGET_OS_OSX) && TARGET_OS_OSX @@ -136,63 +96,6 @@ extern "C" { #endif #endif -#if defined(_WIN32) -#define OPENSSL_WINDOWS -#endif - -// Trusty isn't Linux but currently defines __linux__. As a workaround, we -// exclude it here. -// TODO(b/169780122): Remove this workaround once Trusty no longer defines it. -#if defined(__linux__) && !defined(__TRUSTY__) -#define OPENSSL_LINUX -#endif - -#if defined(__Fuchsia__) -#define OPENSSL_FUCHSIA -#endif - -#if defined(__TRUSTY__) -#define OPENSSL_TRUSTY -#define OPENSSL_NO_POSIX_IO -#define OPENSSL_NO_SOCK -#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED -#endif - -#if defined(OPENSSL_NANOLIBC) -#define OPENSSL_NO_POSIX_IO -#define OPENSSL_NO_SOCK -#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED -#endif - -#if defined(__ANDROID_API__) -#define OPENSSL_ANDROID -#endif - -#if defined(__FreeBSD__) -#define OPENSSL_FREEBSD -#endif - -#if defined(__OpenBSD__) -#define OPENSSL_OPENBSD -#endif - -// BoringSSL requires platform's locking APIs to make internal global state -// thread-safe, including the PRNG. On some single-threaded embedded platforms, -// locking APIs may not exist, so this dependency may be disabled with the -// following build flag. -// -// IMPORTANT: Doing so means the consumer promises the library will never be -// used in any multi-threaded context. It causes BoringSSL to be globally -// thread-unsafe. Setting it inappropriately will subtly and unpredictably -// corrupt memory and leak secret keys. -// -// Do not set this flag on any platform where threads are possible. BoringSSL -// maintainers will not provide support for any consumers that do so. Changes -// which break such unsupported configurations will not be reverted. -#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED) -#define OPENSSL_THREADS -#endif - #define OPENSSL_IS_BORINGSSL #define OPENSSL_VERSION_NUMBER 0x1010107f #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER @@ -319,31 +222,6 @@ extern "C" { #define OPENSSL_INLINE static inline OPENSSL_UNUSED #endif -#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \ - !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) -#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE -#endif - -#if defined(__has_feature) -#if __has_feature(address_sanitizer) -#define OPENSSL_ASAN -#endif -#if __has_feature(thread_sanitizer) -#define OPENSSL_TSAN -#endif -#if __has_feature(memory_sanitizer) -#define OPENSSL_MSAN -#define OPENSSL_ASM_INCOMPATIBLE -#endif -#endif - -#if defined(OPENSSL_ASM_INCOMPATIBLE) -#undef OPENSSL_ASM_INCOMPATIBLE -#if !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif -#endif // OPENSSL_ASM_INCOMPATIBLE - #if defined(__cplusplus) // enums can be predeclared, but only in C++ and only if given an explicit type. // C doesn't support setting an explicit type for enums thus a #define is used diff --git a/include/openssl/target.h b/include/openssl/target.h new file mode 100644 index 0000000000..c972e83c68 --- /dev/null +++ b/include/openssl/target.h @@ -0,0 +1,151 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_TARGET_H +#define OPENSSL_HEADER_TARGET_H + +// Preprocessor symbols that define the target platform. +// +// This file may be included in C, C++, and assembler and must be compatible +// with each environment. It is separated out only to share code between +// and . Prefer to include those headers +// instead. + +#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) +#define OPENSSL_64_BIT +#define OPENSSL_X86_64 +#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) +#define OPENSSL_32_BIT +#define OPENSSL_X86 +#elif defined(__AARCH64EL__) || defined(_M_ARM64) +#define OPENSSL_64_BIT +#define OPENSSL_AARCH64 +#elif defined(__ARMEL__) || defined(_M_ARM) +#define OPENSSL_32_BIT +#define OPENSSL_ARM +#elif defined(__MIPSEL__) && !defined(__LP64__) +#define OPENSSL_32_BIT +#define OPENSSL_MIPS +#elif defined(__MIPSEL__) && defined(__LP64__) +#define OPENSSL_64_BIT +#define OPENSSL_MIPS64 +#elif defined(__riscv) && __SIZEOF_POINTER__ == 8 +#define OPENSSL_64_BIT +#define OPENSSL_RISCV64 +#elif defined(__riscv) && __SIZEOF_POINTER__ == 4 +#define OPENSSL_32_BIT +#elif defined(__pnacl__) +#define OPENSSL_32_BIT +#define OPENSSL_PNACL +#elif defined(__wasm__) +#define OPENSSL_32_BIT +#elif defined(__asmjs__) +#define OPENSSL_32_BIT +#elif defined(__myriad2__) +#define OPENSSL_32_BIT +#else +// Note BoringSSL only supports standard 32-bit and 64-bit two's-complement, +// little-endian architectures. Functions will not produce the correct answer +// on other systems. Run the crypto_test binary, notably +// crypto/compiler_test.cc, before adding a new architecture. +#error "Unknown target CPU" +#endif + +#if defined(__APPLE__) +#define OPENSSL_APPLE +#endif + +#if defined(_WIN32) +#define OPENSSL_WINDOWS +#endif + +// Trusty isn't Linux but currently defines __linux__. As a workaround, we +// exclude it here. +// TODO(b/169780122): Remove this workaround once Trusty no longer defines it. +#if defined(__linux__) && !defined(__TRUSTY__) +#define OPENSSL_LINUX +#endif + +#if defined(__Fuchsia__) +#define OPENSSL_FUCHSIA +#endif + +#if defined(__TRUSTY__) +#define OPENSSL_TRUSTY +#define OPENSSL_NO_POSIX_IO +#define OPENSSL_NO_SOCK +#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED +#endif + +#if defined(OPENSSL_NANOLIBC) +#define OPENSSL_NO_POSIX_IO +#define OPENSSL_NO_SOCK +#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED +#endif + +#if defined(__ANDROID_API__) +#define OPENSSL_ANDROID +#endif + +#if defined(__FreeBSD__) +#define OPENSSL_FREEBSD +#endif + +#if defined(__OpenBSD__) +#define OPENSSL_OPENBSD +#endif + +// BoringSSL requires platform's locking APIs to make internal global state +// thread-safe, including the PRNG. On some single-threaded embedded platforms, +// locking APIs may not exist, so this dependency may be disabled with the +// following build flag. +// +// IMPORTANT: Doing so means the consumer promises the library will never be +// used in any multi-threaded context. It causes BoringSSL to be globally +// thread-unsafe. Setting it inappropriately will subtly and unpredictably +// corrupt memory and leak secret keys. +// +// Do not set this flag on any platform where threads are possible. BoringSSL +// maintainers will not provide support for any consumers that do so. Changes +// which break such unsupported configurations will not be reverted. +#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED) +#define OPENSSL_THREADS +#endif + +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \ + !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) +#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE +#endif + +#if defined(__has_feature) +#if __has_feature(address_sanitizer) +#define OPENSSL_ASAN +#endif +#if __has_feature(thread_sanitizer) +#define OPENSSL_TSAN +#endif +#if __has_feature(memory_sanitizer) +#define OPENSSL_MSAN +#define OPENSSL_ASM_INCOMPATIBLE +#endif +#endif + +#if defined(OPENSSL_ASM_INCOMPATIBLE) +#undef OPENSSL_ASM_INCOMPATIBLE +#if !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif // OPENSSL_ASM_INCOMPATIBLE + +#endif // OPENSSL_HEADER_TARGET_H diff --git a/third_party/fiat/asm/fiat_curve25519_adx_mul.S b/third_party/fiat/asm/fiat_curve25519_adx_mul.S index 28b1745602..dd7c225b0f 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_mul.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_mul.S @@ -1,9 +1,7 @@ -#if !defined(OPENSSL_NO_ASM) && defined(__x86_64__) && \ - (defined(__APPLE__) || defined(__ELF__)) +#include -#if defined(BORINGSSL_PREFIX) -#include -#endif +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ + (defined(__APPLE__) || defined(__ELF__)) .intel_syntax noprefix .text @@ -169,7 +167,3 @@ ret #endif #endif - -#if defined(__ELF__) -.section .note.GNU-stack,"",%progbits -#endif diff --git a/third_party/fiat/asm/fiat_curve25519_adx_square.S b/third_party/fiat/asm/fiat_curve25519_adx_square.S index 88818217bb..13fa8a8d16 100644 --- a/third_party/fiat/asm/fiat_curve25519_adx_square.S +++ b/third_party/fiat/asm/fiat_curve25519_adx_square.S @@ -1,9 +1,7 @@ -#if !defined(OPENSSL_NO_ASM) && defined(__x86_64__) && \ - (defined(__APPLE__) || defined(__ELF__)) +#include -#if defined(BORINGSSL_PREFIX) -#include -#endif +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ + (defined(__APPLE__) || defined(__ELF__)) .intel_syntax noprefix .text @@ -137,7 +135,3 @@ ret #endif #endif - -#if defined(__ELF__) -.section .note.GNU-stack,"",%progbits -#endif From c274480f40f9f16a6ec7c8d5b753c672296e717c Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 29 Sep 2023 11:53:19 -0700 Subject: [PATCH 42/42] NFC: Remove more unused constant-time utilities. --- crypto/internal.h | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/crypto/internal.h b/crypto/internal.h index fe182bd4ce..6a6351710d 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -223,22 +223,6 @@ static inline crypto_word_t value_barrier_w(crypto_word_t a) { return a; } -// value_barrier_u32 behaves like |value_barrier_w| but takes a |uint32_t|. -static inline uint32_t value_barrier_u32(uint32_t a) { -#if defined(__GNUC__) || defined(__clang__) - __asm__("" : "+r"(a) : /* no inputs */); -#endif - return a; -} - -// value_barrier_u64 behaves like |value_barrier_w| but takes a |uint64_t|. -static inline uint64_t value_barrier_u64(uint64_t a) { -#if defined(__GNUC__) || defined(__clang__) - __asm__("" : "+r"(a) : /* no inputs */); -#endif - return a; -} - // |value_barrier_u8| could be defined as above, but compilers other than // clang seem to still materialize 0x00..00MM instead of reusing 0x??..??MM.